summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorSebastian Hahn <sebastian@torproject.org>2010-03-01 22:26:44 +0100
committerSebastian Hahn <sebastian@torproject.org>2010-06-04 21:04:08 +0200
commitfaf51fa52a7462e356927ac521ff4e6ee0703d7c (patch)
treef67a570a6d54a6e616813204180b5f66ae7b011a
parent7e300cbba36a0716b8d4ca6373ffbe372fca9713 (diff)
downloadtor-faf51fa52a7462e356927ac521ff4e6ee0703d7c.tar.gz
tor-faf51fa52a7462e356927ac521ff4e6ee0703d7c.zip
Don't cannibalize one-hop circuits
In rare cases, we could cannibalize a one-hop circuit, ending up with a two-hop circuit. This circuit would not be actually used, but we should prevent its creation in the first place. Thanks to outofwords and swissknife for helping to analyse this.
-rw-r--r--changes/dont_cannibalize_onehop_circuits6
-rw-r--r--src/or/circuitlist.c7
2 files changed, 12 insertions, 1 deletions
diff --git a/changes/dont_cannibalize_onehop_circuits b/changes/dont_cannibalize_onehop_circuits
new file mode 100644
index 0000000000..10e5fe5f38
--- /dev/null
+++ b/changes/dont_cannibalize_onehop_circuits
@@ -0,0 +1,6 @@
+ o Refactorings:
+ - Make it explicit that we don't cannibalize one-hop circuits. This happens
+ in the wild, but doesn't turn out to be a problem because we fortunately
+ don't use those circuits. Many thanks to outofwords for the initial
+ analysis and to swissknife who confirmed that two-hop circuits are
+ actually created.
diff --git a/src/or/circuitlist.c b/src/or/circuitlist.c
index 73e2e06cce..d71d6a21b0 100644
--- a/src/or/circuitlist.c
+++ b/src/or/circuitlist.c
@@ -905,6 +905,10 @@ circuit_find_to_cannibalize(uint8_t purpose, extend_info_t *info,
int need_capacity = (flags & CIRCLAUNCH_NEED_CAPACITY) != 0;
int internal = (flags & CIRCLAUNCH_IS_INTERNAL) != 0;
+ /* Make sure we're not trying to create a onehop circ by
+ * cannibalization. */
+ tor_assert(!(flags & CIRCLAUNCH_ONEHOP_TUNNEL));
+
log_debug(LD_CIRC,
"Hunting for a circ to cannibalize: purpose %d, uptime %d, "
"capacity %d, internal %d",
@@ -920,7 +924,8 @@ circuit_find_to_cannibalize(uint8_t purpose, extend_info_t *info,
if ((!need_uptime || circ->build_state->need_uptime) &&
(!need_capacity || circ->build_state->need_capacity) &&
(internal == circ->build_state->is_internal) &&
- circ->remaining_relay_early_cells) {
+ circ->remaining_relay_early_cells &&
+ !circ->build_state->onehop_tunnel) {
if (info) {
/* need to make sure we don't duplicate hops */
crypt_path_t *hop = circ->cpath;