@@ -437,15 +437,12 @@ int
fascist_firewall_use_ipv6 (const or_options_t *options)
{
/* Clients use IPv6 if it's set, or they use bridges, or they don't use
* IPv4, or they prefer it.
* ClientPreferIPv6DirPort is deprecated, but check it anyway. */
* IPv4, or they prefer it. */
return (options->ClientUseIPv6 == 1 || options->ClientUseIPv4 == 0 ||
options->ClientPreferIPv6ORPort == 1 ||
options->ClientPreferIPv6DirPort == 1 || options->UseBridges == 1 );
options->ClientPreferIPv6ORPort == 1 || options->UseBridges == 1 );
}
/* * Do we prefer to connect to IPv6, ignoring ClientPreferIPv6ORPort and
* ClientPreferIPv6DirPort?
/* * Do we prefer to connect to IPv6?
* If we're unsure, return -1, otherwise, return 1 for IPv6 and 0 for IPv4.
*/
static int
@@ -489,28 +486,6 @@ fascist_firewall_prefer_ipv6_orport(const or_options_t *options)
return 0 ;
}
/* * Do we prefer to connect to IPv6 DirPorts?
*
* (node_ipv6_dir_preferred() doesn't support bridge client per-node IPv6
* preferences. There's no reason to use it instead of this function.)
*/
int
fascist_firewall_prefer_ipv6_dirport (const or_options_t *options)
{
int pref_ipv6 = fascist_firewall_prefer_ipv6_impl (options);
if (pref_ipv6 >= 0 ) {
return pref_ipv6;
}
/* We can use both IPv4 and IPv6 - which do we prefer? */
if (options->ClientPreferIPv6DirPort == 1 ) {
return 1 ;
}
return 0 ;
}
/* * Return true iff we think our firewall will let us make a connection to
* addr:port. Uses ReachableORAddresses or ReachableDirAddresses based on
* fw_connection.
@@ -575,15 +550,14 @@ fascist_firewall_allows_address_ipv4h(uint32_t ipv4h_or_addr,
/* * Return true iff we think our firewall will let us make a connection to
* ipv4h_addr/ipv6_addr. Uses ipv4_orport/ipv6_orport/ReachableORAddresses or
* ipv4_dirport/ipv6_dirport/ ReachableDirAddresses based on IPv4/IPv6 and
* ipv4_dirport/ReachableDirAddresses based on IPv4/IPv6 and
* <b>fw_connection</b>.
* pref_only and pref_ipv6 work as in fascist_firewall_allows_address_addr().
*/
static int
fascist_firewall_allows_base (uint32_t ipv4h_addr, uint16_t ipv4_orport,
uint16_t ipv4_dirport,
const tor_addr_t *ipv6_addr, uint16_t ipv6_orport,
uint16_t ipv6_dirport,
firewall_connection_t fw_connection,
int pref_only, int pref_ipv6)
{
@@ -596,10 +570,8 @@ fascist_firewall_allows_base(uint32_t ipv4h_addr, uint16_t ipv4_orport,
return 1 ;
}
if (fascist_firewall_allows_address_addr (ipv6_addr,
(fw_connection == FIREWALL_OR_CONNECTION
? ipv6_orport
: ipv6_dirport),
if (fw_connection == FIREWALL_OR_CONNECTION &&
fascist_firewall_allows_address_addr (ipv6_addr, ipv6_orport,
fw_connection,
pref_only, pref_ipv6)) {
return 1 ;
@@ -618,10 +590,10 @@ fascist_firewall_allows_ri_impl(const routerinfo_t *ri,
return 0 ;
}
/* Assume IPv4 and IPv6 DirPorts are the same */
return fascist_firewall_allows_base (ri->addr , ri->or_port , ri->dir_port ,
&ri->ipv6_addr , ri->ipv6_orport ,
ri-> dir_port , fw_connection, pref_only,
fw_connection, pref_only,
pref_ipv6);
}
@@ -635,10 +607,10 @@ fascist_firewall_allows_rs_impl(const routerstatus_t *rs,
return 0 ;
}
/* Assume IPv4 and IPv6 DirPorts are the same */
return fascist_firewall_allows_base (rs->addr , rs->or_port , rs->dir_port ,
&rs->ipv6_addr , rs->ipv6_orport ,
rs-> dir_port , fw_connection, pref_only,
fw_connection, pref_only,
pref_ipv6);
}
@@ -660,8 +632,7 @@ fascist_firewall_allows_rs(const routerstatus_t *rs,
* generic IPv6 preference instead. */
const or_options_t *options = get_options ();
int pref_ipv6 = (fw_connection == FIREWALL_OR_CONNECTION
? fascist_firewall_prefer_ipv6_orport (options)
: fascist_firewall_prefer_ipv6_dirport (options));
&& fascist_firewall_prefer_ipv6_orport (options));
return fascist_firewall_allows_rs_impl (rs, fw_connection, pref_only,
pref_ipv6);
@@ -693,7 +664,7 @@ fascist_firewall_allows_md_impl(const microdesc_t *md,
}
/* * Like fascist_firewall_allows_base(), but takes node, and looks up pref_ipv6
* from node_ipv6_or/dir_preferred (). */
* from node_ipv6_or_preferred (). */
int
fascist_firewall_allows_node (const node_t *node,
firewall_connection_t fw_connection,
@@ -706,8 +677,7 @@ fascist_firewall_allows_node(const node_t *node,
node_assert_ok (node);
const int pref_ipv6 = (fw_connection == FIREWALL_OR_CONNECTION
? node_ipv6_or_preferred (node)
: node_ipv6_dir_preferred (node));
&& node_ipv6_or_preferred (node));
/* Sometimes, the rs is missing the IPv6 address info, and we need to go
* all the way to the md */
@@ -820,7 +790,7 @@ fascist_firewall_choose_address(const tor_addr_port_t *a,
/* * Copy an address and port into <b>ap</b> that we think our firewall will
* let us connect to. Uses ipv4_addr/ipv6_addr and
* ipv4_orport/ipv6_orport/ReachableORAddresses or
* ipv4_dirport/ipv6_dirport/ ReachableDirAddresses based on IPv4/IPv6 and
* ipv4_dirport/ReachableDirAddresses based on IPv4/IPv6 and
* <b>fw_connection</b>.
* If pref_only, only choose preferred addresses. In either case, choose
* a preferred address before an address that's not preferred.
@@ -833,7 +803,6 @@ fascist_firewall_choose_address_base(const tor_addr_t *ipv4_addr,
uint16_t ipv4_dirport,
const tor_addr_t *ipv6_addr,
uint16_t ipv6_orport,
uint16_t ipv6_dirport,
firewall_connection_t fw_connection,
int pref_only,
int pref_ipv6,
@@ -852,11 +821,13 @@ fascist_firewall_choose_address_base(const tor_addr_t *ipv4_addr,
: ipv4_dirport);
tor_addr_port_t ipv6_ap;
tor_addr_copy (&ipv6_ap.addr , ipv6_addr);
ipv6_ap.port = (fw_connection == FIREWALL_OR_CONNECTION
? ipv6_orport
: ipv6_dirport);
if (fw_connection == FIREWALL_OR_CONNECTION){
tor_addr_copy (&ipv6_ap.addr , ipv6_addr);
ipv6_ap.port = ipv6_orport;
}else {
tor_addr_make_null (&ipv6_ap.addr ,AF_INET6);
ipv6_ap.port = 0 ;
}
result = fascist_firewall_choose_address (&ipv4_ap, &ipv6_ap,
want_ipv4,
fw_connection, pref_only,
@@ -881,7 +852,6 @@ fascist_firewall_choose_address_ipv4h(uint32_t ipv4h_addr,
uint16_t ipv4_dirport,
const tor_addr_t *ipv6_addr,
uint16_t ipv6_orport,
uint16_t ipv6_dirport,
firewall_connection_t fw_connection,
int pref_only,
int pref_ipv6,
@@ -891,7 +861,7 @@ fascist_firewall_choose_address_ipv4h(uint32_t ipv4h_addr,
tor_addr_from_ipv4h (&ipv4_addr, ipv4h_addr);
return fascist_firewall_choose_address_base (&ipv4_addr, ipv4_orport,
ipv4_dirport, ipv6_addr,
ipv6_orport, ipv6_dirport,
ipv6_orport,
fw_connection, pref_only,
pref_ipv6, ap);
}
@@ -917,11 +887,6 @@ node_awaiting_ipv6(const or_options_t* options, const node_t *node)
return 0 ;
}
/* If the node has an IPv6 address, we're not waiting */
if (node_has_ipv6_addr (node)) {
return 0 ;
}
/* If the current consensus method and flavour has IPv6 addresses, we're not
* waiting */
if (networkstatus_consensus_has_ipv6 (options)) {
@@ -965,17 +930,13 @@ fascist_firewall_choose_address_rs(const routerstatus_t *rs,
/* There's no node-specific IPv6 preference, so use the generic IPv6
* preference instead. */
int pref_ipv6 = (fw_connection == FIREWALL_OR_CONNECTION
? fascist_firewall_prefer_ipv6_orport (options)
: fascist_firewall_prefer_ipv6_dirport (options));
&& fascist_firewall_prefer_ipv6_orport (options));
/* Assume IPv4 and IPv6 DirPorts are the same.
* Assume the IPv6 OR and Dir addresses are the same. */
return fascist_firewall_choose_address_ipv4h (rs->addr ,
rs->or_port ,
rs->dir_port ,
&rs->ipv6_addr ,
rs->ipv6_orport ,
rs->dir_port ,
fw_connection,
pref_only,
pref_ipv6,
@@ -1010,8 +971,7 @@ fascist_firewall_choose_address_node(const node_t *node,
}
const int pref_ipv6_node = (fw_connection == FIREWALL_OR_CONNECTION
? node_ipv6_or_preferred (node)
: node_ipv6_dir_preferred (node));
&& node_ipv6_or_preferred (node));
tor_addr_port_t ipv4_or_ap;
node_get_prim_orport (node, &ipv4_or_ap);
@@ -1020,42 +980,20 @@ fascist_firewall_choose_address_node(const node_t *node,
tor_addr_port_t ipv6_or_ap;
node_get_pref_ipv6_orport (node, &ipv6_or_ap);
tor_addr_port_t ipv6_dir_ap;
node_get_pref_ipv6_dirport (node, &ipv6_dir_ap);
/* Assume the IPv6 OR and Dir addresses are the same. */
return fascist_firewall_choose_address_base (&ipv4_or_ap.addr ,
ipv4_or_ap.port ,
ipv4_dir_ap.port ,
&ipv6_or_ap.addr ,
ipv6_or_ap.port ,
ipv6_dir_ap.port ,
fw_connection,
pref_only,
pref_ipv6_node,
ap);
}
/* * Like fascist_firewall_choose_address_rs(), but takes <b>ds</b>. */
int
fascist_firewall_choose_address_dir_server (const dir_server_t *ds,
firewall_connection_t fw_connection,
int pref_only,
tor_addr_port_t *ap)
{
if (!ds) {
return 0 ;
}
/* A dir_server_t always has a fake_status. As long as it has the same
* addresses/ports in both fake_status and dir_server_t, this works fine.
* (See #17867.)
* This function relies on fascist_firewall_choose_address_rs looking up the
* node if it can, because that will get the latest info for the relay. */
return fascist_firewall_choose_address_rs (&ds->fake_status , fw_connection,
pref_only, ap);
}
/* * Return 1 if <b>addr</b> is permitted to connect to our dir port,
* based on <b>dir_policy</b>. Else return 0.
*/