diff options
| author | Nick Mathewson <nickm@torproject.org> | 2012-08-27 16:16:27 -0400 |
|---|---|---|
| committer | Nick Mathewson <nickm@torproject.org> | 2012-08-27 16:16:27 -0400 |
| commit | 0c5a44ed0a790951bdfd319eec734c04eb972a08 (patch) | |
| tree | 89f4945bd65bc06450b95131cfcf04b6da54fd5d /src/or | |
| parent | e232938ec82c8c35b99331995d1aeaca67ba9ec1 (diff) | |
| parent | bffe0d3ccc6b49975eae9173b0c1c465d40d2dbf (diff) | |
| download | tor-0c5a44ed0a790951bdfd319eec734c04eb972a08.tar.gz tor-0c5a44ed0a790951bdfd319eec734c04eb972a08.zip | |
Merge remote-tracking branch 'origin/maint-0.2.3'
Diffstat (limited to 'src/or')
| -rw-r--r-- | src/or/circuitbuild.c | 7 | ||||
| -rw-r--r-- | src/or/config.c | 2 | ||||
| -rw-r--r-- | src/or/or.h | 4 |
3 files changed, 12 insertions, 1 deletions
diff --git a/src/or/circuitbuild.c b/src/or/circuitbuild.c index b4e79ed746..bd270178c2 100644 --- a/src/or/circuitbuild.c +++ b/src/or/circuitbuild.c @@ -2432,6 +2432,13 @@ circuit_extend(cell_t *cell, circuit_t *circ) return -1; } + if (tor_addr_is_internal(&n_addr, 0) && + !get_options()->ExtendAllowPrivateAddresses) { + log_fn(LOG_PROTOCOL_WARN, LD_PROTOCOL, + "Client asked me to extend to a private address"); + return -1; + } + /* Check if they asked us for 0000..0000. We support using * an empty fingerprint for the first hop (e.g. for a bridge relay), * but we don't want to let people send us extend cells for empty diff --git a/src/or/config.c b/src/or/config.c index 372b8911f5..a7d6a21a74 100644 --- a/src/or/config.c +++ b/src/or/config.c @@ -278,6 +278,7 @@ static config_var_t _option_vars[] = { V(ExitPolicy, LINELIST, NULL), V(ExitPolicyRejectPrivate, BOOL, "1"), V(ExitPortStatistics, BOOL, "0"), + V(ExtendAllowPrivateAddresses, BOOL, "0"), V(ExtraInfoStatistics, BOOL, "1"), #if defined (WINCE) @@ -475,6 +476,7 @@ static const config_var_t testing_tor_network_defaults[] = { V(ClientRejectInternalAddresses, BOOL, "0"), V(CountPrivateBandwidth, BOOL, "1"), V(ExitPolicyRejectPrivate, BOOL, "0"), + V(ExtendAllowPrivateAddresses, BOOL, "1"), V(V3AuthVotingInterval, INTERVAL, "5 minutes"), V(V3AuthVoteDelay, INTERVAL, "20 seconds"), V(V3AuthDistDelay, INTERVAL, "20 seconds"), diff --git a/src/or/or.h b/src/or/or.h index 389e572d6c..00a359c533 100644 --- a/src/or/or.h +++ b/src/or/or.h @@ -3036,8 +3036,10 @@ typedef struct { config_line_t *RecommendedVersions; config_line_t *RecommendedClientVersions; config_line_t *RecommendedServerVersions; - /** Whether dirservers refuse router descriptors with private IPs. */ + /** Whether dirservers allow router descriptors with private IPs. */ int DirAllowPrivateAddresses; + /** Whether routers accept EXTEND cells to routers with private IPs. */ + int ExtendAllowPrivateAddresses; char *User; /**< Name of user to run Tor as. */ char *Group; /**< Name of group to run Tor as. */ config_line_t *ORPort_lines; /**< Ports to listen on for OR connections. */ |