diff options
| author | teor (Tim Wilson-Brown) <teor2345@gmail.com> | 2015-09-11 15:10:54 +1000 |
|---|---|---|
| committer | teor (Tim Wilson-Brown) <teor2345@gmail.com> | 2015-09-16 00:13:03 +1000 |
| commit | e033d5e90bcb63b68cfac07a4e041dd0ea839573 (patch) | |
| tree | db28a5545407742ce86f0ea8a11406d10671b017 /src/common | |
| parent | 60312dc08b30243740e85c2a944874014f682579 (diff) | |
| download | tor-e033d5e90bcb63b68cfac07a4e041dd0ea839573.tar.gz tor-e033d5e90bcb63b68cfac07a4e041dd0ea839573.zip | |
Ignore accept6/reject6 IPv4, warn about unexpected rule outcomes
When parsing torrc ExitPolicies, we now warn if:
* an IPv4 address is used on an accept6 or reject6 line. The line is
ignored, but the rest of the policy items in the list are used.
(accept/reject continue to allow both IPv4 and IPv6 addresses in torrcs.)
* a "private" address alias is used on an accept6 or reject6 line.
The line filters both IPv4 and IPv6 private addresses, disregarding
the 6 in accept6/reject6.
When parsing torrc ExitPolicies, we now issue an info-level message:
* when expanding an accept/reject * line to include both IPv4 and IPv6
wildcard addresses.
In each instance, usage advice is provided to avoid the message.
Partial fix for ticket 16069. Patch by "teor".
Patch on 2eb7eafc9d78 and a96c0affcb4c (25 Oct 2012),
released in 0.2.4.7-alpha.
Diffstat (limited to 'src/common')
| -rw-r--r-- | src/common/address.c | 4 |
1 files changed, 4 insertions, 0 deletions
diff --git a/src/common/address.c b/src/common/address.c index dd336257ef..597f6990d3 100644 --- a/src/common/address.c +++ b/src/common/address.c @@ -690,6 +690,10 @@ tor_addr_parse_mask_ports(const char *s, if (flags & TAPMP_EXTENDED_STAR) { family = AF_UNSPEC; tor_addr_make_unspec(addr_out); + log_info(LD_GENERAL, + "'%s' expands into rules which apply to all IPv4 and IPv6 " + "addresses. (Use accept/reject *4:* for IPv4 or " + "accept[6]/reject[6] *6:* for IPv6.)", s); } else { family = AF_INET; tor_addr_from_ipv4h(addr_out, 0); |