sarah
/
tor
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Add an EnforceDistinctSubnets option so that clients who know what they are doing (mainly people with private testing networks) can disable our same-/16 detection. 

svn:r8504
This commit is contained in:
Nick Mathewson 2006-09-25 22:12:54 +00:00
parent 01f9e97d43
commit 49ad1eefa1
6 changed files with 21 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
ChangeLog
View File

@ -19,6 +19,10 @@ Changes in version 0.1.2.2-alpha - 2006-??-??
- When asked to resolve a hostname, don't use non-exit servers unless
requested to do so. This allows servers with broken DNS to
be useful to the network.
- Add an "EnforceDistinctSubnets" option to control our "exclude
servers on the same /16" behavior. It's still on by default; this
is mostly for people who want to operate private test networks with
all the machines on the same subnet.
o Security Fixes, minor:
- If a client asked for a server by name, and we didn't have a

7
doc/TODO
View File

@ -28,11 +28,12 @@ N - when we start, remove any entryguards that are listed in excludenodes.
N - Remember the last time we saw one of our entry guards labelled with
the GUARD flag. If it's been too long, it is not suitable for use.
If it's been really too long, remove it from the list.
. Figure out avoiding duplicate /24 lines
o Figure out avoiding duplicate /24 lines
o automatically add /16 servers to family
D do it in an efficient way. keep a list of something somewhere?
- The right thing here is to revamp our node selection implementation.
N - make it configurable, so people can turn it on or off.
D The right thing here is to revamp our node selection implementation.
(Deferred until oprofile says this matters.)
o make it configurable, so people can turn it on or off.
N - Clients stop dumping old descriptors if the network-statuses
claim they're still valid.
R . If we fail to connect via an exit enclave, (warn and) try again

7
doc/tor.1.in
View File

@ -371,10 +371,17 @@ NodeFamily is only needed when a server doesn't list the family itself
(with MyFamily). This option can be used multiple times.
.LP
.TP
\fBEnforceDistinctSubnets \fR\fB0\fR|\fB1\fR\fP
If 1, Tor will not put two servers whose IP addressess are "too
close" to appear on the same circuit. Currently, two addresses are
"too close" if they lie in the same /16 range. (Default: 1)
.\" \fBPathlenCoinWeight \fR\fI0.0-1.0\fP
.\" Paths are 3 hops plus a geometric distribution centered around this coinweight.
.\" Must be >=0.0 and <1.0. (Default: 0.3) NOT USED CURRENTLY
.\" .TP
.LP
.TP
\fBRendNodes \fR\fInickname\fR,\fInickname\fR,\fI...\fP
A list of preferred nodes to use for the rendezvous point, if possible.
.LP

1
src/or/config.c
View File

@ -152,6 +152,7 @@ static config_var_t _option_vars[] = {
VAR("DirPort", UINT, DirPort, "0"),
OBSOLETE("DirPostPeriod"),
VAR("DirServer", LINELIST, DirServers, NULL),
VAR("EnforceDistinctSubnets", BOOL, EnforceDistinctSubnets,"1"),
VAR("EntryNodes", STRING, EntryNodes, NULL),
VAR("ExcludeNodes", STRING, ExcludeNodes, NULL),
VAR("ExitNodes", STRING, ExitNodes, NULL),

2
src/or/or.h
View File

@ -1581,6 +1581,8 @@ typedef struct {
char *ServerDNSResolvConfFile; /**< If provided, we configure our internal
* resolver from the file here rather than from
* /etc/resolv.conf (Unix) or the registry (Windows). */
int EnforceDistinctSubnets; /** If true, don't allow multiple routers in the
* same network zone in the same circuit. */
} or_options_t;
/** Persistent state for an onion router, as saved to disk. */

4
src/or/routerlist.c
View File

@ -629,10 +629,12 @@ routerlist_add_family(smartlist_t *sl, routerinfo_t *router)
{
routerinfo_t *r;
config_line_t *cl;
or_options_t *options = get_options();
/* First, add any routers with similar network addresses.
* XXX It's possible this will be really expensive; we'll see. */
routerlist_add_network_family(sl, router);
if (options->EnforceDistinctSubnets)
routerlist_add_network_family(sl, router);
if (!router->declared_family)
return;