mirror of
https://gitlab.torproject.org/tpo/core/tor.git
synced 2024-12-03 17:13:33 +01:00
Merge branch 'maint-0.2.9'
This commit is contained in:
commit
c58592e658
4
changes/bug20306_029
Normal file
4
changes/bug20306_029
Normal file
@ -0,0 +1,4 @@
|
|||||||
|
o Minor bugfixes (fascistfirewall):
|
||||||
|
- Avoid spurious warnings when ReachableAddresses or FascistFirewall
|
||||||
|
is set. Fixes bug 20306; bugfix on 0.2.8.2-alpha.
|
||||||
|
|
@ -281,28 +281,22 @@ parse_reachable_addresses(void)
|
|||||||
|
|
||||||
/* We ignore ReachableAddresses for relays */
|
/* We ignore ReachableAddresses for relays */
|
||||||
if (!server_mode(options)) {
|
if (!server_mode(options)) {
|
||||||
if ((reachable_or_addr_policy
|
if (policy_is_reject_star(reachable_or_addr_policy, AF_UNSPEC, 0)
|
||||||
&& policy_is_reject_star(reachable_or_addr_policy, AF_UNSPEC))
|
|| policy_is_reject_star(reachable_dir_addr_policy, AF_UNSPEC,0)) {
|
||||||
|| (reachable_dir_addr_policy
|
|
||||||
&& policy_is_reject_star(reachable_dir_addr_policy, AF_UNSPEC))) {
|
|
||||||
log_warn(LD_CONFIG, "Tor cannot connect to the Internet if "
|
log_warn(LD_CONFIG, "Tor cannot connect to the Internet if "
|
||||||
"ReachableAddresses, ReachableORAddresses, or "
|
"ReachableAddresses, ReachableORAddresses, or "
|
||||||
"ReachableDirAddresses reject all addresses. Please accept "
|
"ReachableDirAddresses reject all addresses. Please accept "
|
||||||
"some addresses in these options.");
|
"some addresses in these options.");
|
||||||
} else if (options->ClientUseIPv4 == 1
|
} else if (options->ClientUseIPv4 == 1
|
||||||
&& ((reachable_or_addr_policy
|
&& (policy_is_reject_star(reachable_or_addr_policy, AF_INET, 0)
|
||||||
&& policy_is_reject_star(reachable_or_addr_policy, AF_INET))
|
|| policy_is_reject_star(reachable_dir_addr_policy, AF_INET, 0))) {
|
||||||
|| (reachable_dir_addr_policy
|
|
||||||
&& policy_is_reject_star(reachable_dir_addr_policy, AF_INET)))) {
|
|
||||||
log_warn(LD_CONFIG, "You have set ClientUseIPv4 1, but "
|
log_warn(LD_CONFIG, "You have set ClientUseIPv4 1, but "
|
||||||
"ReachableAddresses, ReachableORAddresses, or "
|
"ReachableAddresses, ReachableORAddresses, or "
|
||||||
"ReachableDirAddresses reject all IPv4 addresses. "
|
"ReachableDirAddresses reject all IPv4 addresses. "
|
||||||
"Tor will not connect using IPv4.");
|
"Tor will not connect using IPv4.");
|
||||||
} else if (fascist_firewall_use_ipv6(options)
|
} else if (fascist_firewall_use_ipv6(options)
|
||||||
&& ((reachable_or_addr_policy
|
&& (policy_is_reject_star(reachable_or_addr_policy, AF_INET6, 0)
|
||||||
&& policy_is_reject_star(reachable_or_addr_policy, AF_INET6))
|
|| policy_is_reject_star(reachable_dir_addr_policy, AF_INET6, 0))) {
|
||||||
|| (reachable_dir_addr_policy
|
|
||||||
&& policy_is_reject_star(reachable_dir_addr_policy, AF_INET6)))) {
|
|
||||||
log_warn(LD_CONFIG, "You have configured tor to use IPv6 "
|
log_warn(LD_CONFIG, "You have configured tor to use IPv6 "
|
||||||
"(ClientUseIPv6 1 or UseBridges 1), but "
|
"(ClientUseIPv6 1 or UseBridges 1), but "
|
||||||
"ReachableAddresses, ReachableORAddresses, or "
|
"ReachableAddresses, ReachableORAddresses, or "
|
||||||
@ -1091,8 +1085,8 @@ validate_addr_policies(const or_options_t *options, char **msg)
|
|||||||
|
|
||||||
const int exitrelay_setting_is_auto = options->ExitRelay == -1;
|
const int exitrelay_setting_is_auto = options->ExitRelay == -1;
|
||||||
const int policy_accepts_something =
|
const int policy_accepts_something =
|
||||||
! (policy_is_reject_star(addr_policy, AF_INET) &&
|
! (policy_is_reject_star(addr_policy, AF_INET, 1) &&
|
||||||
policy_is_reject_star(addr_policy, AF_INET6));
|
policy_is_reject_star(addr_policy, AF_INET6, 1));
|
||||||
|
|
||||||
if (server_mode(options) &&
|
if (server_mode(options) &&
|
||||||
! warned_about_exitrelay &&
|
! warned_about_exitrelay &&
|
||||||
@ -2163,13 +2157,16 @@ exit_policy_is_general_exit(smartlist_t *policy)
|
|||||||
}
|
}
|
||||||
|
|
||||||
/** Return false if <b>policy</b> might permit access to some addr:port;
|
/** Return false if <b>policy</b> might permit access to some addr:port;
|
||||||
* otherwise if we are certain it rejects everything, return true. */
|
* otherwise if we are certain it rejects everything, return true. If no
|
||||||
|
* part of <b>policy</b> matches, return <b>default_reject</b>.
|
||||||
|
* NULL policies are allowed, and treated as empty. */
|
||||||
int
|
int
|
||||||
policy_is_reject_star(const smartlist_t *policy, sa_family_t family)
|
policy_is_reject_star(const smartlist_t *policy, sa_family_t family,
|
||||||
|
int default_reject)
|
||||||
{
|
{
|
||||||
if (!policy) /*XXXX disallow NULL policies? */
|
if (!policy)
|
||||||
return 1;
|
return default_reject;
|
||||||
SMARTLIST_FOREACH_BEGIN(policy, addr_policy_t *, p) {
|
SMARTLIST_FOREACH_BEGIN(policy, const addr_policy_t *, p) {
|
||||||
if (p->policy_type == ADDR_POLICY_ACCEPT &&
|
if (p->policy_type == ADDR_POLICY_ACCEPT &&
|
||||||
(tor_addr_family(&p->addr) == family ||
|
(tor_addr_family(&p->addr) == family ||
|
||||||
tor_addr_family(&p->addr) == AF_UNSPEC)) {
|
tor_addr_family(&p->addr) == AF_UNSPEC)) {
|
||||||
@ -2182,7 +2179,7 @@ policy_is_reject_star(const smartlist_t *policy, sa_family_t family)
|
|||||||
return 1;
|
return 1;
|
||||||
}
|
}
|
||||||
} SMARTLIST_FOREACH_END(p);
|
} SMARTLIST_FOREACH_END(p);
|
||||||
return 1;
|
return default_reject;
|
||||||
}
|
}
|
||||||
|
|
||||||
/** Write a single address policy to the buf_len byte buffer at buf. Return
|
/** Write a single address policy to the buf_len byte buffer at buf. Return
|
||||||
|
@ -100,7 +100,8 @@ void addr_policy_append_reject_addr_list(smartlist_t **dest,
|
|||||||
const smartlist_t *addrs);
|
const smartlist_t *addrs);
|
||||||
void policies_set_node_exitpolicy_to_reject_all(node_t *exitrouter);
|
void policies_set_node_exitpolicy_to_reject_all(node_t *exitrouter);
|
||||||
int exit_policy_is_general_exit(smartlist_t *policy);
|
int exit_policy_is_general_exit(smartlist_t *policy);
|
||||||
int policy_is_reject_star(const smartlist_t *policy, sa_family_t family);
|
int policy_is_reject_star(const smartlist_t *policy, sa_family_t family,
|
||||||
|
int reject_by_default);
|
||||||
char * policy_dump_to_string(const smartlist_t *policy_list,
|
char * policy_dump_to_string(const smartlist_t *policy_list,
|
||||||
int include_ipv4,
|
int include_ipv4,
|
||||||
int include_ipv6);
|
int include_ipv6);
|
||||||
|
@ -2158,8 +2158,8 @@ router_build_fresh_descriptor(routerinfo_t **r, extrainfo_t **e)
|
|||||||
&ri->exit_policy);
|
&ri->exit_policy);
|
||||||
}
|
}
|
||||||
ri->policy_is_reject_star =
|
ri->policy_is_reject_star =
|
||||||
policy_is_reject_star(ri->exit_policy, AF_INET) &&
|
policy_is_reject_star(ri->exit_policy, AF_INET, 1) &&
|
||||||
policy_is_reject_star(ri->exit_policy, AF_INET6);
|
policy_is_reject_star(ri->exit_policy, AF_INET6, 1);
|
||||||
|
|
||||||
if (options->IPv6Exit) {
|
if (options->IPv6Exit) {
|
||||||
char *p_tmp = policy_summarize(ri->exit_policy, AF_INET6);
|
char *p_tmp = policy_summarize(ri->exit_policy, AF_INET6);
|
||||||
|
@ -1924,7 +1924,7 @@ router_parse_entry_from_string(const char *s, const char *end,
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
if (policy_is_reject_star(router->exit_policy, AF_INET) &&
|
if (policy_is_reject_star(router->exit_policy, AF_INET, 1) &&
|
||||||
(!router->ipv6_exit_policy ||
|
(!router->ipv6_exit_policy ||
|
||||||
short_policy_is_reject_star(router->ipv6_exit_policy)))
|
short_policy_is_reject_star(router->ipv6_exit_policy)))
|
||||||
router->policy_is_reject_star = 1;
|
router->policy_is_reject_star = 1;
|
||||||
|
@ -258,14 +258,16 @@ test_policies_general(void *arg)
|
|||||||
tt_assert(!cmp_addr_policies(policy2, policy2));
|
tt_assert(!cmp_addr_policies(policy2, policy2));
|
||||||
tt_assert(!cmp_addr_policies(NULL, NULL));
|
tt_assert(!cmp_addr_policies(NULL, NULL));
|
||||||
|
|
||||||
tt_assert(!policy_is_reject_star(policy2, AF_INET));
|
tt_assert(!policy_is_reject_star(policy2, AF_INET, 1));
|
||||||
tt_assert(policy_is_reject_star(policy, AF_INET));
|
tt_assert(policy_is_reject_star(policy, AF_INET, 1));
|
||||||
tt_assert(policy_is_reject_star(policy10, AF_INET));
|
tt_assert(policy_is_reject_star(policy10, AF_INET, 1));
|
||||||
tt_assert(!policy_is_reject_star(policy10, AF_INET6));
|
tt_assert(!policy_is_reject_star(policy10, AF_INET6, 1));
|
||||||
tt_assert(policy_is_reject_star(policy11, AF_INET));
|
tt_assert(policy_is_reject_star(policy11, AF_INET, 1));
|
||||||
tt_assert(policy_is_reject_star(policy11, AF_INET6));
|
tt_assert(policy_is_reject_star(policy11, AF_INET6, 1));
|
||||||
tt_assert(policy_is_reject_star(NULL, AF_INET));
|
tt_assert(policy_is_reject_star(NULL, AF_INET, 1));
|
||||||
tt_assert(policy_is_reject_star(NULL, AF_INET6));
|
tt_assert(policy_is_reject_star(NULL, AF_INET6, 1));
|
||||||
|
tt_assert(!policy_is_reject_star(NULL, AF_INET, 0));
|
||||||
|
tt_assert(!policy_is_reject_star(NULL, AF_INET6, 0));
|
||||||
|
|
||||||
addr_policy_list_free(policy);
|
addr_policy_list_free(policy);
|
||||||
policy = NULL;
|
policy = NULL;
|
||||||
|
Loading…
Reference in New Issue
Block a user