16 years ago · ca5f670fab
--- a/ChangeLog
+++ b/ChangeLog
@@ -46,6 +46,11 @@ Changes in version 0.2.0.16-alpha - 2008-01-??
 
				       that don't otherwise fit into the torrc file.
			
 
				     - The SETCONF command now handles quoted values correctly.
			
 
				 
			
 
				+  o Minor features (directory authorities):
			
 
				+    - New configuration options to override default maximum number of
			
 
				+      servers allowed on a single IP address.  This is important
			
 
				+      for running a test network on a single host.
			
 
				+
			
 
				   o Minor features (other):
			
 
				     - Add hidden services and DNSPorts to the list of things that make
			
 
				       Tor accept that it has running ports.  Change starting Tor with
			
--- a/doc/TODO
+++ b/doc/TODO
@@ -21,7 +21,7 @@ R - Figure out the autoconf problem with adding a fallback consensus.
 
				 R - add a geoip file
			
 
				 W   - figure out license
			
 
				 R - let bridges set relaybandwidthrate as low as 5kb
			
 
				-N - we need a config option to turn off proposal 109 behavior,
			
 
				+  o we need a config option to turn off proposal 109 behavior,
			
 
				 RK- make it easier to set up a private tor network on your own computer
			
 
				     is very hard.
			
 
				     - FAQ entry which is wrong
			
--- a/doc/tor.1.in
+++ b/doc/tor.1.in
@@ -1129,6 +1129,17 @@ Authoritative directories only.  If set to 1, the directory server
 
				 rejects all uploaded server descriptors that aren't explicitly listed
			
 
				 in the fingerprints file. This acts as a "panic button" if we get
			
 
				 Sybiled. (Default: 0)
			
 
				+.LP
			
 
				+.TP
			
 
				+\fBAuthDirMaxServersPerAddr\fR \fINUM\fP
			
 
				+Authoritative directories only.  The maximum number of servers that we
			
 
				+will list as acceptable on a single IP address.  Set this to "0" for
			
 
				+"no limit". (Default: 2)
			
 
				+.LP
			
 
				+.TP
			
 
				+\fBAuthDirMaxServersPerAuthAddr\fR \fINUM\fP
			
 
				+Authoritative directories only.  Like AuthDirMaxServersPerAddr, but
			
 
				+applies to addresses shared with directory authorities.  (Default: 5)
			
 
				 
			
 
				 .SH HIDDEN SERVICE OPTIONS
			
 
				 .PP
			
--- a/src/or/config.c
+++ b/src/or/config.c
@@ -143,6 +143,8 @@ static config_var_t _option_vars[] = {
 
				   V(AuthDirRejectUnlisted,       BOOL,     "0"),
			
 
				   V(AuthDirListBadDirs,          BOOL,     "0"),
			
 
				   V(AuthDirListBadExits,         BOOL,     "0"),
			
 
				+  V(AuthDirMaxServersPerAddr,    UINT,     "2"),
			
 
				+  V(AuthDirMaxServersPerAuthAddr,UINT,     "5"),
			
 
				   VAR("AuthoritativeDirectory",  BOOL, AuthoritativeDir,    "0"),
			
 
				   V(AutomapHostsOnResolve,       BOOL,     "0"),
			
 
				   V(AutomapHostsSuffixes,        CSV,      ".onion,.exit"),
			
--- a/src/or/dirserv.c
+++ b/src/or/dirserv.c
@@ -1965,18 +1965,24 @@ _compare_routerinfo_by_ip_and_bw(const void **a, const void **b)
 
				 static digestmap_t *
			
 
				 get_possible_sybil_list(const smartlist_t *routers)
			
 
				 {
			
 
				+  or_options_t *options = get_options();
			
 
				   digestmap_t *omit_as_sybil;
			
 
				   smartlist_t *routers_by_ip = smartlist_create();
			
 
				   uint32_t last_addr;
			
 
				   int addr_count;
			
 
				+  /* Allow at most this number of Tor servers on a single IP address, ... */
			
 
				+  int max_with_same_addr = options->AuthDirMaxServersPerAddr;
			
 
				+  /* ... unless it's a directory authority, in which case allow more. */
			
 
				+  int max_with_same_addr_on_authority = options->AuthDirMaxServersPerAuthAddr;
			
 
				+  if (max_with_same_addr <= 0)
			
 
				+    max_with_same_addr = INT_MAX;
			
 
				+  if (max_with_same_addr_on_authority <= 0)
			
 
				+    max_with_same_addr_on_authority = INT_MAX;
			
 
				+
			
 
				   smartlist_add_all(routers_by_ip, routers);
			
 
				   smartlist_sort(routers_by_ip, _compare_routerinfo_by_ip_and_bw);
			
 
				   omit_as_sybil = digestmap_new();
			
 
				 
			
 
				-/* Allow at most this number of Tor servers on a single IP address, ... */
			
 
				-#define MAX_WITH_SAME_ADDR 2
			
 
				-/* ... unless it's a directory authority, in which case allow more. */
			
 
				-#define MAX_WITH_SAME_ADDR_ON_AUTHORITY 5
			
 
				   last_addr = 0;
			
 
				   addr_count = 0;
			
 
				   SMARTLIST_FOREACH(routers_by_ip, routerinfo_t *, ri,
			
@@ -1984,9 +1990,9 @@ get_possible_sybil_list(const smartlist_t *routers)
 
				       if (last_addr != ri->addr) {
			
 
				         last_addr = ri->addr;
			
 
				         addr_count = 1;
			
 
				-      } else if (++addr_count > MAX_WITH_SAME_ADDR) {
			
 
				+      } else if (++addr_count > max_with_same_addr) {
			
 
				         if (!router_addr_is_trusted_dir(ri->addr) ||
			
 
				-            addr_count > MAX_WITH_SAME_ADDR_ON_AUTHORITY)
			
 
				+            addr_count > max_with_same_addr_on_authority)
			
 
				           digestmap_set(omit_as_sybil, ri->cache_info.identity_digest, ri);
			
 
				       }
			
 
				     });
			
--- a/src/or/or.h
+++ b/src/or/or.h
@@ -2240,6 +2240,12 @@ typedef struct {
 
				                             * and vote for all other exits as good. */
			
 
				   int AuthDirRejectUnlisted; /**< Boolean: do we reject all routers that
			
 
				                               * aren't named in our fingerprint file? */
			
 
				+  int AuthDirMaxServersPerAddr; /**< Do not permit more than this
			
 
				+                                 * number of servers per IP address. */
			
 
				+  int AuthDirMaxServersPerAuthAddr; /**< Do not permit more than this
			
 
				+                                     * number of servers per IP address shared
			
 
				+                                     * with an authority. */
			
 
				+
			
 
				   char *AccountingStart; /**< How long is the accounting interval, and when
			
 
				                           * does it start? */
			
 
				   uint64_t AccountingMax; /**< How many bytes do we allow per accounting