commit f0ae1eaeec229e51ce8ce223dd1b862d769c1a0c Author: Damian Johnson atagar@torproject.org Date: Sun Jan 13 17:14:55 2013 -0800

Dropping redundant policy rules

While working with 'reject private:*' entries I realized that ExitPolicyRejectPrivate makes for really long, ugly policies. In general this is just life - exit policies are more complicated than just the ExitPolicy torrc option. Hoever, in the case of 'reject *:*' we can safely boil things down. --- stem/exit_policy.py | 25 +++++++++++++++++++++++++ test/unit/exit_policy/policy.py | 5 +++++ 2 files changed, 30 insertions(+), 0 deletions(-)

diff --git a/stem/exit_policy.py b/stem/exit_policy.py index b5d0573..2809e5e 100644 --- a/stem/exit_policy.py +++ b/stem/exit_policy.py @@ -287,16 +287,41 @@ class ExitPolicy(object): def _get_rules(self): if self._rules is None: rules = [] + is_all_accept, is_all_reject = True, True

for rule in self._input_rules: if isinstance(rule, str): rule = ExitPolicyRule(rule.strip())

+ if rule.is_accept: + is_all_reject = False + else: + is_all_accept = False + rules.append(rule)

if rule.is_address_wildcard() and rule.is_port_wildcard(): break # this is a catch-all, no reason to include more

+ # If we only have one kind of entry *and* end with a wildcard then + # we might as well use the simpler version. For instance... + # + # reject *:80, reject *:443, reject *:* + # + # ... could also be represented as simply... + # + # reject *:* + # + # This mostly comes up with reject-all policies because the + # 'reject private:*' appends an extra seven rules that have no + # effect. + + if rules and (rules[-1].is_address_wildcard() and rules[-1].is_port_wildcard()): + if is_all_accept: + rules = [ExitPolicyRule("accept *:*")] + elif is_all_reject: + rules = [ExitPolicyRule("reject *:*")] + self._rules = rules self._input_rules = None

diff --git a/test/unit/exit_policy/policy.py b/test/unit/exit_policy/policy.py index af4ceba..8659b68 100644 --- a/test/unit/exit_policy/policy.py +++ b/test/unit/exit_policy/policy.py @@ -42,6 +42,11 @@ class TestExitPolicy(unittest.TestCase): policy = ExitPolicy(*"accept *:80, accept *:443, reject *:*, accept *:20-50".split(",")) self.assertEquals(expected_policy, policy)

+ # checks that we compress redundant policies + + policy = ExitPolicy(*"reject *:80, reject *:443, reject *:*".split(",")) + self.assertEquals(ExitPolicy("reject *:*"), policy) + def test_set_default_allowed(self): policy = ExitPolicy('reject *:80', 'accept *:443')