Move literally everything out of src/or

This commit won't build yet -- it just puts everything in a slightly
more logical place.

The reasoning here is that "src/core" will hold the stuff that every (or
nearly every) tor instance will need in order to do onion routing.
Other features (including some necessary ones) will live in
"src/feature".  The "src/app" directory will hold the stuff needed
to have Tor be an application you can actually run.

This commit DOES NOT refactor the former contents of src/or into a
logical set of acyclic libraries, or change any code at all.  That
will have to come in the future.

We will continue to move things around and split them in the future,
but I hope this lays a reasonable groundwork for doing so.

1 files changed, 187 insertions, 0 deletions

diff --git a/src/core/or/policies.h b/src/core/or/policies.h
new file mode 100644
index 0000000000..7da3ba031f
--- /dev/null
+++ b/src/core/or/policies.h
@@ -0,0 +1,187 @@
+/* Copyright (c) 2001 Matej Pfajfar.
+ * Copyright (c) 2001-2004, Roger Dingledine.
+ * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson.
+ * Copyright (c) 2007-2018, The Tor Project, Inc. */
+/* See LICENSE for licensing information */
+
+/**
+ * \file policies.h
+ * \brief Header file for policies.c.
+ **/
+
+#ifndef TOR_POLICIES_H
+#define TOR_POLICIES_H
+
+/* (length of
+ * "accept6 [ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff]/128:65535-65535\n"
+ * plus a terminating NUL, rounded up to a nice number.)
+ */
+#define POLICY_BUF_LEN 72
+
+#define EXIT_POLICY_IPV6_ENABLED             (1 << 0)
+#define EXIT_POLICY_REJECT_PRIVATE           (1 << 1)
+#define EXIT_POLICY_ADD_DEFAULT              (1 << 2)
+#define EXIT_POLICY_REJECT_LOCAL_INTERFACES  (1 << 3)
+#define EXIT_POLICY_ADD_REDUCED              (1 << 4)
+#define EXIT_POLICY_OPTION_MAX             EXIT_POLICY_ADD_REDUCED
+/* All options set: used for unit testing */
+#define EXIT_POLICY_OPTION_ALL             ((EXIT_POLICY_OPTION_MAX << 1) - 1)
+
+typedef enum firewall_connection_t {
+  FIREWALL_OR_CONNECTION      = 0,
+  FIREWALL_DIR_CONNECTION     = 1
+} firewall_connection_t;
+
+typedef int exit_policy_parser_cfg_t;
+
+/** Outcome of applying an address policy to an address. */
+typedef enum {
+  /** The address was accepted */
+  ADDR_POLICY_ACCEPTED=0,
+  /** The address was rejected */
+  ADDR_POLICY_REJECTED=-1,
+  /** Part of the address was unknown, but as far as we can tell, it was
+   * accepted. */
+  ADDR_POLICY_PROBABLY_ACCEPTED=1,
+  /** Part of the address was unknown, but as far as we can tell, it was
+   * rejected. */
+  ADDR_POLICY_PROBABLY_REJECTED=2,
+} addr_policy_result_t;
+
+/** A single entry in a parsed policy summary, describing a range of ports. */
+typedef struct short_policy_entry_t {
+  uint16_t min_port, max_port;
+} short_policy_entry_t;
+
+/** A short_poliy_t is the parsed version of a policy summary. */
+typedef struct short_policy_t {
+  /** True if the members of 'entries' are port ranges to accept; false if
+   * they are port ranges to reject */
+  unsigned int is_accept : 1;
+  /** The actual number of values in 'entries'. */
+  unsigned int n_entries : 31;
+  /** An array of 0 or more short_policy_entry_t values, each describing a
+   * range of ports that this policy accepts or rejects (depending on the
+   * value of is_accept).
+   */
+  short_policy_entry_t entries[FLEXIBLE_ARRAY_MEMBER];
+} short_policy_t;
+
+int firewall_is_fascist_or(void);
+int firewall_is_fascist_dir(void);
+int fascist_firewall_use_ipv6(const or_options_t *options);
+int fascist_firewall_prefer_ipv6_orport(const or_options_t *options);
+int fascist_firewall_prefer_ipv6_dirport(const or_options_t *options);
+
+int fascist_firewall_allows_address_addr(const tor_addr_t *addr,
+                                         uint16_t port,
+                                         firewall_connection_t fw_connection,
+                                         int pref_only, int pref_ipv6);
+
+int fascist_firewall_allows_rs(const routerstatus_t *rs,
+                               firewall_connection_t fw_connection,
+                               int pref_only);
+int fascist_firewall_allows_node(const node_t *node,
+                                 firewall_connection_t fw_connection,
+                                 int pref_only);
+int fascist_firewall_allows_dir_server(const dir_server_t *ds,
+                                       firewall_connection_t fw_connection,
+                                       int pref_only);
+
+void fascist_firewall_choose_address_rs(const routerstatus_t *rs,
+                                        firewall_connection_t fw_connection,
+                                        int pref_only, tor_addr_port_t* ap);
+void fascist_firewall_choose_address_node(const node_t *node,
+                                          firewall_connection_t fw_connection,
+                                          int pref_only, tor_addr_port_t* ap);
+void fascist_firewall_choose_address_dir_server(const dir_server_t *ds,
+                                          firewall_connection_t fw_connection,
+                                          int pref_only, tor_addr_port_t* ap);
+
+int dir_policy_permits_address(const tor_addr_t *addr);
+int socks_policy_permits_address(const tor_addr_t *addr);
+int authdir_policy_permits_address(uint32_t addr, uint16_t port);
+int authdir_policy_valid_address(uint32_t addr, uint16_t port);
+int authdir_policy_badexit_address(uint32_t addr, uint16_t port);
+
+int validate_addr_policies(const or_options_t *options, char **msg);
+void policy_expand_private(smartlist_t **policy);
+void policy_expand_unspec(smartlist_t **policy);
+int policies_parse_from_options(const or_options_t *options);
+
+addr_policy_t *addr_policy_get_canonical_entry(addr_policy_t *ent);
+int addr_policies_eq(const smartlist_t *a, const smartlist_t *b);
+MOCK_DECL(addr_policy_result_t, compare_tor_addr_to_addr_policy,
+    (const tor_addr_t *addr, uint16_t port, const smartlist_t *policy));
+addr_policy_result_t compare_tor_addr_to_node_policy(const tor_addr_t *addr,
+                              uint16_t port, const node_t *node);
+
+int policies_parse_exit_policy_from_options(
+                                          const or_options_t *or_options,
+                                          uint32_t local_address,
+                                          const tor_addr_t *ipv6_local_address,
+                                          smartlist_t **result);
+struct config_line_t;
+int policies_parse_exit_policy(struct config_line_t *cfg, smartlist_t **dest,
+                               exit_policy_parser_cfg_t options,
+                               const smartlist_t *configured_addresses);
+void policies_parse_exit_policy_reject_private(
+                                      smartlist_t **dest,
+                                      int ipv6_exit,
+                                      const smartlist_t *configured_addresses,
+                                      int reject_interface_addresses,
+                                      int reject_configured_port_addresses);
+void policies_exit_policy_append_reject_star(smartlist_t **dest);
+void addr_policy_append_reject_addr(smartlist_t **dest,
+                                    const tor_addr_t *addr);
+void addr_policy_append_reject_addr_list(smartlist_t **dest,
+                                         const smartlist_t *addrs);
+void policies_set_node_exitpolicy_to_reject_all(node_t *exitrouter);
+int exit_policy_is_general_exit(smartlist_t *policy);
+int policy_is_reject_star(const smartlist_t *policy, sa_family_t family,
+                          int reject_by_default);
+char * policy_dump_to_string(const smartlist_t *policy_list,
+                             int include_ipv4,
+                             int include_ipv6);
+int getinfo_helper_policies(control_connection_t *conn,
+                            const char *question, char **answer,
+                            const char **errmsg);
+int policy_write_item(char *buf, size_t buflen, const addr_policy_t *item,
+                      int format_for_desc);
+
+void addr_policy_list_free_(smartlist_t *p);
+#define addr_policy_list_free(lst) \
+  FREE_AND_NULL(smartlist_t, addr_policy_list_free_, (lst))
+void addr_policy_free_(addr_policy_t *p);
+#define addr_policy_free(p) \
+  FREE_AND_NULL(addr_policy_t, addr_policy_free_, (p))
+void policies_free_all(void);
+
+char *policy_summarize(smartlist_t *policy, sa_family_t family);
+
+short_policy_t *parse_short_policy(const char *summary);
+char *write_short_policy(const short_policy_t *policy);
+void short_policy_free_(short_policy_t *policy);
+#define short_policy_free(p) \
+  FREE_AND_NULL(short_policy_t, short_policy_free_, (p))
+int short_policy_is_reject_star(const short_policy_t *policy);
+addr_policy_result_t compare_tor_addr_to_short_policy(
+                          const tor_addr_t *addr, uint16_t port,
+                          const short_policy_t *policy);
+
+#ifdef POLICIES_PRIVATE
+STATIC void append_exit_policy_string(smartlist_t **policy, const char *more);
+STATIC int fascist_firewall_allows_address(const tor_addr_t *addr,
+                                           uint16_t port,
+                                           smartlist_t *firewall_policy,
+                                           int pref_only, int pref_ipv6);
+STATIC const tor_addr_port_t * fascist_firewall_choose_address(
+                                          const tor_addr_port_t *a,
+                                          const tor_addr_port_t *b,
+                                          int want_a,
+                                          firewall_connection_t fw_connection,
+                                          int pref_only, int pref_ipv6);
+
+#endif /* defined(POLICIES_PRIVATE) */
+
+#endif /* !defined(TOR_POLICIES_H) */