summaryrefslogtreecommitdiff
path: root/src/or/entrynodes.c
diff options
context:
space:
mode:
authorteor (Tim Wilson-Brown) <teor2345@gmail.com>2015-12-14 17:23:10 +1100
committerteor (Tim Wilson-Brown) <teor2345@gmail.com>2016-01-29 07:13:57 +1100
commit2d33d192fc4dd0da2a2e038dd87b277f8e9b90de (patch)
treefdfa9777f319a4286d04b095c1e1058356c74d25 /src/or/entrynodes.c
parent4460feaf2850ef0fb027a2d01786a5bbaee056dc (diff)
downloadtor-2d33d192fc4dd0da2a2e038dd87b277f8e9b90de.tar.gz
tor-2d33d192fc4dd0da2a2e038dd87b277f8e9b90de.zip
Add ClientUseIPv4 and ClientPreferIPv6DirPort torrc options
ClientUseIPv4 0 tells tor to avoid IPv4 client connections. ClientPreferIPv6DirPort 1 tells tor to prefer IPv6 directory connections. Refactor policy for IPv4/IPv6 preferences. Fix a bug where node->ipv6_preferred could become stale if ClientPreferIPv6ORPort was changed after the consensus was loaded. Update documentation, existing code, add unit tests.
Diffstat (limited to 'src/or/entrynodes.c')
-rw-r--r--src/or/entrynodes.c8
1 files changed, 5 insertions, 3 deletions
diff --git a/src/or/entrynodes.c b/src/or/entrynodes.c
index bf71fc30c0..e358e92ccd 100644
--- a/src/or/entrynodes.c
+++ b/src/or/entrynodes.c
@@ -268,7 +268,7 @@ entry_is_live(const entry_guard_t *e, entry_is_live_flags_t flags,
*msg = "not fast/stable";
return NULL;
}
- if (!fascist_firewall_allows_node(node)) {
+ if (!fascist_firewall_allows_node(node, FIREWALL_OR_CONNECTION, 0)) {
*msg = "unreachable by config";
return NULL;
}
@@ -918,7 +918,8 @@ entry_guards_set_from_config(const or_options_t *options)
} else if (routerset_contains_node(options->ExcludeNodes, node)) {
SMARTLIST_DEL_CURRENT(entry_nodes, node);
continue;
- } else if (!fascist_firewall_allows_node(node)) {
+ } else if (!fascist_firewall_allows_node(node, FIREWALL_OR_CONNECTION,
+ 0)) {
SMARTLIST_DEL_CURRENT(entry_nodes, node);
continue;
} else if (! node->is_possible_guard) {
@@ -2178,7 +2179,8 @@ fetch_bridge_descriptors(const or_options_t *options, time_t now)
!options->UpdateBridgesFromAuthority, !num_bridge_auths);
if (ask_bridge_directly &&
- !fascist_firewall_allows_address_or(&bridge->addr, bridge->port)) {
+ !fascist_firewall_allows_address_addr(&bridge->addr, bridge->port,
+ FIREWALL_OR_CONNECTION, 0)) {
log_notice(LD_DIR, "Bridge at '%s' isn't reachable by our "
"firewall policy. %s.",
fmt_addrport(&bridge->addr, bridge->port),