Ticket #13605: 0001-Add-code-for-letting-user-select-Reduced-Exit-Policy.patch

File 0001-Add-code-for-letting-user-select-Reduced-Exit-Policy.patch, 6.8 KB (added by neel, 2 years ago)

Patch for adding ReducedExitPolicy option to use Reduced Exit Policy

  • src/or/config.c

    From 3808fd01b8b8ce05fdd96ea2c68b3cfd6eafd82d Mon Sep 17 00:00:00 2001
    From: Neel Chauhan <neel@neelc.org>
    Date: Tue, 6 Dec 2016 10:39:30 -0500
    Subject: [PATCH] Add code for letting user select Reduced Exit Policy
    
    ---
     src/or/config.c   |  1 +
     src/or/or.h       |  1 +
     src/or/policies.c | 38 +++++++++++++++++++++++++++++++++-----
     src/or/policies.h |  1 +
     4 files changed, 36 insertions(+), 5 deletions(-)
    
    diff --git a/src/or/config.c b/src/or/config.c
    index 972e3be09..ce1ee06ba 100644
    a b static config_var_t option_vars_[] = { 
    444444  V(RecommendedClientVersions,   LINELIST, NULL),
    445445  V(RecommendedServerVersions,   LINELIST, NULL),
    446446  V(RecommendedPackages,         LINELIST, NULL),
     447  V(ReducedExitPolicy,           BOOL, "0"),
    447448  V(RefuseUnknownExits,          AUTOBOOL, "auto"),
    448449  V(RejectPlaintextPorts,        CSV,      ""),
    449450  V(RelayBandwidthBurst,         MEMUNIT,  "0"),
  • src/or/or.h

    diff --git a/src/or/or.h b/src/or/or.h
    index eb94f63d5..1a019b77d 100644
    a b typedef struct { 
    36093609                                        * interface addresses?
    36103610                                        * Includes OutboundBindAddresses and
    36113611                                        * configured ports. */
     3612  int ReducedExitPolicy; /**<Should we use the Reduced Exit Policy? */
    36123613  config_line_t *SocksPolicy; /**< Lists of socks policy components */
    36133614  config_line_t *DirPolicy; /**< Lists of dir policy components */
    36143615  /** Addresses to bind for listening for SOCKS connections. */
  • src/or/policies.c

    diff --git a/src/or/policies.c b/src/or/policies.c
    index f4c0cddbc..5d046eb09 100644
    a b static int policies_parse_exit_policy_internal( 
    8080                                      const smartlist_t *configured_addresses,
    8181                                      int reject_interface_addresses,
    8282                                      int reject_configured_port_addresses,
    83                                       int add_default_policy);
     83                                      int add_default_policy,
     84                                      int add_reduced_policy);
    8485
    8586/** Replace all "private" entries in *<b>policy</b> with their expanded
    8687 * equivalents. */
    policies_log_first_redundant_entry(const smartlist_t *policy) 
    18341835  "reject *:563,reject *:1214,reject *:4661-4666,"                  \
    18351836  "reject *:6346-6429,reject *:6699,reject *:6881-6999,accept *:*"
    18361837
     1838#define REDUCED_EXIT_POLICY                                                   \
     1839  "accept *:20-23,accept *:43,accept *:53,accept *:79-81,accept *:88,"        \
     1840  "accept *:110,accept *:143,accept *:194,accept *:220,accept *:389,"         \
     1841  "accept *:443,accept *:464,accept *:465,accept *:531,accept *:543-544,"     \
     1842  "accept *:554,accept *:563,accept *:587,accept *:636,accept *:706,"         \
     1843  "accept *:749,accept *:873,accept *:902-904,accept *:981,accept *:989-995," \
     1844  "accept *:1194,accept *:1220,accept *:1293,accept *:1500,accept *:1533,"    \
     1845  "accept *:1677,accept *:1723,accept *:1755,accept *:1863,"                  \
     1846  "accept *:2082-2083,accept *:2086-2087,accept *:2095-2096,"                 \
     1847  "accept *:2102-2104,accept *:3128,accept *:3389,accept *:3690,"             \
     1848  "accept *:4321,accept *:4643,accept *:5050,accept *:5190,"                  \
     1849  "accept *:5222-5223,accept *:5228,accept *:5900,accept *:6660-6669,"        \
     1850  "accept *:6679,accept *:6697,accept *:8000,accept *:8008,accept *:8074,"    \
     1851  "accept *:8080,accept *:8082,accept *:8087-8088,accept *:8232-8233,"        \
     1852  "accept *:8332-8333,accept *:8443,accept *:8888,accept *:9418,"             \
     1853  "accept *:9999,accept *:10000,accept *:11371,accept *:19294,"               \
     1854  "accept *:19638,accept *:50002,accept *:64738,reject *:*"
     1855
    18371856/** Parse the exit policy <b>cfg</b> into the linked list *<b>dest</b>.
    18381857 *
    18391858 * If <b>ipv6_exit</b> is false, prepend "reject *6:*" to the policy.
    policies_parse_exit_policy_internal(config_line_t *cfg, 
    18691888                                    const smartlist_t *configured_addresses,
    18701889                                    int reject_interface_addresses,
    18711890                                    int reject_configured_port_addresses,
    1872                                     int add_default_policy)
     1891                                    int add_default_policy,
     1892                                    int add_reduced_policy)
    18731893{
    18741894  if (!ipv6_exit) {
    18751895    append_exit_policy_string(dest, "reject *6:*");
    policies_parse_exit_policy_internal(config_line_t *cfg, 
    18951915   * effect, and are most likely an error. */
    18961916  policies_log_first_redundant_entry(*dest);
    18971917
    1898   if (add_default_policy) {
     1918  if (add_reduced_policy) {
     1919    append_exit_policy_string(dest, REDUCED_EXIT_POLICY);
     1920  } else if (add_default_policy) {
    18991921    append_exit_policy_string(dest, DEFAULT_EXIT_POLICY);
    19001922  } else {
    19011923    append_exit_policy_string(dest, "reject *4:*");
    policies_parse_exit_policy(config_line_t *cfg, smartlist_t **dest, 
    19361958  int add_default = (options & EXIT_POLICY_ADD_DEFAULT) ? 1 : 0;
    19371959  int reject_local_interfaces = (options &
    19381960                                 EXIT_POLICY_REJECT_LOCAL_INTERFACES) ? 1 : 0;
     1961  int add_reduced = (options & EXIT_POLICY_ADD_REDUCED) ? 1 : 0;
    19391962
    19401963  return policies_parse_exit_policy_internal(cfg,dest,ipv6_enabled,
    19411964                                             reject_private,
    19421965                                             configured_addresses,
    19431966                                             reject_local_interfaces,
    19441967                                             reject_local_interfaces,
    1945                                              add_default);
     1968                                             add_default,
     1969                                             add_reduced);
    19461970}
    19471971
    19481972/** Helper function that adds a copy of addr to a smartlist as long as it is
    policies_parse_exit_policy_from_options(const or_options_t *or_options, 
    20472071    parser_cfg |= EXIT_POLICY_REJECT_PRIVATE;
    20482072  }
    20492073
    2050   if (!or_options->BridgeRelay) {
     2074  if (!or_options->BridgeRelay && !or_options->ReducedExitPolicy) {
    20512075    parser_cfg |= EXIT_POLICY_ADD_DEFAULT;
    20522076  }
    20532077
     2078  if (or_options->ReducedExitPolicy) {
     2079    parser_cfg |= EXIT_POLICY_ADD_REDUCED;
     2080  }
     2081
    20542082  if (or_options->ExitPolicyRejectLocalInterfaces) {
    20552083    parser_cfg |= EXIT_POLICY_REJECT_LOCAL_INTERFACES;
    20562084  }
  • src/or/policies.h

    diff --git a/src/or/policies.h b/src/or/policies.h
    index 20f58f2be..e47eefff0 100644
    a b  
    2222#define EXIT_POLICY_REJECT_PRIVATE           (1 << 1)
    2323#define EXIT_POLICY_ADD_DEFAULT              (1 << 2)
    2424#define EXIT_POLICY_REJECT_LOCAL_INTERFACES  (1 << 3)
     25#define EXIT_POLICY_ADD_REDUCED              (1 << 4)
    2526
    2627typedef enum firewall_connection_t {
    2728  FIREWALL_OR_CONNECTION      = 0,