connection_edge.c 87.6 KB
Newer Older
Roger Dingledine's avatar
Roger Dingledine committed
1
2
/* Copyright (c) 2001 Matej Pfajfar.
 * Copyright (c) 2001-2004, Roger Dingledine.
3
 * Copyright (c) 2004-2007, Roger Dingledine, Nick Mathewson. */
4
5
/* See LICENSE for licensing information */
/* $Id$ */
6
7
const char connection_edge_c_id[] =
  "$Id$";
8

9
10
/**
 * \file connection_edge.c
11
 * \brief Handle edge streams.
12
13
 **/

14
15
#include "or.h"

16
17
18
19
20
21
22
23
24
25
26
#ifdef HAVE_LINUX_NETFILTER_IPV4_H
#include <linux/netfilter_ipv4.h>
#define TRANS_NETFILTER
#endif

#if defined(HAVE_NET_IF_H) && defined(HAVE_NET_PFVAR_H)
#include <net/if.h>
#include <net/pfvar.h>
#define TRANS_PF
#endif

27
/** List of exit_redirect_t for every configured RedirectExit. */
28
static smartlist_t *redirect_exit_list = NULL;
29

30
static int connection_ap_handshake_process_socks(edge_connection_t *conn);
31
static int connection_ap_process_natd(edge_connection_t *conn);
Roger Dingledine's avatar
Roger Dingledine committed
32
static int connection_exit_connect_dir(edge_connection_t *exitconn);
33
static int hostname_is_noconnect_address(const char *address);
34

35
36
37
38
39
/** An AP stream has failed/finished. If it hasn't already sent back
 * a socks reply, send one now (based on endreason). Also set
 * has_sent_end to 1, and mark the conn.
 */
void
40
_connection_mark_unattached_ap(edge_connection_t *conn, int endreason,
41
42
                               int line, const char *file)
{
43
44
  tor_assert(conn->_base.type == CONN_TYPE_AP);
  conn->_base.edge_has_sent_end = 1; /* no circ yet */
45

46
  if (conn->_base.marked_for_close) {
47
    /* This call will warn as appropriate. */
48
    _connection_mark_for_close(TO_CONN(conn), line, file);
49
50
51
    return;
  }

52
  if (!conn->socks_request->has_finished) {
53
    if (endreason & END_STREAM_REASON_FLAG_ALREADY_SOCKS_REPLIED)
Roger Dingledine's avatar
Roger Dingledine committed
54
      log_warn(LD_BUG,
55
               "stream (marked at %s:%d) sending two socks replies?",
Roger Dingledine's avatar
Roger Dingledine committed
56
               file, line);
57

58
    if (SOCKS_COMMAND_IS_CONNECT(conn->socks_request->command))
59
      connection_ap_handshake_socks_reply(conn, NULL, 0, endreason);
60
    else if (SOCKS_COMMAND_IS_RESOLVE(conn->socks_request->command))
61
62
      connection_ap_handshake_socks_resolved(conn, RESOLVED_TYPE_ERROR,
                                             0, NULL, -1);
63
64
    else /* unknown or no handshake at all. send no response. */
      conn->socks_request->has_finished = 1;
65
  }
66

67
68
  _connection_mark_for_close(TO_CONN(conn), line, file);
  conn->_base.hold_open_until_flushed = 1;
69
  conn->end_reason = endreason;
70
71
}

72
73
/** There was an EOF. Send an end and mark the connection for close.
 */
74
int
75
connection_edge_reached_eof(edge_connection_t *conn)
76
{
77
78
  if (buf_datalen(conn->_base.inbuf) &&
      connection_state_is_open(TO_CONN(conn))) {
Roger Dingledine's avatar
Roger Dingledine committed
79
80
81
    /* it still has stuff to process. don't let it die yet. */
    return 0;
  }
82
83
  log_info(LD_EDGE,"conn (fd %d) reached eof. Closing.", conn->_base.s);
  if (!conn->_base.marked_for_close) {
84
85
    /* only mark it if not already marked. it's possible to
     * get the 'end' right around when the client hangs up on us. */
86
    connection_edge_end(conn, END_STREAM_REASON_DONE);
87
88
    if (conn->socks_request) /* eof, so don't send a socks reply back */
      conn->socks_request->has_finished = 1;
89
    connection_mark_for_close(TO_CONN(conn));
90
91
92
93
94
  }
  return 0;
}

/** Handle new bytes on conn->inbuf based on state:
95
96
 *   - If it's waiting for socks info, try to read another step of the
 *     socks handshake out of conn->inbuf.
97
 *   - If it's waiting for the original destination, fetch it.
98
99
100
101
 *   - If it's open, then package more relay cells from the stream.
 *   - Else, leave the bytes on inbuf alone for now.
 *
 * Mark and return -1 if there was an unexpected error with the conn,
102
103
 * else return 0.
 */
104
int
105
connection_edge_process_inbuf(edge_connection_t *conn, int package_partial)
106
{
Roger Dingledine's avatar
Roger Dingledine committed
107
  tor_assert(conn);
108

109
  switch (conn->_base.state) {
110
    case AP_CONN_STATE_SOCKS_WAIT:
111
      if (connection_ap_handshake_process_socks(conn) < 0) {
112
        /* already marked */
113
114
115
        return -1;
      }
      return 0;
116
117
118
119
120
121
    case AP_CONN_STATE_NATD_WAIT:
      if (connection_ap_process_natd(conn) < 0) {
        /* already marked */
        return -1;
      }
      return 0;
122
123
    case AP_CONN_STATE_OPEN:
    case EXIT_CONN_STATE_OPEN:
124
      if (connection_edge_package_raw_inbuf(conn, package_partial) < 0) {
125
        /* (We already sent an end cell if possible) */
126
        connection_mark_for_close(TO_CONN(conn));
127
128
        return -1;
      }
129
130
      return 0;
    case EXIT_CONN_STATE_CONNECTING:
131
    case AP_CONN_STATE_RENDDESC_WAIT:
132
133
    case AP_CONN_STATE_CIRCUIT_WAIT:
    case AP_CONN_STATE_CONNECT_WAIT:
134
    case AP_CONN_STATE_RESOLVE_WAIT:
135
    case AP_CONN_STATE_CONTROLLER_WAIT:
Roger Dingledine's avatar
Roger Dingledine committed
136
137
      log_info(LD_EDGE,
               "data from edge while in '%s' state. Leaving it on buffer.",
138
               conn_state_to_string(conn->_base.type, conn->_base.state));
139
140
      return 0;
  }
141
  log_warn(LD_BUG,"Got unexpected state %d. Closing.",conn->_base.state);
142
  tor_fragile_assert();
143
  connection_edge_end(conn, END_STREAM_REASON_INTERNAL);
144
  connection_mark_for_close(TO_CONN(conn));
145
  return -1;
146
147
}

148
149
150
/** This edge needs to be closed, because its circuit has closed.
 * Mark it for close and return 0.
 */
151
int
152
connection_edge_destroy(uint16_t circ_id, edge_connection_t *conn)
153
{
154
  if (!conn->_base.marked_for_close) {
Roger Dingledine's avatar
Roger Dingledine committed
155
156
    log_info(LD_EDGE,
             "CircID %d: At an edge. Marking connection for close.", circ_id);
157
    if (conn->_base.type == CONN_TYPE_AP) {
158
159
      connection_mark_unattached_ap(conn, END_STREAM_REASON_DESTROY);
    } else {
160
161
      /* closing the circuit, nothing to send an END to */
      conn->_base.edge_has_sent_end = 1;
162
      conn->end_reason = END_STREAM_REASON_DESTROY;
163
      conn->end_reason |= END_STREAM_REASON_FLAG_ALREADY_SENT_CLOSED;
164
165
166
      if (conn->_base.type == CONN_TYPE_AP)
        control_event_stream_status(conn, STREAM_EVENT_CLOSED,
                                    END_STREAM_REASON_DESTROY);
167
168
      connection_mark_for_close(TO_CONN(conn));
      conn->_base.hold_open_until_flushed = 1;
169
    }
170
  }
171
  conn->cpath_layer = NULL;
172
  conn->on_circuit = NULL;
173
174
175
  return 0;
}

176
177
/** Send a relay end cell from stream <b>conn</b> down conn's circuit.  Set
 * the relay end cell's reason for closing as <b>reason</b>.
178
179
180
181
 *
 * Return -1 if this function has already been called on this conn,
 * else return 0.
 */
182
int
183
connection_edge_end(edge_connection_t *conn, char reason)
184
{
185
  char payload[RELAY_PAYLOAD_SIZE];
186
  size_t payload_len=1;
187
  circuit_t *circ;
188

189
  if (conn->_base.edge_has_sent_end) {
190
    log_warn(LD_BUG,"(Harmless.) Calling connection_edge_end (reason %d) "
Roger Dingledine's avatar
Roger Dingledine committed
191
             "on an already ended stream?", reason);
192
    tor_fragile_assert();
193
    return -1;
194
195
  }

196
  if (conn->_base.marked_for_close) {
Roger Dingledine's avatar
Roger Dingledine committed
197
    log_warn(LD_BUG,
198
             "called on conn that's already marked for close at %s:%d.",
199
             conn->_base.marked_for_close_file, conn->_base.marked_for_close);
200
201
202
    return 0;
  }

203
  payload[0] = reason;
204
205
  if (reason == END_STREAM_REASON_EXITPOLICY &&
      !connection_edge_is_rendezvous_stream(conn)) {
206
    set_uint32(payload+1, htonl(conn->_base.addr));
207
    set_uint32(payload+5, htonl(dns_clip_ttl(conn->address_ttl)));
208
    payload_len += 8;
209
210
  }

211
  circ = circuit_get_by_edge_conn(conn);
212
  if (circ && !circ->marked_for_close) {
213
    log_debug(LD_EDGE,"Sending end on conn (fd %d).",conn->_base.s);
214
    connection_edge_send_command(conn, RELAY_COMMAND_END,
215
                                 payload, payload_len);
216
  } else {
217
    log_debug(LD_EDGE,"No circ to send end on conn (fd %d).",
218
              conn->_base.s);
219
220
  }

221
  conn->_base.edge_has_sent_end = 1;
222
  conn->end_reason = reason;
223
  return 0;
224
225
}

226
/** An error has just occured on an operation on an edge connection
227
228
 * <b>conn</b>.  Extract the errno; convert it to an end reason, and send an
 * appropriate relay end cell to the other end of the connection's circuit.
229
 **/
230
int
231
connection_edge_end_errno(edge_connection_t *conn)
232
233
234
{
  uint8_t reason;
  tor_assert(conn);
235
  reason = (uint8_t)errno_to_end_reason(tor_socket_errno(conn->_base.s));
236
  return connection_edge_end(conn, reason);
237
238
}

239
240
241
242
243
244
245
246
247
248
/** Connection <b>conn</b> has finished writing and has no bytes left on
 * its outbuf.
 *
 * If it's in state 'open', stop writing, consider responding with a
 * sendme, and return.
 * Otherwise, stop writing and return.
 *
 * If <b>conn</b> is broken, mark it for close and return -1, else
 * return 0.
 */
249
int
250
connection_edge_finished_flushing(edge_connection_t *conn)
251
{
Roger Dingledine's avatar
Roger Dingledine committed
252
  tor_assert(conn);
253

254
  switch (conn->_base.state) {
255
256
    case AP_CONN_STATE_OPEN:
    case EXIT_CONN_STATE_OPEN:
257
      connection_stop_writing(TO_CONN(conn));
258
      connection_edge_consider_sending_sendme(conn);
259
      return 0;
Roger Dingledine's avatar
Roger Dingledine committed
260
    case AP_CONN_STATE_SOCKS_WAIT:
261
    case AP_CONN_STATE_NATD_WAIT:
262
    case AP_CONN_STATE_RENDDESC_WAIT:
263
    case AP_CONN_STATE_CIRCUIT_WAIT:
264
    case AP_CONN_STATE_CONNECT_WAIT:
265
    case AP_CONN_STATE_CONTROLLER_WAIT:
266
      connection_stop_writing(TO_CONN(conn));
Roger Dingledine's avatar
Roger Dingledine committed
267
      return 0;
268
    default:
269
      log_warn(LD_BUG, "Called in unexpected state %d.",conn->_base.state);
270
      tor_fragile_assert();
271
      return -1;
272
273
274
275
  }
  return 0;
}

276
277
278
/** Connected handler for exit connections: start writing pending
 * data, deliver 'CONNECTED' relay cells as appropriate, and check
 * any pending data that may have been received. */
279
int
280
connection_edge_finished_connecting(edge_connection_t *edge_conn)
281
{
282
  char valbuf[INET_NTOA_BUF_LEN];
283
  connection_t *conn;
Roger Dingledine's avatar
Roger Dingledine committed
284
  struct in_addr in;
285

286
287
288
  tor_assert(edge_conn);
  tor_assert(edge_conn->_base.type == CONN_TYPE_EXIT);
  conn = TO_CONN(edge_conn);
289
290
  tor_assert(conn->state == EXIT_CONN_STATE_CONNECTING);

291
292
  in.s_addr = htonl(conn->addr);
  tor_inet_ntoa(&in,valbuf,sizeof(valbuf));
Roger Dingledine's avatar
Roger Dingledine committed
293
  log_info(LD_EXIT,"Exit connection to %s:%u (%s) established.",
294
           escaped_safe_str(conn->address),conn->port,safe_str(valbuf));
295
296

  conn->state = EXIT_CONN_STATE_OPEN;
297
  connection_watch_events(conn, EV_READ); /* stop writing, continue reading */
298
299
  if (connection_wants_to_flush(conn)) /* in case there are any queued relay
                                        * cells */
300
301
    connection_start_writing(conn);
  /* deliver a 'connected' relay cell back through the circuit. */
302
303
  if (connection_edge_is_rendezvous_stream(edge_conn)) {
    if (connection_edge_send_command(edge_conn,
304
                                     RELAY_COMMAND_CONNECTED, NULL, 0) < 0)
305
306
      return 0; /* circuit is closed, don't continue */
  } else {
307
    char connected_payload[8];
308
    set_uint32(connected_payload, htonl(conn->addr));
309
    set_uint32(connected_payload+4,
310
311
312
               htonl(dns_clip_ttl(edge_conn->address_ttl)));
    if (connection_edge_send_command(edge_conn,
                                     RELAY_COMMAND_CONNECTED,
313
                                     connected_payload, 8) < 0)
314
315
      return 0; /* circuit is closed, don't continue */
  }
316
  tor_assert(edge_conn->package_window > 0);
317
  /* in case the server has written anything */
318
  return connection_edge_process_inbuf(edge_conn, 1);
319
320
}

321
322
/** Define a schedule for how long to wait between retrying
 * application connections. Rather than waiting a fixed amount of
323
 * time between each retry, we wait 10 seconds each for the first
324
 * two tries, and 15 seconds for each retry after
325
 * that. Hopefully this will improve the expected user experience. */
326
static int
327
compute_retry_timeout(edge_connection_t *conn)
328
{
329
  if (conn->num_socks_retries < 2) /* try 0 and try 1 */
330
331
332
333
    return 10;
  return 15;
}

334
335
336
/** Find all general-purpose AP streams waiting for a response that sent their
 * begin/resolve cell >=15 seconds ago. Detach from their current circuit, and
 * mark their current circuit as unsuitable for new streams. Then call
337
338
339
 * connection_ap_handshake_attach_circuit() to attach to a new circuit (if
 * available) or launch a new one.
 *
340
 * For rendezvous streams, simply give up after SocksTimeout seconds (with no
341
342
 * retry attempt).
 */
343
344
345
void
connection_ap_expire_beginning(void)
{
346
  connection_t **carray;
347
  edge_connection_t *conn;
348
  circuit_t *circ;
349
350
  int n, i;
  time_t now = time(NULL);
351
  or_options_t *options = get_options();
352
  int severity;
353
  int cutoff;
354
  int seconds_idle;
355
356
357
358

  get_connection_array(&carray, &n);

  for (i = 0; i < n; ++i) {
359
    if (carray[i]->type != CONN_TYPE_AP)
360
      continue;
361
    conn = TO_EDGE_CONN(carray[i]);
362
    /* if it's an internal bridge connection, don't yell its status. */
363
364
    severity = (!conn->_base.addr && !conn->_base.port)
      ? LOG_INFO : LOG_NOTICE;
365
366
367
368
    seconds_idle = now - conn->_base.timestamp_lastread;

    if (AP_CONN_STATE_IS_UNATTACHED(conn->_base.state)) {
      if (seconds_idle >= options->SocksTimeout) {
369
370
371
        log_fn(severity, LD_APP,
            "Tried for %d seconds to get a connection to %s:%d. "
            "Giving up. (%s)",
372
            seconds_idle, safe_str(conn->socks_request->address),
373
374
            conn->socks_request->port,
            conn_state_to_string(CONN_TYPE_AP, conn->_base.state));
375
        connection_mark_unattached_ap(conn, END_STREAM_REASON_TIMEOUT);
376
377
378
379
      }
      continue;
    }

380
    if (conn->_base.state == AP_CONN_STATE_OPEN)
381
      continue;
382

383
384
385
386
    /* We're in state connect_wait or resolve_wait now -- waiting for a
     * reply to our relay cell. See if we want to retry/give up. */

    cutoff = compute_retry_timeout(conn);
387
    if (seconds_idle < cutoff)
388
      continue;
389
    circ = circuit_get_by_edge_conn(conn);
390
    if (!circ) { /* it's vanished? */
Roger Dingledine's avatar
Roger Dingledine committed
391
392
      log_info(LD_APP,"Conn is waiting (address %s), but lost its circ.",
               safe_str(conn->socks_request->address));
393
      connection_mark_unattached_ap(conn, END_STREAM_REASON_TIMEOUT);
394
395
      continue;
    }
396
    if (circ->purpose == CIRCUIT_PURPOSE_C_REND_JOINED) {
397
      if (seconds_idle >= options->SocksTimeout) {
398
399
400
        log_fn(severity, LD_REND,
               "Rend stream is %d seconds late. Giving up on address"
               " '%s.onion'.",
401
               seconds_idle,
402
               safe_str(conn->socks_request->address));
403
        connection_edge_end(conn, END_STREAM_REASON_TIMEOUT);
404
        connection_mark_unattached_ap(conn, END_STREAM_REASON_TIMEOUT);
405
406
407
      }
      continue;
    }
Roger Dingledine's avatar
Roger Dingledine committed
408
    tor_assert(circ->purpose == CIRCUIT_PURPOSE_C_GENERAL);
409
    log_fn(cutoff < 15 ? LOG_INFO : severity, LD_APP,
410
411
           "We tried for %d seconds to connect to '%s' using exit '%s'."
           " Retrying on a new circuit.",
412
           seconds_idle, safe_str(conn->socks_request->address),
413
414
           conn->cpath_layer ?
             conn->cpath_layer->extend_info->nickname : "*unnamed*");
415
    /* send an end down the circuit */
416
    connection_edge_end(conn, END_STREAM_REASON_TIMEOUT);
417
    /* un-mark it as ending, since we're going to reuse it */
418
    conn->_base.edge_has_sent_end = 0;
419
    conn->end_reason = 0;
420
421
422
423
    /* kludge to make us not try this circuit again, yet to allow
     * current streams on it to survive if they can: make it
     * unattractive to use for new streams */
    tor_assert(circ->timestamp_dirty);
424
    circ->timestamp_dirty -= options->MaxCircuitDirtiness;
425
    /* give our stream another 'cutoff' seconds to try */
426
    conn->_base.timestamp_lastread += cutoff;
427
428
    if (conn->num_socks_retries < 250) /* avoid overflow */
      conn->num_socks_retries++;
429
    /* move it back into 'pending' state, and try to attach. */
430
431
    if (connection_ap_detach_retriable(conn, TO_ORIGIN_CIRCUIT(circ),
                                       END_STREAM_REASON_TIMEOUT)<0) {
432
      connection_mark_unattached_ap(conn, END_STREAM_REASON_CANT_ATTACH);
433
    }
434
  } /* end for */
435
436
}

437
438
/** Tell any AP streams that are waiting for a new circuit to try again,
 * either attaching to an available circ or launching a new one.
439
 */
440
441
void
connection_ap_attach_pending(void)
442
{
443
  connection_t **carray;
444
  connection_t *conn;
445
  edge_connection_t *edge_conn;
446
447
448
449
450
  int n, i;

  get_connection_array(&carray, &n);

  for (i = 0; i < n; ++i) {
451
    conn = carray[i];
Roger Dingledine's avatar
Roger Dingledine committed
452
453
    if (conn->marked_for_close ||
        conn->type != CONN_TYPE_AP ||
454
        conn->state != AP_CONN_STATE_CIRCUIT_WAIT)
455
      continue;
456
457
458
    edge_conn = TO_EDGE_CONN(conn);
    if (connection_ap_handshake_attach_circuit(edge_conn) < 0) {
      connection_mark_unattached_ap(edge_conn, END_STREAM_REASON_CANT_ATTACH);
459
    }
460
461
462
  }
}

463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
/** A circuit failed to finish on its last hop <b>info</b>. If there
 * are any streams waiting with this exit node in mind, but they
 * don't absolutely require it, make them give up on it.
 */
void
circuit_discard_optional_exit_enclaves(extend_info_t *info)
{
  connection_t **carray;
  connection_t *conn;
  edge_connection_t *edge_conn;
  routerinfo_t *r1, *r2;
  int n, i;

  get_connection_array(&carray, &n);

  for (i = 0; i < n; ++i) {
    conn = carray[i];
    if (conn->marked_for_close ||
        conn->type != CONN_TYPE_AP ||
        !conn->chosen_exit_optional)
      continue;
    edge_conn = TO_EDGE_CONN(conn);
    r1 = router_get_by_nickname(edge_conn->chosen_exit_name, 0);
    r2 = router_get_by_nickname(info->nickname, 0);
    if (r1 && r2 && r1==r2) {
      tor_assert(edge_conn->socks_request);
      log_info(LD_APP, "Giving up on enclave exit '%s' for destination %s.",
               safe_str(edge_conn->chosen_exit_name),
               escaped_safe_str(edge_conn->socks_request->address));
      conn->chosen_exit_optional = 0;
      tor_free(edge_conn->chosen_exit_name); /* clears it */
    }
  }
}

498
499
/** The AP connection <b>conn</b> has just failed while attaching or
 * sending a BEGIN or resolving on <b>circ</b>, but another circuit
500
 * might work. Detach the circuit, and either reattach it, launch a
501
502
503
 * new circuit, tell the controller, or give up as a appropriate.
 *
 * Returns -1 on err, 1 on success, 0 on not-yet-sure.
504
505
 */
int
506
507
connection_ap_detach_retriable(edge_connection_t *conn, origin_circuit_t *circ,
                               int reason)
508
{
509
  control_event_stream_status(conn, STREAM_EVENT_FAILED_RETRIABLE, reason);
510
  conn->_base.timestamp_lastread = time(NULL);
511
  if (! get_options()->LeaveStreamsUnattached) {
512
    conn->_base.state = AP_CONN_STATE_CIRCUIT_WAIT;
513
    circuit_detach_stream(TO_CIRCUIT(circ),conn);
514
515
    return connection_ap_handshake_attach_circuit(conn);
  } else {
516
    conn->_base.state = AP_CONN_STATE_CONTROLLER_WAIT;
517
    circuit_detach_stream(TO_CIRCUIT(circ),conn);
518
519
520
521
    return 0;
  }
}

522
/** A client-side struct to remember requests to rewrite addresses
523
 * to new addresses. These structs are stored in the hash table
524
 * "addressmap" below.
525
526
527
528
529
530
531
532
533
534
535
 *
 * There are 5 ways to set an address mapping:
 * - A MapAddress command from the controller [permanent]
 * - An AddressMap directive in the torrc [permanent]
 * - When a TrackHostExits torrc directive is triggered [temporary]
 * - When a dns resolve succeeds [temporary]
 * - When a dns resolve fails [temporary]
 *
 * When an addressmap request is made but one is already registered,
 * the new one is replaced only if the currently registered one has
 * no "new_address" (that is, it's in the process of dns resolve),
536
537
538
539
540
 * or if the new one is permanent (expires==0 or 1).
 *
 * (We overload the 'expires' field, using "0" for mappings set via
 * the configuration file, "1" for mappings set from the control
 * interface, and other values for DNS mappings that can expire.)
541
542
543
544
545
546
547
 */
typedef struct {
  char *new_address;
  time_t expires;
  int num_resolve_failures;
} addressmap_entry_t;

548
/** Entry for mapping addresses to which virtual address we mapped them to. */
549
550
551
552
553
typedef struct {
  char *ipv4_address;
  char *hostname_address;
} virtaddress_entry_t;

554
/** A hash table to store client-side address rewrite instructions. */
555
static strmap_t *addressmap=NULL;
556
/**
557
 * Table mapping addresses to which virtual address, if any, we
558
559
560
561
562
563
564
565
 * assigned them to.
 *
 * We maintain the following invariant: if [A,B] is in
 * virtaddress_reversemap, then B must be a virtual address, and [A,B]
 * must be in addressmap.  We do not require that the converse hold:
 * if it fails, then we could end up mapping two virtual addresses to
 * the same address, which is no disaster.
 **/
566
static strmap_t *virtaddress_reversemap=NULL;
567
568

/** Initialize addressmap. */
569
570
571
void
addressmap_init(void)
{
572
  addressmap = strmap_new();
573
  virtaddress_reversemap = strmap_new();
574
575
576
577
}

/** Free the memory associated with the addressmap entry <b>_ent</b>. */
static void
578
579
addressmap_ent_free(void *_ent)
{
580
581
582
583
584
  addressmap_entry_t *ent = _ent;
  tor_free(ent->new_address);
  tor_free(ent);
}

585
/** Free storage held by a virtaddress_entry_t* entry in <b>ent</b> */
586
static void
587
588
addressmap_virtaddress_ent_free(void *_ent)
{
589
590
591
592
593
594
  virtaddress_entry_t *ent = _ent;
  tor_free(ent->ipv4_address);
  tor_free(ent->hostname_address);
  tor_free(ent);
}

595
/** Free storage held by a virtaddress_entry_t* entry in <b>ent</b> */
596
static void
597
addressmap_virtaddress_remove(const char *address, addressmap_entry_t *ent)
598
{
599
600
  if (ent && ent->new_address &&
      address_is_in_virtual_range(ent->new_address)) {
601
602
    virtaddress_entry_t *ve =
      strmap_get(virtaddress_reversemap, ent->new_address);
603
    /*log_fn(LOG_NOTICE,"remove reverse mapping for %s",ent->new_address);*/
604
    if (ve) {
605
      if (!strcmp(address, ve->ipv4_address))
606
        tor_free(ve->ipv4_address);
607
      if (!strcmp(address, ve->hostname_address))
608
609
610
611
612
        tor_free(ve->hostname_address);
      if (!ve->ipv4_address && !ve->hostname_address) {
        tor_free(ve);
        strmap_remove(virtaddress_reversemap, ent->new_address);
      }
613
614
615
616
    }
  }
}

617
618
/** Remove <b>ent</b> (which must be mapped to by <b>address</b>) from the
 * client address maps. */
619
static void
620
addressmap_ent_remove(const char *address, addressmap_entry_t *ent)
621
{
622
  addressmap_virtaddress_remove(address, ent);
623
624
  addressmap_ent_free(ent);
}
625

626
627
628
629
630
631
632
633
634
635
636
637
638
/** Remove all entries from the addressmap that were set via the
 * configuration file or the command line. */
void
addressmap_clear_configured(void)
{
  addressmap_get_mappings(NULL, 0, 0);
}

/** Remove all entries from the addressmap that are set to expire, ever. */
void
addressmap_clear_transient(void)
{
  addressmap_get_mappings(NULL, 2, TIME_MAX);
639
640
641
642
643
}

/** Clean out entries from the addressmap cache that were
 * added long enough ago that they are no longer valid.
 */
644
645
646
void
addressmap_clean(time_t now)
{
647
  addressmap_get_mappings(NULL, 2, now);
648
649
650
651
}

/** Free all the elements in the addressmap, and free the addressmap
 * itself. */
652
653
654
void
addressmap_free_all(void)
{
655
656
657
658
659
660
661
662
  if (addressmap) {
    strmap_free(addressmap, addressmap_ent_free);
    addressmap = NULL;
  }
  if (virtaddress_reversemap) {
    strmap_free(virtaddress_reversemap, addressmap_virtaddress_ent_free);
    virtaddress_reversemap = NULL;
  }
663
664
665
666
}

/** Look at address, and rewrite it until it doesn't want any
 * more rewrites; but don't get into an infinite loop.
667
668
 * Don't write more than maxlen chars into address.  Return true if the
 * address changed; false otherwise.
669
 */
670
int
671
672
addressmap_rewrite(char *address, size_t maxlen)
{
673
674
  addressmap_entry_t *ent;
  int rewrites;
675
  char *cp;
676
677
678
679
680

  for (rewrites = 0; rewrites < 16; rewrites++) {
    ent = strmap_get(addressmap, address);

    if (!ent || !ent->new_address)
681
      return (rewrites > 0); /* done, no rewrite needed */
682

683
    cp = tor_strdup(escaped_safe_str(ent->new_address));
684
    log_info(LD_APP, "Addressmap: rewriting %s to %s",
685
686
             escaped_safe_str(address), cp);
    tor_free(cp);
687
688
    strlcpy(address, ent->new_address, maxlen);
  }
Roger Dingledine's avatar
Roger Dingledine committed
689
  log_warn(LD_CONFIG,
690
691
           "Loop detected: we've rewritten %s 16 times! Using it as-is.",
           escaped_safe_str(address));
692
  /* it's fine to rewrite a rewrite, but don't loop forever */
693
  return 1;
694
695
}

696
/** If we have a cached reverse DNS entry for the address stored in the
697
698
 * <b>maxlen</b>-byte buffer <b>address</b> (typically, a dotted quad) then
 * rewrite to the cached value and return 1.  Otherwise return 0. */
699
700
701
702
703
704
705
706
707
708
709
static int
addressmap_rewrite_reverse(char *address, size_t maxlen)
{
  size_t len = maxlen + 16;
  char *s = tor_malloc(len), *cp;
  addressmap_entry_t *ent;
  int r = 0;
  tor_snprintf(s, len, "REVERSE[%s]", address);
  ent = strmap_get(addressmap, s);
  if (ent) {
    cp = tor_strdup(escaped_safe_str(ent->new_address));
710
    log_info(LD_APP, "Rewrote reverse lookup %s -> %s",
711
712
713
714
715
716
717
718
719
             escaped_safe_str(s), cp);
    tor_free(cp);
    strlcpy(address, ent->new_address, maxlen);
    r = 1;
  }
  tor_free(s);
  return r;
}

720
/** Return 1 if <b>address</b> is already registered, else return 0 */
721
int
722
addressmap_have_mapping(const char *address)
723
{
724
  return strmap_get_lc(addressmap, address) ? 1 : 0;
725
726
727
}

/** Register a request to map <b>address</b> to <b>new_address</b>,
728
729
730
 * which will expire on <b>expires</b> (or 0 if never expires from
 * config file, 1 if never expires from controller, 2 if never expires
 * (virtual address mapping) from the controller.)
731
 *
732
 * <b>new_address</b> should be a newly dup'ed string, which we'll use or
733
 * free as appropriate. We will leave address alone.
734
735
736
 *
 * If <b>new_address</b> is NULL, or equal to <b>address</b>, remove
 * any mappings that exist from <b>address</b>.
737
 */
738
739
740
void
addressmap_register(const char *address, char *new_address, time_t expires)
{
741
742
743
  addressmap_entry_t *ent;

  ent = strmap_get(addressmap, address);
744
  if (!new_address || !strcasecmp(address,new_address)) {
745
    /* Remove the mapping, if any. */
746
747
    tor_free(new_address);
    if (ent) {
748
      addressmap_ent_remove(address,ent);
749
750
751
752
      strmap_remove(addressmap, address);
    }
    return;
  }
753
754
755
756
757
  if (!ent) { /* make a new one and register it */
    ent = tor_malloc_zero(sizeof(addressmap_entry_t));
    strmap_set(addressmap, address, ent);
  } else if (ent->new_address) { /* we need to clean up the old mapping. */
    if (expires > 1) {
Roger Dingledine's avatar
Roger Dingledine committed
758
759
      log_info(LD_APP,"Temporary addressmap ('%s' to '%s') not performed, "
               "since it's already mapped to '%s'",
760
      safe_str(address), safe_str(new_address), safe_str(ent->new_address));
761
762
763
      tor_free(new_address);
      return;
    }
764
765
766
767
    if (address_is_in_virtual_range(ent->new_address) &&
        expires != 2) {
      /* XXX This isn't the perfect test; we want to avoid removing
       * mappings set from the control interface _as virtual mapping */
768
      addressmap_virtaddress_remove(address, ent);
769
    }
770
    tor_free(ent->new_address);
771
772
  } /* else { we have an in-progress resolve with no mapping. } */

773
  ent->new_address = new_address;
774
  ent->expires = expires==2 ? 1 : expires;
775
776
  ent->num_resolve_failures = 0;

Roger Dingledine's avatar
Roger Dingledine committed
777
778
  log_info(LD_CONFIG, "Addressmap: (re)mapped '%s' to '%s'",
           safe_str(address), safe_str(ent->new_address));
779
  control_event_address_mapped(address, ent->new_address, expires);
780
781
782
783
784
785
}

/** An attempt to resolve <b>address</b> failed at some OR.
 * Increment the number of resolve failures we have on record
 * for it, and then return that number.
 */
786
787
int
client_dns_incr_failures(const char *address)
788
{
789
  addressmap_entry_t *ent = strmap_get(addressmap, address);
790
791
  if (!ent) {
    ent = tor_malloc_zero(sizeof(addressmap_entry_t));
792
    ent->expires = time(NULL) + MAX_DNS_ENTRY_AGE;
793
794
795
    strmap_set(addressmap,address,ent);
  }
  ++ent->num_resolve_failures;
Roger Dingledine's avatar
Roger Dingledine committed
796
797
  log_info(LD_APP, "Address %s now has %d resolve failures.",
           safe_str(address), ent->num_resolve_failures);
798
799
800
  return ent->num_resolve_failures;
}

801
802
803
804
805
806
807
808
809
810
811
812
813
/** If <b>address</b> is in the client dns addressmap, reset
 * the number of resolve failures we have on record for it.
 * This is used when we fail a stream because it won't resolve:
 * otherwise future attempts on that address will only try once.
 */
void
client_dns_clear_failures(const char *address)
{
  addressmap_entry_t *ent = strmap_get(addressmap, address);
  if (ent)
    ent->num_resolve_failures = 0;
}

814
/** Record the fact that <b>address</b> resolved to <b>name</b>.
815
816
 * We can now use this in subsequent streams via addressmap_rewrite()
 * so we can more correctly choose an exit that will allow <b>address</b>.
817
818
819
 *
 * If <b>exitname</b> is defined, then append the addresses with
 * ".exitname.exit" before registering the mapping.
820
821
 *
 * If <b>ttl</b> is nonnegative, the mapping will be valid for
822
 * <b>ttl</b>seconds; otherwise, we use the default.
823
 */
824
825
826
827
static void
client_dns_set_addressmap_impl(const char *address, const char *name,
                               const char *exitname,
                               int ttl)
828
{
Nick Mathewson's avatar
Nick Mathewson committed
829
  /* <address>.<hex or nickname>.exit\0  or just  <address>\0 */
830
  char extendedaddress[MAX_SOCKS_ADDR_LEN+MAX_VERBOSE_NICKNAME_LEN+10];
Roger Dingledine's avatar
Roger Dingledine committed
831
  /* 123.123.123.123.<hex or nickname>.exit\0  or just  123.123.123.123\0 */
832
  char extendedval[INET_NTOA_BUF_LEN+MAX_VERBOSE_NICKNAME_LEN+10];
833

834
  tor_assert(address);
835
  tor_assert(name);
836

837
838
839
840
  if (ttl<0)
    ttl = DEFAULT_DNS_TTL;
  else
    ttl = dns_clip_ttl(ttl);
841

842
  if (exitname) {
843
844
845
    /* XXXX fails to ever get attempts to get an exit address of
     * google.com.digest[=~]nickname.exit; we need a syntax for this that
     * won't make strict RFC952-compliant applications (like us) barf. */
846
847
848
    tor_snprintf(extendedaddress, sizeof(extendedaddress),
                 "%s.%s.exit", address, exitname);
    tor_snprintf(extendedval, sizeof(extendedval),
849
                 "%s.%s.exit", name, exitname);
850
851
852
853
  } else {
    tor_snprintf(extendedaddress, sizeof(extendedaddress),
                 "%s", address);
    tor_snprintf(extendedval, sizeof(extendedval),
854
                 "%s", name);
855
  }
856
857
  addressmap_register(extendedaddress, tor_strdup(extendedval),
                      time(NULL) + ttl);
858
859
}

860
861
862
863
864
865
866
867
868
869
870
871
872
873
874
875
876
877
878
879
880
881
882
883
884
885
886
887
/** Record the fact that <b>address</b> resolved to <b>val</b>.
 * We can now use this in subsequent streams via addressmap_rewrite()
 * so we can more correctly choose an exit that will allow <b>address</b>.
 *
 * If <b>exitname</b> is defined, then append the addresses with
 * ".exitname.exit" before registering the mapping.
 *
 * If <b>ttl</b> is nonnegative, the mapping will be valid for
 * <b>ttl</b>seconds; otherwise, we use the default.
 */
void
client_dns_set_addressmap(const char *address, uint32_t val,
                          const char *exitname,
                          int ttl)
{
  struct in_addr in;
  char valbuf[INET_NTOA_BUF_LEN];

  tor_assert(address);

  if (tor_inet_aton(address, &in))
    return; /* If address was an IP address already, don't add a mapping. */
  in.s_addr = htonl(val);
  tor_inet_ntoa(&in,valbuf,sizeof(valbuf));

  client_dns_set_addressmap_impl(address, valbuf, exitname, ttl);
}

888
889
890
891
892
893
894
895
896
/** Add a cache entry noting that <b>address</b> (ordinarily a dotted quad)
 * resolved via a RESOLVE_PTR request to the hostname <b>v</b>.
 *
 * If <b>exitname</b> is defined, then append the addresses with
 * ".exitname.exit" before registering the mapping.
 *
 * If <b>ttl</b> is nonnegative, the mapping will be valid for
 * <b>ttl</b>seconds; otherwise, we use the default.
 */
897
898
899
900
901
902
903
904
905
906
907
908
static void
client_dns_set_reverse_addressmap(const char *address, const char *v,
                                  const char *exitname,
                                  int ttl)
{
  size_t len = strlen(address) + 16;
  char *s = tor_malloc(len);
  tor_snprintf(s, len, "REVERSE[%s]", address);
  client_dns_set_addressmap_impl(s, v, exitname, ttl);
  tor_free(s);
}

909
/* By default, we hand out 127.192.0.1 through 127.254.254.254.
910
911
912
913
 * These addresses should map to localhost, so even if the
 * application accidentally tried to connect to them directly (not
 * via Tor), it wouldn't get too far astray.
 *