aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorNick Mathewson <nickm@torproject.org>2012-11-25 13:45:36 -0500
committerNick Mathewson <nickm@torproject.org>2012-12-17 14:48:09 -0500
commitf33487668f16dbd7f95eaf8644865c28e1dd7036 (patch)
treebde45b532fddf7d355561ff67ca7af1e98f0309f
parent32219d83134c861abad5a7d37f93f3ec4b492398 (diff)
downloadtor-f33487668f16dbd7f95eaf8644865c28e1dd7036.tar
tor-f33487668f16dbd7f95eaf8644865c28e1dd7036.tar.gz
Implement option to turn off DNS cache use on a client port
(This is part 2 of making DNS cache use enabled/disabled on a per-client port basis. This implements the CacheIPv[46]DNS options, but not the UseCachedIPv[46] ones.)
-rw-r--r--src/or/addressmap.c27
-rw-r--r--src/or/addressmap.h7
-rw-r--r--src/or/connection_edge.c15
-rw-r--r--src/or/relay.c15
-rw-r--r--src/test/test_config.c7
5 files changed, 61 insertions, 10 deletions
diff --git a/src/or/addressmap.c b/src/or/addressmap.c
index 8145a14a9..a77e199e1 100644
--- a/src/or/addressmap.c
+++ b/src/or/addressmap.c
@@ -335,7 +335,9 @@ addressmap_match_superdomains(char *address)
* was a .exit.
*/
int
-addressmap_rewrite(char *address, size_t maxlen, time_t *expires_out,
+addressmap_rewrite(char *address, size_t maxlen,
+ unsigned flags,
+ time_t *expires_out,
addressmap_entry_source_t *exit_source_out)
{
addressmap_entry_t *ent;
@@ -368,6 +370,16 @@ addressmap_rewrite(char *address, size_t maxlen, time_t *expires_out,
goto done;
}
+ if (ent && ent->source == ADDRMAPSRC_DNS) {
+ sa_family_t f;
+ tor_addr_t tmp;
+ f = tor_addr_parse(&tmp, ent->new_address);
+ if (f == AF_INET && !(flags & AMR_FLAG_USE_IPV4_DNS))
+ goto done;
+ else if (f == AF_INET6 && !(flags & AMR_FLAG_USE_IPV6_DNS))
+ goto done;
+ }
+
if (ent->dst_wildcard && !exact_match) {
strlcat(address, ".", maxlen);
strlcat(address, ent->new_address, maxlen);
@@ -409,11 +421,22 @@ addressmap_rewrite(char *address, size_t maxlen, time_t *expires_out,
* *<b>expires_out</b> to the expiry time of the result, or to <b>time_max</b>
* if the result does not expire. */
int
-addressmap_rewrite_reverse(char *address, size_t maxlen, time_t *expires_out)
+addressmap_rewrite_reverse(char *address, size_t maxlen, unsigned flags,
+ time_t *expires_out)
{
char *s, *cp;
addressmap_entry_t *ent;
int r = 0;
+ {
+ sa_family_t f;
+ tor_addr_t tmp;
+ f = tor_addr_parse(&tmp, address);
+ if (f == AF_INET && !(flags & AMR_FLAG_USE_IPV4_DNS))
+ return 0;
+ else if (f == AF_INET6 && !(flags & AMR_FLAG_USE_IPV6_DNS))
+ return 0;
+ }
+
tor_asprintf(&s, "REVERSE[%s]", address);
ent = strmap_get(addressmap, s);
if (ent) {
diff --git a/src/or/addressmap.h b/src/or/addressmap.h
index 9b0734147..54b3e0ae7 100644
--- a/src/or/addressmap.h
+++ b/src/or/addressmap.h
@@ -14,9 +14,12 @@ void addressmap_clean(time_t now);
void addressmap_clear_configured(void);
void addressmap_clear_transient(void);
void addressmap_free_all(void);
-int addressmap_rewrite(char *address, size_t maxlen, time_t *expires_out,
+#define AMR_FLAG_USE_IPV4_DNS (1u<<0)
+#define AMR_FLAG_USE_IPV6_DNS (1u<<1)
+int addressmap_rewrite(char *address, size_t maxlen, unsigned flags,
+ time_t *expires_out,
addressmap_entry_source_t *exit_source_out);
-int addressmap_rewrite_reverse(char *address, size_t maxlen,
+int addressmap_rewrite_reverse(char *address, size_t maxlen, unsigned flags,
time_t *expires_out);
int addressmap_have_mapping(const char *address, int update_timeout);
diff --git a/src/or/connection_edge.c b/src/or/connection_edge.c
index 95088c7c1..091c14570 100644
--- a/src/or/connection_edge.c
+++ b/src/or/connection_edge.c
@@ -952,8 +952,14 @@ connection_ap_handshake_rewrite_and_attach(entry_connection_t *conn,
}
if (socks->command == SOCKS_COMMAND_RESOLVE_PTR) {
+ unsigned rewrite_flags = 0;
+ if (conn->use_cached_ipv4_answers)
+ rewrite_flags |= AMR_FLAG_USE_IPV4_DNS;
+ if (conn->use_cached_ipv6_answers)
+ rewrite_flags |= AMR_FLAG_USE_IPV6_DNS;
+
if (addressmap_rewrite_reverse(socks->address, sizeof(socks->address),
- &map_expires)) {
+ rewrite_flags, &map_expires)) {
char *result = tor_strdup(socks->address);
/* remember _what_ is supposed to have been resolved. */
tor_snprintf(socks->address, sizeof(socks->address), "REVERSE[%s]",
@@ -984,8 +990,13 @@ connection_ap_handshake_rewrite_and_attach(entry_connection_t *conn,
}
} else if (!automap) {
/* For address map controls, remap the address. */
+ unsigned rewrite_flags = 0;
+ if (conn->use_cached_ipv4_answers)
+ rewrite_flags |= AMR_FLAG_USE_IPV4_DNS;
+ if (conn->use_cached_ipv6_answers)
+ rewrite_flags |= AMR_FLAG_USE_IPV6_DNS;
if (addressmap_rewrite(socks->address, sizeof(socks->address),
- &map_expires, &exit_source)) {
+ rewrite_flags, &map_expires, &exit_source)) {
control_event_stream_status(conn, STREAM_EVENT_REMAP,
REMAP_STREAM_SOURCE_CACHE);
}
diff --git a/src/or/relay.c b/src/or/relay.c
index 7f49299e2..608b5fa60 100644
--- a/src/or/relay.c
+++ b/src/or/relay.c
@@ -758,10 +758,17 @@ connection_ap_process_end_not_open(
policies_set_node_exitpolicy_to_reject_all(exitrouter);
}
/* rewrite it to an IP if we learned one. */
- if (addressmap_rewrite(conn->socks_request->address,
- sizeof(conn->socks_request->address),
- NULL, NULL)) {
- control_event_stream_status(conn, STREAM_EVENT_REMAP, 0);
+ {
+ unsigned rewrite_flags = 0;
+ if (conn->use_cached_ipv4_answers)
+ rewrite_flags |= AMR_FLAG_USE_IPV4_DNS;
+ if (conn->use_cached_ipv6_answers)
+ rewrite_flags |= AMR_FLAG_USE_IPV6_DNS;
+ if (addressmap_rewrite(conn->socks_request->address,
+ sizeof(conn->socks_request->address),
+ rewrite_flags, NULL, NULL)) {
+ control_event_stream_status(conn, STREAM_EVENT_REMAP, 0);
+ }
}
if (conn->chosen_exit_optional ||
conn->chosen_exit_retries) {
diff --git a/src/test/test_config.c b/src/test/test_config.c
index e04b9dfc2..9f6b260fe 100644
--- a/src/test/test_config.c
+++ b/src/test/test_config.c
@@ -42,6 +42,11 @@ test_config_addressmap(void *arg)
config_get_lines(buf, &(get_options_mutable()->AddressMap), 0);
config_register_addressmaps(get_options());
+/* Use old interface for now, so we don't need to rewrite the unit tests */
+#define addressmap_rewrite(a,s,eo,ao) \
+ addressmap_rewrite((a),(s),AMR_FLAG_USE_IPV4_DNS|AMR_FLAG_USE_IPV6_DNS, \
+ (eo),(ao))
+
/* MapAddress .invalidwildcard.com .torserver.exit - no match */
strlcpy(address, "www.invalidwildcard.com", sizeof(address));
test_assert(!addressmap_rewrite(address, sizeof(address), &expires, NULL));
@@ -158,6 +163,8 @@ test_config_addressmap(void *arg)
strlcpy(address, "www.torproject.org", sizeof(address));
test_assert(!addressmap_rewrite(address, sizeof(address), &expires, NULL));
+#undef addressmap_rewrite
+
done:
;
}