diff options
| author | Robert Ransom <rransom.8774@gmail.com> | 2011-10-25 12:33:21 -0700 |
|---|---|---|
| committer | Sebastian Hahn <sebastian@torproject.org> | 2011-10-26 23:56:47 +0200 |
| commit | 4684ced1b3fced0543fa65bf01f75c5d81eaf464 (patch) | |
| tree | fd515c09cd317e8d3aecce27e95da6b42979d62f /src/or/dirserv.c | |
| parent | 00fffbc1a15e2696a89c721d0c94dc333ff419ef (diff) | |
| download | tor-4684ced1b3fced0543fa65bf01f75c5d81eaf464.tar.gz tor-4684ced1b3fced0543fa65bf01f75c5d81eaf464.zip | |
Add option to give guard flag to relays without the CVE-2011-2768 fix
This way, all of the DA operators can upgrade immediately, without nuking
every client's set of entry guards as soon as a majority of them upgrade.
Until enough guards have upgraded, a majority of dirauths should set this
config option so that there are still enough guards in the network. After
a few days pass, all dirauths should use the default.
Diffstat (limited to 'src/or/dirserv.c')
| -rw-r--r-- | src/or/dirserv.c | 4 |
1 files changed, 3 insertions, 1 deletions
diff --git a/src/or/dirserv.c b/src/or/dirserv.c index fa7f693afe..c427fe2ef3 100644 --- a/src/or/dirserv.c +++ b/src/or/dirserv.c @@ -2332,6 +2332,7 @@ set_routerstatus_from_routerinfo(routerstatus_t *rs, int naming, int listbadexits, int listbaddirs, int vote_on_hsdirs) { + const or_options_t *options = get_options(); int unstable_version = !tor_version_as_new_as(ri->platform,"0.1.1.16-rc-cvs"); memset(rs, 0, sizeof(routerstatus_t)); @@ -2363,7 +2364,8 @@ set_routerstatus_from_routerinfo(routerstatus_t *rs, router_get_advertised_bandwidth(ri) >= MIN(guard_bandwidth_including_exits, guard_bandwidth_excluding_exits)) && - is_router_version_good_for_possible_guard(ri->platform)) { + (options->GiveGuardFlagTo_CVE_2011_2768_VulnerableRelays || + is_router_version_good_for_possible_guard(ri->platform))) { long tk = rep_hist_get_weighted_time_known( ri->cache_info.identity_digest, now); double wfu = rep_hist_get_weighted_fractional_uptime( |