1 /* Copyright 2003-2004 Roger Dingledine.
2 * Copyright 2004-2006 Roger Dingledine, Nick Mathewson. */
3 /* See LICENSE for licensing information */
5 const char dns_c_id
[] =
10 * \brief Implements a local cache for DNS results for Tor servers.
11 * We provide two asynchronous backend implementations:
12 * 1) A farm of 'DNS worker' threads or processes to perform DNS lookups for
13 * onion routers and cache the results.
14 * 2) A wrapper around Adam Langley's eventdns.c code, to send requests
15 * to the nameservers asynchronously.
16 * (We can't just use gethostbyname() and friends because we really need to
21 #include "../common/ht.h"
26 /** Longest hostname we're willing to resolve. */
27 #define MAX_ADDRESSLEN 256
29 /** Maximum DNS processes to spawn. */
30 #define MAX_DNSWORKERS 100
31 /** Minimum DNS processes to spawn. */
32 #define MIN_DNSWORKERS 3
34 /** If more than this many processes are idle, shut down the extras. */
35 #define MAX_IDLE_DNSWORKERS 10
37 /** How long will we wait for an answer from the resolver before we decide
38 * that the resolver is wedged? */
39 #define RESOLVE_MAX_TIMEOUT 300
41 /** Possible outcomes from hostname lookup: permanent failure,
42 * transient (retryable) failure, and success. */
43 #define DNS_RESOLVE_FAILED_TRANSIENT 1
44 #define DNS_RESOLVE_FAILED_PERMANENT 2
45 #define DNS_RESOLVE_SUCCEEDED 3
48 /** How many dnsworkers we have running right now. */
49 static int num_dnsworkers
=0;
50 /** How many of the running dnsworkers have an assigned task right now. */
51 static int num_dnsworkers_busy
=0;
52 /** When did we last rotate the dnsworkers? */
53 static time_t last_rotation_time
=0;
55 /** Have we currently configured nameservers with eventdns? */
56 static int nameservers_configured
= 0;
57 /** What was the resolv_conf fname we last used when configuring the
58 * nameservers? Used to check whether we need to reconfigure. */
59 static char *resolv_conf_fname
= NULL
;
60 /** What was the mtime on the resolv.conf file we last used when configuring
61 * the nameservers? Used to check whether we need to reconfigure. */
62 static time_t resolv_conf_mtime
= 0;
65 /** Linked list of connections waiting for a DNS answer. */
66 typedef struct pending_connection_t
{
67 edge_connection_t
*conn
;
68 struct pending_connection_t
*next
;
69 } pending_connection_t
;
71 #define CACHED_RESOLVE_MAGIC 0x1234F00D
73 /* Possible states for a cached resolve_t */
74 /** We are waiting for the resolver system to tell us an answer here.
75 * When we get one, or when we time out, the state of this cached_resolve_t
76 * will become "DONE" and we'll possibly add a CACHED_VALID or a CACHED_FAILED
77 * entry. This cached_resolve_t will be in the hash table so that we will
78 * know not to launch more requests for this addr, but rather to add more
79 * connections to the pending list for the addr. */
80 #define CACHE_STATE_PENDING 0
81 /** This used to be a pending cached_resolve_t, and we got an answer for it.
82 * Now we're waiting for this cached_resolve_t to expire. This should
83 * have no pending connections, and should not appear in the hash table. */
84 #define CACHE_STATE_DONE 1
85 /** We are caching an answer for this address. This should have no pending
86 * connections, and should appear in the hash table. */
87 #define CACHE_STATE_CACHED_VALID 2
88 /** We are caching a failure for this address. This should have no pending
89 * connections, and should appear in the hash table */
90 #define CACHE_STATE_CACHED_FAILED 3
92 /** A DNS request: possibly completed, possibly pending; cached_resolve
93 * structs are stored at the OR side in a hash table, and as a linked
94 * list from oldest to newest.
96 typedef struct cached_resolve_t
{
97 HT_ENTRY(cached_resolve_t
) node
;
99 char address
[MAX_ADDRESSLEN
]; /**< The hostname to be resolved. */
101 uint32_t addr
; /**< IPv4 addr for <b>address</b>. */
102 char *hostname
; /**< Hostname for <b>address</b> (if a reverse lookup) */
104 uint8_t state
; /**< Is this cached entry pending/done/valid/failed? */
105 uint8_t is_reverse
; /**< Is this a reverse (addr-to-hostname) lookup? */
106 time_t expire
; /**< Remove items from cache after this time. */
107 uint32_t ttl
; /**< What TTL did the nameserver tell us? */
108 /** Connections that want to know when we get an answer for this resolve. */
109 pending_connection_t
*pending_connections
;
112 static void purge_expired_resolves(time_t now
);
113 static void dns_found_answer(const char *address
, int is_reverse
,
114 uint32_t addr
, const char *hostname
, char outcome
,
116 static void send_resolved_cell(edge_connection_t
*conn
, or_circuit_t
*circ
,
117 uint8_t answer_type
);
118 static int launch_resolve(edge_connection_t
*exitconn
, or_circuit_t
*circ
);
120 static void dnsworkers_rotate(void);
121 static void dnsworker_main(void *data
);
122 static int spawn_dnsworker(void);
123 static int spawn_enough_dnsworkers(void);
125 static int configure_nameservers(int force
);
126 static int answer_is_wildcarded(const char *ip
);
128 #ifdef DEBUG_DNS_CACHE
129 static void _assert_cache_ok(void);
130 #define assert_cache_ok() _assert_cache_ok()
132 #define assert_cache_ok() do {} while (0)
134 static void assert_resolve_ok(cached_resolve_t
*resolve
);
136 /** Hash table of cached_resolve objects. */
137 static HT_HEAD(cache_map
, cached_resolve_t
) cache_root
;
139 /** Function to compare hashed resolves on their addresses; used to
140 * implement hash tables. */
142 cached_resolves_eq(cached_resolve_t
*a
, cached_resolve_t
*b
)
144 /* make this smarter one day? */
145 assert_resolve_ok(a
); // Not b; b may be just a search.
146 return !strncmp(a
->address
, b
->address
, MAX_ADDRESSLEN
);
149 /** Hash function for cached_resolve objects */
150 static INLINE
unsigned int
151 cached_resolve_hash(cached_resolve_t
*a
)
153 return ht_string_hash(a
->address
);
156 HT_PROTOTYPE(cache_map
, cached_resolve_t
, node
, cached_resolve_hash
,
158 HT_GENERATE(cache_map
, cached_resolve_t
, node
, cached_resolve_hash
,
159 cached_resolves_eq
, 0.6, malloc
, realloc
, free
);
161 /** Initialize the DNS cache. */
165 HT_INIT(&cache_root
);
169 /** Helper: called by eventdns when eventdns wants to log something. */
171 evdns_log_cb(int warn
, const char *msg
)
173 if (!strcmpstart(msg
, "Resolve requested for") &&
174 get_options()->SafeLogging
) {
175 log(LOG_INFO
, LD_EXIT
, "eventdns: Resolve requested.");
177 } else if (!strcmpstart(msg
, "Search: ")) {
180 log(warn
?LOG_WARN
:LOG_INFO
, LD_EXIT
, "eventdns: %s", msg
);
184 /** Initialize the DNS subsystem; called by the OR process. */
190 if (server_mode(get_options()))
191 return configure_nameservers(1);
198 /** Called when DNS-related options change (or may have changed) */
203 or_options_t
*options
= get_options();
204 if (! server_mode(options
)) {
205 evdns_clear_nameservers_and_suspend();
206 evdns_search_clear();
207 nameservers_configured
= 0;
208 tor_free(resolv_conf_fname
);
209 resolv_conf_mtime
= 0;
211 if (configure_nameservers(0) < 0)
220 /** Helper: Given a TTL from a DNS response, determine what TTL to give the
221 * OP that asked us to resolve it. */
223 dns_clip_ttl(uint32_t ttl
)
225 if (ttl
< MIN_DNS_TTL
)
227 else if (ttl
> MAX_DNS_TTL
)
233 /** Helper: Given a TTL from a DNS response, determine how long to hold it in
236 dns_get_expiry_ttl(uint32_t ttl
)
238 if (ttl
< MIN_DNS_TTL
)
240 else if (ttl
> MAX_DNS_ENTRY_AGE
)
241 return MAX_DNS_ENTRY_AGE
;
246 /** Helper: free storage held by an entry in the DNS cache. */
248 _free_cached_resolve(cached_resolve_t
*r
)
250 while (r
->pending_connections
) {
251 pending_connection_t
*victim
= r
->pending_connections
;
252 r
->pending_connections
= victim
->next
;
256 tor_free(r
->result
.hostname
);
257 r
->magic
= 0xFF00FF00;
261 /** Compare two cached_resolve_t pointers by expiry time, and return
262 * less-than-zero, zero, or greater-than-zero as appropriate. Used for
263 * the priority queue implementation. */
265 _compare_cached_resolves_by_expiry(const void *_a
, const void *_b
)
267 const cached_resolve_t
*a
= _a
, *b
= _b
;
268 return a
->expire
- b
->expire
;
271 /** Priority queue of cached_resolve_t objects to let us know when they
273 static smartlist_t
*cached_resolve_pqueue
= NULL
;
275 /** Set an expiry time for a cached_resolve_t, and add it to the expiry
278 set_expiry(cached_resolve_t
*resolve
, time_t expires
)
280 tor_assert(resolve
&& resolve
->expire
== 0);
281 if (!cached_resolve_pqueue
)
282 cached_resolve_pqueue
= smartlist_create();
283 resolve
->expire
= expires
;
284 smartlist_pqueue_add(cached_resolve_pqueue
,
285 _compare_cached_resolves_by_expiry
,
289 /** Free all storage held in the DNS cache and related structures. */
293 cached_resolve_t
**ptr
, **next
, *item
;
294 for (ptr
= HT_START(cache_map
, &cache_root
); ptr
!= NULL
; ptr
= next
) {
296 next
= HT_NEXT_RMV(cache_map
, &cache_root
, ptr
);
297 _free_cached_resolve(item
);
299 HT_CLEAR(cache_map
, &cache_root
);
300 if (cached_resolve_pqueue
)
301 smartlist_free(cached_resolve_pqueue
);
302 cached_resolve_pqueue
= NULL
;
304 tor_free(resolv_conf_fname
);
308 /** Remove every cached_resolve whose <b>expire</b> time is before <b>now</b>
311 purge_expired_resolves(time_t now
)
313 cached_resolve_t
*resolve
, *removed
;
314 pending_connection_t
*pend
;
315 edge_connection_t
*pendconn
;
318 if (!cached_resolve_pqueue
)
321 while (smartlist_len(cached_resolve_pqueue
)) {
322 resolve
= smartlist_get(cached_resolve_pqueue
, 0);
323 if (resolve
->expire
> now
)
325 smartlist_pqueue_pop(cached_resolve_pqueue
,
326 _compare_cached_resolves_by_expiry
);
328 if (resolve
->state
== CACHE_STATE_PENDING
) {
330 "Expiring a dns resolve %s that's still pending. Forgot to "
331 "cull it? DNS resolve didn't tell us about the timeout?",
332 escaped_safe_str(resolve
->address
));
333 } else if (resolve
->state
== CACHE_STATE_CACHED_VALID
||
334 resolve
->state
== CACHE_STATE_CACHED_FAILED
) {
336 "Forgetting old cached resolve (address %s, expires %lu)",
337 escaped_safe_str(resolve
->address
),
338 (unsigned long)resolve
->expire
);
339 tor_assert(!resolve
->pending_connections
);
341 tor_assert(resolve
->state
== CACHE_STATE_DONE
);
342 tor_assert(!resolve
->pending_connections
);
345 if (resolve
->pending_connections
) {
347 "Closing pending connections on timed-out DNS resolve!");
348 tor_fragile_assert();
349 while (resolve
->pending_connections
) {
350 pend
= resolve
->pending_connections
;
351 resolve
->pending_connections
= pend
->next
;
352 /* Connections should only be pending if they have no socket. */
353 tor_assert(pend
->conn
->_base
.s
== -1);
354 pendconn
= pend
->conn
;
355 connection_edge_end(pendconn
, END_STREAM_REASON_TIMEOUT
,
356 pendconn
->cpath_layer
);
357 circuit_detach_stream(circuit_get_by_edge_conn(pendconn
), pendconn
);
358 connection_free(TO_CONN(pendconn
));
363 if (resolve
->state
== CACHE_STATE_CACHED_VALID
||
364 resolve
->state
== CACHE_STATE_CACHED_FAILED
||
365 resolve
->state
== CACHE_STATE_PENDING
) {
366 removed
= HT_REMOVE(cache_map
, &cache_root
, resolve
);
367 if (removed
!= resolve
) {
368 log_err(LD_BUG
, "The expired resolve we purged didn't match any in"
369 " the cache. Tried to purge %s (%p); instead got %s (%p).",
370 resolve
->address
, (void*)resolve
,
371 removed
? removed
->address
: "NULL", (void*)remove
);
373 tor_assert(removed
== resolve
);
374 if (resolve
->is_reverse
)
375 tor_free(resolve
->result
.hostname
);
376 resolve
->magic
= 0xF0BBF0BB;
379 /* This should be in state DONE. Make sure it's not in the cache. */
380 cached_resolve_t
*tmp
= HT_FIND(cache_map
, &cache_root
, resolve
);
381 tor_assert(tmp
!= resolve
);
388 /** Send a response to the RESOLVE request of a connection. answer_type must
389 * be one of RESOLVED_TYPE_(IPV4|ERROR|ERROR_TRANSIENT)
391 * If <b>circ</b> is provided, and we have a cached answer, send the
392 * answer back along circ; otherwise, send the answer back along *
393 * <b>exitconn</b>'s attached circuit.
396 send_resolved_cell(edge_connection_t
*conn
, or_circuit_t
*circ
,
399 char buf
[RELAY_PAYLOAD_SIZE
];
403 buf
[0] = answer_type
;
404 ttl
= dns_clip_ttl(conn
->address_ttl
);
408 case RESOLVED_TYPE_IPV4
:
410 set_uint32(buf
+2, htonl(conn
->_base
.addr
));
411 set_uint32(buf
+6, htonl(ttl
));
414 case RESOLVED_TYPE_ERROR_TRANSIENT
:
415 case RESOLVED_TYPE_ERROR
:
417 const char *errmsg
= "Error resolving hostname";
418 int msglen
= strlen(errmsg
);
421 strlcpy(buf
+2, errmsg
, sizeof(buf
)-2);
422 set_uint32(buf
+2+msglen
, htonl(ttl
));
430 // log_notice(LD_EXIT, "Sending a regular RESOLVED reply: ");
433 circuit_t
*tmp
= circuit_get_by_edge_conn(conn
);
434 if (! CIRCUIT_IS_ORIGIN(tmp
))
435 circ
= TO_OR_CIRCUIT(tmp
);
438 connection_edge_send_command(conn
, TO_CIRCUIT(circ
),
439 RELAY_COMMAND_RESOLVED
, buf
, buflen
,
443 /** Send a response to the RESOLVE request of a connection for an in-addr.arpa
444 * address on connection <b>conn</b> which yielded the result <b>hostname</b>.
445 * The answer type will be RESOLVED_HOSTNAME.
447 * If <b>circ</b> is provided, and we have a cached answer, send the
448 * answer back along circ; otherwise, send the answer back along
449 * <b>exitconn</b>'s attached circuit.
452 send_resolved_hostname_cell(edge_connection_t
*conn
, or_circuit_t
*circ
,
453 const char *hostname
)
455 char buf
[RELAY_PAYLOAD_SIZE
];
458 size_t namelen
= strlen(hostname
);
460 tor_assert(namelen
< 256);
461 ttl
= dns_clip_ttl(conn
->address_ttl
);
463 buf
[0] = RESOLVED_TYPE_HOSTNAME
;
464 buf
[1] = (uint8_t)namelen
;
465 memcpy(buf
+2, hostname
, namelen
);
466 set_uint32(buf
+2+namelen
, htonl(ttl
));
467 buflen
= 2+namelen
+4;
470 circuit_t
*tmp
= circuit_get_by_edge_conn(conn
);
471 if (! CIRCUIT_IS_ORIGIN(tmp
))
472 circ
= TO_OR_CIRCUIT(tmp
);
475 // log_notice(LD_EXIT, "Sending a reply RESOLVED reply: %s", hostname);
476 connection_edge_send_command(conn
, TO_CIRCUIT(circ
),
477 RELAY_COMMAND_RESOLVED
, buf
, buflen
,
479 // log_notice(LD_EXIT, "Sent");
482 /** Given a lower-case <b>address</b>, check to see whether it's a
483 * 1.2.3.4.in-addr.arpa address used for reverse lookups. If so,
484 * parse it and place the address in <b>in</b> if present. Return 1 on success;
485 * 0 if the address is not in in-addr.arpa format, and -1 if the address is
488 parse_inaddr_arpa_address(const char *address
, struct in_addr
*in
)
490 char buf
[INET_NTOA_BUF_LEN
];
493 struct in_addr inaddr
;
495 cp
= strstr(address
, ".in-addr.arpa");
496 if (!cp
|| *(cp
+strlen(".in-addr.arpa")))
497 return 0; /* not an .in-addr.arpa address */
501 if (len
>= INET_NTOA_BUF_LEN
)
502 return -1; /* Too long. */
504 memcpy(buf
, address
, len
);
506 if (tor_inet_aton(buf
, &inaddr
) == 0)
507 return -1; /* malformed. */
511 /* reverse the bytes */
512 a
= ( ((inaddr
.s_addr
& 0x000000fful
) << 24)
513 |((inaddr
.s_addr
& 0x0000ff00ul
) << 8)
514 |((inaddr
.s_addr
& 0x00ff0000ul
) >> 8)
515 |((inaddr
.s_addr
& 0xff000000ul
) >> 24));
518 memcpy(in
, &inaddr
, sizeof(inaddr
));
524 /** See if we have a cache entry for <b>exitconn</b>-\>address. if so,
525 * if resolve valid, put it into <b>exitconn</b>-\>addr and return 1.
526 * If resolve failed, unlink exitconn if needed, free it, and return -1.
528 * If <b>oncirc</b> is provided, and this is a resolve request, we have
529 * a cached answer, send the answer back along oncirc; otherwise, send
530 * the answer back along <b>exitconn</b>'s attached circuit.
532 * Else, if seen before and pending, add conn to the pending list,
535 * Else, if not seen before, add conn to pending list, hand to
536 * dns farm, and return 0.
539 dns_resolve(edge_connection_t
*exitconn
, or_circuit_t
*oncirc
)
541 cached_resolve_t
*resolve
;
542 cached_resolve_t search
;
543 pending_connection_t
*pending_connection
;
546 time_t now
= time(NULL
);
547 int is_reverse
= 0, is_resolve
, r
;
548 assert_connection_ok(TO_CONN(exitconn
), 0);
549 tor_assert(exitconn
->_base
.s
== -1);
553 is_resolve
= exitconn
->_base
.purpose
== EXIT_PURPOSE_RESOLVE
;
555 /* first check if exitconn->_base.address is an IP. If so, we already
556 * know the answer. */
557 if (tor_inet_aton(exitconn
->_base
.address
, &in
) != 0) {
558 exitconn
->_base
.addr
= ntohl(in
.s_addr
);
559 exitconn
->address_ttl
= DEFAULT_DNS_TTL
;
561 send_resolved_cell(exitconn
, oncirc
, RESOLVED_TYPE_IPV4
);
565 /* then take this opportunity to see if there are any expired
566 * resolves in the hash table. */
567 purge_expired_resolves(now
);
569 /* lower-case exitconn->_base.address, so it's in canonical form */
570 tor_strlower(exitconn
->_base
.address
);
572 /* Check whether this is a reverse lookup. If it's malformed, or it's a
573 * .in-addr.arpa address but this isn't a resolve request, kill the
576 if ((r
= parse_inaddr_arpa_address(exitconn
->_base
.address
, NULL
)) != 0) {
581 if (!is_reverse
|| !is_resolve
) {
583 log_info(LD_EXIT
, "Bad .in-addr.arpa address \"%s\"; sending error.",
584 escaped_safe_str(exitconn
->_base
.address
));
585 else if (!is_resolve
)
587 "Attempt to connect to a .in-addr.arpa address \"%s\"; "
589 escaped_safe_str(exitconn
->_base
.address
));
592 log_info(LD_PROTOCOL
, "Dnsworker code does not support in-addr.arpa "
593 "domain, but received a request for \"%s\"; sending error.",
594 escaped_safe_str(exitconn
->_base
.address
));
597 if (exitconn
->_base
.purpose
== EXIT_PURPOSE_RESOLVE
)
598 send_resolved_cell(exitconn
, oncirc
, RESOLVED_TYPE_ERROR
);
599 circ
= circuit_get_by_edge_conn(exitconn
);
601 circuit_detach_stream(circ
, exitconn
);
602 if (!exitconn
->_base
.marked_for_close
)
603 connection_free(TO_CONN(exitconn
));
606 //log_notice(LD_EXIT, "Looks like an address %s",
607 //exitconn->_base.address);
610 /* now check the hash table to see if 'address' is already there. */
611 strlcpy(search
.address
, exitconn
->_base
.address
, sizeof(search
.address
));
612 resolve
= HT_FIND(cache_map
, &cache_root
, &search
);
613 if (resolve
&& resolve
->expire
> now
) { /* already there */
614 switch (resolve
->state
) {
615 case CACHE_STATE_PENDING
:
616 /* add us to the pending list */
617 pending_connection
= tor_malloc_zero(
618 sizeof(pending_connection_t
));
619 pending_connection
->conn
= exitconn
;
620 pending_connection
->next
= resolve
->pending_connections
;
621 resolve
->pending_connections
= pending_connection
;
622 log_debug(LD_EXIT
,"Connection (fd %d) waiting for pending DNS "
623 "resolve of %s", exitconn
->_base
.s
,
624 escaped_safe_str(exitconn
->_base
.address
));
625 exitconn
->_base
.state
= EXIT_CONN_STATE_RESOLVING
;
627 case CACHE_STATE_CACHED_VALID
:
628 log_debug(LD_EXIT
,"Connection (fd %d) found cached answer for %s",
630 escaped_safe_str(resolve
->address
));
631 exitconn
->address_ttl
= resolve
->ttl
;
632 if (resolve
->is_reverse
) {
633 tor_assert(is_resolve
);
634 send_resolved_hostname_cell(exitconn
, oncirc
,
635 resolve
->result
.hostname
);
637 exitconn
->_base
.addr
= resolve
->result
.addr
;
639 send_resolved_cell(exitconn
, oncirc
, RESOLVED_TYPE_IPV4
);
642 case CACHE_STATE_CACHED_FAILED
:
643 log_debug(LD_EXIT
,"Connection (fd %d) found cached error for %s",
645 escaped_safe_str(exitconn
->_base
.address
));
646 /* XXXX send back indication of failure for connect case? -NM*/
648 send_resolved_cell(exitconn
, oncirc
, RESOLVED_TYPE_ERROR
);
649 circ
= circuit_get_by_edge_conn(exitconn
);
651 circuit_detach_stream(circ
, exitconn
);
652 if (!exitconn
->_base
.marked_for_close
)
653 connection_free(TO_CONN(exitconn
));
655 case CACHE_STATE_DONE
:
656 log_err(LD_BUG
, "Found a 'DONE' dns resolve still in the cache.");
657 tor_fragile_assert();
661 /* not there, need to add it */
662 resolve
= tor_malloc_zero(sizeof(cached_resolve_t
));
663 resolve
->magic
= CACHED_RESOLVE_MAGIC
;
664 resolve
->state
= CACHE_STATE_PENDING
;
665 resolve
->is_reverse
= is_reverse
;
666 strlcpy(resolve
->address
, exitconn
->_base
.address
, sizeof(resolve
->address
));
668 /* add this connection to the pending list */
669 pending_connection
= tor_malloc_zero(sizeof(pending_connection_t
));
670 pending_connection
->conn
= exitconn
;
671 resolve
->pending_connections
= pending_connection
;
672 exitconn
->_base
.state
= EXIT_CONN_STATE_RESOLVING
;
674 /* Add this resolve to the cache and priority queue. */
675 HT_INSERT(cache_map
, &cache_root
, resolve
);
676 set_expiry(resolve
, now
+ RESOLVE_MAX_TIMEOUT
);
678 log_debug(LD_EXIT
,"Launching %s.",
679 escaped_safe_str(exitconn
->_base
.address
));
681 return launch_resolve(exitconn
, oncirc
);
684 /** Log an error and abort if conn is waiting for a DNS resolve.
687 assert_connection_edge_not_dns_pending(edge_connection_t
*conn
)
689 pending_connection_t
*pend
;
690 cached_resolve_t
**resolve
;
692 HT_FOREACH(resolve
, cache_map
, &cache_root
) {
693 for (pend
= (*resolve
)->pending_connections
;
696 tor_assert(pend
->conn
!= conn
);
701 /** Log an error and abort if any connection waiting for a DNS resolve is
704 assert_all_pending_dns_resolves_ok(void)
706 pending_connection_t
*pend
;
707 cached_resolve_t
**resolve
;
709 HT_FOREACH(resolve
, cache_map
, &cache_root
) {
710 for (pend
= (*resolve
)->pending_connections
;
713 assert_connection_ok(TO_CONN(pend
->conn
), 0);
714 tor_assert(pend
->conn
->_base
.s
== -1);
715 tor_assert(!connection_in_array(TO_CONN(pend
->conn
)));
720 /** Remove <b>conn</b> from the list of connections waiting for conn-\>address.
723 connection_dns_remove(edge_connection_t
*conn
)
725 pending_connection_t
*pend
, *victim
;
726 cached_resolve_t search
;
727 cached_resolve_t
*resolve
;
729 tor_assert(conn
->_base
.type
== CONN_TYPE_EXIT
);
730 tor_assert(conn
->_base
.state
== EXIT_CONN_STATE_RESOLVING
);
732 strlcpy(search
.address
, conn
->_base
.address
, sizeof(search
.address
));
734 resolve
= HT_FIND(cache_map
, &cache_root
, &search
);
736 log_notice(LD_BUG
, "Address %s is not pending. Dropping.",
737 escaped_safe_str(conn
->_base
.address
));
741 tor_assert(resolve
->pending_connections
);
742 assert_connection_ok(TO_CONN(conn
),0);
744 pend
= resolve
->pending_connections
;
746 if (pend
->conn
== conn
) {
747 resolve
->pending_connections
= pend
->next
;
749 log_debug(LD_EXIT
, "First connection (fd %d) no longer waiting "
751 conn
->_base
.s
, escaped_safe_str(conn
->_base
.address
));
754 for ( ; pend
->next
; pend
= pend
->next
) {
755 if (pend
->next
->conn
== conn
) {
757 pend
->next
= victim
->next
;
760 "Connection (fd %d) no longer waiting for resolve of %s",
761 conn
->_base
.s
, escaped_safe_str(conn
->_base
.address
));
762 return; /* more are pending */
765 tor_assert(0); /* not reachable unless onlyconn not in pending list */
769 /** Mark all connections waiting for <b>address</b> for close. Then cancel
770 * the resolve for <b>address</b> itself, and remove any cached results for
771 * <b>address</b> from the cache.
774 dns_cancel_pending_resolve(const char *address
)
776 pending_connection_t
*pend
;
777 cached_resolve_t search
;
778 cached_resolve_t
*resolve
, *tmp
;
779 edge_connection_t
*pendconn
;
782 strlcpy(search
.address
, address
, sizeof(search
.address
));
784 resolve
= HT_FIND(cache_map
, &cache_root
, &search
);
785 if (!resolve
|| resolve
->state
!= CACHE_STATE_PENDING
) {
786 log_notice(LD_BUG
,"Address %s is not pending. Dropping.",
787 escaped_safe_str(address
));
791 if (!resolve
->pending_connections
) {
792 /* XXX this should never trigger, but sometimes it does */
794 "Bug: Address %s is pending but has no pending connections!",
795 escaped_safe_str(address
));
796 tor_fragile_assert();
799 tor_assert(resolve
->pending_connections
);
801 /* mark all pending connections to fail */
803 "Failing all connections waiting on DNS resolve of %s",
804 escaped_safe_str(address
));
805 while (resolve
->pending_connections
) {
806 pend
= resolve
->pending_connections
;
807 pend
->conn
->_base
.state
= EXIT_CONN_STATE_RESOLVEFAILED
;
808 pendconn
= pend
->conn
;
809 assert_connection_ok(TO_CONN(pendconn
), 0);
810 tor_assert(pendconn
->_base
.s
== -1);
811 if (!pendconn
->_base
.marked_for_close
) {
812 connection_edge_end(pendconn
, END_STREAM_REASON_RESOURCELIMIT
,
813 pendconn
->cpath_layer
);
815 circ
= circuit_get_by_edge_conn(pendconn
);
817 circuit_detach_stream(circ
, pendconn
);
818 connection_free(TO_CONN(pendconn
));
819 resolve
->pending_connections
= pend
->next
;
823 tmp
= HT_REMOVE(cache_map
, &cache_root
, resolve
);
824 if (tmp
!= resolve
) {
825 log_err(LD_BUG
, "The cancelled resolve we purged didn't match any in"
826 " the cache. Tried to purge %s (%p); instead got %s (%p).",
827 resolve
->address
, (void*)resolve
,
828 tmp
? tmp
->address
: "NULL", (void*)tmp
);
830 tor_assert(tmp
== resolve
);
832 resolve
->state
= CACHE_STATE_DONE
;
835 /** Helper: adds an entry to the DNS cache mapping <b>address</b> to the ipv4
836 * address <b>addr</b> (if is_reverse is 0) or the hostname <b>hostname</b> (if
837 * is_reverse is 1). <b>ttl</b> is a cache ttl; <b>outcome</b> is one of
838 * DNS_RESOLVE_{FAILED_TRANSIENT|FAILED_PERMANENT|SUCCEEDED}.
841 add_answer_to_cache(const char *address
, int is_reverse
, uint32_t addr
,
842 const char *hostname
, char outcome
, uint32_t ttl
)
844 cached_resolve_t
*resolve
;
845 if (outcome
== DNS_RESOLVE_FAILED_TRANSIENT
)
848 /* XXX This is dumb, but it seems to workaround a bug I can't find. We
849 * should nail this so we can cache reverse DNS answers. -NM */
853 //log_notice(LD_EXIT, "Adding to cache: %s -> %s (%lx, %s), %d",
854 // address, is_reverse?"(reverse)":"", (unsigned long)addr,
855 // hostname?hostname:"NULL",(int)outcome);
857 resolve
= tor_malloc_zero(sizeof(cached_resolve_t
));
858 resolve
->magic
= CACHED_RESOLVE_MAGIC
;
859 resolve
->state
= (outcome
== DNS_RESOLVE_SUCCEEDED
) ?
860 CACHE_STATE_CACHED_VALID
: CACHE_STATE_CACHED_FAILED
;
861 strlcpy(resolve
->address
, address
, sizeof(resolve
->address
));
862 resolve
->is_reverse
= is_reverse
;
864 if (outcome
== DNS_RESOLVE_SUCCEEDED
) {
865 tor_assert(hostname
);
866 resolve
->result
.hostname
= tor_strdup(hostname
);
868 tor_assert(! hostname
);
869 resolve
->result
.hostname
= NULL
;
872 tor_assert(!hostname
);
873 resolve
->result
.addr
= addr
;
876 assert_resolve_ok(resolve
);
877 HT_INSERT(cache_map
, &cache_root
, resolve
);
878 set_expiry(resolve
, time(NULL
) + dns_get_expiry_ttl(ttl
));
881 /** Called on the OR side when a DNS worker or the eventdns library tells us
882 * the outcome of a DNS resolve: tell all pending connections about the result
883 * of the lookup, and cache the value. (<b>address</b> is a NUL-terminated
884 * string containing the address to look up; <b>addr</b> is an IPv4 address in
885 * host order; <b>outcome</b> is one of
886 * DNS_RESOLVE_{FAILED_TRANSIENT|FAILED_PERMANENT|SUCCEEDED}.
889 dns_found_answer(const char *address
, int is_reverse
, uint32_t addr
,
890 const char *hostname
, char outcome
, uint32_t ttl
)
892 pending_connection_t
*pend
;
893 cached_resolve_t search
;
894 cached_resolve_t
*resolve
, *removed
;
895 edge_connection_t
*pendconn
;
900 strlcpy(search
.address
, address
, sizeof(search
.address
));
902 resolve
= HT_FIND(cache_map
, &cache_root
, &search
);
904 log_info(LD_EXIT
,"Resolved unasked address %s; caching anyway.",
905 escaped_safe_str(address
));
906 add_answer_to_cache(address
, is_reverse
, addr
, hostname
, outcome
, ttl
);
909 assert_resolve_ok(resolve
);
911 if (resolve
->state
!= CACHE_STATE_PENDING
) {
912 /* XXXX Maybe update addr? or check addr for consistency? Or let
913 * VALID replace FAILED? */
914 log_notice(LD_EXIT
, "Resolved %s which was already resolved; ignoring",
915 escaped_safe_str(address
));
916 tor_assert(resolve
->pending_connections
== NULL
);
919 /* Removed this assertion: in fact, we'll sometimes get a double answer
920 * to the same question. This can happen when we ask one worker to resolve
921 * X.Y.Z., then we cancel the request, and then we ask another worker to
923 /* tor_assert(resolve->state == CACHE_STATE_PENDING); */
925 while (resolve
->pending_connections
) {
926 pend
= resolve
->pending_connections
;
927 pendconn
= pend
->conn
; /* don't pass complex things to the
928 connection_mark_for_close macro */
929 assert_connection_ok(TO_CONN(pendconn
),time(NULL
));
930 pendconn
->_base
.addr
= addr
;
931 pendconn
->address_ttl
= ttl
;
933 if (outcome
!= DNS_RESOLVE_SUCCEEDED
) {
934 /* prevent double-remove. */
935 pendconn
->_base
.state
= EXIT_CONN_STATE_RESOLVEFAILED
;
936 if (pendconn
->_base
.purpose
== EXIT_PURPOSE_CONNECT
) {
937 connection_edge_end(pendconn
, END_STREAM_REASON_RESOLVEFAILED
,
938 pendconn
->cpath_layer
);
939 /* This detach must happen after we send the end cell. */
940 circuit_detach_stream(circuit_get_by_edge_conn(pendconn
), pendconn
);
942 send_resolved_cell(pendconn
, NULL
, RESOLVED_TYPE_ERROR
);
943 /* This detach must happen after we send the resolved cell. */
944 circuit_detach_stream(circuit_get_by_edge_conn(pendconn
), pendconn
);
946 connection_free(TO_CONN(pendconn
));
948 if (pendconn
->_base
.purpose
== EXIT_PURPOSE_CONNECT
) {
949 tor_assert(!is_reverse
);
950 /* prevent double-remove. */
951 pend
->conn
->_base
.state
= EXIT_CONN_STATE_CONNECTING
;
953 circ
= circuit_get_by_edge_conn(pend
->conn
);
955 tor_assert(!CIRCUIT_IS_ORIGIN(circ
));
956 /* unlink pend->conn from resolving_streams, */
957 circuit_detach_stream(circ
, pend
->conn
);
958 /* and link it to n_streams */
959 pend
->conn
->next_stream
= TO_OR_CIRCUIT(circ
)->n_streams
;
960 pend
->conn
->on_circuit
= circ
;
961 TO_OR_CIRCUIT(circ
)->n_streams
= pend
->conn
;
963 connection_exit_connect(pend
->conn
);
965 /* prevent double-remove. This isn't really an accurate state,
966 * but it does the right thing. */
967 pendconn
->_base
.state
= EXIT_CONN_STATE_RESOLVEFAILED
;
969 send_resolved_hostname_cell(pendconn
, NULL
, hostname
);
971 send_resolved_cell(pendconn
, NULL
, RESOLVED_TYPE_IPV4
);
972 circ
= circuit_get_by_edge_conn(pendconn
);
974 circuit_detach_stream(circ
, pendconn
);
975 connection_free(TO_CONN(pendconn
));
978 resolve
->pending_connections
= pend
->next
;
982 resolve
->state
= CACHE_STATE_DONE
;
983 removed
= HT_REMOVE(cache_map
, &cache_root
, &search
);
984 if (removed
!= resolve
) {
985 log_err(LD_BUG
, "The pending resolve we found wasn't removable from"
986 " the cache. Tried to purge %s (%p); instead got %s (%p).",
987 resolve
->address
, (void*)resolve
,
988 removed
? removed
->address
: "NULL", (void*)removed
);
990 assert_resolve_ok(resolve
);
993 add_answer_to_cache(address
, is_reverse
, addr
, hostname
, outcome
, ttl
);
998 /** Find or spawn a dns worker process to handle resolving
999 * <b>exitconn</b>-\>address; tell that dns worker to begin resolving.
1002 launch_resolve(edge_connection_t
*exitconn
, or_circuit_t
*circ
)
1004 connection_t
*dnsconn
;
1007 tor_assert(exitconn
->_base
.state
== EXIT_CONN_STATE_RESOLVING
);
1008 assert_connection_ok(TO_CONN(exitconn
), 0);
1009 tor_assert(exitconn
->_base
.s
== -1);
1011 /* respawn here, to be sure there are enough */
1012 if (spawn_enough_dnsworkers() < 0) {
1016 dnsconn
= connection_get_by_type_state(CONN_TYPE_DNSWORKER
,
1017 DNSWORKER_STATE_IDLE
);
1020 log_warn(LD_EXIT
,"no idle dns workers. Failing.");
1021 if (exitconn
->_base
.purpose
== EXIT_PURPOSE_RESOLVE
)
1022 send_resolved_cell(exitconn
, circ
, RESOLVED_TYPE_ERROR_TRANSIENT
);
1027 "Connection (fd %d) needs to resolve %s; assigning "
1028 "to DNSWorker (fd %d)", exitconn
->_base
.s
,
1029 escaped_safe_str(exitconn
->_base
.address
), dnsconn
->s
);
1031 tor_free(dnsconn
->address
);
1032 dnsconn
->address
= tor_strdup(exitconn
->_base
.address
);
1033 dnsconn
->state
= DNSWORKER_STATE_BUSY
;
1034 /* touch the lastwritten timestamp, since that's how we check to
1035 * see how long it's been since we asked the question, and sometimes
1036 * we check before the first call to connection_handle_write(). */
1037 dnsconn
->timestamp_lastwritten
= time(NULL
);
1038 num_dnsworkers_busy
++;
1040 len
= strlen(dnsconn
->address
);
1041 connection_write_to_buf((char*)&len
, 1, dnsconn
);
1042 connection_write_to_buf(dnsconn
->address
, len
, dnsconn
);
1046 /* also sends end and frees */
1047 dns_cancel_pending_resolve(exitconn
->_base
.address
);
1051 /******************************************************************/
1054 * Connection between OR and dnsworker
1057 /** Write handler: called when we've pushed a request to a dnsworker. */
1059 connection_dns_finished_flushing(connection_t
*conn
)
1062 tor_assert(conn
->type
== CONN_TYPE_DNSWORKER
);
1063 connection_stop_writing(conn
);
1067 /** Called when a connection to a dnsworker hits an EOF; this only happens
1068 * when a dnsworker dies unexpectedly. */
1070 connection_dns_reached_eof(connection_t
*conn
)
1072 log_warn(LD_EXIT
,"Read eof. DNS worker died unexpectedly.");
1073 if (conn
->state
== DNSWORKER_STATE_BUSY
) {
1074 /* don't cancel the resolve here -- it would be cancelled in
1075 * connection_about_to_close_connection(), since conn is still
1078 num_dnsworkers_busy
--;
1081 connection_mark_for_close(conn
);
1085 /** Read handler: called when we get data from a dnsworker. See
1086 * if we have a complete answer. If so, call dns_found_answer on the
1087 * result. If not, wait. Returns 0. */
1089 connection_dns_process_inbuf(connection_t
*conn
)
1096 tor_assert(conn
->type
== CONN_TYPE_DNSWORKER
);
1098 if (conn
->state
!= DNSWORKER_STATE_BUSY
&& buf_datalen(conn
->inbuf
)) {
1100 "Bug: read data (%d bytes) from an idle dns worker (fd %d, "
1101 "address %s). Please report.", (int)buf_datalen(conn
->inbuf
),
1102 conn
->s
, escaped_safe_str(conn
->address
));
1103 tor_fragile_assert();
1105 /* Pull it off the buffer anyway, or it will just stay there.
1106 * Keep pulling things off because sometimes we get several
1107 * answers at once (!). */
1108 while (buf_datalen(conn
->inbuf
)) {
1109 connection_fetch_from_buf(&success
,1,conn
);
1110 connection_fetch_from_buf((char *)&addr
,sizeof(uint32_t),conn
);
1111 log_warn(LD_EXIT
,"Discarding idle dns answer (success %d, addr %d.)",
1116 if (buf_datalen(conn
->inbuf
) < 5) /* entire answer available? */
1117 return 0; /* not yet */
1118 tor_assert(conn
->state
== DNSWORKER_STATE_BUSY
);
1119 tor_assert(buf_datalen(conn
->inbuf
) == 5);
1121 connection_fetch_from_buf(&success
,1,conn
);
1122 connection_fetch_from_buf((char *)&addr
,sizeof(uint32_t),conn
);
1124 log_debug(LD_EXIT
, "DNSWorker (fd %d) returned answer for %s",
1125 conn
->s
, escaped_safe_str(conn
->address
));
1127 tor_assert(success
>= DNS_RESOLVE_FAILED_TRANSIENT
);
1128 tor_assert(success
<= DNS_RESOLVE_SUCCEEDED
);
1130 ttl
= (success
== DNS_RESOLVE_FAILED_TRANSIENT
) ? 0 : MAX_DNS_ENTRY_AGE
;
1131 dns_found_answer(conn
->address
, 0, ntohl(addr
), NULL
, success
, ttl
);
1133 tor_free(conn
->address
);
1134 conn
->address
= tor_strdup("<idle>");
1135 conn
->state
= DNSWORKER_STATE_IDLE
;
1136 num_dnsworkers_busy
--;
1137 if (conn
->timestamp_created
< last_rotation_time
) {
1138 connection_mark_for_close(conn
);
1140 spawn_enough_dnsworkers();
1145 /** Close and re-open all idle dnsworkers; schedule busy ones to be closed
1146 * and re-opened once they're no longer busy.
1149 dnsworkers_rotate(void)
1151 connection_t
*dnsconn
;
1152 while ((dnsconn
= connection_get_by_type_state(CONN_TYPE_DNSWORKER
,
1153 DNSWORKER_STATE_IDLE
))) {
1154 connection_mark_for_close(dnsconn
);
1157 last_rotation_time
= time(NULL
);
1158 if (server_mode(get_options()))
1159 spawn_enough_dnsworkers();
1162 /** Implementation for DNS workers; this code runs in a separate
1163 * execution context. It takes as its argument an fdarray as returned
1164 * by socketpair(), and communicates via fdarray[1]. The protocol is
1167 * - ADDRESSLEN [1 byte]
1168 * - ADDRESS [ADDRESSLEN bytes]
1169 * - The DNS worker does the lookup, and replies:
1170 * - OUTCOME [1 byte]
1173 * OUTCOME is one of DNS_RESOLVE_{FAILED_TRANSIENT|FAILED_PERMANENT|SUCCEEDED}.
1174 * IP is in host order.
1176 * The dnsworker runs indefinitely, until its connection is closed or an error
1180 dnsworker_main(void *data
)
1182 char address
[MAX_ADDRESSLEN
+1]; /* Plus a byte for a final '.' */
1183 unsigned char address_len
;
1187 int *fdarray
= data
;
1190 int search
= get_options()->ServerDNSSearchDomains
;
1192 /* log_fn(LOG_NOTICE,"After spawn: fdarray @%d has %d:%d", (int)fdarray,
1193 * fdarray[0],fdarray[1]); */
1195 fd
= fdarray
[1]; /* this side is ours */
1196 #ifndef TOR_IS_MULTITHREADED
1197 tor_close_socket(fdarray
[0]); /* this is the side of the socketpair the
1199 tor_free_all(1); /* so the child doesn't hold the parent's fd's open */
1200 handle_signals(0); /* ignore interrupts from the keyboard, etc */
1207 if ((r
= recv(fd
, &address_len
, 1, 0)) != 1) {
1209 log_info(LD_EXIT
,"DNS worker exiting because Tor process closed "
1210 "connection (either pruned idle dnsworker or died).");
1212 log_info(LD_EXIT
,"DNS worker exiting because of error on connection "
1214 log_info(LD_EXIT
,"(Error on %d was %s)", fd
,
1215 tor_socket_strerror(tor_socket_errno(fd
)));
1217 tor_close_socket(fd
);
1218 crypto_thread_cleanup();
1222 if (address_len
&& read_all(fd
, address
, address_len
, 1) != address_len
) {
1223 log_err(LD_BUG
,"read hostname failed. Child exiting.");
1224 tor_close_socket(fd
);
1225 crypto_thread_cleanup();
1228 /* Add a period to prevent local domain search, and NUL-terminate. */
1229 if (address
[address_len
-1] != '.' && !search
) {
1230 address
[address_len
] = '.';
1231 address
[address_len
+1] = '\0';
1233 address
[address_len
] = '\0';
1236 log_address
= esc_for_log(safe_str(address
));
1237 result
= tor_lookup_hostname(address
, &ip
);
1238 /* Make 0.0.0.0 an error, so that we can use "0" to mean "no addr") */
1243 /* XXX result can never be 1, because we set it to -1 above on error */
1244 log_info(LD_NET
,"Could not resolve dest addr %s (transient)",
1246 answer
[0] = DNS_RESOLVE_FAILED_TRANSIENT
;
1249 log_info(LD_NET
,"Could not resolve dest addr %s (permanent)",
1251 answer
[0] = DNS_RESOLVE_FAILED_PERMANENT
;
1254 log_info(LD_NET
,"Resolved address %s", log_address
);
1255 answer
[0] = DNS_RESOLVE_SUCCEEDED
;
1258 tor_free(log_address
);
1259 set_uint32(answer
+1, ip
);
1260 if (write_all(fd
, answer
, 5, 1) != 5) {
1261 log_err(LD_NET
,"writing answer failed. Child exiting.");
1262 tor_close_socket(fd
);
1263 crypto_thread_cleanup();
1269 /** Launch a new DNS worker; return 0 on success, -1 on failure.
1272 spawn_dnsworker(void)
1279 fdarray
= tor_malloc(sizeof(int)*2);
1280 if ((err
= tor_socketpair(AF_UNIX
, SOCK_STREAM
, 0, fdarray
)) < 0) {
1281 log_warn(LD_NET
, "Couldn't construct socketpair for dns worker: %s",
1282 tor_socket_strerror(-err
));
1287 tor_assert(fdarray
[0] >= 0);
1288 tor_assert(fdarray
[1] >= 0);
1290 /* log_fn(LOG_NOTICE,"Before spawn: fdarray @%d has %d:%d",
1291 (int)fdarray, fdarray[0],fdarray[1]); */
1293 fd
= fdarray
[0]; /* We copy this out here, since dnsworker_main may free
1295 spawn_func((void*) dnsworker_main
, (void*)fdarray
);
1296 log_debug(LD_EXIT
,"just spawned a dns worker.");
1297 #ifndef TOR_IS_MULTITHREADED
1298 tor_close_socket(fdarray
[1]); /* don't need the worker's side of the pipe */
1302 conn
= connection_new(CONN_TYPE_DNSWORKER
);
1304 set_socket_nonblocking(fd
);
1306 /* set up conn so it's got all the data we need to remember */
1308 conn
->address
= tor_strdup("<unused>");
1310 if (connection_add(conn
) < 0) { /* no space, forget it */
1311 log_warn(LD_NET
,"connection_add for dnsworker failed. Giving up.");
1312 connection_free(conn
); /* this closes fd */
1316 conn
->state
= DNSWORKER_STATE_IDLE
;
1317 connection_start_reading(conn
);
1319 return 0; /* success */
1322 /** If we have too many or too few DNS workers, spawn or kill some.
1323 * Return 0 if we are happy, return -1 if we tried to spawn more but
1327 spawn_enough_dnsworkers(void)
1329 int num_dnsworkers_needed
; /* aim to have 1 more than needed,
1330 * but no less than min and no more than max */
1331 connection_t
*dnsconn
;
1333 /* XXX This may not be the best strategy. Maybe we should queue pending
1334 * requests until the old ones finish or time out: otherwise, if the
1335 * connection requests come fast enough, we never get any DNS done. -NM
1337 * XXX But if we queue them, then the adversary can pile even more
1338 * queries onto us, blocking legitimate requests for even longer. Maybe
1339 * we should compromise and only kill if it's been at it for more than,
1340 * e.g., 2 seconds. -RD
1342 if (num_dnsworkers_busy
== MAX_DNSWORKERS
) {
1343 /* We always want at least one worker idle.
1344 * So find the oldest busy worker and kill it.
1346 dnsconn
= connection_get_by_type_state_lastwritten(CONN_TYPE_DNSWORKER
,
1347 DNSWORKER_STATE_BUSY
);
1348 tor_assert(dnsconn
);
1350 log_warn(LD_EXIT
, "%d DNS workers are spawned; all are busy. Killing one.",
1353 connection_mark_for_close(dnsconn
);
1354 num_dnsworkers_busy
--;
1358 if (num_dnsworkers_busy
>= MIN_DNSWORKERS
)
1359 num_dnsworkers_needed
= num_dnsworkers_busy
+1;
1361 num_dnsworkers_needed
= MIN_DNSWORKERS
;
1363 while (num_dnsworkers
< num_dnsworkers_needed
) {
1364 if (spawn_dnsworker() < 0) {
1365 log_warn(LD_EXIT
,"DNS worker spawn failed. Will try again later.");
1371 while (num_dnsworkers
> num_dnsworkers_busy
+MAX_IDLE_DNSWORKERS
) {
1372 /* too many idle? */
1373 /* cull excess workers */
1374 log_info(LD_EXIT
,"%d of %d dnsworkers are idle. Killing one.",
1375 num_dnsworkers
-num_dnsworkers_busy
, num_dnsworkers
);
1376 dnsconn
= connection_get_by_type_state(CONN_TYPE_DNSWORKER
,
1377 DNSWORKER_STATE_IDLE
);
1378 tor_assert(dnsconn
);
1379 connection_mark_for_close(dnsconn
);
1387 dns_launch_wildcard_checks(void)
1390 #else /* !USE_EVENTDNS */
1392 /** Eventdns helper: return true iff the eventdns result <b>err</b> is
1393 * a transient failure. */
1395 evdns_err_is_transient(int err
)
1399 case DNS_ERR_SERVERFAILED
:
1400 case DNS_ERR_TRUNCATED
:
1401 case DNS_ERR_TIMEOUT
:
1407 /* Dummy function; never called with eventdns enabled. */
1409 connection_dns_finished_flushing(connection_t
*conn
)
1415 /* Dummy function; never called with eventdns enabled. */
1417 connection_dns_process_inbuf(connection_t
*conn
)
1423 /* Dummy function; never called with eventdns enabled. */
1425 connection_dns_reached_eof(connection_t
*conn
)
1432 /** Configure eventdns nameservers if force is true, or if the configuration
1433 * has changed since the last time we called this function. On Unix, this
1434 * reads from options->ServerDNSResolvConfFile or /etc/resolv.conf; on
1435 * Windows, this reads from options->ServerDNSResolvConfFile or the registry.
1436 * Return 0 on success or -1 on failure. */
1438 configure_nameservers(int force
)
1440 or_options_t
*options
;
1441 const char *conf_fname
;
1443 options
= get_options();
1444 conf_fname
= options
->ServerDNSResolvConfFile
;
1447 conf_fname
= "/etc/resolv.conf";
1450 evdns_set_log_fn(evdns_log_cb
);
1452 if (stat(conf_fname
, &st
)) {
1453 log_warn(LD_EXIT
, "Unable to stat resolver configuration in '%s'",
1457 if (!force
&& resolv_conf_fname
&& !strcmp(conf_fname
,resolv_conf_fname
)
1458 && st
.st_mtime
== resolv_conf_mtime
) {
1459 log_info(LD_EXIT
, "No change to '%s'", conf_fname
);
1462 if (nameservers_configured
) {
1463 evdns_search_clear();
1464 evdns_clear_nameservers_and_suspend();
1466 log_info(LD_EXIT
, "Parsing resolver configuration in '%s'", conf_fname
);
1467 if (evdns_resolv_conf_parse(DNS_OPTIONS_ALL
, conf_fname
))
1469 if (evdns_count_nameservers() == 0) {
1470 log_warn(LD_EXIT
, "Unable to find any nameservers in '%s'.", conf_fname
);
1473 tor_free(resolv_conf_fname
);
1474 resolv_conf_fname
= tor_strdup(conf_fname
);
1475 resolv_conf_mtime
= st
.st_mtime
;
1476 if (nameservers_configured
)
1481 if (nameservers_configured
) {
1482 evdns_search_clear();
1483 evdns_clear_nameservers_and_suspend();
1485 if (evdns_config_windows_nameservers()) {
1486 log_warn(LD_EXIT
,"Could not config nameservers.");
1489 if (evdns_count_nameservers() == 0) {
1490 log_warn(LD_EXIT
, "Unable to find any platform nameservers in "
1491 "your Windows configuration. Perhaps you should list a "
1492 "ServerDNSResolvConfFile file in your torrc?");
1495 if (nameservers_configured
)
1497 tor_free(resolv_conf_fname
);
1498 resolv_conf_mtime
= 0;
1502 nameservers_configured
= 1;
1506 /** For eventdns: Called when we get an answer for a request we launched.
1507 * See eventdns.h for arguments; 'arg' holds the address we tried to resolve.
1510 evdns_callback(int result
, char type
, int count
, int ttl
, void *addresses
,
1513 char *string_address
= arg
;
1515 int status
= DNS_RESOLVE_FAILED_PERMANENT
;
1517 const char *hostname
= NULL
;
1519 if (result
== DNS_ERR_NONE
) {
1520 if (type
== DNS_IPv4_A
&& count
) {
1521 char answer_buf
[INET_NTOA_BUF_LEN
+1];
1523 char *escaped_address
;
1524 uint32_t *addrs
= addresses
;
1525 in
.s_addr
= addrs
[0];
1526 addr
= ntohl(addrs
[0]);
1527 status
= DNS_RESOLVE_SUCCEEDED
;
1528 tor_inet_ntoa(&in
, answer_buf
, sizeof(answer_buf
));
1529 escaped_address
= esc_for_log(string_address
);
1531 if (answer_is_wildcarded(answer_buf
)) {
1532 log_debug(LD_EXIT
, "eventdns said that %s resolves to ISP-hijacked "
1533 "address %s; treating as a failure.",
1534 safe_str(escaped_address
),
1535 escaped_safe_str(answer_buf
));
1537 status
= DNS_RESOLVE_FAILED_PERMANENT
;
1539 log_debug(LD_EXIT
, "eventdns said that %s resolves to %s",
1540 safe_str(escaped_address
),
1541 escaped_safe_str(answer_buf
));
1543 tor_free(escaped_address
);
1544 } else if (type
== DNS_PTR
&& count
) {
1545 char *escaped_address
;
1547 hostname
= ((char**)addresses
)[0];
1548 status
= DNS_RESOLVE_SUCCEEDED
;
1549 escaped_address
= esc_for_log(string_address
);
1550 log_debug(LD_EXIT
, "eventdns said that %s resolves to %s",
1551 safe_str(escaped_address
),
1552 escaped_safe_str(hostname
));
1553 tor_free(escaped_address
);
1555 log_warn(LD_EXIT
, "eventdns returned only non-IPv4 answers for %s.",
1556 escaped_safe_str(string_address
));
1558 log_warn(LD_BUG
, "eventdns returned no addresses or error for %s!",
1559 escaped_safe_str(string_address
));
1562 if (evdns_err_is_transient(result
))
1563 status
= DNS_RESOLVE_FAILED_TRANSIENT
;
1565 if (result
!= DNS_ERR_SHUTDOWN
)
1566 dns_found_answer(string_address
, is_reverse
, addr
, hostname
, status
, ttl
);
1567 tor_free(string_address
);
1570 /** For eventdns: start resolving as necessary to find the target for
1571 * <b>exitconn</b> */
1573 launch_resolve(edge_connection_t
*exitconn
, or_circuit_t
*circ
)
1575 char *addr
= tor_strdup(exitconn
->_base
.address
);
1578 int options
= get_options()->ServerDNSSearchDomains
? 0
1579 : DNS_QUERY_NO_SEARCH
;
1580 /* What? Nameservers not configured? Sounds like a bug. */
1581 if (!nameservers_configured
) {
1582 log_warn(LD_EXIT
, "Harmless bug: nameservers not configured, but resolve "
1583 "launched. Configuring.");
1584 if (configure_nameservers(1) < 0)
1588 r
= parse_inaddr_arpa_address(exitconn
->_base
.address
, &in
);
1590 log_info(LD_EXIT
, "Launching eventdns request for %s",
1591 escaped_safe_str(exitconn
->_base
.address
));
1592 r
= evdns_resolve_ipv4(exitconn
->_base
.address
, options
,
1593 evdns_callback
, addr
);
1594 } else if (r
== 1) {
1595 log_info(LD_EXIT
, "Launching eventdns reverse request for %s",
1596 escaped_safe_str(exitconn
->_base
.address
));
1597 r
= evdns_resolve_reverse(&in
, DNS_QUERY_NO_SEARCH
,
1598 evdns_callback
, addr
);
1599 } else if (r
== -1) {
1600 log_warn(LD_BUG
, "Somehow a malformed in-addr.arpa address reached here.");
1604 log_warn(LD_EXIT
, "eventdns rejected address %s: error %d.",
1605 escaped_safe_str(addr
), r
);
1606 if (exitconn
->_base
.purpose
== EXIT_PURPOSE_RESOLVE
) {
1607 if (evdns_err_is_transient(r
))
1608 send_resolved_cell(exitconn
, circ
, RESOLVED_TYPE_ERROR_TRANSIENT
);
1610 exitconn
->address_ttl
= DEFAULT_DNS_TTL
;
1611 send_resolved_cell(exitconn
, circ
, RESOLVED_TYPE_ERROR
);
1614 dns_cancel_pending_resolve(addr
); /* also sends end and frees */
1620 /** How many requests for bogus addresses have we launched so far? */
1621 static int n_wildcard_requests
= 0;
1623 /** Map from dotted-quad IP address in response to an int holding how many
1624 * times we've seen it for a randomly generated (hopefully bogus) address. It
1625 * would be easier to use definitely-invalid addresses (as specified by
1626 * RFC2606), but see comment in dns_launch_wildcard_checks(). */
1627 static strmap_t
*dns_wildcard_response_count
= NULL
;
1629 /** If present, a list of dotted-quad IP addresses that we are pretty sure our
1630 * nameserver wants to return in response to requests for nonexistent domains.
1632 static smartlist_t
*dns_wildcard_list
= NULL
;
1634 /** Called when we see <b>id</b> (a dotted quad) in response to a request for
1635 * a hopefully bogus address. */
1637 wildcard_increment_answer(const char *id
)
1640 static int notice_given
= 0;
1641 if (!dns_wildcard_response_count
)
1642 dns_wildcard_response_count
= strmap_new();
1644 ip
= strmap_get(dns_wildcard_response_count
, id
); // may be null (0)
1646 ip
= tor_malloc_zero(sizeof(int));
1647 strmap_set(dns_wildcard_response_count
, id
, ip
);
1651 if (*ip
> 5 && n_wildcard_requests
> 10) {
1652 if (!dns_wildcard_list
) dns_wildcard_list
= smartlist_create();
1653 if (!smartlist_string_isin(dns_wildcard_list
, id
)) {
1654 log(notice_given
? LOG_INFO
: LOG_NOTICE
, LD_EXIT
,
1655 "Your DNS provider has given \"%s\" as an answer for %d different "
1656 "invalid addresses. Apparently they are hijacking DNS failures. "
1657 "I'll trying to correct for this by treating future occurrences of "
1658 "\"%s\" as 'not found'.", id
, *ip
, id
);
1659 smartlist_add(dns_wildcard_list
, tor_strdup(id
));
1664 /** Callback function when we get an answer (possibly failing) for a request
1665 * for a (hopefully) nonexistent domain. */
1667 evdns_wildcard_check_callback(int result
, char type
, int count
, int ttl
,
1668 void *addresses
, void *arg
)
1670 static int notice_given
= 0;
1672 ++n_wildcard_requests
;
1673 if (result
== DNS_ERR_NONE
&& type
== DNS_IPv4_A
&& count
) {
1674 uint32_t *addrs
= addresses
;
1676 char *string_address
= arg
;
1677 for (i
= 0; i
< count
; ++i
) {
1678 char answer_buf
[INET_NTOA_BUF_LEN
+1];
1680 in
.s_addr
= addrs
[i
];
1681 tor_inet_ntoa(&in
, answer_buf
, sizeof(answer_buf
));
1682 wildcard_increment_answer(answer_buf
);
1684 log(notice_given
? LOG_INFO
: LOG_NOTICE
, LD_EXIT
,
1685 "Your DNS provider gave an answer for \"%s\", which "
1686 "is not supposed to exist. Apparently they are hijacking "
1687 "DNS failures. Trying to correct for this. We've noticed %d possibly "
1688 "bad addresses so far.",
1689 string_address
, strmap_size(dns_wildcard_response_count
));
1695 /** Launch a single request for a nonexistent hostname consisting of between
1696 * <b>min_len</b> and <b>max_len</b> random (plausible) characters followed by
1699 launch_wildcard_check(int min_len
, int max_len
, const char *suffix
)
1701 char random_bytes
[20], name
[64], *addr
;
1705 len
= min_len
+ crypto_rand_int(max_len
-min_len
+1);
1706 if (crypto_rand(random_bytes
, sizeof(random_bytes
)) < 0)
1708 base32_encode(name
, sizeof(name
), random_bytes
, sizeof(random_bytes
));
1710 strlcat(name
, suffix
, sizeof(name
));
1712 addr
= tor_strdup(name
);
1713 r
= evdns_resolve_ipv4(name
, DNS_QUERY_NO_SEARCH
,
1714 evdns_wildcard_check_callback
, addr
);
1719 #define N_WILDCARD_CHECKS 2
1721 /** Launch DNS requests for a few nonexistent hostnames, and see if we can
1722 * catch our nameserver trying to hijack them and map them to a stupid "I
1723 * couldn't find ggoogle.com but maybe you'd like to buy these lovely
1724 * encyclopedias" page. */
1726 dns_launch_wildcard_checks(void)
1729 if (!get_options()->ServerDNSDetectHijacking
)
1731 log_info(LD_EXIT
, "Launching checks to see whether our nameservers like "
1732 "to hijack DNS failures.");
1733 for (i
= 0; i
< N_WILDCARD_CHECKS
; ++i
) {
1734 /* RFC2606 reserves these. Sadly, some DNS hijackers, in a silly attempt
1735 * to 'comply' with rfc2606, refrain from giving A records for these.
1736 * This is the standards-compliance equivalent of making sure that your
1737 * crackhouse's elevator inspection certificate is up to date.
1739 launch_wildcard_check(2, 16, ".invalid");
1740 launch_wildcard_check(2, 16, ".test");
1742 /* These will break specs if there are ever any number of
1743 * 8+-character top-level domains. */
1744 launch_wildcard_check(8, 16, "");
1746 /* Try some random .com/org/net domains. This will work fine so long as
1747 * not too many resolve to the same place. */
1748 launch_wildcard_check(8, 16, ".com");
1749 launch_wildcard_check(8, 16, ".org");
1750 launch_wildcard_check(8, 16, ".net");
1754 /** Return true iff we have noticed that the dotted-quad <b>ip</b> has been
1755 * returned in response to requests for nonexistent hostnames. */
1757 answer_is_wildcarded(const char *ip
)
1759 return dns_wildcard_list
&& smartlist_string_isin(dns_wildcard_list
, ip
);
1761 #endif /* USE_EVENTDNS */
1763 /** Exit with an assertion if <b>resolve</b> is corrupt. */
1765 assert_resolve_ok(cached_resolve_t
*resolve
)
1767 tor_assert(resolve
);
1768 tor_assert(resolve
->magic
== CACHED_RESOLVE_MAGIC
);
1769 tor_assert(strlen(resolve
->address
) < MAX_ADDRESSLEN
);
1770 tor_assert(tor_strisnonupper(resolve
->address
));
1771 if (resolve
->state
!= CACHE_STATE_PENDING
) {
1772 tor_assert(!resolve
->pending_connections
);
1774 if (resolve
->state
== CACHE_STATE_PENDING
||
1775 resolve
->state
== CACHE_STATE_DONE
) {
1776 tor_assert(!resolve
->ttl
);
1777 if (resolve
->is_reverse
)
1778 tor_assert(!resolve
->result
.hostname
);
1780 tor_assert(!resolve
->result
.addr
);
1784 #ifdef DEBUG_DNS_CACHE
1785 /** Exit with an assertion if the DNS cache is corrupt. */
1787 _assert_cache_ok(void)
1789 cached_resolve_t
**resolve
;
1790 int bad_rep
= _cache_map_HT_REP_IS_BAD(&cache_root
);
1792 log_err(LD_BUG
, "Bad rep type %d on dns cache hash table", bad_rep
);
1793 tor_assert(!bad_rep
);
1796 HT_FOREACH(resolve
, cache_map
, &cache_root
) {
1797 assert_resolve_ok(*resolve
);
1798 tor_assert((*resolve
)->state
!= CACHE_STATE_DONE
);
1800 if (!cached_resolve_pqueue
)
1803 smartlist_pqueue_assert_ok(cached_resolve_pqueue
,
1804 _compare_cached_resolves_by_expiry
);