diff options
| author | David Goulet <dgoulet@torproject.org> | 2021-02-01 14:09:58 -0500 |
|---|---|---|
| committer | David Goulet <dgoulet@torproject.org> | 2021-02-01 14:09:58 -0500 |
| commit | ed373eaa8de41f22c28b5c203b85342e0fc48bee (patch) | |
| tree | b841d278cccf2c7b7d2542ff0fdb2b6578928f72 /src/core/or | |
| parent | 387d1d8835df1bffa71e5157c41cb856c5f18d7d (diff) | |
| parent | 627e7d6625997da33b7e00ef33f71db8a8a20cdc (diff) | |
| download | tor-ed373eaa8de41f22c28b5c203b85342e0fc48bee.tar.gz tor-ed373eaa8de41f22c28b5c203b85342e0fc48bee.zip | |
Merge branch 'tor-gitlab/mr/289' into maint-0.4.5
Diffstat (limited to 'src/core/or')
| -rw-r--r-- | src/core/or/address_set.c | 75 | ||||
| -rw-r--r-- | src/core/or/address_set.h | 15 | ||||
| -rw-r--r-- | src/core/or/connection_edge.c | 2 |
3 files changed, 1 insertions, 91 deletions
diff --git a/src/core/or/address_set.c b/src/core/or/address_set.c index fcddc55e9f..9bd3cc0f2d 100644 --- a/src/core/or/address_set.c +++ b/src/core/or/address_set.c @@ -15,7 +15,6 @@ #include "lib/net/address.h" #include "lib/container/bloomfilt.h" #include "lib/crypt_ops/crypto_rand.h" -#include "siphash.h" /** Wrap our hash function to have the signature that the bloom filter * needs. */ @@ -69,77 +68,3 @@ address_set_probably_contains(const address_set_t *set, { return bloomfilt_probably_contains(set, addr); } - -/* Length of the item is an address (IPv4 or IPv6) and a 2 byte port. We use - * 16 bytes for the address here (IPv6) since we do not know which family - * the given address in the item thus in the case of IPv4, the extra bytes - * are simply zeroes to accomodate. */ -#define BLOOMFILT_ADDR_PORT_ITEM_LEN (16 + sizeof(uint16_t)) - -/** Build an item for the bloomfilter consisting of an address and port pair. - * - * If the given address is _not_ AF_INET or AF_INET6, then the item is an - * array of 0s. - * - * Return a pointer to a static buffer containing the item. Next call to this - * function invalidates its previous content. */ -static const uint8_t * -build_addr_port_item(const tor_addr_t *addr, const uint16_t port) -{ - static uint8_t data[BLOOMFILT_ADDR_PORT_ITEM_LEN]; - - memset(data, 0, sizeof(data)); - switch (tor_addr_family(addr)) { - case AF_INET: - memcpy(data, &addr->addr.in_addr.s_addr, 4); - break; - case AF_INET6: - memcpy(data, &addr->addr.in6_addr.s6_addr, 16); - break; - case AF_UNSPEC: - /* Leave the 0. */ - break; - default: - /* LCOV_EXCL_START */ - tor_fragile_assert(); - /* LCOV_EXCL_STOP */ - } - - memcpy(data + 16, &port, sizeof(port)); - return data; -} - -/** Return a hash value for the given item that the bloomfilter will use. */ -static uint64_t -bloomfilt_addr_port_hash(const struct sipkey *key, - const void *item) -{ - return siphash24(item, BLOOMFILT_ADDR_PORT_ITEM_LEN, key); -} - -/** Allocate and return an addr_port_set_t, suitable for holding up to - * max_address_guess distinct values. */ -addr_port_set_t * -addr_port_set_new(int max_addresses_guess) -{ - uint8_t k[BLOOMFILT_KEY_LEN]; - crypto_rand((void*)k, sizeof(k)); - return bloomfilt_new(max_addresses_guess, bloomfilt_addr_port_hash, k); -} - -/** Add an address and port pair to the given set. */ -void -addr_port_set_add(addr_port_set_t *set, const tor_addr_t *addr, uint16_t port) -{ - bloomfilt_add(set, build_addr_port_item(addr, port)); -} - -/** Return true if the given address and port pair are in the set. Of course, - * this is a bloomfilter and thus in rare occasion, a false positive happens - * thus the "probably". */ -bool -addr_port_set_probably_contains(const addr_port_set_t *set, - const tor_addr_t *addr, uint16_t port) -{ - return !!bloomfilt_probably_contains(set, build_addr_port_item(addr, port)); -} diff --git a/src/core/or/address_set.h b/src/core/or/address_set.h index 2c78ab0576..b4d94b65a9 100644 --- a/src/core/or/address_set.h +++ b/src/core/or/address_set.h @@ -29,19 +29,4 @@ void address_set_add_ipv4h(address_set_t *set, uint32_t addr); int address_set_probably_contains(const address_set_t *set, const struct tor_addr_t *addr); -/** - * An addr_port_set_t represents a set of tor_addr_t values with a uint16_t - * port value. The implementation is probabilistic: false negatives cannot - * occur but false positives are possible. - */ -typedef struct bloomfilt_t addr_port_set_t; - -addr_port_set_t *addr_port_set_new(int max_addresses_guess); -#define addr_port_set_free(s) bloomfilt_free(s) -void addr_port_set_add(addr_port_set_t *set, - const struct tor_addr_t *addr, uint16_t port); -bool addr_port_set_probably_contains(const addr_port_set_t *set, - const struct tor_addr_t *addr, - uint16_t port); - #endif /* !defined(TOR_ADDRESS_SET_H) */ diff --git a/src/core/or/connection_edge.c b/src/core/or/connection_edge.c index 04005b29a6..a33c64fe19 100644 --- a/src/core/or/connection_edge.c +++ b/src/core/or/connection_edge.c @@ -4290,7 +4290,7 @@ connection_exit_connect(edge_connection_t *edge_conn) * case of an attack so this is a small price to pay. */ if (!connection_edge_is_rendezvous_stream(edge_conn) && !network_reentry_is_allowed() && - nodelist_reentry_probably_contains(&conn->addr, conn->port)) { + nodelist_reentry_contains(&conn->addr, conn->port)) { log_info(LD_EXIT, "%s tried to connect back to a known relay address. " "Closing.", connection_describe(conn)); connection_edge_end(edge_conn, END_STREAM_REASON_CONNECTREFUSED); |