[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

[or-cvs] Replace (Fascist)Firewall* with a new ReachableAddresses op...



Update of /home/or/cvsroot/tor/src/or
In directory moria:/tmp/cvs-serv3499/src/or

Modified Files:
	circuitbuild.c config.c connection_edge.c directory.c or.h 
	relay.c router.c routerlist.c routerparse.c test.c 
Log Message:
Replace (Fascist)Firewall* with a new ReachableAddresses option that understands address policies.

Index: circuitbuild.c
===================================================================
RCS file: /home/or/cvsroot/tor/src/or/circuitbuild.c,v
retrieving revision 1.132
retrieving revision 1.133
diff -u -d -r1.132 -r1.133
--- circuitbuild.c	7 Aug 2005 21:24:00 -0000	1.132
+++ circuitbuild.c	8 Aug 2005 21:58:48 -0000	1.133
@@ -1416,7 +1416,7 @@
     smartlist_add(excluded, r);
     routerlist_add_family(excluded, r);
   }
-  if (options->FascistFirewall) {
+  if (firewall_is_fascist()) {
     /* exclude all ORs that listen on the wrong port */
     routerlist_t *rl;
     int i;
@@ -1427,7 +1427,7 @@
 
     for (i=0; i < smartlist_len(rl->routers); i++) {
       r = smartlist_get(rl->routers, i);
-      if (!fascist_firewall_allows_address(options,r->addr,r->or_port))
+      if (!fascist_firewall_allows_address(r->addr,r->or_port))
         smartlist_add(excluded, r);
     }
   }
@@ -1986,3 +1986,4 @@
   }
   return 0;
 }
+

Index: config.c
===================================================================
RCS file: /home/or/cvsroot/tor/src/or/config.c,v
retrieving revision 1.382
retrieving revision 1.383
diff -u -d -r1.382 -r1.383
--- config.c	8 Aug 2005 21:52:57 -0000	1.382
+++ config.c	8 Aug 2005 21:58:48 -0000	1.383
@@ -123,7 +123,6 @@
   VAR("ExitPolicy",          LINELIST, ExitPolicy,           NULL),
   VAR("FascistFirewall",     BOOL,     FascistFirewall,      "0"),
   VAR("FirewallPorts",       CSV,      FirewallPorts,        ""),
-  VAR("FirewallIPs",         CSV,      FirewallIPs,          NULL),
   VAR("Group",               STRING,   Group,                NULL),
   VAR("HardwareAccel",       BOOL,     HardwareAccel,        "1"),
   VAR("HashedControlPassword",STRING,  HashedControlPassword, NULL),
@@ -160,6 +159,7 @@
   VAR("OutboundBindAddress", STRING,   OutboundBindAddress,  NULL),
   VAR("PathlenCoinWeight",   DOUBLE,   PathlenCoinWeight,    "0.3"),
   VAR("PidFile",             STRING,   PidFile,              NULL),
+  VAR("ReachableAddresses",  LINELIST, ReachableAddresses,   NULL),
   VAR("RecommendedVersions", LINELIST, RecommendedVersions,  NULL),
   VAR("RedirectExit",        LINELIST, RedirectExit,         NULL),
   VAR("RendExcludeNodes",    STRING,   RendExcludeNodes,     NULL),
@@ -285,6 +285,7 @@
 static uint64_t config_parse_memunit(const char *s, int *ok);
 static int config_parse_interval(const char *s, int *ok);
 static void print_cvs_version(void);
+static void parse_reachable_addresses(void);
 static int init_libevent(void);
 #if defined(HAVE_EVENT_GET_VERSION) && defined(HAVE_EVENT_GET_METHOD)
 static void check_libevent_version(const char *m, const char *v, int server);
@@ -324,6 +325,8 @@
 static char *config_fname = NULL;
 /** Persistant serialized state. */
 static or_state_t *global_state = NULL;
+/** DOCDOC */
+static addr_policy_t *reachable_addr_policy = NULL;
 
 static void *
 config_alloc(config_format_t *fmt)
@@ -358,6 +361,8 @@
 {
   config_free(&options_format, global_options);
   tor_free(config_fname);
+  addr_policy_free(reachable_addr_policy);
+  reachable_addr_policy = NULL;
 }
 
 /** If options->SafeLogging is on, return a not very useful string,
@@ -483,6 +488,7 @@
   /* Update address policies. */
   parse_socks_policy();
   parse_dir_policy();
+  parse_reachable_addresses();
 
   init_cookie_authentication(options->CookieAuthentication);
 
@@ -1376,7 +1382,6 @@
     if (minimal && option_is_same(fmt, options, defaults, fmt->vars[i].name))
       continue;
 
-
     desc = config_find_description(fmt, fmt->vars[i].name);
     if (desc) {
       size_t len = strlen(desc)+8;
@@ -1439,56 +1444,51 @@
   return result;
 }
 
-/* Return 0 if every element of sl is a string holding an IP with
- * optional mask and port, or if sl is NULL. Otherwise return -1. */
-static int
-validate_addr_port_ranges_csv(smartlist_t *sl, const char *name)
+/** DOCDOC */
+static void
+parse_reachable_addresses(void)
 {
-  uint32_t addr, mask;
-  uint16_t port_min, port_max;
-  int result = 0;
-  tor_assert(name);
+  or_options_t *options = get_options();
 
-  if (!sl)
-    return 0;
+  addr_policy_free(reachable_addr_policy);
+  reachable_addr_policy = NULL;
 
-  SMARTLIST_FOREACH(sl, const char *, cp,
-  {
-    if (parse_addr_and_port_range(cp, &addr, &mask, &port_min, &port_max)<0) {
-      log(LOG_WARN, "IP/port range '%s' invalid in %s", cp, name);
-      result=-1;
-    }
-  });
-  return result;
+  if (config_parse_addr_policy(options->ReachableAddresses,
+                               &reachable_addr_policy,
+                               ADDR_POLICY_ACCEPT)) {
+    log_fn(LOG_WARN, "Error in ReachableAddresses entry; ignoring.");
+    return;
+  }
+}
+
+/** Return true iff the firewall options might block any address:port
+ * combination
+ */
+int
+firewall_is_fascist(void)
+{
+  return reachable_addr_policy ? 1 : 0;
 }
 
 /** Return true iff we are configured to think that the local fascist
  * firewall (if any) will allow a connection to <b>addr</b>:<b>port</b> */
 int
-fascist_firewall_allows_address(or_options_t *options, uint32_t addr,
-                                uint16_t port)
+fascist_firewall_allows_address(uint32_t addr, uint16_t port)
 {
-  uint32_t ipaddr, ipmask;
-  uint16_t portmin, portmax;
-  if (!options->FascistFirewall)
-    return 1;
-
-  if (smartlist_string_num_isin(options->FirewallPorts, port))
-    return 1;
-
-  if (!options->FirewallIPs)
-    return 0;
-
-  SMARTLIST_FOREACH(options->FirewallIPs, const char *, cp,
-    {
-      if (parse_addr_and_port_range(cp, &ipaddr, &ipmask, &portmin, &portmax)<0)
-        continue;
-      if ((addr&ipmask) == (ipaddr&ipmask) &&
-          (portmin <= port) && (port <= portmax))
-        return 1;
-    });
+  addr_policy_result_t p = router_compare_addr_to_addr_policy(
+               addr, port, reachable_addr_policy);
 
-  return 0;
+  switch (p) {
+    case ADDR_POLICY_PROBABLY_ACCEPTED:
+    case ADDR_POLICY_ACCEPTED:
+      return 1;
+    case ADDR_POLICY_PROBABLY_REJECTED:
+    case ADDR_POLICY_REJECTED:
+      return 0;
+    default:
+      log_fn(LOG_WARN, "Unexpected result: %d", (int)p);
+      return 0;
+  }
 }
 
 /** Return 0 if every setting in <b>options</b> is reasonable.  Else
@@ -1632,20 +1632,48 @@
                          "FirewallPorts") < 0)
     result = -1;
 
-  if (validate_addr_port_ranges_csv(options->FirewallIPs,
-                                    "FirewallIPs") < 0)
+  if (validate_ports_csv(options->LongLivedPorts,
+                         "LongLivedPorts") < 0)
     result = -1;
 
-  if (options->FascistFirewall &&
-      !smartlist_len(options->FirewallIPs) &&
-      !smartlist_len(options->FirewallPorts)) {
-    smartlist_add(options->FirewallPorts, tor_strdup("80"));
-    smartlist_add(options->FirewallPorts, tor_strdup("443"));
+  if (options->FascistFirewall) {
+    smartlist_t *instead = smartlist_create();
+    config_line_t *new_line = tor_malloc_zero(sizeof(config_line_t));
+    new_line->key = tor_strdup("ReachableAddresses");
+    /* If we're configured with the old format, we need to prepend some
+     * open ports. */
+    if (!smartlist_len(options->FirewallPorts)) {
+      smartlist_add(options->FirewallPorts, tor_strdup("80"));
+      smartlist_add(options->FirewallPorts, tor_strdup("443"));
+    }
+    SMARTLIST_FOREACH(options->FirewallPorts, const char *, portno,
+      {
+        int p = atoi(portno);
+        char *s;
+        if (p<0) continue;
+        s = tor_malloc(16);
+        tor_snprintf(s, 16, "*:%d", p);
+        smartlist_add(instead, s);
+      });
+    new_line->value = smartlist_join_strings(instead,",",0,NULL);
+    /* These have been deprecated since 0.1.1.5-alpha-cvs */
+    log_fn(LOG_WARN, "FascistFirewall and FirewallPorts are deprecated.  Instead, use \"ReachableAddresses %s\"", new_line->value);
+    new_line->next = options->ReachableAddresses;
+    options->ReachableAddresses = new_line;
+    SMARTLIST_FOREACH(instead, char *, cp, tor_free(cp));
+    smartlist_free(instead);
   }
 
-  if (validate_ports_csv(options->LongLivedPorts,
-                         "LongLivedPorts") < 0)
-    result = -1;
+  if (options->FascistFirewall || options->ReachableAddresses) {
+    /* We need to end with a reject *:*, not an implicit accept *:* */
+    config_line_t **linep = &options->ReachableAddresses;
+    while (*linep) {
+      linep = &((*linep)->next);
+    }
+    *linep = tor_malloc_zero(sizeof(config_line_t));
+    (*linep)->key = tor_strdup("ReachableAddresses");
+    (*linep)->value = tor_strdup("reject *:*");
+  }
 
   options->_AllowUnverified = 0;
   if (options->AllowUnverifiedNodes) {
@@ -1844,7 +1872,7 @@
       result = -1;
   }
 
-  if (config_parse_addr_policy(options->ExitPolicy, &addr_policy)) {
+  if (config_parse_addr_policy(options->ExitPolicy, &addr_policy, -1)) {
     log_fn(LOG_WARN, "Error in Exit Policy entry.");
     result = -1;
   }
@@ -1854,14 +1882,19 @@
   }
   /* The rest of these calls *append* to addr_policy. So don't actually
    * use the results for anything other than checking if they parse! */
-  if (config_parse_addr_policy(options->DirPolicy, &addr_policy)) {
+  if (config_parse_addr_policy(options->DirPolicy, &addr_policy, -1)) {
     log_fn(LOG_WARN, "Error in DirPolicy entry.");
     result = -1;
   }
-  if (config_parse_addr_policy(options->SocksPolicy, &addr_policy)) {
+  if (config_parse_addr_policy(options->SocksPolicy, &addr_policy, -1)) {
     log_fn(LOG_WARN, "Error in SocksPolicy entry.");
     result = -1;
   }
+  if (config_parse_addr_policy(options->ReachableAddresses, &addr_policy,
+                               ADDR_POLICY_ACCEPT)) {
+    log_fn(LOG_WARN, "Error in ReachableAddresses entry.");
+    result = -1;
+  }
   addr_policy_free(addr_policy);
 
   for (cl = options->RedirectExit; cl; cl = cl->next) {
@@ -2461,7 +2494,7 @@
   tmp.key = NULL;
   tmp.value = (char*)DEFAULT_EXIT_POLICY;
   tmp.next = NULL;
-  config_parse_addr_policy(&tmp, policy);
+  config_parse_addr_policy(&tmp, policy, -1);
 
   /* Remove redundant parts, if any. */
   for (ap=*policy; ap; ap=ap->next) {
@@ -2482,7 +2515,8 @@
  */
 int
 config_parse_addr_policy(config_line_t *cfg,
-                         addr_policy_t **dest)
+                         addr_policy_t **dest,
+                         int assume_action)
 {
   addr_policy_t **nextp;
   smartlist_t *entries;
@@ -2502,7 +2536,7 @@
     SMARTLIST_FOREACH(entries, const char *, ent,
     {
       log_fn(LOG_DEBUG,"Adding new entry '%s'",ent);
-      *nextp = router_parse_addr_policy_from_string(ent);
+      *nextp = router_parse_addr_policy_from_string(ent, assume_action);
       if (*nextp) {
         nextp = &((*nextp)->next);
       } else {
@@ -3140,9 +3174,9 @@
       size_t len;
       desc = config_find_description(&options_format, var->name);
       switch (var->type) {
-        case CONFIG_TYPE_STRING: type = "String"; break; 
+        case CONFIG_TYPE_STRING: type = "String"; break;
         case CONFIG_TYPE_UINT: type = "Integer"; break;
-        case CONFIG_TYPE_INTERVAL: type = "TimeInterval"; break; 
+        case CONFIG_TYPE_INTERVAL: type = "TimeInterval"; break;
         case CONFIG_TYPE_MEMUNIT: type = "DataSize"; break;
         case CONFIG_TYPE_DOUBLE: type = "Float"; break;
         case CONFIG_TYPE_BOOL: type = "Boolean"; break;

Index: connection_edge.c
===================================================================
RCS file: /home/or/cvsroot/tor/src/or/connection_edge.c,v
retrieving revision 1.338
retrieving revision 1.339
diff -u -d -r1.338 -r1.339
--- connection_edge.c	2 Jul 2005 00:18:09 -0000	1.338
+++ connection_edge.c	8 Aug 2005 21:58:48 -0000	1.339
@@ -1696,7 +1696,7 @@
     addr_policy_free(socks_policy);
     socks_policy = NULL;
   }
-  config_parse_addr_policy(get_options()->SocksPolicy, &socks_policy);
+  config_parse_addr_policy(get_options()->SocksPolicy, &socks_policy, -1);
   /* ports aren't used. */
   for (n=socks_policy; n; n = n->next) {
     n->prt_min = 1;

Index: directory.c
===================================================================
RCS file: /home/or/cvsroot/tor/src/or/directory.c,v
retrieving revision 1.241
retrieving revision 1.242
diff -u -d -r1.241 -r1.242
--- directory.c	8 Aug 2005 17:32:17 -0000	1.241
+++ directory.c	8 Aug 2005 21:58:48 -0000	1.242
@@ -69,7 +69,7 @@
     addr_policy_free(dir_policy);
     dir_policy = NULL;
   }
-  config_parse_addr_policy(get_options()->DirPolicy, &dir_policy);
+  config_parse_addr_policy(get_options()->DirPolicy, &dir_policy, -1);
   /* ports aren't used. */
   for (n=dir_policy; n; n = n->next) {
     n->prt_min = 1;
@@ -138,7 +138,7 @@
        * router descriptor, but not when uploading a service
        * descriptor -- those use Tor. */
       if (purpose == DIR_PURPOSE_UPLOAD_DIR && !get_options()->HttpProxy) {
-        if (!fascist_firewall_allows_address(get_options(),ds->addr,ds->dir_port))
+        if (!fascist_firewall_allows_address(ds->addr,ds->dir_port))
           continue;
       }
       directory_initiate_command_trusted_dir(ds, purpose, purpose_is_private(purpose),
@@ -159,7 +159,7 @@
 {
   routerinfo_t *r = NULL;
   trusted_dir_server_t *ds = NULL;
-  int fascistfirewall = get_options()->FascistFirewall;
+  int fascistfirewall = firewall_is_fascist();
   int directconn = purpose == DIR_PURPOSE_FETCH_DIR ||
                    purpose == DIR_PURPOSE_FETCH_RUNNING_LIST;
   int fetch_fresh_first = advertised_server_mode();

Index: or.h
===================================================================
RCS file: /home/or/cvsroot/tor/src/or/or.h,v
retrieving revision 1.637
retrieving revision 1.638
diff -u -d -r1.637 -r1.638
--- or.h	8 Aug 2005 21:52:57 -0000	1.637
+++ or.h	8 Aug 2005 21:58:48 -0000	1.638
@@ -1094,7 +1094,9 @@
   int RunAsDaemon; /**< If true, run in the background. (Unix only) */
   int FascistFirewall; /**< Whether to prefer ORs reachable on open ports. */
   smartlist_t *FirewallPorts; /**< Which ports our firewall allows (strings). */
-  smartlist_t *FirewallIPs; /**< Which IPs our firewall allows (strings). */
+  config_line_t *ReachableAddresses; /**< Which IP:ports our firewall allows
+                                      * (exit policy.) */
+
   /** Application ports that require all nodes in circ to have sufficient uptime. */
   smartlist_t *LongLivedPorts;
   /** Should we try to reuse the same exit node for a given host */
@@ -1175,6 +1177,8 @@
                        * of fixed nodes? */
   int NumHelperNodes; /**< How many helper nodes do we try to establish? */
   int RephistTrackTime; /**< How many seconds do we keep rephist info? */
+
+  addr_policy_t *reachable_addr_policy; /**< Parsed from ReachableAddresses */
 } or_options_t;
 
 /** Persistent state for an onion router, as saved to disk. */
@@ -1360,7 +1364,8 @@
 int options_init_from_torrc(int argc, char **argv);
 int options_init_logs(or_options_t *options, int validate_only);
 int config_parse_addr_policy(config_line_t *cfg,
-                             addr_policy_t **dest);
+                             addr_policy_t **dest,
+                             int assume_action);
 void options_append_default_exit_policy(addr_policy_t **policy);
 void addr_policy_free(addr_policy_t *p);
 int option_is_recognized(const char *key);
@@ -1376,8 +1381,8 @@
 
 int config_getinfo_helper(const char *question, char **answer);
 
-int fascist_firewall_allows_address(or_options_t *options, uint32_t addr,
-                                    uint16_t port);
+int firewall_is_fascist(void);
+int fascist_firewall_allows_address(uint32_t addr, uint16_t port);
 
 /********************************* connection.c ***************************/
 
@@ -2022,7 +2027,8 @@
                                                int write_to_cache);
 routerinfo_t *router_parse_entry_from_string(const char *s, const char *end);
 int router_add_exit_policy_from_string(routerinfo_t *router, const char *s);
-addr_policy_t *router_parse_addr_policy_from_string(const char *s);
+addr_policy_t *router_parse_addr_policy_from_string(const char *s,
+                                                    int assume_action);
 int check_software_version_against_directory(const char *directory);
 int tor_version_parse(const char *s, tor_version_t *out);
 int tor_version_as_new_as(const char *platform, const char *cutoff);

Index: relay.c
===================================================================
RCS file: /home/or/cvsroot/tor/src/or/relay.c,v
retrieving revision 1.74
retrieving revision 1.75
diff -u -d -r1.74 -r1.75
--- relay.c	29 Jun 2005 21:46:55 -0000	1.74
+++ relay.c	8 Aug 2005 21:58:48 -0000	1.75
@@ -656,7 +656,7 @@
           log_fn(LOG_NOTICE,"Exitrouter '%s' seems to be more restrictive than its exit policy. Not using this router as exit for now.", exitrouter->nickname);
           addr_policy_free(exitrouter->exit_policy);
           exitrouter->exit_policy =
-            router_parse_addr_policy_from_string("reject *:*");
+            router_parse_addr_policy_from_string("reject *:*", -1);
         }
         if (connection_ap_detach_retriable(conn, circ) >= 0)
           return 0;
@@ -683,7 +683,7 @@
         if (exitrouter) {
           addr_policy_free(exitrouter->exit_policy);
           exitrouter->exit_policy =
-            router_parse_addr_policy_from_string("reject *:*");
+            router_parse_addr_policy_from_string("reject *:*", -1);
         }
         if (connection_ap_detach_retriable(conn, circ) >= 0)
           return 0;

Index: router.c
===================================================================
RCS file: /home/or/cvsroot/tor/src/or/router.c,v
retrieving revision 1.185
retrieving revision 1.186
diff -u -d -r1.185 -r1.186
--- router.c	3 Aug 2005 20:42:17 -0000	1.185
+++ router.c	8 Aug 2005 21:58:48 -0000	1.186
@@ -749,7 +749,7 @@
   if (options->BandwidthRate > options->MaxAdvertisedBandwidth)
     ri->bandwidthrate = (int)options->MaxAdvertisedBandwidth;
 
-  config_parse_addr_policy(get_options()->ExitPolicy, &ri->exit_policy);
+  config_parse_addr_policy(get_options()->ExitPolicy, &ri->exit_policy, -1);
   options_append_default_exit_policy(&ri->exit_policy);
 
   if (desc_routerinfo) /* inherit values */

Index: routerlist.c
===================================================================
RCS file: /home/or/cvsroot/tor/src/or/routerlist.c,v
retrieving revision 1.246
retrieving revision 1.247
diff -u -d -r1.246 -r1.247
--- routerlist.c	7 Aug 2005 21:24:00 -0000	1.246
+++ routerlist.c	8 Aug 2005 21:58:48 -0000	1.247
@@ -123,7 +123,7 @@
     return choice;
 
   log_fn(LOG_INFO,"Still no %s router entries. Reloading and trying again.",
-         get_options()->FascistFirewall ? "reachable" : "known");
+         firewall_is_fascist() ? "reachable" : "known");
   has_fetched_directory=0; /* reset it */
   if (router_reload_router_list()) {
     return NULL;
@@ -187,8 +187,7 @@
     if (requireother && router_is_me(router))
       continue;
     if (fascistfirewall) {
-      if (!fascist_firewall_allows_address(get_options(),router->addr,
-                                           router->dir_port))
+      if (!fascist_firewall_allows_address(router->addr, router->dir_port))
         continue;
     }
     /* before 0.0.9rc5-cvs, only trusted dirservers served status info. */
@@ -231,7 +230,7 @@
           !memcmp(me->identity_digest, d->digest, DIGEST_LEN))
         continue;
       if (fascistfirewall) {
-        if (!fascist_firewall_allows_address(get_options(),d->addr,d->dir_port))
+        if (!fascist_firewall_allows_address(d->addr, d->dir_port))
           continue;
       }
       smartlist_add(sl, d);

Index: routerparse.c
===================================================================
RCS file: /home/or/cvsroot/tor/src/or/routerparse.c,v
retrieving revision 1.116
retrieving revision 1.117
diff -u -d -r1.116 -r1.117
--- routerparse.c	8 Aug 2005 21:52:57 -0000	1.116
+++ routerparse.c	8 Aug 2005 21:58:48 -0000	1.117
@@ -1028,10 +1028,12 @@
   return router;
 }
 
-/** Parse the exit policy in the string <b>s</b> and return it.
+/** Parse the exit policy in the string <b>s</b> and return it.  If
+ * assume_action is nonnegative, then insert its action (ADDR_POLICY_ACCEPT or
+ * ADDR_POLICY_REJECT) for items that specify no action.
  */
 addr_policy_t *
-router_parse_addr_policy_from_string(const char *s)
+router_parse_addr_policy_from_string(const char *s, int assume_action)
 {
   directory_token_t *tok = NULL;
   const char *cp;
@@ -1047,6 +1049,15 @@
   }
   tmp[len]='\n';
   tmp[len+1]='\0';
+  while (TOR_ISSPACE(*cp))
+    ++cp;
+  if ((*cp == '*' || TOR_ISDIGIT(*cp)) && assume_action >= 0) {
+    char *new_str = tor_malloc(len+10);
+    tor_snprintf(new_str, len+10, "%s %s\n",
+                 assume_action == ADDR_POLICY_ACCEPT?"accept":"reject", cp);
+    tor_free(tmp);
+    cp = tmp = new_str;
+  }
   tok = get_next_token(&cp, RTR_ONLY);
   if (tok->tp == _ERR) {
     log_fn(LOG_WARN, "Error reading exit policy: %s", tok->error);
@@ -1073,7 +1084,7 @@
 router_add_exit_policy_from_string(routerinfo_t *router, const char *s)
 {
   addr_policy_t *newe, *tmpe;
-  newe = router_parse_addr_policy_from_string(s);
+  newe = router_parse_addr_policy_from_string(s, -1);
   if (!newe)
     return -1;
   for (tmpe = router->exit_policy; tmpe; tmpe=tmpe->next)
@@ -1156,7 +1167,7 @@
     tor_assert(t->policy_type == ADDR_POLICY_REJECT ||
                t->policy_type == ADDR_POLICY_ACCEPT);
     tor_assert(t->prt_min <= t->prt_max);
-    t2 = router_parse_addr_policy_from_string(t->string);
+    t2 = router_parse_addr_policy_from_string(t->string, -1);
     tor_assert(t2);
     tor_assert(t2->policy_type == t->policy_type);
     tor_assert(t2->addr == t->addr);

Index: test.c
===================================================================
RCS file: /home/or/cvsroot/tor/src/or/test.c,v
retrieving revision 1.188
retrieving revision 1.189
diff -u -d -r1.188 -r1.189
--- test.c	23 Jul 2005 01:58:05 -0000	1.188
+++ test.c	8 Aug 2005 21:58:48 -0000	1.189
@@ -1385,7 +1385,7 @@
 {
   addr_policy_t *policy;
 
-  policy = router_parse_addr_policy_from_string("reject 192.168.0.0/16:*");
+  policy = router_parse_addr_policy_from_string("reject 192.168.0.0/16:*",-1);
   test_eq(NULL, policy->next);
   test_eq(ADDR_POLICY_REJECT, policy->policy_type);
   test_eq(0xc0a80000u, policy->addr);