summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorDavid Goulet <dgoulet@torproject.org>2017-04-25 13:49:05 -0400
committerNick Mathewson <nickm@torproject.org>2017-05-09 10:30:52 -0400
commit09bc858dd54101e645b31bf32fe463b73c38add2 (patch)
tree24494f8629a5d8eb9cbe6a6dd346a0afa06353e2
parentd52a1e2faaf0edf8f5899c6fa9864d0cecebf692 (diff)
downloadtor-09bc858dd54101e645b31bf32fe463b73c38add2.tar.gz
tor-09bc858dd54101e645b31bf32fe463b73c38add2.zip
config: Remove ExcludeSingleHopRelays option
Deprecated in 0.2.9.2-alpha, this commits changes it as OBSOLETE() and cleans up the code associated with it. Partially fixes #22060 Signed-off-by: David Goulet <dgoulet@torproject.org>
-rw-r--r--changes/bug220602
-rw-r--r--doc/tor.1.txt9
-rw-r--r--src/or/circuitbuild.c5
-rw-r--r--src/or/config.c4
-rw-r--r--src/or/or.h4
-rw-r--r--src/or/routerlist.c14
6 files changed, 12 insertions, 26 deletions
diff --git a/changes/bug22060 b/changes/bug22060
index caf624d314..e112b8970c 100644
--- a/changes/bug22060
+++ b/changes/bug22060
@@ -5,3 +5,5 @@
rendered obsolete. Code has been removed and feature no longer exists.
- AllowSingleHopExits was deprecated in 0.2.9.2-alpha and now has been
rendered obsolete. Code has been removed and feature no longer exists.
+ - ExcludeSingleHopRelays was deprecated in 0.2.9.2-alpha and now has been
+ rendered obsolete. Code has been removed and feature no longer exists.
diff --git a/doc/tor.1.txt b/doc/tor.1.txt
index e2e48088f4..54d0614d60 100644
--- a/doc/tor.1.txt
+++ b/doc/tor.1.txt
@@ -772,15 +772,6 @@ CLIENT OPTIONS
The following options are useful only for clients (that is, if
**SocksPort**, **TransPort**, **DNSPort**, or **NATDPort** is non-zero):
-[[ExcludeSingleHopRelays]] **ExcludeSingleHopRelays** **0**|**1**::
- This option controls whether circuits built by Tor will include relays with
- the AllowSingleHopExits flag set to true. If ExcludeSingleHopRelays is set
- to 0, these relays will be included. Note that these relays might be at
- higher risk of being seized or observed, so they are not normally
- included. Also note that relatively few clients turn off this option,
- so using these relays might make your client stand out.
- (Default: 1)
-
[[Bridge]] **Bridge** [__transport__] __IP__:__ORPort__ [__fingerprint__]::
When set along with UseBridges, instructs Tor to use the relay at
"IP:ORPort" as a "bridge" relaying into the Tor network. If "fingerprint"
diff --git a/src/or/circuitbuild.c b/src/or/circuitbuild.c
index faf2e3dcd9..012229bf86 100644
--- a/src/or/circuitbuild.c
+++ b/src/or/circuitbuild.c
@@ -1835,8 +1835,9 @@ choose_good_exit_server_general(int need_uptime, int need_capacity)
// router->nickname, i);
continue; /* skip invalid routers */
}
- if (options->ExcludeSingleHopRelays &&
- node_allows_single_hop_exits(node)) {
+ /* We do not allow relays that allow single hop exits by default. Option
+ * was deprecated in 0.2.9.2-alpha and removed in 0.3.1.0-alpha. */
+ if (node_allows_single_hop_exits(node)) {
n_supported[i] = -1;
continue;
}
diff --git a/src/or/config.c b/src/or/config.c
index 9b3570b3e4..a922433906 100644
--- a/src/or/config.c
+++ b/src/or/config.c
@@ -303,7 +303,7 @@ static config_var_t option_vars_[] = {
V(TestingEstimatedDescriptorPropagationTime, INTERVAL, "10 minutes"),
V(ExcludeNodes, ROUTERSET, NULL),
V(ExcludeExitNodes, ROUTERSET, NULL),
- V(ExcludeSingleHopRelays, BOOL, "1"),
+ OBSOLETE("ExcludeSingleHopRelays"),
V(ExitNodes, ROUTERSET, NULL),
V(ExitPolicy, LINELIST, NULL),
V(ExitPolicyRejectPrivate, BOOL, "1"),
@@ -664,8 +664,6 @@ static const config_deprecation_t option_deprecation_notes_[] = {
"a wide variety of application-level attacks." },
{ "ClientDNSRejectInternalAddresses", "Turning this on makes your client "
"easier to fingerprint, and may open you to esoteric attacks." },
- { "ExcludeSingleHopRelays", "Turning it on makes your client easier to "
- "fingerprint." },
{ "FastFirstHopPK", "Changing this option does not make your client more "
"secure, but does make it easier to fingerprint." },
{ "CloseHSClientCircuitsImmediatelyOnTimeout", "This option makes your "
diff --git a/src/or/or.h b/src/or/or.h
index 3670078c47..e221959d6e 100644
--- a/src/or/or.h
+++ b/src/or/or.h
@@ -4114,10 +4114,6 @@ typedef struct {
* if we are a cache). For authorities, this is always true. */
int DownloadExtraInfo;
- /** If true, don't allow relays with allow-single-hop-exits to be used in
- * circuits that we build. */
- int ExcludeSingleHopRelays;
-
/** If true, we convert "www.google.com.foo.exit" addresses on the
* socks/trans/natd ports into "www.google.com" addresses that
* exit from the node "foo". Disabled by default since attacking
diff --git a/src/or/routerlist.c b/src/or/routerlist.c
index b3b959a291..0332054809 100644
--- a/src/or/routerlist.c
+++ b/src/or/routerlist.c
@@ -2807,14 +2807,12 @@ router_choose_random_node(smartlist_t *excludedsmartlist,
rule = weight_for_exit ? WEIGHT_FOR_EXIT :
(need_guard ? WEIGHT_FOR_GUARD : WEIGHT_FOR_MID);
- /* Exclude relays that allow single hop exit circuits, if the user
- * wants to (such relays might be risky) */
- if (get_options()->ExcludeSingleHopRelays) {
- SMARTLIST_FOREACH(nodelist_get_list(), node_t *, node,
- if (node_allows_single_hop_exits(node)) {
- smartlist_add(excludednodes, node);
- });
- }
+ /* Exclude relays that allow single hop exit circuits. This is an obsolete
+ * option since 0.2.9.2-alpha and done by default in 0.3.1.0-alpha. */
+ SMARTLIST_FOREACH(nodelist_get_list(), node_t *, node,
+ if (node_allows_single_hop_exits(node)) {
+ smartlist_add(excludednodes, node);
+ });
if ((r = routerlist_find_my_routerinfo()))
routerlist_add_node_and_family(excludednodes, r);