diff options
author | Nick Mathewson <nickm@torproject.org> | 2020-10-07 08:26:04 -0400 |
---|---|---|
committer | Nick Mathewson <nickm@torproject.org> | 2020-10-07 08:26:04 -0400 |
commit | 701a1936fae48c6887cadd90dbe50ae84a00a29f (patch) | |
tree | e27f1784f683a1c2969272f452cb095613e032f7 | |
parent | a49373844cd3c7047759244a6a5c103304d88a7b (diff) | |
parent | ad7ffa5240c4b3a9b675a12f0705d9cbe0bc8beb (diff) | |
download | tor-701a1936fae48c6887cadd90dbe50ae84a00a29f.tar.gz tor-701a1936fae48c6887cadd90dbe50ae84a00a29f.zip |
Merge branch 'maint-0.3.5' into maint-0.4.3
-rw-r--r-- | changes/ticket33747 | 7 | ||||
-rw-r--r-- | src/core/mainloop/connection.c | 7 | ||||
-rw-r--r-- | src/core/or/connection_st.h | 3 | ||||
-rw-r--r-- | src/feature/relay/ext_orport.c | 4 |
4 files changed, 20 insertions, 1 deletions
diff --git a/changes/ticket33747 b/changes/ticket33747 new file mode 100644 index 0000000000..57c72e9d0a --- /dev/null +++ b/changes/ticket33747 @@ -0,0 +1,7 @@ + o Minor bugfixes (rate limiting, bridges, pluggable transports): + - On a bridge, treat all connections from an ExtORPort as remote + by default for the purposes of rate-limiting. Previously, + bridges would treat the connection as local unless they explicitly + received a "USERADDR" command. ExtORPort connections still + count as local if there is a USERADDR command with an explicit local + address. Fixes bug 33747; bugfix on 0.2.5.1-alpha. diff --git a/src/core/mainloop/connection.c b/src/core/mainloop/connection.c index 268c7a70be..fd8c7e37ab 100644 --- a/src/core/mainloop/connection.c +++ b/src/core/mainloop/connection.c @@ -383,8 +383,12 @@ or_connection_new(int type, int socket_family) connection_or_set_canonical(or_conn, 0); - if (type == CONN_TYPE_EXT_OR) + if (type == CONN_TYPE_EXT_OR) { + /* If we aren't told an address for this connection, we should + * presume it isn't local, and should be rate-limited. */ + TO_CONN(or_conn)->always_rate_limit_as_remote = 1; connection_or_set_ext_or_identifier(or_conn); + } return or_conn; } @@ -3152,6 +3156,7 @@ connection_is_rate_limited(const connection_t *conn) if (conn->linked) return 0; /* Internal connection */ else if (! options->CountPrivateBandwidth && + ! conn->always_rate_limit_as_remote && (tor_addr_family(&conn->addr) == AF_UNSPEC || /* no address */ tor_addr_family(&conn->addr) == AF_UNIX || /* no address */ tor_addr_is_internal(&conn->addr, 0))) diff --git a/src/core/or/connection_st.h b/src/core/or/connection_st.h index 55d94d9451..685c9f89f4 100644 --- a/src/core/or/connection_st.h +++ b/src/core/or/connection_st.h @@ -69,6 +69,9 @@ struct connection_t { /** True if connection_handle_write is currently running on this connection. */ unsigned int in_connection_handle_write:1; + /** If true, then we treat this connection as remote for the purpose of + * rate-limiting, no matter what its address is. */ + unsigned int always_rate_limit_as_remote:1; /* For linked connections: */ diff --git a/src/feature/relay/ext_orport.c b/src/feature/relay/ext_orport.c index ce4e043dd7..3a9e4abfd0 100644 --- a/src/feature/relay/ext_orport.c +++ b/src/feature/relay/ext_orport.c @@ -494,6 +494,10 @@ connection_ext_or_handle_cmd_useraddr(connection_t *conn, } conn->address = tor_addr_to_str_dup(&addr); + /* Now that we know the address, we don't have to manually override rate + * limiting. */ + conn->always_rate_limit_as_remote = 0; + return 0; } |