GitLab

Right now we block you from setting entrynodes to {de} in options_validate():

  if (options->EntryNodes && !routerset_is_list(options->EntryNodes)) {
    /* XXXX fix this; see entry_guards_prepend_from_config(). */
    REJECT("IPs or countries are not yet supported in EntryNodes.");
  }

with a comment in entry_guards_prepend_from_config() that says:

  /* XXXX022 Now that we allow countries and IP ranges in EntryNodes, this is
   *  potentially an enormous list. For now, we disable such values for
   *  EntryNodes in options_validate(); really, this wants a better solution.
   *  Perhaps we should do this calculation once whenever the list of routers
   *  changes or the entrynodes setting changes.
   */

We actually already do this calculation only when the entrynodes setting changes or when directory_info_has_arrived() gets called. Actually, it's better than that -- we only do the calculation if we make a new circuit and, since the last time we made a circuit, entrynodes changed or we got new dir info.

I just took out the check in my local Tor, set my entrynodes to {de}, and things look like they're going ok. Dunno if there is more cpu load compared to normal, since Tor clients are so light.

(Note that we also call count_usable_descriptors() on entrynodes every minute or so now, to ensure that router-have-minimum-dir-info is still accurate.)