diff options
| author | Nick Mathewson <nickm@torproject.org> | 2020-02-18 12:08:29 -0500 |
|---|---|---|
| committer | Nick Mathewson <nickm@torproject.org> | 2020-02-18 12:08:29 -0500 |
| commit | 1f06f494c8ce45946e565237a8a52785a8ece447 (patch) | |
| tree | b069175937c642fed7f300e157bdcc8446469ea5 /src/core/or/connection_edge.c | |
| parent | dcbc45e6b2f80e8bd3664972d6317331d6b3bc85 (diff) | |
| download | tor-1f06f494c8ce45946e565237a8a52785a8ece447.tar.gz tor-1f06f494c8ce45946e565237a8a52785a8ece447.zip | |
Move DNS TTL manipulation code to src/core/or
This removes a dependency from the client code on feature/relay.
Diffstat (limited to 'src/core/or/connection_edge.c')
| -rw-r--r-- | src/core/or/connection_edge.c | 15 |
1 files changed, 15 insertions, 0 deletions
diff --git a/src/core/or/connection_edge.c b/src/core/or/connection_edge.c index eae07141c7..23c6e230cb 100644 --- a/src/core/or/connection_edge.c +++ b/src/core/or/connection_edge.c @@ -432,6 +432,21 @@ warn_if_hs_unreachable(const edge_connection_t *conn, uint8_t reason) } } +/** Given a TTL (in seconds) from a DNS response or from a relay, determine + * what TTL clients and relays should actually use for caching it. */ +uint32_t +clip_dns_ttl(uint32_t ttl) +{ + /* This logic is a defense against "DefectTor" DNS-based traffic + * confirmation attacks, as in https://nymity.ch/tor-dns/tor-dns.pdf . + * We only give two values: a "low" value and a "high" value. + */ + if (ttl < MIN_DNS_TTL) + return MIN_DNS_TTL; + else + return MAX_DNS_TTL; +} + /** Send a relay end cell from stream <b>conn</b> down conn's circuit, and * remember that we've done so. If this is not a client connection, set the * relay end cell's reason for closing as <b>reason</b>. |