Commit ca5f670f authored by Nick Mathewson's avatar Nick Mathewson 🥔
Browse files

r17548@catbus: nickm | 2008-01-10 11:08:12 -0500

 Make proposal-109 behavior optional.


svn:r13090
parent e3d49979
Loading
Loading
Loading
Loading
+5 −0
Original line number Diff line number Diff line
@@ -46,6 +46,11 @@ Changes in version 0.2.0.16-alpha - 2008-01-??
      that don't otherwise fit into the torrc file.
    - The SETCONF command now handles quoted values correctly.

  o Minor features (directory authorities):
    - New configuration options to override default maximum number of
      servers allowed on a single IP address.  This is important
      for running a test network on a single host.

  o Minor features (other):
    - Add hidden services and DNSPorts to the list of things that make
      Tor accept that it has running ports.  Change starting Tor with
+1 −1
Original line number Diff line number Diff line
@@ -21,7 +21,7 @@ R - Figure out the autoconf problem with adding a fallback consensus.
R - add a geoip file
W   - figure out license
R - let bridges set relaybandwidthrate as low as 5kb
N - we need a config option to turn off proposal 109 behavior,
  o we need a config option to turn off proposal 109 behavior,
RK- make it easier to set up a private tor network on your own computer
    is very hard.
    - FAQ entry which is wrong
+11 −0
Original line number Diff line number Diff line
@@ -1129,6 +1129,17 @@ Authoritative directories only. If set to 1, the directory server
rejects all uploaded server descriptors that aren't explicitly listed
in the fingerprints file. This acts as a "panic button" if we get
Sybiled. (Default: 0)
.LP
.TP
\fBAuthDirMaxServersPerAddr\fR \fINUM\fP
Authoritative directories only.  The maximum number of servers that we
will list as acceptable on a single IP address.  Set this to "0" for
"no limit". (Default: 2)
.LP
.TP
\fBAuthDirMaxServersPerAuthAddr\fR \fINUM\fP
Authoritative directories only.  Like AuthDirMaxServersPerAddr, but
applies to addresses shared with directory authorities.  (Default: 5)

.SH HIDDEN SERVICE OPTIONS
.PP
+2 −0
Original line number Diff line number Diff line
@@ -143,6 +143,8 @@ static config_var_t _option_vars[] = {
  V(AuthDirRejectUnlisted,       BOOL,     "0"),
  V(AuthDirListBadDirs,          BOOL,     "0"),
  V(AuthDirListBadExits,         BOOL,     "0"),
  V(AuthDirMaxServersPerAddr,    UINT,     "2"),
  V(AuthDirMaxServersPerAuthAddr,UINT,     "5"),
  VAR("AuthoritativeDirectory",  BOOL, AuthoritativeDir,    "0"),
  V(AutomapHostsOnResolve,       BOOL,     "0"),
  V(AutomapHostsSuffixes,        CSV,      ".onion,.exit"),
+12 −6
Original line number Diff line number Diff line
@@ -1965,18 +1965,24 @@ _compare_routerinfo_by_ip_and_bw(const void **a, const void **b)
static digestmap_t *
get_possible_sybil_list(const smartlist_t *routers)
{
  or_options_t *options = get_options();
  digestmap_t *omit_as_sybil;
  smartlist_t *routers_by_ip = smartlist_create();
  uint32_t last_addr;
  int addr_count;
  /* Allow at most this number of Tor servers on a single IP address, ... */
  int max_with_same_addr = options->AuthDirMaxServersPerAddr;
  /* ... unless it's a directory authority, in which case allow more. */
  int max_with_same_addr_on_authority = options->AuthDirMaxServersPerAuthAddr;
  if (max_with_same_addr <= 0)
    max_with_same_addr = INT_MAX;
  if (max_with_same_addr_on_authority <= 0)
    max_with_same_addr_on_authority = INT_MAX;

  smartlist_add_all(routers_by_ip, routers);
  smartlist_sort(routers_by_ip, _compare_routerinfo_by_ip_and_bw);
  omit_as_sybil = digestmap_new();

/* Allow at most this number of Tor servers on a single IP address, ... */
#define MAX_WITH_SAME_ADDR 2
/* ... unless it's a directory authority, in which case allow more. */
#define MAX_WITH_SAME_ADDR_ON_AUTHORITY 5
  last_addr = 0;
  addr_count = 0;
  SMARTLIST_FOREACH(routers_by_ip, routerinfo_t *, ri,
@@ -1984,9 +1990,9 @@ get_possible_sybil_list(const smartlist_t *routers)
      if (last_addr != ri->addr) {
        last_addr = ri->addr;
        addr_count = 1;
      } else if (++addr_count > MAX_WITH_SAME_ADDR) {
      } else if (++addr_count > max_with_same_addr) {
        if (!router_addr_is_trusted_dir(ri->addr) ||
            addr_count > MAX_WITH_SAME_ADDR_ON_AUTHORITY)
            addr_count > max_with_same_addr_on_authority)
          digestmap_set(omit_as_sybil, ri->cache_info.identity_digest, ri);
      }
    });
Loading