diff options
Diffstat (limited to 'src/or/circuitbuild.c')
| -rw-r--r-- | src/or/circuitbuild.c | 7 |
1 files changed, 7 insertions, 0 deletions
diff --git a/src/or/circuitbuild.c b/src/or/circuitbuild.c index 39a223b2f4..f11bebf7c9 100644 --- a/src/or/circuitbuild.c +++ b/src/or/circuitbuild.c @@ -2432,6 +2432,13 @@ circuit_extend(cell_t *cell, circuit_t *circ) return -1; } + if (tor_addr_is_internal(&n_addr, 0) && + !get_options()->ExtendAllowPrivateAddresses) { + log_fn(LOG_PROTOCOL_WARN, LD_PROTOCOL, + "Client asked me to extend to a private address"); + return -1; + } + /* Check if they asked us for 0000..0000. We support using * an empty fingerprint for the first hop (e.g. for a bridge relay), * but we don't want to let people send us extend cells for empty |