Tor  0.4.4.0-alpha-dev
policies.c
Go to the documentation of this file.
1 /* Copyright (c) 2001-2004, Roger Dingledine.
2  * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson.
3  * Copyright (c) 2007-2020, The Tor Project, Inc. */
4 /* See LICENSE for licensing information */
5 
6 /**
7  * \file policies.c
8  * \brief Code to parse and use address policies and exit policies.
9  *
10  * We have two key kinds of address policy: full and compressed. A full
11  * policy is an array of accept/reject patterns, to be applied in order.
12  * A short policy is simply a list of ports. This module handles both
13  * kinds, including generic functions to apply them to addresses, and
14  * also including code to manage the global policies that we apply to
15  * incoming and outgoing connections.
16  **/
17 
18 #define POLICIES_PRIVATE
19 
20 #include "core/or/or.h"
21 #include "feature/client/bridges.h"
22 #include "app/config/config.h"
23 #include "core/or/policies.h"
28 #include "feature/relay/router.h"
30 #include "lib/geoip/geoip.h"
31 #include "ht.h"
33 #include "lib/encoding/confline.h"
34 #include "trunnel/ed25519_cert.h"
35 
36 #include "core/or/addr_policy_st.h"
40 #include "core/or/port_cfg_st.h"
43 
44 /** Maximum length of an exit policy summary. */
45 #define MAX_EXITPOLICY_SUMMARY_LEN 1000
46 
47 /** Policy that addresses for incoming SOCKS connections must match. */
48 static smartlist_t *socks_policy = NULL;
49 /** Policy that addresses for incoming directory connections must match. */
50 static smartlist_t *dir_policy = NULL;
51 /** Policy that addresses for incoming router descriptors must match in order
52  * to be published by us. */
54 /** Policy that addresses for incoming router descriptors must match in order
55  * to be marked as valid in our networkstatus. */
57 /** Policy that addresses for incoming router descriptors must <b>not</b>
58  * match in order to not be marked as BadExit. */
60 
61 /** Parsed addr_policy_t describing which addresses we believe we can start
62  * circuits at. */
64 /** Parsed addr_policy_t describing which addresses we believe we can connect
65  * to directories at. */
67 
68 /** Element of an exit policy summary */
69 typedef struct policy_summary_item_t {
70  uint16_t prt_min; /**< Lowest port number to accept/reject. */
71  uint16_t prt_max; /**< Highest port number to accept/reject. */
72  uint64_t reject_count; /**< Number of IP-Addresses that are rejected to
73  this port range. */
74  unsigned int accepted:1; /** Has this port already been accepted */
76 
77 /** Private networks. This list is used in two places, once to expand the
78  * "private" keyword when parsing our own exit policy, secondly to ignore
79  * just such networks when building exit policy summaries. It is important
80  * that all authorities agree on that list when creating summaries, so don't
81  * just change this without a proper migration plan and a proposal and stuff.
82  */
83 static const char *private_nets[] = {
84  "0.0.0.0/8", "169.254.0.0/16",
85  "127.0.0.0/8", "192.168.0.0/16", "10.0.0.0/8", "172.16.0.0/12",
86  "[::]/8",
87  "[fc00::]/7", "[fe80::]/10", "[fec0::]/10", "[ff00::]/8", "[::]/127",
88  NULL
89 };
90 
92  config_line_t *cfg,
93  smartlist_t **dest,
94  int ipv6_exit,
95  int rejectprivate,
96  const smartlist_t *configured_addresses,
97  int reject_interface_addresses,
98  int reject_configured_port_addresses,
99  int add_default_policy,
100  int add_reduced_policy);
101 
102 /** Replace all "private" entries in *<b>policy</b> with their expanded
103  * equivalents. */
104 void
106 {
107  uint16_t port_min, port_max;
108 
109  int i;
110  smartlist_t *tmp;
111 
112  if (!*policy) /*XXXX disallow NULL policies? */
113  return;
114 
115  tmp = smartlist_new();
116 
117  SMARTLIST_FOREACH_BEGIN(*policy, addr_policy_t *, p) {
118  if (! p->is_private) {
119  smartlist_add(tmp, p);
120  continue;
121  }
122  for (i = 0; private_nets[i]; ++i) {
123  addr_policy_t newpolicy;
124  memcpy(&newpolicy, p, sizeof(addr_policy_t));
125  newpolicy.is_private = 0;
126  newpolicy.is_canonical = 0;
128  &newpolicy.addr,
129  &newpolicy.maskbits, &port_min, &port_max)<0) {
130  tor_assert_unreached();
131  }
133  }
134  addr_policy_free(p);
135  } SMARTLIST_FOREACH_END(p);
136 
137  smartlist_free(*policy);
138  *policy = tmp;
139 }
140 
141 /** Expand each of the AF_UNSPEC elements in *<b>policy</b> (which indicate
142  * protocol-neutral wildcards) into a pair of wildcard elements: one IPv4-
143  * specific and one IPv6-specific. */
144 void
146 {
147  smartlist_t *tmp;
148  if (!*policy)
149  return;
150 
151  tmp = smartlist_new();
152  SMARTLIST_FOREACH_BEGIN(*policy, addr_policy_t *, p) {
153  sa_family_t family = tor_addr_family(&p->addr);
154  if (family == AF_INET6 || family == AF_INET || p->is_private) {
155  smartlist_add(tmp, p);
156  } else if (family == AF_UNSPEC) {
157  addr_policy_t newpolicy_ipv4;
158  addr_policy_t newpolicy_ipv6;
159  memcpy(&newpolicy_ipv4, p, sizeof(addr_policy_t));
160  memcpy(&newpolicy_ipv6, p, sizeof(addr_policy_t));
161  newpolicy_ipv4.is_canonical = 0;
162  newpolicy_ipv6.is_canonical = 0;
163  if (p->maskbits != 0) {
164  log_warn(LD_BUG, "AF_UNSPEC policy with maskbits==%d", p->maskbits);
165  newpolicy_ipv4.maskbits = 0;
166  newpolicy_ipv6.maskbits = 0;
167  }
168  tor_addr_from_ipv4h(&newpolicy_ipv4.addr, 0);
169  tor_addr_from_ipv6_bytes(&newpolicy_ipv6.addr,
170  (const uint8_t *)"\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0");
171  smartlist_add(tmp, addr_policy_get_canonical_entry(&newpolicy_ipv4));
172  smartlist_add(tmp, addr_policy_get_canonical_entry(&newpolicy_ipv6));
173  addr_policy_free(p);
174  } else {
175  log_warn(LD_BUG, "Funny-looking address policy with family %d", family);
176  smartlist_add(tmp, p);
177  }
178  } SMARTLIST_FOREACH_END(p);
179 
180  smartlist_free(*policy);
181  *policy = tmp;
182 }
183 
184 /**
185  * Given a linked list of config lines containing "accept[6]" and "reject[6]"
186  * tokens, parse them and append the result to <b>dest</b>. Return -1
187  * if any tokens are malformed (and don't append any), else return 0.
188  *
189  * If <b>assume_action</b> is nonnegative, then insert its action
190  * (ADDR_POLICY_ACCEPT or ADDR_POLICY_REJECT) for items that specify no
191  * action.
192  */
193 static int
195  int assume_action)
196 {
197  smartlist_t *result;
198  smartlist_t *entries;
199  addr_policy_t *item;
200  int malformed_list;
201  int r = 0;
202 
203  if (!cfg)
204  return 0;
205 
206  result = smartlist_new();
207  entries = smartlist_new();
208  for (; cfg; cfg = cfg->next) {
209  smartlist_split_string(entries, cfg->value, ",",
210  SPLIT_SKIP_SPACE|SPLIT_IGNORE_BLANK, 0);
211  SMARTLIST_FOREACH_BEGIN(entries, const char *, ent) {
212  log_debug(LD_CONFIG,"Adding new entry '%s'",ent);
213  malformed_list = 0;
214  item = router_parse_addr_policy_item_from_string(ent, assume_action,
215  &malformed_list);
216  if (item) {
217  smartlist_add(result, item);
218  } else if (malformed_list) {
219  /* the error is so severe the entire list should be discarded */
220  log_warn(LD_CONFIG, "Malformed policy '%s'. Discarding entire policy "
221  "list.", ent);
222  r = -1;
223  } else {
224  /* the error is minor: don't add the item, but keep processing the
225  * rest of the policies in the list */
226  log_debug(LD_CONFIG, "Ignored policy '%s' due to non-fatal error. "
227  "The remainder of the policy list will be used.",
228  ent);
229  }
230  } SMARTLIST_FOREACH_END(ent);
231  SMARTLIST_FOREACH(entries, char *, ent, tor_free(ent));
232  smartlist_clear(entries);
233  }
234  smartlist_free(entries);
235  if (r == -1) {
236  addr_policy_list_free(result);
237  } else {
238  policy_expand_private(&result);
239  policy_expand_unspec(&result);
240 
241  if (*dest) {
242  smartlist_add_all(*dest, result);
243  smartlist_free(result);
244  } else {
245  *dest = result;
246  }
247  }
248 
249  return r;
250 }
251 
252 /** Helper: parse the Reachable(Dir|OR)?Addresses fields into
253  * reachable_(or|dir)_addr_policy. The options should already have
254  * been validated by validate_addr_policies.
255  */
256 static int
258 {
259  const or_options_t *options = get_options();
260  int ret = 0;
261 
262  if (options->ReachableDirAddresses &&
263  options->ReachableORAddresses &&
264  options->ReachableAddresses) {
265  log_warn(LD_CONFIG,
266  "Both ReachableDirAddresses and ReachableORAddresses are set. "
267  "ReachableAddresses setting will be ignored.");
268  }
269  addr_policy_list_free(reachable_or_addr_policy);
271  if (!options->ReachableORAddresses && options->ReachableAddresses)
272  log_info(LD_CONFIG,
273  "Using ReachableAddresses as ReachableORAddresses.");
275  options->ReachableORAddresses :
276  options->ReachableAddresses,
277  &reachable_or_addr_policy, ADDR_POLICY_ACCEPT)) {
278  log_warn(LD_CONFIG,
279  "Error parsing Reachable%sAddresses entry; ignoring.",
280  options->ReachableORAddresses ? "OR" : "");
281  ret = -1;
282  }
283 
284  addr_policy_list_free(reachable_dir_addr_policy);
286  if (!options->ReachableDirAddresses && options->ReachableAddresses)
287  log_info(LD_CONFIG,
288  "Using ReachableAddresses as ReachableDirAddresses");
290  options->ReachableDirAddresses :
291  options->ReachableAddresses,
292  &reachable_dir_addr_policy, ADDR_POLICY_ACCEPT)) {
293  if (options->ReachableDirAddresses)
294  log_warn(LD_CONFIG,
295  "Error parsing ReachableDirAddresses entry; ignoring.");
296  ret = -1;
297  }
298 
299  /* We ignore ReachableAddresses for relays */
300  if (!server_mode(options)) {
303  log_warn(LD_CONFIG, "Tor cannot connect to the Internet if "
304  "ReachableAddresses, ReachableORAddresses, or "
305  "ReachableDirAddresses reject all addresses. Please accept "
306  "some addresses in these options.");
307  } else if (options->ClientUseIPv4 == 1
310  log_warn(LD_CONFIG, "You have set ClientUseIPv4 1, but "
311  "ReachableAddresses, ReachableORAddresses, or "
312  "ReachableDirAddresses reject all IPv4 addresses. "
313  "Tor will not connect using IPv4.");
314  } else if (fascist_firewall_use_ipv6(options)
317  log_warn(LD_CONFIG, "You have configured tor to use or prefer IPv6 "
318  "(or UseBridges 1), but "
319  "ReachableAddresses, ReachableORAddresses, or "
320  "ReachableDirAddresses reject all IPv6 addresses. "
321  "Tor will not connect using IPv6.");
322  }
323  }
324 
325  /* Append a reject *:* to reachable_(or|dir)_addr_policy */
326  if (!ret && (options->ReachableDirAddresses ||
327  options->ReachableORAddresses ||
328  options->ReachableAddresses)) {
331  }
332 
333  return ret;
334 }
335 
336 /* Return true iff ClientUseIPv4 0 or ClientUseIPv6 0 might block any OR or Dir
337  * address:port combination. */
338 static int
339 firewall_is_fascist_impl(void)
340 {
341  const or_options_t *options = get_options();
342  /* Assume every non-bridge relay has an IPv4 address.
343  * Clients which use bridges may only know the IPv6 address of their
344  * bridge, but they will connect regardless of the ClientUseIPv6 setting. */
345  return options->ClientUseIPv4 == 0;
346 }
347 
348 /** Return true iff the firewall options, including ClientUseIPv4 0 and
349  * ClientUseIPv6 0, might block any OR address:port combination.
350  * Address preferences may still change which address is selected even if
351  * this function returns false.
352  */
353 int
355 {
356  return (reachable_or_addr_policy != NULL || firewall_is_fascist_impl());
357 }
358 
359 /** Return true iff the firewall options, including ClientUseIPv4 0 and
360  * ClientUseIPv6 0, might block any Dir address:port combination.
361  * Address preferences may still change which address is selected even if
362  * this function returns false.
363  */
364 int
366 {
367  return (reachable_dir_addr_policy != NULL || firewall_is_fascist_impl());
368 }
369 
370 /** Return true iff <b>policy</b> (possibly NULL) will allow a
371  * connection to <b>addr</b>:<b>port</b>.
372  */
373 static int
374 addr_policy_permits_tor_addr(const tor_addr_t *addr, uint16_t port,
375  smartlist_t *policy)
376 {
378  p = compare_tor_addr_to_addr_policy(addr, port, policy);
379  switch (p) {
382  return 1;
385  return 0;
386  default:
387  log_warn(LD_BUG, "Unexpected result: %d", (int)p);
388  return 0;
389  }
390 }
391 
392 /** Return true iff <b> policy</b> (possibly NULL) will allow a connection to
393  * <b>addr</b>:<b>port</b>. <b>addr</b> is an IPv4 address given in host
394  * order. */
395 /* XXXX deprecate when possible. */
396 static int
397 addr_policy_permits_address(uint32_t addr, uint16_t port,
398  smartlist_t *policy)
399 {
400  tor_addr_t a;
401  tor_addr_from_ipv4h(&a, addr);
402  return addr_policy_permits_tor_addr(&a, port, policy);
403 }
404 
405 /** Return true iff we think our firewall will let us make a connection to
406  * addr:port.
407  *
408  * If we are configured as a server, ignore any address family preference and
409  * just use IPv4.
410  * Otherwise:
411  * - return false for all IPv4 addresses:
412  * - if ClientUseIPv4 is 0, or
413  * if pref_only and pref_ipv6 are both true;
414  * - return false for all IPv6 addresses:
415  * - if fascist_firewall_use_ipv6() is 0, or
416  * - if pref_only is true and pref_ipv6 is false.
417  *
418  * Return false if addr is NULL or tor_addr_is_null(), or if port is 0. */
419 STATIC int
421  uint16_t port,
422  smartlist_t *firewall_policy,
423  int pref_only, int pref_ipv6)
424 {
425  const or_options_t *options = get_options();
426  const int client_mode = !server_mode(options);
427 
428  if (!addr || tor_addr_is_null(addr) || !port) {
429  return 0;
430  }
431 
432  /* Clients stop using IPv4 if it's disabled. In most cases, clients also
433  * stop using IPv4 if it's not preferred.
434  * Servers must have IPv4 enabled and preferred. */
435  if (tor_addr_family(addr) == AF_INET && client_mode &&
436  (!options->ClientUseIPv4 || (pref_only && pref_ipv6))) {
437  return 0;
438  }
439 
440  /* Clients and Servers won't use IPv6 unless it's enabled (and in most
441  * cases, IPv6 must also be preferred before it will be used). */
442  if (tor_addr_family(addr) == AF_INET6 &&
443  (!fascist_firewall_use_ipv6(options) || (pref_only && !pref_ipv6))) {
444  return 0;
445  }
446 
447  return addr_policy_permits_tor_addr(addr, port,
448  firewall_policy);
449 }
450 
451 /** Is this client configured to use IPv6?
452  * Returns true if the client might use IPv6 for some of its connections
453  * (including dual-stack and IPv6-only clients), and false if it will never
454  * use IPv6 for any connections.
455  * Use node_ipv6_or/dir_preferred() when checking a specific node and OR/Dir
456  * port: it supports bridge client per-node IPv6 preferences.
457  */
458 int
460 {
461  /* Clients use IPv6 if it's set, or they use bridges, or they don't use
462  * IPv4, or they prefer it.
463  * ClientPreferIPv6DirPort is deprecated, but check it anyway. */
464  return (options->ClientUseIPv6 == 1 || options->ClientUseIPv4 == 0 ||
465  options->ClientPreferIPv6ORPort == 1 ||
466  options->ClientPreferIPv6DirPort == 1 || options->UseBridges == 1);
467 }
468 
469 /** Do we prefer to connect to IPv6, ignoring ClientPreferIPv6ORPort and
470  * ClientPreferIPv6DirPort?
471  * If we're unsure, return -1, otherwise, return 1 for IPv6 and 0 for IPv4.
472  */
473 static int
475 {
476  /*
477  Cheap implementation of config options ClientUseIPv4 & ClientUseIPv6 --
478  If we're a server or IPv6 is disabled, use IPv4.
479  If IPv4 is disabled, use IPv6.
480  */
481 
482  if (server_mode(options) || !fascist_firewall_use_ipv6(options)) {
483  return 0;
484  }
485 
486  if (!options->ClientUseIPv4) {
487  return 1;
488  }
489 
490  return -1;
491 }
492 
493 /** Do we prefer to connect to IPv6 ORPorts?
494  * Use node_ipv6_or_preferred() whenever possible: it supports bridge client
495  * per-node IPv6 preferences.
496  */
497 int
499 {
500  int pref_ipv6 = fascist_firewall_prefer_ipv6_impl(options);
501 
502  if (pref_ipv6 >= 0) {
503  return pref_ipv6;
504  }
505 
506  /* We can use both IPv4 and IPv6 - which do we prefer? */
507  if (options->ClientPreferIPv6ORPort == 1) {
508  return 1;
509  }
510 
511  return 0;
512 }
513 
514 /** Do we prefer to connect to IPv6 DirPorts?
515  *
516  * (node_ipv6_dir_preferred() doesn't support bridge client per-node IPv6
517  * preferences. There's no reason to use it instead of this function.)
518  */
519 int
521 {
522  int pref_ipv6 = fascist_firewall_prefer_ipv6_impl(options);
523 
524  if (pref_ipv6 >= 0) {
525  return pref_ipv6;
526  }
527 
528  /* We can use both IPv4 and IPv6 - which do we prefer? */
529  if (options->ClientPreferIPv6DirPort == 1) {
530  return 1;
531  }
532 
533  return 0;
534 }
535 
536 /** Return true iff we think our firewall will let us make a connection to
537  * addr:port. Uses ReachableORAddresses or ReachableDirAddresses based on
538  * fw_connection.
539  * If pref_only is true, return true if addr is in the client's preferred
540  * address family, which is IPv6 if pref_ipv6 is true, and IPv4 otherwise.
541  * If pref_only is false, ignore pref_ipv6, and return true if addr is allowed.
542  */
543 int
545  firewall_connection_t fw_connection,
546  int pref_only, int pref_ipv6)
547 {
548  if (fw_connection == FIREWALL_OR_CONNECTION) {
549  return fascist_firewall_allows_address(addr, port,
551  pref_only, pref_ipv6);
552  } else if (fw_connection == FIREWALL_DIR_CONNECTION) {
553  return fascist_firewall_allows_address(addr, port,
555  pref_only, pref_ipv6);
556  } else {
557  log_warn(LD_BUG, "Bad firewall_connection_t value %d.",
558  fw_connection);
559  return 0;
560  }
561 }
562 
563 /** Return true iff we think our firewall will let us make a connection to
564  * addr:port (ap). Uses ReachableORAddresses or ReachableDirAddresses based on
565  * fw_connection.
566  * pref_only and pref_ipv6 work as in fascist_firewall_allows_address_addr().
567  */
568 static int
570  firewall_connection_t fw_connection,
571  int pref_only, int pref_ipv6)
572 {
573  tor_assert(ap);
574  return fascist_firewall_allows_address_addr(&ap->addr, ap->port,
575  fw_connection, pref_only,
576  pref_ipv6);
577 }
578 
579 /* Return true iff we think our firewall will let us make a connection to
580  * ipv4h_or_addr:ipv4_or_port. ipv4h_or_addr is interpreted in host order.
581  * Uses ReachableORAddresses or ReachableDirAddresses based on
582  * fw_connection.
583  * pref_only and pref_ipv6 work as in fascist_firewall_allows_address_addr().
584  */
585 static int
586 fascist_firewall_allows_address_ipv4h(uint32_t ipv4h_or_addr,
587  uint16_t ipv4_or_port,
588  firewall_connection_t fw_connection,
589  int pref_only, int pref_ipv6)
590 {
591  tor_addr_t ipv4_or_addr;
592  tor_addr_from_ipv4h(&ipv4_or_addr, ipv4h_or_addr);
593  return fascist_firewall_allows_address_addr(&ipv4_or_addr, ipv4_or_port,
594  fw_connection, pref_only,
595  pref_ipv6);
596 }
597 
598 /** Return true iff we think our firewall will let us make a connection to
599  * ipv4h_addr/ipv6_addr. Uses ipv4_orport/ipv6_orport/ReachableORAddresses or
600  * ipv4_dirport/ipv6_dirport/ReachableDirAddresses based on IPv4/IPv6 and
601  * <b>fw_connection</b>.
602  * pref_only and pref_ipv6 work as in fascist_firewall_allows_address_addr().
603  */
604 static int
605 fascist_firewall_allows_base(uint32_t ipv4h_addr, uint16_t ipv4_orport,
606  uint16_t ipv4_dirport,
607  const tor_addr_t *ipv6_addr, uint16_t ipv6_orport,
608  uint16_t ipv6_dirport,
609  firewall_connection_t fw_connection,
610  int pref_only, int pref_ipv6)
611 {
612  if (fascist_firewall_allows_address_ipv4h(ipv4h_addr,
613  (fw_connection == FIREWALL_OR_CONNECTION
614  ? ipv4_orport
615  : ipv4_dirport),
616  fw_connection,
617  pref_only, pref_ipv6)) {
618  return 1;
619  }
620 
622  (fw_connection == FIREWALL_OR_CONNECTION
623  ? ipv6_orport
624  : ipv6_dirport),
625  fw_connection,
626  pref_only, pref_ipv6)) {
627  return 1;
628  }
629 
630  return 0;
631 }
632 
633 /** Like fascist_firewall_allows_base(), but takes ri. */
634 static int
636  firewall_connection_t fw_connection,
637  int pref_only, int pref_ipv6)
638 {
639  if (!ri) {
640  return 0;
641  }
642 
643  /* Assume IPv4 and IPv6 DirPorts are the same */
644  return fascist_firewall_allows_base(ri->addr, ri->or_port, ri->dir_port,
645  &ri->ipv6_addr, ri->ipv6_orport,
646  ri->dir_port, fw_connection, pref_only,
647  pref_ipv6);
648 }
649 
650 /** Like fascist_firewall_allows_rs, but takes pref_ipv6. */
651 static int
653  firewall_connection_t fw_connection,
654  int pref_only, int pref_ipv6)
655 {
656  if (!rs) {
657  return 0;
658  }
659 
660  /* Assume IPv4 and IPv6 DirPorts are the same */
661  return fascist_firewall_allows_base(rs->addr, rs->or_port, rs->dir_port,
662  &rs->ipv6_addr, rs->ipv6_orport,
663  rs->dir_port, fw_connection, pref_only,
664  pref_ipv6);
665 }
666 
667 /** Like fascist_firewall_allows_base(), but takes rs.
668  * When rs is a fake_status from a dir_server_t, it can have a reachable
669  * address, even when the corresponding node does not.
670  * nodes can be missing addresses when there's no consensus (IPv4 and IPv6),
671  * or when there is a microdescriptor consensus, but no microdescriptors
672  * (microdescriptors have IPv6, the microdesc consensus does not). */
673 int
675  firewall_connection_t fw_connection, int pref_only)
676 {
677  if (!rs) {
678  return 0;
679  }
680 
681  /* We don't have access to the node-specific IPv6 preference, so use the
682  * generic IPv6 preference instead. */
683  const or_options_t *options = get_options();
684  int pref_ipv6 = (fw_connection == FIREWALL_OR_CONNECTION
687 
688  return fascist_firewall_allows_rs_impl(rs, fw_connection, pref_only,
689  pref_ipv6);
690 }
691 
692 /** Return true iff we think our firewall will let us make a connection to
693  * ipv6_addr:ipv6_orport based on ReachableORAddresses.
694  * If <b>fw_connection</b> is FIREWALL_DIR_CONNECTION, returns 0.
695  * pref_only and pref_ipv6 work as in fascist_firewall_allows_address_addr().
696  */
697 static int
699  firewall_connection_t fw_connection,
700  int pref_only, int pref_ipv6)
701 {
702  if (!md) {
703  return 0;
704  }
705 
706  /* Can't check dirport, it doesn't have one */
707  if (fw_connection == FIREWALL_DIR_CONNECTION) {
708  return 0;
709  }
710 
711  /* Also can't check IPv4, doesn't have that either */
713  fw_connection, pref_only,
714  pref_ipv6);
715 }
716 
717 /** Like fascist_firewall_allows_base(), but takes node, and looks up pref_ipv6
718  * from node_ipv6_or/dir_preferred(). */
719 int
721  firewall_connection_t fw_connection,
722  int pref_only)
723 {
724  if (!node) {
725  return 0;
726  }
727 
728  node_assert_ok(node);
729 
730  const int pref_ipv6 = (fw_connection == FIREWALL_OR_CONNECTION
731  ? node_ipv6_or_preferred(node)
732  : node_ipv6_dir_preferred(node));
733 
734  /* Sometimes, the rs is missing the IPv6 address info, and we need to go
735  * all the way to the md */
736  if (node->ri && fascist_firewall_allows_ri_impl(node->ri, fw_connection,
737  pref_only, pref_ipv6)) {
738  return 1;
739  } else if (node->rs && fascist_firewall_allows_rs_impl(node->rs,
740  fw_connection,
741  pref_only,
742  pref_ipv6)) {
743  return 1;
744  } else if (node->md && fascist_firewall_allows_md_impl(node->md,
745  fw_connection,
746  pref_only,
747  pref_ipv6)) {
748  return 1;
749  } else {
750  /* If we know nothing, assume it's unreachable, we'll never get an address
751  * to connect to. */
752  return 0;
753  }
754 }
755 
756 /** Like fascist_firewall_allows_rs(), but takes ds. */
757 int
759  firewall_connection_t fw_connection,
760  int pref_only)
761 {
762  if (!ds) {
763  return 0;
764  }
765 
766  /* A dir_server_t always has a fake_status. As long as it has the same
767  * addresses/ports in both fake_status and dir_server_t, this works fine.
768  * (See #17867.)
769  * fascist_firewall_allows_rs only checks the addresses in fake_status. */
770  return fascist_firewall_allows_rs(&ds->fake_status, fw_connection,
771  pref_only);
772 }
773 
774 /** If a and b are both valid and allowed by fw_connection,
775  * choose one based on want_a and return it.
776  * Otherwise, return whichever is allowed.
777  * Otherwise, return NULL.
778  * pref_only and pref_ipv6 work as in fascist_firewall_allows_address_addr().
779  */
780 static const tor_addr_port_t *
782  const tor_addr_port_t *b,
783  int want_a,
784  firewall_connection_t fw_connection,
785  int pref_only, int pref_ipv6)
786 {
787  const tor_addr_port_t *use_a = NULL;
788  const tor_addr_port_t *use_b = NULL;
789 
790  if (fascist_firewall_allows_address_ap(a, fw_connection, pref_only,
791  pref_ipv6)) {
792  use_a = a;
793  }
794 
795  if (fascist_firewall_allows_address_ap(b, fw_connection, pref_only,
796  pref_ipv6)) {
797  use_b = b;
798  }
799 
800  /* If both are allowed */
801  if (use_a && use_b) {
802  /* Choose a if we want it */
803  return (want_a ? use_a : use_b);
804  } else {
805  /* Choose a if we have it */
806  return (use_a ? use_a : use_b);
807  }
808 }
809 
810 /** If a and b are both valid and preferred by fw_connection,
811  * choose one based on want_a and return it.
812  * Otherwise, return whichever is preferred.
813  * If neither are preferred, and pref_only is false:
814  * - If a and b are both allowed by fw_connection,
815  * choose one based on want_a and return it.
816  * - Otherwise, return whichever is preferred.
817  * Otherwise, return NULL. */
818 STATIC const tor_addr_port_t *
820  const tor_addr_port_t *b,
821  int want_a,
822  firewall_connection_t fw_connection,
823  int pref_only, int pref_ipv6)
824 {
826  a, b, want_a,
827  fw_connection,
828  1, pref_ipv6);
829  if (pref_only || pref) {
830  /* If there is a preferred address, use it. If we can only use preferred
831  * addresses, and neither address is preferred, pref will be NULL, and we
832  * want to return NULL, so return it. */
833  return pref;
834  } else {
835  /* If there's no preferred address, and we can return addresses that are
836  * not preferred, use an address that's allowed */
837  return fascist_firewall_choose_address_impl(a, b, want_a, fw_connection,
838  0, pref_ipv6);
839  }
840 }
841 
842 /** Copy an address and port into <b>ap</b> that we think our firewall will
843  * let us connect to. Uses ipv4_addr/ipv6_addr and
844  * ipv4_orport/ipv6_orport/ReachableORAddresses or
845  * ipv4_dirport/ipv6_dirport/ReachableDirAddresses based on IPv4/IPv6 and
846  * <b>fw_connection</b>.
847  * If pref_only, only choose preferred addresses. In either case, choose
848  * a preferred address before an address that's not preferred.
849  * If both addresses could be chosen (they are both preferred or both allowed)
850  * choose IPv6 if pref_ipv6 is true, otherwise choose IPv4. */
851 static void
853  uint16_t ipv4_orport,
854  uint16_t ipv4_dirport,
855  const tor_addr_t *ipv6_addr,
856  uint16_t ipv6_orport,
857  uint16_t ipv6_dirport,
858  firewall_connection_t fw_connection,
859  int pref_only,
860  int pref_ipv6,
861  tor_addr_port_t* ap)
862 {
863  const tor_addr_port_t *result = NULL;
864  const int want_ipv4 = !pref_ipv6;
865 
866  tor_assert(ipv6_addr);
867  tor_assert(ap);
868 
869  tor_addr_make_null(&ap->addr, AF_UNSPEC);
870  ap->port = 0;
871 
872  tor_addr_port_t ipv4_ap;
873  tor_addr_copy(&ipv4_ap.addr, ipv4_addr);
874  ipv4_ap.port = (fw_connection == FIREWALL_OR_CONNECTION
875  ? ipv4_orport
876  : ipv4_dirport);
877 
878  tor_addr_port_t ipv6_ap;
879  tor_addr_copy(&ipv6_ap.addr, ipv6_addr);
880  ipv6_ap.port = (fw_connection == FIREWALL_OR_CONNECTION
881  ? ipv6_orport
882  : ipv6_dirport);
883 
884  result = fascist_firewall_choose_address(&ipv4_ap, &ipv6_ap,
885  want_ipv4,
886  fw_connection, pref_only,
887  pref_ipv6);
888 
889  if (result) {
890  tor_addr_copy(&ap->addr, &result->addr);
891  ap->port = result->port;
892  }
893 }
894 
895 /** Like fascist_firewall_choose_address_base(), but takes a host-order IPv4
896  * address as the first parameter. */
897 static void
899  uint16_t ipv4_orport,
900  uint16_t ipv4_dirport,
901  const tor_addr_t *ipv6_addr,
902  uint16_t ipv6_orport,
903  uint16_t ipv6_dirport,
904  firewall_connection_t fw_connection,
905  int pref_only,
906  int pref_ipv6,
907  tor_addr_port_t* ap)
908 {
909  tor_addr_t ipv4_addr;
910  tor_addr_from_ipv4h(&ipv4_addr, ipv4h_addr);
911  tor_assert(ap);
912 
913  tor_addr_make_null(&ap->addr, AF_UNSPEC);
914  ap->port = 0;
915 
916  fascist_firewall_choose_address_base(&ipv4_addr, ipv4_orport,
917  ipv4_dirport, ipv6_addr,
918  ipv6_orport, ipv6_dirport,
919  fw_connection, pref_only,
920  pref_ipv6, ap);
921 }
922 
923 /** Like fascist_firewall_choose_address_base(), but takes <b>rs</b>.
924  * Consults the corresponding node, then falls back to rs if node is NULL.
925  * This should only happen when there's no valid consensus, and rs doesn't
926  * correspond to a bridge client's bridge.
927  */
928 void
930  firewall_connection_t fw_connection,
931  int pref_only, tor_addr_port_t* ap)
932 {
933  tor_assert(ap);
934 
935  tor_addr_make_null(&ap->addr, AF_UNSPEC);
936  ap->port = 0;
937 
938  if (!rs) {
939  return;
940  }
941 
942  const or_options_t *options = get_options();
943  const node_t *node = node_get_by_id(rs->identity_digest);
944 
945  if (node) {
946  fascist_firewall_choose_address_node(node, fw_connection, pref_only, ap);
947  } else {
948  /* There's no node-specific IPv6 preference, so use the generic IPv6
949  * preference instead. */
950  int pref_ipv6 = (fw_connection == FIREWALL_OR_CONNECTION
953 
954  /* Assume IPv4 and IPv6 DirPorts are the same.
955  * Assume the IPv6 OR and Dir addresses are the same. */
957  &rs->ipv6_addr, rs->ipv6_orport,
958  rs->dir_port, fw_connection,
959  pref_only, pref_ipv6, ap);
960  }
961 }
962 
963 /** Like fascist_firewall_choose_address_base(), but takes in a smartlist
964  * <b>lspecs</b> consisting of one or more link specifiers. We assume
965  * fw_connection is FIREWALL_OR_CONNECTION as link specifiers cannot
966  * contain DirPorts.
967  */
968 void
970  int pref_only, tor_addr_port_t* ap)
971 {
972  int have_v4 = 0, have_v6 = 0;
973  uint16_t port_v4 = 0, port_v6 = 0;
974  tor_addr_t addr_v4, addr_v6;
975 
976  tor_assert(ap);
977 
978  if (lspecs == NULL) {
979  log_warn(LD_BUG, "Unknown or missing link specifiers");
980  return;
981  }
982  if (smartlist_len(lspecs) == 0) {
983  log_warn(LD_PROTOCOL, "Link specifiers are empty");
984  return;
985  }
986 
987  tor_addr_make_null(&ap->addr, AF_UNSPEC);
988  ap->port = 0;
989 
990  tor_addr_make_null(&addr_v4, AF_INET);
991  tor_addr_make_null(&addr_v6, AF_INET6);
992 
993  SMARTLIST_FOREACH_BEGIN(lspecs, const link_specifier_t *, ls) {
994  switch (link_specifier_get_ls_type(ls)) {
995  case LS_IPV4:
996  /* Skip if we already seen a v4. */
997  if (have_v4) continue;
998  tor_addr_from_ipv4h(&addr_v4,
999  link_specifier_get_un_ipv4_addr(ls));
1000  port_v4 = link_specifier_get_un_ipv4_port(ls);
1001  have_v4 = 1;
1002  break;
1003  case LS_IPV6:
1004  /* Skip if we already seen a v6, or deliberately skip it if we're not a
1005  * direct connection. */
1006  if (have_v6) continue;
1007  tor_addr_from_ipv6_bytes(&addr_v6,
1008  link_specifier_getconstarray_un_ipv6_addr(ls));
1009  port_v6 = link_specifier_get_un_ipv6_port(ls);
1010  have_v6 = 1;
1011  break;
1012  default:
1013  /* Ignore unknown. */
1014  break;
1015  }
1016  } SMARTLIST_FOREACH_END(ls);
1017 
1018  /* If we don't have IPv4 or IPv6 in link specifiers, log a bug and return. */
1019  if (!have_v4 && !have_v6) {
1020  if (!have_v6) {
1021  log_warn(LD_PROTOCOL, "None of our link specifiers have IPv4 or IPv6");
1022  } else {
1023  log_warn(LD_PROTOCOL, "None of our link specifiers have IPv4");
1024  }
1025  return;
1026  }
1027 
1028  /* Here, don't check for DirPorts as link specifiers are only used for
1029  * ORPorts. */
1030  const or_options_t *options = get_options();
1031  int pref_ipv6 = fascist_firewall_prefer_ipv6_orport(options);
1032  /* Assume that the DirPorts are zero as link specifiers only use ORPorts. */
1033  fascist_firewall_choose_address_base(&addr_v4, port_v4, 0,
1034  &addr_v6, port_v6, 0,
1035  FIREWALL_OR_CONNECTION,
1036  pref_only, pref_ipv6,
1037  ap);
1038 }
1039 
1040 /** Like fascist_firewall_choose_address_base(), but takes <b>node</b>, and
1041  * looks up the node's IPv6 preference rather than taking an argument
1042  * for pref_ipv6. */
1043 void
1045  firewall_connection_t fw_connection,
1046  int pref_only, tor_addr_port_t *ap)
1047 {
1048  tor_assert(ap);
1049 
1050  tor_addr_make_null(&ap->addr, AF_UNSPEC);
1051  ap->port = 0;
1052 
1053  if (!node) {
1054  return;
1055  }
1056 
1057  node_assert_ok(node);
1058 
1059  const int pref_ipv6_node = (fw_connection == FIREWALL_OR_CONNECTION
1060  ? node_ipv6_or_preferred(node)
1061  : node_ipv6_dir_preferred(node));
1062 
1063  tor_addr_port_t ipv4_or_ap;
1064  node_get_prim_orport(node, &ipv4_or_ap);
1065  tor_addr_port_t ipv4_dir_ap;
1066  node_get_prim_dirport(node, &ipv4_dir_ap);
1067 
1068  tor_addr_port_t ipv6_or_ap;
1069  node_get_pref_ipv6_orport(node, &ipv6_or_ap);
1070  tor_addr_port_t ipv6_dir_ap;
1071  node_get_pref_ipv6_dirport(node, &ipv6_dir_ap);
1072 
1073  /* Assume the IPv6 OR and Dir addresses are the same. */
1074  fascist_firewall_choose_address_base(&ipv4_or_ap.addr, ipv4_or_ap.port,
1075  ipv4_dir_ap.port, &ipv6_or_ap.addr,
1076  ipv6_or_ap.port, ipv6_dir_ap.port,
1077  fw_connection, pref_only,
1078  pref_ipv6_node, ap);
1079 }
1080 
1081 /** Like fascist_firewall_choose_address_rs(), but takes <b>ds</b>. */
1082 void
1084  firewall_connection_t fw_connection,
1085  int pref_only,
1086  tor_addr_port_t *ap)
1087 {
1088  tor_assert(ap);
1089 
1090  tor_addr_make_null(&ap->addr, AF_UNSPEC);
1091  ap->port = 0;
1092 
1093  if (!ds) {
1094  return;
1095  }
1096 
1097  /* A dir_server_t always has a fake_status. As long as it has the same
1098  * addresses/ports in both fake_status and dir_server_t, this works fine.
1099  * (See #17867.)
1100  * This function relies on fascist_firewall_choose_address_rs looking up the
1101  * node if it can, because that will get the latest info for the relay. */
1102  fascist_firewall_choose_address_rs(&ds->fake_status, fw_connection,
1103  pref_only, ap);
1104 }
1105 
1106 /** Return 1 if <b>addr</b> is permitted to connect to our dir port,
1107  * based on <b>dir_policy</b>. Else return 0.
1108  */
1109 int
1111 {
1112  return addr_policy_permits_tor_addr(addr, 1, dir_policy);
1113 }
1114 
1115 /** Return 1 if <b>addr</b> is permitted to connect to our socks port,
1116  * based on <b>socks_policy</b>. Else return 0.
1117  */
1118 int
1120 {
1121  return addr_policy_permits_tor_addr(addr, 1, socks_policy);
1122 }
1123 
1124 /** Return true iff the address <b>addr</b> is in a country listed in the
1125  * case-insensitive list of country codes <b>cc_list</b>. */
1126 static int
1127 addr_is_in_cc_list(uint32_t addr, const smartlist_t *cc_list)
1128 {
1129  country_t country;
1130  const char *name;
1131  tor_addr_t tar;
1132 
1133  if (!cc_list)
1134  return 0;
1135  /* XXXXipv6 */
1136  tor_addr_from_ipv4h(&tar, addr);
1137  country = geoip_get_country_by_addr(&tar);
1138  name = geoip_get_country_name(country);
1139  return smartlist_contains_string_case(cc_list, name);
1140 }
1141 
1142 /** Return 1 if <b>addr</b>:<b>port</b> is permitted to publish to our
1143  * directory, based on <b>authdir_reject_policy</b>. Else return 0.
1144  */
1145 int
1146 authdir_policy_permits_address(uint32_t addr, uint16_t port)
1147 {
1149  return 0;
1150  return !addr_is_in_cc_list(addr, get_options()->AuthDirRejectCCs);
1151 }
1152 
1153 /** Return 1 if <b>addr</b>:<b>port</b> is considered valid in our
1154  * directory, based on <b>authdir_invalid_policy</b>. Else return 0.
1155  */
1156 int
1157 authdir_policy_valid_address(uint32_t addr, uint16_t port)
1158 {
1160  return 0;
1161  return !addr_is_in_cc_list(addr, get_options()->AuthDirInvalidCCs);
1162 }
1163 
1164 /** Return 1 if <b>addr</b>:<b>port</b> should be marked as a bad exit,
1165  * based on <b>authdir_badexit_policy</b>. Else return 0.
1166  */
1167 int
1168 authdir_policy_badexit_address(uint32_t addr, uint16_t port)
1169 {
1171  return 1;
1172  return addr_is_in_cc_list(addr, get_options()->AuthDirBadExitCCs);
1173 }
1174 
1175 #define REJECT(arg) \
1176  STMT_BEGIN *msg = tor_strdup(arg); goto err; STMT_END
1177 
1178 /** Check <b>or_options</b> to determine whether or not we are using the
1179  * default options for exit policy. Return true if so, false otherwise. */
1180 static int
1182 {
1183  return (or_options->ExitPolicy == NULL && or_options->ExitRelay == -1 &&
1184  or_options->ReducedExitPolicy == 0 && or_options->IPv6Exit == 0);
1185 }
1186 
1187 /** Config helper: If there's any problem with the policy configuration
1188  * options in <b>options</b>, return -1 and set <b>msg</b> to a newly
1189  * allocated description of the error. Else return 0. */
1190 int
1191 validate_addr_policies(const or_options_t *options, char **msg)
1192 {
1193  /* XXXX Maybe merge this into parse_policies_from_options, to make sure
1194  * that the two can't go out of sync. */
1195 
1196  smartlist_t *addr_policy=NULL;
1197  *msg = NULL;
1198 
1199  if (policies_parse_exit_policy_from_options(options,0,NULL,&addr_policy)) {
1200  REJECT("Error in ExitPolicy entry.");
1201  }
1202 
1203  static int warned_about_nonexit = 0;
1204 
1205  if (public_server_mode(options) && !warned_about_nonexit &&
1207  warned_about_nonexit = 1;
1208  log_notice(LD_CONFIG, "By default, Tor does not run as an exit relay. "
1209  "If you want to be an exit relay, "
1210  "set ExitRelay to 1. To suppress this message in the future, "
1211  "set ExitRelay to 0.");
1212  }
1213 
1214  /* The rest of these calls *append* to addr_policy. So don't actually
1215  * use the results for anything other than checking if they parse! */
1216  if (parse_addr_policy(options->DirPolicy, &addr_policy, -1))
1217  REJECT("Error in DirPolicy entry.");
1218  if (parse_addr_policy(options->SocksPolicy, &addr_policy, -1))
1219  REJECT("Error in SocksPolicy entry.");
1220  if (parse_addr_policy(options->AuthDirReject, &addr_policy,
1221  ADDR_POLICY_REJECT))
1222  REJECT("Error in AuthDirReject entry.");
1223  if (parse_addr_policy(options->AuthDirInvalid, &addr_policy,
1224  ADDR_POLICY_REJECT))
1225  REJECT("Error in AuthDirInvalid entry.");
1226  if (parse_addr_policy(options->AuthDirBadExit, &addr_policy,
1227  ADDR_POLICY_REJECT))
1228  REJECT("Error in AuthDirBadExit entry.");
1229 
1230  if (parse_addr_policy(options->ReachableAddresses, &addr_policy,
1231  ADDR_POLICY_ACCEPT))
1232  REJECT("Error in ReachableAddresses entry.");
1233  if (parse_addr_policy(options->ReachableORAddresses, &addr_policy,
1234  ADDR_POLICY_ACCEPT))
1235  REJECT("Error in ReachableORAddresses entry.");
1236  if (parse_addr_policy(options->ReachableDirAddresses, &addr_policy,
1237  ADDR_POLICY_ACCEPT))
1238  REJECT("Error in ReachableDirAddresses entry.");
1239 
1240  err:
1241  addr_policy_list_free(addr_policy);
1242  return *msg ? -1 : 0;
1243 #undef REJECT
1244 }
1245 
1246 /** Parse <b>string</b> in the same way that the exit policy
1247  * is parsed, and put the processed version in *<b>policy</b>.
1248  * Ignore port specifiers.
1249  */
1250 static int
1251 load_policy_from_option(config_line_t *config, const char *option_name,
1252  smartlist_t **policy,
1253  int assume_action)
1254 {
1255  int r;
1256  int killed_any_ports = 0;
1257  addr_policy_list_free(*policy);
1258  *policy = NULL;
1259  r = parse_addr_policy(config, policy, assume_action);
1260  if (r < 0) {
1261  return -1;
1262  }
1263  if (*policy) {
1264  SMARTLIST_FOREACH_BEGIN(*policy, addr_policy_t *, n) {
1265  /* ports aren't used in these. */
1266  if (n->prt_min > 1 || n->prt_max != 65535) {
1267  addr_policy_t newp, *c;
1268  memcpy(&newp, n, sizeof(newp));
1269  newp.prt_min = 1;
1270  newp.prt_max = 65535;
1271  newp.is_canonical = 0;
1273  SMARTLIST_REPLACE_CURRENT(*policy, n, c);
1274  addr_policy_free(n);
1275  killed_any_ports = 1;
1276  }
1277  } SMARTLIST_FOREACH_END(n);
1278  }
1279  if (killed_any_ports) {
1280  log_warn(LD_CONFIG, "Ignoring ports in %s option.", option_name);
1281  }
1282  return 0;
1283 }
1284 
1285 /** Set all policies based on <b>options</b>, which should have been validated
1286  * first by validate_addr_policies. */
1287 int
1289 {
1290  int ret = 0;
1291  if (load_policy_from_option(options->SocksPolicy, "SocksPolicy",
1292  &socks_policy, -1) < 0)
1293  ret = -1;
1294  if (load_policy_from_option(options->DirPolicy, "DirPolicy",
1295  &dir_policy, -1) < 0)
1296  ret = -1;
1297  if (load_policy_from_option(options->AuthDirReject, "AuthDirReject",
1298  &authdir_reject_policy, ADDR_POLICY_REJECT) < 0)
1299  ret = -1;
1300  if (load_policy_from_option(options->AuthDirInvalid, "AuthDirInvalid",
1301  &authdir_invalid_policy, ADDR_POLICY_REJECT) < 0)
1302  ret = -1;
1303  if (load_policy_from_option(options->AuthDirBadExit, "AuthDirBadExit",
1304  &authdir_badexit_policy, ADDR_POLICY_REJECT) < 0)
1305  ret = -1;
1306  if (parse_reachable_addresses() < 0)
1307  ret = -1;
1308  return ret;
1309 }
1310 
1311 /** Compare two provided address policy items, and renturn -1, 0, or 1
1312  * if the first is less than, equal to, or greater than the second. */
1313 static int
1315 {
1316  int r;
1317 #define CMP_FIELD(field) do { \
1318  if (a->field != b->field) { \
1319  return 0; \
1320  } \
1321  } while (0)
1322  CMP_FIELD(policy_type);
1323  CMP_FIELD(is_private);
1324  /* refcnt and is_canonical are irrelevant to equality,
1325  * they are hash table implementation details */
1326  if ((r=tor_addr_compare(&a->addr, &b->addr, CMP_EXACT)))
1327  return 0;
1328  CMP_FIELD(maskbits);
1329  CMP_FIELD(prt_min);
1330  CMP_FIELD(prt_max);
1331 #undef CMP_FIELD
1332  return 1;
1333 }
1334 
1335 /** As single_addr_policy_eq, but compare every element of two policies.
1336  */
1337 int
1339 {
1340  int i;
1341  int len_a = a ? smartlist_len(a) : 0;
1342  int len_b = b ? smartlist_len(b) : 0;
1343 
1344  if (len_a != len_b)
1345  return 0;
1346 
1347  for (i = 0; i < len_a; ++i) {
1348  if (! single_addr_policy_eq(smartlist_get(a, i), smartlist_get(b, i)))
1349  return 0;
1350  }
1351 
1352  return 1;
1353 }
1354 
1355 /** Node in hashtable used to store address policy entries. */
1356 typedef struct policy_map_ent_t {
1357  HT_ENTRY(policy_map_ent_t) node;
1358  addr_policy_t *policy;
1360 
1361 /* DOCDOC policy_root */
1362 static HT_HEAD(policy_map, policy_map_ent_t) policy_root = HT_INITIALIZER();
1363 
1364 /** Return true iff a and b are equal. */
1365 static inline int
1366 policy_eq(policy_map_ent_t *a, policy_map_ent_t *b)
1367 {
1368  return single_addr_policy_eq(a->policy, b->policy);
1369 }
1370 
1371 /** Return a hashcode for <b>ent</b> */
1372 static unsigned int
1374 {
1375  const addr_policy_t *a = ent->policy;
1376  addr_policy_t aa;
1377  memset(&aa, 0, sizeof(aa));
1378 
1379  aa.prt_min = a->prt_min;
1380  aa.prt_max = a->prt_max;
1381  aa.maskbits = a->maskbits;
1382  aa.policy_type = a->policy_type;
1383  aa.is_private = a->is_private;
1384 
1385  if (a->is_private) {
1386  aa.is_private = 1;
1387  } else {
1388  tor_addr_copy_tight(&aa.addr, &a->addr);
1389  }
1390 
1391  return (unsigned) siphash24g(&aa, sizeof(aa));
1392 }
1393 
1394 HT_PROTOTYPE(policy_map, policy_map_ent_t, node, policy_hash,
1395  policy_eq);
1396 HT_GENERATE2(policy_map, policy_map_ent_t, node, policy_hash,
1397  policy_eq, 0.6, tor_reallocarray_, tor_free_);
1398 
1399 /** Given a pointer to an addr_policy_t, return a copy of the pointer to the
1400  * "canonical" copy of that addr_policy_t; the canonical copy is a single
1401  * reference-counted object. */
1402 addr_policy_t *
1404 {
1405  policy_map_ent_t search, *found;
1406  if (e->is_canonical)
1407  return e;
1408 
1409  search.policy = e;
1410  found = HT_FIND(policy_map, &policy_root, &search);
1411  if (!found) {
1412  found = tor_malloc_zero(sizeof(policy_map_ent_t));
1413  found->policy = tor_memdup(e, sizeof(addr_policy_t));
1414  found->policy->is_canonical = 1;
1415  found->policy->refcnt = 0;
1416  HT_INSERT(policy_map, &policy_root, found);
1417  }
1418 
1419  tor_assert(single_addr_policy_eq(found->policy, e));
1420  ++found->policy->refcnt;
1421  return found->policy;
1422 }
1423 
1424 /** Helper for compare_tor_addr_to_addr_policy. Implements the case where
1425  * addr and port are both known. */
1426 static addr_policy_result_t
1428  const smartlist_t *policy)
1429 {
1430  /* We know the address and port, and we know the policy, so we can just
1431  * compute an exact match. */
1432  SMARTLIST_FOREACH_BEGIN(policy, addr_policy_t *, tmpe) {
1433  if (tmpe->addr.family == AF_UNSPEC) {
1434  log_warn(LD_BUG, "Policy contains an AF_UNSPEC address, which only "
1435  "matches other AF_UNSPEC addresses.");
1436  }
1437  /* Address is known */
1438  if (!tor_addr_compare_masked(addr, &tmpe->addr, tmpe->maskbits,
1439  CMP_EXACT)) {
1440  if (port >= tmpe->prt_min && port <= tmpe->prt_max) {
1441  /* Exact match for the policy */
1442  return tmpe->policy_type == ADDR_POLICY_ACCEPT ?
1444  }
1445  }
1446  } SMARTLIST_FOREACH_END(tmpe);
1447 
1448  /* accept all by default. */
1449  return ADDR_POLICY_ACCEPTED;
1450 }
1451 
1452 /** Helper for compare_tor_addr_to_addr_policy. Implements the case where
1453  * addr is known but port is not. */
1454 static addr_policy_result_t
1456  const smartlist_t *policy)
1457 {
1458  /* We look to see if there's a definite match. If so, we return that
1459  match's value, unless there's an intervening possible match that says
1460  something different. */
1461  int maybe_accept = 0, maybe_reject = 0;
1462 
1463  SMARTLIST_FOREACH_BEGIN(policy, addr_policy_t *, tmpe) {
1464  if (tmpe->addr.family == AF_UNSPEC) {
1465  log_warn(LD_BUG, "Policy contains an AF_UNSPEC address, which only "
1466  "matches other AF_UNSPEC addresses.");
1467  }
1468  if (!tor_addr_compare_masked(addr, &tmpe->addr, tmpe->maskbits,
1469  CMP_EXACT)) {
1470  if (tmpe->prt_min <= 1 && tmpe->prt_max >= 65535) {
1471  /* Definitely matches, since it covers all ports. */
1472  if (tmpe->policy_type == ADDR_POLICY_ACCEPT) {
1473  /* If we already hit a clause that might trigger a 'reject', than we
1474  * can't be sure of this certain 'accept'.*/
1475  return maybe_reject ? ADDR_POLICY_PROBABLY_ACCEPTED :
1477  } else {
1478  return maybe_accept ? ADDR_POLICY_PROBABLY_REJECTED :
1480  }
1481  } else {
1482  /* Might match. */
1483  if (tmpe->policy_type == ADDR_POLICY_REJECT)
1484  maybe_reject = 1;
1485  else
1486  maybe_accept = 1;
1487  }
1488  }
1489  } SMARTLIST_FOREACH_END(tmpe);
1490 
1491  /* accept all by default. */
1492  return maybe_reject ? ADDR_POLICY_PROBABLY_ACCEPTED : ADDR_POLICY_ACCEPTED;
1493 }
1494 
1495 /** Helper for compare_tor_addr_to_addr_policy. Implements the case where
1496  * port is known but address is not. */
1497 static addr_policy_result_t
1499  const smartlist_t *policy)
1500 {
1501  /* We look to see if there's a definite match. If so, we return that
1502  match's value, unless there's an intervening possible match that says
1503  something different. */
1504  int maybe_accept = 0, maybe_reject = 0;
1505 
1506  SMARTLIST_FOREACH_BEGIN(policy, addr_policy_t *, tmpe) {
1507  if (tmpe->addr.family == AF_UNSPEC) {
1508  log_warn(LD_BUG, "Policy contains an AF_UNSPEC address, which only "
1509  "matches other AF_UNSPEC addresses.");
1510  }
1511  if (tmpe->prt_min <= port && port <= tmpe->prt_max) {
1512  if (tmpe->maskbits == 0) {
1513  /* Definitely matches, since it covers all addresses. */
1514  if (tmpe->policy_type == ADDR_POLICY_ACCEPT) {
1515  /* If we already hit a clause that might trigger a 'reject', than we
1516  * can't be sure of this certain 'accept'.*/
1517  return maybe_reject ? ADDR_POLICY_PROBABLY_ACCEPTED :
1519  } else {
1520  return maybe_accept ? ADDR_POLICY_PROBABLY_REJECTED :
1522  }
1523  } else {
1524  /* Might match. */
1525  if (tmpe->policy_type == ADDR_POLICY_REJECT)
1526  maybe_reject = 1;
1527  else
1528  maybe_accept = 1;
1529  }
1530  }
1531  } SMARTLIST_FOREACH_END(tmpe);
1532 
1533  /* accept all by default. */
1534  return maybe_reject ? ADDR_POLICY_PROBABLY_ACCEPTED : ADDR_POLICY_ACCEPTED;
1535 }
1536 
1537 /** Decide whether a given addr:port is definitely accepted,
1538  * definitely rejected, probably accepted, or probably rejected by a
1539  * given policy. If <b>addr</b> is 0, we don't know the IP of the
1540  * target address. If <b>port</b> is 0, we don't know the port of the
1541  * target address. (At least one of <b>addr</b> and <b>port</b> must be
1542  * provided. If you want to know whether a policy would definitely reject
1543  * an unknown address:port, use policy_is_reject_star().)
1544  *
1545  * We could do better by assuming that some ranges never match typical
1546  * addresses (127.0.0.1, and so on). But we'll try this for now.
1547  */
1549 compare_tor_addr_to_addr_policy,(const tor_addr_t *addr, uint16_t port,
1550  const smartlist_t *policy))
1551 {
1552  if (!policy) {
1553  /* no policy? accept all. */
1554  return ADDR_POLICY_ACCEPTED;
1555  } else if (addr == NULL || tor_addr_is_null(addr)) {
1556  if (port == 0) {
1557  log_info(LD_BUG, "Rejecting null address with 0 port (family %d)",
1558  addr ? tor_addr_family(addr) : -1);
1559  return ADDR_POLICY_REJECTED;
1560  }
1561  return compare_unknown_tor_addr_to_addr_policy(port, policy);
1562  } else if (port == 0) {
1563  return compare_known_tor_addr_to_addr_policy_noport(addr, policy);
1564  } else {
1565  return compare_known_tor_addr_to_addr_policy(addr, port, policy);
1566  }
1567 }
1568 
1569 /** Return true iff the address policy <b>a</b> covers every case that
1570  * would be covered by <b>b</b>, so that a,b is redundant. */
1571 static int
1573 {
1574  if (tor_addr_family(&a->addr) != tor_addr_family(&b->addr)) {
1575  /* You can't cover a different family. */
1576  return 0;
1577  }
1578  /* We can ignore accept/reject, since "accept *:80, reject *:80" reduces
1579  * to "accept *:80". */
1580  if (a->maskbits > b->maskbits) {
1581  /* a has more fixed bits than b; it can't possibly cover b. */
1582  return 0;
1583  }
1584  if (tor_addr_compare_masked(&a->addr, &b->addr, a->maskbits, CMP_EXACT)) {
1585  /* There's a fixed bit in a that's set differently in b. */
1586  return 0;
1587  }
1588  return (a->prt_min <= b->prt_min && a->prt_max >= b->prt_max);
1589 }
1590 
1591 /** Return true iff the address policies <b>a</b> and <b>b</b> intersect,
1592  * that is, there exists an address/port that is covered by <b>a</b> that
1593  * is also covered by <b>b</b>.
1594  */
1595 static int
1597 {
1598  maskbits_t minbits;
1599  /* All the bits we care about are those that are set in both
1600  * netmasks. If they are equal in a and b's networkaddresses
1601  * then the networks intersect. If there is a difference,
1602  * then they do not. */
1603  if (a->maskbits < b->maskbits)
1604  minbits = a->maskbits;
1605  else
1606  minbits = b->maskbits;
1607  if (tor_addr_compare_masked(&a->addr, &b->addr, minbits, CMP_EXACT))
1608  return 0;
1609  if (a->prt_max < b->prt_min || b->prt_max < a->prt_min)
1610  return 0;
1611  return 1;
1612 }
1613 
1614 /** Add the exit policy described by <b>more</b> to <b>policy</b>.
1615  */
1616 STATIC void
1617 append_exit_policy_string(smartlist_t **policy, const char *more)
1618 {
1619  config_line_t tmp;
1620 
1621  tmp.key = NULL;
1622  tmp.value = (char*) more;
1623  tmp.next = NULL;
1624  if (parse_addr_policy(&tmp, policy, -1)<0) {
1625  log_warn(LD_BUG, "Unable to parse internally generated policy %s",more);
1626  }
1627 }
1628 
1629 /** Add "reject <b>addr</b>:*" to <b>dest</b>, creating the list as needed. */
1630 void
1632 {
1633  tor_assert(dest);
1634  tor_assert(addr);
1635 
1636  addr_policy_t p, *add;
1637  memset(&p, 0, sizeof(p));
1638  p.policy_type = ADDR_POLICY_REJECT;
1639  p.maskbits = tor_addr_family(addr) == AF_INET6 ? 128 : 32;
1640  tor_addr_copy(&p.addr, addr);
1641  p.prt_min = 1;
1642  p.prt_max = 65535;
1643 
1645  if (!*dest)
1646  *dest = smartlist_new();
1647  smartlist_add(*dest, add);
1648  log_debug(LD_CONFIG, "Adding a reject ExitPolicy 'reject %s:*'",
1649  fmt_addr(addr));
1650 }
1651 
1652 /* Is addr public for the purposes of rejection? */
1653 static int
1654 tor_addr_is_public_for_reject(const tor_addr_t *addr)
1655 {
1656  return (!tor_addr_is_null(addr) && !tor_addr_is_internal(addr, 0)
1657  && !tor_addr_is_multicast(addr));
1658 }
1659 
1660 /* Add "reject <b>addr</b>:*" to <b>dest</b>, creating the list as needed.
1661  * Filter the address, only adding an IPv4 reject rule if ipv4_rules
1662  * is true, and similarly for ipv6_rules. Check each address returns true for
1663  * tor_addr_is_public_for_reject before adding it.
1664  */
1665 static void
1666 addr_policy_append_reject_addr_filter(smartlist_t **dest,
1667  const tor_addr_t *addr,
1668  int ipv4_rules,
1669  int ipv6_rules)
1670 {
1671  tor_assert(dest);
1672  tor_assert(addr);
1673 
1674  /* Only reject IP addresses which are public */
1675  if (tor_addr_is_public_for_reject(addr)) {
1676 
1677  /* Reject IPv4 addresses and IPv6 addresses based on the filters */
1678  int is_ipv4 = tor_addr_is_v4(addr);
1679  if ((is_ipv4 && ipv4_rules) || (!is_ipv4 && ipv6_rules)) {
1680  addr_policy_append_reject_addr(dest, addr);
1681  }
1682  }
1683 }
1684 
1685 /** Add "reject addr:*" to <b>dest</b>, for each addr in addrs, creating the
1686  * list as needed. */
1687 void
1689  const smartlist_t *addrs)
1690 {
1691  tor_assert(dest);
1692  tor_assert(addrs);
1693 
1694  SMARTLIST_FOREACH_BEGIN(addrs, tor_addr_t *, addr) {
1695  addr_policy_append_reject_addr(dest, addr);
1696  } SMARTLIST_FOREACH_END(addr);
1697 }
1698 
1699 /** Add "reject addr:*" to <b>dest</b>, for each addr in addrs, creating the
1700  * list as needed. Filter using */
1701 static void
1703  const smartlist_t *addrs,
1704  int ipv4_rules,
1705  int ipv6_rules)
1706 {
1707  tor_assert(dest);
1708  tor_assert(addrs);
1709 
1710  SMARTLIST_FOREACH_BEGIN(addrs, tor_addr_t *, addr) {
1711  addr_policy_append_reject_addr_filter(dest, addr, ipv4_rules, ipv6_rules);
1712  } SMARTLIST_FOREACH_END(addr);
1713 }
1714 
1715 /** Detect and excise "dead code" from the policy *<b>dest</b>. */
1716 static void
1718 {
1719  addr_policy_t *ap, *tmp;
1720  int i, j;
1721 
1722  /* Step one: kill every ipv4 thing after *4:*, every IPv6 thing after *6:*
1723  */
1724  {
1725  int kill_v4=0, kill_v6=0;
1726  for (i = 0; i < smartlist_len(dest); ++i) {
1727  sa_family_t family;
1728  ap = smartlist_get(dest, i);
1729  family = tor_addr_family(&ap->addr);
1730  if ((family == AF_INET && kill_v4) ||
1731  (family == AF_INET6 && kill_v6)) {
1732  smartlist_del_keeporder(dest, i--);
1733  addr_policy_free(ap);
1734  continue;
1735  }
1736 
1737  if (ap->maskbits == 0 && ap->prt_min <= 1 && ap->prt_max >= 65535) {
1738  /* This is a catch-all line -- later lines are unreachable. */
1739  if (family == AF_INET) {
1740  kill_v4 = 1;
1741  } else if (family == AF_INET6) {
1742  kill_v6 = 1;
1743  }
1744  }
1745  }
1746  }
1747 
1748  /* Step two: for every entry, see if there's a redundant entry
1749  * later on, and remove it. */
1750  for (i = 0; i < smartlist_len(dest)-1; ++i) {
1751  ap = smartlist_get(dest, i);
1752  for (j = i+1; j < smartlist_len(dest); ++j) {
1753  tmp = smartlist_get(dest, j);
1754  tor_assert(j > i);
1755  if (addr_policy_covers(ap, tmp)) {
1756  char p1[POLICY_BUF_LEN], p2[POLICY_BUF_LEN];
1757  policy_write_item(p1, sizeof(p1), tmp, 0);
1758  policy_write_item(p2, sizeof(p2), ap, 0);
1759  log_debug(LD_CONFIG, "Removing exit policy %s (%d). It is made "
1760  "redundant by %s (%d).", p1, j, p2, i);
1761  smartlist_del_keeporder(dest, j--);
1762  addr_policy_free(tmp);
1763  }
1764  }
1765  }
1766 
1767  /* Step three: for every entry A, see if there's an entry B making this one
1768  * redundant later on. This is the case if A and B are of the same type
1769  * (accept/reject), A is a subset of B, and there is no other entry of
1770  * different type in between those two that intersects with A.
1771  *
1772  * Anybody want to double-check the logic here? XXX
1773  */
1774  for (i = 0; i < smartlist_len(dest)-1; ++i) {
1775  ap = smartlist_get(dest, i);
1776  for (j = i+1; j < smartlist_len(dest); ++j) {
1777  // tor_assert(j > i); // j starts out at i+1; j only increases; i only
1778  // // decreases.
1779  tmp = smartlist_get(dest, j);
1780  if (ap->policy_type != tmp->policy_type) {
1781  if (addr_policy_intersects(ap, tmp))
1782  break;
1783  } else { /* policy_types are equal. */
1784  if (addr_policy_covers(tmp, ap)) {
1785  char p1[POLICY_BUF_LEN], p2[POLICY_BUF_LEN];
1786  policy_write_item(p1, sizeof(p1), ap, 0);
1787  policy_write_item(p2, sizeof(p2), tmp, 0);
1788  log_debug(LD_CONFIG, "Removing exit policy %s. It is already "
1789  "covered by %s.", p1, p2);
1790  smartlist_del_keeporder(dest, i--);
1791  addr_policy_free(ap);
1792  break;
1793  }
1794  }
1795  }
1796  }
1797 }
1798 
1799 /** Reject private helper for policies_parse_exit_policy_internal: rejects
1800  * publicly routable addresses on this exit relay.
1801  *
1802  * Add reject entries to the linked list *<b>dest</b>:
1803  * <ul>
1804  * <li>if configured_addresses is non-NULL, add entries that reject each
1805  * tor_addr_t in the list as a destination.
1806  * <li>if reject_interface_addresses is true, add entries that reject each
1807  * public IPv4 and IPv6 address of each interface on this machine.
1808  * <li>if reject_configured_port_addresses is true, add entries that reject
1809  * each IPv4 and IPv6 address configured for a port.
1810  * </ul>
1811  *
1812  * IPv6 entries are only added if ipv6_exit is true. (All IPv6 addresses are
1813  * already blocked by policies_parse_exit_policy_internal if ipv6_exit is
1814  * false.)
1815  *
1816  * The list in <b>dest</b> is created as needed.
1817  */
1818 void
1820  smartlist_t **dest,
1821  int ipv6_exit,
1822  const smartlist_t *configured_addresses,
1823  int reject_interface_addresses,
1824  int reject_configured_port_addresses)
1825 {
1826  tor_assert(dest);
1827 
1828  /* Reject configured addresses, if they are from public netblocks. */
1829  if (configured_addresses) {
1830  addr_policy_append_reject_addr_list_filter(dest, configured_addresses,
1831  1, ipv6_exit);
1832  }
1833 
1834  /* Reject configured port addresses, if they are from public netblocks. */
1835  if (reject_configured_port_addresses) {
1836  const smartlist_t *port_addrs = get_configured_ports();
1837 
1838  SMARTLIST_FOREACH_BEGIN(port_addrs, port_cfg_t *, port) {
1839 
1840  /* Only reject port IP addresses, not port unix sockets */
1841  if (!port->is_unix_addr) {
1842  addr_policy_append_reject_addr_filter(dest, &port->addr, 1, ipv6_exit);
1843  }
1844  } SMARTLIST_FOREACH_END(port);
1845  }
1846 
1847  /* Reject local addresses from public netblocks on any interface. */
1848  if (reject_interface_addresses) {
1849  smartlist_t *public_addresses = NULL;
1850 
1851  /* Reject public IPv4 addresses on any interface */
1852  public_addresses = get_interface_address6_list(LOG_INFO, AF_INET, 0);
1853  addr_policy_append_reject_addr_list_filter(dest, public_addresses, 1, 0);
1854  interface_address6_list_free(public_addresses);
1855 
1856  /* Don't look for IPv6 addresses if we're configured as IPv4-only */
1857  if (ipv6_exit) {
1858  /* Reject public IPv6 addresses on any interface */
1859  public_addresses = get_interface_address6_list(LOG_INFO, AF_INET6, 0);
1860  addr_policy_append_reject_addr_list_filter(dest, public_addresses, 0, 1);
1861  interface_address6_list_free(public_addresses);
1862  }
1863  }
1864 
1865  /* If addresses were added multiple times, remove all but one of them. */
1866  if (*dest) {
1868  }
1869 }
1870 
1871 /**
1872  * Iterate through <b>policy</b> looking for redundant entries. Log a
1873  * warning message with the first redundant entry, if any is found.
1874  */
1875 static void
1877 {
1878  int found_final_effective_entry = 0;
1879  int first_redundant_entry = 0;
1880  tor_assert(policy);
1881  SMARTLIST_FOREACH_BEGIN(policy, const addr_policy_t *, p) {
1882  sa_family_t family;
1883  int found_ipv4_wildcard = 0, found_ipv6_wildcard = 0;
1884  const int i = p_sl_idx;
1885 
1886  /* Look for accept/reject *[4|6|]:* entires */
1887  if (p->prt_min <= 1 && p->prt_max == 65535 && p->maskbits == 0) {
1888  family = tor_addr_family(&p->addr);
1889  /* accept/reject *:* may have already been expanded into
1890  * accept/reject *4:*,accept/reject *6:*
1891  * But handle both forms.
1892  */
1893  if (family == AF_INET || family == AF_UNSPEC) {
1894  found_ipv4_wildcard = 1;
1895  }
1896  if (family == AF_INET6 || family == AF_UNSPEC) {
1897  found_ipv6_wildcard = 1;
1898  }
1899  }
1900 
1901  /* We also find accept *4:*,reject *6:* ; and
1902  * accept *4:*,<other policies>,accept *6:* ; and similar.
1903  * That's ok, because they make any subsequent entries redundant. */
1904  if (found_ipv4_wildcard && found_ipv6_wildcard) {
1905  found_final_effective_entry = 1;
1906  /* if we're not on the final entry in the list */
1907  if (i < smartlist_len(policy) - 1) {
1908  first_redundant_entry = i + 1;
1909  }
1910  break;
1911  }
1912  } SMARTLIST_FOREACH_END(p);
1913 
1914  /* Work out if there are redundant trailing entries in the policy list */
1915  if (found_final_effective_entry && first_redundant_entry > 0) {
1916  const addr_policy_t *p;
1917  /* Longest possible policy is
1918  * "accept6 ffff:ffff:..255/128:10000-65535",
1919  * which contains a max-length IPv6 address, plus 24 characters. */
1920  char line[TOR_ADDR_BUF_LEN + 32];
1921 
1922  tor_assert(first_redundant_entry < smartlist_len(policy));
1923  p = smartlist_get(policy, first_redundant_entry);
1924  /* since we've already parsed the policy into an addr_policy_t struct,
1925  * we might not log exactly what the user typed in */
1926  policy_write_item(line, TOR_ADDR_BUF_LEN + 32, p, 0);
1927  log_warn(LD_DIR, "Exit policy '%s' and all following policies are "
1928  "redundant, as it follows accept/reject *:* rules for both "
1929  "IPv4 and IPv6. They will be removed from the exit policy. (Use "
1930  "accept/reject *:* as the last entry in any exit policy.)",
1931  line);
1932  }
1933 }
1934 
1935 #define DEFAULT_EXIT_POLICY \
1936  "reject *:25,reject *:119,reject *:135-139,reject *:445," \
1937  "reject *:563,reject *:1214,reject *:4661-4666," \
1938  "reject *:6346-6429,reject *:6699,reject *:6881-6999,accept *:*"
1939 
1940 #define REDUCED_EXIT_POLICY \
1941  "accept *:20-23,accept *:43,accept *:53,accept *:79-81,accept *:88," \
1942  "accept *:110,accept *:143,accept *:194,accept *:220,accept *:389," \
1943  "accept *:443,accept *:464,accept *:465,accept *:531,accept *:543-544," \
1944  "accept *:554,accept *:563,accept *:587,accept *:636,accept *:706," \
1945  "accept *:749,accept *:873,accept *:902-904,accept *:981,accept *:989-995," \
1946  "accept *:1194,accept *:1220,accept *:1293,accept *:1500,accept *:1533," \
1947  "accept *:1677,accept *:1723,accept *:1755,accept *:1863," \
1948  "accept *:2082-2083,accept *:2086-2087,accept *:2095-2096," \
1949  "accept *:2102-2104,accept *:3128,accept *:3389,accept *:3690," \
1950  "accept *:4321,accept *:4643,accept *:5050,accept *:5190," \
1951  "accept *:5222-5223,accept *:5228,accept *:5900,accept *:6660-6669," \
1952  "accept *:6679,accept *:6697,accept *:8000,accept *:8008,accept *:8074," \
1953  "accept *:8080,accept *:8082,accept *:8087-8088,accept *:8232-8233," \
1954  "accept *:8332-8333,accept *:8443,accept *:8888,accept *:9418," \
1955  "accept *:9999,accept *:10000,accept *:11371,accept *:19294," \
1956  "accept *:19638,accept *:50002,accept *:64738,reject *:*"
1957 
1958 /** Parse the exit policy <b>cfg</b> into the linked list *<b>dest</b>.
1959  *
1960  * If <b>ipv6_exit</b> is false, prepend "reject *6:*" to the policy.
1961  *
1962  * If <b>configured_addresses</b> contains addresses:
1963  * - prepend entries that reject the addresses in this list. These may be the
1964  * advertised relay addresses and/or the outbound bind addresses,
1965  * depending on the ExitPolicyRejectPrivate and
1966  * ExitPolicyRejectLocalInterfaces settings.
1967  * If <b>rejectprivate</b> is true:
1968  * - prepend "reject private:*" to the policy.
1969  * If <b>reject_interface_addresses</b> is true:
1970  * - prepend entries that reject publicly routable interface addresses on
1971  * this exit relay by calling policies_parse_exit_policy_reject_private
1972  * If <b>reject_configured_port_addresses</b> is true:
1973  * - prepend entries that reject all configured port addresses
1974  *
1975  * If cfg doesn't end in an absolute accept or reject and if
1976  * <b>add_default_policy</b> is true, add the default exit
1977  * policy afterwards.
1978  *
1979  * Return -1 if we can't parse cfg, else return 0.
1980  *
1981  * This function is used to parse the exit policy from our torrc. For
1982  * the functions used to parse the exit policy from a router descriptor,
1983  * see router_add_exit_policy.
1984  */
1985 static int
1987  smartlist_t **dest,
1988  int ipv6_exit,
1989  int rejectprivate,
1990  const smartlist_t *configured_addresses,
1991  int reject_interface_addresses,
1992  int reject_configured_port_addresses,
1993  int add_default_policy,
1994  int add_reduced_policy)
1995 {
1996  if (!ipv6_exit) {
1997  append_exit_policy_string(dest, "reject *6:*");
1998  }
1999  if (rejectprivate) {
2000  /* Reject IPv4 and IPv6 reserved private netblocks */
2001  append_exit_policy_string(dest, "reject private:*");
2002  }
2003 
2004  /* Consider rejecting IPv4 and IPv6 advertised relay addresses, outbound bind
2005  * addresses, publicly routable addresses, and configured port addresses
2006  * on this exit relay */
2008  configured_addresses,
2009  reject_interface_addresses,
2010  reject_configured_port_addresses);
2011 
2012  if (parse_addr_policy(cfg, dest, -1))
2013  return -1;
2014 
2015  /* Before we add the default policy and final rejects, check to see if
2016  * there are any lines after accept *:* or reject *:*. These lines have no
2017  * effect, and are most likely an error. */
2019 
2020  if (add_reduced_policy) {
2021  append_exit_policy_string(dest, REDUCED_EXIT_POLICY);
2022  } else if (add_default_policy) {
2023  append_exit_policy_string(dest, DEFAULT_EXIT_POLICY);
2024  } else {
2025  append_exit_policy_string(dest, "reject *4:*");
2026  append_exit_policy_string(dest, "reject *6:*");
2027  }
2029 
2030  return 0;
2031 }
2032 
2033 /** Parse exit policy in <b>cfg</b> into <b>dest</b> smartlist.
2034  *
2035  * Prepend an entry that rejects all IPv6 destinations unless
2036  * <b>EXIT_POLICY_IPV6_ENABLED</b> bit is set in <b>options</b> bitmask.
2037  *
2038  * If <b>EXIT_POLICY_REJECT_PRIVATE</b> bit is set in <b>options</b>:
2039  * - prepend an entry that rejects all destinations in all netblocks
2040  * reserved for private use.
2041  * - prepend entries that reject the advertised relay addresses in
2042  * configured_addresses
2043  * If <b>EXIT_POLICY_REJECT_LOCAL_INTERFACES</b> bit is set in <b>options</b>:
2044  * - prepend entries that reject publicly routable addresses on this exit
2045  * relay by calling policies_parse_exit_policy_internal
2046  * - prepend entries that reject the outbound bind addresses in
2047  * configured_addresses
2048  * - prepend entries that reject all configured port addresses
2049  *
2050  * If <b>EXIT_POLICY_ADD_DEFAULT</b> bit is set in <b>options</b>, append
2051  * default exit policy entries to <b>result</b> smartlist.
2052  */
2053 int
2055  exit_policy_parser_cfg_t options,
2056  const smartlist_t *configured_addresses)
2057 {
2058  int ipv6_enabled = (options & EXIT_POLICY_IPV6_ENABLED) ? 1 : 0;
2059  int reject_private = (options & EXIT_POLICY_REJECT_PRIVATE) ? 1 : 0;
2060  int add_default = (options & EXIT_POLICY_ADD_DEFAULT) ? 1 : 0;
2061  int reject_local_interfaces = (options &
2062  EXIT_POLICY_REJECT_LOCAL_INTERFACES) ? 1 : 0;
2063  int add_reduced = (options & EXIT_POLICY_ADD_REDUCED) ? 1 : 0;
2064 
2065  return policies_parse_exit_policy_internal(cfg,dest,ipv6_enabled,
2066  reject_private,
2067  configured_addresses,
2068  reject_local_interfaces,
2069  reject_local_interfaces,
2070  add_default,
2071  add_reduced);
2072 }
2073 
2074 /** Helper function that adds a copy of addr to a smartlist as long as it is
2075  * non-NULL and not tor_addr_is_null().
2076  *
2077  * The caller is responsible for freeing all the tor_addr_t* in the smartlist.
2078  */
2079 static void
2081 {
2082  if (addr && !tor_addr_is_null(addr)) {
2083  tor_addr_t *addr_copy = tor_malloc(sizeof(tor_addr_t));
2084  tor_addr_copy(addr_copy, addr);
2085  smartlist_add(addr_list, addr_copy);
2086  }
2087 }
2088 
2089 /** Helper function that adds ipv4h_addr to a smartlist as a tor_addr_t *,
2090  * as long as it is not tor_addr_is_null(), by converting it to a tor_addr_t
2091  * and passing it to policies_add_addr_to_smartlist.
2092  *
2093  * The caller is responsible for freeing all the tor_addr_t* in the smartlist.
2094  */
2095 static void
2096 policies_copy_ipv4h_to_smartlist(smartlist_t *addr_list, uint32_t ipv4h_addr)
2097 {
2098  if (ipv4h_addr) {
2099  tor_addr_t ipv4_tor_addr;
2100  tor_addr_from_ipv4h(&ipv4_tor_addr, ipv4h_addr);
2101  policies_copy_addr_to_smartlist(addr_list, &ipv4_tor_addr);
2102  }
2103 }
2104 
2105 /** Helper function that adds copies of or_options->OutboundBindAddresses
2106  * to a smartlist as tor_addr_t *, as long as or_options is non-NULL, and
2107  * the addresses are not tor_addr_is_null(), by passing them to
2108  * policies_add_addr_to_smartlist.
2109  *
2110  * The caller is responsible for freeing all the tor_addr_t* in the smartlist.
2111  */
2112 static void
2114  const or_options_t *or_options)
2115 {
2116  if (or_options) {
2117  for (int i=0;i<OUTBOUND_ADDR_MAX;i++) {
2118  for (int j=0;j<2;j++) {
2119  if (!tor_addr_is_null(&or_options->OutboundBindAddresses[i][j])) {
2121  &or_options->OutboundBindAddresses[i][j]);
2122  }
2123  }
2124  }
2125  }
2126 }
2127 
2128 /** Parse <b>ExitPolicy</b> member of <b>or_options</b> into <b>result</b>
2129  * smartlist.
2130  * If <b>or_options->IPv6Exit</b> is false, prepend an entry that
2131  * rejects all IPv6 destinations.
2132  *
2133  * If <b>or_options->ExitPolicyRejectPrivate</b> is true:
2134  * - prepend an entry that rejects all destinations in all netblocks reserved
2135  * for private use.
2136  * - if local_address is non-zero, treat it as a host-order IPv4 address, and
2137  * add it to the list of configured addresses.
2138  * - if ipv6_local_address is non-NULL, and not the null tor_addr_t, add it
2139  * to the list of configured addresses.
2140  * If <b>or_options->ExitPolicyRejectLocalInterfaces</b> is true:
2141  * - if or_options->OutboundBindAddresses[][0] (=IPv4) is not the null
2142  * tor_addr_t, add it to the list of configured addresses.
2143  * - if or_options->OutboundBindAddresses[][1] (=IPv6) is not the null
2144  * tor_addr_t, add it to the list of configured addresses.
2145  *
2146  * If <b>or_options->BridgeRelay</b> is false, append entries of default
2147  * Tor exit policy into <b>result</b> smartlist.
2148  *
2149  * If or_options->ExitRelay is false, or is auto without specifying an exit
2150  * policy, then make our exit policy into "reject *:*" regardless.
2151  */
2152 int
2154  uint32_t local_address,
2155  const tor_addr_t *ipv6_local_address,
2156  smartlist_t **result)
2157 {
2158  exit_policy_parser_cfg_t parser_cfg = 0;
2159  smartlist_t *configured_addresses = NULL;
2160  int rv = 0;
2161 
2162  /* Short-circuit for non-exit relays, or for relays where we didn't specify
2163  * ExitPolicy or ReducedExitPolicy or IPv6Exit and ExitRelay is auto. */
2164  if (or_options->ExitRelay == 0 ||
2165  policy_using_default_exit_options(or_options)) {
2166  append_exit_policy_string(result, "reject *4:*");
2167  append_exit_policy_string(result, "reject *6:*");
2168  return 0;
2169  }
2170 
2171  configured_addresses = smartlist_new();
2172 
2173  /* Configure the parser */
2174  if (or_options->IPv6Exit) {
2175  parser_cfg |= EXIT_POLICY_IPV6_ENABLED;
2176  }
2177 
2178  if (or_options->ExitPolicyRejectPrivate) {
2179  parser_cfg |= EXIT_POLICY_REJECT_PRIVATE;
2180  }
2181 
2182  if (!or_options->BridgeRelay) {
2183  if (or_options->ReducedExitPolicy)
2184  parser_cfg |= EXIT_POLICY_ADD_REDUCED;
2185  else
2186  parser_cfg |= EXIT_POLICY_ADD_DEFAULT;
2187  }
2188 
2189  if (or_options->ExitPolicyRejectLocalInterfaces) {
2190  parser_cfg |= EXIT_POLICY_REJECT_LOCAL_INTERFACES;
2191  }
2192 
2193  /* Copy the configured addresses into the tor_addr_t* list */
2194  if (or_options->ExitPolicyRejectPrivate) {
2195  policies_copy_ipv4h_to_smartlist(configured_addresses, local_address);
2196  policies_copy_addr_to_smartlist(configured_addresses, ipv6_local_address);
2197  }
2198 
2199  if (or_options->ExitPolicyRejectLocalInterfaces) {
2200  policies_copy_outbound_addresses_to_smartlist(configured_addresses,
2201  or_options);
2202  }
2203 
2204  rv = policies_parse_exit_policy(or_options->ExitPolicy, result, parser_cfg,
2205  configured_addresses);
2206 
2207  SMARTLIST_FOREACH(configured_addresses, tor_addr_t *, a, tor_free(a));
2208  smartlist_free(configured_addresses);
2209 
2210  return rv;
2211 }
2212 
2213 /** Add "reject *:*" to the end of the policy in *<b>dest</b>, allocating
2214  * *<b>dest</b> as needed. */
2215 void
2217 {
2218  append_exit_policy_string(dest, "reject *4:*");
2219  append_exit_policy_string(dest, "reject *6:*");
2220 }
2221 
2222 /** Replace the exit policy of <b>node</b> with reject *:* */
2223 void
2225 {
2226  node->rejects_all = 1;
2227 }
2228 
2229 /** Return 1 if there is at least one /8 subnet in <b>policy</b> that
2230  * allows exiting to <b>port</b>. Otherwise, return 0. */
2231 static int
2233 {
2234  uint32_t mask, ip, i;
2235  /* Is this /8 rejected (1), or undecided (0)? */
2236  char subnet_status[256];
2237 
2238  memset(subnet_status, 0, sizeof(subnet_status));
2239  SMARTLIST_FOREACH_BEGIN(policy, addr_policy_t *, p) {
2240  if (tor_addr_family(&p->addr) != AF_INET)
2241  continue; /* IPv4 only for now */
2242  if (p->prt_min > port || p->prt_max < port)
2243  continue; /* Doesn't cover our port. */
2244  mask = 0;
2245  tor_assert(p->maskbits <= 32);
2246 
2247  if (p->maskbits)
2248  mask = UINT32_MAX<<(32-p->maskbits);
2249  ip = tor_addr_to_ipv4h(&p->addr);
2250 
2251  /* Calculate the first and last subnet that this exit policy touches
2252  * and set it as loop boundaries. */
2253  for (i = ((mask & ip)>>24); i <= (~((mask & ip) ^ mask)>>24); ++i) {
2254  tor_addr_t addr;
2255  if (subnet_status[i] != 0)
2256  continue; /* We already reject some part of this /8 */
2257  tor_addr_from_ipv4h(&addr, i<<24);
2258  if (tor_addr_is_internal(&addr, 0) &&
2259  !get_options()->DirAllowPrivateAddresses) {
2260  continue; /* Local or non-routable addresses */
2261  }
2262  if (p->policy_type == ADDR_POLICY_ACCEPT) {
2263  if (p->maskbits > 8)
2264  continue; /* Narrower than a /8. */
2265  /* We found an allowed subnet of at least size /8. Done
2266  * for this port! */
2267  return 1;
2268  } else if (p->policy_type == ADDR_POLICY_REJECT) {
2269  subnet_status[i] = 1;
2270  }
2271  }
2272  } SMARTLIST_FOREACH_END(p);
2273  return 0;
2274 }
2275 
2276 /** Return true iff <b>ri</b> is "useful as an exit node", meaning
2277  * it allows exit to at least one /8 address space for each of ports 80
2278  * and 443. */
2279 int
2281 {
2282  if (!policy) /*XXXX disallow NULL policies? */
2283  return 0;
2284 
2285  return (exit_policy_is_general_exit_helper(policy, 80) &&
2286  exit_policy_is_general_exit_helper(policy, 443));
2287 }
2288 
2289 /** Return false if <b>policy</b> might permit access to some addr:port;
2290  * otherwise if we are certain it rejects everything, return true. If no
2291  * part of <b>policy</b> matches, return <b>default_reject</b>.
2292  * NULL policies are allowed, and treated as empty. */
2293 int
2295  int default_reject)
2296 {
2297  if (!policy)
2298  return default_reject;
2299  SMARTLIST_FOREACH_BEGIN(policy, const addr_policy_t *, p) {
2300  if (p->policy_type == ADDR_POLICY_ACCEPT &&
2301  (tor_addr_family(&p->addr) == family ||
2302  tor_addr_family(&p->addr) == AF_UNSPEC)) {
2303  return 0;
2304  } else if (p->policy_type == ADDR_POLICY_REJECT &&
2305  p->prt_min <= 1 && p->prt_max == 65535 &&
2306  p->maskbits == 0 &&
2307  (tor_addr_family(&p->addr) == family ||
2308  tor_addr_family(&p->addr) == AF_UNSPEC)) {
2309  return 1;
2310  }
2311  } SMARTLIST_FOREACH_END(p);
2312  return default_reject;
2313 }
2314 
2315 /** Write a single address policy to the buf_len byte buffer at buf. Return
2316  * the number of characters written, or -1 on failure. */
2317 int
2318 policy_write_item(char *buf, size_t buflen, const addr_policy_t *policy,
2319  int format_for_desc)
2320 {
2321  size_t written = 0;
2322  char addrbuf[TOR_ADDR_BUF_LEN];
2323  const char *addrpart;
2324  int result;
2325  const int is_accept = policy->policy_type == ADDR_POLICY_ACCEPT;
2326  const sa_family_t family = tor_addr_family(&policy->addr);
2327  const int is_ip6 = (family == AF_INET6);
2328 
2329  tor_addr_to_str(addrbuf, &policy->addr, sizeof(addrbuf), 1);
2330 
2331  /* write accept/reject 1.2.3.4 */
2332  if (policy->is_private) {
2333  addrpart = "private";
2334  } else if (policy->maskbits == 0) {
2335  if (format_for_desc)
2336  addrpart = "*";
2337  else if (family == AF_INET6)
2338  addrpart = "*6";
2339  else if (family == AF_INET)
2340  addrpart = "*4";
2341  else
2342  addrpart = "*";
2343  } else {
2344  addrpart = addrbuf;
2345  }
2346 
2347  result = tor_snprintf(buf, buflen, "%s%s %s",
2348  is_accept ? "accept" : "reject",
2349  (is_ip6&&format_for_desc)?"6":"",
2350  addrpart);
2351  if (result < 0)
2352  return -1;
2353  written += strlen(buf);
2354  /* If the maskbits is 32 (IPv4) or 128 (IPv6) we don't need to give it. If
2355  the mask is 0, we already wrote "*". */
2356  if (policy->maskbits < (is_ip6?128:32) && policy->maskbits > 0) {
2357  if (tor_snprintf(buf+written, buflen-written, "/%d", policy->maskbits)<0)
2358  return -1;
2359  written += strlen(buf+written);
2360  }
2361  if (policy->prt_min <= 1 && policy->prt_max == 65535) {
2362  /* There is no port set; write ":*" */
2363  if (written+4 > buflen)
2364  return -1;
2365  strlcat(buf+written, ":*", buflen-written);
2366  written += 2;
2367  } else if (policy->prt_min == policy->prt_max) {
2368  /* There is only one port; write ":80". */
2369  result = tor_snprintf(buf+written, buflen-written, ":%d", policy->prt_min);
2370  if (result<0)
2371  return -1;
2372  written += result;
2373  } else {
2374  /* There is a range of ports; write ":79-80". */
2375  result = tor_snprintf(buf+written, buflen-written, ":%d-%d",
2376  policy->prt_min, policy->prt_max);
2377  if (result<0)
2378  return -1;
2379  written += result;
2380  }
2381  if (written < buflen)
2382  buf[written] = '\0';
2383  else
2384  return -1;
2385 
2386  return (int)written;
2387 }
2388 
2389 /** Create a new exit policy summary, initially only with a single
2390  * port 1-64k item */
2391 /* XXXX This entire thing will do most stuff in O(N^2), or worse. Use an
2392  * RB-tree if that turns out to matter. */
2393 static smartlist_t *
2395 {
2396  smartlist_t *summary;
2397  policy_summary_item_t* item;
2398 
2399  item = tor_malloc_zero(sizeof(policy_summary_item_t));
2400  item->prt_min = 1;
2401  item->prt_max = 65535;
2402  item->reject_count = 0;
2403  item->accepted = 0;
2404 
2405  summary = smartlist_new();
2406  smartlist_add(summary, item);
2407 
2408  return summary;
2409 }
2410 
2411 /** Split the summary item in <b>item</b> at the port <b>new_starts</b>.
2412  * The current item is changed to end at new-starts - 1, the new item
2413  * copies reject_count and accepted from the old item,
2414  * starts at new_starts and ends at the port where the original item
2415  * previously ended.
2416  */
2417 static policy_summary_item_t*
2419 {
2420  policy_summary_item_t* new;
2421 
2422  new = tor_malloc_zero(sizeof(policy_summary_item_t));
2423  new->prt_min = new_starts;
2424  new->prt_max = old->prt_max;
2425  new->reject_count = old->reject_count;
2426  new->accepted = old->accepted;
2427 
2428  old->prt_max = new_starts-1;
2429 
2430  tor_assert(old->prt_min <= old->prt_max);
2431  tor_assert(new->prt_min <= new->prt_max);
2432  return new;
2433 }
2434 
2435 /* XXXX Nick says I'm going to hell for this. If he feels charitably towards
2436  * my immortal soul, he can clean it up himself. */
2437 #define AT(x) ((policy_summary_item_t*)smartlist_get(summary, x))
2438 
2439 #define IPV4_BITS (32)
2440 /* Every IPv4 address is counted as one rejection */
2441 #define REJECT_CUTOFF_SCALE_IPV4 (0)
2442 /* Ports are rejected in an IPv4 summary if they are rejected in more than two
2443  * IPv4 /8 address blocks */
2444 #define REJECT_CUTOFF_COUNT_IPV4 (UINT64_C(1) << \
2445  (IPV4_BITS - REJECT_CUTOFF_SCALE_IPV4 - 7))
2446 
2447 #define IPV6_BITS (128)
2448 /* IPv6 /64s are counted as one rejection, anything smaller is ignored */
2449 #define REJECT_CUTOFF_SCALE_IPV6 (64)
2450 /* Ports are rejected in an IPv6 summary if they are rejected in more than one
2451  * IPv6 /16 address block.
2452  * This is roughly equivalent to the IPv4 cutoff, as only five IPv6 /12s (and
2453  * some scattered smaller blocks) have been allocated to the RIRs.
2454  * Network providers are typically allocated one or more IPv6 /32s.
2455  */
2456 #define REJECT_CUTOFF_COUNT_IPV6 (UINT64_C(1) << \
2457  (IPV6_BITS - REJECT_CUTOFF_SCALE_IPV6 - 16))
2458 
2459 /** Split an exit policy summary so that prt_min and prt_max
2460  * fall at exactly the start and end of an item respectively.
2461  */
2462 static int
2464  uint16_t prt_min, uint16_t prt_max)
2465 {
2466  int start_at_index;
2467 
2468  int i = 0;
2469 
2470  while (AT(i)->prt_max < prt_min)
2471  i++;
2472  if (AT(i)->prt_min != prt_min) {
2473  policy_summary_item_t* new_item;
2474  new_item = policy_summary_item_split(AT(i), prt_min);
2475  smartlist_insert(summary, i+1, new_item);
2476  i++;
2477  }
2478  start_at_index = i;
2479 
2480  while (AT(i)->prt_max < prt_max)
2481  i++;
2482  if (AT(i)->prt_max != prt_max) {
2483  policy_summary_item_t* new_item;
2484  new_item = policy_summary_item_split(AT(i), prt_max+1);
2485  smartlist_insert(summary, i+1, new_item);
2486  }
2487 
2488  return start_at_index;
2489 }
2490 
2491 /** Mark port ranges as accepted if they are below the reject_count for family
2492  */
2493 static void
2495  uint16_t prt_min, uint16_t prt_max,
2496  sa_family_t family)
2497 {
2498  tor_assert_nonfatal_once(family == AF_INET || family == AF_INET6);
2499  uint64_t family_reject_count = ((family == AF_INET) ?
2500  REJECT_CUTOFF_COUNT_IPV4 :
2501  REJECT_CUTOFF_COUNT_IPV6);
2502 
2503  int i = policy_summary_split(summary, prt_min, prt_max);
2504  while (i < smartlist_len(summary) &&
2505  AT(i)->prt_max <= prt_max) {
2506  if (!AT(i)->accepted &&
2507  AT(i)->reject_count <= family_reject_count)
2508  AT(i)->accepted = 1;
2509  i++;
2510  }
2511  tor_assert(i < smartlist_len(summary) || prt_max==65535);
2512 }
2513 
2514 /** Count the number of addresses in a network in family with prefixlen
2515  * maskbits against the given portrange. */
2516 static void
2518  maskbits_t maskbits,
2519  uint16_t prt_min, uint16_t prt_max,
2520  sa_family_t family)
2521 {
2522  tor_assert_nonfatal_once(family == AF_INET || family == AF_INET6);
2523 
2524  int i = policy_summary_split(summary, prt_min, prt_max);
2525 
2526  /* The length of a single address mask */
2527  int addrbits = (family == AF_INET) ? IPV4_BITS : IPV6_BITS;
2528  tor_assert_nonfatal_once(addrbits >= maskbits);
2529 
2530  /* We divide IPv6 address counts by (1 << scale) to keep them in a uint64_t
2531  */
2532  int scale = ((family == AF_INET) ?
2533  REJECT_CUTOFF_SCALE_IPV4 :
2534  REJECT_CUTOFF_SCALE_IPV6);
2535 
2536  tor_assert_nonfatal_once(addrbits >= scale);
2537  if (maskbits > (addrbits - scale)) {
2538  tor_assert_nonfatal_once(family == AF_INET6);
2539  /* The address range is so small, we'd need billions of them to reach the
2540  * rejection limit. So we ignore this range in the reject count. */
2541  return;
2542  }
2543 
2544  uint64_t count = 0;
2545  if (addrbits - scale - maskbits >= 64) {
2546  tor_assert_nonfatal_once(family == AF_INET6);
2547  /* The address range is so large, it's an automatic rejection for all ports
2548  * in the range. */
2549  count = UINT64_MAX;
2550  } else {
2551  count = (UINT64_C(1) << (addrbits - scale - maskbits));
2552  }
2553  tor_assert_nonfatal_once(count > 0);
2554  while (i < smartlist_len(summary) &&
2555  AT(i)->prt_max <= prt_max) {
2556  if (AT(i)->reject_count <= UINT64_MAX - count) {
2557  AT(i)->reject_count += count;
2558  } else {
2559  /* IPv4 would require a 4-billion address redundant policy to get here,
2560  * but IPv6 just needs to have ::/0 */
2561  if (family == AF_INET) {
2562  tor_assert_nonfatal_unreached_once();
2563  }
2564  /* If we do get here, use saturating arithmetic */
2565  AT(i)->reject_count = UINT64_MAX;
2566  }
2567  i++;
2568  }
2569  tor_assert(i < smartlist_len(summary) || prt_max==65535);
2570 }
2571 
2572 /** Add a single exit policy item to our summary:
2573  *
2574  * If it is an accept, ignore it unless it is for all IP addresses
2575  * ("*", i.e. its prefixlen/maskbits is 0). Otherwise call
2576  * policy_summary_accept().
2577  *
2578  * If it is a reject, ignore it if it is about one of the private
2579  * networks. Otherwise call policy_summary_reject().
2580  */
2581 static void
2583 {
2584  if (p->policy_type == ADDR_POLICY_ACCEPT) {
2585  if (p->maskbits == 0) {
2586  policy_summary_accept(summary, p->prt_min, p->prt_max, p->addr.family);
2587  }
2588  } else if (p->policy_type == ADDR_POLICY_REJECT) {
2589 
2590  int is_private = 0;
2591  int i;
2592  for (i = 0; private_nets[i]; ++i) {
2593  tor_addr_t addr;
2594  maskbits_t maskbits;
2595  if (tor_addr_parse_mask_ports(private_nets[i], 0, &addr,
2596  &maskbits, NULL, NULL)<0) {
2597  tor_assert(0);
2598  }
2599  if (tor_addr_compare(&p->addr, &addr, CMP_EXACT) == 0 &&
2600  p->maskbits == maskbits) {
2601  is_private = 1;
2602  break;
2603  }
2604  }
2605 
2606  if (!is_private) {
2607  policy_summary_reject(summary, p->maskbits, p->prt_min, p->prt_max,
2608  p->addr.family);
2609  }
2610  } else
2611  tor_assert(0);
2612 }
2613 
2614 /** Create a string representing a summary for an exit policy.
2615  * The summary will either be an "accept" plus a comma-separated list of port
2616  * ranges or a "reject" plus port-ranges, depending on which is shorter.
2617  *
2618  * If no exits are allowed at all then "reject 1-65535" is returned. If no
2619  * ports are blocked instead of "reject " we return "accept 1-65535". (These
2620  * are an exception to the shorter-representation-wins rule).
2621  */
2622 char *
2624 {
2625  smartlist_t *summary = policy_summary_create();
2626  smartlist_t *accepts, *rejects;
2627  int i, last, start_prt;
2628  size_t accepts_len, rejects_len;
2629  char *accepts_str = NULL, *rejects_str = NULL, *shorter_str, *result;
2630  const char *prefix;
2631 
2632  tor_assert(policy);
2633 
2634  /* Create the summary list */
2635  SMARTLIST_FOREACH_BEGIN(policy, addr_policy_t *, p) {
2636  sa_family_t f = tor_addr_family(&p->addr);
2637  if (f != AF_INET && f != AF_INET6) {
2638  log_warn(LD_BUG, "Weird family when summarizing address policy");
2639  }
2640  if (f != family)
2641  continue;
2642  policy_summary_add_item(summary, p);
2643  } SMARTLIST_FOREACH_END(p);
2644 
2645  /* Now create two lists of strings, one for accepted and one
2646  * for rejected ports. We take care to merge ranges so that
2647  * we avoid getting stuff like "1-4,5-9,10", instead we want
2648  * "1-10"
2649  */
2650  i = 0;
2651  start_prt = 1;
2652  accepts = smartlist_new();
2653  rejects = smartlist_new();
2654  while (1) {
2655  last = i == smartlist_len(summary)-1;
2656  if (last ||
2657  AT(i)->accepted != AT(i+1)->accepted) {
2658  char buf[POLICY_BUF_LEN];
2659 
2660  if (start_prt == AT(i)->prt_max)
2661  tor_snprintf(buf, sizeof(buf), "%d", start_prt);
2662  else
2663  tor_snprintf(buf, sizeof(buf), "%d-%d", start_prt, AT(i)->prt_max);
2664 
2665  if (AT(i)->accepted)
2666  smartlist_add_strdup(accepts, buf);
2667  else
2668  smartlist_add_strdup(rejects, buf);
2669 
2670  if (last)
2671  break;
2672 
2673  start_prt = AT(i+1)->prt_min;
2674  };
2675  i++;
2676  };
2677 
2678  /* Figure out which of the two stringlists will be shorter and use
2679  * that to build the result
2680  */
2681  if (smartlist_len(accepts) == 0) { /* no exits at all */
2682  result = tor_strdup("reject 1-65535");
2683  goto cleanup;
2684  }
2685  if (smartlist_len(rejects) == 0) { /* no rejects at all */
2686  result = tor_strdup("accept 1-65535");
2687  goto cleanup;
2688  }
2689 
2690  accepts_str = smartlist_join_strings(accepts, ",", 0, &accepts_len);
2691  rejects_str = smartlist_join_strings(rejects, ",", 0, &rejects_len);
2692 
2693  if (rejects_len > MAX_EXITPOLICY_SUMMARY_LEN-strlen("reject")-1 &&
2694  accepts_len > MAX_EXITPOLICY_SUMMARY_LEN-strlen("accept")-1) {
2695  char *c;
2696  shorter_str = accepts_str;
2697  prefix = "accept";
2698 
2699  c = shorter_str + (MAX_EXITPOLICY_SUMMARY_LEN-strlen(prefix)-1);
2700  while (*c != ',' && c >= shorter_str)
2701  c--;
2702  tor_assert(c >= shorter_str);
2703  tor_assert(*c == ',');
2704  *c = '\0';
2705 
2706  } else if (rejects_len < accepts_len) {
2707  shorter_str = rejects_str;
2708  prefix = "reject";
2709  } else {
2710  shorter_str = accepts_str;
2711  prefix = "accept";
2712  }
2713 
2714  tor_asprintf(&result, "%s %s", prefix, shorter_str);
2715 
2716  cleanup:
2717  /* cleanup */
2719  smartlist_free(summary);
2720 
2721  tor_free(accepts_str);
2722  SMARTLIST_FOREACH(accepts, char *, s, tor_free(s));
2723  smartlist_free(accepts);
2724 
2725  tor_free(rejects_str);
2726  SMARTLIST_FOREACH(rejects, char *, s, tor_free(s));
2727  smartlist_free(rejects);
2728 
2729  return result;
2730 }
2731 
2732 /** Convert a summarized policy string into a short_policy_t. Return NULL
2733  * if the string is not well-formed. */
2735 parse_short_policy(const char *summary)
2736 {
2737  const char *orig_summary = summary;
2738  short_policy_t *result;
2739  int is_accept;
2740  int n_entries;
2741  short_policy_entry_t entries[MAX_EXITPOLICY_SUMMARY_LEN]; /* overkill */
2742  char *next;
2743 
2744  if (!strcmpstart(summary, "accept ")) {
2745  is_accept = 1;
2746  summary += strlen("accept ");
2747  } else if (!strcmpstart(summary, "reject ")) {
2748  is_accept = 0;
2749  summary += strlen("reject ");
2750  } else {
2751  log_fn(LOG_PROTOCOL_WARN, LD_DIR, "Unrecognized policy summary keyword");
2752  return NULL;
2753  }
2754 
2755  n_entries = 0;
2756  for ( ; *summary; summary = next) {
2757  if (n_entries == MAX_EXITPOLICY_SUMMARY_LEN) {
2758  log_fn(LOG_PROTOCOL_WARN, LD_DIR, "Impossibly long policy summary %s",
2759  escaped(orig_summary));
2760  return NULL;
2761  }
2762 
2763  unsigned low, high;
2764  int ok;
2765  low = (unsigned) tor_parse_ulong(summary, 10, 1, 65535, &ok, &next);
2766  if (!ok) {
2767  if (! TOR_ISDIGIT(*summary) || *summary == ',') {
2768  /* Unrecognized format: skip it. */
2769  goto skip_ent;
2770  } else {
2771  goto bad_ent;
2772  }
2773  }
2774 
2775  switch (*next) {
2776  case ',':
2777  ++next;
2778  FALLTHROUGH;
2779  case '\0':
2780  high = low;
2781  break;
2782  case '-':
2783  high = (unsigned) tor_parse_ulong(next+1, 10, low, 65535, &ok, &next);
2784  if (!ok)
2785  goto bad_ent;
2786 
2787  if (*next == ',')
2788  ++next;
2789  else if (*next != '\0')
2790  goto bad_ent;
2791 
2792  break;
2793  default:
2794  goto bad_ent;
2795  }
2796 
2797  entries[n_entries].min_port = low;
2798  entries[n_entries].max_port = high;
2799  n_entries++;
2800 
2801  continue;
2802  skip_ent:
2803  next = strchr(next, ',');
2804  if (!next)
2805  break;
2806  ++next;
2807  }
2808 
2809  if (n_entries == 0) {
2810  log_fn(LOG_PROTOCOL_WARN, LD_DIR,
2811  "Found no port-range entries in summary %s", escaped(orig_summary));
2812  return NULL;
2813  }
2814 
2815  {
2816  size_t size = offsetof(short_policy_t, entries) +
2817  sizeof(short_policy_entry_t)*(n_entries);
2818  result = tor_malloc_zero(size);
2819 
2820  tor_assert( (char*)&result->entries[n_entries-1] < ((char*)result)+size);
2821  }
2822 
2823  result->is_accept = is_accept;
2824  result->n_entries = n_entries;
2825  memcpy(result->entries, entries, sizeof(short_policy_entry_t)*n_entries);
2826  return result;
2827 
2828  bad_ent:
2829  log_fn(LOG_PROTOCOL_WARN, LD_DIR,"Found bad entry in policy summary %s",
2830  escaped(orig_summary));
2831  return NULL;
2832 }
2833 
2834 /** Write <b>policy</b> back out into a string. */
2835 char *
2837 {
2838  int i;
2839  char *answer;
2840  smartlist_t *sl = smartlist_new();
2841 
2842  smartlist_add_asprintf(sl, "%s", policy->is_accept ? "accept " : "reject ");
2843 
2844  for (i=0; i < policy->n_entries; i++) {
2845  const short_policy_entry_t *e = &policy->entries[i];
2846  if (e->min_port == e->max_port) {
2847  smartlist_add_asprintf(sl, "%d", e->min_port);
2848  } else {
2849  smartlist_add_asprintf(sl, "%d-%d", e->min_port, e->max_port);
2850  }
2851  if (i < policy->n_entries-1)
2852  smartlist_add_strdup(sl, ",");
2853  }
2854  answer = smartlist_join_strings(sl, "", 0, NULL);
2855  SMARTLIST_FOREACH(sl, char *, a, tor_free(a));
2856  smartlist_free(sl);
2857  return answer;
2858 }
2859 
2860 /** Release all storage held in <b>policy</b>. */
2861 void
2863 {
2864  tor_free(policy);
2865 }
2866 
2867 /** See whether the <b>addr</b>:<b>port</b> address is likely to be accepted
2868  * or rejected by the summarized policy <b>policy</b>. Return values are as
2869  * for compare_tor_addr_to_addr_policy. Unlike the regular addr_policy
2870  * functions, requires the <b>port</b> be specified. */
2873  const short_policy_t *policy)
2874 {
2875  int i;
2876  int found_match = 0;
2877  int accept_;
2878 
2879  tor_assert(port != 0);
2880 
2881  if (addr && tor_addr_is_null(addr))
2882  addr = NULL; /* Unspec means 'no address at all,' in this context. */
2883 
2884  if (addr && get_options()->ClientRejectInternalAddresses &&
2885  (tor_addr_is_internal(addr, 0) || tor_addr_is_loopback(addr)))
2886  return ADDR_POLICY_REJECTED;
2887 
2888  for (i=0; i < policy->n_entries; ++i) {
2889  const short_policy_entry_t *e = &policy->entries[i];
2890  if (e->min_port <= port && port <= e->max_port) {
2891  found_match = 1;
2892  break;
2893  }
2894  }
2895 
2896  if (found_match)
2897  accept_ = policy->is_accept;
2898  else
2899  accept_ = ! policy->is_accept;
2900 
2901  /* ???? are these right? -NM */
2902  /* We should be sure not to return ADDR_POLICY_ACCEPTED in the accept
2903  * case here, because it would cause clients to believe that the node
2904  * allows exit enclaving. Trying it anyway would open up a cool attack
2905  * where the node refuses due to exitpolicy, the client reacts in
2906  * surprise by rewriting the node's exitpolicy to reject *:*, and then
2907  * an adversary targets users by causing them to attempt such connections
2908  * to 98% of the exits.
2909  *
2910  * Once microdescriptors can handle addresses in special cases (e.g. if
2911  * we ever solve ticket 1774), we can provide certainty here. -RD */
2912  if (accept_)
2914  else
2915  return ADDR_POLICY_REJECTED;
2916 }
2917 
2918 /** Return true iff <b>policy</b> seems reject all ports */
2919 int
2921 {
2922  /* This doesn't need to be as much on the lookout as policy_is_reject_star,
2923  * since policy summaries are from the consensus or from consensus
2924  * microdescs.
2925  */
2926  tor_assert(policy);
2927  /* Check for an exact match of "reject 1-65535". */
2928  return (policy->is_accept == 0 && policy->n_entries == 1 &&
2929  policy->entries[0].min_port == 1 &&
2930  policy->entries[0].max_port == 65535);
2931 }
2932 
2933 /** Decide whether addr:port is probably or definitely accepted or rejected by
2934  * <b>node</b>. See compare_tor_addr_to_addr_policy for details on addr/port
2935  * interpretation. */
2937 compare_tor_addr_to_node_policy(const tor_addr_t *addr, uint16_t port,
2938  const node_t *node)
2939 {
2940  if (node->rejects_all)
2941  return ADDR_POLICY_REJECTED;
2942 
2943  if (addr && tor_addr_family(addr) == AF_INET6) {
2944  const short_policy_t *p = NULL;
2945  if (node->ri)
2946  p = node->ri->ipv6_exit_policy;
2947  else if (node->md)
2948  p = node->md->ipv6_exit_policy;
2949  if (p)
2950  return compare_tor_addr_to_short_policy(addr, port, p);
2951  else
2952  return ADDR_POLICY_REJECTED;
2953  }
2954 
2955  if (node->ri) {
2956  return compare_tor_addr_to_addr_policy(addr, port, node->ri->exit_policy);
2957  } else if (node->md) {
2958  if (node->md->exit_policy == NULL)
2959  return ADDR_POLICY_REJECTED;
2960  else
2961  return compare_tor_addr_to_short_policy(addr, port,
2962  node->md->exit_policy);
2963  } else {
2965  }
2966 }
2967 
2968 /**
2969  * Given <b>policy_list</b>, a list of addr_policy_t, produce a string
2970  * representation of the list.
2971  * If <b>include_ipv4</b> is true, include IPv4 entries.
2972  * If <b>include_ipv6</b> is true, include IPv6 entries.
2973  */
2974 char *
2976  int include_ipv4,
2977  int include_ipv6)
2978 {
2979  smartlist_t *policy_string_list;
2980  char *policy_string = NULL;
2981 
2982  policy_string_list = smartlist_new();
2983 
2984  SMARTLIST_FOREACH_BEGIN(policy_list, addr_policy_t *, tmpe) {
2985  char *pbuf;
2986  int bytes_written_to_pbuf;
2987  if ((tor_addr_family(&tmpe->addr) == AF_INET6) && (!include_ipv6)) {
2988  continue; /* Don't include IPv6 parts of address policy */
2989  }
2990  if ((tor_addr_family(&tmpe->addr) == AF_INET) && (!include_ipv4)) {
2991  continue; /* Don't include IPv4 parts of address policy */
2992  }
2993 
2994  pbuf = tor_malloc(POLICY_BUF_LEN);
2995  bytes_written_to_pbuf = policy_write_item(pbuf,POLICY_BUF_LEN, tmpe, 1);
2996 
2997  if (bytes_written_to_pbuf < 0) {
2998  log_warn(LD_BUG, "policy_dump_to_string ran out of room!");
2999  tor_free(pbuf);
3000  goto done;
3001  }
3002 
3003  smartlist_add(policy_string_list,pbuf);
3004  } SMARTLIST_FOREACH_END(tmpe);
3005 
3006  policy_string = smartlist_join_strings(policy_string_list, "\n", 0, NULL);
3007 
3008  done:
3009  SMARTLIST_FOREACH(policy_string_list, char *, str, tor_free(str));
3010  smartlist_free(policy_string_list);
3011 
3012  return policy_string;
3013 }
3014 
3015 /** Implementation for GETINFO control command: knows the answer for questions
3016  * about "exit-policy/..." */
3017 int
3019  const char *question, char **answer,
3020  const char **errmsg)
3021 {
3022  (void) conn;
3023  (void) errmsg;
3024  if (!strcmp(question, "exit-policy/default")) {
3025  *answer = tor_strdup(DEFAULT_EXIT_POLICY);
3026  } else if (!strcmp(question, "exit-policy/reject-private/default")) {
3027  smartlist_t *private_policy_strings;
3028  const char **priv = private_nets;
3029 
3030  private_policy_strings = smartlist_new();
3031 
3032  while (*priv != NULL) {
3033  /* IPv6 addresses are in "[]" and contain ":",
3034  * IPv4 addresses are not in "[]" and contain "." */
3035  smartlist_add_asprintf(private_policy_strings, "reject %s:*", *priv);
3036  priv++;
3037  }
3038 
3039  *answer = smartlist_join_strings(private_policy_strings,
3040  ",", 0, NULL);
3041 
3042  SMARTLIST_FOREACH(private_policy_strings, char *, str, tor_free(str));
3043  smartlist_free(private_policy_strings);
3044  } else if (!strcmp(question, "exit-policy/reject-private/relay")) {
3045  const or_options_t *options = get_options();
3046  int err = 0;
3048 
3049  if (!me) {
3050  *errmsg = routerinfo_err_to_string(err);
3051  return routerinfo_err_is_transient(err) ? -1 : 0;
3052  }
3053 
3054  if (!options->ExitPolicyRejectPrivate &&
3055  !options->ExitPolicyRejectLocalInterfaces) {
3056  *answer = tor_strdup("");
3057  return 0;
3058  }
3059 
3060  smartlist_t *private_policy_list = smartlist_new();
3061  smartlist_t *configured_addresses = smartlist_new();
3062 
3063  /* Copy the configured addresses into the tor_addr_t* list */
3064  if (options->ExitPolicyRejectPrivate) {
3065  policies_copy_ipv4h_to_smartlist(configured_addresses, me->addr);
3066  policies_copy_addr_to_smartlist(configured_addresses, &me->ipv6_addr);
3067  }
3068 
3069  if (options->ExitPolicyRejectLocalInterfaces) {
3070  policies_copy_outbound_addresses_to_smartlist(configured_addresses,
3071  options);
3072  }
3073 
3075  &private_policy_list,
3076  options->IPv6Exit,
3077  configured_addresses,
3080  *answer = policy_dump_to_string(private_policy_list, 1, 1);
3081 
3082  addr_policy_list_free(private_policy_list);
3083  SMARTLIST_FOREACH(configured_addresses, tor_addr_t *, a, tor_free(a));
3084  smartlist_free(configured_addresses);
3085  } else if (!strcmpstart(question, "exit-policy/")) {
3086  int include_ipv4 = 0;
3087  int include_ipv6 = 0;
3088 
3089  int err = 0;
3091 
3092  if (!me) {
3093  *errmsg = routerinfo_err_to_string(err);
3094  return routerinfo_err_is_transient(err) ? -1 : 0;
3095  }
3096 
3097  if (!strcmp(question, "exit-policy/ipv4")) {
3098  include_ipv4 = 1;
3099  } else if (!strcmp(question, "exit-policy/ipv6")) {
3100  include_ipv6 = 1;
3101  } else if (!strcmp(question, "exit-policy/full")) {
3102  include_ipv4 = include_ipv6 = 1;
3103  } else {
3104  return 0; /* No such key. */
3105  }
3106 
3107  *answer = router_dump_exit_policy_to_string(me,include_ipv4,
3108  include_ipv6);
3109  }
3110 
3111  return 0;
3112 }
3113 
3114 /** Release all storage held by <b>p</b>. */
3115 void
3117 {
3118  if (!lst)
3119  return;
3120  SMARTLIST_FOREACH(lst, addr_policy_t *, policy, addr_policy_free(policy));
3121  smartlist_free(lst);
3122 }
3123 
3124 /** Release all storage held by <b>p</b>. */
3125 void
3127 {
3128  if (!p)
3129  return;
3130 
3131  if (--p->refcnt <= 0) {
3132  if (p->is_canonical) {
3133  policy_map_ent_t search, *found;
3134  search.policy = p;
3135  found = HT_REMOVE(policy_map, &policy_root, &search);
3136  if (found) {
3137  tor_assert(p == found->policy);
3138  tor_free(found);
3139  }
3140  }
3141  tor_free(p);
3142  }
3143 }
3144 
3145 /** Release all storage held by policy variables. */
3146 void
3148 {
3149  addr_policy_list_free(reachable_or_addr_policy);
3150  reachable_or_addr_policy = NULL;
3151  addr_policy_list_free(reachable_dir_addr_policy);
3153  addr_policy_list_free(socks_policy);
3154  socks_policy = NULL;
3155  addr_policy_list_free(dir_policy);
3156  dir_policy = NULL;
3157  addr_policy_list_free(authdir_reject_policy);
3158  authdir_reject_policy = NULL;
3159  addr_policy_list_free(authdir_invalid_policy);
3160  authdir_invalid_policy = NULL;
3161  addr_policy_list_free(authdir_badexit_policy);
3162  authdir_badexit_policy = NULL;
3163 
3164  if (!HT_EMPTY(&policy_root)) {
3165  policy_map_ent_t **ent;
3166  int n = 0;
3167  char buf[POLICY_BUF_LEN];
3168 
3169  log_warn(LD_MM, "Still had %d address policies cached at shutdown.",
3170  (int)HT_SIZE(&policy_root));
3171 
3172  /* Note the first 10 cached policies to try to figure out where they
3173  * might be coming from. */
3174  HT_FOREACH(ent, policy_map, &policy_root) {
3175  if (++n > 10)
3176  break;
3177  if (policy_write_item(buf, sizeof(buf), (*ent)->policy, 0) >= 0)
3178  log_warn(LD_MM," %d [%d]: %s", n, (*ent)->policy->refcnt, buf);
3179  }
3180  }
3181  HT_CLEAR(policy_map, &policy_root);
3182 }
log_fn
#define log_fn(severity, domain, args,...)
Definition: log.h:287
country_t
int16_t country_t
Definition: country.h:17
microdesc_t
Definition: microdesc_st.h:27
short_policy_t::n_entries
unsigned int n_entries
Definition: policies.h:62
socks_policy_permits_address
int socks_policy_permits_address(const tor_addr_t *addr)
Definition: policies.c:1119
router_parse_addr_policy_item_from_string
addr_policy_t * router_parse_addr_policy_item_from_string(const char *s, int assume_action, int *malformed_list)
Definition: policy_parse.c:44
routermode.h
Header file for routermode.c.
tor_addr_compare
int tor_addr_compare(const tor_addr_t *addr1, const tor_addr_t *addr2, tor_addr_comparison_t how)
Definition: address.c:975
tor_free
#define tor_free(p)
Definition: malloc.h:52
routerinfo_t
Definition: routerinfo_st.h:20
policy_summary_item_t::reject_count
uint64_t reject_count
Definition: policies.c:72
dir_server_st.h
Trusted/fallback directory server structure.
fascist_firewall_allows_dir_server
int fascist_firewall_allows_dir_server(const dir_server_t *ds, firewall_connection_t fw_connection, int pref_only)
Definition: policies.c:758
tor_free_
void tor_free_(void *mem)
Definition: malloc.c:227
smartlist_split_string
int smartlist_split_string(smartlist_t *sl, const char *str, const char *sep, int flags, int max)
Definition: smartlist_split.c:37
tor_addr_family
static sa_family_t tor_addr_family(const tor_addr_t *a)
Definition: address.h:186
dir_policy_permits_address
int dir_policy_permits_address(const tor_addr_t *addr)
Definition: policies.c:1110
routerinfo_err_to_string
const char * routerinfo_err_to_string(int err)
Definition: router.c:143
ADDR_POLICY_PROBABLY_REJECTED
@ ADDR_POLICY_PROBABLY_REJECTED
Definition: policies.h:48
or_options_t::ClientUseIPv6
int ClientUseIPv6
Definition: or_options_st.h:653
fascist_firewall_prefer_ipv6_orport
int fascist_firewall_prefer_ipv6_orport(const or_options_t *options)
Definition: policies.c:498
tor_addr_make_null
void tor_addr_make_null(tor_addr_t *a, sa_family_t family)
Definition: address.c:235
or_options_t::IPv6Exit
int IPv6Exit
Definition: or_options_st.h:896
name
const char * name
Definition: config.c:2440
or_options_t::DirPolicy
struct config_line_t * DirPolicy
Definition: or_options_st.h:114
smartlist_insert
void smartlist_insert(smartlist_t *sl, int idx, void *val)
Definition: smartlist_core.c:244
or_options_t::ReachableAddresses
struct config_line_t * ReachableAddresses
Definition: or_options_st.h:312
addr_policy_free_
void addr_policy_free_(addr_policy_t *p)
Definition: policies.c:3126
exit_policy_is_general_exit_helper
static int exit_policy_is_general_exit_helper(smartlist_t *policy, int port)
Definition: policies.c:2232
short_policy_t
Definition: policies.h:57
tor_addr_copy_tight
void tor_addr_copy_tight(tor_addr_t *dest, const tor_addr_t *src)
Definition: address.c:938
tor_addr_t
Definition: address.h:68
compare_tor_addr_to_addr_policy
addr_policy_result_t compare_tor_addr_to_addr_policy(const tor_addr_t *addr, uint16_t port, const smartlist_t *policy)
Definition: policies.c:1550
smartlist_add_strdup
void smartlist_add_strdup(struct smartlist_t *sl, const char *string)
Definition: smartlist_core.c:137
fascist_firewall_allows_ri_impl
static int fascist_firewall_allows_ri_impl(const routerinfo_t *ri, firewall_connection_t fw_connection, int pref_only, int pref_ipv6)
Definition: policies.c:635
firewall_is_fascist_or
int firewall_is_fascist_or(void)
Definition: policies.c:354
or_options_t::BridgeRelay
int BridgeRelay
Definition: or_options_st.h:228
parse_reachable_addresses
static int parse_reachable_addresses(void)
Definition: policies.c:257
ADDR_POLICY_REJECTED
@ ADDR_POLICY_REJECTED
Definition: policies.h:42
MOCK_IMPL
#define MOCK_IMPL(rv, funcname, arglist)
Definition: testsupport.h:133
tor_addr_to_str
const char * tor_addr_to_str(char *dest, const tor_addr_t *addr, size_t len, int decorate)
Definition: address.c:328
addr_policy_t::prt_min
uint16_t prt_min
Definition: addr_policy_st.h:47
policy_dump_to_string
char * policy_dump_to_string(const smartlist_t *policy_list, int include_ipv4, int include_ipv6)
Definition: policies.c:2975
node_get_prim_dirport
void node_get_prim_dirport(const node_t *node, tor_addr_port_t *ap_out)
Definition: nodelist.c:1822
port_cfg_st.h
Listener port configuration structure.
addr_policy_st.h
Address policy structures.
tor_assert
#define tor_assert(expr)
Definition: util_bug.h:102
microdesc.h
Header file for microdesc.c.
LD_BUG
#define LD_BUG
Definition: log.h:86
fascist_firewall_allows_rs_impl
static int fascist_firewall_allows_rs_impl(const routerstatus_t *rs, firewall_connection_t fw_connection, int pref_only, int pref_ipv6)
Definition: policies.c:652
router.h
Header file for router.c.
routerinfo_t::ipv6_exit_policy
struct short_policy_t * ipv6_exit_policy
Definition: routerinfo_st.h:62
validate_addr_policies
int validate_addr_policies(const or_options_t *options, char **msg)
Definition: policies.c:1191
addr_policy_append_reject_addr
void addr_policy_append_reject_addr(smartlist_t **dest, const tor_addr_t *addr)
Definition: policies.c:1631
or_options_t::ReducedExitPolicy
int ReducedExitPolicy
Definition: or_options_st.h:112
addr_policy_t::refcnt
int refcnt
Definition: addr_policy_st.h:27
LD_MM
#define LD_MM
Definition: log.h:74
smartlist_add_all
void smartlist_add_all(smartlist_t *s1, const smartlist_t *s2)
Definition: smartlist_core.c:125
or_options_t::ClientPreferIPv6ORPort
int ClientPreferIPv6ORPort
Definition: or_options_st.h:658
smartlist_del_keeporder
void smartlist_del_keeporder(smartlist_t *sl, int idx)
Definition: smartlist_core.c:228
fascist_firewall_prefer_ipv6_impl
static int fascist_firewall_prefer_ipv6_impl(const or_options_t *options)
Definition: policies.c:474
fascist_firewall_allows_address_addr
int fascist_firewall_allows_address_addr(const tor_addr_t *addr, uint16_t port, firewall_connection_t fw_connection, int pref_only, int pref_ipv6)
Definition: policies.c:544
addr_policy_intersects
static int addr_policy_intersects(addr_policy_t *a, addr_policy_t *b)
Definition: policies.c:1596
tor_reallocarray_
void * tor_reallocarray_(void *ptr, size_t sz1, size_t sz2)
Definition: malloc.c:146
get_interface_address6_list
smartlist_t * get_interface_address6_list(int severity, sa_family_t family, int include_internal)
Definition: address.c:1732
addr_policy_permits_address
static int addr_policy_permits_address(uint32_t addr, uint16_t port, smartlist_t *policy)
Definition: policies.c:397
node_get_by_id
const node_t * node_get_by_id(const char *identity_digest)
Definition: nodelist.c:223
compare_known_tor_addr_to_addr_policy_noport
static addr_policy_result_t compare_known_tor_addr_to_addr_policy_noport(const tor_addr_t *addr, const smartlist_t *policy)
Definition: policies.c:1455
smartlist_add
void smartlist_add(smartlist_t *sl, void *element)
Definition: smartlist_core.c:117
reachable_or_addr_policy
static smartlist_t * reachable_or_addr_policy
Definition: policies.c:63
node_ipv6_dir_preferred
int node_ipv6_dir_preferred(const node_t *node)
Definition: nodelist.c:1799
dir_policy
static smartlist_t * dir_policy
Definition: policies.c:50
tor_addr_from_ipv6_bytes
void tor_addr_from_ipv6_bytes(tor_addr_t *dest, const uint8_t *ipv6_bytes)
Definition: address.c:891
authdir_policy_permits_address
int authdir_policy_permits_address(uint32_t addr, uint16_t port)
Definition: policies.c:1146
policies_copy_outbound_addresses_to_smartlist
static void policies_copy_outbound_addresses_to_smartlist(smartlist_t *addr_list, const or_options_t *or_options)
Definition: policies.c:2113
routerstatus_t
Definition: routerstatus_st.h:19
load_policy_from_option
static int load_policy_from_option(config_line_t *config, const char *option_name, smartlist_t **policy, int assume_action)
Definition: policies.c:1251
TOR_ADDR_BUF_LEN
#define TOR_ADDR_BUF_LEN
Definition: address.h:214
authdir_policy_badexit_address
int authdir_policy_badexit_address(uint32_t addr, uint16_t port)
Definition: policies.c:1168
smartlist_new
smartlist_t * smartlist_new(void)
Definition: smartlist_core.c:26
policy_summary_item_t
Definition: policies.c:69
tor_snprintf
int tor_snprintf(char *str, size_t size, const char *format,...)
Definition: printf.c:27
routerinfo_t::ipv6_addr
tor_addr_t ipv6_addr
Definition: routerinfo_st.h:29
compare_unknown_tor_addr_to_addr_policy
static addr_policy_result_t compare_unknown_tor_addr_to_addr_policy(uint16_t port, const smartlist_t *policy)
Definition: policies.c:1498
SMARTLIST_FOREACH
#define SMARTLIST_FOREACH(sl, type, var, cmd)
Definition: smartlist_foreach.h:112
addr_is_in_cc_list
static int addr_is_in_cc_list(uint32_t addr, const smartlist_t *cc_list)
Definition: policies.c:1127
or_options_t::ClientPreferIPv6DirPort
int ClientPreferIPv6DirPort
Definition: or_options_st.h:663
exit_policy_remove_redundancies
static void exit_policy_remove_redundancies(smartlist_t *dest)
Definition: policies.c:1717
addr_policy_t::is_private
unsigned int is_private
Definition: addr_policy_st.h:30
fascist_firewall_allows_address_ap
static int fascist_firewall_allows_address_ap(const tor_addr_port_t *ap, firewall_connection_t fw_connection, int pref_only, int pref_ipv6)
Definition: policies.c:569
networkstatus.h
Header file for networkstatus.c.
addr_policy_t
Definition: addr_policy_st.h:26
authdir_badexit_policy
static smartlist_t * authdir_badexit_policy
Definition: policies.c:59
addr_policy_t::policy_type
addr_policy_action_bitfield_t policy_type
Definition: addr_policy_st.h:29
socks_policy
static smartlist_t * socks_policy
Definition: policies.c:48
compare_tor_addr_to_short_policy
addr_policy_result_t compare_tor_addr_to_short_policy(const tor_addr_t *addr, uint16_t port, const short_policy_t *policy)
Definition: policies.c:2872
policy_write_item
int policy_write_item(char *buf, size_t buflen, const addr_policy_t *policy, int format_for_desc)
Definition: policies.c:2318
policies_parse_exit_policy_internal
static int policies_parse_exit_policy_internal(config_line_t *cfg, smartlist_t **dest, int ipv6_exit, int rejectprivate, const smartlist_t *configured_addresses, int reject_interface_addresses, int reject_configured_port_addresses, int add_default_policy, int add_reduced_policy)
Definition: policies.c:1986
fascist_firewall_choose_address_node
void fascist_firewall_choose_address_node(const node_t *node, firewall_connection_t fw_connection, int pref_only, tor_addr_port_t *ap)
Definition: policies.c:1044
policy_summary_accept
static void policy_summary_accept(smartlist_t *summary, uint16_t prt_min, uint16_t prt_max, sa_family_t family)
Definition: policies.c:2494
policy_summary_item_split
static policy_summary_item_t * policy_summary_item_split(policy_summary_item_t *old, uint16_t new_starts)
Definition: policies.c:2418
node_t::rejects_all
unsigned int rejects_all
Definition: node_st.h:83
compare_known_tor_addr_to_addr_policy
static addr_policy_result_t compare_known_tor_addr_to_addr_policy(const tor_addr_t *addr, uint16_t port, const smartlist_t *policy)
Definition: policies.c:1427
authdir_policy_valid_address
int authdir_policy_valid_address(uint32_t addr, uint16_t port)
Definition: policies.c:1157
ADDR_POLICY_PROBABLY_ACCEPTED
@ ADDR_POLICY_PROBABLY_ACCEPTED
Definition: policies.h:45
authdir_invalid_policy
static smartlist_t * authdir_invalid_policy
Definition: policies.c:56
bridges.h
Header file for circuitbuild.c.
geoip.h
Header file for geoip.c.
exit_policy_is_general_exit
int exit_policy_is_general_exit(smartlist_t *policy)
Definition: policies.c:2280
policies_parse_exit_policy_from_options
int policies_parse_exit_policy_from_options(const or_options_t *or_options, uint32_t local_address, const tor_addr_t *ipv6_local_address, smartlist_t **result)
Definition: policies.c:2153
or_options_t::SocksPolicy
struct config_line_t * SocksPolicy
Definition: or_options_st.h:113
tor_addr_from_ipv4h
#define tor_addr_from_ipv4h(dest, v4addr)
Definition: address.h:314
tor_addr_port_t
Definition: address.h:80
tor_addr_to_ipv4h
static uint32_t tor_addr_to_ipv4h(const tor_addr_t *a)
Definition: address.h:159
authdir_reject_policy
static smartlist_t * authdir_reject_policy
Definition: policies.c:53
or_options_t::OutboundBindAddresses
tor_addr_t OutboundBindAddresses[OUTBOUND_ADDR_MAX][2]
Definition: or_options_st.h:124
append_exit_policy_string
STATIC void append_exit_policy_string(smartlist_t **policy, const char *more)
Definition: policies.c:1617
tor_addr_is_v4
int tor_addr_is_v4(const tor_addr_t *addr)
Definition: address.c:750
policies_parse_exit_policy
int policies_parse_exit_policy(config_line_t *cfg, smartlist_t **dest, exit_policy_parser_cfg_t options, const smartlist_t *configured_addresses)
Definition: policies.c:2054
or_options_t::ExitRelay
int ExitRelay
Definition: or_options_st.h:913
or_options_t::AuthDirBadExit
struct config_line_t * AuthDirBadExit
Definition: or_options_st.h:453
node_t
Definition: node_st.h:34
policy_summary_split
static int policy_summary_split(smartlist_t *summary, uint16_t prt_min, uint16_t prt_max)
Definition: policies.c:2463
routerstatus_t::addr
uint32_t addr
Definition: routerstatus_st.h:32
microdesc_t::exit_policy
struct short_policy_t * exit_policy
Definition: microdesc_st.h:85
routerstatus_t::or_port
uint16_t or_port
Definition: routerstatus_st.h:33
fascist_firewall_choose_address_ls
void fascist_firewall_choose_address_ls(const smartlist_t *lspecs, int pref_only, tor_addr_port_t *ap)
Definition: policies.c:969
tor_addr_is_loopback
int tor_addr_is_loopback(const tor_addr_t *addr)
Definition: address.c:796
microdesc_t::ipv6_orport
uint16_t ipv6_orport
Definition: microdesc_st.h:81
or_options_t::ReachableDirAddresses
struct config_line_t * ReachableDirAddresses
Definition: or_options_st.h:314
escaped
const char * escaped(const char *s)
Definition: escape.c:126
tor_addr_is_multicast
int tor_addr_is_multicast(const tor_addr_t *a)
Definition: address.c:1583
routerinfo_t::addr
uint32_t addr
Definition: routerinfo_st.h:24
strcmpstart
int strcmpstart(const char *s1, const char *s2)
Definition: util_string.c:206
node_ipv6_or_preferred
int node_ipv6_or_preferred(const node_t *node)
Definition: nodelist.c:1691
microdesc_st.h
Microdescriptor structure.
routerinfo_t::exit_policy
smartlist_t * exit_policy
Definition: routerinfo_st.h:58
port_cfg_t
Definition: port_cfg_st.h:19
or_options_t::ExitPolicyRejectPrivate
int ExitPolicyRejectPrivate
Definition: or_options_st.h:105
policies_parse_from_options
int policies_parse_from_options(const or_options_t *options)
Definition: policies.c:1288
fascist_firewall_use_ipv6
int fascist_firewall_use_ipv6(const or_options_t *options)
Definition: policies.c:459
nodelist.h
Header file for nodelist.c.
policy_using_default_exit_options
static int policy_using_default_exit_options(const or_options_t *or_options)
Definition: policies.c:1181
parse_addr_policy
static int parse_addr_policy(config_line_t *cfg, smartlist_t **dest, int assume_action)
Definition: policies.c:194
fascist_firewall_choose_address
const STATIC tor_addr_port_t * fascist_firewall_choose_address(const tor_addr_port_t *a, const tor_addr_port_t *b, int want_a, firewall_connection_t fw_connection, int pref_only, int pref_ipv6)
Definition: policies.c:819
dir_server_t::fake_status
routerstatus_t fake_status
Definition: dir_server_st.h:51
fascist_firewall_choose_address_ipv4h
static void fascist_firewall_choose_address_ipv4h(uint32_t ipv4h_addr, uint16_t ipv4_orport, uint16_t ipv4_dirport, const tor_addr_t *ipv6_addr, uint16_t ipv6_orport, uint16_t ipv6_dirport, firewall_connection_t fw_connection, int pref_only, int pref_ipv6, tor_addr_port_t *ap)
Definition: policies.c:898
maskbits_t
uint8_t maskbits_t
Definition: address.h:62
policy_summary_item_t::prt_max
uint16_t prt_max
Definition: policies.c:71
fascist_firewall_choose_address_rs
void fascist_firewall_choose_address_rs(const routerstatus_t *rs, firewall_connection_t fw_connection, int pref_only, tor_addr_port_t *ap)
Definition: policies.c:929
policies_set_node_exitpolicy_to_reject_all
void policies_set_node_exitpolicy_to_reject_all(node_t *node)
Definition: policies.c:2224
policy_summarize
char * policy_summarize(smartlist_t *policy, sa_family_t family)
Definition: policies.c:2623
routerinfo_st.h
Router descriptor structure.
ADDR_POLICY_ACCEPTED
@ ADDR_POLICY_ACCEPTED
Definition: policies.h:40
LD_CONFIG
#define LD_CONFIG
Definition: log.h:68
dir_server_t
Definition: dir_server_st.h:21
addr_policy_permits_tor_addr
static int addr_policy_permits_tor_addr(const tor_addr_t *addr, uint16_t port, smartlist_t *policy)
Definition: policies.c:374
geoip_get_country_by_addr
int geoip_get_country_by_addr(const tor_addr_t *addr)
Definition: geoip.c:424
policies_exit_policy_append_reject_star
void policies_exit_policy_append_reject_star(smartlist_t **dest)
Definition: policies.c:2216
short_policy_is_reject_star
int short_policy_is_reject_star(const short_policy_t *policy)
Definition: policies.c:2920
HT_HEAD
typedef HT_HEAD(hs_service_ht, hs_service_t) hs_service_ht
policy_summary_reject
static void policy_summary_reject(smartlist_t *summary, maskbits_t maskbits, uint16_t prt_min, uint16_t prt_max, sa_family_t family)
Definition: policies.c:2517
addr_policy_t::maskbits
maskbits_t maskbits
Definition: addr_policy_st.h:35
fascist_firewall_choose_address_impl
static const tor_addr_port_t * fascist_firewall_choose_address_impl(const tor_addr_port_t *a, const tor_addr_port_t *b, int want_a, firewall_connection_t fw_connection, int pref_only, int pref_ipv6)
Definition: policies.c:781
fascist_firewall_choose_address_base
static void fascist_firewall_choose_address_base(const tor_addr_t *ipv4_addr, uint16_t ipv4_orport, uint16_t ipv4_dirport, const tor_addr_t *ipv6_addr, uint16_t ipv6_orport, uint16_t ipv6_dirport, firewall_connection_t fw_connection, int pref_only, int pref_ipv6, tor_addr_port_t *ap)
Definition: policies.c:852
LOG_INFO
#define LOG_INFO
Definition: log.h:45
fmt_addr
#define fmt_addr(a)
Definition: address.h:229
crypto_rand.h
Common functions for using (pseudo-)random number generators.
node_get_pref_ipv6_orport
void node_get_pref_ipv6_orport(const node_t *node, tor_addr_port_t *ap_out)
Definition: nodelist.c:1757
get_options
const or_options_t * get_options(void)
Definition: config.c:925
addr_policy_list_free_
void addr_policy_list_free_(smartlist_t *lst)
Definition: policies.c:3116
or_options_t::ExitPolicy
struct config_line_t * ExitPolicy
Definition: or_options_st.h:104
routerinfo_t::dir_port
uint16_t dir_port
Definition: routerinfo_st.h:26
SMARTLIST_REPLACE_CURRENT
#define SMARTLIST_REPLACE_CURRENT(sl, var, val)
Definition: smartlist_foreach.h:141
short_policy_t::is_accept
unsigned int is_accept
Definition: policies.h:60
MAX_EXITPOLICY_SUMMARY_LEN
#define MAX_EXITPOLICY_SUMMARY_LEN
Definition: policies.c:45
or_options_t::AuthDirReject
struct config_line_t * AuthDirReject
Definition: or_options_st.h:455
write_short_policy
char * write_short_policy(const short_policy_t *policy)
Definition: policies.c:2836
router_get_my_routerinfo_with_err
const routerinfo_t * router_get_my_routerinfo_with_err(int *err)
Definition: router.c:1698
policies_free_all
void policies_free_all(void)
Definition: policies.c:3147
smartlist_clear
void smartlist_clear(smartlist_t *sl)
Definition: smartlist_core.c:50
parse_short_policy
short_policy_t * parse_short_policy(const char *summary)
Definition: policies.c:2735
fascist_firewall_allows_base
static int fascist_firewall_allows_base(uint32_t ipv4h_addr, uint16_t ipv4_orport, uint16_t ipv4_dirport, const tor_addr_t *ipv6_addr, uint16_t ipv6_orport, uint16_t ipv6_dirport, firewall_connection_t fw_connection, int pref_only, int pref_ipv6)
Definition: policies.c:605
policy_expand_unspec
void policy_expand_unspec(smartlist_t **policy)
Definition: policies.c:145
firewall_is_fascist_dir
int firewall_is_fascist_dir(void)
Definition: policies.c:365
routerstatus_st.h
Routerstatus (consensus entry) structure.
smartlist_contains_string_case
int smartlist_contains_string_case(const smartlist_t *sl, const char *element)
Definition: smartlist.c:133
router_dump_exit_policy_to_string
char * router_dump_exit_policy_to_string(const routerinfo_t *router, int include_ipv4, int include_ipv6)
Definition: router.c:2975
addr_policy_get_canonical_entry
addr_policy_t * addr_policy_get_canonical_entry(addr_policy_t *e)
Definition: policies.c:1403
policy_parse.h
Header file for policy_parse.c.
tor_addr_parse_mask_ports
int tor_addr_parse_mask_ports(const char *s, unsigned flags, tor_addr_t *addr_out, maskbits_t *maskbits_out, uint16_t *port_min_out, uint16_t *port_max_out)
Definition: address.c:543
single_addr_policy_eq
static int single_addr_policy_eq(const addr_policy_t *a, const addr_policy_t *b)
Definition: policies.c:1314
routerinfo_t::or_port
uint16_t or_port
Definition: routerinfo_st.h:25
fascist_firewall_prefer_ipv6_dirport
int fascist_firewall_prefer_ipv6_dirport(const or_options_t *options)
Definition: policies.c:520
or_options_t::ExitPolicyRejectLocalInterfaces
int ExitPolicyRejectLocalInterfaces
Definition: or_options_st.h:108
confline.h
Header for confline.c.
or_options_t::ReachableORAddresses
struct config_line_t * ReachableORAddresses
Definition: or_options_st.h:313
addr_policy_append_reject_addr_list
void addr_policy_append_reject_addr_list(smartlist_t **dest, const smartlist_t *addrs)
Definition: policies.c:1688
policies_log_first_redundant_entry
static void policies_log_first_redundant_entry(const smartlist_t *policy)
Definition: policies.c:1876
server_mode
int server_mode(const or_options_t *options)
Definition: routermode.c:34
get_configured_ports
const smartlist_t * get_configured_ports(void)
Definition: config.c:6431
tor_addr_is_null
int tor_addr_is_null(const tor_addr_t *addr)
Definition: address.c:771
tor_asprintf
int tor_asprintf(char **strp, const char *fmt,...)
Definition: printf.c:75
microdesc_t::ipv6_addr
tor_addr_t ipv6_addr
Definition: microdesc_st.h:79
SMARTLIST_FOREACH_BEGIN
#define SMARTLIST_FOREACH_BEGIN(sl, type, var)
Definition: smartlist_foreach.h:78
node_get_pref_ipv6_dirport
void node_get_pref_ipv6_dirport(const node_t *node, tor_addr_port_t *ap_out)
Definition: nodelist.c:1860
policy_summary_create
static smartlist_t * policy_summary_create(void)
Definition: policies.c:2394
addr_policy_result_t
addr_policy_result_t
Definition: policies.h:38
or_options_t::ClientUseIPv4
int ClientUseIPv4
Definition: or_options_st.h:648
or_options_t::AuthDirInvalid
struct config_line_t * AuthDirInvalid
Definition: or_options_st.h:457
node_get_prim_orport
void node_get_prim_orport(const node_t *node, tor_addr_port_t *ap_out)
Definition: nodelist.c:1721
public_server_mode
int public_server_mode(const or_options_t *options)
Definition: routermode.c:43
or_options_t::UseBridges
int UseBridges
Definition: or_options_st.h:213
node_st.h
Node information structure.
policy_hash
static unsigned int policy_hash(const policy_map_ent_t *ent)
Definition: policies.c:1373
routerstatus_t::ipv6_addr
tor_addr_t ipv6_addr
Definition: routerstatus_st.h:35
control_connection_t
Definition: control_connection_st.h:19
fascist_firewall_allows_address
STATIC int fascist_firewall_allows_address(const tor_addr_t *addr, uint16_t port, smartlist_t *firewall_policy, int pref_only, int pref_ipv6)
Definition: policies.c:420
policies.h
Header file for policies.c.
HT_PROTOTYPE
HT_PROTOTYPE(hs_circuitmap_ht, circuit_t, hs_circuitmap_node, hs_circuit_hash_token, hs_circuits_have_same_token)
tor_parse_ulong
unsigned long tor_parse_ulong(const char *s, int base, unsigned long min, unsigned long max, int *ok, char **next)
Definition: parse_int.c:78
config_line_t
Definition: confline.h:29
config.h
Header file for config.c.
addr_policy_t::addr
tor_addr_t addr
Definition: addr_policy_st.h:46
routerstatus_t::dir_port
uint16_t dir_port
Definition: routerstatus_st.h:34
compare_tor_addr_to_node_policy
addr_policy_result_t compare_tor_addr_to_node_policy(const tor_addr_t *addr, uint16_t port, const node_t *node)
Definition: policies.c:2937
short_policy_t::entries
short_policy_entry_t entries[FLEXIBLE_ARRAY_MEMBER]
Definition: policies.h:67
policy_summary_add_item
static void policy_summary_add_item(smartlist_t *summary, addr_policy_t *p)
Definition: policies.c:2582
smartlist_add_asprintf
void smartlist_add_asprintf(struct smartlist_t *sl, const char *pattern,...)
Definition: smartlist.c:36
policies_copy_ipv4h_to_smartlist
static void policies_copy_ipv4h_to_smartlist(smartlist_t *addr_list, uint32_t ipv4h_addr)
Definition: policies.c:2096
policies_copy_addr_to_smartlist
static void policies_copy_addr_to_smartlist(smartlist_t *addr_list, const tor_addr_t *addr)
Definition: policies.c:2080
policy_is_reject_star
int policy_is_reject_star(const smartlist_t *policy, sa_family_t family, int default_reject)
Definition: policies.c:2294
sa_family_t
uint16_t sa_family_t
Definition: inaddr_st.h:77
addr_policy_append_reject_addr_list_filter
static void addr_policy_append_reject_addr_list_filter(smartlist_t **dest, const smartlist_t *addrs, int ipv4_rules, int ipv6_rules)
Definition: policies.c:1702
or_options_t
Definition: or_options_st.h:39
addr_policies_eq
int addr_policies_eq(const smartlist_t *a, const smartlist_t *b)
Definition: policies.c:1338
policy_expand_private
void policy_expand_private(smartlist_t **policy)
Definition: policies.c:105
microdesc_t::ipv6_exit_policy
struct short_policy_t * ipv6_exit_policy
Definition: microdesc_st.h:87
STATIC
#define STATIC
Definition: testsupport.h:32
routerstatus_t::ipv6_orport
uint16_t ipv6_orport
Definition: routerstatus_st.h:36
LD_DIR
#define LD_DIR
Definition: log.h:88
addr_policy_t::prt_max
uint16_t prt_max
Definition: addr_policy_st.h:48
fascist_firewall_allows_md_impl
static int fascist_firewall_allows_md_impl(const microdesc_t *md, firewall_connection_t fw_connection, int pref_only, int pref_ipv6)
Definition: policies.c:698
addr_policy_covers
static int addr_policy_covers(addr_policy_t *a, addr_policy_t *b)
Definition: policies.c:1572
reachable_dir_addr_policy
static smartlist_t * reachable_dir_addr_policy
Definition: policies.c:66
getinfo_helper_policies
int getinfo_helper_policies(control_connection_t *conn, const char *question, char **answer, const char **errmsg)
Definition: policies.c:3018
tor_addr_compare_masked
int tor_addr_compare_masked(const tor_addr_t *addr1, const tor_addr_t *addr2, maskbits_t mbits, tor_addr_comparison_t how)
Definition: address.c:996
routerstatus_t::identity_digest
char identity_digest[DIGEST_LEN]
Definition: routerstatus_st.h:27
short_policy_free_
void short_policy_free_(short_policy_t *policy)
Definition: policies.c:2862
fascist_firewall_allows_node
int fascist_firewall_allows_node(const node_t *node, firewall_connection_t fw_connection, int pref_only)
Definition: policies.c:720
fascist_firewall_choose_address_dir_server
void fascist_firewall_choose_address_dir_server(const dir_server_t *ds, firewall_connection_t fw_connection, int pref_only, tor_addr_port_t *ap)
Definition: policies.c:1083
smartlist_t
Definition: smartlist_core.h:26
smartlist_join_strings
char * smartlist_join_strings(smartlist_t *sl, const char *join, int terminate, size_t *len_out)
Definition: smartlist.c:279
policy_summary_item_t::prt_min
uint16_t prt_min
Definition: policies.c:70
fascist_firewall_allows_rs
int fascist_firewall_allows_rs(const routerstatus_t *rs, firewall_connection_t fw_connection, int pref_only)
Definition: policies.c:674
geoip_get_country_name
const char * geoip_get_country_name(country_t num)
Definition: geoip.c:447
policy_map_ent_t
Definition: policies.c:1356
tor_addr_copy
void tor_addr_copy(tor_addr_t *dest, const tor_addr_t *src)
Definition: address.c:924
private_nets
static const char * private_nets[]
Definition: policies.c:83
addr_policy_t::is_canonical
unsigned int is_canonical
Definition: addr_policy_st.h:32
policies_parse_exit_policy_reject_private
void policies_parse_exit_policy_reject_private(smartlist_t **dest, int ipv6_exit, const smartlist_t *configured_addresses, int reject_interface_addresses, int reject_configured_port_addresses)
Definition: policies.c:1819
short_policy_entry_t
Definition: policies.h:52
or.h
Master header file for Tor-specific functionality.
routerinfo_err_is_transient
int routerinfo_err_is_transient(int err)
Definition: router.c:172
LD_PROTOCOL
#define LD_PROTOCOL
Definition: log.h:72