summaryrefslogtreecommitdiff
path: root/src/or/policies.c
diff options
context:
space:
mode:
Diffstat (limited to 'src/or/policies.c')
-rw-r--r--src/or/policies.c95
1 files changed, 83 insertions, 12 deletions
diff --git a/src/or/policies.c b/src/or/policies.c
index 07b5b6715c..dd0f24fd52 100644
--- a/src/or/policies.c
+++ b/src/or/policies.c
@@ -917,13 +917,16 @@ typedef struct policy_summary_item_t {
uint16_t prt_max; /**< Highest port number to accept/reject. */
uint64_t reject_count; /**< Number of IP-Addresses that are rejected to
this portrange. */
+ int accepted:1; /** Has this port already been accepted */
} policy_summary_item_t;
smartlist_t *policy_summary_create(void);
void policy_summary_accept(smartlist_t *summary, uint16_t prt_min, uint16_t prt_max);
-void policy_summary_reject(smartlist_t *summary, uint16_t prt_min, uint16_t prt_max);
+void policy_summary_reject(smartlist_t *summary, maskbits_t maskbits, uint16_t prt_min, uint16_t prt_max);
void policy_summary_add_item(smartlist_t *summary, addr_policy_t *p);
void policy_summarize(smartlist_t *policy);
+int policy_summary_split(smartlist_t *summary, uint16_t prt_min, uint16_t prt_max);
+policy_summary_item_t* policy_summary_item_split(policy_summary_item_t* old, uint16_t new_starts);
/** Create a new exit policy summary, initially only with a single
* port 1-64k item */
@@ -937,6 +940,7 @@ policy_summary_create(void)
item->prt_min = 1;
item->prt_max = 65535;
item->reject_count = 0;
+ item->accepted = 0;
summary = smartlist_create();
smartlist_add(summary, item);
@@ -944,24 +948,91 @@ policy_summary_create(void)
return summary;
}
+/** Split the summary item in <b>item</b> at the port <b>new_starts</b>.
+ * The current item is changed to end at new-starts - 1, the new item
+ * copies reject_count and accepted from the old item,
+ * starts at new_starts and ends at the port where the original item
+ * previously ended.
+ */
+policy_summary_item_t*
+policy_summary_item_split(policy_summary_item_t* old, uint16_t new_starts) {
+ policy_summary_item_t* new;
+
+ new = tor_malloc_zero(sizeof(policy_summary_item_t));
+ new->prt_min = new_starts;
+ new->prt_max = old->prt_max;
+ new->reject_count = old->reject_count;
+ new->accepted = old->accepted;
+
+ old->prt_max = new_starts-1;
+
+ tor_assert(old->prt_min < old->prt_max);
+ tor_assert(new->prt_min < new->prt_max);
+ return new;
+}
+
+#define AT(x) ((policy_summary_item_t*)smartlist_get(summary, x))
+#define REJECT_CUTOFF_COUNT (1<<25)
+/* Split an exit policy summary so that prt_min and prt_max
+ * fall at exactly the start and end of an item respectively.
+ */
+int
+policy_summary_split(smartlist_t *summary,
+ uint16_t prt_min, uint16_t prt_max)
+{
+ int start_at_index;
+
+ int i = 0;
+ while (AT(i)->prt_max < prt_min)
+ i++;
+ if (AT(i)->prt_min != prt_min) {
+ policy_summary_item_t* new_item;
+ new_item = policy_summary_item_split(AT(i), prt_min);
+ smartlist_insert(summary, i+1, new_item);
+ i++;
+ }
+ start_at_index = i;
+
+ while(AT(i)->prt_max < prt_max)
+ i++;
+ if (AT(i)->prt_max != prt_max) {
+ policy_summary_item_t* new_item;
+ new_item = policy_summary_item_split(AT(i), prt_max+1);
+ smartlist_insert(summary, i+1, new_item);
+ }
+
+ return start_at_index;
+}
+
+/** Mark port ranges as accepted if they are below the reject_count */
void
-policy_summary_accept(smartlist_t *summary,
+policy_summary_accept(smartlist_t *summary,
uint16_t prt_min, uint16_t prt_max)
{
- /* XXX */
- (void) summary;
- (void) prt_min;
- (void) prt_max;
+ int i = policy_summary_split(summary, prt_min, prt_max);
+ while (AT(i)->prt_max <= prt_max) {
+ if (AT(i)->accepted ||
+ AT(i)->reject_count > REJECT_CUTOFF_COUNT)
+ continue;
+ AT(i)->accepted = 1;
+ i++;
+ }
}
+/** Count the number of addresses in a network with prefixlen maskbits
+ * against the given portrange. */
void
-policy_summary_reject(smartlist_t *summary,
+policy_summary_reject(smartlist_t *summary,
+ maskbits_t maskbits,
uint16_t prt_min, uint16_t prt_max)
{
- /* XXX */
- (void) summary;
- (void) prt_min;
- (void) prt_max;
+ int i = policy_summary_split(summary, prt_min, prt_max);
+ /* XXX: ipv4 specific */
+ int count = (1 << (32-maskbits));
+ while (AT(i)->prt_max <= prt_max) {
+ AT(i)->reject_count += count;
+ i++;
+ }
}
/** Add a single exit policy item to our summary */
@@ -991,7 +1062,7 @@ policy_summary_add_item(smartlist_t *summary, addr_policy_t *p)
}
if (!is_private) {
- policy_summary_reject(summary, p->prt_min, p->prt_max);
+ policy_summary_reject(summary, p->maskbits, p->prt_min, p->prt_max);
}
} else
tor_assert(0);