diff options
author | George Kadianakis <desnacked@riseup.net> | 2013-06-01 18:38:06 +0300 |
---|---|---|
committer | Nick Mathewson <nickm@torproject.org> | 2013-08-15 12:03:37 -0400 |
commit | 13784d47536704e8b2fea918ffe4f9bf8c019f88 (patch) | |
tree | 42b8ba5a839c1d804b9f91734225a9fd18ec01ec /src | |
parent | bdeddecd29fc6d7edce9ab1e9f1963f6f03a63f8 (diff) | |
download | tor-13784d47536704e8b2fea918ffe4f9bf8c019f88.tar tor-13784d47536704e8b2fea918ffe4f9bf8c019f88.tar.gz |
Warn if the Extended ORPort listens on a public IP address.
Diffstat (limited to 'src')
-rw-r--r-- | src/or/config.c | 30 | ||||
-rw-r--r-- | src/or/or.h | 1 |
2 files changed, 30 insertions, 1 deletions
diff --git a/src/or/config.c b/src/or/config.c index 9c1505cf8..f13db3011 100644 --- a/src/or/config.c +++ b/src/or/config.c @@ -5100,6 +5100,27 @@ warn_nonlocal_client_ports(const smartlist_t *ports, const char *portname, } SMARTLIST_FOREACH_END(port); } +/** Warn for every Extended ORPort port in <b>ports</b> that is on a + * publicly routable address. */ +static void +warn_nonlocal_ext_orports(const smartlist_t *ports, const char *portname) +{ + SMARTLIST_FOREACH_BEGIN(ports, const port_cfg_t *, port) { + if (port->type != CONN_TYPE_EXT_OR_LISTENER) + continue; + if (port->is_unix_addr) + continue; + /* XXX maybe warn even if address is RFC1918? */ + if (!tor_addr_is_internal(&port->addr, 1)) { + log_warn(LD_CONFIG, "You specified a public address '%s' for %sPort. " + "This is not advised; this address is supposed to only be " + "exposed on localhost so that your pluggable transport " + "proxies can connect to it.", + fmt_addrport(&port->addr, port->port), portname); + } + } SMARTLIST_FOREACH_END(port); +} + /** Given a list of port_cfg_t in <b>ports</b>, warn any controller port there * is listening on any non-loopback address. If <b>forbid</b> is true, * then emit a stronger warning and remove the port from the list. @@ -5200,6 +5221,7 @@ parse_port_config(smartlist_t *out, smartlist_t *elts; int retval = -1; const unsigned is_control = (listener_type == CONN_TYPE_CONTROL_LISTENER); + const unsigned is_ext_orport = (listener_type == CONN_TYPE_EXT_OR_LISTENER); const unsigned allow_no_options = flags & CL_PORT_NO_OPTIONS; const unsigned use_server_options = flags & CL_PORT_SERVER_OPTIONS; const unsigned warn_nonlocal = flags & CL_PORT_WARN_NONLOCAL; @@ -5277,6 +5299,8 @@ parse_port_config(smartlist_t *out, if (warn_nonlocal && out) { if (is_control) warn_nonlocal_controller_ports(out, forbid_nonlocal); + else if (is_ext_orport) + warn_nonlocal_ext_orports(out, portname); else warn_nonlocal_client_ports(out, portname, listener_type); } @@ -5550,6 +5574,8 @@ parse_port_config(smartlist_t *out, if (warn_nonlocal && out) { if (is_control) warn_nonlocal_controller_ports(out, forbid_nonlocal); + else if (is_ext_orport) + warn_nonlocal_ext_orports(out, portname); else warn_nonlocal_client_ports(out, portname, listener_type); } @@ -5699,7 +5725,7 @@ parse_ports(or_options_t *options, int validate_only, options->ExtORPort_lines, NULL, "ExtOR", CONN_TYPE_EXT_OR_LISTENER, "127.0.0.1", 0, - CL_PORT_SERVER_OPTIONS) < 0) { + CL_PORT_SERVER_OPTIONS|CL_PORT_WARN_NONLOCAL) < 0) { *msg = tor_strdup("Invalid ExtORPort configuration"); goto err; } @@ -5738,6 +5764,8 @@ parse_ports(or_options_t *options, int validate_only, !! count_real_listeners(ports, CONN_TYPE_DIR_LISTENER); options->DNSPort_set = !! count_real_listeners(ports, CONN_TYPE_AP_DNS_LISTENER); + options->ExtORPort_set = + !! count_real_listeners(ports, CONN_TYPE_EXT_OR_LISTENER); if (!validate_only) { if (configured_ports) { diff --git a/src/or/or.h b/src/or/or.h index 363dfeaf7..47b7a5061 100644 --- a/src/or/or.h +++ b/src/or/or.h @@ -3514,6 +3514,7 @@ typedef struct { unsigned int ControlPort_set : 1; unsigned int DirPort_set : 1; unsigned int DNSPort_set : 1; + unsigned int ExtORPort_set : 1; /**@}*/ int AssumeReachable; /**< Whether to publish our descriptor regardless. */ |