Add an EnforceDistinctSubnets option so that clients who know what they are doing (mainly people with private testing networks) can disable our same-/16 detection.

svn:r8504

6 files changed, 21 insertions, 4 deletions

diff --git a/ChangeLog b/ChangeLog
index 4ffd2302c9..8e1d7d1a30 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -19,6 +19,10 @@ Changes in version 0.1.2.2-alpha - 2006-??-??
     - When asked to resolve a hostname, don't use non-exit servers unless
       requested to do so.  This allows servers with broken DNS to
       be useful to the network.
+    - Add an "EnforceDistinctSubnets" option to control our "exclude
+      servers on the same /16" behavior.  It's still on by default; this
+      is mostly for people who want to operate private test networks with
+      all the machines on the same subnet.
 
   o Security Fixes, minor:
     - If a client asked for a server by name, and we didn't have a
diff --git a/doc/TODO b/doc/TODO
index 0952840602..60f08dd231 100644
--- a/doc/TODO
+++ b/doc/TODO
@@ -28,11 +28,12 @@ N - when we start, remove any entryguards that are listed in excludenodes.
 N - Remember the last time we saw one of our entry guards labelled with
     the GUARD flag. If it's been too long, it is not suitable for use.
     If it's been really too long, remove it from the list.
-  . Figure out avoiding duplicate /24 lines
+  o Figure out avoiding duplicate /24 lines
     o automatically add /16 servers to family
     D do it in an efficient way. keep a list of something somewhere?
-      - The right thing here is to revamp our node selection implementation.
-N   - make it configurable, so people can turn it on or off.
+      D The right thing here is to revamp our node selection implementation.
+        (Deferred until oprofile says this matters.)
+    o make it configurable, so people can turn it on or off.
 N - Clients stop dumping old descriptors if the network-statuses
     claim they're still valid.
 R . If we fail to connect via an exit enclave, (warn and) try again
diff --git a/doc/tor.1.in b/doc/tor.1.in
index da4514562b..e531d07469 100644
--- a/doc/tor.1.in
+++ b/doc/tor.1.in
@@ -371,10 +371,17 @@ NodeFamily is only needed when a server doesn't list the family itself
 (with MyFamily). This option can be used multiple times.
 .LP
 .TP
+\fBEnforceDistinctSubnets \fR\fB0\fR|\fB1\fR\fP
+If 1, Tor will not put two servers whose IP addressess are "too
+close" to appear on the same circuit.  Currently, two addresses are
+"too close" if they lie in the same /16 range. (Default: 1)
+
 .\" \fBPathlenCoinWeight \fR\fI0.0-1.0\fP
 .\" Paths are 3 hops plus a geometric distribution centered around this coinweight.
 .\" Must be >=0.0 and <1.0. (Default: 0.3) NOT USED CURRENTLY
 .\" .TP
+.LP
+.TP
 \fBRendNodes \fR\fInickname\fR,\fInickname\fR,\fI...\fP
 A list of preferred nodes to use for the rendezvous point, if possible.
 .LP
diff --git a/src/or/config.c b/src/or/config.c
index 50d986c355..5872ded220 100644
--- a/src/or/config.c
+++ b/src/or/config.c
@@ -152,6 +152,7 @@ static config_var_t _option_vars[] = {
   VAR("DirPort",             UINT,     DirPort,              "0"),
   OBSOLETE("DirPostPeriod"),
   VAR("DirServer",           LINELIST, DirServers,           NULL),
+  VAR("EnforceDistinctSubnets", BOOL,  EnforceDistinctSubnets,"1"),
   VAR("EntryNodes",          STRING,   EntryNodes,           NULL),
   VAR("ExcludeNodes",        STRING,   ExcludeNodes,         NULL),
   VAR("ExitNodes",           STRING,   ExitNodes,            NULL),
diff --git a/src/or/or.h b/src/or/or.h
index bb7d0b6685..4db05824f4 100644
--- a/src/or/or.h
+++ b/src/or/or.h
@@ -1581,6 +1581,8 @@ typedef struct {
   char *ServerDNSResolvConfFile; /**< If provided, we configure our internal
                      * resolver from the file here rather than from
                      * /etc/resolv.conf (Unix) or the registry (Windows). */
+  int EnforceDistinctSubnets; /** If true, don't allow multiple routers in the
+                               * same network zone in the same circuit. */
 } or_options_t;
 
 /** Persistent state for an onion router, as saved to disk. */
diff --git a/src/or/routerlist.c b/src/or/routerlist.c
index 7f0dc577d6..ecef569180 100644
--- a/src/or/routerlist.c
+++ b/src/or/routerlist.c
@@ -629,10 +629,12 @@ routerlist_add_family(smartlist_t *sl, routerinfo_t *router)
 {
   routerinfo_t *r;
   config_line_t *cl;
+  or_options_t *options = get_options();
 
   /* First, add any routers with similar network addresses.
    * XXX It's possible this will be really expensive; we'll see. */
-  routerlist_add_network_family(sl, router);
+  if (options->EnforceDistinctSubnets)
+    routerlist_add_network_family(sl, router);
 
   if (!router->declared_family)
     return;