Rename exit_policy to addr_policy, since it gets used for SOCKS and directory connections too. Make all policies get validated in options_validate, and make SOCKS/directory policies get set in options_act.

svn:r2819

doc/TODO

@@ -48,13 +48,19 @@ ARMA    - arma claims
 
 0.0.9pre6:
    - Oct 20 16:45:10.237 [warn] parse_addr_port(): Port '0' out of range
-   - clean up parse_*_policy code
-     - when you hup, they're not getting re-parsed
-     - stop calling a *_policy an exit_policy_t
+   o clean up parse_*_policy code
+     o when you hup, they're not getting re-parsed
+     o stop calling a *_policy an exit_policy_t
+   - Regenerate our server descriptor when a relevant option is changed from
+     control.c.
    - Writing out the machine-readable torrc file
    - fix print_usage()
    - Download and use running-routers
    - document signals in man page
+   - Document all undocumented configuration options.
+     - Accounting
+     - Control interface authentication
+     - ... ?
 N  - RPMs
      o Merge changes from jbash
      - Figure out versioning

src/or/config.c

@@ -257,7 +257,6 @@ options_act(void) {
   if (set_max_file_descriptors(options->MaxConn) < 0)
     return -1;
 
-
   mark_logs_temp(); /* Close current logs once new logs are open. */
   if (config_init_logs(options, 0)<0) /* Configure the log(s) */
     return -1;
@@ -295,6 +294,10 @@ options_act(void) {
   if(options->PidFile)
     write_pidfile(options->PidFile);
 
+  /* Update address policies. */
+  parse_socks_policy();
+  parse_dir_policy();
+
   init_cookie_authentication(options->CookieAuthentication);
 
   /* reload keys as needed for rendezvous services. */
@@ -987,6 +990,7 @@ options_validate(or_options_t *options)
   int i;
   int result = 0;
   struct config_line_t *cl;
+  struct addr_policy_t *addr_policy=NULL;
 
   if (options->ORPort < 0 || options->ORPort > 65535) {
     log(LOG_WARN, "ORPort option out of bounds.");
@@ -1201,6 +1205,20 @@ options_validate(or_options_t *options)
       result = -1;
   }
 
+  if (config_parse_addr_policy(options->ExitPolicy, &addr_policy)) {
+    log_fn(LOG_WARN, "Error in Exit Policy entry.");
+    result = -1;
+  }
+  if (config_parse_addr_policy(options->DirPolicy, &addr_policy)) {
+    log_fn(LOG_WARN, "Error in DirPolicy entry.");
+    result = -1;
+  }
+  if (config_parse_addr_policy(options->SocksPolicy, &addr_policy)) {
+    log_fn(LOG_WARN, "Error in SocksPolicy entry.");
+    result = -1;
+  }
+  addr_policy_free(addr_policy);
+
   for (cl = options->RedirectExit; cl; cl = cl->next) {
     if (parse_redirect_line(NULL, cl)<0)
       result = -1;
@@ -1728,17 +1746,19 @@ normalize_log_options(or_options_t *options)
 
 /**
  * Given a linked list of config lines containing "allow" and "deny" tokens,
- * parse them and place the result in <b>dest</b>.  Skip malformed lines.
+ * parse them and append the result to <b>dest</b>.  Return -1 if any tokens
+ * are malformed, else return 0.
  */
-void
-config_parse_exit_policy(struct config_line_t *cfg,
-                         struct exit_policy_t **dest)
+int
+config_parse_addr_policy(struct config_line_t *cfg,
+                         struct addr_policy_t **dest)
 {
-  struct exit_policy_t **nextp;
+  struct addr_policy_t **nextp;
   smartlist_t *entries;
+  int r = 0;
 
   if (!cfg)
-    return;
+    return 0;
 
   nextp = dest;
 
@@ -1751,23 +1771,25 @@ config_parse_exit_policy(struct config_line_t *cfg,
     SMARTLIST_FOREACH(entries, const char *, ent,
     {
       log_fn(LOG_DEBUG,"Adding new entry '%s'",ent);
-      *nextp = router_parse_exit_policy_from_string(ent);
+      *nextp = router_parse_addr_policy_from_string(ent);
       if (*nextp) {
         nextp = &((*nextp)->next);
       } else {
-        log_fn(LOG_WARN,"Malformed exit policy %s; skipping.", ent);
+        log_fn(LOG_WARN,"Malformed policy %s.", ent);
+        r = -1;
       }
     });
     SMARTLIST_FOREACH(entries, char *, ent, tor_free(ent));
     smartlist_clear(entries);
   }
   smartlist_free(entries);
+  return r;
 }
 
 /** Release all storage held by <b>p</b> */
 void
-exit_policy_free(struct exit_policy_t *p) {
-  struct exit_policy_t *e;
+addr_policy_free(struct addr_policy_t *p) {
+  struct addr_policy_t *e;
 
   while (p) {
     e = p;

src/or/connection_edge.c

@@ -12,12 +12,12 @@
 #include "or.h"
 #include "tree.h"
 
-static struct exit_policy_t *socks_policy = NULL;
+static struct addr_policy_t *socks_policy = NULL;
 /* List of exit_redirect_t */
 static smartlist_t *redirect_exit_list = NULL;
 
 static int connection_ap_handshake_process_socks(connection_t *conn);
-static void parse_socks_policy(void);
+void parse_socks_policy(void);
 
 /** Handle new bytes on conn->inbuf, or notification of eof.
  *
@@ -999,7 +999,7 @@ int connection_ap_can_use_exit(connection_t *conn, routerinfo_t *exit)
     return tor_version_as_new_as(exit->platform, "0.0.9pre1");
   }
   addr = client_dns_lookup_entry(conn->socks_request->address);
-  if(router_compare_addr_to_exit_policy(addr,
+  if(router_compare_addr_to_addr_policy(addr,
      conn->socks_request->port, exit->exit_policy) < 0)
     return 0;
   return 1;
@@ -1011,14 +1011,15 @@ int connection_ap_can_use_exit(connection_t *conn, routerinfo_t *exit)
  * is parsed, and put the processed version in &socks_policy.
  * Ignore port specifiers.
  */
-static void parse_socks_policy(void)
+void
+parse_socks_policy(void)
 {
-  struct exit_policy_t *n;
+  struct addr_policy_t *n;
   if (socks_policy) {
-    exit_policy_free(socks_policy);
+    addr_policy_free(socks_policy);
     socks_policy = NULL;
   }
-  config_parse_exit_policy(get_options()->SocksPolicy, &socks_policy);
+  config_parse_addr_policy(get_options()->SocksPolicy, &socks_policy);
   /* ports aren't used. */
   for (n=socks_policy; n; n = n->next) {
     n->prt_min = 1;
@@ -1032,13 +1033,10 @@ static void parse_socks_policy(void)
 int socks_policy_permits_address(uint32_t addr)
 {
   int a;
-  or_options_t *options = get_options();
-  if (options->SocksPolicy && !socks_policy)
-    parse_socks_policy();
 
   if(!socks_policy) /* 'no socks policy' means 'accept' */
     return 1;
-  a = router_compare_addr_to_exit_policy(addr, 1, socks_policy);
+  a = router_compare_addr_to_addr_policy(addr, 1, socks_policy);
   if (a==-1)
     return 0;
   else if (a==0)

src/or/directory.c

@@ -52,7 +52,7 @@ static int directory_handle_command(connection_t *conn);
 
 /********* START VARIABLES **********/
 
-static struct exit_policy_t *dir_policy = NULL;
+static struct addr_policy_t *dir_policy = NULL;
 
 #if 0 /* commented out for now, since for now what clients send is
          different from what servers want to receive */
@@ -69,20 +69,18 @@ char rend_fetch_url[] = "/tor/rendezvous/";
 
 /********* END VARIABLES ************/
 
-/** A helper function for dir_policy_permits_address() below.
- *
- * Parse options->DirPolicy in the same way that the exit policy
- * is parsed, and put the processed version in &dir_policy.
- * Ignore port specifiers.
+/** Parse get_options()->DirPolicy, and put the processed version in
+ * &dir_policy.  Ignore port specifiers.
  */
-static void parse_dir_policy(void)
+void
+parse_dir_policy(void)
 {
-  struct exit_policy_t *n;
+  struct addr_policy_t *n;
   if (dir_policy) {
-    exit_policy_free(dir_policy);
+    addr_policy_free(dir_policy);
     dir_policy = NULL;
   }
-  config_parse_exit_policy(get_options()->DirPolicy, &dir_policy);
+  config_parse_addr_policy(get_options()->DirPolicy, &dir_policy);
   /* ports aren't used. */
   for (n=dir_policy; n; n = n->next) {
     n->prt_min = 1;
@@ -96,12 +94,10 @@ static void parse_dir_policy(void)
 int dir_policy_permits_address(uint32_t addr)
 {
   int a;
-  if (get_options()->DirPolicy && !dir_policy)
-    parse_dir_policy();
 
   if(!dir_policy) /* 'no dir policy' means 'accept' */
     return 1;
-  a = router_compare_addr_to_exit_policy(addr, 1, dir_policy);
+  a = router_compare_addr_to_addr_policy(addr, 1, dir_policy);
   if (a==-1)
     return 0;
   else if (a==0)

src/or/or.h

@@ -571,20 +571,20 @@ struct connection_t {
 
 typedef struct connection_t connection_t;
 
-#define EXIT_POLICY_ACCEPT 1
-#define EXIT_POLICY_REJECT 2
+#define ADDR_POLICY_ACCEPT 1
+#define ADDR_POLICY_REJECT 2
 
-/** A linked list of exit policy rules */
-struct exit_policy_t {
-  char policy_type; /**< One of EXIT_POLICY_ACCEPT or EXIT_POLICY_REJECT. */
+/** A linked list of policy rules */
+struct addr_policy_t {
+  char policy_type; /**< One of ADDR_POLICY_ACCEPT or ADDR_POLICY_REJECT. */
   char *string; /**< String representation of this rule. */
   uint32_t addr; /**< Base address to accept or reject. */
-  uint32_t msk; /**< Accept/reject all addresses <b>a</b> such that a & msk ==
-                 * <b>addr</b> & msk . */
+  uint32_t msk; /**< Accept/reject all addresses <b>a</b> such that
+                 * a &amp; msk == <b>addr</b> &amp; msk . */
   uint16_t prt_min; /**< Lowest port number to accept/reject. */
   uint16_t prt_max; /**< Highest port number to accept/reject. */
 
-  struct exit_policy_t *next; /**< Next rule in list. */
+  struct addr_policy_t *next; /**< Next rule in list. */
 };
 
 /** Information about another onion router in the network. */
@@ -612,7 +612,7 @@ typedef struct {
   uint32_t bandwidthburst; /**< How large is this OR's token bucket? */
   /** How many bytes/s is this router known to handle? */
   uint32_t bandwidthcapacity;
-  struct exit_policy_t *exit_policy; /**< What streams will this OR permit
+  struct addr_policy_t *exit_policy; /**< What streams will this OR permit
                                       * to exit? */
   long uptime; /**< How many seconds the router claims to have been up */
   /* local info */
@@ -1108,9 +1108,9 @@ int resolve_my_address(const char *address, uint32_t *addr);
 void options_init(or_options_t *options);
 int init_from_config(int argc, char **argv);
 int config_init_logs(or_options_t *options, int validate_only);
-void config_parse_exit_policy(struct config_line_t *cfg,
-                              struct exit_policy_t **dest);
-void exit_policy_free(struct exit_policy_t *p);
+int config_parse_addr_policy(struct config_line_t *cfg,
+                             struct addr_policy_t **dest);
+void addr_policy_free(struct addr_policy_t *p);
 int config_option_is_recognized(const char *key);
 struct config_line_t *config_get_assigned_option(or_options_t *options,
                                                  const char *key);
@@ -1217,6 +1217,7 @@ int client_dns_incr_failures(const char *address);
 void client_dns_set_entry(const char *address, uint32_t val);
 void client_dns_clean(void);
 void set_exit_redirects(smartlist_t *lst);
+void parse_socks_policy(void);
 
 /********************************* connection_or.c ***************************/
 
@@ -1287,6 +1288,7 @@ void directory_get_from_dirserver(uint8_t purpose, const char *resource);
 int connection_dir_process_inbuf(connection_t *conn);
 int connection_dir_finished_flushing(connection_t *conn);
 int connection_dir_finished_connecting(connection_t *conn);
+void parse_dir_policy(void);
 
 /********************************* dirserv.c ***************************/
 
@@ -1559,8 +1561,8 @@ void router_mark_as_down(const char *digest);
 void routerlist_remove_old_routers(int age);
 int router_load_routerlist_from_directory(const char *s,crypto_pk_env_t *pkey,
                                           int check_version);
-int router_compare_addr_to_exit_policy(uint32_t addr, uint16_t port,
-                                       struct exit_policy_t *policy);
+int router_compare_addr_to_addr_policy(uint32_t addr, uint16_t port,
+                                       struct addr_policy_t *policy);
 #define ADDR_POLICY_ACCEPTED 0
 #define ADDR_POLICY_REJECTED -1
 #define ADDR_POLICY_UNKNOWN 1
@@ -1606,7 +1608,7 @@ int router_parse_routerlist_from_directory(const char *s,
 running_routers_t *router_parse_runningrouters(const char *str);
 routerinfo_t *router_parse_entry_from_string(const char *s, const char *end);
 int router_add_exit_policy_from_string(routerinfo_t *router, const char *s);
-struct exit_policy_t *router_parse_exit_policy_from_string(const char *s);
+struct addr_policy_t *router_parse_addr_policy_from_string(const char *s);
 int check_software_version_against_directory(const char *directory,
                                              int ignoreversion);
 int tor_version_parse(const char *s, tor_version_t *out);

src/or/relay.c

@@ -525,9 +525,9 @@ connection_edge_process_relay_cell_not_open(
       }
       if(connection_ap_can_use_exit(conn, exitrouter)) {
         log_fn(LOG_WARN,"Exitrouter %s seems to be more restrictive than its exit policy. Not using this router as exit for now,", exitrouter->nickname);
-        exit_policy_free(exitrouter->exit_policy);
+        addr_policy_free(exitrouter->exit_policy);
         exitrouter->exit_policy =
-          router_parse_exit_policy_from_string("reject *:*");
+          router_parse_addr_policy_from_string("reject *:*");
       }
 
       conn->state = AP_CONN_STATE_CIRCUIT_WAIT;

src/or/router.c

@@ -434,9 +434,9 @@ void router_upload_dir_desc_to_dirservers(void) {
  * rule, then append the default exit policy as well.
  */
 static void router_add_exit_policy_from_config(routerinfo_t *router) {
-  struct exit_policy_t *ep;
+  struct addr_policy_t *ep;
   struct config_line_t default_policy;
-  config_parse_exit_policy(get_options()->ExitPolicy, &router->exit_policy);
+  config_parse_addr_policy(get_options()->ExitPolicy, &router->exit_policy);
 
   for (ep = router->exit_policy; ep; ep = ep->next) {
     if (ep->msk == 0 && ep->prt_min <= 1 && ep->prt_max >= 65535) {
@@ -449,7 +449,7 @@ static void router_add_exit_policy_from_config(routerinfo_t *router) {
   default_policy.key = NULL;
   default_policy.value = (char*)DEFAULT_EXIT_POLICY;
   default_policy.next = NULL;
-  config_parse_exit_policy(&default_policy, &router->exit_policy);
+  config_parse_addr_policy(&default_policy, &router->exit_policy);
 }
 
 /** OR only: Return false if my exit policy says to allow connection to
@@ -464,7 +464,7 @@ int router_compare_to_my_exit_policy(connection_t *conn)
   if (!conn->addr)
     return -1;
 
-  return router_compare_addr_to_exit_policy(conn->addr, conn->port,
+  return router_compare_addr_to_addr_policy(conn->addr, conn->port,
                    desc_routerinfo->exit_policy);
 
 }
@@ -596,7 +596,7 @@ int router_dump_router_to_string(char *s, size_t maxlen, routerinfo_t *router,
   size_t onion_pkeylen, identity_pkeylen;
   size_t written;
   int result=0;
-  struct exit_policy_t *tmpe;
+  struct addr_policy_t *tmpe;
   char *bandwidth_usage;
   char *family_line;
 #ifdef DEBUG_ROUTER_DUMP_ROUTER_TO_STRING
@@ -698,7 +698,7 @@ int router_dump_router_to_string(char *s, size_t maxlen, routerinfo_t *router,
     in.s_addr = htonl(tmpe->addr);
     /* Write: "accept 1.2.3.4" */
     result = tor_snprintf(s+written, maxlen-written, "%s %s",
-        tmpe->policy_type == EXIT_POLICY_ACCEPT ? "accept" : "reject",
+        tmpe->policy_type == ADDR_POLICY_ACCEPT ? "accept" : "reject",
         tmpe->msk == 0 ? "*" : inet_ntoa(in));
     if(result < 0 || result+written > maxlen) {
       /* apparently different glibcs do different things on tor_snprintf error.. so check both */

src/or/routerlist.c

@@ -665,7 +665,7 @@ void routerinfo_free(routerinfo_t *router)
     SMARTLIST_FOREACH(router->declared_family, char *, s, tor_free(s));
     smartlist_free(router->declared_family);
   }
-  exit_policy_free(router->exit_policy);
+  addr_policy_free(router->exit_policy);
   tor_free(router);
 }
 
@@ -673,7 +673,7 @@ void routerinfo_free(routerinfo_t *router)
 routerinfo_t *routerinfo_copy(const routerinfo_t *router)
 {
   routerinfo_t *r;
-  struct exit_policy_t **e, *tmp;
+  struct addr_policy_t **e, *tmp;
 
   r = tor_malloc(sizeof(routerinfo_t));
   memcpy(r, router, sizeof(routerinfo_t));
@@ -687,8 +687,8 @@ routerinfo_t *routerinfo_copy(const routerinfo_t *router)
     r->identity_pkey = crypto_pk_dup_key(r->identity_pkey);
   e = &r->exit_policy;
   while (*e) {
-    tmp = tor_malloc(sizeof(struct exit_policy_t));
-    memcpy(tmp,*e,sizeof(struct exit_policy_t));
+    tmp = tor_malloc(sizeof(struct addr_policy_t));
+    memcpy(tmp,*e,sizeof(struct addr_policy_t));
     *e = tmp;
     (*e)->string = tor_strdup((*e)->string);
     e = & ((*e)->next);
@@ -923,21 +923,21 @@ router_resolve_routerlist(routerlist_t *rl)
 }
 
 /** Decide whether a given addr:port is definitely accepted, definitely
- * rejected, or neither by a given exit policy.  If <b>addr</b> is 0, we
+ * rejected, or neither by a given policy.  If <b>addr</b> is 0, we
  * don't know the IP of the target address.
  *
  * Returns -1 for "rejected", 0 for "accepted", 1 for "maybe" (since IP is
  * unknown).
  */
-int router_compare_addr_to_exit_policy(uint32_t addr, uint16_t port,
-                                       struct exit_policy_t *policy)
+int router_compare_addr_to_addr_policy(uint32_t addr, uint16_t port,
+                                       struct addr_policy_t *policy)
 {
   int maybe_reject = 0;
   int maybe_accept = 0;
   int match = 0;
   int maybe = 0;
   struct in_addr in;
-  struct exit_policy_t *tmpe;
+  struct addr_policy_t *tmpe;
 
   for(tmpe=policy; tmpe; tmpe=tmpe->next) {
 //    log_fn(LOG_DEBUG,"Considering exit policy %s", tmpe->string);
@@ -967,16 +967,16 @@ int router_compare_addr_to_exit_policy(uint32_t addr, uint16_t port,
       }
     }
     if (maybe) {
-      if (tmpe->policy_type == EXIT_POLICY_REJECT)
+      if (tmpe->policy_type == ADDR_POLICY_REJECT)
         maybe_reject = 1;
       else
         maybe_accept = 1;
     }
     if (match) {
       in.s_addr = htonl(addr);
-      log_fn(LOG_DEBUG,"Address %s:%d matches exit policy '%s'",
+      log_fn(LOG_DEBUG,"Address %s:%d matches policy '%s'",
              inet_ntoa(in), port, tmpe->string);
-      if(tmpe->policy_type == EXIT_POLICY_ACCEPT) {
+      if(tmpe->policy_type == ADDR_POLICY_ACCEPT) {
         /* If we already hit a clause that might trigger a 'reject', than we
          * can't be sure of this certain 'accept'.*/
         return maybe_reject ? ADDR_POLICY_UNKNOWN : ADDR_POLICY_ACCEPTED;
@@ -998,7 +998,7 @@ int router_exit_policy_all_routers_reject(uint32_t addr, uint16_t port) {
 
   for (i=0;i<smartlist_len(routerlist->routers);i++) {
     router = smartlist_get(routerlist->routers, i);
-    if (router->is_running && router_compare_addr_to_exit_policy(
+    if (router->is_running && router_compare_addr_to_addr_policy(
              addr, port, router->exit_policy) != ADDR_POLICY_REJECTED)
       return 0; /* this one could be ok. good enough. */
   }
@@ -1008,7 +1008,7 @@ int router_exit_policy_all_routers_reject(uint32_t addr, uint16_t port) {
 /** Return true iff <b>router</b> does not permit exit streams.
  */
 int router_exit_policy_rejects_all(routerinfo_t *router) {
-  return router_compare_addr_to_exit_policy(0, 0, router->exit_policy)
+  return router_compare_addr_to_addr_policy(0, 0, router->exit_policy)
     == ADDR_POLICY_REJECTED;
 }
 

src/or/routerparse.c

@@ -124,7 +124,7 @@ static struct {
 
 /* static function prototypes */
 static int router_add_exit_policy(routerinfo_t *router,directory_token_t *tok);
-static struct exit_policy_t *router_parse_exit_policy(directory_token_t *tok);
+static struct addr_policy_t *router_parse_addr_policy(directory_token_t *tok);
 static int router_get_hash_impl(const char *s, char *digest,
                                 const char *start_str, const char *end_str);
 static void token_free(directory_token_t *tok);
@@ -962,13 +962,13 @@ routerinfo_t *router_parse_entry_from_string(const char *s,
 
 /** Parse the exit policy in the string <b>s</b> and return it.
  */
-struct exit_policy_t *
-router_parse_exit_policy_from_string(const char *s)
+struct addr_policy_t *
+router_parse_addr_policy_from_string(const char *s)
 {
   directory_token_t *tok = NULL;
   const char *cp;
   char *tmp;
-  struct exit_policy_t *r;
+  struct addr_policy_t *r;
   size_t len, idx;
 
   /* *s might not end with \n, so we need to extend it with one. */
@@ -990,7 +990,7 @@ router_parse_exit_policy_from_string(const char *s)
   }
 
   /* Now that we've gotten an exit policy, add it to the router. */
-  r = router_parse_exit_policy(tok);
+  r = router_parse_addr_policy(tok);
   goto done;
  err:
   r = NULL;
@@ -1000,10 +1000,11 @@ router_parse_exit_policy_from_string(const char *s)
   return r;
 }
 
-int router_add_exit_policy_from_string(routerinfo_t *router, const char *s)
+int
+router_add_exit_policy_from_string(routerinfo_t *router, const char *s)
 {
-  struct exit_policy_t *newe, *tmpe;
-  newe = router_parse_exit_policy_from_string(s);
+  struct addr_policy_t *newe, *tmpe;
+  newe = router_parse_addr_policy_from_string(s);
   if (!newe)
     return -1;
   for (tmpe = router->exit_policy; tmpe; tmpe=tmpe->next)
@@ -1013,10 +1014,11 @@ int router_add_exit_policy_from_string(routerinfo_t *router, const char *s)
   return 0;
 }
 
-static int router_add_exit_policy(routerinfo_t *router,directory_token_t *tok)
+static int
+router_add_exit_policy(routerinfo_t *router,directory_token_t *tok)
 {
-  struct exit_policy_t *newe, **tmpe;
-  newe = router_parse_exit_policy(tok);
+  struct addr_policy_t *newe, **tmpe;
+  newe = router_parse_addr_policy(tok);
   if (!newe)
     return -1;
   for (tmpe = &router->exit_policy; *tmpe; tmpe=&((*tmpe)->next))
@@ -1028,10 +1030,10 @@ static int router_add_exit_policy(routerinfo_t *router,directory_token_t *tok)
 
 /** Given a K_ACCEPT or K_REJECT token and a router, create and return
  * a new exit_policy_t corresponding to the token. */
-static struct exit_policy_t *
-router_parse_exit_policy(directory_token_t *tok) {
+static struct addr_policy_t *
+router_parse_addr_policy(directory_token_t *tok) {
 
-  struct exit_policy_t *newe;
+  struct addr_policy_t *newe;
   struct in_addr in;
   char *arg, *address;
 
@@ -1041,13 +1043,13 @@ router_parse_exit_policy(directory_token_t *tok) {
     return NULL;
   arg = tok->args[0];
 
-  newe = tor_malloc_zero(sizeof(struct exit_policy_t));
+  newe = tor_malloc_zero(sizeof(struct addr_policy_t));
 
   newe->string = tor_malloc(8+strlen(arg));
   tor_snprintf(newe->string, 8+strlen(arg), "%s %s",
            (tok->tp == K_REJECT) ? "reject" : "accept", arg);
-  newe->policy_type = (tok->tp == K_REJECT) ? EXIT_POLICY_REJECT
-    : EXIT_POLICY_ACCEPT;
+  newe->policy_type = (tok->tp == K_REJECT) ? ADDR_POLICY_REJECT
+    : ADDR_POLICY_ACCEPT;
 
   if (parse_addr_and_port_range(arg, &newe->addr, &newe->msk,
                                 &newe->prt_min, &newe->prt_max))
@@ -1057,7 +1059,7 @@ router_parse_exit_policy(directory_token_t *tok) {
   address = tor_strdup(inet_ntoa(in));
   in.s_addr = htonl(newe->msk);
   log_fn(LOG_DEBUG,"%s %s/%s:%d-%d",
-         newe->policy_type == EXIT_POLICY_REJECT ? "reject" : "accept",
+         newe->policy_type == ADDR_POLICY_REJECT ? "reject" : "accept",
          address, inet_ntoa(in), newe->prt_min, newe->prt_max);
   tor_free(address);
 

src/or/test.c

@@ -939,7 +939,7 @@ test_dir_format(void)
   routerinfo_t r1, r2;
   crypto_pk_env_t *pk1 = NULL, *pk2 = NULL, *pk3 = NULL;
   routerinfo_t *rp1 = NULL, *rp2 = NULL;
-  struct exit_policy_t ex1, ex2;
+  struct addr_policy_t ex1, ex2;
   routerlist_t *dir1 = NULL, *dir2 = NULL;
   tor_version_t ver1;
   char *bw_lines = NULL;
@@ -989,13 +989,13 @@ test_dir_format(void)
   r1.nickname = tor_strdup("Magri");
   r1.platform = tor_strdup(platform);
 
-  ex1.policy_type = EXIT_POLICY_ACCEPT;
+  ex1.policy_type = ADDR_POLICY_ACCEPT;
   ex1.string = NULL;
   ex1.addr = 0;
   ex1.msk = 0;
   ex1.prt_min = ex1.prt_max = 80;
   ex1.next = &ex2;
-  ex2.policy_type = EXIT_POLICY_REJECT;
+  ex2.policy_type = ADDR_POLICY_REJECT;
   ex2.addr = 18 << 24;
   ex2.msk = 0xFF000000u;
   ex2.prt_min = ex2.prt_max = 24;