0.0.9pre6:
- Oct 20 16:45:10.237 [warn] parse_addr_port(): Port '0' out of range
- - clean up parse_*_policy code
- - when you hup, they're not getting re-parsed
- - stop calling a *_policy an exit_policy_t
+ o clean up parse_*_policy code
+ o when you hup, they're not getting re-parsed
+ o stop calling a *_policy an exit_policy_t
+ - Regenerate our server descriptor when a relevant option is changed from
+ control.c.
- Writing out the machine-readable torrc file
- fix print_usage()
- Download and use running-routers
- document signals in man page
+ - Document all undocumented configuration options.
+ - Accounting
+ - Control interface authentication
+ - ... ?
N - RPMs
o Merge changes from jbash
- Figure out versioning
if (set_max_file_descriptors(options->MaxConn) < 0)
return -1;
-
mark_logs_temp(); /* Close current logs once new logs are open. */
if (config_init_logs(options, 0)<0) /* Configure the log(s) */
return -1;
if(options->PidFile)
write_pidfile(options->PidFile);
+ /* Update address policies. */
+ parse_socks_policy();
+ parse_dir_policy();
+
init_cookie_authentication(options->CookieAuthentication);
/* reload keys as needed for rendezvous services. */
int i;
int result = 0;
struct config_line_t *cl;
+ struct addr_policy_t *addr_policy=NULL;
if (options->ORPort < 0 || options->ORPort > 65535) {
log(LOG_WARN, "ORPort option out of bounds.");
result = -1;
}
+ if (config_parse_addr_policy(options->ExitPolicy, &addr_policy)) {
+ log_fn(LOG_WARN, "Error in Exit Policy entry.");
+ result = -1;
+ }
+ if (config_parse_addr_policy(options->DirPolicy, &addr_policy)) {
+ log_fn(LOG_WARN, "Error in DirPolicy entry.");
+ result = -1;
+ }
+ if (config_parse_addr_policy(options->SocksPolicy, &addr_policy)) {
+ log_fn(LOG_WARN, "Error in SocksPolicy entry.");
+ result = -1;
+ }
+ addr_policy_free(addr_policy);
+
for (cl = options->RedirectExit; cl; cl = cl->next) {
if (parse_redirect_line(NULL, cl)<0)
result = -1;
/**
* Given a linked list of config lines containing "allow" and "deny" tokens,
- * parse them and place the result in <b>dest</b>. Skip malformed lines.
+ * parse them and append the result to <b>dest</b>. Return -1 if any tokens
+ * are malformed, else return 0.
*/
-void
-config_parse_exit_policy(struct config_line_t *cfg,
- struct exit_policy_t **dest)
+int
+config_parse_addr_policy(struct config_line_t *cfg,
+ struct addr_policy_t **dest)
{
- struct exit_policy_t **nextp;
+ struct addr_policy_t **nextp;
smartlist_t *entries;
+ int r = 0;
if (!cfg)
- return;
+ return 0;
nextp = dest;
SMARTLIST_FOREACH(entries, const char *, ent,
{
log_fn(LOG_DEBUG,"Adding new entry '%s'",ent);
- *nextp = router_parse_exit_policy_from_string(ent);
+ *nextp = router_parse_addr_policy_from_string(ent);
if (*nextp) {
nextp = &((*nextp)->next);
} else {
- log_fn(LOG_WARN,"Malformed exit policy %s; skipping.", ent);
+ log_fn(LOG_WARN,"Malformed policy %s.", ent);
+ r = -1;
}
});
SMARTLIST_FOREACH(entries, char *, ent, tor_free(ent));
smartlist_clear(entries);
}
smartlist_free(entries);
+ return r;
}
/** Release all storage held by <b>p</b> */
void
-exit_policy_free(struct exit_policy_t *p) {
- struct exit_policy_t *e;
+addr_policy_free(struct addr_policy_t *p) {
+ struct addr_policy_t *e;
while (p) {
e = p;
#include "or.h"
#include "tree.h"
-static struct exit_policy_t *socks_policy = NULL;
+static struct addr_policy_t *socks_policy = NULL;
/* List of exit_redirect_t */
static smartlist_t *redirect_exit_list = NULL;
static int connection_ap_handshake_process_socks(connection_t *conn);
-static void parse_socks_policy(void);
+void parse_socks_policy(void);
/** Handle new bytes on conn->inbuf, or notification of eof.
*
return tor_version_as_new_as(exit->platform, "0.0.9pre1");
}
addr = client_dns_lookup_entry(conn->socks_request->address);
- if(router_compare_addr_to_exit_policy(addr,
+ if(router_compare_addr_to_addr_policy(addr,
conn->socks_request->port, exit->exit_policy) < 0)
return 0;
return 1;
* is parsed, and put the processed version in &socks_policy.
* Ignore port specifiers.
*/
-static void parse_socks_policy(void)
+void
+parse_socks_policy(void)
{
- struct exit_policy_t *n;
+ struct addr_policy_t *n;
if (socks_policy) {
- exit_policy_free(socks_policy);
+ addr_policy_free(socks_policy);
socks_policy = NULL;
}
- config_parse_exit_policy(get_options()->SocksPolicy, &socks_policy);
+ config_parse_addr_policy(get_options()->SocksPolicy, &socks_policy);
/* ports aren't used. */
for (n=socks_policy; n; n = n->next) {
n->prt_min = 1;
int socks_policy_permits_address(uint32_t addr)
{
int a;
- or_options_t *options = get_options();
- if (options->SocksPolicy && !socks_policy)
- parse_socks_policy();
if(!socks_policy) /* 'no socks policy' means 'accept' */
return 1;
- a = router_compare_addr_to_exit_policy(addr, 1, socks_policy);
+ a = router_compare_addr_to_addr_policy(addr, 1, socks_policy);
if (a==-1)
return 0;
else if (a==0)
/********* START VARIABLES **********/
-static struct exit_policy_t *dir_policy = NULL;
+static struct addr_policy_t *dir_policy = NULL;
#if 0 /* commented out for now, since for now what clients send is
different from what servers want to receive */
/********* END VARIABLES ************/
-/** A helper function for dir_policy_permits_address() below.
- *
- * Parse options->DirPolicy in the same way that the exit policy
- * is parsed, and put the processed version in &dir_policy.
- * Ignore port specifiers.
+/** Parse get_options()->DirPolicy, and put the processed version in
+ * &dir_policy. Ignore port specifiers.
*/
-static void parse_dir_policy(void)
+void
+parse_dir_policy(void)
{
- struct exit_policy_t *n;
+ struct addr_policy_t *n;
if (dir_policy) {
- exit_policy_free(dir_policy);
+ addr_policy_free(dir_policy);
dir_policy = NULL;
}
- config_parse_exit_policy(get_options()->DirPolicy, &dir_policy);
+ config_parse_addr_policy(get_options()->DirPolicy, &dir_policy);
/* ports aren't used. */
for (n=dir_policy; n; n = n->next) {
n->prt_min = 1;
int dir_policy_permits_address(uint32_t addr)
{
int a;
- if (get_options()->DirPolicy && !dir_policy)
- parse_dir_policy();
if(!dir_policy) /* 'no dir policy' means 'accept' */
return 1;
- a = router_compare_addr_to_exit_policy(addr, 1, dir_policy);
+ a = router_compare_addr_to_addr_policy(addr, 1, dir_policy);
if (a==-1)
return 0;
else if (a==0)
typedef struct connection_t connection_t;
-#define EXIT_POLICY_ACCEPT 1
-#define EXIT_POLICY_REJECT 2
+#define ADDR_POLICY_ACCEPT 1
+#define ADDR_POLICY_REJECT 2
-/** A linked list of exit policy rules */
-struct exit_policy_t {
- char policy_type; /**< One of EXIT_POLICY_ACCEPT or EXIT_POLICY_REJECT. */
+/** A linked list of policy rules */
+struct addr_policy_t {
+ char policy_type; /**< One of ADDR_POLICY_ACCEPT or ADDR_POLICY_REJECT. */
char *string; /**< String representation of this rule. */
uint32_t addr; /**< Base address to accept or reject. */
- uint32_t msk; /**< Accept/reject all addresses <b>a</b> such that a & msk ==
- * <b>addr</b> & msk . */
+ uint32_t msk; /**< Accept/reject all addresses <b>a</b> such that
+ * a & msk == <b>addr</b> & msk . */
uint16_t prt_min; /**< Lowest port number to accept/reject. */
uint16_t prt_max; /**< Highest port number to accept/reject. */
- struct exit_policy_t *next; /**< Next rule in list. */
+ struct addr_policy_t *next; /**< Next rule in list. */
};
/** Information about another onion router in the network. */
uint32_t bandwidthburst; /**< How large is this OR's token bucket? */
/** How many bytes/s is this router known to handle? */
uint32_t bandwidthcapacity;
- struct exit_policy_t *exit_policy; /**< What streams will this OR permit
+ struct addr_policy_t *exit_policy; /**< What streams will this OR permit
* to exit? */
long uptime; /**< How many seconds the router claims to have been up */
/* local info */
void options_init(or_options_t *options);
int init_from_config(int argc, char **argv);
int config_init_logs(or_options_t *options, int validate_only);
-void config_parse_exit_policy(struct config_line_t *cfg,
- struct exit_policy_t **dest);
-void exit_policy_free(struct exit_policy_t *p);
+int config_parse_addr_policy(struct config_line_t *cfg,
+ struct addr_policy_t **dest);
+void addr_policy_free(struct addr_policy_t *p);
int config_option_is_recognized(const char *key);
struct config_line_t *config_get_assigned_option(or_options_t *options,
const char *key);
void client_dns_set_entry(const char *address, uint32_t val);
void client_dns_clean(void);
void set_exit_redirects(smartlist_t *lst);
+void parse_socks_policy(void);
/********************************* connection_or.c ***************************/
int connection_dir_process_inbuf(connection_t *conn);
int connection_dir_finished_flushing(connection_t *conn);
int connection_dir_finished_connecting(connection_t *conn);
+void parse_dir_policy(void);
/********************************* dirserv.c ***************************/
void routerlist_remove_old_routers(int age);
int router_load_routerlist_from_directory(const char *s,crypto_pk_env_t *pkey,
int check_version);
-int router_compare_addr_to_exit_policy(uint32_t addr, uint16_t port,
- struct exit_policy_t *policy);
+int router_compare_addr_to_addr_policy(uint32_t addr, uint16_t port,
+ struct addr_policy_t *policy);
#define ADDR_POLICY_ACCEPTED 0
#define ADDR_POLICY_REJECTED -1
#define ADDR_POLICY_UNKNOWN 1
running_routers_t *router_parse_runningrouters(const char *str);
routerinfo_t *router_parse_entry_from_string(const char *s, const char *end);
int router_add_exit_policy_from_string(routerinfo_t *router, const char *s);
-struct exit_policy_t *router_parse_exit_policy_from_string(const char *s);
+struct addr_policy_t *router_parse_addr_policy_from_string(const char *s);
int check_software_version_against_directory(const char *directory,
int ignoreversion);
int tor_version_parse(const char *s, tor_version_t *out);
}
if(connection_ap_can_use_exit(conn, exitrouter)) {
log_fn(LOG_WARN,"Exitrouter %s seems to be more restrictive than its exit policy. Not using this router as exit for now,", exitrouter->nickname);
- exit_policy_free(exitrouter->exit_policy);
+ addr_policy_free(exitrouter->exit_policy);
exitrouter->exit_policy =
- router_parse_exit_policy_from_string("reject *:*");
+ router_parse_addr_policy_from_string("reject *:*");
}
conn->state = AP_CONN_STATE_CIRCUIT_WAIT;
* rule, then append the default exit policy as well.
*/
static void router_add_exit_policy_from_config(routerinfo_t *router) {
- struct exit_policy_t *ep;
+ struct addr_policy_t *ep;
struct config_line_t default_policy;
- config_parse_exit_policy(get_options()->ExitPolicy, &router->exit_policy);
+ config_parse_addr_policy(get_options()->ExitPolicy, &router->exit_policy);
for (ep = router->exit_policy; ep; ep = ep->next) {
if (ep->msk == 0 && ep->prt_min <= 1 && ep->prt_max >= 65535) {
default_policy.key = NULL;
default_policy.value = (char*)DEFAULT_EXIT_POLICY;
default_policy.next = NULL;
- config_parse_exit_policy(&default_policy, &router->exit_policy);
+ config_parse_addr_policy(&default_policy, &router->exit_policy);
}
/** OR only: Return false if my exit policy says to allow connection to
if (!conn->addr)
return -1;
- return router_compare_addr_to_exit_policy(conn->addr, conn->port,
+ return router_compare_addr_to_addr_policy(conn->addr, conn->port,
desc_routerinfo->exit_policy);
}
size_t onion_pkeylen, identity_pkeylen;
size_t written;
int result=0;
- struct exit_policy_t *tmpe;
+ struct addr_policy_t *tmpe;
char *bandwidth_usage;
char *family_line;
#ifdef DEBUG_ROUTER_DUMP_ROUTER_TO_STRING
in.s_addr = htonl(tmpe->addr);
/* Write: "accept 1.2.3.4" */
result = tor_snprintf(s+written, maxlen-written, "%s %s",
- tmpe->policy_type == EXIT_POLICY_ACCEPT ? "accept" : "reject",
+ tmpe->policy_type == ADDR_POLICY_ACCEPT ? "accept" : "reject",
tmpe->msk == 0 ? "*" : inet_ntoa(in));
if(result < 0 || result+written > maxlen) {
/* apparently different glibcs do different things on tor_snprintf error.. so check both */
SMARTLIST_FOREACH(router->declared_family, char *, s, tor_free(s));
smartlist_free(router->declared_family);
}
- exit_policy_free(router->exit_policy);
+ addr_policy_free(router->exit_policy);
tor_free(router);
}
routerinfo_t *routerinfo_copy(const routerinfo_t *router)
{
routerinfo_t *r;
- struct exit_policy_t **e, *tmp;
+ struct addr_policy_t **e, *tmp;
r = tor_malloc(sizeof(routerinfo_t));
memcpy(r, router, sizeof(routerinfo_t));
r->identity_pkey = crypto_pk_dup_key(r->identity_pkey);
e = &r->exit_policy;
while (*e) {
- tmp = tor_malloc(sizeof(struct exit_policy_t));
- memcpy(tmp,*e,sizeof(struct exit_policy_t));
+ tmp = tor_malloc(sizeof(struct addr_policy_t));
+ memcpy(tmp,*e,sizeof(struct addr_policy_t));
*e = tmp;
(*e)->string = tor_strdup((*e)->string);
e = & ((*e)->next);
}
/** Decide whether a given addr:port is definitely accepted, definitely
- * rejected, or neither by a given exit policy. If <b>addr</b> is 0, we
+ * rejected, or neither by a given policy. If <b>addr</b> is 0, we
* don't know the IP of the target address.
*
* Returns -1 for "rejected", 0 for "accepted", 1 for "maybe" (since IP is
* unknown).
*/
-int router_compare_addr_to_exit_policy(uint32_t addr, uint16_t port,
- struct exit_policy_t *policy)
+int router_compare_addr_to_addr_policy(uint32_t addr, uint16_t port,
+ struct addr_policy_t *policy)
{
int maybe_reject = 0;
int maybe_accept = 0;
int match = 0;
int maybe = 0;
struct in_addr in;
- struct exit_policy_t *tmpe;
+ struct addr_policy_t *tmpe;
for(tmpe=policy; tmpe; tmpe=tmpe->next) {
// log_fn(LOG_DEBUG,"Considering exit policy %s", tmpe->string);
}
}
if (maybe) {
- if (tmpe->policy_type == EXIT_POLICY_REJECT)
+ if (tmpe->policy_type == ADDR_POLICY_REJECT)
maybe_reject = 1;
else
maybe_accept = 1;
}
if (match) {
in.s_addr = htonl(addr);
- log_fn(LOG_DEBUG,"Address %s:%d matches exit policy '%s'",
+ log_fn(LOG_DEBUG,"Address %s:%d matches policy '%s'",
inet_ntoa(in), port, tmpe->string);
- if(tmpe->policy_type == EXIT_POLICY_ACCEPT) {
+ if(tmpe->policy_type == ADDR_POLICY_ACCEPT) {
/* If we already hit a clause that might trigger a 'reject', than we
* can't be sure of this certain 'accept'.*/
return maybe_reject ? ADDR_POLICY_UNKNOWN : ADDR_POLICY_ACCEPTED;
for (i=0;i<smartlist_len(routerlist->routers);i++) {
router = smartlist_get(routerlist->routers, i);
- if (router->is_running && router_compare_addr_to_exit_policy(
+ if (router->is_running && router_compare_addr_to_addr_policy(
addr, port, router->exit_policy) != ADDR_POLICY_REJECTED)
return 0; /* this one could be ok. good enough. */
}
/** Return true iff <b>router</b> does not permit exit streams.
*/
int router_exit_policy_rejects_all(routerinfo_t *router) {
- return router_compare_addr_to_exit_policy(0, 0, router->exit_policy)
+ return router_compare_addr_to_addr_policy(0, 0, router->exit_policy)
== ADDR_POLICY_REJECTED;
}
/* static function prototypes */
static int router_add_exit_policy(routerinfo_t *router,directory_token_t *tok);
-static struct exit_policy_t *router_parse_exit_policy(directory_token_t *tok);
+static struct addr_policy_t *router_parse_addr_policy(directory_token_t *tok);
static int router_get_hash_impl(const char *s, char *digest,
const char *start_str, const char *end_str);
static void token_free(directory_token_t *tok);
/** Parse the exit policy in the string <b>s</b> and return it.
*/
-struct exit_policy_t *
-router_parse_exit_policy_from_string(const char *s)
+struct addr_policy_t *
+router_parse_addr_policy_from_string(const char *s)
{
directory_token_t *tok = NULL;
const char *cp;
char *tmp;
- struct exit_policy_t *r;
+ struct addr_policy_t *r;
size_t len, idx;
/* *s might not end with \n, so we need to extend it with one. */
}
/* Now that we've gotten an exit policy, add it to the router. */
- r = router_parse_exit_policy(tok);
+ r = router_parse_addr_policy(tok);
goto done;
err:
r = NULL;
return r;
}
-int router_add_exit_policy_from_string(routerinfo_t *router, const char *s)
+int
+router_add_exit_policy_from_string(routerinfo_t *router, const char *s)
{
- struct exit_policy_t *newe, *tmpe;
- newe = router_parse_exit_policy_from_string(s);
+ struct addr_policy_t *newe, *tmpe;
+ newe = router_parse_addr_policy_from_string(s);
if (!newe)
return -1;
for (tmpe = router->exit_policy; tmpe; tmpe=tmpe->next)
return 0;
}
-static int router_add_exit_policy(routerinfo_t *router,directory_token_t *tok)
+static int
+router_add_exit_policy(routerinfo_t *router,directory_token_t *tok)
{
- struct exit_policy_t *newe, **tmpe;
- newe = router_parse_exit_policy(tok);
+ struct addr_policy_t *newe, **tmpe;
+ newe = router_parse_addr_policy(tok);
if (!newe)
return -1;
for (tmpe = &router->exit_policy; *tmpe; tmpe=&((*tmpe)->next))
/** Given a K_ACCEPT or K_REJECT token and a router, create and return
* a new exit_policy_t corresponding to the token. */
-static struct exit_policy_t *
-router_parse_exit_policy(directory_token_t *tok) {
+static struct addr_policy_t *
+router_parse_addr_policy(directory_token_t *tok) {
- struct exit_policy_t *newe;
+ struct addr_policy_t *newe;
struct in_addr in;
char *arg, *address;
return NULL;
arg = tok->args[0];
- newe = tor_malloc_zero(sizeof(struct exit_policy_t));
+ newe = tor_malloc_zero(sizeof(struct addr_policy_t));
newe->string = tor_malloc(8+strlen(arg));
tor_snprintf(newe->string, 8+strlen(arg), "%s %s",
(tok->tp == K_REJECT) ? "reject" : "accept", arg);
- newe->policy_type = (tok->tp == K_REJECT) ? EXIT_POLICY_REJECT
- : EXIT_POLICY_ACCEPT;
+ newe->policy_type = (tok->tp == K_REJECT) ? ADDR_POLICY_REJECT
+ : ADDR_POLICY_ACCEPT;
if (parse_addr_and_port_range(arg, &newe->addr, &newe->msk,
&newe->prt_min, &newe->prt_max))
address = tor_strdup(inet_ntoa(in));
in.s_addr = htonl(newe->msk);
log_fn(LOG_DEBUG,"%s %s/%s:%d-%d",
- newe->policy_type == EXIT_POLICY_REJECT ? "reject" : "accept",
+ newe->policy_type == ADDR_POLICY_REJECT ? "reject" : "accept",
address, inet_ntoa(in), newe->prt_min, newe->prt_max);
tor_free(address);
routerinfo_t r1, r2;
crypto_pk_env_t *pk1 = NULL, *pk2 = NULL, *pk3 = NULL;
routerinfo_t *rp1 = NULL, *rp2 = NULL;
- struct exit_policy_t ex1, ex2;
+ struct addr_policy_t ex1, ex2;
routerlist_t *dir1 = NULL, *dir2 = NULL;
tor_version_t ver1;
char *bw_lines = NULL;
r1.nickname = tor_strdup("Magri");
r1.platform = tor_strdup(platform);
- ex1.policy_type = EXIT_POLICY_ACCEPT;
+ ex1.policy_type = ADDR_POLICY_ACCEPT;
ex1.string = NULL;
ex1.addr = 0;
ex1.msk = 0;
ex1.prt_min = ex1.prt_max = 80;
ex1.next = &ex2;
- ex2.policy_type = EXIT_POLICY_REJECT;
+ ex2.policy_type = ADDR_POLICY_REJECT;
ex2.addr = 18 << 24;
ex2.msk = 0xFF000000u;
ex2.prt_min = ex2.prt_max = 24;
projects / thirdparty / tor.git / commitdiff
