[or-cvs] Refactor and consolidate addr/exit policies into a new poli...
arma at seul.org
arma at seul.org
Mon Mar 27 02:25:36 UTC 2006
Update of /home2/or/cvsroot/tor/src/or
In directory moria:/home/arma/work/onion/cvs/tor/src/or
Modified Files:
Makefile.am circuitbuild.c circuituse.c config.c
connection_edge.c directory.c dirserv.c main.c or.h router.c
routerlist.c routerparse.c test.c
Added Files:
policies.c
Log Message:
Refactor and consolidate addr/exit policies into a new policies.c.
Fix some minor bugs and memory leaks along the way.
Index: Makefile.am
===================================================================
RCS file: /home2/or/cvsroot/tor/src/or/Makefile.am,v
retrieving revision 1.39
retrieving revision 1.40
diff -u -p -d -r1.39 -r1.40
--- Makefile.am 20 Dec 2005 07:17:42 -0000 1.39
+++ Makefile.am 27 Mar 2006 02:25:33 -0000 1.40
@@ -8,7 +8,7 @@ tor_SOURCES = buffers.c circuitbuild.c c
circuituse.c command.c config.c \
connection.c connection_edge.c connection_or.c control.c \
cpuworker.c directory.c dirserv.c dns.c hibernate.c main.c \
- onion.c relay.c rendcommon.c rendclient.c rendmid.c \
+ onion.c policies.c relay.c rendcommon.c rendclient.c rendmid.c \
rendservice.c rephist.c router.c routerlist.c routerparse.c \
tor_main.c
@@ -18,7 +18,7 @@ test_SOURCES = buffers.c circuitbuild.c
circuituse.c command.c config.c \
connection.c connection_edge.c connection_or.c control.c \
cpuworker.c directory.c dirserv.c dns.c hibernate.c main.c \
- onion.c relay.c rendcommon.c rendclient.c rendmid.c \
+ onion.c policies.c relay.c rendcommon.c rendclient.c rendmid.c \
rendservice.c rephist.c router.c routerlist.c routerparse.c \
test.c
Index: circuitbuild.c
===================================================================
RCS file: /home2/or/cvsroot/tor/src/or/circuitbuild.c,v
retrieving revision 1.228
retrieving revision 1.229
diff -u -p -d -r1.228 -r1.229
--- circuitbuild.c 26 Mar 2006 06:51:26 -0000 1.228
+++ circuitbuild.c 27 Mar 2006 02:25:33 -0000 1.229
@@ -1079,7 +1079,7 @@ router_handles_some_port(routerinfo_t *r
addr_policy_result_t r;
port = *(uint16_t *)smartlist_get(needed_ports, i);
tor_assert(port);
- r = router_compare_addr_to_addr_policy(0, port, router->exit_policy);
+ r = compare_addr_to_addr_policy(0, port, router->exit_policy);
if (r != ADDR_POLICY_REJECTED && r != ADDR_POLICY_PROBABLY_REJECTED)
return 1;
}
Index: circuituse.c
===================================================================
RCS file: /home2/or/cvsroot/tor/src/or/circuituse.c,v
retrieving revision 1.122
retrieving revision 1.123
diff -u -p -d -r1.122 -r1.123
--- circuituse.c 22 Mar 2006 04:09:30 -0000 1.122
+++ circuituse.c 27 Mar 2006 02:25:34 -0000 1.123
@@ -311,7 +311,7 @@ circuit_stream_is_being_handled(connecti
if (conn) {
ok = connection_ap_can_use_exit(conn, exitrouter);
} else {
- addr_policy_result_t r = router_compare_addr_to_addr_policy(
+ addr_policy_result_t r = compare_addr_to_addr_policy(
0, port, exitrouter->exit_policy);
ok = r != ADDR_POLICY_REJECTED && r != ADDR_POLICY_PROBABLY_REJECTED;
}
Index: config.c
===================================================================
RCS file: /home2/or/cvsroot/tor/src/or/config.c,v
retrieving revision 1.546
retrieving revision 1.547
diff -u -p -d -r1.546 -r1.547
--- config.c 26 Mar 2006 08:09:19 -0000 1.546
+++ config.c 27 Mar 2006 02:25:34 -0000 1.547
@@ -367,9 +367,6 @@ static int check_nickname_list(const cha
static void config_register_addressmaps(or_options_t *options);
static int parse_dir_server_line(const char *line, int validate_only);
-static int config_cmp_single_addr_policy(addr_policy_t *a, addr_policy_t *b);
-static int config_addr_policy_covers(addr_policy_t *a, addr_policy_t *b);
-static int config_addr_policy_intersects(addr_policy_t *a, addr_policy_t *b);
static int parse_redirect_line(smartlist_t *result,
config_line_t *line, char **msg);
static int parse_log_severity_range(const char *range, int *min_out,
@@ -392,7 +389,6 @@ static int or_state_validate(or_state_t
static uint64_t config_parse_memunit(const char *s, int *ok);
static int config_parse_interval(const char *s, int *ok);
static void print_cvs_version(void);
-static void parse_reachable_addresses(void);
static void init_libevent(void);
static int opt_streq(const char *s1, const char *s2);
#if defined(HAVE_EVENT_GET_VERSION) && defined(HAVE_EVENT_GET_METHOD)
@@ -441,12 +437,6 @@ static or_options_t *global_options = NU
static char *torrc_fname = NULL;
/** Persistent serialized state. */
static or_state_t *global_state = NULL;
-/** Parsed addr_policy_t describing which addresses we believe we can start
- * circuits at. */
-static addr_policy_t *reachable_or_addr_policy = NULL;
-/** Parsed addr_policy_t describing which addresses we believe we can connect
- * to directories at. */
-static addr_policy_t *reachable_dir_addr_policy = NULL;
/** Allocate an empty configuration object of a given format type. */
static void *
@@ -507,14 +497,6 @@ config_free_all(void)
global_state = NULL;
}
tor_free(torrc_fname);
- if (reachable_or_addr_policy) {
- addr_policy_free(reachable_or_addr_policy);
- reachable_or_addr_policy = NULL;
- }
- if (reachable_dir_addr_policy) {
- addr_policy_free(reachable_dir_addr_policy);
- reachable_dir_addr_policy = NULL;
- }
}
/** If options->SafeLogging is on, return a not very useful string,
@@ -763,10 +745,7 @@ options_act(or_options_t *old_options)
config_register_addressmaps(options);
/* Update address policies. */
- parse_socks_policy();
- parse_dir_policy();
- parse_authdir_policy();
- parse_reachable_addresses();
+ policies_parse_from_options(options);
init_cookie_authentication(options->CookieAuthentication);
@@ -1976,98 +1955,6 @@ validate_ports_csv(smartlist_t *sl, cons
return 0;
}
-/** Helper: parse the Reachable(Dir|OR)?Addresses fields into
- * reachable_(or|dir)_addr_policy. */
-static void
-parse_reachable_addresses(void)
-{
- or_options_t *options = get_options();
-
- if (options->ReachableDirAddresses &&
- options->ReachableORAddresses &&
- options->ReachableAddresses) {
- log_warn(LD_CONFIG,
- "Both ReachableDirAddresses and ReachableORAddresses are set. "
- "ReachableAddresses setting will be ignored.");
- }
- addr_policy_free(reachable_or_addr_policy);
- reachable_or_addr_policy = NULL;
- if (!options->ReachableORAddresses && options->ReachableAddresses)
- log_info(LD_CONFIG,
- "Using ReachableAddresses as ReachableORAddresses.");
- if (config_parse_addr_policy(options->ReachableORAddresses ?
- options->ReachableORAddresses :
- options->ReachableAddresses,
- &reachable_or_addr_policy,
- ADDR_POLICY_ACCEPT)) {
- log_warn(LD_CONFIG,
- "Error parsing Reachable%sAddresses entry; ignoring.",
- options->ReachableORAddresses ? "OR" : "");
- }
-
- addr_policy_free(reachable_dir_addr_policy);
- reachable_dir_addr_policy = NULL;
- if (!options->ReachableDirAddresses && options->ReachableAddresses)
- log_info(LD_CONFIG,
- "Using ReachableAddresses as ReachableDirAddresses");
- if (config_parse_addr_policy(options->ReachableDirAddresses ?
- options->ReachableDirAddresses :
- options->ReachableAddresses,
- &reachable_dir_addr_policy,
- ADDR_POLICY_ACCEPT)) {
- if (options->ReachableDirAddresses)
- log_warn(LD_CONFIG,
- "Error parsing ReachableDirAddresses entry; ignoring.");
- }
-}
-
-/** Return true iff the firewall options might block any address:port
- * combination.
- */
-int
-firewall_is_fascist_or(void)
-{
- return !!reachable_or_addr_policy;
-}
-
-/** Return true iff <b>policy</b> (possibly NULL) will allow a
- * connection to <b>addr</b>:<b>port</b>.
- */
-static int
-_fascist_firewall_allows_address(uint32_t addr, uint16_t port,
- addr_policy_t *policy)
-{
- addr_policy_result_t p;
-
- p = router_compare_addr_to_addr_policy(addr, port, policy);
-
- switch (p) {
- case ADDR_POLICY_PROBABLY_ACCEPTED:
- case ADDR_POLICY_ACCEPTED:
- return 1;
- case ADDR_POLICY_PROBABLY_REJECTED:
- case ADDR_POLICY_REJECTED:
- return 0;
- default:
- log_warn(LD_BUG, "Unexpected result: %d", (int)p);
- return 0;
- }
-}
-
-int
-fascist_firewall_allows_address_or(uint32_t addr, uint16_t port)
-{
- return _fascist_firewall_allows_address(addr, port,
- reachable_or_addr_policy);
-}
-
-int
-fascist_firewall_allows_address_dir(uint32_t addr, uint16_t port)
-{
- return _fascist_firewall_allows_address(addr, port,
- reachable_dir_addr_policy);
-}
-
/** Lowest allowable value for DirFetchPeriod; if this is too low, clients can
* overload the directory system. */
#define MIN_DIR_FETCH_PERIOD (10*60)
@@ -2104,7 +1991,6 @@ options_validate(or_options_t *old_optio
{
int i, r;
config_line_t *cl;
- addr_policy_t *addr_policy=NULL;
const char *uname;
char buf[1024];
#define REJECT(arg) \
@@ -2539,33 +2425,8 @@ options_validate(or_options_t *old_optio
return -1;
}
- if (config_parse_exit_policy(options->ExitPolicy, &addr_policy,
- options->ExitPolicyRejectPrivate))
- REJECT("Error in ExitPolicy entry.");
-
- /* The rest of these calls *append* to addr_policy. So don't actually
- * use the results for anything other than checking if they parse! */
- if (config_parse_addr_policy(options->DirPolicy, &addr_policy, -1))
- REJECT("Error in DirPolicy entry.");
- if (config_parse_addr_policy(options->SocksPolicy, &addr_policy, -1))
- REJECT("Error in SocksPolicy entry.");
- if (config_parse_addr_policy(options->ReachableAddresses, &addr_policy,
- ADDR_POLICY_ACCEPT))
- REJECT("Error in ReachableAddresses entry.");
- if (config_parse_addr_policy(options->ReachableORAddresses, &addr_policy,
- ADDR_POLICY_ACCEPT))
- REJECT("Error in ReachableORAddresses entry.");
- if (config_parse_addr_policy(options->ReachableDirAddresses, &addr_policy,
- ADDR_POLICY_ACCEPT))
- REJECT("Error in ReachableDirAddresses entry.");
- if (config_parse_addr_policy(options->AuthDirReject, &addr_policy,
- ADDR_POLICY_REJECT))
- REJECT("Error in AuthDirReject entry.");
- if (config_parse_addr_policy(options->AuthDirInvalid, &addr_policy,
- ADDR_POLICY_REJECT))
- REJECT("Error in AuthDirInvalid entry.");
-
- addr_policy_free(addr_policy);
+ if (validate_addr_policies(options, msg) < 0)
+ return -1;
for (cl = options->RedirectExit; cl; cl = cl->next) {
if (parse_redirect_line(NULL, cl, msg)<0)
@@ -3261,326 +3122,6 @@ normalize_log_options(or_options_t *opti
return 0;
}
-/** Add the exit policy described by <b>more</b> to <b>policy</b>.
- */
-static void
-options_append_exit_policy_string(addr_policy_t **policy, const char *more)
-{
- config_line_t tmp;
-
- tmp.key = NULL;
- tmp.value = (char*) more;
- tmp.next = NULL;
- config_parse_addr_policy(&tmp, policy, -1);
-}
-
-static int
-config_expand_exit_policy_aliases(smartlist_t *entries, int assume_action)
-{
- static const char *prefixes[] = {
- "0.0.0.0/8", "169.254.0.0/16",
- "127.0.0.0/8", "192.168.0.0/16", "10.0.0.0/8", "172.16.0.0/12",NULL };
- int i;
- char *pre=NULL, *post=NULL;
- int expanded_any = 0;
- pre = smartlist_join_strings(entries,",",0,NULL);
- for (i = 0; i < smartlist_len(entries); ++i) {
- char *v = smartlist_get(entries, i);
- const char *cp, *ports;
- const char *action;
- int prefix_idx;
- if (!strcasecmpstart(v, "accept")) {
- action = "accept ";
- cp = v+strlen("accept");
- } else if (!strcasecmpstart(v, "reject")) {
- action = "reject ";
- cp = v+strlen("reject");
- } else if (assume_action >= 0) {
- action = "";
- cp = v;
- } else {
- log_warn(LD_CONFIG,"Policy '%s' didn't start with accept or reject.", v);
- tor_free(pre);
- return -1;
- }
- cp = eat_whitespace(cp);
- if (strcmpstart(cp, "private"))
- continue; /* No need to expand. */
- cp += strlen("private");
- cp = eat_whitespace(cp);
- if (*cp && *cp != ':')
- continue; /* It wasn't "private" after all. */
- ports = cp;
- /* Okay. We're going to replace entries[i] with a bunch of new entries,
- * in order. */
- smartlist_del_keeporder(entries, i);
- for (prefix_idx = 0; prefixes[prefix_idx]; ++prefix_idx) {
- size_t replacement_len = 16+strlen(prefixes[prefix_idx])+strlen(ports);
- char *replacement = tor_malloc(replacement_len);
- tor_snprintf(replacement, replacement_len, "%s%s%s",
- action, prefixes[prefix_idx], ports);
- smartlist_insert(entries, i++, replacement);
- }
- tor_free(v);
- expanded_any = 1;
- --i;
- }
- post = smartlist_join_strings(entries,",",0,NULL);
- if (expanded_any)
- log_info(LD_CONFIG, "Expanded '%s' to '%s'", pre, post);
- tor_free(pre);
- tor_free(post);
- return expanded_any;
-}
-
-/** Detect and excise "dead code" from the policy *<b>dest</b>. */
-static void
-config_exit_policy_remove_redundancies(addr_policy_t **dest)
-{
- addr_policy_t *ap, *tmp, *victim, *previous;
-
- /* Step one: find a *:* entry and cut off everything after it. */
- for (ap=*dest; ap; ap=ap->next) {
- if (ap->msk == 0 && ap->prt_min <= 1 && ap->prt_max >= 65535) {
- /* This is a catch-all line -- later lines are unreachable. */
- if (ap->next) {
- addr_policy_free(ap->next);
- ap->next = NULL;
- }
- }
- }
-
- /* Step two: for every entry, see if there's a redundant entry
- * later on, and remove it. */
- for (ap=*dest; ap; ap=ap->next) {
- tmp=ap;
- while (tmp) {
- if (tmp->next && config_addr_policy_covers(ap, tmp->next)) {
- log(LOG_INFO, LD_CONFIG, "Removing exit policy %s. It is made "
- "redundant by %s.", tmp->next->string, ap->string);
- victim = tmp->next;
- tmp->next = victim->next;
- victim->next = NULL;
- addr_policy_free(victim);
- } else {
- tmp=tmp->next;
- }
- }
- }
-
- /* Step three: for every entry A, see if there's an entry B making this one
- * redundant later on. This is the case if A and B are of the same type
- * (accept/reject), A is a subset of B, and there is no other entry of
- * different type in between those two that intersects with A.
- *
- * Anybody want to doublecheck the logic here? XXX
- */
- ap = *dest;
- previous = NULL;
- while (ap) {
- for (tmp=ap->next; tmp; tmp=tmp->next) {
- if (ap->policy_type != tmp->policy_type &&
- config_addr_policy_intersects(ap, tmp)) {
- tmp = NULL; /* so that we advance previous and ap */
- break;
- }
- if (ap->policy_type == tmp->policy_type &&
- config_addr_policy_covers(tmp, ap)) {
- log(LOG_INFO, LD_CONFIG, "Removing exit policy %s. It is made "
- "redundant by %s.", ap->string, tmp->string);
- victim = ap;
- ap = ap->next;
-
- if (previous) {
- assert(previous->next == victim);
- previous->next = victim->next;
- } else {
- assert(*dest == victim);
- *dest = victim->next;
- }
-
- victim->next = NULL;
- addr_policy_free(victim);
- break;
- }
- }
- if (!tmp) {
- previous = ap;
- ap = ap->next;
- }
- }
-}
-
-#define DEFAULT_EXIT_POLICY \
- "reject *:25,reject *:119,reject *:135-139,reject *:445," \
- "reject *:465,reject *:587,reject *:1214,reject *:4661-4666," \
- "reject *:6346-6429,reject *:6699,reject *:6881-6999,accept *:*"
-
-/** Parse the exit policy <b>cfg</b> into the linked list *<b>dest</b>. If
- * cfg doesn't end in an absolute accept or reject, add the default exit
- * policy afterwards. If <b>rejectprivate</b> is true, prepend
- * "reject private:*" to the policy. Return -1 if we can't parse cfg,
- * else return 0.
- *
- */
-int
-config_parse_exit_policy(config_line_t *cfg, addr_policy_t **dest,
- int rejectprivate)
-{
- if (rejectprivate)
- options_append_exit_policy_string(dest, "reject private:*");
- if (config_parse_addr_policy(cfg, dest, -1))
- return -1;
- options_append_exit_policy_string(dest, DEFAULT_EXIT_POLICY);
-
- config_exit_policy_remove_redundancies(dest);
- return 0;
-}
-
-/**
- * Given a linked list of config lines containing "allow" and "deny" tokens,
- * parse them and append the result to <b>dest</b>. Return -1 if any tokens
- * are malformed, else return 0.
- */
-int
-config_parse_addr_policy(config_line_t *cfg,
- addr_policy_t **dest,
- int assume_action)
-{
- addr_policy_t **nextp;
- smartlist_t *entries;
- int r = 0;
-
- if (!cfg)
- return 0;
-
- nextp = dest;
-
- while (*nextp)
- nextp = &((*nextp)->next);
-
- entries = smartlist_create();
- for (; cfg; cfg = cfg->next) {
- smartlist_split_string(entries, cfg->value, ",",
- SPLIT_SKIP_SPACE|SPLIT_IGNORE_BLANK, 0);
- if (config_expand_exit_policy_aliases(entries,assume_action)<0) {
- r = -1;
- continue;
- }
- SMARTLIST_FOREACH(entries, const char *, ent,
- {
- log_debug(LD_CONFIG,"Adding new entry '%s'",ent);
- *nextp = router_parse_addr_policy_from_string(ent, assume_action);
- if (*nextp) {
- if (addr_mask_get_bits((*nextp)->msk)<0) {
- log_warn(LD_CONFIG, "Address policy element '%s' can't be expressed "
- "as a bit prefix.", ent);
- }
- /* Advance nextp to the end of the policy. */
- while (*nextp)
- nextp = &((*nextp)->next);
- } else {
- log_warn(LD_CONFIG,"Malformed policy '%s'.", ent);
- r = -1;
- }
- });
- SMARTLIST_FOREACH(entries, char *, ent, tor_free(ent));
- smartlist_clear(entries);
- }
- smartlist_free(entries);
- return r;
-}
-
-/** Compare two provided address policy items, and return -1, 0, or 1
- * if the first is less than, equal to, or greater than the second. */
-static int
-config_cmp_single_addr_policy(addr_policy_t *a, addr_policy_t *b)
-{
- int r;
- if ((r=((int)a->policy_type - (int)b->policy_type)))
- return r;
- if ((r=((int)a->addr - (int)b->addr)))
- return r;
- if ((r=((int)a->msk - (int)b->msk)))
- return r;
- if ((r=((int)a->prt_min - (int)b->prt_min)))
- return r;
- if ((r=((int)a->prt_max - (int)b->prt_max)))
- return r;
- return 0;
-}
-
-/** Return true iff the address policy <b>a</b> covers every case that would be
- * covered by <b>b</b>, so that a,b is redundant. */
-static int
-config_addr_policy_covers(addr_policy_t *a, addr_policy_t *b)
-{
-
- /* We can ignore accept/reject, since "accept *:80, reject *:80" reduces to
- * "accept *:80". */
- if (a->msk & ~b->msk) {
- /* There's a wildcard bit in b->msk that's not a wildcard in a. */
- return 0;
- }
- if ((a->addr & a->msk) != (b->addr & a->msk)) {
- /* There's a fixed bit in a that's set differently in b. */
- return 0;
- }
- return (a->prt_min <= b->prt_min && a->prt_max >= b->prt_max);
-}
-
-/** Return true iff the address policies <b>a</b> and <b>b</b> intersect, that
- * is, there exists an address/port that is covered by <b>a</b> that is also
- * covered by <b>b</b>.
- */
-static int
-config_addr_policy_intersects(addr_policy_t *a, addr_policy_t *b)
-{
- /* All the bits we care about are those that are set in both
- * netmasks. If they are equal in a and b's networkaddresses
- * then the networks intersect. If there is a difference,
- * then they do not. */
- if (((a->addr ^ b->addr) & a->msk & b->msk) != 0)
- return 0;
- if (a->prt_max < b->prt_min || b->prt_max < a->prt_min)
- return 0;
- return 1;
-}
-
-/** Like config_cmp_single_addr_policy() above, but looks at the
- * whole set of policies in each case. */
-int
-config_cmp_addr_policies(addr_policy_t *a, addr_policy_t *b)
-{
- int r;
- while (a && b) {
- if ((r=config_cmp_single_addr_policy(a,b)))
- return r;
- a = a->next;
- b = b->next;
- }
- if (!a && !b)
- return 0;
- if (a)
- return -1;
- else
- return 1;
-}
-
-/** Release all storage held by <b>p</b> */
-void
-addr_policy_free(addr_policy_t *p)
-{
- addr_policy_t *e;
-
- while (p) {
- e = p;
- p = p->next;
- tor_free(e->string);
- tor_free(e);
- }
-}
-
/** Parse a single RedirectExit line's contents from <b>line</b>. If
* they are valid, and <b>result</b> is not NULL, add an element to
* <b>result</b> and return 0. Else if they are valid, return 0.
@@ -4333,6 +3874,7 @@ print_cvs_version(void)
extern const char hibernate_c_id[];
extern const char main_c_id[];
extern const char onion_c_id[];
+ extern const char policies_c_id[];
extern const char relay_c_id[];
extern const char rendclient_c_id[];
extern const char rendcommon_c_id[];
@@ -4381,6 +3923,7 @@ print_cvs_version(void)
puts(hibernate_c_id);
puts(main_c_id);
puts(onion_c_id);
+ puts(policies_c_id);
puts(relay_c_id);
puts(rendclient_c_id);
puts(rendcommon_c_id);
Index: connection_edge.c
===================================================================
RCS file: /home2/or/cvsroot/tor/src/or/connection_edge.c,v
retrieving revision 1.391
retrieving revision 1.392
diff -u -p -d -r1.391 -r1.392
--- connection_edge.c 21 Mar 2006 23:27:43 -0000 1.391
+++ connection_edge.c 27 Mar 2006 02:25:34 -0000 1.392
@@ -13,7 +13,6 @@ const char connection_edge_c_id[] =
#include "or.h"
-static addr_policy_t *socks_policy = NULL;
/* List of exit_redirect_t */
static smartlist_t *redirect_exit_list = NULL;
@@ -1809,64 +1808,14 @@ connection_ap_can_use_exit(connection_t
addr_policy_result_t r;
if (tor_inet_aton(conn->socks_request->address, &in))
addr = ntohl(in.s_addr);
- r = router_compare_addr_to_addr_policy(addr, conn->socks_request->port,
- exit->exit_policy);
+ r = compare_addr_to_addr_policy(addr, conn->socks_request->port,
+ exit->exit_policy);
if (r == ADDR_POLICY_REJECTED || r == ADDR_POLICY_PROBABLY_REJECTED)
return 0;
}
return 1;
}
-/** A helper function for socks_policy_permits_address() below.
- *
- * Parse options->SocksPolicy in the same way that the exit policy
- * is parsed, and put the processed version in socks_policy.
- * Ignore port specifiers.
- */
-void
-parse_socks_policy(void)
-{
- addr_policy_t *n;
- if (socks_policy) {
- addr_policy_free(socks_policy);
- socks_policy = NULL;
- }
- config_parse_addr_policy(get_options()->SocksPolicy, &socks_policy, -1);
- /* ports aren't used. */
- for (n=socks_policy; n; n = n->next) {
- n->prt_min = 1;
- n->prt_max = 65535;
- }
-}
-
-/** Free all storage held by our SOCKS allow policy
- */
-void
-free_socks_policy(void)
-{
- addr_policy_free(socks_policy);
- socks_policy = NULL;
-}
-
-/** Return 1 if <b>addr</b> is permitted to connect to our socks port,
- * based on <b>socks_policy</b>. Else return 0.
- */
-int
-socks_policy_permits_address(uint32_t addr)
-{
- int a;
-
- if (!socks_policy) /* 'no socks policy' means 'accept' */
- return 1;
- a = router_compare_addr_to_addr_policy(addr, 1, socks_policy);
- if (a==ADDR_POLICY_REJECTED)
- return 0;
- else if (a==ADDR_POLICY_ACCEPTED)
- return 1;
- log_warn(LD_BUG, "Bug: Got unexpected 'maybe' answer from socks policy");
- return 0;
-}
-
/** Make connection redirection follow the provided list of
* exit_redirect_t */
void
Index: directory.c
===================================================================
RCS file: /home2/or/cvsroot/tor/src/or/directory.c,v
retrieving revision 1.364
retrieving revision 1.365
diff -u -p -d -r1.364 -r1.365
--- directory.c 22 Mar 2006 06:22:12 -0000 1.364
+++ directory.c 27 Mar 2006 02:25:34 -0000 1.365
@@ -54,60 +54,12 @@ static void note_request(const char *key
/********* START VARIABLES **********/
-static addr_policy_t *dir_policy = NULL;
-
/** How far in the future do we allow a directory server to tell us it is
* before deciding that one of us has the wrong time? */
#define ALLOW_DIRECTORY_TIME_SKEW (30*60)
/********* END VARIABLES ************/
-/** Parse get_options()->DirPolicy, and put the processed version in
- * &dir_policy. Ignore port specifiers.
- */
-void
-parse_dir_policy(void)
-{
- addr_policy_t *n;
- if (dir_policy) {
- addr_policy_free(dir_policy);
- dir_policy = NULL;
- }
- config_parse_addr_policy(get_options()->DirPolicy, &dir_policy, -1);
- /* ports aren't used. */
- for (n=dir_policy; n; n = n->next) {
- n->prt_min = 1;
- n->prt_max = 65535;
- }
-}
-
-/** Free storage used to hold parsed directory policy */
-void
-free_dir_policy(void)
-{
- addr_policy_free(dir_policy);
- dir_policy = NULL;
-}
-
-/** Return 1 if <b>addr</b> is permitted to connect to our dir port,
- * based on <b>dir_policy</b>. Else return 0.
- */
-int
-dir_policy_permits_address(uint32_t addr)
-{
- int a;
-
- if (!dir_policy) /* 'no dir policy' means 'accept' */
- return 1;
- a = router_compare_addr_to_addr_policy(addr, 1, dir_policy);
- if (a==ADDR_POLICY_REJECTED)
- return 0;
- else if (a==ADDR_POLICY_ACCEPTED)
- return 1;
- log_warn(LD_BUG, "Bug: got unexpected 'maybe' answer from dir policy");
- return 0;
-}
-
/** Return true iff the directory purpose 'purpose' must use an
* anonymous connection to a directory. */
static int
Index: dirserv.c
===================================================================
RCS file: /home2/or/cvsroot/tor/src/or/dirserv.c,v
retrieving revision 1.315
retrieving revision 1.316
diff -u -p -d -r1.315 -r1.316
--- dirserv.c 24 Mar 2006 20:57:55 -0000 1.315
+++ dirserv.c 27 Mar 2006 02:25:34 -0000 1.316
@@ -41,7 +41,6 @@ static char *format_versions_list(config
/* Should be static; exposed for testing */
int add_fingerprint_to_dir(const char *nickname, const char *fp,
smartlist_t *list);
-static int router_is_general_exit(routerinfo_t *ri);
static router_status_t dirserv_router_get_status(const routerinfo_t *router,
const char **msg);
static router_status_t
@@ -55,40 +54,6 @@ static int dirserv_thinks_router_is_reac
/************** Fingerprint handling code ************/
-static addr_policy_t *authdir_reject_policy = NULL;
-static addr_policy_t *authdir_invalid_policy = NULL;
-
-/** Parse authdir policy strings from the configuration.
- */
-void
-parse_authdir_policy(void)
-{
- addr_policy_t *n;
- if (authdir_reject_policy) {
- addr_policy_free(authdir_reject_policy);
- authdir_reject_policy = NULL;
- }
- config_parse_addr_policy(get_options()->AuthDirReject,
- &authdir_reject_policy, ADDR_POLICY_REJECT);
- /* ports aren't used. */
- for (n=authdir_reject_policy; n; n = n->next) {
- n->prt_min = 1;
- n->prt_max = 65535;
- }
-
- if (authdir_invalid_policy) {
- addr_policy_free(authdir_invalid_policy);
- authdir_invalid_policy = NULL;
- }
- config_parse_addr_policy(get_options()->AuthDirInvalid,
- &authdir_invalid_policy, ADDR_POLICY_REJECT);
- /* ports aren't used. */
- for (n=authdir_invalid_policy; n; n = n->next) {
- n->prt_min = 1;
- n->prt_max = 65535;
- }
-}
-
/** A member of fingerprint_list: maps a name to a fingerprint.
**/
typedef struct fingerprint_entry_t {
@@ -320,12 +285,7 @@ dirserv_get_status_impl(const char *fp,
}
if (!nn_ent) { /* No such server known with that nickname */
- addr_policy_result_t rej = router_compare_addr_to_addr_policy(
- addr, or_port, authdir_reject_policy);
- addr_policy_result_t inv = router_compare_addr_to_addr_policy(
- addr, or_port, authdir_invalid_policy);
-
- if (rej == ADDR_POLICY_PROBABLY_REJECTED || rej == ADDR_POLICY_REJECTED) {
+ if (!authdir_policy_permits_address(addr, or_port)) {
if (should_log)
log_info(LD_DIRSERV, "Rejecting '%s' because of address '%s'",
nickname, address);
@@ -333,7 +293,7 @@ dirserv_get_status_impl(const char *fp,
*msg = "Authdir is rejecting routers in this range.";
return FP_REJECT;
}
- if (inv == ADDR_POLICY_PROBABLY_REJECTED || inv == ADDR_POLICY_REJECTED) {
+ if (!authdir_policy_valid_address(addr, or_port)) {
if (should_log)
log_info(LD_DIRSERV, "Not marking '%s' valid because of address '%s'",
nickname, address);
@@ -1203,33 +1163,6 @@ dirserv_get_runningrouters(const char **
"v1 network status list", 1);
}
-/** Return true iff <b>ri</b> is "useful as an exit node", meaning
- * it allows exit to at least one /8 address space for at least
- * one of ports 80, 443, and 6667. */
-static int
-router_is_general_exit(routerinfo_t *ri)
-{
- static const int ports[] = { 80, 443, 6667 };
- int n_allowed = 0;
- int i;
- for (i = 0; i < 3; ++i) {
- struct addr_policy_t *policy = ri->exit_policy;
- for ( ; policy; policy = policy->next) {
- if (policy->prt_min > ports[i] || policy->prt_max < ports[i])
- continue; /* Doesn't cover our port. */
- if ((policy->msk & 0x00fffffful) != 0)
- continue; /* Narrower than a /8. */
- if ((policy->addr & 0xff000000ul) == 0x7f000000ul)
- continue; /* 127.x */
- /* We have a match that is at least a /8. */
- if (policy->policy_type == ADDR_POLICY_ACCEPT)
- ++n_allowed;
- break;
- }
- }
- return n_allowed > 0;
-}
-
/** For authoritative directories: the current (v2) network status */
static cached_dir_t the_v2_networkstatus = { NULL, NULL, 0, 0, 0 };
@@ -1416,7 +1349,7 @@ generate_v2_networkstatus(void)
SMARTLIST_FOREACH(rl->routers, routerinfo_t *, ri, {
if (ri->cache_info.published_on >= cutoff) {
- int f_exit = router_is_general_exit(ri);
+ int f_exit = exit_policy_is_general_exit(ri->exit_policy);
int f_stable = ri->is_stable =
!dirserv_thinks_router_is_unreliable(ri, 1, 0);
int f_fast = ri->is_fast =
@@ -1721,10 +1654,6 @@ dirserv_free_all(void)
smartlist_free(fingerprint_list);
fingerprint_list = NULL;
}
- if (authdir_reject_policy)
- addr_policy_free(authdir_reject_policy);
- if (authdir_invalid_policy)
- addr_policy_free(authdir_invalid_policy);
clear_cached_dir(&the_directory);
clear_cached_dir(&the_runningrouters);
clear_cached_dir(&the_v2_networkstatus);
Index: main.c
===================================================================
RCS file: /home2/or/cvsroot/tor/src/or/main.c,v
retrieving revision 1.638
retrieving revision 1.639
diff -u -p -d -r1.638 -r1.639
--- main.c 22 Mar 2006 06:18:27 -0000 1.638
+++ main.c 27 Mar 2006 02:25:34 -0000 1.639
@@ -1531,8 +1531,6 @@ tor_free_all(int postfork)
routerlist_free_all();
addressmap_free_all();
set_exit_redirects(NULL); /* free the registered exit redirects */
- free_socks_policy();
- free_dir_policy();
dirserv_free_all();
rend_service_free_all();
rend_cache_free_all();
@@ -1542,6 +1540,7 @@ tor_free_all(int postfork)
circuit_free_all();
entry_guards_free_all();
connection_free_all();
+ policies_free_all();
if (!postfork) {
config_free_all();
router_free_all();
Index: or.h
===================================================================
RCS file: /home2/or/cvsroot/tor/src/or/or.h,v
retrieving revision 1.815
retrieving revision 1.816
diff -u -p -d -r1.815 -r1.816
--- or.h 26 Mar 2006 06:51:26 -0000 1.815
+++ or.h 27 Mar 2006 02:25:34 -0000 1.816
@@ -1621,13 +1621,6 @@ int resolve_my_address(or_options_t *opt
void options_init(or_options_t *options);
int options_init_from_torrc(int argc, char **argv);
int options_init_logs(or_options_t *options, int validate_only);
-int config_parse_exit_policy(config_line_t *cfg,
- addr_policy_t **dest,
- int rejectprivate);
-int config_parse_addr_policy(config_line_t *cfg,
- addr_policy_t **dest,
- int assume_action);
-int config_cmp_addr_policies(addr_policy_t *a, addr_policy_t *b);
void addr_policy_free(addr_policy_t *p);
int option_is_recognized(const char *key);
const char *option_get_canonical_name(const char *key);
@@ -1643,10 +1636,6 @@ int or_state_save(void);
int config_getinfo_helper(const char *question, char **answer);
-int firewall_is_fascist_or(void);
-int fascist_firewall_allows_address_or(uint32_t addr, uint16_t port);
-int fascist_firewall_allows_address_dir(uint32_t addr, uint16_t port);
-
/********************************* connection.c ***************************/
const char *conn_type_to_string(int type);
@@ -1768,10 +1757,6 @@ void addressmap_get_mappings(smartlist_t
int connection_ap_handshake_rewrite_and_attach(connection_t *conn,
circuit_t *circ);
-void parse_socks_policy(void);
-void free_socks_policy(void);
-int socks_policy_permits_address(uint32_t addr);
-
void set_exit_redirects(smartlist_t *lst);
typedef enum hostname_type_t {
NORMAL_HOSTNAME, ONION_HOSTNAME, EXIT_HOSTNAME, BAD_HOSTNAME
@@ -1888,7 +1873,6 @@ int assign_to_cpuworker(connection_t *cp
/********************************* directory.c ***************************/
-int dir_policy_permits_address(uint32_t addr);
void directory_post_to_dirservers(uint8_t purpose, const char *payload,
size_t payload_len);
void directory_get_from_dirserver(uint8_t purpose, const char *resource,
@@ -1913,8 +1897,6 @@ int connection_dir_process_inbuf(connect
int connection_dir_finished_flushing(connection_t *conn);
int connection_dir_finished_connecting(connection_t *conn);
void connection_dir_request_failed(connection_t *conn);
-void parse_dir_policy(void);
-void free_dir_policy(void);
int dir_split_resource_into_fingerprints(const char *resource,
smartlist_t *fp_out, int *compresseed_out,
int decode_hex);
@@ -1922,7 +1904,6 @@ char *directory_dump_request_log(void);
/********************************* dirserv.c ***************************/
-void parse_authdir_policy(void);
int dirserv_add_own_fingerprint(const char *nickname, crypto_pk_env_t *pk);
int dirserv_parse_fingerprint_file(const char *fname);
void dirserv_free_fingerprint_list(void);
@@ -2047,6 +2028,37 @@ int fast_client_handshake(const char *ha
void clear_pending_onions(void);
+/********************************* policies.c ************************/
+
+typedef enum {
+ ADDR_POLICY_ACCEPTED=0,
+ ADDR_POLICY_REJECTED=-1,
+ ADDR_POLICY_PROBABLY_ACCEPTED=1,
+ ADDR_POLICY_PROBABLY_REJECTED=2
+} addr_policy_result_t;
+
+int firewall_is_fascist_or(void);
+int fascist_firewall_allows_address_or(uint32_t addr, uint16_t port);
+int fascist_firewall_allows_address_dir(uint32_t addr, uint16_t port);
+int dir_policy_permits_address(uint32_t addr);
+int socks_policy_permits_address(uint32_t addr);
+int authdir_policy_permits_address(uint32_t addr, uint16_t port);
+int authdir_policy_valid_address(uint32_t addr, uint16_t port);
+
+int validate_addr_policies(or_options_t *options, char **msg);
+void policies_parse_from_options(or_options_t *options);
+
+int cmp_addr_policies(addr_policy_t *a, addr_policy_t *b);
+addr_policy_result_t compare_addr_to_addr_policy(uint32_t addr,
+ uint16_t port, addr_policy_t *policy);
+int policies_parse_exit_policy(config_line_t *cfg,
+ addr_policy_t **dest,
+ int rejectprivate);
+int exit_policy_is_general_exit(addr_policy_t *policy);
+
+void addr_policy_free(addr_policy_t *p);
+void policies_free_all(void);
+
/********************************* relay.c ***************************/
extern uint64_t stats_n_relay_cells_relayed;
@@ -2205,12 +2217,6 @@ int rend_mid_rendezvous(circuit_t *circ,
size_t request_len);
/********************************* router.c ***************************/
-typedef enum {
- ADDR_POLICY_ACCEPTED=0,
- ADDR_POLICY_REJECTED=-1,
- ADDR_POLICY_PROBABLY_ACCEPTED=1,
- ADDR_POLICY_PROBABLY_REJECTED=2
-} addr_policy_result_t;
void set_onion_key(crypto_pk_env_t *k);
crypto_pk_env_t *get_onion_key(void);
@@ -2347,13 +2353,11 @@ typedef enum {
int router_set_networkstatus(const char *s, time_t arrived_at,
networkstatus_source_t source,
smartlist_t *requested_fingerprints);
-addr_policy_result_t router_compare_addr_to_addr_policy(uint32_t addr,
- uint16_t port, addr_policy_t *policy);
int router_exit_policy_all_routers_reject(uint32_t addr, uint16_t port,
int need_uptime);
-
int router_exit_policy_rejects_all(routerinfo_t *router);
+
void add_trusted_dir_server(const char *nickname,
const char *address, uint16_t port,
const char *digest, int supports_v1);
--- NEW FILE: policies.c ---
/* Copyright (c) 2001-2004, Roger Dingledine.
* Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson. */
/* See LICENSE for licensing information */
/* $Id: policies.c,v 1.1 2006/03/27 02:25:34 arma Exp $ */
const char policies_c_id[] = \
"$Id: policies.c,v 1.1 2006/03/27 02:25:34 arma Exp $";
/**
* \file policies.c
* \brief Code to parse and use address policies and exit policies.
**/
#include "or.h"
static int expand_exit_policy_aliases(smartlist_t *entries, int assume_action);
static addr_policy_t *socks_policy = NULL;
static addr_policy_t *dir_policy = NULL;
static addr_policy_t *authdir_reject_policy = NULL;
static addr_policy_t *authdir_invalid_policy = NULL;
/** Parsed addr_policy_t describing which addresses we believe we can start
* circuits at. */
static addr_policy_t *reachable_or_addr_policy = NULL;
/** Parsed addr_policy_t describing which addresses we believe we can connect
* to directories at. */
static addr_policy_t *reachable_dir_addr_policy = NULL;
/**
* Given a linked list of config lines containing "allow" and "deny"
* tokens, parse them and append the result to <b>dest</b>. Return -1
* if any tokens are malformed, else return 0.
*/
static int
parse_addr_policy(config_line_t *cfg, addr_policy_t **dest,
int assume_action)
{
addr_policy_t **nextp;
smartlist_t *entries;
int r = 0;
if (!cfg)
return 0;
nextp = dest;
while (*nextp)
nextp = &((*nextp)->next);
entries = smartlist_create();
for (; cfg; cfg = cfg->next) {
smartlist_split_string(entries, cfg->value, ",",
SPLIT_SKIP_SPACE|SPLIT_IGNORE_BLANK, 0);
if (expand_exit_policy_aliases(entries,assume_action)<0) {
r = -1;
continue;
}
SMARTLIST_FOREACH(entries, const char *, ent,
{
log_debug(LD_CONFIG,"Adding new entry '%s'",ent);
*nextp = router_parse_addr_policy_from_string(ent, assume_action);
if (*nextp) {
if (addr_mask_get_bits((*nextp)->msk)<0) {
log_warn(LD_CONFIG, "Address policy element '%s' can't be expressed "
"as a bit prefix.", ent);
}
/* Advance nextp to the end of the policy. */
while (*nextp)
nextp = &((*nextp)->next);
} else {
log_warn(LD_CONFIG,"Malformed policy '%s'.", ent);
r = -1;
}
});
SMARTLIST_FOREACH(entries, char *, ent, tor_free(ent));
smartlist_clear(entries);
}
smartlist_free(entries);
return r;
}
/** Helper: parse the Reachable(Dir|OR)?Addresses fields into
* reachable_(or|dir)_addr_policy. */
static void
parse_reachable_addresses(void)
{
or_options_t *options = get_options();
if (options->ReachableDirAddresses &&
options->ReachableORAddresses &&
options->ReachableAddresses) {
log_warn(LD_CONFIG,
"Both ReachableDirAddresses and ReachableORAddresses are set. "
"ReachableAddresses setting will be ignored.");
}
addr_policy_free(reachable_or_addr_policy);
reachable_or_addr_policy = NULL;
if (!options->ReachableORAddresses && options->ReachableAddresses)
log_info(LD_CONFIG,
"Using ReachableAddresses as ReachableORAddresses.");
if (parse_addr_policy(options->ReachableORAddresses ?
options->ReachableORAddresses :
options->ReachableAddresses,
&reachable_or_addr_policy, ADDR_POLICY_ACCEPT)) {
log_warn(LD_CONFIG,
"Error parsing Reachable%sAddresses entry; ignoring.",
options->ReachableORAddresses ? "OR" : "");
}
addr_policy_free(reachable_dir_addr_policy);
reachable_dir_addr_policy = NULL;
if (!options->ReachableDirAddresses && options->ReachableAddresses)
log_info(LD_CONFIG,
"Using ReachableAddresses as ReachableDirAddresses");
if (parse_addr_policy(options->ReachableDirAddresses ?
options->ReachableDirAddresses :
options->ReachableAddresses,
&reachable_dir_addr_policy, ADDR_POLICY_ACCEPT)) {
if (options->ReachableDirAddresses)
log_warn(LD_CONFIG,
"Error parsing ReachableDirAddresses entry; ignoring.");
}
}
/** Return true iff the firewall options might block any address:port
* combination.
*/
int
firewall_is_fascist_or(void)
{
return !!reachable_or_addr_policy;
}
/** Return true iff <b>policy</b> (possibly NULL) will allow a
* connection to <b>addr</b>:<b>port</b>.
*/
static int
addr_policy_permits_address(uint32_t addr, uint16_t port,
addr_policy_t *policy)
{
addr_policy_result_t p;
p = compare_addr_to_addr_policy(addr, port, policy);
switch (p) {
case ADDR_POLICY_PROBABLY_ACCEPTED:
case ADDR_POLICY_ACCEPTED:
return 1;
case ADDR_POLICY_PROBABLY_REJECTED:
case ADDR_POLICY_REJECTED:
return 0;
default:
log_warn(LD_BUG, "Unexpected result: %d", (int)p);
return 0;
}
}
int
fascist_firewall_allows_address_or(uint32_t addr, uint16_t port)
{
return addr_policy_permits_address(addr, port,
reachable_or_addr_policy);
}
int
fascist_firewall_allows_address_dir(uint32_t addr, uint16_t port)
{
return addr_policy_permits_address(addr, port,
reachable_dir_addr_policy);
}
/** Return 1 if <b>addr</b> is permitted to connect to our dir port,
* based on <b>dir_policy</b>. Else return 0.
*/
int
dir_policy_permits_address(uint32_t addr)
{
return addr_policy_permits_address(addr, 1, dir_policy);
}
/** Return 1 if <b>addr</b> is permitted to connect to our socks port,
* based on <b>socks_policy</b>. Else return 0.
*/
int
socks_policy_permits_address(uint32_t addr)
{
return addr_policy_permits_address(addr, 1, socks_policy);
}
/** Return 1 if <b>addr</b>:<b>port</b> is permitted to publish to our
* directory, based on <b>authdir_reject_policy</b>. Else return 0.
*/
int
authdir_policy_permits_address(uint32_t addr, uint16_t port)
{
return addr_policy_permits_address(addr, port, authdir_reject_policy);
}
/** Return 1 if <b>addr</b>:<b>port</b> is considered valid in our
* directory, based on <b>authdir_invalid_policy</b>. Else return 0.
*/
int
authdir_policy_valid_address(uint32_t addr, uint16_t port)
{
return addr_policy_permits_address(addr, port, authdir_invalid_policy);
}
#define REJECT(arg) \
do { *msg = tor_strdup(arg); goto err; } while (0)
int
validate_addr_policies(or_options_t *options, char **msg)
{
addr_policy_t *addr_policy=NULL;
*msg = NULL;
if (policies_parse_exit_policy(options->ExitPolicy, &addr_policy,
options->ExitPolicyRejectPrivate))
REJECT("Error in ExitPolicy entry.");
/* The rest of these calls *append* to addr_policy. So don't actually
* use the results for anything other than checking if they parse! */
if (parse_addr_policy(options->DirPolicy, &addr_policy, -1))
REJECT("Error in DirPolicy entry.");
if (parse_addr_policy(options->SocksPolicy, &addr_policy, -1))
REJECT("Error in SocksPolicy entry.");
if (parse_addr_policy(options->ReachableAddresses, &addr_policy,
ADDR_POLICY_ACCEPT))
REJECT("Error in ReachableAddresses entry.");
if (parse_addr_policy(options->ReachableORAddresses, &addr_policy,
ADDR_POLICY_ACCEPT))
REJECT("Error in ReachableORAddresses entry.");
if (parse_addr_policy(options->ReachableDirAddresses, &addr_policy,
ADDR_POLICY_ACCEPT))
REJECT("Error in ReachableDirAddresses entry.");
if (parse_addr_policy(options->AuthDirReject, &addr_policy,
ADDR_POLICY_REJECT))
REJECT("Error in AuthDirReject entry.");
if (parse_addr_policy(options->AuthDirInvalid, &addr_policy,
ADDR_POLICY_REJECT))
REJECT("Error in AuthDirInvalid entry.");
err:
addr_policy_free(addr_policy);
return *msg ? -1 : 0;
#undef REJECT
}
/* Parse <b>string</b> in the same way that the exit policy
* is parsed, and put the processed version in *<b>policy</b>.
* Ignore port specifiers.
*/
static void
load_policy_from_option(config_line_t *config, addr_policy_t **policy,
int assume_action)
{
addr_policy_t *n;
addr_policy_free(*policy);
*policy = NULL;
parse_addr_policy(config, policy, assume_action);
/* ports aren't used. */
for (n=*policy; n; n = n->next) {
n->prt_min = 1;
n->prt_max = 65535;
}
}
void policies_parse_from_options(or_options_t *options)
{
load_policy_from_option(options->SocksPolicy, &socks_policy, -1);
load_policy_from_option(options->DirPolicy, &dir_policy, -1);
load_policy_from_option(options->AuthDirReject,
&authdir_reject_policy, ADDR_POLICY_REJECT);
load_policy_from_option(options->AuthDirInvalid,
&authdir_invalid_policy, ADDR_POLICY_REJECT);
parse_reachable_addresses();
}
/** Compare two provided address policy items, and return -1, 0, or 1
* if the first is less than, equal to, or greater than the second. */
static int
cmp_single_addr_policy(addr_policy_t *a, addr_policy_t *b)
{
int r;
if ((r=((int)a->policy_type - (int)b->policy_type)))
return r;
if ((r=((int)a->addr - (int)b->addr)))
return r;
if ((r=((int)a->msk - (int)b->msk)))
return r;
if ((r=((int)a->prt_min - (int)b->prt_min)))
return r;
if ((r=((int)a->prt_max - (int)b->prt_max)))
return r;
return 0;
}
/** Like cmp_single_addr_policy() above, but looks at the
* whole set of policies in each case. */
int
cmp_addr_policies(addr_policy_t *a, addr_policy_t *b)
{
int r;
while (a && b) {
if ((r=cmp_single_addr_policy(a,b)))
return r;
a = a->next;
b = b->next;
}
if (!a && !b)
return 0;
if (a)
return -1;
else
return 1;
}
/** Decide whether a given addr:port is definitely accepted,
* definitely rejected, probably accepted, or probably rejected by a
* given policy. If <b>addr</b> is 0, we don't know the IP of the
* target address. If <b>port</b> is 0, we don't know the port of the
* target address.
*
* For now, the algorithm is pretty simple: we look for definite and
* uncertain matches. The first definite match is what we guess; if
* it was preceded by no uncertain matches of the opposite policy,
* then the guess is definite; otherwise it is probable. (If we
* have a known addr and port, all matches are definite; if we have an
* unknown addr/port, any address/port ranges other than "all" are
* uncertain.)
*
* We could do better by assuming that some ranges never match typical
* addresses (127.0.0.1, and so on). But we'll try this for now.
*/
addr_policy_result_t
compare_addr_to_addr_policy(uint32_t addr, uint16_t port,
addr_policy_t *policy)
{
int maybe_reject = 0;
int maybe_accept = 0;
int match = 0;
int maybe = 0;
addr_policy_t *tmpe;
for (tmpe=policy; tmpe; tmpe=tmpe->next) {
maybe = 0;
if (!addr) {
/* Address is unknown. */
if ((port >= tmpe->prt_min && port <= tmpe->prt_max) ||
(!port && tmpe->prt_min<=1 && tmpe->prt_max>=65535)) {
/* The port definitely matches. */
if (tmpe->msk == 0) {
match = 1;
} else {
maybe = 1;
}
} else if (!port) {
/* The port maybe matches. */
maybe = 1;
}
} else {
/* Address is known */
if ((addr & tmpe->msk) == (tmpe->addr & tmpe->msk)) {
if (port >= tmpe->prt_min && port <= tmpe->prt_max) {
/* Exact match for the policy */
match = 1;
} else if (!port) {
maybe = 1;
}
}
}
if (maybe) {
if (tmpe->policy_type == ADDR_POLICY_REJECT)
maybe_reject = 1;
else
maybe_accept = 1;
}
if (match) {
if (tmpe->policy_type == ADDR_POLICY_ACCEPT) {
/* If we already hit a clause that might trigger a 'reject', than we
* can't be sure of this certain 'accept'.*/
return maybe_reject ? ADDR_POLICY_PROBABLY_ACCEPTED :
ADDR_POLICY_ACCEPTED;
} else {
return maybe_accept ? ADDR_POLICY_PROBABLY_REJECTED :
ADDR_POLICY_REJECTED;
}
}
}
/* accept all by default. */
return maybe_reject ? ADDR_POLICY_PROBABLY_ACCEPTED : ADDR_POLICY_ACCEPTED;
}
/** Return true iff the address policy <b>a</b> covers every case that
* would be covered by <b>b</b>, so that a,b is redundant. */
static int
addr_policy_covers(addr_policy_t *a, addr_policy_t *b)
{
/* We can ignore accept/reject, since "accept *:80, reject *:80" reduces
* to "accept *:80". */
if (a->msk & ~b->msk) {
/* There's a wildcard bit in b->msk that's not a wildcard in a. */
return 0;
}
if ((a->addr & a->msk) != (b->addr & a->msk)) {
/* There's a fixed bit in a that's set differently in b. */
return 0;
}
return (a->prt_min <= b->prt_min && a->prt_max >= b->prt_max);
}
/** Return true iff the address policies <b>a</b> and <b>b</b> intersect,
* that is, there exists an address/port that is covered by <b>a</b> that
* is also covered by <b>b</b>.
*/
static int
addr_policy_intersects(addr_policy_t *a, addr_policy_t *b)
{
/* All the bits we care about are those that are set in both
* netmasks. If they are equal in a and b's networkaddresses
* then the networks intersect. If there is a difference,
* then they do not. */
if (((a->addr ^ b->addr) & a->msk & b->msk) != 0)
return 0;
if (a->prt_max < b->prt_min || b->prt_max < a->prt_min)
return 0;
return 1;
}
/** Add the exit policy described by <b>more</b> to <b>policy</b>.
*/
static void
append_exit_policy_string(addr_policy_t **policy, const char *more)
{
config_line_t tmp;
tmp.key = NULL;
tmp.value = (char*) more;
tmp.next = NULL;
parse_addr_policy(&tmp, policy, -1);
}
static int
expand_exit_policy_aliases(smartlist_t *entries, int assume_action)
{
static const char *prefixes[] = {
"0.0.0.0/8", "169.254.0.0/16",
"127.0.0.0/8", "192.168.0.0/16", "10.0.0.0/8", "172.16.0.0/12",NULL };
int i;
char *pre=NULL, *post=NULL;
int expanded_any = 0;
pre = smartlist_join_strings(entries,",",0,NULL);
for (i = 0; i < smartlist_len(entries); ++i) {
char *v = smartlist_get(entries, i);
const char *cp, *ports;
const char *action;
int prefix_idx;
if (!strcasecmpstart(v, "accept")) {
action = "accept ";
cp = v+strlen("accept");
} else if (!strcasecmpstart(v, "reject")) {
action = "reject ";
cp = v+strlen("reject");
} else if (assume_action >= 0) {
action = "";
cp = v;
} else {
log_warn(LD_CONFIG,"Policy '%s' didn't start with accept or reject.", v);
tor_free(pre);
return -1;
}
cp = eat_whitespace(cp);
if (strcmpstart(cp, "private"))
continue; /* No need to expand. */
cp += strlen("private");
cp = eat_whitespace(cp);
if (*cp && *cp != ':')
continue; /* It wasn't "private" after all. */
ports = cp;
/* Okay. We're going to replace entries[i] with a bunch of new entries,
* in order. */
smartlist_del_keeporder(entries, i);
for (prefix_idx = 0; prefixes[prefix_idx]; ++prefix_idx) {
size_t replacement_len = 16+strlen(prefixes[prefix_idx])+strlen(ports);
char *replacement = tor_malloc(replacement_len);
tor_snprintf(replacement, replacement_len, "%s%s%s",
action, prefixes[prefix_idx], ports);
smartlist_insert(entries, i++, replacement);
}
tor_free(v);
expanded_any = 1;
--i;
}
post = smartlist_join_strings(entries,",",0,NULL);
if (expanded_any)
log_info(LD_CONFIG, "Expanded '%s' to '%s'", pre, post);
tor_free(pre);
tor_free(post);
return expanded_any;
}
/** Detect and excise "dead code" from the policy *<b>dest</b>. */
static void
exit_policy_remove_redundancies(addr_policy_t **dest)
{
addr_policy_t *ap, *tmp, *victim, *previous;
/* Step one: find a *:* entry and cut off everything after it. */
for (ap=*dest; ap; ap=ap->next) {
if (ap->msk == 0 && ap->prt_min <= 1 && ap->prt_max >= 65535) {
/* This is a catch-all line -- later lines are unreachable. */
if (ap->next) {
addr_policy_free(ap->next);
ap->next = NULL;
}
}
}
/* Step two: for every entry, see if there's a redundant entry
* later on, and remove it. */
for (ap=*dest; ap; ap=ap->next) {
tmp=ap;
while (tmp) {
if (tmp->next && addr_policy_covers(ap, tmp->next)) {
log(LOG_INFO, LD_CONFIG, "Removing exit policy %s. It is made "
"redundant by %s.", tmp->next->string, ap->string);
victim = tmp->next;
tmp->next = victim->next;
victim->next = NULL;
addr_policy_free(victim);
} else {
tmp=tmp->next;
}
}
}
/* Step three: for every entry A, see if there's an entry B making this one
* redundant later on. This is the case if A and B are of the same type
* (accept/reject), A is a subset of B, and there is no other entry of
* different type in between those two that intersects with A.
*
* Anybody want to doublecheck the logic here? XXX
*/
ap = *dest;
previous = NULL;
while (ap) {
for (tmp=ap->next; tmp; tmp=tmp->next) {
if (ap->policy_type != tmp->policy_type &&
addr_policy_intersects(ap, tmp)) {
tmp = NULL; /* so that we advance previous and ap */
break;
}
if (ap->policy_type == tmp->policy_type &&
addr_policy_covers(tmp, ap)) {
log(LOG_INFO, LD_CONFIG, "Removing exit policy %s. It is made "
"redundant by %s.", ap->string, tmp->string);
victim = ap;
ap = ap->next;
if (previous) {
assert(previous->next == victim);
previous->next = victim->next;
} else {
assert(*dest == victim);
*dest = victim->next;
}
victim->next = NULL;
addr_policy_free(victim);
break;
}
}
if (!tmp) {
previous = ap;
ap = ap->next;
}
}
}
#define DEFAULT_EXIT_POLICY \
"reject *:25,reject *:119,reject *:135-139,reject *:445," \
"reject *:465,reject *:587,reject *:1214,reject *:4661-4666," \
"reject *:6346-6429,reject *:6699,reject *:6881-6999,accept *:*"
/** Parse the exit policy <b>cfg</b> into the linked list *<b>dest</b>. If
* cfg doesn't end in an absolute accept or reject, add the default exit
* policy afterwards. If <b>rejectprivate</b> is true, prepend
* "reject private:*" to the policy. Return -1 if we can't parse cfg,
* else return 0.
*
*/
int
policies_parse_exit_policy(config_line_t *cfg, addr_policy_t **dest,
int rejectprivate)
{
if (rejectprivate)
append_exit_policy_string(dest, "reject private:*");
if (parse_addr_policy(cfg, dest, -1))
return -1;
append_exit_policy_string(dest, DEFAULT_EXIT_POLICY);
exit_policy_remove_redundancies(dest);
return 0;
}
/** Return true iff <b>ri</b> is "useful as an exit node", meaning
* it allows exit to at least one /8 address space for at least
* one of ports 80, 443, and 6667. */
int
exit_policy_is_general_exit(addr_policy_t *policy)
{
static const int ports[] = { 80, 443, 6667 };
int n_allowed = 0;
int i;
for (i = 0; i < 3; ++i) {
struct addr_policy_t *p = policy;
for ( ; p; p = p->next) {
if (p->prt_min > ports[i] || p->prt_max < ports[i])
continue; /* Doesn't cover our port. */
if ((p->msk & 0x00fffffful) != 0)
continue; /* Narrower than a /8. */
if ((p->addr & 0xff000000ul) == 0x7f000000ul)
continue; /* 127.x */
/* We have a match that is at least a /8. */
if (p->policy_type == ADDR_POLICY_ACCEPT)
++n_allowed;
break;
}
}
return n_allowed > 0;
}
/** Release all storage held by <b>p</b> */
void
addr_policy_free(addr_policy_t *p)
{
addr_policy_t *e;
while (p) {
e = p;
p = p->next;
tor_free(e->string);
tor_free(e);
}
}
void
policies_free_all(void)
{
addr_policy_free(reachable_or_addr_policy);
reachable_or_addr_policy = NULL;
addr_policy_free(reachable_dir_addr_policy);
reachable_dir_addr_policy = NULL;
addr_policy_free(socks_policy);
socks_policy = NULL;
addr_policy_free(dir_policy);
dir_policy = NULL;
addr_policy_free(authdir_reject_policy);
authdir_reject_policy = NULL;
addr_policy_free(authdir_invalid_policy);
authdir_invalid_policy = NULL;
}
Index: router.c
===================================================================
RCS file: /home2/or/cvsroot/tor/src/or/router.c,v
retrieving revision 1.257
retrieving revision 1.258
diff -u -p -d -r1.257 -r1.258
--- router.c 22 Mar 2006 03:45:17 -0000 1.257
+++ router.c 27 Mar 2006 02:25:34 -0000 1.258
@@ -722,7 +722,7 @@ router_compare_to_my_exit_policy(connect
if (!conn->addr)
return -1;
- return router_compare_addr_to_addr_policy(conn->addr, conn->port,
+ return compare_addr_to_addr_policy(conn->addr, conn->port,
desc_routerinfo->exit_policy) != ADDR_POLICY_ACCEPTED;
}
@@ -835,8 +835,8 @@ router_rebuild_descriptor(int force)
if (options->BandwidthRate > options->MaxAdvertisedBandwidth)
ri->bandwidthrate = (int)options->MaxAdvertisedBandwidth;
- config_parse_exit_policy(options->ExitPolicy, &ri->exit_policy,
- options->ExitPolicyRejectPrivate);
+ policies_parse_exit_policy(options->ExitPolicy, &ri->exit_policy,
+ options->ExitPolicyRejectPrivate);
if (desc_routerinfo) { /* inherit values */
ri->is_valid = desc_routerinfo->is_valid;
Index: routerlist.c
===================================================================
RCS file: /home2/or/cvsroot/tor/src/or/routerlist.c,v
retrieving revision 1.469
retrieving revision 1.470
diff -u -p -d -r1.469 -r1.470
--- routerlist.c 26 Mar 2006 09:38:17 -0000 1.469
+++ routerlist.c 27 Mar 2006 02:25:34 -0000 1.470
@@ -707,7 +707,7 @@ router_find_exact_exit_enclave(const cha
{
if (router->is_running &&
router->addr == addr &&
- router_compare_addr_to_addr_policy(addr, port, router->exit_policy) ==
+ compare_addr_to_addr_policy(addr, port, router->exit_policy) ==
ADDR_POLICY_ACCEPTED)
return router;
});
@@ -2403,82 +2403,6 @@ update_networkstatus_downloads(time_t no
update_networkstatus_client_downloads(time(NULL));
}
-/** Decide whether a given addr:port is definitely accepted,
- * definitely rejected, probably accepted, or probably rejected by a
- * given policy. If <b>addr</b> is 0, we don't know the IP of the
- * target address. If <b>port</b> is 0, we don't know the port of the
- * target address.
- *
- * For now, the algorithm is pretty simple: we look for definite and
- * uncertain matches. The first definite match is what we guess; if
- * it was preceded by no uncertain matches of the opposite policy,
- * then the guess is definite; otherwise it is probable. (If we
- * have a known addr and port, all matches are definite; if we have an
- * unknown addr/port, any address/port ranges other than "all" are
- * uncertain.)
- *
- * We could do better by assuming that some ranges never match typical
- * addresses (127.0.0.1, and so on). But we'll try this for now.
- */
-addr_policy_result_t
-router_compare_addr_to_addr_policy(uint32_t addr, uint16_t port,
- addr_policy_t *policy)
-{
- int maybe_reject = 0;
- int maybe_accept = 0;
- int match = 0;
- int maybe = 0;
- addr_policy_t *tmpe;
-
- for (tmpe=policy; tmpe; tmpe=tmpe->next) {
- maybe = 0;
- if (!addr) {
- /* Address is unknown. */
- if ((port >= tmpe->prt_min && port <= tmpe->prt_max) ||
- (!port && tmpe->prt_min<=1 && tmpe->prt_max>=65535)) {
- /* The port definitely matches. */
- if (tmpe->msk == 0) {
- match = 1;
- } else {
- maybe = 1;
- }
- } else if (!port) {
- /* The port maybe matches. */
- maybe = 1;
- }
- } else {
- /* Address is known */
- if ((addr & tmpe->msk) == (tmpe->addr & tmpe->msk)) {
- if (port >= tmpe->prt_min && port <= tmpe->prt_max) {
- /* Exact match for the policy */
- match = 1;
- } else if (!port) {
- maybe = 1;
- }
- }
- }
- if (maybe) {
- if (tmpe->policy_type == ADDR_POLICY_REJECT)
- maybe_reject = 1;
- else
- maybe_accept = 1;
- }
- if (match) {
- if (tmpe->policy_type == ADDR_POLICY_ACCEPT) {
- /* If we already hit a clause that might trigger a 'reject', than we
- * can't be sure of this certain 'accept'.*/
- return maybe_reject ? ADDR_POLICY_PROBABLY_ACCEPTED :
- ADDR_POLICY_ACCEPTED;
- } else {
- return maybe_accept ? ADDR_POLICY_PROBABLY_REJECTED :
- ADDR_POLICY_REJECTED;
- }
- }
- }
- /* accept all by default. */
- return maybe_reject ? ADDR_POLICY_PROBABLY_ACCEPTED : ADDR_POLICY_ACCEPTED;
-}
-
/** Return 1 if all running sufficiently-stable routers will reject
* addr:port, return 0 if any might accept it. */
int
@@ -2492,7 +2416,7 @@ router_exit_policy_all_routers_reject(ui
{
if (router->is_running &&
!router_is_unreliable(router, need_uptime, 0, 0)) {
- r = router_compare_addr_to_addr_policy(addr, port, router->exit_policy);
+ r = compare_addr_to_addr_policy(addr, port, router->exit_policy);
if (r != ADDR_POLICY_REJECTED && r != ADDR_POLICY_PROBABLY_REJECTED)
return 0; /* this one could be ok. good enough. */
}
@@ -2505,7 +2429,7 @@ router_exit_policy_all_routers_reject(ui
int
router_exit_policy_rejects_all(routerinfo_t *router)
{
- return router_compare_addr_to_addr_policy(0, 0, router->exit_policy)
+ return compare_addr_to_addr_policy(0, 0, router->exit_policy)
== ADDR_POLICY_REJECTED;
}
@@ -3691,7 +3615,7 @@ router_differences_are_cosmetic(routerin
(r1->contact_info && r2->contact_info &&
strcasecmp(r1->contact_info, r2->contact_info)) ||
r1->is_hibernating != r2->is_hibernating ||
- config_cmp_addr_policies(r1->exit_policy, r2->exit_policy))
+ cmp_addr_policies(r1->exit_policy, r2->exit_policy))
return 0;
if ((r1->declared_family == NULL) != (r2->declared_family == NULL))
return 0;
Index: routerparse.c
===================================================================
RCS file: /home2/or/cvsroot/tor/src/or/routerparse.c,v
retrieving revision 1.178
retrieving revision 1.179
diff -u -p -d -r1.178 -r1.179
--- routerparse.c 19 Mar 2006 03:55:48 -0000 1.178
+++ routerparse.c 27 Mar 2006 02:25:34 -0000 1.179
@@ -1258,7 +1258,7 @@ networkstatus_parse_from_string(const ch
return ns;
}
-/** Parse the exit policy in the string <b>s</b> and return it. If
+/** Parse the addr policy in the string <b>s</b> and return it. If
* assume_action is nonnegative, then insert its action (ADDR_POLICY_ACCEPT or
* ADDR_POLICY_REJECT) for items that specify no action.
*/
@@ -1290,7 +1290,7 @@ router_parse_addr_policy_from_string(con
}
tok = get_next_token(&cp, RTR);
if (tok->tp == _ERR) {
- log_warn(LD_DIR, "Error reading exit policy: %s", tok->error);
+ log_warn(LD_DIR, "Error reading address policy: %s", tok->error);
goto err;
}
if (tok->tp != K_ACCEPT && tok->tp != K_REJECT) {
@@ -1298,7 +1298,7 @@ router_parse_addr_policy_from_string(con
goto err;
}
- /* Now that we've gotten an exit policy, add it to the router. */
+ /* Now that we've gotten an addr policy, add it to the router. */
r = router_parse_addr_policy(tok);
goto done;
err:
Index: test.c
===================================================================
RCS file: /home2/or/cvsroot/tor/src/or/test.c,v
retrieving revision 1.223
retrieving revision 1.224
diff -u -p -d -r1.223 -r1.224
--- test.c 26 Mar 2006 06:51:26 -0000 1.223
+++ test.c 27 Mar 2006 02:25:34 -0000 1.224
@@ -1453,11 +1453,11 @@ test_exit_policies(void)
// test_assert(exit_policy_implicitly_allows_local_networks(policy, 0));
test_assert(ADDR_POLICY_ACCEPTED ==
- router_compare_addr_to_addr_policy(0x01020304u, 2, policy));
+ compare_addr_to_addr_policy(0x01020304u, 2, policy));
test_assert(ADDR_POLICY_PROBABLY_ACCEPTED ==
- router_compare_addr_to_addr_policy(0, 2, policy));
+ compare_addr_to_addr_policy(0, 2, policy));
test_assert(ADDR_POLICY_REJECTED ==
- router_compare_addr_to_addr_policy(0xc0a80102, 2, policy));
+ compare_addr_to_addr_policy(0xc0a80102, 2, policy));
addr_policy_free(policy);
More information about the tor-commits
mailing list