Commit d92a415b authored by Nick Mathewson's avatar Nick Mathewson 🥄
Browse files

Add an option to disable the block-private-addresses feature

Suggested by rransom.  Probably necessary for testing network mode.
parent 411ec3c0
......@@ -8,6 +8,8 @@
IP addresses (like 127.0.0.1, 10.0.0.1, and so on) with a randomly
chosen exit node. Attempts to do so are always ill-defined, generally
prevented by exit policies, and usually in error. This will also
help to detect loops in transparent proxy configurations.
help to detect loops in transparent proxy configurations. You can
disable this feature by setting "ClientRejectInternalAddresses 0"
in your torrc.
......@@ -195,6 +195,7 @@ static config_var_t _option_vars[] = {
V(CircuitStreamTimeout, INTERVAL, "0"),
V(CircuitPriorityHalflife, DOUBLE, "-100.0"), /*negative:'Use default'*/
V(ClientDNSRejectInternalAddresses, BOOL,"1"),
V(ClientRejectInternalAddresses, BOOL, "1"),
V(ClientOnly, BOOL, "0"),
V(ConsensusParams, STRING, NULL),
V(ConnLimit, UINT, "1000"),
......@@ -405,6 +406,7 @@ static config_var_t testing_tor_network_defaults[] = {
V(AuthDirMaxServersPerAddr, UINT, "0"),
V(AuthDirMaxServersPerAuthAddr,UINT, "0"),
V(ClientDNSRejectInternalAddresses, BOOL,"0"),
V(ClientRejectInternalAddresses, BOOL, "0"),
V(ExitPolicyRejectPrivate, BOOL, "0"),
V(V3AuthVotingInterval, INTERVAL, "5 minutes"),
V(V3AuthVoteDelay, INTERVAL, "20 seconds"),
......
......@@ -1659,7 +1659,8 @@ connection_ap_handshake_rewrite_and_attach(edge_connection_t *conn,
connection_mark_unattached_ap(conn, END_STREAM_REASON_TORPROTOCOL);
return -1;
}
if (!conn->use_begindir && !conn->chosen_exit_name && !circ) {
if (options->ClientRejectInternalAddresses &&
!conn->use_begindir && !conn->chosen_exit_name && !circ) {
tor_addr_t addr;
if (tor_addr_from_str(&addr, socks->address) >= 0 &&
tor_addr_is_internal(&addr, 0)) {
......
......@@ -2756,6 +2756,10 @@ typedef struct {
* Helps avoid some cross-site attacks. */
int ClientDNSRejectInternalAddresses;
/** If true, do not accept any requests to connect to internal addresses
* over randomly chosen exits. */
int ClientRejectInternalAddresses;
/** The length of time that we think a consensus should be fresh. */
int V3AuthVotingInterval;
/** The length of time we think it will take to distribute votes. */
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment