aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorNick Mathewson <nickm@torproject.org>2013-07-31 21:49:30 -0400
committerNick Mathewson <nickm@torproject.org>2013-07-31 21:49:30 -0400
commit83a859e24ced67663ea46f3bd05d53b29f6797c0 (patch)
treee9b9971c861e4e9180db59fec5f7ef1f70e3d38f
parent54056882235fbfea84f1e5860a71e54440a1e0b5 (diff)
parent0a0f93d277046a524740ad110060abf8ed137b8f (diff)
downloadtor-83a859e24ced67663ea46f3bd05d53b29f6797c0.tar.gz
tor-83a859e24ced67663ea46f3bd05d53b29f6797c0.zip
Merge remote-tracking branch 'origin/maint-0.2.4'
-rw-r--r--changes/bug93545
-rw-r--r--doc/tor.1.txt6
-rw-r--r--src/or/config.c2
-rw-r--r--src/or/entrynodes.c17
-rw-r--r--src/or/or.h3
5 files changed, 25 insertions, 8 deletions
diff --git a/changes/bug9354 b/changes/bug9354
new file mode 100644
index 0000000000..68fc81a595
--- /dev/null
+++ b/changes/bug9354
@@ -0,0 +1,5 @@
+ o Minor bugfixes:
+ - Make the default behavior of NumDirectoryGuards be to track
+ NumEntryGuards. Now a user who changes only NumEntryGuards will get
+ the behavior she expects. Fixes bug 9354; bugfix on 0.2.4.8-alpha.
+
diff --git a/doc/tor.1.txt b/doc/tor.1.txt
index fa49f1404d..8bc15d9c2e 100644
--- a/doc/tor.1.txt
+++ b/doc/tor.1.txt
@@ -1053,7 +1053,8 @@ The following options are useful only for clients (that is, if
fraction of your paths. (Default: 1)
**UseEntryGuardsAsDirectoryGuards** **0**|**1**::
- If this option is set to 1, we try to use our entry guards as directory
+ If this option is set to 1, and UseEntryGuards is also set to 1,
+ we try to use our entry guards as directory
guards, and failing that, pick more nodes to act as our directory guards.
This helps prevent an adversary from enumerating clients. It's only
available for clients (non-relay, non-bridge) that aren't configured to
@@ -1066,7 +1067,8 @@ The following options are useful only for clients (that is, if
**NumDirectoryGuards** __NUM__::
If UseEntryGuardsAsDirectoryGuards is enabled, we try to make sure we
- have at least NUM routers to use as directory guards. (Default: 3)
+ have at least NUM routers to use as directory guards. If this option
+ is set to 0, use the value from NumEntryGuards. (Default: 0)
**GuardLifetime** __N__ **days**|**weeks**|**months**::
If nonzero, and UseEntryGuards is set, minimum time to keep a guard before
diff --git a/src/or/config.c b/src/or/config.c
index ad6689ceef..5e2de0792c 100644
--- a/src/or/config.c
+++ b/src/or/config.c
@@ -315,7 +315,7 @@ static config_var_t option_vars_[] = {
OBSOLETE("NoPublish"),
VAR("NodeFamily", LINELIST, NodeFamilies, NULL),
V(NumCPUs, UINT, "0"),
- V(NumDirectoryGuards, UINT, "3"),
+ V(NumDirectoryGuards, UINT, "0"),
V(NumEntryGuards, UINT, "3"),
V(ORListenAddress, LINELIST, NULL),
VPORT(ORPort, LINELIST, NULL),
diff --git a/src/or/entrynodes.c b/src/or/entrynodes.c
index 70f7c878ee..cadc70ec7a 100644
--- a/src/or/entrynodes.c
+++ b/src/or/entrynodes.c
@@ -419,14 +419,24 @@ add_an_entry_guard(const node_t *chosen, int reset_status, int prepend,
return node;
}
+/** Choose how many entry guards or directory guards we'll use. If
+ * <b>for_directory</b> is true, we return how many directory guards to
+ * use; else we return how many entry guards to use. */
+static int
+decide_num_guards(const or_options_t *options, int for_directory)
+{
+ if (for_directory && options->NumDirectoryGuards != 0)
+ return options->NumDirectoryGuards;
+ return options->NumEntryGuards;
+}
+
/** If the use of entry guards is configured, choose more entry guards
* until we have enough in the list. */
static void
pick_entry_guards(const or_options_t *options, int for_directory)
{
int changed = 0;
- const int num_needed = for_directory ? options->NumDirectoryGuards :
- options->NumEntryGuards;
+ const int num_needed = decide_num_guards(options, for_directory);
tor_assert(entry_guards);
@@ -966,8 +976,7 @@ choose_random_entry_impl(cpath_build_state_t *state, int for_directory,
int need_capacity = state ? state->need_capacity : 0;
int preferred_min, consider_exit_family = 0;
int need_descriptor = !for_directory;
- const int num_needed = for_directory ? options->NumDirectoryGuards :
- options->NumEntryGuards;
+ const int num_needed = decide_num_guards(options, for_directory);
if (chosen_exit) {
nodelist_add_node_and_family(exit_family, chosen_exit);
diff --git a/src/or/or.h b/src/or/or.h
index 06363fa360..a6a4bcc1ba 100644
--- a/src/or/or.h
+++ b/src/or/or.h
@@ -3784,7 +3784,8 @@ typedef struct {
int NumEntryGuards; /**< How many entry guards do we try to establish? */
int UseEntryGuardsAsDirGuards; /** Boolean: Do we try to get directory info
* from a smallish number of fixed nodes? */
- int NumDirectoryGuards; /**< How many dir guards do we try to establish? */
+ int NumDirectoryGuards; /**< How many dir guards do we try to establish?
+ * If 0, use value from NumEntryGuards. */
int RephistTrackTime; /**< How many seconds do we keep rephist info? */
int FastFirstHopPK; /**< If Tor believes it is safe, should we save a third
* of our PK time by sending CREATE_FAST cells? */