Bug 25870: Allow the last hop in a vanguard circuit to be our guard.

The last hop in vanguard circuits can be an RP/IP/HSDir.

Since vanguard circuits are at least 3 hops (sometimes 4) before this node,
this change will not cause A - B - A paths.
This commit is contained in:
Mike Perry 2018-04-20 18:58:15 +00:00 committed by George Kadianakis
parent d8ac7d557c
commit d634c1ba6b
3 changed files with 11 additions and 3 deletions

View File

@ -2628,7 +2628,7 @@ choose_good_entry_server(uint8_t purpose, cpath_build_state_t *state,
/* This request is for an entry server to use for a regular circuit, /* This request is for an entry server to use for a regular circuit,
* and we use entry guard nodes. Just return one of the guard nodes. */ * and we use entry guard nodes. Just return one of the guard nodes. */
tor_assert(guard_state_out); tor_assert(guard_state_out);
return guards_choose_guard(state, guard_state_out); return guards_choose_guard(state, purpose, guard_state_out);
} }
excluded = smartlist_new(); excluded = smartlist_new();

View File

@ -118,6 +118,7 @@
#include "circpathbias.h" #include "circpathbias.h"
#include "circuitbuild.h" #include "circuitbuild.h"
#include "circuitlist.h" #include "circuitlist.h"
#include "circuituse.h"
#include "circuitstats.h" #include "circuitstats.h"
#include "config.h" #include "config.h"
#include "confparse.h" #include "confparse.h"
@ -3473,12 +3474,18 @@ guards_update_all(void)
used. */ used. */
const node_t * const node_t *
guards_choose_guard(cpath_build_state_t *state, guards_choose_guard(cpath_build_state_t *state,
uint8_t purpose,
circuit_guard_state_t **guard_state_out) circuit_guard_state_t **guard_state_out)
{ {
const node_t *r = NULL; const node_t *r = NULL;
const uint8_t *exit_id = NULL; const uint8_t *exit_id = NULL;
entry_guard_restriction_t *rst = NULL; entry_guard_restriction_t *rst = NULL;
if (state && (exit_id = build_state_get_exit_rsa_id(state))) {
/* Only apply restrictions if we have a specific exit node in mind, and only
* if we are not doing vanguard circuits: we don't want to apply guard
* restrictions to vanguard circuits. */
if (state && !circuit_should_use_vanguards(purpose) &&
(exit_id = build_state_get_exit_rsa_id(state))) {
/* We're building to a targeted exit node, so that node can't be /* We're building to a targeted exit node, so that node can't be
* chosen as our guard for this circuit. Remember that fact in a * chosen as our guard for this circuit. Remember that fact in a
* restriction. */ * restriction. */

View File

@ -322,6 +322,7 @@ struct circuit_guard_state_t {
/* Common entry points for old and new guard code */ /* Common entry points for old and new guard code */
int guards_update_all(void); int guards_update_all(void);
const node_t *guards_choose_guard(cpath_build_state_t *state, const node_t *guards_choose_guard(cpath_build_state_t *state,
uint8_t purpose,
circuit_guard_state_t **guard_state_out); circuit_guard_state_t **guard_state_out);
const node_t *guards_choose_dirguard(uint8_t dir_purpose, const node_t *guards_choose_dirguard(uint8_t dir_purpose,
circuit_guard_state_t **guard_state_out); circuit_guard_state_t **guard_state_out);