GitLab

This prevents them knowing both the service and client IP addresses, and therefore being targets for network traffic logging, sybil, or hacking attacks.

We need to implement the following checks:

• if an introduction point was made using a direct connection (single onion services), refuse direct client connections,
• for v3 intro points, always refuse direct client connections
• for v2 intro points, refuse direct client connections based on a consensus parameter
• if the rend point was made using a direct connection (custom client, no tor2web for HSv3), refuse direct service connections (single onion services).

See #22688 (moved) for how this is done for HSDir3s using channel_is_client(). The comments in that patch explain why it works.

We could even refactor the common code out of connection_dir_is_anonymous() into connection_is_anonymous(), and avoid including channel[tls].h into directory.c.

I'm not sure if I will get time to do this, so please feel free to take this ticket.