diff options
| author | teor (Tim Wilson-Brown) <teor2345@gmail.com> | 2015-11-25 03:11:15 +1100 |
|---|---|---|
| committer | teor (Tim Wilson-Brown) <teor2345@gmail.com> | 2015-11-25 03:11:15 +1100 |
| commit | 23b088907fd23da417f5caf2b7b5f664f317ef4a (patch) | |
| tree | c219939e2f1fa4ddc8ba700085a9266ac2e01c0a /doc | |
| parent | 6cdd024c94ce9d2ba73cb393ccc84c6274c26d85 (diff) | |
| download | tor-23b088907fd23da417f5caf2b7b5f664f317ef4a.tar.gz tor-23b088907fd23da417f5caf2b7b5f664f317ef4a.zip | |
Refuse to make direct connections to private OR addresses
Refuse connection requests to private OR addresses unless
ExtendAllowPrivateAddresses is set. Previously, tor would
connect, then refuse to send any cells to a private address.
Fixes bugs 17674 and 8976; bugfix on b7c172c9ec76 (28 Aug 2012)
Original bug 6710, released in 0.2.3.21-rc and an 0.2.2 maint
release.
Patch by "teor".
Diffstat (limited to 'doc')
| -rw-r--r-- | doc/tor.1.txt | 8 |
1 files changed, 5 insertions, 3 deletions
diff --git a/doc/tor.1.txt b/doc/tor.1.txt index aba0c1c396..2ada5688cd 100644 --- a/doc/tor.1.txt +++ b/doc/tor.1.txt @@ -1898,9 +1898,11 @@ is non-zero): (Default: 1) [[ExtendAllowPrivateAddresses]] **ExtendAllowPrivateAddresses** **0**|**1**:: - When this option is enabled, Tor routers allow EXTEND request to - localhost, RFC1918 addresses, and so on. This can create security issues; - you should probably leave it off. (Default: 0) + When this option is enabled, Tor will connect to localhost, RFC1918 + addresses, and so on. In particular, Tor will make direct connections, and + Tor routers allow EXTEND requests, to these private addresses. This can + create security issues; you should probably leave it off. + (Default: 0) [[MaxMemInQueues]] **MaxMemInQueues** __N__ **bytes**|**KB**|**MB**|**GB**:: This option configures a threshold above which Tor will assume that it |