diff options
| author | Micah Elizabeth Scott <beth@torproject.org> | 2023-08-11 16:32:22 -0700 |
|---|---|---|
| committer | Micah Elizabeth Scott <beth@torproject.org> | 2023-08-11 16:32:22 -0700 |
| commit | 2b8d629079414347128aa875d864d4e734980a5c (patch) | |
| tree | 23c0262ddefeb8f6fed972a1645b904b91a03cf0 /src/core | |
| parent | 3e18507dc75afcf0c6560e966c9f18942406b0c8 (diff) | |
| download | tor-2b8d629079414347128aa875d864d4e734980a5c.tar.gz tor-2b8d629079414347128aa875d864d4e734980a5c.zip | |
Extend DoS protection to IP addresses with known relays
This exemption used to be helpful in keeping exit relays from tripping
the DoS detection subsystem and losing Tor connectivity. Now exit relays
block re-entry into the network (tor issue #2667) so it's no longer
needed. We'd like to re-enable protection on these addresses to avoid
giving attackers a way around our DoS mitigations.
Diffstat (limited to 'src/core')
| -rw-r--r-- | src/core/or/dos.c | 8 |
1 files changed, 0 insertions, 8 deletions
diff --git a/src/core/or/dos.c b/src/core/or/dos.c index b9f8eb22f2..ccdb30dbee 100644 --- a/src/core/or/dos.c +++ b/src/core/or/dos.c @@ -976,14 +976,6 @@ dos_new_client_conn(or_connection_t *or_conn, const char *transport_name) goto end; } - /* We ignore any known address meaning an address of a known relay. The - * reason to do so is because network reentry is possible where a client - * connection comes from an Exit node. Even when we'll fix reentry, this is - * a robust defense to keep in place. */ - if (nodelist_probably_contains_address(&TO_CONN(or_conn)->addr)) { - goto end; - } - /* We are only interested in client connection from the geoip cache. */ entry = geoip_lookup_client(&TO_CONN(or_conn)->addr, transport_name, GEOIP_CLIENT_CONNECT); |