diff options
| author | Nick Mathewson <nickm@torproject.org> | 2011-03-28 17:29:59 -0400 |
|---|---|---|
| committer | Nick Mathewson <nickm@torproject.org> | 2011-04-26 23:54:16 -0400 |
| commit | 4851de554d5fc473cc9418b15bfb752e45b7d81d (patch) | |
| tree | ea71c8b607b82a17e72c4863f3f750afca73dba7 | |
| parent | e4689d840266088739eee39e9bef84e13c988ce9 (diff) | |
| download | tor-4851de554d5fc473cc9418b15bfb752e45b7d81d.tar tor-4851de554d5fc473cc9418b15bfb752e45b7d81d.tar.gz | |
Do not automatically ignore Fast/Stable for exits when ExitNodes is set
This once maybe made sense when ExitNodes meant "Here are 3 exits;
use them all", but now it more typically means "Here are 3
countries; exit from there." Using non-Fast/Stable exits created a
potential partitioning opportunity and an annoying stability
problem.
(Don't worry about the case where all of our ExitNodes are non-Fast
or non-Stable: we handle that later in the function by retrying with
need_capacity and need_uptime set to 0.)
| -rw-r--r-- | changes/exitnodes_reliable | 7 | ||||
| -rw-r--r-- | src/or/circuitbuild.c | 18 |
2 files changed, 12 insertions, 13 deletions
diff --git a/changes/exitnodes_reliable b/changes/exitnodes_reliable new file mode 100644 index 000000000..62ef03a0c --- /dev/null +++ b/changes/exitnodes_reliable @@ -0,0 +1,7 @@ + o Minor features: + - If ExitNodes is set, still pay attention to the Fast/Stable + status of exits when picking exit nodes. (We used to ignore + these flags when ExitNodes was set, on the grounds that people + who set exitnodes wanted all of those nodes to get used, but + with the ability to pick exits by country and IP range, this + doesn't necessarily make sense any more.) diff --git a/src/or/circuitbuild.c b/src/or/circuitbuild.c index b6627a0f8..714d6365c 100644 --- a/src/or/circuitbuild.c +++ b/src/or/circuitbuild.c @@ -2697,20 +2697,12 @@ choose_good_exit_server_general(routerlist_t *dir, int need_uptime, continue; /* not one of our chosen exit nodes */ } - if (router_is_unreliable(router, need_uptime, need_capacity, 0) && - !options->ExitNodes) { - /* FFFF Someday, differentiate between a routerset that names - * routers, and a routerset that names countries, and only do this - * check if they've asked for specific exit relays. Or if the country - * they ask for is rare. Or something. */ - /* XXX022-1090 We need to pick a tradeoff here: if we throw it out because - * it's unreliable, users might end up with no exit options even - * though some options are up. If we don't throw it out, users who - * set ExitNodes will have partitioning problems because they'll be - * the only folks willing to use this node. */ + if (router_is_unreliable(router, need_uptime, need_capacity, 0)) { n_supported[i] = -1; - continue; /* skip routers that are not suitable, unless we have - * ExitNodes set, in which case we asked for it */ + continue; /* skip routers that are not suitable. Don't worry if + * this makes us reject all the possible routers: if so, + * we'll retry later in this function with need_update and + * need_capacity set to 0. */ } if (!(router->is_valid || options->_AllowInvalid & ALLOW_INVALID_EXIT)) { /* if it's invalid and we don't want it */ |