diff options
| author | David Goulet <dgoulet@torproject.org> | 2021-01-27 21:49:56 -0500 |
|---|---|---|
| committer | David Goulet <dgoulet@torproject.org> | 2021-01-29 14:28:51 -0500 |
| commit | 8dda7bfdb84a5e4b3b422592f811a465e37bb155 (patch) | |
| tree | f9fec43b5038ff7922917faeb12e2d56c57e6a61 /src/feature/nodelist/dirlist.c | |
| parent | 0ec507171dcdeccc52c7e26deb164b99fe5c73fa (diff) | |
| download | tor-8dda7bfdb84a5e4b3b422592f811a465e37bb155.tar.gz tor-8dda7bfdb84a5e4b3b422592f811a465e37bb155.zip | |
relay: Add bloomfiter of relay address + {OR|Dir}Port
In order to deny re-entry in the network, we now keep a bloomfilter of relay
ORPort + address and authorities ORPort + address and DirPort + address
combinations.
So when an Exit stream is handled, we deny anything connecting back into the
network on the ORPorts for relays and on the ORPort+DirPort for the
authorities.
Related to #2667
Signed-off-by: David Goulet <dgoulet@torproject.org>
Diffstat (limited to 'src/feature/nodelist/dirlist.c')
| -rw-r--r-- | src/feature/nodelist/dirlist.c | 9 |
1 files changed, 6 insertions, 3 deletions
diff --git a/src/feature/nodelist/dirlist.c b/src/feature/nodelist/dirlist.c index 576a6a2e49..423c4106e2 100644 --- a/src/feature/nodelist/dirlist.c +++ b/src/feature/nodelist/dirlist.c @@ -58,10 +58,13 @@ add_trusted_dir_to_nodelist_addr_set(const dir_server_t *dir) tor_assert(dir); tor_assert(dir->is_authority); - /* Add IPv4 and then IPv6 if applicable. */ - nodelist_add_addr_to_address_set(&dir->ipv4_addr); + /* Add IPv4 and then IPv6 if applicable. For authorities, we add the ORPort + * and DirPort so re-entry into the network back to them is not possible. */ + nodelist_add_addr_to_address_set(&dir->ipv4_addr, dir->ipv4_orport, + dir->ipv4_dirport); if (!tor_addr_is_null(&dir->ipv6_addr)) { - nodelist_add_addr_to_address_set(&dir->ipv6_addr); + /* IPv6 DirPort is not a thing yet for authorities. */ + nodelist_add_addr_to_address_set(&dir->ipv6_addr, dir->ipv6_orport, 0); } } |