1 /* Copyright (c) 2001-2004, Roger Dingledine.
2 * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson.
3 * Copyright (c) 2007-2015, The Tor Project, Inc. */
4 /* See LICENSE for licensing information */
8 * \brief Code to parse and use address policies and exit policies.
11 #define POLICIES_PRIVATE
16 #include "networkstatus.h"
20 #include "routerparse.h"
24 /** Policy that addresses for incoming SOCKS connections must match. */
25 static smartlist_t
*socks_policy
= NULL
;
26 /** Policy that addresses for incoming directory connections must match. */
27 static smartlist_t
*dir_policy
= NULL
;
28 /** Policy that addresses for incoming router descriptors must match in order
29 * to be published by us. */
30 static smartlist_t
*authdir_reject_policy
= NULL
;
31 /** Policy that addresses for incoming router descriptors must match in order
32 * to be marked as valid in our networkstatus. */
33 static smartlist_t
*authdir_invalid_policy
= NULL
;
34 /** Policy that addresses for incoming router descriptors must <b>not</b>
35 * match in order to not be marked as BadExit. */
36 static smartlist_t
*authdir_badexit_policy
= NULL
;
38 /** Parsed addr_policy_t describing which addresses we believe we can start
40 static smartlist_t
*reachable_or_addr_policy
= NULL
;
41 /** Parsed addr_policy_t describing which addresses we believe we can connect
42 * to directories at. */
43 static smartlist_t
*reachable_dir_addr_policy
= NULL
;
45 /** Element of an exit policy summary */
46 typedef struct policy_summary_item_t
{
47 uint16_t prt_min
; /**< Lowest port number to accept/reject. */
48 uint16_t prt_max
; /**< Highest port number to accept/reject. */
49 uint64_t reject_count
; /**< Number of IP-Addresses that are rejected to
51 unsigned int accepted
:1; /** Has this port already been accepted */
52 } policy_summary_item_t
;
54 /** Private networks. This list is used in two places, once to expand the
55 * "private" keyword when parsing our own exit policy, secondly to ignore
56 * just such networks when building exit policy summaries. It is important
57 * that all authorities agree on that list when creating summaries, so don't
58 * just change this without a proper migration plan and a proposal and stuff.
60 static const char *private_nets
[] = {
61 "0.0.0.0/8", "169.254.0.0/16",
62 "127.0.0.0/8", "192.168.0.0/16", "10.0.0.0/8", "172.16.0.0/12",
64 "[fc00::]/7", "[fe80::]/10", "[fec0::]/10", "[ff00::]/8", "[::]/127",
68 static int policies_parse_exit_policy_internal(
73 const smartlist_t
*configured_addresses
,
74 int reject_interface_addresses
,
75 int reject_configured_port_addresses
,
76 int add_default_policy
);
78 /** Replace all "private" entries in *<b>policy</b> with their expanded
81 policy_expand_private(smartlist_t
**policy
)
83 uint16_t port_min
, port_max
;
88 if (!*policy
) /*XXXX disallow NULL policies? */
91 tmp
= smartlist_new();
93 SMARTLIST_FOREACH_BEGIN(*policy
, addr_policy_t
*, p
) {
94 if (! p
->is_private
) {
95 smartlist_add(tmp
, p
);
98 for (i
= 0; private_nets
[i
]; ++i
) {
99 addr_policy_t newpolicy
;
100 memcpy(&newpolicy
, p
, sizeof(addr_policy_t
));
101 newpolicy
.is_private
= 0;
102 newpolicy
.is_canonical
= 0;
103 if (tor_addr_parse_mask_ports(private_nets
[i
], 0,
105 &newpolicy
.maskbits
, &port_min
, &port_max
)<0) {
108 smartlist_add(tmp
, addr_policy_get_canonical_entry(&newpolicy
));
111 } SMARTLIST_FOREACH_END(p
);
113 smartlist_free(*policy
);
117 /** Expand each of the AF_UNSPEC elements in *<b>policy</b> (which indicate
118 * protocol-neutral wildcards) into a pair of wildcard elements: one IPv4-
119 * specific and one IPv6-specific. */
121 policy_expand_unspec(smartlist_t
**policy
)
127 tmp
= smartlist_new();
128 SMARTLIST_FOREACH_BEGIN(*policy
, addr_policy_t
*, p
) {
129 sa_family_t family
= tor_addr_family(&p
->addr
);
130 if (family
== AF_INET6
|| family
== AF_INET
|| p
->is_private
) {
131 smartlist_add(tmp
, p
);
132 } else if (family
== AF_UNSPEC
) {
133 addr_policy_t newpolicy_ipv4
;
134 addr_policy_t newpolicy_ipv6
;
135 memcpy(&newpolicy_ipv4
, p
, sizeof(addr_policy_t
));
136 memcpy(&newpolicy_ipv6
, p
, sizeof(addr_policy_t
));
137 newpolicy_ipv4
.is_canonical
= 0;
138 newpolicy_ipv6
.is_canonical
= 0;
139 if (p
->maskbits
!= 0) {
140 log_warn(LD_BUG
, "AF_UNSPEC policy with maskbits==%d", p
->maskbits
);
141 newpolicy_ipv4
.maskbits
= 0;
142 newpolicy_ipv6
.maskbits
= 0;
144 tor_addr_from_ipv4h(&newpolicy_ipv4
.addr
, 0);
145 tor_addr_from_ipv6_bytes(&newpolicy_ipv6
.addr
,
146 "\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0");
147 smartlist_add(tmp
, addr_policy_get_canonical_entry(&newpolicy_ipv4
));
148 smartlist_add(tmp
, addr_policy_get_canonical_entry(&newpolicy_ipv6
));
151 log_warn(LD_BUG
, "Funny-looking address policy with family %d", family
);
152 smartlist_add(tmp
, p
);
154 } SMARTLIST_FOREACH_END(p
);
156 smartlist_free(*policy
);
161 * Given a linked list of config lines containing "accept[6]" and "reject[6]"
162 * tokens, parse them and append the result to <b>dest</b>. Return -1
163 * if any tokens are malformed (and don't append any), else return 0.
165 * If <b>assume_action</b> is nonnegative, then insert its action
166 * (ADDR_POLICY_ACCEPT or ADDR_POLICY_REJECT) for items that specify no
170 parse_addr_policy(config_line_t
*cfg
, smartlist_t
**dest
,
174 smartlist_t
*entries
;
182 result
= smartlist_new();
183 entries
= smartlist_new();
184 for (; cfg
; cfg
= cfg
->next
) {
185 smartlist_split_string(entries
, cfg
->value
, ",",
186 SPLIT_SKIP_SPACE
|SPLIT_IGNORE_BLANK
, 0);
187 SMARTLIST_FOREACH_BEGIN(entries
, const char *, ent
) {
188 log_debug(LD_CONFIG
,"Adding new entry '%s'",ent
);
190 item
= router_parse_addr_policy_item_from_string(ent
, assume_action
,
193 smartlist_add(result
, item
);
194 } else if (malformed_list
) {
195 /* the error is so severe the entire list should be discarded */
196 log_warn(LD_CONFIG
, "Malformed policy '%s'. Discarding entire policy "
200 /* the error is minor: don't add the item, but keep processing the
201 * rest of the policies in the list */
202 log_debug(LD_CONFIG
, "Ignored policy '%s' due to non-fatal error. "
203 "The remainder of the policy list will be used.",
206 } SMARTLIST_FOREACH_END(ent
);
207 SMARTLIST_FOREACH(entries
, char *, ent
, tor_free(ent
));
208 smartlist_clear(entries
);
210 smartlist_free(entries
);
212 addr_policy_list_free(result
);
214 policy_expand_private(&result
);
215 policy_expand_unspec(&result
);
218 smartlist_add_all(*dest
, result
);
219 smartlist_free(result
);
228 /** Helper: parse the Reachable(Dir|OR)?Addresses fields into
229 * reachable_(or|dir)_addr_policy. The options should already have
230 * been validated by validate_addr_policies.
233 parse_reachable_addresses(void)
235 const or_options_t
*options
= get_options();
238 if (options
->ReachableDirAddresses
&&
239 options
->ReachableORAddresses
&&
240 options
->ReachableAddresses
) {
242 "Both ReachableDirAddresses and ReachableORAddresses are set. "
243 "ReachableAddresses setting will be ignored.");
245 addr_policy_list_free(reachable_or_addr_policy
);
246 reachable_or_addr_policy
= NULL
;
247 if (!options
->ReachableORAddresses
&& options
->ReachableAddresses
)
249 "Using ReachableAddresses as ReachableORAddresses.");
250 if (parse_addr_policy(options
->ReachableORAddresses
?
251 options
->ReachableORAddresses
:
252 options
->ReachableAddresses
,
253 &reachable_or_addr_policy
, ADDR_POLICY_ACCEPT
)) {
255 "Error parsing Reachable%sAddresses entry; ignoring.",
256 options
->ReachableORAddresses
? "OR" : "");
260 addr_policy_list_free(reachable_dir_addr_policy
);
261 reachable_dir_addr_policy
= NULL
;
262 if (!options
->ReachableDirAddresses
&& options
->ReachableAddresses
)
264 "Using ReachableAddresses as ReachableDirAddresses");
265 if (parse_addr_policy(options
->ReachableDirAddresses
?
266 options
->ReachableDirAddresses
:
267 options
->ReachableAddresses
,
268 &reachable_dir_addr_policy
, ADDR_POLICY_ACCEPT
)) {
269 if (options
->ReachableDirAddresses
)
271 "Error parsing ReachableDirAddresses entry; ignoring.");
275 /* We ignore ReachableAddresses for relays */
276 if (!server_mode(options
)) {
277 if ((reachable_or_addr_policy
278 && policy_is_reject_star(reachable_or_addr_policy
, AF_UNSPEC
))
279 || (reachable_dir_addr_policy
280 && policy_is_reject_star(reachable_dir_addr_policy
, AF_UNSPEC
))) {
281 log_warn(LD_CONFIG
, "Tor cannot connect to the Internet if "
282 "ReachableAddresses, ReachableORAddresses, or "
283 "ReachableDirAddresses reject all addresses. Please accept "
284 "some addresses in these options.");
285 } else if (options
->ClientUseIPv4
== 1
286 && ((reachable_or_addr_policy
287 && policy_is_reject_star(reachable_or_addr_policy
, AF_INET
))
288 || (reachable_dir_addr_policy
289 && policy_is_reject_star(reachable_dir_addr_policy
, AF_INET
)))) {
290 log_warn(LD_CONFIG
, "You have set ClientUseIPv4 1, but "
291 "ReachableAddresses, ReachableORAddresses, or "
292 "ReachableDirAddresses reject all IPv4 addresses. "
293 "Tor will not connect using IPv4.");
294 } else if (fascist_firewall_use_ipv6(options
)
295 && ((reachable_or_addr_policy
296 && policy_is_reject_star(reachable_or_addr_policy
, AF_INET6
))
297 || (reachable_dir_addr_policy
298 && policy_is_reject_star(reachable_dir_addr_policy
, AF_INET6
)))) {
299 log_warn(LD_CONFIG
, "You have configured tor to use IPv6 "
300 "(ClientUseIPv6 1 or UseBridges 1), but "
301 "ReachableAddresses, ReachableORAddresses, or "
302 "ReachableDirAddresses reject all IPv6 addresses. "
303 "Tor will not connect using IPv6.");
310 /* Return true iff ClientUseIPv4 0 or ClientUseIPv6 0 might block any OR or Dir
311 * address:port combination. */
313 firewall_is_fascist_impl(void)
315 const or_options_t
*options
= get_options();
316 /* Assume every non-bridge relay has an IPv4 address.
317 * Clients which use bridges may only know the IPv6 address of their
319 return (options
->ClientUseIPv4
== 0
320 || (!fascist_firewall_use_ipv6(options
)
321 && options
->UseBridges
== 1));
324 /** Return true iff the firewall options, including ClientUseIPv4 0 and
325 * ClientUseIPv6 0, might block any OR address:port combination.
326 * Address preferences may still change which address is selected even if
327 * this function returns false.
330 firewall_is_fascist_or(void)
332 return (reachable_or_addr_policy
!= NULL
|| firewall_is_fascist_impl());
335 /** Return true iff the firewall options, including ClientUseIPv4 0 and
336 * ClientUseIPv6 0, might block any Dir address:port combination.
337 * Address preferences may still change which address is selected even if
338 * this function returns false.
341 firewall_is_fascist_dir(void)
343 return (reachable_dir_addr_policy
!= NULL
|| firewall_is_fascist_impl());
346 /** Return true iff <b>policy</b> (possibly NULL) will allow a
347 * connection to <b>addr</b>:<b>port</b>.
350 addr_policy_permits_tor_addr(const tor_addr_t
*addr
, uint16_t port
,
353 addr_policy_result_t p
;
354 p
= compare_tor_addr_to_addr_policy(addr
, port
, policy
);
356 case ADDR_POLICY_PROBABLY_ACCEPTED
:
357 case ADDR_POLICY_ACCEPTED
:
359 case ADDR_POLICY_PROBABLY_REJECTED
:
360 case ADDR_POLICY_REJECTED
:
363 log_warn(LD_BUG
, "Unexpected result: %d", (int)p
);
368 /** Return true iff <b> policy</b> (possibly NULL) will allow a connection to
369 * <b>addr</b>:<b>port</b>. <b>addr</b> is an IPv4 address given in host
371 /* XXXX deprecate when possible. */
373 addr_policy_permits_address(uint32_t addr
, uint16_t port
,
377 tor_addr_from_ipv4h(&a
, addr
);
378 return addr_policy_permits_tor_addr(&a
, port
, policy
);
381 /** Return true iff we think our firewall will let us make a connection to
384 * If we are configured as a server, ignore any address family preference and
387 * - return false for all IPv4 addresses:
388 * - if ClientUseIPv4 is 0, or
389 * if pref_only and pref_ipv6 are both true;
390 * - return false for all IPv6 addresses:
391 * - if fascist_firewall_use_ipv6() is 0, or
392 * - if pref_only is true and pref_ipv6 is false.
394 * Return false if addr is NULL or tor_addr_is_null(), or if port is 0. */
396 fascist_firewall_allows_address(const tor_addr_t
*addr
,
398 smartlist_t
*firewall_policy
,
399 int pref_only
, int pref_ipv6
)
401 const or_options_t
*options
= get_options();
403 if (!addr
|| tor_addr_is_null(addr
) || !port
) {
407 if (!server_mode(options
)) {
408 if (tor_addr_family(addr
) == AF_INET
&&
409 (!options
->ClientUseIPv4
|| (pref_only
&& pref_ipv6
)))
412 /* Bridges can always use IPv6 */
413 if (tor_addr_family(addr
) == AF_INET6
&&
414 (!fascist_firewall_use_ipv6(options
) || (pref_only
&& !pref_ipv6
)))
418 return addr_policy_permits_tor_addr(addr
, port
,
422 /** Is this client configured to use IPv6?
424 int fascist_firewall_use_ipv6(const or_options_t
*options
)
426 /* Clients use IPv6 if it's set, or they use bridges, or they don't use
428 return (options
->ClientUseIPv6
== 1 || options
->UseBridges
== 1
429 || options
->ClientUseIPv4
== 0);
432 /** Do we prefer to connect to IPv6, ignoring ClientPreferIPv6ORPort and
433 * ClientPreferIPv6DirPort?
434 * If we're unsure, return -1, otherwise, return 1 for IPv6 and 0 for IPv4.
437 fascist_firewall_prefer_ipv6_impl(const or_options_t
*options
)
440 Cheap implementation of config options ClientUseIPv4 & ClientUseIPv6 --
441 If we're a server or IPv6 is disabled, use IPv4.
442 If IPv4 is disabled, use IPv6.
445 if (server_mode(options
) || !fascist_firewall_use_ipv6(options
)) {
449 if (!options
->ClientUseIPv4
) {
456 /** Do we prefer to connect to IPv6 ORPorts?
459 fascist_firewall_prefer_ipv6_orport(const or_options_t
*options
)
461 int pref_ipv6
= fascist_firewall_prefer_ipv6_impl(options
);
463 if (pref_ipv6
>= 0) {
467 /* We can use both IPv4 and IPv6 - which do we prefer? */
468 if (options
->ClientPreferIPv6ORPort
== 1) {
472 /* For bridge clients, ClientPreferIPv6ORPort auto means "prefer IPv6". */
473 if (options
->UseBridges
&& options
->ClientPreferIPv6ORPort
!= 0) {
480 /** Do we prefer to connect to IPv6 DirPorts?
483 fascist_firewall_prefer_ipv6_dirport(const or_options_t
*options
)
485 int pref_ipv6
= fascist_firewall_prefer_ipv6_impl(options
);
487 if (pref_ipv6
>= 0) {
491 /* We can use both IPv4 and IPv6 - which do we prefer? */
492 if (options
->ClientPreferIPv6DirPort
== 1) {
496 /* For bridge clients, ClientPreferIPv6ORPort auto means "prefer IPv6".
497 * XX/teor - do bridge clients ever use a DirPort? */
498 if (options
->UseBridges
&& options
->ClientPreferIPv6DirPort
!= 0) {
505 /** Return true iff we think our firewall will let us make a connection to
506 * addr:port. Uses ReachableORAddresses or ReachableDirAddresses based on
508 * If pref_only, return false if addr is not in the client's preferred address
512 fascist_firewall_allows_address_addr(const tor_addr_t
*addr
, uint16_t port
,
513 firewall_connection_t fw_connection
,
516 const or_options_t
*options
= get_options();
518 if (fw_connection
== FIREWALL_OR_CONNECTION
) {
519 return fascist_firewall_allows_address(addr
, port
,
520 reachable_or_addr_policy
,
522 fascist_firewall_prefer_ipv6_orport(options
));
523 } else if (fw_connection
== FIREWALL_DIR_CONNECTION
) {
524 return fascist_firewall_allows_address(addr
, port
,
525 reachable_dir_addr_policy
,
527 fascist_firewall_prefer_ipv6_dirport(options
));
529 log_warn(LD_BUG
, "Bad firewall_connection_t value %d.",
535 /** Return true iff we think our firewall will let us make a connection to
536 * addr:port (ap). Uses ReachableORAddresses or ReachableDirAddresses based on
538 * If pref_only, return false if addr is not in the client's preferred address
542 fascist_firewall_allows_address_ap(const tor_addr_port_t
*ap
,
543 firewall_connection_t fw_connection
,
547 return fascist_firewall_allows_address_addr(&ap
->addr
, ap
->port
,
548 fw_connection
, pref_only
);
551 /* Return true iff we think our firewall will let us make a connection to
552 * ipv4h_or_addr:ipv4_or_port. ipv4h_or_addr is interpreted in host order.
553 * Uses ReachableORAddresses or ReachableDirAddresses based on
555 * If pref_only, return false if addr is not in the client's preferred address
558 fascist_firewall_allows_address_ipv4h(uint32_t ipv4h_or_addr
,
559 uint16_t ipv4_or_port
,
560 firewall_connection_t fw_connection
,
563 tor_addr_t ipv4_or_addr
;
564 tor_addr_from_ipv4h(&ipv4_or_addr
, ipv4h_or_addr
);
565 return fascist_firewall_allows_address_addr(&ipv4_or_addr
, ipv4_or_port
,
566 fw_connection
, pref_only
);
569 /** Return true iff we think our firewall will let us make a connection to
570 * ipv4h_addr/ipv6_addr. Uses ipv4_orport/ipv6_orport/ReachableORAddresses or
571 * ipv4_dirport/ipv6_dirport/ReachableDirAddresses based on IPv4/IPv6 and
572 * <b>fw_connection</b>.
573 * If pref_only, return false if addr is not in the client's preferred address
576 fascist_firewall_allows_base(uint32_t ipv4h_addr
, uint16_t ipv4_orport
,
577 uint16_t ipv4_dirport
,
578 const tor_addr_t
*ipv6_addr
, uint16_t ipv6_orport
,
579 uint16_t ipv6_dirport
,
580 firewall_connection_t fw_connection
,
583 if (fascist_firewall_allows_address_ipv4h(ipv4h_addr
,
584 (fw_connection
== FIREWALL_OR_CONNECTION
592 if (fascist_firewall_allows_address_addr(ipv6_addr
,
593 (fw_connection
== FIREWALL_OR_CONNECTION
604 /** Like fascist_firewall_allows_ri, but doesn't consult the node. */
606 fascist_firewall_allows_ri_impl(const routerinfo_t
*ri
,
607 firewall_connection_t fw_connection
,
614 /* Assume IPv4 and IPv6 DirPorts are the same */
615 return fascist_firewall_allows_base(ri
->addr
, ri
->or_port
, ri
->dir_port
,
616 &ri
->ipv6_addr
, ri
->ipv6_orport
,
617 ri
->dir_port
, fw_connection
, pref_only
);
620 /** Like fascist_firewall_allows_rs, but doesn't consult the node. */
622 fascist_firewall_allows_rs_impl(const routerstatus_t
*rs
,
623 firewall_connection_t fw_connection
,
630 /* Assume IPv4 and IPv6 DirPorts are the same */
631 return fascist_firewall_allows_base(rs
->addr
, rs
->or_port
, rs
->dir_port
,
632 &rs
->ipv6_addr
, rs
->ipv6_orport
,
633 rs
->dir_port
, fw_connection
, pref_only
);
636 /** Return true iff we think our firewall will let us make a connection to
637 * <b>rs</b> on either its IPv4 or IPv6 address. Uses
638 * or_port/ipv6_orport/ReachableORAddresses or dir_port/ReachableDirAddresses
639 * based on IPv4/IPv6 and <b>fw_connection</b>.
640 * If pref_only, return false if addr is not in the client's preferred address
642 * Consults the corresponding node if the addresses in rs are not permitted. */
644 fascist_firewall_allows_rs(const routerstatus_t
*rs
,
645 firewall_connection_t fw_connection
, int pref_only
)
651 /* Assume IPv4 and IPv6 DirPorts are the same */
652 if (fascist_firewall_allows_rs_impl(rs
, fw_connection
, pref_only
)) {
655 const node_t
*node
= node_get_by_id(rs
->identity_digest
);
656 return fascist_firewall_allows_node(node
, fw_connection
, pref_only
);
660 /** Like fascist_firewall_allows_md, but doesn't consult the node. */
662 fascist_firewall_allows_md_impl(const microdesc_t
*md
,
663 firewall_connection_t fw_connection
,
670 /* Can't check dirport, it doesn't have one */
671 if (fw_connection
== FIREWALL_DIR_CONNECTION
) {
675 /* Also can't check IPv4, doesn't have that either */
676 return fascist_firewall_allows_address_addr(&md
->ipv6_addr
, md
->ipv6_orport
,
677 fw_connection
, pref_only
);
680 /** Return true iff we think our firewall will let us make a connection to
682 * - if <b>preferred</b> is true, on its preferred address,
683 * - if not, on either its IPv4 or IPv6 address.
684 * Uses or_port/ipv6_orport/ReachableORAddresses or
685 * dir_port/ReachableDirAddresses based on IPv4/IPv6 and <b>fw_connection</b>.
686 * If pref_only, return false if addr is not in the client's preferred address
689 fascist_firewall_allows_node(const node_t
*node
,
690 firewall_connection_t fw_connection
,
697 node_assert_ok(node
);
699 /* Sometimes, the rs is missing the IPv6 address info, and we need to go
700 * all the way to the md */
701 if (node
->ri
&& fascist_firewall_allows_ri_impl(node
->ri
, fw_connection
,
704 } else if (node
->rs
&& fascist_firewall_allows_rs_impl(node
->rs
,
708 } else if (node
->md
&& fascist_firewall_allows_md_impl(node
->md
,
713 /* If we know nothing, assume it's unreachable, we'll never get an address
719 /** Return true iff we think our firewall will let us make a connection to
720 * <b>ds</b> on either its IPv4 or IPv6 address. Uses ReachableORAddresses or
721 * ReachableDirAddresses based on <b>fw_connection</b> (some directory
722 * connections are tunneled over ORPorts).
723 * If pref_only, return false if addr is not in the client's preferred address
726 fascist_firewall_allows_dir_server(const dir_server_t
*ds
,
727 firewall_connection_t fw_connection
,
734 /* A dir_server_t always has a fake_status. As long as it has the same
735 * addresses/ports in both fake_status and dir_server_t, this works fine.
737 * This function relies on fascist_firewall_allows_rs looking up the node on
738 * failure, because it will get the latest info for the relay. */
739 return fascist_firewall_allows_rs(&ds
->fake_status
, fw_connection
,
743 /** If a and b are both valid and allowed by fw_connection,
744 * choose one based on want_a and return it.
745 * Otherwise, return whichever is allowed.
746 * Otherwise, return NULL.
747 * If pref_only, only return an address if it's in the client's preferred
749 static const tor_addr_port_t
*
750 fascist_firewall_choose_address_impl(const tor_addr_port_t
*a
,
751 const tor_addr_port_t
*b
,
753 firewall_connection_t fw_connection
,
756 const tor_addr_port_t
*use_a
= NULL
;
757 const tor_addr_port_t
*use_b
= NULL
;
759 if (fascist_firewall_allows_address_ap(a
, fw_connection
, pref_only
)) {
763 if (fascist_firewall_allows_address_ap(b
, fw_connection
, pref_only
)) {
767 /* If both are allowed */
768 if (use_a
&& use_b
) {
769 /* Choose a if we want it */
770 return (want_a
? use_a
: use_b
);
772 /* Choose a if we have it */
773 return (use_a
? use_a
: use_b
);
777 /** If a and b are both valid and preferred by fw_connection,
778 * choose one based on want_a and return it.
779 * Otherwise, return whichever is preferred.
780 * If neither are preferred, and pref_only is false:
781 * - If a and b are both allowed by fw_connection,
782 * choose one based on want_a and return it.
783 * - Otherwise, return whichever is preferred.
784 * Otherwise, return NULL. */
785 const tor_addr_port_t
*
786 fascist_firewall_choose_address(const tor_addr_port_t
*a
,
787 const tor_addr_port_t
*b
,
789 firewall_connection_t fw_connection
,
792 const tor_addr_port_t
*pref
= fascist_firewall_choose_address_impl(
796 if (pref_only
|| pref
) {
797 /* If there is a preferred address, use it. If we can only use preferred
798 * addresses, and neither address is preferred, pref will be NULL, and we
799 * want to return NULL, so return it. */
802 /* If there's no preferred address, and we can return addresses that are
803 * not preferred, use an address that's allowed */
804 return fascist_firewall_choose_address_impl(a
, b
, want_a
, fw_connection
,
809 /** Copy an address and port into <b>ap</b> that we think our firewall will
810 * let us connect to. Uses ipv4_addr/ipv6_addr and
811 * ipv4_orport/ipv6_orport/ReachableORAddresses or
812 * ipv4_dirport/ipv6_dirport/ReachableDirAddresses based on IPv4/IPv6 and
813 * <b>fw_connection</b>.
814 * If pref_only, only choose preferred addresses. In either case, choose
815 * a preferred address before an address that's not preferred.
816 * If neither address is chosen, return 0, else return 1. */
818 fascist_firewall_choose_address_base(const tor_addr_t
*ipv4_addr
,
819 uint16_t ipv4_orport
,
820 uint16_t ipv4_dirport
,
821 const tor_addr_t
*ipv6_addr
,
822 uint16_t ipv6_orport
,
823 uint16_t ipv6_dirport
,
824 firewall_connection_t fw_connection
,
828 const tor_addr_port_t
*result
= NULL
;
829 /* This argument is ignored as long as the address pair is IPv4/IPv6,
830 * because we always have a preference in a client.
831 * For bridge clients, this selects the preferred address, which was
832 * previously IPv6 (if a bridge has both), so we keep that behaviour. */
833 const int bridge_client_prefer_ipv4
= 0;
835 tor_assert(ipv6_addr
);
838 tor_addr_port_t ipv4_ap
;
839 tor_addr_copy(&ipv4_ap
.addr
, ipv4_addr
);
840 ipv4_ap
.port
= (fw_connection
== FIREWALL_OR_CONNECTION
844 tor_addr_port_t ipv6_ap
;
845 tor_addr_copy(&ipv6_ap
.addr
, ipv6_addr
);
846 ipv6_ap
.port
= (fw_connection
== FIREWALL_OR_CONNECTION
850 result
= fascist_firewall_choose_address(&ipv4_ap
, &ipv6_ap
,
851 bridge_client_prefer_ipv4
,
852 fw_connection
, pref_only
);
855 tor_addr_copy(&ap
->addr
, &result
->addr
);
856 ap
->port
= result
->port
;
863 /** Like fascist_firewall_choose_address_base, but takes a host-order IPv4
864 * address as the first parameter. */
866 fascist_firewall_choose_address_ipv4h(uint32_t ipv4h_addr
,
867 uint16_t ipv4_orport
,
868 uint16_t ipv4_dirport
,
869 const tor_addr_t
*ipv6_addr
,
870 uint16_t ipv6_orport
,
871 uint16_t ipv6_dirport
,
872 firewall_connection_t fw_connection
,
876 tor_addr_t ipv4_addr
;
877 tor_addr_from_ipv4h(&ipv4_addr
, ipv4h_addr
);
878 return fascist_firewall_choose_address_base(&ipv4_addr
, ipv4_orport
,
879 ipv4_dirport
, ipv6_addr
,
880 ipv6_orport
, ipv6_dirport
,
881 fw_connection
, pref_only
, ap
);
884 #define IPV6_OR_LOOKUP(r, identity_digest, ipv6_or_ap) \
886 if (!(r)->ipv6_orport || tor_addr_is_null(&(r)->ipv6_addr)) { \
887 const node_t *node = node_get_by_id((identity_digest)); \
889 node_get_pref_ipv6_orport(node, &(ipv6_or_ap)); \
891 tor_addr_make_null(&(ipv6_or_ap).addr, AF_INET6); \
892 (ipv6_or_ap).port = 0; \
895 tor_addr_copy(&(ipv6_or_ap).addr, &(r)->ipv6_addr); \
896 (ipv6_or_ap).port = (r)->ipv6_orport; \
900 /** Copy an address and port from <b>rs</b> into <b>ap</b> that we think our
901 * firewall will let us connect to. Uses ipv4h_addr/ipv6_addr and
902 * ipv4_orport/ipv6_orport/ReachableORAddresses or
903 * ipv4_dirport/ipv6_dirport/ReachableDirAddresses based on IPv4/IPv6 and
904 * <b>fw_connection</b>.
905 * If pref_only, only choose preferred addresses. In either case, choose
906 * a preferred address before an address that's not preferred.
907 * If neither address is chosen, return 0, else return 1.
908 * Consults the corresponding node if the addresses in rs are not valid. */
910 fascist_firewall_choose_address_rs(const routerstatus_t
*rs
,
911 firewall_connection_t fw_connection
,
912 int pref_only
, tor_addr_port_t
* ap
)
920 /* Don't do the lookup if the IPv6 address/port in rs is OK.
921 * If it's OK, assume the dir_port is also OK. */
922 tor_addr_port_t ipv6_or_ap
;
923 IPV6_OR_LOOKUP(rs
, rs
->identity_digest
, ipv6_or_ap
);
925 /* Assume IPv4 and IPv6 DirPorts are the same.
926 * Assume the IPv6 OR and Dir addresses are the same. */
927 return fascist_firewall_choose_address_ipv4h(rs
->addr
,
938 /** Copy an address and port from <b>node</b> into <b>ap</b> that we think our
939 * firewall will let us connect to. Uses ipv4h_addr/ipv6_addr and
940 * ipv4_orport/ipv6_orport/ReachableORAddresses or
941 * ipv4_dirport/ipv6_dirport/ReachableDirAddresses based on IPv4/IPv6 and
942 * <b>fw_connection</b>.
943 * If pref_only, only choose preferred addresses. In either case, choose
944 * a preferred address before an address that's not preferred.
945 * If neither address is chosen, return 0, else return 1. */
947 fascist_firewall_choose_address_node(const node_t
*node
,
948 firewall_connection_t fw_connection
,
949 int pref_only
, tor_addr_port_t
*ap
)
955 node_assert_ok(node
);
957 tor_addr_port_t ipv4_or_ap
;
958 node_get_prim_orport(node
, &ipv4_or_ap
);
959 tor_addr_port_t ipv4_dir_ap
;
960 node_get_prim_dirport(node
, &ipv4_dir_ap
);
962 tor_addr_port_t ipv6_or_ap
;
963 node_get_pref_ipv6_orport(node
, &ipv6_or_ap
);
964 tor_addr_port_t ipv6_dir_ap
;
965 node_get_pref_ipv6_dirport(node
, &ipv6_dir_ap
);
967 /* Assume the IPv6 OR and Dir addresses are the same. */
968 return fascist_firewall_choose_address_base(&ipv4_or_ap
.addr
,
979 /** Copy an address and port from <b>ds</b> into <b>ap</b> that we think our
980 * firewall will let us connect to. Uses ipv4h_addr/ipv6_addr and
981 * ipv4_orport/ipv6_orport/ReachableORAddresses or
982 * ipv4_dirport/ipv6_dirport/ReachableDirAddresses based on IPv4/IPv6 and
983 * <b>fw_connection</b>.
984 * If pref_only, only choose preferred addresses. In either case, choose
985 * a preferred address before an address that's not preferred.
986 * If neither address is chosen, return 0, else return 1. */
988 fascist_firewall_choose_address_dir_server(const dir_server_t
*ds
,
989 firewall_connection_t fw_connection
,
990 int pref_only
, tor_addr_port_t
*ap
)
996 /* A dir_server_t always has a fake_status. As long as it has the same
997 * addresses/ports in both fake_status and dir_server_t, this works fine.
999 * This function relies on fascist_firewall_choose_address_rs looking up the
1000 * addresses from the node if it can, because that will get the latest info
1002 return fascist_firewall_choose_address_rs(&ds
->fake_status
, fw_connection
,
1006 /** Return 1 if <b>addr</b> is permitted to connect to our dir port,
1007 * based on <b>dir_policy</b>. Else return 0.
1010 dir_policy_permits_address(const tor_addr_t
*addr
)
1012 return addr_policy_permits_tor_addr(addr
, 1, dir_policy
);
1015 /** Return 1 if <b>addr</b> is permitted to connect to our socks port,
1016 * based on <b>socks_policy</b>. Else return 0.
1019 socks_policy_permits_address(const tor_addr_t
*addr
)
1021 return addr_policy_permits_tor_addr(addr
, 1, socks_policy
);
1024 /** Return true iff the address <b>addr</b> is in a country listed in the
1025 * case-insensitive list of country codes <b>cc_list</b>. */
1027 addr_is_in_cc_list(uint32_t addr
, const smartlist_t
*cc_list
)
1036 tor_addr_from_ipv4h(&tar
, addr
);
1037 country
= geoip_get_country_by_addr(&tar
);
1038 name
= geoip_get_country_name(country
);
1039 return smartlist_contains_string_case(cc_list
, name
);
1042 /** Return 1 if <b>addr</b>:<b>port</b> is permitted to publish to our
1043 * directory, based on <b>authdir_reject_policy</b>. Else return 0.
1046 authdir_policy_permits_address(uint32_t addr
, uint16_t port
)
1048 if (! addr_policy_permits_address(addr
, port
, authdir_reject_policy
))
1050 return !addr_is_in_cc_list(addr
, get_options()->AuthDirRejectCCs
);
1053 /** Return 1 if <b>addr</b>:<b>port</b> is considered valid in our
1054 * directory, based on <b>authdir_invalid_policy</b>. Else return 0.
1057 authdir_policy_valid_address(uint32_t addr
, uint16_t port
)
1059 if (! addr_policy_permits_address(addr
, port
, authdir_invalid_policy
))
1061 return !addr_is_in_cc_list(addr
, get_options()->AuthDirInvalidCCs
);
1064 /** Return 1 if <b>addr</b>:<b>port</b> should be marked as a bad exit,
1065 * based on <b>authdir_badexit_policy</b>. Else return 0.
1068 authdir_policy_badexit_address(uint32_t addr
, uint16_t port
)
1070 if (! addr_policy_permits_address(addr
, port
, authdir_badexit_policy
))
1072 return addr_is_in_cc_list(addr
, get_options()->AuthDirBadExitCCs
);
1075 #define REJECT(arg) \
1076 STMT_BEGIN *msg = tor_strdup(arg); goto err; STMT_END
1078 /** Config helper: If there's any problem with the policy configuration
1079 * options in <b>options</b>, return -1 and set <b>msg</b> to a newly
1080 * allocated description of the error. Else return 0. */
1082 validate_addr_policies(const or_options_t
*options
, char **msg
)
1084 /* XXXX Maybe merge this into parse_policies_from_options, to make sure
1085 * that the two can't go out of sync. */
1087 smartlist_t
*addr_policy
=NULL
;
1090 if (policies_parse_exit_policy_from_options(options
,0,NULL
,&addr_policy
)) {
1091 REJECT("Error in ExitPolicy entry.");
1094 static int warned_about_exitrelay
= 0;
1096 const int exitrelay_setting_is_auto
= options
->ExitRelay
== -1;
1097 const int policy_accepts_something
=
1098 ! (policy_is_reject_star(addr_policy
, AF_INET
) &&
1099 policy_is_reject_star(addr_policy
, AF_INET6
));
1101 if (server_mode(options
) &&
1102 ! warned_about_exitrelay
&&
1103 exitrelay_setting_is_auto
&&
1104 policy_accepts_something
) {
1105 /* Policy accepts something */
1106 warned_about_exitrelay
= 1;
1108 "Tor is running as an exit relay%s. If you did not want this "
1109 "behavior, please set the ExitRelay option to 0. If you do "
1110 "want to run an exit Relay, please set the ExitRelay option "
1111 "to 1 to disable this warning, and for forward compatibility.",
1112 options
->ExitPolicy
== NULL
?
1113 " with the default exit policy" : "");
1114 if (options
->ExitPolicy
== NULL
) {
1116 "In a future version of Tor, ExitRelay 0 may become the "
1117 "default when no ExitPolicy is given.");
1121 /* The rest of these calls *append* to addr_policy. So don't actually
1122 * use the results for anything other than checking if they parse! */
1123 if (parse_addr_policy(options
->DirPolicy
, &addr_policy
, -1))
1124 REJECT("Error in DirPolicy entry.");
1125 if (parse_addr_policy(options
->SocksPolicy
, &addr_policy
, -1))
1126 REJECT("Error in SocksPolicy entry.");
1127 if (parse_addr_policy(options
->AuthDirReject
, &addr_policy
,
1128 ADDR_POLICY_REJECT
))
1129 REJECT("Error in AuthDirReject entry.");
1130 if (parse_addr_policy(options
->AuthDirInvalid
, &addr_policy
,
1131 ADDR_POLICY_REJECT
))
1132 REJECT("Error in AuthDirInvalid entry.");
1133 if (parse_addr_policy(options
->AuthDirBadExit
, &addr_policy
,
1134 ADDR_POLICY_REJECT
))
1135 REJECT("Error in AuthDirBadExit entry.");
1137 if (parse_addr_policy(options
->ReachableAddresses
, &addr_policy
,
1138 ADDR_POLICY_ACCEPT
))
1139 REJECT("Error in ReachableAddresses entry.");
1140 if (parse_addr_policy(options
->ReachableORAddresses
, &addr_policy
,
1141 ADDR_POLICY_ACCEPT
))
1142 REJECT("Error in ReachableORAddresses entry.");
1143 if (parse_addr_policy(options
->ReachableDirAddresses
, &addr_policy
,
1144 ADDR_POLICY_ACCEPT
))
1145 REJECT("Error in ReachableDirAddresses entry.");
1148 addr_policy_list_free(addr_policy
);
1149 return *msg
? -1 : 0;
1153 /** Parse <b>string</b> in the same way that the exit policy
1154 * is parsed, and put the processed version in *<b>policy</b>.
1155 * Ignore port specifiers.
1158 load_policy_from_option(config_line_t
*config
, const char *option_name
,
1159 smartlist_t
**policy
,
1163 int killed_any_ports
= 0;
1164 addr_policy_list_free(*policy
);
1166 r
= parse_addr_policy(config
, policy
, assume_action
);
1171 SMARTLIST_FOREACH_BEGIN(*policy
, addr_policy_t
*, n
) {
1172 /* ports aren't used in these. */
1173 if (n
->prt_min
> 1 || n
->prt_max
!= 65535) {
1174 addr_policy_t newp
, *c
;
1175 memcpy(&newp
, n
, sizeof(newp
));
1177 newp
.prt_max
= 65535;
1178 newp
.is_canonical
= 0;
1179 c
= addr_policy_get_canonical_entry(&newp
);
1180 SMARTLIST_REPLACE_CURRENT(*policy
, n
, c
);
1181 addr_policy_free(n
);
1182 killed_any_ports
= 1;
1184 } SMARTLIST_FOREACH_END(n
);
1186 if (killed_any_ports
) {
1187 log_warn(LD_CONFIG
, "Ignoring ports in %s option.", option_name
);
1192 /** Set all policies based on <b>options</b>, which should have been validated
1193 * first by validate_addr_policies. */
1195 policies_parse_from_options(const or_options_t
*options
)
1198 if (load_policy_from_option(options
->SocksPolicy
, "SocksPolicy",
1199 &socks_policy
, -1) < 0)
1201 if (load_policy_from_option(options
->DirPolicy
, "DirPolicy",
1202 &dir_policy
, -1) < 0)
1204 if (load_policy_from_option(options
->AuthDirReject
, "AuthDirReject",
1205 &authdir_reject_policy
, ADDR_POLICY_REJECT
) < 0)
1207 if (load_policy_from_option(options
->AuthDirInvalid
, "AuthDirInvalid",
1208 &authdir_invalid_policy
, ADDR_POLICY_REJECT
) < 0)
1210 if (load_policy_from_option(options
->AuthDirBadExit
, "AuthDirBadExit",
1211 &authdir_badexit_policy
, ADDR_POLICY_REJECT
) < 0)
1213 if (parse_reachable_addresses() < 0)
1218 /** Compare two provided address policy items, and return -1, 0, or 1
1219 * if the first is less than, equal to, or greater than the second. */
1221 cmp_single_addr_policy(addr_policy_t
*a
, addr_policy_t
*b
)
1224 if ((r
=((int)a
->policy_type
- (int)b
->policy_type
)))
1226 if ((r
=((int)a
->is_private
- (int)b
->is_private
)))
1228 /* refcnt and is_canonical are irrelevant to equality,
1229 * they are hash table implementation details */
1230 if ((r
=tor_addr_compare(&a
->addr
, &b
->addr
, CMP_EXACT
)))
1232 if ((r
=((int)a
->maskbits
- (int)b
->maskbits
)))
1234 if ((r
=((int)a
->prt_min
- (int)b
->prt_min
)))
1236 if ((r
=((int)a
->prt_max
- (int)b
->prt_max
)))
1241 /** Like cmp_single_addr_policy() above, but looks at the
1242 * whole set of policies in each case. */
1244 cmp_addr_policies(smartlist_t
*a
, smartlist_t
*b
)
1247 int len_a
= a
? smartlist_len(a
) : 0;
1248 int len_b
= b
? smartlist_len(b
) : 0;
1250 for (i
= 0; i
< len_a
&& i
< len_b
; ++i
) {
1251 if ((r
= cmp_single_addr_policy(smartlist_get(a
, i
), smartlist_get(b
, i
))))
1254 if (i
== len_a
&& i
== len_b
)
1262 /** Node in hashtable used to store address policy entries. */
1263 typedef struct policy_map_ent_t
{
1264 HT_ENTRY(policy_map_ent_t
) node
;
1265 addr_policy_t
*policy
;
1268 /* DOCDOC policy_root */
1269 static HT_HEAD(policy_map
, policy_map_ent_t
) policy_root
= HT_INITIALIZER();
1271 /** Return true iff a and b are equal. */
1273 policy_eq(policy_map_ent_t
*a
, policy_map_ent_t
*b
)
1275 return cmp_single_addr_policy(a
->policy
, b
->policy
) == 0;
1278 /** Return a hashcode for <b>ent</b> */
1280 policy_hash(const policy_map_ent_t
*ent
)
1282 const addr_policy_t
*a
= ent
->policy
;
1284 memset(&aa
, 0, sizeof(aa
));
1286 aa
.prt_min
= a
->prt_min
;
1287 aa
.prt_max
= a
->prt_max
;
1288 aa
.maskbits
= a
->maskbits
;
1289 aa
.policy_type
= a
->policy_type
;
1290 aa
.is_private
= a
->is_private
;
1292 if (a
->is_private
) {
1295 tor_addr_copy_tight(&aa
.addr
, &a
->addr
);
1298 return (unsigned) siphash24g(&aa
, sizeof(aa
));
1301 HT_PROTOTYPE(policy_map
, policy_map_ent_t
, node
, policy_hash
,
1303 HT_GENERATE2(policy_map
, policy_map_ent_t
, node
, policy_hash
,
1304 policy_eq
, 0.6, tor_reallocarray_
, tor_free_
)
1306 /** Given a pointer to an addr_policy_t, return a copy of the pointer to the
1307 * "canonical" copy of that addr_policy_t; the canonical copy is a single
1308 * reference-counted object. */
1310 addr_policy_get_canonical_entry(addr_policy_t
*e
)
1312 policy_map_ent_t search
, *found
;
1313 if (e
->is_canonical
)
1317 found
= HT_FIND(policy_map
, &policy_root
, &search
);
1319 found
= tor_malloc_zero(sizeof(policy_map_ent_t
));
1320 found
->policy
= tor_memdup(e
, sizeof(addr_policy_t
));
1321 found
->policy
->is_canonical
= 1;
1322 found
->policy
->refcnt
= 0;
1323 HT_INSERT(policy_map
, &policy_root
, found
);
1326 tor_assert(!cmp_single_addr_policy(found
->policy
, e
));
1327 ++found
->policy
->refcnt
;
1328 return found
->policy
;
1331 /** Helper for compare_tor_addr_to_addr_policy. Implements the case where
1332 * addr and port are both known. */
1333 static addr_policy_result_t
1334 compare_known_tor_addr_to_addr_policy(const tor_addr_t
*addr
, uint16_t port
,
1335 const smartlist_t
*policy
)
1337 /* We know the address and port, and we know the policy, so we can just
1338 * compute an exact match. */
1339 SMARTLIST_FOREACH_BEGIN(policy
, addr_policy_t
*, tmpe
) {
1340 if (tmpe
->addr
.family
== AF_UNSPEC
) {
1341 log_warn(LD_BUG
, "Policy contains an AF_UNSPEC address, which only "
1342 "matches other AF_UNSPEC addresses.");
1344 /* Address is known */
1345 if (!tor_addr_compare_masked(addr
, &tmpe
->addr
, tmpe
->maskbits
,
1347 if (port
>= tmpe
->prt_min
&& port
<= tmpe
->prt_max
) {
1348 /* Exact match for the policy */
1349 return tmpe
->policy_type
== ADDR_POLICY_ACCEPT
?
1350 ADDR_POLICY_ACCEPTED
: ADDR_POLICY_REJECTED
;
1353 } SMARTLIST_FOREACH_END(tmpe
);
1355 /* accept all by default. */
1356 return ADDR_POLICY_ACCEPTED
;
1359 /** Helper for compare_tor_addr_to_addr_policy. Implements the case where
1360 * addr is known but port is not. */
1361 static addr_policy_result_t
1362 compare_known_tor_addr_to_addr_policy_noport(const tor_addr_t
*addr
,
1363 const smartlist_t
*policy
)
1365 /* We look to see if there's a definite match. If so, we return that
1366 match's value, unless there's an intervening possible match that says
1367 something different. */
1368 int maybe_accept
= 0, maybe_reject
= 0;
1370 SMARTLIST_FOREACH_BEGIN(policy
, addr_policy_t
*, tmpe
) {
1371 if (tmpe
->addr
.family
== AF_UNSPEC
) {
1372 log_warn(LD_BUG
, "Policy contains an AF_UNSPEC address, which only "
1373 "matches other AF_UNSPEC addresses.");
1375 if (!tor_addr_compare_masked(addr
, &tmpe
->addr
, tmpe
->maskbits
,
1377 if (tmpe
->prt_min
<= 1 && tmpe
->prt_max
>= 65535) {
1378 /* Definitely matches, since it covers all ports. */
1379 if (tmpe
->policy_type
== ADDR_POLICY_ACCEPT
) {
1380 /* If we already hit a clause that might trigger a 'reject', than we
1381 * can't be sure of this certain 'accept'.*/
1382 return maybe_reject
? ADDR_POLICY_PROBABLY_ACCEPTED
:
1383 ADDR_POLICY_ACCEPTED
;
1385 return maybe_accept
? ADDR_POLICY_PROBABLY_REJECTED
:
1386 ADDR_POLICY_REJECTED
;
1390 if (tmpe
->policy_type
== ADDR_POLICY_REJECT
)
1396 } SMARTLIST_FOREACH_END(tmpe
);
1398 /* accept all by default. */
1399 return maybe_reject
? ADDR_POLICY_PROBABLY_ACCEPTED
: ADDR_POLICY_ACCEPTED
;
1402 /** Helper for compare_tor_addr_to_addr_policy. Implements the case where
1403 * port is known but address is not. */
1404 static addr_policy_result_t
1405 compare_unknown_tor_addr_to_addr_policy(uint16_t port
,
1406 const smartlist_t
*policy
)
1408 /* We look to see if there's a definite match. If so, we return that
1409 match's value, unless there's an intervening possible match that says
1410 something different. */
1411 int maybe_accept
= 0, maybe_reject
= 0;
1413 SMARTLIST_FOREACH_BEGIN(policy
, addr_policy_t
*, tmpe
) {
1414 if (tmpe
->addr
.family
== AF_UNSPEC
) {
1415 log_warn(LD_BUG
, "Policy contains an AF_UNSPEC address, which only "
1416 "matches other AF_UNSPEC addresses.");
1418 if (tmpe
->prt_min
<= port
&& port
<= tmpe
->prt_max
) {
1419 if (tmpe
->maskbits
== 0) {
1420 /* Definitely matches, since it covers all addresses. */
1421 if (tmpe
->policy_type
== ADDR_POLICY_ACCEPT
) {
1422 /* If we already hit a clause that might trigger a 'reject', than we
1423 * can't be sure of this certain 'accept'.*/
1424 return maybe_reject
? ADDR_POLICY_PROBABLY_ACCEPTED
:
1425 ADDR_POLICY_ACCEPTED
;
1427 return maybe_accept
? ADDR_POLICY_PROBABLY_REJECTED
:
1428 ADDR_POLICY_REJECTED
;
1432 if (tmpe
->policy_type
== ADDR_POLICY_REJECT
)
1438 } SMARTLIST_FOREACH_END(tmpe
);
1440 /* accept all by default. */
1441 return maybe_reject
? ADDR_POLICY_PROBABLY_ACCEPTED
: ADDR_POLICY_ACCEPTED
;
1444 /** Decide whether a given addr:port is definitely accepted,
1445 * definitely rejected, probably accepted, or probably rejected by a
1446 * given policy. If <b>addr</b> is 0, we don't know the IP of the
1447 * target address. If <b>port</b> is 0, we don't know the port of the
1448 * target address. (At least one of <b>addr</b> and <b>port</b> must be
1449 * provided. If you want to know whether a policy would definitely reject
1450 * an unknown address:port, use policy_is_reject_star().)
1452 * We could do better by assuming that some ranges never match typical
1453 * addresses (127.0.0.1, and so on). But we'll try this for now.
1455 MOCK_IMPL(addr_policy_result_t
,
1456 compare_tor_addr_to_addr_policy
,(const tor_addr_t
*addr
, uint16_t port
,
1457 const smartlist_t
*policy
))
1460 /* no policy? accept all. */
1461 return ADDR_POLICY_ACCEPTED
;
1462 } else if (addr
== NULL
|| tor_addr_is_null(addr
)) {
1464 log_info(LD_BUG
, "Rejecting null address with 0 port (family %d)",
1465 addr
? tor_addr_family(addr
) : -1);
1466 return ADDR_POLICY_REJECTED
;
1468 return compare_unknown_tor_addr_to_addr_policy(port
, policy
);
1469 } else if (port
== 0) {
1470 return compare_known_tor_addr_to_addr_policy_noport(addr
, policy
);
1472 return compare_known_tor_addr_to_addr_policy(addr
, port
, policy
);
1476 /** Return true iff the address policy <b>a</b> covers every case that
1477 * would be covered by <b>b</b>, so that a,b is redundant. */
1479 addr_policy_covers(addr_policy_t
*a
, addr_policy_t
*b
)
1481 if (tor_addr_family(&a
->addr
) != tor_addr_family(&b
->addr
)) {
1482 /* You can't cover a different family. */
1485 /* We can ignore accept/reject, since "accept *:80, reject *:80" reduces
1486 * to "accept *:80". */
1487 if (a
->maskbits
> b
->maskbits
) {
1488 /* a has more fixed bits than b; it can't possibly cover b. */
1491 if (tor_addr_compare_masked(&a
->addr
, &b
->addr
, a
->maskbits
, CMP_EXACT
)) {
1492 /* There's a fixed bit in a that's set differently in b. */
1495 return (a
->prt_min
<= b
->prt_min
&& a
->prt_max
>= b
->prt_max
);
1498 /** Return true iff the address policies <b>a</b> and <b>b</b> intersect,
1499 * that is, there exists an address/port that is covered by <b>a</b> that
1500 * is also covered by <b>b</b>.
1503 addr_policy_intersects(addr_policy_t
*a
, addr_policy_t
*b
)
1506 /* All the bits we care about are those that are set in both
1507 * netmasks. If they are equal in a and b's networkaddresses
1508 * then the networks intersect. If there is a difference,
1509 * then they do not. */
1510 if (a
->maskbits
< b
->maskbits
)
1511 minbits
= a
->maskbits
;
1513 minbits
= b
->maskbits
;
1514 if (tor_addr_compare_masked(&a
->addr
, &b
->addr
, minbits
, CMP_EXACT
))
1516 if (a
->prt_max
< b
->prt_min
|| b
->prt_max
< a
->prt_min
)
1521 /** Add the exit policy described by <b>more</b> to <b>policy</b>.
1524 append_exit_policy_string(smartlist_t
**policy
, const char *more
)
1529 tmp
.value
= (char*) more
;
1531 if (parse_addr_policy(&tmp
, policy
, -1)<0) {
1532 log_warn(LD_BUG
, "Unable to parse internally generated policy %s",more
);
1536 /** Add "reject <b>addr</b>:*" to <b>dest</b>, creating the list as needed. */
1538 addr_policy_append_reject_addr(smartlist_t
**dest
, const tor_addr_t
*addr
)
1543 addr_policy_t p
, *add
;
1544 memset(&p
, 0, sizeof(p
));
1545 p
.policy_type
= ADDR_POLICY_REJECT
;
1546 p
.maskbits
= tor_addr_family(addr
) == AF_INET6
? 128 : 32;
1547 tor_addr_copy(&p
.addr
, addr
);
1551 add
= addr_policy_get_canonical_entry(&p
);
1553 *dest
= smartlist_new();
1554 smartlist_add(*dest
, add
);
1555 log_debug(LD_CONFIG
, "Adding a reject ExitPolicy 'reject %s:*'",
1559 /* Is addr public for the purposes of rejection? */
1561 tor_addr_is_public_for_reject(const tor_addr_t
*addr
)
1563 return (!tor_addr_is_null(addr
) && !tor_addr_is_internal(addr
, 0)
1564 && !tor_addr_is_multicast(addr
));
1567 /* Add "reject <b>addr</b>:*" to <b>dest</b>, creating the list as needed.
1568 * Filter the address, only adding an IPv4 reject rule if ipv4_rules
1569 * is true, and similarly for ipv6_rules. Check each address returns true for
1570 * tor_addr_is_public_for_reject before adding it.
1573 addr_policy_append_reject_addr_filter(smartlist_t
**dest
,
1574 const tor_addr_t
*addr
,
1581 /* Only reject IP addresses which are public */
1582 if (tor_addr_is_public_for_reject(addr
)) {
1584 /* Reject IPv4 addresses and IPv6 addresses based on the filters */
1585 int is_ipv4
= tor_addr_is_v4(addr
);
1586 if ((is_ipv4
&& ipv4_rules
) || (!is_ipv4
&& ipv6_rules
)) {
1587 addr_policy_append_reject_addr(dest
, addr
);
1592 /** Add "reject addr:*" to <b>dest</b>, for each addr in addrs, creating the
1593 * list as needed. */
1595 addr_policy_append_reject_addr_list(smartlist_t
**dest
,
1596 const smartlist_t
*addrs
)
1601 SMARTLIST_FOREACH_BEGIN(addrs
, tor_addr_t
*, addr
) {
1602 addr_policy_append_reject_addr(dest
, addr
);
1603 } SMARTLIST_FOREACH_END(addr
);
1606 /** Add "reject addr:*" to <b>dest</b>, for each addr in addrs, creating the
1607 * list as needed. Filter using */
1609 addr_policy_append_reject_addr_list_filter(smartlist_t
**dest
,
1610 const smartlist_t
*addrs
,
1617 SMARTLIST_FOREACH_BEGIN(addrs
, tor_addr_t
*, addr
) {
1618 addr_policy_append_reject_addr_filter(dest
, addr
, ipv4_rules
, ipv6_rules
);
1619 } SMARTLIST_FOREACH_END(addr
);
1622 /** Detect and excise "dead code" from the policy *<b>dest</b>. */
1624 exit_policy_remove_redundancies(smartlist_t
*dest
)
1626 addr_policy_t
*ap
, *tmp
;
1629 /* Step one: kill every ipv4 thing after *4:*, every IPv6 thing after *6:*
1632 int kill_v4
=0, kill_v6
=0;
1633 for (i
= 0; i
< smartlist_len(dest
); ++i
) {
1635 ap
= smartlist_get(dest
, i
);
1636 family
= tor_addr_family(&ap
->addr
);
1637 if ((family
== AF_INET
&& kill_v4
) ||
1638 (family
== AF_INET6
&& kill_v6
)) {
1639 smartlist_del_keeporder(dest
, i
--);
1640 addr_policy_free(ap
);
1644 if (ap
->maskbits
== 0 && ap
->prt_min
<= 1 && ap
->prt_max
>= 65535) {
1645 /* This is a catch-all line -- later lines are unreachable. */
1646 if (family
== AF_INET
) {
1648 } else if (family
== AF_INET6
) {
1655 /* Step two: for every entry, see if there's a redundant entry
1656 * later on, and remove it. */
1657 for (i
= 0; i
< smartlist_len(dest
)-1; ++i
) {
1658 ap
= smartlist_get(dest
, i
);
1659 for (j
= i
+1; j
< smartlist_len(dest
); ++j
) {
1660 tmp
= smartlist_get(dest
, j
);
1662 if (addr_policy_covers(ap
, tmp
)) {
1663 char p1
[POLICY_BUF_LEN
], p2
[POLICY_BUF_LEN
];
1664 policy_write_item(p1
, sizeof(p1
), tmp
, 0);
1665 policy_write_item(p2
, sizeof(p2
), ap
, 0);
1666 log_debug(LD_CONFIG
, "Removing exit policy %s (%d). It is made "
1667 "redundant by %s (%d).", p1
, j
, p2
, i
);
1668 smartlist_del_keeporder(dest
, j
--);
1669 addr_policy_free(tmp
);
1674 /* Step three: for every entry A, see if there's an entry B making this one
1675 * redundant later on. This is the case if A and B are of the same type
1676 * (accept/reject), A is a subset of B, and there is no other entry of
1677 * different type in between those two that intersects with A.
1679 * Anybody want to double-check the logic here? XXX
1681 for (i
= 0; i
< smartlist_len(dest
)-1; ++i
) {
1682 ap
= smartlist_get(dest
, i
);
1683 for (j
= i
+1; j
< smartlist_len(dest
); ++j
) {
1684 // tor_assert(j > i); // j starts out at i+1; j only increases; i only
1686 tmp
= smartlist_get(dest
, j
);
1687 if (ap
->policy_type
!= tmp
->policy_type
) {
1688 if (addr_policy_intersects(ap
, tmp
))
1690 } else { /* policy_types are equal. */
1691 if (addr_policy_covers(tmp
, ap
)) {
1692 char p1
[POLICY_BUF_LEN
], p2
[POLICY_BUF_LEN
];
1693 policy_write_item(p1
, sizeof(p1
), ap
, 0);
1694 policy_write_item(p2
, sizeof(p2
), tmp
, 0);
1695 log_debug(LD_CONFIG
, "Removing exit policy %s. It is already "
1696 "covered by %s.", p1
, p2
);
1697 smartlist_del_keeporder(dest
, i
--);
1698 addr_policy_free(ap
);
1706 /** Reject private helper for policies_parse_exit_policy_internal: rejects
1707 * publicly routable addresses on this exit relay.
1709 * Add reject entries to the linked list *dest:
1710 * - if configured_addresses is non-NULL, add entries that reject each
1711 * tor_addr_t* in the list as a destination.
1712 * - if reject_interface_addresses is true, add entries that reject each
1713 * public IPv4 and IPv6 address of each interface on this machine.
1714 * - if reject_configured_port_addresses is true, add entries that reject
1715 * each IPv4 and IPv6 address configured for a port.
1717 * IPv6 entries are only added if ipv6_exit is true. (All IPv6 addresses are
1718 * already blocked by policies_parse_exit_policy_internal if ipv6_exit is
1721 * The list *dest is created as needed.
1724 policies_parse_exit_policy_reject_private(
1727 const smartlist_t
*configured_addresses
,
1728 int reject_interface_addresses
,
1729 int reject_configured_port_addresses
)
1733 /* Reject configured addresses, if they are from public netblocks. */
1734 if (configured_addresses
) {
1735 addr_policy_append_reject_addr_list_filter(dest
, configured_addresses
,
1739 /* Reject configured port addresses, if they are from public netblocks. */
1740 if (reject_configured_port_addresses
) {
1741 const smartlist_t
*port_addrs
= get_configured_ports();
1743 SMARTLIST_FOREACH_BEGIN(port_addrs
, port_cfg_t
*, port
) {
1745 /* Only reject port IP addresses, not port unix sockets */
1746 if (!port
->is_unix_addr
) {
1747 addr_policy_append_reject_addr_filter(dest
, &port
->addr
, 1, ipv6_exit
);
1749 } SMARTLIST_FOREACH_END(port
);
1752 /* Reject local addresses from public netblocks on any interface. */
1753 if (reject_interface_addresses
) {
1754 smartlist_t
*public_addresses
= NULL
;
1756 /* Reject public IPv4 addresses on any interface */
1757 public_addresses
= get_interface_address6_list(LOG_INFO
, AF_INET
, 0);
1758 addr_policy_append_reject_addr_list_filter(dest
, public_addresses
, 1, 0);
1759 free_interface_address6_list(public_addresses
);
1761 /* Don't look for IPv6 addresses if we're configured as IPv4-only */
1763 /* Reject public IPv6 addresses on any interface */
1764 public_addresses
= get_interface_address6_list(LOG_INFO
, AF_INET6
, 0);
1765 addr_policy_append_reject_addr_list_filter(dest
, public_addresses
, 0, 1);
1766 free_interface_address6_list(public_addresses
);
1770 /* If addresses were added multiple times, remove all but one of them. */
1772 exit_policy_remove_redundancies(*dest
);
1777 * Iterate through <b>policy</b> looking for redundant entries. Log a
1778 * warning message with the first redundant entry, if any is found.
1781 policies_log_first_redundant_entry(const smartlist_t
*policy
)
1783 int found_final_effective_entry
= 0;
1784 int first_redundant_entry
= 0;
1786 SMARTLIST_FOREACH_BEGIN(policy
, const addr_policy_t
*, p
) {
1788 int found_ipv4_wildcard
= 0, found_ipv6_wildcard
= 0;
1789 const int i
= p_sl_idx
;
1791 /* Look for accept/reject *[4|6|]:* entires */
1792 if (p
->prt_min
<= 1 && p
->prt_max
== 65535 && p
->maskbits
== 0) {
1793 family
= tor_addr_family(&p
->addr
);
1794 /* accept/reject *:* may have already been expanded into
1795 * accept/reject *4:*,accept/reject *6:*
1796 * But handle both forms.
1798 if (family
== AF_INET
|| family
== AF_UNSPEC
) {
1799 found_ipv4_wildcard
= 1;
1801 if (family
== AF_INET6
|| family
== AF_UNSPEC
) {
1802 found_ipv6_wildcard
= 1;
1806 /* We also find accept *4:*,reject *6:* ; and
1807 * accept *4:*,<other policies>,accept *6:* ; and similar.
1808 * That's ok, because they make any subsequent entries redundant. */
1809 if (found_ipv4_wildcard
&& found_ipv6_wildcard
) {
1810 found_final_effective_entry
= 1;
1811 /* if we're not on the final entry in the list */
1812 if (i
< smartlist_len(policy
) - 1) {
1813 first_redundant_entry
= i
+ 1;
1817 } SMARTLIST_FOREACH_END(p
);
1819 /* Work out if there are redundant trailing entries in the policy list */
1820 if (found_final_effective_entry
&& first_redundant_entry
> 0) {
1821 const addr_policy_t
*p
;
1822 /* Longest possible policy is
1823 * "accept6 ffff:ffff:..255/128:10000-65535",
1824 * which contains a max-length IPv6 address, plus 24 characters. */
1825 char line
[TOR_ADDR_BUF_LEN
+ 32];
1827 tor_assert(first_redundant_entry
< smartlist_len(policy
));
1828 p
= smartlist_get(policy
, first_redundant_entry
);
1829 /* since we've already parsed the policy into an addr_policy_t struct,
1830 * we might not log exactly what the user typed in */
1831 policy_write_item(line
, TOR_ADDR_BUF_LEN
+ 32, p
, 0);
1832 log_warn(LD_DIR
, "Exit policy '%s' and all following policies are "
1833 "redundant, as it follows accept/reject *:* rules for both "
1834 "IPv4 and IPv6. They will be removed from the exit policy. (Use "
1835 "accept/reject *:* as the last entry in any exit policy.)",
1840 #define DEFAULT_EXIT_POLICY \
1841 "reject *:25,reject *:119,reject *:135-139,reject *:445," \
1842 "reject *:563,reject *:1214,reject *:4661-4666," \
1843 "reject *:6346-6429,reject *:6699,reject *:6881-6999,accept *:*"
1845 /** Parse the exit policy <b>cfg</b> into the linked list *<b>dest</b>.
1847 * If <b>ipv6_exit</b> is false, prepend "reject *6:*" to the policy.
1849 * If <b>rejectprivate</b> is true:
1850 * - prepend "reject private:*" to the policy.
1851 * - prepend entries that reject publicly routable addresses on this exit
1852 * relay by calling policies_parse_exit_policy_reject_private
1854 * If cfg doesn't end in an absolute accept or reject and if
1855 * <b>add_default_policy</b> is true, add the default exit
1856 * policy afterwards.
1858 * Return -1 if we can't parse cfg, else return 0.
1860 * This function is used to parse the exit policy from our torrc. For
1861 * the functions used to parse the exit policy from a router descriptor,
1862 * see router_add_exit_policy.
1865 policies_parse_exit_policy_internal(config_line_t
*cfg
,
1869 const smartlist_t
*configured_addresses
,
1870 int reject_interface_addresses
,
1871 int reject_configured_port_addresses
,
1872 int add_default_policy
)
1875 append_exit_policy_string(dest
, "reject *6:*");
1877 if (rejectprivate
) {
1878 /* Reject IPv4 and IPv6 reserved private netblocks */
1879 append_exit_policy_string(dest
, "reject private:*");
1880 /* Reject IPv4 and IPv6 publicly routable addresses on this exit relay */
1881 policies_parse_exit_policy_reject_private(
1883 configured_addresses
,
1884 reject_interface_addresses
,
1885 reject_configured_port_addresses
);
1887 if (parse_addr_policy(cfg
, dest
, -1))
1890 /* Before we add the default policy and final rejects, check to see if
1891 * there are any lines after accept *:* or reject *:*. These lines have no
1892 * effect, and are most likely an error. */
1893 policies_log_first_redundant_entry(*dest
);
1895 if (add_default_policy
) {
1896 append_exit_policy_string(dest
, DEFAULT_EXIT_POLICY
);
1898 append_exit_policy_string(dest
, "reject *4:*");
1899 append_exit_policy_string(dest
, "reject *6:*");
1901 exit_policy_remove_redundancies(*dest
);
1906 /** Parse exit policy in <b>cfg</b> into <b>dest</b> smartlist.
1908 * Prepend an entry that rejects all IPv6 destinations unless
1909 * <b>EXIT_POLICY_IPV6_ENABLED</b> bit is set in <b>options</b> bitmask.
1911 * If <b>EXIT_POLICY_REJECT_PRIVATE</b> bit is set in <b>options</b>:
1912 * - prepend an entry that rejects all destinations in all netblocks
1913 * reserved for private use.
1914 * - prepend entries that reject publicly routable addresses on this exit
1915 * relay by calling policies_parse_exit_policy_internal
1917 * If <b>EXIT_POLICY_ADD_DEFAULT</b> bit is set in <b>options</b>, append
1918 * default exit policy entries to <b>result</b> smartlist.
1921 policies_parse_exit_policy(config_line_t
*cfg
, smartlist_t
**dest
,
1922 exit_policy_parser_cfg_t options
,
1923 const smartlist_t
*configured_addresses
)
1925 int ipv6_enabled
= (options
& EXIT_POLICY_IPV6_ENABLED
) ? 1 : 0;
1926 int reject_private
= (options
& EXIT_POLICY_REJECT_PRIVATE
) ? 1 : 0;
1927 int add_default
= (options
& EXIT_POLICY_ADD_DEFAULT
) ? 1 : 0;
1929 return policies_parse_exit_policy_internal(cfg
,dest
,ipv6_enabled
,
1931 configured_addresses
,
1937 /** Helper function that adds a copy of addr to a smartlist as long as it is
1938 * non-NULL and not tor_addr_is_null().
1940 * The caller is responsible for freeing all the tor_addr_t* in the smartlist.
1943 policies_copy_addr_to_smartlist(smartlist_t
*addr_list
, const tor_addr_t
*addr
)
1945 if (addr
&& !tor_addr_is_null(addr
)) {
1946 tor_addr_t
*addr_copy
= tor_malloc(sizeof(tor_addr_t
));
1947 tor_addr_copy(addr_copy
, addr
);
1948 smartlist_add(addr_list
, addr_copy
);
1952 /** Helper function that adds ipv4h_addr to a smartlist as a tor_addr_t *,
1953 * as long as it is not tor_addr_is_null(), by converting it to a tor_addr_t
1954 * and passing it to policies_add_addr_to_smartlist.
1956 * The caller is responsible for freeing all the tor_addr_t* in the smartlist.
1959 policies_copy_ipv4h_to_smartlist(smartlist_t
*addr_list
, uint32_t ipv4h_addr
)
1962 tor_addr_t ipv4_tor_addr
;
1963 tor_addr_from_ipv4h(&ipv4_tor_addr
, ipv4h_addr
);
1964 policies_copy_addr_to_smartlist(addr_list
, &ipv4_tor_addr
);
1968 /** Helper function that adds copies of
1969 * or_options->OutboundBindAddressIPv[4|6]_ to a smartlist as tor_addr_t *, as
1970 * long as or_options is non-NULL, and the addresses are not
1971 * tor_addr_is_null(), by passing them to policies_add_addr_to_smartlist.
1973 * The caller is responsible for freeing all the tor_addr_t* in the smartlist.
1976 policies_copy_outbound_addresses_to_smartlist(smartlist_t
*addr_list
,
1977 const or_options_t
*or_options
)
1980 policies_copy_addr_to_smartlist(addr_list
,
1981 &or_options
->OutboundBindAddressIPv4_
);
1982 policies_copy_addr_to_smartlist(addr_list
,
1983 &or_options
->OutboundBindAddressIPv6_
);
1987 /** Parse <b>ExitPolicy</b> member of <b>or_options</b> into <b>result</b>
1989 * If <b>or_options->IPv6Exit</b> is false, prepend an entry that
1990 * rejects all IPv6 destinations.
1992 * If <b>or_options->ExitPolicyRejectPrivate</b> is true:
1993 * - prepend an entry that rejects all destinations in all netblocks reserved
1995 * - if local_address is non-zero, treat it as a host-order IPv4 address, and
1996 * add it to the list of configured addresses.
1997 * - if ipv6_local_address is non-NULL, and not the null tor_addr_t, add it
1998 * to the list of configured addresses.
1999 * - if or_options->OutboundBindAddressIPv4_ is not the null tor_addr_t, add
2000 * it to the list of configured addresses.
2001 * - if or_options->OutboundBindAddressIPv6_ is not the null tor_addr_t, add
2002 * it to the list of configured addresses.
2004 * If <b>or_options->BridgeRelay</b> is false, append entries of default
2005 * Tor exit policy into <b>result</b> smartlist.
2007 * If or_options->ExitRelay is false, then make our exit policy into
2008 * "reject *:*" regardless.
2011 policies_parse_exit_policy_from_options(const or_options_t
*or_options
,
2012 uint32_t local_address
,
2013 const tor_addr_t
*ipv6_local_address
,
2014 smartlist_t
**result
)
2016 exit_policy_parser_cfg_t parser_cfg
= 0;
2017 smartlist_t
*configured_addresses
= NULL
;
2020 /* Short-circuit for non-exit relays */
2021 if (or_options
->ExitRelay
== 0) {
2022 append_exit_policy_string(result
, "reject *4:*");
2023 append_exit_policy_string(result
, "reject *6:*");
2027 configured_addresses
= smartlist_new();
2029 /* Configure the parser */
2030 if (or_options
->IPv6Exit
) {
2031 parser_cfg
|= EXIT_POLICY_IPV6_ENABLED
;
2034 if (or_options
->ExitPolicyRejectPrivate
) {
2035 parser_cfg
|= EXIT_POLICY_REJECT_PRIVATE
;
2038 if (!or_options
->BridgeRelay
) {
2039 parser_cfg
|= EXIT_POLICY_ADD_DEFAULT
;
2042 /* Copy the configured addresses into the tor_addr_t* list */
2043 policies_copy_ipv4h_to_smartlist(configured_addresses
, local_address
);
2044 policies_copy_addr_to_smartlist(configured_addresses
, ipv6_local_address
);
2045 policies_copy_outbound_addresses_to_smartlist(configured_addresses
,
2048 rv
= policies_parse_exit_policy(or_options
->ExitPolicy
, result
, parser_cfg
,
2049 configured_addresses
);
2051 SMARTLIST_FOREACH(configured_addresses
, tor_addr_t
*, a
, tor_free(a
));
2052 smartlist_free(configured_addresses
);
2057 /** Add "reject *:*" to the end of the policy in *<b>dest</b>, allocating
2058 * *<b>dest</b> as needed. */
2060 policies_exit_policy_append_reject_star(smartlist_t
**dest
)
2062 append_exit_policy_string(dest
, "reject *4:*");
2063 append_exit_policy_string(dest
, "reject *6:*");
2066 /** Replace the exit policy of <b>node</b> with reject *:* */
2068 policies_set_node_exitpolicy_to_reject_all(node_t
*node
)
2070 node
->rejects_all
= 1;
2073 /** Return 1 if there is at least one /8 subnet in <b>policy</b> that
2074 * allows exiting to <b>port</b>. Otherwise, return 0. */
2076 exit_policy_is_general_exit_helper(smartlist_t
*policy
, int port
)
2078 uint32_t mask
, ip
, i
;
2079 /* Is this /8 rejected (1), or undecided (0)? */
2080 char subnet_status
[256];
2082 memset(subnet_status
, 0, sizeof(subnet_status
));
2083 SMARTLIST_FOREACH_BEGIN(policy
, addr_policy_t
*, p
) {
2084 if (tor_addr_family(&p
->addr
) != AF_INET
)
2085 continue; /* IPv4 only for now */
2086 if (p
->prt_min
> port
|| p
->prt_max
< port
)
2087 continue; /* Doesn't cover our port. */
2089 tor_assert(p
->maskbits
<= 32);
2092 mask
= UINT32_MAX
<<(32-p
->maskbits
);
2093 ip
= tor_addr_to_ipv4h(&p
->addr
);
2095 /* Calculate the first and last subnet that this exit policy touches
2096 * and set it as loop boundaries. */
2097 for (i
= ((mask
& ip
)>>24); i
<= (~((mask
& ip
) ^ mask
)>>24); ++i
) {
2099 if (subnet_status
[i
] != 0)
2100 continue; /* We already reject some part of this /8 */
2101 tor_addr_from_ipv4h(&addr
, i
<<24);
2102 if (tor_addr_is_internal(&addr
, 0))
2103 continue; /* Local or non-routable addresses */
2104 if (p
->policy_type
== ADDR_POLICY_ACCEPT
) {
2105 if (p
->maskbits
> 8)
2106 continue; /* Narrower than a /8. */
2107 /* We found an allowed subnet of at least size /8. Done
2110 } else if (p
->policy_type
== ADDR_POLICY_REJECT
) {
2111 subnet_status
[i
] = 1;
2114 } SMARTLIST_FOREACH_END(p
);
2118 /** Return true iff <b>ri</b> is "useful as an exit node", meaning
2119 * it allows exit to at least one /8 address space for at least
2120 * two of ports 80, 443, and 6667. */
2122 exit_policy_is_general_exit(smartlist_t
*policy
)
2124 static const int ports
[] = { 80, 443, 6667 };
2127 if (!policy
) /*XXXX disallow NULL policies? */
2130 for (i
= 0; i
< 3; ++i
) {
2131 n_allowed
+= exit_policy_is_general_exit_helper(policy
, ports
[i
]);
2133 return n_allowed
>= 2;
2136 /** Return false if <b>policy</b> might permit access to some addr:port;
2137 * otherwise if we are certain it rejects everything, return true. */
2139 policy_is_reject_star(const smartlist_t
*policy
, sa_family_t family
)
2141 if (!policy
) /*XXXX disallow NULL policies? */
2143 SMARTLIST_FOREACH_BEGIN(policy
, addr_policy_t
*, p
) {
2144 if (p
->policy_type
== ADDR_POLICY_ACCEPT
&&
2145 (tor_addr_family(&p
->addr
) == family
||
2146 tor_addr_family(&p
->addr
) == AF_UNSPEC
)) {
2148 } else if (p
->policy_type
== ADDR_POLICY_REJECT
&&
2149 p
->prt_min
<= 1 && p
->prt_max
== 65535 &&
2151 (tor_addr_family(&p
->addr
) == family
||
2152 tor_addr_family(&p
->addr
) == AF_UNSPEC
)) {
2155 } SMARTLIST_FOREACH_END(p
);
2159 /** Write a single address policy to the buf_len byte buffer at buf. Return
2160 * the number of characters written, or -1 on failure. */
2162 policy_write_item(char *buf
, size_t buflen
, const addr_policy_t
*policy
,
2163 int format_for_desc
)
2166 char addrbuf
[TOR_ADDR_BUF_LEN
];
2167 const char *addrpart
;
2169 const int is_accept
= policy
->policy_type
== ADDR_POLICY_ACCEPT
;
2170 const sa_family_t family
= tor_addr_family(&policy
->addr
);
2171 const int is_ip6
= (family
== AF_INET6
);
2173 tor_addr_to_str(addrbuf
, &policy
->addr
, sizeof(addrbuf
), 1);
2175 /* write accept/reject 1.2.3.4 */
2176 if (policy
->is_private
) {
2177 addrpart
= "private";
2178 } else if (policy
->maskbits
== 0) {
2179 if (format_for_desc
)
2181 else if (family
== AF_INET6
)
2183 else if (family
== AF_INET
)
2191 result
= tor_snprintf(buf
, buflen
, "%s%s %s",
2192 is_accept
? "accept" : "reject",
2193 (is_ip6
&&format_for_desc
)?"6":"",
2197 written
+= strlen(buf
);
2198 /* If the maskbits is 32 (IPv4) or 128 (IPv6) we don't need to give it. If
2199 the mask is 0, we already wrote "*". */
2200 if (policy
->maskbits
< (is_ip6
?128:32) && policy
->maskbits
> 0) {
2201 if (tor_snprintf(buf
+written
, buflen
-written
, "/%d", policy
->maskbits
)<0)
2203 written
+= strlen(buf
+written
);
2205 if (policy
->prt_min
<= 1 && policy
->prt_max
== 65535) {
2206 /* There is no port set; write ":*" */
2207 if (written
+4 > buflen
)
2209 strlcat(buf
+written
, ":*", buflen
-written
);
2211 } else if (policy
->prt_min
== policy
->prt_max
) {
2212 /* There is only one port; write ":80". */
2213 result
= tor_snprintf(buf
+written
, buflen
-written
, ":%d", policy
->prt_min
);
2218 /* There is a range of ports; write ":79-80". */
2219 result
= tor_snprintf(buf
+written
, buflen
-written
, ":%d-%d",
2220 policy
->prt_min
, policy
->prt_max
);
2225 if (written
< buflen
)
2226 buf
[written
] = '\0';
2230 return (int)written
;
2233 /** Create a new exit policy summary, initially only with a single
2234 * port 1-64k item */
2235 /* XXXX This entire thing will do most stuff in O(N^2), or worse. Use an
2236 * RB-tree if that turns out to matter. */
2237 static smartlist_t
*
2238 policy_summary_create(void)
2240 smartlist_t
*summary
;
2241 policy_summary_item_t
* item
;
2243 item
= tor_malloc_zero(sizeof(policy_summary_item_t
));
2245 item
->prt_max
= 65535;
2246 item
->reject_count
= 0;
2249 summary
= smartlist_new();
2250 smartlist_add(summary
, item
);
2255 /** Split the summary item in <b>item</b> at the port <b>new_starts</b>.
2256 * The current item is changed to end at new-starts - 1, the new item
2257 * copies reject_count and accepted from the old item,
2258 * starts at new_starts and ends at the port where the original item
2261 static policy_summary_item_t
*
2262 policy_summary_item_split(policy_summary_item_t
* old
, uint16_t new_starts
)
2264 policy_summary_item_t
* new;
2266 new = tor_malloc_zero(sizeof(policy_summary_item_t
));
2267 new->prt_min
= new_starts
;
2268 new->prt_max
= old
->prt_max
;
2269 new->reject_count
= old
->reject_count
;
2270 new->accepted
= old
->accepted
;
2272 old
->prt_max
= new_starts
-1;
2274 tor_assert(old
->prt_min
<= old
->prt_max
);
2275 tor_assert(new->prt_min
<= new->prt_max
);
2279 /* XXXX Nick says I'm going to hell for this. If he feels charitably towards
2280 * my immortal soul, he can clean it up himself. */
2281 #define AT(x) ((policy_summary_item_t*)smartlist_get(summary, x))
2283 #define REJECT_CUTOFF_COUNT (1<<25)
2284 /** Split an exit policy summary so that prt_min and prt_max
2285 * fall at exactly the start and end of an item respectively.
2288 policy_summary_split(smartlist_t
*summary
,
2289 uint16_t prt_min
, uint16_t prt_max
)
2295 while (AT(i
)->prt_max
< prt_min
)
2297 if (AT(i
)->prt_min
!= prt_min
) {
2298 policy_summary_item_t
* new_item
;
2299 new_item
= policy_summary_item_split(AT(i
), prt_min
);
2300 smartlist_insert(summary
, i
+1, new_item
);
2305 while (AT(i
)->prt_max
< prt_max
)
2307 if (AT(i
)->prt_max
!= prt_max
) {
2308 policy_summary_item_t
* new_item
;
2309 new_item
= policy_summary_item_split(AT(i
), prt_max
+1);
2310 smartlist_insert(summary
, i
+1, new_item
);
2313 return start_at_index
;
2316 /** Mark port ranges as accepted if they are below the reject_count */
2318 policy_summary_accept(smartlist_t
*summary
,
2319 uint16_t prt_min
, uint16_t prt_max
)
2321 int i
= policy_summary_split(summary
, prt_min
, prt_max
);
2322 while (i
< smartlist_len(summary
) &&
2323 AT(i
)->prt_max
<= prt_max
) {
2324 if (!AT(i
)->accepted
&&
2325 AT(i
)->reject_count
<= REJECT_CUTOFF_COUNT
)
2326 AT(i
)->accepted
= 1;
2329 tor_assert(i
< smartlist_len(summary
) || prt_max
==65535);
2332 /** Count the number of addresses in a network with prefixlen maskbits
2333 * against the given portrange. */
2335 policy_summary_reject(smartlist_t
*summary
,
2336 maskbits_t maskbits
,
2337 uint16_t prt_min
, uint16_t prt_max
)
2339 int i
= policy_summary_split(summary
, prt_min
, prt_max
);
2340 /* XXX: ipv4 specific */
2341 uint64_t count
= (U64_LITERAL(1) << (32-maskbits
));
2342 while (i
< smartlist_len(summary
) &&
2343 AT(i
)->prt_max
<= prt_max
) {
2344 AT(i
)->reject_count
+= count
;
2347 tor_assert(i
< smartlist_len(summary
) || prt_max
==65535);
2350 /** Add a single exit policy item to our summary:
2351 * If it is an accept ignore it unless it is for all IP addresses
2352 * ("*"), i.e. it's prefixlen/maskbits is 0, else call
2353 * policy_summary_accept().
2354 * If it's a reject ignore it if it is about one of the private
2355 * networks, else call policy_summary_reject().
2358 policy_summary_add_item(smartlist_t
*summary
, addr_policy_t
*p
)
2360 if (p
->policy_type
== ADDR_POLICY_ACCEPT
) {
2361 if (p
->maskbits
== 0) {
2362 policy_summary_accept(summary
, p
->prt_min
, p
->prt_max
);
2364 } else if (p
->policy_type
== ADDR_POLICY_REJECT
) {
2368 for (i
= 0; private_nets
[i
]; ++i
) {
2370 maskbits_t maskbits
;
2371 if (tor_addr_parse_mask_ports(private_nets
[i
], 0, &addr
,
2372 &maskbits
, NULL
, NULL
)<0) {
2375 if (tor_addr_compare(&p
->addr
, &addr
, CMP_EXACT
) == 0 &&
2376 p
->maskbits
== maskbits
) {
2383 policy_summary_reject(summary
, p
->maskbits
, p
->prt_min
, p
->prt_max
);
2389 /** Create a string representing a summary for an exit policy.
2390 * The summary will either be an "accept" plus a comma-separated list of port
2391 * ranges or a "reject" plus port-ranges, depending on which is shorter.
2393 * If no exits are allowed at all then "reject 1-65535" is returned. If no
2394 * ports are blocked instead of "reject " we return "accept 1-65535". (These
2395 * are an exception to the shorter-representation-wins rule).
2398 policy_summarize(smartlist_t
*policy
, sa_family_t family
)
2400 smartlist_t
*summary
= policy_summary_create();
2401 smartlist_t
*accepts
, *rejects
;
2402 int i
, last
, start_prt
;
2403 size_t accepts_len
, rejects_len
;
2404 char *accepts_str
= NULL
, *rejects_str
= NULL
, *shorter_str
, *result
;
2409 /* Create the summary list */
2410 SMARTLIST_FOREACH_BEGIN(policy
, addr_policy_t
*, p
) {
2411 sa_family_t f
= tor_addr_family(&p
->addr
);
2412 if (f
!= AF_INET
&& f
!= AF_INET6
) {
2413 log_warn(LD_BUG
, "Weird family when summarizing address policy");
2417 /* XXXX-ipv6 More family work is needed */
2418 policy_summary_add_item(summary
, p
);
2419 } SMARTLIST_FOREACH_END(p
);
2421 /* Now create two lists of strings, one for accepted and one
2422 * for rejected ports. We take care to merge ranges so that
2423 * we avoid getting stuff like "1-4,5-9,10", instead we want
2428 accepts
= smartlist_new();
2429 rejects
= smartlist_new();
2431 last
= i
== smartlist_len(summary
)-1;
2433 AT(i
)->accepted
!= AT(i
+1)->accepted
) {
2434 char buf
[POLICY_BUF_LEN
];
2436 if (start_prt
== AT(i
)->prt_max
)
2437 tor_snprintf(buf
, sizeof(buf
), "%d", start_prt
);
2439 tor_snprintf(buf
, sizeof(buf
), "%d-%d", start_prt
, AT(i
)->prt_max
);
2441 if (AT(i
)->accepted
)
2442 smartlist_add(accepts
, tor_strdup(buf
));
2444 smartlist_add(rejects
, tor_strdup(buf
));
2449 start_prt
= AT(i
+1)->prt_min
;
2454 /* Figure out which of the two stringlists will be shorter and use
2455 * that to build the result
2457 if (smartlist_len(accepts
) == 0) { /* no exits at all */
2458 result
= tor_strdup("reject 1-65535");
2461 if (smartlist_len(rejects
) == 0) { /* no rejects at all */
2462 result
= tor_strdup("accept 1-65535");
2466 accepts_str
= smartlist_join_strings(accepts
, ",", 0, &accepts_len
);
2467 rejects_str
= smartlist_join_strings(rejects
, ",", 0, &rejects_len
);
2469 if (rejects_len
> MAX_EXITPOLICY_SUMMARY_LEN
-strlen("reject")-1 &&
2470 accepts_len
> MAX_EXITPOLICY_SUMMARY_LEN
-strlen("accept")-1) {
2472 shorter_str
= accepts_str
;
2475 c
= shorter_str
+ (MAX_EXITPOLICY_SUMMARY_LEN
-strlen(prefix
)-1);
2476 while (*c
!= ',' && c
>= shorter_str
)
2478 tor_assert(c
>= shorter_str
);
2479 tor_assert(*c
== ',');
2482 } else if (rejects_len
< accepts_len
) {
2483 shorter_str
= rejects_str
;
2486 shorter_str
= accepts_str
;
2490 tor_asprintf(&result
, "%s %s", prefix
, shorter_str
);
2494 SMARTLIST_FOREACH(summary
, policy_summary_item_t
*, s
, tor_free(s
));
2495 smartlist_free(summary
);
2497 tor_free(accepts_str
);
2498 SMARTLIST_FOREACH(accepts
, char *, s
, tor_free(s
));
2499 smartlist_free(accepts
);
2501 tor_free(rejects_str
);
2502 SMARTLIST_FOREACH(rejects
, char *, s
, tor_free(s
));
2503 smartlist_free(rejects
);
2508 /** Convert a summarized policy string into a short_policy_t. Return NULL
2509 * if the string is not well-formed. */
2511 parse_short_policy(const char *summary
)
2513 const char *orig_summary
= summary
;
2514 short_policy_t
*result
;
2517 short_policy_entry_t entries
[MAX_EXITPOLICY_SUMMARY_LEN
]; /* overkill */
2520 if (!strcmpstart(summary
, "accept ")) {
2522 summary
+= strlen("accept ");
2523 } else if (!strcmpstart(summary
, "reject ")) {
2525 summary
+= strlen("reject ");
2527 log_fn(LOG_PROTOCOL_WARN
, LD_DIR
, "Unrecognized policy summary keyword");
2532 for ( ; *summary
; summary
= next
) {
2533 const char *comma
= strchr(summary
, ',');
2539 next
= comma
? comma
+1 : strchr(summary
, '\0');
2540 len
= comma
? (size_t)(comma
- summary
) : strlen(summary
);
2542 if (n_entries
== MAX_EXITPOLICY_SUMMARY_LEN
) {
2543 log_fn(LOG_PROTOCOL_WARN
, LD_DIR
, "Impossibly long policy summary %s",
2544 escaped(orig_summary
));
2548 if (! TOR_ISDIGIT(*summary
) || len
> (sizeof(ent_buf
)-1)) {
2549 /* unrecognized entry format. skip it. */
2553 /* empty; skip it. */
2554 /* XXX This happens to be unreachable, since if len==0, then *summary is
2555 * ',' or '\0', and the TOR_ISDIGIT test above would have failed. */
2559 memcpy(ent_buf
, summary
, len
);
2560 ent_buf
[len
] = '\0';
2562 if (tor_sscanf(ent_buf
, "%u-%u%c", &low
, &high
, &dummy
) == 2) {
2563 if (low
<1 || low
>65535 || high
<1 || high
>65535 || low
>high
) {
2564 log_fn(LOG_PROTOCOL_WARN
, LD_DIR
,
2565 "Found bad entry in policy summary %s", escaped(orig_summary
));
2568 } else if (tor_sscanf(ent_buf
, "%u%c", &low
, &dummy
) == 1) {
2569 if (low
<1 || low
>65535) {
2570 log_fn(LOG_PROTOCOL_WARN
, LD_DIR
,
2571 "Found bad entry in policy summary %s", escaped(orig_summary
));
2576 log_fn(LOG_PROTOCOL_WARN
, LD_DIR
,"Found bad entry in policy summary %s",
2577 escaped(orig_summary
));
2581 entries
[n_entries
].min_port
= low
;
2582 entries
[n_entries
].max_port
= high
;
2586 if (n_entries
== 0) {
2587 log_fn(LOG_PROTOCOL_WARN
, LD_DIR
,
2588 "Found no port-range entries in summary %s", escaped(orig_summary
));
2593 size_t size
= STRUCT_OFFSET(short_policy_t
, entries
) +
2594 sizeof(short_policy_entry_t
)*(n_entries
);
2595 result
= tor_malloc_zero(size
);
2597 tor_assert( (char*)&result
->entries
[n_entries
-1] < ((char*)result
)+size
);
2600 result
->is_accept
= is_accept
;
2601 result
->n_entries
= n_entries
;
2602 memcpy(result
->entries
, entries
, sizeof(short_policy_entry_t
)*n_entries
);
2606 /** Write <b>policy</b> back out into a string. Used only for unit tests
2609 write_short_policy(const short_policy_t
*policy
)
2613 smartlist_t
*sl
= smartlist_new();
2615 smartlist_add_asprintf(sl
, "%s", policy
->is_accept
? "accept " : "reject ");
2617 for (i
=0; i
< policy
->n_entries
; i
++) {
2618 const short_policy_entry_t
*e
= &policy
->entries
[i
];
2619 if (e
->min_port
== e
->max_port
) {
2620 smartlist_add_asprintf(sl
, "%d", e
->min_port
);
2622 smartlist_add_asprintf(sl
, "%d-%d", e
->min_port
, e
->max_port
);
2624 if (i
< policy
->n_entries
-1)
2625 smartlist_add(sl
, tor_strdup(","));
2627 answer
= smartlist_join_strings(sl
, "", 0, NULL
);
2628 SMARTLIST_FOREACH(sl
, char *, a
, tor_free(a
));
2633 /** Release all storage held in <b>policy</b>. */
2635 short_policy_free(short_policy_t
*policy
)
2640 /** See whether the <b>addr</b>:<b>port</b> address is likely to be accepted
2641 * or rejected by the summarized policy <b>policy</b>. Return values are as
2642 * for compare_tor_addr_to_addr_policy. Unlike the regular addr_policy
2643 * functions, requires the <b>port</b> be specified. */
2644 addr_policy_result_t
2645 compare_tor_addr_to_short_policy(const tor_addr_t
*addr
, uint16_t port
,
2646 const short_policy_t
*policy
)
2649 int found_match
= 0;
2652 tor_assert(port
!= 0);
2654 if (addr
&& tor_addr_is_null(addr
))
2655 addr
= NULL
; /* Unspec means 'no address at all,' in this context. */
2657 if (addr
&& get_options()->ClientRejectInternalAddresses
&&
2658 (tor_addr_is_internal(addr
, 0) || tor_addr_is_loopback(addr
)))
2659 return ADDR_POLICY_REJECTED
;
2661 for (i
=0; i
< policy
->n_entries
; ++i
) {
2662 const short_policy_entry_t
*e
= &policy
->entries
[i
];
2663 if (e
->min_port
<= port
&& port
<= e
->max_port
) {
2670 accept
= policy
->is_accept
;
2672 accept
= ! policy
->is_accept
;
2674 /* ???? are these right? -NM */
2675 /* We should be sure not to return ADDR_POLICY_ACCEPTED in the accept
2676 * case here, because it would cause clients to believe that the node
2677 * allows exit enclaving. Trying it anyway would open up a cool attack
2678 * where the node refuses due to exitpolicy, the client reacts in
2679 * surprise by rewriting the node's exitpolicy to reject *:*, and then
2680 * a bad guy targets users by causing them to attempt such connections
2681 * to 98% of the exits.
2683 * Once microdescriptors can handle addresses in special cases (e.g. if
2684 * we ever solve ticket 1774), we can provide certainty here. -RD */
2686 return ADDR_POLICY_PROBABLY_ACCEPTED
;
2688 return ADDR_POLICY_REJECTED
;
2691 /** Return true iff <b>policy</b> seems reject all ports */
2693 short_policy_is_reject_star(const short_policy_t
*policy
)
2695 /* This doesn't need to be as much on the lookout as policy_is_reject_star,
2696 * since policy summaries are from the consensus or from consensus
2700 /* Check for an exact match of "reject 1-65535". */
2701 return (policy
->is_accept
== 0 && policy
->n_entries
== 1 &&
2702 policy
->entries
[0].min_port
== 1 &&
2703 policy
->entries
[0].max_port
== 65535);
2706 /** Decide whether addr:port is probably or definitely accepted or rejected by
2707 * <b>node</b>. See compare_tor_addr_to_addr_policy for details on addr/port
2708 * interpretation. */
2709 addr_policy_result_t
2710 compare_tor_addr_to_node_policy(const tor_addr_t
*addr
, uint16_t port
,
2713 if (node
->rejects_all
)
2714 return ADDR_POLICY_REJECTED
;
2716 if (addr
&& tor_addr_family(addr
) == AF_INET6
) {
2717 const short_policy_t
*p
= NULL
;
2719 p
= node
->ri
->ipv6_exit_policy
;
2721 p
= node
->md
->ipv6_exit_policy
;
2723 return compare_tor_addr_to_short_policy(addr
, port
, p
);
2725 return ADDR_POLICY_REJECTED
;
2729 return compare_tor_addr_to_addr_policy(addr
, port
, node
->ri
->exit_policy
);
2730 } else if (node
->md
) {
2731 if (node
->md
->exit_policy
== NULL
)
2732 return ADDR_POLICY_REJECTED
;
2734 return compare_tor_addr_to_short_policy(addr
, port
,
2735 node
->md
->exit_policy
);
2737 return ADDR_POLICY_PROBABLY_REJECTED
;
2742 * Given <b>policy_list</b>, a list of addr_policy_t, produce a string
2743 * representation of the list.
2744 * If <b>include_ipv4</b> is true, include IPv4 entries.
2745 * If <b>include_ipv6</b> is true, include IPv6 entries.
2748 policy_dump_to_string(const smartlist_t
*policy_list
,
2752 smartlist_t
*policy_string_list
;
2753 char *policy_string
= NULL
;
2755 policy_string_list
= smartlist_new();
2757 SMARTLIST_FOREACH_BEGIN(policy_list
, addr_policy_t
*, tmpe
) {
2759 int bytes_written_to_pbuf
;
2760 if ((tor_addr_family(&tmpe
->addr
) == AF_INET6
) && (!include_ipv6
)) {
2761 continue; /* Don't include IPv6 parts of address policy */
2763 if ((tor_addr_family(&tmpe
->addr
) == AF_INET
) && (!include_ipv4
)) {
2764 continue; /* Don't include IPv4 parts of address policy */
2767 pbuf
= tor_malloc(POLICY_BUF_LEN
);
2768 bytes_written_to_pbuf
= policy_write_item(pbuf
,POLICY_BUF_LEN
, tmpe
, 1);
2770 if (bytes_written_to_pbuf
< 0) {
2771 log_warn(LD_BUG
, "policy_dump_to_string ran out of room!");
2776 smartlist_add(policy_string_list
,pbuf
);
2777 } SMARTLIST_FOREACH_END(tmpe
);
2779 policy_string
= smartlist_join_strings(policy_string_list
, "\n", 0, NULL
);
2782 SMARTLIST_FOREACH(policy_string_list
, char *, str
, tor_free(str
));
2783 smartlist_free(policy_string_list
);
2785 return policy_string
;
2788 /** Implementation for GETINFO control command: knows the answer for questions
2789 * about "exit-policy/..." */
2791 getinfo_helper_policies(control_connection_t
*conn
,
2792 const char *question
, char **answer
,
2793 const char **errmsg
)
2797 if (!strcmp(question
, "exit-policy/default")) {
2798 *answer
= tor_strdup(DEFAULT_EXIT_POLICY
);
2799 } else if (!strcmp(question
, "exit-policy/reject-private/default")) {
2800 smartlist_t
*private_policy_strings
;
2801 const char **priv
= private_nets
;
2803 private_policy_strings
= smartlist_new();
2805 while (*priv
!= NULL
) {
2806 /* IPv6 addresses are in "[]" and contain ":",
2807 * IPv4 addresses are not in "[]" and contain "." */
2808 smartlist_add_asprintf(private_policy_strings
, "reject %s:*", *priv
);
2812 *answer
= smartlist_join_strings(private_policy_strings
,
2815 SMARTLIST_FOREACH(private_policy_strings
, char *, str
, tor_free(str
));
2816 smartlist_free(private_policy_strings
);
2817 } else if (!strcmp(question
, "exit-policy/reject-private/relay")) {
2818 const or_options_t
*options
= get_options();
2819 const routerinfo_t
*me
= router_get_my_routerinfo();
2822 *errmsg
= "router_get_my_routerinfo returned NULL";
2826 if (!options
->ExitPolicyRejectPrivate
) {
2827 *answer
= tor_strdup("");
2831 smartlist_t
*private_policy_list
= smartlist_new();
2832 smartlist_t
*configured_addresses
= smartlist_new();
2834 /* Copy the configured addresses into the tor_addr_t* list */
2835 policies_copy_ipv4h_to_smartlist(configured_addresses
, me
->addr
);
2836 policies_copy_addr_to_smartlist(configured_addresses
, &me
->ipv6_addr
);
2837 policies_copy_outbound_addresses_to_smartlist(configured_addresses
,
2840 policies_parse_exit_policy_reject_private(
2841 &private_policy_list
,
2843 configured_addresses
,
2845 *answer
= policy_dump_to_string(private_policy_list
, 1, 1);
2847 addr_policy_list_free(private_policy_list
);
2848 SMARTLIST_FOREACH(configured_addresses
, tor_addr_t
*, a
, tor_free(a
));
2849 smartlist_free(configured_addresses
);
2850 } else if (!strcmpstart(question
, "exit-policy/")) {
2851 const routerinfo_t
*me
= router_get_my_routerinfo();
2853 int include_ipv4
= 0;
2854 int include_ipv6
= 0;
2856 if (!strcmp(question
, "exit-policy/ipv4")) {
2858 } else if (!strcmp(question
, "exit-policy/ipv6")) {
2860 } else if (!strcmp(question
, "exit-policy/full")) {
2861 include_ipv4
= include_ipv6
= 1;
2863 return 0; /* No such key. */
2867 *errmsg
= "router_get_my_routerinfo returned NULL";
2871 *answer
= router_dump_exit_policy_to_string(me
,include_ipv4
,include_ipv6
);
2876 /** Release all storage held by <b>p</b>. */
2878 addr_policy_list_free(smartlist_t
*lst
)
2882 SMARTLIST_FOREACH(lst
, addr_policy_t
*, policy
, addr_policy_free(policy
));
2883 smartlist_free(lst
);
2886 /** Release all storage held by <b>p</b>. */
2888 addr_policy_free(addr_policy_t
*p
)
2893 if (--p
->refcnt
<= 0) {
2894 if (p
->is_canonical
) {
2895 policy_map_ent_t search
, *found
;
2897 found
= HT_REMOVE(policy_map
, &policy_root
, &search
);
2899 tor_assert(p
== found
->policy
);
2907 /** Release all storage held by policy variables. */
2909 policies_free_all(void)
2911 addr_policy_list_free(reachable_or_addr_policy
);
2912 reachable_or_addr_policy
= NULL
;
2913 addr_policy_list_free(reachable_dir_addr_policy
);
2914 reachable_dir_addr_policy
= NULL
;
2915 addr_policy_list_free(socks_policy
);
2916 socks_policy
= NULL
;
2917 addr_policy_list_free(dir_policy
);
2919 addr_policy_list_free(authdir_reject_policy
);
2920 authdir_reject_policy
= NULL
;
2921 addr_policy_list_free(authdir_invalid_policy
);
2922 authdir_invalid_policy
= NULL
;
2923 addr_policy_list_free(authdir_badexit_policy
);
2924 authdir_badexit_policy
= NULL
;
2926 if (!HT_EMPTY(&policy_root
)) {
2927 policy_map_ent_t
**ent
;
2929 char buf
[POLICY_BUF_LEN
];
2931 log_warn(LD_MM
, "Still had %d address policies cached at shutdown.",
2932 (int)HT_SIZE(&policy_root
));
2934 /* Note the first 10 cached policies to try to figure out where they
2935 * might be coming from. */
2936 HT_FOREACH(ent
, policy_map
, &policy_root
) {
2939 if (policy_write_item(buf
, sizeof(buf
), (*ent
)->policy
, 0) >= 0)
2940 log_warn(LD_MM
," %d [%d]: %s", n
, (*ent
)->policy
->refcnt
, buf
);
2943 HT_CLEAR(policy_map
, &policy_root
);