[tor-commits] [tor/master] Merge remote branch 'origin/maint-0.2.2'

nickm at torproject.org nickm at torproject.org
Sun Mar 6 18:43:33 UTC 2011


commit 07b8b439c4bee7545a26a61160b2860b18b88185
Merge: c6d8e75 ed14888
Author: Nick Mathewson <nickm at torproject.org>
Date:   Sun Mar 6 13:23:02 2011 -0500

    Merge remote branch 'origin/maint-0.2.2'

 changes/ipv6_crash   |    3 +++
 src/or/policies.c    |    2 ++
 src/or/routerparse.c |    2 --
 3 files changed, 5 insertions(+), 2 deletions(-)

diff --combined src/or/policies.c
index 2cf9982,e48f420..6738b48
--- a/src/or/policies.c
+++ b/src/or/policies.c
@@@ -11,7 -11,6 +11,7 @@@
  #include "or.h"
  #include "config.h"
  #include "dirserv.h"
 +#include "nodelist.h"
  #include "policies.h"
  #include "routerparse.h"
  #include "ht.h"
@@@ -262,7 -261,7 +262,7 @@@ fascist_firewall_allows_address_or(cons
  /** Return true iff we think our firewall will let us make an OR connection to
   * <b>ri</b>. */
  int
 -fascist_firewall_allows_or(routerinfo_t *ri)
 +fascist_firewall_allows_or(const routerinfo_t *ri)
  {
    /* XXXX proposal 118 */
    tor_addr_t addr;
@@@ -270,22 -269,6 +270,22 @@@
    return fascist_firewall_allows_address_or(&addr, ri->or_port);
  }
  
 +/** Return true iff we think our firewall will let us make an OR connection to
 + * <b>node</b>. */
 +int
 +fascist_firewall_allows_node(const node_t *node)
 +{
 +  if (node->ri) {
 +    return fascist_firewall_allows_or(node->ri);
 +  } else if (node->rs) {
 +    tor_addr_t addr;
 +    tor_addr_from_ipv4h(&addr, node->rs->addr);
 +    return fascist_firewall_allows_address_or(&addr, node->rs->or_port);
 +  } else {
 +    return 1;
 +  }
 +}
 +
  /** Return true iff we think our firewall will let us make a directory
   * connection to addr:port. */
  int
@@@ -883,11 -866,15 +883,11 @@@ policies_exit_policy_append_reject_star
    append_exit_policy_string(dest, "reject *:*");
  }
  
 -/** Replace the exit policy of <b>r</b> with reject *:*. */
 +/** Replace the exit policy of <b>node</b> with reject *:* */
  void
 -policies_set_router_exitpolicy_to_reject_all(routerinfo_t *r)
 +policies_set_node_exitpolicy_to_reject_all(node_t *node)
  {
 -  addr_policy_t *item;
 -  addr_policy_list_free(r->exit_policy);
 -  r->exit_policy = smartlist_create();
 -  item = router_parse_addr_policy_item_from_string("reject *:*", -1);
 -  smartlist_add(r->exit_policy, item);
 +  node->rejects_all = 1;
  }
  
  /** Return 1 if there is at least one /8 subnet in <b>policy</b> that
@@@ -901,6 -888,8 +901,8 @@@ exit_policy_is_general_exit_helper(smar
  
    memset(subnet_status, 0, sizeof(subnet_status));
    SMARTLIST_FOREACH(policy, addr_policy_t *, p, {
+     if (tor_addr_family(&p->addr) != AF_INET)
+       continue; /* IPv4 only for now */
      if (p->prt_min > port || p->prt_max < port)
        continue; /* Doesn't cover our port. */
      mask = 0;
@@@ -1096,7 -1085,7 +1098,7 @@@ policy_summary_split(smartlist_t *summa
    int start_at_index;
  
    int i = 0;
 -  /* XXXX Do a binary search if run time matters */
 +
    while (AT(i)->prt_max < prt_min)
      i++;
    if (AT(i)->prt_min != prt_min) {
@@@ -1309,195 -1298,6 +1311,195 @@@ policy_summarize(smartlist_t *policy
    return result;
  }
  
 +/** Convert a summarized policy string into a short_policy_t.  Return NULL
 + * if the string is not well-formed. */
 +short_policy_t *
 +parse_short_policy(const char *summary)
 +{
 +  const char *orig_summary = summary;
 +  short_policy_t *result;
 +  int is_accept;
 +  int n_entries;
 +  short_policy_entry_t entries[MAX_EXITPOLICY_SUMMARY_LEN]; /* overkill */
 +  const char *next;
 +
 +  if (!strcmpstart(summary, "accept ")) {
 +    is_accept = 1;
 +    summary += strlen("accept ");
 +  } else if (!strcmpstart(summary, "reject ")) {
 +    is_accept = 0;
 +    summary += strlen("reject ");
 +  } else {
 +    log_fn(LOG_PROTOCOL_WARN, LD_DIR, "Unrecognized policy summary keyword");
 +    return NULL;
 +  }
 +
 +  n_entries = 0;
 +  for ( ; *summary; summary = next) {
 +    const char *comma = strchr(summary, ',');
 +    unsigned low, high;
 +    char dummy;
 +    char ent_buf[32];
 +
 +    next = comma ? comma+1 : strchr(summary, '\0');
 +
 +    if (n_entries == MAX_EXITPOLICY_SUMMARY_LEN) {
 +      log_fn(LOG_PROTOCOL_WARN, LD_DIR, "Impossibly long policy summary %s",
 +             escaped(orig_summary));
 +      return NULL;
 +    }
 +
 +    if (! TOR_ISDIGIT(*summary) || next-summary > (int)(sizeof(ent_buf)-1)) {
 +      /* unrecognized entry format. skip it. */
 +      continue;
 +    }
 +    if (next-summary < 2) {
 +      /* empty; skip it. */
 +      continue;
 +    }
 +
 +    memcpy(ent_buf, summary, next-summary-1);
 +    ent_buf[next-summary-1] = '\0';
 +
 +    if (tor_sscanf(ent_buf, "%u-%u%c", &low, &high, &dummy) == 2) {
 +      if (low<1 || low>65535 || high<1 || high>65535) {
 +        log_fn(LOG_PROTOCOL_WARN, LD_DIR,
 +               "Found bad entry in policy summary %s", escaped(orig_summary));
 +        return NULL;
 +      }
 +    } else if (tor_sscanf(ent_buf, "%u%c", &low, &dummy) == 1) {
 +      if (low<1 || low>65535) {
 +        log_fn(LOG_PROTOCOL_WARN, LD_DIR,
 +               "Found bad entry in policy summary %s", escaped(orig_summary));
 +        return NULL;
 +      }
 +      high = low;
 +    } else {
 +      log_fn(LOG_PROTOCOL_WARN, LD_DIR,"Found bad entry in policy summary %s",
 +             escaped(orig_summary));
 +      return NULL;
 +    }
 +
 +    entries[n_entries].min_port = low;
 +    entries[n_entries].max_port = high;
 +    n_entries++;
 +  }
 +
 +  if (n_entries == 0) {
 +    log_fn(LOG_PROTOCOL_WARN, LD_DIR,
 +           "Found no port-range entries in summary %s", escaped(orig_summary));
 +    return NULL;
 +  }
 +
 +  {
 +    size_t size = STRUCT_OFFSET(short_policy_t, entries) +
 +      sizeof(short_policy_entry_t)*(n_entries);
 +    result = tor_malloc_zero(size);
 +
 +    tor_assert( (char*)&result->entries[n_entries-1] < ((char*)result)+size);
 +  }
 +
 +  result->is_accept = is_accept;
 +  result->n_entries = n_entries;
 +  memcpy(result->entries, entries, sizeof(short_policy_entry_t)*n_entries);
 +  return result;
 +}
 +
 +/** Release all storage held in <b>policy</b>. */
 +void
 +short_policy_free(short_policy_t *policy)
 +{
 +  tor_free(policy);
 +}
 +
 +/** See whether the <b>addr</b>:<b>port</b> address is likely to be accepted
 + * or rejected by the summarized policy <b>policy</b>.  Return values are as
 + * for compare_tor_addr_to_addr_policy.  Unlike the regular addr_policy
 + * functions, requires the <b>port</b> be specified. */
 +addr_policy_result_t
 +compare_tor_addr_to_short_policy(const tor_addr_t *addr, uint16_t port,
 +                                 const short_policy_t *policy)
 +{
 +  int i;
 +  int found_match = 0;
 +  int accept;
 +  (void)addr;
 +
 +  tor_assert(port != 0);
 +
 +  if (addr && (tor_addr_is_internal(addr, 0) ||
 +               tor_addr_is_null(addr) ||
 +               tor_addr_is_loopback(addr)))
 +    return ADDR_POLICY_REJECTED;
 +
 +  for (i=0; i < policy->n_entries; ++i) {
 +    const short_policy_entry_t *e = &policy->entries[i];
 +    if (e->min_port <= port && port <= e->max_port) {
 +      found_match = 1;
 +      break;
 +    }
 +  }
 +
 +  if (found_match)
 +    accept = policy->is_accept;
 +  else
 +    accept = ! policy->is_accept;
 +
 +  /* ???? are these right? */
 +  if (accept)
 +    return ADDR_POLICY_PROBABLY_ACCEPTED;
 +  else
 +    return ADDR_POLICY_REJECTED;
 +}
 +
 +/** Return true iff <b>policy</b> seems reject all ports */
 +int
 +short_policy_is_reject_star(const short_policy_t *policy)
 +{
 +  /* This doesn't need to be as much on the lookout as policy_is_reject_star,
 +   * since policy summaries are from the consensus or from consensus
 +   * microdescs.
 +   */
 +  tor_assert(policy);
 +  /* Check for an exact match of "reject 1-65535". */
 +  return (policy->is_accept == 0 && policy->n_entries == 1 &&
 +          policy->entries[0].min_port == 1 &&
 +          policy->entries[0].max_port == 65535);
 +}
 +
 +/** Decides whether addr:port is probably or definitely accepted or rejcted by
 + * <b>node</b>.  See compare_tor_addr_to_addr_policy for details on addr/port
 + * interpretation. */
 +addr_policy_result_t
 +compare_addr_to_node_policy(uint32_t addr, uint16_t port, const node_t *node)
 +{
 +  tor_addr_t a;
 +  tor_addr_from_ipv4h(&a, addr);
 +  return compare_tor_addr_to_node_policy(&a, port, node);
 +}
 +
 +/** Decides whether addr:port is probably or definitely accepted or rejcted by
 + * <b>node</b>.  See compare_tor_addr_to_addr_policy for details on addr/port
 + * interpretation. */
 +addr_policy_result_t
 +compare_tor_addr_to_node_policy(const tor_addr_t *addr, uint16_t port,
 +                                const node_t *node)
 +{
 +  if (node->rejects_all)
 +    return ADDR_POLICY_REJECTED;
 +
 +  if (node->ri)
 +    return compare_tor_addr_to_addr_policy(addr, port, node->ri->exit_policy);
 +  else if (node->md && node->md) {
 +    if (node->md->exit_policy == NULL)
 +      return ADDR_POLICY_REJECTED;
 +    else
 +      return compare_tor_addr_to_short_policy(addr, port,
 +                                              node->md->exit_policy);
 +  } else
 +    return ADDR_POLICY_PROBABLY_REJECTED;
 +}
 +
  /** Implementation for GETINFO control command: knows the answer for questions
   * about "exit-policy/..." */
  int
diff --combined src/or/routerparse.c
index d41b91d,e034c6c..c20834a
--- a/src/or/routerparse.c
+++ b/src/or/routerparse.c
@@@ -70,6 -70,7 +70,6 @@@ typedef enum 
    K_V,
    K_W,
    K_M,
 -  K_EVENTDNS,
    K_EXTRA_INFO,
    K_EXTRA_INFO_DIGEST,
    K_CACHES_EXTRA_INFO,
@@@ -266,8 -267,6 +266,6 @@@ typedef struct token_rule_t 
  static token_rule_t routerdesc_token_table[] = {
    T0N("reject",              K_REJECT,              ARGS,    NO_OBJ ),
    T0N("accept",              K_ACCEPT,              ARGS,    NO_OBJ ),
-   T0N("reject6",             K_REJECT6,             ARGS,    NO_OBJ ),
-   T0N("accept6",             K_ACCEPT6,             ARGS,    NO_OBJ ),
    T1_START( "router",        K_ROUTER,              GE(5),   NO_OBJ ),
    T1( "signing-key",         K_SIGNING_KEY,         NO_ARGS, NEED_KEY_1024 ),
    T1( "onion-key",           K_ONION_KEY,           NO_ARGS, NEED_KEY_1024 ),
@@@ -286,6 -285,7 +284,6 @@@
  
    T01("family",              K_FAMILY,              ARGS,    NO_OBJ ),
    T01("caches-extra-info",   K_CACHES_EXTRA_INFO,   NO_ARGS, NO_OBJ ),
 -  T01("eventdns",            K_EVENTDNS,            ARGS,    NO_OBJ ),
  
    T0N("opt",                 K_OPT,             CONCAT_ARGS, OBJ_OK ),
    T1( "bandwidth",           K_BANDWIDTH,           GE(3),   NO_OBJ ),
@@@ -1355,6 -1355,7 +1353,6 @@@ router_parse_entry_from_string(const ch
    tor_assert(tok->n_args >= 5);
  
    router = tor_malloc_zero(sizeof(routerinfo_t));
 -  router->country = -1;
    router->cache_info.routerlist_index = -1;
    router->cache_info.annotations_len = s-start_of_annotations + prepend_len;
    router->cache_info.signed_descriptor_len = end-s;
@@@ -1495,6 -1496,13 +1493,6 @@@
      router->contact_info = tor_strdup(tok->args[0]);
    }
  
 -  if ((tok = find_opt_by_keyword(tokens, K_EVENTDNS))) {
 -    router->has_old_dnsworkers = tok->n_args && !strcmp(tok->args[0], "0");
 -  } else if (router->platform) {
 -    if (! tor_version_as_new_as(router->platform, "0.1.2.2-alpha"))
 -      router->has_old_dnsworkers = 1;
 -  }
 -
    exit_policy_tokens = find_all_exitpolicy(tokens);
    if (!smartlist_len(exit_policy_tokens)) {
      log_warn(LD_DIR, "No exit policy tokens in descriptor.");
@@@ -1553,6 -1561,8 +1551,6 @@@
                              "router descriptor") < 0)
      goto err;
  
 -  routerinfo_set_country(router);
 -
    if (!router->or_port) {
      log_warn(LD_DIR,"or_port unreadable or 0. Failing.");
      goto err;
@@@ -1952,7 -1962,6 +1950,7 @@@ routerstatus_parse_entry_from_string(me
  
    if (!consensus_method)
      flav = FLAV_NS;
 +  tor_assert(flav == FLAV_NS || flav == FLAV_MICRODESC);
  
    eos = find_start_of_next_routerstatus(*s);
  
@@@ -1965,16 -1974,15 +1963,16 @@@
      goto err;
    }
    tok = find_by_keyword(tokens, K_R);
 -  tor_assert(tok->n_args >= 7);
 +  tor_assert(tok->n_args >= 7); /* guaranteed by GE(7) in K_R setup */
    if (flav == FLAV_NS) {
      if (tok->n_args < 8) {
        log_warn(LD_DIR, "Too few arguments to r");
        goto err;
      }
 -  } else {
 -    offset = -1;
 +  } else if (flav == FLAV_MICRODESC) {
 +    offset = -1; /* There is no identity digest */
    }
 +
    if (vote_rs) {
      rs = &vote_rs->status;
    } else {
@@@ -2048,7 -2056,7 +2046,7 @@@
        else if (!strcmp(tok->args[i], "Fast"))
          rs->is_fast = 1;
        else if (!strcmp(tok->args[i], "Running"))
 -        rs->is_running = 1;
 +        rs->is_flagged_running = 1;
        else if (!strcmp(tok->args[i], "Named"))
          rs->is_named = 1;
        else if (!strcmp(tok->args[i], "Valid"))
@@@ -2150,16 -2158,6 +2148,16 @@@
          vote_rs->microdesc = line;
        }
      } SMARTLIST_FOREACH_END(t);
 +  } else if (flav == FLAV_MICRODESC) {
 +    tok = find_opt_by_keyword(tokens, K_M);
 +    if (tok) {
 +      tor_assert(tok->n_args);
 +      if (digest256_from_base64(rs->descriptor_digest, tok->args[0])) {
 +        log_warn(LD_DIR, "Error decoding microdescriptor digest %s",
 +                 escaped(tok->args[0]));
 +        goto err;
 +      }
 +    }
    }
  
    if (!strcasecmp(rs->nickname, UNNAMED_ROUTER_NICKNAME))
@@@ -4341,7 -4339,7 +4339,7 @@@ microdescs_parse_from_string(const cha
      }
  
      if ((tok = find_opt_by_keyword(tokens, K_P))) {
 -      md->exitsummary = tor_strdup(tok->args[0]);
 +      md->exit_policy = parse_short_policy(tok->args[0]);
      }
  
      crypto_digest256(md->digest, md->body, md->bodylen, DIGEST_SHA256);



More information about the tor-commits mailing list