[tor-commits] [tor/master] Merge remote-tracking branch 'public/bug8117_023' into maint-0.2.4
nickm at torproject.org
nickm at torproject.org
Thu Apr 11 05:40:56 UTC 2013
commit 7f50af116f2497a73fe9113e814a5765047cf3ca
Merge: 6acf0ac fa3c237
Author: Nick Mathewson <nickm at torproject.org>
Date: Thu Apr 11 01:39:26 2013 -0400
Merge remote-tracking branch 'public/bug8117_023' into maint-0.2.4
Conflicts:
doc/tor.1.txt
src/or/config.c
src/or/connection.c
changes/bug8117 | 13 +++++++++++++
doc/tor.1.txt | 9 +++++++++
src/or/buffers.c | 17 ++++++++++-------
src/or/config.c | 7 +++++++
src/or/connection.c | 6 ++++++
src/or/or.h | 12 ++++++++++++
6 files changed, 57 insertions(+), 7 deletions(-)
diff --cc doc/tor.1.txt
index c502c57,85f0835..f35d639
--- a/doc/tor.1.txt
+++ b/doc/tor.1.txt
@@@ -927,52 -893,20 +927,61 @@@ The following options are useful only f
on this port to share circuits with streams from every other
port with the same session group. (By default, streams received
on different SOCKSPorts, TransPorts, etc are always isolated from one
- another. This option overrides that behavior.)
+ another. This option overrides that behavior.) +
+
Other recognized _flags_ for a SOCKSPort are:
+ **NoIPv4Traffic**;;
+ Tell exits to not connect to IPv4 addresses in response to SOCKS
+ requests on this connection.
+ **IPv6Traffic**;;
+ Tell exits to allow IPv6 addresses in response to SOCKS requests on
+ this connection, so long as SOCKS5 is in use. (SOCKS4 can't handle
+ IPv6.)
+ **PreferIPv6**;;
+ Tells exits that, if a host has both an IPv4 and an IPv6 address,
+ we would prefer to connect to it via IPv6. (IPv4 is the default.) +
++
+ NOTE: Although this option allows you to specify an IP address
+ other than localhost, you should do so only with extreme caution.
+ The SOCKS protocol is unencrypted and (as we use it)
+ unauthenticated, so exposing it in this way could leak your
+ information to anybody watching your network, and allow anybody
+ to use your computer as an open proxy.
+ **CacheIPv4DNS**;;
+ Tells the client to remember IPv4 DNS answers we receive from exit
+ nodes via this connection. (On by default.)
+ **CacheIPv6DNS**;;
+ Tells the client to remember IPv6 DNS answers we receive from exit
+ nodes via this connection.
+ **CacheDNS**;;
+ Tells the client to remember all DNS answers we receive from exit
+ nodes via this connection.
+ **UseIPv4Cache**;;
+ Tells the client to use any cached IPv4 DNS answers we have when making
+ requests via this connection. (NOTE: This option, along UseIPv6Cache
+ and UseDNSCache, can harm your anonymity, and probably
+ won't help performance as much as you might expect. Use with care!)
+ **UseIPv6Cache**;;
+ Tells the client to use any cached IPv6 DNS answers we have when making
+ requests via this connection.
+ **UseDNSCache**;;
+ Tells the client to use any cached DNS answers we have when making
+ requests via this connection.
+ **PreferIPv6Automap**;;
+ When serving a hostname lookup request on this port that
+ should get automapped (according to AutomapHostsOnResove),
+ if we could return either an IPv4 or an IPv6 answer, prefer
+ an IPv6 answer. (On by default.)
+ **PreferSOCKSNoAuth**;;
+ Ordinarily, when an application offers both "username/password
+ authentication" and "no authentication" to Tor via SOCKS5, Tor
+ selects username/password authentication so that IsolateSOCKSAuth can
+ work. This can confuse some applications, if they offer a
+ username/password combination then get confused when asked for
+ one. You can disable this behavior, so that Tor will select "No
+ authentication" when IsolateSOCKSAuth is disabled, or when this
+ option is set.
-
**SOCKSListenAddress** __IP__[:__PORT__]::
Bind to this address to listen for connections from Socks-speaking
applications. (Default: 127.0.0.1) You can also specify a port (e.g.
diff --cc src/or/config.c
index ffa984b,a80576e..20a3c20
--- a/src/or/config.c
+++ b/src/or/config.c
@@@ -5142,40 -5917,9 +5143,43 @@@ parse_port_config(smartlist_t *out
no = 1;
elt += 2;
}
- if (!strcasecmp(elt, "PreferSOCKSNoAuth")) {
+
+ if (takes_hostnames) {
+ if (!strcasecmp(elt, "IPv4Traffic")) {
+ ipv4_traffic = ! no;
+ continue;
+ } else if (!strcasecmp(elt, "IPv6Traffic")) {
+ ipv6_traffic = ! no;
+ continue;
+ } else if (!strcasecmp(elt, "PreferIPv6")) {
+ prefer_ipv6 = ! no;
+ continue;
+ }
+ }
+ if (!strcasecmp(elt, "CacheIPv4DNS")) {
+ cache_ipv4 = ! no;
+ continue;
+ } else if (!strcasecmp(elt, "CacheIPv6DNS")) {
+ cache_ipv6 = ! no;
+ continue;
+ } else if (!strcasecmp(elt, "CacheDNS")) {
+ cache_ipv4 = cache_ipv6 = ! no;
+ continue;
+ } else if (!strcasecmp(elt, "UseIPv4Cache")) {
+ use_cached_ipv4 = ! no;
+ continue;
+ } else if (!strcasecmp(elt, "UseIPv6Cache")) {
+ use_cached_ipv6 = ! no;
+ continue;
+ } else if (!strcasecmp(elt, "UseDNSCache")) {
+ use_cached_ipv4 = use_cached_ipv6 = ! no;
+ continue;
+ } else if (!strcasecmp(elt, "PreferIPv6Automap")) {
+ prefer_ipv6_automap = ! no;
+ continue;
++ } else if (!strcasecmp(elt, "PreferSOCKSNoAuth")) {
+ prefer_no_auth = ! no;
+ continue;
}
if (!strcasecmpend(elt, "s"))
@@@ -5225,16 -5963,11 +5229,19 @@@
cfg->no_advertise = no_advertise;
cfg->no_listen = no_listen;
cfg->all_addrs = all_addrs;
- cfg->ipv4_only = ipv4_only;
- cfg->ipv6_only = ipv6_only;
+ cfg->bind_ipv4_only = bind_ipv4_only;
+ cfg->bind_ipv6_only = bind_ipv6_only;
+ cfg->ipv4_traffic = ipv4_traffic;
+ cfg->ipv6_traffic = ipv6_traffic;
+ cfg->prefer_ipv6 = prefer_ipv6;
+ cfg->cache_ipv4_answers = cache_ipv4;
+ cfg->cache_ipv6_answers = cache_ipv6;
+ cfg->use_cached_ipv4_answers = use_cached_ipv4;
+ cfg->use_cached_ipv6_answers = use_cached_ipv6;
+ cfg->prefer_ipv6_virtaddr = prefer_ipv6_automap;
+ cfg->socks_prefer_no_auth = prefer_no_auth;
+ if (! (isolation & ISO_SOCKSAUTH))
+ cfg->socks_prefer_no_auth = 1;
smartlist_add(out, cfg);
}
diff --cc src/or/connection.c
index 2cc3d74,aeb4949..358a4ee
--- a/src/or/connection.c
+++ b/src/or/connection.c
@@@ -1132,19 -1056,7 +1132,20 @@@ connection_listener_new(const struct so
lis_conn->session_group = global_next_session_group--;
}
}
+ if (type == CONN_TYPE_AP_LISTENER) {
+ lis_conn->socks_ipv4_traffic = port_cfg->ipv4_traffic;
+ lis_conn->socks_ipv6_traffic = port_cfg->ipv6_traffic;
+ lis_conn->socks_prefer_ipv6 = port_cfg->prefer_ipv6;
+ } else {
+ lis_conn->socks_ipv4_traffic = 1;
+ lis_conn->socks_ipv6_traffic = 1;
+ }
+ lis_conn->cache_ipv4_answers = port_cfg->cache_ipv4_answers;
+ lis_conn->cache_ipv6_answers = port_cfg->cache_ipv6_answers;
+ lis_conn->use_cached_ipv4_answers = port_cfg->use_cached_ipv4_answers;
+ lis_conn->use_cached_ipv6_answers = port_cfg->use_cached_ipv6_answers;
+ lis_conn->prefer_ipv6_virtaddr = port_cfg->prefer_ipv6_virtaddr;
+ lis_conn->socks_prefer_no_auth = port_cfg->socks_prefer_no_auth;
if (connection_add(conn) < 0) { /* no space, forget it */
log_warn(LD_NET,"connection_add for listener failed. Giving up.");
diff --cc src/or/or.h
index 4e19140,ca28c0e..ece2bc7
--- a/src/or/or.h
+++ b/src/or/or.h
@@@ -1247,37 -1085,11 +1247,41 @@@ typedef struct listener_connection_t
/** One or more ISO_ flags to describe how to isolate streams. */
uint8_t isolation_flags;
/**@}*/
+ /** For SOCKS connections only: If this is set, we will choose "no
+ * authentication" instead of "username/password" authentication if both
+ * are offered. Used as input to parse_socks. */
+ unsigned int socks_prefer_no_auth : 1;
+ /** For a SOCKS listeners, these fields describe whether we should
+ * allow IPv4 and IPv6 addresses from our exit nodes, respectively.
+ *
+ * @{
+ */
+ unsigned int socks_ipv4_traffic : 1;
+ unsigned int socks_ipv6_traffic : 1;
+ /** @} */
+ /** For a socks listener: should we tell the exit that we prefer IPv6
+ * addresses? */
+ unsigned int socks_prefer_ipv6 : 1;
+
+ /** For a socks listener: should we cache IPv4/IPv6 DNS information that
+ * exit nodes tell us?
+ *
+ * @{ */
+ unsigned int cache_ipv4_answers : 1;
+ unsigned int cache_ipv6_answers : 1;
+ /** @} */
+ /** For a socks listeners: if we find an answer in our client-side DNS cache,
+ * should we use it?
+ *
+ * @{ */
+ unsigned int use_cached_ipv4_answers : 1;
+ unsigned int use_cached_ipv6_answers : 1;
+ /** @} */
+ /** For socks listeners: When we can automap an address to IPv4 or IPv6,
+ * do we prefer IPv6? */
+ unsigned int prefer_ipv6_virtaddr : 1;
+
} listener_connection_t;
/** Minimum length of the random part of an AUTH_CHALLENGE cell. */
More information about the tor-commits
mailing list