diff options
| author | teor (Tim Wilson-Brown) <teor2345@gmail.com> | 2016-03-23 13:37:35 +1100 |
|---|---|---|
| committer | Nick Mathewson <nickm@torproject.org> | 2016-03-24 10:13:58 -0400 |
| commit | f2153f9716876b87bfcc53ff13b86b878edaae86 (patch) | |
| tree | f4ea20d094c9fbf4cb1d2ba594d52248cfc94f24 /doc | |
| parent | 45681f695c6096e280bc7ec3bf0a67c27708dbbc (diff) | |
| download | tor-f2153f9716876b87bfcc53ff13b86b878edaae86.tar.gz tor-f2153f9716876b87bfcc53ff13b86b878edaae86.zip | |
Always allow OR connections to bridges on private addresses
Regardless of the setting of ExtendAllowPrivateAddresses.
This fixes a bug with pluggable transports that ignore the
(potentially private) address in their bridge line.
Fixes bug 18517; bugfix on 23b088907f in tor-0.2.8.1-alpha.
Diffstat (limited to 'doc')
| -rw-r--r-- | doc/tor.1.txt | 19 |
1 files changed, 12 insertions, 7 deletions
diff --git a/doc/tor.1.txt b/doc/tor.1.txt index a71b04fec7..413af96117 100644 --- a/doc/tor.1.txt +++ b/doc/tor.1.txt @@ -747,9 +747,12 @@ The following options are useful only for clients (that is, if fingerprint to look up the bridge descriptor at the bridge authority, if it's provided and if UpdateBridgesFromAuthority is set too. + + - If "transport" is provided, and matches to a ClientTransportPlugin - line, we use that pluggable transports proxy to transfer data to - the bridge. + If "transport" is provided, it must match a ClientTransportPlugin line. We + then use that pluggable transport's proxy to transfer data to the bridge, + rather than connecting to the bridge directly. Some transports use a + transport-specific method to work out the remote address to connect to. + These transports typically ignore the "IP:ORPort" specified in the bridge + line. [[LearnCircuitBuildTimeout]] **LearnCircuitBuildTimeout** **0**|**1**:: If 0, CircuitBuildTimeout adaptive learning is disabled. (Default: 1) @@ -1974,10 +1977,12 @@ is non-zero): (Default: 1) [[ExtendAllowPrivateAddresses]] **ExtendAllowPrivateAddresses** **0**|**1**:: - When this option is enabled, Tor will connect to localhost, RFC1918 - addresses, and so on. In particular, Tor will make direct connections, and - Tor routers allow EXTEND requests, to these private addresses. This can - create security issues; you should probably leave it off. + When this option is enabled, Tor will connect to relays on localhost, + RFC1918 addresses, and so on. In particular, Tor will make direct OR + connections, and Tor routers allow EXTEND requests, to these private + addresses. (Tor will always allow connections to bridges, proxies, and + pluggable transports configured on private addresses.) Enabling this + option can create security issues; you should probably leave it off. (Default: 0) [[MaxMemInQueues]] **MaxMemInQueues** __N__ **bytes**|**KB**|**MB**|**GB**:: |