summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorNick Mathewson <nickm@torproject.org>2012-11-05 13:11:53 -0500
committerNick Mathewson <nickm@torproject.org>2012-11-14 23:16:25 -0500
commita58e17bcc308654b7e973debe88fe74ad817a2bb (patch)
treecb7689fdfdd38db842deb7b0f20704f5d88fc36b
parent25cf286fb1b2a11f82b3e5a0e7800a2071ec6ed2 (diff)
downloadtor-a58e17bcc308654b7e973debe88fe74ad817a2bb.tar.gz
tor-a58e17bcc308654b7e973debe88fe74ad817a2bb.zip
Change signature of router_compare_to_my_exit_policy so dns can use it
Also, fix the function so it actually looks at our ipv6 exit policy.
-rw-r--r--src/or/connection_edge.c3
-rw-r--r--src/or/router.c26
-rw-r--r--src/or/router.h2
3 files changed, 22 insertions, 9 deletions
diff --git a/src/or/connection_edge.c b/src/or/connection_edge.c
index 28cd42fee7..758d8f5d87 100644
--- a/src/or/connection_edge.c
+++ b/src/or/connection_edge.c
@@ -2493,7 +2493,8 @@ connection_exit_connect(edge_connection_t *edge_conn)
int socket_error = 0;
if ( (!connection_edge_is_rendezvous_stream(edge_conn) &&
- router_compare_to_my_exit_policy(edge_conn)) ||
+ router_compare_to_my_exit_policy(&edge_conn->base_.addr,
+ edge_conn->base_.port)) ||
(tor_addr_family(&conn->addr) == AF_INET6 &&
! get_options()->IPv6Exit)) {
log_info(LD_EXIT,"%s:%d failed exit policy. Closing.",
diff --git a/src/or/router.c b/src/or/router.c
index 71d08860cf..a0950bec63 100644
--- a/src/or/router.c
+++ b/src/or/router.c
@@ -1370,22 +1370,34 @@ router_upload_dir_desc_to_dirservers(int force)
* conn. Return 0 if we accept; non-0 if we reject.
*/
int
-router_compare_to_my_exit_policy(edge_connection_t *conn)
+router_compare_to_my_exit_policy(const tor_addr_t *addr, uint16_t port)
{
if (!router_get_my_routerinfo()) /* make sure desc_routerinfo exists */
return -1;
/* make sure it's resolved to something. this way we can't get a
'maybe' below. */
- if (tor_addr_is_null(&conn->base_.addr))
+ if (tor_addr_is_null(addr))
return -1;
- if (tor_addr_family(&conn->base_.addr) != AF_INET &&
- tor_addr_family(&conn->base_.addr) != AF_INET6)
+ /* look at desc_routerinfo->exit_policy for both the v4 and the v6
+ * policies. The exit_policy field in desc_routerinfo is a bit unusual,
+ * in that it contains IPv6 and IPv6 entries. We don't want to look
+ * at desc_routerinfio->ipv6_exit_policy, since that's a port summary. */
+ if ((tor_addr_family(addr) == AF_INET ||
+ tor_addr_family(addr) == AF_INET6)) {
+ return compare_tor_addr_to_addr_policy(addr, port,
+ desc_routerinfo->exit_policy) != ADDR_POLICY_ACCEPTED;
+#if 0
+ } else if (tor_addr_family(addr) == AF_INET6) {
+ return get_options()->IPv6Exit &&
+ desc_routerinfo->ipv6_exit_policy &&
+ compare_tor_addr_to_short_policy(addr, port,
+ desc_routerinfo->ipv6_exit_policy) != ADDR_POLICY_ACCEPTED;
+#endif
+ } else {
return -1;
-
- return compare_tor_addr_to_addr_policy(&conn->base_.addr, conn->base_.port,
- desc_routerinfo->exit_policy) != ADDR_POLICY_ACCEPTED;
+ }
}
/** Return true iff my exit policy is reject *:*. Return -1 if we don't
diff --git a/src/or/router.h b/src/or/router.h
index 7ab057706d..b641c1cc6a 100644
--- a/src/or/router.h
+++ b/src/or/router.h
@@ -72,7 +72,7 @@ void check_descriptor_bandwidth_changed(time_t now);
void check_descriptor_ipaddress_changed(time_t now);
void router_new_address_suggestion(const char *suggestion,
const dir_connection_t *d_conn);
-int router_compare_to_my_exit_policy(edge_connection_t *conn);
+int router_compare_to_my_exit_policy(const tor_addr_t *addr, uint16_t port);
int router_my_exit_policy_is_reject_star(void);
const routerinfo_t *router_get_my_routerinfo(void);
extrainfo_t *router_get_my_extrainfo(void);