Home Explore Help
Sign In
sengler
/
tor-parallel-relay-conn
1
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Browse Source

Merge branch 'bug11108'

Nick Mathewson 11 years ago
parent
d3c5df6cf6 967d9c9f10
commit
4a2a1e572e
3 changed files with 33 additions and 10 deletions
Split View Show Diff Stats
  1. 8 0
      changes/bug11108
  2. 10 3
      doc/tor.1.txt
  3. 15 7
      src/or/policies.c

+ 8 - 0
changes/bug11108
View File 

@@ -0,0 +1,8 @@
 
+  o Minor features:
 
+    - Warn the user if they put any ports in the SocksPolicy,
 
+      DirPolicy, AuthDirReject, AuthDirInvalid, AuthDirBadDir, or
 
+      AuthDirBadExit options. Fixes ticket #11108.
 
+
 
+  o Documentation:
 
+    - Explain that SocksPolicy, DirPolicy, and their allies don't take
 
+      port arguments. Fixes ticket #11108.

+ 10 - 3
doc/tor.1.txt
View File 

@@ -1041,7 +1041,8 @@ The following options are useful only for clients (that is, if
 
 [[SocksPolicy]] **SocksPolicy** __policy__,__policy__,__...__::
 
     Set an entrance policy for this server, to limit who can connect to the
 
     SocksPort and DNSPort ports. The policies have the same form as exit
 
-    policies below.
 
+    policies below, except that port specifiers are ignored. Any address
 
+    not matched by some entry in the policy is accepted.
 
 
 [[SocksTimeout]] **SocksTimeout** __NUM__::
 
     Let a socks connection wait NUM seconds handshaking, and NUM seconds
 
@@ -1838,7 +1839,9 @@ if DirPort is non-zero):
 
 
 [[DirPolicy]] **DirPolicy** __policy__,__policy__,__...__::
 
     Set an entrance policy for this server, to limit who can connect to the
 
-    directory ports. The policies have the same form as exit policies above.
 
+    directory ports. The policies have the same form as exit policies above,
 
+    except that port specifiers are ignored. Any address not matched by
 
+    some entry in the policy is accepted.
 
 
 [[FetchV2Networkstatus]] **FetchV2Networkstatus** **0**|**1**::
 
     If set, we try to fetch the (obsolete, unused) version 2 network status
 
@@ -1882,7 +1885,11 @@ DIRECTORY AUTHORITY SERVER OPTIONS
 
 [[AuthDirBadDir]] **AuthDirBadDir** __AddressPattern...__::
 
     Authoritative directories only. A set of address patterns for servers that
 
     will be listed as bad directories in any network status document this
 
-    authority publishes, if **AuthDirListBadDirs** is set.
 
+    authority publishes, if **AuthDirListBadDirs** is set. +
 
+ +
 
+    (The address pattern syntax here and in the options below
 
+    is the same as for exit policies, except that you don't need to say
 
+    "accept" or "reject", and ports are not needed.)
 
 
 [[AuthDirBadExit]] **AuthDirBadExit** __AddressPattern...__::
 
     Authoritative directories only. A set of address patterns for servers that

+ 15 - 7
src/or/policies.c
View File 

@@ -482,10 +482,12 @@ validate_addr_policies(const or_options_t *options, char **msg)
 
  * Ignore port specifiers.
 
  */
 
 static int
 
-load_policy_from_option(config_line_t *config, smartlist_t **policy,
 
+load_policy_from_option(config_line_t *config, const char *option_name,
 
+                        smartlist_t **policy,
 
                         int assume_action)
 
 {
 
   int r;
 
+  int killed_any_ports = 0;
 
   addr_policy_list_free(*policy);
 
   *policy = NULL;
 
   r = parse_addr_policy(config, policy, assume_action);
 
@@ -504,9 +506,13 @@ load_policy_from_option(config_line_t *config, smartlist_t **policy,
 
         c = addr_policy_get_canonical_entry(&newp);
 
         SMARTLIST_REPLACE_CURRENT(*policy, n, c);
 
         addr_policy_free(n);
 
+        killed_any_ports = 1;
 
       }
 
     } SMARTLIST_FOREACH_END(n);
 
   }
 
+  if (killed_any_ports) {
 
+    log_warn(LD_CONFIG, "Ignoring ports in %s option.", option_name);
 
+  }
 
   return 0;
 
 }
 
 
@@ -516,20 +522,22 @@ int
 
 policies_parse_from_options(const or_options_t *options)
 
 {
 
   int ret = 0;
 
-  if (load_policy_from_option(options->SocksPolicy, &socks_policy, -1) < 0)
 
+  if (load_policy_from_option(options->SocksPolicy, "SocksPolicy",
 
+                              &socks_policy, -1) < 0)
 
     ret = -1;
 
-  if (load_policy_from_option(options->DirPolicy, &dir_policy, -1) < 0)
 
+  if (load_policy_from_option(options->DirPolicy, "DirPolicy",
 
+                              &dir_policy, -1) < 0)
 
     ret = -1;
 
-  if (load_policy_from_option(options->AuthDirReject,
 
+  if (load_policy_from_option(options->AuthDirReject, "AuthDirReject",
 
                               &authdir_reject_policy, ADDR_POLICY_REJECT) < 0)
 
     ret = -1;
 
-  if (load_policy_from_option(options->AuthDirInvalid,
 
+  if (load_policy_from_option(options->AuthDirInvalid, "AuthDirInvalid",
 
                               &authdir_invalid_policy, ADDR_POLICY_REJECT) < 0)
 
     ret = -1;
 
-  if (load_policy_from_option(options->AuthDirBadDir,
 
+  if (load_policy_from_option(options->AuthDirBadDir, "AuthDirBadDir",
 
                               &authdir_baddir_policy, ADDR_POLICY_REJECT) < 0)
 
     ret = -1;
 
-  if (load_policy_from_option(options->AuthDirBadExit,
 
+  if (load_policy_from_option(options->AuthDirBadExit, "AuthDirBadExit",
 
                               &authdir_badexit_policy, ADDR_POLICY_REJECT) < 0)
 
     ret = -1;
 
   if (parse_reachable_addresses() < 0)