From: Nick Mathewson Date: Mon, 29 Aug 2016 19:02:11 +0000 (-0400) Subject: Merge remote-tracking branch 'teor/reject-tap-v6' X-Git-Tag: tor-0.2.9.3-alpha~111 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=bbaa7d09a045130560a2f5da579671c5e02c9cd7;p=thirdparty%2Ftor.git Merge remote-tracking branch 'teor/reject-tap-v6' --- bbaa7d09a045130560a2f5da579671c5e02c9cd7 diff --cc src/or/config.c index 31bf81877d,7478e603dc..6ab2fd8116 --- a/src/or/config.c +++ b/src/or/config.c @@@ -438,9 -438,9 +438,9 @@@ static config_var_t option_vars_[] = V(UseEntryGuardsAsDirGuards, BOOL, "1"), V(UseGuardFraction, AUTOBOOL, "auto"), V(UseMicrodescriptors, AUTOBOOL, "auto"), - V(UseNTorHandshake, AUTOBOOL, "1"), + OBSOLETE("UseNTorHandshake"), V(User, STRING, NULL), - V(UserspaceIOCPBuffers, BOOL, "0"), + OBSOLETE("UserspaceIOCPBuffers"), V(AuthDirSharedRandomness, BOOL, "1"), OBSOLETE("V1AuthoritativeDirectory"), OBSOLETE("V2AuthoritativeDirectory"), diff --cc src/or/routerlist.c index 1773f1d05c,08015038fa..74b8d1b1d3 --- a/src/or/routerlist.c +++ b/src/or/routerlist.c @@@ -2260,10 -2260,15 +2260,16 @@@ router_add_running_nodes_to_smartlist(s continue; if (node_is_unreliable(node, need_uptime, need_capacity, need_guard)) continue; - /* Choose a node with an OR address that matches the firewall rules, - * if we are making a direct connection */ + /* Don't choose nodes if we are certain they can't do ntor */ + if (node->rs && !routerstatus_version_supports_ntor(node->rs, 1)) + continue; + if ((node->ri || node->md) && !node_has_curve25519_onion_key(node)) + continue; + /* Choose a node with an OR address that matches the firewall rules */ - if (check_reach && !fascist_firewall_allows_node(node, - FIREWALL_OR_CONNECTION, - pref_addr)) + if (direct_conn && check_reach && - !fascist_firewall_allows_node(node, FIREWALL_OR_CONNECTION, pref_addr)) ++ !fascist_firewall_allows_node(node, ++ FIREWALL_OR_CONNECTION, ++ pref_addr)) continue; smartlist_add(sl, (void *)node);