From d9f1f3533d059627266ddcdb0398b4b32c7158f2 Mon Sep 17 00:00:00 2001 From: Nick Mathewson Date: Thu, 28 Dec 2006 21:29:20 +0000 Subject: r11724@Kushana: nickm | 2006-12-28 14:22:35 -0500 Refactor and unify my-ip-addr-changed logic. Make change in IP address or in nameservers reset and relaunch DNS hijacking tests. svn:r9200 --- src/or/config.c | 4 ++-- src/or/connection.c | 2 +- src/or/dns.c | 29 +++++++++++++++++++++++++++++ src/or/main.c | 41 ++++++++++++++++++++++++++++++++++++++++- src/or/or.h | 6 +++++- src/or/router.c | 27 +++++++++------------------ 6 files changed, 86 insertions(+), 23 deletions(-) (limited to 'src') diff --git a/src/or/config.c b/src/or/config.c index be22da737..383ecc62f 100644 --- a/src/or/config.c +++ b/src/or/config.c @@ -976,7 +976,7 @@ options_act(or_options_t *old_options) log_err(LD_BUG,"Error initializing keys; exiting"); return -1; } - server_has_changed_ip(); + ip_address_changed(0); if (has_completed_circuit || !any_predicted_circuits(time(NULL))) inform_testing_reachability(); } @@ -1908,7 +1908,7 @@ resolve_my_address(int warn_severity, or_options_t *options, /* Leave this as a notice, regardless of the requested severity, * at least until dynamic IP address support becomes bulletproof. */ log_notice(LD_NET, "Your IP address seems to have changed. Updating."); - server_has_changed_ip(); + ip_address_changed(0); } last_resolved_addr = *addr_out; if (hostname_out) diff --git a/src/or/connection.c b/src/or/connection.c index 8b6a209c0..0b2f5c4b2 100644 --- a/src/or/connection.c +++ b/src/or/connection.c @@ -2128,7 +2128,7 @@ client_check_address_changed(int sock) smartlist_clear(outgoing_addrs); smartlist_add(outgoing_addrs, ip); /* Okay, now change our keys. */ - init_keys(); /* XXXX NM return value-- safe to ignore? */ + ip_address_changed(1); } } diff --git a/src/or/dns.c b/src/or/dns.c index a85b5ee21..e7dbccb4b 100644 --- a/src/or/dns.c +++ b/src/or/dns.c @@ -1399,6 +1399,11 @@ dns_seems_to_be_broken(void) { return 0; } + +void +dns_reset_correctness_checks(void) +{ +} #else /* !USE_EVENTDNS */ /** Eventdns helper: return true iff the eventdns result err is @@ -1514,6 +1519,8 @@ configure_nameservers(int force) } #endif + dns_servers_relaunch_checks(); + nameservers_configured = 1; return 0; } @@ -1855,6 +1862,28 @@ dns_seems_to_be_broken(void) return dns_is_completely_invalid; } +void +dns_reset_correctness_checks(void) +{ + if (dns_wildcard_response_count) { + strmap_free(dns_wildcard_response_count, _tor_free); + dns_wildcard_response_count = NULL; + } + n_wildcard_requests = 0; + + if (dns_wildcard_list) { + SMARTLIST_FOREACH(dns_wildcard_list, char *, cp, tor_free(cp)); + smartlist_clear(dns_wildcard_list); + } + if (dns_wildcarded_test_address_list) { + SMARTLIST_FOREACH(dns_wildcarded_test_address_list, char *, cp, + tor_free(cp)); + smartlist_clear(dns_wildcarded_test_address_list); + } + dns_wildcard_one_notice_given = dns_wildcard_notice_given = + dns_wildcarded_test_address_notice_given = dns_is_completely_invalid = 0; +} + /** Return true iff we have noticed that the dotted-quad ip has been * returned in response to requests for nonexistent hostnames. */ static int diff --git a/src/or/main.c b/src/or/main.c index e0be4281a..2247210bf 100644 --- a/src/or/main.c +++ b/src/or/main.c @@ -52,6 +52,8 @@ long stats_n_seconds_working = 0; static time_t time_to_fetch_directory = 0; /** When do we next download a running-routers summary? */ static time_t time_to_fetch_running_routers = 0; +/** When do we next launch DNS wildcarding checks? */ +static time_t time_to_check_for_correct_dns = 0; /** Array of all open connections. The first n_conns elements are valid. */ static connection_t *connection_array[MAXCONNECTIONS+1] = @@ -729,7 +731,6 @@ run_scheduled_events(time_t now) static time_t time_to_try_getting_descriptors = 0; static time_t time_to_reset_descriptor_failures = 0; static time_t time_to_add_entropy = 0; - static time_t time_to_check_for_correct_dns = 0; or_options_t *options = get_options(); int i; int have_dir_info; @@ -1057,6 +1058,44 @@ got_libevent_error(void) } #endif +#define UPTIME_CUTOFF_FOR_NEW_BANDWIDTH_TEST (6*60*60) + +/** Called when our IP address seems to have changed. at_interface + * should be true if we detected a change in our interface, and false if we + * detected a change in our published address. */ +void +ip_address_changed(int at_interface) +{ + int server = server_mode(get_options()); + + if (at_interface) { + if (! server) { + /* Okay, change our keys. */ + init_keys(); + } + } else { + if (server) { + if (stats_n_seconds_working > UPTIME_CUTOFF_FOR_NEW_BANDWIDTH_TEST) + reset_bandwidth_test(); + stats_n_seconds_working = 0; + router_reset_reachability(); + mark_my_descriptor_dirty(); + } + } + + dns_servers_relaunch_checks(); +} + +/* DOCDOC */ +void +dns_servers_relaunch_checks(void) +{ + if (server_mode(get_options())) { + dns_reset_correctness_checks(); + time_to_check_for_correct_dns = 0; + } +} + /** Called when we get a SIGHUP: reload configuration files and keys, * retry all connections, re-upload all descriptors, and so on. */ static int diff --git a/src/or/or.h b/src/or/or.h index f107ab173..6f3520710 100644 --- a/src/or/or.h +++ b/src/or/or.h @@ -2323,6 +2323,7 @@ void dns_cancel_pending_resolve(const char *question); int dns_resolve(edge_connection_t *exitconn, or_circuit_t *circ); void dns_launch_correctness_checks(void); int dns_seems_to_be_broken(void); +void dns_reset_correctness_checks(void); /********************************* hibernate.c **********************/ @@ -2363,6 +2364,9 @@ void connection_start_writing(connection_t *conn); void directory_all_unreachable(time_t now); void directory_info_has_arrived(time_t now, int from_cache); +void ip_address_changed(int at_interface); +void dns_servers_relaunch_checks(void); + void control_signal_act(int the_signal); void handle_signals(int is_parent); void tor_cleanup(void); @@ -2632,7 +2636,6 @@ int check_whether_dirport_reachable(void); void consider_testing_reachability(int test_or, int test_dir); void router_orport_found_reachable(void); void router_dirport_found_reachable(void); -void server_has_changed_ip(void); void router_perform_bandwidth_test(int num_circs, time_t now); int authdir_mode(or_options_t *options); @@ -2664,6 +2667,7 @@ int is_legal_nickname_or_hexdigest(const char *s); int is_legal_hexdigest(const char *s); void router_get_verbose_nickname(char *buf, routerinfo_t *router); void router_reset_warnings(void); +void router_reset_reachability(void); void router_free_all(void); /********************************* routerlist.c ***************************/ diff --git a/src/or/router.c b/src/or/router.c index 48c70039a..546e29d4b 100644 --- a/src/or/router.c +++ b/src/or/router.c @@ -381,6 +381,13 @@ static int can_reach_or_port = 0; /** Whether we can reach our DirPort from the outside. */ static int can_reach_dir_port = 0; +/** DOCDOC */ +void +router_reset_reachability(void) +{ + can_reach_or_port = can_reach_dir_port = 0; +} + /** Return 1 if ORPort is known reachable; else return 0. */ int check_whether_orport_reachable(void) @@ -488,20 +495,6 @@ router_dirport_found_reachable(void) } } -#define UPTIME_CUTOFF_FOR_NEW_BANDWIDTH_TEST (6*60*60) - -/** Our router has just moved to a new IP. Reset stats. */ -void -server_has_changed_ip(void) -{ - if (stats_n_seconds_working > UPTIME_CUTOFF_FOR_NEW_BANDWIDTH_TEST) - reset_bandwidth_test(); - stats_n_seconds_working = 0; - can_reach_or_port = 0; - can_reach_dir_port = 0; - mark_my_descriptor_dirty(); -} - /** We have enough testing circuits open. Send a bunch of "drop" * cells down each of them, to exercise our bandwidth. */ void @@ -996,9 +989,7 @@ check_descriptor_ipaddress_changed(time_t now) if (prev != cur) { log_addr_has_changed(LOG_INFO, prev, cur); - mark_my_descriptor_dirty(); - /* the above call is probably redundant, since resolve_my_address() - * probably already noticed and marked it dirty. */ + ip_address_changed(0); } } @@ -1044,7 +1035,7 @@ router_new_address_suggestion(const char *suggestion) * resolve it. */ if (last_guessed_ip != addr) { log_addr_has_changed(LOG_NOTICE, last_guessed_ip, addr); - server_has_changed_ip(); + ip_address_changed(0); last_guessed_ip = addr; /* router_rebuild_descriptor() will fetch it */ } } -- cgit v1.2.3