diff --git a/ChangeLog b/ChangeLog index 5eb74f7efb..6d9535f03e 100644 --- a/ChangeLog +++ b/ChangeLog @@ -40,6 +40,8 @@ Changes in version 0.2.2.6-alpha - 2009-10-?? - If your relay can't keep up with the number of incoming create cells, it would log one warning per failure into your logs. Limit warnings to 1 per minute. Bugfix on 0.0.2pre10; fixes bug 1042. + - Bridges do not use the default exit policy, but reject *:* by + default. Fixes bug 1113. Changes in version 0.2.2.5-alpha - 2009-10-11 diff --git a/src/or/or.h b/src/or/or.h index 2fa4a797ad..bf415d8393 100644 --- a/src/or/or.h +++ b/src/or/or.h @@ -4353,7 +4353,8 @@ addr_policy_result_t compare_tor_addr_to_addr_policy(const tor_addr_t *addr, addr_policy_result_t compare_addr_to_addr_policy(uint32_t addr, uint16_t port, const smartlist_t *policy); int policies_parse_exit_policy(config_line_t *cfg, smartlist_t **dest, - int rejectprivate, const char *local_address); + int rejectprivate, const char *local_address, + int add_default_policy); void policies_set_router_exitpolicy_to_reject_all(routerinfo_t *exitrouter); int exit_policy_is_general_exit(smartlist_t *policy); int policy_is_reject_star(const smartlist_t *policy); diff --git a/src/or/policies.c b/src/or/policies.c index d55e86c184..023cd472f2 100644 --- a/src/or/policies.c +++ b/src/or/policies.c @@ -344,7 +344,8 @@ validate_addr_policies(or_options_t *options, char **msg) *msg = NULL; if (policies_parse_exit_policy(options->ExitPolicy, &addr_policy, - options->ExitPolicyRejectPrivate, NULL)) + options->ExitPolicyRejectPrivate, NULL, + !options->BridgeRelay)) REJECT("Error in ExitPolicy entry."); /* The rest of these calls *append* to addr_policy. So don't actually @@ -829,14 +830,16 @@ exit_policy_remove_redundancies(smartlist_t *dest) "reject *:6346-6429,reject *:6699,reject *:6881-6999,accept *:*" /** Parse the exit policy cfg into the linked list *dest. If - * cfg doesn't end in an absolute accept or reject, add the default exit + * cfg doesn't end in an absolute accept or reject and if + * add_default_policy is true, add the default exit * policy afterwards. If rejectprivate is true, prepend * "reject private:*" to the policy. Return -1 if we can't parse cfg, * else return 0. */ int policies_parse_exit_policy(config_line_t *cfg, smartlist_t **dest, - int rejectprivate, const char *local_address) + int rejectprivate, const char *local_address, + int add_default_policy) { if (rejectprivate) { append_exit_policy_string(dest, "reject private:*"); @@ -848,8 +851,10 @@ policies_parse_exit_policy(config_line_t *cfg, smartlist_t **dest, } if (parse_addr_policy(cfg, dest, -1)) return -1; - append_exit_policy_string(dest, DEFAULT_EXIT_POLICY); - + if (add_default_policy) + append_exit_policy_string(dest, DEFAULT_EXIT_POLICY); + else + append_exit_policy_string(dest, "reject *:*"); exit_policy_remove_redundancies(*dest); return 0; diff --git a/src/or/router.c b/src/or/router.c index 145301cd0c..2f5a9fd80b 100644 --- a/src/or/router.c +++ b/src/or/router.c @@ -1312,7 +1312,7 @@ router_rebuild_descriptor(int force) policies_parse_exit_policy(options->ExitPolicy, &ri->exit_policy, options->ExitPolicyRejectPrivate, - ri->address); + ri->address, !options->BridgeRelay); if (desc_routerinfo) { /* inherit values */ ri->is_valid = desc_routerinfo->is_valid; diff --git a/src/test/test.c b/src/test/test.c index 839d9469eb..d85f1f0f87 100644 --- a/src/test/test.c +++ b/src/test/test.c @@ -629,7 +629,7 @@ test_policy_summary_helper(const char *policy_str, line.value = (char *)policy_str; line.next = NULL; - r = policies_parse_exit_policy(&line, &policy, 0, NULL); + r = policies_parse_exit_policy(&line, &policy, 0, NULL, 1); test_eq(r, 0); summary = policy_summarize(policy); @@ -675,7 +675,7 @@ test_policies(void) compare_addr_to_addr_policy(0xc0a80102, 2, policy)); policy2 = NULL; - test_assert(0 == policies_parse_exit_policy(NULL, &policy2, 1, NULL)); + test_assert(0 == policies_parse_exit_policy(NULL, &policy2, 1, NULL, 1)); test_assert(policy2); test_assert(!exit_policy_is_general_exit(policy)); @@ -699,7 +699,7 @@ test_policies(void) line.key = (char*)"foo"; line.value = (char*)"accept *:80,reject private:*,reject *:*"; line.next = NULL; - test_assert(0 == policies_parse_exit_policy(&line, &policy, 0, NULL)); + test_assert(0 == policies_parse_exit_policy(&line, &policy, 0, NULL, 1)); test_assert(policy); //test_streq(policy->string, "accept *:80"); //test_streq(policy->next->string, "reject *:*");