Commit 2889bd26 authored by Nick Mathewson's avatar Nick Mathewson 🎨
Browse files

Revise the DNS subsystem to handle IPv6 exits.

Now, every cached_resolve_t can remember an IPv4 result *and* an IPv6
result.  As a light protection against timing-based distinguishers for
IPv6 users (and against complexity!), every forward request generates
an IPv4 *and* an IPv6 request, assuming that we're an IPv6 exit.  Once
we have answers or errors for both, we act accordingly.

This patch additionally makes some useful refactorings in the dns.c
code, though there is quite a bit more of useful refactoring that could
be done.

Additionally, have a new interface for the argument passed to the
evdns_callback function.  Previously, it was just the original address
we were resolving.  But it turns out that, on error, evdns doesn't
tell you the type of the query, so on a failure we didn't know whether
IPv4 or IPv6 queries were failing.

The new convention is to have the first byte of that argument include
the query type.  I've refactored the code a bit to make that simpler.
parent a58e17bc
......@@ -91,12 +91,13 @@ int connection_edge_update_circuit_isolation(const entry_connection_t *conn,
int dry_run);
void circuit_clear_isolation(origin_circuit_t *circ);
#define BEGIN_FLAG_IPV6_OK (1u<<0)
#define BEGIN_FLAG_IPV4_NOT_OK (1u<<1)
typedef struct begin_cell_t {
char *address;
This diff is collapsed.
......@@ -1440,6 +1440,8 @@ typedef struct edge_connection_t {
/** True iff this connection is for a DNS request only. */
unsigned int is_dns_request:1;
/* DOCDOC exit only */
unsigned int is_reverse_dns_lookup:1;
unsigned int edge_has_sent_end:1; /**< For debugging; only used on edge
* connections. Set once we've set the stream end,
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment