Merge branch 'maint-0.4.5'

2025-02-24 14:51:11 +01:00 · 2021-02-12 12:57:18 -05:00 · 2021-02-12 12:57:18 -05:00 · c1b5e7fa1b
commit c1b5e7fa1b
parent e6caf7d8c7 bdca475518
4 changed files with 37 additions and 3 deletions
--- a/changes/ticket40208
+++ b/changes/ticket40208
@ -0,0 +1,6 @@
+  o Minor bugfixes (relay):
+    - Allow relays to have a RFC1918 address if PublishServerDescriptor is set
+      to 0 and AssumeReachable is set to 1. This is to support the use case of a
+      bridge on a local network that can be used by restricted users on that
+      network to reach the Tor network. Fixes bug 40208; bugfix on
+      0.4.5.1-alpha.
--- a/src/app/config/resolve_addr.c
+++ b/src/app/config/resolve_addr.c
@ -193,7 +193,19 @@ address_can_be_used(const tor_addr_t *addr, const or_options_t *options,
    goto allow;
  }

-  /* We have a private IP address. It is allowed only if we set custom
+  /* We allow internal addresses to be used if the PublishServerDescriptor is
+   * unset and AssumeReachable (or for IPv6) is set.
+   *
+   * This is to cover the case where a relay/bridge might be run behind a
+   * firewall on a local network to users can reach the network through it
+   * using Tor Browser for instance. */
+  if (options->PublishServerDescriptor_ == NO_DIRINFO &&
+      (options->AssumeReachable ||
+       (tor_addr_family(addr) == AF_INET6 && options->AssumeReachableIPv6))) {
+    goto allow;
+  }
+
+  /* We have a private IP address. This is also allowed if we set custom
   * directory authorities. */
  if (using_default_dir_authorities(options)) {
    log_fn(warn_severity, LD_CONFIG,
--- a/src/feature/relay/router.c
+++ b/src/feature/relay/router.c
@ -2124,8 +2124,7 @@ router_build_fresh_unsigned_routerinfo,(routerinfo_t **ri_out))
  ri->ipv4_dirport = routerconf_find_dir_port(options, 0);

  /* Optionally check for an IPv6. We still publish without one. */
-  if (!omit_ipv6_on_publish &&
-      relay_find_addr_to_publish(options, AF_INET6, RELAY_FIND_ADDR_NO_FLAG,
+  if (relay_find_addr_to_publish(options, AF_INET6, RELAY_FIND_ADDR_NO_FLAG,
                                 &ri->ipv6_addr)) {
    ri->ipv6_orport = routerconf_find_or_port(options, AF_INET6);
    router_check_descriptor_address_consistency(&ri->ipv6_addr);
--- a/src/test/test_config.c
+++ b/src/test/test_config.c
@ -1460,6 +1460,7 @@ test_config_find_my_address(void *arg)

  options = options_new();
  options_init(options);
+  options->PublishServerDescriptor_ = V3_DIRINFO;

  /*
   * Case 0:
@ -1782,6 +1783,22 @@ test_config_find_my_address(void *arg)
  VALIDATE_FOUND_ADDRESS(true, RESOLVED_ADDR_INTERFACE, NULL);
  CLEANUP_FOUND_ADDRESS;

+  /*
+   * Case 15: Address is a local address (internal) but we unset
+   * PublishServerDescriptor_ so we are allowed to hold it.
+   */
+  options->PublishServerDescriptor_ = NO_DIRINFO;
+  if (p->family == AF_INET) {
+    options->AssumeReachable = 1;
+  }
+  config_line_append(&options->Address, "Address", p->internal_ip);
+
+  tor_addr_parse(&test_addr, p->internal_ip);
+  retval = find_my_address(options, p->family, LOG_NOTICE, &resolved_addr,
+                           &method_used, &hostname_out);
+  VALIDATE_FOUND_ADDRESS(true, RESOLVED_ADDR_CONFIGURED, NULL);
+  CLEANUP_FOUND_ADDRESS;
+
  UNMOCK(get_interface_address6);
  UNMOCK(tor_gethostname);
  UNMOCK(tor_addr_lookup);