Get rid of the notion of a separate default default exit policy.

author Roger Dingledine <arma@torproject.org>

Wed, 18 Feb 2004 03:56:12 +0000 (03:56 +0000)

committer Roger Dingledine <arma@torproject.org>

Wed, 18 Feb 2004 03:56:12 +0000 (03:56 +0000)
author Roger Dingledine <arma@torproject.org>
Wed, 18 Feb 2004 03:56:12 +0000 (03:56 +0000)
committer Roger Dingledine <arma@torproject.org>
Wed, 18 Feb 2004 03:56:12 +0000 (03:56 +0000)
diff --git a/src/config/torrc.in b/src/config/torrc.in

index 35077af7a248a25b5cf897a35d281ea1c175ca92..183b091b80900ec500e515ea1358071965db9d6d 100644 (file)
--- a/src/config/torrc.in
+++ b/src/config/torrc.in
@@ -19,7 +19,13 @@ SocksBindAddress 127.0.0.1 # accept connections only from localhost
  #ORPort 9001 # where to listen for cell-speaking connections
  #ORBindAddress 0.0.0.0 # accept connections from anywhere
  
-## A comma-separated list of exit policies. They're considered in
-## order, first match wins.
-#ExitPolicy reject 0.0.0.0/8,reject 169.254.0.0/16,reject 127.0.0.0/8,reject 192.168.0.0/16,reject 10.0.0.0/8,reject 172.16.0.0/12,accept *:20-22,accept *:53,accept *:79-80,accept *:110,accept *:143,accept *:443,accept *:873,accept *:1024-65535,reject *:*
+## A comma-separated list of exit policies. Define this if you
+## want to *augment* the default exit policy.
+## These entries are considered before the default exit policy.
+#ExitPolicyPrepend accept 18.244.0.188:25
+
+## A comma-separated list of exit policies. Define this if you
+## want to *replace* the default exit policy.
+## They're considered in order, first match wins.
+#ExitPolicy reject *:*
  
diff --git a/src/or/config.c b/src/or/config.c

index a42ea6ec5ac3abd05ef61ddd970517855dd84ab7..f4cb9bc701dc5fde1e236780710998d30243f3e7 100644 (file)
--- a/src/or/config.c
+++ b/src/or/config.c
@@ -165,6 +165,7 @@ static void config_assign(or_options_t *options, struct config_line *list) {
      config_compare(list, "ExitNodes",      CONFIG_TYPE_STRING, &options->ExitNodes) ||
      config_compare(list, "EntryNodes",     CONFIG_TYPE_STRING, &options->EntryNodes) ||
      config_compare(list, "ExitPolicy",     CONFIG_TYPE_STRING, &options->ExitPolicy) ||
+    config_compare(list, "ExitPolicyPrepend",CONFIG_TYPE_STRING, &options->ExitPolicyPrepend) ||
      config_compare(list, "ExcludedNodes",  CONFIG_TYPE_STRING, &options->ExcludedNodes) ||
  
      config_compare(list, "Group",          CONFIG_TYPE_STRING, &options->Group) ||
@@ -243,6 +244,7 @@ void free_options(or_options_t *options) {
    tor_free(options->EntryNodes);
    tor_free(options->ExcludedNodes);
    tor_free(options->ExitPolicy);
+  tor_free(options->ExitPolicyPrepend);
    tor_free(options->SocksBindAddress);
    tor_free(options->ORBindAddress);
    tor_free(options->DirBindAddress);
@@ -258,7 +260,8 @@ void init_options(or_options_t *options) {
    options->ExitNodes = tor_strdup("");
    options->EntryNodes = tor_strdup("");
    options->ExcludedNodes = tor_strdup("");
-  options->ExitPolicy = tor_strdup("reject *:25,reject 127.0.0.0/8:*,reject 0.0.0.0/8,accept *:*");
+  options->ExitPolicy = tor_strdup("reject 0.0.0.0/8,reject 169.254.0.0/16,reject 127.0.0.0/8,reject 192.168.0.0/16,reject 10.0.0.0/8,reject 172.16.0.0/12,accept *:20-22,accept *:53,accept *:79-80,accept *:110,accept *:143,accept *:443,accept *:873,accept *:1024-65535,reject *:*");
+  options->ExitPolicyPrepend = tor_strdup("");
    options->SocksBindAddress = tor_strdup("127.0.0.1");
    options->ORBindAddress = tor_strdup("0.0.0.0");
    options->DirBindAddress = tor_strdup("0.0.0.0");
@@ -271,7 +274,7 @@ void init_options(or_options_t *options) {
    options->DirFetchPostPeriod = 600;
    options->KeepalivePeriod = 300;
    options->MaxOnionsPending = 100;
-  options->NewCircuitPeriod = 60; /* once a minute */
+  options->NewCircuitPeriod = 30; /* twice a minute */
    options->BandwidthRate = 800000; /* at most 800kB/s total sustained incoming */
    options->BandwidthBurst = 10000000; /* max burst on the token bucket */
    options->NumCpus = 1;
diff --git a/src/or/or.h b/src/or/or.h

index a293e6f0100ee6bc781481347e310539abb2ca11..f7e0d06c6ebe1b625c2711ec35ac42888815ef83 100644 (file)
--- a/src/or/or.h
+++ b/src/or/or.h
@@ -497,6 +497,7 @@ typedef struct {
    char *EntryNodes;
    char *ExcludedNodes;
    char *ExitPolicy;
+  char *ExitPolicyPrepend;
    char *SocksBindAddress;
    char *ORBindAddress;
    char *DirBindAddress;
diff --git a/src/or/router.c b/src/or/router.c

index 7fe5e94e11078c3655bfd77270c10d76ece1a226..25fc6dd7389a5b42929524acf88b8baa482ef0b3 100644 (file)
--- a/src/or/router.c
+++ b/src/or/router.c
@@ -253,8 +253,8 @@ void router_upload_desc_to_dirservers(void) {
    }
  }
  
-static void router_add_exit_policy_from_config(routerinfo_t *router) {
-  char *s = options.ExitPolicy, *e;
+static void router_add_exit_policy_from_config_helper(char *s, routerinfo_t *router) {
+  char *e;
    int last=0;
    char line[1024];
  
@@ -286,6 +286,11 @@ static void router_add_exit_policy_from_config(routerinfo_t *router) {
    }
  }
  
+static void router_add_exit_policy_from_config(routerinfo_t *router) {
+  router_add_exit_policy_from_config_helper(options.ExitPolicyPrepend, router);
+  router_add_exit_policy_from_config_helper(options.ExitPolicy, router);
+}
+
  /* Return false if my exit policy says to allow connection to conn.
   * Else return true.
   */
@@ -296,7 +301,7 @@ int router_compare_to_my_exit_policy(connection_t *conn) {
  
    return router_compare_addr_to_exit_policy(conn->addr, conn->port, 
                     desc_routerinfo->exit_policy);
-    
+
  }
  
  const char *router_get_my_descriptor(void) {
author	Roger Dingledine <arma@torproject.org>
	Wed, 18 Feb 2004 03:56:12 +0000 (03:56 +0000)
committer	Roger Dingledine <arma@torproject.org>
	Wed, 18 Feb 2004 03:56:12 +0000 (03:56 +0000)
src/config/torrc.in		patch \| blob \| blame \| history
src/or/config.c		patch \| blob \| blame \| history
src/or/or.h		patch \| blob \| blame \| history
src/or/router.c		patch \| blob \| blame \| history