aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorteor (Tim Wilson-Brown) <teor2345@gmail.com>2015-12-16 08:47:47 +1100
committerteor (Tim Wilson-Brown) <teor2345@gmail.com>2015-12-16 08:51:59 +1100
commite2e09a2dbeae508ef8539e48eff1babb6aa0346e (patch)
treefb070370a5cda152d68143e327003f77b19e1d81
parentce92335214f4490f0e14487a99415c26777be2a8 (diff)
downloadtor-e2e09a2dbeae508ef8539e48eff1babb6aa0346e.tar.gz
tor-e2e09a2dbeae508ef8539e48eff1babb6aa0346e.zip
Warn when comparing against an AF_UNSPEC address in a policy
It produces unexpected results, and it's most likely a bug.
-rw-r--r--changes/feature178636
-rw-r--r--src/or/policies.c12
2 files changed, 18 insertions, 0 deletions
diff --git a/changes/feature17863 b/changes/feature17863
new file mode 100644
index 0000000000..86c4e2ce0c
--- /dev/null
+++ b/changes/feature17863
@@ -0,0 +1,6 @@
+ o Minor feature (IPv6):
+ - Add address policy assume_action support for IPv6 addresses.
+ - Limit IPv6 mask bits to 128.
+ - Warn when comparing against an AF_UNSPEC address in a policy,
+ it's almost always a bug.
+ Closes ticket 17863; patch by "teor".
diff --git a/src/or/policies.c b/src/or/policies.c
index 32a7ec2da4..c9bce1b234 100644
--- a/src/or/policies.c
+++ b/src/or/policies.c
@@ -696,6 +696,10 @@ compare_known_tor_addr_to_addr_policy(const tor_addr_t *addr, uint16_t port,
/* We know the address and port, and we know the policy, so we can just
* compute an exact match. */
SMARTLIST_FOREACH_BEGIN(policy, addr_policy_t *, tmpe) {
+ if (tmpe->addr.family == AF_UNSPEC) {
+ log_warn(LD_BUG, "Policy contains an AF_UNSPEC address, which only "
+ "matches other AF_UNSPEC addresses.");
+ }
/* Address is known */
if (!tor_addr_compare_masked(addr, &tmpe->addr, tmpe->maskbits,
CMP_EXACT)) {
@@ -723,6 +727,10 @@ compare_known_tor_addr_to_addr_policy_noport(const tor_addr_t *addr,
int maybe_accept = 0, maybe_reject = 0;
SMARTLIST_FOREACH_BEGIN(policy, addr_policy_t *, tmpe) {
+ if (tmpe->addr.family == AF_UNSPEC) {
+ log_warn(LD_BUG, "Policy contains an AF_UNSPEC address, which only "
+ "matches other AF_UNSPEC addresses.");
+ }
if (!tor_addr_compare_masked(addr, &tmpe->addr, tmpe->maskbits,
CMP_EXACT)) {
if (tmpe->prt_min <= 1 && tmpe->prt_max >= 65535) {
@@ -762,6 +770,10 @@ compare_unknown_tor_addr_to_addr_policy(uint16_t port,
int maybe_accept = 0, maybe_reject = 0;
SMARTLIST_FOREACH_BEGIN(policy, addr_policy_t *, tmpe) {
+ if (tmpe->addr.family == AF_UNSPEC) {
+ log_warn(LD_BUG, "Policy contains an AF_UNSPEC address, which only "
+ "matches other AF_UNSPEC addresses.");
+ }
if (tmpe->prt_min <= port && port <= tmpe->prt_max) {
if (tmpe->maskbits == 0) {
/* Definitely matches, since it covers all addresses. */