Change bug1751 enabling code based on comments from arma

This commit is contained in:
Nick Mathewson 2010-09-27 17:07:22 -04:00
parent ef5925237d
commit 6c5b9ba625
5 changed files with 10 additions and 12 deletions

View File

@ -1240,7 +1240,6 @@ options_act(or_options_t *old_options)
return -1; return -1;
} }
/* Change the cell EWMA settings */ /* Change the cell EWMA settings */
cell_ewma_set_scale_factor(options, networkstatus_get_latest_consensus()); cell_ewma_set_scale_factor(options, networkstatus_get_latest_consensus());

View File

@ -2488,6 +2488,7 @@ connection_exit_begin_conn(cell_t *cell, circuit_t *circ)
char *address=NULL; char *address=NULL;
uint16_t port; uint16_t port;
or_circuit_t *or_circ = NULL; or_circuit_t *or_circ = NULL;
or_options_t *options = get_options();
assert_circuit_ok(circ); assert_circuit_ok(circ);
if (!CIRCUIT_IS_ORIGIN(circ)) if (!CIRCUIT_IS_ORIGIN(circ))
@ -2500,7 +2501,7 @@ connection_exit_begin_conn(cell_t *cell, circuit_t *circ)
* that we have a stream connected to a circuit, and we don't connect to a * that we have a stream connected to a circuit, and we don't connect to a
* circuit until we have a pending/successful resolve. */ * circuit until we have a pending/successful resolve. */
if (!server_mode(get_options()) && if (!server_mode(options) &&
circ->purpose != CIRCUIT_PURPOSE_S_REND_JOINED) { circ->purpose != CIRCUIT_PURPOSE_S_REND_JOINED) {
log_fn(LOG_PROTOCOL_WARN, LD_PROTOCOL, log_fn(LOG_PROTOCOL_WARN, LD_PROTOCOL,
"Relay begin cell at non-server. Closing."); "Relay begin cell at non-server. Closing.");
@ -2533,11 +2534,11 @@ connection_exit_begin_conn(cell_t *cell, circuit_t *circ)
tor_free(address); tor_free(address);
return 0; return 0;
} }
if (or_circ && or_circ->p_conn && !get_options()->AllowSingleHopExits && if (or_circ && or_circ->p_conn && !options->AllowSingleHopExits &&
(or_circ->is_first_hop || (or_circ->is_first_hop ||
(!connection_or_digest_is_known_relay( (!connection_or_digest_is_known_relay(
or_circ->p_conn->identity_digest) && or_circ->p_conn->identity_digest) &&
should_refuse_unknown_exits(get_options())))) { should_refuse_unknown_exits(options)))) {
/* Don't let clients use us as a single-hop proxy, unless the user /* Don't let clients use us as a single-hop proxy, unless the user
* has explicitly allowed that in the config. It attracts attackers * has explicitly allowed that in the config. It attracts attackers
* and users who'd be better off with, well, single-hop proxies. * and users who'd be better off with, well, single-hop proxies.
@ -2557,7 +2558,7 @@ connection_exit_begin_conn(cell_t *cell, circuit_t *circ)
return 0; return 0;
} }
} else if (rh.command == RELAY_COMMAND_BEGIN_DIR) { } else if (rh.command == RELAY_COMMAND_BEGIN_DIR) {
if (!directory_permits_begindir_requests(get_options()) || if (!directory_permits_begindir_requests(options) ||
circ->purpose != CIRCUIT_PURPOSE_OR) { circ->purpose != CIRCUIT_PURPOSE_OR) {
relay_send_end_cell_from_edge(rh.stream_id, circ, relay_send_end_cell_from_edge(rh.stream_id, circ,
END_STREAM_REASON_NOTDIRECTORY, NULL); END_STREAM_REASON_NOTDIRECTORY, NULL);

View File

@ -1212,7 +1212,7 @@ directory_caches_dir_info(or_options_t *options)
if (!server_mode(options) || !advertised_server_mode()) if (!server_mode(options) || !advertised_server_mode())
return 0; return 0;
/* We need an up-to-date view of network info if we're going to try to /* We need an up-to-date view of network info if we're going to try to
* block unknown exits. */ * block exit attempts from unknown relays. */
return router_my_exit_policy_is_reject_star() && return router_my_exit_policy_is_reject_star() &&
should_refuse_unknown_exits(options); should_refuse_unknown_exits(options);
} }

View File

@ -2470,8 +2470,9 @@ typedef struct {
/** Whether we should drop exit streams from Tors that we don't know are /** Whether we should drop exit streams from Tors that we don't know are
* relays. One of "0" (never refuse), "1" (always refuse), or "auto" (do * relays. One of "0" (never refuse), "1" (always refuse), or "auto" (do
* what the consensus says). -RD */ * what the consensus says, defaulting to 'refuse' if the consensus says
const char *RefuseUnknownExits; * nothing). */
char *RefuseUnknownExits;
/** Parsed version of RefuseUnknownExits. -1 for auto. */ /** Parsed version of RefuseUnknownExits. -1 for auto. */
int RefuseUnknownExits_; int RefuseUnknownExits_;

View File

@ -982,13 +982,10 @@ server_mode(or_options_t *options)
int int
should_refuse_unknown_exits(or_options_t *options) should_refuse_unknown_exits(or_options_t *options)
{ {
networkstatus_t *consensus;
if (options->RefuseUnknownExits_ != -1) { if (options->RefuseUnknownExits_ != -1) {
return options->RefuseUnknownExits_; return options->RefuseUnknownExits_;
} else if ((consensus = networkstatus_get_latest_consensus()) != NULL) {
return networkstatus_get_param(consensus, "refuseunknownexits", 1);
} else { } else {
return 1; return networkstatus_get_param(NULL, "refuseunknownexits", 1);
} }
} }