Merge branch 'exitnode_10067_squashed'
Conflicts: src/or/or.h
This commit is contained in:
commit
90b9e23bec
|
@ -0,0 +1,12 @@
|
|||
o Major features (changed defaults):
|
||||
- Prevent relay operators from unintentionally running exits: When
|
||||
a relay is configured as an exit node, we now warn the user
|
||||
unless the 'ExitRelay' option is set to 1. We warn even more
|
||||
loudly if the relay is configured with the default exit policy,
|
||||
since this tends to indicate accidental misconfiguration.
|
||||
Setting 'ExitRelay' to 0 stops Tor from running as an exit relay.
|
||||
Closes ticket 10067.
|
||||
|
||||
o Removed features:
|
||||
- To avoid confusion with the 'ExitRelay' option, 'ExitNode' is no
|
||||
longer silently accepted as an alias for 'ExitNodes'.
|
|
@ -1469,6 +1469,19 @@ is non-zero):
|
|||
that it's an email address and/or generate a new address for this
|
||||
purpose.
|
||||
|
||||
[[ExitRelay]] **ExitRelay** **0**|**1**|**auto**::
|
||||
Tells Tor whether to run as an exit relay. If Tor is running as a
|
||||
non-bridge server, and ExitRelay is set to 1, then Tor allows traffic to
|
||||
exit according to the ExitPolicy option (or the default ExitPolicy if
|
||||
none is specified).
|
||||
+
|
||||
If ExitRelay is set to 0, no traffic is allowed to
|
||||
exit, and the ExitPolicy option is ignored. +
|
||||
+
|
||||
If ExitRelay is set to "auto", then Tor behaves as if it were set to 1, but
|
||||
warns the user if this would cause traffic to exit. In a future version,
|
||||
the default value will be 0. (Default: auto)
|
||||
|
||||
[[ExitPolicy]] **ExitPolicy** __policy__,__policy__,__...__::
|
||||
Set an exit policy for this server. Each policy is of the form
|
||||
"**accept**|**reject** __ADDR__[/__MASK__][:__PORT__]". If /__MASK__ is
|
||||
|
|
|
@ -65,7 +65,6 @@ static config_abbrev_t option_abbrevs_[] = {
|
|||
PLURAL(AuthDirBadExitCC),
|
||||
PLURAL(AuthDirInvalidCC),
|
||||
PLURAL(AuthDirRejectCC),
|
||||
PLURAL(ExitNode),
|
||||
PLURAL(EntryNode),
|
||||
PLURAL(ExcludeNode),
|
||||
PLURAL(FirewallPort),
|
||||
|
@ -229,6 +228,7 @@ static config_var_t option_vars_[] = {
|
|||
V(ExitPolicyRejectPrivate, BOOL, "1"),
|
||||
V(ExitPortStatistics, BOOL, "0"),
|
||||
V(ExtendAllowPrivateAddresses, BOOL, "0"),
|
||||
V(ExitRelay, AUTOBOOL, "auto"),
|
||||
VPORT(ExtORPort, LINELIST, NULL),
|
||||
V(ExtORPortCookieAuthFile, STRING, NULL),
|
||||
V(ExtORPortCookieAuthFileGroupReadable, BOOL, "0"),
|
||||
|
@ -3924,6 +3924,7 @@ options_transition_affects_descriptor(const or_options_t *old_options,
|
|||
!opt_streq(old_options->Nickname,new_options->Nickname) ||
|
||||
!opt_streq(old_options->Address,new_options->Address) ||
|
||||
!config_lines_eq(old_options->ExitPolicy,new_options->ExitPolicy) ||
|
||||
old_options->ExitRelay != new_options->ExitRelay ||
|
||||
old_options->ExitPolicyRejectPrivate !=
|
||||
new_options->ExitPolicyRejectPrivate ||
|
||||
old_options->IPv6Exit != new_options->IPv6Exit ||
|
||||
|
|
|
@ -4271,6 +4271,14 @@ typedef struct {
|
|||
* when sending.
|
||||
*/
|
||||
int SchedulerMaxFlushCells__;
|
||||
|
||||
/** Is this an exit node? This is a tristate, where "1" means "yes, and use
|
||||
* the default exit policy if none is given" and "0" means "no; exit policy
|
||||
* is 'reject *'" and "auto" (-1) means "same as 1, but warn the user."
|
||||
*
|
||||
* XXXX Eventually, the default will be 0. */
|
||||
int ExitRelay;
|
||||
|
||||
} or_options_t;
|
||||
|
||||
/** Persistent state for an onion router, as saved to disk. */
|
||||
|
|
|
@ -434,6 +434,33 @@ validate_addr_policies(const or_options_t *options, char **msg)
|
|||
REJECT("Error in ExitPolicy entry.");
|
||||
}
|
||||
|
||||
static int warned_about_exitrelay = 0;
|
||||
|
||||
const int exitrelay_setting_is_auto = options->ExitRelay == -1;
|
||||
const int policy_accepts_something =
|
||||
! (policy_is_reject_star(addr_policy, AF_INET) &&
|
||||
policy_is_reject_star(addr_policy, AF_INET6));
|
||||
|
||||
if (server_mode(options) &&
|
||||
! warned_about_exitrelay &&
|
||||
exitrelay_setting_is_auto &&
|
||||
policy_accepts_something) {
|
||||
/* Policy accepts something */
|
||||
warned_about_exitrelay = 1;
|
||||
log_warn(LD_CONFIG,
|
||||
"Tor is running as an exit relay%s. If you did not want this "
|
||||
"behavior, please set the ExitRelay option to 0. If you do "
|
||||
"want to run an exit Relay, please set the ExitRelay option "
|
||||
"to 1 to disable this warning, and for forward compatibility.",
|
||||
options->ExitPolicy == NULL ?
|
||||
" with the default exit policy" : "");
|
||||
if (options->ExitPolicy == NULL) {
|
||||
log_warn(LD_CONFIG,
|
||||
"In a future version of Tor, ExitRelay 0 may become the "
|
||||
"default when no ExitPolicy is given.");
|
||||
}
|
||||
}
|
||||
|
||||
/* The rest of these calls *append* to addr_policy. So don't actually
|
||||
* use the results for anything other than checking if they parse! */
|
||||
if (parse_addr_policy(options->DirPolicy, &addr_policy, -1))
|
||||
|
@ -1022,6 +1049,9 @@ policies_parse_exit_policy(config_line_t *cfg, smartlist_t **dest,
|
|||
*
|
||||
* If <b>or_options->BridgeRelay</b> is false, add entries of default
|
||||
* Tor exit policy into <b>result</b> smartlist.
|
||||
*
|
||||
* If or_options->ExitRelay is false, then make our exit policy into
|
||||
* "reject *:*" regardless.
|
||||
*/
|
||||
int
|
||||
policies_parse_exit_policy_from_options(const or_options_t *or_options,
|
||||
|
@ -1030,6 +1060,12 @@ policies_parse_exit_policy_from_options(const or_options_t *or_options,
|
|||
{
|
||||
exit_policy_parser_cfg_t parser_cfg = 0;
|
||||
|
||||
if (or_options->ExitRelay == 0) {
|
||||
append_exit_policy_string(result, "reject *4:*");
|
||||
append_exit_policy_string(result, "reject *6:*");
|
||||
return 0;
|
||||
}
|
||||
|
||||
if (or_options->IPv6Exit) {
|
||||
parser_cfg |= EXIT_POLICY_IPV6_ENABLED;
|
||||
}
|
||||
|
|
Loading…
Reference in New Issue