diff options
| author | Mike Perry <mikeperry-git@torproject.org> | 2018-04-20 18:58:15 +0000 |
|---|---|---|
| committer | George Kadianakis <desnacked@riseup.net> | 2018-04-28 01:26:50 +0300 |
| commit | d634c1ba6b3b5b4773ee2bc7095a004818431541 (patch) | |
| tree | 9126904cf95136aaf466c8f124715dc3adcc6e37 | |
| parent | d8ac7d557c0af199d21639a52a8c8c9dd201f555 (diff) | |
| download | tor-d634c1ba6b3b5b4773ee2bc7095a004818431541.tar.gz tor-d634c1ba6b3b5b4773ee2bc7095a004818431541.zip | |
Bug 25870: Allow the last hop in a vanguard circuit to be our guard.
The last hop in vanguard circuits can be an RP/IP/HSDir.
Since vanguard circuits are at least 3 hops (sometimes 4) before this node,
this change will not cause A - B - A paths.
| -rw-r--r-- | src/or/circuitbuild.c | 2 | ||||
| -rw-r--r-- | src/or/entrynodes.c | 11 | ||||
| -rw-r--r-- | src/or/entrynodes.h | 1 |
3 files changed, 11 insertions, 3 deletions
diff --git a/src/or/circuitbuild.c b/src/or/circuitbuild.c index 54446bb01d..75540e5d36 100644 --- a/src/or/circuitbuild.c +++ b/src/or/circuitbuild.c @@ -2628,7 +2628,7 @@ choose_good_entry_server(uint8_t purpose, cpath_build_state_t *state, /* This request is for an entry server to use for a regular circuit, * and we use entry guard nodes. Just return one of the guard nodes. */ tor_assert(guard_state_out); - return guards_choose_guard(state, guard_state_out); + return guards_choose_guard(state, purpose, guard_state_out); } excluded = smartlist_new(); diff --git a/src/or/entrynodes.c b/src/or/entrynodes.c index 88d1b94deb..34868846f1 100644 --- a/src/or/entrynodes.c +++ b/src/or/entrynodes.c @@ -118,6 +118,7 @@ #include "circpathbias.h" #include "circuitbuild.h" #include "circuitlist.h" +#include "circuituse.h" #include "circuitstats.h" #include "config.h" #include "confparse.h" @@ -3473,12 +3474,18 @@ guards_update_all(void) used. */ const node_t * guards_choose_guard(cpath_build_state_t *state, - circuit_guard_state_t **guard_state_out) + uint8_t purpose, + circuit_guard_state_t **guard_state_out) { const node_t *r = NULL; const uint8_t *exit_id = NULL; entry_guard_restriction_t *rst = NULL; - if (state && (exit_id = build_state_get_exit_rsa_id(state))) { + + /* Only apply restrictions if we have a specific exit node in mind, and only + * if we are not doing vanguard circuits: we don't want to apply guard + * restrictions to vanguard circuits. */ + if (state && !circuit_should_use_vanguards(purpose) && + (exit_id = build_state_get_exit_rsa_id(state))) { /* We're building to a targeted exit node, so that node can't be * chosen as our guard for this circuit. Remember that fact in a * restriction. */ diff --git a/src/or/entrynodes.h b/src/or/entrynodes.h index d562498313..e8c91da41b 100644 --- a/src/or/entrynodes.h +++ b/src/or/entrynodes.h @@ -322,6 +322,7 @@ struct circuit_guard_state_t { /* Common entry points for old and new guard code */ int guards_update_all(void); const node_t *guards_choose_guard(cpath_build_state_t *state, + uint8_t purpose, circuit_guard_state_t **guard_state_out); const node_t *guards_choose_dirguard(uint8_t dir_purpose, circuit_guard_state_t **guard_state_out); |