char *address=NULL;
uint16_t port;
or_circuit_t *or_circ = NULL;
+ or_options_t *options = get_options();
assert_circuit_ok(circ);
if (!CIRCUIT_IS_ORIGIN(circ))
* that we have a stream connected to a circuit, and we don't connect to a
* circuit until we have a pending/successful resolve. */
- if (!server_mode(get_options()) &&
+ if (!server_mode(options) &&
circ->purpose != CIRCUIT_PURPOSE_S_REND_JOINED) {
log_fn(LOG_PROTOCOL_WARN, LD_PROTOCOL,
"Relay begin cell at non-server. Closing.");
tor_free(address);
return 0;
}
- if (or_circ && or_circ->p_conn && !get_options()->AllowSingleHopExits &&
+ if (or_circ && or_circ->p_conn && !options->AllowSingleHopExits &&
(or_circ->is_first_hop ||
(!connection_or_digest_is_known_relay(
or_circ->p_conn->identity_digest) &&
- should_refuse_unknown_exits(get_options())))) {
+ should_refuse_unknown_exits(options)))) {
/* Don't let clients use us as a single-hop proxy, unless the user
* has explicitly allowed that in the config. It attracts attackers
* and users who'd be better off with, well, single-hop proxies.
return 0;
}
} else if (rh.command == RELAY_COMMAND_BEGIN_DIR) {
- if (!directory_permits_begindir_requests(get_options()) ||
+ if (!directory_permits_begindir_requests(options) ||
circ->purpose != CIRCUIT_PURPOSE_OR) {
relay_send_end_cell_from_edge(rh.stream_id, circ,
END_STREAM_REASON_NOTDIRECTORY, NULL);
if (!server_mode(options) || !advertised_server_mode())
return 0;
/* We need an up-to-date view of network info if we're going to try to
- * block unknown exits. */
+ * block exit attempts from unknown relays. */
return router_my_exit_policy_is_reject_star() &&
should_refuse_unknown_exits(options);
}
/** Whether we should drop exit streams from Tors that we don't know are
* relays. One of "0" (never refuse), "1" (always refuse), or "auto" (do
- * what the consensus says). -RD */
- const char *RefuseUnknownExits;
+ * what the consensus says, defaulting to 'refuse' if the consensus says
+ * nothing). */
+ char *RefuseUnknownExits;
/** Parsed version of RefuseUnknownExits. -1 for auto. */
int RefuseUnknownExits_;
int
should_refuse_unknown_exits(or_options_t *options)
{
- networkstatus_t *consensus;
if (options->RefuseUnknownExits_ != -1) {
return options->RefuseUnknownExits_;
- } else if ((consensus = networkstatus_get_latest_consensus()) != NULL) {
- return networkstatus_get_param(consensus, "refuseunknownexits", 1);
} else {
- return 1;
+ return networkstatus_get_param(NULL, "refuseunknownexits", 1);
}
}
projects / thirdparty / tor.git / commitdiff
