aboutsummaryrefslogtreecommitdiff
path: root/src/or/routerset.h
diff options
context:
space:
mode:
authorDavid Goulet <dgoulet@ev0ke.net>2015-09-02 14:53:39 +0200
committerNick Mathewson <nickm@torproject.org>2015-09-02 10:47:20 -0400
commit07b3028db74af246ca98c2d3a86d5efde9aa33c2 (patch)
tree36afeb232f96610861c14f5216355e9c7e0ab632 /src/or/routerset.h
parentf6bd8fbb806abaf4015d8b8e08a737bc09ec63f6 (diff)
downloadtor-07b3028db74af246ca98c2d3a86d5efde9aa33c2.tar.gz
tor-07b3028db74af246ca98c2d3a86d5efde9aa33c2.zip
Prohibit the use of one entry node with an HS
In a nutshell, since a circuit can not exit at its entry point, it's very easy for an attacker to find the hidden service guard if only one EntryNodes is specified since for that guard, the HS will refuse to build a rendezvous circuit to it. For now, the best solution is to stop tor to allow a single EntryNodes for an hidden service. Fixes #14917 Signed-off-by: David Goulet <dgoulet@ev0ke.net>
Diffstat (limited to 'src/or/routerset.h')
-rw-r--r--src/or/routerset.h1
1 files changed, 1 insertions, 0 deletions
diff --git a/src/or/routerset.h b/src/or/routerset.h
index 8d41de8b6b..aca7c6e74e 100644
--- a/src/or/routerset.h
+++ b/src/or/routerset.h
@@ -38,6 +38,7 @@ void routerset_subtract_nodes(smartlist_t *out,
char *routerset_to_string(const routerset_t *routerset);
int routerset_equal(const routerset_t *old, const routerset_t *new);
void routerset_free(routerset_t *routerset);
+int routerset_len(const routerset_t *set);
#ifdef ROUTERSET_PRIVATE
STATIC char * routerset_get_countryname(const char *c);