nihilist/tor
1
0
Fork 0
mirror of https://gitlab.torproject.org/tpo/core/tor.git synced 2024-11-27 22:03:31 +01:00
Code Issues Packages Projects Releases Wiki Activity

Merge remote-tracking branch 'tor-gitlab/mr/111'

Browse Source
This commit is contained in:
George Kadianakis 2020-08-11 15:12:43 +03:00
commit b705cfa024
17 changed files with 226 additions and 223 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
changes/ticket18106 Normal file
View File

@ -0,0 +1,3 @@
o Code simplification and refactoring:
- Rename "fascist_firewall_*" identifiers to "reachable_addr_*" instead,
for consistency with other code. Closes ticket 18106.

4
src/app/config/or_options_st.h
View File

@ -668,7 +668,7 @@ struct or_options_t {
int ClientUseIPv4;
/** If true, clients may connect over IPv6. If false, they will avoid
* connecting over IPv4. We enforce this for OR and Dir connections.
* Use fascist_firewall_use_ipv6() instead of accessing this value
* Use reachable_addr_use_ipv6() instead of accessing this value
* directly. */
int ClientUseIPv6;
/** If true, prefer an IPv6 OR port over an IPv4 one for entry node
@ -678,7 +678,7 @@ struct or_options_t {
int ClientPreferIPv6ORPort;
/** If true, prefer an IPv6 directory port over an IPv4 one for direct
* directory connections. If auto, bridge clients prefer IPv6, and other
* clients prefer IPv4. Use fascist_firewall_prefer_ipv6_dirport() instead of
* clients prefer IPv4. Use reachable_addr_prefer_ipv6_dirport() instead of
* accessing this value directly. */
int ClientPreferIPv6DirPort;

12
src/core/mainloop/connection.c
View File

@ -2246,11 +2246,11 @@ connection_connect_log_client_use_ip_version(const connection_t *conn)
return;
}
const int must_ipv4 = !fascist_firewall_use_ipv6(options);
const int must_ipv4 = !reachable_addr_use_ipv6(options);
const int must_ipv6 = (options->ClientUseIPv4 == 0);
const int pref_ipv6 = (conn->type == CONN_TYPE_OR
? fascist_firewall_prefer_ipv6_orport(options)
: fascist_firewall_prefer_ipv6_dirport(options));
? reachable_addr_prefer_ipv6_orport(options)
: reachable_addr_prefer_ipv6_dirport(options));
tor_addr_t real_addr;
tor_addr_copy(&real_addr, &conn->addr);
@ -2275,7 +2275,7 @@ connection_connect_log_client_use_ip_version(const connection_t *conn)
return;
}
if (fascist_firewall_use_ipv6(options)) {
if (reachable_addr_use_ipv6(options)) {
log_info(LD_NET, "Our outgoing connection is using IPv%d.",
tor_addr_family(&real_addr) == AF_INET6 ? 6 : 4);
}
@ -2285,13 +2285,13 @@ connection_connect_log_client_use_ip_version(const connection_t *conn)
|| (pref_ipv6 && tor_addr_family(&real_addr) == AF_INET)) {
log_info(LD_NET, "Outgoing connection to %s doesn't satisfy "
"ClientPreferIPv6%sPort %d, with ClientUseIPv4 %d, and "
"fascist_firewall_use_ipv6 %d (ClientUseIPv6 %d and UseBridges "
"reachable_addr_use_ipv6 %d (ClientUseIPv6 %d and UseBridges "
"%d).",
fmt_addr(&real_addr),
conn->type == CONN_TYPE_OR ? "OR" : "Dir",
conn->type == CONN_TYPE_OR ? options->ClientPreferIPv6ORPort
: options->ClientPreferIPv6DirPort,
options->ClientUseIPv4, fascist_firewall_use_ipv6(options),
options->ClientUseIPv4, reachable_addr_use_ipv6(options),
options->ClientUseIPv6, options->UseBridges);
}
}

2
src/core/or/extendinfo.c
View File

@ -102,7 +102,7 @@ extend_info_from_node(const node_t *node, int for_direct_connect)
/* Choose a preferred address first, but fall back to an allowed address. */
if (for_direct_connect)
fascist_firewall_choose_address_node(node, FIREWALL_OR_CONNECTION, 0, &ap);
reachable_addr_choose_from_node(node, FIREWALL_OR_CONNECTION, 0, &ap);
else {
node_get_prim_orport(node, &ap);
}

140
src/core/or/policies.c
View File

@ -311,7 +311,7 @@ parse_reachable_addresses(void)
"ReachableAddresses, ReachableORAddresses, or "
"ReachableDirAddresses reject all IPv4 addresses. "
"Tor will not connect using IPv4.");
} else if (fascist_firewall_use_ipv6(options)
} else if (reachable_addr_use_ipv6(options)
&& (policy_is_reject_star(reachable_or_addr_policy, AF_INET6, 0)
|| policy_is_reject_star(reachable_dir_addr_policy, AF_INET6, 0))) {
log_warn(LD_CONFIG, "You have configured tor to use or prefer IPv6 "
@ -399,12 +399,12 @@ addr_policy_permits_tor_addr(const tor_addr_t *addr, uint16_t port,
* - if ClientUseIPv4 is 0, or
* if pref_only and pref_ipv6 are both true;
* - return false for all IPv6 addresses:
* - if fascist_firewall_use_ipv6() is 0, or
* - if reachable_addr_use_ipv6() is 0, or
* - if pref_only is true and pref_ipv6 is false.
*
* Return false if addr is NULL or tor_addr_is_null(), or if port is 0. */
STATIC int
fascist_firewall_allows_address(const tor_addr_t *addr,
reachable_addr_allows(const tor_addr_t *addr,
uint16_t port,
smartlist_t *firewall_policy,
int pref_only, int pref_ipv6)
@ -427,7 +427,7 @@ fascist_firewall_allows_address(const tor_addr_t *addr,
/* Clients and Servers won't use IPv6 unless it's enabled (and in most
* cases, IPv6 must also be preferred before it will be used). */
if (tor_addr_family(addr) == AF_INET6 &&
(!fascist_firewall_use_ipv6(options) || (pref_only && !pref_ipv6))) {
(!reachable_addr_use_ipv6(options) || (pref_only && !pref_ipv6))) {
return 0;
}
@ -443,7 +443,7 @@ fascist_firewall_allows_address(const tor_addr_t *addr,
* port: it supports bridge client per-node IPv6 preferences.
*/
int
fascist_firewall_use_ipv6(const or_options_t *options)
reachable_addr_use_ipv6(const or_options_t *options)
{
/* Clients use IPv6 if it's set, or they use bridges, or they don't use
* IPv4, or they prefer it.
@ -458,7 +458,7 @@ fascist_firewall_use_ipv6(const or_options_t *options)
* If we're unsure, return -1, otherwise, return 1 for IPv6 and 0 for IPv4.
*/
static int
fascist_firewall_prefer_ipv6_impl(const or_options_t *options)
reachable_addr_prefer_ipv6_impl(const or_options_t *options)
{
/*
Cheap implementation of config options ClientUseIPv4 & ClientUseIPv6 --
@ -466,7 +466,7 @@ fascist_firewall_prefer_ipv6_impl(const or_options_t *options)
If IPv4 is disabled, use IPv6.
*/
if (server_mode(options) || !fascist_firewall_use_ipv6(options)) {
if (server_mode(options) || !reachable_addr_use_ipv6(options)) {
return 0;
}
@ -482,9 +482,9 @@ fascist_firewall_prefer_ipv6_impl(const or_options_t *options)
* per-node IPv6 preferences.
*/
int
fascist_firewall_prefer_ipv6_orport(const or_options_t *options)
reachable_addr_prefer_ipv6_orport(const or_options_t *options)
{
int pref_ipv6 = fascist_firewall_prefer_ipv6_impl(options);
int pref_ipv6 = reachable_addr_prefer_ipv6_impl(options);
if (pref_ipv6 >= 0) {
return pref_ipv6;
@ -504,9 +504,9 @@ fascist_firewall_prefer_ipv6_orport(const or_options_t *options)
* preferences. There's no reason to use it instead of this function.)
*/
int
fascist_firewall_prefer_ipv6_dirport(const or_options_t *options)
reachable_addr_prefer_ipv6_dirport(const or_options_t *options)
{
int pref_ipv6 = fascist_firewall_prefer_ipv6_impl(options);
int pref_ipv6 = reachable_addr_prefer_ipv6_impl(options);
if (pref_ipv6 >= 0) {
return pref_ipv6;
@ -528,16 +528,16 @@ fascist_firewall_prefer_ipv6_dirport(const or_options_t *options)
* If pref_only is false, ignore pref_ipv6, and return true if addr is allowed.
*/
int
fascist_firewall_allows_address_addr(const tor_addr_t *addr, uint16_t port,
reachable_addr_allows_addr(const tor_addr_t *addr, uint16_t port,
firewall_connection_t fw_connection,
int pref_only, int pref_ipv6)
{
if (fw_connection == FIREWALL_OR_CONNECTION) {
return fascist_firewall_allows_address(addr, port,
return reachable_addr_allows(addr, port,
reachable_or_addr_policy,
pref_only, pref_ipv6);
} else if (fw_connection == FIREWALL_DIR_CONNECTION) {
return fascist_firewall_allows_address(addr, port,
return reachable_addr_allows(addr, port,
reachable_dir_addr_policy,
pref_only, pref_ipv6);
} else {
@ -550,15 +550,15 @@ fascist_firewall_allows_address_addr(const tor_addr_t *addr, uint16_t port,
/** Return true iff we think our firewall will let us make a connection to
* addr:port (ap). Uses ReachableORAddresses or ReachableDirAddresses based on
* fw_connection.
* pref_only and pref_ipv6 work as in fascist_firewall_allows_address_addr().
* pref_only and pref_ipv6 work as in reachable_addr_allows_addr().
*/
static int
fascist_firewall_allows_address_ap(const tor_addr_port_t *ap,
reachable_addr_allows_ap(const tor_addr_port_t *ap,
firewall_connection_t fw_connection,
int pref_only, int pref_ipv6)
{
tor_assert(ap);
return fascist_firewall_allows_address_addr(&ap->addr, ap->port,
return reachable_addr_allows_addr(&ap->addr, ap->port,
fw_connection, pref_only,
pref_ipv6);
}
@ -567,17 +567,17 @@ fascist_firewall_allows_address_ap(const tor_addr_port_t *ap,
* ipv4h_addr/ipv6_addr. Uses ipv4_orport/ipv6_orport/ReachableORAddresses or
* ipv4_dirport/ipv6_dirport/ReachableDirAddresses based on IPv4/IPv6 and
* <b>fw_connection</b>.
* pref_only and pref_ipv6 work as in fascist_firewall_allows_address_addr().
* pref_only and pref_ipv6 work as in reachable_addr_allows_addr().
*/
static int
fascist_firewall_allows_base(const tor_addr_t *ipv4_addr, uint16_t ipv4_orport,
reachable_addr_allows_base(const tor_addr_t *ipv4_addr, uint16_t ipv4_orport,
uint16_t ipv4_dirport,
const tor_addr_t *ipv6_addr, uint16_t ipv6_orport,
uint16_t ipv6_dirport,
firewall_connection_t fw_connection,
int pref_only, int pref_ipv6)
{
if (fascist_firewall_allows_address_addr(ipv4_addr,
if (reachable_addr_allows_addr(ipv4_addr,
(fw_connection == FIREWALL_OR_CONNECTION
? ipv4_orport
: ipv4_dirport),
@ -586,7 +586,7 @@ fascist_firewall_allows_base(const tor_addr_t *ipv4_addr, uint16_t ipv4_orport,
return 1;
}
if (fascist_firewall_allows_address_addr(ipv6_addr,
if (reachable_addr_allows_addr(ipv6_addr,
(fw_connection == FIREWALL_OR_CONNECTION
? ipv6_orport
: ipv6_dirport),
@ -598,9 +598,9 @@ fascist_firewall_allows_base(const tor_addr_t *ipv4_addr, uint16_t ipv4_orport,
return 0;
}
/** Like fascist_firewall_allows_base(), but takes ri. */
/** Like reachable_addr_allows_base(), but takes ri. */
static int
fascist_firewall_allows_ri_impl(const routerinfo_t *ri,
reachable_addr_allows_ri_impl(const routerinfo_t *ri,
firewall_connection_t fw_connection,
int pref_only, int pref_ipv6)
{
@ -609,15 +609,15 @@ fascist_firewall_allows_ri_impl(const routerinfo_t *ri,
}
/* Assume IPv4 and IPv6 DirPorts are the same */
return fascist_firewall_allows_base(&ri->ipv4_addr, ri->ipv4_orport,
return reachable_addr_allows_base(&ri->ipv4_addr, ri->ipv4_orport,
ri->ipv4_dirport, &ri->ipv6_addr,
ri->ipv6_orport, ri->ipv4_dirport,
fw_connection, pref_only, pref_ipv6);
}
/** Like fascist_firewall_allows_rs, but takes pref_ipv6. */
/** Like reachable_addr_allows_rs, but takes pref_ipv6. */
static int
fascist_firewall_allows_rs_impl(const routerstatus_t *rs,
reachable_addr_allows_rs_impl(const routerstatus_t *rs,
firewall_connection_t fw_connection,
int pref_only, int pref_ipv6)
{
@ -626,20 +626,20 @@ fascist_firewall_allows_rs_impl(const routerstatus_t *rs,
}
/* Assume IPv4 and IPv6 DirPorts are the same */
return fascist_firewall_allows_base(&rs->ipv4_addr, rs->ipv4_orport,
return reachable_addr_allows_base(&rs->ipv4_addr, rs->ipv4_orport,
rs->ipv4_dirport, &rs->ipv6_addr,
rs->ipv6_orport, rs->ipv4_dirport,
fw_connection, pref_only, pref_ipv6);
}
/** Like fascist_firewall_allows_base(), but takes rs.
/** Like reachable_addr_allows_base(), but takes rs.
* When rs is a fake_status from a dir_server_t, it can have a reachable
* address, even when the corresponding node does not.
* nodes can be missing addresses when there's no consensus (IPv4 and IPv6),
* or when there is a microdescriptor consensus, but no microdescriptors
* (microdescriptors have IPv6, the microdesc consensus does not). */
int
fascist_firewall_allows_rs(const routerstatus_t *rs,
reachable_addr_allows_rs(const routerstatus_t *rs,
firewall_connection_t fw_connection, int pref_only)
{
if (!rs) {
@ -650,20 +650,20 @@ fascist_firewall_allows_rs(const routerstatus_t *rs,
* generic IPv6 preference instead. */
const or_options_t *options = get_options();
int pref_ipv6 = (fw_connection == FIREWALL_OR_CONNECTION
? fascist_firewall_prefer_ipv6_orport(options)
: fascist_firewall_prefer_ipv6_dirport(options));
? reachable_addr_prefer_ipv6_orport(options)
: reachable_addr_prefer_ipv6_dirport(options));
return fascist_firewall_allows_rs_impl(rs, fw_connection, pref_only,
return reachable_addr_allows_rs_impl(rs, fw_connection, pref_only,
pref_ipv6);
}
/** Return true iff we think our firewall will let us make a connection to
* ipv6_addr:ipv6_orport based on ReachableORAddresses.
* If <b>fw_connection</b> is FIREWALL_DIR_CONNECTION, returns 0.
* pref_only and pref_ipv6 work as in fascist_firewall_allows_address_addr().
* pref_only and pref_ipv6 work as in reachable_addr_allows_addr().
*/
static int
fascist_firewall_allows_md_impl(const microdesc_t *md,
reachable_addr_allows_md_impl(const microdesc_t *md,
firewall_connection_t fw_connection,
int pref_only, int pref_ipv6)
{
@ -677,15 +677,15 @@ fascist_firewall_allows_md_impl(const microdesc_t *md,
}
/* Also can't check IPv4, doesn't have that either */
return fascist_firewall_allows_address_addr(&md->ipv6_addr, md->ipv6_orport,
return reachable_addr_allows_addr(&md->ipv6_addr, md->ipv6_orport,
fw_connection, pref_only,
pref_ipv6);
}
/** Like fascist_firewall_allows_base(), but takes node, and looks up pref_ipv6
/** Like reachable_addr_allows_base(), but takes node, and looks up pref_ipv6
* from node_ipv6_or/dir_preferred(). */
int
fascist_firewall_allows_node(const node_t *node,
reachable_addr_allows_node(const node_t *node,
firewall_connection_t fw_connection,
int pref_only)
{
@ -701,15 +701,15 @@ fascist_firewall_allows_node(const node_t *node,
/* Sometimes, the rs is missing the IPv6 address info, and we need to go
* all the way to the md */
if (node->ri && fascist_firewall_allows_ri_impl(node->ri, fw_connection,
if (node->ri && reachable_addr_allows_ri_impl(node->ri, fw_connection,
pref_only, pref_ipv6)) {
return 1;
} else if (node->rs && fascist_firewall_allows_rs_impl(node->rs,
} else if (node->rs && reachable_addr_allows_rs_impl(node->rs,
fw_connection,
pref_only,
pref_ipv6)) {
return 1;
} else if (node->md && fascist_firewall_allows_md_impl(node->md,
} else if (node->md && reachable_addr_allows_md_impl(node->md,
fw_connection,
pref_only,
pref_ipv6)) {
@ -721,9 +721,9 @@ fascist_firewall_allows_node(const node_t *node,
}
}
/** Like fascist_firewall_allows_rs(), but takes ds. */
/** Like reachable_addr_allows_rs(), but takes ds. */
int
fascist_firewall_allows_dir_server(const dir_server_t *ds,
reachable_addr_allows_dir_server(const dir_server_t *ds,
firewall_connection_t fw_connection,
int pref_only)
{
@ -734,8 +734,8 @@ fascist_firewall_allows_dir_server(const dir_server_t *ds,
/* A dir_server_t always has a fake_status. As long as it has the same
* addresses/ports in both fake_status and dir_server_t, this works fine.
* (See #17867.)
* fascist_firewall_allows_rs only checks the addresses in fake_status. */
return fascist_firewall_allows_rs(&ds->fake_status, fw_connection,
* reachable_addr_allows_rs only checks the addresses in fake_status. */
return reachable_addr_allows_rs(&ds->fake_status, fw_connection,
pref_only);
}
@ -743,10 +743,10 @@ fascist_firewall_allows_dir_server(const dir_server_t *ds,
* choose one based on want_a and return it.
* Otherwise, return whichever is allowed.
* Otherwise, return NULL.
* pref_only and pref_ipv6 work as in fascist_firewall_allows_address_addr().
* pref_only and pref_ipv6 work as in reachable_addr_allows_addr().
*/
static const tor_addr_port_t *
fascist_firewall_choose_address_impl(const tor_addr_port_t *a,
reachable_addr_choose_impl(const tor_addr_port_t *a,
const tor_addr_port_t *b,
int want_a,
firewall_connection_t fw_connection,
@ -755,12 +755,12 @@ fascist_firewall_choose_address_impl(const tor_addr_port_t *a,
const tor_addr_port_t *use_a = NULL;
const tor_addr_port_t *use_b = NULL;
if (fascist_firewall_allows_address_ap(a, fw_connection, pref_only,
if (reachable_addr_allows_ap(a, fw_connection, pref_only,
pref_ipv6)) {
use_a = a;
}
if (fascist_firewall_allows_address_ap(b, fw_connection, pref_only,
if (reachable_addr_allows_ap(b, fw_connection, pref_only,
pref_ipv6)) {
use_b = b;
}
@ -784,13 +784,13 @@ fascist_firewall_choose_address_impl(const tor_addr_port_t *a,
* - Otherwise, return whichever is preferred.
* Otherwise, return NULL. */
STATIC const tor_addr_port_t *
fascist_firewall_choose_address(const tor_addr_port_t *a,
reachable_addr_choose(const tor_addr_port_t *a,
const tor_addr_port_t *b,
int want_a,
firewall_connection_t fw_connection,
int pref_only, int pref_ipv6)
{
const tor_addr_port_t *pref = fascist_firewall_choose_address_impl(
const tor_addr_port_t *pref = reachable_addr_choose_impl(
a, b, want_a,
fw_connection,
1, pref_ipv6);
@ -802,7 +802,7 @@ fascist_firewall_choose_address(const tor_addr_port_t *a,
} else {
/* If there's no preferred address, and we can return addresses that are
* not preferred, use an address that's allowed */
return fascist_firewall_choose_address_impl(a, b, want_a, fw_connection,
return reachable_addr_choose_impl(a, b, want_a, fw_connection,
0, pref_ipv6);
}
}
@ -817,7 +817,7 @@ fascist_firewall_choose_address(const tor_addr_port_t *a,
* If both addresses could be chosen (they are both preferred or both allowed)
* choose IPv6 if pref_ipv6 is true, otherwise choose IPv4. */
static void
fascist_firewall_choose_address_base(const tor_addr_t *ipv4_addr,
reachable_addr_choose_base(const tor_addr_t *ipv4_addr,
uint16_t ipv4_orport,
uint16_t ipv4_dirport,
const tor_addr_t *ipv6_addr,
@ -849,7 +849,7 @@ fascist_firewall_choose_address_base(const tor_addr_t *ipv4_addr,
? ipv6_orport
: ipv6_dirport);
result = fascist_firewall_choose_address(&ipv4_ap, &ipv6_ap,
result = reachable_addr_choose(&ipv4_ap, &ipv6_ap,
want_ipv4,
fw_connection, pref_only,
pref_ipv6);
@ -860,13 +860,13 @@ fascist_firewall_choose_address_base(const tor_addr_t *ipv4_addr,
}
}
/** Like fascist_firewall_choose_address_base(), but takes <b>rs</b>.
/** Like reachable_addr_choose_base(), but takes <b>rs</b>.
* Consults the corresponding node, then falls back to rs if node is NULL.
* This should only happen when there's no valid consensus, and rs doesn't
* correspond to a bridge client's bridge.
*/
void
fascist_firewall_choose_address_rs(const routerstatus_t *rs,
reachable_addr_choose_from_rs(const routerstatus_t *rs,
firewall_connection_t fw_connection,
int pref_only, tor_addr_port_t* ap)
{
@ -883,15 +883,15 @@ fascist_firewall_choose_address_rs(const routerstatus_t *rs,
const node_t *node = node_get_by_id(rs->identity_digest);
if (node) {
fascist_firewall_choose_address_node(node, fw_connection, pref_only, ap);
reachable_addr_choose_from_node(node, fw_connection, pref_only, ap);
} else {
/* There's no node-specific IPv6 preference, so use the generic IPv6
* preference instead. */
int pref_ipv6 = (fw_connection == FIREWALL_OR_CONNECTION
? fascist_firewall_prefer_ipv6_orport(options)
: fascist_firewall_prefer_ipv6_dirport(options));
? reachable_addr_prefer_ipv6_orport(options)
: reachable_addr_prefer_ipv6_dirport(options));
fascist_firewall_choose_address_base(&rs->ipv4_addr, rs->ipv4_orport,
reachable_addr_choose_base(&rs->ipv4_addr, rs->ipv4_orport,
rs->ipv4_dirport, &rs->ipv6_addr,
rs->ipv6_orport, rs->ipv4_dirport,
fw_connection, pref_only, pref_ipv6,
@ -899,13 +899,13 @@ fascist_firewall_choose_address_rs(const routerstatus_t *rs,
}
}
/** Like fascist_firewall_choose_address_base(), but takes in a smartlist
/** Like reachable_addr_choose_base(), but takes in a smartlist
* <b>lspecs</b> consisting of one or more link specifiers. We assume
* fw_connection is FIREWALL_OR_CONNECTION as link specifiers cannot
* contain DirPorts.
*/
void
fascist_firewall_choose_address_ls(const smartlist_t *lspecs,
reachable_addr_choose_from_ls(const smartlist_t *lspecs,
int pref_only, tor_addr_port_t* ap)
{
int have_v4 = 0, have_v6 = 0;
@ -967,20 +967,20 @@ fascist_firewall_choose_address_ls(const smartlist_t *lspecs,
/* Here, don't check for DirPorts as link specifiers are only used for
* ORPorts. */
const or_options_t *options = get_options();
int pref_ipv6 = fascist_firewall_prefer_ipv6_orport(options);
int pref_ipv6 = reachable_addr_prefer_ipv6_orport(options);
/* Assume that the DirPorts are zero as link specifiers only use ORPorts. */
fascist_firewall_choose_address_base(&addr_v4, port_v4, 0,
reachable_addr_choose_base(&addr_v4, port_v4, 0,
&addr_v6, port_v6, 0,
FIREWALL_OR_CONNECTION,
pref_only, pref_ipv6,
ap);
}
/** Like fascist_firewall_choose_address_base(), but takes <b>node</b>, and
/** Like reachable_addr_choose_base(), but takes <b>node</b>, and
* looks up the node's IPv6 preference rather than taking an argument
* for pref_ipv6. */
void
fascist_firewall_choose_address_node(const node_t *node,
reachable_addr_choose_from_node(const node_t *node,
firewall_connection_t fw_connection,
int pref_only, tor_addr_port_t *ap)
{
@ -1010,16 +1010,16 @@ fascist_firewall_choose_address_node(const node_t *node,
node_get_pref_ipv6_dirport(node, &ipv6_dir_ap);
/* Assume the IPv6 OR and Dir addresses are the same. */
fascist_firewall_choose_address_base(&ipv4_or_ap.addr, ipv4_or_ap.port,
reachable_addr_choose_base(&ipv4_or_ap.addr, ipv4_or_ap.port,
ipv4_dir_ap.port, &ipv6_or_ap.addr,
ipv6_or_ap.port, ipv6_dir_ap.port,
fw_connection, pref_only,
pref_ipv6_node, ap);
}
/** Like fascist_firewall_choose_address_rs(), but takes <b>ds</b>. */
/** Like reachable_addr_choose_from_rs(), but takes <b>ds</b>. */
void
fascist_firewall_choose_address_dir_server(const dir_server_t *ds,
reachable_addr_choose_from_dir_server(const dir_server_t *ds,
firewall_connection_t fw_connection,
int pref_only,
tor_addr_port_t *ap)
@ -1036,9 +1036,9 @@ fascist_firewall_choose_address_dir_server(const dir_server_t *ds,
/* A dir_server_t always has a fake_status. As long as it has the same
* addresses/ports in both fake_status and dir_server_t, this works fine.
* (See #17867.)
* This function relies on fascist_firewall_choose_address_rs looking up the
* This function relies on reachable_addr_choose_from_rs looking up the
* node if it can, because that will get the latest info for the relay. */
fascist_firewall_choose_address_rs(&ds->fake_status, fw_connection,
reachable_addr_choose_from_rs(&ds->fake_status, fw_connection,
pref_only, ap);
}

26
src/core/or/policies.h
View File

@ -69,34 +69,34 @@ typedef struct short_policy_t {
int firewall_is_fascist_or(void);
int firewall_is_fascist_dir(void);
int fascist_firewall_use_ipv6(const or_options_t *options);
int fascist_firewall_prefer_ipv6_orport(const or_options_t *options);
int fascist_firewall_prefer_ipv6_dirport(const or_options_t *options);
int reachable_addr_use_ipv6(const or_options_t *options);
int reachable_addr_prefer_ipv6_orport(const or_options_t *options);
int reachable_addr_prefer_ipv6_dirport(const or_options_t *options);
int fascist_firewall_allows_address_addr(const tor_addr_t *addr,
int reachable_addr_allows_addr(const tor_addr_t *addr,
uint16_t port,
firewall_connection_t fw_connection,
int pref_only, int pref_ipv6);
int fascist_firewall_allows_rs(const routerstatus_t *rs,
int reachable_addr_allows_rs(const routerstatus_t *rs,
firewall_connection_t fw_connection,
int pref_only);
int fascist_firewall_allows_node(const node_t *node,
int reachable_addr_allows_node(const node_t *node,
firewall_connection_t fw_connection,
int pref_only);
int fascist_firewall_allows_dir_server(const dir_server_t *ds,
int reachable_addr_allows_dir_server(const dir_server_t *ds,
firewall_connection_t fw_connection,
int pref_only);
void fascist_firewall_choose_address_rs(const routerstatus_t *rs,
void reachable_addr_choose_from_rs(const routerstatus_t *rs,
firewall_connection_t fw_connection,
int pref_only, tor_addr_port_t* ap);
void fascist_firewall_choose_address_ls(const smartlist_t *lspecs,
void reachable_addr_choose_from_ls(const smartlist_t *lspecs,
int pref_only, tor_addr_port_t* ap);
void fascist_firewall_choose_address_node(const node_t *node,
void reachable_addr_choose_from_node(const node_t *node,
firewall_connection_t fw_connection,
int pref_only, tor_addr_port_t* ap);
void fascist_firewall_choose_address_dir_server(const dir_server_t *ds,
void reachable_addr_choose_from_dir_server(const dir_server_t *ds,
firewall_connection_t fw_connection,
int pref_only, tor_addr_port_t* ap);
@ -173,11 +173,11 @@ addr_policy_result_t compare_tor_addr_to_short_policy(
#ifdef POLICIES_PRIVATE
STATIC void append_exit_policy_string(smartlist_t **policy, const char *more);
STATIC int fascist_firewall_allows_address(const tor_addr_t *addr,
STATIC int reachable_addr_allows(const tor_addr_t *addr,
uint16_t port,
smartlist_t *firewall_policy,
int pref_only, int pref_ipv6);
STATIC const tor_addr_port_t * fascist_firewall_choose_address(
STATIC const tor_addr_port_t * reachable_addr_choose(
const tor_addr_port_t *a,
const tor_addr_port_t *b,
int want_a,

8
src/feature/client/bridges.c
View File

@ -654,7 +654,7 @@ launch_direct_bridge_descriptor_fetch(bridge_info_t *bridge)
/* Until we get a descriptor for the bridge, we only know one address for
* it. */
if (!fascist_firewall_allows_address_addr(&bridge->addr, bridge->port,
if (!reachable_addr_allows_addr(&bridge->addr, bridge->port,
FIREWALL_OR_CONNECTION, 0, 0)) {
log_notice(LD_CONFIG, "Tried to fetch a descriptor directly from a "
"bridge, but that bridge is not reachable through our "
@ -746,7 +746,7 @@ fetch_bridge_descriptors(const or_options_t *options, time_t now)
!options->UpdateBridgesFromAuthority, !num_bridge_auths);
if (ask_bridge_directly &&
!fascist_firewall_allows_address_addr(&bridge->addr, bridge->port,
!reachable_addr_allows_addr(&bridge->addr, bridge->port,
FIREWALL_OR_CONNECTION, 0,
0)) {
log_notice(LD_DIR, "Bridge at '%s' isn't reachable by our "
@ -832,7 +832,7 @@ rewrite_node_address_for_bridge(const bridge_info_t *bridge, node_t *node)
!tor_addr_is_null(&node->ri->ipv6_addr));
} else {
/* Mark which address to use based on user preference */
node->ipv6_preferred = (fascist_firewall_prefer_ipv6_orport(options) &&
node->ipv6_preferred = (reachable_addr_prefer_ipv6_orport(options) &&
!tor_addr_is_null(&node->ri->ipv6_addr));
}
@ -889,7 +889,7 @@ rewrite_node_address_for_bridge(const bridge_info_t *bridge, node_t *node)
!tor_addr_is_null(&node->rs->ipv6_addr));
} else {
/* Mark which address to use based on user preference */
node->ipv6_preferred = (fascist_firewall_prefer_ipv6_orport(options) &&
node->ipv6_preferred = (reachable_addr_prefer_ipv6_orport(options) &&
!tor_addr_is_null(&node->rs->ipv6_addr));
}

4
src/feature/client/entrynodes.c
View File

@ -1466,7 +1466,7 @@ node_passes_guard_filter(const or_options_t *options,
!routerset_contains_node(options->EntryNodes, node))
return 0;
if (!fascist_firewall_allows_node(node, FIREWALL_OR_CONNECTION, 0))
if (!reachable_addr_allows_node(node, FIREWALL_OR_CONNECTION, 0))
return 0;
if (node_is_a_configured_bridge(node))
@ -1492,7 +1492,7 @@ bridge_passes_guard_filter(const or_options_t *options,
/* Ignore entrynodes */
const tor_addr_port_t *addrport = bridge_get_addr_port(bridge);
if (!fascist_firewall_allows_address_addr(&addrport->addr,
if (!reachable_addr_allows_addr(&addrport->addr,
addrport->port,
FIREWALL_OR_CONNECTION,
0, 0))

12
src/feature/dirclient/dirclient.c
View File

@ -284,10 +284,10 @@ directory_post_to_dirservers(uint8_t dir_purpose, uint8_t router_purpose,
}
if (purpose_needs_anonymity(dir_purpose, router_purpose, NULL)) {
indirection = DIRIND_ANONYMOUS;
} else if (!fascist_firewall_allows_dir_server(ds,
} else if (!reachable_addr_allows_dir_server(ds,
FIREWALL_DIR_CONNECTION,
0)) {
if (fascist_firewall_allows_dir_server(ds, FIREWALL_OR_CONNECTION, 0))
if (reachable_addr_allows_dir_server(ds, FIREWALL_OR_CONNECTION, 0))
indirection = DIRIND_ONEHOP;
else
indirection = DIRIND_ANONYMOUS;
@ -487,7 +487,7 @@ directory_get_from_dirserver,(
tor_addr_port_t or_ap;
directory_request_t *req = directory_request_new(dir_purpose);
/* we are willing to use a non-preferred address if we need to */
fascist_firewall_choose_address_node(node, FIREWALL_OR_CONNECTION, 0,
reachable_addr_choose_from_node(node, FIREWALL_OR_CONNECTION, 0,
&or_ap);
directory_request_set_or_addr_port(req, &or_ap);
directory_request_set_directory_id_digest(req,
@ -666,7 +666,7 @@ directory_choose_address_routerstatus(const routerstatus_t *status,
* Use the preferred address and port if they are reachable, otherwise,
* use the alternate address and port (if any).
*/
fascist_firewall_choose_address_rs(status, FIREWALL_OR_CONNECTION, 0,
reachable_addr_choose_from_rs(status, FIREWALL_OR_CONNECTION, 0,
use_or_ap);
have_or = tor_addr_port_is_valid_ap(use_or_ap, 0);
}
@ -677,7 +677,7 @@ directory_choose_address_routerstatus(const routerstatus_t *status,
indirection == DIRIND_ANON_DIRPORT ||
(indirection == DIRIND_ONEHOP
&& !dirclient_must_use_begindir(options))) {
fascist_firewall_choose_address_rs(status, FIREWALL_DIR_CONNECTION, 0,
reachable_addr_choose_from_rs(status, FIREWALL_DIR_CONNECTION, 0,
use_dir_ap);
have_dir = tor_addr_port_is_valid_ap(use_dir_ap, 0);
}
@ -921,7 +921,7 @@ directory_command_should_use_begindir(const or_options_t *options,
}
if (indirection == DIRIND_ONEHOP) {
/* We're firewalled and want a direct OR connection */
if (!fascist_firewall_allows_address_addr(or_addr, or_port,
if (!reachable_addr_allows_addr(or_addr, or_port,
FIREWALL_OR_CONNECTION, 0, 0)) {
*reason = "ORPort not reachable";
return 0;

4
src/feature/hs/hs_common.c
View File

@ -1744,7 +1744,7 @@ hs_get_extend_info_from_lspecs(const smartlist_t *lspecs,
switch (link_specifier_get_ls_type(ls)) {
case LS_IPV4:
/* Skip if we already seen a v4. If direct_conn is true, we skip this
* block because fascist_firewall_choose_address_ls() will set ap. If
* block because reachable_addr_choose_from_ls() will set ap. If
* direct_conn is false, set ap to the first IPv4 address and port in
* the link specifiers.*/
if (have_v4 || direct_conn) continue;
@ -1776,7 +1776,7 @@ hs_get_extend_info_from_lspecs(const smartlist_t *lspecs,
/* Choose a preferred address first, but fall back to an allowed address. */
if (direct_conn)
fascist_firewall_choose_address_ls(lspecs, 0, &ap);
reachable_addr_choose_from_ls(lspecs, 0, &ap);
/* Legacy ID is mandatory, and we require an IP address. */
if (!tor_addr_port_is_valid_ap(&ap, 0)) {

2
src/feature/nodelist/authcert.c
View File

@ -808,7 +808,7 @@ authority_certs_fetch_resource_impl(const char *resource,
/* clients always make OR connections to bridges */
tor_addr_port_t or_ap;
/* we are willing to use a non-preferred address if we need to */
fascist_firewall_choose_address_node(node, FIREWALL_OR_CONNECTION, 0,
reachable_addr_choose_from_node(node, FIREWALL_OR_CONNECTION, 0,
&or_ap);
req = directory_request_new(DIR_PURPOSE_FETCH_CERTIFICATE);

14
src/feature/nodelist/node_select.c
View File

@ -141,7 +141,7 @@ router_pick_dirserver_generic(smartlist_t *sourcelist,
#define RETRY_ALTERNATE_IP_VERSION(retry_label) \
STMT_BEGIN \
if (result == NULL && try_ip_pref && options->ClientUseIPv4 \
&& fascist_firewall_use_ipv6(options) && !server_mode(options) \
&& reachable_addr_use_ipv6(options) && !server_mode(options) \
&& !n_busy) { \
n_excluded = 0; \
n_busy = 0; \
@ -212,8 +212,8 @@ router_picked_poor_directory_log(const routerstatus_t *rs)
log_debug(LD_DIR, "Wanted to make an outgoing directory connection, but "
"we couldn't find a directory that fit our criteria. "
"Perhaps we will succeed next time with less strict criteria.");
} else if (!fascist_firewall_allows_rs(rs, FIREWALL_OR_CONNECTION, 1)
&& !fascist_firewall_allows_rs(rs, FIREWALL_DIR_CONNECTION, 1)
} else if (!reachable_addr_allows_rs(rs, FIREWALL_OR_CONNECTION, 1)
&& !reachable_addr_allows_rs(rs, FIREWALL_DIR_CONNECTION, 1)
) {
/* This is rare, and might be interesting to users trying to diagnose
* connection issues on dual-stack machines. */
@ -374,12 +374,12 @@ router_pick_directory_server_impl(dirinfo_type_t type, int flags,
* we try routers that only have one address both times.)
*/
if (!fascistfirewall || skip_or_fw ||
fascist_firewall_allows_node(node, FIREWALL_OR_CONNECTION,
reachable_addr_allows_node(node, FIREWALL_OR_CONNECTION,
try_ip_pref))
smartlist_add(is_trusted ? trusted_tunnel :
is_overloaded ? overloaded_tunnel : tunnel, (void*)node);
else if (!must_have_or && (skip_dir_fw ||
fascist_firewall_allows_node(node, FIREWALL_DIR_CONNECTION,
reachable_addr_allows_node(node, FIREWALL_DIR_CONNECTION,
try_ip_pref)))
smartlist_add(is_trusted ? trusted_direct :
is_overloaded ? overloaded_direct : direct, (void*)node);
@ -1162,11 +1162,11 @@ router_pick_trusteddirserver_impl(const smartlist_t *sourcelist,
* we try routers that only have one address both times.)
*/
if (!fascistfirewall || skip_or_fw ||
fascist_firewall_allows_dir_server(d, FIREWALL_OR_CONNECTION,
reachable_addr_allows_dir_server(d, FIREWALL_OR_CONNECTION,
try_ip_pref))
smartlist_add(is_overloaded ? overloaded_tunnel : tunnel, (void*)d);
else if (!must_have_or && (skip_dir_fw ||
fascist_firewall_allows_dir_server(d, FIREWALL_DIR_CONNECTION,
reachable_addr_allows_dir_server(d, FIREWALL_DIR_CONNECTION,
try_ip_pref)))
smartlist_add(is_overloaded ? overloaded_direct : direct, (void*)d);
}

16
src/feature/nodelist/nodelist.c
View File

@ -666,7 +666,7 @@ nodelist_set_consensus(const networkstatus_t *ns)
node->is_bad_exit = rs->is_bad_exit;
node->is_hs_dir = rs->is_hs_dir;
node->ipv6_preferred = 0;
if (fascist_firewall_prefer_ipv6_orport(options) &&
if (reachable_addr_prefer_ipv6_orport(options) &&
(tor_addr_is_null(&rs->ipv6_addr) == 0 ||
(node->md && tor_addr_is_null(&node->md->ipv6_addr) == 0)))
node->ipv6_preferred = 1;
@ -1704,7 +1704,7 @@ node_has_ipv6_dirport(const node_t *node)
* ii) the router has no IPv4 OR address.
*
* If you don't have a node, consider looking it up.
* If there is no node, use fascist_firewall_prefer_ipv6_orport().
* If there is no node, use reachable_addr_prefer_ipv6_orport().
*/
int
node_ipv6_or_preferred(const node_t *node)
@ -1714,10 +1714,10 @@ node_ipv6_or_preferred(const node_t *node)
node_assert_ok(node);
/* XX/teor - node->ipv6_preferred is set from
* fascist_firewall_prefer_ipv6_orport() each time the consensus is loaded.
* reachable_addr_prefer_ipv6_orport() each time the consensus is loaded.
*/
node_get_prim_orport(node, &ipv4_addr);
if (!fascist_firewall_use_ipv6(options)) {
if (!reachable_addr_use_ipv6(options)) {
return 0;
} else if (node->ipv6_preferred ||
!tor_addr_port_is_valid_ap(&ipv4_addr, 0)) {
@ -1812,7 +1812,7 @@ node_get_pref_ipv6_orport(const node_t *node, tor_addr_port_t *ap_out)
* or
* ii) our preference is for IPv6 Dir addresses.
*
* If there is no node, use fascist_firewall_prefer_ipv6_dirport().
* If there is no node, use reachable_addr_prefer_ipv6_dirport().
*/
int
node_ipv6_dir_preferred(const node_t *node)
@ -1821,15 +1821,15 @@ node_ipv6_dir_preferred(const node_t *node)
tor_addr_port_t ipv4_addr;
node_assert_ok(node);
/* node->ipv6_preferred is set from fascist_firewall_prefer_ipv6_orport(),
/* node->ipv6_preferred is set from reachable_addr_prefer_ipv6_orport(),
* so we can't use it to determine DirPort IPv6 preference.
* This means that bridge clients will use IPv4 DirPorts by default.
*/
node_get_prim_dirport(node, &ipv4_addr);
if (!fascist_firewall_use_ipv6(options)) {
if (!reachable_addr_use_ipv6(options)) {
return 0;
} else if (!tor_addr_port_is_valid_ap(&ipv4_addr, 0)
|| fascist_firewall_prefer_ipv6_dirport(get_options())) {
|| reachable_addr_prefer_ipv6_dirport(get_options())) {
return node_has_ipv6_dirport(node);
}
return 0;

4
src/feature/nodelist/routerlist.c
View File

@ -539,7 +539,7 @@ routers_have_same_or_addrs(const routerinfo_t *r1, const routerinfo_t *r2)
* - <b>CRN_DIRECT_CONN</b>: is suitable for direct connections. Checks
* for the relevant descriptors. Checks the address
* against ReachableAddresses, ClientUseIPv4 0, and
* fascist_firewall_use_ipv6() == 0);
* reachable_addr_use_ipv6() == 0);
* - <b>CRN_PREF_ADDR</b>: if we are connecting directly to the node, it has
* an address that is preferred by the
* ClientPreferIPv6ORPort setting;
@ -594,7 +594,7 @@ router_can_choose_node(const node_t *node, int flags)
return false;
/* Choose a node with an OR address that matches the firewall rules */
if (direct_conn && check_reach &&
!fascist_firewall_allows_node(node,
!reachable_addr_allows_node(node,
FIREWALL_OR_CONNECTION,
pref_addr))
return false;

6
src/feature/rend/rendservice.c
View File

@ -1849,13 +1849,13 @@ rend_service_use_direct_connection(const or_options_t* options,
const extend_info_t* ei)
{
/* We'll connect directly all reachable addresses, whether preferred or not.
* The prefer_ipv6 argument to fascist_firewall_allows_address_addr is
* The prefer_ipv6 argument to reachable_addr_allows_addr is
* ignored, because pref_only is 0. */
const tor_addr_port_t *ap = extend_info_get_orport(ei, AF_INET);
if (!ap)
return 0;
return (rend_service_allow_non_anonymous_connection(options) &&
fascist_firewall_allows_address_addr(&ap->addr, ap->port,
reachable_addr_allows_addr(&ap->addr, ap->port,
FIREWALL_OR_CONNECTION, 0, 0));
}
@ -1867,7 +1867,7 @@ rend_service_use_direct_connection_node(const or_options_t* options,
/* We'll connect directly all reachable addresses, whether preferred or not.
*/
return (rend_service_allow_non_anonymous_connection(options) &&
fascist_firewall_allows_node(node, FIREWALL_OR_CONNECTION, 0));
reachable_addr_allows_node(node, FIREWALL_OR_CONNECTION, 0));
}
/******

2
src/test/test_entrynodes.c
View File

@ -322,7 +322,7 @@ test_node_preferred_orport(void *arg)
* ClientUseIPv4 is 0 */
mocked_options->ClientUseIPv4 = 0;
mocked_options->ClientUseIPv6 = 1;
node.ipv6_preferred = fascist_firewall_prefer_ipv6_orport(mocked_options);
node.ipv6_preferred = reachable_addr_prefer_ipv6_orport(mocked_options);
node_get_pref_orport(&node, &ap);
tt_assert(tor_addr_eq(&ap.addr, &ipv6_addr));
tt_assert(ap.port == ipv6_port);

190
src/test/test_policy.c
View File

@ -1753,7 +1753,7 @@ test_policies_getinfo_helper_policies(void *arg)
#define OTHER_IPV4_ADDR_STR "6.7.8.9"
#define OTHER_IPV6_ADDR_STR "[afff::]"
/** Run unit tests for fascist_firewall_allows_address */
/** Run unit tests for reachable_addr_allows */
static void
test_policies_fascist_firewall_allows_address(void *arg)
{
@ -1822,33 +1822,33 @@ test_policies_fascist_firewall_allows_address(void *arg)
mock_options.ClientUseIPv6 = 1;
mock_options.UseBridges = 0;
tt_int_op(fascist_firewall_allows_address(&ipv4_addr, port, policy, 0, 0),
tt_int_op(reachable_addr_allows(&ipv4_addr, port, policy, 0, 0),
OP_EQ, 1);
tt_int_op(fascist_firewall_allows_address(&ipv6_addr, port, policy, 0, 0),
tt_int_op(reachable_addr_allows(&ipv6_addr, port, policy, 0, 0),
OP_EQ, 1);
tt_int_op(fascist_firewall_allows_address(&r_ipv4_addr, port, policy, 0, 0),
tt_int_op(reachable_addr_allows(&r_ipv4_addr, port, policy, 0, 0),
OP_EQ, 0);
tt_int_op(fascist_firewall_allows_address(&r_ipv6_addr, port, policy, 0, 0),
tt_int_op(reachable_addr_allows(&r_ipv6_addr, port, policy, 0, 0),
OP_EQ, 0);
/* Preferring IPv4 */
tt_int_op(fascist_firewall_allows_address(&ipv4_addr, port, policy, 1, 0),
tt_int_op(reachable_addr_allows(&ipv4_addr, port, policy, 1, 0),
OP_EQ, 1);
tt_int_op(fascist_firewall_allows_address(&ipv6_addr, port, policy, 1, 0),
tt_int_op(reachable_addr_allows(&ipv6_addr, port, policy, 1, 0),
OP_EQ, 0);
tt_int_op(fascist_firewall_allows_address(&r_ipv4_addr, port, policy, 1, 0),
tt_int_op(reachable_addr_allows(&r_ipv4_addr, port, policy, 1, 0),
OP_EQ, 0);
tt_int_op(fascist_firewall_allows_address(&r_ipv6_addr, port, policy, 1, 0),
tt_int_op(reachable_addr_allows(&r_ipv6_addr, port, policy, 1, 0),
OP_EQ, 0);
/* Preferring IPv6 */
tt_int_op(fascist_firewall_allows_address(&ipv4_addr, port, policy, 1, 1),
tt_int_op(reachable_addr_allows(&ipv4_addr, port, policy, 1, 1),
OP_EQ, 0);
tt_int_op(fascist_firewall_allows_address(&ipv6_addr, port, policy, 1, 1),
tt_int_op(reachable_addr_allows(&ipv6_addr, port, policy, 1, 1),
OP_EQ, 1);
tt_int_op(fascist_firewall_allows_address(&r_ipv4_addr, port, policy, 1, 1),
tt_int_op(reachable_addr_allows(&r_ipv4_addr, port, policy, 1, 1),
OP_EQ, 0);
tt_int_op(fascist_firewall_allows_address(&r_ipv6_addr, port, policy, 1, 1),
tt_int_op(reachable_addr_allows(&r_ipv6_addr, port, policy, 1, 1),
OP_EQ, 0);
/* Test the function's address matching with UseBridges on */
@ -1857,45 +1857,45 @@ test_policies_fascist_firewall_allows_address(void *arg)
mock_options.ClientUseIPv6 = 1;
mock_options.UseBridges = 1;
tt_int_op(fascist_firewall_allows_address(&ipv4_addr, port, policy, 0, 0),
tt_int_op(reachable_addr_allows(&ipv4_addr, port, policy, 0, 0),
OP_EQ, 1);
tt_int_op(fascist_firewall_allows_address(&ipv6_addr, port, policy, 0, 0),
tt_int_op(reachable_addr_allows(&ipv6_addr, port, policy, 0, 0),
OP_EQ, 1);
tt_int_op(fascist_firewall_allows_address(&r_ipv4_addr, port, policy, 0, 0),
tt_int_op(reachable_addr_allows(&r_ipv4_addr, port, policy, 0, 0),
OP_EQ, 0);
tt_int_op(fascist_firewall_allows_address(&r_ipv6_addr, port, policy, 0, 0),
tt_int_op(reachable_addr_allows(&r_ipv6_addr, port, policy, 0, 0),
OP_EQ, 0);
/* Preferring IPv4 */
tt_int_op(fascist_firewall_allows_address(&ipv4_addr, port, policy, 1, 0),
tt_int_op(reachable_addr_allows(&ipv4_addr, port, policy, 1, 0),
OP_EQ, 1);
tt_int_op(fascist_firewall_allows_address(&ipv6_addr, port, policy, 1, 0),
tt_int_op(reachable_addr_allows(&ipv6_addr, port, policy, 1, 0),
OP_EQ, 0);
tt_int_op(fascist_firewall_allows_address(&r_ipv4_addr, port, policy, 1, 0),
tt_int_op(reachable_addr_allows(&r_ipv4_addr, port, policy, 1, 0),
OP_EQ, 0);
tt_int_op(fascist_firewall_allows_address(&r_ipv6_addr, port, policy, 1, 0),
tt_int_op(reachable_addr_allows(&r_ipv6_addr, port, policy, 1, 0),
OP_EQ, 0);
/* Preferring IPv6 */
tt_int_op(fascist_firewall_allows_address(&ipv4_addr, port, policy, 1, 1),
tt_int_op(reachable_addr_allows(&ipv4_addr, port, policy, 1, 1),
OP_EQ, 0);
tt_int_op(fascist_firewall_allows_address(&ipv6_addr, port, policy, 1, 1),
tt_int_op(reachable_addr_allows(&ipv6_addr, port, policy, 1, 1),
OP_EQ, 1);
tt_int_op(fascist_firewall_allows_address(&r_ipv4_addr, port, policy, 1, 1),
tt_int_op(reachable_addr_allows(&r_ipv4_addr, port, policy, 1, 1),
OP_EQ, 0);
tt_int_op(fascist_firewall_allows_address(&r_ipv6_addr, port, policy, 1, 1),
tt_int_op(reachable_addr_allows(&r_ipv6_addr, port, policy, 1, 1),
OP_EQ, 0);
/* bridge clients always use IPv6, regardless of ClientUseIPv6 */
mock_options.ClientUseIPv4 = 1;
mock_options.ClientUseIPv6 = 0;
tt_int_op(fascist_firewall_allows_address(&ipv4_addr, port, policy, 0, 0),
tt_int_op(reachable_addr_allows(&ipv4_addr, port, policy, 0, 0),
OP_EQ, 1);
tt_int_op(fascist_firewall_allows_address(&ipv6_addr, port, policy, 0, 0),
tt_int_op(reachable_addr_allows(&ipv6_addr, port, policy, 0, 0),
OP_EQ, 1);
tt_int_op(fascist_firewall_allows_address(&r_ipv4_addr, port, policy, 0, 0),
tt_int_op(reachable_addr_allows(&r_ipv4_addr, port, policy, 0, 0),
OP_EQ, 0);
tt_int_op(fascist_firewall_allows_address(&r_ipv6_addr, port, policy, 0, 0),
tt_int_op(reachable_addr_allows(&r_ipv6_addr, port, policy, 0, 0),
OP_EQ, 0);
/* Test the function's address matching with IPv4 on */
@ -1904,13 +1904,13 @@ test_policies_fascist_firewall_allows_address(void *arg)
mock_options.ClientUseIPv6 = 0;
mock_options.UseBridges = 0;
tt_int_op(fascist_firewall_allows_address(&ipv4_addr, port, policy, 0, 0),
tt_int_op(reachable_addr_allows(&ipv4_addr, port, policy, 0, 0),
OP_EQ, 1);
tt_int_op(fascist_firewall_allows_address(&ipv6_addr, port, policy, 0, 0),
tt_int_op(reachable_addr_allows(&ipv6_addr, port, policy, 0, 0),
OP_EQ, 0);
tt_int_op(fascist_firewall_allows_address(&r_ipv4_addr, port, policy, 0, 0),
tt_int_op(reachable_addr_allows(&r_ipv4_addr, port, policy, 0, 0),
OP_EQ, 0);
tt_int_op(fascist_firewall_allows_address(&r_ipv6_addr, port, policy, 0, 0),
tt_int_op(reachable_addr_allows(&r_ipv6_addr, port, policy, 0, 0),
OP_EQ, 0);
/* Test the function's address matching with IPv6 on */
@ -1919,13 +1919,13 @@ test_policies_fascist_firewall_allows_address(void *arg)
mock_options.ClientUseIPv6 = 1;
mock_options.UseBridges = 0;
tt_int_op(fascist_firewall_allows_address(&ipv4_addr, port, policy, 0, 0),
tt_int_op(reachable_addr_allows(&ipv4_addr, port, policy, 0, 0),
OP_EQ, 0);
tt_int_op(fascist_firewall_allows_address(&ipv6_addr, port, policy, 0, 0),
tt_int_op(reachable_addr_allows(&ipv6_addr, port, policy, 0, 0),
OP_EQ, 1);
tt_int_op(fascist_firewall_allows_address(&r_ipv4_addr, port, policy, 0, 0),
tt_int_op(reachable_addr_allows(&r_ipv4_addr, port, policy, 0, 0),
OP_EQ, 0);
tt_int_op(fascist_firewall_allows_address(&r_ipv6_addr, port, policy, 0, 0),
tt_int_op(reachable_addr_allows(&r_ipv6_addr, port, policy, 0, 0),
OP_EQ, 0);
/* Test the function's address matching with ClientUseIPv4 0.
@ -1935,13 +1935,13 @@ test_policies_fascist_firewall_allows_address(void *arg)
mock_options.ClientUseIPv6 = 0;
mock_options.UseBridges = 0;
tt_int_op(fascist_firewall_allows_address(&ipv4_addr, port, policy, 0, 0),
tt_int_op(reachable_addr_allows(&ipv4_addr, port, policy, 0, 0),
OP_EQ, 0);
tt_int_op(fascist_firewall_allows_address(&ipv6_addr, port, policy, 0, 0),
tt_int_op(reachable_addr_allows(&ipv6_addr, port, policy, 0, 0),
OP_EQ, 1);
tt_int_op(fascist_firewall_allows_address(&r_ipv4_addr, port, policy, 0, 0),
tt_int_op(reachable_addr_allows(&r_ipv4_addr, port, policy, 0, 0),
OP_EQ, 0);
tt_int_op(fascist_firewall_allows_address(&r_ipv6_addr, port, policy, 0, 0),
tt_int_op(reachable_addr_allows(&r_ipv6_addr, port, policy, 0, 0),
OP_EQ, 0);
/* Test the function's address matching for unusual inputs */
@ -1951,27 +1951,27 @@ test_policies_fascist_firewall_allows_address(void *arg)
mock_options.UseBridges = 1;
/* NULL and tor_addr_is_null addresses are rejected */
tt_int_op(fascist_firewall_allows_address(NULL, port, policy, 0, 0), OP_EQ,
tt_int_op(reachable_addr_allows(NULL, port, policy, 0, 0), OP_EQ,
0);
tt_int_op(fascist_firewall_allows_address(&n_ipv4_addr, port, policy, 0, 0),
tt_int_op(reachable_addr_allows(&n_ipv4_addr, port, policy, 0, 0),
OP_EQ, 0);
tt_int_op(fascist_firewall_allows_address(&n_ipv6_addr, port, policy, 0, 0),
tt_int_op(reachable_addr_allows(&n_ipv6_addr, port, policy, 0, 0),
OP_EQ, 0);
/* zero ports are rejected */
tt_int_op(fascist_firewall_allows_address(&ipv4_addr, 0, policy, 0, 0),
tt_int_op(reachable_addr_allows(&ipv4_addr, 0, policy, 0, 0),
OP_EQ, 0);
tt_int_op(fascist_firewall_allows_address(&ipv6_addr, 0, policy, 0, 0),
tt_int_op(reachable_addr_allows(&ipv6_addr, 0, policy, 0, 0),
OP_EQ, 0);
/* NULL and empty policies accept everything */
tt_int_op(fascist_firewall_allows_address(&ipv4_addr, port, NULL, 0, 0),
tt_int_op(reachable_addr_allows(&ipv4_addr, port, NULL, 0, 0),
OP_EQ, 1);
tt_int_op(fascist_firewall_allows_address(&ipv6_addr, port, NULL, 0, 0),
tt_int_op(reachable_addr_allows(&ipv6_addr, port, NULL, 0, 0),
OP_EQ, 1);
tt_int_op(fascist_firewall_allows_address(&ipv4_addr, port, e_policy, 0, 0),
tt_int_op(reachable_addr_allows(&ipv4_addr, port, e_policy, 0, 0),
OP_EQ, 1);
tt_int_op(fascist_firewall_allows_address(&ipv6_addr, port, e_policy, 0, 0),
tt_int_op(reachable_addr_allows(&ipv6_addr, port, e_policy, 0, 0),
OP_EQ, 1);
done:
@ -1991,7 +1991,7 @@ test_policies_fascist_firewall_allows_address(void *arg)
#define TEST_IPV6_OR_PORT 61234
#define TEST_IPV6_DIR_PORT 62345
/* Check that fascist_firewall_choose_address_rs() returns the expected
/* Check that reachable_addr_choose_from_rs() returns the expected
* results. */
#define CHECK_CHOSEN_ADDR_RS(fake_rs, fw_connection, pref_only, expect_rv, \
expect_ap) \
@ -1999,13 +1999,13 @@ test_policies_fascist_firewall_allows_address(void *arg)
tor_addr_port_t chosen_rs_ap; \
tor_addr_make_null(&chosen_rs_ap.addr, AF_INET); \
chosen_rs_ap.port = 0; \
fascist_firewall_choose_address_rs(&(fake_rs), (fw_connection), \
reachable_addr_choose_from_rs(&(fake_rs), (fw_connection), \
(pref_only), &chosen_rs_ap); \
tt_assert(tor_addr_eq(&(expect_ap).addr, &chosen_rs_ap.addr)); \
tt_int_op((expect_ap).port, OP_EQ, chosen_rs_ap.port); \
STMT_END
/* Check that fascist_firewall_choose_address_node() returns the expected
/* Check that reachable_addr_choose_from_node() returns the expected
* results. */
#define CHECK_CHOSEN_ADDR_NODE(fake_node, fw_connection, pref_only, \
expect_rv, expect_ap) \
@ -2013,14 +2013,14 @@ test_policies_fascist_firewall_allows_address(void *arg)
tor_addr_port_t chosen_node_ap; \
tor_addr_make_null(&chosen_node_ap.addr, AF_INET); \
chosen_node_ap.port = 0; \
fascist_firewall_choose_address_node(&(fake_node),(fw_connection), \
reachable_addr_choose_from_node(&(fake_node),(fw_connection), \
(pref_only), &chosen_node_ap); \
tt_assert(tor_addr_eq(&(expect_ap).addr, &chosen_node_ap.addr)); \
tt_int_op((expect_ap).port, OP_EQ, chosen_node_ap.port); \
STMT_END
/* Check that fascist_firewall_choose_address_rs and
* fascist_firewall_choose_address_node() both return the expected results. */
/* Check that reachable_addr_choose_from_rs and
* reachable_addr_choose_from_node() both return the expected results. */
#define CHECK_CHOSEN_ADDR_RN(fake_rs, fake_node, fw_connection, pref_only, \
expect_rv, expect_ap) \
STMT_BEGIN \
@ -2030,7 +2030,7 @@ test_policies_fascist_firewall_allows_address(void *arg)
expect_ap); \
STMT_END
/* Check that fascist_firewall_choose_address_ls() returns the expected
/* Check that reachable_addr_choose_from_ls() returns the expected
* results. */
#define CHECK_CHOSEN_ADDR_NULL_LS() \
STMT_BEGIN \
@ -2038,7 +2038,7 @@ test_policies_fascist_firewall_allows_address(void *arg)
tor_addr_make_null(&chosen_ls_ap.addr, AF_UNSPEC); \
chosen_ls_ap.port = 0; \
setup_full_capture_of_logs(LOG_WARN); \
fascist_firewall_choose_address_ls(NULL, 1, &chosen_ls_ap); \
reachable_addr_choose_from_ls(NULL, 1, &chosen_ls_ap); \
expect_single_log_msg("Unknown or missing link specifiers"); \
teardown_capture_of_logs(); \
STMT_END
@ -2049,7 +2049,7 @@ test_policies_fascist_firewall_allows_address(void *arg)
tor_addr_make_null(&chosen_ls_ap.addr, AF_UNSPEC); \
chosen_ls_ap.port = 0; \
setup_full_capture_of_logs(LOG_WARN); \
fascist_firewall_choose_address_ls(fake_ls, pref_only, &chosen_ls_ap); \
reachable_addr_choose_from_ls(fake_ls, pref_only, &chosen_ls_ap); \
if (smartlist_len(fake_ls) == 0) { \
expect_single_log_msg("Link specifiers are empty"); \
} else { \
@ -2066,7 +2066,7 @@ test_policies_fascist_firewall_allows_address(void *arg)
tor_addr_make_null(&chosen_ls_ap.addr, AF_UNSPEC); \
chosen_ls_ap.port = 0; \
setup_full_capture_of_logs(LOG_WARN); \
fascist_firewall_choose_address_ls(fake_ls, 0, &chosen_ls_ap); \
reachable_addr_choose_from_ls(fake_ls, 0, &chosen_ls_ap); \
expect_single_log_msg("None of our link specifiers have IPv4 or IPv6"); \
teardown_capture_of_logs(); \
STMT_END
@ -2125,7 +2125,7 @@ test_policies_fascist_firewall_allows_address(void *arg)
teardown_capture_of_logs(); \
STMT_END
/** Run unit tests for fascist_firewall_choose_address */
/** Run unit tests for reachable_addr_choose */
static void
test_policies_fascist_firewall_choose_address(void *arg)
{
@ -2153,87 +2153,87 @@ test_policies_fascist_firewall_choose_address(void *arg)
tor_addr_make_null(&n_ipv6_ap.addr, AF_INET6);
n_ipv6_ap.port = 0;
/* Sanity check fascist_firewall_choose_address with IPv4 and IPv6 on */
/* Sanity check reachable_addr_choose with IPv4 and IPv6 on */
memset(&mock_options, 0, sizeof(or_options_t));
mock_options.ClientUseIPv4 = 1;
mock_options.ClientUseIPv6 = 1;
mock_options.UseBridges = 0;
/* Prefer IPv4 */
tt_assert(fascist_firewall_choose_address(&ipv4_or_ap, &ipv6_or_ap, 1,
tt_assert(reachable_addr_choose(&ipv4_or_ap, &ipv6_or_ap, 1,
FIREWALL_OR_CONNECTION, 0, 0)
== &ipv4_or_ap);
tt_assert(fascist_firewall_choose_address(&ipv4_or_ap, &ipv6_or_ap, 1,
tt_assert(reachable_addr_choose(&ipv4_or_ap, &ipv6_or_ap, 1,
FIREWALL_OR_CONNECTION, 1, 0)
== &ipv4_or_ap);
tt_assert(fascist_firewall_choose_address(&ipv4_dir_ap, &ipv6_dir_ap, 1,
tt_assert(reachable_addr_choose(&ipv4_dir_ap, &ipv6_dir_ap, 1,
FIREWALL_DIR_CONNECTION, 0, 0)
== &ipv4_dir_ap);
tt_assert(fascist_firewall_choose_address(&ipv4_dir_ap, &ipv6_dir_ap, 1,
tt_assert(reachable_addr_choose(&ipv4_dir_ap, &ipv6_dir_ap, 1,
FIREWALL_DIR_CONNECTION, 1, 0)
== &ipv4_dir_ap);
/* Prefer IPv6 */
tt_assert(fascist_firewall_choose_address(&ipv4_or_ap, &ipv6_or_ap, 0,
tt_assert(reachable_addr_choose(&ipv4_or_ap, &ipv6_or_ap, 0,
FIREWALL_OR_CONNECTION, 0, 1)
== &ipv6_or_ap);
tt_assert(fascist_firewall_choose_address(&ipv4_or_ap, &ipv6_or_ap, 0,
tt_assert(reachable_addr_choose(&ipv4_or_ap, &ipv6_or_ap, 0,
FIREWALL_OR_CONNECTION, 1, 1)
== &ipv6_or_ap);
tt_assert(fascist_firewall_choose_address(&ipv4_dir_ap, &ipv6_dir_ap, 0,
tt_assert(reachable_addr_choose(&ipv4_dir_ap, &ipv6_dir_ap, 0,
FIREWALL_DIR_CONNECTION, 0, 1)
== &ipv6_dir_ap);
tt_assert(fascist_firewall_choose_address(&ipv4_dir_ap, &ipv6_dir_ap, 0,
tt_assert(reachable_addr_choose(&ipv4_dir_ap, &ipv6_dir_ap, 0,
FIREWALL_DIR_CONNECTION, 1, 1)
== &ipv6_dir_ap);
/* Unusual inputs */
/* null preferred OR addresses */
tt_assert(fascist_firewall_choose_address(&ipv4_or_ap, &n_ipv6_ap, 0,
tt_assert(reachable_addr_choose(&ipv4_or_ap, &n_ipv6_ap, 0,
FIREWALL_OR_CONNECTION, 0, 1)
== &ipv4_or_ap);
tt_assert(fascist_firewall_choose_address(&n_ipv4_ap, &ipv6_or_ap, 1,
tt_assert(reachable_addr_choose(&n_ipv4_ap, &ipv6_or_ap, 1,
FIREWALL_OR_CONNECTION, 0, 0)
== &ipv6_or_ap);
/* null both OR addresses */
tt_ptr_op(fascist_firewall_choose_address(&n_ipv4_ap, &n_ipv6_ap, 0,
tt_ptr_op(reachable_addr_choose(&n_ipv4_ap, &n_ipv6_ap, 0,
FIREWALL_OR_CONNECTION, 0, 1),
OP_EQ, NULL);
tt_ptr_op(fascist_firewall_choose_address(&n_ipv4_ap, &n_ipv6_ap, 1,
tt_ptr_op(reachable_addr_choose(&n_ipv4_ap, &n_ipv6_ap, 1,
FIREWALL_OR_CONNECTION, 0, 0),
OP_EQ, NULL);
/* null preferred Dir addresses */
tt_assert(fascist_firewall_choose_address(&ipv4_dir_ap, &n_ipv6_ap, 0,
tt_assert(reachable_addr_choose(&ipv4_dir_ap, &n_ipv6_ap, 0,
FIREWALL_DIR_CONNECTION, 0, 1)
== &ipv4_dir_ap);
tt_assert(fascist_firewall_choose_address(&n_ipv4_ap, &ipv6_dir_ap, 1,
tt_assert(reachable_addr_choose(&n_ipv4_ap, &ipv6_dir_ap, 1,
FIREWALL_DIR_CONNECTION, 0, 0)
== &ipv6_dir_ap);
/* null both Dir addresses */
tt_ptr_op(fascist_firewall_choose_address(&n_ipv4_ap, &n_ipv6_ap, 0,
tt_ptr_op(reachable_addr_choose(&n_ipv4_ap, &n_ipv6_ap, 0,
FIREWALL_DIR_CONNECTION, 0, 1),
OP_EQ, NULL);
tt_ptr_op(fascist_firewall_choose_address(&n_ipv4_ap, &n_ipv6_ap, 1,
tt_ptr_op(reachable_addr_choose(&n_ipv4_ap, &n_ipv6_ap, 1,
FIREWALL_DIR_CONNECTION, 0, 0),
OP_EQ, NULL);
/* Prefer IPv4 but want IPv6 (contradictory) */
tt_assert(fascist_firewall_choose_address(&ipv4_or_ap, &ipv6_or_ap, 0,
tt_assert(reachable_addr_choose(&ipv4_or_ap, &ipv6_or_ap, 0,
FIREWALL_OR_CONNECTION, 0, 0)
== &ipv4_or_ap);
tt_assert(fascist_firewall_choose_address(&ipv4_or_ap, &ipv6_or_ap, 0,
tt_assert(reachable_addr_choose(&ipv4_or_ap, &ipv6_or_ap, 0,
FIREWALL_OR_CONNECTION, 1, 0)
== &ipv4_or_ap);
/* Prefer IPv6 but want IPv4 (contradictory) */
tt_assert(fascist_firewall_choose_address(&ipv4_or_ap, &ipv6_or_ap, 1,
tt_assert(reachable_addr_choose(&ipv4_or_ap, &ipv6_or_ap, 1,
FIREWALL_OR_CONNECTION, 0, 1)
== &ipv6_or_ap);
tt_assert(fascist_firewall_choose_address(&ipv4_or_ap, &ipv6_or_ap, 1,
tt_assert(reachable_addr_choose(&ipv4_or_ap, &ipv6_or_ap, 1,
FIREWALL_OR_CONNECTION, 1, 1)
== &ipv6_or_ap);
@ -2268,7 +2268,7 @@ test_policies_fascist_firewall_choose_address(void *arg)
mock_options.ClientPreferIPv6ORPort = 0;
mock_options.ClientPreferIPv6DirPort = 0;
/* Simulate the initialisation of fake_node.ipv6_preferred */
fake_node.ipv6_preferred = fascist_firewall_prefer_ipv6_orport(
fake_node.ipv6_preferred = reachable_addr_prefer_ipv6_orport(
&mock_options);
CHECK_CHOSEN_ADDR_RN(fake_rs, fake_node, FIREWALL_OR_CONNECTION, 0, 1,
@ -2284,7 +2284,7 @@ test_policies_fascist_firewall_choose_address(void *arg)
mock_options.ClientPreferIPv6ORPort = -1;
mock_options.ClientPreferIPv6DirPort = -1;
/* Simulate the initialisation of fake_node.ipv6_preferred */
fake_node.ipv6_preferred = fascist_firewall_prefer_ipv6_orport(
fake_node.ipv6_preferred = reachable_addr_prefer_ipv6_orport(
&mock_options);
CHECK_CHOSEN_ADDR_RN(fake_rs, fake_node, FIREWALL_OR_CONNECTION, 0, 1,
@ -2300,7 +2300,7 @@ test_policies_fascist_firewall_choose_address(void *arg)
mock_options.ClientPreferIPv6ORPort = 1;
mock_options.ClientPreferIPv6DirPort = 1;
/* Simulate the initialisation of fake_node.ipv6_preferred */
fake_node.ipv6_preferred = fascist_firewall_prefer_ipv6_orport(
fake_node.ipv6_preferred = reachable_addr_prefer_ipv6_orport(
&mock_options);
CHECK_CHOSEN_ADDR_RN(fake_rs, fake_node, FIREWALL_OR_CONNECTION, 0, 1,
@ -2316,7 +2316,7 @@ test_policies_fascist_firewall_choose_address(void *arg)
mock_options.ClientPreferIPv6ORPort = 0;
mock_options.ClientPreferIPv6DirPort = 1;
/* Simulate the initialisation of fake_node.ipv6_preferred */
fake_node.ipv6_preferred = fascist_firewall_prefer_ipv6_orport(
fake_node.ipv6_preferred = reachable_addr_prefer_ipv6_orport(
&mock_options);
CHECK_CHOSEN_ADDR_RN(fake_rs, fake_node, FIREWALL_OR_CONNECTION, 0, 1,
@ -2332,7 +2332,7 @@ test_policies_fascist_firewall_choose_address(void *arg)
mock_options.ClientPreferIPv6ORPort = 1;
mock_options.ClientPreferIPv6DirPort = 0;
/* Simulate the initialisation of fake_node.ipv6_preferred */
fake_node.ipv6_preferred = fascist_firewall_prefer_ipv6_orport(
fake_node.ipv6_preferred = reachable_addr_prefer_ipv6_orport(
&mock_options);
CHECK_CHOSEN_ADDR_RN(fake_rs, fake_node, FIREWALL_OR_CONNECTION, 0, 1,
@ -2354,7 +2354,7 @@ test_policies_fascist_firewall_choose_address(void *arg)
mock_options.ClientPreferIPv6ORPort = 0;
mock_options.ClientPreferIPv6DirPort = 0;
/* Simulate the initialisation of fake_node.ipv6_preferred */
fake_node.ipv6_preferred = fascist_firewall_prefer_ipv6_orport(
fake_node.ipv6_preferred = reachable_addr_prefer_ipv6_orport(
&mock_options);
CHECK_CHOSEN_ADDR_RN(fake_rs, fake_node, FIREWALL_OR_CONNECTION, 0, 1,
@ -2405,7 +2405,7 @@ test_policies_fascist_firewall_choose_address(void *arg)
mock_options.ClientPreferIPv6ORPort = 1;
mock_options.ClientPreferIPv6DirPort = 1;
/* Simulate the initialisation of fake_node.ipv6_preferred */
fake_node.ipv6_preferred = fascist_firewall_prefer_ipv6_orport(
fake_node.ipv6_preferred = reachable_addr_prefer_ipv6_orport(
&mock_options);
CHECK_CHOSEN_ADDR_RN(fake_rs, fake_node, FIREWALL_OR_CONNECTION, 0, 1,
@ -2454,7 +2454,7 @@ test_policies_fascist_firewall_choose_address(void *arg)
mock_options.ClientUseIPv4 = 1;
mock_options.ClientUseIPv6 = 0;
/* Simulate the initialisation of fake_node.ipv6_preferred */
fake_node.ipv6_preferred = fascist_firewall_prefer_ipv6_orport(
fake_node.ipv6_preferred = reachable_addr_prefer_ipv6_orport(
&mock_options);
CHECK_CHOSEN_ADDR_RN(fake_rs, fake_node, FIREWALL_OR_CONNECTION, 0, 1,
@ -2471,7 +2471,7 @@ test_policies_fascist_firewall_choose_address(void *arg)
mock_options.ClientUseIPv4 = 0;
mock_options.ClientUseIPv6 = 1;
/* Simulate the initialisation of fake_node.ipv6_preferred */
fake_node.ipv6_preferred = fascist_firewall_prefer_ipv6_orport(
fake_node.ipv6_preferred = reachable_addr_prefer_ipv6_orport(
&mock_options);
CHECK_CHOSEN_ADDR_RN(fake_rs, fake_node, FIREWALL_OR_CONNECTION, 0, 1,
@ -2489,7 +2489,7 @@ test_policies_fascist_firewall_choose_address(void *arg)
mock_options.ClientUseIPv4 = 0;
mock_options.ClientUseIPv6 = 0;
/* Simulate the initialisation of fake_node.ipv6_preferred */
fake_node.ipv6_preferred = fascist_firewall_prefer_ipv6_orport(
fake_node.ipv6_preferred = reachable_addr_prefer_ipv6_orport(
&mock_options);
CHECK_CHOSEN_ADDR_RN(fake_rs, fake_node, FIREWALL_OR_CONNECTION, 0, 1,
@ -2511,7 +2511,7 @@ test_policies_fascist_firewall_choose_address(void *arg)
mock_options.ClientPreferIPv6DirPort = 1;
/* Simulate the initialisation of fake_node.ipv6_preferred */
fake_node.ipv6_preferred = fascist_firewall_prefer_ipv6_orport(
fake_node.ipv6_preferred = reachable_addr_prefer_ipv6_orport(
&mock_options);
CHECK_CHOSEN_ADDR_RN(fake_rs, fake_node, FIREWALL_OR_CONNECTION, 0, 1,
@ -2683,9 +2683,9 @@ struct testcase_t policy_tests[] = {
{ "reject_interface_address", test_policies_reject_interface_address, 0,
NULL, NULL },
{ "reject_port_address", test_policies_reject_port_address, 0, NULL, NULL },
{ "fascist_firewall_allows_address",
{ "reachable_addr_allows",
test_policies_fascist_firewall_allows_address, 0, NULL, NULL },
{ "fascist_firewall_choose_address",
{ "reachable_addr_choose",
test_policies_fascist_firewall_choose_address, 0, NULL, NULL },
END_OF_TESTCASES
};