summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
Diffstat
-rw-r--r--changes/bug182085
-rw-r--r--src/or/main.c12
2 files changed, 15 insertions, 2 deletions
diff --git a/changes/bug18208 b/changes/bug18208
new file mode 100644
index 0000000000..d6d194bb4d
--- /dev/null
+++ b/changes/bug18208
@@ -0,0 +1,5 @@
+ o Minor bug fixes (exit policies, security):
+ - Refresh an exit relay's exit policy when interface addresses change.
+ Previously, tor only refreshed the exit policy when the configured
+ external address changed.
+ Closes ticket 18208 on tor 0.2.7.3. Patch by "teor".
diff --git a/src/or/main.c b/src/or/main.c
index bd4f7eaa71..1e8c175222 100644
--- a/src/or/main.c
+++ b/src/or/main.c
@@ -2195,7 +2195,10 @@ got_libevent_error(void)
void
ip_address_changed(int at_interface)
{
- int server = server_mode(get_options());
+ const or_options_t *options = get_options();
+ int server = server_mode(options);
+ int exit_reject_private = (server && options->ExitRelay
+ && options->ExitPolicyRejectPrivate);
if (at_interface) {
if (! server) {
@@ -2209,10 +2212,15 @@ ip_address_changed(int at_interface)
reset_bandwidth_test();
stats_n_seconds_working = 0;
router_reset_reachability();
- mark_my_descriptor_dirty("IP address changed");
}
}
+ /* Exit relays incorporate interface addresses in their exit policies when
+ * ExitPolicyRejectPrivate is set */
+ if (exit_reject_private || (server && !at_interface)) {
+ mark_my_descriptor_dirty("IP address changed");
+ }
+
dns_servers_relaunch_checks();
}
7apu2bq3rhoylwmucxizk54afw5jyda7pho4j5zdcqpwkufke7zdzwad.onion