diff options
| author | Nick Mathewson <nickm@torproject.org> | 2006-09-21 21:48:42 +0000 |
|---|---|---|
| committer | Nick Mathewson <nickm@torproject.org> | 2006-09-21 21:48:42 +0000 |
| commit | 6a1746f98f58fd22dce2ce34840b10012b5467dd (patch) | |
| tree | c841e8d0e7522e31543583c32cc4358a2dfcc6af /src/or | |
| parent | d273d529798e44c315c94437f27c3a1349794179 (diff) | |
| download | tor-6a1746f98f58fd22dce2ce34840b10012b5467dd.tar.gz tor-6a1746f98f58fd22dce2ce34840b10012b5467dd.zip | |
r8877@Kushana: nickm | 2006-09-21 17:12:33 -0400
Consider non-exit servers unsuitable for RESOLVE commands.
svn:r8442
Diffstat (limited to 'src/or')
| -rw-r--r-- | src/or/circuituse.c | 6 | ||||
| -rw-r--r-- | src/or/connection_edge.c | 4 | ||||
| -rw-r--r-- | src/or/or.h | 1 | ||||
| -rw-r--r-- | src/or/policies.c | 16 |
4 files changed, 24 insertions, 3 deletions
diff --git a/src/or/circuituse.c b/src/or/circuituse.c index 5ac48047df..88b36a6e8f 100644 --- a/src/or/circuituse.c +++ b/src/or/circuituse.c @@ -929,9 +929,9 @@ circuit_reset_failure_count(int timeout) n_circuit_failures = 0; } -/** Find an open circ that we're happy with: return 1. If there isn't - * one, and there isn't one on the way, launch one and return 0. If it - * will never work, return -1. +/** Find an open circ that we're happy to use for <b>conn</b> and return 1. If + * there isn't one, and there isn't one on the way, launch one and return + * 0. If it will never work, return -1. * * Write the found or in-progress or launched circ into *circp. */ diff --git a/src/or/connection_edge.c b/src/or/connection_edge.c index 4e5ee2fdd1..9e540596fc 100644 --- a/src/or/connection_edge.c +++ b/src/or/connection_edge.c @@ -2082,6 +2082,10 @@ connection_ap_can_use_exit(edge_connection_t *conn, routerinfo_t *exit) exit->exit_policy); if (r == ADDR_POLICY_REJECTED || r == ADDR_POLICY_PROBABLY_REJECTED) return 0; + } else { + /* Don't send DNS requests to non-exit servers by default. */ + if (policy_is_reject_star(exit->exit_policy)) + return 0; } return 1; } diff --git a/src/or/or.h b/src/or/or.h index 3d04685288..217cb260f0 100644 --- a/src/or/or.h +++ b/src/or/or.h @@ -2269,6 +2269,7 @@ int policies_parse_exit_policy(config_line_t *cfg, addr_policy_t **dest, int rejectprivate); int exit_policy_is_general_exit(addr_policy_t *policy); +int policy_is_reject_star(addr_policy_t *policy); int policies_getinfo_helper(const char *question, char **answer); void addr_policy_free(addr_policy_t *p); diff --git a/src/or/policies.c b/src/or/policies.c index bee8324ea4..f2f7cf8aab 100644 --- a/src/or/policies.c +++ b/src/or/policies.c @@ -629,6 +629,22 @@ exit_policy_is_general_exit(addr_policy_t *policy) return n_allowed >= 2; } +/** Return false if <b>policy</b> might permit access to some addr:port; + * otherwise if we are certain it rejects everything, return true. */ +int +policy_is_reject_star(addr_policy_t *p) +{ + for ( ; p; p = p->next) { + if (p->policy_type == ADDR_POLICY_ACCEPT) + return 0; + else if (p->policy_type == ADDR_POLICY_REJECT && + p->prt_min <= 1 && p->prt_max == 65535 && + p->msk == 0) + return 1; + } + return 1; +} + int policies_getinfo_helper(const char *question, char **answer) { |