diff options
| author | teor (Tim Wilson-Brown) <teor2345@gmail.com> | 2016-07-07 12:58:47 +1000 |
|---|---|---|
| committer | teor (Tim Wilson-Brown) <teor2345@gmail.com> | 2016-07-15 09:55:49 +1000 |
| commit | 579a80d4ae54ec03fd9b02c4a125b2943770c85d (patch) | |
| tree | 816ee00f3ed7dff2fe350d1a2fcb49469baea1ac /src/or/routerlist.c | |
| parent | a76d528bec970e500d3339d9e0f253bded17c338 (diff) | |
| download | tor-579a80d4ae54ec03fd9b02c4a125b2943770c85d.tar.gz tor-579a80d4ae54ec03fd9b02c4a125b2943770c85d.zip | |
Clients avoid choosing nodes that can't do ntor
If we know a node's version, and it can't do ntor, consider it not running.
If we have a node's descriptor, and it doesn't have a valid ntor key,
consider it not running.
Refactor these checks so they're consistent between authorities and clients.
Diffstat (limited to 'src/or/routerlist.c')
| -rw-r--r-- | src/or/routerlist.c | 44 |
1 files changed, 44 insertions, 0 deletions
diff --git a/src/or/routerlist.c b/src/or/routerlist.c index 6ea9d8b0d1..08015038fa 100644 --- a/src/or/routerlist.c +++ b/src/or/routerlist.c @@ -2260,6 +2260,11 @@ router_add_running_nodes_to_smartlist(smartlist_t *sl, int allow_invalid, continue; if (node_is_unreliable(node, need_uptime, need_capacity, need_guard)) continue; + /* Don't choose nodes if we are certain they can't do ntor */ + if (node->rs && !routerstatus_version_supports_ntor(node->rs, 1)) + continue; + if ((node->ri || node->md) && !node_has_curve25519_onion_key(node)) + continue; /* Choose a node with an OR address that matches the firewall rules */ if (check_reach && !fascist_firewall_allows_node(node, FIREWALL_OR_CONNECTION, @@ -5488,6 +5493,45 @@ routerinfo_incompatible_with_extrainfo(const crypto_pk_t *identity_pkey, return r; } +/* Does ri have a valid ntor onion key? + * Valid ntor onion keys exist and have at least one non-zero byte. */ +int +routerinfo_has_curve25519_onion_key(const routerinfo_t *ri) +{ + if (!ri) { + return 0; + } + + if (!ri->onion_curve25519_pkey) { + return 0; + } + + if (tor_mem_is_zero((const char*)ri->onion_curve25519_pkey->public_key, + CURVE25519_PUBKEY_LEN)) { + return 0; + } + + return 1; +} + +/* Is rs running a tor version known to support ntor? + * If allow_unknown_versions is true, return true if the version is unknown. + * Otherwise, return false if the version is unknown. */ +int +routerstatus_version_supports_ntor(const routerstatus_t *rs, + int allow_unknown_versions) +{ + if (!rs) { + return allow_unknown_versions; + } + + if (!rs->version_known) { + return allow_unknown_versions; + } + + return rs->version_supports_extend2_cells; +} + /** Assert that the internal representation of <b>rl</b> is * self-consistent. */ void |