Головна сторінка Огляд Довідка
Увійти
sengler
/
tor-parallel-relay-conn
1
0
Відгалуження 0
Файли Проблеми 0 Запити на злиття 0 Wiki
Переглянути джерело

Add an option to disable the block-private-addresses feature

Suggested by rransom.  Probably necessary for testing network mode.
Nick Mathewson 13 роки тому
батько
411ec3c0f8
коміт
d92a415bed
4 змінених файлів з 11 додано та 2 видалено
Розділений вигляд Показати статистику Diff
  1. 3 1
      changes/bug2279
  2. 2 0
      src/or/config.c
  3. 2 1
      src/or/connection_edge.c
  4. 4 0
      src/or/or.h

+ 3 - 1
changes/bug2279
Переглянути файл 

@@ -8,6 +8,8 @@
 
       IP addresses (like 127.0.0.1, 10.0.0.1, and so on) with a randomly
 
       chosen exit node.  Attempts to do so are always ill-defined, generally
 
       prevented by exit policies, and usually in error.  This will also
 
-      help to detect loops in transparent proxy configurations.
 
+      help to detect loops in transparent proxy configurations.  You can
 
+      disable this feature by setting "ClientRejectInternalAddresses 0"
 
+      in your torrc.

+ 2 - 0
src/or/config.c
Переглянути файл 

@@ -195,6 +195,7 @@ static config_var_t _option_vars[] = {
 
   V(CircuitStreamTimeout,        INTERVAL, "0"),
 
   V(CircuitPriorityHalflife,     DOUBLE,  "-100.0"), /*negative:'Use default'*/
 
   V(ClientDNSRejectInternalAddresses, BOOL,"1"),
 
+  V(ClientRejectInternalAddresses, BOOL,   "1"),
 
   V(ClientOnly,                  BOOL,     "0"),
 
   V(ConsensusParams,             STRING,   NULL),
 
   V(ConnLimit,                   UINT,     "1000"),
 
@@ -405,6 +406,7 @@ static config_var_t testing_tor_network_defaults[] = {
 
   V(AuthDirMaxServersPerAddr,    UINT,     "0"),
 
   V(AuthDirMaxServersPerAuthAddr,UINT,     "0"),
 
   V(ClientDNSRejectInternalAddresses, BOOL,"0"),
 
+  V(ClientRejectInternalAddresses, BOOL,   "0"),
 
   V(ExitPolicyRejectPrivate,     BOOL,     "0"),
 
   V(V3AuthVotingInterval,        INTERVAL, "5 minutes"),
 
   V(V3AuthVoteDelay,             INTERVAL, "20 seconds"),

+ 2 - 1
src/or/connection_edge.c
Переглянути файл 

@@ -1659,7 +1659,8 @@ connection_ap_handshake_rewrite_and_attach(edge_connection_t *conn,
 
         connection_mark_unattached_ap(conn, END_STREAM_REASON_TORPROTOCOL);
 
         return -1;
 
       }
 
-      if (!conn->use_begindir && !conn->chosen_exit_name && !circ) {
 
+      if (options->ClientRejectInternalAddresses &&
 
+          !conn->use_begindir && !conn->chosen_exit_name && !circ) {
 
         tor_addr_t addr;
 
         if (tor_addr_from_str(&addr, socks->address) >= 0 &&
 
             tor_addr_is_internal(&addr, 0)) {

+ 4 - 0
src/or/or.h
Переглянути файл 

@@ -2756,6 +2756,10 @@ typedef struct {
 
    * Helps avoid some cross-site attacks. */
 
   int ClientDNSRejectInternalAddresses;
 
 
+  /** If true, do not accept any requests to connect to internal addresses
 
+   * over randomly chosen exits. */
 
+  int ClientRejectInternalAddresses;
 
+
 
   /** The length of time that we think a consensus should be fresh. */
 
   int V3AuthVotingInterval;
 
   /** The length of time we think it will take to distribute votes. */