tor  0.4.1.0-alpha-dev
policies.c
Go to the documentation of this file.
1 /* Copyright (c) 2001-2004, Roger Dingledine.
2  * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson.
3  * Copyright (c) 2007-2019, The Tor Project, Inc. */
4 /* See LICENSE for licensing information */
5 
18 #define POLICIES_PRIVATE
19 
20 #include "core/or/or.h"
21 #include "feature/client/bridges.h"
22 #include "app/config/config.h"
23 #include "core/or/policies.h"
28 #include "feature/relay/router.h"
30 #include "lib/geoip/geoip.h"
31 #include "ht.h"
33 #include "lib/encoding/confline.h"
34 
35 #include "core/or/addr_policy_st.h"
36 #include "feature/dirclient/dir_server_st.h"
37 #include "feature/nodelist/microdesc_st.h"
38 #include "feature/nodelist/node_st.h"
39 #include "core/or/port_cfg_st.h"
40 #include "feature/nodelist/routerinfo_st.h"
41 #include "feature/nodelist/routerstatus_st.h"
42 
44 #define MAX_EXITPOLICY_SUMMARY_LEN 1000
45 
47 static smartlist_t *socks_policy = NULL;
49 static smartlist_t *dir_policy = NULL;
59 
66 
68 typedef struct policy_summary_item_t {
69  uint16_t prt_min;
70  uint16_t prt_max;
71  uint64_t reject_count;
73  unsigned int accepted:1;
75 
82 static const char *private_nets[] = {
83  "0.0.0.0/8", "169.254.0.0/16",
84  "127.0.0.0/8", "192.168.0.0/16", "10.0.0.0/8", "172.16.0.0/12",
85  "[::]/8",
86  "[fc00::]/7", "[fe80::]/10", "[fec0::]/10", "[ff00::]/8", "[::]/127",
87  NULL
88 };
89 
91  config_line_t *cfg,
92  smartlist_t **dest,
93  int ipv6_exit,
94  int rejectprivate,
95  const smartlist_t *configured_addresses,
96  int reject_interface_addresses,
97  int reject_configured_port_addresses,
98  int add_default_policy,
99  int add_reduced_policy);
100 
103 void
105 {
106  uint16_t port_min, port_max;
107 
108  int i;
109  smartlist_t *tmp;
110 
111  if (!*policy) /*XXXX disallow NULL policies? */
112  return;
113 
114  tmp = smartlist_new();
115 
116  SMARTLIST_FOREACH_BEGIN(*policy, addr_policy_t *, p) {
117  if (! p->is_private) {
118  smartlist_add(tmp, p);
119  continue;
120  }
121  for (i = 0; private_nets[i]; ++i) {
122  addr_policy_t newpolicy;
123  memcpy(&newpolicy, p, sizeof(addr_policy_t));
124  newpolicy.is_private = 0;
125  newpolicy.is_canonical = 0;
127  &newpolicy.addr,
128  &newpolicy.maskbits, &port_min, &port_max)<0) {
129  tor_assert_unreached();
130  }
131  smartlist_add(tmp, addr_policy_get_canonical_entry(&newpolicy));
132  }
133  addr_policy_free(p);
134  } SMARTLIST_FOREACH_END(p);
135 
136  smartlist_free(*policy);
137  *policy = tmp;
138 }
139 
143 void
145 {
146  smartlist_t *tmp;
147  if (!*policy)
148  return;
149 
150  tmp = smartlist_new();
151  SMARTLIST_FOREACH_BEGIN(*policy, addr_policy_t *, p) {
152  sa_family_t family = tor_addr_family(&p->addr);
153  if (family == AF_INET6 || family == AF_INET || p->is_private) {
154  smartlist_add(tmp, p);
155  } else if (family == AF_UNSPEC) {
156  addr_policy_t newpolicy_ipv4;
157  addr_policy_t newpolicy_ipv6;
158  memcpy(&newpolicy_ipv4, p, sizeof(addr_policy_t));
159  memcpy(&newpolicy_ipv6, p, sizeof(addr_policy_t));
160  newpolicy_ipv4.is_canonical = 0;
161  newpolicy_ipv6.is_canonical = 0;
162  if (p->maskbits != 0) {
163  log_warn(LD_BUG, "AF_UNSPEC policy with maskbits==%d", p->maskbits);
164  newpolicy_ipv4.maskbits = 0;
165  newpolicy_ipv6.maskbits = 0;
166  }
167  tor_addr_from_ipv4h(&newpolicy_ipv4.addr, 0);
168  tor_addr_from_ipv6_bytes(&newpolicy_ipv6.addr,
169  "\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0");
170  smartlist_add(tmp, addr_policy_get_canonical_entry(&newpolicy_ipv4));
171  smartlist_add(tmp, addr_policy_get_canonical_entry(&newpolicy_ipv6));
172  addr_policy_free(p);
173  } else {
174  log_warn(LD_BUG, "Funny-looking address policy with family %d", family);
175  smartlist_add(tmp, p);
176  }
177  } SMARTLIST_FOREACH_END(p);
178 
179  smartlist_free(*policy);
180  *policy = tmp;
181 }
182 
192 static int
194  int assume_action)
195 {
196  smartlist_t *result;
197  smartlist_t *entries;
198  addr_policy_t *item;
199  int malformed_list;
200  int r = 0;
201 
202  if (!cfg)
203  return 0;
204 
205  result = smartlist_new();
206  entries = smartlist_new();
207  for (; cfg; cfg = cfg->next) {
208  smartlist_split_string(entries, cfg->value, ",",
209  SPLIT_SKIP_SPACE|SPLIT_IGNORE_BLANK, 0);
210  SMARTLIST_FOREACH_BEGIN(entries, const char *, ent) {
211  log_debug(LD_CONFIG,"Adding new entry '%s'",ent);
212  malformed_list = 0;
213  item = router_parse_addr_policy_item_from_string(ent, assume_action,
214  &malformed_list);
215  if (item) {
216  smartlist_add(result, item);
217  } else if (malformed_list) {
218  /* the error is so severe the entire list should be discarded */
219  log_warn(LD_CONFIG, "Malformed policy '%s'. Discarding entire policy "
220  "list.", ent);
221  r = -1;
222  } else {
223  /* the error is minor: don't add the item, but keep processing the
224  * rest of the policies in the list */
225  log_debug(LD_CONFIG, "Ignored policy '%s' due to non-fatal error. "
226  "The remainder of the policy list will be used.",
227  ent);
228  }
229  } SMARTLIST_FOREACH_END(ent);
230  SMARTLIST_FOREACH(entries, char *, ent, tor_free(ent));
231  smartlist_clear(entries);
232  }
233  smartlist_free(entries);
234  if (r == -1) {
235  addr_policy_list_free(result);
236  } else {
237  policy_expand_private(&result);
238  policy_expand_unspec(&result);
239 
240  if (*dest) {
241  smartlist_add_all(*dest, result);
242  smartlist_free(result);
243  } else {
244  *dest = result;
245  }
246  }
247 
248  return r;
249 }
250 
255 static int
257 {
258  const or_options_t *options = get_options();
259  int ret = 0;
260 
261  if (options->ReachableDirAddresses &&
262  options->ReachableORAddresses &&
263  options->ReachableAddresses) {
264  log_warn(LD_CONFIG,
265  "Both ReachableDirAddresses and ReachableORAddresses are set. "
266  "ReachableAddresses setting will be ignored.");
267  }
268  addr_policy_list_free(reachable_or_addr_policy);
270  if (!options->ReachableORAddresses && options->ReachableAddresses)
271  log_info(LD_CONFIG,
272  "Using ReachableAddresses as ReachableORAddresses.");
274  options->ReachableORAddresses :
275  options->ReachableAddresses,
276  &reachable_or_addr_policy, ADDR_POLICY_ACCEPT)) {
277  log_warn(LD_CONFIG,
278  "Error parsing Reachable%sAddresses entry; ignoring.",
279  options->ReachableORAddresses ? "OR" : "");
280  ret = -1;
281  }
282 
283  addr_policy_list_free(reachable_dir_addr_policy);
285  if (!options->ReachableDirAddresses && options->ReachableAddresses)
286  log_info(LD_CONFIG,
287  "Using ReachableAddresses as ReachableDirAddresses");
289  options->ReachableDirAddresses :
290  options->ReachableAddresses,
291  &reachable_dir_addr_policy, ADDR_POLICY_ACCEPT)) {
292  if (options->ReachableDirAddresses)
293  log_warn(LD_CONFIG,
294  "Error parsing ReachableDirAddresses entry; ignoring.");
295  ret = -1;
296  }
297 
298  /* We ignore ReachableAddresses for relays */
299  if (!server_mode(options)) {
302  log_warn(LD_CONFIG, "Tor cannot connect to the Internet if "
303  "ReachableAddresses, ReachableORAddresses, or "
304  "ReachableDirAddresses reject all addresses. Please accept "
305  "some addresses in these options.");
306  } else if (options->ClientUseIPv4 == 1
309  log_warn(LD_CONFIG, "You have set ClientUseIPv4 1, but "
310  "ReachableAddresses, ReachableORAddresses, or "
311  "ReachableDirAddresses reject all IPv4 addresses. "
312  "Tor will not connect using IPv4.");
313  } else if (fascist_firewall_use_ipv6(options)
316  log_warn(LD_CONFIG, "You have configured tor to use or prefer IPv6 "
317  "(or UseBridges 1), but "
318  "ReachableAddresses, ReachableORAddresses, or "
319  "ReachableDirAddresses reject all IPv6 addresses. "
320  "Tor will not connect using IPv6.");
321  }
322  }
323 
324  /* Append a reject *:* to reachable_(or|dir)_addr_policy */
325  if (!ret && (options->ReachableDirAddresses ||
326  options->ReachableORAddresses ||
327  options->ReachableAddresses)) {
330  }
331 
332  return ret;
333 }
334 
335 /* Return true iff ClientUseIPv4 0 or ClientUseIPv6 0 might block any OR or Dir
336  * address:port combination. */
337 static int
338 firewall_is_fascist_impl(void)
339 {
340  const or_options_t *options = get_options();
341  /* Assume every non-bridge relay has an IPv4 address.
342  * Clients which use bridges may only know the IPv6 address of their
343  * bridge, but they will connect regardless of the ClientUseIPv6 setting. */
344  return options->ClientUseIPv4 == 0;
345 }
346 
352 int
354 {
355  return (reachable_or_addr_policy != NULL || firewall_is_fascist_impl());
356 }
357 
363 int
365 {
366  return (reachable_dir_addr_policy != NULL || firewall_is_fascist_impl());
367 }
368 
372 static int
373 addr_policy_permits_tor_addr(const tor_addr_t *addr, uint16_t port,
374  smartlist_t *policy)
375 {
377  p = compare_tor_addr_to_addr_policy(addr, port, policy);
378  switch (p) {
381  return 1;
384  return 0;
385  default:
386  log_warn(LD_BUG, "Unexpected result: %d", (int)p);
387  return 0;
388  }
389 }
390 
394 /* XXXX deprecate when possible. */
395 static int
396 addr_policy_permits_address(uint32_t addr, uint16_t port,
397  smartlist_t *policy)
398 {
399  tor_addr_t a;
400  tor_addr_from_ipv4h(&a, addr);
401  return addr_policy_permits_tor_addr(&a, port, policy);
402 }
403 
418 STATIC int
420  uint16_t port,
421  smartlist_t *firewall_policy,
422  int pref_only, int pref_ipv6)
423 {
424  const or_options_t *options = get_options();
425  const int client_mode = !server_mode(options);
426 
427  if (!addr || tor_addr_is_null(addr) || !port) {
428  return 0;
429  }
430 
431  /* Clients stop using IPv4 if it's disabled. In most cases, clients also
432  * stop using IPv4 if it's not preferred.
433  * Servers must have IPv4 enabled and preferred. */
434  if (tor_addr_family(addr) == AF_INET && client_mode &&
435  (!options->ClientUseIPv4 || (pref_only && pref_ipv6))) {
436  return 0;
437  }
438 
439  /* Clients and Servers won't use IPv6 unless it's enabled (and in most
440  * cases, IPv6 must also be preferred before it will be used). */
441  if (tor_addr_family(addr) == AF_INET6 &&
442  (!fascist_firewall_use_ipv6(options) || (pref_only && !pref_ipv6))) {
443  return 0;
444  }
445 
446  return addr_policy_permits_tor_addr(addr, port,
447  firewall_policy);
448 }
449 
457 int
459 {
460  /* Clients use IPv6 if it's set, or they use bridges, or they don't use
461  * IPv4, or they prefer it.
462  * ClientPreferIPv6DirPort is deprecated, but check it anyway. */
463  return (options->ClientUseIPv6 == 1 || options->ClientUseIPv4 == 0 ||
464  options->ClientPreferIPv6ORPort == 1 ||
465  options->ClientPreferIPv6DirPort == 1 || options->UseBridges == 1 ||
466  options->ClientAutoIPv6ORPort == 1);
467 }
468 
473 static int
475 {
476  /*
477  Cheap implementation of config options ClientUseIPv4 & ClientUseIPv6 --
478  If we're a server or IPv6 is disabled, use IPv4.
479  If IPv4 is disabled, use IPv6.
480  */
481 
482  if (server_mode(options) || !fascist_firewall_use_ipv6(options)) {
483  return 0;
484  }
485 
486  if (!options->ClientUseIPv4) {
487  return 1;
488  }
489 
490  return -1;
491 }
492 
493 /* Choose whether we prefer IPv4 or IPv6 by randomly choosing an address
494  * family. Return 0 for IPv4, and 1 for IPv6. */
495 MOCK_IMPL(int,
496 fascist_firewall_rand_prefer_ipv6_addr, (void))
497 {
498  /* TODO: Check for failures, and infer our preference based on this. */
499  return crypto_rand_int(2);
500 }
501 
506 int
508 {
509  int pref_ipv6 = fascist_firewall_prefer_ipv6_impl(options);
510 
511  if (pref_ipv6 >= 0) {
512  return pref_ipv6;
513  }
514 
515  /* We can use both IPv4 and IPv6 - which do we prefer? */
516  if (options->ClientAutoIPv6ORPort == 1) {
517  /* If ClientAutoIPv6ORPort is 1, we prefer IPv4 or IPv6 at random. */
518  return fascist_firewall_rand_prefer_ipv6_addr();
519  } else if (options->ClientPreferIPv6ORPort == 1) {
520  return 1;
521  }
522 
523  return 0;
524 }
525 
531 int
533 {
534  int pref_ipv6 = fascist_firewall_prefer_ipv6_impl(options);
535 
536  if (pref_ipv6 >= 0) {
537  return pref_ipv6;
538  }
539 
540  /* We can use both IPv4 and IPv6 - which do we prefer? */
541  if (options->ClientPreferIPv6DirPort == 1) {
542  return 1;
543  }
544 
545  return 0;
546 }
547 
555 int
557  firewall_connection_t fw_connection,
558  int pref_only, int pref_ipv6)
559 {
560  if (fw_connection == FIREWALL_OR_CONNECTION) {
561  return fascist_firewall_allows_address(addr, port,
563  pref_only, pref_ipv6);
564  } else if (fw_connection == FIREWALL_DIR_CONNECTION) {
565  return fascist_firewall_allows_address(addr, port,
567  pref_only, pref_ipv6);
568  } else {
569  log_warn(LD_BUG, "Bad firewall_connection_t value %d.",
570  fw_connection);
571  return 0;
572  }
573 }
574 
580 static int
582  firewall_connection_t fw_connection,
583  int pref_only, int pref_ipv6)
584 {
585  tor_assert(ap);
586  return fascist_firewall_allows_address_addr(&ap->addr, ap->port,
587  fw_connection, pref_only,
588  pref_ipv6);
589 }
590 
591 /* Return true iff we think our firewall will let us make a connection to
592  * ipv4h_or_addr:ipv4_or_port. ipv4h_or_addr is interpreted in host order.
593  * Uses ReachableORAddresses or ReachableDirAddresses based on
594  * fw_connection.
595  * pref_only and pref_ipv6 work as in fascist_firewall_allows_address_addr().
596  */
597 static int
598 fascist_firewall_allows_address_ipv4h(uint32_t ipv4h_or_addr,
599  uint16_t ipv4_or_port,
600  firewall_connection_t fw_connection,
601  int pref_only, int pref_ipv6)
602 {
603  tor_addr_t ipv4_or_addr;
604  tor_addr_from_ipv4h(&ipv4_or_addr, ipv4h_or_addr);
605  return fascist_firewall_allows_address_addr(&ipv4_or_addr, ipv4_or_port,
606  fw_connection, pref_only,
607  pref_ipv6);
608 }
609 
616 static int
617 fascist_firewall_allows_base(uint32_t ipv4h_addr, uint16_t ipv4_orport,
618  uint16_t ipv4_dirport,
619  const tor_addr_t *ipv6_addr, uint16_t ipv6_orport,
620  uint16_t ipv6_dirport,
621  firewall_connection_t fw_connection,
622  int pref_only, int pref_ipv6)
623 {
624  if (fascist_firewall_allows_address_ipv4h(ipv4h_addr,
625  (fw_connection == FIREWALL_OR_CONNECTION
626  ? ipv4_orport
627  : ipv4_dirport),
628  fw_connection,
629  pref_only, pref_ipv6)) {
630  return 1;
631  }
632 
634  (fw_connection == FIREWALL_OR_CONNECTION
635  ? ipv6_orport
636  : ipv6_dirport),
637  fw_connection,
638  pref_only, pref_ipv6)) {
639  return 1;
640  }
641 
642  return 0;
643 }
644 
646 static int
648  firewall_connection_t fw_connection,
649  int pref_only, int pref_ipv6)
650 {
651  if (!ri) {
652  return 0;
653  }
654 
655  /* Assume IPv4 and IPv6 DirPorts are the same */
656  return fascist_firewall_allows_base(ri->addr, ri->or_port, ri->dir_port,
657  &ri->ipv6_addr, ri->ipv6_orport,
658  ri->dir_port, fw_connection, pref_only,
659  pref_ipv6);
660 }
661 
663 static int
665  firewall_connection_t fw_connection,
666  int pref_only, int pref_ipv6)
667 {
668  if (!rs) {
669  return 0;
670  }
671 
672  /* Assume IPv4 and IPv6 DirPorts are the same */
673  return fascist_firewall_allows_base(rs->addr, rs->or_port, rs->dir_port,
674  &rs->ipv6_addr, rs->ipv6_orport,
675  rs->dir_port, fw_connection, pref_only,
676  pref_ipv6);
677 }
678 
685 int
687  firewall_connection_t fw_connection, int pref_only)
688 {
689  if (!rs) {
690  return 0;
691  }
692 
693  /* We don't have access to the node-specific IPv6 preference, so use the
694  * generic IPv6 preference instead. */
695  const or_options_t *options = get_options();
696  int pref_ipv6 = (fw_connection == FIREWALL_OR_CONNECTION
699 
700  return fascist_firewall_allows_rs_impl(rs, fw_connection, pref_only,
701  pref_ipv6);
702 }
703 
709 static int
711  firewall_connection_t fw_connection,
712  int pref_only, int pref_ipv6)
713 {
714  if (!md) {
715  return 0;
716  }
717 
718  /* Can't check dirport, it doesn't have one */
719  if (fw_connection == FIREWALL_DIR_CONNECTION) {
720  return 0;
721  }
722 
723  /* Also can't check IPv4, doesn't have that either */
725  fw_connection, pref_only,
726  pref_ipv6);
727 }
728 
731 int
733  firewall_connection_t fw_connection,
734  int pref_only)
735 {
736  if (!node) {
737  return 0;
738  }
739 
740  node_assert_ok(node);
741 
742  const int pref_ipv6 = (fw_connection == FIREWALL_OR_CONNECTION
743  ? node_ipv6_or_preferred(node)
744  : node_ipv6_dir_preferred(node));
745 
746  /* Sometimes, the rs is missing the IPv6 address info, and we need to go
747  * all the way to the md */
748  if (node->ri && fascist_firewall_allows_ri_impl(node->ri, fw_connection,
749  pref_only, pref_ipv6)) {
750  return 1;
751  } else if (node->rs && fascist_firewall_allows_rs_impl(node->rs,
752  fw_connection,
753  pref_only,
754  pref_ipv6)) {
755  return 1;
756  } else if (node->md && fascist_firewall_allows_md_impl(node->md,
757  fw_connection,
758  pref_only,
759  pref_ipv6)) {
760  return 1;
761  } else {
762  /* If we know nothing, assume it's unreachable, we'll never get an address
763  * to connect to. */
764  return 0;
765  }
766 }
767 
769 int
771  firewall_connection_t fw_connection,
772  int pref_only)
773 {
774  if (!ds) {
775  return 0;
776  }
777 
778  /* A dir_server_t always has a fake_status. As long as it has the same
779  * addresses/ports in both fake_status and dir_server_t, this works fine.
780  * (See #17867.)
781  * fascist_firewall_allows_rs only checks the addresses in fake_status. */
782  return fascist_firewall_allows_rs(&ds->fake_status, fw_connection,
783  pref_only);
784 }
785 
792 static const tor_addr_port_t *
794  const tor_addr_port_t *b,
795  int want_a,
796  firewall_connection_t fw_connection,
797  int pref_only, int pref_ipv6)
798 {
799  const tor_addr_port_t *use_a = NULL;
800  const tor_addr_port_t *use_b = NULL;
801 
802  if (fascist_firewall_allows_address_ap(a, fw_connection, pref_only,
803  pref_ipv6)) {
804  use_a = a;
805  }
806 
807  if (fascist_firewall_allows_address_ap(b, fw_connection, pref_only,
808  pref_ipv6)) {
809  use_b = b;
810  }
811 
812  /* If both are allowed */
813  if (use_a && use_b) {
814  /* Choose a if we want it */
815  return (want_a ? use_a : use_b);
816  } else {
817  /* Choose a if we have it */
818  return (use_a ? use_a : use_b);
819  }
820 }
821 
830 STATIC const tor_addr_port_t *
832  const tor_addr_port_t *b,
833  int want_a,
834  firewall_connection_t fw_connection,
835  int pref_only, int pref_ipv6)
836 {
838  a, b, want_a,
839  fw_connection,
840  1, pref_ipv6);
841  if (pref_only || pref) {
842  /* If there is a preferred address, use it. If we can only use preferred
843  * addresses, and neither address is preferred, pref will be NULL, and we
844  * want to return NULL, so return it. */
845  return pref;
846  } else {
847  /* If there's no preferred address, and we can return addresses that are
848  * not preferred, use an address that's allowed */
849  return fascist_firewall_choose_address_impl(a, b, want_a, fw_connection,
850  0, pref_ipv6);
851  }
852 }
853 
863 static void
865  uint16_t ipv4_orport,
866  uint16_t ipv4_dirport,
867  const tor_addr_t *ipv6_addr,
868  uint16_t ipv6_orport,
869  uint16_t ipv6_dirport,
870  firewall_connection_t fw_connection,
871  int pref_only,
872  int pref_ipv6,
873  tor_addr_port_t* ap)
874 {
875  const tor_addr_port_t *result = NULL;
876  const int want_ipv4 = !pref_ipv6;
877 
878  tor_assert(ipv6_addr);
879  tor_assert(ap);
880 
881  tor_addr_make_null(&ap->addr, AF_UNSPEC);
882  ap->port = 0;
883 
884  tor_addr_port_t ipv4_ap;
885  tor_addr_copy(&ipv4_ap.addr, ipv4_addr);
886  ipv4_ap.port = (fw_connection == FIREWALL_OR_CONNECTION
887  ? ipv4_orport
888  : ipv4_dirport);
889 
890  tor_addr_port_t ipv6_ap;
891  tor_addr_copy(&ipv6_ap.addr, ipv6_addr);
892  ipv6_ap.port = (fw_connection == FIREWALL_OR_CONNECTION
893  ? ipv6_orport
894  : ipv6_dirport);
895 
896  result = fascist_firewall_choose_address(&ipv4_ap, &ipv6_ap,
897  want_ipv4,
898  fw_connection, pref_only,
899  pref_ipv6);
900 
901  if (result) {
902  tor_addr_copy(&ap->addr, &result->addr);
903  ap->port = result->port;
904  }
905 }
906 
909 static void
911  uint16_t ipv4_orport,
912  uint16_t ipv4_dirport,
913  const tor_addr_t *ipv6_addr,
914  uint16_t ipv6_orport,
915  uint16_t ipv6_dirport,
916  firewall_connection_t fw_connection,
917  int pref_only,
918  int pref_ipv6,
919  tor_addr_port_t* ap)
920 {
921  tor_addr_t ipv4_addr;
922  tor_addr_from_ipv4h(&ipv4_addr, ipv4h_addr);
923  tor_assert(ap);
924 
925  tor_addr_make_null(&ap->addr, AF_UNSPEC);
926  ap->port = 0;
927 
928  fascist_firewall_choose_address_base(&ipv4_addr, ipv4_orport,
929  ipv4_dirport, ipv6_addr,
930  ipv6_orport, ipv6_dirport,
931  fw_connection, pref_only,
932  pref_ipv6, ap);
933 }
934 
935 /* Some microdescriptor consensus methods have no IPv6 addresses in rs: they
936  * are in the microdescriptors. For these consensus methods, we can't rely on
937  * the node's IPv6 address until its microdescriptor is available (when using
938  * microdescs).
939  * But for bridges, rewrite_node_address_for_bridge() updates node->ri with
940  * the configured address, so we can trust bridge addresses.
941  * (Bridges could gain an IPv6 address if their microdescriptor arrives, but
942  * this will never be their preferred address: that is in the config.)
943  * Returns true if the node needs a microdescriptor for its IPv6 address, and
944  * false if the addresses in the node are already up-to-date.
945  */
946 static int
947 node_awaiting_ipv6(const or_options_t* options, const node_t *node)
948 {
949  tor_assert(node);
950 
951  /* There's no point waiting for an IPv6 address if we'd never use it */
952  if (!fascist_firewall_use_ipv6(options)) {
953  return 0;
954  }
955 
956  /* If the node has an IPv6 address, we're not waiting */
957  if (node_has_ipv6_addr(node)) {
958  return 0;
959  }
960 
961  /* If the current consensus method and flavour has IPv6 addresses, we're not
962  * waiting */
963  if (networkstatus_consensus_has_ipv6(options)) {
964  return 0;
965  }
966 
967  /* Bridge clients never use the address from a bridge's md, so there's no
968  * need to wait for it. */
969  if (node_is_a_configured_bridge(node)) {
970  return 0;
971  }
972 
973  /* We are waiting if we_use_microdescriptors_for_circuits() and we have no
974  * md. */
975  return (!node->md && we_use_microdescriptors_for_circuits(options));
976 }
977 
983 void
985  firewall_connection_t fw_connection,
986  int pref_only, tor_addr_port_t* ap)
987 {
988  tor_assert(ap);
989 
990  tor_addr_make_null(&ap->addr, AF_UNSPEC);
991  ap->port = 0;
992 
993  if (!rs) {
994  return;
995  }
996 
997  const or_options_t *options = get_options();
998  const node_t *node = node_get_by_id(rs->identity_digest);
999 
1000  if (node && !node_awaiting_ipv6(options, node)) {
1001  fascist_firewall_choose_address_node(node, fw_connection, pref_only, ap);
1002  } else {
1003  /* There's no node-specific IPv6 preference, so use the generic IPv6
1004  * preference instead. */
1005  int pref_ipv6 = (fw_connection == FIREWALL_OR_CONNECTION
1008 
1009  /* Assume IPv4 and IPv6 DirPorts are the same.
1010  * Assume the IPv6 OR and Dir addresses are the same. */
1012  &rs->ipv6_addr, rs->ipv6_orport,
1013  rs->dir_port, fw_connection,
1014  pref_only, pref_ipv6, ap);
1015  }
1016 }
1017 
1021 void
1023  firewall_connection_t fw_connection,
1024  int pref_only, tor_addr_port_t *ap)
1025 {
1026  tor_assert(ap);
1027 
1028  tor_addr_make_null(&ap->addr, AF_UNSPEC);
1029  ap->port = 0;
1030 
1031  if (!node) {
1032  return;
1033  }
1034 
1035  node_assert_ok(node);
1036  /* Calling fascist_firewall_choose_address_node() when the node is missing
1037  * IPv6 information breaks IPv6-only clients.
1038  * If the node is a hard-coded fallback directory or authority, call
1039  * fascist_firewall_choose_address_rs() on the fake (hard-coded) routerstatus
1040  * for the node.
1041  * If it is not hard-coded, check that the node has a microdescriptor, full
1042  * descriptor (routerinfo), or is one of our configured bridges before
1043  * calling this function. */
1044  if (BUG(node_awaiting_ipv6(get_options(), node))) {
1045  return;
1046  }
1047 
1048  const int pref_ipv6_node = (fw_connection == FIREWALL_OR_CONNECTION
1049  ? node_ipv6_or_preferred(node)
1050  : node_ipv6_dir_preferred(node));
1051 
1052  tor_addr_port_t ipv4_or_ap;
1053  node_get_prim_orport(node, &ipv4_or_ap);
1054  tor_addr_port_t ipv4_dir_ap;
1055  node_get_prim_dirport(node, &ipv4_dir_ap);
1056 
1057  tor_addr_port_t ipv6_or_ap;
1058  node_get_pref_ipv6_orport(node, &ipv6_or_ap);
1059  tor_addr_port_t ipv6_dir_ap;
1060  node_get_pref_ipv6_dirport(node, &ipv6_dir_ap);
1061 
1062  /* Assume the IPv6 OR and Dir addresses are the same. */
1063  fascist_firewall_choose_address_base(&ipv4_or_ap.addr, ipv4_or_ap.port,
1064  ipv4_dir_ap.port, &ipv6_or_ap.addr,
1065  ipv6_or_ap.port, ipv6_dir_ap.port,
1066  fw_connection, pref_only,
1067  pref_ipv6_node, ap);
1068 }
1069 
1071 void
1073  firewall_connection_t fw_connection,
1074  int pref_only,
1075  tor_addr_port_t *ap)
1076 {
1077  tor_assert(ap);
1078 
1079  tor_addr_make_null(&ap->addr, AF_UNSPEC);
1080  ap->port = 0;
1081 
1082  if (!ds) {
1083  return;
1084  }
1085 
1086  /* A dir_server_t always has a fake_status. As long as it has the same
1087  * addresses/ports in both fake_status and dir_server_t, this works fine.
1088  * (See #17867.)
1089  * This function relies on fascist_firewall_choose_address_rs looking up the
1090  * node if it can, because that will get the latest info for the relay. */
1091  fascist_firewall_choose_address_rs(&ds->fake_status, fw_connection,
1092  pref_only, ap);
1093 }
1094 
1098 int
1100 {
1101  return addr_policy_permits_tor_addr(addr, 1, dir_policy);
1102 }
1103 
1107 int
1109 {
1110  return addr_policy_permits_tor_addr(addr, 1, socks_policy);
1111 }
1112 
1115 static int
1116 addr_is_in_cc_list(uint32_t addr, const smartlist_t *cc_list)
1117 {
1118  country_t country;
1119  const char *name;
1120  tor_addr_t tar;
1121 
1122  if (!cc_list)
1123  return 0;
1124  /* XXXXipv6 */
1125  tor_addr_from_ipv4h(&tar, addr);
1126  country = geoip_get_country_by_addr(&tar);
1127  name = geoip_get_country_name(country);
1128  return smartlist_contains_string_case(cc_list, name);
1129 }
1130 
1134 int
1135 authdir_policy_permits_address(uint32_t addr, uint16_t port)
1136 {
1138  return 0;
1139  return !addr_is_in_cc_list(addr, get_options()->AuthDirRejectCCs);
1140 }
1141 
1145 int
1146 authdir_policy_valid_address(uint32_t addr, uint16_t port)
1147 {
1149  return 0;
1150  return !addr_is_in_cc_list(addr, get_options()->AuthDirInvalidCCs);
1151 }
1152 
1156 int
1157 authdir_policy_badexit_address(uint32_t addr, uint16_t port)
1158 {
1160  return 1;
1161  return addr_is_in_cc_list(addr, get_options()->AuthDirBadExitCCs);
1162 }
1163 
1164 #define REJECT(arg) \
1165  STMT_BEGIN *msg = tor_strdup(arg); goto err; STMT_END
1166 
1170 int
1171 validate_addr_policies(const or_options_t *options, char **msg)
1172 {
1173  /* XXXX Maybe merge this into parse_policies_from_options, to make sure
1174  * that the two can't go out of sync. */
1175 
1176  smartlist_t *addr_policy=NULL;
1177  *msg = NULL;
1178 
1179  if (policies_parse_exit_policy_from_options(options,0,NULL,&addr_policy)) {
1180  REJECT("Error in ExitPolicy entry.");
1181  }
1182 
1183  static int warned_about_nonexit = 0;
1184 
1185  if (public_server_mode(options) &&
1186  !warned_about_nonexit && options->ExitPolicy == NULL &&
1187  options->ExitRelay == -1 && options->ReducedExitPolicy == 0) {
1188  warned_about_nonexit = 1;
1189  log_notice(LD_CONFIG, "By default, Tor does not run as an exit relay. "
1190  "If you want to be an exit relay, "
1191  "set ExitRelay to 1. To suppress this message in the future, "
1192  "set ExitRelay to 0.");
1193  }
1194 
1195  /* The rest of these calls *append* to addr_policy. So don't actually
1196  * use the results for anything other than checking if they parse! */
1197  if (parse_addr_policy(options->DirPolicy, &addr_policy, -1))
1198  REJECT("Error in DirPolicy entry.");
1199  if (parse_addr_policy(options->SocksPolicy, &addr_policy, -1))
1200  REJECT("Error in SocksPolicy entry.");
1201  if (parse_addr_policy(options->AuthDirReject, &addr_policy,
1202  ADDR_POLICY_REJECT))
1203  REJECT("Error in AuthDirReject entry.");
1204  if (parse_addr_policy(options->AuthDirInvalid, &addr_policy,
1205  ADDR_POLICY_REJECT))
1206  REJECT("Error in AuthDirInvalid entry.");
1207  if (parse_addr_policy(options->AuthDirBadExit, &addr_policy,
1208  ADDR_POLICY_REJECT))
1209  REJECT("Error in AuthDirBadExit entry.");
1210 
1211  if (parse_addr_policy(options->ReachableAddresses, &addr_policy,
1212  ADDR_POLICY_ACCEPT))
1213  REJECT("Error in ReachableAddresses entry.");
1214  if (parse_addr_policy(options->ReachableORAddresses, &addr_policy,
1215  ADDR_POLICY_ACCEPT))
1216  REJECT("Error in ReachableORAddresses entry.");
1217  if (parse_addr_policy(options->ReachableDirAddresses, &addr_policy,
1218  ADDR_POLICY_ACCEPT))
1219  REJECT("Error in ReachableDirAddresses entry.");
1220 
1221  err:
1222  addr_policy_list_free(addr_policy);
1223  return *msg ? -1 : 0;
1224 #undef REJECT
1225 }
1226 
1231 static int
1232 load_policy_from_option(config_line_t *config, const char *option_name,
1233  smartlist_t **policy,
1234  int assume_action)
1235 {
1236  int r;
1237  int killed_any_ports = 0;
1238  addr_policy_list_free(*policy);
1239  *policy = NULL;
1240  r = parse_addr_policy(config, policy, assume_action);
1241  if (r < 0) {
1242  return -1;
1243  }
1244  if (*policy) {
1245  SMARTLIST_FOREACH_BEGIN(*policy, addr_policy_t *, n) {
1246  /* ports aren't used in these. */
1247  if (n->prt_min > 1 || n->prt_max != 65535) {
1248  addr_policy_t newp, *c;
1249  memcpy(&newp, n, sizeof(newp));
1250  newp.prt_min = 1;
1251  newp.prt_max = 65535;
1252  newp.is_canonical = 0;
1253  c = addr_policy_get_canonical_entry(&newp);
1254  SMARTLIST_REPLACE_CURRENT(*policy, n, c);
1255  addr_policy_free(n);
1256  killed_any_ports = 1;
1257  }
1258  } SMARTLIST_FOREACH_END(n);
1259  }
1260  if (killed_any_ports) {
1261  log_warn(LD_CONFIG, "Ignoring ports in %s option.", option_name);
1262  }
1263  return 0;
1264 }
1265 
1268 int
1270 {
1271  int ret = 0;
1272  if (load_policy_from_option(options->SocksPolicy, "SocksPolicy",
1273  &socks_policy, -1) < 0)
1274  ret = -1;
1275  if (load_policy_from_option(options->DirPolicy, "DirPolicy",
1276  &dir_policy, -1) < 0)
1277  ret = -1;
1278  if (load_policy_from_option(options->AuthDirReject, "AuthDirReject",
1279  &authdir_reject_policy, ADDR_POLICY_REJECT) < 0)
1280  ret = -1;
1281  if (load_policy_from_option(options->AuthDirInvalid, "AuthDirInvalid",
1282  &authdir_invalid_policy, ADDR_POLICY_REJECT) < 0)
1283  ret = -1;
1284  if (load_policy_from_option(options->AuthDirBadExit, "AuthDirBadExit",
1285  &authdir_badexit_policy, ADDR_POLICY_REJECT) < 0)
1286  ret = -1;
1287  if (parse_reachable_addresses() < 0)
1288  ret = -1;
1289  return ret;
1290 }
1291 
1294 static int
1296 {
1297  int r;
1298 #define CMP_FIELD(field) do { \
1299  if (a->field != b->field) { \
1300  return 0; \
1301  } \
1302  } while (0)
1303  CMP_FIELD(policy_type);
1304  CMP_FIELD(is_private);
1305  /* refcnt and is_canonical are irrelevant to equality,
1306  * they are hash table implementation details */
1307  if ((r=tor_addr_compare(&a->addr, &b->addr, CMP_EXACT)))
1308  return 0;
1309  CMP_FIELD(maskbits);
1310  CMP_FIELD(prt_min);
1311  CMP_FIELD(prt_max);
1312 #undef CMP_FIELD
1313  return 1;
1314 }
1315 
1318 int
1320 {
1321  int i;
1322  int len_a = a ? smartlist_len(a) : 0;
1323  int len_b = b ? smartlist_len(b) : 0;
1324 
1325  if (len_a != len_b)
1326  return 0;
1327 
1328  for (i = 0; i < len_a; ++i) {
1329  if (! single_addr_policy_eq(smartlist_get(a, i), smartlist_get(b, i)))
1330  return 0;
1331  }
1332 
1333  return 1;
1334 }
1335 
1337 typedef struct policy_map_ent_t {
1338  HT_ENTRY(policy_map_ent_t) node;
1339  addr_policy_t *policy;
1341 
1342 /* DOCDOC policy_root */
1343 static HT_HEAD(policy_map, policy_map_ent_t) policy_root = HT_INITIALIZER();
1344 
1346 static inline int
1347 policy_eq(policy_map_ent_t *a, policy_map_ent_t *b)
1348 {
1349  return single_addr_policy_eq(a->policy, b->policy);
1350 }
1351 
1353 static unsigned int
1355 {
1356  const addr_policy_t *a = ent->policy;
1357  addr_policy_t aa;
1358  memset(&aa, 0, sizeof(aa));
1359 
1360  aa.prt_min = a->prt_min;
1361  aa.prt_max = a->prt_max;
1362  aa.maskbits = a->maskbits;
1363  aa.policy_type = a->policy_type;
1364  aa.is_private = a->is_private;
1365 
1366  if (a->is_private) {
1367  aa.is_private = 1;
1368  } else {
1369  tor_addr_copy_tight(&aa.addr, &a->addr);
1370  }
1371 
1372  return (unsigned) siphash24g(&aa, sizeof(aa));
1373 }
1374 
1376  policy_eq)
1377 HT_GENERATE2(policy_map, policy_map_ent_t, node, policy_hash,
1378  policy_eq, 0.6, tor_reallocarray_, tor_free_)
1379 
1380 
1383 addr_policy_t *
1384 addr_policy_get_canonical_entry(addr_policy_t *e)
1385 {
1386  policy_map_ent_t search, *found;
1387  if (e->is_canonical)
1388  return e;
1389 
1390  search.policy = e;
1391  found = HT_FIND(policy_map, &policy_root, &search);
1392  if (!found) {
1393  found = tor_malloc_zero(sizeof(policy_map_ent_t));
1394  found->policy = tor_memdup(e, sizeof(addr_policy_t));
1395  found->policy->is_canonical = 1;
1396  found->policy->refcnt = 0;
1397  HT_INSERT(policy_map, &policy_root, found);
1398  }
1399 
1400  tor_assert(single_addr_policy_eq(found->policy, e));
1401  ++found->policy->refcnt;
1402  return found->policy;
1403 }
1404 
1407 static addr_policy_result_t
1409  const smartlist_t *policy)
1410 {
1411  /* We know the address and port, and we know the policy, so we can just
1412  * compute an exact match. */
1413  SMARTLIST_FOREACH_BEGIN(policy, addr_policy_t *, tmpe) {
1414  if (tmpe->addr.family == AF_UNSPEC) {
1415  log_warn(LD_BUG, "Policy contains an AF_UNSPEC address, which only "
1416  "matches other AF_UNSPEC addresses.");
1417  }
1418  /* Address is known */
1419  if (!tor_addr_compare_masked(addr, &tmpe->addr, tmpe->maskbits,
1420  CMP_EXACT)) {
1421  if (port >= tmpe->prt_min && port <= tmpe->prt_max) {
1422  /* Exact match for the policy */
1423  return tmpe->policy_type == ADDR_POLICY_ACCEPT ?
1425  }
1426  }
1427  } SMARTLIST_FOREACH_END(tmpe);
1428 
1429  /* accept all by default. */
1430  return ADDR_POLICY_ACCEPTED;
1431 }
1432 
1435 static addr_policy_result_t
1437  const smartlist_t *policy)
1438 {
1439  /* We look to see if there's a definite match. If so, we return that
1440  match's value, unless there's an intervening possible match that says
1441  something different. */
1442  int maybe_accept = 0, maybe_reject = 0;
1443 
1444  SMARTLIST_FOREACH_BEGIN(policy, addr_policy_t *, tmpe) {
1445  if (tmpe->addr.family == AF_UNSPEC) {
1446  log_warn(LD_BUG, "Policy contains an AF_UNSPEC address, which only "
1447  "matches other AF_UNSPEC addresses.");
1448  }
1449  if (!tor_addr_compare_masked(addr, &tmpe->addr, tmpe->maskbits,
1450  CMP_EXACT)) {
1451  if (tmpe->prt_min <= 1 && tmpe->prt_max >= 65535) {
1452  /* Definitely matches, since it covers all ports. */
1453  if (tmpe->policy_type == ADDR_POLICY_ACCEPT) {
1454  /* If we already hit a clause that might trigger a 'reject', than we
1455  * can't be sure of this certain 'accept'.*/
1456  return maybe_reject ? ADDR_POLICY_PROBABLY_ACCEPTED :
1458  } else {
1459  return maybe_accept ? ADDR_POLICY_PROBABLY_REJECTED :
1461  }
1462  } else {
1463  /* Might match. */
1464  if (tmpe->policy_type == ADDR_POLICY_REJECT)
1465  maybe_reject = 1;
1466  else
1467  maybe_accept = 1;
1468  }
1469  }
1470  } SMARTLIST_FOREACH_END(tmpe);
1471 
1472  /* accept all by default. */
1473  return maybe_reject ? ADDR_POLICY_PROBABLY_ACCEPTED : ADDR_POLICY_ACCEPTED;
1474 }
1475 
1478 static addr_policy_result_t
1480  const smartlist_t *policy)
1481 {
1482  /* We look to see if there's a definite match. If so, we return that
1483  match's value, unless there's an intervening possible match that says
1484  something different. */
1485  int maybe_accept = 0, maybe_reject = 0;
1486 
1487  SMARTLIST_FOREACH_BEGIN(policy, addr_policy_t *, tmpe) {
1488  if (tmpe->addr.family == AF_UNSPEC) {
1489  log_warn(LD_BUG, "Policy contains an AF_UNSPEC address, which only "
1490  "matches other AF_UNSPEC addresses.");
1491  }
1492  if (tmpe->prt_min <= port && port <= tmpe->prt_max) {
1493  if (tmpe->maskbits == 0) {
1494  /* Definitely matches, since it covers all addresses. */
1495  if (tmpe->policy_type == ADDR_POLICY_ACCEPT) {
1496  /* If we already hit a clause that might trigger a 'reject', than we
1497  * can't be sure of this certain 'accept'.*/
1498  return maybe_reject ? ADDR_POLICY_PROBABLY_ACCEPTED :
1500  } else {
1501  return maybe_accept ? ADDR_POLICY_PROBABLY_REJECTED :
1503  }
1504  } else {
1505  /* Might match. */
1506  if (tmpe->policy_type == ADDR_POLICY_REJECT)
1507  maybe_reject = 1;
1508  else
1509  maybe_accept = 1;
1510  }
1511  }
1512  } SMARTLIST_FOREACH_END(tmpe);
1513 
1514  /* accept all by default. */
1515  return maybe_reject ? ADDR_POLICY_PROBABLY_ACCEPTED : ADDR_POLICY_ACCEPTED;
1516 }
1517 
1530 compare_tor_addr_to_addr_policy,(const tor_addr_t *addr, uint16_t port,
1531  const smartlist_t *policy))
1532 {
1533  if (!policy) {
1534  /* no policy? accept all. */
1535  return ADDR_POLICY_ACCEPTED;
1536  } else if (addr == NULL || tor_addr_is_null(addr)) {
1537  if (port == 0) {
1538  log_info(LD_BUG, "Rejecting null address with 0 port (family %d)",
1539  addr ? tor_addr_family(addr) : -1);
1540  return ADDR_POLICY_REJECTED;
1541  }
1542  return compare_unknown_tor_addr_to_addr_policy(port, policy);
1543  } else if (port == 0) {
1544  return compare_known_tor_addr_to_addr_policy_noport(addr, policy);
1545  } else {
1546  return compare_known_tor_addr_to_addr_policy(addr, port, policy);
1547  }
1548 }
1549 
1552 static int
1554 {
1555  if (tor_addr_family(&a->addr) != tor_addr_family(&b->addr)) {
1556  /* You can't cover a different family. */
1557  return 0;
1558  }
1559  /* We can ignore accept/reject, since "accept *:80, reject *:80" reduces
1560  * to "accept *:80". */
1561  if (a->maskbits > b->maskbits) {
1562  /* a has more fixed bits than b; it can't possibly cover b. */
1563  return 0;
1564  }
1565  if (tor_addr_compare_masked(&a->addr, &b->addr, a->maskbits, CMP_EXACT)) {
1566  /* There's a fixed bit in a that's set differently in b. */
1567  return 0;
1568  }
1569  return (a->prt_min <= b->prt_min && a->prt_max >= b->prt_max);
1570 }
1571 
1576 static int
1578 {
1579  maskbits_t minbits;
1580  /* All the bits we care about are those that are set in both
1581  * netmasks. If they are equal in a and b's networkaddresses
1582  * then the networks intersect. If there is a difference,
1583  * then they do not. */
1584  if (a->maskbits < b->maskbits)
1585  minbits = a->maskbits;
1586  else
1587  minbits = b->maskbits;
1588  if (tor_addr_compare_masked(&a->addr, &b->addr, minbits, CMP_EXACT))
1589  return 0;
1590  if (a->prt_max < b->prt_min || b->prt_max < a->prt_min)
1591  return 0;
1592  return 1;
1593 }
1594 
1597 STATIC void
1598 append_exit_policy_string(smartlist_t **policy, const char *more)
1599 {
1600  config_line_t tmp;
1601 
1602  tmp.key = NULL;
1603  tmp.value = (char*) more;
1604  tmp.next = NULL;
1605  if (parse_addr_policy(&tmp, policy, -1)<0) {
1606  log_warn(LD_BUG, "Unable to parse internally generated policy %s",more);
1607  }
1608 }
1609 
1611 void
1613 {
1614  tor_assert(dest);
1615  tor_assert(addr);
1616 
1617  addr_policy_t p, *add;
1618  memset(&p, 0, sizeof(p));
1619  p.policy_type = ADDR_POLICY_REJECT;
1620  p.maskbits = tor_addr_family(addr) == AF_INET6 ? 128 : 32;
1621  tor_addr_copy(&p.addr, addr);
1622  p.prt_min = 1;
1623  p.prt_max = 65535;
1624 
1625  add = addr_policy_get_canonical_entry(&p);
1626  if (!*dest)
1627  *dest = smartlist_new();
1628  smartlist_add(*dest, add);
1629  log_debug(LD_CONFIG, "Adding a reject ExitPolicy 'reject %s:*'",
1630  fmt_addr(addr));
1631 }
1632 
1633 /* Is addr public for the purposes of rejection? */
1634 static int
1635 tor_addr_is_public_for_reject(const tor_addr_t *addr)
1636 {
1637  return (!tor_addr_is_null(addr) && !tor_addr_is_internal(addr, 0)
1638  && !tor_addr_is_multicast(addr));
1639 }
1640 
1641 /* Add "reject <b>addr</b>:*" to <b>dest</b>, creating the list as needed.
1642  * Filter the address, only adding an IPv4 reject rule if ipv4_rules
1643  * is true, and similarly for ipv6_rules. Check each address returns true for
1644  * tor_addr_is_public_for_reject before adding it.
1645  */
1646 static void
1647 addr_policy_append_reject_addr_filter(smartlist_t **dest,
1648  const tor_addr_t *addr,
1649  int ipv4_rules,
1650  int ipv6_rules)
1651 {
1652  tor_assert(dest);
1653  tor_assert(addr);
1654 
1655  /* Only reject IP addresses which are public */
1656  if (tor_addr_is_public_for_reject(addr)) {
1657 
1658  /* Reject IPv4 addresses and IPv6 addresses based on the filters */
1659  int is_ipv4 = tor_addr_is_v4(addr);
1660  if ((is_ipv4 && ipv4_rules) || (!is_ipv4 && ipv6_rules)) {
1661  addr_policy_append_reject_addr(dest, addr);
1662  }
1663  }
1664 }
1665 
1668 void
1670  const smartlist_t *addrs)
1671 {
1672  tor_assert(dest);
1673  tor_assert(addrs);
1674 
1675  SMARTLIST_FOREACH_BEGIN(addrs, tor_addr_t *, addr) {
1676  addr_policy_append_reject_addr(dest, addr);
1677  } SMARTLIST_FOREACH_END(addr);
1678 }
1679 
1682 static void
1684  const smartlist_t *addrs,
1685  int ipv4_rules,
1686  int ipv6_rules)
1687 {
1688  tor_assert(dest);
1689  tor_assert(addrs);
1690 
1691  SMARTLIST_FOREACH_BEGIN(addrs, tor_addr_t *, addr) {
1692  addr_policy_append_reject_addr_filter(dest, addr, ipv4_rules, ipv6_rules);
1693  } SMARTLIST_FOREACH_END(addr);
1694 }
1695 
1697 static void
1699 {
1700  addr_policy_t *ap, *tmp;
1701  int i, j;
1702 
1703  /* Step one: kill every ipv4 thing after *4:*, every IPv6 thing after *6:*
1704  */
1705  {
1706  int kill_v4=0, kill_v6=0;
1707  for (i = 0; i < smartlist_len(dest); ++i) {
1708  sa_family_t family;
1709  ap = smartlist_get(dest, i);
1710  family = tor_addr_family(&ap->addr);
1711  if ((family == AF_INET && kill_v4) ||
1712  (family == AF_INET6 && kill_v6)) {
1713  smartlist_del_keeporder(dest, i--);
1714  addr_policy_free(ap);
1715  continue;
1716  }
1717 
1718  if (ap->maskbits == 0 && ap->prt_min <= 1 && ap->prt_max >= 65535) {
1719  /* This is a catch-all line -- later lines are unreachable. */
1720  if (family == AF_INET) {
1721  kill_v4 = 1;
1722  } else if (family == AF_INET6) {
1723  kill_v6 = 1;
1724  }
1725  }
1726  }
1727  }
1728 
1729  /* Step two: for every entry, see if there's a redundant entry
1730  * later on, and remove it. */
1731  for (i = 0; i < smartlist_len(dest)-1; ++i) {
1732  ap = smartlist_get(dest, i);
1733  for (j = i+1; j < smartlist_len(dest); ++j) {
1734  tmp = smartlist_get(dest, j);
1735  tor_assert(j > i);
1736  if (addr_policy_covers(ap, tmp)) {
1737  char p1[POLICY_BUF_LEN], p2[POLICY_BUF_LEN];
1738  policy_write_item(p1, sizeof(p1), tmp, 0);
1739  policy_write_item(p2, sizeof(p2), ap, 0);
1740  log_debug(LD_CONFIG, "Removing exit policy %s (%d). It is made "
1741  "redundant by %s (%d).", p1, j, p2, i);
1742  smartlist_del_keeporder(dest, j--);
1743  addr_policy_free(tmp);
1744  }
1745  }
1746  }
1747 
1748  /* Step three: for every entry A, see if there's an entry B making this one
1749  * redundant later on. This is the case if A and B are of the same type
1750  * (accept/reject), A is a subset of B, and there is no other entry of
1751  * different type in between those two that intersects with A.
1752  *
1753  * Anybody want to double-check the logic here? XXX
1754  */
1755  for (i = 0; i < smartlist_len(dest)-1; ++i) {
1756  ap = smartlist_get(dest, i);
1757  for (j = i+1; j < smartlist_len(dest); ++j) {
1758  // tor_assert(j > i); // j starts out at i+1; j only increases; i only
1759  // // decreases.
1760  tmp = smartlist_get(dest, j);
1761  if (ap->policy_type != tmp->policy_type) {
1762  if (addr_policy_intersects(ap, tmp))
1763  break;
1764  } else { /* policy_types are equal. */
1765  if (addr_policy_covers(tmp, ap)) {
1766  char p1[POLICY_BUF_LEN], p2[POLICY_BUF_LEN];
1767  policy_write_item(p1, sizeof(p1), ap, 0);
1768  policy_write_item(p2, sizeof(p2), tmp, 0);
1769  log_debug(LD_CONFIG, "Removing exit policy %s. It is already "
1770  "covered by %s.", p1, p2);
1771  smartlist_del_keeporder(dest, i--);
1772  addr_policy_free(ap);
1773  break;
1774  }
1775  }
1776  }
1777  }
1778 }
1779 
1799 void
1801  smartlist_t **dest,
1802  int ipv6_exit,
1803  const smartlist_t *configured_addresses,
1804  int reject_interface_addresses,
1805  int reject_configured_port_addresses)
1806 {
1807  tor_assert(dest);
1808 
1809  /* Reject configured addresses, if they are from public netblocks. */
1810  if (configured_addresses) {
1811  addr_policy_append_reject_addr_list_filter(dest, configured_addresses,
1812  1, ipv6_exit);
1813  }
1814 
1815  /* Reject configured port addresses, if they are from public netblocks. */
1816  if (reject_configured_port_addresses) {
1817  const smartlist_t *port_addrs = get_configured_ports();
1818 
1819  SMARTLIST_FOREACH_BEGIN(port_addrs, port_cfg_t *, port) {
1820 
1821  /* Only reject port IP addresses, not port unix sockets */
1822  if (!port->is_unix_addr) {
1823  addr_policy_append_reject_addr_filter(dest, &port->addr, 1, ipv6_exit);
1824  }
1825  } SMARTLIST_FOREACH_END(port);
1826  }
1827 
1828  /* Reject local addresses from public netblocks on any interface. */
1829  if (reject_interface_addresses) {
1830  smartlist_t *public_addresses = NULL;
1831 
1832  /* Reject public IPv4 addresses on any interface */
1833  public_addresses = get_interface_address6_list(LOG_INFO, AF_INET, 0);
1834  addr_policy_append_reject_addr_list_filter(dest, public_addresses, 1, 0);
1835  interface_address6_list_free(public_addresses);
1836 
1837  /* Don't look for IPv6 addresses if we're configured as IPv4-only */
1838  if (ipv6_exit) {
1839  /* Reject public IPv6 addresses on any interface */
1840  public_addresses = get_interface_address6_list(LOG_INFO, AF_INET6, 0);
1841  addr_policy_append_reject_addr_list_filter(dest, public_addresses, 0, 1);
1842  interface_address6_list_free(public_addresses);
1843  }
1844  }
1845 
1846  /* If addresses were added multiple times, remove all but one of them. */
1847  if (*dest) {
1849  }
1850 }
1851 
1856 static void
1858 {
1859  int found_final_effective_entry = 0;
1860  int first_redundant_entry = 0;
1861  tor_assert(policy);
1862  SMARTLIST_FOREACH_BEGIN(policy, const addr_policy_t *, p) {
1863  sa_family_t family;
1864  int found_ipv4_wildcard = 0, found_ipv6_wildcard = 0;
1865  const int i = p_sl_idx;
1866 
1867  /* Look for accept/reject *[4|6|]:* entires */
1868  if (p->prt_min <= 1 && p->prt_max == 65535 && p->maskbits == 0) {
1869  family = tor_addr_family(&p->addr);
1870  /* accept/reject *:* may have already been expanded into
1871  * accept/reject *4:*,accept/reject *6:*
1872  * But handle both forms.
1873  */
1874  if (family == AF_INET || family == AF_UNSPEC) {
1875  found_ipv4_wildcard = 1;
1876  }
1877  if (family == AF_INET6 || family == AF_UNSPEC) {
1878  found_ipv6_wildcard = 1;
1879  }
1880  }
1881 
1882  /* We also find accept *4:*,reject *6:* ; and
1883  * accept *4:*,<other policies>,accept *6:* ; and similar.
1884  * That's ok, because they make any subsequent entries redundant. */
1885  if (found_ipv4_wildcard && found_ipv6_wildcard) {
1886  found_final_effective_entry = 1;
1887  /* if we're not on the final entry in the list */
1888  if (i < smartlist_len(policy) - 1) {
1889  first_redundant_entry = i + 1;
1890  }
1891  break;
1892  }
1893  } SMARTLIST_FOREACH_END(p);
1894 
1895  /* Work out if there are redundant trailing entries in the policy list */
1896  if (found_final_effective_entry && first_redundant_entry > 0) {
1897  const addr_policy_t *p;
1898  /* Longest possible policy is
1899  * "accept6 ffff:ffff:..255/128:10000-65535",
1900  * which contains a max-length IPv6 address, plus 24 characters. */
1901  char line[TOR_ADDR_BUF_LEN + 32];
1902 
1903  tor_assert(first_redundant_entry < smartlist_len(policy));
1904  p = smartlist_get(policy, first_redundant_entry);
1905  /* since we've already parsed the policy into an addr_policy_t struct,
1906  * we might not log exactly what the user typed in */
1907  policy_write_item(line, TOR_ADDR_BUF_LEN + 32, p, 0);
1908  log_warn(LD_DIR, "Exit policy '%s' and all following policies are "
1909  "redundant, as it follows accept/reject *:* rules for both "
1910  "IPv4 and IPv6. They will be removed from the exit policy. (Use "
1911  "accept/reject *:* as the last entry in any exit policy.)",
1912  line);
1913  }
1914 }
1915 
1916 #define DEFAULT_EXIT_POLICY \
1917  "reject *:25,reject *:119,reject *:135-139,reject *:445," \
1918  "reject *:563,reject *:1214,reject *:4661-4666," \
1919  "reject *:6346-6429,reject *:6699,reject *:6881-6999,accept *:*"
1920 
1921 #define REDUCED_EXIT_POLICY \
1922  "accept *:20-23,accept *:43,accept *:53,accept *:79-81,accept *:88," \
1923  "accept *:110,accept *:143,accept *:194,accept *:220,accept *:389," \
1924  "accept *:443,accept *:464,accept *:465,accept *:531,accept *:543-544," \
1925  "accept *:554,accept *:563,accept *:587,accept *:636,accept *:706," \
1926  "accept *:749,accept *:873,accept *:902-904,accept *:981,accept *:989-995," \
1927  "accept *:1194,accept *:1220,accept *:1293,accept *:1500,accept *:1533," \
1928  "accept *:1677,accept *:1723,accept *:1755,accept *:1863," \
1929  "accept *:2082-2083,accept *:2086-2087,accept *:2095-2096," \
1930  "accept *:2102-2104,accept *:3128,accept *:3389,accept *:3690," \
1931  "accept *:4321,accept *:4643,accept *:5050,accept *:5190," \
1932  "accept *:5222-5223,accept *:5228,accept *:5900,accept *:6660-6669," \
1933  "accept *:6679,accept *:6697,accept *:8000,accept *:8008,accept *:8074," \
1934  "accept *:8080,accept *:8082,accept *:8087-8088,accept *:8232-8233," \
1935  "accept *:8332-8333,accept *:8443,accept *:8888,accept *:9418," \
1936  "accept *:9999,accept *:10000,accept *:11371,accept *:19294," \
1937  "accept *:19638,accept *:50002,accept *:64738,reject *:*"
1938 
1966 static int
1968  smartlist_t **dest,
1969  int ipv6_exit,
1970  int rejectprivate,
1971  const smartlist_t *configured_addresses,
1972  int reject_interface_addresses,
1973  int reject_configured_port_addresses,
1974  int add_default_policy,
1975  int add_reduced_policy)
1976 {
1977  if (!ipv6_exit) {
1978  append_exit_policy_string(dest, "reject *6:*");
1979  }
1980  if (rejectprivate) {
1981  /* Reject IPv4 and IPv6 reserved private netblocks */
1982  append_exit_policy_string(dest, "reject private:*");
1983  }
1984 
1985  /* Consider rejecting IPv4 and IPv6 advertised relay addresses, outbound bind
1986  * addresses, publicly routable addresses, and configured port addresses
1987  * on this exit relay */
1989  configured_addresses,
1990  reject_interface_addresses,
1991  reject_configured_port_addresses);
1992 
1993  if (parse_addr_policy(cfg, dest, -1))
1994  return -1;
1995 
1996  /* Before we add the default policy and final rejects, check to see if
1997  * there are any lines after accept *:* or reject *:*. These lines have no
1998  * effect, and are most likely an error. */
2000 
2001  if (add_reduced_policy) {
2002  append_exit_policy_string(dest, REDUCED_EXIT_POLICY);
2003  } else if (add_default_policy) {
2004  append_exit_policy_string(dest, DEFAULT_EXIT_POLICY);
2005  } else {
2006  append_exit_policy_string(dest, "reject *4:*");
2007  append_exit_policy_string(dest, "reject *6:*");
2008  }
2010 
2011  return 0;
2012 }
2013 
2034 int
2036  exit_policy_parser_cfg_t options,
2037  const smartlist_t *configured_addresses)
2038 {
2039  int ipv6_enabled = (options & EXIT_POLICY_IPV6_ENABLED) ? 1 : 0;
2040  int reject_private = (options & EXIT_POLICY_REJECT_PRIVATE) ? 1 : 0;
2041  int add_default = (options & EXIT_POLICY_ADD_DEFAULT) ? 1 : 0;
2042  int reject_local_interfaces = (options &
2043  EXIT_POLICY_REJECT_LOCAL_INTERFACES) ? 1 : 0;
2044  int add_reduced = (options & EXIT_POLICY_ADD_REDUCED) ? 1 : 0;
2045 
2046  return policies_parse_exit_policy_internal(cfg,dest,ipv6_enabled,
2047  reject_private,
2048  configured_addresses,
2049  reject_local_interfaces,
2050  reject_local_interfaces,
2051  add_default,
2052  add_reduced);
2053 }
2054 
2060 static void
2062 {
2063  if (addr && !tor_addr_is_null(addr)) {
2064  tor_addr_t *addr_copy = tor_malloc(sizeof(tor_addr_t));
2065  tor_addr_copy(addr_copy, addr);
2066  smartlist_add(addr_list, addr_copy);
2067  }
2068 }
2069 
2076 static void
2077 policies_copy_ipv4h_to_smartlist(smartlist_t *addr_list, uint32_t ipv4h_addr)
2078 {
2079  if (ipv4h_addr) {
2080  tor_addr_t ipv4_tor_addr;
2081  tor_addr_from_ipv4h(&ipv4_tor_addr, ipv4h_addr);
2082  policies_copy_addr_to_smartlist(addr_list, &ipv4_tor_addr);
2083  }
2084 }
2085 
2093 static void
2095  const or_options_t *or_options)
2096 {
2097  if (or_options) {
2098  for (int i=0;i<OUTBOUND_ADDR_MAX;i++) {
2099  for (int j=0;j<2;j++) {
2100  if (!tor_addr_is_null(&or_options->OutboundBindAddresses[i][j])) {
2102  &or_options->OutboundBindAddresses[i][j]);
2103  }
2104  }
2105  }
2106  }
2107 }
2108 
2133 int
2135  uint32_t local_address,
2136  const tor_addr_t *ipv6_local_address,
2137  smartlist_t **result)
2138 {
2139  exit_policy_parser_cfg_t parser_cfg = 0;
2140  smartlist_t *configured_addresses = NULL;
2141  int rv = 0;
2142 
2143  /* Short-circuit for non-exit relays, or for relays where we didn't specify
2144  * ExitPolicy or ReducedExitPolicy and ExitRelay is auto. */
2145  if (or_options->ExitRelay == 0 || (or_options->ExitPolicy == NULL &&
2146  or_options->ExitRelay == -1 && or_options->ReducedExitPolicy == 0)) {
2147  append_exit_policy_string(result, "reject *4:*");
2148  append_exit_policy_string(result, "reject *6:*");
2149  return 0;
2150  }
2151 
2152  configured_addresses = smartlist_new();
2153 
2154  /* Configure the parser */
2155  if (or_options->IPv6Exit) {
2156  parser_cfg |= EXIT_POLICY_IPV6_ENABLED;
2157  }
2158 
2159  if (or_options->ExitPolicyRejectPrivate) {
2160  parser_cfg |= EXIT_POLICY_REJECT_PRIVATE;
2161  }
2162 
2163  if (!or_options->BridgeRelay) {
2164  if (or_options->ReducedExitPolicy)
2165  parser_cfg |= EXIT_POLICY_ADD_REDUCED;
2166  else
2167  parser_cfg |= EXIT_POLICY_ADD_DEFAULT;
2168  }
2169 
2170  if (or_options->ExitPolicyRejectLocalInterfaces) {
2171  parser_cfg |= EXIT_POLICY_REJECT_LOCAL_INTERFACES;
2172  }
2173 
2174  /* Copy the configured addresses into the tor_addr_t* list */
2175  if (or_options->ExitPolicyRejectPrivate) {
2176  policies_copy_ipv4h_to_smartlist(configured_addresses, local_address);
2177  policies_copy_addr_to_smartlist(configured_addresses, ipv6_local_address);
2178  }
2179 
2180  if (or_options->ExitPolicyRejectLocalInterfaces) {
2181  policies_copy_outbound_addresses_to_smartlist(configured_addresses,
2182  or_options);
2183  }
2184 
2185  rv = policies_parse_exit_policy(or_options->ExitPolicy, result, parser_cfg,
2186  configured_addresses);
2187 
2188  SMARTLIST_FOREACH(configured_addresses, tor_addr_t *, a, tor_free(a));
2189  smartlist_free(configured_addresses);
2190 
2191  return rv;
2192 }
2193 
2196 void
2198 {
2199  append_exit_policy_string(dest, "reject *4:*");
2200  append_exit_policy_string(dest, "reject *6:*");
2201 }
2202 
2204 void
2206 {
2207  node->rejects_all = 1;
2208 }
2209 
2212 static int
2214 {
2215  uint32_t mask, ip, i;
2216  /* Is this /8 rejected (1), or undecided (0)? */
2217  char subnet_status[256];
2218 
2219  memset(subnet_status, 0, sizeof(subnet_status));
2220  SMARTLIST_FOREACH_BEGIN(policy, addr_policy_t *, p) {
2221  if (tor_addr_family(&p->addr) != AF_INET)
2222  continue; /* IPv4 only for now */
2223  if (p->prt_min > port || p->prt_max < port)
2224  continue; /* Doesn't cover our port. */
2225  mask = 0;
2226  tor_assert(p->maskbits <= 32);
2227 
2228  if (p->maskbits)
2229  mask = UINT32_MAX<<(32-p->maskbits);
2230  ip = tor_addr_to_ipv4h(&p->addr);
2231 
2232  /* Calculate the first and last subnet that this exit policy touches
2233  * and set it as loop boundaries. */
2234  for (i = ((mask & ip)>>24); i <= (~((mask & ip) ^ mask)>>24); ++i) {
2235  tor_addr_t addr;
2236  if (subnet_status[i] != 0)
2237  continue; /* We already reject some part of this /8 */
2238  tor_addr_from_ipv4h(&addr, i<<24);
2239  if (tor_addr_is_internal(&addr, 0) &&
2240  !get_options()->DirAllowPrivateAddresses) {
2241  continue; /* Local or non-routable addresses */
2242  }
2243  if (p->policy_type == ADDR_POLICY_ACCEPT) {
2244  if (p->maskbits > 8)
2245  continue; /* Narrower than a /8. */
2246  /* We found an allowed subnet of at least size /8. Done
2247  * for this port! */
2248  return 1;
2249  } else if (p->policy_type == ADDR_POLICY_REJECT) {
2250  subnet_status[i] = 1;
2251  }
2252  }
2253  } SMARTLIST_FOREACH_END(p);
2254  return 0;
2255 }
2256 
2260 int
2262 {
2263  if (!policy) /*XXXX disallow NULL policies? */
2264  return 0;
2265 
2266  return (exit_policy_is_general_exit_helper(policy, 80) &&
2267  exit_policy_is_general_exit_helper(policy, 443));
2268 }
2269 
2274 int
2276  int default_reject)
2277 {
2278  if (!policy)
2279  return default_reject;
2280  SMARTLIST_FOREACH_BEGIN(policy, const addr_policy_t *, p) {
2281  if (p->policy_type == ADDR_POLICY_ACCEPT &&
2282  (tor_addr_family(&p->addr) == family ||
2283  tor_addr_family(&p->addr) == AF_UNSPEC)) {
2284  return 0;
2285  } else if (p->policy_type == ADDR_POLICY_REJECT &&
2286  p->prt_min <= 1 && p->prt_max == 65535 &&
2287  p->maskbits == 0 &&
2288  (tor_addr_family(&p->addr) == family ||
2289  tor_addr_family(&p->addr) == AF_UNSPEC)) {
2290  return 1;
2291  }
2292  } SMARTLIST_FOREACH_END(p);
2293  return default_reject;
2294 }
2295 
2298 int
2299 policy_write_item(char *buf, size_t buflen, const addr_policy_t *policy,
2300  int format_for_desc)
2301 {
2302  size_t written = 0;
2303  char addrbuf[TOR_ADDR_BUF_LEN];
2304  const char *addrpart;
2305  int result;
2306  const int is_accept = policy->policy_type == ADDR_POLICY_ACCEPT;
2307  const sa_family_t family = tor_addr_family(&policy->addr);
2308  const int is_ip6 = (family == AF_INET6);
2309 
2310  tor_addr_to_str(addrbuf, &policy->addr, sizeof(addrbuf), 1);
2311 
2312  /* write accept/reject 1.2.3.4 */
2313  if (policy->is_private) {
2314  addrpart = "private";
2315  } else if (policy->maskbits == 0) {
2316  if (format_for_desc)
2317  addrpart = "*";
2318  else if (family == AF_INET6)
2319  addrpart = "*6";
2320  else if (family == AF_INET)
2321  addrpart = "*4";
2322  else
2323  addrpart = "*";
2324  } else {
2325  addrpart = addrbuf;
2326  }
2327 
2328  result = tor_snprintf(buf, buflen, "%s%s %s",
2329  is_accept ? "accept" : "reject",
2330  (is_ip6&&format_for_desc)?"6":"",
2331  addrpart);
2332  if (result < 0)
2333  return -1;
2334  written += strlen(buf);
2335  /* If the maskbits is 32 (IPv4) or 128 (IPv6) we don't need to give it. If
2336  the mask is 0, we already wrote "*". */
2337  if (policy->maskbits < (is_ip6?128:32) && policy->maskbits > 0) {
2338  if (tor_snprintf(buf+written, buflen-written, "/%d", policy->maskbits)<0)
2339  return -1;
2340  written += strlen(buf+written);
2341  }
2342  if (policy->prt_min <= 1 && policy->prt_max == 65535) {
2343  /* There is no port set; write ":*" */
2344  if (written+4 > buflen)
2345  return -1;
2346  strlcat(buf+written, ":*", buflen-written);
2347  written += 2;
2348  } else if (policy->prt_min == policy->prt_max) {
2349  /* There is only one port; write ":80". */
2350  result = tor_snprintf(buf+written, buflen-written, ":%d", policy->prt_min);
2351  if (result<0)
2352  return -1;
2353  written += result;
2354  } else {
2355  /* There is a range of ports; write ":79-80". */
2356  result = tor_snprintf(buf+written, buflen-written, ":%d-%d",
2357  policy->prt_min, policy->prt_max);
2358  if (result<0)
2359  return -1;
2360  written += result;
2361  }
2362  if (written < buflen)
2363  buf[written] = '\0';
2364  else
2365  return -1;
2366 
2367  return (int)written;
2368 }
2369 
2372 /* XXXX This entire thing will do most stuff in O(N^2), or worse. Use an
2373  * RB-tree if that turns out to matter. */
2374 static smartlist_t *
2376 {
2377  smartlist_t *summary;
2378  policy_summary_item_t* item;
2379 
2380  item = tor_malloc_zero(sizeof(policy_summary_item_t));
2381  item->prt_min = 1;
2382  item->prt_max = 65535;
2383  item->reject_count = 0;
2384  item->accepted = 0;
2385 
2386  summary = smartlist_new();
2387  smartlist_add(summary, item);
2388 
2389  return summary;
2390 }
2391 
2398 static policy_summary_item_t*
2400 {
2401  policy_summary_item_t* new;
2402 
2403  new = tor_malloc_zero(sizeof(policy_summary_item_t));
2404  new->prt_min = new_starts;
2405  new->prt_max = old->prt_max;
2406  new->reject_count = old->reject_count;
2407  new->accepted = old->accepted;
2408 
2409  old->prt_max = new_starts-1;
2410 
2411  tor_assert(old->prt_min <= old->prt_max);
2412  tor_assert(new->prt_min <= new->prt_max);
2413  return new;
2414 }
2415 
2416 /* XXXX Nick says I'm going to hell for this. If he feels charitably towards
2417  * my immortal soul, he can clean it up himself. */
2418 #define AT(x) ((policy_summary_item_t*)smartlist_get(summary, x))
2419 
2420 #define IPV4_BITS (32)
2421 /* Every IPv4 address is counted as one rejection */
2422 #define REJECT_CUTOFF_SCALE_IPV4 (0)
2423 /* Ports are rejected in an IPv4 summary if they are rejected in more than two
2424  * IPv4 /8 address blocks */
2425 #define REJECT_CUTOFF_COUNT_IPV4 (UINT64_C(1) << \
2426  (IPV4_BITS - REJECT_CUTOFF_SCALE_IPV4 - 7))
2427 
2428 #define IPV6_BITS (128)
2429 /* IPv6 /64s are counted as one rejection, anything smaller is ignored */
2430 #define REJECT_CUTOFF_SCALE_IPV6 (64)
2431 /* Ports are rejected in an IPv6 summary if they are rejected in more than one
2432  * IPv6 /16 address block.
2433  * This is roughly equivalent to the IPv4 cutoff, as only five IPv6 /12s (and
2434  * some scattered smaller blocks) have been allocated to the RIRs.
2435  * Network providers are typically allocated one or more IPv6 /32s.
2436  */
2437 #define REJECT_CUTOFF_COUNT_IPV6 (UINT64_C(1) << \
2438  (IPV6_BITS - REJECT_CUTOFF_SCALE_IPV6 - 16))
2439 
2443 static int
2445  uint16_t prt_min, uint16_t prt_max)
2446 {
2447  int start_at_index;
2448 
2449  int i = 0;
2450 
2451  while (AT(i)->prt_max < prt_min)
2452  i++;
2453  if (AT(i)->prt_min != prt_min) {
2454  policy_summary_item_t* new_item;
2455  new_item = policy_summary_item_split(AT(i), prt_min);
2456  smartlist_insert(summary, i+1, new_item);
2457  i++;
2458  }
2459  start_at_index = i;
2460 
2461  while (AT(i)->prt_max < prt_max)
2462  i++;
2463  if (AT(i)->prt_max != prt_max) {
2464  policy_summary_item_t* new_item;
2465  new_item = policy_summary_item_split(AT(i), prt_max+1);
2466  smartlist_insert(summary, i+1, new_item);
2467  }
2468 
2469  return start_at_index;
2470 }
2471 
2474 static void
2476  uint16_t prt_min, uint16_t prt_max,
2477  sa_family_t family)
2478 {
2479  tor_assert_nonfatal_once(family == AF_INET || family == AF_INET6);
2480  uint64_t family_reject_count = ((family == AF_INET) ?
2481  REJECT_CUTOFF_COUNT_IPV4 :
2482  REJECT_CUTOFF_COUNT_IPV6);
2483 
2484  int i = policy_summary_split(summary, prt_min, prt_max);
2485  while (i < smartlist_len(summary) &&
2486  AT(i)->prt_max <= prt_max) {
2487  if (!AT(i)->accepted &&
2488  AT(i)->reject_count <= family_reject_count)
2489  AT(i)->accepted = 1;
2490  i++;
2491  }
2492  tor_assert(i < smartlist_len(summary) || prt_max==65535);
2493 }
2494 
2497 static void
2499  maskbits_t maskbits,
2500  uint16_t prt_min, uint16_t prt_max,
2501  sa_family_t family)
2502 {
2503  tor_assert_nonfatal_once(family == AF_INET || family == AF_INET6);
2504 
2505  int i = policy_summary_split(summary, prt_min, prt_max);
2506 
2507  /* The length of a single address mask */
2508  int addrbits = (family == AF_INET) ? IPV4_BITS : IPV6_BITS;
2509  tor_assert_nonfatal_once(addrbits >= maskbits);
2510 
2511  /* We divide IPv6 address counts by (1 << scale) to keep them in a uint64_t
2512  */
2513  int scale = ((family == AF_INET) ?
2514  REJECT_CUTOFF_SCALE_IPV4 :
2515  REJECT_CUTOFF_SCALE_IPV6);
2516 
2517  tor_assert_nonfatal_once(addrbits >= scale);
2518  if (maskbits > (addrbits - scale)) {
2519  tor_assert_nonfatal_once(family == AF_INET6);
2520  /* The address range is so small, we'd need billions of them to reach the
2521  * rejection limit. So we ignore this range in the reject count. */
2522  return;
2523  }
2524 
2525  uint64_t count = 0;
2526  if (addrbits - scale - maskbits >= 64) {
2527  tor_assert_nonfatal_once(family == AF_INET6);
2528  /* The address range is so large, it's an automatic rejection for all ports
2529  * in the range. */
2530  count = UINT64_MAX;
2531  } else {
2532  count = (UINT64_C(1) << (addrbits - scale - maskbits));
2533  }
2534  tor_assert_nonfatal_once(count > 0);
2535  while (i < smartlist_len(summary) &&
2536  AT(i)->prt_max <= prt_max) {
2537  if (AT(i)->reject_count <= UINT64_MAX - count) {
2538  AT(i)->reject_count += count;
2539  } else {
2540  /* IPv4 would require a 4-billion address redundant policy to get here,
2541  * but IPv6 just needs to have ::/0 */
2542  if (family == AF_INET) {
2543  tor_assert_nonfatal_unreached_once();
2544  }
2545  /* If we do get here, use saturating arithmetic */
2546  AT(i)->reject_count = UINT64_MAX;
2547  }
2548  i++;
2549  }
2550  tor_assert(i < smartlist_len(summary) || prt_max==65535);
2551 }
2552 
2562 static void
2564 {
2565  if (p->policy_type == ADDR_POLICY_ACCEPT) {
2566  if (p->maskbits == 0) {
2567  policy_summary_accept(summary, p->prt_min, p->prt_max, p->addr.family);
2568  }
2569  } else if (p->policy_type == ADDR_POLICY_REJECT) {
2570 
2571  int is_private = 0;
2572  int i;
2573  for (i = 0; private_nets[i]; ++i) {
2574  tor_addr_t addr;
2575  maskbits_t maskbits;
2576  if (tor_addr_parse_mask_ports(private_nets[i], 0, &addr,
2577  &maskbits, NULL, NULL)<0) {
2578  tor_assert(0);
2579  }
2580  if (tor_addr_compare(&p->addr, &addr, CMP_EXACT) == 0 &&
2581  p->maskbits == maskbits) {
2582  is_private = 1;
2583  break;
2584  }
2585  }
2586 
2587  if (!is_private) {
2588  policy_summary_reject(summary, p->maskbits, p->prt_min, p->prt_max,
2589  p->addr.family);
2590  }
2591  } else
2592  tor_assert(0);
2593 }
2594 
2603 char *
2605 {
2606  smartlist_t *summary = policy_summary_create();
2607  smartlist_t *accepts, *rejects;
2608  int i, last, start_prt;
2609  size_t accepts_len, rejects_len;
2610  char *accepts_str = NULL, *rejects_str = NULL, *shorter_str, *result;
2611  const char *prefix;
2612 
2613  tor_assert(policy);
2614 
2615  /* Create the summary list */
2616  SMARTLIST_FOREACH_BEGIN(policy, addr_policy_t *, p) {
2617  sa_family_t f = tor_addr_family(&p->addr);
2618  if (f != AF_INET && f != AF_INET6) {
2619  log_warn(LD_BUG, "Weird family when summarizing address policy");
2620  }
2621  if (f != family)
2622  continue;
2623  policy_summary_add_item(summary, p);
2624  } SMARTLIST_FOREACH_END(p);
2625 
2626  /* Now create two lists of strings, one for accepted and one
2627  * for rejected ports. We take care to merge ranges so that
2628  * we avoid getting stuff like "1-4,5-9,10", instead we want
2629  * "1-10"
2630  */
2631  i = 0;
2632  start_prt = 1;
2633  accepts = smartlist_new();
2634  rejects = smartlist_new();
2635  while (1) {
2636  last = i == smartlist_len(summary)-1;
2637  if (last ||
2638  AT(i)->accepted != AT(i+1)->accepted) {
2639  char buf[POLICY_BUF_LEN];
2640 
2641  if (start_prt == AT(i)->prt_max)
2642  tor_snprintf(buf, sizeof(buf), "%d", start_prt);
2643  else
2644  tor_snprintf(buf, sizeof(buf), "%d-%d", start_prt, AT(i)->prt_max);
2645 
2646  if (AT(i)->accepted)
2647  smartlist_add_strdup(accepts, buf);
2648  else
2649  smartlist_add_strdup(rejects, buf);
2650 
2651  if (last)
2652  break;
2653 
2654  start_prt = AT(i+1)->prt_min;
2655  };
2656  i++;
2657  };
2658 
2659  /* Figure out which of the two stringlists will be shorter and use
2660  * that to build the result
2661  */
2662  if (smartlist_len(accepts) == 0) { /* no exits at all */
2663  result = tor_strdup("reject 1-65535");
2664  goto cleanup;
2665  }
2666  if (smartlist_len(rejects) == 0) { /* no rejects at all */
2667  result = tor_strdup("accept 1-65535");
2668  goto cleanup;
2669  }
2670 
2671  accepts_str = smartlist_join_strings(accepts, ",", 0, &accepts_len);
2672  rejects_str = smartlist_join_strings(rejects, ",", 0, &rejects_len);
2673 
2674  if (rejects_len > MAX_EXITPOLICY_SUMMARY_LEN-strlen("reject")-1 &&
2675  accepts_len > MAX_EXITPOLICY_SUMMARY_LEN-strlen("accept")-1) {
2676  char *c;
2677  shorter_str = accepts_str;
2678  prefix = "accept";
2679 
2680  c = shorter_str + (MAX_EXITPOLICY_SUMMARY_LEN-strlen(prefix)-1);
2681  while (*c != ',' && c >= shorter_str)
2682  c--;
2683  tor_assert(c >= shorter_str);
2684  tor_assert(*c == ',');
2685  *c = '\0';
2686 
2687  } else if (rejects_len < accepts_len) {
2688  shorter_str = rejects_str;
2689  prefix = "reject";
2690  } else {
2691  shorter_str = accepts_str;
2692  prefix = "accept";
2693  }
2694 
2695  tor_asprintf(&result, "%s %s", prefix, shorter_str);
2696 
2697  cleanup:
2698  /* cleanup */
2700  smartlist_free(summary);
2701 
2702  tor_free(accepts_str);
2703  SMARTLIST_FOREACH(accepts, char *, s, tor_free(s));
2704  smartlist_free(accepts);
2705 
2706  tor_free(rejects_str);
2707  SMARTLIST_FOREACH(rejects, char *, s, tor_free(s));
2708  smartlist_free(rejects);
2709 
2710  return result;
2711 }
2712 
2716 parse_short_policy(const char *summary)
2717 {
2718  const char *orig_summary = summary;
2719  short_policy_t *result;
2720  int is_accept;
2721  int n_entries;
2722  short_policy_entry_t entries[MAX_EXITPOLICY_SUMMARY_LEN]; /* overkill */
2723  char *next;
2724 
2725  if (!strcmpstart(summary, "accept ")) {
2726  is_accept = 1;
2727  summary += strlen("accept ");
2728  } else if (!strcmpstart(summary, "reject ")) {
2729  is_accept = 0;
2730  summary += strlen("reject ");
2731  } else {
2732  log_fn(LOG_PROTOCOL_WARN, LD_DIR, "Unrecognized policy summary keyword");
2733  return NULL;
2734  }
2735 
2736  n_entries = 0;
2737  for ( ; *summary; summary = next) {
2738  if (n_entries == MAX_EXITPOLICY_SUMMARY_LEN) {
2739  log_fn(LOG_PROTOCOL_WARN, LD_DIR, "Impossibly long policy summary %s",
2740  escaped(orig_summary));
2741  return NULL;
2742  }
2743 
2744  unsigned low, high;
2745  int ok;
2746  low = (unsigned) tor_parse_ulong(summary, 10, 1, 65535, &ok, &next);
2747  if (!ok) {
2748  if (! TOR_ISDIGIT(*summary) || *summary == ',') {
2749  /* Unrecognized format: skip it. */
2750  goto skip_ent;
2751  } else {
2752  goto bad_ent;
2753  }
2754  }
2755 
2756  switch (*next) {
2757  case ',':
2758  ++next;
2759  /* fall through */
2760  case '\0':
2761  high = low;
2762  break;
2763  case '-':
2764  high = (unsigned) tor_parse_ulong(next+1, 10, low, 65535, &ok, &next);
2765  if (!ok)
2766  goto bad_ent;
2767 
2768  if (*next == ',')
2769  ++next;
2770  else if (*next != '\0')
2771  goto bad_ent;
2772 
2773  break;
2774  default:
2775  goto bad_ent;
2776  }
2777 
2778  entries[n_entries].min_port = low;
2779  entries[n_entries].max_port = high;
2780  n_entries++;
2781 
2782  continue;
2783  skip_ent:
2784  next = strchr(next, ',');
2785  if (!next)
2786  break;
2787  ++next;
2788  }
2789 
2790  if (n_entries == 0) {
2791  log_fn(LOG_PROTOCOL_WARN, LD_DIR,
2792  "Found no port-range entries in summary %s", escaped(orig_summary));
2793  return NULL;
2794  }
2795 
2796  {
2797  size_t size = offsetof(short_policy_t, entries) +
2798  sizeof(short_policy_entry_t)*(n_entries);
2799  result = tor_malloc_zero(size);
2800 
2801  tor_assert( (char*)&result->entries[n_entries-1] < ((char*)result)+size);
2802  }
2803 
2804  result->is_accept = is_accept;
2805  result->n_entries = n_entries;
2806  memcpy(result->entries, entries, sizeof(short_policy_entry_t)*n_entries);
2807  return result;
2808 
2809  bad_ent:
2810  log_fn(LOG_PROTOCOL_WARN, LD_DIR,"Found bad entry in policy summary %s",
2811  escaped(orig_summary));
2812  return NULL;
2813 }
2814 
2816 char *
2818 {
2819  int i;
2820  char *answer;
2821  smartlist_t *sl = smartlist_new();
2822 
2823  smartlist_add_asprintf(sl, "%s", policy->is_accept ? "accept " : "reject ");
2824 
2825  for (i=0; i < policy->n_entries; i++) {
2826  const short_policy_entry_t *e = &policy->entries[i];
2827  if (e->min_port == e->max_port) {
2828  smartlist_add_asprintf(sl, "%d", e->min_port);
2829  } else {
2830  smartlist_add_asprintf(sl, "%d-%d", e->min_port, e->max_port);
2831  }
2832  if (i < policy->n_entries-1)
2833  smartlist_add_strdup(sl, ",");
2834  }
2835  answer = smartlist_join_strings(sl, "", 0, NULL);
2836  SMARTLIST_FOREACH(sl, char *, a, tor_free(a));
2837  smartlist_free(sl);
2838  return answer;
2839 }
2840 
2842 void
2844 {
2845  tor_free(policy);
2846 }
2847 
2854  const short_policy_t *policy)
2855 {
2856  int i;
2857  int found_match = 0;
2858  int accept_;
2859 
2860  tor_assert(port != 0);
2861 
2862  if (addr && tor_addr_is_null(addr))
2863  addr = NULL; /* Unspec means 'no address at all,' in this context. */
2864 
2865  if (addr && get_options()->ClientRejectInternalAddresses &&
2866  (tor_addr_is_internal(addr, 0) || tor_addr_is_loopback(addr)))
2867  return ADDR_POLICY_REJECTED;
2868 
2869  for (i=0; i < policy->n_entries; ++i) {
2870  const short_policy_entry_t *e = &policy->entries[i];
2871  if (e->min_port <= port && port <= e->max_port) {
2872  found_match = 1;
2873  break;
2874  }
2875  }
2876 
2877  if (found_match)
2878  accept_ = policy->is_accept;
2879  else
2880  accept_ = ! policy->is_accept;
2881 
2882  /* ???? are these right? -NM */
2883  /* We should be sure not to return ADDR_POLICY_ACCEPTED in the accept
2884  * case here, because it would cause clients to believe that the node
2885  * allows exit enclaving. Trying it anyway would open up a cool attack
2886  * where the node refuses due to exitpolicy, the client reacts in
2887  * surprise by rewriting the node's exitpolicy to reject *:*, and then
2888  * an adversary targets users by causing them to attempt such connections
2889  * to 98% of the exits.
2890  *
2891  * Once microdescriptors can handle addresses in special cases (e.g. if
2892  * we ever solve ticket 1774), we can provide certainty here. -RD */
2893  if (accept_)
2895  else
2896  return ADDR_POLICY_REJECTED;
2897 }
2898 
2900 int
2902 {
2903  /* This doesn't need to be as much on the lookout as policy_is_reject_star,
2904  * since policy summaries are from the consensus or from consensus
2905  * microdescs.
2906  */
2907  tor_assert(policy);
2908  /* Check for an exact match of "reject 1-65535". */
2909  return (policy->is_accept == 0 && policy->n_entries == 1 &&
2910  policy->entries[0].min_port == 1 &&
2911  policy->entries[0].max_port == 65535);
2912 }
2913 
2918 compare_tor_addr_to_node_policy(const tor_addr_t *addr, uint16_t port,
2919  const node_t *node)
2920 {
2921  if (node->rejects_all)
2922  return ADDR_POLICY_REJECTED;
2923 
2924  if (addr && tor_addr_family(addr) == AF_INET6) {
2925  const short_policy_t *p = NULL;
2926  if (node->ri)
2927  p = node->ri->ipv6_exit_policy;
2928  else if (node->md)
2929  p = node->md->ipv6_exit_policy;
2930  if (p)
2931  return compare_tor_addr_to_short_policy(addr, port, p);
2932  else
2933  return ADDR_POLICY_REJECTED;
2934  }
2935 
2936  if (node->ri) {
2937  return compare_tor_addr_to_addr_policy(addr, port, node->ri->exit_policy);
2938  } else if (node->md) {
2939  if (node->md->exit_policy == NULL)
2940  return ADDR_POLICY_REJECTED;
2941  else
2942  return compare_tor_addr_to_short_policy(addr, port,
2943  node->md->exit_policy);
2944  } else {
2946  }
2947 }
2948 
2955 char *
2957  int include_ipv4,
2958  int include_ipv6)
2959 {
2960  smartlist_t *policy_string_list;
2961  char *policy_string = NULL;
2962 
2963  policy_string_list = smartlist_new();
2964 
2965  SMARTLIST_FOREACH_BEGIN(policy_list, addr_policy_t *, tmpe) {
2966  char *pbuf;
2967  int bytes_written_to_pbuf;
2968  if ((tor_addr_family(&tmpe->addr) == AF_INET6) && (!include_ipv6)) {
2969  continue; /* Don't include IPv6 parts of address policy */
2970  }
2971  if ((tor_addr_family(&tmpe->addr) == AF_INET) && (!include_ipv4)) {
2972  continue; /* Don't include IPv4 parts of address policy */
2973  }
2974 
2975  pbuf = tor_malloc(POLICY_BUF_LEN);
2976  bytes_written_to_pbuf = policy_write_item(pbuf,POLICY_BUF_LEN, tmpe, 1);
2977 
2978  if (bytes_written_to_pbuf < 0) {
2979  log_warn(LD_BUG, "policy_dump_to_string ran out of room!");
2980  tor_free(pbuf);
2981  goto done;
2982  }
2983 
2984  smartlist_add(policy_string_list,pbuf);
2985  } SMARTLIST_FOREACH_END(tmpe);
2986 
2987  policy_string = smartlist_join_strings(policy_string_list, "\n", 0, NULL);
2988 
2989  done:
2990  SMARTLIST_FOREACH(policy_string_list, char *, str, tor_free(str));
2991  smartlist_free(policy_string_list);
2992 
2993  return policy_string;
2994 }
2995 
2998 int
3000  const char *question, char **answer,
3001  const char **errmsg)
3002 {
3003  (void) conn;
3004  (void) errmsg;
3005  if (!strcmp(question, "exit-policy/default")) {
3006  *answer = tor_strdup(DEFAULT_EXIT_POLICY);
3007  } else if (!strcmp(question, "exit-policy/reject-private/default")) {
3008  smartlist_t *private_policy_strings;
3009  const char **priv = private_nets;
3010 
3011  private_policy_strings = smartlist_new();
3012 
3013  while (*priv != NULL) {
3014  /* IPv6 addresses are in "[]" and contain ":",
3015  * IPv4 addresses are not in "[]" and contain "." */
3016  smartlist_add_asprintf(private_policy_strings, "reject %s:*", *priv);
3017  priv++;
3018  }
3019 
3020  *answer = smartlist_join_strings(private_policy_strings,
3021  ",", 0, NULL);
3022 
3023  SMARTLIST_FOREACH(private_policy_strings, char *, str, tor_free(str));
3024  smartlist_free(private_policy_strings);
3025  } else if (!strcmp(question, "exit-policy/reject-private/relay")) {
3026  const or_options_t *options = get_options();
3027  int err = 0;
3028  const routerinfo_t *me = router_get_my_routerinfo_with_err(&err);
3029 
3030  if (!me) {
3031  *errmsg = routerinfo_err_to_string(err);
3032  return routerinfo_err_is_transient(err) ? -1 : 0;
3033  }
3034 
3035  if (!options->ExitPolicyRejectPrivate &&
3036  !options->ExitPolicyRejectLocalInterfaces) {
3037  *answer = tor_strdup("");
3038  return 0;
3039  }
3040 
3041  smartlist_t *private_policy_list = smartlist_new();
3042  smartlist_t *configured_addresses = smartlist_new();
3043 
3044  /* Copy the configured addresses into the tor_addr_t* list */
3045  if (options->ExitPolicyRejectPrivate) {
3046  policies_copy_ipv4h_to_smartlist(configured_addresses, me->addr);
3047  policies_copy_addr_to_smartlist(configured_addresses, &me->ipv6_addr);
3048  }
3049 
3050  if (options->ExitPolicyRejectLocalInterfaces) {
3051  policies_copy_outbound_addresses_to_smartlist(configured_addresses,
3052  options);
3053  }
3054 
3056  &private_policy_list,
3057  options->IPv6Exit,
3058  configured_addresses,
3061  *answer = policy_dump_to_string(private_policy_list, 1, 1);
3062 
3063  addr_policy_list_free(private_policy_list);
3064  SMARTLIST_FOREACH(configured_addresses, tor_addr_t *, a, tor_free(a));
3065  smartlist_free(configured_addresses);
3066  } else if (!strcmpstart(question, "exit-policy/")) {
3067  int include_ipv4 = 0;
3068  int include_ipv6 = 0;
3069 
3070  int err = 0;
3071  const routerinfo_t *me = router_get_my_routerinfo_with_err(&err);
3072 
3073  if (!me) {
3074  *errmsg = routerinfo_err_to_string(err);
3075  return routerinfo_err_is_transient(err) ? -1 : 0;
3076  }
3077 
3078  if (!strcmp(question, "exit-policy/ipv4")) {
3079  include_ipv4 = 1;
3080  } else if (!strcmp(question, "exit-policy/ipv6")) {
3081  include_ipv6 = 1;
3082  } else if (!strcmp(question, "exit-policy/full")) {
3083  include_ipv4 = include_ipv6 = 1;
3084  } else {
3085  return 0; /* No such key. */
3086  }
3087 
3088  *answer = router_dump_exit_policy_to_string(me,include_ipv4,
3089  include_ipv6);
3090  }
3091 
3092  return 0;
3093 }
3094 
3096 void
3098 {
3099  if (!lst)
3100  return;
3101  SMARTLIST_FOREACH(lst, addr_policy_t *, policy, addr_policy_free(policy));
3102  smartlist_free(lst);
3103 }
3104 
3106 void
3108 {
3109  if (!p)
3110  return;
3111 
3112  if (--p->refcnt <= 0) {
3113  if (p->is_canonical) {
3114  policy_map_ent_t search, *found;
3115  search.policy = p;
3116  found = HT_REMOVE(policy_map, &policy_root, &search);
3117  if (found) {
3118  tor_assert(p == found->policy);
3119  tor_free(found);
3120  }
3121  }
3122  tor_free(p);
3123  }
3124 }
3125 
3127 void
3129 {
3130  addr_policy_list_free(reachable_or_addr_policy);
3131  reachable_or_addr_policy = NULL;
3132  addr_policy_list_free(reachable_dir_addr_policy);
3134  addr_policy_list_free(socks_policy);
3135  socks_policy = NULL;
3136  addr_policy_list_free(dir_policy);
3137  dir_policy = NULL;
3138  addr_policy_list_free(authdir_reject_policy);
3139  authdir_reject_policy = NULL;
3140  addr_policy_list_free(authdir_invalid_policy);
3141  authdir_invalid_policy = NULL;
3142  addr_policy_list_free(authdir_badexit_policy);
3143  authdir_badexit_policy = NULL;
3144 
3145  if (!HT_EMPTY(&policy_root)) {
3146  policy_map_ent_t **ent;
3147  int n = 0;
3148  char buf[POLICY_BUF_LEN];
3149 
3150  log_warn(LD_MM, "Still had %d address policies cached at shutdown.",
3151  (int)HT_SIZE(&policy_root));
3152 
3153  /* Note the first 10 cached policies to try to figure out where they
3154  * might be coming from. */
3155  HT_FOREACH(ent, policy_map, &policy_root) {
3156  if (++n > 10)
3157  break;
3158  if (policy_write_item(buf, sizeof(buf), (*ent)->policy, 0) >= 0)
3159  log_warn(LD_MM," %d [%d]: %s", n, (*ent)->policy->refcnt, buf);
3160  }
3161  }
3162  HT_CLEAR(policy_map, &policy_root);
3163 }
tor_addr_t OutboundBindAddresses[OUTBOUND_ADDR_MAX][2]
int ClientAutoIPv6ORPort
int fascist_firewall_prefer_ipv6_orport(const or_options_t *options)
Definition: policies.c:507
int ExitPolicyRejectLocalInterfaces
const char * tor_addr_to_str(char *dest, const tor_addr_t *addr, size_t len, int decorate)
Definition: address.c:328
struct short_policy_t * exit_policy
Definition: microdesc_st.h:76
HT_PROTOTYPE(HT_GENERATE2(policy_map, HT_GENERATE2(policy_map_ent_t, HT_GENERATE2(node, HT_GENERATE2(policy_hash, HT_GENERATE2(policy_eq)
Definition: policies.c:1375
Header for confline.c.
#define MAX_EXITPOLICY_SUMMARY_LEN
Definition: policies.c:44
int ClientPreferIPv6ORPort
addr_policy_result_t compare_tor_addr_to_short_policy(const tor_addr_t *addr, uint16_t port, const short_policy_t *policy)
Definition: policies.c:2853
char * policy_summarize(smartlist_t *policy, sa_family_t family)
Definition: policies.c:2604
void node_get_pref_ipv6_orport(const node_t *node, tor_addr_port_t *ap_out)
Definition: nodelist.c:1720
#define TOR_ADDR_BUF_LEN
Definition: address.h:205
Common functions for using (pseudo-)random number generators.
uint64_t reject_count
Definition: policies.c:71
Definition: node_st.h:28
static int policies_parse_exit_policy_internal(config_line_t *cfg, smartlist_t **dest, int ipv6_exit, int rejectprivate, const smartlist_t *configured_addresses, int reject_interface_addresses, int reject_configured_port_addresses, int add_default_policy, int add_reduced_policy)
Definition: policies.c:1967
uint16_t ipv6_orport
Definition: microdesc_st.h:72
int socks_policy_permits_address(const tor_addr_t *addr)
Definition: policies.c:1108
#define SMARTLIST_FOREACH_BEGIN(sl, type, var)
uint16_t sa_family_t
Definition: inaddr_st.h:77
#define SMARTLIST_REPLACE_CURRENT(sl, var, val)
static int parse_reachable_addresses(void)
Definition: policies.c:256
static const char * private_nets[]
Definition: policies.c:82
Definition: policies.h:52
void policies_parse_exit_policy_reject_private(smartlist_t **dest, int ipv6_exit, const smartlist_t *configured_addresses, int reject_interface_addresses, int reject_configured_port_addresses)
Definition: policies.c:1800
addr_policy_result_t
Definition: policies.h:38
static int addr_is_in_cc_list(uint32_t addr, const smartlist_t *cc_list)
Definition: policies.c:1116
static int addr_policy_permits_tor_addr(const tor_addr_t *addr, uint16_t port, smartlist_t *policy)
Definition: policies.c:373
struct policy_map_ent_t policy_map_ent_t
int we_use_microdescriptors_for_circuits(const or_options_t *options)
Definition: microdesc.c:1025
static int load_policy_from_option(config_line_t *config, const char *option_name, smartlist_t **policy, int assume_action)
Definition: policies.c:1232
void smartlist_add_strdup(struct smartlist_t *sl, const char *string)
int authdir_policy_valid_address(uint32_t addr, uint16_t port)
Definition: policies.c:1146
short_policy_entry_t entries[FLEXIBLE_ARRAY_MEMBER]
Definition: policies.h:67
static int addr_policy_intersects(addr_policy_t *a, addr_policy_t *b)
Definition: policies.c:1577
void node_get_pref_ipv6_dirport(const node_t *node, tor_addr_port_t *ap_out)
Definition: nodelist.c:1823
static const tor_addr_port_t * fascist_firewall_choose_address_impl(const tor_addr_port_t *a, const tor_addr_port_t *b, int want_a, firewall_connection_t fw_connection, int pref_only, int pref_ipv6)
Definition: policies.c:793
addr_policy_result_t compare_tor_addr_to_node_policy(const tor_addr_t *addr, uint16_t port, const node_t *node)
Definition: policies.c:2918
unsigned long tor_parse_ulong(const char *s, int base, unsigned long min, unsigned long max, int *ok, char **next)
Definition: parse_int.c:75
int fascist_firewall_allows_rs(const routerstatus_t *rs, firewall_connection_t fw_connection, int pref_only)
Definition: policies.c:686
int tor_addr_compare(const tor_addr_t *addr1, const tor_addr_t *addr2, tor_addr_comparison_t how)
Definition: address.c:953
int authdir_policy_permits_address(uint32_t addr, uint16_t port)
Definition: policies.c:1135
static addr_policy_result_t compare_known_tor_addr_to_addr_policy(const tor_addr_t *addr, uint16_t port, const smartlist_t *policy)
Definition: policies.c:1408
static void fascist_firewall_choose_address_base(const tor_addr_t *ipv4_addr, uint16_t ipv4_orport, uint16_t ipv4_dirport, const tor_addr_t *ipv6_addr, uint16_t ipv6_orport, uint16_t ipv6_dirport, firewall_connection_t fw_connection, int pref_only, int pref_ipv6, tor_addr_port_t *ap)
Definition: policies.c:864
char identity_digest[DIGEST_LEN]
#define LOG_INFO
Definition: log.h:41
struct short_policy_entry_t short_policy_entry_t
Header file for nodelist.c.
int node_ipv6_or_preferred(const node_t *node)
Definition: nodelist.c:1654
int firewall_is_fascist_dir(void)
Definition: policies.c:364
void tor_addr_make_null(tor_addr_t *a, sa_family_t family)
Definition: address.c:235
void node_get_prim_orport(const node_t *node, tor_addr_port_t *ap_out)
Definition: nodelist.c:1684
int addr_policies_eq(const smartlist_t *a, const smartlist_t *b)
Definition: policies.c:1319
int firewall_is_fascist_or(void)
Definition: policies.c:353
void smartlist_add(smartlist_t *sl, void *element)
static smartlist_t * authdir_reject_policy
Definition: policies.c:52
int fascist_firewall_prefer_ipv6_dirport(const or_options_t *options)
Definition: policies.c:532
static policy_summary_item_t * policy_summary_item_split(policy_summary_item_t *old, uint16_t new_starts)
Definition: policies.c:2399
Header file for config.c.
STATIC int fascist_firewall_allows_address(const tor_addr_t *addr, uint16_t port, smartlist_t *firewall_policy, int pref_only, int pref_ipv6)
Definition: policies.c:419
Header file for microdesc.c.
static smartlist_t * reachable_or_addr_policy
Definition: policies.c:62
static uint32_t tor_addr_to_ipv4h(const tor_addr_t *a)
Definition: address.h:152
static int fascist_firewall_allows_base(uint32_t ipv4h_addr, uint16_t ipv4_orport, uint16_t ipv4_dirport, const tor_addr_t *ipv6_addr, uint16_t ipv6_orport, uint16_t ipv6_dirport, firewall_connection_t fw_connection, int pref_only, int pref_ipv6)
Definition: policies.c:617
int short_policy_is_reject_star(const short_policy_t *policy)
Definition: policies.c:2901
void policies_set_node_exitpolicy_to_reject_all(node_t *node)
Definition: policies.c:2205
STATIC void append_exit_policy_string(smartlist_t **policy, const char *more)
Definition: policies.c:1598
int strcmpstart(const char *s1, const char *s2)
Definition: util_string.c:209
#define tor_free(p)
Definition: malloc.h:52
int validate_addr_policies(const or_options_t *options, char **msg)
Definition: policies.c:1171
struct config_line_t * AuthDirReject
static unsigned int policy_hash(const policy_map_ent_t *ent)
Definition: policies.c:1354
unsigned int rejects_all
Definition: node_st.h:77
int authdir_policy_badexit_address(uint32_t addr, uint16_t port)
Definition: policies.c:1157
Header file for geoip.c.
void * tor_reallocarray_(void *ptr, size_t sz1, size_t sz2)
Definition: malloc.c:146
static int fascist_firewall_allows_rs_impl(const routerstatus_t *rs, firewall_connection_t fw_connection, int pref_only, int pref_ipv6)
Definition: policies.c:664
static int addr_policy_permits_address(uint32_t addr, uint16_t port, smartlist_t *policy)
Definition: policies.c:396
int tor_addr_is_v4(const tor_addr_t *addr)
Definition: address.c:748
void policy_expand_unspec(smartlist_t **policy)
Definition: policies.c:144
uint8_t maskbits_t
Definition: address.h:62
void smartlist_del_keeporder(smartlist_t *sl, int idx)
short_policy_t * parse_short_policy(const char *summary)
Definition: policies.c:2716
int ExitPolicyRejectPrivate
Definition: or_options_st.h:99
struct policy_summary_item_t policy_summary_item_t
const char * routerinfo_err_to_string(int err)
Definition: router.c:140
unsigned int n_entries
Definition: policies.h:62
static int fascist_firewall_prefer_ipv6_impl(const or_options_t *options)
Definition: policies.c:474
void policies_exit_policy_append_reject_star(smartlist_t **dest)
Definition: policies.c:2197
Header file for policies.c.
static int single_addr_policy_eq(const addr_policy_t *a, const addr_policy_t *b)
Definition: policies.c:1295
tor_assert(buffer)
uint16_t prt_max
#define tor_addr_from_ipv4h(dest, v4addr)
Definition: address.h:287
static smartlist_t * authdir_invalid_policy
Definition: policies.c:55
static addr_policy_result_t compare_known_tor_addr_to_addr_policy_noport(const tor_addr_t *addr, const smartlist_t *policy)
Definition: policies.c:1436
MOCK_IMPL(addr_policy_result_t, compare_tor_addr_to_addr_policy,(const tor_addr_t *addr, uint16_t port, const smartlist_t *policy))
Definition: policies.c:1529
void fascist_firewall_choose_address_rs(const routerstatus_t *rs, firewall_connection_t fw_connection, int pref_only, tor_addr_port_t *ap)
Definition: policies.c:984
static smartlist_t * dir_policy
Definition: policies.c:49
int dir_policy_permits_address(const tor_addr_t *addr)
Definition: policies.c:1099
Header file for routermode.c.
Header file for policy_parse.c.
int tor_asprintf(char **strp, const char *fmt,...)
Definition: printf.c:75
static smartlist_t * policy_summary_create(void)
Definition: policies.c:2375
static int addr_policy_covers(addr_policy_t *a, addr_policy_t *b)
Definition: policies.c:1553
smartlist_t * exit_policy
Definition: routerinfo_st.h:56
void addr_policy_free_(addr_policy_t *p)
Definition: policies.c:3107
static int fascist_firewall_allows_md_impl(const microdesc_t *md, firewall_connection_t fw_connection, int pref_only, int pref_ipv6)
Definition: policies.c:710
static smartlist_t * socks_policy
Definition: policies.c:47
int smartlist_contains_string_case(const smartlist_t *sl, const char *element)
Definition: smartlist.c:133
void tor_addr_from_ipv6_bytes(tor_addr_t *dest, const char *ipv6_bytes)
Definition: address.c:884
void smartlist_add_asprintf(struct smartlist_t *sl, const char *pattern,...)
Definition: smartlist.c:36
void node_get_prim_dirport(const node_t *node, tor_addr_port_t *ap_out)
Definition: nodelist.c:1785
Header file for circuitbuild.c.
Master header file for Tor-specific functionality.
void policy_expand_private(smartlist_t **policy)
Definition: policies.c:104
routerstatus_t fake_status
Definition: dir_server_st.h:46
struct config_line_t * ExitPolicy
Definition: or_options_st.h:98
addr_policy_action_bitfield_t policy_type
static void policies_copy_outbound_addresses_to_smartlist(smartlist_t *addr_list, const or_options_t *or_options)
Definition: policies.c:2094
int tor_addr_parse_mask_ports(const char *s, unsigned flags, tor_addr_t *addr_out, maskbits_t *maskbits_out, uint16_t *port_min_out, uint16_t *port_max_out)
Definition: address.c:542
static smartlist_t * reachable_dir_addr_policy
Definition: policies.c:65
int crypto_rand_int(unsigned int max)
static int exit_policy_is_general_exit_helper(smartlist_t *policy, int port)
Definition: policies.c:2213
struct config_line_t * ReachableORAddresses
static int fascist_firewall_allows_address_ap(const tor_addr_port_t *ap, firewall_connection_t fw_connection, int pref_only, int pref_ipv6)
Definition: policies.c:581
static smartlist_t * authdir_badexit_policy
Definition: policies.c:58
int routerinfo_err_is_transient(int err)
Definition: router.c:167
static int parse_addr_policy(config_line_t *cfg, smartlist_t **dest, int assume_action)
Definition: policies.c:193
tor_addr_t ipv6_addr
int tor_addr_is_null(const tor_addr_t *addr)
Definition: address.c:769
char * policy_dump_to_string(const smartlist_t *policy_list, int include_ipv4, int include_ipv6)
Definition: policies.c:2956
static void policy_summary_add_item(smartlist_t *summary, addr_policy_t *p)
Definition: policies.c:2563
int fascist_firewall_allows_address_addr(const tor_addr_t *addr, uint16_t port, firewall_connection_t fw_connection, int pref_only, int pref_ipv6)
Definition: policies.c:556
void tor_free_(void *mem)
Definition: malloc.c:227
static int policy_summary_split(smartlist_t *summary, uint16_t prt_min, uint16_t prt_max)
Definition: policies.c:2444
static void policies_copy_addr_to_smartlist(smartlist_t *addr_list, const tor_addr_t *addr)
Definition: policies.c:2061
int policy_is_reject_star(const smartlist_t *policy, sa_family_t family, int default_reject)
Definition: policies.c:2275
static void exit_policy_remove_redundancies(smartlist_t *dest)
Definition: policies.c:1698
int tor_addr_is_loopback(const tor_addr_t *addr)
Definition: address.c:794
struct config_line_t * DirPolicy
tor_addr_t ipv6_addr
Definition: microdesc_st.h:70
static void policy_summary_accept(smartlist_t *summary, uint16_t prt_min, uint16_t prt_max, sa_family_t family)
Definition: policies.c:2475
int tor_addr_is_multicast(const tor_addr_t *a)
Definition: address.c:1499
maskbits_t maskbits
static void addr_policy_append_reject_addr_list_filter(smartlist_t **dest, const smartlist_t *addrs, int ipv4_rules, int ipv6_rules)
Definition: policies.c:1683
struct short_policy_t * ipv6_exit_policy
Definition: routerinfo_st.h:60
int exit_policy_is_general_exit(smartlist_t *policy)
Definition: policies.c:2261
#define LD_DIR
Definition: log.h:84
const char * geoip_get_country_name(country_t num)
Definition: geoip.c:441
void policies_free_all(void)
Definition: policies.c:3128
struct config_line_t * AuthDirInvalid
void fascist_firewall_choose_address_dir_server(const dir_server_t *ds, firewall_connection_t fw_connection, int pref_only, tor_addr_port_t *ap)
Definition: policies.c:1072
int ClientPreferIPv6DirPort
int tor_snprintf(char *str, size_t size, const char *format,...)
Definition: printf.c:27
struct config_line_t * ReachableDirAddresses
char * smartlist_join_strings(smartlist_t *sl, const char *join, int terminate, size_t *len_out)
Definition: smartlist.c:279
#define SMARTLIST_FOREACH(sl, type, var, cmd)
int policies_parse_from_options(const or_options_t *options)
Definition: policies.c:1269
Header file for router.c.
const char * escaped(const char *s)
Definition: escape.c:126
int policies_parse_exit_policy(config_line_t *cfg, smartlist_t **dest, exit_policy_parser_cfg_t options, const smartlist_t *configured_addresses)
Definition: policies.c:2035
unsigned int is_accept
Definition: policies.h:60
void addr_policy_list_free_(smartlist_t *lst)
Definition: policies.c:3097
struct short_policy_t * ipv6_exit_policy
Definition: microdesc_st.h:78
#define fmt_addr(a)
Definition: address.h:211
int fascist_firewall_allows_node(const node_t *node, firewall_connection_t fw_connection, int pref_only)
Definition: policies.c:732
uint16_t dir_port
Definition: routerinfo_st.h:21
struct config_line_t * ReachableAddresses
#define log_fn(severity, domain, args,...)
Definition: log.h:255
struct config_line_t * AuthDirBadExit
void smartlist_add_all(smartlist_t *s1, const smartlist_t *s2)
static void policy_summary_reject(smartlist_t *summary, maskbits_t maskbits, uint16_t prt_min, uint16_t prt_max, sa_family_t family)
Definition: policies.c:2498
static void fascist_firewall_choose_address_ipv4h(uint32_t ipv4h_addr, uint16_t ipv4_orport, uint16_t ipv4_dirport, const tor_addr_t *ipv6_addr, uint16_t ipv6_orport, uint16_t ipv6_dirport, firewall_connection_t fw_connection, int pref_only, int pref_ipv6, tor_addr_port_t *ap)
Definition: policies.c:910
int fascist_firewall_allows_dir_server(const dir_server_t *ds, firewall_connection_t fw_connection, int pref_only)
Definition: policies.c:770
void addr_policy_append_reject_addr(smartlist_t **dest, const tor_addr_t *addr)
Definition: policies.c:1612
void fascist_firewall_choose_address_node(const node_t *node, firewall_connection_t fw_connection, int pref_only, tor_addr_port_t *ap)
Definition: policies.c:1022
void addr_policy_append_reject_addr_list(smartlist_t **dest, const smartlist_t *addrs)
Definition: policies.c:1669
char * router_dump_exit_policy_to_string(const routerinfo_t *router, int include_ipv4, int include_ipv6)
Definition: router.c:2866
char * write_short_policy(const short_policy_t *policy)
Definition: policies.c:2817
unsigned int is_canonical
static int fascist_firewall_allows_ri_impl(const routerinfo_t *ri, firewall_connection_t fw_connection, int pref_only, int pref_ipv6)
Definition: policies.c:647
void short_policy_free_(short_policy_t *policy)
Definition: policies.c:2843
uint32_t addr
Definition: routerinfo_st.h:19
int node_is_a_configured_bridge(const node_t *node)
Definition: bridges.c:348
uint16_t ipv6_orport
int policy_write_item(char *buf, size_t buflen, const addr_policy_t *policy, int format_for_desc)
Definition: policies.c:2299
int tor_addr_compare_masked(const tor_addr_t *addr1, const tor_addr_t *addr2, maskbits_t mbits, tor_addr_comparison_t how)
Definition: address.c:974
void smartlist_insert(smartlist_t *sl, int idx, void *val)
int getinfo_helper_policies(control_connection_t *conn, const char *question, char **answer, const char **errmsg)
Definition: policies.c:2999
uint16_t prt_min
tor_addr_t ipv6_addr
Definition: routerinfo_st.h:27
void tor_addr_copy(tor_addr_t *dest, const tor_addr_t *src)
Definition: address.c:903
void tor_addr_copy_tight(tor_addr_t *dest, const tor_addr_t *src)
Definition: address.c:917
static void policies_copy_ipv4h_to_smartlist(smartlist_t *addr_list, uint32_t ipv4h_addr)
Definition: policies.c:2077
void smartlist_clear(smartlist_t *sl)
#define LD_MM
Definition: log.h:70
static addr_policy_result_t compare_unknown_tor_addr_to_addr_policy(uint16_t port, const smartlist_t *policy)
Definition: policies.c:1479
unsigned int is_private
Header file for networkstatus.c.
#define LD_BUG
Definition: log.h:82
#define LD_CONFIG
Definition: log.h:64
static void policies_log_first_redundant_entry(const smartlist_t *policy)
Definition: policies.c:1857
tor_addr_t addr
uint16_t or_port
Definition: routerinfo_st.h:20
int policies_parse_exit_policy_from_options(const or_options_t *or_options, uint32_t local_address, const tor_addr_t *ipv6_local_address, smartlist_t **result)
Definition: policies.c:2134
struct config_line_t * SocksPolicy
static sa_family_t tor_addr_family(const tor_addr_t *a)
Definition: address.h:179
int fascist_firewall_use_ipv6(const or_options_t *options)
Definition: policies.c:458
int node_ipv6_dir_preferred(const node_t *node)
Definition: nodelist.c:1762
int smartlist_split_string(smartlist_t *sl, const char *str, const char *sep, int flags, int max)
STATIC const tor_addr_port_t * fascist_firewall_choose_address(const tor_addr_port_t *a, const tor_addr_port_t *b, int want_a, firewall_connection_t fw_connection, int pref_only, int pref_ipv6)
Definition: policies.c:831