diff options
-rw-r--r-- | src/or/connection_edge.c | 3 | ||||
-rw-r--r-- | src/or/router.c | 26 | ||||
-rw-r--r-- | src/or/router.h | 2 |
3 files changed, 22 insertions, 9 deletions
diff --git a/src/or/connection_edge.c b/src/or/connection_edge.c index 28cd42fee7..758d8f5d87 100644 --- a/src/or/connection_edge.c +++ b/src/or/connection_edge.c @@ -2493,7 +2493,8 @@ connection_exit_connect(edge_connection_t *edge_conn) int socket_error = 0; if ( (!connection_edge_is_rendezvous_stream(edge_conn) && - router_compare_to_my_exit_policy(edge_conn)) || + router_compare_to_my_exit_policy(&edge_conn->base_.addr, + edge_conn->base_.port)) || (tor_addr_family(&conn->addr) == AF_INET6 && ! get_options()->IPv6Exit)) { log_info(LD_EXIT,"%s:%d failed exit policy. Closing.", diff --git a/src/or/router.c b/src/or/router.c index 71d08860cf..a0950bec63 100644 --- a/src/or/router.c +++ b/src/or/router.c @@ -1370,22 +1370,34 @@ router_upload_dir_desc_to_dirservers(int force) * conn. Return 0 if we accept; non-0 if we reject. */ int -router_compare_to_my_exit_policy(edge_connection_t *conn) +router_compare_to_my_exit_policy(const tor_addr_t *addr, uint16_t port) { if (!router_get_my_routerinfo()) /* make sure desc_routerinfo exists */ return -1; /* make sure it's resolved to something. this way we can't get a 'maybe' below. */ - if (tor_addr_is_null(&conn->base_.addr)) + if (tor_addr_is_null(addr)) return -1; - if (tor_addr_family(&conn->base_.addr) != AF_INET && - tor_addr_family(&conn->base_.addr) != AF_INET6) + /* look at desc_routerinfo->exit_policy for both the v4 and the v6 + * policies. The exit_policy field in desc_routerinfo is a bit unusual, + * in that it contains IPv6 and IPv6 entries. We don't want to look + * at desc_routerinfio->ipv6_exit_policy, since that's a port summary. */ + if ((tor_addr_family(addr) == AF_INET || + tor_addr_family(addr) == AF_INET6)) { + return compare_tor_addr_to_addr_policy(addr, port, + desc_routerinfo->exit_policy) != ADDR_POLICY_ACCEPTED; +#if 0 + } else if (tor_addr_family(addr) == AF_INET6) { + return get_options()->IPv6Exit && + desc_routerinfo->ipv6_exit_policy && + compare_tor_addr_to_short_policy(addr, port, + desc_routerinfo->ipv6_exit_policy) != ADDR_POLICY_ACCEPTED; +#endif + } else { return -1; - - return compare_tor_addr_to_addr_policy(&conn->base_.addr, conn->base_.port, - desc_routerinfo->exit_policy) != ADDR_POLICY_ACCEPTED; + } } /** Return true iff my exit policy is reject *:*. Return -1 if we don't diff --git a/src/or/router.h b/src/or/router.h index 7ab057706d..b641c1cc6a 100644 --- a/src/or/router.h +++ b/src/or/router.h @@ -72,7 +72,7 @@ void check_descriptor_bandwidth_changed(time_t now); void check_descriptor_ipaddress_changed(time_t now); void router_new_address_suggestion(const char *suggestion, const dir_connection_t *d_conn); -int router_compare_to_my_exit_policy(edge_connection_t *conn); +int router_compare_to_my_exit_policy(const tor_addr_t *addr, uint16_t port); int router_my_exit_policy_is_reject_star(void); const routerinfo_t *router_get_my_routerinfo(void); extrainfo_t *router_get_my_extrainfo(void); |