diff options
-rw-r--r-- | src/or/connection_edge.c | 34 |
1 files changed, 24 insertions, 10 deletions
diff --git a/src/or/connection_edge.c b/src/or/connection_edge.c index a1a0863387..788b7ee066 100644 --- a/src/or/connection_edge.c +++ b/src/or/connection_edge.c @@ -3218,6 +3218,24 @@ connection_exit_begin_resolve(cell_t *cell, or_circuit_t *circ) return 0; } +/** Helper: Return true and set *<b>why_rejected</b> to an optional clarifying + * message message iff we do not allow connections to <b>addr</b>:<b>port</b>. + */ +static int +my_exit_policy_rejects(const tor_addr_t *addr, + uint16_t port, + const char **why_rejected) +{ + if (router_compare_to_my_exit_policy(addr, port)) { + *why_rejected = ""; + return 1; + } else if (tor_addr_family(addr) == AF_INET6 && !get_options()->IPv6Exit) { + *why_rejected = " (IPv6 address without IPv6Exit configured)"; + return 1; + } + return 0; +} + /** Connect to conn's specified addr and port. If it worked, conn * has now been added to the connection_array. * @@ -3234,17 +3252,13 @@ connection_exit_connect(edge_connection_t *edge_conn) int socket_error = 0, result; const char *why_failed_exit_policy = NULL; - if (! connection_edge_is_rendezvous_stream(edge_conn)) { - /* only apply exit policy to non-rendezvous connections. */ - if (router_compare_to_my_exit_policy(&edge_conn->base_.addr, - edge_conn->base_.port)) { + /* Apply exit policy to non-rendezvous connections. */ + if (! connection_edge_is_rendezvous_stream(edge_conn) && + my_exit_policy_rejects(&edge_conn->base_.addr, + edge_conn->base_.port, + &why_failed_exit_policy)) { + if (BUG(!why_failed_exit_policy)) why_failed_exit_policy = ""; - } else if (tor_addr_family(&conn->addr) == AF_INET6 && - ! get_options()->IPv6Exit) { - why_failed_exit_policy = " (IPv6 address without IPv6Exit configured)"; - } - } - if (why_failed_exit_policy) { log_info(LD_EXIT,"%s:%d failed exit policy%s. Closing.", escaped_safe_str_client(conn->address), conn->port, why_failed_exit_policy); |