Browse Source

Automatically use IPv6 when ClientUseIPv4 is 0

Consequential changes to log messages:
  * it's no longer possible to disable both IPv4 and IPv6,
  * refactor common string out of remaining log messages
teor (Tim Wilson-Brown) 8 years ago
parent
commit
77a9de0d48
4 changed files with 28 additions and 21 deletions
  1. 8 8
      src/or/config.c
  2. 4 2
      src/or/policies.c
  3. 7 4
      src/test/test_entrynodes.c
  4. 9 7
      src/test/test_policy.c

+ 8 - 8
src/or/config.c

@@ -3108,20 +3108,20 @@ options_validate(or_options_t *old_options, or_options_t *options,
 
   /* We check if Reachable*Addresses blocks all addresses in
    * parse_reachable_addresses(). */
-  if (options->ClientUseIPv4 == 0 && !fascist_firewall_use_ipv6(options))
-    REJECT("Tor cannot connect to the Internet if ClientUseIPv4 is 0 and "
-           "ClientUseIPv6 is 0. Please set at least one of these options "
-           "to 1, or configure bridges.");
+
+#define WARN_PLEASE_USE_IPV6_LOG_MSG \
+        "ClientPreferIPv6%sPort 1 is ignored unless tor is using IPv6. " \
+        "Please set ClientUseIPv6 1, ClientUseIPv4 0, or configure bridges."
 
   if (!fascist_firewall_use_ipv6(options)
       && options->ClientPreferIPv6ORPort == 1)
-    log_warn(LD_CONFIG, "ClientPreferIPv6ORPort 1 is ignored unless "
-             "ClientUseIPv6 is also 1, or bridges are configured.");
+    log_warn(LD_CONFIG, WARN_PLEASE_USE_IPV6_LOG_MSG, "OR");
 
   if (!fascist_firewall_use_ipv6(options)
       && options->ClientPreferIPv6DirPort == 1)
-    log_warn(LD_CONFIG, "ClientPreferIPv6DirPort 1 is ignored unless "
-             "ClientUseIPv6 is also 1, or bridges are configured.");
+    log_warn(LD_CONFIG, WARN_PLEASE_USE_IPV6_LOG_MSG, "Dir");
+
+#undef WARN_PLEASE_USE_IPV6_LOG_MSG
 
   if (options->UseBridges &&
       server_mode(options))

+ 4 - 2
src/or/policies.c

@@ -420,11 +420,13 @@ fascist_firewall_allows_address(const tor_addr_t *addr,
 }
 
 /** Is this client configured to use IPv6?
- * Clients use IPv6 if ClientUseIPv6 is 1, or UseBridges is 1.
  */
 int fascist_firewall_use_ipv6(const or_options_t *options)
 {
-  return (options->ClientUseIPv6 == 1 || options->UseBridges == 1);
+  /* Clients use IPv6 if it's set, or they use bridges, or they don't use
+   * IPv4 */
+  return (options->ClientUseIPv6 == 1 || options->UseBridges == 1
+          || options->ClientUseIPv4 == 0);
 }
 
 /** Do we prefer to connect to IPv6, ignoring ClientPreferIPv6ORPort and

+ 7 - 4
src/test/test_entrynodes.c

@@ -215,20 +215,23 @@ test_choose_random_entry_one_possible_guard(void *arg)
    * time, so we can't be sure we get the guard */
   tt_assert(chosen_entry);
 
-  /* Check that we get the guard if it passes preferred address settings when
-   * they're auto */
+  /* Check that we get a node if it is allowed but not preferred when settings
+   * are auto */
   memset(&mocked_options, 0, sizeof(mocked_options));
   mocked_options.ClientUseIPv4 = 1;
   mocked_options.ClientPreferIPv6ORPort = -1;
 
   chosen_entry = choose_random_entry(NULL);
-  tt_ptr_op(chosen_entry, OP_EQ, the_guard);
+
+  /* We disable the guard check and the preferred address check at the same
+   * time, so we can't be sure we get the guard */
+  tt_assert(chosen_entry);
 
   /* and with IPv6 active */
   mocked_options.ClientUseIPv6 = 1;
 
   chosen_entry = choose_random_entry(NULL);
-  tt_ptr_op(chosen_entry, OP_EQ, the_guard);
+  tt_assert(chosen_entry);
 
  done:
   memset(&mocked_options, 0, sizeof(mocked_options));

+ 9 - 7
src/test/test_policy.c

@@ -1310,7 +1310,8 @@ test_policies_fascist_firewall_allows_address(void *arg)
   tt_assert(fascist_firewall_allows_address(&r_ipv6_addr, port, policy, 0, 0)
             == 0);
 
-  /* Test the function's address matching with everything off */
+  /* Test the function's address matching with ClientUseIPv4 0.
+   * This means "use IPv6" regardless of the other settings. */
   memset(&mock_options, 0, sizeof(or_options_t));
   mock_options.ClientUseIPv4 = 0;
   mock_options.ClientUseIPv6 = 0;
@@ -1319,7 +1320,7 @@ test_policies_fascist_firewall_allows_address(void *arg)
   tt_assert(fascist_firewall_allows_address(&ipv4_addr, port, policy, 0, 0)
             == 0);
   tt_assert(fascist_firewall_allows_address(&ipv6_addr, port, policy, 0, 0)
-            == 0);
+            == 1);
   tt_assert(fascist_firewall_allows_address(&r_ipv4_addr, port, policy, 0, 0)
             == 0);
   tt_assert(fascist_firewall_allows_address(&r_ipv6_addr, port, policy, 0, 0)
@@ -1596,7 +1597,8 @@ test_policies_fascist_firewall_choose_address(void *arg)
                                                  FIREWALL_DIR_CONNECTION, 1)
             == &ipv6_dir_ap);
 
-  /* Choose an address with everything off */
+  /* Choose an address with ClientUseIPv4 0.
+   * This means "use IPv6" regardless of the other settings. */
   memset(&mock_options, 0, sizeof(or_options_t));
   mock_options.ClientUseIPv4 = 0;
   mock_options.ClientUseIPv6 = 0;
@@ -1604,16 +1606,16 @@ test_policies_fascist_firewall_choose_address(void *arg)
 
   tt_assert(fascist_firewall_choose_address(&ipv4_or_ap, &ipv6_or_ap, 0,
                                                  FIREWALL_OR_CONNECTION, 0)
-            == NULL);
+            == &ipv6_or_ap);
   tt_assert(fascist_firewall_choose_address(&ipv4_or_ap, &ipv6_or_ap, 0,
                                                  FIREWALL_OR_CONNECTION, 1)
-            == NULL);
+            == &ipv6_or_ap);
   tt_assert(fascist_firewall_choose_address(&ipv4_dir_ap, &ipv6_dir_ap, 0,
                                                  FIREWALL_DIR_CONNECTION, 0)
-            == NULL);
+            == &ipv6_dir_ap);
   tt_assert(fascist_firewall_choose_address(&ipv4_dir_ap, &ipv6_dir_ap, 0,
                                                  FIREWALL_DIR_CONNECTION, 1)
-            == NULL);
+            == &ipv6_dir_ap);
 
   /* Choose from unusual inputs */
   memset(&mock_options, 0, sizeof(or_options_t));