r17548@catbus: nickm | 2008-01-10 11:08:12 -0500

 Make proposal-109 behavior optional.


svn:r13090

ChangeLog

@@ -46,6 +46,11 @@ Changes in version 0.2.0.16-alpha - 2008-01-??
       that don't otherwise fit into the torrc file.
     - The SETCONF command now handles quoted values correctly.
 
+  o Minor features (directory authorities):
+    - New configuration options to override default maximum number of
+      servers allowed on a single IP address.  This is important
+      for running a test network on a single host.
+
   o Minor features (other):
     - Add hidden services and DNSPorts to the list of things that make
       Tor accept that it has running ports.  Change starting Tor with

doc/TODO

@@ -21,7 +21,7 @@ R - Figure out the autoconf problem with adding a fallback consensus.
 R - add a geoip file
 W   - figure out license
 R - let bridges set relaybandwidthrate as low as 5kb
-N - we need a config option to turn off proposal 109 behavior,
+  o we need a config option to turn off proposal 109 behavior,
 RK- make it easier to set up a private tor network on your own computer
     is very hard.
     - FAQ entry which is wrong

doc/tor.1.in

@@ -1129,6 +1129,17 @@ Authoritative directories only.  If set to 1, the directory server
 rejects all uploaded server descriptors that aren't explicitly listed
 in the fingerprints file. This acts as a "panic button" if we get
 Sybiled. (Default: 0)
+.LP
+.TP
+\fBAuthDirMaxServersPerAddr\fR \fINUM\fP
+Authoritative directories only.  The maximum number of servers that we
+will list as acceptable on a single IP address.  Set this to "0" for
+"no limit". (Default: 2)
+.LP
+.TP
+\fBAuthDirMaxServersPerAuthAddr\fR \fINUM\fP
+Authoritative directories only.  Like AuthDirMaxServersPerAddr, but
+applies to addresses shared with directory authorities.  (Default: 5)
 
 .SH HIDDEN SERVICE OPTIONS
 .PP

src/or/config.c

@@ -143,6 +143,8 @@ static config_var_t _option_vars[] = {
   V(AuthDirRejectUnlisted,       BOOL,     "0"),
   V(AuthDirListBadDirs,          BOOL,     "0"),
   V(AuthDirListBadExits,         BOOL,     "0"),
+  V(AuthDirMaxServersPerAddr,    UINT,     "2"),
+  V(AuthDirMaxServersPerAuthAddr,UINT,     "5"),
   VAR("AuthoritativeDirectory",  BOOL, AuthoritativeDir,    "0"),
   V(AutomapHostsOnResolve,       BOOL,     "0"),
   V(AutomapHostsSuffixes,        CSV,      ".onion,.exit"),

src/or/dirserv.c

@@ -1965,18 +1965,24 @@ _compare_routerinfo_by_ip_and_bw(const void **a, const void **b)
 static digestmap_t *
 get_possible_sybil_list(const smartlist_t *routers)
 {
+  or_options_t *options = get_options();
   digestmap_t *omit_as_sybil;
   smartlist_t *routers_by_ip = smartlist_create();
   uint32_t last_addr;
   int addr_count;
+  /* Allow at most this number of Tor servers on a single IP address, ... */
+  int max_with_same_addr = options->AuthDirMaxServersPerAddr;
+  /* ... unless it's a directory authority, in which case allow more. */
+  int max_with_same_addr_on_authority = options->AuthDirMaxServersPerAuthAddr;
+  if (max_with_same_addr <= 0)
+    max_with_same_addr = INT_MAX;
+  if (max_with_same_addr_on_authority <= 0)
+    max_with_same_addr_on_authority = INT_MAX;
+
   smartlist_add_all(routers_by_ip, routers);
   smartlist_sort(routers_by_ip, _compare_routerinfo_by_ip_and_bw);
   omit_as_sybil = digestmap_new();
 
-/* Allow at most this number of Tor servers on a single IP address, ... */
-#define MAX_WITH_SAME_ADDR 2
-/* ... unless it's a directory authority, in which case allow more. */
-#define MAX_WITH_SAME_ADDR_ON_AUTHORITY 5
   last_addr = 0;
   addr_count = 0;
   SMARTLIST_FOREACH(routers_by_ip, routerinfo_t *, ri,
@@ -1984,9 +1990,9 @@ get_possible_sybil_list(const smartlist_t *routers)
       if (last_addr != ri->addr) {
         last_addr = ri->addr;
         addr_count = 1;
-      } else if (++addr_count > MAX_WITH_SAME_ADDR) {
+      } else if (++addr_count > max_with_same_addr) {
         if (!router_addr_is_trusted_dir(ri->addr) ||
-            addr_count > MAX_WITH_SAME_ADDR_ON_AUTHORITY)
+            addr_count > max_with_same_addr_on_authority)
           digestmap_set(omit_as_sybil, ri->cache_info.identity_digest, ri);
       }
     });

src/or/or.h

@@ -2240,6 +2240,12 @@ typedef struct {
                             * and vote for all other exits as good. */
   int AuthDirRejectUnlisted; /**< Boolean: do we reject all routers that
                               * aren't named in our fingerprint file? */
+  int AuthDirMaxServersPerAddr; /**< Do not permit more than this
+                                 * number of servers per IP address. */
+  int AuthDirMaxServersPerAuthAddr; /**< Do not permit more than this
+                                     * number of servers per IP address shared
+                                     * with an authority. */
+
   char *AccountingStart; /**< How long is the accounting interval, and when
                           * does it start? */
   uint64_t AccountingMax; /**< How many bytes do we allow per accounting