mirror of
https://gitlab.torproject.org/tpo/core/tor.git
synced 2024-11-27 22:03:31 +01:00
When checking if a routerstatus is reachable, don't check the node
This fixes #19608, allowing IPv6-only clients to use
microdescriptors, while preserving the ability of bridge clients
to have some IPv4 bridges and some IPv6 bridges.
Fix on c281c036
in 0.2.8.2-alpha.
This commit is contained in:
parent
4f4d77c435
commit
b167e82f62
6
changes/bug19608
Normal file
6
changes/bug19608
Normal file
@ -0,0 +1,6 @@
|
||||
o Minor bugfixes (IPv6, microdescriptors):
|
||||
- Don't check node addresses when we only have a routerstatus.
|
||||
This allows IPv6-only clients to bootstrap by fetching
|
||||
microdescriptors from fallback directory mirrors.
|
||||
(The microdescriptor consensus has no IPv6 addresses in it.)
|
||||
Fixes bug 19608; bugfix on c281c036 in 0.2.8.2-alpha.
|
@ -618,7 +618,7 @@ fascist_firewall_allows_ri_impl(const routerinfo_t *ri,
|
||||
pref_ipv6);
|
||||
}
|
||||
|
||||
/** Like fascist_firewall_allows_rs, but doesn't consult the node. */
|
||||
/** Like fascist_firewall_allows_rs, but takes pref_ipv6. */
|
||||
static int
|
||||
fascist_firewall_allows_rs_impl(const routerstatus_t *rs,
|
||||
firewall_connection_t fw_connection,
|
||||
@ -636,10 +636,11 @@ fascist_firewall_allows_rs_impl(const routerstatus_t *rs,
|
||||
}
|
||||
|
||||
/** Like fascist_firewall_allows_base(), but takes rs.
|
||||
* Consults the corresponding node, then falls back to rs if node is NULL.
|
||||
* This should only happen when there's no valid consensus, and rs doesn't
|
||||
* correspond to a bridge client's bridge.
|
||||
*/
|
||||
* When rs is a fake_status from a dir_server_t, it can have a reachable
|
||||
* address, even when the corresponding node does not.
|
||||
* nodes can be missing addresses when there's no consensus (IPv4 and IPv6),
|
||||
* or when there is a microdescriptor consensus, but no microdescriptors
|
||||
* (microdescriptors have IPv6, the microdesc consensus does not). */
|
||||
int
|
||||
fascist_firewall_allows_rs(const routerstatus_t *rs,
|
||||
firewall_connection_t fw_connection, int pref_only)
|
||||
@ -648,13 +649,8 @@ fascist_firewall_allows_rs(const routerstatus_t *rs,
|
||||
return 0;
|
||||
}
|
||||
|
||||
const node_t *node = node_get_by_id(rs->identity_digest);
|
||||
|
||||
if (node) {
|
||||
return fascist_firewall_allows_node(node, fw_connection, pref_only);
|
||||
} else {
|
||||
/* There's no node-specific IPv6 preference, so use the generic IPv6
|
||||
* preference instead. */
|
||||
/* We don't have access to the node-specific IPv6 preference, so use the
|
||||
* generic IPv6 preference instead. */
|
||||
const or_options_t *options = get_options();
|
||||
int pref_ipv6 = (fw_connection == FIREWALL_OR_CONNECTION
|
||||
? fascist_firewall_prefer_ipv6_orport(options)
|
||||
@ -662,7 +658,6 @@ fascist_firewall_allows_rs(const routerstatus_t *rs,
|
||||
|
||||
return fascist_firewall_allows_rs_impl(rs, fw_connection, pref_only,
|
||||
pref_ipv6);
|
||||
}
|
||||
}
|
||||
|
||||
/** Return true iff we think our firewall will let us make a connection to
|
||||
@ -742,8 +737,7 @@ fascist_firewall_allows_dir_server(const dir_server_t *ds,
|
||||
/* A dir_server_t always has a fake_status. As long as it has the same
|
||||
* addresses/ports in both fake_status and dir_server_t, this works fine.
|
||||
* (See #17867.)
|
||||
* This function relies on fascist_firewall_choose_address_rs looking up the
|
||||
* node if it can, because that will get the latest info for the relay. */
|
||||
* fascist_firewall_allows_rs only checks the addresses in fake_status. */
|
||||
return fascist_firewall_allows_rs(&ds->fake_status, fw_connection,
|
||||
pref_only);
|
||||
}
|
||||
|
Loading…
Reference in New Issue
Block a user