aboutsummaryrefslogtreecommitdiff
path: root/src
diff options
context:
space:
mode:
Diffstat (limited to 'src')
-rw-r--r--src/or/policies.c15
1 files changed, 12 insertions, 3 deletions
diff --git a/src/or/policies.c b/src/or/policies.c
index 1262bef6f4..71062eb741 100644
--- a/src/or/policies.c
+++ b/src/or/policies.c
@@ -2299,7 +2299,11 @@ policy_summary_item_split(policy_summary_item_t* old, uint16_t new_starts)
* my immortal soul, he can clean it up himself. */
#define AT(x) ((policy_summary_item_t*)smartlist_get(summary, x))
-#define REJECT_CUTOFF_COUNT (1<<25)
+#define IPV4_BITS (32)
+/* Ports are rejected in an IPv4 summary if they are rejected in more than two
+ * IPv4 /8 address blocks */
+#define REJECT_CUTOFF_COUNT_IPV4 (U64_LITERAL(1) << \
+ (IPV4_BITS - 7))
/** Split an exit policy summary so that prt_min and prt_max
* fall at exactly the start and end of an item respectively.
*/
@@ -2341,7 +2345,7 @@ policy_summary_accept(smartlist_t *summary,
while (i < smartlist_len(summary) &&
AT(i)->prt_max <= prt_max) {
if (!AT(i)->accepted &&
- AT(i)->reject_count <= REJECT_CUTOFF_COUNT)
+ AT(i)->reject_count <= REJECT_CUTOFF_COUNT_IPV4)
AT(i)->accepted = 1;
i++;
}
@@ -2357,7 +2361,12 @@ policy_summary_reject(smartlist_t *summary,
{
int i = policy_summary_split(summary, prt_min, prt_max);
/* XXX: ipv4 specific */
- uint64_t count = (U64_LITERAL(1) << (32-maskbits));
+ /* The length of a single address mask */
+ int addrbits = IPV4_BITS;
+ tor_assert_nonfatal_once(addrbits >= maskbits);
+
+ uint64_t count = (U64_LITERAL(1) << (addrbits-maskbits));
+ tor_assert_nonfatal_once(count > 0);
while (i < smartlist_len(summary) &&
AT(i)->prt_max <= prt_max) {
AT(i)->reject_count += count;