nihilist/tor
1
0
Fork 0
mirror of https://gitlab.torproject.org/tpo/core/tor.git synced 2024-11-27 22:03:31 +01:00
Code Issues Packages Projects Releases Wiki Activity

Merge branch 'bug8546_squashed'

Browse Source 
Conflicts:
	src/or/connection.c
	src/or/or.h
	src/or/relay.c
This commit is contained in:
Nick Mathewson 2015-01-16 09:31:50 -05:00
commit 4b23b398a3
10 changed files with 175 additions and 253 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
changes/bug8546 Normal file
View File

@ -0,0 +1,6 @@
o Code simplification and refactoring:
- Move fields related to isolating and configuring client ports
into a shared structure. Previously, they were duplicated across
port_cfg_t, listener_connection_t, and edge_connection_t.
Failure to copy one of them correctly had been the cause of at
least one bug in the past.

8
src/or/addressmap.c
View File

@ -676,10 +676,10 @@ client_dns_set_addressmap(entry_connection_t *for_conn,
return; /* If address was an IP address already, don't add a mapping. */
if (tor_addr_family(val) == AF_INET) {
if (! for_conn->cache_ipv4_answers)
if (! for_conn->entry_cfg.cache_ipv4_answers)
return;
} else if (tor_addr_family(val) == AF_INET6) {
if (! for_conn->cache_ipv6_answers)
if (! for_conn->entry_cfg.cache_ipv6_answers)
return;
}
@ -708,8 +708,8 @@ client_dns_set_reverse_addressmap(entry_connection_t *for_conn,
{
tor_addr_t tmp_addr;
sa_family_t f = tor_addr_parse(&tmp_addr, address);
if ((f == AF_INET && ! for_conn->cache_ipv4_answers) ||
(f == AF_INET6 && ! for_conn->cache_ipv6_answers))
if ((f == AF_INET && ! for_conn->entry_cfg.cache_ipv4_answers) ||
(f == AF_INET6 && ! for_conn->entry_cfg.cache_ipv6_answers))
return;
}
tor_asprintf(&s, "REVERSE[%s]", address);

88
src/or/config.c
View File

@ -5512,9 +5512,9 @@ static port_cfg_t *
port_cfg_new(void)
{
port_cfg_t *cfg = tor_malloc_zero(sizeof(port_cfg_t));
cfg->ipv4_traffic = 1;
cfg->cache_ipv4_answers = 1;
cfg->prefer_ipv6_virtaddr = 1;
cfg->entry_cfg.ipv4_traffic = 1;
cfg->entry_cfg.cache_ipv4_answers = 1;
cfg->entry_cfg.prefer_ipv6_virtaddr = 1;
return cfg;
}
@ -5721,10 +5721,10 @@ parse_port_config(smartlist_t *out,
cfg->type = listener_type;
cfg->port = mainport;
tor_addr_make_unspec(&cfg->addr); /* Server ports default to 0.0.0.0 */
cfg->no_listen = 1;
cfg->bind_ipv4_only = 1;
cfg->ipv4_traffic = 1;
cfg->prefer_ipv6_virtaddr = 1;
cfg->server_cfg.no_listen = 1;
cfg->server_cfg.bind_ipv4_only = 1;
cfg->entry_cfg.ipv4_traffic = 1;
cfg->entry_cfg.prefer_ipv6_virtaddr = 1;
smartlist_add(out, cfg);
}
@ -5741,9 +5741,9 @@ parse_port_config(smartlist_t *out,
cfg->type = listener_type;
cfg->port = port ? port : mainport;
tor_addr_copy(&cfg->addr, &addr);
cfg->session_group = SESSION_GROUP_UNSET;
cfg->isolation_flags = ISO_DEFAULT;
cfg->no_advertise = 1;
cfg->entry_cfg.session_group = SESSION_GROUP_UNSET;
cfg->entry_cfg.isolation_flags = ISO_DEFAULT;
cfg->server_cfg.no_advertise = 1;
smartlist_add(out, cfg);
}
}
@ -5767,8 +5767,8 @@ parse_port_config(smartlist_t *out,
cfg->type = listener_type;
cfg->port = defaultport;
tor_addr_parse(&cfg->addr, defaultaddr);
cfg->session_group = SESSION_GROUP_UNSET;
cfg->isolation_flags = ISO_DEFAULT;
cfg->entry_cfg.session_group = SESSION_GROUP_UNSET;
cfg->entry_cfg.isolation_flags = ISO_DEFAULT;
smartlist_add(out, cfg);
}
return 0;
@ -5998,24 +5998,24 @@ parse_port_config(smartlist_t *out,
tor_addr_copy(&cfg->addr, &addr);
cfg->port = port;
cfg->type = listener_type;
cfg->isolation_flags = isolation;
cfg->session_group = sessiongroup;
cfg->no_advertise = no_advertise;
cfg->no_listen = no_listen;
cfg->all_addrs = all_addrs;
cfg->bind_ipv4_only = bind_ipv4_only;
cfg->bind_ipv6_only = bind_ipv6_only;
cfg->ipv4_traffic = ipv4_traffic;
cfg->ipv6_traffic = ipv6_traffic;
cfg->prefer_ipv6 = prefer_ipv6;
cfg->cache_ipv4_answers = cache_ipv4;
cfg->cache_ipv6_answers = cache_ipv6;
cfg->use_cached_ipv4_answers = use_cached_ipv4;
cfg->use_cached_ipv6_answers = use_cached_ipv6;
cfg->prefer_ipv6_virtaddr = prefer_ipv6_automap;
cfg->socks_prefer_no_auth = prefer_no_auth;
cfg->entry_cfg.isolation_flags = isolation;
cfg->entry_cfg.session_group = sessiongroup;
cfg->server_cfg.no_advertise = no_advertise;
cfg->server_cfg.no_listen = no_listen;
cfg->server_cfg.all_addrs = all_addrs;
cfg->server_cfg.bind_ipv4_only = bind_ipv4_only;
cfg->server_cfg.bind_ipv6_only = bind_ipv6_only;
cfg->entry_cfg.ipv4_traffic = ipv4_traffic;
cfg->entry_cfg.ipv6_traffic = ipv6_traffic;
cfg->entry_cfg.prefer_ipv6 = prefer_ipv6;
cfg->entry_cfg.cache_ipv4_answers = cache_ipv4;
cfg->entry_cfg.cache_ipv6_answers = cache_ipv6;
cfg->entry_cfg.use_cached_ipv4_answers = use_cached_ipv4;
cfg->entry_cfg.use_cached_ipv6_answers = use_cached_ipv6;
cfg->entry_cfg.prefer_ipv6_virtaddr = prefer_ipv6_automap;
cfg->entry_cfg.socks_prefer_no_auth = prefer_no_auth;
if (! (isolation & ISO_SOCKSAUTH))
cfg->socks_prefer_no_auth = 1;
cfg->entry_cfg.socks_prefer_no_auth = 1;
smartlist_add(out, cfg);
}
@ -6089,10 +6089,10 @@ parse_unix_socket_config(smartlist_t *out, smartlist_t *defaults,
* now, some reasonable defaults.
*/
port->ipv4_traffic = 1;
port->ipv6_traffic = 1;
port->cache_ipv4_answers = 1;
port->cache_ipv6_answers = 1;
port->entry_cfg.ipv4_traffic = 1;
port->entry_cfg.ipv6_traffic = 1;
port->entry_cfg.cache_ipv4_answers = 1;
port->entry_cfg.cache_ipv6_answers = 1;
}
smartlist_add(ports_to_add, port);
} else {
@ -6142,7 +6142,7 @@ count_real_listeners(const smartlist_t *ports, int listenertype)
{
int n = 0;
SMARTLIST_FOREACH_BEGIN(ports, port_cfg_t *, port) {
if (port->no_listen || port->is_unix_addr)
if (port->server_cfg.no_listen || port->is_unix_addr)
continue;
if (port->type != listenertype)
continue;
@ -6327,25 +6327,25 @@ check_server_ports(const smartlist_t *ports,
SMARTLIST_FOREACH_BEGIN(ports, const port_cfg_t *, port) {
if (port->type == CONN_TYPE_DIR_LISTENER) {
if (! port->no_advertise)
if (! port->server_cfg.no_advertise)
++n_dirport_advertised;
if (! port->no_listen)
if (! port->server_cfg.no_listen)
++n_dirport_listeners;
} else if (port->type == CONN_TYPE_OR_LISTENER) {
if (! port->no_advertise) {
if (! port->server_cfg.no_advertise) {
++n_orport_advertised;
if (tor_addr_family(&port->addr) == AF_INET ||
(tor_addr_family(&port->addr) == AF_UNSPEC &&
!port->bind_ipv6_only))
!port->server_cfg.bind_ipv6_only))
++n_orport_advertised_ipv4;
}
if (! port->no_listen)
if (! port->server_cfg.no_listen)
++n_orport_listeners;
} else {
continue;
}
#ifndef _WIN32
if (!port->no_listen && port->port < 1024)
if (!port->server_cfg.no_listen && port->port < 1024)
++n_low_port;
#endif
} SMARTLIST_FOREACH_END(port);
@ -6423,7 +6423,7 @@ get_first_listener_addrport_string(int listener_type)
return NULL;
SMARTLIST_FOREACH_BEGIN(configured_ports, const port_cfg_t *, cfg) {
if (cfg->no_listen)
if (cfg->server_cfg.no_listen)
continue;
if (cfg->type == listener_type &&
@ -6470,12 +6470,12 @@ get_first_advertised_port_by_type_af(int listener_type, int address_family)
return 0;
SMARTLIST_FOREACH_BEGIN(configured_ports, const port_cfg_t *, cfg) {
if (cfg->type == listener_type &&
!cfg->no_advertise &&
!cfg->server_cfg.no_advertise &&
(tor_addr_family(&cfg->addr) == address_family ||
tor_addr_family(&cfg->addr) == AF_UNSPEC)) {
if (tor_addr_family(&cfg->addr) != AF_UNSPEC ||
(address_family == AF_INET && !cfg->bind_ipv6_only) ||
(address_family == AF_INET6 && !cfg->bind_ipv4_only)) {
(address_family == AF_INET && !cfg->server_cfg.bind_ipv6_only) ||
(address_family == AF_INET6 && !cfg->server_cfg.bind_ipv4_only)) {
return cfg->port;
}
}

59
src/or/connection.c
View File

@ -305,9 +305,9 @@ entry_connection_new(int type, int socket_family)
* in a little while. Otherwise, we're doing this as a linked connection
* of some kind, and we should set it up here based on the socket family */
if (socket_family == AF_INET)
entry_conn->ipv4_traffic_ok = 1;
entry_conn->entry_cfg.ipv4_traffic = 1;
else if (socket_family == AF_INET6)
entry_conn->ipv6_traffic_ok = 1;
entry_conn->entry_cfg.ipv6_traffic = 1;
else if (socket_family == AF_UNIX)
entry_conn->is_socks_socket = 1;
return entry_conn;
@ -1277,10 +1277,10 @@ connection_listener_new(const struct sockaddr *listensockaddr,
conn->port = gotPort;
tor_addr_copy(&conn->addr, &addr);
if (port_cfg->isolation_flags) {
lis_conn->isolation_flags = port_cfg->isolation_flags;
if (port_cfg->session_group >= 0) {
lis_conn->session_group = port_cfg->session_group;
if (port_cfg->entry_cfg.isolation_flags) {
lis_conn->entry_cfg.isolation_flags = port_cfg->entry_cfg.isolation_flags;
if (port_cfg->entry_cfg.session_group >= 0) {
lis_conn->entry_cfg.session_group = port_cfg->entry_cfg.session_group;
} else {
/* This can wrap after around INT_MAX listeners are opened. But I don't
* believe that matters, since you would need to open a ridiculous
@ -1288,23 +1288,17 @@ connection_listener_new(const struct sockaddr *listensockaddr,
* hit this. An OR with a dozen ports open, for example, would have to
* close and re-open its listeners every second for 4 years nonstop.
*/
lis_conn->session_group = global_next_session_group--;
lis_conn->entry_cfg.session_group = global_next_session_group--;
}
}
if (type == CONN_TYPE_AP_LISTENER) {
lis_conn->socks_ipv4_traffic = port_cfg->ipv4_traffic;
lis_conn->socks_ipv6_traffic = port_cfg->ipv6_traffic;
lis_conn->socks_prefer_ipv6 = port_cfg->prefer_ipv6;
} else {
lis_conn->socks_ipv4_traffic = 1;
lis_conn->socks_ipv6_traffic = 1;
memcpy(&lis_conn->entry_cfg, &port_cfg->entry_cfg, sizeof(entry_port_cfg_t));
if (type != CONN_TYPE_AP_LISTENER) {
lis_conn->entry_cfg.ipv4_traffic = 1;
lis_conn->entry_cfg.ipv6_traffic = 1;
lis_conn->entry_cfg.prefer_ipv6 = 0;
}
lis_conn->cache_ipv4_answers = port_cfg->cache_ipv4_answers;
lis_conn->cache_ipv6_answers = port_cfg->cache_ipv6_answers;
lis_conn->use_cached_ipv4_answers = port_cfg->use_cached_ipv4_answers;
lis_conn->use_cached_ipv6_answers = port_cfg->use_cached_ipv6_answers;
lis_conn->prefer_ipv6_virtaddr = port_cfg->prefer_ipv6_virtaddr;
lis_conn->socks_prefer_no_auth = port_cfg->socks_prefer_no_auth;
if (connection_add(conn) < 0) { /* no space, forget it */
log_warn(LD_NET,"connection_add for listener failed. Giving up.");
@ -1502,15 +1496,11 @@ connection_handle_listener_read(connection_t *conn, int new_type)
if (new_type == CONN_TYPE_AP && conn->socket_family != AF_UNIX) {
log_info(LD_NET, "New SOCKS connection opened from %s.",
fmt_and_decorate_addr(&addr));
TO_ENTRY_CONN(newconn)->socks_request->socks_prefer_no_auth =
TO_LISTENER_CONN(conn)->socks_prefer_no_auth;
}
if (new_type == CONN_TYPE_AP && conn->socket_family == AF_UNIX) {
newconn->port = 0;
newconn->address = tor_strdup(conn->address);
log_info(LD_NET, "New SOCKS SocksSocket connection opened");
TO_ENTRY_CONN(newconn)->socks_request->socks_prefer_no_auth =
TO_LISTENER_CONN(conn)->socks_prefer_no_auth;
}
if (new_type == CONN_TYPE_CONTROL) {
log_notice(LD_CONTROL, "New control connection opened from %s.",
@ -1572,25 +1562,16 @@ connection_init_accepted_conn(connection_t *conn,
return rv;
break;
case CONN_TYPE_AP:
TO_ENTRY_CONN(conn)->isolation_flags = listener->isolation_flags;
TO_ENTRY_CONN(conn)->session_group = listener->session_group;
memcpy(&TO_ENTRY_CONN(conn)->entry_cfg, &listener->entry_cfg,
sizeof(entry_port_cfg_t));
TO_ENTRY_CONN(conn)->nym_epoch = get_signewnym_epoch();
TO_ENTRY_CONN(conn)->socks_request->listener_type = listener->base_.type;
TO_ENTRY_CONN(conn)->ipv4_traffic_ok = listener->socks_ipv4_traffic;
TO_ENTRY_CONN(conn)->ipv6_traffic_ok = listener->socks_ipv6_traffic;
TO_ENTRY_CONN(conn)->prefer_ipv6_traffic = listener->socks_prefer_ipv6;
TO_ENTRY_CONN(conn)->cache_ipv4_answers = listener->cache_ipv4_answers;
TO_ENTRY_CONN(conn)->cache_ipv6_answers = listener->cache_ipv6_answers;
TO_ENTRY_CONN(conn)->use_cached_ipv4_answers =
listener->use_cached_ipv4_answers;
TO_ENTRY_CONN(conn)->use_cached_ipv6_answers =
listener->use_cached_ipv6_answers;
TO_ENTRY_CONN(conn)->prefer_ipv6_virtaddr =
listener->prefer_ipv6_virtaddr;
switch (TO_CONN(listener)->type) {
case CONN_TYPE_AP_LISTENER:
conn->state = AP_CONN_STATE_SOCKS_WAIT;
TO_ENTRY_CONN(conn)->socks_request->socks_prefer_no_auth =
listener->entry_cfg.socks_prefer_no_auth;
break;
case CONN_TYPE_AP_TRANS_LISTENER:
TO_ENTRY_CONN(conn)->is_transparent_ap = 1;
@ -2273,7 +2254,7 @@ retry_listener_ports(smartlist_t *old_conns,
(conn->socket_family == AF_UNIX && ! wanted->is_unix_addr))
continue;
if (wanted->no_listen)
if (wanted->server_cfg.no_listen)
continue; /* We don't want to open a listener for this one */
if (wanted->is_unix_addr) {
@ -2314,7 +2295,7 @@ retry_listener_ports(smartlist_t *old_conns,
connection_t *conn;
int real_port = port->port == CFG_AUTO_PORT ? 0 : port->port;
tor_assert(real_port <= UINT16_MAX);
if (port->no_listen)
if (port->server_cfg.no_listen)
continue;
if (port->is_unix_addr) {

52
src/or/connection_edge.c
View File

@ -968,9 +968,9 @@ connection_ap_handshake_rewrite_and_attach(entry_connection_t *conn,
const char *new_addr;
int addr_type = RESOLVED_TYPE_IPV4;
if (conn->socks_request->socks_version != 4) {
if (!conn->ipv4_traffic_ok ||
(conn->ipv6_traffic_ok && conn->prefer_ipv6_traffic) ||
conn->prefer_ipv6_virtaddr)
if (!conn->entry_cfg.ipv4_traffic ||
(conn->entry_cfg.ipv6_traffic && conn->entry_cfg.prefer_ipv6) ||
conn->entry_cfg.prefer_ipv6_virtaddr)
addr_type = RESOLVED_TYPE_IPV6;
}
new_addr = addressmap_register_virtual_address(
@ -990,9 +990,9 @@ connection_ap_handshake_rewrite_and_attach(entry_connection_t *conn,
if (socks->command == SOCKS_COMMAND_RESOLVE_PTR) {
unsigned rewrite_flags = 0;
if (conn->use_cached_ipv4_answers)
if (conn->entry_cfg.use_cached_ipv4_answers)
rewrite_flags |= AMR_FLAG_USE_IPV4_DNS;
if (conn->use_cached_ipv6_answers)
if (conn->entry_cfg.use_cached_ipv6_answers)
rewrite_flags |= AMR_FLAG_USE_IPV6_DNS;
if (addressmap_rewrite_reverse(socks->address, sizeof(socks->address),
@ -1028,9 +1028,9 @@ connection_ap_handshake_rewrite_and_attach(entry_connection_t *conn,
} else if (!automap) {
/* For address map controls, remap the address. */
unsigned rewrite_flags = 0;
if (conn->use_cached_ipv4_answers)
if (conn->entry_cfg.use_cached_ipv4_answers)
rewrite_flags |= AMR_FLAG_USE_IPV4_DNS;
if (conn->use_cached_ipv6_answers)
if (conn->entry_cfg.use_cached_ipv6_answers)
rewrite_flags |= AMR_FLAG_USE_IPV6_DNS;
if (addressmap_rewrite(socks->address, sizeof(socks->address),
rewrite_flags, &map_expires, &exit_source)) {
@ -1235,8 +1235,8 @@ connection_ap_handshake_rewrite_and_attach(entry_connection_t *conn,
/* XXX Duplicate call to tor_addr_parse. */
if (tor_addr_parse(&addr, socks->address) >= 0) {
sa_family_t family = tor_addr_family(&addr);
if ((family == AF_INET && ! conn->ipv4_traffic_ok) ||
(family == AF_INET6 && ! conn->ipv4_traffic_ok)) {
if ((family == AF_INET && ! conn->entry_cfg.ipv4_traffic) ||
(family == AF_INET6 && ! conn->entry_cfg.ipv4_traffic)) {
log_warn(LD_NET, "Rejecting SOCKS request for an IP address "
"family that this listener does not support.");
connection_mark_unattached_ap(conn, END_STREAM_REASON_ENTRYPOLICY);
@ -1245,21 +1245,21 @@ connection_ap_handshake_rewrite_and_attach(entry_connection_t *conn,
log_warn(LD_NET, "Rejecting SOCKS4 request for an IPv6 address.");
connection_mark_unattached_ap(conn, END_STREAM_REASON_ENTRYPOLICY);
return -1;
} else if (socks->socks_version == 4 && !conn->ipv4_traffic_ok) {
} else if (socks->socks_version == 4 && !conn->entry_cfg.ipv4_traffic) {
log_warn(LD_NET, "Rejecting SOCKS4 request on a listener with "
"no IPv4 traffic supported.");
connection_mark_unattached_ap(conn, END_STREAM_REASON_ENTRYPOLICY);
return -1;
} else if (family == AF_INET6) {
conn->ipv4_traffic_ok = 0;
conn->entry_cfg.ipv4_traffic = 0;
} else if (family == AF_INET) {
conn->ipv6_traffic_ok = 0;
conn->entry_cfg.ipv6_traffic = 0;
}
}
}
if (socks->socks_version == 4)
conn->ipv6_traffic_ok = 0;
conn->entry_cfg.ipv6_traffic = 0;
if (!conn->use_begindir && !conn->chosen_exit_name && !circ) {
/* see if we can find a suitable enclave exit */
@ -1826,19 +1826,19 @@ connection_ap_get_begincell_flags(entry_connection_t *ap_conn)
return 0;
/* If only IPv4 is supported, no flags */
if (ap_conn->ipv4_traffic_ok && !ap_conn->ipv6_traffic_ok)
if (ap_conn->entry_cfg.ipv4_traffic && !ap_conn->entry_cfg.ipv6_traffic)
return 0;
if (! cpath_layer ||
! cpath_layer->extend_info)
return 0;
if (!ap_conn->ipv4_traffic_ok)
if (!ap_conn->entry_cfg.ipv4_traffic)
flags |= BEGIN_FLAG_IPV4_NOT_OK;
exitnode = node_get_by_id(cpath_layer->extend_info->identity_digest);
if (ap_conn->ipv6_traffic_ok && exitnode) {
if (ap_conn->entry_cfg.ipv6_traffic && exitnode) {
tor_addr_t a;
tor_addr_make_null(&a, AF_INET6);
if (compare_tor_addr_to_node_policy(&a, ap_conn->socks_request->port,
@ -1853,7 +1853,7 @@ connection_ap_get_begincell_flags(entry_connection_t *ap_conn)
if (flags == BEGIN_FLAG_IPV6_OK) {
/* When IPv4 and IPv6 are both allowed, consider whether to say we
* prefer IPv6. Otherwise there's no point in declaring a preference */
if (ap_conn->prefer_ipv6_traffic)
if (ap_conn->entry_cfg.prefer_ipv6)
flags |= BEGIN_FLAG_IPV6_PREFERRED;
}
@ -2090,8 +2090,8 @@ connection_ap_make_link(connection_t *partner,
/* Populate isolation fields. */
conn->socks_request->listener_type = CONN_TYPE_DIR_LISTENER;
conn->original_dest_address = tor_strdup(address);
conn->session_group = session_group;
conn->isolation_flags = isolation_flags;
conn->entry_cfg.session_group = session_group;
conn->entry_cfg.isolation_flags = isolation_flags;
base_conn->address = tor_strdup("(Tor_internal)");
tor_addr_make_unspec(&base_conn->addr);
@ -2947,10 +2947,10 @@ connection_ap_can_use_exit(const entry_connection_t *conn, const node_t *exit)
addr_policy_result_t r;
if (0 == tor_addr_parse(&addr, conn->socks_request->address)) {
addrp = &addr;
} else if (!conn->ipv4_traffic_ok && conn->ipv6_traffic_ok) {
} else if (!conn->entry_cfg.ipv4_traffic && conn->entry_cfg.ipv6_traffic) {
tor_addr_make_null(&addr, AF_INET6);
addrp = &addr;
} else if (conn->ipv4_traffic_ok && !conn->ipv6_traffic_ok) {
} else if (conn->entry_cfg.ipv4_traffic && !conn->entry_cfg.ipv6_traffic) {
tor_addr_make_null(&addr, AF_INET);
addrp = &addr;
}
@ -3056,7 +3056,7 @@ int
connection_edge_compatible_with_circuit(const entry_connection_t *conn,
const origin_circuit_t *circ)
{
const uint8_t iso = conn->isolation_flags;
const uint8_t iso = conn->entry_cfg.isolation_flags;
const socks_request_t *sr = conn->socks_request;
/* If circ has never been used for an isolated connection, we can
@ -3105,7 +3105,7 @@ connection_edge_compatible_with_circuit(const entry_connection_t *conn,
if ((iso & ISO_CLIENTADDR) &&
!tor_addr_eq(&ENTRY_TO_CONN(conn)->addr, &circ->client_addr))
return 0;
if ((iso & ISO_SESSIONGRP) && conn->session_group != circ->session_group)
if ((iso & ISO_SESSIONGRP) && conn->entry_cfg.session_group != circ->session_group)
return 0;
if ((iso & ISO_NYM_EPOCH) && conn->nym_epoch != circ->nym_epoch)
return 0;
@ -3144,7 +3144,7 @@ connection_edge_update_circuit_isolation(const entry_connection_t *conn,
circ->client_proto_type = conn->socks_request->listener_type;
circ->client_proto_socksver = conn->socks_request->socks_version;
tor_addr_copy(&circ->client_addr, &ENTRY_TO_CONN(conn)->addr);
circ->session_group = conn->session_group;
circ->session_group = conn->entry_cfg.session_group;
circ->nym_epoch = conn->nym_epoch;
circ->socks_username = sr->username ?
tor_memdup(sr->username, sr->usernamelen) : NULL;
@ -3171,7 +3171,7 @@ connection_edge_update_circuit_isolation(const entry_connection_t *conn,
mixed |= ISO_CLIENTPROTO;
if (!tor_addr_eq(&ENTRY_TO_CONN(conn)->addr, &circ->client_addr))
mixed |= ISO_CLIENTADDR;
if (conn->session_group != circ->session_group)
if (conn->entry_cfg.session_group != circ->session_group)
mixed |= ISO_SESSIONGRP;
if (conn->nym_epoch != circ->nym_epoch)
mixed |= ISO_NYM_EPOCH;
@ -3179,7 +3179,7 @@ connection_edge_update_circuit_isolation(const entry_connection_t *conn,
if (dry_run)
return mixed;
if ((mixed & conn->isolation_flags) != 0) {
if ((mixed & conn->entry_cfg.isolation_flags) != 0) {
log_warn(LD_BUG, "Updating a circuit with seemingly incompatible "
"isolation flags.");
}

20
src/or/dnsserv.c
View File

@ -141,13 +141,13 @@ evdns_server_callback(struct evdns_server_request *req, void *data_)
}
if (q->type == EVDNS_TYPE_A || q->type == EVDNS_QTYPE_ALL) {
entry_conn->ipv4_traffic_ok = 1;
entry_conn->ipv6_traffic_ok = 0;
entry_conn->prefer_ipv6_traffic = 0;
entry_conn->entry_cfg.ipv4_traffic = 1;
entry_conn->entry_cfg.ipv6_traffic = 0;
entry_conn->entry_cfg.prefer_ipv6 = 0;
} else if (q->type == EVDNS_TYPE_AAAA) {
entry_conn->ipv4_traffic_ok = 0;
entry_conn->ipv6_traffic_ok = 1;
entry_conn->prefer_ipv6_traffic = 1;
entry_conn->entry_cfg.ipv4_traffic = 0;
entry_conn->entry_cfg.ipv6_traffic = 1;
entry_conn->entry_cfg.prefer_ipv6 = 1;
}
strlcpy(entry_conn->socks_request->address, q->name,
@ -155,8 +155,8 @@ evdns_server_callback(struct evdns_server_request *req, void *data_)
entry_conn->socks_request->listener_type = listener->base_.type;
entry_conn->dns_server_request = req;
entry_conn->isolation_flags = listener->isolation_flags;
entry_conn->session_group = listener->session_group;
entry_conn->entry_cfg.isolation_flags = listener->entry_cfg.isolation_flags;
entry_conn->entry_cfg.session_group = listener->entry_cfg.session_group;
entry_conn->nym_epoch = get_signewnym_epoch();
if (connection_add(ENTRY_TO_CONN(entry_conn)) < 0) {
@ -232,9 +232,9 @@ dnsserv_launch_request(const char *name, int reverse,
entry_conn->socks_request->listener_type = CONN_TYPE_CONTROL_LISTENER;
entry_conn->original_dest_address = tor_strdup(name);
entry_conn->session_group = SESSION_GROUP_CONTROL_RESOLVE;
entry_conn->entry_cfg.session_group = SESSION_GROUP_CONTROL_RESOLVE;
entry_conn->nym_epoch = get_signewnym_epoch();
entry_conn->isolation_flags = ISO_DEFAULT;
entry_conn->entry_cfg.isolation_flags = ISO_DEFAULT;
if (connection_add(TO_CONN(conn))<0) {
log_warn(LD_APP, "Couldn't register dummy connection for RESOLVE request");

165
src/or/or.h
View File

@ -1143,6 +1143,51 @@ typedef struct socks_request_t socks_request_t;
#define generic_buffer_t buf_t
#endif
typedef struct entry_port_cfg_t {
/* Client port types (socks, dns, trans, natd) only: */
uint8_t isolation_flags; /**< Zero or more isolation flags */
int session_group; /**< A session group, or -1 if this port is not in a
* session group. */
/* Socks only: */
/** When both no-auth and user/pass are advertised by a SOCKS client, select
* no-auth. */
unsigned int socks_prefer_no_auth : 1;
/* Client port types only: */
unsigned int ipv4_traffic : 1;
unsigned int ipv6_traffic : 1;
unsigned int prefer_ipv6 : 1;
/** For a socks listener: should we cache IPv4/IPv6 DNS information that
* exit nodes tell us?
*
* @{ */
unsigned int cache_ipv4_answers : 1;
unsigned int cache_ipv6_answers : 1;
/** @} */
/** For a socks listeners: if we find an answer in our client-side DNS cache,
* should we use it?
*
* @{ */
unsigned int use_cached_ipv4_answers : 1;
unsigned int use_cached_ipv6_answers : 1;
/** @} */
/** For socks listeners: When we can automap an address to IPv4 or IPv6,
* do we prefer IPv6? */
unsigned int prefer_ipv6_virtaddr : 1;
} entry_port_cfg_t;
typedef struct server_port_cfg_t {
/* Server port types (or, dir) only: */
unsigned int no_advertise : 1;
unsigned int no_listen : 1;
unsigned int all_addrs : 1;
unsigned int bind_ipv4_only : 1;
unsigned int bind_ipv6_only : 1;
} server_port_cfg_t;
/* Values for connection_t.magic: used to make sure that downcasts (casts from
* connection_t to foo_connection_t) are safe. */
#define BASE_CONNECTION_MAGIC 0x7C3C304Eu
@ -1278,52 +1323,7 @@ typedef struct listener_connection_t {
* to the evdns_server_port it uses to listen to and answer connections. */
struct evdns_server_port *dns_server_port;
/** @name Isolation parameters
*
* For an AP listener, these fields describe how to isolate streams that
* arrive on the listener.
*
* @{
*/
/** The session group for this listener. */
int session_group;
/** One or more ISO_ flags to describe how to isolate streams. */
uint8_t isolation_flags;
/**@}*/
/** For SOCKS connections only: If this is set, we will choose "no
* authentication" instead of "username/password" authentication if both
* are offered. Used as input to parse_socks. */
unsigned int socks_prefer_no_auth : 1;
/** For a SOCKS listeners, these fields describe whether we should
* allow IPv4 and IPv6 addresses from our exit nodes, respectively.
*
* @{
*/
unsigned int socks_ipv4_traffic : 1;
unsigned int socks_ipv6_traffic : 1;
/** @} */
/** For a socks listener: should we tell the exit that we prefer IPv6
* addresses? */
unsigned int socks_prefer_ipv6 : 1;
/** For a socks listener: should we cache IPv4/IPv6 DNS information that
* exit nodes tell us?
*
* @{ */
unsigned int cache_ipv4_answers : 1;
unsigned int cache_ipv6_answers : 1;
/** @} */
/** For a socks listeners: if we find an answer in our client-side DNS cache,
* should we use it?
*
* @{ */
unsigned int use_cached_ipv4_answers : 1;
unsigned int use_cached_ipv6_answers : 1;
/** @} */
/** For socks listeners: When we can automap an address to IPv4 or IPv6,
* do we prefer IPv6? */
unsigned int prefer_ipv6_virtaddr : 1;
entry_port_cfg_t entry_cfg;
} listener_connection_t;
@ -1611,12 +1611,10 @@ typedef struct entry_connection_t {
* only.) */
/* === Isolation related, AP only. === */
/** AP only: based on which factors do we isolate this stream? */
uint8_t isolation_flags;
/** AP only: what session group is this stream in? */
int session_group;
entry_port_cfg_t entry_cfg;
/** AP only: The newnym epoch in which we created this connection. */
unsigned nym_epoch;
/** AP only: The original requested address before we rewrote it. */
char *original_dest_address;
/* Other fields to isolate on already exist. The ClientAddr is addr. The
@ -1675,36 +1673,8 @@ typedef struct entry_connection_t {
*/
unsigned int may_use_optimistic_data : 1;
/** Should we permit IPv4 and IPv6 traffic to use this connection?
*
* @{ */
unsigned int ipv4_traffic_ok : 1;
unsigned int ipv6_traffic_ok : 1;
/** @} */
/** Should we say we prefer IPv6 traffic? */
unsigned int prefer_ipv6_traffic : 1;
/** For a socks listener: should we cache IPv4/IPv6 DNS information that
* exit nodes tell us?
*
* @{ */
unsigned int cache_ipv4_answers : 1;
unsigned int cache_ipv6_answers : 1;
/** @} */
/** For a socks listeners: if we find an answer in our client-side DNS cache,
* should we use it?
*
* @{ */
unsigned int use_cached_ipv4_answers : 1;
unsigned int use_cached_ipv6_answers : 1;
/** @} */
/** For socks listeners: When we can automap an address to IPv4 or IPv6,
* do we prefer IPv6? */
unsigned int prefer_ipv6_virtaddr : 1;
/** Are we a socks SocksSocket listener? */
unsigned int is_socks_socket:1;
} entry_connection_t;
typedef enum {
@ -3345,44 +3315,9 @@ typedef struct port_cfg_t {
uint8_t type; /**< One of CONN_TYPE_*_LISTENER */
unsigned is_unix_addr : 1; /**< True iff this is an AF_UNIX address. */
/* Client port types (socks, dns, trans, natd) only: */
uint8_t isolation_flags; /**< Zero or more isolation flags */
int session_group; /**< A session group, or -1 if this port is not in a
* session group. */
/* Socks only: */
/** When both no-auth and user/pass are advertised by a SOCKS client, select
* no-auth. */
unsigned int socks_prefer_no_auth : 1;
entry_port_cfg_t entry_cfg;
/* Server port types (or, dir) only: */
unsigned int no_advertise : 1;
unsigned int no_listen : 1;
unsigned int all_addrs : 1;
unsigned int bind_ipv4_only : 1;
unsigned int bind_ipv6_only : 1;
/* Client port types only: */
unsigned int ipv4_traffic : 1;
unsigned int ipv6_traffic : 1;
unsigned int prefer_ipv6 : 1;
/** For a socks listener: should we cache IPv4/IPv6 DNS information that
* exit nodes tell us?
*
* @{ */
unsigned int cache_ipv4_answers : 1;
unsigned int cache_ipv6_answers : 1;
/** @} */
/** For a socks listeners: if we find an answer in our client-side DNS cache,
* should we use it?
*
* @{ */
unsigned int use_cached_ipv4_answers : 1;
unsigned int use_cached_ipv6_answers : 1;
/** @} */
/** For socks listeners: When we can automap an address to IPv4 or IPv6,
* do we prefer IPv6? */
unsigned int prefer_ipv6_virtaddr : 1;
server_port_cfg_t server_cfg;
/* Unix sockets only: */
/** Path for an AF_UNIX address */

14
src/or/relay.c
View File

@ -804,8 +804,8 @@ connection_ap_process_end_not_open(
return 0;
}
if ((tor_addr_family(&addr) == AF_INET && !conn->ipv4_traffic_ok) ||
(tor_addr_family(&addr) == AF_INET6 && !conn->ipv6_traffic_ok)) {
if ((tor_addr_family(&addr) == AF_INET && !conn->entry_cfg.ipv4_traffic) ||
(tor_addr_family(&addr) == AF_INET6 && !conn->entry_cfg.ipv6_traffic)) {
log_fn(LOG_PROTOCOL_WARN, LD_APP,
"Got an EXITPOLICY failure on a connection with a "
"mismatched family. Closing.");
@ -1156,11 +1156,11 @@ connection_ap_handshake_socks_got_resolved_cell(entry_connection_t *conn,
addr_hostname = addr;
}
} else if (tor_addr_family(&addr->addr) == AF_INET) {
if (!addr_ipv4 && conn->ipv4_traffic_ok) {
if (!addr_ipv4 && conn->entry_cfg.ipv4_traffic) {
addr_ipv4 = addr;
}
} else if (tor_addr_family(&addr->addr) == AF_INET6) {
if (!addr_ipv6 && conn->ipv6_traffic_ok) {
if (!addr_ipv6 && conn->entry_cfg.ipv6_traffic) {
addr_ipv6 = addr;
}
}
@ -1181,7 +1181,7 @@ connection_ap_handshake_socks_got_resolved_cell(entry_connection_t *conn,
return;
}
if (conn->prefer_ipv6_traffic) {
if (conn->entry_cfg.prefer_ipv6) {
addr_best = addr_ipv6 ? addr_ipv6 : addr_ipv4;
} else {
addr_best = addr_ipv4 ? addr_ipv4 : addr_ipv6;
@ -1327,8 +1327,8 @@ connection_edge_process_relay_cell_not_open(
return 0;
}
if (((family == AF_INET && ! entry_conn->ipv4_traffic_ok) ||
(family == AF_INET6 && ! entry_conn->ipv6_traffic_ok))) {
if ((family == AF_INET && ! entry_conn->entry_cfg.ipv4_traffic) ||
(family == AF_INET6 && ! entry_conn->entry_cfg.ipv6_traffic)) {
log_fn(LOG_PROTOCOL_WARN, LD_APP,
"Got a connected cell to %s with unsupported address family."
" Closing.", fmt_addr(&addr));

4
src/or/router.c
View File

@ -1848,8 +1848,8 @@ router_rebuild_descriptor(int force)
const port_cfg_t *ipv6_orport = NULL;
SMARTLIST_FOREACH_BEGIN(get_configured_ports(), const port_cfg_t *, p) {
if (p->type == CONN_TYPE_OR_LISTENER &&
! p->no_advertise &&
! p->bind_ipv4_only &&
! p->server_cfg.no_advertise &&
! p->server_cfg.bind_ipv4_only &&
tor_addr_family(&p->addr) == AF_INET6) {
if (! tor_addr_is_internal(&p->addr, 0)) {
ipv6_orport = p;

12
src/test/test_relaycell.c
View File

@ -137,9 +137,9 @@ test_relaycell_resolved(void *arg)
/* Now put it in the right state. */
ENTRY_TO_CONN(entryconn)->state = AP_CONN_STATE_RESOLVE_WAIT;
entryconn->socks_request->command = SOCKS_COMMAND_RESOLVE;
entryconn->ipv4_traffic_ok = 1;
entryconn->ipv6_traffic_ok = 1;
entryconn->prefer_ipv6_traffic = 0;
entryconn->entry_cfg.ipv4_traffic = 1;
entryconn->entry_cfg.ipv6_traffic = 1;
entryconn->entry_cfg.prefer_ipv6 = 0;
/* We prefer ipv4, so we should get the first ipv4 answer */
MOCK_RESET();
@ -159,7 +159,7 @@ test_relaycell_resolved(void *arg)
ASSERT_RESOLVED_CALLED(RESOLVED_TYPE_IPV4, "\x12\x00\x00\x01", 512, -1);
/* now prefer ipv6, and get the first ipv6 answer */
entryconn->prefer_ipv6_traffic = 1;
entryconn->entry_cfg.prefer_ipv6 = 1;
MOCK_RESET();
r = connection_edge_process_resolved_cell(edgeconn, &cell, &rh);
tt_int_op(r, OP_EQ, 0);
@ -182,7 +182,7 @@ test_relaycell_resolved(void *arg)
/* But if we don't allow IPv4, we report nothing if the cell contains only
* ipv4 */
MOCK_RESET();
entryconn->ipv4_traffic_ok = 0;
entryconn->entry_cfg.ipv4_traffic = 0;
r = connection_edge_process_resolved_cell(edgeconn, &cell, &rh);
tt_int_op(r, OP_EQ, 0);
ASSERT_MARK_CALLED(END_STREAM_REASON_DONE|
@ -191,7 +191,7 @@ test_relaycell_resolved(void *arg)
/* If we wanted hostnames, we report nothing, since we only had IPs. */
MOCK_RESET();
entryconn->ipv4_traffic_ok = 1;
entryconn->entry_cfg.ipv4_traffic = 1;
entryconn->socks_request->command = SOCKS_COMMAND_RESOLVE_PTR;
r = connection_edge_process_resolved_cell(edgeconn, &cell, &rh);
tt_int_op(r, OP_EQ, 0);