summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorNick Mathewson <nickm@torproject.org>2004-10-19 17:46:06 +0000
committerNick Mathewson <nickm@torproject.org>2004-10-19 17:46:06 +0000
commitc7151d8bedc3ef4b79fb1b2d926a97150149166c (patch)
tree572470d9d01d988cfbe3f7b9a23318df81e723cb
parent97a0a435114e99e14dafa9f6ee72df644254b460 (diff)
downloadtor-c7151d8bedc3ef4b79fb1b2d926a97150149166c.tar.gz
tor-c7151d8bedc3ef4b79fb1b2d926a97150149166c.zip
Add "pass" target for RedirectExit, to make it easier to break out of a sequence of rules
svn:r2566
Diffstat
-rw-r--r--doc/tor.1.in10
-rw-r--r--src/or/config.c13
-rw-r--r--src/or/connection_edge.c12
-rw-r--r--src/or/or.h1
4 files changed, 24 insertions, 12 deletions
diff --git a/doc/tor.1.in b/doc/tor.1.in
index 9a8159f656..541a5ded95 100644
--- a/doc/tor.1.in
+++ b/doc/tor.1.in
@@ -220,13 +220,17 @@ Bind to this port to listen for connections from Tor clients and servers.
\fBorbindaddress \fR\fIIP\fP
Bind to this address to listen for connections from Tor clients and servers. (Default: 0.0.0.0)
.TP
-\fBredirectexit \fR\fIpattern address:port\fP
+\fBredirectexit \fR\fIpattern target\fP
Whenever an outgoing connection tries to connect to one of a given set
-of addresses, connect to \fIaddress:port\fP instead. The address
+of addresses, connect to \fItarget\fP (an \fIaddress:port\fP pair) instead.
+The address
pattern is given in the same format as for an exit policy. The
address translation applies after exit policies are applied. Multiple
\fBredirectexit\fP options can be used: once any one has matched
-successfully, no subsequent rules are considered.
+successfully, no subsequent rules are considered. You can specify that no
+redirection is to be performed on a given set of addresses by using the
+special target string "pass", which prevents subsequent rules from being
+considered.
.SH DIRECTORY SERVER OPTIONS
.PP
diff --git a/src/or/config.c b/src/or/config.c
index f50bd42f98..0e475db5ef 100644
--- a/src/or/config.c
+++ b/src/or/config.c
@@ -1106,10 +1106,15 @@ static int parse_redirect_line(or_options_t *options,
log_fn(LOG_WARN, "Error parsing source address in RedirectExit line");
goto err;
}
- if (parse_addr_port(smartlist_get(elements,1),NULL,&r->addr_dest,
- &r->port_dest)) {
- log_fn(LOG_WARN, "Error parseing dest address in RedirectExit line");
- goto err;
+ if (0==strcasecmp(smartlist_get(elements,1), "pass")) {
+ r->is_redirect = 0;
+ } else {
+ if (parse_addr_port(smartlist_get(elements,1),NULL,&r->addr_dest,
+ &r->port_dest)) {
+ log_fn(LOG_WARN, "Error parseing dest address in RedirectExit line");
+ goto err;
+ }
+ r->is_redirect = 1;
}
goto done;
diff --git a/src/or/connection_edge.c b/src/or/connection_edge.c
index 0fba0ae24d..6ff223bce4 100644
--- a/src/or/connection_edge.c
+++ b/src/or/connection_edge.c
@@ -901,11 +901,13 @@ void connection_exit_connect(connection_t *conn) {
if ((addr&r->mask)==(r->addr&r->mask) &&
(r->port_min <= port) && (port <= r->port_max)) {
struct in_addr in;
- addr = r->addr_dest;
- port = r->port_dest;
- in.s_addr = htonl(addr);
- log_fn(LOG_DEBUG, "Redirecting connection from %s:%d to %s:%d",
- conn->address, conn->port, inet_ntoa(in), port);
+ if (r->is_redirect) {
+ addr = r->addr_dest;
+ port = r->port_dest;
+ in.s_addr = htonl(addr);
+ log_fn(LOG_DEBUG, "Redirecting connection from %s:%d to %s:%d",
+ conn->address, conn->port, inet_ntoa(in), port);
+ }
break;
}
});
diff --git a/src/or/or.h b/src/or/or.h
index 65fea556a1..196a1dc9a5 100644
--- a/src/or/or.h
+++ b/src/or/or.h
@@ -824,6 +824,7 @@ typedef struct exit_redirect_t {
uint16_t port_min;
uint16_t port_max;
+ int is_redirect;
uint32_t addr_dest;
uint16_t port_dest;
} exit_redirect_t;
7apu2bq3rhoylwmucxizk54afw5jyda7pho4j5zdcqpwkufke7zdzwad.onion