commit 3902a18a6976af2ceb2d6ca43266bf6154881621 Author: Nick Mathewson nickm@torproject.org Date: Thu Dec 8 12:35:55 2016 -0500
Remove UseDirectoryGuards
It is obsoleted in an always-on direction by prop271. --- changes/ticket20831 | 6 ++++++ doc/tor.1.txt | 9 --------- src/or/config.c | 2 +- src/or/directory.c | 5 ++--- src/or/or.h | 2 -- src/test/test_dir.c | 14 ++++---------- 6 files changed, 13 insertions(+), 25 deletions(-)
diff --git a/changes/ticket20831 b/changes/ticket20831 new file mode 100644 index 0000000..cb4a3a3 --- /dev/null +++ b/changes/ticket20831 @@ -0,0 +1,6 @@ + o Removed features: + - The NumDirectoryGuards and UseDirectoryGuards torrc options are + no longer present: all users that use entry guards will also use + directory guards. Related to proposal 271; implements part of + ticket 20831. + diff --git a/doc/tor.1.txt b/doc/tor.1.txt index 670c75d..6b59f08 100644 --- a/doc/tor.1.txt +++ b/doc/tor.1.txt @@ -1208,15 +1208,6 @@ The following options are useful only for clients (that is, if Authorities, Single Onion Services, and Tor2web clients. In these cases, the this option is ignored. (Default: 1)
-[[UseEntryGuardsAsDirGuards]] **UseEntryGuardsAsDirGuards** **0**|**1**:: - If this option is set to 1, and UseEntryGuards is also set to 1, - we try to use our entry guards as directory - guards, and failing that, pick more nodes to act as our directory guards. - This helps prevent an adversary from enumerating clients. It's only - available for clients (non-relay, non-bridge) that aren't configured to - download any non-default directory material. It doesn't currently - do anything when we lack a live consensus. (Default: 1) - [[GuardfractionFile]] **GuardfractionFile** __FILENAME__:: V3 authoritative directories only. Configures the location of the guardfraction file which contains information about how long relays diff --git a/src/or/config.c b/src/or/config.c index 2ec96d3..e45ad94 100644 --- a/src/or/config.c +++ b/src/or/config.c @@ -495,7 +495,7 @@ static config_var_t option_vars_[] = { V(UpdateBridgesFromAuthority, BOOL, "0"), V(UseBridges, BOOL, "0"), VAR("UseEntryGuards", BOOL, UseEntryGuards_option, "1"), - V(UseEntryGuardsAsDirGuards, BOOL, "1"), + OBSOLETE("UseEntryGuardsAsDirGuards"), V(UseGuardFraction, AUTOBOOL, "auto"), V(UseMicrodescriptors, AUTOBOOL, "auto"), OBSOLETE("UseNTorHandshake"), diff --git a/src/or/directory.c b/src/or/directory.c index 9c039a0..acae5de 100644 --- a/src/or/directory.c +++ b/src/or/directory.c @@ -442,10 +442,9 @@ should_use_directory_guards(const or_options_t *options) /* Public (non-bridge) servers never use directory guards. */ if (public_server_mode(options)) return 0; - /* If guards are disabled, or directory guards are disabled, we can't - * use directory guards. + /* If guards are disabled, we can't use directory guards. */ - if (!options->UseEntryGuards || !options->UseEntryGuardsAsDirGuards) + if (!options->UseEntryGuards) return 0; /* If we're configured to fetch directory info aggressively or of a * nonstandard type, don't use directory guards. */ diff --git a/src/or/or.h b/src/or/or.h index 04ff548..ceeaff5 100644 --- a/src/or/or.h +++ b/src/or/or.h @@ -4070,8 +4070,6 @@ typedef struct { int UseEntryGuards;
int NumEntryGuards; /**< How many entry guards do we try to establish? */ - int UseEntryGuardsAsDirGuards; /** Boolean: Do we try to get directory info - * from a smallish number of fixed nodes? */
/** If 1, we use any guardfraction information we see in the * consensus. If 0, we don't. If -1, let the consensus parameter diff --git a/src/test/test_dir.c b/src/test/test_dir.c index 4ef421f..ed58ba5 100644 --- a/src/test/test_dir.c +++ b/src/test/test_dir.c @@ -4354,7 +4354,6 @@ test_dir_should_use_directory_guards(void *data) tt_int_op(should_use_directory_guards(options), OP_EQ, 0); tt_int_op(CALLED(public_server_mode), OP_EQ, 1);
- options->UseEntryGuardsAsDirGuards = 1; options->UseEntryGuards = 1; options->DownloadExtraInfo = 0; options->FetchDirInfoEarly = 0; @@ -4368,29 +4367,24 @@ test_dir_should_use_directory_guards(void *data) tt_int_op(CALLED(public_server_mode), OP_EQ, 3); options->UseEntryGuards = 1;
- options->UseEntryGuardsAsDirGuards = 0; - tt_int_op(should_use_directory_guards(options), OP_EQ, 0); - tt_int_op(CALLED(public_server_mode), OP_EQ, 4); - options->UseEntryGuardsAsDirGuards = 1; - options->DownloadExtraInfo = 1; tt_int_op(should_use_directory_guards(options), OP_EQ, 0); - tt_int_op(CALLED(public_server_mode), OP_EQ, 5); + tt_int_op(CALLED(public_server_mode), OP_EQ, 4); options->DownloadExtraInfo = 0;
options->FetchDirInfoEarly = 1; tt_int_op(should_use_directory_guards(options), OP_EQ, 0); - tt_int_op(CALLED(public_server_mode), OP_EQ, 6); + tt_int_op(CALLED(public_server_mode), OP_EQ, 5); options->FetchDirInfoEarly = 0;
options->FetchDirInfoExtraEarly = 1; tt_int_op(should_use_directory_guards(options), OP_EQ, 0); - tt_int_op(CALLED(public_server_mode), OP_EQ, 7); + tt_int_op(CALLED(public_server_mode), OP_EQ, 6); options->FetchDirInfoExtraEarly = 0;
options->FetchUselessDescriptors = 1; tt_int_op(should_use_directory_guards(options), OP_EQ, 0); - tt_int_op(CALLED(public_server_mode), OP_EQ, 8); + tt_int_op(CALLED(public_server_mode), OP_EQ, 7); options->FetchUselessDescriptors = 0;
done: