mirror of
https://gitlab.torproject.org/tpo/core/tor.git
synced 2024-11-11 05:33:47 +01:00
Implement option to turn off DNS cache use on a client port
(This is part 2 of making DNS cache use enabled/disabled on a per-client port basis. This implements the CacheIPv[46]DNS options, but not the UseCachedIPv[46] ones.)
This commit is contained in:
parent
32219d8313
commit
f33487668f
@ -335,7 +335,9 @@ addressmap_match_superdomains(char *address)
|
||||
* was a .exit.
|
||||
*/
|
||||
int
|
||||
addressmap_rewrite(char *address, size_t maxlen, time_t *expires_out,
|
||||
addressmap_rewrite(char *address, size_t maxlen,
|
||||
unsigned flags,
|
||||
time_t *expires_out,
|
||||
addressmap_entry_source_t *exit_source_out)
|
||||
{
|
||||
addressmap_entry_t *ent;
|
||||
@ -368,6 +370,16 @@ addressmap_rewrite(char *address, size_t maxlen, time_t *expires_out,
|
||||
goto done;
|
||||
}
|
||||
|
||||
if (ent && ent->source == ADDRMAPSRC_DNS) {
|
||||
sa_family_t f;
|
||||
tor_addr_t tmp;
|
||||
f = tor_addr_parse(&tmp, ent->new_address);
|
||||
if (f == AF_INET && !(flags & AMR_FLAG_USE_IPV4_DNS))
|
||||
goto done;
|
||||
else if (f == AF_INET6 && !(flags & AMR_FLAG_USE_IPV6_DNS))
|
||||
goto done;
|
||||
}
|
||||
|
||||
if (ent->dst_wildcard && !exact_match) {
|
||||
strlcat(address, ".", maxlen);
|
||||
strlcat(address, ent->new_address, maxlen);
|
||||
@ -409,11 +421,22 @@ addressmap_rewrite(char *address, size_t maxlen, time_t *expires_out,
|
||||
* *<b>expires_out</b> to the expiry time of the result, or to <b>time_max</b>
|
||||
* if the result does not expire. */
|
||||
int
|
||||
addressmap_rewrite_reverse(char *address, size_t maxlen, time_t *expires_out)
|
||||
addressmap_rewrite_reverse(char *address, size_t maxlen, unsigned flags,
|
||||
time_t *expires_out)
|
||||
{
|
||||
char *s, *cp;
|
||||
addressmap_entry_t *ent;
|
||||
int r = 0;
|
||||
{
|
||||
sa_family_t f;
|
||||
tor_addr_t tmp;
|
||||
f = tor_addr_parse(&tmp, address);
|
||||
if (f == AF_INET && !(flags & AMR_FLAG_USE_IPV4_DNS))
|
||||
return 0;
|
||||
else if (f == AF_INET6 && !(flags & AMR_FLAG_USE_IPV6_DNS))
|
||||
return 0;
|
||||
}
|
||||
|
||||
tor_asprintf(&s, "REVERSE[%s]", address);
|
||||
ent = strmap_get(addressmap, s);
|
||||
if (ent) {
|
||||
|
@ -14,9 +14,12 @@ void addressmap_clean(time_t now);
|
||||
void addressmap_clear_configured(void);
|
||||
void addressmap_clear_transient(void);
|
||||
void addressmap_free_all(void);
|
||||
int addressmap_rewrite(char *address, size_t maxlen, time_t *expires_out,
|
||||
#define AMR_FLAG_USE_IPV4_DNS (1u<<0)
|
||||
#define AMR_FLAG_USE_IPV6_DNS (1u<<1)
|
||||
int addressmap_rewrite(char *address, size_t maxlen, unsigned flags,
|
||||
time_t *expires_out,
|
||||
addressmap_entry_source_t *exit_source_out);
|
||||
int addressmap_rewrite_reverse(char *address, size_t maxlen,
|
||||
int addressmap_rewrite_reverse(char *address, size_t maxlen, unsigned flags,
|
||||
time_t *expires_out);
|
||||
int addressmap_have_mapping(const char *address, int update_timeout);
|
||||
|
||||
|
@ -952,8 +952,14 @@ connection_ap_handshake_rewrite_and_attach(entry_connection_t *conn,
|
||||
}
|
||||
|
||||
if (socks->command == SOCKS_COMMAND_RESOLVE_PTR) {
|
||||
unsigned rewrite_flags = 0;
|
||||
if (conn->use_cached_ipv4_answers)
|
||||
rewrite_flags |= AMR_FLAG_USE_IPV4_DNS;
|
||||
if (conn->use_cached_ipv6_answers)
|
||||
rewrite_flags |= AMR_FLAG_USE_IPV6_DNS;
|
||||
|
||||
if (addressmap_rewrite_reverse(socks->address, sizeof(socks->address),
|
||||
&map_expires)) {
|
||||
rewrite_flags, &map_expires)) {
|
||||
char *result = tor_strdup(socks->address);
|
||||
/* remember _what_ is supposed to have been resolved. */
|
||||
tor_snprintf(socks->address, sizeof(socks->address), "REVERSE[%s]",
|
||||
@ -984,8 +990,13 @@ connection_ap_handshake_rewrite_and_attach(entry_connection_t *conn,
|
||||
}
|
||||
} else if (!automap) {
|
||||
/* For address map controls, remap the address. */
|
||||
unsigned rewrite_flags = 0;
|
||||
if (conn->use_cached_ipv4_answers)
|
||||
rewrite_flags |= AMR_FLAG_USE_IPV4_DNS;
|
||||
if (conn->use_cached_ipv6_answers)
|
||||
rewrite_flags |= AMR_FLAG_USE_IPV6_DNS;
|
||||
if (addressmap_rewrite(socks->address, sizeof(socks->address),
|
||||
&map_expires, &exit_source)) {
|
||||
rewrite_flags, &map_expires, &exit_source)) {
|
||||
control_event_stream_status(conn, STREAM_EVENT_REMAP,
|
||||
REMAP_STREAM_SOURCE_CACHE);
|
||||
}
|
||||
|
@ -758,11 +758,18 @@ connection_ap_process_end_not_open(
|
||||
policies_set_node_exitpolicy_to_reject_all(exitrouter);
|
||||
}
|
||||
/* rewrite it to an IP if we learned one. */
|
||||
{
|
||||
unsigned rewrite_flags = 0;
|
||||
if (conn->use_cached_ipv4_answers)
|
||||
rewrite_flags |= AMR_FLAG_USE_IPV4_DNS;
|
||||
if (conn->use_cached_ipv6_answers)
|
||||
rewrite_flags |= AMR_FLAG_USE_IPV6_DNS;
|
||||
if (addressmap_rewrite(conn->socks_request->address,
|
||||
sizeof(conn->socks_request->address),
|
||||
NULL, NULL)) {
|
||||
rewrite_flags, NULL, NULL)) {
|
||||
control_event_stream_status(conn, STREAM_EVENT_REMAP, 0);
|
||||
}
|
||||
}
|
||||
if (conn->chosen_exit_optional ||
|
||||
conn->chosen_exit_retries) {
|
||||
/* stop wanting a specific exit */
|
||||
|
@ -42,6 +42,11 @@ test_config_addressmap(void *arg)
|
||||
config_get_lines(buf, &(get_options_mutable()->AddressMap), 0);
|
||||
config_register_addressmaps(get_options());
|
||||
|
||||
/* Use old interface for now, so we don't need to rewrite the unit tests */
|
||||
#define addressmap_rewrite(a,s,eo,ao) \
|
||||
addressmap_rewrite((a),(s),AMR_FLAG_USE_IPV4_DNS|AMR_FLAG_USE_IPV6_DNS, \
|
||||
(eo),(ao))
|
||||
|
||||
/* MapAddress .invalidwildcard.com .torserver.exit - no match */
|
||||
strlcpy(address, "www.invalidwildcard.com", sizeof(address));
|
||||
test_assert(!addressmap_rewrite(address, sizeof(address), &expires, NULL));
|
||||
@ -158,6 +163,8 @@ test_config_addressmap(void *arg)
|
||||
strlcpy(address, "www.torproject.org", sizeof(address));
|
||||
test_assert(!addressmap_rewrite(address, sizeof(address), &expires, NULL));
|
||||
|
||||
#undef addressmap_rewrite
|
||||
|
||||
done:
|
||||
;
|
||||
}
|
||||
|
Loading…
Reference in New Issue
Block a user