-make proper use of new policy parser

author: Christian Grothoff <christian@grothoff.org> 2013-10-26 15:17:48 +0000
committer: Christian Grothoff <christian@grothoff.org> 2013-10-26 15:17:48 +0000
commit: 5272b27b9373a21884fde643a7d582df6b3b421b (patch)
tree: 3c2ce2549e203c099ddf07386fa53122471f4f49 /src/exit
parent: 87b7d2bc3d9cc8c4da313e5dc60fa497d65eb0e2 (diff)
download: gnunet-5272b27b9373a21884fde643a7d582df6b3b421b.tar.gz
gnunet-5272b27b9373a21884fde643a7d582df6b3b421b.zip
2 files changed, 11 insertions, 11 deletions
diff --git a/src/exit/exit.conf b/src/exit/exit.conf
index aadcee47f..46851420d 100644
--- a/src/exit/exit.conf
+++ b/src/exit/exit.conf
@@ -5,7 +5,7 @@ BINARY = gnunet-daemon-exit
 # must be within the global IPv6 range of your system!)
 IPV6ADDR = 2001:DB8::1
-# Prefix for our IPv6 subnet on the TUN interface. 
+# Prefix for our IPv6 subnet on the TUN interface.
 IPV6PREFIX = 64
 # IPv4 address to use on our TUN interface (may need to be
@@ -16,13 +16,13 @@ IPV4ADDR = 169.254.86.1
 # Netmask for the IPv4 subnet on the TUN interface.
 IPV4MASK = 255.255.255.0
-# Regular expression matching IPv4 addresses in binary (32 values of 0 or 1) 
+# IPv4 networks to which we are allowed to exit.
-# format for which this system is willing to serve as an exit.
+# The format is "(network[/netmask][:[!]SPORT-DPORT];)*"
-EXIT_RANGE_IPV4_REGEX = (0|1)*
+EXIT_RANGE_IPV4_POLICY = 0.0.0.0/0:!25;
-# Regular expression matching IPv4 addresses in binary (128 values of 0 or 1) 
+# IPv6 networks to which we are allowed to exit.
-# format for which this system is willing to serve as an exit.
+# The format is "(network[/netmask][:[!]SPORT-DPORT];)*"
-EXIT_RANGE_IPV6_REGEX = (0|1)*
+EXIT_RANGE_IPV6_POLICY = ::/0:!25;
 # Name of the (virtual) tunnel interface the exit daemon will manage
@@ -43,10 +43,10 @@ EXIT_IPV4 = NO
 # Set this to YES to allow exiting this system via IPv6 to the Internet
 EXIT_IPV6 = NO
-# This option should be set to YES to allow the DNS service to 
+# This option should be set to YES to allow the DNS service to
 # perform lookups against the locally configured DNS resolver.
 # (set to "NO" if no normal ISP is locally available and thus
-# requests for normal ".com"/".org"/etc. must be routed via 
+# requests for normal ".com"/".org"/etc. must be routed via
 # the GNUnet VPN (the GNUNET PT daemon then needs to be configured
 # to intercept and route DNS queries via mesh).
 # Set this to YES to allow using this system for DNS queries.
diff --git a/src/exit/gnunet-daemon-exit.c b/src/exit/gnunet-daemon-exit.c
index 9c095b34e..2de707133 100644
--- a/src/exit/gnunet-daemon-exit.c
+++ b/src/exit/gnunet-daemon-exit.c
@@ -3719,7 +3719,7 @@ run (void *cls,
    if (GNUNET_OK !=
        GNUNET_CONFIGURATION_get_value_string (cfg,
                                               "exit",
-                                               "EXIT_RANGE_IPV4_REGEX",
+                                               "EXIT_RANGE_IPV4_POLICY",
                                               &policy))
      regex = NULL;
    else
@@ -3745,7 +3745,7 @@ run (void *cls,
    if (GNUNET_OK !=
        GNUNET_CONFIGURATION_get_value_string (cfg,
                                               "exit",
-                                               "EXIT_RANGE_IPV6_REGEX",
+                                               "EXIT_RANGE_IPV6_POLICY",
                                               &policy))
      regex = NULL;
    else
author	Christian Grothoff <christian@grothoff.org>	2013-10-26 15:17:48 +0000
committer	Christian Grothoff <christian@grothoff.org>	2013-10-26 15:17:48 +0000
commit	5272b27b9373a21884fde643a7d582df6b3b421b (patch)
tree	3c2ce2549e203c099ddf07386fa53122471f4f49 /src/exit
parent	87b7d2bc3d9cc8c4da313e5dc60fa497d65eb0e2 (diff)
download	gnunet-5272b27b9373a21884fde643a7d582df6b3b421b.tar.gz gnunet-5272b27b9373a21884fde643a7d582df6b3b421b.zip

diff --git a/src/exit/exit.conf b/src/exit/exit.conf index aadcee47f..46851420d 100644 --- a/src/exit/exit.conf +++ b/src/exit/exit.conf
@@ -5,7 +5,7 @@ BINARY = gnunet-daemon-exit
5	# must be within the global IPv6 range of your system!)	5	# must be within the global IPv6 range of your system!)
6	IPV6ADDR = 2001:DB8::1	6	IPV6ADDR = 2001:DB8::1
7		7
8	# Prefix for our IPv6 subnet on the TUN interface.	8	# Prefix for our IPv6 subnet on the TUN interface.
9	IPV6PREFIX = 64	9	IPV6PREFIX = 64
10		10
11	# IPv4 address to use on our TUN interface (may need to be	11	# IPv4 address to use on our TUN interface (may need to be
@@ -16,13 +16,13 @@ IPV4ADDR = 169.254.86.1
16	# Netmask for the IPv4 subnet on the TUN interface.	16	# Netmask for the IPv4 subnet on the TUN interface.
17	IPV4MASK = 255.255.255.0	17	IPV4MASK = 255.255.255.0
18		18
19	# Regular expression matching IPv4 addresses in binary (32 values of 0 or 1)	19	# IPv4 networks to which we are allowed to exit.
20	# format for which this system is willing to serve as an exit.	20	# The format is "(network[/netmask][:[!]SPORT-DPORT];)*"
21	EXIT_RANGE_IPV4_REGEX = (0\|1)*	21	EXIT_RANGE_IPV4_POLICY = 0.0.0.0/0:!25;
22		22
23	# Regular expression matching IPv4 addresses in binary (128 values of 0 or 1)	23	# IPv6 networks to which we are allowed to exit.
24	# format for which this system is willing to serve as an exit.	24	# The format is "(network[/netmask][:[!]SPORT-DPORT];)*"
25	EXIT_RANGE_IPV6_REGEX = (0\|1)*	25	EXIT_RANGE_IPV6_POLICY = ::/0:!25;
26		26
27		27
28	# Name of the (virtual) tunnel interface the exit daemon will manage	28	# Name of the (virtual) tunnel interface the exit daemon will manage
@@ -43,10 +43,10 @@ EXIT_IPV4 = NO
43	# Set this to YES to allow exiting this system via IPv6 to the Internet	43	# Set this to YES to allow exiting this system via IPv6 to the Internet
44	EXIT_IPV6 = NO	44	EXIT_IPV6 = NO
45		45
46	# This option should be set to YES to allow the DNS service to	46	# This option should be set to YES to allow the DNS service to
47	# perform lookups against the locally configured DNS resolver.	47	# perform lookups against the locally configured DNS resolver.
48	# (set to "NO" if no normal ISP is locally available and thus	48	# (set to "NO" if no normal ISP is locally available and thus
49	# requests for normal ".com"/".org"/etc. must be routed via	49	# requests for normal ".com"/".org"/etc. must be routed via
50	# the GNUnet VPN (the GNUNET PT daemon then needs to be configured	50	# the GNUnet VPN (the GNUNET PT daemon then needs to be configured
51	# to intercept and route DNS queries via mesh).	51	# to intercept and route DNS queries via mesh).
52	# Set this to YES to allow using this system for DNS queries.	52	# Set this to YES to allow using this system for DNS queries.


diff --git a/src/exit/gnunet-daemon-exit.c b/src/exit/gnunet-daemon-exit.c index 9c095b34e..2de707133 100644 --- a/src/exit/gnunet-daemon-exit.c +++ b/src/exit/gnunet-daemon-exit.c
@@ -3719,7 +3719,7 @@ run (void *cls,
3719	if (GNUNET_OK !=	3719	if (GNUNET_OK !=
3720	GNUNET_CONFIGURATION_get_value_string (cfg,	3720	GNUNET_CONFIGURATION_get_value_string (cfg,
3721	"exit",	3721	"exit",
3722	"EXIT_RANGE_IPV4_REGEX",	3722	"EXIT_RANGE_IPV4_POLICY",
3723	&policy))	3723	&policy))
3724	regex = NULL;	3724	regex = NULL;
3725	else	3725	else
@@ -3745,7 +3745,7 @@ run (void *cls,
3745	if (GNUNET_OK !=	3745	if (GNUNET_OK !=
3746	GNUNET_CONFIGURATION_get_value_string (cfg,	3746	GNUNET_CONFIGURATION_get_value_string (cfg,
3747	"exit",	3747	"exit",
3748	"EXIT_RANGE_IPV6_REGEX",	3748	"EXIT_RANGE_IPV6_POLICY",
3749	&policy))	3749	&policy))
3750	regex = NULL;	3750	regex = NULL;
3751	else	3751	else