diff options
author | Roger Dingledine <arma@torproject.org> | 2014-07-23 12:23:49 -0400 |
---|---|---|
committer | Roger Dingledine <arma@torproject.org> | 2014-07-24 16:19:47 -0400 |
commit | 56ee61b8aed058c20edc9c7e10dc48f1ab798bbc (patch) | |
tree | 5cac3437531179784b199c834df442c95b7a6bfb /src | |
parent | 303d7f55d9ec8c7dbd9784171cf4df97cc5d7eef (diff) | |
download | tor-56ee61b8aed058c20edc9c7e10dc48f1ab798bbc.tar.gz tor-56ee61b8aed058c20edc9c7e10dc48f1ab798bbc.zip |
Add and use a new NumEntryGuards consensus parameter.
When specified, it overrides our default of 3 entry guards.
(By default, it overrides the number of directory guards too.)
Implements ticket 12688.
Diffstat (limited to 'src')
-rw-r--r-- | src/or/config.c | 5 | ||||
-rw-r--r-- | src/or/entrynodes.c | 8 |
2 files changed, 7 insertions, 6 deletions
diff --git a/src/or/config.c b/src/or/config.c index 09fdc0c493..a2811ebc21 100644 --- a/src/or/config.c +++ b/src/or/config.c @@ -315,7 +315,7 @@ static config_var_t option_vars_[] = { VAR("NodeFamily", LINELIST, NodeFamilies, NULL), V(NumCPUs, UINT, "0"), V(NumDirectoryGuards, UINT, "0"), - V(NumEntryGuards, UINT, "3"), + V(NumEntryGuards, UINT, "0"), V(ORListenAddress, LINELIST, NULL), VPORT(ORPort, LINELIST, NULL), V(OutboundBindAddress, LINELIST, NULL), @@ -3031,9 +3031,6 @@ options_validate(or_options_t *old_options, or_options_t *options, "have it group-readable."); } - if (options->UseEntryGuards && ! options->NumEntryGuards) - REJECT("Cannot enable UseEntryGuards with NumEntryGuards set to 0"); - if (options->MyFamily && options->BridgeRelay) { log_warn(LD_CONFIG, "Listing a family for a bridge relay is not " "supported: it can reveal bridge fingerprints to censors. " diff --git a/src/or/entrynodes.c b/src/or/entrynodes.c index 59770fa658..abd10e385e 100644 --- a/src/or/entrynodes.c +++ b/src/or/entrynodes.c @@ -435,7 +435,10 @@ decide_num_guards(const or_options_t *options, int for_directory) { if (for_directory && options->NumDirectoryGuards != 0) return options->NumDirectoryGuards; - return options->NumEntryGuards; + if (options->NumEntryGuards) + return options->NumEntryGuards; + /* Use the value from the consensus, or 3 if no guidance. */ + return networkstatus_get_param(NULL, "NumEntryGuards", 3, 1, 10); } /** If the use of entry guards is configured, choose more entry guards @@ -815,6 +818,7 @@ entry_guards_set_from_config(const or_options_t *options) { smartlist_t *entry_nodes, *worse_entry_nodes, *entry_fps; smartlist_t *old_entry_guards_on_list, *old_entry_guards_not_on_list; + const int numentryguards = decide_num_guards(options, 0); tor_assert(entry_guards); should_add_entry_nodes = 0; @@ -883,7 +887,7 @@ entry_guards_set_from_config(const or_options_t *options) /* Next, the rest of EntryNodes */ SMARTLIST_FOREACH_BEGIN(entry_nodes, const node_t *, node) { add_an_entry_guard(node, 0, 0, 1, 0); - if (smartlist_len(entry_guards) > options->NumEntryGuards * 10) + if (smartlist_len(entry_guards) > numentryguards * 10) break; } SMARTLIST_FOREACH_END(node); log_notice(LD_GENERAL, "%d entries in guards", smartlist_len(entry_guards)); |