diff options
| author | trinity-1686a <trinity@deuxfleurs.fr> | 2023-10-18 18:23:02 +0200 |
|---|---|---|
| committer | David Goulet <dgoulet@torproject.org> | 2023-10-18 13:06:10 -0400 |
| commit | eca9973e9ee62d16aa971d3a524070f6c237a9ff (patch) | |
| tree | b8328e34ea557fc0d9f35163d84b8f89870e727e /src/core/or/connection_edge.c | |
| parent | 0cf4966acf7332608f6d3dda645b48594f4795fc (diff) | |
| download | tor-eca9973e9ee62d16aa971d3a524070f6c237a9ff.tar.gz tor-eca9973e9ee62d16aa971d3a524070f6c237a9ff.zip | |
remove todos
Diffstat (limited to 'src/core/or/connection_edge.c')
| -rw-r--r-- | src/core/or/connection_edge.c | 21 |
1 files changed, 4 insertions, 17 deletions
diff --git a/src/core/or/connection_edge.c b/src/core/or/connection_edge.c index 0dbd5eb33f..fd758be75d 100644 --- a/src/core/or/connection_edge.c +++ b/src/core/or/connection_edge.c @@ -4150,9 +4150,8 @@ connection_exit_begin_conn(cell_t *cell, circuit_t *circ) log_debug(LD_EXIT,"about to start the dns_resolve()."); - /* TODO should this be moved higher to protect from a stream DoS on directory - * requests, and possibly against an onion service? (for OS, more changes - * would be required) */ + // in the future we may want to have a similar defense for BEGIN_DIR and + // BEGIN sent to OS. dos_defense_type = dos_stream_new_begin_or_resolve_cell(or_circ); switch (dos_defense_type) { case DOS_STREAM_DEFENSE_NONE: @@ -4166,17 +4165,7 @@ connection_exit_begin_conn(cell_t *cell, circuit_t *circ) return 0; case DOS_STREAM_DEFENSE_CLOSE_CIRCUIT: connection_free_(TO_CONN(n_stream)); - /* TODO we could return REASON_NONE or REASON_RESOURCELIMIT. When closing - * circuits, you either get: - * - END_CIRC_REASON_NONE: tons of notice level "We tried for 15 - * seconds to connect to 'target' using exit X. Retrying on a new - * circuit." - * - END_CIRC_REASON_RESOURCELIMIT: warn level "Guard X is failing - * to carry an extremely large amount of streams on its circuits" - * - * I'm not sure which one we want - */ - return -END_CIRC_REASON_NONE; + return -END_CIRC_REASON_RESOURCELIMIT; } /* send it off to the gethostbyname farm */ @@ -4247,9 +4236,7 @@ connection_exit_begin_resolve(cell_t *cell, or_circuit_t *circ) dns_send_resolved_error_cell(dummy_conn, RESOLVED_TYPE_ERROR_TRANSIENT); return 0; case DOS_STREAM_DEFENSE_CLOSE_CIRCUIT: - /* TODO maybe use REASON_RESOURCELIMIT? - * See connection_exit_begin_conn() */ - return -END_CIRC_REASON_NONE; + return -END_CIRC_REASON_RESOURCELIMIT; } /* send it off to the gethostbyname farm */ |