diff options
| author | Roger Dingledine <arma@torproject.org> | 2009-10-17 18:52:18 -0400 |
|---|---|---|
| committer | Nick Mathewson <nickm@torproject.org> | 2011-04-26 23:53:20 -0400 |
| commit | 82178a81f6748c9b26bdc8a5da36dd34b689281b (patch) | |
| tree | ae2f2c57c28be5883cc2cdc720d29a8d63151646 /src/or/rendservice.c | |
| parent | f810a1afe990788cd8f944a515a493902df84ed1 (diff) | |
| download | tor-82178a81f6748c9b26bdc8a5da36dd34b689281b.tar.gz tor-82178a81f6748c9b26bdc8a5da36dd34b689281b.zip | |
refuse excluded hidserv nodes if strictnodes
Make hidden services more flaky for people who set both ExcludeNodes
and StrictNodes. Not recommended, especially for hidden service operators.
Diffstat (limited to 'src/or/rendservice.c')
| -rw-r--r-- | src/or/rendservice.c | 14 |
1 files changed, 13 insertions, 1 deletions
diff --git a/src/or/rendservice.c b/src/or/rendservice.c index 45039822f8..88f1ba3ddd 100644 --- a/src/or/rendservice.c +++ b/src/or/rendservice.c @@ -848,6 +848,7 @@ clean_accepted_intros(rend_service_t *service, time_t now) /** Respond to an INTRODUCE2 cell by launching a circuit to the chosen * rendezvous point. */ + /* XXX022 this function sure could use some organizing. -RD */ int rend_service_introduce(origin_circuit_t *circuit, const uint8_t *request, size_t request_len) @@ -875,6 +876,8 @@ rend_service_introduce(origin_circuit_t *circuit, const uint8_t *request, time_t now = time(NULL); char diffie_hellman_hash[DIGEST_LEN]; time_t *access_time; + or_options_t *options = get_options(); + tor_assert(circuit->rend_data); base32_encode(serviceid, REND_SERVICE_ID_LEN_BASE32+1, @@ -1047,6 +1050,15 @@ rend_service_introduce(origin_circuit_t *circuit, const uint8_t *request, goto err; } + /* Check if we'd refuse to talk to this router */ + if (options->ExcludeNodes && options->StrictNodes && + routerset_contains_extendinfo(options->ExcludeNodes, extend_info)) { + log_warn(LD_REND, "Client asked to rendezvous at a relay that we " + "exclude, and StrictNodes is set. Refusing service."); + reason = END_CIRC_REASON_INTERNAL; /* XXX might leak why we refused */ + goto err; + } + r_cookie = ptr; base16_encode(hexcookie,9,r_cookie,4); @@ -1394,7 +1406,7 @@ rend_service_intro_has_opened(origin_circuit_t *circuit) /** Called when we get an INTRO_ESTABLISHED cell; mark the circuit as a * live introduction point, and note that the service descriptor is - * now out-of-date.*/ + * now out-of-date. */ int rend_service_intro_established(origin_circuit_t *circuit, const uint8_t *request, |