Loading ChangeLog +5 −0 Original line number Diff line number Diff line Loading @@ -46,6 +46,11 @@ Changes in version 0.2.0.16-alpha - 2008-01-?? that don't otherwise fit into the torrc file. - The SETCONF command now handles quoted values correctly. o Minor features (directory authorities): - New configuration options to override default maximum number of servers allowed on a single IP address. This is important for running a test network on a single host. o Minor features (other): - Add hidden services and DNSPorts to the list of things that make Tor accept that it has running ports. Change starting Tor with Loading doc/TODO +1 −1 Original line number Diff line number Diff line Loading @@ -21,7 +21,7 @@ R - Figure out the autoconf problem with adding a fallback consensus. R - add a geoip file W - figure out license R - let bridges set relaybandwidthrate as low as 5kb N - we need a config option to turn off proposal 109 behavior, o we need a config option to turn off proposal 109 behavior, RK- make it easier to set up a private tor network on your own computer is very hard. - FAQ entry which is wrong Loading doc/tor.1.in +11 −0 Original line number Diff line number Diff line Loading @@ -1129,6 +1129,17 @@ Authoritative directories only. If set to 1, the directory server rejects all uploaded server descriptors that aren't explicitly listed in the fingerprints file. This acts as a "panic button" if we get Sybiled. (Default: 0) .LP .TP \fBAuthDirMaxServersPerAddr\fR \fINUM\fP Authoritative directories only. The maximum number of servers that we will list as acceptable on a single IP address. Set this to "0" for "no limit". (Default: 2) .LP .TP \fBAuthDirMaxServersPerAuthAddr\fR \fINUM\fP Authoritative directories only. Like AuthDirMaxServersPerAddr, but applies to addresses shared with directory authorities. (Default: 5) .SH HIDDEN SERVICE OPTIONS .PP Loading src/or/config.c +2 −0 Original line number Diff line number Diff line Loading @@ -143,6 +143,8 @@ static config_var_t _option_vars[] = { V(AuthDirRejectUnlisted, BOOL, "0"), V(AuthDirListBadDirs, BOOL, "0"), V(AuthDirListBadExits, BOOL, "0"), V(AuthDirMaxServersPerAddr, UINT, "2"), V(AuthDirMaxServersPerAuthAddr,UINT, "5"), VAR("AuthoritativeDirectory", BOOL, AuthoritativeDir, "0"), V(AutomapHostsOnResolve, BOOL, "0"), V(AutomapHostsSuffixes, CSV, ".onion,.exit"), Loading src/or/dirserv.c +12 −6 Original line number Diff line number Diff line Loading @@ -1965,18 +1965,24 @@ _compare_routerinfo_by_ip_and_bw(const void **a, const void **b) static digestmap_t * get_possible_sybil_list(const smartlist_t *routers) { or_options_t *options = get_options(); digestmap_t *omit_as_sybil; smartlist_t *routers_by_ip = smartlist_create(); uint32_t last_addr; int addr_count; /* Allow at most this number of Tor servers on a single IP address, ... */ int max_with_same_addr = options->AuthDirMaxServersPerAddr; /* ... unless it's a directory authority, in which case allow more. */ int max_with_same_addr_on_authority = options->AuthDirMaxServersPerAuthAddr; if (max_with_same_addr <= 0) max_with_same_addr = INT_MAX; if (max_with_same_addr_on_authority <= 0) max_with_same_addr_on_authority = INT_MAX; smartlist_add_all(routers_by_ip, routers); smartlist_sort(routers_by_ip, _compare_routerinfo_by_ip_and_bw); omit_as_sybil = digestmap_new(); /* Allow at most this number of Tor servers on a single IP address, ... */ #define MAX_WITH_SAME_ADDR 2 /* ... unless it's a directory authority, in which case allow more. */ #define MAX_WITH_SAME_ADDR_ON_AUTHORITY 5 last_addr = 0; addr_count = 0; SMARTLIST_FOREACH(routers_by_ip, routerinfo_t *, ri, Loading @@ -1984,9 +1990,9 @@ get_possible_sybil_list(const smartlist_t *routers) if (last_addr != ri->addr) { last_addr = ri->addr; addr_count = 1; } else if (++addr_count > MAX_WITH_SAME_ADDR) { } else if (++addr_count > max_with_same_addr) { if (!router_addr_is_trusted_dir(ri->addr) || addr_count > MAX_WITH_SAME_ADDR_ON_AUTHORITY) addr_count > max_with_same_addr_on_authority) digestmap_set(omit_as_sybil, ri->cache_info.identity_digest, ri); } }); Loading Loading
ChangeLog +5 −0 Original line number Diff line number Diff line Loading @@ -46,6 +46,11 @@ Changes in version 0.2.0.16-alpha - 2008-01-?? that don't otherwise fit into the torrc file. - The SETCONF command now handles quoted values correctly. o Minor features (directory authorities): - New configuration options to override default maximum number of servers allowed on a single IP address. This is important for running a test network on a single host. o Minor features (other): - Add hidden services and DNSPorts to the list of things that make Tor accept that it has running ports. Change starting Tor with Loading
doc/TODO +1 −1 Original line number Diff line number Diff line Loading @@ -21,7 +21,7 @@ R - Figure out the autoconf problem with adding a fallback consensus. R - add a geoip file W - figure out license R - let bridges set relaybandwidthrate as low as 5kb N - we need a config option to turn off proposal 109 behavior, o we need a config option to turn off proposal 109 behavior, RK- make it easier to set up a private tor network on your own computer is very hard. - FAQ entry which is wrong Loading
doc/tor.1.in +11 −0 Original line number Diff line number Diff line Loading @@ -1129,6 +1129,17 @@ Authoritative directories only. If set to 1, the directory server rejects all uploaded server descriptors that aren't explicitly listed in the fingerprints file. This acts as a "panic button" if we get Sybiled. (Default: 0) .LP .TP \fBAuthDirMaxServersPerAddr\fR \fINUM\fP Authoritative directories only. The maximum number of servers that we will list as acceptable on a single IP address. Set this to "0" for "no limit". (Default: 2) .LP .TP \fBAuthDirMaxServersPerAuthAddr\fR \fINUM\fP Authoritative directories only. Like AuthDirMaxServersPerAddr, but applies to addresses shared with directory authorities. (Default: 5) .SH HIDDEN SERVICE OPTIONS .PP Loading
src/or/config.c +2 −0 Original line number Diff line number Diff line Loading @@ -143,6 +143,8 @@ static config_var_t _option_vars[] = { V(AuthDirRejectUnlisted, BOOL, "0"), V(AuthDirListBadDirs, BOOL, "0"), V(AuthDirListBadExits, BOOL, "0"), V(AuthDirMaxServersPerAddr, UINT, "2"), V(AuthDirMaxServersPerAuthAddr,UINT, "5"), VAR("AuthoritativeDirectory", BOOL, AuthoritativeDir, "0"), V(AutomapHostsOnResolve, BOOL, "0"), V(AutomapHostsSuffixes, CSV, ".onion,.exit"), Loading
src/or/dirserv.c +12 −6 Original line number Diff line number Diff line Loading @@ -1965,18 +1965,24 @@ _compare_routerinfo_by_ip_and_bw(const void **a, const void **b) static digestmap_t * get_possible_sybil_list(const smartlist_t *routers) { or_options_t *options = get_options(); digestmap_t *omit_as_sybil; smartlist_t *routers_by_ip = smartlist_create(); uint32_t last_addr; int addr_count; /* Allow at most this number of Tor servers on a single IP address, ... */ int max_with_same_addr = options->AuthDirMaxServersPerAddr; /* ... unless it's a directory authority, in which case allow more. */ int max_with_same_addr_on_authority = options->AuthDirMaxServersPerAuthAddr; if (max_with_same_addr <= 0) max_with_same_addr = INT_MAX; if (max_with_same_addr_on_authority <= 0) max_with_same_addr_on_authority = INT_MAX; smartlist_add_all(routers_by_ip, routers); smartlist_sort(routers_by_ip, _compare_routerinfo_by_ip_and_bw); omit_as_sybil = digestmap_new(); /* Allow at most this number of Tor servers on a single IP address, ... */ #define MAX_WITH_SAME_ADDR 2 /* ... unless it's a directory authority, in which case allow more. */ #define MAX_WITH_SAME_ADDR_ON_AUTHORITY 5 last_addr = 0; addr_count = 0; SMARTLIST_FOREACH(routers_by_ip, routerinfo_t *, ri, Loading @@ -1984,9 +1990,9 @@ get_possible_sybil_list(const smartlist_t *routers) if (last_addr != ri->addr) { last_addr = ri->addr; addr_count = 1; } else if (++addr_count > MAX_WITH_SAME_ADDR) { } else if (++addr_count > max_with_same_addr) { if (!router_addr_is_trusted_dir(ri->addr) || addr_count > MAX_WITH_SAME_ADDR_ON_AUTHORITY) addr_count > max_with_same_addr_on_authority) digestmap_set(omit_as_sybil, ri->cache_info.identity_digest, ri); } }); Loading