diff options
-rw-r--r-- | doc/tor.1.in | 10 | ||||
-rw-r--r-- | src/or/config.c | 13 | ||||
-rw-r--r-- | src/or/connection_edge.c | 12 | ||||
-rw-r--r-- | src/or/or.h | 1 |
4 files changed, 24 insertions, 12 deletions
diff --git a/doc/tor.1.in b/doc/tor.1.in index 9a8159f65..541a5ded9 100644 --- a/doc/tor.1.in +++ b/doc/tor.1.in @@ -220,13 +220,17 @@ Bind to this port to listen for connections from Tor clients and servers. \fBorbindaddress \fR\fIIP\fP Bind to this address to listen for connections from Tor clients and servers. (Default: 0.0.0.0) .TP -\fBredirectexit \fR\fIpattern address:port\fP +\fBredirectexit \fR\fIpattern target\fP Whenever an outgoing connection tries to connect to one of a given set -of addresses, connect to \fIaddress:port\fP instead. The address +of addresses, connect to \fItarget\fP (an \fIaddress:port\fP pair) instead. +The address pattern is given in the same format as for an exit policy. The address translation applies after exit policies are applied. Multiple \fBredirectexit\fP options can be used: once any one has matched -successfully, no subsequent rules are considered. +successfully, no subsequent rules are considered. You can specify that no +redirection is to be performed on a given set of addresses by using the +special target string "pass", which prevents subsequent rules from being +considered. .SH DIRECTORY SERVER OPTIONS .PP diff --git a/src/or/config.c b/src/or/config.c index f50bd42f9..0e475db5e 100644 --- a/src/or/config.c +++ b/src/or/config.c @@ -1106,10 +1106,15 @@ static int parse_redirect_line(or_options_t *options, log_fn(LOG_WARN, "Error parsing source address in RedirectExit line"); goto err; } - if (parse_addr_port(smartlist_get(elements,1),NULL,&r->addr_dest, - &r->port_dest)) { - log_fn(LOG_WARN, "Error parseing dest address in RedirectExit line"); - goto err; + if (0==strcasecmp(smartlist_get(elements,1), "pass")) { + r->is_redirect = 0; + } else { + if (parse_addr_port(smartlist_get(elements,1),NULL,&r->addr_dest, + &r->port_dest)) { + log_fn(LOG_WARN, "Error parseing dest address in RedirectExit line"); + goto err; + } + r->is_redirect = 1; } goto done; diff --git a/src/or/connection_edge.c b/src/or/connection_edge.c index 0fba0ae24..6ff223bce 100644 --- a/src/or/connection_edge.c +++ b/src/or/connection_edge.c @@ -901,11 +901,13 @@ void connection_exit_connect(connection_t *conn) { if ((addr&r->mask)==(r->addr&r->mask) && (r->port_min <= port) && (port <= r->port_max)) { struct in_addr in; - addr = r->addr_dest; - port = r->port_dest; - in.s_addr = htonl(addr); - log_fn(LOG_DEBUG, "Redirecting connection from %s:%d to %s:%d", - conn->address, conn->port, inet_ntoa(in), port); + if (r->is_redirect) { + addr = r->addr_dest; + port = r->port_dest; + in.s_addr = htonl(addr); + log_fn(LOG_DEBUG, "Redirecting connection from %s:%d to %s:%d", + conn->address, conn->port, inet_ntoa(in), port); + } break; } }); diff --git a/src/or/or.h b/src/or/or.h index 65fea556a..196a1dc9a 100644 --- a/src/or/or.h +++ b/src/or/or.h @@ -824,6 +824,7 @@ typedef struct exit_redirect_t { uint16_t port_min; uint16_t port_max; + int is_redirect; uint32_t addr_dest; uint16_t port_dest; } exit_redirect_t; |