mirror of
https://gitlab.torproject.org/tpo/core/tor.git
synced 2024-11-30 23:53:32 +01:00
Replace identifiers related to clipping DNS ttls.
This is an automated commit, generated by this command: ./scripts/maint/rename_c_identifier.py \ MIN_DNS_TTL_AT_EXIT MIN_DNS_TTL \ MAX_DNS_TTL_AT_EXIT MAX_DNS_TTL \ dns_clip_ttl clip_dns_ttl
This commit is contained in:
parent
17724a7cde
commit
dcbc45e6b2
@ -480,7 +480,7 @@ connection_edge_end(edge_connection_t *conn, uint8_t reason)
|
|||||||
memcpy(payload+1, tor_addr_to_in6_addr8(&conn->base_.addr), 16);
|
memcpy(payload+1, tor_addr_to_in6_addr8(&conn->base_.addr), 16);
|
||||||
addrlen = 16;
|
addrlen = 16;
|
||||||
}
|
}
|
||||||
set_uint32(payload+1+addrlen, htonl(dns_clip_ttl(conn->address_ttl)));
|
set_uint32(payload+1+addrlen, htonl(clip_dns_ttl(conn->address_ttl)));
|
||||||
payload_len += 4+addrlen;
|
payload_len += 4+addrlen;
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -845,7 +845,7 @@ connected_cell_format_payload(uint8_t *payload_out,
|
|||||||
return -1;
|
return -1;
|
||||||
}
|
}
|
||||||
|
|
||||||
set_uint32(payload_out + connected_payload_len, htonl(dns_clip_ttl(ttl)));
|
set_uint32(payload_out + connected_payload_len, htonl(clip_dns_ttl(ttl)));
|
||||||
connected_payload_len += 4;
|
connected_payload_len += 4;
|
||||||
|
|
||||||
tor_assert(connected_payload_len <= MAX_CONNECTED_CELL_PAYLOAD_LEN);
|
tor_assert(connected_payload_len <= MAX_CONNECTED_CELL_PAYLOAD_LEN);
|
||||||
|
@ -689,7 +689,7 @@ client_dns_set_addressmap_impl(entry_connection_t *for_conn,
|
|||||||
if (ttl<0)
|
if (ttl<0)
|
||||||
ttl = DEFAULT_DNS_TTL;
|
ttl = DEFAULT_DNS_TTL;
|
||||||
else
|
else
|
||||||
ttl = dns_clip_ttl(ttl);
|
ttl = clip_dns_ttl(ttl);
|
||||||
|
|
||||||
if (exitname) {
|
if (exitname) {
|
||||||
/* XXXX fails to ever get attempts to get an exit address of
|
/* XXXX fails to ever get attempts to get an exit address of
|
||||||
|
@ -272,16 +272,16 @@ has_dns_init_failed(void)
|
|||||||
* OP that asked us to resolve it, and how long to cache that record
|
* OP that asked us to resolve it, and how long to cache that record
|
||||||
* ourselves. */
|
* ourselves. */
|
||||||
uint32_t
|
uint32_t
|
||||||
dns_clip_ttl(uint32_t ttl)
|
clip_dns_ttl(uint32_t ttl)
|
||||||
{
|
{
|
||||||
/* This logic is a defense against "DefectTor" DNS-based traffic
|
/* This logic is a defense against "DefectTor" DNS-based traffic
|
||||||
* confirmation attacks, as in https://nymity.ch/tor-dns/tor-dns.pdf .
|
* confirmation attacks, as in https://nymity.ch/tor-dns/tor-dns.pdf .
|
||||||
* We only give two values: a "low" value and a "high" value.
|
* We only give two values: a "low" value and a "high" value.
|
||||||
*/
|
*/
|
||||||
if (ttl < MIN_DNS_TTL_AT_EXIT)
|
if (ttl < MIN_DNS_TTL)
|
||||||
return MIN_DNS_TTL_AT_EXIT;
|
return MIN_DNS_TTL;
|
||||||
else
|
else
|
||||||
return MAX_DNS_TTL_AT_EXIT;
|
return MAX_DNS_TTL;
|
||||||
}
|
}
|
||||||
|
|
||||||
/** Helper: free storage held by an entry in the DNS cache. */
|
/** Helper: free storage held by an entry in the DNS cache. */
|
||||||
@ -521,7 +521,7 @@ send_resolved_cell,(edge_connection_t *conn, uint8_t answer_type,
|
|||||||
uint32_t ttl;
|
uint32_t ttl;
|
||||||
|
|
||||||
buf[0] = answer_type;
|
buf[0] = answer_type;
|
||||||
ttl = dns_clip_ttl(conn->address_ttl);
|
ttl = clip_dns_ttl(conn->address_ttl);
|
||||||
|
|
||||||
switch (answer_type)
|
switch (answer_type)
|
||||||
{
|
{
|
||||||
@ -593,7 +593,7 @@ send_resolved_hostname_cell,(edge_connection_t *conn,
|
|||||||
size_t namelen = strlen(hostname);
|
size_t namelen = strlen(hostname);
|
||||||
|
|
||||||
tor_assert(namelen < 256);
|
tor_assert(namelen < 256);
|
||||||
ttl = dns_clip_ttl(conn->address_ttl);
|
ttl = clip_dns_ttl(conn->address_ttl);
|
||||||
|
|
||||||
buf[0] = RESOLVED_TYPE_HOSTNAME;
|
buf[0] = RESOLVED_TYPE_HOSTNAME;
|
||||||
buf[1] = (uint8_t)namelen;
|
buf[1] = (uint8_t)namelen;
|
||||||
@ -1338,7 +1338,7 @@ make_pending_resolve_cached(cached_resolve_t *resolve)
|
|||||||
resolve->ttl_hostname < ttl)
|
resolve->ttl_hostname < ttl)
|
||||||
ttl = resolve->ttl_hostname;
|
ttl = resolve->ttl_hostname;
|
||||||
|
|
||||||
set_expiry(new_resolve, time(NULL) + dns_clip_ttl(ttl));
|
set_expiry(new_resolve, time(NULL) + clip_dns_ttl(ttl));
|
||||||
}
|
}
|
||||||
|
|
||||||
assert_cache_ok();
|
assert_cache_ok();
|
||||||
@ -2188,7 +2188,7 @@ dns_cache_handle_oom(time_t now, size_t min_remove_bytes)
|
|||||||
total_bytes_removed += bytes_removed;
|
total_bytes_removed += bytes_removed;
|
||||||
|
|
||||||
/* Increase time_inc by a reasonable fraction. */
|
/* Increase time_inc by a reasonable fraction. */
|
||||||
time_inc += (MAX_DNS_TTL_AT_EXIT / 4);
|
time_inc += (MAX_DNS_TTL / 4);
|
||||||
} while (total_bytes_removed < min_remove_bytes);
|
} while (total_bytes_removed < min_remove_bytes);
|
||||||
|
|
||||||
return total_bytes_removed;
|
return total_bytes_removed;
|
||||||
|
@ -13,9 +13,9 @@
|
|||||||
#define TOR_DNS_H
|
#define TOR_DNS_H
|
||||||
|
|
||||||
/** Lowest value for DNS ttl that a server will give. */
|
/** Lowest value for DNS ttl that a server will give. */
|
||||||
#define MIN_DNS_TTL_AT_EXIT (5*60)
|
#define MIN_DNS_TTL (5*60)
|
||||||
/** Highest value for DNS ttl that a server will give. */
|
/** Highest value for DNS ttl that a server will give. */
|
||||||
#define MAX_DNS_TTL_AT_EXIT (60*60)
|
#define MAX_DNS_TTL (60*60)
|
||||||
|
|
||||||
/** How long do we keep DNS cache entries before purging them (regardless of
|
/** How long do we keep DNS cache entries before purging them (regardless of
|
||||||
* their TTL)? */
|
* their TTL)? */
|
||||||
@ -27,7 +27,7 @@
|
|||||||
int dns_init(void);
|
int dns_init(void);
|
||||||
int has_dns_init_failed(void);
|
int has_dns_init_failed(void);
|
||||||
void dns_free_all(void);
|
void dns_free_all(void);
|
||||||
uint32_t dns_clip_ttl(uint32_t ttl);
|
uint32_t clip_dns_ttl(uint32_t ttl);
|
||||||
int dns_reset(void);
|
int dns_reset(void);
|
||||||
void connection_dns_remove(edge_connection_t *conn);
|
void connection_dns_remove(edge_connection_t *conn);
|
||||||
void assert_connection_edge_not_dns_pending(edge_connection_t *conn);
|
void assert_connection_edge_not_dns_pending(edge_connection_t *conn);
|
||||||
|
@ -80,11 +80,11 @@ test_dns_clip_ttl(void *arg)
|
|||||||
{
|
{
|
||||||
(void)arg;
|
(void)arg;
|
||||||
|
|
||||||
uint32_t ttl_mid = MIN_DNS_TTL_AT_EXIT / 2 + MAX_DNS_TTL_AT_EXIT / 2;
|
uint32_t ttl_mid = MIN_DNS_TTL / 2 + MAX_DNS_TTL / 2;
|
||||||
|
|
||||||
tt_int_op(dns_clip_ttl(MIN_DNS_TTL_AT_EXIT - 1),OP_EQ,MIN_DNS_TTL_AT_EXIT);
|
tt_int_op(clip_dns_ttl(MIN_DNS_TTL - 1),OP_EQ,MIN_DNS_TTL);
|
||||||
tt_int_op(dns_clip_ttl(ttl_mid),OP_EQ,MAX_DNS_TTL_AT_EXIT);
|
tt_int_op(clip_dns_ttl(ttl_mid),OP_EQ,MAX_DNS_TTL);
|
||||||
tt_int_op(dns_clip_ttl(MAX_DNS_TTL_AT_EXIT + 1),OP_EQ,MAX_DNS_TTL_AT_EXIT);
|
tt_int_op(clip_dns_ttl(MAX_DNS_TTL + 1),OP_EQ,MAX_DNS_TTL);
|
||||||
|
|
||||||
done:
|
done:
|
||||||
return;
|
return;
|
||||||
|
Loading…
Reference in New Issue
Block a user