diff options
| author | David Goulet <dgoulet@torproject.org> | 2021-02-10 11:46:32 -0500 |
|---|---|---|
| committer | David Goulet <dgoulet@torproject.org> | 2021-02-10 13:24:21 -0500 |
| commit | ae5800cd9faccd8c1319601cac7f6c76c4beb288 (patch) | |
| tree | 08fdcec354e997917f106b89a7b902284fcf70ef /src/app | |
| parent | 758000aa98432414847393420324fef983c66f1e (diff) | |
| download | tor-ae5800cd9faccd8c1319601cac7f6c76c4beb288.tar.gz tor-ae5800cd9faccd8c1319601cac7f6c76c4beb288.zip | |
relay: Allow RFC1918 addresses for non public relays
In other words, if PublishServerDescriptor is set to 0 and AssumeReachable to
1, then allow a relay to hold a RFC1918 address.
Reasons for this are documented in #40208
Fixes #40208
Signed-off-by: David Goulet <dgoulet@torproject.org>
Diffstat (limited to 'src/app')
| -rw-r--r-- | src/app/config/resolve_addr.c | 14 |
1 files changed, 13 insertions, 1 deletions
diff --git a/src/app/config/resolve_addr.c b/src/app/config/resolve_addr.c index 080cb967bc..86db6ba680 100644 --- a/src/app/config/resolve_addr.c +++ b/src/app/config/resolve_addr.c @@ -193,7 +193,19 @@ address_can_be_used(const tor_addr_t *addr, const or_options_t *options, goto allow; } - /* We have a private IP address. It is allowed only if we set custom + /* We allow internal addresses to be used if the PublishServerDescriptor is + * unset and AssumeReachable (or for IPv6) is set. + * + * This is to cover the case where a relay/bridge might be run behind a + * firewall on a local network to users can reach the network through it + * using Tor Browser for instance. */ + if (options->PublishServerDescriptor_ == NO_DIRINFO && + (options->AssumeReachable || + (tor_addr_family(addr) == AF_INET6 && options->AssumeReachableIPv6))) { + goto allow; + } + + /* We have a private IP address. This is also allowed if we set custom * directory authorities. */ if (using_default_dir_authorities(options)) { log_fn(warn_severity, LD_CONFIG, |