diff options
| -rw-r--r-- | src/or/or.h | 1 | ||||
| -rw-r--r-- | src/or/routers.c | 14 |
2 files changed, 10 insertions, 5 deletions
diff --git a/src/or/or.h b/src/or/or.h index c499982bb..6c28c639f 100644 --- a/src/or/or.h +++ b/src/or/or.h @@ -421,6 +421,7 @@ typedef struct { char *RouterFile; char *Nickname; char *Address; + char *ExitPolicy; double CoinWeight; int Daemon; int ORPort; diff --git a/src/or/routers.c b/src/or/routers.c index 5921ce9f1..4aef1cf14 100644 --- a/src/or/routers.c +++ b/src/or/routers.c @@ -1038,6 +1038,7 @@ policy_read_failed: */ int router_compare_to_exit_policy(connection_t *conn) { struct exit_policy_t *tmpe; + struct in_addr in; assert(desc_routerinfo); @@ -1045,10 +1046,14 @@ int router_compare_to_exit_policy(connection_t *conn) { assert(tmpe->address); assert(tmpe->port); - /* Totally ignore the address field of the exit policy, for now. */ - - if(!strcmp(tmpe->port,"*") || atoi(tmpe->port) == conn->port) { - log_fn(LOG_INFO,"Port '%s' matches '%d'. %s.", + if(inet_aton(tmpe->address,&in) == 0) { /* malformed IP. reject. */ + log_fn(LOG_WARNING,"Malformed IP %s in exit policy. Rejecting.",tmpe->address); + return -1; + } + if(conn->addr == ntohl(in.s_addr) && + (!strcmp(tmpe->port,"*") || atoi(tmpe->port) == conn->port)) { + log_fn(LOG_INFO,"Address '%s' matches '%s' and port '%s' matches '%d'. %s.", + tmpe->address, conn->address, tmpe->port, conn->port, tmpe->policy_type == EXIT_POLICY_ACCEPT ? "Accepting" : "Rejecting"); if(tmpe->policy_type == EXIT_POLICY_ACCEPT) @@ -1057,7 +1062,6 @@ int router_compare_to_exit_policy(connection_t *conn) { return -1; } } - return 0; /* accept all by default. */ } |