mirror of
https://gitlab.torproject.org/tpo/core/tor.git
synced 2024-11-10 13:13:44 +01:00
Let the users set ControlListenAddress in the torrc.
This can be dangerous, but there are some cases (like a secured LAN) where it makes sense. svn:r5997
This commit is contained in:
parent
1181ae61ae
commit
350313d77a
7
doc/TODO
7
doc/TODO
@ -51,17 +51,12 @@ N - look at the proposed os x uninstaller:
|
||||
when they feel like it.
|
||||
- update dir-spec with what we decided for each of these
|
||||
N - commit edmanm's win32 makefile to tor cvs contrib
|
||||
o add a GUARD flag to the network-status entries.
|
||||
o Clients use it. (But not till the directories have upgraded!)
|
||||
- when logging unknown http headers, this could include bad escape codes?
|
||||
- more generally, attacker-controller log entries with newlines in them
|
||||
are dangerous for our users.
|
||||
- make log entries include function names in win32 again.
|
||||
- Make "setconf" and "hup" behavior cleaner for LINELIST config
|
||||
options (e.g. Log). Bug 238.
|
||||
o Were we going to load unrecognized 'state' variables into some
|
||||
list somewhere, and write them out whenever we update the state?
|
||||
To be forwards and backwards compatible.
|
||||
R - streamline how we define a guard node as 'up'. document it
|
||||
somewhere.
|
||||
R - reduce log severity for guard nodes.
|
||||
@ -70,7 +65,7 @@ R - failed rend desc fetches sometimes don't get retried.
|
||||
R - Add config options to not publish and not fetch rend descs.
|
||||
- Add controller interfaces to hear rend desc events and learn
|
||||
about rend descs. In base16 I guess for now.
|
||||
R - let controlport be configurable on other interfaces
|
||||
o let controlport be configurable on other interfaces
|
||||
R - look into "uncounting" bytes spent on local connections. so
|
||||
we can bandwidthrate but still have fast downloads.
|
||||
N . Clean and future-proof exit policy formats a bit.
|
||||
|
10
doc/tor.1.in
10
doc/tor.1.in
@ -61,7 +61,7 @@ Windows since that platform lacks getrlimit(). (Default: 1024)
|
||||
.LP
|
||||
.TP
|
||||
\fBControlPort \fR\fIPort\fP
|
||||
If set, Tor will accept connections from the same machine (localhost only) on
|
||||
If set, Tor will accept connections on
|
||||
this port, and allow those connections to control the Tor process using the
|
||||
Tor Control Protocol (described in control-spec.txt). Note: unless you also
|
||||
specify one of \fBHashedControlPassword\fP or \fBCookieAuthentication\fP,
|
||||
@ -69,6 +69,14 @@ setting this option will cause Tor to allow any process on the local host to
|
||||
control it.
|
||||
.LP
|
||||
.TP
|
||||
\fBControlListenAddress \fR\fIIP\fR[:\fIPORT\fR]\fP
|
||||
Bind the controller listener to this address. If you specify a port,
|
||||
bind to this port rather than the one specified in ControlPort. We
|
||||
strongly recommend that you leave this alone unless you know what you're
|
||||
doing, since giving attackers access to your control listener is really
|
||||
dangerous. (Default: 127.0.0.1)
|
||||
.LP
|
||||
.TP
|
||||
\fBHashedControlPassword \fR\fIhashed_password\fP
|
||||
Don't allow any connections on the control port except when the other process
|
||||
knows the password whose one-way hash is \fIhashed_password\fP. You can
|
||||
|
@ -137,6 +137,7 @@ static config_var_t _option_vars[] = {
|
||||
VAR("ClientOnly", BOOL, ClientOnly, "0"),
|
||||
VAR("ConnLimit", UINT, ConnLimit, "1024"),
|
||||
VAR("ContactInfo", STRING, ContactInfo, NULL),
|
||||
VAR("ControlListenAddress",LINELIST, ControlListenAddress, NULL),
|
||||
VAR("ControlPort", UINT, ControlPort, "0"),
|
||||
VAR("CookieAuthentication",BOOL, CookieAuthentication, "0"),
|
||||
VAR("DataDirectory", STRING, DataDirectory, NULL),
|
||||
@ -1906,6 +1907,9 @@ options_validate(or_options_t *old_options, or_options_t *options,
|
||||
if (options->DirPort == 0 && options->DirListenAddress != NULL)
|
||||
REJECT("DirPort must be defined if DirListenAddress is defined.");
|
||||
|
||||
if (options->ControlPort == 0 && options->ControlListenAddress != NULL)
|
||||
REJECT("ControlPort must be defined if ControlListenAddress is defined.");
|
||||
|
||||
#if 0 /* don't complain, since a standard configuration does this! */
|
||||
if (options->SocksPort == 0 && options->SocksListenAddress != NULL)
|
||||
REJECT("SocksPort must be defined if SocksListenAddress is defined.");
|
||||
|
@ -973,7 +973,8 @@ retry_all_listeners(int force, smartlist_t *replaced_conns,
|
||||
options->SocksPort, "127.0.0.1", force,
|
||||
replaced_conns, new_conns)<0)
|
||||
return -1;
|
||||
if (retry_listeners(CONN_TYPE_CONTROL_LISTENER, NULL,
|
||||
if (retry_listeners(CONN_TYPE_CONTROL_LISTENER,
|
||||
options->ControlListenAddress,
|
||||
options->ControlPort, "127.0.0.1", force,
|
||||
replaced_conns, new_conns)<0)
|
||||
return -1;
|
||||
|
@ -1240,6 +1240,8 @@ typedef struct {
|
||||
config_line_t *ORListenAddress;
|
||||
/** Addresses to bind for listening for directory connections. */
|
||||
config_line_t *DirListenAddress;
|
||||
/** Addresses to bind for listening for control connections. */
|
||||
config_line_t *ControlListenAddress;
|
||||
/** Local address to bind outbound sockets */
|
||||
char *OutboundBindAddress;
|
||||
/** Directory server only: which versions of
|
||||
|
Loading…
Reference in New Issue
Block a user