nihilist/tor
1
0
Fork 0
mirror of https://gitlab.torproject.org/tpo/core/tor.git synced 2024-12-03 00:53:32 +01:00
Code Issues Packages Projects Releases Wiki Activity

forward-port 14113-r14115

Browse Source 
svn:r14116
This commit is contained in:
Roger Dingledine 2008-03-18 23:12:41 +00:00
parent e96d22e914
commit 7ed6406ce9
1 changed files with 28 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

33
src/or/directory.c
View File

@ -611,6 +611,31 @@ connection_dir_download_cert_failed(dir_connection_t *conn, int status)
update_certificate_downloads(time(NULL)); update_certificate_downloads(time(NULL));
} }
/** Evaluate the situation and decide if we should use an encrypted
* "begindir-style" connection for this directory request.
* 1) If or_port is 0, or it's a direct conn and or_port is firewalled
* or we're a dir mirror, no.
* 2) If we prefer to avoid begindir conns, and we're not fetching or
* publishing a bridge relay descriptor, no.
* 3) Else yes.
*/
static int
directory_command_should_use_begindir(or_options_t *options, uint32_t addr,
int or_port, uint8_t router_purpose,
int anonymized_connection)
{
if (!or_port)
return 0; /* We don't know an ORPort -- no chance. */
if (!anonymized_connection)
if (!fascist_firewall_allows_address_or(addr, or_port) ||
directory_fetches_from_authorities(options))
return 0; /* We're firewalled or are acting like a relay -- also no. */
if (!options->TunnelDirConns &&
router_purpose != ROUTER_PURPOSE_BRIDGE)
return 0; /* We prefer to avoid using begindir conns. Fine. */
return 1;
}
/** Helper for directory_initiate_command_routerstatus: send the /** Helper for directory_initiate_command_routerstatus: send the
* command to a server whose address is <b>address</b>, whose IP is * command to a server whose address is <b>address</b>, whose IP is
* <b>addr</b>, whose directory port is <b>dir_port</b>, whose tor version * <b>addr</b>, whose directory port is <b>dir_port</b>, whose tor version
@ -627,11 +652,9 @@ directory_initiate_command(const char *address, uint32_t addr,
{ {
dir_connection_t *conn; dir_connection_t *conn;
or_options_t *options = get_options(); or_options_t *options = get_options();
int use_begindir = supports_begindir && or_port && int use_begindir = supports_begindir &&
(options->TunnelDirConns || directory_command_should_use_begindir(options, addr,
router_purpose == ROUTER_PURPOSE_BRIDGE) && or_port, router_purpose, anonymized_connection);
(anonymized_connection ||
fascist_firewall_allows_address_or(addr, or_port));
tor_assert(address); tor_assert(address);
tor_assert(addr); tor_assert(addr);