[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
[or-cvs] r17139: {tor} Fix another case of refusing to use a chosen exit node becau (in tor/trunk: . src/or)
Author: nickm
Date: 2008-10-21 13:09:04 -0400 (Tue, 21 Oct 2008)
New Revision: 17139
Modified:
tor/trunk/ChangeLog
tor/trunk/src/or/circuituse.c
Log:
Fix another case of refusing to use a chosen exit node because we think it will reject _mostly_ everything. Based on patch from rovv. See bug 752.
Modified: tor/trunk/ChangeLog
===================================================================
--- tor/trunk/ChangeLog 2008-10-21 16:51:59 UTC (rev 17138)
+++ tor/trunk/ChangeLog 2008-10-21 17:09:04 UTC (rev 17139)
@@ -34,6 +34,9 @@
- If a broken client asks a non-exit router to connect somewhere,
do not even do the DNS lookup before rejecting the connection.
Fixes another case of bug 619. Patch from rovv.
+ - Fix another case of assuming, when a specific exit is requested,
+ that we know more than the user about what hosts it allows.
+ Fixes another case of bug 752. Patch from rovv.
Changes in version 0.2.1.6-alpha - 2008-09-30
Modified: tor/trunk/src/or/circuituse.c
===================================================================
--- tor/trunk/src/or/circuituse.c 2008-10-21 16:51:59 UTC (rev 17138)
+++ tor/trunk/src/or/circuituse.c 2008-10-21 17:09:04 UTC (rev 17139)
@@ -1069,17 +1069,38 @@
/* Do we need to check exit policy? */
if (check_exit_policy) {
- struct in_addr in;
- uint32_t addr = 0;
- if (tor_inet_aton(conn->socks_request->address, &in))
- addr = ntohl(in.s_addr);
- if (router_exit_policy_all_routers_reject(addr, conn->socks_request->port,
- need_uptime)) {
- log_notice(LD_APP,
- "No Tor server exists that allows exit to %s:%d. Rejecting.",
- safe_str(conn->socks_request->address),
- conn->socks_request->port);
- return -1;
+ if (!conn->chosen_exit_name) {
+ struct in_addr in;
+ uint32_t addr = 0;
+ if (tor_inet_aton(conn->socks_request->address, &in))
+ addr = ntohl(in.s_addr);
+ if (router_exit_policy_all_routers_reject(addr, conn->socks_request->port,
+ need_uptime)) {
+ log_notice(LD_APP,
+ "No Tor server exists that allows exit to %s:%d. Rejecting.",
+ safe_str(conn->socks_request->address),
+ conn->socks_request->port);
+ return -1;
+ }
+ } else {
+ /* XXXX021 Duplicates checks in connection_ap_handshake_attach_circuit
+ * XXXX021 Fix this, then backport it? */
+ routerinfo_t *router = router_get_by_nickname(conn->chosen_exit_name, 1);
+ int opt = conn->_base.chosen_exit_optional;
+ if (router && !connection_ap_can_use_exit(conn, router)) {
+ log_fn(opt ? LOG_INFO : LOG_WARN, LD_APP,
+ "Requested exit point '%s' would refuse request. %s.",
+ conn->chosen_exit_name, opt ? "Trying others" : "Closing");
+ if (opt) {
+ conn->_base.chosen_exit_optional = 0;
+ tor_free(conn->chosen_exit_name);
+ /* Try again. */
+ return circuit_get_open_circ_or_launch(conn,
+ desired_circuit_purpose,
+ circp);
+ }
+ return -1;
+ }
}
}