mirror of
https://gitlab.torproject.org/tpo/core/tor.git
synced 2024-11-30 15:43:32 +01:00
r17548@catbus: nickm | 2008-01-10 11:08:12 -0500
Make proposal-109 behavior optional. svn:r13090
This commit is contained in:
parent
e3d4997960
commit
ca5f670fab
@ -46,6 +46,11 @@ Changes in version 0.2.0.16-alpha - 2008-01-??
|
|||||||
that don't otherwise fit into the torrc file.
|
that don't otherwise fit into the torrc file.
|
||||||
- The SETCONF command now handles quoted values correctly.
|
- The SETCONF command now handles quoted values correctly.
|
||||||
|
|
||||||
|
o Minor features (directory authorities):
|
||||||
|
- New configuration options to override default maximum number of
|
||||||
|
servers allowed on a single IP address. This is important
|
||||||
|
for running a test network on a single host.
|
||||||
|
|
||||||
o Minor features (other):
|
o Minor features (other):
|
||||||
- Add hidden services and DNSPorts to the list of things that make
|
- Add hidden services and DNSPorts to the list of things that make
|
||||||
Tor accept that it has running ports. Change starting Tor with
|
Tor accept that it has running ports. Change starting Tor with
|
||||||
|
2
doc/TODO
2
doc/TODO
@ -21,7 +21,7 @@ R - Figure out the autoconf problem with adding a fallback consensus.
|
|||||||
R - add a geoip file
|
R - add a geoip file
|
||||||
W - figure out license
|
W - figure out license
|
||||||
R - let bridges set relaybandwidthrate as low as 5kb
|
R - let bridges set relaybandwidthrate as low as 5kb
|
||||||
N - we need a config option to turn off proposal 109 behavior,
|
o we need a config option to turn off proposal 109 behavior,
|
||||||
RK- make it easier to set up a private tor network on your own computer
|
RK- make it easier to set up a private tor network on your own computer
|
||||||
is very hard.
|
is very hard.
|
||||||
- FAQ entry which is wrong
|
- FAQ entry which is wrong
|
||||||
|
11
doc/tor.1.in
11
doc/tor.1.in
@ -1129,6 +1129,17 @@ Authoritative directories only. If set to 1, the directory server
|
|||||||
rejects all uploaded server descriptors that aren't explicitly listed
|
rejects all uploaded server descriptors that aren't explicitly listed
|
||||||
in the fingerprints file. This acts as a "panic button" if we get
|
in the fingerprints file. This acts as a "panic button" if we get
|
||||||
Sybiled. (Default: 0)
|
Sybiled. (Default: 0)
|
||||||
|
.LP
|
||||||
|
.TP
|
||||||
|
\fBAuthDirMaxServersPerAddr\fR \fINUM\fP
|
||||||
|
Authoritative directories only. The maximum number of servers that we
|
||||||
|
will list as acceptable on a single IP address. Set this to "0" for
|
||||||
|
"no limit". (Default: 2)
|
||||||
|
.LP
|
||||||
|
.TP
|
||||||
|
\fBAuthDirMaxServersPerAuthAddr\fR \fINUM\fP
|
||||||
|
Authoritative directories only. Like AuthDirMaxServersPerAddr, but
|
||||||
|
applies to addresses shared with directory authorities. (Default: 5)
|
||||||
|
|
||||||
.SH HIDDEN SERVICE OPTIONS
|
.SH HIDDEN SERVICE OPTIONS
|
||||||
.PP
|
.PP
|
||||||
|
@ -143,6 +143,8 @@ static config_var_t _option_vars[] = {
|
|||||||
V(AuthDirRejectUnlisted, BOOL, "0"),
|
V(AuthDirRejectUnlisted, BOOL, "0"),
|
||||||
V(AuthDirListBadDirs, BOOL, "0"),
|
V(AuthDirListBadDirs, BOOL, "0"),
|
||||||
V(AuthDirListBadExits, BOOL, "0"),
|
V(AuthDirListBadExits, BOOL, "0"),
|
||||||
|
V(AuthDirMaxServersPerAddr, UINT, "2"),
|
||||||
|
V(AuthDirMaxServersPerAuthAddr,UINT, "5"),
|
||||||
VAR("AuthoritativeDirectory", BOOL, AuthoritativeDir, "0"),
|
VAR("AuthoritativeDirectory", BOOL, AuthoritativeDir, "0"),
|
||||||
V(AutomapHostsOnResolve, BOOL, "0"),
|
V(AutomapHostsOnResolve, BOOL, "0"),
|
||||||
V(AutomapHostsSuffixes, CSV, ".onion,.exit"),
|
V(AutomapHostsSuffixes, CSV, ".onion,.exit"),
|
||||||
|
@ -1965,18 +1965,24 @@ _compare_routerinfo_by_ip_and_bw(const void **a, const void **b)
|
|||||||
static digestmap_t *
|
static digestmap_t *
|
||||||
get_possible_sybil_list(const smartlist_t *routers)
|
get_possible_sybil_list(const smartlist_t *routers)
|
||||||
{
|
{
|
||||||
|
or_options_t *options = get_options();
|
||||||
digestmap_t *omit_as_sybil;
|
digestmap_t *omit_as_sybil;
|
||||||
smartlist_t *routers_by_ip = smartlist_create();
|
smartlist_t *routers_by_ip = smartlist_create();
|
||||||
uint32_t last_addr;
|
uint32_t last_addr;
|
||||||
int addr_count;
|
int addr_count;
|
||||||
|
/* Allow at most this number of Tor servers on a single IP address, ... */
|
||||||
|
int max_with_same_addr = options->AuthDirMaxServersPerAddr;
|
||||||
|
/* ... unless it's a directory authority, in which case allow more. */
|
||||||
|
int max_with_same_addr_on_authority = options->AuthDirMaxServersPerAuthAddr;
|
||||||
|
if (max_with_same_addr <= 0)
|
||||||
|
max_with_same_addr = INT_MAX;
|
||||||
|
if (max_with_same_addr_on_authority <= 0)
|
||||||
|
max_with_same_addr_on_authority = INT_MAX;
|
||||||
|
|
||||||
smartlist_add_all(routers_by_ip, routers);
|
smartlist_add_all(routers_by_ip, routers);
|
||||||
smartlist_sort(routers_by_ip, _compare_routerinfo_by_ip_and_bw);
|
smartlist_sort(routers_by_ip, _compare_routerinfo_by_ip_and_bw);
|
||||||
omit_as_sybil = digestmap_new();
|
omit_as_sybil = digestmap_new();
|
||||||
|
|
||||||
/* Allow at most this number of Tor servers on a single IP address, ... */
|
|
||||||
#define MAX_WITH_SAME_ADDR 2
|
|
||||||
/* ... unless it's a directory authority, in which case allow more. */
|
|
||||||
#define MAX_WITH_SAME_ADDR_ON_AUTHORITY 5
|
|
||||||
last_addr = 0;
|
last_addr = 0;
|
||||||
addr_count = 0;
|
addr_count = 0;
|
||||||
SMARTLIST_FOREACH(routers_by_ip, routerinfo_t *, ri,
|
SMARTLIST_FOREACH(routers_by_ip, routerinfo_t *, ri,
|
||||||
@ -1984,9 +1990,9 @@ get_possible_sybil_list(const smartlist_t *routers)
|
|||||||
if (last_addr != ri->addr) {
|
if (last_addr != ri->addr) {
|
||||||
last_addr = ri->addr;
|
last_addr = ri->addr;
|
||||||
addr_count = 1;
|
addr_count = 1;
|
||||||
} else if (++addr_count > MAX_WITH_SAME_ADDR) {
|
} else if (++addr_count > max_with_same_addr) {
|
||||||
if (!router_addr_is_trusted_dir(ri->addr) ||
|
if (!router_addr_is_trusted_dir(ri->addr) ||
|
||||||
addr_count > MAX_WITH_SAME_ADDR_ON_AUTHORITY)
|
addr_count > max_with_same_addr_on_authority)
|
||||||
digestmap_set(omit_as_sybil, ri->cache_info.identity_digest, ri);
|
digestmap_set(omit_as_sybil, ri->cache_info.identity_digest, ri);
|
||||||
}
|
}
|
||||||
});
|
});
|
||||||
|
@ -2240,6 +2240,12 @@ typedef struct {
|
|||||||
* and vote for all other exits as good. */
|
* and vote for all other exits as good. */
|
||||||
int AuthDirRejectUnlisted; /**< Boolean: do we reject all routers that
|
int AuthDirRejectUnlisted; /**< Boolean: do we reject all routers that
|
||||||
* aren't named in our fingerprint file? */
|
* aren't named in our fingerprint file? */
|
||||||
|
int AuthDirMaxServersPerAddr; /**< Do not permit more than this
|
||||||
|
* number of servers per IP address. */
|
||||||
|
int AuthDirMaxServersPerAuthAddr; /**< Do not permit more than this
|
||||||
|
* number of servers per IP address shared
|
||||||
|
* with an authority. */
|
||||||
|
|
||||||
char *AccountingStart; /**< How long is the accounting interval, and when
|
char *AccountingStart; /**< How long is the accounting interval, and when
|
||||||
* does it start? */
|
* does it start? */
|
||||||
uint64_t AccountingMax; /**< How many bytes do we allow per accounting
|
uint64_t AccountingMax; /**< How many bytes do we allow per accounting
|
||||||
|
Loading…
Reference in New Issue
Block a user