From 4684ced1b3fced0543fa65bf01f75c5d81eaf464 Mon Sep 17 00:00:00 2001 From: Robert Ransom Date: Tue, 25 Oct 2011 12:33:21 -0700 Subject: Add option to give guard flag to relays without the CVE-2011-2768 fix This way, all of the DA operators can upgrade immediately, without nuking every client's set of entry guards as soon as a majority of them upgrade. Until enough guards have upgraded, a majority of dirauths should set this config option so that there are still enough guards in the network. After a few days pass, all dirauths should use the default. --- src/or/dirserv.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) (limited to 'src/or/dirserv.c') diff --git a/src/or/dirserv.c b/src/or/dirserv.c index fa7f693afe..c427fe2ef3 100644 --- a/src/or/dirserv.c +++ b/src/or/dirserv.c @@ -2332,6 +2332,7 @@ set_routerstatus_from_routerinfo(routerstatus_t *rs, int naming, int listbadexits, int listbaddirs, int vote_on_hsdirs) { + const or_options_t *options = get_options(); int unstable_version = !tor_version_as_new_as(ri->platform,"0.1.1.16-rc-cvs"); memset(rs, 0, sizeof(routerstatus_t)); @@ -2363,7 +2364,8 @@ set_routerstatus_from_routerinfo(routerstatus_t *rs, router_get_advertised_bandwidth(ri) >= MIN(guard_bandwidth_including_exits, guard_bandwidth_excluding_exits)) && - is_router_version_good_for_possible_guard(ri->platform)) { + (options->GiveGuardFlagTo_CVE_2011_2768_VulnerableRelays || + is_router_version_good_for_possible_guard(ri->platform))) { long tk = rep_hist_get_weighted_time_known( ri->cache_info.identity_digest, now); double wfu = rep_hist_get_weighted_fractional_uptime( -- cgit v1.2.3-54-g00ecf