Block OutboundBindAddressIPv[4|6]_ and configured ports on exit relays

Modify policies_parse_exit_policy_reject_private so it also blocks the addresses configured for OutboundBindAddressIPv4_ and OutboundBindAddressIPv6_, and any publicly routable port addresses on exit relays. Add and update unit tests for these functions.
author: teor (Tim Wilson-Brown) <teor2345@gmail.com> 2015-11-16 15:54:57 +1100
committer: teor (Tim Wilson-Brown) <teor2345@gmail.com> 2015-11-20 10:39:13 +1100
commit: 66fac9fbadae529349f00172760688cf3caeb64d (patch)
tree: 64f278e70503f13a0cdf8c7cdf8d9afda7063343 /src/or/policies.h
parent: e726ad466445e600b006295a8d2315643d1680da (diff)
download: tor-66fac9fbadae529349f00172760688cf3caeb64d.tar.gz
tor-66fac9fbadae529349f00172760688cf3caeb64d.zip
1 files changed, 17 insertions, 12 deletions
diff --git a/src/or/policies.h b/src/or/policies.h
index 97350f5751..26f92ad077 100644
--- a/src/or/policies.h
+++ b/src/or/policies.h
@@ -48,21 +48,26 @@ MOCK_DECL(addr_policy_result_t, compare_tor_addr_to_addr_policy,
 addr_policy_result_t compare_tor_addr_to_node_policy(const tor_addr_t *addr,
                               uint16_t port, const node_t *node);
 
-int policies_parse_exit_policy_from_options(const or_options_t *or_options,
-                                            uint32_t local_address,
-                                            tor_addr_t *ipv6_local_address,
-                                            int reject_interface_addresses,
-                                            smartlist_t **result);
+int policies_parse_exit_policy_from_options(
+                                          const or_options_t *or_options,
+                                          uint32_t local_address,
+                                          const tor_addr_t *ipv6_local_address,
+                                          smartlist_t **result);
 int policies_parse_exit_policy(config_line_t *cfg, smartlist_t **dest,
                                exit_policy_parser_cfg_t options,
                                uint32_t local_address,
-                               tor_addr_t *ipv6_local_address,
-                               int reject_interface_addresses);
-void policies_parse_exit_policy_reject_private(smartlist_t **dest,
-                                               int ipv6_exit,
-                                               uint32_t local_address,
-                                               tor_addr_t *ipv6_local_address,
-                                               int reject_interface_addresses);
+                               const tor_addr_t *ipv6_local_address,
+                               const tor_addr_t *ipv4_outbound_address,
+                               const tor_addr_t *ipv6_outbound_address);
+void policies_parse_exit_policy_reject_private(
+                                      smartlist_t **dest,
+                                      int ipv6_exit,
+                                      uint32_t local_address,
+                                      const tor_addr_t *ipv6_local_address,
+                                      const tor_addr_t *ipv4_outbound_address,
+                                      const tor_addr_t *ipv6_outbound_address,
+                                      int reject_interface_addresses,
+                                      int reject_configured_port_addresses);
 void policies_exit_policy_append_reject_star(smartlist_t **dest);
 void addr_policy_append_reject_addr(smartlist_t **dest,
                                     const tor_addr_t *addr);
author	teor (Tim Wilson-Brown) <teor2345@gmail.com>	2015-11-16 15:54:57 +1100
committer	teor (Tim Wilson-Brown) <teor2345@gmail.com>	2015-11-20 10:39:13 +1100
commit	66fac9fbadae529349f00172760688cf3caeb64d (patch)
tree	64f278e70503f13a0cdf8c7cdf8d9afda7063343 /src/or/policies.h
parent	e726ad466445e600b006295a8d2315643d1680da (diff)
download	tor-66fac9fbadae529349f00172760688cf3caeb64d.tar.gz tor-66fac9fbadae529349f00172760688cf3caeb64d.zip