--- /dev/null
+ o Minor features:
+ - Warn the user if they put any ports in the SocksPolicy,
+ DirPolicy, AuthDirReject, AuthDirInvalid, AuthDirBadDir, or
+ AuthDirBadExit options. Fixes ticket #11108.
+
+ o Documentation:
+ - Explain that SocksPolicy, DirPolicy, and their allies don't take
+ port arguments. Fixes ticket #11108.
[[SocksPolicy]] **SocksPolicy** __policy__,__policy__,__...__::
Set an entrance policy for this server, to limit who can connect to the
SocksPort and DNSPort ports. The policies have the same form as exit
- policies below.
+ policies below, except that port specifiers are ignored.
[[SocksTimeout]] **SocksTimeout** __NUM__::
Let a socks connection wait NUM seconds handshaking, and NUM seconds
[[DirPolicy]] **DirPolicy** __policy__,__policy__,__...__::
Set an entrance policy for this server, to limit who can connect to the
- directory ports. The policies have the same form as exit policies above.
+ directory ports. The policies have the same form as exit policies above,
+ except that port specifiers are ignored.
[[FetchV2Networkstatus]] **FetchV2Networkstatus** **0**|**1**::
If set, we try to fetch the (obsolete, unused) version 2 network status
[[AuthDirBadDir]] **AuthDirBadDir** __AddressPattern...__::
Authoritative directories only. A set of address patterns for servers that
will be listed as bad directories in any network status document this
- authority publishes, if **AuthDirListBadDirs** is set.
+ authority publishes, if **AuthDirListBadDirs** is set. +
+ +
+ (The address pattern syntax here and in the options below
+ is the same as for exit policies, except that you don't need to say
+ "accept" or "reject", and ports are not needed.)
[[AuthDirBadExit]] **AuthDirBadExit** __AddressPattern...__::
Authoritative directories only. A set of address patterns for servers that
* Ignore port specifiers.
*/
static int
-load_policy_from_option(config_line_t *config, smartlist_t **policy,
+load_policy_from_option(config_line_t *config, const char *option_name,
+ smartlist_t **policy,
int assume_action)
{
int r;
+ int killed_any_ports = 0;
addr_policy_list_free(*policy);
*policy = NULL;
r = parse_addr_policy(config, policy, assume_action);
c = addr_policy_get_canonical_entry(&newp);
SMARTLIST_REPLACE_CURRENT(*policy, n, c);
addr_policy_free(n);
+ killed_any_ports = 1;
}
} SMARTLIST_FOREACH_END(n);
}
+ if (killed_any_ports) {
+ log_warn(LD_CONFIG, "Ignoring ports in %s option.", option_name);
+ }
return 0;
}
policies_parse_from_options(const or_options_t *options)
{
int ret = 0;
- if (load_policy_from_option(options->SocksPolicy, &socks_policy, -1) < 0)
+ if (load_policy_from_option(options->SocksPolicy, "SocksPolicy",
+ &socks_policy, -1) < 0)
ret = -1;
- if (load_policy_from_option(options->DirPolicy, &dir_policy, -1) < 0)
+ if (load_policy_from_option(options->DirPolicy, "DirPolicy",
+ &dir_policy, -1) < 0)
ret = -1;
- if (load_policy_from_option(options->AuthDirReject,
+ if (load_policy_from_option(options->AuthDirReject, "AuthDirReject",
&authdir_reject_policy, ADDR_POLICY_REJECT) < 0)
ret = -1;
- if (load_policy_from_option(options->AuthDirInvalid,
+ if (load_policy_from_option(options->AuthDirInvalid, "AuthDirInvalid",
&authdir_invalid_policy, ADDR_POLICY_REJECT) < 0)
ret = -1;
- if (load_policy_from_option(options->AuthDirBadDir,
+ if (load_policy_from_option(options->AuthDirBadDir, "AuthDirBadDir",
&authdir_baddir_policy, ADDR_POLICY_REJECT) < 0)
ret = -1;
- if (load_policy_from_option(options->AuthDirBadExit,
+ if (load_policy_from_option(options->AuthDirBadExit, "AuthDirBadExit",
&authdir_badexit_policy, ADDR_POLICY_REJECT) < 0)
ret = -1;
if (parse_reachable_addresses() < 0)
projects / thirdparty / tor.git / commitdiff
