config: Remove ExcludeSingleHopRelays option

Deprecated in 0.2.9.2-alpha, this commits changes it as OBSOLETE() and cleans up the code associated with it. Partially fixes #22060 Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-04-25 13:49:05 -04:00 · 2017-04-25 13:49:05 -04:00 · 09bc858dd5
parent d52a1e2faa
commit 09bc858dd5
6 changed files with 12 additions and 26 deletions
--- a/changes/bug22060
+++ b/changes/bug22060
@ -5,3 +5,5 @@
      rendered obsolete. Code has been removed and feature no longer exists.
    - AllowSingleHopExits was deprecated in 0.2.9.2-alpha and now has been
      rendered obsolete. Code has been removed and feature no longer exists.
+    - ExcludeSingleHopRelays was deprecated in 0.2.9.2-alpha and now has been
+      rendered obsolete. Code has been removed and feature no longer exists.
--- a/doc/tor.1.txt
+++ b/doc/tor.1.txt
@ -772,15 +772,6 @@ CLIENT OPTIONS
 The following options are useful only for clients (that is, if
 **SocksPort**, **TransPort**, **DNSPort**, or **NATDPort** is non-zero):

-[[ExcludeSingleHopRelays]] **ExcludeSingleHopRelays** **0**|**1**::
-    This option controls whether circuits built by Tor will include relays with
-    the AllowSingleHopExits flag set to true. If ExcludeSingleHopRelays is set
-    to 0, these relays will be included. Note that these relays might be at
-    higher risk of being seized or observed, so they are not normally
-    included.  Also note that relatively few clients turn off this option,
-    so using these relays might make your client stand out.
-    (Default: 1)
-
 [[Bridge]] **Bridge** [__transport__] __IP__:__ORPort__ [__fingerprint__]::
    When set along with UseBridges, instructs Tor to use the relay at
    "IP:ORPort" as a "bridge" relaying into the Tor network. If "fingerprint"
--- a/src/or/circuitbuild.c
+++ b/src/or/circuitbuild.c
@ -1835,8 +1835,9 @@ choose_good_exit_server_general(int need_uptime, int need_capacity)
 //             router->nickname, i);
      continue; /* skip invalid routers */
    }
-    if (options->ExcludeSingleHopRelays &&
-        node_allows_single_hop_exits(node)) {
+    /* We do not allow relays that allow single hop exits by default. Option
+     * was deprecated in 0.2.9.2-alpha and removed in 0.3.1.0-alpha. */
+    if (node_allows_single_hop_exits(node)) {
      n_supported[i] = -1;
      continue;
    }
--- a/src/or/config.c
+++ b/src/or/config.c
@ -303,7 +303,7 @@ static config_var_t option_vars_[] = {
  V(TestingEstimatedDescriptorPropagationTime, INTERVAL, "10 minutes"),
  V(ExcludeNodes,                ROUTERSET, NULL),
  V(ExcludeExitNodes,            ROUTERSET, NULL),
-  V(ExcludeSingleHopRelays,      BOOL,     "1"),
+  OBSOLETE("ExcludeSingleHopRelays"),
  V(ExitNodes,                   ROUTERSET, NULL),
  V(ExitPolicy,                  LINELIST, NULL),
  V(ExitPolicyRejectPrivate,     BOOL,     "1"),
@ -664,8 +664,6 @@ static const config_deprecation_t option_deprecation_notes_[] = {
    "a wide variety of application-level attacks." },
  { "ClientDNSRejectInternalAddresses", "Turning this on makes your client "
    "easier to fingerprint, and may open you to esoteric attacks." },
-  { "ExcludeSingleHopRelays", "Turning it on makes your client easier to "
-    "fingerprint." },
  { "FastFirstHopPK", "Changing this option does not make your client more "
    "secure, but does make it easier to fingerprint." },
  { "CloseHSClientCircuitsImmediatelyOnTimeout", "This option makes your "
--- a/src/or/or.h
+++ b/src/or/or.h
@ -4114,10 +4114,6 @@ typedef struct {
   * if we are a cache).  For authorities, this is always true. */
  int DownloadExtraInfo;

-  /** If true, don't allow relays with allow-single-hop-exits to be used in
-   * circuits that we build. */
-  int ExcludeSingleHopRelays;
-
  /** If true, we convert "www.google.com.foo.exit" addresses on the
   * socks/trans/natd ports into "www.google.com" addresses that
   * exit from the node "foo". Disabled by default since attacking
--- a/src/or/routerlist.c
+++ b/src/or/routerlist.c
@ -2807,14 +2807,12 @@ router_choose_random_node(smartlist_t *excludedsmartlist,
  rule = weight_for_exit ? WEIGHT_FOR_EXIT :
    (need_guard ? WEIGHT_FOR_GUARD : WEIGHT_FOR_MID);

-  /* Exclude relays that allow single hop exit circuits, if the user
-   * wants to (such relays might be risky) */
-  if (get_options()->ExcludeSingleHopRelays) {
-    SMARTLIST_FOREACH(nodelist_get_list(), node_t *, node,
-      if (node_allows_single_hop_exits(node)) {
-        smartlist_add(excludednodes, node);
-      });
-  }
+  /* Exclude relays that allow single hop exit circuits. This is an obsolete
+   * option since 0.2.9.2-alpha and done by default in 0.3.1.0-alpha. */
+  SMARTLIST_FOREACH(nodelist_get_list(), node_t *, node,
+    if (node_allows_single_hop_exits(node)) {
+      smartlist_add(excludednodes, node);
+    });

  if ((r = routerlist_find_my_routerinfo()))
    routerlist_add_node_and_family(excludednodes, r);