if (node->rejects_all)
return ADDR_POLICY_REJECTED;
- if (node->ri)
+ if (addr && tor_addr_family(addr) == AF_INET6) {
+ const short_policy_t *p = NULL;
+ if (node->ri)
+ p = node->ri->ipv6_exit_policy;
+ else if (node->md)
+ p = node->md->ipv6_exit_policy;
+ if (p)
+ return compare_tor_addr_to_short_policy(addr, port, p);
+ else
+ return ADDR_POLICY_REJECTED;
+ }
+
+ if (node->ri) {
return compare_tor_addr_to_addr_policy(addr, port, node->ri->exit_policy);
- else if (node->md) {
+ } else if (node->md) {
if (node->md->exit_policy == NULL)
return ADDR_POLICY_REJECTED;
else
return compare_tor_addr_to_short_policy(addr, port,
node->md->exit_policy);
- } else
+ } else {
return ADDR_POLICY_PROBABLY_REJECTED;
+ }
}
/** Implementation for GETINFO control command: knows the answer for questions
}
ri->policy_is_reject_star =
policy_is_reject_star(ri->exit_policy);
+#if 0
+ /* XXXX024 Don't actually enable this code until exiting to an IPv6
+ * address works. */
+ ri->ipv6_exit_policy = policy_summarize(&ri->exit_policy, AF_INET6);
+#endif
#if 0
/* XXXX NM NM I belive this is safe to remove */
}
}
+ if (router->ipv6_exit_policy) {
+ char *p6 = write_short_policy(router->ipv6_exit_policy);
+ if (p6 && strcmp(p6, "reject 1-65535")) {
+ result = tor_snprintf(s+written, maxlen-written,
+ "ipv6-policy %s\n", p6);
+ if (result<0) {
+ log_warn(LD_BUG,"Descriptor printf of policy ran out of room");
+ return -1;
+ }
+ written += result;
+ }
+ tor_free(p6);
+ }
+
if (written + DIROBJ_MAX_SIG_LEN > maxlen) {
/* Not enough room for signature. */
log_warn(LD_BUG,"not enough room left in descriptor for signature!");
projects / thirdparty / tor.git / commitdiff
