nihilist/tor
1
0
Fork 0
mirror of https://gitlab.torproject.org/tpo/core/tor.git synced 2024-12-02 16:43:32 +01:00
Code Issues Packages Projects Releases Wiki Activity

Merge remote-tracking branch 'tor-gitlab/mr/111'

Browse Source
This commit is contained in:
George Kadianakis 2020-08-11 15:12:43 +03:00
commit b705cfa024
17 changed files with 226 additions and 223 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
changes/ticket18106 Normal file
View File

@ -0,0 +1,3 @@
o Code simplification and refactoring:
- Rename "fascist_firewall_*" identifiers to "reachable_addr_*" instead,
for consistency with other code. Closes ticket 18106.

4
src/app/config/or_options_st.h
View File

@ -668,7 +668,7 @@ struct or_options_t {
int ClientUseIPv4; int ClientUseIPv4;
/** If true, clients may connect over IPv6. If false, they will avoid /** If true, clients may connect over IPv6. If false, they will avoid
* connecting over IPv4. We enforce this for OR and Dir connections. * connecting over IPv4. We enforce this for OR and Dir connections.
* Use fascist_firewall_use_ipv6() instead of accessing this value * Use reachable_addr_use_ipv6() instead of accessing this value
* directly. */ * directly. */
int ClientUseIPv6; int ClientUseIPv6;
/** If true, prefer an IPv6 OR port over an IPv4 one for entry node /** If true, prefer an IPv6 OR port over an IPv4 one for entry node
@ -678,7 +678,7 @@ struct or_options_t {
int ClientPreferIPv6ORPort; int ClientPreferIPv6ORPort;
/** If true, prefer an IPv6 directory port over an IPv4 one for direct /** If true, prefer an IPv6 directory port over an IPv4 one for direct
* directory connections. If auto, bridge clients prefer IPv6, and other * directory connections. If auto, bridge clients prefer IPv6, and other
* clients prefer IPv4. Use fascist_firewall_prefer_ipv6_dirport() instead of * clients prefer IPv4. Use reachable_addr_prefer_ipv6_dirport() instead of
* accessing this value directly. */ * accessing this value directly. */
int ClientPreferIPv6DirPort; int ClientPreferIPv6DirPort;

12
src/core/mainloop/connection.c
View File

@ -2246,11 +2246,11 @@ connection_connect_log_client_use_ip_version(const connection_t *conn)
return; return;
} }
const int must_ipv4 = !fascist_firewall_use_ipv6(options); const int must_ipv4 = !reachable_addr_use_ipv6(options);
const int must_ipv6 = (options->ClientUseIPv4 == 0); const int must_ipv6 = (options->ClientUseIPv4 == 0);
const int pref_ipv6 = (conn->type == CONN_TYPE_OR const int pref_ipv6 = (conn->type == CONN_TYPE_OR
? fascist_firewall_prefer_ipv6_orport(options) ? reachable_addr_prefer_ipv6_orport(options)
: fascist_firewall_prefer_ipv6_dirport(options)); : reachable_addr_prefer_ipv6_dirport(options));
tor_addr_t real_addr; tor_addr_t real_addr;
tor_addr_copy(&real_addr, &conn->addr); tor_addr_copy(&real_addr, &conn->addr);
@ -2275,7 +2275,7 @@ connection_connect_log_client_use_ip_version(const connection_t *conn)
return; return;
} }
if (fascist_firewall_use_ipv6(options)) { if (reachable_addr_use_ipv6(options)) {
log_info(LD_NET, "Our outgoing connection is using IPv%d.", log_info(LD_NET, "Our outgoing connection is using IPv%d.",
tor_addr_family(&real_addr) == AF_INET6 ? 6 : 4); tor_addr_family(&real_addr) == AF_INET6 ? 6 : 4);
} }
@ -2285,13 +2285,13 @@ connection_connect_log_client_use_ip_version(const connection_t *conn)
|| (pref_ipv6 && tor_addr_family(&real_addr) == AF_INET)) { || (pref_ipv6 && tor_addr_family(&real_addr) == AF_INET)) {
log_info(LD_NET, "Outgoing connection to %s doesn't satisfy " log_info(LD_NET, "Outgoing connection to %s doesn't satisfy "
"ClientPreferIPv6%sPort %d, with ClientUseIPv4 %d, and " "ClientPreferIPv6%sPort %d, with ClientUseIPv4 %d, and "
"fascist_firewall_use_ipv6 %d (ClientUseIPv6 %d and UseBridges " "reachable_addr_use_ipv6 %d (ClientUseIPv6 %d and UseBridges "
"%d).", "%d).",
fmt_addr(&real_addr), fmt_addr(&real_addr),
conn->type == CONN_TYPE_OR ? "OR" : "Dir", conn->type == CONN_TYPE_OR ? "OR" : "Dir",
conn->type == CONN_TYPE_OR ? options->ClientPreferIPv6ORPort conn->type == CONN_TYPE_OR ? options->ClientPreferIPv6ORPort
: options->ClientPreferIPv6DirPort, : options->ClientPreferIPv6DirPort,
options->ClientUseIPv4, fascist_firewall_use_ipv6(options), options->ClientUseIPv4, reachable_addr_use_ipv6(options),
options->ClientUseIPv6, options->UseBridges); options->ClientUseIPv6, options->UseBridges);
} }
} }

2
src/core/or/extendinfo.c
View File

@ -102,7 +102,7 @@ extend_info_from_node(const node_t *node, int for_direct_connect)
/* Choose a preferred address first, but fall back to an allowed address. */ /* Choose a preferred address first, but fall back to an allowed address. */
if (for_direct_connect) if (for_direct_connect)
fascist_firewall_choose_address_node(node, FIREWALL_OR_CONNECTION, 0, &ap); reachable_addr_choose_from_node(node, FIREWALL_OR_CONNECTION, 0, &ap);
else { else {
node_get_prim_orport(node, &ap); node_get_prim_orport(node, &ap);
} }

140
src/core/or/policies.c
View File

@ -311,7 +311,7 @@ parse_reachable_addresses(void)
"ReachableAddresses, ReachableORAddresses, or " "ReachableAddresses, ReachableORAddresses, or "
"ReachableDirAddresses reject all IPv4 addresses. " "ReachableDirAddresses reject all IPv4 addresses. "
"Tor will not connect using IPv4."); "Tor will not connect using IPv4.");
} else if (fascist_firewall_use_ipv6(options) } else if (reachable_addr_use_ipv6(options)
&& (policy_is_reject_star(reachable_or_addr_policy, AF_INET6, 0) && (policy_is_reject_star(reachable_or_addr_policy, AF_INET6, 0)
|| policy_is_reject_star(reachable_dir_addr_policy, AF_INET6, 0))) { || policy_is_reject_star(reachable_dir_addr_policy, AF_INET6, 0))) {
log_warn(LD_CONFIG, "You have configured tor to use or prefer IPv6 " log_warn(LD_CONFIG, "You have configured tor to use or prefer IPv6 "
@ -399,12 +399,12 @@ addr_policy_permits_tor_addr(const tor_addr_t *addr, uint16_t port,
* - if ClientUseIPv4 is 0, or * - if ClientUseIPv4 is 0, or
* if pref_only and pref_ipv6 are both true; * if pref_only and pref_ipv6 are both true;
* - return false for all IPv6 addresses: * - return false for all IPv6 addresses:
* - if fascist_firewall_use_ipv6() is 0, or * - if reachable_addr_use_ipv6() is 0, or
* - if pref_only is true and pref_ipv6 is false. * - if pref_only is true and pref_ipv6 is false.
* *
* Return false if addr is NULL or tor_addr_is_null(), or if port is 0. */ * Return false if addr is NULL or tor_addr_is_null(), or if port is 0. */
STATIC int STATIC int
fascist_firewall_allows_address(const tor_addr_t *addr, reachable_addr_allows(const tor_addr_t *addr,
uint16_t port, uint16_t port,
smartlist_t *firewall_policy, smartlist_t *firewall_policy,
int pref_only, int pref_ipv6) int pref_only, int pref_ipv6)
@ -427,7 +427,7 @@ fascist_firewall_allows_address(const tor_addr_t *addr,
/* Clients and Servers won't use IPv6 unless it's enabled (and in most /* Clients and Servers won't use IPv6 unless it's enabled (and in most
* cases, IPv6 must also be preferred before it will be used). */ * cases, IPv6 must also be preferred before it will be used). */
if (tor_addr_family(addr) == AF_INET6 && if (tor_addr_family(addr) == AF_INET6 &&
(!fascist_firewall_use_ipv6(options) || (pref_only && !pref_ipv6))) { (!reachable_addr_use_ipv6(options) || (pref_only && !pref_ipv6))) {
return 0; return 0;
} }
@ -443,7 +443,7 @@ fascist_firewall_allows_address(const tor_addr_t *addr,
* port: it supports bridge client per-node IPv6 preferences. * port: it supports bridge client per-node IPv6 preferences.
*/ */
int int
fascist_firewall_use_ipv6(const or_options_t *options) reachable_addr_use_ipv6(const or_options_t *options)
{ {
/* Clients use IPv6 if it's set, or they use bridges, or they don't use /* Clients use IPv6 if it's set, or they use bridges, or they don't use
* IPv4, or they prefer it. * IPv4, or they prefer it.
@ -458,7 +458,7 @@ fascist_firewall_use_ipv6(const or_options_t *options)
* If we're unsure, return -1, otherwise, return 1 for IPv6 and 0 for IPv4. * If we're unsure, return -1, otherwise, return 1 for IPv6 and 0 for IPv4.
*/ */
static int static int
fascist_firewall_prefer_ipv6_impl(const or_options_t *options) reachable_addr_prefer_ipv6_impl(const or_options_t *options)
{ {
/* /*
Cheap implementation of config options ClientUseIPv4 & ClientUseIPv6 -- Cheap implementation of config options ClientUseIPv4 & ClientUseIPv6 --
@ -466,7 +466,7 @@ fascist_firewall_prefer_ipv6_impl(const or_options_t *options)
If IPv4 is disabled, use IPv6. If IPv4 is disabled, use IPv6.
*/ */
if (server_mode(options) || !fascist_firewall_use_ipv6(options)) { if (server_mode(options) || !reachable_addr_use_ipv6(options)) {
return 0; return 0;
} }
@ -482,9 +482,9 @@ fascist_firewall_prefer_ipv6_impl(const or_options_t *options)
* per-node IPv6 preferences. * per-node IPv6 preferences.
*/ */
int int
fascist_firewall_prefer_ipv6_orport(const or_options_t *options) reachable_addr_prefer_ipv6_orport(const or_options_t *options)
{ {
int pref_ipv6 = fascist_firewall_prefer_ipv6_impl(options); int pref_ipv6 = reachable_addr_prefer_ipv6_impl(options);
if (pref_ipv6 >= 0) { if (pref_ipv6 >= 0) {
return pref_ipv6; return pref_ipv6;
@ -504,9 +504,9 @@ fascist_firewall_prefer_ipv6_orport(const or_options_t *options)
* preferences. There's no reason to use it instead of this function.) * preferences. There's no reason to use it instead of this function.)
*/ */
int int
fascist_firewall_prefer_ipv6_dirport(const or_options_t *options) reachable_addr_prefer_ipv6_dirport(const or_options_t *options)
{ {
int pref_ipv6 = fascist_firewall_prefer_ipv6_impl(options); int pref_ipv6 = reachable_addr_prefer_ipv6_impl(options);
if (pref_ipv6 >= 0) { if (pref_ipv6 >= 0) {
return pref_ipv6; return pref_ipv6;
@ -528,16 +528,16 @@ fascist_firewall_prefer_ipv6_dirport(const or_options_t *options)
* If pref_only is false, ignore pref_ipv6, and return true if addr is allowed. * If pref_only is false, ignore pref_ipv6, and return true if addr is allowed.
*/ */
int int
fascist_firewall_allows_address_addr(const tor_addr_t *addr, uint16_t port, reachable_addr_allows_addr(const tor_addr_t *addr, uint16_t port,
firewall_connection_t fw_connection, firewall_connection_t fw_connection,
int pref_only, int pref_ipv6) int pref_only, int pref_ipv6)
{ {
if (fw_connection == FIREWALL_OR_CONNECTION) { if (fw_connection == FIREWALL_OR_CONNECTION) {
return fascist_firewall_allows_address(addr, port, return reachable_addr_allows(addr, port,
reachable_or_addr_policy, reachable_or_addr_policy,
pref_only, pref_ipv6); pref_only, pref_ipv6);
} else if (fw_connection == FIREWALL_DIR_CONNECTION) { } else if (fw_connection == FIREWALL_DIR_CONNECTION) {
return fascist_firewall_allows_address(addr, port, return reachable_addr_allows(addr, port,
reachable_dir_addr_policy, reachable_dir_addr_policy,
pref_only, pref_ipv6); pref_only, pref_ipv6);
} else { } else {
@ -550,15 +550,15 @@ fascist_firewall_allows_address_addr(const tor_addr_t *addr, uint16_t port,
/** Return true iff we think our firewall will let us make a connection to /** Return true iff we think our firewall will let us make a connection to
* addr:port (ap). Uses ReachableORAddresses or ReachableDirAddresses based on * addr:port (ap). Uses ReachableORAddresses or ReachableDirAddresses based on
* fw_connection. * fw_connection.
* pref_only and pref_ipv6 work as in fascist_firewall_allows_address_addr(). * pref_only and pref_ipv6 work as in reachable_addr_allows_addr().
*/ */
static int static int
fascist_firewall_allows_address_ap(const tor_addr_port_t *ap, reachable_addr_allows_ap(const tor_addr_port_t *ap,
firewall_connection_t fw_connection, firewall_connection_t fw_connection,
int pref_only, int pref_ipv6) int pref_only, int pref_ipv6)
{ {
tor_assert(ap); tor_assert(ap);
return fascist_firewall_allows_address_addr(&ap->addr, ap->port, return reachable_addr_allows_addr(&ap->addr, ap->port,
fw_connection, pref_only, fw_connection, pref_only,
pref_ipv6); pref_ipv6);
} }
@ -567,17 +567,17 @@ fascist_firewall_allows_address_ap(const tor_addr_port_t *ap,
* ipv4h_addr/ipv6_addr. Uses ipv4_orport/ipv6_orport/ReachableORAddresses or * ipv4h_addr/ipv6_addr. Uses ipv4_orport/ipv6_orport/ReachableORAddresses or
* ipv4_dirport/ipv6_dirport/ReachableDirAddresses based on IPv4/IPv6 and * ipv4_dirport/ipv6_dirport/ReachableDirAddresses based on IPv4/IPv6 and
* <b>fw_connection</b>. * <b>fw_connection</b>.
* pref_only and pref_ipv6 work as in fascist_firewall_allows_address_addr(). * pref_only and pref_ipv6 work as in reachable_addr_allows_addr().
*/ */
static int static int
fascist_firewall_allows_base(const tor_addr_t *ipv4_addr, uint16_t ipv4_orport, reachable_addr_allows_base(const tor_addr_t *ipv4_addr, uint16_t ipv4_orport,
uint16_t ipv4_dirport, uint16_t ipv4_dirport,
const tor_addr_t *ipv6_addr, uint16_t ipv6_orport, const tor_addr_t *ipv6_addr, uint16_t ipv6_orport,
uint16_t ipv6_dirport, uint16_t ipv6_dirport,
firewall_connection_t fw_connection, firewall_connection_t fw_connection,
int pref_only, int pref_ipv6) int pref_only, int pref_ipv6)
{ {
if (fascist_firewall_allows_address_addr(ipv4_addr, if (reachable_addr_allows_addr(ipv4_addr,
(fw_connection == FIREWALL_OR_CONNECTION (fw_connection == FIREWALL_OR_CONNECTION
? ipv4_orport ? ipv4_orport
: ipv4_dirport), : ipv4_dirport),
@ -586,7 +586,7 @@ fascist_firewall_allows_base(const tor_addr_t *ipv4_addr, uint16_t ipv4_orport,
return 1; return 1;
} }
if (fascist_firewall_allows_address_addr(ipv6_addr, if (reachable_addr_allows_addr(ipv6_addr,
(fw_connection == FIREWALL_OR_CONNECTION (fw_connection == FIREWALL_OR_CONNECTION
? ipv6_orport ? ipv6_orport
: ipv6_dirport), : ipv6_dirport),
@ -598,9 +598,9 @@ fascist_firewall_allows_base(const tor_addr_t *ipv4_addr, uint16_t ipv4_orport,
return 0; return 0;
} }
/** Like fascist_firewall_allows_base(), but takes ri. */ /** Like reachable_addr_allows_base(), but takes ri. */
static int static int
fascist_firewall_allows_ri_impl(const routerinfo_t *ri, reachable_addr_allows_ri_impl(const routerinfo_t *ri,
firewall_connection_t fw_connection, firewall_connection_t fw_connection,
int pref_only, int pref_ipv6) int pref_only, int pref_ipv6)
{ {
@ -609,15 +609,15 @@ fascist_firewall_allows_ri_impl(const routerinfo_t *ri,
} }
/* Assume IPv4 and IPv6 DirPorts are the same */ /* Assume IPv4 and IPv6 DirPorts are the same */
return fascist_firewall_allows_base(&ri->ipv4_addr, ri->ipv4_orport, return reachable_addr_allows_base(&ri->ipv4_addr, ri->ipv4_orport,
ri->ipv4_dirport, &ri->ipv6_addr, ri->ipv4_dirport, &ri->ipv6_addr,
ri->ipv6_orport, ri->ipv4_dirport, ri->ipv6_orport, ri->ipv4_dirport,
fw_connection, pref_only, pref_ipv6); fw_connection, pref_only, pref_ipv6);
} }
/** Like fascist_firewall_allows_rs, but takes pref_ipv6. */ /** Like reachable_addr_allows_rs, but takes pref_ipv6. */
static int static int
fascist_firewall_allows_rs_impl(const routerstatus_t *rs, reachable_addr_allows_rs_impl(const routerstatus_t *rs,
firewall_connection_t fw_connection, firewall_connection_t fw_connection,
int pref_only, int pref_ipv6) int pref_only, int pref_ipv6)
{ {
@ -626,20 +626,20 @@ fascist_firewall_allows_rs_impl(const routerstatus_t *rs,
} }
/* Assume IPv4 and IPv6 DirPorts are the same */ /* Assume IPv4 and IPv6 DirPorts are the same */
return fascist_firewall_allows_base(&rs->ipv4_addr, rs->ipv4_orport, return reachable_addr_allows_base(&rs->ipv4_addr, rs->ipv4_orport,
rs->ipv4_dirport, &rs->ipv6_addr, rs->ipv4_dirport, &rs->ipv6_addr,
rs->ipv6_orport, rs->ipv4_dirport, rs->ipv6_orport, rs->ipv4_dirport,
fw_connection, pref_only, pref_ipv6); fw_connection, pref_only, pref_ipv6);
} }
/** Like fascist_firewall_allows_base(), but takes rs. /** Like reachable_addr_allows_base(), but takes rs.
* When rs is a fake_status from a dir_server_t, it can have a reachable * When rs is a fake_status from a dir_server_t, it can have a reachable
* address, even when the corresponding node does not. * address, even when the corresponding node does not.
* nodes can be missing addresses when there's no consensus (IPv4 and IPv6), * nodes can be missing addresses when there's no consensus (IPv4 and IPv6),
* or when there is a microdescriptor consensus, but no microdescriptors * or when there is a microdescriptor consensus, but no microdescriptors
* (microdescriptors have IPv6, the microdesc consensus does not). */ * (microdescriptors have IPv6, the microdesc consensus does not). */
int int
fascist_firewall_allows_rs(const routerstatus_t *rs, reachable_addr_allows_rs(const routerstatus_t *rs,
firewall_connection_t fw_connection, int pref_only) firewall_connection_t fw_connection, int pref_only)
{ {
if (!rs) { if (!rs) {
@ -650,20 +650,20 @@ fascist_firewall_allows_rs(const routerstatus_t *rs,
* generic IPv6 preference instead. */ * generic IPv6 preference instead. */
const or_options_t *options = get_options(); const or_options_t *options = get_options();
int pref_ipv6 = (fw_connection == FIREWALL_OR_CONNECTION int pref_ipv6 = (fw_connection == FIREWALL_OR_CONNECTION
? fascist_firewall_prefer_ipv6_orport(options) ? reachable_addr_prefer_ipv6_orport(options)
: fascist_firewall_prefer_ipv6_dirport(options)); : reachable_addr_prefer_ipv6_dirport(options));
return fascist_firewall_allows_rs_impl(rs, fw_connection, pref_only, return reachable_addr_allows_rs_impl(rs, fw_connection, pref_only,
pref_ipv6); pref_ipv6);
} }
/** Return true iff we think our firewall will let us make a connection to /** Return true iff we think our firewall will let us make a connection to
* ipv6_addr:ipv6_orport based on ReachableORAddresses. * ipv6_addr:ipv6_orport based on ReachableORAddresses.
* If <b>fw_connection</b> is FIREWALL_DIR_CONNECTION, returns 0. * If <b>fw_connection</b> is FIREWALL_DIR_CONNECTION, returns 0.
* pref_only and pref_ipv6 work as in fascist_firewall_allows_address_addr(). * pref_only and pref_ipv6 work as in reachable_addr_allows_addr().
*/ */
static int static int
fascist_firewall_allows_md_impl(const microdesc_t *md, reachable_addr_allows_md_impl(const microdesc_t *md,
firewall_connection_t fw_connection, firewall_connection_t fw_connection,
int pref_only, int pref_ipv6) int pref_only, int pref_ipv6)
{ {
@ -677,15 +677,15 @@ fascist_firewall_allows_md_impl(const microdesc_t *md,
} }
/* Also can't check IPv4, doesn't have that either */ /* Also can't check IPv4, doesn't have that either */
return fascist_firewall_allows_address_addr(&md->ipv6_addr, md->ipv6_orport, return reachable_addr_allows_addr(&md->ipv6_addr, md->ipv6_orport,
fw_connection, pref_only, fw_connection, pref_only,
pref_ipv6); pref_ipv6);
} }
/** Like fascist_firewall_allows_base(), but takes node, and looks up pref_ipv6 /** Like reachable_addr_allows_base(), but takes node, and looks up pref_ipv6
* from node_ipv6_or/dir_preferred(). */ * from node_ipv6_or/dir_preferred(). */
int int
fascist_firewall_allows_node(const node_t *node, reachable_addr_allows_node(const node_t *node,
firewall_connection_t fw_connection, firewall_connection_t fw_connection,
int pref_only) int pref_only)
{ {
@ -701,15 +701,15 @@ fascist_firewall_allows_node(const node_t *node,
/* Sometimes, the rs is missing the IPv6 address info, and we need to go /* Sometimes, the rs is missing the IPv6 address info, and we need to go
* all the way to the md */ * all the way to the md */
if (node->ri && fascist_firewall_allows_ri_impl(node->ri, fw_connection, if (node->ri && reachable_addr_allows_ri_impl(node->ri, fw_connection,
pref_only, pref_ipv6)) { pref_only, pref_ipv6)) {
return 1; return 1;
} else if (node->rs && fascist_firewall_allows_rs_impl(node->rs, } else if (node->rs && reachable_addr_allows_rs_impl(node->rs,
fw_connection, fw_connection,
pref_only, pref_only,
pref_ipv6)) { pref_ipv6)) {
return 1; return 1;
} else if (node->md && fascist_firewall_allows_md_impl(node->md, } else if (node->md && reachable_addr_allows_md_impl(node->md,
fw_connection, fw_connection,
pref_only, pref_only,
pref_ipv6)) { pref_ipv6)) {
@ -721,9 +721,9 @@ fascist_firewall_allows_node(const node_t *node,
} }
} }
/** Like fascist_firewall_allows_rs(), but takes ds. */ /** Like reachable_addr_allows_rs(), but takes ds. */
int int
fascist_firewall_allows_dir_server(const dir_server_t *ds, reachable_addr_allows_dir_server(const dir_server_t *ds,
firewall_connection_t fw_connection, firewall_connection_t fw_connection,
int pref_only) int pref_only)
{ {
@ -734,8 +734,8 @@ fascist_firewall_allows_dir_server(const dir_server_t *ds,
/* A dir_server_t always has a fake_status. As long as it has the same /* A dir_server_t always has a fake_status. As long as it has the same
* addresses/ports in both fake_status and dir_server_t, this works fine. * addresses/ports in both fake_status and dir_server_t, this works fine.
* (See #17867.) * (See #17867.)
* fascist_firewall_allows_rs only checks the addresses in fake_status. */ * reachable_addr_allows_rs only checks the addresses in fake_status. */
return fascist_firewall_allows_rs(&ds->fake_status, fw_connection, return reachable_addr_allows_rs(&ds->fake_status, fw_connection,
pref_only); pref_only);
} }
@ -743,10 +743,10 @@ fascist_firewall_allows_dir_server(const dir_server_t *ds,
* choose one based on want_a and return it. * choose one based on want_a and return it.
* Otherwise, return whichever is allowed. * Otherwise, return whichever is allowed.
* Otherwise, return NULL. * Otherwise, return NULL.
* pref_only and pref_ipv6 work as in fascist_firewall_allows_address_addr(). * pref_only and pref_ipv6 work as in reachable_addr_allows_addr().
*/ */
static const tor_addr_port_t * static const tor_addr_port_t *
fascist_firewall_choose_address_impl(const tor_addr_port_t *a, reachable_addr_choose_impl(const tor_addr_port_t *a,
const tor_addr_port_t *b, const tor_addr_port_t *b,
int want_a, int want_a,
firewall_connection_t fw_connection, firewall_connection_t fw_connection,
@ -755,12 +755,12 @@ fascist_firewall_choose_address_impl(const tor_addr_port_t *a,
const tor_addr_port_t *use_a = NULL; const tor_addr_port_t *use_a = NULL;
const tor_addr_port_t *use_b = NULL; const tor_addr_port_t *use_b = NULL;
if (fascist_firewall_allows_address_ap(a, fw_connection, pref_only, if (reachable_addr_allows_ap(a, fw_connection, pref_only,
pref_ipv6)) { pref_ipv6)) {
use_a = a; use_a = a;
} }
if (fascist_firewall_allows_address_ap(b, fw_connection, pref_only, if (reachable_addr_allows_ap(b, fw_connection, pref_only,
pref_ipv6)) { pref_ipv6)) {
use_b = b; use_b = b;
} }
@ -784,13 +784,13 @@ fascist_firewall_choose_address_impl(const tor_addr_port_t *a,
* - Otherwise, return whichever is preferred. * - Otherwise, return whichever is preferred.
* Otherwise, return NULL. */ * Otherwise, return NULL. */
STATIC const tor_addr_port_t * STATIC const tor_addr_port_t *
fascist_firewall_choose_address(const tor_addr_port_t *a, reachable_addr_choose(const tor_addr_port_t *a,
const tor_addr_port_t *b, const tor_addr_port_t *b,
int want_a, int want_a,
firewall_connection_t fw_connection, firewall_connection_t fw_connection,
int pref_only, int pref_ipv6) int pref_only, int pref_ipv6)
{ {
const tor_addr_port_t *pref = fascist_firewall_choose_address_impl( const tor_addr_port_t *pref = reachable_addr_choose_impl(
a, b, want_a, a, b, want_a,
fw_connection, fw_connection,
1, pref_ipv6); 1, pref_ipv6);
@ -802,7 +802,7 @@ fascist_firewall_choose_address(const tor_addr_port_t *a,
} else { } else {
/* If there's no preferred address, and we can return addresses that are /* If there's no preferred address, and we can return addresses that are
* not preferred, use an address that's allowed */ * not preferred, use an address that's allowed */
return fascist_firewall_choose_address_impl(a, b, want_a, fw_connection, return reachable_addr_choose_impl(a, b, want_a, fw_connection,
0, pref_ipv6); 0, pref_ipv6);
} }
} }
@ -817,7 +817,7 @@ fascist_firewall_choose_address(const tor_addr_port_t *a,
* If both addresses could be chosen (they are both preferred or both allowed) * If both addresses could be chosen (they are both preferred or both allowed)
* choose IPv6 if pref_ipv6 is true, otherwise choose IPv4. */ * choose IPv6 if pref_ipv6 is true, otherwise choose IPv4. */
static void static void
fascist_firewall_choose_address_base(const tor_addr_t *ipv4_addr, reachable_addr_choose_base(const tor_addr_t *ipv4_addr,
uint16_t ipv4_orport, uint16_t ipv4_orport,
uint16_t ipv4_dirport, uint16_t ipv4_dirport,
const tor_addr_t *ipv6_addr, const tor_addr_t *ipv6_addr,
@ -849,7 +849,7 @@ fascist_firewall_choose_address_base(const tor_addr_t *ipv4_addr,
? ipv6_orport ? ipv6_orport
: ipv6_dirport); : ipv6_dirport);
result = fascist_firewall_choose_address(&ipv4_ap, &ipv6_ap, result = reachable_addr_choose(&ipv4_ap, &ipv6_ap,
want_ipv4, want_ipv4,
fw_connection, pref_only, fw_connection, pref_only,
pref_ipv6); pref_ipv6);
@ -860,13 +860,13 @@ fascist_firewall_choose_address_base(const tor_addr_t *ipv4_addr,
} }
} }
/** Like fascist_firewall_choose_address_base(), but takes <b>rs</b>. /** Like reachable_addr_choose_base(), but takes <b>rs</b>.
* Consults the corresponding node, then falls back to rs if node is NULL. * Consults the corresponding node, then falls back to rs if node is NULL.
* This should only happen when there's no valid consensus, and rs doesn't * This should only happen when there's no valid consensus, and rs doesn't
* correspond to a bridge client's bridge. * correspond to a bridge client's bridge.
*/ */
void void
fascist_firewall_choose_address_rs(const routerstatus_t *rs, reachable_addr_choose_from_rs(const routerstatus_t *rs,
firewall_connection_t fw_connection, firewall_connection_t fw_connection,
int pref_only, tor_addr_port_t* ap) int pref_only, tor_addr_port_t* ap)
{ {
@ -883,15 +883,15 @@ fascist_firewall_choose_address_rs(const routerstatus_t *rs,
const node_t *node = node_get_by_id(rs->identity_digest); const node_t *node = node_get_by_id(rs->identity_digest);
if (node) { if (node) {
fascist_firewall_choose_address_node(node, fw_connection, pref_only, ap); reachable_addr_choose_from_node(node, fw_connection, pref_only, ap);
} else { } else {
/* There's no node-specific IPv6 preference, so use the generic IPv6 /* There's no node-specific IPv6 preference, so use the generic IPv6
* preference instead. */ * preference instead. */
int pref_ipv6 = (fw_connection == FIREWALL_OR_CONNECTION int pref_ipv6 = (fw_connection == FIREWALL_OR_CONNECTION
? fascist_firewall_prefer_ipv6_orport(options) ? reachable_addr_prefer_ipv6_orport(options)
: fascist_firewall_prefer_ipv6_dirport(options)); : reachable_addr_prefer_ipv6_dirport(options));
fascist_firewall_choose_address_base(&rs->ipv4_addr, rs->ipv4_orport, reachable_addr_choose_base(&rs->ipv4_addr, rs->ipv4_orport,
rs->ipv4_dirport, &rs->ipv6_addr, rs->ipv4_dirport, &rs->ipv6_addr,
rs->ipv6_orport, rs->ipv4_dirport, rs->ipv6_orport, rs->ipv4_dirport,
fw_connection, pref_only, pref_ipv6, fw_connection, pref_only, pref_ipv6,
@ -899,13 +899,13 @@ fascist_firewall_choose_address_rs(const routerstatus_t *rs,
} }
} }
/** Like fascist_firewall_choose_address_base(), but takes in a smartlist /** Like reachable_addr_choose_base(), but takes in a smartlist
* <b>lspecs</b> consisting of one or more link specifiers. We assume * <b>lspecs</b> consisting of one or more link specifiers. We assume
* fw_connection is FIREWALL_OR_CONNECTION as link specifiers cannot * fw_connection is FIREWALL_OR_CONNECTION as link specifiers cannot
* contain DirPorts. * contain DirPorts.
*/ */
void void
fascist_firewall_choose_address_ls(const smartlist_t *lspecs, reachable_addr_choose_from_ls(const smartlist_t *lspecs,
int pref_only, tor_addr_port_t* ap) int pref_only, tor_addr_port_t* ap)
{ {
int have_v4 = 0, have_v6 = 0; int have_v4 = 0, have_v6 = 0;
@ -967,20 +967,20 @@ fascist_firewall_choose_address_ls(const smartlist_t *lspecs,
/* Here, don't check for DirPorts as link specifiers are only used for /* Here, don't check for DirPorts as link specifiers are only used for
* ORPorts. */ * ORPorts. */
const or_options_t *options = get_options(); const or_options_t *options = get_options();
int pref_ipv6 = fascist_firewall_prefer_ipv6_orport(options); int pref_ipv6 = reachable_addr_prefer_ipv6_orport(options);
/* Assume that the DirPorts are zero as link specifiers only use ORPorts. */ /* Assume that the DirPorts are zero as link specifiers only use ORPorts. */
fascist_firewall_choose_address_base(&addr_v4, port_v4, 0, reachable_addr_choose_base(&addr_v4, port_v4, 0,
&addr_v6, port_v6, 0, &addr_v6, port_v6, 0,
FIREWALL_OR_CONNECTION, FIREWALL_OR_CONNECTION,
pref_only, pref_ipv6, pref_only, pref_ipv6,
ap); ap);
} }
/** Like fascist_firewall_choose_address_base(), but takes <b>node</b>, and /** Like reachable_addr_choose_base(), but takes <b>node</b>, and
* looks up the node's IPv6 preference rather than taking an argument * looks up the node's IPv6 preference rather than taking an argument
* for pref_ipv6. */ * for pref_ipv6. */
void void
fascist_firewall_choose_address_node(const node_t *node, reachable_addr_choose_from_node(const node_t *node,
firewall_connection_t fw_connection, firewall_connection_t fw_connection,
int pref_only, tor_addr_port_t *ap) int pref_only, tor_addr_port_t *ap)
{ {
@ -1010,16 +1010,16 @@ fascist_firewall_choose_address_node(const node_t *node,
node_get_pref_ipv6_dirport(node, &ipv6_dir_ap); node_get_pref_ipv6_dirport(node, &ipv6_dir_ap);
/* Assume the IPv6 OR and Dir addresses are the same. */ /* Assume the IPv6 OR and Dir addresses are the same. */
fascist_firewall_choose_address_base(&ipv4_or_ap.addr, ipv4_or_ap.port, reachable_addr_choose_base(&ipv4_or_ap.addr, ipv4_or_ap.port,
ipv4_dir_ap.port, &ipv6_or_ap.addr, ipv4_dir_ap.port, &ipv6_or_ap.addr,
ipv6_or_ap.port, ipv6_dir_ap.port, ipv6_or_ap.port, ipv6_dir_ap.port,
fw_connection, pref_only, fw_connection, pref_only,
pref_ipv6_node, ap); pref_ipv6_node, ap);
} }
/** Like fascist_firewall_choose_address_rs(), but takes <b>ds</b>. */ /** Like reachable_addr_choose_from_rs(), but takes <b>ds</b>. */
void void
fascist_firewall_choose_address_dir_server(const dir_server_t *ds, reachable_addr_choose_from_dir_server(const dir_server_t *ds,
firewall_connection_t fw_connection, firewall_connection_t fw_connection,
int pref_only, int pref_only,
tor_addr_port_t *ap) tor_addr_port_t *ap)
@ -1036,9 +1036,9 @@ fascist_firewall_choose_address_dir_server(const dir_server_t *ds,
/* A dir_server_t always has a fake_status. As long as it has the same /* A dir_server_t always has a fake_status. As long as it has the same
* addresses/ports in both fake_status and dir_server_t, this works fine. * addresses/ports in both fake_status and dir_server_t, this works fine.
* (See #17867.) * (See #17867.)
* This function relies on fascist_firewall_choose_address_rs looking up the * This function relies on reachable_addr_choose_from_rs looking up the
* node if it can, because that will get the latest info for the relay. */ * node if it can, because that will get the latest info for the relay. */
fascist_firewall_choose_address_rs(&ds->fake_status, fw_connection, reachable_addr_choose_from_rs(&ds->fake_status, fw_connection,
pref_only, ap); pref_only, ap);
} }

26
src/core/or/policies.h
View File

@ -69,34 +69,34 @@ typedef struct short_policy_t {
int firewall_is_fascist_or(void); int firewall_is_fascist_or(void);
int firewall_is_fascist_dir(void); int firewall_is_fascist_dir(void);
int fascist_firewall_use_ipv6(const or_options_t *options); int reachable_addr_use_ipv6(const or_options_t *options);
int fascist_firewall_prefer_ipv6_orport(const or_options_t *options); int reachable_addr_prefer_ipv6_orport(const or_options_t *options);
int fascist_firewall_prefer_ipv6_dirport(const or_options_t *options); int reachable_addr_prefer_ipv6_dirport(const or_options_t *options);
int fascist_firewall_allows_address_addr(const tor_addr_t *addr, int reachable_addr_allows_addr(const tor_addr_t *addr,
uint16_t port, uint16_t port,
firewall_connection_t fw_connection, firewall_connection_t fw_connection,
int pref_only, int pref_ipv6); int pref_only, int pref_ipv6);
int fascist_firewall_allows_rs(const routerstatus_t *rs, int reachable_addr_allows_rs(const routerstatus_t *rs,
firewall_connection_t fw_connection, firewall_connection_t fw_connection,
int pref_only); int pref_only);
int fascist_firewall_allows_node(const node_t *node, int reachable_addr_allows_node(const node_t *node,
firewall_connection_t fw_connection, firewall_connection_t fw_connection,
int pref_only); int pref_only);
int fascist_firewall_allows_dir_server(const dir_server_t *ds, int reachable_addr_allows_dir_server(const dir_server_t *ds,
firewall_connection_t fw_connection, firewall_connection_t fw_connection,
int pref_only); int pref_only);
void fascist_firewall_choose_address_rs(const routerstatus_t *rs, void reachable_addr_choose_from_rs(const routerstatus_t *rs,
firewall_connection_t fw_connection, firewall_connection_t fw_connection,
int pref_only, tor_addr_port_t* ap); int pref_only, tor_addr_port_t* ap);
void fascist_firewall_choose_address_ls(const smartlist_t *lspecs, void reachable_addr_choose_from_ls(const smartlist_t *lspecs,
int pref_only, tor_addr_port_t* ap); int pref_only, tor_addr_port_t* ap);
void fascist_firewall_choose_address_node(const node_t *node, void reachable_addr_choose_from_node(const node_t *node,
firewall_connection_t fw_connection, firewall_connection_t fw_connection,
int pref_only, tor_addr_port_t* ap); int pref_only, tor_addr_port_t* ap);
void fascist_firewall_choose_address_dir_server(const dir_server_t *ds, void reachable_addr_choose_from_dir_server(const dir_server_t *ds,
firewall_connection_t fw_connection, firewall_connection_t fw_connection,
int pref_only, tor_addr_port_t* ap); int pref_only, tor_addr_port_t* ap);
@ -173,11 +173,11 @@ addr_policy_result_t compare_tor_addr_to_short_policy(
#ifdef POLICIES_PRIVATE #ifdef POLICIES_PRIVATE
STATIC void append_exit_policy_string(smartlist_t **policy, const char *more); STATIC void append_exit_policy_string(smartlist_t **policy, const char *more);
STATIC int fascist_firewall_allows_address(const tor_addr_t *addr, STATIC int reachable_addr_allows(const tor_addr_t *addr,
uint16_t port, uint16_t port,
smartlist_t *firewall_policy, smartlist_t *firewall_policy,
int pref_only, int pref_ipv6); int pref_only, int pref_ipv6);
STATIC const tor_addr_port_t * fascist_firewall_choose_address( STATIC const tor_addr_port_t * reachable_addr_choose(
const tor_addr_port_t *a, const tor_addr_port_t *a,
const tor_addr_port_t *b, const tor_addr_port_t *b,
int want_a, int want_a,

8
src/feature/client/bridges.c
View File

@ -654,7 +654,7 @@ launch_direct_bridge_descriptor_fetch(bridge_info_t *bridge)
/* Until we get a descriptor for the bridge, we only know one address for /* Until we get a descriptor for the bridge, we only know one address for
* it. */ * it. */
if (!fascist_firewall_allows_address_addr(&bridge->addr, bridge->port, if (!reachable_addr_allows_addr(&bridge->addr, bridge->port,
FIREWALL_OR_CONNECTION, 0, 0)) { FIREWALL_OR_CONNECTION, 0, 0)) {
log_notice(LD_CONFIG, "Tried to fetch a descriptor directly from a " log_notice(LD_CONFIG, "Tried to fetch a descriptor directly from a "
"bridge, but that bridge is not reachable through our " "bridge, but that bridge is not reachable through our "
@ -746,7 +746,7 @@ fetch_bridge_descriptors(const or_options_t *options, time_t now)
!options->UpdateBridgesFromAuthority, !num_bridge_auths); !options->UpdateBridgesFromAuthority, !num_bridge_auths);
if (ask_bridge_directly && if (ask_bridge_directly &&
!fascist_firewall_allows_address_addr(&bridge->addr, bridge->port, !reachable_addr_allows_addr(&bridge->addr, bridge->port,
FIREWALL_OR_CONNECTION, 0, FIREWALL_OR_CONNECTION, 0,
0)) { 0)) {
log_notice(LD_DIR, "Bridge at '%s' isn't reachable by our " log_notice(LD_DIR, "Bridge at '%s' isn't reachable by our "
@ -832,7 +832,7 @@ rewrite_node_address_for_bridge(const bridge_info_t *bridge, node_t *node)
!tor_addr_is_null(&node->ri->ipv6_addr)); !tor_addr_is_null(&node->ri->ipv6_addr));
} else { } else {
/* Mark which address to use based on user preference */ /* Mark which address to use based on user preference */
node->ipv6_preferred = (fascist_firewall_prefer_ipv6_orport(options) && node->ipv6_preferred = (reachable_addr_prefer_ipv6_orport(options) &&
!tor_addr_is_null(&node->ri->ipv6_addr)); !tor_addr_is_null(&node->ri->ipv6_addr));
} }
@ -889,7 +889,7 @@ rewrite_node_address_for_bridge(const bridge_info_t *bridge, node_t *node)
!tor_addr_is_null(&node->rs->ipv6_addr)); !tor_addr_is_null(&node->rs->ipv6_addr));
} else { } else {
/* Mark which address to use based on user preference */ /* Mark which address to use based on user preference */
node->ipv6_preferred = (fascist_firewall_prefer_ipv6_orport(options) && node->ipv6_preferred = (reachable_addr_prefer_ipv6_orport(options) &&
!tor_addr_is_null(&node->rs->ipv6_addr)); !tor_addr_is_null(&node->rs->ipv6_addr));
} }

4
src/feature/client/entrynodes.c
View File

@ -1466,7 +1466,7 @@ node_passes_guard_filter(const or_options_t *options,
!routerset_contains_node(options->EntryNodes, node)) !routerset_contains_node(options->EntryNodes, node))
return 0; return 0;
if (!fascist_firewall_allows_node(node, FIREWALL_OR_CONNECTION, 0)) if (!reachable_addr_allows_node(node, FIREWALL_OR_CONNECTION, 0))
return 0; return 0;
if (node_is_a_configured_bridge(node)) if (node_is_a_configured_bridge(node))
@ -1492,7 +1492,7 @@ bridge_passes_guard_filter(const or_options_t *options,
/* Ignore entrynodes */ /* Ignore entrynodes */
const tor_addr_port_t *addrport = bridge_get_addr_port(bridge); const tor_addr_port_t *addrport = bridge_get_addr_port(bridge);
if (!fascist_firewall_allows_address_addr(&addrport->addr, if (!reachable_addr_allows_addr(&addrport->addr,
addrport->port, addrport->port,
FIREWALL_OR_CONNECTION, FIREWALL_OR_CONNECTION,
0, 0)) 0, 0))

12
src/feature/dirclient/dirclient.c
View File

@ -284,10 +284,10 @@ directory_post_to_dirservers(uint8_t dir_purpose, uint8_t router_purpose,
} }
if (purpose_needs_anonymity(dir_purpose, router_purpose, NULL)) { if (purpose_needs_anonymity(dir_purpose, router_purpose, NULL)) {
indirection = DIRIND_ANONYMOUS; indirection = DIRIND_ANONYMOUS;
} else if (!fascist_firewall_allows_dir_server(ds, } else if (!reachable_addr_allows_dir_server(ds,
FIREWALL_DIR_CONNECTION, FIREWALL_DIR_CONNECTION,
0)) { 0)) {
if (fascist_firewall_allows_dir_server(ds, FIREWALL_OR_CONNECTION, 0)) if (reachable_addr_allows_dir_server(ds, FIREWALL_OR_CONNECTION, 0))
indirection = DIRIND_ONEHOP; indirection = DIRIND_ONEHOP;
else else
indirection = DIRIND_ANONYMOUS; indirection = DIRIND_ANONYMOUS;
@ -487,7 +487,7 @@ directory_get_from_dirserver,(
tor_addr_port_t or_ap; tor_addr_port_t or_ap;
directory_request_t *req = directory_request_new(dir_purpose); directory_request_t *req = directory_request_new(dir_purpose);
/* we are willing to use a non-preferred address if we need to */ /* we are willing to use a non-preferred address if we need to */
fascist_firewall_choose_address_node(node, FIREWALL_OR_CONNECTION, 0, reachable_addr_choose_from_node(node, FIREWALL_OR_CONNECTION, 0,
&or_ap); &or_ap);
directory_request_set_or_addr_port(req, &or_ap); directory_request_set_or_addr_port(req, &or_ap);
directory_request_set_directory_id_digest(req, directory_request_set_directory_id_digest(req,
@ -666,7 +666,7 @@ directory_choose_address_routerstatus(const routerstatus_t *status,
* Use the preferred address and port if they are reachable, otherwise, * Use the preferred address and port if they are reachable, otherwise,
* use the alternate address and port (if any). * use the alternate address and port (if any).
*/ */
fascist_firewall_choose_address_rs(status, FIREWALL_OR_CONNECTION, 0, reachable_addr_choose_from_rs(status, FIREWALL_OR_CONNECTION, 0,
use_or_ap); use_or_ap);
have_or = tor_addr_port_is_valid_ap(use_or_ap, 0); have_or = tor_addr_port_is_valid_ap(use_or_ap, 0);
} }
@ -677,7 +677,7 @@ directory_choose_address_routerstatus(const routerstatus_t *status,
indirection == DIRIND_ANON_DIRPORT || indirection == DIRIND_ANON_DIRPORT ||
(indirection == DIRIND_ONEHOP (indirection == DIRIND_ONEHOP
&& !dirclient_must_use_begindir(options))) { && !dirclient_must_use_begindir(options))) {
fascist_firewall_choose_address_rs(status, FIREWALL_DIR_CONNECTION, 0, reachable_addr_choose_from_rs(status, FIREWALL_DIR_CONNECTION, 0,
use_dir_ap); use_dir_ap);
have_dir = tor_addr_port_is_valid_ap(use_dir_ap, 0); have_dir = tor_addr_port_is_valid_ap(use_dir_ap, 0);
} }
@ -921,7 +921,7 @@ directory_command_should_use_begindir(const or_options_t *options,
} }
if (indirection == DIRIND_ONEHOP) { if (indirection == DIRIND_ONEHOP) {
/* We're firewalled and want a direct OR connection */ /* We're firewalled and want a direct OR connection */
if (!fascist_firewall_allows_address_addr(or_addr, or_port, if (!reachable_addr_allows_addr(or_addr, or_port,
FIREWALL_OR_CONNECTION, 0, 0)) { FIREWALL_OR_CONNECTION, 0, 0)) {
*reason = "ORPort not reachable"; *reason = "ORPort not reachable";
return 0; return 0;

4
src/feature/hs/hs_common.c
View File

@ -1744,7 +1744,7 @@ hs_get_extend_info_from_lspecs(const smartlist_t *lspecs,
switch (link_specifier_get_ls_type(ls)) { switch (link_specifier_get_ls_type(ls)) {
case LS_IPV4: case LS_IPV4:
/* Skip if we already seen a v4. If direct_conn is true, we skip this /* Skip if we already seen a v4. If direct_conn is true, we skip this
* block because fascist_firewall_choose_address_ls() will set ap. If * block because reachable_addr_choose_from_ls() will set ap. If
* direct_conn is false, set ap to the first IPv4 address and port in * direct_conn is false, set ap to the first IPv4 address and port in
* the link specifiers.*/ * the link specifiers.*/
if (have_v4 || direct_conn) continue; if (have_v4 || direct_conn) continue;
@ -1776,7 +1776,7 @@ hs_get_extend_info_from_lspecs(const smartlist_t *lspecs,
/* Choose a preferred address first, but fall back to an allowed address. */ /* Choose a preferred address first, but fall back to an allowed address. */
if (direct_conn) if (direct_conn)
fascist_firewall_choose_address_ls(lspecs, 0, &ap); reachable_addr_choose_from_ls(lspecs, 0, &ap);
/* Legacy ID is mandatory, and we require an IP address. */ /* Legacy ID is mandatory, and we require an IP address. */
if (!tor_addr_port_is_valid_ap(&ap, 0)) { if (!tor_addr_port_is_valid_ap(&ap, 0)) {

2
src/feature/nodelist/authcert.c
View File

@ -808,7 +808,7 @@ authority_certs_fetch_resource_impl(const char *resource,
/* clients always make OR connections to bridges */ /* clients always make OR connections to bridges */
tor_addr_port_t or_ap; tor_addr_port_t or_ap;
/* we are willing to use a non-preferred address if we need to */ /* we are willing to use a non-preferred address if we need to */
fascist_firewall_choose_address_node(node, FIREWALL_OR_CONNECTION, 0, reachable_addr_choose_from_node(node, FIREWALL_OR_CONNECTION, 0,
&or_ap); &or_ap);
req = directory_request_new(DIR_PURPOSE_FETCH_CERTIFICATE); req = directory_request_new(DIR_PURPOSE_FETCH_CERTIFICATE);

14
src/feature/nodelist/node_select.c
View File

@ -141,7 +141,7 @@ router_pick_dirserver_generic(smartlist_t *sourcelist,
#define RETRY_ALTERNATE_IP_VERSION(retry_label) \ #define RETRY_ALTERNATE_IP_VERSION(retry_label) \
STMT_BEGIN \ STMT_BEGIN \
if (result == NULL && try_ip_pref && options->ClientUseIPv4 \ if (result == NULL && try_ip_pref && options->ClientUseIPv4 \
&& fascist_firewall_use_ipv6(options) && !server_mode(options) \ && reachable_addr_use_ipv6(options) && !server_mode(options) \
&& !n_busy) { \ && !n_busy) { \
n_excluded = 0; \ n_excluded = 0; \
n_busy = 0; \ n_busy = 0; \
@ -212,8 +212,8 @@ router_picked_poor_directory_log(const routerstatus_t *rs)
log_debug(LD_DIR, "Wanted to make an outgoing directory connection, but " log_debug(LD_DIR, "Wanted to make an outgoing directory connection, but "
"we couldn't find a directory that fit our criteria. " "we couldn't find a directory that fit our criteria. "
"Perhaps we will succeed next time with less strict criteria."); "Perhaps we will succeed next time with less strict criteria.");
} else if (!fascist_firewall_allows_rs(rs, FIREWALL_OR_CONNECTION, 1) } else if (!reachable_addr_allows_rs(rs, FIREWALL_OR_CONNECTION, 1)
&& !fascist_firewall_allows_rs(rs, FIREWALL_DIR_CONNECTION, 1) && !reachable_addr_allows_rs(rs, FIREWALL_DIR_CONNECTION, 1)
) { ) {
/* This is rare, and might be interesting to users trying to diagnose /* This is rare, and might be interesting to users trying to diagnose
* connection issues on dual-stack machines. */ * connection issues on dual-stack machines. */
@ -374,12 +374,12 @@ router_pick_directory_server_impl(dirinfo_type_t type, int flags,
* we try routers that only have one address both times.) * we try routers that only have one address both times.)
*/ */
if (!fascistfirewall || skip_or_fw || if (!fascistfirewall || skip_or_fw ||
fascist_firewall_allows_node(node, FIREWALL_OR_CONNECTION, reachable_addr_allows_node(node, FIREWALL_OR_CONNECTION,
try_ip_pref)) try_ip_pref))
smartlist_add(is_trusted ? trusted_tunnel : smartlist_add(is_trusted ? trusted_tunnel :
is_overloaded ? overloaded_tunnel : tunnel, (void*)node); is_overloaded ? overloaded_tunnel : tunnel, (void*)node);
else if (!must_have_or && (skip_dir_fw || else if (!must_have_or && (skip_dir_fw ||
fascist_firewall_allows_node(node, FIREWALL_DIR_CONNECTION, reachable_addr_allows_node(node, FIREWALL_DIR_CONNECTION,
try_ip_pref))) try_ip_pref)))
smartlist_add(is_trusted ? trusted_direct : smartlist_add(is_trusted ? trusted_direct :
is_overloaded ? overloaded_direct : direct, (void*)node); is_overloaded ? overloaded_direct : direct, (void*)node);
@ -1162,11 +1162,11 @@ router_pick_trusteddirserver_impl(const smartlist_t *sourcelist,
* we try routers that only have one address both times.) * we try routers that only have one address both times.)
*/ */
if (!fascistfirewall || skip_or_fw || if (!fascistfirewall || skip_or_fw ||
fascist_firewall_allows_dir_server(d, FIREWALL_OR_CONNECTION, reachable_addr_allows_dir_server(d, FIREWALL_OR_CONNECTION,
try_ip_pref)) try_ip_pref))
smartlist_add(is_overloaded ? overloaded_tunnel : tunnel, (void*)d); smartlist_add(is_overloaded ? overloaded_tunnel : tunnel, (void*)d);
else if (!must_have_or && (skip_dir_fw || else if (!must_have_or && (skip_dir_fw ||
fascist_firewall_allows_dir_server(d, FIREWALL_DIR_CONNECTION, reachable_addr_allows_dir_server(d, FIREWALL_DIR_CONNECTION,
try_ip_pref))) try_ip_pref)))
smartlist_add(is_overloaded ? overloaded_direct : direct, (void*)d); smartlist_add(is_overloaded ? overloaded_direct : direct, (void*)d);
} }

16
src/feature/nodelist/nodelist.c
View File

@ -666,7 +666,7 @@ nodelist_set_consensus(const networkstatus_t *ns)
node->is_bad_exit = rs->is_bad_exit; node->is_bad_exit = rs->is_bad_exit;
node->is_hs_dir = rs->is_hs_dir; node->is_hs_dir = rs->is_hs_dir;
node->ipv6_preferred = 0; node->ipv6_preferred = 0;
if (fascist_firewall_prefer_ipv6_orport(options) && if (reachable_addr_prefer_ipv6_orport(options) &&
(tor_addr_is_null(&rs->ipv6_addr) == 0 || (tor_addr_is_null(&rs->ipv6_addr) == 0 ||
(node->md && tor_addr_is_null(&node->md->ipv6_addr) == 0))) (node->md && tor_addr_is_null(&node->md->ipv6_addr) == 0)))
node->ipv6_preferred = 1; node->ipv6_preferred = 1;
@ -1704,7 +1704,7 @@ node_has_ipv6_dirport(const node_t *node)
* ii) the router has no IPv4 OR address. * ii) the router has no IPv4 OR address.
* *
* If you don't have a node, consider looking it up. * If you don't have a node, consider looking it up.
* If there is no node, use fascist_firewall_prefer_ipv6_orport(). * If there is no node, use reachable_addr_prefer_ipv6_orport().
*/ */
int int
node_ipv6_or_preferred(const node_t *node) node_ipv6_or_preferred(const node_t *node)
@ -1714,10 +1714,10 @@ node_ipv6_or_preferred(const node_t *node)
node_assert_ok(node); node_assert_ok(node);
/* XX/teor - node->ipv6_preferred is set from /* XX/teor - node->ipv6_preferred is set from
* fascist_firewall_prefer_ipv6_orport() each time the consensus is loaded. * reachable_addr_prefer_ipv6_orport() each time the consensus is loaded.
*/ */
node_get_prim_orport(node, &ipv4_addr); node_get_prim_orport(node, &ipv4_addr);
if (!fascist_firewall_use_ipv6(options)) { if (!reachable_addr_use_ipv6(options)) {
return 0; return 0;
} else if (node->ipv6_preferred || } else if (node->ipv6_preferred ||
!tor_addr_port_is_valid_ap(&ipv4_addr, 0)) { !tor_addr_port_is_valid_ap(&ipv4_addr, 0)) {
@ -1812,7 +1812,7 @@ node_get_pref_ipv6_orport(const node_t *node, tor_addr_port_t *ap_out)
* or * or
* ii) our preference is for IPv6 Dir addresses. * ii) our preference is for IPv6 Dir addresses.
* *
* If there is no node, use fascist_firewall_prefer_ipv6_dirport(). * If there is no node, use reachable_addr_prefer_ipv6_dirport().
*/ */
int int
node_ipv6_dir_preferred(const node_t *node) node_ipv6_dir_preferred(const node_t *node)
@ -1821,15 +1821,15 @@ node_ipv6_dir_preferred(const node_t *node)
tor_addr_port_t ipv4_addr; tor_addr_port_t ipv4_addr;
node_assert_ok(node); node_assert_ok(node);
/* node->ipv6_preferred is set from fascist_firewall_prefer_ipv6_orport(), /* node->ipv6_preferred is set from reachable_addr_prefer_ipv6_orport(),
* so we can't use it to determine DirPort IPv6 preference. * so we can't use it to determine DirPort IPv6 preference.
* This means that bridge clients will use IPv4 DirPorts by default. * This means that bridge clients will use IPv4 DirPorts by default.
*/ */
node_get_prim_dirport(node, &ipv4_addr); node_get_prim_dirport(node, &ipv4_addr);
if (!fascist_firewall_use_ipv6(options)) { if (!reachable_addr_use_ipv6(options)) {
return 0; return 0;
} else if (!tor_addr_port_is_valid_ap(&ipv4_addr, 0) } else if (!tor_addr_port_is_valid_ap(&ipv4_addr, 0)
|| fascist_firewall_prefer_ipv6_dirport(get_options())) { || reachable_addr_prefer_ipv6_dirport(get_options())) {
return node_has_ipv6_dirport(node); return node_has_ipv6_dirport(node);
} }
return 0; return 0;

4
src/feature/nodelist/routerlist.c
View File

@ -539,7 +539,7 @@ routers_have_same_or_addrs(const routerinfo_t *r1, const routerinfo_t *r2)
* - <b>CRN_DIRECT_CONN</b>: is suitable for direct connections. Checks * - <b>CRN_DIRECT_CONN</b>: is suitable for direct connections. Checks
* for the relevant descriptors. Checks the address * for the relevant descriptors. Checks the address
* against ReachableAddresses, ClientUseIPv4 0, and * against ReachableAddresses, ClientUseIPv4 0, and
* fascist_firewall_use_ipv6() == 0); * reachable_addr_use_ipv6() == 0);
* - <b>CRN_PREF_ADDR</b>: if we are connecting directly to the node, it has * - <b>CRN_PREF_ADDR</b>: if we are connecting directly to the node, it has
* an address that is preferred by the * an address that is preferred by the
* ClientPreferIPv6ORPort setting; * ClientPreferIPv6ORPort setting;
@ -594,7 +594,7 @@ router_can_choose_node(const node_t *node, int flags)
return false; return false;
/* Choose a node with an OR address that matches the firewall rules */ /* Choose a node with an OR address that matches the firewall rules */
if (direct_conn && check_reach && if (direct_conn && check_reach &&
!fascist_firewall_allows_node(node, !reachable_addr_allows_node(node,
FIREWALL_OR_CONNECTION, FIREWALL_OR_CONNECTION,
pref_addr)) pref_addr))
return false; return false;

6
src/feature/rend/rendservice.c
View File

@ -1849,13 +1849,13 @@ rend_service_use_direct_connection(const or_options_t* options,
const extend_info_t* ei) const extend_info_t* ei)
{ {
/* We'll connect directly all reachable addresses, whether preferred or not. /* We'll connect directly all reachable addresses, whether preferred or not.
* The prefer_ipv6 argument to fascist_firewall_allows_address_addr is * The prefer_ipv6 argument to reachable_addr_allows_addr is
* ignored, because pref_only is 0. */ * ignored, because pref_only is 0. */
const tor_addr_port_t *ap = extend_info_get_orport(ei, AF_INET); const tor_addr_port_t *ap = extend_info_get_orport(ei, AF_INET);
if (!ap) if (!ap)
return 0; return 0;
return (rend_service_allow_non_anonymous_connection(options) && return (rend_service_allow_non_anonymous_connection(options) &&
fascist_firewall_allows_address_addr(&ap->addr, ap->port, reachable_addr_allows_addr(&ap->addr, ap->port,
FIREWALL_OR_CONNECTION, 0, 0)); FIREWALL_OR_CONNECTION, 0, 0));
} }
@ -1867,7 +1867,7 @@ rend_service_use_direct_connection_node(const or_options_t* options,
/* We'll connect directly all reachable addresses, whether preferred or not. /* We'll connect directly all reachable addresses, whether preferred or not.
*/ */
return (rend_service_allow_non_anonymous_connection(options) && return (rend_service_allow_non_anonymous_connection(options) &&
fascist_firewall_allows_node(node, FIREWALL_OR_CONNECTION, 0)); reachable_addr_allows_node(node, FIREWALL_OR_CONNECTION, 0));
} }
/****** /******

2
src/test/test_entrynodes.c
View File

@ -322,7 +322,7 @@ test_node_preferred_orport(void *arg)
* ClientUseIPv4 is 0 */ * ClientUseIPv4 is 0 */
mocked_options->ClientUseIPv4 = 0; mocked_options->ClientUseIPv4 = 0;
mocked_options->ClientUseIPv6 = 1; mocked_options->ClientUseIPv6 = 1;
node.ipv6_preferred = fascist_firewall_prefer_ipv6_orport(mocked_options); node.ipv6_preferred = reachable_addr_prefer_ipv6_orport(mocked_options);
node_get_pref_orport(&node, &ap); node_get_pref_orport(&node, &ap);
tt_assert(tor_addr_eq(&ap.addr, &ipv6_addr)); tt_assert(tor_addr_eq(&ap.addr, &ipv6_addr));
tt_assert(ap.port == ipv6_port); tt_assert(ap.port == ipv6_port);

190
src/test/test_policy.c
View File

@ -1753,7 +1753,7 @@ test_policies_getinfo_helper_policies(void *arg)
#define OTHER_IPV4_ADDR_STR "6.7.8.9" #define OTHER_IPV4_ADDR_STR "6.7.8.9"
#define OTHER_IPV6_ADDR_STR "[afff::]" #define OTHER_IPV6_ADDR_STR "[afff::]"
/** Run unit tests for fascist_firewall_allows_address */ /** Run unit tests for reachable_addr_allows */
static void static void
test_policies_fascist_firewall_allows_address(void *arg) test_policies_fascist_firewall_allows_address(void *arg)
{ {
@ -1822,33 +1822,33 @@ test_policies_fascist_firewall_allows_address(void *arg)
mock_options.ClientUseIPv6 = 1; mock_options.ClientUseIPv6 = 1;
mock_options.UseBridges = 0; mock_options.UseBridges = 0;
tt_int_op(fascist_firewall_allows_address(&ipv4_addr, port, policy, 0, 0), tt_int_op(reachable_addr_allows(&ipv4_addr, port, policy, 0, 0),
OP_EQ, 1); OP_EQ, 1);
tt_int_op(fascist_firewall_allows_address(&ipv6_addr, port, policy, 0, 0), tt_int_op(reachable_addr_allows(&ipv6_addr, port, policy, 0, 0),
OP_EQ, 1); OP_EQ, 1);
tt_int_op(fascist_firewall_allows_address(&r_ipv4_addr, port, policy, 0, 0), tt_int_op(reachable_addr_allows(&r_ipv4_addr, port, policy, 0, 0),
OP_EQ, 0); OP_EQ, 0);
tt_int_op(fascist_firewall_allows_address(&r_ipv6_addr, port, policy, 0, 0), tt_int_op(reachable_addr_allows(&r_ipv6_addr, port, policy, 0, 0),
OP_EQ, 0); OP_EQ, 0);
/* Preferring IPv4 */ /* Preferring IPv4 */
tt_int_op(fascist_firewall_allows_address(&ipv4_addr, port, policy, 1, 0), tt_int_op(reachable_addr_allows(&ipv4_addr, port, policy, 1, 0),
OP_EQ, 1); OP_EQ, 1);
tt_int_op(fascist_firewall_allows_address(&ipv6_addr, port, policy, 1, 0), tt_int_op(reachable_addr_allows(&ipv6_addr, port, policy, 1, 0),
OP_EQ, 0); OP_EQ, 0);
tt_int_op(fascist_firewall_allows_address(&r_ipv4_addr, port, policy, 1, 0), tt_int_op(reachable_addr_allows(&r_ipv4_addr, port, policy, 1, 0),
OP_EQ, 0); OP_EQ, 0);
tt_int_op(fascist_firewall_allows_address(&r_ipv6_addr, port, policy, 1, 0), tt_int_op(reachable_addr_allows(&r_ipv6_addr, port, policy, 1, 0),
OP_EQ, 0); OP_EQ, 0);
/* Preferring IPv6 */ /* Preferring IPv6 */
tt_int_op(fascist_firewall_allows_address(&ipv4_addr, port, policy, 1, 1), tt_int_op(reachable_addr_allows(&ipv4_addr, port, policy, 1, 1),
OP_EQ, 0); OP_EQ, 0);
tt_int_op(fascist_firewall_allows_address(&ipv6_addr, port, policy, 1, 1), tt_int_op(reachable_addr_allows(&ipv6_addr, port, policy, 1, 1),
OP_EQ, 1); OP_EQ, 1);
tt_int_op(fascist_firewall_allows_address(&r_ipv4_addr, port, policy, 1, 1), tt_int_op(reachable_addr_allows(&r_ipv4_addr, port, policy, 1, 1),
OP_EQ, 0); OP_EQ, 0);
tt_int_op(fascist_firewall_allows_address(&r_ipv6_addr, port, policy, 1, 1), tt_int_op(reachable_addr_allows(&r_ipv6_addr, port, policy, 1, 1),
OP_EQ, 0); OP_EQ, 0);
/* Test the function's address matching with UseBridges on */ /* Test the function's address matching with UseBridges on */
@ -1857,45 +1857,45 @@ test_policies_fascist_firewall_allows_address(void *arg)
mock_options.ClientUseIPv6 = 1; mock_options.ClientUseIPv6 = 1;
mock_options.UseBridges = 1; mock_options.UseBridges = 1;
tt_int_op(fascist_firewall_allows_address(&ipv4_addr, port, policy, 0, 0), tt_int_op(reachable_addr_allows(&ipv4_addr, port, policy, 0, 0),
OP_EQ, 1); OP_EQ, 1);
tt_int_op(fascist_firewall_allows_address(&ipv6_addr, port, policy, 0, 0), tt_int_op(reachable_addr_allows(&ipv6_addr, port, policy, 0, 0),
OP_EQ, 1); OP_EQ, 1);
tt_int_op(fascist_firewall_allows_address(&r_ipv4_addr, port, policy, 0, 0), tt_int_op(reachable_addr_allows(&r_ipv4_addr, port, policy, 0, 0),
OP_EQ, 0); OP_EQ, 0);
tt_int_op(fascist_firewall_allows_address(&r_ipv6_addr, port, policy, 0, 0), tt_int_op(reachable_addr_allows(&r_ipv6_addr, port, policy, 0, 0),
OP_EQ, 0); OP_EQ, 0);
/* Preferring IPv4 */ /* Preferring IPv4 */
tt_int_op(fascist_firewall_allows_address(&ipv4_addr, port, policy, 1, 0), tt_int_op(reachable_addr_allows(&ipv4_addr, port, policy, 1, 0),
OP_EQ, 1); OP_EQ, 1);
tt_int_op(fascist_firewall_allows_address(&ipv6_addr, port, policy, 1, 0), tt_int_op(reachable_addr_allows(&ipv6_addr, port, policy, 1, 0),
OP_EQ, 0); OP_EQ, 0);
tt_int_op(fascist_firewall_allows_address(&r_ipv4_addr, port, policy, 1, 0), tt_int_op(reachable_addr_allows(&r_ipv4_addr, port, policy, 1, 0),
OP_EQ, 0); OP_EQ, 0);
tt_int_op(fascist_firewall_allows_address(&r_ipv6_addr, port, policy, 1, 0), tt_int_op(reachable_addr_allows(&r_ipv6_addr, port, policy, 1, 0),
OP_EQ, 0); OP_EQ, 0);
/* Preferring IPv6 */ /* Preferring IPv6 */
tt_int_op(fascist_firewall_allows_address(&ipv4_addr, port, policy, 1, 1), tt_int_op(reachable_addr_allows(&ipv4_addr, port, policy, 1, 1),
OP_EQ, 0); OP_EQ, 0);
tt_int_op(fascist_firewall_allows_address(&ipv6_addr, port, policy, 1, 1), tt_int_op(reachable_addr_allows(&ipv6_addr, port, policy, 1, 1),
OP_EQ, 1); OP_EQ, 1);
tt_int_op(fascist_firewall_allows_address(&r_ipv4_addr, port, policy, 1, 1), tt_int_op(reachable_addr_allows(&r_ipv4_addr, port, policy, 1, 1),
OP_EQ, 0); OP_EQ, 0);
tt_int_op(fascist_firewall_allows_address(&r_ipv6_addr, port, policy, 1, 1), tt_int_op(reachable_addr_allows(&r_ipv6_addr, port, policy, 1, 1),
OP_EQ, 0); OP_EQ, 0);
/* bridge clients always use IPv6, regardless of ClientUseIPv6 */ /* bridge clients always use IPv6, regardless of ClientUseIPv6 */
mock_options.ClientUseIPv4 = 1; mock_options.ClientUseIPv4 = 1;
mock_options.ClientUseIPv6 = 0; mock_options.ClientUseIPv6 = 0;
tt_int_op(fascist_firewall_allows_address(&ipv4_addr, port, policy, 0, 0), tt_int_op(reachable_addr_allows(&ipv4_addr, port, policy, 0, 0),
OP_EQ, 1); OP_EQ, 1);
tt_int_op(fascist_firewall_allows_address(&ipv6_addr, port, policy, 0, 0), tt_int_op(reachable_addr_allows(&ipv6_addr, port, policy, 0, 0),
OP_EQ, 1); OP_EQ, 1);
tt_int_op(fascist_firewall_allows_address(&r_ipv4_addr, port, policy, 0, 0), tt_int_op(reachable_addr_allows(&r_ipv4_addr, port, policy, 0, 0),
OP_EQ, 0); OP_EQ, 0);
tt_int_op(fascist_firewall_allows_address(&r_ipv6_addr, port, policy, 0, 0), tt_int_op(reachable_addr_allows(&r_ipv6_addr, port, policy, 0, 0),
OP_EQ, 0); OP_EQ, 0);
/* Test the function's address matching with IPv4 on */ /* Test the function's address matching with IPv4 on */
@ -1904,13 +1904,13 @@ test_policies_fascist_firewall_allows_address(void *arg)
mock_options.ClientUseIPv6 = 0; mock_options.ClientUseIPv6 = 0;
mock_options.UseBridges = 0; mock_options.UseBridges = 0;
tt_int_op(fascist_firewall_allows_address(&ipv4_addr, port, policy, 0, 0), tt_int_op(reachable_addr_allows(&ipv4_addr, port, policy, 0, 0),
OP_EQ, 1); OP_EQ, 1);
tt_int_op(fascist_firewall_allows_address(&ipv6_addr, port, policy, 0, 0), tt_int_op(reachable_addr_allows(&ipv6_addr, port, policy, 0, 0),
OP_EQ, 0); OP_EQ, 0);
tt_int_op(fascist_firewall_allows_address(&r_ipv4_addr, port, policy, 0, 0), tt_int_op(reachable_addr_allows(&r_ipv4_addr, port, policy, 0, 0),
OP_EQ, 0); OP_EQ, 0);
tt_int_op(fascist_firewall_allows_address(&r_ipv6_addr, port, policy, 0, 0), tt_int_op(reachable_addr_allows(&r_ipv6_addr, port, policy, 0, 0),
OP_EQ, 0); OP_EQ, 0);
/* Test the function's address matching with IPv6 on */ /* Test the function's address matching with IPv6 on */
@ -1919,13 +1919,13 @@ test_policies_fascist_firewall_allows_address(void *arg)
mock_options.ClientUseIPv6 = 1; mock_options.ClientUseIPv6 = 1;
mock_options.UseBridges = 0; mock_options.UseBridges = 0;
tt_int_op(fascist_firewall_allows_address(&ipv4_addr, port, policy, 0, 0), tt_int_op(reachable_addr_allows(&ipv4_addr, port, policy, 0, 0),
OP_EQ, 0); OP_EQ, 0);
tt_int_op(fascist_firewall_allows_address(&ipv6_addr, port, policy, 0, 0), tt_int_op(reachable_addr_allows(&ipv6_addr, port, policy, 0, 0),
OP_EQ, 1); OP_EQ, 1);
tt_int_op(fascist_firewall_allows_address(&r_ipv4_addr, port, policy, 0, 0), tt_int_op(reachable_addr_allows(&r_ipv4_addr, port, policy, 0, 0),
OP_EQ, 0); OP_EQ, 0);
tt_int_op(fascist_firewall_allows_address(&r_ipv6_addr, port, policy, 0, 0), tt_int_op(reachable_addr_allows(&r_ipv6_addr, port, policy, 0, 0),
OP_EQ, 0); OP_EQ, 0);
/* Test the function's address matching with ClientUseIPv4 0. /* Test the function's address matching with ClientUseIPv4 0.
@ -1935,13 +1935,13 @@ test_policies_fascist_firewall_allows_address(void *arg)
mock_options.ClientUseIPv6 = 0; mock_options.ClientUseIPv6 = 0;
mock_options.UseBridges = 0; mock_options.UseBridges = 0;
tt_int_op(fascist_firewall_allows_address(&ipv4_addr, port, policy, 0, 0), tt_int_op(reachable_addr_allows(&ipv4_addr, port, policy, 0, 0),
OP_EQ, 0); OP_EQ, 0);
tt_int_op(fascist_firewall_allows_address(&ipv6_addr, port, policy, 0, 0), tt_int_op(reachable_addr_allows(&ipv6_addr, port, policy, 0, 0),
OP_EQ, 1); OP_EQ, 1);
tt_int_op(fascist_firewall_allows_address(&r_ipv4_addr, port, policy, 0, 0), tt_int_op(reachable_addr_allows(&r_ipv4_addr, port, policy, 0, 0),
OP_EQ, 0); OP_EQ, 0);
tt_int_op(fascist_firewall_allows_address(&r_ipv6_addr, port, policy, 0, 0), tt_int_op(reachable_addr_allows(&r_ipv6_addr, port, policy, 0, 0),
OP_EQ, 0); OP_EQ, 0);
/* Test the function's address matching for unusual inputs */ /* Test the function's address matching for unusual inputs */
@ -1951,27 +1951,27 @@ test_policies_fascist_firewall_allows_address(void *arg)
mock_options.UseBridges = 1; mock_options.UseBridges = 1;
/* NULL and tor_addr_is_null addresses are rejected */ /* NULL and tor_addr_is_null addresses are rejected */
tt_int_op(fascist_firewall_allows_address(NULL, port, policy, 0, 0), OP_EQ, tt_int_op(reachable_addr_allows(NULL, port, policy, 0, 0), OP_EQ,
0); 0);
tt_int_op(fascist_firewall_allows_address(&n_ipv4_addr, port, policy, 0, 0), tt_int_op(reachable_addr_allows(&n_ipv4_addr, port, policy, 0, 0),
OP_EQ, 0); OP_EQ, 0);
tt_int_op(fascist_firewall_allows_address(&n_ipv6_addr, port, policy, 0, 0), tt_int_op(reachable_addr_allows(&n_ipv6_addr, port, policy, 0, 0),
OP_EQ, 0); OP_EQ, 0);
/* zero ports are rejected */ /* zero ports are rejected */
tt_int_op(fascist_firewall_allows_address(&ipv4_addr, 0, policy, 0, 0), tt_int_op(reachable_addr_allows(&ipv4_addr, 0, policy, 0, 0),
OP_EQ, 0); OP_EQ, 0);
tt_int_op(fascist_firewall_allows_address(&ipv6_addr, 0, policy, 0, 0), tt_int_op(reachable_addr_allows(&ipv6_addr, 0, policy, 0, 0),
OP_EQ, 0); OP_EQ, 0);
/* NULL and empty policies accept everything */ /* NULL and empty policies accept everything */
tt_int_op(fascist_firewall_allows_address(&ipv4_addr, port, NULL, 0, 0), tt_int_op(reachable_addr_allows(&ipv4_addr, port, NULL, 0, 0),
OP_EQ, 1); OP_EQ, 1);
tt_int_op(fascist_firewall_allows_address(&ipv6_addr, port, NULL, 0, 0), tt_int_op(reachable_addr_allows(&ipv6_addr, port, NULL, 0, 0),
OP_EQ, 1); OP_EQ, 1);
tt_int_op(fascist_firewall_allows_address(&ipv4_addr, port, e_policy, 0, 0), tt_int_op(reachable_addr_allows(&ipv4_addr, port, e_policy, 0, 0),
OP_EQ, 1); OP_EQ, 1);
tt_int_op(fascist_firewall_allows_address(&ipv6_addr, port, e_policy, 0, 0), tt_int_op(reachable_addr_allows(&ipv6_addr, port, e_policy, 0, 0),
OP_EQ, 1); OP_EQ, 1);
done: done:
@ -1991,7 +1991,7 @@ test_policies_fascist_firewall_allows_address(void *arg)
#define TEST_IPV6_OR_PORT 61234 #define TEST_IPV6_OR_PORT 61234
#define TEST_IPV6_DIR_PORT 62345 #define TEST_IPV6_DIR_PORT 62345
/* Check that fascist_firewall_choose_address_rs() returns the expected /* Check that reachable_addr_choose_from_rs() returns the expected
* results. */ * results. */
#define CHECK_CHOSEN_ADDR_RS(fake_rs, fw_connection, pref_only, expect_rv, \ #define CHECK_CHOSEN_ADDR_RS(fake_rs, fw_connection, pref_only, expect_rv, \
expect_ap) \ expect_ap) \
@ -1999,13 +1999,13 @@ test_policies_fascist_firewall_allows_address(void *arg)
tor_addr_port_t chosen_rs_ap; \ tor_addr_port_t chosen_rs_ap; \
tor_addr_make_null(&chosen_rs_ap.addr, AF_INET); \ tor_addr_make_null(&chosen_rs_ap.addr, AF_INET); \
chosen_rs_ap.port = 0; \ chosen_rs_ap.port = 0; \
fascist_firewall_choose_address_rs(&(fake_rs), (fw_connection), \ reachable_addr_choose_from_rs(&(fake_rs), (fw_connection), \
(pref_only), &chosen_rs_ap); \ (pref_only), &chosen_rs_ap); \
tt_assert(tor_addr_eq(&(expect_ap).addr, &chosen_rs_ap.addr)); \ tt_assert(tor_addr_eq(&(expect_ap).addr, &chosen_rs_ap.addr)); \
tt_int_op((expect_ap).port, OP_EQ, chosen_rs_ap.port); \ tt_int_op((expect_ap).port, OP_EQ, chosen_rs_ap.port); \
STMT_END STMT_END
/* Check that fascist_firewall_choose_address_node() returns the expected /* Check that reachable_addr_choose_from_node() returns the expected
* results. */ * results. */
#define CHECK_CHOSEN_ADDR_NODE(fake_node, fw_connection, pref_only, \ #define CHECK_CHOSEN_ADDR_NODE(fake_node, fw_connection, pref_only, \
expect_rv, expect_ap) \ expect_rv, expect_ap) \
@ -2013,14 +2013,14 @@ test_policies_fascist_firewall_allows_address(void *arg)
tor_addr_port_t chosen_node_ap; \ tor_addr_port_t chosen_node_ap; \
tor_addr_make_null(&chosen_node_ap.addr, AF_INET); \ tor_addr_make_null(&chosen_node_ap.addr, AF_INET); \
chosen_node_ap.port = 0; \ chosen_node_ap.port = 0; \
fascist_firewall_choose_address_node(&(fake_node),(fw_connection), \ reachable_addr_choose_from_node(&(fake_node),(fw_connection), \
(pref_only), &chosen_node_ap); \ (pref_only), &chosen_node_ap); \
tt_assert(tor_addr_eq(&(expect_ap).addr, &chosen_node_ap.addr)); \ tt_assert(tor_addr_eq(&(expect_ap).addr, &chosen_node_ap.addr)); \
tt_int_op((expect_ap).port, OP_EQ, chosen_node_ap.port); \ tt_int_op((expect_ap).port, OP_EQ, chosen_node_ap.port); \
STMT_END STMT_END
/* Check that fascist_firewall_choose_address_rs and /* Check that reachable_addr_choose_from_rs and
* fascist_firewall_choose_address_node() both return the expected results. */ * reachable_addr_choose_from_node() both return the expected results. */
#define CHECK_CHOSEN_ADDR_RN(fake_rs, fake_node, fw_connection, pref_only, \ #define CHECK_CHOSEN_ADDR_RN(fake_rs, fake_node, fw_connection, pref_only, \
expect_rv, expect_ap) \ expect_rv, expect_ap) \
STMT_BEGIN \ STMT_BEGIN \
@ -2030,7 +2030,7 @@ test_policies_fascist_firewall_allows_address(void *arg)
expect_ap); \ expect_ap); \
STMT_END STMT_END
/* Check that fascist_firewall_choose_address_ls() returns the expected /* Check that reachable_addr_choose_from_ls() returns the expected
* results. */ * results. */
#define CHECK_CHOSEN_ADDR_NULL_LS() \ #define CHECK_CHOSEN_ADDR_NULL_LS() \
STMT_BEGIN \ STMT_BEGIN \
@ -2038,7 +2038,7 @@ test_policies_fascist_firewall_allows_address(void *arg)
tor_addr_make_null(&chosen_ls_ap.addr, AF_UNSPEC); \ tor_addr_make_null(&chosen_ls_ap.addr, AF_UNSPEC); \
chosen_ls_ap.port = 0; \ chosen_ls_ap.port = 0; \
setup_full_capture_of_logs(LOG_WARN); \ setup_full_capture_of_logs(LOG_WARN); \
fascist_firewall_choose_address_ls(NULL, 1, &chosen_ls_ap); \ reachable_addr_choose_from_ls(NULL, 1, &chosen_ls_ap); \
expect_single_log_msg("Unknown or missing link specifiers"); \ expect_single_log_msg("Unknown or missing link specifiers"); \
teardown_capture_of_logs(); \ teardown_capture_of_logs(); \
STMT_END STMT_END
@ -2049,7 +2049,7 @@ test_policies_fascist_firewall_allows_address(void *arg)
tor_addr_make_null(&chosen_ls_ap.addr, AF_UNSPEC); \ tor_addr_make_null(&chosen_ls_ap.addr, AF_UNSPEC); \
chosen_ls_ap.port = 0; \ chosen_ls_ap.port = 0; \
setup_full_capture_of_logs(LOG_WARN); \ setup_full_capture_of_logs(LOG_WARN); \
fascist_firewall_choose_address_ls(fake_ls, pref_only, &chosen_ls_ap); \ reachable_addr_choose_from_ls(fake_ls, pref_only, &chosen_ls_ap); \
if (smartlist_len(fake_ls) == 0) { \ if (smartlist_len(fake_ls) == 0) { \
expect_single_log_msg("Link specifiers are empty"); \ expect_single_log_msg("Link specifiers are empty"); \
} else { \ } else { \
@ -2066,7 +2066,7 @@ test_policies_fascist_firewall_allows_address(void *arg)
tor_addr_make_null(&chosen_ls_ap.addr, AF_UNSPEC); \ tor_addr_make_null(&chosen_ls_ap.addr, AF_UNSPEC); \
chosen_ls_ap.port = 0; \ chosen_ls_ap.port = 0; \
setup_full_capture_of_logs(LOG_WARN); \ setup_full_capture_of_logs(LOG_WARN); \
fascist_firewall_choose_address_ls(fake_ls, 0, &chosen_ls_ap); \ reachable_addr_choose_from_ls(fake_ls, 0, &chosen_ls_ap); \
expect_single_log_msg("None of our link specifiers have IPv4 or IPv6"); \ expect_single_log_msg("None of our link specifiers have IPv4 or IPv6"); \
teardown_capture_of_logs(); \ teardown_capture_of_logs(); \
STMT_END STMT_END
@ -2125,7 +2125,7 @@ test_policies_fascist_firewall_allows_address(void *arg)
teardown_capture_of_logs(); \ teardown_capture_of_logs(); \
STMT_END STMT_END
/** Run unit tests for fascist_firewall_choose_address */ /** Run unit tests for reachable_addr_choose */
static void static void
test_policies_fascist_firewall_choose_address(void *arg) test_policies_fascist_firewall_choose_address(void *arg)
{ {
@ -2153,87 +2153,87 @@ test_policies_fascist_firewall_choose_address(void *arg)
tor_addr_make_null(&n_ipv6_ap.addr, AF_INET6); tor_addr_make_null(&n_ipv6_ap.addr, AF_INET6);
n_ipv6_ap.port = 0; n_ipv6_ap.port = 0;
/* Sanity check fascist_firewall_choose_address with IPv4 and IPv6 on */ /* Sanity check reachable_addr_choose with IPv4 and IPv6 on */
memset(&mock_options, 0, sizeof(or_options_t)); memset(&mock_options, 0, sizeof(or_options_t));
mock_options.ClientUseIPv4 = 1; mock_options.ClientUseIPv4 = 1;
mock_options.ClientUseIPv6 = 1; mock_options.ClientUseIPv6 = 1;
mock_options.UseBridges = 0; mock_options.UseBridges = 0;
/* Prefer IPv4 */ /* Prefer IPv4 */
tt_assert(fascist_firewall_choose_address(&ipv4_or_ap, &ipv6_or_ap, 1, tt_assert(reachable_addr_choose(&ipv4_or_ap, &ipv6_or_ap, 1,
FIREWALL_OR_CONNECTION, 0, 0) FIREWALL_OR_CONNECTION, 0, 0)
== &ipv4_or_ap); == &ipv4_or_ap);
tt_assert(fascist_firewall_choose_address(&ipv4_or_ap, &ipv6_or_ap, 1, tt_assert(reachable_addr_choose(&ipv4_or_ap, &ipv6_or_ap, 1,
FIREWALL_OR_CONNECTION, 1, 0) FIREWALL_OR_CONNECTION, 1, 0)
== &ipv4_or_ap); == &ipv4_or_ap);
tt_assert(fascist_firewall_choose_address(&ipv4_dir_ap, &ipv6_dir_ap, 1, tt_assert(reachable_addr_choose(&ipv4_dir_ap, &ipv6_dir_ap, 1,
FIREWALL_DIR_CONNECTION, 0, 0) FIREWALL_DIR_CONNECTION, 0, 0)
== &ipv4_dir_ap); == &ipv4_dir_ap);
tt_assert(fascist_firewall_choose_address(&ipv4_dir_ap, &ipv6_dir_ap, 1, tt_assert(reachable_addr_choose(&ipv4_dir_ap, &ipv6_dir_ap, 1,
FIREWALL_DIR_CONNECTION, 1, 0) FIREWALL_DIR_CONNECTION, 1, 0)
== &ipv4_dir_ap); == &ipv4_dir_ap);
/* Prefer IPv6 */ /* Prefer IPv6 */
tt_assert(fascist_firewall_choose_address(&ipv4_or_ap, &ipv6_or_ap, 0, tt_assert(reachable_addr_choose(&ipv4_or_ap, &ipv6_or_ap, 0,
FIREWALL_OR_CONNECTION, 0, 1) FIREWALL_OR_CONNECTION, 0, 1)
== &ipv6_or_ap); == &ipv6_or_ap);
tt_assert(fascist_firewall_choose_address(&ipv4_or_ap, &ipv6_or_ap, 0, tt_assert(reachable_addr_choose(&ipv4_or_ap, &ipv6_or_ap, 0,
FIREWALL_OR_CONNECTION, 1, 1) FIREWALL_OR_CONNECTION, 1, 1)
== &ipv6_or_ap); == &ipv6_or_ap);
tt_assert(fascist_firewall_choose_address(&ipv4_dir_ap, &ipv6_dir_ap, 0, tt_assert(reachable_addr_choose(&ipv4_dir_ap, &ipv6_dir_ap, 0,
FIREWALL_DIR_CONNECTION, 0, 1) FIREWALL_DIR_CONNECTION, 0, 1)
== &ipv6_dir_ap); == &ipv6_dir_ap);
tt_assert(fascist_firewall_choose_address(&ipv4_dir_ap, &ipv6_dir_ap, 0, tt_assert(reachable_addr_choose(&ipv4_dir_ap, &ipv6_dir_ap, 0,
FIREWALL_DIR_CONNECTION, 1, 1) FIREWALL_DIR_CONNECTION, 1, 1)
== &ipv6_dir_ap); == &ipv6_dir_ap);
/* Unusual inputs */ /* Unusual inputs */
/* null preferred OR addresses */ /* null preferred OR addresses */
tt_assert(fascist_firewall_choose_address(&ipv4_or_ap, &n_ipv6_ap, 0, tt_assert(reachable_addr_choose(&ipv4_or_ap, &n_ipv6_ap, 0,
FIREWALL_OR_CONNECTION, 0, 1) FIREWALL_OR_CONNECTION, 0, 1)
== &ipv4_or_ap); == &ipv4_or_ap);
tt_assert(fascist_firewall_choose_address(&n_ipv4_ap, &ipv6_or_ap, 1, tt_assert(reachable_addr_choose(&n_ipv4_ap, &ipv6_or_ap, 1,
FIREWALL_OR_CONNECTION, 0, 0) FIREWALL_OR_CONNECTION, 0, 0)
== &ipv6_or_ap); == &ipv6_or_ap);
/* null both OR addresses */ /* null both OR addresses */
tt_ptr_op(fascist_firewall_choose_address(&n_ipv4_ap, &n_ipv6_ap, 0, tt_ptr_op(reachable_addr_choose(&n_ipv4_ap, &n_ipv6_ap, 0,
FIREWALL_OR_CONNECTION, 0, 1), FIREWALL_OR_CONNECTION, 0, 1),
OP_EQ, NULL); OP_EQ, NULL);
tt_ptr_op(fascist_firewall_choose_address(&n_ipv4_ap, &n_ipv6_ap, 1, tt_ptr_op(reachable_addr_choose(&n_ipv4_ap, &n_ipv6_ap, 1,
FIREWALL_OR_CONNECTION, 0, 0), FIREWALL_OR_CONNECTION, 0, 0),
OP_EQ, NULL); OP_EQ, NULL);
/* null preferred Dir addresses */ /* null preferred Dir addresses */
tt_assert(fascist_firewall_choose_address(&ipv4_dir_ap, &n_ipv6_ap, 0, tt_assert(reachable_addr_choose(&ipv4_dir_ap, &n_ipv6_ap, 0,
FIREWALL_DIR_CONNECTION, 0, 1) FIREWALL_DIR_CONNECTION, 0, 1)
== &ipv4_dir_ap); == &ipv4_dir_ap);
tt_assert(fascist_firewall_choose_address(&n_ipv4_ap, &ipv6_dir_ap, 1, tt_assert(reachable_addr_choose(&n_ipv4_ap, &ipv6_dir_ap, 1,
FIREWALL_DIR_CONNECTION, 0, 0) FIREWALL_DIR_CONNECTION, 0, 0)
== &ipv6_dir_ap); == &ipv6_dir_ap);
/* null both Dir addresses */ /* null both Dir addresses */
tt_ptr_op(fascist_firewall_choose_address(&n_ipv4_ap, &n_ipv6_ap, 0, tt_ptr_op(reachable_addr_choose(&n_ipv4_ap, &n_ipv6_ap, 0,
FIREWALL_DIR_CONNECTION, 0, 1), FIREWALL_DIR_CONNECTION, 0, 1),
OP_EQ, NULL); OP_EQ, NULL);
tt_ptr_op(fascist_firewall_choose_address(&n_ipv4_ap, &n_ipv6_ap, 1, tt_ptr_op(reachable_addr_choose(&n_ipv4_ap, &n_ipv6_ap, 1,
FIREWALL_DIR_CONNECTION, 0, 0), FIREWALL_DIR_CONNECTION, 0, 0),
OP_EQ, NULL); OP_EQ, NULL);
/* Prefer IPv4 but want IPv6 (contradictory) */ /* Prefer IPv4 but want IPv6 (contradictory) */
tt_assert(fascist_firewall_choose_address(&ipv4_or_ap, &ipv6_or_ap, 0, tt_assert(reachable_addr_choose(&ipv4_or_ap, &ipv6_or_ap, 0,
FIREWALL_OR_CONNECTION, 0, 0) FIREWALL_OR_CONNECTION, 0, 0)
== &ipv4_or_ap); == &ipv4_or_ap);
tt_assert(fascist_firewall_choose_address(&ipv4_or_ap, &ipv6_or_ap, 0, tt_assert(reachable_addr_choose(&ipv4_or_ap, &ipv6_or_ap, 0,
FIREWALL_OR_CONNECTION, 1, 0) FIREWALL_OR_CONNECTION, 1, 0)
== &ipv4_or_ap); == &ipv4_or_ap);
/* Prefer IPv6 but want IPv4 (contradictory) */ /* Prefer IPv6 but want IPv4 (contradictory) */
tt_assert(fascist_firewall_choose_address(&ipv4_or_ap, &ipv6_or_ap, 1, tt_assert(reachable_addr_choose(&ipv4_or_ap, &ipv6_or_ap, 1,
FIREWALL_OR_CONNECTION, 0, 1) FIREWALL_OR_CONNECTION, 0, 1)
== &ipv6_or_ap); == &ipv6_or_ap);
tt_assert(fascist_firewall_choose_address(&ipv4_or_ap, &ipv6_or_ap, 1, tt_assert(reachable_addr_choose(&ipv4_or_ap, &ipv6_or_ap, 1,
FIREWALL_OR_CONNECTION, 1, 1) FIREWALL_OR_CONNECTION, 1, 1)
== &ipv6_or_ap); == &ipv6_or_ap);
@ -2268,7 +2268,7 @@ test_policies_fascist_firewall_choose_address(void *arg)
mock_options.ClientPreferIPv6ORPort = 0; mock_options.ClientPreferIPv6ORPort = 0;
mock_options.ClientPreferIPv6DirPort = 0; mock_options.ClientPreferIPv6DirPort = 0;
/* Simulate the initialisation of fake_node.ipv6_preferred */ /* Simulate the initialisation of fake_node.ipv6_preferred */
fake_node.ipv6_preferred = fascist_firewall_prefer_ipv6_orport( fake_node.ipv6_preferred = reachable_addr_prefer_ipv6_orport(
&mock_options); &mock_options);
CHECK_CHOSEN_ADDR_RN(fake_rs, fake_node, FIREWALL_OR_CONNECTION, 0, 1, CHECK_CHOSEN_ADDR_RN(fake_rs, fake_node, FIREWALL_OR_CONNECTION, 0, 1,
@ -2284,7 +2284,7 @@ test_policies_fascist_firewall_choose_address(void *arg)
mock_options.ClientPreferIPv6ORPort = -1; mock_options.ClientPreferIPv6ORPort = -1;
mock_options.ClientPreferIPv6DirPort = -1; mock_options.ClientPreferIPv6DirPort = -1;
/* Simulate the initialisation of fake_node.ipv6_preferred */ /* Simulate the initialisation of fake_node.ipv6_preferred */
fake_node.ipv6_preferred = fascist_firewall_prefer_ipv6_orport( fake_node.ipv6_preferred = reachable_addr_prefer_ipv6_orport(
&mock_options); &mock_options);
CHECK_CHOSEN_ADDR_RN(fake_rs, fake_node, FIREWALL_OR_CONNECTION, 0, 1, CHECK_CHOSEN_ADDR_RN(fake_rs, fake_node, FIREWALL_OR_CONNECTION, 0, 1,
@ -2300,7 +2300,7 @@ test_policies_fascist_firewall_choose_address(void *arg)
mock_options.ClientPreferIPv6ORPort = 1; mock_options.ClientPreferIPv6ORPort = 1;
mock_options.ClientPreferIPv6DirPort = 1; mock_options.ClientPreferIPv6DirPort = 1;
/* Simulate the initialisation of fake_node.ipv6_preferred */ /* Simulate the initialisation of fake_node.ipv6_preferred */
fake_node.ipv6_preferred = fascist_firewall_prefer_ipv6_orport( fake_node.ipv6_preferred = reachable_addr_prefer_ipv6_orport(
&mock_options); &mock_options);
CHECK_CHOSEN_ADDR_RN(fake_rs, fake_node, FIREWALL_OR_CONNECTION, 0, 1, CHECK_CHOSEN_ADDR_RN(fake_rs, fake_node, FIREWALL_OR_CONNECTION, 0, 1,
@ -2316,7 +2316,7 @@ test_policies_fascist_firewall_choose_address(void *arg)
mock_options.ClientPreferIPv6ORPort = 0; mock_options.ClientPreferIPv6ORPort = 0;
mock_options.ClientPreferIPv6DirPort = 1; mock_options.ClientPreferIPv6DirPort = 1;
/* Simulate the initialisation of fake_node.ipv6_preferred */ /* Simulate the initialisation of fake_node.ipv6_preferred */
fake_node.ipv6_preferred = fascist_firewall_prefer_ipv6_orport( fake_node.ipv6_preferred = reachable_addr_prefer_ipv6_orport(
&mock_options); &mock_options);
CHECK_CHOSEN_ADDR_RN(fake_rs, fake_node, FIREWALL_OR_CONNECTION, 0, 1, CHECK_CHOSEN_ADDR_RN(fake_rs, fake_node, FIREWALL_OR_CONNECTION, 0, 1,
@ -2332,7 +2332,7 @@ test_policies_fascist_firewall_choose_address(void *arg)
mock_options.ClientPreferIPv6ORPort = 1; mock_options.ClientPreferIPv6ORPort = 1;
mock_options.ClientPreferIPv6DirPort = 0; mock_options.ClientPreferIPv6DirPort = 0;
/* Simulate the initialisation of fake_node.ipv6_preferred */ /* Simulate the initialisation of fake_node.ipv6_preferred */
fake_node.ipv6_preferred = fascist_firewall_prefer_ipv6_orport( fake_node.ipv6_preferred = reachable_addr_prefer_ipv6_orport(
&mock_options); &mock_options);
CHECK_CHOSEN_ADDR_RN(fake_rs, fake_node, FIREWALL_OR_CONNECTION, 0, 1, CHECK_CHOSEN_ADDR_RN(fake_rs, fake_node, FIREWALL_OR_CONNECTION, 0, 1,
@ -2354,7 +2354,7 @@ test_policies_fascist_firewall_choose_address(void *arg)
mock_options.ClientPreferIPv6ORPort = 0; mock_options.ClientPreferIPv6ORPort = 0;
mock_options.ClientPreferIPv6DirPort = 0; mock_options.ClientPreferIPv6DirPort = 0;
/* Simulate the initialisation of fake_node.ipv6_preferred */ /* Simulate the initialisation of fake_node.ipv6_preferred */
fake_node.ipv6_preferred = fascist_firewall_prefer_ipv6_orport( fake_node.ipv6_preferred = reachable_addr_prefer_ipv6_orport(
&mock_options); &mock_options);
CHECK_CHOSEN_ADDR_RN(fake_rs, fake_node, FIREWALL_OR_CONNECTION, 0, 1, CHECK_CHOSEN_ADDR_RN(fake_rs, fake_node, FIREWALL_OR_CONNECTION, 0, 1,
@ -2405,7 +2405,7 @@ test_policies_fascist_firewall_choose_address(void *arg)
mock_options.ClientPreferIPv6ORPort = 1; mock_options.ClientPreferIPv6ORPort = 1;
mock_options.ClientPreferIPv6DirPort = 1; mock_options.ClientPreferIPv6DirPort = 1;
/* Simulate the initialisation of fake_node.ipv6_preferred */ /* Simulate the initialisation of fake_node.ipv6_preferred */
fake_node.ipv6_preferred = fascist_firewall_prefer_ipv6_orport( fake_node.ipv6_preferred = reachable_addr_prefer_ipv6_orport(
&mock_options); &mock_options);
CHECK_CHOSEN_ADDR_RN(fake_rs, fake_node, FIREWALL_OR_CONNECTION, 0, 1, CHECK_CHOSEN_ADDR_RN(fake_rs, fake_node, FIREWALL_OR_CONNECTION, 0, 1,
@ -2454,7 +2454,7 @@ test_policies_fascist_firewall_choose_address(void *arg)
mock_options.ClientUseIPv4 = 1; mock_options.ClientUseIPv4 = 1;
mock_options.ClientUseIPv6 = 0; mock_options.ClientUseIPv6 = 0;
/* Simulate the initialisation of fake_node.ipv6_preferred */ /* Simulate the initialisation of fake_node.ipv6_preferred */
fake_node.ipv6_preferred = fascist_firewall_prefer_ipv6_orport( fake_node.ipv6_preferred = reachable_addr_prefer_ipv6_orport(
&mock_options); &mock_options);
CHECK_CHOSEN_ADDR_RN(fake_rs, fake_node, FIREWALL_OR_CONNECTION, 0, 1, CHECK_CHOSEN_ADDR_RN(fake_rs, fake_node, FIREWALL_OR_CONNECTION, 0, 1,
@ -2471,7 +2471,7 @@ test_policies_fascist_firewall_choose_address(void *arg)
mock_options.ClientUseIPv4 = 0; mock_options.ClientUseIPv4 = 0;
mock_options.ClientUseIPv6 = 1; mock_options.ClientUseIPv6 = 1;
/* Simulate the initialisation of fake_node.ipv6_preferred */ /* Simulate the initialisation of fake_node.ipv6_preferred */
fake_node.ipv6_preferred = fascist_firewall_prefer_ipv6_orport( fake_node.ipv6_preferred = reachable_addr_prefer_ipv6_orport(
&mock_options); &mock_options);
CHECK_CHOSEN_ADDR_RN(fake_rs, fake_node, FIREWALL_OR_CONNECTION, 0, 1, CHECK_CHOSEN_ADDR_RN(fake_rs, fake_node, FIREWALL_OR_CONNECTION, 0, 1,
@ -2489,7 +2489,7 @@ test_policies_fascist_firewall_choose_address(void *arg)
mock_options.ClientUseIPv4 = 0; mock_options.ClientUseIPv4 = 0;
mock_options.ClientUseIPv6 = 0; mock_options.ClientUseIPv6 = 0;
/* Simulate the initialisation of fake_node.ipv6_preferred */ /* Simulate the initialisation of fake_node.ipv6_preferred */
fake_node.ipv6_preferred = fascist_firewall_prefer_ipv6_orport( fake_node.ipv6_preferred = reachable_addr_prefer_ipv6_orport(
&mock_options); &mock_options);
CHECK_CHOSEN_ADDR_RN(fake_rs, fake_node, FIREWALL_OR_CONNECTION, 0, 1, CHECK_CHOSEN_ADDR_RN(fake_rs, fake_node, FIREWALL_OR_CONNECTION, 0, 1,
@ -2511,7 +2511,7 @@ test_policies_fascist_firewall_choose_address(void *arg)
mock_options.ClientPreferIPv6DirPort = 1; mock_options.ClientPreferIPv6DirPort = 1;
/* Simulate the initialisation of fake_node.ipv6_preferred */ /* Simulate the initialisation of fake_node.ipv6_preferred */
fake_node.ipv6_preferred = fascist_firewall_prefer_ipv6_orport( fake_node.ipv6_preferred = reachable_addr_prefer_ipv6_orport(
&mock_options); &mock_options);
CHECK_CHOSEN_ADDR_RN(fake_rs, fake_node, FIREWALL_OR_CONNECTION, 0, 1, CHECK_CHOSEN_ADDR_RN(fake_rs, fake_node, FIREWALL_OR_CONNECTION, 0, 1,
@ -2683,9 +2683,9 @@ struct testcase_t policy_tests[] = {
{ "reject_interface_address", test_policies_reject_interface_address, 0, { "reject_interface_address", test_policies_reject_interface_address, 0,
NULL, NULL }, NULL, NULL },
{ "reject_port_address", test_policies_reject_port_address, 0, NULL, NULL }, { "reject_port_address", test_policies_reject_port_address, 0, NULL, NULL },
{ "fascist_firewall_allows_address", { "reachable_addr_allows",
test_policies_fascist_firewall_allows_address, 0, NULL, NULL }, test_policies_fascist_firewall_allows_address, 0, NULL, NULL },
{ "fascist_firewall_choose_address", { "reachable_addr_choose",
test_policies_fascist_firewall_choose_address, 0, NULL, NULL }, test_policies_fascist_firewall_choose_address, 0, NULL, NULL },
END_OF_TESTCASES END_OF_TESTCASES
}; };