Implement the last of proposal 110

Reject all EXTEND requests not received in a relay_early cell
This commit is contained in:
Nick Mathewson 2011-10-28 10:51:21 -04:00
parent 878a684386
commit 0187bd8728
2 changed files with 26 additions and 0 deletions

7
changes/prop110 Normal file
View File

@ -0,0 +1,7 @@
o Major features:
- Now that Tor 0.2.0.x is completely deprecated, we can enable the
final part of "Proposal 110: Avoiding infinite length circuits"
by refusing all circuit-extend requests that do not appear in a
"relay_early" cell. This change helps Tor to resist a class of
denial-of-service attacks by limiting the maximum circuit length.

View File

@ -1194,6 +1194,25 @@ connection_edge_process_relay_cell(cell_t *cell, circuit_t *circ,
"'extend' cell received for non-zero stream. Dropping.");
return 0;
}
if (cell->command != CELL_RELAY_EARLY) {
#define EARLY_WARNING_INTERVAL 900
static ratelim_t early_warning_limit =
RATELIM_INIT(EARLY_WARNING_INTERVAL);
char *m;
if (cell->command == CELL_RELAY) {
if ((m = rate_limit_log(&early_warning_limit, approx_time()))) {
/* XXXX make this a protocol_warn once we're happier with it*/
log_fn(LOG_WARN, domain, "EXTEND cell received, "
"but not via RELAY_EARLY. Dropping.%s", m);
tor_free(m);
}
} else {
log_fn(LOG_WARN, domain,
"EXTEND cell received, in a cell with type %d! Dropping.",
cell->command);
}
return 0;
}
return circuit_extend(cell, circ);
case RELAY_COMMAND_EXTENDED:
if (!layer_hint) {