[tor-commits] [tor/release-0.4.4] relay: Follow consensus parameter for network reentry

dgoulet at torproject.org dgoulet at torproject.org
Wed Feb 3 14:50:40 UTC 2021


commit ce3af5dd5948cd9c24fc5b5f70814b38cbca46a9
Author: David Goulet <dgoulet at torproject.org>
Date:   Mon Feb 1 08:56:27 2021 -0500

    relay: Follow consensus parameter for network reentry
    
    Obey the "allow-network-reentry" consensus parameters in order to decide to
    allow it or not at the Exit.
    
    Closes #40268
    
    Signed-off-by: David Goulet <dgoulet at torproject.org>
---
 src/core/or/connection_edge.c | 12 ++++++++++++
 1 file changed, 12 insertions(+)

diff --git a/src/core/or/connection_edge.c b/src/core/or/connection_edge.c
index f9a9bbdb73..b40fa3e567 100644
--- a/src/core/or/connection_edge.c
+++ b/src/core/or/connection_edge.c
@@ -4003,6 +4003,15 @@ my_exit_policy_rejects(const tor_addr_t *addr,
   return 0;
 }
 
+/** Return true iff the consensus allows network reentry. The default value is
+ * false if the parameter is not found. */
+static bool
+network_reentry_is_allowed(void)
+{
+  /* Default is false, re-entry is not allowed. */
+  return !!networkstatus_get_param(NULL, "allow-network-reentry", 0, 0, 1);
+}
+
 /** Connect to conn's specified addr and port. If it worked, conn
  * has now been added to the connection_array.
  *
@@ -4040,6 +4049,8 @@ connection_exit_connect(edge_connection_t *edge_conn)
    * infinite-length circuits (see "A Practical Congestion Attack on Tor Using
    * Long Paths", Usenix Security 2009). See also ticket 2667.
    *
+   * Skip this if the network reentry is allowed (known from the consensus).
+   *
    * The TORPROTOCOL reason is used instead of EXITPOLICY so client do NOT
    * attempt to retry connecting onto another circuit that will also fail
    * bringing considerable more load on the network if so.
@@ -4050,6 +4061,7 @@ connection_exit_connect(edge_connection_t *edge_conn)
    * reason that makes the client retry results in much worst consequences in
    * case of an attack so this is a small price to pay. */
   if (!connection_edge_is_rendezvous_stream(edge_conn) &&
+      !network_reentry_is_allowed() &&
       nodelist_reentry_probably_contains(&conn->addr, conn->port)) {
     log_info(LD_EXIT, "%s:%d tried to connect back to a known relay address. "
                       "Closing.", escaped_safe_str_client(conn->address),





More information about the tor-commits mailing list