| 123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526527528529530531532533534535536537538539540541542543544545546547548549550551552553554555556557558559560561562563564565566567568569570571572573574575576577578579580581582583584585586587588589590591592593594595596597598599600601602603604605606607608609610611612613614615616617618619620621622623624625626627628629630631632633634635636637638639640641642643644645646647648649650651652653654655656657658659660661662663664665666667668669670671672673674675676677678679680681682683684685686687688689690691692693694695696697698699700701702703704705706707708709710711712713714715716717718719720721722723724725726727728729730731732733734735736737738739740741742743744745746747748749750751752753754755756757758759760761762763764765766767768769770771772773774775776777778779780781782783784785786787788789790791792793794795796797798799800801802803804805806807808809810811812813814815816817818819820821822823824825826827828829830831832833834835836837838839840841842843844845846847848849850851852853854855856857858859860861862863864865866867868869870871872873874875876877878879880881882883884885886887888889890891892893894895896897898899900901902903904905906907908909910911912913914915916917918919920921922923924925926927928929930931932933934935936937938939940941942943944945946947948949950951952953954955956957958959960961962963964965966967968969970971972973974975976977978979980981982983984985986987988989990991992993994995996997998999100010011002100310041005100610071008100910101011101210131014101510161017101810191020102110221023102410251026102710281029103010311032103310341035103610371038103910401041104210431044104510461047104810491050105110521053105410551056105710581059106010611062106310641065106610671068106910701071107210731074107510761077107810791080108110821083108410851086108710881089109010911092109310941095109610971098109911001101110211031104110511061107110811091110111111121113111411151116111711181119112011211122112311241125112611271128112911301131113211331134113511361137113811391140114111421143114411451146114711481149115011511152115311541155115611571158115911601161116211631164116511661167116811691170117111721173117411751176117711781179118011811182118311841185118611871188118911901191119211931194119511961197119811991200120112021203120412051206120712081209121012111212121312141215121612171218121912201221122212231224122512261227122812291230123112321233123412351236123712381239124012411242124312441245124612471248124912501251125212531254125512561257125812591260126112621263126412651266126712681269127012711272127312741275127612771278127912801281128212831284128512861287128812891290129112921293129412951296129712981299130013011302130313041305130613071308130913101311131213131314131513161317131813191320132113221323132413251326132713281329133013311332133313341335133613371338133913401341134213431344134513461347134813491350135113521353135413551356135713581359136013611362136313641365136613671368136913701371137213731374137513761377137813791380138113821383138413851386138713881389139013911392139313941395139613971398139914001401140214031404140514061407140814091410141114121413141414151416141714181419142014211422142314241425142614271428142914301431143214331434143514361437143814391440144114421443144414451446144714481449145014511452145314541455145614571458145914601461146214631464146514661467146814691470147114721473147414751476147714781479148014811482148314841485148614871488148914901491149214931494149514961497149814991500150115021503150415051506150715081509151015111512151315141515151615171518151915201521152215231524152515261527152815291530153115321533153415351536153715381539154015411542154315441545154615471548154915501551155215531554155515561557155815591560156115621563156415651566156715681569157015711572157315741575157615771578157915801581158215831584158515861587158815891590159115921593159415951596159715981599160016011602160316041605160616071608160916101611161216131614161516161617161816191620162116221623162416251626162716281629163016311632163316341635163616371638163916401641164216431644164516461647164816491650165116521653165416551656165716581659166016611662166316641665166616671668166916701671167216731674167516761677167816791680168116821683168416851686168716881689169016911692169316941695169616971698169917001701170217031704170517061707170817091710171117121713171417151716171717181719172017211722172317241725172617271728172917301731173217331734173517361737173817391740174117421743174417451746174717481749175017511752175317541755175617571758175917601761176217631764176517661767176817691770177117721773177417751776177717781779178017811782178317841785178617871788178917901791179217931794179517961797179817991800180118021803180418051806180718081809181018111812181318141815181618171818181918201821182218231824182518261827182818291830183118321833183418351836183718381839184018411842184318441845184618471848184918501851185218531854185518561857185818591860186118621863186418651866186718681869187018711872187318741875187618771878187918801881188218831884188518861887188818891890189118921893189418951896189718981899190019011902190319041905190619071908190919101911191219131914191519161917191819191920192119221923192419251926192719281929193019311932193319341935193619371938193919401941194219431944194519461947194819491950195119521953195419551956195719581959196019611962196319641965196619671968196919701971197219731974197519761977197819791980198119821983198419851986198719881989199019911992199319941995199619971998199920002001200220032004200520062007200820092010201120122013201420152016201720182019202020212022202320242025202620272028202920302031203220332034203520362037203820392040204120422043204420452046204720482049205020512052205320542055205620572058205920602061206220632064206520662067206820692070207120722073207420752076207720782079208020812082208320842085208620872088208920902091209220932094209520962097209820992100210121022103210421052106210721082109211021112112211321142115211621172118211921202121212221232124212521262127212821292130213121322133213421352136213721382139214021412142214321442145214621472148214921502151215221532154215521562157215821592160216121622163216421652166216721682169217021712172217321742175217621772178217921802181218221832184218521862187218821892190219121922193219421952196219721982199220022012202220322042205220622072208220922102211221222132214221522162217221822192220222122222223222422252226222722282229223022312232223322342235223622372238223922402241224222432244224522462247224822492250225122522253225422552256225722582259226022612262226322642265226622672268226922702271227222732274227522762277227822792280228122822283228422852286228722882289229022912292 | /* Copyright (c) 2001-2004, Roger Dingledine. * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson. * Copyright (c) 2007-2015, The Tor Project, Inc. *//* See LICENSE for licensing information *//** * \file policies.c * \brief Code to parse and use address policies and exit policies. **/#define POLICIES_PRIVATE#include "or.h"#include "config.h"#include "dirserv.h"#include "nodelist.h"#include "policies.h"#include "router.h"#include "routerparse.h"#include "geoip.h"#include "ht.h"/** Policy that addresses for incoming SOCKS connections must match. */static smartlist_t *socks_policy = NULL;/** Policy that addresses for incoming directory connections must match. */static smartlist_t *dir_policy = NULL;/** Policy that addresses for incoming router descriptors must match in order * to be published by us. */static smartlist_t *authdir_reject_policy = NULL;/** Policy that addresses for incoming router descriptors must match in order * to be marked as valid in our networkstatus. */static smartlist_t *authdir_invalid_policy = NULL;/** Policy that addresses for incoming router descriptors must <b>not</b> * match in order to not be marked as BadExit. */static smartlist_t *authdir_badexit_policy = NULL;/** Parsed addr_policy_t describing which addresses we believe we can start * circuits at. */static smartlist_t *reachable_or_addr_policy = NULL;/** Parsed addr_policy_t describing which addresses we believe we can connect * to directories at. */static smartlist_t *reachable_dir_addr_policy = NULL;/** Element of an exit policy summary */typedef struct policy_summary_item_t {    uint16_t prt_min; /**< Lowest port number to accept/reject. */    uint16_t prt_max; /**< Highest port number to accept/reject. */    uint64_t reject_count; /**< Number of IP-Addresses that are rejected to                                this port range. */    unsigned int accepted:1; /** Has this port already been accepted */} policy_summary_item_t;/** Private networks.  This list is used in two places, once to expand the *  "private" keyword when parsing our own exit policy, secondly to ignore *  just such networks when building exit policy summaries.  It is important *  that all authorities agree on that list when creating summaries, so don't *  just change this without a proper migration plan and a proposal and stuff. */static const char *private_nets[] = {  "0.0.0.0/8", "169.254.0.0/16",  "127.0.0.0/8", "192.168.0.0/16", "10.0.0.0/8", "172.16.0.0/12",  "[::]/8",  "[fc00::]/7", "[fe80::]/10", "[fec0::]/10", "[ff00::]/8", "[::]/127",  NULL};static int policies_parse_exit_policy_internal(                                      config_line_t *cfg,                                      smartlist_t **dest,                                      int ipv6_exit,                                      int rejectprivate,                                      const smartlist_t *configured_addresses,                                      int reject_interface_addresses,                                      int reject_configured_port_addresses,                                      int add_default_policy);/** Replace all "private" entries in *<b>policy</b> with their expanded * equivalents. */voidpolicy_expand_private(smartlist_t **policy){  uint16_t port_min, port_max;  int i;  smartlist_t *tmp;  if (!*policy) /*XXXX disallow NULL policies? */    return;  tmp = smartlist_new();  SMARTLIST_FOREACH_BEGIN(*policy, addr_policy_t *, p) {     if (! p->is_private) {       smartlist_add(tmp, p);       continue;     }     for (i = 0; private_nets[i]; ++i) {       addr_policy_t newpolicy;       memcpy(&newpolicy, p, sizeof(addr_policy_t));       newpolicy.is_private = 0;       newpolicy.is_canonical = 0;       if (tor_addr_parse_mask_ports(private_nets[i], 0,                               &newpolicy.addr,                               &newpolicy.maskbits, &port_min, &port_max)<0) {         tor_assert(0);       }       smartlist_add(tmp, addr_policy_get_canonical_entry(&newpolicy));     }     addr_policy_free(p);  } SMARTLIST_FOREACH_END(p);  smartlist_free(*policy);  *policy = tmp;}/** Expand each of the AF_UNSPEC elements in *<b>policy</b> (which indicate * protocol-neutral wildcards) into a pair of wildcard elements: one IPv4- * specific and one IPv6-specific. */voidpolicy_expand_unspec(smartlist_t **policy){  smartlist_t *tmp;  if (!*policy)    return;  tmp = smartlist_new();  SMARTLIST_FOREACH_BEGIN(*policy, addr_policy_t *, p) {    sa_family_t family = tor_addr_family(&p->addr);    if (family == AF_INET6 || family == AF_INET || p->is_private) {      smartlist_add(tmp, p);    } else if (family == AF_UNSPEC) {      addr_policy_t newpolicy_ipv4;      addr_policy_t newpolicy_ipv6;      memcpy(&newpolicy_ipv4, p, sizeof(addr_policy_t));      memcpy(&newpolicy_ipv6, p, sizeof(addr_policy_t));      newpolicy_ipv4.is_canonical = 0;      newpolicy_ipv6.is_canonical = 0;      if (p->maskbits != 0) {        log_warn(LD_BUG, "AF_UNSPEC policy with maskbits==%d", p->maskbits);        newpolicy_ipv4.maskbits = 0;        newpolicy_ipv6.maskbits = 0;      }      tor_addr_from_ipv4h(&newpolicy_ipv4.addr, 0);      tor_addr_from_ipv6_bytes(&newpolicy_ipv6.addr,                               "\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0");      smartlist_add(tmp, addr_policy_get_canonical_entry(&newpolicy_ipv4));      smartlist_add(tmp, addr_policy_get_canonical_entry(&newpolicy_ipv6));      addr_policy_free(p);    } else {      log_warn(LD_BUG, "Funny-looking address policy with family %d", family);      smartlist_add(tmp, p);    }  } SMARTLIST_FOREACH_END(p);  smartlist_free(*policy);  *policy = tmp;}/** * Given a linked list of config lines containing "accept[6]" and "reject[6]" * tokens, parse them and append the result to <b>dest</b>. Return -1 * if any tokens are malformed (and don't append any), else return 0. * * If <b>assume_action</b> is nonnegative, then insert its action * (ADDR_POLICY_ACCEPT or ADDR_POLICY_REJECT) for items that specify no * action. */static intparse_addr_policy(config_line_t *cfg, smartlist_t **dest,                  int assume_action){  smartlist_t *result;  smartlist_t *entries;  addr_policy_t *item;  int malformed_list;  int r = 0;  if (!cfg)    return 0;  result = smartlist_new();  entries = smartlist_new();  for (; cfg; cfg = cfg->next) {    smartlist_split_string(entries, cfg->value, ",",                           SPLIT_SKIP_SPACE|SPLIT_IGNORE_BLANK, 0);    SMARTLIST_FOREACH_BEGIN(entries, const char *, ent) {      log_debug(LD_CONFIG,"Adding new entry '%s'",ent);      malformed_list = 0;      item = router_parse_addr_policy_item_from_string(ent, assume_action,                                                       &malformed_list);      if (item) {        smartlist_add(result, item);      } else if (malformed_list) {        /* the error is so severe the entire list should be discarded */        log_warn(LD_CONFIG, "Malformed policy '%s'. Discarding entire policy "                 "list.", ent);        r = -1;      } else {        /* the error is minor: don't add the item, but keep processing the         * rest of the policies in the list */        log_debug(LD_CONFIG, "Ignored policy '%s' due to non-fatal error. "                  "The remainder of the policy list will be used.",                  ent);      }    } SMARTLIST_FOREACH_END(ent);    SMARTLIST_FOREACH(entries, char *, ent, tor_free(ent));    smartlist_clear(entries);  }  smartlist_free(entries);  if (r == -1) {    addr_policy_list_free(result);  } else {    policy_expand_private(&result);    policy_expand_unspec(&result);    if (*dest) {      smartlist_add_all(*dest, result);      smartlist_free(result);    } else {      *dest = result;    }  }  return r;}/** Helper: parse the Reachable(Dir|OR)?Addresses fields into * reachable_(or|dir)_addr_policy.  The options should already have * been validated by validate_addr_policies. */static intparse_reachable_addresses(void){  const or_options_t *options = get_options();  int ret = 0;  if (options->ReachableDirAddresses &&      options->ReachableORAddresses &&      options->ReachableAddresses) {    log_warn(LD_CONFIG,             "Both ReachableDirAddresses and ReachableORAddresses are set. "             "ReachableAddresses setting will be ignored.");  }  addr_policy_list_free(reachable_or_addr_policy);  reachable_or_addr_policy = NULL;  if (!options->ReachableORAddresses && options->ReachableAddresses)    log_info(LD_CONFIG,             "Using ReachableAddresses as ReachableORAddresses.");  if (parse_addr_policy(options->ReachableORAddresses ?                          options->ReachableORAddresses :                          options->ReachableAddresses,                        &reachable_or_addr_policy, ADDR_POLICY_ACCEPT)) {    log_warn(LD_CONFIG,             "Error parsing Reachable%sAddresses entry; ignoring.",             options->ReachableORAddresses ? "OR" : "");    ret = -1;  }  addr_policy_list_free(reachable_dir_addr_policy);  reachable_dir_addr_policy = NULL;  if (!options->ReachableDirAddresses && options->ReachableAddresses)    log_info(LD_CONFIG,             "Using ReachableAddresses as ReachableDirAddresses");  if (parse_addr_policy(options->ReachableDirAddresses ?                          options->ReachableDirAddresses :                          options->ReachableAddresses,                        &reachable_dir_addr_policy, ADDR_POLICY_ACCEPT)) {    if (options->ReachableDirAddresses)      log_warn(LD_CONFIG,               "Error parsing ReachableDirAddresses entry; ignoring.");    ret = -1;  }  return ret;}/** Return true iff the firewall options might block any address:port * combination. */intfirewall_is_fascist_or(void){  return reachable_or_addr_policy != NULL;}/** Return true iff <b>policy</b> (possibly NULL) will allow a * connection to <b>addr</b>:<b>port</b>. */static intaddr_policy_permits_tor_addr(const tor_addr_t *addr, uint16_t port,                            smartlist_t *policy){  addr_policy_result_t p;  p = compare_tor_addr_to_addr_policy(addr, port, policy);  switch (p) {    case ADDR_POLICY_PROBABLY_ACCEPTED:    case ADDR_POLICY_ACCEPTED:      return 1;    case ADDR_POLICY_PROBABLY_REJECTED:    case ADDR_POLICY_REJECTED:      return 0;    default:      log_warn(LD_BUG, "Unexpected result: %d", (int)p);      return 0;  }}/** Return true iff <b> policy</b> (possibly NULL) will allow a connection to * <b>addr</b>:<b>port</b>.  <b>addr</b> is an IPv4 address given in host * order. *//* XXXX deprecate when possible. */static intaddr_policy_permits_address(uint32_t addr, uint16_t port,                            smartlist_t *policy){  tor_addr_t a;  tor_addr_from_ipv4h(&a, addr);  return addr_policy_permits_tor_addr(&a, port, policy);}/** Return true iff we think our firewall will let us make an OR connection to * addr:port. */intfascist_firewall_allows_address_or(const tor_addr_t *addr, uint16_t port){  return addr_policy_permits_tor_addr(addr, port,                                     reachable_or_addr_policy);}/** Return true iff we think our firewall will let us make an OR connection to * <b>ri</b>. */intfascist_firewall_allows_or(const routerinfo_t *ri){  /* XXXX proposal 118 */  tor_addr_t addr;  tor_addr_from_ipv4h(&addr, ri->addr);  return fascist_firewall_allows_address_or(&addr, ri->or_port);}/** Return true iff we think our firewall will let us make an OR connection to * <b>node</b>. */intfascist_firewall_allows_node(const node_t *node){  if (node->ri) {    return fascist_firewall_allows_or(node->ri);  } else if (node->rs) {    tor_addr_t addr;    tor_addr_from_ipv4h(&addr, node->rs->addr);    return fascist_firewall_allows_address_or(&addr, node->rs->or_port);  } else {    return 1;  }}/** Return true iff we think our firewall will let us make a directory * connection to addr:port. */intfascist_firewall_allows_address_dir(const tor_addr_t *addr, uint16_t port){  return addr_policy_permits_tor_addr(addr, port,                                      reachable_dir_addr_policy);}/** Return 1 if <b>addr</b> is permitted to connect to our dir port, * based on <b>dir_policy</b>. Else return 0. */intdir_policy_permits_address(const tor_addr_t *addr){  return addr_policy_permits_tor_addr(addr, 1, dir_policy);}/** Return 1 if <b>addr</b> is permitted to connect to our socks port, * based on <b>socks_policy</b>. Else return 0. */intsocks_policy_permits_address(const tor_addr_t *addr){  return addr_policy_permits_tor_addr(addr, 1, socks_policy);}/** Return true iff the address <b>addr</b> is in a country listed in the * case-insensitive list of country codes <b>cc_list</b>. */static intaddr_is_in_cc_list(uint32_t addr, const smartlist_t *cc_list){  country_t country;  const char *name;  tor_addr_t tar;  if (!cc_list)    return 0;  /* XXXXipv6 */  tor_addr_from_ipv4h(&tar, addr);  country = geoip_get_country_by_addr(&tar);  name = geoip_get_country_name(country);  return smartlist_contains_string_case(cc_list, name);}/** Return 1 if <b>addr</b>:<b>port</b> is permitted to publish to our * directory, based on <b>authdir_reject_policy</b>. Else return 0. */intauthdir_policy_permits_address(uint32_t addr, uint16_t port){  if (! addr_policy_permits_address(addr, port, authdir_reject_policy))    return 0;  return !addr_is_in_cc_list(addr, get_options()->AuthDirRejectCCs);}/** Return 1 if <b>addr</b>:<b>port</b> is considered valid in our * directory, based on <b>authdir_invalid_policy</b>. Else return 0. */intauthdir_policy_valid_address(uint32_t addr, uint16_t port){  if (! addr_policy_permits_address(addr, port, authdir_invalid_policy))    return 0;  return !addr_is_in_cc_list(addr, get_options()->AuthDirInvalidCCs);}/** Return 1 if <b>addr</b>:<b>port</b> should be marked as a bad exit, * based on <b>authdir_badexit_policy</b>. Else return 0. */intauthdir_policy_badexit_address(uint32_t addr, uint16_t port){  if (! addr_policy_permits_address(addr, port, authdir_badexit_policy))    return 1;  return addr_is_in_cc_list(addr, get_options()->AuthDirBadExitCCs);}#define REJECT(arg) \  STMT_BEGIN *msg = tor_strdup(arg); goto err; STMT_END/** Config helper: If there's any problem with the policy configuration * options in <b>options</b>, return -1 and set <b>msg</b> to a newly * allocated description of the error. Else return 0. */intvalidate_addr_policies(const or_options_t *options, char **msg){  /* XXXX Maybe merge this into parse_policies_from_options, to make sure   * that the two can't go out of sync. */  smartlist_t *addr_policy=NULL;  *msg = NULL;  if (policies_parse_exit_policy_from_options(options,0,NULL,&addr_policy)) {    REJECT("Error in ExitPolicy entry.");  }  static int warned_about_exitrelay = 0;  const int exitrelay_setting_is_auto = options->ExitRelay == -1;  const int policy_accepts_something =    ! (policy_is_reject_star(addr_policy, AF_INET) &&       policy_is_reject_star(addr_policy, AF_INET6));  if (server_mode(options) &&      ! warned_about_exitrelay &&      exitrelay_setting_is_auto &&      policy_accepts_something) {      /* Policy accepts something */    warned_about_exitrelay = 1;    log_warn(LD_CONFIG,             "Tor is running as an exit relay%s. If you did not want this "             "behavior, please set the ExitRelay option to 0. If you do "             "want to run an exit Relay, please set the ExitRelay option "             "to 1 to disable this warning, and for forward compatibility.",             options->ExitPolicy == NULL ?                 " with the default exit policy" : "");    if (options->ExitPolicy == NULL) {      log_warn(LD_CONFIG,               "In a future version of Tor, ExitRelay 0 may become the "               "default when no ExitPolicy is given.");    }  }  /* The rest of these calls *append* to addr_policy. So don't actually   * use the results for anything other than checking if they parse! */  if (parse_addr_policy(options->DirPolicy, &addr_policy, -1))    REJECT("Error in DirPolicy entry.");  if (parse_addr_policy(options->SocksPolicy, &addr_policy, -1))    REJECT("Error in SocksPolicy entry.");  if (parse_addr_policy(options->AuthDirReject, &addr_policy,                        ADDR_POLICY_REJECT))    REJECT("Error in AuthDirReject entry.");  if (parse_addr_policy(options->AuthDirInvalid, &addr_policy,                        ADDR_POLICY_REJECT))    REJECT("Error in AuthDirInvalid entry.");  if (parse_addr_policy(options->AuthDirBadExit, &addr_policy,                        ADDR_POLICY_REJECT))    REJECT("Error in AuthDirBadExit entry.");  if (parse_addr_policy(options->ReachableAddresses, &addr_policy,                        ADDR_POLICY_ACCEPT))    REJECT("Error in ReachableAddresses entry.");  if (parse_addr_policy(options->ReachableORAddresses, &addr_policy,                        ADDR_POLICY_ACCEPT))    REJECT("Error in ReachableORAddresses entry.");  if (parse_addr_policy(options->ReachableDirAddresses, &addr_policy,                        ADDR_POLICY_ACCEPT))    REJECT("Error in ReachableDirAddresses entry."); err:  addr_policy_list_free(addr_policy);  return *msg ? -1 : 0;#undef REJECT}/** Parse <b>string</b> in the same way that the exit policy * is parsed, and put the processed version in *<b>policy</b>. * Ignore port specifiers. */static intload_policy_from_option(config_line_t *config, const char *option_name,                        smartlist_t **policy,                        int assume_action){  int r;  int killed_any_ports = 0;  addr_policy_list_free(*policy);  *policy = NULL;  r = parse_addr_policy(config, policy, assume_action);  if (r < 0) {    return -1;  }  if (*policy) {    SMARTLIST_FOREACH_BEGIN(*policy, addr_policy_t *, n) {      /* ports aren't used in these. */      if (n->prt_min > 1 || n->prt_max != 65535) {        addr_policy_t newp, *c;        memcpy(&newp, n, sizeof(newp));        newp.prt_min = 1;        newp.prt_max = 65535;        newp.is_canonical = 0;        c = addr_policy_get_canonical_entry(&newp);        SMARTLIST_REPLACE_CURRENT(*policy, n, c);        addr_policy_free(n);        killed_any_ports = 1;      }    } SMARTLIST_FOREACH_END(n);  }  if (killed_any_ports) {    log_warn(LD_CONFIG, "Ignoring ports in %s option.", option_name);  }  return 0;}/** Set all policies based on <b>options</b>, which should have been validated * first by validate_addr_policies. */intpolicies_parse_from_options(const or_options_t *options){  int ret = 0;  if (load_policy_from_option(options->SocksPolicy, "SocksPolicy",                              &socks_policy, -1) < 0)    ret = -1;  if (load_policy_from_option(options->DirPolicy, "DirPolicy",                              &dir_policy, -1) < 0)    ret = -1;  if (load_policy_from_option(options->AuthDirReject, "AuthDirReject",                              &authdir_reject_policy, ADDR_POLICY_REJECT) < 0)    ret = -1;  if (load_policy_from_option(options->AuthDirInvalid, "AuthDirInvalid",                              &authdir_invalid_policy, ADDR_POLICY_REJECT) < 0)    ret = -1;  if (load_policy_from_option(options->AuthDirBadExit, "AuthDirBadExit",                              &authdir_badexit_policy, ADDR_POLICY_REJECT) < 0)    ret = -1;  if (parse_reachable_addresses() < 0)    ret = -1;  return ret;}/** Compare two provided address policy items, and return -1, 0, or 1 * if the first is less than, equal to, or greater than the second. */static intcmp_single_addr_policy(addr_policy_t *a, addr_policy_t *b){  int r;  if ((r=((int)a->policy_type - (int)b->policy_type)))    return r;  if ((r=((int)a->is_private - (int)b->is_private)))    return r;  /* refcnt and is_canonical are irrelevant to equality,   * they are hash table implementation details */  if ((r=tor_addr_compare(&a->addr, &b->addr, CMP_EXACT)))    return r;  if ((r=((int)a->maskbits - (int)b->maskbits)))    return r;  if ((r=((int)a->prt_min - (int)b->prt_min)))    return r;  if ((r=((int)a->prt_max - (int)b->prt_max)))    return r;  return 0;}/** Like cmp_single_addr_policy() above, but looks at the * whole set of policies in each case. */intcmp_addr_policies(smartlist_t *a, smartlist_t *b){  int r, i;  int len_a = a ? smartlist_len(a) : 0;  int len_b = b ? smartlist_len(b) : 0;  for (i = 0; i < len_a && i < len_b; ++i) {    if ((r = cmp_single_addr_policy(smartlist_get(a, i), smartlist_get(b, i))))      return r;  }  if (i == len_a && i == len_b)    return 0;  if (i < len_a)    return -1;  else    return 1;}/** Node in hashtable used to store address policy entries. */typedef struct policy_map_ent_t {  HT_ENTRY(policy_map_ent_t) node;  addr_policy_t *policy;} policy_map_ent_t;/* DOCDOC policy_root */static HT_HEAD(policy_map, policy_map_ent_t) policy_root = HT_INITIALIZER();/** Return true iff a and b are equal. */static INLINE intpolicy_eq(policy_map_ent_t *a, policy_map_ent_t *b){  return cmp_single_addr_policy(a->policy, b->policy) == 0;}/** Return a hashcode for <b>ent</b> */static unsigned intpolicy_hash(const policy_map_ent_t *ent){  const addr_policy_t *a = ent->policy;  addr_policy_t aa;  memset(&aa, 0, sizeof(aa));  aa.prt_min = a->prt_min;  aa.prt_max = a->prt_max;  aa.maskbits = a->maskbits;  aa.policy_type = a->policy_type;  aa.is_private = a->is_private;  if (a->is_private) {    aa.is_private = 1;  } else {    tor_addr_copy_tight(&aa.addr, &a->addr);  }  return (unsigned) siphash24g(&aa, sizeof(aa));}HT_PROTOTYPE(policy_map, policy_map_ent_t, node, policy_hash,             policy_eq)HT_GENERATE2(policy_map, policy_map_ent_t, node, policy_hash,             policy_eq, 0.6, tor_reallocarray_, tor_free_)/** Given a pointer to an addr_policy_t, return a copy of the pointer to the * "canonical" copy of that addr_policy_t; the canonical copy is a single * reference-counted object. */addr_policy_t *addr_policy_get_canonical_entry(addr_policy_t *e){  policy_map_ent_t search, *found;  if (e->is_canonical)    return e;  search.policy = e;  found = HT_FIND(policy_map, &policy_root, &search);  if (!found) {    found = tor_malloc_zero(sizeof(policy_map_ent_t));    found->policy = tor_memdup(e, sizeof(addr_policy_t));    found->policy->is_canonical = 1;    found->policy->refcnt = 0;    HT_INSERT(policy_map, &policy_root, found);  }  tor_assert(!cmp_single_addr_policy(found->policy, e));  ++found->policy->refcnt;  return found->policy;}/** Helper for compare_tor_addr_to_addr_policy.  Implements the case where * addr and port are both known. */static addr_policy_result_tcompare_known_tor_addr_to_addr_policy(const tor_addr_t *addr, uint16_t port,                                      const smartlist_t *policy){  /* We know the address and port, and we know the policy, so we can just   * compute an exact match. */  SMARTLIST_FOREACH_BEGIN(policy, addr_policy_t *, tmpe) {    /* Address is known */    if (!tor_addr_compare_masked(addr, &tmpe->addr, tmpe->maskbits,                                 CMP_EXACT)) {      if (port >= tmpe->prt_min && port <= tmpe->prt_max) {        /* Exact match for the policy */        return tmpe->policy_type == ADDR_POLICY_ACCEPT ?          ADDR_POLICY_ACCEPTED : ADDR_POLICY_REJECTED;      }    }  } SMARTLIST_FOREACH_END(tmpe);  /* accept all by default. */  return ADDR_POLICY_ACCEPTED;}/** Helper for compare_tor_addr_to_addr_policy.  Implements the case where * addr is known but port is not. */static addr_policy_result_tcompare_known_tor_addr_to_addr_policy_noport(const tor_addr_t *addr,                                             const smartlist_t *policy){  /* We look to see if there's a definite match.  If so, we return that     match's value, unless there's an intervening possible match that says     something different. */  int maybe_accept = 0, maybe_reject = 0;  SMARTLIST_FOREACH_BEGIN(policy, addr_policy_t *, tmpe) {    if (!tor_addr_compare_masked(addr, &tmpe->addr, tmpe->maskbits,                                 CMP_EXACT)) {      if (tmpe->prt_min <= 1 && tmpe->prt_max >= 65535) {        /* Definitely matches, since it covers all ports. */        if (tmpe->policy_type == ADDR_POLICY_ACCEPT) {          /* If we already hit a clause that might trigger a 'reject', than we           * can't be sure of this certain 'accept'.*/          return maybe_reject ? ADDR_POLICY_PROBABLY_ACCEPTED :            ADDR_POLICY_ACCEPTED;        } else {          return maybe_accept ? ADDR_POLICY_PROBABLY_REJECTED :            ADDR_POLICY_REJECTED;        }      } else {        /* Might match. */        if (tmpe->policy_type == ADDR_POLICY_REJECT)          maybe_reject = 1;        else          maybe_accept = 1;      }    }  } SMARTLIST_FOREACH_END(tmpe);  /* accept all by default. */  return maybe_reject ? ADDR_POLICY_PROBABLY_ACCEPTED : ADDR_POLICY_ACCEPTED;}/** Helper for compare_tor_addr_to_addr_policy.  Implements the case where * port is known but address is not. */static addr_policy_result_tcompare_unknown_tor_addr_to_addr_policy(uint16_t port,                                        const smartlist_t *policy){  /* We look to see if there's a definite match.  If so, we return that     match's value, unless there's an intervening possible match that says     something different. */  int maybe_accept = 0, maybe_reject = 0;  SMARTLIST_FOREACH_BEGIN(policy, addr_policy_t *, tmpe) {    if (tmpe->prt_min <= port && port <= tmpe->prt_max) {      if (tmpe->maskbits == 0) {        /* Definitely matches, since it covers all addresses. */        if (tmpe->policy_type == ADDR_POLICY_ACCEPT) {          /* If we already hit a clause that might trigger a 'reject', than we           * can't be sure of this certain 'accept'.*/          return maybe_reject ? ADDR_POLICY_PROBABLY_ACCEPTED :            ADDR_POLICY_ACCEPTED;        } else {          return maybe_accept ? ADDR_POLICY_PROBABLY_REJECTED :            ADDR_POLICY_REJECTED;        }      } else {        /* Might match. */        if (tmpe->policy_type == ADDR_POLICY_REJECT)          maybe_reject = 1;        else          maybe_accept = 1;      }    }  } SMARTLIST_FOREACH_END(tmpe);  /* accept all by default. */  return maybe_reject ? ADDR_POLICY_PROBABLY_ACCEPTED : ADDR_POLICY_ACCEPTED;}/** Decide whether a given addr:port is definitely accepted, * definitely rejected, probably accepted, or probably rejected by a * given policy.  If <b>addr</b> is 0, we don't know the IP of the * target address.  If <b>port</b> is 0, we don't know the port of the * target address.  (At least one of <b>addr</b> and <b>port</b> must be * provided.  If you want to know whether a policy would definitely reject * an unknown address:port, use policy_is_reject_star().) * * We could do better by assuming that some ranges never match typical * addresses (127.0.0.1, and so on).  But we'll try this for now. */MOCK_IMPL(addr_policy_result_t,compare_tor_addr_to_addr_policy,(const tor_addr_t *addr, uint16_t port,                                 const smartlist_t *policy)){  if (!policy) {    /* no policy? accept all. */    return ADDR_POLICY_ACCEPTED;  } else if (addr == NULL || tor_addr_is_null(addr)) {    if (port == 0) {      log_info(LD_BUG, "Rejecting null address with 0 port (family %d)",               addr ? tor_addr_family(addr) : -1);      return ADDR_POLICY_REJECTED;    }    return compare_unknown_tor_addr_to_addr_policy(port, policy);  } else if (port == 0) {    return compare_known_tor_addr_to_addr_policy_noport(addr, policy);  } else {    return compare_known_tor_addr_to_addr_policy(addr, port, policy);  }}/** Return true iff the address policy <b>a</b> covers every case that * would be covered by <b>b</b>, so that a,b is redundant. */static intaddr_policy_covers(addr_policy_t *a, addr_policy_t *b){  if (tor_addr_family(&a->addr) != tor_addr_family(&b->addr)) {    /* You can't cover a different family. */    return 0;  }  /* We can ignore accept/reject, since "accept *:80, reject *:80" reduces   * to "accept *:80". */  if (a->maskbits > b->maskbits) {    /* a has more fixed bits than b; it can't possibly cover b. */    return 0;  }  if (tor_addr_compare_masked(&a->addr, &b->addr, a->maskbits, CMP_EXACT)) {    /* There's a fixed bit in a that's set differently in b. */    return 0;  }  return (a->prt_min <= b->prt_min && a->prt_max >= b->prt_max);}/** Return true iff the address policies <b>a</b> and <b>b</b> intersect, * that is, there exists an address/port that is covered by <b>a</b> that * is also covered by <b>b</b>. */static intaddr_policy_intersects(addr_policy_t *a, addr_policy_t *b){  maskbits_t minbits;  /* All the bits we care about are those that are set in both   * netmasks.  If they are equal in a and b's networkaddresses   * then the networks intersect.  If there is a difference,   * then they do not. */  if (a->maskbits < b->maskbits)    minbits = a->maskbits;  else    minbits = b->maskbits;  if (tor_addr_compare_masked(&a->addr, &b->addr, minbits, CMP_EXACT))    return 0;  if (a->prt_max < b->prt_min || b->prt_max < a->prt_min)    return 0;  return 1;}/** Add the exit policy described by <b>more</b> to <b>policy</b>. */STATIC voidappend_exit_policy_string(smartlist_t **policy, const char *more){  config_line_t tmp;  tmp.key = NULL;  tmp.value = (char*) more;  tmp.next = NULL;  if (parse_addr_policy(&tmp, policy, -1)<0) {    log_warn(LD_BUG, "Unable to parse internally generated policy %s",more);  }}/** Add "reject <b>addr</b>:*" to <b>dest</b>, creating the list as needed. */voidaddr_policy_append_reject_addr(smartlist_t **dest, const tor_addr_t *addr){  tor_assert(dest);  tor_assert(addr);  addr_policy_t p, *add;  memset(&p, 0, sizeof(p));  p.policy_type = ADDR_POLICY_REJECT;  p.maskbits = tor_addr_family(addr) == AF_INET6 ? 128 : 32;  tor_addr_copy(&p.addr, addr);  p.prt_min = 1;  p.prt_max = 65535;  add = addr_policy_get_canonical_entry(&p);  if (!*dest)    *dest = smartlist_new();  smartlist_add(*dest, add);  log_debug(LD_CONFIG, "Adding a reject ExitPolicy 'reject %s:*'",            fmt_addr(addr));}/* Is addr public for the purposes of rejection? */static inttor_addr_is_public_for_reject(const tor_addr_t *addr){  return (!tor_addr_is_null(addr) && !tor_addr_is_internal(addr, 0)          && !tor_addr_is_multicast(addr));}/* Add "reject <b>addr</b>:*" to <b>dest</b>, creating the list as needed. * Filter the address, only adding an IPv4 reject rule if ipv4_rules * is true, and similarly for ipv6_rules. Check each address returns true for * tor_addr_is_public_for_reject before adding it. */static voidaddr_policy_append_reject_addr_filter(smartlist_t **dest,                                      const tor_addr_t *addr,                                      int ipv4_rules,                                      int ipv6_rules){  tor_assert(dest);  tor_assert(addr);  /* Only reject IP addresses which are public */  if (tor_addr_is_public_for_reject(addr)) {    /* Reject IPv4 addresses and IPv6 addresses based on the filters */    int is_ipv4 = tor_addr_is_v4(addr);    if ((is_ipv4 && ipv4_rules) || (!is_ipv4 && ipv6_rules)) {      addr_policy_append_reject_addr(dest, addr);    }  }}/** Add "reject addr:*" to <b>dest</b>, for each addr in addrs, creating the  * list as needed. */voidaddr_policy_append_reject_addr_list(smartlist_t **dest,                                    const smartlist_t *addrs){  tor_assert(dest);  tor_assert(addrs);  SMARTLIST_FOREACH_BEGIN(addrs, tor_addr_t *, addr) {    addr_policy_append_reject_addr(dest, addr);  } SMARTLIST_FOREACH_END(addr);}/** Add "reject addr:*" to <b>dest</b>, for each addr in addrs, creating the * list as needed. Filter using */static voidaddr_policy_append_reject_addr_list_filter(smartlist_t **dest,                                           const smartlist_t *addrs,                                           int ipv4_rules,                                           int ipv6_rules){  tor_assert(dest);  tor_assert(addrs);  SMARTLIST_FOREACH_BEGIN(addrs, tor_addr_t *, addr) {    addr_policy_append_reject_addr_filter(dest, addr, ipv4_rules, ipv6_rules);  } SMARTLIST_FOREACH_END(addr);}/** Detect and excise "dead code" from the policy *<b>dest</b>. */static voidexit_policy_remove_redundancies(smartlist_t *dest){  addr_policy_t *ap, *tmp;  int i, j;  /* Step one: kill every ipv4 thing after *4:*, every IPv6 thing after *6:*   */  {    int kill_v4=0, kill_v6=0;    for (i = 0; i < smartlist_len(dest); ++i) {      sa_family_t family;      ap = smartlist_get(dest, i);      family = tor_addr_family(&ap->addr);      if ((family == AF_INET && kill_v4) ||          (family == AF_INET6 && kill_v6)) {        smartlist_del_keeporder(dest, i--);        addr_policy_free(ap);        continue;      }      if (ap->maskbits == 0 && ap->prt_min <= 1 && ap->prt_max >= 65535) {        /* This is a catch-all line -- later lines are unreachable. */        if (family == AF_INET) {          kill_v4 = 1;        } else if (family == AF_INET6) {          kill_v6 = 1;        }      }    }  }  /* Step two: for every entry, see if there's a redundant entry   * later on, and remove it. */  for (i = 0; i < smartlist_len(dest)-1; ++i) {    ap = smartlist_get(dest, i);    for (j = i+1; j < smartlist_len(dest); ++j) {      tmp = smartlist_get(dest, j);      tor_assert(j > i);      if (addr_policy_covers(ap, tmp)) {        char p1[POLICY_BUF_LEN], p2[POLICY_BUF_LEN];        policy_write_item(p1, sizeof(p1), tmp, 0);        policy_write_item(p2, sizeof(p2), ap, 0);        log_debug(LD_CONFIG, "Removing exit policy %s (%d).  It is made "            "redundant by %s (%d).", p1, j, p2, i);        smartlist_del_keeporder(dest, j--);        addr_policy_free(tmp);      }    }  }  /* Step three: for every entry A, see if there's an entry B making this one   * redundant later on.  This is the case if A and B are of the same type   * (accept/reject), A is a subset of B, and there is no other entry of   * different type in between those two that intersects with A.   *   * Anybody want to double-check the logic here? XXX   */  for (i = 0; i < smartlist_len(dest)-1; ++i) {    ap = smartlist_get(dest, i);    for (j = i+1; j < smartlist_len(dest); ++j) {      // tor_assert(j > i); // j starts out at i+1; j only increases; i only      //                    // decreases.      tmp = smartlist_get(dest, j);      if (ap->policy_type != tmp->policy_type) {        if (addr_policy_intersects(ap, tmp))          break;      } else { /* policy_types are equal. */        if (addr_policy_covers(tmp, ap)) {          char p1[POLICY_BUF_LEN], p2[POLICY_BUF_LEN];          policy_write_item(p1, sizeof(p1), ap, 0);          policy_write_item(p2, sizeof(p2), tmp, 0);          log_debug(LD_CONFIG, "Removing exit policy %s.  It is already "              "covered by %s.", p1, p2);          smartlist_del_keeporder(dest, i--);          addr_policy_free(ap);          break;        }      }    }  }}/** Reject private helper for policies_parse_exit_policy_internal: rejects * publicly routable addresses on this exit relay. * * Add reject entries to the linked list *dest: *   - if configured_addresses is non-NULL, add entries that reject each *     tor_addr_t* in the list as a destination. *   - if reject_interface_addresses is true, add entries that reject each *     public IPv4 and IPv6 address of each interface on this machine. *   - if reject_configured_port_addresses is true, add entries that reject *     each IPv4 and IPv6 address configured for a port. * * IPv6 entries are only added if ipv6_exit is true. (All IPv6 addresses are * already blocked by policies_parse_exit_policy_internal if ipv6_exit is * false.) * * The list *dest is created as needed. */voidpolicies_parse_exit_policy_reject_private(                                      smartlist_t **dest,                                      int ipv6_exit,                                      const smartlist_t *configured_addresses,                                      int reject_interface_addresses,                                      int reject_configured_port_addresses){  tor_assert(dest);  /* Reject configured addresses, if they are from public netblocks. */  if (configured_addresses) {    addr_policy_append_reject_addr_list_filter(dest, configured_addresses,                                               1, ipv6_exit);  }  /* Reject configured port addresses, if they are from public netblocks. */  if (reject_configured_port_addresses) {    const smartlist_t *port_addrs = get_configured_ports();    SMARTLIST_FOREACH_BEGIN(port_addrs, port_cfg_t *, port) {      /* Only reject port IP addresses, not port unix sockets */      if (!port->is_unix_addr) {        addr_policy_append_reject_addr_filter(dest, &port->addr, 1, ipv6_exit);      }    } SMARTLIST_FOREACH_END(port);  }  /* Reject local addresses from public netblocks on any interface. */  if (reject_interface_addresses) {    smartlist_t *public_addresses = NULL;    /* Reject public IPv4 addresses on any interface */    public_addresses = get_interface_address6_list(LOG_INFO, AF_INET, 0);    addr_policy_append_reject_addr_list_filter(dest, public_addresses, 1, 0);    free_interface_address6_list(public_addresses);    /* Don't look for IPv6 addresses if we're configured as IPv4-only */    if (ipv6_exit) {      /* Reject public IPv6 addresses on any interface */      public_addresses = get_interface_address6_list(LOG_INFO, AF_INET6, 0);      addr_policy_append_reject_addr_list_filter(dest, public_addresses, 0, 1);      free_interface_address6_list(public_addresses);    }  }  /* If addresses were added multiple times, remove all but one of them. */  if (*dest) {    exit_policy_remove_redundancies(*dest);  }}/** * Iterate through <b>policy</b> looking for redundant entries. Log a * warning message with the first redundant entry, if any is found. */static voidpolicies_log_first_redundant_entry(const smartlist_t *policy){  int found_final_effective_entry = 0;  int first_redundant_entry = 0;  tor_assert(policy);  SMARTLIST_FOREACH_BEGIN(policy, const addr_policy_t *, p) {    sa_family_t family;    int found_ipv4_wildcard = 0, found_ipv6_wildcard = 0;    const int i = p_sl_idx;    /* Look for accept/reject *[4|6|]:* entires */    if (p->prt_min <= 1 && p->prt_max == 65535 && p->maskbits == 0) {      family = tor_addr_family(&p->addr);      /* accept/reject *:* may have already been expanded into       * accept/reject *4:*,accept/reject *6:*       * But handle both forms.       */      if (family == AF_INET || family == AF_UNSPEC) {        found_ipv4_wildcard = 1;      }      if (family == AF_INET6 || family == AF_UNSPEC) {        found_ipv6_wildcard = 1;      }    }    /* We also find accept *4:*,reject *6:* ; and     * accept *4:*,<other policies>,accept *6:* ; and similar.     * That's ok, because they make any subsequent entries redundant. */    if (found_ipv4_wildcard && found_ipv6_wildcard) {      found_final_effective_entry = 1;      /* if we're not on the final entry in the list */      if (i < smartlist_len(policy) - 1) {        first_redundant_entry = i + 1;      }      break;    }  } SMARTLIST_FOREACH_END(p);  /* Work out if there are redundant trailing entries in the policy list */  if (found_final_effective_entry && first_redundant_entry > 0) {    const addr_policy_t *p;    /* Longest possible policy is     * "accept6 ffff:ffff:..255/128:10000-65535",     * which contains a max-length IPv6 address, plus 24 characters. */    char line[TOR_ADDR_BUF_LEN + 32];    tor_assert(first_redundant_entry < smartlist_len(policy));    p = smartlist_get(policy, first_redundant_entry);    /* since we've already parsed the policy into an addr_policy_t struct,     * we might not log exactly what the user typed in */    policy_write_item(line, TOR_ADDR_BUF_LEN + 32, p, 0);    log_warn(LD_DIR, "Exit policy '%s' and all following policies are "             "redundant, as it follows accept/reject *:* rules for both "             "IPv4 and IPv6. They will be removed from the exit policy. (Use "             "accept/reject *:* as the last entry in any exit policy.)",             line);  }}#define DEFAULT_EXIT_POLICY                                         \  "reject *:25,reject *:119,reject *:135-139,reject *:445,"         \  "reject *:563,reject *:1214,reject *:4661-4666,"                  \  "reject *:6346-6429,reject *:6699,reject *:6881-6999,accept *:*"/** Parse the exit policy <b>cfg</b> into the linked list *<b>dest</b>. * * If <b>ipv6_exit</b> is false, prepend "reject *6:*" to the policy. * * If <b>rejectprivate</b> is true: *   - prepend "reject private:*" to the policy. *   - prepend entries that reject publicly routable addresses on this exit *     relay by calling policies_parse_exit_policy_reject_private * * If cfg doesn't end in an absolute accept or reject and if * <b>add_default_policy</b> is true, add the default exit * policy afterwards. * * Return -1 if we can't parse cfg, else return 0. * * This function is used to parse the exit policy from our torrc. For * the functions used to parse the exit policy from a router descriptor, * see router_add_exit_policy. */static intpolicies_parse_exit_policy_internal(config_line_t *cfg,                                    smartlist_t **dest,                                    int ipv6_exit,                                    int rejectprivate,                                    const smartlist_t *configured_addresses,                                    int reject_interface_addresses,                                    int reject_configured_port_addresses,                                    int add_default_policy){  if (!ipv6_exit) {    append_exit_policy_string(dest, "reject *6:*");  }  if (rejectprivate) {    /* Reject IPv4 and IPv6 reserved private netblocks */    append_exit_policy_string(dest, "reject private:*");    /* Reject IPv4 and IPv6 publicly routable addresses on this exit relay */    policies_parse_exit_policy_reject_private(                                            dest, ipv6_exit,                                            configured_addresses,                                            reject_interface_addresses,                                            reject_configured_port_addresses);  }  if (parse_addr_policy(cfg, dest, -1))    return -1;  /* Before we add the default policy and final rejects, check to see if   * there are any lines after accept *:* or reject *:*. These lines have no   * effect, and are most likely an error. */  policies_log_first_redundant_entry(*dest);  if (add_default_policy) {    append_exit_policy_string(dest, DEFAULT_EXIT_POLICY);  } else {    append_exit_policy_string(dest, "reject *4:*");    append_exit_policy_string(dest, "reject *6:*");  }  exit_policy_remove_redundancies(*dest);  return 0;}/** Parse exit policy in <b>cfg</b> into <b>dest</b> smartlist. * * Prepend an entry that rejects all IPv6 destinations unless * <b>EXIT_POLICY_IPV6_ENABLED</b> bit is set in <b>options</b> bitmask. * * If <b>EXIT_POLICY_REJECT_PRIVATE</b> bit is set in <b>options</b>: *   - prepend an entry that rejects all destinations in all netblocks *     reserved for private use. *   - prepend entries that reject publicly routable addresses on this exit *     relay by calling policies_parse_exit_policy_internal * * If <b>EXIT_POLICY_ADD_DEFAULT</b> bit is set in <b>options</b>, append * default exit policy entries to <b>result</b> smartlist. */intpolicies_parse_exit_policy(config_line_t *cfg, smartlist_t **dest,                           exit_policy_parser_cfg_t options,                           const smartlist_t *configured_addresses){  int ipv6_enabled = (options & EXIT_POLICY_IPV6_ENABLED) ? 1 : 0;  int reject_private = (options & EXIT_POLICY_REJECT_PRIVATE) ? 1 : 0;  int add_default = (options & EXIT_POLICY_ADD_DEFAULT) ? 1 : 0;  return policies_parse_exit_policy_internal(cfg,dest,ipv6_enabled,                                             reject_private,                                             configured_addresses,                                             reject_private,                                             reject_private,                                             add_default);}/** Helper function that adds a copy of addr to a smartlist as long as it is * non-NULL and not tor_addr_is_null(). * * The caller is responsible for freeing all the tor_addr_t* in the smartlist. */static voidpolicies_copy_addr_to_smartlist(smartlist_t *addr_list, const tor_addr_t *addr){  if (addr && !tor_addr_is_null(addr)) {    tor_addr_t *addr_copy = tor_malloc(sizeof(tor_addr_t));    tor_addr_copy(addr_copy, addr);    smartlist_add(addr_list, addr_copy);  }}/** Helper function that adds ipv4h_addr to a smartlist as a tor_addr_t *, * as long as it is not tor_addr_is_null(), by converting it to a tor_addr_t * and passing it to policies_add_addr_to_smartlist. * * The caller is responsible for freeing all the tor_addr_t* in the smartlist. */static voidpolicies_copy_ipv4h_to_smartlist(smartlist_t *addr_list, uint32_t ipv4h_addr){  if (ipv4h_addr) {    tor_addr_t ipv4_tor_addr;    tor_addr_from_ipv4h(&ipv4_tor_addr, ipv4h_addr);    policies_copy_addr_to_smartlist(addr_list, &ipv4_tor_addr);  }}/** Helper function that adds copies of * or_options->OutboundBindAddressIPv[4|6]_ to a smartlist as tor_addr_t *, as * long as or_options is non-NULL, and the addresses are not * tor_addr_is_null(), by passing them to policies_add_addr_to_smartlist. * * The caller is responsible for freeing all the tor_addr_t* in the smartlist. */static voidpolicies_copy_outbound_addresses_to_smartlist(smartlist_t *addr_list,                                              const or_options_t *or_options){  if (or_options) {    policies_copy_addr_to_smartlist(addr_list,                                    &or_options->OutboundBindAddressIPv4_);    policies_copy_addr_to_smartlist(addr_list,                                    &or_options->OutboundBindAddressIPv6_);  }}/** Parse <b>ExitPolicy</b> member of <b>or_options</b> into <b>result</b> * smartlist. * If <b>or_options->IPv6Exit</b> is false, prepend an entry that * rejects all IPv6 destinations. * * If <b>or_options->ExitPolicyRejectPrivate</b> is true: *  - prepend an entry that rejects all destinations in all netblocks reserved *    for private use. *  - if local_address is non-zero, treat it as a host-order IPv4 address, and *    add it to the list of configured addresses. *  - if ipv6_local_address is non-NULL, and not the null tor_addr_t, add it *    to the list of configured addresses. *  - if or_options->OutboundBindAddressIPv4_ is not the null tor_addr_t, add *    it to the list of configured addresses. *  - if or_options->OutboundBindAddressIPv6_ is not the null tor_addr_t, add *    it to the list of configured addresses. * * If <b>or_options->BridgeRelay</b> is false, append entries of default * Tor exit policy into <b>result</b> smartlist. * * If or_options->ExitRelay is false, then make our exit policy into * "reject *:*" regardless. */intpolicies_parse_exit_policy_from_options(const or_options_t *or_options,                                        uint32_t local_address,                                        const tor_addr_t *ipv6_local_address,                                        smartlist_t **result){  exit_policy_parser_cfg_t parser_cfg = 0;  smartlist_t *configured_addresses = NULL;  int rv = 0;  /* Short-circuit for non-exit relays */  if (or_options->ExitRelay == 0) {    append_exit_policy_string(result, "reject *4:*");    append_exit_policy_string(result, "reject *6:*");    return 0;  }  configured_addresses = smartlist_new();  /* Configure the parser */  if (or_options->IPv6Exit) {    parser_cfg |= EXIT_POLICY_IPV6_ENABLED;  }  if (or_options->ExitPolicyRejectPrivate) {    parser_cfg |= EXIT_POLICY_REJECT_PRIVATE;  }  if (!or_options->BridgeRelay) {    parser_cfg |= EXIT_POLICY_ADD_DEFAULT;  }  /* Copy the configured addresses into the tor_addr_t* list */  policies_copy_ipv4h_to_smartlist(configured_addresses, local_address);  policies_copy_addr_to_smartlist(configured_addresses, ipv6_local_address);  policies_copy_outbound_addresses_to_smartlist(configured_addresses,                                                or_options);  rv = policies_parse_exit_policy(or_options->ExitPolicy, result, parser_cfg,                                  configured_addresses);  SMARTLIST_FOREACH(configured_addresses, tor_addr_t *, a, tor_free(a));  smartlist_free(configured_addresses);  return rv;}/** Add "reject *:*" to the end of the policy in *<b>dest</b>, allocating * *<b>dest</b> as needed. */voidpolicies_exit_policy_append_reject_star(smartlist_t **dest){  append_exit_policy_string(dest, "reject *4:*");  append_exit_policy_string(dest, "reject *6:*");}/** Replace the exit policy of <b>node</b> with reject *:* */voidpolicies_set_node_exitpolicy_to_reject_all(node_t *node){  node->rejects_all = 1;}/** Return 1 if there is at least one /8 subnet in <b>policy</b> that * allows exiting to <b>port</b>.  Otherwise, return 0. */static intexit_policy_is_general_exit_helper(smartlist_t *policy, int port){  uint32_t mask, ip, i;  /* Is this /8 rejected (1), or undecided (0)? */  char subnet_status[256];  memset(subnet_status, 0, sizeof(subnet_status));  SMARTLIST_FOREACH_BEGIN(policy, addr_policy_t *, p) {    if (tor_addr_family(&p->addr) != AF_INET)      continue; /* IPv4 only for now */    if (p->prt_min > port || p->prt_max < port)      continue; /* Doesn't cover our port. */    mask = 0;    tor_assert(p->maskbits <= 32);    if (p->maskbits)      mask = UINT32_MAX<<(32-p->maskbits);    ip = tor_addr_to_ipv4h(&p->addr);    /* Calculate the first and last subnet that this exit policy touches     * and set it as loop boundaries. */    for (i = ((mask & ip)>>24); i <= (~((mask & ip) ^ mask)>>24); ++i) {      tor_addr_t addr;      if (subnet_status[i] != 0)        continue; /* We already reject some part of this /8 */      tor_addr_from_ipv4h(&addr, i<<24);      if (tor_addr_is_internal(&addr, 0))        continue; /* Local or non-routable addresses */      if (p->policy_type == ADDR_POLICY_ACCEPT) {        if (p->maskbits > 8)          continue; /* Narrower than a /8. */        /* We found an allowed subnet of at least size /8. Done         * for this port! */        return 1;      } else if (p->policy_type == ADDR_POLICY_REJECT) {        subnet_status[i] = 1;      }    }  } SMARTLIST_FOREACH_END(p);  return 0;}/** Return true iff <b>ri</b> is "useful as an exit node", meaning * it allows exit to at least one /8 address space for at least * two of ports 80, 443, and 6667. */intexit_policy_is_general_exit(smartlist_t *policy){  static const int ports[] = { 80, 443, 6667 };  int n_allowed = 0;  int i;  if (!policy) /*XXXX disallow NULL policies? */    return 0;  for (i = 0; i < 3; ++i) {    n_allowed += exit_policy_is_general_exit_helper(policy, ports[i]);  }  return n_allowed >= 2;}/** Return false if <b>policy</b> might permit access to some addr:port; * otherwise if we are certain it rejects everything, return true. */intpolicy_is_reject_star(const smartlist_t *policy, sa_family_t family){  if (!policy) /*XXXX disallow NULL policies? */    return 1;  SMARTLIST_FOREACH_BEGIN(policy, addr_policy_t *, p) {    if (p->policy_type == ADDR_POLICY_ACCEPT &&        (tor_addr_family(&p->addr) == family ||         tor_addr_family(&p->addr) == AF_UNSPEC)) {      return 0;    } else if (p->policy_type == ADDR_POLICY_REJECT &&               p->prt_min <= 1 && p->prt_max == 65535 &&               p->maskbits == 0 &&               (tor_addr_family(&p->addr) == family ||                tor_addr_family(&p->addr) == AF_UNSPEC)) {      return 1;    }  } SMARTLIST_FOREACH_END(p);  return 1;}/** Write a single address policy to the buf_len byte buffer at buf.  Return * the number of characters written, or -1 on failure. */intpolicy_write_item(char *buf, size_t buflen, const addr_policy_t *policy,                  int format_for_desc){  size_t written = 0;  char addrbuf[TOR_ADDR_BUF_LEN];  const char *addrpart;  int result;  const int is_accept = policy->policy_type == ADDR_POLICY_ACCEPT;  const sa_family_t family = tor_addr_family(&policy->addr);  const int is_ip6 = (family == AF_INET6);  tor_addr_to_str(addrbuf, &policy->addr, sizeof(addrbuf), 1);  /* write accept/reject 1.2.3.4 */  if (policy->is_private) {    addrpart = "private";  } else if (policy->maskbits == 0) {    if (format_for_desc)      addrpart = "*";    else if (family == AF_INET6)      addrpart = "*6";    else if (family == AF_INET)      addrpart = "*4";    else      addrpart = "*";  } else {    addrpart = addrbuf;  }  result = tor_snprintf(buf, buflen, "%s%s %s",                        is_accept ? "accept" : "reject",                        (is_ip6&&format_for_desc)?"6":"",                        addrpart);  if (result < 0)    return -1;  written += strlen(buf);  /* If the maskbits is 32 (IPv4) or 128 (IPv6) we don't need to give it.  If     the mask is 0, we already wrote "*". */  if (policy->maskbits < (is_ip6?128:32) && policy->maskbits > 0) {    if (tor_snprintf(buf+written, buflen-written, "/%d", policy->maskbits)<0)      return -1;    written += strlen(buf+written);  }  if (policy->prt_min <= 1 && policy->prt_max == 65535) {    /* There is no port set; write ":*" */    if (written+4 > buflen)      return -1;    strlcat(buf+written, ":*", buflen-written);    written += 2;  } else if (policy->prt_min == policy->prt_max) {    /* There is only one port; write ":80". */    result = tor_snprintf(buf+written, buflen-written, ":%d", policy->prt_min);    if (result<0)      return -1;    written += result;  } else {    /* There is a range of ports; write ":79-80". */    result = tor_snprintf(buf+written, buflen-written, ":%d-%d",                          policy->prt_min, policy->prt_max);    if (result<0)      return -1;    written += result;  }  if (written < buflen)    buf[written] = '\0';  else    return -1;  return (int)written;}/** Create a new exit policy summary, initially only with a single *  port 1-64k item *//* XXXX This entire thing will do most stuff in O(N^2), or worse.  Use an *      RB-tree if that turns out to matter. */static smartlist_t *policy_summary_create(void){  smartlist_t *summary;  policy_summary_item_t* item;  item = tor_malloc_zero(sizeof(policy_summary_item_t));  item->prt_min = 1;  item->prt_max = 65535;  item->reject_count = 0;  item->accepted = 0;  summary = smartlist_new();  smartlist_add(summary, item);  return summary;}/** Split the summary item in <b>item</b> at the port <b>new_starts</b>. * The current item is changed to end at new-starts - 1, the new item * copies reject_count and accepted from the old item, * starts at new_starts and ends at the port where the original item * previously ended. */static policy_summary_item_t*policy_summary_item_split(policy_summary_item_t* old, uint16_t new_starts){  policy_summary_item_t* new;  new = tor_malloc_zero(sizeof(policy_summary_item_t));  new->prt_min = new_starts;  new->prt_max = old->prt_max;  new->reject_count = old->reject_count;  new->accepted = old->accepted;  old->prt_max = new_starts-1;  tor_assert(old->prt_min <= old->prt_max);  tor_assert(new->prt_min <= new->prt_max);  return new;}/* XXXX Nick says I'm going to hell for this.  If he feels charitably towards * my immortal soul, he can clean it up himself. */#define AT(x) ((policy_summary_item_t*)smartlist_get(summary, x))#define REJECT_CUTOFF_COUNT (1<<25)/** Split an exit policy summary so that prt_min and prt_max * fall at exactly the start and end of an item respectively. */static intpolicy_summary_split(smartlist_t *summary,                     uint16_t prt_min, uint16_t prt_max){  int start_at_index;  int i = 0;  while (AT(i)->prt_max < prt_min)    i++;  if (AT(i)->prt_min != prt_min) {    policy_summary_item_t* new_item;    new_item = policy_summary_item_split(AT(i), prt_min);    smartlist_insert(summary, i+1, new_item);    i++;  }  start_at_index = i;  while (AT(i)->prt_max < prt_max)    i++;  if (AT(i)->prt_max != prt_max) {    policy_summary_item_t* new_item;    new_item = policy_summary_item_split(AT(i), prt_max+1);    smartlist_insert(summary, i+1, new_item);  }  return start_at_index;}/** Mark port ranges as accepted if they are below the reject_count */static voidpolicy_summary_accept(smartlist_t *summary,                      uint16_t prt_min, uint16_t prt_max){  int i = policy_summary_split(summary, prt_min, prt_max);  while (i < smartlist_len(summary) &&         AT(i)->prt_max <= prt_max) {    if (!AT(i)->accepted &&        AT(i)->reject_count <= REJECT_CUTOFF_COUNT)      AT(i)->accepted = 1;    i++;  }  tor_assert(i < smartlist_len(summary) || prt_max==65535);}/** Count the number of addresses in a network with prefixlen maskbits * against the given portrange. */static voidpolicy_summary_reject(smartlist_t *summary,                      maskbits_t maskbits,                      uint16_t prt_min, uint16_t prt_max){  int i = policy_summary_split(summary, prt_min, prt_max);  /* XXX: ipv4 specific */  uint64_t count = (U64_LITERAL(1) << (32-maskbits));  while (i < smartlist_len(summary) &&         AT(i)->prt_max <= prt_max) {    AT(i)->reject_count += count;    i++;  }  tor_assert(i < smartlist_len(summary) || prt_max==65535);}/** Add a single exit policy item to our summary: *  If it is an accept ignore it unless it is for all IP addresses *  ("*"), i.e. it's prefixlen/maskbits is 0, else call *  policy_summary_accept(). *  If it's a reject ignore it if it is about one of the private *  networks, else call policy_summary_reject(). */static voidpolicy_summary_add_item(smartlist_t *summary, addr_policy_t *p){  if (p->policy_type == ADDR_POLICY_ACCEPT) {    if (p->maskbits == 0) {      policy_summary_accept(summary, p->prt_min, p->prt_max);    }  } else if (p->policy_type == ADDR_POLICY_REJECT) {     int is_private = 0;     int i;     for (i = 0; private_nets[i]; ++i) {       tor_addr_t addr;       maskbits_t maskbits;       if (tor_addr_parse_mask_ports(private_nets[i], 0, &addr,                                     &maskbits, NULL, NULL)<0) {         tor_assert(0);       }       if (tor_addr_compare(&p->addr, &addr, CMP_EXACT) == 0 &&           p->maskbits == maskbits) {         is_private = 1;         break;       }     }     if (!is_private) {       policy_summary_reject(summary, p->maskbits, p->prt_min, p->prt_max);     }  } else    tor_assert(0);}/** Create a string representing a summary for an exit policy. * The summary will either be an "accept" plus a comma-separated list of port * ranges or a "reject" plus port-ranges, depending on which is shorter. * * If no exits are allowed at all then "reject 1-65535" is returned. If no * ports are blocked instead of "reject " we return "accept 1-65535". (These * are an exception to the shorter-representation-wins rule). */char *policy_summarize(smartlist_t *policy, sa_family_t family){  smartlist_t *summary = policy_summary_create();  smartlist_t *accepts, *rejects;  int i, last, start_prt;  size_t accepts_len, rejects_len;  char *accepts_str = NULL, *rejects_str = NULL, *shorter_str, *result;  const char *prefix;  tor_assert(policy);  /* Create the summary list */  SMARTLIST_FOREACH_BEGIN(policy, addr_policy_t *, p) {    sa_family_t f = tor_addr_family(&p->addr);    if (f != AF_INET && f != AF_INET6) {      log_warn(LD_BUG, "Weird family when summarizing address policy");    }    if (f != family)      continue;    /* XXXX-ipv6 More family work is needed */    policy_summary_add_item(summary, p);  } SMARTLIST_FOREACH_END(p);  /* Now create two lists of strings, one for accepted and one   * for rejected ports.  We take care to merge ranges so that   * we avoid getting stuff like "1-4,5-9,10", instead we want   * "1-10"   */  i = 0;  start_prt = 1;  accepts = smartlist_new();  rejects = smartlist_new();  while (1) {    last = i == smartlist_len(summary)-1;    if (last ||        AT(i)->accepted != AT(i+1)->accepted) {      char buf[POLICY_BUF_LEN];      if (start_prt == AT(i)->prt_max)        tor_snprintf(buf, sizeof(buf), "%d", start_prt);      else        tor_snprintf(buf, sizeof(buf), "%d-%d", start_prt, AT(i)->prt_max);      if (AT(i)->accepted)        smartlist_add(accepts, tor_strdup(buf));      else        smartlist_add(rejects, tor_strdup(buf));      if (last)        break;      start_prt = AT(i+1)->prt_min;    };    i++;  };  /* Figure out which of the two stringlists will be shorter and use   * that to build the result   */  if (smartlist_len(accepts) == 0) { /* no exits at all */    result = tor_strdup("reject 1-65535");    goto cleanup;  }  if (smartlist_len(rejects) == 0) { /* no rejects at all */    result = tor_strdup("accept 1-65535");    goto cleanup;  }  accepts_str = smartlist_join_strings(accepts, ",", 0, &accepts_len);  rejects_str = smartlist_join_strings(rejects, ",", 0, &rejects_len);  if (rejects_len > MAX_EXITPOLICY_SUMMARY_LEN-strlen("reject")-1 &&      accepts_len > MAX_EXITPOLICY_SUMMARY_LEN-strlen("accept")-1) {    char *c;    shorter_str = accepts_str;    prefix = "accept";    c = shorter_str + (MAX_EXITPOLICY_SUMMARY_LEN-strlen(prefix)-1);    while (*c != ',' && c >= shorter_str)      c--;    tor_assert(c >= shorter_str);    tor_assert(*c == ',');    *c = '\0';  } else if (rejects_len < accepts_len) {    shorter_str = rejects_str;    prefix = "reject";  } else {    shorter_str = accepts_str;    prefix = "accept";  }  tor_asprintf(&result, "%s %s", prefix, shorter_str); cleanup:  /* cleanup */  SMARTLIST_FOREACH(summary, policy_summary_item_t *, s, tor_free(s));  smartlist_free(summary);  tor_free(accepts_str);  SMARTLIST_FOREACH(accepts, char *, s, tor_free(s));  smartlist_free(accepts);  tor_free(rejects_str);  SMARTLIST_FOREACH(rejects, char *, s, tor_free(s));  smartlist_free(rejects);  return result;}/** Convert a summarized policy string into a short_policy_t.  Return NULL * if the string is not well-formed. */short_policy_t *parse_short_policy(const char *summary){  const char *orig_summary = summary;  short_policy_t *result;  int is_accept;  int n_entries;  short_policy_entry_t entries[MAX_EXITPOLICY_SUMMARY_LEN]; /* overkill */  const char *next;  if (!strcmpstart(summary, "accept ")) {    is_accept = 1;    summary += strlen("accept ");  } else if (!strcmpstart(summary, "reject ")) {    is_accept = 0;    summary += strlen("reject ");  } else {    log_fn(LOG_PROTOCOL_WARN, LD_DIR, "Unrecognized policy summary keyword");    return NULL;  }  n_entries = 0;  for ( ; *summary; summary = next) {    const char *comma = strchr(summary, ',');    unsigned low, high;    char dummy;    char ent_buf[32];    size_t len;    next = comma ? comma+1 : strchr(summary, '\0');    len = comma ? (size_t)(comma - summary) : strlen(summary);    if (n_entries == MAX_EXITPOLICY_SUMMARY_LEN) {      log_fn(LOG_PROTOCOL_WARN, LD_DIR, "Impossibly long policy summary %s",             escaped(orig_summary));      return NULL;    }    if (! TOR_ISDIGIT(*summary) || len > (sizeof(ent_buf)-1)) {      /* unrecognized entry format. skip it. */      continue;    }    if (len < 1) {      /* empty; skip it. */      /* XXX This happens to be unreachable, since if len==0, then *summary is       * ',' or '\0', and the TOR_ISDIGIT test above would have failed. */      continue;    }    memcpy(ent_buf, summary, len);    ent_buf[len] = '\0';    if (tor_sscanf(ent_buf, "%u-%u%c", &low, &high, &dummy) == 2) {      if (low<1 || low>65535 || high<1 || high>65535 || low>high) {        log_fn(LOG_PROTOCOL_WARN, LD_DIR,               "Found bad entry in policy summary %s", escaped(orig_summary));        return NULL;      }    } else if (tor_sscanf(ent_buf, "%u%c", &low, &dummy) == 1) {      if (low<1 || low>65535) {        log_fn(LOG_PROTOCOL_WARN, LD_DIR,               "Found bad entry in policy summary %s", escaped(orig_summary));        return NULL;      }      high = low;    } else {      log_fn(LOG_PROTOCOL_WARN, LD_DIR,"Found bad entry in policy summary %s",             escaped(orig_summary));      return NULL;    }    entries[n_entries].min_port = low;    entries[n_entries].max_port = high;    n_entries++;  }  if (n_entries == 0) {    log_fn(LOG_PROTOCOL_WARN, LD_DIR,           "Found no port-range entries in summary %s", escaped(orig_summary));    return NULL;  }  {    size_t size = STRUCT_OFFSET(short_policy_t, entries) +      sizeof(short_policy_entry_t)*(n_entries);    result = tor_malloc_zero(size);    tor_assert( (char*)&result->entries[n_entries-1] < ((char*)result)+size);  }  result->is_accept = is_accept;  result->n_entries = n_entries;  memcpy(result->entries, entries, sizeof(short_policy_entry_t)*n_entries);  return result;}/** Write <b>policy</b> back out into a string. Used only for unit tests * currently. */char *write_short_policy(const short_policy_t *policy){  int i;  char *answer;  smartlist_t *sl = smartlist_new();  smartlist_add_asprintf(sl, "%s", policy->is_accept ? "accept " : "reject ");  for (i=0; i < policy->n_entries; i++) {    const short_policy_entry_t *e = &policy->entries[i];    if (e->min_port == e->max_port) {      smartlist_add_asprintf(sl, "%d", e->min_port);    } else {      smartlist_add_asprintf(sl, "%d-%d", e->min_port, e->max_port);    }    if (i < policy->n_entries-1)      smartlist_add(sl, tor_strdup(","));  }  answer = smartlist_join_strings(sl, "", 0, NULL);  SMARTLIST_FOREACH(sl, char *, a, tor_free(a));  smartlist_free(sl);  return answer;}/** Release all storage held in <b>policy</b>. */voidshort_policy_free(short_policy_t *policy){  tor_free(policy);}/** See whether the <b>addr</b>:<b>port</b> address is likely to be accepted * or rejected by the summarized policy <b>policy</b>.  Return values are as * for compare_tor_addr_to_addr_policy.  Unlike the regular addr_policy * functions, requires the <b>port</b> be specified. */addr_policy_result_tcompare_tor_addr_to_short_policy(const tor_addr_t *addr, uint16_t port,                                 const short_policy_t *policy){  int i;  int found_match = 0;  int accept;  tor_assert(port != 0);  if (addr && tor_addr_is_null(addr))    addr = NULL; /* Unspec means 'no address at all,' in this context. */  if (addr && get_options()->ClientRejectInternalAddresses &&      (tor_addr_is_internal(addr, 0) || tor_addr_is_loopback(addr)))    return ADDR_POLICY_REJECTED;  for (i=0; i < policy->n_entries; ++i) {    const short_policy_entry_t *e = &policy->entries[i];    if (e->min_port <= port && port <= e->max_port) {      found_match = 1;      break;    }  }  if (found_match)    accept = policy->is_accept;  else    accept = ! policy->is_accept;  /* ???? are these right? -NM */  /* We should be sure not to return ADDR_POLICY_ACCEPTED in the accept   * case here, because it would cause clients to believe that the node   * allows exit enclaving. Trying it anyway would open up a cool attack   * where the node refuses due to exitpolicy, the client reacts in   * surprise by rewriting the node's exitpolicy to reject *:*, and then   * a bad guy targets users by causing them to attempt such connections   * to 98% of the exits.   *   * Once microdescriptors can handle addresses in special cases (e.g. if   * we ever solve ticket 1774), we can provide certainty here. -RD */  if (accept)    return ADDR_POLICY_PROBABLY_ACCEPTED;  else    return ADDR_POLICY_REJECTED;}/** Return true iff <b>policy</b> seems reject all ports */intshort_policy_is_reject_star(const short_policy_t *policy){  /* This doesn't need to be as much on the lookout as policy_is_reject_star,   * since policy summaries are from the consensus or from consensus   * microdescs.   */  tor_assert(policy);  /* Check for an exact match of "reject 1-65535". */  return (policy->is_accept == 0 && policy->n_entries == 1 &&          policy->entries[0].min_port == 1 &&          policy->entries[0].max_port == 65535);}/** Decide whether addr:port is probably or definitely accepted or rejected by * <b>node</b>.  See compare_tor_addr_to_addr_policy for details on addr/port * interpretation. */addr_policy_result_tcompare_tor_addr_to_node_policy(const tor_addr_t *addr, uint16_t port,                                const node_t *node){  if (node->rejects_all)    return ADDR_POLICY_REJECTED;  if (addr && tor_addr_family(addr) == AF_INET6) {    const short_policy_t *p = NULL;    if (node->ri)      p = node->ri->ipv6_exit_policy;    else if (node->md)      p = node->md->ipv6_exit_policy;    if (p)      return compare_tor_addr_to_short_policy(addr, port, p);    else      return ADDR_POLICY_REJECTED;  }  if (node->ri) {    return compare_tor_addr_to_addr_policy(addr, port, node->ri->exit_policy);  } else if (node->md) {    if (node->md->exit_policy == NULL)      return ADDR_POLICY_REJECTED;    else      return compare_tor_addr_to_short_policy(addr, port,                                              node->md->exit_policy);  } else {    return ADDR_POLICY_PROBABLY_REJECTED;  }}/** * Given <b>policy_list</b>, a list of addr_policy_t, produce a string * representation of the list. * If <b>include_ipv4</b> is true, include IPv4 entries. * If <b>include_ipv6</b> is true, include IPv6 entries. */char *policy_dump_to_string(const smartlist_t *policy_list,                      int include_ipv4,                      int include_ipv6){  smartlist_t *policy_string_list;  char *policy_string = NULL;  policy_string_list = smartlist_new();  SMARTLIST_FOREACH_BEGIN(policy_list, addr_policy_t *, tmpe) {    char *pbuf;    int bytes_written_to_pbuf;    if ((tor_addr_family(&tmpe->addr) == AF_INET6) && (!include_ipv6)) {      continue; /* Don't include IPv6 parts of address policy */    }    if ((tor_addr_family(&tmpe->addr) == AF_INET) && (!include_ipv4)) {      continue; /* Don't include IPv4 parts of address policy */    }    pbuf = tor_malloc(POLICY_BUF_LEN);    bytes_written_to_pbuf = policy_write_item(pbuf,POLICY_BUF_LEN, tmpe, 1);    if (bytes_written_to_pbuf < 0) {      log_warn(LD_BUG, "policy_dump_to_string ran out of room!");      tor_free(pbuf);      goto done;    }    smartlist_add(policy_string_list,pbuf);  } SMARTLIST_FOREACH_END(tmpe);  policy_string = smartlist_join_strings(policy_string_list, "\n", 0, NULL); done:  SMARTLIST_FOREACH(policy_string_list, char *, str, tor_free(str));  smartlist_free(policy_string_list);  return policy_string;}/** Implementation for GETINFO control command: knows the answer for questions * about "exit-policy/..." */intgetinfo_helper_policies(control_connection_t *conn,                        const char *question, char **answer,                        const char **errmsg){  (void) conn;  (void) errmsg;  if (!strcmp(question, "exit-policy/default")) {    *answer = tor_strdup(DEFAULT_EXIT_POLICY);  } else if (!strcmp(question, "exit-policy/reject-private/default")) {    smartlist_t *private_policy_strings;    const char **priv = private_nets;    private_policy_strings = smartlist_new();    while (*priv != NULL) {      /* IPv6 addresses are in "[]" and contain ":",       * IPv4 addresses are not in "[]" and contain "." */      smartlist_add_asprintf(private_policy_strings, "reject %s:*", *priv);      priv++;    }    *answer = smartlist_join_strings(private_policy_strings,                                     ",", 0, NULL);    SMARTLIST_FOREACH(private_policy_strings, char *, str, tor_free(str));    smartlist_free(private_policy_strings);  } else if (!strcmp(question, "exit-policy/reject-private/relay")) {    const or_options_t *options = get_options();    const routerinfo_t *me = router_get_my_routerinfo();    if (!me) {      *errmsg = "router_get_my_routerinfo returned NULL";      return -1;    }    if (!options->ExitPolicyRejectPrivate) {      *answer = tor_strdup("");      return 0;    }    smartlist_t *private_policy_list = smartlist_new();    smartlist_t *configured_addresses = smartlist_new();    /* Copy the configured addresses into the tor_addr_t* list */    policies_copy_ipv4h_to_smartlist(configured_addresses, me->addr);    policies_copy_addr_to_smartlist(configured_addresses, &me->ipv6_addr);    policies_copy_outbound_addresses_to_smartlist(configured_addresses,                                                  options);    policies_parse_exit_policy_reject_private(                                            &private_policy_list,                                            options->IPv6Exit,                                            configured_addresses,                                            1, 1);    *answer = policy_dump_to_string(private_policy_list, 1, 1);    addr_policy_list_free(private_policy_list);    SMARTLIST_FOREACH(configured_addresses, tor_addr_t *, a, tor_free(a));    smartlist_free(configured_addresses);  } else if (!strcmpstart(question, "exit-policy/")) {    const routerinfo_t *me = router_get_my_routerinfo();    int include_ipv4 = 0;    int include_ipv6 = 0;    if (!strcmp(question, "exit-policy/ipv4")) {      include_ipv4 = 1;    } else if (!strcmp(question, "exit-policy/ipv6")) {      include_ipv6 = 1;    } else if (!strcmp(question, "exit-policy/full")) {      include_ipv4 = include_ipv6 = 1;    } else {      return 0; /* No such key. */    }    if (!me) {      *errmsg = "router_get_my_routerinfo returned NULL";      return -1;    }    *answer = router_dump_exit_policy_to_string(me,include_ipv4,include_ipv6);  }  return 0;}/** Release all storage held by <b>p</b>. */voidaddr_policy_list_free(smartlist_t *lst){  if (!lst)    return;  SMARTLIST_FOREACH(lst, addr_policy_t *, policy, addr_policy_free(policy));  smartlist_free(lst);}/** Release all storage held by <b>p</b>. */voidaddr_policy_free(addr_policy_t *p){  if (!p)    return;  if (--p->refcnt <= 0) {    if (p->is_canonical) {      policy_map_ent_t search, *found;      search.policy = p;      found = HT_REMOVE(policy_map, &policy_root, &search);      if (found) {        tor_assert(p == found->policy);        tor_free(found);      }    }    tor_free(p);  }}/** Release all storage held by policy variables. */voidpolicies_free_all(void){  addr_policy_list_free(reachable_or_addr_policy);  reachable_or_addr_policy = NULL;  addr_policy_list_free(reachable_dir_addr_policy);  reachable_dir_addr_policy = NULL;  addr_policy_list_free(socks_policy);  socks_policy = NULL;  addr_policy_list_free(dir_policy);  dir_policy = NULL;  addr_policy_list_free(authdir_reject_policy);  authdir_reject_policy = NULL;  addr_policy_list_free(authdir_invalid_policy);  authdir_invalid_policy = NULL;  addr_policy_list_free(authdir_badexit_policy);  authdir_badexit_policy = NULL;  if (!HT_EMPTY(&policy_root)) {    policy_map_ent_t **ent;    int n = 0;    char buf[POLICY_BUF_LEN];    log_warn(LD_MM, "Still had %d address policies cached at shutdown.",             (int)HT_SIZE(&policy_root));    /* Note the first 10 cached policies to try to figure out where they     * might be coming from. */    HT_FOREACH(ent, policy_map, &policy_root) {      if (++n > 10)        break;      if (policy_write_item(buf, sizeof(buf), (*ent)->policy, 0) >= 0)        log_warn(LD_MM,"  %d [%d]: %s", n, (*ent)->policy->refcnt, buf);    }  }  HT_CLEAR(policy_map, &policy_root);}
 |