diff options
| author | Roger Dingledine <arma@torproject.org> | 2003-12-03 08:06:55 +0000 |
|---|---|---|
| committer | Roger Dingledine <arma@torproject.org> | 2003-12-03 08:06:55 +0000 |
| commit | f65e871bfd2575a8993e71f4c55fc395934c1b3e (patch) | |
| tree | 1b1cdefad156a7305138e88e1a6e75f4b2255618 /src/or/routers.c | |
| parent | fc98ca1a2d4e8d33a2f5afc82d8c8285df5b8b57 (diff) | |
| download | tor-f65e871bfd2575a8993e71f4c55fc395934c1b3e.tar tor-f65e871bfd2575a8993e71f4c55fc395934c1b3e.tar.gz | |
bugfix in exit node choice: we used to find the perfect exit node but then use the wrong one.
bugfix in connection_ap_can_use_exit: it was using the wrong port
bugfix: the OP now handles a port of '*' correctly when the IP is not
yet known and it's trying to guess whether a router's exit policy
might accept it.
we now don't ever pick exit routers which will reject *:*
attach_circuit now fails a new stream outright if it will never work.
when you get an 'end' cell that resolves an IP, now it will fail the circuit outright if no safe exit nodes exist for that IP.
don't try building a new circuit after an 'end' if a suitable one is
already on the way.
svn:r874
Diffstat (limited to 'src/or/routers.c')
| -rw-r--r-- | src/or/routers.c | 48 |
1 files changed, 36 insertions, 12 deletions
diff --git a/src/or/routers.c b/src/or/routers.c index fb2598561..6405446f5 100644 --- a/src/or/routers.c +++ b/src/or/routers.c @@ -197,7 +197,7 @@ int router_get_list_from_file(char *routerfile) log_fn(LOG_WARN,"Failed to load routerfile %s.",routerfile); return -1; } - + if(router_get_list_from_string(string) < 0) { log_fn(LOG_WARN,"The routerfile itself was corrupt."); free(string); @@ -206,7 +206,7 @@ int router_get_list_from_file(char *routerfile) free(string); return 0; -} +} typedef enum { @@ -322,7 +322,7 @@ _router_get_next_token(char **s, directory_token_t *tok) { /* Find end of base64'd data */ next = strstr(*s, OR_SIGNATURE_END_TAG); if (!next) { tok->val.error = "No signature end tag found"; return -1; } - + signature = tor_malloc(256); i = base64_decode(signature, 256, *s, next-*s); if (i<0) { @@ -675,8 +675,8 @@ int router_get_list_from_string_impl(char **s, directory_t **dest, rarray[rarray_len++] = router; log_fn(LOG_DEBUG,"just added router #%d.",rarray_len); } - - if (*dest) + + if (*dest) directory_free(*dest); *dest = (directory_t *)tor_malloc(sizeof(directory_t)); (*dest)->routers = rarray; @@ -948,7 +948,7 @@ router_add_exit_policy_from_string(routerinfo_t *router, if (router_get_next_token(&cp, &tok)) { log_fn(LOG_WARN, "Error reading exit policy: %s", tok.val.error); free(tmp); - return -1; + return -1; } if (tok.tp != K_ACCEPT && tok.tp != K_REJECT) { log_fn(LOG_WARN, "Expected 'accept' or 'reject'."); @@ -1089,7 +1089,7 @@ int router_compare_addr_to_exit_policy(uint32_t addr, uint16_t port, log_fn(LOG_DEBUG,"Considering exit policy %s", tmpe->string); if (!addr) { /* Address is unknown. */ - if (tmpe->msk == 0 && port == tmpe->prt) { + if (tmpe->msk == 0 && (!tmpe || port == tmpe->prt)) { /* The exit policy is accept/reject *:port */ match = 1; } else if ((!tmpe->prt || port == tmpe->prt) && @@ -1124,14 +1124,38 @@ int router_compare_addr_to_exit_policy(uint32_t addr, uint16_t port, /* Return 0 if my exit policy says to allow connection to conn. * Else return -1. */ -int router_compare_to_exit_policy(connection_t *conn) { +int router_compare_to_my_exit_policy(connection_t *conn) { assert(desc_routerinfo); - + assert(conn->addr); /* make sure it's resolved to something. this + way we can't get a 'maybe' below. */ + if (router_compare_addr_to_exit_policy(conn->addr, conn->port, - desc_routerinfo->exit_policy)) - return -1; - else + desc_routerinfo->exit_policy) == 0) return 0; + else + return -1; +} + +/* return 1 if all running routers will reject addr:port, return 0 if + any might accept it. */ +int router_exit_policy_all_routers_reject(uint32_t addr, uint16_t port) { + int i; + routerinfo_t *router; + + for (i=0;i<directory->n_routers;i++) { + router = directory->routers[i]; + if (router->is_running && router_compare_addr_to_exit_policy(addr, + port, router->exit_policy) >= 0) + return 0; /* this one could be ok. good enough. */ + } + return 1; /* all will reject. */ +} + +int router_exit_policy_rejects_all(routerinfo_t *router) { + if (router_compare_addr_to_exit_policy(0, 0, router->exit_policy) < 0) + return 1; /* yes, rejects all */ + else + return 0; /* no, might accept some */ } const char *router_get_my_descriptor(void) { |