commit 785176e97545b2e7fc65bb80cf7aa13c9adc3fc4 Author: Nick Mathewson <nickm@torproject.org> Date: Wed Oct 5 12:38:03 2016 -0400 Clean up and fix exit policy check in connection_exit_connect(). Previously, we would reject even rendezvous connections to IPv6 addresses when IPv6Exit was false. But that doesn't make sense; we don't count that as "exit"ing. I've corrected the logic and tried to make it a lottle more clear. Fixes bug 18357; this code has been wrong since 9016d9e8294a352 in 0.2.4.7-alpha. --- changes/bug18357 | 5 +++++ src/or/connection_edge.c | 24 ++++++++++++++++-------- 2 files changed, 21 insertions(+), 8 deletions(-) diff --git a/changes/bug18357 b/changes/bug18357 new file mode 100644 index 0000000..5f19d14 --- /dev/null +++ b/changes/bug18357 @@ -0,0 +1,5 @@ + o Minor bugfixes (hidden service): + - Allow hidden services to run on IPv6 addresses even when the + IPv6Exit option is not set. Fixes bug 18357; bugfix on + 0.2.4.7-alpha. + diff --git a/src/or/connection_edge.c b/src/or/connection_edge.c index 08e4fa5..a1a0863 100644 --- a/src/or/connection_edge.c +++ b/src/or/connection_edge.c @@ -3232,14 +3232,22 @@ connection_exit_connect(edge_connection_t *edge_conn) uint16_t port; connection_t *conn = TO_CONN(edge_conn); int socket_error = 0, result; - - if ( (!connection_edge_is_rendezvous_stream(edge_conn) && - router_compare_to_my_exit_policy(&edge_conn->base_.addr, - edge_conn->base_.port)) || - (tor_addr_family(&conn->addr) == AF_INET6 && - ! get_options()->IPv6Exit)) { - log_info(LD_EXIT,"%s:%d failed exit policy. Closing.", - escaped_safe_str_client(conn->address), conn->port); + const char *why_failed_exit_policy = NULL; + + if (! connection_edge_is_rendezvous_stream(edge_conn)) { + /* only apply exit policy to non-rendezvous connections. */ + if (router_compare_to_my_exit_policy(&edge_conn->base_.addr, + edge_conn->base_.port)) { + why_failed_exit_policy = ""; + } else if (tor_addr_family(&conn->addr) == AF_INET6 && + ! get_options()->IPv6Exit) { + why_failed_exit_policy = " (IPv6 address without IPv6Exit configured)"; + } + } + if (why_failed_exit_policy) { + log_info(LD_EXIT,"%s:%d failed exit policy%s. Closing.", + escaped_safe_str_client(conn->address), conn->port, + why_failed_exit_policy); connection_edge_end(edge_conn, END_STREAM_REASON_EXITPOLICY); circuit_detach_stream(circuit_get_by_edge_conn(edge_conn), edge_conn); connection_free(conn);