[tor-commits] [tor/master] Extract ExitPolicy-and-IPv6Exit check into a new function

Fri Oct 14 13:10:40 UTC 2016

commit 87865c8aca0cc8c7ad4d4696a75e96b91fdf8734
Author: Nick Mathewson <nickm at torproject.org>
Date:   Fri Oct 14 09:08:51 2016 -0400

    Extract ExitPolicy-and-IPv6Exit check into a new function
    
    (I've done this instead of changing the semantics of
    router_compare_to_my_exit_policy, because dns.c uses
    router_compare_to_my_exit_policy too, in a slightly weird way.)
---
 src/or/connection_edge.c | 34 ++++++++++++++++++++++++----------
 1 file changed, 24 insertions(+), 10 deletions(-)

diff --git a/src/or/connection_edge.c b/src/or/connection_edge.c
index a1a0863..788b7ee 100644
--- a/src/or/connection_edge.c
+++ b/src/or/connection_edge.c
@@ -3218,6 +3218,24 @@ connection_exit_begin_resolve(cell_t *cell, or_circuit_t *circ)
   return 0;
 }
 
+/** Helper: Return true and set *<b>why_rejected</b> to an optional clarifying
+ * message message iff we do not allow connections to <b>addr</b>:<b>port</b>.
+ */
+static int
+my_exit_policy_rejects(const tor_addr_t *addr,
+                       uint16_t port,
+                       const char **why_rejected)
+{
+  if (router_compare_to_my_exit_policy(addr, port)) {
+    *why_rejected = "";
+    return 1;
+  } else if (tor_addr_family(addr) == AF_INET6 && !get_options()->IPv6Exit) {
+    *why_rejected = " (IPv6 address without IPv6Exit configured)";
+    return 1;
+  }
+  return 0;
+}
+
 /** Connect to conn's specified addr and port. If it worked, conn
  * has now been added to the connection_array.
  *
@@ -3234,17 +3252,13 @@ connection_exit_connect(edge_connection_t *edge_conn)
   int socket_error = 0, result;
   const char *why_failed_exit_policy = NULL;
 
-  if (! connection_edge_is_rendezvous_stream(edge_conn)) {
-    /* only apply exit policy to non-rendezvous connections. */
-    if (router_compare_to_my_exit_policy(&edge_conn->base_.addr,
-                                         edge_conn->base_.port)) {
+  /* Apply exit policy to non-rendezvous connections. */
+  if (! connection_edge_is_rendezvous_stream(edge_conn) &&
+      my_exit_policy_rejects(&edge_conn->base_.addr,
+                             edge_conn->base_.port,
+                             &why_failed_exit_policy)) {
+    if (BUG(!why_failed_exit_policy))
       why_failed_exit_policy = "";
-    } else if (tor_addr_family(&conn->addr) == AF_INET6 &&
-             ! get_options()->IPv6Exit) {
-      why_failed_exit_policy = " (IPv6 address without IPv6Exit configured)";
-    }
-  }
-  if (why_failed_exit_policy) {
     log_info(LD_EXIT,"%s:%d failed exit policy%s. Closing.",
              escaped_safe_str_client(conn->address), conn->port,
              why_failed_exit_policy);



