[tor-commits] [tor/master] Apply StrictNodes to hidden service directories early
nickm at torproject.org
nickm at torproject.org
Tue Feb 11 15:16:59 UTC 2014
commit bb21d14255c2f5c94173dda2ba30c83478044779
Author: Nick Mathewson <nickm at torproject.org>
Date: Fri Jan 24 12:56:10 2014 -0500
Apply StrictNodes to hidden service directories early
Previously, we would sometimes decide in directory_get_from_hs_dir()
to connect to an excluded node, and then later in
directory_initiate_command_routerstatus_rend() notice that it was
excluded and strictnodes was set, and catch it as a stopgap.
Additionally, this patch preferentially tries to fetch from
non-excluded nodes even when StrictNodes is off.
Fix for bug #10722. Bugfix on 0.2.0.10-alpha (the v2 hidserv directory
system was introduced in e136f00ca). Reported by "mr-4".
---
changes/bug10722 | 8 ++++++++
src/or/rendclient.c | 27 +++++++++++++++++++++++----
2 files changed, 31 insertions(+), 4 deletions(-)
diff --git a/changes/bug10722 b/changes/bug10722
new file mode 100644
index 0000000..dd4711f
--- /dev/null
+++ b/changes/bug10722
@@ -0,0 +1,8 @@
+ o Minor bugfixes:
+ - Consider non-excluded hidden service directory servers before
+ excluded ones. Do not consider excluded hidden service directory
+ servers at all if StrictNodes was set. (Previously, we would
+ sometimes decide to connect to those servers, and then realize
+ before we initiated a connection that we had excluded them.)
+ Fix for bug #10722. Bugfix on 0.2.0.10-alpha. Reported by
+ "mr-4".
diff --git a/src/or/rendclient.c b/src/or/rendclient.c
index bb4bd9b..634a98c 100644
--- a/src/or/rendclient.c
+++ b/src/or/rendclient.c
@@ -617,11 +617,14 @@ static int
directory_get_from_hs_dir(const char *desc_id, const rend_data_t *rend_query)
{
smartlist_t *responsible_dirs = smartlist_new();
+ smartlist_t *usable_responsible_dirs = smartlist_new();
+ const or_options_t *options = get_options();
routerstatus_t *hs_dir;
char desc_id_base32[REND_DESC_ID_V2_LEN_BASE32 + 1];
time_t now = time(NULL);
char descriptor_cookie_base64[3*REND_DESC_COOKIE_LEN_BASE64];
- int tor2web_mode = get_options()->Tor2webMode;
+ const int tor2web_mode = options->Tor2webMode;
+ int excluded_some;
tor_assert(desc_id);
tor_assert(rend_query);
/* Determine responsible dirs. Even if we can't get all we want,
@@ -642,16 +645,32 @@ directory_get_from_hs_dir(const char *desc_id, const rend_data_t *rend_query)
dir, desc_id_base32, rend_query, 0, 0);
const node_t *node = node_get_by_id(dir->identity_digest);
if (last + REND_HID_SERV_DIR_REQUERY_PERIOD >= now ||
- !node || !node_has_descriptor(node))
- SMARTLIST_DEL_CURRENT(responsible_dirs, dir);
+ !node || !node_has_descriptor(node)) {
+ SMARTLIST_DEL_CURRENT(responsible_dirs, dir);
+ continue;
+ }
+ if (! routerset_contains_node(options->ExcludeNodes, node)) {
+ smartlist_add(usable_responsible_dirs, dir);
+ }
});
- hs_dir = smartlist_choose(responsible_dirs);
+ excluded_some =
+ smartlist_len(usable_responsible_dirs) < smartlist_len(responsible_dirs);
+
+ hs_dir = smartlist_choose(usable_responsible_dirs);
+ if (! hs_dir && ! options->StrictNodes)
+ hs_dir = smartlist_choose(responsible_dirs);
+
smartlist_free(responsible_dirs);
+ smartlist_free(usable_responsible_dirs);
if (!hs_dir) {
log_info(LD_REND, "Could not pick one of the responsible hidden "
"service directories, because we requested them all "
"recently without success.");
+ if (options->StrictNodes && excluded_some) {
+ log_info(LD_REND, "There are others that we could have tried, but "
+ "they are all excluded, and StrictNodes is set.");
+ }
return 0;
}
More information about the tor-commits
mailing list