connection_edge.c 71.1 KB
Newer Older
Roger Dingledine's avatar
Roger Dingledine committed
1
2
3
/* Copyright (c) 2001 Matej Pfajfar.
 * Copyright (c) 2001-2004, Roger Dingledine.
 * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson. */
4
5
/* See LICENSE for licensing information */
/* $Id$ */
6
7
const char connection_edge_c_id[] =
  "$Id$";
8

9
10
/**
 * \file connection_edge.c
11
 * \brief Handle edge streams.
12
13
 **/

14
15
#include "or.h"

16
17
18
19
20
21
22
23
24
25
26
#ifdef HAVE_LINUX_NETFILTER_IPV4_H
#include <linux/netfilter_ipv4.h>
#define TRANS_NETFILTER
#endif

#if defined(HAVE_NET_IF_H) && defined(HAVE_NET_PFVAR_H)
#include <net/if.h>
#include <net/pfvar.h>
#define TRANS_PF
#endif

27
28
/* List of exit_redirect_t */
static smartlist_t *redirect_exit_list = NULL;
29

30
static int connection_ap_handshake_process_socks(edge_connection_t *conn);
31
static int connection_ap_process_transparent(edge_connection_t *conn);
32

33
34
35
36
37
/** An AP stream has failed/finished. If it hasn't already sent back
 * a socks reply, send one now (based on endreason). Also set
 * has_sent_end to 1, and mark the conn.
 */
void
38
_connection_mark_unattached_ap(edge_connection_t *conn, int endreason,
39
40
                               int line, const char *file)
{
41
42
  tor_assert(conn->_base.type == CONN_TYPE_AP);
  conn->_base.edge_has_sent_end = 1; /* no circ yet */
43

44
  if (conn->_base.marked_for_close) {
45
    /* This call will warn as appropriate. */
46
    _connection_mark_for_close(TO_CONN(conn), line, file);
47
48
49
    return;
  }

50
51
52
  if (!conn->socks_request->has_finished) {
    socks5_reply_status_t socksreason =
      connection_edge_end_reason_socks5_response(endreason);
53
54

    if (endreason == END_STREAM_REASON_ALREADY_SOCKS_REPLIED)
Roger Dingledine's avatar
Roger Dingledine committed
55
56
57
      log_warn(LD_BUG,
               "Bug: stream (marked at %s:%d) sending two socks replies?",
               file, line);
58

59
60
61
    if (conn->socks_request->command == SOCKS_COMMAND_CONNECT)
      connection_ap_handshake_socks_reply(conn, NULL, 0, socksreason);
    else
62
63
      connection_ap_handshake_socks_resolved(conn, RESOLVED_TYPE_ERROR,
                                             0, NULL, -1);
64
  }
65

66
67
  _connection_mark_for_close(TO_CONN(conn), line, file);
  conn->_base.hold_open_until_flushed = 1;
68
69
}

70
71
/** There was an EOF. Send an end and mark the connection for close.
 */
72
int
73
connection_edge_reached_eof(edge_connection_t *conn)
74
{
75
76
  if (buf_datalen(conn->_base.inbuf) &&
      connection_state_is_open(TO_CONN(conn))) {
Roger Dingledine's avatar
Roger Dingledine committed
77
78
79
    /* it still has stuff to process. don't let it die yet. */
    return 0;
  }
80
81
  log_info(LD_EDGE,"conn (fd %d) reached eof. Closing.", conn->_base.s);
  if (!conn->_base.marked_for_close) {
82
83
    /* only mark it if not already marked. it's possible to
     * get the 'end' right around when the client hangs up on us. */
84
    connection_edge_end(conn, END_STREAM_REASON_DONE, conn->cpath_layer);
85
86
    if (conn->socks_request) /* eof, so don't send a socks reply back */
      conn->socks_request->has_finished = 1;
87
    connection_mark_for_close(TO_CONN(conn));
88
89
90
91
92
  }
  return 0;
}

/** Handle new bytes on conn->inbuf based on state:
93
94
 *   - If it's waiting for socks info, try to read another step of the
 *     socks handshake out of conn->inbuf.
95
 *   - If it's waiting for the original destination, fetch it.
96
97
98
99
 *   - If it's open, then package more relay cells from the stream.
 *   - Else, leave the bytes on inbuf alone for now.
 *
 * Mark and return -1 if there was an unexpected error with the conn,
100
101
 * else return 0.
 */
102
int
103
connection_edge_process_inbuf(edge_connection_t *conn, int package_partial)
104
{
Roger Dingledine's avatar
Roger Dingledine committed
105
  tor_assert(conn);
106

107
  switch (conn->_base.state) {
108
    case AP_CONN_STATE_SOCKS_WAIT:
109
      if (connection_ap_handshake_process_socks(conn) < 0) {
110
        /* already marked */
111
112
113
        return -1;
      }
      return 0;
114
115
116
117
118
119
    case AP_CONN_STATE_ORIGDST_WAIT:
      if (connection_ap_process_transparent(conn) < 0) {
        /* already marked */
        return -1;
      }
      return 0;
120
121
    case AP_CONN_STATE_OPEN:
    case EXIT_CONN_STATE_OPEN:
122
      if (connection_edge_package_raw_inbuf(conn, package_partial) < 0) {
123
        /* (We already sent an end cell if possible) */
124
        connection_mark_for_close(TO_CONN(conn));
125
126
        return -1;
      }
127
128
      return 0;
    case EXIT_CONN_STATE_CONNECTING:
129
    case AP_CONN_STATE_RENDDESC_WAIT:
130
131
    case AP_CONN_STATE_CIRCUIT_WAIT:
    case AP_CONN_STATE_CONNECT_WAIT:
132
    case AP_CONN_STATE_RESOLVE_WAIT:
133
    case AP_CONN_STATE_CONTROLLER_WAIT:
Roger Dingledine's avatar
Roger Dingledine committed
134
135
      log_info(LD_EDGE,
               "data from edge while in '%s' state. Leaving it on buffer.",
136
               conn_state_to_string(conn->_base.type, conn->_base.state));
137
138
      return 0;
  }
139
  log_warn(LD_BUG,"Bug: Got unexpected state %d. Closing.",conn->_base.state);
140
  tor_fragile_assert();
141
  connection_edge_end(conn, END_STREAM_REASON_INTERNAL, conn->cpath_layer);
142
  connection_mark_for_close(TO_CONN(conn));
143
  return -1;
144
145
}

146
147
148
/** This edge needs to be closed, because its circuit has closed.
 * Mark it for close and return 0.
 */
149
int
150
connection_edge_destroy(uint16_t circ_id, edge_connection_t *conn)
151
{
152
  if (!conn->_base.marked_for_close) {
Roger Dingledine's avatar
Roger Dingledine committed
153
154
    log_info(LD_EDGE,
             "CircID %d: At an edge. Marking connection for close.", circ_id);
155
    if (conn->_base.type == CONN_TYPE_AP) {
156
157
      connection_mark_unattached_ap(conn, END_STREAM_REASON_DESTROY);
    } else {
158
159
      /* closing the circuit, nothing to send an END to */
      conn->_base.edge_has_sent_end = 1;
160
161
      connection_mark_for_close(TO_CONN(conn));
      conn->_base.hold_open_until_flushed = 1;
162
    }
163
  }
164
  conn->cpath_layer = NULL;
165
  conn->on_circuit = NULL;
166
167
168
  return 0;
}

169
170
171
172
173
174
175
176
/** Send a relay end cell from stream <b>conn</b> to conn's circuit,
 * with a destination of cpath_layer. (If cpath_layer is NULL, the
 * destination is the circuit's origin.) Mark the relay end cell as
 * closing because of <b>reason</b>.
 *
 * Return -1 if this function has already been called on this conn,
 * else return 0.
 */
177
int
178
179
connection_edge_end(edge_connection_t *conn, char reason,
                    crypt_path_t *cpath_layer)
180
{
181
  char payload[RELAY_PAYLOAD_SIZE];
182
  size_t payload_len=1;
183
  circuit_t *circ;
184

185
  if (conn->_base.edge_has_sent_end) {
Roger Dingledine's avatar
Roger Dingledine committed
186
187
    log_warn(LD_BUG,"Harmless bug: Calling connection_edge_end (reason %d) "
             "on an already ended stream?", reason);
188
    tor_fragile_assert();
189
    return -1;
190
191
  }

192
  if (conn->_base.marked_for_close) {
Roger Dingledine's avatar
Roger Dingledine committed
193
194
    log_warn(LD_BUG,
             "Bug: called on conn that's already marked for close at %s:%d.",
195
             conn->_base.marked_for_close_file, conn->_base.marked_for_close);
196
197
198
    return 0;
  }

199
  payload[0] = reason;
200
201
  if (reason == END_STREAM_REASON_EXITPOLICY &&
      !connection_edge_is_rendezvous_stream(conn)) {
202
    set_uint32(payload+1, htonl(conn->_base.addr));
203
    set_uint32(payload+5, htonl(dns_clip_ttl(conn->address_ttl)));
204
    payload_len += 8;
205
206
  }

207
  circ = circuit_get_by_edge_conn(conn);
208
  if (circ && !circ->marked_for_close) {
209
    log_debug(LD_EDGE,"Marking conn (fd %d) and sending end.",conn->_base.s);
210
211
    connection_edge_send_command(conn, circ, RELAY_COMMAND_END,
                                 payload, payload_len, cpath_layer);
212
  } else {
213
214
    log_debug(LD_EDGE,"Marking conn (fd %d); no circ to send end.",
              conn->_base.s);
215
216
  }

217
  conn->_base.edge_has_sent_end = 1;
218
  return 0;
219
220
}

221
222
223
224
/** An error has just occured on an operation on an edge connection
 * <b>conn</b>.  Extract the errno; convert it to an end reason, and send
 * an appropriate relay end cell to <b>cpath_layer</b>.
 **/
225
int
226
connection_edge_end_errno(edge_connection_t *conn, crypt_path_t *cpath_layer)
227
228
229
{
  uint8_t reason;
  tor_assert(conn);
230
  reason = (uint8_t)errno_to_end_reason(tor_socket_errno(conn->_base.s));
231
232
233
  return connection_edge_end(conn, reason, cpath_layer);
}

234
235
236
237
238
239
240
241
242
243
/** Connection <b>conn</b> has finished writing and has no bytes left on
 * its outbuf.
 *
 * If it's in state 'open', stop writing, consider responding with a
 * sendme, and return.
 * Otherwise, stop writing and return.
 *
 * If <b>conn</b> is broken, mark it for close and return -1, else
 * return 0.
 */
244
int
245
connection_edge_finished_flushing(edge_connection_t *conn)
246
{
Roger Dingledine's avatar
Roger Dingledine committed
247
  tor_assert(conn);
248

249
  switch (conn->_base.state) {
250
251
    case AP_CONN_STATE_OPEN:
    case EXIT_CONN_STATE_OPEN:
252
      connection_stop_writing(TO_CONN(conn));
253
      connection_edge_consider_sending_sendme(conn);
254
      return 0;
Roger Dingledine's avatar
Roger Dingledine committed
255
    case AP_CONN_STATE_SOCKS_WAIT:
256
    case AP_CONN_STATE_ORIGDST_WAIT:
257
    case AP_CONN_STATE_RENDDESC_WAIT:
258
    case AP_CONN_STATE_CIRCUIT_WAIT:
259
    case AP_CONN_STATE_CONNECT_WAIT:
260
    case AP_CONN_STATE_CONTROLLER_WAIT:
261
      connection_stop_writing(TO_CONN(conn));
Roger Dingledine's avatar
Roger Dingledine committed
262
      return 0;
263
    default:
264
      log_warn(LD_BUG,"BUG: called in unexpected state %d.",conn->_base.state);
265
      tor_fragile_assert();
266
      return -1;
267
268
269
270
  }
  return 0;
}

271
272
273
/** Connected handler for exit connections: start writing pending
 * data, deliver 'CONNECTED' relay cells as appropriate, and check
 * any pending data that may have been received. */
274
int
275
connection_edge_finished_connecting(edge_connection_t *edge_conn)
276
{
277
  char valbuf[INET_NTOA_BUF_LEN];
278
  connection_t *conn;
Roger Dingledine's avatar
Roger Dingledine committed
279
  struct in_addr in;
280

281
282
283
  tor_assert(edge_conn);
  tor_assert(edge_conn->_base.type == CONN_TYPE_EXIT);
  conn = TO_CONN(edge_conn);
284
285
  tor_assert(conn->state == EXIT_CONN_STATE_CONNECTING);

286
287
  in.s_addr = htonl(conn->addr);
  tor_inet_ntoa(&in,valbuf,sizeof(valbuf));
Roger Dingledine's avatar
Roger Dingledine committed
288
  log_info(LD_EXIT,"Exit connection to %s:%u (%s) established.",
289
           escaped_safe_str(conn->address),conn->port,safe_str(valbuf));
290
291

  conn->state = EXIT_CONN_STATE_OPEN;
292
  connection_watch_events(conn, EV_READ); /* stop writing, continue reading */
293
294
  if (connection_wants_to_flush(conn)) /* in case there are any queued relay
                                        * cells */
295
296
    connection_start_writing(conn);
  /* deliver a 'connected' relay cell back through the circuit. */
297
298
299
  if (connection_edge_is_rendezvous_stream(edge_conn)) {
    if (connection_edge_send_command(edge_conn,
                                     circuit_get_by_edge_conn(edge_conn),
300
                                     RELAY_COMMAND_CONNECTED, NULL, 0,
301
                                     edge_conn->cpath_layer) < 0)
302
303
      return 0; /* circuit is closed, don't continue */
  } else {
304
    char connected_payload[8];
305
    set_uint32(connected_payload, htonl(conn->addr));
306
    set_uint32(connected_payload+4,
307
308
309
310
311
312
               htonl(dns_clip_ttl(edge_conn->address_ttl)));
    if (connection_edge_send_command(edge_conn,
                                     circuit_get_by_edge_conn(edge_conn),
                                     RELAY_COMMAND_CONNECTED,
                                     connected_payload, 8,
                                     edge_conn->cpath_layer) < 0)
313
314
      return 0; /* circuit is closed, don't continue */
  }
315
  tor_assert(edge_conn->package_window > 0);
316
  /* in case the server has written anything */
317
  return connection_edge_process_inbuf(edge_conn, 1);
318
319
}

320
321
322
323
324
325
/** Define a schedule for how long to wait between retrying
 * application connections. Rather than waiting a fixed amount of
 * time between each retry, we wait only 5 seconds for the first,
 * 10 seconds for the second, and 15 seconds for each retry after
 * that. Hopefully this will improve the expected experience. */
static int
326
compute_socks_timeout(edge_connection_t *conn)
327
328
329
330
331
332
333
334
{
  if (conn->num_socks_retries == 0)
    return 5;
  if (conn->num_socks_retries == 1)
    return 10;
  return 15;
}

335
336
337
/** Find all general-purpose AP streams waiting for a response that sent their
 * begin/resolve cell >=15 seconds ago. Detach from their current circuit, and
 * mark their current circuit as unsuitable for new streams. Then call
338
339
340
 * connection_ap_handshake_attach_circuit() to attach to a new circuit (if
 * available) or launch a new one.
 *
341
 * For rendezvous streams, simply give up after SocksTimeout seconds (with no
342
343
 * retry attempt).
 */
344
345
346
void
connection_ap_expire_beginning(void)
{
347
  connection_t **carray;
348
  edge_connection_t *conn;
349
  circuit_t *circ;
350
  const char *nickname;
351
352
  int n, i;
  time_t now = time(NULL);
353
  or_options_t *options = get_options();
354
  int severity;
355
  int cutoff;
356
357
358
359

  get_connection_array(&carray, &n);

  for (i = 0; i < n; ++i) {
360
    if (carray[i]->type != CONN_TYPE_AP)
361
      continue;
362
    conn = TO_EDGE_CONN(carray[i]);
363
    /* if it's an internal bridge connection, don't yell its status. */
364
365
    severity = (!conn->_base.addr && !conn->_base.port)
      ? LOG_INFO : LOG_NOTICE;
366
367
    if (conn->_base.state == AP_CONN_STATE_CONTROLLER_WAIT) {
      if (now - conn->_base.timestamp_lastread >= options->SocksTimeout) {
368
        log_fn(severity, LD_APP, "Closing unattached stream.");
369
        connection_mark_unattached_ap(conn, END_STREAM_REASON_TIMEOUT);
370
371
372
373
      }
      continue;
    }

374
375
    if (conn->_base.state != AP_CONN_STATE_RESOLVE_WAIT &&
        conn->_base.state != AP_CONN_STATE_CONNECT_WAIT)
376
      continue;
377
    cutoff = compute_socks_timeout(conn);
378
    if (now - conn->_base.timestamp_lastread < cutoff)
379
      continue;
380
    circ = circuit_get_by_edge_conn(conn);
381
    if (!circ) { /* it's vanished? */
Roger Dingledine's avatar
Roger Dingledine committed
382
383
      log_info(LD_APP,"Conn is waiting (address %s), but lost its circ.",
               safe_str(conn->socks_request->address));
384
      connection_mark_unattached_ap(conn, END_STREAM_REASON_TIMEOUT);
385
386
      continue;
    }
387
    if (circ->purpose == CIRCUIT_PURPOSE_C_REND_JOINED) {
388
      if (now - conn->_base.timestamp_lastread > options->SocksTimeout) {
389
390
391
        log_fn(severity, LD_REND,
               "Rend stream is %d seconds late. Giving up on address"
               " '%s.onion'.",
392
               (int)(now - conn->_base.timestamp_lastread),
393
               safe_str(conn->socks_request->address));
394
395
        connection_edge_end(conn, END_STREAM_REASON_TIMEOUT,
                            conn->cpath_layer);
396
        connection_mark_unattached_ap(conn, END_STREAM_REASON_TIMEOUT);
397
398
399
      }
      continue;
    }
Roger Dingledine's avatar
Roger Dingledine committed
400
    tor_assert(circ->purpose == CIRCUIT_PURPOSE_C_GENERAL);
401
402
    nickname = build_state_get_exit_nickname(
                                        TO_ORIGIN_CIRCUIT(circ)->build_state);
403
    log_fn(cutoff < 15 ? LOG_INFO : severity, LD_APP,
404
405
           "We tried for %d seconds to connect to '%s' using exit '%s'."
           " Retrying on a new circuit.",
406
           (int)(now - conn->_base.timestamp_lastread),
407
408
           safe_str(conn->socks_request->address),
           nickname ? nickname : "*unnamed*");
409
410
411
    /* send an end down the circuit */
    connection_edge_end(conn, END_STREAM_REASON_TIMEOUT, conn->cpath_layer);
    /* un-mark it as ending, since we're going to reuse it */
412
    conn->_base.edge_has_sent_end = 0;
413
414
415
416
    /* kludge to make us not try this circuit again, yet to allow
     * current streams on it to survive if they can: make it
     * unattractive to use for new streams */
    tor_assert(circ->timestamp_dirty);
417
    circ->timestamp_dirty -= options->MaxCircuitDirtiness;
418
    /* give our stream another 'cutoff' seconds to try */
419
    conn->_base.timestamp_lastread += cutoff;
420
    conn->num_socks_retries++;
421
    /* move it back into 'pending' state, and try to attach. */
422
    if (connection_ap_detach_retriable(conn, TO_ORIGIN_CIRCUIT(circ))<0) {
423
      connection_mark_unattached_ap(conn, END_STREAM_REASON_CANT_ATTACH);
424
    }
425
  } /* end for */
426
427
}

428
/** Tell any AP streams that are waiting for a new circuit that one is
429
430
 * available.
 */
431
432
void
connection_ap_attach_pending(void)
433
{
434
  connection_t **carray;
435
  connection_t *conn;
436
  edge_connection_t *edge_conn;
437
438
439
440
441
  int n, i;

  get_connection_array(&carray, &n);

  for (i = 0; i < n; ++i) {
442
    conn = carray[i];
Roger Dingledine's avatar
Roger Dingledine committed
443
444
    if (conn->marked_for_close ||
        conn->type != CONN_TYPE_AP ||
445
        conn->state != AP_CONN_STATE_CIRCUIT_WAIT)
446
      continue;
447
448
449
    edge_conn = TO_EDGE_CONN(conn);
    if (connection_ap_handshake_attach_circuit(edge_conn) < 0) {
      connection_mark_unattached_ap(edge_conn, END_STREAM_REASON_CANT_ATTACH);
450
    }
451
452
453
  }
}

454
455
456
457
458
459
/** The AP connection <b>conn</b> has just failed while attaching or
 * sending a BEGIN or resolving on <b>circ</b>, but another circuit
 * might work.  Detach the circuit, and either reattach it, launch a
 * new circuit, tell the controller, or give up as a appropriate.
 *
 * Returns -1 on err, 1 on success, 0 on not-yet-sure.
460
461
 */
int
462
connection_ap_detach_retriable(edge_connection_t *conn, origin_circuit_t *circ)
463
464
{
  control_event_stream_status(conn, STREAM_EVENT_FAILED_RETRIABLE);
465
  conn->_base.timestamp_lastread = time(NULL);
466
  if (! get_options()->LeaveStreamsUnattached) {
467
    conn->_base.state = AP_CONN_STATE_CIRCUIT_WAIT;
468
    circuit_detach_stream(TO_CIRCUIT(circ),conn);
469
470
    return connection_ap_handshake_attach_circuit(conn);
  } else {
471
    conn->_base.state = AP_CONN_STATE_CONTROLLER_WAIT;
472
    circuit_detach_stream(TO_CIRCUIT(circ),conn);
473
474
475
476
    return 0;
  }
}

477
/** A client-side struct to remember requests to rewrite addresses
478
 * to new addresses. These structs are stored in the hash table
479
 * "addressmap" below.
480
481
482
483
484
485
486
487
488
489
490
 *
 * There are 5 ways to set an address mapping:
 * - A MapAddress command from the controller [permanent]
 * - An AddressMap directive in the torrc [permanent]
 * - When a TrackHostExits torrc directive is triggered [temporary]
 * - When a dns resolve succeeds [temporary]
 * - When a dns resolve fails [temporary]
 *
 * When an addressmap request is made but one is already registered,
 * the new one is replaced only if the currently registered one has
 * no "new_address" (that is, it's in the process of dns resolve),
491
492
493
494
495
 * or if the new one is permanent (expires==0 or 1).
 *
 * (We overload the 'expires' field, using "0" for mappings set via
 * the configuration file, "1" for mappings set from the control
 * interface, and other values for DNS mappings that can expire.)
496
497
498
499
500
501
502
 */
typedef struct {
  char *new_address;
  time_t expires;
  int num_resolve_failures;
} addressmap_entry_t;

503
/** Entry for mapping addresses to which virtual address we mapped them to. */
504
505
506
507
508
typedef struct {
  char *ipv4_address;
  char *hostname_address;
} virtaddress_entry_t;

509
/** A hash table to store client-side address rewrite instructions. */
510
static strmap_t *addressmap=NULL;
511
/**
512
 * Table mapping addresses to which virtual address, if any, we
513
514
515
516
517
518
519
520
 * assigned them to.
 *
 * We maintain the following invariant: if [A,B] is in
 * virtaddress_reversemap, then B must be a virtual address, and [A,B]
 * must be in addressmap.  We do not require that the converse hold:
 * if it fails, then we could end up mapping two virtual addresses to
 * the same address, which is no disaster.
 **/
521
static strmap_t *virtaddress_reversemap=NULL;
522
523

/** Initialize addressmap. */
524
525
526
void
addressmap_init(void)
{
527
  addressmap = strmap_new();
528
  virtaddress_reversemap = strmap_new();
529
530
531
532
}

/** Free the memory associated with the addressmap entry <b>_ent</b>. */
static void
533
534
addressmap_ent_free(void *_ent)
{
535
536
537
538
539
  addressmap_entry_t *ent = _ent;
  tor_free(ent->new_address);
  tor_free(ent);
}

540
/** Free storage held by a virtaddress_entry_t* entry in <b>ent</b> */
541
static void
542
543
addressmap_virtaddress_ent_free(void *_ent)
{
544
545
546
547
548
549
  virtaddress_entry_t *ent = _ent;
  tor_free(ent->ipv4_address);
  tor_free(ent->hostname_address);
  tor_free(ent);
}

550
/** Free storage held by a virtaddress_entry_t* entry in <b>ent</b> */
551
static void
552
addressmap_virtaddress_remove(const char *address, addressmap_entry_t *ent)
553
{
554
555
  if (ent && ent->new_address &&
      address_is_in_virtual_range(ent->new_address)) {
556
557
    virtaddress_entry_t *ve =
      strmap_get(virtaddress_reversemap, ent->new_address);
558
    /*log_fn(LOG_NOTICE,"remove reverse mapping for %s",ent->new_address);*/
559
    if (ve) {
560
      if (!strcmp(address, ve->ipv4_address))
561
        tor_free(ve->ipv4_address);
562
      if (!strcmp(address, ve->hostname_address))
563
564
565
566
567
        tor_free(ve->hostname_address);
      if (!ve->ipv4_address && !ve->hostname_address) {
        tor_free(ve);
        strmap_remove(virtaddress_reversemap, ent->new_address);
      }
568
569
570
571
    }
  }
}

572
/* DOCDOC */
573
static void
574
addressmap_ent_remove(const char *address, addressmap_entry_t *ent)
575
{
576
  addressmap_virtaddress_remove(address, ent);
577
578
  addressmap_ent_free(ent);
}
579

580
581
582
583
584
585
586
587
588
589
590
591
592
/** Remove all entries from the addressmap that were set via the
 * configuration file or the command line. */
void
addressmap_clear_configured(void)
{
  addressmap_get_mappings(NULL, 0, 0);
}

/** Remove all entries from the addressmap that are set to expire, ever. */
void
addressmap_clear_transient(void)
{
  addressmap_get_mappings(NULL, 2, TIME_MAX);
593
594
595
596
597
}

/** Clean out entries from the addressmap cache that were
 * added long enough ago that they are no longer valid.
 */
598
599
600
void
addressmap_clean(time_t now)
{
601
  addressmap_get_mappings(NULL, 2, now);
602
603
604
605
}

/** Free all the elements in the addressmap, and free the addressmap
 * itself. */
606
607
608
void
addressmap_free_all(void)
{
609
610
611
612
613
614
615
616
  if (addressmap) {
    strmap_free(addressmap, addressmap_ent_free);
    addressmap = NULL;
  }
  if (virtaddress_reversemap) {
    strmap_free(virtaddress_reversemap, addressmap_virtaddress_ent_free);
    virtaddress_reversemap = NULL;
  }
617
618
619
620
621
622
}

/** Look at address, and rewrite it until it doesn't want any
 * more rewrites; but don't get into an infinite loop.
 * Don't write more than maxlen chars into address.
 */
623
624
625
void
addressmap_rewrite(char *address, size_t maxlen)
{
626
627
628
629
630
631
632
633
634
  addressmap_entry_t *ent;
  int rewrites;

  for (rewrites = 0; rewrites < 16; rewrites++) {
    ent = strmap_get(addressmap, address);

    if (!ent || !ent->new_address)
      return; /* done, no rewrite needed */

Roger Dingledine's avatar
Roger Dingledine committed
635
636
    log_info(LD_APP, "Addressmap: rewriting '%s' to '%s'",
             safe_str(address), safe_str(ent->new_address));
637
638
    strlcpy(address, ent->new_address, maxlen);
  }
Roger Dingledine's avatar
Roger Dingledine committed
639
640
641
  log_warn(LD_CONFIG,
           "Loop detected: we've rewritten '%s' 16 times! Using it as-is.",
           safe_str(address));
642
643
644
645
  /* it's fine to rewrite a rewrite, but don't loop forever */
}

/** Return 1 if <b>address</b> is already registered, else return 0 */
646
647
648
int
addressmap_already_mapped(const char *address)
{
649
650
651
652
  return strmap_get(addressmap, address) ? 1 : 0;
}

/** Register a request to map <b>address</b> to <b>new_address</b>,
653
654
655
 * which will expire on <b>expires</b> (or 0 if never expires from
 * config file, 1 if never expires from controller, 2 if never expires
 * (virtual address mapping) from the controller.)
656
 *
657
 * <b>new_address</b> should be a newly dup'ed string, which we'll use or
658
 * free as appropriate. We will leave address alone.
659
660
661
 *
 * If <b>new_address</b> is NULL, or equal to <b>address</b>, remove
 * any mappings that exist from <b>address</b>.
662
 */
663
664
665
void
addressmap_register(const char *address, char *new_address, time_t expires)
{
666
667
668
  addressmap_entry_t *ent;

  ent = strmap_get(addressmap, address);
669
  if (!new_address || !strcasecmp(address,new_address)) {
670
    /* Remove the mapping, if any. */
671
672
    tor_free(new_address);
    if (ent) {
673
      addressmap_ent_remove(address,ent);
674
675
676
677
      strmap_remove(addressmap, address);
    }
    return;
  }
678
679
680
681
682
  if (!ent) { /* make a new one and register it */
    ent = tor_malloc_zero(sizeof(addressmap_entry_t));
    strmap_set(addressmap, address, ent);
  } else if (ent->new_address) { /* we need to clean up the old mapping. */
    if (expires > 1) {
Roger Dingledine's avatar
Roger Dingledine committed
683
684
      log_info(LD_APP,"Temporary addressmap ('%s' to '%s') not performed, "
               "since it's already mapped to '%s'",
685
      safe_str(address), safe_str(new_address), safe_str(ent->new_address));
686
687
688
      tor_free(new_address);
      return;
    }
689
690
691
692
    if (address_is_in_virtual_range(ent->new_address) &&
        expires != 2) {
      /* XXX This isn't the perfect test; we want to avoid removing
       * mappings set from the control interface _as virtual mapping */
693
      addressmap_virtaddress_remove(address, ent);
694
    }
695
    tor_free(ent->new_address);
696
697
  } /* else { we have an in-progress resolve with no mapping. } */

698
  ent->new_address = new_address;
699
  ent->expires = expires==2 ? 1 : expires;
700
701
  ent->num_resolve_failures = 0;

Roger Dingledine's avatar
Roger Dingledine committed
702
703
  log_info(LD_CONFIG, "Addressmap: (re)mapped '%s' to '%s'",
           safe_str(address), safe_str(ent->new_address));
704
  control_event_address_mapped(address, ent->new_address, expires);
705
706
707
708
709
710
}

/** An attempt to resolve <b>address</b> failed at some OR.
 * Increment the number of resolve failures we have on record
 * for it, and then return that number.
 */
711
712
int
client_dns_incr_failures(const char *address)
713
{
714
  addressmap_entry_t *ent = strmap_get(addressmap, address);
715
716
  if (!ent) {
    ent = tor_malloc_zero(sizeof(addressmap_entry_t));
717
    ent->expires = time(NULL) + MAX_DNS_ENTRY_AGE;
718
719
720
    strmap_set(addressmap,address,ent);
  }
  ++ent->num_resolve_failures;
Roger Dingledine's avatar
Roger Dingledine committed
721
722
  log_info(LD_APP, "Address %s now has %d resolve failures.",
           safe_str(address), ent->num_resolve_failures);
723
724
725
  return ent->num_resolve_failures;
}

726
727
728
729
730
731
732
733
734
735
736
737
738
/** If <b>address</b> is in the client dns addressmap, reset
 * the number of resolve failures we have on record for it.
 * This is used when we fail a stream because it won't resolve:
 * otherwise future attempts on that address will only try once.
 */
void
client_dns_clear_failures(const char *address)
{
  addressmap_entry_t *ent = strmap_get(addressmap, address);
  if (ent)
    ent->num_resolve_failures = 0;
}

739
740
741
/** Record the fact that <b>address</b> resolved to <b>val</b>.
 * We can now use this in subsequent streams via addressmap_rewrite()
 * so we can more correctly choose an exit that will allow <b>address</b>.
742
743
744
 *
 * If <b>exitname</b> is defined, then append the addresses with
 * ".exitname.exit" before registering the mapping.
745
746
 *
 * If <b>ttl</b> is nonnegative, the mapping will be valid for
747
 * <b>ttl</b>seconds; otherwise, we use the default.
748
 */
749
void
750
751
client_dns_set_addressmap(const char *address, uint32_t val,
                          const char *exitname,
752
                          int ttl)
753
754
{
  struct in_addr in;
Nick Mathewson's avatar
Nick Mathewson committed
755
756
757
758
  /* <address>.<hex or nickname>.exit\0  or just  <address>\0 */
  char extendedaddress[MAX_SOCKS_ADDR_LEN+MAX_HEX_NICKNAME_LEN+10];
  /* 123.123.123.123.<hex or nickname>.exit\0   or just  123.123.123.123\0 */
  char extendedval[INET_NTOA_BUF_LEN+MAX_HEX_NICKNAME_LEN+10];
759
  char valbuf[INET_NTOA_BUF_LEN];
760

761
762
  tor_assert(address);
  tor_assert(val);
763

764
765
766
767
  if (ttl<0)
    ttl = DEFAULT_DNS_TTL;
  else
    ttl = dns_clip_ttl(ttl);
768

769
  if (tor_inet_aton(address, &in))
Nick Mathewson's avatar
Nick Mathewson committed
770
    return; /* If address was an IP address already, don't add a mapping. */
771
  in.s_addr = htonl(val);
772
773
774
775
776
777
778
779
780
781
782
783
  tor_inet_ntoa(&in,valbuf,sizeof(valbuf));
  if (exitname) {
    tor_snprintf(extendedaddress, sizeof(extendedaddress),
                 "%s.%s.exit", address, exitname);
    tor_snprintf(extendedval, sizeof(extendedval),
                 "%s.%s.exit", valbuf, exitname);
  } else {
    tor_snprintf(extendedaddress, sizeof(extendedaddress),
                 "%s", address);
    tor_snprintf(extendedval, sizeof(extendedval),
                 "%s", valbuf);
  }
784
785
  addressmap_register(extendedaddress, tor_strdup(extendedval),
                      time(NULL) + ttl);
786
787
}

788
/* By default, we hand out 127.192.0.1 through 127.254.254.254.
789
790
791
792
793
794
 * These addresses should map to localhost, so even if the
 * application accidentally tried to connect to them directly (not
 * via Tor), it wouldn't get too far astray.
 *
 * Eventually, we should probably make this configurable.
 */
795
796
797
798
799
800
801
static uint32_t virtual_addr_network = 0x7fc00000u;
static uint32_t virtual_addr_netmask = 0xffc00000u;
static int virtual_addr_netmask_bits = 10;
static uint32_t next_virtual_addr    = 0x7fc00000u;

/** Read a netmask of the form 127.192.0.0/10 from "val", and check whether
 * it's a valid set of virtual addresses to hand out in response to MAPADDRESS
802
803
804
 * requests.  Return 0 on success; set *msg (if provided) to a newly allocated
 * string and return -1 on failure.  If validate_only is false, sets the
 * actual virtual address range to the parsed value. */
805
806
int
parse_virtual_addr_network(const char *val, int validate_only,
807
                           char **msg)
808
809
810
811
812
813
{
  uint32_t addr, mask;
  uint16_t port_min, port_max;
  int bits;

  if (parse_addr_and_port_range(val, &addr, &mask, &port_min, &port_max)) {
814
    if (msg) *msg = tor_strdup("Error parsing VirtualAddressNetwork");
815
816
817
818
    return -1;
  }

  if (port_min != 1 || port_max != 65535) {
819
    if (msg) *msg = tor_strdup("Can't specify ports on VirtualAddressNetwork");
820
821
822
823
824
    return -1;
  }

  bits = addr_mask_get_bits(mask);
  if (bits < 0) {
825
826
    if (msg) *msg = tor_strdup("VirtualAddressNetwork must have a mask that "
                               "can be expressed as a prefix");
827
828
829
830
    return -1;
  }

  if (bits > 16) {
831
    if (msg) *msg = tor_strdup("VirtualAddressNetwork expects a /16 "
832
                               "network or larger");
833
834
835
836
837
838
839
840
841
842
843
844
845
846
847
    return -1;
  }

  if (validate_only)
    return 0;

  virtual_addr_network = addr & mask;
  virtual_addr_netmask = mask;
  virtual_addr_netmask_bits = bits;

  if ((next_virtual_addr & mask) != addr)
    next_virtual_addr = addr;

  return 0;
}
848
849
850

/**
 * Return true iff <b>addr</b> is likely to have been returned by
851
 * client_dns_get_unused_address.
852
 **/
853
int
854
address_is_in_virtual_range(const char *address)
855
856
{
  struct in_addr in;
857
858
  tor_assert(address);
  if (!strcasecmpend(address, ".virtual")) {
859
    return 1;
860
861
  } else if (tor_inet_aton(address, &in)) {
    uint32_t addr = ntohl(in.s_addr);
862
    if ((addr & virtual_addr_netmask) == virtual_addr_network)
863
864
865
866
867
868
869
870
871
      return 1;
  }
  return 0;
}

/** Return a newly allocated string holding an address of <b>type</b>
 * (one of RESOLVED_TYPE_{IPV4|HOSTNAME}) that has not yet been mapped,
 * and that is very unlikely to be the address of any real host.
 */
872
873
static char *
addressmap_get_virtual_address(int type)
874
875
876
877
878
{
  char buf[64];
  struct in_addr in;

  if (type == RESOLVED_TYPE_HOSTNAME) {
879
    char rand[10];
880
881
882
883
884
885
886
    do {
      crypto_rand(rand, sizeof(rand));
      base32_encode(buf,sizeof(buf),rand,sizeof(rand));
      strlcat(buf, ".virtual", sizeof(buf));
    } while (strmap_get(addressmap, buf));
    return tor_strdup(buf);
  } else if (type == RESOLVED_TYPE_IPV4) {
887
888
889
    // This is an imperfect estimate of how many addresses are available, but
    // that's ok.
    uint32_t available = 1u << (32-virtual_addr_netmask_bits);
890
    while (available) {
891
      /* Don't hand out any .0 or .255 address. */
892
893
894
895
896
      while ((next_virtual_addr & 0xff) == 0 ||
             (next_virtual_addr & 0xff) == 0xff) {
        ++next_virtual_addr;
      }
      in.s_addr = htonl(next_virtual_addr);
897
898
899
900
      tor_inet_ntoa(&in, buf, sizeof(buf));
      if (!strmap_get(addressmap, buf))
        break;

901
902
      ++next_virtual_addr;
      --available;
903
      log_notice(LD_CONFIG, "%d addrs available", (int)available);
904
905
906
907
908
909
      if (! --available) {
        log_warn(LD_CONFIG, "Ran out of virtual addresses!");
        return NULL;
      }
      if ((next_virtual_addr & virtual_addr_netmask) != virtual_addr_network)
        next_virtual_addr = virtual_addr_network;
910
911
912
    }
    return tor_strdup(buf);
  } else {
Roger Dingledine's avatar
Roger Dingledine committed
913
    log_warn(LD_BUG, "Called with unsupported address type (%d)", type);
914
915
916
917
    return NULL;
  }
}

918
919
920
921
922
923
924
925
926
/** A controller has requested that we map some address of type
 * <b>type</b> to the address <b>new_address</b>.  Choose an address
 * that is unlikely to be used, and map it, and return it in a newly
 * allocated string.  If another address of the same type is already
 * mapped to <b>new_address</b>, try to return a copy of that address.
 *
 * The string in <b>new_address</b> may be freed, or inserted into a map
 * as appropriate.
 **/
927
const char *
928
929
addressmap_register_virtual_address(int type, char *new_address)
{
930
931
932
  char **addrp;
  virtaddress_entry_t *vent;

933
  tor_assert(new_address);
934
935
  tor_assert(addressmap);
  tor_assert(virtaddress_reversemap);
936

937
  vent = strmap_get(virtaddress_reversemap, new_address);
938
  if (!vent) {
939
    vent = tor_malloc_zero(sizeof(virtaddress_entry_t));
940
941
    strmap_set(virtaddress_reversemap, new_address, vent);
  }
942
943
944
945
946

  addrp = (type == RESOLVED_TYPE_IPV4) ?
    &vent->ipv4_address : &vent->hostname_address;
  if (*addrp) {
    addressmap_entry_t *ent = strmap_get(addressmap, *addrp);
947
948
    if (ent && ent->new_address &&
        !strcasecmp(new_address, ent->new_address)) {
949
      tor_free(new_address);
950
      return tor_strdup(*addrp);