Allow bridge descriptors to contain no address if they are not being published
To strengthen an "isolating proxy"-style approach to client security, I'd like to allow a Tor bridge node to not reveal its external address(es) in its bridge descriptor. The following patch leaves the address as 0.0.0.0 when it's not going to be published:
diff --git a/src/or/router.c b/src/or/router.c
index 1063eda..30749b9 100644
--- a/src/or/router.c
+++ b/src/or/router.c
@@ -1772,7 +1772,7 @@ router_rebuild_descriptor(int force)
{
routerinfo_t *ri;
extrainfo_t *ei;
- uint32_t addr;
+ uint32_t addr = 0;
char platform[256];
int hibernating = we_are_hibernating();
const or_options_t *options = get_options();
@@ -1780,11 +1780,16 @@ router_rebuild_descriptor(int force)
if (desc_clean_since && !force)
return 0;
- if (router_pick_published_address(options, &addr) < 0 ||
- router_get_advertised_or_port(options) == 0) {
+ /* If we're not trying to publish our descriptor, it's OK to use 0.0.0.0
+ * as the address therein.
+ */
+ if ((options->PublishServerDescriptor_ != NO_DIRINFO) &&
+ (router_pick_published_address(options, &addr) < 0 ||
+ router_get_advertised_or_port(options) == 0)) {
/* Stop trying to rebuild our descriptor every second. We'll
* learn that it's time to try again when ip_address_changed()
* marks it dirty. */Trac:
Username: nwf
To upload designs, you'll need to enable LFS and have admin enable hashed storage. More information