Ticket #13605: tor-patch-ReducedExitPolicy-002.patch

File tor-patch-ReducedExitPolicy-002.patch, 8.4 KB (added by neel, 2 years ago)

Version 2 of patch to add ReducedExitPolicy option

  • src/or/config.c

    From 84aa53f189e9fb849e08b73af5d5a52bc74152a1 Mon Sep 17 00:00:00 2001
    From: Neel Chauhan <neel@neelc.org>
    Date: Wed, 27 Sep 2017 20:31:12 -0400
    Subject: [PATCH 1/3] Add code for letting user select Reduced Exit Policy
    
    ---
     src/or/config.c   |  1 +
     src/or/or.h       |  1 +
     src/or/policies.c | 39 ++++++++++++++++++++++++++++++++++-----
     src/or/policies.h |  3 ++-
     4 files changed, 38 insertions(+), 6 deletions(-)
    
    diff --git a/src/or/config.c b/src/or/config.c
    index 832a7c967..9e0e67628 100644
    a b static config_var_t option_vars_[] = { 
    484484  V(RendPostPeriod,              INTERVAL, "1 hour"),
    485485  V(RephistTrackTime,            INTERVAL, "24 hours"),
    486486  V(RunAsDaemon,                 BOOL,     "0"),
     487  V(ReducedExitPolicy,           BOOL,     "0"),
    487488  OBSOLETE("RunTesting"), // currently unused
    488489  V(Sandbox,                     BOOL,     "0"),
    489490  V(SafeLogging,                 STRING,   "1"),
  • src/or/or.h

    diff --git a/src/or/or.h b/src/or/or.h
    index 5bd07ba6a..4cf6add07 100644
    a b typedef struct { 
    36743674                                        * interface addresses?
    36753675                                        * Includes OutboundBindAddresses and
    36763676                                        * configured ports. */
     3677  int ReducedExitPolicy; /**<Should we use the Reduced Exit Policy? */
    36773678  config_line_t *SocksPolicy; /**< Lists of socks policy components */
    36783679  config_line_t *DirPolicy; /**< Lists of dir policy components */
    36793680  /** Local address to bind outbound sockets */
  • src/or/policies.c

    diff --git a/src/or/policies.c b/src/or/policies.c
    index 4c24bfbc3..3cc279cd6 100644
    a b static int policies_parse_exit_policy_internal( 
    8181                                      const smartlist_t *configured_addresses,
    8282                                      int reject_interface_addresses,
    8383                                      int reject_configured_port_addresses,
    84                                       int add_default_policy);
     84                                      int add_default_policy,
     85                                      int add_reduced_policy);
    8586
    8687/** Replace all "private" entries in *<b>policy</b> with their expanded
    8788 * equivalents. */
    policies_log_first_redundant_entry(const smartlist_t *policy) 
    18771878  "reject *:563,reject *:1214,reject *:4661-4666,"                  \
    18781879  "reject *:6346-6429,reject *:6699,reject *:6881-6999,accept *:*"
    18791880
     1881#define REDUCED_EXIT_POLICY                                                   \
     1882  "accept *:20-23,accept *:43,accept *:53,accept *:79-81,accept *:88,"        \
     1883  "accept *:110,accept *:143,accept *:194,accept *:220,accept *:389,"         \
     1884  "accept *:443,accept *:464,accept *:465,accept *:531,accept *:543-544,"     \
     1885  "accept *:554,accept *:563,accept *:587,accept *:636,accept *:706,"         \
     1886  "accept *:749,accept *:873,accept *:902-904,accept *:981,accept *:989-995," \
     1887  "accept *:1194,accept *:1220,accept *:1293,accept *:1500,accept *:1533,"    \
     1888  "accept *:1677,accept *:1723,accept *:1755,accept *:1863,"                  \
     1889  "accept *:2082-2083,accept *:2086-2087,accept *:2095-2096,"                 \
     1890  "accept *:2102-2104,accept *:3128,accept *:3389,accept *:3690,"             \
     1891  "accept *:4321,accept *:4643,accept *:5050,accept *:5190,"                  \
     1892  "accept *:5222-5223,accept *:5228,accept *:5900,accept *:6660-6669,"        \
     1893  "accept *:6679,accept *:6697,accept *:8000,accept *:8008,accept *:8074,"    \
     1894  "accept *:8080,accept *:8082,accept *:8087-8088,accept *:8232-8233,"        \
     1895  "accept *:8332-8333,accept *:8443,accept *:8888,accept *:9418,"             \
     1896  "accept *:9999,accept *:10000,accept *:11371,accept *:19294,"               \
     1897  "accept *:19638,accept *:50002,accept *:64738,reject *:*"
     1898
    18801899/** Parse the exit policy <b>cfg</b> into the linked list *<b>dest</b>.
    18811900 *
    18821901 * If <b>ipv6_exit</b> is false, prepend "reject *6:*" to the policy.
    policies_parse_exit_policy_internal(config_line_t *cfg, 
    19121931                                    const smartlist_t *configured_addresses,
    19131932                                    int reject_interface_addresses,
    19141933                                    int reject_configured_port_addresses,
    1915                                     int add_default_policy)
     1934                                    int add_default_policy,
     1935                                    int add_reduced_policy)
    19161936{
    19171937  if (!ipv6_exit) {
    19181938    append_exit_policy_string(dest, "reject *6:*");
    policies_parse_exit_policy_internal(config_line_t *cfg, 
    19381958   * effect, and are most likely an error. */
    19391959  policies_log_first_redundant_entry(*dest);
    19401960
    1941   if (add_default_policy) {
     1961  if (add_reduced_policy) {
     1962    append_exit_policy_string(dest, REDUCED_EXIT_POLICY);
     1963  }
     1964  else if (add_default_policy) {
    19421965    append_exit_policy_string(dest, DEFAULT_EXIT_POLICY);
    19431966  } else {
    19441967    append_exit_policy_string(dest, "reject *4:*");
    policies_parse_exit_policy(config_line_t *cfg, smartlist_t **dest, 
    19792002  int add_default = (options & EXIT_POLICY_ADD_DEFAULT) ? 1 : 0;
    19802003  int reject_local_interfaces = (options &
    19812004                                 EXIT_POLICY_REJECT_LOCAL_INTERFACES) ? 1 : 0;
     2005  int add_reduced = (options & EXIT_POLICY_ADD_REDUCED) ? 1 : 0;
    19822006
    19832007  return policies_parse_exit_policy_internal(cfg,dest,ipv6_enabled,
    19842008                                             reject_private,
    19852009                                             configured_addresses,
    19862010                                             reject_local_interfaces,
    19872011                                             reject_local_interfaces,
    1988                                              add_default);
     2012                                             add_default,
     2013                                             add_reduced);
    19892014}
    19902015
    19912016/** Helper function that adds a copy of addr to a smartlist as long as it is
    policies_parse_exit_policy_from_options(const or_options_t *or_options, 
    20942119    parser_cfg |= EXIT_POLICY_REJECT_PRIVATE;
    20952120  }
    20962121
    2097   if (!or_options->BridgeRelay) {
     2122  if (!or_options->BridgeRelay && !or_options->ReducedExitPolicy) {
    20982123    parser_cfg |= EXIT_POLICY_ADD_DEFAULT;
    20992124  }
    21002125
     2126  if (or_options->ReducedExitPolicy) {
     2127    parser_cfg |= EXIT_POLICY_ADD_REDUCED;
     2128  }
     2129
    21012130  if (or_options->ExitPolicyRejectLocalInterfaces) {
    21022131    parser_cfg |= EXIT_POLICY_REJECT_LOCAL_INTERFACES;
    21032132  }
  • src/or/policies.h

    diff --git a/src/or/policies.h b/src/or/policies.h
    index 52ff4e2f9..cd97ee7f5 100644
    a b  
    2222#define EXIT_POLICY_REJECT_PRIVATE           (1 << 1)
    2323#define EXIT_POLICY_ADD_DEFAULT              (1 << 2)
    2424#define EXIT_POLICY_REJECT_LOCAL_INTERFACES  (1 << 3)
    25 #define EXIT_POLICY_OPTION_MAX             EXIT_POLICY_REJECT_LOCAL_INTERFACES
     25#define EXIT_POLICY_ADD_REDUCED              (1 << 4)
     26#define EXIT_POLICY_OPTION_MAX             EXIT_POLICY_ADD_REDUCED
    2627/* All options set: used for unit testing */
    2728#define EXIT_POLICY_OPTION_ALL             ((EXIT_POLICY_OPTION_MAX << 1) - 1)
    2829
  • doc/tor.1.txt

    -- 
    2.14.1
    
    
    From 15415b7aeacac565cb9d04fe0b59260e52f2b963 Mon Sep 17 00:00:00 2001
    From: Neel Chauhan <neel@neelc.org>
    Date: Wed, 27 Sep 2017 20:32:24 -0400
    Subject: [PATCH 2/3] Add man page entry for the ReducedExitPolicy option
    
    ---
     doc/tor.1.txt | 3 +++
     1 file changed, 3 insertions(+)
    
    diff --git a/doc/tor.1.txt b/doc/tor.1.txt
    index ba2bc13da..2e0d1797d 100644
    a b is non-zero): 
    17831783    to disclose.
    17841784    (Default: 0)
    17851785
     1786[[ReducedExitPolicy] **ReducedExitPolicy** **0**|**1**::
     1787    If set, use a reduced exit policy rather than the default one. (Default: 0)
     1788
    17861789[[IPv6Exit]] **IPv6Exit** **0**|**1**::
    17871790    If set, and we are an exit node, allow clients to use us for IPv6
    17881791    traffic. (Default: 0)
  • new file changes/ticket13605

    -- 
    2.14.1
    
    
    From 12f0b7fb6dae97b086661b16ba338d81cb78f236 Mon Sep 17 00:00:00 2001
    From: Neel Chauhan <neel@neelc.org>
    Date: Wed, 27 Sep 2017 20:35:30 -0400
    Subject: [PATCH 3/3] Add ChangLog entry for the ReducedExitPolicy option
    
    ---
     changes/ticket13605 | 4 ++++
     1 file changed, 4 insertions(+)
     create mode 100644 changes/ticket13605
    
    diff --git a/changes/ticket13605 b/changes/ticket13605
    new file mode 100644
    index 000000000..786ff0932
    - +  
     1  o Major features (tor-relay):
     2    - Implement an option, ReducedExitPolicy, to allow an Tor exit relay
     3      operator to use a reduced exit policy rather than the default one. Closes
     4      ticket 13605.