[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

[or-cvs] Add a new config option ExitPolicyRejectPrivate which defau...



Update of /home2/or/cvsroot/tor/src/or
In directory moria:/home/arma/work/onion/cvs/tor/src/or

Modified Files:
	config.c or.h router.c routerlist.c test.c 
Log Message:
Add a new config option ExitPolicyRejectPrivate which defaults to 1.
This means all exit policies will begin with rejecting private addresses,
unless the server operator explicitly turns it off.

Also, make our code to remove redundancies in the exit policy smarter,
so it can detect "reject foo, reject bar, reject *" patterns.

Lastly, we can get rid of the "exit policy implicitly accepts" code,
since we make everything more explicit now.


Index: config.c
===================================================================
RCS file: /home2/or/cvsroot/tor/src/or/config.c,v
retrieving revision 1.495
retrieving revision 1.496
diff -u -p -d -r1.495 -r1.496
--- config.c	28 Jan 2006 08:28:08 -0000	1.495
+++ config.c	1 Feb 2006 03:53:52 -0000	1.496
@@ -149,6 +149,7 @@ static config_var_t _option_vars[] = {
   VAR("ExcludeNodes",        STRING,   ExcludeNodes,         NULL),
   VAR("ExitNodes",           STRING,   ExitNodes,            NULL),
   VAR("ExitPolicy",          LINELIST, ExitPolicy,           NULL),
+  VAR("ExitPolicyRejectPrivate", BOOL, ExitPolicyRejectPrivate, "1"),
   VAR("FascistFirewall",     BOOL,     FascistFirewall,      "0"),
   VAR("FirewallPorts",       CSV,      FirewallPorts,        ""),
   VAR("FastFirstHopPK",      BOOL,     FastFirstHopPK,       "1"),
@@ -2214,13 +2215,10 @@ options_validate(or_options_t *old_optio
       result = -1;
   }
 
-  if (config_parse_addr_policy(options->ExitPolicy, &addr_policy, -1))
-    REJECT("Error in Exit Policy entry.");
+  if (config_parse_exit_policy(options->ExitPolicy, &addr_policy,
+                               options->ExitPolicyRejectPrivate))
+    REJECT("Error in ExitPolicy entry.");
 
-  options_append_default_exit_policy(&addr_policy);
-  if (server_mode(options)) {
-    exit_policy_implicitly_allows_local_networks(addr_policy, 1);
-  }
   /* The rest of these calls *append* to addr_policy. So don't actually
    * use the results for anything other than checking if they parse! */
   if (config_parse_addr_policy(options->DirPolicy, &addr_policy, -1))
@@ -2916,34 +2914,17 @@ normalize_log_options(or_options_t *opti
   return 0;
 }
 
-#define DEFAULT_EXIT_POLICY                                                  \
-  "reject private:*,reject *:25,reject *:119,reject *:135-139,reject *:445," \
-  "reject *:465,reject *:587,reject *:1214,reject *:4661-4666,"              \
-  "reject *:6346-6429,reject *:6699,reject *:6881-6999,accept *:*"
-
-/** Add the default exit policy entries to <b>policy</b>
+/** Add the exit policy described by <b>more</b> to <b>policy</b>.
  */
-void
-options_append_default_exit_policy(addr_policy_t **policy)
+static void
+options_append_exit_policy_string(addr_policy_t **policy, char *more)
 {
   config_line_t tmp;
-  addr_policy_t *ap;
 
   tmp.key = NULL;
-  tmp.value = (char*)DEFAULT_EXIT_POLICY;
+  tmp.value = more;
   tmp.next = NULL;
   config_parse_addr_policy(&tmp, policy, -1);
-
-  /* Remove redundant parts, if any. */
-  for (ap=*policy; ap; ap=ap->next) {
-    if (ap->msk == 0 && ap->prt_min <= 1 && ap->prt_max >= 65535) {
-      if (ap->next) {
-        addr_policy_free(ap->next);
-        ap->next = NULL;
-      }
-      return;
-    }
-  }
 }
 
 static int
@@ -3005,6 +2986,65 @@ config_expand_exit_policy_aliases(smartl
   return expanded_any;
 }
 
+/** Detect and excise "dead code" from the policy *<b>dest</b>. */
+static void
+config_exit_policy_remove_redundancies(addr_policy_t **dest)
+{
+  addr_policy_t *ap, *tmp;
+  int have_seen_accept=0;
+
+  for (ap=*dest; ap; ap=ap->next) {
+    if (ap->policy_type == ADDR_POLICY_ACCEPT)
+      have_seen_accept=1;
+    if (ap->msk == 0 && ap->prt_min <= 1 && ap->prt_max >= 65535) {
+      /* This is a catch-all line -- later lines are unreachable. */
+      if (ap->next) {
+        addr_policy_free(ap->next);
+        ap->next = NULL;
+      }
+      if (ap->policy_type == ADDR_POLICY_REJECT &&
+          ap != *dest && !have_seen_accept) {
+        /* This is a "reject *:*" and all previous entries were
+         * "reject something". Throw out the previous entries. */
+        for (tmp=*dest; tmp; tmp=tmp->next) {
+          if (tmp->next == ap) {
+            tmp->next = NULL;
+            addr_policy_free(*dest);
+            *dest = ap;
+            break;
+          }
+        }
+      }
+    }
+  }
+}
+
+#define DEFAULT_EXIT_POLICY                                         \
+  "reject *:25,reject *:119,reject *:135-139,reject *:445,"         \
+  "reject *:465,reject *:587,reject *:1214,reject *:4661-4666,"     \
+  "reject *:6346-6429,reject *:6699,reject *:6881-6999,accept *:*"
+
+/** Parse the exit policy <b>cfg</b> into the linked list *<b>dest</b>. If
+ * cfg doesn't end in an absolute accept or reject, add the default exit
+ * policy afterwards. If <b>rejectprivate</b> is true, prepend
+ * "reject private:*" to the policy. Return -1 if we can't parse cfg,
+ * else return 0.
+ *
+ */
+int
+config_parse_exit_policy(config_line_t *cfg, addr_policy_t **dest,
+                         int rejectprivate)
+{
+  if (rejectprivate)
+    options_append_exit_policy_string(dest, "reject private:*");
+  if (config_parse_addr_policy(cfg, dest, -1))
+    return -1;
+  options_append_exit_policy_string(dest, DEFAULT_EXIT_POLICY);
+
+  config_exit_policy_remove_redundancies(dest);
+  return 0;
+}
+
 /**
  * Given a linked list of config lines containing "allow" and "deny" tokens,
  * parse them and append the result to <b>dest</b>.  Return -1 if any tokens

Index: or.h
===================================================================
RCS file: /home2/or/cvsroot/tor/src/or/or.h,v
retrieving revision 1.783
retrieving revision 1.784
diff -u -p -d -r1.783 -r1.784
--- or.h	24 Jan 2006 00:31:16 -0000	1.783
+++ or.h	1 Feb 2006 03:53:52 -0000	1.784
@@ -1230,6 +1230,7 @@ typedef struct {
   smartlist_t *AllowUnverifiedNodes; /**< List of "entry", "middle", "exit" */
   int _AllowUnverified; /**< Bitmask; derived from AllowUnverifiedNodes; */
   config_line_t *ExitPolicy; /**< Lists of exit policy components. */
+  int ExitPolicyRejectPrivate; /**< Should we not exit to local addresses? */
   config_line_t *SocksPolicy; /**< Lists of socks policy components */
   config_line_t *DirPolicy; /**< Lists of dir policy components */
   /** Addresses to bind for listening for SOCKS connections. */
@@ -1585,11 +1586,13 @@ int resolve_my_address(or_options_t *opt
 void options_init(or_options_t *options);
 int options_init_from_torrc(int argc, char **argv);
 int options_init_logs(or_options_t *options, int validate_only);
+int config_parse_exit_policy(config_line_t *cfg,
+                             addr_policy_t **dest,
+                             int rejectprivate);
 int config_parse_addr_policy(config_line_t *cfg,
                              addr_policy_t **dest,
                              int assume_action);
 int config_cmp_addr_policies(addr_policy_t *a, addr_policy_t *b);
-void options_append_default_exit_policy(addr_policy_t **policy);
 void addr_policy_free(addr_policy_t *p);
 int option_is_recognized(const char *key);
 const char *option_get_canonical_name(const char *key);
@@ -2260,8 +2263,6 @@ void add_nickname_list_to_smartlist(smar
                                     int must_be_running,
                                     int warn_if_down, int warn_if_unnamed);
 routerinfo_t *routerlist_find_my_routerinfo(void);
-int exit_policy_implicitly_allows_local_networks(addr_policy_t *policy,
-                                                 int warn);
 routerinfo_t *router_find_exact_exit_enclave(const char *address,
                                              uint16_t port);
 

Index: router.c
===================================================================
RCS file: /home2/or/cvsroot/tor/src/or/router.c,v
retrieving revision 1.241
retrieving revision 1.242
diff -u -p -d -r1.241 -r1.242
--- router.c	17 Jan 2006 02:31:04 -0000	1.241
+++ router.c	1 Feb 2006 03:53:52 -0000	1.242
@@ -820,8 +820,8 @@ router_rebuild_descriptor(int force)
   if (options->BandwidthRate > options->MaxAdvertisedBandwidth)
     ri->bandwidthrate = (int)options->MaxAdvertisedBandwidth;
 
-  config_parse_addr_policy(get_options()->ExitPolicy, &ri->exit_policy, -1);
-  options_append_default_exit_policy(&ri->exit_policy);
+  config_parse_exit_policy(options->ExitPolicy, &ri->exit_policy,
+                           options->ExitPolicyRejectPrivate);
 
   if (desc_routerinfo) { /* inherit values */
     ri->is_verified = desc_routerinfo->is_verified;

Index: routerlist.c
===================================================================
RCS file: /home2/or/cvsroot/tor/src/or/routerlist.c,v
retrieving revision 1.432
retrieving revision 1.433
diff -u -p -d -r1.432 -r1.433
--- routerlist.c	1 Feb 2006 02:52:55 -0000	1.432
+++ routerlist.c	1 Feb 2006 03:53:52 -0000	1.433
@@ -2465,6 +2465,7 @@ router_exit_policy_all_routers_reject(ui
   return 1; /* all will reject. */
 }
 
+#if 0
 /**
  * If <b>policy</b> implicitly allows connections to any port in the
  * IP set <b>addr</b>/<b>mask</b>, then set *<b>policy_out</b> to the
@@ -2553,6 +2554,7 @@ exit_policy_implicitly_allows_local_netw
   return r;
 }
 
+#endif
 /** Return true iff <b>router</b> does not permit exit streams.
  */
 int

Index: test.c
===================================================================
RCS file: /home2/or/cvsroot/tor/src/or/test.c,v
retrieving revision 1.217
retrieving revision 1.218
diff -u -p -d -r1.217 -r1.218
--- test.c	10 Jan 2006 20:47:24 -0000	1.217
+++ test.c	1 Feb 2006 03:53:52 -0000	1.218
@@ -1438,7 +1438,7 @@ test_exit_policies(void)
   test_eq(65535, policy->prt_max);
   test_streq("reject 192.168.0.0/16:*", policy->string);
 
-  test_assert(exit_policy_implicitly_allows_local_networks(policy, 0));
+//  test_assert(exit_policy_implicitly_allows_local_networks(policy, 0));
   test_assert(ADDR_POLICY_ACCEPTED ==
           router_compare_addr_to_addr_policy(0x01020304u, 2, policy));
   test_assert(ADDR_POLICY_PROBABLY_ACCEPTED ==
@@ -1448,6 +1448,7 @@ test_exit_policies(void)
 
   addr_policy_free(policy);
 
+#if 0
   /* Copied from router.c */
   policy = NULL;
   options_append_default_exit_policy(&policy);
@@ -1455,6 +1456,7 @@ test_exit_policies(void)
   test_assert(!exit_policy_implicitly_allows_local_networks(policy, 1));
 
   addr_policy_free(policy);
+#endif
 
 }