commit fea72571dfc70ec766edaaea2dc80c1e759a977d Author: David Goulet dgoulet@torproject.org Date: Tue Apr 25 13:30:46 2017 -0400
config: Remove AllowSingleHopCircuits option
Deprecated in 0.2.9.2-alpha, this commits changes it as OBSOLETE() and cleans up the code associated with it.
Partially fixes #22060
Signed-off-by: David Goulet dgoulet@torproject.org --- changes/bug22060 | 2 ++ doc/tor.1.txt | 5 ----- src/or/config.c | 4 +--- src/or/control.c | 21 +++------------------ src/or/or.h | 3 --- 5 files changed, 6 insertions(+), 29 deletions(-)
diff --git a/changes/bug22060 b/changes/bug22060 index d839c9b..19c8d2c 100644 --- a/changes/bug22060 +++ b/changes/bug22060 @@ -1,3 +1,5 @@ o Remove configuration option (confic): - AllowInvalidNodes was deprecated in 0.2.9.2-alpha and now has been rendered obsolete. Code has been removed and feature no longer exists. + - AllowSingleHopCircuits was deprecated in 0.2.9.2-alpha and now has been + rendered obsolete. Code has been removed and feature no longer exists. diff --git a/doc/tor.1.txt b/doc/tor.1.txt index 012c5b9..3088c9b 100644 --- a/doc/tor.1.txt +++ b/doc/tor.1.txt @@ -1468,11 +1468,6 @@ The following options are useful only for clients (that is, if Like WarnPlaintextPorts, but instead of warning about risky port uses, Tor will instead refuse to make the connection. (Default: None)
-[[AllowSingleHopCircuits]] **AllowSingleHopCircuits** **0**|**1**:: - When this option is set, the attached Tor controller can use relays - that have the **AllowSingleHopExits** option turned on to build - one-hop Tor connections. (Default: 0) - [[OptimisticData]] **OptimisticData** **0**|**1**|**auto**:: When this option is set, and Tor is using an exit node that supports the feature, it will try optimistically to send data to the exit node diff --git a/src/or/config.c b/src/or/config.c index 6edfac3..3621b8e 100644 --- a/src/or/config.c +++ b/src/or/config.c @@ -207,7 +207,7 @@ static config_var_t option_vars_[] = { V(AllowDotExit, BOOL, "0"), OBSOLETE("AllowInvalidNodes"), V(AllowNonRFC953Hostnames, BOOL, "0"), - V(AllowSingleHopCircuits, BOOL, "0"), + OBSOLETE("AllowSingleHopCircuits"), V(AllowSingleHopExits, BOOL, "0"), V(AlternateBridgeAuthority, LINELIST, NULL), V(AlternateDirAuthority, LINELIST, NULL), @@ -662,8 +662,6 @@ static const config_deprecation_t option_deprecation_notes_[] = { /* Deprecated since 0.2.9.2-alpha... */ { "AllowDotExit", "Unrestricted use of the .exit notation can be used for " "a wide variety of application-level attacks." }, - { "AllowSingleHopCircuits", "Almost no relays actually allow single-hop " - "exits, making this option pointless." }, { "AllowSingleHopExits", "Turning this on will make your relay easier " "to abuse." }, { "ClientDNSRejectInternalAddresses", "Turning this on makes your client " diff --git a/src/or/control.c b/src/or/control.c index 56f1329..1017867 100644 --- a/src/or/control.c +++ b/src/or/control.c @@ -3551,24 +3551,9 @@ handle_control_attachstream(control_connection_t *conn, uint32_t len, } /* Is this a single hop circuit? */ if (circ && (circuit_get_cpath_len(circ)<2 || hop==1)) { - const node_t *node = NULL; - char *exit_digest = NULL; - if (circ->build_state && - circ->build_state->chosen_exit && - !tor_digest_is_zero(circ->build_state->chosen_exit->identity_digest)) { - exit_digest = circ->build_state->chosen_exit->identity_digest; - node = node_get_by_id(exit_digest); - } - /* Do both the client and relay allow one-hop exit circuits? */ - if (!node || - !node_allows_single_hop_exits(node) || - !get_options()->AllowSingleHopCircuits) { - connection_write_str_to_buf( - "551 Can't attach stream to this one-hop circuit.\r\n", conn); - return 0; - } - tor_assert(exit_digest); - ap_conn->chosen_exit_name = tor_strdup(hex_str(exit_digest, DIGEST_LEN)); + connection_write_str_to_buf( + "551 Can't attach stream to this one-hop circuit.\r\n", conn); + return 0; }
if (circ && hop>0) { diff --git a/src/or/or.h b/src/or/or.h index 53a8710..4381459 100644 --- a/src/or/or.h +++ b/src/or/or.h @@ -4120,9 +4120,6 @@ typedef struct { /** If true, don't allow relays with AllowSingleHopExits=1 to be used in * circuits that we build. */ int ExcludeSingleHopRelays; - /** If true, and the controller tells us to use a one-hop circuit, and the - * exit allows it, we use it. */ - int AllowSingleHopCircuits;
/** If true, we convert "www.google.com.foo.exit" addresses on the * socks/trans/natd ports into "www.google.com" addresses that