commit 55d02c004c9b36258ef64ccb2def4ddcb0fb04c5 Author: Nick Mathewson nickm@torproject.org Date: Tue Dec 13 13:09:27 2016 -0500
Remove AuthDirMaxServersPerAuthAddr
Back when Roger had do do most of our testing on the moria host, we needed a higher limit for the number of relays running on a single IP address when that limit was shared with an authority. Nowadays, the idea is pretty obsolete.
Also remove the router_addr_is_trusted_dir() function, which served no other purpose.
Closes ticket 20960. --- changes/ticket20960 | 5 +++++ doc/tor.1.txt | 4 ---- src/or/config.c | 3 +-- src/or/dirserv.c | 8 +------- src/or/or.h | 3 --- src/or/routerlist.c | 14 -------------- src/or/routerlist.h | 1 - 7 files changed, 7 insertions(+), 31 deletions(-)
diff --git a/changes/ticket20960 b/changes/ticket20960 new file mode 100644 index 0000000..3c21ae6 --- /dev/null +++ b/changes/ticket20960 @@ -0,0 +1,5 @@ + o Removed features: + - The AuthDirMaxServersPerAuthAddr option no longer exists: The same + limit for relays running on a single IP applies to authority IP + addresses as well as to non-authority IP addresses. Closes ticket + 20960. diff --git a/doc/tor.1.txt b/doc/tor.1.txt index 9b8a0f0..eef7454 100644 --- a/doc/tor.1.txt +++ b/doc/tor.1.txt @@ -2246,10 +2246,6 @@ on the public Tor network. list as acceptable on a single IP address. Set this to "0" for "no limit". (Default: 2)
-[[AuthDirMaxServersPerAuthAddr]] **AuthDirMaxServersPerAuthAddr** __NUM__:: - Authoritative directories only. Like AuthDirMaxServersPerAddr, but applies - to addresses shared with directory authorities. (Default: 5) - [[AuthDirFastGuarantee]] **AuthDirFastGuarantee** __N__ **bytes**|**KBytes**|**MBytes**|**GBytes**|**TBytes**|**KBits**|**MBits**|**GBits**|**TBits**:: Authoritative directories only. If non-zero, always vote the Fast flag for any relay advertising this amount of capacity or diff --git a/src/or/config.c b/src/or/config.c index a4d063d..c68f83a 100644 --- a/src/or/config.c +++ b/src/or/config.c @@ -218,7 +218,7 @@ static config_var_t option_vars_[] = { OBSOLETE("AuthDirListBadDirs"), V(AuthDirListBadExits, BOOL, "0"), V(AuthDirMaxServersPerAddr, UINT, "2"), - V(AuthDirMaxServersPerAuthAddr,UINT, "5"), + OBSOLETE("AuthDirMaxServersPerAuthAddr"), V(AuthDirHasIPv6Connectivity, BOOL, "0"), VAR("AuthoritativeDirectory", BOOL, AuthoritativeDir, "0"), V(AutomapHostsOnResolve, BOOL, "0"), @@ -594,7 +594,6 @@ static const config_var_t testing_tor_network_defaults[] = { V(EnforceDistinctSubnets, BOOL, "0"), V(AssumeReachable, BOOL, "1"), V(AuthDirMaxServersPerAddr, UINT, "0"), - V(AuthDirMaxServersPerAuthAddr,UINT, "0"), V(ClientBootstrapConsensusAuthorityDownloadSchedule, CSV_INTERVAL, "0, 2, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 8, 16, 32, 60"), V(ClientBootstrapConsensusFallbackDownloadSchedule, CSV_INTERVAL, diff --git a/src/or/dirserv.c b/src/or/dirserv.c index e106628..4d349dd 100644 --- a/src/or/dirserv.c +++ b/src/or/dirserv.c @@ -2056,12 +2056,8 @@ get_possible_sybil_list(const smartlist_t *routers) int addr_count; /* Allow at most this number of Tor servers on a single IP address, ... */ int max_with_same_addr = options->AuthDirMaxServersPerAddr; - /* ... unless it's a directory authority, in which case allow more. */ - int max_with_same_addr_on_authority = options->AuthDirMaxServersPerAuthAddr; if (max_with_same_addr <= 0) max_with_same_addr = INT_MAX; - if (max_with_same_addr_on_authority <= 0) - max_with_same_addr_on_authority = INT_MAX;
smartlist_add_all(routers_by_ip, routers); smartlist_sort(routers_by_ip, compare_routerinfo_by_ip_and_bw_); @@ -2074,9 +2070,7 @@ get_possible_sybil_list(const smartlist_t *routers) last_addr = ri->addr; addr_count = 1; } else if (++addr_count > max_with_same_addr) { - if (!router_addr_is_trusted_dir(ri->addr) || - addr_count > max_with_same_addr_on_authority) - digestmap_set(omit_as_sybil, ri->cache_info.identity_digest, ri); + digestmap_set(omit_as_sybil, ri->cache_info.identity_digest, ri); } } SMARTLIST_FOREACH_END(ri);
diff --git a/src/or/or.h b/src/or/or.h index 0e508e9..cfbd7b5 100644 --- a/src/or/or.h +++ b/src/or/or.h @@ -3969,9 +3969,6 @@ typedef struct { * and vote for all other exits as good. */ int AuthDirMaxServersPerAddr; /**< Do not permit more than this * number of servers per IP address. */ - int AuthDirMaxServersPerAuthAddr; /**< Do not permit more than this - * number of servers per IP address shared - * with an authority. */ int AuthDirHasIPv6Connectivity; /**< Boolean: are we on IPv6? */ int AuthDirPinKeys; /**< Boolean: Do we enforce key-pinning? */
diff --git a/src/or/routerlist.c b/src/or/routerlist.c index 46c44d8..69ae51a 100644 --- a/src/or/routerlist.c +++ b/src/or/routerlist.c @@ -2991,20 +2991,6 @@ router_digest_is_trusted_dir_type(const char *digest, dirinfo_type_t type) return 0; }
-/** Return true iff <b>addr</b> is the address of one of our trusted - * directory authorities. */ -int -router_addr_is_trusted_dir(uint32_t addr) -{ - if (!trusted_dir_servers) - return 0; - SMARTLIST_FOREACH(trusted_dir_servers, dir_server_t *, ent, - if (ent->addr == addr) - return 1; - ); - return 0; -} - /** If hexdigest is correctly formed, base16_decode it into * digest, which must have DIGEST_LEN space in it. * Return 0 on success, -1 on failure. diff --git a/src/or/routerlist.h b/src/or/routerlist.h index 606e908..8b68d69 100644 --- a/src/or/routerlist.h +++ b/src/or/routerlist.h @@ -86,7 +86,6 @@ int router_digest_is_trusted_dir_type(const char *digest, #define router_digest_is_trusted_dir(d) \ router_digest_is_trusted_dir_type((d), NO_DIRINFO)
-int router_addr_is_trusted_dir(uint32_t addr); int hexdigest_to_digest(const char *hexdigest, char *digest); const routerinfo_t *router_get_by_id_digest(const char *digest); routerinfo_t *router_get_mutable_by_digest(const char *digest);