Skip to content
Snippets Groups Projects

Implement support for reachable_addrs

Merged Implement support for reachable_addrs
nickm/arti:reachable_addrs_v2 into main
Merged Nick Mathewson requested to merge nickm/arti:reachable_addrs_v2 into main

This branch implements our first "guard filter": a configuration parameter that lets you tell arti that your firewall will only support connecting to certain address/port combinations. The default is [ "*:*" ], of course. The most common value that people have used with C tor is [ "*:80", "*:443" ].

There's a fair amount of plumbing that goes into making this feature work:

  • In addition to implementing the filter itself, I needed to extend the behavior of guard filters so that they can also remove addresses from the ChanTargets that we return for guards.
  • We finally get support for having multiple independent GuardSets. For now we only have two, but we will add support for a third when we build bridge support, and maybe for more beyond that. See guard-spec.txt for more info.

This patch builds on !568 (merged), which taught GuardMgr about NetDirProvider.

Closes #93 (closed).

Closes #491 (closed).

Edited by Nick Mathewson

Merge request reports

Loading
Loading

Activity

Filter activity
  • Approvals
  • Assignees & reviewers
  • Comments (from bots)
  • Comments (from users)
  • Commits & branches
  • Edits
  • Labels
  • Lock status
  • Mentions
  • Merge request status
  • Tracking
  • Loading
  • Loading
  • Loading
  • Loading
  • Loading
  • Loading
  • Loading
  • Loading
  • Loading
  • Loading
Please register or sign in to reply