aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorNick Mathewson <nickm@torproject.org>2004-10-15 04:57:36 +0000
committerNick Mathewson <nickm@torproject.org>2004-10-15 04:57:36 +0000
commit88e0c080cf5493e2841a392f77daeef3db6a289d (patch)
treee8ad4382a7320dcf27647fe42bc0487b79e5e593
parent5e80944c52ae8abb43a446272f202d8a7d8af083 (diff)
downloadtor-88e0c080cf5493e2841a392f77daeef3db6a289d.tar
tor-88e0c080cf5493e2841a392f77daeef3db6a289d.tar.gz
Ignore fascistfirewall when dealing with service descriptors; obey fascistfirewall when posting server descriptors; ignore fascistfirewall on directory connections when httpproxy is set.
svn:r2527
-rw-r--r--doc/TODO14
-rw-r--r--src/or/directory.c20
-rw-r--r--src/or/or.h4
-rw-r--r--src/or/routerlist.c21
4 files changed, 37 insertions, 22 deletions
diff --git a/doc/TODO b/doc/TODO
index 04d36767e..fcd60e453 100644
--- a/doc/TODO
+++ b/doc/TODO
@@ -11,19 +11,19 @@ ARMA - arma claims
X Abandoned
0.0.9pre4:
- - Don't use FascistFirewall if you're going via Tor, or if
+o - Don't use FascistFirewall if you're going via Tor, or if
you're going via HttpProxy.
- - make RecommendedVersions a CONFIG_TYPE_LINELIST option
+N - make RecommendedVersions a CONFIG_TYPE_LINELIST option
R . bandwidth buckets for write as well as read.
N - Handle rendezvousing with unverified nodes.
- Specify: Stick rendezvous point's key in INTRODUCE cell.
Bob should _always_ use key from INTRODUCE cell.
- Implement.
-N - node 'groups' that are known to be in the same zone of control.
- - Nodes can list their coadministrated nodes.
- - If A lists B, it only counts if B also lists A
- - Users can list other coadministrated nodes if they like.
- . Never choose two coadministrated nodes in the same circuit.
+ o node 'groups' that are known to be in the same zone of control.
+ o Nodes can list their coadministrated nodes.
+ o If A lists B, it only counts if B also lists A
+N - Users can list other coadministrated nodes if they like.
+ o Never choose two coadministrated nodes in the same circuit.
R - figure out enclaves, e.g. so we know what to recommend that people
do, and so running a tor server on your website is helpful.
- Do enclaves for same IP only.
diff --git a/src/or/directory.c b/src/or/directory.c
index e221a9a42..7726d3371 100644
--- a/src/or/directory.c
+++ b/src/or/directory.c
@@ -76,6 +76,7 @@ directory_post_to_dirservers(uint8_t purpose, const char *payload,
int i;
routerinfo_t *router;
routerlist_t *rl;
+ char buf[16];
router_get_routerlist(&rl);
if(!rl)
@@ -85,8 +86,14 @@ directory_post_to_dirservers(uint8_t purpose, const char *payload,
router = smartlist_get(rl->routers, i);
/* Note: this posts our descriptor to ourselves, if we're an
* authdirserver. But I think that's ok. */
- if(router->is_trusted_dir)
- directory_initiate_command_router(router, purpose, payload, payload_len);
+ if(!router->is_trusted_dir)
+ continue;
+ if (options.FascistFirewall && purpose == DIR_PURPOSE_UPLOAD_DIR) {
+ sprintf(buf,"%d",router->dir_port);
+ if (!smartlist_string_isin(options.FirewallPorts, buf))
+ continue;
+ }
+ directory_initiate_command_router(router, purpose, payload, payload_len);
}
}
@@ -105,18 +112,19 @@ directory_get_from_dirserver(uint8_t purpose, const char *payload,
if (purpose == DIR_PURPOSE_FETCH_DIR) {
if (advertised_server_mode()) {
/* only ask authdirservers, and don't ask myself */
- ds = router_pick_trusteddirserver(1);
+ ds = router_pick_trusteddirserver(1, options.FascistFirewall);
} else {
/* anybody with a non-zero dirport will do */
- r = router_pick_directory_server(1);
+ r = router_pick_directory_server(1, options.FascistFirewall);
if (!r) {
log_fn(LOG_INFO, "No router found for directory; falling back to dirserver list");
- ds = router_pick_trusteddirserver(1);
+ ds = router_pick_trusteddirserver(1, options.FascistFirewall);
}
}
} else { // (purpose == DIR_PURPOSE_FETCH_RENDDESC)
/* only ask authdirservers, any of them will do */
- ds = router_pick_trusteddirserver(0);
+ /* Never use fascistfirewall; we're going via Tor. */
+ ds = router_pick_trusteddirserver(0, 0);
}
if (r)
diff --git a/src/or/or.h b/src/or/or.h
index 080d9aaae..1fe05447d 100644
--- a/src/or/or.h
+++ b/src/or/or.h
@@ -1412,8 +1412,8 @@ typedef struct trusted_dir_server_t {
} trusted_dir_server_t;
int router_reload_router_list(void);
-routerinfo_t *router_pick_directory_server(int requireothers);
-trusted_dir_server_t *router_pick_trusteddirserver(int requireothers);
+routerinfo_t *router_pick_directory_server(int requireothers, int fascistfirewall);
+trusted_dir_server_t *router_pick_trusteddirserver(int requireothers, int fascistfirewall);
int all_trusted_directory_servers_down(void);
struct smartlist_t;
void routerlist_add_family(struct smartlist_t *sl, routerinfo_t *router);
diff --git a/src/or/routerlist.c b/src/or/routerlist.c
index 2bdbaf23f..b16847e62 100644
--- a/src/or/routerlist.c
+++ b/src/or/routerlist.c
@@ -73,13 +73,14 @@ int router_reload_router_list(void)
* in our routerlist, set all the authoritative ones as running again,
* and pick one. If there are no dirservers at all in our routerlist,
* reload the routerlist and try one last time. */
-routerinfo_t *router_pick_directory_server(int requireothers) {
+routerinfo_t *router_pick_directory_server(int requireothers,
+ int fascistfirewall) {
routerinfo_t *choice;
if (!routerlist)
return NULL;
- choice = router_pick_directory_server_impl(requireothers, options.FascistFirewall);
+ choice = router_pick_directory_server_impl(requireothers, fascistfirewall);
if(choice)
return choice;
@@ -87,7 +88,7 @@ routerinfo_t *router_pick_directory_server(int requireothers) {
/* mark all authdirservers as up again */
mark_all_trusteddirservers_up();
/* try again */
- choice = router_pick_directory_server_impl(requireothers, options.FascistFirewall);
+ choice = router_pick_directory_server_impl(requireothers, fascistfirewall);
if(choice)
return choice;
@@ -103,11 +104,11 @@ routerinfo_t *router_pick_directory_server(int requireothers) {
return choice;
}
-trusted_dir_server_t *router_pick_trusteddirserver(int requireothers) {
+trusted_dir_server_t *router_pick_trusteddirserver(int requireothers,
+ int fascistfirewall) {
trusted_dir_server_t *choice;
- choice = router_pick_trusteddirserver_impl(requireothers,
- options.FascistFirewall);
+ choice = router_pick_trusteddirserver_impl(requireothers, fascistfirewall);
if(choice)
return choice;
@@ -115,7 +116,7 @@ trusted_dir_server_t *router_pick_trusteddirserver(int requireothers) {
/* mark all authdirservers as up again */
mark_all_trusteddirservers_up();
/* try again */
- choice = router_pick_trusteddirserver_impl(requireothers, 0);
+ choice = router_pick_trusteddirserver_impl(requireothers, fascistfirewall);
if(choice)
return choice;
@@ -145,6 +146,9 @@ router_pick_directory_server_impl(int requireothers, int fascistfirewall)
if(!routerlist)
return NULL;
+ if(options.HttpProxy)
+ fascistfirewall = 0;
+
/* Find all the running dirservers we know about. */
sl = smartlist_create();
for(i=0;i< smartlist_len(routerlist->routers); i++) {
@@ -179,6 +183,9 @@ router_pick_trusteddirserver_impl(int requireother, int fascistfirewall)
if (!trusted_dir_servers)
return NULL;
+ if(options.HttpProxy)
+ fascistfirewall = 0;
+
SMARTLIST_FOREACH(trusted_dir_servers, trusted_dir_server_t *, d,
{
if (!d->is_running) continue;