[tor-commits] [tor/master] Add {No, }IPv{4, 6}Traffic options to SOCKSPort
nickm at torproject.org
nickm at torproject.org
Thu Nov 15 19:47:52 UTC 2012
commit 4bec25c3cd8869fb4b0cb6f1139bc2672b5b14a7
Author: Nick Mathewson <nickm at torproject.org>
Date: Wed Oct 31 11:08:38 2012 -0400
Add {No,}IPv{4,6}Traffic options to SOCKSPort
These options are for telling the SOCKSPort that it should allow or
not allow connections to IPv4/IPv6 addresses.
These aren't implemented yet; this is just the code to read the
options and get them into the entrey_connection_t.
---
src/or/config.c | 25 +++++++++++++++++++++++--
src/or/connection.c | 9 +++++++++
src/or/or.h | 18 ++++++++++++++++++
3 files changed, 50 insertions(+), 2 deletions(-)
diff --git a/src/or/config.c b/src/or/config.c
index 76038d5..1af6817 100644
--- a/src/or/config.c
+++ b/src/or/config.c
@@ -4441,6 +4441,7 @@ warn_nonlocal_controller_ports(smartlist_t *ports, unsigned forbid)
#define CL_PORT_ALLOW_EXTRA_LISTENADDR (1u<<2)
#define CL_PORT_SERVER_OPTIONS (1u<<3)
#define CL_PORT_FORBID_NONLOCAL (1u<<4)
+#define CL_PORT_TAKES_HOSTNAMES (1u<<5)
/**
* Parse port configuration for a single port type.
@@ -4473,6 +4474,9 @@ warn_nonlocal_controller_ports(smartlist_t *ports, unsigned forbid)
* isolation options in the FooPort entries; instead allow the
* server-port option set.
*
+ * If CL_PORT_TAKES_HOSTNAMES is set in <b>flags</b>, allow the options
+ * {No,}IPv{4,6}Traffic.
+ *
* On success, if <b>out</b> is given, add a new port_cfg_t entry to
* <b>out</b> for every port that the client should listen on. Return 0
* on success, -1 on failure.
@@ -4496,6 +4500,7 @@ parse_port_config(smartlist_t *out,
const unsigned forbid_nonlocal = flags & CL_PORT_FORBID_NONLOCAL;
const unsigned allow_spurious_listenaddr =
flags & CL_PORT_ALLOW_EXTRA_LISTENADDR;
+ const unsigned takes_hostnames = flags & CL_PORT_TAKES_HOSTNAMES;
int got_zero_port=0, got_nonzero_port=0;
/* FooListenAddress is deprecated; let's make it work like it used to work,
@@ -4599,7 +4604,8 @@ parse_port_config(smartlist_t *out,
uint16_t ptmp=0;
int ok;
int no_listen = 0, no_advertise = 0, all_addrs = 0,
- ipv4_only = 0, ipv6_only = 0;
+ ipv4_only = 0, ipv6_only = 0,
+ ipv4_traffic = 1, ipv6_traffic = 0;
smartlist_split_string(elts, ports->value, NULL,
SPLIT_SKIP_SPACE|SPLIT_IGNORE_BLANK, 0);
@@ -4723,9 +4729,21 @@ parse_port_config(smartlist_t *out,
no = 1;
elt += 2;
}
+
+ if (takes_hostnames) {
+ if (!strcasecmp(elt, "IPv4Traffic")) {
+ ipv4_traffic = ! no;
+ continue;
+ } else if (!strcasecmp(elt, "IPv6Traffic")) {
+ ipv6_traffic = ! no;
+ continue;
+ }
+ }
+
if (!strcasecmpend(elt, "s"))
elt[strlen(elt)-1] = '\0'; /* kill plurals. */
+
if (!strcasecmp(elt, "IsolateDestPort")) {
isoflag = ISO_DESTPORT;
} else if (!strcasecmp(elt, "IsolateDestAddr")) {
@@ -4766,6 +4784,8 @@ parse_port_config(smartlist_t *out,
cfg->all_addrs = all_addrs;
cfg->ipv4_only = ipv4_only;
cfg->ipv6_only = ipv6_only;
+ cfg->ipv4_traffic = ipv4_traffic;
+ cfg->ipv6_traffic = ipv6_traffic;
smartlist_add(out, cfg);
}
@@ -4858,7 +4878,8 @@ parse_ports(or_options_t *options, int validate_only,
options->SocksPort_lines, options->SocksListenAddress,
"Socks", CONN_TYPE_AP_LISTENER,
"127.0.0.1", 9050,
- CL_PORT_WARN_NONLOCAL|CL_PORT_ALLOW_EXTRA_LISTENADDR) < 0) {
+ CL_PORT_WARN_NONLOCAL|CL_PORT_ALLOW_EXTRA_LISTENADDR|
+ CL_PORT_TAKES_HOSTNAMES) < 0) {
*msg = tor_strdup("Invalid SocksPort/SocksListenAddress configuration");
goto err;
}
diff --git a/src/or/connection.c b/src/or/connection.c
index bb175d0..89ac8f5 100644
--- a/src/or/connection.c
+++ b/src/or/connection.c
@@ -1115,6 +1115,13 @@ connection_listener_new(const struct sockaddr *listensockaddr,
lis_conn->session_group = global_next_session_group--;
}
}
+ if (type == CONN_TYPE_AP) {
+ lis_conn->socks_ipv4_traffic = port_cfg->ipv4_traffic;
+ lis_conn->socks_ipv6_traffic = port_cfg->ipv6_traffic;
+ } else {
+ lis_conn->socks_ipv4_traffic = 1;
+ lis_conn->socks_ipv6_traffic = 1;
+ }
if (connection_add(conn) < 0) { /* no space, forget it */
log_warn(LD_NET,"connection_add for listener failed. Giving up.");
@@ -1348,6 +1355,8 @@ connection_init_accepted_conn(connection_t *conn,
TO_ENTRY_CONN(conn)->session_group = listener->session_group;
TO_ENTRY_CONN(conn)->nym_epoch = get_signewnym_epoch();
TO_ENTRY_CONN(conn)->socks_request->listener_type = listener->base_.type;
+ TO_ENTRY_CONN(conn)->ipv4_traffic_ok = listener->socks_ipv4_traffic;
+ TO_ENTRY_CONN(conn)->ipv6_traffic_ok = listener->socks_ipv6_traffic;
switch (TO_CONN(listener)->type) {
case CONN_TYPE_AP_LISTENER:
conn->state = AP_CONN_STATE_SOCKS_WAIT;
diff --git a/src/or/or.h b/src/or/or.h
index 9d22e11..8a77c94 100644
--- a/src/or/or.h
+++ b/src/or/or.h
@@ -1225,6 +1225,15 @@ typedef struct listener_connection_t {
uint8_t isolation_flags;
/**@}*/
+ /** For a SOCKS listener, these fields describe whether we should
+ * allow IPv4 and IPv6 addresses from our exit nodes, respectively.
+ *
+ * @{
+ */
+ unsigned int socks_ipv4_traffic : 1;
+ unsigned int socks_ipv6_traffic : 1;
+ /** @} */
+
} listener_connection_t;
/** Minimum length of the random part of an AUTH_CHALLENGE cell. */
@@ -1522,6 +1531,13 @@ typedef struct entry_connection_t {
*/
unsigned int may_use_optimistic_data : 1;
+ /** Should we permit IPv4 and IPv6 traffic to use this connection?
+ *
+ * @{ */
+ unsigned int ipv4_traffic_ok : 1;
+ unsigned int ipv6_traffic_ok : 1;
+ /** @} */
+
} entry_connection_t;
/** Subtype of connection_t for an "directory connection" -- that is, an HTTP
@@ -3044,6 +3060,8 @@ typedef struct port_cfg_t {
unsigned int all_addrs : 1;
unsigned int ipv4_only : 1;
unsigned int ipv6_only : 1;
+ unsigned int ipv4_traffic : 1;
+ unsigned int ipv6_traffic : 1;
/* Unix sockets only: */
/** Path for an AF_UNIX address */
More information about the tor-commits
mailing list