pub struct MicroExitPolicy {
pub is_accept: bool,
pub ports: Vec<PortRange>,
}Expand description
A compact exit policy used in microdescriptors.
Microdescriptor exit policies are a simplified form of exit policy that only specify ports, not addresses. They are used in Tor’s microdescriptor format to provide a compact representation of a relay’s exit policy.
§Format
Micro exit policies have the format:
accept|reject port[,port...]Where each port can be a single port or a range (e.g., 80-443).
§Matching Semantics
acceptpolicies allow traffic to the listed portsrejectpolicies block traffic to the listed ports (allowing all others)
Since micro policies don’t include address information, clients can only guess whether a relay will accept their traffic. If the guess is wrong, the relay will return an end-reason-exit-policy error.
§Example
use stem_rs::exit_policy::MicroExitPolicy;
// Accept only web ports
let policy = MicroExitPolicy::parse("accept 80,443").unwrap();
assert!(policy.can_exit_to(80));
assert!(policy.can_exit_to(443));
assert!(!policy.can_exit_to(22));
// Reject privileged ports
let policy = MicroExitPolicy::parse("reject 1-1024").unwrap();
assert!(!policy.can_exit_to(80));
assert!(policy.can_exit_to(8080));§See Also
ExitPolicy: Full exit policy with address supportcrate::descriptor::Microdescriptor: Contains micro exit policies
Fields§
§is_accept: boolWhether this policy accepts (true) or rejects (false) the listed ports.
ports: Vec<PortRange>The port ranges this policy applies to.
Implementations§
Source§impl MicroExitPolicy
impl MicroExitPolicy
Sourcepub fn parse(content: &str) -> Result<Self, Error>
pub fn parse(content: &str) -> Result<Self, Error>
Parses a micro exit policy from a string.
The string must follow the microdescriptor policy format:
accept|reject port[,port...]§Arguments
content- The policy string to parse
§Supported Formats
- Single port:
accept 80 - Multiple ports:
accept 80,443 - Port range:
reject 1-1024 - Mixed:
accept 80,443,8080-8090 - Wildcard:
accept *(all ports)
§Errors
Returns Error::Parse if:
- The policy doesn’t start with
acceptorreject - A port number is invalid
- A port range is invalid (min > max)
§Example
use stem_rs::exit_policy::MicroExitPolicy;
let policy = MicroExitPolicy::parse("accept 80,443").unwrap();
assert!(policy.is_accept);
assert_eq!(policy.ports.len(), 2);
let policy = MicroExitPolicy::parse("reject 1-1024").unwrap();
assert!(!policy.is_accept);
// Invalid policies
assert!(MicroExitPolicy::parse("allow 80").is_err());
assert!(MicroExitPolicy::parse("80,443").is_err());Sourcepub fn can_exit_to(&self, port: u16) -> bool
pub fn can_exit_to(&self, port: u16) -> bool
Checks if traffic can exit to a specific port.
For accept policies, returns true if the port is in the list.
For reject policies, returns true if the port is NOT in the list.
§Arguments
port- The destination port to check
§Returns
true if traffic to this port is allowed, false otherwise.
§Example
use stem_rs::exit_policy::MicroExitPolicy;
// Accept policy: only listed ports are allowed
let policy = MicroExitPolicy::parse("accept 80,443").unwrap();
assert!(policy.can_exit_to(80));
assert!(policy.can_exit_to(443));
assert!(!policy.can_exit_to(22));
// Reject policy: listed ports are blocked, others allowed
let policy = MicroExitPolicy::parse("reject 1-1024").unwrap();
assert!(!policy.can_exit_to(80));
assert!(!policy.can_exit_to(443));
assert!(policy.can_exit_to(8080));Trait Implementations§
Source§impl Clone for MicroExitPolicy
impl Clone for MicroExitPolicy
Source§fn clone(&self) -> MicroExitPolicy
fn clone(&self) -> MicroExitPolicy
1.0.0 · Source§fn clone_from(&mut self, source: &Self)
fn clone_from(&mut self, source: &Self)
source. Read more