From ae3ce7b3873e61eb4d6c273820a0cabf3e471081 Mon Sep 17 00:00:00 2001 From: Nick Mathewson Date: Mon, 29 Sep 2008 14:53:53 +0000 Subject: Patch from mwenge: update TrackHostExits mapping expiry times when the mappings are used, so that they expire a while after their last use, not a while after their creation. svn:r17004 --- src/or/buffers.c | 9 +++++---- src/or/circuituse.c | 3 ++- src/or/connection_edge.c | 17 +++++++++++++---- src/or/or.h | 2 +- 4 files changed, 21 insertions(+), 10 deletions(-) (limited to 'src/or') diff --git a/src/or/buffers.c b/src/or/buffers.c index 634df13b10..ba70e555dc 100644 --- a/src/or/buffers.c +++ b/src/or/buffers.c @@ -1402,7 +1402,7 @@ fetch_from_buf_socks(buf_t *buf, socks_request_t *req, req->port = ntohs(get_uint16(buf->head->data+4+addrlen)); buf_remove_from_front(buf, 6+addrlen); if (req->command != SOCKS_COMMAND_RESOLVE_PTR && - !addressmap_have_mapping(req->address) && + !addressmap_have_mapping(req->address,0) && !have_warned_about_unsafe_socks) { log_warn(LD_APP, "Your application (using socks5 to port %d) is giving " @@ -1412,7 +1412,8 @@ fetch_from_buf_socks(buf_t *buf, socks_request_t *req, "please see http://wiki.noreply.org/noreply/TheOnionRouter/" "TorFAQ#SOCKSAndDNS.%s", req->port, safe_socks ? " Rejecting." : ""); -// have_warned_about_unsafe_socks = 1; // (for now, warn every time) + /*have_warned_about_unsafe_socks = 1;*/ + /*(for now, warn every time)*/ control_event_client_status(LOG_WARN, "DANGEROUS_SOCKS PROTOCOL=SOCKS5 ADDRESS=%s:%d", req->address, req->port); @@ -1514,7 +1515,7 @@ fetch_from_buf_socks(buf_t *buf, socks_request_t *req, startaddr = NULL; if (socks4_prot != socks4a && - !addressmap_have_mapping(tmpbuf) && + !addressmap_have_mapping(tmpbuf,0) && !have_warned_about_unsafe_socks) { log_warn(LD_APP, "Your application (using socks4 to port %d) is giving Tor " @@ -1524,7 +1525,7 @@ fetch_from_buf_socks(buf_t *buf, socks_request_t *req, "please see http://wiki.noreply.org/noreply/TheOnionRouter/" "TorFAQ#SOCKSAndDNS.%s", req->port, safe_socks ? " Rejecting." : ""); -// have_warned_about_unsafe_socks = 1; // (for now, warn every time) + /*have_warned_about_unsafe_socks = 1;*/ /*(for now, warn every time)*/ control_event_client_status(LOG_WARN, "DANGEROUS_SOCKS PROTOCOL=SOCKS4 ADDRESS=%s:%d", tmpbuf, req->port); diff --git a/src/or/circuituse.c b/src/or/circuituse.c index 62ced088b5..26e956ddb2 100644 --- a/src/or/circuituse.c +++ b/src/or/circuituse.c @@ -1251,7 +1251,8 @@ consider_recording_trackhost(edge_connection_t *conn, origin_circuit_t *circ) /* Search the addressmap for this conn's destination. */ /* If he's not in the address map.. */ if (!options->TrackHostExits || - addressmap_have_mapping(conn->socks_request->address)) + addressmap_have_mapping(conn->socks_request->address, + options->TrackHostExitsExpire)) return; /* nothing to track, or already mapped */ SMARTLIST_FOREACH(options->TrackHostExits, const char *, cp, { diff --git a/src/or/connection_edge.c b/src/or/connection_edge.c index bd53c9beea..b1d42cc5f4 100644 --- a/src/or/connection_edge.c +++ b/src/or/connection_edge.c @@ -610,7 +610,8 @@ connection_ap_detach_retriable(edge_connection_t *conn, origin_circuit_t *circ, * * (We overload the 'expires' field, using "0" for mappings set via * the configuration file, "1" for mappings set from the control - * interface, and other values for DNS mappings that can expire.) + * interface, and other values for DNS and TrackHostExit mappings that can + * expire.) */ typedef struct { char *new_address; @@ -831,11 +832,19 @@ addressmap_rewrite_reverse(char *address, size_t maxlen, time_t *expires_out) return r; } -/** Return 1 if address is already registered, else return 0 */ +/** Return 1 if address is already registered, else return 0. If address + * is already registered, and update_expires is non-zero, then update + * the expiry time on the mapping with update_expires if it is a + * mapping created by TrackHostExits. */ int -addressmap_have_mapping(const char *address) +addressmap_have_mapping(const char *address, int update_expiry) { - return strmap_get_lc(addressmap, address) ? 1 : 0; + addressmap_entry_t *ent; + if (!(ent=strmap_get_lc(addressmap, address))) + return 0; + if (update_expiry && ent->source==ADDRMAPSRC_TRACKEXIT) + ent->expires=time(NULL) + update_expiry; + return 1; } /** Register a request to map address to new_address, diff --git a/src/or/or.h b/src/or/or.h index 5820a56c4e..7b87e3e3f7 100644 --- a/src/or/or.h +++ b/src/or/or.h @@ -2997,7 +2997,7 @@ void addressmap_clear_configured(void); void addressmap_clear_transient(void); void addressmap_free_all(void); int addressmap_rewrite(char *address, size_t maxlen, time_t *expires_out); -int addressmap_have_mapping(const char *address); +int addressmap_have_mapping(const char *address, int update_timeout); typedef enum { ADDRMAPSRC_CONTROLLER, ADDRMAPSRC_TORRC, ADDRMAPSRC_TRACKEXIT, ADDRMAPSRC_DNS, -- cgit v1.2.3-54-g00ecf