[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
[or-cvs] r10035: Make PreferTunneledDirConns and TunnelDirConns work even whe (in tor/trunk: . src/or)
- To: or-cvs@xxxxxxxxxxxxx
- Subject: [or-cvs] r10035: Make PreferTunneledDirConns and TunnelDirConns work even whe (in tor/trunk: . src/or)
- From: arma@xxxxxxxx
- Date: Fri, 27 Apr 2007 06:26:15 -0400 (EDT)
- Delivered-to: archiver@seul.org
- Delivered-to: or-cvs-outgoing@seul.org
- Delivered-to: or-cvs@seul.org
- Delivery-date: Fri, 27 Apr 2007 06:26:26 -0400
- Reply-to: or-talk@xxxxxxxxxxxxx
- Sender: owner-or-cvs@xxxxxxxxxxxxx
Author: arma
Date: 2007-04-27 06:26:09 -0400 (Fri, 27 Apr 2007)
New Revision: 10035
Modified:
tor/trunk/ChangeLog
tor/trunk/src/or/circuituse.c
tor/trunk/src/or/directory.c
tor/trunk/src/or/or.h
tor/trunk/src/or/router.c
tor/trunk/src/or/routerlist.c
Log:
Make PreferTunneledDirConns and TunnelDirConns work even when
we have no cached directory info. This means Tor clients can now
do all of their connections protected by TLS.
Modified: tor/trunk/ChangeLog
===================================================================
--- tor/trunk/ChangeLog 2007-04-26 12:11:45 UTC (rev 10034)
+++ tor/trunk/ChangeLog 2007-04-27 10:26:09 UTC (rev 10035)
@@ -10,6 +10,9 @@
especially on platforms where malloc() is inefficient.
- Stop reading on edge connections when their corresponding circuit
buffers are full; start again as the circuits empty out.
+ - Make PreferTunneledDirConns and TunnelDirConns work even when
+ we have no cached directory info. This means Tor clients can now
+ do all of their connections protected by TLS.
o Security fixes:
- Directory authorities now call routers stable if they have an
Modified: tor/trunk/src/or/circuituse.c
===================================================================
--- tor/trunk/src/or/circuituse.c 2007-04-26 12:11:45 UTC (rev 10034)
+++ tor/trunk/src/or/circuituse.c 2007-04-27 10:26:09 UTC (rev 10035)
@@ -91,10 +91,18 @@
log_debug(LD_CIRC,"Skipping one-hop circuit.");
return 0;
}
+ tor_assert(conn->chosen_exit_name);
+ if (build_state->chosen_exit) {
+ char digest[DIGEST_LEN];
+ if (hexdigest_to_digest(conn->chosen_exit_name, digest) < 0 ||
+ memcmp(digest, build_state->chosen_exit->identity_digest,
+ DIGEST_LEN))
+ return 0; /* this is a circuit to somewhere else */
+ }
} else {
if (conn->socks_request->command == SOCKS_COMMAND_CONNECT_DIR) {
/* don't use three-hop circuits -- that could hurt our anonymity. */
- log_debug(LD_CIRC,"Skipping multi-hop circuit for CONNECT_DIR.");
+// log_debug(LD_CIRC,"Skipping multi-hop circuit for CONNECT_DIR.");
return 0;
}
}
Modified: tor/trunk/src/or/directory.c
===================================================================
--- tor/trunk/src/or/directory.c 2007-04-26 12:11:45 UTC (rev 10034)
+++ tor/trunk/src/or/directory.c 2007-04-27 10:26:09 UTC (rev 10035)
@@ -248,7 +248,8 @@
tor_inet_ntoa(&in, address_buf, sizeof(address_buf));
address = address_buf;
}
- directory_initiate_command(address, status->addr, status->dir_port,
+ directory_initiate_command(address, status->addr,
+ status->or_port, status->dir_port,
status->version_supports_begindir,
status->identity_digest,
purpose, private_connection, resource,
@@ -365,7 +366,8 @@
* <b>digest</b>. */
void
directory_initiate_command(const char *address, uint32_t addr,
- uint16_t dir_port, int supports_begindir,
+ uint16_t or_port, uint16_t dir_port,
+ int supports_begindir,
const char *digest, uint8_t purpose,
int private_connection, const char *resource,
const char *payload, size_t payload_len)
@@ -373,7 +375,8 @@
dir_connection_t *conn;
or_options_t *options = get_options();
int want_to_tunnel = options->TunnelDirConns && supports_begindir &&
- router_get_by_digest(digest);
+ !private_connection && or_port &&
+ fascist_firewall_allows_address_or(addr, or_port);
tor_assert(address);
tor_assert(addr);
@@ -414,7 +417,7 @@
/* set up conn so it's got all the data we need to remember */
conn->_base.addr = addr;
- conn->_base.port = dir_port;
+ conn->_base.port = want_to_tunnel ? or_port : dir_port;
conn->_base.address = tor_strdup(address);
memcpy(conn->identity_digest, digest, DIGEST_LEN);
Modified: tor/trunk/src/or/or.h
===================================================================
--- tor/trunk/src/or/or.h 2007-04-26 12:11:45 UTC (rev 10034)
+++ tor/trunk/src/or/or.h 2007-04-27 10:26:09 UTC (rev 10035)
@@ -2487,7 +2487,8 @@
int connection_dir_finished_connecting(dir_connection_t *conn);
void connection_dir_request_failed(dir_connection_t *conn);
void directory_initiate_command(const char *address, uint32_t addr,
- uint16_t dir_port, int supports_begindir,
+ uint16_t or_port, uint16_t dir_port,
+ int supports_begindir,
const char *digest, uint8_t purpose,
int private_connection, const char *resource,
const char *payload, size_t payload_len);
@@ -3021,6 +3022,7 @@
int weight_for_exit);
routerinfo_t *router_get_by_nickname(const char *nickname,
int warn_if_unnamed);
+int hexdigest_to_digest(const char *hexdigest, char *digest);
routerinfo_t *router_get_by_hexdigest(const char *hexdigest);
routerinfo_t *router_get_by_digest(const char *digest);
signed_descriptor_t *router_get_by_descriptor_digest(const char *digest);
Modified: tor/trunk/src/or/router.c
===================================================================
--- tor/trunk/src/or/router.c 2007-04-26 12:11:45 UTC (rev 10034)
+++ tor/trunk/src/or/router.c 2007-04-27 10:26:09 UTC (rev 10035)
@@ -507,7 +507,8 @@
CONN_TYPE_DIR, me->addr, me->dir_port,
DIR_PURPOSE_FETCH_SERVERDESC)) {
/* ask myself, via tor, for my server descriptor. */
- directory_initiate_command(me->address, me->addr, me->dir_port,
+ directory_initiate_command(me->address, me->addr,
+ me->or_port, me->dir_port,
0, me->cache_info.identity_digest,
DIR_PURPOSE_FETCH_SERVERDESC,
1, "authority", NULL, 0);
Modified: tor/trunk/src/or/routerlist.c
===================================================================
--- tor/trunk/src/or/routerlist.c 2007-04-26 12:11:45 UTC (rev 10034)
+++ tor/trunk/src/or/routerlist.c 2007-04-27 10:26:09 UTC (rev 10035)
@@ -574,16 +574,15 @@
is_trusted = router_digest_is_trusted_dir(status->identity_digest);
if (for_v2_directory && !(status->is_v2_dir || is_trusted))
continue;
- if (fascistfirewall &&
- prefer_tunnel &&
+ if (prefer_tunnel &&
status->version_supports_begindir &&
- router_get_by_digest(status->identity_digest) &&
- fascist_firewall_allows_address_or(status->addr, status->or_port))
+ (!fascistfirewall ||
+ fascist_firewall_allows_address_or(status->addr, status->or_port)))
smartlist_add(is_trusted ? trusted_tunnel :
is_overloaded ? overloaded_tunnel : tunnel, status);
- else if (!fascistfirewall || (fascistfirewall &&
+ else if (!fascistfirewall ||
fascist_firewall_allows_address_dir(status->addr,
- status->dir_port)))
+ status->dir_port))
smartlist_add(is_trusted ? trusted_direct :
is_overloaded ? overloaded_direct : direct, status);
});
@@ -652,17 +651,14 @@
continue;
if (requireother && me && router_digest_is_me(d->digest))
continue;
-
- if (fascistfirewall &&
- prefer_tunnel &&
+ if (prefer_tunnel &&
d->or_port &&
- router_get_by_digest(d->digest) &&
- fascist_firewall_allows_address_or(d->addr, d->or_port))
+ (!fascistfirewall ||
+ fascist_firewall_allows_address_or(d->addr, d->or_port)))
smartlist_add(is_overloaded ? overloaded_tunnel : tunnel,
&d->fake_status.status);
- else if (!fascistfirewall || (fascistfirewall &&
- fascist_firewall_allows_address_dir(d->addr,
- d->dir_port)))
+ else if (!fascistfirewall ||
+ fascist_firewall_allows_address_dir(d->addr, d->dir_port))
smartlist_add(is_overloaded ? overloaded_direct : direct,
&d->fake_status.status);
});
@@ -1379,6 +1375,21 @@
return 0;
}
+/** If hexdigest is correctly formed, base16_decode it into
+ * digest, which must have DIGEST_LEN space in it.
+ * Return 0 on success, -1 on failure.
+ */
+int
+hexdigest_to_digest(const char *hexdigest, char *digest)
+{
+ if (hexdigest[0]=='$')
+ ++hexdigest;
+ if (strlen(hexdigest) < HEX_DIGEST_LEN ||
+ base16_decode(digest,DIGEST_LEN,hexdigest,HEX_DIGEST_LEN) < 0)
+ return -1;
+ return 0;
+}
+
/** Return the router in our routerlist whose hexadecimal key digest
* is <b>hexdigest</b>. Return NULL if no such router is known. */
routerinfo_t *
@@ -1394,8 +1405,7 @@
if (hexdigest[0]=='$')
++hexdigest;
len = strlen(hexdigest);
- if (len < HEX_DIGEST_LEN ||
- base16_decode(digest,DIGEST_LEN,hexdigest,HEX_DIGEST_LEN) < 0)
+ if (hexdigest_to_digest(hexdigest, digest) < 0)
return NULL;
ri = router_get_by_digest(digest);
@@ -3189,6 +3199,9 @@
ent->fake_status.status.dir_port = ent->dir_port;
ent->fake_status.status.or_port = ent->or_port;
+ if (ent->or_port)
+ ent->fake_status.status.version_supports_begindir = 1;
+
smartlist_add(trusted_dir_servers, ent);
router_dir_info_changed();
}