diff options
| author | Nick Mathewson <nickm@torproject.org> | 2012-08-27 11:16:44 -0400 |
|---|---|---|
| committer | Nick Mathewson <nickm@torproject.org> | 2012-08-27 11:19:29 -0400 |
| commit | b7c172c9ec762363562220a354feefc521970d7c (patch) | |
| tree | d4262db650b35abda2600b0fa284a7133882861f /src/or/or.h | |
| parent | ce4add498f6af197a0e856d262825d547f898305 (diff) | |
| download | tor-b7c172c9ec762363562220a354feefc521970d7c.tar tor-b7c172c9ec762363562220a354feefc521970d7c.tar.gz | |
Disable extending to private/internal addresses by default
This is important, since otherwise an attacker can use timing info
to probe the internal network.
Also, add an option (ExtendAllowPrivateAddresses) so that
TestingTorNetwork won't break.
Fix for bug 6710; bugfix on all released versions of Tor.
Diffstat (limited to 'src/or/or.h')
| -rw-r--r-- | src/or/or.h | 4 |
1 files changed, 3 insertions, 1 deletions
diff --git a/src/or/or.h b/src/or/or.h index 908daa61c..9074083a0 100644 --- a/src/or/or.h +++ b/src/or/or.h @@ -3029,8 +3029,10 @@ typedef struct { config_line_t *RecommendedVersions; config_line_t *RecommendedClientVersions; config_line_t *RecommendedServerVersions; - /** Whether dirservers refuse router descriptors with private IPs. */ + /** Whether dirservers allow router descriptors with private IPs. */ int DirAllowPrivateAddresses; + /** Whether routers accept EXTEND cells to routers with private IPs. */ + int ExtendAllowPrivateAddresses; char *User; /**< Name of user to run Tor as. */ char *Group; /**< Name of group to run Tor as. */ config_line_t *ORPort_lines; /**< Ports to listen on for OR connections. */ |