Tor  0.4.5.0-alpha-dev
resolve_addr.c
Go to the documentation of this file.
1 /* Copyright (c) 2020, The Tor Project, Inc. */
2 /* See LICENSE for licensing information */
3 
4 /**
5  * \file resolve_addr.c
6  * \brief Implement resolving address functions
7  **/
8 
9 #define RESOLVE_ADDR_PRIVATE
10 
11 #include "app/config/config.h"
13 
14 #include "core/mainloop/mainloop.h"
15 
18 
19 #include "lib/encoding/confline.h"
20 #include "lib/net/gethostname.h"
21 #include "lib/net/resolve.h"
22 
23 /** Maximum "Address" statement allowed in our configuration. */
24 #define MAX_CONFIG_ADDRESS 2
25 
26 /** Ease our life. Arrays containing state per address family. These are to
27  * add semantic to the code so we know what is accessed. */
28 #define IDX_NULL 0 /* Index to zeroed address object. */
29 #define IDX_IPV4 1 /* Index to AF_INET. */
30 #define IDX_IPV6 2 /* Index to AF_INET6. */
31 #define IDX_SIZE 3 /* How many indexes do we have. */
32 
33 /** Function in our address function table return one of these code. */
34 typedef enum {
35  /* The address has been found. */
36  FN_RET_OK = 0,
37  /* The failure requirements were not met and thus it is recommended that the
38  * caller stops the search. */
39  FN_RET_BAIL = 1,
40  /* The address was not found or failure is transient so the caller should go
41  * to the next method. */
42  FN_RET_NEXT = 2,
44 
45 /** Last resolved addresses. */
47  { TOR_ADDR_NULL, TOR_ADDR_NULL, TOR_ADDR_NULL };
49 
50 /** Last suggested addresses.
51  *
52  * These addresses come from a NETINFO cell from a trusted relay (currently
53  * only authorities). We only use those in last resort. */
55  { TOR_ADDR_NULL, TOR_ADDR_NULL, TOR_ADDR_NULL };
57 
58 /** True iff the address was found to be configured that is from the
59  * configuration file either using Address or ORPort. */
60 static bool last_addrs_configured[] = { false, false, false };
62 
63 static inline int
64 af_to_idx(const int family)
65 {
66  switch (family) {
67  case AF_INET:
68  return IDX_IPV4;
69  case AF_INET6:
70  return IDX_IPV6;
71  default:
72  /* It wouldn't be safe to just die here with an assert but we can heavily
73  * scream with a bug. Return the index of the NULL address. */
75  return IDX_NULL;
76  }
77 }
78 
79 /** Return string representation of the given method. */
80 const char *
82 {
83  switch (method) {
84  case RESOLVED_ADDR_NONE:
85  return "NONE";
86  case RESOLVED_ADDR_CONFIGURED:
87  return "CONFIGURED";
88  case RESOLVED_ADDR_CONFIGURED_ORPORT:
89  return "CONFIGURED_ORPORT";
90  case RESOLVED_ADDR_GETHOSTNAME:
91  return "GETHOSTNAME";
92  case RESOLVED_ADDR_INTERFACE:
93  return "INTERFACE";
94  case RESOLVED_ADDR_RESOLVED:
95  return "RESOLVED";
96  default:
98  return "???";
99  }
100 }
101 
102 /** Return true if the last address of family was configured or not. An
103  * address is considered configured if it was found in the Address or ORPort
104  * statement.
105  *
106  * This applies to the address returned by the function
107  * resolved_addr_get_last() which is the cache of discovered addresses. */
108 bool
110 {
111  return last_addrs_configured[af_to_idx(family)];
112 }
113 
114 /** Copy the last suggested address of family into addr_out.
115  *
116  * If no last suggested address exists, the addr_out is a null address (use
117  * tor_addr_is_null() to confirm). */
118 void
120 {
121  tor_addr_copy(addr_out, &last_suggested_addrs[af_to_idx(family)]);
122 }
123 
124 /** Set the last suggested address into our cache. This is called when we get
125  * a new NETINFO cell from a trusted source. */
126 void
128 {
129  if (BUG(tor_addr_family(addr) != AF_INET &&
130  tor_addr_family(addr) != AF_INET6)) {
131  return;
132  }
134  addr);
135 }
136 
137 /** Copy the last resolved address of family into addr_out.
138  *
139  * If not last resolved address existed, the addr_out is a null address (use
140  * tor_addr_is_null()). */
141 void
142 resolved_addr_get_last(int family, tor_addr_t *addr_out)
143 {
144  tor_addr_copy(addr_out, &last_resolved_addrs[af_to_idx(family)]);
145 }
146 
147 /** Reset the last resolved address of family.
148  *
149  * This makes it null address. */
150 void
152 {
153  tor_addr_make_null(&last_resolved_addrs[af_to_idx(family)], family);
154 }
155 
156 /** Errors returned by address_can_be_used() in order for the caller to know
157  * why the address is denied or not. */
158 #define ERR_DEFAULT_DIRAUTH -1 /* Using default authorities. */
159 #define ERR_ADDRESS_IS_INTERNAL -2 /* IP is internal. */
160 
161 /** @brief Return true iff the given IP address can be used as a valid
162  * external resolved address.
163  *
164  * Two tests are done in this function:
165  * 1) If the address if NOT internal, it can be used.
166  * 2) If the address is internal and we have custom directory authorities
167  * configured then it can they be used. Important for testing networks.
168  *
169  * @param addr The IP address to validate.
170  * @param options Global configuration options.
171  * @param warn_severity Log level that should be used on error.
172  * @param explicit_ip Was the IP address explicitly given.
173  *
174  * @return Return 0 if it can be used. Return error code ERR_* found at the
175  * top of the file.
176  */
177 static int
178 address_can_be_used(const tor_addr_t *addr, const or_options_t *options,
179  int warn_severity, const bool explicit_ip)
180 {
181  tor_assert(addr);
182 
183  /* Public address, this is fine. */
184  if (!tor_addr_is_internal(addr, 0)) {
185  goto allow;
186  }
187 
188  /* We have a private IP address. It is allowed only if we set custom
189  * directory authorities. */
190  if (using_default_dir_authorities(options)) {
191  log_fn(warn_severity, LD_CONFIG,
192  "Address '%s' is a private IP address. Tor relays that use "
193  "the default DirAuthorities must have public IP addresses.",
194  fmt_addr(addr));
195  return ERR_DEFAULT_DIRAUTH;
196  }
197 
198  if (!explicit_ip) {
199  /* Even with custom directory authorities, only an explicit internal
200  * address is accepted. */
201  log_fn(warn_severity, LD_CONFIG,
202  "Address %s was resolved and thus not explicitly "
203  "set. Even if DirAuthorities are custom, this is "
204  "not allowed.", fmt_addr(addr));
205  return ERR_ADDRESS_IS_INTERNAL;
206  }
207 
208  allow:
209  return 0;
210 }
211 
212 /** @brief Get IP address from the given config line and for a specific address
213  * family.
214  *
215  * This can fail is more than two Address statement are found for the same
216  * address family. It also fails if no statement is found.
217  *
218  * @param options Global configuration options.
219  * @param warn_severity Log level that should be used on error.
220  * @param family IP address family. Only AF_INET and AF_INET6 are supported.
221  * @param method_out OUT: Method denoting how the address was found.
222  * This is described in the control-spec.txt as
223  * actions for "STATUS_SERVER".
224  * @param hostname_out OUT: String containing the hostname gotten from the
225  * Address value if any.
226  * @param addr_out OUT: Tor address of the address found in the cline or
227  * resolved from the cline.
228  *
229  * @return Return 0 on success that is an address has been found or resolved
230  * successfully. Return error code ERR_* found at the top of the file.
231  */
232 static fn_address_ret_t
233 get_address_from_config(const or_options_t *options, int warn_severity,
234  int family, resolved_addr_method_t *method_out,
235  char **hostname_out, tor_addr_t *addr_out)
236 {
237  int ret;
238  bool explicit_ip = false, resolve_failure = false;
239  int num_valid_addr = 0;
240 
241  tor_assert(options);
242  tor_assert(addr_out);
243  tor_assert(method_out);
244  tor_assert(hostname_out);
245 
246  /* Set them to NULL for safety reasons. */
247  *hostname_out = NULL;
248  *method_out = RESOLVED_ADDR_NONE;
249 
250  log_debug(LD_CONFIG, "Attempting to get address from configuration");
251 
252  if (!options->Address) {
253  log_info(LD_CONFIG, "No Address option found in configuration.");
254  /* No Address statement, inform caller to try next method. */
255  return FN_RET_NEXT;
256  }
257 
258  for (const config_line_t *cfg = options->Address; cfg != NULL;
259  cfg = cfg->next) {
260  int af;
261  tor_addr_t addr;
262 
263  af = tor_addr_parse(&addr, cfg->value);
264  if (af == family) {
265  tor_addr_copy(addr_out, &addr);
266  *method_out = RESOLVED_ADDR_CONFIGURED;
267  explicit_ip = true;
268  num_valid_addr++;
269  continue;
270  } else if (af != -1) {
271  /* Parsable address but just not the one from the family we want. Skip
272  * it so we don't attempt a resolve. */
273  continue;
274  }
275 
276  /* Not an IP address. Considering this value a hostname and attempting to
277  * do a DNS lookup. */
278  if (!tor_addr_lookup(cfg->value, family, &addr)) {
279  tor_addr_copy(addr_out, &addr);
280  *method_out = RESOLVED_ADDR_RESOLVED;
281  if (*hostname_out) {
282  tor_free(*hostname_out);
283  }
284  *hostname_out = tor_strdup(cfg->value);
285  explicit_ip = false;
286  num_valid_addr++;
287  continue;
288  } else {
289  /* Hostname that can't be resolved, this is a fatal error. */
290  resolve_failure = true;
291  log_fn(warn_severity, LD_CONFIG,
292  "Could not resolve local Address '%s'. Failing.", cfg->value);
293  continue;
294  }
295  }
296 
297  if (!num_valid_addr) {
298  if (resolve_failure) {
299  /* We found no address but we got a resolution failure. This means we
300  * can know if the hostname given was v4 or v6 so we can't continue. */
301  return FN_RET_BAIL;
302  }
303  log_info(LD_CONFIG,
304  "No Address option found for family %s in configuration.",
305  fmt_af_family(family));
306  /* No Address statement for family so move on to try next method. */
307  return FN_RET_NEXT;
308  }
309 
310  if (num_valid_addr >= MAX_CONFIG_ADDRESS) {
311  /* Too many Address for same family. This is a fatal error. */
312  log_fn(warn_severity, LD_CONFIG,
313  "Found %d Address statement of address family %s. "
314  "Only one is allowed.", num_valid_addr, fmt_af_family(family));
315  tor_free(*hostname_out);
316  return FN_RET_BAIL;
317  }
318 
319  /* Great, we found an address. */
320  ret = address_can_be_used(addr_out, options, warn_severity, explicit_ip);
321  if (ret != 0) {
322  /* One of the requirement of this interface is if an internal Address is
323  * used, custom authorities must be defined else it is a fatal error.
324  * Furthermore, if the Address was resolved to an internal interface, we
325  * stop immediately. */
326  tor_free(*hostname_out);
327  return FN_RET_BAIL;
328  }
329 
330  /* Address can be used. We are done. */
331  log_info(LD_CONFIG, "Address found in configuration: %s",
332  fmt_addr(addr_out));
333  return FN_RET_OK;
334 }
335 
336 /** @brief Get IP address from the local hostname by calling gethostbyname()
337  * and doing a DNS resolution on the hostname.
338  *
339  * @param options Global configuration options.
340  * @param warn_severity Log level that should be used on error.
341  * @param family IP address family. Only AF_INET and AF_INET6 are supported.
342  * @param method_out OUT: Method denoting how the address was found.
343  * This is described in the control-spec.txt as
344  * actions for "STATUS_SERVER".
345  * @param hostname_out OUT: String containing the local hostname.
346  * @param addr_out OUT: Tor address resolved from the local hostname.
347  *
348  * @return Return 0 on success that is an address has been found and resolved
349  * successfully. Return error code ERR_* found at the top of the file.
350  */
351 static fn_address_ret_t
352 get_address_from_hostname(const or_options_t *options, int warn_severity,
353  int family, resolved_addr_method_t *method_out,
354  char **hostname_out, tor_addr_t *addr_out)
355 {
356  int ret;
357  char hostname[256];
358 
359  tor_assert(addr_out);
360  tor_assert(method_out);
361 
362  /* Set them to NULL for safety reasons. */
363  *hostname_out = NULL;
364  *method_out = RESOLVED_ADDR_NONE;
365 
366  log_debug(LD_CONFIG, "Attempting to get address from local hostname");
367 
368  if (tor_gethostname(hostname, sizeof(hostname)) < 0) {
369  log_fn(warn_severity, LD_NET, "Error obtaining local hostname");
370  /* Unable to obtain the local hostname is a fatal error. */
371  return FN_RET_BAIL;
372  }
373  if (tor_addr_lookup(hostname, family, addr_out)) {
374  log_fn(warn_severity, LD_NET,
375  "Could not resolve local hostname '%s'. Failing.", hostname);
376  /* Unable to resolve, inform caller to try next method. */
377  return FN_RET_NEXT;
378  }
379 
380  ret = address_can_be_used(addr_out, options, warn_severity, false);
381  if (ret == ERR_DEFAULT_DIRAUTH) {
382  /* Non custom authorities, inform caller to try next method. */
383  return FN_RET_NEXT;
384  } else if (ret == ERR_ADDRESS_IS_INTERNAL) {
385  /* Internal address is a fatal error. */
386  return FN_RET_BAIL;
387  }
388 
389  /* addr_out contains the address of the local hostname. */
390  *method_out = RESOLVED_ADDR_GETHOSTNAME;
391  *hostname_out = tor_strdup(hostname);
392 
393  /* Found it! */
394  log_info(LD_CONFIG, "Address found from local hostname: %s",
395  fmt_addr(addr_out));
396  return FN_RET_OK;
397 }
398 
399 /** @brief Get IP address from a network interface.
400  *
401  * @param options Global configuration options.
402  * @param warn_severity Log level that should be used on error.
403  * @param family IP address family. Only AF_INET and AF_INET6 are supported.
404  * @param method_out OUT: Always RESOLVED_ADDR_INTERFACE on success which
405  * is detailed in the control-spec.txt as actions
406  * for "STATUS_SERVER".
407  * @param hostname_out OUT: String containing the local hostname. For this
408  * function, it is always set to NULL.
409  * @param addr_out OUT: Tor address found attached to the interface.
410  *
411  * @return Return 0 on success that is an address has been found. Return
412  * error code ERR_* found at the top of the file.
413  */
414 static fn_address_ret_t
415 get_address_from_interface(const or_options_t *options, int warn_severity,
416  int family, resolved_addr_method_t *method_out,
417  char **hostname_out, tor_addr_t *addr_out)
418 {
419  int ret;
420 
421  tor_assert(method_out);
422  tor_assert(hostname_out);
423  tor_assert(addr_out);
424 
425  /* Set them to NULL for safety reasons. */
426  *method_out = RESOLVED_ADDR_NONE;
427  *hostname_out = NULL;
428 
429  log_debug(LD_CONFIG, "Attempting to get address from network interface");
430 
431  if (get_interface_address6(warn_severity, family, addr_out) < 0) {
432  log_fn(warn_severity, LD_CONFIG,
433  "Could not get local interface IP address.");
434  /* Unable to get IP from interface. Inform caller to try next method. */
435  return FN_RET_NEXT;
436  }
437 
438  ret = address_can_be_used(addr_out, options, warn_severity, false);
439  if (ret < 0) {
440  /* Unable to use address. Inform caller to try next method. */
441  return FN_RET_NEXT;
442  }
443 
444  *method_out = RESOLVED_ADDR_INTERFACE;
445 
446  /* Found it! */
447  log_info(LD_CONFIG, "Address found from interface: %s", fmt_addr(addr_out));
448  return FN_RET_OK;
449 }
450 
451 /** @brief Get IP address from the ORPort (if any).
452  *
453  * @param options Global configuration options.
454  * @param warn_severity Log level that should be used on error.
455  * @param family IP address family. Only AF_INET and AF_INET6 are supported.
456  * @param method_out OUT: Always RESOLVED_ADDR_CONFIGURED_ORPORT on success
457  * which is detailed in the control-spec.txt as actions
458  * for "STATUS_SERVER".
459  * @param hostname_out OUT: String containing the ORPort hostname if any.
460  * @param addr_out OUT: Tor address found if any.
461  *
462  * @return Return 0 on success that is an address has been found. Return
463  * error code ERR_* found at the top of the file.
464  */
465 static fn_address_ret_t
466 get_address_from_orport(const or_options_t *options, int warn_severity,
467  int family, resolved_addr_method_t *method_out,
468  char **hostname_out, tor_addr_t *addr_out)
469 {
470  int ret;
471  const tor_addr_t *addr;
472 
473  tor_assert(method_out);
474  tor_assert(hostname_out);
475  tor_assert(addr_out);
476 
477  /* Set them to NULL for safety reasons. */
478  *method_out = RESOLVED_ADDR_NONE;
479  *hostname_out = NULL;
480 
481  log_debug(LD_CONFIG, "Attempting to get address from ORPort");
482 
483  if (!options->ORPort_set) {
484  log_info(LD_CONFIG, "No ORPort found in configuration.");
485  /* No ORPort statement, inform caller to try next method. */
486  return FN_RET_NEXT;
487  }
488 
489  /* Get ORPort for requested family. */
490  addr = get_orport_addr(family);
491  if (!addr) {
492  /* No address configured for the ORPort. Ignore. */
493  return FN_RET_NEXT;
494  }
495 
496  /* We found the ORPort address. Just make sure it can be used. */
497  ret = address_can_be_used(addr, options, warn_severity, true);
498  if (ret < 0) {
499  /* Unable to use address. Inform caller to try next method. */
500  return FN_RET_NEXT;
501  }
502 
503  /* Found it! */
504  *method_out = RESOLVED_ADDR_CONFIGURED_ORPORT;
505  tor_addr_copy(addr_out, addr);
506 
507  log_fn(warn_severity, LD_CONFIG, "Address found from ORPort: %s",
508  fmt_addr(addr_out));
509  return FN_RET_OK;
510 }
511 
512 /** @brief Set the last resolved address cache using the given address.
513  *
514  * A log notice is emitted if the given address has changed from before. Not
515  * emitted on first resolve.
516  *
517  * Control port event "STATUS_SERVER" is emitted with the new information if
518  * it has changed.
519  *
520  * Finally, tor is notified that the IP address has changed.
521  *
522  * @param addr IP address to update the cache with.
523  * @param method_used By which method did we resolved it (for logging and
524  * control port).
525  * @param hostname_used Which hostname was used. If none were used, it is
526  * NULL. (for logging and control port).
527  */
528 void
530  const resolved_addr_method_t method_used,
531  const char *hostname_used)
532 {
533  /** Have we done a first resolve. This is used to control logging. */
534  static bool have_resolved_once[] = { false, false, false };
535  CTASSERT(ARRAY_LENGTH(have_resolved_once) == IDX_SIZE);
536 
537  bool *done_one_resolve;
538  bool have_hostname = false;
539  tor_addr_t *last_resolved;
540 
541  tor_assert(addr);
542 
543  /* Do we have an hostname. */
544  have_hostname = (hostname_used != NULL);
545 
546  int idx = af_to_idx(tor_addr_family(addr));
547  if (idx == IDX_NULL) {
548  /* Not suppose to happen and if it does, af_to_idx() screams loudly. */
549  return;
550  }
551 
552  /* Get values from cache. */
553  done_one_resolve = &have_resolved_once[idx];
554  last_resolved = &last_resolved_addrs[idx];
555 
556  /* Same address last resolved. Ignore. */
557  if (tor_addr_eq(last_resolved, addr)) {
558  return;
559  }
560 
561  /* Don't log notice if this is the first resolve we do. */
562  if (*done_one_resolve) {
563  /* Leave this as a notice, regardless of the requested severity,
564  * at least until dynamic IP address support becomes bulletproof. */
565  log_notice(LD_NET,
566  "Your IP address seems to have changed to %s "
567  "(METHOD=%s%s%s). Updating.",
568  fmt_addr(addr),
569  resolved_addr_method_to_str(method_used),
570  have_hostname ? " HOSTNAME=" : "",
571  have_hostname ? hostname_used : "");
573  }
574 
575  /* Notify control port. */
577  "EXTERNAL_ADDRESS ADDRESS=%s METHOD=%s%s%s",
578  fmt_addr(addr),
579  resolved_addr_method_to_str(method_used),
580  have_hostname ? " HOSTNAME=" : "",
581  have_hostname ? hostname_used : "");
582  /* Copy address to cache. */
583  tor_addr_copy(last_resolved, addr);
584  *done_one_resolve = true;
585 
586  /* Flag true if the address was configured. Else, indicate it was not. */
587  last_addrs_configured[idx] = false;
588  if (method_used == RESOLVED_ADDR_CONFIGURED ||
589  method_used == RESOLVED_ADDR_CONFIGURED_ORPORT) {
590  last_addrs_configured[idx] = true;
591  }
592 }
593 
594 /** Ease our lives. Typedef to the address discovery function signature. */
596  (*fn_address_t)(
597  const or_options_t *options, int warn_severity, int family,
598  resolved_addr_method_t *method_out, char **hostname_out,
599  tor_addr_t *addr_out);
600 
601 /** Address discovery function table. The order matters as in the first one is
602  * executed first and so on. */
604 {
605  /* These functions are in order for our find address algorithm. */
610 };
611 /** Length of address table as in how many functions. */
612 static const size_t fn_address_table_len =
614 
615 /* Address discover function table for authorities (bridge or directory).
616  *
617  * They only discover their address from either the configuration file or the
618  * ORPort. They do not query the interface nor do any DNS resolution for
619  * security reasons. */
620 static const fn_address_t fn_address_table_auth[] =
621 {
622  /* These functions are in order for our find address algorithm. */
625 };
626 /** Length of address table as in how many functions. */
627 static const size_t fn_address_table_auth_len =
628  ARRAY_LENGTH(fn_address_table_auth);
629 
630 /** @brief Attempt to find our IP address that can be used as our external
631  * reachable address.
632  *
633  * The following describe the algorithm to find an address. Each have
634  * specific conditions so read carefully.
635  *
636  * On success, true is returned and depending on how the address was found,
637  * the out parameters can have different values.
638  *
639  * On error, false is returned and out parameters are set to NULL.
640  *
641  * 1. Look at the configuration Address option.
642 
643  * If Address is a public address, True is returned and addr_out is set
644  * with it, the method_out is set to RESOLVED_ADDR_CONFIGURED and
645  * hostname_out is set to NULL.
646  *
647  * If Address is an internal address but NO custom authorities are used,
648  * an error is returned.
649  *
650  * If Address is a hostname, that is it can't be converted to an address,
651  * it is resolved. On success, addr_out is set with the address,
652  * method_out is set to RESOLVED_ADDR_RESOLVED and hostname_out is set
653  * to the resolved hostname. On failure to resolve, an error is returned.
654  *
655  * If no given Address, fallback to the network interface (see section 2).
656  *
657  * 2. Look at the network interface.
658  *
659  * Attempt to find the first public usable address from the list of
660  * network interfaces returned by the OS.
661  *
662  * On failure, we attempt to look at the local hostname (3).
663  *
664  * On success, addr_out is set with it, method_out is set to
665  * RESOLVED_ADDR_INTERFACE and hostname_out is set to NULL.
666  *
667  * 3. Look at the local hostname.
668  *
669  * If the local hostname resolves to a non internal address, addr_out is
670  * set with it, method_out is set to RESOLVED_ADDR_GETHOSTNAME and
671  * hostname_out is set to the resolved hostname.
672  *
673  * If a local hostname can NOT be found, an error is returned.
674  *
675  * If the local hostname resolves to an internal address, an error is
676  * returned.
677  *
678  * If the local hostname can NOT be resolved, an error is returned.
679  *
680  * @param options Global configuration options.
681  * @param family IP address family. Only AF_INET and AF_INET6 are supported.
682  * @param warn_severity Logging level.
683  * @param addr_out OUT: Set with the IP address found if any.
684  * @param method_out OUT: (optional) Method denoting how the address wa
685  * found. This is described in the control-spec.txt as
686  * actions for "STATUS_SERVER".
687  * @param hostname_out OUT: String containing the hostname if any was used.
688  * Only be set for RESOLVED and GETHOSTNAME methods.
689  * Else it is set to NULL.
690  *
691  * @return True if the address was found for the given family. False if not or
692  * on errors.
693  */
694 bool
695 find_my_address(const or_options_t *options, int family, int warn_severity,
696  tor_addr_t *addr_out, resolved_addr_method_t *method_out,
697  char **hostname_out)
698 {
699  resolved_addr_method_t method_used = RESOLVED_ADDR_NONE;
700  char *hostname_used = NULL;
701  tor_addr_t my_addr;
702  const fn_address_t *table = fn_address_table;
703  size_t table_len = fn_address_table_len;
704 
705  tor_assert(options);
706  tor_assert(addr_out);
707 
708  /* Set them to NULL for safety reasons. */
709  tor_addr_make_unspec(addr_out);
710  if (method_out) *method_out = RESOLVED_ADDR_NONE;
711  if (hostname_out) *hostname_out = NULL;
712 
713  /* If an IPv6 is requested, check if IPv6 address discovery is disabled and
714  * if so we always return a failure. It is done here so we don't populate
715  * the resolve cache or do any DNS resolution. */
716  if (family == AF_INET6 && options->AddressDisableIPv6) {
717  return false;
718  }
719 
720  /* For authorities (bridge and directory), we use a different table. */
721  if (authdir_mode(options)) {
722  table = fn_address_table_auth;
723  table_len = fn_address_table_auth_len;
724  }
725 
726  /*
727  * Step 1: Discover address by calling methods from the function table.
728  */
729 
730  /* Go over the function table. They are in order. */
731  for (size_t idx = 0; idx < table_len; idx++) {
732  fn_address_ret_t ret = table[idx](options, warn_severity, family,
733  &method_used, &hostname_used, &my_addr);
734  if (ret == FN_RET_BAIL) {
735  return false;
736  } else if (ret == FN_RET_OK) {
737  goto found;
738  }
739  tor_assert(ret == FN_RET_NEXT);
740  }
741 
742  /* We've exhausted our attempts. Failure. */
743  log_fn(warn_severity, LD_CONFIG, "Unable to find our IP address.");
744  return false;
745 
746  found:
747  /*
748  * Step 2: Update last resolved address cache and inform the control port.
749  */
750  resolved_addr_set_last(&my_addr, method_used, hostname_used);
751 
752  if (method_out) {
753  *method_out = method_used;
754  }
755  if (hostname_out) {
756  *hostname_out = hostname_used;
757  } else {
758  tor_free(hostname_used);
759  }
760 
761  tor_addr_copy(addr_out, &my_addr);
762  return true;
763 }
764 
765 /** @brief: Return true iff the given addr is judged to be local to our
766  * resolved address.
767  *
768  * This function is used to tell whether another address is 'remote' enough
769  * that we can trust it when it tells us that we are reachable, or that we
770  * have a certain address.
771  *
772  * The criterion to learn if the address is local are the following:
773  *
774  * 1. Internal address.
775  * 2. If EnforceDistinctSubnets is set then it is never local.
776  * 3. Network mask is compared. IPv4: /24 and IPv6 /48. This is different
777  * from the path selection that looks at /16 and /32 because we only
778  * want to learn here if the address is considered to come from the
779  * Internet basically.
780  *
781  * @param addr The address to test if local and also test against our resovled
782  * address.
783  *
784  * @return True iff address is considered local or else False.
785  */
786 MOCK_IMPL(bool,
788 {
789  const int family = tor_addr_family(addr);
790  const tor_addr_t *last_resolved_addr =
791  &last_resolved_addrs[af_to_idx(family)];
792 
793  /* Internal address is always local. */
794  if (tor_addr_is_internal(addr, 0)) {
795  return true;
796  }
797 
798  /* Address is not local if we don't enforce subnet distinction. */
799  if (get_options()->EnforceDistinctSubnets == 0) {
800  return false;
801  }
802 
803  switch (family) {
804  case AF_INET:
805  /* It's possible that this next check will hit before the first time
806  * find_my_address actually succeeds. For clients, it is likely that
807  * find_my_address will never be called at all. In those cases,
808  * last_resolved_addr_v4 will be 0, and so checking to see whether ip is
809  * on the same /24 as last_resolved_addrs[AF_INET] will be the same as
810  * checking whether it was on net 0, which is already done by
811  * tor_addr_is_internal. */
812  return tor_addr_compare_masked(addr, last_resolved_addr, 24,
813  CMP_SEMANTIC) == 0;
814  case AF_INET6:
815  /* Look at /48 because it is typically the smallest network in the global
816  * IPv6 routing tables, and it was previously the recommended per-customer
817  * network block. (See [RFC 6177: IPv6 End Site Address Assignment].) */
818  return tor_addr_compare_masked(addr, last_resolved_addr, 48,
819  CMP_SEMANTIC) == 0;
820  break;
821  default:
822  /* Unknown address type so not local. */
823  return false;
824  }
825 }
826 
827 #ifdef TOR_UNIT_TESTS
828 
829 void
830 resolve_addr_reset_suggested(int family)
831 {
832  tor_addr_make_unspec(&last_suggested_addrs[af_to_idx(family)]);
833 }
834 
835 #endif /* TOR_UNIT_TESTS */
log_fn
#define log_fn(severity, domain, args,...)
Definition: log.h:283
get_interface_address6
int get_interface_address6(int severity, sa_family_t family, tor_addr_t *addr)
Definition: address.c:1723
tor_free
#define tor_free(p)
Definition: malloc.h:52
tor_addr_family
static sa_family_t tor_addr_family(const tor_addr_t *a)
Definition: address.h:187
last_suggested_addrs
static tor_addr_t last_suggested_addrs[]
Definition: resolve_addr.c:54
tor_addr_make_null
void tor_addr_make_null(tor_addr_t *a, sa_family_t family)
Definition: address.c:235
resolved_addr_reset_last
void resolved_addr_reset_last(int family)
Definition: resolve_addr.c:151
tor_addr_t
Definition: address.h:69
LOG_NOTICE
#define LOG_NOTICE
Definition: log.h:50
MOCK_IMPL
#define MOCK_IMPL(rv, funcname, arglist)
Definition: testsupport.h:133
tor_assert
#define tor_assert(expr)
Definition: util_bug.h:102
last_addrs_configured
static bool last_addrs_configured[]
Definition: resolve_addr.c:60
tor_addr_lookup
int tor_addr_lookup(const char *name, uint16_t family, tor_addr_t *addr)
Definition: resolve.c:190
find_my_address
bool find_my_address(const or_options_t *options, int family, int warn_severity, tor_addr_t *addr_out, resolved_addr_method_t *method_out, char **hostname_out)
Attempt to find our IP address that can be used as our external reachable address.
Definition: resolve_addr.c:695
tor_addr_make_unspec
void tor_addr_make_unspec(tor_addr_t *a)
Definition: address.c:225
get_address_from_interface
static fn_address_ret_t get_address_from_interface(const or_options_t *options, int warn_severity, int family, resolved_addr_method_t *method_out, char **hostname_out, tor_addr_t *addr_out)
Get IP address from a network interface.
Definition: resolve_addr.c:415
resolved_addr_method_t
resolved_addr_method_t
Definition: resolve_addr.h:19
resolved_addr_is_configured
bool resolved_addr_is_configured(int family)
Definition: resolve_addr.c:109
get_address_from_orport
static fn_address_ret_t get_address_from_orport(const or_options_t *options, int warn_severity, int family, resolved_addr_method_t *method_out, char **hostname_out, tor_addr_t *addr_out)
Get IP address from the ORPort (if any).
Definition: resolve_addr.c:466
gethostname.h
Header for gethostname.c.
mainloop.h
Header file for mainloop.c.
resolved_addr_get_suggested
void resolved_addr_get_suggested(int family, tor_addr_t *addr_out)
Definition: resolve_addr.c:119
resolve.h
Header for resolve.c.
tor_assert_nonfatal_unreached
#define tor_assert_nonfatal_unreached()
Definition: util_bug.h:176
control_event_server_status
int control_event_server_status(int severity, const char *format,...)
Definition: control_events.c:1778
ERR_DEFAULT_DIRAUTH
#define ERR_DEFAULT_DIRAUTH
Definition: resolve_addr.c:158
get_address_from_hostname
static fn_address_ret_t get_address_from_hostname(const or_options_t *options, int warn_severity, int family, resolved_addr_method_t *method_out, char **hostname_out, tor_addr_t *addr_out)
Get IP address from the local hostname by calling gethostbyname() and doing a DNS resolution on the h...
Definition: resolve_addr.c:352
authmode.h
Header file for directory authority mode.
resolved_addr_set_last
void resolved_addr_set_last(const tor_addr_t *addr, const resolved_addr_method_t method_used, const char *hostname_used)
Set the last resolved address cache using the given address.
Definition: resolve_addr.c:529
LD_CONFIG
#define LD_CONFIG
Definition: log.h:68
CTASSERT
#define CTASSERT(x)
Definition: ctassert.h:44
last_resolved_addrs
static tor_addr_t last_resolved_addrs[]
Definition: resolve_addr.c:46
tor_addr_parse
int tor_addr_parse(tor_addr_t *addr, const char *src)
Definition: address.c:1349
ARRAY_LENGTH
#define ARRAY_LENGTH(x)
Definition: compat_compiler.h:222
fmt_addr
#define fmt_addr(a)
Definition: address.h:239
fn_address_table_auth_len
static const size_t fn_address_table_auth_len
Definition: resolve_addr.c:627
control_events.h
Header file for control_events.c.
get_options
const or_options_t * get_options(void)
Definition: config.c:929
MAX_CONFIG_ADDRESS
#define MAX_CONFIG_ADDRESS
Definition: resolve_addr.c:24
resolve_addr.h
Header file for resolve_addr.c.
resolved_addr_set_suggested
void resolved_addr_set_suggested(const tor_addr_t *addr)
Definition: resolve_addr.c:127
fn_address_table_len
static const size_t fn_address_table_len
Definition: resolve_addr.c:612
IDX_NULL
#define IDX_NULL
Definition: resolve_addr.c:28
confline.h
Header for confline.c.
ip_address_changed
void ip_address_changed(int on_client_conn)
Definition: mainloop.c:2283
or_options_t::AddressDisableIPv6
int AddressDisableIPv6
Definition: or_options_st.h:104
fn_address_ret_t
fn_address_ret_t
Definition: resolve_addr.c:34
tor_gethostname
int tor_gethostname(char *name, size_t namelen)
Definition: gethostname.c:27
fmt_af_family
const char * fmt_af_family(sa_family_t family)
Definition: address.c:1246
fn_address_table
static const fn_address_t fn_address_table[]
Definition: resolve_addr.c:603
config_line_t
Definition: confline.h:29
config.h
Header file for config.c.
address_can_be_used
static int address_can_be_used(const tor_addr_t *addr, const or_options_t *options, int warn_severity, const bool explicit_ip)
Return true iff the given IP address can be used as a valid external resolved address.
Definition: resolve_addr.c:178
LD_NET
#define LD_NET
Definition: log.h:66
or_options_t::Address
struct config_line_t * Address
Definition: or_options_st.h:100
get_address_from_config
static fn_address_ret_t get_address_from_config(const or_options_t *options, int warn_severity, int family, resolved_addr_method_t *method_out, char **hostname_out, tor_addr_t *addr_out)
Get IP address from the given config line and for a specific address family.
Definition: resolve_addr.c:233
or_options_t
Definition: or_options_st.h:64
is_local_to_resolve_addr
bool is_local_to_resolve_addr(const tor_addr_t *addr)
: Return true iff the given addr is judged to be local to our resolved address.
Definition: resolve_addr.c:787
resolved_addr_get_last
void resolved_addr_get_last(int family, tor_addr_t *addr_out)
Definition: resolve_addr.c:142
tor_addr_compare_masked
int tor_addr_compare_masked(const tor_addr_t *addr1, const tor_addr_t *addr2, maskbits_t mbits, tor_addr_comparison_t how)
Definition: address.c:1005
tor_addr_eq
#define tor_addr_eq(a, b)
Definition: address.h:280
fn_address_t
fn_address_ret_t(* fn_address_t)(const or_options_t *options, int warn_severity, int family, resolved_addr_method_t *method_out, char **hostname_out, tor_addr_t *addr_out)
Definition: resolve_addr.c:596
authdir_mode
int authdir_mode(const or_options_t *options)
Definition: authmode.c:25
tor_addr_copy
void tor_addr_copy(tor_addr_t *dest, const tor_addr_t *src)
Definition: address.c:933
resolved_addr_method_to_str
const char * resolved_addr_method_to_str(const resolved_addr_method_t method)
Definition: resolve_addr.c:81