From f2b1eb1f052c99e0be096b98888e9854cf57a64c Mon Sep 17 00:00:00 2001 From: David Goulet Date: Wed, 19 Jun 2019 11:09:14 -0400 Subject: [PATCH] hs: Disallow single hop client circuit when introducing This will effectively also deny any bridge to be used as a single hop to the introduction point since bridge do not authenticate like clients. Fixes #24963 Signed-off-by: David Goulet --- changes/ticket24963 | 5 +++++ src/feature/hs/hs_intropoint.c | 9 +++++++++ 2 files changed, 14 insertions(+) create mode 100644 changes/ticket24963 diff --git a/changes/ticket24963 b/changes/ticket24963 new file mode 100644 index 0000000000..50adcfaaf4 --- /dev/null +++ b/changes/ticket24963 @@ -0,0 +1,5 @@ + o Minor feature (onion service): + - Disallow single hop clients to introduce directly at the introduction + point. We've removed Tor2web a while back and rendezvous are blocked at + the relays. This is to remove load off the network from spammy clients. + Close ticket 24963. diff --git a/src/feature/hs/hs_intropoint.c b/src/feature/hs/hs_intropoint.c index 9333060e7e..447f73b602 100644 --- a/src/feature/hs/hs_intropoint.c +++ b/src/feature/hs/hs_intropoint.c @@ -10,6 +10,7 @@ #include "core/or/or.h" #include "app/config/config.h" +#include "core/or/channel.h" #include "core/or/circuitlist.h" #include "core/or/circuituse.h" #include "core/or/relay.h" @@ -546,6 +547,14 @@ circuit_is_suitable_for_introduce1(const or_circuit_t *circ) return 0; } + /* Disallow single hop client circuit. */ + if (channel_is_client(circ->p_chan)) { + log_fn(LOG_PROTOCOL_WARN, LD_PROTOCOL, + "Single hop client was rejected while trying to introduce. " + "Closing circuit."); + return 0; + } + return 1; } -- 2.47.3