1 /* Copyright (c) 2003-2004, Roger Dingledine
2 * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson.
3 * Copyright (c) 2007-2016, The Tor Project, Inc. */
4 /* See LICENSE for licensing information */
8 * \brief Functions to use and manipulate the tor_addr_t structure.
11 #define ADDRESS_PRIVATE
16 /* For access to structs needed by GetAdaptersAddresses */
17 #ifndef WIN32_LEAN_AND_MEAN
18 #error "orconfig.h didn't define WIN32_LEAN_AND_MEAN"
21 #error "orconfig.h didn't define WINVER"
24 #error "orconfig.h didn't define _WIN32_WINNT"
27 #error "winver too low"
29 #if _WIN32_WINNT < 0x0501
30 #error "winver too low"
40 #include "util_format.h"
43 #include "container.h"
46 #ifdef HAVE_SYS_TIME_H
55 #ifdef HAVE_NETINET_IN_H
56 #include <netinet/in.h>
58 #ifdef HAVE_ARPA_INET_H
59 #include <arpa/inet.h>
61 #ifdef HAVE_SYS_SOCKET_H
62 #include <sys/socket.h>
67 #ifdef HAVE_SYS_PARAM_H
68 #include <sys/param.h> /* FreeBSD needs this to know what version it is */
76 #ifdef HAVE_SYS_IOCTL_H
77 #include <sys/ioctl.h>
88 /* tor_addr_is_null() and maybe other functions rely on AF_UNSPEC being 0 to
89 * work correctly. Bail out here if we've found a platform where AF_UNSPEC
92 #error We rely on AF_UNSPEC being 0. Let us know about your platform, please!
95 /** Convert the tor_addr_t in <b>a</b>, with port in <b>port</b>, into a
96 * sockaddr object in *<b>sa_out</b> of object size <b>len</b>. If not enough
97 * room is available in sa_out, or on error, return 0. On success, return
98 * the length of the sockaddr.
100 * Interface note: ordinarily, we return -1 for error. We can't do that here,
101 * since socklen_t is unsigned on some platforms.
104 tor_addr_to_sockaddr(const tor_addr_t
*a
,
106 struct sockaddr
*sa_out
,
109 memset(sa_out
, 0, len
);
111 sa_family_t family
= tor_addr_family(a
);
112 if (family
== AF_INET
) {
113 struct sockaddr_in
*sin
;
114 if (len
< (int)sizeof(struct sockaddr_in
))
116 sin
= (struct sockaddr_in
*)sa_out
;
117 #ifdef HAVE_STRUCT_SOCKADDR_IN_SIN_LEN
118 sin
->sin_len
= sizeof(struct sockaddr_in
);
120 sin
->sin_family
= AF_INET
;
121 sin
->sin_port
= htons(port
);
122 sin
->sin_addr
.s_addr
= tor_addr_to_ipv4n(a
);
123 return sizeof(struct sockaddr_in
);
124 } else if (family
== AF_INET6
) {
125 struct sockaddr_in6
*sin6
;
126 if (len
< (int)sizeof(struct sockaddr_in6
))
128 sin6
= (struct sockaddr_in6
*)sa_out
;
129 #ifdef HAVE_STRUCT_SOCKADDR_IN6_SIN6_LEN
130 sin6
->sin6_len
= sizeof(struct sockaddr_in6
);
132 sin6
->sin6_family
= AF_INET6
;
133 sin6
->sin6_port
= htons(port
);
134 memcpy(&sin6
->sin6_addr
, tor_addr_to_in6_assert(a
),
135 sizeof(struct in6_addr
));
136 return sizeof(struct sockaddr_in6
);
142 /** Set address <b>a</b> to zero. This address belongs to
143 * the AF_UNIX family. */
145 tor_addr_make_af_unix(tor_addr_t
*a
)
147 memset(a
, 0, sizeof(*a
));
151 /** Set the tor_addr_t in <b>a</b> to contain the socket address contained in
152 * <b>sa</b>. IF <b>port_out</b> is non-NULL and <b>sa</b> contains a port,
153 * set *<b>port_out</b> to that port. Return 0 on success and -1 on
156 tor_addr_from_sockaddr(tor_addr_t
*a
, const struct sockaddr
*sa
,
162 memset(a
, 0, sizeof(*a
));
164 if (sa
->sa_family
== AF_INET
) {
165 struct sockaddr_in
*sin
= (struct sockaddr_in
*) sa
;
166 tor_addr_from_ipv4n(a
, sin
->sin_addr
.s_addr
);
168 *port_out
= ntohs(sin
->sin_port
);
169 } else if (sa
->sa_family
== AF_INET6
) {
170 struct sockaddr_in6
*sin6
= (struct sockaddr_in6
*) sa
;
171 tor_addr_from_in6(a
, &sin6
->sin6_addr
);
173 *port_out
= ntohs(sin6
->sin6_port
);
174 } else if (sa
->sa_family
== AF_UNIX
) {
175 tor_addr_make_af_unix(a
);
178 tor_addr_make_unspec(a
);
184 /** Return a newly allocated string holding the address described in
185 * <b>sa</b>. AF_UNIX, AF_UNSPEC, AF_INET, and AF_INET6 are supported. */
187 tor_sockaddr_to_str(const struct sockaddr
*sa
)
189 char address
[TOR_ADDR_BUF_LEN
];
194 if (sa
->sa_family
== AF_UNIX
) {
195 struct sockaddr_un
*s_un
= (struct sockaddr_un
*)sa
;
196 tor_asprintf(&result
, "unix:%s", s_un
->sun_path
);
200 if (sa
->sa_family
== AF_UNSPEC
)
201 return tor_strdup("unspec");
203 if (tor_addr_from_sockaddr(&addr
, sa
, &port
) < 0)
205 if (! tor_addr_to_str(address
, &addr
, sizeof(address
), 1))
207 tor_asprintf(&result
, "%s:%d", address
, (int)port
);
211 /** Set address <b>a</b> to the unspecified address. This address belongs to
214 tor_addr_make_unspec(tor_addr_t
*a
)
216 memset(a
, 0, sizeof(*a
));
217 a
->family
= AF_UNSPEC
;
220 /** Set address <b>a</b> to the null address in address family <b>family</b>.
221 * The null address for AF_INET is 0.0.0.0. The null address for AF_INET6 is
222 * [::]. AF_UNSPEC is all null. */
224 tor_addr_make_null(tor_addr_t
*a
, sa_family_t family
)
226 memset(a
, 0, sizeof(*a
));
230 /** Similar behavior to Unix gethostbyname: resolve <b>name</b>, and set
231 * *<b>addr</b> to the proper IP address and family. The <b>family</b>
232 * argument (which must be AF_INET, AF_INET6, or AF_UNSPEC) declares a
233 * <i>preferred</i> family, though another one may be returned if only one
234 * family is implemented for this address.
236 * Return 0 on success, -1 on failure; 1 on transient failure.
239 tor_addr_lookup(const char *name
, uint16_t family
, tor_addr_t
*addr
)
241 /* Perhaps eventually this should be replaced by a tor_getaddrinfo or
244 struct in_addr iaddr
;
245 struct in6_addr iaddr6
;
248 tor_assert(family
== AF_INET
|| family
== AF_INET6
|| family
== AF_UNSPEC
);
250 /* Empty address is an error. */
252 } else if (tor_inet_pton(AF_INET
, name
, &iaddr
)) {
253 /* It's an IPv4 IP. */
254 if (family
== AF_INET6
)
256 tor_addr_from_in(addr
, &iaddr
);
258 } else if (tor_inet_pton(AF_INET6
, name
, &iaddr6
)) {
259 if (family
== AF_INET
)
261 tor_addr_from_in6(addr
, &iaddr6
);
264 #ifdef HAVE_GETADDRINFO
266 struct addrinfo
*res
=NULL
, *res_p
;
267 struct addrinfo
*best
=NULL
;
268 struct addrinfo hints
;
270 memset(&hints
, 0, sizeof(hints
));
271 hints
.ai_family
= family
;
272 hints
.ai_socktype
= SOCK_STREAM
;
273 err
= sandbox_getaddrinfo(name
, NULL
, &hints
, &res
);
274 /* The check for 'res' here shouldn't be necessary, but it makes static
275 * analysis tools happy. */
278 for (res_p
= res
; res_p
; res_p
= res_p
->ai_next
) {
279 if (family
== AF_UNSPEC
) {
280 if (res_p
->ai_family
== AF_INET
) {
283 } else if (res_p
->ai_family
== AF_INET6
&& !best
) {
286 } else if (family
== res_p
->ai_family
) {
293 if (best
->ai_family
== AF_INET
) {
294 tor_addr_from_in(addr
,
295 &((struct sockaddr_in
*)best
->ai_addr
)->sin_addr
);
297 } else if (best
->ai_family
== AF_INET6
) {
298 tor_addr_from_in6(addr
,
299 &((struct sockaddr_in6
*)best
->ai_addr
)->sin6_addr
);
302 sandbox_freeaddrinfo(res
);
305 return (err
== EAI_AGAIN
) ? 1 : -1;
309 #ifdef HAVE_GETHOSTBYNAME_R_6_ARG
311 struct hostent hostent
;
313 r
= gethostbyname_r(name
, &hostent
, buf
, sizeof(buf
), &ent
, &err
);
314 #elif defined(HAVE_GETHOSTBYNAME_R_5_ARG)
316 struct hostent hostent
;
317 ent
= gethostbyname_r(name
, &hostent
, buf
, sizeof(buf
), &err
);
318 #elif defined(HAVE_GETHOSTBYNAME_R_3_ARG)
319 struct hostent_data data
;
321 memset(&data
, 0, sizeof(data
));
322 err
= gethostbyname_r(name
, &hent
, &data
);
323 ent
= err
? NULL
: &hent
;
325 ent
= gethostbyname(name
);
327 err
= WSAGetLastError();
331 #endif /* endif HAVE_GETHOSTBYNAME_R_6_ARG. */
333 if (ent
->h_addrtype
== AF_INET
) {
334 tor_addr_from_in(addr
, (struct in_addr
*) ent
->h_addr
);
335 } else if (ent
->h_addrtype
== AF_INET6
) {
336 tor_addr_from_in6(addr
, (struct in6_addr
*) ent
->h_addr
);
338 tor_assert(0); // LCOV_EXCL_LINE: gethostbyname() returned bizarre type
343 return (err
== WSATRY_AGAIN
) ? 1 : -1;
345 return (err
== TRY_AGAIN
) ? 1 : -1;
351 /** Return true iff <b>ip</b> is an IP reserved to localhost or local networks
352 * in RFC1918 or RFC4193 or RFC4291. (fec0::/10, deprecated by RFC3879, is
353 * also treated as internal for now.)
356 tor_addr_is_internal_(const tor_addr_t
*addr
, int for_listening
,
357 const char *filename
, int lineno
)
363 sa_family_t v_family
= tor_addr_family(addr
);
365 if (v_family
== AF_INET
) {
366 iph4
= tor_addr_to_ipv4h(addr
);
367 } else if (v_family
== AF_INET6
) {
368 if (tor_addr_is_v4(addr
)) { /* v4-mapped */
369 uint32_t *addr32
= NULL
;
371 // Work around an incorrect NULL pointer dereference warning in
372 // "clang --analyze" due to limited analysis depth
373 addr32
= tor_addr_to_in6_addr32(addr
);
374 // To improve performance, wrap this assertion in:
375 // #if !defined(__clang_analyzer__) || PARANOIA
377 iph4
= ntohl(addr32
[3]);
381 if (v_family
== AF_INET6
) {
382 const uint32_t *a32
= tor_addr_to_in6_addr32(addr
);
383 iph6
[0] = ntohl(a32
[0]);
384 iph6
[1] = ntohl(a32
[1]);
385 iph6
[2] = ntohl(a32
[2]);
386 iph6
[3] = ntohl(a32
[3]);
387 if (for_listening
&& !iph6
[0] && !iph6
[1] && !iph6
[2] && !iph6
[3]) /* :: */
390 if (((iph6
[0] & 0xfe000000) == 0xfc000000) || /* fc00/7 - RFC4193 */
391 ((iph6
[0] & 0xffc00000) == 0xfe800000) || /* fe80/10 - RFC4291 */
392 ((iph6
[0] & 0xffc00000) == 0xfec00000)) /* fec0/10 D- RFC3879 */
395 if (!iph6
[0] && !iph6
[1] && !iph6
[2] &&
396 ((iph6
[3] & 0xfffffffe) == 0x00000000)) /* ::/127 */
400 } else if (v_family
== AF_INET
) {
401 if (for_listening
&& !iph4
) /* special case for binding to 0.0.0.0 */
403 if (((iph4
& 0xff000000) == 0x0a000000) || /* 10/8 */
404 ((iph4
& 0xff000000) == 0x00000000) || /* 0/8 */
405 ((iph4
& 0xff000000) == 0x7f000000) || /* 127/8 */
406 ((iph4
& 0xffff0000) == 0xa9fe0000) || /* 169.254/16 */
407 ((iph4
& 0xfff00000) == 0xac100000) || /* 172.16/12 */
408 ((iph4
& 0xffff0000) == 0xc0a80000)) /* 192.168/16 */
413 /* unknown address family... assume it's not safe for external use */
414 /* rather than tor_assert(0) */
415 log_warn(LD_BUG
, "tor_addr_is_internal() called from %s:%d with a "
416 "non-IP address of type %d", filename
, lineno
, (int)v_family
);
417 tor_fragile_assert();
421 /** Convert a tor_addr_t <b>addr</b> into a string, and store it in
422 * <b>dest</b> of size <b>len</b>. Returns a pointer to dest on success,
423 * or NULL on failure. If <b>decorate</b>, surround IPv6 addresses with
427 tor_addr_to_str(char *dest
, const tor_addr_t
*addr
, size_t len
, int decorate
)
430 tor_assert(addr
&& dest
);
432 switch (tor_addr_family(addr
)) {
434 /* Shortest addr x.x.x.x + \0 */
437 ptr
= tor_inet_ntop(AF_INET
, &addr
->addr
.in_addr
, dest
, len
);
440 /* Shortest addr [ :: ] + \0 */
441 if (len
< (3 + (decorate
? 2 : 0)))
445 ptr
= tor_inet_ntop(AF_INET6
, &addr
->addr
.in6_addr
, dest
+1, len
-2);
447 ptr
= tor_inet_ntop(AF_INET6
, &addr
->addr
.in6_addr
, dest
, len
);
449 if (ptr
&& decorate
) {
451 memcpy(dest
+strlen(dest
), "]", 2);
452 tor_assert(ptr
== dest
+1);
457 tor_snprintf(dest
, len
, "AF_UNIX");
466 /** Parse an .in-addr.arpa or .ip6.arpa address from <b>address</b>. Return 0
467 * if this is not an .in-addr.arpa address or an .ip6.arpa address. Return -1
468 * if this is an ill-formed .in-addr.arpa address or an .ip6.arpa address.
469 * Also return -1 if <b>family</b> is not AF_UNSPEC, and the parsed address
470 * family does not match <b>family</b>. On success, return 1, and store the
471 * result, if any, into <b>result</b>, if provided.
473 * If <b>accept_regular</b> is set and the address is in neither recognized
474 * reverse lookup hostname format, try parsing the address as a regular
475 * IPv4 or IPv6 address too.
478 tor_addr_parse_PTR_name(tor_addr_t
*result
, const char *address
,
479 int family
, int accept_regular
)
481 if (!strcasecmpend(address
, ".in-addr.arpa")) {
482 /* We have an in-addr.arpa address. */
483 char buf
[INET_NTOA_BUF_LEN
];
485 struct in_addr inaddr
;
486 if (family
== AF_INET6
)
489 len
= strlen(address
) - strlen(".in-addr.arpa");
490 if (len
>= INET_NTOA_BUF_LEN
)
491 return -1; /* Too long. */
493 memcpy(buf
, address
, len
);
495 if (tor_inet_aton(buf
, &inaddr
) == 0)
496 return -1; /* malformed. */
498 /* reverse the bytes */
499 inaddr
.s_addr
= (uint32_t)
500 (((inaddr
.s_addr
& 0x000000ff) << 24)
501 |((inaddr
.s_addr
& 0x0000ff00) << 8)
502 |((inaddr
.s_addr
& 0x00ff0000) >> 8)
503 |((inaddr
.s_addr
& 0xff000000) >> 24));
506 tor_addr_from_in(result
, &inaddr
);
511 if (!strcasecmpend(address
, ".ip6.arpa")) {
516 if (family
== AF_INET
)
520 for (int i
= 0; i
< 16; ++i
) {
521 n0
= hex_decode_digit(*cp
++); /* The low-order nybble appears first. */
522 if (*cp
++ != '.') return -1; /* Then a dot. */
523 n1
= hex_decode_digit(*cp
++); /* The high-order nybble appears first. */
524 if (*cp
++ != '.') return -1; /* Then another dot. */
525 if (n0
<0 || n1
< 0) /* Both nybbles must be hex. */
528 /* We don't check the length of the string in here. But that's okay,
529 * since we already know that the string ends with ".ip6.arpa", and
530 * there is no way to frameshift .ip6.arpa so it fits into the pattern
531 * of hexdigit, period, hexdigit, period that we enforce above.
534 /* Assign from low-byte to high-byte. */
535 in6
.s6_addr
[15-i
] = n0
| (n1
<< 4);
537 if (strcasecmp(cp
, "ip6.arpa"))
541 tor_addr_from_in6(result
, &in6
);
546 if (accept_regular
) {
548 int r
= tor_addr_parse(&tmp
, address
);
551 if (r
!= family
&& family
!= AF_UNSPEC
)
555 memcpy(result
, &tmp
, sizeof(tor_addr_t
));
563 /** Convert <b>addr</b> to an in-addr.arpa name or a .ip6.arpa name,
564 * and store the result in the <b>outlen</b>-byte buffer at
565 * <b>out</b>. Return the number of chars written to <b>out</b>, not
566 * including the trailing \0, on success. Returns -1 on failure. */
568 tor_addr_to_PTR_name(char *out
, size_t outlen
,
569 const tor_addr_t
*addr
)
574 if (addr
->family
== AF_INET
) {
575 uint32_t a
= tor_addr_to_ipv4h(addr
);
577 return tor_snprintf(out
, outlen
, "%d.%d.%d.%d.in-addr.arpa",
578 (int)(uint8_t)((a
)&0xff),
579 (int)(uint8_t)((a
>>8 )&0xff),
580 (int)(uint8_t)((a
>>16)&0xff),
581 (int)(uint8_t)((a
>>24)&0xff));
582 } else if (addr
->family
== AF_INET6
) {
585 const uint8_t *bytes
= tor_addr_to_in6_addr8(addr
);
586 if (outlen
< REVERSE_LOOKUP_NAME_BUF_LEN
)
588 for (i
= 15; i
>= 0; --i
) {
589 uint8_t byte
= bytes
[i
];
590 *cp
++ = "0123456789abcdef"[byte
& 0x0f];
592 *cp
++ = "0123456789abcdef"[byte
>> 4];
595 memcpy(cp
, "ip6.arpa", 9); /* 8 characters plus NUL */
601 /** Parse a string <b>s</b> containing an IPv4/IPv6 address, and possibly
602 * a mask and port or port range. Store the parsed address in
603 * <b>addr_out</b>, a mask (if any) in <b>mask_out</b>, and port(s) (if any)
604 * in <b>port_min_out</b> and <b>port_max_out</b>.
607 * Address OptMask OptPortRange
608 * Address ::= IPv4Address / "[" IPv6Address "]" / "*"
609 * OptMask ::= "/" Integer /
610 * OptPortRange ::= ":*" / ":" Integer / ":" Integer "-" Integer /
612 * - If mask, minport, or maxport are NULL, we do not want these
613 * options to be set; treat them as an error if present.
614 * - If the string has no mask, the mask is set to /32 (IPv4) or /128 (IPv6).
615 * - If the string has one port, it is placed in both min and max port
617 * - If the string has no port(s), port_(min|max)_out are set to 1 and 65535.
619 * Return an address family on success, or -1 if an invalid address string is
622 * If 'flags & TAPMP_EXTENDED_STAR' is false, then the wildcard address '*'
623 * yield an IPv4 wildcard.
625 * If 'flags & TAPMP_EXTENDED_STAR' is true, then the wildcard address '*'
626 * yields an AF_UNSPEC wildcard address, which expands to corresponding
627 * wildcard IPv4 and IPv6 rules, and the following change is made
628 * in the grammar above:
629 * Address ::= IPv4Address / "[" IPv6Address "]" / "*" / "*4" / "*6"
630 * with the new "*4" and "*6" productions creating a wildcard to match
631 * IPv4 or IPv6 addresses.
633 * If 'flags & TAPMP_EXTENDED_STAR' and 'flags & TAPMP_STAR_IPV4_ONLY' are
634 * both true, then the wildcard address '*' yields an IPv4 wildcard.
636 * If 'flags & TAPMP_EXTENDED_STAR' and 'flags & TAPMP_STAR_IPV6_ONLY' are
637 * both true, then the wildcard address '*' yields an IPv6 wildcard.
639 * TAPMP_STAR_IPV4_ONLY and TAPMP_STAR_IPV6_ONLY are mutually exclusive. */
641 tor_addr_parse_mask_ports(const char *s
,
643 tor_addr_t
*addr_out
,
644 maskbits_t
*maskbits_out
,
645 uint16_t *port_min_out
, uint16_t *port_max_out
)
647 char *base
= NULL
, *address
, *mask
= NULL
, *port
= NULL
, *rbracket
= NULL
;
649 int any_flag
=0, v4map
=0;
651 struct in6_addr in6_tmp
;
652 struct in_addr in_tmp
= { .s_addr
= 0 };
655 tor_assert(addr_out
);
656 /* We can either only want an IPv4 address or only want an IPv6 address,
657 * but we can't only want IPv4 & IPv6 at the same time. */
658 tor_assert(!((flags
& TAPMP_STAR_IPV4_ONLY
)
659 && (flags
& TAPMP_STAR_IPV6_ONLY
)));
661 /** Longest possible length for an address, mask, and port-range combination.
662 * Includes IP, [], /mask, :, ports */
663 #define MAX_ADDRESS_LENGTH (TOR_ADDR_BUF_LEN+2+(1+INET_NTOA_BUF_LEN)+12+1)
665 if (strlen(s
) > MAX_ADDRESS_LENGTH
) {
666 log_warn(LD_GENERAL
, "Impossibly long IP %s; rejecting", escaped(s
));
669 base
= tor_strdup(s
);
671 /* Break 'base' into separate strings. */
673 if (*address
== '[') { /* Probably IPv6 */
675 rbracket
= strchr(address
, ']');
678 "No closing IPv6 bracket in address pattern; rejecting.");
682 mask
= strchr((rbracket
?rbracket
:address
),'/');
683 port
= strchr((mask
?mask
:(rbracket
?rbracket
:address
)), ':');
691 tor_assert(port
> mask
);
692 if (mask
&& rbracket
)
693 tor_assert(mask
> rbracket
);
695 /* Now "address" is the a.b.c.d|'*'|abcd::1 part...
696 * "mask" is the Mask|Maskbits part...
697 * and "port" is the *|port|min-max part.
700 /* Process the address portion */
701 memset(addr_out
, 0, sizeof(tor_addr_t
));
703 if (!strcmp(address
, "*")) {
704 if (flags
& TAPMP_EXTENDED_STAR
) {
705 if (flags
& TAPMP_STAR_IPV4_ONLY
) {
707 tor_addr_from_ipv4h(addr_out
, 0);
708 } else if (flags
& TAPMP_STAR_IPV6_ONLY
) {
709 static char nil_bytes
[16] = { [0]=0,0,0,0, 0,0,0,0, 0,0,0,0, 0,0,0,0 };
711 tor_addr_from_ipv6_bytes(addr_out
, nil_bytes
);
714 tor_addr_make_unspec(addr_out
);
716 "'%s' expands into rules which apply to all IPv4 and IPv6 "
717 "addresses. (Use accept/reject *4:* for IPv4 or "
718 "accept[6]/reject[6] *6:* for IPv6.)", s
);
722 tor_addr_from_ipv4h(addr_out
, 0);
725 } else if (!strcmp(address
, "*4") && (flags
& TAPMP_EXTENDED_STAR
)) {
727 tor_addr_from_ipv4h(addr_out
, 0);
729 } else if (!strcmp(address
, "*6") && (flags
& TAPMP_EXTENDED_STAR
)) {
730 static char nil_bytes
[16] = { [0]=0,0,0,0, 0,0,0,0, 0,0,0,0, 0,0,0,0 };
732 tor_addr_from_ipv6_bytes(addr_out
, nil_bytes
);
734 } else if (tor_inet_pton(AF_INET6
, address
, &in6_tmp
) > 0) {
736 tor_addr_from_in6(addr_out
, &in6_tmp
);
737 } else if (tor_inet_pton(AF_INET
, address
, &in_tmp
) > 0) {
739 tor_addr_from_in(addr_out
, &in_tmp
);
741 log_warn(LD_GENERAL
, "Malformed IP %s in address pattern; rejecting.",
746 v4map
= tor_addr_is_v4(addr_out
);
751 struct in_addr v4mask
;
753 if (mask
) { /* the caller (tried to) specify a mask */
754 bits
= (int) strtol(mask
, &endptr
, 10);
755 if (!*endptr
) { /* strtol converted everything, so it was an integer */
756 if ((bits
<0 || bits
>128) ||
757 (family
== AF_INET
&& bits
> 32)) {
759 "Bad number of mask bits (%d) on address range; rejecting.",
763 } else { /* mask might still be an address-style mask */
764 if (tor_inet_pton(AF_INET
, mask
, &v4mask
) > 0) {
765 bits
= addr_mask_get_bits(ntohl(v4mask
.s_addr
));
768 "IPv4-style mask %s is not a prefix address; rejecting.",
772 } else { /* Not IPv4; we don't do address-style IPv6 masks. */
774 "Malformed mask on address range %s; rejecting.",
779 if (family
== AF_INET6
&& v4map
) {
780 if (bits
> 32 && bits
< 96) { /* Crazy */
782 "Bad mask bits %d for V4-mapped V6 address; rejecting.",
786 /* XXXX_IP6 is this really what we want? */
787 bits
= 96 + bits
%32; /* map v4-mapped masks onto 96-128 bits */
791 "Found bit prefix with wildcard address; rejecting");
794 } else { /* pick an appropriate mask, as none was given */
796 bits
= 0; /* This is okay whether it's V6 or V4 (FIX V4-mapped V6!) */
797 else if (tor_addr_family(addr_out
) == AF_INET
)
799 else if (tor_addr_family(addr_out
) == AF_INET6
)
802 *maskbits_out
= (maskbits_t
) bits
;
806 "Unexpected mask in address %s; rejecting", escaped(s
));
814 if (!port_max_out
) /* caller specified one port; fake the second one */
815 port_max_out
= &port2
;
817 if (parse_port_range(port
, port_min_out
, port_max_out
) < 0) {
819 } else if ((*port_min_out
!= *port_max_out
) && port_max_out
== &port2
) {
821 "Wanted one port from address range, but there are two.");
823 port_max_out
= NULL
; /* caller specified one port, so set this back */
829 "Unexpected ports in address %s; rejecting", escaped(s
));
835 return tor_addr_family(addr_out
);
841 /** Determine whether an address is IPv4, either native or IPv4-mapped IPv6.
842 * Note that this is about representation only, as any decent stack will
843 * reject IPv4-mapped addresses received on the wire (and won't use them
844 * on the wire either).
847 tor_addr_is_v4(const tor_addr_t
*addr
)
851 if (tor_addr_family(addr
) == AF_INET
)
854 if (tor_addr_family(addr
) == AF_INET6
) {
855 /* First two don't need to be ordered */
856 uint32_t *a32
= tor_addr_to_in6_addr32(addr
);
857 if (a32
[0] == 0 && a32
[1] == 0 && ntohl(a32
[2]) == 0x0000ffffu
)
861 return 0; /* Not IPv4 - unknown family or a full-blood IPv6 address */
864 /** Determine whether an address <b>addr</b> is null, either all zeroes or
865 * belonging to family AF_UNSPEC.
868 tor_addr_is_null(const tor_addr_t
*addr
)
872 switch (tor_addr_family(addr
)) {
874 uint32_t *a32
= tor_addr_to_in6_addr32(addr
);
875 return (a32
[0] == 0) && (a32
[1] == 0) && (a32
[2] == 0) && (a32
[3] == 0);
878 return (tor_addr_to_ipv4n(addr
) == 0);
884 log_warn(LD_BUG
, "Called with unknown address family %d",
885 (int)tor_addr_family(addr
));
891 /** Return true iff <b>addr</b> is a loopback address */
893 tor_addr_is_loopback(const tor_addr_t
*addr
)
896 switch (tor_addr_family(addr
)) {
899 uint32_t *a32
= tor_addr_to_in6_addr32(addr
);
900 return (a32
[0] == 0) && (a32
[1] == 0) && (a32
[2] == 0) &&
901 (ntohl(a32
[3]) == 1);
905 return (tor_addr_to_ipv4h(addr
) & 0xff000000) == 0x7f000000;
909 /* LCOV_EXCL_START */
910 tor_fragile_assert();
917 * Checks that addr is non-NULL and not tor_addr_is_null().
918 * If for_listening is true, IPv4 addr 0.0.0.0 is allowed.
919 * It means "bind to all addresses on the local machine". */
921 tor_addr_is_valid(const tor_addr_t
*addr
, int for_listening
)
923 /* NULL addresses are invalid regardless of for_listening */
928 /* Only allow IPv4 0.0.0.0 for_listening. */
929 if (for_listening
&& addr
->family
== AF_INET
930 && tor_addr_to_ipv4h(addr
) == 0) {
934 /* Otherwise, the address is valid if it's not tor_addr_is_null() */
935 return !tor_addr_is_null(addr
);
938 /* Is the network-order IPv4 address v4n_addr valid?
939 * Checks that addr is not zero.
940 * Except if for_listening is true, where IPv4 addr 0.0.0.0 is allowed. */
942 tor_addr_is_valid_ipv4n(uint32_t v4n_addr
, int for_listening
)
944 /* Any IPv4 address is valid with for_listening. */
949 /* Otherwise, zero addresses are invalid. */
950 return v4n_addr
!= 0;
954 * Checks that port is not 0.
955 * Except if for_listening is true, where port 0 is allowed.
956 * It means "OS chooses a port". */
958 tor_port_is_valid(uint16_t port
, int for_listening
)
960 /* Any port value is valid with for_listening. */
965 /* Otherwise, zero ports are invalid. */
969 /** Set <b>dest</b> to equal the IPv4 address in <b>v4addr</b> (given in
972 tor_addr_from_ipv4n(tor_addr_t
*dest
, uint32_t v4addr
)
975 memset(dest
, 0, sizeof(tor_addr_t
));
976 dest
->family
= AF_INET
;
977 dest
->addr
.in_addr
.s_addr
= v4addr
;
980 /** Set <b>dest</b> to equal the IPv6 address in the 16 bytes at
981 * <b>ipv6_bytes</b>. */
983 tor_addr_from_ipv6_bytes(tor_addr_t
*dest
, const char *ipv6_bytes
)
986 tor_assert(ipv6_bytes
);
987 memset(dest
, 0, sizeof(tor_addr_t
));
988 dest
->family
= AF_INET6
;
989 memcpy(dest
->addr
.in6_addr
.s6_addr
, ipv6_bytes
, 16);
992 /** Set <b>dest</b> equal to the IPv6 address in the in6_addr <b>in6</b>. */
994 tor_addr_from_in6(tor_addr_t
*dest
, const struct in6_addr
*in6
)
996 tor_addr_from_ipv6_bytes(dest
, (const char*)in6
->s6_addr
);
999 /** Copy a tor_addr_t from <b>src</b> to <b>dest</b>.
1002 tor_addr_copy(tor_addr_t
*dest
, const tor_addr_t
*src
)
1008 memcpy(dest
, src
, sizeof(tor_addr_t
));
1011 /** Copy a tor_addr_t from <b>src</b> to <b>dest</b>, taking extra care to
1012 * copy only the well-defined portions. Used for computing hashes of
1016 tor_addr_copy_tight(tor_addr_t
*dest
, const tor_addr_t
*src
)
1018 tor_assert(src
!= dest
);
1021 memset(dest
, 0, sizeof(tor_addr_t
));
1022 dest
->family
= src
->family
;
1023 switch (tor_addr_family(src
))
1026 dest
->addr
.in_addr
.s_addr
= src
->addr
.in_addr
.s_addr
;
1029 memcpy(dest
->addr
.in6_addr
.s6_addr
, src
->addr
.in6_addr
.s6_addr
, 16);
1033 tor_fragile_assert(); // LCOV_EXCL_LINE
1037 /** Given two addresses <b>addr1</b> and <b>addr2</b>, return 0 if the two
1038 * addresses are equivalent under the mask mbits, less than 0 if addr1
1039 * precedes addr2, and greater than 0 otherwise.
1041 * Different address families (IPv4 vs IPv6) are always considered unequal if
1042 * <b>how</b> is CMP_EXACT; otherwise, IPv6-mapped IPv4 addresses are
1043 * considered equivalent to their IPv4 equivalents.
1045 * As a special case, all pointer-wise distinct AF_UNIX addresses are always
1046 * considered unequal since tor_addr_t currently does not contain the
1047 * information required to make the comparison.
1050 tor_addr_compare(const tor_addr_t
*addr1
, const tor_addr_t
*addr2
,
1051 tor_addr_comparison_t how
)
1053 return tor_addr_compare_masked(addr1
, addr2
, 128, how
);
1056 /** As tor_addr_compare(), but only looks at the first <b>mask</b> bits of
1059 * Reduce over-specific masks (>128 for ipv6, >32 for ipv4) to 128 or 32.
1061 * The mask is interpreted relative to <b>addr1</b>, so that if a is
1062 * \::ffff:1.2.3.4, and b is 3.4.5.6,
1063 * tor_addr_compare_masked(a,b,100,CMP_SEMANTIC) is the same as
1064 * -tor_addr_compare_masked(b,a,4,CMP_SEMANTIC).
1066 * We guarantee that the ordering from tor_addr_compare_masked is a total
1067 * order on addresses, but not that it is any particular order, or that it
1068 * will be the same from one version to the next.
1071 tor_addr_compare_masked(const tor_addr_t
*addr1
, const tor_addr_t
*addr2
,
1072 maskbits_t mbits
, tor_addr_comparison_t how
)
1074 /** Helper: Evaluates to -1 if a is less than b, 0 if a equals b, or 1 if a
1075 * is greater than b. May evaluate a and b more than once. */
1076 #define TRISTATE(a,b) (((a)<(b))?-1: (((a)==(b))?0:1))
1077 sa_family_t family1
, family2
, v_family1
, v_family2
;
1079 tor_assert(addr1
&& addr2
);
1081 v_family1
= family1
= tor_addr_family(addr1
);
1082 v_family2
= family2
= tor_addr_family(addr2
);
1084 if (family1
==family2
) {
1085 /* When the families are the same, there's only one way to do the
1086 * comparison: exactly. */
1090 return 0; /* All unspecified addresses are equal */
1092 uint32_t a1
= tor_addr_to_ipv4h(addr1
);
1093 uint32_t a2
= tor_addr_to_ipv4h(addr2
);
1100 r
= TRISTATE(a1
, a2
);
1107 const uint8_t *a1
= tor_addr_to_in6_addr8(addr1
);
1108 const uint8_t *a2
= tor_addr_to_in6_addr8(addr2
);
1109 const int bytes
= mbits
>> 3;
1110 const int leftover_bits
= mbits
& 7;
1111 if (bytes
&& (r
= tor_memcmp(a1
, a2
, bytes
))) {
1113 } else if (leftover_bits
) {
1114 uint8_t b1
= a1
[bytes
] >> (8-leftover_bits
);
1115 uint8_t b2
= a2
[bytes
] >> (8-leftover_bits
);
1116 return TRISTATE(b1
, b2
);
1122 /* HACKHACKHACKHACKHACK:
1123 * tor_addr_t doesn't contain a copy of sun_path, so it's not
1124 * possible to comapre this at all.
1126 * Since the only time we currently actually should be comparing
1127 * 2 AF_UNIX addresses is when dealing with ISO_CLIENTADDR (which
1128 * is disabled for AF_UNIX SocksPorts anyway), this just does
1129 * a pointer comparison.
1135 else if (addr1
== addr2
)
1140 /* LCOV_EXCL_START */
1141 tor_fragile_assert();
1143 /* LCOV_EXCL_STOP */
1145 } else if (how
== CMP_EXACT
) {
1146 /* Unequal families and an exact comparison? Stop now! */
1147 return TRISTATE(family1
, family2
);
1153 if (family1
== AF_INET6
&& tor_addr_is_v4(addr1
))
1154 v_family1
= AF_INET
;
1155 if (family2
== AF_INET6
&& tor_addr_is_v4(addr2
))
1156 v_family2
= AF_INET
;
1157 if (v_family1
== v_family2
) {
1158 /* One or both addresses are a mapped ipv4 address. */
1160 if (family1
== AF_INET6
) {
1161 a1
= tor_addr_to_mapped_ipv4h(addr1
);
1164 mbits
-= 96; /* We just decided that the first 96 bits of a1 "match". */
1166 a1
= tor_addr_to_ipv4h(addr1
);
1168 if (family2
== AF_INET6
) {
1169 a2
= tor_addr_to_mapped_ipv4h(addr2
);
1171 a2
= tor_addr_to_ipv4h(addr2
);
1173 if (mbits
> 32) mbits
= 32;
1176 return TRISTATE(a1
, a2
);
1178 /* Unequal families, and semantic comparison, and no semantic family
1180 return TRISTATE(family1
, family2
);
1184 /** Return a hash code based on the address addr. DOCDOC extra */
1186 tor_addr_hash(const tor_addr_t
*addr
)
1188 switch (tor_addr_family(addr
)) {
1190 return siphash24g(&addr
->addr
.in_addr
.s_addr
, 4);
1194 return siphash24g(&addr
->addr
.in6_addr
.s6_addr
, 16);
1196 /* LCOV_EXCL_START */
1197 tor_fragile_assert();
1203 /** Return a newly allocated string with a representation of <b>addr</b>. */
1205 tor_addr_to_str_dup(const tor_addr_t
*addr
)
1207 char buf
[TOR_ADDR_BUF_LEN
];
1208 if (tor_addr_to_str(buf
, addr
, sizeof(buf
), 0)) {
1209 return tor_strdup(buf
);
1211 return tor_strdup("<unknown address type>");
1215 /** Return a string representing the address <b>addr</b>. This string
1216 * is statically allocated, and must not be freed. Each call to
1217 * <b>fmt_addr_impl</b> invalidates the last result of the function.
1218 * This function is not thread-safe. If <b>decorate</b> is set, add
1219 * brackets to IPv6 addresses.
1221 * It's better to use the wrapper macros of this function:
1222 * <b>fmt_addr()</b> and <b>fmt_and_decorate_addr()</b>.
1225 fmt_addr_impl(const tor_addr_t
*addr
, int decorate
)
1227 static char buf
[TOR_ADDR_BUF_LEN
];
1228 if (!addr
) return "<null>";
1229 if (tor_addr_to_str(buf
, addr
, sizeof(buf
), decorate
))
1235 /** Return a string representing the pair <b>addr</b> and <b>port</b>.
1236 * This calls fmt_and_decorate_addr internally, so IPv6 addresses will
1237 * have brackets, and the caveats of fmt_addr_impl apply.
1240 fmt_addrport(const tor_addr_t
*addr
, uint16_t port
)
1242 /* Add space for a colon and up to 5 digits. */
1243 static char buf
[TOR_ADDR_BUF_LEN
+ 6];
1244 tor_snprintf(buf
, sizeof(buf
), "%s:%u", fmt_and_decorate_addr(addr
), port
);
1248 /** Like fmt_addr(), but takes <b>addr</b> as a host-order IPv4
1249 * addresses. Also not thread-safe, also clobbers its return buffer on
1250 * repeated calls. */
1252 fmt_addr32(uint32_t addr
)
1254 static char buf
[INET_NTOA_BUF_LEN
];
1256 in
.s_addr
= htonl(addr
);
1257 tor_inet_ntoa(&in
, buf
, sizeof(buf
));
1261 /** Convert the string in <b>src</b> to a tor_addr_t <b>addr</b>. The string
1262 * may be an IPv4 address, an IPv6 address, or an IPv6 address surrounded by
1265 * Return an address family on success, or -1 if an invalid address string is
1268 tor_addr_parse(tor_addr_t
*addr
, const char *src
)
1270 /* Holds substring of IPv6 address after removing square brackets */
1273 struct in_addr in_tmp
;
1274 struct in6_addr in6_tmp
;
1275 tor_assert(addr
&& src
);
1276 if (src
[0] == '[' && src
[1])
1277 src
= tmp
= tor_strndup(src
+1, strlen(src
)-2);
1279 if (tor_inet_pton(AF_INET6
, src
, &in6_tmp
) > 0) {
1281 tor_addr_from_in6(addr
, &in6_tmp
);
1282 } else if (tor_inet_pton(AF_INET
, src
, &in_tmp
) > 0) {
1284 tor_addr_from_in(addr
, &in_tmp
);
1293 /** Parse an address or address-port combination from <b>s</b>, resolve the
1294 * address as needed, and put the result in <b>addr_out</b> and (optionally)
1295 * <b>port_out</b>. Return 0 on success, negative on failure. */
1297 tor_addr_port_lookup(const char *s
, tor_addr_t
*addr_out
, uint16_t *port_out
)
1305 tor_assert(addr_out
);
1307 s
= eat_whitespace(s
);
1310 port
= strstr(s
, "]");
1313 tmp
= tor_strndup(s
+1, port
-(s
+1));
1320 port
= strchr(s
, ':');
1322 tmp
= tor_strndup(s
, port
-s
);
1324 tmp
= tor_strdup(s
);
1329 if (tor_addr_lookup(tmp
, AF_UNSPEC
, &addr
) != 0)
1334 portval
= (int) tor_parse_long(port
, 10, 1, 65535, NULL
, NULL
);
1342 *port_out
= portval
;
1343 tor_addr_copy(addr_out
, &addr
);
1352 typedef ULONG (WINAPI
*GetAdaptersAddresses_fn_t
)(
1353 ULONG
, ULONG
, PVOID
, PIP_ADAPTER_ADDRESSES
, PULONG
);
1356 #ifdef HAVE_IFADDRS_TO_SMARTLIST
1358 * Convert a linked list consisting of <b>ifaddrs</b> structures
1359 * into smartlist of <b>tor_addr_t</b> structures.
1361 STATIC smartlist_t
*
1362 ifaddrs_to_smartlist(const struct ifaddrs
*ifa
, sa_family_t family
)
1364 smartlist_t
*result
= smartlist_new();
1365 const struct ifaddrs
*i
;
1367 for (i
= ifa
; i
; i
= i
->ifa_next
) {
1369 if ((i
->ifa_flags
& (IFF_UP
| IFF_RUNNING
)) != (IFF_UP
| IFF_RUNNING
))
1373 if (i
->ifa_addr
->sa_family
!= AF_INET
&&
1374 i
->ifa_addr
->sa_family
!= AF_INET6
)
1376 if (family
!= AF_UNSPEC
&& i
->ifa_addr
->sa_family
!= family
)
1378 if (tor_addr_from_sockaddr(&tmp
, i
->ifa_addr
, NULL
) < 0)
1380 smartlist_add(result
, tor_memdup(&tmp
, sizeof(tmp
)));
1386 /** Use getiffaddrs() function to get list of current machine
1387 * network interface addresses. Represent the result by smartlist of
1388 * <b>tor_addr_t</b> structures.
1390 STATIC smartlist_t
*
1391 get_interface_addresses_ifaddrs(int severity
, sa_family_t family
)
1394 /* Most free Unixy systems provide getifaddrs, which gives us a linked list
1395 * of struct ifaddrs. */
1396 struct ifaddrs
*ifa
= NULL
;
1397 smartlist_t
*result
;
1398 if (getifaddrs(&ifa
) < 0) {
1399 log_fn(severity
, LD_NET
, "Unable to call getifaddrs(): %s",
1404 result
= ifaddrs_to_smartlist(ifa
, family
);
1412 #ifdef HAVE_IP_ADAPTER_TO_SMARTLIST
1414 /** Convert a Windows-specific <b>addresses</b> linked list into smartlist
1415 * of <b>tor_addr_t</b> structures.
1418 STATIC smartlist_t
*
1419 ip_adapter_addresses_to_smartlist(const IP_ADAPTER_ADDRESSES
*addresses
)
1421 smartlist_t
*result
= smartlist_new();
1422 const IP_ADAPTER_ADDRESSES
*address
;
1424 for (address
= addresses
; address
; address
= address
->Next
) {
1425 const IP_ADAPTER_UNICAST_ADDRESS
*a
;
1426 for (a
= address
->FirstUnicastAddress
; a
; a
= a
->Next
) {
1427 /* Yes, it's a linked list inside a linked list */
1428 const struct sockaddr
*sa
= a
->Address
.lpSockaddr
;
1430 if (sa
->sa_family
!= AF_INET
&& sa
->sa_family
!= AF_INET6
)
1432 if (tor_addr_from_sockaddr(&tmp
, sa
, NULL
) < 0)
1434 smartlist_add(result
, tor_memdup(&tmp
, sizeof(tmp
)));
1441 /** Windows only: use GetAdaptersInfo() function to retrieve network interface
1442 * addresses of current machine and return them to caller as smartlist of
1443 * <b>tor_addr_t</b> structures.
1445 STATIC smartlist_t
*
1446 get_interface_addresses_win32(int severity
, sa_family_t family
)
1449 /* Windows XP began to provide GetAdaptersAddresses. Windows 2000 had a
1450 "GetAdaptersInfo", but that's deprecated; let's just try
1451 GetAdaptersAddresses and fall back to connect+getsockname.
1453 HANDLE lib
= load_windows_system_library(TEXT("iphlpapi.dll"));
1454 smartlist_t
*result
= NULL
;
1455 GetAdaptersAddresses_fn_t fn
;
1457 IP_ADAPTER_ADDRESSES
*addresses
= NULL
;
1461 #define FLAGS (GAA_FLAG_SKIP_ANYCAST | \
1462 GAA_FLAG_SKIP_MULTICAST | \
1463 GAA_FLAG_SKIP_DNS_SERVER)
1466 log_fn(severity
, LD_NET
, "Unable to load iphlpapi.dll");
1470 if (!(fn
= (GetAdaptersAddresses_fn_t
)
1471 GetProcAddress(lib
, "GetAdaptersAddresses"))) {
1472 log_fn(severity
, LD_NET
, "Unable to obtain pointer to "
1473 "GetAdaptersAddresses");
1477 /* Guess how much space we need. */
1479 addresses
= tor_malloc(size
);
1480 res
= fn(family
, FLAGS
, NULL
, addresses
, &size
);
1481 if (res
== ERROR_BUFFER_OVERFLOW
) {
1482 /* we didn't guess that we needed enough space; try again */
1483 tor_free(addresses
);
1484 addresses
= tor_malloc(size
);
1485 res
= fn(AF_UNSPEC
, FLAGS
, NULL
, addresses
, &size
);
1487 if (res
!= NO_ERROR
) {
1488 log_fn(severity
, LD_NET
, "GetAdaptersAddresses failed (result: %lu)", res
);
1492 result
= ip_adapter_addresses_to_smartlist(addresses
);
1497 tor_free(addresses
);
1503 #ifdef HAVE_IFCONF_TO_SMARTLIST
1505 /* Guess how much space we need. There shouldn't be any struct ifreqs
1506 * larger than this, even on OS X where the struct's size is dynamic. */
1507 #define IFREQ_SIZE 4096
1509 /* This is defined on Mac OS X */
1510 #ifndef _SIZEOF_ADDR_IFREQ
1511 #define _SIZEOF_ADDR_IFREQ sizeof
1514 /** Convert <b>*buf</b>, an ifreq structure array of size <b>buflen</b>,
1515 * into smartlist of <b>tor_addr_t</b> structures.
1517 STATIC smartlist_t
*
1518 ifreq_to_smartlist(char *buf
, size_t buflen
)
1520 smartlist_t
*result
= smartlist_new();
1521 char *end
= buf
+ buflen
;
1523 /* These acrobatics are due to alignment issues which trigger
1524 * undefined behaviour traps on OSX. */
1525 struct ifreq
*r
= tor_malloc(IFREQ_SIZE
);
1528 /* Copy up to IFREQ_SIZE bytes into the struct ifreq, but don't overrun
1530 memcpy(r
, buf
, end
- buf
< IFREQ_SIZE
? end
- buf
: IFREQ_SIZE
);
1532 const struct sockaddr
*sa
= &r
->ifr_addr
;
1534 int valid_sa_family
= (sa
->sa_family
== AF_INET
||
1535 sa
->sa_family
== AF_INET6
);
1537 int conversion_success
= (tor_addr_from_sockaddr(&tmp
, sa
, NULL
) == 0);
1539 if (valid_sa_family
&& conversion_success
)
1540 smartlist_add(result
, tor_memdup(&tmp
, sizeof(tmp
)));
1542 buf
+= _SIZEOF_ADDR_IFREQ(*r
);
1549 /** Use ioctl(.,SIOCGIFCONF,.) to get a list of current machine
1550 * network interface addresses. Represent the result by smartlist of
1551 * <b>tor_addr_t</b> structures.
1553 STATIC smartlist_t
*
1554 get_interface_addresses_ioctl(int severity
, sa_family_t family
)
1556 /* Some older unixy systems make us use ioctl(SIOCGIFCONF) */
1560 smartlist_t
*result
= NULL
;
1562 /* This interface, AFAICT, only supports AF_INET addresses,
1563 * except on AIX. For Solaris, we could use SIOCGLIFCONF. */
1565 /* Bail out if family is neither AF_INET nor AF_UNSPEC since
1566 * ioctl() technique supports non-IPv4 interface addresses on
1567 * a small number of niche systems only. If family is AF_UNSPEC,
1568 * fall back to getting AF_INET addresses only. */
1569 if (family
== AF_UNSPEC
)
1571 else if (family
!= AF_INET
)
1574 fd
= socket(family
, SOCK_DGRAM
, 0);
1576 tor_log(severity
, LD_NET
, "socket failed: %s", strerror(errno
));
1583 ifc
.ifc_len
= mult
* IFREQ_SIZE
;
1584 ifc
.ifc_buf
= tor_realloc(ifc
.ifc_buf
, ifc
.ifc_len
);
1586 tor_assert(ifc
.ifc_buf
);
1588 if (ioctl(fd
, SIOCGIFCONF
, &ifc
) < 0) {
1589 tor_log(severity
, LD_NET
, "ioctl failed: %s", strerror(errno
));
1592 /* Ensure we have least IFREQ_SIZE bytes unused at the end. Otherwise, we
1593 * don't know if we got everything during ioctl. */
1594 } while (mult
* IFREQ_SIZE
- ifc
.ifc_len
<= IFREQ_SIZE
);
1595 result
= ifreq_to_smartlist(ifc
.ifc_buf
, ifc
.ifc_len
);
1600 tor_free(ifc
.ifc_buf
);
1605 /** Try to ask our network interfaces what addresses they are bound to.
1606 * Return a new smartlist of tor_addr_t on success, and NULL on failure.
1607 * (An empty smartlist indicates that we successfully learned that we have no
1608 * addresses.) Log failure messages at <b>severity</b>. Only return the
1609 * interface addresses of requested <b>family</b> and ignore the addresses
1610 * of other address families. */
1611 MOCK_IMPL(smartlist_t
*,
1612 get_interface_addresses_raw
,(int severity
, sa_family_t family
))
1614 smartlist_t
*result
= NULL
;
1615 #if defined(HAVE_IFADDRS_TO_SMARTLIST)
1616 if ((result
= get_interface_addresses_ifaddrs(severity
, family
)))
1619 #if defined(HAVE_IP_ADAPTER_TO_SMARTLIST)
1620 if ((result
= get_interface_addresses_win32(severity
, family
)))
1623 #if defined(HAVE_IFCONF_TO_SMARTLIST)
1624 if ((result
= get_interface_addresses_ioctl(severity
, family
)))
1632 /** Return true iff <b>a</b> is a multicast address. */
1634 tor_addr_is_multicast(const tor_addr_t
*a
)
1636 sa_family_t family
= tor_addr_family(a
);
1637 if (family
== AF_INET
) {
1638 uint32_t ipv4h
= tor_addr_to_ipv4h(a
);
1639 if ((ipv4h
>> 24) == 0xe0)
1640 return 1; /* Multicast */
1641 } else if (family
== AF_INET6
) {
1642 const uint8_t *a32
= tor_addr_to_in6_addr8(a
);
1649 /** Attempt to retrieve IP address of current host by utilizing some
1650 * UDP socket trickery. Only look for address of given <b>family</b>
1651 * (only AF_INET and AF_INET6 are supported). Set result to *<b>addr</b>.
1652 * Return 0 on success, -1 on failure.
1655 get_interface_address6_via_udp_socket_hack
,(int severity
,
1659 struct sockaddr_storage my_addr
, target_addr
;
1663 memset(addr
, 0, sizeof(tor_addr_t
));
1664 memset(&target_addr
, 0, sizeof(target_addr
));
1666 /* Don't worry: no packets are sent. We just need to use a real address
1667 * on the actual Internet. */
1668 if (family
== AF_INET6
) {
1669 struct sockaddr_in6
*sin6
= (struct sockaddr_in6
*)&target_addr
;
1670 /* Use the "discard" service port */
1671 sin6
->sin6_port
= htons(9);
1672 sock
= tor_open_socket(PF_INET6
,SOCK_DGRAM
,IPPROTO_UDP
);
1673 addr_len
= (socklen_t
)sizeof(struct sockaddr_in6
);
1674 sin6
->sin6_family
= AF_INET6
;
1675 S6_ADDR16(sin6
->sin6_addr
)[0] = htons(0x2002); /* 2002:: */
1676 } else if (family
== AF_INET
) {
1677 struct sockaddr_in
*sin
= (struct sockaddr_in
*)&target_addr
;
1678 /* Use the "discard" service port */
1679 sin
->sin_port
= htons(9);
1680 sock
= tor_open_socket(PF_INET
,SOCK_DGRAM
,IPPROTO_UDP
);
1681 addr_len
= (socklen_t
)sizeof(struct sockaddr_in
);
1682 sin
->sin_family
= AF_INET
;
1683 sin
->sin_addr
.s_addr
= htonl(0x12000001); /* 18.0.0.1 */
1689 int e
= tor_socket_errno(-1);
1690 log_fn(severity
, LD_NET
, "unable to create socket: %s",
1691 tor_socket_strerror(e
));
1695 if (tor_connect_socket(sock
,(struct sockaddr
*)&target_addr
,
1697 int e
= tor_socket_errno(sock
);
1698 log_fn(severity
, LD_NET
, "connect() failed: %s", tor_socket_strerror(e
));
1702 if (tor_getsockname(sock
,(struct sockaddr
*)&my_addr
, &addr_len
)) {
1703 int e
= tor_socket_errno(sock
);
1704 log_fn(severity
, LD_NET
, "getsockname() to determine interface failed: %s",
1705 tor_socket_strerror(e
));
1709 if (tor_addr_from_sockaddr(addr
, (struct sockaddr
*)&my_addr
, NULL
) == 0) {
1710 if (tor_addr_is_loopback(addr
) || tor_addr_is_multicast(addr
)) {
1711 log_fn(severity
, LD_NET
, "Address that we determined via UDP socket"
1712 " magic is unsuitable for public comms.");
1720 tor_close_socket(sock
);
1722 memset(addr
, 0, sizeof(tor_addr_t
));
1726 /** Set *<b>addr</b> to an arbitrary IP address (if any) of an interface that
1727 * connects to the Internet. Prefer public IP addresses to internal IP
1728 * addresses. This address should only be used in checking whether our
1729 * address has changed, as it may be an internal IP address. Return 0 on
1730 * success, -1 on failure.
1731 * Prefer get_interface_address6_list for a list of all addresses on all
1732 * interfaces which connect to the Internet.
1735 get_interface_address6
,(int severity
, sa_family_t family
, tor_addr_t
*addr
))
1741 memset(addr
, 0, sizeof(tor_addr_t
));
1743 /* Get a list of public or internal IPs in arbitrary order */
1744 addrs
= get_interface_address6_list(severity
, family
, 1);
1746 /* Find the first non-internal address, or the last internal address
1747 * Ideally, we want the default route, see #12377 for details */
1748 SMARTLIST_FOREACH_BEGIN(addrs
, tor_addr_t
*, a
) {
1749 tor_addr_copy(addr
, a
);
1752 /* If we found a non-internal address, declare success. Otherwise,
1754 if (!tor_addr_is_internal(a
, 0))
1756 } SMARTLIST_FOREACH_END(a
);
1758 free_interface_address6_list(addrs
);
1762 /** Free a smartlist of IP addresses returned by get_interface_address6_list.
1765 free_interface_address6_list(smartlist_t
*addrs
)
1767 if (addrs
!= NULL
) {
1768 SMARTLIST_FOREACH(addrs
, tor_addr_t
*, a
, tor_free(a
));
1769 smartlist_free(addrs
);
1773 /** Return a smartlist of the IP addresses of type family from all interfaces
1774 * on the server. Excludes loopback and multicast addresses. Only includes
1775 * internal addresses if include_internal is true. (Note that a relay behind
1776 * NAT may use an internal address to connect to the Internet.)
1777 * An empty smartlist means that there are no addresses of the selected type
1778 * matching these criteria.
1779 * Returns NULL on failure.
1780 * Use free_interface_address6_list to free the returned list.
1782 MOCK_IMPL(smartlist_t
*,get_interface_address6_list
,(int severity
,
1784 int include_internal
))
1789 /* Try to do this the smart way if possible. */
1790 if ((addrs
= get_interface_addresses_raw(severity
, family
))) {
1791 SMARTLIST_FOREACH_BEGIN(addrs
, tor_addr_t
*, a
)
1793 if (tor_addr_is_loopback(a
) ||
1794 tor_addr_is_multicast(a
)) {
1795 SMARTLIST_DEL_CURRENT_KEEPORDER(addrs
, a
);
1800 if (!include_internal
&& tor_addr_is_internal(a
, 0)) {
1801 SMARTLIST_DEL_CURRENT_KEEPORDER(addrs
, a
);
1805 } SMARTLIST_FOREACH_END(a
);
1808 if (addrs
&& smartlist_len(addrs
) > 0) {
1812 /* if we removed all entries as unsuitable */
1814 smartlist_free(addrs
);
1817 /* Okay, the smart way is out. */
1818 addrs
= smartlist_new();
1820 if (family
== AF_INET
|| family
== AF_UNSPEC
) {
1821 if (get_interface_address6_via_udp_socket_hack(severity
,AF_INET
,
1823 if (include_internal
|| !tor_addr_is_internal(&addr
, 0)) {
1824 smartlist_add(addrs
, tor_memdup(&addr
, sizeof(addr
)));
1829 if (family
== AF_INET6
|| family
== AF_UNSPEC
) {
1830 if (get_interface_address6_via_udp_socket_hack(severity
,AF_INET6
,
1832 if (include_internal
|| !tor_addr_is_internal(&addr
, 0)) {
1833 smartlist_add(addrs
, tor_memdup(&addr
, sizeof(addr
)));
1843 * XXXX IPv6 deprecate some of these.
1846 /** Given an address of the form "ip:port", try to divide it into its
1847 * ip and port portions, setting *<b>address_out</b> to a newly
1848 * allocated string holding the address portion and *<b>port_out</b>
1851 * Don't do DNS lookups and don't allow domain names in the "ip" field.
1853 * If <b>default_port</b> is less than 0, don't accept <b>addrport</b> of the
1854 * form "ip" or "ip:0". Otherwise, accept those forms, and set
1855 * *<b>port_out</b> to <b>default_port</b>.
1857 * Return 0 on success, -1 on failure. */
1859 tor_addr_port_parse(int severity
, const char *addrport
,
1860 tor_addr_t
*address_out
, uint16_t *port_out
,
1865 char *addr_tmp
= NULL
;
1867 tor_assert(addrport
);
1868 tor_assert(address_out
);
1869 tor_assert(port_out
);
1871 r
= tor_addr_port_split(severity
, addrport
, &addr_tmp
, port_out
);
1876 if (default_port
>= 0)
1877 *port_out
= default_port
;
1882 /* make sure that address_out is an IP address */
1883 if (tor_addr_parse(address_out
, addr_tmp
) < 0)
1893 /** Given an address of the form "host[:port]", try to divide it into its host
1894 * and port portions, setting *<b>address_out</b> to a newly allocated string
1895 * holding the address portion and *<b>port_out</b> to the port (or 0 if no
1896 * port is given). Return 0 on success, -1 on failure. */
1898 tor_addr_port_split(int severity
, const char *addrport
,
1899 char **address_out
, uint16_t *port_out
)
1902 tor_assert(addrport
);
1903 tor_assert(address_out
);
1904 tor_assert(port_out
);
1905 /* We need to check for IPv6 manually because addr_port_lookup() doesn't
1906 * do a good job on IPv6 addresses that lack a port. */
1907 if (tor_addr_parse(&a_tmp
, addrport
) == AF_INET6
) {
1909 *address_out
= tor_strdup(addrport
);
1913 return addr_port_lookup(severity
, addrport
, address_out
, NULL
, port_out
);
1916 /** Parse a string of the form "host[:port]" from <b>addrport</b>. If
1917 * <b>address</b> is provided, set *<b>address</b> to a copy of the
1918 * host portion of the string. If <b>addr</b> is provided, try to
1919 * resolve the host portion of the string and store it into
1920 * *<b>addr</b> (in host byte order). If <b>port_out</b> is provided,
1921 * store the port number into *<b>port_out</b>, or 0 if no port is given.
1922 * If <b>port_out</b> is NULL, then there must be no port number in
1924 * Return 0 on success, -1 on failure.
1927 addr_port_lookup(int severity
, const char *addrport
, char **address
,
1928 uint32_t *addr
, uint16_t *port_out
)
1931 char *address_
= NULL
;
1935 tor_assert(addrport
);
1937 colon
= strrchr(addrport
, ':');
1939 address_
= tor_strndup(addrport
, colon
-addrport
);
1940 port_
= (int) tor_parse_long(colon
+1,10,1,65535,NULL
,NULL
);
1942 log_fn(severity
, LD_GENERAL
, "Port %s out of range", escaped(colon
+1));
1946 char *esc_addrport
= esc_for_log(addrport
);
1947 log_fn(severity
, LD_GENERAL
,
1948 "Port %s given on %s when not required",
1949 escaped(colon
+1), esc_addrport
);
1950 tor_free(esc_addrport
);
1954 address_
= tor_strdup(addrport
);
1959 /* There's an addr pointer, so we need to resolve the hostname. */
1960 if (tor_lookup_hostname(address_
,addr
)) {
1961 log_fn(severity
, LD_NET
, "Couldn't look up %s", escaped(address_
));
1967 if (address
&& ok
) {
1968 *address
= address_
;
1975 *port_out
= ok
? ((uint16_t) port_
) : 0;
1980 /** If <b>mask</b> is an address mask for a bit-prefix, return the number of
1981 * bits. Otherwise, return -1. */
1983 addr_mask_get_bits(uint32_t mask
)
1988 if (mask
== 0xFFFFFFFFu
)
1990 for (i
=1; i
<=32; ++i
) {
1991 if (mask
== (uint32_t) ~((1u<<(32-i
))-1)) {
1998 /** Parse a string <b>s</b> in the format of (*|port(-maxport)?)?, setting the
1999 * various *out pointers as appropriate. Return 0 on success, -1 on failure.
2002 parse_port_range(const char *port
, uint16_t *port_min_out
,
2003 uint16_t *port_max_out
)
2005 int port_min
, port_max
, ok
;
2006 tor_assert(port_min_out
);
2007 tor_assert(port_max_out
);
2009 if (!port
|| *port
== '\0' || strcmp(port
, "*") == 0) {
2013 char *endptr
= NULL
;
2014 port_min
= (int)tor_parse_long(port
, 10, 0, 65535, &ok
, &endptr
);
2016 log_warn(LD_GENERAL
,
2017 "Malformed port %s on address range; rejecting.",
2020 } else if (endptr
&& *endptr
== '-') {
2023 port_max
= (int)tor_parse_long(port
, 10, 1, 65535, &ok
, &endptr
);
2025 log_warn(LD_GENERAL
,
2026 "Malformed port %s on address range; rejecting.",
2031 port_max
= port_min
;
2033 if (port_min
> port_max
) {
2034 log_warn(LD_GENERAL
, "Insane port range on address policy; rejecting.");
2041 if (port_max
> 65535)
2044 *port_min_out
= (uint16_t) port_min
;
2045 *port_max_out
= (uint16_t) port_max
;
2050 /** Given an IPv4 in_addr struct *<b>in</b> (in network order, as usual),
2051 * write it as a string into the <b>buf_len</b>-byte buffer in
2055 tor_inet_ntoa(const struct in_addr
*in
, char *buf
, size_t buf_len
)
2057 uint32_t a
= ntohl(in
->s_addr
);
2058 return tor_snprintf(buf
, buf_len
, "%d.%d.%d.%d",
2059 (int)(uint8_t)((a
>>24)&0xff),
2060 (int)(uint8_t)((a
>>16)&0xff),
2061 (int)(uint8_t)((a
>>8 )&0xff),
2062 (int)(uint8_t)((a
)&0xff));
2065 /** Given a host-order <b>addr</b>, call tor_inet_ntop() on it
2066 * and return a strdup of the resulting address.
2069 tor_dup_ip(uint32_t addr
)
2071 char buf
[TOR_ADDR_BUF_LEN
];
2074 in
.s_addr
= htonl(addr
);
2075 tor_inet_ntop(AF_INET
, &in
, buf
, sizeof(buf
));
2076 return tor_strdup(buf
);
2080 * Set *<b>addr</b> to a host-order IPv4 address (if any) of an
2081 * interface that connects to the Internet. Prefer public IP addresses to
2082 * internal IP addresses. This address should only be used in checking
2083 * whether our address has changed, as it may be an internal IPv4 address.
2084 * Return 0 on success, -1 on failure.
2085 * Prefer get_interface_address_list6 for a list of all IPv4 and IPv6
2086 * addresses on all interfaces which connect to the Internet.
2089 get_interface_address
,(int severity
, uint32_t *addr
))
2091 tor_addr_t local_addr
;
2094 memset(addr
, 0, sizeof(uint32_t));
2096 r
= get_interface_address6(severity
, AF_INET
, &local_addr
);
2098 *addr
= tor_addr_to_ipv4h(&local_addr
);
2102 /** Return true if we can tell that <b>name</b> is a canonical name for the
2103 * loopback address. */
2105 tor_addr_hostname_is_local(const char *name
)
2107 return !strcasecmp(name
, "localhost") ||
2108 !strcasecmp(name
, "local") ||
2109 !strcasecmpend(name
, ".local");
2112 /** Return a newly allocated tor_addr_port_t with <b>addr</b> and
2113 <b>port</b> filled in. */
2115 tor_addr_port_new(const tor_addr_t
*addr
, uint16_t port
)
2117 tor_addr_port_t
*ap
= tor_malloc_zero(sizeof(tor_addr_port_t
));
2119 tor_addr_copy(&ap
->addr
, addr
);