[tor-commits] [tor/release-0.2.8] Fix path selection on firewalled clients

nickm at torproject.org nickm at torproject.org
Wed Aug 24 14:45:26 UTC 2016


commit b1ad024d3002e9d8581b6b96c892e5988d9e759b
Author: teor <teor2345 at gmail.com>
Date:   Thu Aug 18 12:02:33 2016 +1000

    Fix path selection on firewalled clients
    
    Signed-off-by: teor <teor2345 at gmail.com>
---
 src/or/circuitbuild.c |  9 +++++++--
 src/or/or.h           |  5 ++++-
 src/or/routerlist.c   | 14 ++++++++------
 src/or/routerlist.h   |  2 +-
 4 files changed, 20 insertions(+), 10 deletions(-)

diff --git a/src/or/circuitbuild.c b/src/or/circuitbuild.c
index 820724a..28d286c 100644
--- a/src/or/circuitbuild.c
+++ b/src/or/circuitbuild.c
@@ -1777,6 +1777,8 @@ pick_tor2web_rendezvous_node(router_crn_flags_t flags,
   const node_t *rp_node = NULL;
   const int allow_invalid = (flags & CRN_ALLOW_INVALID) != 0;
   const int need_desc = (flags & CRN_NEED_DESC) != 0;
+  const int pref_addr = (flags & CRN_PREF_ADDR) != 0;
+  const int direct_conn = (flags & CRN_DIRECT_CONN) != 0;
 
   smartlist_t *whitelisted_live_rps = smartlist_new();
   smartlist_t *all_live_nodes = smartlist_new();
@@ -1787,7 +1789,9 @@ pick_tor2web_rendezvous_node(router_crn_flags_t flags,
   router_add_running_nodes_to_smartlist(all_live_nodes,
                                         allow_invalid,
                                         0, 0, 0,
-                                        need_desc, 0);
+                                        need_desc,
+                                        pref_addr,
+                                        direct_conn);
 
   /* Filter all_live_nodes to only add live *and* whitelisted RPs to
    * the list whitelisted_live_rps. */
@@ -2155,7 +2159,8 @@ choose_good_entry_server(uint8_t purpose, cpath_build_state_t *state)
   const or_options_t *options = get_options();
   /* If possible, choose an entry server with a preferred address,
    * otherwise, choose one with an allowed address */
-  router_crn_flags_t flags = CRN_NEED_GUARD|CRN_NEED_DESC|CRN_PREF_ADDR;
+  router_crn_flags_t flags = (CRN_NEED_GUARD|CRN_NEED_DESC|CRN_PREF_ADDR|
+                              CRN_DIRECT_CONN);
   const node_t *node;
 
   if (state && options->UseEntryGuards &&
diff --git a/src/or/or.h b/src/or/or.h
index 2252f38..da84128 100644
--- a/src/or/or.h
+++ b/src/or/or.h
@@ -5255,7 +5255,10 @@ typedef enum {
   CRN_WEIGHT_AS_EXIT = 1<<5,
   CRN_NEED_DESC = 1<<6,
   /* On clients, only provide nodes that satisfy ClientPreferIPv6OR */
-  CRN_PREF_ADDR = 1<<7
+  CRN_PREF_ADDR = 1<<7,
+  /* On clients, only provide nodes that we can connect to directly, based on
+   * our firewall rules */
+  CRN_DIRECT_CONN = 1<<8
 } router_crn_flags_t;
 
 /** Return value for router_add_to_routerlist() and dirserv_add_descriptor() */
diff --git a/src/or/routerlist.c b/src/or/routerlist.c
index c358872..64baf4d 100644
--- a/src/or/routerlist.c
+++ b/src/or/routerlist.c
@@ -2017,7 +2017,7 @@ void
 router_add_running_nodes_to_smartlist(smartlist_t *sl, int allow_invalid,
                                       int need_uptime, int need_capacity,
                                       int need_guard, int need_desc,
-                                      int pref_addr)
+                                      int pref_addr, int direct_conn)
 {
   const int check_reach = !router_skip_or_reachability(get_options(),
                                                        pref_addr);
@@ -2032,10 +2032,10 @@ router_add_running_nodes_to_smartlist(smartlist_t *sl, int allow_invalid,
       continue;
     if (node_is_unreliable(node, need_uptime, need_capacity, need_guard))
       continue;
-    /* Choose a node with an OR address that matches the firewall rules */
-    if (check_reach && !fascist_firewall_allows_node(node,
-                                                     FIREWALL_OR_CONNECTION,
-                                                     pref_addr))
+    /* Choose a node with an OR address that matches the firewall rules,
+     * if we are making a direct connection */
+    if (direct_conn && check_reach &&
+        !fascist_firewall_allows_node(node, FIREWALL_OR_CONNECTION, pref_addr))
       continue;
 
     smartlist_add(sl, (void *)node);
@@ -2515,6 +2515,7 @@ router_choose_random_node(smartlist_t *excludedsmartlist,
   const int weight_for_exit = (flags & CRN_WEIGHT_AS_EXIT) != 0;
   const int need_desc = (flags & CRN_NEED_DESC) != 0;
   const int pref_addr = (flags & CRN_PREF_ADDR) != 0;
+  const int direct_conn = (flags & CRN_DIRECT_CONN) != 0;
 
   smartlist_t *sl=smartlist_new(),
     *excludednodes=smartlist_new();
@@ -2540,7 +2541,8 @@ router_choose_random_node(smartlist_t *excludedsmartlist,
 
   router_add_running_nodes_to_smartlist(sl, allow_invalid,
                                         need_uptime, need_capacity,
-                                        need_guard, need_desc, pref_addr);
+                                        need_guard, need_desc, pref_addr,
+                                        direct_conn);
   log_debug(LD_CIRC,
            "We found %d running nodes.",
             smartlist_len(sl));
diff --git a/src/or/routerlist.h b/src/or/routerlist.h
index 67cc253..cb5b42a 100644
--- a/src/or/routerlist.h
+++ b/src/or/routerlist.h
@@ -62,7 +62,7 @@ int routers_have_same_or_addrs(const routerinfo_t *r1, const routerinfo_t *r2);
 void router_add_running_nodes_to_smartlist(smartlist_t *sl, int allow_invalid,
                                            int need_uptime, int need_capacity,
                                            int need_guard, int need_desc,
-                                           int pref_addr);
+                                           int pref_addr, int direct_conn);
 
 const routerinfo_t *routerlist_find_my_routerinfo(void);
 uint32_t router_get_advertised_bandwidth(const routerinfo_t *router);





More information about the tor-commits mailing list