diff options
| author | Nick Mathewson <nickm@torproject.org> | 2015-01-06 15:15:18 -0500 |
|---|---|---|
| committer | Nick Mathewson <nickm@torproject.org> | 2015-01-06 15:15:18 -0500 |
| commit | 90b9e23bec4687962a999c2575909b9230bd425a (patch) | |
| tree | bff22d42a1f910faacbc7c872282335ca636fb4e /src/or/policies.c | |
| parent | 3401c34151a29fe962944ce3ea77f14056c87efa (diff) | |
| parent | d87143f3199fe6be6e0a4907e82b25727622c857 (diff) | |
| download | tor-90b9e23bec4687962a999c2575909b9230bd425a.tar.gz tor-90b9e23bec4687962a999c2575909b9230bd425a.zip | |
Merge branch 'exitnode_10067_squashed'
Conflicts:
src/or/or.h
Diffstat (limited to 'src/or/policies.c')
| -rw-r--r-- | src/or/policies.c | 36 |
1 files changed, 36 insertions, 0 deletions
diff --git a/src/or/policies.c b/src/or/policies.c index 2095907025..560b8cb4c3 100644 --- a/src/or/policies.c +++ b/src/or/policies.c @@ -434,6 +434,33 @@ validate_addr_policies(const or_options_t *options, char **msg) REJECT("Error in ExitPolicy entry."); } + static int warned_about_exitrelay = 0; + + const int exitrelay_setting_is_auto = options->ExitRelay == -1; + const int policy_accepts_something = + ! (policy_is_reject_star(addr_policy, AF_INET) && + policy_is_reject_star(addr_policy, AF_INET6)); + + if (server_mode(options) && + ! warned_about_exitrelay && + exitrelay_setting_is_auto && + policy_accepts_something) { + /* Policy accepts something */ + warned_about_exitrelay = 1; + log_warn(LD_CONFIG, + "Tor is running as an exit relay%s. If you did not want this " + "behavior, please set the ExitRelay option to 0. If you do " + "want to run an exit Relay, please set the ExitRelay option " + "to 1 to disable this warning, and for forward compatibility.", + options->ExitPolicy == NULL ? + " with the default exit policy" : ""); + if (options->ExitPolicy == NULL) { + log_warn(LD_CONFIG, + "In a future version of Tor, ExitRelay 0 may become the " + "default when no ExitPolicy is given."); + } + } + /* The rest of these calls *append* to addr_policy. So don't actually * use the results for anything other than checking if they parse! */ if (parse_addr_policy(options->DirPolicy, &addr_policy, -1)) @@ -1022,6 +1049,9 @@ policies_parse_exit_policy(config_line_t *cfg, smartlist_t **dest, * * If <b>or_options->BridgeRelay</b> is false, add entries of default * Tor exit policy into <b>result</b> smartlist. + * + * If or_options->ExitRelay is false, then make our exit policy into + * "reject *:*" regardless. */ int policies_parse_exit_policy_from_options(const or_options_t *or_options, @@ -1030,6 +1060,12 @@ policies_parse_exit_policy_from_options(const or_options_t *or_options, { exit_policy_parser_cfg_t parser_cfg = 0; + if (or_options->ExitRelay == 0) { + append_exit_policy_string(result, "reject *4:*"); + append_exit_policy_string(result, "reject *6:*"); + return 0; + } + if (or_options->IPv6Exit) { parser_cfg |= EXIT_POLICY_IPV6_ENABLED; } |