Commit 09bc858d authored by David Goulet's avatar David Goulet 🔆 Committed by Nick Mathewson
Browse files

config: Remove ExcludeSingleHopRelays option



Deprecated in 0.2.9.2-alpha, this commits changes it as OBSOLETE() and cleans
up the code associated with it.

Partially fixes #22060
Signed-off-by: David Goulet's avatarDavid Goulet <dgoulet@torproject.org>
parent d52a1e2f
......@@ -5,3 +5,5 @@
rendered obsolete. Code has been removed and feature no longer exists.
- AllowSingleHopExits was deprecated in 0.2.9.2-alpha and now has been
rendered obsolete. Code has been removed and feature no longer exists.
- ExcludeSingleHopRelays was deprecated in 0.2.9.2-alpha and now has been
rendered obsolete. Code has been removed and feature no longer exists.
......@@ -772,15 +772,6 @@ CLIENT OPTIONS
The following options are useful only for clients (that is, if
**SocksPort**, **TransPort**, **DNSPort**, or **NATDPort** is non-zero):
[[ExcludeSingleHopRelays]] **ExcludeSingleHopRelays** **0**|**1**::
This option controls whether circuits built by Tor will include relays with
the AllowSingleHopExits flag set to true. If ExcludeSingleHopRelays is set
to 0, these relays will be included. Note that these relays might be at
higher risk of being seized or observed, so they are not normally
included. Also note that relatively few clients turn off this option,
so using these relays might make your client stand out.
(Default: 1)
[[Bridge]] **Bridge** [__transport__] __IP__:__ORPort__ [__fingerprint__]::
When set along with UseBridges, instructs Tor to use the relay at
"IP:ORPort" as a "bridge" relaying into the Tor network. If "fingerprint"
......
......@@ -1835,8 +1835,9 @@ choose_good_exit_server_general(int need_uptime, int need_capacity)
// router->nickname, i);
continue; /* skip invalid routers */
}
if (options->ExcludeSingleHopRelays &&
node_allows_single_hop_exits(node)) {
/* We do not allow relays that allow single hop exits by default. Option
* was deprecated in 0.2.9.2-alpha and removed in 0.3.1.0-alpha. */
if (node_allows_single_hop_exits(node)) {
n_supported[i] = -1;
continue;
}
......
......@@ -303,7 +303,7 @@ static config_var_t option_vars_[] = {
V(TestingEstimatedDescriptorPropagationTime, INTERVAL, "10 minutes"),
V(ExcludeNodes, ROUTERSET, NULL),
V(ExcludeExitNodes, ROUTERSET, NULL),
V(ExcludeSingleHopRelays, BOOL, "1"),
OBSOLETE("ExcludeSingleHopRelays"),
V(ExitNodes, ROUTERSET, NULL),
V(ExitPolicy, LINELIST, NULL),
V(ExitPolicyRejectPrivate, BOOL, "1"),
......@@ -664,8 +664,6 @@ static const config_deprecation_t option_deprecation_notes_[] = {
"a wide variety of application-level attacks." },
{ "ClientDNSRejectInternalAddresses", "Turning this on makes your client "
"easier to fingerprint, and may open you to esoteric attacks." },
{ "ExcludeSingleHopRelays", "Turning it on makes your client easier to "
"fingerprint." },
{ "FastFirstHopPK", "Changing this option does not make your client more "
"secure, but does make it easier to fingerprint." },
{ "CloseHSClientCircuitsImmediatelyOnTimeout", "This option makes your "
......
......@@ -4114,10 +4114,6 @@ typedef struct {
* if we are a cache). For authorities, this is always true. */
int DownloadExtraInfo;
/** If true, don't allow relays with allow-single-hop-exits to be used in
* circuits that we build. */
int ExcludeSingleHopRelays;
/** If true, we convert "www.google.com.foo.exit" addresses on the
* socks/trans/natd ports into "www.google.com" addresses that
* exit from the node "foo". Disabled by default since attacking
......
......@@ -2807,14 +2807,12 @@ router_choose_random_node(smartlist_t *excludedsmartlist,
rule = weight_for_exit ? WEIGHT_FOR_EXIT :
(need_guard ? WEIGHT_FOR_GUARD : WEIGHT_FOR_MID);
/* Exclude relays that allow single hop exit circuits, if the user
* wants to (such relays might be risky) */
if (get_options()->ExcludeSingleHopRelays) {
SMARTLIST_FOREACH(nodelist_get_list(), node_t *, node,
if (node_allows_single_hop_exits(node)) {
smartlist_add(excludednodes, node);
});
}
/* Exclude relays that allow single hop exit circuits. This is an obsolete
* option since 0.2.9.2-alpha and done by default in 0.3.1.0-alpha. */
SMARTLIST_FOREACH(nodelist_get_list(), node_t *, node,
if (node_allows_single_hop_exits(node)) {
smartlist_add(excludednodes, node);
});
if ((r = routerlist_find_my_routerinfo()))
routerlist_add_node_and_family(excludednodes, r);
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment