summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorDavid Goulet <dgoulet@torproject.org>2017-04-25 13:30:46 -0400
committerNick Mathewson <nickm@torproject.org>2017-05-09 10:30:52 -0400
commitfea72571dfc70ec766edaaea2dc80c1e759a977d (patch)
tree8334af310ea4c2b96b570abe0d5ad2798467435d
parent2b9823b3106df2cf23e2de13ae9a9b6d12607ce4 (diff)
downloadtor-fea72571dfc70ec766edaaea2dc80c1e759a977d.tar.gz
tor-fea72571dfc70ec766edaaea2dc80c1e759a977d.zip
config: Remove AllowSingleHopCircuits option
Deprecated in 0.2.9.2-alpha, this commits changes it as OBSOLETE() and cleans up the code associated with it. Partially fixes #22060 Signed-off-by: David Goulet <dgoulet@torproject.org>
-rw-r--r--changes/bug220602
-rw-r--r--doc/tor.1.txt5
-rw-r--r--src/or/config.c4
-rw-r--r--src/or/control.c21
-rw-r--r--src/or/or.h3
5 files changed, 6 insertions, 29 deletions
diff --git a/changes/bug22060 b/changes/bug22060
index d839c9b059..19c8d2c9fa 100644
--- a/changes/bug22060
+++ b/changes/bug22060
@@ -1,3 +1,5 @@
o Remove configuration option (confic):
- AllowInvalidNodes was deprecated in 0.2.9.2-alpha and now has been
rendered obsolete. Code has been removed and feature no longer exists.
+ - AllowSingleHopCircuits was deprecated in 0.2.9.2-alpha and now has been
+ rendered obsolete. Code has been removed and feature no longer exists.
diff --git a/doc/tor.1.txt b/doc/tor.1.txt
index 012c5b93d6..3088c9ba26 100644
--- a/doc/tor.1.txt
+++ b/doc/tor.1.txt
@@ -1468,11 +1468,6 @@ The following options are useful only for clients (that is, if
Like WarnPlaintextPorts, but instead of warning about risky port uses, Tor
will instead refuse to make the connection. (Default: None)
-[[AllowSingleHopCircuits]] **AllowSingleHopCircuits** **0**|**1**::
- When this option is set, the attached Tor controller can use relays
- that have the **AllowSingleHopExits** option turned on to build
- one-hop Tor connections. (Default: 0)
-
[[OptimisticData]] **OptimisticData** **0**|**1**|**auto**::
When this option is set, and Tor is using an exit node that supports
the feature, it will try optimistically to send data to the exit node
diff --git a/src/or/config.c b/src/or/config.c
index 6edfac3976..3621b8e1f8 100644
--- a/src/or/config.c
+++ b/src/or/config.c
@@ -207,7 +207,7 @@ static config_var_t option_vars_[] = {
V(AllowDotExit, BOOL, "0"),
OBSOLETE("AllowInvalidNodes"),
V(AllowNonRFC953Hostnames, BOOL, "0"),
- V(AllowSingleHopCircuits, BOOL, "0"),
+ OBSOLETE("AllowSingleHopCircuits"),
V(AllowSingleHopExits, BOOL, "0"),
V(AlternateBridgeAuthority, LINELIST, NULL),
V(AlternateDirAuthority, LINELIST, NULL),
@@ -662,8 +662,6 @@ static const config_deprecation_t option_deprecation_notes_[] = {
/* Deprecated since 0.2.9.2-alpha... */
{ "AllowDotExit", "Unrestricted use of the .exit notation can be used for "
"a wide variety of application-level attacks." },
- { "AllowSingleHopCircuits", "Almost no relays actually allow single-hop "
- "exits, making this option pointless." },
{ "AllowSingleHopExits", "Turning this on will make your relay easier "
"to abuse." },
{ "ClientDNSRejectInternalAddresses", "Turning this on makes your client "
diff --git a/src/or/control.c b/src/or/control.c
index 56f1329029..10178678a5 100644
--- a/src/or/control.c
+++ b/src/or/control.c
@@ -3551,24 +3551,9 @@ handle_control_attachstream(control_connection_t *conn, uint32_t len,
}
/* Is this a single hop circuit? */
if (circ && (circuit_get_cpath_len(circ)<2 || hop==1)) {
- const node_t *node = NULL;
- char *exit_digest = NULL;
- if (circ->build_state &&
- circ->build_state->chosen_exit &&
- !tor_digest_is_zero(circ->build_state->chosen_exit->identity_digest)) {
- exit_digest = circ->build_state->chosen_exit->identity_digest;
- node = node_get_by_id(exit_digest);
- }
- /* Do both the client and relay allow one-hop exit circuits? */
- if (!node ||
- !node_allows_single_hop_exits(node) ||
- !get_options()->AllowSingleHopCircuits) {
- connection_write_str_to_buf(
- "551 Can't attach stream to this one-hop circuit.\r\n", conn);
- return 0;
- }
- tor_assert(exit_digest);
- ap_conn->chosen_exit_name = tor_strdup(hex_str(exit_digest, DIGEST_LEN));
+ connection_write_str_to_buf(
+ "551 Can't attach stream to this one-hop circuit.\r\n", conn);
+ return 0;
}
if (circ && hop>0) {
diff --git a/src/or/or.h b/src/or/or.h
index 53a87101f0..4381459519 100644
--- a/src/or/or.h
+++ b/src/or/or.h
@@ -4120,9 +4120,6 @@ typedef struct {
/** If true, don't allow relays with AllowSingleHopExits=1 to be used in
* circuits that we build. */
int ExcludeSingleHopRelays;
- /** If true, and the controller tells us to use a one-hop circuit, and the
- * exit allows it, we use it. */
- int AllowSingleHopCircuits;
/** If true, we convert "www.google.com.foo.exit" addresses on the
* socks/trans/natd ports into "www.google.com" addresses that