Abandon circs if the user changes Exclude*Nodes

If ExcludeNodes or ExcludeExitNodes changes on a config reload, mark and discard all our origin circuits.
2024-11-19 18:00:33 +01:00 · 2009-09-19 21:03:49 -04:00 · 2009-09-19 21:03:49 -04:00 · c75a2eea60
commit c75a2eea60
parent f2c51cb998
1 changed files with 9 additions and 20 deletions
--- a/src/or/config.c
+++ b/src/or/config.c
@ -1418,9 +1418,16 @@ options_act(or_options_t *old_options)

  /* Check for transitions that need action. */
  if (old_options) {
-    if (options->UseEntryGuards && !old_options->UseEntryGuards) {
+
+    if ((options->UseEntryGuards && !old_options->UseEntryGuards) ||
+        (options->ExcludeNodes &&
+         !routerset_equal(old_options->ExcludeNodes,options->ExcludeNodes)) ||
+        (options->ExcludeExitNodes &&
+         !routerset_equal(old_options->ExcludeExitNodes,
+                          options->ExcludeExitNodes))) {
      log_info(LD_CIRC,
-               "Switching to entry guards; abandoning previous circuits");
+               "Changed to using entry guards, or changed ExcludeNodes, or "
+               "changed ExcludeExitNodes. Abandoning previous circuits.");
      circuit_mark_all_unused_circs();
      circuit_expire_all_dirty_circs();
    }
@ -3204,24 +3211,6 @@ options_validate(or_options_t *old_options, or_options_t *options,
             "features to be broken in unpredictable ways.");
  }

-#if 0 /* for now, it's ok to set StrictNodes without setting any actual
-       * preferences. It won't hurt anything. Eventually, either figure
-       * out the logic for the right case to complain, or just delete. -RD */
-  if (options->StrictExitNodes &&
-      (!options->ExitNodes) &&
-      (!old_options ||
-       (old_options->StrictExitNodes != options->StrictExitNodes) ||
-       (!routerset_equal(old_options->ExitNodes,options->ExitNodes))))
-    COMPLAIN("StrictExitNodes set, but no ExitNodes listed.");
-
-  if (options->StrictEntryNodes &&
-      (!options->EntryNodes) &&
-      (!old_options ||
-       (old_options->StrictEntryNodes != options->StrictEntryNodes) ||
-       (!routerset_equal(old_options->EntryNodes,options->EntryNodes))))
-    COMPLAIN("StrictEntryNodes set, but no EntryNodes listed.");
-#endif
-
  if (options->EntryNodes && !routerset_is_list(options->EntryNodes)) {
    /* XXXX fix this; see entry_guards_prepend_from_config(). */
    REJECT("IPs or countries are not yet supported in EntryNodes.");