diff options
| author | Nick Mathewson <nickm@torproject.org> | 2008-02-21 18:45:11 +0000 |
|---|---|---|
| committer | Nick Mathewson <nickm@torproject.org> | 2008-02-21 18:45:11 +0000 |
| commit | 5c03f82a650e3986c37466197d79d85906cce671 (patch) | |
| tree | e3dd766777ef56175d09c3c76e51c8535746ba46 | |
| parent | 6b50f5ae5d1d76f151b7f4ca6cb44cbe6dc05fc3 (diff) | |
| download | tor-5c03f82a650e3986c37466197d79d85906cce671.tar.gz tor-5c03f82a650e3986c37466197d79d85906cce671.zip | |
r18345@catbus: nickm | 2008-02-21 13:45:04 -0500
Do the last part of arma's fix for bug 437: Track the origin of every addrmap, and use this info so we can remove all the trackhostexits-originated mappings for a given exit.
svn:r13660
| -rw-r--r-- | ChangeLog | 2 | ||||
| -rw-r--r-- | doc/TODO | 2 | ||||
| -rw-r--r-- | src/common/container.h | 7 | ||||
| -rw-r--r-- | src/common/torint.h | 10 | ||||
| -rw-r--r-- | src/or/circuituse.c | 3 | ||||
| -rw-r--r-- | src/or/config.c | 2 | ||||
| -rw-r--r-- | src/or/connection_edge.c | 40 | ||||
| -rw-r--r-- | src/or/control.c | 2 | ||||
| -rw-r--r-- | src/or/or.h | 6 |
9 files changed, 62 insertions, 12 deletions
@@ -3,6 +3,8 @@ Changes in version 0.2.0.20-?? - 2008-02-?? - Start choosing which bridge to use proportional to its advertised bandwidth, rather than uniformly at random. This should speed up Tor for bridge users. Also do this for people who set StrictEntryNodes. + - When a TrackHostExits-chosen exit fails too many times in a row, + stop using it. Bugfix on 0.1.2.x. Fixes bug 437. o Major bugfixes: - Resolved problems with (re-)fetching hidden service descriptors. @@ -114,7 +114,7 @@ R . FAQ entry which is wrong non-encrypted request o write a tor-gencert man page - . geoip caching and publishing for bridges +N . geoip caching and publishing for bridges d Track consecutive time up, not time since last-forgotten IP. - Mention in dir-spec.txt - Mention in control-spec.txt diff --git a/src/common/container.h b/src/common/container.h index 72fbfcd318..db53dcb71b 100644 --- a/src/common/container.h +++ b/src/common/container.h @@ -286,6 +286,13 @@ DECLARE_MAP_FNS(digestmap_t, const char *, digestmap_); /** Used to end a DIGESTMAP_FOREACH() block. */ #define DIGESTMAP_FOREACH_END MAP_FOREACH_END +#define STRMAP_FOREACH(map, keyvar, valtype, valvar) \ + MAP_FOREACH(strmap_, map, const char *, keyvar, valtype, valvar) +#define STRMAP_FOREACH_MODIFY(map, keyvar, valtype, valvar) \ + MAP_FOREACH_MODIFY(strmap_, map, const char *, keyvar, valtype, valvar) +#define STRMAP_FOREACH_END MAP_FOREACH_END + + void* strmap_set_lc(strmap_t *map, const char *key, void *val); void* strmap_get_lc(const strmap_t *map, const char *key); void* strmap_remove_lc(strmap_t *map, const char *key); diff --git a/src/common/torint.h b/src/common/torint.h index 2d9c3b031f..e6f3180e96 100644 --- a/src/common/torint.h +++ b/src/common/torint.h @@ -267,6 +267,16 @@ typedef uint32_t uintptr_t; #endif #endif +#ifndef SHORT_MAX +#if (SIZEOF_SHORT == 2) +#define SHORT_MAX 0x7fff +#elif (SIZEOF_SHORT == 4) +#define SHORT_MAX 0x7fffffff +#else +#error "Can't define SHORT_MAX" +#endif +#endif + #ifndef TIME_MAX #ifdef TIME_T_IS_SIGNED diff --git a/src/or/circuituse.c b/src/or/circuituse.c index b1b65754b4..e0e8350e10 100644 --- a/src/or/circuituse.c +++ b/src/or/circuituse.c @@ -1212,7 +1212,8 @@ consider_recording_trackhost(edge_connection_t *conn, origin_circuit_t *circ) conn->socks_request->address, fp); addressmap_register(conn->socks_request->address, new_address, - time(NULL) + options->TrackHostExitsExpire); + time(NULL) + options->TrackHostExitsExpire, + ADDRMAPSRC_TRACKEXIT); } /** Attempt to attach the connection <b>conn</b> to <b>circ</b>, and send a diff --git a/src/or/config.c b/src/or/config.c index ba5ccaa90a..461282f8db 100644 --- a/src/or/config.c +++ b/src/or/config.c @@ -3706,7 +3706,7 @@ config_register_addressmaps(or_options_t *options) log_warn(LD_CONFIG, "Skipping invalid argument '%s' to MapAddress", to); } else { - addressmap_register(from, tor_strdup(to), 0); + addressmap_register(from, tor_strdup(to), 0, ADDRMAPSRC_TORRC); if (smartlist_len(elts)>2) { log_warn(LD_CONFIG,"Ignoring extra arguments to MapAddress."); } diff --git a/src/or/connection_edge.c b/src/or/connection_edge.c index b4f79a8c72..fa684d8b45 100644 --- a/src/or/connection_edge.c +++ b/src/or/connection_edge.c @@ -33,6 +33,7 @@ static int connection_ap_process_natd(edge_connection_t *conn); static int connection_exit_connect_dir(edge_connection_t *exitconn); static int address_is_in_virtual_range(const char *addr); static int consider_plaintext_ports(edge_connection_t *conn, uint16_t port); +static void clear_trackexithost_mappings(const char *exitname); /** An AP stream has failed/finished. If it hasn't already sent back * a socks reply, send one now (based on endreason). Also set @@ -493,8 +494,7 @@ circuit_discard_optional_exit_enclaves(extend_info_t *info) } if (conn->chosen_exit_retries) { if (--conn->chosen_exit_retries == 0) { /* give up! */ - /* XXX020rc unregister maps from foo to - * foo.chosen_exit_name.exit \forall foo. -RD */ + clear_trackexithost_mappings(edge_conn->chosen_exit_name); tor_free(edge_conn->chosen_exit_name); /* clears it */ /* if this port is dangerous, warn or reject it now that we don't * think it'll be using an enclave. */ @@ -551,7 +551,8 @@ connection_ap_detach_retriable(edge_connection_t *conn, origin_circuit_t *circ, typedef struct { char *new_address; time_t expires; - int num_resolve_failures; + addressmap_entry_source_t source:3; + short num_resolve_failures; } addressmap_entry_t; /** Entry for mapping addresses to which virtual address we mapped them to. */ @@ -632,6 +633,28 @@ addressmap_ent_remove(const char *address, addressmap_entry_t *ent) addressmap_ent_free(ent); } +/** Unregister all TrackHostExits mappings from any address to + * *.exitname.exit. */ +static void +clear_trackexithost_mappings(const char *exitname) +{ + char *suffix; + size_t suffix_len; + if (!addressmap || !exitname) + return; + suffix_len = strlen(exitname) + 16; + suffix = tor_malloc(suffix_len); + tor_snprintf(suffix, suffix_len, ".%s.exit", exitname); + tor_strlower(suffix); + + STRMAP_FOREACH_MODIFY(addressmap, address, addressmap_entry_t *, ent) { + if (ent->source == ADDRMAPSRC_TRACKEXIT && !strcmpend(address, suffix)) { + addressmap_ent_remove(address, ent); + MAP_DEL_CURRENT(address); + } + } STRMAP_FOREACH_END; +} + /** Remove all entries from the addressmap that were set via the * configuration file or the command line. */ void @@ -761,7 +784,8 @@ addressmap_have_mapping(const char *address) * any mappings that exist from <b>address</b>. */ void -addressmap_register(const char *address, char *new_address, time_t expires) +addressmap_register(const char *address, char *new_address, time_t expires, + addressmap_entry_source_t source) { addressmap_entry_t *ent; @@ -798,6 +822,7 @@ addressmap_register(const char *address, char *new_address, time_t expires) ent->new_address = new_address; ent->expires = expires==2 ? 1 : expires; ent->num_resolve_failures = 0; + ent->source = source; log_info(LD_CONFIG, "Addressmap: (re)mapped '%s' to '%s'", safe_str(address), safe_str(ent->new_address)); @@ -817,7 +842,8 @@ client_dns_incr_failures(const char *address) ent->expires = time(NULL) + MAX_DNS_ENTRY_AGE; strmap_set(addressmap,address,ent); } - ++ent->num_resolve_failures; + if (++ent->num_resolve_failures < 0) /* overflow. */ + ent->num_resolve_failures = SHORT_MAX; log_info(LD_APP, "Address %s now has %d resolve failures.", safe_str(address), ent->num_resolve_failures); return ent->num_resolve_failures; @@ -879,7 +905,7 @@ client_dns_set_addressmap_impl(const char *address, const char *name, "%s", name); } addressmap_register(extendedaddress, tor_strdup(extendedval), - time(NULL) + ttl); + time(NULL) + ttl, ADDRMAPSRC_DNS); } /** Record the fact that <b>address</b> resolved to <b>val</b>. @@ -1105,7 +1131,7 @@ addressmap_register_virtual_address(int type, char *new_address) tor_free(*addrp); *addrp = addressmap_get_virtual_address(type); log_info(LD_APP, "Registering map from %s to %s", *addrp, new_address); - addressmap_register(*addrp, new_address, 2); + addressmap_register(*addrp, new_address, 2, ADDRMAPSRC_CONTROLLER); #if 0 { diff --git a/src/or/control.c b/src/or/control.c index 3650170bd7..f79709fb2f 100644 --- a/src/or/control.c +++ b/src/or/control.c @@ -1260,7 +1260,7 @@ handle_control_mapaddress(control_connection_t *conn, uint32_t len, smartlist_add(reply, ans); } } else { - addressmap_register(from, tor_strdup(to), 1); + addressmap_register(from, tor_strdup(to), 1, ADDRMAPSRC_CONTROLLER); tor_snprintf(ans, anslen, "250-%s", line); smartlist_add(reply, ans); } diff --git a/src/or/or.h b/src/or/or.h index 1c5a16f598..b0ec610737 100644 --- a/src/or/or.h +++ b/src/or/or.h @@ -2816,8 +2816,12 @@ void addressmap_clear_transient(void); void addressmap_free_all(void); int addressmap_rewrite(char *address, size_t maxlen, time_t *expires_out); int addressmap_have_mapping(const char *address); +typedef enum { + ADDRMAPSRC_CONTROLLER, ADDRMAPSRC_TORRC, ADDRMAPSRC_TRACKEXIT, + ADDRMAPSRC_DNS, +} addressmap_entry_source_t; void addressmap_register(const char *address, char *new_address, - time_t expires); + time_t expires, addressmap_entry_source_t source); int parse_virtual_addr_network(const char *val, int validate_only, char **msg); int client_dns_incr_failures(const char *address); |