[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: Patch: Adding country codes to *Nodes config options



 [lines re-wrapped]

On Wed, Sep 24, 2008 at 07:37:51PM +0100, Robert Hogan wrote:
> On Monday 22 September 2008 21:02:41 Nick Mathewson wrote:
> > {Please take pity on us old-school purists and wrap email to under 75
> > colums, so that it doesn't overflow our terminals when we reply}
> >
> > Hi, Robert!  This patch is a good start.  I can clean it up if you
> > would like, or you can do another version; let me know what you'd
> > prefer.
> >
>
>  OK, I think I've got my wrapping and most of the patch sorted. I've
> added XXXX comments wherever I'm unsure of something. Hopefully
> won't require too much cleaning up!


I've checked in a tweaked version of this as r16966; check it out if
you're curious about what I thought needed to change.

There are a couple of interesting semantic issues here:

  1) What should happen when a router is listed in both of (say)
     ExitNodes and ExcludeExitNodes?  In 0.2.0.x, where the only way
     to list a node is by name or digest, listing the node as both
     included and excluded means that the user screwed up somehow, and
     it was reasonable to just let the exclude win.

     But now, that isn't necessarily so.  If I exclude a country, and
     explicitly include a node in that country, it's likelier that I'm
     saying "don't use exits in this country except for this one"
     than that I've put the node on the include list by accident.

     So I've set it up (for exit nodes at least) so that the most
     specific entry takes precedence (with nicknames and digests more
     specific than IP ranges, and IP ranges more specific than
     countries.)  I think this is the right choice, but it wasn't
     completely obvious at first.

  2) Previously, when EntryNodes could only be an explicit list of
     entries, we would just use that list to build the guard list by
     putting every listed EntryNode on the guard list.  If somebody
     says EntryNodes {us}, on the other hand, we don't want to have a
     guard list containing every node in the US.  This will require
     better code in entry_guards_prepend_from_config(); for now, I've
     just disallowed EntryNodes from containing IP ranges or country
     codes.

yrs,
-- 
Nick