[tor-bugs] #17183 [Tor]: Add exit-policy/reject-private so stem can discover ExitPolicyRejectPrivate rules

Tor Bug Tracker & Wiki blackhole at torproject.org
Mon Nov 16 12:32:02 UTC 2015 

#17183: Add exit-policy/reject-private so stem can discover ExitPolicyRejectPrivate
rules
-------------------------------------------------+-------------------------
 Reporter:  teor                                 |          Owner:
     Type:  enhancement                          |         Status:
 Priority:  Medium                               |  needs_review
Component:  Tor                                  |      Milestone:  Tor:
 Severity:  Normal                               |  0.2.8.x-final
 Keywords:  stem, 028-triaged,                   |        Version:  Tor:
  TorCoreTeam201512                              |  unspecified
Parent ID:                                       |     Resolution:
  Sponsor:                                       |  Actual Points:
                                                 |         Points:  small
-------------------------------------------------+-------------------------
Changes (by teor):

 * status:  needs_revision => needs_review


Comment:

 I think I've done what atagar wants for stem now.

 See my branch getinfo-private-exitpolicy-v2 in
 https://github.com/teor2345/tor.git

 I've updated the code based on feedback, added new GETINFO questions, and
 updated the unit tests.

 I've added:
 * exit-policy/reject-private/default - private network addresses rejected
 by default (compiled-in)
 * exit-policy/reject-private/relay - private network addresses rejected
 because they are:
   * published as addresses in the relay's descriptor
   * configured as outbound connection bind addresses
   * configured as ports (for example, ORPort, DirPort)
   * configured on the local network interfaces on the relay's OS

 Which replace:
 * exit-policy/reject-private

 The existing items are:
 * exit-policy/ipv4 - IPv4 exit policy
 * exit-policy/ipv6 - IPv4 exit policy
 * exit-policy/full - IPv4 and IPv6 exit policies
 * exit-policy/default - default exit policy (compiled-in)

 I can easily split exit-policy/reject-private/default and exit-policy
 /reject-private/relay into ipv4, ipv6, and full if needed. I could also
 combine them into exit-policy/reject-private ipv4, ipv6, and full, which
 would be a little more difficult. (This depends on exactly what atagar
 wants for stem.)

 I've also tested these over stem's tor-prompt. (They block a temporary
 relay's autodiscovered IP address, which is exactly what I want to
 happen.)

 I'll do the control-spec changes tomorrow.

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/17183#comment:8>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online

More information about the tor-bugs mailing list