Warn users when addresses in ports and descriptor are inconsistent

This mitigates bug 13953.

1 files changed, 83 insertions, 0 deletions

diff --git a/src/or/router.c b/src/or/router.c
index 68bcf1326e..d48bd05d98 100644
--- a/src/or/router.c
+++ b/src/or/router.c
@@ -1896,6 +1896,85 @@ router_pick_published_address,(const or_options_t *options, uint32_t *addr))
   return 0;
 }
 
+/* Tor relays only have one IPv4 address in the descriptor, which is derived
+ * from the Address torrc option, or guessed using various methods in
+ * router_pick_published_address().
+ * Warn the operator if there is no ORPort on the descriptor address
+ * ipv4h_desc_addr.
+ * Warn the operator if there is no DirPort on the descriptor address.
+ * This catches a few common config errors:
+ *  - operators who expect ORPorts and DirPorts to be advertised on the
+ *    ports' listen addresses, rather than the torrc Address (or guessed
+ *    addresses in the absence of an Address config). This includes
+ *    operators who attempt to put their ORPort and DirPort on different
+ *    addresses;
+ *  - discrepancies between guessed addresses and configured listen
+ *    addresses (when the Address option isn't set).
+ * If a listener is listening on all IPv4 addresses, it is assumed that it
+ * is listening on the configured Address, and no messages are logged.
+ * If an operators has specified NoAdvertise ORPorts in a NAT setting,
+ * no messages are logged, unless they have specified other advertised
+ * addresses.
+ * The message tells operators to configure an ORPort and DirPort that match
+ * the Address (using NoListen if needed).
+ */
+static void
+router_check_descriptor_address_consistency(uint32_t ipv4h_desc_addr)
+{
+
+  /* The first configured ORPort and DirPort, which may be CFG_AUTO_PORT. */
+  int orport_v4_cfg = get_first_advertised_port_by_type_af(
+                                                        CONN_TYPE_OR_LISTENER,
+                                                        AF_INET);
+  int dirport_v4_cfg = get_first_advertised_port_by_type_af(
+                                                        CONN_TYPE_DIR_LISTENER,
+                                                        AF_INET);
+
+  if (orport_v4_cfg != 0 &&
+      !port_exists_by_type_addr32h_port(CONN_TYPE_OR_LISTENER,
+                                        ipv4h_desc_addr, orport_v4_cfg, 1)) {
+      const tor_addr_t *port_addr = get_first_advertised_addr_by_type_af(
+                                                        CONN_TYPE_OR_LISTENER,
+                                                        AF_INET);
+      tor_addr_t desc_addr;
+      char port_addr_str[TOR_ADDR_BUF_LEN];
+      char desc_addr_str[TOR_ADDR_BUF_LEN];
+
+      tor_addr_to_str(port_addr_str, port_addr, TOR_ADDR_BUF_LEN, 0);
+
+      tor_addr_from_ipv4h(&desc_addr, ipv4h_desc_addr);
+      tor_addr_to_str(desc_addr_str, &desc_addr, TOR_ADDR_BUF_LEN, 0);
+
+      log_warn(LD_CONFIG, "The configured IPv4 ORPort address %s does not "
+               "match the address %s in the descriptor. Please configure "
+               "matching IPv4 addresses for the Address and ORPort options. "
+               "Use NoListen on the ORPort if you are behind a NAT.",
+               port_addr_str, desc_addr_str);
+    }
+
+  if (dirport_v4_cfg != 0 &&
+      !port_exists_by_type_addr32h_port(CONN_TYPE_DIR_LISTENER,
+                                        ipv4h_desc_addr, dirport_v4_cfg, 1)) {
+      const tor_addr_t *port_addr = get_first_advertised_addr_by_type_af(
+                                                        CONN_TYPE_DIR_LISTENER,
+                                                        AF_INET);
+      tor_addr_t desc_addr;
+      char port_addr_str[TOR_ADDR_BUF_LEN];
+      char desc_addr_str[TOR_ADDR_BUF_LEN];
+
+      tor_addr_to_str(port_addr_str, port_addr, TOR_ADDR_BUF_LEN, 0);
+
+      tor_addr_from_ipv4h(&desc_addr, ipv4h_desc_addr);
+      tor_addr_to_str(desc_addr_str, &desc_addr, TOR_ADDR_BUF_LEN, 0);
+
+      log_warn(LD_CONFIG, "The configured IPv4 DirPort address %s does not "
+               "match the address %s in the descriptor. Please configure "
+               "matching IPv4 addresses for the Address and DirPort options. "
+               "Use NoListen on the DirPort if you are behind a NAT.",
+               port_addr_str, desc_addr_str);
+    }
+}
+
 /** Build a fresh routerinfo, signed server descriptor, and extra-info document
  * for this OR. Set r to the generated routerinfo, e to the generated
  * extra-info document. Return 0 on success, -1 on temporary error. Failure to
@@ -1918,6 +1997,10 @@ router_build_fresh_descriptor(routerinfo_t **r, extrainfo_t **e)
     return -1;
   }
 
+  /* Log a message if the address in the descriptor doesn't match the ORPort
+   * and DirPort addresses configured by the operator. */
+  router_check_descriptor_address_consistency(addr);
+
   ri = tor_malloc_zero(sizeof(routerinfo_t));
   ri->cache_info.routerlist_index = -1;
   ri->nickname = tor_strdup(options->Nickname);