Commit f37f7daa authored by Nick Mathewson's avatar Nick Mathewson 🎨
Browse files

Add port ranges to exit policies


svn:r899
parent c425f2e0
......@@ -329,7 +329,8 @@ struct exit_policy_t {
char *string;
uint32_t addr;
uint32_t msk;
uint16_t prt;
uint16_t prt_min;
uint16_t prt_max;
struct exit_policy_t *next;
};
......
......@@ -453,16 +453,22 @@ int router_dump_router_to_string(char *s, int maxlen, routerinfo_t *router,
return -1;
written += result;
}
if (tmpe->prt) {
result = snprintf(s+written, maxlen-written, ":%d\n", tmpe->prt);
if (tmpe->prt_min == 1 && tmpe->prt_max == 65535) {
if (written > maxlen-4)
return -1;
strcat(s+written, ":*\n");
written += 3;
} else if (tmpe->prt_min == tmpe->prt_max) {
result = snprintf(s+written, maxlen-written, ":%d\n", tmpe->prt_min);
if (result<0 || result+written > maxlen)
return -1;
written += result;
} else {
if (written > maxlen-4)
result = snprintf(s+written, maxlen-written, ":%d-%d\n", tmpe->prt_min,
tmpe->prt_max);
if (result<0 || result+written > maxlen)
return -1;
strcat(s+written, ":*\n");
written += 3;
written += result;
}
} /* end for */
if (written > maxlen-256) /* Not enough room for signature. */
......
......@@ -424,10 +424,10 @@ int router_compare_addr_to_exit_policy(uint32_t addr, uint16_t port,
log_fn(LOG_DEBUG,"Considering exit policy %s", tmpe->string);
if (!addr) {
/* Address is unknown. */
if (tmpe->msk == 0 && (!tmpe || port == tmpe->prt)) {
if (tmpe->msk == 0 && (port >= tmpe->prt_min && port <= tmpe->prt_max)) {
/* The exit policy is accept/reject *:port */
match = 1;
} else if ((!tmpe->prt || port == tmpe->prt) &&
} else if (port >= tmpe->prt_min && port <= tmpe->prt_max &&
tmpe->policy_type == EXIT_POLICY_REJECT) {
/* The exit policy is reject ???:port */
maybe_reject = 1;
......@@ -435,7 +435,7 @@ int router_compare_addr_to_exit_policy(uint32_t addr, uint16_t port,
} else {
/* Address is known */
if ( (addr & tmpe->msk) == (tmpe->addr & tmpe->msk) &&
(!tmpe->prt || port == tmpe->prt) ) {
(port >= tmpe->prt_min && port <= tmpe->prt_max) ) {
/* Exact match for the policy */
match = 1;
}
......@@ -947,23 +947,34 @@ static int router_add_exit_policy(routerinfo_t *router,
}
}
if (strcmp(port, "*") == 0) {
newe->prt = 0;
newe->prt_min = 1;
newe->prt_max = 65535;
} else {
endptr = NULL;
newe->prt = strtol(port, &endptr, 10);
if (*endptr) {
newe->prt_min = strtol(port, &endptr, 10);
if (*endptr == '-') {
port = endptr+1;
endptr = NULL;
newe->prt_max = strtol(port, &endptr, 10);
if (*endptr) {
log_fn(LOG_WARN, "Malformed port %s on exit policy; rejecting.",
port);
}
} else if (*endptr) {
log_fn(LOG_WARN, "Malformed port %s on exit policy; rejecting.",
port);
goto policy_read_failed;
} else {
newe->prt_max = newe->prt_min;
}
}
in.s_addr = htonl(newe->addr);
address = tor_strdup(inet_ntoa(in));
in.s_addr = htonl(newe->msk);
log_fn(LOG_DEBUG,"%s %s/%s:%d",
log_fn(LOG_DEBUG,"%s %s/%s:%d-%d",
newe->policy_type == EXIT_POLICY_REJECT ? "reject" : "accept",
address, inet_ntoa(in), newe->prt);
address, inet_ntoa(in), newe->prt_min, newe->prt_max);
tor_free(address);
/* now link newe onto the end of exit_policy */
......
......@@ -560,12 +560,12 @@ test_dir_format()
ex1.string = NULL;
ex1.addr = 0;
ex1.msk = 0;
ex1.prt = 80;
ex1.prt_min = ex1.prt_max = 80;
ex1.next = &ex2;
ex2.policy_type = EXIT_POLICY_REJECT;
ex2.addr = 18 << 24;
ex2.msk = 0xFF000000u;
ex2.prt = 24;
ex2.prt_min = ex1.prt_max = 24;
ex2.next = NULL;
r2.address = "tor.tor.tor";
r2.addr = 0x0a030201u; /* 10.3.2.1 */
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment