diff options
| author | Nick Mathewson <nickm@torproject.org> | 2014-11-13 10:48:15 -0500 |
|---|---|---|
| committer | Nick Mathewson <nickm@torproject.org> | 2015-01-06 14:31:20 -0500 |
| commit | 35efce1f3f517871aaa19d60976a9abb3a67bede (patch) | |
| tree | 13560f7d67e4df1e4011f6f08ff42e371ed7f0a9 /src/or/policies.c | |
| parent | 5c813f6ca1d6e385cfad5219108f8ac00677cf35 (diff) | |
| download | tor-35efce1f3f517871aaa19d60976a9abb3a67bede.tar.gz tor-35efce1f3f517871aaa19d60976a9abb3a67bede.zip | |
Add an ExitRelay option to override ExitPolicy
If we're not a relay, we ignore it.
If it's set to 1, we obey ExitPolicy.
If it's set to 0, we force ExitPolicy to 'reject *:*'
And if it's set to auto, then we warn the user if they're running an
exit, and tell them how they can stop running an exit if they didn't
mean to do that.
Fixes ticket 10067
Diffstat (limited to 'src/or/policies.c')
| -rw-r--r-- | src/or/policies.c | 36 |
1 files changed, 36 insertions, 0 deletions
diff --git a/src/or/policies.c b/src/or/policies.c index d10bebd79a..dc1a8a32cc 100644 --- a/src/or/policies.c +++ b/src/or/policies.c @@ -434,6 +434,33 @@ validate_addr_policies(const or_options_t *options, char **msg) REJECT("Error in ExitPolicy entry."); } + static int warned_about_exitrelay = 0; + + const int exitrelay_setting_is_auto = options->ExitRelay == -1; + const int policy_accepts_something = + ! (policy_is_reject_star(addr_policy, AF_INET) && + policy_is_reject_star(addr_policy, AF_INET6)); + + if (server_mode(options) && + ! warned_about_exitrelay && + exitrelay_setting_is_auto && + policy_accepts_something) { + /* Policy accepts something */ + warned_about_exitrelay = 1; + log_warn(LD_CONFIG, + "Tor is running as an exit relay%s. If you did not want this " + "behavior, please set the ExitRelay option to 0. If you do " + "want to run an exit Relay, please set the ExitRelay option " + "to 1 to disable this warning, and for forward compatibility.", + options->ExitPolicy == NULL ? + " with the default exit policy" : ""); + if (options->ExitPolicy == NULL) { + log_warn(LD_CONFIG, + "In a future version of Tor, ExitRelay 0 may become the " + "default when no ExitPolicy is given."); + } + } + /* The rest of these calls *append* to addr_policy. So don't actually * use the results for anything other than checking if they parse! */ if (parse_addr_policy(options->DirPolicy, &addr_policy, -1)) @@ -1022,6 +1049,9 @@ policies_parse_exit_policy(config_line_t *cfg, smartlist_t **dest, * * If <b>or_options->BridgeRelay</b> is false, add entries of default * Tor exit policy into <b>result</b> smartlist. + * + * If or_options->ExitRelay is false, then make our exit policy into + * "reject *:*" regardless. */ int policies_parse_exit_policy_from_options(const or_options_t *or_options, @@ -1030,6 +1060,12 @@ policies_parse_exit_policy_from_options(const or_options_t *or_options, { exit_policy_parser_cfg_t parser_cfg = 0; + if (or_options->ExitRelay == 0) { + append_exit_policy_string(result, "reject *4:*"); + append_exit_policy_string(result, "reject *6:*"); + return 0; + } + if (or_options->IPv6Exit) { parser_cfg |= EXIT_POLICY_IPV6_ENABLED; } |