[or-cvs] r9200: Refactor and unify my-ip-addr-changed logic. Make change in (in tor/trunk: . doc src/or)

[nickm@xxxxxxxx]

Author: nickm
Date: 2006-12-28 16:29:20 -0500 (Thu, 28 Dec 2006)
New Revision: 9200

Modified:
   tor/trunk/
   tor/trunk/ChangeLog
   tor/trunk/doc/TODO
   tor/trunk/src/or/config.c
   tor/trunk/src/or/connection.c
   tor/trunk/src/or/dns.c
   tor/trunk/src/or/main.c
   tor/trunk/src/or/or.h
   tor/trunk/src/or/router.c
Log:
 r11724@Kushana:  nickm | 2006-12-28 14:22:35 -0500
 Refactor and unify my-ip-addr-changed logic.  Make change in IP address or in nameservers reset and relaunch DNS hijacking tests.



Property changes on: tor/trunk
___________________________________________________________________
 svk:merge ticket from /tor/trunk [r11724] on c95137ef-5f19-0410-b913-86e773d04f59

Modified: tor/trunk/ChangeLog
===================================================================
--- tor/trunk/ChangeLog	2006-12-28 21:29:11 UTC (rev 9199)
+++ tor/trunk/ChangeLog	2006-12-28 21:29:20 UTC (rev 9200)
@@ -70,6 +70,8 @@
     - We now check for the case when common DNS requests are going to
       wildcarded addresses, and change our exit policy to reject *:* if
       it's happening.  (Bug #364)
+    - When we change nameservers or IP addresses, reset and re-launch
+      our tests for DNS hijacking.
 
   o Security bugfixes:
     - Stop sending the HttpProxyAuthenticator string to directory

Modified: tor/trunk/doc/TODO
===================================================================
--- tor/trunk/doc/TODO	2006-12-28 21:29:11 UTC (rev 9199)
+++ tor/trunk/doc/TODO	2006-12-28 21:29:20 UTC (rev 9200)
@@ -112,8 +112,7 @@
       well-known sites) are all going to the same place.
     o Bug 363: Warn and die if we can't find a nameserver and we're running a
       server; don't fall back to 127.0.0.1.
-?   - maybe re-check dns when we change IP addresses, rather than
-      every 12 hours?
+    o Re-check dns when we change IP addresses, rather than every 12 hours
     - Bug 326: Give fewer error messages from nameservers. 
       - Only warn when _all_ nameservers are down; otherwise info.
       - Increase timeout; what's industry standard?

Modified: tor/trunk/src/or/config.c
===================================================================
--- tor/trunk/src/or/config.c	2006-12-28 21:29:11 UTC (rev 9199)
+++ tor/trunk/src/or/config.c	2006-12-28 21:29:20 UTC (rev 9200)
@@ -976,7 +976,7 @@
           log_err(LD_BUG,"Error initializing keys; exiting");
           return -1;
         }
-        server_has_changed_ip();
+        ip_address_changed(0);
         if (has_completed_circuit || !any_predicted_circuits(time(NULL)))
           inform_testing_reachability();
       }
@@ -1908,7 +1908,7 @@
     /* Leave this as a notice, regardless of the requested severity,
      * at least until dynamic IP address support becomes bulletproof. */
     log_notice(LD_NET, "Your IP address seems to have changed. Updating.");
-    server_has_changed_ip();
+    ip_address_changed(0);
   }
   last_resolved_addr = *addr_out;
   if (hostname_out)

Modified: tor/trunk/src/or/connection.c
===================================================================
--- tor/trunk/src/or/connection.c	2006-12-28 21:29:11 UTC (rev 9199)
+++ tor/trunk/src/or/connection.c	2006-12-28 21:29:20 UTC (rev 9200)
@@ -2128,7 +2128,7 @@
     smartlist_clear(outgoing_addrs);
     smartlist_add(outgoing_addrs, ip);
     /* Okay, now change our keys. */
-    init_keys(); /* XXXX NM return value-- safe to ignore? */
+    ip_address_changed(1);
   }
 }
 

Modified: tor/trunk/src/or/dns.c
===================================================================
--- tor/trunk/src/or/dns.c	2006-12-28 21:29:11 UTC (rev 9199)
+++ tor/trunk/src/or/dns.c	2006-12-28 21:29:20 UTC (rev 9200)
@@ -1399,6 +1399,11 @@
 {
   return 0;
 }
+
+void
+dns_reset_correctness_checks(void)
+{
+}
 #else /* !USE_EVENTDNS */
 
 /** Eventdns helper: return true iff the eventdns result <b>err</b> is
@@ -1514,6 +1519,8 @@
   }
 #endif
 
+  dns_servers_relaunch_checks();
+
   nameservers_configured = 1;
   return 0;
 }
@@ -1855,6 +1862,28 @@
   return dns_is_completely_invalid;
 }
 
+void
+dns_reset_correctness_checks(void)
+{
+  if (dns_wildcard_response_count) {
+    strmap_free(dns_wildcard_response_count, _tor_free);
+    dns_wildcard_response_count = NULL;
+  }
+  n_wildcard_requests = 0;
+
+  if (dns_wildcard_list) {
+    SMARTLIST_FOREACH(dns_wildcard_list, char *, cp, tor_free(cp));
+    smartlist_clear(dns_wildcard_list);
+  }
+  if (dns_wildcarded_test_address_list) {
+    SMARTLIST_FOREACH(dns_wildcarded_test_address_list, char *, cp,
+                      tor_free(cp));
+    smartlist_clear(dns_wildcarded_test_address_list);
+  }
+  dns_wildcard_one_notice_given = dns_wildcard_notice_given =
+    dns_wildcarded_test_address_notice_given = dns_is_completely_invalid = 0;
+}
+
 /** Return true iff we have noticed that the dotted-quad <b>ip</b> has been
  * returned in response to requests for nonexistent hostnames. */
 static int

Modified: tor/trunk/src/or/main.c
===================================================================
--- tor/trunk/src/or/main.c	2006-12-28 21:29:11 UTC (rev 9199)
+++ tor/trunk/src/or/main.c	2006-12-28 21:29:20 UTC (rev 9200)
@@ -52,6 +52,8 @@
 static time_t time_to_fetch_directory = 0;
 /** When do we next download a running-routers summary? */
 static time_t time_to_fetch_running_routers = 0;
+/** When do we next launch DNS wildcarding checks? */
+static time_t time_to_check_for_correct_dns = 0;
 
 /** Array of all open connections.  The first n_conns elements are valid. */
 static connection_t *connection_array[MAXCONNECTIONS+1] =
@@ -729,7 +731,6 @@
   static time_t time_to_try_getting_descriptors = 0;
   static time_t time_to_reset_descriptor_failures = 0;
   static time_t time_to_add_entropy = 0;
-  static time_t time_to_check_for_correct_dns = 0;
   or_options_t *options = get_options();
   int i;
   int have_dir_info;
@@ -1057,6 +1058,44 @@
 }
 #endif
 
+#define UPTIME_CUTOFF_FOR_NEW_BANDWIDTH_TEST (6*60*60)
+
+/** Called when our IP address seems to have changed. <b>at_interface</b>
+ * should be true if we detected a change in our interface, and false if we
+ * detected a change in our published address. */
+void
+ip_address_changed(int at_interface)
+{
+  int server = server_mode(get_options());
+
+  if (at_interface) {
+    if (! server) {
+      /* Okay, change our keys. */
+      init_keys();
+    }
+  } else {
+    if (server) {
+      if (stats_n_seconds_working > UPTIME_CUTOFF_FOR_NEW_BANDWIDTH_TEST)
+        reset_bandwidth_test();
+      stats_n_seconds_working = 0;
+      router_reset_reachability();
+      mark_my_descriptor_dirty();
+    }
+  }
+
+  dns_servers_relaunch_checks();
+}
+
+/* DOCDOC */
+void
+dns_servers_relaunch_checks(void)
+{
+  if (server_mode(get_options())) {
+    dns_reset_correctness_checks();
+    time_to_check_for_correct_dns = 0;
+  }
+}
+
 /** Called when we get a SIGHUP: reload configuration files and keys,
  * retry all connections, re-upload all descriptors, and so on. */
 static int

Modified: tor/trunk/src/or/or.h
===================================================================
--- tor/trunk/src/or/or.h	2006-12-28 21:29:11 UTC (rev 9199)
+++ tor/trunk/src/or/or.h	2006-12-28 21:29:20 UTC (rev 9200)
@@ -2323,6 +2323,7 @@
 int dns_resolve(edge_connection_t *exitconn, or_circuit_t *circ);
 void dns_launch_correctness_checks(void);
 int dns_seems_to_be_broken(void);
+void dns_reset_correctness_checks(void);
 
 /********************************* hibernate.c **********************/
 
@@ -2363,6 +2364,9 @@
 void directory_all_unreachable(time_t now);
 void directory_info_has_arrived(time_t now, int from_cache);
 
+void ip_address_changed(int at_interface);
+void dns_servers_relaunch_checks(void);
+
 void control_signal_act(int the_signal);
 void handle_signals(int is_parent);
 void tor_cleanup(void);
@@ -2632,7 +2636,6 @@
 void consider_testing_reachability(int test_or, int test_dir);
 void router_orport_found_reachable(void);
 void router_dirport_found_reachable(void);
-void server_has_changed_ip(void);
 void router_perform_bandwidth_test(int num_circs, time_t now);
 
 int authdir_mode(or_options_t *options);
@@ -2664,6 +2667,7 @@
 int is_legal_hexdigest(const char *s);
 void router_get_verbose_nickname(char *buf, routerinfo_t *router);
 void router_reset_warnings(void);
+void router_reset_reachability(void);
 void router_free_all(void);
 
 /********************************* routerlist.c ***************************/

Modified: tor/trunk/src/or/router.c
===================================================================
--- tor/trunk/src/or/router.c	2006-12-28 21:29:11 UTC (rev 9199)
+++ tor/trunk/src/or/router.c	2006-12-28 21:29:20 UTC (rev 9200)
@@ -381,6 +381,13 @@
 /** Whether we can reach our DirPort from the outside. */
 static int can_reach_dir_port = 0;
 
+/** DOCDOC */
+void
+router_reset_reachability(void)
+{
+  can_reach_or_port = can_reach_dir_port = 0;
+}
+
 /** Return 1 if ORPort is known reachable; else return 0. */
 int
 check_whether_orport_reachable(void)
@@ -488,20 +495,6 @@
   }
 }
 
-#define UPTIME_CUTOFF_FOR_NEW_BANDWIDTH_TEST (6*60*60)
-
-/** Our router has just moved to a new IP. Reset stats. */
-void
-server_has_changed_ip(void)
-{
-  if (stats_n_seconds_working > UPTIME_CUTOFF_FOR_NEW_BANDWIDTH_TEST)
-    reset_bandwidth_test();
-  stats_n_seconds_working = 0;
-  can_reach_or_port = 0;
-  can_reach_dir_port = 0;
-  mark_my_descriptor_dirty();
-}
-
 /** We have enough testing circuits open. Send a bunch of "drop"
  * cells down each of them, to exercise our bandwidth. */
 void
@@ -996,9 +989,7 @@
 
   if (prev != cur) {
     log_addr_has_changed(LOG_INFO, prev, cur);
-    mark_my_descriptor_dirty();
-    /* the above call is probably redundant, since resolve_my_address()
-     * probably already noticed and marked it dirty. */
+    ip_address_changed(0);
   }
 }
 
@@ -1044,7 +1035,7 @@
    * resolve it. */
   if (last_guessed_ip != addr) {
     log_addr_has_changed(LOG_NOTICE, last_guessed_ip, addr);
-    server_has_changed_ip();
+    ip_address_changed(0);
     last_guessed_ip = addr; /* router_rebuild_descriptor() will fetch it */
   }
 }