commit b60ffc5ce0fc9dfd4c2fbb238e32143c64fadbda parent 305e39d0f8bcc39d45c2877495046bd927347106 Author: David Goulet <dgoulet@torproject.org> Date: Tue, 13 Feb 2018 13:11:10 -0500 Merge remote-tracking branch 'dgoulet/bug25223_029_01' into ticket24902_029_05 Diffstat:
| A | changes/bug25223 | | | 3 | +++ |
| M | src/or/dos.c | | | 8 | ++++++++ |
2 files changed, 11 insertions(+), 0 deletions(-)
diff --git a/changes/bug25223 b/changes/bug25223 @@ -0,0 +1,3 @@ + o Minor bugfixes (DoS mitigation): + - Make sure we don't modify consensus parameters if we aren't a public + relay when a new consensus arrives. Fixes bug 25223. diff --git a/src/or/dos.c b/src/or/dos.c @@ -748,6 +748,14 @@ dos_close_client_conn(const or_connection_t *or_conn) void dos_consensus_has_changed(const networkstatus_t *ns) { + /* There are two ways to configure this subsystem, one at startup through + * dos_init() which is called when the options are parsed. And this one + * through the consensus. We don't want to enable any DoS mitigation if we + * aren't a public relay. */ + if (!public_server_mode(get_options())) { + return; + } + cc_consensus_has_changed(ns); conn_consensus_has_changed(ns);