diff options
Diffstat (limited to 'src/or/connection.c')
-rw-r--r-- | src/or/connection.c | 16 |
1 files changed, 11 insertions, 5 deletions
diff --git a/src/or/connection.c b/src/or/connection.c index 7cbdff9553..0d9eb627c4 100644 --- a/src/or/connection.c +++ b/src/or/connection.c @@ -412,6 +412,17 @@ static int connection_handle_listener_read(connection_t *conn, int new_type) { set_socket_nonblocking(news); + /* process entrance policies here, before we even create the connection */ + if(new_type == CONN_TYPE_AP) { + /* check sockspolicy to see if we should accept it */ + if(socks_policy_permits_address(ntohl(remote.sin_addr.s_addr)) == 0) { + log_fn(LOG_WARN,"Denying socks connection from untrusted address %s.", + inet_ntoa(remote.sin_addr)); + tor_close_socket(news); + return 0; + } + } + newconn = connection_new(new_type); newconn->s = news; @@ -442,11 +453,6 @@ static int connection_init_accepted_conn(connection_t *conn) { case CONN_TYPE_OR: return connection_tls_start_handshake(conn, 1); case CONN_TYPE_AP: - /* check sockspolicy to see if we should accept it */ - if(socks_policy_permits_address(conn->addr) == 0) { - log_fn(LOG_WARN,"Denying socks connection from untrusted address %s.", conn->address); - return -1; - } conn->state = AP_CONN_STATE_SOCKS_WAIT; break; case CONN_TYPE_DIR: |