When using eventdns: suppress logging of addresses when SafeLogging is active, and make set of nameservers configurable from torrc.

svn:r6744

src/or/config.c

@@ -58,6 +58,7 @@ static config_abbrev_t _option_abbrevs[] = {
   PLURAL(LongLivedPort),
   PLURAL(HiddenServiceNode),
   PLURAL(HiddenServiceExcludeNode),
+  PLURAL(Nameserver),
   PLURAL(NumCpu),
   PLURAL(RendNode),
   PLURAL(RendExcludeNode),
@@ -191,6 +192,7 @@ static config_var_t _option_vars[] = {
   OBSOLETE("MonthlyAccountingStart"),
   VAR("MyFamily",            STRING,   MyFamily,             NULL),
   VAR("NewCircuitPeriod",    INTERVAL, NewCircuitPeriod,     "30 seconds"),
+  VAR("Nameservers",         CSV,      Nameservers,          ""),
   VAR("NamingAuthoritativeDirectory",BOOL, NamingAuthoritativeDir, "0"),
   VAR("Nickname",            STRING,   Nickname,             NULL),
   VAR("NoPublish",           BOOL,     NoPublish,            "0"),
@@ -1971,6 +1973,30 @@ validate_ports_csv(smartlist_t *sl, const char *name, char **msg)
   return 0;
 }
 
+/* Return 0 if every element of sl is a string holding an IP address, or if sl
+ * is NULL.  Otherwise set *msg and return -1. */
+static int
+validate_ips_csv(smartlist_t *sl, const char *name, char **msg)
+{
+  char buf[1024];
+  tor_assert(name);
+
+  if (!sl)
+    return 0;
+
+  SMARTLIST_FOREACH(sl, const char *, cp,
+  {
+    struct in_addr in;
+    if (0 == tor_inet_aton(cp, &in)) {
+      int r = tor_snprintf(buf, sizeof(buf),
+                        "Malformed address '%s' out of range in %s", cp, name);
+      *msg = tor_strdup(r >= 0 ? buf : "internal error");
+      return -1;
+    }
+  });
+  return 0;
+}
+
 /** Lowest allowable value for RendPostPeriod; if this is too low, hidden
  * services can overload the directory system. */
 #define MIN_REND_POST_PERIOD (5*60)
@@ -2186,6 +2212,9 @@ options_validate(or_options_t *old_options, or_options_t *options,
   if (validate_ports_csv(options->LongLivedPorts, "LongLivedPorts", msg) < 0)
     return -1;
 
+  if (validate_ips_csv(options->Nameservers, "Nameservers", msg) < 0)
+    return -1;
+
   if (options->FascistFirewall && !options->ReachableAddresses) {
     if (smartlist_len(options->FirewallPorts)) {
       /* We already have firewall ports set, so migrate them to

src/or/dns.c

@@ -122,6 +122,11 @@ init_cache_map(void)
 static void
 eventdns_log_cb(const char *msg)
 {
+  if (!strcmpstart(msg, "Resolve requested for") &&
+      get_options()->SafeLogging) {
+    log(LOG_INFO, LD_EXIT, "eventdns: Resolve requested.");
+    return;
+  }
   log(LOG_INFO, LD_EXIT, "eventdns: %s", msg);
 }
 #endif
@@ -130,12 +135,29 @@ eventdns_log_cb(const char *msg)
 void
 dns_init(void)
 {
+
   init_cache_map();
   dnsworkers_rotate();
 #ifdef USE_EVENTDNS
-  eventdns_set_log_fn(eventdns_log_cb);
-  eventdns_resolv_conf_parse(DNS_OPTION_NAMESERVERS|DNS_OPTION_MISC,
-                             "/etc/resolv.conf");
+  {
+    or_options_t *options = get_options();
+    eventdns_set_log_fn(eventdns_log_cb);
+    if (options->Nameservers && smartlist_len(options->Nameservers)) {
+      SMARTLIST_FOREACH(options->Nameservers, const char *, ip,
+        {
+          struct in_addr in;
+          log_info(LD_EXIT, "Parsing /etc/resolv.conf");
+          if (tor_inet_aton(ip, &in)) {
+            log_info(LD_EXIT, "Adding nameserver '%s'", ip);
+            eventdns_nameserver_add(in.s_addr);
+          }
+        });
+    } else {
+      log_info(LD_EXIT, "Parsing /etc/resolv.conf");
+      eventdns_resolv_conf_parse(DNS_OPTION_NAMESERVERS|DNS_OPTION_MISC,
+                                 "/etc/resolv.conf");
+    }
+  }
 #endif
 }
 

src/or/or.h

@@ -1414,6 +1414,8 @@ typedef struct {
 
   char *VirtualAddrNetwork; /**< Address and mask to hand out for virtual
                              * MAPADDRESS requests. */
+  smartlist_t *Nameservers; /**< If provided, overrides the platform nameserver
+                             * list. when using eventdns. */
 } or_options_t;
 
 /** Persistent state for an onion router, as saved to disk. */