mirror of
https://gitlab.torproject.org/tpo/core/tor.git
synced 2024-11-30 23:53:32 +01:00
relay: Allow RFC1918 addresses for non public relays
In other words, if PublishServerDescriptor is set to 0 and AssumeReachable to 1, then allow a relay to hold a RFC1918 address. Reasons for this are documented in #40208 Fixes #40208 Signed-off-by: David Goulet <dgoulet@torproject.org>
This commit is contained in:
parent
758000aa98
commit
ae5800cd9f
6
changes/ticket40208
Normal file
6
changes/ticket40208
Normal file
@ -0,0 +1,6 @@
|
|||||||
|
o Minor bugfixes (relay):
|
||||||
|
- Allow relays to have a RFC1918 address if PublishServerDescriptor is set
|
||||||
|
to 0 and AssumeReachable is set to 1. This is to support the use case of a
|
||||||
|
bridge on a local network that can be used by restricted users on that
|
||||||
|
network to reach the Tor network. Fixes bug 40208; bugfix on
|
||||||
|
0.4.5.1-alpha.
|
@ -193,7 +193,19 @@ address_can_be_used(const tor_addr_t *addr, const or_options_t *options,
|
|||||||
goto allow;
|
goto allow;
|
||||||
}
|
}
|
||||||
|
|
||||||
/* We have a private IP address. It is allowed only if we set custom
|
/* We allow internal addresses to be used if the PublishServerDescriptor is
|
||||||
|
* unset and AssumeReachable (or for IPv6) is set.
|
||||||
|
*
|
||||||
|
* This is to cover the case where a relay/bridge might be run behind a
|
||||||
|
* firewall on a local network to users can reach the network through it
|
||||||
|
* using Tor Browser for instance. */
|
||||||
|
if (options->PublishServerDescriptor_ == NO_DIRINFO &&
|
||||||
|
(options->AssumeReachable ||
|
||||||
|
(tor_addr_family(addr) == AF_INET6 && options->AssumeReachableIPv6))) {
|
||||||
|
goto allow;
|
||||||
|
}
|
||||||
|
|
||||||
|
/* We have a private IP address. This is also allowed if we set custom
|
||||||
* directory authorities. */
|
* directory authorities. */
|
||||||
if (using_default_dir_authorities(options)) {
|
if (using_default_dir_authorities(options)) {
|
||||||
log_fn(warn_severity, LD_CONFIG,
|
log_fn(warn_severity, LD_CONFIG,
|
||||||
|
@ -1460,6 +1460,7 @@ test_config_find_my_address(void *arg)
|
|||||||
|
|
||||||
options = options_new();
|
options = options_new();
|
||||||
options_init(options);
|
options_init(options);
|
||||||
|
options->PublishServerDescriptor_ = V3_DIRINFO;
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* Case 0:
|
* Case 0:
|
||||||
@ -1782,6 +1783,22 @@ test_config_find_my_address(void *arg)
|
|||||||
VALIDATE_FOUND_ADDRESS(true, RESOLVED_ADDR_INTERFACE, NULL);
|
VALIDATE_FOUND_ADDRESS(true, RESOLVED_ADDR_INTERFACE, NULL);
|
||||||
CLEANUP_FOUND_ADDRESS;
|
CLEANUP_FOUND_ADDRESS;
|
||||||
|
|
||||||
|
/*
|
||||||
|
* Case 15: Address is a local address (internal) but we unset
|
||||||
|
* PublishServerDescriptor_ so we are allowed to hold it.
|
||||||
|
*/
|
||||||
|
options->PublishServerDescriptor_ = NO_DIRINFO;
|
||||||
|
if (p->family == AF_INET) {
|
||||||
|
options->AssumeReachable = 1;
|
||||||
|
}
|
||||||
|
config_line_append(&options->Address, "Address", p->internal_ip);
|
||||||
|
|
||||||
|
tor_addr_parse(&test_addr, p->internal_ip);
|
||||||
|
retval = find_my_address(options, p->family, LOG_NOTICE, &resolved_addr,
|
||||||
|
&method_used, &hostname_out);
|
||||||
|
VALIDATE_FOUND_ADDRESS(true, RESOLVED_ADDR_CONFIGURED, NULL);
|
||||||
|
CLEANUP_FOUND_ADDRESS;
|
||||||
|
|
||||||
UNMOCK(get_interface_address6);
|
UNMOCK(get_interface_address6);
|
||||||
UNMOCK(tor_gethostname);
|
UNMOCK(tor_gethostname);
|
||||||
UNMOCK(tor_addr_lookup);
|
UNMOCK(tor_addr_lookup);
|
||||||
|
Loading…
Reference in New Issue
Block a user