diff options
| -rw-r--r-- | src/or/config.c | 1 | ||||
| -rw-r--r-- | src/or/connection_edge.c | 9 | ||||
| -rw-r--r-- | src/or/dirserv.c | 2 | ||||
| -rw-r--r-- | src/or/or.h | 5 | ||||
| -rw-r--r-- | src/or/router.c | 5 |
5 files changed, 10 insertions, 12 deletions
diff --git a/src/or/config.c b/src/or/config.c index 30a4d0f297..b509fb8621 100644 --- a/src/or/config.c +++ b/src/or/config.c @@ -1240,7 +1240,6 @@ options_act(or_options_t *old_options) return -1; } - /* Change the cell EWMA settings */ cell_ewma_set_scale_factor(options, networkstatus_get_latest_consensus()); diff --git a/src/or/connection_edge.c b/src/or/connection_edge.c index 63595151d2..361f910172 100644 --- a/src/or/connection_edge.c +++ b/src/or/connection_edge.c @@ -2488,6 +2488,7 @@ connection_exit_begin_conn(cell_t *cell, circuit_t *circ) char *address=NULL; uint16_t port; or_circuit_t *or_circ = NULL; + or_options_t *options = get_options(); assert_circuit_ok(circ); if (!CIRCUIT_IS_ORIGIN(circ)) @@ -2500,7 +2501,7 @@ connection_exit_begin_conn(cell_t *cell, circuit_t *circ) * that we have a stream connected to a circuit, and we don't connect to a * circuit until we have a pending/successful resolve. */ - if (!server_mode(get_options()) && + if (!server_mode(options) && circ->purpose != CIRCUIT_PURPOSE_S_REND_JOINED) { log_fn(LOG_PROTOCOL_WARN, LD_PROTOCOL, "Relay begin cell at non-server. Closing."); @@ -2533,11 +2534,11 @@ connection_exit_begin_conn(cell_t *cell, circuit_t *circ) tor_free(address); return 0; } - if (or_circ && or_circ->p_conn && !get_options()->AllowSingleHopExits && + if (or_circ && or_circ->p_conn && !options->AllowSingleHopExits && (or_circ->is_first_hop || (!connection_or_digest_is_known_relay( or_circ->p_conn->identity_digest) && - should_refuse_unknown_exits(get_options())))) { + should_refuse_unknown_exits(options)))) { /* Don't let clients use us as a single-hop proxy, unless the user * has explicitly allowed that in the config. It attracts attackers * and users who'd be better off with, well, single-hop proxies. @@ -2557,7 +2558,7 @@ connection_exit_begin_conn(cell_t *cell, circuit_t *circ) return 0; } } else if (rh.command == RELAY_COMMAND_BEGIN_DIR) { - if (!directory_permits_begindir_requests(get_options()) || + if (!directory_permits_begindir_requests(options) || circ->purpose != CIRCUIT_PURPOSE_OR) { relay_send_end_cell_from_edge(rh.stream_id, circ, END_STREAM_REASON_NOTDIRECTORY, NULL); diff --git a/src/or/dirserv.c b/src/or/dirserv.c index 6dca0d100f..8ae03424a2 100644 --- a/src/or/dirserv.c +++ b/src/or/dirserv.c @@ -1212,7 +1212,7 @@ directory_caches_dir_info(or_options_t *options) if (!server_mode(options) || !advertised_server_mode()) return 0; /* We need an up-to-date view of network info if we're going to try to - * block unknown exits. */ + * block exit attempts from unknown relays. */ return router_my_exit_policy_is_reject_star() && should_refuse_unknown_exits(options); } diff --git a/src/or/or.h b/src/or/or.h index 6c1c8efb8d..2e532c9ef3 100644 --- a/src/or/or.h +++ b/src/or/or.h @@ -2470,8 +2470,9 @@ typedef struct { /** Whether we should drop exit streams from Tors that we don't know are * relays. One of "0" (never refuse), "1" (always refuse), or "auto" (do - * what the consensus says). -RD */ - const char *RefuseUnknownExits; + * what the consensus says, defaulting to 'refuse' if the consensus says + * nothing). */ + char *RefuseUnknownExits; /** Parsed version of RefuseUnknownExits. -1 for auto. */ int RefuseUnknownExits_; diff --git a/src/or/router.c b/src/or/router.c index 6ae2ed0db0..d30eb1bfa9 100644 --- a/src/or/router.c +++ b/src/or/router.c @@ -982,13 +982,10 @@ server_mode(or_options_t *options) int should_refuse_unknown_exits(or_options_t *options) { - networkstatus_t *consensus; if (options->RefuseUnknownExits_ != -1) { return options->RefuseUnknownExits_; - } else if ((consensus = networkstatus_get_latest_consensus()) != NULL) { - return networkstatus_get_param(consensus, "refuseunknownexits", 1); } else { - return 1; + return networkstatus_get_param(NULL, "refuseunknownexits", 1); } } |