diff options
| author | teor (Tim Wilson-Brown) <teor2345@gmail.com> | 2016-07-01 15:37:13 +1000 |
|---|---|---|
| committer | teor (Tim Wilson-Brown) <teor2345@gmail.com> | 2016-07-01 15:37:13 +1000 |
| commit | 514f0041d190b9e142cc246e3ec7ac65342547bd (patch) | |
| tree | 4476a6dbcb443e380267cc120b21ed230137b812 /src/or/main.c | |
| parent | 64ee7bcd0c8e154269145b626a7cd56b9d6264a1 (diff) | |
| download | tor-514f0041d190b9e142cc246e3ec7ac65342547bd.tar.gz tor-514f0041d190b9e142cc246e3ec7ac65342547bd.zip | |
Avoid disclosing exit IP addresses in exit policies by default
From 0.2.7.2-alpha onwards, Exits would reject all the IP addresses
they knew about in their exit policy. But this may have disclosed
addresses that were otherwise unlisted.
Now, only advertised addresses are rejected by default by
ExitPolicyRejectPrivate. All known addresses are only rejected when
ExitPolicyRejectLocalInterfaces is explicitly set to 1.
Diffstat (limited to 'src/or/main.c')
| -rw-r--r-- | src/or/main.c | 8 |
1 files changed, 4 insertions, 4 deletions
diff --git a/src/or/main.c b/src/or/main.c index 65a67a9923..2b9b08546c 100644 --- a/src/or/main.c +++ b/src/or/main.c @@ -2220,8 +2220,8 @@ ip_address_changed(int at_interface) { const or_options_t *options = get_options(); int server = server_mode(options); - int exit_reject_private = (server && options->ExitRelay - && options->ExitPolicyRejectPrivate); + int exit_reject_interfaces = (server && options->ExitRelay + && options->ExitPolicyRejectLocalInterfaces); if (at_interface) { if (! server) { @@ -2239,8 +2239,8 @@ ip_address_changed(int at_interface) } /* Exit relays incorporate interface addresses in their exit policies when - * ExitPolicyRejectPrivate is set */ - if (exit_reject_private || (server && !at_interface)) { + * ExitPolicyRejectLocalInterfaces is set */ + if (exit_reject_interfaces || (server && !at_interface)) { mark_my_descriptor_dirty("IP address changed"); } |