policies.c 56 KB

12345678910111213141516171819202122232425262728293031323334353637383940414243444546474849505152535455565758596061626364656667686970717273747576777879808182838485868788899091929394959697989910010110210310410510610710810911011111211311411511611711811912012112212312412512612712812913013113213313413513613713813914014114214314414514614714814915015115215315415515615715815916016116216316416516616716816917017117217317417517617717817918018118218318418518618718818919019119219319419519619719819920020120220320420520620720820921021121221321421521621721821922022122222322422522622722822923023123223323423523623723823924024124224324424524624724824925025125225325425525625725825926026126226326426526626726826927027127227327427527627727827928028128228328428528628728828929029129229329429529629729829930030130230330430530630730830931031131231331431531631731831932032132232332432532632732832933033133233333433533633733833934034134234334434534634734834935035135235335435535635735835936036136236336436536636736836937037137237337437537637737837938038138238338438538638738838939039139239339439539639739839940040140240340440540640740840941041141241341441541641741841942042142242342442542642742842943043143243343443543643743843944044144244344444544644744844945045145245345445545645745845946046146246346446546646746846947047147247347447547647747847948048148248348448548648748848949049149249349449549649749849950050150250350450550650750850951051151251351451551651751851952052152252352452552652752852953053153253353453553653753853954054154254354454554654754854955055155255355455555655755855956056156256356456556656756856957057157257357457557657757857958058158258358458558658758858959059159259359459559659759859960060160260360460560660760860961061161261361461561661761861962062162262362462562662762862963063163263363463563663763863964064164264364464564664764864965065165265365465565665765865966066166266366466566666766866967067167267367467567667767867968068168268368468568668768868969069169269369469569669769869970070170270370470570670770870971071171271371471571671771871972072172272372472572672772872973073173273373473573673773873974074174274374474574674774874975075175275375475575675775875976076176276376476576676776876977077177277377477577677777877978078178278378478578678778878979079179279379479579679779879980080180280380480580680780880981081181281381481581681781881982082182282382482582682782882983083183283383483583683783883984084184284384484584684784884985085185285385485585685785885986086186286386486586686786886987087187287387487587687787887988088188288388488588688788888989089189289389489589689789889990090190290390490590690790890991091191291391491591691791891992092192292392492592692792892993093193293393493593693793893994094194294394494594694794894995095195295395495595695795895996096196296396496596696796896997097197297397497597697797897998098198298398498598698798898999099199299399499599699799899910001001100210031004100510061007100810091010101110121013101410151016101710181019102010211022102310241025102610271028102910301031103210331034103510361037103810391040104110421043104410451046104710481049105010511052105310541055105610571058105910601061106210631064106510661067106810691070107110721073107410751076107710781079108010811082108310841085108610871088108910901091109210931094109510961097109810991100110111021103110411051106110711081109111011111112111311141115111611171118111911201121112211231124112511261127112811291130113111321133113411351136113711381139114011411142114311441145114611471148114911501151115211531154115511561157115811591160116111621163116411651166116711681169117011711172117311741175117611771178117911801181118211831184118511861187118811891190119111921193119411951196119711981199120012011202120312041205120612071208120912101211121212131214121512161217121812191220122112221223122412251226122712281229123012311232123312341235123612371238123912401241124212431244124512461247124812491250125112521253125412551256125712581259126012611262126312641265126612671268126912701271127212731274127512761277127812791280128112821283128412851286128712881289129012911292129312941295129612971298129913001301130213031304130513061307130813091310131113121313131413151316131713181319132013211322132313241325132613271328132913301331133213331334133513361337133813391340134113421343134413451346134713481349135013511352135313541355135613571358135913601361136213631364136513661367136813691370137113721373137413751376137713781379138013811382138313841385138613871388138913901391139213931394139513961397139813991400140114021403140414051406140714081409141014111412141314141415141614171418141914201421142214231424142514261427142814291430143114321433143414351436143714381439144014411442144314441445144614471448144914501451145214531454145514561457145814591460146114621463146414651466146714681469147014711472147314741475147614771478147914801481148214831484148514861487148814891490149114921493149414951496149714981499150015011502150315041505150615071508150915101511151215131514151515161517151815191520152115221523152415251526152715281529153015311532153315341535153615371538153915401541154215431544154515461547154815491550155115521553155415551556155715581559156015611562156315641565156615671568156915701571157215731574157515761577157815791580158115821583158415851586158715881589159015911592159315941595159615971598159916001601160216031604160516061607160816091610161116121613161416151616161716181619162016211622162316241625162616271628162916301631163216331634163516361637163816391640164116421643164416451646164716481649165016511652165316541655165616571658165916601661166216631664166516661667166816691670167116721673167416751676167716781679168016811682168316841685168616871688168916901691169216931694169516961697169816991700170117021703170417051706170717081709171017111712171317141715171617171718171917201721172217231724172517261727172817291730173117321733173417351736173717381739174017411742174317441745174617471748174917501751175217531754175517561757175817591760176117621763176417651766176717681769177017711772177317741775177617771778177917801781178217831784178517861787178817891790179117921793
  1. /* Copyright (c) 2001-2004, Roger Dingledine.
  2. * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson.
  3. * Copyright (c) 2007-2013, The Tor Project, Inc. */
  4. /* See LICENSE for licensing information */
  5. /**
  6. * \file policies.c
  7. * \brief Code to parse and use address policies and exit policies.
  8. **/
  9. #include "or.h"
  10. #include "config.h"
  11. #include "dirserv.h"
  12. #include "nodelist.h"
  13. #include "policies.h"
  14. #include "router.h"
  15. #include "routerparse.h"
  16. #include "geoip.h"
  17. #include "ht.h"
  18. /** Policy that addresses for incoming SOCKS connections must match. */
  19. static smartlist_t *socks_policy = NULL;
  20. /** Policy that addresses for incoming directory connections must match. */
  21. static smartlist_t *dir_policy = NULL;
  22. /** Policy that addresses for incoming router descriptors must match in order
  23. * to be published by us. */
  24. static smartlist_t *authdir_reject_policy = NULL;
  25. /** Policy that addresses for incoming router descriptors must match in order
  26. * to be marked as valid in our networkstatus. */
  27. static smartlist_t *authdir_invalid_policy = NULL;
  28. /** Policy that addresses for incoming router descriptors must <b>not</b>
  29. * match in order to not be marked as BadDirectory. */
  30. static smartlist_t *authdir_baddir_policy = NULL;
  31. /** Policy that addresses for incoming router descriptors must <b>not</b>
  32. * match in order to not be marked as BadExit. */
  33. static smartlist_t *authdir_badexit_policy = NULL;
  34. /** Parsed addr_policy_t describing which addresses we believe we can start
  35. * circuits at. */
  36. static smartlist_t *reachable_or_addr_policy = NULL;
  37. /** Parsed addr_policy_t describing which addresses we believe we can connect
  38. * to directories at. */
  39. static smartlist_t *reachable_dir_addr_policy = NULL;
  40. /** Element of an exit policy summary */
  41. typedef struct policy_summary_item_t {
  42. uint16_t prt_min; /**< Lowest port number to accept/reject. */
  43. uint16_t prt_max; /**< Highest port number to accept/reject. */
  44. uint64_t reject_count; /**< Number of IP-Addresses that are rejected to
  45. this port range. */
  46. unsigned int accepted:1; /** Has this port already been accepted */
  47. } policy_summary_item_t;
  48. /** Private networks. This list is used in two places, once to expand the
  49. * "private" keyword when parsing our own exit policy, secondly to ignore
  50. * just such networks when building exit policy summaries. It is important
  51. * that all authorities agree on that list when creating summaries, so don't
  52. * just change this without a proper migration plan and a proposal and stuff.
  53. */
  54. static const char *private_nets[] = {
  55. "0.0.0.0/8", "169.254.0.0/16",
  56. "127.0.0.0/8", "192.168.0.0/16", "10.0.0.0/8", "172.16.0.0/12",
  57. "[::]/8",
  58. "[fc00::]/7", "[fe80::]/10", "[fec0::]/10", "[ff00::]/8", "[::]/127",
  59. NULL
  60. };
  61. /** Replace all "private" entries in *<b>policy</b> with their expanded
  62. * equivalents. */
  63. void
  64. policy_expand_private(smartlist_t **policy)
  65. {
  66. uint16_t port_min, port_max;
  67. int i;
  68. smartlist_t *tmp;
  69. if (!*policy) /*XXXX disallow NULL policies? */
  70. return;
  71. tmp = smartlist_new();
  72. SMARTLIST_FOREACH_BEGIN(*policy, addr_policy_t *, p) {
  73. if (! p->is_private) {
  74. smartlist_add(tmp, p);
  75. continue;
  76. }
  77. for (i = 0; private_nets[i]; ++i) {
  78. addr_policy_t newpolicy;
  79. memcpy(&newpolicy, p, sizeof(addr_policy_t));
  80. newpolicy.is_private = 0;
  81. newpolicy.is_canonical = 0;
  82. if (tor_addr_parse_mask_ports(private_nets[i], 0,
  83. &newpolicy.addr,
  84. &newpolicy.maskbits, &port_min, &port_max)<0) {
  85. tor_assert(0);
  86. }
  87. smartlist_add(tmp, addr_policy_get_canonical_entry(&newpolicy));
  88. }
  89. addr_policy_free(p);
  90. } SMARTLIST_FOREACH_END(p);
  91. smartlist_free(*policy);
  92. *policy = tmp;
  93. }
  94. /** Expand each of the AF_UNSPEC elements in *<b>policy</b> (which indicate
  95. * protocol-neutral wildcards) into a pair of wildcard elements: one IPv4-
  96. * specific and one IPv6-specific. */
  97. void
  98. policy_expand_unspec(smartlist_t **policy)
  99. {
  100. smartlist_t *tmp;
  101. if (!*policy)
  102. return;
  103. tmp = smartlist_new();
  104. SMARTLIST_FOREACH_BEGIN(*policy, addr_policy_t *, p) {
  105. sa_family_t family = tor_addr_family(&p->addr);
  106. if (family == AF_INET6 || family == AF_INET || p->is_private) {
  107. smartlist_add(tmp, p);
  108. } else if (family == AF_UNSPEC) {
  109. addr_policy_t newpolicy_ipv4;
  110. addr_policy_t newpolicy_ipv6;
  111. memcpy(&newpolicy_ipv4, p, sizeof(addr_policy_t));
  112. memcpy(&newpolicy_ipv6, p, sizeof(addr_policy_t));
  113. newpolicy_ipv4.is_canonical = 0;
  114. newpolicy_ipv6.is_canonical = 0;
  115. if (p->maskbits != 0) {
  116. log_warn(LD_BUG, "AF_UNSPEC policy with maskbits==%d", p->maskbits);
  117. newpolicy_ipv4.maskbits = 0;
  118. newpolicy_ipv6.maskbits = 0;
  119. }
  120. tor_addr_from_ipv4h(&newpolicy_ipv4.addr, 0);
  121. tor_addr_from_ipv6_bytes(&newpolicy_ipv6.addr,
  122. "\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0");
  123. smartlist_add(tmp, addr_policy_get_canonical_entry(&newpolicy_ipv4));
  124. smartlist_add(tmp, addr_policy_get_canonical_entry(&newpolicy_ipv6));
  125. addr_policy_free(p);
  126. } else {
  127. log_warn(LD_BUG, "Funny-looking address policy with family %d", family);
  128. smartlist_add(tmp, p);
  129. }
  130. } SMARTLIST_FOREACH_END(p);
  131. smartlist_free(*policy);
  132. *policy = tmp;
  133. }
  134. /**
  135. * Given a linked list of config lines containing "allow" and "deny"
  136. * tokens, parse them and append the result to <b>dest</b>. Return -1
  137. * if any tokens are malformed (and don't append any), else return 0.
  138. *
  139. * If <b>assume_action</b> is nonnegative, then insert its action
  140. * (ADDR_POLICY_ACCEPT or ADDR_POLICY_REJECT) for items that specify no
  141. * action.
  142. */
  143. static int
  144. parse_addr_policy(config_line_t *cfg, smartlist_t **dest,
  145. int assume_action)
  146. {
  147. smartlist_t *result;
  148. smartlist_t *entries;
  149. addr_policy_t *item;
  150. int r = 0;
  151. if (!cfg)
  152. return 0;
  153. result = smartlist_new();
  154. entries = smartlist_new();
  155. for (; cfg; cfg = cfg->next) {
  156. smartlist_split_string(entries, cfg->value, ",",
  157. SPLIT_SKIP_SPACE|SPLIT_IGNORE_BLANK, 0);
  158. SMARTLIST_FOREACH_BEGIN(entries, const char *, ent) {
  159. log_debug(LD_CONFIG,"Adding new entry '%s'",ent);
  160. item = router_parse_addr_policy_item_from_string(ent, assume_action);
  161. if (item) {
  162. smartlist_add(result, item);
  163. } else {
  164. log_warn(LD_CONFIG,"Malformed policy '%s'.", ent);
  165. r = -1;
  166. }
  167. } SMARTLIST_FOREACH_END(ent);
  168. SMARTLIST_FOREACH(entries, char *, ent, tor_free(ent));
  169. smartlist_clear(entries);
  170. }
  171. smartlist_free(entries);
  172. if (r == -1) {
  173. addr_policy_list_free(result);
  174. } else {
  175. policy_expand_private(&result);
  176. policy_expand_unspec(&result);
  177. if (*dest) {
  178. smartlist_add_all(*dest, result);
  179. smartlist_free(result);
  180. } else {
  181. *dest = result;
  182. }
  183. }
  184. return r;
  185. }
  186. /** Helper: parse the Reachable(Dir|OR)?Addresses fields into
  187. * reachable_(or|dir)_addr_policy. The options should already have
  188. * been validated by validate_addr_policies.
  189. */
  190. static int
  191. parse_reachable_addresses(void)
  192. {
  193. const or_options_t *options = get_options();
  194. int ret = 0;
  195. if (options->ReachableDirAddresses &&
  196. options->ReachableORAddresses &&
  197. options->ReachableAddresses) {
  198. log_warn(LD_CONFIG,
  199. "Both ReachableDirAddresses and ReachableORAddresses are set. "
  200. "ReachableAddresses setting will be ignored.");
  201. }
  202. addr_policy_list_free(reachable_or_addr_policy);
  203. reachable_or_addr_policy = NULL;
  204. if (!options->ReachableORAddresses && options->ReachableAddresses)
  205. log_info(LD_CONFIG,
  206. "Using ReachableAddresses as ReachableORAddresses.");
  207. if (parse_addr_policy(options->ReachableORAddresses ?
  208. options->ReachableORAddresses :
  209. options->ReachableAddresses,
  210. &reachable_or_addr_policy, ADDR_POLICY_ACCEPT)) {
  211. log_warn(LD_CONFIG,
  212. "Error parsing Reachable%sAddresses entry; ignoring.",
  213. options->ReachableORAddresses ? "OR" : "");
  214. ret = -1;
  215. }
  216. addr_policy_list_free(reachable_dir_addr_policy);
  217. reachable_dir_addr_policy = NULL;
  218. if (!options->ReachableDirAddresses && options->ReachableAddresses)
  219. log_info(LD_CONFIG,
  220. "Using ReachableAddresses as ReachableDirAddresses");
  221. if (parse_addr_policy(options->ReachableDirAddresses ?
  222. options->ReachableDirAddresses :
  223. options->ReachableAddresses,
  224. &reachable_dir_addr_policy, ADDR_POLICY_ACCEPT)) {
  225. if (options->ReachableDirAddresses)
  226. log_warn(LD_CONFIG,
  227. "Error parsing ReachableDirAddresses entry; ignoring.");
  228. ret = -1;
  229. }
  230. return ret;
  231. }
  232. /** Return true iff the firewall options might block any address:port
  233. * combination.
  234. */
  235. int
  236. firewall_is_fascist_or(void)
  237. {
  238. return reachable_or_addr_policy != NULL;
  239. }
  240. /** Return true iff <b>policy</b> (possibly NULL) will allow a
  241. * connection to <b>addr</b>:<b>port</b>.
  242. */
  243. static int
  244. addr_policy_permits_tor_addr(const tor_addr_t *addr, uint16_t port,
  245. smartlist_t *policy)
  246. {
  247. addr_policy_result_t p;
  248. p = compare_tor_addr_to_addr_policy(addr, port, policy);
  249. switch (p) {
  250. case ADDR_POLICY_PROBABLY_ACCEPTED:
  251. case ADDR_POLICY_ACCEPTED:
  252. return 1;
  253. case ADDR_POLICY_PROBABLY_REJECTED:
  254. case ADDR_POLICY_REJECTED:
  255. return 0;
  256. default:
  257. log_warn(LD_BUG, "Unexpected result: %d", (int)p);
  258. return 0;
  259. }
  260. }
  261. /** Return true iff <b> policy</b> (possibly NULL) will allow a connection to
  262. * <b>addr</b>:<b>port</b>. <b>addr</b> is an IPv4 address given in host
  263. * order. */
  264. /* XXXX deprecate when possible. */
  265. static int
  266. addr_policy_permits_address(uint32_t addr, uint16_t port,
  267. smartlist_t *policy)
  268. {
  269. tor_addr_t a;
  270. tor_addr_from_ipv4h(&a, addr);
  271. return addr_policy_permits_tor_addr(&a, port, policy);
  272. }
  273. /** Return true iff we think our firewall will let us make an OR connection to
  274. * addr:port. */
  275. int
  276. fascist_firewall_allows_address_or(const tor_addr_t *addr, uint16_t port)
  277. {
  278. return addr_policy_permits_tor_addr(addr, port,
  279. reachable_or_addr_policy);
  280. }
  281. /** Return true iff we think our firewall will let us make an OR connection to
  282. * <b>ri</b>. */
  283. int
  284. fascist_firewall_allows_or(const routerinfo_t *ri)
  285. {
  286. /* XXXX proposal 118 */
  287. tor_addr_t addr;
  288. tor_addr_from_ipv4h(&addr, ri->addr);
  289. return fascist_firewall_allows_address_or(&addr, ri->or_port);
  290. }
  291. /** Return true iff we think our firewall will let us make an OR connection to
  292. * <b>node</b>. */
  293. int
  294. fascist_firewall_allows_node(const node_t *node)
  295. {
  296. if (node->ri) {
  297. return fascist_firewall_allows_or(node->ri);
  298. } else if (node->rs) {
  299. tor_addr_t addr;
  300. tor_addr_from_ipv4h(&addr, node->rs->addr);
  301. return fascist_firewall_allows_address_or(&addr, node->rs->or_port);
  302. } else {
  303. return 1;
  304. }
  305. }
  306. /** Return true iff we think our firewall will let us make a directory
  307. * connection to addr:port. */
  308. int
  309. fascist_firewall_allows_address_dir(const tor_addr_t *addr, uint16_t port)
  310. {
  311. return addr_policy_permits_tor_addr(addr, port,
  312. reachable_dir_addr_policy);
  313. }
  314. /** Return 1 if <b>addr</b> is permitted to connect to our dir port,
  315. * based on <b>dir_policy</b>. Else return 0.
  316. */
  317. int
  318. dir_policy_permits_address(const tor_addr_t *addr)
  319. {
  320. return addr_policy_permits_tor_addr(addr, 1, dir_policy);
  321. }
  322. /** Return 1 if <b>addr</b> is permitted to connect to our socks port,
  323. * based on <b>socks_policy</b>. Else return 0.
  324. */
  325. int
  326. socks_policy_permits_address(const tor_addr_t *addr)
  327. {
  328. return addr_policy_permits_tor_addr(addr, 1, socks_policy);
  329. }
  330. /** Return true iff the address <b>addr</b> is in a country listed in the
  331. * case-insensitive list of country codes <b>cc_list</b>. */
  332. static int
  333. addr_is_in_cc_list(uint32_t addr, const smartlist_t *cc_list)
  334. {
  335. country_t country;
  336. const char *name;
  337. tor_addr_t tar;
  338. if (!cc_list)
  339. return 0;
  340. /* XXXXipv6 */
  341. tor_addr_from_ipv4h(&tar, addr);
  342. country = geoip_get_country_by_addr(&tar);
  343. name = geoip_get_country_name(country);
  344. return smartlist_contains_string_case(cc_list, name);
  345. }
  346. /** Return 1 if <b>addr</b>:<b>port</b> is permitted to publish to our
  347. * directory, based on <b>authdir_reject_policy</b>. Else return 0.
  348. */
  349. int
  350. authdir_policy_permits_address(uint32_t addr, uint16_t port)
  351. {
  352. if (! addr_policy_permits_address(addr, port, authdir_reject_policy))
  353. return 0;
  354. return !addr_is_in_cc_list(addr, get_options()->AuthDirRejectCCs);
  355. }
  356. /** Return 1 if <b>addr</b>:<b>port</b> is considered valid in our
  357. * directory, based on <b>authdir_invalid_policy</b>. Else return 0.
  358. */
  359. int
  360. authdir_policy_valid_address(uint32_t addr, uint16_t port)
  361. {
  362. if (! addr_policy_permits_address(addr, port, authdir_invalid_policy))
  363. return 0;
  364. return !addr_is_in_cc_list(addr, get_options()->AuthDirInvalidCCs);
  365. }
  366. /** Return 1 if <b>addr</b>:<b>port</b> should be marked as a bad dir,
  367. * based on <b>authdir_baddir_policy</b>. Else return 0.
  368. */
  369. int
  370. authdir_policy_baddir_address(uint32_t addr, uint16_t port)
  371. {
  372. if (! addr_policy_permits_address(addr, port, authdir_baddir_policy))
  373. return 1;
  374. return addr_is_in_cc_list(addr, get_options()->AuthDirBadDirCCs);
  375. }
  376. /** Return 1 if <b>addr</b>:<b>port</b> should be marked as a bad exit,
  377. * based on <b>authdir_badexit_policy</b>. Else return 0.
  378. */
  379. int
  380. authdir_policy_badexit_address(uint32_t addr, uint16_t port)
  381. {
  382. if (! addr_policy_permits_address(addr, port, authdir_badexit_policy))
  383. return 1;
  384. return addr_is_in_cc_list(addr, get_options()->AuthDirBadExitCCs);
  385. }
  386. #define REJECT(arg) \
  387. STMT_BEGIN *msg = tor_strdup(arg); goto err; STMT_END
  388. /** Config helper: If there's any problem with the policy configuration
  389. * options in <b>options</b>, return -1 and set <b>msg</b> to a newly
  390. * allocated description of the error. Else return 0. */
  391. int
  392. validate_addr_policies(const or_options_t *options, char **msg)
  393. {
  394. /* XXXX Maybe merge this into parse_policies_from_options, to make sure
  395. * that the two can't go out of sync. */
  396. smartlist_t *addr_policy=NULL;
  397. *msg = NULL;
  398. if (policies_parse_exit_policy(options->ExitPolicy, &addr_policy,
  399. options->IPv6Exit,
  400. options->ExitPolicyRejectPrivate, 0,
  401. !options->BridgeRelay))
  402. REJECT("Error in ExitPolicy entry.");
  403. /* The rest of these calls *append* to addr_policy. So don't actually
  404. * use the results for anything other than checking if they parse! */
  405. if (parse_addr_policy(options->DirPolicy, &addr_policy, -1))
  406. REJECT("Error in DirPolicy entry.");
  407. if (parse_addr_policy(options->SocksPolicy, &addr_policy, -1))
  408. REJECT("Error in SocksPolicy entry.");
  409. if (parse_addr_policy(options->AuthDirReject, &addr_policy,
  410. ADDR_POLICY_REJECT))
  411. REJECT("Error in AuthDirReject entry.");
  412. if (parse_addr_policy(options->AuthDirInvalid, &addr_policy,
  413. ADDR_POLICY_REJECT))
  414. REJECT("Error in AuthDirInvalid entry.");
  415. if (parse_addr_policy(options->AuthDirBadDir, &addr_policy,
  416. ADDR_POLICY_REJECT))
  417. REJECT("Error in AuthDirBadDir entry.");
  418. if (parse_addr_policy(options->AuthDirBadExit, &addr_policy,
  419. ADDR_POLICY_REJECT))
  420. REJECT("Error in AuthDirBadExit entry.");
  421. if (parse_addr_policy(options->ReachableAddresses, &addr_policy,
  422. ADDR_POLICY_ACCEPT))
  423. REJECT("Error in ReachableAddresses entry.");
  424. if (parse_addr_policy(options->ReachableORAddresses, &addr_policy,
  425. ADDR_POLICY_ACCEPT))
  426. REJECT("Error in ReachableORAddresses entry.");
  427. if (parse_addr_policy(options->ReachableDirAddresses, &addr_policy,
  428. ADDR_POLICY_ACCEPT))
  429. REJECT("Error in ReachableDirAddresses entry.");
  430. err:
  431. addr_policy_list_free(addr_policy);
  432. return *msg ? -1 : 0;
  433. #undef REJECT
  434. }
  435. /** Parse <b>string</b> in the same way that the exit policy
  436. * is parsed, and put the processed version in *<b>policy</b>.
  437. * Ignore port specifiers.
  438. */
  439. static int
  440. load_policy_from_option(config_line_t *config, const char *option_name,
  441. smartlist_t **policy,
  442. int assume_action)
  443. {
  444. int r;
  445. int killed_any_ports = 0;
  446. addr_policy_list_free(*policy);
  447. *policy = NULL;
  448. r = parse_addr_policy(config, policy, assume_action);
  449. if (r < 0) {
  450. return -1;
  451. }
  452. if (*policy) {
  453. SMARTLIST_FOREACH_BEGIN(*policy, addr_policy_t *, n) {
  454. /* ports aren't used in these. */
  455. if (n->prt_min > 1 || n->prt_max != 65535) {
  456. addr_policy_t newp, *c;
  457. memcpy(&newp, n, sizeof(newp));
  458. newp.prt_min = 1;
  459. newp.prt_max = 65535;
  460. newp.is_canonical = 0;
  461. c = addr_policy_get_canonical_entry(&newp);
  462. SMARTLIST_REPLACE_CURRENT(*policy, n, c);
  463. addr_policy_free(n);
  464. killed_any_ports = 1;
  465. }
  466. } SMARTLIST_FOREACH_END(n);
  467. }
  468. if (killed_any_ports) {
  469. log_warn(LD_CONFIG, "Ignoring ports in %s option.", option_name);
  470. }
  471. return 0;
  472. }
  473. /** Set all policies based on <b>options</b>, which should have been validated
  474. * first by validate_addr_policies. */
  475. int
  476. policies_parse_from_options(const or_options_t *options)
  477. {
  478. int ret = 0;
  479. if (load_policy_from_option(options->SocksPolicy, "SocksPolicy",
  480. &socks_policy, -1) < 0)
  481. ret = -1;
  482. if (load_policy_from_option(options->DirPolicy, "DirPolicy",
  483. &dir_policy, -1) < 0)
  484. ret = -1;
  485. if (load_policy_from_option(options->AuthDirReject, "AuthDirReject",
  486. &authdir_reject_policy, ADDR_POLICY_REJECT) < 0)
  487. ret = -1;
  488. if (load_policy_from_option(options->AuthDirInvalid, "AuthDirInvalid",
  489. &authdir_invalid_policy, ADDR_POLICY_REJECT) < 0)
  490. ret = -1;
  491. if (load_policy_from_option(options->AuthDirBadDir, "AuthDirBadDir",
  492. &authdir_baddir_policy, ADDR_POLICY_REJECT) < 0)
  493. ret = -1;
  494. if (load_policy_from_option(options->AuthDirBadExit, "AuthDirBadExit",
  495. &authdir_badexit_policy, ADDR_POLICY_REJECT) < 0)
  496. ret = -1;
  497. if (parse_reachable_addresses() < 0)
  498. ret = -1;
  499. return ret;
  500. }
  501. /** Compare two provided address policy items, and return -1, 0, or 1
  502. * if the first is less than, equal to, or greater than the second. */
  503. static int
  504. cmp_single_addr_policy(addr_policy_t *a, addr_policy_t *b)
  505. {
  506. int r;
  507. if ((r=((int)a->policy_type - (int)b->policy_type)))
  508. return r;
  509. if ((r=((int)a->is_private - (int)b->is_private)))
  510. return r;
  511. if ((r=tor_addr_compare(&a->addr, &b->addr, CMP_EXACT)))
  512. return r;
  513. if ((r=((int)a->maskbits - (int)b->maskbits)))
  514. return r;
  515. if ((r=((int)a->prt_min - (int)b->prt_min)))
  516. return r;
  517. if ((r=((int)a->prt_max - (int)b->prt_max)))
  518. return r;
  519. return 0;
  520. }
  521. /** Like cmp_single_addr_policy() above, but looks at the
  522. * whole set of policies in each case. */
  523. int
  524. cmp_addr_policies(smartlist_t *a, smartlist_t *b)
  525. {
  526. int r, i;
  527. int len_a = a ? smartlist_len(a) : 0;
  528. int len_b = b ? smartlist_len(b) : 0;
  529. for (i = 0; i < len_a && i < len_b; ++i) {
  530. if ((r = cmp_single_addr_policy(smartlist_get(a, i), smartlist_get(b, i))))
  531. return r;
  532. }
  533. if (i == len_a && i == len_b)
  534. return 0;
  535. if (i < len_a)
  536. return -1;
  537. else
  538. return 1;
  539. }
  540. /** Node in hashtable used to store address policy entries. */
  541. typedef struct policy_map_ent_t {
  542. HT_ENTRY(policy_map_ent_t) node;
  543. addr_policy_t *policy;
  544. } policy_map_ent_t;
  545. /* DOCDOC policy_root */
  546. static HT_HEAD(policy_map, policy_map_ent_t) policy_root = HT_INITIALIZER();
  547. /** Return true iff a and b are equal. */
  548. static INLINE int
  549. policy_eq(policy_map_ent_t *a, policy_map_ent_t *b)
  550. {
  551. return cmp_single_addr_policy(a->policy, b->policy) == 0;
  552. }
  553. /** Return a hashcode for <b>ent</b> */
  554. static unsigned int
  555. policy_hash(const policy_map_ent_t *ent)
  556. {
  557. const addr_policy_t *a = ent->policy;
  558. addr_policy_t aa;
  559. memset(&aa, 0, sizeof(aa));
  560. aa.prt_min = a->prt_min;
  561. aa.prt_max = a->prt_max;
  562. aa.maskbits = a->maskbits;
  563. aa.policy_type = a->policy_type;
  564. aa.is_private = a->is_private;
  565. if (a->is_private) {
  566. aa.is_private = 1;
  567. } else {
  568. tor_addr_copy_tight(&aa.addr, &a->addr);
  569. }
  570. return (unsigned) siphash24g(&aa, sizeof(aa));
  571. }
  572. HT_PROTOTYPE(policy_map, policy_map_ent_t, node, policy_hash,
  573. policy_eq)
  574. HT_GENERATE(policy_map, policy_map_ent_t, node, policy_hash,
  575. policy_eq, 0.6, malloc, realloc, free)
  576. /** Given a pointer to an addr_policy_t, return a copy of the pointer to the
  577. * "canonical" copy of that addr_policy_t; the canonical copy is a single
  578. * reference-counted object. */
  579. addr_policy_t *
  580. addr_policy_get_canonical_entry(addr_policy_t *e)
  581. {
  582. policy_map_ent_t search, *found;
  583. if (e->is_canonical)
  584. return e;
  585. search.policy = e;
  586. found = HT_FIND(policy_map, &policy_root, &search);
  587. if (!found) {
  588. found = tor_malloc_zero(sizeof(policy_map_ent_t));
  589. found->policy = tor_memdup(e, sizeof(addr_policy_t));
  590. found->policy->is_canonical = 1;
  591. found->policy->refcnt = 0;
  592. HT_INSERT(policy_map, &policy_root, found);
  593. }
  594. tor_assert(!cmp_single_addr_policy(found->policy, e));
  595. ++found->policy->refcnt;
  596. return found->policy;
  597. }
  598. /** Helper for compare_tor_addr_to_addr_policy. Implements the case where
  599. * addr and port are both known. */
  600. static addr_policy_result_t
  601. compare_known_tor_addr_to_addr_policy(const tor_addr_t *addr, uint16_t port,
  602. const smartlist_t *policy)
  603. {
  604. /* We know the address and port, and we know the policy, so we can just
  605. * compute an exact match. */
  606. SMARTLIST_FOREACH_BEGIN(policy, addr_policy_t *, tmpe) {
  607. /* Address is known */
  608. if (!tor_addr_compare_masked(addr, &tmpe->addr, tmpe->maskbits,
  609. CMP_EXACT)) {
  610. if (port >= tmpe->prt_min && port <= tmpe->prt_max) {
  611. /* Exact match for the policy */
  612. return tmpe->policy_type == ADDR_POLICY_ACCEPT ?
  613. ADDR_POLICY_ACCEPTED : ADDR_POLICY_REJECTED;
  614. }
  615. }
  616. } SMARTLIST_FOREACH_END(tmpe);
  617. /* accept all by default. */
  618. return ADDR_POLICY_ACCEPTED;
  619. }
  620. /** Helper for compare_tor_addr_to_addr_policy. Implements the case where
  621. * addr is known but port is not. */
  622. static addr_policy_result_t
  623. compare_known_tor_addr_to_addr_policy_noport(const tor_addr_t *addr,
  624. const smartlist_t *policy)
  625. {
  626. /* We look to see if there's a definite match. If so, we return that
  627. match's value, unless there's an intervening possible match that says
  628. something different. */
  629. int maybe_accept = 0, maybe_reject = 0;
  630. SMARTLIST_FOREACH_BEGIN(policy, addr_policy_t *, tmpe) {
  631. if (!tor_addr_compare_masked(addr, &tmpe->addr, tmpe->maskbits,
  632. CMP_EXACT)) {
  633. if (tmpe->prt_min <= 1 && tmpe->prt_max >= 65535) {
  634. /* Definitely matches, since it covers all ports. */
  635. if (tmpe->policy_type == ADDR_POLICY_ACCEPT) {
  636. /* If we already hit a clause that might trigger a 'reject', than we
  637. * can't be sure of this certain 'accept'.*/
  638. return maybe_reject ? ADDR_POLICY_PROBABLY_ACCEPTED :
  639. ADDR_POLICY_ACCEPTED;
  640. } else {
  641. return maybe_accept ? ADDR_POLICY_PROBABLY_REJECTED :
  642. ADDR_POLICY_REJECTED;
  643. }
  644. } else {
  645. /* Might match. */
  646. if (tmpe->policy_type == ADDR_POLICY_REJECT)
  647. maybe_reject = 1;
  648. else
  649. maybe_accept = 1;
  650. }
  651. }
  652. } SMARTLIST_FOREACH_END(tmpe);
  653. /* accept all by default. */
  654. return maybe_reject ? ADDR_POLICY_PROBABLY_ACCEPTED : ADDR_POLICY_ACCEPTED;
  655. }
  656. /** Helper for compare_tor_addr_to_addr_policy. Implements the case where
  657. * port is known but address is not. */
  658. static addr_policy_result_t
  659. compare_unknown_tor_addr_to_addr_policy(uint16_t port,
  660. const smartlist_t *policy)
  661. {
  662. /* We look to see if there's a definite match. If so, we return that
  663. match's value, unless there's an intervening possible match that says
  664. something different. */
  665. int maybe_accept = 0, maybe_reject = 0;
  666. SMARTLIST_FOREACH_BEGIN(policy, addr_policy_t *, tmpe) {
  667. if (tmpe->prt_min <= port && port <= tmpe->prt_max) {
  668. if (tmpe->maskbits == 0) {
  669. /* Definitely matches, since it covers all addresses. */
  670. if (tmpe->policy_type == ADDR_POLICY_ACCEPT) {
  671. /* If we already hit a clause that might trigger a 'reject', than we
  672. * can't be sure of this certain 'accept'.*/
  673. return maybe_reject ? ADDR_POLICY_PROBABLY_ACCEPTED :
  674. ADDR_POLICY_ACCEPTED;
  675. } else {
  676. return maybe_accept ? ADDR_POLICY_PROBABLY_REJECTED :
  677. ADDR_POLICY_REJECTED;
  678. }
  679. } else {
  680. /* Might match. */
  681. if (tmpe->policy_type == ADDR_POLICY_REJECT)
  682. maybe_reject = 1;
  683. else
  684. maybe_accept = 1;
  685. }
  686. }
  687. } SMARTLIST_FOREACH_END(tmpe);
  688. /* accept all by default. */
  689. return maybe_reject ? ADDR_POLICY_PROBABLY_ACCEPTED : ADDR_POLICY_ACCEPTED;
  690. }
  691. /** Decide whether a given addr:port is definitely accepted,
  692. * definitely rejected, probably accepted, or probably rejected by a
  693. * given policy. If <b>addr</b> is 0, we don't know the IP of the
  694. * target address. If <b>port</b> is 0, we don't know the port of the
  695. * target address. (At least one of <b>addr</b> and <b>port</b> must be
  696. * provided. If you want to know whether a policy would definitely reject
  697. * an unknown address:port, use policy_is_reject_star().)
  698. *
  699. * We could do better by assuming that some ranges never match typical
  700. * addresses (127.0.0.1, and so on). But we'll try this for now.
  701. */
  702. addr_policy_result_t
  703. compare_tor_addr_to_addr_policy(const tor_addr_t *addr, uint16_t port,
  704. const smartlist_t *policy)
  705. {
  706. if (!policy) {
  707. /* no policy? accept all. */
  708. return ADDR_POLICY_ACCEPTED;
  709. } else if (addr == NULL || tor_addr_is_null(addr)) {
  710. if (port == 0) {
  711. log_info(LD_BUG, "Rejecting null address with 0 port (family %d)",
  712. addr ? tor_addr_family(addr) : -1);
  713. return ADDR_POLICY_REJECTED;
  714. }
  715. return compare_unknown_tor_addr_to_addr_policy(port, policy);
  716. } else if (port == 0) {
  717. return compare_known_tor_addr_to_addr_policy_noport(addr, policy);
  718. } else {
  719. return compare_known_tor_addr_to_addr_policy(addr, port, policy);
  720. }
  721. }
  722. /** Return true iff the address policy <b>a</b> covers every case that
  723. * would be covered by <b>b</b>, so that a,b is redundant. */
  724. static int
  725. addr_policy_covers(addr_policy_t *a, addr_policy_t *b)
  726. {
  727. if (tor_addr_family(&a->addr) != tor_addr_family(&b->addr)) {
  728. /* You can't cover a different family. */
  729. return 0;
  730. }
  731. /* We can ignore accept/reject, since "accept *:80, reject *:80" reduces
  732. * to "accept *:80". */
  733. if (a->maskbits > b->maskbits) {
  734. /* a has more fixed bits than b; it can't possibly cover b. */
  735. return 0;
  736. }
  737. if (tor_addr_compare_masked(&a->addr, &b->addr, a->maskbits, CMP_EXACT)) {
  738. /* There's a fixed bit in a that's set differently in b. */
  739. return 0;
  740. }
  741. return (a->prt_min <= b->prt_min && a->prt_max >= b->prt_max);
  742. }
  743. /** Return true iff the address policies <b>a</b> and <b>b</b> intersect,
  744. * that is, there exists an address/port that is covered by <b>a</b> that
  745. * is also covered by <b>b</b>.
  746. */
  747. static int
  748. addr_policy_intersects(addr_policy_t *a, addr_policy_t *b)
  749. {
  750. maskbits_t minbits;
  751. /* All the bits we care about are those that are set in both
  752. * netmasks. If they are equal in a and b's networkaddresses
  753. * then the networks intersect. If there is a difference,
  754. * then they do not. */
  755. if (a->maskbits < b->maskbits)
  756. minbits = a->maskbits;
  757. else
  758. minbits = b->maskbits;
  759. if (tor_addr_compare_masked(&a->addr, &b->addr, minbits, CMP_EXACT))
  760. return 0;
  761. if (a->prt_max < b->prt_min || b->prt_max < a->prt_min)
  762. return 0;
  763. return 1;
  764. }
  765. /** Add the exit policy described by <b>more</b> to <b>policy</b>.
  766. */
  767. static void
  768. append_exit_policy_string(smartlist_t **policy, const char *more)
  769. {
  770. config_line_t tmp;
  771. tmp.key = NULL;
  772. tmp.value = (char*) more;
  773. tmp.next = NULL;
  774. if (parse_addr_policy(&tmp, policy, -1)<0) {
  775. log_warn(LD_BUG, "Unable to parse internally generated policy %s",more);
  776. }
  777. }
  778. /** Add "reject <b>addr</b>:*" to <b>dest</b>, creating the list as needed. */
  779. void
  780. addr_policy_append_reject_addr(smartlist_t **dest, const tor_addr_t *addr)
  781. {
  782. addr_policy_t p, *add;
  783. memset(&p, 0, sizeof(p));
  784. p.policy_type = ADDR_POLICY_REJECT;
  785. p.maskbits = tor_addr_family(addr) == AF_INET6 ? 128 : 32;
  786. tor_addr_copy(&p.addr, addr);
  787. p.prt_min = 1;
  788. p.prt_max = 65535;
  789. add = addr_policy_get_canonical_entry(&p);
  790. if (!*dest)
  791. *dest = smartlist_new();
  792. smartlist_add(*dest, add);
  793. }
  794. /** Detect and excise "dead code" from the policy *<b>dest</b>. */
  795. static void
  796. exit_policy_remove_redundancies(smartlist_t *dest)
  797. {
  798. addr_policy_t *ap, *tmp;
  799. int i, j;
  800. /* Step one: kill every ipv4 thing after *4:*, every IPv6 thing after *6:*
  801. */
  802. {
  803. int kill_v4=0, kill_v6=0;
  804. for (i = 0; i < smartlist_len(dest); ++i) {
  805. sa_family_t family;
  806. ap = smartlist_get(dest, i);
  807. family = tor_addr_family(&ap->addr);
  808. if ((family == AF_INET && kill_v4) ||
  809. (family == AF_INET6 && kill_v6)) {
  810. smartlist_del_keeporder(dest, i--);
  811. addr_policy_free(ap);
  812. continue;
  813. }
  814. if (ap->maskbits == 0 && ap->prt_min <= 1 && ap->prt_max >= 65535) {
  815. /* This is a catch-all line -- later lines are unreachable. */
  816. if (family == AF_INET) {
  817. kill_v4 = 1;
  818. } else if (family == AF_INET6) {
  819. kill_v6 = 1;
  820. }
  821. }
  822. }
  823. }
  824. /* Step two: for every entry, see if there's a redundant entry
  825. * later on, and remove it. */
  826. for (i = 0; i < smartlist_len(dest)-1; ++i) {
  827. ap = smartlist_get(dest, i);
  828. for (j = i+1; j < smartlist_len(dest); ++j) {
  829. tmp = smartlist_get(dest, j);
  830. tor_assert(j > i);
  831. if (addr_policy_covers(ap, tmp)) {
  832. char p1[POLICY_BUF_LEN], p2[POLICY_BUF_LEN];
  833. policy_write_item(p1, sizeof(p1), tmp, 0);
  834. policy_write_item(p2, sizeof(p2), ap, 0);
  835. log_debug(LD_CONFIG, "Removing exit policy %s (%d). It is made "
  836. "redundant by %s (%d).", p1, j, p2, i);
  837. smartlist_del_keeporder(dest, j--);
  838. addr_policy_free(tmp);
  839. }
  840. }
  841. }
  842. /* Step three: for every entry A, see if there's an entry B making this one
  843. * redundant later on. This is the case if A and B are of the same type
  844. * (accept/reject), A is a subset of B, and there is no other entry of
  845. * different type in between those two that intersects with A.
  846. *
  847. * Anybody want to double-check the logic here? XXX
  848. */
  849. for (i = 0; i < smartlist_len(dest)-1; ++i) {
  850. ap = smartlist_get(dest, i);
  851. for (j = i+1; j < smartlist_len(dest); ++j) {
  852. // tor_assert(j > i); // j starts out at i+1; j only increases; i only
  853. // // decreases.
  854. tmp = smartlist_get(dest, j);
  855. if (ap->policy_type != tmp->policy_type) {
  856. if (addr_policy_intersects(ap, tmp))
  857. break;
  858. } else { /* policy_types are equal. */
  859. if (addr_policy_covers(tmp, ap)) {
  860. char p1[POLICY_BUF_LEN], p2[POLICY_BUF_LEN];
  861. policy_write_item(p1, sizeof(p1), ap, 0);
  862. policy_write_item(p2, sizeof(p2), tmp, 0);
  863. log_debug(LD_CONFIG, "Removing exit policy %s. It is already "
  864. "covered by %s.", p1, p2);
  865. smartlist_del_keeporder(dest, i--);
  866. addr_policy_free(ap);
  867. break;
  868. }
  869. }
  870. }
  871. }
  872. }
  873. #define DEFAULT_EXIT_POLICY \
  874. "reject *:25,reject *:119,reject *:135-139,reject *:445," \
  875. "reject *:563,reject *:1214,reject *:4661-4666," \
  876. "reject *:6346-6429,reject *:6699,reject *:6881-6999,accept *:*"
  877. /** Parse the exit policy <b>cfg</b> into the linked list *<b>dest</b>. If
  878. * cfg doesn't end in an absolute accept or reject and if
  879. * <b>add_default_policy</b> is true, add the default exit
  880. * policy afterwards. If <b>rejectprivate</b> is true, prepend
  881. * "reject private:*" to the policy. Return -1 if we can't parse cfg,
  882. * else return 0.
  883. *
  884. * This function is used to parse the exit policy from our torrc. For
  885. * the functions used to parse the exit policy from a router descriptor,
  886. * see router_add_exit_policy.
  887. */
  888. int
  889. policies_parse_exit_policy(config_line_t *cfg, smartlist_t **dest,
  890. int ipv6_exit,
  891. int rejectprivate, uint32_t local_address,
  892. int add_default_policy)
  893. {
  894. if (!ipv6_exit) {
  895. append_exit_policy_string(dest, "reject *6:*");
  896. }
  897. if (rejectprivate) {
  898. append_exit_policy_string(dest, "reject private:*");
  899. if (local_address) {
  900. char buf[POLICY_BUF_LEN];
  901. tor_snprintf(buf, sizeof(buf), "reject %s:*", fmt_addr32(local_address));
  902. append_exit_policy_string(dest, buf);
  903. }
  904. }
  905. if (parse_addr_policy(cfg, dest, -1))
  906. return -1;
  907. if (add_default_policy) {
  908. append_exit_policy_string(dest, DEFAULT_EXIT_POLICY);
  909. } else {
  910. append_exit_policy_string(dest, "reject *4:*");
  911. append_exit_policy_string(dest, "reject *6:*");
  912. }
  913. exit_policy_remove_redundancies(*dest);
  914. return 0;
  915. }
  916. /** Add "reject *:*" to the end of the policy in *<b>dest</b>, allocating
  917. * *<b>dest</b> as needed. */
  918. void
  919. policies_exit_policy_append_reject_star(smartlist_t **dest)
  920. {
  921. append_exit_policy_string(dest, "reject *4:*");
  922. append_exit_policy_string(dest, "reject *6:*");
  923. }
  924. /** Replace the exit policy of <b>node</b> with reject *:* */
  925. void
  926. policies_set_node_exitpolicy_to_reject_all(node_t *node)
  927. {
  928. node->rejects_all = 1;
  929. }
  930. /** Return 1 if there is at least one /8 subnet in <b>policy</b> that
  931. * allows exiting to <b>port</b>. Otherwise, return 0. */
  932. static int
  933. exit_policy_is_general_exit_helper(smartlist_t *policy, int port)
  934. {
  935. uint32_t mask, ip, i;
  936. /* Is this /8 rejected (1), or undecided (0)? */
  937. char subnet_status[256];
  938. memset(subnet_status, 0, sizeof(subnet_status));
  939. SMARTLIST_FOREACH_BEGIN(policy, addr_policy_t *, p) {
  940. if (tor_addr_family(&p->addr) != AF_INET)
  941. continue; /* IPv4 only for now */
  942. if (p->prt_min > port || p->prt_max < port)
  943. continue; /* Doesn't cover our port. */
  944. mask = 0;
  945. tor_assert(p->maskbits <= 32);
  946. if (p->maskbits)
  947. mask = UINT32_MAX<<(32-p->maskbits);
  948. ip = tor_addr_to_ipv4h(&p->addr);
  949. /* Calculate the first and last subnet that this exit policy touches
  950. * and set it as loop boundaries. */
  951. for (i = ((mask & ip)>>24); i <= (~((mask & ip) ^ mask)>>24); ++i) {
  952. tor_addr_t addr;
  953. if (subnet_status[i] != 0)
  954. continue; /* We already reject some part of this /8 */
  955. tor_addr_from_ipv4h(&addr, i<<24);
  956. if (tor_addr_is_internal(&addr, 0))
  957. continue; /* Local or non-routable addresses */
  958. if (p->policy_type == ADDR_POLICY_ACCEPT) {
  959. if (p->maskbits > 8)
  960. continue; /* Narrower than a /8. */
  961. /* We found an allowed subnet of at least size /8. Done
  962. * for this port! */
  963. return 1;
  964. } else if (p->policy_type == ADDR_POLICY_REJECT) {
  965. subnet_status[i] = 1;
  966. }
  967. }
  968. } SMARTLIST_FOREACH_END(p);
  969. return 0;
  970. }
  971. /** Return true iff <b>ri</b> is "useful as an exit node", meaning
  972. * it allows exit to at least one /8 address space for at least
  973. * two of ports 80, 443, and 6667. */
  974. int
  975. exit_policy_is_general_exit(smartlist_t *policy)
  976. {
  977. static const int ports[] = { 80, 443, 6667 };
  978. int n_allowed = 0;
  979. int i;
  980. if (!policy) /*XXXX disallow NULL policies? */
  981. return 0;
  982. for (i = 0; i < 3; ++i) {
  983. n_allowed += exit_policy_is_general_exit_helper(policy, ports[i]);
  984. }
  985. return n_allowed >= 2;
  986. }
  987. /** Return false if <b>policy</b> might permit access to some addr:port;
  988. * otherwise if we are certain it rejects everything, return true. */
  989. int
  990. policy_is_reject_star(const smartlist_t *policy, sa_family_t family)
  991. {
  992. if (!policy) /*XXXX disallow NULL policies? */
  993. return 1;
  994. SMARTLIST_FOREACH_BEGIN(policy, addr_policy_t *, p) {
  995. if (p->policy_type == ADDR_POLICY_ACCEPT &&
  996. (tor_addr_family(&p->addr) == family ||
  997. tor_addr_family(&p->addr) == AF_UNSPEC)) {
  998. return 0;
  999. } else if (p->policy_type == ADDR_POLICY_REJECT &&
  1000. p->prt_min <= 1 && p->prt_max == 65535 &&
  1001. p->maskbits == 0 &&
  1002. (tor_addr_family(&p->addr) == family ||
  1003. tor_addr_family(&p->addr) == AF_UNSPEC)) {
  1004. return 1;
  1005. }
  1006. } SMARTLIST_FOREACH_END(p);
  1007. return 1;
  1008. }
  1009. /** Write a single address policy to the buf_len byte buffer at buf. Return
  1010. * the number of characters written, or -1 on failure. */
  1011. int
  1012. policy_write_item(char *buf, size_t buflen, addr_policy_t *policy,
  1013. int format_for_desc)
  1014. {
  1015. size_t written = 0;
  1016. char addrbuf[TOR_ADDR_BUF_LEN];
  1017. const char *addrpart;
  1018. int result;
  1019. const int is_accept = policy->policy_type == ADDR_POLICY_ACCEPT;
  1020. const sa_family_t family = tor_addr_family(&policy->addr);
  1021. const int is_ip6 = (family == AF_INET6);
  1022. tor_addr_to_str(addrbuf, &policy->addr, sizeof(addrbuf), 1);
  1023. /* write accept/reject 1.2.3.4 */
  1024. if (policy->is_private) {
  1025. addrpart = "private";
  1026. } else if (policy->maskbits == 0) {
  1027. if (format_for_desc)
  1028. addrpart = "*";
  1029. else if (family == AF_INET6)
  1030. addrpart = "*6";
  1031. else if (family == AF_INET)
  1032. addrpart = "*4";
  1033. else
  1034. addrpart = "*";
  1035. } else {
  1036. addrpart = addrbuf;
  1037. }
  1038. result = tor_snprintf(buf, buflen, "%s%s %s",
  1039. is_accept ? "accept" : "reject",
  1040. (is_ip6&&format_for_desc)?"6":"",
  1041. addrpart);
  1042. if (result < 0)
  1043. return -1;
  1044. written += strlen(buf);
  1045. /* If the maskbits is 32 we don't need to give it. If the mask is 0,
  1046. * we already wrote "*". */
  1047. if (policy->maskbits < 32 && policy->maskbits > 0) {
  1048. if (tor_snprintf(buf+written, buflen-written, "/%d", policy->maskbits)<0)
  1049. return -1;
  1050. written += strlen(buf+written);
  1051. }
  1052. if (policy->prt_min <= 1 && policy->prt_max == 65535) {
  1053. /* There is no port set; write ":*" */
  1054. if (written+4 > buflen)
  1055. return -1;
  1056. strlcat(buf+written, ":*", buflen-written);
  1057. written += 2;
  1058. } else if (policy->prt_min == policy->prt_max) {
  1059. /* There is only one port; write ":80". */
  1060. result = tor_snprintf(buf+written, buflen-written, ":%d", policy->prt_min);
  1061. if (result<0)
  1062. return -1;
  1063. written += result;
  1064. } else {
  1065. /* There is a range of ports; write ":79-80". */
  1066. result = tor_snprintf(buf+written, buflen-written, ":%d-%d",
  1067. policy->prt_min, policy->prt_max);
  1068. if (result<0)
  1069. return -1;
  1070. written += result;
  1071. }
  1072. if (written < buflen)
  1073. buf[written] = '\0';
  1074. else
  1075. return -1;
  1076. return (int)written;
  1077. }
  1078. /** Create a new exit policy summary, initially only with a single
  1079. * port 1-64k item */
  1080. /* XXXX This entire thing will do most stuff in O(N^2), or worse. Use an
  1081. * RB-tree if that turns out to matter. */
  1082. static smartlist_t *
  1083. policy_summary_create(void)
  1084. {
  1085. smartlist_t *summary;
  1086. policy_summary_item_t* item;
  1087. item = tor_malloc_zero(sizeof(policy_summary_item_t));
  1088. item->prt_min = 1;
  1089. item->prt_max = 65535;
  1090. item->reject_count = 0;
  1091. item->accepted = 0;
  1092. summary = smartlist_new();
  1093. smartlist_add(summary, item);
  1094. return summary;
  1095. }
  1096. /** Split the summary item in <b>item</b> at the port <b>new_starts</b>.
  1097. * The current item is changed to end at new-starts - 1, the new item
  1098. * copies reject_count and accepted from the old item,
  1099. * starts at new_starts and ends at the port where the original item
  1100. * previously ended.
  1101. */
  1102. static policy_summary_item_t*
  1103. policy_summary_item_split(policy_summary_item_t* old, uint16_t new_starts)
  1104. {
  1105. policy_summary_item_t* new;
  1106. new = tor_malloc_zero(sizeof(policy_summary_item_t));
  1107. new->prt_min = new_starts;
  1108. new->prt_max = old->prt_max;
  1109. new->reject_count = old->reject_count;
  1110. new->accepted = old->accepted;
  1111. old->prt_max = new_starts-1;
  1112. tor_assert(old->prt_min <= old->prt_max);
  1113. tor_assert(new->prt_min <= new->prt_max);
  1114. return new;
  1115. }
  1116. /* XXXX Nick says I'm going to hell for this. If he feels charitably towards
  1117. * my immortal soul, he can clean it up himself. */
  1118. #define AT(x) ((policy_summary_item_t*)smartlist_get(summary, x))
  1119. #define REJECT_CUTOFF_COUNT (1<<25)
  1120. /** Split an exit policy summary so that prt_min and prt_max
  1121. * fall at exactly the start and end of an item respectively.
  1122. */
  1123. static int
  1124. policy_summary_split(smartlist_t *summary,
  1125. uint16_t prt_min, uint16_t prt_max)
  1126. {
  1127. int start_at_index;
  1128. int i = 0;
  1129. while (AT(i)->prt_max < prt_min)
  1130. i++;
  1131. if (AT(i)->prt_min != prt_min) {
  1132. policy_summary_item_t* new_item;
  1133. new_item = policy_summary_item_split(AT(i), prt_min);
  1134. smartlist_insert(summary, i+1, new_item);
  1135. i++;
  1136. }
  1137. start_at_index = i;
  1138. while (AT(i)->prt_max < prt_max)
  1139. i++;
  1140. if (AT(i)->prt_max != prt_max) {
  1141. policy_summary_item_t* new_item;
  1142. new_item = policy_summary_item_split(AT(i), prt_max+1);
  1143. smartlist_insert(summary, i+1, new_item);
  1144. }
  1145. return start_at_index;
  1146. }
  1147. /** Mark port ranges as accepted if they are below the reject_count */
  1148. static void
  1149. policy_summary_accept(smartlist_t *summary,
  1150. uint16_t prt_min, uint16_t prt_max)
  1151. {
  1152. int i = policy_summary_split(summary, prt_min, prt_max);
  1153. while (i < smartlist_len(summary) &&
  1154. AT(i)->prt_max <= prt_max) {
  1155. if (!AT(i)->accepted &&
  1156. AT(i)->reject_count <= REJECT_CUTOFF_COUNT)
  1157. AT(i)->accepted = 1;
  1158. i++;
  1159. }
  1160. tor_assert(i < smartlist_len(summary) || prt_max==65535);
  1161. }
  1162. /** Count the number of addresses in a network with prefixlen maskbits
  1163. * against the given portrange. */
  1164. static void
  1165. policy_summary_reject(smartlist_t *summary,
  1166. maskbits_t maskbits,
  1167. uint16_t prt_min, uint16_t prt_max)
  1168. {
  1169. int i = policy_summary_split(summary, prt_min, prt_max);
  1170. /* XXX: ipv4 specific */
  1171. uint64_t count = (U64_LITERAL(1) << (32-maskbits));
  1172. while (i < smartlist_len(summary) &&
  1173. AT(i)->prt_max <= prt_max) {
  1174. AT(i)->reject_count += count;
  1175. i++;
  1176. }
  1177. tor_assert(i < smartlist_len(summary) || prt_max==65535);
  1178. }
  1179. /** Add a single exit policy item to our summary:
  1180. * If it is an accept ignore it unless it is for all IP addresses
  1181. * ("*"), i.e. it's prefixlen/maskbits is 0, else call
  1182. * policy_summary_accept().
  1183. * If it's a reject ignore it if it is about one of the private
  1184. * networks, else call policy_summary_reject().
  1185. */
  1186. static void
  1187. policy_summary_add_item(smartlist_t *summary, addr_policy_t *p)
  1188. {
  1189. if (p->policy_type == ADDR_POLICY_ACCEPT) {
  1190. if (p->maskbits == 0) {
  1191. policy_summary_accept(summary, p->prt_min, p->prt_max);
  1192. }
  1193. } else if (p->policy_type == ADDR_POLICY_REJECT) {
  1194. int is_private = 0;
  1195. int i;
  1196. for (i = 0; private_nets[i]; ++i) {
  1197. tor_addr_t addr;
  1198. maskbits_t maskbits;
  1199. if (tor_addr_parse_mask_ports(private_nets[i], 0, &addr,
  1200. &maskbits, NULL, NULL)<0) {
  1201. tor_assert(0);
  1202. }
  1203. if (tor_addr_compare(&p->addr, &addr, CMP_EXACT) == 0 &&
  1204. p->maskbits == maskbits) {
  1205. is_private = 1;
  1206. break;
  1207. }
  1208. }
  1209. if (!is_private) {
  1210. policy_summary_reject(summary, p->maskbits, p->prt_min, p->prt_max);
  1211. }
  1212. } else
  1213. tor_assert(0);
  1214. }
  1215. /** Create a string representing a summary for an exit policy.
  1216. * The summary will either be an "accept" plus a comma-separated list of port
  1217. * ranges or a "reject" plus port-ranges, depending on which is shorter.
  1218. *
  1219. * If no exits are allowed at all then NULL is returned, if no ports
  1220. * are blocked instead of "reject " we return "accept 1-65535" (this
  1221. * is an exception to the shorter-representation-wins rule).
  1222. */
  1223. char *
  1224. policy_summarize(smartlist_t *policy, sa_family_t family)
  1225. {
  1226. smartlist_t *summary = policy_summary_create();
  1227. smartlist_t *accepts, *rejects;
  1228. int i, last, start_prt;
  1229. size_t accepts_len, rejects_len;
  1230. char *accepts_str = NULL, *rejects_str = NULL, *shorter_str, *result;
  1231. const char *prefix;
  1232. tor_assert(policy);
  1233. /* Create the summary list */
  1234. SMARTLIST_FOREACH_BEGIN(policy, addr_policy_t *, p) {
  1235. sa_family_t f = tor_addr_family(&p->addr);
  1236. if (f != AF_INET && f != AF_INET6) {
  1237. log_warn(LD_BUG, "Weird family when summarizing address policy");
  1238. }
  1239. if (f != family)
  1240. continue;
  1241. /* XXXX-ipv6 More family work is needed */
  1242. policy_summary_add_item(summary, p);
  1243. } SMARTLIST_FOREACH_END(p);
  1244. /* Now create two lists of strings, one for accepted and one
  1245. * for rejected ports. We take care to merge ranges so that
  1246. * we avoid getting stuff like "1-4,5-9,10", instead we want
  1247. * "1-10"
  1248. */
  1249. i = 0;
  1250. start_prt = 1;
  1251. accepts = smartlist_new();
  1252. rejects = smartlist_new();
  1253. while (1) {
  1254. last = i == smartlist_len(summary)-1;
  1255. if (last ||
  1256. AT(i)->accepted != AT(i+1)->accepted) {
  1257. char buf[POLICY_BUF_LEN];
  1258. if (start_prt == AT(i)->prt_max)
  1259. tor_snprintf(buf, sizeof(buf), "%d", start_prt);
  1260. else
  1261. tor_snprintf(buf, sizeof(buf), "%d-%d", start_prt, AT(i)->prt_max);
  1262. if (AT(i)->accepted)
  1263. smartlist_add(accepts, tor_strdup(buf));
  1264. else
  1265. smartlist_add(rejects, tor_strdup(buf));
  1266. if (last)
  1267. break;
  1268. start_prt = AT(i+1)->prt_min;
  1269. };
  1270. i++;
  1271. };
  1272. /* Figure out which of the two stringlists will be shorter and use
  1273. * that to build the result
  1274. */
  1275. if (smartlist_len(accepts) == 0) { /* no exits at all */
  1276. result = tor_strdup("reject 1-65535");
  1277. goto cleanup;
  1278. }
  1279. if (smartlist_len(rejects) == 0) { /* no rejects at all */
  1280. result = tor_strdup("accept 1-65535");
  1281. goto cleanup;
  1282. }
  1283. accepts_str = smartlist_join_strings(accepts, ",", 0, &accepts_len);
  1284. rejects_str = smartlist_join_strings(rejects, ",", 0, &rejects_len);
  1285. if (rejects_len > MAX_EXITPOLICY_SUMMARY_LEN-strlen("reject")-1 &&
  1286. accepts_len > MAX_EXITPOLICY_SUMMARY_LEN-strlen("accept")-1) {
  1287. char *c;
  1288. shorter_str = accepts_str;
  1289. prefix = "accept";
  1290. c = shorter_str + (MAX_EXITPOLICY_SUMMARY_LEN-strlen(prefix)-1);
  1291. while (*c != ',' && c >= shorter_str)
  1292. c--;
  1293. tor_assert(c >= shorter_str);
  1294. tor_assert(*c == ',');
  1295. *c = '\0';
  1296. } else if (rejects_len < accepts_len) {
  1297. shorter_str = rejects_str;
  1298. prefix = "reject";
  1299. } else {
  1300. shorter_str = accepts_str;
  1301. prefix = "accept";
  1302. }
  1303. tor_asprintf(&result, "%s %s", prefix, shorter_str);
  1304. cleanup:
  1305. /* cleanup */
  1306. SMARTLIST_FOREACH(summary, policy_summary_item_t *, s, tor_free(s));
  1307. smartlist_free(summary);
  1308. tor_free(accepts_str);
  1309. SMARTLIST_FOREACH(accepts, char *, s, tor_free(s));
  1310. smartlist_free(accepts);
  1311. tor_free(rejects_str);
  1312. SMARTLIST_FOREACH(rejects, char *, s, tor_free(s));
  1313. smartlist_free(rejects);
  1314. return result;
  1315. }
  1316. /** Convert a summarized policy string into a short_policy_t. Return NULL
  1317. * if the string is not well-formed. */
  1318. short_policy_t *
  1319. parse_short_policy(const char *summary)
  1320. {
  1321. const char *orig_summary = summary;
  1322. short_policy_t *result;
  1323. int is_accept;
  1324. int n_entries;
  1325. short_policy_entry_t entries[MAX_EXITPOLICY_SUMMARY_LEN]; /* overkill */
  1326. const char *next;
  1327. if (!strcmpstart(summary, "accept ")) {
  1328. is_accept = 1;
  1329. summary += strlen("accept ");
  1330. } else if (!strcmpstart(summary, "reject ")) {
  1331. is_accept = 0;
  1332. summary += strlen("reject ");
  1333. } else {
  1334. log_fn(LOG_PROTOCOL_WARN, LD_DIR, "Unrecognized policy summary keyword");
  1335. return NULL;
  1336. }
  1337. n_entries = 0;
  1338. for ( ; *summary; summary = next) {
  1339. const char *comma = strchr(summary, ',');
  1340. unsigned low, high;
  1341. char dummy;
  1342. char ent_buf[32];
  1343. size_t len;
  1344. next = comma ? comma+1 : strchr(summary, '\0');
  1345. len = comma ? (size_t)(comma - summary) : strlen(summary);
  1346. if (n_entries == MAX_EXITPOLICY_SUMMARY_LEN) {
  1347. log_fn(LOG_PROTOCOL_WARN, LD_DIR, "Impossibly long policy summary %s",
  1348. escaped(orig_summary));
  1349. return NULL;
  1350. }
  1351. if (! TOR_ISDIGIT(*summary) || len > (sizeof(ent_buf)-1)) {
  1352. /* unrecognized entry format. skip it. */
  1353. continue;
  1354. }
  1355. if (len < 1) {
  1356. /* empty; skip it. */
  1357. /* XXX This happens to be unreachable, since if len==0, then *summary is
  1358. * ',' or '\0', and the TOR_ISDIGIT test above would have failed. */
  1359. continue;
  1360. }
  1361. memcpy(ent_buf, summary, len);
  1362. ent_buf[len] = '\0';
  1363. if (tor_sscanf(ent_buf, "%u-%u%c", &low, &high, &dummy) == 2) {
  1364. if (low<1 || low>65535 || high<1 || high>65535 || low>high) {
  1365. log_fn(LOG_PROTOCOL_WARN, LD_DIR,
  1366. "Found bad entry in policy summary %s", escaped(orig_summary));
  1367. return NULL;
  1368. }
  1369. } else if (tor_sscanf(ent_buf, "%u%c", &low, &dummy) == 1) {
  1370. if (low<1 || low>65535) {
  1371. log_fn(LOG_PROTOCOL_WARN, LD_DIR,
  1372. "Found bad entry in policy summary %s", escaped(orig_summary));
  1373. return NULL;
  1374. }
  1375. high = low;
  1376. } else {
  1377. log_fn(LOG_PROTOCOL_WARN, LD_DIR,"Found bad entry in policy summary %s",
  1378. escaped(orig_summary));
  1379. return NULL;
  1380. }
  1381. entries[n_entries].min_port = low;
  1382. entries[n_entries].max_port = high;
  1383. n_entries++;
  1384. }
  1385. if (n_entries == 0) {
  1386. log_fn(LOG_PROTOCOL_WARN, LD_DIR,
  1387. "Found no port-range entries in summary %s", escaped(orig_summary));
  1388. return NULL;
  1389. }
  1390. {
  1391. size_t size = STRUCT_OFFSET(short_policy_t, entries) +
  1392. sizeof(short_policy_entry_t)*(n_entries);
  1393. result = tor_malloc_zero(size);
  1394. tor_assert( (char*)&result->entries[n_entries-1] < ((char*)result)+size);
  1395. }
  1396. result->is_accept = is_accept;
  1397. result->n_entries = n_entries;
  1398. memcpy(result->entries, entries, sizeof(short_policy_entry_t)*n_entries);
  1399. return result;
  1400. }
  1401. /** Write <b>policy</b> back out into a string. Used only for unit tests
  1402. * currently. */
  1403. char *
  1404. write_short_policy(const short_policy_t *policy)
  1405. {
  1406. int i;
  1407. char *answer;
  1408. smartlist_t *sl = smartlist_new();
  1409. smartlist_add_asprintf(sl, "%s", policy->is_accept ? "accept " : "reject ");
  1410. for (i=0; i < policy->n_entries; i++) {
  1411. const short_policy_entry_t *e = &policy->entries[i];
  1412. if (e->min_port == e->max_port) {
  1413. smartlist_add_asprintf(sl, "%d", e->min_port);
  1414. } else {
  1415. smartlist_add_asprintf(sl, "%d-%d", e->min_port, e->max_port);
  1416. }
  1417. if (i < policy->n_entries-1)
  1418. smartlist_add(sl, tor_strdup(","));
  1419. }
  1420. answer = smartlist_join_strings(sl, "", 0, NULL);
  1421. SMARTLIST_FOREACH(sl, char *, a, tor_free(a));
  1422. smartlist_free(sl);
  1423. return answer;
  1424. }
  1425. /** Release all storage held in <b>policy</b>. */
  1426. void
  1427. short_policy_free(short_policy_t *policy)
  1428. {
  1429. tor_free(policy);
  1430. }
  1431. /** See whether the <b>addr</b>:<b>port</b> address is likely to be accepted
  1432. * or rejected by the summarized policy <b>policy</b>. Return values are as
  1433. * for compare_tor_addr_to_addr_policy. Unlike the regular addr_policy
  1434. * functions, requires the <b>port</b> be specified. */
  1435. addr_policy_result_t
  1436. compare_tor_addr_to_short_policy(const tor_addr_t *addr, uint16_t port,
  1437. const short_policy_t *policy)
  1438. {
  1439. int i;
  1440. int found_match = 0;
  1441. int accept;
  1442. tor_assert(port != 0);
  1443. if (addr && tor_addr_is_null(addr))
  1444. addr = NULL; /* Unspec means 'no address at all,' in this context. */
  1445. if (addr && get_options()->ClientRejectInternalAddresses &&
  1446. (tor_addr_is_internal(addr, 0) || tor_addr_is_loopback(addr)))
  1447. return ADDR_POLICY_REJECTED;
  1448. for (i=0; i < policy->n_entries; ++i) {
  1449. const short_policy_entry_t *e = &policy->entries[i];
  1450. if (e->min_port <= port && port <= e->max_port) {
  1451. found_match = 1;
  1452. break;
  1453. }
  1454. }
  1455. if (found_match)
  1456. accept = policy->is_accept;
  1457. else
  1458. accept = ! policy->is_accept;
  1459. /* ???? are these right? -NM */
  1460. /* We should be sure not to return ADDR_POLICY_ACCEPTED in the accept
  1461. * case here, because it would cause clients to believe that the node
  1462. * allows exit enclaving. Trying it anyway would open up a cool attack
  1463. * where the node refuses due to exitpolicy, the client reacts in
  1464. * surprise by rewriting the node's exitpolicy to reject *:*, and then
  1465. * a bad guy targets users by causing them to attempt such connections
  1466. * to 98% of the exits.
  1467. *
  1468. * Once microdescriptors can handle addresses in special cases (e.g. if
  1469. * we ever solve ticket 1774), we can provide certainty here. -RD */
  1470. if (accept)
  1471. return ADDR_POLICY_PROBABLY_ACCEPTED;
  1472. else
  1473. return ADDR_POLICY_REJECTED;
  1474. }
  1475. /** Return true iff <b>policy</b> seems reject all ports */
  1476. int
  1477. short_policy_is_reject_star(const short_policy_t *policy)
  1478. {
  1479. /* This doesn't need to be as much on the lookout as policy_is_reject_star,
  1480. * since policy summaries are from the consensus or from consensus
  1481. * microdescs.
  1482. */
  1483. tor_assert(policy);
  1484. /* Check for an exact match of "reject 1-65535". */
  1485. return (policy->is_accept == 0 && policy->n_entries == 1 &&
  1486. policy->entries[0].min_port == 1 &&
  1487. policy->entries[0].max_port == 65535);
  1488. }
  1489. /** Decide whether addr:port is probably or definitely accepted or rejected by
  1490. * <b>node</b>. See compare_tor_addr_to_addr_policy for details on addr/port
  1491. * interpretation. */
  1492. addr_policy_result_t
  1493. compare_tor_addr_to_node_policy(const tor_addr_t *addr, uint16_t port,
  1494. const node_t *node)
  1495. {
  1496. if (node->rejects_all)
  1497. return ADDR_POLICY_REJECTED;
  1498. if (addr && tor_addr_family(addr) == AF_INET6) {
  1499. const short_policy_t *p = NULL;
  1500. if (node->ri)
  1501. p = node->ri->ipv6_exit_policy;
  1502. else if (node->md)
  1503. p = node->md->ipv6_exit_policy;
  1504. if (p)
  1505. return compare_tor_addr_to_short_policy(addr, port, p);
  1506. else
  1507. return ADDR_POLICY_REJECTED;
  1508. }
  1509. if (node->ri) {
  1510. return compare_tor_addr_to_addr_policy(addr, port, node->ri->exit_policy);
  1511. } else if (node->md) {
  1512. if (node->md->exit_policy == NULL)
  1513. return ADDR_POLICY_REJECTED;
  1514. else
  1515. return compare_tor_addr_to_short_policy(addr, port,
  1516. node->md->exit_policy);
  1517. } else {
  1518. return ADDR_POLICY_PROBABLY_REJECTED;
  1519. }
  1520. }
  1521. /** Implementation for GETINFO control command: knows the answer for questions
  1522. * about "exit-policy/..." */
  1523. int
  1524. getinfo_helper_policies(control_connection_t *conn,
  1525. const char *question, char **answer,
  1526. const char **errmsg)
  1527. {
  1528. (void) conn;
  1529. (void) errmsg;
  1530. if (!strcmp(question, "exit-policy/default")) {
  1531. *answer = tor_strdup(DEFAULT_EXIT_POLICY);
  1532. } else if (!strcmpstart(question, "exit-policy/")) {
  1533. const routerinfo_t *me = router_get_my_routerinfo();
  1534. int include_ipv4 = 0;
  1535. int include_ipv6 = 0;
  1536. if (!strcmp(question, "exit-policy/ipv4")) {
  1537. include_ipv4 = 1;
  1538. } else if (!strcmp(question, "exit-policy/ipv6")) {
  1539. include_ipv6 = 1;
  1540. } else if (!strcmp(question, "exit-policy/full")) {
  1541. include_ipv4 = include_ipv6 = 1;
  1542. } else {
  1543. return 0; /* No such key. */
  1544. }
  1545. if (!me) {
  1546. *errmsg = "router_get_my_routerinfo returned NULL";
  1547. return -1;
  1548. }
  1549. *answer = router_dump_exit_policy_to_string(me,include_ipv4,include_ipv6);
  1550. }
  1551. return 0;
  1552. }
  1553. /** Release all storage held by <b>p</b>. */
  1554. void
  1555. addr_policy_list_free(smartlist_t *lst)
  1556. {
  1557. if (!lst)
  1558. return;
  1559. SMARTLIST_FOREACH(lst, addr_policy_t *, policy, addr_policy_free(policy));
  1560. smartlist_free(lst);
  1561. }
  1562. /** Release all storage held by <b>p</b>. */
  1563. void
  1564. addr_policy_free(addr_policy_t *p)
  1565. {
  1566. if (!p)
  1567. return;
  1568. if (--p->refcnt <= 0) {
  1569. if (p->is_canonical) {
  1570. policy_map_ent_t search, *found;
  1571. search.policy = p;
  1572. found = HT_REMOVE(policy_map, &policy_root, &search);
  1573. if (found) {
  1574. tor_assert(p == found->policy);
  1575. tor_free(found);
  1576. }
  1577. }
  1578. tor_free(p);
  1579. }
  1580. }
  1581. /** Release all storage held by policy variables. */
  1582. void
  1583. policies_free_all(void)
  1584. {
  1585. addr_policy_list_free(reachable_or_addr_policy);
  1586. reachable_or_addr_policy = NULL;
  1587. addr_policy_list_free(reachable_dir_addr_policy);
  1588. reachable_dir_addr_policy = NULL;
  1589. addr_policy_list_free(socks_policy);
  1590. socks_policy = NULL;
  1591. addr_policy_list_free(dir_policy);
  1592. dir_policy = NULL;
  1593. addr_policy_list_free(authdir_reject_policy);
  1594. authdir_reject_policy = NULL;
  1595. addr_policy_list_free(authdir_invalid_policy);
  1596. authdir_invalid_policy = NULL;
  1597. addr_policy_list_free(authdir_baddir_policy);
  1598. authdir_baddir_policy = NULL;
  1599. addr_policy_list_free(authdir_badexit_policy);
  1600. authdir_badexit_policy = NULL;
  1601. if (!HT_EMPTY(&policy_root)) {
  1602. policy_map_ent_t **ent;
  1603. int n = 0;
  1604. char buf[POLICY_BUF_LEN];
  1605. log_warn(LD_MM, "Still had %d address policies cached at shutdown.",
  1606. (int)HT_SIZE(&policy_root));
  1607. /* Note the first 10 cached policies to try to figure out where they
  1608. * might be coming from. */
  1609. HT_FOREACH(ent, policy_map, &policy_root) {
  1610. if (++n > 10)
  1611. break;
  1612. if (policy_write_item(buf, sizeof(buf), (*ent)->policy, 0) >= 0)
  1613. log_warn(LD_MM," %d [%d]: %s", n, (*ent)->policy->refcnt, buf);
  1614. }
  1615. }
  1616. HT_CLEAR(policy_map, &policy_root);
  1617. }