r17548@catbus: nickm | 2008-01-10 11:08:12 -0500

Make proposal-109 behavior optional. svn:r13090

r17548@catbus: nickm | 2008-01-10 11:08:12 -0500
Make proposal-109 behavior optional. svn:r13090
ca5f670f · Nick Mathewson · e3d49979 · ca5f670f · ca5f670f · ca5f670f
Commit ca5f670f authored Jan 10, 2008 by Nick Mathewson 👁
--- a/ChangeLog
+++ b/ChangeLog
@@ -46,6 +46,11 @@ Changes in version 0.2.0.16-alpha - 2008-01-??
      that don't otherwise fit into the torrc file.
    - The SETCONF command now handles quoted values correctly.

+  o Minor features (directory authorities):
+    - New configuration options to override default maximum number of
+      servers allowed on a single IP address.  This is important
+      for running a test network on a single host.
+
  o Minor features (other):
    - Add hidden services and DNSPorts to the list of things that make
      Tor accept that it has running ports.  Change starting Tor with

--- a/doc/TODO
+++ b/doc/TODO
@@ -21,7 +21,7 @@ R - Figure out the autoconf problem with adding a fallback consensus.
 R - add a geoip file
 W   - figure out license
 R - let bridges set relaybandwidthrate as low as 5kb
-N - we need a config option to turn off proposal 109 behavior,
+  o we need a config option to turn off proposal 109 behavior,
 RK- make it easier to set up a private tor network on your own computer
    is very hard.
    - FAQ entry which is wrong

--- a/doc/tor.1.in
+++ b/doc/tor.1.in
@@ -1129,6 +1129,17 @@ Authoritative directories only.  If set to 1, the directory server
 rejects all uploaded server descriptors that aren't explicitly listed
 in the fingerprints file. This acts as a "panic button" if we get
 Sybiled. (Default: 0)
+.LP
+.TP
+\fBAuthDirMaxServersPerAddr\fR \fINUM\fP
+Authoritative directories only.  The maximum number of servers that we
+will list as acceptable on a single IP address.  Set this to "0" for
+"no limit". (Default: 2)
+.LP
+.TP
+\fBAuthDirMaxServersPerAuthAddr\fR \fINUM\fP
+Authoritative directories only.  Like AuthDirMaxServersPerAddr, but
+applies to addresses shared with directory authorities.  (Default: 5)

 .SH HIDDEN SERVICE OPTIONS
 .PP

--- a/src/or/config.c
+++ b/src/or/config.c
@@ -143,6 +143,8 @@ static config_var_t _option_vars[] = {
  V(AuthDirRejectUnlisted,       BOOL,     "0"),
  V(AuthDirListBadDirs,          BOOL,     "0"),
  V(AuthDirListBadExits,         BOOL,     "0"),
+  V(AuthDirMaxServersPerAddr,    UINT,     "2"),
+  V(AuthDirMaxServersPerAuthAddr,UINT,     "5"),
  VAR("AuthoritativeDirectory",  BOOL, AuthoritativeDir,    "0"),
  V(AutomapHostsOnResolve,       BOOL,     "0"),
  V(AutomapHostsSuffixes,        CSV,      ".onion,.exit"),

--- a/src/or/dirserv.c
+++ b/src/or/dirserv.c
@@ -1965,18 +1965,24 @@ _compare_routerinfo_by_ip_and_bw(const void **a, const void **b)
 static digestmap_t *
 get_possible_sybil_list(const smartlist_t *routers)
 {
+  or_options_t *options = get_options();
  digestmap_t *omit_as_sybil;
  smartlist_t *routers_by_ip = smartlist_create();
  uint32_t last_addr;
  int addr_count;
+  /* Allow at most this number of Tor servers on a single IP address, ... */
+  int max_with_same_addr = options->AuthDirMaxServersPerAddr;
+  /* ... unless it's a directory authority, in which case allow more. */
+  int max_with_same_addr_on_authority = options->AuthDirMaxServersPerAuthAddr;
+  if (max_with_same_addr <= 0)
+    max_with_same_addr = INT_MAX;
+  if (max_with_same_addr_on_authority <= 0)
+    max_with_same_addr_on_authority = INT_MAX;
+
  smartlist_add_all(routers_by_ip, routers);
  smartlist_sort(routers_by_ip, _compare_routerinfo_by_ip_and_bw);
  omit_as_sybil = digestmap_new();

-/* Allow at most this number of Tor servers on a single IP address, ... */
-#define MAX_WITH_SAME_ADDR 2
-/* ... unless it's a directory authority, in which case allow more. */
-#define MAX_WITH_SAME_ADDR_ON_AUTHORITY 5
  last_addr = 0;
  addr_count = 0;
  SMARTLIST_FOREACH(routers_by_ip, routerinfo_t *, ri,
@@ -1984,9 +1990,9 @@ get_possible_sybil_list(const smartlist_t *routers)
      if (last_addr != ri->addr) {
        last_addr = ri->addr;
        addr_count = 1;
-      } else if (++addr_count > MAX_WITH_SAME_ADDR) {
+      } else if (++addr_count > max_with_same_addr) {
        if (!router_addr_is_trusted_dir(ri->addr) ||
-            addr_count > MAX_WITH_SAME_ADDR_ON_AUTHORITY)
+            addr_count > max_with_same_addr_on_authority)
          digestmap_set(omit_as_sybil, ri->cache_info.identity_digest, ri);
      }
    });

--- a/src/or/or.h
+++ b/src/or/or.h
@@ -2240,6 +2240,12 @@ typedef struct {
                            * and vote for all other exits as good. */
  int AuthDirRejectUnlisted; /**< Boolean: do we reject all routers that
                              * aren't named in our fingerprint file? */
+  int AuthDirMaxServersPerAddr; /**< Do not permit more than this
+                                 * number of servers per IP address. */
+  int AuthDirMaxServersPerAuthAddr; /**< Do not permit more than this
+                                     * number of servers per IP address shared
+                                     * with an authority. */
+
  char *AccountingStart; /**< How long is the accounting interval, and when
                          * does it start? */
  uint64_t AccountingMax; /**< How many bytes do we allow per accounting