Home Explore Help
Sign In
sengler
/
tor-parallel-relay-conn
1
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Browse Source

Let the users set ControlListenAddress in the torrc.
This can be dangerous, but there are some cases (like a secured
LAN) where it makes sense.


svn:r5997

Roger Dingledine 19 years ago
parent
1181ae61ae
commit
350313d77a
5 changed files with 18 additions and 8 deletions
Split View Show Diff Stats
  1. 1 6
      doc/TODO
  2. 9 1
      doc/tor.1.in
  3. 4 0
      src/or/config.c
  4. 2 1
      src/or/connection.c
  5. 2 0
      src/or/or.h

+ 1 - 6
doc/TODO
View File 

@@ -51,17 +51,12 @@ N - look at the proposed os x uninstaller:
 
       when they feel like it.
 
     - update dir-spec with what we decided for each of these
 
 N - commit edmanm's win32 makefile to tor cvs contrib
 
-  o add a GUARD flag to the network-status entries.
 
-    o Clients use it. (But not till the directories have upgraded!)
 
   - when logging unknown http headers, this could include bad escape codes?
 
     - more generally, attacker-controller log entries with newlines in them
 
       are dangerous for our users.
 
   - make log entries include function names in win32 again.
 
   - Make "setconf" and "hup" behavior cleaner for LINELIST config
 
     options (e.g. Log). Bug 238.
 
-  o Were we going to load unrecognized 'state' variables into some
 
-    list somewhere, and write them out whenever we update the state?
 
-    To be forwards and backwards compatible.
 
 R - streamline how we define a guard node as 'up'. document it
 
     somewhere.
 
 R - reduce log severity for guard nodes.
 
@@ -70,7 +65,7 @@ R - failed rend desc fetches sometimes don't get retried.
 
 R - Add config options to not publish and not fetch rend descs.
 
   - Add controller interfaces to hear rend desc events and learn
 
     about rend descs. In base16 I guess for now.
 
-R - let controlport be configurable on other interfaces
 
+  o let controlport be configurable on other interfaces
 
 R - look into "uncounting" bytes spent on local connections. so
 
     we can bandwidthrate but still have fast downloads.
 
 N . Clean and future-proof exit policy formats a bit.

+ 9 - 1
doc/tor.1.in
View File 

@@ -61,7 +61,7 @@ Windows since that platform lacks getrlimit(). (Default: 1024)
 
 .LP
 
 .TP
 
 \fBControlPort \fR\fIPort\fP
 
-If set, Tor will accept connections from the same machine (localhost only) on
 
+If set, Tor will accept connections on
 
 this port, and allow those connections to control the Tor process using the
 
 Tor Control Protocol (described in control-spec.txt).  Note: unless you also
 
 specify one of \fBHashedControlPassword\fP or \fBCookieAuthentication\fP,
 
@@ -69,6 +69,14 @@ setting this option will cause Tor to allow any process on the local host to
 
 control it.
 
 .LP
 
 .TP
 
+\fBControlListenAddress \fR\fIIP\fR[:\fIPORT\fR]\fP
 
+Bind the controller listener to this address. If you specify a port,
 
+bind to this port rather than the one specified in ControlPort. We
 
+strongly recommend that you leave this alone unless you know what you're
 
+doing, since giving attackers access to your control listener is really
 
+dangerous. (Default: 127.0.0.1)
 
+.LP
 
+.TP
 
 \fBHashedControlPassword \fR\fIhashed_password\fP
 
 Don't allow any connections on the control port except when the other process
 
 knows the password whose one-way hash is \fIhashed_password\fP.  You can

+ 4 - 0
src/or/config.c
View File 

@@ -137,6 +137,7 @@ static config_var_t _option_vars[] = {
 
   VAR("ClientOnly",          BOOL,     ClientOnly,           "0"),
 
   VAR("ConnLimit",           UINT,     ConnLimit,            "1024"),
 
   VAR("ContactInfo",         STRING,   ContactInfo,          NULL),
 
+  VAR("ControlListenAddress",LINELIST, ControlListenAddress, NULL),
 
   VAR("ControlPort",         UINT,     ControlPort,          "0"),
 
   VAR("CookieAuthentication",BOOL,     CookieAuthentication, "0"),
 
   VAR("DataDirectory",       STRING,   DataDirectory,        NULL),
 
@@ -1906,6 +1907,9 @@ options_validate(or_options_t *old_options, or_options_t *options,
 
   if (options->DirPort == 0 && options->DirListenAddress != NULL)
 
     REJECT("DirPort must be defined if DirListenAddress is defined.");
 
 
+  if (options->ControlPort == 0 && options->ControlListenAddress != NULL)
 
+    REJECT("ControlPort must be defined if ControlListenAddress is defined.");
 
+
 
 #if 0 /* don't complain, since a standard configuration does this! */
 
   if (options->SocksPort == 0 && options->SocksListenAddress != NULL)
 
     REJECT("SocksPort must be defined if SocksListenAddress is defined.");

+ 2 - 1
src/or/connection.c
View File 

@@ -973,7 +973,8 @@ retry_all_listeners(int force, smartlist_t *replaced_conns,
 
                       options->SocksPort, "127.0.0.1", force,
 
                       replaced_conns, new_conns)<0)
 
     return -1;
 
-  if (retry_listeners(CONN_TYPE_CONTROL_LISTENER, NULL,
 
+  if (retry_listeners(CONN_TYPE_CONTROL_LISTENER,
 
+                      options->ControlListenAddress,
 
                       options->ControlPort, "127.0.0.1", force,
 
                       replaced_conns, new_conns)<0)
 
     return -1;

+ 2 - 0
src/or/or.h
View File 

@@ -1240,6 +1240,8 @@ typedef struct {
 
   config_line_t *ORListenAddress;
 
   /** Addresses to bind for listening for directory connections. */
 
   config_line_t *DirListenAddress;
 
+  /** Addresses to bind for listening for control connections. */
 
+  config_line_t *ControlListenAddress;
 
   /** Local address to bind outbound sockets */
 
   char *OutboundBindAddress;
 
   /** Directory server only: which versions of