diff options
| author | David Goulet <dgoulet@torproject.org> | 2018-01-25 16:32:28 -0500 |
|---|---|---|
| committer | David Goulet <dgoulet@torproject.org> | 2018-01-30 09:18:16 -0500 |
| commit | 36a0ae151f8f85c76b4bd91a8fc2871dd88b6005 (patch) | |
| tree | 1f141845330e9307b04c37e6e1662ee3e2380ff1 /src/or/rendmid.c | |
| parent | acf7ea77d8d76830924a14145afbcf3c95a06b0e (diff) | |
| download | tor-36a0ae151f8f85c76b4bd91a8fc2871dd88b6005.tar.gz tor-36a0ae151f8f85c76b4bd91a8fc2871dd88b6005.zip | |
dos: Add the DoSRefuseSingleHopClientRendezvous option
This option refuses any ESTABLISH_RENDEZVOUS cell arriving from a client
connection. Its default value is "auto" for which we can turn it on or off
with a consensus parameter. Default value is 0.
Signed-off-by: David Goulet <dgoulet@torproject.org>
Diffstat (limited to 'src/or/rendmid.c')
| -rw-r--r-- | src/or/rendmid.c | 12 |
1 files changed, 12 insertions, 0 deletions
diff --git a/src/or/rendmid.c b/src/or/rendmid.c index ca0ad7b0d4..441d5043ce 100644 --- a/src/or/rendmid.c +++ b/src/or/rendmid.c @@ -8,9 +8,11 @@ **/ #include "or.h" +#include "channel.h" #include "circuitlist.h" #include "circuituse.h" #include "config.h" +#include "dos.h" #include "relay.h" #include "rendmid.h" #include "rephist.h" @@ -246,6 +248,16 @@ rend_mid_establish_rendezvous(or_circuit_t *circ, const uint8_t *request, goto err; } + /* Check if we are configured to accept established rendezvous cells from + * client or in other words tor2web clients. */ + if (channel_is_client(circ->p_chan) && + dos_should_refuse_single_hop_client()) { + /* Note it down for the heartbeat log purposes. */ + dos_note_refuse_single_hop_client(); + /* Silent drop so the client has to time out before moving on. */ + return 0; + } + if (circ->base_.n_chan) { log_warn(LD_PROTOCOL, "Tried to establish rendezvous on non-edge circuit"); |