ExitPolicyRejectPrivate rejects local IPv6 address and interface addresses

ExitPolicyRejectPrivate now rejects more local addresses by default: * the relay's published IPv6 address (if any), and * any publicly routable IPv4 or IPv6 addresses on any local interfaces. This resolves a security issue for IPv6 Exits and multihomed Exits that trust connections originating from localhost. Resolves ticket 17027. Patch by "teor". Patch on 42b8fb5a1523 (11 Nov 2007), released in 0.2.0.11-alpha.
author: teor (Tim Wilson-Brown) <teor2345@gmail.com> 2015-09-15 18:34:18 +1000
committer: teor (Tim Wilson-Brown) <teor2345@gmail.com> 2015-09-16 02:56:50 +1000
commit: 098b82c7b2a6bb711e3616eb5b7e7e5e7401f01d (patch)
tree: bc40d90c97de2a09a6c1e277ea3c5f2c455f8787 /src/or/policies.h
parent: 31eb486c4624d1437d982ffdfc1f9d7d83c5ffd6 (diff)
download: tor-098b82c7b2a6bb711e3616eb5b7e7e5e7401f01d.tar.gz
tor-098b82c7b2a6bb711e3616eb5b7e7e5e7401f01d.zip
1 files changed, 5 insertions, 7 deletions
diff --git a/src/or/policies.h b/src/or/policies.h
index 0225b57a2c..f200d7babe 100644
--- a/src/or/policies.h
+++ b/src/or/policies.h
@@ -48,18 +48,16 @@ MOCK_DECL(addr_policy_result_t, compare_tor_addr_to_addr_policy,
 addr_policy_result_t compare_tor_addr_to_node_policy(const tor_addr_t *addr,
                               uint16_t port, const node_t *node);
 
-/*
-int policies_parse_exit_policy(config_line_t *cfg, smartlist_t **dest,
-                               int ipv6exit,
-                               int rejectprivate, uint32_t local_address,
-                               int add_default_policy);
-*/
 int policies_parse_exit_policy_from_options(const or_options_t *or_options,
                                             uint32_t local_address,
+                                            tor_addr_t *ipv6_local_address,
+                                            int reject_interface_addresses,
                                             smartlist_t **result);
 int policies_parse_exit_policy(config_line_t *cfg, smartlist_t **dest,
                                exit_policy_parser_cfg_t options,
-                               uint32_t local_address);
+                               uint32_t local_address,
+                               tor_addr_t *ipv6_local_address,
+                               int reject_interface_addresses);
 void policies_exit_policy_append_reject_star(smartlist_t **dest);
 void addr_policy_append_reject_addr(smartlist_t **dest,
                                     const tor_addr_t *addr);
author	teor (Tim Wilson-Brown) <teor2345@gmail.com>	2015-09-15 18:34:18 +1000
committer	teor (Tim Wilson-Brown) <teor2345@gmail.com>	2015-09-16 02:56:50 +1000
commit	098b82c7b2a6bb711e3616eb5b7e7e5e7401f01d (patch)
tree	bc40d90c97de2a09a6c1e277ea3c5f2c455f8787 /src/or/policies.h
parent	31eb486c4624d1437d982ffdfc1f9d7d83c5ffd6 (diff)
download	tor-098b82c7b2a6bb711e3616eb5b7e7e5e7401f01d.tar.gz tor-098b82c7b2a6bb711e3616eb5b7e7e5e7401f01d.zip