NumDirectoryGuards now tracks NumEntryGuards by default

Now a user who changes only NumEntryGuards will get the behavior she
expects. Fixes bug 9354; bugfix on 0.2.4.8-alpha.
This commit is contained in:
Roger Dingledine 2013-07-30 12:05:39 -04:00
parent 8d0fb3a434
commit ff6bb13c02
5 changed files with 25 additions and 8 deletions

5
changes/bug9354 Normal file
View File

@ -0,0 +1,5 @@
o Minor bugfixes:
- Make the default behavior of NumDirectoryGuards be to track
NumEntryGuards. Now a user who changes only NumEntryGuards will get
the behavior she expects. Fixes bug 9354; bugfix on 0.2.4.8-alpha.

View File

@ -1043,7 +1043,8 @@ The following options are useful only for clients (that is, if
fraction of your paths. (Default: 1)
**UseEntryGuardsAsDirectoryGuards** **0**|**1**::
If this option is set to 1, we try to use our entry guards as directory
If this option is set to 1, and UseEntryGuards is also set to 1,
we try to use our entry guards as directory
guards, and failing that, pick more nodes to act as our directory guards.
This helps prevent an adversary from enumerating clients. It's only
available for clients (non-relay, non-bridge) that aren't configured to
@ -1056,7 +1057,8 @@ The following options are useful only for clients (that is, if
**NumDirectoryGuards** __NUM__::
If UseEntryGuardsAsDirectoryGuards is enabled, we try to make sure we
have at least NUM routers to use as directory guards. (Default: 3)
have at least NUM routers to use as directory guards. If this option
is set to 0, use the value from NumEntryGuards. (Default: 0)
**GuardLifetime** __N__ **days**|**weeks**|**months**::
If nonzero, and UseEntryGuards is set, minimum time to keep a guard before

View File

@ -314,7 +314,7 @@ static config_var_t option_vars_[] = {
OBSOLETE("NoPublish"),
VAR("NodeFamily", LINELIST, NodeFamilies, NULL),
V(NumCPUs, UINT, "0"),
V(NumDirectoryGuards, UINT, "3"),
V(NumDirectoryGuards, UINT, "0"),
V(NumEntryGuards, UINT, "3"),
V(ORListenAddress, LINELIST, NULL),
VPORT(ORPort, LINELIST, NULL),

View File

@ -415,14 +415,24 @@ add_an_entry_guard(const node_t *chosen, int reset_status, int prepend,
return node;
}
/** Choose how many entry guards or directory guards we'll use. If
* <b>for_directory</b> is true, we return how many directory guards to
* use; else we return how many entry guards to use. */
static int
decide_num_guards(const or_options_t *options, int for_directory)
{
if (for_directory && options->NumDirectoryGuards != 0)
return options->NumDirectoryGuards;
return options->NumEntryGuards;
}
/** If the use of entry guards is configured, choose more entry guards
* until we have enough in the list. */
static void
pick_entry_guards(const or_options_t *options, int for_directory)
{
int changed = 0;
const int num_needed = for_directory ? options->NumDirectoryGuards :
options->NumEntryGuards;
const int num_needed = decide_num_guards(options, for_directory);
tor_assert(entry_guards);
@ -962,8 +972,7 @@ choose_random_entry_impl(cpath_build_state_t *state, int for_directory,
int need_capacity = state ? state->need_capacity : 0;
int preferred_min, consider_exit_family = 0;
int need_descriptor = !for_directory;
const int num_needed = for_directory ? options->NumDirectoryGuards :
options->NumEntryGuards;
const int num_needed = decide_num_guards(options, for_directory);
if (chosen_exit) {
nodelist_add_node_and_family(exit_family, chosen_exit);

View File

@ -3769,7 +3769,8 @@ typedef struct {
int NumEntryGuards; /**< How many entry guards do we try to establish? */
int UseEntryGuardsAsDirGuards; /** Boolean: Do we try to get directory info
* from a smallish number of fixed nodes? */
int NumDirectoryGuards; /**< How many dir guards do we try to establish? */
int NumDirectoryGuards; /**< How many dir guards do we try to establish?
* If 0, use value from NumEntryGuards. */
int RephistTrackTime; /**< How many seconds do we keep rephist info? */
int FastFirstHopPK; /**< If Tor believes it is safe, should we save a third
* of our PK time by sending CREATE_FAST cells? */