[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
Re: Patch: Adding country codes to *Nodes config options
[lines re-wrapped]
On Wed, Sep 24, 2008 at 07:37:51PM +0100, Robert Hogan wrote:
> On Monday 22 September 2008 21:02:41 Nick Mathewson wrote:
> > {Please take pity on us old-school purists and wrap email to under 75
> > colums, so that it doesn't overflow our terminals when we reply}
> >
> > Hi, Robert! This patch is a good start. I can clean it up if you
> > would like, or you can do another version; let me know what you'd
> > prefer.
> >
>
> OK, I think I've got my wrapping and most of the patch sorted. I've
> added XXXX comments wherever I'm unsure of something. Hopefully
> won't require too much cleaning up!
I've checked in a tweaked version of this as r16966; check it out if
you're curious about what I thought needed to change.
There are a couple of interesting semantic issues here:
1) What should happen when a router is listed in both of (say)
ExitNodes and ExcludeExitNodes? In 0.2.0.x, where the only way
to list a node is by name or digest, listing the node as both
included and excluded means that the user screwed up somehow, and
it was reasonable to just let the exclude win.
But now, that isn't necessarily so. If I exclude a country, and
explicitly include a node in that country, it's likelier that I'm
saying "don't use exits in this country except for this one"
than that I've put the node on the include list by accident.
So I've set it up (for exit nodes at least) so that the most
specific entry takes precedence (with nicknames and digests more
specific than IP ranges, and IP ranges more specific than
countries.) I think this is the right choice, but it wasn't
completely obvious at first.
2) Previously, when EntryNodes could only be an explicit list of
entries, we would just use that list to build the guard list by
putting every listed EntryNode on the guard list. If somebody
says EntryNodes {us}, on the other hand, we don't want to have a
guard list containing every node in the US. This will require
better code in entry_guards_prepend_from_config(); for now, I've
just disallowed EntryNodes from containing IP ranges or country
codes.
yrs,
--
Nick