relay: Allow RFC1918 addresses for non public relays

In other words, if PublishServerDescriptor is set to 0 and AssumeReachable to
1, then allow a relay to hold a RFC1918 address.

Reasons for this are documented in #40208

Fixes #40208

Signed-off-by: David Goulet <dgoulet@torproject.org>
This commit is contained in:
David Goulet 2021-02-10 11:46:32 -05:00
parent 758000aa98
commit ae5800cd9f
3 changed files with 36 additions and 1 deletions

6
changes/ticket40208 Normal file
View File

@ -0,0 +1,6 @@
o Minor bugfixes (relay):
- Allow relays to have a RFC1918 address if PublishServerDescriptor is set
to 0 and AssumeReachable is set to 1. This is to support the use case of a
bridge on a local network that can be used by restricted users on that
network to reach the Tor network. Fixes bug 40208; bugfix on
0.4.5.1-alpha.

View File

@ -193,7 +193,19 @@ address_can_be_used(const tor_addr_t *addr, const or_options_t *options,
goto allow; goto allow;
} }
/* We have a private IP address. It is allowed only if we set custom /* We allow internal addresses to be used if the PublishServerDescriptor is
* unset and AssumeReachable (or for IPv6) is set.
*
* This is to cover the case where a relay/bridge might be run behind a
* firewall on a local network to users can reach the network through it
* using Tor Browser for instance. */
if (options->PublishServerDescriptor_ == NO_DIRINFO &&
(options->AssumeReachable ||
(tor_addr_family(addr) == AF_INET6 && options->AssumeReachableIPv6))) {
goto allow;
}
/* We have a private IP address. This is also allowed if we set custom
* directory authorities. */ * directory authorities. */
if (using_default_dir_authorities(options)) { if (using_default_dir_authorities(options)) {
log_fn(warn_severity, LD_CONFIG, log_fn(warn_severity, LD_CONFIG,

View File

@ -1460,6 +1460,7 @@ test_config_find_my_address(void *arg)
options = options_new(); options = options_new();
options_init(options); options_init(options);
options->PublishServerDescriptor_ = V3_DIRINFO;
/* /*
* Case 0: * Case 0:
@ -1782,6 +1783,22 @@ test_config_find_my_address(void *arg)
VALIDATE_FOUND_ADDRESS(true, RESOLVED_ADDR_INTERFACE, NULL); VALIDATE_FOUND_ADDRESS(true, RESOLVED_ADDR_INTERFACE, NULL);
CLEANUP_FOUND_ADDRESS; CLEANUP_FOUND_ADDRESS;
/*
* Case 15: Address is a local address (internal) but we unset
* PublishServerDescriptor_ so we are allowed to hold it.
*/
options->PublishServerDescriptor_ = NO_DIRINFO;
if (p->family == AF_INET) {
options->AssumeReachable = 1;
}
config_line_append(&options->Address, "Address", p->internal_ip);
tor_addr_parse(&test_addr, p->internal_ip);
retval = find_my_address(options, p->family, LOG_NOTICE, &resolved_addr,
&method_used, &hostname_out);
VALIDATE_FOUND_ADDRESS(true, RESOLVED_ADDR_CONFIGURED, NULL);
CLEANUP_FOUND_ADDRESS;
UNMOCK(get_interface_address6); UNMOCK(get_interface_address6);
UNMOCK(tor_gethostname); UNMOCK(tor_gethostname);
UNMOCK(tor_addr_lookup); UNMOCK(tor_addr_lookup);