Reachability should check ExtendAllowPrivateAddresses not TestingTorNetwork

When self-testing reachability, use ExtendAllowPrivateAddresses
to determine if local/private addresses imply reachability.

The previous fix used TestingTorNetwork, which implies
ExtendAllowPrivateAddresses, but this excluded rare configs where
ExtendAllowPrivateAddresses is set but TestingTorNetwork is not.

Fixes bug 15771; bugfix on 0.2.6.1-alpha, bug #13924.
Patch by "teor", issue discovered by CJ Ess.

changes/bug-15771-reachability

@@ -0,0 +1,8 @@
+  o Minor bugfixes (test networks)
+    - When self-testing reachability, use ExtendAllowPrivateAddresses
+      to determine if local/private addresses imply reachability.
+      The previous fix used TestingTorNetwork, which implies
+      ExtendAllowPrivateAddresses, but this excluded rare configs where
+      ExtendAllowPrivateAddresses is set but TestingTorNetwork is not.
+      Fixes bug 15771; bugfix on 0.2.6.1-alpha, bug #13924.
+      Patch by "teor", issue discovered by CJ Ess.

src/or/circuitbuild.c

@@ -1400,9 +1400,12 @@ onionskin_answer(or_circuit_t *circ,
   log_debug(LD_CIRC,"Finished sending '%s' cell.",
             circ->is_first_hop ? "created_fast" : "created");
 
-  /* Ignore the local bit when testing - many test networks run on local
-   * addresses */
-  if ((!channel_is_local(circ->p_chan) || get_options()->TestingTorNetwork)
+  /* Ignore the local bit when ExtendAllowPrivateAddresses is set:
+   * it violates the assumption that private addresses are local.
+   * Also, many test networks run on local addresses, and
+   * TestingTorNetwork sets ExtendAllowPrivateAddresses. */
+  if ((!channel_is_local(circ->p_chan)
+       || get_options()->ExtendAllowPrivateAddresses)
       && !channel_is_outgoing(circ->p_chan)) {
     /* record that we could process create cells from a non-local conn
      * that we didn't initiate; presumably this means that create cells