Add an option to disable the block-private-addresses feature

Suggested by rransom. Probably necessary for testing network mode.

Add an option to disable the block-private-addresses feature
Suggested by rransom. Probably necessary for testing network mode.
d92a415b · Nick Mathewson · 411ec3c0 · d92a415b · d92a415b · d92a415b
Commit d92a415b authored Jan 26, 2011 by Nick Mathewson 🥄
--- a/changes/bug2279
+++ b/changes/bug2279
@@ -8,6 +8,8 @@
      IP addresses (like 127.0.0.1, 10.0.0.1, and so on) with a randomly
      chosen exit node.  Attempts to do so are always ill-defined, generally
      prevented by exit policies, and usually in error.  This will also
-      help to detect loops in transparent proxy configurations.
+      help to detect loops in transparent proxy configurations.  You can
+      disable this feature by setting "ClientRejectInternalAddresses 0"
+      in your torrc.


--- a/src/or/config.c
+++ b/src/or/config.c
@@ -195,6 +195,7 @@ static config_var_t _option_vars[] = {
  V(CircuitStreamTimeout,        INTERVAL, "0"),
  V(CircuitPriorityHalflife,     DOUBLE,  "-100.0"), /*negative:'Use default'*/
  V(ClientDNSRejectInternalAddresses, BOOL,"1"),
+  V(ClientRejectInternalAddresses, BOOL,   "1"),
  V(ClientOnly,                  BOOL,     "0"),
  V(ConsensusParams,             STRING,   NULL),
  V(ConnLimit,                   UINT,     "1000"),
@@ -405,6 +406,7 @@ static config_var_t testing_tor_network_defaults[] = {
  V(AuthDirMaxServersPerAddr,    UINT,     "0"),
  V(AuthDirMaxServersPerAuthAddr,UINT,     "0"),
  V(ClientDNSRejectInternalAddresses, BOOL,"0"),
+  V(ClientRejectInternalAddresses, BOOL,   "0"),
  V(ExitPolicyRejectPrivate,     BOOL,     "0"),
  V(V3AuthVotingInterval,        INTERVAL, "5 minutes"),
  V(V3AuthVoteDelay,             INTERVAL, "20 seconds"),

--- a/src/or/connection_edge.c
+++ b/src/or/connection_edge.c
@@ -1659,7 +1659,8 @@ connection_ap_handshake_rewrite_and_attach(edge_connection_t *conn,
        connection_mark_unattached_ap(conn, END_STREAM_REASON_TORPROTOCOL);
        return -1;
      }
-      if (!conn->use_begindir && !conn->chosen_exit_name && !circ) {
+      if (options->ClientRejectInternalAddresses &&
+          !conn->use_begindir && !conn->chosen_exit_name && !circ) {
        tor_addr_t addr;
        if (tor_addr_from_str(&addr, socks->address) >= 0 &&
            tor_addr_is_internal(&addr, 0)) {

--- a/src/or/or.h
+++ b/src/or/or.h
@@ -2756,6 +2756,10 @@ typedef struct {
   * Helps avoid some cross-site attacks. */
  int ClientDNSRejectInternalAddresses;

+  /** If true, do not accept any requests to connect to internal addresses
+   * over randomly chosen exits. */
+  int ClientRejectInternalAddresses;
+
  /** The length of time that we think a consensus should be fresh. */
  int V3AuthVotingInterval;
  /** The length of time we think it will take to distribute votes. */