[or-cvs] [tor/master 3/3] Add option to not warn when getting an IP instead of hostname
nickm at torproject.org
nickm at torproject.org
Fri Jun 11 17:22:52 UTC 2010
Author: Sebastian Hahn <sebastian at torproject.org>
Date: Thu, 3 Jun 2010 12:52:34 +0200
Subject: Add option to not warn when getting an IP instead of hostname
Commit: 10fdb9ee0a1605050f2a91f84f88397881cfd83a
---
changes/nohostnamewarn | 5 +++++
doc/tor.1.txt | 6 ++++++
src/or/buffers.c | 29 +++++++++++++++++------------
src/or/config.c | 1 +
src/or/or.h | 4 ++++
5 files changed, 33 insertions(+), 12 deletions(-)
create mode 100644 changes/nohostnamewarn
diff --git a/changes/nohostnamewarn b/changes/nohostnamewarn
new file mode 100644
index 0000000..4cb56ea
--- /dev/null
+++ b/changes/nohostnamewarn
@@ -0,0 +1,5 @@
+ o Minor features:
+ - Allow disabling the warning that occurs whenever Tor receives only
+ an IP address instead of a hostname. Setups that do DNS locally over
+ Tor are fine, and we shouldn't spam the logs in that case.
+
diff --git a/doc/tor.1.txt b/doc/tor.1.txt
index 50283aa..15ecb79 100644
--- a/doc/tor.1.txt
+++ b/doc/tor.1.txt
@@ -632,6 +632,12 @@ The following options are useful only for clients (that is, if
helps to determine whether an application using Tor is possibly leaking
DNS requests. (Default: 0)
+**WarnUnsafeSocks** **0**|**1**::
+ When this option is enabled, Tor will warn whenever a request is
+ received that only contains an IP address instead of a hostname. Allowing
+ applications to do DNS resolves themselves is usually a bad idea and
+ can leak your location to attackers. (Default: 1)
+
**VirtualAddrNetwork** __Address__/__bits__::
When a controller asks for a virtual (unused) address with the MAPADDRESS
command, Tor picks an unassigned address from this range. (Default:
diff --git a/src/or/buffers.c b/src/or/buffers.c
index 4dbd9a7..970c188 100644
--- a/src/or/buffers.c
+++ b/src/or/buffers.c
@@ -1402,19 +1402,21 @@ fetch_from_buf_socks(buf_t *buf, socks_request_t *req,
if (req->command != SOCKS_COMMAND_RESOLVE_PTR &&
!addressmap_have_mapping(req->address,0) &&
!have_warned_about_unsafe_socks) {
- log_warn(LD_APP,
- "Your application (using socks5 to port %d) is giving "
- "Tor only an IP address. Applications that do DNS resolves "
- "themselves may leak information. Consider using Socks4A "
- "(e.g. via privoxy or socat) instead. For more information, "
- "please see https://wiki.torproject.org/TheOnionRouter/"
- "TorFAQ#SOCKSAndDNS.%s", req->port,
- safe_socks ? " Rejecting." : "");
- /*have_warned_about_unsafe_socks = 1;*/
+ if (get_options()->WarnUnsafeSocks) {
+ log_warn(LD_APP,
+ "Your application (using socks5 to port %d) is giving "
+ "Tor only an IP address. Applications that do DNS resolves "
+ "themselves may leak information. Consider using Socks4A "
+ "(e.g. via privoxy or socat) instead. For more information, "
+ "please see https://wiki.torproject.org/TheOnionRouter/"
+ "TorFAQ#SOCKSAndDNS.%s", req->port,
+ safe_socks ? " Rejecting." : "");
+ /*have_warned_about_unsafe_socks = 1;*/
/*(for now, warn every time)*/
control_event_client_status(LOG_WARN,
"DANGEROUS_SOCKS PROTOCOL=SOCKS5 ADDRESS=%s:%d",
req->address, req->port);
+ }
if (safe_socks)
return -1;
}
@@ -1516,7 +1518,8 @@ fetch_from_buf_socks(buf_t *buf, socks_request_t *req,
if (socks4_prot != socks4a &&
!addressmap_have_mapping(tmpbuf,0) &&
!have_warned_about_unsafe_socks) {
- log_warn(LD_APP,
+ if (get_options()->WarnUnsafeSocks) {
+ log_warn(LD_APP,
"Your application (using socks4 to port %d) is giving Tor "
"only an IP address. Applications that do DNS resolves "
"themselves may leak information. Consider using Socks4A "
@@ -1524,10 +1527,12 @@ fetch_from_buf_socks(buf_t *buf, socks_request_t *req,
"please see https://wiki.torproject.org/TheOnionRouter/"
"TorFAQ#SOCKSAndDNS.%s", req->port,
safe_socks ? " Rejecting." : "");
- /*have_warned_about_unsafe_socks = 1;*/ /*(for now, warn every time)*/
- control_event_client_status(LOG_WARN,
+ /*have_warned_about_unsafe_socks = 1;*/
+ /*(for now, warn every time)*/
+ control_event_client_status(LOG_WARN,
"DANGEROUS_SOCKS PROTOCOL=SOCKS4 ADDRESS=%s:%d",
tmpbuf, req->port);
+ }
if (safe_socks)
return -1;
}
diff --git a/src/or/config.c b/src/or/config.c
index 82184c7..4982ee0 100644
--- a/src/or/config.c
+++ b/src/or/config.c
@@ -280,6 +280,7 @@ static config_var_t _option_vars[] = {
V(NatdListenAddress, LINELIST, NULL),
V(NatdPort, UINT, "0"),
V(Nickname, STRING, NULL),
+ V(WarnUnsafeSocks, BOOL, "1"),
V(NoPublish, BOOL, "0"),
VAR("NodeFamily", LINELIST, NodeFamilies, NULL),
V(NumCpus, UINT, "1"),
diff --git a/src/or/or.h b/src/or/or.h
index 832bdd6..f922de2 100644
--- a/src/or/or.h
+++ b/src/or/or.h
@@ -2701,6 +2701,10 @@ typedef struct {
* selection. */
int AllowDotExit;
+ /** If true, we will warn if a user gives us only an IP address
+ * instead of a hostname. */
+ int WarnUnsafeSocks;
+
/** If true, the user wants us to collect statistics on clients
* requesting network statuses from us as directory. */
int DirReqStatistics;
--
1.6.5
More information about the tor-commits
mailing list