[tor-commits] [stem/master] Dropping redundant policy rules

Mon Jan 14 01:39:16 UTC 2013

commit f0ae1eaeec229e51ce8ce223dd1b862d769c1a0c
Author: Damian Johnson <atagar at torproject.org>
Date:   Sun Jan 13 17:14:55 2013 -0800

    Dropping redundant policy rules
    
    While working with 'reject private:*' entries I realized that
    ExitPolicyRejectPrivate makes for really long, ugly policies. In general this
    is just life - exit policies are more complicated than just the ExitPolicy
    torrc option. Hoever, in the case of 'reject *:*' we can safely boil things
    down.
---
 stem/exit_policy.py             |   25 +++++++++++++++++++++++++
 test/unit/exit_policy/policy.py |    5 +++++
 2 files changed, 30 insertions(+), 0 deletions(-)

diff --git a/stem/exit_policy.py b/stem/exit_policy.py
index b5d0573..2809e5e 100644
--- a/stem/exit_policy.py
+++ b/stem/exit_policy.py
@@ -287,16 +287,41 @@ class ExitPolicy(object):
   def _get_rules(self):
     if self._rules is None:
       rules = []
+      is_all_accept, is_all_reject = True, True
 
       for rule in self._input_rules:
         if isinstance(rule, str):
           rule = ExitPolicyRule(rule.strip())
 
+        if rule.is_accept:
+          is_all_reject = False
+        else:
+          is_all_accept = False
+
         rules.append(rule)
 
         if rule.is_address_wildcard() and rule.is_port_wildcard():
           break  # this is a catch-all, no reason to include more
 
+      # If we only have one kind of entry *and* end with a wildcard then
+      # we might as well use the simpler version. For instance...
+      #
+      #   reject *:80, reject *:443, reject *:*
+      #
+      # ... could also be represented as simply...
+      #
+      #   reject *:*
+      #
+      # This mostly comes up with reject-all policies because the
+      # 'reject private:*' appends an extra seven rules that have no
+      # effect.
+
+      if rules and (rules[-1].is_address_wildcard() and rules[-1].is_port_wildcard()):
+        if is_all_accept:
+          rules = [ExitPolicyRule("accept *:*")]
+        elif is_all_reject:
+          rules = [ExitPolicyRule("reject *:*")]
+
       self._rules = rules
       self._input_rules = None
 
diff --git a/test/unit/exit_policy/policy.py b/test/unit/exit_policy/policy.py
index af4ceba..8659b68 100644
--- a/test/unit/exit_policy/policy.py
+++ b/test/unit/exit_policy/policy.py
@@ -42,6 +42,11 @@ class TestExitPolicy(unittest.TestCase):
     policy = ExitPolicy(*"accept *:80, accept *:443, reject *:*, accept *:20-50".split(","))
     self.assertEquals(expected_policy, policy)
 
+    # checks that we compress redundant policies
+
+    policy = ExitPolicy(*"reject *:80, reject *:443, reject *:*".split(","))
+    self.assertEquals(ExitPolicy("reject *:*"), policy)
+
   def test_set_default_allowed(self):
     policy = ExitPolicy('reject *:80', 'accept *:443')
 



