diff options
| author | Nick Mathewson <nickm@torproject.org> | 2012-10-24 23:05:44 -0400 |
|---|---|---|
| committer | Nick Mathewson <nickm@torproject.org> | 2012-11-14 23:16:22 -0500 |
| commit | b35a0d113233fa29439500555201b85c1dec64b1 (patch) | |
| tree | fe1771a94b373f41c7e28411925fdc21e5012f24 | |
| parent | 04ea55014182776871841279f6917d1a03c4e905 (diff) | |
| download | tor-b35a0d113233fa29439500555201b85c1dec64b1.tar.gz tor-b35a0d113233fa29439500555201b85c1dec64b1.zip | |
Add IPv6 support to compare_to_addr_to_node_policy
| -rw-r--r-- | src/or/policies.c | 19 | ||||
| -rw-r--r-- | src/or/router.c | 19 |
2 files changed, 35 insertions, 3 deletions
diff --git a/src/or/policies.c b/src/or/policies.c index 8367446ff2..16b3e4fa7a 100644 --- a/src/or/policies.c +++ b/src/or/policies.c @@ -1616,16 +1616,29 @@ compare_tor_addr_to_node_policy(const tor_addr_t *addr, uint16_t port, if (node->rejects_all) return ADDR_POLICY_REJECTED; - if (node->ri) + if (addr && tor_addr_family(addr) == AF_INET6) { + const short_policy_t *p = NULL; + if (node->ri) + p = node->ri->ipv6_exit_policy; + else if (node->md) + p = node->md->ipv6_exit_policy; + if (p) + return compare_tor_addr_to_short_policy(addr, port, p); + else + return ADDR_POLICY_REJECTED; + } + + if (node->ri) { return compare_tor_addr_to_addr_policy(addr, port, node->ri->exit_policy); - else if (node->md) { + } else if (node->md) { if (node->md->exit_policy == NULL) return ADDR_POLICY_REJECTED; else return compare_tor_addr_to_short_policy(addr, port, node->md->exit_policy); - } else + } else { return ADDR_POLICY_PROBABLY_REJECTED; + } } /** Implementation for GETINFO control command: knows the answer for questions diff --git a/src/or/router.c b/src/or/router.c index efe24d7cc2..cdd33bb6f6 100644 --- a/src/or/router.c +++ b/src/or/router.c @@ -1609,6 +1609,11 @@ router_rebuild_descriptor(int force) } ri->policy_is_reject_star = policy_is_reject_star(ri->exit_policy); +#if 0 + /* XXXX024 Don't actually enable this code until exiting to an IPv6 + * address works. */ + ri->ipv6_exit_policy = policy_summarize(&ri->exit_policy, AF_INET6); +#endif #if 0 /* XXXX NM NM I belive this is safe to remove */ @@ -2150,6 +2155,20 @@ router_dump_router_to_string(char *s, size_t maxlen, routerinfo_t *router, } } + if (router->ipv6_exit_policy) { + char *p6 = write_short_policy(router->ipv6_exit_policy); + if (p6 && strcmp(p6, "reject 1-65535")) { + result = tor_snprintf(s+written, maxlen-written, + "ipv6-policy %s\n", p6); + if (result<0) { + log_warn(LD_BUG,"Descriptor printf of policy ran out of room"); + return -1; + } + written += result; + } + tor_free(p6); + } + if (written + DIROBJ_MAX_SIG_LEN > maxlen) { /* Not enough room for signature. */ log_warn(LD_BUG,"not enough room left in descriptor for signature!"); |