Allow IPs or country in EntryNodes
Right now we block you from setting entrynodes to {de} in options_validate():
if (options->EntryNodes && !routerset_is_list(options->EntryNodes)) {
/* XXXX fix this; see entry_guards_prepend_from_config(). */
REJECT("IPs or countries are not yet supported in EntryNodes.");
}
with a comment in entry_guards_prepend_from_config() that says:
/* XXXX022 Now that we allow countries and IP ranges in EntryNodes, this is
* potentially an enormous list. For now, we disable such values for
* EntryNodes in options_validate(); really, this wants a better solution.
* Perhaps we should do this calculation once whenever the list of routers
* changes or the entrynodes setting changes.
*/
We actually already do this calculation only when the entrynodes setting changes or when directory_info_has_arrived() gets called. Actually, it's better than that -- we only do the calculation if we make a new circuit and, since the last time we made a circuit, entrynodes changed or we got new dir info.
I just took out the check in my local Tor, set my entrynodes to {de}, and things look like they're going ok. Dunno if there is more cpu load compared to normal, since Tor clients are so light.
(Note that we also call count_usable_descriptors() on entrynodes every minute or so now, to ensure that router-have-minimum-dir-info is still accurate.)