commit 7fceffac0f988670f4fd6b5eb061b2ebeee9e560 Author: Damian Johnson <atagar@torproject.org> Date: Sat Mar 5 12:06:25 2016 -0800 Normalize accept6/reject6 into normal exit policy rules On reflection accept6/reject6 is just syntatic sugar (and pretty worthless syntatic sugar at that). Normalizing these rules into normal exit policies. --- docs/change_log.rst | 3 +-- stem/exit_policy.py | 28 ++++++++-------------------- test/unit/exit_policy/rule.py | 18 ++++++++++-------- 3 files changed, 19 insertions(+), 30 deletions(-) diff --git a/docs/change_log.rst b/docs/change_log.rst index b01602a..4f688aa 100644 --- a/docs/change_log.rst +++ b/docs/change_log.rst @@ -47,8 +47,7 @@ The following are only available within Stem's `git repository * Dramatic, `300x performance improvement <https://github.com/DonnchaC/stem/pull/1>`_ for reading from the control port with python 3 * Added `stem.manual <api/manual.html>`_, which provides information available about Tor from `its manual <https://www.torproject.org/docs/tor-manual.html.en>`_ (:trac:`8251`) * :func:`~stem.connection.connect` and :func:`~stem.control.Controller.from_port` now connect to both port 9051 (relay's default) and 9151 (Tor Browser's default) (:trac:`16075`) - * :class:`~stem.exit_policy.ExitPolicy` support for *accept6* and *reject6* rules (:trac:`16103`) - * :class:`~stem.exit_policy.ExitPolicy` support for *\*4* and *\*6* wildcards (:trac:`16103`) + * :class:`~stem.exit_policy.ExitPolicy` support for *accept6/reject6* and *\*4/6* wildcards (:trac:`16053`) * Added `support for NETWORK_LIVENESS events <api/response.html#stem.response.events.NetworkLivenessEvent>`_ (:spec:`44aac63`) * Added :func:`~stem.control.Controller.is_set` to the :class:`~stem.control.Controller` * Added :func:`~stem.control.Controller.is_user_traffic_allowed` to the :class:`~stem.control.Controller` diff --git a/stem/exit_policy.py b/stem/exit_policy.py index f71a638..003107e 100644 --- a/stem/exit_policy.py +++ b/stem/exit_policy.py @@ -627,14 +627,9 @@ class ExitPolicyRule(object): This should be treated as an immutable object. .. versionchanged:: 1.5.0 - Support for 'accept6/reject6' entries and our **is_ipv6_only** attribute. - - .. versionchanged:: 1.5.0 - Support for '\*4' and '\*6' wildcards. + Support for 'accept6/reject6' entries and '\*4/6' wildcards. :var bool is_accept: indicates if exiting is allowed or disallowed - :var bool is_ipv6_only: indicates if this is an accept6 or reject6 rule, only - matching ipv6 addresses :var str address: address that this rule is for @@ -651,7 +646,7 @@ class ExitPolicyRule(object): # exitpattern ::= addrspec ":" portspec self.is_accept = rule.startswith('accept') - self.is_ipv6_only = rule.startswith('accept6') or rule.startswith('reject6') + is_ipv6_only = rule.startswith('accept6') or rule.startswith('reject6') if rule.startswith('accept6') or rule.startswith('reject6'): exitpattern = rule[7:] @@ -689,7 +684,7 @@ class ExitPolicyRule(object): self._skip_rule = False addrspec, portspec = exitpattern.rsplit(':', 1) - self._apply_addrspec(rule, addrspec) + self._apply_addrspec(rule, addrspec, is_ipv6_only) self._apply_portspec(rule, portspec) # Flags to indicate if this rule seems to be expanded from the 'private' @@ -741,9 +736,6 @@ class ExitPolicyRule(object): # validate our input and check if the argument doesn't match our address type if address is not None: - if self.is_ipv6_only and stem.util.connection.is_valid_ipv4_address(address): - return False # accept6/reject6 don't match ipv4 - address_type = self.get_address_type() if stem.util.connection.is_valid_ipv4_address(address): @@ -874,10 +866,7 @@ class ExitPolicyRule(object): to re-create this rule. """ - if self.is_ipv6_only: - label = 'accept6 ' if self.is_accept else 'reject6 ' - else: - label = 'accept ' if self.is_accept else 'reject ' + label = 'accept ' if self.is_accept else 'reject ' if self.is_address_wildcard(): label += '*:' @@ -915,7 +904,7 @@ class ExitPolicyRule(object): if self._hash is None: my_hash = 0 - for attr in ('is_accept', 'is_ipv6_only', 'address', 'min_port', 'max_port'): + for attr in ('is_accept', 'address', 'min_port', 'max_port'): my_hash *= 1024 attr_value = getattr(self, attr) @@ -942,7 +931,7 @@ class ExitPolicyRule(object): return int(stem.util.connection._get_address_binary(self.address), 2) & self._get_mask_bin() - def _apply_addrspec(self, rule, addrspec): + def _apply_addrspec(self, rule, addrspec, is_ipv6_only): # Parses the addrspec... # addrspec ::= "*" | ip4spec | ip6spec @@ -951,7 +940,7 @@ class ExitPolicyRule(object): if addrspec == '*4': addrspec = '0.0.0.0/0' - elif addrspec == '*6': + elif addrspec == '*6' or (addrspec == '*' and is_ipv6_only): addrspec = '[0000:0000:0000:0000:0000:0000:0000:0000]/0' if '/' in addrspec: @@ -968,7 +957,7 @@ class ExitPolicyRule(object): # ip4mask ::= an IPv4 mask in dotted-quad format # num_ip4_bits ::= an integer between 0 and 32 - if self.is_ipv6_only: + if is_ipv6_only: self._skip_rule = True self._address_type = _address_type_to_int(AddressType.IPv4) @@ -1074,7 +1063,6 @@ class MicroExitPolicyRule(ExitPolicyRule): def __init__(self, is_accept, min_port, max_port): self.is_accept = is_accept - self.is_ipv6_only = False self.address = None # wildcard address self.min_port = min_port self.max_port = max_port diff --git a/test/unit/exit_policy/rule.py b/test/unit/exit_policy/rule.py index 59dc5d2..908e72b 100644 --- a/test/unit/exit_policy/rule.py +++ b/test/unit/exit_policy/rule.py @@ -42,8 +42,6 @@ class TestExitPolicyRule(unittest.TestCase): test_inputs = ( 'accept *:*', 'reject *:*', - 'accept6 *:*', - 'reject6 *:*', 'accept *:80', 'accept *:80-443', @@ -66,10 +64,15 @@ class TestExitPolicyRule(unittest.TestCase): 'accept [::]/32:*': 'accept [0000:0000:0000:0000:0000:0000:0000:0000]/32:*', 'accept [::]/128:*': 'accept [0000:0000:0000:0000:0000:0000:0000:0000]:*', + 'accept6 *:*': 'accept [0000:0000:0000:0000:0000:0000:0000:0000]/0:*', + 'reject6 *:*': 'reject [0000:0000:0000:0000:0000:0000:0000:0000]/0:*', + 'accept6 [FFFF:FFFF:FFFF:FFFF:FFFF:FFFF:FFFF:FFFF]:*': 'accept [FFFF:FFFF:FFFF:FFFF:FFFF:FFFF:FFFF:FFFF]:*', + 'reject6 [FFFF:FFFF:FFFF:FFFF:FFFF:FFFF:FFFF:FFFF]:*': 'reject [FFFF:FFFF:FFFF:FFFF:FFFF:FFFF:FFFF:FFFF]:*', + 'accept *4:*': 'accept 0.0.0.0/0:*', 'accept *6:*': 'accept [0000:0000:0000:0000:0000:0000:0000:0000]/0:*', - 'accept6 *4:*': 'accept6 0.0.0.0/0:*', - 'accept6 *6:*': 'accept6 [0000:0000:0000:0000:0000:0000:0000:0000]/0:*', + 'accept6 *4:*': 'accept 0.0.0.0/0:*', + 'accept6 *6:*': 'accept [0000:0000:0000:0000:0000:0000:0000:0000]/0:*', } for rule_arg, expected_str in test_inputs.items(): @@ -96,8 +99,8 @@ class TestExitPolicyRule(unittest.TestCase): 'reject [0000:0000:0000:0000:0000:0000:0000:0000]/64:80': (False, False), 'reject [0000:0000:0000:0000:0000:0000:0000:0000]/128:80': (False, False), - 'reject6 *:*': (True, True), - 'reject6 *:80': (True, False), + 'reject6 *:*': (False, True), + 'reject6 *:80': (False, False), 'reject6 [0000:0000:0000:0000:0000:0000:0000:0000]/128:80': (False, False), 'accept 192.168.0.1:0-65535': (False, True), @@ -110,7 +113,7 @@ class TestExitPolicyRule(unittest.TestCase): is_address_wildcard, is_port_wildcard = attr rule = ExitPolicyRule(rule_arg) - self.assertEqual(is_address_wildcard, rule.is_address_wildcard()) + self.assertEqual(is_address_wildcard, rule.is_address_wildcard(), '%s (wildcard expected %s and actually %s)' % (rule_arg, is_address_wildcard, rule.is_address_wildcard())) self.assertEqual(is_port_wildcard, rule.is_port_wildcard()) # check that when appropriate a /0 is reported as *not* being a wildcard @@ -393,6 +396,5 @@ class TestExitPolicyRule(unittest.TestCase): # wildcards match all ipv6 but *not* ipv4 rule = ExitPolicyRule('accept6 *:*') - self.assertTrue(rule.is_ipv6_only) self.assertTrue(rule.is_match('FE80:0000:0000:0000:0202:B3FF:FE1E:8329', 443)) self.assertFalse(rule.is_match('192.168.0.1', 443))