(Default: 1)
[[ExtendAllowPrivateAddresses]] **ExtendAllowPrivateAddresses** **0**|**1**::
- When this option is enabled, Tor routers allow EXTEND request to
- localhost, RFC1918 addresses, and so on. This can create security issues;
- you should probably leave it off. (Default: 0)
+ When this option is enabled, Tor will connect to localhost, RFC1918
+ addresses, and so on. In particular, Tor will make direct connections, and
+ Tor routers allow EXTEND requests, to these private addresses. This can
+ create security issues; you should probably leave it off.
+ (Default: 0)
[[MaxMemInQueues]] **MaxMemInQueues** __N__ **bytes**|**KB**|**MB**|**GB**::
This option configures a threshold above which Tor will assume that it
tor_assert(firsthop);
tor_assert(firsthop->extend_info);
+ /* XX/teor - does tor ever need build a circuit directly to itself? */
+ if (tor_addr_is_internal(&firsthop->extend_info->addr, 0) &&
+ !get_options()->ExtendAllowPrivateAddresses) {
+ log_fn(LOG_PROTOCOL_WARN, LD_PROTOCOL,
+ "Client asked me to connect directly to a private address");
+ return -END_CIRC_REASON_TORPROTOCOL;
+ }
+
/* now see if we're already connected to the first OR in 'route' */
log_debug(LD_CIRC,"Looking for firsthop '%s'",
fmt_addrport(&firsthop->extend_info->addr,
projects / thirdparty / tor.git / commitdiff
