[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

[or-cvs] r16518: {tor} Start with exit policy summaries (tor/trunk/src/or)

To: or-cvs@xxxxxxxxxxxxx
Subject: [or-cvs] r16518: {tor} Start with exit policy summaries (tor/trunk/src/or)
From: weasel@xxxxxxxx
Date: Wed, 13 Aug 2008 08:45:02 -0400 (EDT)
Delivered-to: archiver@xxxxxxxx
Delivered-to: or-cvs-outgoing@xxxxxxxx
Delivered-to: or-cvs@xxxxxxxx
Delivery-date: Wed, 13 Aug 2008 08:45:05 -0400
Reply-to: or-dev@xxxxxxxxxxxxx
Sender: owner-or-cvs@xxxxxxxxxxxxx

Author: weasel
Date: 2008-08-13 08:45:01 -0400 (Wed, 13 Aug 2008)
New Revision: 16518

Modified:
   tor/trunk/src/or/policies.c
Log:
Start with exit policy summaries

Modified: tor/trunk/src/or/policies.c
===================================================================
--- tor/trunk/src/or/policies.c	2008-08-13 08:57:18 UTC (rev 16517)
+++ tor/trunk/src/or/policies.c	2008-08-13 12:45:01 UTC (rev 16518)
@@ -38,16 +38,23 @@
  * to directories at. */
 static smartlist_t *reachable_dir_addr_policy = NULL;
 
+/** Private networks.  This list is used in two places, once to expand the
+ *  "private" keyword when parsing our own exit policy, secondly to ignore
+ *  just such networks when building exit policy summaries.  It is important
+ *  that all authorities agree on that list when creating summaries, so don't
+ *  just change this without a proper migration plan and a proposal and stuff.
+ */
+static const char *private_nets[] = {
+  "0.0.0.0/8", "169.254.0.0/16",
+  "127.0.0.0/8", "192.168.0.0/16", "10.0.0.0/8", "172.16.0.0/12",
+  // "fc00::/7", "fe80::/10", "fec0::/10", "::/127",
+  NULL };
+
 /** Replace all "private" entries in *<b>policy</b> with their expanded
  * equivalents. */
 void
 policy_expand_private(smartlist_t **policy)
 {
-  static const char *private_nets[] = {
-    "0.0.0.0/8", "169.254.0.0/16",
-    "127.0.0.0/8", "192.168.0.0/16", "10.0.0.0/8", "172.16.0.0/12",
-    // "fc00::/7", "fe80::/10", "fec0::/10", "::/127",
-    NULL };
   uint16_t port_min, port_max;
 
   int i;
@@ -904,6 +911,105 @@
   return (int)written;
 }
 
+/** Element of an exit policy summary */
+typedef struct policy_summary_item_t {
+    uint16_t prt_min; /**< Lowest port number to accept/reject. */
+    uint16_t prt_max; /**< Highest port number to accept/reject. */
+    uint64_t reject_count; /**< Number of IP-Addresses that are rejected to
+                                this portrange. */
+} policy_summary_item_t;
+
+smartlist_t *policy_summary_create(void);
+void policy_summary_accept(smartlist_t *summary, uint16_t prt_min, uint16_t prt_max);
+void policy_summary_reject(smartlist_t *summary, uint16_t prt_min, uint16_t prt_max);
+void policy_summary_add_item(smartlist_t *summary, addr_policy_t *p);
+void policy_summarize(smartlist_t *policy);
+
+/** Create a new exit policy summary, initially only with a single
+ *  port 1-64k item */
+smartlist_t *
+policy_summary_create(void)
+{
+  smartlist_t *summary;
+  policy_summary_item_t* item;
+
+  item = tor_malloc_zero(sizeof(policy_summary_item_t));
+  item->prt_min = 1;
+  item->prt_max = 65535;
+  item->reject_count = 0;
+
+  summary = smartlist_create();
+  smartlist_add(summary, item);
+
+  return summary;
+}
+
+void
+policy_summary_accept(smartlist_t *summary, 
+                      uint16_t prt_min, uint16_t prt_max)
+{
+ /* XXX */
+ (void) summary;
+ (void) prt_min;
+ (void) prt_max;
+}
+
+void
+policy_summary_reject(smartlist_t *summary, 
+                      uint16_t prt_min, uint16_t prt_max)
+{
+ /* XXX */
+ (void) summary;
+ (void) prt_min;
+ (void) prt_max;
+}
+
+/** Add a single exit policy item to our summary */
+void
+policy_summary_add_item(smartlist_t *summary, addr_policy_t *p)
+{
+  if (p->policy_type == ADDR_POLICY_ACCEPT) {
+    if (p->maskbits != 0) {
+      policy_summary_accept(summary, p->prt_min, p->prt_max);
+    }
+  } else if (p->policy_type == ADDR_POLICY_REJECT) {
+
+     int is_private = 0;
+     int i;
+     for (i = 0; private_nets[i]; ++i) {
+       tor_addr_t addr;
+       maskbits_t maskbits;
+       if (tor_addr_parse_mask_ports(private_nets[i], &addr,
+                                  &maskbits, NULL, NULL)<0) {
+         tor_assert(0);
+       }
+       if (tor_addr_compare(&p->addr, &addr, CMP_EXACT) == 0 &&
+           p->maskbits == maskbits) {
+         is_private = 1;
+         break;
+       }
+     }
+
+     if (!is_private) {
+       policy_summary_reject(summary, p->prt_min, p->prt_max);
+     }
+  } else
+    tor_assert(0);
+}
+
+void
+policy_summarize(smartlist_t *policy)
+{
+  smartlist_t *summary = policy_summary_create();
+  tor_assert(policy);
+
+  SMARTLIST_FOREACH(policy, addr_policy_t *, p, {
+    policy_summary_add_item(summary, p);
+  });
+
+}
+
+
 /** Implementation for GETINFO control command: knows the answer for questions
  * about "exit-policy/..." */
 int
@@ -972,3 +1078,4 @@
   HT_CLEAR(policy_map, &policy_root);
 }
 
+/* vim:set et ts=2 shiftwidth=2: */

Prev by Author: [or-cvs] r16514: {tor} Describe summary algorithm in more detail, based on prototyp (tor/trunk/doc/spec/proposals)
Next by Author: [or-cvs] r16519: {tor} implement policy_summary_accept and policy_summary_reject to (tor/trunk/src/or)
Previous by thread: [or-cvs] r16517: {torbrowser} Update prefs.js with new homepage URL (fix locale, add &smal (in torbrowser/trunk: . build-scripts/config)
Next by thread: [or-cvs] r16519: {tor} implement policy_summary_accept and policy_summary_reject to (tor/trunk/src/or)
Index(es):
- Author
- Thread