[tor-commits] [tor/release-0.2.4] Add and use a new NumEntryGuards consensus parameter.

arma at torproject.org arma at torproject.org
Thu Jul 24 20:22:50 UTC 2014


commit 56ee61b8aed058c20edc9c7e10dc48f1ab798bbc
Author: Roger Dingledine <arma at torproject.org>
Date:   Wed Jul 23 12:23:49 2014 -0400

    Add and use a new NumEntryGuards consensus parameter.
    
    When specified, it overrides our default of 3 entry guards.
    
    (By default, it overrides the number of directory guards too.)
    
    Implements ticket 12688.
---
 changes/ticket12688 |    5 +++++
 src/or/config.c     |    5 +----
 src/or/entrynodes.c |    8 ++++++--
 3 files changed, 12 insertions(+), 6 deletions(-)

diff --git a/changes/ticket12688 b/changes/ticket12688
new file mode 100644
index 0000000..d8e56c1
--- /dev/null
+++ b/changes/ticket12688
@@ -0,0 +1,5 @@
+  Major features:
+    - Make the number of entry guards (and thus, by default, directory
+      guards too) configurable via a new NumEntryGuards consensus
+      parameter. Implements ticket 12688.
+
diff --git a/src/or/config.c b/src/or/config.c
index 09fdc0c..a2811eb 100644
--- a/src/or/config.c
+++ b/src/or/config.c
@@ -315,7 +315,7 @@ static config_var_t option_vars_[] = {
   VAR("NodeFamily",              LINELIST, NodeFamilies,         NULL),
   V(NumCPUs,                     UINT,     "0"),
   V(NumDirectoryGuards,          UINT,     "0"),
-  V(NumEntryGuards,              UINT,     "3"),
+  V(NumEntryGuards,              UINT,     "0"),
   V(ORListenAddress,             LINELIST, NULL),
   VPORT(ORPort,                      LINELIST, NULL),
   V(OutboundBindAddress,         LINELIST,   NULL),
@@ -3031,9 +3031,6 @@ options_validate(or_options_t *old_options, or_options_t *options,
              "have it group-readable.");
   }
 
-  if (options->UseEntryGuards && ! options->NumEntryGuards)
-    REJECT("Cannot enable UseEntryGuards with NumEntryGuards set to 0");
-
   if (options->MyFamily && options->BridgeRelay) {
     log_warn(LD_CONFIG, "Listing a family for a bridge relay is not "
              "supported: it can reveal bridge fingerprints to censors. "
diff --git a/src/or/entrynodes.c b/src/or/entrynodes.c
index 59770fa..abd10e3 100644
--- a/src/or/entrynodes.c
+++ b/src/or/entrynodes.c
@@ -435,7 +435,10 @@ decide_num_guards(const or_options_t *options, int for_directory)
 {
   if (for_directory && options->NumDirectoryGuards != 0)
     return options->NumDirectoryGuards;
-  return options->NumEntryGuards;
+  if (options->NumEntryGuards)
+    return options->NumEntryGuards;
+  /* Use the value from the consensus, or 3 if no guidance. */
+  return networkstatus_get_param(NULL, "NumEntryGuards", 3, 1, 10);
 }
 
 /** If the use of entry guards is configured, choose more entry guards
@@ -815,6 +818,7 @@ entry_guards_set_from_config(const or_options_t *options)
 {
   smartlist_t *entry_nodes, *worse_entry_nodes, *entry_fps;
   smartlist_t *old_entry_guards_on_list, *old_entry_guards_not_on_list;
+  const int numentryguards = decide_num_guards(options, 0);
   tor_assert(entry_guards);
 
   should_add_entry_nodes = 0;
@@ -883,7 +887,7 @@ entry_guards_set_from_config(const or_options_t *options)
   /* Next, the rest of EntryNodes */
   SMARTLIST_FOREACH_BEGIN(entry_nodes, const node_t *, node) {
     add_an_entry_guard(node, 0, 0, 1, 0);
-    if (smartlist_len(entry_guards) > options->NumEntryGuards * 10)
+    if (smartlist_len(entry_guards) > numentryguards * 10)
       break;
   } SMARTLIST_FOREACH_END(node);
   log_notice(LD_GENERAL, "%d entries in guards", smartlist_len(entry_guards));





More information about the tor-commits mailing list