Patch from mwenge: update TrackHostExits mapping expiry times when the mappings are used, so that they expire a while after their last use, not a while after their creation.

svn:r17004

4 files changed, 21 insertions, 10 deletions

diff --git a/src/or/buffers.c b/src/or/buffers.c
index 634df13b1..ba70e555d 100644
--- a/src/or/buffers.c
+++ b/src/or/buffers.c
@@ -1402,7 +1402,7 @@ fetch_from_buf_socks(buf_t *buf, socks_request_t *req,
           req->port = ntohs(get_uint16(buf->head->data+4+addrlen));
           buf_remove_from_front(buf, 6+addrlen);
           if (req->command != SOCKS_COMMAND_RESOLVE_PTR &&
-              !addressmap_have_mapping(req->address) &&
+              !addressmap_have_mapping(req->address,0) &&
               !have_warned_about_unsafe_socks) {
             log_warn(LD_APP,
                 "Your application (using socks5 to port %d) is giving "
@@ -1412,7 +1412,8 @@ fetch_from_buf_socks(buf_t *buf, socks_request_t *req,
                 "please see http://wiki.noreply.org/noreply/TheOnionRouter/"
                 "TorFAQ#SOCKSAndDNS.%s", req->port,
                 safe_socks ? " Rejecting." : "");
-//            have_warned_about_unsafe_socks = 1; // (for now, warn every time)
+            /*have_warned_about_unsafe_socks = 1;*/
+                                      /*(for now, warn every time)*/
             control_event_client_status(LOG_WARN,
                           "DANGEROUS_SOCKS PROTOCOL=SOCKS5 ADDRESS=%s:%d",
                           req->address, req->port);
@@ -1514,7 +1515,7 @@ fetch_from_buf_socks(buf_t *buf, socks_request_t *req,
 
       startaddr = NULL;
       if (socks4_prot != socks4a &&
-          !addressmap_have_mapping(tmpbuf) &&
+          !addressmap_have_mapping(tmpbuf,0) &&
           !have_warned_about_unsafe_socks) {
         log_warn(LD_APP,
                  "Your application (using socks4 to port %d) is giving Tor "
@@ -1524,7 +1525,7 @@ fetch_from_buf_socks(buf_t *buf, socks_request_t *req,
                  "please see http://wiki.noreply.org/noreply/TheOnionRouter/"
                  "TorFAQ#SOCKSAndDNS.%s", req->port,
                  safe_socks ? " Rejecting." : "");
-//      have_warned_about_unsafe_socks = 1; // (for now, warn every time)
+        /*have_warned_about_unsafe_socks = 1;*/  /*(for now, warn every time)*/
         control_event_client_status(LOG_WARN,
                         "DANGEROUS_SOCKS PROTOCOL=SOCKS4 ADDRESS=%s:%d",
                         tmpbuf, req->port);
diff --git a/src/or/circuituse.c b/src/or/circuituse.c
index 62ced088b..26e956ddb 100644
--- a/src/or/circuituse.c
+++ b/src/or/circuituse.c
@@ -1251,7 +1251,8 @@ consider_recording_trackhost(edge_connection_t *conn, origin_circuit_t *circ)
   /* Search the addressmap for this conn's destination. */
   /* If he's not in the address map.. */
   if (!options->TrackHostExits ||
-      addressmap_have_mapping(conn->socks_request->address))
+      addressmap_have_mapping(conn->socks_request->address,
+                              options->TrackHostExitsExpire))
     return; /* nothing to track, or already mapped */
 
   SMARTLIST_FOREACH(options->TrackHostExits, const char *, cp, {
diff --git a/src/or/connection_edge.c b/src/or/connection_edge.c
index bd53c9bee..b1d42cc5f 100644
--- a/src/or/connection_edge.c
+++ b/src/or/connection_edge.c
@@ -610,7 +610,8 @@ connection_ap_detach_retriable(edge_connection_t *conn, origin_circuit_t *circ,
  *
  * (We overload the 'expires' field, using "0" for mappings set via
  * the configuration file, "1" for mappings set from the control
- * interface, and other values for DNS mappings that can expire.)
+ * interface, and other values for DNS and TrackHostExit mappings that can
+ * expire.)
  */
 typedef struct {
   char *new_address;
@@ -831,11 +832,19 @@ addressmap_rewrite_reverse(char *address, size_t maxlen, time_t *expires_out)
   return r;
 }
 
-/** Return 1 if <b>address</b> is already registered, else return 0 */
+/** Return 1 if <b>address</b> is already registered, else return 0. If address
+ * is already registered, and <b>update_expires</b> is non-zero, then update
+ * the expiry time on the mapping with update_expires if it is a
+ * mapping created by TrackHostExits. */
 int
-addressmap_have_mapping(const char *address)
+addressmap_have_mapping(const char *address, int update_expiry)
 {
-  return strmap_get_lc(addressmap, address) ? 1 : 0;
+  addressmap_entry_t *ent;
+  if (!(ent=strmap_get_lc(addressmap, address)))
+    return 0;
+  if (update_expiry && ent->source==ADDRMAPSRC_TRACKEXIT)
+    ent->expires=time(NULL) + update_expiry;
+  return 1;
 }
 
 /** Register a request to map <b>address</b> to <b>new_address</b>,
diff --git a/src/or/or.h b/src/or/or.h
index 5820a56c4..7b87e3e3f 100644
--- a/src/or/or.h
+++ b/src/or/or.h
@@ -2997,7 +2997,7 @@ void addressmap_clear_configured(void);
 void addressmap_clear_transient(void);
 void addressmap_free_all(void);
 int addressmap_rewrite(char *address, size_t maxlen, time_t *expires_out);
-int addressmap_have_mapping(const char *address);
+int addressmap_have_mapping(const char *address, int update_timeout);
 typedef enum {
   ADDRMAPSRC_CONTROLLER, ADDRMAPSRC_TORRC, ADDRMAPSRC_TRACKEXIT,
   ADDRMAPSRC_DNS,