Get rid of the notion of a separate default default exit policy.

Create ExitPolicyPrepend config parameter, to customize the default
exit policy.


svn:r1103

src/config/torrc.in

@@ -19,7 +19,13 @@ SocksBindAddress 127.0.0.1 # accept connections only from localhost
 #ORPort 9001 # where to listen for cell-speaking connections
 #ORBindAddress 0.0.0.0 # accept connections from anywhere
 
-## A comma-separated list of exit policies. They're considered in
-## order, first match wins.
-#ExitPolicy reject 0.0.0.0/8,reject 169.254.0.0/16,reject 127.0.0.0/8,reject 192.168.0.0/16,reject 10.0.0.0/8,reject 172.16.0.0/12,accept *:20-22,accept *:53,accept *:79-80,accept *:110,accept *:143,accept *:443,accept *:873,accept *:1024-65535,reject *:*
+## A comma-separated list of exit policies. Define this if you
+## want to *augment* the default exit policy.
+## These entries are considered before the default exit policy.
+#ExitPolicyPrepend accept 18.244.0.188:25
+
+## A comma-separated list of exit policies. Define this if you
+## want to *replace* the default exit policy.
+## They're considered in order, first match wins.
+#ExitPolicy reject *:*
 

src/or/config.c

@@ -165,6 +165,7 @@ static void config_assign(or_options_t *options, struct config_line *list) {
     config_compare(list, "ExitNodes",      CONFIG_TYPE_STRING, &options->ExitNodes) ||
     config_compare(list, "EntryNodes",     CONFIG_TYPE_STRING, &options->EntryNodes) ||
     config_compare(list, "ExitPolicy",     CONFIG_TYPE_STRING, &options->ExitPolicy) ||
+    config_compare(list, "ExitPolicyPrepend",CONFIG_TYPE_STRING, &options->ExitPolicyPrepend) ||
     config_compare(list, "ExcludedNodes",  CONFIG_TYPE_STRING, &options->ExcludedNodes) ||
 
     config_compare(list, "Group",          CONFIG_TYPE_STRING, &options->Group) ||
@@ -243,6 +244,7 @@ void free_options(or_options_t *options) {
   tor_free(options->EntryNodes);
   tor_free(options->ExcludedNodes);
   tor_free(options->ExitPolicy);
+  tor_free(options->ExitPolicyPrepend);
   tor_free(options->SocksBindAddress);
   tor_free(options->ORBindAddress);
   tor_free(options->DirBindAddress);
@@ -258,7 +260,8 @@ void init_options(or_options_t *options) {
   options->ExitNodes = tor_strdup("");
   options->EntryNodes = tor_strdup("");
   options->ExcludedNodes = tor_strdup("");
-  options->ExitPolicy = tor_strdup("reject *:25,reject 127.0.0.0/8:*,reject 0.0.0.0/8,accept *:*");
+  options->ExitPolicy = tor_strdup("reject 0.0.0.0/8,reject 169.254.0.0/16,reject 127.0.0.0/8,reject 192.168.0.0/16,reject 10.0.0.0/8,reject 172.16.0.0/12,accept *:20-22,accept *:53,accept *:79-80,accept *:110,accept *:143,accept *:443,accept *:873,accept *:1024-65535,reject *:*");
+  options->ExitPolicyPrepend = tor_strdup("");
   options->SocksBindAddress = tor_strdup("127.0.0.1");
   options->ORBindAddress = tor_strdup("0.0.0.0");
   options->DirBindAddress = tor_strdup("0.0.0.0");
@@ -271,7 +274,7 @@ void init_options(or_options_t *options) {
   options->DirFetchPostPeriod = 600;
   options->KeepalivePeriod = 300;
   options->MaxOnionsPending = 100;
-  options->NewCircuitPeriod = 60; /* once a minute */
+  options->NewCircuitPeriod = 30; /* twice a minute */
   options->BandwidthRate = 800000; /* at most 800kB/s total sustained incoming */
   options->BandwidthBurst = 10000000; /* max burst on the token bucket */
   options->NumCpus = 1;

src/or/or.h

@@ -497,6 +497,7 @@ typedef struct {
   char *EntryNodes;
   char *ExcludedNodes;
   char *ExitPolicy;
+  char *ExitPolicyPrepend;
   char *SocksBindAddress;
   char *ORBindAddress;
   char *DirBindAddress;

src/or/router.c

@@ -253,8 +253,8 @@ void router_upload_desc_to_dirservers(void) {
   }
 }
 
-static void router_add_exit_policy_from_config(routerinfo_t *router) {
-  char *s = options.ExitPolicy, *e;
+static void router_add_exit_policy_from_config_helper(char *s, routerinfo_t *router) {
+  char *e;
   int last=0;
   char line[1024];
 
@@ -286,6 +286,11 @@ static void router_add_exit_policy_from_config(routerinfo_t *router) {
   }
 }
 
+static void router_add_exit_policy_from_config(routerinfo_t *router) {
+  router_add_exit_policy_from_config_helper(options.ExitPolicyPrepend, router);
+  router_add_exit_policy_from_config_helper(options.ExitPolicy, router);
+}
+
 /* Return false if my exit policy says to allow connection to conn.
  * Else return true.
  */
@@ -296,7 +301,7 @@ int router_compare_to_my_exit_policy(connection_t *conn) {
 
   return router_compare_addr_to_exit_policy(conn->addr, conn->port, 
                    desc_routerinfo->exit_policy);
-    
+
 }
 
 const char *router_get_my_descriptor(void) {