From 92ef9e37e7ddb98bdfcdc7ed2075d3e5afa70062 Mon Sep 17 00:00:00 2001 From: Roger Dingledine Date: Wed, 1 Feb 2006 03:53:52 +0000 Subject: Add a new config option ExitPolicyRejectPrivate which defaults to 1. This means all exit policies will begin with rejecting private addresses, unless the server operator explicitly turns it off. Also, make our code to remove redundancies in the exit policy smarter, so it can detect "reject foo, reject bar, reject *" patterns. Lastly, we can get rid of the "exit policy implicitly accepts" code, since we make everything more explicit now. svn:r5888 --- src/or/config.c | 94 ++++++++++++++++++++++++++++++++++++++++----------------- 1 file changed, 67 insertions(+), 27 deletions(-) (limited to 'src/or/config.c') diff --git a/src/or/config.c b/src/or/config.c index d56f34937..39df0715b 100644 --- a/src/or/config.c +++ b/src/or/config.c @@ -149,6 +149,7 @@ static config_var_t _option_vars[] = { VAR("ExcludeNodes", STRING, ExcludeNodes, NULL), VAR("ExitNodes", STRING, ExitNodes, NULL), VAR("ExitPolicy", LINELIST, ExitPolicy, NULL), + VAR("ExitPolicyRejectPrivate", BOOL, ExitPolicyRejectPrivate, "1"), VAR("FascistFirewall", BOOL, FascistFirewall, "0"), VAR("FirewallPorts", CSV, FirewallPorts, ""), VAR("FastFirstHopPK", BOOL, FastFirstHopPK, "1"), @@ -2214,13 +2215,10 @@ options_validate(or_options_t *old_options, or_options_t *options, result = -1; } - if (config_parse_addr_policy(options->ExitPolicy, &addr_policy, -1)) - REJECT("Error in Exit Policy entry."); + if (config_parse_exit_policy(options->ExitPolicy, &addr_policy, + options->ExitPolicyRejectPrivate)) + REJECT("Error in ExitPolicy entry."); - options_append_default_exit_policy(&addr_policy); - if (server_mode(options)) { - exit_policy_implicitly_allows_local_networks(addr_policy, 1); - } /* The rest of these calls *append* to addr_policy. So don't actually * use the results for anything other than checking if they parse! */ if (config_parse_addr_policy(options->DirPolicy, &addr_policy, -1)) @@ -2916,34 +2914,17 @@ normalize_log_options(or_options_t *options) return 0; } -#define DEFAULT_EXIT_POLICY \ - "reject private:*,reject *:25,reject *:119,reject *:135-139,reject *:445," \ - "reject *:465,reject *:587,reject *:1214,reject *:4661-4666," \ - "reject *:6346-6429,reject *:6699,reject *:6881-6999,accept *:*" - -/** Add the default exit policy entries to policy +/** Add the exit policy described by more to policy. */ -void -options_append_default_exit_policy(addr_policy_t **policy) +static void +options_append_exit_policy_string(addr_policy_t **policy, char *more) { config_line_t tmp; - addr_policy_t *ap; tmp.key = NULL; - tmp.value = (char*)DEFAULT_EXIT_POLICY; + tmp.value = more; tmp.next = NULL; config_parse_addr_policy(&tmp, policy, -1); - - /* Remove redundant parts, if any. */ - for (ap=*policy; ap; ap=ap->next) { - if (ap->msk == 0 && ap->prt_min <= 1 && ap->prt_max >= 65535) { - if (ap->next) { - addr_policy_free(ap->next); - ap->next = NULL; - } - return; - } - } } static int @@ -3005,6 +2986,65 @@ config_expand_exit_policy_aliases(smartlist_t *entries, int assume_action) return expanded_any; } +/** Detect and excise "dead code" from the policy *dest. */ +static void +config_exit_policy_remove_redundancies(addr_policy_t **dest) +{ + addr_policy_t *ap, *tmp; + int have_seen_accept=0; + + for (ap=*dest; ap; ap=ap->next) { + if (ap->policy_type == ADDR_POLICY_ACCEPT) + have_seen_accept=1; + if (ap->msk == 0 && ap->prt_min <= 1 && ap->prt_max >= 65535) { + /* This is a catch-all line -- later lines are unreachable. */ + if (ap->next) { + addr_policy_free(ap->next); + ap->next = NULL; + } + if (ap->policy_type == ADDR_POLICY_REJECT && + ap != *dest && !have_seen_accept) { + /* This is a "reject *:*" and all previous entries were + * "reject something". Throw out the previous entries. */ + for (tmp=*dest; tmp; tmp=tmp->next) { + if (tmp->next == ap) { + tmp->next = NULL; + addr_policy_free(*dest); + *dest = ap; + break; + } + } + } + } + } +} + +#define DEFAULT_EXIT_POLICY \ + "reject *:25,reject *:119,reject *:135-139,reject *:445," \ + "reject *:465,reject *:587,reject *:1214,reject *:4661-4666," \ + "reject *:6346-6429,reject *:6699,reject *:6881-6999,accept *:*" + +/** Parse the exit policy cfg into the linked list *dest. If + * cfg doesn't end in an absolute accept or reject, add the default exit + * policy afterwards. If rejectprivate is true, prepend + * "reject private:*" to the policy. Return -1 if we can't parse cfg, + * else return 0. + * + */ +int +config_parse_exit_policy(config_line_t *cfg, addr_policy_t **dest, + int rejectprivate) +{ + if (rejectprivate) + options_append_exit_policy_string(dest, "reject private:*"); + if (config_parse_addr_policy(cfg, dest, -1)) + return -1; + options_append_exit_policy_string(dest, DEFAULT_EXIT_POLICY); + + config_exit_policy_remove_redundancies(dest); + return 0; +} + /** * Given a linked list of config lines containing "allow" and "deny" tokens, * parse them and append the result to dest. Return -1 if any tokens -- cgit v1.2.3