[tor-commits] [tor/master] Update ExitPolicy when interface addresses change
nickm at torproject.org
nickm at torproject.org
Wed Feb 10 21:32:54 UTC 2016
commit 92b1c3b6041d3c760e5351b17d64523965ff99a1
Author: teor (Tim Wilson-Brown) <teor2345 at gmail.com>
Date: Tue Feb 2 15:05:59 2016 +1100
Update ExitPolicy when interface addresses change
Tor exit relays reject local interface addresses in their exit policy.
Make sure those policies are updated when interface addresses change.
---
changes/bug18208 | 5 +++++
src/or/main.c | 12 ++++++++++--
2 files changed, 15 insertions(+), 2 deletions(-)
diff --git a/changes/bug18208 b/changes/bug18208
new file mode 100644
index 0000000..d6d194b
--- /dev/null
+++ b/changes/bug18208
@@ -0,0 +1,5 @@
+ o Minor bug fixes (exit policies, security):
+ - Refresh an exit relay's exit policy when interface addresses change.
+ Previously, tor only refreshed the exit policy when the configured
+ external address changed.
+ Closes ticket 18208 on tor 0.2.7.3. Patch by "teor".
diff --git a/src/or/main.c b/src/or/main.c
index bd4f7ea..1e8c175 100644
--- a/src/or/main.c
+++ b/src/or/main.c
@@ -2195,7 +2195,10 @@ got_libevent_error(void)
void
ip_address_changed(int at_interface)
{
- int server = server_mode(get_options());
+ const or_options_t *options = get_options();
+ int server = server_mode(options);
+ int exit_reject_private = (server && options->ExitRelay
+ && options->ExitPolicyRejectPrivate);
if (at_interface) {
if (! server) {
@@ -2209,10 +2212,15 @@ ip_address_changed(int at_interface)
reset_bandwidth_test();
stats_n_seconds_working = 0;
router_reset_reachability();
- mark_my_descriptor_dirty("IP address changed");
}
}
+ /* Exit relays incorporate interface addresses in their exit policies when
+ * ExitPolicyRejectPrivate is set */
+ if (exit_reject_private || (server && !at_interface)) {
+ mark_my_descriptor_dirty("IP address changed");
+ }
+
dns_servers_relaunch_checks();
}
More information about the tor-commits
mailing list