Merge branch 'ipv6_exits'

  o Major features:

    - Tor now has (alpha) support for exiting to IPv6 addresses. To

      enable it as an exit node, make sure that you have IPv6

      connectivity, set the IPv6Exit flag to 1. Also make sure your

      exit policy reads as you would like: the address * applies to

      all address families, whereas *4 is IPv4 address only, and *6

      is IPv6 addresses only.  On the client side, you'll need to

      wait till the authorities have upgraded, wait for enough exits

      to support IPv6, apply the "IPv6Traffic" flag to a SocksPort,

      and use Socks5. Closes ticket 5547, implements proposal 117 as

      revised in proposal 208.

      We DO NOT recommend that clients with actual anonymity needs

      start using IPv6 over Tor yet: not enough exits support it

      yet, and there are some DNS-caching related issues that need

      to be solved first.

  o Code simplification and refactoring:

    - Move the client-side address-map/virtual-address/DNS-cache code

      out of connection_edge.c into a new addressmap.c module.

    the same circuit. Currently, two addresses are "too close" if they lie in

    the same /16 range. (Default: 1)

**SOCKSPort** \['address':]__port__|**auto** [_isolation flags_]::

**SOCKSPort** \['address':]__port__|**auto** [_flags_] [_isolation flags_]::

    Open this port to listen for connections from SOCKS-speaking

    applications. Set this to 0 if you don't want to allow application

    connections via SOCKS. Set it to "auto" to have Tor pick a port for

        on this port to share circuits with streams from every other

        port with the same session group.  (By default, streams received

        on different SOCKSPorts, TransPorts, etc are always isolated from one

        another. This option overrides that behavior.)

        another. This option overrides that behavior.) +

+

    Other recognized _flags_ for a SOCKSPort are:

    **NoIPv4Traffic**;;

        Tell exits to not connect to IPv4 addresses in response to SOCKS

        requests on this connection.

    **IPv6Traffic**;;

        Tell exits to allow IPv6 addresses in response to SOCKS requests on

        this connection, so long as SOCKS5 is in use.  (SOCKS4 can't handle

        IPv6.)

    **PreferIPv6**;;

        Tells exits that, if a host has both an IPv4 and an IPv6 address,

        we would prefer to connect to it via IPv6. (IPv4 is the default.)

**SOCKSListenAddress** __IP__[:__PORT__]::

    Bind to this address to listen for connections from Socks-speaking

    at the beginning of your exit policy. See above entry on ExitPolicy.

    (Default: 1)

**IPv6Exit** **0**|**1**::

    If set, and we are an exit node, allow clients to use us for IPv6

    traffic. (Default: 0)

**MaxOnionsPending** __NUM__::

    If you have more than this number of onionskins queued for decrypt, reject

    new ones. (Default: 100)

  a->family = AF_UNSPEC;

}

/** Set address <a>a</b> to the null address in address family <b>family</b>.

 * The null address for AF_INET is 0.0.0.0.  The null address for AF_INET6 is

 * [::].  AF_UNSPEC is all null. */

void

tor_addr_make_null(tor_addr_t *a, sa_family_t family)

{

  memset(a, 0, sizeof(*a));

  a->family = family;

}

/** Similar behavior to Unix gethostbyname: resolve <b>name</b>, and set

 * *<b>addr</b> to the proper IP address and family. The <b>family</b>

 * argument (which must be AF_INET, AF_INET6, or AF_UNSPEC) declares a

 *

 *  Return an address family on success, or -1 if an invalid address string is

 *  provided.

 *

 *  If 'flags & TAPMP_EXTENDED_STAR' is false, then the wildcard address '*'

 *  yield an IPv4 wildcard.

 *

 *  If 'flags & TAPMP_EXTENDED_STAR' is true, then the wildcard address '*'

 *  yields an AF_UNSPEC wildcard address, and the following change is made

 *  in the grammar above:

 *   Address ::= IPv4Address / "[" IPv6Address "]" / "*" / "*4" / "*6"

 *  with the new "*4" and "*6" productions creating a wildcard to match

 *  IPv4 or IPv6 addresses.

 *

 */

int

tor_addr_parse_mask_ports(const char *s, tor_addr_t *addr_out,

tor_addr_parse_mask_ports(const char *s,

                          unsigned flags,

                          tor_addr_t *addr_out,

                          maskbits_t *maskbits_out,

                          uint16_t *port_min_out, uint16_t *port_max_out)

{

  memset(addr_out, 0, sizeof(tor_addr_t));

  if (!strcmp(address, "*")) {

    family = AF_INET; /* AF_UNSPEC ???? XXXX_IP6 */

    if (flags & TAPMP_EXTENDED_STAR) {

      family = AF_UNSPEC;

      tor_addr_make_unspec(addr_out);

    } else {

      family = AF_INET;

      tor_addr_from_ipv4h(addr_out, 0);

    }

    any_flag = 1;

  } else if (!strcmp(address, "*4") && (flags & TAPMP_EXTENDED_STAR)) {

    family = AF_INET;

    tor_addr_from_ipv4h(addr_out, 0);

    any_flag = 1;

  } else if (!strcmp(address, "*6") && (flags & TAPMP_EXTENDED_STAR)) {

    static char nil_bytes[16] = { 0,0,0,0, 0,0,0,0, 0,0,0,0, 0,0,0,0 };

    family = AF_INET6;

    tor_addr_from_ipv6_bytes(addr_out, nil_bytes);

    any_flag = 1;

  } else if (tor_inet_pton(AF_INET6, address, &in6_tmp) > 0) {

    family = AF_INET6;

    tor_addr_from_in6(addr_out, &in6_tmp);

int tor_addr_from_sockaddr(tor_addr_t *a, const struct sockaddr *sa,

                           uint16_t *port_out);

void tor_addr_make_unspec(tor_addr_t *a);

void tor_addr_make_null(tor_addr_t *a, sa_family_t family);

char *tor_sockaddr_to_str(const struct sockaddr *sa);

/** Return an in6_addr* equivalent to <b>a</b>, or NULL if <b>a</b> is not

int tor_addr_port_lookup(const char *s, tor_addr_t *addr_out,

                        uint16_t *port_out);

int tor_addr_parse_mask_ports(const char *s,

#define TAPMP_EXTENDED_STAR 1

int tor_addr_parse_mask_ports(const char *s, unsigned flags,

                              tor_addr_t *addr_out, maskbits_t *mask_out,

                              uint16_t *port_min_out, uint16_t *port_max_out);

const char * tor_addr_to_str(char *dest, const tor_addr_t *addr, size_t len,