diff options
| author | Roger Dingledine <arma@torproject.org> | 2008-10-17 22:08:49 +0000 |
|---|---|---|
| committer | Roger Dingledine <arma@torproject.org> | 2008-10-17 22:08:49 +0000 |
| commit | bca46cc628dc2a76d32b70359ffba21c567bb705 (patch) | |
| tree | 844e26df8d7284f505cc4a318c60a0eed4aae2dc /src/or/relay.c | |
| parent | e3127e874eafd473d8f09b0429a2db7ed4852f93 (diff) | |
| download | tor-bca46cc628dc2a76d32b70359ffba21c567bb705.tar tor-bca46cc628dc2a76d32b70359ffba21c567bb705.tar.gz | |
backport candidate:
The "ClientDNSRejectInternalAddresses" config option wasn't being
consistently obeyed: if an exit relay refuses a stream because its
exit policy doesn't allow it, we would remember what IP address
the relay said the destination address resolves to, even if it's
an internal IP address. Bugfix on 0.2.0.7-alpha; patch by rovv.
svn:r17135
Diffstat (limited to 'src/or/relay.c')
| -rw-r--r-- | src/or/relay.c | 7 |
1 files changed, 5 insertions, 2 deletions
diff --git a/src/or/relay.c b/src/or/relay.c index 8b68c8cf7..5bb712bf1 100644 --- a/src/or/relay.c +++ b/src/or/relay.c @@ -630,8 +630,11 @@ connection_edge_process_end_not_open( ttl = (int)ntohl(get_uint32(cell->payload+RELAY_HEADER_SIZE+5)); else ttl = -1; - client_dns_set_addressmap(conn->socks_request->address, addr, - conn->chosen_exit_name, ttl); + + if (!(get_options()->ClientDNSRejectInternalAddresses && + is_internal_IP(addr, 0))) + client_dns_set_addressmap(conn->socks_request->address, addr, + conn->chosen_exit_name, ttl); } /* check if he *ought* to have allowed it */ if (exitrouter && |