mirror of
https://gitlab.torproject.org/tpo/core/tor.git
synced 2024-11-28 06:13:31 +01:00
Change bug1751 enabling code based on comments from arma
This commit is contained in:
parent
ef5925237d
commit
6c5b9ba625
@ -1240,7 +1240,6 @@ options_act(or_options_t *old_options)
|
|||||||
return -1;
|
return -1;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
/* Change the cell EWMA settings */
|
/* Change the cell EWMA settings */
|
||||||
cell_ewma_set_scale_factor(options, networkstatus_get_latest_consensus());
|
cell_ewma_set_scale_factor(options, networkstatus_get_latest_consensus());
|
||||||
|
|
||||||
|
@ -2488,6 +2488,7 @@ connection_exit_begin_conn(cell_t *cell, circuit_t *circ)
|
|||||||
char *address=NULL;
|
char *address=NULL;
|
||||||
uint16_t port;
|
uint16_t port;
|
||||||
or_circuit_t *or_circ = NULL;
|
or_circuit_t *or_circ = NULL;
|
||||||
|
or_options_t *options = get_options();
|
||||||
|
|
||||||
assert_circuit_ok(circ);
|
assert_circuit_ok(circ);
|
||||||
if (!CIRCUIT_IS_ORIGIN(circ))
|
if (!CIRCUIT_IS_ORIGIN(circ))
|
||||||
@ -2500,7 +2501,7 @@ connection_exit_begin_conn(cell_t *cell, circuit_t *circ)
|
|||||||
* that we have a stream connected to a circuit, and we don't connect to a
|
* that we have a stream connected to a circuit, and we don't connect to a
|
||||||
* circuit until we have a pending/successful resolve. */
|
* circuit until we have a pending/successful resolve. */
|
||||||
|
|
||||||
if (!server_mode(get_options()) &&
|
if (!server_mode(options) &&
|
||||||
circ->purpose != CIRCUIT_PURPOSE_S_REND_JOINED) {
|
circ->purpose != CIRCUIT_PURPOSE_S_REND_JOINED) {
|
||||||
log_fn(LOG_PROTOCOL_WARN, LD_PROTOCOL,
|
log_fn(LOG_PROTOCOL_WARN, LD_PROTOCOL,
|
||||||
"Relay begin cell at non-server. Closing.");
|
"Relay begin cell at non-server. Closing.");
|
||||||
@ -2533,11 +2534,11 @@ connection_exit_begin_conn(cell_t *cell, circuit_t *circ)
|
|||||||
tor_free(address);
|
tor_free(address);
|
||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
if (or_circ && or_circ->p_conn && !get_options()->AllowSingleHopExits &&
|
if (or_circ && or_circ->p_conn && !options->AllowSingleHopExits &&
|
||||||
(or_circ->is_first_hop ||
|
(or_circ->is_first_hop ||
|
||||||
(!connection_or_digest_is_known_relay(
|
(!connection_or_digest_is_known_relay(
|
||||||
or_circ->p_conn->identity_digest) &&
|
or_circ->p_conn->identity_digest) &&
|
||||||
should_refuse_unknown_exits(get_options())))) {
|
should_refuse_unknown_exits(options)))) {
|
||||||
/* Don't let clients use us as a single-hop proxy, unless the user
|
/* Don't let clients use us as a single-hop proxy, unless the user
|
||||||
* has explicitly allowed that in the config. It attracts attackers
|
* has explicitly allowed that in the config. It attracts attackers
|
||||||
* and users who'd be better off with, well, single-hop proxies.
|
* and users who'd be better off with, well, single-hop proxies.
|
||||||
@ -2557,7 +2558,7 @@ connection_exit_begin_conn(cell_t *cell, circuit_t *circ)
|
|||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
} else if (rh.command == RELAY_COMMAND_BEGIN_DIR) {
|
} else if (rh.command == RELAY_COMMAND_BEGIN_DIR) {
|
||||||
if (!directory_permits_begindir_requests(get_options()) ||
|
if (!directory_permits_begindir_requests(options) ||
|
||||||
circ->purpose != CIRCUIT_PURPOSE_OR) {
|
circ->purpose != CIRCUIT_PURPOSE_OR) {
|
||||||
relay_send_end_cell_from_edge(rh.stream_id, circ,
|
relay_send_end_cell_from_edge(rh.stream_id, circ,
|
||||||
END_STREAM_REASON_NOTDIRECTORY, NULL);
|
END_STREAM_REASON_NOTDIRECTORY, NULL);
|
||||||
|
@ -1212,7 +1212,7 @@ directory_caches_dir_info(or_options_t *options)
|
|||||||
if (!server_mode(options) || !advertised_server_mode())
|
if (!server_mode(options) || !advertised_server_mode())
|
||||||
return 0;
|
return 0;
|
||||||
/* We need an up-to-date view of network info if we're going to try to
|
/* We need an up-to-date view of network info if we're going to try to
|
||||||
* block unknown exits. */
|
* block exit attempts from unknown relays. */
|
||||||
return router_my_exit_policy_is_reject_star() &&
|
return router_my_exit_policy_is_reject_star() &&
|
||||||
should_refuse_unknown_exits(options);
|
should_refuse_unknown_exits(options);
|
||||||
}
|
}
|
||||||
|
@ -2470,8 +2470,9 @@ typedef struct {
|
|||||||
|
|
||||||
/** Whether we should drop exit streams from Tors that we don't know are
|
/** Whether we should drop exit streams from Tors that we don't know are
|
||||||
* relays. One of "0" (never refuse), "1" (always refuse), or "auto" (do
|
* relays. One of "0" (never refuse), "1" (always refuse), or "auto" (do
|
||||||
* what the consensus says). -RD */
|
* what the consensus says, defaulting to 'refuse' if the consensus says
|
||||||
const char *RefuseUnknownExits;
|
* nothing). */
|
||||||
|
char *RefuseUnknownExits;
|
||||||
/** Parsed version of RefuseUnknownExits. -1 for auto. */
|
/** Parsed version of RefuseUnknownExits. -1 for auto. */
|
||||||
int RefuseUnknownExits_;
|
int RefuseUnknownExits_;
|
||||||
|
|
||||||
|
@ -982,13 +982,10 @@ server_mode(or_options_t *options)
|
|||||||
int
|
int
|
||||||
should_refuse_unknown_exits(or_options_t *options)
|
should_refuse_unknown_exits(or_options_t *options)
|
||||||
{
|
{
|
||||||
networkstatus_t *consensus;
|
|
||||||
if (options->RefuseUnknownExits_ != -1) {
|
if (options->RefuseUnknownExits_ != -1) {
|
||||||
return options->RefuseUnknownExits_;
|
return options->RefuseUnknownExits_;
|
||||||
} else if ((consensus = networkstatus_get_latest_consensus()) != NULL) {
|
|
||||||
return networkstatus_get_param(consensus, "refuseunknownexits", 1);
|
|
||||||
} else {
|
} else {
|
||||||
return 1;
|
return networkstatus_get_param(NULL, "refuseunknownexits", 1);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user