diff options
| author | Roger Dingledine <arma@torproject.org> | 2006-03-27 02:25:34 +0000 |
|---|---|---|
| committer | Roger Dingledine <arma@torproject.org> | 2006-03-27 02:25:34 +0000 |
| commit | 6f08d121d96be29c2ce2d9ef9df4416141651951 (patch) | |
| tree | 91c4acf09b72156d35b9bf259c2e5b48b968a14a | |
| parent | 74d35c8027937fe8dac031bf76e31a017d4fa81f (diff) | |
| download | tor-6f08d121d96be29c2ce2d9ef9df4416141651951.tar.gz tor-6f08d121d96be29c2ce2d9ef9df4416141651951.zip | |
Refactor and consolidate addr/exit policies into a new policies.c.
Fix some minor bugs and memory leaks along the way.
svn:r6246
| -rw-r--r-- | src/or/Makefile.am | 4 | ||||
| -rw-r--r-- | src/or/circuitbuild.c | 2 | ||||
| -rw-r--r-- | src/or/circuituse.c | 2 | ||||
| -rw-r--r-- | src/or/config.c | 467 | ||||
| -rw-r--r-- | src/or/connection_edge.c | 55 | ||||
| -rw-r--r-- | src/or/directory.c | 48 | ||||
| -rw-r--r-- | src/or/dirserv.c | 77 | ||||
| -rw-r--r-- | src/or/main.c | 3 | ||||
| -rw-r--r-- | src/or/or.h | 60 | ||||
| -rw-r--r-- | src/or/policies.c | 661 | ||||
| -rw-r--r-- | src/or/router.c | 6 | ||||
| -rw-r--r-- | src/or/routerlist.c | 84 | ||||
| -rw-r--r-- | src/or/routerparse.c | 6 | ||||
| -rw-r--r-- | src/or/test.c | 6 |
14 files changed, 721 insertions, 760 deletions
diff --git a/src/or/Makefile.am b/src/or/Makefile.am index b190fbfaef..6a77adffaa 100644 --- a/src/or/Makefile.am +++ b/src/or/Makefile.am @@ -8,7 +8,7 @@ tor_SOURCES = buffers.c circuitbuild.c circuitlist.c \ circuituse.c command.c config.c \ connection.c connection_edge.c connection_or.c control.c \ cpuworker.c directory.c dirserv.c dns.c hibernate.c main.c \ - onion.c relay.c rendcommon.c rendclient.c rendmid.c \ + onion.c policies.c relay.c rendcommon.c rendclient.c rendmid.c \ rendservice.c rephist.c router.c routerlist.c routerparse.c \ tor_main.c @@ -18,7 +18,7 @@ test_SOURCES = buffers.c circuitbuild.c circuitlist.c \ circuituse.c command.c config.c \ connection.c connection_edge.c connection_or.c control.c \ cpuworker.c directory.c dirserv.c dns.c hibernate.c main.c \ - onion.c relay.c rendcommon.c rendclient.c rendmid.c \ + onion.c policies.c relay.c rendcommon.c rendclient.c rendmid.c \ rendservice.c rephist.c router.c routerlist.c routerparse.c \ test.c diff --git a/src/or/circuitbuild.c b/src/or/circuitbuild.c index abb4763542..9bc2497ae2 100644 --- a/src/or/circuitbuild.c +++ b/src/or/circuitbuild.c @@ -1079,7 +1079,7 @@ router_handles_some_port(routerinfo_t *router, smartlist_t *needed_ports) addr_policy_result_t r; port = *(uint16_t *)smartlist_get(needed_ports, i); tor_assert(port); - r = router_compare_addr_to_addr_policy(0, port, router->exit_policy); + r = compare_addr_to_addr_policy(0, port, router->exit_policy); if (r != ADDR_POLICY_REJECTED && r != ADDR_POLICY_PROBABLY_REJECTED) return 1; } diff --git a/src/or/circuituse.c b/src/or/circuituse.c index db42402785..57cc538733 100644 --- a/src/or/circuituse.c +++ b/src/or/circuituse.c @@ -311,7 +311,7 @@ circuit_stream_is_being_handled(connection_t *conn, uint16_t port, int min) if (conn) { ok = connection_ap_can_use_exit(conn, exitrouter); } else { - addr_policy_result_t r = router_compare_addr_to_addr_policy( + addr_policy_result_t r = compare_addr_to_addr_policy( 0, port, exitrouter->exit_policy); ok = r != ADDR_POLICY_REJECTED && r != ADDR_POLICY_PROBABLY_REJECTED; } diff --git a/src/or/config.c b/src/or/config.c index 2040c8f668..da7a435f62 100644 --- a/src/or/config.c +++ b/src/or/config.c @@ -367,9 +367,6 @@ static int check_nickname_list(const char *lst, const char *name, char **msg); static void config_register_addressmaps(or_options_t *options); static int parse_dir_server_line(const char *line, int validate_only); -static int config_cmp_single_addr_policy(addr_policy_t *a, addr_policy_t *b); -static int config_addr_policy_covers(addr_policy_t *a, addr_policy_t *b); -static int config_addr_policy_intersects(addr_policy_t *a, addr_policy_t *b); static int parse_redirect_line(smartlist_t *result, config_line_t *line, char **msg); static int parse_log_severity_range(const char *range, int *min_out, @@ -392,7 +389,6 @@ static int or_state_validate(or_state_t *old_options, or_state_t *options, static uint64_t config_parse_memunit(const char *s, int *ok); static int config_parse_interval(const char *s, int *ok); static void print_cvs_version(void); -static void parse_reachable_addresses(void); static void init_libevent(void); static int opt_streq(const char *s1, const char *s2); #if defined(HAVE_EVENT_GET_VERSION) && defined(HAVE_EVENT_GET_METHOD) @@ -441,12 +437,6 @@ static or_options_t *global_options = NULL; static char *torrc_fname = NULL; /** Persistent serialized state. */ static or_state_t *global_state = NULL; -/** Parsed addr_policy_t describing which addresses we believe we can start - * circuits at. */ -static addr_policy_t *reachable_or_addr_policy = NULL; -/** Parsed addr_policy_t describing which addresses we believe we can connect - * to directories at. */ -static addr_policy_t *reachable_dir_addr_policy = NULL; /** Allocate an empty configuration object of a given format type. */ static void * @@ -507,14 +497,6 @@ config_free_all(void) global_state = NULL; } tor_free(torrc_fname); - if (reachable_or_addr_policy) { - addr_policy_free(reachable_or_addr_policy); - reachable_or_addr_policy = NULL; - } - if (reachable_dir_addr_policy) { - addr_policy_free(reachable_dir_addr_policy); - reachable_dir_addr_policy = NULL; - } } /** If options->SafeLogging is on, return a not very useful string, @@ -763,10 +745,7 @@ options_act(or_options_t *old_options) config_register_addressmaps(options); /* Update address policies. */ - parse_socks_policy(); - parse_dir_policy(); - parse_authdir_policy(); - parse_reachable_addresses(); + policies_parse_from_options(options); init_cookie_authentication(options->CookieAuthentication); @@ -1976,98 +1955,6 @@ validate_ports_csv(smartlist_t *sl, const char *name, char **msg) return 0; } -/** Helper: parse the Reachable(Dir|OR)?Addresses fields into - * reachable_(or|dir)_addr_policy. */ -static void -parse_reachable_addresses(void) -{ - or_options_t *options = get_options(); - - if (options->ReachableDirAddresses && - options->ReachableORAddresses && - options->ReachableAddresses) { - log_warn(LD_CONFIG, - "Both ReachableDirAddresses and ReachableORAddresses are set. " - "ReachableAddresses setting will be ignored."); - } - addr_policy_free(reachable_or_addr_policy); - reachable_or_addr_policy = NULL; - if (!options->ReachableORAddresses && options->ReachableAddresses) - log_info(LD_CONFIG, - "Using ReachableAddresses as ReachableORAddresses."); - if (config_parse_addr_policy(options->ReachableORAddresses ? - options->ReachableORAddresses : - options->ReachableAddresses, - &reachable_or_addr_policy, - ADDR_POLICY_ACCEPT)) { - log_warn(LD_CONFIG, - "Error parsing Reachable%sAddresses entry; ignoring.", - options->ReachableORAddresses ? "OR" : ""); - } - - addr_policy_free(reachable_dir_addr_policy); - reachable_dir_addr_policy = NULL; - if (!options->ReachableDirAddresses && options->ReachableAddresses) - log_info(LD_CONFIG, - "Using ReachableAddresses as ReachableDirAddresses"); - if (config_parse_addr_policy(options->ReachableDirAddresses ? - options->ReachableDirAddresses : - options->ReachableAddresses, - &reachable_dir_addr_policy, - ADDR_POLICY_ACCEPT)) { - if (options->ReachableDirAddresses) - log_warn(LD_CONFIG, - "Error parsing ReachableDirAddresses entry; ignoring."); - } -} - -/** Return true iff the firewall options might block any address:port - * combination. - */ -int -firewall_is_fascist_or(void) -{ - return !!reachable_or_addr_policy; -} - -/** Return true iff <b>policy</b> (possibly NULL) will allow a - * connection to <b>addr</b>:<b>port</b>. - */ -static int -_fascist_firewall_allows_address(uint32_t addr, uint16_t port, - addr_policy_t *policy) -{ - addr_policy_result_t p; - - p = router_compare_addr_to_addr_policy(addr, port, policy); - - switch (p) { - case ADDR_POLICY_PROBABLY_ACCEPTED: - case ADDR_POLICY_ACCEPTED: - return 1; - case ADDR_POLICY_PROBABLY_REJECTED: - case ADDR_POLICY_REJECTED: - return 0; - default: - log_warn(LD_BUG, "Unexpected result: %d", (int)p); - return 0; - } -} - -int -fascist_firewall_allows_address_or(uint32_t addr, uint16_t port) -{ - return _fascist_firewall_allows_address(addr, port, - reachable_or_addr_policy); -} - -int -fascist_firewall_allows_address_dir(uint32_t addr, uint16_t port) -{ - return _fascist_firewall_allows_address(addr, port, - reachable_dir_addr_policy); -} - /** Lowest allowable value for DirFetchPeriod; if this is too low, clients can * overload the directory system. */ #define MIN_DIR_FETCH_PERIOD (10*60) @@ -2104,7 +1991,6 @@ options_validate(or_options_t *old_options, or_options_t *options, { int i, r; config_line_t *cl; - addr_policy_t *addr_policy=NULL; const char *uname; char buf[1024]; #define REJECT(arg) \ @@ -2539,33 +2425,8 @@ options_validate(or_options_t *old_options, or_options_t *options, return -1; } - if (config_parse_exit_policy(options->ExitPolicy, &addr_policy, - options->ExitPolicyRejectPrivate)) - REJECT("Error in ExitPolicy entry."); - - /* The rest of these calls *append* to addr_policy. So don't actually - * use the results for anything other than checking if they parse! */ - if (config_parse_addr_policy(options->DirPolicy, &addr_policy, -1)) - REJECT("Error in DirPolicy entry."); - if (config_parse_addr_policy(options->SocksPolicy, &addr_policy, -1)) - REJECT("Error in SocksPolicy entry."); - if (config_parse_addr_policy(options->ReachableAddresses, &addr_policy, - ADDR_POLICY_ACCEPT)) - REJECT("Error in ReachableAddresses entry."); - if (config_parse_addr_policy(options->ReachableORAddresses, &addr_policy, - ADDR_POLICY_ACCEPT)) - REJECT("Error in ReachableORAddresses entry."); - if (config_parse_addr_policy(options->ReachableDirAddresses, &addr_policy, - ADDR_POLICY_ACCEPT)) - REJECT("Error in ReachableDirAddresses entry."); - if (config_parse_addr_policy(options->AuthDirReject, &addr_policy, - ADDR_POLICY_REJECT)) - REJECT("Error in AuthDirReject entry."); - if (config_parse_addr_policy(options->AuthDirInvalid, &addr_policy, - ADDR_POLICY_REJECT)) - REJECT("Error in AuthDirInvalid entry."); - - addr_policy_free(addr_policy); + if (validate_addr_policies(options, msg) < 0) + return -1; for (cl = options->RedirectExit; cl; cl = cl->next) { if (parse_redirect_line(NULL, cl, msg)<0) @@ -3261,326 +3122,6 @@ normalize_log_options(or_options_t *options) return 0; } -/** Add the exit policy described by <b>more</b> to <b>policy</b>. - */ -static void -options_append_exit_policy_string(addr_policy_t **policy, const char *more) -{ - config_line_t tmp; - - tmp.key = NULL; - tmp.value = (char*) more; - tmp.next = NULL; - config_parse_addr_policy(&tmp, policy, -1); -} - -static int -config_expand_exit_policy_aliases(smartlist_t *entries, int assume_action) -{ - static const char *prefixes[] = { - "0.0.0.0/8", "169.254.0.0/16", - "127.0.0.0/8", "192.168.0.0/16", "10.0.0.0/8", "172.16.0.0/12",NULL }; - int i; - char *pre=NULL, *post=NULL; - int expanded_any = 0; - pre = smartlist_join_strings(entries,",",0,NULL); - for (i = 0; i < smartlist_len(entries); ++i) { - char *v = smartlist_get(entries, i); - const char *cp, *ports; - const char *action; - int prefix_idx; - if (!strcasecmpstart(v, "accept")) { - action = "accept "; - cp = v+strlen("accept"); - } else if (!strcasecmpstart(v, "reject")) { - action = "reject "; - cp = v+strlen("reject"); - } else if (assume_action >= 0) { - action = ""; - cp = v; - } else { - log_warn(LD_CONFIG,"Policy '%s' didn't start with accept or reject.", v); - tor_free(pre); - return -1; - } - cp = eat_whitespace(cp); - if (strcmpstart(cp, "private")) - continue; /* No need to expand. */ - cp += strlen("private"); - cp = eat_whitespace(cp); - if (*cp && *cp != ':') - continue; /* It wasn't "private" after all. */ - ports = cp; - /* Okay. We're going to replace entries[i] with a bunch of new entries, - * in order. */ - smartlist_del_keeporder(entries, i); - for (prefix_idx = 0; prefixes[prefix_idx]; ++prefix_idx) { - size_t replacement_len = 16+strlen(prefixes[prefix_idx])+strlen(ports); - char *replacement = tor_malloc(replacement_len); - tor_snprintf(replacement, replacement_len, "%s%s%s", - action, prefixes[prefix_idx], ports); - smartlist_insert(entries, i++, replacement); - } - tor_free(v); - expanded_any = 1; - --i; - } - post = smartlist_join_strings(entries,",",0,NULL); - if (expanded_any) - log_info(LD_CONFIG, "Expanded '%s' to '%s'", pre, post); - tor_free(pre); - tor_free(post); - return expanded_any; -} - -/** Detect and excise "dead code" from the policy *<b>dest</b>. */ -static void -config_exit_policy_remove_redundancies(addr_policy_t **dest) -{ - addr_policy_t *ap, *tmp, *victim, *previous; - - /* Step one: find a *:* entry and cut off everything after it. */ - for (ap=*dest; ap; ap=ap->next) { - if (ap->msk == 0 && ap->prt_min <= 1 && ap->prt_max >= 65535) { - /* This is a catch-all line -- later lines are unreachable. */ - if (ap->next) { - addr_policy_free(ap->next); - ap->next = NULL; - } - } - } - - /* Step two: for every entry, see if there's a redundant entry - * later on, and remove it. */ - for (ap=*dest; ap; ap=ap->next) { - tmp=ap; - while (tmp) { - if (tmp->next && config_addr_policy_covers(ap, tmp->next)) { - log(LOG_INFO, LD_CONFIG, "Removing exit policy %s. It is made " - "redundant by %s.", tmp->next->string, ap->string); - victim = tmp->next; - tmp->next = victim->next; - victim->next = NULL; - addr_policy_free(victim); - } else { - tmp=tmp->next; - } - } - } - - /* Step three: for every entry A, see if there's an entry B making this one - * redundant later on. This is the case if A and B are of the same type - * (accept/reject), A is a subset of B, and there is no other entry of - * different type in between those two that intersects with A. - * - * Anybody want to doublecheck the logic here? XXX - */ - ap = *dest; - previous = NULL; - while (ap) { - for (tmp=ap->next; tmp; tmp=tmp->next) { - if (ap->policy_type != tmp->policy_type && - config_addr_policy_intersects(ap, tmp)) { - tmp = NULL; /* so that we advance previous and ap */ - break; - } - if (ap->policy_type == tmp->policy_type && - config_addr_policy_covers(tmp, ap)) { - log(LOG_INFO, LD_CONFIG, "Removing exit policy %s. It is made " - "redundant by %s.", ap->string, tmp->string); - victim = ap; - ap = ap->next; - - if (previous) { - assert(previous->next == victim); - previous->next = victim->next; - } else { - assert(*dest == victim); - *dest = victim->next; - } - - victim->next = NULL; - addr_policy_free(victim); - break; - } - } - if (!tmp) { - previous = ap; - ap = ap->next; - } - } -} - -#define DEFAULT_EXIT_POLICY \ - "reject *:25,reject *:119,reject *:135-139,reject *:445," \ - "reject *:465,reject *:587,reject *:1214,reject *:4661-4666," \ - "reject *:6346-6429,reject *:6699,reject *:6881-6999,accept *:*" - -/** Parse the exit policy <b>cfg</b> into the linked list *<b>dest</b>. If - * cfg doesn't end in an absolute accept or reject, add the default exit - * policy afterwards. If <b>rejectprivate</b> is true, prepend - * "reject private:*" to the policy. Return -1 if we can't parse cfg, - * else return 0. - * - */ -int -config_parse_exit_policy(config_line_t *cfg, addr_policy_t **dest, - int rejectprivate) -{ - if (rejectprivate) - options_append_exit_policy_string(dest, "reject private:*"); - if (config_parse_addr_policy(cfg, dest, -1)) - return -1; - options_append_exit_policy_string(dest, DEFAULT_EXIT_POLICY); - - config_exit_policy_remove_redundancies(dest); - return 0; -} - -/** - * Given a linked list of config lines containing "allow" and "deny" tokens, - * parse them and append the result to <b>dest</b>. Return -1 if any tokens - * are malformed, else return 0. - */ -int -config_parse_addr_policy(config_line_t *cfg, - addr_policy_t **dest, - int assume_action) -{ - addr_policy_t **nextp; - smartlist_t *entries; - int r = 0; - - if (!cfg) - return 0; - - nextp = dest; - - while (*nextp) - nextp = &((*nextp)->next); - - entries = smartlist_create(); - for (; cfg; cfg = cfg->next) { - smartlist_split_string(entries, cfg->value, ",", - SPLIT_SKIP_SPACE|SPLIT_IGNORE_BLANK, 0); - if (config_expand_exit_policy_aliases(entries,assume_action)<0) { - r = -1; - continue; - } - SMARTLIST_FOREACH(entries, const char *, ent, - { - log_debug(LD_CONFIG,"Adding new entry '%s'",ent); - *nextp = router_parse_addr_policy_from_string(ent, assume_action); - if (*nextp) { - if (addr_mask_get_bits((*nextp)->msk)<0) { - log_warn(LD_CONFIG, "Address policy element '%s' can't be expressed " - "as a bit prefix.", ent); - } - /* Advance nextp to the end of the policy. */ - while (*nextp) - nextp = &((*nextp)->next); - } else { - log_warn(LD_CONFIG,"Malformed policy '%s'.", ent); - r = -1; - } - }); - SMARTLIST_FOREACH(entries, char *, ent, tor_free(ent)); - smartlist_clear(entries); - } - smartlist_free(entries); - return r; -} - -/** Compare two provided address policy items, and return -1, 0, or 1 - * if the first is less than, equal to, or greater than the second. */ -static int -config_cmp_single_addr_policy(addr_policy_t *a, addr_policy_t *b) -{ - int r; - if ((r=((int)a->policy_type - (int)b->policy_type))) - return r; - if ((r=((int)a->addr - (int)b->addr))) - return r; - if ((r=((int)a->msk - (int)b->msk))) - return r; - if ((r=((int)a->prt_min - (int)b->prt_min))) - return r; - if ((r=((int)a->prt_max - (int)b->prt_max))) - return r; - return 0; -} - -/** Return true iff the address policy <b>a</b> covers every case that would be - * covered by <b>b</b>, so that a,b is redundant. */ -static int -config_addr_policy_covers(addr_policy_t *a, addr_policy_t *b) -{ - - /* We can ignore accept/reject, since "accept *:80, reject *:80" reduces to - * "accept *:80". */ - if (a->msk & ~b->msk) { - /* There's a wildcard bit in b->msk that's not a wildcard in a. */ - return 0; - } - if ((a->addr & a->msk) != (b->addr & a->msk)) { - /* There's a fixed bit in a that's set differently in b. */ - return 0; - } - return (a->prt_min <= b->prt_min && a->prt_max >= b->prt_max); -} - -/** Return true iff the address policies <b>a</b> and <b>b</b> intersect, that - * is, there exists an address/port that is covered by <b>a</b> that is also - * covered by <b>b</b>. - */ -static int -config_addr_policy_intersects(addr_policy_t *a, addr_policy_t *b) -{ - /* All the bits we care about are those that are set in both - * netmasks. If they are equal in a and b's networkaddresses - * then the networks intersect. If there is a difference, - * then they do not. */ - if (((a->addr ^ b->addr) & a->msk & b->msk) != 0) - return 0; - if (a->prt_max < b->prt_min || b->prt_max < a->prt_min) - return 0; - return 1; -} - -/** Like config_cmp_single_addr_policy() above, but looks at the - * whole set of policies in each case. */ -int -config_cmp_addr_policies(addr_policy_t *a, addr_policy_t *b) -{ - int r; - while (a && b) { - if ((r=config_cmp_single_addr_policy(a,b))) - return r; - a = a->next; - b = b->next; - } - if (!a && !b) - return 0; - if (a) - return -1; - else - return 1; -} - -/** Release all storage held by <b>p</b> */ -void -addr_policy_free(addr_policy_t *p) -{ - addr_policy_t *e; - - while (p) { - e = p; - p = p->next; - tor_free(e->string); - tor_free(e); - } -} - /** Parse a single RedirectExit line's contents from <b>line</b>. If * they are valid, and <b>result</b> is not NULL, add an element to * <b>result</b> and return 0. Else if they are valid, return 0. @@ -4333,6 +3874,7 @@ print_cvs_version(void) extern const char hibernate_c_id[]; extern const char main_c_id[]; extern const char onion_c_id[]; + extern const char policies_c_id[]; extern const char relay_c_id[]; extern const char rendclient_c_id[]; extern const char rendcommon_c_id[]; @@ -4381,6 +3923,7 @@ print_cvs_version(void) puts(hibernate_c_id); puts(main_c_id); puts(onion_c_id); + puts(policies_c_id); puts(relay_c_id); puts(rendclient_c_id); puts(rendcommon_c_id); diff --git a/src/or/connection_edge.c b/src/or/connection_edge.c index bb19b130ad..a11da1bbe1 100644 --- a/src/or/connection_edge.c +++ b/src/or/connection_edge.c @@ -13,7 +13,6 @@ const char connection_edge_c_id[] = #include "or.h" -static addr_policy_t *socks_policy = NULL; /* List of exit_redirect_t */ static smartlist_t *redirect_exit_list = NULL; @@ -1809,64 +1808,14 @@ connection_ap_can_use_exit(connection_t *conn, routerinfo_t *exit) addr_policy_result_t r; if (tor_inet_aton(conn->socks_request->address, &in)) addr = ntohl(in.s_addr); - r = router_compare_addr_to_addr_policy(addr, conn->socks_request->port, - exit->exit_policy); + r = compare_addr_to_addr_policy(addr, conn->socks_request->port, + exit->exit_policy); if (r == ADDR_POLICY_REJECTED || r == ADDR_POLICY_PROBABLY_REJECTED) return 0; } return 1; } -/** A helper function for socks_policy_permits_address() below. - * - * Parse options->SocksPolicy in the same way that the exit policy - * is parsed, and put the processed version in socks_policy. - * Ignore port specifiers. - */ -void -parse_socks_policy(void) -{ - addr_policy_t *n; - if (socks_policy) { - addr_policy_free(socks_policy); - socks_policy = NULL; - } - config_parse_addr_policy(get_options()->SocksPolicy, &socks_policy, -1); - /* ports aren't used. */ - for (n=socks_policy; n; n = n->next) { - n->prt_min = 1; - n->prt_max = 65535; - } -} - -/** Free all storage held by our SOCKS allow policy - */ -void -free_socks_policy(void) -{ - addr_policy_free(socks_policy); - socks_policy = NULL; -} - -/** Return 1 if <b>addr</b> is permitted to connect to our socks port, - * based on <b>socks_policy</b>. Else return 0. - */ -int -socks_policy_permits_address(uint32_t addr) -{ - int a; - - if (!socks_policy) /* 'no socks policy' means 'accept' */ - return 1; - a = router_compare_addr_to_addr_policy(addr, 1, socks_policy); - if (a==ADDR_POLICY_REJECTED) - return 0; - else if (a==ADDR_POLICY_ACCEPTED) - return 1; - log_warn(LD_BUG, "Bug: Got unexpected 'maybe' answer from socks policy"); - return 0; -} - /** Make connection redirection follow the provided list of * exit_redirect_t */ void diff --git a/src/or/directory.c b/src/or/directory.c index 5254d6bc9e..9a63ad2b1f 100644 --- a/src/or/directory.c +++ b/src/or/directory.c @@ -54,60 +54,12 @@ static void note_request(const char *key, size_t bytes); /********* START VARIABLES **********/ -static addr_policy_t *dir_policy = NULL; - /** How far in the future do we allow a directory server to tell us it is * before deciding that one of us has the wrong time? */ #define ALLOW_DIRECTORY_TIME_SKEW (30*60) /********* END VARIABLES ************/ -/** Parse get_options()->DirPolicy, and put the processed version in - * &dir_policy. Ignore port specifiers. - */ -void -parse_dir_policy(void) -{ - addr_policy_t *n; - if (dir_policy) { - addr_policy_free(dir_policy); - dir_policy = NULL; - } - config_parse_addr_policy(get_options()->DirPolicy, &dir_policy, -1); - /* ports aren't used. */ - for (n=dir_policy; n; n = n->next) { - n->prt_min = 1; - n->prt_max = 65535; - } -} - -/** Free storage used to hold parsed directory policy */ -void -free_dir_policy(void) -{ - addr_policy_free(dir_policy); - dir_policy = NULL; -} - -/** Return 1 if <b>addr</b> is permitted to connect to our dir port, - * based on <b>dir_policy</b>. Else return 0. - */ -int -dir_policy_permits_address(uint32_t addr) -{ - int a; - - if (!dir_policy) /* 'no dir policy' means 'accept' */ - return 1; - a = router_compare_addr_to_addr_policy(addr, 1, dir_policy); - if (a==ADDR_POLICY_REJECTED) - return 0; - else if (a==ADDR_POLICY_ACCEPTED) - return 1; - log_warn(LD_BUG, "Bug: got unexpected 'maybe' answer from dir policy"); - return 0; -} - /** Return true iff the directory purpose 'purpose' must use an * anonymous connection to a directory. */ static int diff --git a/src/or/dirserv.c b/src/or/dirserv.c index 2c6a6ac1f5..7cdfa15776 100644 --- a/src/or/dirserv.c +++ b/src/or/dirserv.c @@ -41,7 +41,6 @@ static char *format_versions_list(config_line_t *ln); /* Should be static; exposed for testing */ int add_fingerprint_to_dir(const char *nickname, const char *fp, smartlist_t *list); -static int router_is_general_exit(routerinfo_t *ri); static router_status_t dirserv_router_get_status(const routerinfo_t *router, const char **msg); static router_status_t @@ -55,40 +54,6 @@ static int dirserv_thinks_router_is_reachable(routerinfo_t *router, /************** Fingerprint handling code ************/ -static addr_policy_t *authdir_reject_policy = NULL; -static addr_policy_t *authdir_invalid_policy = NULL; - -/** Parse authdir policy strings from the configuration. - */ -void -parse_authdir_policy(void) -{ - addr_policy_t *n; - if (authdir_reject_policy) { - addr_policy_free(authdir_reject_policy); - authdir_reject_policy = NULL; - } - config_parse_addr_policy(get_options()->AuthDirReject, - &authdir_reject_policy, ADDR_POLICY_REJECT); - /* ports aren't used. */ - for (n=authdir_reject_policy; n; n = n->next) { - n->prt_min = 1; - n->prt_max = 65535; - } - - if (authdir_invalid_policy) { - addr_policy_free(authdir_invalid_policy); - authdir_invalid_policy = NULL; - } - config_parse_addr_policy(get_options()->AuthDirInvalid, - &authdir_invalid_policy, ADDR_POLICY_REJECT); - /* ports aren't used. */ - for (n=authdir_invalid_policy; n; n = n->next) { - n->prt_min = 1; - n->prt_max = 65535; - } -} - /** A member of fingerprint_list: maps a name to a fingerprint. **/ typedef struct fingerprint_entry_t { @@ -320,12 +285,7 @@ dirserv_get_status_impl(const char *fp, const char *nickname, } if (!nn_ent) { /* No such server known with that nickname */ - addr_policy_result_t rej = router_compare_addr_to_addr_policy( - addr, or_port, authdir_reject_policy); - addr_policy_result_t inv = router_compare_addr_to_addr_policy( - addr, or_port, authdir_invalid_policy); - - if (rej == ADDR_POLICY_PROBABLY_REJECTED || rej == ADDR_POLICY_REJECTED) { + if (!authdir_policy_permits_address(addr, or_port)) { if (should_log) log_info(LD_DIRSERV, "Rejecting '%s' because of address '%s'", nickname, address); @@ -333,7 +293,7 @@ dirserv_get_status_impl(const char *fp, const char *nickname, *msg = "Authdir is rejecting routers in this range."; return FP_REJECT; } - if (inv == ADDR_POLICY_PROBABLY_REJECTED || inv == ADDR_POLICY_REJECTED) { + if (!authdir_policy_valid_address(addr, or_port)) { if (should_log) log_info(LD_DIRSERV, "Not marking '%s' valid because of address '%s'", nickname, address); @@ -1203,33 +1163,6 @@ dirserv_get_runningrouters(const char **rr, int compress) "v1 network status list", 1); } -/** Return true iff <b>ri</b> is "useful as an exit node", meaning - * it allows exit to at least one /8 address space for at least - * one of ports 80, 443, and 6667. */ -static int -router_is_general_exit(routerinfo_t *ri) -{ - static const int ports[] = { 80, 443, 6667 }; - int n_allowed = 0; - int i; - for (i = 0; i < 3; ++i) { - struct addr_policy_t *policy = ri->exit_policy; - for ( ; policy; policy = policy->next) { - if (policy->prt_min > ports[i] || policy->prt_max < ports[i]) - continue; /* Doesn't cover our port. */ - if ((policy->msk & 0x00fffffful) != 0) - continue; /* Narrower than a /8. */ - if ((policy->addr & 0xff000000ul) == 0x7f000000ul) - continue; /* 127.x */ - /* We have a match that is at least a /8. */ - if (policy->policy_type == ADDR_POLICY_ACCEPT) - ++n_allowed; - break; - } - } - return n_allowed > 0; -} - /** For authoritative directories: the current (v2) network status */ static cached_dir_t the_v2_networkstatus = { NULL, NULL, 0, 0, 0 }; @@ -1416,7 +1349,7 @@ generate_v2_networkstatus(void) SMARTLIST_FOREACH(rl->routers, routerinfo_t *, ri, { if (ri->cache_info.published_on >= cutoff) { - int f_exit = router_is_general_exit(ri); + int f_exit = exit_policy_is_general_exit(ri->exit_policy); int f_stable = ri->is_stable = !dirserv_thinks_router_is_unreliable(ri, 1, 0); int f_fast = ri->is_fast = @@ -1721,10 +1654,6 @@ dirserv_free_all(void) smartlist_free(fingerprint_list); fingerprint_list = NULL; } - if (authdir_reject_policy) - addr_policy_free(authdir_reject_policy); - if (authdir_invalid_policy) - addr_policy_free(authdir_invalid_policy); clear_cached_dir(&the_directory); clear_cached_dir(&the_runningrouters); clear_cached_dir(&the_v2_networkstatus); diff --git a/src/or/main.c b/src/or/main.c index 633062c0da..20ebb9f13f 100644 --- a/src/or/main.c +++ b/src/or/main.c @@ -1531,8 +1531,6 @@ tor_free_all(int postfork) routerlist_free_all(); addressmap_free_all(); set_exit_redirects(NULL); /* free the registered exit redirects */ - free_socks_policy(); - free_dir_policy(); dirserv_free_all(); rend_service_free_all(); rend_cache_free_all(); @@ -1542,6 +1540,7 @@ tor_free_all(int postfork) circuit_free_all(); entry_guards_free_all(); connection_free_all(); + policies_free_all(); if (!postfork) { config_free_all(); router_free_all(); diff --git a/src/or/or.h b/src/or/or.h index abaf4bd8d7..9253b3c48a 100644 --- a/src/or/or.h +++ b/src/or/or.h @@ -1621,13 +1621,6 @@ int resolve_my_address(or_options_t *options, uint32_t *addr, void options_init(or_options_t *options); int options_init_from_torrc(int argc, char **argv); int options_init_logs(or_options_t *options, int validate_only); -int config_parse_exit_policy(config_line_t *cfg, - addr_policy_t **dest, - int rejectprivate); -int config_parse_addr_policy(config_line_t *cfg, - addr_policy_t **dest, - int assume_action); -int config_cmp_addr_policies(addr_policy_t *a, addr_policy_t *b); void addr_policy_free(addr_policy_t *p); int option_is_recognized(const char *key); const char *option_get_canonical_name(const char *key); @@ -1643,10 +1636,6 @@ int or_state_save(void); int config_getinfo_helper(const char *question, char **answer); -int firewall_is_fascist_or(void); -int fascist_firewall_allows_address_or(uint32_t addr, uint16_t port); -int fascist_firewall_allows_address_dir(uint32_t addr, uint16_t port); - /********************************* connection.c ***************************/ const char *conn_type_to_string(int type); @@ -1768,10 +1757,6 @@ void addressmap_get_mappings(smartlist_t *sl, time_t min_expires, int connection_ap_handshake_rewrite_and_attach(connection_t *conn, circuit_t *circ); -void parse_socks_policy(void); -void free_socks_policy(void); -int socks_policy_permits_address(uint32_t addr); - void set_exit_redirects(smartlist_t *lst); typedef enum hostname_type_t { NORMAL_HOSTNAME, ONION_HOSTNAME, EXIT_HOSTNAME, BAD_HOSTNAME @@ -1888,7 +1873,6 @@ int assign_to_cpuworker(connection_t *cpuworker, uint8_t question_type, /********************************* directory.c ***************************/ -int dir_policy_permits_address(uint32_t addr); void directory_post_to_dirservers(uint8_t purpose, const char *payload, size_t payload_len); void directory_get_from_dirserver(uint8_t purpose, const char *resource, @@ -1913,8 +1897,6 @@ int connection_dir_process_inbuf(connection_t *conn); int connection_dir_finished_flushing(connection_t *conn); int connection_dir_finished_connecting(connection_t *conn); void connection_dir_request_failed(connection_t *conn); -void parse_dir_policy(void); -void free_dir_policy(void); int dir_split_resource_into_fingerprints(const char *resource, smartlist_t *fp_out, int *compresseed_out, int decode_hex); @@ -1922,7 +1904,6 @@ char *directory_dump_request_log(void); /********************************* dirserv.c ***************************/ -void parse_authdir_policy(void); int dirserv_add_own_fingerprint(const char *nickname, crypto_pk_env_t *pk); int dirserv_parse_fingerprint_file(const char *fname); void dirserv_free_fingerprint_list(void); @@ -2047,6 +2028,37 @@ int fast_client_handshake(const char *handshake_state, void clear_pending_onions(void); +/********************************* policies.c ************************/ + +typedef enum { + ADDR_POLICY_ACCEPTED=0, + ADDR_POLICY_REJECTED=-1, + ADDR_POLICY_PROBABLY_ACCEPTED=1, + ADDR_POLICY_PROBABLY_REJECTED=2 +} addr_policy_result_t; + +int firewall_is_fascist_or(void); +int fascist_firewall_allows_address_or(uint32_t addr, uint16_t port); +int fascist_firewall_allows_address_dir(uint32_t addr, uint16_t port); +int dir_policy_permits_address(uint32_t addr); +int socks_policy_permits_address(uint32_t addr); +int authdir_policy_permits_address(uint32_t addr, uint16_t port); +int authdir_policy_valid_address(uint32_t addr, uint16_t port); + +int validate_addr_policies(or_options_t *options, char **msg); +void policies_parse_from_options(or_options_t *options); + +int cmp_addr_policies(addr_policy_t *a, addr_policy_t *b); +addr_policy_result_t compare_addr_to_addr_policy(uint32_t addr, + uint16_t port, addr_policy_t *policy); +int policies_parse_exit_policy(config_line_t *cfg, + addr_policy_t **dest, + int rejectprivate); +int exit_policy_is_general_exit(addr_policy_t *policy); + +void addr_policy_free(addr_policy_t *p); +void policies_free_all(void); + /********************************* relay.c ***************************/ extern uint64_t stats_n_relay_cells_relayed; @@ -2205,12 +2217,6 @@ int rend_mid_rendezvous(circuit_t *circ, const char *request, size_t request_len); /********************************* router.c ***************************/ -typedef enum { - ADDR_POLICY_ACCEPTED=0, - ADDR_POLICY_REJECTED=-1, - ADDR_POLICY_PROBABLY_ACCEPTED=1, - ADDR_POLICY_PROBABLY_REJECTED=2 -} addr_policy_result_t; void set_onion_key(crypto_pk_env_t *k); crypto_pk_env_t *get_onion_key(void); @@ -2347,13 +2353,11 @@ typedef enum { int router_set_networkstatus(const char *s, time_t arrived_at, networkstatus_source_t source, smartlist_t *requested_fingerprints); -addr_policy_result_t router_compare_addr_to_addr_policy(uint32_t addr, - uint16_t port, addr_policy_t *policy); int router_exit_policy_all_routers_reject(uint32_t addr, uint16_t port, int need_uptime); - int router_exit_policy_rejects_all(routerinfo_t *router); + void add_trusted_dir_server(const char *nickname, const char *address, uint16_t port, const char *digest, int supports_v1); diff --git a/src/or/policies.c b/src/or/policies.c new file mode 100644 index 0000000000..dba6f2678f --- /dev/null +++ b/src/or/policies.c @@ -0,0 +1,661 @@ +/* Copyright (c) 2001-2004, Roger Dingledine. + * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson. */ +/* See LICENSE for licensing information */ +/* $Id$ */ +const char policies_c_id[] = \ + "$Id$"; + +/** + * \file policies.c + * \brief Code to parse and use address policies and exit policies. + **/ + +#include "or.h" + +static int expand_exit_policy_aliases(smartlist_t *entries, int assume_action); + +static addr_policy_t *socks_policy = NULL; +static addr_policy_t *dir_policy = NULL; +static addr_policy_t *authdir_reject_policy = NULL; +static addr_policy_t *authdir_invalid_policy = NULL; + +/** Parsed addr_policy_t describing which addresses we believe we can start + * circuits at. */ +static addr_policy_t *reachable_or_addr_policy = NULL; +/** Parsed addr_policy_t describing which addresses we believe we can connect + * to directories at. */ +static addr_policy_t *reachable_dir_addr_policy = NULL; + +/** + * Given a linked list of config lines containing "allow" and "deny" + * tokens, parse them and append the result to <b>dest</b>. Return -1 + * if any tokens are malformed, else return 0. + */ +static int +parse_addr_policy(config_line_t *cfg, addr_policy_t **dest, + int assume_action) +{ + addr_policy_t **nextp; + smartlist_t *entries; + int r = 0; + + if (!cfg) + return 0; + + nextp = dest; + + while (*nextp) + nextp = &((*nextp)->next); + + entries = smartlist_create(); + for (; cfg; cfg = cfg->next) { + smartlist_split_string(entries, cfg->value, ",", + SPLIT_SKIP_SPACE|SPLIT_IGNORE_BLANK, 0); + if (expand_exit_policy_aliases(entries,assume_action)<0) { + r = -1; + continue; + } + SMARTLIST_FOREACH(entries, const char *, ent, + { + log_debug(LD_CONFIG,"Adding new entry '%s'",ent); + *nextp = router_parse_addr_policy_from_string(ent, assume_action); + if (*nextp) { + if (addr_mask_get_bits((*nextp)->msk)<0) { + log_warn(LD_CONFIG, "Address policy element '%s' can't be expressed " + "as a bit prefix.", ent); + } + /* Advance nextp to the end of the policy. */ + while (*nextp) + nextp = &((*nextp)->next); + } else { + log_warn(LD_CONFIG,"Malformed policy '%s'.", ent); + r = -1; + } + }); + SMARTLIST_FOREACH(entries, char *, ent, tor_free(ent)); + smartlist_clear(entries); + } + smartlist_free(entries); + return r; +} + +/** Helper: parse the Reachable(Dir|OR)?Addresses fields into + * reachable_(or|dir)_addr_policy. */ +static void +parse_reachable_addresses(void) +{ + or_options_t *options = get_options(); + + if (options->ReachableDirAddresses && + options->ReachableORAddresses && + options->ReachableAddresses) { + log_warn(LD_CONFIG, + "Both ReachableDirAddresses and ReachableORAddresses are set. " + "ReachableAddresses setting will be ignored."); + } + addr_policy_free(reachable_or_addr_policy); + reachable_or_addr_policy = NULL; + if (!options->ReachableORAddresses && options->ReachableAddresses) + log_info(LD_CONFIG, + "Using ReachableAddresses as ReachableORAddresses."); + if (parse_addr_policy(options->ReachableORAddresses ? + options->ReachableORAddresses : + options->ReachableAddresses, + &reachable_or_addr_policy, ADDR_POLICY_ACCEPT)) { + log_warn(LD_CONFIG, + "Error parsing Reachable%sAddresses entry; ignoring.", + options->ReachableORAddresses ? "OR" : ""); + } + + addr_policy_free(reachable_dir_addr_policy); + reachable_dir_addr_policy = NULL; + if (!options->ReachableDirAddresses && options->ReachableAddresses) + log_info(LD_CONFIG, + "Using ReachableAddresses as ReachableDirAddresses"); + if (parse_addr_policy(options->ReachableDirAddresses ? + options->ReachableDirAddresses : + options->ReachableAddresses, + &reachable_dir_addr_policy, ADDR_POLICY_ACCEPT)) { + if (options->ReachableDirAddresses) + log_warn(LD_CONFIG, + "Error parsing ReachableDirAddresses entry; ignoring."); + } +} + +/** Return true iff the firewall options might block any address:port + * combination. + */ +int +firewall_is_fascist_or(void) +{ + return !!reachable_or_addr_policy; +} + +/** Return true iff <b>policy</b> (possibly NULL) will allow a + * connection to <b>addr</b>:<b>port</b>. + */ +static int +addr_policy_permits_address(uint32_t addr, uint16_t port, + addr_policy_t *policy) +{ + addr_policy_result_t p; + p = compare_addr_to_addr_policy(addr, port, policy); + switch (p) { + case ADDR_POLICY_PROBABLY_ACCEPTED: + case ADDR_POLICY_ACCEPTED: + return 1; + case ADDR_POLICY_PROBABLY_REJECTED: + case ADDR_POLICY_REJECTED: + return 0; + default: + log_warn(LD_BUG, "Unexpected result: %d", (int)p); + return 0; + } +} + +int +fascist_firewall_allows_address_or(uint32_t addr, uint16_t port) +{ + return addr_policy_permits_address(addr, port, + reachable_or_addr_policy); +} + +int +fascist_firewall_allows_address_dir(uint32_t addr, uint16_t port) +{ + return addr_policy_permits_address(addr, port, + reachable_dir_addr_policy); +} + +/** Return 1 if <b>addr</b> is permitted to connect to our dir port, + * based on <b>dir_policy</b>. Else return 0. + */ +int +dir_policy_permits_address(uint32_t addr) +{ + return addr_policy_permits_address(addr, 1, dir_policy); +} + +/** Return 1 if <b>addr</b> is permitted to connect to our socks port, + * based on <b>socks_policy</b>. Else return 0. + */ +int +socks_policy_permits_address(uint32_t addr) +{ + return addr_policy_permits_address(addr, 1, socks_policy); +} + +/** Return 1 if <b>addr</b>:<b>port</b> is permitted to publish to our + * directory, based on <b>authdir_reject_policy</b>. Else return 0. + */ +int +authdir_policy_permits_address(uint32_t addr, uint16_t port) +{ + return addr_policy_permits_address(addr, port, authdir_reject_policy); +} + +/** Return 1 if <b>addr</b>:<b>port</b> is considered valid in our + * directory, based on <b>authdir_invalid_policy</b>. Else return 0. + */ +int +authdir_policy_valid_address(uint32_t addr, uint16_t port) +{ + return addr_policy_permits_address(addr, port, authdir_invalid_policy); +} + +#define REJECT(arg) \ + do { *msg = tor_strdup(arg); goto err; } while (0) +int +validate_addr_policies(or_options_t *options, char **msg) +{ + addr_policy_t *addr_policy=NULL; + *msg = NULL; + + if (policies_parse_exit_policy(options->ExitPolicy, &addr_policy, + options->ExitPolicyRejectPrivate)) + REJECT("Error in ExitPolicy entry."); + + /* The rest of these calls *append* to addr_policy. So don't actually + * use the results for anything other than checking if they parse! */ + if (parse_addr_policy(options->DirPolicy, &addr_policy, -1)) + REJECT("Error in DirPolicy entry."); + if (parse_addr_policy(options->SocksPolicy, &addr_policy, -1)) + REJECT("Error in SocksPolicy entry."); + if (parse_addr_policy(options->ReachableAddresses, &addr_policy, + ADDR_POLICY_ACCEPT)) + REJECT("Error in ReachableAddresses entry."); + if (parse_addr_policy(options->ReachableORAddresses, &addr_policy, + ADDR_POLICY_ACCEPT)) + REJECT("Error in ReachableORAddresses entry."); + if (parse_addr_policy(options->ReachableDirAddresses, &addr_policy, + ADDR_POLICY_ACCEPT)) + REJECT("Error in ReachableDirAddresses entry."); + if (parse_addr_policy(options->AuthDirReject, &addr_policy, + ADDR_POLICY_REJECT)) + REJECT("Error in AuthDirReject entry."); + if (parse_addr_policy(options->AuthDirInvalid, &addr_policy, + ADDR_POLICY_REJECT)) + REJECT("Error in AuthDirInvalid entry."); + +err: + addr_policy_free(addr_policy); + return *msg ? -1 : 0; +#undef REJECT +} + +/* Parse <b>string</b> in the same way that the exit policy + * is parsed, and put the processed version in *<b>policy</b>. + * Ignore port specifiers. + */ +static void +load_policy_from_option(config_line_t *config, addr_policy_t **policy, + int assume_action) +{ + addr_policy_t *n; + addr_policy_free(*policy); + *policy = NULL; + parse_addr_policy(config, policy, assume_action); + /* ports aren't used. */ + for (n=*policy; n; n = n->next) { + n->prt_min = 1; + n->prt_max = 65535; + } +} + +void policies_parse_from_options(or_options_t *options) +{ + load_policy_from_option(options->SocksPolicy, &socks_policy, -1); + load_policy_from_option(options->DirPolicy, &dir_policy, -1); + load_policy_from_option(options->AuthDirReject, + &authdir_reject_policy, ADDR_POLICY_REJECT); + load_policy_from_option(options->AuthDirInvalid, + &authdir_invalid_policy, ADDR_POLICY_REJECT); + parse_reachable_addresses(); +} + + +/** Compare two provided address policy items, and return -1, 0, or 1 + * if the first is less than, equal to, or greater than the second. */ +static int +cmp_single_addr_policy(addr_policy_t *a, addr_policy_t *b) +{ + int r; + if ((r=((int)a->policy_type - (int)b->policy_type))) + return r; + if ((r=((int)a->addr - (int)b->addr))) + return r; + if ((r=((int)a->msk - (int)b->msk))) + return r; + if ((r=((int)a->prt_min - (int)b->prt_min))) + return r; + if ((r=((int)a->prt_max - (int)b->prt_max))) + return r; + return 0; +} + +/** Like cmp_single_addr_policy() above, but looks at the + * whole set of policies in each case. */ +int +cmp_addr_policies(addr_policy_t *a, addr_policy_t *b) +{ + int r; + while (a && b) { + if ((r=cmp_single_addr_policy(a,b))) + return r; + a = a->next; + b = b->next; + } + if (!a && !b) + return 0; + if (a) + return -1; + else + return 1; +} + +/** Decide whether a given addr:port is definitely accepted, + * definitely rejected, probably accepted, or probably rejected by a + * given policy. If <b>addr</b> is 0, we don't know the IP of the + * target address. If <b>port</b> is 0, we don't know the port of the + * target address. + * + * For now, the algorithm is pretty simple: we look for definite and + * uncertain matches. The first definite match is what we guess; if + * it was preceded by no uncertain matches of the opposite policy, + * then the guess is definite; otherwise it is probable. (If we + * have a known addr and port, all matches are definite; if we have an + * unknown addr/port, any address/port ranges other than "all" are + * uncertain.) + * + * We could do better by assuming that some ranges never match typical + * addresses (127.0.0.1, and so on). But we'll try this for now. + */ +addr_policy_result_t +compare_addr_to_addr_policy(uint32_t addr, uint16_t port, + addr_policy_t *policy) +{ + int maybe_reject = 0; + int maybe_accept = 0; + int match = 0; + int maybe = 0; + addr_policy_t *tmpe; + + for (tmpe=policy; tmpe; tmpe=tmpe->next) { + maybe = 0; + if (!addr) { + /* Address is unknown. */ + if ((port >= tmpe->prt_min && port <= tmpe->prt_max) || + (!port && tmpe->prt_min<=1 && tmpe->prt_max>=65535)) { + /* The port definitely matches. */ + if (tmpe->msk == 0) { + match = 1; + } else { + maybe = 1; + } + } else if (!port) { + /* The port maybe matches. */ + maybe = 1; + } + } else { + /* Address is known */ + if ((addr & tmpe->msk) == (tmpe->addr & tmpe->msk)) { + if (port >= tmpe->prt_min && port <= tmpe->prt_max) { + /* Exact match for the policy */ + match = 1; + } else if (!port) { + maybe = 1; + } + } + } + if (maybe) { + if (tmpe->policy_type == ADDR_POLICY_REJECT) + maybe_reject = 1; + else + maybe_accept = 1; + } + if (match) { + if (tmpe->policy_type == ADDR_POLICY_ACCEPT) { + /* If we already hit a clause that might trigger a 'reject', than we + * can't be sure of this certain 'accept'.*/ + return maybe_reject ? ADDR_POLICY_PROBABLY_ACCEPTED : + ADDR_POLICY_ACCEPTED; + } else { + return maybe_accept ? ADDR_POLICY_PROBABLY_REJECTED : + ADDR_POLICY_REJECTED; + } + } + } + /* accept all by default. */ + return maybe_reject ? ADDR_POLICY_PROBABLY_ACCEPTED : ADDR_POLICY_ACCEPTED; +} + +/** Return true iff the address policy <b>a</b> covers every case that + * would be covered by <b>b</b>, so that a,b is redundant. */ +static int +addr_policy_covers(addr_policy_t *a, addr_policy_t *b) +{ + /* We can ignore accept/reject, since "accept *:80, reject *:80" reduces + * to "accept *:80". */ + if (a->msk & ~b->msk) { + /* There's a wildcard bit in b->msk that's not a wildcard in a. */ + return 0; + } + if ((a->addr & a->msk) != (b->addr & a->msk)) { + /* There's a fixed bit in a that's set differently in b. */ + return 0; + } + return (a->prt_min <= b->prt_min && a->prt_max >= b->prt_max); +} + +/** Return true iff the address policies <b>a</b> and <b>b</b> intersect, + * that is, there exists an address/port that is covered by <b>a</b> that + * is also covered by <b>b</b>. + */ +static int +addr_policy_intersects(addr_policy_t *a, addr_policy_t *b) +{ + /* All the bits we care about are those that are set in both + * netmasks. If they are equal in a and b's networkaddresses + * then the networks intersect. If there is a difference, + * then they do not. */ + if (((a->addr ^ b->addr) & a->msk & b->msk) != 0) + return 0; + if (a->prt_max < b->prt_min || b->prt_max < a->prt_min) + return 0; + return 1; +} + +/** Add the exit policy described by <b>more</b> to <b>policy</b>. + */ +static void +append_exit_policy_string(addr_policy_t **policy, const char *more) +{ + config_line_t tmp; + + tmp.key = NULL; + tmp.value = (char*) more; + tmp.next = NULL; + parse_addr_policy(&tmp, policy, -1); +} + +static int +expand_exit_policy_aliases(smartlist_t *entries, int assume_action) +{ + static const char *prefixes[] = { + "0.0.0.0/8", "169.254.0.0/16", + "127.0.0.0/8", "192.168.0.0/16", "10.0.0.0/8", "172.16.0.0/12",NULL }; + int i; + char *pre=NULL, *post=NULL; + int expanded_any = 0; + pre = smartlist_join_strings(entries,",",0,NULL); + for (i = 0; i < smartlist_len(entries); ++i) { + char *v = smartlist_get(entries, i); + const char *cp, *ports; + const char *action; + int prefix_idx; + if (!strcasecmpstart(v, "accept")) { + action = "accept "; + cp = v+strlen("accept"); + } else if (!strcasecmpstart(v, "reject")) { + action = "reject "; + cp = v+strlen("reject"); + } else if (assume_action >= 0) { + action = ""; + cp = v; + } else { + log_warn(LD_CONFIG,"Policy '%s' didn't start with accept or reject.", v); + tor_free(pre); + return -1; + } + cp = eat_whitespace(cp); + if (strcmpstart(cp, "private")) + continue; /* No need to expand. */ + cp += strlen("private"); + cp = eat_whitespace(cp); + if (*cp && *cp != ':') + continue; /* It wasn't "private" after all. */ + ports = cp; + /* Okay. We're going to replace entries[i] with a bunch of new entries, + * in order. */ + smartlist_del_keeporder(entries, i); + for (prefix_idx = 0; prefixes[prefix_idx]; ++prefix_idx) { + size_t replacement_len = 16+strlen(prefixes[prefix_idx])+strlen(ports); + char *replacement = tor_malloc(replacement_len); + tor_snprintf(replacement, replacement_len, "%s%s%s", + action, prefixes[prefix_idx], ports); + smartlist_insert(entries, i++, replacement); + } + tor_free(v); + expanded_any = 1; + --i; + } + post = smartlist_join_strings(entries,",",0,NULL); + if (expanded_any) + log_info(LD_CONFIG, "Expanded '%s' to '%s'", pre, post); + tor_free(pre); + tor_free(post); + return expanded_any; +} + +/** Detect and excise "dead code" from the policy *<b>dest</b>. */ +static void +exit_policy_remove_redundancies(addr_policy_t **dest) +{ + addr_policy_t *ap, *tmp, *victim, *previous; + + /* Step one: find a *:* entry and cut off everything after it. */ + for (ap=*dest; ap; ap=ap->next) { + if (ap->msk == 0 && ap->prt_min <= 1 && ap->prt_max >= 65535) { + /* This is a catch-all line -- later lines are unreachable. */ + if (ap->next) { + addr_policy_free(ap->next); + ap->next = NULL; + } + } + } + + /* Step two: for every entry, see if there's a redundant entry + * later on, and remove it. */ + for (ap=*dest; ap; ap=ap->next) { + tmp=ap; + while (tmp) { + if (tmp->next && addr_policy_covers(ap, tmp->next)) { + log(LOG_INFO, LD_CONFIG, "Removing exit policy %s. It is made " + "redundant by %s.", tmp->next->string, ap->string); + victim = tmp->next; + tmp->next = victim->next; + victim->next = NULL; + addr_policy_free(victim); + } else { + tmp=tmp->next; + } + } + } + + /* Step three: for every entry A, see if there's an entry B making this one + * redundant later on. This is the case if A and B are of the same type + * (accept/reject), A is a subset of B, and there is no other entry of + * different type in between those two that intersects with A. + * + * Anybody want to doublecheck the logic here? XXX + */ + ap = *dest; + previous = NULL; + while (ap) { + for (tmp=ap->next; tmp; tmp=tmp->next) { + if (ap->policy_type != tmp->policy_type && + addr_policy_intersects(ap, tmp)) { + tmp = NULL; /* so that we advance previous and ap */ + break; + } + if (ap->policy_type == tmp->policy_type && + addr_policy_covers(tmp, ap)) { + log(LOG_INFO, LD_CONFIG, "Removing exit policy %s. It is made " + "redundant by %s.", ap->string, tmp->string); + victim = ap; + ap = ap->next; + + if (previous) { + assert(previous->next == victim); + previous->next = victim->next; + } else { + assert(*dest == victim); + *dest = victim->next; + } + + victim->next = NULL; + addr_policy_free(victim); + break; + } + } + if (!tmp) { + previous = ap; + ap = ap->next; + } + } +} + +#define DEFAULT_EXIT_POLICY \ + "reject *:25,reject *:119,reject *:135-139,reject *:445," \ + "reject *:465,reject *:587,reject *:1214,reject *:4661-4666," \ + "reject *:6346-6429,reject *:6699,reject *:6881-6999,accept *:*" + +/** Parse the exit policy <b>cfg</b> into the linked list *<b>dest</b>. If + * cfg doesn't end in an absolute accept or reject, add the default exit + * policy afterwards. If <b>rejectprivate</b> is true, prepend + * "reject private:*" to the policy. Return -1 if we can't parse cfg, + * else return 0. + * + */ +int +policies_parse_exit_policy(config_line_t *cfg, addr_policy_t **dest, + int rejectprivate) +{ + if (rejectprivate) + append_exit_policy_string(dest, "reject private:*"); + if (parse_addr_policy(cfg, dest, -1)) + return -1; + append_exit_policy_string(dest, DEFAULT_EXIT_POLICY); + + exit_policy_remove_redundancies(dest); + return 0; +} + +/** Return true iff <b>ri</b> is "useful as an exit node", meaning + * it allows exit to at least one /8 address space for at least + * one of ports 80, 443, and 6667. */ +int +exit_policy_is_general_exit(addr_policy_t *policy) +{ + static const int ports[] = { 80, 443, 6667 }; + int n_allowed = 0; + int i; + for (i = 0; i < 3; ++i) { + struct addr_policy_t *p = policy; + for ( ; p; p = p->next) { + if (p->prt_min > ports[i] || p->prt_max < ports[i]) + continue; /* Doesn't cover our port. */ + if ((p->msk & 0x00fffffful) != 0) + continue; /* Narrower than a /8. */ + if ((p->addr & 0xff000000ul) == 0x7f000000ul) + continue; /* 127.x */ + /* We have a match that is at least a /8. */ + if (p->policy_type == ADDR_POLICY_ACCEPT) + ++n_allowed; + break; + } + } + return n_allowed > 0; +} + +/** Release all storage held by <b>p</b> */ +void +addr_policy_free(addr_policy_t *p) +{ + addr_policy_t *e; + + while (p) { + e = p; + p = p->next; + tor_free(e->string); + tor_free(e); + } +} + +void +policies_free_all(void) +{ + addr_policy_free(reachable_or_addr_policy); + reachable_or_addr_policy = NULL; + addr_policy_free(reachable_dir_addr_policy); + reachable_dir_addr_policy = NULL; + addr_policy_free(socks_policy); + socks_policy = NULL; + addr_policy_free(dir_policy); + dir_policy = NULL; + addr_policy_free(authdir_reject_policy); + authdir_reject_policy = NULL; + addr_policy_free(authdir_invalid_policy); + authdir_invalid_policy = NULL; +} + diff --git a/src/or/router.c b/src/or/router.c index 83adc82ace..f1d469e9fd 100644 --- a/src/or/router.c +++ b/src/or/router.c @@ -722,7 +722,7 @@ router_compare_to_my_exit_policy(connection_t *conn) if (!conn->addr) return -1; - return router_compare_addr_to_addr_policy(conn->addr, conn->port, + return compare_addr_to_addr_policy(conn->addr, conn->port, desc_routerinfo->exit_policy) != ADDR_POLICY_ACCEPTED; } @@ -835,8 +835,8 @@ router_rebuild_descriptor(int force) if (options->BandwidthRate > options->MaxAdvertisedBandwidth) ri->bandwidthrate = (int)options->MaxAdvertisedBandwidth; - config_parse_exit_policy(options->ExitPolicy, &ri->exit_policy, - options->ExitPolicyRejectPrivate); + policies_parse_exit_policy(options->ExitPolicy, &ri->exit_policy, + options->ExitPolicyRejectPrivate); if (desc_routerinfo) { /* inherit values */ ri->is_valid = desc_routerinfo->is_valid; diff --git a/src/or/routerlist.c b/src/or/routerlist.c index b6264ce5f2..faed67b62f 100644 --- a/src/or/routerlist.c +++ b/src/or/routerlist.c @@ -707,7 +707,7 @@ router_find_exact_exit_enclave(const char *address, uint16_t port) { if (router->is_running && router->addr == addr && - router_compare_addr_to_addr_policy(addr, port, router->exit_policy) == + compare_addr_to_addr_policy(addr, port, router->exit_policy) == ADDR_POLICY_ACCEPTED) return router; }); @@ -2403,82 +2403,6 @@ update_networkstatus_downloads(time_t now) update_networkstatus_client_downloads(time(NULL)); } -/** Decide whether a given addr:port is definitely accepted, - * definitely rejected, probably accepted, or probably rejected by a - * given policy. If <b>addr</b> is 0, we don't know the IP of the - * target address. If <b>port</b> is 0, we don't know the port of the - * target address. - * - * For now, the algorithm is pretty simple: we look for definite and - * uncertain matches. The first definite match is what we guess; if - * it was preceded by no uncertain matches of the opposite policy, - * then the guess is definite; otherwise it is probable. (If we - * have a known addr and port, all matches are definite; if we have an - * unknown addr/port, any address/port ranges other than "all" are - * uncertain.) - * - * We could do better by assuming that some ranges never match typical - * addresses (127.0.0.1, and so on). But we'll try this for now. - */ -addr_policy_result_t -router_compare_addr_to_addr_policy(uint32_t addr, uint16_t port, - addr_policy_t *policy) -{ - int maybe_reject = 0; - int maybe_accept = 0; - int match = 0; - int maybe = 0; - addr_policy_t *tmpe; - - for (tmpe=policy; tmpe; tmpe=tmpe->next) { - maybe = 0; - if (!addr) { - /* Address is unknown. */ - if ((port >= tmpe->prt_min && port <= tmpe->prt_max) || - (!port && tmpe->prt_min<=1 && tmpe->prt_max>=65535)) { - /* The port definitely matches. */ - if (tmpe->msk == 0) { - match = 1; - } else { - maybe = 1; - } - } else if (!port) { - /* The port maybe matches. */ - maybe = 1; - } - } else { - /* Address is known */ - if ((addr & tmpe->msk) == (tmpe->addr & tmpe->msk)) { - if (port >= tmpe->prt_min && port <= tmpe->prt_max) { - /* Exact match for the policy */ - match = 1; - } else if (!port) { - maybe = 1; - } - } - } - if (maybe) { - if (tmpe->policy_type == ADDR_POLICY_REJECT) - maybe_reject = 1; - else - maybe_accept = 1; - } - if (match) { - if (tmpe->policy_type == ADDR_POLICY_ACCEPT) { - /* If we already hit a clause that might trigger a 'reject', than we - * can't be sure of this certain 'accept'.*/ - return maybe_reject ? ADDR_POLICY_PROBABLY_ACCEPTED : - ADDR_POLICY_ACCEPTED; - } else { - return maybe_accept ? ADDR_POLICY_PROBABLY_REJECTED : - ADDR_POLICY_REJECTED; - } - } - } - /* accept all by default. */ - return maybe_reject ? ADDR_POLICY_PROBABLY_ACCEPTED : ADDR_POLICY_ACCEPTED; -} - /** Return 1 if all running sufficiently-stable routers will reject * addr:port, return 0 if any might accept it. */ int @@ -2492,7 +2416,7 @@ router_exit_policy_all_routers_reject(uint32_t addr, uint16_t port, { if (router->is_running && !router_is_unreliable(router, need_uptime, 0, 0)) { - r = router_compare_addr_to_addr_policy(addr, port, router->exit_policy); + r = compare_addr_to_addr_policy(addr, port, router->exit_policy); if (r != ADDR_POLICY_REJECTED && r != ADDR_POLICY_PROBABLY_REJECTED) return 0; /* this one could be ok. good enough. */ } @@ -2505,7 +2429,7 @@ router_exit_policy_all_routers_reject(uint32_t addr, uint16_t port, int router_exit_policy_rejects_all(routerinfo_t *router) { - return router_compare_addr_to_addr_policy(0, 0, router->exit_policy) + return compare_addr_to_addr_policy(0, 0, router->exit_policy) == ADDR_POLICY_REJECTED; } @@ -3691,7 +3615,7 @@ router_differences_are_cosmetic(routerinfo_t *r1, routerinfo_t *r2) (r1->contact_info && r2->contact_info && strcasecmp(r1->contact_info, r2->contact_info)) || r1->is_hibernating != r2->is_hibernating || - config_cmp_addr_policies(r1->exit_policy, r2->exit_policy)) + cmp_addr_policies(r1->exit_policy, r2->exit_policy)) return 0; if ((r1->declared_family == NULL) != (r2->declared_family == NULL)) return 0; diff --git a/src/or/routerparse.c b/src/or/routerparse.c index e180e2cc27..1ee0594a73 100644 --- a/src/or/routerparse.c +++ b/src/or/routerparse.c @@ -1258,7 +1258,7 @@ networkstatus_parse_from_string(const char *s) return ns; } -/** Parse the exit policy in the string <b>s</b> and return it. If +/** Parse the addr policy in the string <b>s</b> and return it. If * assume_action is nonnegative, then insert its action (ADDR_POLICY_ACCEPT or * ADDR_POLICY_REJECT) for items that specify no action. */ @@ -1290,7 +1290,7 @@ router_parse_addr_policy_from_string(const char *s, int assume_action) } tok = get_next_token(&cp, RTR); if (tok->tp == _ERR) { - log_warn(LD_DIR, "Error reading exit policy: %s", tok->error); + log_warn(LD_DIR, "Error reading address policy: %s", tok->error); goto err; } if (tok->tp != K_ACCEPT && tok->tp != K_REJECT) { @@ -1298,7 +1298,7 @@ router_parse_addr_policy_from_string(const char *s, int assume_action) goto err; } - /* Now that we've gotten an exit policy, add it to the router. */ + /* Now that we've gotten an addr policy, add it to the router. */ r = router_parse_addr_policy(tok); goto done; err: diff --git a/src/or/test.c b/src/or/test.c index 1fe62cdc96..6cb6c8d375 100644 --- a/src/or/test.c +++ b/src/or/test.c @@ -1453,11 +1453,11 @@ test_exit_policies(void) // test_assert(exit_policy_implicitly_allows_local_networks(policy, 0)); test_assert(ADDR_POLICY_ACCEPTED == - router_compare_addr_to_addr_policy(0x01020304u, 2, policy)); + compare_addr_to_addr_policy(0x01020304u, 2, policy)); test_assert(ADDR_POLICY_PROBABLY_ACCEPTED == - router_compare_addr_to_addr_policy(0, 2, policy)); + compare_addr_to_addr_policy(0, 2, policy)); test_assert(ADDR_POLICY_REJECTED == - router_compare_addr_to_addr_policy(0xc0a80102, 2, policy)); + compare_addr_to_addr_policy(0xc0a80102, 2, policy)); addr_policy_free(policy); |