aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorRoger Dingledine <arma@torproject.org>2010-03-10 22:43:23 -0500
committerRoger Dingledine <arma@torproject.org>2010-03-10 22:43:23 -0500
commit1108358e96e818f1d433a3025310c81e55891df9 (patch)
tree5e37b71b513f00a1a7d4a2ca59c939a21c0b556d
parent2d29c7be2db2b944f9a19d44c556cc070ec87a77 (diff)
downloadtor-1108358e96e818f1d433a3025310c81e55891df9.tar
tor-1108358e96e818f1d433a3025310c81e55891df9.tar.gz
let people test the RefuseUnknownExits idea
-rw-r--r--ChangeLog7
-rw-r--r--src/or/config.c1
-rw-r--r--src/or/connection_edge.c24
-rw-r--r--src/or/connection_or.c2
-rw-r--r--src/or/or.h6
5 files changed, 33 insertions, 7 deletions
diff --git a/ChangeLog b/ChangeLog
index 4fa361654..7d742574d 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,4 +1,11 @@
Changes in version 0.2.2.11-alpha - 2010-03-??
+ o Minor features:
+ - Experiment with a more aggressive approach to preventing clients
+ from making one-hop exit streams. Exit relays who want to try it
+ out can set "RefuseUnknownExits 1" in their torrc, and then look
+ for "Attempt by %s to open a stream" log messages. Let us know
+ how it goes!
+
o Minor bugfixes:
- When we cleaned up the contrib/tor-exit-notice.html file, we left
out some key text. Fixes bug 1295.
diff --git a/src/or/config.c b/src/or/config.c
index cbf9a5a0c..dee2303bf 100644
--- a/src/or/config.c
+++ b/src/or/config.c
@@ -299,6 +299,7 @@ static config_var_t _option_vars[] = {
V(RecommendedClientVersions, LINELIST, NULL),
V(RecommendedServerVersions, LINELIST, NULL),
OBSOLETE("RedirectExit"),
+ V(RefuseUnknownExits, BOOL, "0"),
V(RejectPlaintextPorts, CSV, ""),
V(RelayBandwidthBurst, MEMUNIT, "0"),
V(RelayBandwidthRate, MEMUNIT, "0"),
diff --git a/src/or/connection_edge.c b/src/or/connection_edge.c
index 861482d2a..a173dc122 100644
--- a/src/or/connection_edge.c
+++ b/src/or/connection_edge.c
@@ -2505,16 +2505,28 @@ connection_exit_begin_conn(cell_t *cell, circuit_t *circ)
tor_free(address);
return 0;
}
- if (or_circ && or_circ->is_first_hop &&
- !get_options()->AllowSingleHopExits) {
+ if (or_circ && or_circ->p_conn && !get_options()->AllowSingleHopExits &&
+ (or_circ->is_first_hop ||
+ (!connection_or_digest_is_known_relay(
+ or_circ->p_conn->identity_digest) &&
+// XXX022 commented out so we can test it first in 0.2.2.11 -RD
+// networkstatus_get_param(NULL, "refuseunknownexits", 1)))) {
+ get_options()->RefuseUnknownExits))) {
/* Don't let clients use us as a single-hop proxy, unless the user
- * has explicitly allowed that in the config. It attracts attackers
+ * has explicitly allowed that in the config. It attracts attackers
* and users who'd be better off with, well, single-hop proxies.
*/
- log_fn(LOG_PROTOCOL_WARN, LD_PROTOCOL,
- "Attempt to open a stream on first hop of circuit. Closing.");
+// log_fn(LOG_PROTOCOL_WARN, LD_PROTOCOL,
+ log_notice(LD_PROTOCOL,
+ "Attempt by %s to open a stream %s. Closing.",
+ safe_str(or_circ->p_conn->_base.address),
+ or_circ->is_first_hop ? "on first hop of circuit" :
+ "from unknown relay");
relay_send_end_cell_from_edge(rh.stream_id, circ,
- END_STREAM_REASON_TORPROTOCOL, NULL);
+ or_circ->is_first_hop ?
+ END_STREAM_REASON_TORPROTOCOL :
+ END_STREAM_REASON_MISC,
+ NULL);
tor_free(address);
return 0;
}
diff --git a/src/or/connection_or.c b/src/or/connection_or.c
index dfd0a965b..98525f16a 100644
--- a/src/or/connection_or.c
+++ b/src/or/connection_or.c
@@ -322,7 +322,7 @@ connection_or_finished_connecting(or_connection_t *or_conn)
/** Return 1 if identity digest <b>id_digest</b> is known to be a
* currently or recently running relay. Otherwise return 0. */
-static int
+int
connection_or_digest_is_known_relay(const char *id_digest)
{
if (router_get_consensus_status_by_id(id_digest))
diff --git a/src/or/or.h b/src/or/or.h
index cf27520f1..737c19742 100644
--- a/src/or/or.h
+++ b/src/or/or.h
@@ -2462,6 +2462,11 @@ typedef struct {
int ConstrainedSockets; /**< Shrink xmit and recv socket buffers. */
uint64_t ConstrainedSockSize; /**< Size of constrained buffers. */
+ /** Whether we should drop exit streams from Tors that we don't know
+ * are relays. XXX022 In here for 0.2.2.11 as a temporary test before
+ * we switch over to putting it in consensusparams. -RD */
+ int RefuseUnknownExits;
+
/** Application ports that require all nodes in circ to have sufficient
* uptime. */
smartlist_t *LongLivedPorts;
@@ -3532,6 +3537,7 @@ int connection_or_process_inbuf(or_connection_t *conn);
int connection_or_flushed_some(or_connection_t *conn);
int connection_or_finished_flushing(or_connection_t *conn);
int connection_or_finished_connecting(or_connection_t *conn);
+int connection_or_digest_is_known_relay(const char *id_digest);
void connection_or_connect_failed(or_connection_t *conn,
int reason, const char *msg);