diff options
author | Roger Dingledine <arma@torproject.org> | 2006-03-26 09:38:17 +0000 |
---|---|---|
committer | Roger Dingledine <arma@torproject.org> | 2006-03-26 09:38:17 +0000 |
commit | e20aad8d466a184edefaa928f5af91cf0daa0148 (patch) | |
tree | 6570291223808c1ab94d37ec0144d116780b7a44 /src | |
parent | e1c8e3ca6e322f566a545b82a232d64374f62627 (diff) | |
download | tor-e20aad8d466a184edefaa928f5af91cf0daa0148.tar.gz tor-e20aad8d466a184edefaa928f5af91cf0daa0148.zip |
remove obsolete address policy code
svn:r6243
Diffstat (limited to 'src')
-rw-r--r-- | src/or/routerlist.c | 91 |
1 files changed, 0 insertions, 91 deletions
diff --git a/src/or/routerlist.c b/src/or/routerlist.c index 1935a0eab0..b6264ce5f2 100644 --- a/src/or/routerlist.c +++ b/src/or/routerlist.c @@ -2500,97 +2500,6 @@ router_exit_policy_all_routers_reject(uint32_t addr, uint16_t port, return 1; /* all will reject. */ } -#if 0 -/** - * If <b>policy</b> implicitly allows connections to any port in the - * IP set <b>addr</b>/<b>mask</b>, then set *<b>policy_out</b> to the - * part of the policy that allows it, and return 1. Else return 0. - * - * A policy allows an IP:Port combination <em>implicitly</em> if - * it is included in a *: pattern, or in a fallback pattern. - */ -static int -policy_includes_addr_mask_implicitly(addr_policy_t *policy, - uint32_t addr, uint32_t mask, - addr_policy_t **policy_out) -{ - uint32_t addr2; - tor_assert(policy_out); - addr &= mask; - addr2 = addr | ~mask; - for (; policy; policy=policy->next) { - /* Does this policy cover all of the address range we're looking at? */ - /* Boolean logic time: range X is contained in range Y if, for - * each bit B, all possible values of B in X are values of B in Y. - * In "addr", we have every fixed bit set to its value, and every - * free bit set to 0. In "addr2", we have every fixed bit set to - * its value, and every free bit set to 1. So if addr and addr2 are - * both in the policy, the range is covered by the policy. - */ - uint32_t p_addr = policy->addr & policy->msk; - if (p_addr == (addr & policy->msk) && - p_addr == (addr2 & policy->msk) && - (policy->prt_min <= 1 && policy->prt_max == 65535) && - policy->policy_type == ADDR_POLICY_REJECT) { - return 0; - } - /* Does this policy cover some of the address range we're looking at? */ - /* Boolean logic time: range X and range Y intersect if there is - * some z such that z & Xmask == Xaddr and z & Ymask == Yaddr. - * This is FALSE iff there is some bit b where Xmask == yMask == 1 - * and Xaddr != Yaddr. So if X intersects with Y iff at every - * place where Xmask&Ymask==1, Xaddr == Yaddr, or equivalently, - * Xaddr&Xmask&Ymask == Yaddr&Xmask&Ymask. - */ - if ((policy->addr & policy->msk & mask) == (addr & policy->msk) && - policy->policy_type == ADDR_POLICY_ACCEPT) { - *policy_out = policy; - return 1; - } - } - *policy_out = NULL; - return 1; -} - -/** If <b>policy</b> implicitly allows connections to any port on - * 127.*, 192.168.*, etc, then warn (if <b>should_warn</b> is set) and return - * true. Else return false. - **/ -int -exit_policy_implicitly_allows_local_networks(addr_policy_t *policy, - int should_warn) -{ - addr_policy_t *p; - int r=0,i; - static struct { - uint32_t addr; uint32_t mask; const char *network; - } private_networks[] = { - { 0x00000000, 0xff000000, "\"this\" network (0.0.0.0/8)" }, - { 0x7f000000, 0xff000000, "localhost (127.0.0.0/8)" }, - { 0x0a000000, 0xff000000, "addresses in private network 10.0.0.0/8" }, - { 0xa9fe0000, 0xffff0000, "addresses in private network 169.254.0.0/16" }, - { 0xac100000, 0xfff00000, "addresses in private network 172.16.0.0/12" }, - { 0xc0a80000, 0xffff0000, "addresses in private network 192.168.0.0/16" }, - { 0,0,NULL}, - }; - for (i=0; private_networks[i].mask; ++i) { - p = NULL; - /* log_info(LD_CONFIG, - "Checking network %s", private_networks[i].network); */ - if (policy_includes_addr_mask_implicitly( - policy, private_networks[i].addr, private_networks[i].mask, &p)) { - if (should_warn) - log_warn(LD_CONFIG, "Exit policy %s implicitly accepts %s", - p?p->string:"(default)", - private_networks[i].network); - r = 1; - } - } - - return r; -} - -#endif /** Return true iff <b>router</b> does not permit exit streams. */ int |