summaryrefslogtreecommitdiff
path: root/src/or/policies.h
AgeCommit message (Collapse)Author
2017-02-14Fix policies.c instance of the "if (r=(a-b)) return r" patternNick Mathewson
I think this one probably can't underflow, since the input ranges are small. But let's not tempt fate. This patch also replaces the "cmp" functions here with just "eq" functions, since nothing actually checked for anything besides 0 and nonzero. Related to 21278.
2017-02-01Add unit tests for IPv6 address summaries and IPv4 netblock rejectionteor
These tests currently fail due to bug 21357
2016-10-31policy_is_reject_star():Nick Mathewson
ome policies are default-reject, some default-accept. But policy_is_reject_star() assumed they were all default_reject. Fix that! Also, document that policy_is_reject_star() treats a NULL policy as empty. This allows us to simplify the checks in parse_reachable_addresses() by quite a bit. Fxes bug 20306; bugfix on 0.2.8.2-alpha.
2016-07-01Avoid disclosing exit IP addresses in exit policies by defaultteor (Tim Wilson-Brown)
From 0.2.7.2-alpha onwards, Exits would reject all the IP addresses they knew about in their exit policy. But this may have disclosed addresses that were otherwise unlisted. Now, only advertised addresses are rejected by default by ExitPolicyRejectPrivate. All known addresses are only rejected when ExitPolicyRejectLocalInterfaces is explicitly set to 1.
2016-02-27Update the copyright year.Nick Mathewson
2016-02-20If both IPv4 and IPv6 addresses could be used, choose one correctlyteor (Tim Wilson-Brown)
If there is a node, use node_ipv6_or/dir_preferred(). If there is no node, use fascist_firewall_prefer_ipv6_or/dirport().
2016-02-20Make some fascist_firewall_choose_address* functions staticteor (Tim Wilson-Brown)
2016-01-29Add firewall_is_fascist_dir()teor (Tim Wilson-Brown)
Refactor common parts of firewall_is_fascist_or().
2016-01-29Use fascist firewall and ClientUseIPv4 for bridge clientsteor (Tim Wilson-Brown)
Bridge clients ignore ClientUseIPv6, acting as if it is always 1. This preserves existing behaviour. Make ClientPreferIPv6OR/DirPort auto by default: * Bridge clients prefer IPv6 by default. * Other clients prefer IPv4 by default. This preserves existing behaviour.
2016-01-29Add ClientUseIPv4 and ClientPreferIPv6DirPort torrc optionsteor (Tim Wilson-Brown)
ClientUseIPv4 0 tells tor to avoid IPv4 client connections. ClientPreferIPv6DirPort 1 tells tor to prefer IPv6 directory connections. Refactor policy for IPv4/IPv6 preferences. Fix a bug where node->ipv6_preferred could become stale if ClientPreferIPv6ORPort was changed after the consensus was loaded. Update documentation, existing code, add unit tests.
2015-12-09Tweak policies_log_first_redundant_entry even moreNick Mathewson
* Use smartlist_foreach_begin/end instead of a plain for loop. * constify the pointers.
2015-11-20Fix compilation warningsNick Mathewson
2015-11-20Add controller getinfo exit-policy/reject-privateteor (Tim Wilson-Brown)
exit-policy/reject-private lists the reject rules added by ExitPolicyRejectPrivate. This makes it easier for stem to display exit policies. Add unit tests for getinfo exit-policy/*. Completes ticket #17183. Patch by "teor".
2015-11-20Refactor router_dump_exit_policy_to_stringteor (Tim Wilson-Brown)
Split out policy_dump_to_string to use it in getinfo_helper_policies.
2015-11-20Block OutboundBindAddressIPv[4|6]_ and configured ports on exit relaysteor (Tim Wilson-Brown)
Modify policies_parse_exit_policy_reject_private so it also blocks the addresses configured for OutboundBindAddressIPv4_ and OutboundBindAddressIPv6_, and any publicly routable port addresses on exit relays. Add and update unit tests for these functions.
2015-11-20Refactor policies_parse_exit_policy_internalteor (Tim Wilson-Brown)
Move the code that rejects publicly routable exit relay addresses to policies_parse_exit_policy_reject_private. Add addr_policy_append_reject_addr_list and use it to reject interface addresses. This removes the duplicate reject checks on local_address and ipv6_local_address, but duplicates will be removed by exit_policy_remove_redundancies at the end of the function. This also removes the info-level logging on rejected interface addresses. Instead, log a debug-level message in addr_policy_append_reject_addr. This simplifies policies_parse_exit_policy_internal and prepares for reporting these addresses over the control port in #17183.
2015-09-16ExitPolicyRejectPrivate rejects local IPv6 address and interface addressesteor (Tim Wilson-Brown)
ExitPolicyRejectPrivate now rejects more local addresses by default: * the relay's published IPv6 address (if any), and * any publicly routable IPv4 or IPv6 addresses on any local interfaces. This resolves a security issue for IPv6 Exits and multihomed Exits that trust connections originating from localhost. Resolves ticket 17027. Patch by "teor". Patch on 42b8fb5a1523 (11 Nov 2007), released in 0.2.0.11-alpha.
2015-01-02Bump copyright dates to 2015, in case someday this matters.Nick Mathewson
2014-10-28Add another year to our copyright dates.Nick Mathewson
Because in 95 years, we or our successors will surely care about enforcing the BSD license terms on this code. Right?
2014-09-22New API for policies_parse_exit_policy().rl1987
2014-09-09Remove dirauth support for the BadDirectory flagSebastian Hahn
Implements the first half of #13060. The second half will be to remove client support, too.
2014-08-29Introduce full coverage tests for module routerset.c.dana koch
This is using the paradigm introduced for test_status.c.
2014-03-05Merge remote-tracking branch 'arma/ticket5528'Nick Mathewson
Conflicts: src/or/router.c src/test/test_dir.c
2013-08-26Increase POLICY_BUF_LEN to 72 to accomodate IPv6 exit policy items.Nick Mathewson
Fixes bug 9596; bugfix on 0.2.4.7-alpha.
2013-03-11On END_REASON_EXITPOLICY, mark circuit as unusable for that address.Nick Mathewson
Also, don't call the exit node 'reject *' unless our decision to pick that node was based on a non-summarized version of that node's exit policy. rransom and arma came up with the ideas for this fix. Fix for 7582; the summary-related part is a bugfix on 0.2.3.2-alpha.
2013-02-09use me->addr when adding our address to our exit policyRoger Dingledine
(rather than me->address)
2013-01-16Update the copyright date to 201.Nick Mathewson
2012-11-14Fix a bug in policy_is_reject_star() that was making IPv4 exits breakNick Mathewson
IPv4-only exits have an implicit "reject [::]/0", which was making policy_is_reject_star() return 1 for them, making us refuse to do hostname lookups. This fix chanes policy_is_reject_star() to ask about which family we meant.
2012-11-14Add an IPv6Exit configuration optionNick Mathewson
Don't advertise an IPv6 exit policy, or accept IPv6 exit requests, if IPv6Exit is not true.
2012-11-14Better policy support for IPv6Nick Mathewson
Now, "accept *:80" means "accept all addresses on port 80", and not just IPv4. For just v4, say "accept *4:80"; for just v6 say "accept *6:80". We can parse these policies from torrc just fine, and we should be successfully keeping them out of descriptors for now. We also now include appropriate IPv6 addresses in "reject private:*"
2012-10-23Merge remote-tracking branch 'origin/maint-0.2.3'Nick Mathewson
2012-10-23Fix parse_short_policy (bug 7192.)Nick Mathewson
Our implementation of parse_short_policy was screwed up: it would ignore the last character of every short policy. Obviously, that's broken. This patch fixes the busted behavior, and adds a bunch of unit tests to make sure the rest of that function is okay. Fixes bug 7192; fix on 0.2.3.1-alpha.
2012-10-22add a unit test to expose bug 7192Roger Dingledine
2012-10-12Convert all include-guard macros to avoid reserved identifiers.Nick Mathewson
In C, we technically aren't supposed to define our own things that start with an underscore. This is a purely machine-generated commit. First, I ran this script on all the headers in src/{common,or,test,tools/*}/*.h : ============================== use strict; my %macros = (); my %skipped = (); FILE: for my $fn (@ARGV) { my $f = $fn; if ($fn !~ /^\.\//) { $f = "./$fn"; } $skipped{$fn} = 0; open(F, $fn); while (<F>) { if (/^#ifndef ([A-Za-z0-9_]+)/) { $macros{$fn} = $1; next FILE; } } } print "#!/usr/bin/perl -w -i -p\n\n"; for my $fn (@ARGV) { if (! exists $macros{$fn}) { print "# No macro known for $fn!\n" if (!$skipped{$fn}); next; } if ($macros{$fn} !~ /_H_?$/) { print "# Weird macro for $fn...\n"; } my $goodmacro = uc $fn; $goodmacro =~ s#.*/##; $goodmacro =~ s#[\/\-\.]#_#g; print "s/(?<![A-Za-z0-9_])$macros{$fn}(?![A-Za-z0-9_])/TOR_${goodmacro}/g;\n" } ============================== It produced the following output, which I then re-ran on those same files: ============================== s/(?<![A-Za-z0-9_])_TOR_ADDRESS_H(?![A-Za-z0-9_])/TOR_ADDRESS_H/g; s/(?<![A-Za-z0-9_])_TOR_AES_H(?![A-Za-z0-9_])/TOR_AES_H/g; s/(?<![A-Za-z0-9_])_TOR_COMPAT_H(?![A-Za-z0-9_])/TOR_COMPAT_H/g; s/(?<![A-Za-z0-9_])_TOR_COMPAT_LIBEVENT_H(?![A-Za-z0-9_])/TOR_COMPAT_LIBEVENT_H/g; s/(?<![A-Za-z0-9_])_TOR_CONTAINER_H(?![A-Za-z0-9_])/TOR_CONTAINER_H/g; s/(?<![A-Za-z0-9_])_TOR_CRYPTO_H(?![A-Za-z0-9_])/TOR_CRYPTO_H/g; s/(?<![A-Za-z0-9_])TOR_DI_OPS_H(?![A-Za-z0-9_])/TOR_DI_OPS_H/g; s/(?<![A-Za-z0-9_])_TOR_MEMAREA_H(?![A-Za-z0-9_])/TOR_MEMAREA_H/g; s/(?<![A-Za-z0-9_])_TOR_MEMPOOL_H(?![A-Za-z0-9_])/TOR_MEMPOOL_H/g; s/(?<![A-Za-z0-9_])TOR_PROCMON_H(?![A-Za-z0-9_])/TOR_PROCMON_H/g; s/(?<![A-Za-z0-9_])_TOR_TORGZIP_H(?![A-Za-z0-9_])/TOR_TORGZIP_H/g; s/(?<![A-Za-z0-9_])_TOR_TORINT_H(?![A-Za-z0-9_])/TOR_TORINT_H/g; s/(?<![A-Za-z0-9_])_TOR_LOG_H(?![A-Za-z0-9_])/TOR_TORLOG_H/g; s/(?<![A-Za-z0-9_])_TOR_TORTLS_H(?![A-Za-z0-9_])/TOR_TORTLS_H/g; s/(?<![A-Za-z0-9_])_TOR_UTIL_H(?![A-Za-z0-9_])/TOR_UTIL_H/g; s/(?<![A-Za-z0-9_])_TOR_BUFFERS_H(?![A-Za-z0-9_])/TOR_BUFFERS_H/g; s/(?<![A-Za-z0-9_])_TOR_CHANNEL_H(?![A-Za-z0-9_])/TOR_CHANNEL_H/g; s/(?<![A-Za-z0-9_])_TOR_CHANNEL_TLS_H(?![A-Za-z0-9_])/TOR_CHANNELTLS_H/g; s/(?<![A-Za-z0-9_])_TOR_CIRCUITBUILD_H(?![A-Za-z0-9_])/TOR_CIRCUITBUILD_H/g; s/(?<![A-Za-z0-9_])_TOR_CIRCUITLIST_H(?![A-Za-z0-9_])/TOR_CIRCUITLIST_H/g; s/(?<![A-Za-z0-9_])_TOR_CIRCUITMUX_EWMA_H(?![A-Za-z0-9_])/TOR_CIRCUITMUX_EWMA_H/g; s/(?<![A-Za-z0-9_])_TOR_CIRCUITMUX_H(?![A-Za-z0-9_])/TOR_CIRCUITMUX_H/g; s/(?<![A-Za-z0-9_])_TOR_CIRCUITUSE_H(?![A-Za-z0-9_])/TOR_CIRCUITUSE_H/g; s/(?<![A-Za-z0-9_])_TOR_COMMAND_H(?![A-Za-z0-9_])/TOR_COMMAND_H/g; s/(?<![A-Za-z0-9_])_TOR_CONFIG_H(?![A-Za-z0-9_])/TOR_CONFIG_H/g; s/(?<![A-Za-z0-9_])TOR_CONFPARSE_H(?![A-Za-z0-9_])/TOR_CONFPARSE_H/g; s/(?<![A-Za-z0-9_])_TOR_CONNECTION_EDGE_H(?![A-Za-z0-9_])/TOR_CONNECTION_EDGE_H/g; s/(?<![A-Za-z0-9_])_TOR_CONNECTION_H(?![A-Za-z0-9_])/TOR_CONNECTION_H/g; s/(?<![A-Za-z0-9_])_TOR_CONNECTION_OR_H(?![A-Za-z0-9_])/TOR_CONNECTION_OR_H/g; s/(?<![A-Za-z0-9_])_TOR_CONTROL_H(?![A-Za-z0-9_])/TOR_CONTROL_H/g; s/(?<![A-Za-z0-9_])_TOR_CPUWORKER_H(?![A-Za-z0-9_])/TOR_CPUWORKER_H/g; s/(?<![A-Za-z0-9_])_TOR_DIRECTORY_H(?![A-Za-z0-9_])/TOR_DIRECTORY_H/g; s/(?<![A-Za-z0-9_])_TOR_DIRSERV_H(?![A-Za-z0-9_])/TOR_DIRSERV_H/g; s/(?<![A-Za-z0-9_])_TOR_DIRVOTE_H(?![A-Za-z0-9_])/TOR_DIRVOTE_H/g; s/(?<![A-Za-z0-9_])_TOR_DNS_H(?![A-Za-z0-9_])/TOR_DNS_H/g; s/(?<![A-Za-z0-9_])_TOR_DNSSERV_H(?![A-Za-z0-9_])/TOR_DNSSERV_H/g; s/(?<![A-Za-z0-9_])TOR_EVENTDNS_TOR_H(?![A-Za-z0-9_])/TOR_EVENTDNS_TOR_H/g; s/(?<![A-Za-z0-9_])_TOR_GEOIP_H(?![A-Za-z0-9_])/TOR_GEOIP_H/g; s/(?<![A-Za-z0-9_])_TOR_HIBERNATE_H(?![A-Za-z0-9_])/TOR_HIBERNATE_H/g; s/(?<![A-Za-z0-9_])_TOR_MAIN_H(?![A-Za-z0-9_])/TOR_MAIN_H/g; s/(?<![A-Za-z0-9_])_TOR_MICRODESC_H(?![A-Za-z0-9_])/TOR_MICRODESC_H/g; s/(?<![A-Za-z0-9_])_TOR_NETWORKSTATUS_H(?![A-Za-z0-9_])/TOR_NETWORKSTATUS_H/g; s/(?<![A-Za-z0-9_])_TOR_NODELIST_H(?![A-Za-z0-9_])/TOR_NODELIST_H/g; s/(?<![A-Za-z0-9_])_TOR_NTMAIN_H(?![A-Za-z0-9_])/TOR_NTMAIN_H/g; s/(?<![A-Za-z0-9_])_TOR_ONION_H(?![A-Za-z0-9_])/TOR_ONION_H/g; s/(?<![A-Za-z0-9_])_TOR_OR_H(?![A-Za-z0-9_])/TOR_OR_H/g; s/(?<![A-Za-z0-9_])_TOR_POLICIES_H(?![A-Za-z0-9_])/TOR_POLICIES_H/g; s/(?<![A-Za-z0-9_])_TOR_REASONS_H(?![A-Za-z0-9_])/TOR_REASONS_H/g; s/(?<![A-Za-z0-9_])_TOR_RELAY_H(?![A-Za-z0-9_])/TOR_RELAY_H/g; s/(?<![A-Za-z0-9_])_TOR_RENDCLIENT_H(?![A-Za-z0-9_])/TOR_RENDCLIENT_H/g; s/(?<![A-Za-z0-9_])_TOR_RENDCOMMON_H(?![A-Za-z0-9_])/TOR_RENDCOMMON_H/g; s/(?<![A-Za-z0-9_])_TOR_RENDMID_H(?![A-Za-z0-9_])/TOR_RENDMID_H/g; s/(?<![A-Za-z0-9_])_TOR_RENDSERVICE_H(?![A-Za-z0-9_])/TOR_RENDSERVICE_H/g; s/(?<![A-Za-z0-9_])_TOR_REPHIST_H(?![A-Za-z0-9_])/TOR_REPHIST_H/g; s/(?<![A-Za-z0-9_])_TOR_REPLAYCACHE_H(?![A-Za-z0-9_])/TOR_REPLAYCACHE_H/g; s/(?<![A-Za-z0-9_])_TOR_ROUTER_H(?![A-Za-z0-9_])/TOR_ROUTER_H/g; s/(?<![A-Za-z0-9_])_TOR_ROUTERLIST_H(?![A-Za-z0-9_])/TOR_ROUTERLIST_H/g; s/(?<![A-Za-z0-9_])_TOR_ROUTERPARSE_H(?![A-Za-z0-9_])/TOR_ROUTERPARSE_H/g; s/(?<![A-Za-z0-9_])TOR_ROUTERSET_H(?![A-Za-z0-9_])/TOR_ROUTERSET_H/g; s/(?<![A-Za-z0-9_])TOR_STATEFILE_H(?![A-Za-z0-9_])/TOR_STATEFILE_H/g; s/(?<![A-Za-z0-9_])_TOR_STATUS_H(?![A-Za-z0-9_])/TOR_STATUS_H/g; s/(?<![A-Za-z0-9_])TOR_TRANSPORTS_H(?![A-Za-z0-9_])/TOR_TRANSPORTS_H/g; s/(?<![A-Za-z0-9_])_TOR_TEST_H(?![A-Za-z0-9_])/TOR_TEST_H/g; s/(?<![A-Za-z0-9_])_TOR_FW_HELPER_H(?![A-Za-z0-9_])/TOR_TOR_FW_HELPER_H/g; s/(?<![A-Za-z0-9_])_TOR_FW_HELPER_NATPMP_H(?![A-Za-z0-9_])/TOR_TOR_FW_HELPER_NATPMP_H/g; s/(?<![A-Za-z0-9_])_TOR_FW_HELPER_UPNP_H(?![A-Za-z0-9_])/TOR_TOR_FW_HELPER_UPNP_H/g; ==============================
2012-06-04Update copyright dates to 2012; add a few missing copyright statementsNick Mathewson
2011-07-15Remove compare_addr_to_node_policyNick Mathewson
Instead, use compare_tor_addr_to_node_policy everywhere. One advantage of this is that compare_tor_addr_to_node_policy can better distinguish 0.0.0.0 from "unknown", which caused a nasty bug with microdesc users.
2011-07-15Remove compare_addr_to_addr_policyNick Mathewson
Nothing used it but the unit tests; everything else knows to use compare_tor_addr_to_addr_policy instead.
2011-06-14Make the get_options() return constNick Mathewson
This lets us make a lot of other stuff const, allows the compiler to generate (slightly) better code, and will make me get slightly fewer patches from folks who stick mutable stuff into or_options_t. const: because not every input is an output!
2011-02-22Merge remote branch 'origin/maint-0.2.2'Nick Mathewson
Conflicts: src/or/policies.c src/or/policies.h
2011-02-22Don't let bad DNS make exit policy and declared exit policy get out of syncNick Mathewson
Patch from "postman" on trac. Fixes bg 2366. Bug on 0.1.2.5-alpha.
2011-01-03Merge remote branch 'origin/maint-0.2.2'Nick Mathewson
2011-01-03Bump copyright statements to 2011 (0.2.2)Nick Mathewson
2010-10-01Implement policies for nodes (and for microdescriptors too)Nick Mathewson
2010-10-01Initial conversion to use node_t throughout our codebase.Nick Mathewson
A node_t is an abstraction over routerstatus_t, routerinfo_t, and microdesc_t. It should try to present a consistent interface to all of them. There should be a node_t for a server whenever there is * A routerinfo_t for it in the routerlist * A routerstatus_t in the current_consensus. (note that a microdesc_t alone isn't enough to make a node_t exist, since microdescriptors aren't usable on their own.) There are three ways to get a node_t right now: looking it up by ID, looking it up by nickname, and iterating over the whole list of microdescriptors. All (or nearly all) functions that are supposed to return "a router" -- especially those used in building connections and circuits -- should return a node_t, not a routerinfo_t or a routerstatus_t. A node_t should hold all the *mutable* flags about a node. This patch moves the is_foo flags from routerinfo_t into node_t. The flags in routerstatus_t remain, but they get set from the consensus and should not change. Some other highlights of this patch are: * Looking up routerinfo and routerstatus by nickname is now unified and based on the "look up a node by nickname" function. This tries to look only at the values from current consensus, and not get confused by the routerinfo_t->is_named flag, which could get set for other weird reasons. This changes the behavior of how authorities (when acting as clients) deal with nodes that have been listed by nickname. * I tried not to artificially increase the size of the diff here by moving functions around. As a result, some functions that now operate on nodes are now in the wrong file -- they should get moved to nodelist.c once this refactoring settles down. This moving should happen as part of a patch that moves functions AND NOTHING ELSE. * Some old code is now left around inside #if 0/1 blocks, and should get removed once I've verified that I don't want it sitting around to see how we used to do things. There are still some unimplemented functions: these are flagged with "UNIMPLEMENTED_NODELIST()." I'll work on filling in the implementation here, piece by piece. I wish this patch could have been smaller, but there did not seem to be any piece of it that was independent from the rest. Moving flags forces many functions that once returned routerinfo_t * to return node_t *, which forces their friends to change, and so on.
2010-10-01Try to make most routerinfo_t interfaces constNick Mathewson
2010-07-28Fix typos, make all \brief's conformant, end sentences with a period.Linus Nordberg
2010-07-27Create policies.hSebastian Hahn