From 2eb7eafc9d789cb5063dd36021412434b656bf75 Mon Sep 17 00:00:00 2001 From: Nick Mathewson Date: Wed, 24 Oct 2012 12:33:18 -0400 Subject: Add a new family-specific syntax for tor_addr_parse_mask_ports By default, "*" means "All IPv4 addresses" with tor_addr_parse_mask_ports, so I won't break anything. But if the new EXTENDED_STAR flag is provided, then * means "any address", *4 means "any IPv4 address" (that is, 0.0.0.0/0), and "*6" means "any IPv6 address" (that is, [::]/0). This is going to let us have a syntax for specifying exit policies in torrc that won't drive people mad. Also, add a bunch of unit tests for tor_addr_parse_mask_ports to test these new features, and to increase coverage. --- src/or/config.c | 1 + src/or/policies.c | 7 ++++--- src/or/routerparse.c | 5 +++-- 3 files changed, 8 insertions(+), 5 deletions(-) (limited to 'src/or') diff --git a/src/or/config.c b/src/or/config.c index 9af55e9233..f8ac67ed38 100644 --- a/src/or/config.c +++ b/src/or/config.c @@ -276,6 +276,7 @@ static config_var_t option_vars_[] = { V(HTTPProxyAuthenticator, STRING, NULL), V(HTTPSProxy, STRING, NULL), V(HTTPSProxyAuthenticator, STRING, NULL), + // V(IPv6EXit, BOOL, "0"), VAR("ServerTransportPlugin", LINELIST, ServerTransportPlugin, NULL), V(Socks4Proxy, STRING, NULL), V(Socks5Proxy, STRING, NULL), diff --git a/src/or/policies.c b/src/or/policies.c index 09ba10bbe7..442377b1c5 100644 --- a/src/or/policies.c +++ b/src/or/policies.c @@ -87,7 +87,8 @@ policy_expand_private(smartlist_t **policy) memcpy(&newpolicy, p, sizeof(addr_policy_t)); newpolicy.is_private = 0; newpolicy.is_canonical = 0; - if (tor_addr_parse_mask_ports(private_nets[i], &newpolicy.addr, + if (tor_addr_parse_mask_ports(private_nets[i], 0, + &newpolicy.addr, &newpolicy.maskbits, &port_min, &port_max)<0) { tor_assert(0); } @@ -1192,8 +1193,8 @@ policy_summary_add_item(smartlist_t *summary, addr_policy_t *p) for (i = 0; private_nets[i]; ++i) { tor_addr_t addr; maskbits_t maskbits; - if (tor_addr_parse_mask_ports(private_nets[i], &addr, - &maskbits, NULL, NULL)<0) { + if (tor_addr_parse_mask_ports(private_nets[i], 0, &addr, + &maskbits, NULL, NULL)<0) { tor_assert(0); } if (tor_addr_compare(&p->addr, &addr, CMP_EXACT) == 0 && diff --git a/src/or/routerparse.c b/src/or/routerparse.c index a333780752..6069c8d3c1 100644 --- a/src/or/routerparse.c +++ b/src/or/routerparse.c @@ -1280,7 +1280,8 @@ find_single_ipv6_orport(const smartlist_t *list, uint16_t port_min, port_max; tor_assert(t->n_args >= 1); /* XXXX Prop186 the full spec allows much more than this. */ - if (tor_addr_parse_mask_ports(t->args[0], &a, &bits, &port_min, + if (tor_addr_parse_mask_ports(t->args[0], 0, + &a, &bits, &port_min, &port_max) == AF_INET6 && bits == 128 && port_min == port_max) { @@ -3737,7 +3738,7 @@ router_parse_addr_policy(directory_token_t *tok) else newe.policy_type = ADDR_POLICY_ACCEPT; - if (tor_addr_parse_mask_ports(arg, &newe.addr, &newe.maskbits, + if (tor_addr_parse_mask_ports(arg, 0, &newe.addr, &newe.maskbits, &newe.prt_min, &newe.prt_max) < 0) { log_warn(LD_DIR,"Couldn't parse line %s. Dropping", escaped(arg)); return NULL; -- cgit v1.2.3-54-g00ecf