summaryrefslogtreecommitdiff
path: root/src/or/policies.c
AgeCommit message (Collapse)Author
2016-04-14Add new tor_assert_nonfatal*() macros.Nick Mathewson
Unlike tor_assert(), these macros don't abort the process. They're good for checking conditions we want to warn about, but which don't warrant a full crash. This commit also changes the default implementation for tor_fragile_assert() to tor_assert_nonfatal_unreached_once(). Closes ticket 18613.
2016-02-27Update the copyright year.Nick Mathewson
2016-02-20If both IPv4 and IPv6 addresses could be used, choose one correctlyteor (Tim Wilson-Brown)
If there is a node, use node_ipv6_or/dir_preferred(). If there is no node, use fascist_firewall_prefer_ipv6_or/dirport().
2016-02-20Refactor IPV6_OR_LOOKUP into fascist_firewall_choose_address_rsteor (Tim Wilson-Brown)
It's only used once now, so having it as a macro is unhelpful.
2016-02-20Make some fascist_firewall_choose_address* functions staticteor (Tim Wilson-Brown)
2016-02-20Refactor fascist_firewall_allows_address without changing behaviourteor (Tim Wilson-Brown)
2016-02-20Ensure relays must use IPv4, and can use IPv6teor (Tim Wilson-Brown)
A mistake in previous refactoring had relays using IPv4 and IPv6.
2016-02-11Fix all doxygen warnings other than "X is not documented"Nick Mathewson
2016-02-11make check-spacesNick Mathewson
2016-02-11Merge remote-tracking branch 'teor/feature17840-v11-merged-v2'Nick Mathewson
2016-02-03Make bridge clients prefer the configured bridge addressteor (Tim Wilson-Brown)
When ClientPreferIPv6ORPort is auto, bridges prefer the configured bridge ORPort address. Otherwise, they use the value of the option. Other clients prefer IPv4 ORPorts if ClientPreferIPv6ORPort is auto. When ClientPreferIPv6DirPort is auto, all clients prefer IPv4 DirPorts.
2016-01-29Automatically use IPv6 when ClientUseIPv4 is 0teor (Tim Wilson-Brown)
Consequential changes to log messages: * it's no longer possible to disable both IPv4 and IPv6, * refactor common string out of remaining log messages
2016-01-29Optimise reachability checks when iterating through relay liststeor (Tim Wilson-Brown)
Skip address checks on servers. Skip allowed-only address checks on non-bridge clients with IPv4.
2016-01-29Add firewall_is_fascist_dir()teor (Tim Wilson-Brown)
Refactor common parts of firewall_is_fascist_or().
2016-01-29Use fascist firewall and ClientUseIPv4 for bridge clientsteor (Tim Wilson-Brown)
Bridge clients ignore ClientUseIPv6, acting as if it is always 1. This preserves existing behaviour. Make ClientPreferIPv6OR/DirPort auto by default: * Bridge clients prefer IPv6 by default. * Other clients prefer IPv4 by default. This preserves existing behaviour.
2016-01-29Add ClientUseIPv4 and ClientPreferIPv6DirPort torrc optionsteor (Tim Wilson-Brown)
ClientUseIPv4 0 tells tor to avoid IPv4 client connections. ClientPreferIPv6DirPort 1 tells tor to prefer IPv6 directory connections. Refactor policy for IPv4/IPv6 preferences. Fix a bug where node->ipv6_preferred could become stale if ClientPreferIPv6ORPort was changed after the consensus was loaded. Update documentation, existing code, add unit tests.
2016-01-27Correct further grammatical errors in tor commentsNick Mathewson
Avoid using a pronoun where it makes comments unclear. Avoid using gender for things that don't have it. Avoid assigning gender to people unnecessarily.
2015-12-16Warn when comparing against an AF_UNSPEC address in a policyteor (Tim Wilson-Brown)
It produces unexpected results, and it's most likely a bug.
2015-12-15Replace usage of INLINE with inlinecypherpunks
This patch was generated using; sed -i -e "s/\bINLINE\b/inline/" src/*/*.[ch] src/*/*/*.[ch]
2015-12-09Merge remote-tracking branch 'teor/fix-exitpolicy-leak'Nick Mathewson
2015-12-09Merge branch 'refactor-effective-entry'Nick Mathewson
2015-12-09Tweak policies_log_first_redundant_entry even moreNick Mathewson
* Use smartlist_foreach_begin/end instead of a plain for loop. * constify the pointers.
2015-12-09Tweak policies_log_first_redundant_entry more.Nick Mathewson
* Since the variable is no longer modified, it should be called 'policy' instead of 'dest'. ("Dest" is short for "destination".) * Fixed the space issue that dgoulet found on the ticket. * Fixed the comment a little. (We use the imperative for function documentation.)
2015-12-08Merge branch 'maint-0.2.7'Nick Mathewson
2015-12-08Format IPv6 policies correctly.Nick Mathewson
Previously we'd suppressed the mask-bits field in the output when formatting a policy if it was >=32. But that should be a >=128 if we're talking about IPv6. Since we didn't put these in descriptors, this bug affects only log messages and controller outputs. Fix for bug 16056. The code in question was new in 0.2.0, but the bug was introduced in 0.2.4 when we started supporting IPv6 exits.
2015-12-07Consistently ignore multicast in internal reject private exit policiesteor (Tim Wilson-Brown)
Consistently ignore multicast addresses when automatically generating reject private exit policies. Closes ticket 17763. Bug fix on 10a6390deb3c9, not in any released version of Tor. Patch by "teor".
2015-12-06Make policies_log_first_redundant_entry take a const smartlist_t *teor (Tim Wilson-Brown)
Also fixup code style.
2015-12-06Refactor policies_parse_exit_policy_internalteor (Tim Wilson-Brown)
Move logging of redundant policy entries in policies_parse_exit_policy_internal into its own function. Closes ticket 17608; patch from "juce".
2015-12-06Initialise configured_addresses to a known value (NULL)teor (Tim Wilson-Brown)
2015-12-06Fix a memory leak in the exit policy parsing codecypherpunks
This memory leak only occurs when the Tor instance is not an exit node. Fixes code introduced in 10a6390deb3c9ff9fbd8078fc812abf6c77ad67f.
2015-11-27Fix use-after-free of stack memory in getinfo_helper_policiesteor (Tim Wilson-Brown)
2015-11-27Fix use-after-free of stack memory in policies_parse_exit_policy*teor (Tim Wilson-Brown)
Change the function names & comments to make the copying explicit.
2015-11-26Correctly free a smartlist in getinfo_helper_policiesteor (Tim Wilson-Brown)
2015-11-25fixup! Add controller getinfo exit-policy/reject-privateteor (Tim Wilson-Brown)
Stop ignoring ExitPolicyRejectPrivate in getinfo exit-policy/reject-private. Fix a memory leak. Set ExitPolicyRejectPrivate in the unit tests, and make a mock function declaration static.
2015-11-20fix "make check-spaces"Nick Mathewson
2015-11-20Fix compilation warningsNick Mathewson
2015-11-20Add controller getinfo exit-policy/reject-privateteor (Tim Wilson-Brown)
exit-policy/reject-private lists the reject rules added by ExitPolicyRejectPrivate. This makes it easier for stem to display exit policies. Add unit tests for getinfo exit-policy/*. Completes ticket #17183. Patch by "teor".
2015-11-20Refactor router_dump_exit_policy_to_stringteor (Tim Wilson-Brown)
Split out policy_dump_to_string to use it in getinfo_helper_policies.
2015-11-20Block OutboundBindAddressIPv[4|6]_ and configured ports on exit relaysteor (Tim Wilson-Brown)
Modify policies_parse_exit_policy_reject_private so it also blocks the addresses configured for OutboundBindAddressIPv4_ and OutboundBindAddressIPv6_, and any publicly routable port addresses on exit relays. Add and update unit tests for these functions.
2015-11-20Refactor policies_parse_exit_policy_internalteor (Tim Wilson-Brown)
Move the code that rejects publicly routable exit relay addresses to policies_parse_exit_policy_reject_private. Add addr_policy_append_reject_addr_list and use it to reject interface addresses. This removes the duplicate reject checks on local_address and ipv6_local_address, but duplicates will be removed by exit_policy_remove_redundancies at the end of the function. This also removes the info-level logging on rejected interface addresses. Instead, log a debug-level message in addr_policy_append_reject_addr. This simplifies policies_parse_exit_policy_internal and prepares for reporting these addresses over the control port in #17183.
2015-09-24Put braces around reject-lines for IPv6 addrsNick Mathewson
Fixes bug 17149; bug not in any released Tor.
2015-09-16Merge branch 'bug17027-reject-private-all-interfaces-v2' into bug16069-bug17027teor (Tim Wilson-Brown)
src/test/test_policy.c: Merged calls to policies_parse_exit_policy by adding additional arguments. fixup to remaining instance of ~EXIT_POLICY_IPV6_ENABLED. Compacting logic test now produces previous list length of 4, corrected this. src/config/torrc.sample.in: src/config/torrc.minimal.in-staging: Merged torrc modification dates in favour of latest.
2015-09-16Log an info-level message for each IP blocked by ExitPolicyRejectPrivateteor (Tim Wilson-Brown)
Log an info-level message containing the reject line added to the exit policy for each local IP address blocked by ExitPolicyRejectPrivate: - Published IPv4 and IPv6 addresses - Publicly routable IPv4 and IPv6 interface addresses
2015-09-16ExitPolicyRejectPrivate rejects local IPv6 address and interface addressesteor (Tim Wilson-Brown)
ExitPolicyRejectPrivate now rejects more local addresses by default: * the relay's published IPv6 address (if any), and * any publicly routable IPv4 or IPv6 addresses on any local interfaces. This resolves a security issue for IPv6 Exits and multihomed Exits that trust connections originating from localhost. Resolves ticket 17027. Patch by "teor". Patch on 42b8fb5a1523 (11 Nov 2007), released in 0.2.0.11-alpha.
2015-09-16Warn about redundant torrc ExitPolicy lines due to accept/reject *:*teor (Tim Wilson-Brown)
Tor now warns when ExitPolicy lines occur after accept/reject *:* or variants. These lines are redundant, and were always ignored. Partial fix for ticket 16069. Patch by "teor". Patch on 2eb7eafc9d78 and a96c0affcb4c (25 Oct 2012), released in 0.2.4.7-alpha.
2015-09-16Ignore accept6/reject6 IPv4, warn about unexpected rule outcomesteor (Tim Wilson-Brown)
When parsing torrc ExitPolicies, we now warn if: * an IPv4 address is used on an accept6 or reject6 line. The line is ignored, but the rest of the policy items in the list are used. (accept/reject continue to allow both IPv4 and IPv6 addresses in torrcs.) * a "private" address alias is used on an accept6 or reject6 line. The line filters both IPv4 and IPv6 private addresses, disregarding the 6 in accept6/reject6. When parsing torrc ExitPolicies, we now issue an info-level message: * when expanding an accept/reject * line to include both IPv4 and IPv6 wildcard addresses. In each instance, usage advice is provided to avoid the message. Partial fix for ticket 16069. Patch by "teor". Patch on 2eb7eafc9d78 and a96c0affcb4c (25 Oct 2012), released in 0.2.4.7-alpha.
2015-09-14Update comments about ExitPolicy parsingteor (Tim Wilson-Brown)
Fix incomplete and incorrect comments. Comment changes only.
2015-01-06Merge branch 'exitnode_10067_squashed'Nick Mathewson
Conflicts: src/or/or.h
2015-01-06Add an ExitRelay option to override ExitPolicyNick Mathewson
If we're not a relay, we ignore it. If it's set to 1, we obey ExitPolicy. If it's set to 0, we force ExitPolicy to 'reject *:*' And if it's set to auto, then we warn the user if they're running an exit, and tell them how they can stop running an exit if they didn't mean to do that. Fixes ticket 10067
2015-01-02Bump copyright dates to 2015, in case someday this matters.Nick Mathewson