summaryrefslogtreecommitdiff
path: root/src
diff options
context:
space:
mode:
authorNick Mathewson <nickm@torproject.org>2016-10-14 09:08:51 -0400
committerNick Mathewson <nickm@torproject.org>2016-10-14 09:08:52 -0400
commit87865c8aca0cc8c7ad4d4696a75e96b91fdf8734 (patch)
treed0c066d199557f3f682597cba274571bd483325d /src
parent785176e97545b2e7fc65bb80cf7aa13c9adc3fc4 (diff)
downloadtor-87865c8aca0cc8c7ad4d4696a75e96b91fdf8734.tar.gz
tor-87865c8aca0cc8c7ad4d4696a75e96b91fdf8734.zip
Extract ExitPolicy-and-IPv6Exit check into a new function
(I've done this instead of changing the semantics of router_compare_to_my_exit_policy, because dns.c uses router_compare_to_my_exit_policy too, in a slightly weird way.)
Diffstat (limited to 'src')
-rw-r--r--src/or/connection_edge.c34
1 files changed, 24 insertions, 10 deletions
diff --git a/src/or/connection_edge.c b/src/or/connection_edge.c
index a1a0863387..788b7ee066 100644
--- a/src/or/connection_edge.c
+++ b/src/or/connection_edge.c
@@ -3218,6 +3218,24 @@ connection_exit_begin_resolve(cell_t *cell, or_circuit_t *circ)
return 0;
}
+/** Helper: Return true and set *<b>why_rejected</b> to an optional clarifying
+ * message message iff we do not allow connections to <b>addr</b>:<b>port</b>.
+ */
+static int
+my_exit_policy_rejects(const tor_addr_t *addr,
+ uint16_t port,
+ const char **why_rejected)
+{
+ if (router_compare_to_my_exit_policy(addr, port)) {
+ *why_rejected = "";
+ return 1;
+ } else if (tor_addr_family(addr) == AF_INET6 && !get_options()->IPv6Exit) {
+ *why_rejected = " (IPv6 address without IPv6Exit configured)";
+ return 1;
+ }
+ return 0;
+}
+
/** Connect to conn's specified addr and port. If it worked, conn
* has now been added to the connection_array.
*
@@ -3234,17 +3252,13 @@ connection_exit_connect(edge_connection_t *edge_conn)
int socket_error = 0, result;
const char *why_failed_exit_policy = NULL;
- if (! connection_edge_is_rendezvous_stream(edge_conn)) {
- /* only apply exit policy to non-rendezvous connections. */
- if (router_compare_to_my_exit_policy(&edge_conn->base_.addr,
- edge_conn->base_.port)) {
+ /* Apply exit policy to non-rendezvous connections. */
+ if (! connection_edge_is_rendezvous_stream(edge_conn) &&
+ my_exit_policy_rejects(&edge_conn->base_.addr,
+ edge_conn->base_.port,
+ &why_failed_exit_policy)) {
+ if (BUG(!why_failed_exit_policy))
why_failed_exit_policy = "";
- } else if (tor_addr_family(&conn->addr) == AF_INET6 &&
- ! get_options()->IPv6Exit) {
- why_failed_exit_policy = " (IPv6 address without IPv6Exit configured)";
- }
- }
- if (why_failed_exit_policy) {
log_info(LD_EXIT,"%s:%d failed exit policy%s. Closing.",
escaped_safe_str_client(conn->address), conn->port,
why_failed_exit_policy);