[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
[or-cvs] r8690: Add client support for a 'BadExit' flag, so authorities can (in tor/trunk: . doc src/or)
- To: or-cvs@xxxxxxxxxxxxx
- Subject: [or-cvs] r8690: Add client support for a 'BadExit' flag, so authorities can (in tor/trunk: . doc src/or)
- From: nickm@xxxxxxxx
- Date: Wed, 11 Oct 2006 18:06:05 -0400 (EDT)
- Delivered-to: archiver@seul.org
- Delivered-to: or-cvs-outgoing@seul.org
- Delivered-to: or-cvs@seul.org
- Delivery-date: Wed, 11 Oct 2006 18:06:26 -0400
- Reply-to: or-talk@xxxxxxxxxxxxx
- Sender: owner-or-cvs@xxxxxxxxxxxxx
Author: nickm
Date: 2006-10-11 18:06:01 -0400 (Wed, 11 Oct 2006)
New Revision: 8690
Modified:
tor/trunk/
tor/trunk/ChangeLog
tor/trunk/doc/TODO
tor/trunk/doc/dir-spec.txt
tor/trunk/doc/path-spec.txt
tor/trunk/src/or/circuitbuild.c
tor/trunk/src/or/or.h
tor/trunk/src/or/routerlist.c
tor/trunk/src/or/routerparse.c
Log:
r9004@totoro: nickm | 2006-10-11 18:05:24 -0400
Add client support for a 'BadExit' flag, so authorities can say "Server X is a poor choise for your nytimes.com connections, as it seems to direct them to HoorayForMao.com or (more likely) WouldYouLikeToBuyTheseFineEncyclopedias.com"
Property changes on: tor/trunk
___________________________________________________________________
svk:merge ticket from /tor/trunk [r9004] on 96637b51-b116-0410-a10e-9941ebb49b64
Modified: tor/trunk/ChangeLog
===================================================================
--- tor/trunk/ChangeLog 2006-10-11 20:45:01 UTC (rev 8689)
+++ tor/trunk/ChangeLog 2006-10-11 22:06:01 UTC (rev 8690)
@@ -1,4 +1,8 @@
Changes in version 0.1.2.3-alpha - 2006-10-??
+ o Minor features:
+ - If most authorities set a (newly defined) BadExit flag for a server, do
+ not consider it as a general-purpose exit.
+
o Minor features, controller:
- Add a REASON field to CIRC events; for backward compatibility, this
field is sent only to controllers that have enabled the extended
Modified: tor/trunk/doc/TODO
===================================================================
--- tor/trunk/doc/TODO 2006-10-11 20:45:01 UTC (rev 8689)
+++ tor/trunk/doc/TODO 2006-10-11 22:06:01 UTC (rev 8690)
@@ -363,6 +363,10 @@
Future version:
- Configuration format really wants sections.
- Good RBL substitute.
+ - Authorities should try using exits for http to connect to some URLS
+ (specified in a configuration file, so as not to make the List Of Things
+ Not To Censor completely obvious) and ask them for results. Exits that
+ don't give good answers should have the BadExit flag set.
- Our current approach to block attempts to use Tor as a single-hop proxy
is pretty lame; we should get a better one.
. Update the hidden service stuff for the new dir approach.
Modified: tor/trunk/doc/dir-spec.txt
===================================================================
--- tor/trunk/doc/dir-spec.txt 2006-10-11 20:45:01 UTC (rev 8689)
+++ tor/trunk/doc/dir-spec.txt 2006-10-11 22:06:01 UTC (rev 8690)
@@ -355,6 +355,9 @@
- A directory port (or "0" for none")
"s" -- A series of whitespace-separated status flags, in any order:
"Authority" if the router is a directory authority.
+ "BadExit" if the router is believed to be useless as an exit node
+ (because its ISP censors it, because it is behind a restrictive
+ proxy, or for some similar reason).
"Exit" if the router is useful for building general-purpose exit
circuits.
"Fast" if the router is suitable for high-bandwidth circuits.
Modified: tor/trunk/doc/path-spec.txt
===================================================================
--- tor/trunk/doc/path-spec.txt 2006-10-11 20:45:01 UTC (rev 8689)
+++ tor/trunk/doc/path-spec.txt 2006-10-11 22:06:01 UTC (rev 8690)
@@ -208,6 +208,9 @@
such a connection if any clause that accepts any connections to that port
precedes all clauses (if any) that reject all connections to that port.
+ Unless requested to do so by the user, we never choose a server flagged by
+ more than half of the authorities as BadExit for an exit server.
+
2.2.2. User configuration
Users can alter the default behavior for path selection with configuration
Modified: tor/trunk/src/or/circuitbuild.c
===================================================================
--- tor/trunk/src/or/circuitbuild.c 2006-10-11 20:45:01 UTC (rev 8689)
+++ tor/trunk/src/or/circuitbuild.c 2006-10-11 22:06:01 UTC (rev 8690)
@@ -1165,12 +1165,9 @@
*/
continue;
}
- if (!router->is_running) {
+ if (!router->is_running || router->is_bad_exit) {
n_supported[i] = -1;
-// log_fn(LOG_DEBUG,
-// "Skipping node %s (index %d) -- directory says it's not running.",
-// router->nickname, i);
- continue; /* skip routers that are known to be down */
+ continue; /* skip routers that are known to be down or bad exits */
}
if (router_is_unreliable(router, need_uptime, need_capacity, 0)) {
n_supported[i] = -1;
Modified: tor/trunk/src/or/or.h
===================================================================
--- tor/trunk/src/or/or.h 2006-10-11 20:45:01 UTC (rev 8689)
+++ tor/trunk/src/or/or.h 2006-10-11 22:06:01 UTC (rev 8690)
@@ -925,6 +925,8 @@
unsigned int is_stable:1; /** Do we think this is a stable OR? */
unsigned int is_possible_guard:1; /**< Do we think this is an OK guard? */
unsigned int is_exit:1; /**< Do we think this is an OK exit? */
+ unsigned int is_bad_exit:1; /**< Do we think this exit is censored, borked,
+ * or otherwise nasty? */
/** Tor can use this desc for circuit-building. */
#define ROUTER_PURPOSE_GENERAL 0
@@ -972,6 +974,8 @@
* directories.) */
unsigned int is_possible_guard:1; /**< True iff this router would be a good
* choice as an entry guard. */
+ unsigned int is_bad_exit:1; /**< True iff this node is a bad choice for
+ * an exit node. */
/** True if we, as a directory mirror, want to download the corresponding
* routerinfo from the authority who gave us this routerstatus. (That is,
Modified: tor/trunk/src/or/routerlist.c
===================================================================
--- tor/trunk/src/or/routerlist.c 2006-10-11 20:45:01 UTC (rev 8689)
+++ tor/trunk/src/or/routerlist.c 2006-10-11 22:06:01 UTC (rev 8690)
@@ -3294,7 +3294,7 @@
*/
while (1) {
int n_running=0, n_named=0, n_valid=0, n_listing=0;
- int n_v2_dir=0, n_fast=0, n_stable=0, n_exit=0, n_guard=0;
+ int n_v2_dir=0, n_fast=0, n_stable=0, n_exit=0, n_guard=0, n_bad_exit=0;
int n_desc_digests=0, highest_count=0;
const char *the_name = NULL;
local_routerstatus_t *rs_out, *rs_old;
@@ -3380,6 +3380,8 @@
++n_stable;
if (rs->is_v2_dir)
++n_v2_dir;
+ if (rs->is_bad_exit)
+ ++n_bad_exit;
}
/* Go over the descriptor digests and figure out which descriptor we
* want. */
@@ -3428,6 +3430,7 @@
rs_out->status.is_possible_guard = n_guard > n_statuses/2;
rs_out->status.is_stable = n_stable > n_statuses/2;
rs_out->status.is_v2_dir = n_v2_dir > n_statuses/2;
+ rs_out->status.is_bad_exit = n_bad_exit > n_statuses/2;
}
SMARTLIST_FOREACH(routerstatus_list, local_routerstatus_t *, rs,
local_routerstatus_free(rs));
@@ -3482,6 +3485,7 @@
router->is_stable = rs->status.is_stable;
router->is_possible_guard = rs->status.is_possible_guard;
router->is_exit = rs->status.is_exit;
+ router->is_bad_exit = rs->status.is_bad_exit;
}
if (router->is_running && ds) {
ds->n_networkstatus_failures = 0;
Modified: tor/trunk/src/or/routerparse.c
===================================================================
--- tor/trunk/src/or/routerparse.c 2006-10-11 20:45:01 UTC (rev 8689)
+++ tor/trunk/src/or/routerparse.c 2006-10-11 22:06:01 UTC (rev 8690)
@@ -1061,6 +1061,9 @@
rs->is_v2_dir = 1;
else if (!strcmp(tok->args[i], "Guard"))
rs->is_possible_guard = 1;
+ else if (!strcmp(tok->args[i], "BadExit"))
+ rs->is_bad_exit = 1;
+
}
}