aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorNick Mathewson <nickm@torproject.org>2007-05-25 14:48:16 +0000
committerNick Mathewson <nickm@torproject.org>2007-05-25 14:48:16 +0000
commit39fe91b9a281a3ec8504bf7933a63918038a9b5a (patch)
tree010c8fa5a1d6fe4cbd5d35973bb686259b307865
parente9c294654deeb41a4f80420c3f4ee67cd9ecee70 (diff)
downloadtor-39fe91b9a281a3ec8504bf7933a63918038a9b5a.tar
tor-39fe91b9a281a3ec8504bf7933a63918038a9b5a.tar.gz
r12946@catbus: nickm | 2007-05-25 10:46:50 -0400
Add an AutomapHostsOnResolve option. It seems to work. svn:r10324
-rw-r--r--ChangeLog6
-rw-r--r--doc/TODO4
-rw-r--r--src/or/config.c13
-rw-r--r--src/or/connection_edge.c40
-rw-r--r--src/or/or.h2
5 files changed, 56 insertions, 9 deletions
diff --git a/ChangeLog b/ChangeLog
index c51f2ad87..364678ac7 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -130,6 +130,12 @@ Changes in version 0.2.0.1-alpha - 2007-??-??
- More unit tests.
- Warn when using a version of libevent before 1.3b to run a server on
OSX or BSD: these versions interact badly with userspace threads.
+ - Add a new AutomapHostsOnResolve option: when it is enabled, any
+ resolve request for hosts matching a given pattern causes Tor to
+ generate an internal virtual address mapping for that host. This
+ allows DNSPort to work sensibly with hidden service users. By
+ default, .exit and .onion addresses are remapped; the list of
+ patterns can be reconfigured with AutomapHostsSuffixes.
o Removed features:
- Removed support for the old binary "version 0" controller protocol.
diff --git a/doc/TODO b/doc/TODO
index 82fa9fdb9..943d9d9f8 100644
--- a/doc/TODO
+++ b/doc/TODO
@@ -199,8 +199,8 @@ Things we'd like to do in 0.2.0.x:
o Make a listener type.
o Hook into connection_edge logic.
o Hook into evdns_server_* logic
- - Actually send back a useful answer.
- - Make i
+ o Actually send back a useful answer.
+ o Make it handle .onion and .exit correctly.
- Document.
- Add a way to request DNS resolves from the controller.
- A better UI for authority ops.
diff --git a/src/or/config.c b/src/or/config.c
index 8cfd5087f..ab3ec0989 100644
--- a/src/or/config.c
+++ b/src/or/config.c
@@ -67,6 +67,8 @@ static config_abbrev_t _option_abbrevs[] = {
PLURAL(StrictExitNode),
{ "l", "Log", 1, 0},
{ "AllowUnverifiedNodes", "AllowInvalidNodes", 0, 0},
+ { "AutomapHostSuffixes", "AutomapHostsSuffixes", 0, 0},
+ { "AutomapHostOnResolve", "AutomapHostsOnResolve", 0, 0},
{ "BandwidthRateBytes", "BandwidthRate", 0, 0},
{ "BandwidthBurstBytes", "BandwidthBurst", 0, 0},
{ "DirFetchPostPeriod", "StatusFetchPeriod", 0, 0},
@@ -133,6 +135,8 @@ static config_var_t _option_vars[] = {
VAR("AuthDirRejectUnlisted",BOOL, AuthDirRejectUnlisted,"0"),
VAR("AuthDirListBadExits", BOOL, AuthDirListBadExits, "0"),
VAR("AuthoritativeDirectory",BOOL, AuthoritativeDir, "0"),
+ VAR("AutomapHostsOnResolve",BOOL, AutomapHostsOnResolve,"0"),
+ VAR("AutomapHostsSuffixes",CSV, AutomapHostsSuffixes, ".onion,.exit"),
VAR("AvoidDiskWrites", BOOL, AvoidDiskWrites, "0"),
VAR("BandwidthBurst", MEMUNIT, BandwidthBurst, "6 MB"),
VAR("BandwidthRate", MEMUNIT, BandwidthRate, "3 MB"),
@@ -2909,6 +2913,15 @@ options_validate(or_options_t *old_options, or_options_t *options,
if (options->PreferTunneledDirConns && !options->TunnelDirConns)
REJECT("Must set TunnelDirConns if PreferTunneledDirConns is set.");
+ if (options->AutomapHostsSuffixes) {
+ SMARTLIST_FOREACH(options->AutomapHostsSuffixes, char *, suf,
+ {
+ size_t len = strlen(suf);
+ if (len && suf[len-1] == '.')
+ suf[len-1] = '\0';
+ });
+ }
+
return 0;
#undef REJECT
#undef COMPLAIN
diff --git a/src/or/connection_edge.c b/src/or/connection_edge.c
index e2b4f1b02..b6253175c 100644
--- a/src/or/connection_edge.c
+++ b/src/or/connection_edge.c
@@ -669,7 +669,7 @@ addressmap_rewrite(char *address, size_t maxlen)
return (rewrites > 0); /* done, no rewrite needed */
cp = tor_strdup(escaped_safe_str(ent->new_address));
- log_info(LD_APP, "Addressmap: rewriting %s to %s",
+ log_notice(LD_APP, "Addressmap: rewriting %s to %s",
escaped_safe_str(address), cp);
tor_free(cp);
strlcpy(address, ent->new_address, maxlen);
@@ -1009,7 +1009,7 @@ addressmap_get_virtual_address(int type)
++next_virtual_addr;
--available;
- log_notice(LD_CONFIG, "%d addrs available", (int)available);
+ log_info(LD_CONFIG, "%d addrs available", (int)available);
if (! --available) {
log_warn(LD_CONFIG, "Ran out of virtual addresses!");
return NULL;
@@ -1067,6 +1067,7 @@ addressmap_register_virtual_address(int type, char *new_address)
tor_free(*addrp);
*addrp = addressmap_get_virtual_address(type);
+ log_info(LD_APP, "Registering map from %s to %s", *addrp, new_address);
addressmap_register(*addrp, new_address, 2);
#if 0
@@ -1081,7 +1082,7 @@ addressmap_register_virtual_address(int type, char *new_address)
tor_assert(!strcasecmp(*addrp,
(type == RESOLVED_TYPE_IPV4) ?
vent->ipv4_address : vent->hostname_address));
- log_fn(LOG_INFO, "Map from %s to %s okay.",
+ log_info(LD_APP, "Map from %s to %s okay.",
safe_str(*addrp),safe_str(new_address));
}
#endif
@@ -1176,12 +1177,34 @@ connection_ap_handshake_rewrite_and_attach(edge_connection_t *conn,
{
socks_request_t *socks = conn->socks_request;
hostname_type_t addresstype;
+ or_options_t *options = get_options();
+ struct in_addr addr_tmp;
+ int automap = 0;
tor_strlower(socks->address); /* normalize it */
log_debug(LD_APP,"Client asked for %s:%d",
safe_str(socks->address),
socks->port);
+ if (socks->command == SOCKS_COMMAND_RESOLVE &&
+ !tor_inet_aton(socks->address, &addr_tmp) &&
+ options->AutomapHostsOnResolve && options->AutomapHostsSuffixes) {
+ SMARTLIST_FOREACH(options->AutomapHostsSuffixes, const char *, cp,
+ if (!strcasecmpend(socks->address, cp)) {
+ automap = 1;
+ break;
+ });
+ if (automap) {
+ const char *new_addr;
+ new_addr = addressmap_register_virtual_address(
+ RESOLVED_TYPE_IPV4, tor_strdup(socks->address));
+ tor_assert(new_addr);
+ log_info(LD_APP, "Automapping %s to %s",
+ escaped_safe_str(socks->address), safe_str(new_addr));
+ strlcpy(socks->address, new_addr, sizeof(socks->address));
+ }
+ }
+
if (socks->command == SOCKS_COMMAND_RESOLVE_PTR) {
if (addressmap_rewrite_reverse(socks->address, sizeof(socks->address))) {
connection_ap_handshake_socks_resolved(conn, RESOLVED_TYPE_HOSTNAME,
@@ -1192,15 +1215,15 @@ connection_ap_handshake_rewrite_and_attach(edge_connection_t *conn,
END_STREAM_REASON_FLAG_ALREADY_SOCKS_REPLIED);
return 0;
}
- } else {
- /* For address map controls, remap the address */
+ } else if (!automap) {
+ /* For address map controls, remap the address. */
if (addressmap_rewrite(socks->address, sizeof(socks->address))) {
control_event_stream_status(conn, STREAM_EVENT_REMAP,
REMAP_STREAM_SOURCE_CACHE);
}
}
- if (address_is_in_virtual_range(socks->address)) {
+ if (!automap && address_is_in_virtual_range(socks->address)) {
/* This address was probably handed out by client_dns_get_unmapped_address,
* but the mapping was discarded for some reason. We *don't* want to send
* the address through Tor; that's likely to fail, and may leak
@@ -1229,6 +1252,7 @@ connection_ap_handshake_rewrite_and_attach(edge_connection_t *conn,
/* foo.exit -- modify conn->chosen_exit_node to specify the exit
* node, and conn->address to hold only the address portion.*/
char *s = strrchr(socks->address,'.');
+ tor_assert(!automap);
if (s) {
if (s[1] != '\0') {
conn->chosen_exit_name = tor_strdup(s+1);
@@ -1294,8 +1318,10 @@ connection_ap_handshake_rewrite_and_attach(edge_connection_t *conn,
END_STREAM_REASON_FLAG_ALREADY_SOCKS_REPLIED);
return 0;
}
+ tor_assert(!automap);
rep_hist_note_used_resolve(time(NULL)); /* help predict this next time */
} else if (socks->command == SOCKS_COMMAND_CONNECT) {
+ tor_assert(!automap);
if (socks->port == 0) {
log_notice(LD_APP,"Application asked to connect to port 0. Refusing.");
connection_mark_unattached_ap(conn, END_STREAM_REASON_TORPROTOCOL);
@@ -1340,7 +1366,7 @@ connection_ap_handshake_rewrite_and_attach(edge_connection_t *conn,
/* it's a hidden-service request */
rend_cache_entry_t *entry;
int r;
-
+ tor_assert(!automap);
if (SOCKS_COMMAND_IS_RESOLVE(socks->command)) {
/* if it's a resolve request, fail it right now, rather than
* building all the circuits and then realizing it won't work. */
diff --git a/src/or/or.h b/src/or/or.h
index a61e5efc7..31d1c36f1 100644
--- a/src/or/or.h
+++ b/src/or/or.h
@@ -1822,6 +1822,8 @@ typedef struct {
int TrackHostExitsExpire; /**< Number of seconds until we expire an
* addressmap */
config_line_t *AddressMap; /**< List of address map directives. */
+ int AutomapHostsOnResolve; /**< DOCDOC */
+ smartlist_t *AutomapHostsSuffixes; /**< DOCDOC */
int RendPostPeriod; /**< How often do we post each rendezvous service
* descriptor? Remember to publish them independently. */
int KeepalivePeriod; /**< How often do we send padding cells to keep