tor  master
policies.h
Go to the documentation of this file.
1 /* Copyright (c) 2001 Matej Pfajfar.
2  * Copyright (c) 2001-2004, Roger Dingledine.
3  * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson.
4  * Copyright (c) 2007-2017, The Tor Project, Inc. */
5 /* See LICENSE for licensing information */
6 
12 #ifndef TOR_POLICIES_H
13 #define TOR_POLICIES_H
14 
15 /* (length of
16  * "accept6 [ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff]/128:65535-65535\n"
17  * plus a terminating NUL, rounded up to a nice number.)
18  */
19 #define POLICY_BUF_LEN 72
20 
21 #define EXIT_POLICY_IPV6_ENABLED (1 << 0)
22 #define EXIT_POLICY_REJECT_PRIVATE (1 << 1)
23 #define EXIT_POLICY_ADD_DEFAULT (1 << 2)
24 #define EXIT_POLICY_REJECT_LOCAL_INTERFACES (1 << 3)
25 #define EXIT_POLICY_ADD_REDUCED (1 << 4)
26 #define EXIT_POLICY_OPTION_MAX EXIT_POLICY_ADD_REDUCED
27 /* All options set: used for unit testing */
28 #define EXIT_POLICY_OPTION_ALL ((EXIT_POLICY_OPTION_MAX << 1) - 1)
29 
30 typedef enum firewall_connection_t {
31  FIREWALL_OR_CONNECTION = 0,
32  FIREWALL_DIR_CONNECTION = 1
33 } firewall_connection_t;
34 
35 typedef int exit_policy_parser_cfg_t;
36 
37 int firewall_is_fascist_or(void);
38 int firewall_is_fascist_dir(void);
39 int fascist_firewall_use_ipv6(const or_options_t *options);
40 int fascist_firewall_prefer_ipv6_orport(const or_options_t *options);
41 int fascist_firewall_prefer_ipv6_dirport(const or_options_t *options);
42 
43 int fascist_firewall_allows_address_addr(const tor_addr_t *addr,
44  uint16_t port,
45  firewall_connection_t fw_connection,
46  int pref_only, int pref_ipv6);
47 
48 int fascist_firewall_allows_rs(const routerstatus_t *rs,
49  firewall_connection_t fw_connection,
50  int pref_only);
51 int fascist_firewall_allows_node(const node_t *node,
52  firewall_connection_t fw_connection,
53  int pref_only);
54 int fascist_firewall_allows_dir_server(const dir_server_t *ds,
55  firewall_connection_t fw_connection,
56  int pref_only);
57 
58 void fascist_firewall_choose_address_rs(const routerstatus_t *rs,
59  firewall_connection_t fw_connection,
60  int pref_only, tor_addr_port_t* ap);
61 void fascist_firewall_choose_address_node(const node_t *node,
62  firewall_connection_t fw_connection,
63  int pref_only, tor_addr_port_t* ap);
64 void fascist_firewall_choose_address_dir_server(const dir_server_t *ds,
65  firewall_connection_t fw_connection,
66  int pref_only, tor_addr_port_t* ap);
67 
68 int dir_policy_permits_address(const tor_addr_t *addr);
69 int socks_policy_permits_address(const tor_addr_t *addr);
70 int authdir_policy_permits_address(uint32_t addr, uint16_t port);
71 int authdir_policy_valid_address(uint32_t addr, uint16_t port);
72 int authdir_policy_badexit_address(uint32_t addr, uint16_t port);
73 
74 int validate_addr_policies(const or_options_t *options, char **msg);
75 void policy_expand_private(smartlist_t **policy);
76 void policy_expand_unspec(smartlist_t **policy);
77 int policies_parse_from_options(const or_options_t *options);
78 
79 addr_policy_t *addr_policy_get_canonical_entry(addr_policy_t *ent);
80 int addr_policies_eq(const smartlist_t *a, const smartlist_t *b);
81 MOCK_DECL(addr_policy_result_t, compare_tor_addr_to_addr_policy,
82  (const tor_addr_t *addr, uint16_t port, const smartlist_t *policy));
83 addr_policy_result_t compare_tor_addr_to_node_policy(const tor_addr_t *addr,
84  uint16_t port, const node_t *node);
85 
86 int policies_parse_exit_policy_from_options(
87  const or_options_t *or_options,
88  uint32_t local_address,
89  const tor_addr_t *ipv6_local_address,
90  smartlist_t **result);
91 int policies_parse_exit_policy(config_line_t *cfg, smartlist_t **dest,
92  exit_policy_parser_cfg_t options,
93  const smartlist_t *configured_addresses);
94 void policies_parse_exit_policy_reject_private(
95  smartlist_t **dest,
96  int ipv6_exit,
97  const smartlist_t *configured_addresses,
98  int reject_interface_addresses,
99  int reject_configured_port_addresses);
100 void policies_exit_policy_append_reject_star(smartlist_t **dest);
101 void addr_policy_append_reject_addr(smartlist_t **dest,
102  const tor_addr_t *addr);
103 void addr_policy_append_reject_addr_list(smartlist_t **dest,
104  const smartlist_t *addrs);
105 void policies_set_node_exitpolicy_to_reject_all(node_t *exitrouter);
106 int exit_policy_is_general_exit(smartlist_t *policy);
107 int policy_is_reject_star(const smartlist_t *policy, sa_family_t family,
108  int reject_by_default);
109 char * policy_dump_to_string(const smartlist_t *policy_list,
110  int include_ipv4,
111  int include_ipv6);
112 int getinfo_helper_policies(control_connection_t *conn,
113  const char *question, char **answer,
114  const char **errmsg);
115 int policy_write_item(char *buf, size_t buflen, const addr_policy_t *item,
116  int format_for_desc);
117 
118 void addr_policy_list_free_(smartlist_t *p);
119 #define addr_policy_list_free(lst) \
120  FREE_AND_NULL(smartlist_t, addr_policy_list_free_, (lst))
121 void addr_policy_free_(addr_policy_t *p);
122 #define addr_policy_free(p) \
123  FREE_AND_NULL(addr_policy_t, addr_policy_free_, (p))
124 void policies_free_all(void);
125 
126 char *policy_summarize(smartlist_t *policy, sa_family_t family);
127 
128 short_policy_t *parse_short_policy(const char *summary);
129 char *write_short_policy(const short_policy_t *policy);
130 void short_policy_free_(short_policy_t *policy);
131 #define short_policy_free(p) \
132  FREE_AND_NULL(short_policy_t, short_policy_free_, (p))
133 int short_policy_is_reject_star(const short_policy_t *policy);
134 addr_policy_result_t compare_tor_addr_to_short_policy(
135  const tor_addr_t *addr, uint16_t port,
136  const short_policy_t *policy);
137 
138 #ifdef POLICIES_PRIVATE
139 STATIC void append_exit_policy_string(smartlist_t **policy, const char *more);
140 STATIC int fascist_firewall_allows_address(const tor_addr_t *addr,
141  uint16_t port,
142  smartlist_t *firewall_policy,
143  int pref_only, int pref_ipv6);
144 STATIC const tor_addr_port_t * fascist_firewall_choose_address(
145  const tor_addr_port_t *a,
146  const tor_addr_port_t *b,
147  int want_a,
148  firewall_connection_t fw_connection,
149  int pref_only, int pref_ipv6);
150 
151 #endif /* defined(POLICIES_PRIVATE) */
152 
153 #endif /* !defined(TOR_POLICIES_H) */
154 
getinfo_helper_policies
int getinfo_helper_policies(control_connection_t *conn, const char *question, char **answer, const char **errmsg)
Definition: policies.c:2974
policies_parse_exit_policy_from_options
int policies_parse_exit_policy_from_options(const or_options_t *or_options, uint32_t local_address, const tor_addr_t *ipv6_local_address, smartlist_t **result)
Definition: policies.c:2115
config_line_t
Definition: confline.h:23
or_options_t
Definition: or.h:3657
firewall_is_fascist_dir
int firewall_is_fascist_dir(void)
Definition: policies.c:343
fascist_firewall_prefer_ipv6_orport
int fascist_firewall_prefer_ipv6_orport(const or_options_t *options)
Definition: policies.c:476
node_t
Definition: or.h:2504
addr_policy_free_
void addr_policy_free_(addr_policy_t *p)
Definition: policies.c:3082
fascist_firewall_prefer_ipv6_dirport
int fascist_firewall_prefer_ipv6_dirport(const or_options_t *options)
Definition: policies.c:498
fascist_firewall_choose_address_dir_server
void fascist_firewall_choose_address_dir_server(const dir_server_t *ds, firewall_connection_t fw_connection, int pref_only, tor_addr_port_t *ap)
Definition: policies.c:1038
policy_summarize
char * policy_summarize(smartlist_t *policy, sa_family_t family)
Definition: policies.c:2583
authdir_policy_permits_address
int authdir_policy_permits_address(uint32_t addr, uint16_t port)
Definition: policies.c:1101
tor_addr_t
Definition: address.h:56
policies_parse_exit_policy
int policies_parse_exit_policy(config_line_t *cfg, smartlist_t **dest, exit_policy_parser_cfg_t options, const smartlist_t *configured_addresses)
Definition: policies.c:2016
policy_dump_to_string
char * policy_dump_to_string(const smartlist_t *policy_list, int include_ipv4, int include_ipv6)
Definition: policies.c:2931
authdir_policy_badexit_address
int authdir_policy_badexit_address(uint32_t addr, uint16_t port)
Definition: policies.c:1123
addr_policy_list_free_
void addr_policy_list_free_(smartlist_t *p)
Definition: policies.c:3072
fascist_firewall_allows_dir_server
int fascist_firewall_allows_dir_server(const dir_server_t *ds, firewall_connection_t fw_connection, int pref_only)
Definition: policies.c:736
fascist_firewall_use_ipv6
int fascist_firewall_use_ipv6(const or_options_t *options)
Definition: policies.c:437
policy_write_item
int policy_write_item(char *buf, size_t buflen, const addr_policy_t *item, int format_for_desc)
Definition: policies.c:2278
dir_policy_permits_address
int dir_policy_permits_address(const tor_addr_t *addr)
Definition: policies.c:1065
fascist_firewall_allows_address
STATIC int fascist_firewall_allows_address(const tor_addr_t *addr, uint16_t port, smartlist_t *firewall_policy, int pref_only, int pref_ipv6)
Definition: policies.c:398
MOCK_DECL
MOCK_DECL(int, router_have_minimum_dir_info,(void))
append_exit_policy_string
STATIC void append_exit_policy_string(smartlist_t **policy, const char *more)
Definition: policies.c:1579
policy_expand_private
void policy_expand_private(smartlist_t **policy)
Definition: policies.c:91
smartlist_t
Definition: container.h:18
policies_parse_from_options
int policies_parse_from_options(const or_options_t *options)
Definition: policies.c:1250
tor_addr_port_t
Definition: address.h:68
fascist_firewall_allows_rs
int fascist_firewall_allows_rs(const routerstatus_t *rs, firewall_connection_t fw_connection, int pref_only)
Definition: policies.c:652
policy_is_reject_star
int policy_is_reject_star(const smartlist_t *policy, sa_family_t family, int reject_by_default)
Definition: policies.c:2254
write_short_policy
char * write_short_policy(const short_policy_t *policy)
Definition: policies.c:2792
parse_short_policy
short_policy_t * parse_short_policy(const char *summary)
Definition: policies.c:2695
addr_policies_eq
int addr_policies_eq(const smartlist_t *a, const smartlist_t *b)
Definition: policies.c:1300
short_policy_is_reject_star
int short_policy_is_reject_star(const short_policy_t *policy)
Definition: policies.c:2876
dir_server_t
Definition: or.h:5382
addr_policy_append_reject_addr
void addr_policy_append_reject_addr(smartlist_t **dest, const tor_addr_t *addr)
Definition: policies.c:1593
fascist_firewall_choose_address_rs
void fascist_firewall_choose_address_rs(const routerstatus_t *rs, firewall_connection_t fw_connection, int pref_only, tor_addr_port_t *ap)
Definition: policies.c:950
exit_policy_is_general_exit
int exit_policy_is_general_exit(smartlist_t *policy)
Definition: policies.c:2240
control_connection_t
Definition: or.h:1885
compare_tor_addr_to_short_policy
addr_policy_result_t compare_tor_addr_to_short_policy(const tor_addr_t *addr, uint16_t port, const short_policy_t *policy)
Definition: policies.c:2828
socks_policy_permits_address
int socks_policy_permits_address(const tor_addr_t *addr)
Definition: policies.c:1074
validate_addr_policies
int validate_addr_policies(const or_options_t *options, char **msg)
Definition: policies.c:1137
policies_free_all
void policies_free_all(void)
Definition: policies.c:3103
addr_policy_result_t
addr_policy_result_t
Definition: or.h:5221
short_policy_t
Definition: or.h:2415
fascist_firewall_choose_address_node
void fascist_firewall_choose_address_node(const node_t *node, firewall_connection_t fw_connection, int pref_only, tor_addr_port_t *ap)
Definition: policies.c:988
addr_policy_t
Definition: or.h:1991
policy_expand_unspec
void policy_expand_unspec(smartlist_t **policy)
Definition: policies.c:131
fascist_firewall_allows_node
int fascist_firewall_allows_node(const node_t *node, firewall_connection_t fw_connection, int pref_only)
Definition: policies.c:698
fascist_firewall_allows_address_addr
int fascist_firewall_allows_address_addr(const tor_addr_t *addr, uint16_t port, firewall_connection_t fw_connection, int pref_only, int pref_ipv6)
Definition: policies.c:522
addr_policy_append_reject_addr_list
void addr_policy_append_reject_addr_list(smartlist_t **dest, const smartlist_t *addrs)
Definition: policies.c:1650
policies_parse_exit_policy_reject_private
void policies_parse_exit_policy_reject_private(smartlist_t **dest, int ipv6_exit, const smartlist_t *configured_addresses, int reject_interface_addresses, int reject_configured_port_addresses)
Definition: policies.c:1781
routerstatus_t
Definition: or.h:2344
authdir_policy_valid_address
int authdir_policy_valid_address(uint32_t addr, uint16_t port)
Definition: policies.c:1112
compare_tor_addr_to_node_policy
addr_policy_result_t compare_tor_addr_to_node_policy(const tor_addr_t *addr, uint16_t port, const node_t *node)
Definition: policies.c:2893
short_policy_free_
void short_policy_free_(short_policy_t *policy)
Definition: policies.c:2818
firewall_is_fascist_or
int firewall_is_fascist_or(void)
Definition: policies.c:332
policies_exit_policy_append_reject_star
void policies_exit_policy_append_reject_star(smartlist_t **dest)
Definition: policies.c:2176
policies_set_node_exitpolicy_to_reject_all
void policies_set_node_exitpolicy_to_reject_all(node_t *exitrouter)
Definition: policies.c:2184
fascist_firewall_choose_address
STATIC const tor_addr_port_t * fascist_firewall_choose_address(const tor_addr_port_t *a, const tor_addr_port_t *b, int want_a, firewall_connection_t fw_connection, int pref_only, int pref_ipv6)
Definition: policies.c:797
Generated by   doxygen 1.8.13