summaryrefslogtreecommitdiff
path: root/src/or
diff options
context:
space:
mode:
authorRoger Dingledine <arma@torproject.org>2008-10-17 22:08:49 +0000
committerRoger Dingledine <arma@torproject.org>2008-10-17 22:08:49 +0000
commitbca46cc628dc2a76d32b70359ffba21c567bb705 (patch)
tree844e26df8d7284f505cc4a318c60a0eed4aae2dc /src/or
parente3127e874eafd473d8f09b0429a2db7ed4852f93 (diff)
downloadtor-bca46cc628dc2a76d32b70359ffba21c567bb705.tar.gz
tor-bca46cc628dc2a76d32b70359ffba21c567bb705.zip
backport candidate:
The "ClientDNSRejectInternalAddresses" config option wasn't being consistently obeyed: if an exit relay refuses a stream because its exit policy doesn't allow it, we would remember what IP address the relay said the destination address resolves to, even if it's an internal IP address. Bugfix on 0.2.0.7-alpha; patch by rovv. svn:r17135
Diffstat (limited to 'src/or')
-rw-r--r--src/or/relay.c7
1 files changed, 5 insertions, 2 deletions
diff --git a/src/or/relay.c b/src/or/relay.c
index 8b68c8cf75..5bb712bf19 100644
--- a/src/or/relay.c
+++ b/src/or/relay.c
@@ -630,8 +630,11 @@ connection_edge_process_end_not_open(
ttl = (int)ntohl(get_uint32(cell->payload+RELAY_HEADER_SIZE+5));
else
ttl = -1;
- client_dns_set_addressmap(conn->socks_request->address, addr,
- conn->chosen_exit_name, ttl);
+
+ if (!(get_options()->ClientDNSRejectInternalAddresses &&
+ is_internal_IP(addr, 0)))
+ client_dns_set_addressmap(conn->socks_request->address, addr,
+ conn->chosen_exit_name, ttl);
}
/* check if he *ought* to have allowed it */
if (exitrouter &&