diff options
| author | Nick Mathewson <nickm@torproject.org> | 2011-09-11 16:25:14 -0400 |
|---|---|---|
| committer | Nick Mathewson <nickm@torproject.org> | 2011-09-11 16:25:14 -0400 |
| commit | 386966142ecebc23e78e57ae26323aee33d410f9 (patch) | |
| tree | 7850b22438a98a546cd8556bf58f64e38bf6a017 /src | |
| parent | cca806c56c4b14462a610eaa835db8d081d27c14 (diff) | |
| parent | 8ea6d29fe468dc91d1c7dfc45ad5b4196e89ebdd (diff) | |
| download | tor-386966142ecebc23e78e57ae26323aee33d410f9.tar.gz tor-386966142ecebc23e78e57ae26323aee33d410f9.zip | |
Merge remote-tracking branch 'origin/maint-0.2.2'
Diffstat (limited to 'src')
| -rw-r--r-- | src/or/or.h | 7 | ||||
| -rw-r--r-- | src/or/rendservice.c | 13 |
2 files changed, 16 insertions, 4 deletions
diff --git a/src/or/or.h b/src/or/or.h index bf404df7e2..268e62fd8c 100644 --- a/src/or/or.h +++ b/src/or/or.h @@ -3898,14 +3898,17 @@ typedef struct rend_encoded_v2_service_descriptor_t { char *desc_str; /**< Descriptor string. */ } rend_encoded_v2_service_descriptor_t; -/** Introduction point information. */ +/** Introduction point information. Used both in rend_service_t (on + * the service side) and in rend_service_descriptor_t (on both the + * client and service side). */ typedef struct rend_intro_point_t { extend_info_t *extend_info; /**< Extend info of this introduction point. */ crypto_pk_env_t *intro_key; /**< Introduction key that replaces the service * key, if this descriptor is V2. */ } rend_intro_point_t; -/** Information used to connect to a hidden service. */ +/** Information used to connect to a hidden service. Used on both the + * service side and the client side. */ typedef struct rend_service_descriptor_t { crypto_pk_env_t *pk; /**< This service's public key. */ int version; /**< Version of the descriptor format: 0 or 2. */ diff --git a/src/or/rendservice.c b/src/or/rendservice.c index 13bf5ad450..440359a321 100644 --- a/src/or/rendservice.c +++ b/src/or/rendservice.c @@ -1021,7 +1021,9 @@ rend_service_introduce(origin_circuit_t *circuit, const uint8_t *request, v3_shift += 4; if ((now - ts) < -1 * REND_REPLAY_TIME_INTERVAL / 2 || (now - ts) > REND_REPLAY_TIME_INTERVAL / 2) { - log_warn(LD_REND, "INTRODUCE2 cell is too %s. Discarding.", + /* This is far more likely to mean that a client's clock is + * skewed than that a replay attack is in progress. */ + log_info(LD_REND, "INTRODUCE2 cell is too %s. Discarding.", (now - ts) < 0 ? "old" : "new"); return -1; } @@ -1125,7 +1127,14 @@ rend_service_introduce(origin_circuit_t *circuit, const uint8_t *request, * part 1. */ access_time = digestmap_get(service->accepted_intros, diffie_hellman_hash); if (access_time != NULL) { - log_warn(LD_REND, "Possible replay detected! We received an " + /* A Tor client will send a new INTRODUCE1 cell with the same rend + * cookie and DH public key as its previous one if its intro circ + * times out while in state CIRCUIT_PURPOSE_C_INTRODUCE_ACK_WAIT . + * If we received the first INTRODUCE1 cell (the intro-point relay + * converts it into an INTRODUCE2 cell), we are already trying to + * connect to that rend point (and may have already succeeded); + * drop this cell. */ + log_info(LD_REND, "We received an " "INTRODUCE2 cell with same first part of " "Diffie-Hellman handshake %d seconds ago. Dropping " "cell.", |