73#include "core/or/or_circuit_st.h"
82#include <event2/event.h>
83#include <event2/dns.h>
87#define RESOLVE_MAX_TIMEOUT 300
107 const char *hostname,
117#ifdef DEBUG_DNS_CACHE
118static void assert_cache_ok_(
void);
119#define assert_cache_ok() assert_cache_ok_()
121#define assert_cache_ok() STMT_NIL
129static uint64_t n_ipv6_requests_made = 0;
131static uint64_t n_ipv6_timeouts = 0;
133static int dns_is_broken_for_ipv6 = 0;
146static inline unsigned int
149 return (
unsigned) siphash24g((
const uint8_t*)a->
address, strlen(a->
address));
161 HT_INIT(cache_map, &cache_root);
169 static int all_down = 0;
173 log_info(LD_EXIT,
"eventdns: Resolve requested.");
178 if (!
strcmpstart(msg,
"Nameserver ") && (cp=strstr(msg,
" has failed: "))) {
179 char *ns = tor_strndup(msg+11, cp-(msg+11));
180 const char *colon = strchr(cp,
':');
182 const char *err = colon+2;
188 "NAMESERVER_STATUS NS=%s STATUS=DOWN ERR=%s",
192 (cp=strstr(msg,
" is back up"))) {
193 char *ns = tor_strndup(msg+11, cp-(msg+11));
197 "NAMESERVER_STATUS NS=%s STATUS=UP", ns);
199 }
else if (!strcmp(msg,
"All nameservers have failed")) {
202 }
else if (!
strcmpstart(msg,
"Address mismatch on received DNS")) {
203 static ratelim_t mismatch_limit = RATELIM_INIT(3600);
204 const char *src = strstr(msg,
" Apparent source");
209 "eventdns: Received a DNS packet from "
210 "an IP address to which we did not send a request. This "
211 "could be a DNS spoofing attempt, or some kind of "
212 "misconfiguration.%s", src);
215 tor_log(severity, LD_EXIT,
"eventdns: %s", msg);
253 log_err(
LD_BUG,
"Couldn't create an evdns_base");
292 r->
magic = 0xFF00FF00;
303 if (a->
expire < b->expire)
305 else if (a->
expire == b->expire)
320 const char *answer_hostname,
323 if (query_type == DNS_PTR) {
327 if (dns_result == DNS_ERR_NONE && answer_hostname) {
328 resolve->result_ptr.hostname = tor_strdup(answer_hostname);
335 }
else if (query_type == DNS_IPv4_A) {
339 if (dns_result == DNS_ERR_NONE && answer_addr &&
348 }
else if (query_type == DNS_IPv6_AAAA) {
352 if (dns_result == DNS_ERR_NONE && answer_addr &&
383 resolve->
expire = expires;
403 for (ptr = HT_START(cache_map, &cache_root); ptr != NULL; ptr = next) {
405 next = HT_NEXT_RMV(cache_map, &cache_root, ptr);
408 HT_CLEAR(cache_map, &cache_root);
429 if (resolve->
expire > now)
437 "Expiring a dns resolve %s that's still pending. Forgot to "
438 "cull it? DNS resolve didn't tell us about the timeout?",
442 "Forgetting old cached resolve (address %s, expires %lu)",
444 (
unsigned long)resolve->
expire);
453 "Closing pending connections on timed-out DNS resolve!");
459 pendconn = pend->conn;
473 removed = HT_REMOVE(cache_map, &cache_root, resolve);
474 if (removed != resolve) {
475 log_err(
LD_BUG,
"The expired resolve we purged didn't match any in"
476 " the cache. Tried to purge %s (%p); instead got %s (%p).",
477 resolve->
address, (
void*)resolve,
478 removed ? removed->
address :
"NULL", (
void*)removed);
487 tor_free(resolve->result_ptr.hostname);
488 resolve->
magic = 0xF0BBF0BB;
497#define RESOLVED_TYPE_AUTO 0xff
515 buf[0] = answer_type;
520 case RESOLVED_TYPE_AUTO:
522 cp[0] = RESOLVED_TYPE_IPV4;
530 cp[0] = RESOLVED_TYPE_IPV6;
532 memcpy(cp+2, bytes, 16);
540 answer_type = RESOLVED_TYPE_ERROR;
544 case RESOLVED_TYPE_ERROR_TRANSIENT:
545 case RESOLVED_TYPE_ERROR:
547 const char *errmsg =
"Error resolving hostname";
548 size_t msglen = strlen(errmsg);
550 buf[0] = answer_type;
552 strlcpy(buf+2, errmsg,
sizeof(buf)-2);
576 const char *hostname))
585 size_t namelen = strlen(hostname);
590 buf[0] = RESOLVED_TYPE_HOSTNAME;
591 buf[1] = (uint8_t)namelen;
592 memcpy(buf+2, hostname, namelen);
594 buflen = 2+namelen+4;
630 int made_connection_pending = 0;
631 char *hostname = NULL;
636 &made_connection_pending, &resolve);
671 (r == -1) ? RESOLVED_TYPE_ERROR : RESOLVED_TYPE_ERROR_TRANSIENT,
712 int *made_connection_pending_out,
720 time_t now = time(NULL);
726 *made_connection_pending_out = 0;
747 tor_log(LOG_PROTOCOL_WARN, LD_EXIT,
748 "Rejecting invalid destination address %s",
765 AF_UNSPEC, 0)) != 0) {
768 if (tor_addr_is_internal(&addr, 0))
772 if (!is_reverse || !is_resolve) {
774 log_info(LD_EXIT,
"Bad .in-addr.arpa address %s; sending error.",
776 else if (!is_resolve)
778 "Attempt to connect to a .in-addr.arpa address %s; "
791 resolve = HT_FIND(cache_map, &cache_root, &search);
792 if (resolve && resolve->
expire > now) {
793 switch (resolve->
state) {
796 pending_connection = tor_malloc_zero(
798 pending_connection->conn = exitconn;
801 *made_connection_pending_out = 1;
802 log_debug(LD_EXIT,
"Connection (fd "TOR_SOCKET_T_FORMAT
") waiting "
803 "for pending DNS resolve of %s", exitconn->base_.
s,
807 log_debug(LD_EXIT,
"Connection (fd "TOR_SOCKET_T_FORMAT
") found "
808 "cached answer for %s",
812 *resolve_out = resolve;
816 log_err(
LD_BUG,
"Found a 'DONE' dns resolve still in the cache.");
831 pending_connection->conn = exitconn;
833 *made_connection_pending_out = 1;
836 HT_INSERT(cache_map, &cache_root, resolve);
839 log_debug(LD_EXIT,
"Launching %s.",
865 char **hostname_out))
867 int ipv4_ok, ipv6_ok, answer_with_ipv4, r;
868 uint32_t begincell_flags;
876 *hostname_out = tor_strdup(resolve->result_ptr.hostname);
888 begincell_flags = exitconn->begincell_flags;
898 if (ipv4_ok && ipv6_ok && is_resolve) {
899 answer_with_ipv4 = 1;
900 }
else if (ipv4_ok && ipv6_ok) {
902 const uint16_t port = exitconn->base_.
port;
903 int ipv4_allowed, ipv6_allowed;
909 if (ipv4_allowed && !ipv6_allowed) {
910 answer_with_ipv4 = 1;
911 }
else if (ipv6_allowed && !ipv4_allowed) {
912 answer_with_ipv4 = 0;
916 answer_with_ipv4 = !(begincell_flags &
922 answer_with_ipv4 = 1;
923 }
else if (ipv6_ok) {
924 answer_with_ipv4 = 0;
927 answer_with_ipv4 = !(begincell_flags &
934 if (answer_with_ipv4) {
968 resolve = HT_FIND(cache_map, &cache_root, &search);
976 HT_FOREACH(resolve, cache_map, &cache_root) {
977 for (pend = (*resolve)->pending_connections; pend; pend = pend->next) {
998 resolve = HT_FIND(cache_map, &cache_root, &search);
1000 log_notice(
LD_BUG,
"Address %s is not pending. Dropping.",
1010 if (pend->conn == conn) {
1013 log_debug(LD_EXIT,
"First connection (fd "TOR_SOCKET_T_FORMAT
") no "
1014 "longer waiting for resolve of %s",
1019 for ( ; pend->next; pend = pend->next) {
1020 if (pend->next->conn == conn) {
1021 victim = pend->next;
1022 pend->next = victim->next;
1025 "Connection (fd "TOR_SOCKET_T_FORMAT
") no longer waiting "
1026 "for resolve of %s",
1031 log_warn(
LD_BUG,
"Connection (fd "TOR_SOCKET_T_FORMAT
") was not waiting "
1032 "for a resolve of %s, but we tried to remove it.",
1052 resolve = HT_FIND(cache_map, &cache_root, &search);
1062 "Address %s is not pending but has pending connections!",
1071 "Address %s is pending but has no pending connections!",
1080 "Failing all connections waiting on DNS resolve of %s",
1085 pendconn = pend->conn;
1100 tmp = HT_REMOVE(cache_map, &cache_root, resolve);
1101 if (tmp != resolve) {
1102 log_err(
LD_BUG,
"The cancelled resolve we purged didn't match any in"
1103 " the cache. Tried to purge %s (%p); instead got %s (%p).",
1104 resolve->
address, (
void*)resolve,
1105 tmp ? tmp->
address :
"NULL", (
void*)tmp);
1135 const char *hostname, uint32_t ttl)
1144 resolve = HT_FIND(cache_map, &cache_root, &search);
1148 log_info(LD_EXIT,
"Resolved unasked address %s; ignoring.",
1160 "Resolved %s which was already resolved; ignoring",
1166 cached_resolve_add_answer(resolve, query_type, dns_answer,
1167 addr, hostname, ttl);
1192 char *hostname = NULL;
1194 pendconn = pend->conn;
1219 RESOLVED_TYPE_ERROR : RESOLVED_TYPE_ERROR_TRANSIENT,
1275 removed = HT_REMOVE(cache_map, &cache_root, resolve);
1276 if (removed != resolve) {
1277 log_err(
LD_BUG,
"The pending resolve we found wasn't removable from"
1278 " the cache. Tried to purge %s (%p); instead got %s (%p).",
1279 resolve->
address, (
void*)resolve,
1280 removed ? removed->
address :
"NULL", (
void*)removed);
1291 uint32_t ttl = UINT32_MAX;
1294 new_resolve->result_ptr.hostname =
1295 tor_strdup(resolve->result_ptr.hostname);
1300 HT_INSERT(cache_map, &cache_root, new_resolve);
1330 case DNS_ERR_SERVERFAILED:
1331 case DNS_ERR_TRUNCATED:
1332 case DNS_ERR_TIMEOUT:
1348#ifdef HAVE_EVDNS_BASE_GET_NAMESERVER_ADDR
1354configured_nameserver_address(
const size_t idx)
1356 struct sockaddr_storage sa;
1357 ev_socklen_t sa_len =
sizeof(sa);
1360 (
struct sockaddr *)&sa,
1364 (
const struct sockaddr *)&sa,
1384#define EXIT_DNS_TIMEOUT_DEFAULT (1000)
1385#define EXIT_DNS_TIMEOUT_MIN (1)
1386#define EXIT_DNS_TIMEOUT_MAX (120000)
1388 EXIT_DNS_TIMEOUT_DEFAULT,
1389 EXIT_DNS_TIMEOUT_MIN,
1390 EXIT_DNS_TIMEOUT_MAX);
1398 val =
MAX(1, val / 1000);
1412#define EXIT_DNS_NUM_ATTEMPTS_DEFAULT (2)
1413#define EXIT_DNS_NUM_ATTEMPTS_MIN (0)
1414#define EXIT_DNS_NUM_ATTEMPTS_MAX (255)
1416 EXIT_DNS_NUM_ATTEMPTS_DEFAULT,
1417 EXIT_DNS_NUM_ATTEMPTS_MIN,
1418 EXIT_DNS_NUM_ATTEMPTS_MAX);
1435#define SET(k,v) evdns_base_set_option(the_evdns_base, (k), (v))
1445 SET(
"max-timeouts:",
"1000000");
1447 SET(
"max-timeouts:",
"10");
1456 SET(
"max-inflight:",
"8192");
1473 SET(
"randomize-case:",
"1");
1475 SET(
"randomize-case:",
"0");
1490 const char *conf_fname;
1497 conf_fname =
"/etc/resolv.conf";
1499 flags = DNS_OPTIONS_ALL;
1503 log_err(
LD_BUG,
"Couldn't create an evdns_base");
1510 log_debug(
LD_FS,
"stat()ing %s", conf_fname);
1511 int missing_resolv_conf = 0;
1515 log_warn(LD_EXIT,
"Unable to stat resolver configuration in '%s': %s",
1516 conf_fname, strerror(errno));
1517 missing_resolv_conf = 1;
1521 log_info(LD_EXIT,
"No change to '%s'", conf_fname);
1525 if (stat_res == 0 && st.st_size == 0)
1526 missing_resolv_conf = 1;
1532#if defined(DNS_OPTION_HOSTSFILE) && defined(USE_LIBSECCOMP)
1533 if (flags & DNS_OPTION_HOSTSFILE) {
1534 flags ^= DNS_OPTION_HOSTSFILE;
1535 log_debug(
LD_FS,
"Loading /etc/hosts");
1541 if (!missing_resolv_conf) {
1542 log_info(LD_EXIT,
"Parsing resolver configuration in '%s'", conf_fname);
1545 log_warn(LD_EXIT,
"Unable to parse '%s', or no nameservers "
1546 "in '%s' (%d)", conf_fname, conf_fname, r);
1553 log_warn(LD_EXIT,
"Unable to find any nameservers in '%s'.",
1561 log_warn(LD_EXIT,
"Could not read your DNS config from '%s' - "
1562 "please investigate your DNS configuration. "
1563 "This is possibly a problem. Meanwhile, falling"
1564 " back to local DNS at 127.0.0.1.", conf_fname);
1578 log_warn(LD_EXIT,
"Could not config nameservers.");
1582 log_warn(LD_EXIT,
"Unable to find any platform nameservers in "
1583 "your Windows configuration.");
1625 uint8_t orig_query_type = arg_[0];
1626 char *string_address = arg_ + 1;
1628 const char *hostname = NULL;
1629 int was_wildcarded = 0;
1634 if (type == DNS_IPv6_AAAA) {
1635 if (result == DNS_ERR_TIMEOUT) {
1639 if (n_ipv6_timeouts > 10 &&
1640 n_ipv6_timeouts > n_ipv6_requests_made / 2) {
1641 if (! dns_is_broken_for_ipv6) {
1642 log_notice(LD_EXIT,
"More than half of our IPv6 requests seem to "
1643 "have timed out. I'm going to assume I can't get AAAA "
1645 dns_is_broken_for_ipv6 = 1;
1650 if (result == DNS_ERR_NONE) {
1651 if (type == DNS_IPv4_A && count) {
1653 char *escaped_address;
1654 uint32_t *addrs = addresses;
1661 log_debug(LD_EXIT,
"eventdns said that %s resolves to ISP-hijacked "
1662 "address %s; treating as a failure.",
1663 safe_str(escaped_address),
1667 result = DNS_ERR_NOTEXIST;
1669 log_debug(LD_EXIT,
"eventdns said that %s resolves to %s",
1670 safe_str(escaped_address),
1674 }
else if (type == DNS_IPv6_AAAA && count) {
1676 char *escaped_address;
1678 struct in6_addr *addrs = addresses;
1681 sizeof(answer_buf));
1684 if (BUG(ip_str == NULL)) {
1685 log_warn(LD_EXIT,
"tor_inet_ntop() failed!");
1686 result = DNS_ERR_NOTEXIST;
1688 log_debug(LD_EXIT,
"eventdns said that %s resolves to ISP-hijacked "
1689 "address %s; treating as a failure.",
1690 safe_str(escaped_address),
1694 result = DNS_ERR_NOTEXIST;
1696 log_debug(LD_EXIT,
"eventdns said that %s resolves to %s",
1697 safe_str(escaped_address),
1701 }
else if (type == DNS_PTR && count) {
1702 char *escaped_address;
1703 hostname = ((
char**)addresses)[0];
1705 log_debug(LD_EXIT,
"eventdns said that %s resolves to %s",
1706 safe_str(escaped_address),
1710 log_info(LD_EXIT,
"eventdns returned only unrecognized answer types "
1714 log_info(LD_EXIT,
"eventdns returned no addresses or error for %s.",
1718 if (was_wildcarded) {
1726 if (orig_query_type && type && orig_query_type != type) {
1727 log_warn(
LD_BUG,
"Weird; orig_query_type == %d but type == %d",
1728 (
int)orig_query_type, (
int)type);
1730 if (result != DNS_ERR_SHUTDOWN)
1749 : DNS_QUERY_NO_SEARCH;
1750 const size_t addr_len = strlen(address);
1751 struct evdns_request *req = 0;
1752 char *addr = tor_malloc(addr_len + 2);
1753 addr[0] = (char) query_type;
1754 memcpy(addr+1, address, addr_len + 1);
1759 switch (query_type) {
1767 ++n_ipv6_requests_made;
1773 DNS_QUERY_NO_SEARCH,
1778 DNS_QUERY_NO_SEARCH,
1781 log_warn(
LD_BUG,
"Called with PTR query and unexpected address family");
1784 log_warn(
LD_BUG,
"Called with unexpected query type %d", (
int)query_type);
1810 log_warn(LD_EXIT,
"(Harmless.) Nameservers not configured, but resolve "
1811 "launched. Configuring.");
1818 &a, resolve->
address, AF_UNSPEC, 0);
1822 log_info(LD_EXIT,
"Launching eventdns request for %s",
1829 resolve->res_status_ipv4 = 0;
1836 resolve->res_status_ipv6 = 0;
1840 }
else if (r == 1) {
1842 log_info(LD_EXIT,
"Launching eventdns reverse request for %s",
1846 resolve->res_status_hostname = 0;
1849 }
else if (r == -1) {
1850 log_warn(
LD_BUG,
"Somehow a malformed in-addr.arpa address reached here.");
1854 log_fn(LOG_PROTOCOL_WARN, LD_EXIT,
"eventdns rejected address %s.",
1899 ip = tor_malloc_zero(
sizeof(
int));
1908 "Your DNS provider has given \"%s\" as an answer for %d different "
1909 "invalid addresses. Apparently they are hijacking DNS failures. "
1910 "I'll try to correct for this by treating future occurrences of "
1911 "\"%s\" as 'not found'.",
id, *ip,
id);
1925 int n, n_test_addrs;
1934 smartlist_len(
get_options()->ServerDNSTestAddresses) : 0;
1938 if (n > n_test_addrs/2) {
1940 LD_EXIT,
"Your DNS provider tried to redirect \"%s\" to a junk "
1941 "address. It has done this with %d test addresses so far. I'm "
1942 "going to stop being an exit node for now, since our DNS seems so "
1943 "broken.", address, n);
1958 void *addresses,
void *arg)
1963 if (result == DNS_ERR_NONE && count) {
1964 char *string_address = arg;
1966 if (type == DNS_IPv4_A) {
1967 const uint32_t *addrs = addresses;
1968 for (i = 0; i < count; ++i) {
1972 in.s_addr = addrs[i];
1973 ntoa_res =
tor_inet_ntoa(&in, answer_buf,
sizeof(answer_buf));
1974 tor_assert_nonfatal(ntoa_res >= 0);
1978 }
else if (type == DNS_IPv6_AAAA) {
1979 const struct in6_addr *addrs = addresses;
1980 for (i = 0; i < count; ++i) {
1983 sizeof(answer_buf));
1984 tor_assert_nonfatal(ip_str);
1991 "Your DNS provider gave an answer for \"%s\", which "
1992 "is not supposed to exist. Apparently they are hijacking "
1993 "DNS failures. Trying to correct for this. We've noticed %d "
1994 "possibly bad address%s so far.",
2010 struct evdns_request *req;
2013 log_info(LD_EXIT,
"Testing whether our DNS server is hijacking nonexistent "
2014 "domains with request for bogus hostname \"%s\"", addr);
2018 req = evdns_base_resolve_ipv6(
2025 req = evdns_base_resolve_ipv4(
2050 log_info(LD_EXIT,
"Launching checks to see whether our nameservers like to "
2051 "hijack *everything*.");
2059 const char *, address) {
2061 log_info(LD_EXIT,
"eventdns rejected test address %s",
2066 log_info(LD_EXIT,
"eventdns rejected test address %s",
2069 } SMARTLIST_FOREACH_END(address);
2073#define N_WILDCARD_CHECKS 2
2083 log_info(LD_EXIT,
"Launching checks to see whether our nameservers like "
2084 "to hijack DNS failures.");
2085 for (ipv6 = 0; ipv6 <= 1; ++ipv6) {
2086 for (i = 0; i < N_WILDCARD_CHECKS; ++i) {
2113 static struct event *launch_event = NULL;
2126 if (evtimer_add(launch_event, &
timeout) < 0) {
2127 log_warn(
LD_BUG,
"Couldn't add timer for checking for dns hijacking");
2142 return dns_is_broken_for_ipv6;
2154 n_ipv6_requests_made = n_ipv6_timeouts = 0;
2167 dns_is_broken_for_ipv6 = 0;
2193 if (resolve->is_reverse)
2206 return HT_SIZE(&cache_root);
2211dns_cache_total_allocation(
void)
2214 HT_MEM_USAGE(&cache_root);
2223 size_t hash_mem = dns_cache_total_allocation();
2228 tor_log(severity,
LD_MM,
"Our DNS cache has %d entries.", hash_count);
2229 tor_log(severity,
LD_MM,
"Our DNS cache size is approximately %u bytes.",
2230 (
unsigned)hash_mem);
2237dns_cache_handle_oom(time_t now,
size_t min_remove_bytes)
2239 time_t time_inc = 0;
2240 size_t total_bytes_removed = 0;
2241 size_t current_size = dns_cache_total_allocation();
2249 time_t cutoff = now + time_inc;
2253 size_t bytes_removed = current_size - dns_cache_total_allocation();
2254 current_size -= bytes_removed;
2255 total_bytes_removed += bytes_removed;
2259 }
while (total_bytes_removed < min_remove_bytes);
2261 return total_bytes_removed;
2264#ifdef DEBUG_DNS_CACHE
2267assert_cache_ok_(
void)
2270 int bad_rep = HT_REP_IS_BAD_(cache_map, &cache_root);
2272 log_err(
LD_BUG,
"Bad rep type %d on dns cache hash table", bad_rep);
2276 HT_FOREACH(resolve, cache_map, &cache_root) {
2290 cached_resolve_t *found = HT_FIND(cache_map, &cache_root, res);
2291 tor_assert(!found || found != res);
2293 cached_resolve_t *found = HT_FIND(cache_map, &cache_root, res);
2304 return HT_FIND(cache_map, &cache_root, query);
2310 HT_INSERT(cache_map, &cache_root, new_entry);
void tor_addr_copy(tor_addr_t *dest, const tor_addr_t *src)
void tor_addr_from_ipv4n(tor_addr_t *dest, uint32_t v4addr)
void tor_addr_make_unspec(tor_addr_t *a)
int tor_addr_parse(tor_addr_t *addr, const char *src)
int tor_addr_parse_PTR_name(tor_addr_t *result, const char *address, int family, int accept_regular)
void tor_addr_from_in6(tor_addr_t *dest, const struct in6_addr *in6)
const char * tor_addr_to_str(char *dest, const tor_addr_t *addr, size_t len, int decorate)
int tor_addr_from_sockaddr(tor_addr_t *a, const struct sockaddr *sa, uint16_t *port_out)
static const struct in_addr * tor_addr_to_in(const tor_addr_t *a)
static sa_family_t tor_addr_family(const tor_addr_t *a)
static uint32_t tor_addr_to_ipv4h(const tor_addr_t *a)
static const struct in6_addr * tor_addr_to_in6(const tor_addr_t *a)
#define tor_addr_from_ipv4h(dest, v4addr)
static void set_uint32(void *cp, uint32_t v)
circuit_t * circuit_get_by_edge_conn(edge_connection_t *conn)
or_circuit_t * TO_OR_CIRCUIT(circuit_t *x)
Header file for circuitlist.c.
#define CIRCUIT_IS_ORIGIN(c)
void circuit_detach_stream(circuit_t *circ, edge_connection_t *conn)
Header file for circuituse.c.
struct event_base * tor_libevent_get_base(void)
Header for compat_libevent.c.
const char * escaped_safe_str(const char *address)
const or_options_t * get_options(void)
Header file for config.c.
void conflux_update_resolving_streams(or_circuit_t *circ, edge_connection_t *stream)
void conflux_update_n_streams(or_circuit_t *circ, edge_connection_t *stream)
Header file for conflux_util.c.
void assert_connection_ok(connection_t *conn, time_t now)
void connection_free_(connection_t *conn)
Header file for connection.c.
uint32_t clip_dns_fuzzy_ttl(uint32_t ttl)
void connection_exit_connect(edge_connection_t *edge_conn)
int connection_edge_end(edge_connection_t *conn, uint8_t reason)
Header file for connection_edge.c.
#define EXIT_CONN_STATE_CONNECTING
int address_is_invalid_destination(const char *address, int client)
#define BEGIN_FLAG_IPV6_PREFERRED
#define EXIT_CONN_STATE_RESOLVEFAILED
#define EXIT_PURPOSE_CONNECT
#define BEGIN_FLAG_IPV4_NOT_OK
#define EXIT_CONN_STATE_RESOLVING
#define BEGIN_FLAG_IPV6_OK
#define EXIT_PURPOSE_RESOLVE
int control_event_server_status(int severity, const char *format,...)
Header file for control_events.c.
char * crypto_random_hostname(int min_rand_len, int max_rand_len, const char *prefix, const char *suffix)
Common functions for using (pseudo-)random number generators.
static int dns_wildcard_notice_given
STATIC int set_exitconn_info_from_resolve(edge_connection_t *exitconn, const cached_resolve_t *resolve, char **hostname_out)
static const char * get_consensus_param_exit_dns_attempts(void)
static int dns_wildcard_one_notice_given
static int nameservers_configured
static unsigned int cached_resolve_hash(cached_resolve_t *a)
static void add_wildcarded_test_address(const char *address)
static int nameserver_config_failed
static void dns_launch_wildcard_checks(void)
static void assert_resolve_ok(cached_resolve_t *resolve)
static char * resolv_conf_fname
void dns_new_consensus_params(const networkstatus_t *ns)
static int dns_cache_entry_count(void)
int dns_seems_to_be_broken(void)
STATIC void send_resolved_cell(edge_connection_t *conn, uint8_t answer_type, const cached_resolve_t *resolved)
void dns_reset_correctness_checks(void)
STATIC void send_resolved_hostname_cell(edge_connection_t *conn, const char *hostname)
static int n_wildcard_requests
static void init_cache_map(void)
static struct evdns_base * the_evdns_base
static void evdns_callback(int result, char type, int count, int ttl, void *addresses, void *arg)
static int configure_nameservers(int force)
static void inform_pending_connections(cached_resolve_t *resolve)
static smartlist_t * dns_wildcard_list
static void evdns_wildcard_check_callback(int result, char type, int count, int ttl, void *addresses, void *arg)
#define RESOLVE_MAX_TIMEOUT
static void purge_expired_resolves(time_t now)
STATIC void dns_cancel_pending_resolve(const char *address)
static int evdns_err_is_transient(int err)
size_t number_of_configured_nameservers(void)
void connection_dns_remove(edge_connection_t *conn)
static smartlist_t * dns_wildcarded_test_address_list
int has_dns_init_failed(void)
static int dns_is_completely_invalid
void dump_dns_mem_usage(int severity)
static void free_cached_resolve_(cached_resolve_t *r)
STATIC int dns_resolve_impl(edge_connection_t *exitconn, int is_resolve, or_circuit_t *oncirc, char **hostname_out, int *made_connection_pending_out, cached_resolve_t **resolve_out)
static void launch_test_addresses(evutil_socket_t fd, short event, void *args)
static int dns_wildcarded_test_address_notice_given
static int launch_one_resolve(const char *address, uint8_t query_type, const tor_addr_t *ptr_address)
static void evdns_log_cb(int warn, const char *msg)
static int answer_is_wildcarded(const char *ip)
STATIC int launch_resolve(cached_resolve_t *resolve)
int dns_seems_to_be_broken_for_ipv6(void)
int dns_resolve(edge_connection_t *exitconn)
static strmap_t * dns_wildcard_response_count
static const char * get_consensus_param_exit_dns_timeout(void)
static time_t resolv_conf_mtime
static void launch_wildcard_check(int min_len, int max_len, int is_ipv6, const char *suffix)
static int is_test_address(const char *address)
static void configure_libevent_options(void)
static int compare_cached_resolves_by_expiry_(const void *_a, const void *_b)
static void make_pending_resolve_cached(cached_resolve_t *cached)
void dns_launch_correctness_checks(void)
static smartlist_t * cached_resolve_pqueue
static int cached_resolve_have_all_answers(const cached_resolve_t *resolve)
static void set_expiry(cached_resolve_t *resolve, time_t expires)
static void dns_found_answer(const char *address, uint8_t query_type, int dns_answer, const tor_addr_t *addr, const char *hostname, uint32_t ttl)
static HT_HEAD(cache_map, cached_resolve_t)
void assert_connection_edge_not_dns_pending(edge_connection_t *conn)
static void wildcard_increment_answer(const char *id)
#define CACHE_STATE_PENDING
#define RES_STATUS_DONE_OK
#define CACHED_RESOLVE_MAGIC
#define CACHE_STATE_CACHED
#define RES_STATUS_DONE_ERR
#define RES_STATUS_INFLIGHT
Edge-connection structure.
char * esc_for_log(const char *s)
const char * escaped(const char *s)
HT_PROTOTYPE(hs_circuitmap_ht, circuit_t, hs_circuitmap_node, hs_circuit_hash_token, hs_circuits_have_same_token)
int tor_inet_ntoa(const struct in_addr *in, char *buf, size_t buf_len)
const char * tor_inet_ntop(int af, const void *src, char *dst, size_t len)
#define INET_NTOA_BUF_LEN
void tor_log(int severity, log_domain_mask_t domain, const char *format,...)
#define log_fn(severity, domain, args,...)
#define log_fn_ratelim(ratelim, severity, domain, args,...)
void dns_servers_relaunch_checks(void)
Header file for mainloop.c.
void * tor_reallocarray_(void *ptr, size_t sz1, size_t sz2)
void tor_free_(void *mem)
int net_is_disabled(void)
int32_t networkstatus_get_param(const networkstatus_t *ns, const char *param_name, int32_t default_val, int32_t min_val, int32_t max_val)
Header file for networkstatus.c.
Master header file for Tor-specific functionality.
#define RELAY_PAYLOAD_SIZE
Header file for policies.c.
int tor_snprintf(char *str, size_t size, const char *format,...)
int connection_edge_send_command(edge_connection_t *fromconn, uint8_t relay_command, const char *payload, size_t payload_len)
void rep_hist_note_dns_error(int type, uint8_t error)
void rep_hist_note_dns_request(int type)
Header file for rephist.c.
int router_compare_to_my_exit_policy(const tor_addr_t *addr, uint16_t port)
void mark_my_descriptor_dirty(const char *reason)
int router_my_exit_policy_is_reject_star(void)
Header file for router.c.
int server_mode(const or_options_t *options)
Header file for routermode.c.
Header file for sandbox.c.
#define sandbox_intern_string(s)
void smartlist_pqueue_assert_ok(smartlist_t *sl, int(*compare)(const void *a, const void *b), ptrdiff_t idx_field_offset)
int smartlist_contains_string_case(const smartlist_t *sl, const char *element)
void * smartlist_pqueue_pop(smartlist_t *sl, int(*compare)(const void *a, const void *b), ptrdiff_t idx_field_offset)
void smartlist_pqueue_add(smartlist_t *sl, int(*compare)(const void *a, const void *b), ptrdiff_t idx_field_offset, void *item)
int smartlist_contains_string(const smartlist_t *sl, const char *element)
void smartlist_add_strdup(struct smartlist_t *sl, const char *string)
smartlist_t * smartlist_new(void)
void smartlist_clear(smartlist_t *sl)
#define SMARTLIST_FOREACH_BEGIN(sl, type, var)
#define SMARTLIST_FOREACH(sl, type, var, cmd)
union cached_resolve_t::@24 result_ipv4
struct in6_addr addr_ipv6
union cached_resolve_t::@25 result_ipv6
char address[MAX_ADDRESSLEN]
pending_connection_t * pending_connections
uint16_t marked_for_close
unsigned int is_reverse_dns_lookup
struct edge_connection_t * next_stream
struct circuit_t * on_circuit
edge_connection_t * resolving_streams
edge_connection_t * n_streams
char * ServerDNSResolvConfFile
struct smartlist_t * ServerDNSTestAddresses
int ServerDNSSearchDomains
#define MOCK_IMPL(rv, funcname, arglist)
#define tor_fragile_assert()
void tor_strlower(char *s)
int strcmpstart(const char *s1, const char *s2)
int tor_strisnonupper(const char *s)