diff options
| author | Roger Dingledine <arma@torproject.org> | 2009-09-17 22:45:54 -0400 |
|---|---|---|
| committer | Roger Dingledine <arma@torproject.org> | 2009-12-21 03:52:31 -0500 |
| commit | 580066f2f6fb9be141edab80396035f43895ac6f (patch) | |
| tree | 27b1df0ad5796eed0708b929b9c0807d9736baa0 /src/or/config.c | |
| parent | 5fee54a50f0c282193037649cf9c334c3e01dadb (diff) | |
| download | tor-580066f2f6fb9be141edab80396035f43895ac6f.tar.gz tor-580066f2f6fb9be141edab80396035f43895ac6f.zip | |
Switch to a StrictNodes config option.
This is step one of handling ExcludedNodes better. This first
step is just to make EntryNodes and ExitNodes do what they did
before.
Diffstat (limited to 'src/or/config.c')
| -rw-r--r-- | src/or/config.c | 28 |
1 files changed, 21 insertions, 7 deletions
diff --git a/src/or/config.c b/src/or/config.c index 0c5da96dae..2e2c89a901 100644 --- a/src/or/config.c +++ b/src/or/config.c @@ -66,6 +66,7 @@ static config_abbrev_t _option_abbrevs[] = { PLURAL(RendExcludeNode), PLURAL(StrictEntryNode), PLURAL(StrictExitNode), + PLURAL(StrictNode), { "l", "Log", 1, 0}, { "AllowUnverifiedNodes", "AllowInvalidNodes", 0, 0}, { "AutomapHostSuffixes", "AutomapHostsSuffixes", 0, 0}, @@ -83,10 +84,12 @@ static config_abbrev_t _option_abbrevs[] = { { "NumEntryNodes", "NumEntryGuards", 0, 0}, { "ResolvConf", "ServerDNSResolvConfFile", 0, 1}, { "SearchDomains", "ServerDNSSearchDomains", 0, 1}, - { "ServerDNSAllowBrokenResolvConf", "ServerDNSAllowBrokenConfig", 0, 0 }, + { "ServerDNSAllowBrokenResolvConf", "ServerDNSAllowBrokenConfig", 0, 0}, { "PreferTunnelledDirConns", "PreferTunneledDirConns", 0, 0}, { "BridgeAuthoritativeDirectory", "BridgeAuthoritativeDir", 0, 0}, { "HashedControlPassword", "__HashedControlSessionPassword", 1, 0}, + { "StrictEntryNodes", "StrictNodes", 0, 1}, + { "StrictExitNodes", "StrictNodes", 0, 1}, { NULL, NULL, 0, 0}, }; @@ -320,8 +323,7 @@ static config_var_t _option_vars[] = { V(SocksPort, UINT, "9050"), V(SocksTimeout, INTERVAL, "2 minutes"), OBSOLETE("StatusFetchPeriod"), - V(StrictEntryNodes, BOOL, "0"), - V(StrictExitNodes, BOOL, "0"), + V(StrictNodes, BOOL, "0"), OBSOLETE("SysLog"), V(TestSocks, BOOL, "0"), OBSOLETE("TestVia"), @@ -517,6 +519,9 @@ static config_var_description_t options_description[] = { { "ExitNodes", "A list of preferred nodes to use for the last hop in " "circuits, when possible." }, { "ExcludeNodes", "A list of nodes never to use when building a circuit." }, + { "ExcludeExitNodes", "A list of nodes never to use for the last when " + "building a circuit for exit. Other circuits can still end at these " + "nodes." }, { "FascistFirewall", "If set, Tor will only create outgoing connections to " "servers running on the ports listed in FirewallPorts." }, { "FirewallPorts", "A list of ports that we can connect to. Only used " @@ -545,10 +550,9 @@ static config_var_description_t options_description[] = { { "SOCKSPolicy", "Set an entry policy to limit which addresses can connect " "to the SOCKSPort." }, /* SocksTimeout */ - { "StrictExitNodes", "If set, Tor will fail to operate when none of the " - "configured ExitNodes can be used." }, - { "StrictEntryNodes", "If set, Tor will fail to operate when none of the " - "configured EntryNodes can be used." }, + { "StrictNodes", "If set, Tor will fail to operate when none of the " + "configured EntryNodes, ExitNodes, ExcludeNodes, or ExcludeExitNodes " + "can be used." }, /* TestSocks */ { "TrackHostsExit", "Hosts and domains which should, if possible, be " "accessed from the same exit node each time we connect to them." }, @@ -3194,6 +3198,15 @@ options_validate(or_options_t *old_options, or_options_t *options, routerset_union(options->_ExcludeExitNodesUnion,options->ExcludeNodes); } + if (options->ExcludeNodes && options->StrictNodes) { + COMPLAIN("You have asked to exclude certain relays from all positions " + "in your circuits. Expect hidden services and other Tor " + "features to be broken in unpredictable ways."); + } + +#if 0 /* for now, it's ok to set StrictNodes without setting any actual + * preferences. It won't hurt anything. Eventually, either figure + * out the logic for the right case to complain, or just delete. -RD */ if (options->StrictExitNodes && (!options->ExitNodes) && (!old_options || @@ -3207,6 +3220,7 @@ options_validate(or_options_t *old_options, or_options_t *options, (old_options->StrictEntryNodes != options->StrictEntryNodes) || (!routerset_equal(old_options->EntryNodes,options->EntryNodes)))) COMPLAIN("StrictEntryNodes set, but no EntryNodes listed."); +#endif if (options->EntryNodes && !routerset_is_list(options->EntryNodes)) { /* XXXX fix this; see entry_guards_prepend_from_config(). */ |