[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
[or-cvs] r17640: {tor} Backport r17139: Fix another case of refusing to use a chose (in tor/branches/tor-0_2_0-patches: . doc src/or)
Author: nickm
Date: 2008-12-17 08:14:54 -0500 (Wed, 17 Dec 2008)
New Revision: 17640
Modified:
tor/branches/tor-0_2_0-patches/ChangeLog
tor/branches/tor-0_2_0-patches/doc/TODO.020
tor/branches/tor-0_2_0-patches/src/or/circuituse.c
Log:
Backport r17139: Fix another case of refusing to use a chosen exit node because we think it will reject _mostly_ everything. Based on patch from rovv. See bug 752.
Modified: tor/branches/tor-0_2_0-patches/ChangeLog
===================================================================
--- tor/branches/tor-0_2_0-patches/ChangeLog 2008-12-17 13:14:47 UTC (rev 17639)
+++ tor/branches/tor-0_2_0-patches/ChangeLog 2008-12-17 13:14:54 UTC (rev 17640)
@@ -34,6 +34,9 @@
- When we're choosing an exit node for a circuit, and we have no pending
streams, choose a good general exit rather than one that supports "all
the pending streams". Bugfix on 0.1.1.x. (Fix by rovv.)
+ - Fix another case of assuming, when a specific exit is requested,
+ that we know more than the user about what hosts it allows.
+ Fixes one case of bug 752. Patch from rovv.
o Minor features:
- Report the case where all signatures in a detached set are rejected
Modified: tor/branches/tor-0_2_0-patches/doc/TODO.020
===================================================================
--- tor/branches/tor-0_2_0-patches/doc/TODO.020 2008-12-17 13:14:47 UTC (rev 17639)
+++ tor/branches/tor-0_2_0-patches/doc/TODO.020 2008-12-17 13:14:54 UTC (rev 17640)
@@ -18,7 +18,7 @@
o ... and r17184.
- r17137: send END cell in response to connect to nonexistent hidserv port.
- r17138: reject *:* servers should never do DNS lookups.
- - r17139: Fix another case of overriding .exit choices.
+ o r17139: Fix another case of overriding .exit choices.
- r17162 and r17164: fix another case of not checking cpath_layer.
- r17208,r17209,r7211,r17212,r17214: Avoid gotterdammerung when an
authority has an expired certificate.
Modified: tor/branches/tor-0_2_0-patches/src/or/circuituse.c
===================================================================
--- tor/branches/tor-0_2_0-patches/src/or/circuituse.c 2008-12-17 13:14:47 UTC (rev 17639)
+++ tor/branches/tor-0_2_0-patches/src/or/circuituse.c 2008-12-17 13:14:54 UTC (rev 17640)
@@ -1015,17 +1015,38 @@
/* Do we need to check exit policy? */
if (check_exit_policy) {
- struct in_addr in;
- uint32_t addr = 0;
- if (tor_inet_aton(conn->socks_request->address, &in))
- addr = ntohl(in.s_addr);
- if (router_exit_policy_all_routers_reject(addr, conn->socks_request->port,
- need_uptime)) {
- log_notice(LD_APP,
- "No Tor server exists that allows exit to %s:%d. Rejecting.",
- safe_str(conn->socks_request->address),
- conn->socks_request->port);
- return -1;
+ if (!conn->chosen_exit_name) {
+ struct in_addr in;
+ uint32_t addr = 0;
+ if (tor_inet_aton(conn->socks_request->address, &in))
+ addr = ntohl(in.s_addr);
+ if (router_exit_policy_all_routers_reject(addr, conn->socks_request->port,
+ need_uptime)) {
+ log_notice(LD_APP,
+ "No Tor server exists that allows exit to %s:%d. Rejecting.",
+ safe_str(conn->socks_request->address),
+ conn->socks_request->port);
+ return -1;
+ }
+ } else {
+ /* XXXX021 Duplicates checks in connection_ap_handshake_attach_circuit
+ * XXXX021 Fix this, then backport it? */
+ routerinfo_t *router = router_get_by_nickname(conn->chosen_exit_name, 1);
+ int opt = conn->_base.chosen_exit_optional;
+ if (router && !connection_ap_can_use_exit(conn, router)) {
+ log_fn(opt ? LOG_INFO : LOG_WARN, LD_APP,
+ "Requested exit point '%s' would refuse request. %s.",
+ conn->chosen_exit_name, opt ? "Trying others" : "Closing");
+ if (opt) {
+ conn->_base.chosen_exit_optional = 0;
+ tor_free(conn->chosen_exit_name);
+ /* Try again. */
+ return circuit_get_open_circ_or_launch(conn,
+ desired_circuit_purpose,
+ circp);
+ }
+ return -1;
+ }
}
}