diff options
author | George Kadianakis <desnacked@riseup.net> | 2021-03-17 13:43:48 +0200 |
---|---|---|
committer | George Kadianakis <desnacked@riseup.net> | 2021-03-17 13:43:48 +0200 |
commit | 0ac03390e482a7ff1008f0051ac647114ce00c09 (patch) | |
tree | 4ae4f4611a0234034d8dfda61c8167c71007c6fc /src | |
parent | 36b54fc6aa5f6ac0a765e9e3355ec5310a23233d (diff) | |
parent | 59bbf8cde9144ee5c8d060959e723a4bedfd6bb8 (diff) | |
download | tor-0ac03390e482a7ff1008f0051ac647114ce00c09.tar.gz tor-0ac03390e482a7ff1008f0051ac647114ce00c09.zip |
Merge branch 'maint-0.4.5'
Diffstat (limited to 'src')
-rw-r--r-- | src/core/or/circuitbuild.c | 18 | ||||
-rw-r--r-- | src/core/or/circuitlist.h | 3 | ||||
-rw-r--r-- | src/core/or/origin_circuit_st.h | 12 | ||||
-rw-r--r-- | src/feature/control/control_cmd.c | 1 |
4 files changed, 28 insertions, 6 deletions
diff --git a/src/core/or/circuitbuild.c b/src/core/or/circuitbuild.c index c99f47465f..2bcc642a97 100644 --- a/src/core/or/circuitbuild.c +++ b/src/core/or/circuitbuild.c @@ -880,14 +880,22 @@ circuit_pick_extend_handshake(uint8_t *cell_type_out, } /** - * Return true iff <b>purpose</b> is a purpose for a circuit which is - * allowed to have no guard configured, even if the circuit is multihop + * Return true iff <b>circ</b> is allowed + * to have no guard configured, even if the circuit is multihop * and guards are enabled. */ static int -circuit_purpose_may_omit_guard(int purpose) +circuit_may_omit_guard(const origin_circuit_t *circ) { - switch (purpose) { + if (BUG(!circ)) + return 0; + + if (circ->first_hop_from_controller) { + /* The controller picked the first hop: that bypasses the guard system. */ + return 1; + } + + switch (circ->base_.purpose) { case CIRCUIT_PURPOSE_TESTING: case CIRCUIT_PURPOSE_C_MEASURE_TIMEOUT: /* Testing circuits may omit guards because they're measuring @@ -1018,7 +1026,7 @@ circuit_build_no_more_hops(origin_circuit_t *circ) guard_usable_t r; if (! circ->guard_state) { if (circuit_get_cpath_len(circ) != 1 && - ! circuit_purpose_may_omit_guard(circ->base_.purpose) && + ! circuit_may_omit_guard(circ) && get_options()->UseEntryGuards) { log_warn(LD_BUG, "%d-hop circuit %p with purpose %d has no " "guard state", diff --git a/src/core/or/circuitlist.h b/src/core/or/circuitlist.h index d87d5fd3bd..f5791d7c12 100644 --- a/src/core/or/circuitlist.h +++ b/src/core/or/circuitlist.h @@ -116,7 +116,8 @@ * bandwidth measurement, reachability test and address discovery from an * authority using the NETINFO cell. */ #define CIRCUIT_PURPOSE_TESTING 21 -/** A controller made this circuit and Tor should not use it. */ +/** A controller made this circuit and Tor should not cannibalize it or attach + * streams to it without explicitly being told. */ #define CIRCUIT_PURPOSE_CONTROLLER 22 /** This circuit is used for path bias probing only */ #define CIRCUIT_PURPOSE_PATH_BIAS_TESTING 23 diff --git a/src/core/or/origin_circuit_st.h b/src/core/or/origin_circuit_st.h index eb17f70ba3..9264077c50 100644 --- a/src/core/or/origin_circuit_st.h +++ b/src/core/or/origin_circuit_st.h @@ -168,6 +168,18 @@ struct origin_circuit_t { unsigned padding_negotiation_failed : 1; /** + * If this flag is set, then a controller chose the first hop of this + * circuit's path, and it's okay to ignore checks that we'd usually do + * on this circuit's first hop. + * + * This flag is distinct from the CIRCUIT_PURPOSE_CONTROLLER purpose: the + * purpose indicates _what tor can use the circuit for_. Controller-created + * circuits can still have the CIRCUIT_PURPOSE_GENERAL purpose if Tor is + * allowed to attach streams to them. + */ + unsigned first_hop_from_controller : 1; + + /** * Tristate variable to guard against pathbias miscounting * due to circuit purpose transitions changing the decision * of pathbias_should_count(). This variable is informational diff --git a/src/feature/control/control_cmd.c b/src/feature/control/control_cmd.c index b1dc271c4a..bd0d41d29e 100644 --- a/src/feature/control/control_cmd.c +++ b/src/feature/control/control_cmd.c @@ -814,6 +814,7 @@ handle_control_extendcircuit(control_connection_t *conn, if (zero_circ) { /* start a new circuit */ circ = origin_circuit_init(intended_purpose, 0); + circ->first_hop_from_controller = 1; } /* now circ refers to something that is ready to be extended */ |