diff options
| -rw-r--r-- | doc/man/tor.1.txt | 7 | ||||
| -rw-r--r-- | src/app/config/config.c | 1 | ||||
| -rw-r--r-- | src/app/config/or_options_st.h | 3 | ||||
| -rw-r--r-- | src/core/or/circuitbuild.c | 5 | ||||
| -rw-r--r-- | src/feature/client/entrynodes.c | 26 | ||||
| -rw-r--r-- | src/feature/client/entrynodes.h | 1 | ||||
| -rw-r--r-- | src/test/test_entrynodes.c | 17 |
7 files changed, 58 insertions, 2 deletions
diff --git a/doc/man/tor.1.txt b/doc/man/tor.1.txt index 89afe59582..2b5a1d9df7 100644 --- a/doc/man/tor.1.txt +++ b/doc/man/tor.1.txt @@ -1749,6 +1749,13 @@ The following options are useful only for clients (that is, if the guard-n-primary-guards consensus parameter, and default to 3 if the consensus parameter isn't set. (Default: 0) +[[VanguardsLiteEnabled]] **VanguardsLiteEnabled** **0**|**1**|**auto**:: + This option specifies whether clients should use the vanguards-lite + subsystem to protect against guard discovery attacks. If it's set to + 'auto', clients will do what the vanguards-lite-enabled consensus parameter + tells them to do, and will default to enable the subsystem if the consensus + parameter isn't set. (Default: auto) + [[UseMicrodescriptors]] **UseMicrodescriptors** **0**|**1**|**auto**:: Microdescriptors are a smaller version of the information that Tor needs in order to build its circuits. Using microdescriptors makes Tor clients diff --git a/src/app/config/config.c b/src/app/config/config.c index 078df50677..15b4585954 100644 --- a/src/app/config/config.c +++ b/src/app/config/config.c @@ -669,6 +669,7 @@ static const config_var_t option_vars_[] = { VAR("UseEntryGuards", BOOL, UseEntryGuards_option, "1"), OBSOLETE("UseEntryGuardsAsDirGuards"), V(UseGuardFraction, AUTOBOOL, "auto"), + V(VanguardsLiteEnabled, AUTOBOOL, "auto"), V(UseMicrodescriptors, AUTOBOOL, "auto"), OBSOLETE("UseNTorHandshake"), V_IMMUTABLE(User, STRING, NULL), diff --git a/src/app/config/or_options_st.h b/src/app/config/or_options_st.h index b289865983..812fa92cae 100644 --- a/src/app/config/or_options_st.h +++ b/src/app/config/or_options_st.h @@ -594,6 +594,9 @@ struct or_options_t { * If 0, use value from NumEntryGuards. */ int NumPrimaryGuards; /**< How many primary guards do we want? */ + /** Boolean: Switch to toggle the vanguards-lite subsystem */ + int VanguardsLiteEnabled; + int RephistTrackTime; /**< How many seconds do we keep rephist info? */ /** Should we always fetch our dir info on the mirror schedule (which * means directly from the authorities) no matter our other config? */ diff --git a/src/core/or/circuitbuild.c b/src/core/or/circuitbuild.c index 84a8bec421..31e3868b65 100644 --- a/src/core/or/circuitbuild.c +++ b/src/core/or/circuitbuild.c @@ -2254,6 +2254,11 @@ middle_node_must_be_vanguard(const or_options_t *options, return 0; } + /* Don't even bother if the feature is disabled */ + if (!vanguards_lite_is_enabled()) { + return 0; + } + /* If we are a hidden service circuit, always use either vanguards-lite * or HSLayer2Nodes for 2nd hop. */ if (cur_len == 1) { diff --git a/src/feature/client/entrynodes.c b/src/feature/client/entrynodes.c index 1e9416c9cf..33de8a6b10 100644 --- a/src/feature/client/entrynodes.c +++ b/src/feature/client/entrynodes.c @@ -3932,7 +3932,7 @@ guard_selection_free_(guard_selection_t *gs) /**********************************************************************/ -/** Layer2 guard subsystem used for onion service circuits. */ +/** Layer2 guard subsystem (vanguards-lite) used for onion service circuits */ /** A simple representation of a layer2 guard. We just need its identity so * that we feed it into a routerset, and a sampled timestamp to do expiration @@ -3947,6 +3947,30 @@ typedef struct layer2_guard_t { #define layer2_guard_free(val) \ FREE_AND_NULL(layer2_guard_t, layer2_guard_free_, (val)) +/** Return true if the vanguards-lite subsystem is enabled */ +bool +vanguards_lite_is_enabled(void) +{ + /* First check torrc option and then maybe also the consensus parameter. */ + const or_options_t *options = get_options(); + + /* If the option is explicitly disabled, that's the final word here */ + if (options->VanguardsLiteEnabled == 0) { + return false; + } + + /* If the option is set to auto, then check the consensus parameter */ + if (options->VanguardsLiteEnabled == -1) { + return networkstatus_get_param(NULL, "vanguards-lite-enabled", + 1, /* default to "on" */ + 0, 1); + } + + /* else it's enabled */ + tor_assert_nonfatal(options->VanguardsLiteEnabled == 1); + return options->VanguardsLiteEnabled; +} + static void layer2_guard_free_(layer2_guard_t *l2) { diff --git a/src/feature/client/entrynodes.h b/src/feature/client/entrynodes.h index 9c38c2b5f8..08fd7cf745 100644 --- a/src/feature/client/entrynodes.h +++ b/src/feature/client/entrynodes.h @@ -651,6 +651,7 @@ guard_get_guardfraction_bandwidth(guardfraction_bandwidth_t *guardfraction_bw, int orig_bandwidth, uint32_t guardfraction_percentage); +bool vanguards_lite_is_enabled(void); const routerset_t *get_layer2_guards(void); void maintain_layer2_guards(void); void purge_vanguards_lite(void); diff --git a/src/test/test_entrynodes.c b/src/test/test_entrynodes.c index 4d353e8480..118b66dfa7 100644 --- a/src/test/test_entrynodes.c +++ b/src/test/test_entrynodes.c @@ -3099,7 +3099,22 @@ test_entry_guard_layer2_guards(void *arg) (void) arg; MOCK(router_have_minimum_dir_info, mock_router_have_minimum_dir_info); - /* Create the guardset */ + /* First check the enable/disable switch */ + get_options_mutable()->VanguardsLiteEnabled = 0; + tt_int_op(vanguards_lite_is_enabled(), OP_EQ, 0); + + get_options_mutable()->VanguardsLiteEnabled = 1; + tt_int_op(vanguards_lite_is_enabled(), OP_EQ, 1); + + get_options_mutable()->VanguardsLiteEnabled = -1; + tt_int_op(vanguards_lite_is_enabled(), OP_EQ, 1); + + /* OK now let's move to actual testing */ + + /* Remove restrictions to route around Big Fake Network restrictions */ + get_options_mutable()->EnforceDistinctSubnets = 0; + + /* Create the L2 guardset */ maintain_layer2_guards(); const routerset_t *l2_guards = get_layer2_guards(); |