diff options
| author | Robert Ransom <rransom.8774@gmail.com> | 2011-10-25 12:33:21 -0700 |
|---|---|---|
| committer | Sebastian Hahn <sebastian@torproject.org> | 2011-10-26 23:56:47 +0200 |
| commit | 4684ced1b3fced0543fa65bf01f75c5d81eaf464 (patch) | |
| tree | fd515c09cd317e8d3aecce27e95da6b42979d62f /src/or/or.h | |
| parent | 00fffbc1a15e2696a89c721d0c94dc333ff419ef (diff) | |
| download | tor-4684ced1b3fced0543fa65bf01f75c5d81eaf464.tar.gz tor-4684ced1b3fced0543fa65bf01f75c5d81eaf464.zip | |
Add option to give guard flag to relays without the CVE-2011-2768 fix
This way, all of the DA operators can upgrade immediately, without nuking
every client's set of entry guards as soon as a majority of them upgrade.
Until enough guards have upgraded, a majority of dirauths should set this
config option so that there are still enough guards in the network. After
a few days pass, all dirauths should use the default.
Diffstat (limited to 'src/or/or.h')
| -rw-r--r-- | src/or/or.h | 4 |
1 files changed, 4 insertions, 0 deletions
diff --git a/src/or/or.h b/src/or/or.h index 8638f20997..7d50e1f505 100644 --- a/src/or/or.h +++ b/src/or/or.h @@ -2672,6 +2672,10 @@ typedef struct { * number of servers per IP address shared * with an authority. */ + /** Should we assign the Guard flag to relays which would allow + * exploitation of CVE-2011-2768 against their clients? */ + int GiveGuardFlagTo_CVE_2011_2768_VulnerableRelays; + char *AccountingStart; /**< How long is the accounting interval, and when * does it start? */ uint64_t AccountingMax; /**< How many bytes do we allow per accounting |