2007-12-12 22:09:01 +01:00
|
|
|
/* Copyright (c) 2003-2004, Roger Dingledine.
|
|
|
|
* Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson.
|
2018-06-20 14:13:28 +02:00
|
|
|
* Copyright (c) 2007-2018, The Tor Project, Inc. */
|
major overhaul: dns slave subsystem, topics
on startup, it forks off a master dns handler, which forks off dns
slaves (like the apache model). slaves as spawned as load increases,
and then reused. excess slaves are not ever killed, currently.
implemented topics. each topic has a receive window in each direction
at each edge of the circuit, and sends sendme's at the data level, as
per before. each circuit also has receive windows in each direction at
each hop; an edge sends a circuit-level sendme as soon as enough data
cells have arrived (regardless of whether the data cells were flushed
to the exit conns). removed the 'connected' cell type, since it's now
a topic command within data cells.
at the edge of the circuit, there can be multiple connections associated
with a single circuit. you find them via the linked list conn->next_topic.
currently each new ap connection starts its own circuit, so we ought
to see comparable performance to what we had before. but that's only
because i haven't written the code to reattach to old circuits. please
try to break it as-is, and then i'll make it reuse the same circuit and
we'll try to break that.
svn:r152
2003-01-26 10:02:24 +01:00
|
|
|
/* See LICENSE for licensing information */
|
|
|
|
|
2004-05-09 18:47:25 +02:00
|
|
|
/**
|
|
|
|
* \file dns.c
|
2006-08-04 20:24:25 +02:00
|
|
|
* \brief Implements a local cache for DNS results for Tor servers.
|
2007-05-13 11:25:06 +02:00
|
|
|
* This is implemented as a wrapper around Adam Langley's eventdns.c code.
|
2006-08-04 20:24:25 +02:00
|
|
|
* (We can't just use gethostbyname() and friends because we really need to
|
|
|
|
* be nonblocking.)
|
2016-10-15 02:08:51 +02:00
|
|
|
*
|
|
|
|
* There are three main cases when a Tor relay uses dns.c to launch a DNS
|
|
|
|
* request:
|
|
|
|
* <ol>
|
|
|
|
* <li>To check whether the DNS server is working more or less correctly.
|
|
|
|
* This happens via dns_launch_correctness_checks(). The answer is
|
|
|
|
* reported in the return value from later calls to
|
|
|
|
* dns_seems_to_be_broken().
|
|
|
|
* <li>When a client has asked the relay, in a RELAY_BEGIN cell, to connect
|
|
|
|
* to a given server by hostname. This happens via dns_resolve().
|
2018-01-24 09:55:15 +01:00
|
|
|
* <li>When a client has asked the relay, in a RELAY_RESOLVE cell, to look
|
2016-10-15 02:08:51 +02:00
|
|
|
* up a given server's IP address(es) by hostname. This also happens via
|
|
|
|
* dns_resolve().
|
|
|
|
* </ol>
|
|
|
|
*
|
|
|
|
* Each of these gets handled a little differently.
|
|
|
|
*
|
|
|
|
* To check for correctness, we look up some hostname we expect to exist and
|
|
|
|
* have real entries, some hostnames which we expect to definitely not exist,
|
|
|
|
* and some hostnames that we expect to probably not exist. If too many of
|
|
|
|
* the hostnames that shouldn't exist do exist, that's a DNS hijacking
|
|
|
|
* attempt. If too many of the hostnames that should exist have the same
|
|
|
|
* addresses as the ones that shouldn't exist, that's a very bad DNS hijacking
|
|
|
|
* attempt, or a very naughty captive portal. And if the hostnames that
|
|
|
|
* should exist simply don't exist, we probably have a broken nameserver.
|
|
|
|
*
|
|
|
|
* To handle client requests, we first check our cache for answers. If there
|
|
|
|
* isn't something up-to-date, we've got to launch A or AAAA requests as
|
|
|
|
* appropriate. How we handle responses to those in particular is a bit
|
|
|
|
* complex; see dns_lookup() and set_exitconn_info_from_resolve().
|
|
|
|
*
|
|
|
|
* When a lookup is finally complete, the inform_pending_connections()
|
|
|
|
* function will tell all of the streams that have been waiting for the
|
|
|
|
* resolve, by calling connection_exit_connect() if the client sent a
|
|
|
|
* RELAY_BEGIN cell, and by calling send_resolved_cell() or
|
|
|
|
* send_hostname_cell() if the client sent a RELAY_RESOLVE cell.
|
2004-05-09 18:47:25 +02:00
|
|
|
**/
|
2004-05-05 23:32:43 +02:00
|
|
|
|
2015-07-22 15:46:44 +02:00
|
|
|
#define DNS_PRIVATE
|
|
|
|
|
2018-06-20 15:35:05 +02:00
|
|
|
#include "or/or.h"
|
|
|
|
#include "or/circuitlist.h"
|
|
|
|
#include "or/circuituse.h"
|
|
|
|
#include "or/config.h"
|
|
|
|
#include "or/connection.h"
|
|
|
|
#include "or/connection_edge.h"
|
|
|
|
#include "or/control.h"
|
|
|
|
#include "common/crypto_rand.h"
|
|
|
|
#include "or/dns.h"
|
|
|
|
#include "or/main.h"
|
|
|
|
#include "or/policies.h"
|
|
|
|
#include "or/relay.h"
|
|
|
|
#include "or/router.h"
|
2007-08-08 07:50:31 +02:00
|
|
|
#include "ht.h"
|
2018-06-20 15:35:05 +02:00
|
|
|
#include "common/sandbox.h"
|
2018-06-15 16:07:17 +02:00
|
|
|
|
2018-06-20 15:35:05 +02:00
|
|
|
#include "or/edge_connection_st.h"
|
|
|
|
#include "or/or_circuit_st.h"
|
2018-06-15 16:07:17 +02:00
|
|
|
|
2009-06-04 20:49:16 +02:00
|
|
|
#include <event2/event.h>
|
2009-06-04 07:05:23 +02:00
|
|
|
#include <event2/dns.h>
|
2009-10-13 23:54:04 +02:00
|
|
|
|
2006-07-31 20:01:49 +02:00
|
|
|
/** How long will we wait for an answer from the resolver before we decide
|
|
|
|
* that the resolver is wedged? */
|
2006-07-31 20:01:18 +02:00
|
|
|
#define RESOLVE_MAX_TIMEOUT 300
|
|
|
|
|
2009-10-13 23:54:04 +02:00
|
|
|
/** Our evdns_base; this structure handles all our name lookups. */
|
|
|
|
static struct evdns_base *the_evdns_base = NULL;
|
|
|
|
|
2006-08-28 05:16:02 +02:00
|
|
|
/** Have we currently configured nameservers with eventdns? */
|
|
|
|
static int nameservers_configured = 0;
|
2008-12-10 21:45:31 +01:00
|
|
|
/** Did our most recent attempt to configure nameservers with eventdns fail? */
|
|
|
|
static int nameserver_config_failed = 0;
|
2006-08-28 05:16:02 +02:00
|
|
|
/** What was the resolv_conf fname we last used when configuring the
|
|
|
|
* nameservers? Used to check whether we need to reconfigure. */
|
|
|
|
static char *resolv_conf_fname = NULL;
|
|
|
|
/** What was the mtime on the resolv.conf file we last used when configuring
|
|
|
|
* the nameservers? Used to check whether we need to reconfigure. */
|
|
|
|
static time_t resolv_conf_mtime = 0;
|
2003-02-14 08:53:55 +01:00
|
|
|
|
2006-08-10 11:02:26 +02:00
|
|
|
static void purge_expired_resolves(time_t now);
|
Revise the DNS subsystem to handle IPv6 exits.
Now, every cached_resolve_t can remember an IPv4 result *and* an IPv6
result. As a light protection against timing-based distinguishers for
IPv6 users (and against complexity!), every forward request generates
an IPv4 *and* an IPv6 request, assuming that we're an IPv6 exit. Once
we have answers or errors for both, we act accordingly.
This patch additionally makes some useful refactorings in the dns.c
code, though there is quite a bit more of useful refactoring that could
be done.
Additionally, have a new interface for the argument passed to the
evdns_callback function. Previously, it was just the original address
we were resolving. But it turns out that, on error, evdns doesn't
tell you the type of the query, so on a failure we didn't know whether
IPv4 or IPv6 queries were failing.
The new convention is to have the first byte of that argument include
the query type. I've refactored the code a bit to make that simpler.
2012-11-05 19:26:29 +01:00
|
|
|
static void dns_found_answer(const char *address, uint8_t query_type,
|
|
|
|
int dns_answer,
|
|
|
|
const tor_addr_t *addr,
|
|
|
|
const char *hostname,
|
2006-06-03 22:52:24 +02:00
|
|
|
uint32_t ttl);
|
2006-12-28 22:29:11 +01:00
|
|
|
static void add_wildcarded_test_address(const char *address);
|
2006-08-28 05:15:55 +02:00
|
|
|
static int configure_nameservers(int force);
|
2006-09-21 23:48:22 +02:00
|
|
|
static int answer_is_wildcarded(const char *ip);
|
Revise the DNS subsystem to handle IPv6 exits.
Now, every cached_resolve_t can remember an IPv4 result *and* an IPv6
result. As a light protection against timing-based distinguishers for
IPv6 users (and against complexity!), every forward request generates
an IPv4 *and* an IPv6 request, assuming that we're an IPv6 exit. Once
we have answers or errors for both, we act accordingly.
This patch additionally makes some useful refactorings in the dns.c
code, though there is quite a bit more of useful refactoring that could
be done.
Additionally, have a new interface for the argument passed to the
evdns_callback function. Previously, it was just the original address
we were resolving. But it turns out that, on error, evdns doesn't
tell you the type of the query, so on a failure we didn't know whether
IPv4 or IPv6 queries were failing.
The new convention is to have the first byte of that argument include
the query type. I've refactored the code a bit to make that simpler.
2012-11-05 19:26:29 +01:00
|
|
|
static int evdns_err_is_transient(int err);
|
|
|
|
static void inform_pending_connections(cached_resolve_t *resolve);
|
|
|
|
static void make_pending_resolve_cached(cached_resolve_t *cached);
|
|
|
|
|
2006-08-14 22:16:21 +02:00
|
|
|
#ifdef DEBUG_DNS_CACHE
|
2012-10-12 18:22:13 +02:00
|
|
|
static void assert_cache_ok_(void);
|
|
|
|
#define assert_cache_ok() assert_cache_ok_()
|
2006-08-14 22:16:21 +02:00
|
|
|
#else
|
2007-06-17 20:22:39 +02:00
|
|
|
#define assert_cache_ok() STMT_NIL
|
2017-09-15 22:24:44 +02:00
|
|
|
#endif /* defined(DEBUG_DNS_CACHE) */
|
2006-07-11 22:51:58 +02:00
|
|
|
static void assert_resolve_ok(cached_resolve_t *resolve);
|
2004-03-12 19:45:42 +01:00
|
|
|
|
2005-12-03 03:01:18 +01:00
|
|
|
/** Hash table of cached_resolve objects. */
|
|
|
|
static HT_HEAD(cache_map, cached_resolve_t) cache_root;
|
2003-02-14 08:53:55 +01:00
|
|
|
|
2012-11-14 21:20:28 +01:00
|
|
|
/** Global: how many IPv6 requests have we made in all? */
|
Revise the DNS subsystem to handle IPv6 exits.
Now, every cached_resolve_t can remember an IPv4 result *and* an IPv6
result. As a light protection against timing-based distinguishers for
IPv6 users (and against complexity!), every forward request generates
an IPv4 *and* an IPv6 request, assuming that we're an IPv6 exit. Once
we have answers or errors for both, we act accordingly.
This patch additionally makes some useful refactorings in the dns.c
code, though there is quite a bit more of useful refactoring that could
be done.
Additionally, have a new interface for the argument passed to the
evdns_callback function. Previously, it was just the original address
we were resolving. But it turns out that, on error, evdns doesn't
tell you the type of the query, so on a failure we didn't know whether
IPv4 or IPv6 queries were failing.
The new convention is to have the first byte of that argument include
the query type. I've refactored the code a bit to make that simpler.
2012-11-05 19:26:29 +01:00
|
|
|
static uint64_t n_ipv6_requests_made = 0;
|
2012-11-14 21:20:28 +01:00
|
|
|
/** Global: how many IPv6 requests have timed out? */
|
Revise the DNS subsystem to handle IPv6 exits.
Now, every cached_resolve_t can remember an IPv4 result *and* an IPv6
result. As a light protection against timing-based distinguishers for
IPv6 users (and against complexity!), every forward request generates
an IPv4 *and* an IPv6 request, assuming that we're an IPv6 exit. Once
we have answers or errors for both, we act accordingly.
This patch additionally makes some useful refactorings in the dns.c
code, though there is quite a bit more of useful refactoring that could
be done.
Additionally, have a new interface for the argument passed to the
evdns_callback function. Previously, it was just the original address
we were resolving. But it turns out that, on error, evdns doesn't
tell you the type of the query, so on a failure we didn't know whether
IPv4 or IPv6 queries were failing.
The new convention is to have the first byte of that argument include
the query type. I've refactored the code a bit to make that simpler.
2012-11-05 19:26:29 +01:00
|
|
|
static uint64_t n_ipv6_timeouts = 0;
|
2012-11-14 21:20:28 +01:00
|
|
|
/** Global: Do we think that IPv6 DNS is broken? */
|
Revise the DNS subsystem to handle IPv6 exits.
Now, every cached_resolve_t can remember an IPv4 result *and* an IPv6
result. As a light protection against timing-based distinguishers for
IPv6 users (and against complexity!), every forward request generates
an IPv4 *and* an IPv6 request, assuming that we're an IPv6 exit. Once
we have answers or errors for both, we act accordingly.
This patch additionally makes some useful refactorings in the dns.c
code, though there is quite a bit more of useful refactoring that could
be done.
Additionally, have a new interface for the argument passed to the
evdns_callback function. Previously, it was just the original address
we were resolving. But it turns out that, on error, evdns doesn't
tell you the type of the query, so on a failure we didn't know whether
IPv4 or IPv6 queries were failing.
The new convention is to have the first byte of that argument include
the query type. I've refactored the code a bit to make that simpler.
2012-11-05 19:26:29 +01:00
|
|
|
static int dns_is_broken_for_ipv6 = 0;
|
|
|
|
|
2004-05-09 18:47:25 +02:00
|
|
|
/** Function to compare hashed resolves on their addresses; used to
|
2005-12-03 03:21:31 +01:00
|
|
|
* implement hash tables. */
|
2015-12-10 16:19:43 +01:00
|
|
|
static inline int
|
2005-11-23 05:18:45 +01:00
|
|
|
cached_resolves_eq(cached_resolve_t *a, cached_resolve_t *b)
|
2005-09-30 03:09:52 +02:00
|
|
|
{
|
2003-02-14 08:53:55 +01:00
|
|
|
/* make this smarter one day? */
|
2006-07-11 22:51:58 +02:00
|
|
|
assert_resolve_ok(a); // Not b; b may be just a search.
|
2005-11-23 05:18:45 +01:00
|
|
|
return !strncmp(a->address, b->address, MAX_ADDRESSLEN);
|
|
|
|
}
|
|
|
|
|
2006-08-28 05:16:02 +02:00
|
|
|
/** Hash function for cached_resolve objects */
|
2015-12-10 16:19:43 +01:00
|
|
|
static inline unsigned int
|
2005-11-23 05:18:45 +01:00
|
|
|
cached_resolve_hash(cached_resolve_t *a)
|
|
|
|
{
|
2014-02-07 23:38:16 +01:00
|
|
|
return (unsigned) siphash24g((const uint8_t*)a->address, strlen(a->address));
|
2003-02-14 08:53:55 +01:00
|
|
|
}
|
|
|
|
|
2005-12-03 03:01:18 +01:00
|
|
|
HT_PROTOTYPE(cache_map, cached_resolve_t, node, cached_resolve_hash,
|
2007-06-17 20:22:35 +02:00
|
|
|
cached_resolves_eq)
|
2014-09-02 18:48:34 +02:00
|
|
|
HT_GENERATE2(cache_map, cached_resolve_t, node, cached_resolve_hash,
|
|
|
|
cached_resolves_eq, 0.6, tor_reallocarray_, tor_free_)
|
2003-02-14 08:53:55 +01:00
|
|
|
|
2004-05-10 12:27:54 +02:00
|
|
|
/** Initialize the DNS cache. */
|
2005-06-11 20:52:12 +02:00
|
|
|
static void
|
2005-12-03 03:01:18 +01:00
|
|
|
init_cache_map(void)
|
2005-06-11 20:52:12 +02:00
|
|
|
{
|
2006-10-20 18:22:53 +02:00
|
|
|
HT_INIT(cache_map, &cache_root);
|
2003-02-14 08:53:55 +01:00
|
|
|
}
|
|
|
|
|
2006-08-28 05:16:02 +02:00
|
|
|
/** Helper: called by eventdns when eventdns wants to log something. */
|
2006-07-05 23:28:37 +02:00
|
|
|
static void
|
2006-09-24 19:52:23 +02:00
|
|
|
evdns_log_cb(int warn, const char *msg)
|
2006-07-05 23:28:37 +02:00
|
|
|
{
|
2007-01-06 08:34:07 +01:00
|
|
|
const char *cp;
|
2007-01-16 18:39:08 +01:00
|
|
|
static int all_down = 0;
|
|
|
|
int severity = warn ? LOG_WARN : LOG_INFO;
|
2006-07-07 19:33:30 +02:00
|
|
|
if (!strcmpstart(msg, "Resolve requested for") &&
|
|
|
|
get_options()->SafeLogging) {
|
2013-02-01 21:43:37 +01:00
|
|
|
log_info(LD_EXIT, "eventdns: Resolve requested.");
|
2006-07-07 19:33:30 +02:00
|
|
|
return;
|
2006-08-28 05:16:02 +02:00
|
|
|
} else if (!strcmpstart(msg, "Search: ")) {
|
|
|
|
return;
|
2006-07-07 19:33:30 +02:00
|
|
|
}
|
2007-01-06 08:34:07 +01:00
|
|
|
if (!strcmpstart(msg, "Nameserver ") && (cp=strstr(msg, " has failed: "))) {
|
|
|
|
char *ns = tor_strndup(msg+11, cp-(msg+11));
|
2017-05-15 17:25:52 +02:00
|
|
|
const char *colon = strchr(cp, ':');
|
|
|
|
tor_assert(colon);
|
|
|
|
const char *err = colon+2;
|
2006-12-28 22:29:26 +01:00
|
|
|
/* Don't warn about a single failed nameserver; we'll warn with 'all
|
|
|
|
* nameservers have failed' if we're completely out of nameservers;
|
|
|
|
* otherwise, the situation is tolerable. */
|
2007-01-16 18:39:08 +01:00
|
|
|
severity = LOG_INFO;
|
2007-01-09 06:14:34 +01:00
|
|
|
control_event_server_status(LOG_NOTICE,
|
2007-01-06 08:34:07 +01:00
|
|
|
"NAMESERVER_STATUS NS=%s STATUS=DOWN ERR=%s",
|
|
|
|
ns, escaped(err));
|
|
|
|
tor_free(ns);
|
|
|
|
} else if (!strcmpstart(msg, "Nameserver ") &&
|
|
|
|
(cp=strstr(msg, " is back up"))) {
|
|
|
|
char *ns = tor_strndup(msg+11, cp-(msg+11));
|
2007-01-17 01:14:43 +01:00
|
|
|
severity = (all_down && warn) ? LOG_NOTICE : LOG_INFO;
|
2007-01-16 18:39:08 +01:00
|
|
|
all_down = 0;
|
2007-01-06 08:34:07 +01:00
|
|
|
control_event_server_status(LOG_NOTICE,
|
|
|
|
"NAMESERVER_STATUS NS=%s STATUS=UP", ns);
|
|
|
|
tor_free(ns);
|
|
|
|
} else if (!strcmp(msg, "All nameservers have failed")) {
|
|
|
|
control_event_server_status(LOG_WARN, "NAMESERVER_ALL_DOWN");
|
2007-01-16 18:39:08 +01:00
|
|
|
all_down = 1;
|
2017-05-24 16:32:38 +02:00
|
|
|
} else if (!strcmpstart(msg, "Address mismatch on received DNS")) {
|
|
|
|
static ratelim_t mismatch_limit = RATELIM_INIT(3600);
|
|
|
|
const char *src = strstr(msg, " Apparent source");
|
|
|
|
if (!src || get_options()->SafeLogging) {
|
|
|
|
src = "";
|
|
|
|
}
|
|
|
|
log_fn_ratelim(&mismatch_limit, severity, LD_EXIT,
|
|
|
|
"eventdns: Received a DNS packet from "
|
|
|
|
"an IP address to which we did not send a request. This "
|
|
|
|
"could be a DNS spoofing attempt, or some kind of "
|
|
|
|
"misconfiguration.%s", src);
|
|
|
|
return;
|
2006-12-28 22:29:26 +01:00
|
|
|
}
|
2013-02-01 21:43:37 +01:00
|
|
|
tor_log(severity, LD_EXIT, "eventdns: %s", msg);
|
2006-07-05 23:28:37 +02:00
|
|
|
}
|
|
|
|
|
2008-12-22 18:53:04 +01:00
|
|
|
/** Helper: passed to eventdns.c as a callback so it can generate random
|
|
|
|
* numbers for transaction IDs and 0x20-hack coding. */
|
2008-10-29 20:20:02 +01:00
|
|
|
static void
|
2012-10-12 18:22:13 +02:00
|
|
|
dns_randfn_(char *b, size_t n)
|
2007-09-19 17:53:36 +02:00
|
|
|
{
|
2008-10-29 20:20:02 +01:00
|
|
|
crypto_rand(b,n);
|
2007-09-19 17:53:36 +02:00
|
|
|
}
|
|
|
|
|
2004-05-09 18:47:25 +02:00
|
|
|
/** Initialize the DNS subsystem; called by the OR process. */
|
2006-08-14 23:44:34 +02:00
|
|
|
int
|
2005-06-11 20:52:12 +02:00
|
|
|
dns_init(void)
|
|
|
|
{
|
2005-12-03 03:01:18 +01:00
|
|
|
init_cache_map();
|
2012-10-12 18:22:13 +02:00
|
|
|
evdns_set_random_bytes_fn(dns_randfn_);
|
2008-10-29 20:20:02 +01:00
|
|
|
if (server_mode(get_options())) {
|
|
|
|
int r = configure_nameservers(1);
|
|
|
|
return r;
|
|
|
|
}
|
2006-08-16 04:18:55 +02:00
|
|
|
return 0;
|
2003-06-17 16:31:05 +02:00
|
|
|
}
|
2003-02-14 08:53:55 +01:00
|
|
|
|
2007-02-02 19:58:04 +01:00
|
|
|
/** Called when DNS-related options change (or may have changed). Returns -1
|
|
|
|
* on failure, 0 on success. */
|
|
|
|
int
|
2006-08-28 05:15:55 +02:00
|
|
|
dns_reset(void)
|
|
|
|
{
|
2011-06-14 19:01:38 +02:00
|
|
|
const or_options_t *options = get_options();
|
2006-08-28 05:15:55 +02:00
|
|
|
if (! server_mode(options)) {
|
2010-04-03 12:13:25 +02:00
|
|
|
|
|
|
|
if (!the_evdns_base) {
|
|
|
|
if (!(the_evdns_base = evdns_base_new(tor_libevent_get_base(), 0))) {
|
|
|
|
log_err(LD_BUG, "Couldn't create an evdns_base");
|
|
|
|
return -1;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2009-10-13 23:54:04 +02:00
|
|
|
evdns_base_clear_nameservers_and_suspend(the_evdns_base);
|
|
|
|
evdns_base_search_clear(the_evdns_base);
|
2006-08-28 05:15:55 +02:00
|
|
|
nameservers_configured = 0;
|
|
|
|
tor_free(resolv_conf_fname);
|
|
|
|
resolv_conf_mtime = 0;
|
|
|
|
} else {
|
2008-12-10 21:45:31 +01:00
|
|
|
if (configure_nameservers(0) < 0) {
|
2007-02-02 19:58:04 +01:00
|
|
|
return -1;
|
2008-12-10 21:45:31 +01:00
|
|
|
}
|
2006-08-28 05:15:55 +02:00
|
|
|
}
|
2007-02-02 21:39:55 +01:00
|
|
|
return 0;
|
2006-08-28 05:15:55 +02:00
|
|
|
}
|
|
|
|
|
2008-12-17 23:58:20 +01:00
|
|
|
/** Return true iff the most recent attempt to initialize the DNS subsystem
|
|
|
|
* failed. */
|
2008-12-10 21:45:31 +01:00
|
|
|
int
|
|
|
|
has_dns_init_failed(void)
|
|
|
|
{
|
|
|
|
return nameserver_config_failed;
|
|
|
|
}
|
|
|
|
|
2006-08-28 05:16:02 +02:00
|
|
|
/** Helper: Given a TTL from a DNS response, determine what TTL to give the
|
2017-01-02 20:55:39 +01:00
|
|
|
* OP that asked us to resolve it, and how long to cache that record
|
|
|
|
* ourselves. */
|
2006-06-03 23:41:14 +02:00
|
|
|
uint32_t
|
|
|
|
dns_clip_ttl(uint32_t ttl)
|
|
|
|
{
|
2017-01-02 20:55:39 +01:00
|
|
|
/* This logic is a defense against "DefectTor" DNS-based traffic
|
|
|
|
* confirmation attacks, as in https://nymity.ch/tor-dns/tor-dns.pdf .
|
|
|
|
* We only give two values: a "low" value and a "high" value.
|
|
|
|
*/
|
|
|
|
if (ttl < MIN_DNS_TTL_AT_EXIT)
|
|
|
|
return MIN_DNS_TTL_AT_EXIT;
|
2006-06-03 23:41:14 +02:00
|
|
|
else
|
2017-01-02 20:55:39 +01:00
|
|
|
return MAX_DNS_TTL_AT_EXIT;
|
2006-06-03 23:41:14 +02:00
|
|
|
}
|
|
|
|
|
2005-06-11 20:52:12 +02:00
|
|
|
/** Helper: free storage held by an entry in the DNS cache. */
|
2005-02-11 02:26:47 +01:00
|
|
|
static void
|
2012-10-12 18:22:13 +02:00
|
|
|
free_cached_resolve_(cached_resolve_t *r)
|
2005-06-11 20:52:12 +02:00
|
|
|
{
|
2009-09-28 16:37:01 +02:00
|
|
|
if (!r)
|
|
|
|
return;
|
2005-03-14 04:18:35 +01:00
|
|
|
while (r->pending_connections) {
|
2005-07-22 23:12:10 +02:00
|
|
|
pending_connection_t *victim = r->pending_connections;
|
2005-02-11 02:26:47 +01:00
|
|
|
r->pending_connections = victim->next;
|
|
|
|
tor_free(victim);
|
|
|
|
}
|
Revise the DNS subsystem to handle IPv6 exits.
Now, every cached_resolve_t can remember an IPv4 result *and* an IPv6
result. As a light protection against timing-based distinguishers for
IPv6 users (and against complexity!), every forward request generates
an IPv4 *and* an IPv6 request, assuming that we're an IPv6 exit. Once
we have answers or errors for both, we act accordingly.
This patch additionally makes some useful refactorings in the dns.c
code, though there is quite a bit more of useful refactoring that could
be done.
Additionally, have a new interface for the argument passed to the
evdns_callback function. Previously, it was just the original address
we were resolving. But it turns out that, on error, evdns doesn't
tell you the type of the query, so on a failure we didn't know whether
IPv4 or IPv6 queries were failing.
The new convention is to have the first byte of that argument include
the query type. I've refactored the code a bit to make that simpler.
2012-11-05 19:26:29 +01:00
|
|
|
if (r->res_status_hostname == RES_STATUS_DONE_OK)
|
|
|
|
tor_free(r->result_ptr.hostname);
|
2006-07-11 22:51:58 +02:00
|
|
|
r->magic = 0xFF00FF00;
|
2005-02-11 02:26:47 +01:00
|
|
|
tor_free(r);
|
|
|
|
}
|
|
|
|
|
2006-07-31 20:01:49 +02:00
|
|
|
/** Compare two cached_resolve_t pointers by expiry time, and return
|
|
|
|
* less-than-zero, zero, or greater-than-zero as appropriate. Used for
|
|
|
|
* the priority queue implementation. */
|
2006-07-31 20:00:18 +02:00
|
|
|
static int
|
2012-10-12 18:22:13 +02:00
|
|
|
compare_cached_resolves_by_expiry_(const void *_a, const void *_b)
|
2006-07-31 20:00:18 +02:00
|
|
|
{
|
2006-07-31 20:01:18 +02:00
|
|
|
const cached_resolve_t *a = _a, *b = _b;
|
2008-02-22 20:09:45 +01:00
|
|
|
if (a->expire < b->expire)
|
|
|
|
return -1;
|
|
|
|
else if (a->expire == b->expire)
|
|
|
|
return 0;
|
|
|
|
else
|
|
|
|
return 1;
|
2006-07-31 20:00:18 +02:00
|
|
|
}
|
|
|
|
|
2006-07-31 20:01:49 +02:00
|
|
|
/** Priority queue of cached_resolve_t objects to let us know when they
|
|
|
|
* will expire. */
|
2006-07-31 20:00:18 +02:00
|
|
|
static smartlist_t *cached_resolve_pqueue = NULL;
|
|
|
|
|
Revise the DNS subsystem to handle IPv6 exits.
Now, every cached_resolve_t can remember an IPv4 result *and* an IPv6
result. As a light protection against timing-based distinguishers for
IPv6 users (and against complexity!), every forward request generates
an IPv4 *and* an IPv6 request, assuming that we're an IPv6 exit. Once
we have answers or errors for both, we act accordingly.
This patch additionally makes some useful refactorings in the dns.c
code, though there is quite a bit more of useful refactoring that could
be done.
Additionally, have a new interface for the argument passed to the
evdns_callback function. Previously, it was just the original address
we were resolving. But it turns out that, on error, evdns doesn't
tell you the type of the query, so on a failure we didn't know whether
IPv4 or IPv6 queries were failing.
The new convention is to have the first byte of that argument include
the query type. I've refactored the code a bit to make that simpler.
2012-11-05 19:26:29 +01:00
|
|
|
static void
|
|
|
|
cached_resolve_add_answer(cached_resolve_t *resolve,
|
|
|
|
int query_type,
|
|
|
|
int dns_result,
|
|
|
|
const tor_addr_t *answer_addr,
|
|
|
|
const char *answer_hostname,
|
|
|
|
uint32_t ttl)
|
|
|
|
{
|
|
|
|
if (query_type == DNS_PTR) {
|
|
|
|
if (resolve->res_status_hostname != RES_STATUS_INFLIGHT)
|
|
|
|
return;
|
|
|
|
|
|
|
|
if (dns_result == DNS_ERR_NONE && answer_hostname) {
|
|
|
|
resolve->result_ptr.hostname = tor_strdup(answer_hostname);
|
|
|
|
resolve->res_status_hostname = RES_STATUS_DONE_OK;
|
|
|
|
} else {
|
|
|
|
resolve->result_ptr.err_hostname = dns_result;
|
|
|
|
resolve->res_status_hostname = RES_STATUS_DONE_ERR;
|
|
|
|
}
|
|
|
|
resolve->ttl_hostname = ttl;
|
|
|
|
} else if (query_type == DNS_IPv4_A) {
|
|
|
|
if (resolve->res_status_ipv4 != RES_STATUS_INFLIGHT)
|
|
|
|
return;
|
|
|
|
|
2013-07-26 15:33:46 +02:00
|
|
|
if (dns_result == DNS_ERR_NONE && answer_addr &&
|
|
|
|
tor_addr_family(answer_addr) == AF_INET) {
|
Revise the DNS subsystem to handle IPv6 exits.
Now, every cached_resolve_t can remember an IPv4 result *and* an IPv6
result. As a light protection against timing-based distinguishers for
IPv6 users (and against complexity!), every forward request generates
an IPv4 *and* an IPv6 request, assuming that we're an IPv6 exit. Once
we have answers or errors for both, we act accordingly.
This patch additionally makes some useful refactorings in the dns.c
code, though there is quite a bit more of useful refactoring that could
be done.
Additionally, have a new interface for the argument passed to the
evdns_callback function. Previously, it was just the original address
we were resolving. But it turns out that, on error, evdns doesn't
tell you the type of the query, so on a failure we didn't know whether
IPv4 or IPv6 queries were failing.
The new convention is to have the first byte of that argument include
the query type. I've refactored the code a bit to make that simpler.
2012-11-05 19:26:29 +01:00
|
|
|
resolve->result_ipv4.addr_ipv4 = tor_addr_to_ipv4h(answer_addr);
|
|
|
|
resolve->res_status_ipv4 = RES_STATUS_DONE_OK;
|
|
|
|
} else {
|
|
|
|
resolve->result_ipv4.err_ipv4 = dns_result;
|
|
|
|
resolve->res_status_ipv4 = RES_STATUS_DONE_ERR;
|
|
|
|
}
|
2016-07-27 18:01:03 +02:00
|
|
|
resolve->ttl_ipv4 = ttl;
|
Revise the DNS subsystem to handle IPv6 exits.
Now, every cached_resolve_t can remember an IPv4 result *and* an IPv6
result. As a light protection against timing-based distinguishers for
IPv6 users (and against complexity!), every forward request generates
an IPv4 *and* an IPv6 request, assuming that we're an IPv6 exit. Once
we have answers or errors for both, we act accordingly.
This patch additionally makes some useful refactorings in the dns.c
code, though there is quite a bit more of useful refactoring that could
be done.
Additionally, have a new interface for the argument passed to the
evdns_callback function. Previously, it was just the original address
we were resolving. But it turns out that, on error, evdns doesn't
tell you the type of the query, so on a failure we didn't know whether
IPv4 or IPv6 queries were failing.
The new convention is to have the first byte of that argument include
the query type. I've refactored the code a bit to make that simpler.
2012-11-05 19:26:29 +01:00
|
|
|
} else if (query_type == DNS_IPv6_AAAA) {
|
|
|
|
if (resolve->res_status_ipv6 != RES_STATUS_INFLIGHT)
|
|
|
|
return;
|
|
|
|
|
2013-07-26 15:33:46 +02:00
|
|
|
if (dns_result == DNS_ERR_NONE && answer_addr &&
|
|
|
|
tor_addr_family(answer_addr) == AF_INET6) {
|
Revise the DNS subsystem to handle IPv6 exits.
Now, every cached_resolve_t can remember an IPv4 result *and* an IPv6
result. As a light protection against timing-based distinguishers for
IPv6 users (and against complexity!), every forward request generates
an IPv4 *and* an IPv6 request, assuming that we're an IPv6 exit. Once
we have answers or errors for both, we act accordingly.
This patch additionally makes some useful refactorings in the dns.c
code, though there is quite a bit more of useful refactoring that could
be done.
Additionally, have a new interface for the argument passed to the
evdns_callback function. Previously, it was just the original address
we were resolving. But it turns out that, on error, evdns doesn't
tell you the type of the query, so on a failure we didn't know whether
IPv4 or IPv6 queries were failing.
The new convention is to have the first byte of that argument include
the query type. I've refactored the code a bit to make that simpler.
2012-11-05 19:26:29 +01:00
|
|
|
memcpy(&resolve->result_ipv6.addr_ipv6,
|
|
|
|
tor_addr_to_in6(answer_addr),
|
|
|
|
sizeof(struct in6_addr));
|
|
|
|
resolve->res_status_ipv6 = RES_STATUS_DONE_OK;
|
|
|
|
} else {
|
|
|
|
resolve->result_ipv6.err_ipv6 = dns_result;
|
|
|
|
resolve->res_status_ipv6 = RES_STATUS_DONE_ERR;
|
|
|
|
}
|
2016-07-27 18:01:03 +02:00
|
|
|
resolve->ttl_ipv6 = ttl;
|
Revise the DNS subsystem to handle IPv6 exits.
Now, every cached_resolve_t can remember an IPv4 result *and* an IPv6
result. As a light protection against timing-based distinguishers for
IPv6 users (and against complexity!), every forward request generates
an IPv4 *and* an IPv6 request, assuming that we're an IPv6 exit. Once
we have answers or errors for both, we act accordingly.
This patch additionally makes some useful refactorings in the dns.c
code, though there is quite a bit more of useful refactoring that could
be done.
Additionally, have a new interface for the argument passed to the
evdns_callback function. Previously, it was just the original address
we were resolving. But it turns out that, on error, evdns doesn't
tell you the type of the query, so on a failure we didn't know whether
IPv4 or IPv6 queries were failing.
The new convention is to have the first byte of that argument include
the query type. I've refactored the code a bit to make that simpler.
2012-11-05 19:26:29 +01:00
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2012-11-14 21:20:28 +01:00
|
|
|
/** Return true iff there are no in-flight requests for <b>resolve</b>. */
|
Revise the DNS subsystem to handle IPv6 exits.
Now, every cached_resolve_t can remember an IPv4 result *and* an IPv6
result. As a light protection against timing-based distinguishers for
IPv6 users (and against complexity!), every forward request generates
an IPv4 *and* an IPv6 request, assuming that we're an IPv6 exit. Once
we have answers or errors for both, we act accordingly.
This patch additionally makes some useful refactorings in the dns.c
code, though there is quite a bit more of useful refactoring that could
be done.
Additionally, have a new interface for the argument passed to the
evdns_callback function. Previously, it was just the original address
we were resolving. But it turns out that, on error, evdns doesn't
tell you the type of the query, so on a failure we didn't know whether
IPv4 or IPv6 queries were failing.
The new convention is to have the first byte of that argument include
the query type. I've refactored the code a bit to make that simpler.
2012-11-05 19:26:29 +01:00
|
|
|
static int
|
|
|
|
cached_resolve_have_all_answers(const cached_resolve_t *resolve)
|
|
|
|
{
|
|
|
|
return (resolve->res_status_ipv4 != RES_STATUS_INFLIGHT &&
|
|
|
|
resolve->res_status_ipv6 != RES_STATUS_INFLIGHT &&
|
|
|
|
resolve->res_status_hostname != RES_STATUS_INFLIGHT);
|
|
|
|
}
|
|
|
|
|
2006-07-31 20:01:49 +02:00
|
|
|
/** Set an expiry time for a cached_resolve_t, and add it to the expiry
|
|
|
|
* priority queue */
|
2006-07-31 20:00:18 +02:00
|
|
|
static void
|
|
|
|
set_expiry(cached_resolve_t *resolve, time_t expires)
|
|
|
|
{
|
|
|
|
tor_assert(resolve && resolve->expire == 0);
|
2006-07-31 20:01:45 +02:00
|
|
|
if (!cached_resolve_pqueue)
|
2012-01-18 21:53:30 +01:00
|
|
|
cached_resolve_pqueue = smartlist_new();
|
2006-07-31 20:00:18 +02:00
|
|
|
resolve->expire = expires;
|
|
|
|
smartlist_pqueue_add(cached_resolve_pqueue,
|
2012-10-12 18:22:13 +02:00
|
|
|
compare_cached_resolves_by_expiry_,
|
2017-08-01 01:30:30 +02:00
|
|
|
offsetof(cached_resolve_t, minheap_idx),
|
2006-07-31 20:00:18 +02:00
|
|
|
resolve);
|
|
|
|
}
|
|
|
|
|
2006-08-28 05:16:02 +02:00
|
|
|
/** Free all storage held in the DNS cache and related structures. */
|
2005-02-11 02:26:47 +01:00
|
|
|
void
|
|
|
|
dns_free_all(void)
|
|
|
|
{
|
2005-11-23 05:18:45 +01:00
|
|
|
cached_resolve_t **ptr, **next, *item;
|
2007-02-08 23:07:56 +01:00
|
|
|
assert_cache_ok();
|
2007-01-22 20:13:02 +01:00
|
|
|
if (cached_resolve_pqueue) {
|
|
|
|
SMARTLIST_FOREACH(cached_resolve_pqueue, cached_resolve_t *, res,
|
|
|
|
{
|
2007-02-08 23:07:56 +01:00
|
|
|
if (res->state == CACHE_STATE_DONE)
|
2012-10-12 18:22:13 +02:00
|
|
|
free_cached_resolve_(res);
|
2007-01-22 20:13:02 +01:00
|
|
|
});
|
|
|
|
}
|
2005-12-03 03:01:18 +01:00
|
|
|
for (ptr = HT_START(cache_map, &cache_root); ptr != NULL; ptr = next) {
|
2005-11-23 05:18:45 +01:00
|
|
|
item = *ptr;
|
2005-12-03 03:01:18 +01:00
|
|
|
next = HT_NEXT_RMV(cache_map, &cache_root, ptr);
|
2012-10-12 18:22:13 +02:00
|
|
|
free_cached_resolve_(item);
|
2005-02-11 02:26:47 +01:00
|
|
|
}
|
2005-12-03 03:01:18 +01:00
|
|
|
HT_CLEAR(cache_map, &cache_root);
|
2009-12-12 08:07:59 +01:00
|
|
|
smartlist_free(cached_resolve_pqueue);
|
2006-07-31 20:00:18 +02:00
|
|
|
cached_resolve_pqueue = NULL;
|
2006-08-28 05:16:02 +02:00
|
|
|
tor_free(resolv_conf_fname);
|
2005-02-11 02:26:47 +01:00
|
|
|
}
|
|
|
|
|
2007-11-11 05:19:11 +01:00
|
|
|
/** Remove every cached_resolve whose <b>expire</b> time is before or
|
|
|
|
* equal to <b>now</b> from the cache. */
|
2005-06-11 20:52:12 +02:00
|
|
|
static void
|
2006-08-10 11:02:26 +02:00
|
|
|
purge_expired_resolves(time_t now)
|
2005-06-11 20:52:12 +02:00
|
|
|
{
|
2006-07-27 20:35:56 +02:00
|
|
|
cached_resolve_t *resolve, *removed;
|
2005-07-22 23:12:10 +02:00
|
|
|
pending_connection_t *pend;
|
2006-07-26 21:07:26 +02:00
|
|
|
edge_connection_t *pendconn;
|
2003-08-14 05:52:51 +02:00
|
|
|
|
2006-07-27 20:35:56 +02:00
|
|
|
assert_cache_ok();
|
2006-07-31 20:00:18 +02:00
|
|
|
if (!cached_resolve_pqueue)
|
|
|
|
return;
|
|
|
|
|
|
|
|
while (smartlist_len(cached_resolve_pqueue)) {
|
|
|
|
resolve = smartlist_get(cached_resolve_pqueue, 0);
|
|
|
|
if (resolve->expire > now)
|
|
|
|
break;
|
|
|
|
smartlist_pqueue_pop(cached_resolve_pqueue,
|
2012-10-12 18:22:13 +02:00
|
|
|
compare_cached_resolves_by_expiry_,
|
2017-08-01 01:30:30 +02:00
|
|
|
offsetof(cached_resolve_t, minheap_idx));
|
2006-07-31 20:00:18 +02:00
|
|
|
|
2004-11-28 10:05:49 +01:00
|
|
|
if (resolve->state == CACHE_STATE_PENDING) {
|
2006-02-13 10:37:53 +01:00
|
|
|
log_debug(LD_EXIT,
|
2006-08-10 11:02:12 +02:00
|
|
|
"Expiring a dns resolve %s that's still pending. Forgot to "
|
|
|
|
"cull it? DNS resolve didn't tell us about the timeout?",
|
2006-07-31 20:01:18 +02:00
|
|
|
escaped_safe_str(resolve->address));
|
Revise the DNS subsystem to handle IPv6 exits.
Now, every cached_resolve_t can remember an IPv4 result *and* an IPv6
result. As a light protection against timing-based distinguishers for
IPv6 users (and against complexity!), every forward request generates
an IPv4 *and* an IPv6 request, assuming that we're an IPv6 exit. Once
we have answers or errors for both, we act accordingly.
This patch additionally makes some useful refactorings in the dns.c
code, though there is quite a bit more of useful refactoring that could
be done.
Additionally, have a new interface for the argument passed to the
evdns_callback function. Previously, it was just the original address
we were resolving. But it turns out that, on error, evdns doesn't
tell you the type of the query, so on a failure we didn't know whether
IPv4 or IPv6 queries were failing.
The new convention is to have the first byte of that argument include
the query type. I've refactored the code a bit to make that simpler.
2012-11-05 19:26:29 +01:00
|
|
|
} else if (resolve->state == CACHE_STATE_CACHED) {
|
2006-07-31 20:01:18 +02:00
|
|
|
log_debug(LD_EXIT,
|
|
|
|
"Forgetting old cached resolve (address %s, expires %lu)",
|
|
|
|
escaped_safe_str(resolve->address),
|
|
|
|
(unsigned long)resolve->expire);
|
|
|
|
tor_assert(!resolve->pending_connections);
|
|
|
|
} else {
|
|
|
|
tor_assert(resolve->state == CACHE_STATE_DONE);
|
|
|
|
tor_assert(!resolve->pending_connections);
|
2004-06-02 00:09:58 +02:00
|
|
|
}
|
2006-07-31 20:00:18 +02:00
|
|
|
|
2004-06-02 00:09:58 +02:00
|
|
|
if (resolve->pending_connections) {
|
2006-02-13 10:37:53 +01:00
|
|
|
log_debug(LD_EXIT,
|
2006-07-31 20:01:18 +02:00
|
|
|
"Closing pending connections on timed-out DNS resolve!");
|
2004-06-02 00:09:58 +02:00
|
|
|
while (resolve->pending_connections) {
|
|
|
|
pend = resolve->pending_connections;
|
|
|
|
resolve->pending_connections = pend->next;
|
|
|
|
/* Connections should only be pending if they have no socket. */
|
2012-10-12 18:22:13 +02:00
|
|
|
tor_assert(!SOCKET_OK(pend->conn->base_.s));
|
2004-06-02 00:09:58 +02:00
|
|
|
pendconn = pend->conn;
|
2015-01-08 17:00:21 +01:00
|
|
|
/* Prevent double-remove */
|
|
|
|
pendconn->base_.state = EXIT_CONN_STATE_RESOLVEFAILED;
|
2012-10-12 18:22:13 +02:00
|
|
|
if (!pendconn->base_.marked_for_close) {
|
2012-08-17 22:46:11 +02:00
|
|
|
connection_edge_end(pendconn, END_STREAM_REASON_TIMEOUT);
|
|
|
|
circuit_detach_stream(circuit_get_by_edge_conn(pendconn), pendconn);
|
2017-11-21 14:39:07 +01:00
|
|
|
connection_free_(TO_CONN(pendconn));
|
2012-08-17 22:46:11 +02:00
|
|
|
}
|
2004-06-02 00:09:58 +02:00
|
|
|
tor_free(pend);
|
|
|
|
}
|
2004-02-28 23:13:58 +01:00
|
|
|
}
|
2006-07-31 20:00:18 +02:00
|
|
|
|
Revise the DNS subsystem to handle IPv6 exits.
Now, every cached_resolve_t can remember an IPv4 result *and* an IPv6
result. As a light protection against timing-based distinguishers for
IPv6 users (and against complexity!), every forward request generates
an IPv4 *and* an IPv6 request, assuming that we're an IPv6 exit. Once
we have answers or errors for both, we act accordingly.
This patch additionally makes some useful refactorings in the dns.c
code, though there is quite a bit more of useful refactoring that could
be done.
Additionally, have a new interface for the argument passed to the
evdns_callback function. Previously, it was just the original address
we were resolving. But it turns out that, on error, evdns doesn't
tell you the type of the query, so on a failure we didn't know whether
IPv4 or IPv6 queries were failing.
The new convention is to have the first byte of that argument include
the query type. I've refactored the code a bit to make that simpler.
2012-11-05 19:26:29 +01:00
|
|
|
if (resolve->state == CACHE_STATE_CACHED ||
|
2006-07-31 20:01:18 +02:00
|
|
|
resolve->state == CACHE_STATE_PENDING) {
|
|
|
|
removed = HT_REMOVE(cache_map, &cache_root, resolve);
|
|
|
|
if (removed != resolve) {
|
|
|
|
log_err(LD_BUG, "The expired resolve we purged didn't match any in"
|
|
|
|
" the cache. Tried to purge %s (%p); instead got %s (%p).",
|
2006-08-11 09:09:45 +02:00
|
|
|
resolve->address, (void*)resolve,
|
2010-05-21 04:51:47 +02:00
|
|
|
removed ? removed->address : "NULL", (void*)removed);
|
2006-07-31 20:01:18 +02:00
|
|
|
}
|
|
|
|
tor_assert(removed == resolve);
|
|
|
|
} else {
|
2006-07-31 20:01:49 +02:00
|
|
|
/* This should be in state DONE. Make sure it's not in the cache. */
|
2006-07-31 20:01:18 +02:00
|
|
|
cached_resolve_t *tmp = HT_FIND(cache_map, &cache_root, resolve);
|
|
|
|
tor_assert(tmp != resolve);
|
2006-07-30 05:34:44 +02:00
|
|
|
}
|
Revise the DNS subsystem to handle IPv6 exits.
Now, every cached_resolve_t can remember an IPv4 result *and* an IPv6
result. As a light protection against timing-based distinguishers for
IPv6 users (and against complexity!), every forward request generates
an IPv4 *and* an IPv6 request, assuming that we're an IPv6 exit. Once
we have answers or errors for both, we act accordingly.
This patch additionally makes some useful refactorings in the dns.c
code, though there is quite a bit more of useful refactoring that could
be done.
Additionally, have a new interface for the argument passed to the
evdns_callback function. Previously, it was just the original address
we were resolving. But it turns out that, on error, evdns doesn't
tell you the type of the query, so on a failure we didn't know whether
IPv4 or IPv6 queries were failing.
The new convention is to have the first byte of that argument include
the query type. I've refactored the code a bit to make that simpler.
2012-11-05 19:26:29 +01:00
|
|
|
if (resolve->res_status_hostname == RES_STATUS_DONE_OK)
|
|
|
|
tor_free(resolve->result_ptr.hostname);
|
2007-11-11 05:36:31 +01:00
|
|
|
resolve->magic = 0xF0BBF0BB;
|
|
|
|
tor_free(resolve);
|
2003-08-14 05:52:51 +02:00
|
|
|
}
|
2006-07-31 20:00:18 +02:00
|
|
|
|
2006-07-27 20:35:56 +02:00
|
|
|
assert_cache_ok();
|
2003-08-14 05:52:51 +02:00
|
|
|
}
|
|
|
|
|
2012-10-25 05:45:24 +02:00
|
|
|
/* argument for send_resolved_cell only, meaning "let the answer type be ipv4
|
|
|
|
* or ipv6 depending on the connection's address". */
|
|
|
|
#define RESOLVED_TYPE_AUTO 0xff
|
|
|
|
|
2006-10-06 09:50:57 +02:00
|
|
|
/** Send a response to the RESOLVE request of a connection.
|
|
|
|
* <b>answer_type</b> must be one of
|
2012-11-15 04:06:13 +01:00
|
|
|
* RESOLVED_TYPE_(AUTO|ERROR|ERROR_TRANSIENT|).
|
2006-09-24 19:05:00 +02:00
|
|
|
*
|
|
|
|
* If <b>circ</b> is provided, and we have a cached answer, send the
|
2006-10-06 09:50:57 +02:00
|
|
|
* answer back along circ; otherwise, send the answer back along
|
|
|
|
* <b>conn</b>'s attached circuit.
|
2006-09-24 19:05:00 +02:00
|
|
|
*/
|
2015-07-22 15:46:44 +02:00
|
|
|
MOCK_IMPL(STATIC void,
|
|
|
|
send_resolved_cell,(edge_connection_t *conn, uint8_t answer_type,
|
|
|
|
const cached_resolve_t *resolved))
|
2004-06-17 20:13:09 +02:00
|
|
|
{
|
2012-11-15 04:06:13 +01:00
|
|
|
char buf[RELAY_PAYLOAD_SIZE], *cp = buf;
|
|
|
|
size_t buflen = 0;
|
2006-06-03 23:41:14 +02:00
|
|
|
uint32_t ttl;
|
2004-06-17 20:13:09 +02:00
|
|
|
|
|
|
|
buf[0] = answer_type;
|
2006-06-03 23:41:14 +02:00
|
|
|
ttl = dns_clip_ttl(conn->address_ttl);
|
2004-06-17 20:13:09 +02:00
|
|
|
|
|
|
|
switch (answer_type)
|
|
|
|
{
|
2012-11-15 04:06:13 +01:00
|
|
|
case RESOLVED_TYPE_AUTO:
|
|
|
|
if (resolved && resolved->res_status_ipv4 == RES_STATUS_DONE_OK) {
|
|
|
|
cp[0] = RESOLVED_TYPE_IPV4;
|
|
|
|
cp[1] = 4;
|
|
|
|
set_uint32(cp+2, htonl(resolved->result_ipv4.addr_ipv4));
|
|
|
|
set_uint32(cp+6, htonl(ttl));
|
|
|
|
cp += 10;
|
|
|
|
}
|
|
|
|
if (resolved && resolved->res_status_ipv6 == RES_STATUS_DONE_OK) {
|
|
|
|
const uint8_t *bytes = resolved->result_ipv6.addr_ipv6.s6_addr;
|
|
|
|
cp[0] = RESOLVED_TYPE_IPV6;
|
|
|
|
cp[1] = 16;
|
|
|
|
memcpy(cp+2, bytes, 16);
|
|
|
|
set_uint32(cp+18, htonl(ttl));
|
|
|
|
cp += 22;
|
|
|
|
}
|
|
|
|
if (cp != buf) {
|
|
|
|
buflen = cp - buf;
|
|
|
|
break;
|
|
|
|
} else {
|
|
|
|
answer_type = RESOLVED_TYPE_ERROR;
|
|
|
|
/* fall through. */
|
2012-10-25 05:45:24 +02:00
|
|
|
}
|
2017-05-28 23:49:31 +02:00
|
|
|
/* Falls through. */
|
2004-06-17 20:13:09 +02:00
|
|
|
case RESOLVED_TYPE_ERROR_TRANSIENT:
|
|
|
|
case RESOLVED_TYPE_ERROR:
|
2005-09-02 20:53:31 +02:00
|
|
|
{
|
|
|
|
const char *errmsg = "Error resolving hostname";
|
2008-02-22 20:09:45 +01:00
|
|
|
size_t msglen = strlen(errmsg);
|
2006-06-03 22:52:24 +02:00
|
|
|
|
2012-11-15 04:06:13 +01:00
|
|
|
buf[0] = answer_type;
|
2005-09-02 20:53:31 +02:00
|
|
|
buf[1] = msglen;
|
|
|
|
strlcpy(buf+2, errmsg, sizeof(buf)-2);
|
2006-06-03 22:52:24 +02:00
|
|
|
set_uint32(buf+2+msglen, htonl(ttl));
|
2005-09-02 20:53:31 +02:00
|
|
|
buflen = 6+msglen;
|
|
|
|
break;
|
|
|
|
}
|
2004-06-17 20:13:09 +02:00
|
|
|
default:
|
|
|
|
tor_assert(0);
|
2006-08-11 09:09:45 +02:00
|
|
|
return;
|
2004-06-17 20:13:09 +02:00
|
|
|
}
|
2006-09-22 02:10:26 +02:00
|
|
|
// log_notice(LD_EXIT, "Sending a regular RESOLVED reply: ");
|
2006-09-24 22:54:59 +02:00
|
|
|
|
2007-03-24 16:58:11 +01:00
|
|
|
connection_edge_send_command(conn, RELAY_COMMAND_RESOLVED, buf, buflen);
|
2004-06-17 20:13:09 +02:00
|
|
|
}
|
|
|
|
|
2006-09-21 23:48:06 +02:00
|
|
|
/** Send a response to the RESOLVE request of a connection for an in-addr.arpa
|
|
|
|
* address on connection <b>conn</b> which yielded the result <b>hostname</b>.
|
|
|
|
* The answer type will be RESOLVED_HOSTNAME.
|
2006-09-24 19:05:00 +02:00
|
|
|
*
|
|
|
|
* If <b>circ</b> is provided, and we have a cached answer, send the
|
|
|
|
* answer back along circ; otherwise, send the answer back along
|
2006-10-06 09:50:57 +02:00
|
|
|
* <b>conn</b>'s attached circuit.
|
2006-09-21 23:48:06 +02:00
|
|
|
*/
|
2015-07-22 15:46:44 +02:00
|
|
|
MOCK_IMPL(STATIC void,
|
|
|
|
send_resolved_hostname_cell,(edge_connection_t *conn,
|
|
|
|
const char *hostname))
|
2006-09-21 23:48:06 +02:00
|
|
|
{
|
|
|
|
char buf[RELAY_PAYLOAD_SIZE];
|
|
|
|
size_t buflen;
|
|
|
|
uint32_t ttl;
|
|
|
|
size_t namelen = strlen(hostname);
|
2007-01-31 01:58:06 +01:00
|
|
|
tor_assert(hostname);
|
2006-09-21 23:48:06 +02:00
|
|
|
|
|
|
|
tor_assert(namelen < 256);
|
|
|
|
ttl = dns_clip_ttl(conn->address_ttl);
|
|
|
|
|
|
|
|
buf[0] = RESOLVED_TYPE_HOSTNAME;
|
|
|
|
buf[1] = (uint8_t)namelen;
|
|
|
|
memcpy(buf+2, hostname, namelen);
|
|
|
|
set_uint32(buf+2+namelen, htonl(ttl));
|
|
|
|
buflen = 2+namelen+4;
|
|
|
|
|
2006-09-22 02:10:26 +02:00
|
|
|
// log_notice(LD_EXIT, "Sending a reply RESOLVED reply: %s", hostname);
|
2007-03-24 16:58:11 +01:00
|
|
|
connection_edge_send_command(conn, RELAY_COMMAND_RESOLVED, buf, buflen);
|
2006-09-22 02:10:26 +02:00
|
|
|
// log_notice(LD_EXIT, "Sent");
|
2006-09-21 23:48:06 +02:00
|
|
|
}
|
|
|
|
|
2012-07-31 11:10:05 +02:00
|
|
|
/** See if we have a cache entry for <b>exitconn</b>-\>address. If so,
|
2004-05-10 06:34:48 +02:00
|
|
|
* if resolve valid, put it into <b>exitconn</b>-\>addr and return 1.
|
2007-05-25 21:41:31 +02:00
|
|
|
* If resolve failed, free exitconn and return -1.
|
2003-02-14 08:53:55 +01:00
|
|
|
*
|
2007-02-23 22:56:10 +01:00
|
|
|
* (For EXIT_PURPOSE_RESOLVE connections, send back a RESOLVED error cell
|
|
|
|
* on returning -1. For EXIT_PURPOSE_CONNECT connections, there's no
|
|
|
|
* need to send back an END cell, since connection_exit_begin_conn will
|
|
|
|
* do that for us.)
|
|
|
|
*
|
2007-03-24 16:58:11 +01:00
|
|
|
* If we have a cached answer, send the answer back along <b>exitconn</b>'s
|
2007-04-09 23:34:03 +02:00
|
|
|
* circuit.
|
2006-09-24 19:05:00 +02:00
|
|
|
*
|
2003-02-14 08:53:55 +01:00
|
|
|
* Else, if seen before and pending, add conn to the pending list,
|
|
|
|
* and return 0.
|
|
|
|
*
|
|
|
|
* Else, if not seen before, add conn to pending list, hand to
|
|
|
|
* dns farm, and return 0.
|
2007-04-09 23:34:03 +02:00
|
|
|
*
|
|
|
|
* Exitconn's on_circuit field must be set, but exitconn should not
|
|
|
|
* yet be linked onto the n_streams/resolving_streams list of that circuit.
|
|
|
|
* On success, link the connection to n_streams if it's an exit connection.
|
|
|
|
* On "pending", link the connection to resolving streams. Otherwise,
|
|
|
|
* clear its on_circuit field.
|
2003-02-14 08:53:55 +01:00
|
|
|
*/
|
2005-06-11 20:52:12 +02:00
|
|
|
int
|
2007-03-24 16:58:11 +01:00
|
|
|
dns_resolve(edge_connection_t *exitconn)
|
2007-04-09 23:34:13 +02:00
|
|
|
{
|
|
|
|
or_circuit_t *oncirc = TO_OR_CIRCUIT(exitconn->on_circuit);
|
|
|
|
int is_resolve, r;
|
2012-07-31 18:58:19 +02:00
|
|
|
int made_connection_pending = 0;
|
2007-04-09 23:34:13 +02:00
|
|
|
char *hostname = NULL;
|
2012-11-15 04:06:13 +01:00
|
|
|
cached_resolve_t *resolve = NULL;
|
2012-10-12 18:22:13 +02:00
|
|
|
is_resolve = exitconn->base_.purpose == EXIT_PURPOSE_RESOLVE;
|
2007-04-09 23:34:13 +02:00
|
|
|
|
2012-07-31 18:58:19 +02:00
|
|
|
r = dns_resolve_impl(exitconn, is_resolve, oncirc, &hostname,
|
2012-11-15 04:06:13 +01:00
|
|
|
&made_connection_pending, &resolve);
|
2008-10-21 18:51:59 +02:00
|
|
|
|
2007-04-09 23:34:13 +02:00
|
|
|
switch (r) {
|
|
|
|
case 1:
|
2007-07-17 04:53:17 +02:00
|
|
|
/* We got an answer without a lookup -- either the answer was
|
|
|
|
* cached, or it was obvious (like an IP address). */
|
2007-04-09 23:34:13 +02:00
|
|
|
if (is_resolve) {
|
2007-05-29 21:54:51 +02:00
|
|
|
/* Send the answer back right now, and detach. */
|
2007-04-09 23:34:13 +02:00
|
|
|
if (hostname)
|
|
|
|
send_resolved_hostname_cell(exitconn, hostname);
|
|
|
|
else
|
2012-11-15 04:06:13 +01:00
|
|
|
send_resolved_cell(exitconn, RESOLVED_TYPE_AUTO, resolve);
|
2007-05-25 21:30:07 +02:00
|
|
|
exitconn->on_circuit = NULL;
|
2007-04-09 23:34:13 +02:00
|
|
|
} else {
|
2007-05-29 21:54:51 +02:00
|
|
|
/* Add to the n_streams list; the calling function will send back a
|
|
|
|
* connected cell. */
|
2007-04-09 23:34:13 +02:00
|
|
|
exitconn->next_stream = oncirc->n_streams;
|
|
|
|
oncirc->n_streams = exitconn;
|
|
|
|
}
|
|
|
|
break;
|
|
|
|
case 0:
|
2007-05-29 21:54:51 +02:00
|
|
|
/* The request is pending: add the connection into the linked list of
|
|
|
|
* resolving_streams on this circuit. */
|
2012-10-12 18:22:13 +02:00
|
|
|
exitconn->base_.state = EXIT_CONN_STATE_RESOLVING;
|
2007-04-09 23:34:13 +02:00
|
|
|
exitconn->next_stream = oncirc->resolving_streams;
|
|
|
|
oncirc->resolving_streams = exitconn;
|
|
|
|
break;
|
|
|
|
case -2:
|
|
|
|
case -1:
|
2007-05-29 21:54:51 +02:00
|
|
|
/* The request failed before it could start: cancel this connection,
|
2007-07-17 04:53:17 +02:00
|
|
|
* and stop everybody waiting for the same connection. */
|
2007-04-09 23:34:13 +02:00
|
|
|
if (is_resolve) {
|
|
|
|
send_resolved_cell(exitconn,
|
2012-11-15 04:06:13 +01:00
|
|
|
(r == -1) ? RESOLVED_TYPE_ERROR : RESOLVED_TYPE_ERROR_TRANSIENT,
|
|
|
|
NULL);
|
2007-04-09 23:34:13 +02:00
|
|
|
}
|
2007-05-29 21:54:51 +02:00
|
|
|
|
2007-04-09 23:34:13 +02:00
|
|
|
exitconn->on_circuit = NULL;
|
2007-05-29 21:54:51 +02:00
|
|
|
|
2012-10-12 18:22:13 +02:00
|
|
|
dns_cancel_pending_resolve(exitconn->base_.address);
|
2007-05-29 21:54:51 +02:00
|
|
|
|
2012-10-12 18:22:13 +02:00
|
|
|
if (!made_connection_pending && !exitconn->base_.marked_for_close) {
|
2012-07-31 18:58:19 +02:00
|
|
|
/* If we made the connection pending, then we freed it already in
|
|
|
|
* dns_cancel_pending_resolve(). If we marked it for close, it'll
|
|
|
|
* get freed from the main loop. Otherwise, can free it now. */
|
2017-11-21 14:39:07 +01:00
|
|
|
connection_free_(TO_CONN(exitconn));
|
2007-05-20 16:15:23 +02:00
|
|
|
}
|
2007-04-09 23:34:13 +02:00
|
|
|
break;
|
|
|
|
default:
|
|
|
|
tor_assert(0);
|
|
|
|
}
|
|
|
|
|
|
|
|
tor_free(hostname);
|
|
|
|
return r;
|
|
|
|
}
|
|
|
|
|
|
|
|
/** Helper function for dns_resolve: same functionality, but does not handle:
|
|
|
|
* - marking connections on error and clearing their on_circuit
|
|
|
|
* - linking connections to n_streams/resolving_streams,
|
|
|
|
* - sending resolved cells if we have an answer/error right away,
|
|
|
|
*
|
2007-05-25 21:41:31 +02:00
|
|
|
* Return -2 on a transient error. If it's a reverse resolve and it's
|
|
|
|
* successful, sets *<b>hostname_out</b> to a newly allocated string
|
|
|
|
* holding the cached reverse DNS value.
|
2012-07-31 18:58:19 +02:00
|
|
|
*
|
|
|
|
* Set *<b>made_connection_pending_out</b> to true if we have placed
|
|
|
|
* <b>exitconn</b> on the list of pending connections for some resolve; set it
|
|
|
|
* to false otherwise.
|
2012-11-15 04:06:13 +01:00
|
|
|
*
|
|
|
|
* Set *<b>resolve_out</b> to a cached resolve, if we found one.
|
2007-04-09 23:34:13 +02:00
|
|
|
*/
|
2015-07-22 15:46:44 +02:00
|
|
|
MOCK_IMPL(STATIC int,
|
|
|
|
dns_resolve_impl,(edge_connection_t *exitconn, int is_resolve,
|
2012-07-31 18:58:19 +02:00
|
|
|
or_circuit_t *oncirc, char **hostname_out,
|
2012-11-15 04:06:13 +01:00
|
|
|
int *made_connection_pending_out,
|
2015-07-22 15:46:44 +02:00
|
|
|
cached_resolve_t **resolve_out))
|
2005-06-11 20:52:12 +02:00
|
|
|
{
|
2005-07-22 23:12:10 +02:00
|
|
|
cached_resolve_t *resolve;
|
|
|
|
cached_resolve_t search;
|
|
|
|
pending_connection_t *pending_connection;
|
Revise the DNS subsystem to handle IPv6 exits.
Now, every cached_resolve_t can remember an IPv4 result *and* an IPv6
result. As a light protection against timing-based distinguishers for
IPv6 users (and against complexity!), every forward request generates
an IPv4 *and* an IPv6 request, assuming that we're an IPv6 exit. Once
we have answers or errors for both, we act accordingly.
This patch additionally makes some useful refactorings in the dns.c
code, though there is quite a bit more of useful refactoring that could
be done.
Additionally, have a new interface for the argument passed to the
evdns_callback function. Previously, it was just the original address
we were resolving. But it turns out that, on error, evdns doesn't
tell you the type of the query, so on a failure we didn't know whether
IPv4 or IPv6 queries were failing.
The new convention is to have the first byte of that argument include
the query type. I've refactored the code a bit to make that simpler.
2012-11-05 19:26:29 +01:00
|
|
|
int is_reverse = 0;
|
2008-12-19 19:52:00 +01:00
|
|
|
tor_addr_t addr;
|
2006-08-10 11:02:26 +02:00
|
|
|
time_t now = time(NULL);
|
2008-02-20 00:14:34 +01:00
|
|
|
int r;
|
2006-07-26 21:07:26 +02:00
|
|
|
assert_connection_ok(TO_CONN(exitconn), 0);
|
2012-10-12 18:22:13 +02:00
|
|
|
tor_assert(!SOCKET_OK(exitconn->base_.s));
|
2006-07-11 22:51:58 +02:00
|
|
|
assert_cache_ok();
|
2007-04-09 23:34:03 +02:00
|
|
|
tor_assert(oncirc);
|
2012-07-31 18:58:19 +02:00
|
|
|
*made_connection_pending_out = 0;
|
2006-07-11 22:51:58 +02:00
|
|
|
|
2012-10-12 18:22:13 +02:00
|
|
|
/* first check if exitconn->base_.address is an IP. If so, we already
|
2004-04-09 23:31:09 +02:00
|
|
|
* know the answer. */
|
2012-10-12 18:22:13 +02:00
|
|
|
if (tor_addr_parse(&addr, exitconn->base_.address) >= 0) {
|
2012-10-25 05:45:24 +02:00
|
|
|
if (tor_addr_family(&addr) == AF_INET ||
|
|
|
|
tor_addr_family(&addr) == AF_INET6) {
|
2012-10-12 18:22:13 +02:00
|
|
|
tor_addr_copy(&exitconn->base_.addr, &addr);
|
2008-12-26 23:51:25 +01:00
|
|
|
exitconn->address_ttl = DEFAULT_DNS_TTL;
|
|
|
|
return 1;
|
|
|
|
} else {
|
2012-10-25 05:45:24 +02:00
|
|
|
/* XXXX unspec? Bogus? */
|
2008-12-26 23:51:25 +01:00
|
|
|
return -1;
|
|
|
|
}
|
2004-03-28 23:16:52 +02:00
|
|
|
}
|
2008-12-26 23:51:25 +01:00
|
|
|
|
2008-10-21 18:51:59 +02:00
|
|
|
/* If we're a non-exit, don't even do DNS lookups. */
|
2012-11-15 02:51:41 +01:00
|
|
|
if (router_my_exit_policy_is_reject_star())
|
2008-10-21 18:51:59 +02:00
|
|
|
return -1;
|
2012-11-15 02:51:41 +01:00
|
|
|
|
2012-10-12 18:22:13 +02:00
|
|
|
if (address_is_invalid_destination(exitconn->base_.address, 0)) {
|
2013-02-01 21:43:37 +01:00
|
|
|
tor_log(LOG_PROTOCOL_WARN, LD_EXIT,
|
2007-01-11 17:02:39 +01:00
|
|
|
"Rejecting invalid destination address %s",
|
2012-10-12 18:22:13 +02:00
|
|
|
escaped_safe_str(exitconn->base_.address));
|
2007-01-11 17:02:39 +01:00
|
|
|
return -1;
|
|
|
|
}
|
2004-03-28 23:16:52 +02:00
|
|
|
|
|
|
|
/* then take this opportunity to see if there are any expired
|
2005-12-03 03:01:18 +01:00
|
|
|
* resolves in the hash table. */
|
2003-08-14 05:52:51 +02:00
|
|
|
purge_expired_resolves(now);
|
2003-02-14 08:53:55 +01:00
|
|
|
|
2012-10-12 18:22:13 +02:00
|
|
|
/* lower-case exitconn->base_.address, so it's in canonical form */
|
|
|
|
tor_strlower(exitconn->base_.address);
|
2005-04-06 22:25:21 +02:00
|
|
|
|
2006-09-21 23:48:06 +02:00
|
|
|
/* Check whether this is a reverse lookup. If it's malformed, or it's a
|
|
|
|
* .in-addr.arpa address but this isn't a resolve request, kill the
|
2006-09-25 07:59:13 +02:00
|
|
|
* connection.
|
2006-09-21 23:48:06 +02:00
|
|
|
*/
|
2012-10-12 18:22:13 +02:00
|
|
|
if ((r = tor_addr_parse_PTR_name(&addr, exitconn->base_.address,
|
2008-12-19 19:52:00 +01:00
|
|
|
AF_UNSPEC, 0)) != 0) {
|
2008-04-22 18:32:55 +02:00
|
|
|
if (r == 1) {
|
2006-09-21 23:48:06 +02:00
|
|
|
is_reverse = 1;
|
2008-12-19 19:52:00 +01:00
|
|
|
if (tor_addr_is_internal(&addr, 0)) /* internal address? */
|
|
|
|
return -1;
|
2008-04-22 18:32:55 +02:00
|
|
|
}
|
2006-09-21 23:48:06 +02:00
|
|
|
|
|
|
|
if (!is_reverse || !is_resolve) {
|
|
|
|
if (!is_reverse)
|
|
|
|
log_info(LD_EXIT, "Bad .in-addr.arpa address \"%s\"; sending error.",
|
2012-10-12 18:22:13 +02:00
|
|
|
escaped_safe_str(exitconn->base_.address));
|
2006-09-21 23:48:06 +02:00
|
|
|
else if (!is_resolve)
|
|
|
|
log_info(LD_EXIT,
|
|
|
|
"Attempt to connect to a .in-addr.arpa address \"%s\"; "
|
|
|
|
"sending error.",
|
2012-10-12 18:22:13 +02:00
|
|
|
escaped_safe_str(exitconn->base_.address));
|
2006-09-21 23:48:06 +02:00
|
|
|
|
|
|
|
return -1;
|
|
|
|
}
|
2006-09-22 02:10:26 +02:00
|
|
|
//log_notice(LD_EXIT, "Looks like an address %s",
|
2012-10-12 18:22:13 +02:00
|
|
|
//exitconn->base_.address);
|
2006-09-21 23:48:06 +02:00
|
|
|
}
|
Revise the DNS subsystem to handle IPv6 exits.
Now, every cached_resolve_t can remember an IPv4 result *and* an IPv6
result. As a light protection against timing-based distinguishers for
IPv6 users (and against complexity!), every forward request generates
an IPv4 *and* an IPv6 request, assuming that we're an IPv6 exit. Once
we have answers or errors for both, we act accordingly.
This patch additionally makes some useful refactorings in the dns.c
code, though there is quite a bit more of useful refactoring that could
be done.
Additionally, have a new interface for the argument passed to the
evdns_callback function. Previously, it was just the original address
we were resolving. But it turns out that, on error, evdns doesn't
tell you the type of the query, so on a failure we didn't know whether
IPv4 or IPv6 queries were failing.
The new convention is to have the first byte of that argument include
the query type. I've refactored the code a bit to make that simpler.
2012-11-05 19:26:29 +01:00
|
|
|
exitconn->is_reverse_dns_lookup = is_reverse;
|
2006-09-21 23:48:06 +02:00
|
|
|
|
2005-12-03 03:21:31 +01:00
|
|
|
/* now check the hash table to see if 'address' is already there. */
|
2012-10-12 18:22:13 +02:00
|
|
|
strlcpy(search.address, exitconn->base_.address, sizeof(search.address));
|
2005-12-03 03:01:18 +01:00
|
|
|
resolve = HT_FIND(cache_map, &cache_root, &search);
|
2006-06-03 22:52:24 +02:00
|
|
|
if (resolve && resolve->expire > now) { /* already there */
|
2004-11-28 10:05:49 +01:00
|
|
|
switch (resolve->state) {
|
2003-02-14 08:53:55 +01:00
|
|
|
case CACHE_STATE_PENDING:
|
|
|
|
/* add us to the pending list */
|
2004-06-17 20:13:09 +02:00
|
|
|
pending_connection = tor_malloc_zero(
|
2005-07-22 23:12:10 +02:00
|
|
|
sizeof(pending_connection_t));
|
2003-02-14 08:53:55 +01:00
|
|
|
pending_connection->conn = exitconn;
|
2003-02-18 02:35:55 +01:00
|
|
|
pending_connection->next = resolve->pending_connections;
|
|
|
|
resolve->pending_connections = pending_connection;
|
2012-07-31 18:58:19 +02:00
|
|
|
*made_connection_pending_out = 1;
|
2012-11-02 19:22:21 +01:00
|
|
|
log_debug(LD_EXIT,"Connection (fd "TOR_SOCKET_T_FORMAT") waiting "
|
|
|
|
"for pending DNS resolve of %s", exitconn->base_.s,
|
2012-10-12 18:22:13 +02:00
|
|
|
escaped_safe_str(exitconn->base_.address));
|
2003-02-18 02:35:55 +01:00
|
|
|
return 0;
|
Revise the DNS subsystem to handle IPv6 exits.
Now, every cached_resolve_t can remember an IPv4 result *and* an IPv6
result. As a light protection against timing-based distinguishers for
IPv6 users (and against complexity!), every forward request generates
an IPv4 *and* an IPv6 request, assuming that we're an IPv6 exit. Once
we have answers or errors for both, we act accordingly.
This patch additionally makes some useful refactorings in the dns.c
code, though there is quite a bit more of useful refactoring that could
be done.
Additionally, have a new interface for the argument passed to the
evdns_callback function. Previously, it was just the original address
we were resolving. But it turns out that, on error, evdns doesn't
tell you the type of the query, so on a failure we didn't know whether
IPv4 or IPv6 queries were failing.
The new convention is to have the first byte of that argument include
the query type. I've refactored the code a bit to make that simpler.
2012-11-05 19:26:29 +01:00
|
|
|
case CACHE_STATE_CACHED:
|
2012-11-02 19:22:21 +01:00
|
|
|
log_debug(LD_EXIT,"Connection (fd "TOR_SOCKET_T_FORMAT") found "
|
|
|
|
"cached answer for %s",
|
2012-10-12 18:22:13 +02:00
|
|
|
exitconn->base_.s,
|
2006-09-21 23:48:06 +02:00
|
|
|
escaped_safe_str(resolve->address));
|
Revise the DNS subsystem to handle IPv6 exits.
Now, every cached_resolve_t can remember an IPv4 result *and* an IPv6
result. As a light protection against timing-based distinguishers for
IPv6 users (and against complexity!), every forward request generates
an IPv4 *and* an IPv6 request, assuming that we're an IPv6 exit. Once
we have answers or errors for both, we act accordingly.
This patch additionally makes some useful refactorings in the dns.c
code, though there is quite a bit more of useful refactoring that could
be done.
Additionally, have a new interface for the argument passed to the
evdns_callback function. Previously, it was just the original address
we were resolving. But it turns out that, on error, evdns doesn't
tell you the type of the query, so on a failure we didn't know whether
IPv4 or IPv6 queries were failing.
The new convention is to have the first byte of that argument include
the query type. I've refactored the code a bit to make that simpler.
2012-11-05 19:26:29 +01:00
|
|
|
|
2012-11-15 04:06:13 +01:00
|
|
|
*resolve_out = resolve;
|
|
|
|
|
Revise the DNS subsystem to handle IPv6 exits.
Now, every cached_resolve_t can remember an IPv4 result *and* an IPv6
result. As a light protection against timing-based distinguishers for
IPv6 users (and against complexity!), every forward request generates
an IPv4 *and* an IPv6 request, assuming that we're an IPv6 exit. Once
we have answers or errors for both, we act accordingly.
This patch additionally makes some useful refactorings in the dns.c
code, though there is quite a bit more of useful refactoring that could
be done.
Additionally, have a new interface for the argument passed to the
evdns_callback function. Previously, it was just the original address
we were resolving. But it turns out that, on error, evdns doesn't
tell you the type of the query, so on a failure we didn't know whether
IPv4 or IPv6 queries were failing.
The new convention is to have the first byte of that argument include
the query type. I've refactored the code a bit to make that simpler.
2012-11-05 19:26:29 +01:00
|
|
|
return set_exitconn_info_from_resolve(exitconn, resolve, hostname_out);
|
2006-07-31 20:01:18 +02:00
|
|
|
case CACHE_STATE_DONE:
|
|
|
|
log_err(LD_BUG, "Found a 'DONE' dns resolve still in the cache.");
|
|
|
|
tor_fragile_assert();
|
2003-02-14 08:53:55 +01:00
|
|
|
}
|
2004-04-25 22:37:37 +02:00
|
|
|
tor_assert(0);
|
2003-12-14 01:12:02 +01:00
|
|
|
}
|
2007-11-11 05:36:31 +01:00
|
|
|
tor_assert(!resolve);
|
2003-12-14 01:12:02 +01:00
|
|
|
/* not there, need to add it */
|
2005-07-22 23:12:10 +02:00
|
|
|
resolve = tor_malloc_zero(sizeof(cached_resolve_t));
|
2006-07-11 22:51:58 +02:00
|
|
|
resolve->magic = CACHED_RESOLVE_MAGIC;
|
2003-12-14 01:12:02 +01:00
|
|
|
resolve->state = CACHE_STATE_PENDING;
|
2009-12-10 17:57:30 +01:00
|
|
|
resolve->minheap_idx = -1;
|
2012-10-12 18:22:13 +02:00
|
|
|
strlcpy(resolve->address, exitconn->base_.address, sizeof(resolve->address));
|
2003-12-14 01:12:02 +01:00
|
|
|
|
2006-07-31 20:01:18 +02:00
|
|
|
/* add this connection to the pending list */
|
2005-07-22 23:12:10 +02:00
|
|
|
pending_connection = tor_malloc_zero(sizeof(pending_connection_t));
|
2003-12-14 01:12:02 +01:00
|
|
|
pending_connection->conn = exitconn;
|
|
|
|
resolve->pending_connections = pending_connection;
|
2012-07-31 18:58:19 +02:00
|
|
|
*made_connection_pending_out = 1;
|
2003-12-14 01:12:02 +01:00
|
|
|
|
2006-07-31 20:01:18 +02:00
|
|
|
/* Add this resolve to the cache and priority queue. */
|
2006-07-31 20:00:18 +02:00
|
|
|
HT_INSERT(cache_map, &cache_root, resolve);
|
2006-07-31 20:01:18 +02:00
|
|
|
set_expiry(resolve, now + RESOLVE_MAX_TIMEOUT);
|
2006-07-31 20:00:18 +02:00
|
|
|
|
2006-07-31 20:01:49 +02:00
|
|
|
log_debug(LD_EXIT,"Launching %s.",
|
2012-10-12 18:22:13 +02:00
|
|
|
escaped_safe_str(exitconn->base_.address));
|
2006-07-11 22:51:58 +02:00
|
|
|
assert_cache_ok();
|
2007-04-09 23:34:03 +02:00
|
|
|
|
Revise the DNS subsystem to handle IPv6 exits.
Now, every cached_resolve_t can remember an IPv4 result *and* an IPv6
result. As a light protection against timing-based distinguishers for
IPv6 users (and against complexity!), every forward request generates
an IPv4 *and* an IPv6 request, assuming that we're an IPv6 exit. Once
we have answers or errors for both, we act accordingly.
This patch additionally makes some useful refactorings in the dns.c
code, though there is quite a bit more of useful refactoring that could
be done.
Additionally, have a new interface for the argument passed to the
evdns_callback function. Previously, it was just the original address
we were resolving. But it turns out that, on error, evdns doesn't
tell you the type of the query, so on a failure we didn't know whether
IPv4 or IPv6 queries were failing.
The new convention is to have the first byte of that argument include
the query type. I've refactored the code a bit to make that simpler.
2012-11-05 19:26:29 +01:00
|
|
|
return launch_resolve(resolve);
|
|
|
|
}
|
|
|
|
|
2012-11-14 21:20:28 +01:00
|
|
|
/** Given an exit connection <b>exitconn</b>, and a cached_resolve_t
|
2016-10-15 02:08:51 +02:00
|
|
|
* <b>resolve</b> whose DNS lookups have all either succeeded or failed,
|
|
|
|
* update the appropriate fields (address_ttl and addr) of <b>exitconn</b>.
|
|
|
|
*
|
|
|
|
* The logic can be complicated here, since we might have launched both
|
|
|
|
* an A lookup and an AAAA lookup, and since either of those might have
|
|
|
|
* succeeded or failed, and since we want to answer a RESOLVE cell with
|
|
|
|
* a full answer but answer a BEGIN cell with whatever answer the client
|
|
|
|
* would accept <i>and</i> we could still connect to.
|
2012-11-14 21:20:28 +01:00
|
|
|
*
|
|
|
|
* If this is a reverse lookup, set *<b>hostname_out</b> to a newly allocated
|
|
|
|
* copy of the name resulting hostname.
|
|
|
|
*
|
|
|
|
* Return -2 on a transient error, -1 on a permenent error, and 1 on
|
|
|
|
* a successful lookup.
|
|
|
|
*/
|
2015-10-20 19:40:21 +02:00
|
|
|
MOCK_IMPL(STATIC int,
|
|
|
|
set_exitconn_info_from_resolve,(edge_connection_t *exitconn,
|
|
|
|
const cached_resolve_t *resolve,
|
|
|
|
char **hostname_out))
|
Revise the DNS subsystem to handle IPv6 exits.
Now, every cached_resolve_t can remember an IPv4 result *and* an IPv6
result. As a light protection against timing-based distinguishers for
IPv6 users (and against complexity!), every forward request generates
an IPv4 *and* an IPv6 request, assuming that we're an IPv6 exit. Once
we have answers or errors for both, we act accordingly.
This patch additionally makes some useful refactorings in the dns.c
code, though there is quite a bit more of useful refactoring that could
be done.
Additionally, have a new interface for the argument passed to the
evdns_callback function. Previously, it was just the original address
we were resolving. But it turns out that, on error, evdns doesn't
tell you the type of the query, so on a failure we didn't know whether
IPv4 or IPv6 queries were failing.
The new convention is to have the first byte of that argument include
the query type. I've refactored the code a bit to make that simpler.
2012-11-05 19:26:29 +01:00
|
|
|
{
|
|
|
|
int ipv4_ok, ipv6_ok, answer_with_ipv4, r;
|
2012-11-15 04:06:13 +01:00
|
|
|
uint32_t begincell_flags;
|
|
|
|
const int is_resolve = exitconn->base_.purpose == EXIT_PURPOSE_RESOLVE;
|
Revise the DNS subsystem to handle IPv6 exits.
Now, every cached_resolve_t can remember an IPv4 result *and* an IPv6
result. As a light protection against timing-based distinguishers for
IPv6 users (and against complexity!), every forward request generates
an IPv4 *and* an IPv6 request, assuming that we're an IPv6 exit. Once
we have answers or errors for both, we act accordingly.
This patch additionally makes some useful refactorings in the dns.c
code, though there is quite a bit more of useful refactoring that could
be done.
Additionally, have a new interface for the argument passed to the
evdns_callback function. Previously, it was just the original address
we were resolving. But it turns out that, on error, evdns doesn't
tell you the type of the query, so on a failure we didn't know whether
IPv4 or IPv6 queries were failing.
The new convention is to have the first byte of that argument include
the query type. I've refactored the code a bit to make that simpler.
2012-11-05 19:26:29 +01:00
|
|
|
tor_assert(exitconn);
|
|
|
|
tor_assert(resolve);
|
|
|
|
|
|
|
|
if (exitconn->is_reverse_dns_lookup) {
|
|
|
|
exitconn->address_ttl = resolve->ttl_hostname;
|
|
|
|
if (resolve->res_status_hostname == RES_STATUS_DONE_OK) {
|
|
|
|
*hostname_out = tor_strdup(resolve->result_ptr.hostname);
|
|
|
|
return 1;
|
|
|
|
} else {
|
|
|
|
return -1;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
/* If we're here then the connection wants one or either of ipv4, ipv6, and
|
|
|
|
* we can give it one or both. */
|
2012-11-15 04:06:13 +01:00
|
|
|
if (is_resolve) {
|
|
|
|
begincell_flags = BEGIN_FLAG_IPV6_OK;
|
|
|
|
} else {
|
|
|
|
begincell_flags = exitconn->begincell_flags;
|
|
|
|
}
|
|
|
|
|
Revise the DNS subsystem to handle IPv6 exits.
Now, every cached_resolve_t can remember an IPv4 result *and* an IPv6
result. As a light protection against timing-based distinguishers for
IPv6 users (and against complexity!), every forward request generates
an IPv4 *and* an IPv6 request, assuming that we're an IPv6 exit. Once
we have answers or errors for both, we act accordingly.
This patch additionally makes some useful refactorings in the dns.c
code, though there is quite a bit more of useful refactoring that could
be done.
Additionally, have a new interface for the argument passed to the
evdns_callback function. Previously, it was just the original address
we were resolving. But it turns out that, on error, evdns doesn't
tell you the type of the query, so on a failure we didn't know whether
IPv4 or IPv6 queries were failing.
The new convention is to have the first byte of that argument include
the query type. I've refactored the code a bit to make that simpler.
2012-11-05 19:26:29 +01:00
|
|
|
ipv4_ok = (resolve->res_status_ipv4 == RES_STATUS_DONE_OK) &&
|
2012-11-15 04:06:13 +01:00
|
|
|
! (begincell_flags & BEGIN_FLAG_IPV4_NOT_OK);
|
Revise the DNS subsystem to handle IPv6 exits.
Now, every cached_resolve_t can remember an IPv4 result *and* an IPv6
result. As a light protection against timing-based distinguishers for
IPv6 users (and against complexity!), every forward request generates
an IPv4 *and* an IPv6 request, assuming that we're an IPv6 exit. Once
we have answers or errors for both, we act accordingly.
This patch additionally makes some useful refactorings in the dns.c
code, though there is quite a bit more of useful refactoring that could
be done.
Additionally, have a new interface for the argument passed to the
evdns_callback function. Previously, it was just the original address
we were resolving. But it turns out that, on error, evdns doesn't
tell you the type of the query, so on a failure we didn't know whether
IPv4 or IPv6 queries were failing.
The new convention is to have the first byte of that argument include
the query type. I've refactored the code a bit to make that simpler.
2012-11-05 19:26:29 +01:00
|
|
|
ipv6_ok = (resolve->res_status_ipv6 == RES_STATUS_DONE_OK) &&
|
2012-11-15 04:06:13 +01:00
|
|
|
(begincell_flags & BEGIN_FLAG_IPV6_OK) &&
|
Revise the DNS subsystem to handle IPv6 exits.
Now, every cached_resolve_t can remember an IPv4 result *and* an IPv6
result. As a light protection against timing-based distinguishers for
IPv6 users (and against complexity!), every forward request generates
an IPv4 *and* an IPv6 request, assuming that we're an IPv6 exit. Once
we have answers or errors for both, we act accordingly.
This patch additionally makes some useful refactorings in the dns.c
code, though there is quite a bit more of useful refactoring that could
be done.
Additionally, have a new interface for the argument passed to the
evdns_callback function. Previously, it was just the original address
we were resolving. But it turns out that, on error, evdns doesn't
tell you the type of the query, so on a failure we didn't know whether
IPv4 or IPv6 queries were failing.
The new convention is to have the first byte of that argument include
the query type. I've refactored the code a bit to make that simpler.
2012-11-05 19:26:29 +01:00
|
|
|
get_options()->IPv6Exit;
|
|
|
|
|
|
|
|
/* Now decide which one to actually give. */
|
2012-11-15 04:06:13 +01:00
|
|
|
if (ipv4_ok && ipv6_ok && is_resolve) {
|
|
|
|
answer_with_ipv4 = 1;
|
|
|
|
} else if (ipv4_ok && ipv6_ok) {
|
Revise the DNS subsystem to handle IPv6 exits.
Now, every cached_resolve_t can remember an IPv4 result *and* an IPv6
result. As a light protection against timing-based distinguishers for
IPv6 users (and against complexity!), every forward request generates
an IPv4 *and* an IPv6 request, assuming that we're an IPv6 exit. Once
we have answers or errors for both, we act accordingly.
This patch additionally makes some useful refactorings in the dns.c
code, though there is quite a bit more of useful refactoring that could
be done.
Additionally, have a new interface for the argument passed to the
evdns_callback function. Previously, it was just the original address
we were resolving. But it turns out that, on error, evdns doesn't
tell you the type of the query, so on a failure we didn't know whether
IPv4 or IPv6 queries were failing.
The new convention is to have the first byte of that argument include
the query type. I've refactored the code a bit to make that simpler.
2012-11-05 19:26:29 +01:00
|
|
|
/* If we have both, see if our exit policy has an opinion. */
|
|
|
|
const uint16_t port = exitconn->base_.port;
|
|
|
|
int ipv4_allowed, ipv6_allowed;
|
|
|
|
tor_addr_t a4, a6;
|
|
|
|
tor_addr_from_ipv4h(&a4, resolve->result_ipv4.addr_ipv4);
|
|
|
|
tor_addr_from_in6(&a6, &resolve->result_ipv6.addr_ipv6);
|
|
|
|
ipv4_allowed = !router_compare_to_my_exit_policy(&a4, port);
|
|
|
|
ipv6_allowed = !router_compare_to_my_exit_policy(&a6, port);
|
|
|
|
if (ipv4_allowed && !ipv6_allowed) {
|
|
|
|
answer_with_ipv4 = 1;
|
|
|
|
} else if (ipv6_allowed && !ipv4_allowed) {
|
|
|
|
answer_with_ipv4 = 0;
|
|
|
|
} else {
|
|
|
|
/* Our exit policy would permit both. Answer with whichever the user
|
|
|
|
* prefers */
|
2012-11-15 04:06:13 +01:00
|
|
|
answer_with_ipv4 = !(begincell_flags &
|
Revise the DNS subsystem to handle IPv6 exits.
Now, every cached_resolve_t can remember an IPv4 result *and* an IPv6
result. As a light protection against timing-based distinguishers for
IPv6 users (and against complexity!), every forward request generates
an IPv4 *and* an IPv6 request, assuming that we're an IPv6 exit. Once
we have answers or errors for both, we act accordingly.
This patch additionally makes some useful refactorings in the dns.c
code, though there is quite a bit more of useful refactoring that could
be done.
Additionally, have a new interface for the argument passed to the
evdns_callback function. Previously, it was just the original address
we were resolving. But it turns out that, on error, evdns doesn't
tell you the type of the query, so on a failure we didn't know whether
IPv4 or IPv6 queries were failing.
The new convention is to have the first byte of that argument include
the query type. I've refactored the code a bit to make that simpler.
2012-11-05 19:26:29 +01:00
|
|
|
BEGIN_FLAG_IPV6_PREFERRED);
|
|
|
|
}
|
|
|
|
} else {
|
|
|
|
/* Otherwise if one is okay, send it back. */
|
|
|
|
if (ipv4_ok) {
|
|
|
|
answer_with_ipv4 = 1;
|
|
|
|
} else if (ipv6_ok) {
|
|
|
|
answer_with_ipv4 = 0;
|
|
|
|
} else {
|
|
|
|
/* Neither one was okay. Choose based on user preference. */
|
2012-11-15 04:06:13 +01:00
|
|
|
answer_with_ipv4 = !(begincell_flags &
|
Revise the DNS subsystem to handle IPv6 exits.
Now, every cached_resolve_t can remember an IPv4 result *and* an IPv6
result. As a light protection against timing-based distinguishers for
IPv6 users (and against complexity!), every forward request generates
an IPv4 *and* an IPv6 request, assuming that we're an IPv6 exit. Once
we have answers or errors for both, we act accordingly.
This patch additionally makes some useful refactorings in the dns.c
code, though there is quite a bit more of useful refactoring that could
be done.
Additionally, have a new interface for the argument passed to the
evdns_callback function. Previously, it was just the original address
we were resolving. But it turns out that, on error, evdns doesn't
tell you the type of the query, so on a failure we didn't know whether
IPv4 or IPv6 queries were failing.
The new convention is to have the first byte of that argument include
the query type. I've refactored the code a bit to make that simpler.
2012-11-05 19:26:29 +01:00
|
|
|
BEGIN_FLAG_IPV6_PREFERRED);
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
/* Finally, we write the answer back. */
|
|
|
|
r = 1;
|
|
|
|
if (answer_with_ipv4) {
|
|
|
|
if (resolve->res_status_ipv4 == RES_STATUS_DONE_OK) {
|
|
|
|
tor_addr_from_ipv4h(&exitconn->base_.addr,
|
|
|
|
resolve->result_ipv4.addr_ipv4);
|
|
|
|
} else {
|
|
|
|
r = evdns_err_is_transient(resolve->result_ipv4.err_ipv4) ? -2 : -1;
|
|
|
|
}
|
|
|
|
|
|
|
|
exitconn->address_ttl = resolve->ttl_ipv4;
|
|
|
|
} else {
|
|
|
|
if (resolve->res_status_ipv6 == RES_STATUS_DONE_OK) {
|
|
|
|
tor_addr_from_in6(&exitconn->base_.addr,
|
|
|
|
&resolve->result_ipv6.addr_ipv6);
|
|
|
|
} else {
|
|
|
|
r = evdns_err_is_transient(resolve->result_ipv6.err_ipv6) ? -2 : -1;
|
|
|
|
}
|
|
|
|
|
|
|
|
exitconn->address_ttl = resolve->ttl_ipv6;
|
|
|
|
}
|
|
|
|
|
|
|
|
return r;
|
2003-02-14 08:53:55 +01:00
|
|
|
}
|
|
|
|
|
2006-06-03 22:52:24 +02:00
|
|
|
/** Log an error and abort if conn is waiting for a DNS resolve.
|
2004-05-05 23:32:43 +02:00
|
|
|
*/
|
2006-06-03 22:52:24 +02:00
|
|
|
void
|
2006-07-26 21:07:26 +02:00
|
|
|
assert_connection_edge_not_dns_pending(edge_connection_t *conn)
|
2005-06-11 20:52:12 +02:00
|
|
|
{
|
2006-06-03 22:52:24 +02:00
|
|
|
pending_connection_t *pend;
|
2009-06-03 19:52:03 +02:00
|
|
|
cached_resolve_t search;
|
2004-04-09 23:31:09 +02:00
|
|
|
|
2009-06-03 19:52:03 +02:00
|
|
|
#if 1
|
|
|
|
cached_resolve_t *resolve;
|
2012-10-12 18:22:13 +02:00
|
|
|
strlcpy(search.address, conn->base_.address, sizeof(search.address));
|
2009-06-03 19:52:03 +02:00
|
|
|
resolve = HT_FIND(cache_map, &cache_root, &search);
|
|
|
|
if (!resolve)
|
|
|
|
return;
|
|
|
|
for (pend = resolve->pending_connections; pend; pend = pend->next) {
|
|
|
|
tor_assert(pend->conn != conn);
|
|
|
|
}
|
2017-09-15 22:24:44 +02:00
|
|
|
#else /* !(1) */
|
2009-06-03 19:52:03 +02:00
|
|
|
cached_resolve_t **resolve;
|
2006-06-03 22:52:24 +02:00
|
|
|
HT_FOREACH(resolve, cache_map, &cache_root) {
|
2009-06-03 19:52:03 +02:00
|
|
|
for (pend = (*resolve)->pending_connections; pend; pend = pend->next) {
|
2006-06-03 22:52:24 +02:00
|
|
|
tor_assert(pend->conn != conn);
|
|
|
|
}
|
2005-09-23 01:43:41 +02:00
|
|
|
}
|
2017-09-15 22:24:44 +02:00
|
|
|
#endif /* 1 */
|
2006-06-03 22:52:24 +02:00
|
|
|
}
|
2003-02-14 08:53:55 +01:00
|
|
|
|
2006-06-03 22:52:24 +02:00
|
|
|
/** Log an error and abort if any connection waiting for a DNS resolve is
|
|
|
|
* corrupted. */
|
|
|
|
void
|
|
|
|
assert_all_pending_dns_resolves_ok(void)
|
|
|
|
{
|
|
|
|
pending_connection_t *pend;
|
|
|
|
cached_resolve_t **resolve;
|
2003-02-14 08:53:55 +01:00
|
|
|
|
2006-06-03 22:52:24 +02:00
|
|
|
HT_FOREACH(resolve, cache_map, &cache_root) {
|
|
|
|
for (pend = (*resolve)->pending_connections;
|
|
|
|
pend;
|
|
|
|
pend = pend->next) {
|
2006-07-26 21:07:26 +02:00
|
|
|
assert_connection_ok(TO_CONN(pend->conn), 0);
|
2012-10-12 18:22:13 +02:00
|
|
|
tor_assert(!SOCKET_OK(pend->conn->base_.s));
|
2006-07-26 21:07:26 +02:00
|
|
|
tor_assert(!connection_in_array(TO_CONN(pend->conn)));
|
2006-06-03 22:52:24 +02:00
|
|
|
}
|
2003-02-14 08:53:55 +01:00
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2004-05-10 06:34:48 +02:00
|
|
|
/** Remove <b>conn</b> from the list of connections waiting for conn-\>address.
|
2004-05-05 23:32:43 +02:00
|
|
|
*/
|
2005-06-11 20:52:12 +02:00
|
|
|
void
|
2006-07-26 21:07:26 +02:00
|
|
|
connection_dns_remove(edge_connection_t *conn)
|
2004-02-28 23:23:44 +01:00
|
|
|
{
|
2005-07-22 23:12:10 +02:00
|
|
|
pending_connection_t *pend, *victim;
|
|
|
|
cached_resolve_t search;
|
|
|
|
cached_resolve_t *resolve;
|
2004-02-28 23:23:44 +01:00
|
|
|
|
2012-10-12 18:22:13 +02:00
|
|
|
tor_assert(conn->base_.type == CONN_TYPE_EXIT);
|
|
|
|
tor_assert(conn->base_.state == EXIT_CONN_STATE_RESOLVING);
|
2004-06-02 20:12:49 +02:00
|
|
|
|
2012-10-12 18:22:13 +02:00
|
|
|
strlcpy(search.address, conn->base_.address, sizeof(search.address));
|
2004-02-28 23:23:44 +01:00
|
|
|
|
2005-12-03 03:01:18 +01:00
|
|
|
resolve = HT_FIND(cache_map, &cache_root, &search);
|
2004-11-28 10:05:49 +01:00
|
|
|
if (!resolve) {
|
2006-03-19 04:55:48 +01:00
|
|
|
log_notice(LD_BUG, "Address %s is not pending. Dropping.",
|
2012-10-12 18:22:13 +02:00
|
|
|
escaped_safe_str(conn->base_.address));
|
2004-02-28 23:23:44 +01:00
|
|
|
return;
|
|
|
|
}
|
|
|
|
|
2004-04-25 22:37:37 +02:00
|
|
|
tor_assert(resolve->pending_connections);
|
2006-07-26 21:07:26 +02:00
|
|
|
assert_connection_ok(TO_CONN(conn),0);
|
2004-02-28 23:23:44 +01:00
|
|
|
|
|
|
|
pend = resolve->pending_connections;
|
|
|
|
|
2004-11-28 10:05:49 +01:00
|
|
|
if (pend->conn == conn) {
|
2004-02-28 23:23:44 +01:00
|
|
|
resolve->pending_connections = pend->next;
|
2004-03-04 19:43:44 +01:00
|
|
|
tor_free(pend);
|
2012-12-07 20:14:20 +01:00
|
|
|
log_debug(LD_EXIT, "First connection (fd "TOR_SOCKET_T_FORMAT") no "
|
|
|
|
"longer waiting for resolve of %s",
|
2012-10-12 18:22:13 +02:00
|
|
|
conn->base_.s,
|
|
|
|
escaped_safe_str(conn->base_.address));
|
2004-02-28 23:23:44 +01:00
|
|
|
return;
|
|
|
|
} else {
|
2004-11-28 10:05:49 +01:00
|
|
|
for ( ; pend->next; pend = pend->next) {
|
|
|
|
if (pend->next->conn == conn) {
|
2004-02-28 23:23:44 +01:00
|
|
|
victim = pend->next;
|
|
|
|
pend->next = victim->next;
|
2004-03-04 19:43:44 +01:00
|
|
|
tor_free(victim);
|
2006-02-13 10:37:53 +01:00
|
|
|
log_debug(LD_EXIT,
|
2012-11-02 19:22:21 +01:00
|
|
|
"Connection (fd "TOR_SOCKET_T_FORMAT") no longer waiting "
|
|
|
|
"for resolve of %s",
|
2012-10-12 18:22:13 +02:00
|
|
|
conn->base_.s, escaped_safe_str(conn->base_.address));
|
2004-02-28 23:23:44 +01:00
|
|
|
return; /* more are pending */
|
|
|
|
}
|
|
|
|
}
|
2015-01-08 17:00:21 +01:00
|
|
|
log_warn(LD_BUG, "Connection (fd "TOR_SOCKET_T_FORMAT") was not waiting "
|
|
|
|
"for a resolve of %s, but we tried to remove it.",
|
|
|
|
conn->base_.s, escaped_safe_str(conn->base_.address));
|
2004-02-28 23:23:44 +01:00
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2004-05-10 06:34:48 +02:00
|
|
|
/** Mark all connections waiting for <b>address</b> for close. Then cancel
|
|
|
|
* the resolve for <b>address</b> itself, and remove any cached results for
|
|
|
|
* <b>address</b> from the cache.
|
2003-06-27 02:57:04 +02:00
|
|
|
*/
|
2015-07-22 15:46:44 +02:00
|
|
|
MOCK_IMPL(void,
|
|
|
|
dns_cancel_pending_resolve,(const char *address))
|
2005-06-11 20:52:12 +02:00
|
|
|
{
|
2005-07-22 23:12:10 +02:00
|
|
|
pending_connection_t *pend;
|
|
|
|
cached_resolve_t search;
|
2006-07-31 20:00:18 +02:00
|
|
|
cached_resolve_t *resolve, *tmp;
|
2006-07-26 21:07:26 +02:00
|
|
|
edge_connection_t *pendconn;
|
2005-01-28 09:53:47 +01:00
|
|
|
circuit_t *circ;
|
2003-06-25 09:19:30 +02:00
|
|
|
|
2004-10-27 08:03:28 +02:00
|
|
|
strlcpy(search.address, address, sizeof(search.address));
|
2003-06-25 09:19:30 +02:00
|
|
|
|
2005-12-03 03:01:18 +01:00
|
|
|
resolve = HT_FIND(cache_map, &cache_root, &search);
|
2007-07-17 04:53:17 +02:00
|
|
|
if (!resolve)
|
|
|
|
return;
|
|
|
|
|
2007-07-18 22:46:10 +02:00
|
|
|
if (resolve->state != CACHE_STATE_PENDING) {
|
2007-10-10 06:37:38 +02:00
|
|
|
/* We can get into this state if we never actually created the pending
|
|
|
|
* resolve, due to finding an earlier cached error or something. Just
|
|
|
|
* ignore it. */
|
|
|
|
if (resolve->pending_connections) {
|
|
|
|
log_warn(LD_BUG,
|
|
|
|
"Address %s is not pending but has pending connections!",
|
|
|
|
escaped_safe_str(address));
|
|
|
|
tor_fragile_assert();
|
|
|
|
}
|
2003-06-25 09:19:30 +02:00
|
|
|
return;
|
|
|
|
}
|
|
|
|
|
2005-01-04 07:21:06 +01:00
|
|
|
if (!resolve->pending_connections) {
|
2006-02-13 10:37:53 +01:00
|
|
|
log_warn(LD_BUG,
|
2007-03-04 21:11:46 +01:00
|
|
|
"Address %s is pending but has no pending connections!",
|
2006-03-19 04:55:48 +01:00
|
|
|
escaped_safe_str(address));
|
2005-04-26 20:52:16 +02:00
|
|
|
tor_fragile_assert();
|
2005-01-04 07:21:06 +01:00
|
|
|
return;
|
|
|
|
}
|
2004-04-25 22:37:37 +02:00
|
|
|
tor_assert(resolve->pending_connections);
|
2003-06-25 09:19:30 +02:00
|
|
|
|
2004-02-28 23:23:44 +01:00
|
|
|
/* mark all pending connections to fail */
|
2006-02-13 10:37:53 +01:00
|
|
|
log_debug(LD_EXIT,
|
2006-03-19 04:55:48 +01:00
|
|
|
"Failing all connections waiting on DNS resolve of %s",
|
|
|
|
escaped_safe_str(address));
|
2004-11-28 10:05:49 +01:00
|
|
|
while (resolve->pending_connections) {
|
2003-06-25 09:19:30 +02:00
|
|
|
pend = resolve->pending_connections;
|
2012-10-12 18:22:13 +02:00
|
|
|
pend->conn->base_.state = EXIT_CONN_STATE_RESOLVEFAILED;
|
2004-06-02 20:32:24 +02:00
|
|
|
pendconn = pend->conn;
|
2006-07-26 21:07:26 +02:00
|
|
|
assert_connection_ok(TO_CONN(pendconn), 0);
|
2012-10-12 18:22:13 +02:00
|
|
|
tor_assert(!SOCKET_OK(pendconn->base_.s));
|
|
|
|
if (!pendconn->base_.marked_for_close) {
|
2008-02-16 00:39:08 +01:00
|
|
|
connection_edge_end(pendconn, END_STREAM_REASON_RESOLVEFAILED);
|
2004-05-20 01:32:20 +02:00
|
|
|
}
|
2005-04-06 08:43:21 +02:00
|
|
|
circ = circuit_get_by_edge_conn(pendconn);
|
2005-01-28 09:53:47 +01:00
|
|
|
if (circ)
|
|
|
|
circuit_detach_stream(circ, pendconn);
|
2012-10-12 18:22:13 +02:00
|
|
|
if (!pendconn->base_.marked_for_close)
|
2017-11-21 14:39:07 +01:00
|
|
|
connection_free_(TO_CONN(pendconn));
|
2004-03-04 19:43:44 +01:00
|
|
|
resolve->pending_connections = pend->next;
|
|
|
|
tor_free(pend);
|
2004-02-28 23:23:44 +01:00
|
|
|
}
|
|
|
|
|
2006-07-27 20:35:56 +02:00
|
|
|
tmp = HT_REMOVE(cache_map, &cache_root, resolve);
|
2006-07-31 20:01:18 +02:00
|
|
|
if (tmp != resolve) {
|
|
|
|
log_err(LD_BUG, "The cancelled resolve we purged didn't match any in"
|
|
|
|
" the cache. Tried to purge %s (%p); instead got %s (%p).",
|
2006-08-11 09:09:45 +02:00
|
|
|
resolve->address, (void*)resolve,
|
|
|
|
tmp ? tmp->address : "NULL", (void*)tmp);
|
2006-07-31 20:01:18 +02:00
|
|
|
}
|
2006-07-27 20:35:56 +02:00
|
|
|
tor_assert(tmp == resolve);
|
2006-09-06 22:22:05 +02:00
|
|
|
|
|
|
|
resolve->state = CACHE_STATE_DONE;
|
2003-06-25 09:19:30 +02:00
|
|
|
}
|
|
|
|
|
2007-01-24 01:20:49 +01:00
|
|
|
/** Return true iff <b>address</b> is one of the addresses we use to verify
|
|
|
|
* that well-known sites aren't being hijacked by our DNS servers. */
|
2015-12-10 16:19:43 +01:00
|
|
|
static inline int
|
2007-01-06 07:26:46 +01:00
|
|
|
is_test_address(const char *address)
|
|
|
|
{
|
2011-06-14 19:01:38 +02:00
|
|
|
const or_options_t *options = get_options();
|
2007-01-06 07:26:46 +01:00
|
|
|
return options->ServerDNSTestAddresses &&
|
2012-04-11 18:50:50 +02:00
|
|
|
smartlist_contains_string_case(options->ServerDNSTestAddresses, address);
|
2007-01-06 07:26:46 +01:00
|
|
|
}
|
|
|
|
|
2012-11-14 21:20:28 +01:00
|
|
|
/** Called on the OR side when the eventdns library tells us the outcome of a
|
|
|
|
* single DNS resolve: remember the answer, and tell all pending connections
|
|
|
|
* about the result of the lookup if the lookup is now done. (<b>address</b>
|
|
|
|
* is a NUL-terminated string containing the address to look up;
|
|
|
|
* <b>query_type</b> is one of DNS_{IPv4_A,IPv6_AAAA,PTR}; <b>dns_answer</b>
|
|
|
|
* is DNS_OK or one of DNS_ERR_*, <b>addr</b> is an IPv4 or IPv6 address if we
|
|
|
|
* got one; <b>hostname</b> is a hostname fora PTR request if we got one, and
|
|
|
|
* <b>ttl</b> is the time-to-live of this answer, in seconds.)
|
2004-05-05 23:32:43 +02:00
|
|
|
*/
|
2005-06-11 20:52:12 +02:00
|
|
|
static void
|
Revise the DNS subsystem to handle IPv6 exits.
Now, every cached_resolve_t can remember an IPv4 result *and* an IPv6
result. As a light protection against timing-based distinguishers for
IPv6 users (and against complexity!), every forward request generates
an IPv4 *and* an IPv6 request, assuming that we're an IPv6 exit. Once
we have answers or errors for both, we act accordingly.
This patch additionally makes some useful refactorings in the dns.c
code, though there is quite a bit more of useful refactoring that could
be done.
Additionally, have a new interface for the argument passed to the
evdns_callback function. Previously, it was just the original address
we were resolving. But it turns out that, on error, evdns doesn't
tell you the type of the query, so on a failure we didn't know whether
IPv4 or IPv6 queries were failing.
The new convention is to have the first byte of that argument include
the query type. I've refactored the code a bit to make that simpler.
2012-11-05 19:26:29 +01:00
|
|
|
dns_found_answer(const char *address, uint8_t query_type,
|
|
|
|
int dns_answer,
|
|
|
|
const tor_addr_t *addr,
|
|
|
|
const char *hostname, uint32_t ttl)
|
2005-06-11 20:52:12 +02:00
|
|
|
{
|
2005-07-22 23:12:10 +02:00
|
|
|
cached_resolve_t search;
|
Revise the DNS subsystem to handle IPv6 exits.
Now, every cached_resolve_t can remember an IPv4 result *and* an IPv6
result. As a light protection against timing-based distinguishers for
IPv6 users (and against complexity!), every forward request generates
an IPv4 *and* an IPv6 request, assuming that we're an IPv6 exit. Once
we have answers or errors for both, we act accordingly.
This patch additionally makes some useful refactorings in the dns.c
code, though there is quite a bit more of useful refactoring that could
be done.
Additionally, have a new interface for the argument passed to the
evdns_callback function. Previously, it was just the original address
we were resolving. But it turns out that, on error, evdns doesn't
tell you the type of the query, so on a failure we didn't know whether
IPv4 or IPv6 queries were failing.
The new convention is to have the first byte of that argument include
the query type. I've refactored the code a bit to make that simpler.
2012-11-05 19:26:29 +01:00
|
|
|
cached_resolve_t *resolve;
|
2003-02-14 08:53:55 +01:00
|
|
|
|
2006-07-11 22:51:58 +02:00
|
|
|
assert_cache_ok();
|
|
|
|
|
2004-10-27 08:03:28 +02:00
|
|
|
strlcpy(search.address, address, sizeof(search.address));
|
2003-02-14 08:53:55 +01:00
|
|
|
|
2005-12-03 03:01:18 +01:00
|
|
|
resolve = HT_FIND(cache_map, &cache_root, &search);
|
2004-11-28 10:05:49 +01:00
|
|
|
if (!resolve) {
|
2007-01-06 07:26:46 +01:00
|
|
|
int is_test_addr = is_test_address(address);
|
|
|
|
if (!is_test_addr)
|
Revise the DNS subsystem to handle IPv6 exits.
Now, every cached_resolve_t can remember an IPv4 result *and* an IPv6
result. As a light protection against timing-based distinguishers for
IPv6 users (and against complexity!), every forward request generates
an IPv4 *and* an IPv6 request, assuming that we're an IPv6 exit. Once
we have answers or errors for both, we act accordingly.
This patch additionally makes some useful refactorings in the dns.c
code, though there is quite a bit more of useful refactoring that could
be done.
Additionally, have a new interface for the argument passed to the
evdns_callback function. Previously, it was just the original address
we were resolving. But it turns out that, on error, evdns doesn't
tell you the type of the query, so on a failure we didn't know whether
IPv4 or IPv6 queries were failing.
The new convention is to have the first byte of that argument include
the query type. I've refactored the code a bit to make that simpler.
2012-11-05 19:26:29 +01:00
|
|
|
log_info(LD_EXIT,"Resolved unasked address %s; ignoring.",
|
2006-12-28 22:29:11 +01:00
|
|
|
escaped_safe_str(address));
|
2003-06-25 09:19:30 +02:00
|
|
|
return;
|
2003-02-14 08:53:55 +01:00
|
|
|
}
|
2006-07-27 19:16:10 +02:00
|
|
|
assert_resolve_ok(resolve);
|
2003-02-14 08:53:55 +01:00
|
|
|
|
2003-11-08 05:02:05 +01:00
|
|
|
if (resolve->state != CACHE_STATE_PENDING) {
|
2008-12-18 17:11:03 +01:00
|
|
|
/* XXXX Maybe update addr? or check addr for consistency? Or let
|
2004-05-05 23:32:43 +02:00
|
|
|
* VALID replace FAILED? */
|
2007-01-06 07:26:46 +01:00
|
|
|
int is_test_addr = is_test_address(address);
|
|
|
|
if (!is_test_addr)
|
|
|
|
log_notice(LD_EXIT,
|
|
|
|
"Resolved %s which was already resolved; ignoring",
|
|
|
|
escaped_safe_str(address));
|
2004-04-25 22:37:37 +02:00
|
|
|
tor_assert(resolve->pending_connections == NULL);
|
2003-11-08 05:02:05 +01:00
|
|
|
return;
|
|
|
|
}
|
Revise the DNS subsystem to handle IPv6 exits.
Now, every cached_resolve_t can remember an IPv4 result *and* an IPv6
result. As a light protection against timing-based distinguishers for
IPv6 users (and against complexity!), every forward request generates
an IPv4 *and* an IPv6 request, assuming that we're an IPv6 exit. Once
we have answers or errors for both, we act accordingly.
This patch additionally makes some useful refactorings in the dns.c
code, though there is quite a bit more of useful refactoring that could
be done.
Additionally, have a new interface for the argument passed to the
evdns_callback function. Previously, it was just the original address
we were resolving. But it turns out that, on error, evdns doesn't
tell you the type of the query, so on a failure we didn't know whether
IPv4 or IPv6 queries were failing.
The new convention is to have the first byte of that argument include
the query type. I've refactored the code a bit to make that simpler.
2012-11-05 19:26:29 +01:00
|
|
|
|
|
|
|
cached_resolve_add_answer(resolve, query_type, dns_answer,
|
|
|
|
addr, hostname, ttl);
|
|
|
|
|
|
|
|
if (cached_resolve_have_all_answers(resolve)) {
|
|
|
|
inform_pending_connections(resolve);
|
|
|
|
|
|
|
|
make_pending_resolve_cached(resolve);
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2012-11-14 21:20:28 +01:00
|
|
|
/** Given a pending cached_resolve_t that we just finished resolving,
|
|
|
|
* inform every connection that was waiting for the outcome of that
|
2016-10-15 02:08:51 +02:00
|
|
|
* resolution.
|
|
|
|
*
|
|
|
|
* Do this by sending a RELAY_RESOLVED cell (if the pending stream had sent us
|
|
|
|
* RELAY_RESOLVE cell), or by launching an exit connection (if the pending
|
|
|
|
* stream had send us a RELAY_BEGIN cell).
|
|
|
|
*/
|
Revise the DNS subsystem to handle IPv6 exits.
Now, every cached_resolve_t can remember an IPv4 result *and* an IPv6
result. As a light protection against timing-based distinguishers for
IPv6 users (and against complexity!), every forward request generates
an IPv4 *and* an IPv6 request, assuming that we're an IPv6 exit. Once
we have answers or errors for both, we act accordingly.
This patch additionally makes some useful refactorings in the dns.c
code, though there is quite a bit more of useful refactoring that could
be done.
Additionally, have a new interface for the argument passed to the
evdns_callback function. Previously, it was just the original address
we were resolving. But it turns out that, on error, evdns doesn't
tell you the type of the query, so on a failure we didn't know whether
IPv4 or IPv6 queries were failing.
The new convention is to have the first byte of that argument include
the query type. I've refactored the code a bit to make that simpler.
2012-11-05 19:26:29 +01:00
|
|
|
static void
|
|
|
|
inform_pending_connections(cached_resolve_t *resolve)
|
|
|
|
{
|
|
|
|
pending_connection_t *pend;
|
|
|
|
edge_connection_t *pendconn;
|
|
|
|
int r;
|
2003-02-14 08:53:55 +01:00
|
|
|
|
2004-11-28 10:05:49 +01:00
|
|
|
while (resolve->pending_connections) {
|
Revise the DNS subsystem to handle IPv6 exits.
Now, every cached_resolve_t can remember an IPv4 result *and* an IPv6
result. As a light protection against timing-based distinguishers for
IPv6 users (and against complexity!), every forward request generates
an IPv4 *and* an IPv6 request, assuming that we're an IPv6 exit. Once
we have answers or errors for both, we act accordingly.
This patch additionally makes some useful refactorings in the dns.c
code, though there is quite a bit more of useful refactoring that could
be done.
Additionally, have a new interface for the argument passed to the
evdns_callback function. Previously, it was just the original address
we were resolving. But it turns out that, on error, evdns doesn't
tell you the type of the query, so on a failure we didn't know whether
IPv4 or IPv6 queries were failing.
The new convention is to have the first byte of that argument include
the query type. I've refactored the code a bit to make that simpler.
2012-11-05 19:26:29 +01:00
|
|
|
char *hostname = NULL;
|
2003-02-14 08:53:55 +01:00
|
|
|
pend = resolve->pending_connections;
|
2004-06-17 20:13:09 +02:00
|
|
|
pendconn = pend->conn; /* don't pass complex things to the
|
|
|
|
connection_mark_for_close macro */
|
2006-07-27 19:16:10 +02:00
|
|
|
assert_connection_ok(TO_CONN(pendconn),time(NULL));
|
Revise the DNS subsystem to handle IPv6 exits.
Now, every cached_resolve_t can remember an IPv4 result *and* an IPv6
result. As a light protection against timing-based distinguishers for
IPv6 users (and against complexity!), every forward request generates
an IPv4 *and* an IPv6 request, assuming that we're an IPv6 exit. Once
we have answers or errors for both, we act accordingly.
This patch additionally makes some useful refactorings in the dns.c
code, though there is quite a bit more of useful refactoring that could
be done.
Additionally, have a new interface for the argument passed to the
evdns_callback function. Previously, it was just the original address
we were resolving. But it turns out that, on error, evdns doesn't
tell you the type of the query, so on a failure we didn't know whether
IPv4 or IPv6 queries were failing.
The new convention is to have the first byte of that argument include
the query type. I've refactored the code a bit to make that simpler.
2012-11-05 19:26:29 +01:00
|
|
|
|
2012-10-12 18:22:13 +02:00
|
|
|
if (pendconn->base_.marked_for_close) {
|
2012-08-17 22:46:11 +02:00
|
|
|
/* prevent double-remove. */
|
2012-10-12 18:22:13 +02:00
|
|
|
pendconn->base_.state = EXIT_CONN_STATE_RESOLVEFAILED;
|
2012-08-17 22:46:11 +02:00
|
|
|
resolve->pending_connections = pend->next;
|
|
|
|
tor_free(pend);
|
|
|
|
continue;
|
|
|
|
}
|
2004-04-09 23:31:09 +02:00
|
|
|
|
Revise the DNS subsystem to handle IPv6 exits.
Now, every cached_resolve_t can remember an IPv4 result *and* an IPv6
result. As a light protection against timing-based distinguishers for
IPv6 users (and against complexity!), every forward request generates
an IPv4 *and* an IPv6 request, assuming that we're an IPv6 exit. Once
we have answers or errors for both, we act accordingly.
This patch additionally makes some useful refactorings in the dns.c
code, though there is quite a bit more of useful refactoring that could
be done.
Additionally, have a new interface for the argument passed to the
evdns_callback function. Previously, it was just the original address
we were resolving. But it turns out that, on error, evdns doesn't
tell you the type of the query, so on a failure we didn't know whether
IPv4 or IPv6 queries were failing.
The new convention is to have the first byte of that argument include
the query type. I've refactored the code a bit to make that simpler.
2012-11-05 19:26:29 +01:00
|
|
|
r = set_exitconn_info_from_resolve(pendconn,
|
|
|
|
resolve,
|
|
|
|
&hostname);
|
|
|
|
|
|
|
|
if (r < 0) {
|
2004-04-11 19:07:45 +02:00
|
|
|
/* prevent double-remove. */
|
2012-10-12 18:22:13 +02:00
|
|
|
pendconn->base_.state = EXIT_CONN_STATE_RESOLVEFAILED;
|
|
|
|
if (pendconn->base_.purpose == EXIT_PURPOSE_CONNECT) {
|
2007-03-24 16:57:51 +01:00
|
|
|
connection_edge_end(pendconn, END_STREAM_REASON_RESOLVEFAILED);
|
2004-09-21 19:33:05 +02:00
|
|
|
/* This detach must happen after we send the end cell. */
|
2005-04-06 08:43:21 +02:00
|
|
|
circuit_detach_stream(circuit_get_by_edge_conn(pendconn), pendconn);
|
2004-09-21 18:42:07 +02:00
|
|
|
} else {
|
Revise the DNS subsystem to handle IPv6 exits.
Now, every cached_resolve_t can remember an IPv4 result *and* an IPv6
result. As a light protection against timing-based distinguishers for
IPv6 users (and against complexity!), every forward request generates
an IPv4 *and* an IPv6 request, assuming that we're an IPv6 exit. Once
we have answers or errors for both, we act accordingly.
This patch additionally makes some useful refactorings in the dns.c
code, though there is quite a bit more of useful refactoring that could
be done.
Additionally, have a new interface for the argument passed to the
evdns_callback function. Previously, it was just the original address
we were resolving. But it turns out that, on error, evdns doesn't
tell you the type of the query, so on a failure we didn't know whether
IPv4 or IPv6 queries were failing.
The new convention is to have the first byte of that argument include
the query type. I've refactored the code a bit to make that simpler.
2012-11-05 19:26:29 +01:00
|
|
|
send_resolved_cell(pendconn, r == -1 ?
|
2012-11-15 04:06:13 +01:00
|
|
|
RESOLVED_TYPE_ERROR : RESOLVED_TYPE_ERROR_TRANSIENT,
|
|
|
|
NULL);
|
2004-09-21 18:42:07 +02:00
|
|
|
/* This detach must happen after we send the resolved cell. */
|
2005-04-06 08:43:21 +02:00
|
|
|
circuit_detach_stream(circuit_get_by_edge_conn(pendconn), pendconn);
|
2004-09-21 18:42:07 +02:00
|
|
|
}
|
2017-11-21 14:39:07 +01:00
|
|
|
connection_free_(TO_CONN(pendconn));
|
2004-02-22 21:50:20 +01:00
|
|
|
} else {
|
Revise the DNS subsystem to handle IPv6 exits.
Now, every cached_resolve_t can remember an IPv4 result *and* an IPv6
result. As a light protection against timing-based distinguishers for
IPv6 users (and against complexity!), every forward request generates
an IPv4 *and* an IPv6 request, assuming that we're an IPv6 exit. Once
we have answers or errors for both, we act accordingly.
This patch additionally makes some useful refactorings in the dns.c
code, though there is quite a bit more of useful refactoring that could
be done.
Additionally, have a new interface for the argument passed to the
evdns_callback function. Previously, it was just the original address
we were resolving. But it turns out that, on error, evdns doesn't
tell you the type of the query, so on a failure we didn't know whether
IPv4 or IPv6 queries were failing.
The new convention is to have the first byte of that argument include
the query type. I've refactored the code a bit to make that simpler.
2012-11-05 19:26:29 +01:00
|
|
|
circuit_t *circ;
|
2012-10-12 18:22:13 +02:00
|
|
|
if (pendconn->base_.purpose == EXIT_PURPOSE_CONNECT) {
|
2004-06-17 20:13:09 +02:00
|
|
|
/* prevent double-remove. */
|
2012-10-12 18:22:13 +02:00
|
|
|
pend->conn->base_.state = EXIT_CONN_STATE_CONNECTING;
|
2004-06-17 20:13:09 +02:00
|
|
|
|
2005-04-06 08:43:21 +02:00
|
|
|
circ = circuit_get_by_edge_conn(pend->conn);
|
2004-06-17 20:13:09 +02:00
|
|
|
tor_assert(circ);
|
2006-07-23 09:37:35 +02:00
|
|
|
tor_assert(!CIRCUIT_IS_ORIGIN(circ));
|
2004-06-17 20:13:09 +02:00
|
|
|
/* unlink pend->conn from resolving_streams, */
|
|
|
|
circuit_detach_stream(circ, pend->conn);
|
|
|
|
/* and link it to n_streams */
|
2006-07-23 09:37:35 +02:00
|
|
|
pend->conn->next_stream = TO_OR_CIRCUIT(circ)->n_streams;
|
2005-04-06 08:13:49 +02:00
|
|
|
pend->conn->on_circuit = circ;
|
2006-07-23 09:37:35 +02:00
|
|
|
TO_OR_CIRCUIT(circ)->n_streams = pend->conn;
|
2004-06-17 20:13:09 +02:00
|
|
|
|
|
|
|
connection_exit_connect(pend->conn);
|
|
|
|
} else {
|
|
|
|
/* prevent double-remove. This isn't really an accurate state,
|
|
|
|
* but it does the right thing. */
|
2012-10-12 18:22:13 +02:00
|
|
|
pendconn->base_.state = EXIT_CONN_STATE_RESOLVEFAILED;
|
Revise the DNS subsystem to handle IPv6 exits.
Now, every cached_resolve_t can remember an IPv4 result *and* an IPv6
result. As a light protection against timing-based distinguishers for
IPv6 users (and against complexity!), every forward request generates
an IPv4 *and* an IPv6 request, assuming that we're an IPv6 exit. Once
we have answers or errors for both, we act accordingly.
This patch additionally makes some useful refactorings in the dns.c
code, though there is quite a bit more of useful refactoring that could
be done.
Additionally, have a new interface for the argument passed to the
evdns_callback function. Previously, it was just the original address
we were resolving. But it turns out that, on error, evdns doesn't
tell you the type of the query, so on a failure we didn't know whether
IPv4 or IPv6 queries were failing.
The new convention is to have the first byte of that argument include
the query type. I've refactored the code a bit to make that simpler.
2012-11-05 19:26:29 +01:00
|
|
|
if (pendconn->is_reverse_dns_lookup)
|
2007-03-24 16:58:11 +01:00
|
|
|
send_resolved_hostname_cell(pendconn, hostname);
|
2006-09-21 23:48:06 +02:00
|
|
|
else
|
2012-11-15 04:06:13 +01:00
|
|
|
send_resolved_cell(pendconn, RESOLVED_TYPE_AUTO, resolve);
|
2005-04-06 08:43:21 +02:00
|
|
|
circ = circuit_get_by_edge_conn(pendconn);
|
2004-06-17 20:13:09 +02:00
|
|
|
tor_assert(circ);
|
|
|
|
circuit_detach_stream(circ, pendconn);
|
2017-11-21 14:39:07 +01:00
|
|
|
connection_free_(TO_CONN(pendconn));
|
2004-06-17 20:13:09 +02:00
|
|
|
}
|
2004-02-22 21:50:20 +01:00
|
|
|
}
|
2004-03-04 19:43:44 +01:00
|
|
|
resolve->pending_connections = pend->next;
|
|
|
|
tor_free(pend);
|
2014-04-08 05:29:47 +02:00
|
|
|
tor_free(hostname);
|
2003-02-14 08:53:55 +01:00
|
|
|
}
|
Revise the DNS subsystem to handle IPv6 exits.
Now, every cached_resolve_t can remember an IPv4 result *and* an IPv6
result. As a light protection against timing-based distinguishers for
IPv6 users (and against complexity!), every forward request generates
an IPv4 *and* an IPv6 request, assuming that we're an IPv6 exit. Once
we have answers or errors for both, we act accordingly.
This patch additionally makes some useful refactorings in the dns.c
code, though there is quite a bit more of useful refactoring that could
be done.
Additionally, have a new interface for the argument passed to the
evdns_callback function. Previously, it was just the original address
we were resolving. But it turns out that, on error, evdns doesn't
tell you the type of the query, so on a failure we didn't know whether
IPv4 or IPv6 queries were failing.
The new convention is to have the first byte of that argument include
the query type. I've refactored the code a bit to make that simpler.
2012-11-05 19:26:29 +01:00
|
|
|
}
|
|
|
|
|
2012-11-14 21:20:28 +01:00
|
|
|
/** Remove a pending cached_resolve_t from the hashtable, and add a
|
|
|
|
* corresponding cached cached_resolve_t.
|
|
|
|
*
|
|
|
|
* This function is only necessary because of the perversity of our
|
|
|
|
* cache timeout code; see inline comment for ideas on eliminating it.
|
|
|
|
**/
|
Revise the DNS subsystem to handle IPv6 exits.
Now, every cached_resolve_t can remember an IPv4 result *and* an IPv6
result. As a light protection against timing-based distinguishers for
IPv6 users (and against complexity!), every forward request generates
an IPv4 *and* an IPv6 request, assuming that we're an IPv6 exit. Once
we have answers or errors for both, we act accordingly.
This patch additionally makes some useful refactorings in the dns.c
code, though there is quite a bit more of useful refactoring that could
be done.
Additionally, have a new interface for the argument passed to the
evdns_callback function. Previously, it was just the original address
we were resolving. But it turns out that, on error, evdns doesn't
tell you the type of the query, so on a failure we didn't know whether
IPv4 or IPv6 queries were failing.
The new convention is to have the first byte of that argument include
the query type. I've refactored the code a bit to make that simpler.
2012-11-05 19:26:29 +01:00
|
|
|
static void
|
|
|
|
make_pending_resolve_cached(cached_resolve_t *resolve)
|
|
|
|
{
|
|
|
|
cached_resolve_t *removed;
|
2004-03-12 19:45:42 +01:00
|
|
|
|
2006-07-31 20:01:18 +02:00
|
|
|
resolve->state = CACHE_STATE_DONE;
|
Revise the DNS subsystem to handle IPv6 exits.
Now, every cached_resolve_t can remember an IPv4 result *and* an IPv6
result. As a light protection against timing-based distinguishers for
IPv6 users (and against complexity!), every forward request generates
an IPv4 *and* an IPv6 request, assuming that we're an IPv6 exit. Once
we have answers or errors for both, we act accordingly.
This patch additionally makes some useful refactorings in the dns.c
code, though there is quite a bit more of useful refactoring that could
be done.
Additionally, have a new interface for the argument passed to the
evdns_callback function. Previously, it was just the original address
we were resolving. But it turns out that, on error, evdns doesn't
tell you the type of the query, so on a failure we didn't know whether
IPv4 or IPv6 queries were failing.
The new convention is to have the first byte of that argument include
the query type. I've refactored the code a bit to make that simpler.
2012-11-05 19:26:29 +01:00
|
|
|
removed = HT_REMOVE(cache_map, &cache_root, resolve);
|
2006-07-31 20:01:18 +02:00
|
|
|
if (removed != resolve) {
|
|
|
|
log_err(LD_BUG, "The pending resolve we found wasn't removable from"
|
|
|
|
" the cache. Tried to purge %s (%p); instead got %s (%p).",
|
2006-08-11 09:09:45 +02:00
|
|
|
resolve->address, (void*)resolve,
|
|
|
|
removed ? removed->address : "NULL", (void*)removed);
|
2004-03-12 19:45:42 +01:00
|
|
|
}
|
2006-07-31 20:01:18 +02:00
|
|
|
assert_resolve_ok(resolve);
|
|
|
|
assert_cache_ok();
|
Revise the DNS subsystem to handle IPv6 exits.
Now, every cached_resolve_t can remember an IPv4 result *and* an IPv6
result. As a light protection against timing-based distinguishers for
IPv6 users (and against complexity!), every forward request generates
an IPv4 *and* an IPv6 request, assuming that we're an IPv6 exit. Once
we have answers or errors for both, we act accordingly.
This patch additionally makes some useful refactorings in the dns.c
code, though there is quite a bit more of useful refactoring that could
be done.
Additionally, have a new interface for the argument passed to the
evdns_callback function. Previously, it was just the original address
we were resolving. But it turns out that, on error, evdns doesn't
tell you the type of the query, so on a failure we didn't know whether
IPv4 or IPv6 queries were failing.
The new convention is to have the first byte of that argument include
the query type. I've refactored the code a bit to make that simpler.
2012-11-05 19:26:29 +01:00
|
|
|
/* The resolve will eventually just hit the time-out in the expiry queue and
|
|
|
|
* expire. See fd0bafb0dedc7e2 for a brief explanation of how this got that
|
|
|
|
* way. XXXXX we could do better!*/
|
|
|
|
|
|
|
|
{
|
|
|
|
cached_resolve_t *new_resolve = tor_memdup(resolve,
|
|
|
|
sizeof(cached_resolve_t));
|
|
|
|
uint32_t ttl = UINT32_MAX;
|
2012-11-06 19:35:31 +01:00
|
|
|
new_resolve->expire = 0; /* So that set_expiry won't croak. */
|
Revise the DNS subsystem to handle IPv6 exits.
Now, every cached_resolve_t can remember an IPv4 result *and* an IPv6
result. As a light protection against timing-based distinguishers for
IPv6 users (and against complexity!), every forward request generates
an IPv4 *and* an IPv6 request, assuming that we're an IPv6 exit. Once
we have answers or errors for both, we act accordingly.
This patch additionally makes some useful refactorings in the dns.c
code, though there is quite a bit more of useful refactoring that could
be done.
Additionally, have a new interface for the argument passed to the
evdns_callback function. Previously, it was just the original address
we were resolving. But it turns out that, on error, evdns doesn't
tell you the type of the query, so on a failure we didn't know whether
IPv4 or IPv6 queries were failing.
The new convention is to have the first byte of that argument include
the query type. I've refactored the code a bit to make that simpler.
2012-11-05 19:26:29 +01:00
|
|
|
if (resolve->res_status_hostname == RES_STATUS_DONE_OK)
|
|
|
|
new_resolve->result_ptr.hostname =
|
|
|
|
tor_strdup(resolve->result_ptr.hostname);
|
|
|
|
|
|
|
|
new_resolve->state = CACHE_STATE_CACHED;
|
|
|
|
|
|
|
|
assert_resolve_ok(new_resolve);
|
|
|
|
HT_INSERT(cache_map, &cache_root, new_resolve);
|
|
|
|
|
|
|
|
if ((resolve->res_status_ipv4 == RES_STATUS_DONE_OK ||
|
|
|
|
resolve->res_status_ipv4 == RES_STATUS_DONE_ERR) &&
|
|
|
|
resolve->ttl_ipv4 < ttl)
|
|
|
|
ttl = resolve->ttl_ipv4;
|
|
|
|
|
|
|
|
if ((resolve->res_status_ipv6 == RES_STATUS_DONE_OK ||
|
|
|
|
resolve->res_status_ipv6 == RES_STATUS_DONE_ERR) &&
|
|
|
|
resolve->ttl_ipv6 < ttl)
|
|
|
|
ttl = resolve->ttl_ipv6;
|
|
|
|
|
|
|
|
if ((resolve->res_status_hostname == RES_STATUS_DONE_OK ||
|
|
|
|
resolve->res_status_hostname == RES_STATUS_DONE_ERR) &&
|
|
|
|
resolve->ttl_hostname < ttl)
|
|
|
|
ttl = resolve->ttl_hostname;
|
|
|
|
|
2017-01-02 20:55:39 +01:00
|
|
|
set_expiry(new_resolve, time(NULL) + dns_clip_ttl(ttl));
|
Revise the DNS subsystem to handle IPv6 exits.
Now, every cached_resolve_t can remember an IPv4 result *and* an IPv6
result. As a light protection against timing-based distinguishers for
IPv6 users (and against complexity!), every forward request generates
an IPv4 *and* an IPv6 request, assuming that we're an IPv6 exit. Once
we have answers or errors for both, we act accordingly.
This patch additionally makes some useful refactorings in the dns.c
code, though there is quite a bit more of useful refactoring that could
be done.
Additionally, have a new interface for the argument passed to the
evdns_callback function. Previously, it was just the original address
we were resolving. But it turns out that, on error, evdns doesn't
tell you the type of the query, so on a failure we didn't know whether
IPv4 or IPv6 queries were failing.
The new convention is to have the first byte of that argument include
the query type. I've refactored the code a bit to make that simpler.
2012-11-05 19:26:29 +01:00
|
|
|
}
|
2006-07-11 22:51:58 +02:00
|
|
|
|
|
|
|
assert_cache_ok();
|
2003-02-14 08:53:55 +01:00
|
|
|
}
|
|
|
|
|
2006-08-28 05:16:02 +02:00
|
|
|
/** Eventdns helper: return true iff the eventdns result <b>err</b> is
|
|
|
|
* a transient failure. */
|
2006-06-03 22:52:24 +02:00
|
|
|
static int
|
2006-09-24 19:52:23 +02:00
|
|
|
evdns_err_is_transient(int err)
|
2006-06-03 22:52:24 +02:00
|
|
|
{
|
|
|
|
switch (err)
|
|
|
|
{
|
|
|
|
case DNS_ERR_SERVERFAILED:
|
|
|
|
case DNS_ERR_TRUNCATED:
|
|
|
|
case DNS_ERR_TIMEOUT:
|
|
|
|
return 1;
|
|
|
|
default:
|
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
}
|
2006-08-27 03:41:08 +02:00
|
|
|
|
2006-08-28 05:16:02 +02:00
|
|
|
/** Configure eventdns nameservers if force is true, or if the configuration
|
2008-12-10 21:45:31 +01:00
|
|
|
* has changed since the last time we called this function, or if we failed on
|
|
|
|
* our last attempt. On Unix, this reads from /etc/resolv.conf or
|
|
|
|
* options->ServerDNSResolvConfFile; on Windows, this reads from
|
|
|
|
* options->ServerDNSResolvConfFile or the registry. Return 0 on success or
|
|
|
|
* -1 on failure. */
|
2006-08-14 23:44:34 +02:00
|
|
|
static int
|
2006-08-28 05:15:55 +02:00
|
|
|
configure_nameservers(int force)
|
2006-08-04 20:24:41 +02:00
|
|
|
{
|
2011-06-14 19:01:38 +02:00
|
|
|
const or_options_t *options;
|
2006-08-28 05:15:50 +02:00
|
|
|
const char *conf_fname;
|
|
|
|
struct stat st;
|
2013-08-19 10:41:46 +02:00
|
|
|
int r, flags;
|
2006-08-04 20:24:41 +02:00
|
|
|
options = get_options();
|
2006-09-21 23:48:16 +02:00
|
|
|
conf_fname = options->ServerDNSResolvConfFile;
|
2012-01-31 16:59:42 +01:00
|
|
|
#ifndef _WIN32
|
2006-08-28 05:15:55 +02:00
|
|
|
if (!conf_fname)
|
|
|
|
conf_fname = "/etc/resolv.conf";
|
2006-08-28 05:15:50 +02:00
|
|
|
#endif
|
2013-08-19 10:41:46 +02:00
|
|
|
flags = DNS_OPTIONS_ALL;
|
2006-08-28 05:15:50 +02:00
|
|
|
|
2009-10-13 23:54:04 +02:00
|
|
|
if (!the_evdns_base) {
|
|
|
|
if (!(the_evdns_base = evdns_base_new(tor_libevent_get_base(), 0))) {
|
|
|
|
log_err(LD_BUG, "Couldn't create an evdns_base");
|
|
|
|
return -1;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2006-09-24 19:52:23 +02:00
|
|
|
evdns_set_log_fn(evdns_log_cb);
|
2006-08-28 05:15:50 +02:00
|
|
|
if (conf_fname) {
|
2014-04-16 19:17:09 +02:00
|
|
|
log_debug(LD_FS, "stat()ing %s", conf_fname);
|
2013-08-12 20:14:43 +02:00
|
|
|
if (stat(sandbox_intern_string(conf_fname), &st)) {
|
2007-02-01 19:09:27 +01:00
|
|
|
log_warn(LD_EXIT, "Unable to stat resolver configuration in '%s': %s",
|
|
|
|
conf_fname, strerror(errno));
|
2008-12-10 21:45:31 +01:00
|
|
|
goto err;
|
2006-08-28 05:15:55 +02:00
|
|
|
}
|
|
|
|
if (!force && resolv_conf_fname && !strcmp(conf_fname,resolv_conf_fname)
|
|
|
|
&& st.st_mtime == resolv_conf_mtime) {
|
|
|
|
log_info(LD_EXIT, "No change to '%s'", conf_fname);
|
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
if (nameservers_configured) {
|
2009-10-13 23:54:04 +02:00
|
|
|
evdns_base_search_clear(the_evdns_base);
|
|
|
|
evdns_base_clear_nameservers_and_suspend(the_evdns_base);
|
2006-08-28 05:15:55 +02:00
|
|
|
}
|
2013-09-20 02:25:05 +02:00
|
|
|
#if defined(DNS_OPTION_HOSTSFILE) && defined(USE_LIBSECCOMP)
|
2013-08-19 10:41:46 +02:00
|
|
|
if (flags & DNS_OPTION_HOSTSFILE) {
|
|
|
|
flags ^= DNS_OPTION_HOSTSFILE;
|
2014-04-16 19:17:09 +02:00
|
|
|
log_debug(LD_FS, "Loading /etc/hosts");
|
2013-08-19 10:41:46 +02:00
|
|
|
evdns_base_load_hosts(the_evdns_base,
|
2013-09-20 02:25:05 +02:00
|
|
|
sandbox_intern_string("/etc/hosts"));
|
2013-08-19 10:41:46 +02:00
|
|
|
}
|
2017-09-15 22:24:44 +02:00
|
|
|
#endif /* defined(DNS_OPTION_HOSTSFILE) && defined(USE_LIBSECCOMP) */
|
2006-08-28 05:15:50 +02:00
|
|
|
log_info(LD_EXIT, "Parsing resolver configuration in '%s'", conf_fname);
|
2013-08-19 10:41:46 +02:00
|
|
|
if ((r = evdns_base_resolv_conf_parse(the_evdns_base, flags,
|
|
|
|
sandbox_intern_string(conf_fname)))) {
|
2007-05-21 23:48:02 +02:00
|
|
|
log_warn(LD_EXIT, "Unable to parse '%s', or no nameservers in '%s' (%d)",
|
|
|
|
conf_fname, conf_fname, r);
|
2008-12-10 21:45:31 +01:00
|
|
|
goto err;
|
2006-12-19 20:49:03 +01:00
|
|
|
}
|
2009-10-13 23:54:04 +02:00
|
|
|
if (evdns_base_count_nameservers(the_evdns_base) == 0) {
|
2006-08-28 05:15:50 +02:00
|
|
|
log_warn(LD_EXIT, "Unable to find any nameservers in '%s'.", conf_fname);
|
2008-12-10 21:45:31 +01:00
|
|
|
goto err;
|
2006-08-14 23:44:34 +02:00
|
|
|
}
|
2006-08-28 05:15:55 +02:00
|
|
|
tor_free(resolv_conf_fname);
|
2006-08-28 22:50:47 +02:00
|
|
|
resolv_conf_fname = tor_strdup(conf_fname);
|
2006-08-28 05:15:55 +02:00
|
|
|
resolv_conf_mtime = st.st_mtime;
|
|
|
|
if (nameservers_configured)
|
2009-10-13 23:54:04 +02:00
|
|
|
evdns_base_resume(the_evdns_base);
|
2006-08-28 05:15:50 +02:00
|
|
|
}
|
2012-01-31 16:59:42 +01:00
|
|
|
#ifdef _WIN32
|
2006-08-28 05:15:50 +02:00
|
|
|
else {
|
2006-08-28 05:15:55 +02:00
|
|
|
if (nameservers_configured) {
|
2009-10-13 23:54:04 +02:00
|
|
|
evdns_base_search_clear(the_evdns_base);
|
|
|
|
evdns_base_clear_nameservers_and_suspend(the_evdns_base);
|
2006-08-28 05:15:55 +02:00
|
|
|
}
|
2009-10-13 23:54:04 +02:00
|
|
|
if (evdns_base_config_windows_nameservers(the_evdns_base)) {
|
2006-09-07 06:02:52 +02:00
|
|
|
log_warn(LD_EXIT,"Could not config nameservers.");
|
2008-12-10 21:45:31 +01:00
|
|
|
goto err;
|
2006-09-07 06:02:52 +02:00
|
|
|
}
|
2009-10-13 23:54:04 +02:00
|
|
|
if (evdns_base_count_nameservers(the_evdns_base) == 0) {
|
2006-08-27 03:41:08 +02:00
|
|
|
log_warn(LD_EXIT, "Unable to find any platform nameservers in "
|
2008-12-10 21:45:31 +01:00
|
|
|
"your Windows configuration.");
|
|
|
|
goto err;
|
2006-08-14 23:44:34 +02:00
|
|
|
}
|
2006-08-28 05:15:55 +02:00
|
|
|
if (nameservers_configured)
|
2009-10-13 23:54:04 +02:00
|
|
|
evdns_base_resume(the_evdns_base);
|
2006-08-28 05:15:55 +02:00
|
|
|
tor_free(resolv_conf_fname);
|
|
|
|
resolv_conf_mtime = 0;
|
2006-08-04 20:24:41 +02:00
|
|
|
}
|
2017-09-15 22:24:44 +02:00
|
|
|
#endif /* defined(_WIN32) */
|
2006-08-28 05:15:50 +02:00
|
|
|
|
2016-07-03 19:42:36 +02:00
|
|
|
#define SET(k,v) evdns_base_set_option(the_evdns_base, (k), (v))
|
2009-10-13 23:54:04 +02:00
|
|
|
|
2017-11-03 03:06:12 +01:00
|
|
|
// If we only have one nameserver, it does not make sense to back off
|
|
|
|
// from it for a timeout. Unfortunately, the value for max-timeouts is
|
|
|
|
// currently clamped by libevent to 255, but it does not hurt to set
|
2018-04-01 07:01:51 +02:00
|
|
|
// it higher in case libevent gets a patch for this. Higher-than-
|
|
|
|
// default maximum of 3 with multiple nameservers to avoid spuriously
|
|
|
|
// marking one down on bursts of timeouts resulting from scans/attacks
|
|
|
|
// against non-responding authoritative DNS servers.
|
2009-10-13 23:54:04 +02:00
|
|
|
if (evdns_base_count_nameservers(the_evdns_base) == 1) {
|
2017-11-03 03:06:12 +01:00
|
|
|
SET("max-timeouts:", "1000000");
|
2006-12-28 22:29:37 +01:00
|
|
|
} else {
|
2018-04-01 07:01:51 +02:00
|
|
|
SET("max-timeouts:", "10");
|
2006-12-28 22:29:37 +01:00
|
|
|
}
|
|
|
|
|
2017-11-03 03:06:12 +01:00
|
|
|
// Elongate the queue of maximum inflight dns requests, so if a bunch
|
2018-04-01 07:01:51 +02:00
|
|
|
// remain pending at the resolver (happens commonly with Unbound) we won't
|
2017-11-03 03:06:12 +01:00
|
|
|
// stall every other DNS request. This potentially means some wasted
|
|
|
|
// CPU as there's a walk over a linear queue involved, but this is a
|
|
|
|
// much better tradeoff compared to just failing DNS requests because
|
|
|
|
// of a full queue.
|
|
|
|
SET("max-inflight:", "8192");
|
|
|
|
|
2018-04-01 07:01:51 +02:00
|
|
|
// Two retries at 5 and 10 seconds for bind9/named which relies on
|
|
|
|
// clients to handle retries. Second retry for retried circuits with
|
|
|
|
// extended 15 second timeout. Superfluous with local-system Unbound
|
|
|
|
// instance--has its own elaborate retry scheme.
|
2017-11-03 03:06:12 +01:00
|
|
|
SET("timeout:", "5");
|
2018-04-01 07:01:51 +02:00
|
|
|
SET("attempts:","3");
|
2017-11-03 03:06:12 +01:00
|
|
|
|
2009-10-13 23:54:04 +02:00
|
|
|
if (options->ServerDNSRandomizeCase)
|
|
|
|
SET("randomize-case:", "1");
|
|
|
|
else
|
|
|
|
SET("randomize-case:", "0");
|
|
|
|
|
|
|
|
#undef SET
|
|
|
|
|
2006-12-28 22:29:20 +01:00
|
|
|
dns_servers_relaunch_checks();
|
|
|
|
|
2006-08-04 20:24:41 +02:00
|
|
|
nameservers_configured = 1;
|
2008-12-10 21:45:31 +01:00
|
|
|
if (nameserver_config_failed) {
|
|
|
|
nameserver_config_failed = 0;
|
2011-05-20 05:36:20 +02:00
|
|
|
/* XXX the three calls to republish the descriptor might be producing
|
|
|
|
* descriptors that are only cosmetically different, especially on
|
|
|
|
* non-exit relays! -RD */
|
|
|
|
mark_my_descriptor_dirty("dns resolvers back");
|
2008-12-10 21:45:31 +01:00
|
|
|
}
|
2006-08-15 06:50:17 +02:00
|
|
|
return 0;
|
2008-12-10 21:45:31 +01:00
|
|
|
err:
|
|
|
|
nameservers_configured = 0;
|
|
|
|
if (! nameserver_config_failed) {
|
|
|
|
nameserver_config_failed = 1;
|
2011-05-20 05:36:20 +02:00
|
|
|
mark_my_descriptor_dirty("dns resolvers failed");
|
2008-12-10 21:45:31 +01:00
|
|
|
}
|
|
|
|
return -1;
|
2006-08-04 20:24:41 +02:00
|
|
|
}
|
2006-08-27 03:41:08 +02:00
|
|
|
|
2006-08-28 05:16:02 +02:00
|
|
|
/** For eventdns: Called when we get an answer for a request we launched.
|
|
|
|
* See eventdns.h for arguments; 'arg' holds the address we tried to resolve.
|
|
|
|
*/
|
2006-06-03 22:52:24 +02:00
|
|
|
static void
|
2006-09-24 19:52:23 +02:00
|
|
|
evdns_callback(int result, char type, int count, int ttl, void *addresses,
|
2006-12-28 22:29:11 +01:00
|
|
|
void *arg)
|
2006-06-03 22:52:24 +02:00
|
|
|
{
|
Revise the DNS subsystem to handle IPv6 exits.
Now, every cached_resolve_t can remember an IPv4 result *and* an IPv6
result. As a light protection against timing-based distinguishers for
IPv6 users (and against complexity!), every forward request generates
an IPv4 *and* an IPv6 request, assuming that we're an IPv6 exit. Once
we have answers or errors for both, we act accordingly.
This patch additionally makes some useful refactorings in the dns.c
code, though there is quite a bit more of useful refactoring that could
be done.
Additionally, have a new interface for the argument passed to the
evdns_callback function. Previously, it was just the original address
we were resolving. But it turns out that, on error, evdns doesn't
tell you the type of the query, so on a failure we didn't know whether
IPv4 or IPv6 queries were failing.
The new convention is to have the first byte of that argument include
the query type. I've refactored the code a bit to make that simpler.
2012-11-05 19:26:29 +01:00
|
|
|
char *arg_ = arg;
|
|
|
|
uint8_t orig_query_type = arg_[0];
|
|
|
|
char *string_address = arg_ + 1;
|
2012-10-27 22:34:49 +02:00
|
|
|
tor_addr_t addr;
|
2006-09-21 23:48:06 +02:00
|
|
|
const char *hostname = NULL;
|
2006-12-28 22:29:11 +01:00
|
|
|
int was_wildcarded = 0;
|
2006-09-21 23:48:06 +02:00
|
|
|
|
2012-11-15 18:17:36 +01:00
|
|
|
tor_addr_make_unspec(&addr);
|
2012-10-27 22:34:49 +02:00
|
|
|
|
|
|
|
/* Keep track of whether IPv6 is working */
|
|
|
|
if (type == DNS_IPv6_AAAA) {
|
|
|
|
if (result == DNS_ERR_TIMEOUT) {
|
|
|
|
++n_ipv6_timeouts;
|
|
|
|
}
|
|
|
|
|
|
|
|
if (n_ipv6_timeouts > 10 &&
|
|
|
|
n_ipv6_timeouts > n_ipv6_requests_made / 2) {
|
|
|
|
if (! dns_is_broken_for_ipv6) {
|
|
|
|
log_notice(LD_EXIT, "More than half of our IPv6 requests seem to "
|
|
|
|
"have timed out. I'm going to assume I can't get AAAA "
|
|
|
|
"responses.");
|
|
|
|
dns_is_broken_for_ipv6 = 1;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2006-06-03 22:52:24 +02:00
|
|
|
if (result == DNS_ERR_NONE) {
|
|
|
|
if (type == DNS_IPv4_A && count) {
|
2006-06-06 01:01:22 +02:00
|
|
|
char answer_buf[INET_NTOA_BUF_LEN+1];
|
2006-09-21 23:48:11 +02:00
|
|
|
char *escaped_address;
|
2006-06-03 22:52:24 +02:00
|
|
|
uint32_t *addrs = addresses;
|
2012-10-27 22:34:49 +02:00
|
|
|
tor_addr_from_ipv4n(&addr, addrs[0]);
|
|
|
|
|
|
|
|
tor_addr_to_str(answer_buf, &addr, sizeof(answer_buf), 0);
|
2006-09-21 23:48:11 +02:00
|
|
|
escaped_address = esc_for_log(string_address);
|
2006-09-21 23:48:22 +02:00
|
|
|
|
|
|
|
if (answer_is_wildcarded(answer_buf)) {
|
|
|
|
log_debug(LD_EXIT, "eventdns said that %s resolves to ISP-hijacked "
|
|
|
|
"address %s; treating as a failure.",
|
|
|
|
safe_str(escaped_address),
|
|
|
|
escaped_safe_str(answer_buf));
|
2006-12-28 22:29:11 +01:00
|
|
|
was_wildcarded = 1;
|
2012-11-15 18:17:36 +01:00
|
|
|
tor_addr_make_unspec(&addr);
|
2012-11-14 16:14:23 +01:00
|
|
|
result = DNS_ERR_NOTEXIST;
|
2006-09-21 23:48:22 +02:00
|
|
|
} else {
|
|
|
|
log_debug(LD_EXIT, "eventdns said that %s resolves to %s",
|
|
|
|
safe_str(escaped_address),
|
|
|
|
escaped_safe_str(answer_buf));
|
|
|
|
}
|
2006-09-21 23:48:11 +02:00
|
|
|
tor_free(escaped_address);
|
2012-10-27 22:34:49 +02:00
|
|
|
} else if (type == DNS_IPv6_AAAA && count) {
|
|
|
|
char answer_buf[TOR_ADDR_BUF_LEN];
|
|
|
|
char *escaped_address;
|
|
|
|
struct in6_addr *addrs = addresses;
|
|
|
|
tor_addr_from_in6(&addr, &addrs[0]);
|
|
|
|
tor_inet_ntop(AF_INET6, &addrs[0], answer_buf, sizeof(answer_buf));
|
|
|
|
escaped_address = esc_for_log(string_address);
|
|
|
|
|
|
|
|
if (answer_is_wildcarded(answer_buf)) {
|
|
|
|
log_debug(LD_EXIT, "eventdns said that %s resolves to ISP-hijacked "
|
|
|
|
"address %s; treating as a failure.",
|
|
|
|
safe_str(escaped_address),
|
|
|
|
escaped_safe_str(answer_buf));
|
|
|
|
was_wildcarded = 1;
|
2012-11-15 18:17:36 +01:00
|
|
|
tor_addr_make_unspec(&addr);
|
2012-11-14 16:14:23 +01:00
|
|
|
result = DNS_ERR_NOTEXIST;
|
2012-10-27 22:34:49 +02:00
|
|
|
} else {
|
|
|
|
log_debug(LD_EXIT, "eventdns said that %s resolves to %s",
|
|
|
|
safe_str(escaped_address),
|
|
|
|
escaped_safe_str(answer_buf));
|
|
|
|
}
|
|
|
|
tor_free(escaped_address);
|
2006-09-21 23:48:06 +02:00
|
|
|
} else if (type == DNS_PTR && count) {
|
2006-09-21 23:48:11 +02:00
|
|
|
char *escaped_address;
|
2006-09-21 23:48:06 +02:00
|
|
|
hostname = ((char**)addresses)[0];
|
2006-09-21 23:48:11 +02:00
|
|
|
escaped_address = esc_for_log(string_address);
|
2006-09-21 23:48:06 +02:00
|
|
|
log_debug(LD_EXIT, "eventdns said that %s resolves to %s",
|
2006-09-21 23:48:11 +02:00
|
|
|
safe_str(escaped_address),
|
|
|
|
escaped_safe_str(hostname));
|
|
|
|
tor_free(escaped_address);
|
2006-06-03 22:52:24 +02:00
|
|
|
} else if (count) {
|
2017-11-16 15:30:19 +01:00
|
|
|
log_info(LD_EXIT, "eventdns returned only unrecognized answer types "
|
|
|
|
" for %s.",
|
2006-06-03 22:52:24 +02:00
|
|
|
escaped_safe_str(string_address));
|
|
|
|
} else {
|
2017-11-16 15:30:19 +01:00
|
|
|
log_info(LD_EXIT, "eventdns returned no addresses or error for %s.",
|
2006-06-03 22:52:24 +02:00
|
|
|
escaped_safe_str(string_address));
|
|
|
|
}
|
|
|
|
}
|
2006-12-28 22:29:11 +01:00
|
|
|
if (was_wildcarded) {
|
2007-01-11 15:13:13 +01:00
|
|
|
if (is_test_address(string_address)) {
|
2006-12-28 22:29:11 +01:00
|
|
|
/* Ick. We're getting redirected on known-good addresses. Our DNS
|
|
|
|
* server must really hate us. */
|
2007-01-11 15:13:13 +01:00
|
|
|
add_wildcarded_test_address(string_address);
|
2006-12-28 22:29:11 +01:00
|
|
|
}
|
|
|
|
}
|
Revise the DNS subsystem to handle IPv6 exits.
Now, every cached_resolve_t can remember an IPv4 result *and* an IPv6
result. As a light protection against timing-based distinguishers for
IPv6 users (and against complexity!), every forward request generates
an IPv4 *and* an IPv6 request, assuming that we're an IPv6 exit. Once
we have answers or errors for both, we act accordingly.
This patch additionally makes some useful refactorings in the dns.c
code, though there is quite a bit more of useful refactoring that could
be done.
Additionally, have a new interface for the argument passed to the
evdns_callback function. Previously, it was just the original address
we were resolving. But it turns out that, on error, evdns doesn't
tell you the type of the query, so on a failure we didn't know whether
IPv4 or IPv6 queries were failing.
The new convention is to have the first byte of that argument include
the query type. I've refactored the code a bit to make that simpler.
2012-11-05 19:26:29 +01:00
|
|
|
|
|
|
|
if (orig_query_type && type && orig_query_type != type) {
|
|
|
|
log_warn(LD_BUG, "Weird; orig_query_type == %d but type == %d",
|
|
|
|
(int)orig_query_type, (int)type);
|
|
|
|
}
|
2006-09-25 22:38:58 +02:00
|
|
|
if (result != DNS_ERR_SHUTDOWN)
|
Revise the DNS subsystem to handle IPv6 exits.
Now, every cached_resolve_t can remember an IPv4 result *and* an IPv6
result. As a light protection against timing-based distinguishers for
IPv6 users (and against complexity!), every forward request generates
an IPv4 *and* an IPv6 request, assuming that we're an IPv6 exit. Once
we have answers or errors for both, we act accordingly.
This patch additionally makes some useful refactorings in the dns.c
code, though there is quite a bit more of useful refactoring that could
be done.
Additionally, have a new interface for the argument passed to the
evdns_callback function. Previously, it was just the original address
we were resolving. But it turns out that, on error, evdns doesn't
tell you the type of the query, so on a failure we didn't know whether
IPv4 or IPv6 queries were failing.
The new convention is to have the first byte of that argument include
the query type. I've refactored the code a bit to make that simpler.
2012-11-05 19:26:29 +01:00
|
|
|
dns_found_answer(string_address, orig_query_type,
|
|
|
|
result, &addr, hostname, ttl);
|
|
|
|
|
|
|
|
tor_free(arg_);
|
|
|
|
}
|
|
|
|
|
2012-11-14 21:20:28 +01:00
|
|
|
/** Start a single DNS resolve for <b>address</b> (if <b>query_type</b> is
|
|
|
|
* DNS_IPv4_A or DNS_IPv6_AAAA) <b>ptr_address</b> (if <b>query_type</b> is
|
|
|
|
* DNS_PTR). Return 0 if we launched the request, -1 otherwise. */
|
Revise the DNS subsystem to handle IPv6 exits.
Now, every cached_resolve_t can remember an IPv4 result *and* an IPv6
result. As a light protection against timing-based distinguishers for
IPv6 users (and against complexity!), every forward request generates
an IPv4 *and* an IPv6 request, assuming that we're an IPv6 exit. Once
we have answers or errors for both, we act accordingly.
This patch additionally makes some useful refactorings in the dns.c
code, though there is quite a bit more of useful refactoring that could
be done.
Additionally, have a new interface for the argument passed to the
evdns_callback function. Previously, it was just the original address
we were resolving. But it turns out that, on error, evdns doesn't
tell you the type of the query, so on a failure we didn't know whether
IPv4 or IPv6 queries were failing.
The new convention is to have the first byte of that argument include
the query type. I've refactored the code a bit to make that simpler.
2012-11-05 19:26:29 +01:00
|
|
|
static int
|
|
|
|
launch_one_resolve(const char *address, uint8_t query_type,
|
|
|
|
const tor_addr_t *ptr_address)
|
|
|
|
{
|
|
|
|
const int options = get_options()->ServerDNSSearchDomains ? 0
|
|
|
|
: DNS_QUERY_NO_SEARCH;
|
|
|
|
const size_t addr_len = strlen(address);
|
|
|
|
struct evdns_request *req = 0;
|
|
|
|
char *addr = tor_malloc(addr_len + 2);
|
|
|
|
addr[0] = (char) query_type;
|
|
|
|
memcpy(addr+1, address, addr_len + 1);
|
|
|
|
|
|
|
|
switch (query_type) {
|
|
|
|
case DNS_IPv4_A:
|
|
|
|
req = evdns_base_resolve_ipv4(the_evdns_base,
|
|
|
|
address, options, evdns_callback, addr);
|
|
|
|
break;
|
|
|
|
case DNS_IPv6_AAAA:
|
|
|
|
req = evdns_base_resolve_ipv6(the_evdns_base,
|
|
|
|
address, options, evdns_callback, addr);
|
|
|
|
++n_ipv6_requests_made;
|
|
|
|
break;
|
|
|
|
case DNS_PTR:
|
|
|
|
if (tor_addr_family(ptr_address) == AF_INET)
|
|
|
|
req = evdns_base_resolve_reverse(the_evdns_base,
|
|
|
|
tor_addr_to_in(ptr_address),
|
|
|
|
DNS_QUERY_NO_SEARCH,
|
|
|
|
evdns_callback, addr);
|
|
|
|
else if (tor_addr_family(ptr_address) == AF_INET6)
|
|
|
|
req = evdns_base_resolve_reverse_ipv6(the_evdns_base,
|
|
|
|
tor_addr_to_in6(ptr_address),
|
|
|
|
DNS_QUERY_NO_SEARCH,
|
|
|
|
evdns_callback, addr);
|
|
|
|
else
|
|
|
|
log_warn(LD_BUG, "Called with PTR query and unexpected address family");
|
|
|
|
break;
|
|
|
|
default:
|
|
|
|
log_warn(LD_BUG, "Called with unexpectd query type %d", (int)query_type);
|
|
|
|
break;
|
|
|
|
}
|
|
|
|
|
|
|
|
if (req) {
|
|
|
|
return 0;
|
|
|
|
} else {
|
|
|
|
tor_free(addr);
|
|
|
|
return -1;
|
|
|
|
}
|
2006-06-03 22:52:24 +02:00
|
|
|
}
|
2005-06-09 21:03:31 +02:00
|
|
|
|
2006-08-28 05:16:02 +02:00
|
|
|
/** For eventdns: start resolving as necessary to find the target for
|
2007-05-25 21:41:31 +02:00
|
|
|
* <b>exitconn</b>. Returns -1 on error, -2 on transient error,
|
2007-04-09 23:34:13 +02:00
|
|
|
* 0 on "resolve launched." */
|
2015-10-21 21:24:00 +02:00
|
|
|
MOCK_IMPL(STATIC int,
|
|
|
|
launch_resolve,(cached_resolve_t *resolve))
|
2006-06-03 22:52:24 +02:00
|
|
|
{
|
2008-12-19 19:52:00 +01:00
|
|
|
tor_addr_t a;
|
2006-06-06 01:01:22 +02:00
|
|
|
int r;
|
2011-11-29 23:46:54 +01:00
|
|
|
|
2017-09-21 20:34:36 +02:00
|
|
|
if (net_is_disabled())
|
2011-11-29 23:46:54 +01:00
|
|
|
return -1;
|
|
|
|
|
2006-08-28 05:16:02 +02:00
|
|
|
/* What? Nameservers not configured? Sounds like a bug. */
|
|
|
|
if (!nameservers_configured) {
|
2007-03-04 21:11:46 +01:00
|
|
|
log_warn(LD_EXIT, "(Harmless.) Nameservers not configured, but resolve "
|
2006-08-28 05:16:02 +02:00
|
|
|
"launched. Configuring.");
|
2008-12-10 21:45:31 +01:00
|
|
|
if (configure_nameservers(1) < 0) {
|
2006-08-27 03:41:08 +02:00
|
|
|
return -1;
|
2008-12-10 21:45:31 +01:00
|
|
|
}
|
2006-08-28 05:16:02 +02:00
|
|
|
}
|
2006-09-21 23:48:06 +02:00
|
|
|
|
2011-10-11 17:47:13 +02:00
|
|
|
r = tor_addr_parse_PTR_name(
|
Revise the DNS subsystem to handle IPv6 exits.
Now, every cached_resolve_t can remember an IPv4 result *and* an IPv6
result. As a light protection against timing-based distinguishers for
IPv6 users (and against complexity!), every forward request generates
an IPv4 *and* an IPv6 request, assuming that we're an IPv6 exit. Once
we have answers or errors for both, we act accordingly.
This patch additionally makes some useful refactorings in the dns.c
code, though there is quite a bit more of useful refactoring that could
be done.
Additionally, have a new interface for the argument passed to the
evdns_callback function. Previously, it was just the original address
we were resolving. But it turns out that, on error, evdns doesn't
tell you the type of the query, so on a failure we didn't know whether
IPv4 or IPv6 queries were failing.
The new convention is to have the first byte of that argument include
the query type. I've refactored the code a bit to make that simpler.
2012-11-05 19:26:29 +01:00
|
|
|
&a, resolve->address, AF_UNSPEC, 0);
|
2010-04-03 12:13:25 +02:00
|
|
|
|
|
|
|
tor_assert(the_evdns_base);
|
2006-09-21 23:48:06 +02:00
|
|
|
if (r == 0) {
|
|
|
|
log_info(LD_EXIT, "Launching eventdns request for %s",
|
Revise the DNS subsystem to handle IPv6 exits.
Now, every cached_resolve_t can remember an IPv4 result *and* an IPv6
result. As a light protection against timing-based distinguishers for
IPv6 users (and against complexity!), every forward request generates
an IPv4 *and* an IPv6 request, assuming that we're an IPv6 exit. Once
we have answers or errors for both, we act accordingly.
This patch additionally makes some useful refactorings in the dns.c
code, though there is quite a bit more of useful refactoring that could
be done.
Additionally, have a new interface for the argument passed to the
evdns_callback function. Previously, it was just the original address
we were resolving. But it turns out that, on error, evdns doesn't
tell you the type of the query, so on a failure we didn't know whether
IPv4 or IPv6 queries were failing.
The new convention is to have the first byte of that argument include
the query type. I've refactored the code a bit to make that simpler.
2012-11-05 19:26:29 +01:00
|
|
|
escaped_safe_str(resolve->address));
|
|
|
|
resolve->res_status_ipv4 = RES_STATUS_INFLIGHT;
|
|
|
|
if (get_options()->IPv6Exit)
|
|
|
|
resolve->res_status_ipv6 = RES_STATUS_INFLIGHT;
|
|
|
|
|
|
|
|
if (launch_one_resolve(resolve->address, DNS_IPv4_A, NULL) < 0) {
|
|
|
|
resolve->res_status_ipv4 = 0;
|
|
|
|
r = -1;
|
|
|
|
}
|
|
|
|
|
|
|
|
if (r==0 && get_options()->IPv6Exit) {
|
|
|
|
/* We ask for an IPv6 address for *everything*. */
|
|
|
|
if (launch_one_resolve(resolve->address, DNS_IPv6_AAAA, NULL) < 0) {
|
|
|
|
resolve->res_status_ipv6 = 0;
|
|
|
|
r = -1;
|
|
|
|
}
|
|
|
|
}
|
2006-09-21 23:48:06 +02:00
|
|
|
} else if (r == 1) {
|
Revise the DNS subsystem to handle IPv6 exits.
Now, every cached_resolve_t can remember an IPv4 result *and* an IPv6
result. As a light protection against timing-based distinguishers for
IPv6 users (and against complexity!), every forward request generates
an IPv4 *and* an IPv6 request, assuming that we're an IPv6 exit. Once
we have answers or errors for both, we act accordingly.
This patch additionally makes some useful refactorings in the dns.c
code, though there is quite a bit more of useful refactoring that could
be done.
Additionally, have a new interface for the argument passed to the
evdns_callback function. Previously, it was just the original address
we were resolving. But it turns out that, on error, evdns doesn't
tell you the type of the query, so on a failure we didn't know whether
IPv4 or IPv6 queries were failing.
The new convention is to have the first byte of that argument include
the query type. I've refactored the code a bit to make that simpler.
2012-11-05 19:26:29 +01:00
|
|
|
r = 0;
|
2006-09-21 23:48:06 +02:00
|
|
|
log_info(LD_EXIT, "Launching eventdns reverse request for %s",
|
Revise the DNS subsystem to handle IPv6 exits.
Now, every cached_resolve_t can remember an IPv4 result *and* an IPv6
result. As a light protection against timing-based distinguishers for
IPv6 users (and against complexity!), every forward request generates
an IPv4 *and* an IPv6 request, assuming that we're an IPv6 exit. Once
we have answers or errors for both, we act accordingly.
This patch additionally makes some useful refactorings in the dns.c
code, though there is quite a bit more of useful refactoring that could
be done.
Additionally, have a new interface for the argument passed to the
evdns_callback function. Previously, it was just the original address
we were resolving. But it turns out that, on error, evdns doesn't
tell you the type of the query, so on a failure we didn't know whether
IPv4 or IPv6 queries were failing.
The new convention is to have the first byte of that argument include
the query type. I've refactored the code a bit to make that simpler.
2012-11-05 19:26:29 +01:00
|
|
|
escaped_safe_str(resolve->address));
|
|
|
|
resolve->res_status_hostname = RES_STATUS_INFLIGHT;
|
|
|
|
if (launch_one_resolve(resolve->address, DNS_PTR, &a) < 0) {
|
|
|
|
resolve->res_status_hostname = 0;
|
|
|
|
r = -1;
|
|
|
|
}
|
2006-09-21 23:48:06 +02:00
|
|
|
} else if (r == -1) {
|
|
|
|
log_warn(LD_BUG, "Somehow a malformed in-addr.arpa address reached here.");
|
|
|
|
}
|
|
|
|
|
Revise the DNS subsystem to handle IPv6 exits.
Now, every cached_resolve_t can remember an IPv4 result *and* an IPv6
result. As a light protection against timing-based distinguishers for
IPv6 users (and against complexity!), every forward request generates
an IPv4 *and* an IPv6 request, assuming that we're an IPv6 exit. Once
we have answers or errors for both, we act accordingly.
This patch additionally makes some useful refactorings in the dns.c
code, though there is quite a bit more of useful refactoring that could
be done.
Additionally, have a new interface for the argument passed to the
evdns_callback function. Previously, it was just the original address
we were resolving. But it turns out that, on error, evdns doesn't
tell you the type of the query, so on a failure we didn't know whether
IPv4 or IPv6 queries were failing.
The new convention is to have the first byte of that argument include
the query type. I've refactored the code a bit to make that simpler.
2012-11-05 19:26:29 +01:00
|
|
|
if (r < 0) {
|
2012-06-07 19:03:39 +02:00
|
|
|
log_fn(LOG_PROTOCOL_WARN, LD_EXIT, "eventdns rejected address %s.",
|
Revise the DNS subsystem to handle IPv6 exits.
Now, every cached_resolve_t can remember an IPv4 result *and* an IPv6
result. As a light protection against timing-based distinguishers for
IPv6 users (and against complexity!), every forward request generates
an IPv4 *and* an IPv6 request, assuming that we're an IPv6 exit. Once
we have answers or errors for both, we act accordingly.
This patch additionally makes some useful refactorings in the dns.c
code, though there is quite a bit more of useful refactoring that could
be done.
Additionally, have a new interface for the argument passed to the
evdns_callback function. Previously, it was just the original address
we were resolving. But it turns out that, on error, evdns doesn't
tell you the type of the query, so on a failure we didn't know whether
IPv4 or IPv6 queries were failing.
The new convention is to have the first byte of that argument include
the query type. I've refactored the code a bit to make that simpler.
2012-11-05 19:26:29 +01:00
|
|
|
escaped_safe_str(resolve->address));
|
2006-06-03 22:52:24 +02:00
|
|
|
}
|
2007-04-09 23:34:13 +02:00
|
|
|
return r;
|
2006-06-03 22:52:24 +02:00
|
|
|
}
|
2006-09-21 23:48:22 +02:00
|
|
|
|
2006-09-22 22:20:26 +02:00
|
|
|
/** How many requests for bogus addresses have we launched so far? */
|
|
|
|
static int n_wildcard_requests = 0;
|
|
|
|
|
|
|
|
/** Map from dotted-quad IP address in response to an int holding how many
|
|
|
|
* times we've seen it for a randomly generated (hopefully bogus) address. It
|
|
|
|
* would be easier to use definitely-invalid addresses (as specified by
|
|
|
|
* RFC2606), but see comment in dns_launch_wildcard_checks(). */
|
|
|
|
static strmap_t *dns_wildcard_response_count = NULL;
|
|
|
|
|
|
|
|
/** If present, a list of dotted-quad IP addresses that we are pretty sure our
|
|
|
|
* nameserver wants to return in response to requests for nonexistent domains.
|
2006-09-21 23:48:22 +02:00
|
|
|
*/
|
|
|
|
static smartlist_t *dns_wildcard_list = NULL;
|
2007-01-24 01:20:49 +01:00
|
|
|
/** True iff we've logged about a single address getting wildcarded.
|
|
|
|
* Subsequent warnings will be less severe. */
|
2006-12-28 22:29:11 +01:00
|
|
|
static int dns_wildcard_one_notice_given = 0;
|
2007-01-24 01:20:49 +01:00
|
|
|
/** True iff we've warned that our DNS server is wildcarding too many failures.
|
|
|
|
*/
|
2006-12-28 22:29:11 +01:00
|
|
|
static int dns_wildcard_notice_given = 0;
|
|
|
|
|
2007-01-24 01:20:49 +01:00
|
|
|
/** List of supposedly good addresses that are getting wildcarded to the
|
|
|
|
* same addresses as nonexistent addresses. */
|
2006-12-28 22:29:11 +01:00
|
|
|
static smartlist_t *dns_wildcarded_test_address_list = NULL;
|
2007-01-24 01:20:49 +01:00
|
|
|
/** True iff we've warned about a test address getting wildcarded */
|
2006-12-28 22:29:11 +01:00
|
|
|
static int dns_wildcarded_test_address_notice_given = 0;
|
2007-01-24 01:20:49 +01:00
|
|
|
/** True iff all addresses seem to be getting wildcarded. */
|
2006-12-28 22:29:11 +01:00
|
|
|
static int dns_is_completely_invalid = 0;
|
2006-09-21 23:48:22 +02:00
|
|
|
|
2012-10-27 22:07:25 +02:00
|
|
|
/** Called when we see <b>id</b> (a dotted quad or IPv6 address) in response
|
|
|
|
* to a request for a hopefully bogus address. */
|
2006-09-22 22:20:26 +02:00
|
|
|
static void
|
|
|
|
wildcard_increment_answer(const char *id)
|
|
|
|
{
|
|
|
|
int *ip;
|
|
|
|
if (!dns_wildcard_response_count)
|
|
|
|
dns_wildcard_response_count = strmap_new();
|
|
|
|
|
|
|
|
ip = strmap_get(dns_wildcard_response_count, id); // may be null (0)
|
|
|
|
if (!ip) {
|
|
|
|
ip = tor_malloc_zero(sizeof(int));
|
|
|
|
strmap_set(dns_wildcard_response_count, id, ip);
|
|
|
|
}
|
|
|
|
++*ip;
|
|
|
|
|
|
|
|
if (*ip > 5 && n_wildcard_requests > 10) {
|
2012-01-18 21:53:30 +01:00
|
|
|
if (!dns_wildcard_list) dns_wildcard_list = smartlist_new();
|
2012-04-11 18:50:50 +02:00
|
|
|
if (!smartlist_contains_string(dns_wildcard_list, id)) {
|
2013-02-01 21:43:37 +01:00
|
|
|
tor_log(dns_wildcard_notice_given ? LOG_INFO : LOG_NOTICE, LD_EXIT,
|
2006-09-22 22:20:26 +02:00
|
|
|
"Your DNS provider has given \"%s\" as an answer for %d different "
|
|
|
|
"invalid addresses. Apparently they are hijacking DNS failures. "
|
2006-10-21 04:51:35 +02:00
|
|
|
"I'll try to correct for this by treating future occurrences of "
|
2006-09-22 22:20:26 +02:00
|
|
|
"\"%s\" as 'not found'.", id, *ip, id);
|
2016-10-27 11:26:06 +02:00
|
|
|
smartlist_add_strdup(dns_wildcard_list, id);
|
2006-09-22 22:20:26 +02:00
|
|
|
}
|
2007-01-06 08:34:07 +01:00
|
|
|
if (!dns_wildcard_notice_given)
|
|
|
|
control_event_server_status(LOG_NOTICE, "DNS_HIJACKED");
|
2006-12-28 22:29:11 +01:00
|
|
|
dns_wildcard_notice_given = 1;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2007-01-24 01:20:49 +01:00
|
|
|
/** Note that a single test address (one believed to be good) seems to be
|
|
|
|
* getting redirected to the same IP as failures are. */
|
2006-12-28 22:29:11 +01:00
|
|
|
static void
|
|
|
|
add_wildcarded_test_address(const char *address)
|
|
|
|
{
|
2007-01-11 15:13:13 +01:00
|
|
|
int n, n_test_addrs;
|
2006-12-28 22:29:11 +01:00
|
|
|
if (!dns_wildcarded_test_address_list)
|
2012-01-18 21:53:30 +01:00
|
|
|
dns_wildcarded_test_address_list = smartlist_new();
|
2006-12-28 22:29:11 +01:00
|
|
|
|
2012-04-11 18:59:57 +02:00
|
|
|
if (smartlist_contains_string_case(dns_wildcarded_test_address_list,
|
|
|
|
address))
|
2006-12-28 22:29:11 +01:00
|
|
|
return;
|
|
|
|
|
2007-01-11 15:13:13 +01:00
|
|
|
n_test_addrs = get_options()->ServerDNSTestAddresses ?
|
|
|
|
smartlist_len(get_options()->ServerDNSTestAddresses) : 0;
|
|
|
|
|
2016-10-27 11:26:06 +02:00
|
|
|
smartlist_add_strdup(dns_wildcarded_test_address_list, address);
|
2006-12-28 22:29:11 +01:00
|
|
|
n = smartlist_len(dns_wildcarded_test_address_list);
|
2007-01-11 15:13:13 +01:00
|
|
|
if (n > n_test_addrs/2) {
|
2013-02-01 21:43:37 +01:00
|
|
|
tor_log(dns_wildcarded_test_address_notice_given ? LOG_INFO : LOG_NOTICE,
|
2006-12-28 22:29:11 +01:00
|
|
|
LD_EXIT, "Your DNS provider tried to redirect \"%s\" to a junk "
|
|
|
|
"address. It has done this with %d test addresses so far. I'm "
|
|
|
|
"going to stop being an exit node for now, since our DNS seems so "
|
|
|
|
"broken.", address, n);
|
|
|
|
if (!dns_is_completely_invalid) {
|
|
|
|
dns_is_completely_invalid = 1;
|
2011-05-20 05:36:20 +02:00
|
|
|
mark_my_descriptor_dirty("dns hijacking confirmed");
|
2006-12-28 22:29:11 +01:00
|
|
|
}
|
2007-01-06 08:34:07 +01:00
|
|
|
if (!dns_wildcarded_test_address_notice_given)
|
|
|
|
control_event_server_status(LOG_WARN, "DNS_USELESS");
|
2006-12-28 22:29:11 +01:00
|
|
|
dns_wildcarded_test_address_notice_given = 1;
|
2006-09-22 22:20:26 +02:00
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2006-09-21 23:48:22 +02:00
|
|
|
/** Callback function when we get an answer (possibly failing) for a request
|
|
|
|
* for a (hopefully) nonexistent domain. */
|
|
|
|
static void
|
2006-09-24 19:52:23 +02:00
|
|
|
evdns_wildcard_check_callback(int result, char type, int count, int ttl,
|
2006-12-28 22:29:11 +01:00
|
|
|
void *addresses, void *arg)
|
2006-09-21 23:48:22 +02:00
|
|
|
{
|
2006-09-21 23:49:15 +02:00
|
|
|
(void)ttl;
|
2006-09-22 22:20:26 +02:00
|
|
|
++n_wildcard_requests;
|
2012-10-27 22:07:25 +02:00
|
|
|
if (result == DNS_ERR_NONE && count) {
|
2006-09-21 23:48:22 +02:00
|
|
|
char *string_address = arg;
|
2012-10-27 22:07:25 +02:00
|
|
|
int i;
|
|
|
|
if (type == DNS_IPv4_A) {
|
|
|
|
const uint32_t *addrs = addresses;
|
|
|
|
for (i = 0; i < count; ++i) {
|
|
|
|
char answer_buf[INET_NTOA_BUF_LEN+1];
|
|
|
|
struct in_addr in;
|
|
|
|
in.s_addr = addrs[i];
|
|
|
|
tor_inet_ntoa(&in, answer_buf, sizeof(answer_buf));
|
|
|
|
wildcard_increment_answer(answer_buf);
|
|
|
|
}
|
|
|
|
} else if (type == DNS_IPv6_AAAA) {
|
|
|
|
const struct in6_addr *addrs = addresses;
|
|
|
|
for (i = 0; i < count; ++i) {
|
|
|
|
char answer_buf[TOR_ADDR_BUF_LEN+1];
|
|
|
|
tor_inet_ntop(AF_INET6, &addrs[i], answer_buf, sizeof(answer_buf));
|
|
|
|
wildcard_increment_answer(answer_buf);
|
|
|
|
}
|
2006-09-21 23:48:22 +02:00
|
|
|
}
|
2012-10-27 22:07:25 +02:00
|
|
|
|
2013-02-01 21:43:37 +01:00
|
|
|
tor_log(dns_wildcard_one_notice_given ? LOG_INFO : LOG_NOTICE, LD_EXIT,
|
2006-09-21 23:48:22 +02:00
|
|
|
"Your DNS provider gave an answer for \"%s\", which "
|
2009-06-20 09:21:52 +02:00
|
|
|
"is not supposed to exist. Apparently they are hijacking "
|
|
|
|
"DNS failures. Trying to correct for this. We've noticed %d "
|
2008-10-16 19:13:28 +02:00
|
|
|
"possibly bad address%s so far.",
|
|
|
|
string_address, strmap_size(dns_wildcard_response_count),
|
|
|
|
(strmap_size(dns_wildcard_response_count) == 1) ? "" : "es");
|
2006-12-28 22:29:11 +01:00
|
|
|
dns_wildcard_one_notice_given = 1;
|
2006-09-21 23:48:22 +02:00
|
|
|
}
|
|
|
|
tor_free(arg);
|
|
|
|
}
|
|
|
|
|
2006-09-22 22:20:26 +02:00
|
|
|
/** Launch a single request for a nonexistent hostname consisting of between
|
|
|
|
* <b>min_len</b> and <b>max_len</b> random (plausible) characters followed by
|
|
|
|
* <b>suffix</b> */
|
2006-09-21 23:48:22 +02:00
|
|
|
static void
|
2012-10-27 22:07:25 +02:00
|
|
|
launch_wildcard_check(int min_len, int max_len, int is_ipv6,
|
|
|
|
const char *suffix)
|
2006-09-21 23:48:22 +02:00
|
|
|
{
|
2008-02-08 22:13:12 +01:00
|
|
|
char *addr;
|
2009-10-13 23:54:04 +02:00
|
|
|
struct evdns_request *req;
|
2006-09-21 23:48:22 +02:00
|
|
|
|
2008-02-08 22:13:12 +01:00
|
|
|
addr = crypto_random_hostname(min_len, max_len, "", suffix);
|
2007-07-05 16:50:05 +02:00
|
|
|
log_info(LD_EXIT, "Testing whether our DNS server is hijacking nonexistent "
|
2008-02-08 22:13:12 +01:00
|
|
|
"domains with request for bogus hostname \"%s\"", addr);
|
2007-07-05 16:50:05 +02:00
|
|
|
|
2010-04-03 12:13:25 +02:00
|
|
|
tor_assert(the_evdns_base);
|
2012-10-27 22:07:25 +02:00
|
|
|
if (is_ipv6)
|
|
|
|
req = evdns_base_resolve_ipv6(
|
|
|
|
the_evdns_base,
|
|
|
|
/* This "addr" tells us which address to resolve */
|
|
|
|
addr,
|
|
|
|
DNS_QUERY_NO_SEARCH, evdns_wildcard_check_callback,
|
|
|
|
/* This "addr" is an argument to the callback*/ addr);
|
|
|
|
else
|
|
|
|
req = evdns_base_resolve_ipv4(
|
2009-10-13 23:54:04 +02:00
|
|
|
the_evdns_base,
|
|
|
|
/* This "addr" tells us which address to resolve */
|
2008-02-16 00:39:08 +01:00
|
|
|
addr,
|
|
|
|
DNS_QUERY_NO_SEARCH, evdns_wildcard_check_callback,
|
|
|
|
/* This "addr" is an argument to the callback*/ addr);
|
2009-10-13 23:54:04 +02:00
|
|
|
if (!req) {
|
2008-02-16 00:39:08 +01:00
|
|
|
/* There is no evdns request in progress; stop addr from getting leaked */
|
2006-09-21 23:48:22 +02:00
|
|
|
tor_free(addr);
|
2008-02-16 00:39:08 +01:00
|
|
|
}
|
2006-09-21 23:48:22 +02:00
|
|
|
}
|
|
|
|
|
2007-01-24 01:20:49 +01:00
|
|
|
/** Launch attempts to resolve a bunch of known-good addresses (configured in
|
|
|
|
* ServerDNSTestAddresses). [Callback for a libevent timer] */
|
2006-12-28 22:29:11 +01:00
|
|
|
static void
|
2012-11-02 19:22:21 +01:00
|
|
|
launch_test_addresses(evutil_socket_t fd, short event, void *args)
|
2006-12-28 22:29:11 +01:00
|
|
|
{
|
2011-06-14 19:01:38 +02:00
|
|
|
const or_options_t *options = get_options();
|
2006-12-28 22:29:11 +01:00
|
|
|
(void)fd;
|
|
|
|
(void)event;
|
|
|
|
(void)args;
|
|
|
|
|
2017-09-21 20:34:36 +02:00
|
|
|
if (net_is_disabled())
|
2011-11-29 23:46:54 +01:00
|
|
|
return;
|
|
|
|
|
2006-12-28 22:29:11 +01:00
|
|
|
log_info(LD_EXIT, "Launching checks to see whether our nameservers like to "
|
|
|
|
"hijack *everything*.");
|
|
|
|
/* This situation is worse than the failure-hijacking situation. When this
|
|
|
|
* happens, we're no good for DNS requests at all, and we shouldn't really
|
|
|
|
* be an exit server.*/
|
2012-10-27 22:34:49 +02:00
|
|
|
if (options->ServerDNSTestAddresses) {
|
|
|
|
|
2012-11-01 03:43:56 +01:00
|
|
|
tor_assert(the_evdns_base);
|
|
|
|
SMARTLIST_FOREACH_BEGIN(options->ServerDNSTestAddresses,
|
|
|
|
const char *, address) {
|
Revise the DNS subsystem to handle IPv6 exits.
Now, every cached_resolve_t can remember an IPv4 result *and* an IPv6
result. As a light protection against timing-based distinguishers for
IPv6 users (and against complexity!), every forward request generates
an IPv4 *and* an IPv6 request, assuming that we're an IPv6 exit. Once
we have answers or errors for both, we act accordingly.
This patch additionally makes some useful refactorings in the dns.c
code, though there is quite a bit more of useful refactoring that could
be done.
Additionally, have a new interface for the argument passed to the
evdns_callback function. Previously, it was just the original address
we were resolving. But it turns out that, on error, evdns doesn't
tell you the type of the query, so on a failure we didn't know whether
IPv4 or IPv6 queries were failing.
The new convention is to have the first byte of that argument include
the query type. I've refactored the code a bit to make that simpler.
2012-11-05 19:26:29 +01:00
|
|
|
if (launch_one_resolve(address, DNS_IPv4_A, NULL) < 0) {
|
2012-11-01 03:43:56 +01:00
|
|
|
log_info(LD_EXIT, "eventdns rejected test address %s",
|
|
|
|
escaped_safe_str(address));
|
|
|
|
}
|
Revise the DNS subsystem to handle IPv6 exits.
Now, every cached_resolve_t can remember an IPv4 result *and* an IPv6
result. As a light protection against timing-based distinguishers for
IPv6 users (and against complexity!), every forward request generates
an IPv4 *and* an IPv6 request, assuming that we're an IPv6 exit. Once
we have answers or errors for both, we act accordingly.
This patch additionally makes some useful refactorings in the dns.c
code, though there is quite a bit more of useful refactoring that could
be done.
Additionally, have a new interface for the argument passed to the
evdns_callback function. Previously, it was just the original address
we were resolving. But it turns out that, on error, evdns doesn't
tell you the type of the query, so on a failure we didn't know whether
IPv4 or IPv6 queries were failing.
The new convention is to have the first byte of that argument include
the query type. I've refactored the code a bit to make that simpler.
2012-11-05 19:26:29 +01:00
|
|
|
|
|
|
|
if (launch_one_resolve(address, DNS_IPv6_AAAA, NULL) < 0) {
|
2012-11-01 03:43:56 +01:00
|
|
|
log_info(LD_EXIT, "eventdns rejected test address %s",
|
|
|
|
escaped_safe_str(address));
|
|
|
|
}
|
|
|
|
} SMARTLIST_FOREACH_END(address);
|
|
|
|
}
|
2006-12-28 22:29:11 +01:00
|
|
|
}
|
|
|
|
|
2006-09-21 23:48:22 +02:00
|
|
|
#define N_WILDCARD_CHECKS 2
|
|
|
|
|
2006-12-28 22:29:11 +01:00
|
|
|
/** Launch DNS requests for a few nonexistent hostnames and a few well-known
|
|
|
|
* hostnames, and see if we can catch our nameserver trying to hijack them and
|
|
|
|
* map them to a stupid "I couldn't find ggoogle.com but maybe you'd like to
|
|
|
|
* buy these lovely encyclopedias" page. */
|
|
|
|
static void
|
2006-09-21 23:48:22 +02:00
|
|
|
dns_launch_wildcard_checks(void)
|
|
|
|
{
|
2012-10-27 22:07:25 +02:00
|
|
|
int i, ipv6;
|
2006-09-21 23:48:22 +02:00
|
|
|
log_info(LD_EXIT, "Launching checks to see whether our nameservers like "
|
|
|
|
"to hijack DNS failures.");
|
2012-10-27 22:07:25 +02:00
|
|
|
for (ipv6 = 0; ipv6 <= 1; ++ipv6) {
|
|
|
|
for (i = 0; i < N_WILDCARD_CHECKS; ++i) {
|
|
|
|
/* RFC2606 reserves these. Sadly, some DNS hijackers, in a silly
|
|
|
|
* attempt to 'comply' with rfc2606, refrain from giving A records for
|
|
|
|
* these. This is the standards-compliance equivalent of making sure
|
|
|
|
* that your crackhouse's elevator inspection certificate is up to date.
|
|
|
|
*/
|
|
|
|
launch_wildcard_check(2, 16, ipv6, ".invalid");
|
|
|
|
launch_wildcard_check(2, 16, ipv6, ".test");
|
|
|
|
|
|
|
|
/* These will break specs if there are ever any number of
|
|
|
|
* 8+-character top-level domains. */
|
|
|
|
launch_wildcard_check(8, 16, ipv6, "");
|
|
|
|
|
|
|
|
/* Try some random .com/org/net domains. This will work fine so long as
|
|
|
|
* not too many resolve to the same place. */
|
|
|
|
launch_wildcard_check(8, 16, ipv6, ".com");
|
|
|
|
launch_wildcard_check(8, 16, ipv6, ".org");
|
|
|
|
launch_wildcard_check(8, 16, ipv6, ".net");
|
2017-07-01 23:56:06 +02:00
|
|
|
}
|
2006-09-21 23:48:22 +02:00
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2007-01-24 01:20:49 +01:00
|
|
|
/** If appropriate, start testing whether our DNS servers tend to lie to
|
|
|
|
* us. */
|
2006-12-28 22:29:11 +01:00
|
|
|
void
|
|
|
|
dns_launch_correctness_checks(void)
|
|
|
|
{
|
2009-06-04 07:05:23 +02:00
|
|
|
static struct event *launch_event = NULL;
|
2006-12-28 22:29:11 +01:00
|
|
|
struct timeval timeout;
|
|
|
|
if (!get_options()->ServerDNSDetectHijacking)
|
|
|
|
return;
|
|
|
|
dns_launch_wildcard_checks();
|
|
|
|
|
|
|
|
/* Wait a while before launching requests for test addresses, so we can
|
|
|
|
* get the results from checking for wildcarding. */
|
2009-06-04 07:05:23 +02:00
|
|
|
if (! launch_event)
|
2009-10-14 00:57:25 +02:00
|
|
|
launch_event = tor_evtimer_new(tor_libevent_get_base(),
|
|
|
|
launch_test_addresses, NULL);
|
2006-12-28 22:29:11 +01:00
|
|
|
timeout.tv_sec = 30;
|
|
|
|
timeout.tv_usec = 0;
|
2009-06-04 07:05:23 +02:00
|
|
|
if (evtimer_add(launch_event, &timeout)<0) {
|
2008-01-14 20:00:23 +01:00
|
|
|
log_warn(LD_BUG, "Couldn't add timer for checking for dns hijacking");
|
|
|
|
}
|
2006-12-28 22:29:11 +01:00
|
|
|
}
|
|
|
|
|
2009-05-27 23:55:51 +02:00
|
|
|
/** Return true iff our DNS servers lie to us too much to be trusted. */
|
2006-12-28 22:29:11 +01:00
|
|
|
int
|
|
|
|
dns_seems_to_be_broken(void)
|
|
|
|
{
|
|
|
|
return dns_is_completely_invalid;
|
|
|
|
}
|
|
|
|
|
2012-11-14 21:20:28 +01:00
|
|
|
/** Return true iff we think that IPv6 hostname lookup is broken */
|
2012-10-27 22:34:49 +02:00
|
|
|
int
|
|
|
|
dns_seems_to_be_broken_for_ipv6(void)
|
|
|
|
{
|
|
|
|
return dns_is_broken_for_ipv6;
|
|
|
|
}
|
|
|
|
|
2007-01-24 01:20:49 +01:00
|
|
|
/** Forget what we've previously learned about our DNS servers' correctness. */
|
2006-12-28 22:29:20 +01:00
|
|
|
void
|
|
|
|
dns_reset_correctness_checks(void)
|
|
|
|
{
|
2012-10-12 18:22:13 +02:00
|
|
|
strmap_free(dns_wildcard_response_count, tor_free_);
|
2009-12-12 08:07:59 +01:00
|
|
|
dns_wildcard_response_count = NULL;
|
|
|
|
|
2006-12-28 22:29:20 +01:00
|
|
|
n_wildcard_requests = 0;
|
|
|
|
|
2012-10-27 22:34:49 +02:00
|
|
|
n_ipv6_requests_made = n_ipv6_timeouts = 0;
|
|
|
|
|
2006-12-28 22:29:20 +01:00
|
|
|
if (dns_wildcard_list) {
|
|
|
|
SMARTLIST_FOREACH(dns_wildcard_list, char *, cp, tor_free(cp));
|
|
|
|
smartlist_clear(dns_wildcard_list);
|
|
|
|
}
|
|
|
|
if (dns_wildcarded_test_address_list) {
|
|
|
|
SMARTLIST_FOREACH(dns_wildcarded_test_address_list, char *, cp,
|
|
|
|
tor_free(cp));
|
|
|
|
smartlist_clear(dns_wildcarded_test_address_list);
|
|
|
|
}
|
|
|
|
dns_wildcard_one_notice_given = dns_wildcard_notice_given =
|
2012-10-27 22:34:49 +02:00
|
|
|
dns_wildcarded_test_address_notice_given = dns_is_completely_invalid =
|
|
|
|
dns_is_broken_for_ipv6 = 0;
|
2006-12-28 22:29:20 +01:00
|
|
|
}
|
|
|
|
|
2006-09-21 23:48:22 +02:00
|
|
|
/** Return true iff we have noticed that the dotted-quad <b>ip</b> has been
|
2006-09-22 22:20:26 +02:00
|
|
|
* returned in response to requests for nonexistent hostnames. */
|
2006-09-21 23:48:22 +02:00
|
|
|
static int
|
|
|
|
answer_is_wildcarded(const char *ip)
|
|
|
|
{
|
2012-04-11 18:50:50 +02:00
|
|
|
return dns_wildcard_list && smartlist_contains_string(dns_wildcard_list, ip);
|
2006-09-21 23:48:22 +02:00
|
|
|
}
|
2006-06-03 23:41:14 +02:00
|
|
|
|
2006-08-28 05:16:02 +02:00
|
|
|
/** Exit with an assertion if <b>resolve</b> is corrupt. */
|
2006-07-11 22:51:58 +02:00
|
|
|
static void
|
|
|
|
assert_resolve_ok(cached_resolve_t *resolve)
|
|
|
|
{
|
|
|
|
tor_assert(resolve);
|
|
|
|
tor_assert(resolve->magic == CACHED_RESOLVE_MAGIC);
|
|
|
|
tor_assert(strlen(resolve->address) < MAX_ADDRESSLEN);
|
2006-07-31 20:01:45 +02:00
|
|
|
tor_assert(tor_strisnonupper(resolve->address));
|
2006-07-31 20:01:18 +02:00
|
|
|
if (resolve->state != CACHE_STATE_PENDING) {
|
|
|
|
tor_assert(!resolve->pending_connections);
|
|
|
|
}
|
2006-07-31 20:01:45 +02:00
|
|
|
if (resolve->state == CACHE_STATE_PENDING ||
|
|
|
|
resolve->state == CACHE_STATE_DONE) {
|
Revise the DNS subsystem to handle IPv6 exits.
Now, every cached_resolve_t can remember an IPv4 result *and* an IPv6
result. As a light protection against timing-based distinguishers for
IPv6 users (and against complexity!), every forward request generates
an IPv4 *and* an IPv6 request, assuming that we're an IPv6 exit. Once
we have answers or errors for both, we act accordingly.
This patch additionally makes some useful refactorings in the dns.c
code, though there is quite a bit more of useful refactoring that could
be done.
Additionally, have a new interface for the argument passed to the
evdns_callback function. Previously, it was just the original address
we were resolving. But it turns out that, on error, evdns doesn't
tell you the type of the query, so on a failure we didn't know whether
IPv4 or IPv6 queries were failing.
The new convention is to have the first byte of that argument include
the query type. I've refactored the code a bit to make that simpler.
2012-11-05 19:26:29 +01:00
|
|
|
#if 0
|
2006-07-31 20:01:45 +02:00
|
|
|
tor_assert(!resolve->ttl);
|
2006-09-21 23:48:06 +02:00
|
|
|
if (resolve->is_reverse)
|
Revise the DNS subsystem to handle IPv6 exits.
Now, every cached_resolve_t can remember an IPv4 result *and* an IPv6
result. As a light protection against timing-based distinguishers for
IPv6 users (and against complexity!), every forward request generates
an IPv4 *and* an IPv6 request, assuming that we're an IPv6 exit. Once
we have answers or errors for both, we act accordingly.
This patch additionally makes some useful refactorings in the dns.c
code, though there is quite a bit more of useful refactoring that could
be done.
Additionally, have a new interface for the argument passed to the
evdns_callback function. Previously, it was just the original address
we were resolving. But it turns out that, on error, evdns doesn't
tell you the type of the query, so on a failure we didn't know whether
IPv4 or IPv6 queries were failing.
The new convention is to have the first byte of that argument include
the query type. I've refactored the code a bit to make that simpler.
2012-11-05 19:26:29 +01:00
|
|
|
tor_assert(!resolve->hostname);
|
2006-09-21 23:48:06 +02:00
|
|
|
else
|
Revise the DNS subsystem to handle IPv6 exits.
Now, every cached_resolve_t can remember an IPv4 result *and* an IPv6
result. As a light protection against timing-based distinguishers for
IPv6 users (and against complexity!), every forward request generates
an IPv4 *and* an IPv6 request, assuming that we're an IPv6 exit. Once
we have answers or errors for both, we act accordingly.
This patch additionally makes some useful refactorings in the dns.c
code, though there is quite a bit more of useful refactoring that could
be done.
Additionally, have a new interface for the argument passed to the
evdns_callback function. Previously, it was just the original address
we were resolving. But it turns out that, on error, evdns doesn't
tell you the type of the query, so on a failure we didn't know whether
IPv4 or IPv6 queries were failing.
The new convention is to have the first byte of that argument include
the query type. I've refactored the code a bit to make that simpler.
2012-11-05 19:26:29 +01:00
|
|
|
tor_assert(!resolve->result_ipv4.addr_ipv4);
|
2017-09-15 22:24:44 +02:00
|
|
|
#endif /* 0 */
|
Revise the DNS subsystem to handle IPv6 exits.
Now, every cached_resolve_t can remember an IPv4 result *and* an IPv6
result. As a light protection against timing-based distinguishers for
IPv6 users (and against complexity!), every forward request generates
an IPv4 *and* an IPv6 request, assuming that we're an IPv6 exit. Once
we have answers or errors for both, we act accordingly.
This patch additionally makes some useful refactorings in the dns.c
code, though there is quite a bit more of useful refactoring that could
be done.
Additionally, have a new interface for the argument passed to the
evdns_callback function. Previously, it was just the original address
we were resolving. But it turns out that, on error, evdns doesn't
tell you the type of the query, so on a failure we didn't know whether
IPv4 or IPv6 queries were failing.
The new convention is to have the first byte of that argument include
the query type. I've refactored the code a bit to make that simpler.
2012-11-05 19:26:29 +01:00
|
|
|
/*XXXXX ADD MORE */
|
2006-07-31 20:01:45 +02:00
|
|
|
}
|
2006-07-11 22:51:58 +02:00
|
|
|
}
|
|
|
|
|
2009-05-23 05:33:44 +02:00
|
|
|
/** Return the number of DNS cache entries as an int */
|
|
|
|
static int
|
|
|
|
dns_cache_entry_count(void)
|
|
|
|
{
|
|
|
|
return HT_SIZE(&cache_root);
|
|
|
|
}
|
|
|
|
|
|
|
|
/** Log memory information about our internal DNS cache at level 'severity'. */
|
|
|
|
void
|
|
|
|
dump_dns_mem_usage(int severity)
|
|
|
|
{
|
|
|
|
/* This should never be larger than INT_MAX. */
|
|
|
|
int hash_count = dns_cache_entry_count();
|
|
|
|
size_t hash_mem = sizeof(struct cached_resolve_t) * hash_count;
|
|
|
|
hash_mem += HT_MEM_USAGE(&cache_root);
|
|
|
|
|
|
|
|
/* Print out the count and estimated size of our &cache_root. It undercounts
|
|
|
|
hostnames in cached reverse resolves.
|
|
|
|
*/
|
2013-02-01 21:43:37 +01:00
|
|
|
tor_log(severity, LD_MM, "Our DNS cache has %d entries.", hash_count);
|
|
|
|
tor_log(severity, LD_MM, "Our DNS cache size is approximately %u bytes.",
|
2009-05-23 05:33:44 +02:00
|
|
|
(unsigned)hash_mem);
|
|
|
|
}
|
|
|
|
|
2006-08-15 06:50:17 +02:00
|
|
|
#ifdef DEBUG_DNS_CACHE
|
2006-08-28 05:16:02 +02:00
|
|
|
/** Exit with an assertion if the DNS cache is corrupt. */
|
2006-07-11 22:51:58 +02:00
|
|
|
static void
|
2012-10-12 18:22:13 +02:00
|
|
|
assert_cache_ok_(void)
|
2006-07-11 22:51:58 +02:00
|
|
|
{
|
|
|
|
cached_resolve_t **resolve;
|
2014-05-06 16:18:34 +02:00
|
|
|
int bad_rep = HT_REP_IS_BAD_(cache_map, &cache_root);
|
2006-07-27 19:37:37 +02:00
|
|
|
if (bad_rep) {
|
|
|
|
log_err(LD_BUG, "Bad rep type %d on dns cache hash table", bad_rep);
|
|
|
|
tor_assert(!bad_rep);
|
|
|
|
}
|
2006-07-11 22:51:58 +02:00
|
|
|
|
|
|
|
HT_FOREACH(resolve, cache_map, &cache_root) {
|
|
|
|
assert_resolve_ok(*resolve);
|
2006-07-31 20:01:18 +02:00
|
|
|
tor_assert((*resolve)->state != CACHE_STATE_DONE);
|
2006-07-11 22:51:58 +02:00
|
|
|
}
|
2006-07-31 20:01:45 +02:00
|
|
|
if (!cached_resolve_pqueue)
|
|
|
|
return;
|
|
|
|
|
|
|
|
smartlist_pqueue_assert_ok(cached_resolve_pqueue,
|
2012-10-12 18:22:13 +02:00
|
|
|
compare_cached_resolves_by_expiry_,
|
2017-08-01 01:30:30 +02:00
|
|
|
offsetof(cached_resolve_t, minheap_idx));
|
2007-02-08 23:07:56 +01:00
|
|
|
|
|
|
|
SMARTLIST_FOREACH(cached_resolve_pqueue, cached_resolve_t *, res,
|
|
|
|
{
|
|
|
|
if (res->state == CACHE_STATE_DONE) {
|
|
|
|
cached_resolve_t *found = HT_FIND(cache_map, &cache_root, res);
|
|
|
|
tor_assert(!found || found != res);
|
|
|
|
} else {
|
|
|
|
cached_resolve_t *found = HT_FIND(cache_map, &cache_root, res);
|
|
|
|
tor_assert(found);
|
|
|
|
}
|
|
|
|
});
|
2006-07-11 22:51:58 +02:00
|
|
|
}
|
2015-10-18 17:04:48 +02:00
|
|
|
|
2017-09-15 22:24:44 +02:00
|
|
|
#endif /* defined(DEBUG_DNS_CACHE) */
|
2006-08-28 05:15:55 +02:00
|
|
|
|
2017-05-26 20:05:50 +02:00
|
|
|
cached_resolve_t *
|
|
|
|
dns_get_cache_entry(cached_resolve_t *query)
|
2015-10-18 17:04:48 +02:00
|
|
|
{
|
|
|
|
return HT_FIND(cache_map, &cache_root, query);
|
|
|
|
}
|
|
|
|
|
|
|
|
void
|
|
|
|
dns_insert_cache_entry(cached_resolve_t *new_entry)
|
|
|
|
{
|
|
|
|
HT_INSERT(cache_map, &cache_root, new_entry);
|
|
|
|
}
|
|
|
|
|