on this port to share circuits with streams from every other
port with the same session group. (By default, streams received
on different SOCKSPorts, TransPorts, etc are always isolated from one
- another. This option overrides that behavior.)
+ another. This option overrides that behavior.) +
+
Other recognized _flags_ for a SOCKSPort are:
+ **NoIPv4Traffic**;;
+ Tell exits to not connect to IPv4 addresses in response to SOCKS
+ requests on this connection.
+ **IPv6Traffic**;;
+ Tell exits to allow IPv6 addresses in response to SOCKS requests on
+ this connection, so long as SOCKS5 is in use. (SOCKS4 can't handle
+ IPv6.)
+ **PreferIPv6**;;
+ Tells exits that, if a host has both an IPv4 and an IPv6 address,
+ we would prefer to connect to it via IPv6. (IPv4 is the default.) +
++
+ NOTE: Although this option allows you to specify an IP address
+ other than localhost, you should do so only with extreme caution.
+ The SOCKS protocol is unencrypted and (as we use it)
+ unauthenticated, so exposing it in this way could leak your
+ information to anybody watching your network, and allow anybody
+ to use your computer as an open proxy.
+ **CacheIPv4DNS**;;
+ Tells the client to remember IPv4 DNS answers we receive from exit
+ nodes via this connection. (On by default.)
+ **CacheIPv6DNS**;;
+ Tells the client to remember IPv6 DNS answers we receive from exit
+ nodes via this connection.
+ **CacheDNS**;;
+ Tells the client to remember all DNS answers we receive from exit
+ nodes via this connection.
+ **UseIPv4Cache**;;
+ Tells the client to use any cached IPv4 DNS answers we have when making
+ requests via this connection. (NOTE: This option, along UseIPv6Cache
+ and UseDNSCache, can harm your anonymity, and probably
+ won't help performance as much as you might expect. Use with care!)
+ **UseIPv6Cache**;;
+ Tells the client to use any cached IPv6 DNS answers we have when making
+ requests via this connection.
+ **UseDNSCache**;;
+ Tells the client to use any cached DNS answers we have when making
+ requests via this connection.
+ **PreferIPv6Automap**;;
+ When serving a hostname lookup request on this port that
+ should get automapped (according to AutomapHostsOnResove),
+ if we could return either an IPv4 or an IPv6 answer, prefer
+ an IPv6 answer. (On by default.)
+ **PreferSOCKSNoAuth**;;
+ Ordinarily, when an application offers both "username/password
+ authentication" and "no authentication" to Tor via SOCKS5, Tor
+ selects username/password authentication so that IsolateSOCKSAuth can
+ work. This can confuse some applications, if they offer a
+ username/password combination then get confused when asked for
+ one. You can disable this behavior, so that Tor will select "No
+ authentication" when IsolateSOCKSAuth is disabled, or when this
+ option is set.
-
**SOCKSListenAddress** __IP__[:__PORT__]::
Bind to this address to listen for connections from Socks-speaking
applications. (Default: 127.0.0.1) You can also specify a port (e.g.
no = 1;
elt += 2;
}
- if (!strcasecmp(elt, "PreferSOCKSNoAuth")) {
+
+ if (takes_hostnames) {
+ if (!strcasecmp(elt, "IPv4Traffic")) {
+ ipv4_traffic = ! no;
+ continue;
+ } else if (!strcasecmp(elt, "IPv6Traffic")) {
+ ipv6_traffic = ! no;
+ continue;
+ } else if (!strcasecmp(elt, "PreferIPv6")) {
+ prefer_ipv6 = ! no;
+ continue;
+ }
+ }
+ if (!strcasecmp(elt, "CacheIPv4DNS")) {
+ cache_ipv4 = ! no;
+ continue;
+ } else if (!strcasecmp(elt, "CacheIPv6DNS")) {
+ cache_ipv6 = ! no;
+ continue;
+ } else if (!strcasecmp(elt, "CacheDNS")) {
+ cache_ipv4 = cache_ipv6 = ! no;
+ continue;
+ } else if (!strcasecmp(elt, "UseIPv4Cache")) {
+ use_cached_ipv4 = ! no;
+ continue;
+ } else if (!strcasecmp(elt, "UseIPv6Cache")) {
+ use_cached_ipv6 = ! no;
+ continue;
+ } else if (!strcasecmp(elt, "UseDNSCache")) {
+ use_cached_ipv4 = use_cached_ipv6 = ! no;
+ continue;
+ } else if (!strcasecmp(elt, "PreferIPv6Automap")) {
+ prefer_ipv6_automap = ! no;
+ continue;
++ } else if (!strcasecmp(elt, "PreferSOCKSNoAuth")) {
+ prefer_no_auth = ! no;
+ continue;
}
if (!strcasecmpend(elt, "s"))
cfg->no_advertise = no_advertise;
cfg->no_listen = no_listen;
cfg->all_addrs = all_addrs;
- cfg->ipv4_only = ipv4_only;
- cfg->ipv6_only = ipv6_only;
+ cfg->bind_ipv4_only = bind_ipv4_only;
+ cfg->bind_ipv6_only = bind_ipv6_only;
+ cfg->ipv4_traffic = ipv4_traffic;
+ cfg->ipv6_traffic = ipv6_traffic;
+ cfg->prefer_ipv6 = prefer_ipv6;
+ cfg->cache_ipv4_answers = cache_ipv4;
+ cfg->cache_ipv6_answers = cache_ipv6;
+ cfg->use_cached_ipv4_answers = use_cached_ipv4;
+ cfg->use_cached_ipv6_answers = use_cached_ipv6;
+ cfg->prefer_ipv6_virtaddr = prefer_ipv6_automap;
+ cfg->socks_prefer_no_auth = prefer_no_auth;
+ if (! (isolation & ISO_SOCKSAUTH))
+ cfg->socks_prefer_no_auth = 1;
smartlist_add(out, cfg);
}
lis_conn->session_group = global_next_session_group--;
}
}
+ if (type == CONN_TYPE_AP_LISTENER) {
+ lis_conn->socks_ipv4_traffic = port_cfg->ipv4_traffic;
+ lis_conn->socks_ipv6_traffic = port_cfg->ipv6_traffic;
+ lis_conn->socks_prefer_ipv6 = port_cfg->prefer_ipv6;
+ } else {
+ lis_conn->socks_ipv4_traffic = 1;
+ lis_conn->socks_ipv6_traffic = 1;
+ }
+ lis_conn->cache_ipv4_answers = port_cfg->cache_ipv4_answers;
+ lis_conn->cache_ipv6_answers = port_cfg->cache_ipv6_answers;
+ lis_conn->use_cached_ipv4_answers = port_cfg->use_cached_ipv4_answers;
+ lis_conn->use_cached_ipv6_answers = port_cfg->use_cached_ipv6_answers;
+ lis_conn->prefer_ipv6_virtaddr = port_cfg->prefer_ipv6_virtaddr;
+ lis_conn->socks_prefer_no_auth = port_cfg->socks_prefer_no_auth;
if (connection_add(conn) < 0) { /* no space, forget it */
log_warn(LD_NET,"connection_add for listener failed. Giving up.");
/** One or more ISO_ flags to describe how to isolate streams. */
uint8_t isolation_flags;
/**@}*/
+ /** For SOCKS connections only: If this is set, we will choose "no
+ * authentication" instead of "username/password" authentication if both
+ * are offered. Used as input to parse_socks. */
+ unsigned int socks_prefer_no_auth : 1;
+ /** For a SOCKS listeners, these fields describe whether we should
+ * allow IPv4 and IPv6 addresses from our exit nodes, respectively.
+ *
+ * @{
+ */
+ unsigned int socks_ipv4_traffic : 1;
+ unsigned int socks_ipv6_traffic : 1;
+ /** @} */
+ /** For a socks listener: should we tell the exit that we prefer IPv6
+ * addresses? */
+ unsigned int socks_prefer_ipv6 : 1;
+
+ /** For a socks listener: should we cache IPv4/IPv6 DNS information that
+ * exit nodes tell us?
+ *
+ * @{ */
+ unsigned int cache_ipv4_answers : 1;
+ unsigned int cache_ipv6_answers : 1;
+ /** @} */
+ /** For a socks listeners: if we find an answer in our client-side DNS cache,
+ * should we use it?
+ *
+ * @{ */
+ unsigned int use_cached_ipv4_answers : 1;
+ unsigned int use_cached_ipv6_answers : 1;
+ /** @} */
+ /** For socks listeners: When we can automap an address to IPv4 or IPv6,
+ * do we prefer IPv6? */
+ unsigned int prefer_ipv6_virtaddr : 1;
+
} listener_connection_t;
/** Minimum length of the random part of an AUTH_CHALLENGE cell. */
projects / thirdparty / tor.git / commitdiff
