diff options
| -rw-r--r-- | changes/bug2279 | 4 | ||||
| -rw-r--r-- | src/or/config.c | 2 | ||||
| -rw-r--r-- | src/or/connection_edge.c | 3 | ||||
| -rw-r--r-- | src/or/or.h | 4 |
4 files changed, 11 insertions, 2 deletions
diff --git a/changes/bug2279 b/changes/bug2279 index e0c23b360..d31300978 100644 --- a/changes/bug2279 +++ b/changes/bug2279 @@ -8,6 +8,8 @@ IP addresses (like 127.0.0.1, 10.0.0.1, and so on) with a randomly chosen exit node. Attempts to do so are always ill-defined, generally prevented by exit policies, and usually in error. This will also - help to detect loops in transparent proxy configurations. + help to detect loops in transparent proxy configurations. You can + disable this feature by setting "ClientRejectInternalAddresses 0" + in your torrc. diff --git a/src/or/config.c b/src/or/config.c index 8c1205de4..5aca2256f 100644 --- a/src/or/config.c +++ b/src/or/config.c @@ -195,6 +195,7 @@ static config_var_t _option_vars[] = { V(CircuitStreamTimeout, INTERVAL, "0"), V(CircuitPriorityHalflife, DOUBLE, "-100.0"), /*negative:'Use default'*/ V(ClientDNSRejectInternalAddresses, BOOL,"1"), + V(ClientRejectInternalAddresses, BOOL, "1"), V(ClientOnly, BOOL, "0"), V(ConsensusParams, STRING, NULL), V(ConnLimit, UINT, "1000"), @@ -405,6 +406,7 @@ static config_var_t testing_tor_network_defaults[] = { V(AuthDirMaxServersPerAddr, UINT, "0"), V(AuthDirMaxServersPerAuthAddr,UINT, "0"), V(ClientDNSRejectInternalAddresses, BOOL,"0"), + V(ClientRejectInternalAddresses, BOOL, "0"), V(ExitPolicyRejectPrivate, BOOL, "0"), V(V3AuthVotingInterval, INTERVAL, "5 minutes"), V(V3AuthVoteDelay, INTERVAL, "20 seconds"), diff --git a/src/or/connection_edge.c b/src/or/connection_edge.c index a85943f69..47e9035e9 100644 --- a/src/or/connection_edge.c +++ b/src/or/connection_edge.c @@ -1659,7 +1659,8 @@ connection_ap_handshake_rewrite_and_attach(edge_connection_t *conn, connection_mark_unattached_ap(conn, END_STREAM_REASON_TORPROTOCOL); return -1; } - if (!conn->use_begindir && !conn->chosen_exit_name && !circ) { + if (options->ClientRejectInternalAddresses && + !conn->use_begindir && !conn->chosen_exit_name && !circ) { tor_addr_t addr; if (tor_addr_from_str(&addr, socks->address) >= 0 && tor_addr_is_internal(&addr, 0)) { diff --git a/src/or/or.h b/src/or/or.h index a3ec71a92..752de219e 100644 --- a/src/or/or.h +++ b/src/or/or.h @@ -2756,6 +2756,10 @@ typedef struct { * Helps avoid some cross-site attacks. */ int ClientDNSRejectInternalAddresses; + /** If true, do not accept any requests to connect to internal addresses + * over randomly chosen exits. */ + int ClientRejectInternalAddresses; + /** The length of time that we think a consensus should be fresh. */ int V3AuthVotingInterval; /** The length of time we think it will take to distribute votes. */ |