On END_REASON_EXITPOLICY, mark circuit as unusable for that address.

Also, don't call the exit node 'reject *' unless our decision to pick that node was based on a non-summarized version of that node's exit policy. rransom and arma came up with the ideas for this fix. Fix for 7582; the summary-related part is a bugfix on 0.2.3.2-alpha.
author: Nick Mathewson <nickm@torproject.org> 2013-03-11 23:37:47 -0400
committer: Nick Mathewson <nickm@torproject.org> 2013-03-11 23:37:47 -0400
commit: 2b22c0aeef6e71d56b12411d10484aaece769178 (patch)
tree: 3d27f93cbd2c98f472c42becb6dfa5e86005ac89 /src/or/circuituse.c
parent: 051b1e8ac4114fb23904cdf8dead72d585904e0a (diff)
download: tor-2b22c0aeef6e71d56b12411d10484aaece769178.tar.gz
tor-2b22c0aeef6e71d56b12411d10484aaece769178.zip
1 files changed, 10 insertions, 3 deletions
diff --git a/src/or/circuituse.c b/src/or/circuituse.c
index 51d8716faa..6b5ca90110 100644
--- a/src/or/circuituse.c
+++ b/src/or/circuituse.c
@@ -105,6 +105,8 @@ circuit_is_acceptable(const origin_circuit_t *origin_circ,
     return 0;
 
   if (purpose == CIRCUIT_PURPOSE_C_GENERAL) {
+    tor_addr_t addr;
+    const int family = tor_addr_parse(&addr, conn->socks_request->address);
     if (!exitnode && !build_state->onehop_tunnel) {
       log_debug(LD_CIRC,"Not considering circuit with unknown router.");
       return 0; /* this circuit is screwed and doesn't know it yet,
@@ -125,9 +127,7 @@ circuit_is_acceptable(const origin_circuit_t *origin_circ,
           return 0; /* this is a circuit to somewhere else */
         if (tor_digest_is_zero(digest)) {
           /* we don't know the digest; have to compare addr:port */
-          tor_addr_t addr;
-          int r = tor_addr_parse(&addr, conn->socks_request->address);
-          if (r < 0 ||
+          if (family < 0 ||
               !tor_addr_eq(&build_state->chosen_exit->addr, &addr) ||
               build_state->chosen_exit->port != conn->socks_request->port)
             return 0;
@@ -139,6 +139,13 @@ circuit_is_acceptable(const origin_circuit_t *origin_circ,
         return 0;
       }
     }
+    if (origin_circ->prepend_policy && family != -1) {
+      int r = compare_tor_addr_to_addr_policy(&addr,
+                                              conn->socks_request->port,
+                                              origin_circ->prepend_policy);
+      if (r == ADDR_POLICY_REJECTED)
+        return 0;
+    }
     if (exitnode && !connection_ap_can_use_exit(conn, exitnode)) {
       /* can't exit from this router */
       return 0;
author	Nick Mathewson <nickm@torproject.org>	2013-03-11 23:37:47 -0400
committer	Nick Mathewson <nickm@torproject.org>	2013-03-11 23:37:47 -0400
commit	2b22c0aeef6e71d56b12411d10484aaece769178 (patch)
tree	3d27f93cbd2c98f472c42becb6dfa5e86005ac89 /src/or/circuituse.c
parent	051b1e8ac4114fb23904cdf8dead72d585904e0a (diff)
download	tor-2b22c0aeef6e71d56b12411d10484aaece769178.tar.gz tor-2b22c0aeef6e71d56b12411d10484aaece769178.zip