Loading src/or/policies.c +83 −12 Original line number Diff line number Diff line Loading @@ -917,13 +917,16 @@ typedef struct policy_summary_item_t { uint16_t prt_max; /**< Highest port number to accept/reject. */ uint64_t reject_count; /**< Number of IP-Addresses that are rejected to this portrange. */ int accepted:1; /** Has this port already been accepted */ } policy_summary_item_t; smartlist_t *policy_summary_create(void); void policy_summary_accept(smartlist_t *summary, uint16_t prt_min, uint16_t prt_max); void policy_summary_reject(smartlist_t *summary, uint16_t prt_min, uint16_t prt_max); void policy_summary_reject(smartlist_t *summary, maskbits_t maskbits, uint16_t prt_min, uint16_t prt_max); void policy_summary_add_item(smartlist_t *summary, addr_policy_t *p); void policy_summarize(smartlist_t *policy); int policy_summary_split(smartlist_t *summary, uint16_t prt_min, uint16_t prt_max); policy_summary_item_t* policy_summary_item_split(policy_summary_item_t* old, uint16_t new_starts); /** Create a new exit policy summary, initially only with a single * port 1-64k item */ Loading @@ -937,6 +940,7 @@ policy_summary_create(void) item->prt_min = 1; item->prt_max = 65535; item->reject_count = 0; item->accepted = 0; summary = smartlist_create(); smartlist_add(summary, item); Loading @@ -944,24 +948,91 @@ policy_summary_create(void) return summary; } /** Split the summary item in <b>item</b> at the port <b>new_starts</b>. * The current item is changed to end at new-starts - 1, the new item * copies reject_count and accepted from the old item, * starts at new_starts and ends at the port where the original item * previously ended. */ policy_summary_item_t* policy_summary_item_split(policy_summary_item_t* old, uint16_t new_starts) { policy_summary_item_t* new; new = tor_malloc_zero(sizeof(policy_summary_item_t)); new->prt_min = new_starts; new->prt_max = old->prt_max; new->reject_count = old->reject_count; new->accepted = old->accepted; old->prt_max = new_starts-1; tor_assert(old->prt_min < old->prt_max); tor_assert(new->prt_min < new->prt_max); return new; } #define AT(x) ((policy_summary_item_t*)smartlist_get(summary, x)) #define REJECT_CUTOFF_COUNT (1<<25) /* Split an exit policy summary so that prt_min and prt_max * fall at exactly the start and end of an item respectively. */ int policy_summary_split(smartlist_t *summary, uint16_t prt_min, uint16_t prt_max) { int start_at_index; int i = 0; while (AT(i)->prt_max < prt_min) i++; if (AT(i)->prt_min != prt_min) { policy_summary_item_t* new_item; new_item = policy_summary_item_split(AT(i), prt_min); smartlist_insert(summary, i+1, new_item); i++; } start_at_index = i; while(AT(i)->prt_max < prt_max) i++; if (AT(i)->prt_max != prt_max) { policy_summary_item_t* new_item; new_item = policy_summary_item_split(AT(i), prt_max+1); smartlist_insert(summary, i+1, new_item); } return start_at_index; } /** Mark port ranges as accepted if they are below the reject_count */ void policy_summary_accept(smartlist_t *summary, uint16_t prt_min, uint16_t prt_max) { /* XXX */ (void) summary; (void) prt_min; (void) prt_max; int i = policy_summary_split(summary, prt_min, prt_max); while (AT(i)->prt_max <= prt_max) { if (AT(i)->accepted || AT(i)->reject_count > REJECT_CUTOFF_COUNT) continue; AT(i)->accepted = 1; i++; } } /** Count the number of addresses in a network with prefixlen maskbits * against the given portrange. */ void policy_summary_reject(smartlist_t *summary, maskbits_t maskbits, uint16_t prt_min, uint16_t prt_max) { /* XXX */ (void) summary; (void) prt_min; (void) prt_max; int i = policy_summary_split(summary, prt_min, prt_max); /* XXX: ipv4 specific */ int count = (1 << (32-maskbits)); while (AT(i)->prt_max <= prt_max) { AT(i)->reject_count += count; i++; } } /** Add a single exit policy item to our summary */ Loading Loading @@ -991,7 +1062,7 @@ policy_summary_add_item(smartlist_t *summary, addr_policy_t *p) } if (!is_private) { policy_summary_reject(summary, p->prt_min, p->prt_max); policy_summary_reject(summary, p->maskbits, p->prt_min, p->prt_max); } } else tor_assert(0); Loading Loading
src/or/policies.c +83 −12 Original line number Diff line number Diff line Loading @@ -917,13 +917,16 @@ typedef struct policy_summary_item_t { uint16_t prt_max; /**< Highest port number to accept/reject. */ uint64_t reject_count; /**< Number of IP-Addresses that are rejected to this portrange. */ int accepted:1; /** Has this port already been accepted */ } policy_summary_item_t; smartlist_t *policy_summary_create(void); void policy_summary_accept(smartlist_t *summary, uint16_t prt_min, uint16_t prt_max); void policy_summary_reject(smartlist_t *summary, uint16_t prt_min, uint16_t prt_max); void policy_summary_reject(smartlist_t *summary, maskbits_t maskbits, uint16_t prt_min, uint16_t prt_max); void policy_summary_add_item(smartlist_t *summary, addr_policy_t *p); void policy_summarize(smartlist_t *policy); int policy_summary_split(smartlist_t *summary, uint16_t prt_min, uint16_t prt_max); policy_summary_item_t* policy_summary_item_split(policy_summary_item_t* old, uint16_t new_starts); /** Create a new exit policy summary, initially only with a single * port 1-64k item */ Loading @@ -937,6 +940,7 @@ policy_summary_create(void) item->prt_min = 1; item->prt_max = 65535; item->reject_count = 0; item->accepted = 0; summary = smartlist_create(); smartlist_add(summary, item); Loading @@ -944,24 +948,91 @@ policy_summary_create(void) return summary; } /** Split the summary item in <b>item</b> at the port <b>new_starts</b>. * The current item is changed to end at new-starts - 1, the new item * copies reject_count and accepted from the old item, * starts at new_starts and ends at the port where the original item * previously ended. */ policy_summary_item_t* policy_summary_item_split(policy_summary_item_t* old, uint16_t new_starts) { policy_summary_item_t* new; new = tor_malloc_zero(sizeof(policy_summary_item_t)); new->prt_min = new_starts; new->prt_max = old->prt_max; new->reject_count = old->reject_count; new->accepted = old->accepted; old->prt_max = new_starts-1; tor_assert(old->prt_min < old->prt_max); tor_assert(new->prt_min < new->prt_max); return new; } #define AT(x) ((policy_summary_item_t*)smartlist_get(summary, x)) #define REJECT_CUTOFF_COUNT (1<<25) /* Split an exit policy summary so that prt_min and prt_max * fall at exactly the start and end of an item respectively. */ int policy_summary_split(smartlist_t *summary, uint16_t prt_min, uint16_t prt_max) { int start_at_index; int i = 0; while (AT(i)->prt_max < prt_min) i++; if (AT(i)->prt_min != prt_min) { policy_summary_item_t* new_item; new_item = policy_summary_item_split(AT(i), prt_min); smartlist_insert(summary, i+1, new_item); i++; } start_at_index = i; while(AT(i)->prt_max < prt_max) i++; if (AT(i)->prt_max != prt_max) { policy_summary_item_t* new_item; new_item = policy_summary_item_split(AT(i), prt_max+1); smartlist_insert(summary, i+1, new_item); } return start_at_index; } /** Mark port ranges as accepted if they are below the reject_count */ void policy_summary_accept(smartlist_t *summary, uint16_t prt_min, uint16_t prt_max) { /* XXX */ (void) summary; (void) prt_min; (void) prt_max; int i = policy_summary_split(summary, prt_min, prt_max); while (AT(i)->prt_max <= prt_max) { if (AT(i)->accepted || AT(i)->reject_count > REJECT_CUTOFF_COUNT) continue; AT(i)->accepted = 1; i++; } } /** Count the number of addresses in a network with prefixlen maskbits * against the given portrange. */ void policy_summary_reject(smartlist_t *summary, maskbits_t maskbits, uint16_t prt_min, uint16_t prt_max) { /* XXX */ (void) summary; (void) prt_min; (void) prt_max; int i = policy_summary_split(summary, prt_min, prt_max); /* XXX: ipv4 specific */ int count = (1 << (32-maskbits)); while (AT(i)->prt_max <= prt_max) { AT(i)->reject_count += count; i++; } } /** Add a single exit policy item to our summary */ Loading Loading @@ -991,7 +1062,7 @@ policy_summary_add_item(smartlist_t *summary, addr_policy_t *p) } if (!is_private) { policy_summary_reject(summary, p->prt_min, p->prt_max); policy_summary_reject(summary, p->maskbits, p->prt_min, p->prt_max); } } else tor_assert(0); Loading
