Add an (as yet) unused UseDeprecatedGuardAlgorithm_ option.

I expect we'll be ripping this out somewhere in 0.3.0, but let's
keep it around for a little while in case it turns out to be the
only way to avert disaster?
This commit is contained in:
Nick Mathewson 2016-11-21 17:02:51 -05:00
parent 238828c92b
commit 8dc6048c02
4 changed files with 48 additions and 1 deletions

View File

@ -307,6 +307,10 @@ static config_var_t option_vars_[] = {
V(ExtORPortCookieAuthFileGroupReadable, BOOL, "0"),
V(ExtraInfoStatistics, BOOL, "1"),
V(FallbackDir, LINELIST, NULL),
/* XXXX prop271 -- this has an ugly name to remind us to remove it. */
VAR("UseDeprecatedGuardAlgorithm_", BOOL,
UseDeprecatedGuardAlgorithm, "0"),
V(UseDefaultFallbackDirs, BOOL, "1"),
OBSOLETE("FallbackNetworkstatusFile"),
@ -4489,6 +4493,13 @@ options_transition_allowed(const or_options_t *old,
return -1;
}
if (old->UseDeprecatedGuardAlgorithm !=
new_val->UseDeprecatedGuardAlgorithm) {
*msg = tor_strdup("While Tor is running, changing "
"UseDeprecatedGuardAlgorithm is not allowed.");
return -1;
}
if (sandbox_is_active()) {
#define SB_NOCHANGE_STR(opt) \
do { \

View File

@ -1315,6 +1315,9 @@ int
entry_guard_succeeded(guard_selection_t *gs,
circuit_guard_state_t **guard_state_p)
{
if (get_options()->UseDeprecatedGuardAlgorithm)
return 1;
if (BUG(*guard_state_p == NULL))
return -1;
@ -1345,6 +1348,9 @@ int
entry_guard_failed(guard_selection_t *gs,
circuit_guard_state_t **guard_state_p)
{
if (get_options()->UseDeprecatedGuardAlgorithm)
return;
if (BUG(*guard_state_p == NULL))
return -1;
@ -2490,6 +2496,9 @@ entry_guards_compute_status_for_guard_selection(guard_selection_t *gs,
if ((!gs) || !(gs->chosen_entry_guards))
return;
if (!get_options()->UseDeprecatedGuardAlgorithm)
return;
if (options->EntryNodes) /* reshuffle the entry guard list if needed */
entry_nodes_should_be_added();
@ -2582,6 +2591,10 @@ entry_guard_register_connect_status_for_guard_selection(
return 0;
}
if (! get_options()->UseDeprecatedGuardAlgorithm) {
return 0;
}
SMARTLIST_FOREACH_BEGIN(gs->chosen_entry_guards, entry_guard_t *, e) {
tor_assert(e);
if (tor_memeq(e->identity, digest, DIGEST_LEN)) {
@ -2842,6 +2855,8 @@ entry_list_is_constrained(const or_options_t *options)
const node_t *
choose_random_entry(cpath_build_state_t *state)
{
tor_assert(get_options()->UseDeprecatedGuardAlgorithm);
return choose_random_entry_impl(get_guard_selection_info(),
state, 0, NO_DIRINFO, NULL);
}
@ -2851,6 +2866,8 @@ choose_random_entry(cpath_build_state_t *state)
const node_t *
choose_random_dirguard(dirinfo_type_t type)
{
tor_assert(get_options()->UseDeprecatedGuardAlgorithm);
return choose_random_entry_impl(get_guard_selection_info(),
NULL, 1, type, NULL);
}
@ -2861,6 +2878,8 @@ choose_random_dirguard(dirinfo_type_t type)
int
num_bridges_usable(void)
{
tor_assert(get_options()->UseDeprecatedGuardAlgorithm);
int n_options = 0;
tor_assert(get_options()->UseBridges);
(void) choose_random_entry_impl(get_guard_selection_info(),

View File

@ -4579,6 +4579,14 @@ typedef struct {
/** If 1, we skip all OOS checks. */
int DisableOOSCheck;
/** If 1, we use the old (pre-prop271) guard selection algorithm.
*
* XXXX prop271 This option is only here as a stopgap while we're
* XXXX tuning and debugging the new (post-prop271) algorithm. Eventually
* we should remove it entirely.
*/
int UseDeprecatedGuardAlgorithm;
} or_options_t;
/** Persistent state for an onion router, as saved to disk. */

View File

@ -212,6 +212,7 @@ test_choose_random_entry_no_guards(void *arg)
memset(&mocked_options, 0, sizeof(mocked_options));
mocked_options.ClientUseIPv4 = 1;
mocked_options.ClientPreferIPv6ORPort = 0;
mocked_options.UseDeprecatedGuardAlgorithm = 1;
/* Try to pick an entry even though none of our routers are guards. */
chosen_entry = choose_random_entry(NULL);
@ -236,6 +237,7 @@ test_choose_random_entry_no_guards(void *arg)
memset(&mocked_options, 0, sizeof(mocked_options));
mocked_options.ClientUseIPv4 = 0;
mocked_options.ClientPreferIPv6ORPort = 0;
mocked_options.UseDeprecatedGuardAlgorithm = 1;
chosen_entry = choose_random_entry(NULL);
@ -248,6 +250,7 @@ test_choose_random_entry_no_guards(void *arg)
mocked_options.ClientUseIPv4 = 1;
mocked_options.ClientUseIPv6 = 1;
mocked_options.ClientPreferIPv6ORPort = 1;
mocked_options.UseDeprecatedGuardAlgorithm = 1;
chosen_entry = choose_random_entry(NULL);
tt_assert(chosen_entry);
@ -257,6 +260,7 @@ test_choose_random_entry_no_guards(void *arg)
memset(&mocked_options, 0, sizeof(mocked_options));
mocked_options.ClientUseIPv4 = 1;
mocked_options.ClientPreferIPv6ORPort = -1;
mocked_options.UseDeprecatedGuardAlgorithm = 1;
chosen_entry = choose_random_entry(NULL);
tt_assert(chosen_entry);
@ -295,6 +299,7 @@ test_choose_random_entry_one_possible_guard(void *arg)
memset(&mocked_options, 0, sizeof(mocked_options));
mocked_options.ClientUseIPv4 = 1;
mocked_options.ClientPreferIPv6ORPort = 0;
mocked_options.UseDeprecatedGuardAlgorithm = 1;
/* Pick an entry. Make sure we pick the node we marked as guard. */
chosen_entry = choose_random_entry(NULL);
@ -315,6 +320,7 @@ test_choose_random_entry_one_possible_guard(void *arg)
memset(&mocked_options, 0, sizeof(mocked_options));
mocked_options.ClientUseIPv4 = 0;
mocked_options.ClientPreferIPv6ORPort = 0;
mocked_options.UseDeprecatedGuardAlgorithm = 1;
chosen_entry = choose_random_entry(NULL);
@ -327,6 +333,7 @@ test_choose_random_entry_one_possible_guard(void *arg)
mocked_options.ClientUseIPv4 = 1;
mocked_options.ClientUseIPv6 = 1;
mocked_options.ClientPreferIPv6ORPort = 1;
mocked_options.UseDeprecatedGuardAlgorithm = 1;
chosen_entry = choose_random_entry(NULL);
@ -339,6 +346,7 @@ test_choose_random_entry_one_possible_guard(void *arg)
memset(&mocked_options, 0, sizeof(mocked_options));
mocked_options.ClientUseIPv4 = 1;
mocked_options.ClientPreferIPv6ORPort = -1;
mocked_options.UseDeprecatedGuardAlgorithm = 1;
chosen_entry = choose_random_entry(NULL);
@ -701,6 +709,7 @@ static void
test_entry_guards_set_from_config(void *arg)
{
or_options_t *options = get_options_mutable();
options->UseDeprecatedGuardAlgorithm = 1;
guard_selection_t *gs = get_guard_selection_info();
const smartlist_t *all_entry_guards =
get_entry_guards_for_guard_selection(gs);
@ -2177,7 +2186,7 @@ struct testcase_t entrynodes_tests[] = {
TT_FORK, NULL, NULL },
{ "choose_random_entry_no_guards", test_choose_random_entry_no_guards,
TT_FORK, &fake_network, NULL },
{ "choose_random_entry_one_possibleguard",
{ "choose_random_entry_one_possible_guard",
test_choose_random_entry_one_possible_guard,
TT_FORK, &fake_network, NULL },
{ "populate_live_entry_guards_1guard",