[Tor Trac #23588]: Write fascist_firewall_choose_address_ls() and use it in hs_get_extend_info_from_lspecs() #252
Conversation
|
Please make the unit tests pass: |
neelchauhan
force-pushed
the
b23588
branch
3 times, most recently
from
25061c5
to
0b50239
Thanks for this pull request!
Relays won't extend via IPv6, so we need to choose an IPv4 address if direct_connect is false. See my comments for details.
There are also a few minor fixes to code and comments, see my comments for details.
src/core/or/policies.c
Outdated
| */ | ||
| void | ||
| fascist_firewall_choose_address_ls(const smartlist_t *lspecs, | ||
| firewall_connection_t fw_connection, |
Link specifiers are only used for ORPorts, so fw_connection is always FIREWALL_OR_CONNECTION.
src/core/or/policies.c
Outdated
| ap->port = 0; | ||
|
|
||
| /* Here, don't check for IPv6 DirPorts when checking whether we prefer IPv6 | ||
| * as they're not used. */ |
Link specifiers are only used for ORPorts, so this function should not check for any DirPorts.
src/core/or/policies.c
Outdated
| /* Assume that the DirPorts are zero as link specifiers only use ORPorts. */ | ||
| fascist_firewall_choose_address_base(&addr_v4, port_v4, 0, | ||
| &addr_v6, port_v6, 0, | ||
| fw_connection, |
Link specifiers are only used for ORPorts, so fw_connection is always FIREWALL_OR_CONNECTION.
src/core/or/policies.c
Outdated
| @@ -990,6 +991,60 @@ fascist_firewall_choose_address_rs(const routerstatus_t *rs, | |||
| } | |||
| } | |||
|
|
|||
| /** Like fascist_firewall_choose_address_base(), but takes in a smartlist | |||
| * <b>lspecs</b> consisting of a link specifier. | |||
There can be more than one link specifier in the list, so say: "one or more link specifiers".
src/feature/hs/hs_common.c
Outdated
| @@ -1723,45 +1714,45 @@ hs_get_extend_info_from_lspecs(const smartlist_t *lspecs, | |||
| } | |||
| } SMARTLIST_FOREACH_END(ls); | |||
|
|
|||
| fascist_firewall_choose_address_ls(lspecs, FIREWALL_OR_CONNECTION, 0, &ap); | |||
|
|
|||
| /* Legacy ID is mandatory, and we require IPv4. */ | |||
fascist_firewall_choose_address_ls() can return an IPv6 address, so we require an IP address.
(We only require IPv4 for connections that are not direct.)
src/feature/hs/hs_common.c
Outdated
| if (!direct_conn) { | ||
| /* All clients can extend to any IPv4 via a 3-hop path. */ | ||
| /* All clients can extend to any IP via a 3-hop path. */ |
Relays won't extend via IPv6, we can only connect via IPv6 when we are connecting directly.
src/feature/hs/hs_common.c
Outdated
| goto validate; | ||
| } else if (direct_conn && | ||
| fascist_firewall_allows_address_addr(&addr_v4, port_v4, | ||
| fascist_firewall_allows_address_addr(&ap.addr, ap.port, |
This check is redundant, because fascist_firewall_choose_address_ls() has already chosen an allowed address.
src/feature/hs/hs_common.c
Outdated
| @@ -1723,45 +1714,45 @@ hs_get_extend_info_from_lspecs(const smartlist_t *lspecs, | |||
| } | |||
| } SMARTLIST_FOREACH_END(ls); | |||
|
|
|||
| fascist_firewall_choose_address_ls(lspecs, FIREWALL_OR_CONNECTION, 0, &ap); | |||
If direct_conn is not true, we need to choose an IPv4 address, because relays only extend to IPv4 addresses.
See the similar code in:
tor/src/core/or/circuitbuild.c
Lines 2874 to 2880 in 8b0920b
(node_get_prim_orport() always returns the IPv4 address.)
|
New PR is here. |
|
I forced-pushed b23588a from #256 to this branch b23588, so I could see these comments on b23588a. |
|
I wrote comments on #256. |
For the bug here.
The text was updated successfully, but these errors were encountered: