[tor-commits] [tor/master] Bug 25870: Allow the last hop in a vanguard circuit to be our guard.

nickm at torproject.org nickm at torproject.org
Tue May 8 18:14:02 UTC 2018 

commit d634c1ba6b3b5b4773ee2bc7095a004818431541
Author: Mike Perry <mikeperry-git at torproject.org>
Date:   Fri Apr 20 18:58:15 2018 +0000

    Bug 25870: Allow the last hop in a vanguard circuit to be our guard.
    
    The last hop in vanguard circuits can be an RP/IP/HSDir.
    
    Since vanguard circuits are at least 3 hops (sometimes 4) before this node,
    this change will not cause A - B - A paths.
---
 src/or/circuitbuild.c |  2 +-
 src/or/entrynodes.c   | 11 +++++++++--
 src/or/entrynodes.h   |  1 +
 3 files changed, 11 insertions(+), 3 deletions(-)

diff --git a/src/or/circuitbuild.c b/src/or/circuitbuild.c
index 54446bb01..75540e5d3 100644
--- a/src/or/circuitbuild.c
+++ b/src/or/circuitbuild.c
@@ -2628,7 +2628,7 @@ choose_good_entry_server(uint8_t purpose, cpath_build_state_t *state,
     /* This request is for an entry server to use for a regular circuit,
      * and we use entry guard nodes.  Just return one of the guard nodes.  */
     tor_assert(guard_state_out);
-    return guards_choose_guard(state, guard_state_out);
+    return guards_choose_guard(state, purpose, guard_state_out);
   }
 
   excluded = smartlist_new();
diff --git a/src/or/entrynodes.c b/src/or/entrynodes.c
index 88d1b94de..34868846f 100644
--- a/src/or/entrynodes.c
+++ b/src/or/entrynodes.c
@@ -118,6 +118,7 @@
 #include "circpathbias.h"
 #include "circuitbuild.h"
 #include "circuitlist.h"
+#include "circuituse.h"
 #include "circuitstats.h"
 #include "config.h"
 #include "confparse.h"
@@ -3473,12 +3474,18 @@ guards_update_all(void)
     used. */
 const node_t *
 guards_choose_guard(cpath_build_state_t *state,
-                   circuit_guard_state_t **guard_state_out)
+                    uint8_t purpose,
+                    circuit_guard_state_t **guard_state_out)
 {
   const node_t *r = NULL;
   const uint8_t *exit_id = NULL;
   entry_guard_restriction_t *rst = NULL;
-  if (state && (exit_id = build_state_get_exit_rsa_id(state))) {
+
+  /* Only apply restrictions if we have a specific exit node in mind, and only
+   * if we are not doing vanguard circuits: we don't want to apply guard
+   * restrictions to vanguard circuits. */
+  if (state && !circuit_should_use_vanguards(purpose) &&
+      (exit_id = build_state_get_exit_rsa_id(state))) {
     /* We're building to a targeted exit node, so that node can't be
      * chosen as our guard for this circuit.  Remember that fact in a
      * restriction. */
diff --git a/src/or/entrynodes.h b/src/or/entrynodes.h
index d56249831..e8c91da41 100644
--- a/src/or/entrynodes.h
+++ b/src/or/entrynodes.h
@@ -322,6 +322,7 @@ struct circuit_guard_state_t {
 /* Common entry points for old and new guard code */
 int guards_update_all(void);
 const node_t *guards_choose_guard(cpath_build_state_t *state,
+                                  uint8_t purpose,
                                   circuit_guard_state_t **guard_state_out);
 const node_t *guards_choose_dirguard(uint8_t dir_purpose,
                                      circuit_guard_state_t **guard_state_out);

More information about the tor-commits mailing list