diff options
author | trinity-1686a <trinity@deuxfleurs.fr> | 2023-07-29 22:37:18 +0200 |
---|---|---|
committer | trinity-1686a <trinity@deuxfleurs.fr> | 2023-07-29 23:15:27 +0200 |
commit | 9de1d14c1c14d79d8d3cfa79ac60ff813e90c8e8 (patch) | |
tree | 1bc80b5ee7ff90d824264a3ec401a19225b336f1 | |
parent | 8226148bf191462fca4fad862116ee34aa5bab6d (diff) | |
download | tor-9de1d14c1c14d79d8d3cfa79ac60ff813e90c8e8.tar.gz tor-9de1d14c1c14d79d8d3cfa79ac60ff813e90c8e8.zip |
add config ReevaluateExitPolicy
-rw-r--r-- | doc/man/tor.1.txt | 10 | ||||
-rw-r--r-- | src/app/config/config.c | 1 | ||||
-rw-r--r-- | src/app/config/or_options_st.h | 2 | ||||
-rw-r--r-- | src/config/torrc.sample.in | 4 | ||||
-rw-r--r-- | src/core/or/connection_edge.c | 4 |
5 files changed, 19 insertions, 2 deletions
diff --git a/doc/man/tor.1.txt b/doc/man/tor.1.txt index 1589809b1a..248c0b7896 100644 --- a/doc/man/tor.1.txt +++ b/doc/man/tor.1.txt @@ -2385,6 +2385,16 @@ is non-zero): policy options are set, Tor behaves as if ExitRelay were set to 0. (Default: auto) +[[ReevaluateExitPolicy]] **ReevaluateExitPolicy** **0**|**1**:: + If set, reevaluate the exit policy on existing connections when reloading + configuration. + + + + When the exit policy of an exit node change while reloading configuration, + connections made prior to this change could violate the new policy. By + setting this to 1, Tor will check if such connections exist, and mark them + for termination. + (Default: 0) + [[ExtendAllowPrivateAddresses]] **ExtendAllowPrivateAddresses** **0**|**1**:: When this option is enabled, Tor will connect to relays on localhost, RFC1918 addresses, and so on. In particular, Tor will make direct OR diff --git a/src/app/config/config.c b/src/app/config/config.c index 60565d15c4..ae7f6203ce 100644 --- a/src/app/config/config.c +++ b/src/app/config/config.c @@ -637,6 +637,7 @@ static const config_var_t option_vars_[] = { V(RephistTrackTime, INTERVAL, "24 hours"), V_IMMUTABLE(RunAsDaemon, BOOL, "0"), V(ReducedExitPolicy, BOOL, "0"), + V(ReevaluateExitPolicy, BOOL, "0"), OBSOLETE("RunTesting"), // currently unused V_IMMUTABLE(Sandbox, BOOL, "0"), V(SafeLogging, STRING, "1"), diff --git a/src/app/config/or_options_st.h b/src/app/config/or_options_st.h index 36b00662b5..624dc61bc5 100644 --- a/src/app/config/or_options_st.h +++ b/src/app/config/or_options_st.h @@ -141,6 +141,8 @@ struct or_options_t { * Includes OutboundBindAddresses and * configured ports. */ int ReducedExitPolicy; /**<Should we use the Reduced Exit Policy? */ + int ReevaluateExitPolicy; /**<Should we re-evaluate Exit Policy on existing + * connections when it changes? */ struct config_line_t *SocksPolicy; /**< Lists of socks policy components */ struct config_line_t *DirPolicy; /**< Lists of dir policy components */ /** Local address to bind outbound sockets */ diff --git a/src/config/torrc.sample.in b/src/config/torrc.sample.in index 639d7c4d68..97ff941459 100644 --- a/src/config/torrc.sample.in +++ b/src/config/torrc.sample.in @@ -225,6 +225,10 @@ #ExitPolicy accept6 *6:119 # accept nntp ports on IPv6 only as well as default exit policy #ExitPolicy reject *:* # no exits allowed +## Uncomment this if you want your exit relay to reevaluate its exit policy on +## existing connections when the exit policy is modified. +#ReevaluateExitPolicy 1 + ## Bridge relays (or "bridges") are Tor relays that aren't listed in the ## main directory. Since there is no complete public list of them, even an ## ISP that filters connections to all the known Tor relays probably diff --git a/src/core/or/connection_edge.c b/src/core/or/connection_edge.c index f7cc1d7a98..9466446ab1 100644 --- a/src/core/or/connection_edge.c +++ b/src/core/or/connection_edge.c @@ -4250,8 +4250,7 @@ connection_reapply_exit_policy(config_line_t *changes) smartlist_t *policy = NULL; int config_change_relevant = 0; - /* TODO if (get_options()->ReevaluateExitPolicy == 1) {*/ - if (false) { + if (get_options()->ReevaluateExitPolicy == 0) { return; } @@ -4262,6 +4261,7 @@ connection_reapply_exit_policy(config_line_t *changes) "ExitRelay", "ExitPolicy", "ReducedExitPolicy", + "ReevaluateExitPolicy", "IPv6Exit", NULL }; |