sarah
/
tor
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Remove UseDirectoryGuards 

It is obsoleted in an always-on direction by prop271.
This commit is contained in:
Nick Mathewson 2016-12-08 12:35:55 -05:00
parent 20292ec497
commit 3902a18a69
6 changed files with 13 additions and 25 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
changes/ticket20831 Normal file
View File

@ -0,0 +1,6 @@
o Removed features:
- The NumDirectoryGuards and UseDirectoryGuards torrc options are
no longer present: all users that use entry guards will also use
directory guards. Related to proposal 271; implements part of
ticket 20831.

9
doc/tor.1.txt
View File

@ -1208,15 +1208,6 @@ The following options are useful only for clients (that is, if
Authorities, Single Onion Services, and Tor2web clients. In these cases,
the this option is ignored. (Default: 1)
[[UseEntryGuardsAsDirGuards]] **UseEntryGuardsAsDirGuards** **0**|**1**::
If this option is set to 1, and UseEntryGuards is also set to 1,
we try to use our entry guards as directory
guards, and failing that, pick more nodes to act as our directory guards.
This helps prevent an adversary from enumerating clients. It's only
available for clients (non-relay, non-bridge) that aren't configured to
download any non-default directory material. It doesn't currently
do anything when we lack a live consensus. (Default: 1)
[[GuardfractionFile]] **GuardfractionFile** __FILENAME__::
V3 authoritative directories only. Configures the location of the
guardfraction file which contains information about how long relays

2
src/or/config.c
View File

@ -495,7 +495,7 @@ static config_var_t option_vars_[] = {
V(UpdateBridgesFromAuthority, BOOL, "0"),
V(UseBridges, BOOL, "0"),
VAR("UseEntryGuards", BOOL, UseEntryGuards_option, "1"),
V(UseEntryGuardsAsDirGuards, BOOL, "1"),
OBSOLETE("UseEntryGuardsAsDirGuards"),
V(UseGuardFraction, AUTOBOOL, "auto"),
V(UseMicrodescriptors, AUTOBOOL, "auto"),
OBSOLETE("UseNTorHandshake"),

5
src/or/directory.c
View File

@ -442,10 +442,9 @@ should_use_directory_guards(const or_options_t *options)
/* Public (non-bridge) servers never use directory guards. */
if (public_server_mode(options))
return 0;
/* If guards are disabled, or directory guards are disabled, we can't
* use directory guards.
/* If guards are disabled, we can't use directory guards.
*/
if (!options->UseEntryGuards || !options->UseEntryGuardsAsDirGuards)
if (!options->UseEntryGuards)
return 0;
/* If we're configured to fetch directory info aggressively or of a
* nonstandard type, don't use directory guards. */

2
src/or/or.h
View File

@ -4070,8 +4070,6 @@ typedef struct {
int UseEntryGuards;
int NumEntryGuards; /**< How many entry guards do we try to establish? */
int UseEntryGuardsAsDirGuards; /** Boolean: Do we try to get directory info
* from a smallish number of fixed nodes? */
/** If 1, we use any guardfraction information we see in the
* consensus. If 0, we don't. If -1, let the consensus parameter

14
src/test/test_dir.c
View File

@ -4354,7 +4354,6 @@ test_dir_should_use_directory_guards(void *data)
tt_int_op(should_use_directory_guards(options), OP_EQ, 0);
tt_int_op(CALLED(public_server_mode), OP_EQ, 1);
options->UseEntryGuardsAsDirGuards = 1;
options->UseEntryGuards = 1;
options->DownloadExtraInfo = 0;
options->FetchDirInfoEarly = 0;
@ -4368,29 +4367,24 @@ test_dir_should_use_directory_guards(void *data)
tt_int_op(CALLED(public_server_mode), OP_EQ, 3);
options->UseEntryGuards = 1;
options->UseEntryGuardsAsDirGuards = 0;
tt_int_op(should_use_directory_guards(options), OP_EQ, 0);
tt_int_op(CALLED(public_server_mode), OP_EQ, 4);
options->UseEntryGuardsAsDirGuards = 1;
options->DownloadExtraInfo = 1;
tt_int_op(should_use_directory_guards(options), OP_EQ, 0);
tt_int_op(CALLED(public_server_mode), OP_EQ, 5);
tt_int_op(CALLED(public_server_mode), OP_EQ, 4);
options->DownloadExtraInfo = 0;
options->FetchDirInfoEarly = 1;
tt_int_op(should_use_directory_guards(options), OP_EQ, 0);
tt_int_op(CALLED(public_server_mode), OP_EQ, 6);
tt_int_op(CALLED(public_server_mode), OP_EQ, 5);
options->FetchDirInfoEarly = 0;
options->FetchDirInfoExtraEarly = 1;
tt_int_op(should_use_directory_guards(options), OP_EQ, 0);
tt_int_op(CALLED(public_server_mode), OP_EQ, 7);
tt_int_op(CALLED(public_server_mode), OP_EQ, 6);
options->FetchDirInfoExtraEarly = 0;
options->FetchUselessDescriptors = 1;
tt_int_op(should_use_directory_guards(options), OP_EQ, 0);
tt_int_op(CALLED(public_server_mode), OP_EQ, 8);
tt_int_op(CALLED(public_server_mode), OP_EQ, 7);
options->FetchUselessDescriptors = 0;
done: