2010-07-23 20:51:25 +02:00
|
|
|
/* Copyright (c) 2001 Matej Pfajfar.
|
|
|
|
* Copyright (c) 2001-2004, Roger Dingledine.
|
|
|
|
* Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson.
|
2012-06-05 02:58:17 +02:00
|
|
|
* Copyright (c) 2007-2012, The Tor Project, Inc. */
|
2010-07-23 20:51:25 +02:00
|
|
|
/* See LICENSE for licensing information */
|
|
|
|
|
|
|
|
/**
|
|
|
|
* \file policies.h
|
2010-07-28 17:42:33 +02:00
|
|
|
* \brief Header file for policies.c.
|
2010-07-23 20:51:25 +02:00
|
|
|
**/
|
|
|
|
|
|
|
|
#ifndef _TOR_POLICIES_H
|
|
|
|
#define _TOR_POLICIES_H
|
|
|
|
|
|
|
|
/* (length of "accept 255.255.255.255/255.255.255.255:65535-65535\n" plus a
|
|
|
|
* NUL.)
|
|
|
|
*/
|
|
|
|
#define POLICY_BUF_LEN 52
|
|
|
|
|
|
|
|
int firewall_is_fascist_or(void);
|
|
|
|
int fascist_firewall_allows_address_or(const tor_addr_t *addr, uint16_t port);
|
2010-09-29 06:38:32 +02:00
|
|
|
int fascist_firewall_allows_or(const routerinfo_t *ri);
|
Initial conversion to use node_t throughout our codebase.
A node_t is an abstraction over routerstatus_t, routerinfo_t, and
microdesc_t. It should try to present a consistent interface to all
of them. There should be a node_t for a server whenever there is
* A routerinfo_t for it in the routerlist
* A routerstatus_t in the current_consensus.
(note that a microdesc_t alone isn't enough to make a node_t exist,
since microdescriptors aren't usable on their own.)
There are three ways to get a node_t right now: looking it up by ID,
looking it up by nickname, and iterating over the whole list of
microdescriptors.
All (or nearly all) functions that are supposed to return "a router"
-- especially those used in building connections and circuits --
should return a node_t, not a routerinfo_t or a routerstatus_t.
A node_t should hold all the *mutable* flags about a node. This
patch moves the is_foo flags from routerinfo_t into node_t. The
flags in routerstatus_t remain, but they get set from the consensus
and should not change.
Some other highlights of this patch are:
* Looking up routerinfo and routerstatus by nickname is now
unified and based on the "look up a node by nickname" function.
This tries to look only at the values from current consensus,
and not get confused by the routerinfo_t->is_named flag, which
could get set for other weird reasons. This changes the
behavior of how authorities (when acting as clients) deal with
nodes that have been listed by nickname.
* I tried not to artificially increase the size of the diff here
by moving functions around. As a result, some functions that
now operate on nodes are now in the wrong file -- they should
get moved to nodelist.c once this refactoring settles down.
This moving should happen as part of a patch that moves
functions AND NOTHING ELSE.
* Some old code is now left around inside #if 0/1 blocks, and
should get removed once I've verified that I don't want it
sitting around to see how we used to do things.
There are still some unimplemented functions: these are flagged
with "UNIMPLEMENTED_NODELIST()." I'll work on filling in the
implementation here, piece by piece.
I wish this patch could have been smaller, but there did not seem to
be any piece of it that was independent from the rest. Moving flags
forces many functions that once returned routerinfo_t * to return
node_t *, which forces their friends to change, and so on.
2010-09-29 21:00:41 +02:00
|
|
|
int fascist_firewall_allows_node(const node_t *node);
|
2010-07-23 20:51:25 +02:00
|
|
|
int fascist_firewall_allows_address_dir(const tor_addr_t *addr, uint16_t port);
|
|
|
|
int dir_policy_permits_address(const tor_addr_t *addr);
|
|
|
|
int socks_policy_permits_address(const tor_addr_t *addr);
|
|
|
|
int authdir_policy_permits_address(uint32_t addr, uint16_t port);
|
|
|
|
int authdir_policy_valid_address(uint32_t addr, uint16_t port);
|
|
|
|
int authdir_policy_baddir_address(uint32_t addr, uint16_t port);
|
|
|
|
int authdir_policy_badexit_address(uint32_t addr, uint16_t port);
|
|
|
|
|
2011-06-14 19:01:38 +02:00
|
|
|
int validate_addr_policies(const or_options_t *options, char **msg);
|
2010-07-23 20:51:25 +02:00
|
|
|
void policy_expand_private(smartlist_t **policy);
|
2011-06-14 19:01:38 +02:00
|
|
|
int policies_parse_from_options(const or_options_t *options);
|
2010-07-23 20:51:25 +02:00
|
|
|
|
|
|
|
addr_policy_t *addr_policy_get_canonical_entry(addr_policy_t *ent);
|
|
|
|
int cmp_addr_policies(smartlist_t *a, smartlist_t *b);
|
|
|
|
addr_policy_result_t compare_tor_addr_to_addr_policy(const tor_addr_t *addr,
|
|
|
|
uint16_t port, const smartlist_t *policy);
|
Initial conversion to use node_t throughout our codebase.
A node_t is an abstraction over routerstatus_t, routerinfo_t, and
microdesc_t. It should try to present a consistent interface to all
of them. There should be a node_t for a server whenever there is
* A routerinfo_t for it in the routerlist
* A routerstatus_t in the current_consensus.
(note that a microdesc_t alone isn't enough to make a node_t exist,
since microdescriptors aren't usable on their own.)
There are three ways to get a node_t right now: looking it up by ID,
looking it up by nickname, and iterating over the whole list of
microdescriptors.
All (or nearly all) functions that are supposed to return "a router"
-- especially those used in building connections and circuits --
should return a node_t, not a routerinfo_t or a routerstatus_t.
A node_t should hold all the *mutable* flags about a node. This
patch moves the is_foo flags from routerinfo_t into node_t. The
flags in routerstatus_t remain, but they get set from the consensus
and should not change.
Some other highlights of this patch are:
* Looking up routerinfo and routerstatus by nickname is now
unified and based on the "look up a node by nickname" function.
This tries to look only at the values from current consensus,
and not get confused by the routerinfo_t->is_named flag, which
could get set for other weird reasons. This changes the
behavior of how authorities (when acting as clients) deal with
nodes that have been listed by nickname.
* I tried not to artificially increase the size of the diff here
by moving functions around. As a result, some functions that
now operate on nodes are now in the wrong file -- they should
get moved to nodelist.c once this refactoring settles down.
This moving should happen as part of a patch that moves
functions AND NOTHING ELSE.
* Some old code is now left around inside #if 0/1 blocks, and
should get removed once I've verified that I don't want it
sitting around to see how we used to do things.
There are still some unimplemented functions: these are flagged
with "UNIMPLEMENTED_NODELIST()." I'll work on filling in the
implementation here, piece by piece.
I wish this patch could have been smaller, but there did not seem to
be any piece of it that was independent from the rest. Moving flags
forces many functions that once returned routerinfo_t * to return
node_t *, which forces their friends to change, and so on.
2010-09-29 21:00:41 +02:00
|
|
|
|
|
|
|
addr_policy_result_t compare_tor_addr_to_node_policy(const tor_addr_t *addr,
|
|
|
|
uint16_t port, const node_t *node);
|
|
|
|
|
2010-07-23 20:51:25 +02:00
|
|
|
int policies_parse_exit_policy(config_line_t *cfg, smartlist_t **dest,
|
|
|
|
int rejectprivate, const char *local_address,
|
|
|
|
int add_default_policy);
|
2011-02-22 20:06:28 +01:00
|
|
|
void policies_exit_policy_append_reject_star(smartlist_t **dest);
|
Initial conversion to use node_t throughout our codebase.
A node_t is an abstraction over routerstatus_t, routerinfo_t, and
microdesc_t. It should try to present a consistent interface to all
of them. There should be a node_t for a server whenever there is
* A routerinfo_t for it in the routerlist
* A routerstatus_t in the current_consensus.
(note that a microdesc_t alone isn't enough to make a node_t exist,
since microdescriptors aren't usable on their own.)
There are three ways to get a node_t right now: looking it up by ID,
looking it up by nickname, and iterating over the whole list of
microdescriptors.
All (or nearly all) functions that are supposed to return "a router"
-- especially those used in building connections and circuits --
should return a node_t, not a routerinfo_t or a routerstatus_t.
A node_t should hold all the *mutable* flags about a node. This
patch moves the is_foo flags from routerinfo_t into node_t. The
flags in routerstatus_t remain, but they get set from the consensus
and should not change.
Some other highlights of this patch are:
* Looking up routerinfo and routerstatus by nickname is now
unified and based on the "look up a node by nickname" function.
This tries to look only at the values from current consensus,
and not get confused by the routerinfo_t->is_named flag, which
could get set for other weird reasons. This changes the
behavior of how authorities (when acting as clients) deal with
nodes that have been listed by nickname.
* I tried not to artificially increase the size of the diff here
by moving functions around. As a result, some functions that
now operate on nodes are now in the wrong file -- they should
get moved to nodelist.c once this refactoring settles down.
This moving should happen as part of a patch that moves
functions AND NOTHING ELSE.
* Some old code is now left around inside #if 0/1 blocks, and
should get removed once I've verified that I don't want it
sitting around to see how we used to do things.
There are still some unimplemented functions: these are flagged
with "UNIMPLEMENTED_NODELIST()." I'll work on filling in the
implementation here, piece by piece.
I wish this patch could have been smaller, but there did not seem to
be any piece of it that was independent from the rest. Moving flags
forces many functions that once returned routerinfo_t * to return
node_t *, which forces their friends to change, and so on.
2010-09-29 21:00:41 +02:00
|
|
|
void policies_set_node_exitpolicy_to_reject_all(node_t *exitrouter);
|
2010-07-23 20:51:25 +02:00
|
|
|
int exit_policy_is_general_exit(smartlist_t *policy);
|
|
|
|
int policy_is_reject_star(const smartlist_t *policy);
|
|
|
|
int getinfo_helper_policies(control_connection_t *conn,
|
|
|
|
const char *question, char **answer,
|
|
|
|
const char **errmsg);
|
|
|
|
int policy_write_item(char *buf, size_t buflen, addr_policy_t *item,
|
|
|
|
int format_for_desc);
|
|
|
|
|
|
|
|
void addr_policy_list_free(smartlist_t *p);
|
|
|
|
void addr_policy_free(addr_policy_t *p);
|
|
|
|
void policies_free_all(void);
|
|
|
|
|
|
|
|
char *policy_summarize(smartlist_t *policy);
|
|
|
|
|
2010-10-02 00:12:30 +02:00
|
|
|
short_policy_t *parse_short_policy(const char *summary);
|
2012-10-22 23:09:43 +02:00
|
|
|
const char *write_short_policy(const short_policy_t *policy);
|
2010-10-02 00:12:30 +02:00
|
|
|
void short_policy_free(short_policy_t *policy);
|
|
|
|
int short_policy_is_reject_star(const short_policy_t *policy);
|
|
|
|
addr_policy_result_t compare_tor_addr_to_short_policy(
|
|
|
|
const tor_addr_t *addr, uint16_t port,
|
|
|
|
const short_policy_t *policy);
|
|
|
|
|
2010-07-23 20:51:25 +02:00
|
|
|
#endif
|
|
|
|
|