mirror of
https://gitlab.torproject.org/tpo/core/tor.git
synced 2024-11-27 22:03:31 +01:00
Config option to specify specific MiddleNodes.
Hope is this will make it easier to test on the live tor network. Does not need to be merged if we don't want to, but will come in handy for researchers. Co-authored-by: George Kadianakis <desnacked@riseup.net>
This commit is contained in:
parent
a336d816a6
commit
8ad497bb57
@ -1020,6 +1020,21 @@ The following options are useful only for clients (that is, if
|
||||
The .exit address notation, if enabled via MapAddress, overrides
|
||||
this option.
|
||||
|
||||
[[MiddleNodes]] **MiddleNodes** __node__,__node__,__...__::
|
||||
A list of identity fingerprints and country codes of nodes
|
||||
to use for "middle" hops in your normal circuits.
|
||||
Normal circuits include all circuits except for direct connections
|
||||
to directory servers. Middle hops are all hops other than exit and entry. +
|
||||
+
|
||||
The HSLayer2Node and HSLayer3Node options override this option for onion
|
||||
service circuits, if they are set. The vanguards addon will read this
|
||||
option, and if set, it will set HSLayer2Nodes and HSLayer3Nodes to nodes
|
||||
from this set.
|
||||
+
|
||||
The ExcludeNodes option overrides this option: any node listed in both
|
||||
MiddleNodes and ExcludeNodes is treated as excluded. See
|
||||
the **ExcludeNodes** option for more information on how to specify nodes.
|
||||
|
||||
[[EntryNodes]] **EntryNodes** __node__,__node__,__...__::
|
||||
A list of identity fingerprints and country codes of nodes
|
||||
to use for the first hop in your normal circuits.
|
||||
@ -1036,13 +1051,14 @@ The following options are useful only for clients (that is, if
|
||||
If StrictNodes is set to 1, Tor will treat solely the ExcludeNodes option
|
||||
as a requirement to follow for all the circuits you generate, even if
|
||||
doing so will break functionality for you (StrictNodes applies to neither
|
||||
ExcludeExitNodes nor to ExitNodes). If StrictNodes is set to 0, Tor will
|
||||
still try to avoid nodes in the ExcludeNodes list, but it will err on the
|
||||
side of avoiding unexpected errors. Specifically, StrictNodes 0 tells Tor
|
||||
that it is okay to use an excluded node when it is *necessary* to perform
|
||||
relay reachability self-tests, connect to a hidden service, provide a
|
||||
hidden service to a client, fulfill a .exit request, upload directory
|
||||
information, or download directory information. (Default: 0)
|
||||
ExcludeExitNodes nor to ExitNodes, nor to MiddleNodes). If StrictNodes
|
||||
is set to 0, Tor will still try to avoid nodes in the ExcludeNodes list,
|
||||
but it will err on the side of avoiding unexpected errors.
|
||||
Specifically, StrictNodes 0 tells Tor that it is okay to use an excluded
|
||||
node when it is *necessary* to perform relay reachability self-tests,
|
||||
connect to a hidden service, provide a hidden service to a client,
|
||||
fulfill a .exit request, upload directory information, or download
|
||||
directory information. (Default: 0)
|
||||
|
||||
[[FascistFirewall]] **FascistFirewall** **0**|**1**::
|
||||
If 1, Tor will only create outgoing connections to ORs running on ports
|
||||
|
@ -418,6 +418,10 @@ static config_var_t option_vars_[] = {
|
||||
V(ExcludeExitNodes, ROUTERSET, NULL),
|
||||
OBSOLETE("ExcludeSingleHopRelays"),
|
||||
V(ExitNodes, ROUTERSET, NULL),
|
||||
/* Researchers need a way to tell their clients to use specific
|
||||
* middles that they also control, to allow safe live-network
|
||||
* experimentation with new padding machines. */
|
||||
V(MiddleNodes, ROUTERSET, NULL),
|
||||
V(ExitPolicy, LINELIST, NULL),
|
||||
V(ExitPolicyRejectPrivate, BOOL, "1"),
|
||||
V(ExitPolicyRejectLocalInterfaces, BOOL, "0"),
|
||||
@ -1690,6 +1694,7 @@ options_need_geoip_info(const or_options_t *options, const char **reason_out)
|
||||
int routerset_usage =
|
||||
routerset_needs_geoip(options->EntryNodes) ||
|
||||
routerset_needs_geoip(options->ExitNodes) ||
|
||||
routerset_needs_geoip(options->MiddleNodes) ||
|
||||
routerset_needs_geoip(options->ExcludeExitNodes) ||
|
||||
routerset_needs_geoip(options->ExcludeNodes) ||
|
||||
routerset_needs_geoip(options->HSLayer2Nodes) ||
|
||||
@ -2129,6 +2134,7 @@ options_act(const or_options_t *old_options)
|
||||
options->HSLayer2Nodes) ||
|
||||
!routerset_equal(old_options->HSLayer3Nodes,
|
||||
options->HSLayer3Nodes) ||
|
||||
!routerset_equal(old_options->MiddleNodes, options->MiddleNodes) ||
|
||||
options->StrictNodes != old_options->StrictNodes) {
|
||||
log_info(LD_CIRC,
|
||||
"Changed to using entry guards or bridges, or changed "
|
||||
|
@ -72,6 +72,9 @@ struct or_options_t {
|
||||
routerset_t *ExitNodes; /**< Structure containing nicknames, digests,
|
||||
* country codes and IP address patterns of ORs to
|
||||
* consider as exits. */
|
||||
routerset_t *MiddleNodes; /**< Structure containing nicknames, digests,
|
||||
* country codes and IP address patterns of ORs to
|
||||
* consider as middles. */
|
||||
routerset_t *EntryNodes;/**< Structure containing nicknames, digests,
|
||||
* country codes and IP address patterns of ORs to
|
||||
* consider as entry points. */
|
||||
|
@ -2610,7 +2610,24 @@ choose_good_middle_server(uint8_t purpose,
|
||||
return choice;
|
||||
}
|
||||
|
||||
choice = router_choose_random_node(excluded, options->ExcludeNodes, flags);
|
||||
if (options->MiddleNodes) {
|
||||
smartlist_t *sl = smartlist_new();
|
||||
routerset_get_all_nodes(sl, options->MiddleNodes,
|
||||
options->ExcludeNodes, 1);
|
||||
|
||||
smartlist_subtract(sl, excluded);
|
||||
|
||||
choice = node_sl_choose_by_bandwidth(sl, WEIGHT_FOR_MID);
|
||||
smartlist_free(sl);
|
||||
if (choice) {
|
||||
log_fn(LOG_INFO, LD_CIRC, "Chose fixed middle node: %s",
|
||||
hex_str(choice->identity, DIGEST_LEN));
|
||||
} else {
|
||||
log_fn(LOG_NOTICE, LD_CIRC, "Restricted middle not available");
|
||||
}
|
||||
} else {
|
||||
choice = router_choose_random_node(excluded, options->ExcludeNodes, flags);
|
||||
}
|
||||
smartlist_free(excluded);
|
||||
return choice;
|
||||
}
|
||||
|
@ -2350,7 +2350,7 @@ compute_frac_paths_available(const networkstatus_t *consensus,
|
||||
const int authdir = authdir_mode_v3(options);
|
||||
|
||||
count_usable_descriptors(num_present_out, num_usable_out,
|
||||
mid, consensus, now, NULL,
|
||||
mid, consensus, now, options->MiddleNodes,
|
||||
USABLE_DESCRIPTOR_ALL);
|
||||
log_debug(LD_NET,
|
||||
"%s: %d present, %d usable",
|
||||
|
@ -3221,6 +3221,8 @@ refresh_all_country_info(void)
|
||||
routerset_refresh_countries(options->EntryNodes);
|
||||
if (options->ExitNodes)
|
||||
routerset_refresh_countries(options->ExitNodes);
|
||||
if (options->MiddleNodes)
|
||||
routerset_refresh_countries(options->MiddleNodes);
|
||||
if (options->ExcludeNodes)
|
||||
routerset_refresh_countries(options->ExcludeNodes);
|
||||
if (options->ExcludeExitNodes)
|
||||
|
Loading…
Reference in New Issue
Block a user