summaryrefslogtreecommitdiff
path: root/src/or
diff options
context:
space:
mode:
authorNick Mathewson <nickm@torproject.org>2012-05-15 09:41:45 -0400
committerNick Mathewson <nickm@torproject.org>2012-05-31 16:55:54 -0400
commit834654f145cc1205e20cf5f07a37bef2e11252ce (patch)
tree8175f5dd8e89a8bc6421129161fadec3ec9d5489 /src/or
parent3a9351b57e528b1d0bd2e72bcf78db7c91b2ff8f (diff)
downloadtor-834654f145cc1205e20cf5f07a37bef2e11252ce.tar.gz
tor-834654f145cc1205e20cf5f07a37bef2e11252ce.zip
Make all begindir or one-hop circuits internal
This solves bug 5283, where client traffic could get sent over the same circuit as an anonymized connection to a directory, even if that circuit used an exit node unsuitable for clients. By marking the directory connection as needs_internal, we ensure that the (non-internal!) client-traffic connection won't be sent over the same circuit.
Diffstat (limited to 'src/or')
-rw-r--r--src/or/circuituse.c8
1 files changed, 7 insertions, 1 deletions
diff --git a/src/or/circuituse.c b/src/or/circuituse.c
index 0ad8b3b51b..df33f63bb9 100644
--- a/src/or/circuituse.c
+++ b/src/or/circuituse.c
@@ -1229,7 +1229,13 @@ circuit_get_open_circ_or_launch(edge_connection_t *conn,
need_uptime = !conn->want_onehop && !conn->use_begindir &&
smartlist_string_num_isin(options->LongLivedPorts,
conn->socks_request->port);
- need_internal = desired_circuit_purpose != CIRCUIT_PURPOSE_C_GENERAL;
+
+ if (desired_circuit_purpose != CIRCUIT_PURPOSE_C_GENERAL)
+ need_internal = 1;
+ else if (conn->use_begindir || conn->want_onehop)
+ need_internal = 1;
+ else
+ need_internal = 0;
circ = circuit_get_best(conn, 1, desired_circuit_purpose,
need_uptime, need_internal);