diff options
| author | Roger Dingledine <arma@torproject.org> | 2007-10-28 08:16:19 +0000 |
|---|---|---|
| committer | Roger Dingledine <arma@torproject.org> | 2007-10-28 08:16:19 +0000 |
| commit | e5885deab578188582052c6885ffe0b59cba6151 (patch) | |
| tree | 9412d741665ecc6fc34c20fc3864138f877e255f /src/or/directory.c | |
| parent | 2dea44181b20a2fe6a5b7a9b7267f17365e8fa3c (diff) | |
| download | tor-e5885deab578188582052c6885ffe0b59cba6151.tar tor-e5885deab578188582052c6885ffe0b59cba6151.tar.gz | |
Separate "SOCKS_COMMAND_CONNECT_DIR" into two flags in
edge_connection_t: want_onehop if it must attach to a circuit with
only one hop (e.g. for the current tunnelled connections that use
begin_dir), and use_begindir if we mean to use a BEGIN_DIR relay
command to establish the stream rather than the normal BEGIN. Now
we can make anonymized begin_dir connections for (e.g.) more secure
hidden service posting and fetching.
svn:r12244
Diffstat (limited to 'src/or/directory.c')
| -rw-r--r-- | src/or/directory.c | 29 |
1 files changed, 13 insertions, 16 deletions
diff --git a/src/or/directory.c b/src/or/directory.c index fb27d71be..131b0e710 100644 --- a/src/or/directory.c +++ b/src/or/directory.c @@ -609,17 +609,17 @@ directory_initiate_command(const char *address, uint32_t addr, { dir_connection_t *conn; or_options_t *options = get_options(); - int want_to_tunnel = options->TunnelDirConns && supports_begindir && - !anonymized_connection && or_port && - fascist_firewall_allows_address_or(addr, or_port); + int use_begindir = options->TunnelDirConns && supports_begindir && or_port && + (anonymized_connection || + fascist_firewall_allows_address_or(addr, or_port)); tor_assert(address); tor_assert(addr); tor_assert(or_port || dir_port); tor_assert(digest); - log_debug(LD_DIR, "anonymized %d, want_to_tunnel %d.", - anonymized_connection, want_to_tunnel); + log_debug(LD_DIR, "anonymized %d, use_begindir %d.", + anonymized_connection, use_begindir); log_debug(LD_DIR, "Initiating %s", dir_conn_purpose_to_string(dir_purpose)); @@ -627,7 +627,7 @@ directory_initiate_command(const char *address, uint32_t addr, /* set up conn so it's got all the data we need to remember */ conn->_base.addr = addr; - conn->_base.port = want_to_tunnel ? or_port : dir_port; + conn->_base.port = use_begindir ? or_port : dir_port; conn->_base.address = tor_strdup(address); memcpy(conn->identity_digest, digest, DIGEST_LEN); @@ -637,11 +637,12 @@ directory_initiate_command(const char *address, uint32_t addr, /* give it an initial state */ conn->_base.state = DIR_CONN_STATE_CONNECTING; - if (!anonymized_connection && !want_to_tunnel) { - /* then we want to connect directly */ + /* decide whether we can learn our IP address from this conn */ + conn->dirconn_direct = !anonymized_connection; + + if (!anonymized_connection && !use_begindir) { + /* then we want to connect to dirport directly */ - /* XXX020 we should set dirconn_direct to 1 even if want_to_tunnel -RD */ - conn->dirconn_direct = 1; if (options->HttpProxy) { addr = options->HttpProxyAddr; dir_port = options->HttpProxyPort; @@ -665,19 +666,15 @@ directory_initiate_command(const char *address, uint32_t addr, /* writable indicates finish, readable indicates broken link, error indicates broken link in windowsland. */ } - } else { /* we want to connect via tor */ + } else { /* we want to connect via a tor connection */ edge_connection_t *linked_conn; /* make an AP connection * populate it and add it at the right state * hook up both sides */ - conn->dirconn_direct = 0; linked_conn = connection_ap_make_link(conn->_base.address, conn->_base.port, - digest, - anonymized_connection ? - SOCKS_COMMAND_CONNECT : - SOCKS_COMMAND_CONNECT_DIR); + digest, use_begindir, conn->dirconn_direct); if (!linked_conn) { log_warn(LD_NET,"Making tunnel to dirserver failed."); connection_mark_for_close(TO_CONN(conn)); |