Having a reject-all policy summarized with a lack of summary is stupid. ... (ff32708d) · Commits · Mike Perry / Tor

doc/spec/proposals/141-jit-sd-downloads.txt

+13 −10

Original line number	Diff line number	Diff line
		@@ -233,18 +233,21 @@ Status: Draft
		at most two /8 networks).

		An exit policy summary will be included in votes and consensus as a
		new line attached to each exit node. A lack of policy should indicate
		a non-exit policy. The line will have the format
		new line attached to each exit node. The line will have the format
		"p" <space> "accept"\|"reject" <portlist>
		where portlist is a comma seperated list of single port numbers or
		portranges (e.g. "22,80-88,1024-6000,6667"). Whether the summary
		shows the list of accepted ports or the list of rejected ports depends
		on which list is shorter (has a shorter string representation). In
		case of ties we choose the list of accepted ports. As an exception to
		this rule an allow-all policy is represented as "accept 1-65535"
		instead of "reject ". Summary items are compressed, that is instead
		of "80-88,89-100" there only is a single item of "80-100", similarly
		instead of "20,21" a summary will say "20-21".
		portranges (e.g. "22,80-88,1024-6000,6667").

		Whether the summary shows the list of accepted ports or the list of
		rejected ports depends on which list is shorter (has a shorter string
		representation). In case of ties we choose the list of accepted
		ports. As an exception to this rule an allow-all policy is
		represented as "accept 1-65535" instead of "reject " and a reject-all
		policy is similarly given as "reject 1-65535".

		Summary items are compressed, that is instead of "80-88,89-100" there
		only is a single item of "80-100", similarly instead of "20,21" a
		summary will say "20-21".

		Port lists are sorted in ascending order.

src/or/dirserv.c

+6 −8

Original line number	Diff line number	Diff line
		@@ -1974,7 +1974,6 @@ routerstatus_format_entry(char *buf, size_t buf_len,
		cp += strlen(cp);

		summary = policy_summarize(desc->exit_policy);
		if (summary) {
		r = tor_snprintf(cp, buf_len - (cp-buf), "p %s\n", summary);
		if (r<0) {
		log_warn(LD_BUG, "Not enough space in buffer.");
		@@ -1983,7 +1982,6 @@ routerstatus_format_entry(char *buf, size_t buf_len,
		cp += strlen(cp);
		tor_free(summary);
		}
		}

		return 0;
		}

src/or/policies.c

+1 −1

Original line number	Diff line number	Diff line
		@@ -1139,7 +1139,7 @@ policy_summarize(smartlist_t *policy)
		* that to build the result
		*/
		if (smartlist_len(accepts) == 0) { /* no exits at all */
		result = NULL;
		result = tor_strdup("reject 1-65535");
		goto cleanup;
		}
		if (smartlist_len(rejects) == 0) { /* no rejects at all */

src/or/test.c

+4 −8

Original line number	Diff line number	Diff line
		@@ -3369,13 +3369,9 @@ test_policy_summary_helper(const char *policy_str,
		test_assert(0 == policies_parse_exit_policy(&line, &policy, 0, NULL));
		summary = policy_summarize(policy);

		if (expected_summary == NULL)
		test_assert(summary == NULL);
		else {
		test_assert(summary != NULL);
		test_streq(summary, expected_summary);
		tor_free(summary);
		};
		addr_policy_list_free(policy);
		}

		@@ -3474,7 +3470,7 @@ test_policies(void)
		/* no exits */
		test_policy_summary_helper("accept 11.0.0.0/9:80,"
		"reject :",
		NULL);
		"reject 1-65535");
		/* port merging */
		test_policy_summary_helper("accept *:80,"
		"accept *:81,"