|
@@ -412,6 +412,17 @@ static int connection_handle_listener_read(connection_t *conn, int new_type) {
|
|
|
|
|
|
set_socket_nonblocking(news);
|
|
|
|
|
|
+ /* process entrance policies here, before we even create the connection */
|
|
|
+ if(new_type == CONN_TYPE_AP) {
|
|
|
+ /* check sockspolicy to see if we should accept it */
|
|
|
+ if(socks_policy_permits_address(ntohl(remote.sin_addr.s_addr)) == 0) {
|
|
|
+ log_fn(LOG_WARN,"Denying socks connection from untrusted address %s.",
|
|
|
+ inet_ntoa(remote.sin_addr));
|
|
|
+ tor_close_socket(news);
|
|
|
+ return 0;
|
|
|
+ }
|
|
|
+ }
|
|
|
+
|
|
|
newconn = connection_new(new_type);
|
|
|
newconn->s = news;
|
|
|
|
|
@@ -442,11 +453,6 @@ static int connection_init_accepted_conn(connection_t *conn) {
|
|
|
case CONN_TYPE_OR:
|
|
|
return connection_tls_start_handshake(conn, 1);
|
|
|
case CONN_TYPE_AP:
|
|
|
- /* check sockspolicy to see if we should accept it */
|
|
|
- if(socks_policy_permits_address(conn->addr) == 0) {
|
|
|
- log_fn(LOG_WARN,"Denying socks connection from untrusted address %s.", conn->address);
|
|
|
- return -1;
|
|
|
- }
|
|
|
conn->state = AP_CONN_STATE_SOCKS_WAIT;
|
|
|
break;
|
|
|
case CONN_TYPE_DIR:
|