summaryrefslogtreecommitdiff
path: root/src/or/policies.h
diff options
context:
space:
mode:
authorteor (Tim Wilson-Brown) <teor2345@gmail.com>2015-12-14 17:23:10 +1100
committerteor (Tim Wilson-Brown) <teor2345@gmail.com>2016-01-29 07:13:57 +1100
commit2d33d192fc4dd0da2a2e038dd87b277f8e9b90de (patch)
treefdfa9777f319a4286d04b095c1e1058356c74d25 /src/or/policies.h
parent4460feaf2850ef0fb027a2d01786a5bbaee056dc (diff)
downloadtor-2d33d192fc4dd0da2a2e038dd87b277f8e9b90de.tar.gz
tor-2d33d192fc4dd0da2a2e038dd87b277f8e9b90de.zip
Add ClientUseIPv4 and ClientPreferIPv6DirPort torrc options
ClientUseIPv4 0 tells tor to avoid IPv4 client connections. ClientPreferIPv6DirPort 1 tells tor to prefer IPv6 directory connections. Refactor policy for IPv4/IPv6 preferences. Fix a bug where node->ipv6_preferred could become stale if ClientPreferIPv6ORPort was changed after the consensus was loaded. Update documentation, existing code, add unit tests.
Diffstat (limited to 'src/or/policies.h')
-rw-r--r--src/or/policies.h62
1 files changed, 57 insertions, 5 deletions
diff --git a/src/or/policies.h b/src/or/policies.h
index 007f494482..7309bcf667 100644
--- a/src/or/policies.h
+++ b/src/or/policies.h
@@ -22,13 +22,61 @@
#define EXIT_POLICY_REJECT_PRIVATE (1 << 1)
#define EXIT_POLICY_ADD_DEFAULT (1 << 2)
+typedef enum firewall_connection_t {
+ FIREWALL_OR_CONNECTION = 0,
+ FIREWALL_DIR_CONNECTION = 1
+} firewall_connection_t;
+
typedef int exit_policy_parser_cfg_t;
-int firewall_is_fascist_or(void);
-int fascist_firewall_allows_address_or(const tor_addr_t *addr, uint16_t port);
-int fascist_firewall_allows_or(const routerinfo_t *ri);
-int fascist_firewall_allows_node(const node_t *node);
-int fascist_firewall_allows_address_dir(const tor_addr_t *addr, uint16_t port);
+int fascist_firewall_allows_address_addr(const tor_addr_t *addr, uint16_t port,
+ firewall_connection_t fw_connection,
+ int pref_only);
+int fascist_firewall_allows_address_ap(const tor_addr_port_t *ap,
+ firewall_connection_t fw_connection,
+ int pref_only);
+int fascist_firewall_allows_address_ipv4h(uint32_t ipv4h_or_addr,
+ uint16_t ipv4_or_port,
+ firewall_connection_t fw_connection,
+ int pref_only);
+int fascist_firewall_allows_ri(const routerinfo_t *ri,
+ firewall_connection_t fw_connection,
+ int pref_only);
+int fascist_firewall_allows_rs(const routerstatus_t *rs,
+ firewall_connection_t fw_connection,
+ int pref_only);
+int fascist_firewall_allows_md(const microdesc_t *md,
+ firewall_connection_t fw_connection,
+ int pref_only);
+int fascist_firewall_allows_node(const node_t *node,
+ firewall_connection_t fw_connection,
+ int pref_only);
+int fascist_firewall_allows_dir_server(const dir_server_t *ds,
+ firewall_connection_t fw_connection,
+ int pref_only);
+
+const tor_addr_port_t * fascist_firewall_choose_address(
+ const tor_addr_port_t *a,
+ const tor_addr_port_t *b,
+ int want_a,
+ firewall_connection_t fw_connection,
+ int pref_only);
+int fascist_firewall_choose_address_ri(const routerinfo_t *ri,
+ firewall_connection_t fw_connection,
+ int pref_only, tor_addr_port_t* ap);
+int fascist_firewall_choose_address_rs(const routerstatus_t *rs,
+ firewall_connection_t fw_connection,
+ int pref_only, tor_addr_port_t* ap);
+int fascist_firewall_choose_address_md(const microdesc_t *md,
+ firewall_connection_t fw_connection,
+ int pref_only, tor_addr_port_t* ap);
+int fascist_firewall_choose_address_node(const node_t *node,
+ firewall_connection_t fw_connection,
+ int pref_only, tor_addr_port_t* ap);
+int fascist_firewall_choose_address_dir_server(const dir_server_t *ds,
+ firewall_connection_t fw_connection,
+ int pref_only, tor_addr_port_t* ap);
+
int dir_policy_permits_address(const tor_addr_t *addr);
int socks_policy_permits_address(const tor_addr_t *addr);
int authdir_policy_permits_address(uint32_t addr, uint16_t port);
@@ -94,6 +142,10 @@ addr_policy_result_t compare_tor_addr_to_short_policy(
#ifdef POLICIES_PRIVATE
STATIC void append_exit_policy_string(smartlist_t **policy, const char *more);
+STATIC int fascist_firewall_allows_address(const tor_addr_t *addr,
+ uint16_t port,
+ smartlist_t *firewall_policy,
+ int pref_only, int pref_ipv6);
#endif
#endif