[tor-commits] [tor/master] If ExitRelay is not specified, emulate the behavior of "ExitRelay 0"
nickm at torproject.org
nickm at torproject.org
Fri Sep 14 13:33:04 UTC 2018
commit eb2b130ad9636a9e8c7fc6dd04f6283dcee6c9d5
Author: Neel Chauhan <neel at neelc.org>
Date: Mon Aug 20 20:25:23 2018 -0400
If ExitRelay is not specified, emulate the behavior of "ExitRelay 0"
---
changes/bug21530 | 7 +++++++
src/core/or/policies.c | 37 ++++++-------------------------------
2 files changed, 13 insertions(+), 31 deletions(-)
diff --git a/changes/bug21530 b/changes/bug21530
new file mode 100644
index 000000000..93a54907c
--- /dev/null
+++ b/changes/bug21530
@@ -0,0 +1,7 @@
+ o Minor bugfixes (relay):
+ - If we are a relay where ExitRelay is auto and we have not specified
+ an exit policy, whether through ExitPolicy lines or ReducedExitPolicy,
+ emulate the behavior of ExitRelay as 0. Previously, we allowed exit
+ traffic if ExitRelay is auto and logged a warning message. Fixes bug
+ 21530; bugfix on 0.3.5.1-alpha. Patch by Neel Chauhan.
+
diff --git a/src/core/or/policies.c b/src/core/or/policies.c
index e01415f95..5413ad0eb 100644
--- a/src/core/or/policies.c
+++ b/src/core/or/policies.c
@@ -1155,33 +1155,6 @@ validate_addr_policies(const or_options_t *options, char **msg)
REJECT("Error in ExitPolicy entry.");
}
- static int warned_about_exitrelay = 0;
-
- const int exitrelay_setting_is_auto = options->ExitRelay == -1;
- const int policy_accepts_something =
- ! (policy_is_reject_star(addr_policy, AF_INET, 1) &&
- policy_is_reject_star(addr_policy, AF_INET6, 1));
-
- if (server_mode(options) &&
- ! warned_about_exitrelay &&
- exitrelay_setting_is_auto &&
- policy_accepts_something) {
- /* Policy accepts something */
- warned_about_exitrelay = 1;
- log_warn(LD_CONFIG,
- "Tor is running as an exit relay%s. If you did not want this "
- "behavior, please set the ExitRelay option to 0. If you do "
- "want to run an exit Relay, please set the ExitRelay option "
- "to 1 to disable this warning, and for forward compatibility.",
- options->ExitPolicy == NULL ?
- " with the default exit policy" : "");
- if (options->ExitPolicy == NULL && options->ReducedExitPolicy == 0) {
- log_warn(LD_CONFIG,
- "In a future version of Tor, ExitRelay 0 may become the "
- "default when no ExitPolicy is given.");
- }
- }
-
/* The rest of these calls *append* to addr_policy. So don't actually
* use the results for anything other than checking if they parse! */
if (parse_addr_policy(options->DirPolicy, &addr_policy, -1))
@@ -2117,8 +2090,8 @@ policies_copy_outbound_addresses_to_smartlist(smartlist_t *addr_list,
* If <b>or_options->BridgeRelay</b> is false, append entries of default
* Tor exit policy into <b>result</b> smartlist.
*
- * If or_options->ExitRelay is false, then make our exit policy into
- * "reject *:*" regardless.
+ * If or_options->ExitRelay is false, or is auto without specifying an exit
+ * policy, then make our exit policy into "reject *:*" regardless.
*/
int
policies_parse_exit_policy_from_options(const or_options_t *or_options,
@@ -2130,8 +2103,10 @@ policies_parse_exit_policy_from_options(const or_options_t *or_options,
smartlist_t *configured_addresses = NULL;
int rv = 0;
- /* Short-circuit for non-exit relays */
- if (or_options->ExitRelay == 0) {
+ /* Short-circuit for non-exit relays, or for relays where we didn't specify
+ * ExitPolicy or ReducedExitPolicy and ExitRelay is auto. */
+ if (or_options->ExitRelay == 0 || (or_options->ExitPolicy == NULL &&
+ or_options->ExitRelay == -1 && or_options->ReducedExitPolicy == 0)) {
append_exit_policy_string(result, "reject *4:*");
append_exit_policy_string(result, "reject *6:*");
return 0;
More information about the tor-commits
mailing list