mirror of
https://gitlab.torproject.org/tpo/core/tor.git
synced 2024-11-24 04:13:28 +01:00
r8877@Kushana: nickm | 2006-09-21 17:12:33 -0400
Consider non-exit servers unsuitable for RESOLVE commands. svn:r8442
This commit is contained in:
parent
d273d52979
commit
6a1746f98f
@ -11,6 +11,8 @@ Changes in version 0.1.2.2-alpha - 2006-??-??
|
|||||||
- Check for name servers (like Earthlink's) that hijack failing DNS
|
- Check for name servers (like Earthlink's) that hijack failing DNS
|
||||||
requests and replace the 'no such server' answer with a "helpful"
|
requests and replace the 'no such server' answer with a "helpful"
|
||||||
redirect to an advertising-driven search portal. [Resolves bug 330.]
|
redirect to an advertising-driven search portal. [Resolves bug 330.]
|
||||||
|
- When asked to resolve a hostname, don't use non-exit servers. This
|
||||||
|
allows servers with broken DNS be useful to the network.
|
||||||
|
|
||||||
o Security Fixes, minor
|
o Security Fixes, minor
|
||||||
- If a client asked for a server by name, and we didn't have a
|
- If a client asked for a server by name, and we didn't have a
|
||||||
|
2
doc/TODO
2
doc/TODO
@ -90,7 +90,7 @@ N - DNS improvements
|
|||||||
o Option to deal with broken DNS of the "ggoogle.com? Ah, you meant
|
o Option to deal with broken DNS of the "ggoogle.com? Ah, you meant
|
||||||
ads.me.com!" variety.
|
ads.me.com!" variety.
|
||||||
o Autodetect whether DNS is broken in this way.
|
o Autodetect whether DNS is broken in this way.
|
||||||
- Don't ask reject *:* nodes for DNS unless client wants you to.
|
o Don't ask reject *:* nodes for DNS unless client wants you to.
|
||||||
. Asynchronous DNS
|
. Asynchronous DNS
|
||||||
o Document and rename SearchDomains, ResolvConf options
|
o Document and rename SearchDomains, ResolvConf options
|
||||||
D Make API closer to getaddrinfo()
|
D Make API closer to getaddrinfo()
|
||||||
|
@ -929,9 +929,9 @@ circuit_reset_failure_count(int timeout)
|
|||||||
n_circuit_failures = 0;
|
n_circuit_failures = 0;
|
||||||
}
|
}
|
||||||
|
|
||||||
/** Find an open circ that we're happy with: return 1. If there isn't
|
/** Find an open circ that we're happy to use for <b>conn</b> and return 1. If
|
||||||
* one, and there isn't one on the way, launch one and return 0. If it
|
* there isn't one, and there isn't one on the way, launch one and return
|
||||||
* will never work, return -1.
|
* 0. If it will never work, return -1.
|
||||||
*
|
*
|
||||||
* Write the found or in-progress or launched circ into *circp.
|
* Write the found or in-progress or launched circ into *circp.
|
||||||
*/
|
*/
|
||||||
|
@ -2082,6 +2082,10 @@ connection_ap_can_use_exit(edge_connection_t *conn, routerinfo_t *exit)
|
|||||||
exit->exit_policy);
|
exit->exit_policy);
|
||||||
if (r == ADDR_POLICY_REJECTED || r == ADDR_POLICY_PROBABLY_REJECTED)
|
if (r == ADDR_POLICY_REJECTED || r == ADDR_POLICY_PROBABLY_REJECTED)
|
||||||
return 0;
|
return 0;
|
||||||
|
} else {
|
||||||
|
/* Don't send DNS requests to non-exit servers by default. */
|
||||||
|
if (policy_is_reject_star(exit->exit_policy))
|
||||||
|
return 0;
|
||||||
}
|
}
|
||||||
return 1;
|
return 1;
|
||||||
}
|
}
|
||||||
|
@ -2269,6 +2269,7 @@ int policies_parse_exit_policy(config_line_t *cfg,
|
|||||||
addr_policy_t **dest,
|
addr_policy_t **dest,
|
||||||
int rejectprivate);
|
int rejectprivate);
|
||||||
int exit_policy_is_general_exit(addr_policy_t *policy);
|
int exit_policy_is_general_exit(addr_policy_t *policy);
|
||||||
|
int policy_is_reject_star(addr_policy_t *policy);
|
||||||
int policies_getinfo_helper(const char *question, char **answer);
|
int policies_getinfo_helper(const char *question, char **answer);
|
||||||
|
|
||||||
void addr_policy_free(addr_policy_t *p);
|
void addr_policy_free(addr_policy_t *p);
|
||||||
|
@ -629,6 +629,22 @@ exit_policy_is_general_exit(addr_policy_t *policy)
|
|||||||
return n_allowed >= 2;
|
return n_allowed >= 2;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/** Return false if <b>policy</b> might permit access to some addr:port;
|
||||||
|
* otherwise if we are certain it rejects everything, return true. */
|
||||||
|
int
|
||||||
|
policy_is_reject_star(addr_policy_t *p)
|
||||||
|
{
|
||||||
|
for ( ; p; p = p->next) {
|
||||||
|
if (p->policy_type == ADDR_POLICY_ACCEPT)
|
||||||
|
return 0;
|
||||||
|
else if (p->policy_type == ADDR_POLICY_REJECT &&
|
||||||
|
p->prt_min <= 1 && p->prt_max == 65535 &&
|
||||||
|
p->msk == 0)
|
||||||
|
return 1;
|
||||||
|
}
|
||||||
|
return 1;
|
||||||
|
}
|
||||||
|
|
||||||
int
|
int
|
||||||
policies_getinfo_helper(const char *question, char **answer)
|
policies_getinfo_helper(const char *question, char **answer)
|
||||||
{
|
{
|
||||||
|
Loading…
Reference in New Issue
Block a user