Home Explore Help
Sign In
piros
/
tor
3
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Browse Source

Fix bug 1113.

Bridges do not use the default exit policy, but reject *:* by default.
Karsten Loesing 16 years ago
parent
8c34e79263
commit
56c2385157
5 changed files with 18 additions and 10 deletions
Unified View Show Diff Stats
  1. 2 0
      ChangeLog
  2. 2 1
      src/or/or.h
  3. 10 5
      src/or/policies.c
  4. 1 1
      src/or/router.c
  5. 3 3
      src/test/test.c

+ 2 - 0
ChangeLog
View File 

@@ -40,6 +40,8 @@ Changes in version 0.2.2.6-alpha - 2009-10-??
 
     - If your relay can't keep up with the number of incoming create
 
     - If your relay can't keep up with the number of incoming create
 
       cells, it would log one warning per failure into your logs. Limit
 
       cells, it would log one warning per failure into your logs. Limit
 
       warnings to 1 per minute. Bugfix on 0.0.2pre10; fixes bug 1042.
 
       warnings to 1 per minute. Bugfix on 0.0.2pre10; fixes bug 1042.
 
+    - Bridges do not use the default exit policy, but reject *:* by
 
+      default. Fixes bug 1113.
 
 
 
 
 
 Changes in version 0.2.2.5-alpha - 2009-10-11
 
 Changes in version 0.2.2.5-alpha - 2009-10-11

+ 2 - 1
src/or/or.h
View File 

@@ -4353,7 +4353,8 @@ addr_policy_result_t compare_tor_addr_to_addr_policy(const tor_addr_t *addr,
 
 addr_policy_result_t compare_addr_to_addr_policy(uint32_t addr,
 
 addr_policy_result_t compare_addr_to_addr_policy(uint32_t addr,
 
                               uint16_t port, const smartlist_t *policy);
 
                               uint16_t port, const smartlist_t *policy);
 
 int policies_parse_exit_policy(config_line_t *cfg, smartlist_t **dest,
 
 int policies_parse_exit_policy(config_line_t *cfg, smartlist_t **dest,
 
-                               int rejectprivate, const char *local_address);
 
+                               int rejectprivate, const char *local_address,
 
+                               int add_default_policy);
 
 void policies_set_router_exitpolicy_to_reject_all(routerinfo_t *exitrouter);
 
 void policies_set_router_exitpolicy_to_reject_all(routerinfo_t *exitrouter);
 
 int exit_policy_is_general_exit(smartlist_t *policy);
 
 int exit_policy_is_general_exit(smartlist_t *policy);
 
 int policy_is_reject_star(const smartlist_t *policy);
 
 int policy_is_reject_star(const smartlist_t *policy);

+ 10 - 5
src/or/policies.c
View File 

@@ -344,7 +344,8 @@ validate_addr_policies(or_options_t *options, char **msg)
 
   *msg = NULL;
 
   *msg = NULL;
 
 
 
   if (policies_parse_exit_policy(options->ExitPolicy, &addr_policy,
 
   if (policies_parse_exit_policy(options->ExitPolicy, &addr_policy,
 
-                                 options->ExitPolicyRejectPrivate, NULL))
 
+                                 options->ExitPolicyRejectPrivate, NULL,
 
+                                 !options->BridgeRelay))
 
     REJECT("Error in ExitPolicy entry.");
 
     REJECT("Error in ExitPolicy entry.");
 
 
 
   /* The rest of these calls *append* to addr_policy. So don't actually
 
   /* The rest of these calls *append* to addr_policy. So don't actually
 
@@ -829,14 +830,16 @@ exit_policy_remove_redundancies(smartlist_t *dest)
 
   "reject *:6346-6429,reject *:6699,reject *:6881-6999,accept *:*"
 
   "reject *:6346-6429,reject *:6699,reject *:6881-6999,accept *:*"
 
 
 
 /** Parse the exit policy <b>cfg</b> into the linked list *<b>dest</b>. If
 
 /** Parse the exit policy <b>cfg</b> into the linked list *<b>dest</b>. If
 
- * cfg doesn't end in an absolute accept or reject, add the default exit
 
+ * cfg doesn't end in an absolute accept or reject and if
 
+ * <b>add_default_policy</b> is true, add the default exit
 
  * policy afterwards. If <b>rejectprivate</b> is true, prepend
 
  * policy afterwards. If <b>rejectprivate</b> is true, prepend
 
  * "reject private:*" to the policy. Return -1 if we can't parse cfg,
 
  * "reject private:*" to the policy. Return -1 if we can't parse cfg,
 
  * else return 0.
 
  * else return 0.
 
  */
 
  */
 
 int
 
 int
 
 policies_parse_exit_policy(config_line_t *cfg, smartlist_t **dest,
 
 policies_parse_exit_policy(config_line_t *cfg, smartlist_t **dest,
 
-                           int rejectprivate, const char *local_address)
 
+                           int rejectprivate, const char *local_address,
 
+                           int add_default_policy)
 
 {
 
 {
 
   if (rejectprivate) {
 
   if (rejectprivate) {
 
     append_exit_policy_string(dest, "reject private:*");
 
     append_exit_policy_string(dest, "reject private:*");
 
@@ -848,8 +851,10 @@ policies_parse_exit_policy(config_line_t *cfg, smartlist_t **dest,
 
   }
 
   }
 
   if (parse_addr_policy(cfg, dest, -1))
 
   if (parse_addr_policy(cfg, dest, -1))
 
     return -1;
 
     return -1;
 
-  append_exit_policy_string(dest, DEFAULT_EXIT_POLICY);
 
-
 
+  if (add_default_policy)
 
+    append_exit_policy_string(dest, DEFAULT_EXIT_POLICY);
 
+  else
 
+    append_exit_policy_string(dest, "reject *:*");
 
   exit_policy_remove_redundancies(*dest);
 
   exit_policy_remove_redundancies(*dest);
 
 
 
   return 0;
 
   return 0;

+ 1 - 1
src/or/router.c
View File 

@@ -1312,7 +1312,7 @@ router_rebuild_descriptor(int force)
 
 
 
   policies_parse_exit_policy(options->ExitPolicy, &ri->exit_policy,
 
   policies_parse_exit_policy(options->ExitPolicy, &ri->exit_policy,
 
                              options->ExitPolicyRejectPrivate,
 
                              options->ExitPolicyRejectPrivate,
 
-                             ri->address);
 
+                             ri->address, !options->BridgeRelay);
 
 
 
   if (desc_routerinfo) { /* inherit values */
 
   if (desc_routerinfo) { /* inherit values */
 
     ri->is_valid = desc_routerinfo->is_valid;
 
     ri->is_valid = desc_routerinfo->is_valid;

+ 3 - 3
src/test/test.c
View File 

@@ -629,7 +629,7 @@ test_policy_summary_helper(const char *policy_str,
 
   line.value = (char *)policy_str;
 
   line.value = (char *)policy_str;
 
   line.next = NULL;
 
   line.next = NULL;
 
 
 
-  r = policies_parse_exit_policy(&line, &policy, 0, NULL);
 
+  r = policies_parse_exit_policy(&line, &policy, 0, NULL, 1);
 
   test_eq(r, 0);
 
   test_eq(r, 0);
 
   summary = policy_summarize(policy);
 
   summary = policy_summarize(policy);
 
 
 
@@ -675,7 +675,7 @@ test_policies(void)
 
           compare_addr_to_addr_policy(0xc0a80102, 2, policy));
 
           compare_addr_to_addr_policy(0xc0a80102, 2, policy));
 
 
 
   policy2 = NULL;
 
   policy2 = NULL;
 
-  test_assert(0 == policies_parse_exit_policy(NULL, &policy2, 1, NULL));
 
+  test_assert(0 == policies_parse_exit_policy(NULL, &policy2, 1, NULL, 1));
 
   test_assert(policy2);
 
   test_assert(policy2);
 
 
 
   test_assert(!exit_policy_is_general_exit(policy));
 
   test_assert(!exit_policy_is_general_exit(policy));
 
@@ -699,7 +699,7 @@ test_policies(void)
 
   line.key = (char*)"foo";
 
   line.key = (char*)"foo";
 
   line.value = (char*)"accept *:80,reject private:*,reject *:*";
 
   line.value = (char*)"accept *:80,reject private:*,reject *:*";
 
   line.next = NULL;
 
   line.next = NULL;
 
-  test_assert(0 == policies_parse_exit_policy(&line, &policy, 0, NULL));
 
+  test_assert(0 == policies_parse_exit_policy(&line, &policy, 0, NULL, 1));
 
   test_assert(policy);
 
   test_assert(policy);
 
   //test_streq(policy->string, "accept *:80");
 
   //test_streq(policy->string, "accept *:80");
 
   //test_streq(policy->next->string, "reject *:*");
 
   //test_streq(policy->next->string, "reject *:*");