nihilist/tor
1
0
Fork 0
mirror of https://gitlab.torproject.org/tpo/core/tor.git synced 2024-11-30 23:53:32 +01:00
Code Issues Packages Projects Releases Wiki Activity

NumDirectoryGuards now tracks NumEntryGuards by default

Browse Source 
Now a user who changes only NumEntryGuards will get the behavior she
expects. Fixes bug 9354; bugfix on 0.2.4.8-alpha.
This commit is contained in:
Roger Dingledine 2013-07-30 12:05:39 -04:00
parent 8d0fb3a434
commit ff6bb13c02
5 changed files with 25 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
changes/bug9354 Normal file
View File

@ -0,0 +1,5 @@
o Minor bugfixes:
- Make the default behavior of NumDirectoryGuards be to track
NumEntryGuards. Now a user who changes only NumEntryGuards will get
the behavior she expects. Fixes bug 9354; bugfix on 0.2.4.8-alpha.

6
doc/tor.1.txt
View File

@ -1043,7 +1043,8 @@ The following options are useful only for clients (that is, if
fraction of your paths. (Default: 1) fraction of your paths. (Default: 1)
**UseEntryGuardsAsDirectoryGuards** **0**|**1**:: **UseEntryGuardsAsDirectoryGuards** **0**|**1**::
If this option is set to 1, we try to use our entry guards as directory If this option is set to 1, and UseEntryGuards is also set to 1,
we try to use our entry guards as directory
guards, and failing that, pick more nodes to act as our directory guards. guards, and failing that, pick more nodes to act as our directory guards.
This helps prevent an adversary from enumerating clients. It's only This helps prevent an adversary from enumerating clients. It's only
available for clients (non-relay, non-bridge) that aren't configured to available for clients (non-relay, non-bridge) that aren't configured to
@ -1056,7 +1057,8 @@ The following options are useful only for clients (that is, if
**NumDirectoryGuards** __NUM__:: **NumDirectoryGuards** __NUM__::
If UseEntryGuardsAsDirectoryGuards is enabled, we try to make sure we If UseEntryGuardsAsDirectoryGuards is enabled, we try to make sure we
have at least NUM routers to use as directory guards. (Default: 3) have at least NUM routers to use as directory guards. If this option
is set to 0, use the value from NumEntryGuards. (Default: 0)
**GuardLifetime** __N__ **days**|**weeks**|**months**:: **GuardLifetime** __N__ **days**|**weeks**|**months**::
If nonzero, and UseEntryGuards is set, minimum time to keep a guard before If nonzero, and UseEntryGuards is set, minimum time to keep a guard before

2
src/or/config.c
View File

@ -314,7 +314,7 @@ static config_var_t option_vars_[] = {
OBSOLETE("NoPublish"), OBSOLETE("NoPublish"),
VAR("NodeFamily", LINELIST, NodeFamilies, NULL), VAR("NodeFamily", LINELIST, NodeFamilies, NULL),
V(NumCPUs, UINT, "0"), V(NumCPUs, UINT, "0"),
V(NumDirectoryGuards, UINT, "3"), V(NumDirectoryGuards, UINT, "0"),
V(NumEntryGuards, UINT, "3"), V(NumEntryGuards, UINT, "3"),
V(ORListenAddress, LINELIST, NULL), V(ORListenAddress, LINELIST, NULL),
VPORT(ORPort, LINELIST, NULL), VPORT(ORPort, LINELIST, NULL),

17
src/or/entrynodes.c
View File

@ -415,14 +415,24 @@ add_an_entry_guard(const node_t *chosen, int reset_status, int prepend,
return node; return node;
} }
/** Choose how many entry guards or directory guards we'll use. If
* <b>for_directory</b> is true, we return how many directory guards to
* use; else we return how many entry guards to use. */
static int
decide_num_guards(const or_options_t *options, int for_directory)
{
if (for_directory && options->NumDirectoryGuards != 0)
return options->NumDirectoryGuards;
return options->NumEntryGuards;
}
/** If the use of entry guards is configured, choose more entry guards /** If the use of entry guards is configured, choose more entry guards
* until we have enough in the list. */ * until we have enough in the list. */
static void static void
pick_entry_guards(const or_options_t *options, int for_directory) pick_entry_guards(const or_options_t *options, int for_directory)
{ {
int changed = 0; int changed = 0;
const int num_needed = for_directory ? options->NumDirectoryGuards : const int num_needed = decide_num_guards(options, for_directory);
options->NumEntryGuards;
tor_assert(entry_guards); tor_assert(entry_guards);
@ -962,8 +972,7 @@ choose_random_entry_impl(cpath_build_state_t *state, int for_directory,
int need_capacity = state ? state->need_capacity : 0; int need_capacity = state ? state->need_capacity : 0;
int preferred_min, consider_exit_family = 0; int preferred_min, consider_exit_family = 0;
int need_descriptor = !for_directory; int need_descriptor = !for_directory;
const int num_needed = for_directory ? options->NumDirectoryGuards : const int num_needed = decide_num_guards(options, for_directory);
options->NumEntryGuards;
if (chosen_exit) { if (chosen_exit) {
nodelist_add_node_and_family(exit_family, chosen_exit); nodelist_add_node_and_family(exit_family, chosen_exit);

3
src/or/or.h
View File

@ -3769,7 +3769,8 @@ typedef struct {
int NumEntryGuards; /**< How many entry guards do we try to establish? */ int NumEntryGuards; /**< How many entry guards do we try to establish? */
int UseEntryGuardsAsDirGuards; /** Boolean: Do we try to get directory info int UseEntryGuardsAsDirGuards; /** Boolean: Do we try to get directory info
* from a smallish number of fixed nodes? */ * from a smallish number of fixed nodes? */
int NumDirectoryGuards; /**< How many dir guards do we try to establish? */ int NumDirectoryGuards; /**< How many dir guards do we try to establish?
* If 0, use value from NumEntryGuards. */
int RephistTrackTime; /**< How many seconds do we keep rephist info? */ int RephistTrackTime; /**< How many seconds do we keep rephist info? */
int FastFirstHopPK; /**< If Tor believes it is safe, should we save a third int FastFirstHopPK; /**< If Tor believes it is safe, should we save a third
* of our PK time by sending CREATE_FAST cells? */ * of our PK time by sending CREATE_FAST cells? */