From 1badef5cec84c90d0517715e09b219c7b8450c6c Mon Sep 17 00:00:00 2001 From: Nick Mathewson Date: Wed, 14 May 2014 21:49:57 -0400 Subject: Use DirPort for uploading descriptors. When we converted the horrible set of options that previously controlled "use ORPort or DirPort? Anonymously or Non-anonymouly?" to a single 'indirection' argument, we missed directory_post_to_dirservers. The problematic code was introduced in 5cbeb6080, which went into 0.2.4.3-alpha. This is a fix for bug 11469. --- changes/bug11469 | 6 ++++++ src/or/directory.c | 16 ++++++++++++---- 2 files changed, 18 insertions(+), 4 deletions(-) create mode 100644 changes/bug11469 diff --git a/changes/bug11469 b/changes/bug11469 new file mode 100644 index 000000000..8517d388e --- /dev/null +++ b/changes/bug11469 @@ -0,0 +1,6 @@ + o Major bugfixes (relay): + - When uploading to the directory authorities, use a direct dirport + connection if we are a uploading an ordinary, non-anonymous directory + object. Previously, relays would used tunnel connections under a + fairly wide variety of circumstances. Fixes bug 11469; bugfix on + 0.2.4.3-alpha. diff --git a/src/or/directory.c b/src/or/directory.c index 3752367c4..494d37110 100644 --- a/src/or/directory.c +++ b/src/or/directory.c @@ -279,7 +279,7 @@ directory_post_to_dirservers(uint8_t dir_purpose, uint8_t router_purpose, size_t payload_len, size_t extrainfo_len) { const or_options_t *options = get_options(); - int post_via_tor; + dir_indirection_t indirection; const smartlist_t *dirservers = router_get_trusted_dir_servers(); int found = 0; const int exclude_self = (dir_purpose == DIR_PURPOSE_UPLOAD_VOTE || @@ -319,11 +319,19 @@ directory_post_to_dirservers(uint8_t dir_purpose, uint8_t router_purpose, (int) extrainfo_len); } tor_addr_from_ipv4h(&ds_addr, ds->addr); - post_via_tor = purpose_needs_anonymity(dir_purpose, router_purpose) || - !fascist_firewall_allows_address_dir(&ds_addr, ds->dir_port); + if (purpose_needs_anonymity(dir_purpose, router_purpose)) { + indirection = DIRIND_ANONYMOUS; + } else if (!fascist_firewall_allows_address_dir(&ds_addr,ds->dir_port)) { + if (fascist_firewall_allows_address_or(&ds_addr,ds->or_port)) + indirection = DIRIND_ONEHOP; + else + indirection = DIRIND_ANONYMOUS; + } else { + indirection = DIRIND_DIRECT_CONN; + } directory_initiate_command_routerstatus(rs, dir_purpose, router_purpose, - post_via_tor, + indirection, NULL, payload, upload_len, 0); } SMARTLIST_FOREACH_END(ds); if (!found) { -- cgit v1.2.3