diff options
Diffstat (limited to 'src')
| -rw-r--r-- | src/app/config/resolve_addr.c | 14 | ||||
| -rw-r--r-- | src/core/or/protover.c | 2 | ||||
| -rw-r--r-- | src/feature/nodelist/networkstatus.c | 9 | ||||
| -rw-r--r-- | src/feature/relay/router.c | 10 | ||||
| -rw-r--r-- | src/rust/protover/protover.rs | 4 | ||||
| -rw-r--r-- | src/test/test_config.c | 17 | ||||
| -rw-r--r-- | src/test/test_protover.c | 3 |
7 files changed, 48 insertions, 11 deletions
diff --git a/src/app/config/resolve_addr.c b/src/app/config/resolve_addr.c index 080cb967bc..86db6ba680 100644 --- a/src/app/config/resolve_addr.c +++ b/src/app/config/resolve_addr.c @@ -193,7 +193,19 @@ address_can_be_used(const tor_addr_t *addr, const or_options_t *options, goto allow; } - /* We have a private IP address. It is allowed only if we set custom + /* We allow internal addresses to be used if the PublishServerDescriptor is + * unset and AssumeReachable (or for IPv6) is set. + * + * This is to cover the case where a relay/bridge might be run behind a + * firewall on a local network to users can reach the network through it + * using Tor Browser for instance. */ + if (options->PublishServerDescriptor_ == NO_DIRINFO && + (options->AssumeReachable || + (tor_addr_family(addr) == AF_INET6 && options->AssumeReachableIPv6))) { + goto allow; + } + + /* We have a private IP address. This is also allowed if we set custom * directory authorities. */ if (using_default_dir_authorities(options)) { log_fn(warn_severity, LD_CONFIG, diff --git a/src/core/or/protover.c b/src/core/or/protover.c index 5a87ade3da..aa96cafff9 100644 --- a/src/core/or/protover.c +++ b/src/core/or/protover.c @@ -398,7 +398,7 @@ protover_get_supported_protocols(void) return "Cons=1-2 " "Desc=1-2 " - "DirCache=1-2 " + "DirCache=2 " "FlowCtrl=1 " "HSDir=1-2 " "HSIntro=3-5 " diff --git a/src/feature/nodelist/networkstatus.c b/src/feature/nodelist/networkstatus.c index ece3c9e059..80940e6092 100644 --- a/src/feature/nodelist/networkstatus.c +++ b/src/feature/nodelist/networkstatus.c @@ -2723,6 +2723,13 @@ networkstatus_check_required_protocols(const networkstatus_t *ns, const bool consensus_postdates_this_release = ns->valid_after >= tor_get_approx_release_date(); + if (! consensus_postdates_this_release) { + // We can't meaningfully warn about this case: This consensus is from + // before we were released, so whatever is says about required or + // recommended versions may no longer be true. + return 0; + } + tor_assert(warning_out); if (client_mode) { @@ -2740,7 +2747,7 @@ networkstatus_check_required_protocols(const networkstatus_t *ns, "%s on the Tor network. The missing protocols are: %s", func, missing); tor_free(missing); - return consensus_postdates_this_release ? 1 : 0; + return 1; } if (! protover_all_supported(recommended, &missing)) { diff --git a/src/feature/relay/router.c b/src/feature/relay/router.c index 9ef609c72d..2696b8633b 100644 --- a/src/feature/relay/router.c +++ b/src/feature/relay/router.c @@ -2677,9 +2677,13 @@ check_descriptor_ipaddress_changed(time_t now) /* Attempt to discovery the publishable address for the family which will * actively attempt to discover the address if we are configured with a - * port for the family. */ - relay_find_addr_to_publish(get_options(), family, RELAY_FIND_ADDR_NO_FLAG, - ¤t); + * port for the family. + * + * It is OK to ignore the returned value here since in the failure case, + * that is the address was not found, the current value is set to UNSPEC. + * Add this (void) so Coverity is happy. */ + (void) relay_find_addr_to_publish(get_options(), family, + RELAY_FIND_ADDR_NO_FLAG, ¤t); /* The "current" address might be UNSPEC meaning it was not discovered nor * found in our current cache. If we had an address before and we have diff --git a/src/rust/protover/protover.rs b/src/rust/protover/protover.rs index 0060864a2e..da87509ffa 100644 --- a/src/rust/protover/protover.rs +++ b/src/rust/protover/protover.rs @@ -160,7 +160,7 @@ pub(crate) fn get_supported_protocols_cstr() -> &'static CStr { cstr!( "Cons=1-2 \ Desc=1-2 \ - DirCache=1-2 \ + DirCache=2 \ FlowCtrl=1 \ HSDir=1-2 \ HSIntro=3-5 \ @@ -175,7 +175,7 @@ pub(crate) fn get_supported_protocols_cstr() -> &'static CStr { cstr!( "Cons=1-2 \ Desc=1-2 \ - DirCache=1-2 \ + DirCache=2 \ FlowCtrl=1 \ HSDir=1-2 \ HSIntro=3-5 \ diff --git a/src/test/test_config.c b/src/test/test_config.c index 4eb4ac9cf5..eacf12a25f 100644 --- a/src/test/test_config.c +++ b/src/test/test_config.c @@ -1460,6 +1460,7 @@ test_config_find_my_address(void *arg) options = options_new(); options_init(options); + options->PublishServerDescriptor_ = V3_DIRINFO; /* * Case 0: @@ -1782,6 +1783,22 @@ test_config_find_my_address(void *arg) VALIDATE_FOUND_ADDRESS(true, RESOLVED_ADDR_INTERFACE, NULL); CLEANUP_FOUND_ADDRESS; + /* + * Case 15: Address is a local address (internal) but we unset + * PublishServerDescriptor_ so we are allowed to hold it. + */ + options->PublishServerDescriptor_ = NO_DIRINFO; + if (p->family == AF_INET) { + options->AssumeReachable = 1; + } + config_line_append(&options->Address, "Address", p->internal_ip); + + tor_addr_parse(&test_addr, p->internal_ip); + retval = find_my_address(options, p->family, LOG_NOTICE, &resolved_addr, + &method_used, &hostname_out); + VALIDATE_FOUND_ADDRESS(true, RESOLVED_ADDR_CONFIGURED, NULL); + CLEANUP_FOUND_ADDRESS; + UNMOCK(get_interface_address6); UNMOCK(tor_gethostname); UNMOCK(tor_addr_lookup); diff --git a/src/test/test_protover.c b/src/test/test_protover.c index be3aeb5e40..dd65f4bbf5 100644 --- a/src/test/test_protover.c +++ b/src/test/test_protover.c @@ -469,9 +469,6 @@ test_protover_supported_protocols(void *arg) /* No DirCache versions appear anywhere in the code. */ tt_assert(protocol_list_supports_protocol(supported_protocols, PRT_DIRCACHE, - PROTOVER_DIRCACHE_V1)); - tt_assert(protocol_list_supports_protocol(supported_protocols, - PRT_DIRCACHE, PROTOVER_DIRCACHE_V2)); /* No Desc versions appear anywhere in the code. */ |