1 files changed, 239 insertions, 0 deletions

diff --git a/src/feature/relay/relay_find_addr.c b/src/feature/relay/relay_find_addr.c
new file mode 100644
index 0000000000..c43885af51
--- /dev/null
+++ b/src/feature/relay/relay_find_addr.c
@@ -0,0 +1,239 @@
+/* Copyright (c) 2001-2020, The Tor Project, Inc. */
+/* See LICENSE for licensing information */
+
+/**
+ * \file relay_find_addr.c
+ * \brief Implement mechanism for a relay to find its address.
+ **/
+
+#include "core/or/or.h"
+
+#include "app/config/config.h"
+#include "app/config/resolve_addr.h"
+
+#include "core/mainloop/mainloop.h"
+#include "core/or/circuitlist.h"
+#include "core/or/circuituse.h"
+#include "core/or/extendinfo.h"
+
+#include "feature/control/control_events.h"
+#include "feature/dircommon/dir_connection_st.h"
+#include "feature/nodelist/dirlist.h"
+#include "feature/nodelist/node_select.h"
+#include "feature/nodelist/nodelist.h"
+#include "feature/nodelist/routerstatus_st.h"
+#include "feature/relay/relay_find_addr.h"
+#include "feature/relay/router.h"
+#include "feature/relay/routermode.h"
+
+/** Consider the address suggestion suggested_addr as a possible one to use as
+ * our address.
+ *
+ * This is called when a valid NETINFO cell is received containing a candidate
+ * for our address or when a directory sends us back the X-Your-Address-Is
+ * header.
+ *
+ * The suggested address is ignored if it does NOT come from a trusted source.
+ * At the moment, we only look a trusted directory authorities.
+ *
+ * The suggested address is ignored if it is internal or it is the same as the
+ * given peer_addr which is the address from the endpoint that sent the
+ * NETINFO cell.
+ *
+ * The identity_digest is NULL if this is an address suggested by a directory
+ * since this is a plaintext connection.
+ *
+ * The suggested address is set in our suggested address cache if everything
+ * passes. */
+void
+relay_address_new_suggestion(const tor_addr_t *suggested_addr,
+                             const tor_addr_t *peer_addr,
+                             const char *identity_digest)
+{
+  const or_options_t *options = get_options();
+
+  tor_assert(suggested_addr);
+  tor_assert(peer_addr);
+
+  /* Non server should just ignore this suggestion. Clients don't need to
+   * learn their address let alone cache it. */
+  if (!server_mode(options)) {
+    return;
+  }
+
+  /* Is the peer a trusted source? Ignore anything coming from non trusted
+   * source. In this case, we only look at trusted directory authorities. */
+  if (!router_addr_is_trusted_dir(peer_addr) ||
+      (identity_digest && !router_digest_is_trusted_dir(identity_digest))) {
+    return;
+  }
+
+  /* Ignore a suggestion that is an internal address or the same as the one
+   * the peer address. */
+  if (tor_addr_is_internal(suggested_addr, 0)) {
+    /* Do not believe anyone who says our address is internal. */
+    return;
+  }
+  if (tor_addr_eq(suggested_addr, peer_addr)) {
+    /* Do not believe anyone who says our address is their address. */
+    log_fn(LOG_PROTOCOL_WARN, LD_PROTOCOL,
+           "A relay endpoint %s is telling us that their address is ours.",
+           fmt_addr(peer_addr));
+    return;
+  }
+
+  /* Save the suggestion in our cache. */
+  resolved_addr_set_suggested(suggested_addr);
+}
+
+/** Find our address to be published in our descriptor. Three places are
+ * looked at:
+ *
+ *    1. Resolved cache. Populated by find_my_address() during the relay
+ *       periodic event that attempts to learn if our address has changed.
+ *
+ *    2. If flags is set with RELAY_FIND_ADDR_CACHE_ONLY, only the resolved
+ *       and suggested cache are looked at. No address discovery will be done.
+ *
+ *    3. Finally, if all fails, use the suggested address cache which is
+ *       populated by the NETINFO cell content or HTTP header from a
+ *       directory.
+ *
+ * The AddressDisableIPv6 is checked here for IPv6 address discovery and if
+ * set, false is returned and addr_out is UNSPEC.
+ *
+ * Before doing any discovery, the configuration is checked for an ORPort of
+ * the given family. If none can be found, false is returned and addr_out is
+ * UNSPEC.
+ *
+ * Return true on success and addr_out contains the address to use for the
+ * given family. On failure to find the address, false is returned and
+ * addr_out is set to an AF_UNSPEC address. */
+MOCK_IMPL(bool,
+relay_find_addr_to_publish, (const or_options_t *options, int family,
+                             int flags, tor_addr_t *addr_out))
+{
+  tor_assert(options);
+  tor_assert(addr_out);
+
+  tor_addr_make_unspec(addr_out);
+
+  /* If an IPv6 is requested, check if IPv6 address discovery is disabled on
+   * this instance. If so, we return a failure. It is done here so we don't
+   * query the suggested cache that might be populated with an IPv6. */
+  if (family == AF_INET6 && options->AddressDisableIPv6) {
+    return false;
+  }
+
+  /* There is no point on attempting an address discovery to publish if we
+   * don't have an ORPort for this family. */
+  if (!routerconf_find_or_port(options, family)) {
+    return false;
+  }
+
+  /* First, check our resolved address cache. It should contain the address
+   * we've discovered from the periodic relay event. */
+  resolved_addr_get_last(family, addr_out);
+  if (!tor_addr_is_null(addr_out)) {
+    goto found;
+  }
+
+  /* Second, attempt to find our address. The following can do a DNS resolve
+   * thus only do it when the no cache only flag is flipped. */
+  if (!(flags & RELAY_FIND_ADDR_CACHE_ONLY)) {
+    if (find_my_address(options, family, LOG_INFO, addr_out, NULL, NULL)) {
+      goto found;
+    }
+  }
+
+  /* Third, consider address from our suggestion cache. */
+  resolved_addr_get_suggested(family, addr_out);
+  if (!tor_addr_is_null(addr_out)) {
+    goto found;
+  }
+
+  /* No publishable address was found even though we have an ORPort thus
+   * print a notice log so operator can notice. We'll do that every hour so
+   * it is not too spammy but enough so operators address the issue. */
+  static ratelim_t rlim = RATELIM_INIT(3600);
+  log_fn_ratelim(&rlim, LOG_NOTICE, LD_CONFIG,
+                 "Unable to find %s address for ORPort %u. "
+                 "You might want to specify %sOnly to it or set an "
+                 "explicit address or set Address.",
+                 fmt_af_family(family),
+                 routerconf_find_or_port(options, family),
+                 (family == AF_INET) ? fmt_af_family(AF_INET6) :
+                                       fmt_af_family(AF_INET));
+
+  /* Not found. */
+  return false;
+
+ found:
+  return true;
+}
+
+/** How often should we launch a circuit to an authority to be sure of getting
+ * a guess for our IP? */
+#define DUMMY_DOWNLOAD_INTERVAL (20*60)
+
+void
+relay_addr_learn_from_dirauth(void)
+{
+  static time_t last_dummy_circuit = 0;
+  const or_options_t *options = get_options();
+  time_t now = time(NULL);
+  bool have_addr;
+  tor_addr_t addr_out;
+
+  /* This dummy circuit only matter for relays. */
+  if (BUG(!server_mode(options))) {
+    return;
+  }
+
+  /* Lookup the address cache to learn if we have a good usable address. We
+   * still force relays to have an IPv4 so that alone is enough to learn if we
+   * need a lookup. In case we don't have one, we might want to attempt a
+   * dummy circuit to learn our address as a suggestion from an authority. */
+  have_addr = relay_find_addr_to_publish(options, AF_INET,
+                                         RELAY_FIND_ADDR_CACHE_ONLY,
+                                         &addr_out);
+
+  /* If we're a relay or bridge for which we were unable to discover our
+   * public address, we rely on learning our address from a directory
+   * authority from the NETINFO cell. */
+  if (!have_addr && last_dummy_circuit + DUMMY_DOWNLOAD_INTERVAL < now) {
+    last_dummy_circuit = now;
+
+    const routerstatus_t *rs = router_pick_trusteddirserver(V3_DIRINFO, 0);
+    if (BUG(!rs)) {
+      /* We should really always have trusted directories configured at this
+       * stage. They are loaded early either from default list or the one
+       * given in the configuration file. */
+      return;
+    }
+    const node_t *node = node_get_by_id(rs->identity_digest);
+    if (!node) {
+      /* This can happen if we are still in the early starting stage where no
+       * descriptors we actually fetched and thus we have the routerstatus_t
+       * for the authority but not its descriptor which is needed to build a
+       * circuit and thus learn our address. */
+      log_info(LD_GENERAL, "Can't build a circuit to an authority. Unable to "
+                           "learn for now our address from them.");
+      return;
+    }
+    extend_info_t *ei = extend_info_from_node(node, 1);
+    if (BUG(!ei)) {
+      return;
+    }
+
+    log_debug(LD_GENERAL, "Attempting dummy testing circuit to an authority "
+                          "in order to learn our address.");
+
+    /* Launch a one-hop testing circuit to a trusted authority so we can learn
+     * our address through the NETINFO cell. */
+    circuit_launch_by_extend_info(CIRCUIT_PURPOSE_TESTING, ei,
+                                  CIRCLAUNCH_IS_INTERNAL |
+                                  CIRCLAUNCH_ONEHOP_TUNNEL);
+    extend_info_free(ei);
+  }
+}