fixup! Validate address more carefully when checking self-reachability

Refactor and improve documentation in circuitbuild_relay.c

src/feature/relay/circuitbuild_relay.c

@@ -588,15 +588,21 @@ onionskin_answer(struct or_circuit_t *circ,
   if ((!channel_is_local(circ->p_chan)
        || get_options()->ExtendAllowPrivateAddresses)
       && !channel_is_outgoing(circ->p_chan)) {
-    /* Okay, it's a create cells from a non-local conn
-     * that we didn't initiate; presumably this means that create cells
+    /* Okay, it's a create cell from a non-local connection
+     * that we didn't initiate. Presumably this means that create cells
      * can reach us too. But what address can they reach us on? */
     const tor_addr_t *my_supposed_addr = &circ->p_chan->addr_according_to_peer;
-    tor_addr_t remote_addr;
-    if (channel_get_addr_if_possible(circ->p_chan, &remote_addr) &&
-        router_addr_is_my_published_addr(my_supposed_addr)) {
-      int family = tor_addr_family(&remote_addr);
-      if (family == tor_addr_family(my_supposed_addr)) {
+    if (router_addr_is_my_published_addr(my_supposed_addr)) {
+      /* Great, this create cell came on connection where the peer says
+       * that the our address is an address we're actually advertising!
+       * That should mean that we're reachable.  But before we finally
+       * declare ourselves reachable, make sure that the address listed
+       * by the peer is the same family as the peer is actually using.
+       */
+      tor_addr_t remote_addr;
+      int family = tor_addr_family(my_supposed_addr);
+      if (channel_get_addr_if_possible(circ->p_chan, &remote_addr) &&
+          tor_addr_family(&remote_addr) == family) {
         router_orport_found_reachable(family);
       }
     }