send on that circuit. Otherwise we might violate the proposal-110
limit. Bugfix on 0.2.1.3-alpha. Partial fix for Bug 878. Diagnosis
thanks to Karsten.
+ - When we're sending non-EXTEND cells to the first hop in a circuit
+ (for example in order to use an encrypted directory connection), we
+ don't need to use RELAY_EARLY cells: the first hop knows what kind of
+ cell it is, and nobody else can even see the cell type. This makes
+ it easier to cannibalize circuits like this later.
o Code simplifications and refactoring:
- Change our header file guard macros to be less likely to conflict
if (cell_direction == CELL_DIRECTION_OUT) {
origin_circuit_t *origin_circ = TO_ORIGIN_CIRCUIT(circ);
- if (origin_circ->remaining_relay_early_cells > 0) {
- /* If we've got any relay_early cells left, use one. Don't worry
- * about the conn protocol version: append_cell_to_circuit_queue will
- * fix it up. */
+ if (origin_circ->remaining_relay_early_cells > 0 &&
+ (relay_command == RELAY_COMMAND_EXTEND ||
+ cpath_layer != origin_circ->cpath)) {
+ /* If we've got any relay_early cells left, and we're sending a relay
+ * cell or we're not talking to the first hop, use one of them. Don't
+ * worry about the conn protocol version: append_cell_to_circuit_queue
+ * will fix it up. */
cell.command = CELL_RELAY_EARLY;
--origin_circ->remaining_relay_early_cells;
log_debug(LD_OR, "Sending a RELAY_EARLY cell; %d remaining.",
projects / thirdparty / tor.git / commitdiff
