nihilist/tor
1
0
Fork 0
mirror of https://gitlab.torproject.org/tpo/core/tor.git synced 2024-11-30 23:53:32 +01:00
Code Issues Packages Projects Releases Wiki Activity

Add port ranges to exit policies

Browse Source 
svn:r899
This commit is contained in:
Nick Mathewson 2003-12-13 02:44:02 +00:00
parent c425f2e0ec
commit f37f7daa2f
4 changed files with 35 additions and 17 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
src/or/or.h
View File

@ -329,7 +329,8 @@ struct exit_policy_t {
char *string; char *string;
uint32_t addr; uint32_t addr;
uint32_t msk; uint32_t msk;
uint16_t prt; uint16_t prt_min;
uint16_t prt_max;
struct exit_policy_t *next; struct exit_policy_t *next;
}; };

18
src/or/router.c
View File

@ -453,16 +453,22 @@ int router_dump_router_to_string(char *s, int maxlen, routerinfo_t *router,
return -1; return -1;
written += result; written += result;
} }
if (tmpe->prt) { if (tmpe->prt_min == 1 && tmpe->prt_max == 65535) {
result = snprintf(s+written, maxlen-written, ":%d\n", tmpe->prt);
if (result<0 || result+written > maxlen)
return -1;
written += result;
} else {
if (written > maxlen-4) if (written > maxlen-4)
return -1; return -1;
strcat(s+written, ":*\n"); strcat(s+written, ":*\n");
written += 3; written += 3;
} else if (tmpe->prt_min == tmpe->prt_max) {
result = snprintf(s+written, maxlen-written, ":%d\n", tmpe->prt_min);
if (result<0 || result+written > maxlen)
return -1;
written += result;
} else {
result = snprintf(s+written, maxlen-written, ":%d-%d\n", tmpe->prt_min,
tmpe->prt_max);
if (result<0 || result+written > maxlen)
return -1;
written += result;
} }
} /* end for */ } /* end for */
if (written > maxlen-256) /* Not enough room for signature. */ if (written > maxlen-256) /* Not enough room for signature. */

27
src/or/routerlist.c
View File

@ -424,10 +424,10 @@ int router_compare_addr_to_exit_policy(uint32_t addr, uint16_t port,
log_fn(LOG_DEBUG,"Considering exit policy %s", tmpe->string); log_fn(LOG_DEBUG,"Considering exit policy %s", tmpe->string);
if (!addr) { if (!addr) {
/* Address is unknown. */ /* Address is unknown. */
if (tmpe->msk == 0 && (!tmpe || port == tmpe->prt)) { if (tmpe->msk == 0 && (port >= tmpe->prt_min && port <= tmpe->prt_max)) {
/* The exit policy is accept/reject *:port */ /* The exit policy is accept/reject *:port */
match = 1; match = 1;
} else if ((!tmpe->prt || port == tmpe->prt) && } else if (port >= tmpe->prt_min && port <= tmpe->prt_max &&
tmpe->policy_type == EXIT_POLICY_REJECT) { tmpe->policy_type == EXIT_POLICY_REJECT) {
/* The exit policy is reject ???:port */ /* The exit policy is reject ???:port */
maybe_reject = 1; maybe_reject = 1;
@ -435,7 +435,7 @@ int router_compare_addr_to_exit_policy(uint32_t addr, uint16_t port,
} else { } else {
/* Address is known */ /* Address is known */
if ( (addr & tmpe->msk) == (tmpe->addr & tmpe->msk) && if ( (addr & tmpe->msk) == (tmpe->addr & tmpe->msk) &&
(!tmpe->prt || port == tmpe->prt) ) { (port >= tmpe->prt_min && port <= tmpe->prt_max) ) {
/* Exact match for the policy */ /* Exact match for the policy */
match = 1; match = 1;
} }
@ -947,23 +947,34 @@ static int router_add_exit_policy(routerinfo_t *router,
} }
} }
if (strcmp(port, "*") == 0) { if (strcmp(port, "*") == 0) {
newe->prt = 0; newe->prt_min = 1;
newe->prt_max = 65535;
} else { } else {
endptr = NULL; endptr = NULL;
newe->prt = strtol(port, &endptr, 10); newe->prt_min = strtol(port, &endptr, 10);
if (*endptr) { if (*endptr == '-') {
port = endptr+1;
endptr = NULL;
newe->prt_max = strtol(port, &endptr, 10);
if (*endptr) {
log_fn(LOG_WARN, "Malformed port %s on exit policy; rejecting.",
port);
}
} else if (*endptr) {
log_fn(LOG_WARN, "Malformed port %s on exit policy; rejecting.", log_fn(LOG_WARN, "Malformed port %s on exit policy; rejecting.",
port); port);
goto policy_read_failed; goto policy_read_failed;
} else {
newe->prt_max = newe->prt_min;
} }
} }
in.s_addr = htonl(newe->addr); in.s_addr = htonl(newe->addr);
address = tor_strdup(inet_ntoa(in)); address = tor_strdup(inet_ntoa(in));
in.s_addr = htonl(newe->msk); in.s_addr = htonl(newe->msk);
log_fn(LOG_DEBUG,"%s %s/%s:%d", log_fn(LOG_DEBUG,"%s %s/%s:%d-%d",
newe->policy_type == EXIT_POLICY_REJECT ? "reject" : "accept", newe->policy_type == EXIT_POLICY_REJECT ? "reject" : "accept",
address, inet_ntoa(in), newe->prt); address, inet_ntoa(in), newe->prt_min, newe->prt_max);
tor_free(address); tor_free(address);
/* now link newe onto the end of exit_policy */ /* now link newe onto the end of exit_policy */

4
src/or/test.c
View File

@ -560,12 +560,12 @@ test_dir_format()
ex1.string = NULL; ex1.string = NULL;
ex1.addr = 0; ex1.addr = 0;
ex1.msk = 0; ex1.msk = 0;
ex1.prt = 80; ex1.prt_min = ex1.prt_max = 80;
ex1.next = &ex2; ex1.next = &ex2;
ex2.policy_type = EXIT_POLICY_REJECT; ex2.policy_type = EXIT_POLICY_REJECT;
ex2.addr = 18 << 24; ex2.addr = 18 << 24;
ex2.msk = 0xFF000000u; ex2.msk = 0xFF000000u;
ex2.prt = 24; ex2.prt_min = ex1.prt_max = 24;
ex2.next = NULL; ex2.next = NULL;
r2.address = "tor.tor.tor"; r2.address = "tor.tor.tor";
r2.addr = 0x0a030201u; /* 10.3.2.1 */ r2.addr = 0x0a030201u; /* 10.3.2.1 */