nihilist/tor
1
0
Fork 0
mirror of https://gitlab.torproject.org/tpo/core/tor.git synced 2024-11-13 06:33:44 +01:00
Code Issues Packages Projects Releases Wiki Activity

Change signature of router_compare_to_my_exit_policy so dns can use it

Browse Source 
Also, fix the function so it actually looks at our ipv6 exit policy.
This commit is contained in:
Nick Mathewson 2012-11-05 13:11:53 -05:00
parent 25cf286fb1
commit a58e17bcc3
3 changed files with 22 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
src/or/connection_edge.c
View File

@ -2493,7 +2493,8 @@ connection_exit_connect(edge_connection_t *edge_conn)
int socket_error = 0; int socket_error = 0;
if ( (!connection_edge_is_rendezvous_stream(edge_conn) && if ( (!connection_edge_is_rendezvous_stream(edge_conn) &&
router_compare_to_my_exit_policy(edge_conn)) || router_compare_to_my_exit_policy(&edge_conn->base_.addr,
edge_conn->base_.port)) ||
(tor_addr_family(&conn->addr) == AF_INET6 && (tor_addr_family(&conn->addr) == AF_INET6 &&
! get_options()->IPv6Exit)) { ! get_options()->IPv6Exit)) {
log_info(LD_EXIT,"%s:%d failed exit policy. Closing.", log_info(LD_EXIT,"%s:%d failed exit policy. Closing.",

26
src/or/router.c
View File

@ -1370,22 +1370,34 @@ router_upload_dir_desc_to_dirservers(int force)
* conn. Return 0 if we accept; non-0 if we reject. * conn. Return 0 if we accept; non-0 if we reject.
*/ */
int int
router_compare_to_my_exit_policy(edge_connection_t *conn) router_compare_to_my_exit_policy(const tor_addr_t *addr, uint16_t port)
{ {
if (!router_get_my_routerinfo()) /* make sure desc_routerinfo exists */ if (!router_get_my_routerinfo()) /* make sure desc_routerinfo exists */
return -1; return -1;
/* make sure it's resolved to something. this way we can't get a /* make sure it's resolved to something. this way we can't get a
'maybe' below. */ 'maybe' below. */
if (tor_addr_is_null(&conn->base_.addr)) if (tor_addr_is_null(addr))
return -1; return -1;
if (tor_addr_family(&conn->base_.addr) != AF_INET && /* look at desc_routerinfo->exit_policy for both the v4 and the v6
tor_addr_family(&conn->base_.addr) != AF_INET6) * policies. The exit_policy field in desc_routerinfo is a bit unusual,
* in that it contains IPv6 and IPv6 entries. We don't want to look
* at desc_routerinfio->ipv6_exit_policy, since that's a port summary. */
if ((tor_addr_family(addr) == AF_INET ||
tor_addr_family(addr) == AF_INET6)) {
return compare_tor_addr_to_addr_policy(addr, port,
desc_routerinfo->exit_policy) != ADDR_POLICY_ACCEPTED;
#if 0
} else if (tor_addr_family(addr) == AF_INET6) {
return get_options()->IPv6Exit &&
desc_routerinfo->ipv6_exit_policy &&
compare_tor_addr_to_short_policy(addr, port,
desc_routerinfo->ipv6_exit_policy) != ADDR_POLICY_ACCEPTED;
#endif
} else {
return -1; return -1;
}
return compare_tor_addr_to_addr_policy(&conn->base_.addr, conn->base_.port,
desc_routerinfo->exit_policy) != ADDR_POLICY_ACCEPTED;
} }
/** Return true iff my exit policy is reject *:*. Return -1 if we don't /** Return true iff my exit policy is reject *:*. Return -1 if we don't

2
src/or/router.h
View File

@ -72,7 +72,7 @@ void check_descriptor_bandwidth_changed(time_t now);
void check_descriptor_ipaddress_changed(time_t now); void check_descriptor_ipaddress_changed(time_t now);
void router_new_address_suggestion(const char *suggestion, void router_new_address_suggestion(const char *suggestion,
const dir_connection_t *d_conn); const dir_connection_t *d_conn);
int router_compare_to_my_exit_policy(edge_connection_t *conn); int router_compare_to_my_exit_policy(const tor_addr_t *addr, uint16_t port);
int router_my_exit_policy_is_reject_star(void); int router_my_exit_policy_is_reject_star(void);
const routerinfo_t *router_get_my_routerinfo(void); const routerinfo_t *router_get_my_routerinfo(void);
extrainfo_t *router_get_my_extrainfo(void); extrainfo_t *router_get_my_extrainfo(void);