Merge branch 'maint-0.4.4'

torproject · Aug 3, 2020 · e069b0a · e069b0a
2 parents ce57404 + 18d2c7c
commit e069b0a
Show file tree

Hide file tree

Showing 4 changed files with 20 additions and 1 deletion.
diff --git a/changes/ticket33747 b/changes/ticket33747
@@ -0,0 +1,7 @@
+  o Minor bugfixes (rate limiting, bridges, pluggable transports):
+    - On a bridge, treat all connections from an ExtORPort as remote
+      by default for the purposes of rate-limiting. Previously,
+      bridges would treat the connection as local unless they explicitly
+      received a "USERADDR" command.  ExtORPort connections still
+      count as local if there is a USERADDR command with an  explicit local
+      address. Fixes bug 33747; bugfix on 0.2.5.1-alpha.
diff --git a/src/core/mainloop/connection.c b/src/core/mainloop/connection.c
@@ -569,8 +569,12 @@ or_connection_new(int type, int socket_family)
   tor_addr_make_unspec(&or_conn->canonical_orport.addr);
   connection_or_set_canonical(or_conn, 0);
 
-  if (type == CONN_TYPE_EXT_OR)
+  if (type == CONN_TYPE_EXT_OR) {
+    /* If we aren't told an address for this connection, we should
+     * presume it isn't local, and should be rate-limited. */
+    TO_CONN(or_conn)->always_rate_limit_as_remote = 1;
     connection_or_set_ext_or_identifier(or_conn);
+  }
 
   return or_conn;
 }
@@ -3316,6 +3320,7 @@ connection_is_rate_limited(const connection_t *conn)
   if (conn->linked)
     return 0; /* Internal connection */
   else if (! options->CountPrivateBandwidth &&
+           ! conn->always_rate_limit_as_remote &&
            (tor_addr_family(&conn->addr) == AF_UNSPEC || /* no address */
             tor_addr_family(&conn->addr) == AF_UNIX ||   /* no address */
             tor_addr_is_internal(&conn->addr, 0)))

diff --git a/src/core/or/connection_st.h b/src/core/or/connection_st.h
@@ -69,6 +69,9 @@ struct connection_t {
   /** True if connection_handle_write is currently running on this connection.
    */
   unsigned int in_connection_handle_write:1;
+  /** If true, then we treat this connection as remote for the purpose of
+   * rate-limiting, no matter what its address is. */
+  unsigned int always_rate_limit_as_remote:1;
 
   /* For linked connections:
    */

diff --git a/src/feature/relay/ext_orport.c b/src/feature/relay/ext_orport.c
@@ -494,6 +494,10 @@ connection_ext_or_handle_cmd_useraddr(connection_t *conn,
   }
   conn->address = tor_addr_to_str_dup(&addr);
 
+  /* Now that we know the address, we don't have to manually override rate
+   * limiting. */
+  conn->always_rate_limit_as_remote = 0;
+
   return 0;
 }