summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--changes/170704
-rw-r--r--doc/tor.1.txt3
-rw-r--r--src/common/address.c3
3 files changed, 8 insertions, 2 deletions
diff --git a/changes/17070 b/changes/17070
new file mode 100644
index 0000000000..ffe616f38d
--- /dev/null
+++ b/changes/17070
@@ -0,0 +1,4 @@
+ o Documentation (SOCKS connections):
+ - Clarify that when `ClientRejectInternalAddresses` is enabled (which is the
+ default), multicast DNS hostnames for machines on the local network (of
+ the form *.local) are also rejected. Closes ticket 17070.
diff --git a/doc/tor.1.txt b/doc/tor.1.txt
index aa3859e0fe..c4219d96b0 100644
--- a/doc/tor.1.txt
+++ b/doc/tor.1.txt
@@ -1414,7 +1414,8 @@ The following options are useful only for clients (that is, if
If true, Tor does not try to fulfill requests to connect to an internal
address (like 127.0.0.1 or 192.168.0.1) __unless a exit node is
specifically requested__ (for example, via a .exit hostname, or a
- controller request). (Default: 1)
+ controller request). If true, multicast DNS hostnames for machines on the
+ local network (of the form *.local) are also rejected. (Default: 1)
[[DownloadExtraInfo]] **DownloadExtraInfo** **0**|**1**::
If true, Tor downloads and caches "extra-info" documents. These documents
diff --git a/src/common/address.c b/src/common/address.c
index 773e688554..fa6630ef92 100644
--- a/src/common/address.c
+++ b/src/common/address.c
@@ -2100,7 +2100,8 @@ get_interface_address,(int severity, uint32_t *addr))
}
/** Return true if we can tell that <b>name</b> is a canonical name for the
- * loopback address. */
+ * loopback address. Return true also for *.local hostnames, which are
+ * multicast DNS names for hosts on the local network. */
int
tor_addr_hostname_is_local(const char *name)
{