[or-cvs] Add TTLs to RESOLVED, CONNECTED, and END_REASON_EXITPOLICY ...
Nick Mathewson
nickm at seul.org
Fri Sep 2 18:53:33 UTC 2005
Update of /home/or/cvsroot/tor/src/or
In directory moria:/tmp/cvs-serv6452/src/or
Modified Files:
relay.c dns.c connection_edge.c
Log Message:
Add TTLs to RESOLVED, CONNECTED, and END_REASON_EXITPOLICY cells. Also, add a missing ntohl in connection_ap_handshake_socks_resolved.
Index: relay.c
===================================================================
RCS file: /home/or/cvsroot/tor/src/or/relay.c,v
retrieving revision 1.77
retrieving revision 1.78
diff -u -d -r1.77 -r1.78
--- relay.c 15 Aug 2005 03:35:15 -0000 1.77
+++ relay.c 2 Sep 2005 18:53:31 -0000 1.78
@@ -640,14 +640,19 @@
case END_STREAM_REASON_EXITPOLICY:
if (rh->length >= 5) {
uint32_t addr = ntohl(get_uint32(cell->payload+RELAY_HEADER_SIZE+1));
+ int ttl;
if (!addr) {
log_fn(LOG_INFO,"Address '%s' resolved to 0.0.0.0. Closing,",
safe_str(conn->socks_request->address));
connection_mark_unattached_ap(conn, END_STREAM_REASON_TORPROTOCOL);
return 0;
}
+ if (rh->length >= 9)
+ ttl = (int)ntohl(get_uint32(cell->payload+RELAY_HEADER_SIZE+5));
+ else
+ ttl = -1;
client_dns_set_addressmap(conn->socks_request->address, addr,
- conn->chosen_exit_name);
+ conn->chosen_exit_name, ttl);
}
/* check if he *ought* to have allowed it */
if (exitrouter &&
@@ -735,14 +740,19 @@
(int)(time(NULL) - conn->timestamp_lastread));
if (rh->length >= 4) {
uint32_t addr = ntohl(get_uint32(cell->payload+RELAY_HEADER_SIZE));
+ int ttl;
if (!addr) {
log_fn(LOG_INFO,"...but it claims the IP address was 0.0.0.0. Closing.");
connection_edge_end(conn, END_STREAM_REASON_TORPROTOCOL, conn->cpath_layer);
connection_mark_unattached_ap(conn, END_STREAM_REASON_TORPROTOCOL);
return 0;
}
+ if (rh->length >= 8)
+ ttl = (int)ntohl(get_uint32(cell->payload+RELAY_HEADER_SIZE+8));
+ else
+ ttl = -1;
client_dns_set_addressmap(conn->socks_request->address, addr,
- conn->chosen_exit_name);
+ conn->chosen_exit_name, ttl);
}
circuit_log_path(LOG_INFO,circ);
connection_ap_handshake_socks_reply(conn, NULL, 0, SOCKS5_SUCCEEDED);
@@ -755,20 +765,28 @@
return 0;
}
if (conn->type == CONN_TYPE_AP && rh->command == RELAY_COMMAND_RESOLVED) {
+ int ttl;
+ int answer_len;
if (conn->state != AP_CONN_STATE_RESOLVE_WAIT) {
log_fn(LOG_WARN,"Got a 'resolved' cell while not in state resolve_wait. Dropping.");
return 0;
}
tor_assert(conn->socks_request->command == SOCKS_COMMAND_RESOLVE);
- if (rh->length < 2 || cell->payload[RELAY_HEADER_SIZE+1]+2>rh->length) {
+ answer_len = cell->payload[RELAY_HEADER_SIZE+1];
+ if (rh->length < 2 || answer_len+2>rh->length) {
log_fn(LOG_WARN, "Dropping malformed 'resolved' cell");
connection_mark_unattached_ap(conn, END_STREAM_REASON_TORPROTOCOL);
return 0;
}
+ if (rh->length >= answer_len+6)
+ ttl = (int)ntohl(get_uint32(cell->payload+RELAY_HEADER_SIZE+6));
+ else
+ ttl = -1;
connection_ap_handshake_socks_resolved(conn,
cell->payload[RELAY_HEADER_SIZE], /*answer_type*/
cell->payload[RELAY_HEADER_SIZE+1], /*answer_len*/
- cell->payload+RELAY_HEADER_SIZE+2); /* answer */
+ cell->payload+RELAY_HEADER_SIZE+2,
+ ttl); /* answer */
connection_mark_unattached_ap(conn, END_STREAM_REASON_ALREADY_SOCKS_REPLIED);
return 0;
}
Index: dns.c
===================================================================
RCS file: /home/or/cvsroot/tor/src/or/dns.c,v
retrieving revision 1.165
retrieving revision 1.166
diff -u -d -r1.165 -r1.166
--- dns.c 15 Aug 2005 23:46:18 -0000 1.165
+++ dns.c 2 Sep 2005 18:53:31 -0000 1.166
@@ -192,14 +192,21 @@
case RESOLVED_TYPE_IPV4:
buf[1] = 4;
set_uint32(buf+2, htonl(conn->addr));
- buflen = 6;
+ set_uint32(buf+6, htonl(MAX_DNS_ENTRY_AGE)); /*XXXX send a real TTL*/
+ buflen = 10;
break;
case RESOLVED_TYPE_ERROR_TRANSIENT:
case RESOLVED_TYPE_ERROR:
- buf[1] = 24; /* length of "error resolving hostname" */
- strlcpy(buf+2, "error resolving hostname", sizeof(buf)-2);
- buflen = 26;
- break;
+ {
+ const char *errmsg = "Error resolving hostname";
+ int msglen = strlen(errmsg);
+ int ttl = (answer_type == RESOLVED_TYPE_ERROR ? MAX_DNS_ENTRY_AGE : 0);
+ buf[1] = msglen;
+ strlcpy(buf+2, errmsg, sizeof(buf)-2);
+ set_uint32(buf+2+msglen, htonl((uint32_t)ttl));
+ buflen = 6+msglen;
+ break;
+ }
default:
tor_assert(0);
}
Index: connection_edge.c
===================================================================
RCS file: /home/or/cvsroot/tor/src/or/connection_edge.c,v
retrieving revision 1.342
retrieving revision 1.343
diff -u -d -r1.342 -r1.343
--- connection_edge.c 22 Aug 2005 00:34:42 -0000 1.342
+++ connection_edge.c 2 Sep 2005 18:53:31 -0000 1.343
@@ -48,7 +48,7 @@
if (conn->socks_request->command == SOCKS_COMMAND_CONNECT)
connection_ap_handshake_socks_reply(conn, NULL, 0, socksreason);
else
- connection_ap_handshake_socks_resolved(conn,RESOLVED_TYPE_ERROR,0,NULL);
+ connection_ap_handshake_socks_resolved(conn,RESOLVED_TYPE_ERROR,0,NULL,-1);
}
_connection_mark_for_close(conn, line, file);
@@ -194,7 +194,8 @@
/* this is safe even for rend circs, because they never fail
* because of exitpolicy */
set_uint32(payload+1, htonl(conn->addr));
- payload_len += 4;
+ set_uint32(payload+5, htonl(MAX_DNS_ENTRY_AGE)); /* XXXXfill with a real TTL*/
+ payload_len += 8;
}
circ = circuit_get_by_edge_conn(conn);
@@ -266,7 +267,6 @@
int
connection_edge_finished_connecting(connection_t *conn)
{
- char connected_payload[4];
char valbuf[INET_NTOA_BUF_LEN];
struct in_addr in;
@@ -289,9 +289,12 @@
RELAY_COMMAND_CONNECTED, NULL, 0, conn->cpath_layer) < 0)
return 0; /* circuit is closed, don't continue */
} else {
- *(uint32_t*)connected_payload = htonl(conn->addr);
+ char connected_payload[8];
+ set_uint32(connected_payload, htonl(htonl(conn->addr)));
+ set_uint32(connected_payload+4,
+ htonl(MAX_DNS_ENTRY_AGE)); /* XXXX fill with a real TTL */
if (connection_edge_send_command(conn, circuit_get_by_edge_conn(conn),
- RELAY_COMMAND_CONNECTED, connected_payload, 4, conn->cpath_layer) < 0)
+ RELAY_COMMAND_CONNECTED, connected_payload, 8, conn->cpath_layer) < 0)
return 0; /* circuit is closed, don't continue */
}
tor_assert(conn->package_window > 0);
@@ -683,9 +686,13 @@
*
* If <b>exitname</b> is defined, then append the addresses with
* ".exitname.exit" before registering the mapping.
+ *
+ * If <b>ttl</b> is nonnegative, the mapping will be valid for
+ * <b>ttl</b>seconds.
*/
void
-client_dns_set_addressmap(const char *address, uint32_t val, const char *exitname)
+client_dns_set_addressmap(const char *address, uint32_t val, const char *exitname,
+ int ttl)
{
struct in_addr in;
char extendedaddress[MAX_SOCKS_ADDR_LEN+MAX_HEX_NICKNAME_LEN+10];
@@ -694,6 +701,9 @@
tor_assert(address); tor_assert(val);
+ if (ttl<0 || ttl>MAX_DNS_ENTRY_AGE)
+ ttl = MAX_DNS_ENTRY_AGE;
+
if (tor_inet_aton(address, &in))
return; /* If address was an IP address already, don't add a mapping. */
in.s_addr = htonl(val);
@@ -709,8 +719,7 @@
tor_snprintf(extendedval, sizeof(extendedval),
"%s", valbuf);
}
- addressmap_register(extendedaddress, tor_strdup(extendedval),
- time(NULL) + MAX_DNS_ENTRY_AGE);
+ addressmap_register(extendedaddress, tor_strdup(extendedval), time(NULL) + ttl);
}
/* Currently, we hand out 127.192.0.1 through 127.254.254.254.
@@ -1019,14 +1028,14 @@
/* Reply to resolves immediately if we can. */
if (strlen(socks->address) > RELAY_PAYLOAD_SIZE) {
log_fn(LOG_WARN,"Address to be resolved is too large. Failing.");
- connection_ap_handshake_socks_resolved(conn,RESOLVED_TYPE_ERROR,0,NULL);
+ connection_ap_handshake_socks_resolved(conn,RESOLVED_TYPE_ERROR,0,NULL,-1);
connection_mark_unattached_ap(conn, END_STREAM_REASON_ALREADY_SOCKS_REPLIED);
return -1;
}
if (tor_inet_aton(socks->address, &in)) { /* see if it's an IP already */
answer = in.s_addr; /* leave it in network order */
connection_ap_handshake_socks_resolved(conn,RESOLVED_TYPE_IPV4,4,
- (char*)&answer);
+ (char*)&answer,-1);
connection_mark_unattached_ap(conn, END_STREAM_REASON_ALREADY_SOCKS_REPLIED);
return 0;
}
@@ -1075,7 +1084,7 @@
/* if it's a resolve request, fail it right now, rather than
* building all the circuits and then realizing it won't work. */
log_fn(LOG_WARN,"Resolve requests to hidden services not allowed. Failing.");
- connection_ap_handshake_socks_resolved(conn,RESOLVED_TYPE_ERROR,0,NULL);
+ connection_ap_handshake_socks_resolved(conn,RESOLVED_TYPE_ERROR,0,NULL,-1);
connection_mark_unattached_ap(conn, END_STREAM_REASON_ALREADY_SOCKS_REPLIED);
return -1;
}
@@ -1299,16 +1308,17 @@
connection_ap_handshake_socks_resolved(connection_t *conn,
int answer_type,
size_t answer_len,
- const char *answer)
+ const char *answer,
+ int ttl)
{
char buf[256];
size_t replylen;
if (answer_type == RESOLVED_TYPE_IPV4) {
- uint32_t a = get_uint32(answer);
+ uint32_t a = ntohl(get_uint32(answer));
if (a)
client_dns_set_addressmap(conn->socks_request->address, ntohl(a),
- conn->chosen_exit_name);
+ conn->chosen_exit_name, ttl);
}
if (conn->socks_request->socks_version == 4) {
@@ -1581,7 +1591,6 @@
void
connection_exit_connect(connection_t *conn)
{
- char connected_payload[4];
uint32_t addr;
uint16_t port;
@@ -1649,10 +1658,13 @@
NULL, 0, conn->cpath_layer);
} else { /* normal stream */
/* This must be the original address, not the redirected address. */
- *(uint32_t*)connected_payload = htonl(conn->addr);
+ char connected_payload[8];
+ set_uint32(connected_payload, htonl(htonl(conn->addr)));
+ set_uint32(connected_payload+4,
+ htonl(MAX_DNS_ENTRY_AGE)); /* XXXX fill with a real TTL */
connection_edge_send_command(conn, circuit_get_by_edge_conn(conn),
RELAY_COMMAND_CONNECTED,
- connected_payload, 4, conn->cpath_layer);
+ connected_payload, 8, conn->cpath_layer);
}
}
More information about the tor-commits
mailing list