[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

[or-cvs] r17803: {tor} Switch address comparisons in policies to be exact rather th (tor/trunk/src/or)

To: or-cvs@xxxxxxxxxxxxx
Subject: [or-cvs] r17803: {tor} Switch address comparisons in policies to be exact rather th (tor/trunk/src/or)
From: nickm@xxxxxxxx
Date: Sun, 28 Dec 2008 20:47:33 -0500 (EST)
Delivered-to: archiver@xxxxxxxx
Delivered-to: or-cvs-outgoing@xxxxxxxx
Delivered-to: or-cvs@xxxxxxxx
Delivery-date: Sun, 28 Dec 2008 20:47:36 -0500
Reply-to: or-dev@xxxxxxxxxxxxx
Sender: owner-or-cvs@xxxxxxxxxxxxx

Author: nickm
Date: 2008-12-28 20:47:33 -0500 (Sun, 28 Dec 2008)
New Revision: 17803

Modified:
   tor/trunk/src/or/policies.c
Log:
Switch address comparisons in policies to be exact rather than semantic.  Until we do ipv6 exit policies and until we know whether we even allow ::ffff:0:0/96 addresses, there is no point in doing "semantic" comparisons.  This was also showing up on oprofile.

Modified: tor/trunk/src/or/policies.c
===================================================================
--- tor/trunk/src/or/policies.c	2008-12-29 01:47:28 UTC (rev 17802)
+++ tor/trunk/src/or/policies.c	2008-12-29 01:47:33 UTC (rev 17803)
@@ -579,7 +579,7 @@
   SMARTLIST_FOREACH_BEGIN(policy, addr_policy_t *, tmpe) {
     /* Address is known */
     if (!tor_addr_compare_masked(addr, &tmpe->addr, tmpe->maskbits,
-                                 CMP_SEMANTIC)) {
+                                 CMP_EXACT)) {
       if (port >= tmpe->prt_min && port <= tmpe->prt_max) {
         /* Exact match for the policy */
         return tmpe->policy_type == ADDR_POLICY_ACCEPT ?
@@ -605,7 +605,7 @@
 
   SMARTLIST_FOREACH_BEGIN(policy, addr_policy_t *, tmpe) {
     if (!tor_addr_compare_masked(addr, &tmpe->addr, tmpe->maskbits,
-                                 CMP_SEMANTIC)) {
+                                 CMP_EXACT)) {
       if (tmpe->prt_min <= 1 && tmpe->prt_max >= 65535) {
         /* Definitely matches, since it covers all ports. */
         if (tmpe->policy_type == ADDR_POLICY_ACCEPT) {
@@ -708,7 +708,7 @@
     /* a has more fixed bits than b; it can't possibly cover b. */
     return 0;
   }
-  if (tor_addr_compare_masked(&a->addr, &b->addr, a->maskbits, CMP_SEMANTIC)) {
+  if (tor_addr_compare_masked(&a->addr, &b->addr, a->maskbits, CMP_EXACT)) {
     /* There's a fixed bit in a that's set differently in b. */
     return 0;
   }
@@ -731,7 +731,7 @@
     minbits = a->maskbits;
   else
     minbits = b->maskbits;
-  if (tor_addr_compare_masked(&a->addr, &b->addr, minbits, CMP_SEMANTIC))
+  if (tor_addr_compare_masked(&a->addr, &b->addr, minbits, CMP_EXACT))
     return 0;
   if (a->prt_max < b->prt_min || b->prt_max < a->prt_min)
     return 0;

Prev by Author: [or-cvs] r17802: {tor} Refactor some exit-policy-related functions that showed up i (in tor/trunk: . src/or)
Next by Author: [or-cvs] r17804: {tor} Use RSA_generate_key_ex where available. (in tor/trunk: . src/common)
Previous by thread: [or-cvs] r17802: {tor} Refactor some exit-policy-related functions that showed up i (in tor/trunk: . src/or)
Next by thread: [or-cvs] r17804: {tor} Use RSA_generate_key_ex where available. (in tor/trunk: . src/common)
Index(es):
- Author
- Thread