diff options
author | Nick Mathewson <nickm@torproject.org> | 2004-10-15 04:57:36 +0000 |
---|---|---|
committer | Nick Mathewson <nickm@torproject.org> | 2004-10-15 04:57:36 +0000 |
commit | 88e0c080cf5493e2841a392f77daeef3db6a289d (patch) | |
tree | e8ad4382a7320dcf27647fe42bc0487b79e5e593 | |
parent | 5e80944c52ae8abb43a446272f202d8a7d8af083 (diff) | |
download | tor-88e0c080cf5493e2841a392f77daeef3db6a289d.tar tor-88e0c080cf5493e2841a392f77daeef3db6a289d.tar.gz |
Ignore fascistfirewall when dealing with service descriptors; obey fascistfirewall when posting server descriptors; ignore fascistfirewall on directory connections when httpproxy is set.
svn:r2527
-rw-r--r-- | doc/TODO | 14 | ||||
-rw-r--r-- | src/or/directory.c | 20 | ||||
-rw-r--r-- | src/or/or.h | 4 | ||||
-rw-r--r-- | src/or/routerlist.c | 21 |
4 files changed, 37 insertions, 22 deletions
@@ -11,19 +11,19 @@ ARMA - arma claims X Abandoned 0.0.9pre4: - - Don't use FascistFirewall if you're going via Tor, or if +o - Don't use FascistFirewall if you're going via Tor, or if you're going via HttpProxy. - - make RecommendedVersions a CONFIG_TYPE_LINELIST option +N - make RecommendedVersions a CONFIG_TYPE_LINELIST option R . bandwidth buckets for write as well as read. N - Handle rendezvousing with unverified nodes. - Specify: Stick rendezvous point's key in INTRODUCE cell. Bob should _always_ use key from INTRODUCE cell. - Implement. -N - node 'groups' that are known to be in the same zone of control. - - Nodes can list their coadministrated nodes. - - If A lists B, it only counts if B also lists A - - Users can list other coadministrated nodes if they like. - . Never choose two coadministrated nodes in the same circuit. + o node 'groups' that are known to be in the same zone of control. + o Nodes can list their coadministrated nodes. + o If A lists B, it only counts if B also lists A +N - Users can list other coadministrated nodes if they like. + o Never choose two coadministrated nodes in the same circuit. R - figure out enclaves, e.g. so we know what to recommend that people do, and so running a tor server on your website is helpful. - Do enclaves for same IP only. diff --git a/src/or/directory.c b/src/or/directory.c index e221a9a42..7726d3371 100644 --- a/src/or/directory.c +++ b/src/or/directory.c @@ -76,6 +76,7 @@ directory_post_to_dirservers(uint8_t purpose, const char *payload, int i; routerinfo_t *router; routerlist_t *rl; + char buf[16]; router_get_routerlist(&rl); if(!rl) @@ -85,8 +86,14 @@ directory_post_to_dirservers(uint8_t purpose, const char *payload, router = smartlist_get(rl->routers, i); /* Note: this posts our descriptor to ourselves, if we're an * authdirserver. But I think that's ok. */ - if(router->is_trusted_dir) - directory_initiate_command_router(router, purpose, payload, payload_len); + if(!router->is_trusted_dir) + continue; + if (options.FascistFirewall && purpose == DIR_PURPOSE_UPLOAD_DIR) { + sprintf(buf,"%d",router->dir_port); + if (!smartlist_string_isin(options.FirewallPorts, buf)) + continue; + } + directory_initiate_command_router(router, purpose, payload, payload_len); } } @@ -105,18 +112,19 @@ directory_get_from_dirserver(uint8_t purpose, const char *payload, if (purpose == DIR_PURPOSE_FETCH_DIR) { if (advertised_server_mode()) { /* only ask authdirservers, and don't ask myself */ - ds = router_pick_trusteddirserver(1); + ds = router_pick_trusteddirserver(1, options.FascistFirewall); } else { /* anybody with a non-zero dirport will do */ - r = router_pick_directory_server(1); + r = router_pick_directory_server(1, options.FascistFirewall); if (!r) { log_fn(LOG_INFO, "No router found for directory; falling back to dirserver list"); - ds = router_pick_trusteddirserver(1); + ds = router_pick_trusteddirserver(1, options.FascistFirewall); } } } else { // (purpose == DIR_PURPOSE_FETCH_RENDDESC) /* only ask authdirservers, any of them will do */ - ds = router_pick_trusteddirserver(0); + /* Never use fascistfirewall; we're going via Tor. */ + ds = router_pick_trusteddirserver(0, 0); } if (r) diff --git a/src/or/or.h b/src/or/or.h index 080d9aaae..1fe05447d 100644 --- a/src/or/or.h +++ b/src/or/or.h @@ -1412,8 +1412,8 @@ typedef struct trusted_dir_server_t { } trusted_dir_server_t; int router_reload_router_list(void); -routerinfo_t *router_pick_directory_server(int requireothers); -trusted_dir_server_t *router_pick_trusteddirserver(int requireothers); +routerinfo_t *router_pick_directory_server(int requireothers, int fascistfirewall); +trusted_dir_server_t *router_pick_trusteddirserver(int requireothers, int fascistfirewall); int all_trusted_directory_servers_down(void); struct smartlist_t; void routerlist_add_family(struct smartlist_t *sl, routerinfo_t *router); diff --git a/src/or/routerlist.c b/src/or/routerlist.c index 2bdbaf23f..b16847e62 100644 --- a/src/or/routerlist.c +++ b/src/or/routerlist.c @@ -73,13 +73,14 @@ int router_reload_router_list(void) * in our routerlist, set all the authoritative ones as running again, * and pick one. If there are no dirservers at all in our routerlist, * reload the routerlist and try one last time. */ -routerinfo_t *router_pick_directory_server(int requireothers) { +routerinfo_t *router_pick_directory_server(int requireothers, + int fascistfirewall) { routerinfo_t *choice; if (!routerlist) return NULL; - choice = router_pick_directory_server_impl(requireothers, options.FascistFirewall); + choice = router_pick_directory_server_impl(requireothers, fascistfirewall); if(choice) return choice; @@ -87,7 +88,7 @@ routerinfo_t *router_pick_directory_server(int requireothers) { /* mark all authdirservers as up again */ mark_all_trusteddirservers_up(); /* try again */ - choice = router_pick_directory_server_impl(requireothers, options.FascistFirewall); + choice = router_pick_directory_server_impl(requireothers, fascistfirewall); if(choice) return choice; @@ -103,11 +104,11 @@ routerinfo_t *router_pick_directory_server(int requireothers) { return choice; } -trusted_dir_server_t *router_pick_trusteddirserver(int requireothers) { +trusted_dir_server_t *router_pick_trusteddirserver(int requireothers, + int fascistfirewall) { trusted_dir_server_t *choice; - choice = router_pick_trusteddirserver_impl(requireothers, - options.FascistFirewall); + choice = router_pick_trusteddirserver_impl(requireothers, fascistfirewall); if(choice) return choice; @@ -115,7 +116,7 @@ trusted_dir_server_t *router_pick_trusteddirserver(int requireothers) { /* mark all authdirservers as up again */ mark_all_trusteddirservers_up(); /* try again */ - choice = router_pick_trusteddirserver_impl(requireothers, 0); + choice = router_pick_trusteddirserver_impl(requireothers, fascistfirewall); if(choice) return choice; @@ -145,6 +146,9 @@ router_pick_directory_server_impl(int requireothers, int fascistfirewall) if(!routerlist) return NULL; + if(options.HttpProxy) + fascistfirewall = 0; + /* Find all the running dirservers we know about. */ sl = smartlist_create(); for(i=0;i< smartlist_len(routerlist->routers); i++) { @@ -179,6 +183,9 @@ router_pick_trusteddirserver_impl(int requireother, int fascistfirewall) if (!trusted_dir_servers) return NULL; + if(options.HttpProxy) + fascistfirewall = 0; + SMARTLIST_FOREACH(trusted_dir_servers, trusted_dir_server_t *, d, { if (!d->is_running) continue; |