Merge branch 'maint-0.2.5'

This commit is contained in:
Roger Dingledine 2014-07-24 16:23:26 -04:00
commit bc9866e13f
4 changed files with 29 additions and 10 deletions

6
changes/ticket12688 Normal file
View File

@ -0,0 +1,6 @@
Major features:
- Make the number of entry guards configurable via a new
NumEntryGuards consensus parameter, and the number of directory
guards configurable via a new NumDirectoryGuards consensus
parameter. Implements ticket 12688.

View File

@ -1096,12 +1096,16 @@ The following options are useful only for clients (that is, if
[[NumEntryGuards]] **NumEntryGuards** __NUM__::
If UseEntryGuards is set to 1, we will try to pick a total of NUM routers
as long-term entries for our circuits. (Default: 3)
as long-term entries for our circuits. If NUM is 0, we try to learn
the number from the NumEntryGuards consensus parameter, and default
to 3 if the consensus parameter isn't set. (Default: 0)
[[NumDirectoryGuards]] **NumDirectoryGuards** __NUM__::
If UseEntryGuardsAsDirectoryGuards is enabled, we try to make sure we
have at least NUM routers to use as directory guards. If this option
is set to 0, use the value from NumEntryGuards. (Default: 0)
is set to 0, use the value from the NumDirectoryGuards consensus
parameter, falling back to the value from NumEntryGuards if the
consensus parameter is 0 or isn't set. (Default: 0)
[[GuardLifetime]] **GuardLifetime** __N__ **days**|**weeks**|**months**::
If nonzero, and UseEntryGuards is set, minimum time to keep a guard before

View File

@ -326,7 +326,7 @@ static config_var_t option_vars_[] = {
VAR("NodeFamily", LINELIST, NodeFamilies, NULL),
V(NumCPUs, UINT, "0"),
V(NumDirectoryGuards, UINT, "0"),
V(NumEntryGuards, UINT, "3"),
V(NumEntryGuards, UINT, "0"),
V(ORListenAddress, LINELIST, NULL),
VPORT(ORPort, LINELIST, NULL),
V(OutboundBindAddress, LINELIST, NULL),
@ -3255,9 +3255,6 @@ options_validate(or_options_t *old_options, or_options_t *options,
"have it group-readable.");
}
if (options->UseEntryGuards && ! options->NumEntryGuards)
REJECT("Cannot enable UseEntryGuards with NumEntryGuards set to 0");
if (options->MyFamily && options->BridgeRelay) {
log_warn(LD_CONFIG, "Listing a family for a bridge relay is not "
"supported: it can reveal bridge fingerprints to censors. "

View File

@ -453,9 +453,20 @@ add_an_entry_guard(const node_t *chosen, int reset_status, int prepend,
STATIC int
decide_num_guards(const or_options_t *options, int for_directory)
{
if (for_directory && options->NumDirectoryGuards != 0)
return options->NumDirectoryGuards;
return options->NumEntryGuards;
if (for_directory) {
int answer;
if (options->NumDirectoryGuards != 0)
return options->NumDirectoryGuards;
answer = networkstatus_get_param(NULL, "NumDirectoryGuards", 0, 0, 10);
if (answer) /* non-zero means use the consensus value */
return answer;
}
if (options->NumEntryGuards)
return options->NumEntryGuards;
/* Use the value from the consensus, or 3 if no guidance. */
return networkstatus_get_param(NULL, "NumEntryGuards", 3, 1, 10);
}
/** If the use of entry guards is configured, choose more entry guards
@ -856,6 +867,7 @@ entry_guards_set_from_config(const or_options_t *options)
{
smartlist_t *entry_nodes, *worse_entry_nodes, *entry_fps;
smartlist_t *old_entry_guards_on_list, *old_entry_guards_not_on_list;
const int numentryguards = decide_num_guards(options, 0);
tor_assert(entry_guards);
should_add_entry_nodes = 0;
@ -924,7 +936,7 @@ entry_guards_set_from_config(const or_options_t *options)
/* Next, the rest of EntryNodes */
SMARTLIST_FOREACH_BEGIN(entry_nodes, const node_t *, node) {
add_an_entry_guard(node, 0, 0, 1, 0);
if (smartlist_len(entry_guards) > options->NumEntryGuards * 10)
if (smartlist_len(entry_guards) > numentryguards * 10)
break;
} SMARTLIST_FOREACH_END(node);
log_notice(LD_GENERAL, "%d entries in guards", smartlist_len(entry_guards));