Tor should consider more addresses as invalid
There's a few more address blocks that should never appear on the public internet that do not appear to be checked for when processing the exit policy (Belong in private_nets
) or in tor_addr_is_internal()
.
From RFC 5735:
- 192.0.2.0/24 TEST-NET-1
- 198.51.100.0/24 TEST-NET-2
- 203.0.113.0/24 TEST-NET-3
- 198.18.0.0/15 Network Interconnect Device Benchmark Testing
From RFC 5156:
- 2001:db8::/32 Documentation Prefix
- 2001:10::/28 ORCHID
Traffic containing these addresses have no business being on the public internet, so the code should be updated to check for them and reject them where appropriate. Since tor_addr_is_internal()
is used for things other than rejection, this probably should be done as a separate function that is checked when the code means "Reject things that should not be used" (most of the code) vs "Explicitly need a local address" (warn_nonlocal_client_ports()
for example).