diff options
| author | Nick Mathewson <nickm@torproject.org> | 2011-01-25 20:39:44 -0500 |
|---|---|---|
| committer | Nick Mathewson <nickm@torproject.org> | 2011-01-25 20:39:44 -0500 |
| commit | 411ec3c0f8cd4786233a3bc274cb2b766d4bfe7c (patch) | |
| tree | f48f77c8f33b73f9d386c87026c87b0d1a2055d1 /src/or/reasons.c | |
| parent | 85da676108f0de765301f961bc58aebd139a5564 (diff) | |
| download | tor-411ec3c0f8cd4786233a3bc274cb2b766d4bfe7c.tar.gz tor-411ec3c0f8cd4786233a3bc274cb2b766d4bfe7c.zip | |
Add client code to detect attempts to connect to 127.0.0.1 etc
We detect and reject said attempts if there is no chosen exit node or
circuit: connecting to a private addr via a randomly chosen exit node
will usually fail (if all exits reject private addresses), is always
ill-defined (you're not asking for any particular host or service),
and usually an error (you've configured all requests to go over Tor
when you really wanted to configure all _remote_ requests to go over
Tor).
This can also help detect forwarding loop requests.
Found as part of bug2279.
Diffstat (limited to 'src/or/reasons.c')
| -rw-r--r-- | src/or/reasons.c | 5 |
1 files changed, 5 insertions, 0 deletions
diff --git a/src/or/reasons.c b/src/or/reasons.c index 1401552223..304ea9fcfa 100644 --- a/src/or/reasons.c +++ b/src/or/reasons.c @@ -40,6 +40,8 @@ stream_end_reason_to_control_string(int reason) case END_STREAM_REASON_NET_UNREACHABLE: return "NET_UNREACHABLE"; case END_STREAM_REASON_SOCKSPROTOCOL: return "SOCKS_PROTOCOL"; + case END_STREAM_REASON_PRIVATE_ADDR: return "PRIVATE_ADDR"; + default: return NULL; } } @@ -125,6 +127,9 @@ stream_end_reason_to_socks5_response(int reason) return SOCKS5_NET_UNREACHABLE; case END_STREAM_REASON_SOCKSPROTOCOL: return SOCKS5_GENERAL_ERROR; + case END_STREAM_REASON_PRIVATE_ADDR: + return SOCKS5_GENERAL_ERROR; + default: log_fn(LOG_PROTOCOL_WARN, LD_PROTOCOL, "Reason for ending (%d) not recognized; " |