From ca5f670fab9028053972443d4d3ec31b6c5a7680 Mon Sep 17 00:00:00 2001 From: Nick Mathewson Date: Thu, 10 Jan 2008 16:08:47 +0000 Subject: [PATCH] r17548@catbus: nickm | 2008-01-10 11:08:12 -0500 Make proposal-109 behavior optional. svn:r13090 --- ChangeLog | 5 +++++ doc/TODO | 2 +- doc/tor.1.in | 11 +++++++++++ src/or/config.c | 2 ++ src/or/dirserv.c | 18 ++++++++++++------ src/or/or.h | 6 ++++++ 6 files changed, 37 insertions(+), 7 deletions(-) diff --git a/ChangeLog b/ChangeLog index 626472c18f..21884a76cb 100644 --- a/ChangeLog +++ b/ChangeLog @@ -46,6 +46,11 @@ Changes in version 0.2.0.16-alpha - 2008-01-?? that don't otherwise fit into the torrc file. - The SETCONF command now handles quoted values correctly. + o Minor features (directory authorities): + - New configuration options to override default maximum number of + servers allowed on a single IP address. This is important + for running a test network on a single host. + o Minor features (other): - Add hidden services and DNSPorts to the list of things that make Tor accept that it has running ports. Change starting Tor with diff --git a/doc/TODO b/doc/TODO index 15cbf3f46d..5849a3b060 100644 --- a/doc/TODO +++ b/doc/TODO @@ -21,7 +21,7 @@ R - Figure out the autoconf problem with adding a fallback consensus. R - add a geoip file W - figure out license R - let bridges set relaybandwidthrate as low as 5kb -N - we need a config option to turn off proposal 109 behavior, + o we need a config option to turn off proposal 109 behavior, RK- make it easier to set up a private tor network on your own computer is very hard. - FAQ entry which is wrong diff --git a/doc/tor.1.in b/doc/tor.1.in index 3860d7e881..500fed0066 100644 --- a/doc/tor.1.in +++ b/doc/tor.1.in @@ -1129,6 +1129,17 @@ Authoritative directories only. If set to 1, the directory server rejects all uploaded server descriptors that aren't explicitly listed in the fingerprints file. This acts as a "panic button" if we get Sybiled. (Default: 0) +.LP +.TP +\fBAuthDirMaxServersPerAddr\fR \fINUM\fP +Authoritative directories only. The maximum number of servers that we +will list as acceptable on a single IP address. Set this to "0" for +"no limit". (Default: 2) +.LP +.TP +\fBAuthDirMaxServersPerAuthAddr\fR \fINUM\fP +Authoritative directories only. Like AuthDirMaxServersPerAddr, but +applies to addresses shared with directory authorities. (Default: 5) .SH HIDDEN SERVICE OPTIONS .PP diff --git a/src/or/config.c b/src/or/config.c index 574b69c818..40209130f5 100644 --- a/src/or/config.c +++ b/src/or/config.c @@ -143,6 +143,8 @@ static config_var_t _option_vars[] = { V(AuthDirRejectUnlisted, BOOL, "0"), V(AuthDirListBadDirs, BOOL, "0"), V(AuthDirListBadExits, BOOL, "0"), + V(AuthDirMaxServersPerAddr, UINT, "2"), + V(AuthDirMaxServersPerAuthAddr,UINT, "5"), VAR("AuthoritativeDirectory", BOOL, AuthoritativeDir, "0"), V(AutomapHostsOnResolve, BOOL, "0"), V(AutomapHostsSuffixes, CSV, ".onion,.exit"), diff --git a/src/or/dirserv.c b/src/or/dirserv.c index 0bc852357c..a4e29c86cd 100644 --- a/src/or/dirserv.c +++ b/src/or/dirserv.c @@ -1965,18 +1965,24 @@ _compare_routerinfo_by_ip_and_bw(const void **a, const void **b) static digestmap_t * get_possible_sybil_list(const smartlist_t *routers) { + or_options_t *options = get_options(); digestmap_t *omit_as_sybil; smartlist_t *routers_by_ip = smartlist_create(); uint32_t last_addr; int addr_count; + /* Allow at most this number of Tor servers on a single IP address, ... */ + int max_with_same_addr = options->AuthDirMaxServersPerAddr; + /* ... unless it's a directory authority, in which case allow more. */ + int max_with_same_addr_on_authority = options->AuthDirMaxServersPerAuthAddr; + if (max_with_same_addr <= 0) + max_with_same_addr = INT_MAX; + if (max_with_same_addr_on_authority <= 0) + max_with_same_addr_on_authority = INT_MAX; + smartlist_add_all(routers_by_ip, routers); smartlist_sort(routers_by_ip, _compare_routerinfo_by_ip_and_bw); omit_as_sybil = digestmap_new(); -/* Allow at most this number of Tor servers on a single IP address, ... */ -#define MAX_WITH_SAME_ADDR 2 -/* ... unless it's a directory authority, in which case allow more. */ -#define MAX_WITH_SAME_ADDR_ON_AUTHORITY 5 last_addr = 0; addr_count = 0; SMARTLIST_FOREACH(routers_by_ip, routerinfo_t *, ri, @@ -1984,9 +1990,9 @@ get_possible_sybil_list(const smartlist_t *routers) if (last_addr != ri->addr) { last_addr = ri->addr; addr_count = 1; - } else if (++addr_count > MAX_WITH_SAME_ADDR) { + } else if (++addr_count > max_with_same_addr) { if (!router_addr_is_trusted_dir(ri->addr) || - addr_count > MAX_WITH_SAME_ADDR_ON_AUTHORITY) + addr_count > max_with_same_addr_on_authority) digestmap_set(omit_as_sybil, ri->cache_info.identity_digest, ri); } }); diff --git a/src/or/or.h b/src/or/or.h index f00934cdb5..2342fea3d6 100644 --- a/src/or/or.h +++ b/src/or/or.h @@ -2240,6 +2240,12 @@ typedef struct { * and vote for all other exits as good. */ int AuthDirRejectUnlisted; /**< Boolean: do we reject all routers that * aren't named in our fingerprint file? */ + int AuthDirMaxServersPerAddr; /**< Do not permit more than this + * number of servers per IP address. */ + int AuthDirMaxServersPerAuthAddr; /**< Do not permit more than this + * number of servers per IP address shared + * with an authority. */ + char *AccountingStart; /**< How long is the accounting interval, and when * does it start? */ uint64_t AccountingMax; /**< How many bytes do we allow per accounting