commit 10fe5bad9aaf326b925092883b856f64f8dca478 Author: Sebastian Hahn <sebastian@torproject.org> Date: Thu Sep 4 06:25:38 2014 +0200 Remove the AuthDirRejectUnlisted config option This is in preparation for a big patch series removing the entire Naming system from Tor. In its wake, the approved-routers file is being deprecated, and a replacement option to allow only pre-approved routers is not being implemented. --- changes/bug12899 | 4 ++++ doc/tor.1.txt | 6 ------ src/or/config.c | 2 +- src/or/dirserv.c | 6 ------ src/or/or.h | 2 -- 5 files changed, 5 insertions(+), 15 deletions(-) diff --git a/changes/bug12899 b/changes/bug12899 new file mode 100644 index 0000000..eb7c90d --- /dev/null +++ b/changes/bug12899 @@ -0,0 +1,4 @@ + o Removed features: + - The "AuthDirRejectUnlisted" option no longer has any effect, as + the fingerprints file (approved-routers) has been deprecated. + diff --git a/doc/tor.1.txt b/doc/tor.1.txt index a997bc3..3284b94 100644 --- a/doc/tor.1.txt +++ b/doc/tor.1.txt @@ -1943,12 +1943,6 @@ on the public Tor network. 1 unless you plan to list non-functioning exits as bad; otherwise, you are effectively voting in favor of every declared exit as an exit.) -[[AuthDirRejectUnlisted]] **AuthDirRejectUnlisted** **0**|**1**:: - Authoritative directories only. If set to 1, the directory server rejects - all uploaded server descriptors that aren't explicitly listed in the - fingerprints file. This acts as a "panic button" if we get hit with a Sybil - attack. (Default: 0) - [[AuthDirMaxServersPerAddr]] **AuthDirMaxServersPerAddr** __NUM__:: Authoritative directories only. The maximum number of servers that we will list as acceptable on a single IP address. Set this to "0" for "no limit". diff --git a/src/or/config.c b/src/or/config.c index 7800ec1..ea7d728 100644 --- a/src/or/config.c +++ b/src/or/config.c @@ -150,7 +150,7 @@ static config_var_t option_vars_[] = { V(AuthDirGuardBWGuarantee, MEMUNIT, "2 MB"), V(AuthDirReject, LINELIST, NULL), V(AuthDirRejectCCs, CSV, ""), - V(AuthDirRejectUnlisted, BOOL, "0"), + OBSOLETE("AuthDirRejectUnlisted"), V(AuthDirListBadDirs, BOOL, "0"), V(AuthDirListBadExits, BOOL, "0"), V(AuthDirMaxServersPerAddr, UINT, "2"), diff --git a/src/or/dirserv.c b/src/or/dirserv.c index 8395c2e..00b282d 100644 --- a/src/or/dirserv.c +++ b/src/or/dirserv.c @@ -362,7 +362,6 @@ dirserv_get_status_impl(const char *id_digest, const char *nickname, const char *platform, const char *contact, const char **msg, int should_log) { - int reject_unlisted = get_options()->AuthDirRejectUnlisted; uint32_t result; router_status_t *status_by_digest; @@ -458,11 +457,6 @@ dirserv_get_status_impl(const char *id_digest, const char *nickname, nickname, fmt_addr32(addr)); result |= FP_INVALID; } - if (reject_unlisted) { - if (msg) - *msg = "Authdir rejects unknown routers."; - return FP_REJECT; - } } return result; diff --git a/src/or/or.h b/src/or/or.h index 3683607..207c70d 100644 --- a/src/or/or.h +++ b/src/or/or.h @@ -3768,8 +3768,6 @@ typedef struct { * and vote for all other dir mirrors as good. */ int AuthDirListBadExits; /**< True iff we should list bad exits, * and vote for all other exits as good. */ - int AuthDirRejectUnlisted; /**< Boolean: do we reject all routers that - * aren't named in our fingerprint file? */ int AuthDirMaxServersPerAddr; /**< Do not permit more than this * number of servers per IP address. */ int AuthDirMaxServersPerAuthAddr; /**< Do not permit more than this