Add "pass" target for RedirectExit, to make it easier to break out of a sequence of rules

svn:r2566
2024-11-10 13:13:44 +01:00 · 2004-10-19 17:46:06 +00:00 · 2004-10-19 17:46:06 +00:00 · c7151d8bed
commit c7151d8bed
parent 97a0a43511
4 changed files with 24 additions and 12 deletions
--- a/doc/tor.1.in
+++ b/doc/tor.1.in
@ -220,13 +220,17 @@ Bind to this port to listen for connections from Tor clients and servers.
 \fBorbindaddress \fR\fIIP\fP
 Bind to this address to listen for connections from Tor clients and servers. (Default: 0.0.0.0)
 .TP
-\fBredirectexit \fR\fIpattern address:port\fP
+\fBredirectexit \fR\fIpattern target\fP
 Whenever an outgoing connection tries to connect to one of a given set
-of addresses, connect to \fIaddress:port\fP instead.  The address
+of addresses, connect to \fItarget\fP (an \fIaddress:port\fP pair) instead.
+The address
 pattern is given in the same format as for an exit policy.  The
 address translation applies after exit policies are applied.  Multiple
 \fBredirectexit\fP options can be used: once any one has matched
-successfully, no subsequent rules are considered.
+successfully, no subsequent rules are considered.  You can specify that no
+redirection is to be performed on a given set of addresses by using the
+special target string "pass", which prevents subsequent rules from being
+considered.

 .SH DIRECTORY SERVER OPTIONS
 .PP
--- a/src/or/config.c
+++ b/src/or/config.c
@ -1106,10 +1106,15 @@ static int parse_redirect_line(or_options_t *options,
    log_fn(LOG_WARN, "Error parsing source address in RedirectExit line");
    goto err;
  }
-  if (parse_addr_port(smartlist_get(elements,1),NULL,&r->addr_dest,
-                      &r->port_dest)) {
-    log_fn(LOG_WARN, "Error parseing dest address in RedirectExit line");
-    goto err;
+  if (0==strcasecmp(smartlist_get(elements,1), "pass")) {
+    r->is_redirect = 0;
+  } else {
+    if (parse_addr_port(smartlist_get(elements,1),NULL,&r->addr_dest,
+                             &r->port_dest)) {
+      log_fn(LOG_WARN, "Error parseing dest address in RedirectExit line");
+      goto err;
+    }
+    r->is_redirect = 1;
  }

  goto done;
--- a/src/or/connection_edge.c
+++ b/src/or/connection_edge.c
@ -901,11 +901,13 @@ void connection_exit_connect(connection_t *conn) {
      if ((addr&r->mask)==(r->addr&r->mask) &&
          (r->port_min <= port) && (port <= r->port_max)) {
        struct in_addr in;
-        addr = r->addr_dest;
-        port = r->port_dest;
-        in.s_addr = htonl(addr);
-        log_fn(LOG_DEBUG, "Redirecting connection from %s:%d to %s:%d",
-               conn->address, conn->port, inet_ntoa(in), port);
+        if (r->is_redirect) {
+          addr = r->addr_dest;
+          port = r->port_dest;
+          in.s_addr = htonl(addr);
+          log_fn(LOG_DEBUG, "Redirecting connection from %s:%d to %s:%d",
+                 conn->address, conn->port, inet_ntoa(in), port);
+        }
        break;
      }
    });
--- a/src/or/or.h
+++ b/src/or/or.h
@ -824,6 +824,7 @@ typedef struct exit_redirect_t {
  uint16_t port_min;
  uint16_t port_max;

+  int is_redirect;
  uint32_t addr_dest;
  uint16_t port_dest;
 } exit_redirect_t;