diff options
| author | Nick Mathewson <nickm@torproject.org> | 2020-02-18 12:08:29 -0500 |
|---|---|---|
| committer | Nick Mathewson <nickm@torproject.org> | 2020-02-18 12:08:29 -0500 |
| commit | 1f06f494c8ce45946e565237a8a52785a8ece447 (patch) | |
| tree | b069175937c642fed7f300e157bdcc8446469ea5 | |
| parent | dcbc45e6b2f80e8bd3664972d6317331d6b3bc85 (diff) | |
| download | tor-1f06f494c8ce45946e565237a8a52785a8ece447.tar.gz tor-1f06f494c8ce45946e565237a8a52785a8ece447.zip | |
Move DNS TTL manipulation code to src/core/or
This removes a dependency from the client code on feature/relay.
| -rw-r--r-- | src/core/or/connection_edge.c | 15 | ||||
| -rw-r--r-- | src/core/or/connection_edge.h | 15 | ||||
| -rw-r--r-- | src/feature/client/addressmap.c | 1 | ||||
| -rw-r--r-- | src/feature/relay/dns.c | 16 | ||||
| -rw-r--r-- | src/feature/relay/dns.h | 14 |
5 files changed, 30 insertions, 31 deletions
diff --git a/src/core/or/connection_edge.c b/src/core/or/connection_edge.c index eae07141c7..23c6e230cb 100644 --- a/src/core/or/connection_edge.c +++ b/src/core/or/connection_edge.c @@ -432,6 +432,21 @@ warn_if_hs_unreachable(const edge_connection_t *conn, uint8_t reason) } } +/** Given a TTL (in seconds) from a DNS response or from a relay, determine + * what TTL clients and relays should actually use for caching it. */ +uint32_t +clip_dns_ttl(uint32_t ttl) +{ + /* This logic is a defense against "DefectTor" DNS-based traffic + * confirmation attacks, as in https://nymity.ch/tor-dns/tor-dns.pdf . + * We only give two values: a "low" value and a "high" value. + */ + if (ttl < MIN_DNS_TTL) + return MIN_DNS_TTL; + else + return MAX_DNS_TTL; +} + /** Send a relay end cell from stream <b>conn</b> down conn's circuit, and * remember that we've done so. If this is not a client connection, set the * relay end cell's reason for closing as <b>reason</b>. diff --git a/src/core/or/connection_edge.h b/src/core/or/connection_edge.h index 11cb252935..8c06af5664 100644 --- a/src/core/or/connection_edge.h +++ b/src/core/or/connection_edge.h @@ -182,6 +182,21 @@ void connection_ap_warn_and_unmark_if_pending_circ( entry_connection_t *entry_conn, const char *where); +/** Lowest value for DNS ttl that a server should give or a client should + * believe. */ +#define MIN_DNS_TTL (5*60) +/** Highest value for DNS ttl that a server should give or a client should + * believe. */ +#define MAX_DNS_TTL (60*60) +/** How long do we keep DNS cache entries before purging them (regardless of + * their TTL)? */ +#define MAX_DNS_ENTRY_AGE (3*60*60) +/** How long do we cache/tell clients to cache DNS records when no TTL is + * known? */ +#define DEFAULT_DNS_TTL (30*60) + +uint32_t clip_dns_ttl(uint32_t ttl); + int connection_half_edge_is_valid_data(const smartlist_t *half_conns, streamid_t stream_id); int connection_half_edge_is_valid_sendme(const smartlist_t *half_conns, diff --git a/src/feature/client/addressmap.c b/src/feature/client/addressmap.c index af76253e41..cc97166f36 100644 --- a/src/feature/client/addressmap.c +++ b/src/feature/client/addressmap.c @@ -23,7 +23,6 @@ #include "app/config/config.h" #include "core/or/connection_edge.h" #include "feature/control/control_events.h" -#include "feature/relay/dns.h" #include "feature/nodelist/nodelist.h" #include "feature/nodelist/routerset.h" diff --git a/src/feature/relay/dns.c b/src/feature/relay/dns.c index 08fe4d39cf..5f4bddab9d 100644 --- a/src/feature/relay/dns.c +++ b/src/feature/relay/dns.c @@ -268,22 +268,6 @@ has_dns_init_failed(void) return nameserver_config_failed; } -/** Helper: Given a TTL from a DNS response, determine what TTL to give the - * OP that asked us to resolve it, and how long to cache that record - * ourselves. */ -uint32_t -clip_dns_ttl(uint32_t ttl) -{ - /* This logic is a defense against "DefectTor" DNS-based traffic - * confirmation attacks, as in https://nymity.ch/tor-dns/tor-dns.pdf . - * We only give two values: a "low" value and a "high" value. - */ - if (ttl < MIN_DNS_TTL) - return MIN_DNS_TTL; - else - return MAX_DNS_TTL; -} - /** Helper: free storage held by an entry in the DNS cache. */ static void free_cached_resolve_(cached_resolve_t *r) diff --git a/src/feature/relay/dns.h b/src/feature/relay/dns.h index e445b23336..a2275c724a 100644 --- a/src/feature/relay/dns.h +++ b/src/feature/relay/dns.h @@ -12,22 +12,9 @@ #ifndef TOR_DNS_H #define TOR_DNS_H -/** Lowest value for DNS ttl that a server will give. */ -#define MIN_DNS_TTL (5*60) -/** Highest value for DNS ttl that a server will give. */ -#define MAX_DNS_TTL (60*60) - -/** How long do we keep DNS cache entries before purging them (regardless of - * their TTL)? */ -#define MAX_DNS_ENTRY_AGE (3*60*60) -/** How long do we cache/tell clients to cache DNS records when no TTL is - * known? */ -#define DEFAULT_DNS_TTL (30*60) - int dns_init(void); int has_dns_init_failed(void); void dns_free_all(void); -uint32_t clip_dns_ttl(uint32_t ttl); int dns_reset(void); void connection_dns_remove(edge_connection_t *conn); void assert_connection_edge_not_dns_pending(edge_connection_t *conn); @@ -74,4 +61,3 @@ launch_resolve,(cached_resolve_t *resolve)); #endif /* defined(DNS_PRIVATE) */ #endif /* !defined(TOR_DNS_H) */ - |