Commit 4bec25c3 authored by Nick Mathewson's avatar Nick Mathewson
Browse files

Add {No,}IPv{4,6}Traffic options to SOCKSPort

These options are for telling the SOCKSPort that it should allow or
not allow connections to IPv4/IPv6 addresses.

These aren't implemented yet; this is just the code to read the
options and get them into the entrey_connection_t.
parent b7843ca5
......@@ -4441,6 +4441,7 @@ warn_nonlocal_controller_ports(smartlist_t *ports, unsigned forbid)
#define CL_PORT_ALLOW_EXTRA_LISTENADDR (1u<<2)
#define CL_PORT_SERVER_OPTIONS (1u<<3)
#define CL_PORT_FORBID_NONLOCAL (1u<<4)
#define CL_PORT_TAKES_HOSTNAMES (1u<<5)
/**
* Parse port configuration for a single port type.
......@@ -4473,6 +4474,9 @@ warn_nonlocal_controller_ports(smartlist_t *ports, unsigned forbid)
* isolation options in the FooPort entries; instead allow the
* server-port option set.
*
* If CL_PORT_TAKES_HOSTNAMES is set in <b>flags</b>, allow the options
* {No,}IPv{4,6}Traffic.
*
* On success, if <b>out</b> is given, add a new port_cfg_t entry to
* <b>out</b> for every port that the client should listen on. Return 0
* on success, -1 on failure.
......@@ -4496,6 +4500,7 @@ parse_port_config(smartlist_t *out,
const unsigned forbid_nonlocal = flags & CL_PORT_FORBID_NONLOCAL;
const unsigned allow_spurious_listenaddr =
flags & CL_PORT_ALLOW_EXTRA_LISTENADDR;
const unsigned takes_hostnames = flags & CL_PORT_TAKES_HOSTNAMES;
int got_zero_port=0, got_nonzero_port=0;
/* FooListenAddress is deprecated; let's make it work like it used to work,
......@@ -4599,7 +4604,8 @@ parse_port_config(smartlist_t *out,
uint16_t ptmp=0;
int ok;
int no_listen = 0, no_advertise = 0, all_addrs = 0,
ipv4_only = 0, ipv6_only = 0;
ipv4_only = 0, ipv6_only = 0,
ipv4_traffic = 1, ipv6_traffic = 0;
smartlist_split_string(elts, ports->value, NULL,
SPLIT_SKIP_SPACE|SPLIT_IGNORE_BLANK, 0);
......@@ -4723,9 +4729,21 @@ parse_port_config(smartlist_t *out,
no = 1;
elt += 2;
}
if (takes_hostnames) {
if (!strcasecmp(elt, "IPv4Traffic")) {
ipv4_traffic = ! no;
continue;
} else if (!strcasecmp(elt, "IPv6Traffic")) {
ipv6_traffic = ! no;
continue;
}
}
if (!strcasecmpend(elt, "s"))
elt[strlen(elt)-1] = '\0'; /* kill plurals. */
if (!strcasecmp(elt, "IsolateDestPort")) {
isoflag = ISO_DESTPORT;
} else if (!strcasecmp(elt, "IsolateDestAddr")) {
......@@ -4766,6 +4784,8 @@ parse_port_config(smartlist_t *out,
cfg->all_addrs = all_addrs;
cfg->ipv4_only = ipv4_only;
cfg->ipv6_only = ipv6_only;
cfg->ipv4_traffic = ipv4_traffic;
cfg->ipv6_traffic = ipv6_traffic;
smartlist_add(out, cfg);
}
......@@ -4858,7 +4878,8 @@ parse_ports(or_options_t *options, int validate_only,
options->SocksPort_lines, options->SocksListenAddress,
"Socks", CONN_TYPE_AP_LISTENER,
"127.0.0.1", 9050,
CL_PORT_WARN_NONLOCAL|CL_PORT_ALLOW_EXTRA_LISTENADDR) < 0) {
CL_PORT_WARN_NONLOCAL|CL_PORT_ALLOW_EXTRA_LISTENADDR|
CL_PORT_TAKES_HOSTNAMES) < 0) {
*msg = tor_strdup("Invalid SocksPort/SocksListenAddress configuration");
goto err;
}
......
......@@ -1115,6 +1115,13 @@ connection_listener_new(const struct sockaddr *listensockaddr,
lis_conn->session_group = global_next_session_group--;
}
}
if (type == CONN_TYPE_AP) {
lis_conn->socks_ipv4_traffic = port_cfg->ipv4_traffic;
lis_conn->socks_ipv6_traffic = port_cfg->ipv6_traffic;
} else {
lis_conn->socks_ipv4_traffic = 1;
lis_conn->socks_ipv6_traffic = 1;
}
if (connection_add(conn) < 0) { /* no space, forget it */
log_warn(LD_NET,"connection_add for listener failed. Giving up.");
......@@ -1348,6 +1355,8 @@ connection_init_accepted_conn(connection_t *conn,
TO_ENTRY_CONN(conn)->session_group = listener->session_group;
TO_ENTRY_CONN(conn)->nym_epoch = get_signewnym_epoch();
TO_ENTRY_CONN(conn)->socks_request->listener_type = listener->base_.type;
TO_ENTRY_CONN(conn)->ipv4_traffic_ok = listener->socks_ipv4_traffic;
TO_ENTRY_CONN(conn)->ipv6_traffic_ok = listener->socks_ipv6_traffic;
switch (TO_CONN(listener)->type) {
case CONN_TYPE_AP_LISTENER:
conn->state = AP_CONN_STATE_SOCKS_WAIT;
......
......@@ -1225,6 +1225,15 @@ typedef struct listener_connection_t {
uint8_t isolation_flags;
/**@}*/
/** For a SOCKS listener, these fields describe whether we should
* allow IPv4 and IPv6 addresses from our exit nodes, respectively.
*
* @{
*/
unsigned int socks_ipv4_traffic : 1;
unsigned int socks_ipv6_traffic : 1;
/** @} */
} listener_connection_t;
/** Minimum length of the random part of an AUTH_CHALLENGE cell. */
......@@ -1522,6 +1531,13 @@ typedef struct entry_connection_t {
*/
unsigned int may_use_optimistic_data : 1;
/** Should we permit IPv4 and IPv6 traffic to use this connection?
*
* @{ */
unsigned int ipv4_traffic_ok : 1;
unsigned int ipv6_traffic_ok : 1;
/** @} */
} entry_connection_t;
/** Subtype of connection_t for an "directory connection" -- that is, an HTTP
......@@ -3044,6 +3060,8 @@ typedef struct port_cfg_t {
unsigned int all_addrs : 1;
unsigned int ipv4_only : 1;
unsigned int ipv6_only : 1;
unsigned int ipv4_traffic : 1;
unsigned int ipv6_traffic : 1;
/* Unix sockets only: */
/** Path for an AF_UNIX address */
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment