diff options
author | David Goulet <dgoulet@torproject.org> | 2021-02-12 12:57:18 -0500 |
---|---|---|
committer | David Goulet <dgoulet@torproject.org> | 2021-02-12 12:57:18 -0500 |
commit | 4a7fcc7361aff1ff4cf4d763472742c38edc8124 (patch) | |
tree | c8e9343150949332d3a9b52fe22e0ba2f0263e1a | |
parent | 8e493f321ae4036ba32bbd69c9e8270758890e3c (diff) | |
parent | bdca475518ca3036f1df7e78fef93bfa988cb01f (diff) | |
download | tor-4a7fcc7361aff1ff4cf4d763472742c38edc8124.tar.gz tor-4a7fcc7361aff1ff4cf4d763472742c38edc8124.zip |
Merge branch 'maint-0.4.5' into release-0.4.5
-rw-r--r-- | changes/ticket40208 | 6 | ||||
-rw-r--r-- | src/app/config/resolve_addr.c | 14 | ||||
-rw-r--r-- | src/feature/relay/router.c | 3 | ||||
-rw-r--r-- | src/test/test_config.c | 17 |
4 files changed, 37 insertions, 3 deletions
diff --git a/changes/ticket40208 b/changes/ticket40208 new file mode 100644 index 0000000000..5a3a1aa55e --- /dev/null +++ b/changes/ticket40208 @@ -0,0 +1,6 @@ + o Minor bugfixes (relay): + - Allow relays to have a RFC1918 address if PublishServerDescriptor is set + to 0 and AssumeReachable is set to 1. This is to support the use case of a + bridge on a local network that can be used by restricted users on that + network to reach the Tor network. Fixes bug 40208; bugfix on + 0.4.5.1-alpha. diff --git a/src/app/config/resolve_addr.c b/src/app/config/resolve_addr.c index 080cb967bc..86db6ba680 100644 --- a/src/app/config/resolve_addr.c +++ b/src/app/config/resolve_addr.c @@ -193,7 +193,19 @@ address_can_be_used(const tor_addr_t *addr, const or_options_t *options, goto allow; } - /* We have a private IP address. It is allowed only if we set custom + /* We allow internal addresses to be used if the PublishServerDescriptor is + * unset and AssumeReachable (or for IPv6) is set. + * + * This is to cover the case where a relay/bridge might be run behind a + * firewall on a local network to users can reach the network through it + * using Tor Browser for instance. */ + if (options->PublishServerDescriptor_ == NO_DIRINFO && + (options->AssumeReachable || + (tor_addr_family(addr) == AF_INET6 && options->AssumeReachableIPv6))) { + goto allow; + } + + /* We have a private IP address. This is also allowed if we set custom * directory authorities. */ if (using_default_dir_authorities(options)) { log_fn(warn_severity, LD_CONFIG, diff --git a/src/feature/relay/router.c b/src/feature/relay/router.c index 8a7e76e33f..2696b8633b 100644 --- a/src/feature/relay/router.c +++ b/src/feature/relay/router.c @@ -2101,8 +2101,7 @@ router_build_fresh_unsigned_routerinfo,(routerinfo_t **ri_out)) ri->ipv4_dirport = routerconf_find_dir_port(options, 0); /* Optionally check for an IPv6. We still publish without one. */ - if (!omit_ipv6_on_publish && - relay_find_addr_to_publish(options, AF_INET6, RELAY_FIND_ADDR_NO_FLAG, + if (relay_find_addr_to_publish(options, AF_INET6, RELAY_FIND_ADDR_NO_FLAG, &ri->ipv6_addr)) { ri->ipv6_orport = routerconf_find_or_port(options, AF_INET6); router_check_descriptor_address_consistency(&ri->ipv6_addr); diff --git a/src/test/test_config.c b/src/test/test_config.c index 4eb4ac9cf5..eacf12a25f 100644 --- a/src/test/test_config.c +++ b/src/test/test_config.c @@ -1460,6 +1460,7 @@ test_config_find_my_address(void *arg) options = options_new(); options_init(options); + options->PublishServerDescriptor_ = V3_DIRINFO; /* * Case 0: @@ -1782,6 +1783,22 @@ test_config_find_my_address(void *arg) VALIDATE_FOUND_ADDRESS(true, RESOLVED_ADDR_INTERFACE, NULL); CLEANUP_FOUND_ADDRESS; + /* + * Case 15: Address is a local address (internal) but we unset + * PublishServerDescriptor_ so we are allowed to hold it. + */ + options->PublishServerDescriptor_ = NO_DIRINFO; + if (p->family == AF_INET) { + options->AssumeReachable = 1; + } + config_line_append(&options->Address, "Address", p->internal_ip); + + tor_addr_parse(&test_addr, p->internal_ip); + retval = find_my_address(options, p->family, LOG_NOTICE, &resolved_addr, + &method_used, &hostname_out); + VALIDATE_FOUND_ADDRESS(true, RESOLVED_ADDR_CONFIGURED, NULL); + CLEANUP_FOUND_ADDRESS; + UNMOCK(get_interface_address6); UNMOCK(tor_gethostname); UNMOCK(tor_addr_lookup); |