Add "pass" target for RedirectExit, to make it easier to break out of a sequence of rules

svn:r2566

doc/tor.1.in

@@ -220,13 +220,17 @@ Bind to this port to listen for connections from Tor clients and servers.
 \fBorbindaddress \fR\fIIP\fP
 Bind to this address to listen for connections from Tor clients and servers. (Default: 0.0.0.0)
 .TP
-\fBredirectexit \fR\fIpattern address:port\fP
+\fBredirectexit \fR\fIpattern target\fP
 Whenever an outgoing connection tries to connect to one of a given set
-of addresses, connect to \fIaddress:port\fP instead.  The address
+of addresses, connect to \fItarget\fP (an \fIaddress:port\fP pair) instead.
+The address
 pattern is given in the same format as for an exit policy.  The
 address translation applies after exit policies are applied.  Multiple
 \fBredirectexit\fP options can be used: once any one has matched
-successfully, no subsequent rules are considered.
+successfully, no subsequent rules are considered.  You can specify that no
+redirection is to be performed on a given set of addresses by using the
+special target string "pass", which prevents subsequent rules from being
+considered.
 
 .SH DIRECTORY SERVER OPTIONS
 .PP

src/or/config.c

@@ -1106,10 +1106,15 @@ static int parse_redirect_line(or_options_t *options,
     log_fn(LOG_WARN, "Error parsing source address in RedirectExit line");
     goto err;
   }
-  if (parse_addr_port(smartlist_get(elements,1),NULL,&r->addr_dest,
+  if (0==strcasecmp(smartlist_get(elements,1), "pass")) {
-                      &r->port_dest)) {
+    r->is_redirect = 0;
-    log_fn(LOG_WARN, "Error parseing dest address in RedirectExit line");
+  } else {
-    goto err;
+    if (parse_addr_port(smartlist_get(elements,1),NULL,&r->addr_dest,
+                             &r->port_dest)) {
+      log_fn(LOG_WARN, "Error parseing dest address in RedirectExit line");
+      goto err;
+    }
+    r->is_redirect = 1;
   }
 
   goto done;

src/or/connection_edge.c

@@ -901,11 +901,13 @@ void connection_exit_connect(connection_t *conn) {
       if ((addr&r->mask)==(r->addr&r->mask) &&
           (r->port_min <= port) && (port <= r->port_max)) {
         struct in_addr in;
-        addr = r->addr_dest;
+        if (r->is_redirect) {
-        port = r->port_dest;
+          addr = r->addr_dest;
-        in.s_addr = htonl(addr);
+          port = r->port_dest;
-        log_fn(LOG_DEBUG, "Redirecting connection from %s:%d to %s:%d",
+          in.s_addr = htonl(addr);
-               conn->address, conn->port, inet_ntoa(in), port);
+          log_fn(LOG_DEBUG, "Redirecting connection from %s:%d to %s:%d",
+                 conn->address, conn->port, inet_ntoa(in), port);
+        }
         break;
       }
     });

src/or/or.h

@@ -824,6 +824,7 @@ typedef struct exit_redirect_t {
   uint16_t port_min;
   uint16_t port_max;
 
+  int is_redirect;
   uint32_t addr_dest;
   uint16_t port_dest;
 } exit_redirect_t;