[tor/master] Merge remote-tracking branch 'teor/reject-tap-v6' - tor-commits

29 Aug 2016

commit bbaa7d09a045130560a2f5da579671c5e02c9cd7
Merge: f46ce6e 19816f2
Author: Nick Mathewson nickm@torproject.org
Date:   Mon Aug 29 15:02:11 2016 -0400
Merge remote-tracking branch 'teor/reject-tap-v6'
changes/reject-tap     |  15 ++++
 doc/tor.1.txt          |  10 ---
 src/or/circuitbuild.c  | 230 +++++++++++++++++++++++++++++++++++--------------
 src/or/circuitbuild.h  |   5 ++
 src/or/circuitlist.c   |   6 +-
 src/or/config.c        |   2 +-
 src/or/dirserv.c       |  14 +++
 src/or/networkstatus.c |   6 ++
 src/or/nodelist.c      |  28 +++++-
 src/or/onion.c         |   4 +-
 src/or/or.h            |   3 -
 src/or/rendclient.c    |   7 +-
 src/or/rendservice.c   |   8 ++
 src/or/rendservice.h   |   2 +
 src/or/router.c        |   4 +
 src/or/routerlist.c    |  51 ++++++++++-
 src/or/routerlist.h    |   3 +
 src/test/test_dir.c    |  20 +++--
 18 files changed, 325 insertions(+), 93 deletions(-)
diff --cc src/or/config.c
index 31bf818,7478e60..6ab2fd8

--- a/src/or/config.c
+++ b/src/or/config.c
@@@ -438,9 -438,9 +438,9 @@@ static config_var_t option_vars_[] = 
    V(UseEntryGuardsAsDirGuards,   BOOL,     "1"),
    V(UseGuardFraction,            AUTOBOOL, "auto"),
    V(UseMicrodescriptors,         AUTOBOOL, "auto"),
-   V(UseNTorHandshake,            AUTOBOOL, "1"),
+   OBSOLETE("UseNTorHandshake"),
    V(User,                        STRING,   NULL),
 -  V(UserspaceIOCPBuffers,        BOOL,     "0"),
 +  OBSOLETE("UserspaceIOCPBuffers"),
    V(AuthDirSharedRandomness,     BOOL,     "1"),
    OBSOLETE("V1AuthoritativeDirectory"),
    OBSOLETE("V2AuthoritativeDirectory"),
diff --cc src/or/routerlist.c
index 1773f1d,0801503..74b8d1b
--- a/src/or/routerlist.c
+++ b/src/or/routerlist.c
@@@ -2260,10 -2260,15 +2260,16 @@@ router_add_running_nodes_to_smartlist(s
        continue;
      if (node_is_unreliable(node, need_uptime, need_capacity, need_guard))
        continue;
-     /* Choose a node with an OR address that matches the firewall rules,
-      * if we are making a direct connection */
+     /* Don't choose nodes if we are certain they can't do ntor */
+     if (node->rs && !routerstatus_version_supports_ntor(node->rs, 1))
+       continue;
+     if ((node->ri || node->md) && !node_has_curve25519_onion_key(node))
+       continue;
+     /* Choose a node with an OR address that matches the firewall rules */
 -    if (check_reach && !fascist_firewall_allows_node(node,
 -                                                     FIREWALL_OR_CONNECTION,
 -                                                     pref_addr))
 +    if (direct_conn && check_reach &&
-         !fascist_firewall_allows_node(node, FIREWALL_OR_CONNECTION, pref_addr))
++        !fascist_firewall_allows_node(node,
++                                      FIREWALL_OR_CONNECTION,
++                                      pref_addr))
        continue;
smartlist_add(sl, (void *)node);

    