torexitpolicy

Documentation

Overview

Package torexitpolicy manages Tor exit policies.

Index

• Variables
• type Action
  • func (a Action) Describe() string
• type Pattern
• type Policy
  • func NewPolicy() *Policy
  • func NewPolicyWithDefault(a Action) *Policy
  • func (p *Policy) Accept(pat Pattern)
  • func (p *Policy) Action(a Action, pat Pattern)
  • func (p *Policy) AddRule(r Rule)
  • func (p Policy) Allow(ip net.IP, port uint16) bool
  • func (p *Policy) Reject(pat Pattern)
  • func (p Policy) Rules() []Rule
• type Rule

Variables

var AcceptAllPolicy = NewPolicyWithDefault(Accept)

AcceptAllPolicy allows exit traffic to anywhere.

var RejectAllPolicy = NewPolicyWithDefault(Reject)

RejectAllPolicy does not allow any exit traffic.

Types

type Action

type Action bool

Action specifies how a set of addresses should be handled.

const (
	Accept Action = true
	Reject Action = false
)

Accept and Reject are the two possible actions to take.

func (Action) Describe

func (a Action) Describe() string

Describe represents the action as a string, "accept" or "reject".

type Pattern

type Pattern interface {
	Matches(net.IP, uint16) bool
	Describe() string
}

Pattern specifies a set of addresses to apply an action to.

Reference: https://github.com/torproject/torspec/blob/master/dir-spec.txt#L1186-L1201

exitpattern ::= addrspec ":" portspec
portspec ::= "*" | port | port "-" port
port ::= an integer between 1 and 65535, inclusive.

   [Some implementations incorrectly generate ports with value 0.
    Implementations SHOULD accept this, and SHOULD NOT generate it.
    Connections to port 0 are never permitted.]

addrspec ::= "*" | ip4spec | ip6spec
ipv4spec ::= ip4 | ip4 "/" num_ip4_bits | ip4 "/" ip4mask
ip4 ::= an IPv4 address in dotted-quad format
ip4mask ::= an IPv4 mask in dotted-quad format
num_ip4_bits ::= an integer between 0 and 32
ip6spec ::= ip6 | ip6 "/" num_ip6_bits
ip6 ::= an IPv6 address, surrounded by square brackets.
num_ip6_bits ::= an integer between 0 and 128

var AllPattern Pattern = allPattern{}

AllPattern represents the pattern "*:*" that matches anything.

type Policy

type Policy struct {
	// contains filtered or unexported fields
}

Policy defines which addresses to allow traffic to.

Reference: https://github.com/torproject/torspec/blob/master/dir-spec.txt#L554-L564

"accept" exitpattern NL
"reject" exitpattern NL

   [Any number]

   These lines describe an "exit policy": the rules that an OR follows
   when deciding whether to allow a new stream to a given address.  The
   'exitpattern' syntax is described below.  There MUST be at least one
   such entry.  The rules are considered in order; if no rule matches,
   the address will be accepted.  For clarity, the last such entry SHOULD
   be accept *:* or reject *:*.

func NewPolicy

func NewPolicy() *Policy

NewPolicy builds an empty policy. By default this will reject all addresses.

func NewPolicyWithDefault

func NewPolicyWithDefault(a Action) *Policy

NewPolicyWithDefault builds a Policy with the specified default behavior.

func (*Policy) Accept

func (p *Policy) Accept(pat Pattern)

Accept adds a rule to accept addresses matched by the Pattern.

func (*Policy) Action

func (p *Policy) Action(a Action, pat Pattern)

Action adds a rule that applies the Action a to addresses matched by Pattern pat.

func (*Policy) AddRule

func (p *Policy) AddRule(r Rule)

AddRule adds a rule to the policy. Rules are processed in the order they are added.

func (Policy) Allow

func (p Policy) Allow(ip net.IP, port uint16) bool

Allow determines whether the pollicy allows exist traffic to the given addr:port.

func (*Policy) Reject

func (p *Policy) Reject(pat Pattern)

Reject adds a rule to reject addresses matched by the Pattern.

func (Policy) Rules

func (p Policy) Rules() []Rule

Rules returns all the rules in the policy. The default rule is included at the end.

type Rule

type Rule struct {
	Action  Action
	Pattern Pattern
}

Rule specifies an Action to apply to addresses matched by Pattern.