/* Copyright (c) 2001 Matej Pfajfar. * Copyright (c) 2001-2004, Roger Dingledine. * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson. * Copyright (c) 2007-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ /** * \file addressmap.c * * \brief The addressmap module manages the processes by which we rewrite * addresses in client requess. It handles the MapAddress controller and * torrc commands, and the TrackHostExits feature, and the client-side DNS * cache (deprecated). */ #define ADDRESSMAP_PRIVATE #include "lib/crypt_ops/crypto_rand.h" #include "core/or/or.h" #include "feature/client/addressmap.h" #include "core/or/circuituse.h" #include "app/config/config.h" #include "core/or/connection_edge.h" #include "feature/control/control_events.h" #include "feature/nodelist/nodelist.h" #include "feature/nodelist/routerset.h" #include "core/or/entry_connection_st.h" /** A client-side struct to remember requests to rewrite addresses * to new addresses. These structs are stored in the hash table * "addressmap" below. * * There are 5 ways to set an address mapping: * - A MapAddress command from the controller [permanent] * - An AddressMap directive in the torrc [permanent] * - When a TrackHostExits torrc directive is triggered [temporary] * - When a DNS resolve succeeds [temporary] * - When a DNS resolve fails [temporary] * * When an addressmap request is made but one is already registered, * the new one is replaced only if the currently registered one has * no "new_address" (that is, it's in the process of DNS resolve), * or if the new one is permanent (expires==0 or 1). * * (We overload the 'expires' field, using "0" for mappings set via * the configuration file, "1" for mappings set from the control * interface, and other values for DNS and TrackHostExit mappings that can * expire.) * * A mapping may be 'wildcarded'. If "src_wildcard" is true, then * any address that ends with a . followed by the key for this entry will * get remapped by it. If "dst_wildcard" is also true, then only the * matching suffix of such addresses will get replaced by new_address. */ typedef struct { char *new_address; time_t expires; addressmap_entry_source_bitfield_t source:3; unsigned src_wildcard:1; unsigned dst_wildcard:1; short num_resolve_failures; } addressmap_entry_t; /** Entry for mapping addresses to which virtual address we mapped them to. */ typedef struct { char *ipv4_address; char *ipv6_address; char *hostname_address; } virtaddress_entry_t; /** A hash table to store client-side address rewrite instructions. */ static strmap_t *addressmap=NULL; /** * Table mapping addresses to which virtual address, if any, we * assigned them to. * * We maintain the following invariant: if [A,B] is in * virtaddress_reversemap, then B must be a virtual address, and [A,B] * must be in addressmap. We do not require that the converse hold: * if it fails, then we could end up mapping two virtual addresses to * the same address, which is no disaster. **/ static strmap_t *virtaddress_reversemap=NULL; /** Initialize addressmap. */ void addressmap_init(void) { addressmap = strmap_new(); virtaddress_reversemap = strmap_new(); } #define addressmap_ent_free(ent) \ FREE_AND_NULL(addressmap_entry_t, addressmap_ent_free_, (ent)) /** Free the memory associated with the addressmap entry _ent. */ static void addressmap_ent_free_(addressmap_entry_t *ent) { if (!ent) return; tor_free(ent->new_address); tor_free(ent); } static void addressmap_ent_free_void(void *ent) { addressmap_ent_free_(ent); } #define addressmap_virtaddress_ent_free(ent) \ FREE_AND_NULL(virtaddress_entry_t, addressmap_virtaddress_ent_free_, (ent)) /** Free storage held by a virtaddress_entry_t* entry in _ent. */ static void addressmap_virtaddress_ent_free_(virtaddress_entry_t *ent) { if (!ent) return; tor_free(ent->ipv4_address); tor_free(ent->ipv6_address); tor_free(ent->hostname_address); tor_free(ent); } static void addressmap_virtaddress_ent_free_void(void *ent) { addressmap_virtaddress_ent_free_(ent); } /** Remove address (which must map to ent) from the * virtual address map. */ static void addressmap_virtaddress_remove(const char *address, addressmap_entry_t *ent) { if (ent && ent->new_address && address_is_in_virtual_range(ent->new_address)) { virtaddress_entry_t *ve = strmap_get(virtaddress_reversemap, ent->new_address); /*log_fn(LOG_NOTICE,"remove reverse mapping for %s",ent->new_address);*/ if (ve) { if (!strcmp(address, ve->ipv4_address)) tor_free(ve->ipv4_address); if (!strcmp(address, ve->ipv6_address)) tor_free(ve->ipv6_address); if (!strcmp(address, ve->hostname_address)) tor_free(ve->hostname_address); if (!ve->ipv4_address && !ve->ipv6_address && !ve->hostname_address) { tor_free(ve); strmap_remove(virtaddress_reversemap, ent->new_address); } } } } /** Remove ent (which must be mapped to by address) from the * client address maps, and then free it. */ static void addressmap_ent_remove(const char *address, addressmap_entry_t *ent) { addressmap_virtaddress_remove(address, ent); addressmap_ent_free(ent); } /** Unregister all TrackHostExits mappings from any address to * *.exitname.exit. */ void clear_trackexithost_mappings(const char *exitname) { char *suffix = NULL; if (!addressmap || !exitname) return; tor_asprintf(&suffix, ".%s.exit", exitname); tor_strlower(suffix); STRMAP_FOREACH_MODIFY(addressmap, address, addressmap_entry_t *, ent) { if (ent->source == ADDRMAPSRC_TRACKEXIT && !strcmpend(ent->new_address, suffix)) { addressmap_ent_remove(address, ent); MAP_DEL_CURRENT(address); } } STRMAP_FOREACH_END; tor_free(suffix); } /** Remove all TRACKEXIT mappings from the addressmap for which the target * host is unknown or no longer allowed, or for which the source address * is no longer in trackexithosts. */ void addressmap_clear_excluded_trackexithosts(const or_options_t *options) { const routerset_t *allow_nodes = options->ExitNodes; const routerset_t *exclude_nodes = options->ExcludeExitNodesUnion_; if (!addressmap) return; if (routerset_is_empty(allow_nodes)) allow_nodes = NULL; if (allow_nodes == NULL && routerset_is_empty(exclude_nodes)) return; STRMAP_FOREACH_MODIFY(addressmap, address, addressmap_entry_t *, ent) { size_t len; const char *target = ent->new_address, *dot; char *nodename; const node_t *node; if (!target) { /* DNS resolving in progress */ continue; } else if (strcmpend(target, ".exit")) { /* Not a .exit mapping */ continue; } else if (ent->source != ADDRMAPSRC_TRACKEXIT) { /* Not a trackexit mapping. */ continue; } len = strlen(target); if (len < 6) continue; /* malformed. */ dot = target + len - 6; /* dot now points to just before .exit */ while (dot > target && *dot != '.') dot--; if (*dot == '.') dot++; nodename = tor_strndup(dot, len-5-(dot-target)); node = node_get_by_nickname(nodename, NNF_NO_WARN_UNNAMED); tor_free(nodename); if (!node || (allow_nodes && !routerset_contains_node(allow_nodes, node)) || routerset_contains_node(exclude_nodes, node) || !hostname_in_track_host_exits(options, address)) { /* We don't know this one, or we want to be rid of it. */ addressmap_ent_remove(address, ent); MAP_DEL_CURRENT(address); } } STRMAP_FOREACH_END; } /** Return true iff address is one that we are configured to * automap on resolve according to options. */ int addressmap_address_should_automap(const char *address, const or_options_t *options) { const smartlist_t *suffix_list = options->AutomapHostsSuffixes; if (!suffix_list) return 0; SMARTLIST_FOREACH_BEGIN(suffix_list, const char *, suffix) { if (!strcmp(suffix, ".")) return 1; if (!strcasecmpend(address, suffix)) return 1; } SMARTLIST_FOREACH_END(suffix); return 0; } /** Remove all AUTOMAP mappings from the addressmap for which the * source address no longer matches AutomapHostsSuffixes, which is * no longer allowed by AutomapHostsOnResolve, or for which the * target address is no longer in the virtual network. */ void addressmap_clear_invalid_automaps(const or_options_t *options) { int clear_all = !options->AutomapHostsOnResolve; const smartlist_t *suffixes = options->AutomapHostsSuffixes; if (!addressmap) return; if (!suffixes) clear_all = 1; /* This should be impossible, but let's be sure. */ STRMAP_FOREACH_MODIFY(addressmap, src_address, addressmap_entry_t *, ent) { int remove_this = clear_all; if (ent->source != ADDRMAPSRC_AUTOMAP) continue; /* not an automap mapping. */ if (!remove_this) { remove_this = ! addressmap_address_should_automap(src_address, options); } if (!remove_this && ! address_is_in_virtual_range(ent->new_address)) remove_this = 1; if (remove_this) { addressmap_ent_remove(src_address, ent); MAP_DEL_CURRENT(src_address); } } STRMAP_FOREACH_END; } /** Remove all entries from the addressmap that were set via the * configuration file or the command line. */ void addressmap_clear_configured(void) { addressmap_get_mappings(NULL, 0, 0, 0); } /** Remove all entries from the addressmap that are set to expire, ever. */ void addressmap_clear_transient(void) { addressmap_get_mappings(NULL, 2, TIME_MAX, 0); } /** Clean out entries from the addressmap cache that were * added long enough ago that they are no longer valid. */ void addressmap_clean(time_t now) { addressmap_get_mappings(NULL, 2, now, 0); } /** Free all the elements in the addressmap, and free the addressmap * itself. */ void addressmap_free_all(void) { strmap_free(addressmap, addressmap_ent_free_void); addressmap = NULL; strmap_free(virtaddress_reversemap, addressmap_virtaddress_ent_free_void); virtaddress_reversemap = NULL; } /** Try to find a match for AddressMap expressions that use * wildcard notation such as '*.c.d *.e.f' (so 'a.c.d' will map to 'a.e.f') or * '*.c.d a.b.c' (so 'a.c.d' will map to a.b.c). * Return the matching entry in AddressMap or NULL if no match is found. * For expressions such as '*.c.d *.e.f', truncate address 'a.c.d' * to 'a' before we return the matching AddressMap entry. * * This function does not handle the case where a pattern of the form "*.c.d" * matches the address c.d -- that's done by the main addressmap_rewrite * function. */ static addressmap_entry_t * addressmap_match_superdomains(char *address) { addressmap_entry_t *val; char *cp; cp = address; while ((cp = strchr(cp, '.'))) { /* cp now points to a suffix of address that begins with a . */ val = strmap_get_lc(addressmap, cp+1); if (val && val->src_wildcard) { if (val->dst_wildcard) *cp = '\0'; return val; } ++cp; } return NULL; } /** Look at address, and rewrite it until it doesn't want any * more rewrites; but don't get into an infinite loop. * Don't write more than maxlen chars into address. Return true if the * address changed; false otherwise. Set *expires_out to the * expiry time of the result, or to time_max if the result does * not expire. * * If exit_source_out is non-null, we set it as follows. If we the * address starts out as a non-exit address, and we remap it to an .exit * address at any point, then set *exit_source_out to the * address_entry_source_t of the first such rule. Set *exit_source_out * to ADDRMAPSRC_NONE if there is no such rewrite, or if the original address * was a .exit. */ int addressmap_rewrite(char *address, size_t maxlen, unsigned flags, time_t *expires_out, addressmap_entry_source_t *exit_source_out) { addressmap_entry_t *ent; int rewrites; time_t expires = TIME_MAX; addressmap_entry_source_t exit_source = ADDRMAPSRC_NONE; char *addr_orig = tor_strdup(address); char *log_addr_orig = NULL; /* We use a loop here to limit the total number of rewrites we do, * so that we can't hit an infinite loop. */ for (rewrites = 0; rewrites < 16; rewrites++) { int exact_match = 0; log_addr_orig = tor_strdup(escaped_safe_str_client(address)); /* First check to see if there's an exact match for this address */ ent = strmap_get(addressmap, address); if (!ent || !ent->new_address) { /* And if we don't have an exact match, try to check whether * we have a pattern-based match. */ ent = addressmap_match_superdomains(address); } else { if (ent->src_wildcard && !ent->dst_wildcard && !strcasecmp(address, ent->new_address)) { /* This is a rule like "rewrite *.example.com to example.com", and we * just got "example.com". Instead of calling it an infinite loop, * call it complete. */ goto done; } exact_match = 1; } if (!ent || !ent->new_address) { /* We still have no match at all. We're done! */ goto done; } /* Check whether the flags we were passed tell us not to use this * mapping. */ switch (ent->source) { case ADDRMAPSRC_DNS: { sa_family_t f; tor_addr_t tmp; f = tor_addr_parse(&tmp, ent->new_address); if (f == AF_INET && !(flags & AMR_FLAG_USE_IPV4_DNS)) goto done; else if (f == AF_INET6 && !(flags & AMR_FLAG_USE_IPV6_DNS)) goto done; } break; case ADDRMAPSRC_CONTROLLER: case ADDRMAPSRC_TORRC: if (!(flags & AMR_FLAG_USE_MAPADDRESS)) goto done; break; case ADDRMAPSRC_AUTOMAP: if (!(flags & AMR_FLAG_USE_AUTOMAP)) goto done; break; case ADDRMAPSRC_TRACKEXIT: if (!(flags & AMR_FLAG_USE_TRACKEXIT)) goto done; break; case ADDRMAPSRC_NONE: default: log_warn(LD_BUG, "Unknown addrmap source value %d. Ignoring it.", (int) ent->source); goto done; } /* Now fill in the address with the new address. That might be via * appending some new stuff to the end, or via just replacing it. */ if (ent->dst_wildcard && !exact_match) { strlcat(address, ".", maxlen); strlcat(address, ent->new_address, maxlen); } else { strlcpy(address, ent->new_address, maxlen); } /* Is this now a .exit address? If so, remember where we got it.*/ if (!strcmpend(address, ".exit") && strcmpend(addr_orig, ".exit") && exit_source == ADDRMAPSRC_NONE) { exit_source = ent->source; } log_info(LD_APP, "Addressmap: rewriting %s to %s", log_addr_orig, escaped_safe_str_client(address)); if (ent->expires > 1 && ent->expires < expires) expires = ent->expires; tor_free(log_addr_orig); } log_warn(LD_CONFIG, "Loop detected: we've rewritten %s 16 times! Using it as-is.", escaped_safe_str_client(address)); /* it's fine to rewrite a rewrite, but don't loop forever */ done: tor_free(addr_orig); tor_free(log_addr_orig); if (exit_source_out) *exit_source_out = exit_source; if (expires_out) *expires_out = expires; return (rewrites > 0); } /** If we have a cached reverse DNS entry for the address stored in the * maxlen-byte buffer address (typically, a dotted quad) then * rewrite to the cached value and return 1. Otherwise return 0. Set * *expires_out to the expiry time of the result, or to time_max * if the result does not expire. */ int addressmap_rewrite_reverse(char *address, size_t maxlen, unsigned flags, time_t *expires_out) { char *s, *cp; addressmap_entry_t *ent; int r = 0; { sa_family_t f; tor_addr_t tmp; f = tor_addr_parse(&tmp, address); if (f == AF_INET && !(flags & AMR_FLAG_USE_IPV4_DNS)) return 0; else if (f == AF_INET6 && !(flags & AMR_FLAG_USE_IPV6_DNS)) return 0; /* FFFF we should reverse-map virtual addresses even if we haven't * enabled DNS caching. */ } tor_asprintf(&s, "REVERSE[%s]", address); ent = strmap_get(addressmap, s); if (ent) { cp = tor_strdup(escaped_safe_str_client(ent->new_address)); log_info(LD_APP, "Rewrote reverse lookup %s -> %s", escaped_safe_str_client(s), cp); tor_free(cp); strlcpy(address, ent->new_address, maxlen); r = 1; } if (expires_out) *expires_out = (ent && ent->expires > 1) ? ent->expires : TIME_MAX; tor_free(s); return r; } /** Return 1 if address is already registered, else return 0. If address * is already registered, and update_expires is non-zero, then update * the expiry time on the mapping with update_expires if it is a * mapping created by TrackHostExits. */ int addressmap_have_mapping(const char *address, int update_expiry) { addressmap_entry_t *ent; if (!(ent=strmap_get_lc(addressmap, address))) return 0; if (update_expiry && ent->source==ADDRMAPSRC_TRACKEXIT) ent->expires=time(NULL) + update_expiry; return 1; } /** Register a request to map address to new_address, * which will expire on expires (or 0 if never expires from * config file, 1 if never expires from controller, 2 if never expires * (virtual address mapping) from the controller.) * * new_address should be a newly dup'ed string, which we'll use or * free as appropriate. We will leave address alone. * * If wildcard_addr is true, then the mapping will match any address * equal to address, or any address ending with a period followed by * address. If wildcard_addr and wildcard_new_addr are * both true, the mapping will rewrite addresses that end with * ".address" into ones that end with ".new_address". * * If new_address is NULL, or new_address is equal to * address and wildcard_addr is equal to * wildcard_new_addr, remove any mappings that exist from * address. * * It is an error to set wildcard_new_addr if wildcard_addr is * not set. */ void addressmap_register(const char *address, char *new_address, time_t expires, addressmap_entry_source_t source, const int wildcard_addr, const int wildcard_new_addr, uint64_t stream_id) { addressmap_entry_t *ent; if (wildcard_new_addr) tor_assert(wildcard_addr); ent = strmap_get(addressmap, address); if (!new_address || (!strcasecmp(address,new_address) && wildcard_addr == wildcard_new_addr)) { /* Remove the mapping, if any. */ tor_free(new_address); if (ent) { addressmap_ent_remove(address,ent); strmap_remove(addressmap, address); } return; } if (!ent) { /* make a new one and register it */ ent = tor_malloc_zero(sizeof(addressmap_entry_t)); strmap_set(addressmap, address, ent); } else if (ent->new_address) { /* we need to clean up the old mapping. */ if (expires > 1) { log_info(LD_APP,"Temporary addressmap ('%s' to '%s') not performed, " "since it's already mapped to '%s'", safe_str_client(address), safe_str_client(new_address), safe_str_client(ent->new_address)); tor_free(new_address); return; } if (address_is_in_virtual_range(ent->new_address) && expires != 2) { /* XXX This isn't the perfect test; we want to avoid removing * mappings set from the control interface _as virtual mapping */ addressmap_virtaddress_remove(address, ent); } tor_free(ent->new_address); } /* else { we have an in-progress resolve with no mapping. } */ ent->new_address = new_address; ent->expires = expires==2 ? 1 : expires; ent->num_resolve_failures = 0; ent->source = source; ent->src_wildcard = wildcard_addr ? 1 : 0; ent->dst_wildcard = wildcard_new_addr ? 1 : 0; log_info(LD_CONFIG, "Addressmap: (re)mapped '%s' to '%s'", safe_str_client(address), safe_str_client(ent->new_address)); control_event_address_mapped(address, ent->new_address, expires, NULL, 1, stream_id); } /** An attempt to resolve address failed at some OR. * Increment the number of resolve failures we have on record * for it, and then return that number. */ int client_dns_incr_failures(const char *address) { addressmap_entry_t *ent = strmap_get(addressmap, address); if (!ent) { ent = tor_malloc_zero(sizeof(addressmap_entry_t)); ent->expires = time(NULL) + MAX_DNS_ENTRY_AGE; strmap_set(addressmap,address,ent); } if (ent->num_resolve_failures < SHRT_MAX) ++ent->num_resolve_failures; /* don't overflow */ log_info(LD_APP, "Address %s now has %d resolve failures.", safe_str_client(address), ent->num_resolve_failures); return ent->num_resolve_failures; } /** If address is in the client DNS addressmap, reset * the number of resolve failures we have on record for it. * This is used when we fail a stream because it won't resolve: * otherwise future attempts on that address will only try once. */ void client_dns_clear_failures(const char *address) { addressmap_entry_t *ent = strmap_get(addressmap, address); if (ent) ent->num_resolve_failures = 0; } /** Record the fact that address resolved to name. * We can now use this in subsequent streams via addressmap_rewrite() * so we can more correctly choose an exit that will allow address. * * If exitname is defined, then append the addresses with * ".exitname.exit" before registering the mapping. * * If ttl is nonnegative, the mapping will be valid for * ttlseconds; otherwise, we use the default. */ static void client_dns_set_addressmap_impl(entry_connection_t *for_conn, const char *address, const char *name, const char *exitname, int ttl) { char *extendedaddress=NULL, *extendedval=NULL; uint64_t stream_id = 0; tor_assert(address); tor_assert(name); if (for_conn) { stream_id = ENTRY_TO_CONN(for_conn)->global_identifier; } if (ttl<0) ttl = DEFAULT_DNS_TTL; else ttl = clip_dns_ttl(ttl); if (exitname) { /* XXXX fails to ever get attempts to get an exit address of * google.com.digest[=~]nickname.exit; we need a syntax for this that * won't make strict RFC952-compliant applications (like us) barf. */ tor_asprintf(&extendedaddress, "%s.%s.exit", address, exitname); tor_asprintf(&extendedval, "%s.%s.exit", name, exitname); } else { tor_asprintf(&extendedaddress, "%s", address); tor_asprintf(&extendedval, "%s", name); } addressmap_register(extendedaddress, extendedval, time(NULL) + ttl, ADDRMAPSRC_DNS, 0, 0, stream_id); tor_free(extendedaddress); } /** Record the fact that address resolved to val. * We can now use this in subsequent streams via addressmap_rewrite() * so we can more correctly choose an exit that will allow address. * * If exitname is defined, then append the addresses with * ".exitname.exit" before registering the mapping. * * If ttl is nonnegative, the mapping will be valid for * ttlseconds; otherwise, we use the default. */ void client_dns_set_addressmap(entry_connection_t *for_conn, const char *address, const tor_addr_t *val, const char *exitname, int ttl) { tor_addr_t addr_tmp; char valbuf[TOR_ADDR_BUF_LEN]; tor_assert(address); tor_assert(val); if (tor_addr_parse(&addr_tmp, address) >= 0) return; /* If address was an IP address already, don't add a mapping. */ if (tor_addr_family(val) == AF_INET) { if (! for_conn->entry_cfg.cache_ipv4_answers) return; } else if (tor_addr_family(val) == AF_INET6) { if (! for_conn->entry_cfg.cache_ipv6_answers) return; } if (! tor_addr_to_str(valbuf, val, sizeof(valbuf), 1)) return; client_dns_set_addressmap_impl(for_conn, address, valbuf, exitname, ttl); } /** Add a cache entry noting that address (ordinarily a dotted quad) * resolved via a RESOLVE_PTR request to the hostname v. * * If exitname is defined, then append the addresses with * ".exitname.exit" before registering the mapping. * * If ttl is nonnegative, the mapping will be valid for * ttlseconds; otherwise, we use the default. */ void client_dns_set_reverse_addressmap(entry_connection_t *for_conn, const char *address, const char *v, const char *exitname, int ttl) { char *s = NULL; { tor_addr_t tmp_addr; sa_family_t f = tor_addr_parse(&tmp_addr, address); if ((f == AF_INET && ! for_conn->entry_cfg.cache_ipv4_answers) || (f == AF_INET6 && ! for_conn->entry_cfg.cache_ipv6_answers)) return; } tor_asprintf(&s, "REVERSE[%s]", address); client_dns_set_addressmap_impl(for_conn, s, v, exitname, ttl); tor_free(s); } /* By default, we hand out 127.192.0.1 through 127.254.254.254. * These addresses should map to localhost, so even if the * application accidentally tried to connect to them directly (not * via Tor), it wouldn't get too far astray. * * These options are configured by parse_virtual_addr_network(). */ static virtual_addr_conf_t virtaddr_conf_ipv4; static virtual_addr_conf_t virtaddr_conf_ipv6; /** Read a netmask of the form 127.192.0.0/10 from "val", and check whether * it's a valid set of virtual addresses to hand out in response to MAPADDRESS * requests. Return 0 on success; set *msg (if provided) to a newly allocated * string and return -1 on failure. If validate_only is false, sets the * actual virtual address range to the parsed value. */ int parse_virtual_addr_network(const char *val, sa_family_t family, int validate_only, char **msg) { const int ipv6 = (family == AF_INET6); tor_addr_t addr; maskbits_t bits; const int max_prefix_bits = ipv6 ? 104 : 16; virtual_addr_conf_t *conf = ipv6 ? &virtaddr_conf_ipv6 : &virtaddr_conf_ipv4; if (!val || val[0] == '\0') { if (msg) tor_asprintf(msg, "Value not present (%s) after VirtualAddressNetwork%s", val?"Empty":"NULL", ipv6?"IPv6":""); return -1; } if (tor_addr_parse_mask_ports(val, 0, &addr, &bits, NULL, NULL) < 0) { if (msg) tor_asprintf(msg, "Error parsing VirtualAddressNetwork%s %s", ipv6?"IPv6":"", val); return -1; } if (tor_addr_family(&addr) != family) { if (msg) tor_asprintf(msg, "Incorrect address type for VirtualAddressNetwork%s", ipv6?"IPv6":""); return -1; } #if 0 if (port_min != 1 || port_max != 65535) { if (msg) tor_asprintf(msg, "Can't specify ports on VirtualAddressNetwork%s", ipv6?"IPv6":""); return -1; } #endif /* 0 */ if (bits > max_prefix_bits) { if (msg) tor_asprintf(msg, "VirtualAddressNetwork%s expects a /%d " "network or larger",ipv6?"IPv6":"", max_prefix_bits); return -1; } if (validate_only) return 0; tor_addr_copy(&conf->addr, &addr); conf->bits = bits; return 0; } /** * Return true iff addr is likely to have been returned by * client_dns_get_unused_address. **/ int address_is_in_virtual_range(const char *address) { tor_addr_t addr; tor_assert(address); if (!strcasecmpend(address, ".virtual")) { return 1; } else if (tor_addr_parse(&addr, address) >= 0) { const virtual_addr_conf_t *conf = (tor_addr_family(&addr) == AF_INET6) ? &virtaddr_conf_ipv6 : &virtaddr_conf_ipv4; if (tor_addr_compare_masked(&addr, &conf->addr, conf->bits, CMP_EXACT)==0) return 1; } return 0; } /** Return a random address conforming to the virtual address configuration * in conf. */ STATIC void get_random_virtual_addr(const virtual_addr_conf_t *conf, tor_addr_t *addr_out) { uint8_t tmp[4]; const uint8_t *addr_bytes; uint8_t bytes[16]; const int ipv6 = tor_addr_family(&conf->addr) == AF_INET6; const int total_bytes = ipv6 ? 16 : 4; tor_assert(conf->bits <= total_bytes * 8); /* Set addr_bytes to the bytes of the virtual network, in host order */ if (ipv6) { addr_bytes = tor_addr_to_in6_addr8(&conf->addr); } else { set_uint32(tmp, tor_addr_to_ipv4n(&conf->addr)); addr_bytes = tmp; } /* Get an appropriate number of random bytes. */ crypto_rand((char*)bytes, total_bytes); /* Now replace the first "conf->bits" bits of 'bytes' with addr_bytes*/ if (conf->bits >= 8) memcpy(bytes, addr_bytes, conf->bits / 8); if (conf->bits & 7) { uint8_t mask = 0xff >> (conf->bits & 7); bytes[conf->bits/8] &= mask; bytes[conf->bits/8] |= addr_bytes[conf->bits/8] & ~mask; } if (ipv6) tor_addr_from_ipv6_bytes(addr_out, bytes); else tor_addr_from_ipv4n(addr_out, get_uint32(bytes)); tor_assert(tor_addr_compare_masked(addr_out, &conf->addr, conf->bits, CMP_EXACT)==0); } /** Return a newly allocated string holding an address of type * (one of RESOLVED_TYPE_{IPV4|IPV6|HOSTNAME}) that has not yet been * mapped, and that is very unlikely to be the address of any real host. * * May return NULL if we have run out of virtual addresses. */ static char * addressmap_get_virtual_address(int type) { char buf[64]; tor_assert(addressmap); if (type == RESOLVED_TYPE_HOSTNAME) { char rand_bytes[10]; do { crypto_rand(rand_bytes, sizeof(rand_bytes)); base32_encode(buf,sizeof(buf),rand_bytes,sizeof(rand_bytes)); strlcat(buf, ".virtual", sizeof(buf)); } while (strmap_get(addressmap, buf)); return tor_strdup(buf); } else if (type == RESOLVED_TYPE_IPV4 || type == RESOLVED_TYPE_IPV6) { const int ipv6 = (type == RESOLVED_TYPE_IPV6); const virtual_addr_conf_t *conf = ipv6 ? &virtaddr_conf_ipv6 : &virtaddr_conf_ipv4; /* Don't try more than 1000 times. This gives us P < 1e-9 for * failing to get a good address so long as the address space is * less than ~97.95% full. That's always going to be true under * sensible circumstances for an IPv6 /10, and it's going to be * true for an IPv4 /10 as long as we've handed out less than * 4.08 million addresses. */ uint32_t attempts = 1000; tor_addr_t addr; while (attempts--) { get_random_virtual_addr(conf, &addr); if (!ipv6) { /* Don't hand out any .0 or .255 address. */ const uint32_t a = tor_addr_to_ipv4h(&addr); if ((a & 0xff) == 0 || (a & 0xff) == 0xff) continue; } tor_addr_to_str(buf, &addr, sizeof(buf), 1); if (!strmap_get(addressmap, buf)) { /* XXXX This code is to make sure I didn't add an undecorated version * by mistake. I hope it's needless. */ char tmp[TOR_ADDR_BUF_LEN]; tor_addr_to_str(tmp, &addr, sizeof(tmp), 0); if (strmap_get(addressmap, tmp)) { // LCOV_EXCL_START log_warn(LD_BUG, "%s wasn't in the addressmap, but %s was.", buf, tmp); continue; // LCOV_EXCL_STOP } return tor_strdup(buf); } } log_warn(LD_CONFIG, "Ran out of virtual addresses!"); return NULL; } else { // LCOV_EXCL_START log_warn(LD_BUG, "Called with unsupported address type (%d)", type); return NULL; // LCOV_EXCL_STOP } } /** A controller has requested that we map some address of type * type to the address new_address. Choose an address * that is unlikely to be used, and map it, and return it in a newly * allocated string. If another address of the same type is already * mapped to new_address, try to return a copy of that address. * * The string in new_address may be freed or inserted into a map * as appropriate. May return NULL if are out of virtual addresses. **/ const char * addressmap_register_virtual_address(int type, char *new_address) { char **addrp; virtaddress_entry_t *vent; int vent_needs_to_be_added = 0; tor_assert(new_address); tor_assert(addressmap); tor_assert(virtaddress_reversemap); vent = strmap_get(virtaddress_reversemap, new_address); if (!vent) { vent = tor_malloc_zero(sizeof(virtaddress_entry_t)); vent_needs_to_be_added = 1; } if (type == RESOLVED_TYPE_IPV4) addrp = &vent->ipv4_address; else if (type == RESOLVED_TYPE_IPV6) addrp = &vent->ipv6_address; else addrp = &vent->hostname_address; if (*addrp) { addressmap_entry_t *ent = strmap_get(addressmap, *addrp); if (ent && ent->new_address && !strcasecmp(new_address, ent->new_address)) { tor_free(new_address); tor_assert(!vent_needs_to_be_added); return *addrp; } else { log_warn(LD_BUG, "Internal confusion: I thought that '%s' was mapped to by " "'%s', but '%s' really maps to '%s'. This is a harmless bug.", safe_str_client(new_address), safe_str_client(*addrp), safe_str_client(*addrp), ent?safe_str_client(ent->new_address):"(nothing)"); } } tor_free(*addrp); *addrp = addressmap_get_virtual_address(type); if (!*addrp) { tor_free(vent); tor_free(new_address); return NULL; } log_info(LD_APP, "Registering map from %s to %s", *addrp, new_address); if (vent_needs_to_be_added) strmap_set(virtaddress_reversemap, new_address, vent); addressmap_register(*addrp, new_address, 2, ADDRMAPSRC_AUTOMAP, 0, 0, 0); /* FFFF register corresponding reverse mapping. */ #if 0 { /* Try to catch possible bugs */ addressmap_entry_t *ent; ent = strmap_get(addressmap, *addrp); tor_assert(ent); tor_assert(!strcasecmp(ent->new_address,new_address)); vent = strmap_get(virtaddress_reversemap, new_address); tor_assert(vent); tor_assert(!strcasecmp(*addrp, (type == RESOLVED_TYPE_IPV4) ? vent->ipv4_address : vent->hostname_address)); log_info(LD_APP, "Map from %s to %s okay.", safe_str_client(*addrp), safe_str_client(new_address)); } #endif /* 0 */ return *addrp; } /** Return 1 if address has funny characters in it like colons. Return * 0 if it's fine, or if we're configured to allow it anyway. client * should be true if we're using this address as a client; false if we're * using it as a server. */ int address_is_invalid_destination(const char *address, int client) { if (client) { if (get_options()->AllowNonRFC953Hostnames) return 0; } else { if (get_options()->ServerDNSAllowNonRFC953Hostnames) return 0; } /* It might be an IPv6 address! */ { tor_addr_t a; if (tor_addr_parse(&a, address) >= 0) return 0; } while (*address) { if (TOR_ISALNUM(*address) || *address == '-' || *address == '.' || *address == '_') /* Underscore is not allowed, but Windows does it * sometimes, just to thumb its nose at the IETF. */ ++address; else return 1; } return 0; } /** Iterate over all address mappings which have expiry times between * min_expires and max_expires, inclusive. If sl is provided, add an * "old-addr new-addr expiry" string to sl for each mapping, omitting * the expiry time if want_expiry is false. If sl is NULL, remove the * mappings. */ void addressmap_get_mappings(smartlist_t *sl, time_t min_expires, time_t max_expires, int want_expiry) { strmap_iter_t *iter; const char *key; void *val_; addressmap_entry_t *val; if (!addressmap) addressmap_init(); for (iter = strmap_iter_init(addressmap); !strmap_iter_done(iter); ) { strmap_iter_get(iter, &key, &val_); val = val_; if (val->expires >= min_expires && val->expires <= max_expires) { if (!sl) { iter = strmap_iter_next_rmv(addressmap,iter); addressmap_ent_remove(key, val); continue; } else if (val->new_address) { const char *src_wc = val->src_wildcard ? "*." : ""; const char *dst_wc = val->dst_wildcard ? "*." : ""; if (want_expiry) { if (val->expires < 3 || val->expires == TIME_MAX) smartlist_add_asprintf(sl, "%s%s %s%s NEVER", src_wc, key, dst_wc, val->new_address); else { char isotime[ISO_TIME_LEN+1]; format_iso_time(isotime, val->expires); smartlist_add_asprintf(sl, "%s%s %s%s \"%s\"", src_wc, key, dst_wc, val->new_address, isotime); } } else { smartlist_add_asprintf(sl, "%s%s %s%s", src_wc, key, dst_wc, val->new_address); } } } iter = strmap_iter_next(addressmap,iter); } }