From b7c172c9ec762363562220a354feefc521970d7c Mon Sep 17 00:00:00 2001
From: Nick Mathewson <nickm@torproject.org>
Date: Mon, 27 Aug 2012 11:16:44 -0400
Subject: Disable extending to private/internal addresses by default

This is important, since otherwise an attacker can use timing info
to probe the internal network.

Also, add an option (ExtendAllowPrivateAddresses) so that
TestingTorNetwork won't break.

Fix for bug 6710; bugfix on all released versions of Tor.
---
 src/or/or.h | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

(limited to 'src/or/or.h')

diff --git a/src/or/or.h b/src/or/or.h
index 908daa61c..9074083a0 100644
--- a/src/or/or.h
+++ b/src/or/or.h
@@ -3029,8 +3029,10 @@ typedef struct {
   config_line_t *RecommendedVersions;
   config_line_t *RecommendedClientVersions;
   config_line_t *RecommendedServerVersions;
-  /** Whether dirservers refuse router descriptors with private IPs. */
+  /** Whether dirservers allow router descriptors with private IPs. */
   int DirAllowPrivateAddresses;
+  /** Whether routers accept EXTEND cells to routers with private IPs. */
+  int ExtendAllowPrivateAddresses;
   char *User; /**< Name of user to run Tor as. */
   char *Group; /**< Name of group to run Tor as. */
   config_line_t *ORPort_lines; /**< Ports to listen on for OR connections. */
-- 
cgit v1.2.3