diff options
| -rw-r--r-- | changes/ticket12688 | 6 | ||||
| -rw-r--r-- | doc/tor.1.txt | 8 | ||||
| -rw-r--r-- | src/or/config.c | 5 | ||||
| -rw-r--r-- | src/or/entrynodes.c | 20 |
4 files changed, 29 insertions, 10 deletions
diff --git a/changes/ticket12688 b/changes/ticket12688 new file mode 100644 index 0000000000..88228e5506 --- /dev/null +++ b/changes/ticket12688 @@ -0,0 +1,6 @@ + Major features: + - Make the number of entry guards configurable via a new + NumEntryGuards consensus parameter, and the number of directory + guards configurable via a new NumDirectoryGuards consensus + parameter. Implements ticket 12688. + diff --git a/doc/tor.1.txt b/doc/tor.1.txt index 1ccf847c30..abe613e569 100644 --- a/doc/tor.1.txt +++ b/doc/tor.1.txt @@ -1092,12 +1092,16 @@ The following options are useful only for clients (that is, if [[NumEntryGuards]] **NumEntryGuards** __NUM__:: If UseEntryGuards is set to 1, we will try to pick a total of NUM routers - as long-term entries for our circuits. (Default: 3) + as long-term entries for our circuits. If NUM is 0, we try to learn + the number from the NumEntryGuards consensus parameter, and default + to 3 if the consensus parameter isn't set. (Default: 0) [[NumDirectoryGuards]] **NumDirectoryGuards** __NUM__:: If UseEntryGuardsAsDirectoryGuards is enabled, we try to make sure we have at least NUM routers to use as directory guards. If this option - is set to 0, use the value from NumEntryGuards. (Default: 0) + is set to 0, use the value from the NumDirectoryGuards consensus + parameter, falling back to the value from NumEntryGuards if the + consensus parameter is 0 or isn't set. (Default: 0) [[GuardLifetime]] **GuardLifetime** __N__ **days**|**weeks**|**months**:: If nonzero, and UseEntryGuards is set, minimum time to keep a guard before diff --git a/src/or/config.c b/src/or/config.c index 10df83975f..4182411354 100644 --- a/src/or/config.c +++ b/src/or/config.c @@ -325,7 +325,7 @@ static config_var_t option_vars_[] = { VAR("NodeFamily", LINELIST, NodeFamilies, NULL), V(NumCPUs, UINT, "0"), V(NumDirectoryGuards, UINT, "0"), - V(NumEntryGuards, UINT, "3"), + V(NumEntryGuards, UINT, "0"), V(ORListenAddress, LINELIST, NULL), VPORT(ORPort, LINELIST, NULL), V(OutboundBindAddress, LINELIST, NULL), @@ -3251,9 +3251,6 @@ options_validate(or_options_t *old_options, or_options_t *options, "have it group-readable."); } - if (options->UseEntryGuards && ! options->NumEntryGuards) - REJECT("Cannot enable UseEntryGuards with NumEntryGuards set to 0"); - if (options->MyFamily && options->BridgeRelay) { log_warn(LD_CONFIG, "Listing a family for a bridge relay is not " "supported: it can reveal bridge fingerprints to censors. " diff --git a/src/or/entrynodes.c b/src/or/entrynodes.c index 957217ac6c..66b7201187 100644 --- a/src/or/entrynodes.c +++ b/src/or/entrynodes.c @@ -440,9 +440,20 @@ add_an_entry_guard(const node_t *chosen, int reset_status, int prepend, static int decide_num_guards(const or_options_t *options, int for_directory) { - if (for_directory && options->NumDirectoryGuards != 0) - return options->NumDirectoryGuards; - return options->NumEntryGuards; + if (for_directory) { + int answer; + if (options->NumDirectoryGuards != 0) + return options->NumDirectoryGuards; + answer = networkstatus_get_param(NULL, "NumDirectoryGuards", 0, 0, 10); + if (answer) /* non-zero means use the consensus value */ + return answer; + } + + if (options->NumEntryGuards) + return options->NumEntryGuards; + + /* Use the value from the consensus, or 3 if no guidance. */ + return networkstatus_get_param(NULL, "NumEntryGuards", 3, 1, 10); } /** If the use of entry guards is configured, choose more entry guards @@ -841,6 +852,7 @@ entry_guards_set_from_config(const or_options_t *options) { smartlist_t *entry_nodes, *worse_entry_nodes, *entry_fps; smartlist_t *old_entry_guards_on_list, *old_entry_guards_not_on_list; + const int numentryguards = decide_num_guards(options, 0); tor_assert(entry_guards); should_add_entry_nodes = 0; @@ -909,7 +921,7 @@ entry_guards_set_from_config(const or_options_t *options) /* Next, the rest of EntryNodes */ SMARTLIST_FOREACH_BEGIN(entry_nodes, const node_t *, node) { add_an_entry_guard(node, 0, 0, 1, 0); - if (smartlist_len(entry_guards) > options->NumEntryGuards * 10) + if (smartlist_len(entry_guards) > numentryguards * 10) break; } SMARTLIST_FOREACH_END(node); log_notice(LD_GENERAL, "%d entries in guards", smartlist_len(entry_guards)); |