r11724@Kushana: nickm | 2006-12-28 14:22:35 -0500 (d9f1f353) · Commits · David Goulet / Tor

ChangeLog

+2 −0

Original line number	Diff line number	Diff line
		@@ -70,6 +70,8 @@ Changes in version 0.1.2.5-xxxx - 200?-??-??
		- We now check for the case when common DNS requests are going to
		wildcarded addresses, and change our exit policy to reject : if
		it's happening. (Bug #364)
		- When we change nameservers or IP addresses, reset and re-launch
		our tests for DNS hijacking.

		o Security bugfixes:
		- Stop sending the HttpProxyAuthenticator string to directory

+1 −2

Original line number	Diff line number	Diff line
		@@ -112,8 +112,7 @@ d - Be a DNS proxy.
		well-known sites) are all going to the same place.
		o Bug 363: Warn and die if we can't find a nameserver and we're running a
		server; don't fall back to 127.0.0.1.
		? - maybe re-check dns when we change IP addresses, rather than
		every 12 hours?
		o Re-check dns when we change IP addresses, rather than every 12 hours
		- Bug 326: Give fewer error messages from nameservers.
		- Only warn when _all_ nameservers are down; otherwise info.
		- Increase timeout; what's industry standard?

+2 −2

Original line number	Diff line number	Diff line
		@@ -976,7 +976,7 @@ options_act(or_options_t *old_options)
		log_err(LD_BUG,"Error initializing keys; exiting");
		return -1;
		}
		server_has_changed_ip();
		ip_address_changed(0);
		if (has_completed_circuit \|\| !any_predicted_circuits(time(NULL)))
		inform_testing_reachability();
		}
		@@ -1908,7 +1908,7 @@ resolve_my_address(int warn_severity, or_options_t *options,
		/* Leave this as a notice, regardless of the requested severity,
		* at least until dynamic IP address support becomes bulletproof. */
		log_notice(LD_NET, "Your IP address seems to have changed. Updating.");
		server_has_changed_ip();
		ip_address_changed(0);
		}
		last_resolved_addr = *addr_out;
		if (hostname_out)

+1 −1

Original line number	Diff line number	Diff line
		@@ -2128,7 +2128,7 @@ client_check_address_changed(int sock)
		smartlist_clear(outgoing_addrs);
		smartlist_add(outgoing_addrs, ip);
		/* Okay, now change our keys. */
		init_keys(); /* XXXX NM return value-- safe to ignore? */
		ip_address_changed(1);
		}
		}

+29 −0

Original line number	Diff line number	Diff line
		@@ -1399,6 +1399,11 @@ dns_seems_to_be_broken(void)
		{
		return 0;
		}

		void
		dns_reset_correctness_checks(void)
		{
		}
		#else /* !USE_EVENTDNS */

		/** Eventdns helper: return true iff the eventdns result <b>err</b> is
		@@ -1514,6 +1519,8 @@ configure_nameservers(int force)
		}
		#endif

		dns_servers_relaunch_checks();

		nameservers_configured = 1;
		return 0;
		}
		@@ -1855,6 +1862,28 @@ dns_seems_to_be_broken(void)
		return dns_is_completely_invalid;
		}

		void
		dns_reset_correctness_checks(void)
		{
		if (dns_wildcard_response_count) {
		strmap_free(dns_wildcard_response_count, _tor_free);
		dns_wildcard_response_count = NULL;
		}
		n_wildcard_requests = 0;

		if (dns_wildcard_list) {
		SMARTLIST_FOREACH(dns_wildcard_list, char *, cp, tor_free(cp));
		smartlist_clear(dns_wildcard_list);
		}
		if (dns_wildcarded_test_address_list) {
		SMARTLIST_FOREACH(dns_wildcarded_test_address_list, char *, cp,
		tor_free(cp));
		smartlist_clear(dns_wildcarded_test_address_list);
		}
		dns_wildcard_one_notice_given = dns_wildcard_notice_given =
		dns_wildcarded_test_address_notice_given = dns_is_completely_invalid = 0;
		}

		/** Return true iff we have noticed that the dotted-quad <b>ip</b> has been
		* returned in response to requests for nonexistent hostnames. */
		static int