diff options
| author | Nick Mathewson <nickm@torproject.org> | 2010-09-21 01:03:29 -0400 |
|---|---|---|
| committer | Nick Mathewson <nickm@torproject.org> | 2010-09-21 01:03:29 -0400 |
| commit | ef5925237d4712c40fb6d69b8de882ab39e6798f (patch) | |
| tree | db3ef32cb703879117bea8e354a7c59d99c21b69 /src/or/router.c | |
| parent | 5a55662a6b38dd5c70a514bd8cb7e4b2e0df7e97 (diff) | |
| download | tor-ef5925237d4712c40fb6d69b8de882ab39e6798f.tar tor-ef5925237d4712c40fb6d69b8de882ab39e6798f.tar.gz | |
First cut of code to enable RefuseUnknownExits
The RefuseUnknownExits config option is now a tristate, with "1"
meaning "enable it no matter what the consensus says", "0" meaning
"disable it no matter what the consensus says", and "auto" meaning "do
what the consensus says". If the consensus is silent, we enable
RefuseUnknownExits.
This patch also changes the dirserv logic so that refuseunknownexits
won't make us cache unless we're an exit.
Diffstat (limited to 'src/or/router.c')
| -rw-r--r-- | src/or/router.c | 30 |
1 files changed, 30 insertions, 0 deletions
diff --git a/src/or/router.c b/src/or/router.c index 978078bf7..6ae2ed0db 100644 --- a/src/or/router.c +++ b/src/or/router.c @@ -18,6 +18,7 @@ #include "geoip.h" #include "hibernate.h" #include "main.h" +#include "networkstatus.h" #include "policies.h" #include "relay.h" #include "rephist.h" @@ -975,6 +976,22 @@ server_mode(or_options_t *options) return (options->ORPort != 0 || options->ORListenAddress); } +/** Return true iff the combination of options in <b>options</b> and parameters + * in <b>consensus</b> mean that we don't want to allow exits from circuits + * we got from addresses not known to be servers. */ +int +should_refuse_unknown_exits(or_options_t *options) +{ + networkstatus_t *consensus; + if (options->RefuseUnknownExits_ != -1) { + return options->RefuseUnknownExits_; + } else if ((consensus = networkstatus_get_latest_consensus()) != NULL) { + return networkstatus_get_param(consensus, "refuseunknownexits", 1); + } else { + return 1; + } +} + /** Remember if we've advertised ourselves to the dirservers. */ static int server_is_advertised=0; @@ -1137,6 +1154,17 @@ router_compare_to_my_exit_policy(edge_connection_t *conn) desc_routerinfo->exit_policy) != ADDR_POLICY_ACCEPTED; } +/** Return true iff my exit policy is reject *:*. Return -1 if we don't + * have a descriptor */ +int +router_my_exit_policy_is_reject_star(void) +{ + if (!router_get_my_routerinfo()) /* make sure desc_routerinfo exists */ + return -1; + + return desc_routerinfo->policy_is_reject_star; +} + /** Return true iff I'm a server and <b>digest</b> is equal to * my identity digest. */ int @@ -1300,6 +1328,8 @@ router_rebuild_descriptor(int force) policies_parse_exit_policy(options->ExitPolicy, &ri->exit_policy, options->ExitPolicyRejectPrivate, ri->address, !options->BridgeRelay); + ri->policy_is_reject_star = + policy_is_reject_star(ri->exit_policy); if (desc_routerinfo) { /* inherit values */ ri->is_valid = desc_routerinfo->is_valid; |