diff options
| -rw-r--r-- | changes/feature17178 | 7 | ||||
| -rw-r--r-- | doc/tor.1.txt | 4 | ||||
| -rw-r--r-- | src/or/config.c | 19 | ||||
| -rw-r--r-- | src/or/or.h | 12 |
4 files changed, 33 insertions, 9 deletions
diff --git a/changes/feature17178 b/changes/feature17178 index df6aae3ced..060b85aa47 100644 --- a/changes/feature17178 +++ b/changes/feature17178 @@ -21,3 +21,10 @@ o Minor bug fixes (circuits): - Use CircuitBuildTimeout whenever LearnCircuitBuildTimeout is disabled. Fixes bug #19678 in commit 5b0b51ca3 in 0.2.4.12-alpha. Patch by teor. + o Minor bug fixes (options): + - Stop changing the configured value of UseEntryGuards on authorities + and Tor2web clients. + Fixes bug #20074 in commits 51fc6799 in tor-0.1.1.16-rc and + acda1735 in tor-0.2.4.3-alpha. Patch by teor. + - Check the consistency of UseEntryGuards and EntryNodes more reliably. + Fixes bug #20074 in commit 686aaa5c in tor-0.2.4.12-alpha. Patch by teor. diff --git a/doc/tor.1.txt b/doc/tor.1.txt index bd25a614a8..f353637d67 100644 --- a/doc/tor.1.txt +++ b/doc/tor.1.txt @@ -1184,7 +1184,9 @@ The following options are useful only for clients (that is, if If this option is set to 1, we pick a few long-term entry servers, and try to stick with them. This is desirable because constantly changing servers increases the odds that an adversary who owns some servers will observe a - fraction of your paths. (Default: 1) + fraction of your paths. Entry Guards can not be used by Directory + Authorities, Single Onion Services, and Tor2web clients. In these cases, + the this option is ignored. (Default: 1) [[UseEntryGuardsAsDirGuards]] **UseEntryGuardsAsDirGuards** **0**|**1**:: If this option is set to 1, and UseEntryGuards is also set to 1, diff --git a/src/or/config.c b/src/or/config.c index 36b2062271..48f1ab98e7 100644 --- a/src/or/config.c +++ b/src/or/config.c @@ -437,7 +437,7 @@ static config_var_t option_vars_[] = { OBSOLETE("TunnelDirConns"), V(UpdateBridgesFromAuthority, BOOL, "0"), V(UseBridges, BOOL, "0"), - V(UseEntryGuards, BOOL, "1"), + VAR("UseEntryGuards", BOOL, UseEntryGuards_option, "1"), V(UseEntryGuardsAsDirGuards, BOOL, "1"), V(UseGuardFraction, AUTOBOOL, "auto"), V(UseMicrodescriptors, AUTOBOOL, "auto"), @@ -2926,6 +2926,12 @@ options_validate(or_options_t *old_options, or_options_t *options, tor_assert(msg); *msg = NULL; + /* Set UseEntryGuards from the configured value, before we check it below. + * We change UseEntryGuards whenn it's incompatible with other options, + * but leave UseEntryGuards_option with the original value. + * Always use the value of UseEntryGuards, not UseEntryGuards_option. */ + options->UseEntryGuards = options->UseEntryGuards_option; + warn_about_relative_paths(options); if (server_mode(options) && @@ -3301,10 +3307,6 @@ options_validate(or_options_t *old_options, or_options_t *options, if (options->UseBridges && options->EntryNodes) REJECT("You cannot set both UseBridges and EntryNodes."); - if (options->EntryNodes && !options->UseEntryGuards) { - REJECT("If EntryNodes is set, UseEntryGuards must be enabled."); - } - options->MaxMemInQueues = compute_real_max_mem_in_queues(options->MaxMemInQueues_raw, server_mode(options)); @@ -3419,8 +3421,13 @@ options_validate(or_options_t *old_options, or_options_t *options, REJECT("Tor2webRendezvousPoints cannot be set without Tor2webMode."); } + if (options->EntryNodes && !options->UseEntryGuards) { + REJECT("If EntryNodes is set, UseEntryGuards must be enabled."); + } + if (!(options->UseEntryGuards) && - (options->RendConfigLines != NULL)) { + (options->RendConfigLines != NULL) && + !rend_service_non_anonymous_mode_enabled(options)) { log_warn(LD_CONFIG, "UseEntryGuards is disabled, but you have configured one or more " "hidden services on this Tor instance. Your hidden services " diff --git a/src/or/or.h b/src/or/or.h index 12459ddfa0..7104a5cae3 100644 --- a/src/or/or.h +++ b/src/or/or.h @@ -3963,8 +3963,16 @@ typedef struct { int TokenBucketRefillInterval; char *AccelName; /**< Optional hardware acceleration engine name. */ char *AccelDir; /**< Optional hardware acceleration engine search dir. */ - int UseEntryGuards; /**< Boolean: Do we try to enter from a smallish number - * of fixed nodes? */ + + /** Boolean: Do we try to enter from a smallish number + * of fixed nodes? */ + int UseEntryGuards_option; + /** Internal variable to remember whether we're actually acting on + * UseEntryGuards_option -- when we're a non-anonymous Tor2web client or + * Single Onion Service, it is alwasy false, otherwise we use the value of + * UseEntryGuards_option. */ + int UseEntryGuards; + int NumEntryGuards; /**< How many entry guards do we try to establish? */ int UseEntryGuardsAsDirGuards; /** Boolean: Do we try to get directory info * from a smallish number of fixed nodes? */ |