Ticket #13605: tor-patch-ReducedExitPolicy-001.patch

File tor-patch-ReducedExitPolicy-001.patch, 8.3 KB (added by neel, 2 years ago)

Updated patch to add ReducedExitPolicy option

  • src/or/config.c

    From 48bea5b7036adf90e9d0c7d29e88108685a2a453 Mon Sep 17 00:00:00 2001
    From: Neel Chauhan <neel@neelc.org>
    Date: Thu, 20 Jul 2017 16:42:28 -0400
    Subject: [PATCH 1/3] Add code for letting user select Reduced Exit Policy
    
    ---
     src/or/config.c   |  1 +
     src/or/or.h       |  1 +
     src/or/policies.c | 39 ++++++++++++++++++++++++++++++++++-----
     src/or/policies.h |  1 +
     4 files changed, 37 insertions(+), 5 deletions(-)
    
    diff --git a/src/or/config.c b/src/or/config.c
    index de27ddb7c..235c4ac71 100644
    a b static config_var_t option_vars_[] = { 
    464464  V(RecommendedServerVersions,   LINELIST, NULL),
    465465  V(RecommendedPackages,         LINELIST, NULL),
    466466  V(ReducedConnectionPadding,    BOOL,     "0"),
     467  V(ReducedExitPolicy,           BOOL,     "0"),
    467468  V(ConnectionPadding,           AUTOBOOL, "auto"),
    468469  V(RefuseUnknownExits,          AUTOBOOL, "auto"),
    469470  V(RejectPlaintextPorts,        CSV,      ""),
  • src/or/or.h

    diff --git a/src/or/or.h b/src/or/or.h
    index f6c42b7a9..e7f418955 100644
    a b typedef struct { 
    36403640                                        * interface addresses?
    36413641                                        * Includes OutboundBindAddresses and
    36423642                                        * configured ports. */
     3643  int ReducedExitPolicy; /**<Should we use the Reduced Exit Policy? */
    36433644  config_line_t *SocksPolicy; /**< Lists of socks policy components */
    36443645  config_line_t *DirPolicy; /**< Lists of dir policy components */
    36453646  /** Local address to bind outbound sockets */
  • src/or/policies.c

    diff --git a/src/or/policies.c b/src/or/policies.c
    index 3d49a6110..892818f16 100644
    a b static int policies_parse_exit_policy_internal( 
    8181                                      const smartlist_t *configured_addresses,
    8282                                      int reject_interface_addresses,
    8383                                      int reject_configured_port_addresses,
    84                                       int add_default_policy);
     84                                      int add_default_policy,
     85                                      int add_reduced_policy);
    8586
    8687/** Replace all "private" entries in *<b>policy</b> with their expanded
    8788 * equivalents. */
    policies_log_first_redundant_entry(const smartlist_t *policy) 
    18771878  "reject *:563,reject *:1214,reject *:4661-4666,"                  \
    18781879  "reject *:6346-6429,reject *:6699,reject *:6881-6999,accept *:*"
    18791880
     1881#define REDUCED_EXIT_POLICY                                                   \
     1882  "accept *:20-23,accept *:43,accept *:53,accept *:79-81,accept *:88,"        \
     1883  "accept *:110,accept *:143,accept *:194,accept *:220,accept *:389,"         \
     1884  "accept *:443,accept *:464,accept *:465,accept *:531,accept *:543-544,"     \
     1885  "accept *:554,accept *:563,accept *:587,accept *:636,accept *:706,"         \
     1886  "accept *:749,accept *:873,accept *:902-904,accept *:981,accept *:989-995," \
     1887  "accept *:1194,accept *:1220,accept *:1293,accept *:1500,accept *:1533,"    \
     1888  "accept *:1677,accept *:1723,accept *:1755,accept *:1863,"                  \
     1889  "accept *:2082-2083,accept *:2086-2087,accept *:2095-2096,"                 \
     1890  "accept *:2102-2104,accept *:3128,accept *:3389,accept *:3690,"             \
     1891  "accept *:4321,accept *:4643,accept *:5050,accept *:5190,"                  \
     1892  "accept *:5222-5223,accept *:5228,accept *:5900,accept *:6660-6669,"        \
     1893  "accept *:6679,accept *:6697,accept *:8000,accept *:8008,accept *:8074,"    \
     1894  "accept *:8080,accept *:8082,accept *:8087-8088,accept *:8232-8233,"        \
     1895  "accept *:8332-8333,accept *:8443,accept *:8888,accept *:9418,"             \
     1896  "accept *:9999,accept *:10000,accept *:11371,accept *:19294,"               \
     1897  "accept *:19638,accept *:50002,accept *:64738,reject *:*"
     1898
    18801899/** Parse the exit policy <b>cfg</b> into the linked list *<b>dest</b>.
    18811900 *
    18821901 * If <b>ipv6_exit</b> is false, prepend "reject *6:*" to the policy.
    policies_parse_exit_policy_internal(config_line_t *cfg, 
    19121931                                    const smartlist_t *configured_addresses,
    19131932                                    int reject_interface_addresses,
    19141933                                    int reject_configured_port_addresses,
    1915                                     int add_default_policy)
     1934                                    int add_default_policy,
     1935                                    int add_reduced_policy)
    19161936{
    19171937  if (!ipv6_exit) {
    19181938    append_exit_policy_string(dest, "reject *6:*");
    policies_parse_exit_policy_internal(config_line_t *cfg, 
    19381958   * effect, and are most likely an error. */
    19391959  policies_log_first_redundant_entry(*dest);
    19401960
    1941   if (add_default_policy) {
     1961  if (add_reduced_policy) {
     1962    append_exit_policy_string(dest, REDUCED_EXIT_POLICY);
     1963  }
     1964  else if (add_default_policy) {
    19421965    append_exit_policy_string(dest, DEFAULT_EXIT_POLICY);
    19431966  } else {
    19441967    append_exit_policy_string(dest, "reject *4:*");
    policies_parse_exit_policy(config_line_t *cfg, smartlist_t **dest, 
    19792002  int add_default = (options & EXIT_POLICY_ADD_DEFAULT) ? 1 : 0;
    19802003  int reject_local_interfaces = (options &
    19812004                                 EXIT_POLICY_REJECT_LOCAL_INTERFACES) ? 1 : 0;
     2005  int add_reduced = (options & EXIT_POLICY_ADD_REDUCED) ? 1 : 0;
    19822006
    19832007  return policies_parse_exit_policy_internal(cfg,dest,ipv6_enabled,
    19842008                                             reject_private,
    19852009                                             configured_addresses,
    19862010                                             reject_local_interfaces,
    19872011                                             reject_local_interfaces,
    1988                                              add_default);
     2012                                             add_default,
     2013                                             add_reduced);
    19892014}
    19902015
    19912016/** Helper function that adds a copy of addr to a smartlist as long as it is
    policies_parse_exit_policy_from_options(const or_options_t *or_options, 
    20942119    parser_cfg |= EXIT_POLICY_REJECT_PRIVATE;
    20952120  }
    20962121
    2097   if (!or_options->BridgeRelay) {
     2122  if (!or_options->BridgeRelay && !or_options->ReducedExitPolicy) {
    20982123    parser_cfg |= EXIT_POLICY_ADD_DEFAULT;
    20992124  }
    21002125
     2126  if (or_options->ReducedExitPolicy) {
     2127    parser_cfg |= EXIT_POLICY_ADD_REDUCED;
     2128  }
     2129
    21012130  if (or_options->ExitPolicyRejectLocalInterfaces) {
    21022131    parser_cfg |= EXIT_POLICY_REJECT_LOCAL_INTERFACES;
    21032132  }
  • src/or/policies.h

    diff --git a/src/or/policies.h b/src/or/policies.h
    index ce08d497e..8edf46f3e 100644
    a b  
    2222#define EXIT_POLICY_REJECT_PRIVATE           (1 << 1)
    2323#define EXIT_POLICY_ADD_DEFAULT              (1 << 2)
    2424#define EXIT_POLICY_REJECT_LOCAL_INTERFACES  (1 << 3)
     25#define EXIT_POLICY_ADD_REDUCED              (1 << 4)
    2526#define EXIT_POLICY_OPTION_MAX             EXIT_POLICY_REJECT_LOCAL_INTERFACES
    2627/* All options set: used for unit testing */
    2728#define EXIT_POLICY_OPTION_ALL             ((EXIT_POLICY_OPTION_MAX << 1) - 1)
  • doc/tor.1.txt

    -- 
    2.13.2
    
    
    From fd21ee8651382f24e9512e51ba3491678be8c6ad Mon Sep 17 00:00:00 2001
    From: Neel Chauhan <neel@neelc.org>
    Date: Thu, 20 Jul 2017 16:49:24 -0400
    Subject: [PATCH 2/3] Add man page entry for the ReducedExitPolicy option
    
    ---
     doc/tor.1.txt | 3 +++
     1 file changed, 3 insertions(+)
    
    diff --git a/doc/tor.1.txt b/doc/tor.1.txt
    index fdb716867..e198798e9 100644
    a b is non-zero): 
    17231723    to disclose.
    17241724    (Default: 0)
    17251725
     1726[[ReducedExitPolicy] **ReducedExitPolicy** **0**|**1**::
     1727    If set, use a reduced exit policy rather than the default one. (Default: 0)
     1728
    17261729[[IPv6Exit]] **IPv6Exit** **0**|**1**::
    17271730    If set, and we are an exit node, allow clients to use us for IPv6
    17281731    traffic. (Default: 0)
  • new file changes/bug13605

    -- 
    2.13.2
    
    
    From 4ccaa435824195b26304774742bcf42dc256a386 Mon Sep 17 00:00:00 2001
    From: Neel Chauhan <neel@neelc.org>
    Date: Thu, 20 Jul 2017 16:58:38 -0400
    Subject: [PATCH 3/3] Add ChangLog entry for the ReducedExitPolicy option
    
    ---
     changes/bug13605 | 3 +++
     1 file changed, 3 insertions(+)
     create mode 100644 changes/bug13605
    
    diff --git a/changes/bug13605 b/changes/bug13605
    new file mode 100644
    index 000000000..1d4fd78cf
    - +  
     1  o Major features (tor-relay):
     2    - Implement an option, ReducedExitPolicy, to allow an Tor exit relay
     3      operator to use a reduced exit policy rather than the default one. Closes\      ticket 13605.