diff options
| author | George Kadianakis <desnacked@riseup.net> | 2020-08-03 16:49:05 +0300 |
|---|---|---|
| committer | George Kadianakis <desnacked@riseup.net> | 2020-08-03 16:49:05 +0300 |
| commit | e069b0af4b5d5825a23f3bf6a601cc4738599be6 (patch) | |
| tree | b861220b09f0c1cb66c26a0c65c10f60e22ac499 | |
| parent | ce57404a429b2505f5832954d8a66935a592461a (diff) | |
| parent | 18d2c7c5d7eb0441d891fb7642fbbabde6c53cf2 (diff) | |
| download | tor-e069b0af4b5d5825a23f3bf6a601cc4738599be6.tar.gz tor-e069b0af4b5d5825a23f3bf6a601cc4738599be6.zip | |
Merge branch 'maint-0.4.4'
| -rw-r--r-- | changes/ticket33747 | 7 | ||||
| -rw-r--r-- | src/core/mainloop/connection.c | 7 | ||||
| -rw-r--r-- | src/core/or/connection_st.h | 3 | ||||
| -rw-r--r-- | src/feature/relay/ext_orport.c | 4 |
4 files changed, 20 insertions, 1 deletions
diff --git a/changes/ticket33747 b/changes/ticket33747 new file mode 100644 index 0000000000..57c72e9d0a --- /dev/null +++ b/changes/ticket33747 @@ -0,0 +1,7 @@ + o Minor bugfixes (rate limiting, bridges, pluggable transports): + - On a bridge, treat all connections from an ExtORPort as remote + by default for the purposes of rate-limiting. Previously, + bridges would treat the connection as local unless they explicitly + received a "USERADDR" command. ExtORPort connections still + count as local if there is a USERADDR command with an explicit local + address. Fixes bug 33747; bugfix on 0.2.5.1-alpha. diff --git a/src/core/mainloop/connection.c b/src/core/mainloop/connection.c index d5a46143e9..b89a4ae796 100644 --- a/src/core/mainloop/connection.c +++ b/src/core/mainloop/connection.c @@ -569,8 +569,12 @@ or_connection_new(int type, int socket_family) tor_addr_make_unspec(&or_conn->canonical_orport.addr); connection_or_set_canonical(or_conn, 0); - if (type == CONN_TYPE_EXT_OR) + if (type == CONN_TYPE_EXT_OR) { + /* If we aren't told an address for this connection, we should + * presume it isn't local, and should be rate-limited. */ + TO_CONN(or_conn)->always_rate_limit_as_remote = 1; connection_or_set_ext_or_identifier(or_conn); + } return or_conn; } @@ -3316,6 +3320,7 @@ connection_is_rate_limited(const connection_t *conn) if (conn->linked) return 0; /* Internal connection */ else if (! options->CountPrivateBandwidth && + ! conn->always_rate_limit_as_remote && (tor_addr_family(&conn->addr) == AF_UNSPEC || /* no address */ tor_addr_family(&conn->addr) == AF_UNIX || /* no address */ tor_addr_is_internal(&conn->addr, 0))) diff --git a/src/core/or/connection_st.h b/src/core/or/connection_st.h index f389d21f6f..082420c4bc 100644 --- a/src/core/or/connection_st.h +++ b/src/core/or/connection_st.h @@ -69,6 +69,9 @@ struct connection_t { /** True if connection_handle_write is currently running on this connection. */ unsigned int in_connection_handle_write:1; + /** If true, then we treat this connection as remote for the purpose of + * rate-limiting, no matter what its address is. */ + unsigned int always_rate_limit_as_remote:1; /* For linked connections: */ diff --git a/src/feature/relay/ext_orport.c b/src/feature/relay/ext_orport.c index cff5f42cc7..2cf30262f5 100644 --- a/src/feature/relay/ext_orport.c +++ b/src/feature/relay/ext_orport.c @@ -494,6 +494,10 @@ connection_ext_or_handle_cmd_useraddr(connection_t *conn, } conn->address = tor_addr_to_str_dup(&addr); + /* Now that we know the address, we don't have to manually override rate + * limiting. */ + conn->always_rate_limit_as_remote = 0; + return 0; } |