aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorNick Mathewson <nickm@torproject.org>2006-12-28 21:29:20 +0000
committerNick Mathewson <nickm@torproject.org>2006-12-28 21:29:20 +0000
commitd9f1f3533d059627266ddcdb0398b4b32c7158f2 (patch)
treea087dc505639ec0108a087360a489dde56be3f4e
parente5f5b96ca6bc35d22478840600c2dfdf2778950f (diff)
downloadtor-d9f1f3533d059627266ddcdb0398b4b32c7158f2.tar.gz
tor-d9f1f3533d059627266ddcdb0398b4b32c7158f2.zip
r11724@Kushana: nickm | 2006-12-28 14:22:35 -0500
Refactor and unify my-ip-addr-changed logic. Make change in IP address or in nameservers reset and relaunch DNS hijacking tests. svn:r9200
-rw-r--r--ChangeLog2
-rw-r--r--doc/TODO3
-rw-r--r--src/or/config.c4
-rw-r--r--src/or/connection.c2
-rw-r--r--src/or/dns.c29
-rw-r--r--src/or/main.c41
-rw-r--r--src/or/or.h6
-rw-r--r--src/or/router.c27
8 files changed, 89 insertions, 25 deletions
diff --git a/ChangeLog b/ChangeLog
index c638a59095..c2b7f2363d 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -70,6 +70,8 @@ Changes in version 0.1.2.5-xxxx - 200?-??-??
- We now check for the case when common DNS requests are going to
wildcarded addresses, and change our exit policy to reject *:* if
it's happening. (Bug #364)
+ - When we change nameservers or IP addresses, reset and re-launch
+ our tests for DNS hijacking.
o Security bugfixes:
- Stop sending the HttpProxyAuthenticator string to directory
diff --git a/doc/TODO b/doc/TODO
index 12129cf10e..8d8ea00d86 100644
--- a/doc/TODO
+++ b/doc/TODO
@@ -112,8 +112,7 @@ d - Be a DNS proxy.
well-known sites) are all going to the same place.
o Bug 363: Warn and die if we can't find a nameserver and we're running a
server; don't fall back to 127.0.0.1.
-? - maybe re-check dns when we change IP addresses, rather than
- every 12 hours?
+ o Re-check dns when we change IP addresses, rather than every 12 hours
- Bug 326: Give fewer error messages from nameservers.
- Only warn when _all_ nameservers are down; otherwise info.
- Increase timeout; what's industry standard?
diff --git a/src/or/config.c b/src/or/config.c
index be22da7374..383ecc62f6 100644
--- a/src/or/config.c
+++ b/src/or/config.c
@@ -976,7 +976,7 @@ options_act(or_options_t *old_options)
log_err(LD_BUG,"Error initializing keys; exiting");
return -1;
}
- server_has_changed_ip();
+ ip_address_changed(0);
if (has_completed_circuit || !any_predicted_circuits(time(NULL)))
inform_testing_reachability();
}
@@ -1908,7 +1908,7 @@ resolve_my_address(int warn_severity, or_options_t *options,
/* Leave this as a notice, regardless of the requested severity,
* at least until dynamic IP address support becomes bulletproof. */
log_notice(LD_NET, "Your IP address seems to have changed. Updating.");
- server_has_changed_ip();
+ ip_address_changed(0);
}
last_resolved_addr = *addr_out;
if (hostname_out)
diff --git a/src/or/connection.c b/src/or/connection.c
index 8b6a209c0e..0b2f5c4b2a 100644
--- a/src/or/connection.c
+++ b/src/or/connection.c
@@ -2128,7 +2128,7 @@ client_check_address_changed(int sock)
smartlist_clear(outgoing_addrs);
smartlist_add(outgoing_addrs, ip);
/* Okay, now change our keys. */
- init_keys(); /* XXXX NM return value-- safe to ignore? */
+ ip_address_changed(1);
}
}
diff --git a/src/or/dns.c b/src/or/dns.c
index a85b5ee212..e7dbccb4b1 100644
--- a/src/or/dns.c
+++ b/src/or/dns.c
@@ -1399,6 +1399,11 @@ dns_seems_to_be_broken(void)
{
return 0;
}
+
+void
+dns_reset_correctness_checks(void)
+{
+}
#else /* !USE_EVENTDNS */
/** Eventdns helper: return true iff the eventdns result <b>err</b> is
@@ -1514,6 +1519,8 @@ configure_nameservers(int force)
}
#endif
+ dns_servers_relaunch_checks();
+
nameservers_configured = 1;
return 0;
}
@@ -1855,6 +1862,28 @@ dns_seems_to_be_broken(void)
return dns_is_completely_invalid;
}
+void
+dns_reset_correctness_checks(void)
+{
+ if (dns_wildcard_response_count) {
+ strmap_free(dns_wildcard_response_count, _tor_free);
+ dns_wildcard_response_count = NULL;
+ }
+ n_wildcard_requests = 0;
+
+ if (dns_wildcard_list) {
+ SMARTLIST_FOREACH(dns_wildcard_list, char *, cp, tor_free(cp));
+ smartlist_clear(dns_wildcard_list);
+ }
+ if (dns_wildcarded_test_address_list) {
+ SMARTLIST_FOREACH(dns_wildcarded_test_address_list, char *, cp,
+ tor_free(cp));
+ smartlist_clear(dns_wildcarded_test_address_list);
+ }
+ dns_wildcard_one_notice_given = dns_wildcard_notice_given =
+ dns_wildcarded_test_address_notice_given = dns_is_completely_invalid = 0;
+}
+
/** Return true iff we have noticed that the dotted-quad <b>ip</b> has been
* returned in response to requests for nonexistent hostnames. */
static int
diff --git a/src/or/main.c b/src/or/main.c
index e0be4281a6..2247210bf9 100644
--- a/src/or/main.c
+++ b/src/or/main.c
@@ -52,6 +52,8 @@ long stats_n_seconds_working = 0;
static time_t time_to_fetch_directory = 0;
/** When do we next download a running-routers summary? */
static time_t time_to_fetch_running_routers = 0;
+/** When do we next launch DNS wildcarding checks? */
+static time_t time_to_check_for_correct_dns = 0;
/** Array of all open connections. The first n_conns elements are valid. */
static connection_t *connection_array[MAXCONNECTIONS+1] =
@@ -729,7 +731,6 @@ run_scheduled_events(time_t now)
static time_t time_to_try_getting_descriptors = 0;
static time_t time_to_reset_descriptor_failures = 0;
static time_t time_to_add_entropy = 0;
- static time_t time_to_check_for_correct_dns = 0;
or_options_t *options = get_options();
int i;
int have_dir_info;
@@ -1057,6 +1058,44 @@ got_libevent_error(void)
}
#endif
+#define UPTIME_CUTOFF_FOR_NEW_BANDWIDTH_TEST (6*60*60)
+
+/** Called when our IP address seems to have changed. <b>at_interface</b>
+ * should be true if we detected a change in our interface, and false if we
+ * detected a change in our published address. */
+void
+ip_address_changed(int at_interface)
+{
+ int server = server_mode(get_options());
+
+ if (at_interface) {
+ if (! server) {
+ /* Okay, change our keys. */
+ init_keys();
+ }
+ } else {
+ if (server) {
+ if (stats_n_seconds_working > UPTIME_CUTOFF_FOR_NEW_BANDWIDTH_TEST)
+ reset_bandwidth_test();
+ stats_n_seconds_working = 0;
+ router_reset_reachability();
+ mark_my_descriptor_dirty();
+ }
+ }
+
+ dns_servers_relaunch_checks();
+}
+
+/* DOCDOC */
+void
+dns_servers_relaunch_checks(void)
+{
+ if (server_mode(get_options())) {
+ dns_reset_correctness_checks();
+ time_to_check_for_correct_dns = 0;
+ }
+}
+
/** Called when we get a SIGHUP: reload configuration files and keys,
* retry all connections, re-upload all descriptors, and so on. */
static int
diff --git a/src/or/or.h b/src/or/or.h
index f107ab173b..6f35207100 100644
--- a/src/or/or.h
+++ b/src/or/or.h
@@ -2323,6 +2323,7 @@ void dns_cancel_pending_resolve(const char *question);
int dns_resolve(edge_connection_t *exitconn, or_circuit_t *circ);
void dns_launch_correctness_checks(void);
int dns_seems_to_be_broken(void);
+void dns_reset_correctness_checks(void);
/********************************* hibernate.c **********************/
@@ -2363,6 +2364,9 @@ void connection_start_writing(connection_t *conn);
void directory_all_unreachable(time_t now);
void directory_info_has_arrived(time_t now, int from_cache);
+void ip_address_changed(int at_interface);
+void dns_servers_relaunch_checks(void);
+
void control_signal_act(int the_signal);
void handle_signals(int is_parent);
void tor_cleanup(void);
@@ -2632,7 +2636,6 @@ int check_whether_dirport_reachable(void);
void consider_testing_reachability(int test_or, int test_dir);
void router_orport_found_reachable(void);
void router_dirport_found_reachable(void);
-void server_has_changed_ip(void);
void router_perform_bandwidth_test(int num_circs, time_t now);
int authdir_mode(or_options_t *options);
@@ -2664,6 +2667,7 @@ int is_legal_nickname_or_hexdigest(const char *s);
int is_legal_hexdigest(const char *s);
void router_get_verbose_nickname(char *buf, routerinfo_t *router);
void router_reset_warnings(void);
+void router_reset_reachability(void);
void router_free_all(void);
/********************************* routerlist.c ***************************/
diff --git a/src/or/router.c b/src/or/router.c
index 48c70039a9..546e29d4b0 100644
--- a/src/or/router.c
+++ b/src/or/router.c
@@ -381,6 +381,13 @@ static int can_reach_or_port = 0;
/** Whether we can reach our DirPort from the outside. */
static int can_reach_dir_port = 0;
+/** DOCDOC */
+void
+router_reset_reachability(void)
+{
+ can_reach_or_port = can_reach_dir_port = 0;
+}
+
/** Return 1 if ORPort is known reachable; else return 0. */
int
check_whether_orport_reachable(void)
@@ -488,20 +495,6 @@ router_dirport_found_reachable(void)
}
}
-#define UPTIME_CUTOFF_FOR_NEW_BANDWIDTH_TEST (6*60*60)
-
-/** Our router has just moved to a new IP. Reset stats. */
-void
-server_has_changed_ip(void)
-{
- if (stats_n_seconds_working > UPTIME_CUTOFF_FOR_NEW_BANDWIDTH_TEST)
- reset_bandwidth_test();
- stats_n_seconds_working = 0;
- can_reach_or_port = 0;
- can_reach_dir_port = 0;
- mark_my_descriptor_dirty();
-}
-
/** We have enough testing circuits open. Send a bunch of "drop"
* cells down each of them, to exercise our bandwidth. */
void
@@ -996,9 +989,7 @@ check_descriptor_ipaddress_changed(time_t now)
if (prev != cur) {
log_addr_has_changed(LOG_INFO, prev, cur);
- mark_my_descriptor_dirty();
- /* the above call is probably redundant, since resolve_my_address()
- * probably already noticed and marked it dirty. */
+ ip_address_changed(0);
}
}
@@ -1044,7 +1035,7 @@ router_new_address_suggestion(const char *suggestion)
* resolve it. */
if (last_guessed_ip != addr) {
log_addr_has_changed(LOG_NOTICE, last_guessed_ip, addr);
- server_has_changed_ip();
+ ip_address_changed(0);
last_guessed_ip = addr; /* router_rebuild_descriptor() will fetch it */
}
}