tor
master
|
Code to parse and use address policies and exit policies. More...
#include "or.h"
#include "bridges.h"
#include "config.h"
#include "dirserv.h"
#include "microdesc.h"
#include "networkstatus.h"
#include "nodelist.h"
#include "policies.h"
#include "router.h"
#include "routerparse.h"
#include "geoip.h"
#include "ht.h"
Data Structures | |
struct | policy_summary_item_t |
struct | policy_map_ent_t |
Macros | |
#define | POLICIES_PRIVATE |
#define | REJECT(arg) STMT_BEGIN *msg = tor_strdup(arg); goto err; STMT_END |
#define | CMP_FIELD(field) |
#define | DEFAULT_EXIT_POLICY |
#define | REDUCED_EXIT_POLICY |
#define | AT(x) ((policy_summary_item_t*)smartlist_get(summary, x)) |
#define | IPV4_BITS (32) |
#define | REJECT_CUTOFF_SCALE_IPV4 (0) |
#define | REJECT_CUTOFF_COUNT_IPV4 |
#define | IPV6_BITS (128) |
#define | REJECT_CUTOFF_SCALE_IPV6 (64) |
#define | REJECT_CUTOFF_COUNT_IPV6 |
Typedefs | |
typedef struct policy_summary_item_t | policy_summary_item_t |
typedef struct policy_map_ent_t | policy_map_ent_t |
Functions | |
void | policy_expand_private (smartlist_t **policy) |
void | policy_expand_unspec (smartlist_t **policy) |
int | firewall_is_fascist_or (void) |
int | firewall_is_fascist_dir (void) |
STATIC int | fascist_firewall_allows_address (const tor_addr_t *addr, uint16_t port, smartlist_t *firewall_policy, int pref_only, int pref_ipv6) |
int | fascist_firewall_use_ipv6 (const or_options_t *options) |
int | fascist_firewall_prefer_ipv6_orport (const or_options_t *options) |
int | fascist_firewall_prefer_ipv6_dirport (const or_options_t *options) |
int | fascist_firewall_allows_address_addr (const tor_addr_t *addr, uint16_t port, firewall_connection_t fw_connection, int pref_only, int pref_ipv6) |
int | fascist_firewall_allows_rs (const routerstatus_t *rs, firewall_connection_t fw_connection, int pref_only) |
int | fascist_firewall_allows_node (const node_t *node, firewall_connection_t fw_connection, int pref_only) |
int | fascist_firewall_allows_dir_server (const dir_server_t *ds, firewall_connection_t fw_connection, int pref_only) |
STATIC const tor_addr_port_t * | fascist_firewall_choose_address (const tor_addr_port_t *a, const tor_addr_port_t *b, int want_a, firewall_connection_t fw_connection, int pref_only, int pref_ipv6) |
void | fascist_firewall_choose_address_rs (const routerstatus_t *rs, firewall_connection_t fw_connection, int pref_only, tor_addr_port_t *ap) |
void | fascist_firewall_choose_address_node (const node_t *node, firewall_connection_t fw_connection, int pref_only, tor_addr_port_t *ap) |
void | fascist_firewall_choose_address_dir_server (const dir_server_t *ds, firewall_connection_t fw_connection, int pref_only, tor_addr_port_t *ap) |
int | dir_policy_permits_address (const tor_addr_t *addr) |
int | socks_policy_permits_address (const tor_addr_t *addr) |
int | authdir_policy_permits_address (uint32_t addr, uint16_t port) |
int | authdir_policy_valid_address (uint32_t addr, uint16_t port) |
int | authdir_policy_badexit_address (uint32_t addr, uint16_t port) |
int | validate_addr_policies (const or_options_t *options, char **msg) |
int | policies_parse_from_options (const or_options_t *options) |
int | addr_policies_eq (const smartlist_t *a, const smartlist_t *b) |
HT_PROTOTYPE (HT_GENERATE2(policy_map, HT_GENERATE2(policy_map_ent_t, HT_GENERATE2(node, HT_GENERATE2(policy_hash, HT_GENERATE2(policy_eq) | |
MOCK_IMPL (addr_policy_result_t, compare_tor_addr_to_addr_policy,(const tor_addr_t *addr, uint16_t port, const smartlist_t *policy)) | |
STATIC void | append_exit_policy_string (smartlist_t **policy, const char *more) |
void | addr_policy_append_reject_addr (smartlist_t **dest, const tor_addr_t *addr) |
void | addr_policy_append_reject_addr_list (smartlist_t **dest, const smartlist_t *addrs) |
void | policies_parse_exit_policy_reject_private (smartlist_t **dest, int ipv6_exit, const smartlist_t *configured_addresses, int reject_interface_addresses, int reject_configured_port_addresses) |
int | policies_parse_exit_policy (config_line_t *cfg, smartlist_t **dest, exit_policy_parser_cfg_t options, const smartlist_t *configured_addresses) |
int | policies_parse_exit_policy_from_options (const or_options_t *or_options, uint32_t local_address, const tor_addr_t *ipv6_local_address, smartlist_t **result) |
void | policies_exit_policy_append_reject_star (smartlist_t **dest) |
void | policies_set_node_exitpolicy_to_reject_all (node_t *node) |
int | exit_policy_is_general_exit (smartlist_t *policy) |
int | policy_is_reject_star (const smartlist_t *policy, sa_family_t family, int default_reject) |
int | policy_write_item (char *buf, size_t buflen, const addr_policy_t *policy, int format_for_desc) |
char * | policy_summarize (smartlist_t *policy, sa_family_t family) |
short_policy_t * | parse_short_policy (const char *summary) |
char * | write_short_policy (const short_policy_t *policy) |
void | short_policy_free_ (short_policy_t *policy) |
addr_policy_result_t | compare_tor_addr_to_short_policy (const tor_addr_t *addr, uint16_t port, const short_policy_t *policy) |
int | short_policy_is_reject_star (const short_policy_t *policy) |
addr_policy_result_t | compare_tor_addr_to_node_policy (const tor_addr_t *addr, uint16_t port, const node_t *node) |
char * | policy_dump_to_string (const smartlist_t *policy_list, int include_ipv4, int include_ipv6) |
int | getinfo_helper_policies (control_connection_t *conn, const char *question, char **answer, const char **errmsg) |
void | addr_policy_list_free_ (smartlist_t *lst) |
void | addr_policy_free_ (addr_policy_t *p) |
void | policies_free_all (void) |
Code to parse and use address policies and exit policies.
We have two key kinds of address policy: full and compressed. A full policy is an array of accept/reject patterns, to be applied in order. A short policy is simply a list of ports. This module handles both kinds, including generic functions to apply them to addresses, and also including code to manage the global policies that we apply to incoming and outgoing connections.
#define CMP_FIELD | ( | field | ) |
#define DEFAULT_EXIT_POLICY |
#define REDUCED_EXIT_POLICY |
#define REJECT_CUTOFF_COUNT_IPV4 |
#define REJECT_CUTOFF_COUNT_IPV6 |
typedef struct policy_map_ent_t policy_map_ent_t |
Node in hashtable used to store address policy entries.
typedef struct policy_summary_item_t policy_summary_item_t |
Element of an exit policy summary
int addr_policies_eq | ( | const smartlist_t * | a, |
const smartlist_t * | b | ||
) |
As single_addr_policy_eq, but compare every element of two policies.
void addr_policy_append_reject_addr | ( | smartlist_t ** | dest, |
const tor_addr_t * | addr | ||
) |
Add "reject <b>addr</b>:*" to dest, creating the list as needed.
void addr_policy_append_reject_addr_list | ( | smartlist_t ** | dest, |
const smartlist_t * | addrs | ||
) |
Add "reject addr:*" to dest, for each addr in addrs, creating the list as needed.
void addr_policy_free_ | ( | addr_policy_t * | p | ) |
Release all storage held by p.
void addr_policy_list_free_ | ( | smartlist_t * | lst | ) |
Release all storage held by p.
STATIC void append_exit_policy_string | ( | smartlist_t ** | policy, |
const char * | more | ||
) |
Add the exit policy described by more to policy.
int authdir_policy_badexit_address | ( | uint32_t | addr, |
uint16_t | port | ||
) |
Return 1 if addr:port should be marked as a bad exit, based on authdir_badexit_policy. Else return 0.
int authdir_policy_permits_address | ( | uint32_t | addr, |
uint16_t | port | ||
) |
Return 1 if addr:port is permitted to publish to our directory, based on authdir_reject_policy. Else return 0.
int authdir_policy_valid_address | ( | uint32_t | addr, |
uint16_t | port | ||
) |
Return 1 if addr:port is considered valid in our directory, based on authdir_invalid_policy. Else return 0.
addr_policy_result_t compare_tor_addr_to_node_policy | ( | const tor_addr_t * | addr, |
uint16_t | port, | ||
const node_t * | node | ||
) |
Decide whether addr:port is probably or definitely accepted or rejected by node. See compare_tor_addr_to_addr_policy for details on addr/port interpretation.
addr_policy_result_t compare_tor_addr_to_short_policy | ( | const tor_addr_t * | addr, |
uint16_t | port, | ||
const short_policy_t * | policy | ||
) |
See whether the addr:port address is likely to be accepted or rejected by the summarized policy policy. Return values are as for compare_tor_addr_to_addr_policy. Unlike the regular addr_policy functions, requires the port be specified.
int dir_policy_permits_address | ( | const tor_addr_t * | addr | ) |
Return 1 if addr is permitted to connect to our dir port, based on dir_policy. Else return 0.
int exit_policy_is_general_exit | ( | smartlist_t * | policy | ) |
Return true iff ri is "useful as an exit node", meaning it allows exit to at least one /8 address space for each of ports 80 and 443.
STATIC int fascist_firewall_allows_address | ( | const tor_addr_t * | addr, |
uint16_t | port, | ||
smartlist_t * | firewall_policy, | ||
int | pref_only, | ||
int | pref_ipv6 | ||
) |
Return true iff we think our firewall will let us make a connection to addr:port.
If we are configured as a server, ignore any address family preference and just use IPv4. Otherwise:
Return false if addr is NULL or tor_addr_is_null(), or if port is 0.
int fascist_firewall_allows_address_addr | ( | const tor_addr_t * | addr, |
uint16_t | port, | ||
firewall_connection_t | fw_connection, | ||
int | pref_only, | ||
int | pref_ipv6 | ||
) |
Return true iff we think our firewall will let us make a connection to addr:port. Uses ReachableORAddresses or ReachableDirAddresses based on fw_connection. If pref_only is true, return true if addr is in the client's preferred address family, which is IPv6 if pref_ipv6 is true, and IPv4 otherwise. If pref_only is false, ignore pref_ipv6, and return true if addr is allowed.
int fascist_firewall_allows_dir_server | ( | const dir_server_t * | ds, |
firewall_connection_t | fw_connection, | ||
int | pref_only | ||
) |
int fascist_firewall_allows_node | ( | const node_t * | node, |
firewall_connection_t | fw_connection, | ||
int | pref_only | ||
) |
Like fascist_firewall_allows_base(), but takes node, and looks up pref_ipv6 from node_ipv6_or/dir_preferred().
int fascist_firewall_allows_rs | ( | const routerstatus_t * | rs, |
firewall_connection_t | fw_connection, | ||
int | pref_only | ||
) |
Like fascist_firewall_allows_base(), but takes rs. When rs is a fake_status from a dir_server_t, it can have a reachable address, even when the corresponding node does not. nodes can be missing addresses when there's no consensus (IPv4 and IPv6), or when there is a microdescriptor consensus, but no microdescriptors (microdescriptors have IPv6, the microdesc consensus does not).
STATIC const tor_addr_port_t* fascist_firewall_choose_address | ( | const tor_addr_port_t * | a, |
const tor_addr_port_t * | b, | ||
int | want_a, | ||
firewall_connection_t | fw_connection, | ||
int | pref_only, | ||
int | pref_ipv6 | ||
) |
If a and b are both valid and preferred by fw_connection, choose one based on want_a and return it. Otherwise, return whichever is preferred. If neither are preferred, and pref_only is false:
void fascist_firewall_choose_address_dir_server | ( | const dir_server_t * | ds, |
firewall_connection_t | fw_connection, | ||
int | pref_only, | ||
tor_addr_port_t * | ap | ||
) |
void fascist_firewall_choose_address_node | ( | const node_t * | node, |
firewall_connection_t | fw_connection, | ||
int | pref_only, | ||
tor_addr_port_t * | ap | ||
) |
Like fascist_firewall_choose_address_base(), but takes node, and looks up the node's IPv6 preference rather than taking an argument for pref_ipv6.
void fascist_firewall_choose_address_rs | ( | const routerstatus_t * | rs, |
firewall_connection_t | fw_connection, | ||
int | pref_only, | ||
tor_addr_port_t * | ap | ||
) |
Like fascist_firewall_choose_address_base(), but takes rs. Consults the corresponding node, then falls back to rs if node is NULL. This should only happen when there's no valid consensus, and rs doesn't correspond to a bridge client's bridge.
int fascist_firewall_prefer_ipv6_dirport | ( | const or_options_t * | options | ) |
Do we prefer to connect to IPv6 DirPorts?
(node_ipv6_dir_preferred() doesn't support bridge client per-node IPv6 preferences. There's no reason to use it instead of this function.)
int fascist_firewall_prefer_ipv6_orport | ( | const or_options_t * | options | ) |
Do we prefer to connect to IPv6 ORPorts? Use node_ipv6_or_preferred() whenever possible: it supports bridge client per-node IPv6 preferences.
int fascist_firewall_use_ipv6 | ( | const or_options_t * | options | ) |
Is this client configured to use IPv6? Returns true if the client might use IPv6 for some of its connections (including dual-stack and IPv6-only clients), and false if it will never use IPv6 for any connections. Use node_ipv6_or/dir_preferred() when checking a specific node and OR/Dir port: it supports bridge client per-node IPv6 preferences.
int firewall_is_fascist_dir | ( | void | ) |
Return true iff the firewall options, including ClientUseIPv4 0 and ClientUseIPv6 0, might block any Dir address:port combination. Address preferences may still change which address is selected even if this function returns false.
int firewall_is_fascist_or | ( | void | ) |
Return true iff the firewall options, including ClientUseIPv4 0 and ClientUseIPv6 0, might block any OR address:port combination. Address preferences may still change which address is selected even if this function returns false.
int getinfo_helper_policies | ( | control_connection_t * | conn, |
const char * | question, | ||
char ** | answer, | ||
const char ** | errmsg | ||
) |
Implementation for GETINFO control command: knows the answer for questions about "exit-policy/..."
HT_PROTOTYPE | ( | HT_GENERATE2( | policy_map, |
HT_GENERATE2( | policy_map_ent_t, | ||
HT_GENERATE2( | node, | ||
HT_GENERATE2( | policy_hash, | ||
HT_GENERATE2( | policy_eq | ||
) |
Given a pointer to an addr_policy_t, return a copy of the pointer to the "canonical" copy of that addr_policy_t; the canonical copy is a single reference-counted object.
MOCK_IMPL | ( | addr_policy_result_t | , |
compare_tor_addr_to_addr_policy | , | ||
(const tor_addr_t *addr, uint16_t port, const smartlist_t *policy) | |||
) |
Decide whether a given addr:port is definitely accepted, definitely rejected, probably accepted, or probably rejected by a given policy. If addr is 0, we don't know the IP of the target address. If port is 0, we don't know the port of the target address. (At least one of addr and port must be provided. If you want to know whether a policy would definitely reject an unknown address:port, use policy_is_reject_star().)
We could do better by assuming that some ranges never match typical addresses (127.0.0.1, and so on). But we'll try this for now.
short_policy_t* parse_short_policy | ( | const char * | summary | ) |
Convert a summarized policy string into a short_policy_t. Return NULL if the string is not well-formed.
void policies_exit_policy_append_reject_star | ( | smartlist_t ** | dest | ) |
Add "reject *:*" to the end of the policy in *dest, allocating *dest as needed.
void policies_free_all | ( | void | ) |
Release all storage held by policy variables.
int policies_parse_exit_policy | ( | config_line_t * | cfg, |
smartlist_t ** | dest, | ||
exit_policy_parser_cfg_t | options, | ||
const smartlist_t * | configured_addresses | ||
) |
Parse exit policy in cfg into dest smartlist.
Prepend an entry that rejects all IPv6 destinations unless EXIT_POLICY_IPV6_ENABLED bit is set in options bitmask.
If EXIT_POLICY_REJECT_PRIVATE bit is set in options:
If EXIT_POLICY_ADD_DEFAULT bit is set in options, append default exit policy entries to result smartlist.
int policies_parse_exit_policy_from_options | ( | const or_options_t * | or_options, |
uint32_t | local_address, | ||
const tor_addr_t * | ipv6_local_address, | ||
smartlist_t ** | result | ||
) |
Parse ExitPolicy member of or_options into result smartlist. If or_options->IPv6Exit is false, prepend an entry that rejects all IPv6 destinations.
If or_options->ExitPolicyRejectPrivate is true:
If or_options->BridgeRelay is false, append entries of default Tor exit policy into result smartlist.
If or_options->ExitRelay is false, then make our exit policy into "reject *:*" regardless.
void policies_parse_exit_policy_reject_private | ( | smartlist_t ** | dest, |
int | ipv6_exit, | ||
const smartlist_t * | configured_addresses, | ||
int | reject_interface_addresses, | ||
int | reject_configured_port_addresses | ||
) |
Reject private helper for policies_parse_exit_policy_internal: rejects publicly routable addresses on this exit relay.
Add reject entries to the linked list *dest:
IPv6 entries are only added if ipv6_exit is true. (All IPv6 addresses are already blocked by policies_parse_exit_policy_internal if ipv6_exit is false.)
The list in dest is created as needed.
int policies_parse_from_options | ( | const or_options_t * | options | ) |
Set all policies based on options, which should have been validated first by validate_addr_policies.
void policies_set_node_exitpolicy_to_reject_all | ( | node_t * | node | ) |
Replace the exit policy of node with reject *:*
char* policy_dump_to_string | ( | const smartlist_t * | policy_list, |
int | include_ipv4, | ||
int | include_ipv6 | ||
) |
Given policy_list, a list of addr_policy_t, produce a string representation of the list. If include_ipv4 is true, include IPv4 entries. If include_ipv6 is true, include IPv6 entries.
void policy_expand_private | ( | smartlist_t ** | policy | ) |
Replace all "private" entries in *policy with their expanded equivalents.
void policy_expand_unspec | ( | smartlist_t ** | policy | ) |
Expand each of the AF_UNSPEC elements in *policy (which indicate protocol-neutral wildcards) into a pair of wildcard elements: one IPv4- specific and one IPv6-specific.
int policy_is_reject_star | ( | const smartlist_t * | policy, |
sa_family_t | family, | ||
int | default_reject | ||
) |
Return false if policy might permit access to some addr:port; otherwise if we are certain it rejects everything, return true. If no part of policy matches, return default_reject. NULL policies are allowed, and treated as empty.
char* policy_summarize | ( | smartlist_t * | policy, |
sa_family_t | family | ||
) |
Create a string representing a summary for an exit policy. The summary will either be an "accept" plus a comma-separated list of port ranges or a "reject" plus port-ranges, depending on which is shorter.
If no exits are allowed at all then "reject 1-65535" is returned. If no ports are blocked instead of "reject " we return "accept 1-65535". (These are an exception to the shorter-representation-wins rule).
int policy_write_item | ( | char * | buf, |
size_t | buflen, | ||
const addr_policy_t * | policy, | ||
int | format_for_desc | ||
) |
Write a single address policy to the buf_len byte buffer at buf. Return the number of characters written, or -1 on failure.
void short_policy_free_ | ( | short_policy_t * | policy | ) |
Release all storage held in policy.
int short_policy_is_reject_star | ( | const short_policy_t * | policy | ) |
Return true iff policy seems reject all ports
int socks_policy_permits_address | ( | const tor_addr_t * | addr | ) |
Return 1 if addr is permitted to connect to our socks port, based on socks_policy. Else return 0.
int validate_addr_policies | ( | const or_options_t * | options, |
char ** | msg | ||
) |
Config helper: If there's any problem with the policy configuration options in options, return -1 and set msg to a newly allocated description of the error. Else return 0.
char* write_short_policy | ( | const short_policy_t * | policy | ) |
Write policy back out into a string.