diff options
| author | Nick Mathewson <nickm@torproject.org> | 2012-01-13 12:28:32 -0500 |
|---|---|---|
| committer | Nick Mathewson <nickm@torproject.org> | 2012-01-13 12:28:47 -0500 |
| commit | 938531773a017e6eb70f11e81a0543e81413f83f (patch) | |
| tree | 860f0854a6725790a551e4ff9a733796cd4794a2 /src/or/policies.c | |
| parent | fbd243a1652d7d610e9c8e00901638662cbe34c5 (diff) | |
| download | tor-938531773a017e6eb70f11e81a0543e81413f83f.tar tor-938531773a017e6eb70f11e81a0543e81413f83f.tar.gz | |
Allow authorities to baddir/badexit/invalid/reject nodes by cc
Implements ticket #4207
Diffstat (limited to 'src/or/policies.c')
| -rw-r--r-- | src/or/policies.c | 31 |
1 files changed, 27 insertions, 4 deletions
diff --git a/src/or/policies.c b/src/or/policies.c index 40e527747..fdec687b1 100644 --- a/src/or/policies.c +++ b/src/or/policies.c @@ -14,6 +14,7 @@ #include "nodelist.h" #include "policies.h" #include "routerparse.h" +#include "geoip.h" #include "ht.h" /** Policy that addresses for incoming SOCKS connections must match. */ @@ -313,13 +314,29 @@ socks_policy_permits_address(const tor_addr_t *addr) return addr_policy_permits_tor_addr(addr, 1, socks_policy); } +/** Return true iff the address <b>addr</b> is in a country listed in the + * case-insentive list of country codes <b>cc_list</b>. */ +static int +addr_is_in_cc_list(uint32_t addr, const smartlist_t *cc_list) +{ + country_t country; + const char *name; + if (!cc_list) + return 0; + country = geoip_get_country_by_ip(addr); + name = geoip_get_country_name(country); + return smartlist_string_isin_case(cc_list, name); +} + /** Return 1 if <b>addr</b>:<b>port</b> is permitted to publish to our * directory, based on <b>authdir_reject_policy</b>. Else return 0. */ int authdir_policy_permits_address(uint32_t addr, uint16_t port) { - return addr_policy_permits_address(addr, port, authdir_reject_policy); + if (! addr_policy_permits_address(addr, port, authdir_reject_policy)) + return 0; + return !addr_is_in_cc_list(addr, get_options()->AuthDirRejectCC); } /** Return 1 if <b>addr</b>:<b>port</b> is considered valid in our @@ -328,7 +345,9 @@ authdir_policy_permits_address(uint32_t addr, uint16_t port) int authdir_policy_valid_address(uint32_t addr, uint16_t port) { - return addr_policy_permits_address(addr, port, authdir_invalid_policy); + if (! addr_policy_permits_address(addr, port, authdir_invalid_policy)) + return 0; + return !addr_is_in_cc_list(addr, get_options()->AuthDirInvalidCC); } /** Return 1 if <b>addr</b>:<b>port</b> should be marked as a bad dir, @@ -337,7 +356,9 @@ authdir_policy_valid_address(uint32_t addr, uint16_t port) int authdir_policy_baddir_address(uint32_t addr, uint16_t port) { - return ! addr_policy_permits_address(addr, port, authdir_baddir_policy); + if (! addr_policy_permits_address(addr, port, authdir_baddir_policy)) + return 1; + return addr_is_in_cc_list(addr, get_options()->AuthDirBadDirCC); } /** Return 1 if <b>addr</b>:<b>port</b> should be marked as a bad exit, @@ -346,7 +367,9 @@ authdir_policy_baddir_address(uint32_t addr, uint16_t port) int authdir_policy_badexit_address(uint32_t addr, uint16_t port) { - return ! addr_policy_permits_address(addr, port, authdir_badexit_policy); + if (! addr_policy_permits_address(addr, port, authdir_badexit_policy)) + return 1; + return addr_is_in_cc_list(addr, get_options()->AuthDirBadExitCC); } #define REJECT(arg) \ |