summaryrefslogtreecommitdiff
path: root/src/test/test_policy.c
AgeCommit message (Collapse)Author
2018-05-10Tweak error handling for #25852rl1987
2018-05-10Make _with_err return routerinfo, like old function doesrl1987
2018-05-05Improve GETCONF exit-policy/* error handlingrl1987
This will yield different error codes for transient and permament errors. Furthermore, Tor will give human readable error messages to controller.
2018-05-01Remove the return value from the fascist_firewall_choose_address_* family of ↵Neel Chauhan
functions
2017-12-08Convert the rest of src/common's headers to use FREE_AND_NULLNick Mathewson
2017-08-24Ensure that `make check-spaces` is happy.Alexander Færøy
The `test-operator-cleanup` patch, and related coccinelle patches, don't do any checks for line length. This patch fixes the line length issues caused by the previous commits.
2017-08-24apply ahf's test_assert_null.cocciNick Mathewson
2017-08-24apply ahf's test_assert_int.cocciNick Mathewson
2017-03-15Run the copyright update script.Nick Mathewson
2017-02-15Merge branch 'maint-0.2.9'Nick Mathewson
2017-02-14Fix policies.c instance of the "if (r=(a-b)) return r" patternNick Mathewson
I think this one probably can't underflow, since the input ranges are small. But let's not tempt fate. This patch also replaces the "cmp" functions here with just "eq" functions, since nothing actually checked for anything besides 0 and nonzero. Related to 21278.
2017-02-01Merge branch 'teor_bug21357-v2_029'Nick Mathewson
2017-02-01Scale IPv6 address counts in policy_summary_reject to avoid overflowteor
This disregards anything smaller than an IPv6 /64, and rejects ports that are rejected on an IPv6 /16 or larger. Adjust existing unit tests, and add more to cover exceptional cases. No IPv4 behaviour changes. Fixes bug 21357
2017-02-01Add unit tests for IPv6 address summaries and IPv4 netblock rejectionteor
These tests currently fail due to bug 21357
2017-01-27Outbindbindaddress variants for Exit and OR.Nick Mathewson
Allow separation of exit and relay traffic to different source IP addresses (Ticket #17975). Written by Michael Sonntag.
2016-11-08Merge branch 'maint-0.2.9'Nick Mathewson
2016-10-31policy_is_reject_star():Nick Mathewson
ome policies are default-reject, some default-accept. But policy_is_reject_star() assumed they were all default_reject. Fix that! Also, document that policy_is_reject_star() treats a NULL policy as empty. This allows us to simplify the checks in parse_reachable_addresses() by quite a bit. Fxes bug 20306; bugfix on 0.2.8.2-alpha.
2016-10-27Automated change to use smartlist_add_strdupovercaffeinated
Use the following coccinelle script to change uses of smartlist_add(sl, tor_strdup(str)) to smartlist_add_strdup(sl, string) (coccinelle script from nickm via bug 20048): @@ expression a; expression b; @@ - smartlist_add + smartlist_add_strdup (a, - tor_strdup( b - ) )
2016-07-28Merge branch 'bug18902_squashed'Nick Mathewson
2016-07-28Fix all -Wshadow warnings on LinuxNick Mathewson
This is a partial fix for 18902.
2016-07-01Avoid disclosing exit IP addresses in exit policies by defaultteor (Tim Wilson-Brown)
From 0.2.7.2-alpha onwards, Exits would reject all the IP addresses they knew about in their exit policy. But this may have disclosed addresses that were otherwise unlisted. Now, only advertised addresses are rejected by default by ExitPolicyRejectPrivate. All known addresses are only rejected when ExitPolicyRejectLocalInterfaces is explicitly set to 1.
2016-06-30Fix more naked strdup/malloc/free instancesNick Mathewson
2016-06-11Add -Wmissing-variable-declarations, with attendant fixesNick Mathewson
This is a big-ish patch, but it's very straightforward. Under this clang warning, we're not actually allowed to have a global variable without a previous extern declaration for it. The cases where we violated this rule fall into three roughly equal groups: * Stuff that should have been static. * Stuff that was global but where the extern was local to some other C file. * Stuff that was only global when built for the unit tests, that needed a conditional extern in the headers. The first two were IMO genuine problems; the last is a wart of how we build tests.
2016-04-28Make mock function static to prevent future clashesteor (Tim Wilson-Brown)
2016-02-27Update the copyright year.Nick Mathewson
2016-02-21Update unit tests for fascist_firewall_choose_address*teor (Tim Wilson-Brown)
Check that clients, bridge clients, and relays choose addresses as expected.
2016-02-11make check-spacesNick Mathewson
2016-02-03Make bridge clients prefer the configured bridge addressteor (Tim Wilson-Brown)
When ClientPreferIPv6ORPort is auto, bridges prefer the configured bridge ORPort address. Otherwise, they use the value of the option. Other clients prefer IPv4 ORPorts if ClientPreferIPv6ORPort is auto. When ClientPreferIPv6DirPort is auto, all clients prefer IPv4 DirPorts.
2016-01-29Merge branch 'feature17840-v11-squashed' into feature17840-v11-mergedteor (Tim Wilson-Brown)
Conflicts: src/or/directory.c src/test/test_routerlist.c Fix minor conflicts.
2016-01-29Automatically use IPv6 when ClientUseIPv4 is 0teor (Tim Wilson-Brown)
Consequential changes to log messages: * it's no longer possible to disable both IPv4 and IPv6, * refactor common string out of remaining log messages
2016-01-29Use fascist firewall and ClientUseIPv4 for bridge clientsteor (Tim Wilson-Brown)
Bridge clients ignore ClientUseIPv6, acting as if it is always 1. This preserves existing behaviour. Make ClientPreferIPv6OR/DirPort auto by default: * Bridge clients prefer IPv6 by default. * Other clients prefer IPv4 by default. This preserves existing behaviour.
2016-01-29Add ClientUseIPv4 and ClientPreferIPv6DirPort torrc optionsteor (Tim Wilson-Brown)
ClientUseIPv4 0 tells tor to avoid IPv4 client connections. ClientPreferIPv6DirPort 1 tells tor to prefer IPv6 directory connections. Refactor policy for IPv4/IPv6 preferences. Fix a bug where node->ipv6_preferred could become stale if ClientPreferIPv6ORPort was changed after the consensus was loaded. Update documentation, existing code, add unit tests.
2015-12-18Fix a coverity uninitialized-pointer warning in policy tests.Nick Mathewson
This is CID 1340255
2015-12-16Add policy assume_action support for IPv6 addressesteor (Tim Wilson-Brown)
These IPv6 addresses must be quoted, because : is the port separator, and "acce" is a valid hex block. Add unit tests for assumed actions in IPv6 policies.
2015-11-27Fix memory leak in policies testcypherpunks
2015-11-25fixup! Add controller getinfo exit-policy/reject-privateteor (Tim Wilson-Brown)
Stop ignoring ExitPolicyRejectPrivate in getinfo exit-policy/reject-private. Fix a memory leak. Set ExitPolicyRejectPrivate in the unit tests, and make a mock function declaration static.
2015-11-25fixup! Block OutboundBindAddressIPv[4|6]_ and configured ports on exit relaysteor (Tim Wilson-Brown)
Fix unit tests for get_interface_address6_list to assume less about the interface addresses on the system. Instead, mock get_interface_address6_list and use the mocked function to provide a range of address combinations.
2015-11-20fix "make check-spaces"Nick Mathewson
2015-11-20Fix compilation warningsNick Mathewson
2015-11-20Add controller getinfo exit-policy/reject-privateteor (Tim Wilson-Brown)
exit-policy/reject-private lists the reject rules added by ExitPolicyRejectPrivate. This makes it easier for stem to display exit policies. Add unit tests for getinfo exit-policy/*. Completes ticket #17183. Patch by "teor".
2015-11-20Block OutboundBindAddressIPv[4|6]_ and configured ports on exit relaysteor (Tim Wilson-Brown)
Modify policies_parse_exit_policy_reject_private so it also blocks the addresses configured for OutboundBindAddressIPv4_ and OutboundBindAddressIPv6_, and any publicly routable port addresses on exit relays. Add and update unit tests for these functions.
2015-11-20Add unit tests for policies_parse_exit_policy_reject_privateteor (Tim Wilson-Brown)
Test that policies_parse_exit_policy_reject_private rejects supplied IPv4 and IPv6 relay addresses, and the addresses of local interfaces.
2015-09-16Merge branch 'bug17027-reject-private-all-interfaces-v2' into bug16069-bug17027teor (Tim Wilson-Brown)
src/test/test_policy.c: Merged calls to policies_parse_exit_policy by adding additional arguments. fixup to remaining instance of ~EXIT_POLICY_IPV6_ENABLED. Compacting logic test now produces previous list length of 4, corrected this. src/config/torrc.sample.in: src/config/torrc.minimal.in-staging: Merged torrc modification dates in favour of latest.
2015-09-16ExitPolicyRejectPrivate rejects local IPv6 address and interface addressesteor (Tim Wilson-Brown)
ExitPolicyRejectPrivate now rejects more local addresses by default: * the relay's published IPv6 address (if any), and * any publicly routable IPv4 or IPv6 addresses on any local interfaces. This resolves a security issue for IPv6 Exits and multihomed Exits that trust connections originating from localhost. Resolves ticket 17027. Patch by "teor". Patch on 42b8fb5a1523 (11 Nov 2007), released in 0.2.0.11-alpha.
2015-09-16fixup add malformed_list to unit tests from d3358a0a05f6 IPv6 wildcardsteor (Tim Wilson-Brown)
The unit tests added in e033d5e90bcb got malformed_list added to router_parse_addr_policy_item_from_string calls, but unit tests from subsequent commits didn't get the extra argument until now.
2015-09-16ExitPolicy accept6/reject6 produces IPv6 wildcard addresses onlyteor (Tim Wilson-Brown)
In previous versions of Tor, ExitPolicy accept6/reject6 * produced policy entries for IPv4 and IPv6 wildcard addresses. To reduce operator confusion, change accept6/reject6 * to only produce an IPv6 wildcard address. Resolves bug #16069. Patch on 2eb7eafc9d78 and a96c0affcb4c (25 Oct 2012), released in 0.2.4.7-alpha.
2015-09-16Ignore accept6/reject6 IPv4, warn about unexpected rule outcomesteor (Tim Wilson-Brown)
When parsing torrc ExitPolicies, we now warn if: * an IPv4 address is used on an accept6 or reject6 line. The line is ignored, but the rest of the policy items in the list are used. (accept/reject continue to allow both IPv4 and IPv6 addresses in torrcs.) * a "private" address alias is used on an accept6 or reject6 line. The line filters both IPv4 and IPv6 private addresses, disregarding the 6 in accept6/reject6. When parsing torrc ExitPolicies, we now issue an info-level message: * when expanding an accept/reject * line to include both IPv4 and IPv6 wildcard addresses. In each instance, usage advice is provided to avoid the message. Partial fix for ticket 16069. Patch by "teor". Patch on 2eb7eafc9d78 and a96c0affcb4c (25 Oct 2012), released in 0.2.4.7-alpha.
2015-01-02Bump copyright dates to 2015, in case someday this matters.Nick Mathewson
2014-11-12Replace operators used as macro arguments with OP_XX macrosNick Mathewson
Part of fix for 13172
2014-10-28Add another year to our copyright dates.Nick Mathewson
Because in 95 years, we or our successors will surely care about enforcing the BSD license terms on this code. Right?