[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
[or-cvs] r8504: Add an EnforceDistinctSubnets option so that clients who kno (in tor/trunk: . doc src/or)
- To: or-cvs@xxxxxxxxxxxxx
- Subject: [or-cvs] r8504: Add an EnforceDistinctSubnets option so that clients who kno (in tor/trunk: . doc src/or)
- From: nickm@xxxxxxxx
- Date: Mon, 25 Sep 2006 18:12:56 -0400 (EDT)
- Delivered-to: archiver@seul.org
- Delivered-to: or-cvs-outgoing@seul.org
- Delivered-to: or-cvs@seul.org
- Delivery-date: Mon, 25 Sep 2006 18:13:04 -0400
- Reply-to: or-talk@xxxxxxxxxxxxx
- Sender: owner-or-cvs@xxxxxxxxxxxxx
Author: nickm
Date: 2006-09-25 18:12:54 -0400 (Mon, 25 Sep 2006)
New Revision: 8504
Modified:
tor/trunk/ChangeLog
tor/trunk/doc/TODO
tor/trunk/doc/tor.1.in
tor/trunk/src/or/config.c
tor/trunk/src/or/or.h
tor/trunk/src/or/routerlist.c
Log:
Add an EnforceDistinctSubnets option so that clients who know what they are doing (mainly people with private testing networks) can disable our same-/16 detection.
Modified: tor/trunk/ChangeLog
===================================================================
--- tor/trunk/ChangeLog 2006-09-25 20:38:58 UTC (rev 8503)
+++ tor/trunk/ChangeLog 2006-09-25 22:12:54 UTC (rev 8504)
@@ -19,6 +19,10 @@
- When asked to resolve a hostname, don't use non-exit servers unless
requested to do so. This allows servers with broken DNS to
be useful to the network.
+ - Add an "EnforceDistinctSubnets" option to control our "exclude
+ servers on the same /16" behavior. It's still on by default; this
+ is mostly for people who want to operate private test networks with
+ all the machines on the same subnet.
o Security Fixes, minor:
- If a client asked for a server by name, and we didn't have a
Modified: tor/trunk/doc/TODO
===================================================================
--- tor/trunk/doc/TODO 2006-09-25 20:38:58 UTC (rev 8503)
+++ tor/trunk/doc/TODO 2006-09-25 22:12:54 UTC (rev 8504)
@@ -28,11 +28,12 @@
N - Remember the last time we saw one of our entry guards labelled with
the GUARD flag. If it's been too long, it is not suitable for use.
If it's been really too long, remove it from the list.
- . Figure out avoiding duplicate /24 lines
+ o Figure out avoiding duplicate /24 lines
o automatically add /16 servers to family
D do it in an efficient way. keep a list of something somewhere?
- - The right thing here is to revamp our node selection implementation.
-N - make it configurable, so people can turn it on or off.
+ D The right thing here is to revamp our node selection implementation.
+ (Deferred until oprofile says this matters.)
+ o make it configurable, so people can turn it on or off.
N - Clients stop dumping old descriptors if the network-statuses
claim they're still valid.
R . If we fail to connect via an exit enclave, (warn and) try again
Modified: tor/trunk/doc/tor.1.in
===================================================================
--- tor/trunk/doc/tor.1.in 2006-09-25 20:38:58 UTC (rev 8503)
+++ tor/trunk/doc/tor.1.in 2006-09-25 22:12:54 UTC (rev 8504)
@@ -371,10 +371,17 @@
(with MyFamily). This option can be used multiple times.
.LP
.TP
+\fBEnforceDistinctSubnets \fR\fB0\fR|\fB1\fR\fP
+If 1, Tor will not put two servers whose IP addressess are "too
+close" to appear on the same circuit. Currently, two addresses are
+"too close" if they lie in the same /16 range. (Default: 1)
+
.\" \fBPathlenCoinWeight \fR\fI0.0-1.0\fP
.\" Paths are 3 hops plus a geometric distribution centered around this coinweight.
.\" Must be >=0.0 and <1.0. (Default: 0.3) NOT USED CURRENTLY
.\" .TP
+.LP
+.TP
\fBRendNodes \fR\fInickname\fR,\fInickname\fR,\fI...\fP
A list of preferred nodes to use for the rendezvous point, if possible.
.LP
Modified: tor/trunk/src/or/config.c
===================================================================
--- tor/trunk/src/or/config.c 2006-09-25 20:38:58 UTC (rev 8503)
+++ tor/trunk/src/or/config.c 2006-09-25 22:12:54 UTC (rev 8504)
@@ -152,6 +152,7 @@
VAR("DirPort", UINT, DirPort, "0"),
OBSOLETE("DirPostPeriod"),
VAR("DirServer", LINELIST, DirServers, NULL),
+ VAR("EnforceDistinctSubnets", BOOL, EnforceDistinctSubnets,"1"),
VAR("EntryNodes", STRING, EntryNodes, NULL),
VAR("ExcludeNodes", STRING, ExcludeNodes, NULL),
VAR("ExitNodes", STRING, ExitNodes, NULL),
Modified: tor/trunk/src/or/or.h
===================================================================
--- tor/trunk/src/or/or.h 2006-09-25 20:38:58 UTC (rev 8503)
+++ tor/trunk/src/or/or.h 2006-09-25 22:12:54 UTC (rev 8504)
@@ -1581,6 +1581,8 @@
char *ServerDNSResolvConfFile; /**< If provided, we configure our internal
* resolver from the file here rather than from
* /etc/resolv.conf (Unix) or the registry (Windows). */
+ int EnforceDistinctSubnets; /** If true, don't allow multiple routers in the
+ * same network zone in the same circuit. */
} or_options_t;
/** Persistent state for an onion router, as saved to disk. */
Modified: tor/trunk/src/or/routerlist.c
===================================================================
--- tor/trunk/src/or/routerlist.c 2006-09-25 20:38:58 UTC (rev 8503)
+++ tor/trunk/src/or/routerlist.c 2006-09-25 22:12:54 UTC (rev 8504)
@@ -629,10 +629,12 @@
{
routerinfo_t *r;
config_line_t *cl;
+ or_options_t *options = get_options();
/* First, add any routers with similar network addresses.
* XXX It's possible this will be really expensive; we'll see. */
- routerlist_add_network_family(sl, router);
+ if (options->EnforceDistinctSubnets)
+ routerlist_add_network_family(sl, router);
if (!router->declared_family)
return;