|
@@ -3314,6 +3314,19 @@ router_add_to_routerlist(routerinfo_t *router, const char **msg,
|
|
|
return ROUTER_NOT_IN_CONSENSUS;
|
|
|
}
|
|
|
|
|
|
+ /* If we're reading a bridge descriptor from our cache, and we don't
|
|
|
+ * recognize it as one of our currently configured bridges, drop the
|
|
|
+ * descriptor. Otherwise we could end up using it as one of our entry
|
|
|
+ * guards even if it isn't in our Bridge config lines. */
|
|
|
+ if (router->purpose == ROUTER_PURPOSE_BRIDGE && from_cache &&
|
|
|
+ !routerinfo_is_a_configured_bridge(router)) {
|
|
|
+ log_info(LD_DIR, "Dropping bridge descriptor for '%s' because we have "
|
|
|
+ "no bridge configured at that address.", router->nickname);
|
|
|
+ *msg = "Router descriptor was not a configured bridge.";
|
|
|
+ routerinfo_free(router);
|
|
|
+ return ROUTER_WAS_NOT_NEW;
|
|
|
+ }
|
|
|
+
|
|
|
/* If we have a router with the same identity key, choose the newer one. */
|
|
|
if (old_router) {
|
|
|
if (!in_consensus && (router->cache_info.published_on <=
|