aboutsummaryrefslogtreecommitdiff
path: root/src/or/config.c
diff options
context:
space:
mode:
authorteor (Tim Wilson-Brown) <teor2345@gmail.com>2015-12-14 17:23:10 +1100
committerteor (Tim Wilson-Brown) <teor2345@gmail.com>2016-01-29 07:13:57 +1100
commit2d33d192fc4dd0da2a2e038dd87b277f8e9b90de (patch)
treefdfa9777f319a4286d04b095c1e1058356c74d25 /src/or/config.c
parent4460feaf2850ef0fb027a2d01786a5bbaee056dc (diff)
downloadtor-2d33d192fc4dd0da2a2e038dd87b277f8e9b90de.tar.gz
tor-2d33d192fc4dd0da2a2e038dd87b277f8e9b90de.zip
Add ClientUseIPv4 and ClientPreferIPv6DirPort torrc options
ClientUseIPv4 0 tells tor to avoid IPv4 client connections. ClientPreferIPv6DirPort 1 tells tor to prefer IPv6 directory connections. Refactor policy for IPv4/IPv6 preferences. Fix a bug where node->ipv6_preferred could become stale if ClientPreferIPv6ORPort was changed after the consensus was loaded. Update documentation, existing code, add unit tests.
Diffstat (limited to 'src/or/config.c')
-rw-r--r--src/or/config.c51
1 files changed, 48 insertions, 3 deletions
diff --git a/src/or/config.c b/src/or/config.c
index 9ec47d2459..d676c6e29d 100644
--- a/src/or/config.c
+++ b/src/or/config.c
@@ -191,9 +191,11 @@ static config_var_t option_vars_[] = {
V(ClientDNSRejectInternalAddresses, BOOL,"1"),
V(ClientOnly, BOOL, "0"),
V(ClientPreferIPv6ORPort, BOOL, "0"),
+ V(ClientPreferIPv6DirPort, BOOL, "0"),
V(ClientRejectInternalAddresses, BOOL, "1"),
V(ClientTransportPlugin, LINELIST, NULL),
V(ClientUseIPv6, BOOL, "0"),
+ V(ClientUseIPv4, BOOL, "1"),
V(ConsensusParams, STRING, NULL),
V(ConnLimit, UINT, "1000"),
V(ConnDirectionStatistics, BOOL, "0"),
@@ -3071,6 +3073,9 @@ options_validate(or_options_t *old_options, or_options_t *options,
}
}
+ /* Terminate Reachable*Addresses with reject *, but check if it has an
+ * IPv6 entry on the way through */
+ int reachable_knows_ipv6 = 0;
for (i=0; i<3; i++) {
config_line_t **linep =
(i==0) ? &options->ReachableAddresses :
@@ -3080,7 +3085,19 @@ options_validate(or_options_t *old_options, or_options_t *options,
continue;
/* We need to end with a reject *:*, not an implicit accept *:* */
for (;;) {
- if (!strcmp((*linep)->value, "reject *:*")) /* already there */
+ /* Check if the policy has an IPv6 entry, or uses IPv4-specific
+ * policies (and therefore we assume it's aware of IPv6). */
+ if (!strcmpstart((*linep)->value, "accept6") ||
+ !strcmpstart((*linep)->value, "reject6") ||
+ !strstr((*linep)->value, "*6") ||
+ strchr((*linep)->value, '[') ||
+ !strcmpstart((*linep)->value, "accept4") ||
+ !strcmpstart((*linep)->value, "reject4") ||
+ !strstr((*linep)->value, "*4"))
+ reachable_knows_ipv6 = 1;
+ /* already has a reject all */
+ if (!strcmp((*linep)->value, "reject *:*") ||
+ !strcmp((*linep)->value, "reject *"))
break;
linep = &((*linep)->next);
if (!*linep) {
@@ -3095,13 +3112,41 @@ options_validate(or_options_t *old_options, or_options_t *options,
}
}
- if ((options->ReachableAddresses ||
+ if (options->ClientUseIPv6 &&
+ (options->ReachableAddresses ||
options->ReachableORAddresses ||
options->ReachableDirAddresses) &&
+ !reachable_knows_ipv6)
+ log_warn(LD_CONFIG, "You have set ClientUseIPv6 1 and at least one of "
+ "ReachableAddresses, ReachableORAddresses, or "
+ "ReachableDirAddresses, but without any IPv6-specific rules. "
+ "Tor won't connect to any IPv6 addresses, unless a rule accepts "
+ "them. (Use 'accept6 *:*' or 'reject6 *:*' as the last rule to "
+ "disable this warning.)");
+
+ if ((options->ReachableAddresses ||
+ options->ReachableORAddresses ||
+ options->ReachableDirAddresses ||
+ options->ClientUseIPv4 == 0) &&
server_mode(options))
REJECT("Servers must be able to freely connect to the rest "
"of the Internet, so they must not set Reachable*Addresses "
- "or FascistFirewall.");
+ "or FascistFirewall or FirewallPorts or ClientUseIPv4 0.");
+
+ /* We check if Reachable*Addresses blocks all addresses in
+ * parse_reachable_addresses(). */
+ if (options->ClientUseIPv4 == 0 && options->ClientUseIPv6 == 0)
+ REJECT("Tor cannot connect to the Internet if ClientUseIPv4 is 0 and "
+ "ClientUseIPv6 is 0. Please set at least one of these options "
+ "to 1.");
+
+ if (options->ClientUseIPv6 == 0 && options->ClientPreferIPv6ORPort == 1)
+ log_warn(LD_CONFIG, "ClientPreferIPv6ORPort 1 is ignored unless "
+ "ClientUseIPv6 is also 1.");
+
+ if (options->ClientUseIPv6 == 0 && options->ClientPreferIPv6DirPort == 1)
+ log_warn(LD_CONFIG, "ClientPreferIPv6DirPort 1 is ignored unless "
+ "ClientUseIPv6 is also 1.");
if (options->UseBridges &&
server_mode(options))