r13827@catbus: nickm | 2007-07-19 14:42:25 -0400

 Merge in some generic address manipulation code from croup.  Needs some work.


svn:r10880

ChangeLog

@@ -30,6 +30,10 @@ Changes in version 0.2.0.3-alpha - 2007-??-??
       expiry information.  addr-mappings/* is now deprecated.
       (Patch from Tup.)
 
+  o Minor features (IPv6):
+    - Merge in some (as-yet-unused) IPv6 address manipulation code. (Patch
+      from croup.)
+
   o Performance improvements (win32):
     - Use Critical Sections rather than Mutexes for synchronizing threads
       on win32; Mutexes are heavier-weight, and designed for synchronizing

configure.in

@@ -329,7 +329,7 @@ AC_CHECK_SIZEOF(size_t)
 
 AC_CHECK_TYPES([uint, u_char])
 
-AC_CHECK_TYPES([struct in6_addr, struct sockaddr_storage], , ,
+AC_CHECK_TYPES([struct in6_addr, struct sockaddr_in6, struct sockaddr_storage], , ,
 [#ifdef HAVE_SYS_TYPES_H
 #include <sys/types.h>
 #endif

src/common/compat.c

@@ -1004,7 +1004,7 @@ tor_inet_pton(int af, const char *src, void *dst)
 }
 
 /** Similar behavior to Unix gethostbyname: resolve <b>name</b>, and set
- * *addr to the proper IP address, in network byte order.  Returns 0
+ * *<b>addr</b> to the proper IP address, in host byte order.  Returns 0
  * on success, -1 on failure; 1 on transient failure.
  *
  * (This function exists because standard windows gethostbyname
@@ -1012,39 +1012,91 @@ tor_inet_pton(int af, const char *src, void *dst)
  */
 int
 tor_lookup_hostname(const char *name, uint32_t *addr)
+{
+  tor_addr_t myaddr;
+  int ret;
+
+  if ((ret = tor_addr_lookup(name, AF_INET, &myaddr)))
+    return ret;
+
+  if (IN_FAMILY(&myaddr) == AF_INET) {
+    *addr = IPV4IPh(&myaddr);
+    return ret;
+  }
+
+  return -1;
+}
+
+/** Similar behavior to Unix gethostbyname: resolve <b>name</b>, and set
+ * *<b>addr</b> to the proper IP address and family.
+ * Return 0 on success, -1 on failure; 1 on transient failure.
+ * DOCDOC family argument.
+ */
+int
+tor_addr_lookup(const char *name, uint16_t family, tor_addr_t *addr)
 {
   /* Perhaps eventually this should be replaced by a tor_getaddrinfo or
    * something.
    */
   struct in_addr iaddr;
+  struct in6_addr iaddr6;
   tor_assert(name);
   tor_assert(addr);
+  tor_assert(family == AF_INET || family == AF_UNSPEC);
+  memset(addr, 0, sizeof(addr)); /* Clear the extraneous fields. */
   if (!*name) {
     /* Empty address is an error. */
     return -1;
-  } else if (tor_inet_aton(name, &iaddr)) {
-    /* It's an IP. */
-    memcpy(addr, &iaddr.s_addr, 4);
+  } else if (tor_inet_pton(AF_INET, name, &iaddr)) {
+    /* It's an IPv4 IP. */
+    addr->sa.sin_family = AF_INET;
+    memcpy(&addr->sa.sin_addr, &iaddr, sizeof(struct in_addr));
+    return 0;
+  } else if (tor_inet_pton(AF_INET6, name, &iaddr6)) {
+    addr->sa6.sin6_family = AF_INET6;
+    memcpy(&addr->sa6.sin6_addr, &iaddr6, sizeof(struct in6_addr));
     return 0;
   } else {
 #ifdef HAVE_GETADDRINFO
     int err;
     struct addrinfo *res=NULL, *res_p;
+    struct addrinfo *best=NULL;
     struct addrinfo hints;
     int result = -1;
     memset(&hints, 0, sizeof(hints));
-    hints.ai_family = PF_INET;
+    hints.ai_family = family;
     hints.ai_socktype = SOCK_STREAM;
     err = getaddrinfo(name, NULL, &hints, &res);
     if (!err) {
+      best = NULL;
       for (res_p = res; res_p; res_p = res_p->ai_next) {
-        if (res_p->ai_family == AF_INET) {
-          struct sockaddr_in *sin = (struct sockaddr_in *)res_p->ai_addr;
-          memcpy(addr, &sin->sin_addr, 4);
-          result = 0;
+        if (family == AF_UNSPEC) {
+          if (res_p->ai_family == AF_INET) {
+            best = res_p;
+            break;
+          } else if (res_p->ai_family == AF_INET6 && !best) {
+            best = res_p;
+          }
+        } else if (family == res_p->ai_family) {
+          best = res_p;
           break;
         }
       }
+      if (!best)
+        best = res;
+      if (best->ai_family == AF_INET) {
+        addr->sa.sin_family = AF_INET;
+        memcpy(&addr->sa.sin_addr,
+               &((struct sockaddr_in*)best->ai_addr)->sin_addr,
+               sizeof(struct in_addr));
+        result = 0;
+      } else if (best->ai_family == AF_INET6) {
+        addr->sa6.sin6_family = AF_INET6;
+        memcpy(&addr->sa6.sin6_addr,
+               &((struct sockaddr_in6*)best->ai_addr)->sin6_addr,
+               sizeof(struct in6_addr));
+        result = 0;
+      }
       freeaddrinfo(res);
       return result;
     }
@@ -1074,14 +1126,19 @@ tor_lookup_hostname(const char *name, uint32_t *addr)
 #else
     err = h_errno;
 #endif
-#endif
+#endif /* endif HAVE_GETHOSTBYNAME_R_6_ARG. */
     if (ent) {
-      /* break to remind us if we move away from IPv4 */
-      tor_assert(ent->h_length == 4);
-      memcpy(addr, ent->h_addr, 4);
+      addr->sa.sin_family = ent->h_addrtype;
+      if (ent->h_addrtype == AF_INET) {
+        memcpy(addr->sa.sin_addr, ent->h_addr, sizeof(struct in_addr));
+      } else if (ent->h_addrtype == AF_INET6) {
+        memcpy(addr->sa.sin6_addr, ent->h_addr, sizeof(struct in6_addr));
+      } else {
+        tor_assert(0)  /* gethostbyname() returned a bizarre addrtype */
+      }
       return 0;
     }
-    memset(addr, 0, 4);
+    memset(addr, 0, sizeof(tor_addr_t)); /* XXXX020 is this redundant? */
 #ifdef MS_WINDOWS
     return (err == WSATRY_AGAIN) ? 1 : -1;
 #else

src/common/compat.h

@@ -36,6 +36,15 @@
 #include <ctype.h>
 #endif
 #include <stdarg.h>
+#ifdef HAVE_SYS_SOCKET_H
+#include <sys/socket.h>
+#endif
+#ifdef HAVE_NETINET_IN_H
+#include <netinet/in.h>
+#endif
+#ifdef HAVE_NETINET_IN6_H
+#include <netinet/in6.h>
+#endif
 
 #ifndef NULL_REP_IS_ZERO_BYTES
 #error "It seems your platform does not represent NULL as zero. We can't cope."
@@ -263,11 +272,88 @@ typedef int socklen_t;
 #if !defined(HAVE_STRUCT_IN6_ADDR) && !defined(MS_WINDOWS)
 struct in6_addr
 {
-  uint8_t s6_addr[16];
+  union {
+    uint8_t u6_addr8[16];
+    uint16_t u6_addr16[8];
+    uint32_t u6_addr32[4];
+  } in6_u;
+#define s6_addr   in6_u.u6_addr8
+#define s6_addr16 in6_u.u6_addr16
+#define s6_addr32 in6_u.u6_addr32
 };
 #endif
 
+#if !defined(HAVE_STRUCT_SOCKADDR_IN6)
+struct sockaddr_in6 {
+  uint16_t sin6_family; /* XXXX020 right size???? */
+  uint16_t sin6_port;
+  // uint32_t sin6_flowinfo;
+  struct in6_addr sin6_addr;
+  // uint32_t sin6_scope_id;
+};
+#endif
+
+typedef uint8_t maskbits_t;
 struct in_addr;
+typedef union tor_addr_t
+{
+  /* XXXX020 There are extra fields in sockaddr_in and sockaddr_in6 that
+   * make this union waste space.  Do we care? */
+  struct sockaddr_in sa;
+  struct sockaddr_in6 sa6;
+} tor_addr_t;
+
+/* XXXX020 rename these. */
+static INLINE uint32_t IPV4IP(const tor_addr_t *a);
+static INLINE uint32_t IPV4IPh(const tor_addr_t *a);
+static INLINE uint32_t IPV4MAPh(const tor_addr_t *a);
+static INLINE uint16_t IN_FAMILY(const tor_addr_t *a);
+static INLINE const struct in_addr *IN_ADDR(const tor_addr_t *a);
+static INLINE const struct in6_addr *IN6_ADDR(const tor_addr_t *a);
+static INLINE uint16_t IN_PORT(const tor_addr_t *a);
+
+static INLINE uint32_t
+IPV4IP(const tor_addr_t *a)
+{
+  return a->sa.sin_addr.s_addr;
+}
+static INLINE uint32_t IPV4IPh(const tor_addr_t *a)
+{
+  /*XXXX020 remove this function */
+  return ntohl(IPV4IP(a));
+}
+static INLINE uint32_t
+IPV4MAPh(const tor_addr_t *a)
+{
+  return ntohl(a->sa6.sin6_addr.s6_addr32[3]);
+}
+static INLINE uint16_t
+IN_FAMILY(const tor_addr_t *a)
+{
+  return a->sa.sin_family;
+}
+static INLINE const struct in_addr *
+IN_ADDR(const tor_addr_t *a)
+{
+  return &a->sa.sin_addr;
+}
+static INLINE const struct in6_addr *
+IN6_ADDR(const tor_addr_t *a)
+{
+  return &a->sa6.sin6_addr;
+}
+static INLINE uint16_t
+IN_PORT(const tor_addr_t *a)
+{
+  if (IN_FAMILY(a) == AF_INET)
+    return a->sa.sin_port;
+  else
+    return a->sa6.sin6_port;
+}
+
+#define INET_NTOA_BUF_LEN 16 /* 255.255.255.255 */
+#define TOR_ADDR_BUF_LEN 46 /* ffff:ffff:ffff:ffff:ffff:ffff:255.255.255.255 */
+
 int tor_inet_aton(const char *cp, struct in_addr *addr) ATTR_NONNULL((1,2));
 const char *tor_inet_ntop(int af, const void *src, char *dst, size_t len);
 int tor_inet_pton(int af, const char *src, void *dst);
@@ -275,6 +361,9 @@ int tor_lookup_hostname(const char *name, uint32_t *addr) ATTR_NONNULL((1,2));
 void set_socket_nonblocking(int socket);
 int tor_socketpair(int family, int type, int protocol, int fd[2]);
 int network_init(void);
+
+int tor_addr_lookup(const char *name, uint16_t family, tor_addr_t *addr_out);
+
 /* For stupid historical reasons, windows sockets have an independent
  * set of errnos, and an independent way to get them.  Also, you can't
  * always believe WSAEWOULDBLOCK.  Use the macros below to compare

src/common/util.c

@@ -1828,17 +1828,95 @@ path_is_relative(const char *filename)
 int
 is_internal_IP(uint32_t ip, int for_listening)
 {
-  if (for_listening && !ip) /* special case for binding to 0.0.0.0 */
+  tor_addr_t myaddr;
+  myaddr.sa.sin_family = AF_INET;
+  myaddr.sa.sin_addr.s_addr = htonl(ip);
+
+  return tor_addr_is_internal(&myaddr, for_listening);
+}
+
+/** Return true iff <b>ip</b> is an IP reserved to localhost or local networks
+ * in RFC1918 or RFC4193 or RFC4291. (fec0::/10, deprecated by RFC3879, is
+ * also treated as internal for now.)
+ */
+int
+tor_addr_is_internal(const tor_addr_t *addr, int for_listening)
+{
+  uint32_t iph4;
+  uint32_t iph6[4];
+  sa_family_t v_family;
+  v_family = IN_FAMILY(addr);
+
+  if (v_family == AF_INET) {
+    iph4 = IPV4IPh(addr);
+  } else if (v_family == AF_INET6) {
+    if (tor_addr_is_v4(addr)) { /* v4-mapped */
+      v_family = AF_INET;
+      iph4 = ntohl(IN6_ADDR(addr)->s6_addr32[3]);
+    }
+  }
+
+  if (v_family == AF_INET6) {
+    iph6[0] = ntohl(IN6_ADDR(addr)->s6_addr32[0]);
+    iph6[1] = ntohl(IN6_ADDR(addr)->s6_addr32[1]);
+    iph6[2] = ntohl(IN6_ADDR(addr)->s6_addr32[2]);
+    iph6[3] = ntohl(IN6_ADDR(addr)->s6_addr32[3]);
+    if (for_listening && !iph6[0] && !iph6[1] && !iph6[2] && !iph6[3]) /* :: */
+      return 0;
+
+    if (((iph6[0] & 0xfe000000) == 0xfc000000) || /* fc00/7  - RFC4193 */
+        ((iph6[0] & 0xffc00000) == 0xfe800000) || /* fe80/10 - RFC4291 */
+        ((iph6[0] & 0xffc00000) == 0xfec00000))   /* fec0/10 D- RFC3879 */
+      return 1;
+
+    if (!iph6[0] && !iph6[1] && !iph6[2] &&
+        ((iph6[3] & 0xfffffffe) == 0x00000000))  /* ::/127 */
+      return 1;
+
     return 0;
-  if (((ip & 0xff000000) == 0x0a000000) || /*       10/8 */
-      ((ip & 0xff000000) == 0x00000000) || /*        0/8 */
-      ((ip & 0xff000000) == 0x7f000000) || /*      127/8 */
-      ((ip & 0xffff0000) == 0xa9fe0000) || /* 169.254/16 */
-      ((ip & 0xfff00000) == 0xac100000) || /*  172.16/12 */
-      ((ip & 0xffff0000) == 0xc0a80000))   /* 192.168/16 */
-    return 1;
-  return 0;
+  } else if (v_family == AF_INET) {
+    if (for_listening && !iph4) /* special case for binding to 0.0.0.0 */
+      return 0;
+    if (((iph4 & 0xff000000) == 0x0a000000) || /*       10/8 */
+        ((iph4 & 0xff000000) == 0x00000000) || /*        0/8 */
+        ((iph4 & 0xff000000) == 0x7f000000) || /*      127/8 */
+        ((iph4 & 0xffff0000) == 0xa9fe0000) || /* 169.254/16 */
+        ((iph4 & 0xfff00000) == 0xac100000) || /*  172.16/12 */
+        ((iph4 & 0xffff0000) == 0xc0a80000))   /* 192.168/16 */
+      return 1;
+    return 0;
+  }
+
+  /* unknown address family... assume it's not safe for external use */
+  /* rather than tor_assert(0) */
+  log_warn(LD_BUG, "tor_addr_is_internal() called with a non-IP address.");
+  return 1;
+}
+
+#if 0
+/** Convert a tor_addr_t <b>addr</b> into a string, and store it in
+ *  <b>dest</b> of size <b>len</b>.  Returns a pointer to dest on success,
+ *  or NULL on failure.
+ */
+void
+tor_addr_to_str(char *dest, const tor_addr_t *addr, int len)
+{
+  const char *ptr;
+  tor_assert(addr && dest);
+
+  switch (IN_FAMILY(addr)) {
+    case AF_INET:
+      ptr = tor_inet_ntop(AF_INET, &addr->sa.sin_addr, dest, len);
+      break;
+    case AF_INET6:
+      ptr = tor_inet_ntop(AF_INET6, &addr->sa6.sin6_addr, dest, len);
+      break;
+    default:
+      return NULL;
+  }
+  return ptr;
 }
+#endif
 
 /** Parse a string of the form "host[:port]" from <b>addrport</b>.  If
  * <b>address</b> is provided, set *<b>address</b> to a copy of the
@@ -1889,7 +1967,6 @@ parse_addr_port(int severity, const char *addrport, char **address,
       ok = 0;
       *addr = 0;
     }
-    *addr = ntohl(*addr);
   }
 
   if (address && ok) {
@@ -2055,9 +2132,244 @@ parse_addr_and_port_range(const char *s, uint32_t *addr_out,
   return -1;
 }
 
-/** Given an IPv4 address <b>in</b> (in network order, as usual),
- * write it as a string into the <b>buf_len</b>-byte buffer in
- * <b>buf</b>.
+/** Parse a string <b>s</b> containing an IPv4/IPv6 address, and possibly
+ *  a mask and port or port range.  Store the parsed address in
+ *  <b>addr_out</b>, a mask (if any) in <b>mask_out</b>, and port(s) (if any)
+ *  in <b>port_min_out</b> and <b>port_max_out</b>.
+ *
+ * DOCDOC exact syntax.
+ *
+ *  - If mask, minport, or maxport are NULL, avoid storing those elements.
+ *  - If the string has no mask, the mask is set to /32 (IPv4) or /128 (IPv6).
+ *  - If the string has one port, it is placed in both min and max port
+ *    variables.
+ *  - If the string has no port(s), port_(min|max)_out are set to 1 and 65535.
+ *
+ *  Return an address family on success, or -1 if an invalid address string is
+ *  provided.
+ */
+int
+tor_addr_parse_mask_ports(const char *s, tor_addr_t *addr_out,
+                          maskbits_t *maskbits_out,
+                          uint16_t *port_min_out, uint16_t *port_max_out)
+{
+  char *base = NULL, *address, *mask = NULL, *port = NULL, *rbracket = NULL;
+  char *endptr;
+  int any_flag=0, v4map=0;
+
+  tor_assert(s);
+  tor_assert(addr_out);
+
+  /* IP, [], /mask, ports */
+#define MAX_ADDRESS_LENGTH (TOR_ADDR_BUF_LEN+2+(1+INET_NTOA_BUF_LEN)+12+1)
+
+  if (strlen(s) > MAX_ADDRESS_LENGTH) {
+    log_warn(LD_GENERAL, "Impossibly long IP %s; rejecting", escaped(s));
+    goto err;
+  }
+  base = tor_strdup(s);
+
+  /* Break 'base' into separate strings. */
+  address = base;
+  if (*address == '[') {  /* Probably IPv6 */
+    address++;
+    rbracket = strchr(address, ']');
+    if (!rbracket) {
+      log_warn(LD_GENERAL,
+               "No closing IPv6 bracket in address pattern; rejecting.");
+      goto err;
+    }
+  }
+  mask = strchr((rbracket?rbracket:address),'/');
+  port = strchr((mask?mask:(rbracket?rbracket:address)), ':');
+  if (port)
+    *port++ = '\0';
+  if (mask)
+    *mask++ = '\0';
+  if (rbracket)
+    *rbracket = '\0';
+  if (port && mask)
+    tor_assert(port > mask);
+  if (mask && rbracket)
+    tor_assert(mask > rbracket);
+
+  /* Now "address" is the a.b.c.d|'*'|abcd::1 part...
+   *     "mask" is the Mask|Maskbits part...
+   * and "port" is the *|port|min-max part.
+   */
+
+  /* Process the address portion */
+  memset(addr_out, 0, sizeof(tor_addr_t));
+
+  if (!strcmp(address, "*")) {
+    addr_out->sa.sin_family = AF_INET; /* AF_UNSPEC ???? XXXXX020 */
+    any_flag = 1;
+  } else if (tor_inet_pton(AF_INET6, address, &addr_out->sa6.sin6_addr) > 0) {
+    addr_out->sa6.sin6_family = AF_INET6;
+  } else if (tor_inet_pton(AF_INET, address, &addr_out->sa.sin_addr) > 0) {
+    addr_out->sa.sin_family = AF_INET;
+  } else {
+    log_warn(LD_GENERAL, "Malformed IP %s in address pattern; rejecting.",
+             escaped(address));
+    goto err;
+  }
+
+  v4map = tor_addr_is_v4(addr_out);
+
+/*
+#ifdef ALWAYS_V6_MAP
+  if (v_family == AF_INET) {
+    v_family = AF_INET6;
+    IN_ADDR6(addr_out).s6_addr32[3] = IN6_ADDR(addr_out).s_addr;
+    memset(&IN6_ADDR(addr_out), 0, 10);
+    IN_ADDR6(addr_out).s6_addr16[5] = 0xffff;
+  }
+#else
+  if (v_family == AF_INET6 && v4map) {
+    v_family = AF_INET;
+    IN_ADDR(addr_out).s_addr = IN6_ADDR(addr_out).s6_addr32[3];
+  }
+#endif
+*/
+
+  /* Parse mask */
+  if (maskbits_out) {
+    int bits = 0;
+    struct in_addr v4mask;
+
+    if (mask) {  /* the caller (tried to) specify a mask */
+      bits = (int) strtol(mask, &endptr, 10);
+      if (!*endptr) {  /* strtol converted everything, so it was an integer */
+        if ((bits<0 || bits>128) ||
+            ((IN_FAMILY(addr_out) == AF_INET) && bits > 32)) {
+          log_warn(LD_GENERAL,
+                   "Bad number of mask bits (%d) on address range; rejecting.",
+                   bits);
+          goto err;
+        }
+      } else {  /* mask might still be an address-style mask */
+        if (tor_inet_pton(AF_INET, mask, &v4mask) > 0) {
+          bits = addr_mask_get_bits(ntohl(v4mask.s_addr));
+          if (bits < 0) {
+            log_warn(LD_GENERAL,
+                     "IPv4-style mask %s is not a prefix address; rejecting.",
+                     escaped(mask));
+            goto err;
+          }
+        } else { /* Not IPv4; we don't do address-style IPv6 masks. */
+          log_warn(LD_GENERAL,
+                   "Malformed mask on address range %s; rejecting.",
+                   escaped(s));
+          goto err;
+        }
+      }
+      if (IN_FAMILY(addr_out) == AF_INET6 && v4map) {
+        if (bits > 32 && bits < 96) { /* Crazy */
+          log_warn(LD_GENERAL,
+                   "Bad mask bits %i for V4-mapped V6 address; rejecting.",
+                   bits);
+          goto err;
+        }
+        /* XXXX020 is this really what we want? */
+        bits = 96 + bits%32; /* map v4-mapped masks onto 96-128 bits */
+      }
+    } else { /* pick an appropriate mask, as none was given */
+      if (any_flag)
+        bits = 0;  /* This is okay whether it's V6 or V4 (FIX V4-mapped V6!) */
+      else if (IN_FAMILY(addr_out) == AF_INET)
+        bits = 32;
+      else if (IN_FAMILY(addr_out) == AF_INET6)
+        bits = 128;
+    }
+    *maskbits_out = (maskbits_t) bits;
+  } else {
+    if (mask) {
+      log_warn(LD_GENERAL,
+               "Unexpected mask in addrss %s; rejecting", escaped(s));
+      goto err;
+    }
+  }
+
+  /* Parse port(s) */
+  if (port_min_out) {
+    uint16_t port2;
+    if (!port_max_out) /* caller specified one port; fake the second one */
+      port_max_out = &port2;
+
+    if (parse_port_range(port, port_min_out, port_max_out) < 0) {
+      goto err;
+    } else if ((*port_min_out != *port_max_out) && port_max_out == &port2) {
+      log_warn(LD_GENERAL,
+               "Wanted one port from address range, but there are two.");
+
+      port_max_out = NULL;  /* caller specified one port, so set this back */
+      goto err;
+    }
+  } else {
+    if (port) {
+      log_warn(LD_GENERAL,
+               "Unexpected ports in addrss %s; rejecting", escaped(s));
+      goto err;
+    }
+  }
+
+  tor_free(base);
+  return IN_FAMILY(addr_out);
+ err:
+  tor_free(base);
+  return -1;
+}
+
+/** Determine whether an address is IPv4, either native or ipv4-mapped ipv6.
+ * Note that this is about representation only, as any decent stack will
+ * reject ipv4-mapped addresses received on the wire (and won't use them
+ * on the wire either).
+ */
+int
+tor_addr_is_v4(const tor_addr_t *addr)
+{
+  tor_assert(addr);
+
+  if (IN_FAMILY(addr) == AF_INET)
+    return 1;
+
+  if (IN_FAMILY(addr) == AF_INET6) { /* First two don't need to be ordered */
+    if ((IN6_ADDR(addr)->s6_addr32[0] == 0) &&
+        (IN6_ADDR(addr)->s6_addr32[1] == 0) &&
+        (ntohl(IN6_ADDR(addr)->s6_addr32[2]) == 0x0000ffffu))
+      return 1;
+  }
+
+  return 0; /* Not IPv4 - unknown family or a full-blood IPv6 address */
+}
+
+/** Determine whether an address <b>addr</b> is null, either all zeroes or
+ *  belonging to family AF_UNSPEC.
+ */
+int
+tor_addr_is_null(const tor_addr_t *addr)
+{
+  tor_assert(addr);
+
+  switch(IN_FAMILY(addr)) {
+    case AF_INET6:
+      if (!IN6_ADDR(addr)->s6_addr32[0] && !IN6_ADDR(addr)->s6_addr32[1] &&
+          !IN6_ADDR(addr)->s6_addr32[2] && !IN6_ADDR(addr)->s6_addr32[3])
+        return 1;
+      return 0;
+    case AF_INET:
+      if (!IN_ADDR(addr)->s_addr)
+        return 1;
+      return 0;
+    default:
+      return 1;
+  }
+  //return 1;
+}
+
+/** Given an IPv4 in_addr struct *<b>in</b> (in network order, as usual),
+ *  write it as a string into the <b>buf_len</b>-byte buffer in
+ *  <b>buf</b>.
  */
 int
 tor_inet_ntoa(const struct in_addr *in, char *buf, size_t buf_len)
@@ -2070,37 +2382,223 @@ tor_inet_ntoa(const struct in_addr *in, char *buf, size_t buf_len)
                       (int)(uint8_t)((a    )&0xff));
 }
 
-/** Given a host-order <b>addr</b>, call tor_inet_ntoa() on it
- * and return a strdup of the resulting address.
+/** Take a 32-bit host-order ipv4 address <b>v4addr</b> and store it in the
+ *  tor_addr *<b>dest</b>.
+ *
+ *  XXXX020 Temporary, for use while 32-bit int addresses are still being
+ *  passed around.
+ */
+void
+tor_addr_from_ipv4(tor_addr_t *dest, uint32_t v4addr)
+{
+  tor_assert(dest);
+  memset(dest, 0, sizeof(dest));
+  dest->sa.sin_family = AF_INET;
+  dest->sa.sin_addr.s_addr = htonl(v4addr);
+}
+
+/** Copy a tor_addr_t from <b>src</b> to <b>dest</b>.
+ */
+void
+tor_addr_copy(tor_addr_t *dest, const tor_addr_t *src)
+{
+  tor_assert(src && dest);
+  memcpy(dest, src, sizeof(tor_addr_t));
+}
+
+/** DOCDOC */
+int
+tor_addr_compare(const tor_addr_t *addr1, const tor_addr_t *addr2)
+{
+  return tor_addr_compare_masked(addr1, addr2, 128);
+}
+
+/** Given two addresses <b>addr1</b> and <b>addr2</b>, return 0 if the two
+ * addresses are equivalent under the mask mbits, or nonzero if not.
+ *
+ * Different address families (IPv4 vs IPv6) are always considered unequal.
+ *
+ * Reduce over-specific masks (>128 for ipv6, >32 for ipv4) to 128 or 32.
+ */
+int
+tor_addr_compare_masked(const tor_addr_t *addr1, const tor_addr_t *addr2,
+                        maskbits_t mbits)
+{
+  uint32_t ip4a=0, ip4b=0;
+  sa_family_t v_family[2];
+  int idx;
+  uint32_t masked_a, masked_b;
+
+  tor_assert(addr1 && addr2);
+
+  v_family[0] = IN_FAMILY(addr1);
+  v_family[1] = IN_FAMILY(addr2);
+
+  if (v_family[0] == AF_INET) { /* If this is native IPv4, note the address */
+    ip4a = IPV4IPh(addr1); /* Later we risk overwriting a v4-mapped address */
+  } else if ((v_family[0] == AF_INET6) && tor_addr_is_v4(addr1)) {
+    v_family[0] = AF_INET;
+    ip4a = IPV4MAPh(addr1);
+  }
+
+  if (v_family[1] == AF_INET) { /* If this is native IPv4, note the address */
+    ip4b = IPV4IPh(addr2); /* Later we risk overwriting a v4-mapped address */
+  } else if ((v_family[1] == AF_INET6) && tor_addr_is_v4(addr2)) {
+    v_family[1] = AF_INET;
+    ip4b = IPV4MAPh(addr2);
+  }
+
+  if (v_family[0] > v_family[1]) /* Comparison of virtual families */
+    return 1;
+  else if (v_family[0] < v_family[1])
+    return -1;
+
+  if (mbits == 0)  /* Under a complete wildcard mask, consider them equal */
+    return 0;
+
+  if (v_family[0] == AF_INET) { /* Real or mapped IPv4 */
+#if 0
+    if (mbits >= 32) {
+      masked_a = ip4a;
+      masked_b = ip4b;
+    } else {
+      masked_a = ip4a & (0xfffffffful << (32-mbits));
+      masked_b = ip4b & (0xfffffffful << (32-mbits));
+    }
+#endif
+    if (mbits > 32)
+      mbits = 32;
+    masked_a = ip4a >> (32-mbits);
+    masked_b = ip4b >> (32-mbits);
+    if (masked_a < masked_b)
+      return -1;
+    else if (masked_a > masked_b)
+      return 1;
+    return 0;
+  } else if (v_family[0] == AF_INET6) { /* Real IPv6 */
+    maskbits_t lmbits;
+    const uint32_t *a1 = IN6_ADDR(addr1)->s6_addr32;
+    const uint32_t *a2 = IN6_ADDR(addr2)->s6_addr32;
+    for (idx = 0; idx < 4; ++idx) {
+      if (!mbits)
+        return 0; /* Mask covers both addresses from here on */
+      else if (mbits > 32)
+        lmbits = 32;
+      else
+        lmbits = mbits;
+
+      masked_a = ntohl(a1[idx]) >> (32-lmbits);
+      masked_b = ntohl(a2[idx]) >> (32-lmbits);
+
+      if (masked_a > masked_b)
+        return 1;
+      else if (masked_a < masked_b)
+        return -1;
+
+      if (mbits < 32)
+        return 0;
+      mbits -= 32;
+    }
+#if 0
+    for (idx = 0; idx < 4; ++idx) {
+      if (mbits <= 32*idx) /* Mask covers both addresses from here on */
+        return 0;
+      if (mbits >= 32*(idx+1)) { /* Mask doesn't affect these 32 bits */
+        lmbits = 32;
+      } else {
+        lmbits = mbits % 32;
+      }
+      masked_a = ntohl(IN6_ADDR(addr1).s6_addr32[idx]) &
+                 (0xfffffffful << (32-lmbits));
+      masked_b = ntohl(IN6_ADDR(addr2).s6_addr32[idx]) &
+                 (0xfffffffful << (32-lmbits));
+      if (masked_a > masked_b)
+        return 1;
+      if (masked_a < masked_b)
+        return -1;
+    }
+#endif
+    return 0;
+  }
+
+  tor_assert(0);  /* Unknown address family */
+  return -1; /* unknown address family, return unequal? */
+}
+
+/** Given a host-order <b>addr</b>, call tor_inet_ntop() on it
+ *  and return a strdup of the resulting address.
  */
 char *
 tor_dup_addr(uint32_t addr)
 {
-  char buf[INET_NTOA_BUF_LEN];
+  char buf[TOR_ADDR_BUF_LEN];
   struct in_addr in;
 
   in.s_addr = htonl(addr);
-  tor_inet_ntoa(&in, buf, sizeof(buf));
+  tor_inet_ntop(AF_INET, &in, buf, sizeof(buf));
   return tor_strdup(buf);
 }
 
-/**
- * Set *<b>addr</b> to the host-order IPv4 address (if any) of whatever
- * interface connects to the internet.  This address should only be used in
- * checking whether our address has changed.  Return 0 on success, -1 on
- * failure.
+/** Convert the tor_addr_t *<b>addr</b> into string form and store it in
+ * <b>dest</b> (no more than <b>len</b> bytes). DOCDOC return value.
+ */
+const char *
+tor_addr_to_str(char *dest, const tor_addr_t *addr, int len)
+{
+  tor_assert(addr && dest);
+
+  if (IN_FAMILY(addr) == AF_INET) {
+    return tor_inet_ntop(AF_INET, IN_ADDR(addr), dest, len);
+  } else if (IN_FAMILY(addr) == AF_INET6) {
+    return tor_inet_ntop(AF_INET6, IN6_ADDR(addr), dest, len);
+  } else {
+    return NULL;
+  }
+}
+
+/** Convert the string in <b>src</b> to a tor_addr_t <b>addr</b>.
  */
 int
-get_interface_address(int severity, uint32_t *addr)
+tor_addr_from_str(tor_addr_t *addr, const char *src)
+{
+  tor_assert(addr && src);
+  return tor_addr_parse_mask_ports(src, addr, NULL, NULL, NULL);
+}
+
+/** Set *<b>addr</b> to the IP address (if any) of whatever interface
+ * connects to the internet.  This address should only be used in checking
+ * whether our address has changed.  Return 0 on success, -1 on failure.
+ */
+int
+get_interface_address6(int severity, sa_family_t family, tor_addr_t *addr)
 {
   int sock=-1, r=-1;
-  struct sockaddr_in target_addr, my_addr;
-  socklen_t my_addr_len = sizeof(my_addr);
+  struct sockaddr_storage my_addr, target_addr;
+  socklen_t my_addr_len;
 
   tor_assert(addr);
-  *addr = 0;
 
-  sock = tor_open_socket(PF_INET,SOCK_DGRAM,IPPROTO_UDP);
+  memset(addr, 0, sizeof(tor_addr_t));
+  memset(&target_addr, 0, sizeof(target_addr));
+  my_addr_len = sizeof(my_addr);
+  ((struct sockaddr_in*)&target_addr)->sin_port = 9;  /* DISGARD port */
+  /* Don't worry: no packets are sent. We just need to use a real address
+   * on the actual internet. */
+  if (family == AF_INET6) {
+    struct sockaddr_in6 *sin6 = (struct sockaddr_in6*)&target_addr;
+    sock = tor_open_socket(PF_INET6,SOCK_DGRAM,IPPROTO_UDP);
+    my_addr_len = sizeof(struct sockaddr_in6);
+    sin6->sin6_family = AF_INET6;
+    sin6->sin6_addr.s6_addr16[0] = htons(0x2002); /* 2002:: */
+  } else if (family == AF_INET) {
+    struct sockaddr_in *sin = (struct sockaddr_in*)&target_addr;
+    sock = tor_open_socket(PF_INET,SOCK_DGRAM,IPPROTO_UDP);
+    my_addr_len = sizeof(struct sockaddr_in);
+    sin->sin_family = AF_INET;
+    sin->sin_addr.s_addr = htonl(0x12000001); /* 18.0.0.1 */
+  } else {
+    return -1;
+  }
   if (sock < 0) {
     int e = tor_socket_errno(-1);
     log_fn(severity, LD_NET, "unable to create socket: %s",
@@ -2108,29 +2606,20 @@ get_interface_address(int severity, uint32_t *addr)
     goto err;
   }
 
-  memset(&target_addr, 0, sizeof(target_addr));
-  target_addr.sin_family = AF_INET;
-  /* discard port */
-  target_addr.sin_port = 9;
-  /* 18.0.0.1 (Don't worry: no packets are sent. We just need a real address
-   * on the internet.) */
-  target_addr.sin_addr.s_addr = htonl(0x12000001);
-
   if (connect(sock,(struct sockaddr *)&target_addr,sizeof(target_addr))<0) {
     int e = tor_socket_errno(sock);
     log_fn(severity, LD_NET, "connect() failed: %s", tor_socket_strerror(e));
     goto err;
   }
 
-  if (getsockname(sock, (struct sockaddr*)&my_addr, &my_addr_len)) {
+  if (getsockname(sock,(struct sockaddr*)&my_addr, &my_addr_len)) {
     int e = tor_socket_errno(sock);
     log_fn(severity, LD_NET, "getsockname() to determine interface failed: %s",
            tor_socket_strerror(e));
     goto err;
   }
 
-  *addr = ntohl(my_addr.sin_addr.s_addr);
-
+  memcpy(addr, &my_addr, sizeof(tor_addr_t));
   r=0;
  err:
   if (sock >= 0)
@@ -2138,6 +2627,24 @@ get_interface_address(int severity, uint32_t *addr)
   return r;
 }
 
+/**
+ * Set *<b>addr</b> to the host-order IPv4 address (if any) of whatever
+ * interface connects to the internet.  This address should only be used in
+ * checking whether our address has changed.  Return 0 on success, -1 on
+ * failure.
+ */
+int
+get_interface_address(int severity, uint32_t *addr)
+{
+  tor_addr_t local_addr;
+  int r;
+
+  r = get_interface_address6(severity, AF_INET, &local_addr);
+  if (r>=0)
+    *addr = IPV4IPh(&local_addr);
+  return r;
+}
+
 /* =====
  * Process helpers
  * ===== */

src/common/util.h

@@ -254,11 +254,25 @@ int parse_addr_and_port_range(const char *s, uint32_t *addr_out,
                               uint32_t *mask_out, uint16_t *port_min_out,
                               uint16_t *port_max_out);
 int addr_mask_get_bits(uint32_t mask);
-#define INET_NTOA_BUF_LEN 16
 int tor_inet_ntoa(const struct in_addr *in, char *buf, size_t buf_len);
 char *tor_dup_addr(uint32_t addr) ATTR_MALLOC;
 int get_interface_address(int severity, uint32_t *addr);
 
+int get_interface_address6(int severity, sa_family_t family, tor_addr_t *addr);
+int tor_addr_compare(const tor_addr_t *addr1, const tor_addr_t *addr2);
+int tor_addr_compare_masked(const tor_addr_t *addr1, const tor_addr_t *addr2,
+                            maskbits_t mask);
+int tor_addr_is_v4(const tor_addr_t *addr);
+int tor_addr_is_internal(const tor_addr_t *ip, int for_listening) ATTR_PURE;
+int tor_addr_parse_mask_ports(const char *s,
+                              tor_addr_t *addr_out, maskbits_t *mask_out,
+                              uint16_t *port_min_out, uint16_t *port_max_out);
+const char * tor_addr_to_str(char *dest, const tor_addr_t *addr, int len);
+int tor_addr_from_str(tor_addr_t *addr, const char *src);
+void tor_addr_copy(tor_addr_t *dest, const tor_addr_t *src);
+void tor_addr_from_ipv4(tor_addr_t *dest, uint32_t v4addr);
+int tor_addr_is_null(const tor_addr_t *addr);
+
 /* Process helpers */
 void start_daemon(void);
 void finish_daemon(const char *desired_cwd);

src/or/routerlist.c

@@ -3643,7 +3643,6 @@ add_trusted_dir_server(const char *nickname, const char *address,
       return;
     }
     hostname = tor_strdup(address);
-    a = ntohl(a);
   }
 
   ent = tor_malloc_zero(sizeof(trusted_dir_server_t));

src/or/test.c

@@ -854,13 +854,14 @@ test_util(void)
   buf[0] = (char)1;
   test_assert(!tor_mem_is_zero(buf, 10));
 
-  /* Test inet_ntoa */
+  /* Test inet_ntop */
   {
-    char tmpbuf[INET_NTOA_BUF_LEN];
+    char tmpbuf[TOR_ADDR_BUF_LEN];
+    const char *ip = "176.192.208.224";
     struct in_addr in;
-    tor_inet_aton("18.244.0.188",&in);
-    tor_inet_ntoa(&in, tmpbuf, sizeof(tmpbuf));
-    test_streq(tmpbuf, "18.244.0.188");
+    tor_inet_pton(AF_INET, ip, &in);
+    tor_inet_ntop(AF_INET, &in, tmpbuf, sizeof(tmpbuf));
+    test_streq(tmpbuf, ip);
   }
 
   /* Test 'escaped' */
@@ -1027,12 +1028,67 @@ _test_eq_ip6(struct in6_addr *a, struct in6_addr *b, const char *e1,
     test_eq_ip6(&a1, &a2);                                              \
   STMT_END
 
+/*XXXX020 make this macro give useful output on failure, and follow the
+ * conventions of the other test macros.  */
+#define test_internal_ip(a,b) STMT_BEGIN             \
+    r = tor_inet_pton(AF_INET6, a, &t1.sa6.sin6_addr); \
+    test_assert(r==1);                               \
+    t1.sa6.sin6_family = AF_INET6;                   \
+    r = tor_addr_is_internal(&t1, b);                \
+    test_assert(r==1);                               \
+  STMT_END
+
+/*XXXX020 make this macro give useful output on failure, and follow the
+ * conventions of the other test macros.  */
+#define test_external_ip(a,b) STMT_BEGIN             \
+    r = tor_inet_pton(AF_INET6, a, &t1.sa6.sin6_addr); \
+    test_assert(r==1);                               \
+    t1.sa6.sin6_family = AF_INET6;                   \
+    r = tor_addr_is_internal(&t1, b);                \
+    test_assert(r==0);                               \
+  STMT_END
+
+/*XXXX020 make this macro give useful output on failure, and follow the
+ * conventions of the other test macros.  */
+#define test_addr_convert6(a,b) STMT_BEGIN           \
+    tor_inet_pton(AF_INET6, a, &t1.sa6.sin6_addr);   \
+    tor_inet_pton(AF_INET6, b, &t2.sa6.sin6_addr);   \
+    t1.sa6.sin6_family = AF_INET6;                   \
+    t2.sa6.sin6_family = AF_INET6;                   \
+  STMT_END
+
+/*XXXX020 make this macro give useful output on failure, and follow the
+ * conventions of the other test macros. */
+#define test_addr_parse(xx) STMT_BEGIN                                \
+    r=tor_addr_parse_mask_ports(xx, &t1, &mask, &port1, &port2);      \
+    t2.sa6.sin6_family = AF_INET6;                                    \
+    p1=tor_inet_ntop(AF_INET6, &t1.sa6.sin6_addr, bug, sizeof(bug));  \
+  STMT_END
+
+/*XXXX020 make this macro give useful output on failure, and follow the
+ * conventions of the other test macros. */
+#define test_addr_parse_check(ip1, ip2, ip3, ip4, mm, pt1, pt2) STMT_BEGIN  \
+    test_assert(r>=0);                                     \
+    test_eq(htonl(ip1), IN6_ADDR(&t1)->s6_addr32[0]);      \
+    test_eq(htonl(ip2), IN6_ADDR(&t1)->s6_addr32[1]);      \
+    test_eq(htonl(ip3), IN6_ADDR(&t1)->s6_addr32[2]);      \
+    test_eq(htonl(ip4), IN6_ADDR(&t1)->s6_addr32[3]);      \
+    test_eq(mask, mm);                                     \
+    test_eq(port1, pt1);                                   \
+    test_eq(port2, pt2);                                   \
+  STMT_END
+
 static void
 test_ip6_helpers(void)
 {
-  char buf[64];
+  char buf[TOR_ADDR_BUF_LEN], bug[TOR_ADDR_BUF_LEN];
   struct in6_addr a1, a2;
+  tor_addr_t t1, t2;
   int r, i;
+  uint16_t port1, port2;
+  maskbits_t mask;
+  const char *p1;
+
   //  struct in_addr b1, b2;
   /* Test tor_inet_ntop and tor_inet_pton: IPv6 */
 
@@ -1066,8 +1122,13 @@ test_ip6_helpers(void)
   test_ntop6_reduces("0001:0099:BEEF:0006:0123:FFFF:0001:0001",
                      "1:99:beef:6:123:ffff:1:1");
 
-  test_ntop6_reduces("0:0:0:0:0:0:c0a8:0101", "::192.168.1.1");
+  //test_ntop6_reduces("0:0:0:0:0:0:c0a8:0101", "::192.168.1.1");
   test_ntop6_reduces("0:0:0:0:0:ffff:c0a8:0101", "::ffff:192.168.1.1");
+  test_ntop6_reduces("002:0:0000:0:3::4", "2::3:0:0:4");
+  test_ntop6_reduces("0:0::3", "::3");
+  test_ntop6_reduces("008:0::0", "8::");
+  test_ntop6_reduces("0:0:0:0:0:ffff::1", "::ffff:0.0.0.1");
+  test_ntop6_reduces("abcd:0:0:0:0:0:7f00::", "abcd::7f00:0");
   test_ntop6_reduces("0000:0000:0000:0000:0009:C0A8:0001:0001",
                      "::9:c0a8:1:1");
   test_ntop6_reduces("fe80:0000:0000:0000:0202:1111:0001:0001",
@@ -1080,7 +1141,7 @@ test_ip6_helpers(void)
   test_pton6_bad("55555::");
   test_pton6_bad("9:-60::");
   test_pton6_bad("1:2:33333:4:0002:3::");
-  // test_pton6_bad("1:2:3333:4:00002:3::"); //XXXX not bad.
+  //test_pton6_bad("1:2:3333:4:00002:3::");// BAD, but glibc doesn't say so.
   test_pton6_bad("1:2:3333:4:fish:3::");
   test_pton6_bad("1:2:3:4:5:6:7:8:9");
   test_pton6_bad("1:2:3:4:5:6:7");
@@ -1090,6 +1151,130 @@ test_ip6_helpers(void)
   test_pton6_bad("::1.2.3.4.5");
   test_pton6_bad("99");
   test_pton6_bad("");
+  test_pton6_bad("1::2::3:4");
+  test_pton6_bad("a:::b:c");
+  test_pton6_bad(":::a:b:c");
+  test_pton6_bad("a:b:c:::");
+
+  /* test internal checking */
+  test_external_ip("fbff:ffff::2:7", 0);
+  test_internal_ip("fc01::2:7", 0);
+  test_internal_ip("fdff:ffff::f:f", 0);
+  test_external_ip("fe00::3:f", 0);
+
+  test_external_ip("fe7f:ffff::2:7", 0);
+  test_internal_ip("fe80::2:7", 0);
+  test_internal_ip("febf:ffff::f:f", 0);
+
+  test_internal_ip("fec0::2:7:7", 0);
+  test_internal_ip("feff:ffff::e:7:7", 0);
+  test_external_ip("ff00::e:7:7", 0);
+
+  test_internal_ip("::", 0);
+  test_internal_ip("::1", 0);
+  test_internal_ip("::1", 1);
+  test_internal_ip("::", 0);
+  test_external_ip("::", 1);
+  test_external_ip("::2", 0);
+  test_external_ip("2001::", 0);
+  test_external_ip("ffff::", 0);
+
+  test_external_ip("::ffff:0.0.0.0", 1);
+  test_internal_ip("::ffff:0.0.0.0", 0);
+  test_internal_ip("::ffff:0.255.255.255", 0);
+  test_external_ip("::ffff:1.0.0.0", 0);
+
+  test_external_ip("::ffff:9.255.255.255", 0);
+  test_internal_ip("::ffff:10.0.0.0", 0);
+  test_internal_ip("::ffff:10.255.255.255", 0);
+  test_external_ip("::ffff:11.0.0.0", 0);
+
+  test_external_ip("::ffff:126.255.255.255", 0);
+  test_internal_ip("::ffff:127.0.0.0", 0);
+  test_internal_ip("::ffff:127.255.255.255", 0);
+  test_external_ip("::ffff:128.0.0.0", 0);
+
+  test_external_ip("::ffff:172.15.255.255", 0);
+  test_internal_ip("::ffff:172.16.0.0", 0);
+  test_internal_ip("::ffff:172.31.255.255", 0);
+  test_external_ip("::ffff:172.32.0.0", 0);
+
+  test_external_ip("::ffff:192.167.255.255", 0);
+  test_internal_ip("::ffff:192.168.0.0", 0);
+  test_internal_ip("::ffff:192.168.255.255", 0);
+  test_external_ip("::ffff:192.169.0.0", 0);
+
+  test_external_ip("::ffff:169.253.255.255", 0);
+  test_internal_ip("::ffff:169.254.0.0", 0);
+  test_internal_ip("::ffff:169.254.255.255", 0);
+  test_external_ip("::ffff:169.255.0.0", 0);
+
+  /* tor_addr_compare(tor_addr_t x2) */
+  test_addr_convert6("ffff::", "ffff::0");
+  test_assert(tor_addr_compare(&t1, &t2) == 0);
+  test_addr_convert6("0::3:2:1", "0::ffff:0.3.2.1");
+  test_assert(tor_addr_compare(&t1, &t2) > 0);
+  test_addr_convert6("0::2:2:1", "0::ffff:0.3.2.1");
+  test_assert(tor_addr_compare(&t1, &t2) > 0);
+  test_addr_convert6("0::ffff:0.3.2.1", "0::0:0:0");
+  test_assert(tor_addr_compare(&t1, &t2) < 0);
+  test_addr_convert6("0::ffff:5.2.2.1", "::ffff:6.0.0.0");
+  test_assert(tor_addr_compare(&t1, &t2) < 0); /* XXXX wrong. */
+  tor_addr_parse_mask_ports("[::ffff:2.3.4.5]", &t1, NULL, NULL, NULL);
+  tor_addr_parse_mask_ports("2.3.4.5", &t2, NULL, NULL, NULL);
+  test_assert(tor_addr_compare(&t1, &t2) == 0);
+  tor_addr_parse_mask_ports("[::ffff:2.3.4.4]", &t1, NULL, NULL, NULL);
+  tor_addr_parse_mask_ports("2.3.4.5", &t2, NULL, NULL, NULL);
+  test_assert(tor_addr_compare(&t1, &t2) < 0);
+
+  /* XXXX020 test compare_masked */
+
+  /* test tor_addr_parse_mask_ports */
+  test_addr_parse("[::f]/17:47-95");
+  test_addr_parse_check(0, 0, 0, 0x0000000f, 17, 47, 95);
+  //test_addr_parse("[::fefe:4.1.1.7/120]:999-1000");
+  //test_addr_parse_check("::fefe:401:107", 120, 999, 1000);
+  test_addr_parse("[::ffff:4.1.1.7]/120:443");
+  test_addr_parse_check(0, 0, 0x0000ffff, 0x04010107, 120, 443, 443);
+  test_addr_parse("[abcd:2::44a:0]:2-65000");
+  test_addr_parse_check(0xabcd0002, 0, 0, 0x044a0000, 128, 2, 65000);
+
+  r=tor_addr_parse_mask_ports("[fefef::]/112", &t1, NULL, NULL, NULL);
+  test_assert(r == -1);
+  r=tor_addr_parse_mask_ports("efef::/112", &t1, NULL, NULL, NULL);
+  test_assert(r == -1);
+  r=tor_addr_parse_mask_ports("[f:f:f:f:f:f:f:f::]", &t1, NULL, NULL, NULL);
+  test_assert(r == -1);
+  r=tor_addr_parse_mask_ports("[::f:f:f:f:f:f:f:f]", &t1, NULL, NULL, NULL);
+  test_assert(r == -1);
+  r=tor_addr_parse_mask_ports("[f:f:f:f:f:f:f:f:f]", &t1, NULL, NULL, NULL);
+  test_assert(r == -1);
+  /* Test for V4-mapped address with mask < 96.  (arguably not valid) */
+  r=tor_addr_parse_mask_ports("[::ffff:1.1.2.2/33]", &t1, &mask, NULL, NULL);
+  test_assert(r == -1);
+  r=tor_addr_parse_mask_ports("1.1.2.2/33", &t1, &mask, NULL, NULL);
+  test_assert(r == -1);
+  r=tor_addr_parse_mask_ports("1.1.2.2/31", &t1, &mask, NULL, NULL);
+  test_assert(r == AF_INET);
+  r=tor_addr_parse_mask_ports("[efef::]/112", &t1, &mask, &port1, &port2);
+  test_assert(r == AF_INET6);
+  test_assert(port1 == 1);
+  test_assert(port2 == 65535);
+
+  /* make sure inet address lengths >= max */
+  test_assert(INET_NTOA_BUF_LEN >= sizeof("255.255.255.255"));
+  test_assert(TOR_ADDR_BUF_LEN >=
+              sizeof("ffff:ffff:ffff:ffff:ffff:ffff:255.255.255.255"));
+
+  test_assert(sizeof(tor_addr_t) >= sizeof(struct sockaddr_in6));
+
+  /* get interface addresses */
+  r = get_interface_address6(0, AF_INET, &t1);
+  i = get_interface_address6(0, AF_INET6, &t2);
+  tor_inet_ntop(AF_INET, &t1.sa.sin_addr, buf, sizeof(buf));
+  printf("\nv4 address: %s  (family=%i)", buf, IN_FAMILY(&t1));
+  tor_inet_ntop(AF_INET6, &t2.sa6.sin6_addr, buf, sizeof(buf));
+  printf("\nv6 address: %s  (family=%i)", buf, IN_FAMILY(&t2));
 }
 
 static void
@@ -1915,7 +2100,7 @@ test_dir_format(void)
   ex1.next = &ex2;
   ex2.policy_type = ADDR_POLICY_REJECT;
   ex2.addr = 18 << 24;
-  ex2.msk = 0xFF000000u;
+  ex2.msk = 0xff000000u;
   ex2.prt_min = ex2.prt_max = 24;
   ex2.next = NULL;
   r2.address = tor_strdup("1.1.1.1");
@@ -2526,12 +2711,14 @@ static void
 test_policies(void)
 {
   addr_policy_t *policy, *policy2;
+  tor_addr_t tar;
   config_line_t line;
 
   policy = router_parse_addr_policy_from_string("reject 192.168.0.0/16:*",-1);
   test_eq(NULL, policy->next);
   test_eq(ADDR_POLICY_REJECT, policy->policy_type);
-  test_eq(0xc0a80000u, policy->addr);
+  tor_addr_from_ipv4(&tar, 0xc0a80000u);
+  test_assert(policy->addr == 0xc0a80000u);
   test_eq(0xffff0000u, policy->msk);
   test_eq(1, policy->prt_min);
   test_eq(65535, policy->prt_max);