aboutsummaryrefslogtreecommitdiff
path: root/src/or/circuitbuild.c
diff options
context:
space:
mode:
authorMike Perry <mikeperry-git@fscked.org>2012-12-08 14:16:29 -0800
committerMike Perry <mikeperry-git@fscked.org>2012-12-08 14:16:29 -0800
commitb599a6ed07fd588500a256ef815e87729449626a (patch)
treed93df6cfcc53251b520c9bea5406194598369ced /src/or/circuitbuild.c
parent5f733ccd7382e8bb8289e4f8adf07f8ac001c28a (diff)
downloadtor-b599a6ed07fd588500a256ef815e87729449626a.tar.gz
tor-b599a6ed07fd588500a256ef815e87729449626a.zip
Sadly, we can't safely count client intro circ success
Diffstat (limited to 'src/or/circuitbuild.c')
-rw-r--r--src/or/circuitbuild.c42
1 files changed, 17 insertions, 25 deletions
diff --git a/src/or/circuitbuild.c b/src/or/circuitbuild.c
index 7eae0e7a9a..9b1236f34d 100644
--- a/src/or/circuitbuild.c
+++ b/src/or/circuitbuild.c
@@ -739,8 +739,12 @@ circuit_send_next_onion_skin(origin_circuit_t *circ)
circuit_has_opened(circ); /* do other actions as necessary */
/* We're done with measurement circuits here. Just close them */
- if (circ->base_.purpose == CIRCUIT_PURPOSE_C_MEASURE_TIMEOUT)
+ if (circ->base_.purpose == CIRCUIT_PURPOSE_C_MEASURE_TIMEOUT) {
+ /* If a measurement circ ever gets back to us, consider it
+ * succeeded for path bias */
+ circ->path_state = PATH_STATE_USE_SUCCEEDED;
circuit_mark_for_close(TO_CIRCUIT(circ), END_CIRC_REASON_FINISHED);
+ }
return 0;
}
@@ -1156,13 +1160,19 @@ pathbias_should_count(origin_circuit_t *circ)
/* We can't do path bias accounting without entry guards.
* Testing and controller circuits also have no guards.
+ *
* We also don't count server-side rends, because their
- * endpoint could be chosen maliciously. */
+ * endpoint could be chosen maliciously.
+ * Similarly, we can't count client-side intro attempts,
+ * because clients can be manipulated into connecting to
+ * malicious intro points. */
if (get_options()->UseEntryGuards == 0 ||
circ->base_.purpose == CIRCUIT_PURPOSE_TESTING ||
circ->base_.purpose == CIRCUIT_PURPOSE_CONTROLLER ||
circ->base_.purpose == CIRCUIT_PURPOSE_S_CONNECT_REND ||
- circ->base_.purpose == CIRCUIT_PURPOSE_S_REND_JOINED) {
+ circ->base_.purpose == CIRCUIT_PURPOSE_S_REND_JOINED ||
+ (circ->base_.purpose >= CIRCUIT_PURPOSE_C_INTRODUCING &&
+ circ->base_.purpose <= CIRCUIT_PURPOSE_C_INTRODUCE_ACKED)) {
return 0;
}
@@ -1388,7 +1398,7 @@ pathbias_check_close(origin_circuit_t *ocirc, int reason)
{
circuit_t *circ = &ocirc->base_;
- if (!pathbias_should_count(circ)) {
+ if (!pathbias_should_count(ocirc)) {
return;
}
@@ -1399,33 +1409,15 @@ pathbias_check_close(origin_circuit_t *ocirc, int reason)
// XXX: May open up attacks if the adversary can force connections
// on unresponsive hosts to use new circs. Vidalia displayes a "Retrying"
// state.. Can we use that? Does optimistic data change this?
- // XXX: Sub-attack: in collusion with an intro point, you can induce bias
- // through the web. Need a Torbutton patch to prevent this.
-
- /* FIXME: This is not ideal, but it prevents the case where a
- * CPU overloaded intro point is chosen.
- * XXX: Is this reason code authenticated? */
- if (circ->purpose == CIRCUIT_PURPOSE_C_INTRODUCING &&
- reason ==
- END_CIRC_REASON_FLAG_REMOTE|END_CIRC_REASON_RESOURCELIMIT) {
- log_info(LD_CIRC,
- "Ignoring CPU overload intro circuit without successful use. "
- "Circuit purpose %d currently %s.",
- reason, circ->purpose, circuit_state_to_string(circ->state));
- } else {
- log_info(LD_CIRC,
+
+ log_info(LD_CIRC,
"Circuit closed without successful use for reason %d. "
"Circuit purpose %d currently %s.",
reason, circ->purpose, circuit_state_to_string(circ->state));
- pathbias_count_unusable(ocirc);
- }
+ pathbias_count_unusable(ocirc);
} else {
if (reason & END_CIRC_REASON_FLAG_REMOTE) {
/* Unused remote circ close reasons all could be bias */
- // XXX: We hit this a lot for hidserv circs with purposes:
- // CIRCUIT_PURPOSE_S_CONNECT_REND (reasons: 514,517,520)
- // CIRCUIT_PURPOSE_S_REND_JOINED (reasons: 514,517,520)
- // == reasons: 2,3,8. Client-side timeouts?
log_info(LD_CIRC,
"Circuit remote-closed without successful use for reason %d. "
"Circuit purpose %d currently %s.",