1 files changed, 26 insertions, 13 deletions

diff --git a/src/or/dns.c b/src/or/dns.c
index b5344469b5..7dc3575f53 100644
--- a/src/or/dns.c
+++ b/src/or/dns.c
@@ -102,7 +102,7 @@ static void assert_cache_ok_(void);
 #define assert_cache_ok() assert_cache_ok_()
 #else
 #define assert_cache_ok() STMT_NIL
-#endif
+#endif /* defined(DEBUG_DNS_CACHE) */
 static void assert_resolve_ok(cached_resolve_t *resolve);
 
 /** Hash table of cached_resolve objects. */
@@ -182,6 +182,18 @@ evdns_log_cb(int warn, const char *msg)
   } else if (!strcmp(msg, "All nameservers have failed")) {
     control_event_server_status(LOG_WARN, "NAMESERVER_ALL_DOWN");
     all_down = 1;
+  } else if (!strcmpstart(msg, "Address mismatch on received DNS")) {
+    static ratelim_t mismatch_limit = RATELIM_INIT(3600);
+    const char *src = strstr(msg, " Apparent source");
+    if (!src || get_options()->SafeLogging) {
+      src = "";
+    }
+    log_fn_ratelim(&mismatch_limit, severity, LD_EXIT,
+                   "eventdns: Received a DNS packet from "
+                   "an IP address to which we did not send a request. This "
+                   "could be a DNS spoofing attempt, or some kind of "
+                   "misconfiguration.%s", src);
+    return;
   }
   tor_log(severity, LD_EXIT, "eventdns: %s", msg);
 }
@@ -366,7 +378,7 @@ set_expiry(cached_resolve_t *resolve, time_t expires)
   resolve->expire = expires;
   smartlist_pqueue_add(cached_resolve_pqueue,
                        compare_cached_resolves_by_expiry_,
-                       STRUCT_OFFSET(cached_resolve_t, minheap_idx),
+                       offsetof(cached_resolve_t, minheap_idx),
                        resolve);
 }
 
@@ -413,7 +425,7 @@ purge_expired_resolves(time_t now)
       break;
     smartlist_pqueue_pop(cached_resolve_pqueue,
                          compare_cached_resolves_by_expiry_,
-                         STRUCT_OFFSET(cached_resolve_t, minheap_idx));
+                         offsetof(cached_resolve_t, minheap_idx));
 
     if (resolve->state == CACHE_STATE_PENDING) {
       log_debug(LD_EXIT,
@@ -949,14 +961,14 @@ assert_connection_edge_not_dns_pending(edge_connection_t *conn)
   for (pend = resolve->pending_connections; pend; pend = pend->next) {
     tor_assert(pend->conn != conn);
   }
-#else
+#else /* !(1) */
   cached_resolve_t **resolve;
   HT_FOREACH(resolve, cache_map, &cache_root) {
     for (pend = (*resolve)->pending_connections; pend; pend = pend->next) {
       tor_assert(pend->conn != conn);
     }
   }
-#endif
+#endif /* 1 */
 }
 
 /** Log an error and abort if any connection waiting for a DNS resolve is
@@ -1384,7 +1396,7 @@ configure_nameservers(int force)
       evdns_base_load_hosts(the_evdns_base,
           sandbox_intern_string("/etc/hosts"));
     }
-#endif
+#endif /* defined(DNS_OPTION_HOSTSFILE) && defined(USE_LIBSECCOMP) */
     log_info(LD_EXIT, "Parsing resolver configuration in '%s'", conf_fname);
     if ((r = evdns_base_resolv_conf_parse(the_evdns_base, flags,
         sandbox_intern_string(conf_fname)))) {
@@ -1422,7 +1434,7 @@ configure_nameservers(int force)
     tor_free(resolv_conf_fname);
     resolv_conf_mtime = 0;
   }
-#endif
+#endif /* defined(_WIN32) */
 
 #define SET(k,v)  evdns_base_set_option(the_evdns_base, (k), (v))
 
@@ -1566,10 +1578,11 @@ evdns_callback(int result, char type, int count, int ttl, void *addresses,
                 escaped_safe_str(hostname));
       tor_free(escaped_address);
     } else if (count) {
-      log_warn(LD_EXIT, "eventdns returned only non-IPv4 answers for %s.",
+      log_info(LD_EXIT, "eventdns returned only unrecognized answer types "
+               " for %s.",
                escaped_safe_str(string_address));
     } else {
-      log_warn(LD_BUG, "eventdns returned no addresses or error for %s!",
+      log_info(LD_EXIT, "eventdns returned no addresses or error for %s.",
                escaped_safe_str(string_address));
     }
   }
@@ -1945,7 +1958,7 @@ dns_launch_wildcard_checks(void)
       launch_wildcard_check(8, 16, ipv6, ".com");
       launch_wildcard_check(8, 16, ipv6, ".org");
       launch_wildcard_check(8, 16, ipv6, ".net");
-  }
+    }
   }
 }
 
@@ -2038,7 +2051,7 @@ assert_resolve_ok(cached_resolve_t *resolve)
       tor_assert(!resolve->hostname);
     else
       tor_assert(!resolve->result_ipv4.addr_ipv4);
-#endif
+#endif /* 0 */
     /*XXXXX ADD MORE */
   }
 }
@@ -2088,7 +2101,7 @@ assert_cache_ok_(void)
 
   smartlist_pqueue_assert_ok(cached_resolve_pqueue,
                              compare_cached_resolves_by_expiry_,
-                             STRUCT_OFFSET(cached_resolve_t, minheap_idx));
+                             offsetof(cached_resolve_t, minheap_idx));
 
   SMARTLIST_FOREACH(cached_resolve_pqueue, cached_resolve_t *, res,
     {
@@ -2102,7 +2115,7 @@ assert_cache_ok_(void)
     });
 }
 
-#endif
+#endif /* defined(DEBUG_DNS_CACHE) */
 
 cached_resolve_t *
 dns_get_cache_entry(cached_resolve_t *query)