diff --git a/changes/ticket33898 b/changes/ticket33898 new file mode 100644 index 0000000000..7c8d9d0009 --- /dev/null +++ b/changes/ticket33898 @@ -0,0 +1,7 @@ + o Minor features (relay address tracking): + - We store relay addresses for OR connections in a more logical way. + Previously we would sometimes overwrite the actual address of a + connection with a "canonical address", and then store the "real + address" elsewhere to remember it. We now track the "canonical address" + elsewhere for the cases where we need it, and leave the connection's + address alone. Closes ticket 33898. diff --git a/src/core/mainloop/connection.c b/src/core/mainloop/connection.c index 90fd35b527..b3c5e6f51c 100644 --- a/src/core/mainloop/connection.c +++ b/src/core/mainloop/connection.c @@ -434,14 +434,6 @@ connection_describe_peer_internal(const connection_t *conn, } else if (conn->type == CONN_TYPE_OR) { /* For OR connections, we have a lot to do. */ const or_connection_t *or_conn = CONST_TO_OR_CONN(conn); - /* we report 'real_addr' as the address we're talking with, if it's set. - * - * TODO: Eventually we should have 'addr' always mean the address on the - * internet, and have a separate 'canonical_addr' field. - */ - if (!tor_addr_is_null(&or_conn->real_addr)) { - addr = &or_conn->real_addr; - } /* We report the IDs we're talking to... */ if (fast_digest_is_zero(or_conn->identity_digest)) { // This could be a client, so scrub it. No identity to report. @@ -453,13 +445,17 @@ connection_describe_peer_internal(const connection_t *conn, tor_snprintf(extra_buf, sizeof(extra_buf), " ID=%s", id_buf); } - if (! tor_addr_eq(addr, &conn->addr) && !scrub) { + if (! scrub && (! tor_addr_eq(addr, &or_conn->canonical_orport.addr) || + conn->port != or_conn->canonical_orport.port)) { /* We report canonical address, if it's different */ char canonical_addr_buf[TOR_ADDR_BUF_LEN]; - if (tor_addr_to_str(canonical_addr_buf, &conn->addr, + if (tor_addr_to_str(canonical_addr_buf, &or_conn->canonical_orport.addr, sizeof(canonical_addr_buf), 1)) { - strlcat(extra_buf, " canonical_addr=", sizeof(extra_buf)); - strlcat(extra_buf, canonical_addr_buf, sizeof(extra_buf)); + tor_snprintf(extra_buf+strlen(extra_buf), + sizeof(extra_buf)-strlen(extra_buf), + " canonical_addr=%s:%"PRIu16, + canonical_addr_buf, + or_conn->canonical_orport.port); } } } else if (conn->type == CONN_TYPE_EXIT) { @@ -570,6 +566,7 @@ or_connection_new(int type, int socket_family) tor_assert(type == CONN_TYPE_OR || type == CONN_TYPE_EXT_OR); connection_init(now, TO_CONN(or_conn), type, socket_family); + tor_addr_make_unspec(&or_conn->canonical_orport.addr); connection_or_set_canonical(or_conn, 0); if (type == CONN_TYPE_EXT_OR) @@ -2252,16 +2249,7 @@ connection_connect_log_client_use_ip_version(const connection_t *conn) ? fascist_firewall_prefer_ipv6_orport(options) : fascist_firewall_prefer_ipv6_dirport(options)); tor_addr_t real_addr; - tor_addr_make_null(&real_addr, AF_UNSPEC); - - /* OR conns keep the original address in real_addr, as addr gets overwritten - * with the descriptor address */ - if (conn->type == CONN_TYPE_OR) { - const or_connection_t *or_conn = CONST_TO_OR_CONN(conn); - tor_addr_copy(&real_addr, &or_conn->real_addr); - } else if (conn->type == CONN_TYPE_DIR) { - tor_addr_copy(&real_addr, &conn->addr); - } + tor_addr_copy(&real_addr, &conn->addr); /* Check if we broke a mandatory address family restriction */ if ((must_ipv4 && tor_addr_family(&real_addr) == AF_INET6) diff --git a/src/core/or/channel.c b/src/core/or/channel.c index 8390fc1ecc..b4386f969d 100644 --- a/src/core/or/channel.c +++ b/src/core/or/channel.c @@ -3255,6 +3255,9 @@ channel_when_last_xmit(channel_t *chan) * * This function calls the lower layer and asks if this channel matches a * given extend_info_t. + * + * NOTE that this function only checks for an address/port match, and should + * be used only when no identity is available. */ int channel_matches_extend_info(channel_t *chan, extend_info_t *extend_info) diff --git a/src/core/or/channeltls.c b/src/core/or/channeltls.c index 90049a7e5c..ae60038c34 100644 --- a/src/core/or/channeltls.c +++ b/src/core/or/channeltls.c @@ -548,14 +548,8 @@ channel_tls_get_remote_addr_method(const channel_t *chan, return 0; } - if (! tor_addr_is_null(&tlschan->conn->real_addr)) { - /* They want the real address, and real_addr is set. */ - tor_addr_copy(addr_out, &(tlschan->conn->real_addr)); - } else { - /* We'll have to give them the nominal address, which hopefully has - * not been overwritten yet. */ - tor_addr_copy(addr_out, &TO_CONN(tlschan->conn)->addr); - } + /* They want the real address, so give it to them. */ + tor_addr_copy(addr_out, &TO_CONN(tlschan->conn)->addr); return 1; } @@ -673,6 +667,9 @@ channel_tls_is_canonical_method(channel_t *chan, int req) * * This implements the matches_extend_info method for channel_tls_t; the upper * layer wants to know if this channel matches an extend_info_t. + * + * NOTE that this function only checks for an address/port match, and should + * be used only when no identify is available. */ static int channel_tls_matches_extend_info_method(channel_t *chan, @@ -692,6 +689,16 @@ channel_tls_matches_extend_info_method(channel_t *chan, return 0; } + const tor_addr_port_t *orport = &tlschan->conn->canonical_orport; + // If the canonical address is set, then we'll allow matches based on that. + if (! tor_addr_is_unspec(&orport->addr)) { + if (extend_info_has_orport(extend_info, &orport->addr, orport->port)) { + return 1; + } + } + + // We also want to match if the true address and port are listed in the + // extend info. return extend_info_has_orport(extend_info, &TO_CONN(tlschan->conn)->addr, TO_CONN(tlschan->conn)->port); @@ -722,8 +729,8 @@ channel_tls_matches_target_method(channel_t *chan, return 0; } - /* real_addr is the address this connection came from. - * base_.addr is updated by connection_or_init_conn_from_address() + /* addr is the address this connection came from. + * canonical_orport is updated by connection_or_init_conn_from_address() * to be the address in the descriptor. It may be tempting to * allow either address to be allowed, but if we did so, it would * enable someone who steals a relay's keys to covertly impersonate/MITM it @@ -734,7 +741,7 @@ channel_tls_matches_target_method(channel_t *chan, * An adversary who has stolen a relay's keys could also post a fake relay * descriptor, but that attack is easier to detect. */ - return tor_addr_eq(&(tlschan->conn->real_addr), target); + return tor_addr_eq(&TO_CONN(tlschan->conn)->addr, target); } /** @@ -1883,7 +1890,7 @@ channel_tls_process_netinfo_cell(cell_t *cell, channel_tls_t *chan) * might be doing something funny, but nobody else is doing a MITM * on the relay's TCP. */ - if (tor_addr_eq(&addr, &(chan->conn->real_addr))) { + if (tor_addr_eq(&addr, &TO_CONN(chan->conn)->addr)) { connection_or_set_canonical(chan->conn, 1); break; } @@ -1921,7 +1928,7 @@ channel_tls_process_netinfo_cell(cell_t *cell, channel_tls_t *chan) * we were unable to resolve it previously. The endpoint address is passed * in order to make sure to never consider an address that is the same as * our endpoint. */ - relay_address_new_suggestion(&my_apparent_addr, &chan->conn->real_addr, + relay_address_new_suggestion(&my_apparent_addr, &TO_CONN(chan->conn)->addr, identity_digest); if (! chan->conn->handshake_state->sent_netinfo) { diff --git a/src/core/or/connection_or.c b/src/core/or/connection_or.c index 91dcbe695b..0795521be0 100644 --- a/src/core/or/connection_or.c +++ b/src/core/or/connection_or.c @@ -893,7 +893,9 @@ connection_or_init_conn_from_address(or_connection_t *conn, conn->base_.port = port; tor_addr_copy(&conn->base_.addr, addr); - tor_addr_copy(&conn->real_addr, addr); + if (! conn->base_.address) { + conn->base_.address = tor_strdup(fmt_addr(addr)); + } connection_or_check_canonicity(conn, started_here); } @@ -905,9 +907,10 @@ connection_or_init_conn_from_address(or_connection_t *conn, static void connection_or_check_canonicity(or_connection_t *conn, int started_here) { + (void) started_here; + const char *id_digest = conn->identity_digest; const ed25519_public_key_t *ed_id = NULL; - const tor_addr_t *addr = &conn->real_addr; if (conn->chan) ed_id = & TLS_CHAN_TO_BASE(conn->chan)->ed25519_identity; @@ -936,34 +939,17 @@ connection_or_check_canonicity(or_connection_t *conn, int started_here) } else { node_ap = &node_ipv6_ap; } - if (!started_here) { - /* Override the addr/port, so our log messages will make sense. - * This is dangerous, since if we ever try looking up a conn by - * its actual addr/port, we won't remember. Careful! */ - /* XXXX arma: this is stupid, and it's the reason we need real_addr - * to track is_canonical properly. What requires it? */ - /* XXXX i believe the reason we did this, originally, is because - * we wanted to log what OR a connection was to, and if we logged the - * right IP address and port 56244, that wouldn't be as helpful. now we - * log the "right" port too, so we know if it's moria1 or moria2. - */ - /* See #33898 for a ticket that resolves this technical debt. */ - tor_addr_copy(&conn->base_.addr, &node_ap->addr); - conn->base_.port = node_ap->port; - } + /* Remember the canonical addr/port so our log messages will make + sense. */ + tor_addr_port_copy(&conn->canonical_orport, node_ap); tor_free(conn->nickname); conn->nickname = tor_strdup(node_get_nickname(r)); - tor_free(conn->base_.address); - conn->base_.address = tor_addr_to_str_dup(&node_ap->addr); } else { tor_free(conn->nickname); conn->nickname = tor_malloc(HEX_DIGEST_LEN+2); conn->nickname[0] = '$'; base16_encode(conn->nickname+1, HEX_DIGEST_LEN+1, conn->identity_digest, DIGEST_LEN); - - tor_free(conn->base_.address); - conn->base_.address = tor_addr_to_str_dup(addr); } /* @@ -1144,8 +1130,8 @@ connection_or_group_set_badness_(smartlist_t *group, int force) (int)(now - or_conn->base_.timestamp_created), best->base_.s, (int)(now - best->base_.timestamp_created)); connection_or_mark_bad_for_new_circs(or_conn); - } else if (!tor_addr_compare(&or_conn->real_addr, - &best->real_addr, CMP_EXACT)) { + } else if (tor_addr_eq(&TO_CONN(or_conn)->addr, + &TO_CONN(best)->addr)) { log_info(LD_OR, "Marking %s unsuitable for new circuits: " "(fd "TOR_SOCKET_T_FORMAT", %d secs old). We have a better " @@ -1275,7 +1261,7 @@ static or_connect_failure_entry_t * or_connect_failure_new(const or_connection_t *or_conn) { or_connect_failure_entry_t *ocf = tor_malloc_zero(sizeof(*ocf)); - or_connect_failure_init(or_conn->identity_digest, &or_conn->real_addr, + or_connect_failure_init(or_conn->identity_digest, &TO_CONN(or_conn)->addr, TO_CONN(or_conn)->port, ocf); return ocf; } @@ -1653,8 +1639,8 @@ connection_tls_start_handshake,(or_connection_t *conn, int receiving)) log_warn(LD_BUG,"tor_tls_new failed. Closing."); return -1; } - tor_tls_set_logged_address(conn->tls, // XXX client and relay? - escaped_safe_str(conn->base_.address)); + tor_tls_set_logged_address(conn->tls, + connection_describe_peer(TO_CONN(conn))); connection_start_reading(TO_CONN(conn)); log_debug(LD_HANDSHAKE,"starting TLS handshake on fd "TOR_SOCKET_T_FORMAT, @@ -1801,18 +1787,15 @@ connection_or_check_valid_tls_handshake(or_connection_t *conn, crypto_pk_t *identity_rcvd=NULL; const or_options_t *options = get_options(); int severity = server_mode(options) ? LOG_PROTOCOL_WARN : LOG_WARN; - const char *safe_address = - started_here ? conn->base_.address : - safe_str_client(conn->base_.address); const char *conn_type = started_here ? "outgoing" : "incoming"; int has_cert = 0; check_no_tls_errors(); has_cert = tor_tls_peer_has_cert(conn->tls); if (started_here && !has_cert) { - log_info(LD_HANDSHAKE,"Tried connecting to router at %s:%d, but it didn't " + log_info(LD_HANDSHAKE,"Tried connecting to router at %s, but it didn't " "send a cert! Closing.", - safe_address, conn->base_.port); + connection_describe_peer(TO_CONN(conn))); return -1; } else if (!has_cert) { log_debug(LD_HANDSHAKE,"Got incoming connection with no certificate. " @@ -1824,9 +1807,9 @@ connection_or_check_valid_tls_handshake(or_connection_t *conn, int v = tor_tls_verify(started_here?severity:LOG_INFO, conn->tls, &identity_rcvd); if (started_here && v<0) { - log_fn(severity,LD_HANDSHAKE,"Tried connecting to router at %s:%d: It" + log_fn(severity,LD_HANDSHAKE,"Tried connecting to router at %s: It" " has a cert but it's invalid. Closing.", - safe_address, conn->base_.port); + connection_describe_peer(TO_CONN(conn))); return -1; } else if (v<0) { log_info(LD_HANDSHAKE,"Incoming connection gave us an invalid cert " @@ -1834,7 +1817,8 @@ connection_or_check_valid_tls_handshake(or_connection_t *conn, } else { log_debug(LD_HANDSHAKE, "The certificate seems to be valid on %s connection " - "with %s:%d", conn_type, safe_address, conn->base_.port); + "with %s", conn_type, + connection_describe_peer(TO_CONN(conn))); } check_no_tls_errors(); } @@ -2027,9 +2011,14 @@ connection_or_client_learned_peer_id(or_connection_t *conn, /* If we learned an identity for this connection, then we might have * just discovered it to be canonical. */ connection_or_check_canonicity(conn, conn->handshake_state->started_here); + if (conn->tls) + tor_tls_set_logged_address(conn->tls, + connection_describe_peer(TO_CONN(conn))); } if (authdir_mode_tests_reachability(options)) { + // We don't want to use canonical_orport here -- we want the address + // that we really used. dirserv_orconn_tls_done(&conn->base_.addr, conn->base_.port, (const char*)rsa_peer_id, ed_peer_id); } @@ -2507,11 +2496,9 @@ connection_or_send_netinfo,(or_connection_t *conn)) netinfo_cell_set_timestamp(netinfo_cell, (uint32_t)now); /* Their address. */ - const tor_addr_t *remote_tor_addr = - !tor_addr_is_null(&conn->real_addr) ? &conn->real_addr : &conn->base_.addr; - /* We use &conn->real_addr below, unless it hasn't yet been set. If it - * hasn't yet been set, we know that base_.addr hasn't been tampered with - * yet either. */ + const tor_addr_t *remote_tor_addr = &TO_CONN(conn)->addr; + /* We can safely use TO_CONN(conn)->addr here, since we no longer replace + * it with a canonical address. */ netinfo_addr_t *their_addr = netinfo_addr_from_tor_addr(remote_tor_addr); netinfo_cell_set_other_addr(netinfo_cell, their_addr); diff --git a/src/core/or/connection_st.h b/src/core/or/connection_st.h index 508328f75c..9cc06d1ef3 100644 --- a/src/core/or/connection_st.h +++ b/src/core/or/connection_st.h @@ -137,15 +137,11 @@ struct connection_t { * any more! * * The misuses of this field include: - * * Setting it to the canonical address of a relay on an OR connection. * * Setting it on linked connections, possibly. * * Updating it based on the Forwarded-For header-- Forwarded-For is - * set by a proxy, but not a local trusted troxy. + * set by a proxy, but not a local trusted proxy. **/ - tor_addr_t addr; /**< IP that socket "s" is directly connected to; - * may be the IP address for a proxy or pluggable transport, - * see "address" for the address of the final destination. - */ + tor_addr_t addr; uint16_t port; /**< If non-zero, port that socket "s" is directly connected * to; may be the port for a proxy or pluggable transport, * see "address" for the port at the final destination. */ @@ -165,7 +161,6 @@ struct connection_t { * * * An address we're trying to resolve (as an exit). * * A unix address we're trying to bind to (as a listener). - * * A canonical address for an OR connection. **/ char *address; /** Another connection that's connected to this one in lieu of a socket. */ diff --git a/src/core/or/dos.c b/src/core/or/dos.c index 5f99280030..41bf303ffe 100644 --- a/src/core/or/dos.c +++ b/src/core/or/dos.c @@ -584,7 +584,7 @@ dos_geoip_entry_about_to_free(const clientmap_entry_t *geoip_ent) SMARTLIST_FOREACH_BEGIN(get_connection_array(), connection_t *, conn) { if (conn->type == CONN_TYPE_OR) { or_connection_t *or_conn = TO_OR_CONN(conn); - if (!tor_addr_compare(&geoip_ent->addr, &or_conn->real_addr, + if (!tor_addr_compare(&geoip_ent->addr, &TO_CONN(or_conn)->addr, CMP_EXACT)) { or_conn->tracked_for_dos_mitigation = 0; } @@ -696,12 +696,12 @@ dos_new_client_conn(or_connection_t *or_conn, const char *transport_name) * reason to do so is because network reentry is possible where a client * connection comes from an Exit node. Even when we'll fix reentry, this is * a robust defense to keep in place. */ - if (nodelist_probably_contains_address(&or_conn->real_addr)) { + if (nodelist_probably_contains_address(&TO_CONN(or_conn)->addr)) { goto end; } /* We are only interested in client connection from the geoip cache. */ - entry = geoip_lookup_client(&or_conn->real_addr, transport_name, + entry = geoip_lookup_client(&TO_CONN(or_conn)->addr, transport_name, GEOIP_CLIENT_CONNECT); if (BUG(entry == NULL)) { /* Should never happen because we note down the address in the geoip @@ -712,7 +712,7 @@ dos_new_client_conn(or_connection_t *or_conn, const char *transport_name) entry->dos_stats.concurrent_count++; or_conn->tracked_for_dos_mitigation = 1; log_debug(LD_DOS, "Client address %s has now %u concurrent connections.", - fmt_addr(&or_conn->real_addr), + fmt_addr(&TO_CONN(or_conn)->addr), entry->dos_stats.concurrent_count); end: @@ -735,7 +735,7 @@ dos_close_client_conn(const or_connection_t *or_conn) } /* We are only interested in client connection from the geoip cache. */ - entry = geoip_lookup_client(&or_conn->real_addr, NULL, + entry = geoip_lookup_client(&TO_CONN(or_conn)->addr, NULL, GEOIP_CLIENT_CONNECT); if (entry == NULL) { /* This can happen because we can close a connection before the channel @@ -753,7 +753,7 @@ dos_close_client_conn(const or_connection_t *or_conn) entry->dos_stats.concurrent_count--; log_debug(LD_DOS, "Client address %s has lost a connection. Concurrent " "connections are now at %u", - fmt_addr(&or_conn->real_addr), + fmt_addr(&TO_CONN(or_conn)->addr), entry->dos_stats.concurrent_count); end: diff --git a/src/core/or/or_connection_st.h b/src/core/or/or_connection_st.h index 2507f90803..8e012a6b85 100644 --- a/src/core/or/or_connection_st.h +++ b/src/core/or/or_connection_st.h @@ -50,17 +50,18 @@ struct or_connection_t { channel_tls_t *chan; /** - * The actual address (as modified by any proxies) that this connection - * came from or went to. (See connection_t.addr for caveats.) + * The "canonical" address and port for this relay's ORPort, if this is + * a known relay. * - * TECHNICAL DEBT: + * An ORPort is "canonical" in this sense only if it is the same ORPort + * that is listed for this identity in the consensus we have. * - * This field shouldn't really exist. We need it because our code - * overwrites conenction_t.addr with the "canonical address" of the OR we - * are talking to, taken from the descriptor of the authenticated OR. - * That's a bad choice. + * This field may be set on outbound connections for _any_ relay, and on + * inbound connections after authentication. If we don't know the relay's + * identity, or if we don't have the relay's identity in our consensus, we + * leave this address as UNSPEC. **/ - tor_addr_t real_addr; + tor_addr_port_t canonical_orport; /** Should this connection be used for extending circuits to the server * matching the identity_digest field? Set to true if we're pretty diff --git a/src/lib/net/address.c b/src/lib/net/address.c index cf4af423a7..5a32533610 100644 --- a/src/lib/net/address.c +++ b/src/lib/net/address.c @@ -2114,6 +2114,18 @@ tor_addr_port_eq(const tor_addr_port_t *a, return tor_addr_eq(&a->addr, &b->addr) && a->port == b->port; } +/** + * Copy a tor_addr_port_t from @a source to @a dest. + **/ +void +tor_addr_port_copy(tor_addr_port_t *dest, + const tor_addr_port_t *source) +{ + tor_assert(dest); + tor_assert(source); + memcpy(dest, source, sizeof(tor_addr_port_t)); +} + /** Return true if string represents a valid IPv4 adddress in * 'a.b.c.d' form. */ diff --git a/src/lib/net/address.h b/src/lib/net/address.h index e19b446e8d..bc8ec7744f 100644 --- a/src/lib/net/address.h +++ b/src/lib/net/address.h @@ -394,6 +394,7 @@ get_interface_address_list(int severity, int include_internal) tor_addr_port_t *tor_addr_port_new(const tor_addr_t *addr, uint16_t port); int tor_addr_port_eq(const tor_addr_port_t *a, const tor_addr_port_t *b); +void tor_addr_port_copy(tor_addr_port_t *dest, const tor_addr_port_t *source); int string_is_valid_dest(const char *string); int string_is_valid_nonrfc_hostname(const char *string); diff --git a/src/test/test_channel.c b/src/test/test_channel.c index 14d8a4eae7..c7d4343ede 100644 --- a/src/test/test_channel.c +++ b/src/test/test_channel.c @@ -1554,11 +1554,11 @@ test_channel_listener(void *arg) #define TEST_SETUP_MATCHES_ADDR(orcon, addr, src, rv) STMT_BEGIN \ rv = tor_inet_pton(addr.family, src, &addr.addr); \ tt_int_op(rv, OP_EQ, 1); \ - orcon->real_addr = addr; \ + orcon->base_.addr = addr; \ STMT_END; #define TEST_MATCHES_ADDR(chan, addr4, addr6, rv, exp) STMT_BEGIN \ - rv = channel_matches_target_addr_for_extend(chan, addr4, addr6); \ + rv = channel_matches_target_addr_for_extend(chan, addr4, addr6); \ tt_int_op(rv, OP_EQ, exp); \ STMT_END; diff --git a/src/test/test_channeltls.c b/src/test/test_channeltls.c index f682c57acf..0227779e8b 100644 --- a/src/test/test_channeltls.c +++ b/src/test/test_channeltls.c @@ -293,7 +293,7 @@ tlschan_connection_or_connect_mock(const tor_addr_t *addr, result->base_.port = port; memcpy(result->identity_digest, digest, DIGEST_LEN); result->chan = tlschan; - memcpy(&(result->real_addr), addr, sizeof(tor_addr_t)); + memcpy(&result->base_.addr, addr, sizeof(tor_addr_t)); result->tls = (tor_tls_t *)((void *)(&fake_tortls)); done: diff --git a/src/test/test_connection.c b/src/test/test_connection.c index e9be04656b..954aeb82e3 100644 --- a/src/test/test_connection.c +++ b/src/test/test_connection.c @@ -911,7 +911,8 @@ test_failed_orconn_tracker(void *arg) /* Prepare the OR connection that will be used in this test */ or_connection_t or_conn; - tt_int_op(AF_INET,OP_EQ, tor_addr_parse(&or_conn.real_addr, "18.0.0.1")); + tt_int_op(AF_INET,OP_EQ, tor_addr_parse(&or_conn.canonical_orport.addr, + "18.0.0.1")); tt_int_op(AF_INET,OP_EQ, tor_addr_parse(&or_conn.base_.addr, "18.0.0.1")); or_conn.base_.port = 1; memset(or_conn.identity_digest, 'c', sizeof(or_conn.identity_digest)); @@ -1048,17 +1049,20 @@ test_conn_describe(void *arg) tt_str_op(connection_describe(conn), OP_EQ, "OR connection (open) with [ffff:3333:1111::2]:8080 " "ID=0000000700000000000000000000000000000000"); - // Add a 'real address' that is the same as the one we have. - tor_addr_parse(&TO_OR_CONN(conn)->real_addr, "[ffff:3333:1111::2]"); + // Add a 'canonical address' that is the same as the one we have. + tor_addr_parse(&TO_OR_CONN(conn)->canonical_orport.addr, + "[ffff:3333:1111::2]"); + TO_OR_CONN(conn)->canonical_orport.port = 8080; tt_str_op(connection_describe(conn), OP_EQ, "OR connection (open) with [ffff:3333:1111::2]:8080 " "ID=0000000700000000000000000000000000000000"); - // Add a different 'real address' - tor_addr_parse(&TO_OR_CONN(conn)->real_addr, "[ffff:3333:1111::8]"); + // Add a different 'canonical address' + tor_addr_parse(&TO_OR_CONN(conn)->canonical_orport.addr, + "[ffff:3333:1111::8]"); tt_str_op(connection_describe(conn), OP_EQ, - "OR connection (open) with [ffff:3333:1111::8]:8080 " + "OR connection (open) with [ffff:3333:1111::2]:8080 " "ID=0000000700000000000000000000000000000000 " - "canonical_addr=[ffff:3333:1111::2]"); + "canonical_addr=[ffff:3333:1111::8]:8080"); // Clear identity_digest so that free_minimal won't complain. memset(TO_OR_CONN(conn)->identity_digest, 0, DIGEST_LEN); diff --git a/src/test/test_dos.c b/src/test/test_dos.c index 7378efd426..850bbef59b 100644 --- a/src/test/test_dos.c +++ b/src/test/test_dos.c @@ -66,9 +66,9 @@ test_dos_conn_creation(void *arg) /* Initialize test data */ or_connection_t or_conn; time_t now = 1281533250; /* 2010-08-11 13:27:30 UTC */ - tt_int_op(AF_INET,OP_EQ, tor_addr_parse(&or_conn.real_addr, + tt_int_op(AF_INET,OP_EQ, tor_addr_parse(&TO_CONN(&or_conn)->addr, "18.0.0.1")); - tor_addr_t *addr = &or_conn.real_addr; + tor_addr_t *addr = &TO_CONN(&or_conn)->addr; /* Get DoS subsystem limits */ dos_init(); @@ -139,9 +139,9 @@ test_dos_circuit_creation(void *arg) /* Initialize test data */ or_connection_t or_conn; time_t now = 1281533250; /* 2010-08-11 13:27:30 UTC */ - tt_int_op(AF_INET,OP_EQ, tor_addr_parse(&or_conn.real_addr, + tt_int_op(AF_INET,OP_EQ, tor_addr_parse(&TO_CONN(&or_conn)->addr, "18.0.0.1")); - tor_addr_t *addr = &or_conn.real_addr; + tor_addr_t *addr = &TO_CONN(&or_conn)->addr; /* Get DoS subsystem limits */ dos_init(); @@ -202,9 +202,9 @@ test_dos_bucket_refill(void *arg) channel_init(chan); chan->is_client = 1; or_connection_t or_conn; - tt_int_op(AF_INET,OP_EQ, tor_addr_parse(&or_conn.real_addr, + tt_int_op(AF_INET,OP_EQ, tor_addr_parse(&TO_CONN(&or_conn)->addr, "18.0.0.1")); - tor_addr_t *addr = &or_conn.real_addr; + tor_addr_t *addr = &TO_CONN(&or_conn)->addr; /* Initialize DoS subsystem and get relevant limits */ dos_init(); @@ -443,10 +443,10 @@ test_known_relay(void *arg) /* Setup an OR conn so we can pass it to the DoS subsystem. */ or_connection_t or_conn; - tor_addr_parse(&or_conn.real_addr, "42.42.42.42"); + tor_addr_parse(&TO_CONN(&or_conn)->addr, "42.42.42.42"); rs = tor_malloc_zero(sizeof(*rs)); - tor_addr_copy(&rs->ipv4_addr, &or_conn.real_addr); + tor_addr_copy(&rs->ipv4_addr, &TO_CONN(&or_conn)->addr); crypto_rand(rs->identity_digest, sizeof(rs->identity_digest)); smartlist_add(dummy_ns->routerstatus_list, rs); @@ -457,7 +457,8 @@ test_known_relay(void *arg) /* We have now a node in our list so we'll make sure we don't count it as a * client connection. */ - geoip_note_client_seen(GEOIP_CLIENT_CONNECT, &or_conn.real_addr, NULL, 0); + geoip_note_client_seen(GEOIP_CLIENT_CONNECT, &TO_CONN(&or_conn)->addr, + NULL, 0); /* Suppose we have 5 connections in rapid succession, the counter should * always be 0 because we should ignore this. */ dos_new_client_conn(&or_conn, NULL); @@ -465,18 +466,21 @@ test_known_relay(void *arg) dos_new_client_conn(&or_conn, NULL); dos_new_client_conn(&or_conn, NULL); dos_new_client_conn(&or_conn, NULL); - entry = geoip_lookup_client(&or_conn.real_addr, NULL, GEOIP_CLIENT_CONNECT); + entry = geoip_lookup_client(&TO_CONN(&or_conn)->addr, NULL, + GEOIP_CLIENT_CONNECT); tt_assert(entry); /* We should have a count of 0. */ tt_uint_op(entry->dos_stats.concurrent_count, OP_EQ, 0); /* To make sure that his is working properly, make a unknown client * connection and see if we do get it. */ - tor_addr_parse(&or_conn.real_addr, "42.42.42.43"); - geoip_note_client_seen(GEOIP_CLIENT_CONNECT, &or_conn.real_addr, NULL, 0); + tor_addr_parse(&TO_CONN(&or_conn)->addr, "42.42.42.43"); + geoip_note_client_seen(GEOIP_CLIENT_CONNECT, &TO_CONN(&or_conn)->addr, + NULL, 0); dos_new_client_conn(&or_conn, NULL); dos_new_client_conn(&or_conn, NULL); - entry = geoip_lookup_client(&or_conn.real_addr, NULL, GEOIP_CLIENT_CONNECT); + entry = geoip_lookup_client(&TO_CONN(&or_conn)->addr, NULL, + GEOIP_CLIENT_CONNECT); tt_assert(entry); /* We should have a count of 2. */ tt_uint_op(entry->dos_stats.concurrent_count, OP_EQ, 2);