diff options
author | Nick Mathewson <nickm@torproject.org> | 2012-05-15 09:41:45 -0400 |
---|---|---|
committer | Nick Mathewson <nickm@torproject.org> | 2012-05-31 16:55:54 -0400 |
commit | 834654f145cc1205e20cf5f07a37bef2e11252ce (patch) | |
tree | 8175f5dd8e89a8bc6421129161fadec3ec9d5489 | |
parent | 3a9351b57e528b1d0bd2e72bcf78db7c91b2ff8f (diff) | |
download | tor-834654f145cc1205e20cf5f07a37bef2e11252ce.tar.gz tor-834654f145cc1205e20cf5f07a37bef2e11252ce.zip |
Make all begindir or one-hop circuits internal
This solves bug 5283, where client traffic could get sent over the
same circuit as an anonymized connection to a directory, even if
that circuit used an exit node unsuitable for clients. By marking
the directory connection as needs_internal, we ensure that the
(non-internal!) client-traffic connection won't be sent over the
same circuit.
-rw-r--r-- | src/or/circuituse.c | 8 |
1 files changed, 7 insertions, 1 deletions
diff --git a/src/or/circuituse.c b/src/or/circuituse.c index 0ad8b3b51b..df33f63bb9 100644 --- a/src/or/circuituse.c +++ b/src/or/circuituse.c @@ -1229,7 +1229,13 @@ circuit_get_open_circ_or_launch(edge_connection_t *conn, need_uptime = !conn->want_onehop && !conn->use_begindir && smartlist_string_num_isin(options->LongLivedPorts, conn->socks_request->port); - need_internal = desired_circuit_purpose != CIRCUIT_PURPOSE_C_GENERAL; + + if (desired_circuit_purpose != CIRCUIT_PURPOSE_C_GENERAL) + need_internal = 1; + else if (conn->use_begindir || conn->want_onehop) + need_internal = 1; + else + need_internal = 0; circ = circuit_get_best(conn, 1, desired_circuit_purpose, need_uptime, need_internal); |