mirror of
https://gitlab.torproject.org/tpo/core/tor.git
synced 2024-11-23 20:03:31 +01:00
Fix bug 1113.
Bridges do not use the default exit policy, but reject *:* by default.
This commit is contained in:
parent
8c34e79263
commit
56c2385157
@ -40,6 +40,8 @@ Changes in version 0.2.2.6-alpha - 2009-10-??
|
||||
- If your relay can't keep up with the number of incoming create
|
||||
cells, it would log one warning per failure into your logs. Limit
|
||||
warnings to 1 per minute. Bugfix on 0.0.2pre10; fixes bug 1042.
|
||||
- Bridges do not use the default exit policy, but reject *:* by
|
||||
default. Fixes bug 1113.
|
||||
|
||||
|
||||
Changes in version 0.2.2.5-alpha - 2009-10-11
|
||||
|
@ -4353,7 +4353,8 @@ addr_policy_result_t compare_tor_addr_to_addr_policy(const tor_addr_t *addr,
|
||||
addr_policy_result_t compare_addr_to_addr_policy(uint32_t addr,
|
||||
uint16_t port, const smartlist_t *policy);
|
||||
int policies_parse_exit_policy(config_line_t *cfg, smartlist_t **dest,
|
||||
int rejectprivate, const char *local_address);
|
||||
int rejectprivate, const char *local_address,
|
||||
int add_default_policy);
|
||||
void policies_set_router_exitpolicy_to_reject_all(routerinfo_t *exitrouter);
|
||||
int exit_policy_is_general_exit(smartlist_t *policy);
|
||||
int policy_is_reject_star(const smartlist_t *policy);
|
||||
|
@ -344,7 +344,8 @@ validate_addr_policies(or_options_t *options, char **msg)
|
||||
*msg = NULL;
|
||||
|
||||
if (policies_parse_exit_policy(options->ExitPolicy, &addr_policy,
|
||||
options->ExitPolicyRejectPrivate, NULL))
|
||||
options->ExitPolicyRejectPrivate, NULL,
|
||||
!options->BridgeRelay))
|
||||
REJECT("Error in ExitPolicy entry.");
|
||||
|
||||
/* The rest of these calls *append* to addr_policy. So don't actually
|
||||
@ -829,14 +830,16 @@ exit_policy_remove_redundancies(smartlist_t *dest)
|
||||
"reject *:6346-6429,reject *:6699,reject *:6881-6999,accept *:*"
|
||||
|
||||
/** Parse the exit policy <b>cfg</b> into the linked list *<b>dest</b>. If
|
||||
* cfg doesn't end in an absolute accept or reject, add the default exit
|
||||
* cfg doesn't end in an absolute accept or reject and if
|
||||
* <b>add_default_policy</b> is true, add the default exit
|
||||
* policy afterwards. If <b>rejectprivate</b> is true, prepend
|
||||
* "reject private:*" to the policy. Return -1 if we can't parse cfg,
|
||||
* else return 0.
|
||||
*/
|
||||
int
|
||||
policies_parse_exit_policy(config_line_t *cfg, smartlist_t **dest,
|
||||
int rejectprivate, const char *local_address)
|
||||
int rejectprivate, const char *local_address,
|
||||
int add_default_policy)
|
||||
{
|
||||
if (rejectprivate) {
|
||||
append_exit_policy_string(dest, "reject private:*");
|
||||
@ -848,8 +851,10 @@ policies_parse_exit_policy(config_line_t *cfg, smartlist_t **dest,
|
||||
}
|
||||
if (parse_addr_policy(cfg, dest, -1))
|
||||
return -1;
|
||||
append_exit_policy_string(dest, DEFAULT_EXIT_POLICY);
|
||||
|
||||
if (add_default_policy)
|
||||
append_exit_policy_string(dest, DEFAULT_EXIT_POLICY);
|
||||
else
|
||||
append_exit_policy_string(dest, "reject *:*");
|
||||
exit_policy_remove_redundancies(*dest);
|
||||
|
||||
return 0;
|
||||
|
@ -1312,7 +1312,7 @@ router_rebuild_descriptor(int force)
|
||||
|
||||
policies_parse_exit_policy(options->ExitPolicy, &ri->exit_policy,
|
||||
options->ExitPolicyRejectPrivate,
|
||||
ri->address);
|
||||
ri->address, !options->BridgeRelay);
|
||||
|
||||
if (desc_routerinfo) { /* inherit values */
|
||||
ri->is_valid = desc_routerinfo->is_valid;
|
||||
|
@ -629,7 +629,7 @@ test_policy_summary_helper(const char *policy_str,
|
||||
line.value = (char *)policy_str;
|
||||
line.next = NULL;
|
||||
|
||||
r = policies_parse_exit_policy(&line, &policy, 0, NULL);
|
||||
r = policies_parse_exit_policy(&line, &policy, 0, NULL, 1);
|
||||
test_eq(r, 0);
|
||||
summary = policy_summarize(policy);
|
||||
|
||||
@ -675,7 +675,7 @@ test_policies(void)
|
||||
compare_addr_to_addr_policy(0xc0a80102, 2, policy));
|
||||
|
||||
policy2 = NULL;
|
||||
test_assert(0 == policies_parse_exit_policy(NULL, &policy2, 1, NULL));
|
||||
test_assert(0 == policies_parse_exit_policy(NULL, &policy2, 1, NULL, 1));
|
||||
test_assert(policy2);
|
||||
|
||||
test_assert(!exit_policy_is_general_exit(policy));
|
||||
@ -699,7 +699,7 @@ test_policies(void)
|
||||
line.key = (char*)"foo";
|
||||
line.value = (char*)"accept *:80,reject private:*,reject *:*";
|
||||
line.next = NULL;
|
||||
test_assert(0 == policies_parse_exit_policy(&line, &policy, 0, NULL));
|
||||
test_assert(0 == policies_parse_exit_policy(&line, &policy, 0, NULL, 1));
|
||||
test_assert(policy);
|
||||
//test_streq(policy->string, "accept *:80");
|
||||
//test_streq(policy->next->string, "reject *:*");
|
||||
|
Loading…
Reference in New Issue
Block a user