aboutsummaryrefslogtreecommitdiff
path: root/src/or/policies.c
AgeCommit message (Collapse)Author
2018-06-20Run rectify_include_paths.pyNick Mathewson
2018-06-20Update copyrights to 2018.Nick Mathewson
2018-06-15Extract routerinfo_t into its own header.Nick Mathewson
I was expecting this to be much worse.
2018-06-15Extract microdesc_t into its own header.Nick Mathewson
2018-06-15Extract routerstatus_t into its own header.Nick Mathewson
2018-06-15Extract node_t into its own header.Nick Mathewson
2018-06-14Move dir_server_t into its own header.Nick Mathewson
2018-06-14Make server_port_cfg_t and port_cfg_t into separate headers.Nick Mathewson
2018-05-10Avoid confusion with errno from libcrl1987
2018-05-10Make _with_err return routerinfo, like old function doesrl1987
2018-05-05Improve GETCONF exit-policy/* error handlingrl1987
This will yield different error codes for transient and permament errors. Furthermore, Tor will give human readable error messages to controller.
2018-05-01Remove the return value from the fascist_firewall_choose_address_* family of ↵Neel Chauhan
functions
2018-05-01Initialize ap in the fascist_firewall_choose_address_* family of functions to 0Neel Chauhan
2018-02-07Fix spelling mistakes corresponding to ticket #23650Deepesh Pathak
2018-01-02Merge branch 'maint-0.3.2'Nick Mathewson
2018-01-02Merge branch 'maint-0.3.1' into maint-0.3.2Nick Mathewson
2018-01-02Merge branch 'maint-0.3.0' into maint-0.3.1Nick Mathewson
2018-01-02Merge branch 'maint-0.2.9' into maint-0.3.0Nick Mathewson
2018-01-02Merge remote-tracking branch 'teor/bug24736_028' into maint-0.2.9Nick Mathewson
2017-12-25Clear the address when we can't choose a reachable addressteor
When the fascist_firewall_choose_address_ functions don't find a reachable address, set the returned address to the null address and port. This is a precautionary measure, because some callers do not check the return value. Fixes bug 24736; bugfix on 0.2.8.2-alpha.
2017-12-11Stop waiting for microdescs if the consensus supports IPv6 ORPortsteor
Also make IPv6-only clients wait for microdescs for relays, even if we were previously using descriptors (or were using them as a bridge) and have a cached descriptor for them. But if node_is_a_configured_bridge(), stop waiting for its IPv6 address in a microdescriptor, because we'll never use it. Implements #23827.
2017-12-08Change the free macro convention in the rest of src/or/*.hNick Mathewson
2017-12-08Convert the rest of src/common's headers to use FREE_AND_NULLNick Mathewson
2017-10-31Don't give "exitrelay may become 0 when no policy" warning on ReducedExitPolicyNick Mathewson
2017-10-31Fix: when BridgeRelay is set, you do not get any exit policy.Nick Mathewson
2017-10-31Add code for letting user select Reduced Exit PolicyNeel Chauhan
2017-09-24Assign Exit flag only for ports 80 and 443Roger Dingledine
Make the "Exit" flag assignment only depend on whether the exit policy allows connections to ports 80 and 443. Previously relays would get the Exit flag if they allowed connections to one of these ports and also port 6667. Resolves ticket 23637.
2017-08-03Switch to offsetof()Neel Chauhan
2017-03-15Run the copyright update script.Nick Mathewson
2017-02-15Merge branch 'maint-0.2.9'Nick Mathewson
2017-02-14Fix policies.c instance of the "if (r=(a-b)) return r" patternNick Mathewson
I think this one probably can't underflow, since the input ranges are small. But let's not tempt fate. This patch also replaces the "cmp" functions here with just "eq" functions, since nothing actually checked for anything besides 0 and nonzero. Related to 21278.
2017-02-01Merge branch 'teor_bug21357-v2_029'Nick Mathewson
2017-02-01Scale IPv6 address counts in policy_summary_reject to avoid overflowteor
This disregards anything smaller than an IPv6 /64, and rejects ports that are rejected on an IPv6 /16 or larger. Adjust existing unit tests, and add more to cover exceptional cases. No IPv4 behaviour changes. Fixes bug 21357
2017-02-01Fix IPv6 support in policy_summary_reject and policy_summary_acceptteor
This interim fix results in too many IPv6 rejections. No behaviour change for IPv4 counts, except for overflow fixes that would require 4 billion redundant 0.0.0.0/0 policy entries to trigger. Part of 21357
2017-02-01Refactor policy_summary_reject to prepare for IPv6 changesteor
No behaviour change, apart from non-fatal assertions Part of 21357
2017-02-01Fix write_short_policy usage commentteor
2017-01-27Outbindbindaddress variants for Exit and OR.Nick Mathewson
Allow separation of exit and relay traffic to different source IP addresses (Ticket #17975). Written by Michael Sonntag.
2017-01-13Remove redundant boolean expression from firewall_is_fascist_impl()teor
Let A = UseBridges Let B = ClientUseIPv4 Then firewall_is_fascist_impl expands and simplifies to: B || (!(A || ...) && A) B || (!A && ... && A) B || 0 B
2017-01-13When IPv6 addresses have not been downloaded, use hard-coded address infoteor
The microdesc consensus does not contain any IPv6 addresses. When a client has a microdesc consensus but no microdescriptor, make it use the hard-coded IPv6 address for the node (if available). (Hard-coded addresses can come from authorities, fallback directories, or configured bridges.) If there is no hard-coded address, log a BUG message, and fail the connection attempt. (All existing code checks for a hard-coded address before choosing a node address.) Fixes 20996, fix on b167e82 from 19608 in 0.2.8.5-alpha.
2016-12-16Make fascist_firewall_use_ipv6() check ORPort & DirPort IP preferencesteor
This makes clients try harder to find an IPv6 address when searching for a directory server. Required for #19608.
2016-11-08Merge branch 'maint-0.2.9'Nick Mathewson
2016-10-31policy_is_reject_star():Nick Mathewson
ome policies are default-reject, some default-accept. But policy_is_reject_star() assumed they were all default_reject. Fix that! Also, document that policy_is_reject_star() treats a NULL policy as empty. This allows us to simplify the checks in parse_reachable_addresses() by quite a bit. Fxes bug 20306; bugfix on 0.2.8.2-alpha.
2016-10-27Automated change to use smartlist_add_strdupovercaffeinated
Use the following coccinelle script to change uses of smartlist_add(sl, tor_strdup(str)) to smartlist_add_strdup(sl, string) (coccinelle script from nickm via bug 20048): @@ expression a; expression b; @@ - smartlist_add + smartlist_add_strdup (a, - tor_strdup( b - ) )
2016-10-24Module-document dnsserv.c, policies.c, routerkeys.cNick Mathewson
2016-09-05Vote Exit correctly with DirAllowPrivateAddresses setSebastian Hahn
When allowing private addresses, mark Exits that only exit to private locations as such. Fixes bug 20064; bugfix on 0.2.2.9-alpha.
2016-07-28Fix a huge pile of -Wshadow warnings.Nick Mathewson
These appeared on some of the Jenkins platforms. Apparently some GCCs care when you shadow globals, and some don't.
2016-07-17Keep make check-spaces happyAndrea Shepard
2016-07-06Merge branch 'maint-0.2.8'Nick Mathewson
2016-07-06When checking if a routerstatus is reachable, don't check the nodeteor (Tim Wilson-Brown)
This fixes #19608, allowing IPv6-only clients to use microdescriptors, while preserving the ability of bridge clients to have some IPv4 bridges and some IPv6 bridges. Fix on c281c036 in 0.2.8.2-alpha.
2016-07-05Merge remote-tracking branch 'teor/bug18456'Nick Mathewson