diff options
| author | Nick Mathewson <nickm@torproject.org> | 2016-10-05 12:38:03 -0400 |
|---|---|---|
| committer | Nick Mathewson <nickm@torproject.org> | 2016-10-05 12:44:53 -0400 |
| commit | 785176e97545b2e7fc65bb80cf7aa13c9adc3fc4 (patch) | |
| tree | f8dc5b27a1e104cd5f425c1efb8350e4be85ee23 /src/or/connection_edge.c | |
| parent | 684500519d5060fcbcc410a0e71d8d9a32fa8220 (diff) | |
| download | tor-785176e97545b2e7fc65bb80cf7aa13c9adc3fc4.tar.gz tor-785176e97545b2e7fc65bb80cf7aa13c9adc3fc4.zip | |
Clean up and fix exit policy check in connection_exit_connect().
Previously, we would reject even rendezvous connections to IPv6
addresses when IPv6Exit was false. But that doesn't make sense; we
don't count that as "exit"ing. I've corrected the logic and tried
to make it a lottle more clear.
Fixes bug 18357; this code has been wrong since 9016d9e8294a352 in
0.2.4.7-alpha.
Diffstat (limited to 'src/or/connection_edge.c')
| -rw-r--r-- | src/or/connection_edge.c | 24 |
1 files changed, 16 insertions, 8 deletions
diff --git a/src/or/connection_edge.c b/src/or/connection_edge.c index 08e4fa5924..a1a0863387 100644 --- a/src/or/connection_edge.c +++ b/src/or/connection_edge.c @@ -3232,14 +3232,22 @@ connection_exit_connect(edge_connection_t *edge_conn) uint16_t port; connection_t *conn = TO_CONN(edge_conn); int socket_error = 0, result; - - if ( (!connection_edge_is_rendezvous_stream(edge_conn) && - router_compare_to_my_exit_policy(&edge_conn->base_.addr, - edge_conn->base_.port)) || - (tor_addr_family(&conn->addr) == AF_INET6 && - ! get_options()->IPv6Exit)) { - log_info(LD_EXIT,"%s:%d failed exit policy. Closing.", - escaped_safe_str_client(conn->address), conn->port); + const char *why_failed_exit_policy = NULL; + + if (! connection_edge_is_rendezvous_stream(edge_conn)) { + /* only apply exit policy to non-rendezvous connections. */ + if (router_compare_to_my_exit_policy(&edge_conn->base_.addr, + edge_conn->base_.port)) { + why_failed_exit_policy = ""; + } else if (tor_addr_family(&conn->addr) == AF_INET6 && + ! get_options()->IPv6Exit) { + why_failed_exit_policy = " (IPv6 address without IPv6Exit configured)"; + } + } + if (why_failed_exit_policy) { + log_info(LD_EXIT,"%s:%d failed exit policy%s. Closing.", + escaped_safe_str_client(conn->address), conn->port, + why_failed_exit_policy); connection_edge_end(edge_conn, END_STREAM_REASON_EXITPOLICY); circuit_detach_stream(circuit_get_by_edge_conn(edge_conn), edge_conn); connection_free(conn); |