diff options
| author | David Goulet <dgoulet@torproject.org> | 2021-02-03 08:51:37 -0500 |
|---|---|---|
| committer | David Goulet <dgoulet@torproject.org> | 2021-02-03 08:51:37 -0500 |
| commit | 36b51a1c716200c65f5bb9f233c461208a8d924c (patch) | |
| tree | 244fc910a830b7938e7fecd881def21d8732478f /src | |
| parent | b2434d30d2c1071f01d9331752fc7d357169332f (diff) | |
| parent | 0f8195406e0a2a97a3167d4bb40484f4bd091289 (diff) | |
| download | tor-36b51a1c716200c65f5bb9f233c461208a8d924c.tar.gz tor-36b51a1c716200c65f5bb9f233c461208a8d924c.zip | |
Merge branch 'maint-0.4.3' into maint-0.4.4
Diffstat (limited to 'src')
| -rw-r--r-- | src/core/or/connection_edge.c | 12 | ||||
| -rw-r--r-- | src/feature/nodelist/nodelist.c | 8 |
2 files changed, 18 insertions, 2 deletions
diff --git a/src/core/or/connection_edge.c b/src/core/or/connection_edge.c index 161fd1da47..65e974f496 100644 --- a/src/core/or/connection_edge.c +++ b/src/core/or/connection_edge.c @@ -4168,6 +4168,15 @@ my_exit_policy_rejects(const tor_addr_t *addr, return 0; } +/** Return true iff the consensus allows network reentry. The default value is + * false if the parameter is not found. */ +static bool +network_reentry_is_allowed(void) +{ + /* Default is false, re-entry is not allowed. */ + return !!networkstatus_get_param(NULL, "allow-network-reentry", 0, 0, 1); +} + /** Connect to conn's specified addr and port. If it worked, conn * has now been added to the connection_array. * @@ -4205,6 +4214,8 @@ connection_exit_connect(edge_connection_t *edge_conn) * infinite-length circuits (see "A Practical Congestion Attack on Tor Using * Long Paths", Usenix Security 2009). See also ticket 2667. * + * Skip this if the network reentry is allowed (known from the consensus). + * * The TORPROTOCOL reason is used instead of EXITPOLICY so client do NOT * attempt to retry connecting onto another circuit that will also fail * bringing considerable more load on the network if so. @@ -4215,6 +4226,7 @@ connection_exit_connect(edge_connection_t *edge_conn) * reason that makes the client retry results in much worst consequences in * case of an attack so this is a small price to pay. */ if (!connection_edge_is_rendezvous_stream(edge_conn) && + !network_reentry_is_allowed() && nodelist_reentry_probably_contains(&conn->addr, conn->port)) { log_info(LD_EXIT, "%s:%d tried to connect back to a known relay address. " "Closing.", escaped_safe_str_client(conn->address), diff --git a/src/feature/nodelist/nodelist.c b/src/feature/nodelist/nodelist.c index 94c2730028..e9218cd0c7 100644 --- a/src/feature/nodelist/nodelist.c +++ b/src/feature/nodelist/nodelist.c @@ -674,8 +674,12 @@ nodelist_set_consensus(networkstatus_t *ns) address_set_free(the_nodelist->node_addrs); addr_port_set_free(the_nodelist->reentry_set); the_nodelist->node_addrs = address_set_new(estimated_addresses); - /* Times two here is for both the ORPort and DirPort. */ - the_nodelist->reentry_set = addr_port_set_new(estimated_addresses * 2); + /* Times two here is for both the ORPort and DirPort. We double it again in + * order to minimize as much as possible the false positive when looking up + * this set. Reason is that Exit streams that are legitimate but end up a + * false positive against this set will thus be considered reentry and be + * rejected which means a bad UX. */ + the_nodelist->reentry_set = addr_port_set_new(estimated_addresses * 2 * 2); SMARTLIST_FOREACH_BEGIN(ns->routerstatus_list, routerstatus_t *, rs) { node_t *node = node_get_or_create(rs->identity_digest); |