Refactor and consolidate addr/exit policies into a new policies.c.

Fix some minor bugs and memory leaks along the way.


svn:r6246

src/or/Makefile.am

@@ -8,7 +8,7 @@ tor_SOURCES = buffers.c circuitbuild.c circuitlist.c \
 	circuituse.c command.c config.c \
 	connection.c connection_edge.c connection_or.c control.c \
 	cpuworker.c directory.c dirserv.c dns.c hibernate.c main.c \
-	onion.c relay.c rendcommon.c rendclient.c rendmid.c \
+	onion.c policies.c relay.c rendcommon.c rendclient.c rendmid.c \
 	rendservice.c rephist.c router.c routerlist.c routerparse.c \
 	tor_main.c
 
@@ -18,7 +18,7 @@ test_SOURCES = buffers.c circuitbuild.c circuitlist.c \
 	circuituse.c command.c config.c \
 	connection.c connection_edge.c connection_or.c control.c \
 	cpuworker.c directory.c dirserv.c dns.c hibernate.c main.c \
-	onion.c relay.c rendcommon.c rendclient.c rendmid.c \
+	onion.c policies.c relay.c rendcommon.c rendclient.c rendmid.c \
 	rendservice.c rephist.c router.c routerlist.c routerparse.c \
 	test.c
 

src/or/circuitbuild.c

@@ -1079,7 +1079,7 @@ router_handles_some_port(routerinfo_t *router, smartlist_t *needed_ports)
     addr_policy_result_t r;
     port = *(uint16_t *)smartlist_get(needed_ports, i);
     tor_assert(port);
-    r = router_compare_addr_to_addr_policy(0, port, router->exit_policy);
+    r = compare_addr_to_addr_policy(0, port, router->exit_policy);
     if (r != ADDR_POLICY_REJECTED && r != ADDR_POLICY_PROBABLY_REJECTED)
       return 1;
   }

src/or/circuituse.c

@@ -311,7 +311,7 @@ circuit_stream_is_being_handled(connection_t *conn, uint16_t port, int min)
         if (conn) {
           ok = connection_ap_can_use_exit(conn, exitrouter);
         } else {
-          addr_policy_result_t r = router_compare_addr_to_addr_policy(
+          addr_policy_result_t r = compare_addr_to_addr_policy(
               0, port, exitrouter->exit_policy);
           ok = r != ADDR_POLICY_REJECTED && r != ADDR_POLICY_PROBABLY_REJECTED;
         }

src/or/config.c

@@ -367,9 +367,6 @@ static int check_nickname_list(const char *lst, const char *name, char **msg);
 static void config_register_addressmaps(or_options_t *options);
 
 static int parse_dir_server_line(const char *line, int validate_only);
-static int config_cmp_single_addr_policy(addr_policy_t *a, addr_policy_t *b);
-static int config_addr_policy_covers(addr_policy_t *a, addr_policy_t *b);
-static int config_addr_policy_intersects(addr_policy_t *a, addr_policy_t *b);
 static int parse_redirect_line(smartlist_t *result,
                                config_line_t *line, char **msg);
 static int parse_log_severity_range(const char *range, int *min_out,
@@ -392,7 +389,6 @@ static int or_state_validate(or_state_t *old_options, or_state_t *options,
 static uint64_t config_parse_memunit(const char *s, int *ok);
 static int config_parse_interval(const char *s, int *ok);
 static void print_cvs_version(void);
-static void parse_reachable_addresses(void);
 static void init_libevent(void);
 static int opt_streq(const char *s1, const char *s2);
 #if defined(HAVE_EVENT_GET_VERSION) && defined(HAVE_EVENT_GET_METHOD)
@@ -441,12 +437,6 @@ static or_options_t *global_options = NULL;
 static char *torrc_fname = NULL;
 /** Persistent serialized state. */
 static or_state_t *global_state = NULL;
-/** Parsed addr_policy_t describing which addresses we believe we can start
- * circuits at. */
-static addr_policy_t *reachable_or_addr_policy = NULL;
-/** Parsed addr_policy_t describing which addresses we believe we can connect
- * to directories at. */
-static addr_policy_t *reachable_dir_addr_policy = NULL;
 
 /** Allocate an empty configuration object of a given format type. */
 static void *
@@ -507,14 +497,6 @@ config_free_all(void)
     global_state = NULL;
   }
   tor_free(torrc_fname);
-  if (reachable_or_addr_policy) {
-    addr_policy_free(reachable_or_addr_policy);
-    reachable_or_addr_policy = NULL;
-  }
-  if (reachable_dir_addr_policy) {
-    addr_policy_free(reachable_dir_addr_policy);
-    reachable_dir_addr_policy = NULL;
-  }
 }
 
 /** If options->SafeLogging is on, return a not very useful string,
@@ -763,10 +745,7 @@ options_act(or_options_t *old_options)
   config_register_addressmaps(options);
 
   /* Update address policies. */
-  parse_socks_policy();
-  parse_dir_policy();
-  parse_authdir_policy();
-  parse_reachable_addresses();
+  policies_parse_from_options(options);
 
   init_cookie_authentication(options->CookieAuthentication);
 
@@ -1976,98 +1955,6 @@ validate_ports_csv(smartlist_t *sl, const char *name, char **msg)
   return 0;
 }
 
-/** Helper: parse the Reachable(Dir|OR)?Addresses fields into
- * reachable_(or|dir)_addr_policy. */
-static void
-parse_reachable_addresses(void)
-{
-  or_options_t *options = get_options();
-
-  if (options->ReachableDirAddresses &&
-      options->ReachableORAddresses &&
-      options->ReachableAddresses) {
-    log_warn(LD_CONFIG,
-             "Both ReachableDirAddresses and ReachableORAddresses are set. "
-             "ReachableAddresses setting will be ignored.");
-  }
-  addr_policy_free(reachable_or_addr_policy);
-  reachable_or_addr_policy = NULL;
-  if (!options->ReachableORAddresses && options->ReachableAddresses)
-    log_info(LD_CONFIG,
-             "Using ReachableAddresses as ReachableORAddresses.");
-  if (config_parse_addr_policy(options->ReachableORAddresses ?
-                                 options->ReachableORAddresses :
-                                 options->ReachableAddresses,
-                               &reachable_or_addr_policy,
-                               ADDR_POLICY_ACCEPT)) {
-    log_warn(LD_CONFIG,
-             "Error parsing Reachable%sAddresses entry; ignoring.",
-             options->ReachableORAddresses ? "OR" : "");
-  }
-
-  addr_policy_free(reachable_dir_addr_policy);
-  reachable_dir_addr_policy = NULL;
-  if (!options->ReachableDirAddresses && options->ReachableAddresses)
-    log_info(LD_CONFIG,
-             "Using ReachableAddresses as ReachableDirAddresses");
-  if (config_parse_addr_policy(options->ReachableDirAddresses ?
-                               options->ReachableDirAddresses :
-                               options->ReachableAddresses,
-                               &reachable_dir_addr_policy,
-                               ADDR_POLICY_ACCEPT)) {
-    if (options->ReachableDirAddresses)
-      log_warn(LD_CONFIG,
-               "Error parsing ReachableDirAddresses entry; ignoring.");
-  }
-}
-
-/** Return true iff the firewall options might block any address:port
- * combination.
- */
-int
-firewall_is_fascist_or(void)
-{
-  return !!reachable_or_addr_policy;
-}
-
-/** Return true iff <b>policy</b> (possibly NULL) will allow a
- * connection to <b>addr</b>:<b>port</b>.
- */
-static int
-_fascist_firewall_allows_address(uint32_t addr, uint16_t port,
-                                 addr_policy_t *policy)
-{
-  addr_policy_result_t p;
-
-  p = router_compare_addr_to_addr_policy(addr, port, policy);
-
-  switch (p) {
-    case ADDR_POLICY_PROBABLY_ACCEPTED:
-    case ADDR_POLICY_ACCEPTED:
-      return 1;
-    case ADDR_POLICY_PROBABLY_REJECTED:
-    case ADDR_POLICY_REJECTED:
-      return 0;
-    default:
-      log_warn(LD_BUG, "Unexpected result: %d", (int)p);
-      return 0;
-  }
-}
-
-int
-fascist_firewall_allows_address_or(uint32_t addr, uint16_t port)
-{
-  return _fascist_firewall_allows_address(addr, port,
-                                          reachable_or_addr_policy);
-}
-
-int
-fascist_firewall_allows_address_dir(uint32_t addr, uint16_t port)
-{
-  return _fascist_firewall_allows_address(addr, port,
-                                          reachable_dir_addr_policy);
-}
-
 /** Lowest allowable value for DirFetchPeriod; if this is too low, clients can
  * overload the directory system. */
 #define MIN_DIR_FETCH_PERIOD (10*60)
@@ -2104,7 +1991,6 @@ options_validate(or_options_t *old_options, or_options_t *options,
 {
   int i, r;
   config_line_t *cl;
-  addr_policy_t *addr_policy=NULL;
   const char *uname;
   char buf[1024];
 #define REJECT(arg) \
@@ -2539,33 +2425,8 @@ options_validate(or_options_t *old_options, or_options_t *options,
       return -1;
   }
 
-  if (config_parse_exit_policy(options->ExitPolicy, &addr_policy,
-                               options->ExitPolicyRejectPrivate))
-    REJECT("Error in ExitPolicy entry.");
-
-  /* The rest of these calls *append* to addr_policy. So don't actually
-   * use the results for anything other than checking if they parse! */
-  if (config_parse_addr_policy(options->DirPolicy, &addr_policy, -1))
-    REJECT("Error in DirPolicy entry.");
-  if (config_parse_addr_policy(options->SocksPolicy, &addr_policy, -1))
-    REJECT("Error in SocksPolicy entry.");
-  if (config_parse_addr_policy(options->ReachableAddresses, &addr_policy,
-                               ADDR_POLICY_ACCEPT))
-    REJECT("Error in ReachableAddresses entry.");
-  if (config_parse_addr_policy(options->ReachableORAddresses, &addr_policy,
-                               ADDR_POLICY_ACCEPT))
-    REJECT("Error in ReachableORAddresses entry.");
-  if (config_parse_addr_policy(options->ReachableDirAddresses, &addr_policy,
-                               ADDR_POLICY_ACCEPT))
-    REJECT("Error in ReachableDirAddresses entry.");
-  if (config_parse_addr_policy(options->AuthDirReject, &addr_policy,
-                               ADDR_POLICY_REJECT))
-    REJECT("Error in AuthDirReject entry.");
-  if (config_parse_addr_policy(options->AuthDirInvalid, &addr_policy,
-                               ADDR_POLICY_REJECT))
-    REJECT("Error in AuthDirInvalid entry.");
-
-  addr_policy_free(addr_policy);
+  if (validate_addr_policies(options, msg) < 0)
+    return -1;
 
   for (cl = options->RedirectExit; cl; cl = cl->next) {
     if (parse_redirect_line(NULL, cl, msg)<0)
@@ -3261,326 +3122,6 @@ normalize_log_options(or_options_t *options)
   return 0;
 }
 
-/** Add the exit policy described by <b>more</b> to <b>policy</b>.
- */
-static void
-options_append_exit_policy_string(addr_policy_t **policy, const char *more)
-{
-  config_line_t tmp;
-
-  tmp.key = NULL;
-  tmp.value = (char*) more;
-  tmp.next = NULL;
-  config_parse_addr_policy(&tmp, policy, -1);
-}
-
-static int
-config_expand_exit_policy_aliases(smartlist_t *entries, int assume_action)
-{
-  static const char *prefixes[] = {
-    "0.0.0.0/8", "169.254.0.0/16",
-    "127.0.0.0/8", "192.168.0.0/16", "10.0.0.0/8", "172.16.0.0/12",NULL };
-  int i;
-  char *pre=NULL, *post=NULL;
-  int expanded_any = 0;
-  pre = smartlist_join_strings(entries,",",0,NULL);
-  for (i = 0; i < smartlist_len(entries); ++i) {
-    char *v = smartlist_get(entries, i);
-    const char *cp, *ports;
-    const char *action;
-    int prefix_idx;
-    if (!strcasecmpstart(v, "accept")) {
-      action = "accept ";
-      cp = v+strlen("accept");
-    } else if (!strcasecmpstart(v, "reject")) {
-      action = "reject ";
-      cp = v+strlen("reject");
-    } else if (assume_action >= 0) {
-      action = "";
-      cp = v;
-    } else {
-      log_warn(LD_CONFIG,"Policy '%s' didn't start with accept or reject.", v);
-      tor_free(pre);
-      return -1;
-    }
-    cp = eat_whitespace(cp);
-    if (strcmpstart(cp, "private"))
-      continue; /* No need to expand. */
-    cp += strlen("private");
-    cp = eat_whitespace(cp);
-    if (*cp && *cp != ':')
-      continue; /* It wasn't "private" after all. */
-    ports = cp;
-    /* Okay. We're going to replace entries[i] with a bunch of new entries,
-     * in order. */
-    smartlist_del_keeporder(entries, i);
-    for (prefix_idx = 0; prefixes[prefix_idx]; ++prefix_idx) {
-      size_t replacement_len = 16+strlen(prefixes[prefix_idx])+strlen(ports);
-      char *replacement = tor_malloc(replacement_len);
-      tor_snprintf(replacement, replacement_len, "%s%s%s",
-                   action, prefixes[prefix_idx], ports);
-      smartlist_insert(entries, i++, replacement);
-    }
-    tor_free(v);
-    expanded_any = 1;
-    --i;
-  }
-  post = smartlist_join_strings(entries,",",0,NULL);
-  if (expanded_any)
-    log_info(LD_CONFIG, "Expanded '%s' to '%s'", pre, post);
-  tor_free(pre);
-  tor_free(post);
-  return expanded_any;
-}
-
-/** Detect and excise "dead code" from the policy *<b>dest</b>. */
-static void
-config_exit_policy_remove_redundancies(addr_policy_t **dest)
-{
-  addr_policy_t *ap, *tmp, *victim, *previous;
-
-  /* Step one: find a *:* entry and cut off everything after it. */
-  for (ap=*dest; ap; ap=ap->next) {
-    if (ap->msk == 0 && ap->prt_min <= 1 && ap->prt_max >= 65535) {
-      /* This is a catch-all line -- later lines are unreachable. */
-      if (ap->next) {
-        addr_policy_free(ap->next);
-        ap->next = NULL;
-      }
-    }
-  }
-
-  /* Step two: for every entry, see if there's a redundant entry
-   * later on, and remove it. */
-  for (ap=*dest; ap; ap=ap->next) {
-    tmp=ap;
-    while (tmp) {
-      if (tmp->next && config_addr_policy_covers(ap, tmp->next)) {
-        log(LOG_INFO, LD_CONFIG, "Removing exit policy %s.  It is made "
-            "redundant by %s.", tmp->next->string, ap->string);
-        victim = tmp->next;
-        tmp->next = victim->next;
-        victim->next = NULL;
-        addr_policy_free(victim);
-      } else {
-        tmp=tmp->next;
-      }
-    }
-  }
-
-  /* Step three: for every entry A, see if there's an entry B making this one
-   * redundant later on.  This is the case if A and B are of the same type
-   * (accept/reject), A is a subset of B, and there is no other entry of
-   * different type in between those two that intersects with A.
-   *
-   * Anybody want to doublecheck the logic here? XXX
-   */
-  ap = *dest;
-  previous = NULL;
-  while (ap) {
-    for (tmp=ap->next; tmp; tmp=tmp->next) {
-      if (ap->policy_type != tmp->policy_type &&
-          config_addr_policy_intersects(ap, tmp)) {
-        tmp = NULL; /* so that we advance previous and ap */
-        break;
-      }
-      if (ap->policy_type == tmp->policy_type &&
-          config_addr_policy_covers(tmp, ap)) {
-        log(LOG_INFO, LD_CONFIG, "Removing exit policy %s.  It is made "
-            "redundant by %s.", ap->string, tmp->string);
-        victim = ap;
-        ap = ap->next;
-
-        if (previous) {
-          assert(previous->next == victim);
-          previous->next = victim->next;
-        } else {
-          assert(*dest == victim);
-          *dest = victim->next;
-        }
-
-        victim->next = NULL;
-        addr_policy_free(victim);
-        break;
-      }
-    }
-    if (!tmp) {
-      previous = ap;
-      ap = ap->next;
-    }
-  }
-}
-
-#define DEFAULT_EXIT_POLICY                                         \
-  "reject *:25,reject *:119,reject *:135-139,reject *:445,"         \
-  "reject *:465,reject *:587,reject *:1214,reject *:4661-4666,"     \
-  "reject *:6346-6429,reject *:6699,reject *:6881-6999,accept *:*"
-
-/** Parse the exit policy <b>cfg</b> into the linked list *<b>dest</b>. If
- * cfg doesn't end in an absolute accept or reject, add the default exit
- * policy afterwards. If <b>rejectprivate</b> is true, prepend
- * "reject private:*" to the policy. Return -1 if we can't parse cfg,
- * else return 0.
- *
- */
-int
-config_parse_exit_policy(config_line_t *cfg, addr_policy_t **dest,
-                         int rejectprivate)
-{
-  if (rejectprivate)
-    options_append_exit_policy_string(dest, "reject private:*");
-  if (config_parse_addr_policy(cfg, dest, -1))
-    return -1;
-  options_append_exit_policy_string(dest, DEFAULT_EXIT_POLICY);
-
-  config_exit_policy_remove_redundancies(dest);
-  return 0;
-}
-
-/**
- * Given a linked list of config lines containing "allow" and "deny" tokens,
- * parse them and append the result to <b>dest</b>.  Return -1 if any tokens
- * are malformed, else return 0.
- */
-int
-config_parse_addr_policy(config_line_t *cfg,
-                         addr_policy_t **dest,
-                         int assume_action)
-{
-  addr_policy_t **nextp;
-  smartlist_t *entries;
-  int r = 0;
-
-  if (!cfg)
-    return 0;
-
-  nextp = dest;
-
-  while (*nextp)
-    nextp = &((*nextp)->next);
-
-  entries = smartlist_create();
-  for (; cfg; cfg = cfg->next) {
-    smartlist_split_string(entries, cfg->value, ",",
-                           SPLIT_SKIP_SPACE|SPLIT_IGNORE_BLANK, 0);
-    if (config_expand_exit_policy_aliases(entries,assume_action)<0) {
-      r = -1;
-      continue;
-    }
-    SMARTLIST_FOREACH(entries, const char *, ent,
-    {
-      log_debug(LD_CONFIG,"Adding new entry '%s'",ent);
-      *nextp = router_parse_addr_policy_from_string(ent, assume_action);
-      if (*nextp) {
-        if (addr_mask_get_bits((*nextp)->msk)<0) {
-          log_warn(LD_CONFIG, "Address policy element '%s' can't be expressed "
-                   "as a bit prefix.", ent);
-        }
-        /* Advance nextp to the end of the policy. */
-        while (*nextp)
-          nextp = &((*nextp)->next);
-      } else {
-        log_warn(LD_CONFIG,"Malformed policy '%s'.", ent);
-        r = -1;
-      }
-    });
-    SMARTLIST_FOREACH(entries, char *, ent, tor_free(ent));
-    smartlist_clear(entries);
-  }
-  smartlist_free(entries);
-  return r;
-}
-
-/** Compare two provided address policy items, and return -1, 0, or 1
- * if the first is less than, equal to, or greater than the second. */
-static int
-config_cmp_single_addr_policy(addr_policy_t *a, addr_policy_t *b)
-{
-  int r;
-  if ((r=((int)a->policy_type - (int)b->policy_type)))
-    return r;
-  if ((r=((int)a->addr - (int)b->addr)))
-    return r;
-  if ((r=((int)a->msk - (int)b->msk)))
-    return r;
-  if ((r=((int)a->prt_min - (int)b->prt_min)))
-    return r;
-  if ((r=((int)a->prt_max - (int)b->prt_max)))
-    return r;
-  return 0;
-}
-
-/** Return true iff the address policy <b>a</b> covers every case that would be
- * covered by <b>b</b>, so that a,b is redundant. */
-static int
-config_addr_policy_covers(addr_policy_t *a, addr_policy_t *b)
-{
-
-  /* We can ignore accept/reject, since "accept *:80, reject *:80" reduces to
-   * "accept *:80". */
-  if (a->msk & ~b->msk) {
-    /* There's a wildcard bit in b->msk that's not a wildcard in a. */
-    return 0;
-  }
-  if ((a->addr & a->msk) != (b->addr & a->msk)) {
-    /* There's a fixed bit in a that's set differently in b. */
-    return 0;
-  }
-  return (a->prt_min <= b->prt_min && a->prt_max >= b->prt_max);
-}
-
-/** Return true iff the address policies <b>a</b> and <b>b</b> intersect, that
- * is, there exists an address/port that is covered by <b>a</b> that is also
- * covered by <b>b</b>.
- */
-static int
-config_addr_policy_intersects(addr_policy_t *a, addr_policy_t *b)
-{
-  /* All the bits we care about are those that are set in both
-   * netmasks.  If they are equal in a and b's networkaddresses
-   * then the networks intersect.  If there is a difference,
-   * then they do not. */
-  if (((a->addr ^ b->addr) & a->msk & b->msk) != 0)
-    return 0;
-  if (a->prt_max < b->prt_min || b->prt_max < a->prt_min)
-    return 0;
-  return 1;
-}
-
-/** Like config_cmp_single_addr_policy() above, but looks at the
- * whole set of policies in each case. */
-int
-config_cmp_addr_policies(addr_policy_t *a, addr_policy_t *b)
-{
-  int r;
-  while (a && b) {
-    if ((r=config_cmp_single_addr_policy(a,b)))
-      return r;
-    a = a->next;
-    b = b->next;
-  }
-  if (!a && !b)
-    return 0;
-  if (a)
-    return -1;
-  else
-    return 1;
-}
-
-/** Release all storage held by <b>p</b> */
-void
-addr_policy_free(addr_policy_t *p)
-{
-  addr_policy_t *e;
-
-  while (p) {
-    e = p;
-    p = p->next;
-    tor_free(e->string);
-    tor_free(e);
-  }
-}
-
 /** Parse a single RedirectExit line's contents from <b>line</b>.  If
  *  they are valid, and <b>result</b> is not NULL, add an element to
  *  <b>result</b> and return 0. Else if they are valid, return 0.
@@ -4333,6 +3874,7 @@ print_cvs_version(void)
   extern const char hibernate_c_id[];
   extern const char main_c_id[];
   extern const char onion_c_id[];
+  extern const char policies_c_id[];
   extern const char relay_c_id[];
   extern const char rendclient_c_id[];
   extern const char rendcommon_c_id[];
@@ -4381,6 +3923,7 @@ print_cvs_version(void)
   puts(hibernate_c_id);
   puts(main_c_id);
   puts(onion_c_id);
+  puts(policies_c_id);
   puts(relay_c_id);
   puts(rendclient_c_id);
   puts(rendcommon_c_id);

src/or/connection_edge.c

@@ -13,7 +13,6 @@ const char connection_edge_c_id[] =
 
 #include "or.h"
 
-static addr_policy_t *socks_policy = NULL;
 /* List of exit_redirect_t */
 static smartlist_t *redirect_exit_list = NULL;
 
@@ -1809,64 +1808,14 @@ connection_ap_can_use_exit(connection_t *conn, routerinfo_t *exit)
     addr_policy_result_t r;
     if (tor_inet_aton(conn->socks_request->address, &in))
       addr = ntohl(in.s_addr);
-    r = router_compare_addr_to_addr_policy(addr, conn->socks_request->port,
-                                           exit->exit_policy);
+    r = compare_addr_to_addr_policy(addr, conn->socks_request->port,
+                                    exit->exit_policy);
     if (r == ADDR_POLICY_REJECTED || r == ADDR_POLICY_PROBABLY_REJECTED)
       return 0;
   }
   return 1;
 }
 
-/** A helper function for socks_policy_permits_address() below.
- *
- * Parse options->SocksPolicy in the same way that the exit policy
- * is parsed, and put the processed version in socks_policy.
- * Ignore port specifiers.
- */
-void
-parse_socks_policy(void)
-{
-  addr_policy_t *n;
-  if (socks_policy) {
-    addr_policy_free(socks_policy);
-    socks_policy = NULL;
-  }
-  config_parse_addr_policy(get_options()->SocksPolicy, &socks_policy, -1);
-  /* ports aren't used. */
-  for (n=socks_policy; n; n = n->next) {
-    n->prt_min = 1;
-    n->prt_max = 65535;
-  }
-}
-
-/** Free all storage held by our SOCKS allow policy
- */
-void
-free_socks_policy(void)
-{
-  addr_policy_free(socks_policy);
-  socks_policy = NULL;
-}
-
-/** Return 1 if <b>addr</b> is permitted to connect to our socks port,
- * based on <b>socks_policy</b>. Else return 0.
- */
-int
-socks_policy_permits_address(uint32_t addr)
-{
-  int a;
-
-  if (!socks_policy) /* 'no socks policy' means 'accept' */
-    return 1;
-  a = router_compare_addr_to_addr_policy(addr, 1, socks_policy);
-  if (a==ADDR_POLICY_REJECTED)
-    return 0;
-  else if (a==ADDR_POLICY_ACCEPTED)
-    return 1;
-  log_warn(LD_BUG, "Bug: Got unexpected 'maybe' answer from socks policy");
-  return 0;
-}
-
 /** Make connection redirection follow the provided list of
  * exit_redirect_t */
 void

src/or/directory.c

@@ -54,60 +54,12 @@ static void note_request(const char *key, size_t bytes);
 
 /********* START VARIABLES **********/
 
-static addr_policy_t *dir_policy = NULL;
-
 /** How far in the future do we allow a directory server to tell us it is
  * before deciding that one of us has the wrong time? */
 #define ALLOW_DIRECTORY_TIME_SKEW (30*60)
 
 /********* END VARIABLES ************/
 
-/** Parse get_options()->DirPolicy, and put the processed version in
- * &dir_policy.  Ignore port specifiers.
- */
-void
-parse_dir_policy(void)
-{
-  addr_policy_t *n;
-  if (dir_policy) {
-    addr_policy_free(dir_policy);
-    dir_policy = NULL;
-  }
-  config_parse_addr_policy(get_options()->DirPolicy, &dir_policy, -1);
-  /* ports aren't used. */
-  for (n=dir_policy; n; n = n->next) {
-    n->prt_min = 1;
-    n->prt_max = 65535;
-  }
-}
-
-/** Free storage used to hold parsed directory policy */
-void
-free_dir_policy(void)
-{
-  addr_policy_free(dir_policy);
-  dir_policy = NULL;
-}
-
-/** Return 1 if <b>addr</b> is permitted to connect to our dir port,
- * based on <b>dir_policy</b>. Else return 0.
- */
-int
-dir_policy_permits_address(uint32_t addr)
-{
-  int a;
-
-  if (!dir_policy) /* 'no dir policy' means 'accept' */
-    return 1;
-  a = router_compare_addr_to_addr_policy(addr, 1, dir_policy);
-  if (a==ADDR_POLICY_REJECTED)
-    return 0;
-  else if (a==ADDR_POLICY_ACCEPTED)
-    return 1;
-  log_warn(LD_BUG, "Bug: got unexpected 'maybe' answer from dir policy");
-  return 0;
-}
-
 /** Return true iff the directory purpose 'purpose' must use an
  * anonymous connection to a directory. */
 static int

src/or/dirserv.c

@@ -41,7 +41,6 @@ static char *format_versions_list(config_line_t *ln);
 /* Should be static; exposed for testing */
 int add_fingerprint_to_dir(const char *nickname, const char *fp,
                            smartlist_t *list);
-static int router_is_general_exit(routerinfo_t *ri);
 static router_status_t dirserv_router_get_status(const routerinfo_t *router,
                                                  const char **msg);
 static router_status_t
@@ -55,40 +54,6 @@ static int dirserv_thinks_router_is_reachable(routerinfo_t *router,
 
 /************** Fingerprint handling code ************/
 
-static addr_policy_t *authdir_reject_policy = NULL;
-static addr_policy_t *authdir_invalid_policy = NULL;
-
-/** Parse authdir policy strings from the configuration.
- */
-void
-parse_authdir_policy(void)
-{
-  addr_policy_t *n;
-  if (authdir_reject_policy) {
-    addr_policy_free(authdir_reject_policy);
-    authdir_reject_policy = NULL;
-  }
-  config_parse_addr_policy(get_options()->AuthDirReject,
-                           &authdir_reject_policy, ADDR_POLICY_REJECT);
-  /* ports aren't used. */
-  for (n=authdir_reject_policy; n; n = n->next) {
-    n->prt_min = 1;
-    n->prt_max = 65535;
-  }
-
-  if (authdir_invalid_policy) {
-    addr_policy_free(authdir_invalid_policy);
-    authdir_invalid_policy = NULL;
-  }
-  config_parse_addr_policy(get_options()->AuthDirInvalid,
-                           &authdir_invalid_policy, ADDR_POLICY_REJECT);
-  /* ports aren't used. */
-  for (n=authdir_invalid_policy; n; n = n->next) {
-    n->prt_min = 1;
-    n->prt_max = 65535;
-  }
-}
-
 /** A member of fingerprint_list: maps a name to a fingerprint.
  **/
 typedef struct fingerprint_entry_t {
@@ -320,12 +285,7 @@ dirserv_get_status_impl(const char *fp, const char *nickname,
   }
 
   if (!nn_ent) { /* No such server known with that nickname */
-    addr_policy_result_t rej = router_compare_addr_to_addr_policy(
-                       addr, or_port, authdir_reject_policy);
-    addr_policy_result_t inv = router_compare_addr_to_addr_policy(
-                       addr, or_port, authdir_invalid_policy);
-
-    if (rej == ADDR_POLICY_PROBABLY_REJECTED || rej == ADDR_POLICY_REJECTED) {
+    if (!authdir_policy_permits_address(addr, or_port)) {
       if (should_log)
         log_info(LD_DIRSERV, "Rejecting '%s' because of address '%s'",
                  nickname, address);
@@ -333,7 +293,7 @@ dirserv_get_status_impl(const char *fp, const char *nickname,
         *msg = "Authdir is rejecting routers in this range.";
       return FP_REJECT;
     }
-    if (inv == ADDR_POLICY_PROBABLY_REJECTED || inv == ADDR_POLICY_REJECTED) {
+    if (!authdir_policy_valid_address(addr, or_port)) {
       if (should_log)
         log_info(LD_DIRSERV, "Not marking '%s' valid because of address '%s'",
                  nickname, address);
@@ -1203,33 +1163,6 @@ dirserv_get_runningrouters(const char **rr, int compress)
                          "v1 network status list", 1);
 }
 
-/** Return true iff <b>ri</b> is "useful as an exit node", meaning
- * it allows exit to at least one /8 address space for at least
- * one of ports 80, 443, and 6667. */
-static int
-router_is_general_exit(routerinfo_t *ri)
-{
-  static const int ports[] = { 80, 443, 6667 };
-  int n_allowed = 0;
-  int i;
-  for (i = 0; i < 3; ++i) {
-    struct addr_policy_t *policy = ri->exit_policy;
-    for ( ; policy; policy = policy->next) {
-      if (policy->prt_min > ports[i] || policy->prt_max < ports[i])
-        continue; /* Doesn't cover our port. */
-      if ((policy->msk & 0x00fffffful) != 0)
-        continue; /* Narrower than a /8. */
-      if ((policy->addr & 0xff000000ul) == 0x7f000000ul)
-        continue; /* 127.x */
-      /* We have a match that is at least a /8. */
-      if (policy->policy_type == ADDR_POLICY_ACCEPT)
-        ++n_allowed;
-      break;
-    }
-  }
-  return n_allowed > 0;
-}
-
 /** For authoritative directories: the current (v2) network status */
 static cached_dir_t the_v2_networkstatus = { NULL, NULL, 0, 0, 0 };
 
@@ -1416,7 +1349,7 @@ generate_v2_networkstatus(void)
 
   SMARTLIST_FOREACH(rl->routers, routerinfo_t *, ri, {
     if (ri->cache_info.published_on >= cutoff) {
-      int f_exit = router_is_general_exit(ri);
+      int f_exit = exit_policy_is_general_exit(ri->exit_policy);
       int f_stable = ri->is_stable =
                      !dirserv_thinks_router_is_unreliable(ri, 1, 0);
       int f_fast = ri->is_fast =
@@ -1721,10 +1654,6 @@ dirserv_free_all(void)
     smartlist_free(fingerprint_list);
     fingerprint_list = NULL;
   }
-  if (authdir_reject_policy)
-    addr_policy_free(authdir_reject_policy);
-  if (authdir_invalid_policy)
-    addr_policy_free(authdir_invalid_policy);
   clear_cached_dir(&the_directory);
   clear_cached_dir(&the_runningrouters);
   clear_cached_dir(&the_v2_networkstatus);

src/or/main.c

@@ -1531,8 +1531,6 @@ tor_free_all(int postfork)
   routerlist_free_all();
   addressmap_free_all();
   set_exit_redirects(NULL); /* free the registered exit redirects */
-  free_socks_policy();
-  free_dir_policy();
   dirserv_free_all();
   rend_service_free_all();
   rend_cache_free_all();
@@ -1542,6 +1540,7 @@ tor_free_all(int postfork)
   circuit_free_all();
   entry_guards_free_all();
   connection_free_all();
+  policies_free_all();
   if (!postfork) {
     config_free_all();
     router_free_all();

src/or/or.h

@@ -1621,13 +1621,6 @@ int resolve_my_address(or_options_t *options, uint32_t *addr,
 void options_init(or_options_t *options);
 int options_init_from_torrc(int argc, char **argv);
 int options_init_logs(or_options_t *options, int validate_only);
-int config_parse_exit_policy(config_line_t *cfg,
-                             addr_policy_t **dest,
-                             int rejectprivate);
-int config_parse_addr_policy(config_line_t *cfg,
-                             addr_policy_t **dest,
-                             int assume_action);
-int config_cmp_addr_policies(addr_policy_t *a, addr_policy_t *b);
 void addr_policy_free(addr_policy_t *p);
 int option_is_recognized(const char *key);
 const char *option_get_canonical_name(const char *key);
@@ -1643,10 +1636,6 @@ int or_state_save(void);
 
 int config_getinfo_helper(const char *question, char **answer);
 
-int firewall_is_fascist_or(void);
-int fascist_firewall_allows_address_or(uint32_t addr, uint16_t port);
-int fascist_firewall_allows_address_dir(uint32_t addr, uint16_t port);
-
 /********************************* connection.c ***************************/
 
 const char *conn_type_to_string(int type);
@@ -1768,10 +1757,6 @@ void addressmap_get_mappings(smartlist_t *sl, time_t min_expires,
 int connection_ap_handshake_rewrite_and_attach(connection_t *conn,
                                                circuit_t *circ);
 
-void parse_socks_policy(void);
-void free_socks_policy(void);
-int socks_policy_permits_address(uint32_t addr);
-
 void set_exit_redirects(smartlist_t *lst);
 typedef enum hostname_type_t {
   NORMAL_HOSTNAME, ONION_HOSTNAME, EXIT_HOSTNAME, BAD_HOSTNAME
@@ -1888,7 +1873,6 @@ int assign_to_cpuworker(connection_t *cpuworker, uint8_t question_type,
 
 /********************************* directory.c ***************************/
 
-int dir_policy_permits_address(uint32_t addr);
 void directory_post_to_dirservers(uint8_t purpose, const char *payload,
                                   size_t payload_len);
 void directory_get_from_dirserver(uint8_t purpose, const char *resource,
@@ -1913,8 +1897,6 @@ int connection_dir_process_inbuf(connection_t *conn);
 int connection_dir_finished_flushing(connection_t *conn);
 int connection_dir_finished_connecting(connection_t *conn);
 void connection_dir_request_failed(connection_t *conn);
-void parse_dir_policy(void);
-void free_dir_policy(void);
 int dir_split_resource_into_fingerprints(const char *resource,
                                     smartlist_t *fp_out, int *compresseed_out,
                                     int decode_hex);
@@ -1922,7 +1904,6 @@ char *directory_dump_request_log(void);
 
 /********************************* dirserv.c ***************************/
 
-void parse_authdir_policy(void);
 int dirserv_add_own_fingerprint(const char *nickname, crypto_pk_env_t *pk);
 int dirserv_parse_fingerprint_file(const char *fname);
 void dirserv_free_fingerprint_list(void);
@@ -2047,6 +2028,37 @@ int fast_client_handshake(const char *handshake_state,
 
 void clear_pending_onions(void);
 
+/********************************* policies.c ************************/
+
+typedef enum {
+  ADDR_POLICY_ACCEPTED=0,
+  ADDR_POLICY_REJECTED=-1,
+  ADDR_POLICY_PROBABLY_ACCEPTED=1,
+  ADDR_POLICY_PROBABLY_REJECTED=2
+} addr_policy_result_t;
+
+int firewall_is_fascist_or(void);
+int fascist_firewall_allows_address_or(uint32_t addr, uint16_t port);
+int fascist_firewall_allows_address_dir(uint32_t addr, uint16_t port);
+int dir_policy_permits_address(uint32_t addr);
+int socks_policy_permits_address(uint32_t addr);
+int authdir_policy_permits_address(uint32_t addr, uint16_t port);
+int authdir_policy_valid_address(uint32_t addr, uint16_t port);
+
+int validate_addr_policies(or_options_t *options, char **msg);
+void policies_parse_from_options(or_options_t *options);
+
+int cmp_addr_policies(addr_policy_t *a, addr_policy_t *b);
+addr_policy_result_t compare_addr_to_addr_policy(uint32_t addr,
+                              uint16_t port, addr_policy_t *policy);
+int policies_parse_exit_policy(config_line_t *cfg,
+                               addr_policy_t **dest,
+                               int rejectprivate);
+int exit_policy_is_general_exit(addr_policy_t *policy);
+
+void addr_policy_free(addr_policy_t *p);
+void policies_free_all(void);
+
 /********************************* relay.c ***************************/
 
 extern uint64_t stats_n_relay_cells_relayed;
@@ -2205,12 +2217,6 @@ int rend_mid_rendezvous(circuit_t *circ, const char *request,
                         size_t request_len);
 
 /********************************* router.c ***************************/
-typedef enum {
-  ADDR_POLICY_ACCEPTED=0,
-  ADDR_POLICY_REJECTED=-1,
-  ADDR_POLICY_PROBABLY_ACCEPTED=1,
-  ADDR_POLICY_PROBABLY_REJECTED=2
-} addr_policy_result_t;
 
 void set_onion_key(crypto_pk_env_t *k);
 crypto_pk_env_t *get_onion_key(void);
@@ -2347,13 +2353,11 @@ typedef enum {
 int router_set_networkstatus(const char *s, time_t arrived_at,
                              networkstatus_source_t source,
                              smartlist_t *requested_fingerprints);
-addr_policy_result_t router_compare_addr_to_addr_policy(uint32_t addr,
-                              uint16_t port, addr_policy_t *policy);
 
 int router_exit_policy_all_routers_reject(uint32_t addr, uint16_t port,
                                           int need_uptime);
-
 int router_exit_policy_rejects_all(routerinfo_t *router);
+
 void add_trusted_dir_server(const char *nickname,
                             const char *address, uint16_t port,
                             const char *digest, int supports_v1);

src/or/policies.c

@@ -0,0 +1,661 @@
+/* Copyright (c) 2001-2004, Roger Dingledine.
+ * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson. */
+/* See LICENSE for licensing information */
+/* $Id$ */
+const char policies_c_id[] = \
+  "$Id$";
+
+/**
+ * \file policies.c
+ * \brief Code to parse and use address policies and exit policies.
+ **/
+
+#include "or.h"
+
+static int expand_exit_policy_aliases(smartlist_t *entries, int assume_action);
+
+static addr_policy_t *socks_policy = NULL;
+static addr_policy_t *dir_policy = NULL;
+static addr_policy_t *authdir_reject_policy = NULL;
+static addr_policy_t *authdir_invalid_policy = NULL;
+
+/** Parsed addr_policy_t describing which addresses we believe we can start
+ * circuits at. */
+static addr_policy_t *reachable_or_addr_policy = NULL;
+/** Parsed addr_policy_t describing which addresses we believe we can connect
+ * to directories at. */
+static addr_policy_t *reachable_dir_addr_policy = NULL;
+
+/**
+ * Given a linked list of config lines containing "allow" and "deny"
+ * tokens, parse them and append the result to <b>dest</b>. Return -1
+ * if any tokens are malformed, else return 0.
+ */
+static int
+parse_addr_policy(config_line_t *cfg, addr_policy_t **dest,
+                  int assume_action)
+{
+  addr_policy_t **nextp;
+  smartlist_t *entries;
+  int r = 0;
+
+  if (!cfg)
+    return 0;
+
+  nextp = dest;
+
+  while (*nextp)
+    nextp = &((*nextp)->next);
+
+  entries = smartlist_create();
+  for (; cfg; cfg = cfg->next) {
+    smartlist_split_string(entries, cfg->value, ",",
+                           SPLIT_SKIP_SPACE|SPLIT_IGNORE_BLANK, 0);
+    if (expand_exit_policy_aliases(entries,assume_action)<0) {
+      r = -1;
+      continue;
+    }
+    SMARTLIST_FOREACH(entries, const char *, ent,
+    {
+      log_debug(LD_CONFIG,"Adding new entry '%s'",ent);
+      *nextp = router_parse_addr_policy_from_string(ent, assume_action);
+      if (*nextp) {
+        if (addr_mask_get_bits((*nextp)->msk)<0) {
+          log_warn(LD_CONFIG, "Address policy element '%s' can't be expressed "
+                   "as a bit prefix.", ent);
+        }
+        /* Advance nextp to the end of the policy. */
+        while (*nextp)
+          nextp = &((*nextp)->next);
+      } else {
+        log_warn(LD_CONFIG,"Malformed policy '%s'.", ent);
+        r = -1;
+      }
+    });
+    SMARTLIST_FOREACH(entries, char *, ent, tor_free(ent));
+    smartlist_clear(entries);
+  }
+  smartlist_free(entries);
+  return r;
+}
+
+/** Helper: parse the Reachable(Dir|OR)?Addresses fields into
+ * reachable_(or|dir)_addr_policy. */
+static void
+parse_reachable_addresses(void)
+{
+  or_options_t *options = get_options();
+
+  if (options->ReachableDirAddresses &&
+      options->ReachableORAddresses &&
+      options->ReachableAddresses) {
+    log_warn(LD_CONFIG,
+             "Both ReachableDirAddresses and ReachableORAddresses are set. "
+             "ReachableAddresses setting will be ignored.");
+  }
+  addr_policy_free(reachable_or_addr_policy);
+  reachable_or_addr_policy = NULL;
+  if (!options->ReachableORAddresses && options->ReachableAddresses)
+    log_info(LD_CONFIG,
+             "Using ReachableAddresses as ReachableORAddresses.");
+  if (parse_addr_policy(options->ReachableORAddresses ?
+                          options->ReachableORAddresses :
+                          options->ReachableAddresses,
+                        &reachable_or_addr_policy, ADDR_POLICY_ACCEPT)) {
+    log_warn(LD_CONFIG,
+             "Error parsing Reachable%sAddresses entry; ignoring.",
+             options->ReachableORAddresses ? "OR" : "");
+  }
+
+  addr_policy_free(reachable_dir_addr_policy);
+  reachable_dir_addr_policy = NULL;
+  if (!options->ReachableDirAddresses && options->ReachableAddresses)
+    log_info(LD_CONFIG,
+             "Using ReachableAddresses as ReachableDirAddresses");
+  if (parse_addr_policy(options->ReachableDirAddresses ?
+                          options->ReachableDirAddresses :
+                          options->ReachableAddresses,
+                        &reachable_dir_addr_policy, ADDR_POLICY_ACCEPT)) {
+    if (options->ReachableDirAddresses)
+      log_warn(LD_CONFIG,
+               "Error parsing ReachableDirAddresses entry; ignoring.");
+  }
+}
+
+/** Return true iff the firewall options might block any address:port
+ * combination.
+ */
+int
+firewall_is_fascist_or(void)
+{
+  return !!reachable_or_addr_policy;
+}
+
+/** Return true iff <b>policy</b> (possibly NULL) will allow a
+ * connection to <b>addr</b>:<b>port</b>.
+ */
+static int
+addr_policy_permits_address(uint32_t addr, uint16_t port,
+                            addr_policy_t *policy)
+{
+  addr_policy_result_t p;
+  p = compare_addr_to_addr_policy(addr, port, policy);
+  switch (p) {
+    case ADDR_POLICY_PROBABLY_ACCEPTED:
+    case ADDR_POLICY_ACCEPTED:
+      return 1;
+    case ADDR_POLICY_PROBABLY_REJECTED:
+    case ADDR_POLICY_REJECTED:
+      return 0;
+    default:
+      log_warn(LD_BUG, "Unexpected result: %d", (int)p);
+      return 0;
+  }
+}
+
+int
+fascist_firewall_allows_address_or(uint32_t addr, uint16_t port)
+{
+  return addr_policy_permits_address(addr, port,
+                                     reachable_or_addr_policy);
+}
+
+int
+fascist_firewall_allows_address_dir(uint32_t addr, uint16_t port)
+{
+  return addr_policy_permits_address(addr, port,
+                                     reachable_dir_addr_policy);
+}
+
+/** Return 1 if <b>addr</b> is permitted to connect to our dir port,
+ * based on <b>dir_policy</b>. Else return 0.
+ */
+int
+dir_policy_permits_address(uint32_t addr)
+{
+  return addr_policy_permits_address(addr, 1, dir_policy);
+}
+
+/** Return 1 if <b>addr</b> is permitted to connect to our socks port,
+ * based on <b>socks_policy</b>. Else return 0.
+ */
+int
+socks_policy_permits_address(uint32_t addr)
+{
+  return addr_policy_permits_address(addr, 1, socks_policy);
+}
+
+/** Return 1 if <b>addr</b>:<b>port</b> is permitted to publish to our
+ * directory, based on <b>authdir_reject_policy</b>. Else return 0.
+ */
+int
+authdir_policy_permits_address(uint32_t addr, uint16_t port)
+{
+  return addr_policy_permits_address(addr, port, authdir_reject_policy);
+}
+
+/** Return 1 if <b>addr</b>:<b>port</b> is considered valid in our
+ * directory, based on <b>authdir_invalid_policy</b>. Else return 0.
+ */
+int
+authdir_policy_valid_address(uint32_t addr, uint16_t port)
+{
+  return addr_policy_permits_address(addr, port, authdir_invalid_policy);
+}
+
+#define REJECT(arg) \
+  do { *msg = tor_strdup(arg); goto err; } while (0)
+int
+validate_addr_policies(or_options_t *options, char **msg)
+{
+  addr_policy_t *addr_policy=NULL;
+  *msg = NULL;
+
+  if (policies_parse_exit_policy(options->ExitPolicy, &addr_policy,
+                                 options->ExitPolicyRejectPrivate))
+    REJECT("Error in ExitPolicy entry.");
+
+  /* The rest of these calls *append* to addr_policy. So don't actually
+   * use the results for anything other than checking if they parse! */
+  if (parse_addr_policy(options->DirPolicy, &addr_policy, -1))
+    REJECT("Error in DirPolicy entry.");
+  if (parse_addr_policy(options->SocksPolicy, &addr_policy, -1))
+    REJECT("Error in SocksPolicy entry.");
+  if (parse_addr_policy(options->ReachableAddresses, &addr_policy,
+                        ADDR_POLICY_ACCEPT))
+    REJECT("Error in ReachableAddresses entry.");
+  if (parse_addr_policy(options->ReachableORAddresses, &addr_policy,
+                        ADDR_POLICY_ACCEPT))
+    REJECT("Error in ReachableORAddresses entry.");
+  if (parse_addr_policy(options->ReachableDirAddresses, &addr_policy,
+                        ADDR_POLICY_ACCEPT))
+    REJECT("Error in ReachableDirAddresses entry.");
+  if (parse_addr_policy(options->AuthDirReject, &addr_policy,
+                        ADDR_POLICY_REJECT))
+    REJECT("Error in AuthDirReject entry.");
+  if (parse_addr_policy(options->AuthDirInvalid, &addr_policy,
+                        ADDR_POLICY_REJECT))
+    REJECT("Error in AuthDirInvalid entry.");
+
+err:
+  addr_policy_free(addr_policy);
+  return *msg ? -1 : 0;
+#undef REJECT
+}
+
+/* Parse <b>string</b> in the same way that the exit policy
+ * is parsed, and put the processed version in *<b>policy</b>.
+ * Ignore port specifiers.
+ */
+static void
+load_policy_from_option(config_line_t *config, addr_policy_t **policy,
+                        int assume_action)
+{
+  addr_policy_t *n;
+  addr_policy_free(*policy);
+  *policy = NULL;
+  parse_addr_policy(config, policy, assume_action);
+  /* ports aren't used. */
+  for (n=*policy; n; n = n->next) {
+    n->prt_min = 1;
+    n->prt_max = 65535;
+  }
+}
+
+void policies_parse_from_options(or_options_t *options)
+{
+  load_policy_from_option(options->SocksPolicy, &socks_policy, -1);
+  load_policy_from_option(options->DirPolicy, &dir_policy, -1);
+  load_policy_from_option(options->AuthDirReject,
+                          &authdir_reject_policy, ADDR_POLICY_REJECT);
+  load_policy_from_option(options->AuthDirInvalid,
+                          &authdir_invalid_policy, ADDR_POLICY_REJECT);
+  parse_reachable_addresses();
+}
+
+
+/** Compare two provided address policy items, and return -1, 0, or 1
+ * if the first is less than, equal to, or greater than the second. */
+static int
+cmp_single_addr_policy(addr_policy_t *a, addr_policy_t *b)
+{
+  int r;
+  if ((r=((int)a->policy_type - (int)b->policy_type)))
+    return r;
+  if ((r=((int)a->addr - (int)b->addr)))
+    return r;
+  if ((r=((int)a->msk - (int)b->msk)))
+    return r;
+  if ((r=((int)a->prt_min - (int)b->prt_min)))
+    return r;
+  if ((r=((int)a->prt_max - (int)b->prt_max)))
+    return r;
+  return 0;
+}
+
+/** Like cmp_single_addr_policy() above, but looks at the
+ * whole set of policies in each case. */
+int
+cmp_addr_policies(addr_policy_t *a, addr_policy_t *b)
+{
+  int r;
+  while (a && b) {
+    if ((r=cmp_single_addr_policy(a,b)))
+      return r;
+    a = a->next;
+    b = b->next;
+  }
+  if (!a && !b)
+    return 0;
+  if (a)
+    return -1;
+  else
+    return 1;
+}
+
+/** Decide whether a given addr:port is definitely accepted,
+ * definitely rejected, probably accepted, or probably rejected by a
+ * given policy.  If <b>addr</b> is 0, we don't know the IP of the
+ * target address. If <b>port</b> is 0, we don't know the port of the
+ * target address.
+ *
+ * For now, the algorithm is pretty simple: we look for definite and
+ * uncertain matches.  The first definite match is what we guess; if
+ * it was preceded by no uncertain matches of the opposite policy,
+ * then the guess is definite; otherwise it is probable.  (If we
+ * have a known addr and port, all matches are definite; if we have an
+ * unknown addr/port, any address/port ranges other than "all" are
+ * uncertain.)
+ *
+ * We could do better by assuming that some ranges never match typical
+ * addresses (127.0.0.1, and so on).  But we'll try this for now.
+ */
+addr_policy_result_t
+compare_addr_to_addr_policy(uint32_t addr, uint16_t port,
+                            addr_policy_t *policy)
+{
+  int maybe_reject = 0;
+  int maybe_accept = 0;
+  int match = 0;
+  int maybe = 0;
+  addr_policy_t *tmpe;
+
+  for (tmpe=policy; tmpe; tmpe=tmpe->next) {
+    maybe = 0;
+    if (!addr) {
+      /* Address is unknown. */
+      if ((port >= tmpe->prt_min && port <= tmpe->prt_max) ||
+           (!port && tmpe->prt_min<=1 && tmpe->prt_max>=65535)) {
+        /* The port definitely matches. */
+        if (tmpe->msk == 0) {
+          match = 1;
+        } else {
+          maybe = 1;
+        }
+      } else if (!port) {
+        /* The port maybe matches. */
+        maybe = 1;
+      }
+    } else {
+      /* Address is known */
+      if ((addr & tmpe->msk) == (tmpe->addr & tmpe->msk)) {
+        if (port >= tmpe->prt_min && port <= tmpe->prt_max) {
+          /* Exact match for the policy */
+          match = 1;
+        } else if (!port) {
+          maybe = 1;
+        }
+      }
+    }
+    if (maybe) {
+      if (tmpe->policy_type == ADDR_POLICY_REJECT)
+        maybe_reject = 1;
+      else
+        maybe_accept = 1;
+    }
+    if (match) {
+      if (tmpe->policy_type == ADDR_POLICY_ACCEPT) {
+        /* If we already hit a clause that might trigger a 'reject', than we
+         * can't be sure of this certain 'accept'.*/
+        return maybe_reject ? ADDR_POLICY_PROBABLY_ACCEPTED :
+                              ADDR_POLICY_ACCEPTED;
+      } else {
+        return maybe_accept ? ADDR_POLICY_PROBABLY_REJECTED :
+                              ADDR_POLICY_REJECTED;
+      }
+    }
+  }
+  /* accept all by default. */
+  return maybe_reject ? ADDR_POLICY_PROBABLY_ACCEPTED : ADDR_POLICY_ACCEPTED;
+}
+
+/** Return true iff the address policy <b>a</b> covers every case that
+ * would be covered by <b>b</b>, so that a,b is redundant. */
+static int
+addr_policy_covers(addr_policy_t *a, addr_policy_t *b)
+{
+  /* We can ignore accept/reject, since "accept *:80, reject *:80" reduces
+   * to "accept *:80". */
+  if (a->msk & ~b->msk) {
+    /* There's a wildcard bit in b->msk that's not a wildcard in a. */
+    return 0;
+  }
+  if ((a->addr & a->msk) != (b->addr & a->msk)) {
+    /* There's a fixed bit in a that's set differently in b. */
+    return 0;
+  }
+  return (a->prt_min <= b->prt_min && a->prt_max >= b->prt_max);
+}
+
+/** Return true iff the address policies <b>a</b> and <b>b</b> intersect,
+ * that is, there exists an address/port that is covered by <b>a</b> that
+ * is also covered by <b>b</b>.
+ */
+static int
+addr_policy_intersects(addr_policy_t *a, addr_policy_t *b)
+{
+  /* All the bits we care about are those that are set in both
+   * netmasks.  If they are equal in a and b's networkaddresses
+   * then the networks intersect.  If there is a difference,
+   * then they do not. */
+  if (((a->addr ^ b->addr) & a->msk & b->msk) != 0)
+    return 0;
+  if (a->prt_max < b->prt_min || b->prt_max < a->prt_min)
+    return 0;
+  return 1;
+}
+
+/** Add the exit policy described by <b>more</b> to <b>policy</b>.
+ */
+static void
+append_exit_policy_string(addr_policy_t **policy, const char *more)
+{
+  config_line_t tmp;
+
+  tmp.key = NULL;
+  tmp.value = (char*) more;
+  tmp.next = NULL;
+  parse_addr_policy(&tmp, policy, -1);
+}
+
+static int
+expand_exit_policy_aliases(smartlist_t *entries, int assume_action)
+{
+  static const char *prefixes[] = {
+    "0.0.0.0/8", "169.254.0.0/16",
+    "127.0.0.0/8", "192.168.0.0/16", "10.0.0.0/8", "172.16.0.0/12",NULL };
+  int i;
+  char *pre=NULL, *post=NULL;
+  int expanded_any = 0;
+  pre = smartlist_join_strings(entries,",",0,NULL);
+  for (i = 0; i < smartlist_len(entries); ++i) {
+    char *v = smartlist_get(entries, i);
+    const char *cp, *ports;
+    const char *action;
+    int prefix_idx;
+    if (!strcasecmpstart(v, "accept")) {
+      action = "accept ";
+      cp = v+strlen("accept");
+    } else if (!strcasecmpstart(v, "reject")) {
+      action = "reject ";
+      cp = v+strlen("reject");
+    } else if (assume_action >= 0) {
+      action = "";
+      cp = v;
+    } else {
+      log_warn(LD_CONFIG,"Policy '%s' didn't start with accept or reject.", v);
+      tor_free(pre);
+      return -1;
+    }
+    cp = eat_whitespace(cp);
+    if (strcmpstart(cp, "private"))
+      continue; /* No need to expand. */
+    cp += strlen("private");
+    cp = eat_whitespace(cp);
+    if (*cp && *cp != ':')
+      continue; /* It wasn't "private" after all. */
+    ports = cp;
+    /* Okay. We're going to replace entries[i] with a bunch of new entries,
+     * in order. */
+    smartlist_del_keeporder(entries, i);
+    for (prefix_idx = 0; prefixes[prefix_idx]; ++prefix_idx) {
+      size_t replacement_len = 16+strlen(prefixes[prefix_idx])+strlen(ports);
+      char *replacement = tor_malloc(replacement_len);
+      tor_snprintf(replacement, replacement_len, "%s%s%s",
+                   action, prefixes[prefix_idx], ports);
+      smartlist_insert(entries, i++, replacement);
+    }
+    tor_free(v);
+    expanded_any = 1;
+    --i;
+  }
+  post = smartlist_join_strings(entries,",",0,NULL);
+  if (expanded_any)
+    log_info(LD_CONFIG, "Expanded '%s' to '%s'", pre, post);
+  tor_free(pre);
+  tor_free(post);
+  return expanded_any;
+}
+
+/** Detect and excise "dead code" from the policy *<b>dest</b>. */
+static void
+exit_policy_remove_redundancies(addr_policy_t **dest)
+{
+  addr_policy_t *ap, *tmp, *victim, *previous;
+
+  /* Step one: find a *:* entry and cut off everything after it. */
+  for (ap=*dest; ap; ap=ap->next) {
+    if (ap->msk == 0 && ap->prt_min <= 1 && ap->prt_max >= 65535) {
+      /* This is a catch-all line -- later lines are unreachable. */
+      if (ap->next) {
+        addr_policy_free(ap->next);
+        ap->next = NULL;
+      }
+    }
+  }
+
+  /* Step two: for every entry, see if there's a redundant entry
+   * later on, and remove it. */
+  for (ap=*dest; ap; ap=ap->next) {
+    tmp=ap;
+    while (tmp) {
+      if (tmp->next && addr_policy_covers(ap, tmp->next)) {
+        log(LOG_INFO, LD_CONFIG, "Removing exit policy %s.  It is made "
+            "redundant by %s.", tmp->next->string, ap->string);
+        victim = tmp->next;
+        tmp->next = victim->next;
+        victim->next = NULL;
+        addr_policy_free(victim);
+      } else {
+        tmp=tmp->next;
+      }
+    }
+  }
+
+  /* Step three: for every entry A, see if there's an entry B making this one
+   * redundant later on.  This is the case if A and B are of the same type
+   * (accept/reject), A is a subset of B, and there is no other entry of
+   * different type in between those two that intersects with A.
+   *
+   * Anybody want to doublecheck the logic here? XXX
+   */
+  ap = *dest;
+  previous = NULL;
+  while (ap) {
+    for (tmp=ap->next; tmp; tmp=tmp->next) {
+      if (ap->policy_type != tmp->policy_type &&
+          addr_policy_intersects(ap, tmp)) {
+        tmp = NULL; /* so that we advance previous and ap */
+        break;
+      }
+      if (ap->policy_type == tmp->policy_type &&
+          addr_policy_covers(tmp, ap)) {
+        log(LOG_INFO, LD_CONFIG, "Removing exit policy %s.  It is made "
+            "redundant by %s.", ap->string, tmp->string);
+        victim = ap;
+        ap = ap->next;
+
+        if (previous) {
+          assert(previous->next == victim);
+          previous->next = victim->next;
+        } else {
+          assert(*dest == victim);
+          *dest = victim->next;
+        }
+
+        victim->next = NULL;
+        addr_policy_free(victim);
+        break;
+      }
+    }
+    if (!tmp) {
+      previous = ap;
+      ap = ap->next;
+    }
+  }
+}
+
+#define DEFAULT_EXIT_POLICY                                         \
+  "reject *:25,reject *:119,reject *:135-139,reject *:445,"         \
+  "reject *:465,reject *:587,reject *:1214,reject *:4661-4666,"     \
+  "reject *:6346-6429,reject *:6699,reject *:6881-6999,accept *:*"
+
+/** Parse the exit policy <b>cfg</b> into the linked list *<b>dest</b>. If
+ * cfg doesn't end in an absolute accept or reject, add the default exit
+ * policy afterwards. If <b>rejectprivate</b> is true, prepend
+ * "reject private:*" to the policy. Return -1 if we can't parse cfg,
+ * else return 0.
+ *
+ */
+int
+policies_parse_exit_policy(config_line_t *cfg, addr_policy_t **dest,
+                           int rejectprivate)
+{
+  if (rejectprivate)
+    append_exit_policy_string(dest, "reject private:*");
+  if (parse_addr_policy(cfg, dest, -1))
+    return -1;
+  append_exit_policy_string(dest, DEFAULT_EXIT_POLICY);
+
+  exit_policy_remove_redundancies(dest);
+  return 0;
+}
+
+/** Return true iff <b>ri</b> is "useful as an exit node", meaning
+ * it allows exit to at least one /8 address space for at least
+ * one of ports 80, 443, and 6667. */
+int
+exit_policy_is_general_exit(addr_policy_t *policy)
+{
+  static const int ports[] = { 80, 443, 6667 };
+  int n_allowed = 0;
+  int i;
+  for (i = 0; i < 3; ++i) {
+    struct addr_policy_t *p = policy;
+    for ( ; p; p = p->next) {
+      if (p->prt_min > ports[i] || p->prt_max < ports[i])
+        continue; /* Doesn't cover our port. */
+      if ((p->msk & 0x00fffffful) != 0)
+        continue; /* Narrower than a /8. */
+      if ((p->addr & 0xff000000ul) == 0x7f000000ul)
+        continue; /* 127.x */
+      /* We have a match that is at least a /8. */
+      if (p->policy_type == ADDR_POLICY_ACCEPT)
+        ++n_allowed;
+      break;
+    }
+  }
+  return n_allowed > 0;
+}
+
+/** Release all storage held by <b>p</b> */
+void
+addr_policy_free(addr_policy_t *p)
+{
+  addr_policy_t *e;
+
+  while (p) {
+    e = p;
+    p = p->next;
+    tor_free(e->string);
+    tor_free(e);
+  }
+}
+
+void
+policies_free_all(void)
+{
+  addr_policy_free(reachable_or_addr_policy);
+  reachable_or_addr_policy = NULL;
+  addr_policy_free(reachable_dir_addr_policy);
+  reachable_dir_addr_policy = NULL;
+  addr_policy_free(socks_policy);
+  socks_policy = NULL;
+  addr_policy_free(dir_policy);
+  dir_policy = NULL;
+  addr_policy_free(authdir_reject_policy);
+  authdir_reject_policy = NULL;
+  addr_policy_free(authdir_invalid_policy);
+  authdir_invalid_policy = NULL;
+}
+

src/or/router.c

@@ -722,7 +722,7 @@ router_compare_to_my_exit_policy(connection_t *conn)
   if (!conn->addr)
     return -1;
 
-  return router_compare_addr_to_addr_policy(conn->addr, conn->port,
+  return compare_addr_to_addr_policy(conn->addr, conn->port,
                    desc_routerinfo->exit_policy) != ADDR_POLICY_ACCEPTED;
 }
 
@@ -835,8 +835,8 @@ router_rebuild_descriptor(int force)
   if (options->BandwidthRate > options->MaxAdvertisedBandwidth)
     ri->bandwidthrate = (int)options->MaxAdvertisedBandwidth;
 
-  config_parse_exit_policy(options->ExitPolicy, &ri->exit_policy,
-                           options->ExitPolicyRejectPrivate);
+  policies_parse_exit_policy(options->ExitPolicy, &ri->exit_policy,
+                             options->ExitPolicyRejectPrivate);
 
   if (desc_routerinfo) { /* inherit values */
     ri->is_valid = desc_routerinfo->is_valid;

src/or/routerlist.c

@@ -707,7 +707,7 @@ router_find_exact_exit_enclave(const char *address, uint16_t port)
   {
     if (router->is_running &&
         router->addr == addr &&
-        router_compare_addr_to_addr_policy(addr, port, router->exit_policy) ==
+        compare_addr_to_addr_policy(addr, port, router->exit_policy) ==
           ADDR_POLICY_ACCEPTED)
       return router;
   });
@@ -2403,82 +2403,6 @@ update_networkstatus_downloads(time_t now)
       update_networkstatus_client_downloads(time(NULL));
 }
 
-/** Decide whether a given addr:port is definitely accepted,
- * definitely rejected, probably accepted, or probably rejected by a
- * given policy.  If <b>addr</b> is 0, we don't know the IP of the
- * target address. If <b>port</b> is 0, we don't know the port of the
- * target address.
- *
- * For now, the algorithm is pretty simple: we look for definite and
- * uncertain matches.  The first definite match is what we guess; if
- * it was preceded by no uncertain matches of the opposite policy,
- * then the guess is definite; otherwise it is probable.  (If we
- * have a known addr and port, all matches are definite; if we have an
- * unknown addr/port, any address/port ranges other than "all" are
- * uncertain.)
- *
- * We could do better by assuming that some ranges never match typical
- * addresses (127.0.0.1, and so on).  But we'll try this for now.
- */
-addr_policy_result_t
-router_compare_addr_to_addr_policy(uint32_t addr, uint16_t port,
-                                   addr_policy_t *policy)
-{
-  int maybe_reject = 0;
-  int maybe_accept = 0;
-  int match = 0;
-  int maybe = 0;
-  addr_policy_t *tmpe;
-
-  for (tmpe=policy; tmpe; tmpe=tmpe->next) {
-    maybe = 0;
-    if (!addr) {
-      /* Address is unknown. */
-      if ((port >= tmpe->prt_min && port <= tmpe->prt_max) ||
-           (!port && tmpe->prt_min<=1 && tmpe->prt_max>=65535)) {
-        /* The port definitely matches. */
-        if (tmpe->msk == 0) {
-          match = 1;
-        } else {
-          maybe = 1;
-        }
-      } else if (!port) {
-        /* The port maybe matches. */
-        maybe = 1;
-      }
-    } else {
-      /* Address is known */
-      if ((addr & tmpe->msk) == (tmpe->addr & tmpe->msk)) {
-        if (port >= tmpe->prt_min && port <= tmpe->prt_max) {
-          /* Exact match for the policy */
-          match = 1;
-        } else if (!port) {
-          maybe = 1;
-        }
-      }
-    }
-    if (maybe) {
-      if (tmpe->policy_type == ADDR_POLICY_REJECT)
-        maybe_reject = 1;
-      else
-        maybe_accept = 1;
-    }
-    if (match) {
-      if (tmpe->policy_type == ADDR_POLICY_ACCEPT) {
-        /* If we already hit a clause that might trigger a 'reject', than we
-         * can't be sure of this certain 'accept'.*/
-        return maybe_reject ? ADDR_POLICY_PROBABLY_ACCEPTED :
-                              ADDR_POLICY_ACCEPTED;
-      } else {
-        return maybe_accept ? ADDR_POLICY_PROBABLY_REJECTED :
-                              ADDR_POLICY_REJECTED;
-      }
-    }
-  }
-  /* accept all by default. */
-  return maybe_reject ? ADDR_POLICY_PROBABLY_ACCEPTED : ADDR_POLICY_ACCEPTED;
-}
-
 /** Return 1 if all running sufficiently-stable routers will reject
  * addr:port, return 0 if any might accept it. */
 int
@@ -2492,7 +2416,7 @@ router_exit_policy_all_routers_reject(uint32_t addr, uint16_t port,
   {
     if (router->is_running &&
         !router_is_unreliable(router, need_uptime, 0, 0)) {
-      r = router_compare_addr_to_addr_policy(addr, port, router->exit_policy);
+      r = compare_addr_to_addr_policy(addr, port, router->exit_policy);
       if (r != ADDR_POLICY_REJECTED && r != ADDR_POLICY_PROBABLY_REJECTED)
         return 0; /* this one could be ok. good enough. */
     }
@@ -2505,7 +2429,7 @@ router_exit_policy_all_routers_reject(uint32_t addr, uint16_t port,
 int
 router_exit_policy_rejects_all(routerinfo_t *router)
 {
-  return router_compare_addr_to_addr_policy(0, 0, router->exit_policy)
+  return compare_addr_to_addr_policy(0, 0, router->exit_policy)
     == ADDR_POLICY_REJECTED;
 }
 
@@ -3691,7 +3615,7 @@ router_differences_are_cosmetic(routerinfo_t *r1, routerinfo_t *r2)
       (r1->contact_info && r2->contact_info &&
        strcasecmp(r1->contact_info, r2->contact_info)) ||
       r1->is_hibernating != r2->is_hibernating ||
-      config_cmp_addr_policies(r1->exit_policy, r2->exit_policy))
+      cmp_addr_policies(r1->exit_policy, r2->exit_policy))
     return 0;
   if ((r1->declared_family == NULL) != (r2->declared_family == NULL))
     return 0;

src/or/routerparse.c

@@ -1258,7 +1258,7 @@ networkstatus_parse_from_string(const char *s)
   return ns;
 }
 
-/** Parse the exit policy in the string <b>s</b> and return it.  If
+/** Parse the addr policy in the string <b>s</b> and return it.  If
  * assume_action is nonnegative, then insert its action (ADDR_POLICY_ACCEPT or
  * ADDR_POLICY_REJECT) for items that specify no action.
  */
@@ -1290,7 +1290,7 @@ router_parse_addr_policy_from_string(const char *s, int assume_action)
   }
   tok = get_next_token(&cp, RTR);
   if (tok->tp == _ERR) {
-    log_warn(LD_DIR, "Error reading exit policy: %s", tok->error);
+    log_warn(LD_DIR, "Error reading address policy: %s", tok->error);
     goto err;
   }
   if (tok->tp != K_ACCEPT && tok->tp != K_REJECT) {
@@ -1298,7 +1298,7 @@ router_parse_addr_policy_from_string(const char *s, int assume_action)
     goto err;
   }
 
-  /* Now that we've gotten an exit policy, add it to the router. */
+  /* Now that we've gotten an addr policy, add it to the router. */
   r = router_parse_addr_policy(tok);
   goto done;
  err:

src/or/test.c

@@ -1453,11 +1453,11 @@ test_exit_policies(void)
 
 //  test_assert(exit_policy_implicitly_allows_local_networks(policy, 0));
   test_assert(ADDR_POLICY_ACCEPTED ==
-          router_compare_addr_to_addr_policy(0x01020304u, 2, policy));
+          compare_addr_to_addr_policy(0x01020304u, 2, policy));
   test_assert(ADDR_POLICY_PROBABLY_ACCEPTED ==
-          router_compare_addr_to_addr_policy(0, 2, policy));
+          compare_addr_to_addr_policy(0, 2, policy));
   test_assert(ADDR_POLICY_REJECTED ==
-          router_compare_addr_to_addr_policy(0xc0a80102, 2, policy));
+          compare_addr_to_addr_policy(0xc0a80102, 2, policy));
 
   addr_policy_free(policy);