aboutsummaryrefslogtreecommitdiff
path: root/src
diff options
context:
space:
mode:
authorGeorge Kadianakis <desnacked@riseup.net>2013-06-01 18:38:06 +0300
committerNick Mathewson <nickm@torproject.org>2013-08-15 12:03:37 -0400
commit13784d47536704e8b2fea918ffe4f9bf8c019f88 (patch)
tree42b8ba5a839c1d804b9f91734225a9fd18ec01ec /src
parentbdeddecd29fc6d7edce9ab1e9f1963f6f03a63f8 (diff)
downloadtor-13784d47536704e8b2fea918ffe4f9bf8c019f88.tar
tor-13784d47536704e8b2fea918ffe4f9bf8c019f88.tar.gz
Warn if the Extended ORPort listens on a public IP address.
Diffstat (limited to 'src')
-rw-r--r--src/or/config.c30
-rw-r--r--src/or/or.h1
2 files changed, 30 insertions, 1 deletions
diff --git a/src/or/config.c b/src/or/config.c
index 9c1505cf8..f13db3011 100644
--- a/src/or/config.c
+++ b/src/or/config.c
@@ -5100,6 +5100,27 @@ warn_nonlocal_client_ports(const smartlist_t *ports, const char *portname,
} SMARTLIST_FOREACH_END(port);
}
+/** Warn for every Extended ORPort port in <b>ports</b> that is on a
+ * publicly routable address. */
+static void
+warn_nonlocal_ext_orports(const smartlist_t *ports, const char *portname)
+{
+ SMARTLIST_FOREACH_BEGIN(ports, const port_cfg_t *, port) {
+ if (port->type != CONN_TYPE_EXT_OR_LISTENER)
+ continue;
+ if (port->is_unix_addr)
+ continue;
+ /* XXX maybe warn even if address is RFC1918? */
+ if (!tor_addr_is_internal(&port->addr, 1)) {
+ log_warn(LD_CONFIG, "You specified a public address '%s' for %sPort. "
+ "This is not advised; this address is supposed to only be "
+ "exposed on localhost so that your pluggable transport "
+ "proxies can connect to it.",
+ fmt_addrport(&port->addr, port->port), portname);
+ }
+ } SMARTLIST_FOREACH_END(port);
+}
+
/** Given a list of port_cfg_t in <b>ports</b>, warn any controller port there
* is listening on any non-loopback address. If <b>forbid</b> is true,
* then emit a stronger warning and remove the port from the list.
@@ -5200,6 +5221,7 @@ parse_port_config(smartlist_t *out,
smartlist_t *elts;
int retval = -1;
const unsigned is_control = (listener_type == CONN_TYPE_CONTROL_LISTENER);
+ const unsigned is_ext_orport = (listener_type == CONN_TYPE_EXT_OR_LISTENER);
const unsigned allow_no_options = flags & CL_PORT_NO_OPTIONS;
const unsigned use_server_options = flags & CL_PORT_SERVER_OPTIONS;
const unsigned warn_nonlocal = flags & CL_PORT_WARN_NONLOCAL;
@@ -5277,6 +5299,8 @@ parse_port_config(smartlist_t *out,
if (warn_nonlocal && out) {
if (is_control)
warn_nonlocal_controller_ports(out, forbid_nonlocal);
+ else if (is_ext_orport)
+ warn_nonlocal_ext_orports(out, portname);
else
warn_nonlocal_client_ports(out, portname, listener_type);
}
@@ -5550,6 +5574,8 @@ parse_port_config(smartlist_t *out,
if (warn_nonlocal && out) {
if (is_control)
warn_nonlocal_controller_ports(out, forbid_nonlocal);
+ else if (is_ext_orport)
+ warn_nonlocal_ext_orports(out, portname);
else
warn_nonlocal_client_ports(out, portname, listener_type);
}
@@ -5699,7 +5725,7 @@ parse_ports(or_options_t *options, int validate_only,
options->ExtORPort_lines, NULL,
"ExtOR", CONN_TYPE_EXT_OR_LISTENER,
"127.0.0.1", 0,
- CL_PORT_SERVER_OPTIONS) < 0) {
+ CL_PORT_SERVER_OPTIONS|CL_PORT_WARN_NONLOCAL) < 0) {
*msg = tor_strdup("Invalid ExtORPort configuration");
goto err;
}
@@ -5738,6 +5764,8 @@ parse_ports(or_options_t *options, int validate_only,
!! count_real_listeners(ports, CONN_TYPE_DIR_LISTENER);
options->DNSPort_set =
!! count_real_listeners(ports, CONN_TYPE_AP_DNS_LISTENER);
+ options->ExtORPort_set =
+ !! count_real_listeners(ports, CONN_TYPE_EXT_OR_LISTENER);
if (!validate_only) {
if (configured_ports) {
diff --git a/src/or/or.h b/src/or/or.h
index 363dfeaf7..47b7a5061 100644
--- a/src/or/or.h
+++ b/src/or/or.h
@@ -3514,6 +3514,7 @@ typedef struct {
unsigned int ControlPort_set : 1;
unsigned int DirPort_set : 1;
unsigned int DNSPort_set : 1;
+ unsigned int ExtORPort_set : 1;
/**@}*/
int AssumeReachable; /**< Whether to publish our descriptor regardless. */