New API for policies_parse_exit_policy().

2025-02-24 14:51:11 +01:00 · 2014-09-13 16:25:48 +03:00 · 2014-09-13 16:25:48 +03:00 · c735b60e4c
commit c735b60e4c
parent f8f0cb0443
3 changed files with 70 additions and 13 deletions
--- a/src/or/policies.c
+++ b/src/or/policies.c
@ -62,6 +62,14 @@ static const char *private_nets[] = {
  NULL
 };

+
+static int policies_parse_exit_policy_internal(config_line_t *cfg, 
+                                               smartlist_t **dest,
+                                               int ipv6_exit,
+                                               int rejectprivate, 
+                                               uint32_t local_address,
+                                               int add_default_policy);
+
 /** Replace all "private" entries in *<b>policy</b> with their expanded
 * equivalents. */
 void
@ -423,11 +431,9 @@ validate_addr_policies(const or_options_t *options, char **msg)
  smartlist_t *addr_policy=NULL;
  *msg = NULL;

-  if (policies_parse_exit_policy(options->ExitPolicy, &addr_policy,
-                                 options->IPv6Exit,
-                                 options->ExitPolicyRejectPrivate, 0,
-                                 !options->BridgeRelay))
+  if (policies_parse_exit_policy_from_options(options,0,&addr_policy)) {
    REJECT("Error in ExitPolicy entry.");
+  }

  /* The rest of these calls *append* to addr_policy. So don't actually
   * use the results for anything other than checking if they parse! */
@ -948,11 +954,12 @@ exit_policy_remove_redundancies(smartlist_t *dest)
 * the functions used to parse the exit policy from a router descriptor,
 * see router_add_exit_policy.
 */
-int
-policies_parse_exit_policy(config_line_t *cfg, smartlist_t **dest,
-                           int ipv6_exit,
-                           int rejectprivate, uint32_t local_address,
-                           int add_default_policy)
+static int
+policies_parse_exit_policy_internal(config_line_t *cfg, smartlist_t **dest,
+                                    int ipv6_exit,
+                                    int rejectprivate, 
+                                    uint32_t local_address,
+                                    int add_default_policy)
 {
  if (!ipv6_exit) {
    append_exit_policy_string(dest, "reject *6:*");
@ -978,6 +985,44 @@ policies_parse_exit_policy(config_line_t *cfg, smartlist_t **dest,
  return 0;
 }

+int 
+policies_parse_exit_policy(config_line_t *cfg, smartlist_t **dest,
+                           exit_policy_parser_cfg_t options,
+                           uint32_t local_address)
+{
+  int ipv6_enabled = (options & EXIT_POLICY_IPV6_ENABLED) ? 1 : 0;
+  int reject_private = (options & EXIT_POLICY_REJECT_PRIVATE) ? 1 : 0;
+  int add_default = (options & EXIT_POLICY_ADD_DEFAULT) ? 1 : 0;
+
+  return policies_parse_exit_policy_internal(cfg,dest,ipv6_enabled,
+                                             reject_private,
+                                             local_address,
+                                             add_default);
+}
+
+int
+policies_parse_exit_policy_from_options(const or_options_t *or_options,
+                                        uint32_t local_address,
+                                        smartlist_t **result)
+{
+  exit_policy_parser_cfg_t parser_cfg = 0;
+
+  if (or_options->IPv6Exit) {
+    parser_cfg |= EXIT_POLICY_IPV6_ENABLED;
+  }
+
+  if (or_options->ExitPolicyRejectPrivate) {
+    parser_cfg |= EXIT_POLICY_REJECT_PRIVATE;
+  }
+
+  if (!or_options->BridgeRelay) {
+    parser_cfg |= EXIT_POLICY_ADD_DEFAULT;
+  }
+
+  return policies_parse_exit_policy(or_options->ExitPolicy,result,
+                                    parser_cfg,local_address);
+}
+
 /** Add "reject *:*" to the end of the policy in *<b>dest</b>, allocating
 * *<b>dest</b> as needed. */
 void
--- a/src/or/policies.h
+++ b/src/or/policies.h
@ -18,6 +18,12 @@
 */
 #define POLICY_BUF_LEN 72

+#define EXIT_POLICY_IPV6_ENABLED   (1 << 0)
+#define EXIT_POLICY_REJECT_PRIVATE (1 << 1)
+#define EXIT_POLICY_ADD_DEFAULT    (1 << 2)
+
+typedef int exit_policy_parser_cfg_t;
+
 int firewall_is_fascist_or(void);
 int fascist_firewall_allows_address_or(const tor_addr_t *addr, uint16_t port);
 int fascist_firewall_allows_or(const routerinfo_t *ri);
@ -42,10 +48,18 @@ MOCK_DECL(addr_policy_result_t, compare_tor_addr_to_addr_policy,
 addr_policy_result_t compare_tor_addr_to_node_policy(const tor_addr_t *addr,
                              uint16_t port, const node_t *node);

+/*
 int policies_parse_exit_policy(config_line_t *cfg, smartlist_t **dest,
                               int ipv6exit,
                               int rejectprivate, uint32_t local_address,
                               int add_default_policy);
+*/
+int policies_parse_exit_policy_from_options(const or_options_t *or_options,
+                                            uint32_t local_address,
+                                            smartlist_t **result);
+int policies_parse_exit_policy(config_line_t *cfg, smartlist_t **dest,
+                               exit_policy_parser_cfg_t options,
+                               uint32_t local_address);
 void policies_exit_policy_append_reject_star(smartlist_t **dest);
 void addr_policy_append_reject_addr(smartlist_t **dest,
                                    const tor_addr_t *addr);
--- a/src/or/router.c
+++ b/src/or/router.c
@ -1855,10 +1855,8 @@ router_rebuild_descriptor(int force)
    /* DNS is screwed up; don't claim to be an exit. */
    policies_exit_policy_append_reject_star(&ri->exit_policy);
  } else {
-    policies_parse_exit_policy(options->ExitPolicy, &ri->exit_policy,
-                               options->IPv6Exit,
-                               options->ExitPolicyRejectPrivate,
-                               ri->addr, !options->BridgeRelay);
+    policies_parse_exit_policy_from_options(options,ri->addr,
+                                            &ri->exit_policy);
  }
  ri->policy_is_reject_star =
    policy_is_reject_star(ri->exit_policy, AF_INET) &&