Newer
Older
/* Copyright (c) 2001-2004, Roger Dingledine.
* Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson.
* Copyright (c) 2007-2021, The Tor Project, Inc. */
/* See LICENSE for licensing information */
/**
* \file policies.c
* \brief Code to parse and use address policies and exit policies.
*
* We have two key kinds of address policy: full and compressed. A full
* policy is an array of accept/reject patterns, to be applied in order.
* A short policy is simply a list of ports. This module handles both
* kinds, including generic functions to apply them to addresses, and
* also including code to manage the global policies that we apply to
* incoming and outgoing connections.
**/
#include "core/or/or.h"
#include "feature/client/bridges.h"
#include "app/config/config.h"
#include "core/or/policies.h"
#include "feature/dirparse/policy_parse.h"
#include "feature/nodelist/microdesc.h"
#include "feature/nodelist/networkstatus.h"
#include "feature/nodelist/nodelist.h"
#include "feature/relay/router.h"
#include "feature/relay/routermode.h"
#include "lib/geoip/geoip.h"
#include "lib/crypt_ops/crypto_rand.h"
#include "trunnel/ed25519_cert.h"
#include "core/or/addr_policy_st.h"
#include "feature/dirclient/dir_server_st.h"
#include "feature/nodelist/microdesc_st.h"
#include "feature/nodelist/node_st.h"
#include "core/or/port_cfg_st.h"
#include "feature/nodelist/routerinfo_st.h"
#include "feature/nodelist/routerstatus_st.h"
/** Maximum length of an exit policy summary. */
#define MAX_EXITPOLICY_SUMMARY_LEN 1000
/** Policy that addresses for incoming SOCKS connections must match. */
static smartlist_t *socks_policy = NULL;
/** Policy that addresses for incoming directory connections must match. */
static smartlist_t *dir_policy = NULL;
/** Policy for incoming MetricsPort connections that must match. */
static smartlist_t *metrics_policy = NULL;
/** Policy that addresses for incoming router descriptors must match in order
* to be published by us. */
static smartlist_t *authdir_reject_policy = NULL;
/** Policy that addresses for incoming router descriptors must match in order
* to be marked as valid in our networkstatus. */
static smartlist_t *authdir_invalid_policy = NULL;
/** Policy that addresses for incoming router descriptors must <b>not</b>
* match in order to not be marked as BadExit. */
static smartlist_t *authdir_badexit_policy = NULL;
/** Parsed addr_policy_t describing which addresses we believe we can start
* circuits at. */
static smartlist_t *reachable_or_addr_policy = NULL;
/** Parsed addr_policy_t describing which addresses we believe we can connect
* to directories at. */
static smartlist_t *reachable_dir_addr_policy = NULL;
/** Element of an exit policy summary */
typedef struct policy_summary_item_t {
uint16_t prt_min; /**< Lowest port number to accept/reject. */
uint16_t prt_max; /**< Highest port number to accept/reject. */
uint64_t reject_count; /**< Number of IP-Addresses that are rejected to
unsigned int accepted:1; /** Has this port already been accepted */
/** Private networks. This list is used in two places, once to expand the
* "private" keyword when parsing our own exit policy, secondly to ignore
* just such networks when building exit policy summaries. It is important
* that all authorities agree on that list when creating summaries, so don't
* just change this without a proper migration plan and a proposal and stuff.
*/
static const char *private_nets[] = {
"0.0.0.0/8", "169.254.0.0/16",
"127.0.0.0/8", "192.168.0.0/16", "10.0.0.0/8", "172.16.0.0/12",
"[::]/8",
"[fc00::]/7", "[fe80::]/10", "[fec0::]/10", "[ff00::]/8", "[::]/127",
NULL
};
teor (Tim Wilson-Brown)
committed
static int policies_parse_exit_policy_internal(
config_line_t *cfg,
smartlist_t **dest,
int ipv6_exit,
int rejectprivate,
const smartlist_t *configured_addresses,
int reject_interface_addresses,
int reject_configured_port_addresses,
int add_default_policy,
int add_reduced_policy);
/** Replace all "private" entries in *<b>policy</b> with their expanded
* equivalents. */
void
policy_expand_private(smartlist_t **policy)
{
uint16_t port_min, port_max;
int i;
smartlist_t *tmp;
Nick Mathewson
committed
if (!*policy) /*XXXX disallow NULL policies? */
SMARTLIST_FOREACH_BEGIN(*policy, addr_policy_t *, p) {
if (! p->is_private) {
smartlist_add(tmp, p);
continue;
}
for (i = 0; private_nets[i]; ++i) {
addr_policy_t newpolicy;
memcpy(&newpolicy, p, sizeof(addr_policy_t));
newpolicy.is_private = 0;
newpolicy.is_canonical = 0;
if (tor_addr_parse_mask_ports(private_nets[i], 0,
&newpolicy.addr,
&newpolicy.maskbits, &port_min, &port_max)<0) {
smartlist_add(tmp, addr_policy_get_canonical_entry(&newpolicy));
}
addr_policy_free(p);
} SMARTLIST_FOREACH_END(p);
smartlist_free(*policy);
*policy = tmp;
}
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
/** Expand each of the AF_UNSPEC elements in *<b>policy</b> (which indicate
* protocol-neutral wildcards) into a pair of wildcard elements: one IPv4-
* specific and one IPv6-specific. */
void
policy_expand_unspec(smartlist_t **policy)
{
smartlist_t *tmp;
if (!*policy)
return;
tmp = smartlist_new();
SMARTLIST_FOREACH_BEGIN(*policy, addr_policy_t *, p) {
sa_family_t family = tor_addr_family(&p->addr);
if (family == AF_INET6 || family == AF_INET || p->is_private) {
smartlist_add(tmp, p);
} else if (family == AF_UNSPEC) {
addr_policy_t newpolicy_ipv4;
addr_policy_t newpolicy_ipv6;
memcpy(&newpolicy_ipv4, p, sizeof(addr_policy_t));
memcpy(&newpolicy_ipv6, p, sizeof(addr_policy_t));
newpolicy_ipv4.is_canonical = 0;
newpolicy_ipv6.is_canonical = 0;
if (p->maskbits != 0) {
log_warn(LD_BUG, "AF_UNSPEC policy with maskbits==%d", p->maskbits);
newpolicy_ipv4.maskbits = 0;
newpolicy_ipv6.maskbits = 0;
}
tor_addr_from_ipv4h(&newpolicy_ipv4.addr, 0);
tor_addr_from_ipv6_bytes(&newpolicy_ipv6.addr,
(const uint8_t *)"\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0");
smartlist_add(tmp, addr_policy_get_canonical_entry(&newpolicy_ipv4));
smartlist_add(tmp, addr_policy_get_canonical_entry(&newpolicy_ipv6));
addr_policy_free(p);
} else {
log_warn(LD_BUG, "Funny-looking address policy with family %d", family);
smartlist_add(tmp, p);
}
} SMARTLIST_FOREACH_END(p);
smartlist_free(*policy);
*policy = tmp;
}
/**
* Given a linked list of config lines containing "accept[6]" and "reject[6]"
* tokens, parse them and append the result to <b>dest</b>. Return -1
* if any tokens are malformed (and don't append any), else return 0.
*
* If <b>assume_action</b> is nonnegative, then insert its action
* (ADDR_POLICY_ACCEPT or ADDR_POLICY_REJECT) for items that specify no
* action.
*/
static int
parse_addr_policy(config_line_t *cfg, smartlist_t **dest,
int assume_action)
{
smartlist_t *entries;
int malformed_list;
int r = 0;
if (!cfg)
return 0;
result = smartlist_new();
entries = smartlist_new();
for (; cfg; cfg = cfg->next) {
smartlist_split_string(entries, cfg->value, ",",
SPLIT_SKIP_SPACE|SPLIT_IGNORE_BLANK, 0);
SMARTLIST_FOREACH_BEGIN(entries, const char *, ent) {
log_debug(LD_CONFIG,"Adding new entry '%s'",ent);
malformed_list = 0;
item = router_parse_addr_policy_item_from_string(ent, assume_action,
&malformed_list);
if (item) {
smartlist_add(result, item);
} else if (malformed_list) {
/* the error is so severe the entire list should be discarded */
log_warn(LD_CONFIG, "Malformed policy '%s'. Discarding entire policy "
"list.", ent);
r = -1;
} else {
/* the error is minor: don't add the item, but keep processing the
* rest of the policies in the list */
log_debug(LD_CONFIG, "Ignored policy '%s' due to non-fatal error. "
"The remainder of the policy list will be used.",
ent);
} SMARTLIST_FOREACH_END(ent);
SMARTLIST_FOREACH(entries, char *, ent, tor_free(ent));
smartlist_clear(entries);
}
smartlist_free(entries);
if (r == -1) {
addr_policy_list_free(result);
} else {
policy_expand_private(&result);
if (*dest) {
smartlist_add_all(*dest, result);
smartlist_free(result);
} else {
*dest = result;
}
}
return r;
}
/** Helper: parse the Reachable(Dir|OR)?Addresses fields into
* reachable_(or|dir)_addr_policy. The options should already have
* been validated by validate_addr_policies.
*/
static int
parse_reachable_addresses(void)
{
const or_options_t *options = get_options();
if (options->ReachableDirAddresses &&
options->ReachableORAddresses &&
options->ReachableAddresses) {
log_warn(LD_CONFIG,
"Both ReachableDirAddresses and ReachableORAddresses are set. "
"ReachableAddresses setting will be ignored.");
}
addr_policy_list_free(reachable_or_addr_policy);
reachable_or_addr_policy = NULL;
if (!options->ReachableORAddresses && options->ReachableAddresses)
log_info(LD_CONFIG,
"Using ReachableAddresses as ReachableORAddresses.");
if (parse_addr_policy(options->ReachableORAddresses ?
options->ReachableORAddresses :
options->ReachableAddresses,
&reachable_or_addr_policy, ADDR_POLICY_ACCEPT)) {
log_warn(LD_CONFIG,
"Error parsing Reachable%sAddresses entry; ignoring.",
options->ReachableORAddresses ? "OR" : "");
}
addr_policy_list_free(reachable_dir_addr_policy);
reachable_dir_addr_policy = NULL;
if (!options->ReachableDirAddresses && options->ReachableAddresses)
log_info(LD_CONFIG,
"Using ReachableAddresses as ReachableDirAddresses");
if (parse_addr_policy(options->ReachableDirAddresses ?
options->ReachableDirAddresses :
options->ReachableAddresses,
&reachable_dir_addr_policy, ADDR_POLICY_ACCEPT)) {
if (options->ReachableDirAddresses)
log_warn(LD_CONFIG,
"Error parsing ReachableDirAddresses entry; ignoring.");
}
/* We ignore ReachableAddresses for relays */
if (!server_mode(options)) {
if (policy_is_reject_star(reachable_or_addr_policy, AF_UNSPEC, 0)
|| policy_is_reject_star(reachable_dir_addr_policy, AF_UNSPEC,0)) {
log_warn(LD_CONFIG, "Tor cannot connect to the Internet if "
"ReachableAddresses, ReachableORAddresses, or "
"ReachableDirAddresses reject all addresses. Please accept "
"some addresses in these options.");
} else if (options->ClientUseIPv4 == 1
&& (policy_is_reject_star(reachable_or_addr_policy, AF_INET, 0)
|| policy_is_reject_star(reachable_dir_addr_policy, AF_INET, 0))) {
log_warn(LD_CONFIG, "You have set ClientUseIPv4 1, but "
"ReachableAddresses, ReachableORAddresses, or "
"ReachableDirAddresses reject all IPv4 addresses. "
"Tor will not connect using IPv4.");
} else if (reachable_addr_use_ipv6(options)
&& (policy_is_reject_star(reachable_or_addr_policy, AF_INET6, 0)
|| policy_is_reject_star(reachable_dir_addr_policy, AF_INET6, 0))) {
log_warn(LD_CONFIG, "You have configured tor to use or prefer IPv6 "
"(or UseBridges 1), but "
"ReachableAddresses, ReachableORAddresses, or "
"ReachableDirAddresses reject all IPv6 addresses. "
"Tor will not connect using IPv6.");
}
}
/* Append a reject *:* to reachable_(or|dir)_addr_policy */
if (!ret && (options->ReachableDirAddresses ||
options->ReachableORAddresses ||
options->ReachableAddresses)) {
append_exit_policy_string(&reachable_or_addr_policy, "reject *:*");
append_exit_policy_string(&reachable_dir_addr_policy, "reject *:*");
}
}
/* Return true iff ClientUseIPv4 0 or ClientUseIPv6 0 might block any OR or Dir
* address:port combination. */
static int
firewall_is_fascist_impl(void)
{
const or_options_t *options = get_options();
/* Assume every non-bridge relay has an IPv4 address.
* Clients which use bridges may only know the IPv6 address of their
* bridge, but they will connect regardless of the ClientUseIPv6 setting. */
return options->ClientUseIPv4 == 0;
}
/** Return true iff the firewall options, including ClientUseIPv4 0 and
* ClientUseIPv6 0, might block any OR address:port combination.
* Address preferences may still change which address is selected even if
* this function returns false.
*/
int
firewall_is_fascist_or(void)
{
return (reachable_or_addr_policy != NULL || firewall_is_fascist_impl());
}
/** Return true iff the firewall options, including ClientUseIPv4 0 and
* ClientUseIPv6 0, might block any Dir address:port combination.
* Address preferences may still change which address is selected even if
* this function returns false.
*/
int
firewall_is_fascist_dir(void)
{
return (reachable_dir_addr_policy != NULL || firewall_is_fascist_impl());
}
/** Return true iff <b>policy</b> (possibly NULL) will allow a
* connection to <b>addr</b>:<b>port</b>.
*/
static int
addr_policy_permits_tor_addr(const tor_addr_t *addr, uint16_t port,
{
addr_policy_result_t p;
p = compare_tor_addr_to_addr_policy(addr, port, policy);
switch (p) {
case ADDR_POLICY_PROBABLY_ACCEPTED:
case ADDR_POLICY_ACCEPTED:
return 1;
case ADDR_POLICY_PROBABLY_REJECTED:
case ADDR_POLICY_REJECTED:
return 0;
default:
log_warn(LD_BUG, "Unexpected result: %d", (int)p);
return 0;
}
}
/** Return true iff we think our firewall will let us make a connection to
* addr:port.
*
* If we are configured as a server, ignore any address family preference and
* just use IPv4.
* Otherwise:
* - return false for all IPv4 addresses:
* - if ClientUseIPv4 is 0, or
* if pref_only and pref_ipv6 are both true;
* - return false for all IPv6 addresses:
* - if reachable_addr_use_ipv6() is 0, or
* - if pref_only is true and pref_ipv6 is false.
*
* Return false if addr is NULL or tor_addr_is_null(), or if port is 0. */
STATIC int
reachable_addr_allows(const tor_addr_t *addr,
uint16_t port,
smartlist_t *firewall_policy,
int pref_only, int pref_ipv6)
const or_options_t *options = get_options();
teor (Tim Wilson-Brown)
committed
const int client_mode = !server_mode(options);
if (!addr || tor_addr_is_null(addr) || !port) {
return 0;
}
teor (Tim Wilson-Brown)
committed
/* Clients stop using IPv4 if it's disabled. In most cases, clients also
* stop using IPv4 if it's not preferred.
* Servers must have IPv4 enabled and preferred. */
if (tor_addr_family(addr) == AF_INET && client_mode &&
(!options->ClientUseIPv4 || (pref_only && pref_ipv6))) {
return 0;
}
teor (Tim Wilson-Brown)
committed
/* Clients and Servers won't use IPv6 unless it's enabled (and in most
* cases, IPv6 must also be preferred before it will be used). */
if (tor_addr_family(addr) == AF_INET6 &&
(!reachable_addr_use_ipv6(options) || (pref_only && !pref_ipv6))) {
teor (Tim Wilson-Brown)
committed
}
return addr_policy_permits_tor_addr(addr, port,
firewall_policy);
}
/** Is this client configured to use IPv6?
* Returns true if the client might use IPv6 for some of its connections
* (including dual-stack and IPv6-only clients), and false if it will never
* use IPv6 for any connections.
teor (Tim Wilson-Brown)
committed
* Use node_ipv6_or/dir_preferred() when checking a specific node and OR/Dir
* port: it supports bridge client per-node IPv6 preferences.
reachable_addr_use_ipv6(const or_options_t *options)
/* Clients use IPv6 if it's set, or they use bridges, or they don't use
* IPv4, or they prefer it.
* ClientPreferIPv6DirPort is deprecated, but check it anyway. */
return (options->ClientUseIPv6 == 1 || options->ClientUseIPv4 == 0 ||
options->ClientPreferIPv6ORPort == 1 ||
options->ClientPreferIPv6DirPort == 1 || options->UseBridges == 1);
}
/** Do we prefer to connect to IPv6, ignoring ClientPreferIPv6ORPort and
* ClientPreferIPv6DirPort?
* If we're unsure, return -1, otherwise, return 1 for IPv6 and 0 for IPv4.
*/
static int
reachable_addr_prefer_ipv6_impl(const or_options_t *options)
{
/*
Cheap implementation of config options ClientUseIPv4 & ClientUseIPv6 --
If we're a server or IPv6 is disabled, use IPv4.
If IPv4 is disabled, use IPv6.
*/
if (server_mode(options) || !reachable_addr_use_ipv6(options)) {
return 0;
}
if (!options->ClientUseIPv4) {
return 1;
}
return -1;
}
/** Do we prefer to connect to IPv6 ORPorts?
teor (Tim Wilson-Brown)
committed
* Use node_ipv6_or_preferred() whenever possible: it supports bridge client
* per-node IPv6 preferences.
*/
int
reachable_addr_prefer_ipv6_orport(const or_options_t *options)
int pref_ipv6 = reachable_addr_prefer_ipv6_impl(options);
if (pref_ipv6 >= 0) {
return pref_ipv6;
}
/* We can use both IPv4 and IPv6 - which do we prefer? */
if (options->ClientPreferIPv6ORPort == 1) {
return 1;
}
return 0;
}
/** Do we prefer to connect to IPv6 DirPorts?
teor (Tim Wilson-Brown)
committed
*
* (node_ipv6_dir_preferred() doesn't support bridge client per-node IPv6
* preferences. There's no reason to use it instead of this function.)
reachable_addr_prefer_ipv6_dirport(const or_options_t *options)
int pref_ipv6 = reachable_addr_prefer_ipv6_impl(options);
if (pref_ipv6 >= 0) {
return pref_ipv6;
}
/* We can use both IPv4 and IPv6 - which do we prefer? */
if (options->ClientPreferIPv6DirPort == 1) {
return 1;
}
return 0;
/** Return true iff we think our firewall will let us make a connection to
* addr:port. Uses ReachableORAddresses or ReachableDirAddresses based on
* fw_connection.
teor (Tim Wilson-Brown)
committed
* If pref_only is true, return true if addr is in the client's preferred
* address family, which is IPv6 if pref_ipv6 is true, and IPv4 otherwise.
* If pref_only is false, ignore pref_ipv6, and return true if addr is allowed.
*/
reachable_addr_allows_addr(const tor_addr_t *addr, uint16_t port,
firewall_connection_t fw_connection,
teor (Tim Wilson-Brown)
committed
int pref_only, int pref_ipv6)
{
if (fw_connection == FIREWALL_OR_CONNECTION) {
return reachable_addr_allows(addr, port,
teor (Tim Wilson-Brown)
committed
pref_only, pref_ipv6);
} else if (fw_connection == FIREWALL_DIR_CONNECTION) {
return reachable_addr_allows(addr, port,
teor (Tim Wilson-Brown)
committed
pref_only, pref_ipv6);
log_warn(LD_BUG, "Bad firewall_connection_t value %d.",
fw_connection);
return 0;
}
}
/** Return true iff we think our firewall will let us make a connection to
* addr:port (ap). Uses ReachableORAddresses or ReachableDirAddresses based on
* fw_connection.
* pref_only and pref_ipv6 work as in reachable_addr_allows_addr().
*/
static int
reachable_addr_allows_ap(const tor_addr_port_t *ap,
firewall_connection_t fw_connection,
teor (Tim Wilson-Brown)
committed
int pref_only, int pref_ipv6)
{
tor_assert(ap);
return reachable_addr_allows_addr(&ap->addr, ap->port,
teor (Tim Wilson-Brown)
committed
fw_connection, pref_only,
pref_ipv6);
}
/** Return true iff we think our firewall will let us make a connection to
* ipv4h_addr/ipv6_addr. Uses ipv4_orport/ipv6_orport/ReachableORAddresses or
* ipv4_dirport/ipv6_dirport/ReachableDirAddresses based on IPv4/IPv6 and
* <b>fw_connection</b>.
* pref_only and pref_ipv6 work as in reachable_addr_allows_addr().
teor (Tim Wilson-Brown)
committed
*/
static int
reachable_addr_allows_base(const tor_addr_t *ipv4_addr, uint16_t ipv4_orport,
uint16_t ipv4_dirport,
const tor_addr_t *ipv6_addr, uint16_t ipv6_orport,
uint16_t ipv6_dirport,
firewall_connection_t fw_connection,
teor (Tim Wilson-Brown)
committed
int pref_only, int pref_ipv6)
if (reachable_addr_allows_addr(ipv4_addr,
(fw_connection == FIREWALL_OR_CONNECTION
? ipv4_orport
: ipv4_dirport),
fw_connection,
teor (Tim Wilson-Brown)
committed
pref_only, pref_ipv6)) {
return 1;
}
if (reachable_addr_allows_addr(ipv6_addr,
(fw_connection == FIREWALL_OR_CONNECTION
? ipv6_orport
: ipv6_dirport),
fw_connection,
teor (Tim Wilson-Brown)
committed
pref_only, pref_ipv6)) {
return 1;
}
return 0;
}
/** Like reachable_addr_allows_base(), but takes ri. */
static int
reachable_addr_allows_ri_impl(const routerinfo_t *ri,
firewall_connection_t fw_connection,
teor (Tim Wilson-Brown)
committed
int pref_only, int pref_ipv6)
{
if (!ri) {
return 0;
}
/* Assume IPv4 and IPv6 DirPorts are the same */
return reachable_addr_allows_base(&ri->ipv4_addr, ri->ipv4_orport,
ri->ipv4_dirport, &ri->ipv6_addr,
ri->ipv6_orport, ri->ipv4_dirport,
fw_connection, pref_only, pref_ipv6);
}
/** Like reachable_addr_allows_rs, but takes pref_ipv6. */
static int
reachable_addr_allows_rs_impl(const routerstatus_t *rs,
firewall_connection_t fw_connection,
teor (Tim Wilson-Brown)
committed
int pref_only, int pref_ipv6)
{
if (!rs) {
return 0;
}
/* Assume IPv4 and IPv6 DirPorts are the same */
return reachable_addr_allows_base(&rs->ipv4_addr, rs->ipv4_orport,
rs->ipv4_dirport, &rs->ipv6_addr,
rs->ipv6_orport, rs->ipv4_dirport,
fw_connection, pref_only, pref_ipv6);
/** Like reachable_addr_allows_base(), but takes rs.
teor (Tim Wilson-Brown)
committed
* When rs is a fake_status from a dir_server_t, it can have a reachable
* address, even when the corresponding node does not.
* nodes can be missing addresses when there's no consensus (IPv4 and IPv6),
* or when there is a microdescriptor consensus, but no microdescriptors
* (microdescriptors have IPv6, the microdesc consensus does not). */
int
reachable_addr_allows_rs(const routerstatus_t *rs,
firewall_connection_t fw_connection, int pref_only)
if (!rs) {
return 0;
}
teor (Tim Wilson-Brown)
committed
/* We don't have access to the node-specific IPv6 preference, so use the
* generic IPv6 preference instead. */
const or_options_t *options = get_options();
int pref_ipv6 = (fw_connection == FIREWALL_OR_CONNECTION
? reachable_addr_prefer_ipv6_orport(options)
: reachable_addr_prefer_ipv6_dirport(options));
teor (Tim Wilson-Brown)
committed
return reachable_addr_allows_rs_impl(rs, fw_connection, pref_only,
teor (Tim Wilson-Brown)
committed
pref_ipv6);
}
teor (Tim Wilson-Brown)
committed
/** Return true iff we think our firewall will let us make a connection to
* ipv6_addr:ipv6_orport based on ReachableORAddresses.
* If <b>fw_connection</b> is FIREWALL_DIR_CONNECTION, returns 0.
* pref_only and pref_ipv6 work as in reachable_addr_allows_addr().
teor (Tim Wilson-Brown)
committed
*/
static int
reachable_addr_allows_md_impl(const microdesc_t *md,
firewall_connection_t fw_connection,
teor (Tim Wilson-Brown)
committed
int pref_only, int pref_ipv6)
{
if (!md) {
return 0;
}
/* Can't check dirport, it doesn't have one */
if (fw_connection == FIREWALL_DIR_CONNECTION) {
return 0;
}
/* Also can't check IPv4, doesn't have that either */
return reachable_addr_allows_addr(&md->ipv6_addr, md->ipv6_orport,
teor (Tim Wilson-Brown)
committed
fw_connection, pref_only,
pref_ipv6);
}
/** Like reachable_addr_allows_base(), but takes node, and looks up pref_ipv6
teor (Tim Wilson-Brown)
committed
* from node_ipv6_or/dir_preferred(). */
int
reachable_addr_allows_node(const node_t *node,
firewall_connection_t fw_connection,
int pref_only)
if (!node) {
return 0;
}
node_assert_ok(node);
teor (Tim Wilson-Brown)
committed
const int pref_ipv6 = (fw_connection == FIREWALL_OR_CONNECTION
? node_ipv6_or_preferred(node)
: node_ipv6_dir_preferred(node));
/* Sometimes, the rs is missing the IPv6 address info, and we need to go
* all the way to the md */
if (node->ri && reachable_addr_allows_ri_impl(node->ri, fw_connection,
teor (Tim Wilson-Brown)
committed
pref_only, pref_ipv6)) {
return 1;
} else if (node->rs && reachable_addr_allows_rs_impl(node->rs,
fw_connection,
teor (Tim Wilson-Brown)
committed
pref_only,
pref_ipv6)) {
return 1;
} else if (node->md && reachable_addr_allows_md_impl(node->md,
fw_connection,
teor (Tim Wilson-Brown)
committed
pref_only,
pref_ipv6)) {
return 1;
} else {
/* If we know nothing, assume it's unreachable, we'll never get an address
* to connect to. */
return 0;
}
}
/** Like reachable_addr_allows_rs(), but takes ds. */
int
reachable_addr_allows_dir_server(const dir_server_t *ds,
firewall_connection_t fw_connection,
int pref_only)
{
if (!ds) {
return 0;
}
/* A dir_server_t always has a fake_status. As long as it has the same
* addresses/ports in both fake_status and dir_server_t, this works fine.
* (See #17867.)
* reachable_addr_allows_rs only checks the addresses in fake_status. */
return reachable_addr_allows_rs(&ds->fake_status, fw_connection,
pref_only);
}
/** If a and b are both valid and allowed by fw_connection,
* choose one based on want_a and return it.
* Otherwise, return whichever is allowed.
* Otherwise, return NULL.
* pref_only and pref_ipv6 work as in reachable_addr_allows_addr().
teor (Tim Wilson-Brown)
committed
*/
static const tor_addr_port_t *
reachable_addr_choose_impl(const tor_addr_port_t *a,
const tor_addr_port_t *b,
int want_a,
firewall_connection_t fw_connection,
teor (Tim Wilson-Brown)
committed
int pref_only, int pref_ipv6)
{
const tor_addr_port_t *use_a = NULL;
const tor_addr_port_t *use_b = NULL;
if (reachable_addr_allows_ap(a, fw_connection, pref_only,
teor (Tim Wilson-Brown)
committed
pref_ipv6)) {
use_a = a;
}
if (reachable_addr_allows_ap(b, fw_connection, pref_only,
teor (Tim Wilson-Brown)
committed
pref_ipv6)) {
use_b = b;
}
/* If both are allowed */
if (use_a && use_b) {
/* Choose a if we want it */
return (want_a ? use_a : use_b);
} else {
/* Choose a if we have it */
return (use_a ? use_a : use_b);
}
}
/** If a and b are both valid and preferred by fw_connection,
* choose one based on want_a and return it.
* Otherwise, return whichever is preferred.
* If neither are preferred, and pref_only is false:
* - If a and b are both allowed by fw_connection,
* choose one based on want_a and return it.
* - Otherwise, return whichever is preferred.
* Otherwise, return NULL. */
STATIC const tor_addr_port_t *
reachable_addr_choose(const tor_addr_port_t *a,
const tor_addr_port_t *b,
int want_a,
firewall_connection_t fw_connection,
teor (Tim Wilson-Brown)
committed
int pref_only, int pref_ipv6)
const tor_addr_port_t *pref = reachable_addr_choose_impl(
a, b, want_a,
fw_connection,
teor (Tim Wilson-Brown)
committed
1, pref_ipv6);
if (pref_only || pref) {
/* If there is a preferred address, use it. If we can only use preferred
* addresses, and neither address is preferred, pref will be NULL, and we
* want to return NULL, so return it. */
return pref;
} else {
/* If there's no preferred address, and we can return addresses that are
* not preferred, use an address that's allowed */
return reachable_addr_choose_impl(a, b, want_a, fw_connection,
teor (Tim Wilson-Brown)
committed
0, pref_ipv6);
}
}
/** Copy an address and port into <b>ap</b> that we think our firewall will
* let us connect to. Uses ipv4_addr/ipv6_addr and
* ipv4_orport/ipv6_orport/ReachableORAddresses or
* ipv4_dirport/ipv6_dirport/ReachableDirAddresses based on IPv4/IPv6 and
* <b>fw_connection</b>.
* If pref_only, only choose preferred addresses. In either case, choose
* a preferred address before an address that's not preferred.
teor (Tim Wilson-Brown)
committed
* If both addresses could be chosen (they are both preferred or both allowed)
Neel Chauhan
committed
* choose IPv6 if pref_ipv6 is true, otherwise choose IPv4. */
static void
reachable_addr_choose_base(const tor_addr_t *ipv4_addr,
uint16_t ipv4_orport,
uint16_t ipv4_dirport,
const tor_addr_t *ipv6_addr,
uint16_t ipv6_orport,
uint16_t ipv6_dirport,
firewall_connection_t fw_connection,
int pref_only,
teor (Tim Wilson-Brown)
committed
int pref_ipv6,
tor_addr_port_t* ap)
{
const tor_addr_port_t *result = NULL;
teor (Tim Wilson-Brown)
committed
const int want_ipv4 = !pref_ipv6;
tor_assert(ipv6_addr);
tor_assert(ap);
Neel Chauhan
committed
tor_addr_make_null(&ap->addr, AF_UNSPEC);
ap->port = 0;
tor_addr_port_t ipv4_ap;
tor_addr_copy(&ipv4_ap.addr, ipv4_addr);
ipv4_ap.port = (fw_connection == FIREWALL_OR_CONNECTION
? ipv4_orport
: ipv4_dirport);
tor_addr_port_t ipv6_ap;
tor_addr_copy(&ipv6_ap.addr, ipv6_addr);
ipv6_ap.port = (fw_connection == FIREWALL_OR_CONNECTION
? ipv6_orport
: ipv6_dirport);
result = reachable_addr_choose(&ipv4_ap, &ipv6_ap,
teor (Tim Wilson-Brown)
committed
want_ipv4,
fw_connection, pref_only,
pref_ipv6);
if (result) {
tor_addr_copy(&ap->addr, &result->addr);
ap->port = result->port;
}
}
/** Like reachable_addr_choose_base(), but takes <b>rs</b>.
teor (Tim Wilson-Brown)
committed
* Consults the corresponding node, then falls back to rs if node is NULL.
* This should only happen when there's no valid consensus, and rs doesn't
* correspond to a bridge client's bridge.
*/
Neel Chauhan
committed
void
reachable_addr_choose_from_rs(const routerstatus_t *rs,
firewall_connection_t fw_connection,
int pref_only, tor_addr_port_t* ap)
{
tor_assert(ap);
Neel Chauhan
committed
tor_addr_make_null(&ap->addr, AF_UNSPEC);
ap->port = 0;
Neel Chauhan
committed
if (!rs) {
return;
}
const or_options_t *options = get_options();
teor (Tim Wilson-Brown)
committed
const node_t *node = node_get_by_id(rs->identity_digest);
reachable_addr_choose_from_node(node, fw_connection, pref_only, ap);
} else {
teor (Tim Wilson-Brown)
committed
/* There's no node-specific IPv6 preference, so use the generic IPv6
* preference instead. */
int pref_ipv6 = (fw_connection == FIREWALL_OR_CONNECTION
? reachable_addr_prefer_ipv6_orport(options)
: reachable_addr_prefer_ipv6_dirport(options));
teor (Tim Wilson-Brown)
committed
reachable_addr_choose_base(&rs->ipv4_addr, rs->ipv4_orport,
rs->ipv4_dirport, &rs->ipv6_addr,
rs->ipv6_orport, rs->ipv4_dirport,
fw_connection, pref_only, pref_ipv6,
ap);
}
}
/** Like reachable_addr_choose_base(), but takes in a smartlist
* <b>lspecs</b> consisting of one or more link specifiers. We assume
* fw_connection is FIREWALL_OR_CONNECTION as link specifiers cannot
* contain DirPorts.
reachable_addr_choose_from_ls(const smartlist_t *lspecs,
int pref_only, tor_addr_port_t* ap)
{
int have_v4 = 0, have_v6 = 0;
uint16_t port_v4 = 0, port_v6 = 0;
tor_addr_t addr_v4, addr_v6;
tor_assert(ap);
if (lspecs == NULL) {
log_warn(LD_BUG, "Unknown or missing link specifiers");
return;
}
if (smartlist_len(lspecs) == 0) {
log_warn(LD_PROTOCOL, "Link specifiers are empty");
return;
}
tor_addr_make_null(&ap->addr, AF_UNSPEC);
ap->port = 0;
tor_addr_make_null(&addr_v4, AF_INET);
tor_addr_make_null(&addr_v6, AF_INET6);
SMARTLIST_FOREACH_BEGIN(lspecs, const link_specifier_t *, ls) {
switch (link_specifier_get_ls_type(ls)) {
case LS_IPV4:
/* Skip if we already seen a v4. */
if (have_v4) continue;
tor_addr_from_ipv4h(&addr_v4,
link_specifier_get_un_ipv4_addr(ls));
port_v4 = link_specifier_get_un_ipv4_port(ls);
have_v4 = 1;
break;
case LS_IPV6:
/* Skip if we already seen a v6, or deliberately skip it if we're not a
* direct connection. */
if (have_v6) continue;
tor_addr_from_ipv6_bytes(&addr_v6,
link_specifier_getconstarray_un_ipv6_addr(ls));
port_v6 = link_specifier_get_un_ipv6_port(ls);
have_v6 = 1;
break;
default:
/* Ignore unknown. */
break;
}
} SMARTLIST_FOREACH_END(ls);
/* If we don't have IPv4 or IPv6 in link specifiers, log a bug and return. */
if (!have_v4 && !have_v6) {
if (!have_v6) {
log_warn(LD_PROTOCOL, "None of our link specifiers have IPv4 or IPv6");
} else {
log_warn(LD_PROTOCOL, "None of our link specifiers have IPv4");
}
return;
}
/* Here, don't check for DirPorts as link specifiers are only used for
* ORPorts. */
const or_options_t *options = get_options();
int pref_ipv6 = reachable_addr_prefer_ipv6_orport(options);
/* Assume that the DirPorts are zero as link specifiers only use ORPorts. */
reachable_addr_choose_base(&addr_v4, port_v4, 0,
&addr_v6, port_v6, 0,
FIREWALL_OR_CONNECTION,
pref_only, pref_ipv6,
ap);
}
/** Like reachable_addr_choose_base(), but takes <b>node</b>, and
teor (Tim Wilson-Brown)
committed
* looks up the node's IPv6 preference rather than taking an argument
* for pref_ipv6. */
Neel Chauhan
committed
void
reachable_addr_choose_from_node(const node_t *node,
firewall_connection_t fw_connection,
int pref_only, tor_addr_port_t *ap)
{
Neel Chauhan
committed
tor_assert(ap);
tor_addr_make_null(&ap->addr, AF_UNSPEC);
ap->port = 0;
Neel Chauhan
committed
if (!node) {
return;
}
node_assert_ok(node);
teor (Tim Wilson-Brown)
committed
const int pref_ipv6_node = (fw_connection == FIREWALL_OR_CONNECTION