[tor-commits] [tor/maint-0.3.1] dos: Exclude known relays from client connection count

nickm at torproject.org nickm at torproject.org
Fri Feb 16 14:56:18 UTC 2018


commit 666582a679cdfb2d69620db6aadf55a57d430e23
Author: David Goulet <dgoulet at torproject.org>
Date:   Fri Feb 9 11:11:41 2018 -0500

    dos: Exclude known relays from client connection count
    
    This is to avoid positively identifying Exit relays if tor client connection
    comes from them that is reentering the network.
    
    One thing to note is that this is done only in the DoS subsystem but we'll
    still add it to the geoip cache as a "client" seen. This is done that way so
    to avoid as much as possible changing the current behavior of the geoip client
    cache since this is being backported.
    
    Closes #25193
    
    Signed-off-by: David Goulet <dgoulet at torproject.org>
---
 src/or/dos.c | 9 +++++++++
 1 file changed, 9 insertions(+)

diff --git a/src/or/dos.c b/src/or/dos.c
index 88f1351a3..9e8a7a9ab 100644
--- a/src/or/dos.c
+++ b/src/or/dos.c
@@ -14,6 +14,7 @@
 #include "geoip.h"
 #include "main.h"
 #include "networkstatus.h"
+#include "nodelist.h"
 #include "router.h"
 
 #include "dos.h"
@@ -664,6 +665,14 @@ dos_new_client_conn(or_connection_t *or_conn)
     goto end;
   }
 
+  /* We ignore any known address meaning an address of a known relay. The
+   * reason to do so is because network reentry is possible where a client
+   * connection comes from an Exit node. Even when we'll fix reentry, this is
+   * a robust defense to keep in place. */
+  if (nodelist_probably_contains_address(&or_conn->real_addr)) {
+    goto end;
+  }
+
   /* We are only interested in client connection from the geoip cache. */
   entry = geoip_lookup_client(&or_conn->real_addr, NULL,
                               GEOIP_CLIENT_CONNECT);





More information about the tor-commits mailing list