Backport r17139: Fix another case of refusing to use a chosen exit node because we think it will reject _mostly_ everything. Based on patch from rovv. See bug 752.
svn:r17640
This commit is contained in:
parent
76eed8cc18
commit
a89852636c
|
@ -34,6 +34,9 @@ Changes in version 0.2.0.33 - 200?-??-??
|
||||||
- When we're choosing an exit node for a circuit, and we have no pending
|
- When we're choosing an exit node for a circuit, and we have no pending
|
||||||
streams, choose a good general exit rather than one that supports "all
|
streams, choose a good general exit rather than one that supports "all
|
||||||
the pending streams". Bugfix on 0.1.1.x. (Fix by rovv.)
|
the pending streams". Bugfix on 0.1.1.x. (Fix by rovv.)
|
||||||
|
- Fix another case of assuming, when a specific exit is requested,
|
||||||
|
that we know more than the user about what hosts it allows.
|
||||||
|
Fixes one case of bug 752. Patch from rovv.
|
||||||
|
|
||||||
o Minor features:
|
o Minor features:
|
||||||
- Report the case where all signatures in a detached set are rejected
|
- Report the case where all signatures in a detached set are rejected
|
||||||
|
|
|
@ -18,7 +18,7 @@ Backport for 0.2.0 once better tested:
|
||||||
o ... and r17184.
|
o ... and r17184.
|
||||||
- r17137: send END cell in response to connect to nonexistent hidserv port.
|
- r17137: send END cell in response to connect to nonexistent hidserv port.
|
||||||
- r17138: reject *:* servers should never do DNS lookups.
|
- r17138: reject *:* servers should never do DNS lookups.
|
||||||
- r17139: Fix another case of overriding .exit choices.
|
o r17139: Fix another case of overriding .exit choices.
|
||||||
- r17162 and r17164: fix another case of not checking cpath_layer.
|
- r17162 and r17164: fix another case of not checking cpath_layer.
|
||||||
- r17208,r17209,r7211,r17212,r17214: Avoid gotterdammerung when an
|
- r17208,r17209,r7211,r17212,r17214: Avoid gotterdammerung when an
|
||||||
authority has an expired certificate.
|
authority has an expired certificate.
|
||||||
|
|
|
@ -1015,17 +1015,38 @@ circuit_get_open_circ_or_launch(edge_connection_t *conn,
|
||||||
|
|
||||||
/* Do we need to check exit policy? */
|
/* Do we need to check exit policy? */
|
||||||
if (check_exit_policy) {
|
if (check_exit_policy) {
|
||||||
struct in_addr in;
|
if (!conn->chosen_exit_name) {
|
||||||
uint32_t addr = 0;
|
struct in_addr in;
|
||||||
if (tor_inet_aton(conn->socks_request->address, &in))
|
uint32_t addr = 0;
|
||||||
addr = ntohl(in.s_addr);
|
if (tor_inet_aton(conn->socks_request->address, &in))
|
||||||
if (router_exit_policy_all_routers_reject(addr, conn->socks_request->port,
|
addr = ntohl(in.s_addr);
|
||||||
need_uptime)) {
|
if (router_exit_policy_all_routers_reject(addr, conn->socks_request->port,
|
||||||
log_notice(LD_APP,
|
need_uptime)) {
|
||||||
"No Tor server exists that allows exit to %s:%d. Rejecting.",
|
log_notice(LD_APP,
|
||||||
safe_str(conn->socks_request->address),
|
"No Tor server exists that allows exit to %s:%d. Rejecting.",
|
||||||
conn->socks_request->port);
|
safe_str(conn->socks_request->address),
|
||||||
return -1;
|
conn->socks_request->port);
|
||||||
|
return -1;
|
||||||
|
}
|
||||||
|
} else {
|
||||||
|
/* XXXX021 Duplicates checks in connection_ap_handshake_attach_circuit
|
||||||
|
* XXXX021 Fix this, then backport it? */
|
||||||
|
routerinfo_t *router = router_get_by_nickname(conn->chosen_exit_name, 1);
|
||||||
|
int opt = conn->_base.chosen_exit_optional;
|
||||||
|
if (router && !connection_ap_can_use_exit(conn, router)) {
|
||||||
|
log_fn(opt ? LOG_INFO : LOG_WARN, LD_APP,
|
||||||
|
"Requested exit point '%s' would refuse request. %s.",
|
||||||
|
conn->chosen_exit_name, opt ? "Trying others" : "Closing");
|
||||||
|
if (opt) {
|
||||||
|
conn->_base.chosen_exit_optional = 0;
|
||||||
|
tor_free(conn->chosen_exit_name);
|
||||||
|
/* Try again. */
|
||||||
|
return circuit_get_open_circ_or_launch(conn,
|
||||||
|
desired_circuit_purpose,
|
||||||
|
circp);
|
||||||
|
}
|
||||||
|
return -1;
|
||||||
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
Loading…
Reference in New Issue