Merge branch 'bug8546_squashed'

Conflicts:
	src/or/connection.c
	src/or/or.h
	src/or/relay.c

changes/bug8546

@@ -0,0 +1,6 @@
+  o Code simplification and refactoring:
+    - Move fields related to isolating and configuring client ports
+      into a shared structure. Previously, they were duplicated across
+      port_cfg_t, listener_connection_t, and edge_connection_t.
+      Failure to copy one of them correctly had been the cause of at
+      least one bug in the past.

src/or/addressmap.c

@@ -676,10 +676,10 @@ client_dns_set_addressmap(entry_connection_t *for_conn,
     return; /* If address was an IP address already, don't add a mapping. */
 
   if (tor_addr_family(val) == AF_INET) {
-    if (! for_conn->cache_ipv4_answers)
+    if (! for_conn->entry_cfg.cache_ipv4_answers)
       return;
   } else if (tor_addr_family(val) == AF_INET6) {
-    if (! for_conn->cache_ipv6_answers)
+    if (! for_conn->entry_cfg.cache_ipv6_answers)
       return;
   }
 
@@ -708,8 +708,8 @@ client_dns_set_reverse_addressmap(entry_connection_t *for_conn,
   {
     tor_addr_t tmp_addr;
     sa_family_t f = tor_addr_parse(&tmp_addr, address);
-    if ((f == AF_INET && ! for_conn->cache_ipv4_answers) ||
-        (f == AF_INET6 && ! for_conn->cache_ipv6_answers))
+    if ((f == AF_INET && ! for_conn->entry_cfg.cache_ipv4_answers) ||
+        (f == AF_INET6 && ! for_conn->entry_cfg.cache_ipv6_answers))
       return;
   }
   tor_asprintf(&s, "REVERSE[%s]", address);

src/or/config.c

@@ -5512,9 +5512,9 @@ static port_cfg_t *
 port_cfg_new(void)
 {
   port_cfg_t *cfg = tor_malloc_zero(sizeof(port_cfg_t));
-  cfg->ipv4_traffic = 1;
-  cfg->cache_ipv4_answers = 1;
-  cfg->prefer_ipv6_virtaddr = 1;
+  cfg->entry_cfg.ipv4_traffic = 1;
+  cfg->entry_cfg.cache_ipv4_answers = 1;
+  cfg->entry_cfg.prefer_ipv6_virtaddr = 1;
   return cfg;
 }
 
@@ -5721,10 +5721,10 @@ parse_port_config(smartlist_t *out,
       cfg->type = listener_type;
       cfg->port = mainport;
       tor_addr_make_unspec(&cfg->addr); /* Server ports default to 0.0.0.0 */
-      cfg->no_listen = 1;
-      cfg->bind_ipv4_only = 1;
-      cfg->ipv4_traffic = 1;
-      cfg->prefer_ipv6_virtaddr = 1;
+      cfg->server_cfg.no_listen = 1;
+      cfg->server_cfg.bind_ipv4_only = 1;
+      cfg->entry_cfg.ipv4_traffic = 1;
+      cfg->entry_cfg.prefer_ipv6_virtaddr = 1;
       smartlist_add(out, cfg);
     }
 
@@ -5741,9 +5741,9 @@ parse_port_config(smartlist_t *out,
         cfg->type = listener_type;
         cfg->port = port ? port : mainport;
         tor_addr_copy(&cfg->addr, &addr);
-        cfg->session_group = SESSION_GROUP_UNSET;
-        cfg->isolation_flags = ISO_DEFAULT;
-        cfg->no_advertise = 1;
+        cfg->entry_cfg.session_group = SESSION_GROUP_UNSET;
+        cfg->entry_cfg.isolation_flags = ISO_DEFAULT;
+        cfg->server_cfg.no_advertise = 1;
         smartlist_add(out, cfg);
       }
     }
@@ -5767,8 +5767,8 @@ parse_port_config(smartlist_t *out,
        cfg->type = listener_type;
        cfg->port = defaultport;
        tor_addr_parse(&cfg->addr, defaultaddr);
-       cfg->session_group = SESSION_GROUP_UNSET;
-       cfg->isolation_flags = ISO_DEFAULT;
+       cfg->entry_cfg.session_group = SESSION_GROUP_UNSET;
+       cfg->entry_cfg.isolation_flags = ISO_DEFAULT;
        smartlist_add(out, cfg);
     }
     return 0;
@@ -5998,24 +5998,24 @@ parse_port_config(smartlist_t *out,
       tor_addr_copy(&cfg->addr, &addr);
       cfg->port = port;
       cfg->type = listener_type;
-      cfg->isolation_flags = isolation;
-      cfg->session_group = sessiongroup;
-      cfg->no_advertise = no_advertise;
-      cfg->no_listen = no_listen;
-      cfg->all_addrs = all_addrs;
-      cfg->bind_ipv4_only = bind_ipv4_only;
-      cfg->bind_ipv6_only = bind_ipv6_only;
-      cfg->ipv4_traffic = ipv4_traffic;
-      cfg->ipv6_traffic = ipv6_traffic;
-      cfg->prefer_ipv6 = prefer_ipv6;
-      cfg->cache_ipv4_answers = cache_ipv4;
-      cfg->cache_ipv6_answers = cache_ipv6;
-      cfg->use_cached_ipv4_answers = use_cached_ipv4;
-      cfg->use_cached_ipv6_answers = use_cached_ipv6;
-      cfg->prefer_ipv6_virtaddr = prefer_ipv6_automap;
-      cfg->socks_prefer_no_auth = prefer_no_auth;
+      cfg->entry_cfg.isolation_flags = isolation;
+      cfg->entry_cfg.session_group = sessiongroup;
+      cfg->server_cfg.no_advertise = no_advertise;
+      cfg->server_cfg.no_listen = no_listen;
+      cfg->server_cfg.all_addrs = all_addrs;
+      cfg->server_cfg.bind_ipv4_only = bind_ipv4_only;
+      cfg->server_cfg.bind_ipv6_only = bind_ipv6_only;
+      cfg->entry_cfg.ipv4_traffic = ipv4_traffic;
+      cfg->entry_cfg.ipv6_traffic = ipv6_traffic;
+      cfg->entry_cfg.prefer_ipv6 = prefer_ipv6;
+      cfg->entry_cfg.cache_ipv4_answers = cache_ipv4;
+      cfg->entry_cfg.cache_ipv6_answers = cache_ipv6;
+      cfg->entry_cfg.use_cached_ipv4_answers = use_cached_ipv4;
+      cfg->entry_cfg.use_cached_ipv6_answers = use_cached_ipv6;
+      cfg->entry_cfg.prefer_ipv6_virtaddr = prefer_ipv6_automap;
+      cfg->entry_cfg.socks_prefer_no_auth = prefer_no_auth;
       if (! (isolation & ISO_SOCKSAUTH))
-        cfg->socks_prefer_no_auth = 1;
+        cfg->entry_cfg.socks_prefer_no_auth = 1;
 
       smartlist_add(out, cfg);
     }
@@ -6089,10 +6089,10 @@ parse_unix_socket_config(smartlist_t *out, smartlist_t *defaults,
          * now, some reasonable defaults.
          */
 
-        port->ipv4_traffic = 1;
-        port->ipv6_traffic = 1;
-        port->cache_ipv4_answers = 1;
-        port->cache_ipv6_answers = 1;
+        port->entry_cfg.ipv4_traffic = 1;
+        port->entry_cfg.ipv6_traffic = 1;
+        port->entry_cfg.cache_ipv4_answers = 1;
+        port->entry_cfg.cache_ipv6_answers = 1;
       }
       smartlist_add(ports_to_add, port);
     } else {
@@ -6142,7 +6142,7 @@ count_real_listeners(const smartlist_t *ports, int listenertype)
 {
   int n = 0;
   SMARTLIST_FOREACH_BEGIN(ports, port_cfg_t *, port) {
-    if (port->no_listen || port->is_unix_addr)
+    if (port->server_cfg.no_listen || port->is_unix_addr)
       continue;
     if (port->type != listenertype)
       continue;
@@ -6327,25 +6327,25 @@ check_server_ports(const smartlist_t *ports,
 
   SMARTLIST_FOREACH_BEGIN(ports, const port_cfg_t *, port) {
     if (port->type == CONN_TYPE_DIR_LISTENER) {
-      if (! port->no_advertise)
+      if (! port->server_cfg.no_advertise)
         ++n_dirport_advertised;
-      if (! port->no_listen)
+      if (! port->server_cfg.no_listen)
         ++n_dirport_listeners;
     } else if (port->type == CONN_TYPE_OR_LISTENER) {
-      if (! port->no_advertise) {
+      if (! port->server_cfg.no_advertise) {
         ++n_orport_advertised;
         if (tor_addr_family(&port->addr) == AF_INET ||
             (tor_addr_family(&port->addr) == AF_UNSPEC &&
-                !port->bind_ipv6_only))
+                !port->server_cfg.bind_ipv6_only))
           ++n_orport_advertised_ipv4;
       }
-      if (! port->no_listen)
+      if (! port->server_cfg.no_listen)
         ++n_orport_listeners;
     } else {
       continue;
     }
 #ifndef _WIN32
-    if (!port->no_listen && port->port < 1024)
+    if (!port->server_cfg.no_listen && port->port < 1024)
       ++n_low_port;
 #endif
   } SMARTLIST_FOREACH_END(port);
@@ -6423,7 +6423,7 @@ get_first_listener_addrport_string(int listener_type)
     return NULL;
 
   SMARTLIST_FOREACH_BEGIN(configured_ports, const port_cfg_t *, cfg) {
-    if (cfg->no_listen)
+    if (cfg->server_cfg.no_listen)
       continue;
 
     if (cfg->type == listener_type &&
@@ -6470,12 +6470,12 @@ get_first_advertised_port_by_type_af(int listener_type, int address_family)
     return 0;
   SMARTLIST_FOREACH_BEGIN(configured_ports, const port_cfg_t *, cfg) {
     if (cfg->type == listener_type &&
-        !cfg->no_advertise &&
+        !cfg->server_cfg.no_advertise &&
         (tor_addr_family(&cfg->addr) == address_family ||
          tor_addr_family(&cfg->addr) == AF_UNSPEC)) {
       if (tor_addr_family(&cfg->addr) != AF_UNSPEC ||
-          (address_family == AF_INET && !cfg->bind_ipv6_only) ||
-          (address_family == AF_INET6 && !cfg->bind_ipv4_only)) {
+          (address_family == AF_INET && !cfg->server_cfg.bind_ipv6_only) ||
+          (address_family == AF_INET6 && !cfg->server_cfg.bind_ipv4_only)) {
         return cfg->port;
       }
     }

src/or/connection.c

@@ -305,9 +305,9 @@ entry_connection_new(int type, int socket_family)
    * in a little while.  Otherwise, we're doing this as a linked connection
    * of some kind, and we should set it up here based on the socket family */
   if (socket_family == AF_INET)
-    entry_conn->ipv4_traffic_ok = 1;
+    entry_conn->entry_cfg.ipv4_traffic = 1;
   else if (socket_family == AF_INET6)
-    entry_conn->ipv6_traffic_ok = 1;
+    entry_conn->entry_cfg.ipv6_traffic = 1;
   else if (socket_family == AF_UNIX)
     entry_conn->is_socks_socket = 1;
   return entry_conn;
@@ -1277,10 +1277,10 @@ connection_listener_new(const struct sockaddr *listensockaddr,
   conn->port = gotPort;
   tor_addr_copy(&conn->addr, &addr);
 
-  if (port_cfg->isolation_flags) {
-    lis_conn->isolation_flags = port_cfg->isolation_flags;
-    if (port_cfg->session_group >= 0) {
-      lis_conn->session_group = port_cfg->session_group;
+  if (port_cfg->entry_cfg.isolation_flags) {
+    lis_conn->entry_cfg.isolation_flags = port_cfg->entry_cfg.isolation_flags;
+    if (port_cfg->entry_cfg.session_group >= 0) {
+      lis_conn->entry_cfg.session_group = port_cfg->entry_cfg.session_group;
     } else {
       /* This can wrap after around INT_MAX listeners are opened.  But I don't
        * believe that matters, since you would need to open a ridiculous
@@ -1288,23 +1288,17 @@ connection_listener_new(const struct sockaddr *listensockaddr,
        * hit this.  An OR with a dozen ports open, for example, would have to
        * close and re-open its listeners every second for 4 years nonstop.
        */
-      lis_conn->session_group = global_next_session_group--;
+      lis_conn->entry_cfg.session_group = global_next_session_group--;
     }
   }
-  if (type == CONN_TYPE_AP_LISTENER) {
-    lis_conn->socks_ipv4_traffic = port_cfg->ipv4_traffic;
-    lis_conn->socks_ipv6_traffic = port_cfg->ipv6_traffic;
-    lis_conn->socks_prefer_ipv6 = port_cfg->prefer_ipv6;
-  } else {
-    lis_conn->socks_ipv4_traffic = 1;
-    lis_conn->socks_ipv6_traffic = 1;
+
+  memcpy(&lis_conn->entry_cfg, &port_cfg->entry_cfg, sizeof(entry_port_cfg_t));
+
+  if (type != CONN_TYPE_AP_LISTENER) {
+    lis_conn->entry_cfg.ipv4_traffic = 1;
+    lis_conn->entry_cfg.ipv6_traffic = 1;
+    lis_conn->entry_cfg.prefer_ipv6 = 0;
   }
-  lis_conn->cache_ipv4_answers = port_cfg->cache_ipv4_answers;
-  lis_conn->cache_ipv6_answers = port_cfg->cache_ipv6_answers;
-  lis_conn->use_cached_ipv4_answers = port_cfg->use_cached_ipv4_answers;
-  lis_conn->use_cached_ipv6_answers = port_cfg->use_cached_ipv6_answers;
-  lis_conn->prefer_ipv6_virtaddr = port_cfg->prefer_ipv6_virtaddr;
-  lis_conn->socks_prefer_no_auth = port_cfg->socks_prefer_no_auth;
 
   if (connection_add(conn) < 0) { /* no space, forget it */
     log_warn(LD_NET,"connection_add for listener failed. Giving up.");
@@ -1502,15 +1496,11 @@ connection_handle_listener_read(connection_t *conn, int new_type)
     if (new_type == CONN_TYPE_AP && conn->socket_family != AF_UNIX) {
       log_info(LD_NET, "New SOCKS connection opened from %s.",
                fmt_and_decorate_addr(&addr));
-      TO_ENTRY_CONN(newconn)->socks_request->socks_prefer_no_auth =
-        TO_LISTENER_CONN(conn)->socks_prefer_no_auth;
     }
     if (new_type == CONN_TYPE_AP && conn->socket_family == AF_UNIX) {
       newconn->port = 0;
       newconn->address = tor_strdup(conn->address);
       log_info(LD_NET, "New SOCKS SocksSocket connection opened");
-      TO_ENTRY_CONN(newconn)->socks_request->socks_prefer_no_auth =
-        TO_LISTENER_CONN(conn)->socks_prefer_no_auth;
     }
     if (new_type == CONN_TYPE_CONTROL) {
       log_notice(LD_CONTROL, "New control connection opened from %s.",
@@ -1572,25 +1562,16 @@ connection_init_accepted_conn(connection_t *conn,
       return rv;
       break;
     case CONN_TYPE_AP:
-      TO_ENTRY_CONN(conn)->isolation_flags = listener->isolation_flags;
-      TO_ENTRY_CONN(conn)->session_group = listener->session_group;
+      memcpy(&TO_ENTRY_CONN(conn)->entry_cfg, &listener->entry_cfg,
+             sizeof(entry_port_cfg_t));
       TO_ENTRY_CONN(conn)->nym_epoch = get_signewnym_epoch();
       TO_ENTRY_CONN(conn)->socks_request->listener_type = listener->base_.type;
-      TO_ENTRY_CONN(conn)->ipv4_traffic_ok = listener->socks_ipv4_traffic;
-      TO_ENTRY_CONN(conn)->ipv6_traffic_ok = listener->socks_ipv6_traffic;
-      TO_ENTRY_CONN(conn)->prefer_ipv6_traffic = listener->socks_prefer_ipv6;
-      TO_ENTRY_CONN(conn)->cache_ipv4_answers = listener->cache_ipv4_answers;
-      TO_ENTRY_CONN(conn)->cache_ipv6_answers = listener->cache_ipv6_answers;
-      TO_ENTRY_CONN(conn)->use_cached_ipv4_answers =
-        listener->use_cached_ipv4_answers;
-      TO_ENTRY_CONN(conn)->use_cached_ipv6_answers =
-        listener->use_cached_ipv6_answers;
-      TO_ENTRY_CONN(conn)->prefer_ipv6_virtaddr =
-        listener->prefer_ipv6_virtaddr;
 
       switch (TO_CONN(listener)->type) {
         case CONN_TYPE_AP_LISTENER:
           conn->state = AP_CONN_STATE_SOCKS_WAIT;
+          TO_ENTRY_CONN(conn)->socks_request->socks_prefer_no_auth =
+            listener->entry_cfg.socks_prefer_no_auth;
           break;
         case CONN_TYPE_AP_TRANS_LISTENER:
           TO_ENTRY_CONN(conn)->is_transparent_ap = 1;
@@ -2273,7 +2254,7 @@ retry_listener_ports(smartlist_t *old_conns,
           (conn->socket_family == AF_UNIX && ! wanted->is_unix_addr))
         continue;
 
-      if (wanted->no_listen)
+      if (wanted->server_cfg.no_listen)
         continue; /* We don't want to open a listener for this one */
 
       if (wanted->is_unix_addr) {
@@ -2314,7 +2295,7 @@ retry_listener_ports(smartlist_t *old_conns,
     connection_t *conn;
     int real_port = port->port == CFG_AUTO_PORT ? 0 : port->port;
     tor_assert(real_port <= UINT16_MAX);
-    if (port->no_listen)
+    if (port->server_cfg.no_listen)
       continue;
 
     if (port->is_unix_addr) {

src/or/connection_edge.c

@@ -968,9 +968,9 @@ connection_ap_handshake_rewrite_and_attach(entry_connection_t *conn,
       const char *new_addr;
       int addr_type = RESOLVED_TYPE_IPV4;
       if (conn->socks_request->socks_version != 4) {
-        if (!conn->ipv4_traffic_ok ||
-            (conn->ipv6_traffic_ok && conn->prefer_ipv6_traffic) ||
-            conn->prefer_ipv6_virtaddr)
+        if (!conn->entry_cfg.ipv4_traffic ||
+            (conn->entry_cfg.ipv6_traffic && conn->entry_cfg.prefer_ipv6) ||
+            conn->entry_cfg.prefer_ipv6_virtaddr)
           addr_type = RESOLVED_TYPE_IPV6;
       }
       new_addr = addressmap_register_virtual_address(
@@ -990,9 +990,9 @@ connection_ap_handshake_rewrite_and_attach(entry_connection_t *conn,
 
   if (socks->command == SOCKS_COMMAND_RESOLVE_PTR) {
     unsigned rewrite_flags = 0;
-    if (conn->use_cached_ipv4_answers)
+    if (conn->entry_cfg.use_cached_ipv4_answers)
       rewrite_flags |= AMR_FLAG_USE_IPV4_DNS;
-    if (conn->use_cached_ipv6_answers)
+    if (conn->entry_cfg.use_cached_ipv6_answers)
       rewrite_flags |= AMR_FLAG_USE_IPV6_DNS;
 
     if (addressmap_rewrite_reverse(socks->address, sizeof(socks->address),
@@ -1028,9 +1028,9 @@ connection_ap_handshake_rewrite_and_attach(entry_connection_t *conn,
   } else if (!automap) {
     /* For address map controls, remap the address. */
     unsigned rewrite_flags = 0;
-    if (conn->use_cached_ipv4_answers)
+    if (conn->entry_cfg.use_cached_ipv4_answers)
       rewrite_flags |= AMR_FLAG_USE_IPV4_DNS;
-    if (conn->use_cached_ipv6_answers)
+    if (conn->entry_cfg.use_cached_ipv6_answers)
       rewrite_flags |= AMR_FLAG_USE_IPV6_DNS;
     if (addressmap_rewrite(socks->address, sizeof(socks->address),
                            rewrite_flags, &map_expires, &exit_source)) {
@@ -1235,8 +1235,8 @@ connection_ap_handshake_rewrite_and_attach(entry_connection_t *conn,
         /* XXX Duplicate call to tor_addr_parse. */
         if (tor_addr_parse(&addr, socks->address) >= 0) {
           sa_family_t family = tor_addr_family(&addr);
-          if ((family == AF_INET && ! conn->ipv4_traffic_ok) ||
-              (family == AF_INET6 && ! conn->ipv4_traffic_ok)) {
+          if ((family == AF_INET && ! conn->entry_cfg.ipv4_traffic) ||
+              (family == AF_INET6 && ! conn->entry_cfg.ipv4_traffic)) {
             log_warn(LD_NET, "Rejecting SOCKS request for an IP address "
                      "family that this listener does not support.");
             connection_mark_unattached_ap(conn, END_STREAM_REASON_ENTRYPOLICY);
@@ -1245,21 +1245,21 @@ connection_ap_handshake_rewrite_and_attach(entry_connection_t *conn,
             log_warn(LD_NET, "Rejecting SOCKS4 request for an IPv6 address.");
             connection_mark_unattached_ap(conn, END_STREAM_REASON_ENTRYPOLICY);
             return -1;
-          } else if (socks->socks_version == 4 && !conn->ipv4_traffic_ok) {
+          } else if (socks->socks_version == 4 && !conn->entry_cfg.ipv4_traffic) {
             log_warn(LD_NET, "Rejecting SOCKS4 request on a listener with "
                      "no IPv4 traffic supported.");
             connection_mark_unattached_ap(conn, END_STREAM_REASON_ENTRYPOLICY);
             return -1;
           } else if (family == AF_INET6) {
-            conn->ipv4_traffic_ok = 0;
+            conn->entry_cfg.ipv4_traffic = 0;
           } else if (family == AF_INET) {
-            conn->ipv6_traffic_ok = 0;
+            conn->entry_cfg.ipv6_traffic = 0;
           }
         }
       }
 
       if (socks->socks_version == 4)
-        conn->ipv6_traffic_ok = 0;
+        conn->entry_cfg.ipv6_traffic = 0;
 
       if (!conn->use_begindir && !conn->chosen_exit_name && !circ) {
         /* see if we can find a suitable enclave exit */
@@ -1826,19 +1826,19 @@ connection_ap_get_begincell_flags(entry_connection_t *ap_conn)
     return 0;
 
   /* If only IPv4 is supported, no flags */
-  if (ap_conn->ipv4_traffic_ok && !ap_conn->ipv6_traffic_ok)
+  if (ap_conn->entry_cfg.ipv4_traffic && !ap_conn->entry_cfg.ipv6_traffic)
     return 0;
 
   if (! cpath_layer ||
       ! cpath_layer->extend_info)
     return 0;
 
-  if (!ap_conn->ipv4_traffic_ok)
+  if (!ap_conn->entry_cfg.ipv4_traffic)
     flags |= BEGIN_FLAG_IPV4_NOT_OK;
 
   exitnode = node_get_by_id(cpath_layer->extend_info->identity_digest);
 
-  if (ap_conn->ipv6_traffic_ok && exitnode) {
+  if (ap_conn->entry_cfg.ipv6_traffic && exitnode) {
     tor_addr_t a;
     tor_addr_make_null(&a, AF_INET6);
     if (compare_tor_addr_to_node_policy(&a, ap_conn->socks_request->port,
@@ -1853,7 +1853,7 @@ connection_ap_get_begincell_flags(entry_connection_t *ap_conn)
   if (flags == BEGIN_FLAG_IPV6_OK) {
     /* When IPv4 and IPv6 are both allowed, consider whether to say we
      * prefer IPv6.  Otherwise there's no point in declaring a preference */
-    if (ap_conn->prefer_ipv6_traffic)
+    if (ap_conn->entry_cfg.prefer_ipv6)
       flags |= BEGIN_FLAG_IPV6_PREFERRED;
   }
 
@@ -2090,8 +2090,8 @@ connection_ap_make_link(connection_t *partner,
   /* Populate isolation fields. */
   conn->socks_request->listener_type = CONN_TYPE_DIR_LISTENER;
   conn->original_dest_address = tor_strdup(address);
-  conn->session_group = session_group;
-  conn->isolation_flags = isolation_flags;
+  conn->entry_cfg.session_group = session_group;
+  conn->entry_cfg.isolation_flags = isolation_flags;
 
   base_conn->address = tor_strdup("(Tor_internal)");
   tor_addr_make_unspec(&base_conn->addr);
@@ -2947,10 +2947,10 @@ connection_ap_can_use_exit(const entry_connection_t *conn, const node_t *exit)
     addr_policy_result_t r;
     if (0 == tor_addr_parse(&addr, conn->socks_request->address)) {
       addrp = &addr;
-    } else if (!conn->ipv4_traffic_ok && conn->ipv6_traffic_ok) {
+    } else if (!conn->entry_cfg.ipv4_traffic && conn->entry_cfg.ipv6_traffic) {
       tor_addr_make_null(&addr, AF_INET6);
       addrp = &addr;
-    } else if (conn->ipv4_traffic_ok && !conn->ipv6_traffic_ok) {
+    } else if (conn->entry_cfg.ipv4_traffic && !conn->entry_cfg.ipv6_traffic) {
       tor_addr_make_null(&addr, AF_INET);
       addrp = &addr;
     }
@@ -3056,7 +3056,7 @@ int
 connection_edge_compatible_with_circuit(const entry_connection_t *conn,
                                         const origin_circuit_t *circ)
 {
-  const uint8_t iso = conn->isolation_flags;
+  const uint8_t iso = conn->entry_cfg.isolation_flags;
   const socks_request_t *sr = conn->socks_request;
 
   /* If circ has never been used for an isolated connection, we can
@@ -3105,7 +3105,7 @@ connection_edge_compatible_with_circuit(const entry_connection_t *conn,
   if ((iso & ISO_CLIENTADDR) &&
       !tor_addr_eq(&ENTRY_TO_CONN(conn)->addr, &circ->client_addr))
     return 0;
-  if ((iso & ISO_SESSIONGRP) && conn->session_group != circ->session_group)
+  if ((iso & ISO_SESSIONGRP) && conn->entry_cfg.session_group != circ->session_group)
     return 0;
   if ((iso & ISO_NYM_EPOCH) && conn->nym_epoch != circ->nym_epoch)
     return 0;
@@ -3144,7 +3144,7 @@ connection_edge_update_circuit_isolation(const entry_connection_t *conn,
     circ->client_proto_type = conn->socks_request->listener_type;
     circ->client_proto_socksver = conn->socks_request->socks_version;
     tor_addr_copy(&circ->client_addr, &ENTRY_TO_CONN(conn)->addr);
-    circ->session_group = conn->session_group;
+    circ->session_group = conn->entry_cfg.session_group;
     circ->nym_epoch = conn->nym_epoch;
     circ->socks_username = sr->username ?
       tor_memdup(sr->username, sr->usernamelen) : NULL;
@@ -3171,7 +3171,7 @@ connection_edge_update_circuit_isolation(const entry_connection_t *conn,
       mixed |= ISO_CLIENTPROTO;
     if (!tor_addr_eq(&ENTRY_TO_CONN(conn)->addr, &circ->client_addr))
       mixed |= ISO_CLIENTADDR;
-    if (conn->session_group != circ->session_group)
+    if (conn->entry_cfg.session_group != circ->session_group)
       mixed |= ISO_SESSIONGRP;
     if (conn->nym_epoch != circ->nym_epoch)
       mixed |= ISO_NYM_EPOCH;
@@ -3179,7 +3179,7 @@ connection_edge_update_circuit_isolation(const entry_connection_t *conn,
     if (dry_run)
       return mixed;
 
-    if ((mixed & conn->isolation_flags) != 0) {
+    if ((mixed & conn->entry_cfg.isolation_flags) != 0) {
       log_warn(LD_BUG, "Updating a circuit with seemingly incompatible "
                "isolation flags.");
     }

src/or/dnsserv.c

@@ -141,13 +141,13 @@ evdns_server_callback(struct evdns_server_request *req, void *data_)
   }
 
   if (q->type == EVDNS_TYPE_A || q->type == EVDNS_QTYPE_ALL) {
-    entry_conn->ipv4_traffic_ok = 1;
-    entry_conn->ipv6_traffic_ok = 0;
-    entry_conn->prefer_ipv6_traffic = 0;
+    entry_conn->entry_cfg.ipv4_traffic = 1;
+    entry_conn->entry_cfg.ipv6_traffic = 0;
+    entry_conn->entry_cfg.prefer_ipv6 = 0;
   } else if (q->type == EVDNS_TYPE_AAAA) {
-    entry_conn->ipv4_traffic_ok = 0;
-    entry_conn->ipv6_traffic_ok = 1;
-    entry_conn->prefer_ipv6_traffic = 1;
+    entry_conn->entry_cfg.ipv4_traffic = 0;
+    entry_conn->entry_cfg.ipv6_traffic = 1;
+    entry_conn->entry_cfg.prefer_ipv6 = 1;
   }
 
   strlcpy(entry_conn->socks_request->address, q->name,
@@ -155,8 +155,8 @@ evdns_server_callback(struct evdns_server_request *req, void *data_)
 
   entry_conn->socks_request->listener_type = listener->base_.type;
   entry_conn->dns_server_request = req;
-  entry_conn->isolation_flags = listener->isolation_flags;
-  entry_conn->session_group = listener->session_group;
+  entry_conn->entry_cfg.isolation_flags = listener->entry_cfg.isolation_flags;
+  entry_conn->entry_cfg.session_group = listener->entry_cfg.session_group;
   entry_conn->nym_epoch = get_signewnym_epoch();
 
   if (connection_add(ENTRY_TO_CONN(entry_conn)) < 0) {
@@ -232,9 +232,9 @@ dnsserv_launch_request(const char *name, int reverse,
 
   entry_conn->socks_request->listener_type = CONN_TYPE_CONTROL_LISTENER;
   entry_conn->original_dest_address = tor_strdup(name);
-  entry_conn->session_group = SESSION_GROUP_CONTROL_RESOLVE;
+  entry_conn->entry_cfg.session_group = SESSION_GROUP_CONTROL_RESOLVE;
   entry_conn->nym_epoch = get_signewnym_epoch();
-  entry_conn->isolation_flags = ISO_DEFAULT;
+  entry_conn->entry_cfg.isolation_flags = ISO_DEFAULT;
 
   if (connection_add(TO_CONN(conn))<0) {
     log_warn(LD_APP, "Couldn't register dummy connection for RESOLVE request");

src/or/or.h

@@ -1143,6 +1143,51 @@ typedef struct socks_request_t socks_request_t;
 #define generic_buffer_t buf_t
 #endif
 
+typedef struct entry_port_cfg_t {
+  /* Client port types (socks, dns, trans, natd) only: */
+  uint8_t isolation_flags; /**< Zero or more isolation flags */
+  int session_group; /**< A session group, or -1 if this port is not in a
+                      * session group. */
+
+  /* Socks only: */
+  /** When both no-auth and user/pass are advertised by a SOCKS client, select
+   * no-auth. */
+  unsigned int socks_prefer_no_auth : 1;
+
+  /* Client port types only: */
+  unsigned int ipv4_traffic : 1;
+  unsigned int ipv6_traffic : 1;
+  unsigned int prefer_ipv6 : 1;
+
+  /** For a socks listener: should we cache IPv4/IPv6 DNS information that
+   * exit nodes tell us?
+   *
+   * @{ */
+  unsigned int cache_ipv4_answers : 1;
+  unsigned int cache_ipv6_answers : 1;
+  /** @} */
+  /** For a socks listeners: if we find an answer in our client-side DNS cache,
+   * should we use it?
+   *
+   * @{ */
+  unsigned int use_cached_ipv4_answers : 1;
+  unsigned int use_cached_ipv6_answers : 1;
+  /** @} */
+  /** For socks listeners: When we can automap an address to IPv4 or IPv6,
+   * do we prefer IPv6? */
+  unsigned int prefer_ipv6_virtaddr : 1;
+
+} entry_port_cfg_t;
+
+typedef struct server_port_cfg_t {
+  /* Server port types (or, dir) only: */
+  unsigned int no_advertise : 1;
+  unsigned int no_listen : 1;
+  unsigned int all_addrs : 1;
+  unsigned int bind_ipv4_only : 1;
+  unsigned int bind_ipv6_only : 1;
+} server_port_cfg_t;
+
 /* Values for connection_t.magic: used to make sure that downcasts (casts from
 * connection_t to foo_connection_t) are safe. */
 #define BASE_CONNECTION_MAGIC 0x7C3C304Eu
@@ -1278,52 +1323,7 @@ typedef struct listener_connection_t {
    * to the evdns_server_port it uses to listen to and answer connections. */
   struct evdns_server_port *dns_server_port;
 
-  /** @name Isolation parameters
-   *
-   * For an AP listener, these fields describe how to isolate streams that
-   * arrive on the listener.
-   *
-   * @{
-   */
-  /** The session group for this listener. */
-  int session_group;
-  /** One or more ISO_ flags to describe how to isolate streams. */
-  uint8_t isolation_flags;
-  /**@}*/
-  /** For SOCKS connections only: If this is set, we will choose "no
-   * authentication" instead of "username/password" authentication if both
-   * are offered. Used as input to parse_socks. */
-  unsigned int socks_prefer_no_auth : 1;
-
-  /** For a SOCKS listeners, these fields describe whether we should
-   * allow IPv4 and IPv6 addresses from our exit nodes, respectively.
-   *
-   * @{
-   */
-  unsigned int socks_ipv4_traffic : 1;
-  unsigned int socks_ipv6_traffic : 1;
-  /** @} */
-  /** For a socks listener: should we tell the exit that we prefer IPv6
-   * addresses? */
-  unsigned int socks_prefer_ipv6 : 1;
-
-  /** For a socks listener: should we cache IPv4/IPv6 DNS information that
-   * exit nodes tell us?
-   *
-   * @{ */
-  unsigned int cache_ipv4_answers : 1;
-  unsigned int cache_ipv6_answers : 1;
-  /** @} */
-  /** For a socks listeners: if we find an answer in our client-side DNS cache,
-   * should we use it?
-   *
-   * @{ */
-  unsigned int use_cached_ipv4_answers : 1;
-  unsigned int use_cached_ipv6_answers : 1;
-  /** @} */
-  /** For socks listeners: When we can automap an address to IPv4 or IPv6,
-   * do we prefer IPv6? */
-  unsigned int prefer_ipv6_virtaddr : 1;
+  entry_port_cfg_t entry_cfg;
 
 } listener_connection_t;
 
@@ -1611,12 +1611,10 @@ typedef struct entry_connection_t {
                                    * only.) */
 
   /* === Isolation related, AP only. === */
-  /** AP only: based on which factors do we isolate this stream? */
-  uint8_t isolation_flags;
-  /** AP only: what session group is this stream in? */
-  int session_group;
+  entry_port_cfg_t entry_cfg;
   /** AP only: The newnym epoch in which we created this connection. */
   unsigned nym_epoch;
+
   /** AP only: The original requested address before we rewrote it. */
   char *original_dest_address;
   /* Other fields to isolate on already exist.  The ClientAddr is addr.  The
@@ -1675,36 +1673,8 @@ typedef struct entry_connection_t {
    */
   unsigned int may_use_optimistic_data : 1;
 
-  /** Should we permit IPv4 and IPv6 traffic to use this connection?
-   *
-   * @{ */
-  unsigned int ipv4_traffic_ok : 1;
-  unsigned int ipv6_traffic_ok : 1;
-  /** @} */
-  /** Should we say we prefer IPv6 traffic? */
-  unsigned int prefer_ipv6_traffic : 1;
-
-  /** For a socks listener: should we cache IPv4/IPv6 DNS information that
-   * exit nodes tell us?
-   *
-   * @{ */
-  unsigned int cache_ipv4_answers : 1;
-  unsigned int cache_ipv6_answers : 1;
-  /** @} */
-  /** For a socks listeners: if we find an answer in our client-side DNS cache,
-   * should we use it?
-   *
-   * @{ */
-  unsigned int use_cached_ipv4_answers : 1;
-  unsigned int use_cached_ipv6_answers : 1;
-  /** @} */
-  /** For socks listeners: When we can automap an address to IPv4 or IPv6,
-   * do we prefer IPv6? */
-  unsigned int prefer_ipv6_virtaddr : 1;
-
   /** Are we a socks SocksSocket listener? */
   unsigned int is_socks_socket:1;
-
 } entry_connection_t;
 
 typedef enum {
@@ -3345,44 +3315,9 @@ typedef struct port_cfg_t {
   uint8_t type; /**< One of CONN_TYPE_*_LISTENER */
   unsigned is_unix_addr : 1; /**< True iff this is an AF_UNIX address. */
 
-  /* Client port types (socks, dns, trans, natd) only: */
-  uint8_t isolation_flags; /**< Zero or more isolation flags */
-  int session_group; /**< A session group, or -1 if this port is not in a
-                      * session group. */
-  /* Socks only: */
-  /** When both no-auth and user/pass are advertised by a SOCKS client, select
-   * no-auth. */
-  unsigned int socks_prefer_no_auth : 1;
+  entry_port_cfg_t entry_cfg;
 
-  /* Server port types (or, dir) only: */
-  unsigned int no_advertise : 1;
-  unsigned int no_listen : 1;
-  unsigned int all_addrs : 1;
-  unsigned int bind_ipv4_only : 1;
-  unsigned int bind_ipv6_only : 1;
-
-  /* Client port types only: */
-  unsigned int ipv4_traffic : 1;
-  unsigned int ipv6_traffic : 1;
-  unsigned int prefer_ipv6 : 1;
-
-  /** For a socks listener: should we cache IPv4/IPv6 DNS information that
-   * exit nodes tell us?
-   *
-   * @{ */
-  unsigned int cache_ipv4_answers : 1;
-  unsigned int cache_ipv6_answers : 1;
-  /** @} */
-  /** For a socks listeners: if we find an answer in our client-side DNS cache,
-   * should we use it?
-   *
-   * @{ */
-  unsigned int use_cached_ipv4_answers : 1;
-  unsigned int use_cached_ipv6_answers : 1;
-  /** @} */
-  /** For socks listeners: When we can automap an address to IPv4 or IPv6,
-   * do we prefer IPv6? */
-  unsigned int prefer_ipv6_virtaddr : 1;
+  server_port_cfg_t server_cfg;
 
   /* Unix sockets only: */
   /** Path for an AF_UNIX address */

src/or/relay.c

@@ -804,8 +804,8 @@ connection_ap_process_end_not_open(
             return 0;
           }
 
-          if ((tor_addr_family(&addr) == AF_INET && !conn->ipv4_traffic_ok) ||
-              (tor_addr_family(&addr) == AF_INET6 && !conn->ipv6_traffic_ok)) {
+          if ((tor_addr_family(&addr) == AF_INET && !conn->entry_cfg.ipv4_traffic) ||
+              (tor_addr_family(&addr) == AF_INET6 && !conn->entry_cfg.ipv6_traffic)) {
             log_fn(LOG_PROTOCOL_WARN, LD_APP,
                    "Got an EXITPOLICY failure on a connection with a "
                    "mismatched family. Closing.");
@@ -1156,11 +1156,11 @@ connection_ap_handshake_socks_got_resolved_cell(entry_connection_t *conn,
         addr_hostname = addr;
       }
     } else if (tor_addr_family(&addr->addr) == AF_INET) {
-      if (!addr_ipv4 && conn->ipv4_traffic_ok) {
+      if (!addr_ipv4 && conn->entry_cfg.ipv4_traffic) {
         addr_ipv4 = addr;
       }
     } else if (tor_addr_family(&addr->addr) == AF_INET6) {
-      if (!addr_ipv6 && conn->ipv6_traffic_ok) {
+      if (!addr_ipv6 && conn->entry_cfg.ipv6_traffic) {
         addr_ipv6 = addr;
       }
     }
@@ -1181,7 +1181,7 @@ connection_ap_handshake_socks_got_resolved_cell(entry_connection_t *conn,
     return;
   }
 
-  if (conn->prefer_ipv6_traffic) {
+  if (conn->entry_cfg.prefer_ipv6) {
     addr_best = addr_ipv6 ? addr_ipv6 : addr_ipv4;
   } else {
     addr_best = addr_ipv4 ? addr_ipv4 : addr_ipv6;
@@ -1327,8 +1327,8 @@ connection_edge_process_relay_cell_not_open(
         return 0;
       }
 
-      if (((family == AF_INET && ! entry_conn->ipv4_traffic_ok) ||
-          (family == AF_INET6 && ! entry_conn->ipv6_traffic_ok))) {
+      if ((family == AF_INET && ! entry_conn->entry_cfg.ipv4_traffic) ||
+          (family == AF_INET6 && ! entry_conn->entry_cfg.ipv6_traffic)) {
         log_fn(LOG_PROTOCOL_WARN, LD_APP,
                "Got a connected cell to %s with unsupported address family."
                " Closing.", fmt_addr(&addr));

src/or/router.c

@@ -1848,8 +1848,8 @@ router_rebuild_descriptor(int force)
     const port_cfg_t *ipv6_orport = NULL;
     SMARTLIST_FOREACH_BEGIN(get_configured_ports(), const port_cfg_t *, p) {
       if (p->type == CONN_TYPE_OR_LISTENER &&
-          ! p->no_advertise &&
-          ! p->bind_ipv4_only &&
+          ! p->server_cfg.no_advertise &&
+          ! p->server_cfg.bind_ipv4_only &&
           tor_addr_family(&p->addr) == AF_INET6) {
         if (! tor_addr_is_internal(&p->addr, 0)) {
           ipv6_orport = p;

src/test/test_relaycell.c

@@ -137,9 +137,9 @@ test_relaycell_resolved(void *arg)
   /* Now put it in the right state. */
   ENTRY_TO_CONN(entryconn)->state = AP_CONN_STATE_RESOLVE_WAIT;
   entryconn->socks_request->command = SOCKS_COMMAND_RESOLVE;
-  entryconn->ipv4_traffic_ok = 1;
-  entryconn->ipv6_traffic_ok = 1;
-  entryconn->prefer_ipv6_traffic = 0;
+  entryconn->entry_cfg.ipv4_traffic = 1;
+  entryconn->entry_cfg.ipv6_traffic = 1;
+  entryconn->entry_cfg.prefer_ipv6 = 0;
 
   /* We prefer ipv4, so we should get the first ipv4 answer */
   MOCK_RESET();
@@ -159,7 +159,7 @@ test_relaycell_resolved(void *arg)
   ASSERT_RESOLVED_CALLED(RESOLVED_TYPE_IPV4, "\x12\x00\x00\x01", 512, -1);
 
   /* now prefer ipv6, and get the first ipv6 answer */
-  entryconn->prefer_ipv6_traffic = 1;
+  entryconn->entry_cfg.prefer_ipv6 = 1;
   MOCK_RESET();
   r = connection_edge_process_resolved_cell(edgeconn, &cell, &rh);
   tt_int_op(r, OP_EQ, 0);
@@ -182,7 +182,7 @@ test_relaycell_resolved(void *arg)
   /* But if we don't allow IPv4, we report nothing if the cell contains only
    * ipv4 */
   MOCK_RESET();
-  entryconn->ipv4_traffic_ok = 0;
+  entryconn->entry_cfg.ipv4_traffic = 0;
   r = connection_edge_process_resolved_cell(edgeconn, &cell, &rh);
   tt_int_op(r, OP_EQ, 0);
   ASSERT_MARK_CALLED(END_STREAM_REASON_DONE|
@@ -191,7 +191,7 @@ test_relaycell_resolved(void *arg)
 
   /* If we wanted hostnames, we report nothing, since we only had IPs. */
   MOCK_RESET();
-  entryconn->ipv4_traffic_ok = 1;
+  entryconn->entry_cfg.ipv4_traffic = 1;
   entryconn->socks_request->command = SOCKS_COMMAND_RESOLVE_PTR;
   r = connection_edge_process_resolved_cell(edgeconn, &cell, &rh);
   tt_int_op(r, OP_EQ, 0);