commit 0f9dfef9d636b269acad75f31e4cd278a1f246e9 Author: Nick Mathewson nickm@torproject.org Date: Tue Dec 11 13:05:35 2012 -0500
Add configuration options for directory guards
In addition to all the other ways to make directory gurads not go, you can now set UseEntryGuardsAsDirGuards to 0. --- src/or/config.c | 2 ++ src/or/directory.c | 2 +- src/or/entrynodes.c | 10 +++++++--- src/or/or.h | 3 +++ 4 files changed, 13 insertions(+), 4 deletions(-)
diff --git a/src/or/config.c b/src/or/config.c index b81edf7..db4e1bf 100644 --- a/src/or/config.c +++ b/src/or/config.c @@ -308,6 +308,7 @@ static config_var_t option_vars_[] = { OBSOLETE("NoPublish"), VAR("NodeFamily", LINELIST, NodeFamilies, NULL), V(NumCPUs, UINT, "0"), + V(NumDirectoryGuards, UINT, "3"), V(NumEntryGuards, UINT, "3"), V(ORListenAddress, LINELIST, NULL), VPORT(ORPort, LINELIST, NULL), @@ -382,6 +383,7 @@ static config_var_t option_vars_[] = { V(UpdateBridgesFromAuthority, BOOL, "0"), V(UseBridges, BOOL, "0"), V(UseEntryGuards, BOOL, "1"), + V(UseEntryGuardsAsDirGuards, BOOL, "1"), V(UseMicrodescriptors, AUTOBOOL, "auto"), V(User, STRING, NULL), V(UserspaceIOCPBuffers, BOOL, "0"), diff --git a/src/or/directory.c b/src/or/directory.c index fc1b76a..d774dc0 100644 --- a/src/or/directory.c +++ b/src/or/directory.c @@ -345,7 +345,7 @@ should_use_directory_guards(const or_options_t *options) /* If guards are disabled, or directory guards are disabled, we can't * use directory guards. */ - if (!options->UseEntryGuards) + if (!options->UseEntryGuards || !options->UseEntryGuardsAsDirGuards) return 0; /* If we're configured to fetch directory info aggressively or of a * nonstandard type, don't use directory guards. */ diff --git a/src/or/entrynodes.c b/src/or/entrynodes.c index a872091..eb79938 100644 --- a/src/or/entrynodes.c +++ b/src/or/entrynodes.c @@ -400,10 +400,12 @@ static void pick_entry_guards(const or_options_t *options, int for_directory) { int changed = 0; + const int num_needed = for_directory ? options->NumDirectoryGuards : + options->NumEntryGuards;
tor_assert(entry_guards);
- while (num_live_entry_guards(for_directory) < options->NumEntryGuards) { + while (num_live_entry_guards(for_directory) < num_needed) { if (!add_an_entry_guard(NULL, 0, 0, for_directory)) break; changed = 1; @@ -861,6 +863,8 @@ choose_random_entry_impl(cpath_build_state_t *state, int for_directory, int need_capacity = state ? state->need_capacity : 0; int preferred_min, consider_exit_family = 0; int need_descriptor = !for_directory; + const int num_needed = for_directory ? options->NumDirectoryGuards : + options->NumEntryGuards;
/* Checking dirinfo_type isn't required yet, since we only choose directory guards that can support microdescs, routerinfos, and networkstatuses, AND @@ -880,7 +884,7 @@ choose_random_entry_impl(cpath_build_state_t *state, int for_directory, entry_guards_set_from_config(options);
if (!entry_list_is_constrained(options) && - smartlist_len(entry_guards) < options->NumEntryGuards) + smartlist_len(entry_guards) < num_needed) pick_entry_guards(options, for_directory);
retry: @@ -923,7 +927,7 @@ choose_random_entry_impl(cpath_build_state_t *state, int for_directory, * guard list without needing to. */ goto choose_and_finish; } - if (smartlist_len(live_entry_guards) >= options->NumEntryGuards) + if (smartlist_len(live_entry_guards) >= num_needed) goto choose_and_finish; /* we have enough */ } SMARTLIST_FOREACH_END(entry);
diff --git a/src/or/or.h b/src/or/or.h index a65ca44..c9ede75 100644 --- a/src/or/or.h +++ b/src/or/or.h @@ -3614,6 +3614,9 @@ typedef struct { int UseEntryGuards; /**< Boolean: Do we try to enter from a smallish number * of fixed nodes? */ int NumEntryGuards; /**< How many entry guards do we try to establish? */ + int UseEntryGuardsAsDirGuards; /** Boolean: Do we try to get directory info + * from a smallish number of fixed nodes? */ + int NumDirectoryGuards; /**< How many dir guards do we try to establish? */ int RephistTrackTime; /**< How many seconds do we keep rephist info? */ int FastFirstHopPK; /**< If Tor believes it is safe, should we save a third * of our PK time by sending CREATE_FAST cells? */