Create a client/relay-side ReducedExitPolicy

We should have an "ExitPolicy Reduced" or "ReducedExitPolicy 1" torrc option for relay operators to more easily opt in to https://trac.torproject.org/projects/tor/wiki/doc/ReducedExitPolicy.

We have a lot of people doing this on an ad-hoc basis. We should make it official.

changed milestone to %Tor: 0.3.3.x-final

added actualpoints::3 component::core tor/tor easy milestone::Tor: 0.3.3.x-final points::3 priority::medium resolution::implemented review-group-18 review-group-24 severity::normal status::closed tor-relay type::enhancement labels

Fwiw, we also have #6495 (moved) for a dirauth version of this, but that will require all clients+relays to upgrade before it can be used.

Trac:
Keywords: tor-relay deleted, tor-relay easy added
Milestone: N/A to Tor: 0.2.7.x-final

Trac:
Status: new to assigned

This got triaged out of 0.2.7 today.

If we do it, we need to make sure that we aren't promising 100% abuse-resistance to the servers who use it.

Trac:
Milestone: Tor: 0.2.7.x-final to Tor: 0.2.???
Keywords: tor-relay easy deleted, tor-relay easy lorax added

Trac:
Sponsor: N/A to N/A
Points: N/A to medium
Severity: N/A to Normal

Milestone renamed

Trac:
Milestone: Tor: 0.2.??? to Tor: 0.3.???

Trac:
0001-Add-code-for-letting-user-select-Reduced-Exit-Policy.patch

Patch for adding ReducedExitPolicy option to use Reduced Exit Policy

Hi,

I have a patch to add a ReducedExitPolicy option, and to set the Exit Policy to the well known Reduced Exit Policy. Please tell me what you think about this patch.

Thank You, Neel Chauhan

Trac:
Reviewer: N/A to N/A

Finally admitting that 0.3.??? was a euphemism for Tor: unspecified all along.

Trac:
Keywords: tor-relay easy lorax deleted, tor-03-unspecified-201612, lorax, tor-relay, easy added
Milestone: Tor: 0.3.??? to Tor: unspecified

Remove an old triaging keyword.

Trac:
Keywords: tor-03-unspecified-201612 deleted, N/A added

Change the status of all assigned/accepted Tor tickets with owner="" to "new".

Trac:
Status: assigned to new

Trac:
Status: new to needs_review
Milestone: Tor: unspecified to Tor: 0.3.2.x-final
Keywords: lorax deleted, N/A added

Oh hey, there's a patch here! We should review this for when the next merge window happens.

Trac:
Keywords: N/A deleted, review-group-18 added

Yay! Thank you so much for doing this neel. Sorry for taking so long to look at it.

The patch looks OK, but needs a couple things before merge:

1. Can you add an entry for this option in the manpage? (doc/tor.1.txt)
2. Can you create a changelog entry in a changes file for this (ie: changes/bug13605)

Otherwise I think this looks good. It appears to match the most recent reduced exit policy wiki page still, too.

Nick - do we have to have unit tests for torrc options like this, or can we consider this covered by the other exit policy tests?

Trac:
Status: needs_review to needs_revision

In an ideal world we'd have tests for everything, though for torrc options it might be better to wait until we have config.c factored in a much better way.

Trac:
tor-patch-ReducedExitPolicy-001.patch

Updated patch to add ReducedExitPolicy option

Sorry for the delay, but I have created a new patch with the filename tor-patch-ReducedExitPolicy-001.patch​.

Mark some needs_revision tickets as unspecified. If/when the revisions happen, they can go back into a live milestone.

Trac:
Milestone: Tor: 0.3.2.x-final to Tor: unspecified

Apart from unit tests, these two things need to be changed:

The maximum exit policy is now EXIT_POLICY_ADD_REDUCED.

#define EXIT_POLICY_REJECT_LOCAL_INTERFACES  (1 << 3)
#define EXIT_POLICY_ADD_REDUCED              (1 << 4)
#define EXIT_POLICY_OPTION_MAX               EXIT_POLICY_REJECT_LOCAL_INTERFACES
/* All options set: used for unit testing */
#define EXIT_POLICY_OPTION_ALL             ((EXIT_POLICY_OPTION_MAX << 1) - 1)

Please check all uses of EXIT_POLICY_OPTION_ALL to make sure they still function as designed.

The last line of the changes file needs a newline, not an escape sequence:

operator to use a reduced exit policy rather than the default one. Closes\      ticket 13605.

Trac:
Milestone: Tor: unspecified to Tor: 0.3.2.x-final

Defer all needs_revision non-spec enhancements to 0.3.3.

Trac:
Milestone: Tor: 0.3.2.x-final to Tor: 0.3.3.x-final

Trac:
Cc: yawning to yawning, neel@neelc.org

Trac:
tor-patch-ReducedExitPolicy-002.patch

Version 2 of patch to add ReducedExitPolicy option

I have created a new patch tor-patch-ReducedExitPolicy-002.patch which includes the requested changes. It passes the regression test (at least on my machine).

Looks great, but needs some more documentation.

The man page should talk about ReducedExitPolicy under ExitPolicy:

If you want to use a reduced exit policy rather than the default exit policy, set "ReducedExitPolicy 1". If you want to _replace_ the default exit policy with your custom exit policy, end your exit policy with either a reject *:* or an accept *:*. Otherwise, you’re _augmenting_ (prepending to) the default or reduced exit policy.

The man page should document exactly what the reduced exit policy is.

For example, here is the man page entry for the default exit policy:

    The default exit policy is:

    reject *:25
    reject *:119
    reject *:135-139
    reject *:445
    reject *:563
    reject *:1214
    reject *:4661-4666
    reject *:6346-6429
    reject *:6699
    reject *:6881-6999
    accept *:*

    Since the default exit policy uses accept/reject *, it applies to both IPv4 and IPv6 addresses.

Trac:
Status: needs_revision to needs_review

Trac:
tor-patch-ReducedExitPolicy-003.patch

Version 3 of patch to add ReducedExitPolicy option

I have a new version of this patch. The filename is 'tor-patch-ReducedExitPolicy-003.patch' (without the quotes).

review-group-24 is now open.

Trac:
Keywords: N/A deleted, review-group-24 added

This patch looks good to me.

I've not compiled it or run unit tests (are there existing unit tests for the exit policy code?).

We should do that before we merge.

Trac:
Points: medium to 3
Actualpoints: N/A to 3

This is looking reasonable. Two changes to make before I merge (i can do these, no worries):

• We should only add the reduced exit policy if BridgeMode is also 0.
• The else goes on the same line as any } before it.

I'll take another look too while I'm at it. I'd do all this now, but I need to go afk

Trac:
Status: needs_review to merge_ready

I've put my changes (minor) in branch 13605_reduced_exit in my public repository; I've merged a squashed version to master. Thanks!

Trac:
Resolution: N/A to implemented
Status: merge_ready to closed

closed

changed time estimate to 24h

added 24h of time spent

moved to tpo/core/tor#13605 (closed)