#include "or.h"
#include "ht.h"
| #define DEFAULT_EXIT_POLICY |
Value:
"reject *:25,reject *:119,reject *:135-139,reject *:445," \ "reject *:563,reject *:1214,reject *:4661-4666," \ "reject *:6346-6429,reject *:6699,reject *:6881-6999,accept *:*"
| static int addr_policy_covers | ( | addr_policy_t * | a, | |
| addr_policy_t * | b | |||
| ) | [static] |
Return true iff the address policy a covers every case that would be covered by b, so that a,b is redundant.
References addr_policy_t::addr, addr_policy_t::maskbits, addr_policy_t::prt_max, addr_policy_t::prt_min, and tor_addr_compare_masked().
Referenced by exit_policy_remove_redundancies().
| void addr_policy_free | ( | addr_policy_t * | p | ) |
Release all storage held by p.
References addr_policy_t::is_canonical, addr_policy_t::refcnt, tor_assert, and tor_free.
Referenced by addr_policy_list_free(), exit_policy_remove_redundancies(), load_policy_from_option(), policy_expand_private(), router_add_exit_policy(), and routerset_free().
| static int addr_policy_intersects | ( | addr_policy_t * | a, | |
| addr_policy_t * | b | |||
| ) | [static] |
Return true iff the address policies a and b intersect, that is, there exists an address/port that is covered by a that is also covered by b.
References addr_policy_t::addr, addr_policy_t::maskbits, addr_policy_t::prt_max, addr_policy_t::prt_min, and tor_addr_compare_masked().
Referenced by exit_policy_remove_redundancies().
| void addr_policy_list_free | ( | smartlist_t * | lst | ) |
Release all storage held by p.
References addr_policy_free(), and smartlist_free().
Referenced by load_policy_from_option(), parse_addr_policy(), parse_reachable_addresses(), policies_free_all(), policies_set_router_exitpolicy_to_reject_all(), routerinfo_free(), and validate_addr_policies().
| static int addr_policy_permits_address | ( | uint32_t | addr, | |
| uint16_t | port, | |||
| smartlist_t * | policy | |||
| ) | [static] |
Return true iff policy (possibly NULL) will allow a connection to addr:port. addr is an IPv4 address given in host order.
References addr_policy_permits_tor_addr(), and tor_addr_from_ipv4h.
Referenced by authdir_policy_baddir_address(), authdir_policy_badexit_address(), authdir_policy_permits_address(), and authdir_policy_valid_address().
| static int addr_policy_permits_tor_addr | ( | const tor_addr_t * | addr, | |
| uint16_t | port, | |||
| smartlist_t * | policy | |||
| ) | [static] |
Return true iff policy (possibly NULL) will allow a connection to addr:port.
References ADDR_POLICY_ACCEPTED, ADDR_POLICY_PROBABLY_ACCEPTED, ADDR_POLICY_PROBABLY_REJECTED, ADDR_POLICY_REJECTED, compare_tor_addr_to_addr_policy(), and LD_BUG.
Referenced by addr_policy_permits_address(), dir_policy_permits_address(), fascist_firewall_allows_address_dir(), fascist_firewall_allows_address_or(), and socks_policy_permits_address().
| static void append_exit_policy_string | ( | smartlist_t ** | policy, | |
| const char * | more | |||
| ) | [static] |
Add the exit policy described by more to policy.
References config_line_t::key, LD_BUG, config_line_t::next, parse_addr_policy(), and config_line_t::value.
Referenced by policies_parse_exit_policy().
| int authdir_policy_baddir_address | ( | uint32_t | addr, | |
| uint16_t | port | |||
| ) |
Return 1 if addr:port should be marked as a bad dir, based on authdir_baddir_policy. Else return 0.
References addr_policy_permits_address().
Referenced by dirserv_get_status_impl().
| int authdir_policy_badexit_address | ( | uint32_t | addr, | |
| uint16_t | port | |||
| ) |
Return 1 if addr:port should be marked as a bad exit, based on authdir_badexit_policy. Else return 0.
References addr_policy_permits_address().
Referenced by dirserv_get_status_impl().
| int authdir_policy_permits_address | ( | uint32_t | addr, | |
| uint16_t | port | |||
| ) |
Return 1 if addr:port is permitted to publish to our directory, based on authdir_reject_policy. Else return 0.
References addr_policy_permits_address().
Referenced by dirserv_get_status_impl().
| int authdir_policy_valid_address | ( | uint32_t | addr, | |
| uint16_t | port | |||
| ) |
Return 1 if addr:port is considered valid in our directory, based on authdir_invalid_policy. Else return 0.
References addr_policy_permits_address().
Referenced by dirserv_get_status_impl().
| int cmp_addr_policies | ( | smartlist_t * | a, | |
| smartlist_t * | b | |||
| ) |
Like cmp_single_addr_policy() above, but looks at the whole set of policies in each case.
References cmp_single_addr_policy().
Referenced by router_differences_are_cosmetic().
| static int cmp_single_addr_policy | ( | addr_policy_t * | a, | |
| addr_policy_t * | b | |||
| ) | [static] |
Compare two provided address policy items, and return -1, 0, or 1 if the first is less than, equal to, or greater than the second.
References addr_policy_t::addr, addr_policy_t::is_private, addr_policy_t::maskbits, addr_policy_t::policy_type, addr_policy_t::prt_max, addr_policy_t::prt_min, and tor_addr_compare().
Referenced by cmp_addr_policies(), and HT_PROTOTYPE().
| addr_policy_result_t compare_addr_to_addr_policy | ( | uint32_t | addr, | |
| uint16_t | port, | |||
| const smartlist_t * | policy | |||
| ) |
As compare_tor_addr_to_addr_policy, but instead of a tor_addr_t, takes in host order.
References compare_tor_addr_to_addr_policy(), and tor_addr_from_ipv4h.
Referenced by circuit_stream_is_being_handled(), connection_ap_can_use_exit(), router_exit_policy_all_routers_reject(), and router_handles_some_port().
| static addr_policy_result_t compare_known_tor_addr_to_addr_policy | ( | const tor_addr_t * | addr, | |
| uint16_t | port, | |||
| const smartlist_t * | policy | |||
| ) | [static] |
Helper for compare_tor_addr_to_addr_policy. Implements the case where addr and port are both known.
References tor_addr_t::addr, ADDR_POLICY_ACCEPTED, ADDR_POLICY_REJECTED, and tor_addr_compare_masked().
Referenced by compare_tor_addr_to_addr_policy().
| static addr_policy_result_t compare_known_tor_addr_to_addr_policy_noport | ( | const tor_addr_t * | addr, | |
| const smartlist_t * | policy | |||
| ) | [static] |
Helper for compare_tor_addr_to_addr_policy. Implements the case where addr is known but port is not.
References tor_addr_t::addr, ADDR_POLICY_ACCEPTED, ADDR_POLICY_PROBABLY_ACCEPTED, ADDR_POLICY_PROBABLY_REJECTED, ADDR_POLICY_REJECTED, and tor_addr_compare_masked().
Referenced by compare_tor_addr_to_addr_policy().
| addr_policy_result_t compare_tor_addr_to_addr_policy | ( | const tor_addr_t * | addr, | |
| uint16_t | port, | |||
| const smartlist_t * | policy | |||
| ) |
Decide whether a given addr:port is definitely accepted, definitely rejected, probably accepted, or probably rejected by a given policy. If addr is 0, we don't know the IP of the target address. If port is 0, we don't know the port of the target address. (At least one of addr and port must be provided. If you want to know whether a policy would definitely reject an unknown address:port, use policy_is_reject_star().)
We could do better by assuming that some ranges never match typical addresses (127.0.0.1, and so on). But we'll try this for now.
References ADDR_POLICY_ACCEPTED, compare_known_tor_addr_to_addr_policy(), compare_known_tor_addr_to_addr_policy_noport(), compare_unknown_tor_addr_to_addr_policy(), tor_addr_is_null(), and tor_assert.
Referenced by addr_policy_permits_tor_addr(), compare_addr_to_addr_policy(), router_compare_to_my_exit_policy(), router_find_exact_exit_enclave(), and routerset_contains().
| static addr_policy_result_t compare_unknown_tor_addr_to_addr_policy | ( | uint16_t | port, | |
| const smartlist_t * | policy | |||
| ) | [static] |
Helper for compare_tor_addr_to_addr_policy. Implements the case where port is known but address is not.
References ADDR_POLICY_ACCEPTED, ADDR_POLICY_PROBABLY_ACCEPTED, ADDR_POLICY_PROBABLY_REJECTED, and ADDR_POLICY_REJECTED.
Referenced by compare_tor_addr_to_addr_policy().
| int dir_policy_permits_address | ( | const tor_addr_t * | addr | ) |
Return 1 if addr is permitted to connect to our dir port, based on dir_policy. Else return 0.
References addr_policy_permits_tor_addr().
Referenced by connection_handle_listener_read().
| int exit_policy_is_general_exit | ( | smartlist_t * | policy | ) |
Return true iff ri is "useful as an exit node", meaning it allows exit to at least one /8 address space for at least two of ports 80, 443, and 6667.
References exit_policy_is_general_exit_helper().
Referenced by dirserv_compute_performance_thresholds().
| static int exit_policy_is_general_exit_helper | ( | smartlist_t * | policy, | |
| int | port | |||
| ) | [static] |
Return 1 if there is at least one /8 subnet in policy that allows exiting to port. Otherwise, return 0.
References tor_addr_from_ipv4h, tor_addr_is_internal(), tor_addr_to_ipv4h(), and tor_assert.
Referenced by exit_policy_is_general_exit().
| static void exit_policy_remove_redundancies | ( | smartlist_t * | dest | ) | [static] |
Detect and excise "dead code" from the policy *dest.
References addr_policy_covers(), addr_policy_free(), addr_policy_intersects(), LD_CONFIG, addr_policy_t::maskbits, addr_policy_t::policy_type, policy_write_item(), addr_policy_t::prt_max, addr_policy_t::prt_min, smartlist_del(), smartlist_del_keeporder(), and tor_assert.
Referenced by policies_parse_exit_policy().
| int fascist_firewall_allows_address_dir | ( | const tor_addr_t * | addr, | |
| uint16_t | port | |||
| ) |
Return true iff we think our firewall will let us make a directory connection to addr:port.
References addr_policy_permits_tor_addr().
Referenced by directory_post_to_dirservers(), router_pick_directory_server_impl(), and router_pick_trusteddirserver_impl().
| int fascist_firewall_allows_address_or | ( | const tor_addr_t * | addr, | |
| uint16_t | port | |||
| ) |
Return true iff we think our firewall will let us make an OR connection to addr:port.
References addr_policy_permits_tor_addr().
Referenced by directory_command_should_use_begindir(), fascist_firewall_allows_or(), fetch_bridge_descriptors(), router_pick_directory_server_impl(), and router_pick_trusteddirserver_impl().
| int fascist_firewall_allows_or | ( | routerinfo_t * | ri | ) |
Return true iff we think our firewall will let us make an OR connection to ri.
References routerinfo_t::addr, fascist_firewall_allows_address_or(), routerinfo_t::or_port, and tor_addr_from_ipv4h.
Referenced by choose_good_entry_server(), and entry_is_live().
| int firewall_is_fascist_or | ( | void | ) |
Return true iff the firewall options might block any address:port combination.
Referenced by choose_good_entry_server().
| int getinfo_helper_policies | ( | control_connection_t * | conn, | |
| const char * | question, | |||
| char ** | answer | |||
| ) |
Implementation for GETINFO control command: knows the answer for questions about "exit-policy/..."
| HT_PROTOTYPE | ( | HT_GENERATE( | policy_map, | |
| HT_GENERATE( | policy_map_ent_t, | |||
| HT_GENERATE( | node, | |||
| HT_GENERATE( | policy_hash, | |||
| HT_GENERATE( | policy_eq | |||
| ) |
Given a pointer to an addr_policy_t, return a copy of the pointer to the "canonical" copy of that addr_policy_t; the canonical copy is a single reference-counted object.
References cmp_single_addr_policy(), and tor_assert.
| static int load_policy_from_option | ( | config_line_t * | config, | |
| smartlist_t ** | policy, | |||
| int | assume_action | |||
| ) | [static] |
Parse string in the same way that the exit policy is parsed, and put the processed version in *policy. Ignore port specifiers.
References addr_policy_free(), addr_policy_list_free(), addr_policy_t::is_canonical, parse_addr_policy(), addr_policy_t::prt_max, and addr_policy_t::prt_min.
Referenced by policies_parse_from_options().
| static int parse_addr_policy | ( | config_line_t * | cfg, | |
| smartlist_t ** | dest, | |||
| int | assume_action | |||
| ) | [static] |
Given a linked list of config lines containing "allow" and "deny" tokens, parse them and append the result to dest. Return -1 if any tokens are malformed (and don't append any), else return 0.
If assume_action is nonnegative, then insert its action (ADDR_POLICY_ACCEPT or ADDR_POLICY_REJECT) for items that specify no action.
References addr_policy_list_free(), LD_CONFIG, config_line_t::next, policy_expand_private(), router_parse_addr_policy_item_from_string(), smartlist_add(), smartlist_add_all(), smartlist_clear(), smartlist_create(), smartlist_free(), smartlist_split_string(), tor_free, and config_line_t::value.
Referenced by append_exit_policy_string(), load_policy_from_option(), parse_reachable_addresses(), policies_parse_exit_policy(), and validate_addr_policies().
| static int parse_reachable_addresses | ( | void | ) | [static] |
Helper: parse the Reachable(Dir|OR)?Addresses fields into reachable_(or|dir)_addr_policy. The options should already have been validated by validate_addr_policies.
References addr_policy_list_free(), get_options(), LD_CONFIG, parse_addr_policy(), or_options_t::ReachableAddresses, or_options_t::ReachableDirAddresses, and or_options_t::ReachableORAddresses.
Referenced by policies_parse_from_options().
| void policies_free_all | ( | void | ) |
Release all storage held by policy variables.
References addr_policy_list_free(), LD_MM, and policy_write_item().
Referenced by tor_free_all().
| int policies_parse_exit_policy | ( | config_line_t * | cfg, | |
| smartlist_t ** | dest, | |||
| int | rejectprivate, | |||
| const char * | local_address, | |||
| int | add_default_policy | |||
| ) |
Parse the exit policy cfg into the linked list *dest. If cfg doesn't end in an absolute accept or reject and if add_default_policy is true, add the default exit policy afterwards. If rejectprivate is true, prepend "reject private:*" to the policy. Return -1 if we can't parse cfg, else return 0.
References append_exit_policy_string(), exit_policy_remove_redundancies(), parse_addr_policy(), and tor_snprintf().
Referenced by router_rebuild_descriptor(), and validate_addr_policies().
| int policies_parse_from_options | ( | or_options_t * | options | ) |
Set all policies based on options, which should have been validated first by validate_addr_policies.
References or_options_t::AuthDirBadDir, or_options_t::AuthDirBadExit, or_options_t::AuthDirInvalid, or_options_t::AuthDirReject, or_options_t::DirPolicy, load_policy_from_option(), parse_reachable_addresses(), and or_options_t::SocksPolicy.
Referenced by options_act().
| void policies_set_router_exitpolicy_to_reject_all | ( | routerinfo_t * | r | ) |
Replace the exit policy of r with reject *:*.
References addr_policy_list_free(), routerinfo_t::exit_policy, router_parse_addr_policy_item_from_string(), smartlist_add(), and smartlist_create().
Referenced by connection_ap_process_end_not_open().
| void policy_expand_private | ( | smartlist_t ** | policy | ) |
Replace all "private" entries in *policy with their expanded equivalents.
References addr_policy_t::addr, addr_policy_free(), addr_policy_t::is_canonical, addr_policy_t::is_private, addr_policy_t::maskbits, private_nets, smartlist_add(), smartlist_create(), tor_addr_parse_mask_ports(), and tor_assert.
Referenced by parse_addr_policy(), and router_parse_entry_from_string().
| static unsigned int policy_hash | ( | policy_map_ent_t * | ent | ) | [static] |
Return a hashcode for ent
References addr_policy_t::addr, addr_policy_t::is_private, addr_policy_t::maskbits, addr_policy_t::policy_type, addr_policy_t::prt_max, addr_policy_t::prt_min, and tor_addr_hash().
| int policy_is_reject_star | ( | const smartlist_t * | policy | ) |
Return false if policy might permit access to some addr:port; otherwise if we are certain it rejects everything, return true.
Referenced by connection_ap_can_use_exit(), dns_resolve_impl(), and router_parse_entry_from_string().
| char* policy_summarize | ( | smartlist_t * | policy | ) |
Create a string representing a summary for an exit policy. The summary will either be an "accept" plus a comma-separated list of port ranges or a "reject" plus port-ranges, depending on which is shorter.
If no exits are allowed at all then NULL is returned, if no ports are blocked instead of "reject " we return "accept 1-65535" (this is an exception to the shorter-representation-wins rule).
References MAX_EXITPOLICY_SUMMARY_LEN, policy_summary_add_item(), policy_summary_create(), smartlist_add(), smartlist_create(), smartlist_free(), smartlist_join_strings(), tor_assert, tor_free, and tor_snprintf().
Referenced by dirvote_create_microdescriptor(), and routerstatus_format_entry().
| static void policy_summary_accept | ( | smartlist_t * | summary, | |
| uint16_t | prt_min, | |||
| uint16_t | prt_max | |||
| ) | [static] |
Mark port ranges as accepted if they are below the reject_count
References policy_summary_split(), and tor_assert.
Referenced by policy_summary_add_item().
| static void policy_summary_add_item | ( | smartlist_t * | summary, | |
| addr_policy_t * | p | |||
| ) | [static] |
Add a single exit policy item to our summary: If it is an accept ignore it unless it is for all IP addresses ("*"), i.e. it's prefixlen/maskbits is 0, else call policy_summary_accept(). If it's a reject ignore it if it is about one of the private networks, else call policy_summary_reject().
References addr_policy_t::addr, addr_policy_t::maskbits, policy_summary_accept(), policy_summary_reject(), addr_policy_t::policy_type, private_nets, addr_policy_t::prt_max, addr_policy_t::prt_min, tor_addr_compare(), tor_addr_parse_mask_ports(), and tor_assert.
Referenced by policy_summarize().
| static smartlist_t* policy_summary_create | ( | void | ) | [static] |
Create a new exit policy summary, initially only with a single port 1-64k item
References policy_summary_item_t::accepted, policy_summary_item_t::prt_max, policy_summary_item_t::prt_min, policy_summary_item_t::reject_count, smartlist_add(), and smartlist_create().
Referenced by policy_summarize().
| static policy_summary_item_t* policy_summary_item_split | ( | policy_summary_item_t * | old, | |
| uint16_t | new_starts | |||
| ) | [static] |
Split the summary item in item at the port new_starts. The current item is changed to end at new-starts - 1, the new item copies reject_count and accepted from the old item, starts at new_starts and ends at the port where the original item previously ended.
References policy_summary_item_t::accepted, policy_summary_item_t::prt_max, policy_summary_item_t::prt_min, policy_summary_item_t::reject_count, and tor_assert.
Referenced by policy_summary_split().
| static void policy_summary_reject | ( | smartlist_t * | summary, | |
| maskbits_t | maskbits, | |||
| uint16_t | prt_min, | |||
| uint16_t | prt_max | |||
| ) | [static] |
Count the number of addresses in a network with prefixlen maskbits against the given portrange.
References policy_summary_split(), and tor_assert.
Referenced by policy_summary_add_item().
| static int policy_summary_split | ( | smartlist_t * | summary, | |
| uint16_t | prt_min, | |||
| uint16_t | prt_max | |||
| ) | [static] |
Split an exit policy summary so that prt_min and prt_max fall at exactly the start and end of an item respectively.
References policy_summary_item_split(), and smartlist_insert().
Referenced by policy_summary_accept(), and policy_summary_reject().
| int policy_write_item | ( | char * | buf, | |
| size_t | buflen, | |||
| addr_policy_t * | policy, | |||
| int | format_for_desc | |||
| ) |
Write a single address policy to the buf_len byte buffer at buf. Return the number of characters written, or -1 on failure.
References addr_policy_t::addr, addr_policy_t::is_private, addr_policy_t::maskbits, addr_policy_t::policy_type, addr_policy_t::prt_max, addr_policy_t::prt_min, tor_addr_family(), tor_addr_to_str(), and tor_snprintf().
Referenced by exit_policy_remove_redundancies(), policies_free_all(), and router_dump_router_to_string().
| int socks_policy_permits_address | ( | const tor_addr_t * | addr | ) |
Return 1 if addr is permitted to connect to our socks port, based on socks_policy. Else return 0.
References addr_policy_permits_tor_addr().
Referenced by connection_handle_listener_read(), and evdns_server_callback().
| int validate_addr_policies | ( | or_options_t * | options, | |
| char ** | msg | |||
| ) |
Config helper: If there's any problem with the policy configuration options in options, return -1 and set msg to a newly allocated description of the error. Else return 0.
References addr_policy_list_free(), or_options_t::AuthDirBadDir, or_options_t::AuthDirBadExit, or_options_t::AuthDirInvalid, or_options_t::AuthDirReject, or_options_t::BridgeRelay, or_options_t::DirPolicy, or_options_t::ExitPolicy, or_options_t::ExitPolicyRejectPrivate, parse_addr_policy(), policies_parse_exit_policy(), or_options_t::ReachableAddresses, or_options_t::ReachableDirAddresses, or_options_t::ReachableORAddresses, and or_options_t::SocksPolicy.
smartlist_t* authdir_baddir_policy = NULL [static] |
Policy that addresses for incoming router descriptors must not match in order to not be marked as BadDirectory.
smartlist_t* authdir_badexit_policy = NULL [static] |
Policy that addresses for incoming router descriptors must not match in order to not be marked as BadExit.
smartlist_t* authdir_invalid_policy = NULL [static] |
Policy that addresses for incoming router descriptors must match in order to be marked as valid in our networkstatus.
smartlist_t* authdir_reject_policy = NULL [static] |
Policy that addresses for incoming router descriptors must match in order to be published by us.
smartlist_t* dir_policy = NULL [static] |
Policy that addresses for incoming directory connections must match.
const char* private_nets[] [static] |
Initial value:
{
"0.0.0.0/8", "169.254.0.0/16",
"127.0.0.0/8", "192.168.0.0/16", "10.0.0.0/8", "172.16.0.0/12",
NULL }
Referenced by policy_expand_private(), and policy_summary_add_item().
smartlist_t* reachable_dir_addr_policy = NULL [static] |
Parsed addr_policy_t describing which addresses we believe we can connect to directories at.
smartlist_t* reachable_or_addr_policy = NULL [static] |
Parsed addr_policy_t describing which addresses we believe we can start circuits at.
smartlist_t* socks_policy = NULL [static] |
Policy that addresses for incoming SOCKS connections must match.
1.5.6