Implement layer 2 and layer 3 guard pinning via torrc.

Block circuit canibalization when HSRendezvousMiddleNodes is active. Also make it apply to all HS circuits, not just rends.
author: Mike Perry <mikeperry-git@torproject.org> 2017-12-22 05:43:44 +0000
committer: Mike Perry <mikeperry-git@torproject.org> 2018-01-19 22:21:48 +0000
commit: 20a3f611057cb81c489ccf9d40438bc5d930d766 (patch)
tree: 07e57d6add0144cbd3f7f7b5adf351f0749fd991 /src/or/config.c
parent: a86324d1fa7b8dec8f84d3ab8bd246780b962c92 (diff)
download: tor-20a3f611057cb81c489ccf9d40438bc5d930d766.tar.gz
tor-20a3f611057cb81c489ccf9d40438bc5d930d766.zip
1 files changed, 8 insertions, 0 deletions
diff --git a/src/or/config.c b/src/or/config.c
index e5c10498c4..ebb536b0f9 100644
--- a/src/or/config.c
+++ b/src/or/config.c
@@ -404,6 +404,8 @@ static config_var_t option_vars_[] = {
   V(Socks5ProxyPassword,         STRING,   NULL),
   VAR("KeyDirectory",            FILENAME, KeyDirectory_option, NULL),
   V(KeyDirectoryGroupReadable,   BOOL,     "0"),
+  VAR("_HSLayer2Nodes",          ROUTERSET,  HSLayer2Nodes,  NULL),
+  VAR("_HSLayer3Nodes",          ROUTERSET,  HSLayer3Nodes,  NULL),
   V(KeepalivePeriod,             INTERVAL, "5 minutes"),
   V(KeepBindCapabilities,            AUTOBOOL, "auto"),
   VAR("Log",                     LINELIST, Logs,             NULL),
@@ -1647,6 +1649,8 @@ options_need_geoip_info(const or_options_t *options, const char **reason_out)
     routerset_needs_geoip(options->ExitNodes) ||
     routerset_needs_geoip(options->ExcludeExitNodes) ||
     routerset_needs_geoip(options->ExcludeNodes) ||
+    routerset_needs_geoip(options->HSLayer2Nodes) ||
+    routerset_needs_geoip(options->HSLayer3Nodes) ||
     routerset_needs_geoip(options->Tor2webRendezvousPoints);
 
   if (routerset_usage && reason_out) {
@@ -2088,6 +2092,10 @@ options_act(const or_options_t *old_options)
                          options->ExcludeExitNodes) ||
         !routerset_equal(old_options->EntryNodes, options->EntryNodes) ||
         !routerset_equal(old_options->ExitNodes, options->ExitNodes) ||
+        !routerset_equal(old_options->HSLayer2Nodes,
+                         options->HSLayer2Nodes) ||
+        !routerset_equal(old_options->HSLayer3Nodes,
+                         options->HSLayer3Nodes) ||
         !routerset_equal(old_options->Tor2webRendezvousPoints,
                          options->Tor2webRendezvousPoints) ||
         options->StrictNodes != old_options->StrictNodes) {
author	Mike Perry <mikeperry-git@torproject.org>	2017-12-22 05:43:44 +0000
committer	Mike Perry <mikeperry-git@torproject.org>	2018-01-19 22:21:48 +0000
commit	20a3f611057cb81c489ccf9d40438bc5d930d766 (patch)
tree	07e57d6add0144cbd3f7f7b5adf351f0749fd991 /src/or/config.c
parent	a86324d1fa7b8dec8f84d3ab8bd246780b962c92 (diff)
download	tor-20a3f611057cb81c489ccf9d40438bc5d930d766.tar.gz tor-20a3f611057cb81c489ccf9d40438bc5d930d766.zip