tor  0.4.2.0-alpha-dev
addressmap.c
Go to the documentation of this file.
1 /* Copyright (c) 2001 Matej Pfajfar.
2  * Copyright (c) 2001-2004, Roger Dingledine.
3  * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson.
4  * Copyright (c) 2007-2019, The Tor Project, Inc. */
5 /* See LICENSE for licensing information */
6 
16 #define ADDRESSMAP_PRIVATE
17 
19 
20 #include "core/or/or.h"
21 #include "feature/client/addressmap.h"
22 #include "core/or/circuituse.h"
23 #include "app/config/config.h"
26 #include "feature/relay/dns.h"
28 #include "feature/nodelist/routerset.h"
29 
30 #include "core/or/entry_connection_st.h"
31 
58 typedef struct {
59  char *new_address;
60  time_t expires;
61  addressmap_entry_source_bitfield_t source:3;
62  unsigned src_wildcard:1;
63  unsigned dst_wildcard:1;
64  short num_resolve_failures;
66 
68 typedef struct {
69  char *ipv4_address;
70  char *ipv6_address;
71  char *hostname_address;
73 
75 static strmap_t *addressmap=NULL;
76 
87 static strmap_t *virtaddress_reversemap=NULL;
88 
90 void
92 {
93  addressmap = strmap_new();
94  virtaddress_reversemap = strmap_new();
95 }
96 
97 #define addressmap_ent_free(ent) \
98  FREE_AND_NULL(addressmap_entry_t, addressmap_ent_free_, (ent))
99 
101 static void
103 {
104  if (!ent)
105  return;
106 
107  tor_free(ent->new_address);
108  tor_free(ent);
109 }
110 
111 static void
112 addressmap_ent_free_void(void *ent)
113 {
115 }
116 
117 #define addressmap_virtaddress_ent_free(ent) \
118  FREE_AND_NULL(virtaddress_entry_t, addressmap_virtaddress_ent_free_, (ent))
119 
121 static void
123 {
124  if (!ent)
125  return;
126  tor_free(ent->ipv4_address);
127  tor_free(ent->ipv6_address);
128  tor_free(ent->hostname_address);
129  tor_free(ent);
130 }
131 
132 static void
133 addressmap_virtaddress_ent_free_void(void *ent)
134 {
136 }
137 
140 static void
142 {
143  if (ent && ent->new_address &&
144  address_is_in_virtual_range(ent->new_address)) {
145  virtaddress_entry_t *ve =
146  strmap_get(virtaddress_reversemap, ent->new_address);
147  /*log_fn(LOG_NOTICE,"remove reverse mapping for %s",ent->new_address);*/
148  if (ve) {
149  if (!strcmp(address, ve->ipv4_address))
150  tor_free(ve->ipv4_address);
151  if (!strcmp(address, ve->ipv6_address))
152  tor_free(ve->ipv6_address);
153  if (!strcmp(address, ve->hostname_address))
154  tor_free(ve->hostname_address);
155  if (!ve->ipv4_address && !ve->ipv6_address && !ve->hostname_address) {
156  tor_free(ve);
157  strmap_remove(virtaddress_reversemap, ent->new_address);
158  }
159  }
160  }
161 }
162 
165 static void
166 addressmap_ent_remove(const char *address, addressmap_entry_t *ent)
167 {
168  addressmap_virtaddress_remove(address, ent);
169  addressmap_ent_free(ent);
170 }
171 
174 void
175 clear_trackexithost_mappings(const char *exitname)
176 {
177  char *suffix = NULL;
178  if (!addressmap || !exitname)
179  return;
180  tor_asprintf(&suffix, ".%s.exit", exitname);
181  tor_strlower(suffix);
182 
183  STRMAP_FOREACH_MODIFY(addressmap, address, addressmap_entry_t *, ent) {
184  if (ent->source == ADDRMAPSRC_TRACKEXIT &&
185  !strcmpend(ent->new_address, suffix)) {
186  addressmap_ent_remove(address, ent);
187  MAP_DEL_CURRENT(address);
188  }
189  } STRMAP_FOREACH_END;
190 
191  tor_free(suffix);
192 }
193 
197 void
199 {
200  const routerset_t *allow_nodes = options->ExitNodes;
201  const routerset_t *exclude_nodes = options->ExcludeExitNodesUnion_;
202 
203  if (!addressmap)
204  return;
205  if (routerset_is_empty(allow_nodes))
206  allow_nodes = NULL;
207  if (allow_nodes == NULL && routerset_is_empty(exclude_nodes))
208  return;
209 
210  STRMAP_FOREACH_MODIFY(addressmap, address, addressmap_entry_t *, ent) {
211  size_t len;
212  const char *target = ent->new_address, *dot;
213  char *nodename;
214  const node_t *node;
215 
216  if (!target) {
217  /* DNS resolving in progress */
218  continue;
219  } else if (strcmpend(target, ".exit")) {
220  /* Not a .exit mapping */
221  continue;
222  } else if (ent->source != ADDRMAPSRC_TRACKEXIT) {
223  /* Not a trackexit mapping. */
224  continue;
225  }
226  len = strlen(target);
227  if (len < 6)
228  continue; /* malformed. */
229  dot = target + len - 6; /* dot now points to just before .exit */
230  while (dot > target && *dot != '.')
231  dot--;
232  if (*dot == '.') dot++;
233  nodename = tor_strndup(dot, len-5-(dot-target));
234  node = node_get_by_nickname(nodename, NNF_NO_WARN_UNNAMED);
235  tor_free(nodename);
236  if (!node ||
237  (allow_nodes && !routerset_contains_node(allow_nodes, node)) ||
238  routerset_contains_node(exclude_nodes, node) ||
239  !hostname_in_track_host_exits(options, address)) {
240  /* We don't know this one, or we want to be rid of it. */
241  addressmap_ent_remove(address, ent);
242  MAP_DEL_CURRENT(address);
243  }
244  } STRMAP_FOREACH_END;
245 }
246 
249 int
251  const or_options_t *options)
252 {
253  const smartlist_t *suffix_list = options->AutomapHostsSuffixes;
254 
255  if (!suffix_list)
256  return 0;
257 
258  SMARTLIST_FOREACH_BEGIN(suffix_list, const char *, suffix) {
259  if (!strcmp(suffix, "."))
260  return 1;
261  if (!strcasecmpend(address, suffix))
262  return 1;
263  } SMARTLIST_FOREACH_END(suffix);
264  return 0;
265 }
266 
271 void
273 {
274  int clear_all = !options->AutomapHostsOnResolve;
275  const smartlist_t *suffixes = options->AutomapHostsSuffixes;
276 
277  if (!addressmap)
278  return;
279 
280  if (!suffixes)
281  clear_all = 1; /* This should be impossible, but let's be sure. */
282 
283  STRMAP_FOREACH_MODIFY(addressmap, src_address, addressmap_entry_t *, ent) {
284  int remove_this = clear_all;
285  if (ent->source != ADDRMAPSRC_AUTOMAP)
286  continue; /* not an automap mapping. */
287 
288  if (!remove_this) {
289  remove_this = ! addressmap_address_should_automap(src_address, options);
290  }
291 
292  if (!remove_this && ! address_is_in_virtual_range(ent->new_address))
293  remove_this = 1;
294 
295  if (remove_this) {
296  addressmap_ent_remove(src_address, ent);
297  MAP_DEL_CURRENT(src_address);
298  }
299  } STRMAP_FOREACH_END;
300 }
301 
304 void
306 {
307  addressmap_get_mappings(NULL, 0, 0, 0);
308 }
309 
311 void
313 {
314  addressmap_get_mappings(NULL, 2, TIME_MAX, 0);
315 }
316 
320 void
321 addressmap_clean(time_t now)
322 {
323  addressmap_get_mappings(NULL, 2, now, 0);
324 }
325 
328 void
330 {
331  strmap_free(addressmap, addressmap_ent_free_void);
332  addressmap = NULL;
333 
334  strmap_free(virtaddress_reversemap, addressmap_virtaddress_ent_free_void);
335  virtaddress_reversemap = NULL;
336 }
337 
349 static addressmap_entry_t *
351 {
352  addressmap_entry_t *val;
353  char *cp;
354 
355  cp = address;
356  while ((cp = strchr(cp, '.'))) {
357  /* cp now points to a suffix of address that begins with a . */
358  val = strmap_get_lc(addressmap, cp+1);
359  if (val && val->src_wildcard) {
360  if (val->dst_wildcard)
361  *cp = '\0';
362  return val;
363  }
364  ++cp;
365  }
366  return NULL;
367 }
368 
383 int
384 addressmap_rewrite(char *address, size_t maxlen,
385  unsigned flags,
386  time_t *expires_out,
387  addressmap_entry_source_t *exit_source_out)
388 {
389  addressmap_entry_t *ent;
390  int rewrites;
391  time_t expires = TIME_MAX;
393  char *addr_orig = tor_strdup(address);
394  char *log_addr_orig = NULL;
395 
396  /* We use a loop here to limit the total number of rewrites we do,
397  * so that we can't hit an infinite loop. */
398  for (rewrites = 0; rewrites < 16; rewrites++) {
399  int exact_match = 0;
400  log_addr_orig = tor_strdup(escaped_safe_str_client(address));
401 
402  /* First check to see if there's an exact match for this address */
403  ent = strmap_get(addressmap, address);
404 
405  if (!ent || !ent->new_address) {
406  /* And if we don't have an exact match, try to check whether
407  * we have a pattern-based match.
408  */
409  ent = addressmap_match_superdomains(address);
410  } else {
411  if (ent->src_wildcard && !ent->dst_wildcard &&
412  !strcasecmp(address, ent->new_address)) {
413  /* This is a rule like "rewrite *.example.com to example.com", and we
414  * just got "example.com". Instead of calling it an infinite loop,
415  * call it complete. */
416  goto done;
417  }
418  exact_match = 1;
419  }
420 
421  if (!ent || !ent->new_address) {
422  /* We still have no match at all. We're done! */
423  goto done;
424  }
425 
426  /* Check wither the flags we were passed tell us not to use this
427  * mapping. */
428  switch (ent->source) {
429  case ADDRMAPSRC_DNS:
430  {
431  sa_family_t f;
432  tor_addr_t tmp;
433  f = tor_addr_parse(&tmp, ent->new_address);
434  if (f == AF_INET && !(flags & AMR_FLAG_USE_IPV4_DNS))
435  goto done;
436  else if (f == AF_INET6 && !(flags & AMR_FLAG_USE_IPV6_DNS))
437  goto done;
438  }
439  break;
441  case ADDRMAPSRC_TORRC:
442  if (!(flags & AMR_FLAG_USE_MAPADDRESS))
443  goto done;
444  break;
445  case ADDRMAPSRC_AUTOMAP:
446  if (!(flags & AMR_FLAG_USE_AUTOMAP))
447  goto done;
448  break;
450  if (!(flags & AMR_FLAG_USE_TRACKEXIT))
451  goto done;
452  break;
453  case ADDRMAPSRC_NONE:
454  default:
455  log_warn(LD_BUG, "Unknown addrmap source value %d. Ignoring it.",
456  (int) ent->source);
457  goto done;
458  }
459 
460  /* Now fill in the address with the new address. That might be via
461  * appending some new stuff to the end, or via just replacing it. */
462  if (ent->dst_wildcard && !exact_match) {
463  strlcat(address, ".", maxlen);
464  strlcat(address, ent->new_address, maxlen);
465  } else {
466  strlcpy(address, ent->new_address, maxlen);
467  }
468 
469  /* Is this now a .exit address? If so, remember where we got it.*/
470  if (!strcmpend(address, ".exit") &&
471  strcmpend(addr_orig, ".exit") &&
472  exit_source == ADDRMAPSRC_NONE) {
473  exit_source = ent->source;
474  }
475 
476  log_info(LD_APP, "Addressmap: rewriting %s to %s",
477  log_addr_orig, escaped_safe_str_client(address));
478  if (ent->expires > 1 && ent->expires < expires)
479  expires = ent->expires;
480 
481  tor_free(log_addr_orig);
482  }
483  log_warn(LD_CONFIG,
484  "Loop detected: we've rewritten %s 16 times! Using it as-is.",
485  escaped_safe_str_client(address));
486  /* it's fine to rewrite a rewrite, but don't loop forever */
487 
488  done:
489  tor_free(addr_orig);
490  tor_free(log_addr_orig);
491  if (exit_source_out)
492  *exit_source_out = exit_source;
493  if (expires_out)
494  *expires_out = expires;
495  return (rewrites > 0);
496 }
497 
503 int
504 addressmap_rewrite_reverse(char *address, size_t maxlen, unsigned flags,
505  time_t *expires_out)
506 {
507  char *s, *cp;
508  addressmap_entry_t *ent;
509  int r = 0;
510  {
511  sa_family_t f;
512  tor_addr_t tmp;
513  f = tor_addr_parse(&tmp, address);
514  if (f == AF_INET && !(flags & AMR_FLAG_USE_IPV4_DNS))
515  return 0;
516  else if (f == AF_INET6 && !(flags & AMR_FLAG_USE_IPV6_DNS))
517  return 0;
518  /* FFFF we should reverse-map virtual addresses even if we haven't
519  * enabled DNS cacheing. */
520  }
521 
522  tor_asprintf(&s, "REVERSE[%s]", address);
523  ent = strmap_get(addressmap, s);
524  if (ent) {
525  cp = tor_strdup(escaped_safe_str_client(ent->new_address));
526  log_info(LD_APP, "Rewrote reverse lookup %s -> %s",
527  escaped_safe_str_client(s), cp);
528  tor_free(cp);
529  strlcpy(address, ent->new_address, maxlen);
530  r = 1;
531  }
532 
533  if (expires_out)
534  *expires_out = (ent && ent->expires > 1) ? ent->expires : TIME_MAX;
535 
536  tor_free(s);
537  return r;
538 }
539 
544 int
545 addressmap_have_mapping(const char *address, int update_expiry)
546 {
547  addressmap_entry_t *ent;
548  if (!(ent=strmap_get_lc(addressmap, address)))
549  return 0;
550  if (update_expiry && ent->source==ADDRMAPSRC_TRACKEXIT)
551  ent->expires=time(NULL) + update_expiry;
552  return 1;
553 }
554 
576 void
577 addressmap_register(const char *address, char *new_address, time_t expires,
579  const int wildcard_addr,
580  const int wildcard_new_addr)
581 {
582  addressmap_entry_t *ent;
583 
584  if (wildcard_new_addr)
585  tor_assert(wildcard_addr);
586 
587  ent = strmap_get(addressmap, address);
588  if (!new_address || (!strcasecmp(address,new_address) &&
589  wildcard_addr == wildcard_new_addr)) {
590  /* Remove the mapping, if any. */
591  tor_free(new_address);
592  if (ent) {
593  addressmap_ent_remove(address,ent);
594  strmap_remove(addressmap, address);
595  }
596  return;
597  }
598  if (!ent) { /* make a new one and register it */
599  ent = tor_malloc_zero(sizeof(addressmap_entry_t));
600  strmap_set(addressmap, address, ent);
601  } else if (ent->new_address) { /* we need to clean up the old mapping. */
602  if (expires > 1) {
603  log_info(LD_APP,"Temporary addressmap ('%s' to '%s') not performed, "
604  "since it's already mapped to '%s'",
605  safe_str_client(address),
606  safe_str_client(new_address),
607  safe_str_client(ent->new_address));
608  tor_free(new_address);
609  return;
610  }
611  if (address_is_in_virtual_range(ent->new_address) &&
612  expires != 2) {
613  /* XXX This isn't the perfect test; we want to avoid removing
614  * mappings set from the control interface _as virtual mapping */
615  addressmap_virtaddress_remove(address, ent);
616  }
617  tor_free(ent->new_address);
618  } /* else { we have an in-progress resolve with no mapping. } */
619 
620  ent->new_address = new_address;
621  ent->expires = expires==2 ? 1 : expires;
622  ent->num_resolve_failures = 0;
623  ent->source = source;
624  ent->src_wildcard = wildcard_addr ? 1 : 0;
625  ent->dst_wildcard = wildcard_new_addr ? 1 : 0;
626 
627  log_info(LD_CONFIG, "Addressmap: (re)mapped '%s' to '%s'",
628  safe_str_client(address),
629  safe_str_client(ent->new_address));
630  control_event_address_mapped(address, ent->new_address, expires, NULL, 1);
631 }
632 
637 int
638 client_dns_incr_failures(const char *address)
639 {
640  addressmap_entry_t *ent = strmap_get(addressmap, address);
641  if (!ent) {
642  ent = tor_malloc_zero(sizeof(addressmap_entry_t));
643  ent->expires = time(NULL) + MAX_DNS_ENTRY_AGE;
644  strmap_set(addressmap,address,ent);
645  }
646  if (ent->num_resolve_failures < SHRT_MAX)
647  ++ent->num_resolve_failures; /* don't overflow */
648  log_info(LD_APP, "Address %s now has %d resolve failures.",
649  safe_str_client(address),
650  ent->num_resolve_failures);
651  return ent->num_resolve_failures;
652 }
653 
659 void
660 client_dns_clear_failures(const char *address)
661 {
662  addressmap_entry_t *ent = strmap_get(addressmap, address);
663  if (ent)
664  ent->num_resolve_failures = 0;
665 }
666 
677 static void
679  const char *address, const char *name,
680  const char *exitname,
681  int ttl)
682 {
683  char *extendedaddress=NULL, *extendedval=NULL;
684  (void)for_conn;
685 
686  tor_assert(address);
687  tor_assert(name);
688 
689  if (ttl<0)
690  ttl = DEFAULT_DNS_TTL;
691  else
692  ttl = dns_clip_ttl(ttl);
693 
694  if (exitname) {
695  /* XXXX fails to ever get attempts to get an exit address of
696  * google.com.digest[=~]nickname.exit; we need a syntax for this that
697  * won't make strict RFC952-compliant applications (like us) barf. */
698  tor_asprintf(&extendedaddress,
699  "%s.%s.exit", address, exitname);
700  tor_asprintf(&extendedval,
701  "%s.%s.exit", name, exitname);
702  } else {
703  tor_asprintf(&extendedaddress,
704  "%s", address);
705  tor_asprintf(&extendedval,
706  "%s", name);
707  }
708  addressmap_register(extendedaddress, extendedval,
709  time(NULL) + ttl, ADDRMAPSRC_DNS, 0, 0);
710  tor_free(extendedaddress);
711 }
712 
723 void
725  const char *address,
726  const tor_addr_t *val,
727  const char *exitname,
728  int ttl)
729 {
730  tor_addr_t addr_tmp;
731  char valbuf[TOR_ADDR_BUF_LEN];
732 
733  tor_assert(address);
734  tor_assert(val);
735 
736  if (tor_addr_parse(&addr_tmp, address) >= 0)
737  return; /* If address was an IP address already, don't add a mapping. */
738 
739  if (tor_addr_family(val) == AF_INET) {
740  if (! for_conn->entry_cfg.cache_ipv4_answers)
741  return;
742  } else if (tor_addr_family(val) == AF_INET6) {
743  if (! for_conn->entry_cfg.cache_ipv6_answers)
744  return;
745  }
746 
747  if (! tor_addr_to_str(valbuf, val, sizeof(valbuf), 1))
748  return;
749 
750  client_dns_set_addressmap_impl(for_conn, address, valbuf, exitname, ttl);
751 }
752 
762 void
764  const char *address, const char *v,
765  const char *exitname,
766  int ttl)
767 {
768  char *s = NULL;
769  {
770  tor_addr_t tmp_addr;
771  sa_family_t f = tor_addr_parse(&tmp_addr, address);
772  if ((f == AF_INET && ! for_conn->entry_cfg.cache_ipv4_answers) ||
773  (f == AF_INET6 && ! for_conn->entry_cfg.cache_ipv6_answers))
774  return;
775  }
776  tor_asprintf(&s, "REVERSE[%s]", address);
777  client_dns_set_addressmap_impl(for_conn, s, v, exitname, ttl);
778  tor_free(s);
779 }
780 
781 /* By default, we hand out 127.192.0.1 through 127.254.254.254.
782  * These addresses should map to localhost, so even if the
783  * application accidentally tried to connect to them directly (not
784  * via Tor), it wouldn't get too far astray.
785  *
786  * These options are configured by parse_virtual_addr_network().
787  */
788 
789 static virtual_addr_conf_t virtaddr_conf_ipv4;
790 static virtual_addr_conf_t virtaddr_conf_ipv6;
791 
797 int
798 parse_virtual_addr_network(const char *val, sa_family_t family,
799  int validate_only,
800  char **msg)
801 {
802  const int ipv6 = (family == AF_INET6);
803  tor_addr_t addr;
804  maskbits_t bits;
805  const int max_prefix_bits = ipv6 ? 104 : 16;
806  virtual_addr_conf_t *conf = ipv6 ? &virtaddr_conf_ipv6 : &virtaddr_conf_ipv4;
807 
808  if (!val || val[0] == '\0') {
809  if (msg)
810  tor_asprintf(msg, "Value not present (%s) after VirtualAddressNetwork%s",
811  val?"Empty":"NULL", ipv6?"IPv6":"");
812  return -1;
813  }
814  if (tor_addr_parse_mask_ports(val, 0, &addr, &bits, NULL, NULL) < 0) {
815  if (msg)
816  tor_asprintf(msg, "Error parsing VirtualAddressNetwork%s %s",
817  ipv6?"IPv6":"", val);
818  return -1;
819  }
820  if (tor_addr_family(&addr) != family) {
821  if (msg)
822  tor_asprintf(msg, "Incorrect address type for VirtualAddressNetwork%s",
823  ipv6?"IPv6":"");
824  return -1;
825  }
826 #if 0
827  if (port_min != 1 || port_max != 65535) {
828  if (msg)
829  tor_asprintf(msg, "Can't specify ports on VirtualAddressNetwork%s",
830  ipv6?"IPv6":"");
831  return -1;
832  }
833 #endif /* 0 */
834 
835  if (bits > max_prefix_bits) {
836  if (msg)
837  tor_asprintf(msg, "VirtualAddressNetwork%s expects a /%d "
838  "network or larger",ipv6?"IPv6":"", max_prefix_bits);
839  return -1;
840  }
841 
842  if (validate_only)
843  return 0;
844 
845  tor_addr_copy(&conf->addr, &addr);
846  conf->bits = bits;
847 
848  return 0;
849 }
850 
855 int
856 address_is_in_virtual_range(const char *address)
857 {
858  tor_addr_t addr;
859  tor_assert(address);
860  if (!strcasecmpend(address, ".virtual")) {
861  return 1;
862  } else if (tor_addr_parse(&addr, address) >= 0) {
863  const virtual_addr_conf_t *conf = (tor_addr_family(&addr) == AF_INET6) ?
864  &virtaddr_conf_ipv6 : &virtaddr_conf_ipv4;
865  if (tor_addr_compare_masked(&addr, &conf->addr, conf->bits, CMP_EXACT)==0)
866  return 1;
867  }
868  return 0;
869 }
870 
874 STATIC void
875 get_random_virtual_addr(const virtual_addr_conf_t *conf, tor_addr_t *addr_out)
876 {
877  uint8_t tmp[4];
878  const uint8_t *addr_bytes;
879  uint8_t bytes[16];
880  const int ipv6 = tor_addr_family(&conf->addr) == AF_INET6;
881  const int total_bytes = ipv6 ? 16 : 4;
882 
883  tor_assert(conf->bits <= total_bytes * 8);
884 
885  /* Set addr_bytes to the bytes of the virtual network, in host order */
886  if (ipv6) {
887  addr_bytes = tor_addr_to_in6_addr8(&conf->addr);
888  } else {
889  set_uint32(tmp, tor_addr_to_ipv4n(&conf->addr));
890  addr_bytes = tmp;
891  }
892 
893  /* Get an appropriate number of random bytes. */
894  crypto_rand((char*)bytes, total_bytes);
895 
896  /* Now replace the first "conf->bits" bits of 'bytes' with addr_bytes*/
897  if (conf->bits >= 8)
898  memcpy(bytes, addr_bytes, conf->bits / 8);
899  if (conf->bits & 7) {
900  uint8_t mask = 0xff >> (conf->bits & 7);
901  bytes[conf->bits/8] &= mask;
902  bytes[conf->bits/8] |= addr_bytes[conf->bits/8] & ~mask;
903  }
904 
905  if (ipv6)
906  tor_addr_from_ipv6_bytes(addr_out, (char*) bytes);
907  else
908  tor_addr_from_ipv4n(addr_out, get_uint32(bytes));
909 
910  tor_assert(tor_addr_compare_masked(addr_out, &conf->addr,
911  conf->bits, CMP_EXACT)==0);
912 }
913 
920 static char *
922 {
923  char buf[64];
925 
926  if (type == RESOLVED_TYPE_HOSTNAME) {
927  char rand_bytes[10];
928  do {
929  crypto_rand(rand_bytes, sizeof(rand_bytes));
930  base32_encode(buf,sizeof(buf),rand_bytes,sizeof(rand_bytes));
931  strlcat(buf, ".virtual", sizeof(buf));
932  } while (strmap_get(addressmap, buf));
933  return tor_strdup(buf);
934  } else if (type == RESOLVED_TYPE_IPV4 || type == RESOLVED_TYPE_IPV6) {
935  const int ipv6 = (type == RESOLVED_TYPE_IPV6);
936  const virtual_addr_conf_t *conf = ipv6 ?
937  &virtaddr_conf_ipv6 : &virtaddr_conf_ipv4;
938 
939  /* Don't try more than 1000 times. This gives us P < 1e-9 for
940  * failing to get a good address so long as the address space is
941  * less than ~97.95% full. That's always going to be true under
942  * sensible circumstances for an IPv6 /10, and it's going to be
943  * true for an IPv4 /10 as long as we've handed out less than
944  * 4.08 million addresses. */
945  uint32_t attempts = 1000;
946 
947  tor_addr_t addr;
948 
949  while (attempts--) {
950  get_random_virtual_addr(conf, &addr);
951 
952  if (!ipv6) {
953  /* Don't hand out any .0 or .255 address. */
954  const uint32_t a = tor_addr_to_ipv4h(&addr);
955  if ((a & 0xff) == 0 || (a & 0xff) == 0xff)
956  continue;
957  }
958 
959  tor_addr_to_str(buf, &addr, sizeof(buf), 1);
960  if (!strmap_get(addressmap, buf)) {
961  /* XXXX This code is to make sure I didn't add an undecorated version
962  * by mistake. I hope it's needless. */
963  char tmp[TOR_ADDR_BUF_LEN];
964  tor_addr_to_str(tmp, &addr, sizeof(tmp), 0);
965  if (strmap_get(addressmap, tmp)) {
966  // LCOV_EXCL_START
967  log_warn(LD_BUG, "%s wasn't in the addressmap, but %s was.",
968  buf, tmp);
969  continue;
970  // LCOV_EXCL_STOP
971  }
972 
973  return tor_strdup(buf);
974  }
975  }
976  log_warn(LD_CONFIG, "Ran out of virtual addresses!");
977  return NULL;
978  } else {
979  // LCOV_EXCL_START
980  log_warn(LD_BUG, "Called with unsupported address type (%d)", type);
981  return NULL;
982  // LCOV_EXCL_STOP
983  }
984 }
985 
995 const char *
996 addressmap_register_virtual_address(int type, char *new_address)
997 {
998  char **addrp;
999  virtaddress_entry_t *vent;
1000  int vent_needs_to_be_added = 0;
1001 
1002  tor_assert(new_address);
1005 
1006  vent = strmap_get(virtaddress_reversemap, new_address);
1007  if (!vent) {
1008  vent = tor_malloc_zero(sizeof(virtaddress_entry_t));
1009  vent_needs_to_be_added = 1;
1010  }
1011 
1012  if (type == RESOLVED_TYPE_IPV4)
1013  addrp = &vent->ipv4_address;
1014  else if (type == RESOLVED_TYPE_IPV6)
1015  addrp = &vent->ipv6_address;
1016  else
1017  addrp = &vent->hostname_address;
1018 
1019  if (*addrp) {
1020  addressmap_entry_t *ent = strmap_get(addressmap, *addrp);
1021  if (ent && ent->new_address &&
1022  !strcasecmp(new_address, ent->new_address)) {
1023  tor_free(new_address);
1024  tor_assert(!vent_needs_to_be_added);
1025  return *addrp;
1026  } else {
1027  log_warn(LD_BUG,
1028  "Internal confusion: I thought that '%s' was mapped to by "
1029  "'%s', but '%s' really maps to '%s'. This is a harmless bug.",
1030  safe_str_client(new_address),
1031  safe_str_client(*addrp),
1032  safe_str_client(*addrp),
1033  ent?safe_str_client(ent->new_address):"(nothing)");
1034  }
1035  }
1036 
1037  tor_free(*addrp);
1038  *addrp = addressmap_get_virtual_address(type);
1039  if (!*addrp) {
1040  tor_free(vent);
1041  tor_free(new_address);
1042  return NULL;
1043  }
1044  log_info(LD_APP, "Registering map from %s to %s", *addrp, new_address);
1045  if (vent_needs_to_be_added)
1046  strmap_set(virtaddress_reversemap, new_address, vent);
1047  addressmap_register(*addrp, new_address, 2, ADDRMAPSRC_AUTOMAP, 0, 0);
1048 
1049  /* FFFF register corresponding reverse mapping. */
1050 
1051 #if 0
1052  {
1053  /* Try to catch possible bugs */
1054  addressmap_entry_t *ent;
1055  ent = strmap_get(addressmap, *addrp);
1056  tor_assert(ent);
1057  tor_assert(!strcasecmp(ent->new_address,new_address));
1058  vent = strmap_get(virtaddress_reversemap, new_address);
1059  tor_assert(vent);
1060  tor_assert(!strcasecmp(*addrp,
1061  (type == RESOLVED_TYPE_IPV4) ?
1062  vent->ipv4_address : vent->hostname_address));
1063  log_info(LD_APP, "Map from %s to %s okay.",
1064  safe_str_client(*addrp),
1065  safe_str_client(new_address));
1066  }
1067 #endif /* 0 */
1068 
1069  return *addrp;
1070 }
1071 
1077 int
1078 address_is_invalid_destination(const char *address, int client)
1079 {
1080  if (client) {
1081  if (get_options()->AllowNonRFC953Hostnames)
1082  return 0;
1083  } else {
1084  if (get_options()->ServerDNSAllowNonRFC953Hostnames)
1085  return 0;
1086  }
1087 
1088  /* It might be an IPv6 address! */
1089  {
1090  tor_addr_t a;
1091  if (tor_addr_parse(&a, address) >= 0)
1092  return 0;
1093  }
1094 
1095  while (*address) {
1096  if (TOR_ISALNUM(*address) ||
1097  *address == '-' ||
1098  *address == '.' ||
1099  *address == '_') /* Underscore is not allowed, but Windows does it
1100  * sometimes, just to thumb its nose at the IETF. */
1101  ++address;
1102  else
1103  return 1;
1104  }
1105  return 0;
1106 }
1107 
1114 void
1115 addressmap_get_mappings(smartlist_t *sl, time_t min_expires,
1116  time_t max_expires, int want_expiry)
1117 {
1118  strmap_iter_t *iter;
1119  const char *key;
1120  void *val_;
1121  addressmap_entry_t *val;
1122 
1123  if (!addressmap)
1124  addressmap_init();
1125 
1126  for (iter = strmap_iter_init(addressmap); !strmap_iter_done(iter); ) {
1127  strmap_iter_get(iter, &key, &val_);
1128  val = val_;
1129  if (val->expires >= min_expires && val->expires <= max_expires) {
1130  if (!sl) {
1131  iter = strmap_iter_next_rmv(addressmap,iter);
1132  addressmap_ent_remove(key, val);
1133  continue;
1134  } else if (val->new_address) {
1135  const char *src_wc = val->src_wildcard ? "*." : "";
1136  const char *dst_wc = val->dst_wildcard ? "*." : "";
1137  if (want_expiry) {
1138  if (val->expires < 3 || val->expires == TIME_MAX)
1139  smartlist_add_asprintf(sl, "%s%s %s%s NEVER",
1140  src_wc, key, dst_wc, val->new_address);
1141  else {
1142  char isotime[ISO_TIME_LEN+1];
1143  format_iso_time(isotime, val->expires);
1144  smartlist_add_asprintf(sl, "%s%s %s%s \"%s\"",
1145  src_wc, key, dst_wc, val->new_address,
1146  isotime);
1147  }
1148  } else {
1149  smartlist_add_asprintf(sl, "%s%s %s%s",
1150  src_wc, key, dst_wc, val->new_address);
1151  }
1152  }
1153  }
1154  iter = strmap_iter_next(addressmap,iter);
1155  }
1156 }
#define DEFAULT_DNS_TTL
Definition: dns.h:25
void tor_addr_from_ipv4n(tor_addr_t *dest, uint32_t v4addr)
Definition: address.c:873
static void addressmap_virtaddress_remove(const char *address, addressmap_entry_t *ent)
Definition: addressmap.c:141
const char * tor_addr_to_str(char *dest, const tor_addr_t *addr, size_t len, int decorate)
Definition: address.c:328
void * strmap_get_lc(const strmap_t *map, const char *key)
Definition: map.c:393
void client_dns_clear_failures(const char *address)
Definition: addressmap.c:660
#define TOR_ADDR_BUF_LEN
Definition: address.h:205
Common functions for using (pseudo-)random number generators.
Definition: node_st.h:28
#define SMARTLIST_FOREACH_BEGIN(sl, type, var)
uint16_t sa_family_t
Definition: inaddr_st.h:77
int routerset_contains_node(const routerset_t *set, const node_t *node)
Definition: routerset.c:334
int addressmap_have_mapping(const char *address, int update_expiry)
Definition: addressmap.c:545
int AutomapHostsOnResolve
static uint32_t tor_addr_to_ipv4n(const tor_addr_t *a)
Definition: address.h:145
Header file for nodelist.c.
int strcmpend(const char *s1, const char *s2)
Definition: util_string.c:242
unsigned int cache_ipv4_answers
int addressmap_address_should_automap(const char *address, const or_options_t *options)
Definition: addressmap.c:250
static addressmap_entry_t * addressmap_match_superdomains(char *address)
Definition: addressmap.c:350
Header file for config.c.
void base32_encode(char *dest, size_t destlen, const char *src, size_t srclen)
Definition: binascii.c:60
static uint32_t tor_addr_to_ipv4h(const tor_addr_t *a)
Definition: address.h:152
addressmap_entry_source_t
Definition: or.h:1019
#define MAP_DEL_CURRENT(keyvar)
Definition: map.h:139
#define tor_free(p)
Definition: malloc.h:52
void client_dns_set_addressmap(entry_connection_t *for_conn, const char *address, const tor_addr_t *val, const char *exitname, int ttl)
Definition: addressmap.c:724
void clear_trackexithost_mappings(const char *exitname)
Definition: addressmap.c:175
int addressmap_rewrite(char *address, size_t maxlen, unsigned flags, time_t *expires_out, addressmap_entry_source_t *exit_source_out)
Definition: addressmap.c:384
STATIC void get_random_virtual_addr(const virtual_addr_conf_t *conf, tor_addr_t *addr_out)
Definition: addressmap.c:875
static void set_uint32(void *cp, uint32_t v)
Definition: bytes.h:82
static uint32_t get_uint32(const void *cp)
Definition: bytes.h:49
uint8_t maskbits_t
Definition: address.h:62
uint32_t dns_clip_ttl(uint32_t ttl)
Definition: dns.c:275
#define LD_APP
Definition: log.h:75
tor_assert(buffer)
Definition: addressmap.c:58
routerset_t * ExitNodes
Definition: or_options_st.h:72
void addressmap_get_mappings(smartlist_t *sl, time_t min_expires, time_t max_expires, int want_expiry)
Definition: addressmap.c:1115
int strcasecmpend(const char *s1, const char *s2)
Definition: util_string.c:255
void addressmap_init(void)
Definition: addressmap.c:91
static void addressmap_virtaddress_ent_free_(virtaddress_entry_t *ent)
Definition: addressmap.c:122
int tor_asprintf(char **strp, const char *fmt,...)
Definition: printf.c:75
struct smartlist_t * AutomapHostsSuffixes
static strmap_t * virtaddress_reversemap
Definition: addressmap.c:87
void tor_addr_from_ipv6_bytes(tor_addr_t *dest, const char *ipv6_bytes)
Definition: address.c:884
void smartlist_add_asprintf(struct smartlist_t *sl, const char *pattern,...)
Definition: smartlist.c:36
Master header file for Tor-specific functionality.
int client_dns_incr_failures(const char *address)
Definition: addressmap.c:638
static void addressmap_ent_remove(const char *address, addressmap_entry_t *ent)
Definition: addressmap.c:166
int tor_addr_parse_mask_ports(const char *s, unsigned flags, tor_addr_t *addr_out, maskbits_t *maskbits_out, uint16_t *port_min_out, uint16_t *port_max_out)
Definition: address.c:542
int tor_addr_parse(tor_addr_t *addr, const char *src)
Definition: address.c:1196
void addressmap_free_all(void)
Definition: addressmap.c:329
Header file for circuituse.c.
void tor_strlower(char *s)
Definition: util_string.c:127
void addressmap_clean(time_t now)
Definition: addressmap.c:321
int hostname_in_track_host_exits(const or_options_t *options, const char *address)
Definition: circuituse.c:2669
int address_is_in_virtual_range(const char *address)
Definition: addressmap.c:856
void addressmap_clear_configured(void)
Definition: addressmap.c:305
int addressmap_rewrite_reverse(char *address, size_t maxlen, unsigned flags, time_t *expires_out)
Definition: addressmap.c:504
void addressmap_register(const char *address, char *new_address, time_t expires, addressmap_entry_source_t source, const int wildcard_addr, const int wildcard_new_addr)
Definition: addressmap.c:577
static void addressmap_ent_free_(addressmap_entry_t *ent)
Definition: addressmap.c:102
Header file for connection_edge.c.
routerset_t * ExcludeExitNodesUnion_
Definition: or_options_st.h:93
void format_iso_time(char *buf, time_t t)
Definition: time_fmt.c:295
static char * addressmap_get_virtual_address(int type)
Definition: addressmap.c:921
int address_is_invalid_destination(const char *address, int client)
Definition: addressmap.c:1078
void client_dns_set_reverse_addressmap(entry_connection_t *for_conn, const char *address, const char *v, const char *exitname, int ttl)
Definition: addressmap.c:763
static strmap_t * addressmap
Definition: addressmap.c:75
static void client_dns_set_addressmap_impl(entry_connection_t *for_conn, const char *address, const char *name, const char *exitname, int ttl)
Definition: addressmap.c:678
int tor_addr_compare_masked(const tor_addr_t *addr1, const tor_addr_t *addr2, maskbits_t mbits, tor_addr_comparison_t how)
Definition: address.c:974
#define tor_addr_to_in6_addr8(x)
Definition: address.h:129
void addressmap_clear_excluded_trackexithosts(const or_options_t *options)
Definition: addressmap.c:198
void addressmap_clear_transient(void)
Definition: addressmap.c:312
Definition: addressmap.c:68
void tor_addr_copy(tor_addr_t *dest, const tor_addr_t *src)
Definition: address.c:903
int parse_virtual_addr_network(const char *val, sa_family_t family, int validate_only, char **msg)
Definition: addressmap.c:798
Header file for control_events.c.
const char * addressmap_register_virtual_address(int type, char *new_address)
Definition: addressmap.c:996
int control_event_address_mapped(const char *from, const char *to, time_t expires, const char *error, const int cached)
#define LD_BUG
Definition: log.h:83
Header file for dns.c.
#define LD_CONFIG
Definition: log.h:65
int routerset_is_empty(const routerset_t *set)
Definition: routerset.c:199
const char * escaped_safe_str_client(const char *address)
Definition: config.c:1103
void addressmap_clear_invalid_automaps(const or_options_t *options)
Definition: addressmap.c:272
static sa_family_t tor_addr_family(const tor_addr_t *a)
Definition: address.h:179
#define MAX_DNS_ENTRY_AGE
Definition: dns.h:22