November 2015 - tor-commits - lists.torproject.org

[tor/master] Block OutboundBindAddressIPv[4|6]_ and configured ports on exit relays
by nickm＠torproject.org 20 Nov '15

20 Nov '15

commit 66fac9fbadae529349f00172760688cf3caeb64d Author: teor (Tim Wilson-Brown) <teor2345(a)gmail.com> Date: Mon Nov 16 15:54:57 2015 +1100 Block OutboundBindAddressIPv[4|6]_ and configured ports on exit relays Modify policies_parse_exit_policy_reject_private so it also blocks the addresses configured for OutboundBindAddressIPv4_ and OutboundBindAddressIPv6_, and any publicly routable port addresses on exit relays. Add and update unit tests for these functions. --- src/or/config.c | 9 ++- src/or/config.h | 4 +- src/or/policies.c | 156 ++++++++++++++++++++++++++++++------------ src/or/policies.h | 29 ++++---- src/or/router.c | 2 +- src/test/test_policy.c | 177 ++++++++++++++++++++++++++++++++++++++++++++---- 6 files changed, 303 insertions(+), 74 deletions(-) diff --git a/src/or/config.c b/src/or/config.c index 22039b4..9028414 100644 --- a/src/or/config.c +++ b/src/or/config.c @@ -562,7 +562,6 @@ static char *get_bindaddr_from_transport_listen_line(const char *line, static int parse_dir_authority_line(const char *line, dirinfo_type_t required_type, int validate_only); -static void port_cfg_free(port_cfg_t *port); static int parse_ports(or_options_t *options, int validate_only, char **msg_out, int *n_ports_out, int *world_writable_control_socket); @@ -5737,7 +5736,7 @@ parse_dir_fallback_line(const char *line, } /** Allocate and return a new port_cfg_t with reasonable defaults. */ -static port_cfg_t * +STATIC port_cfg_t * port_cfg_new(size_t namelen) { tor_assert(namelen <= SIZE_T_CEILING - sizeof(port_cfg_t) - 1); @@ -5749,7 +5748,7 @@ port_cfg_new(size_t namelen) } /** Free all storage held in port */ -static void +STATIC void port_cfg_free(port_cfg_t *port) { tor_free(port); @@ -6673,8 +6672,8 @@ check_server_ports(const smartlist_t *ports, /** Return a list of port_cfg_t for client ports parsed from the * options. */ -const smartlist_t * -get_configured_ports(void) +MOCK_IMPL(const smartlist_t *, +get_configured_ports,(void)) { if (!configured_ports) configured_ports = smartlist_new(); diff --git a/src/or/config.h b/src/or/config.h index 51f7e90..7e88688 100644 --- a/src/or/config.h +++ b/src/or/config.h @@ -76,7 +76,7 @@ int write_to_data_subdir(const char* subdir, const char* fname, int get_num_cpus(const or_options_t *options); -const smartlist_t *get_configured_ports(void); +MOCK_DECL(const smartlist_t *,get_configured_ports,(void)); int get_first_advertised_port_by_type_af(int listener_type, int address_family); #define get_primary_or_port() \ @@ -140,6 +140,8 @@ smartlist_t *get_options_for_server_transport(const char *transport); extern struct config_format_t options_format; #endif +STATIC port_cfg_t *port_cfg_new(size_t namelen); +STATIC void port_cfg_free(port_cfg_t *port); STATIC void or_options_free(or_options_t *options); STATIC int options_validate(or_options_t *old_options, or_options_t *options, diff --git a/src/or/policies.c b/src/or/policies.c index f534632..91ca867 100644 --- a/src/or/policies.c +++ b/src/or/policies.c @@ -62,14 +62,18 @@ static const char *private_nets[] = { NULL }; -static int policies_parse_exit_policy_internal(config_line_t *cfg, - smartlist_t **dest, - int ipv6_exit, - int rejectprivate, - uint32_t local_address, - tor_addr_t *ipv6_local_address, - int reject_interface_addresses, - int add_default_policy); +static int policies_parse_exit_policy_internal( + config_line_t *cfg, + smartlist_t **dest, + int ipv6_exit, + int rejectprivate, + uint32_t local_address, + const tor_addr_t *ipv6_local_address, + const tor_addr_t *ipv4_outbound_address, + const tor_addr_t *ipv6_outbound_address, + int reject_interface_addresses, + int reject_configured_port_addresses, + int add_default_policy); /** Replace all "private" entries in *policy with their expanded * equivalents. */ @@ -443,7 +447,7 @@ validate_addr_policies(const or_options_t *options, char **msg) smartlist_t *addr_policy=NULL; *msg = NULL; - if (policies_parse_exit_policy_from_options(options,0,NULL,0,&addr_policy)) { + if (policies_parse_exit_policy_from_options(options,0,NULL,&addr_policy)) { REJECT("Error in ExitPolicy entry."); } @@ -993,16 +997,25 @@ exit_policy_remove_redundancies(smartlist_t *dest) } } +/* Is addr public for the purposes of rejection? */ +static int +tor_addr_is_public_for_reject(const tor_addr_t *addr) +{ + return !tor_addr_is_null(addr) && !tor_addr_is_internal(addr, 0); +} + /** Reject private helper for policies_parse_exit_policy_internal: rejects * publicly routable addresses on this exit relay. * * Add reject entries to the linked list *dest: * - if local_address is non-zero, treat it as a host-order IPv4 address, - * and prepend an entry that rejects it as a destination. - * - if ipv6_local_address is non-NULL, prepend an entry that rejects it as - * a destination. - * - if reject_interface_addresses is true, prepend entries that reject each + * and add an entry that rejects it as a destination. + * - if ipv6_local_address, ipv4_outbound_address, or ipv6_outbound_address + * are non-NULL, add entries that reject them as destinations. + * - if reject_interface_addresses is true, add entries that reject each * public IPv4 and IPv6 address of each interface on this machine. + * - if reject_configured_port_addresses is true, add entries that reject + * each IPv4 and IPv6 address configured for a port. * * IPv6 entries are only added if ipv6_exit is true. (All IPv6 addresses are * already blocked by policies_parse_exit_policy_internal if ipv6_exit is @@ -1011,35 +1024,83 @@ exit_policy_remove_redundancies(smartlist_t *dest) * The list *dest is created as needed. */ void -policies_parse_exit_policy_reject_private(smartlist_t **dest, - int ipv6_exit, - uint32_t local_address, - tor_addr_t *ipv6_local_address, - int reject_interface_addresses) +policies_parse_exit_policy_reject_private( + smartlist_t **dest, + int ipv6_exit, + uint32_t local_address, + const tor_addr_t *ipv6_local_address, + const tor_addr_t *ipv4_outbound_address, + const tor_addr_t *ipv6_outbound_address, + int reject_interface_addresses, + int reject_configured_port_addresses) { tor_assert(dest); - + /* Reject our local IPv4 address */ if (local_address) { tor_addr_t v4_local; tor_addr_from_ipv4h(&v4_local, local_address); - addr_policy_append_reject_addr(dest, &v4_local); - log_info(LD_CONFIG, "Adding a reject ExitPolicy 'reject %s:*' for our " - "published IPv4 address", fmt_addr32(local_address)); + if (tor_addr_is_public_for_reject(&v4_local)) { + addr_policy_append_reject_addr(dest, &v4_local); + log_info(LD_CONFIG, "Adding a reject ExitPolicy 'reject %s:*' for our " + "published IPv4 address", fmt_addr32(local_address)); + } } - /* Reject our local IPv6 address */ - if (ipv6_exit && ipv6_local_address != NULL) { - if (tor_addr_is_v4(ipv6_local_address)) { - log_warn(LD_CONFIG, "IPv4 address '%s' provided as our IPv6 local " - "address", fmt_addr(ipv6_local_address)); - } else { - addr_policy_append_reject_addr(dest, ipv6_local_address); + /* Reject the outbound IPv4 connection address */ + if (ipv4_outbound_address + && tor_addr_is_public_for_reject(ipv4_outbound_address)) { + addr_policy_append_reject_addr(dest, ipv4_outbound_address); + log_info(LD_CONFIG, "Adding a reject ExitPolicy 'reject %s:*' for " + "our outbound IPv4 connection address", + fmt_addr(ipv4_outbound_address)); + } + + /* If we're not an IPv6 exit, all IPv6 addresses have already been rejected + * by policies_parse_exit_policy_internal */ + if (ipv6_exit) { + + /* Reject our local IPv6 address */ + if (ipv6_local_address != NULL + && tor_addr_is_public_for_reject(ipv6_local_address)) { + if (tor_addr_is_v4(ipv6_local_address)) { + log_warn(LD_CONFIG, "IPv4 address '%s' provided as our IPv6 local " + "address", fmt_addr(ipv6_local_address)); + } else { + addr_policy_append_reject_addr(dest, ipv6_local_address); + log_info(LD_CONFIG, "Adding a reject ExitPolicy 'reject [%s]:*' for " + "our published IPv6 address", fmt_addr(ipv6_local_address)); + } + } + + /* Reject the outbound IPv6 connection address */ + if (ipv6_outbound_address + && tor_addr_is_public_for_reject(ipv6_outbound_address)) { + addr_policy_append_reject_addr(dest, ipv6_outbound_address); log_info(LD_CONFIG, "Adding a reject ExitPolicy 'reject [%s]:*' for " - "our published IPv6 address", fmt_addr(ipv6_local_address)); + "our outbound IPv6 connection address", + fmt_addr(ipv6_outbound_address)); } } + /* Reject configured port addresses, if they are from public netblocks. */ + if (reject_configured_port_addresses) { + const smartlist_t *port_addrs = get_configured_ports(); + + SMARTLIST_FOREACH_BEGIN(port_addrs, port_cfg_t *, port) { + + /* Only reject IP addresses which are public */ + if (!port->is_unix_addr && tor_addr_is_public_for_reject(&port->addr)) { + + /* Reject IPv4 addresses. If we are an IPv6 exit, also reject IPv6 + * addresses */ + if (tor_addr_is_v4(&port->addr) || ipv6_exit) { + addr_policy_append_reject_addr(dest, &port->addr); + } + } + } SMARTLIST_FOREACH_END(port); + } + /* Reject local addresses from public netblocks on any interface. */ if (reject_interface_addresses) { smartlist_t *public_addresses = NULL; @@ -1074,8 +1135,8 @@ policies_parse_exit_policy_reject_private(smartlist_t **dest, * * If rejectprivate is true: * - prepend "reject private:*" to the policy. - * - call policies_parse_exit_policy_reject_private to reject publicly - * routable addresses on this exit relay + * - prepend entries that reject publicly routable addresses on this exit + * relay by calling policies_parse_exit_policy_reject_private * * If cfg doesn't end in an absolute accept or reject and if * add_default_policy is true, add the default exit @@ -1092,8 +1153,11 @@ policies_parse_exit_policy_internal(config_line_t *cfg, smartlist_t **dest, int ipv6_exit, int rejectprivate, uint32_t local_address, - tor_addr_t *ipv6_local_address, + const tor_addr_t *ipv6_local_address, + const tor_addr_t *ipv4_outbound_address, + const tor_addr_t *ipv6_outbound_address, int reject_interface_addresses, + int reject_configured_port_addresses, int add_default_policy) { if (!ipv6_exit) { @@ -1103,9 +1167,13 @@ policies_parse_exit_policy_internal(config_line_t *cfg, smartlist_t **dest, /* Reject IPv4 and IPv6 reserved private netblocks */ append_exit_policy_string(dest, "reject private:*"); /* Reject IPv4 and IPv6 publicly routable addresses on this exit relay */ - policies_parse_exit_policy_reject_private(dest, ipv6_exit, local_address, - ipv6_local_address, - reject_interface_addresses); + policies_parse_exit_policy_reject_private( + dest, ipv6_exit, local_address, + ipv6_local_address, + ipv4_outbound_address, + ipv6_outbound_address, + reject_interface_addresses, + reject_configured_port_addresses); } if (parse_addr_policy(cfg, dest, -1)) return -1; @@ -1202,8 +1270,9 @@ int policies_parse_exit_policy(config_line_t *cfg, smartlist_t **dest, exit_policy_parser_cfg_t options, uint32_t local_address, - tor_addr_t *ipv6_local_address, - int reject_interface_addresses) + const tor_addr_t *ipv6_local_address, + const tor_addr_t *ipv4_outbound_address, + const tor_addr_t *ipv6_outbound_address) { int ipv6_enabled = (options & EXIT_POLICY_IPV6_ENABLED) ? 1 : 0; int reject_private = (options & EXIT_POLICY_REJECT_PRIVATE) ? 1 : 0; @@ -1213,7 +1282,10 @@ policies_parse_exit_policy(config_line_t *cfg, smartlist_t **dest, reject_private, local_address, ipv6_local_address, - reject_interface_addresses, + ipv4_outbound_address, + ipv6_outbound_address, + reject_private, + reject_private, add_default); } @@ -1241,8 +1313,7 @@ policies_parse_exit_policy(config_line_t *cfg, smartlist_t **dest, int policies_parse_exit_policy_from_options(const or_options_t *or_options, uint32_t local_address, - tor_addr_t *ipv6_local_address, - int reject_interface_addresses, + const tor_addr_t *ipv6_local_address, smartlist_t **result) { exit_policy_parser_cfg_t parser_cfg = 0; @@ -1268,7 +1339,8 @@ policies_parse_exit_policy_from_options(const or_options_t *or_options, return policies_parse_exit_policy(or_options->ExitPolicy,result, parser_cfg,local_address, ipv6_local_address, - reject_interface_addresses); + &or_options->OutboundBindAddressIPv4_, + &or_options->OutboundBindAddressIPv6_); } /** Add "reject *:*" to the end of the policy in *dest, allocating diff --git a/src/or/policies.h b/src/or/policies.h index 97350f5..26f92ad 100644 --- a/src/or/policies.h +++ b/src/or/policies.h @@ -48,21 +48,26 @@ MOCK_DECL(addr_policy_result_t, compare_tor_addr_to_addr_policy, addr_policy_result_t compare_tor_addr_to_node_policy(const tor_addr_t *addr, uint16_t port, const node_t *node); -int policies_parse_exit_policy_from_options(const or_options_t *or_options, - uint32_t local_address, - tor_addr_t *ipv6_local_address, - int reject_interface_addresses, - smartlist_t **result); +int policies_parse_exit_policy_from_options( + const or_options_t *or_options, + uint32_t local_address, + const tor_addr_t *ipv6_local_address, + smartlist_t **result); int policies_parse_exit_policy(config_line_t *cfg, smartlist_t **dest, exit_policy_parser_cfg_t options, uint32_t local_address, - tor_addr_t *ipv6_local_address, - int reject_interface_addresses); -void policies_parse_exit_policy_reject_private(smartlist_t **dest, - int ipv6_exit, - uint32_t local_address, - tor_addr_t *ipv6_local_address, - int reject_interface_addresses); + const tor_addr_t *ipv6_local_address, + const tor_addr_t *ipv4_outbound_address, + const tor_addr_t *ipv6_outbound_address); +void policies_parse_exit_policy_reject_private( + smartlist_t **dest, + int ipv6_exit, + uint32_t local_address, + const tor_addr_t *ipv6_local_address, + const tor_addr_t *ipv4_outbound_address, + const tor_addr_t *ipv6_outbound_address, + int reject_interface_addresses, + int reject_configured_port_addresses); void policies_exit_policy_append_reject_star(smartlist_t **dest); void addr_policy_append_reject_addr(smartlist_t **dest, const tor_addr_t *addr); diff --git a/src/or/router.c b/src/or/router.c index 1790416..95e5ad8 100644 --- a/src/or/router.c +++ b/src/or/router.c @@ -1922,7 +1922,7 @@ router_build_fresh_descriptor(routerinfo_t **r, extrainfo_t **e) /* DNS is screwed up; don't claim to be an exit. */ policies_exit_policy_append_reject_star(&ri->exit_policy); } else { - policies_parse_exit_policy_from_options(options,ri->addr,&ri->ipv6_addr,1, + policies_parse_exit_policy_from_options(options,ri->addr,&ri->ipv6_addr, &ri->exit_policy); } ri->policy_is_reject_star = diff --git a/src/test/test_policy.c b/src/test/test_policy.c index cbeb057..18d9594 100644 --- a/src/test/test_policy.c +++ b/src/test/test_policy.c @@ -2,6 +2,8 @@ /* See LICENSE for licensing information */ #include "or.h" +#define CONFIG_PRIVATE +#include "config.h" #include "router.h" #include "routerparse.h" #include "policies.h" @@ -49,7 +51,7 @@ test_policy_summary_helper(const char *policy_str, r = policies_parse_exit_policy(&line, &policy, EXIT_POLICY_IPV6_ENABLED | - EXIT_POLICY_ADD_DEFAULT, 0, NULL, 0); + EXIT_POLICY_ADD_DEFAULT, 0, NULL, NULL, NULL); tt_int_op(r,OP_EQ, 0); summary = policy_summarize(policy, AF_INET); @@ -116,7 +118,7 @@ test_policies_general(void *arg) EXIT_POLICY_IPV6_ENABLED | EXIT_POLICY_REJECT_PRIVATE | EXIT_POLICY_ADD_DEFAULT, 0, - NULL, 0)); + NULL, NULL, NULL)); tt_assert(policy2); @@ -125,7 +127,8 @@ test_policies_general(void *arg) EXIT_POLICY_IPV6_ENABLED | EXIT_POLICY_REJECT_PRIVATE | EXIT_POLICY_ADD_DEFAULT, - 0x0306090cu, &tar, 1)); + 0x0306090cu, &tar, NULL, + NULL)); tt_assert(policy12); @@ -207,14 +210,14 @@ test_policies_general(void *arg) EXIT_POLICY_IPV6_ENABLED | EXIT_POLICY_REJECT_PRIVATE | EXIT_POLICY_ADD_DEFAULT, 0, - NULL, 0)); + NULL, NULL, NULL)); tt_assert(policy8); tt_int_op(0, OP_EQ, policies_parse_exit_policy(NULL, &policy9, EXIT_POLICY_REJECT_PRIVATE | EXIT_POLICY_ADD_DEFAULT, 0, - NULL, 0)); + NULL, NULL, NULL)); tt_assert(policy9); @@ -269,7 +272,7 @@ test_policies_general(void *arg) tt_int_op(0, OP_EQ, policies_parse_exit_policy(&line,&policy, EXIT_POLICY_IPV6_ENABLED | EXIT_POLICY_ADD_DEFAULT, 0, - NULL, 0)); + NULL, NULL, NULL)); tt_assert(policy); //test_streq(policy->string, "accept *:80"); @@ -530,7 +533,7 @@ test_policies_reject_exit_address(void *arg) /* test that local_address is interpreted as an IPv4 host-order address and * rejected on an IPv4-only exit */ policies_parse_exit_policy_reject_private(&policy, 0, TEST_IPV4_ADDR, NULL, - 0); + NULL, NULL, 0, 0); tt_assert(policy); tt_assert(smartlist_len(policy) == 1); tt_assert(test_policy_has_address_helper(policy, &ipv4_addr)); @@ -540,7 +543,7 @@ test_policies_reject_exit_address(void *arg) /* test that local_address is interpreted as an IPv4 host-order address and * rejected on an IPv4/IPv6 exit */ policies_parse_exit_policy_reject_private(&policy, 1, TEST_IPV4_ADDR, NULL, - 0); + NULL, NULL, 0, 0); tt_assert(policy); tt_assert(smartlist_len(policy) == 1); tt_assert(test_policy_has_address_helper(policy, &ipv4_addr)); @@ -548,7 +551,8 @@ test_policies_reject_exit_address(void *arg) policy = NULL; /* test that ipv6_local_address is rejected on an IPv4/IPv6 exit */ - policies_parse_exit_policy_reject_private(&policy, 1, 0, &ipv6_addr, 0); + policies_parse_exit_policy_reject_private(&policy, 1, 0, &ipv6_addr, NULL, + NULL, 0, 0); tt_assert(policy); tt_assert(smartlist_len(policy) == 1); tt_assert(test_policy_has_address_helper(policy, &ipv6_addr)); @@ -559,13 +563,155 @@ test_policies_reject_exit_address(void *arg) * (all IPv6 addresses are rejected by policies_parse_exit_policy_internal * on IPv4-only exits, so policies_parse_exit_policy_reject_private doesn't * need to do anything) */ - policies_parse_exit_policy_reject_private(&policy, 0, 0, &ipv6_addr, 0); + policies_parse_exit_policy_reject_private(&policy, 0, 0, &ipv6_addr, NULL, + NULL, 0, 0); tt_assert(policy == NULL); done: addr_policy_list_free(policy); } +/** Run unit tests for rejecting outbound connection addresses on this + * exit relay using policies_parse_exit_policy_reject_private */ +static void +test_policies_reject_outbound_address(void *arg) +{ + smartlist_t *policy = NULL; + tor_addr_t ipv4_addr, ipv6_addr; + (void)arg; + + tor_addr_from_ipv4h(&ipv4_addr, TEST_IPV4_ADDR); + tor_addr_parse(&ipv6_addr, TEST_IPV6_ADDR); + + /* test that OutboundBindAddressIPv4_ is rejected on an IPv4-only exit */ + policies_parse_exit_policy_reject_private(&policy, 0, 0, NULL, &ipv4_addr, + NULL, 0, 0); + tt_assert(policy); + tt_assert(smartlist_len(policy) == 1); + tt_assert(test_policy_has_address_helper(policy, &ipv4_addr)); + addr_policy_list_free(policy); + policy = NULL; + + /* test that OutboundBindAddressIPv4_ is rejected on an IPv4/IPv6 exit */ + policies_parse_exit_policy_reject_private(&policy, 1, 0, NULL, &ipv4_addr, + NULL, 0, 0); + tt_assert(policy); + tt_assert(smartlist_len(policy) == 1); + tt_assert(test_policy_has_address_helper(policy, &ipv4_addr)); + addr_policy_list_free(policy); + policy = NULL; + + /* test that OutboundBindAddressIPv6_ is rejected on an IPv4/IPv6 exit */ + policies_parse_exit_policy_reject_private(&policy, 1, 0, NULL, NULL, + &ipv6_addr, 0, 0); + tt_assert(policy); + tt_assert(smartlist_len(policy) == 1); + tt_assert(test_policy_has_address_helper(policy, &ipv6_addr)); + addr_policy_list_free(policy); + policy = NULL; + + /* test that OutboundBindAddressIPv6_ is NOT rejected on an IPv4-only exit + * (all IPv6 addresses are rejected by policies_parse_exit_policy_internal + * on IPv4-only exits, so policies_parse_exit_policy_reject_private doesn't + * need to do anything with IPv6 addresses on IPv4-only exits) */ + policies_parse_exit_policy_reject_private(&policy, 0, 0, NULL, NULL, + &ipv6_addr, 0, 0); + tt_assert(policy == NULL); + + /* test that OutboundBindAddressIPv4_ is rejected on an IPv4-only exit, + * but OutboundBindAddressIPv6_ is NOT rejected (all IPv6 addresses are + * rejected by policies_parse_exit_policy_internal on IPv4-only exits, so + * policies_parse_exit_policy_reject_private doesn't need to do anything + * with IPv6 addresses on IPv4-only exits) */ + policies_parse_exit_policy_reject_private(&policy, 0, 0, NULL, &ipv4_addr, + &ipv6_addr, 0, 0); + tt_assert(policy); + tt_assert(smartlist_len(policy) == 1); + tt_assert(test_policy_has_address_helper(policy, &ipv4_addr)); + addr_policy_list_free(policy); + policy = NULL; + + /* test that OutboundBindAddressIPv4_ and OutboundBindAddressIPv6_ are + * rejected on an IPv4/IPv6 exit */ + policies_parse_exit_policy_reject_private(&policy, 1, 0, NULL, &ipv4_addr, + &ipv6_addr, 0, 0); + tt_assert(policy); + tt_assert(smartlist_len(policy) == 2); + tt_assert(test_policy_has_address_helper(policy, &ipv4_addr)); + tt_assert(test_policy_has_address_helper(policy, &ipv6_addr)); + addr_policy_list_free(policy); + policy = NULL; + +done: + addr_policy_list_free(policy); +} + +static smartlist_t *test_configured_ports = NULL; +const smartlist_t *mock_get_configured_ports(void); + +/** Returns test_configured_ports */ +const smartlist_t * +mock_get_configured_ports(void) +{ + return test_configured_ports; +} + +/** Run unit tests for rejecting publicly routable configured port addresses + * on this exit relay using policies_parse_exit_policy_reject_private */ +static void +test_policies_reject_port_address(void *arg) +{ + smartlist_t *policy = NULL; + port_cfg_t *ipv4_port = NULL; + port_cfg_t *ipv6_port = NULL; + (void)arg; + + test_configured_ports = smartlist_new(); + + ipv4_port = port_cfg_new(0); + tor_addr_from_ipv4h(&ipv4_port->addr, TEST_IPV4_ADDR); + smartlist_add(test_configured_ports, ipv4_port); + + ipv6_port = port_cfg_new(0); + tor_addr_parse(&ipv6_port->addr, TEST_IPV6_ADDR); + smartlist_add(test_configured_ports, ipv6_port); + + MOCK(get_configured_ports, mock_get_configured_ports); + + /* test that an IPv4 port is rejected on an IPv4-only exit, but an IPv6 port + * is NOT rejected (all IPv6 addresses are rejected by + * policies_parse_exit_policy_internal on IPv4-only exits, so + * policies_parse_exit_policy_reject_private doesn't need to do anything + * with IPv6 addresses on IPv4-only exits) */ + policies_parse_exit_policy_reject_private(&policy, 0, 0, NULL, NULL, NULL, + 0, 1); + tt_assert(policy); + tt_assert(smartlist_len(policy) == 1); + tt_assert(test_policy_has_address_helper(policy, &ipv4_port->addr)); + addr_policy_list_free(policy); + policy = NULL; + + /* test that IPv4 and IPv6 ports are rejected on an IPv4/IPv6 exit */ + policies_parse_exit_policy_reject_private(&policy, 1, 0, NULL, NULL, NULL, + 0, 1); + tt_assert(policy); + tt_assert(smartlist_len(policy) == 2); + tt_assert(test_policy_has_address_helper(policy, &ipv4_port->addr)); + tt_assert(test_policy_has_address_helper(policy, &ipv6_port->addr)); + addr_policy_list_free(policy); + policy = NULL; + +done: + addr_policy_list_free(policy); + if (test_configured_ports) { + SMARTLIST_FOREACH(test_configured_ports, + port_cfg_t *, p, port_cfg_free(p)); + smartlist_free(test_configured_ports); + test_configured_ports = NULL; + } + UNMOCK(get_configured_ports); +} + #undef TEST_IPV4_ADDR #undef TEST_IPV6_ADDR @@ -582,12 +728,14 @@ test_policies_reject_interface_address(void *arg) (void)arg; /* test that no addresses are rejected when none are supplied/requested */ - policies_parse_exit_policy_reject_private(&policy, 0, 0, NULL, 0); + policies_parse_exit_policy_reject_private(&policy, 0, 0, NULL, NULL, NULL, + 0, 0); tt_assert(policy == NULL); /* test that only IPv4 interface addresses are rejected on an IPv4-only exit */ - policies_parse_exit_policy_reject_private(&policy, 0, 0, NULL, 1); + policies_parse_exit_policy_reject_private(&policy, 0, 0, NULL, NULL, NULL, + 1, 0); if (policy) { tt_assert(smartlist_len(policy) == smartlist_len(public_ipv4_addrs)); addr_policy_list_free(policy); @@ -596,7 +744,8 @@ test_policies_reject_interface_address(void *arg) /* test that IPv4 and IPv6 interface addresses are rejected on an IPv4/IPv6 * exit */ - policies_parse_exit_policy_reject_private(&policy, 0, 0, NULL, 1); + policies_parse_exit_policy_reject_private(&policy, 0, 0, NULL, NULL, NULL, + 1, 0); if (policy) { tt_assert(smartlist_len(policy) == (smartlist_len(public_ipv4_addrs) + smartlist_len(public_ipv6_addrs))); @@ -705,6 +854,8 @@ struct testcase_t policy_tests[] = { { "general", test_policies_general, 0, NULL, NULL }, { "reject_exit_address", test_policies_reject_exit_address, 0, NULL, NULL }, { "reject_interface_address", test_policies_reject_interface_address, 0, NULL, NULL }, + { "reject_outbound_address", test_policies_reject_outbound_address, 0, NULL, NULL }, + { "reject_port_address", test_policies_reject_port_address, 0, NULL, NULL }, END_OF_TESTCASES };

1 0

[tor/master] Add unit tests for policies_parse_exit_policy_reject_private
by nickm＠torproject.org 20 Nov '15

20 Nov '15

commit e726ad466445e600b006295a8d2315643d1680da Author: teor (Tim Wilson-Brown) <teor2345(a)gmail.com> Date: Mon Nov 16 15:36:28 2015 +1100 Add unit tests for policies_parse_exit_policy_reject_private Test that policies_parse_exit_policy_reject_private rejects supplied IPv4 and IPv6 relay addresses, and the addresses of local interfaces. --- src/test/test_policy.c | 123 ++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 123 insertions(+) diff --git a/src/test/test_policy.c b/src/test/test_policy.c index 37c36fe..cbeb057 100644 --- a/src/test/test_policy.c +++ b/src/test/test_policy.c @@ -489,6 +489,127 @@ test_policies_general(void *arg) short_policy_free(short_parsed); } +/** Helper: Check that policy_list contains address */ +static int +test_policy_has_address_helper(const smartlist_t *policy_list, + const tor_addr_t *addr) +{ + int found = 0; + + tt_assert(policy_list); + tt_assert(addr); + + SMARTLIST_FOREACH_BEGIN(policy_list, addr_policy_t*, p) { + if (tor_addr_eq(&p->addr, addr)) { + found = 1; + } + } SMARTLIST_FOREACH_END(p); + + return found; + + done: + return 0; +} + +#define TEST_IPV4_ADDR (0x01020304) +#define TEST_IPV6_ADDR ("2002::abcd") + +/** Run unit tests for rejecting the configured addresses on this exit relay + * using policies_parse_exit_policy_reject_private */ +static void +test_policies_reject_exit_address(void *arg) +{ + smartlist_t *policy = NULL; + tor_addr_t ipv4_addr; + tor_addr_t ipv6_addr; + (void)arg; + + tor_addr_from_ipv4h(&ipv4_addr, TEST_IPV4_ADDR); + tor_addr_parse(&ipv6_addr, TEST_IPV6_ADDR); + + /* test that local_address is interpreted as an IPv4 host-order address and + * rejected on an IPv4-only exit */ + policies_parse_exit_policy_reject_private(&policy, 0, TEST_IPV4_ADDR, NULL, + 0); + tt_assert(policy); + tt_assert(smartlist_len(policy) == 1); + tt_assert(test_policy_has_address_helper(policy, &ipv4_addr)); + addr_policy_list_free(policy); + policy = NULL; + + /* test that local_address is interpreted as an IPv4 host-order address and + * rejected on an IPv4/IPv6 exit */ + policies_parse_exit_policy_reject_private(&policy, 1, TEST_IPV4_ADDR, NULL, + 0); + tt_assert(policy); + tt_assert(smartlist_len(policy) == 1); + tt_assert(test_policy_has_address_helper(policy, &ipv4_addr)); + addr_policy_list_free(policy); + policy = NULL; + + /* test that ipv6_local_address is rejected on an IPv4/IPv6 exit */ + policies_parse_exit_policy_reject_private(&policy, 1, 0, &ipv6_addr, 0); + tt_assert(policy); + tt_assert(smartlist_len(policy) == 1); + tt_assert(test_policy_has_address_helper(policy, &ipv6_addr)); + addr_policy_list_free(policy); + policy = NULL; + + /* test that ipv6_local_address is NOT rejected on an IPv4-only exit + * (all IPv6 addresses are rejected by policies_parse_exit_policy_internal + * on IPv4-only exits, so policies_parse_exit_policy_reject_private doesn't + * need to do anything) */ + policies_parse_exit_policy_reject_private(&policy, 0, 0, &ipv6_addr, 0); + tt_assert(policy == NULL); + + done: + addr_policy_list_free(policy); +} + +#undef TEST_IPV4_ADDR +#undef TEST_IPV6_ADDR + +/** Run unit tests for rejecting publicly routable interface addresses on this + * exit relay using policies_parse_exit_policy_reject_private */ +static void +test_policies_reject_interface_address(void *arg) +{ + smartlist_t *policy = NULL; + smartlist_t *public_ipv4_addrs = + get_interface_address6_list(LOG_INFO, AF_INET, 0); + smartlist_t *public_ipv6_addrs = + get_interface_address6_list(LOG_INFO, AF_INET6, 0); + (void)arg; + + /* test that no addresses are rejected when none are supplied/requested */ + policies_parse_exit_policy_reject_private(&policy, 0, 0, NULL, 0); + tt_assert(policy == NULL); + + /* test that only IPv4 interface addresses are rejected on an IPv4-only exit + */ + policies_parse_exit_policy_reject_private(&policy, 0, 0, NULL, 1); + if (policy) { + tt_assert(smartlist_len(policy) == smartlist_len(public_ipv4_addrs)); + addr_policy_list_free(policy); + policy = NULL; + } + + /* test that IPv4 and IPv6 interface addresses are rejected on an IPv4/IPv6 + * exit */ + policies_parse_exit_policy_reject_private(&policy, 0, 0, NULL, 1); + if (policy) { + tt_assert(smartlist_len(policy) == (smartlist_len(public_ipv4_addrs) + + smartlist_len(public_ipv6_addrs))); + addr_policy_list_free(policy); + policy = NULL; + } + + done: + addr_policy_list_free(policy); + free_interface_address6_list(public_ipv4_addrs); + free_interface_address6_list(public_ipv6_addrs); +} + static void test_dump_exit_policy_to_string(void *arg) { @@ -582,6 +703,8 @@ struct testcase_t policy_tests[] = { { "router_dump_exit_policy_to_string", test_dump_exit_policy_to_string, 0, NULL, NULL }, { "general", test_policies_general, 0, NULL, NULL }, + { "reject_exit_address", test_policies_reject_exit_address, 0, NULL, NULL }, + { "reject_interface_address", test_policies_reject_interface_address, 0, NULL, NULL }, END_OF_TESTCASES };

1 0

[tor/master] man update: ExitPolicyRejectPrivate outbound and port addresses
by nickm＠torproject.org 20 Nov '15

20 Nov '15

commit 2a4057e0427e0a215ed8b607f98271e102d045d4 Author: teor (Tim Wilson-Brown) <teor2345(a)gmail.com> Date: Mon Nov 16 18:37:01 2015 +1100 man update: ExitPolicyRejectPrivate outbound and port addresses ExitPolicyRejectPrivate now rejects addresses configured via OutboundBindAddress and any port options, such as ORPort and DirPort. --- doc/tor.1.txt | 13 ++++++++----- 1 file changed, 8 insertions(+), 5 deletions(-) diff --git a/doc/tor.1.txt b/doc/tor.1.txt index 3824047..aba0c1c 100644 --- a/doc/tor.1.txt +++ b/doc/tor.1.txt @@ -1571,7 +1571,7 @@ is non-zero): used with accept6/reject6.) + + Private addresses are rejected by default (at the beginning of your exit - policy), along with the configured primary public IPv4 and IPv6 addresses, + policy), along with any configured primary public IPv4 and IPv6 addresses, and any public IPv4 and IPv6 addresses on any interface on the relay. These private addresses are rejected unless you set the ExitPolicyRejectPrivate config option to 0. For example, once you've done @@ -1609,10 +1609,13 @@ is non-zero): IPv4 and IPv6 addresses. [[ExitPolicyRejectPrivate]] **ExitPolicyRejectPrivate** **0**|**1**:: - Reject all private (local) networks, along with your own configured public - IPv4 and IPv6 addresses, at the beginning of your exit policy. Also reject - any public IPv4 and IPv6 addresses on any interface on the relay. (If - IPv6Exit is not set, all IPv6 addresses will be rejected anyway.) + Reject all private (local) networks, along with any configured public + IPv4 and IPv6 addresses, at the beginning of your exit policy. (This + includes the IPv4 and IPv6 addresses advertised by the relay, any + OutboundBindAddress, and the bind addresses of any port options, such as + ORPort and DirPort.) This also rejects any public IPv4 and IPv6 addresses + on any interface on the relay. (If IPv6Exit is not set, all IPv6 addresses + will be rejected anyway.) See above entry on ExitPolicy. (Default: 1)

1 0

[tor/master] Add changes file for ExitPolicyRejectPrivate outbound and port
by nickm＠torproject.org 20 Nov '15

20 Nov '15

commit 10dd592d74b638f4643522dfe6e81f03e4acb06e Author: teor (Tim Wilson-Brown) <teor2345(a)gmail.com> Date: Mon Nov 16 19:58:36 2015 +1100 Add changes file for ExitPolicyRejectPrivate outbound and port --- changes/bug17027-reject-private-bind-port | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/changes/bug17027-reject-private-bind-port b/changes/bug17027-reject-private-bind-port new file mode 100644 index 0000000..abc1431 --- /dev/null +++ b/changes/bug17027-reject-private-bind-port @@ -0,0 +1,7 @@ + o Minor bug fixes (security, exit policies): + - ExitPolicyRejectPrivate rejects more private addresses by default: + * the relay's outbound bind addresses (if configured), and + * the relay's configured port addresses (such as ORPort and DirPort). + Resolves ticket 17027. Patch by "teor". + Patch on 42b8fb5a1523 (11 Nov 2007), released in 0.2.0.11-alpha, + and on 0.2.7.3-rc.

1 0

[tor/master] Fix compilation warnings
by nickm＠torproject.org 20 Nov '15

20 Nov '15

commit e3cf39cefd24e2cc0d70a1726ac19fc86e4e47e7 Author: Nick Mathewson <nickm(a)torproject.org> Date: Fri Nov 20 10:51:19 2015 -0500 Fix compilation warnings --- src/or/policies.c | 2 ++ src/or/policies.h | 2 +- src/test/test_policy.c | 2 +- 3 files changed, 4 insertions(+), 2 deletions(-) diff --git a/src/or/policies.c b/src/or/policies.c index f4cde43..d588a80 100644 --- a/src/or/policies.c +++ b/src/or/policies.c @@ -8,6 +8,8 @@ * \brief Code to parse and use address policies and exit policies. **/ +#define POLICIES_PRIVATE + #include "or.h" #include "config.h" #include "dirserv.h" diff --git a/src/or/policies.h b/src/or/policies.h index 72e62c7..bb56bf4 100644 --- a/src/or/policies.h +++ b/src/or/policies.h @@ -93,7 +93,7 @@ addr_policy_result_t compare_tor_addr_to_short_policy( const short_policy_t *policy); #ifdef POLICIES_PRIVATE -void append_exit_policy_string(smartlist_t **policy, const char *more); +STATIC void append_exit_policy_string(smartlist_t **policy, const char *more); #endif #endif diff --git a/src/test/test_policy.c b/src/test/test_policy.c index 9ab3abe..4cf56c8 100644 --- a/src/test/test_policy.c +++ b/src/test/test_policy.c @@ -826,7 +826,7 @@ test_dump_exit_policy_to_string(void *arg) } static routerinfo_t *mock_desc_routerinfo = NULL; -const routerinfo_t *mock_router_get_my_routerinfo(void) +static const routerinfo_t *mock_router_get_my_routerinfo(void) { return mock_desc_routerinfo; }

1 0

[tor/master] Refactor router_dump_exit_policy_to_string
by nickm＠torproject.org 20 Nov '15

20 Nov '15

commit 6913bdfcc568e880873e92331a3182536c3e653e Author: teor (Tim Wilson-Brown) <teor2345(a)gmail.com> Date: Mon Nov 16 23:02:49 2015 +1100 Refactor router_dump_exit_policy_to_string Split out policy_dump_to_string to use it in getinfo_helper_policies. --- src/or/policies.c | 47 +++++++++++++++++++++++++++++++++++++++++++++++ src/or/policies.h | 3 +++ src/or/router.c | 37 +++---------------------------------- 3 files changed, 53 insertions(+), 34 deletions(-) diff --git a/src/or/policies.c b/src/or/policies.c index 91ca867..0e7b3bd 100644 --- a/src/or/policies.c +++ b/src/or/policies.c @@ -2027,6 +2027,53 @@ compare_tor_addr_to_node_policy(const tor_addr_t *addr, uint16_t port, } } +/** + * Given policy_list, a list of addr_policy_t, produce a string + * representation of the list. + * If include_ipv4 is true, include IPv4 entries. + * If include_ipv6 is true, include IPv6 entries. + */ +char * +policy_dump_to_string(const smartlist_t *policy_list, + int include_ipv4, + int include_ipv6) +{ + smartlist_t *policy_string_list; + char *policy_string = NULL; + + policy_string_list = smartlist_new(); + + SMARTLIST_FOREACH_BEGIN(policy_list, addr_policy_t *, tmpe) { + char *pbuf; + int bytes_written_to_pbuf; + if ((tor_addr_family(&tmpe->addr) == AF_INET6) && (!include_ipv6)) { + continue; /* Don't include IPv6 parts of address policy */ + } + if ((tor_addr_family(&tmpe->addr) == AF_INET) && (!include_ipv4)) { + continue; /* Don't include IPv4 parts of address policy */ + } + + pbuf = tor_malloc(POLICY_BUF_LEN); + bytes_written_to_pbuf = policy_write_item(pbuf,POLICY_BUF_LEN, tmpe, 1); + + if (bytes_written_to_pbuf < 0) { + log_warn(LD_BUG, "policy_dump_to_string ran out of room!"); + tor_free(pbuf); + goto done; + } + + smartlist_add(policy_string_list,pbuf); + } SMARTLIST_FOREACH_END(tmpe); + + policy_string = smartlist_join_strings(policy_string_list, "\n", 0, NULL); + +done: + SMARTLIST_FOREACH(policy_string_list, char *, str, tor_free(str)); + smartlist_free(policy_string_list); + + return policy_string; +} + /** Implementation for GETINFO control command: knows the answer for questions * about "exit-policy/..." */ int diff --git a/src/or/policies.h b/src/or/policies.h index 26f92ad..d7cc5a3 100644 --- a/src/or/policies.h +++ b/src/or/policies.h @@ -76,6 +76,9 @@ void addr_policy_append_reject_addr_list(smartlist_t **dest, void policies_set_node_exitpolicy_to_reject_all(node_t *exitrouter); int exit_policy_is_general_exit(smartlist_t *policy); int policy_is_reject_star(const smartlist_t *policy, sa_family_t family); +char * policy_dump_to_string(const smartlist_t *policy_list, + int include_ipv4, + int include_ipv6); int getinfo_helper_policies(control_connection_t *conn, const char *question, char **answer, const char **errmsg); diff --git a/src/or/router.c b/src/or/router.c index 95e5ad8..9020345 100644 --- a/src/or/router.c +++ b/src/or/router.c @@ -2728,44 +2728,13 @@ router_dump_exit_policy_to_string(const routerinfo_t *router, int include_ipv4, int include_ipv6) { - smartlist_t *exit_policy_strings; - char *policy_string = NULL; - if ((!router->exit_policy) || (router->policy_is_reject_star)) { return tor_strdup("reject *:*"); } - exit_policy_strings = smartlist_new(); - - SMARTLIST_FOREACH_BEGIN(router->exit_policy, addr_policy_t *, tmpe) { - char *pbuf; - int bytes_written_to_pbuf; - if ((tor_addr_family(&tmpe->addr) == AF_INET6) && (!include_ipv6)) { - continue; /* Don't include IPv6 parts of address policy */ - } - if ((tor_addr_family(&tmpe->addr) == AF_INET) && (!include_ipv4)) { - continue; /* Don't include IPv4 parts of address policy */ - } - - pbuf = tor_malloc(POLICY_BUF_LEN); - bytes_written_to_pbuf = policy_write_item(pbuf,POLICY_BUF_LEN, tmpe, 1); - - if (bytes_written_to_pbuf < 0) { - log_warn(LD_BUG, "router_dump_exit_policy_to_string ran out of room!"); - tor_free(pbuf); - goto done; - } - - smartlist_add(exit_policy_strings,pbuf); - } SMARTLIST_FOREACH_END(tmpe); - - policy_string = smartlist_join_strings(exit_policy_strings, "\n", 0, NULL); - - done: - SMARTLIST_FOREACH(exit_policy_strings, char *, str, tor_free(str)); - smartlist_free(exit_policy_strings); - - return policy_string; + return policy_dump_to_string(router->exit_policy, + include_ipv4, + include_ipv6); } /** Copy the primary (IPv4) OR port (IP address and TCP port) for

1 0

[tor/master] Add controller getinfo exit-policy/reject-private
by nickm＠torproject.org 20 Nov '15

20 Nov '15

commit 10a6390deb3c9ff9fbd8078fc812abf6c77ad67f Author: teor (Tim Wilson-Brown) <teor2345(a)gmail.com> Date: Mon Nov 16 20:40:17 2015 +1100 Add controller getinfo exit-policy/reject-private exit-policy/reject-private lists the reject rules added by ExitPolicyRejectPrivate. This makes it easier for stem to display exit policies. Add unit tests for getinfo exit-policy/*. Completes ticket #17183. Patch by "teor". --- changes/getinfo-private-exitpolicy | 6 + src/or/control.c | 6 + src/or/policies.c | 307 ++++++++++++++++++++++-------------- src/or/policies.h | 15 +- src/test/test_policy.c | 302 ++++++++++++++++++++++++----------- 5 files changed, 417 insertions(+), 219 deletions(-) diff --git a/changes/getinfo-private-exitpolicy b/changes/getinfo-private-exitpolicy new file mode 100644 index 0000000..e834516 --- /dev/null +++ b/changes/getinfo-private-exitpolicy @@ -0,0 +1,6 @@ + o Minor features (exit policies, controllers): + - Add controller getinfo exit-policy/reject-private/[default,relay] + for the reject rules added by ExitPolicyRejectPrivate. This makes + it easier for stem to display exit policies. + - Add unit tests for getinfo exit-policy/*. + Completes ticket #17183. Patch by "teor". diff --git a/src/or/control.c b/src/or/control.c index 7d72342..7e65611 100644 --- a/src/or/control.c +++ b/src/or/control.c @@ -2562,6 +2562,12 @@ static const getinfo_item_t getinfo_items[] = { "v3 Networkstatus consensus as retrieved from a DirPort."), ITEM("exit-policy/default", policies, "The default value appended to the configured exit policy."), + ITEM("exit-policy/reject-private/default", policies, + "The default rules appended to the configured exit policy by" + " ExitPolicyRejectPrivate."), + ITEM("exit-policy/reject-private/relay", policies, + "The relay-specific rules appended to the configured exit policy by" + " ExitPolicyRejectPrivate."), ITEM("exit-policy/full", policies, "The entire exit policy of onion router"), ITEM("exit-policy/ipv4", policies, "IPv4 parts of exit policy"), ITEM("exit-policy/ipv6", policies, "IPv6 parts of exit policy"), diff --git a/src/or/policies.c b/src/or/policies.c index 0e7b3bd..f4cde43 100644 --- a/src/or/policies.c +++ b/src/or/policies.c @@ -63,17 +63,14 @@ static const char *private_nets[] = { }; static int policies_parse_exit_policy_internal( - config_line_t *cfg, - smartlist_t **dest, - int ipv6_exit, - int rejectprivate, - uint32_t local_address, - const tor_addr_t *ipv6_local_address, - const tor_addr_t *ipv4_outbound_address, - const tor_addr_t *ipv6_outbound_address, - int reject_interface_addresses, - int reject_configured_port_addresses, - int add_default_policy); + config_line_t *cfg, + smartlist_t **dest, + int ipv6_exit, + int rejectprivate, + const smartlist_t *configured_addresses, + int reject_interface_addresses, + int reject_configured_port_addresses, + int add_default_policy); /** Replace all "private" entries in *policy with their expanded * equivalents. */ @@ -868,7 +865,7 @@ addr_policy_intersects(addr_policy_t *a, addr_policy_t *b) /** Add the exit policy described by more to policy. */ -static void +STATIC void append_exit_policy_string(smartlist_t **policy, const char *more) { config_line_t tmp; @@ -885,6 +882,9 @@ append_exit_policy_string(smartlist_t **policy, const char *more) void addr_policy_append_reject_addr(smartlist_t **dest, const tor_addr_t *addr) { + tor_assert(dest); + tor_assert(addr); + addr_policy_t p, *add; memset(&p, 0, sizeof(p)); p.policy_type = ADDR_POLICY_REJECT; @@ -902,17 +902,68 @@ addr_policy_append_reject_addr(smartlist_t **dest, const tor_addr_t *addr) } +/* Is addr public for the purposes of rejection? */ +static int +tor_addr_is_public_for_reject(const tor_addr_t *addr) +{ + return !tor_addr_is_null(addr) && !tor_addr_is_internal(addr, 0); +} + +/* Add "reject addr:*" to dest, creating the list as needed. + * Filter the address, only adding an IPv4 reject rule if ipv4_rules + * is true, and similarly for ipv6_rules. Check each address returns true for + * tor_addr_is_public_for_reject before adding it. + */ +static void +addr_policy_append_reject_addr_filter(smartlist_t **dest, + const tor_addr_t *addr, + int ipv4_rules, + int ipv6_rules) +{ + tor_assert(dest); + tor_assert(addr); + + /* Only reject IP addresses which are public */ + if (tor_addr_is_public_for_reject(addr)) { + + /* Reject IPv4 addresses and IPv6 addresses based on the filters */ + int is_ipv4 = tor_addr_is_v4(addr); + if ((is_ipv4 && ipv4_rules) || (!is_ipv4 && ipv6_rules)) { + addr_policy_append_reject_addr(dest, addr); + } + } +} + /** Add "reject addr:*" to dest, for each addr in addrs, creating the * list as needed. */ void addr_policy_append_reject_addr_list(smartlist_t **dest, const smartlist_t *addrs) { + tor_assert(dest); + tor_assert(addrs); + SMARTLIST_FOREACH_BEGIN(addrs, tor_addr_t *, addr) { addr_policy_append_reject_addr(dest, addr); } SMARTLIST_FOREACH_END(addr); } +/** Add "reject addr:*" to dest, for each addr in addrs, creating the + * list as needed. Filter using */ +static void +addr_policy_append_reject_addr_list_filter(smartlist_t **dest, + const smartlist_t *addrs, + int ipv4_rules, + int ipv6_rules) +{ + tor_assert(dest); + tor_assert(addrs); + + SMARTLIST_FOREACH_BEGIN(addrs, tor_addr_t *, addr) { + addr_policy_append_reject_addr_filter(dest, addr, ipv4_rules, ipv6_rules); + } SMARTLIST_FOREACH_END(addr); +} + /** Detect and excise "dead code" from the policy *dest. */ static void exit_policy_remove_redundancies(smartlist_t *dest) @@ -997,21 +1048,12 @@ exit_policy_remove_redundancies(smartlist_t *dest) } } -/* Is addr public for the purposes of rejection? */ -static int -tor_addr_is_public_for_reject(const tor_addr_t *addr) -{ - return !tor_addr_is_null(addr) && !tor_addr_is_internal(addr, 0); -} - /** Reject private helper for policies_parse_exit_policy_internal: rejects * publicly routable addresses on this exit relay. * * Add reject entries to the linked list *dest: - * - if local_address is non-zero, treat it as a host-order IPv4 address, - * and add an entry that rejects it as a destination. - * - if ipv6_local_address, ipv4_outbound_address, or ipv6_outbound_address - * are non-NULL, add entries that reject them as destinations. + * - if configured_addresses is non-NULL, add entries that reject each + * tor_addr_t* in the list as a destination. * - if reject_interface_addresses is true, add entries that reject each * public IPv4 and IPv6 address of each interface on this machine. * - if reject_configured_port_addresses is true, add entries that reject @@ -1027,60 +1069,16 @@ void policies_parse_exit_policy_reject_private( smartlist_t **dest, int ipv6_exit, - uint32_t local_address, - const tor_addr_t *ipv6_local_address, - const tor_addr_t *ipv4_outbound_address, - const tor_addr_t *ipv6_outbound_address, + const smartlist_t *configured_addresses, int reject_interface_addresses, int reject_configured_port_addresses) { tor_assert(dest); - /* Reject our local IPv4 address */ - if (local_address) { - tor_addr_t v4_local; - tor_addr_from_ipv4h(&v4_local, local_address); - if (tor_addr_is_public_for_reject(&v4_local)) { - addr_policy_append_reject_addr(dest, &v4_local); - log_info(LD_CONFIG, "Adding a reject ExitPolicy 'reject %s:*' for our " - "published IPv4 address", fmt_addr32(local_address)); - } - } - - /* Reject the outbound IPv4 connection address */ - if (ipv4_outbound_address - && tor_addr_is_public_for_reject(ipv4_outbound_address)) { - addr_policy_append_reject_addr(dest, ipv4_outbound_address); - log_info(LD_CONFIG, "Adding a reject ExitPolicy 'reject %s:*' for " - "our outbound IPv4 connection address", - fmt_addr(ipv4_outbound_address)); - } - - /* If we're not an IPv6 exit, all IPv6 addresses have already been rejected - * by policies_parse_exit_policy_internal */ - if (ipv6_exit) { - - /* Reject our local IPv6 address */ - if (ipv6_local_address != NULL - && tor_addr_is_public_for_reject(ipv6_local_address)) { - if (tor_addr_is_v4(ipv6_local_address)) { - log_warn(LD_CONFIG, "IPv4 address '%s' provided as our IPv6 local " - "address", fmt_addr(ipv6_local_address)); - } else { - addr_policy_append_reject_addr(dest, ipv6_local_address); - log_info(LD_CONFIG, "Adding a reject ExitPolicy 'reject [%s]:*' for " - "our published IPv6 address", fmt_addr(ipv6_local_address)); - } - } - - /* Reject the outbound IPv6 connection address */ - if (ipv6_outbound_address - && tor_addr_is_public_for_reject(ipv6_outbound_address)) { - addr_policy_append_reject_addr(dest, ipv6_outbound_address); - log_info(LD_CONFIG, "Adding a reject ExitPolicy 'reject [%s]:*' for " - "our outbound IPv6 connection address", - fmt_addr(ipv6_outbound_address)); - } + /* Reject configured addresses, if they are from public netblocks. */ + if (configured_addresses) { + addr_policy_append_reject_addr_list_filter(dest, configured_addresses, + 1, ipv6_exit); } /* Reject configured port addresses, if they are from public netblocks. */ @@ -1089,14 +1087,9 @@ policies_parse_exit_policy_reject_private( SMARTLIST_FOREACH_BEGIN(port_addrs, port_cfg_t *, port) { - /* Only reject IP addresses which are public */ - if (!port->is_unix_addr && tor_addr_is_public_for_reject(&port->addr)) { - - /* Reject IPv4 addresses. If we are an IPv6 exit, also reject IPv6 - * addresses */ - if (tor_addr_is_v4(&port->addr) || ipv6_exit) { - addr_policy_append_reject_addr(dest, &port->addr); - } + /* Only reject port IP addresses, not port unix sockets */ + if (!port->is_unix_addr) { + addr_policy_append_reject_addr_filter(dest, &port->addr, 1, ipv6_exit); } } SMARTLIST_FOREACH_END(port); } @@ -1107,13 +1100,14 @@ policies_parse_exit_policy_reject_private( /* Reject public IPv4 addresses on any interface */ public_addresses = get_interface_address6_list(LOG_INFO, AF_INET, 0); - addr_policy_append_reject_addr_list(dest, public_addresses); + addr_policy_append_reject_addr_list_filter(dest, public_addresses, 1, 0); free_interface_address6_list(public_addresses); + /* Don't look for IPv6 addresses if we're configured as IPv4-only */ if (ipv6_exit) { /* Reject public IPv6 addresses on any interface */ public_addresses = get_interface_address6_list(LOG_INFO, AF_INET6, 0); - addr_policy_append_reject_addr_list(dest, public_addresses); + addr_policy_append_reject_addr_list_filter(dest, public_addresses, 0, 1); free_interface_address6_list(public_addresses); } } @@ -1149,13 +1143,11 @@ policies_parse_exit_policy_reject_private( * see router_add_exit_policy. */ static int -policies_parse_exit_policy_internal(config_line_t *cfg, smartlist_t **dest, +policies_parse_exit_policy_internal(config_line_t *cfg, + smartlist_t **dest, int ipv6_exit, int rejectprivate, - uint32_t local_address, - const tor_addr_t *ipv6_local_address, - const tor_addr_t *ipv4_outbound_address, - const tor_addr_t *ipv6_outbound_address, + const smartlist_t *configured_addresses, int reject_interface_addresses, int reject_configured_port_addresses, int add_default_policy) @@ -1168,10 +1160,8 @@ policies_parse_exit_policy_internal(config_line_t *cfg, smartlist_t **dest, append_exit_policy_string(dest, "reject private:*"); /* Reject IPv4 and IPv6 publicly routable addresses on this exit relay */ policies_parse_exit_policy_reject_private( - dest, ipv6_exit, local_address, - ipv6_local_address, - ipv4_outbound_address, - ipv6_outbound_address, + dest, ipv6_exit, + configured_addresses, reject_interface_addresses, reject_configured_port_addresses); } @@ -1256,12 +1246,8 @@ policies_parse_exit_policy_internal(config_line_t *cfg, smartlist_t **dest, * If EXIT_POLICY_REJECT_PRIVATE bit is set in options: * - prepend an entry that rejects all destinations in all netblocks * reserved for private use. - * - if local_address is non-zero, treat it as a host-order IPv4 address, - * and prepend an entry that rejects it as a destination. - * - if ipv6_local_address is non-NULL, prepend an entry that rejects it as - * a destination. - * - if reject_interface_addresses is true, prepend entries that reject each - * public IPv4 and IPv6 address of each interface on this machine. + * - prepend entries that reject publicly routable addresses on this exit + * relay by calling policies_parse_exit_policy_internal * * If EXIT_POLICY_ADD_DEFAULT bit is set in options, append * default exit policy entries to result smartlist. @@ -1269,10 +1255,7 @@ policies_parse_exit_policy_internal(config_line_t *cfg, smartlist_t **dest, int policies_parse_exit_policy(config_line_t *cfg, smartlist_t **dest, exit_policy_parser_cfg_t options, - uint32_t local_address, - const tor_addr_t *ipv6_local_address, - const tor_addr_t *ipv4_outbound_address, - const tor_addr_t *ipv6_outbound_address) + const smartlist_t *configured_addresses) { int ipv6_enabled = (options & EXIT_POLICY_IPV6_ENABLED) ? 1 : 0; int reject_private = (options & EXIT_POLICY_REJECT_PRIVATE) ? 1 : 0; @@ -1280,15 +1263,51 @@ policies_parse_exit_policy(config_line_t *cfg, smartlist_t **dest, return policies_parse_exit_policy_internal(cfg,dest,ipv6_enabled, reject_private, - local_address, - ipv6_local_address, - ipv4_outbound_address, - ipv6_outbound_address, + configured_addresses, reject_private, reject_private, add_default); } +/** Helper function that adds addr to a smartlist as long as it is non-NULL + * and not tor_addr_is_null(). */ +static void +policies_add_addr_to_smartlist(smartlist_t *addr_list, const tor_addr_t *addr) +{ + if (addr && !tor_addr_is_null(addr)) { + smartlist_add(addr_list, (void *)addr); + } +} + +/** Helper function that adds ipv4h_addr to a smartlist as a tor_addr_t *, + * by converting it to a tor_addr_t and passing it to + * policies_add_addr_to_smartlist. */ +static void +policies_add_ipv4h_to_smartlist(smartlist_t *addr_list, uint32_t ipv4h_addr) +{ + if (ipv4h_addr) { + tor_addr_t ipv4_tor_addr; + tor_addr_from_ipv4h(&ipv4_tor_addr, ipv4h_addr); + policies_add_addr_to_smartlist(addr_list, (void *)&ipv4_tor_addr); + } +} + +/** Helper function that adds or_options->OutboundBindAddressIPv[4|6]_ to a + * smartlist as a tor_addr_t *, as long as or_options is non-NULL, + * by passing them to policies_add_addr_to_smartlist. */ +static void +policies_add_outbound_addresses_to_smartlist(smartlist_t *addr_list, + const or_options_t *or_options) +{ + if (or_options) { + policies_add_addr_to_smartlist(addr_list, + &or_options->OutboundBindAddressIPv4_); + policies_add_addr_to_smartlist(addr_list, + &or_options->OutboundBindAddressIPv6_); + } +} + + /** Parse ExitPolicy member of or_options into result * smartlist. * If or_options->IPv6Exit is false, prepend an entry that @@ -1298,11 +1317,13 @@ policies_parse_exit_policy(config_line_t *cfg, smartlist_t **dest, * - prepend an entry that rejects all destinations in all netblocks reserved * for private use. * - if local_address is non-zero, treat it as a host-order IPv4 address, and - * prepend an entry that rejects it as a destination. - * - if ipv6_local_address is non-NULL, prepend an entry that rejects it as a - * destination. - * - if reject_interface_addresses is true, prepend entries that reject each - * public IPv4 and IPv6 address of each interface on this machine. + * add it to the list of configured addresses. + * - if ipv6_local_address is non-NULL, and not the null tor_addr_t, add it + * to the list of configured addresses. + * - if or_options->OutboundBindAddressIPv4_ is not the null tor_addr_t, add + * it to the list of configured addresses. + * - if or_options->OutboundBindAddressIPv6_ is not the null tor_addr_t, add + * it to the list of configured addresses. * * If or_options->BridgeRelay is false, append entries of default * Tor exit policy into result smartlist. @@ -1317,13 +1338,17 @@ policies_parse_exit_policy_from_options(const or_options_t *or_options, smartlist_t **result) { exit_policy_parser_cfg_t parser_cfg = 0; + smartlist_t *configured_addresses = smartlist_new(); + int rv = 0; + /* Short-circuit for non-exit relays */ if (or_options->ExitRelay == 0) { append_exit_policy_string(result, "reject *4:*"); append_exit_policy_string(result, "reject *6:*"); return 0; } + /* Configure the parser */ if (or_options->IPv6Exit) { parser_cfg |= EXIT_POLICY_IPV6_ENABLED; } @@ -1336,11 +1361,20 @@ policies_parse_exit_policy_from_options(const or_options_t *or_options, parser_cfg |= EXIT_POLICY_ADD_DEFAULT; } - return policies_parse_exit_policy(or_options->ExitPolicy,result, - parser_cfg,local_address, - ipv6_local_address, - &or_options->OutboundBindAddressIPv4_, - &or_options->OutboundBindAddressIPv6_); + /* Add the configured addresses to the tor_addr_t* list */ + policies_add_ipv4h_to_smartlist(configured_addresses, local_address); + policies_add_addr_to_smartlist(configured_addresses, ipv6_local_address); + policies_add_outbound_addresses_to_smartlist(configured_addresses, + or_options); + + rv = policies_parse_exit_policy(or_options->ExitPolicy, result, parser_cfg, + configured_addresses); + + /* We don't need to free the pointers in this list, they are either constant + * or locally scoped. */ + smartlist_free(configured_addresses); + + return rv; } /** Add "reject *:*" to the end of the policy in *dest, allocating @@ -2085,6 +2119,49 @@ getinfo_helper_policies(control_connection_t *conn, (void) errmsg; if (!strcmp(question, "exit-policy/default")) { *answer = tor_strdup(DEFAULT_EXIT_POLICY); + } else if (!strcmp(question, "exit-policy/reject-private/default")) { + smartlist_t *private_policy_strings; + const char **priv = private_nets; + + private_policy_strings = smartlist_new(); + + while (*priv != NULL) { + /* IPv6 addresses are in "[]" and contain ":", + * IPv4 addresses are not in "[]" and contain "." */ + smartlist_add_asprintf(private_policy_strings, "reject %s:*", *priv); + priv++; + } + + *answer = smartlist_join_strings(private_policy_strings, + ",", 0, NULL); + + SMARTLIST_FOREACH(private_policy_strings, char *, str, tor_free(str)); + smartlist_free(private_policy_strings); + } else if (!strcmp(question, "exit-policy/reject-private/relay")) { + const or_options_t *options = get_options(); + const routerinfo_t *me = router_get_my_routerinfo(); + smartlist_t *private_policy_list = smartlist_new(); + smartlist_t *configured_addresses = smartlist_new(); + + if (!me) { + *errmsg = "router_get_my_routerinfo returned NULL"; + return -1; + } + + /* Add the configured addresses to the tor_addr_t* list */ + policies_add_ipv4h_to_smartlist(configured_addresses, me->addr); + policies_add_addr_to_smartlist(configured_addresses, &me->ipv6_addr); + policies_add_outbound_addresses_to_smartlist(configured_addresses, + options); + + policies_parse_exit_policy_reject_private( + &private_policy_list, + options->IPv6Exit, + configured_addresses, + 1, 1); + *answer = policy_dump_to_string(private_policy_list, 1, 1); + + addr_policy_list_free(private_policy_list); } else if (!strcmpstart(question, "exit-policy/")) { const routerinfo_t *me = router_get_my_routerinfo(); diff --git a/src/or/policies.h b/src/or/policies.h index d7cc5a3..72e62c7 100644 --- a/src/or/policies.h +++ b/src/or/policies.h @@ -44,7 +44,6 @@ addr_policy_t *addr_policy_get_canonical_entry(addr_policy_t *ent); int cmp_addr_policies(smartlist_t *a, smartlist_t *b); MOCK_DECL(addr_policy_result_t, compare_tor_addr_to_addr_policy, (const tor_addr_t *addr, uint16_t port, const smartlist_t *policy)); - addr_policy_result_t compare_tor_addr_to_node_policy(const tor_addr_t *addr, uint16_t port, const node_t *node); @@ -55,17 +54,11 @@ int policies_parse_exit_policy_from_options( smartlist_t **result); int policies_parse_exit_policy(config_line_t *cfg, smartlist_t **dest, exit_policy_parser_cfg_t options, - uint32_t local_address, - const tor_addr_t *ipv6_local_address, - const tor_addr_t *ipv4_outbound_address, - const tor_addr_t *ipv6_outbound_address); + const smartlist_t *configured_addresses); void policies_parse_exit_policy_reject_private( smartlist_t **dest, int ipv6_exit, - uint32_t local_address, - const tor_addr_t *ipv6_local_address, - const tor_addr_t *ipv4_outbound_address, - const tor_addr_t *ipv6_outbound_address, + const smartlist_t *configured_addresses, int reject_interface_addresses, int reject_configured_port_addresses); void policies_exit_policy_append_reject_star(smartlist_t **dest); @@ -99,5 +92,9 @@ addr_policy_result_t compare_tor_addr_to_short_policy( const tor_addr_t *addr, uint16_t port, const short_policy_t *policy); +#ifdef POLICIES_PRIVATE +void append_exit_policy_string(smartlist_t **policy, const char *more); +#endif + #endif diff --git a/src/test/test_policy.c b/src/test/test_policy.c index 18d9594..9ab3abe 100644 --- a/src/test/test_policy.c +++ b/src/test/test_policy.c @@ -6,6 +6,7 @@ #include "config.h" #include "router.h" #include "routerparse.h" +#define POLICIES_PRIVATE #include "policies.h" #include "test.h" @@ -51,7 +52,7 @@ test_policy_summary_helper(const char *policy_str, r = policies_parse_exit_policy(&line, &policy, EXIT_POLICY_IPV6_ENABLED | - EXIT_POLICY_ADD_DEFAULT, 0, NULL, NULL, NULL); + EXIT_POLICY_ADD_DEFAULT, NULL); tt_int_op(r,OP_EQ, 0); summary = policy_summarize(policy, AF_INET); @@ -82,7 +83,8 @@ test_policies_general(void *arg) *policy7 = NULL, *policy8 = NULL, *policy9 = NULL, *policy10 = NULL, *policy11 = NULL, *policy12 = NULL; addr_policy_t *p; - tor_addr_t tar; + tor_addr_t tar, tar2; + smartlist_t *addr_list = NULL; config_line_t line; smartlist_t *sm = NULL; char *policy_str = NULL; @@ -117,18 +119,22 @@ test_policies_general(void *arg) tt_int_op(0, OP_EQ, policies_parse_exit_policy(NULL, &policy2, EXIT_POLICY_IPV6_ENABLED | EXIT_POLICY_REJECT_PRIVATE | - EXIT_POLICY_ADD_DEFAULT, 0, - NULL, NULL, NULL)); + EXIT_POLICY_ADD_DEFAULT, NULL)); tt_assert(policy2); - tor_addr_parse(&tar, "[2000::1234]"); + tor_addr_from_ipv4h(&tar, 0x0306090cu); + tor_addr_parse(&tar2, "[2000::1234]"); + addr_list = smartlist_new(); + smartlist_add(addr_list, &tar); + smartlist_add(addr_list, &tar2); tt_int_op(0, OP_EQ, policies_parse_exit_policy(NULL, &policy12, EXIT_POLICY_IPV6_ENABLED | EXIT_POLICY_REJECT_PRIVATE | EXIT_POLICY_ADD_DEFAULT, - 0x0306090cu, &tar, NULL, - NULL)); + addr_list)); + smartlist_free(addr_list); + addr_list = NULL; tt_assert(policy12); @@ -209,15 +215,15 @@ test_policies_general(void *arg) tt_int_op(0, OP_EQ, policies_parse_exit_policy(NULL, &policy8, EXIT_POLICY_IPV6_ENABLED | EXIT_POLICY_REJECT_PRIVATE | - EXIT_POLICY_ADD_DEFAULT, 0, - NULL, NULL, NULL)); + EXIT_POLICY_ADD_DEFAULT, + NULL)); tt_assert(policy8); tt_int_op(0, OP_EQ, policies_parse_exit_policy(NULL, &policy9, EXIT_POLICY_REJECT_PRIVATE | - EXIT_POLICY_ADD_DEFAULT, 0, - NULL, NULL, NULL)); + EXIT_POLICY_ADD_DEFAULT, + NULL)); tt_assert(policy9); @@ -271,8 +277,7 @@ test_policies_general(void *arg) line.next = NULL; tt_int_op(0, OP_EQ, policies_parse_exit_policy(&line,&policy, EXIT_POLICY_IPV6_ENABLED | - EXIT_POLICY_ADD_DEFAULT, 0, - NULL, NULL, NULL)); + EXIT_POLICY_ADD_DEFAULT, NULL)); tt_assert(policy); //test_streq(policy->string, "accept *:80"); @@ -523,118 +528,91 @@ static void test_policies_reject_exit_address(void *arg) { smartlist_t *policy = NULL; - tor_addr_t ipv4_addr; - tor_addr_t ipv6_addr; + tor_addr_t ipv4_addr, ipv6_addr; + smartlist_t *ipv4_list, *ipv6_list, *both_list, *dupl_list; (void)arg; tor_addr_from_ipv4h(&ipv4_addr, TEST_IPV4_ADDR); tor_addr_parse(&ipv6_addr, TEST_IPV6_ADDR); - /* test that local_address is interpreted as an IPv4 host-order address and - * rejected on an IPv4-only exit */ - policies_parse_exit_policy_reject_private(&policy, 0, TEST_IPV4_ADDR, NULL, - NULL, NULL, 0, 0); - tt_assert(policy); - tt_assert(smartlist_len(policy) == 1); - tt_assert(test_policy_has_address_helper(policy, &ipv4_addr)); - addr_policy_list_free(policy); - policy = NULL; + ipv4_list = smartlist_new(); + ipv6_list = smartlist_new(); + both_list = smartlist_new(); + dupl_list = smartlist_new(); - /* test that local_address is interpreted as an IPv4 host-order address and - * rejected on an IPv4/IPv6 exit */ - policies_parse_exit_policy_reject_private(&policy, 1, TEST_IPV4_ADDR, NULL, - NULL, NULL, 0, 0); - tt_assert(policy); - tt_assert(smartlist_len(policy) == 1); - tt_assert(test_policy_has_address_helper(policy, &ipv4_addr)); - addr_policy_list_free(policy); - policy = NULL; + smartlist_add(ipv4_list, &ipv4_addr); + smartlist_add(both_list, &ipv4_addr); + smartlist_add(dupl_list, &ipv4_addr); + smartlist_add(dupl_list, &ipv4_addr); + smartlist_add(dupl_list, &ipv4_addr); + + smartlist_add(ipv6_list, &ipv6_addr); + smartlist_add(both_list, &ipv6_addr); + smartlist_add(dupl_list, &ipv6_addr); + smartlist_add(dupl_list, &ipv6_addr); - /* test that ipv6_local_address is rejected on an IPv4/IPv6 exit */ - policies_parse_exit_policy_reject_private(&policy, 1, 0, &ipv6_addr, NULL, - NULL, 0, 0); + /* IPv4-Only Exits */ + + /* test that IPv4 addresses are rejected on an IPv4-only exit */ + policies_parse_exit_policy_reject_private(&policy, 0, ipv4_list, 0, 0); tt_assert(policy); tt_assert(smartlist_len(policy) == 1); - tt_assert(test_policy_has_address_helper(policy, &ipv6_addr)); + tt_assert(test_policy_has_address_helper(policy, &ipv4_addr)); addr_policy_list_free(policy); policy = NULL; - /* test that ipv6_local_address is NOT rejected on an IPv4-only exit + /* test that IPv6 addresses are NOT rejected on an IPv4-only exit * (all IPv6 addresses are rejected by policies_parse_exit_policy_internal * on IPv4-only exits, so policies_parse_exit_policy_reject_private doesn't * need to do anything) */ - policies_parse_exit_policy_reject_private(&policy, 0, 0, &ipv6_addr, NULL, - NULL, 0, 0); + policies_parse_exit_policy_reject_private(&policy, 0, ipv6_list, 0, 0); tt_assert(policy == NULL); - done: + /* test that only IPv4 addresses are rejected on an IPv4-only exit */ + policies_parse_exit_policy_reject_private(&policy, 0, both_list, 0, 0); + tt_assert(policy); + tt_assert(smartlist_len(policy) == 1); + tt_assert(test_policy_has_address_helper(policy, &ipv4_addr)); addr_policy_list_free(policy); -} - -/** Run unit tests for rejecting outbound connection addresses on this - * exit relay using policies_parse_exit_policy_reject_private */ -static void -test_policies_reject_outbound_address(void *arg) -{ - smartlist_t *policy = NULL; - tor_addr_t ipv4_addr, ipv6_addr; - (void)arg; - - tor_addr_from_ipv4h(&ipv4_addr, TEST_IPV4_ADDR); - tor_addr_parse(&ipv6_addr, TEST_IPV6_ADDR); + policy = NULL; - /* test that OutboundBindAddressIPv4_ is rejected on an IPv4-only exit */ - policies_parse_exit_policy_reject_private(&policy, 0, 0, NULL, &ipv4_addr, - NULL, 0, 0); + /* Test that lists with duplicate entries produce the same results */ + policies_parse_exit_policy_reject_private(&policy, 0, dupl_list, 0, 0); tt_assert(policy); tt_assert(smartlist_len(policy) == 1); tt_assert(test_policy_has_address_helper(policy, &ipv4_addr)); addr_policy_list_free(policy); policy = NULL; - /* test that OutboundBindAddressIPv4_ is rejected on an IPv4/IPv6 exit */ - policies_parse_exit_policy_reject_private(&policy, 1, 0, NULL, &ipv4_addr, - NULL, 0, 0); + /* IPv4/IPv6 Exits */ + + /* test that IPv4 addresses are rejected on an IPv4/IPv6 exit */ + policies_parse_exit_policy_reject_private(&policy, 1, ipv4_list, 0, 0); tt_assert(policy); tt_assert(smartlist_len(policy) == 1); tt_assert(test_policy_has_address_helper(policy, &ipv4_addr)); addr_policy_list_free(policy); policy = NULL; - /* test that OutboundBindAddressIPv6_ is rejected on an IPv4/IPv6 exit */ - policies_parse_exit_policy_reject_private(&policy, 1, 0, NULL, NULL, - &ipv6_addr, 0, 0); + /* test that IPv6 addresses are rejected on an IPv4/IPv6 exit */ + policies_parse_exit_policy_reject_private(&policy, 1, ipv6_list, 0, 0); tt_assert(policy); tt_assert(smartlist_len(policy) == 1); tt_assert(test_policy_has_address_helper(policy, &ipv6_addr)); addr_policy_list_free(policy); policy = NULL; - /* test that OutboundBindAddressIPv6_ is NOT rejected on an IPv4-only exit - * (all IPv6 addresses are rejected by policies_parse_exit_policy_internal - * on IPv4-only exits, so policies_parse_exit_policy_reject_private doesn't - * need to do anything with IPv6 addresses on IPv4-only exits) */ - policies_parse_exit_policy_reject_private(&policy, 0, 0, NULL, NULL, - &ipv6_addr, 0, 0); - tt_assert(policy == NULL); - - /* test that OutboundBindAddressIPv4_ is rejected on an IPv4-only exit, - * but OutboundBindAddressIPv6_ is NOT rejected (all IPv6 addresses are - * rejected by policies_parse_exit_policy_internal on IPv4-only exits, so - * policies_parse_exit_policy_reject_private doesn't need to do anything - * with IPv6 addresses on IPv4-only exits) */ - policies_parse_exit_policy_reject_private(&policy, 0, 0, NULL, &ipv4_addr, - &ipv6_addr, 0, 0); + /* test that IPv4 and IPv6 addresses are rejected on an IPv4/IPv6 exit */ + policies_parse_exit_policy_reject_private(&policy, 1, both_list, 0, 0); tt_assert(policy); - tt_assert(smartlist_len(policy) == 1); + tt_assert(smartlist_len(policy) == 2); tt_assert(test_policy_has_address_helper(policy, &ipv4_addr)); + tt_assert(test_policy_has_address_helper(policy, &ipv6_addr)); addr_policy_list_free(policy); policy = NULL; - /* test that OutboundBindAddressIPv4_ and OutboundBindAddressIPv6_ are - * rejected on an IPv4/IPv6 exit */ - policies_parse_exit_policy_reject_private(&policy, 1, 0, NULL, &ipv4_addr, - &ipv6_addr, 0, 0); + /* Test that lists with duplicate entries produce the same results */ + policies_parse_exit_policy_reject_private(&policy, 1, dupl_list, 0, 0); tt_assert(policy); tt_assert(smartlist_len(policy) == 2); tt_assert(test_policy_has_address_helper(policy, &ipv4_addr)); @@ -642,8 +620,12 @@ test_policies_reject_outbound_address(void *arg) addr_policy_list_free(policy); policy = NULL; -done: + done: addr_policy_list_free(policy); + smartlist_free(ipv4_list); + smartlist_free(ipv6_list); + smartlist_free(both_list); + smartlist_free(dupl_list); } static smartlist_t *test_configured_ports = NULL; @@ -683,8 +665,7 @@ test_policies_reject_port_address(void *arg) * policies_parse_exit_policy_internal on IPv4-only exits, so * policies_parse_exit_policy_reject_private doesn't need to do anything * with IPv6 addresses on IPv4-only exits) */ - policies_parse_exit_policy_reject_private(&policy, 0, 0, NULL, NULL, NULL, - 0, 1); + policies_parse_exit_policy_reject_private(&policy, 0, NULL, 0, 1); tt_assert(policy); tt_assert(smartlist_len(policy) == 1); tt_assert(test_policy_has_address_helper(policy, &ipv4_port->addr)); @@ -692,8 +673,7 @@ test_policies_reject_port_address(void *arg) policy = NULL; /* test that IPv4 and IPv6 ports are rejected on an IPv4/IPv6 exit */ - policies_parse_exit_policy_reject_private(&policy, 1, 0, NULL, NULL, NULL, - 0, 1); + policies_parse_exit_policy_reject_private(&policy, 1, NULL, 0, 1); tt_assert(policy); tt_assert(smartlist_len(policy) == 2); tt_assert(test_policy_has_address_helper(policy, &ipv4_port->addr)); @@ -728,14 +708,12 @@ test_policies_reject_interface_address(void *arg) (void)arg; /* test that no addresses are rejected when none are supplied/requested */ - policies_parse_exit_policy_reject_private(&policy, 0, 0, NULL, NULL, NULL, - 0, 0); + policies_parse_exit_policy_reject_private(&policy, 0, NULL, 0, 0); tt_assert(policy == NULL); /* test that only IPv4 interface addresses are rejected on an IPv4-only exit */ - policies_parse_exit_policy_reject_private(&policy, 0, 0, NULL, NULL, NULL, - 1, 0); + policies_parse_exit_policy_reject_private(&policy, 0, NULL, 1, 0); if (policy) { tt_assert(smartlist_len(policy) == smartlist_len(public_ipv4_addrs)); addr_policy_list_free(policy); @@ -744,8 +722,7 @@ test_policies_reject_interface_address(void *arg) /* test that IPv4 and IPv6 interface addresses are rejected on an IPv4/IPv6 * exit */ - policies_parse_exit_policy_reject_private(&policy, 0, 0, NULL, NULL, NULL, - 1, 0); + policies_parse_exit_policy_reject_private(&policy, 0, NULL, 1, 0); if (policy) { tt_assert(smartlist_len(policy) == (smartlist_len(public_ipv4_addrs) + smartlist_len(public_ipv6_addrs))); @@ -848,13 +825,148 @@ test_dump_exit_policy_to_string(void *arg) tor_free(ep); } +static routerinfo_t *mock_desc_routerinfo = NULL; +const routerinfo_t *mock_router_get_my_routerinfo(void) +{ + return mock_desc_routerinfo; +} + +#define DEFAULT_POLICY_STRING "reject *:*" +#define TEST_IPV4_ADDR (0x02040608) +#define TEST_IPV6_ADDR ("2003::ef01") + +static or_options_t mock_options; + +static const or_options_t * +mock_get_options(void) +{ + return &mock_options; +} + +/** Run unit tests for generating summary lines of exit policies */ +static void +test_policies_getinfo_helper_policies(void *arg) +{ + (void)arg; + int rv = 0; + size_t ipv4_len = 0, ipv6_len = 0; + char *answer = NULL; + const char *errmsg = NULL; + routerinfo_t mock_my_routerinfo; + + rv = getinfo_helper_policies(NULL, "exit-policy/default", &answer, &errmsg); + tt_assert(rv == 0); + tt_assert(answer != NULL); + tt_assert(strlen(answer) > 0); + tor_free(answer); + + rv = getinfo_helper_policies(NULL, "exit-policy/reject-private/default", + &answer, &errmsg); + tt_assert(rv == 0); + tt_assert(answer != NULL); + tt_assert(strlen(answer) > 0); + tor_free(answer); + + memset(&mock_my_routerinfo, 0, sizeof(routerinfo_t)); + MOCK(router_get_my_routerinfo, mock_router_get_my_routerinfo); + mock_my_routerinfo.exit_policy = smartlist_new(); + mock_desc_routerinfo = &mock_my_routerinfo; + + memset(&mock_options, 0, sizeof(or_options_t)); + MOCK(get_options, mock_get_options); + + rv = getinfo_helper_policies(NULL, "exit-policy/reject-private/relay", + &answer, &errmsg); + tt_assert(rv == 0); + tt_assert(answer != NULL); + tt_assert(strlen(answer) == 0); + tor_free(answer); + + rv = getinfo_helper_policies(NULL, "exit-policy/ipv4", &answer, + &errmsg); + tt_assert(rv == 0); + tt_assert(answer != NULL); + ipv4_len = strlen(answer); + tt_assert(ipv4_len == 0 || ipv4_len == strlen(DEFAULT_POLICY_STRING)); + tt_assert(ipv4_len == 0 || !strcasecmp(answer, DEFAULT_POLICY_STRING)); + tor_free(answer); + + rv = getinfo_helper_policies(NULL, "exit-policy/ipv6", &answer, + &errmsg); + tt_assert(rv == 0); + tt_assert(answer != NULL); + ipv6_len = strlen(answer); + tt_assert(ipv6_len == 0 || ipv6_len == strlen(DEFAULT_POLICY_STRING)); + tt_assert(ipv6_len == 0 || !strcasecmp(answer, DEFAULT_POLICY_STRING)); + tor_free(answer); + + rv = getinfo_helper_policies(NULL, "exit-policy/full", &answer, + &errmsg); + tt_assert(rv == 0); + tt_assert(answer != NULL); + /* It's either empty or it's the default */ + tt_assert(strlen(answer) == 0 || !strcasecmp(answer, DEFAULT_POLICY_STRING)); + tor_free(answer); + + mock_my_routerinfo.addr = TEST_IPV4_ADDR; + tor_addr_parse(&mock_my_routerinfo.ipv6_addr, TEST_IPV6_ADDR); + append_exit_policy_string(&mock_my_routerinfo.exit_policy, "accept *4:*"); + append_exit_policy_string(&mock_my_routerinfo.exit_policy, "reject *6:*"); + + mock_options.IPv6Exit = 1; + tor_addr_from_ipv4h(&mock_options.OutboundBindAddressIPv4_, TEST_IPV4_ADDR); + tor_addr_parse(&mock_options.OutboundBindAddressIPv6_, TEST_IPV6_ADDR); + + rv = getinfo_helper_policies(NULL, "exit-policy/reject-private/relay", + &answer, &errmsg); + tt_assert(rv == 0); + tt_assert(answer != NULL); + tt_assert(strlen(answer) > 0); + tor_free(answer); + + rv = getinfo_helper_policies(NULL, "exit-policy/ipv4", &answer, + &errmsg); + tt_assert(rv == 0); + tt_assert(answer != NULL); + ipv4_len = strlen(answer); + tt_assert(ipv4_len > 0); + tor_free(answer); + + rv = getinfo_helper_policies(NULL, "exit-policy/ipv6", &answer, + &errmsg); + tt_assert(rv == 0); + tt_assert(answer != NULL); + ipv6_len = strlen(answer); + tt_assert(ipv6_len > 0); + tor_free(answer); + + rv = getinfo_helper_policies(NULL, "exit-policy/full", &answer, + &errmsg); + tt_assert(rv == 0); + tt_assert(answer != NULL); + tt_assert(strlen(answer) > 0); + tt_assert(strlen(answer) == ipv4_len + ipv6_len + 1); + tor_free(answer); + +done: + tor_free(answer); + UNMOCK(get_options); + UNMOCK(router_get_my_routerinfo); + smartlist_free(mock_my_routerinfo.exit_policy); +} + +#undef DEFAULT_POLICY_STRING +#undef TEST_IPV4_ADDR +#undef TEST_IPV6_ADDR + struct testcase_t policy_tests[] = { { "router_dump_exit_policy_to_string", test_dump_exit_policy_to_string, 0, NULL, NULL }, { "general", test_policies_general, 0, NULL, NULL }, + { "getinfo_helper_policies", test_policies_getinfo_helper_policies, 0, NULL, + NULL }, { "reject_exit_address", test_policies_reject_exit_address, 0, NULL, NULL }, { "reject_interface_address", test_policies_reject_interface_address, 0, NULL, NULL }, - { "reject_outbound_address", test_policies_reject_outbound_address, 0, NULL, NULL }, { "reject_port_address", test_policies_reject_port_address, 0, NULL, NULL }, END_OF_TESTCASES };

1 0

[tor/master] Merge branch 'getinfo-private-exitpolicy-v4-squashed'
by nickm＠torproject.org 20 Nov '15

20 Nov '15

commit 35e886fe13a81b36c8a620f7046e6e9e6c088d01 Merge: 8a41d2a 10a6390 Author: Nick Mathewson <nickm(a)torproject.org> Date: Fri Nov 20 10:48:28 2015 -0500 Merge branch 'getinfo-private-exitpolicy-v4-squashed' changes/bug17027-reject-private-bind-port | 7 + changes/getinfo-private-exitpolicy | 6 + doc/tor.1.txt | 13 +- src/or/config.c | 9 +- src/or/config.h | 4 +- src/or/control.c | 6 + src/or/policies.c | 429 ++++++++++++++++++++++------- src/or/policies.h | 30 +- src/or/router.c | 39 +-- src/test/test_policy.c | 410 ++++++++++++++++++++++++++- 10 files changed, 780 insertions(+), 173 deletions(-)

1 0

[tor/master] fix "make check-spaces"
by nickm＠torproject.org 20 Nov '15

20 Nov '15

commit cbc1b8a4f75d449a0843451954568e0c8498821e Author: Nick Mathewson <nickm(a)torproject.org> Date: Fri Nov 20 10:52:56 2015 -0500 fix "make check-spaces" --- src/common/compat.c | 2 +- src/or/connection_edge.c | 1 + src/or/policies.c | 4 +--- src/test/test_policy.c | 10 ++++++---- 4 files changed, 9 insertions(+), 8 deletions(-) diff --git a/src/common/compat.c b/src/common/compat.c index 24698c3..bd59e0f 100644 --- a/src/common/compat.c +++ b/src/common/compat.c @@ -1568,7 +1568,7 @@ tor_ersatz_socketpair(int family, int type, int protocol, tor_socket_t fd[2]) tor_addr_to_sockaddr(&listen_tor_addr, 0 /* kernel chooses port. */, &listen_addr, - sizeof (listen_addr)); + sizeof(listen_addr)); if (bind(listener, &listen_addr, sizeof (listen_addr)) == -1) goto tidy_up_and_fail; if (listen(listener, 1) == -1) diff --git a/src/or/connection_edge.c b/src/or/connection_edge.c index 67e594a..aad1ea4 100644 --- a/src/or/connection_edge.c +++ b/src/or/connection_edge.c @@ -3598,3 +3598,4 @@ connection_edge_free_all(void) smartlist_free(pending_entry_connections); pending_entry_connections = NULL; } + diff --git a/src/or/policies.c b/src/or/policies.c index d588a80..4d9b17c 100644 --- a/src/or/policies.c +++ b/src/or/policies.c @@ -901,7 +901,6 @@ addr_policy_append_reject_addr(smartlist_t **dest, const tor_addr_t *addr) smartlist_add(*dest, add); log_debug(LD_CONFIG, "Adding a reject ExitPolicy 'reject %s:*'", fmt_addr(addr)); - } /* Is addr public for the purposes of rejection? */ @@ -1309,7 +1308,6 @@ policies_add_outbound_addresses_to_smartlist(smartlist_t *addr_list, } } - /** Parse ExitPolicy member of or_options into result * smartlist. * If or_options->IPv6Exit is false, prepend an entry that @@ -2103,7 +2101,7 @@ policy_dump_to_string(const smartlist_t *policy_list, policy_string = smartlist_join_strings(policy_string_list, "\n", 0, NULL); -done: + done: SMARTLIST_FOREACH(policy_string_list, char *, str, tor_free(str)); smartlist_free(policy_string_list); diff --git a/src/test/test_policy.c b/src/test/test_policy.c index 4cf56c8..52360f3 100644 --- a/src/test/test_policy.c +++ b/src/test/test_policy.c @@ -681,7 +681,7 @@ test_policies_reject_port_address(void *arg) addr_policy_list_free(policy); policy = NULL; -done: + done: addr_policy_list_free(policy); if (test_configured_ports) { SMARTLIST_FOREACH(test_configured_ports, @@ -826,7 +826,8 @@ test_dump_exit_policy_to_string(void *arg) } static routerinfo_t *mock_desc_routerinfo = NULL; -static const routerinfo_t *mock_router_get_my_routerinfo(void) +static const routerinfo_t * +mock_router_get_my_routerinfo(void) { return mock_desc_routerinfo; } @@ -948,7 +949,7 @@ test_policies_getinfo_helper_policies(void *arg) tt_assert(strlen(answer) == ipv4_len + ipv6_len + 1); tor_free(answer); -done: + done: tor_free(answer); UNMOCK(get_options); UNMOCK(router_get_my_routerinfo); @@ -966,7 +967,8 @@ struct testcase_t policy_tests[] = { { "getinfo_helper_policies", test_policies_getinfo_helper_policies, 0, NULL, NULL }, { "reject_exit_address", test_policies_reject_exit_address, 0, NULL, NULL }, - { "reject_interface_address", test_policies_reject_interface_address, 0, NULL, NULL }, + { "reject_interface_address", test_policies_reject_interface_address, 0, + NULL, NULL }, { "reject_port_address", test_policies_reject_port_address, 0, NULL, NULL }, END_OF_TESTCASES };

1 0

[torspec/master] Update control-spec for exit-policy/reject-private/*
by nickm＠torproject.org 20 Nov '15

20 Nov '15

commit d92f97b146643db6daf084a0b64b50cd6258ba16 Author: teor (Tim Wilson-Brown) <teor2345(a)gmail.com> Date: Mon Nov 16 23:40:16 2015 +1100 Update control-spec for exit-policy/reject-private/* --- control-spec.txt | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/control-spec.txt b/control-spec.txt index 5dc7f8d..0fddb54 100644 --- a/control-spec.txt +++ b/control-spec.txt @@ -512,6 +512,16 @@ "exit-policy/default" -- The default exit policy lines that Tor will *append* to the ExitPolicy config option. + "exit-policy/reject-private/default" -- The default exit policy lines + that Tor will *prepend* to the ExitPolicy config option when + ExitPolicyRejectPrivate is 1. + + "exit-policy/reject-private/relay" -- The relay-specific exit policy + lines that Tor will *prepend* to the ExitPolicy config option when + ExitPolicyRejectPrivate is 1. These lines are based on the public + addresses configured in the torrc and present on the relay's + interfaces. + "exit-policy/ipv4" "exit-policy/ipv6" "exit-policy/full" -- This OR's exit policy, in IPv4-only, IPv6-only, or

1 0