diff options
| author | teor (Tim Wilson-Brown) <teor2345@gmail.com> | 2016-07-01 15:37:13 +1000 |
|---|---|---|
| committer | teor (Tim Wilson-Brown) <teor2345@gmail.com> | 2016-07-01 15:37:13 +1000 |
| commit | 514f0041d190b9e142cc246e3ec7ac65342547bd (patch) | |
| tree | 4476a6dbcb443e380267cc120b21ed230137b812 /src/or/control.c | |
| parent | 64ee7bcd0c8e154269145b626a7cd56b9d6264a1 (diff) | |
| download | tor-514f0041d190b9e142cc246e3ec7ac65342547bd.tar.gz tor-514f0041d190b9e142cc246e3ec7ac65342547bd.zip | |
Avoid disclosing exit IP addresses in exit policies by default
From 0.2.7.2-alpha onwards, Exits would reject all the IP addresses
they knew about in their exit policy. But this may have disclosed
addresses that were otherwise unlisted.
Now, only advertised addresses are rejected by default by
ExitPolicyRejectPrivate. All known addresses are only rejected when
ExitPolicyRejectLocalInterfaces is explicitly set to 1.
Diffstat (limited to 'src/or/control.c')
| -rw-r--r-- | src/or/control.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/src/or/control.c b/src/or/control.c index d3613d8d4f..ea7d7b7962 100644 --- a/src/or/control.c +++ b/src/or/control.c @@ -3025,7 +3025,7 @@ static const getinfo_item_t getinfo_items[] = { " ExitPolicyRejectPrivate."), ITEM("exit-policy/reject-private/relay", policies, "The relay-specific rules appended to the configured exit policy by" - " ExitPolicyRejectPrivate."), + " ExitPolicyRejectPrivate and/or ExitPolicyRejectLocalInterfaces."), ITEM("exit-policy/full", policies, "The entire exit policy of onion router"), ITEM("exit-policy/ipv4", policies, "IPv4 parts of exit policy"), ITEM("exit-policy/ipv6", policies, "IPv6 parts of exit policy"), |