Add "pass" target for RedirectExit, to make it easier to break out of a sequence...

svn:r2566

diff --git a/doc/tor.1.in b/doc/tor.1.in
index 9a8159f656e12c175b5b840926f624e4306cd5f3..541a5ded95aa07667260e792555c642816de0869 100644 (file)
--- a/doc/tor.1.in
+++ b/doc/tor.1.in
@@ -220,13 +220,17 @@ Bind to this port to listen for connections from Tor clients and servers.
 \fBorbindaddress \fR\fIIP\fP
 Bind to this address to listen for connections from Tor clients and servers. (Default: 0.0.0.0)
 .TP
-\fBredirectexit \fR\fIpattern address:port\fP
+\fBredirectexit \fR\fIpattern target\fP
 Whenever an outgoing connection tries to connect to one of a given set
-of addresses, connect to \fIaddress:port\fP instead.  The address
+of addresses, connect to \fItarget\fP (an \fIaddress:port\fP pair) instead.
+The address
 pattern is given in the same format as for an exit policy.  The
 address translation applies after exit policies are applied.  Multiple
 \fBredirectexit\fP options can be used: once any one has matched
-successfully, no subsequent rules are considered.
+successfully, no subsequent rules are considered.  You can specify that no
+redirection is to be performed on a given set of addresses by using the
+special target string "pass", which prevents subsequent rules from being
+considered.
 
 .SH DIRECTORY SERVER OPTIONS
 .PP

diff --git a/src/or/config.c b/src/or/config.c
index f50bd42f98de5e2a39582b9d240781171cec252a..0e475db5ef1faa4e631018def157e254fcfab373 100644 (file)
--- a/src/or/config.c
+++ b/src/or/config.c
@@ -1106,10 +1106,15 @@ static int parse_redirect_line(or_options_t *options,
     log_fn(LOG_WARN, "Error parsing source address in RedirectExit line");
     goto err;
   }
-  if (parse_addr_port(smartlist_get(elements,1),NULL,&r->addr_dest,
-                      &r->port_dest)) {
-    log_fn(LOG_WARN, "Error parseing dest address in RedirectExit line");
-    goto err;
+  if (0==strcasecmp(smartlist_get(elements,1), "pass")) {
+    r->is_redirect = 0;
+  } else {
+    if (parse_addr_port(smartlist_get(elements,1),NULL,&r->addr_dest,
+                             &r->port_dest)) {
+      log_fn(LOG_WARN, "Error parseing dest address in RedirectExit line");
+      goto err;
+    }
+    r->is_redirect = 1;
   }
 
   goto done;

diff --git a/src/or/connection_edge.c b/src/or/connection_edge.c
index 0fba0ae24d503f218e4229c85276566c73702c3c..6ff223bce46385d1f327f834a3d46be6e871548f 100644 (file)
--- a/src/or/connection_edge.c
+++ b/src/or/connection_edge.c
@@ -901,11 +901,13 @@ void connection_exit_connect(connection_t *conn) {
       if ((addr&r->mask)==(r->addr&r->mask) &&
           (r->port_min <= port) && (port <= r->port_max)) {
         struct in_addr in;
-        addr = r->addr_dest;
-        port = r->port_dest;
-        in.s_addr = htonl(addr);
-        log_fn(LOG_DEBUG, "Redirecting connection from %s:%d to %s:%d",
-               conn->address, conn->port, inet_ntoa(in), port);
+        if (r->is_redirect) {
+          addr = r->addr_dest;
+          port = r->port_dest;
+          in.s_addr = htonl(addr);
+          log_fn(LOG_DEBUG, "Redirecting connection from %s:%d to %s:%d",
+                 conn->address, conn->port, inet_ntoa(in), port);
+        }
         break;
       }
     });

diff --git a/src/or/or.h b/src/or/or.h
index 65fea556a178038137caa9fe16813219f6aeb8b6..196a1dc9a55bddae53a55e30d92d09bbd1b7e153 100644 (file)
--- a/src/or/or.h
+++ b/src/or/or.h
@@ -824,6 +824,7 @@ typedef struct exit_redirect_t {
   uint16_t port_min;
   uint16_t port_max;
 
+  int is_redirect;
   uint32_t addr_dest;
   uint16_t port_dest;
 } exit_redirect_t;