Home Explore Help
Sign In
piros
/
tor
3
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Browse Source

Merge branch 'bug8197_squashed'

Conflicts:
	src/test/test_policy.c
Nick Mathewson 9 years ago
parent
c8d927bad4 80622c0664
commit
bdd0c77643
5 changed files with 112 additions and 16 deletions
Split View Show Diff Stats
  1. 6 0
      changes/bug8197
  2. 77 9
      src/or/policies.c
  3. 14 0
      src/or/policies.h
  4. 2 4
      src/or/router.c
  5. 13 3
      src/test/test_policy.c

+ 6 - 0
changes/bug8197
View File 

@@ -0,0 +1,6 @@
 
+  o Minor refactoring:
 
+    - Reworking API of policies_parse_exit_policy() function to use a 
+      bitmask to represent parsing options instead of a confusing mess 
+      of booleans. Resolves ticket 8197.
 
+    - Introducing helper function to parse ExitPolicy in or_options_t
 
+      structure.

+ 77 - 9
src/or/policies.c
View File 

@@ -62,6 +62,13 @@ static const char *private_nets[] = {
 
   NULL
 
 };
 
 
+static int policies_parse_exit_policy_internal(config_line_t *cfg,
 
+                                               smartlist_t **dest,
 
+                                               int ipv6_exit,
 
+                                               int rejectprivate,
 
+                                               uint32_t local_address,
 
+                                               int add_default_policy);
 
+
 
 /** Replace all "private" entries in *<b>policy</b> with their expanded
 
  * equivalents. */
 
 void
 
@@ -423,11 +430,9 @@ validate_addr_policies(const or_options_t *options, char **msg)
 
   smartlist_t *addr_policy=NULL;
 
   *msg = NULL;
 
 
-  if (policies_parse_exit_policy(options->ExitPolicy, &addr_policy,
 
-                                 options->IPv6Exit,
 
-                                 options->ExitPolicyRejectPrivate, 0,
 
-                                 !options->BridgeRelay))
 
+  if (policies_parse_exit_policy_from_options(options,0,&addr_policy)) {
 
     REJECT("Error in ExitPolicy entry.");
 
+  }
 
 
   /* The rest of these calls *append* to addr_policy. So don't actually
 
    * use the results for anything other than checking if they parse! */
 
@@ -948,11 +953,12 @@ exit_policy_remove_redundancies(smartlist_t *dest)
 
  * the functions used to parse the exit policy from a router descriptor,
 
  * see router_add_exit_policy.
 
  */
 
-int
 
-policies_parse_exit_policy(config_line_t *cfg, smartlist_t **dest,
 
-                           int ipv6_exit,
 
-                           int rejectprivate, uint32_t local_address,
 
-                           int add_default_policy)
 
+static int
 
+policies_parse_exit_policy_internal(config_line_t *cfg, smartlist_t **dest,
 
+                                    int ipv6_exit,
 
+                                    int rejectprivate,
 
+                                    uint32_t local_address,
 
+                                    int add_default_policy)
 
 {
 
   if (!ipv6_exit) {
 
     append_exit_policy_string(dest, "reject *6:*");
 
@@ -978,6 +984,68 @@ policies_parse_exit_policy(config_line_t *cfg, smartlist_t **dest,
 
   return 0;
 
 }
 
 
+/** Parse exit policy in <b>cfg</b> into <b>dest</b> smartlist.
 
+ *
 
+ * Add entry that rejects all IPv6 destinations unless
 
+ * <b>EXIT_POLICY_IPV6_ENABLED</b> bit is set in <b>options</b> bitmask.
 
+ *
 
+ * If <b>EXIT_POLICY_REJECT_PRIVATE</b> bit is set in <b>options</b>,
 
+ * do add entry that rejects all destinations in private subnetwork
 
+ * Tor is running in.
 
+ *
 
+ * Respectively, if <b>EXIT_POLICY_ADD_DEFAULT</b> bit is set, add
 
+ * default exit policy entries to <b>result</b> smartlist.
 
+ */
 
+int
 
+policies_parse_exit_policy(config_line_t *cfg, smartlist_t **dest,
 
+                           exit_policy_parser_cfg_t options,
 
+                           uint32_t local_address)
 
+{
 
+  int ipv6_enabled = (options & EXIT_POLICY_IPV6_ENABLED) ? 1 : 0;
 
+  int reject_private = (options & EXIT_POLICY_REJECT_PRIVATE) ? 1 : 0;
 
+  int add_default = (options & EXIT_POLICY_ADD_DEFAULT) ? 1 : 0;
 
+
 
+  return policies_parse_exit_policy_internal(cfg,dest,ipv6_enabled,
 
+                                             reject_private,
 
+                                             local_address,
 
+                                             add_default);
 
+}
 
+
 
+/** Parse <b>ExitPolicy</b> member of <b>or_options</b> into <b>result</b>
 
+ * smartlist.
 
+ * If <b>or_options->IPv6Exit</b> is false, add an entry that
 
+ * rejects all IPv6 destinations.
 
+ *
 
+ * If <b>or_options->ExitPolicyRejectPrivate</b> is true, add entry that
 
+ * rejects all destinations in the private subnetwork of machine Tor
 
+ * instance is running in.
 
+ *
 
+ * If <b>or_options->BridgeRelay</b> is false, add entries of default
 
+ * Tor exit policy into <b>result</b> smartlist.
 
+ */
 
+int
 
+policies_parse_exit_policy_from_options(const or_options_t *or_options,
 
+                                        uint32_t local_address,
 
+                                        smartlist_t **result)
 
+{
 
+  exit_policy_parser_cfg_t parser_cfg = 0;
 
+
 
+  if (or_options->IPv6Exit) {
 
+    parser_cfg |= EXIT_POLICY_IPV6_ENABLED;
 
+  }
 
+
 
+  if (or_options->ExitPolicyRejectPrivate) {
 
+    parser_cfg |= EXIT_POLICY_REJECT_PRIVATE;
 
+  }
 
+
 
+  if (!or_options->BridgeRelay) {
 
+    parser_cfg |= EXIT_POLICY_ADD_DEFAULT;
 
+  }
 
+
 
+  return policies_parse_exit_policy(or_options->ExitPolicy,result,
 
+                                    parser_cfg,local_address);
 
+}
 
+
 
 /** Add "reject *:*" to the end of the policy in *<b>dest</b>, allocating
 
  * *<b>dest</b> as needed. */
 
 void

+ 14 - 0
src/or/policies.h
View File 

@@ -18,6 +18,12 @@
 
  */
 
 #define POLICY_BUF_LEN 72
 
 
+#define EXIT_POLICY_IPV6_ENABLED   (1 << 0)
 
+#define EXIT_POLICY_REJECT_PRIVATE (1 << 1)
 
+#define EXIT_POLICY_ADD_DEFAULT    (1 << 2)
 
+
 
+typedef int exit_policy_parser_cfg_t;
 
+
 
 int firewall_is_fascist_or(void);
 
 int fascist_firewall_allows_address_or(const tor_addr_t *addr, uint16_t port);
 
 int fascist_firewall_allows_or(const routerinfo_t *ri);
 
@@ -42,10 +48,18 @@ MOCK_DECL(addr_policy_result_t, compare_tor_addr_to_addr_policy,
 
 addr_policy_result_t compare_tor_addr_to_node_policy(const tor_addr_t *addr,
 
                               uint16_t port, const node_t *node);
 
 
+/*
 
 int policies_parse_exit_policy(config_line_t *cfg, smartlist_t **dest,
 
                                int ipv6exit,
 
                                int rejectprivate, uint32_t local_address,
 
                                int add_default_policy);
 
+*/
 
+int policies_parse_exit_policy_from_options(const or_options_t *or_options,
 
+                                            uint32_t local_address,
 
+                                            smartlist_t **result);
 
+int policies_parse_exit_policy(config_line_t *cfg, smartlist_t **dest,
 
+                               exit_policy_parser_cfg_t options,
 
+                               uint32_t local_address);
 
 void policies_exit_policy_append_reject_star(smartlist_t **dest);
 
 void addr_policy_append_reject_addr(smartlist_t **dest,
 
                                     const tor_addr_t *addr);

+ 2 - 4
src/or/router.c
View File 

@@ -1855,10 +1855,8 @@ router_rebuild_descriptor(int force)
 
     /* DNS is screwed up; don't claim to be an exit. */
 
     policies_exit_policy_append_reject_star(&ri->exit_policy);
 
   } else {
 
-    policies_parse_exit_policy(options->ExitPolicy, &ri->exit_policy,
 
-                               options->IPv6Exit,
 
-                               options->ExitPolicyRejectPrivate,
 
-                               ri->addr, !options->BridgeRelay);
 
+    policies_parse_exit_policy_from_options(options,ri->addr,
 
+                                            &ri->exit_policy);
 
   }
 
   ri->policy_is_reject_star =
 
     policy_is_reject_star(ri->exit_policy, AF_INET) &&

+ 13 - 3
src/test/test_policy.c
View File 

@@ -47,8 +47,11 @@ test_policy_summary_helper(const char *policy_str,
 
   line.value = (char *)policy_str;
 
   line.next = NULL;
 
 
-  r = policies_parse_exit_policy(&line, &policy, 1, 0, 0, 1);
 
+  r = policies_parse_exit_policy(&line, &policy,
 
+                                 EXIT_POLICY_IPV6_ENABLED |
 
+                                 EXIT_POLICY_ADD_DEFAULT ,0);
 
   tt_int_op(r,==, 0);
 
+
 
   summary = policy_summarize(policy, AF_INET);
 
 
   tt_assert(summary != NULL);
 
@@ -106,7 +109,11 @@ test_policies_general(void *arg)
 
   tt_assert(ADDR_POLICY_REJECTED ==
 
           compare_tor_addr_to_addr_policy(&tar, 2, policy));
 
 
-  tt_assert(0 == policies_parse_exit_policy(NULL, &policy2, 1, 1, 0, 1));
 
+  tt_int_op(0, ==, policies_parse_exit_policy(NULL, &policy2,
 
+                                              EXIT_POLICY_IPV6_ENABLED |
 
+                                              EXIT_POLICY_REJECT_PRIVATE |
 
+                                              EXIT_POLICY_ADD_DEFAULT, 0));
 
+
 
   tt_assert(policy2);
 
 
   policy3 = smartlist_new();
 
@@ -193,8 +200,11 @@ test_policies_general(void *arg)
 
   line.key = (char*)"foo";
 
   line.value = (char*)"accept *:80,reject private:*,reject *:*";
 
   line.next = NULL;
 
-  tt_assert(0 == policies_parse_exit_policy(&line, &policy, 1, 0, 0, 1));
 
+  tt_int_op(0, ==, policies_parse_exit_policy(&line,&policy,
 
+                                              EXIT_POLICY_IPV6_ENABLED |
 
+                                              EXIT_POLICY_ADD_DEFAULT,0));
 
   tt_assert(policy);
 
+
 
   //test_streq(policy->string, "accept *:80");
 
   //test_streq(policy->next->string, "reject *:*");
 
   tt_int_op(smartlist_len(policy),==, 4);