summaryrefslogtreecommitdiff
path: root/src/or/config.c
diff options
context:
space:
mode:
authorteor (Tim Wilson-Brown) <teor2345@gmail.com>2016-01-04 00:35:22 +1100
committerteor (Tim Wilson-Brown) <teor2345@gmail.com>2016-01-29 07:16:04 +1100
commit3b8216f2155f224bf66497c71de4cecb55cd83e6 (patch)
treed20a3e81663bfafb73020acd78343640f12ce54a /src/or/config.c
parent4528f893163ad7ab27915451caf23b3a722413ce (diff)
downloadtor-3b8216f2155f224bf66497c71de4cecb55cd83e6.tar.gz
tor-3b8216f2155f224bf66497c71de4cecb55cd83e6.zip
Use fascist firewall and ClientUseIPv4 for bridge clients
Bridge clients ignore ClientUseIPv6, acting as if it is always 1. This preserves existing behaviour. Make ClientPreferIPv6OR/DirPort auto by default: * Bridge clients prefer IPv6 by default. * Other clients prefer IPv4 by default. This preserves existing behaviour.
Diffstat (limited to 'src/or/config.c')
-rw-r--r--src/or/config.c49
1 files changed, 12 insertions, 37 deletions
diff --git a/src/or/config.c b/src/or/config.c
index d676c6e29d..caa01d1d93 100644
--- a/src/or/config.c
+++ b/src/or/config.c
@@ -190,8 +190,8 @@ static config_var_t option_vars_[] = {
V(CircuitPriorityHalflife, DOUBLE, "-100.0"), /*negative:'Use default'*/
V(ClientDNSRejectInternalAddresses, BOOL,"1"),
V(ClientOnly, BOOL, "0"),
- V(ClientPreferIPv6ORPort, BOOL, "0"),
- V(ClientPreferIPv6DirPort, BOOL, "0"),
+ V(ClientPreferIPv6ORPort, AUTOBOOL, "auto"),
+ V(ClientPreferIPv6DirPort, AUTOBOOL, "auto"),
V(ClientRejectInternalAddresses, BOOL, "1"),
V(ClientTransportPlugin, LINELIST, NULL),
V(ClientUseIPv6, BOOL, "0"),
@@ -3073,9 +3073,8 @@ options_validate(or_options_t *old_options, or_options_t *options,
}
}
- /* Terminate Reachable*Addresses with reject *, but check if it has an
- * IPv6 entry on the way through */
- int reachable_knows_ipv6 = 0;
+ /* Terminate Reachable*Addresses with reject *
+ */
for (i=0; i<3; i++) {
config_line_t **linep =
(i==0) ? &options->ReachableAddresses :
@@ -3085,20 +3084,6 @@ options_validate(or_options_t *old_options, or_options_t *options,
continue;
/* We need to end with a reject *:*, not an implicit accept *:* */
for (;;) {
- /* Check if the policy has an IPv6 entry, or uses IPv4-specific
- * policies (and therefore we assume it's aware of IPv6). */
- if (!strcmpstart((*linep)->value, "accept6") ||
- !strcmpstart((*linep)->value, "reject6") ||
- !strstr((*linep)->value, "*6") ||
- strchr((*linep)->value, '[') ||
- !strcmpstart((*linep)->value, "accept4") ||
- !strcmpstart((*linep)->value, "reject4") ||
- !strstr((*linep)->value, "*4"))
- reachable_knows_ipv6 = 1;
- /* already has a reject all */
- if (!strcmp((*linep)->value, "reject *:*") ||
- !strcmp((*linep)->value, "reject *"))
- break;
linep = &((*linep)->next);
if (!*linep) {
*linep = tor_malloc_zero(sizeof(config_line_t));
@@ -3112,18 +3097,6 @@ options_validate(or_options_t *old_options, or_options_t *options,
}
}
- if (options->ClientUseIPv6 &&
- (options->ReachableAddresses ||
- options->ReachableORAddresses ||
- options->ReachableDirAddresses) &&
- !reachable_knows_ipv6)
- log_warn(LD_CONFIG, "You have set ClientUseIPv6 1 and at least one of "
- "ReachableAddresses, ReachableORAddresses, or "
- "ReachableDirAddresses, but without any IPv6-specific rules. "
- "Tor won't connect to any IPv6 addresses, unless a rule accepts "
- "them. (Use 'accept6 *:*' or 'reject6 *:*' as the last rule to "
- "disable this warning.)");
-
if ((options->ReachableAddresses ||
options->ReachableORAddresses ||
options->ReachableDirAddresses ||
@@ -3135,18 +3108,20 @@ options_validate(or_options_t *old_options, or_options_t *options,
/* We check if Reachable*Addresses blocks all addresses in
* parse_reachable_addresses(). */
- if (options->ClientUseIPv4 == 0 && options->ClientUseIPv6 == 0)
+ if (options->ClientUseIPv4 == 0 && !fascist_firewall_use_ipv6(options))
REJECT("Tor cannot connect to the Internet if ClientUseIPv4 is 0 and "
"ClientUseIPv6 is 0. Please set at least one of these options "
- "to 1.");
+ "to 1, or configure bridges.");
- if (options->ClientUseIPv6 == 0 && options->ClientPreferIPv6ORPort == 1)
+ if (!fascist_firewall_use_ipv6(options)
+ && options->ClientPreferIPv6ORPort == 1)
log_warn(LD_CONFIG, "ClientPreferIPv6ORPort 1 is ignored unless "
- "ClientUseIPv6 is also 1.");
+ "ClientUseIPv6 is also 1, or bridges are configured.");
- if (options->ClientUseIPv6 == 0 && options->ClientPreferIPv6DirPort == 1)
+ if (!fascist_firewall_use_ipv6(options)
+ && options->ClientPreferIPv6DirPort == 1)
log_warn(LD_CONFIG, "ClientPreferIPv6DirPort 1 is ignored unless "
- "ClientUseIPv6 is also 1.");
+ "ClientUseIPv6 is also 1, or bridges are configured.");
if (options->UseBridges &&
server_mode(options))