Avoid disclosing exit IP addresses in exit policies by default

From 0.2.7.2-alpha onwards, Exits would reject all the IP addresses they knew about in their exit policy. But this may have disclosed addresses that were otherwise unlisted. Now, only advertised addresses are rejected by default by ExitPolicyRejectPrivate. All known addresses are only rejected when ExitPolicyRejectLocalInterfaces is explicitly set to 1.
author: teor (Tim Wilson-Brown) <teor2345@gmail.com> 2016-07-01 15:37:13 +1000
committer: teor (Tim Wilson-Brown) <teor2345@gmail.com> 2016-07-01 15:37:13 +1000
commit: 514f0041d190b9e142cc246e3ec7ac65342547bd (patch)
tree: 4476a6dbcb443e380267cc120b21ed230137b812 /src/or/policies.h
parent: 64ee7bcd0c8e154269145b626a7cd56b9d6264a1 (diff)
download: tor-514f0041d190b9e142cc246e3ec7ac65342547bd.tar.gz
tor-514f0041d190b9e142cc246e3ec7ac65342547bd.zip
1 files changed, 4 insertions, 3 deletions
diff --git a/src/or/policies.h b/src/or/policies.h
index aaa6fa0a4e..e134e686d2 100644
--- a/src/or/policies.h
+++ b/src/or/policies.h
@@ -18,9 +18,10 @@
  */
 #define POLICY_BUF_LEN 72
 
-#define EXIT_POLICY_IPV6_ENABLED   (1 << 0)
-#define EXIT_POLICY_REJECT_PRIVATE (1 << 1)
-#define EXIT_POLICY_ADD_DEFAULT    (1 << 2)
+#define EXIT_POLICY_IPV6_ENABLED             (1 << 0)
+#define EXIT_POLICY_REJECT_PRIVATE           (1 << 1)
+#define EXIT_POLICY_ADD_DEFAULT              (1 << 2)
+#define EXIT_POLICY_REJECT_LOCAL_INTERFACES  (1 << 3)
 
 typedef enum firewall_connection_t {
   FIREWALL_OR_CONNECTION      = 0,
author	teor (Tim Wilson-Brown) <teor2345@gmail.com>	2016-07-01 15:37:13 +1000
committer	teor (Tim Wilson-Brown) <teor2345@gmail.com>	2016-07-01 15:37:13 +1000
commit	514f0041d190b9e142cc246e3ec7ac65342547bd (patch)
tree	4476a6dbcb443e380267cc120b21ed230137b812 /src/or/policies.h
parent	64ee7bcd0c8e154269145b626a7cd56b9d6264a1 (diff)
download	tor-514f0041d190b9e142cc246e3ec7ac65342547bd.tar.gz tor-514f0041d190b9e142cc246e3ec7ac65342547bd.zip