[tor-commits] [tor/master] Add an ExitRelay option to override ExitPolicy
nickm at torproject.org
nickm at torproject.org
Tue Jan 6 20:16:39 UTC 2015
commit 35efce1f3f517871aaa19d60976a9abb3a67bede
Author: Nick Mathewson <nickm at torproject.org>
Date: Thu Nov 13 10:48:15 2014 -0500
Add an ExitRelay option to override ExitPolicy
If we're not a relay, we ignore it.
If it's set to 1, we obey ExitPolicy.
If it's set to 0, we force ExitPolicy to 'reject *:*'
And if it's set to auto, then we warn the user if they're running an
exit, and tell them how they can stop running an exit if they didn't
mean to do that.
Fixes ticket 10067
---
doc/tor.1.txt | 13 +++++++++++++
src/or/config.c | 3 ++-
src/or/or.h | 7 +++++++
src/or/policies.c | 36 ++++++++++++++++++++++++++++++++++++
4 files changed, 58 insertions(+), 1 deletion(-)
diff --git a/doc/tor.1.txt b/doc/tor.1.txt
index eb406e7..1aa0314 100644
--- a/doc/tor.1.txt
+++ b/doc/tor.1.txt
@@ -1479,6 +1479,19 @@ is non-zero):
that it's an email address and/or generate a new address for this
purpose.
+[[ExitRelay]] **ExitRelay** **0**|**1**|**auto**::
+ Tells Tor whether to run as an exit relay. If Tor is running as a
+ non-bridge server, and ExitRelay is set to 1, then Tor allows traffic to
+ exit according to the ExitPolicy option (or the default ExitPolicy if
+ none is specified).
+ +
+ If ExitRelay is set to 0, no traffic is allowed to
+ exit, and the ExitPolicy option is ignored. +
+ +
+ If ExitRelay is set to "auto", then Tor behaves as if it were set to 1, but
+ warns the user if this would cause traffic to exit. In a future version,
+ the default value will be 0. (Default: auto)
+
[[ExitPolicy]] **ExitPolicy** __policy__,__policy__,__...__::
Set an exit policy for this server. Each policy is of the form
"**accept**|**reject** __ADDR__[/__MASK__][:__PORT__]". If /__MASK__ is
diff --git a/src/or/config.c b/src/or/config.c
index 4b8c683..fd60d13 100644
--- a/src/or/config.c
+++ b/src/or/config.c
@@ -63,7 +63,6 @@ static config_abbrev_t option_abbrevs_[] = {
PLURAL(AuthDirBadExitCC),
PLURAL(AuthDirInvalidCC),
PLURAL(AuthDirRejectCC),
- PLURAL(ExitNode),
PLURAL(EntryNode),
PLURAL(ExcludeNode),
PLURAL(FirewallPort),
@@ -227,6 +226,7 @@ static config_var_t option_vars_[] = {
V(ExitPolicyRejectPrivate, BOOL, "1"),
V(ExitPortStatistics, BOOL, "0"),
V(ExtendAllowPrivateAddresses, BOOL, "0"),
+ V(ExitRelay, AUTOBOOL, "auto"),
VPORT(ExtORPort, LINELIST, NULL),
V(ExtORPortCookieAuthFile, STRING, NULL),
V(ExtORPortCookieAuthFileGroupReadable, BOOL, "0"),
@@ -3797,6 +3797,7 @@ options_transition_affects_descriptor(const or_options_t *old_options,
!opt_streq(old_options->Nickname,new_options->Nickname) ||
!opt_streq(old_options->Address,new_options->Address) ||
!config_lines_eq(old_options->ExitPolicy,new_options->ExitPolicy) ||
+ old_options->ExitRelay != new_options->ExitRelay ||
old_options->ExitPolicyRejectPrivate !=
new_options->ExitPolicyRejectPrivate ||
old_options->IPv6Exit != new_options->IPv6Exit ||
diff --git a/src/or/or.h b/src/or/or.h
index 5ebe7bf..dadf556 100644
--- a/src/or/or.h
+++ b/src/or/or.h
@@ -4232,6 +4232,13 @@ typedef struct {
/** Should we send the timestamps that pre-023 hidden services want? */
int Support022HiddenServices;
+ /** Is this an exit node? This is a tristate, where "1" means "yes, and use
+ * the default exit policy if none is given" and "0" means "no; exit policy
+ * is 'reject *'" and "auto" (-1) means "same as 1, but warn the user."
+ *
+ * XXXX Eventually, the default will be 0. */
+ int ExitRelay;
+
} or_options_t;
/** Persistent state for an onion router, as saved to disk. */
diff --git a/src/or/policies.c b/src/or/policies.c
index d10bebd..dc1a8a3 100644
--- a/src/or/policies.c
+++ b/src/or/policies.c
@@ -434,6 +434,33 @@ validate_addr_policies(const or_options_t *options, char **msg)
REJECT("Error in ExitPolicy entry.");
}
+ static int warned_about_exitrelay = 0;
+
+ const int exitrelay_setting_is_auto = options->ExitRelay == -1;
+ const int policy_accepts_something =
+ ! (policy_is_reject_star(addr_policy, AF_INET) &&
+ policy_is_reject_star(addr_policy, AF_INET6));
+
+ if (server_mode(options) &&
+ ! warned_about_exitrelay &&
+ exitrelay_setting_is_auto &&
+ policy_accepts_something) {
+ /* Policy accepts something */
+ warned_about_exitrelay = 1;
+ log_warn(LD_CONFIG,
+ "Tor is running as an exit relay%s. If you did not want this "
+ "behavior, please set the ExitRelay option to 0. If you do "
+ "want to run an exit Relay, please set the ExitRelay option "
+ "to 1 to disable this warning, and for forward compatibility.",
+ options->ExitPolicy == NULL ?
+ " with the default exit policy" : "");
+ if (options->ExitPolicy == NULL) {
+ log_warn(LD_CONFIG,
+ "In a future version of Tor, ExitRelay 0 may become the "
+ "default when no ExitPolicy is given.");
+ }
+ }
+
/* The rest of these calls *append* to addr_policy. So don't actually
* use the results for anything other than checking if they parse! */
if (parse_addr_policy(options->DirPolicy, &addr_policy, -1))
@@ -1022,6 +1049,9 @@ policies_parse_exit_policy(config_line_t *cfg, smartlist_t **dest,
*
* If <b>or_options->BridgeRelay</b> is false, add entries of default
* Tor exit policy into <b>result</b> smartlist.
+ *
+ * If or_options->ExitRelay is false, then make our exit policy into
+ * "reject *:*" regardless.
*/
int
policies_parse_exit_policy_from_options(const or_options_t *or_options,
@@ -1030,6 +1060,12 @@ policies_parse_exit_policy_from_options(const or_options_t *or_options,
{
exit_policy_parser_cfg_t parser_cfg = 0;
+ if (or_options->ExitRelay == 0) {
+ append_exit_policy_string(result, "reject *4:*");
+ append_exit_policy_string(result, "reject *6:*");
+ return 0;
+ }
+
if (or_options->IPv6Exit) {
parser_cfg |= EXIT_POLICY_IPV6_ENABLED;
}
More information about the tor-commits
mailing list