Add an EnforceDistinctSubnets option so that clients who know what they are doing (mainly people with private testing networks) can disable our same-/16 detection.

svn:r8504

ChangeLog

@@ -19,6 +19,10 @@ Changes in version 0.1.2.2-alpha - 2006-??-??
     - When asked to resolve a hostname, don't use non-exit servers unless
       requested to do so.  This allows servers with broken DNS to
       be useful to the network.
+    - Add an "EnforceDistinctSubnets" option to control our "exclude
+      servers on the same /16" behavior.  It's still on by default; this
+      is mostly for people who want to operate private test networks with
+      all the machines on the same subnet.
 
   o Security Fixes, minor:
     - If a client asked for a server by name, and we didn't have a

doc/TODO

@@ -28,11 +28,12 @@ N - when we start, remove any entryguards that are listed in excludenodes.
 N - Remember the last time we saw one of our entry guards labelled with
     the GUARD flag. If it's been too long, it is not suitable for use.
     If it's been really too long, remove it from the list.
-  . Figure out avoiding duplicate /24 lines
+  o Figure out avoiding duplicate /24 lines
     o automatically add /16 servers to family
     D do it in an efficient way. keep a list of something somewhere?
-      - The right thing here is to revamp our node selection implementation.
-N   - make it configurable, so people can turn it on or off.
+      D The right thing here is to revamp our node selection implementation.
+        (Deferred until oprofile says this matters.)
+    o make it configurable, so people can turn it on or off.
 N - Clients stop dumping old descriptors if the network-statuses
     claim they're still valid.
 R . If we fail to connect via an exit enclave, (warn and) try again

doc/tor.1.in

@@ -371,10 +371,17 @@ NodeFamily is only needed when a server doesn't list the family itself
 (with MyFamily). This option can be used multiple times.
 .LP
 .TP
+\fBEnforceDistinctSubnets \fR\fB0\fR|\fB1\fR\fP
+If 1, Tor will not put two servers whose IP addressess are "too
+close" to appear on the same circuit.  Currently, two addresses are
+"too close" if they lie in the same /16 range. (Default: 1)
+
 .\" \fBPathlenCoinWeight \fR\fI0.0-1.0\fP
 .\" Paths are 3 hops plus a geometric distribution centered around this coinweight.
 .\" Must be >=0.0 and <1.0. (Default: 0.3) NOT USED CURRENTLY
 .\" .TP
+.LP
+.TP
 \fBRendNodes \fR\fInickname\fR,\fInickname\fR,\fI...\fP
 A list of preferred nodes to use for the rendezvous point, if possible.
 .LP

src/or/config.c

@@ -152,6 +152,7 @@ static config_var_t _option_vars[] = {
   VAR("DirPort",             UINT,     DirPort,              "0"),
   OBSOLETE("DirPostPeriod"),
   VAR("DirServer",           LINELIST, DirServers,           NULL),
+  VAR("EnforceDistinctSubnets", BOOL,  EnforceDistinctSubnets,"1"),
   VAR("EntryNodes",          STRING,   EntryNodes,           NULL),
   VAR("ExcludeNodes",        STRING,   ExcludeNodes,         NULL),
   VAR("ExitNodes",           STRING,   ExitNodes,            NULL),

src/or/or.h

@@ -1581,6 +1581,8 @@ typedef struct {
   char *ServerDNSResolvConfFile; /**< If provided, we configure our internal
                      * resolver from the file here rather than from
                      * /etc/resolv.conf (Unix) or the registry (Windows). */
+  int EnforceDistinctSubnets; /** If true, don't allow multiple routers in the
+                               * same network zone in the same circuit. */
 } or_options_t;
 
 /** Persistent state for an onion router, as saved to disk. */

src/or/routerlist.c

@@ -629,10 +629,12 @@ routerlist_add_family(smartlist_t *sl, routerinfo_t *router)
 {
   routerinfo_t *r;
   config_line_t *cl;
+  or_options_t *options = get_options();
 
   /* First, add any routers with similar network addresses.
    * XXX It's possible this will be really expensive; we'll see. */
-  routerlist_add_network_family(sl, router);
+  if (options->EnforceDistinctSubnets)
+    routerlist_add_network_family(sl, router);
 
   if (!router->declared_family)
     return;