diff options
author | teor <teor2345@gmail.com> | 2017-02-01 15:18:47 +1100 |
---|---|---|
committer | Nick Mathewson <nickm@torproject.org> | 2017-02-01 09:39:06 -0500 |
commit | 82850d0da6c29fe50e2622f0cde0142ca9530ae4 (patch) | |
tree | b9b44b4236579f5fab56dcb02234b051c7f71f60 /src/or | |
parent | 7e7b3d3df3e60c28dfa0fc29c192daf1b7e87409 (diff) | |
download | tor-82850d0da6c29fe50e2622f0cde0142ca9530ae4.tar.gz tor-82850d0da6c29fe50e2622f0cde0142ca9530ae4.zip |
Refactor policy_summary_reject to prepare for IPv6 changes
No behaviour change, apart from non-fatal assertions
Part of 21357
Diffstat (limited to 'src/or')
-rw-r--r-- | src/or/policies.c | 15 |
1 files changed, 12 insertions, 3 deletions
diff --git a/src/or/policies.c b/src/or/policies.c index 1262bef6f4..71062eb741 100644 --- a/src/or/policies.c +++ b/src/or/policies.c @@ -2299,7 +2299,11 @@ policy_summary_item_split(policy_summary_item_t* old, uint16_t new_starts) * my immortal soul, he can clean it up himself. */ #define AT(x) ((policy_summary_item_t*)smartlist_get(summary, x)) -#define REJECT_CUTOFF_COUNT (1<<25) +#define IPV4_BITS (32) +/* Ports are rejected in an IPv4 summary if they are rejected in more than two + * IPv4 /8 address blocks */ +#define REJECT_CUTOFF_COUNT_IPV4 (U64_LITERAL(1) << \ + (IPV4_BITS - 7)) /** Split an exit policy summary so that prt_min and prt_max * fall at exactly the start and end of an item respectively. */ @@ -2341,7 +2345,7 @@ policy_summary_accept(smartlist_t *summary, while (i < smartlist_len(summary) && AT(i)->prt_max <= prt_max) { if (!AT(i)->accepted && - AT(i)->reject_count <= REJECT_CUTOFF_COUNT) + AT(i)->reject_count <= REJECT_CUTOFF_COUNT_IPV4) AT(i)->accepted = 1; i++; } @@ -2357,7 +2361,12 @@ policy_summary_reject(smartlist_t *summary, { int i = policy_summary_split(summary, prt_min, prt_max); /* XXX: ipv4 specific */ - uint64_t count = (U64_LITERAL(1) << (32-maskbits)); + /* The length of a single address mask */ + int addrbits = IPV4_BITS; + tor_assert_nonfatal_once(addrbits >= maskbits); + + uint64_t count = (U64_LITERAL(1) << (addrbits-maskbits)); + tor_assert_nonfatal_once(count > 0); while (i < smartlist_len(summary) && AT(i)->prt_max <= prt_max) { AT(i)->reject_count += count; |