r18345@catbus: nickm | 2008-02-21 13:45:04 -0500

Do the last part of arma's fix for bug 437: Track the origin of every addrmap, and use this info so we can remove all the trackhostexits-originated mappings for a given exit.


svn:r13660

ChangeLog

@@ -3,6 +3,8 @@ Changes in version 0.2.0.20-?? - 2008-02-??
     - Start choosing which bridge to use proportional to its advertised
       bandwidth, rather than uniformly at random. This should speed up Tor
       for bridge users. Also do this for people who set StrictEntryNodes.
+    - When a TrackHostExits-chosen exit fails too many times in a row,
+      stop using it.  Bugfix on 0.1.2.x.  Fixes bug 437.
 
   o Major bugfixes:
     - Resolved problems with (re-)fetching hidden service descriptors.

doc/TODO

@@ -114,7 +114,7 @@ R   . FAQ entry which is wrong
       non-encrypted request
   o write a tor-gencert man page
 
-  . geoip caching and publishing for bridges
+N . geoip caching and publishing for bridges
     d Track consecutive time up, not time since last-forgotten IP.
     - Mention in dir-spec.txt
     - Mention in control-spec.txt

src/common/container.h

@@ -286,6 +286,13 @@ DECLARE_MAP_FNS(digestmap_t, const char *, digestmap_);
 /** Used to end a DIGESTMAP_FOREACH() block. */
 #define DIGESTMAP_FOREACH_END MAP_FOREACH_END
 
+#define STRMAP_FOREACH(map, keyvar, valtype, valvar)                 \
+  MAP_FOREACH(strmap_, map, const char *, keyvar, valtype, valvar)
+#define STRMAP_FOREACH_MODIFY(map, keyvar, valtype, valvar)          \
+  MAP_FOREACH_MODIFY(strmap_, map, const char *, keyvar, valtype, valvar)
+#define STRMAP_FOREACH_END MAP_FOREACH_END
+
+
 void* strmap_set_lc(strmap_t *map, const char *key, void *val);
 void* strmap_get_lc(const strmap_t *map, const char *key);
 void* strmap_remove_lc(strmap_t *map, const char *key);

src/common/torint.h

@@ -267,6 +267,16 @@ typedef uint32_t uintptr_t;
 #endif
 #endif
 
+#ifndef SHORT_MAX
+#if (SIZEOF_SHORT == 2)
+#define SHORT_MAX 0x7fff
+#elif (SIZEOF_SHORT == 4)
+#define SHORT_MAX 0x7fffffff
+#else
+#error "Can't define SHORT_MAX"
+#endif
+#endif
+
 #ifndef TIME_MAX
 
 #ifdef TIME_T_IS_SIGNED

src/or/circuituse.c

@@ -1212,7 +1212,8 @@ consider_recording_trackhost(edge_connection_t *conn, origin_circuit_t *circ)
                conn->socks_request->address, fp);
 
   addressmap_register(conn->socks_request->address, new_address,
-                      time(NULL) + options->TrackHostExitsExpire);
+                      time(NULL) + options->TrackHostExitsExpire,
+                      ADDRMAPSRC_TRACKEXIT);
 }
 
 /** Attempt to attach the connection <b>conn</b> to <b>circ</b>, and send a

src/or/config.c

@@ -3706,7 +3706,7 @@ config_register_addressmaps(or_options_t *options)
         log_warn(LD_CONFIG,
                  "Skipping invalid argument '%s' to MapAddress", to);
       } else {
-        addressmap_register(from, tor_strdup(to), 0);
+        addressmap_register(from, tor_strdup(to), 0, ADDRMAPSRC_TORRC);
         if (smartlist_len(elts)>2) {
           log_warn(LD_CONFIG,"Ignoring extra arguments to MapAddress.");
         }

src/or/connection_edge.c

@@ -33,6 +33,7 @@ static int connection_ap_process_natd(edge_connection_t *conn);
 static int connection_exit_connect_dir(edge_connection_t *exitconn);
 static int address_is_in_virtual_range(const char *addr);
 static int consider_plaintext_ports(edge_connection_t *conn, uint16_t port);
+static void clear_trackexithost_mappings(const char *exitname);
 
 /** An AP stream has failed/finished. If it hasn't already sent back
  * a socks reply, send one now (based on endreason). Also set
@@ -493,8 +494,7 @@ circuit_discard_optional_exit_enclaves(extend_info_t *info)
     }
     if (conn->chosen_exit_retries) {
       if (--conn->chosen_exit_retries == 0) { /* give up! */
-        /* XXX020rc unregister maps from foo to
+        clear_trackexithost_mappings(edge_conn->chosen_exit_name);
-         * foo.chosen_exit_name.exit \forall foo. -RD */
         tor_free(edge_conn->chosen_exit_name); /* clears it */
         /* if this port is dangerous, warn or reject it now that we don't
          * think it'll be using an enclave. */
@@ -551,7 +551,8 @@ connection_ap_detach_retriable(edge_connection_t *conn, origin_circuit_t *circ,
 typedef struct {
   char *new_address;
   time_t expires;
-  int num_resolve_failures;
+  addressmap_entry_source_t source:3;
+  short num_resolve_failures;
 } addressmap_entry_t;
 
 /** Entry for mapping addresses to which virtual address we mapped them to. */
@@ -632,6 +633,28 @@ addressmap_ent_remove(const char *address, addressmap_entry_t *ent)
   addressmap_ent_free(ent);
 }
 
+/** Unregister all TrackHostExits mappings from any address to
+ * *.exitname.exit. */
+static void
+clear_trackexithost_mappings(const char *exitname)
+{
+  char *suffix;
+  size_t suffix_len;
+  if (!addressmap || !exitname)
+    return;
+  suffix_len = strlen(exitname) + 16;
+  suffix = tor_malloc(suffix_len);
+  tor_snprintf(suffix, suffix_len, ".%s.exit", exitname);
+  tor_strlower(suffix);
+
+  STRMAP_FOREACH_MODIFY(addressmap, address, addressmap_entry_t *, ent) {
+    if (ent->source == ADDRMAPSRC_TRACKEXIT && !strcmpend(address, suffix)) {
+      addressmap_ent_remove(address, ent);
+      MAP_DEL_CURRENT(address);
+    }
+  } STRMAP_FOREACH_END;
+}
+
 /** Remove all entries from the addressmap that were set via the
  * configuration file or the command line. */
 void
@@ -761,7 +784,8 @@ addressmap_have_mapping(const char *address)
  * any mappings that exist from <b>address</b>.
  */
 void
-addressmap_register(const char *address, char *new_address, time_t expires)
+addressmap_register(const char *address, char *new_address, time_t expires,
+                    addressmap_entry_source_t source)
 {
   addressmap_entry_t *ent;
 
@@ -798,6 +822,7 @@ addressmap_register(const char *address, char *new_address, time_t expires)
   ent->new_address = new_address;
   ent->expires = expires==2 ? 1 : expires;
   ent->num_resolve_failures = 0;
+  ent->source = source;
 
   log_info(LD_CONFIG, "Addressmap: (re)mapped '%s' to '%s'",
            safe_str(address), safe_str(ent->new_address));
@@ -817,7 +842,8 @@ client_dns_incr_failures(const char *address)
     ent->expires = time(NULL) + MAX_DNS_ENTRY_AGE;
     strmap_set(addressmap,address,ent);
   }
-  ++ent->num_resolve_failures;
+  if (++ent->num_resolve_failures < 0) /* overflow. */
+    ent->num_resolve_failures = SHORT_MAX;
   log_info(LD_APP, "Address %s now has %d resolve failures.",
            safe_str(address), ent->num_resolve_failures);
   return ent->num_resolve_failures;
@@ -879,7 +905,7 @@ client_dns_set_addressmap_impl(const char *address, const char *name,
                  "%s", name);
   }
   addressmap_register(extendedaddress, tor_strdup(extendedval),
-                      time(NULL) + ttl);
+                      time(NULL) + ttl, ADDRMAPSRC_DNS);
 }
 
 /** Record the fact that <b>address</b> resolved to <b>val</b>.
@@ -1105,7 +1131,7 @@ addressmap_register_virtual_address(int type, char *new_address)
   tor_free(*addrp);
   *addrp = addressmap_get_virtual_address(type);
   log_info(LD_APP, "Registering map from %s to %s", *addrp, new_address);
-  addressmap_register(*addrp, new_address, 2);
+  addressmap_register(*addrp, new_address, 2, ADDRMAPSRC_CONTROLLER);
 
 #if 0
   {

src/or/control.c

@@ -1260,7 +1260,7 @@ handle_control_mapaddress(control_connection_t *conn, uint32_t len,
           smartlist_add(reply, ans);
         }
       } else {
-        addressmap_register(from, tor_strdup(to), 1);
+        addressmap_register(from, tor_strdup(to), 1, ADDRMAPSRC_CONTROLLER);
         tor_snprintf(ans, anslen, "250-%s", line);
         smartlist_add(reply, ans);
       }

src/or/or.h

@@ -2816,8 +2816,12 @@ void addressmap_clear_transient(void);
 void addressmap_free_all(void);
 int addressmap_rewrite(char *address, size_t maxlen, time_t *expires_out);
 int addressmap_have_mapping(const char *address);
+typedef enum {
+  ADDRMAPSRC_CONTROLLER, ADDRMAPSRC_TORRC, ADDRMAPSRC_TRACKEXIT,
+  ADDRMAPSRC_DNS,
+} addressmap_entry_source_t;
 void addressmap_register(const char *address, char *new_address,
-                         time_t expires);
+                         time_t expires, addressmap_entry_source_t source);
 int parse_virtual_addr_network(const char *val, int validate_only,
                                char **msg);
 int client_dns_incr_failures(const char *address);