[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
[tor-commits] [tor/master] Clean up and fix exit policy check in connection_exit_connect().
commit 785176e97545b2e7fc65bb80cf7aa13c9adc3fc4
Author: Nick Mathewson <nickm@xxxxxxxxxxxxxx>
Date: Wed Oct 5 12:38:03 2016 -0400
Clean up and fix exit policy check in connection_exit_connect().
Previously, we would reject even rendezvous connections to IPv6
addresses when IPv6Exit was false. But that doesn't make sense; we
don't count that as "exit"ing. I've corrected the logic and tried
to make it a lottle more clear.
Fixes bug 18357; this code has been wrong since 9016d9e8294a352 in
0.2.4.7-alpha.
---
changes/bug18357 | 5 +++++
src/or/connection_edge.c | 24 ++++++++++++++++--------
2 files changed, 21 insertions(+), 8 deletions(-)
diff --git a/changes/bug18357 b/changes/bug18357
new file mode 100644
index 0000000..5f19d14
--- /dev/null
+++ b/changes/bug18357
@@ -0,0 +1,5 @@
+ o Minor bugfixes (hidden service):
+ - Allow hidden services to run on IPv6 addresses even when the
+ IPv6Exit option is not set. Fixes bug 18357; bugfix on
+ 0.2.4.7-alpha.
+
diff --git a/src/or/connection_edge.c b/src/or/connection_edge.c
index 08e4fa5..a1a0863 100644
--- a/src/or/connection_edge.c
+++ b/src/or/connection_edge.c
@@ -3232,14 +3232,22 @@ connection_exit_connect(edge_connection_t *edge_conn)
uint16_t port;
connection_t *conn = TO_CONN(edge_conn);
int socket_error = 0, result;
-
- if ( (!connection_edge_is_rendezvous_stream(edge_conn) &&
- router_compare_to_my_exit_policy(&edge_conn->base_.addr,
- edge_conn->base_.port)) ||
- (tor_addr_family(&conn->addr) == AF_INET6 &&
- ! get_options()->IPv6Exit)) {
- log_info(LD_EXIT,"%s:%d failed exit policy. Closing.",
- escaped_safe_str_client(conn->address), conn->port);
+ const char *why_failed_exit_policy = NULL;
+
+ if (! connection_edge_is_rendezvous_stream(edge_conn)) {
+ /* only apply exit policy to non-rendezvous connections. */
+ if (router_compare_to_my_exit_policy(&edge_conn->base_.addr,
+ edge_conn->base_.port)) {
+ why_failed_exit_policy = "";
+ } else if (tor_addr_family(&conn->addr) == AF_INET6 &&
+ ! get_options()->IPv6Exit) {
+ why_failed_exit_policy = " (IPv6 address without IPv6Exit configured)";
+ }
+ }
+ if (why_failed_exit_policy) {
+ log_info(LD_EXIT,"%s:%d failed exit policy%s. Closing.",
+ escaped_safe_str_client(conn->address), conn->port,
+ why_failed_exit_policy);
connection_edge_end(edge_conn, END_STREAM_REASON_EXITPOLICY);
circuit_detach_stream(circuit_get_by_edge_conn(edge_conn), edge_conn);
connection_free(conn);
_______________________________________________
tor-commits mailing list
tor-commits@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits