r17553@catbus: nickm | 2008-01-10 12:18:27 -0500

 Add connection_dir_is_encrypted() so that we can refrain from sending bridge descriptors over an unencrypted link.


svn:r13093

doc/TODO

@@ -27,9 +27,7 @@ RK- make it easier to set up a private tor network on your own computer
     - FAQ entry which is wrong
   - Make BEGIN_DIR mandatory for asking questions of bridge authorities?
     (but only for bridge descriptors. not for ordinary cache stuff.)
-N   - add a bit in the dir_connection_t. or check whether the linked conn
-      field is set. or whatever is smart. add a macro
-      dir-connection-is-encrypted.
+    o Implement connection_dir_is_encrypted().
     - set up a filter to not answer any bridge descriptors on a
       non-encrypted request
   o write a tor-gencert man page

src/or/directory.c

@@ -718,6 +718,19 @@ directory_initiate_command(const char *address, uint32_t addr,
   }
 }
 
+/** Return true iff anything we say on <b>conn</b> is being encrypted before
+ * we send it to the client/server. */
+int
+connection_dir_is_encrypted(dir_connection_t *conn)
+{
+  /* Right now it's sufficient to see if conn is or has been linked, since
+   * the only thing it could be linked to is an edge connection on a
+   * circuit, and the only way it could have been unlinked is at the edge
+   * connection getting closed.
+   */
+  return TO_CONN(conn)->linked;
+}
+
 /** Queue an appropriate HTTP command on conn-\>outbuf.  The other args
  * are as in directory_initiate_command.
  */

src/or/or.h

@@ -3018,6 +3018,7 @@ void directory_initiate_command_routerstatus(routerstatus_t *status,
 int parse_http_response(const char *headers, int *code, time_t *date,
                         compress_method_t *compression, char **response);
 
+int connection_dir_is_encrypted(dir_connection_t *conn);
 int connection_dir_reached_eof(dir_connection_t *conn);
 int connection_dir_process_inbuf(dir_connection_t *conn);
 int connection_dir_finished_flushing(dir_connection_t *conn);