[tor-commits] [tor/master] Move DNS TTL manipulation code to src/core/or

Wed Feb 19 18:59:05 UTC 2020

commit 1f06f494c8ce45946e565237a8a52785a8ece447
Author: Nick Mathewson <nickm at torproject.org>
Date:   Tue Feb 18 12:08:29 2020 -0500

    Move DNS TTL manipulation code to src/core/or
    
    This removes a dependency from the client code on feature/relay.
---
 src/core/or/connection_edge.c   | 15 +++++++++++++++
 src/core/or/connection_edge.h   | 15 +++++++++++++++
 src/feature/client/addressmap.c |  1 -
 src/feature/relay/dns.c         | 16 ----------------
 src/feature/relay/dns.h         | 14 --------------
 5 files changed, 30 insertions(+), 31 deletions(-)

diff --git a/src/core/or/connection_edge.c b/src/core/or/connection_edge.c
index eae07141c..23c6e230c 100644
--- a/src/core/or/connection_edge.c
+++ b/src/core/or/connection_edge.c
@@ -432,6 +432,21 @@ warn_if_hs_unreachable(const edge_connection_t *conn, uint8_t reason)
   }
 }
 
+/** Given a TTL (in seconds) from a DNS response or from a relay, determine
+ * what TTL clients and relays should actually use for caching it. */
+uint32_t
+clip_dns_ttl(uint32_t ttl)
+{
+  /* This logic is a defense against "DefectTor" DNS-based traffic
+   * confirmation attacks, as in https://nymity.ch/tor-dns/tor-dns.pdf .
+   * We only give two values: a "low" value and a "high" value.
+   */
+  if (ttl < MIN_DNS_TTL)
+    return MIN_DNS_TTL;
+  else
+    return MAX_DNS_TTL;
+}
+
 /** Send a relay end cell from stream <b>conn</b> down conn's circuit, and
  * remember that we've done so.  If this is not a client connection, set the
  * relay end cell's reason for closing as <b>reason</b>.
diff --git a/src/core/or/connection_edge.h b/src/core/or/connection_edge.h
index 11cb25293..8c06af566 100644
--- a/src/core/or/connection_edge.h
+++ b/src/core/or/connection_edge.h
@@ -182,6 +182,21 @@ void connection_ap_warn_and_unmark_if_pending_circ(
                                              entry_connection_t *entry_conn,
                                              const char *where);
 
+/** Lowest value for DNS ttl that a server should give or a client should
+ * believe. */
+#define MIN_DNS_TTL (5*60)
+/** Highest value for DNS ttl that a server should give or a client should
+ * believe. */
+#define MAX_DNS_TTL (60*60)
+/** How long do we keep DNS cache entries before purging them (regardless of
+ * their TTL)? */
+#define MAX_DNS_ENTRY_AGE (3*60*60)
+/** How long do we cache/tell clients to cache DNS records when no TTL is
+ * known? */
+#define DEFAULT_DNS_TTL (30*60)
+
+uint32_t clip_dns_ttl(uint32_t ttl);
+
 int connection_half_edge_is_valid_data(const smartlist_t *half_conns,
                                        streamid_t stream_id);
 int connection_half_edge_is_valid_sendme(const smartlist_t *half_conns,
diff --git a/src/feature/client/addressmap.c b/src/feature/client/addressmap.c
index af76253e4..cc97166f3 100644
--- a/src/feature/client/addressmap.c
+++ b/src/feature/client/addressmap.c
@@ -23,7 +23,6 @@
 #include "app/config/config.h"
 #include "core/or/connection_edge.h"
 #include "feature/control/control_events.h"
-#include "feature/relay/dns.h"
 #include "feature/nodelist/nodelist.h"
 #include "feature/nodelist/routerset.h"
 
diff --git a/src/feature/relay/dns.c b/src/feature/relay/dns.c
index 08fe4d39c..5f4bddab9 100644
--- a/src/feature/relay/dns.c
+++ b/src/feature/relay/dns.c
@@ -268,22 +268,6 @@ has_dns_init_failed(void)
   return nameserver_config_failed;
 }
 
-/** Helper: Given a TTL from a DNS response, determine what TTL to give the
- * OP that asked us to resolve it, and how long to cache that record
- * ourselves. */
-uint32_t
-clip_dns_ttl(uint32_t ttl)
-{
-  /* This logic is a defense against "DefectTor" DNS-based traffic
-   * confirmation attacks, as in https://nymity.ch/tor-dns/tor-dns.pdf .
-   * We only give two values: a "low" value and a "high" value.
-   */
-  if (ttl < MIN_DNS_TTL)
-    return MIN_DNS_TTL;
-  else
-    return MAX_DNS_TTL;
-}
-
 /** Helper: free storage held by an entry in the DNS cache. */
 static void
 free_cached_resolve_(cached_resolve_t *r)
diff --git a/src/feature/relay/dns.h b/src/feature/relay/dns.h
index e445b2333..a2275c724 100644
--- a/src/feature/relay/dns.h
+++ b/src/feature/relay/dns.h
@@ -12,22 +12,9 @@
 #ifndef TOR_DNS_H
 #define TOR_DNS_H
 
-/** Lowest value for DNS ttl that a server will give. */
-#define MIN_DNS_TTL (5*60)
-/** Highest value for DNS ttl that a server will give. */
-#define MAX_DNS_TTL (60*60)
-
-/** How long do we keep DNS cache entries before purging them (regardless of
- * their TTL)? */
-#define MAX_DNS_ENTRY_AGE (3*60*60)
-/** How long do we cache/tell clients to cache DNS records when no TTL is
- * known? */
-#define DEFAULT_DNS_TTL (30*60)
-
 int dns_init(void);
 int has_dns_init_failed(void);
 void dns_free_all(void);
-uint32_t clip_dns_ttl(uint32_t ttl);
 int dns_reset(void);
 void connection_dns_remove(edge_connection_t *conn);
 void assert_connection_edge_not_dns_pending(edge_connection_t *conn);
@@ -74,4 +61,3 @@ launch_resolve,(cached_resolve_t *resolve));
 #endif /* defined(DNS_PRIVATE) */
 
 #endif /* !defined(TOR_DNS_H) */
-



