Tor  0.4.7.0-alpha-dev
relay_find_addr.c
Go to the documentation of this file.
1 /* Copyright (c) 2001-2021, The Tor Project, Inc. */
2 /* See LICENSE for licensing information */
3 
4 /**
5  * \file relay_find_addr.c
6  * \brief Implement mechanism for a relay to find its address.
7  **/
8 
9 #include "core/or/or.h"
10 
11 #include "app/config/config.h"
13 
14 #include "core/mainloop/mainloop.h"
15 #include "core/or/circuitlist.h"
16 #include "core/or/circuituse.h"
17 #include "core/or/extendinfo.h"
18 
26 #include "feature/relay/router.h"
28 
29 /** Consider the address suggestion suggested_addr as a possible one to use as
30  * our address.
31  *
32  * This is called when a valid NETINFO cell is received containing a candidate
33  * for our address or when a directory sends us back the X-Your-Address-Is
34  * header.
35  *
36  * The suggested address is ignored if it does NOT come from a trusted source.
37  * At the moment, we only look a trusted directory authorities.
38  *
39  * The suggested address is ignored if it is internal or it is the same as the
40  * given peer_addr which is the address from the endpoint that sent the
41  * NETINFO cell.
42  *
43  * The identity_digest is NULL if this is an address suggested by a directory
44  * since this is a plaintext connection.
45  *
46  * The suggested address is set in our suggested address cache if everything
47  * passes. */
48 void
50  const tor_addr_t *peer_addr,
51  const char *identity_digest)
52 {
53  const or_options_t *options = get_options();
54 
55  tor_assert(suggested_addr);
56  tor_assert(peer_addr);
57 
58  /* Non server should just ignore this suggestion. Clients don't need to
59  * learn their address let alone cache it. */
60  if (!server_mode(options)) {
61  return;
62  }
63 
64  /* Is the peer a trusted source? Ignore anything coming from non trusted
65  * source. In this case, we only look at trusted directory authorities. */
66  if (!router_addr_is_trusted_dir(peer_addr) ||
67  (identity_digest && !router_digest_is_trusted_dir(identity_digest))) {
68  return;
69  }
70 
71  /* Ignore a suggestion that is an internal address or the same as the one
72  * the peer address. */
73  if (tor_addr_is_internal(suggested_addr, 0)) {
74  /* Do not believe anyone who says our address is internal. */
75  return;
76  }
77  if (tor_addr_eq(suggested_addr, peer_addr)) {
78  /* Do not believe anyone who says our address is their address. */
79  log_fn(LOG_PROTOCOL_WARN, LD_PROTOCOL,
80  "A relay endpoint %s is telling us that their address is ours.",
81  fmt_addr(peer_addr));
82  return;
83  }
84 
85  /* Save the suggestion in our cache. */
86  resolved_addr_set_suggested(suggested_addr);
87 }
88 
89 /** Find our address to be published in our descriptor. Three places are
90  * looked at:
91  *
92  * 1. Resolved cache. Populated by find_my_address() during the relay
93  * periodic event that attempts to learn if our address has changed.
94  *
95  * 2. If flags is set with RELAY_FIND_ADDR_CACHE_ONLY, only the resolved
96  * and suggested cache are looked at. No address discovery will be done.
97  *
98  * 3. Finally, if all fails, use the suggested address cache which is
99  * populated by the NETINFO cell content or HTTP header from a
100  * directory.
101  *
102  * The AddressDisableIPv6 is checked here for IPv6 address discovery and if
103  * set, false is returned and addr_out is UNSPEC.
104  *
105  * Before doing any discovery, the configuration is checked for an ORPort of
106  * the given family. If none can be found, false is returned and addr_out is
107  * UNSPEC.
108  *
109  * Return true on success and addr_out contains the address to use for the
110  * given family. On failure to find the address, false is returned and
111  * addr_out is set to an AF_UNSPEC address. */
112 MOCK_IMPL(bool,
113 relay_find_addr_to_publish, (const or_options_t *options, int family,
114  int flags, tor_addr_t *addr_out))
115 {
116  tor_assert(options);
117  tor_assert(addr_out);
118 
119  tor_addr_make_unspec(addr_out);
120 
121  /* If an IPv6 is requested, check if IPv6 address discovery is disabled on
122  * this instance. If so, we return a failure. It is done here so we don't
123  * query the suggested cache that might be populated with an IPv6. */
124  if (family == AF_INET6 && options->AddressDisableIPv6) {
125  return false;
126  }
127 
128  /* There is no point on attempting an address discovery to publish if we
129  * don't have an ORPort for this family. */
130  if (!routerconf_find_or_port(options, family)) {
131  return false;
132  }
133 
134  /* First, check our resolved address cache. It should contain the address
135  * we've discovered from the periodic relay event. */
136  resolved_addr_get_last(family, addr_out);
137  if (!tor_addr_is_null(addr_out)) {
138  goto found;
139  }
140 
141  /* Second, attempt to find our address. The following can do a DNS resolve
142  * thus only do it when the no cache only flag is flipped. */
143  if (!(flags & RELAY_FIND_ADDR_CACHE_ONLY)) {
144  if (find_my_address(options, family, LOG_INFO, addr_out, NULL, NULL)) {
145  goto found;
146  }
147  }
148 
149  /* Third, consider address from our suggestion cache. */
150  resolved_addr_get_suggested(family, addr_out);
151  if (!tor_addr_is_null(addr_out)) {
152  goto found;
153  }
154 
155  /* No publishable address was found even though we have an ORPort thus
156  * print a notice log so operator can notice. We'll do that every hour so
157  * it is not too spammy but enough so operators address the issue. */
158  static ratelim_t rlim = RATELIM_INIT(3600);
160  "Unable to find %s address for ORPort %u. "
161  "You might want to specify %sOnly to it or set an "
162  "explicit address or set Address.",
163  fmt_af_family(family),
164  routerconf_find_or_port(options, family),
165  (family == AF_INET) ? fmt_af_family(AF_INET6) :
166  fmt_af_family(AF_INET));
167 
168  /* Not found. */
169  return false;
170 
171  found:
172  return true;
173 }
174 
175 /** How often should we launch a circuit to an authority to be sure of getting
176  * a guess for our IP? */
177 #define DUMMY_DOWNLOAD_INTERVAL (20*60)
178 
179 void
180 relay_addr_learn_from_dirauth(void)
181 {
182  static time_t last_dummy_circuit = 0;
183  const or_options_t *options = get_options();
184  time_t now = time(NULL);
185  bool have_addr;
186  tor_addr_t addr_out;
187 
188  /* This dummy circuit only matter for relays. */
189  if (BUG(!server_mode(options))) {
190  return;
191  }
192 
193  /* Lookup the address cache to learn if we have a good usable address. We
194  * still force relays to have an IPv4 so that alone is enough to learn if we
195  * need a lookup. In case we don't have one, we might want to attempt a
196  * dummy circuit to learn our address as a suggestion from an authority. */
197  have_addr = relay_find_addr_to_publish(options, AF_INET,
198  RELAY_FIND_ADDR_CACHE_ONLY,
199  &addr_out);
200 
201  /* If we're a relay or bridge for which we were unable to discover our
202  * public address, we rely on learning our address from a directory
203  * authority from the NETINFO cell. */
204  if (!have_addr && last_dummy_circuit + DUMMY_DOWNLOAD_INTERVAL < now) {
205  last_dummy_circuit = now;
206 
208  if (BUG(!rs)) {
209  /* We should really always have trusted directories configured at this
210  * stage. They are loaded early either from default list or the one
211  * given in the configuration file. */
212  return;
213  }
214  const node_t *node = node_get_by_id(rs->identity_digest);
215  if (!node) {
216  /* This can happen if we are still in the early starting stage where no
217  * descriptors we actually fetched and thus we have the routerstatus_t
218  * for the authority but not its descriptor which is needed to build a
219  * circuit and thus learn our address. */
220  log_info(LD_GENERAL, "Can't build a circuit to an authority. Unable to "
221  "learn for now our address from them.");
222  return;
223  }
224  extend_info_t *ei = extend_info_from_node(node, 1);
225  if (BUG(!ei)) {
226  return;
227  }
228 
229  log_debug(LD_GENERAL, "Attempting dummy testing circuit to an authority "
230  "in order to learn our address.");
231 
232  /* Launch a one-hop testing circuit to a trusted authority so we can learn
233  * our address through the NETINFO cell. */
237  extend_info_free(ei);
238  }
239 }
void tor_addr_make_unspec(tor_addr_t *a)
Definition: address.c:225
const char * fmt_af_family(sa_family_t family)
Definition: address.c:1246
int tor_addr_is_null(const tor_addr_t *addr)
Definition: address.c:780
#define fmt_addr(a)
Definition: address.h:239
#define tor_addr_eq(a, b)
Definition: address.h:280
Header file for circuitlist.c.
#define CIRCUIT_PURPOSE_TESTING
Definition: circuitlist.h:118
origin_circuit_t * circuit_launch_by_extend_info(uint8_t purpose, extend_info_t *extend_info, int flags)
Definition: circuituse.c:2100
Header file for circuituse.c.
#define CIRCLAUNCH_ONEHOP_TUNNEL
Definition: circuituse.h:39
#define CIRCLAUNCH_IS_INTERNAL
Definition: circuituse.h:46
const or_options_t * get_options(void)
Definition: config.c:919
Header file for config.c.
Header file for control_events.c.
Client/server directory connection structure.
Header file for dirlist.c.
extend_info_t * extend_info_from_node(const node_t *node, int for_direct_connect)
Definition: extendinfo.c:92
Header for core/or/extendinfo.c.
#define log_fn(severity, domain, args,...)
Definition: log.h:283
#define log_fn_ratelim(ratelim, severity, domain, args,...)
Definition: log.h:288
#define LD_PROTOCOL
Definition: log.h:72
#define LD_GENERAL
Definition: log.h:62
#define LOG_NOTICE
Definition: log.h:50
#define LD_CONFIG
Definition: log.h:68
#define LOG_INFO
Definition: log.h:45
Header file for mainloop.c.
const routerstatus_t * router_pick_trusteddirserver(dirinfo_type_t type, int flags)
Definition: node_select.c:1040
Header file for node_select.c.
const node_t * node_get_by_id(const char *identity_digest)
Definition: nodelist.c:226
Header file for nodelist.c.
Master header file for Tor-specific functionality.
@ V3_DIRINFO
Definition: or.h:788
bool relay_find_addr_to_publish(const or_options_t *options, int family, int flags, tor_addr_t *addr_out)
void relay_address_new_suggestion(const tor_addr_t *suggested_addr, const tor_addr_t *peer_addr, const char *identity_digest)
#define DUMMY_DOWNLOAD_INTERVAL
Header file for relay_find_addr.c.
void resolved_addr_set_suggested(const tor_addr_t *addr)
Definition: resolve_addr.c:127
bool find_my_address(const or_options_t *options, int family, int warn_severity, tor_addr_t *addr_out, resolved_addr_method_t *method_out, char **hostname_out)
Attempt to find our IP address that can be used as our external reachable address.
Definition: resolve_addr.c:727
void resolved_addr_get_suggested(int family, tor_addr_t *addr_out)
Definition: resolve_addr.c:119
void resolved_addr_get_last(int family, tor_addr_t *addr_out)
Definition: resolve_addr.c:150
Header file for resolve_addr.c.
uint16_t routerconf_find_or_port(const or_options_t *options, sa_family_t family)
Definition: router.c:1502
Header file for router.c.
int server_mode(const or_options_t *options)
Definition: routermode.c:34
Header file for routermode.c.
Routerstatus (consensus entry) structure.
Definition: node_st.h:34
int AddressDisableIPv6
char identity_digest[DIGEST_LEN]
#define MOCK_IMPL(rv, funcname, arglist)
Definition: testsupport.h:133
#define tor_assert(expr)
Definition: util_bug.h:102