diff options
| author | Nick Mathewson <nickm@torproject.org> | 2011-02-07 12:47:04 -0500 |
|---|---|---|
| committer | Nick Mathewson <nickm@torproject.org> | 2011-02-07 12:47:04 -0500 |
| commit | ff5810aea91fed15a6401f0f825bb9fbe16ca200 (patch) | |
| tree | 9cdeac8199fca63c791769e5d264df0c62fde4a8 /src/or/connection_edge.c | |
| parent | c2c1f5b2a12e3c2141087ac9d787e07e531b0008 (diff) | |
| parent | 98cef0ac1e94fbcf7d1f9f70e077f22624033ecc (diff) | |
| download | tor-ff5810aea91fed15a6401f0f825bb9fbe16ca200.tar.gz tor-ff5810aea91fed15a6401f0f825bb9fbe16ca200.zip | |
Merge remote branch 'origin/maint-0.2.2'
Diffstat (limited to 'src/or/connection_edge.c')
| -rw-r--r-- | src/or/connection_edge.c | 22 |
1 files changed, 22 insertions, 0 deletions
diff --git a/src/or/connection_edge.c b/src/or/connection_edge.c index c0b177d6e2..bb36f0832a 100644 --- a/src/or/connection_edge.c +++ b/src/or/connection_edge.c @@ -1659,6 +1659,28 @@ connection_ap_handshake_rewrite_and_attach(edge_connection_t *conn, connection_mark_unattached_ap(conn, END_STREAM_REASON_TORPROTOCOL); return -1; } + if (options->ClientRejectInternalAddresses && + !conn->use_begindir && !conn->chosen_exit_name && !circ) { + tor_addr_t addr; + if (tor_addr_from_str(&addr, socks->address) >= 0 && + tor_addr_is_internal(&addr, 0)) { + /* If this is an explicit private address with no chosen exit node, + * then we really don't want to try to connect to it. That's + * probably an error. */ + if (conn->is_transparent_ap) { + log_warn(LD_NET, + "Rejecting request for anonymous connection to private " + "address %s on a TransPort or NATDPort. Possible loop " + "in your NAT rules?", safe_str_client(socks->address)); + } else { + log_warn(LD_NET, + "Rejecting SOCKS request for anonymous connection to " + "private address %s", safe_str_client(socks->address)); + } + connection_mark_unattached_ap(conn, END_STREAM_REASON_PRIVATE_ADDR); + return -1; + } + } if (!conn->use_begindir && !conn->chosen_exit_name && !circ) { /* see if we can find a suitable enclave exit */ |