Add code for letting user select Reduced Exit Policy

b70e11ef · Neel Chauhan · Nick Mathewson · 4700ba6c · b70e11ef · b70e11ef
Commit b70e11ef authored Oct 10, 2017 by Neel Chauhan Committed by Nick Mathewson Oct 31, 2017
--- a/src/or/config.c
+++ b/src/or/config.c
@@ -485,6 +485,7 @@ static config_var_t option_vars_[] = {
  V(RendPostPeriod,              INTERVAL, "1 hour"),
  V(RephistTrackTime,            INTERVAL, "24 hours"),
  V(RunAsDaemon,                 BOOL,     "0"),
+  V(ReducedExitPolicy,           BOOL,     "0"),
  OBSOLETE("RunTesting"), // currently unused
  V(Sandbox,                     BOOL,     "0"),
  V(SafeLogging,                 STRING,   "1"),

--- a/src/or/or.h
+++ b/src/or/or.h
@@ -3674,6 +3674,7 @@ typedef struct {
                                        * interface addresses?
                                        * Includes OutboundBindAddresses and
                                        * configured ports. */
+  int ReducedExitPolicy; /**<Should we use the Reduced Exit Policy? */
  config_line_t *SocksPolicy; /**< Lists of socks policy components */
  config_line_t *DirPolicy; /**< Lists of dir policy components */
  /** Local address to bind outbound sockets */

--- a/src/or/policies.c
+++ b/src/or/policies.c
@@ -81,7 +81,8 @@ static int policies_parse_exit_policy_internal(
                                      const smartlist_t *configured_addresses,
                                      int reject_interface_addresses,
                                      int reject_configured_port_addresses,
-                                      int add_default_policy);
+                                      int add_default_policy,
+                                      int add_reduced_policy);

 /** Replace all "private" entries in *<b>policy</b> with their expanded
 * equivalents. */
@@ -1877,6 +1878,24 @@ policies_log_first_redundant_entry(const smartlist_t *policy)
  "reject *:563,reject *:1214,reject *:4661-4666,"                  \
  "reject *:6346-6429,reject *:6699,reject *:6881-6999,accept *:*"

+#define REDUCED_EXIT_POLICY                                                   \
+  "accept *:20-23,accept *:43,accept *:53,accept *:79-81,accept *:88,"        \
+  "accept *:110,accept *:143,accept *:194,accept *:220,accept *:389,"         \
+  "accept *:443,accept *:464,accept *:465,accept *:531,accept *:543-544,"     \
+  "accept *:554,accept *:563,accept *:587,accept *:636,accept *:706,"         \
+  "accept *:749,accept *:873,accept *:902-904,accept *:981,accept *:989-995," \
+  "accept *:1194,accept *:1220,accept *:1293,accept *:1500,accept *:1533,"    \
+  "accept *:1677,accept *:1723,accept *:1755,accept *:1863,"                  \
+  "accept *:2082-2083,accept *:2086-2087,accept *:2095-2096,"                 \
+  "accept *:2102-2104,accept *:3128,accept *:3389,accept *:3690,"             \
+  "accept *:4321,accept *:4643,accept *:5050,accept *:5190,"                  \
+  "accept *:5222-5223,accept *:5228,accept *:5900,accept *:6660-6669,"        \
+  "accept *:6679,accept *:6697,accept *:8000,accept *:8008,accept *:8074,"    \
+  "accept *:8080,accept *:8082,accept *:8087-8088,accept *:8232-8233,"        \
+  "accept *:8332-8333,accept *:8443,accept *:8888,accept *:9418,"             \
+  "accept *:9999,accept *:10000,accept *:11371,accept *:19294,"               \
+  "accept *:19638,accept *:50002,accept *:64738,reject *:*"
+
 /** Parse the exit policy <b>cfg</b> into the linked list *<b>dest</b>.
 *
 * If <b>ipv6_exit</b> is false, prepend "reject *6:*" to the policy.
@@ -1912,7 +1931,8 @@ policies_parse_exit_policy_internal(config_line_t *cfg,
                                    const smartlist_t *configured_addresses,
                                    int reject_interface_addresses,
                                    int reject_configured_port_addresses,
-                                    int add_default_policy)
+                                    int add_default_policy,
+                                    int add_reduced_policy)
 {
  if (!ipv6_exit) {
    append_exit_policy_string(dest, "reject *6:*");
@@ -1938,7 +1958,9 @@ policies_parse_exit_policy_internal(config_line_t *cfg,
   * effect, and are most likely an error. */
  policies_log_first_redundant_entry(*dest);

-  if (add_default_policy) {
+  if (add_reduced_policy) {
+    append_exit_policy_string(dest, REDUCED_EXIT_POLICY);
+  } else if (add_default_policy) {
    append_exit_policy_string(dest, DEFAULT_EXIT_POLICY);
  } else {
    append_exit_policy_string(dest, "reject *4:*");
@@ -1979,13 +2001,15 @@ policies_parse_exit_policy(config_line_t *cfg, smartlist_t **dest,
  int add_default = (options & EXIT_POLICY_ADD_DEFAULT) ? 1 : 0;
  int reject_local_interfaces = (options &
                                 EXIT_POLICY_REJECT_LOCAL_INTERFACES) ? 1 : 0;
+  int add_reduced = (options & EXIT_POLICY_ADD_REDUCED) ? 1 : 0;

  return policies_parse_exit_policy_internal(cfg,dest,ipv6_enabled,
                                             reject_private,
                                             configured_addresses,
                                             reject_local_interfaces,
                                             reject_local_interfaces,
-                                             add_default);
+                                             add_default,
+                                             add_reduced);
 }

 /** Helper function that adds a copy of addr to a smartlist as long as it is
@@ -2094,10 +2118,14 @@ policies_parse_exit_policy_from_options(const or_options_t *or_options,
    parser_cfg |= EXIT_POLICY_REJECT_PRIVATE;
  }

-  if (!or_options->BridgeRelay) {
+  if (!or_options->BridgeRelay && !or_options->ReducedExitPolicy) {
    parser_cfg |= EXIT_POLICY_ADD_DEFAULT;
  }

+  if (or_options->ReducedExitPolicy) {
+    parser_cfg |= EXIT_POLICY_ADD_REDUCED;
+  }
+
  if (or_options->ExitPolicyRejectLocalInterfaces) {
    parser_cfg |= EXIT_POLICY_REJECT_LOCAL_INTERFACES;
  }

--- a/src/or/policies.h
+++ b/src/or/policies.h
@@ -22,7 +22,8 @@
 #define EXIT_POLICY_REJECT_PRIVATE           (1 << 1)
 #define EXIT_POLICY_ADD_DEFAULT              (1 << 2)
 #define EXIT_POLICY_REJECT_LOCAL_INTERFACES  (1 << 3)
-#define EXIT_POLICY_OPTION_MAX             EXIT_POLICY_REJECT_LOCAL_INTERFACES
+#define EXIT_POLICY_ADD_REDUCED              (1 << 4)
+#define EXIT_POLICY_OPTION_MAX             EXIT_POLICY_ADD_REDUCED
 /* All options set: used for unit testing */
 #define EXIT_POLICY_OPTION_ALL             ((EXIT_POLICY_OPTION_MAX << 1) - 1)