diff options
Diffstat (limited to 'src/or/config.c')
| -rw-r--r-- | src/or/config.c | 129 |
1 files changed, 92 insertions, 37 deletions
diff --git a/src/or/config.c b/src/or/config.c index bbe93a5ba1..b8ca14e85b 100644 --- a/src/or/config.c +++ b/src/or/config.c @@ -60,6 +60,7 @@ #define CONFIG_PRIVATE #include "or.h" +#include "bridges.h" #include "compat.h" #include "addressmap.h" #include "channel.h" @@ -218,7 +219,7 @@ static config_var_t option_vars_[] = { OBSOLETE("AuthDirListBadDirs"), V(AuthDirListBadExits, BOOL, "0"), V(AuthDirMaxServersPerAddr, UINT, "2"), - V(AuthDirMaxServersPerAuthAddr,UINT, "5"), + OBSOLETE("AuthDirMaxServersPerAuthAddr"), V(AuthDirHasIPv6Connectivity, BOOL, "0"), VAR("AuthoritativeDirectory", BOOL, AuthoritativeDir, "0"), V(AutomapHostsOnResolve, BOOL, "0"), @@ -307,6 +308,10 @@ static config_var_t option_vars_[] = { V(ExtraInfoStatistics, BOOL, "1"), V(ExtendByEd25519ID, AUTOBOOL, "auto"), V(FallbackDir, LINELIST, NULL), + /* XXXX prop271 -- this has an ugly name to remind us to remove it. */ + VAR("UseDeprecatedGuardAlgorithm_", BOOL, + UseDeprecatedGuardAlgorithm, "0"), + V(UseDefaultFallbackDirs, BOOL, "1"), OBSOLETE("FallbackNetworkstatusFile"), @@ -491,7 +496,7 @@ static config_var_t option_vars_[] = { V(UpdateBridgesFromAuthority, BOOL, "0"), V(UseBridges, BOOL, "0"), VAR("UseEntryGuards", BOOL, UseEntryGuards_option, "1"), - V(UseEntryGuardsAsDirGuards, BOOL, "1"), + OBSOLETE("UseEntryGuardsAsDirGuards"), V(UseGuardFraction, AUTOBOOL, "auto"), V(UseMicrodescriptors, AUTOBOOL, "auto"), OBSOLETE("UseNTorHandshake"), @@ -594,7 +599,6 @@ static const config_var_t testing_tor_network_defaults[] = { V(EnforceDistinctSubnets, BOOL, "0"), V(AssumeReachable, BOOL, "1"), V(AuthDirMaxServersPerAddr, UINT, "0"), - V(AuthDirMaxServersPerAuthAddr,UINT, "0"), V(ClientBootstrapConsensusAuthorityDownloadSchedule, CSV_INTERVAL, "0, 2, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 8, 16, 32, 60"), V(ClientBootstrapConsensusFallbackDownloadSchedule, CSV_INTERVAL, @@ -1558,6 +1562,36 @@ options_transition_requires_fresh_tls_context(const or_options_t *old_options, return 0; } +/** + * Return true if changing the configuration from <b>old</b> to <b>new</b> + * affects the guard susbsystem. + */ +static int +options_transition_affects_guards(const or_options_t *old, + const or_options_t *new) +{ + /* NOTE: Make sure this function stays in sync with + * entry_guards_set_filtered_flags */ + + tor_assert(old); + tor_assert(new); + + return + (old->UseEntryGuards != new->UseEntryGuards || + old->UseDeprecatedGuardAlgorithm != new->UseDeprecatedGuardAlgorithm || + old->UseBridges != new->UseBridges || + old->UseEntryGuards != new->UseEntryGuards || + old->ClientUseIPv4 != new->ClientUseIPv4 || + old->ClientUseIPv6 != new->ClientUseIPv6 || + old->FascistFirewall != new->FascistFirewall || + !routerset_equal(old->ExcludeNodes, new->ExcludeNodes) || + !routerset_equal(old->EntryNodes, new->EntryNodes) || + !smartlist_strings_eq(old->FirewallPorts, new->FirewallPorts) || + !config_lines_eq(old->Bridges, new->Bridges) || + !config_lines_eq(old->ReachableORAddresses, new->ReachableORAddresses) || + !config_lines_eq(old->ReachableDirAddresses, new->ReachableDirAddresses)); +} + /** Fetch the active option list, and take actions based on it. All of the * things we do should survive being done repeatedly. If present, * <b>old_options</b> contains the previous value of the options. @@ -1577,6 +1611,8 @@ options_act(const or_options_t *old_options) const int transition_affects_workers = old_options && options_transition_affects_workers(old_options, options); int old_ewma_enabled; + const int transition_affects_guards = + old_options && options_transition_affects_guards(old_options, options); /* disable ptrace and later, other basic debugging techniques */ { @@ -1853,6 +1889,7 @@ options_act(const or_options_t *old_options) if (old_options) { int revise_trackexithosts = 0; int revise_automap_entries = 0; + int abandon_circuits = 0; if ((options->UseEntryGuards && !old_options->UseEntryGuards) || options->UseBridges != old_options->UseBridges || (options->UseBridges && @@ -1869,6 +1906,16 @@ options_act(const or_options_t *old_options) "Changed to using entry guards or bridges, or changed " "preferred or excluded node lists. " "Abandoning previous circuits."); + abandon_circuits = 1; + } + + if (transition_affects_guards) { + if (guards_update_all()) { + abandon_circuits = 1; + } + } + + if (abandon_circuits) { circuit_mark_all_unused_circs(); circuit_mark_all_dirty_circs_as_unusable(); revise_trackexithosts = 1; @@ -1899,7 +1946,7 @@ options_act(const or_options_t *old_options) addressmap_clear_invalid_automaps(options); /* How long should we delay counting bridge stats after becoming a bridge? - * We use this so we don't count people who used our bridge thinking it is + * We use this so we don't count clients who used our bridge thinking it is * a relay. If you change this, don't forget to change the log message * below. It's 4 hours (the time it takes to stop being used by clients) * plus some extra time for clock skew. */ @@ -2051,11 +2098,13 @@ options_act(const or_options_t *old_options) rep_hist_desc_stats_term(); /* Check if we need to parse and add the EntryNodes config option. */ +#ifdef ENABLE_LEGACY_GUARD_ALGORITHM if (options->EntryNodes && (!old_options || !routerset_equal(old_options->EntryNodes,options->EntryNodes) || !routerset_equal(old_options->ExcludeNodes,options->ExcludeNodes))) entry_nodes_should_be_added(); +#endif /* Since our options changed, we might need to regenerate and upload our * server descriptor. @@ -2381,8 +2430,8 @@ using_default_dir_authorities(const or_options_t *options) * Fail if one or more of the following is true: * - DNS name in <b>options-\>Address</b> cannot be resolved. * - <b>options-\>Address</b> is a local host address. - * - Attempt to getting local hostname fails. - * - Attempt to getting network interface address fails. + * - Attempt at getting local hostname fails. + * - Attempt at getting network interface address fails. * * Return 0 if all is well, or -1 if we can't find a suitable * public IP address. @@ -2762,7 +2811,7 @@ compute_publishserverdescriptor(or_options_t *options) #define MIN_REND_POST_PERIOD (10*60) #define MIN_REND_POST_PERIOD_TESTING (5) -/** Higest allowable value for PredictedPortsRelevanceTime; if this is +/** Highest allowable value for PredictedPortsRelevanceTime; if this is * too high, our selection of exits will decrease for an extended * period of time to an uncomfortable level .*/ #define MAX_PREDICTED_CIRCS_RELEVANCE (60*60) @@ -2905,12 +2954,12 @@ options_validate_single_onion(or_options_t *options, char **msg) REJECT("Non-anonymous (Tor2web) mode is incompatible with using Tor as a " "hidden service. Please remove all HiddenServiceDir lines, or use " "a version of tor compiled without --enable-tor2web-mode, or use " - " HiddenServiceNonAnonymousMode."); + "HiddenServiceNonAnonymousMode."); } if (rend_service_allow_non_anonymous_connection(options) && options->UseEntryGuards) { - /* Single Onion services only use entry guards when uploading descriptors, + /* Single Onion services only use entry guards when uploading descriptors; * all other connections are one-hop. Further, Single Onions causes the * hidden service code to do things which break the path bias * detector, and it's far easier to turn off entry guards (and @@ -2953,13 +3002,20 @@ options_validate(or_options_t *old_options, or_options_t *options, *msg = NULL; /* Set UseEntryGuards from the configured value, before we check it below. - * We change UseEntryGuards whenn it's incompatible with other options, + * We change UseEntryGuards when it's incompatible with other options, * but leave UseEntryGuards_option with the original value. * Always use the value of UseEntryGuards, not UseEntryGuards_option. */ options->UseEntryGuards = options->UseEntryGuards_option; warn_about_relative_paths(options); +#ifndef ENABLE_LEGACY_GUARD_ALGORITHM + if (options->UseDeprecatedGuardAlgorithm) { + log_warn(LD_CONFIG, "DeprecatedGuardAlgorithm not supported."); + return -1; + } +#endif + if (server_mode(options) && (!strcmpstart(uname, "Windows 95") || !strcmpstart(uname, "Windows 98") || @@ -4449,7 +4505,6 @@ options_transition_allowed(const or_options_t *old, } while (0) SB_NOCHANGE_STR(Address); - SB_NOCHANGE_STR(PidFile); SB_NOCHANGE_STR(ServerDNSResolvConfFile); SB_NOCHANGE_STR(DirPortFrontPage); SB_NOCHANGE_STR(CookieAuthFile); @@ -5240,35 +5295,35 @@ addressmap_register_auto(const char *from, const char *to, int from_wildcard = 0, to_wildcard = 0; *msg = "whoops, forgot the error message"; - if (1) { - if (!strcmp(to, "*") || !strcmp(from, "*")) { - *msg = "can't remap from or to *"; - return -1; - } - /* Detect asterisks in expressions of type: '*.example.com' */ - if (!strncmp(from,"*.",2)) { - from += 2; - from_wildcard = 1; - } - if (!strncmp(to,"*.",2)) { - to += 2; - to_wildcard = 1; - } - if (to_wildcard && !from_wildcard) { - *msg = "can only use wildcard (i.e. '*.') if 'from' address " - "uses wildcard also"; - return -1; - } + if (!strcmp(to, "*") || !strcmp(from, "*")) { + *msg = "can't remap from or to *"; + return -1; + } + /* Detect asterisks in expressions of type: '*.example.com' */ + if (!strncmp(from,"*.",2)) { + from += 2; + from_wildcard = 1; + } + if (!strncmp(to,"*.",2)) { + to += 2; + to_wildcard = 1; + } - if (address_is_invalid_destination(to, 1)) { - *msg = "destination is invalid"; - return -1; - } + if (to_wildcard && !from_wildcard) { + *msg = "can only use wildcard (i.e. '*.') if 'from' address " + "uses wildcard also"; + return -1; + } - addressmap_register(from, tor_strdup(to), expires, addrmap_source, - from_wildcard, to_wildcard); + if (address_is_invalid_destination(to, 1)) { + *msg = "destination is invalid"; + return -1; } + + addressmap_register(from, tor_strdup(to), expires, addrmap_source, + from_wildcard, to_wildcard); + return 0; } @@ -7786,7 +7841,7 @@ getinfo_helper_config(control_connection_t *conn, case CONFIG_TYPE_CSV: type = "CommaList"; break; case CONFIG_TYPE_CSV_INTERVAL: type = "TimeIntervalCommaList"; break; case CONFIG_TYPE_LINELIST: type = "LineList"; break; - case CONFIG_TYPE_LINELIST_S: type = "Dependant"; break; + case CONFIG_TYPE_LINELIST_S: type = "Dependent"; break; case CONFIG_TYPE_LINELIST_V: type = "Virtual"; break; default: case CONFIG_TYPE_OBSOLETE: |