[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
[tor-commits] [tor/master] hs: Disallow single hop client circuit when introducing
commit f2b1eb1f052c99e0be096b98888e9854cf57a64c
Author: David Goulet <dgoulet@xxxxxxxxxxxxxx>
Date: Wed Jun 19 11:09:14 2019 -0400
hs: Disallow single hop client circuit when introducing
This will effectively also deny any bridge to be used as a single hop to the
introduction point since bridge do not authenticate like clients.
Fixes #24963
Signed-off-by: David Goulet <dgoulet@xxxxxxxxxxxxxx>
---
changes/ticket24963 | 5 +++++
src/feature/hs/hs_intropoint.c | 9 +++++++++
2 files changed, 14 insertions(+)
diff --git a/changes/ticket24963 b/changes/ticket24963
new file mode 100644
index 000000000..50adcfaaf
--- /dev/null
+++ b/changes/ticket24963
@@ -0,0 +1,5 @@
+ o Minor feature (onion service):
+ - Disallow single hop clients to introduce directly at the introduction
+ point. We've removed Tor2web a while back and rendezvous are blocked at
+ the relays. This is to remove load off the network from spammy clients.
+ Close ticket 24963.
diff --git a/src/feature/hs/hs_intropoint.c b/src/feature/hs/hs_intropoint.c
index 9333060e7..447f73b60 100644
--- a/src/feature/hs/hs_intropoint.c
+++ b/src/feature/hs/hs_intropoint.c
@@ -10,6 +10,7 @@
#include "core/or/or.h"
#include "app/config/config.h"
+#include "core/or/channel.h"
#include "core/or/circuitlist.h"
#include "core/or/circuituse.h"
#include "core/or/relay.h"
@@ -546,6 +547,14 @@ circuit_is_suitable_for_introduce1(const or_circuit_t *circ)
return 0;
}
+ /* Disallow single hop client circuit. */
+ if (channel_is_client(circ->p_chan)) {
+ log_fn(LOG_PROTOCOL_WARN, LD_PROTOCOL,
+ "Single hop client was rejected while trying to introduce. "
+ "Closing circuit.");
+ return 0;
+ }
+
return 1;
}
_______________________________________________
tor-commits mailing list
tor-commits@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits