aboutsummaryrefslogtreecommitdiff
path: root/src/or/rendservice.c
diff options
context:
space:
mode:
authorRoger Dingledine <arma@torproject.org>2009-10-17 18:52:18 -0400
committerNick Mathewson <nickm@torproject.org>2011-04-26 23:53:20 -0400
commit82178a81f6748c9b26bdc8a5da36dd34b689281b (patch)
treeae2f2c57c28be5883cc2cdc720d29a8d63151646 /src/or/rendservice.c
parentf810a1afe990788cd8f944a515a493902df84ed1 (diff)
downloadtor-82178a81f6748c9b26bdc8a5da36dd34b689281b.tar.gz
tor-82178a81f6748c9b26bdc8a5da36dd34b689281b.zip
refuse excluded hidserv nodes if strictnodes
Make hidden services more flaky for people who set both ExcludeNodes and StrictNodes. Not recommended, especially for hidden service operators.
Diffstat (limited to 'src/or/rendservice.c')
-rw-r--r--src/or/rendservice.c14
1 files changed, 13 insertions, 1 deletions
diff --git a/src/or/rendservice.c b/src/or/rendservice.c
index 45039822f8..88f1ba3ddd 100644
--- a/src/or/rendservice.c
+++ b/src/or/rendservice.c
@@ -848,6 +848,7 @@ clean_accepted_intros(rend_service_t *service, time_t now)
/** Respond to an INTRODUCE2 cell by launching a circuit to the chosen
* rendezvous point.
*/
+ /* XXX022 this function sure could use some organizing. -RD */
int
rend_service_introduce(origin_circuit_t *circuit, const uint8_t *request,
size_t request_len)
@@ -875,6 +876,8 @@ rend_service_introduce(origin_circuit_t *circuit, const uint8_t *request,
time_t now = time(NULL);
char diffie_hellman_hash[DIGEST_LEN];
time_t *access_time;
+ or_options_t *options = get_options();
+
tor_assert(circuit->rend_data);
base32_encode(serviceid, REND_SERVICE_ID_LEN_BASE32+1,
@@ -1047,6 +1050,15 @@ rend_service_introduce(origin_circuit_t *circuit, const uint8_t *request,
goto err;
}
+ /* Check if we'd refuse to talk to this router */
+ if (options->ExcludeNodes && options->StrictNodes &&
+ routerset_contains_extendinfo(options->ExcludeNodes, extend_info)) {
+ log_warn(LD_REND, "Client asked to rendezvous at a relay that we "
+ "exclude, and StrictNodes is set. Refusing service.");
+ reason = END_CIRC_REASON_INTERNAL; /* XXX might leak why we refused */
+ goto err;
+ }
+
r_cookie = ptr;
base16_encode(hexcookie,9,r_cookie,4);
@@ -1394,7 +1406,7 @@ rend_service_intro_has_opened(origin_circuit_t *circuit)
/** Called when we get an INTRO_ESTABLISHED cell; mark the circuit as a
* live introduction point, and note that the service descriptor is
- * now out-of-date.*/
+ * now out-of-date. */
int
rend_service_intro_established(origin_circuit_t *circuit,
const uint8_t *request,