[or-cvs] r17004: {tor} Patch from mwenge: update TrackHostExits mapping expiry time (in tor/trunk: . doc src/or)

nickm at seul.org nickm at seul.org
Mon Sep 29 14:53:54 UTC 2008 

Author: nickm
Date: 2008-09-29 10:53:53 -0400 (Mon, 29 Sep 2008)
New Revision: 17004

Modified:
   tor/trunk/ChangeLog
   tor/trunk/doc/TODO.021
   tor/trunk/src/or/buffers.c
   tor/trunk/src/or/circuituse.c
   tor/trunk/src/or/connection_edge.c
   tor/trunk/src/or/or.h
Log:
Patch from mwenge: update TrackHostExits mapping expiry times when the mappings are used, so that they expire a while after their last use, not a while after their creation.

Modified: tor/trunk/ChangeLog
===================================================================
--- tor/trunk/ChangeLog	2008-09-29 14:40:34 UTC (rev 17003)
+++ tor/trunk/ChangeLog	2008-09-29 14:53:53 UTC (rev 17004)
@@ -62,6 +62,8 @@
       from Josh Albrecht. Resolves feature request 768.
     - Add a -p option to tor-resolve for specifying the SOCKS port: some
       people find host:port too confusing.
+    - Make TrackHostExit mappings expire a while after their last use, not
+      after their creation.  Patch from Robert Hogan.
 
   o Minor bugfixes:
     - Fix compile on OpenBSD 4.4-current. Bugfix on 0.2.1.5-alpha.

Modified: tor/trunk/doc/TODO.021
===================================================================
--- tor/trunk/doc/TODO.021	2008-09-29 14:40:34 UTC (rev 17003)
+++ tor/trunk/doc/TODO.021	2008-09-29 14:53:53 UTC (rev 17004)
@@ -347,7 +347,7 @@
     - Tor logs the libevent version on startup, for debugging purposes.
       This is great. But it does this before configuring the logs, so
       it only goes to stdout and is then lost.
-    - Make TrackHostExits expire TrackHostExitsExpire seconds after their
+    o Make TrackHostExits expire TrackHostExitsExpire seconds after their
       *last* use, not their *first* use.
     - enforce a lower limit on MaxCircuitDirtiness and CircuitBuildTimeout.
     - Make 'safelogging' extend to info-level logs too.

Modified: tor/trunk/src/or/buffers.c
===================================================================
--- tor/trunk/src/or/buffers.c	2008-09-29 14:40:34 UTC (rev 17003)
+++ tor/trunk/src/or/buffers.c	2008-09-29 14:53:53 UTC (rev 17004)
@@ -1402,7 +1402,7 @@
           req->port = ntohs(get_uint16(buf->head->data+4+addrlen));
           buf_remove_from_front(buf, 6+addrlen);
           if (req->command != SOCKS_COMMAND_RESOLVE_PTR &&
-              !addressmap_have_mapping(req->address) &&
+              !addressmap_have_mapping(req->address,0) &&
               !have_warned_about_unsafe_socks) {
             log_warn(LD_APP,
                 "Your application (using socks5 to port %d) is giving "
@@ -1412,7 +1412,8 @@
                 "please see http://wiki.noreply.org/noreply/TheOnionRouter/"
                 "TorFAQ#SOCKSAndDNS.%s", req->port,
                 safe_socks ? " Rejecting." : "");
-//            have_warned_about_unsafe_socks = 1; // (for now, warn every time)
+            /*have_warned_about_unsafe_socks = 1;*/
+                                      /*(for now, warn every time)*/
             control_event_client_status(LOG_WARN,
                           "DANGEROUS_SOCKS PROTOCOL=SOCKS5 ADDRESS=%s:%d",
                           req->address, req->port);
@@ -1514,7 +1515,7 @@
 
       startaddr = NULL;
       if (socks4_prot != socks4a &&
-          !addressmap_have_mapping(tmpbuf) &&
+          !addressmap_have_mapping(tmpbuf,0) &&
           !have_warned_about_unsafe_socks) {
         log_warn(LD_APP,
                  "Your application (using socks4 to port %d) is giving Tor "
@@ -1524,7 +1525,7 @@
                  "please see http://wiki.noreply.org/noreply/TheOnionRouter/"
                  "TorFAQ#SOCKSAndDNS.%s", req->port,
                  safe_socks ? " Rejecting." : "");
-//      have_warned_about_unsafe_socks = 1; // (for now, warn every time)
+        /*have_warned_about_unsafe_socks = 1;*/  /*(for now, warn every time)*/
         control_event_client_status(LOG_WARN,
                         "DANGEROUS_SOCKS PROTOCOL=SOCKS4 ADDRESS=%s:%d",
                         tmpbuf, req->port);

Modified: tor/trunk/src/or/circuituse.c
===================================================================
--- tor/trunk/src/or/circuituse.c	2008-09-29 14:40:34 UTC (rev 17003)
+++ tor/trunk/src/or/circuituse.c	2008-09-29 14:53:53 UTC (rev 17004)
@@ -1251,7 +1251,8 @@
   /* Search the addressmap for this conn's destination. */
   /* If he's not in the address map.. */
   if (!options->TrackHostExits ||
-      addressmap_have_mapping(conn->socks_request->address))
+      addressmap_have_mapping(conn->socks_request->address,
+                              options->TrackHostExitsExpire))
     return; /* nothing to track, or already mapped */
 
   SMARTLIST_FOREACH(options->TrackHostExits, const char *, cp, {

Modified: tor/trunk/src/or/connection_edge.c
===================================================================
--- tor/trunk/src/or/connection_edge.c	2008-09-29 14:40:34 UTC (rev 17003)
+++ tor/trunk/src/or/connection_edge.c	2008-09-29 14:53:53 UTC (rev 17004)
@@ -610,7 +610,8 @@
  *
  * (We overload the 'expires' field, using "0" for mappings set via
  * the configuration file, "1" for mappings set from the control
- * interface, and other values for DNS mappings that can expire.)
+ * interface, and other values for DNS and TrackHostExit mappings that can
+ * expire.)
  */
 typedef struct {
   char *new_address;
@@ -831,11 +832,19 @@
   return r;
 }
 
-/** Return 1 if <b>address</b> is already registered, else return 0 */
+/** Return 1 if <b>address</b> is already registered, else return 0. If address
+ * is already registered, and <b>update_expires</b> is non-zero, then update
+ * the expiry time on the mapping with update_expires if it is a
+ * mapping created by TrackHostExits. */
 int
-addressmap_have_mapping(const char *address)
+addressmap_have_mapping(const char *address, int update_expiry)
 {
-  return strmap_get_lc(addressmap, address) ? 1 : 0;
+  addressmap_entry_t *ent;
+  if (!(ent=strmap_get_lc(addressmap, address)))
+    return 0;
+  if (update_expiry && ent->source==ADDRMAPSRC_TRACKEXIT)
+    ent->expires=time(NULL) + update_expiry;
+  return 1;
 }
 
 /** Register a request to map <b>address</b> to <b>new_address</b>,

Modified: tor/trunk/src/or/or.h
===================================================================
--- tor/trunk/src/or/or.h	2008-09-29 14:40:34 UTC (rev 17003)
+++ tor/trunk/src/or/or.h	2008-09-29 14:53:53 UTC (rev 17004)
@@ -2997,7 +2997,7 @@
 void addressmap_clear_transient(void);
 void addressmap_free_all(void);
 int addressmap_rewrite(char *address, size_t maxlen, time_t *expires_out);
-int addressmap_have_mapping(const char *address);
+int addressmap_have_mapping(const char *address, int update_timeout);
 typedef enum {
   ADDRMAPSRC_CONTROLLER, ADDRMAPSRC_TORRC, ADDRMAPSRC_TRACKEXIT,
   ADDRMAPSRC_DNS,

More information about the tor-commits mailing list