Commit 834654f1 authored by Nick Mathewson's avatar Nick Mathewson 🐚
Browse files

Make all begindir or one-hop circuits internal 

This solves bug 5283, where client traffic could get sent over the
same circuit as an anonymized connection to a directory, even if
that circuit used an exit node unsuitable for clients.  By marking
the directory connection as needs_internal, we ensure that the
(non-internal!) client-traffic connection won't be sent over the
same circuit.
parent 3a9351b5

src/or/circuituse.c

+7 −1
Original line number Original line Diff line number Diff line
@@ -1229,7 +1229,13 @@ circuit_get_open_circ_or_launch(edge_connection_t *conn, 
  need_uptime = !conn->want_onehop && !conn->use_begindir &&

  need_uptime = !conn->want_onehop && !conn->use_begindir &&

                smartlist_string_num_isin(options->LongLivedPorts,

                smartlist_string_num_isin(options->LongLivedPorts,

                                          conn->socks_request->port);

                                          conn->socks_request->port);

  need_internal = desired_circuit_purpose != CIRCUIT_PURPOSE_C_GENERAL;



  if (desired_circuit_purpose != CIRCUIT_PURPOSE_C_GENERAL)

    need_internal = 1;

  else if (conn->use_begindir || conn->want_onehop)

    need_internal = 1;

  else

    need_internal = 0;





  circ = circuit_get_best(conn, 1, desired_circuit_purpose,

  circ = circuit_get_best(conn, 1, desired_circuit_purpose,

                          need_uptime, need_internal);

                          need_uptime, need_internal);