Opened 6 years ago

Closed 6 years ago

#11108 closed defect (fixed)

SocksPolicy and DirPolicy ignore port specifications, contrary to documentation

Reported by: cypherpunks Owned by:
Priority: Medium Milestone: Tor: 0.2.5.x-final
Component: Core Tor/Tor Version:
Severity: Keywords: tor-docs tor-client
Cc: Actual Points:
Parent ID: Points:
Reviewer: Sponsor:


The documentation for SocksPolicy and DirPolicy both say "policies have the same form as exit policies", but looking at the code at it appears both only consider the address, not the port number. The documentation should be updated to reflect this.

(It seems unlikely to me that limiting the source ports allowed to connect to these listeners is actually a feature anyone wants, but maybe it is?)

Child Tickets

Change History (3)

comment:1 Changed 6 years ago by nickm

Component: - Select a componentTor
Keywords: tor-docs tor-client added
Milestone: Tor: 0.2.5.x-final
Status: newneeds_review

I agree that limiting source-port doesn't make a lot of sense here.

There's a patch in my branch "bug11108" for review: it tweaks the documentation, and adds a warning if the user specifies ports.

comment:2 Changed 6 years ago by cypherpunks

Patch looks good to me.

But, I also just noticed that the documentation for these various policy options does not make it entirely clear that there is an implicit default "accept *:*" policy for everything, except ReachableAddresses, ReachableORAddresses, and ReachableDirAddresses (I think) which have a "reject *:*" inserted at the end.

(It is clear enough in the ExitPolicy example, and the others say they're like the ExitPolicy, and one could infer from the examples in the Reachable* options that there must be a reject there, but it could be clearer.)

comment:3 Changed 6 years ago by nickm

Resolution: fixed
Status: needs_reviewclosed

Thanks! Added a sentence about missing entries, and merged it to mater.

Note: See TracTickets for help on using tickets.