[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
[tor-commits] [tor/master] config: Remove AllowSingleHopExits option
commit d52a1e2faaf0edf8f5899c6fa9864d0cecebf692
Author: David Goulet <dgoulet@xxxxxxxxxxxxxx>
Date: Tue Apr 25 13:44:06 2017 -0400
config: Remove AllowSingleHopExits option
Deprecated in 0.2.9.2-alpha, this commits changes it as OBSOLETE() and cleans
up the code associated with it.
Partially fixes #22060
Signed-off-by: David Goulet <dgoulet@xxxxxxxxxxxxxx>
---
changes/bug22060 | 2 ++
doc/tor.1.txt | 7 -------
src/or/config.c | 11 +----------
src/or/connection_edge.c | 12 +++++-------
src/or/or.h | 5 +----
src/or/router.c | 5 ++---
src/test/test_options.c | 43 -------------------------------------------
7 files changed, 11 insertions(+), 74 deletions(-)
diff --git a/changes/bug22060 b/changes/bug22060
index 19c8d2c..caf624d 100644
--- a/changes/bug22060
+++ b/changes/bug22060
@@ -3,3 +3,5 @@
rendered obsolete. Code has been removed and feature no longer exists.
- AllowSingleHopCircuits was deprecated in 0.2.9.2-alpha and now has been
rendered obsolete. Code has been removed and feature no longer exists.
+ - AllowSingleHopExits was deprecated in 0.2.9.2-alpha and now has been
+ rendered obsolete. Code has been removed and feature no longer exists.
diff --git a/doc/tor.1.txt b/doc/tor.1.txt
index 3088c9b..e2e4808 100644
--- a/doc/tor.1.txt
+++ b/doc/tor.1.txt
@@ -1660,13 +1660,6 @@ is non-zero):
Tor client binds to. To bind to a different address, use the
*ListenAddress and OutboundBindAddress options.
-[[AllowSingleHopExits]] **AllowSingleHopExits** **0**|**1**::
- This option controls whether clients can use this server as a single hop
- proxy. If set to 1, clients can use this server as an exit even if it is
- the only hop in the circuit. Note that most clients will refuse to use
- servers that set this option, since most clients have
- ExcludeSingleHopRelays set. (Default: 0)
-
[[AssumeReachable]] **AssumeReachable** **0**|**1**::
This option is used when bootstrapping a new Tor network. If set to 1,
don't do self-reachability testing; just upload your server descriptor
diff --git a/src/or/config.c b/src/or/config.c
index 3621b8e..9b3570b 100644
--- a/src/or/config.c
+++ b/src/or/config.c
@@ -208,7 +208,7 @@ static config_var_t option_vars_[] = {
OBSOLETE("AllowInvalidNodes"),
V(AllowNonRFC953Hostnames, BOOL, "0"),
OBSOLETE("AllowSingleHopCircuits"),
- V(AllowSingleHopExits, BOOL, "0"),
+ OBSOLETE("AllowSingleHopExits"),
V(AlternateBridgeAuthority, LINELIST, NULL),
V(AlternateDirAuthority, LINELIST, NULL),
OBSOLETE("AlternateHSAuthority"),
@@ -662,8 +662,6 @@ static const config_deprecation_t option_deprecation_notes_[] = {
/* Deprecated since 0.2.9.2-alpha... */
{ "AllowDotExit", "Unrestricted use of the .exit notation can be used for "
"a wide variety of application-level attacks." },
- { "AllowSingleHopExits", "Turning this on will make your relay easier "
- "to abuse." },
{ "ClientDNSRejectInternalAddresses", "Turning this on makes your client "
"easier to fingerprint, and may open you to esoteric attacks." },
{ "ExcludeSingleHopRelays", "Turning it on makes your client easier to "
@@ -4056,13 +4054,6 @@ options_validate(or_options_t *old_options, or_options_t *options,
"AlternateDirAuthority and AlternateBridgeAuthority configured.");
}
- if (options->AllowSingleHopExits && !options->DirAuthorities) {
- COMPLAIN("You have set AllowSingleHopExits; now your relay will allow "
- "others to make one-hop exits. However, since by default most "
- "clients avoid relays that set this option, most clients will "
- "ignore you.");
- }
-
#define CHECK_DEFAULT(arg) \
STMT_BEGIN \
if (!options->TestingTorNetwork && \
diff --git a/src/or/connection_edge.c b/src/or/connection_edge.c
index 2c60d8d..8f5d343 100644
--- a/src/or/connection_edge.c
+++ b/src/or/connection_edge.c
@@ -3133,15 +3133,13 @@ connection_exit_begin_conn(cell_t *cell, circuit_t *circ)
port = bcell.port;
if (or_circ && or_circ->p_chan) {
- if (!options->AllowSingleHopExits &&
- (or_circ->is_first_hop ||
- (!connection_or_digest_is_known_relay(
+ if ((or_circ->is_first_hop ||
+ (!connection_or_digest_is_known_relay(
or_circ->p_chan->identity_digest) &&
should_refuse_unknown_exits(options)))) {
- /* Don't let clients use us as a single-hop proxy, unless the user
- * has explicitly allowed that in the config. It attracts attackers
- * and users who'd be better off with, well, single-hop proxies.
- */
+ /* Don't let clients use us as a single-hop proxy. It attracts
+ * attackers and users who'd be better off with, well, single-hop
+ * proxies. */
log_fn(LOG_PROTOCOL_WARN, LD_PROTOCOL,
"Attempt by %s to open a stream %s. Closing.",
safe_str(channel_get_canonical_remote_descr(or_circ->p_chan)),
diff --git a/src/or/or.h b/src/or/or.h
index 4381459..3670078 100644
--- a/src/or/or.h
+++ b/src/or/or.h
@@ -4114,10 +4114,7 @@ typedef struct {
* if we are a cache). For authorities, this is always true. */
int DownloadExtraInfo;
- /** If true, and we are acting as a relay, allow exit circuits even when
- * we are the first hop of a circuit. */
- int AllowSingleHopExits;
- /** If true, don't allow relays with AllowSingleHopExits=1 to be used in
+ /** If true, don't allow relays with allow-single-hop-exits to be used in
* circuits that we build. */
int ExcludeSingleHopRelays;
diff --git a/src/or/router.c b/src/or/router.c
index 7fb49e8..ca86c33 100644
--- a/src/or/router.c
+++ b/src/or/router.c
@@ -2932,7 +2932,7 @@ router_dump_router_to_string(routerinfo_t *router,
"onion-key\n%s"
"signing-key\n%s"
"%s%s"
- "%s%s%s%s",
+ "%s%s%s",
router->nickname,
address,
router->or_port,
@@ -2955,8 +2955,7 @@ router_dump_router_to_string(routerinfo_t *router,
ntor_cc_line ? ntor_cc_line : "",
family_line,
we_are_hibernating() ? "hibernating 1\n" : "",
- "hidden-service-dir\n",
- options->AllowSingleHopExits ? "allow-single-hop-exits\n" : "");
+ "hidden-service-dir\n");
if (options->ContactInfo && strlen(options->ContactInfo)) {
const char *ci = options->ContactInfo;
diff --git a/src/test/test_options.c b/src/test/test_options.c
index 43aa907..2a7dfbd 100644
--- a/src/test/test_options.c
+++ b/src/test/test_options.c
@@ -4190,48 +4190,6 @@ test_options_validate__virtual_addr(void *ignored)
}
static void
-test_options_validate__exits(void *ignored)
-{
- (void)ignored;
- int ret;
- char *msg;
- options_test_data_t *tdata = NULL;
- setup_capture_of_logs(LOG_WARN);
-
- free_options_test_data(tdata);
- tdata = get_options_test_data(TEST_OPTIONS_DEFAULT_VALUES
- "AllowSingleHopExits 1"
- );
- ret = options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);
- tt_int_op(ret, OP_EQ, 0);
- expect_log_msg("You have set AllowSingleHopExits; "
- "now your relay will allow others to make one-hop exits. However,"
- " since by default most clients avoid relays that set this option,"
- " most clients will ignore you.\n");
- tor_free(msg);
-
- free_options_test_data(tdata);
- tdata = get_options_test_data(TEST_OPTIONS_DEFAULT_VALUES
- "AllowSingleHopExits 1\n"
- VALID_DIR_AUTH
- );
- mock_clean_saved_logs();
- ret = options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);
- tt_int_op(ret, OP_EQ, 0);
- expect_no_log_msg("You have set AllowSingleHopExits; "
- "now your relay will allow others to make one-hop exits. However,"
- " since by default most clients avoid relays that set this option,"
- " most clients will ignore you.\n");
- tor_free(msg);
-
- done:
- policies_free_all();
- teardown_capture_of_logs();
- free_options_test_data(tdata);
- tor_free(msg);
-}
-
-static void
test_options_validate__testing_options(void *ignored)
{
(void)ignored;
@@ -4502,7 +4460,6 @@ struct testcase_t options_tests[] = {
LOCAL_VALIDATE_TEST(constrained_sockets),
LOCAL_VALIDATE_TEST(v3_auth),
LOCAL_VALIDATE_TEST(virtual_addr),
- LOCAL_VALIDATE_TEST(exits),
LOCAL_VALIDATE_TEST(testing_options),
LOCAL_VALIDATE_TEST(accel),
END_OF_TESTCASES /* */
_______________________________________________
tor-commits mailing list
tor-commits@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits