search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Fix pathbias interactions with entry guards
[tor.git] / src / common / address.c
blob773e688554e1bbaaae97ce63eae9b74a0a62cddc
1 /* Copyright (c) 2003-2004, Roger Dingledine
2 * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson.
3 * Copyright (c) 2007-2016, The Tor Project, Inc. */
4 /* See LICENSE for licensing information */
5
6 /**
7 * \file address.c
8 * \brief Functions to use and manipulate the tor_addr_t structure.
9 **/
10
11 #define ADDRESS_PRIVATE
12
13 #include "orconfig.h"
14
15 #ifdef _WIN32
16 /* For access to structs needed by GetAdaptersAddresses */
17 #ifndef WIN32_LEAN_AND_MEAN
18 #error "orconfig.h didn't define WIN32_LEAN_AND_MEAN"
19 #endif
20 #ifndef WINVER
21 #error "orconfig.h didn't define WINVER"
22 #endif
23 #ifndef _WIN32_WINNT
24 #error "orconfig.h didn't define _WIN32_WINNT"
25 #endif
26 #if WINVER < 0x0501
27 #error "winver too low"
28 #endif
29 #if _WIN32_WINNT < 0x0501
30 #error "winver too low"
31 #endif
32 #include <winsock2.h>
33 #include <process.h>
34 #include <windows.h>
35 #include <iphlpapi.h>
36 #endif
37
38 #include "compat.h"
39 #include "util.h"
40 #include "util_format.h"
41 #include "address.h"
42 #include "torlog.h"
43 #include "container.h"
44 #include "sandbox.h"
45
46 #ifdef HAVE_SYS_TIME_H
47 #include <sys/time.h>
48 #endif
49 #ifdef HAVE_UNISTD_H
50 #include <unistd.h>
51 #endif
52 #ifdef HAVE_ERRNO_H
53 #include <errno.h>
54 #endif
55 #ifdef HAVE_NETINET_IN_H
56 #include <netinet/in.h>
57 #endif
58 #ifdef HAVE_ARPA_INET_H
59 #include <arpa/inet.h>
60 #endif
61 #ifdef HAVE_SYS_SOCKET_H
62 #include <sys/socket.h>
63 #endif
64 #ifdef HAVE_NETDB_H
65 #include <netdb.h>
66 #endif
67 #ifdef HAVE_SYS_PARAM_H
68 #include <sys/param.h> /* FreeBSD needs this to know what version it is */
69 #endif
70 #ifdef HAVE_SYS_UN_H
71 #include <sys/un.h>
72 #endif
73 #ifdef HAVE_IFADDRS_H
74 #include <ifaddrs.h>
75 #endif
76 #ifdef HAVE_SYS_IOCTL_H
77 #include <sys/ioctl.h>
78 #endif
79 #ifdef HAVE_NET_IF_H
80 #include <net/if.h>
81 #endif
82 #include <stdarg.h>
83 #include <stdio.h>
84 #include <stdlib.h>
85 #include <string.h>
86 #include <assert.h>
87
88 /* tor_addr_is_null() and maybe other functions rely on AF_UNSPEC being 0 to
89 * work correctly. Bail out here if we've found a platform where AF_UNSPEC
90 * isn't 0. */
91 #if AF_UNSPEC != 0
92 #error We rely on AF_UNSPEC being 0. Let us know about your platform, please!
93 #endif
94
95 /** Convert the tor_addr_t in <b>a</b>, with port in <b>port</b>, into a
96 * sockaddr object in *<b>sa_out</b> of object size <b>len</b>. If not enough
97 * room is available in sa_out, or on error, return 0. On success, return
98 * the length of the sockaddr.
99 *
100 * Interface note: ordinarily, we return -1 for error. We can't do that here,
101 * since socklen_t is unsigned on some platforms.
102 **/
103 socklen_t
104 tor_addr_to_sockaddr(const tor_addr_t *a,
105 uint16_t port,
106 struct sockaddr *sa_out,
107 socklen_t len)
108 {
109 memset(sa_out, 0, len);
110
111 sa_family_t family = tor_addr_family(a);
112 if (family == AF_INET) {
113 struct sockaddr_in *sin;
114 if (len < (int)sizeof(struct sockaddr_in))
115 return 0;
116 sin = (struct sockaddr_in *)sa_out;
117 #ifdef HAVE_STRUCT_SOCKADDR_IN_SIN_LEN
118 sin->sin_len = sizeof(struct sockaddr_in);
119 #endif
120 sin->sin_family = AF_INET;
121 sin->sin_port = htons(port);
122 sin->sin_addr.s_addr = tor_addr_to_ipv4n(a);
123 return sizeof(struct sockaddr_in);
124 } else if (family == AF_INET6) {
125 struct sockaddr_in6 *sin6;
126 if (len < (int)sizeof(struct sockaddr_in6))
127 return 0;
128 sin6 = (struct sockaddr_in6 *)sa_out;
129 #ifdef HAVE_STRUCT_SOCKADDR_IN6_SIN6_LEN
130 sin6->sin6_len = sizeof(struct sockaddr_in6);
131 #endif
132 sin6->sin6_family = AF_INET6;
133 sin6->sin6_port = htons(port);
134 memcpy(&sin6->sin6_addr, tor_addr_to_in6_assert(a),
135 sizeof(struct in6_addr));
136 return sizeof(struct sockaddr_in6);
137 } else {
138 return 0;
139 }
140 }
141
142 /** Set address <b>a</b> to zero. This address belongs to
143 * the AF_UNIX family. */
144 static void
145 tor_addr_make_af_unix(tor_addr_t *a)
146 {
147 memset(a, 0, sizeof(*a));
148 a->family = AF_UNIX;
149 }
150
151 /** Set the tor_addr_t in <b>a</b> to contain the socket address contained in
152 * <b>sa</b>. IF <b>port_out</b> is non-NULL and <b>sa</b> contains a port,
153 * set *<b>port_out</b> to that port. Return 0 on success and -1 on
154 * failure. */
155 int
156 tor_addr_from_sockaddr(tor_addr_t *a, const struct sockaddr *sa,
157 uint16_t *port_out)
158 {
159 tor_assert(a);
160 tor_assert(sa);
161
162 memset(a, 0, sizeof(*a));
163
164 if (sa->sa_family == AF_INET) {
165 struct sockaddr_in *sin = (struct sockaddr_in *) sa;
166 tor_addr_from_ipv4n(a, sin->sin_addr.s_addr);
167 if (port_out)
168 *port_out = ntohs(sin->sin_port);
169 } else if (sa->sa_family == AF_INET6) {
170 struct sockaddr_in6 *sin6 = (struct sockaddr_in6 *) sa;
171 tor_addr_from_in6(a, &sin6->sin6_addr);
172 if (port_out)
173 *port_out = ntohs(sin6->sin6_port);
174 } else if (sa->sa_family == AF_UNIX) {
175 tor_addr_make_af_unix(a);
176 return 0;
177 } else {
178 tor_addr_make_unspec(a);
179 return -1;
180 }
181 return 0;
182 }
183
184 /** Return a newly allocated string holding the address described in
185 * <b>sa</b>. AF_UNIX, AF_UNSPEC, AF_INET, and AF_INET6 are supported. */
186 char *
187 tor_sockaddr_to_str(const struct sockaddr *sa)
188 {
189 char address[TOR_ADDR_BUF_LEN];
190 char *result;
191 tor_addr_t addr;
192 uint16_t port;
193 #ifdef HAVE_SYS_UN_H
194 if (sa->sa_family == AF_UNIX) {
195 struct sockaddr_un *s_un = (struct sockaddr_un *)sa;
196 tor_asprintf(&result, "unix:%s", s_un->sun_path);
197 return result;
198 }
199 #endif
200 if (sa->sa_family == AF_UNSPEC)
201 return tor_strdup("unspec");
202
203 if (tor_addr_from_sockaddr(&addr, sa, &port) < 0)
204 return NULL;
205 if (! tor_addr_to_str(address, &addr, sizeof(address), 1))
206 return NULL;
207 tor_asprintf(&result, "%s:%d", address, (int)port);
208 return result;
209 }
210
211 /** Set address <b>a</b> to the unspecified address. This address belongs to
212 * no family. */
213 void
214 tor_addr_make_unspec(tor_addr_t *a)
215 {
216 memset(a, 0, sizeof(*a));
217 a->family = AF_UNSPEC;
218 }
219
220 /** Set address <b>a</b> to the null address in address family <b>family</b>.
221 * The null address for AF_INET is 0.0.0.0. The null address for AF_INET6 is
222 * [::]. AF_UNSPEC is all null. */
223 void
224 tor_addr_make_null(tor_addr_t *a, sa_family_t family)
225 {
226 memset(a, 0, sizeof(*a));
227 a->family = family;
228 }
229
230 /** Similar behavior to Unix gethostbyname: resolve <b>name</b>, and set
231 * *<b>addr</b> to the proper IP address and family. The <b>family</b>
232 * argument (which must be AF_INET, AF_INET6, or AF_UNSPEC) declares a
233 * <i>preferred</i> family, though another one may be returned if only one
234 * family is implemented for this address.
235 *
236 * Return 0 on success, -1 on failure; 1 on transient failure.
237 */
238 int
239 tor_addr_lookup(const char *name, uint16_t family, tor_addr_t *addr)
240 {
241 /* Perhaps eventually this should be replaced by a tor_getaddrinfo or
242 * something.
243 */
244 struct in_addr iaddr;
245 struct in6_addr iaddr6;
246 tor_assert(name);
247 tor_assert(addr);
248 tor_assert(family == AF_INET || family == AF_INET6 || family == AF_UNSPEC);
249 if (!*name) {
250 /* Empty address is an error. */
251 return -1;
252 } else if (tor_inet_pton(AF_INET, name, &iaddr)) {
253 /* It's an IPv4 IP. */
254 if (family == AF_INET6)
255 return -1;
256 tor_addr_from_in(addr, &iaddr);
257 return 0;
258 } else if (tor_inet_pton(AF_INET6, name, &iaddr6)) {
259 if (family == AF_INET)
260 return -1;
261 tor_addr_from_in6(addr, &iaddr6);
262 return 0;
263 } else {
264 #ifdef HAVE_GETADDRINFO
265 int err;
266 struct addrinfo *res=NULL, *res_p;
267 struct addrinfo *best=NULL;
268 struct addrinfo hints;
269 int result = -1;
270 memset(&hints, 0, sizeof(hints));
271 hints.ai_family = family;
272 hints.ai_socktype = SOCK_STREAM;
273 err = sandbox_getaddrinfo(name, NULL, &hints, &res);
274 /* The check for 'res' here shouldn't be necessary, but it makes static
275 * analysis tools happy. */
276 if (!err && res) {
277 best = NULL;
278 for (res_p = res; res_p; res_p = res_p->ai_next) {
279 if (family == AF_UNSPEC) {
280 if (res_p->ai_family == AF_INET) {
281 best = res_p;
282 break;
283 } else if (res_p->ai_family == AF_INET6 && !best) {
284 best = res_p;
285 }
286 } else if (family == res_p->ai_family) {
287 best = res_p;
288 break;
289 }
290 }
291 if (!best)
292 best = res;
293 if (best->ai_family == AF_INET) {
294 tor_addr_from_in(addr,
295 &((struct sockaddr_in*)best->ai_addr)->sin_addr);
296 result = 0;
297 } else if (best->ai_family == AF_INET6) {
298 tor_addr_from_in6(addr,
299 &((struct sockaddr_in6*)best->ai_addr)->sin6_addr);
300 result = 0;
301 }
302 sandbox_freeaddrinfo(res);
303 return result;
304 }
305 return (err == EAI_AGAIN) ? 1 : -1;
306 #else
307 struct hostent *ent;
308 int err;
309 #ifdef HAVE_GETHOSTBYNAME_R_6_ARG
310 char buf[2048];
311 struct hostent hostent;
312 int r;
313 r = gethostbyname_r(name, &hostent, buf, sizeof(buf), &ent, &err);
314 #elif defined(HAVE_GETHOSTBYNAME_R_5_ARG)
315 char buf[2048];
316 struct hostent hostent;
317 ent = gethostbyname_r(name, &hostent, buf, sizeof(buf), &err);
318 #elif defined(HAVE_GETHOSTBYNAME_R_3_ARG)
319 struct hostent_data data;
320 struct hostent hent;
321 memset(&data, 0, sizeof(data));
322 err = gethostbyname_r(name, &hent, &data);
323 ent = err ? NULL : &hent;
324 #else
325 ent = gethostbyname(name);
326 #ifdef _WIN32
327 err = WSAGetLastError();
328 #else
329 err = h_errno;
330 #endif
331 #endif /* endif HAVE_GETHOSTBYNAME_R_6_ARG. */
332 if (ent) {
333 if (ent->h_addrtype == AF_INET) {
334 tor_addr_from_in(addr, (struct in_addr*) ent->h_addr);
335 } else if (ent->h_addrtype == AF_INET6) {
336 tor_addr_from_in6(addr, (struct in6_addr*) ent->h_addr);
337 } else {
338 tor_assert(0); // LCOV_EXCL_LINE: gethostbyname() returned bizarre type
339 }
340 return 0;
341 }
342 #ifdef _WIN32
343 return (err == WSATRY_AGAIN) ? 1 : -1;
344 #else
345 return (err == TRY_AGAIN) ? 1 : -1;
346 #endif
347 #endif
348 }
349 }
350
351 /** Return true iff <b>ip</b> is an IP reserved to localhost or local networks
352 * in RFC1918 or RFC4193 or RFC4291. (fec0::/10, deprecated by RFC3879, is
353 * also treated as internal for now.)
354 */
355 int
356 tor_addr_is_internal_(const tor_addr_t *addr, int for_listening,
357 const char *filename, int lineno)
358 {
359 uint32_t iph4 = 0;
360 uint32_t iph6[4];
361
362 tor_assert(addr);
363 sa_family_t v_family = tor_addr_family(addr);
364
365 if (v_family == AF_INET) {
366 iph4 = tor_addr_to_ipv4h(addr);
367 } else if (v_family == AF_INET6) {
368 if (tor_addr_is_v4(addr)) { /* v4-mapped */
369 uint32_t *addr32 = NULL;
370 v_family = AF_INET;
371 // Work around an incorrect NULL pointer dereference warning in
372 // "clang --analyze" due to limited analysis depth
373 addr32 = tor_addr_to_in6_addr32(addr);
374 // To improve performance, wrap this assertion in:
375 // #if !defined(__clang_analyzer__) || PARANOIA
376 tor_assert(addr32);
377 iph4 = ntohl(addr32[3]);
378 }
379 }
380
381 if (v_family == AF_INET6) {
382 const uint32_t *a32 = tor_addr_to_in6_addr32(addr);
383 iph6[0] = ntohl(a32[0]);
384 iph6[1] = ntohl(a32[1]);
385 iph6[2] = ntohl(a32[2]);
386 iph6[3] = ntohl(a32[3]);
387 if (for_listening && !iph6[0] && !iph6[1] && !iph6[2] && !iph6[3]) /* :: */
388 return 0;
389
390 if (((iph6[0] & 0xfe000000) == 0xfc000000) || /* fc00/7 - RFC4193 */
391 ((iph6[0] & 0xffc00000) == 0xfe800000) || /* fe80/10 - RFC4291 */
392 ((iph6[0] & 0xffc00000) == 0xfec00000)) /* fec0/10 D- RFC3879 */
393 return 1;
394
395 if (!iph6[0] && !iph6[1] && !iph6[2] &&
396 ((iph6[3] & 0xfffffffe) == 0x00000000)) /* ::/127 */
397 return 1;
398
399 return 0;
400 } else if (v_family == AF_INET) {
401 if (for_listening && !iph4) /* special case for binding to 0.0.0.0 */
402 return 0;
403 if (((iph4 & 0xff000000) == 0x0a000000) || /* 10/8 */
404 ((iph4 & 0xff000000) == 0x00000000) || /* 0/8 */
405 ((iph4 & 0xff000000) == 0x7f000000) || /* 127/8 */
406 ((iph4 & 0xffff0000) == 0xa9fe0000) || /* 169.254/16 */
407 ((iph4 & 0xfff00000) == 0xac100000) || /* 172.16/12 */
408 ((iph4 & 0xffff0000) == 0xc0a80000)) /* 192.168/16 */
409 return 1;
410 return 0;
411 }
412
413 /* unknown address family... assume it's not safe for external use */
414 /* rather than tor_assert(0) */
415 log_warn(LD_BUG, "tor_addr_is_internal() called from %s:%d with a "
416 "non-IP address of type %d", filename, lineno, (int)v_family);
417 tor_fragile_assert();
418 return 1;
419 }
420
421 /** Convert a tor_addr_t <b>addr</b> into a string, and store it in
422 * <b>dest</b> of size <b>len</b>. Returns a pointer to dest on success,
423 * or NULL on failure. If <b>decorate</b>, surround IPv6 addresses with
424 * brackets.
425 */
426 const char *
427 tor_addr_to_str(char *dest, const tor_addr_t *addr, size_t len, int decorate)
428 {
429 const char *ptr;
430 tor_assert(addr && dest);
431
432 switch (tor_addr_family(addr)) {
433 case AF_INET:
434 /* Shortest addr x.x.x.x + \0 */
435 if (len < 8)
436 return NULL;
437 ptr = tor_inet_ntop(AF_INET, &addr->addr.in_addr, dest, len);
438 break;
439 case AF_INET6:
440 /* Shortest addr [ :: ] + \0 */
441 if (len < (3 + (decorate ? 2 : 0)))
442 return NULL;
443
444 if (decorate)
445 ptr = tor_inet_ntop(AF_INET6, &addr->addr.in6_addr, dest+1, len-2);
446 else
447 ptr = tor_inet_ntop(AF_INET6, &addr->addr.in6_addr, dest, len);
448
449 if (ptr && decorate) {
450 *dest = '[';
451 memcpy(dest+strlen(dest), "]", 2);
452 tor_assert(ptr == dest+1);
453 ptr = dest;
454 }
455 break;
456 case AF_UNIX:
457 tor_snprintf(dest, len, "AF_UNIX");
458 ptr = dest;
459 break;
460 default:
461 return NULL;
462 }
463 return ptr;
464 }
465
466 /** Parse an .in-addr.arpa or .ip6.arpa address from <b>address</b>. Return 0
467 * if this is not an .in-addr.arpa address or an .ip6.arpa address. Return -1
468 * if this is an ill-formed .in-addr.arpa address or an .ip6.arpa address.
469 * Also return -1 if <b>family</b> is not AF_UNSPEC, and the parsed address
470 * family does not match <b>family</b>. On success, return 1, and store the
471 * result, if any, into <b>result</b>, if provided.
472 *
473 * If <b>accept_regular</b> is set and the address is in neither recognized
474 * reverse lookup hostname format, try parsing the address as a regular
475 * IPv4 or IPv6 address too.
476 */
477 int
478 tor_addr_parse_PTR_name(tor_addr_t *result, const char *address,
479 int family, int accept_regular)
480 {
481 if (!strcasecmpend(address, ".in-addr.arpa")) {
482 /* We have an in-addr.arpa address. */
483 char buf[INET_NTOA_BUF_LEN];
484 size_t len;
485 struct in_addr inaddr;
486 if (family == AF_INET6)
487 return -1;
488
489 len = strlen(address) - strlen(".in-addr.arpa");
490 if (len >= INET_NTOA_BUF_LEN)
491 return -1; /* Too long. */
492
493 memcpy(buf, address, len);
494 buf[len] = '\0';
495 if (tor_inet_aton(buf, &inaddr) == 0)
496 return -1; /* malformed. */
497
498 /* reverse the bytes */
499 inaddr.s_addr = (uint32_t)
500 (((inaddr.s_addr & 0x000000ff) << 24)
501 |((inaddr.s_addr & 0x0000ff00) << 8)
502 |((inaddr.s_addr & 0x00ff0000) >> 8)
503 |((inaddr.s_addr & 0xff000000) >> 24));
504
505 if (result) {
506 tor_addr_from_in(result, &inaddr);
507 }
508 return 1;
509 }
510
511 if (!strcasecmpend(address, ".ip6.arpa")) {
512 const char *cp;
513 int n0, n1;
514 struct in6_addr in6;
515
516 if (family == AF_INET)
517 return -1;
518
519 cp = address;
520 for (int i = 0; i < 16; ++i) {
521 n0 = hex_decode_digit(*cp++); /* The low-order nybble appears first. */
522 if (*cp++ != '.') return -1; /* Then a dot. */
523 n1 = hex_decode_digit(*cp++); /* The high-order nybble appears first. */
524 if (*cp++ != '.') return -1; /* Then another dot. */
525 if (n0<0 || n1 < 0) /* Both nybbles must be hex. */
526 return -1;
527
528 /* We don't check the length of the string in here. But that's okay,
529 * since we already know that the string ends with ".ip6.arpa", and
530 * there is no way to frameshift .ip6.arpa so it fits into the pattern
531 * of hexdigit, period, hexdigit, period that we enforce above.
532 */
533
534 /* Assign from low-byte to high-byte. */
535 in6.s6_addr[15-i] = n0 | (n1 << 4);
536 }
537 if (strcasecmp(cp, "ip6.arpa"))
538 return -1;
539
540 if (result) {
541 tor_addr_from_in6(result, &in6);
542 }
543 return 1;
544 }
545
546 if (accept_regular) {
547 tor_addr_t tmp;
548 int r = tor_addr_parse(&tmp, address);
549 if (r < 0)
550 return 0;
551 if (r != family && family != AF_UNSPEC)
552 return -1;
553
554 if (result)
555 memcpy(result, &tmp, sizeof(tor_addr_t));
556
557 return 1;
558 }
559
560 return 0;
561 }
562
563 /** Convert <b>addr</b> to an in-addr.arpa name or a .ip6.arpa name,
564 * and store the result in the <b>outlen</b>-byte buffer at
565 * <b>out</b>. Return the number of chars written to <b>out</b>, not
566 * including the trailing \0, on success. Returns -1 on failure. */
567 int
568 tor_addr_to_PTR_name(char *out, size_t outlen,
569 const tor_addr_t *addr)
570 {
571 tor_assert(out);
572 tor_assert(addr);
573
574 if (addr->family == AF_INET) {
575 uint32_t a = tor_addr_to_ipv4h(addr);
576
577 return tor_snprintf(out, outlen, "%d.%d.%d.%d.in-addr.arpa",
578 (int)(uint8_t)((a )&0xff),
579 (int)(uint8_t)((a>>8 )&0xff),
580 (int)(uint8_t)((a>>16)&0xff),
581 (int)(uint8_t)((a>>24)&0xff));
582 } else if (addr->family == AF_INET6) {
583 int i;
584 char *cp = out;
585 const uint8_t *bytes = tor_addr_to_in6_addr8(addr);
586 if (outlen < REVERSE_LOOKUP_NAME_BUF_LEN)
587 return -1;
588 for (i = 15; i >= 0; --i) {
589 uint8_t byte = bytes[i];
590 *cp++ = "0123456789abcdef"[byte & 0x0f];
591 *cp++ = '.';
592 *cp++ = "0123456789abcdef"[byte >> 4];
593 *cp++ = '.';
594 }
595 memcpy(cp, "ip6.arpa", 9); /* 8 characters plus NUL */
596 return 32 * 2 + 8;
597 }
598 return -1;
599 }
600
601 /** Parse a string <b>s</b> containing an IPv4/IPv6 address, and possibly
602 * a mask and port or port range. Store the parsed address in
603 * <b>addr_out</b>, a mask (if any) in <b>mask_out</b>, and port(s) (if any)
604 * in <b>port_min_out</b> and <b>port_max_out</b>.
605 *
606 * The syntax is:
607 * Address OptMask OptPortRange
608 * Address ::= IPv4Address / "[" IPv6Address "]" / "*"
609 * OptMask ::= "/" Integer /
610 * OptPortRange ::= ":*" / ":" Integer / ":" Integer "-" Integer /
611 *
612 * - If mask, minport, or maxport are NULL, we do not want these
613 * options to be set; treat them as an error if present.
614 * - If the string has no mask, the mask is set to /32 (IPv4) or /128 (IPv6).
615 * - If the string has one port, it is placed in both min and max port
616 * variables.
617 * - If the string has no port(s), port_(min|max)_out are set to 1 and 65535.
618 *
619 * Return an address family on success, or -1 if an invalid address string is
620 * provided.
621 *
622 * If 'flags & TAPMP_EXTENDED_STAR' is false, then the wildcard address '*'
623 * yield an IPv4 wildcard.
624 *
625 * If 'flags & TAPMP_EXTENDED_STAR' is true, then the wildcard address '*'
626 * yields an AF_UNSPEC wildcard address, which expands to corresponding
627 * wildcard IPv4 and IPv6 rules, and the following change is made
628 * in the grammar above:
629 * Address ::= IPv4Address / "[" IPv6Address "]" / "*" / "*4" / "*6"
630 * with the new "*4" and "*6" productions creating a wildcard to match
631 * IPv4 or IPv6 addresses.
632 *
633 * If 'flags & TAPMP_EXTENDED_STAR' and 'flags & TAPMP_STAR_IPV4_ONLY' are
634 * both true, then the wildcard address '*' yields an IPv4 wildcard.
635 *
636 * If 'flags & TAPMP_EXTENDED_STAR' and 'flags & TAPMP_STAR_IPV6_ONLY' are
637 * both true, then the wildcard address '*' yields an IPv6 wildcard.
638 *
639 * TAPMP_STAR_IPV4_ONLY and TAPMP_STAR_IPV6_ONLY are mutually exclusive. */
640 int
641 tor_addr_parse_mask_ports(const char *s,
642 unsigned flags,
643 tor_addr_t *addr_out,
644 maskbits_t *maskbits_out,
645 uint16_t *port_min_out, uint16_t *port_max_out)
646 {
647 char *base = NULL, *address, *mask = NULL, *port = NULL, *rbracket = NULL;
648 char *endptr;
649 int any_flag=0, v4map=0;
650 sa_family_t family;
651 struct in6_addr in6_tmp;
652 struct in_addr in_tmp = { .s_addr = 0 };
653
654 tor_assert(s);
655 tor_assert(addr_out);
656 /* We can either only want an IPv4 address or only want an IPv6 address,
657 * but we can't only want IPv4 & IPv6 at the same time. */
658 tor_assert(!((flags & TAPMP_STAR_IPV4_ONLY)
659 && (flags & TAPMP_STAR_IPV6_ONLY)));
660
661 /** Longest possible length for an address, mask, and port-range combination.
662 * Includes IP, [], /mask, :, ports */
663 #define MAX_ADDRESS_LENGTH (TOR_ADDR_BUF_LEN+2+(1+INET_NTOA_BUF_LEN)+12+1)
664
665 if (strlen(s) > MAX_ADDRESS_LENGTH) {
666 log_warn(LD_GENERAL, "Impossibly long IP %s; rejecting", escaped(s));
667 goto err;
668 }
669 base = tor_strdup(s);
670
671 /* Break 'base' into separate strings. */
672 address = base;
673 if (*address == '[') { /* Probably IPv6 */
674 address++;
675 rbracket = strchr(address, ']');
676 if (!rbracket) {
677 log_warn(LD_GENERAL,
678 "No closing IPv6 bracket in address pattern; rejecting.");
679 goto err;
680 }
681 }
682 mask = strchr((rbracket?rbracket:address),'/');
683 port = strchr((mask?mask:(rbracket?rbracket:address)), ':');
684 if (port)
685 *port++ = '\0';
686 if (mask)
687 *mask++ = '\0';
688 if (rbracket)
689 *rbracket = '\0';
690 if (port && mask)
691 tor_assert(port > mask);
692 if (mask && rbracket)
693 tor_assert(mask > rbracket);
694
695 /* Now "address" is the a.b.c.d|'*'|abcd::1 part...
696 * "mask" is the Mask|Maskbits part...
697 * and "port" is the *|port|min-max part.
698 */
699
700 /* Process the address portion */
701 memset(addr_out, 0, sizeof(tor_addr_t));
702
703 if (!strcmp(address, "*")) {
704 if (flags & TAPMP_EXTENDED_STAR) {
705 if (flags & TAPMP_STAR_IPV4_ONLY) {
706 family = AF_INET;
707 tor_addr_from_ipv4h(addr_out, 0);
708 } else if (flags & TAPMP_STAR_IPV6_ONLY) {
709 static char nil_bytes[16] = { [0]=0,0,0,0, 0,0,0,0, 0,0,0,0, 0,0,0,0 };
710 family = AF_INET6;
711 tor_addr_from_ipv6_bytes(addr_out, nil_bytes);
712 } else {
713 family = AF_UNSPEC;
714 tor_addr_make_unspec(addr_out);
715 log_info(LD_GENERAL,
716 "'%s' expands into rules which apply to all IPv4 and IPv6 "
717 "addresses. (Use accept/reject *4:* for IPv4 or "
718 "accept[6]/reject[6] *6:* for IPv6.)", s);
719 }
720 } else {
721 family = AF_INET;
722 tor_addr_from_ipv4h(addr_out, 0);
723 }
724 any_flag = 1;
725 } else if (!strcmp(address, "*4") && (flags & TAPMP_EXTENDED_STAR)) {
726 family = AF_INET;
727 tor_addr_from_ipv4h(addr_out, 0);
728 any_flag = 1;
729 } else if (!strcmp(address, "*6") && (flags & TAPMP_EXTENDED_STAR)) {
730 static char nil_bytes[16] = { [0]=0,0,0,0, 0,0,0,0, 0,0,0,0, 0,0,0,0 };
731 family = AF_INET6;
732 tor_addr_from_ipv6_bytes(addr_out, nil_bytes);
733 any_flag = 1;
734 } else if (tor_inet_pton(AF_INET6, address, &in6_tmp) > 0) {
735 family = AF_INET6;
736 tor_addr_from_in6(addr_out, &in6_tmp);
737 } else if (tor_inet_pton(AF_INET, address, &in_tmp) > 0) {
738 family = AF_INET;
739 tor_addr_from_in(addr_out, &in_tmp);
740 } else {
741 log_warn(LD_GENERAL, "Malformed IP %s in address pattern; rejecting.",
742 escaped(address));
743 goto err;
744 }
745
746 v4map = tor_addr_is_v4(addr_out);
747
748 /* Parse mask */
749 if (maskbits_out) {
750 int bits = 0;
751 struct in_addr v4mask;
752
753 if (mask) { /* the caller (tried to) specify a mask */
754 bits = (int) strtol(mask, &endptr, 10);
755 if (!*endptr) { /* strtol converted everything, so it was an integer */
756 if ((bits<0 || bits>128) ||
757 (family == AF_INET && bits > 32)) {
758 log_warn(LD_GENERAL,
759 "Bad number of mask bits (%d) on address range; rejecting.",
760 bits);
761 goto err;
762 }
763 } else { /* mask might still be an address-style mask */
764 if (tor_inet_pton(AF_INET, mask, &v4mask) > 0) {
765 bits = addr_mask_get_bits(ntohl(v4mask.s_addr));
766 if (bits < 0) {
767 log_warn(LD_GENERAL,
768 "IPv4-style mask %s is not a prefix address; rejecting.",
769 escaped(mask));
770 goto err;
771 }
772 } else { /* Not IPv4; we don't do address-style IPv6 masks. */
773 log_warn(LD_GENERAL,
774 "Malformed mask on address range %s; rejecting.",
775 escaped(s));
776 goto err;
777 }
778 }
779 if (family == AF_INET6 && v4map) {
780 if (bits > 32 && bits < 96) { /* Crazy */
781 log_warn(LD_GENERAL,
782 "Bad mask bits %d for V4-mapped V6 address; rejecting.",
783 bits);
784 goto err;
785 }
786 /* XXXX_IP6 is this really what we want? */
787 bits = 96 + bits%32; /* map v4-mapped masks onto 96-128 bits */
788 }
789 if (any_flag) {
790 log_warn(LD_GENERAL,
791 "Found bit prefix with wildcard address; rejecting");
792 goto err;
793 }
794 } else { /* pick an appropriate mask, as none was given */
795 if (any_flag)
796 bits = 0; /* This is okay whether it's V6 or V4 (FIX V4-mapped V6!) */
797 else if (tor_addr_family(addr_out) == AF_INET)
798 bits = 32;
799 else if (tor_addr_family(addr_out) == AF_INET6)
800 bits = 128;
801 }
802 *maskbits_out = (maskbits_t) bits;
803 } else {
804 if (mask) {
805 log_warn(LD_GENERAL,
806 "Unexpected mask in address %s; rejecting", escaped(s));
807 goto err;
808 }
809 }
810
811 /* Parse port(s) */
812 if (port_min_out) {
813 uint16_t port2;
814 if (!port_max_out) /* caller specified one port; fake the second one */
815 port_max_out = &port2;
816
817 if (parse_port_range(port, port_min_out, port_max_out) < 0) {
818 goto err;
819 } else if ((*port_min_out != *port_max_out) && port_max_out == &port2) {
820 log_warn(LD_GENERAL,
821 "Wanted one port from address range, but there are two.");
822
823 port_max_out = NULL; /* caller specified one port, so set this back */
824 goto err;
825 }
826 } else {
827 if (port) {
828 log_warn(LD_GENERAL,
829 "Unexpected ports in address %s; rejecting", escaped(s));
830 goto err;
831 }
832 }
833
834 tor_free(base);
835 return tor_addr_family(addr_out);
836 err:
837 tor_free(base);
838 return -1;
839 }
840
841 /** Determine whether an address is IPv4, either native or IPv4-mapped IPv6.
842 * Note that this is about representation only, as any decent stack will
843 * reject IPv4-mapped addresses received on the wire (and won't use them
844 * on the wire either).
845 */
846 int
847 tor_addr_is_v4(const tor_addr_t *addr)
848 {
849 tor_assert(addr);
850
851 if (tor_addr_family(addr) == AF_INET)
852 return 1;
853
854 if (tor_addr_family(addr) == AF_INET6) {
855 /* First two don't need to be ordered */
856 uint32_t *a32 = tor_addr_to_in6_addr32(addr);
857 if (a32[0] == 0 && a32[1] == 0 && ntohl(a32[2]) == 0x0000ffffu)
858 return 1;
859 }
860
861 return 0; /* Not IPv4 - unknown family or a full-blood IPv6 address */
862 }
863
864 /** Determine whether an address <b>addr</b> is null, either all zeroes or
865 * belonging to family AF_UNSPEC.
866 */
867 int
868 tor_addr_is_null(const tor_addr_t *addr)
869 {
870 tor_assert(addr);
871
872 switch (tor_addr_family(addr)) {
873 case AF_INET6: {
874 uint32_t *a32 = tor_addr_to_in6_addr32(addr);
875 return (a32[0] == 0) && (a32[1] == 0) && (a32[2] == 0) && (a32[3] == 0);
876 }
877 case AF_INET:
878 return (tor_addr_to_ipv4n(addr) == 0);
879 case AF_UNIX:
880 return 1;
881 case AF_UNSPEC:
882 return 1;
883 default:
884 log_warn(LD_BUG, "Called with unknown address family %d",
885 (int)tor_addr_family(addr));
886 return 0;
887 }
888 //return 1;
889 }
890
891 /** Return true iff <b>addr</b> is a loopback address */
892 int
893 tor_addr_is_loopback(const tor_addr_t *addr)
894 {
895 tor_assert(addr);
896 switch (tor_addr_family(addr)) {
897 case AF_INET6: {
898 /* ::1 */
899 uint32_t *a32 = tor_addr_to_in6_addr32(addr);
900 return (a32[0] == 0) && (a32[1] == 0) && (a32[2] == 0) &&
901 (ntohl(a32[3]) == 1);
902 }
903 case AF_INET:
904 /* 127.0.0.1 */
905 return (tor_addr_to_ipv4h(addr) & 0xff000000) == 0x7f000000;
906 case AF_UNSPEC:
907 return 0;
908 default:
909 /* LCOV_EXCL_START */
910 tor_fragile_assert();
911 return 0;
912 /* LCOV_EXCL_STOP */
913 }
914 }
915
916 /* Is addr valid?
917 * Checks that addr is non-NULL and not tor_addr_is_null().
918 * If for_listening is true, IPv4 addr 0.0.0.0 is allowed.
919 * It means "bind to all addresses on the local machine". */
920 int
921 tor_addr_is_valid(const tor_addr_t *addr, int for_listening)
922 {
923 /* NULL addresses are invalid regardless of for_listening */
924 if (addr == NULL) {
925 return 0;
926 }
927
928 /* Only allow IPv4 0.0.0.0 for_listening. */
929 if (for_listening && addr->family == AF_INET
930 && tor_addr_to_ipv4h(addr) == 0) {
931 return 1;
932 }
933
934 /* Otherwise, the address is valid if it's not tor_addr_is_null() */
935 return !tor_addr_is_null(addr);
936 }
937
938 /* Is the network-order IPv4 address v4n_addr valid?
939 * Checks that addr is not zero.
940 * Except if for_listening is true, where IPv4 addr 0.0.0.0 is allowed. */
941 int
942 tor_addr_is_valid_ipv4n(uint32_t v4n_addr, int for_listening)
943 {
944 /* Any IPv4 address is valid with for_listening. */
945 if (for_listening) {
946 return 1;
947 }
948
949 /* Otherwise, zero addresses are invalid. */
950 return v4n_addr != 0;
951 }
952
953 /* Is port valid?
954 * Checks that port is not 0.
955 * Except if for_listening is true, where port 0 is allowed.
956 * It means "OS chooses a port". */
957 int
958 tor_port_is_valid(uint16_t port, int for_listening)
959 {
960 /* Any port value is valid with for_listening. */
961 if (for_listening) {
962 return 1;
963 }
964
965 /* Otherwise, zero ports are invalid. */
966 return port != 0;
967 }
968
969 /** Set <b>dest</b> to equal the IPv4 address in <b>v4addr</b> (given in
970 * network order). */
971 void
972 tor_addr_from_ipv4n(tor_addr_t *dest, uint32_t v4addr)
973 {
974 tor_assert(dest);
975 memset(dest, 0, sizeof(tor_addr_t));
976 dest->family = AF_INET;
977 dest->addr.in_addr.s_addr = v4addr;
978 }
979
980 /** Set <b>dest</b> to equal the IPv6 address in the 16 bytes at
981 * <b>ipv6_bytes</b>. */
982 void
983 tor_addr_from_ipv6_bytes(tor_addr_t *dest, const char *ipv6_bytes)
984 {
985 tor_assert(dest);
986 tor_assert(ipv6_bytes);
987 memset(dest, 0, sizeof(tor_addr_t));
988 dest->family = AF_INET6;
989 memcpy(dest->addr.in6_addr.s6_addr, ipv6_bytes, 16);
990 }
991
992 /** Set <b>dest</b> equal to the IPv6 address in the in6_addr <b>in6</b>. */
993 void
994 tor_addr_from_in6(tor_addr_t *dest, const struct in6_addr *in6)
995 {
996 tor_addr_from_ipv6_bytes(dest, (const char*)in6->s6_addr);
997 }
998
999 /** Copy a tor_addr_t from <b>src</b> to <b>dest</b>.
1000 */
1001 void
1002 tor_addr_copy(tor_addr_t *dest, const tor_addr_t *src)
1003 {
1004 if (src == dest)
1005 return;
1006 tor_assert(src);
1007 tor_assert(dest);
1008 memcpy(dest, src, sizeof(tor_addr_t));
1009 }
1010
1011 /** Copy a tor_addr_t from <b>src</b> to <b>dest</b>, taking extra care to
1012 * copy only the well-defined portions. Used for computing hashes of
1013 * addresses.
1014 */
1015 void
1016 tor_addr_copy_tight(tor_addr_t *dest, const tor_addr_t *src)
1017 {
1018 tor_assert(src != dest);
1019 tor_assert(src);
1020 tor_assert(dest);
1021 memset(dest, 0, sizeof(tor_addr_t));
1022 dest->family = src->family;
1023 switch (tor_addr_family(src))
1024 {
1025 case AF_INET:
1026 dest->addr.in_addr.s_addr = src->addr.in_addr.s_addr;
1027 break;
1028 case AF_INET6:
1029 memcpy(dest->addr.in6_addr.s6_addr, src->addr.in6_addr.s6_addr, 16);
1030 case AF_UNSPEC:
1031 break;
1032 default:
1033 tor_fragile_assert(); // LCOV_EXCL_LINE
1034 }
1035 }
1036
1037 /** Given two addresses <b>addr1</b> and <b>addr2</b>, return 0 if the two
1038 * addresses are equivalent under the mask mbits, less than 0 if addr1
1039 * precedes addr2, and greater than 0 otherwise.
1040 *
1041 * Different address families (IPv4 vs IPv6) are always considered unequal if
1042 * <b>how</b> is CMP_EXACT; otherwise, IPv6-mapped IPv4 addresses are
1043 * considered equivalent to their IPv4 equivalents.
1044 *
1045 * As a special case, all pointer-wise distinct AF_UNIX addresses are always
1046 * considered unequal since tor_addr_t currently does not contain the
1047 * information required to make the comparison.
1048 */
1049 int
1050 tor_addr_compare(const tor_addr_t *addr1, const tor_addr_t *addr2,
1051 tor_addr_comparison_t how)
1052 {
1053 return tor_addr_compare_masked(addr1, addr2, 128, how);
1054 }
1055
1056 /** As tor_addr_compare(), but only looks at the first <b>mask</b> bits of
1057 * the address.
1058 *
1059 * Reduce over-specific masks (>128 for ipv6, >32 for ipv4) to 128 or 32.
1060 *
1061 * The mask is interpreted relative to <b>addr1</b>, so that if a is
1062 * \::ffff:1.2.3.4, and b is 3.4.5.6,
1063 * tor_addr_compare_masked(a,b,100,CMP_SEMANTIC) is the same as
1064 * -tor_addr_compare_masked(b,a,4,CMP_SEMANTIC).
1065 *
1066 * We guarantee that the ordering from tor_addr_compare_masked is a total
1067 * order on addresses, but not that it is any particular order, or that it
1068 * will be the same from one version to the next.
1069 */
1070 int
1071 tor_addr_compare_masked(const tor_addr_t *addr1, const tor_addr_t *addr2,
1072 maskbits_t mbits, tor_addr_comparison_t how)
1073 {
1074 /** Helper: Evaluates to -1 if a is less than b, 0 if a equals b, or 1 if a
1075 * is greater than b. May evaluate a and b more than once. */
1076 #define TRISTATE(a,b) (((a)<(b))?-1: (((a)==(b))?0:1))
1077 sa_family_t family1, family2, v_family1, v_family2;
1078
1079 tor_assert(addr1 && addr2);
1080
1081 v_family1 = family1 = tor_addr_family(addr1);
1082 v_family2 = family2 = tor_addr_family(addr2);
1083
1084 if (family1==family2) {
1085 /* When the families are the same, there's only one way to do the
1086 * comparison: exactly. */
1087 int r;
1088 switch (family1) {
1089 case AF_UNSPEC:
1090 return 0; /* All unspecified addresses are equal */
1091 case AF_INET: {
1092 uint32_t a1 = tor_addr_to_ipv4h(addr1);
1093 uint32_t a2 = tor_addr_to_ipv4h(addr2);
1094 if (mbits <= 0)
1095 return 0;
1096 if (mbits > 32)
1097 mbits = 32;
1098 a1 >>= (32-mbits);
1099 a2 >>= (32-mbits);
1100 r = TRISTATE(a1, a2);
1101 return r;
1102 }
1103 case AF_INET6: {
1104 if (mbits > 128)
1105 mbits = 128;
1106
1107 const uint8_t *a1 = tor_addr_to_in6_addr8(addr1);
1108 const uint8_t *a2 = tor_addr_to_in6_addr8(addr2);
1109 const int bytes = mbits >> 3;
1110 const int leftover_bits = mbits & 7;
1111 if (bytes && (r = tor_memcmp(a1, a2, bytes))) {
1112 return r;
1113 } else if (leftover_bits) {
1114 uint8_t b1 = a1[bytes] >> (8-leftover_bits);
1115 uint8_t b2 = a2[bytes] >> (8-leftover_bits);
1116 return TRISTATE(b1, b2);
1117 } else {
1118 return 0;
1119 }
1120 }
1121 case AF_UNIX:
1122 /* HACKHACKHACKHACKHACK:
1123 * tor_addr_t doesn't contain a copy of sun_path, so it's not
1124 * possible to comapre this at all.
1125 *
1126 * Since the only time we currently actually should be comparing
1127 * 2 AF_UNIX addresses is when dealing with ISO_CLIENTADDR (which
1128 * is disabled for AF_UNIX SocksPorts anyway), this just does
1129 * a pointer comparison.
1130 *
1131 * See: #20261.
1132 */
1133 if (addr1 < addr2)
1134 return -1;
1135 else if (addr1 == addr2)
1136 return 0;
1137 else
1138 return 1;
1139 default:
1140 /* LCOV_EXCL_START */
1141 tor_fragile_assert();
1142 return 0;
1143 /* LCOV_EXCL_STOP */
1144 }
1145 } else if (how == CMP_EXACT) {
1146 /* Unequal families and an exact comparison? Stop now! */
1147 return TRISTATE(family1, family2);
1148 }
1149
1150 if (mbits == 0)
1151 return 0;
1152
1153 if (family1 == AF_INET6 && tor_addr_is_v4(addr1))
1154 v_family1 = AF_INET;
1155 if (family2 == AF_INET6 && tor_addr_is_v4(addr2))
1156 v_family2 = AF_INET;
1157 if (v_family1 == v_family2) {
1158 /* One or both addresses are a mapped ipv4 address. */
1159 uint32_t a1, a2;
1160 if (family1 == AF_INET6) {
1161 a1 = tor_addr_to_mapped_ipv4h(addr1);
1162 if (mbits <= 96)
1163 return 0;
1164 mbits -= 96; /* We just decided that the first 96 bits of a1 "match". */
1165 } else {
1166 a1 = tor_addr_to_ipv4h(addr1);
1167 }
1168 if (family2 == AF_INET6) {
1169 a2 = tor_addr_to_mapped_ipv4h(addr2);
1170 } else {
1171 a2 = tor_addr_to_ipv4h(addr2);
1172 }
1173 if (mbits > 32) mbits = 32;
1174 a1 >>= (32-mbits);
1175 a2 >>= (32-mbits);
1176 return TRISTATE(a1, a2);
1177 } else {
1178 /* Unequal families, and semantic comparison, and no semantic family
1179 * matches. */
1180 return TRISTATE(family1, family2);
1181 }
1182 }
1183
1184 /** Return a hash code based on the address addr. DOCDOC extra */
1185 uint64_t
1186 tor_addr_hash(const tor_addr_t *addr)
1187 {
1188 switch (tor_addr_family(addr)) {
1189 case AF_INET:
1190 return siphash24g(&addr->addr.in_addr.s_addr, 4);
1191 case AF_UNSPEC:
1192 return 0x4e4d5342;
1193 case AF_INET6:
1194 return siphash24g(&addr->addr.in6_addr.s6_addr, 16);
1195 default:
1196 /* LCOV_EXCL_START */
1197 tor_fragile_assert();
1198 return 0;
1199 /* LCOV_EXCL_END */
1200 }
1201 }
1202
1203 /** Return a newly allocated string with a representation of <b>addr</b>. */
1204 char *
1205 tor_addr_to_str_dup(const tor_addr_t *addr)
1206 {
1207 char buf[TOR_ADDR_BUF_LEN];
1208 if (tor_addr_to_str(buf, addr, sizeof(buf), 0)) {
1209 return tor_strdup(buf);
1210 } else {
1211 return tor_strdup("<unknown address type>");
1212 }
1213 }
1214
1215 /** Return a string representing the address <b>addr</b>. This string
1216 * is statically allocated, and must not be freed. Each call to
1217 * <b>fmt_addr_impl</b> invalidates the last result of the function.
1218 * This function is not thread-safe. If <b>decorate</b> is set, add
1219 * brackets to IPv6 addresses.
1220 *
1221 * It's better to use the wrapper macros of this function:
1222 * <b>fmt_addr()</b> and <b>fmt_and_decorate_addr()</b>.
1223 */
1224 const char *
1225 fmt_addr_impl(const tor_addr_t *addr, int decorate)
1226 {
1227 static char buf[TOR_ADDR_BUF_LEN];
1228 if (!addr) return "<null>";
1229 if (tor_addr_to_str(buf, addr, sizeof(buf), decorate))
1230 return buf;
1231 else
1232 return "???";
1233 }
1234
1235 /** Return a string representing the pair <b>addr</b> and <b>port</b>.
1236 * This calls fmt_and_decorate_addr internally, so IPv6 addresses will
1237 * have brackets, and the caveats of fmt_addr_impl apply.
1238 */
1239 const char *
1240 fmt_addrport(const tor_addr_t *addr, uint16_t port)
1241 {
1242 /* Add space for a colon and up to 5 digits. */
1243 static char buf[TOR_ADDR_BUF_LEN + 6];
1244 tor_snprintf(buf, sizeof(buf), "%s:%u", fmt_and_decorate_addr(addr), port);
1245 return buf;
1246 }
1247
1248 /** Like fmt_addr(), but takes <b>addr</b> as a host-order IPv4
1249 * addresses. Also not thread-safe, also clobbers its return buffer on
1250 * repeated calls. */
1251 const char *
1252 fmt_addr32(uint32_t addr)
1253 {
1254 static char buf[INET_NTOA_BUF_LEN];
1255 struct in_addr in;
1256 in.s_addr = htonl(addr);
1257 tor_inet_ntoa(&in, buf, sizeof(buf));
1258 return buf;
1259 }
1260
1261 /** Convert the string in <b>src</b> to a tor_addr_t <b>addr</b>. The string
1262 * may be an IPv4 address, an IPv6 address, or an IPv6 address surrounded by
1263 * square brackets.
1264 *
1265 * Return an address family on success, or -1 if an invalid address string is
1266 * provided. */
1267 int
1268 tor_addr_parse(tor_addr_t *addr, const char *src)
1269 {
1270 /* Holds substring of IPv6 address after removing square brackets */
1271 char *tmp = NULL;
1272 int result;
1273 struct in_addr in_tmp;
1274 struct in6_addr in6_tmp;
1275 tor_assert(addr && src);
1276 if (src[0] == '[' && src[1])
1277 src = tmp = tor_strndup(src+1, strlen(src)-2);
1278
1279 if (tor_inet_pton(AF_INET6, src, &in6_tmp) > 0) {
1280 result = AF_INET6;
1281 tor_addr_from_in6(addr, &in6_tmp);
1282 } else if (tor_inet_pton(AF_INET, src, &in_tmp) > 0) {
1283 result = AF_INET;
1284 tor_addr_from_in(addr, &in_tmp);
1285 } else {
1286 result = -1;
1287 }
1288
1289 tor_free(tmp);
1290 return result;
1291 }
1292
1293 /** Parse an address or address-port combination from <b>s</b>, resolve the
1294 * address as needed, and put the result in <b>addr_out</b> and (optionally)
1295 * <b>port_out</b>. Return 0 on success, negative on failure. */
1296 int
1297 tor_addr_port_lookup(const char *s, tor_addr_t *addr_out, uint16_t *port_out)
1298 {
1299 const char *port;
1300 tor_addr_t addr;
1301 uint16_t portval;
1302 char *tmp = NULL;
1303
1304 tor_assert(s);
1305 tor_assert(addr_out);
1306
1307 s = eat_whitespace(s);
1308
1309 if (*s == '[') {
1310 port = strstr(s, "]");
1311 if (!port)
1312 goto err;
1313 tmp = tor_strndup(s+1, port-(s+1));
1314 port = port+1;
1315 if (*port == ':')
1316 port++;
1317 else
1318 port = NULL;
1319 } else {
1320 port = strchr(s, ':');
1321 if (port)
1322 tmp = tor_strndup(s, port-s);
1323 else
1324 tmp = tor_strdup(s);
1325 if (port)
1326 ++port;
1327 }
1328
1329 if (tor_addr_lookup(tmp, AF_UNSPEC, &addr) != 0)
1330 goto err;
1331 tor_free(tmp);
1332
1333 if (port) {
1334 portval = (int) tor_parse_long(port, 10, 1, 65535, NULL, NULL);
1335 if (!portval)
1336 goto err;
1337 } else {
1338 portval = 0;
1339 }
1340
1341 if (port_out)
1342 *port_out = portval;
1343 tor_addr_copy(addr_out, &addr);
1344
1345 return 0;
1346 err:
1347 tor_free(tmp);
1348 return -1;
1349 }
1350
1351 #ifdef _WIN32
1352 typedef ULONG (WINAPI *GetAdaptersAddresses_fn_t)(
1353 ULONG, ULONG, PVOID, PIP_ADAPTER_ADDRESSES, PULONG);
1354 #endif
1355
1356 #ifdef HAVE_IFADDRS_TO_SMARTLIST
1357 /*
1358 * Convert a linked list consisting of <b>ifaddrs</b> structures
1359 * into smartlist of <b>tor_addr_t</b> structures.
1360 */
1361 STATIC smartlist_t *
1362 ifaddrs_to_smartlist(const struct ifaddrs *ifa, sa_family_t family)
1363 {
1364 smartlist_t *result = smartlist_new();
1365 const struct ifaddrs *i;
1366
1367 for (i = ifa; i; i = i->ifa_next) {
1368 tor_addr_t tmp;
1369 if ((i->ifa_flags & (IFF_UP | IFF_RUNNING)) != (IFF_UP | IFF_RUNNING))
1370 continue;
1371 if (!i->ifa_addr)
1372 continue;
1373 if (i->ifa_addr->sa_family != AF_INET &&
1374 i->ifa_addr->sa_family != AF_INET6)
1375 continue;
1376 if (family != AF_UNSPEC && i->ifa_addr->sa_family != family)
1377 continue;
1378 if (tor_addr_from_sockaddr(&tmp, i->ifa_addr, NULL) < 0)
1379 continue;
1380 smartlist_add(result, tor_memdup(&tmp, sizeof(tmp)));
1381 }
1382
1383 return result;
1384 }
1385
1386 /** Use getiffaddrs() function to get list of current machine
1387 * network interface addresses. Represent the result by smartlist of
1388 * <b>tor_addr_t</b> structures.
1389 */
1390 STATIC smartlist_t *
1391 get_interface_addresses_ifaddrs(int severity, sa_family_t family)
1392 {
1393
1394 /* Most free Unixy systems provide getifaddrs, which gives us a linked list
1395 * of struct ifaddrs. */
1396 struct ifaddrs *ifa = NULL;
1397 smartlist_t *result;
1398 if (getifaddrs(&ifa) < 0) {
1399 log_fn(severity, LD_NET, "Unable to call getifaddrs(): %s",
1400 strerror(errno));
1401 return NULL;
1402 }
1403
1404 result = ifaddrs_to_smartlist(ifa, family);
1405
1406 freeifaddrs(ifa);
1407
1408 return result;
1409 }
1410 #endif
1411
1412 #ifdef HAVE_IP_ADAPTER_TO_SMARTLIST
1413
1414 /** Convert a Windows-specific <b>addresses</b> linked list into smartlist
1415 * of <b>tor_addr_t</b> structures.
1416 */
1417
1418 STATIC smartlist_t *
1419 ip_adapter_addresses_to_smartlist(const IP_ADAPTER_ADDRESSES *addresses)
1420 {
1421 smartlist_t *result = smartlist_new();
1422 const IP_ADAPTER_ADDRESSES *address;
1423
1424 for (address = addresses; address; address = address->Next) {
1425 const IP_ADAPTER_UNICAST_ADDRESS *a;
1426 for (a = address->FirstUnicastAddress; a; a = a->Next) {
1427 /* Yes, it's a linked list inside a linked list */
1428 const struct sockaddr *sa = a->Address.lpSockaddr;
1429 tor_addr_t tmp;
1430 if (sa->sa_family != AF_INET && sa->sa_family != AF_INET6)
1431 continue;
1432 if (tor_addr_from_sockaddr(&tmp, sa, NULL) < 0)
1433 continue;
1434 smartlist_add(result, tor_memdup(&tmp, sizeof(tmp)));
1435 }
1436 }
1437
1438 return result;
1439 }
1440
1441 /** Windows only: use GetAdaptersInfo() function to retrieve network interface
1442 * addresses of current machine and return them to caller as smartlist of
1443 * <b>tor_addr_t</b> structures.
1444 */
1445 STATIC smartlist_t *
1446 get_interface_addresses_win32(int severity, sa_family_t family)
1447 {
1448
1449 /* Windows XP began to provide GetAdaptersAddresses. Windows 2000 had a
1450 "GetAdaptersInfo", but that's deprecated; let's just try
1451 GetAdaptersAddresses and fall back to connect+getsockname.
1452 */
1453 HANDLE lib = load_windows_system_library(TEXT("iphlpapi.dll"));
1454 smartlist_t *result = NULL;
1455 GetAdaptersAddresses_fn_t fn;
1456 ULONG size, res;
1457 IP_ADAPTER_ADDRESSES *addresses = NULL;
1458
1459 (void) severity;
1460
1461 #define FLAGS (GAA_FLAG_SKIP_ANYCAST | \
1462 GAA_FLAG_SKIP_MULTICAST | \
1463 GAA_FLAG_SKIP_DNS_SERVER)
1464
1465 if (!lib) {
1466 log_fn(severity, LD_NET, "Unable to load iphlpapi.dll");
1467 goto done;
1468 }
1469
1470 if (!(fn = (GetAdaptersAddresses_fn_t)
1471 GetProcAddress(lib, "GetAdaptersAddresses"))) {
1472 log_fn(severity, LD_NET, "Unable to obtain pointer to "
1473 "GetAdaptersAddresses");
1474 goto done;
1475 }
1476
1477 /* Guess how much space we need. */
1478 size = 15*1024;
1479 addresses = tor_malloc(size);
1480 res = fn(family, FLAGS, NULL, addresses, &size);
1481 if (res == ERROR_BUFFER_OVERFLOW) {
1482 /* we didn't guess that we needed enough space; try again */
1483 tor_free(addresses);
1484 addresses = tor_malloc(size);
1485 res = fn(AF_UNSPEC, FLAGS, NULL, addresses, &size);
1486 }
1487 if (res != NO_ERROR) {
1488 log_fn(severity, LD_NET, "GetAdaptersAddresses failed (result: %lu)", res);
1489 goto done;
1490 }
1491
1492 result = ip_adapter_addresses_to_smartlist(addresses);
1493
1494 done:
1495 if (lib)
1496 FreeLibrary(lib);
1497 tor_free(addresses);
1498 return result;
1499 }
1500
1501 #endif
1502
1503 #ifdef HAVE_IFCONF_TO_SMARTLIST
1504
1505 /* Guess how much space we need. There shouldn't be any struct ifreqs
1506 * larger than this, even on OS X where the struct's size is dynamic. */
1507 #define IFREQ_SIZE 4096
1508
1509 /* This is defined on Mac OS X */
1510 #ifndef _SIZEOF_ADDR_IFREQ
1511 #define _SIZEOF_ADDR_IFREQ sizeof
1512 #endif
1513
1514 /** Convert <b>*buf</b>, an ifreq structure array of size <b>buflen</b>,
1515 * into smartlist of <b>tor_addr_t</b> structures.
1516 */
1517 STATIC smartlist_t *
1518 ifreq_to_smartlist(char *buf, size_t buflen)
1519 {
1520 smartlist_t *result = smartlist_new();
1521 char *end = buf + buflen;
1522
1523 /* These acrobatics are due to alignment issues which trigger
1524 * undefined behaviour traps on OSX. */
1525 struct ifreq *r = tor_malloc(IFREQ_SIZE);
1526
1527 while (buf < end) {
1528 /* Copy up to IFREQ_SIZE bytes into the struct ifreq, but don't overrun
1529 * buf. */
1530 memcpy(r, buf, end - buf < IFREQ_SIZE ? end - buf : IFREQ_SIZE);
1531
1532 const struct sockaddr *sa = &r->ifr_addr;
1533 tor_addr_t tmp;
1534 int valid_sa_family = (sa->sa_family == AF_INET ||
1535 sa->sa_family == AF_INET6);
1536
1537 int conversion_success = (tor_addr_from_sockaddr(&tmp, sa, NULL) == 0);
1538
1539 if (valid_sa_family && conversion_success)
1540 smartlist_add(result, tor_memdup(&tmp, sizeof(tmp)));
1541
1542 buf += _SIZEOF_ADDR_IFREQ(*r);
1543 }
1544
1545 tor_free(r);
1546 return result;
1547 }
1548
1549 /** Use ioctl(.,SIOCGIFCONF,.) to get a list of current machine
1550 * network interface addresses. Represent the result by smartlist of
1551 * <b>tor_addr_t</b> structures.
1552 */
1553 STATIC smartlist_t *
1554 get_interface_addresses_ioctl(int severity, sa_family_t family)
1555 {
1556 /* Some older unixy systems make us use ioctl(SIOCGIFCONF) */
1557 struct ifconf ifc;
1558 ifc.ifc_buf = NULL;
1559 int fd;
1560 smartlist_t *result = NULL;
1561
1562 /* This interface, AFAICT, only supports AF_INET addresses,
1563 * except on AIX. For Solaris, we could use SIOCGLIFCONF. */
1564
1565 /* Bail out if family is neither AF_INET nor AF_UNSPEC since
1566 * ioctl() technique supports non-IPv4 interface addresses on
1567 * a small number of niche systems only. If family is AF_UNSPEC,
1568 * fall back to getting AF_INET addresses only. */
1569 if (family == AF_UNSPEC)
1570 family = AF_INET;
1571 else if (family != AF_INET)
1572 return NULL;
1573
1574 fd = socket(family, SOCK_DGRAM, 0);
1575 if (fd < 0) {
1576 tor_log(severity, LD_NET, "socket failed: %s", strerror(errno));
1577 goto done;
1578 }
1579
1580 int mult = 1;
1581 do {
1582 mult *= 2;
1583 ifc.ifc_len = mult * IFREQ_SIZE;
1584 ifc.ifc_buf = tor_realloc(ifc.ifc_buf, ifc.ifc_len);
1585
1586 tor_assert(ifc.ifc_buf);
1587
1588 if (ioctl(fd, SIOCGIFCONF, &ifc) < 0) {
1589 tor_log(severity, LD_NET, "ioctl failed: %s", strerror(errno));
1590 goto done;
1591 }
1592 /* Ensure we have least IFREQ_SIZE bytes unused at the end. Otherwise, we
1593 * don't know if we got everything during ioctl. */
1594 } while (mult * IFREQ_SIZE - ifc.ifc_len <= IFREQ_SIZE);
1595 result = ifreq_to_smartlist(ifc.ifc_buf, ifc.ifc_len);
1596
1597 done:
1598 if (fd >= 0)
1599 close(fd);
1600 tor_free(ifc.ifc_buf);
1601 return result;
1602 }
1603 #endif
1604
1605 /** Try to ask our network interfaces what addresses they are bound to.
1606 * Return a new smartlist of tor_addr_t on success, and NULL on failure.
1607 * (An empty smartlist indicates that we successfully learned that we have no
1608 * addresses.) Log failure messages at <b>severity</b>. Only return the
1609 * interface addresses of requested <b>family</b> and ignore the addresses
1610 * of other address families. */
1611 MOCK_IMPL(smartlist_t *,
1612 get_interface_addresses_raw,(int severity, sa_family_t family))
1613 {
1614 smartlist_t *result = NULL;
1615 #if defined(HAVE_IFADDRS_TO_SMARTLIST)
1616 if ((result = get_interface_addresses_ifaddrs(severity, family)))
1617 return result;
1618 #endif
1619 #if defined(HAVE_IP_ADAPTER_TO_SMARTLIST)
1620 if ((result = get_interface_addresses_win32(severity, family)))
1621 return result;
1622 #endif
1623 #if defined(HAVE_IFCONF_TO_SMARTLIST)
1624 if ((result = get_interface_addresses_ioctl(severity, family)))
1625 return result;
1626 #endif
1627 (void) severity;
1628 (void) result;
1629 return NULL;
1630 }
1631
1632 /** Return true iff <b>a</b> is a multicast address. */
1633 int
1634 tor_addr_is_multicast(const tor_addr_t *a)
1635 {
1636 sa_family_t family = tor_addr_family(a);
1637 if (family == AF_INET) {
1638 uint32_t ipv4h = tor_addr_to_ipv4h(a);
1639 if ((ipv4h >> 24) == 0xe0)
1640 return 1; /* Multicast */
1641 } else if (family == AF_INET6) {
1642 const uint8_t *a32 = tor_addr_to_in6_addr8(a);
1643 if (a32[0] == 0xff)
1644 return 1;
1645 }
1646 return 0;
1647 }
1648
1649 /** Attempt to retrieve IP address of current host by utilizing some
1650 * UDP socket trickery. Only look for address of given <b>family</b>
1651 * (only AF_INET and AF_INET6 are supported). Set result to *<b>addr</b>.
1652 * Return 0 on success, -1 on failure.
1653 */
1654 MOCK_IMPL(int,
1655 get_interface_address6_via_udp_socket_hack,(int severity,
1656 sa_family_t family,
1657 tor_addr_t *addr))
1658 {
1659 struct sockaddr_storage my_addr, target_addr;
1660 int sock=-1, r=-1;
1661 socklen_t addr_len;
1662
1663 memset(addr, 0, sizeof(tor_addr_t));
1664 memset(&target_addr, 0, sizeof(target_addr));
1665
1666 /* Don't worry: no packets are sent. We just need to use a real address
1667 * on the actual Internet. */
1668 if (family == AF_INET6) {
1669 struct sockaddr_in6 *sin6 = (struct sockaddr_in6*)&target_addr;
1670 /* Use the "discard" service port */
1671 sin6->sin6_port = htons(9);
1672 sock = tor_open_socket(PF_INET6,SOCK_DGRAM,IPPROTO_UDP);
1673 addr_len = (socklen_t)sizeof(struct sockaddr_in6);
1674 sin6->sin6_family = AF_INET6;
1675 S6_ADDR16(sin6->sin6_addr)[0] = htons(0x2002); /* 2002:: */
1676 } else if (family == AF_INET) {
1677 struct sockaddr_in *sin = (struct sockaddr_in*)&target_addr;
1678 /* Use the "discard" service port */
1679 sin->sin_port = htons(9);
1680 sock = tor_open_socket(PF_INET,SOCK_DGRAM,IPPROTO_UDP);
1681 addr_len = (socklen_t)sizeof(struct sockaddr_in);
1682 sin->sin_family = AF_INET;
1683 sin->sin_addr.s_addr = htonl(0x12000001); /* 18.0.0.1 */
1684 } else {
1685 return -1;
1686 }
1687
1688 if (sock < 0) {
1689 int e = tor_socket_errno(-1);
1690 log_fn(severity, LD_NET, "unable to create socket: %s",
1691 tor_socket_strerror(e));
1692 goto err;
1693 }
1694
1695 if (tor_connect_socket(sock,(struct sockaddr *)&target_addr,
1696 addr_len) < 0) {
1697 int e = tor_socket_errno(sock);
1698 log_fn(severity, LD_NET, "connect() failed: %s", tor_socket_strerror(e));
1699 goto err;
1700 }
1701
1702 if (tor_getsockname(sock,(struct sockaddr*)&my_addr, &addr_len)) {
1703 int e = tor_socket_errno(sock);
1704 log_fn(severity, LD_NET, "getsockname() to determine interface failed: %s",
1705 tor_socket_strerror(e));
1706 goto err;
1707 }
1708
1709 if (tor_addr_from_sockaddr(addr, (struct sockaddr*)&my_addr, NULL) == 0) {
1710 if (tor_addr_is_loopback(addr) || tor_addr_is_multicast(addr)) {
1711 log_fn(severity, LD_NET, "Address that we determined via UDP socket"
1712 " magic is unsuitable for public comms.");
1713 } else {
1714 r=0;
1715 }
1716 }
1717
1718 err:
1719 if (sock >= 0)
1720 tor_close_socket(sock);
1721 if (r == -1)
1722 memset(addr, 0, sizeof(tor_addr_t));
1723 return r;
1724 }
1725
1726 /** Set *<b>addr</b> to an arbitrary IP address (if any) of an interface that
1727 * connects to the Internet. Prefer public IP addresses to internal IP
1728 * addresses. This address should only be used in checking whether our
1729 * address has changed, as it may be an internal IP address. Return 0 on
1730 * success, -1 on failure.
1731 * Prefer get_interface_address6_list for a list of all addresses on all
1732 * interfaces which connect to the Internet.
1733 */
1734 MOCK_IMPL(int,
1735 get_interface_address6,(int severity, sa_family_t family, tor_addr_t *addr))
1736 {
1737 smartlist_t *addrs;
1738 int rv = -1;
1739 tor_assert(addr);
1740
1741 memset(addr, 0, sizeof(tor_addr_t));
1742
1743 /* Get a list of public or internal IPs in arbitrary order */
1744 addrs = get_interface_address6_list(severity, family, 1);
1745
1746 /* Find the first non-internal address, or the last internal address
1747 * Ideally, we want the default route, see #12377 for details */
1748 SMARTLIST_FOREACH_BEGIN(addrs, tor_addr_t *, a) {
1749 tor_addr_copy(addr, a);
1750 rv = 0;
1751
1752 /* If we found a non-internal address, declare success. Otherwise,
1753 * keep looking. */
1754 if (!tor_addr_is_internal(a, 0))
1755 break;
1756 } SMARTLIST_FOREACH_END(a);
1757
1758 free_interface_address6_list(addrs);
1759 return rv;
1760 }
1761
1762 /** Free a smartlist of IP addresses returned by get_interface_address6_list.
1763 */
1764 void
1765 free_interface_address6_list(smartlist_t *addrs)
1766 {
1767 if (addrs != NULL) {
1768 SMARTLIST_FOREACH(addrs, tor_addr_t *, a, tor_free(a));
1769 smartlist_free(addrs);
1770 }
1771 }
1772
1773 /** Return a smartlist of the IP addresses of type family from all interfaces
1774 * on the server. Excludes loopback and multicast addresses. Only includes
1775 * internal addresses if include_internal is true. (Note that a relay behind
1776 * NAT may use an internal address to connect to the Internet.)
1777 * An empty smartlist means that there are no addresses of the selected type
1778 * matching these criteria.
1779 * Returns NULL on failure.
1780 * Use free_interface_address6_list to free the returned list.
1781 */
1782 MOCK_IMPL(smartlist_t *,get_interface_address6_list,(int severity,
1783 sa_family_t family,
1784 int include_internal))
1785 {
1786 smartlist_t *addrs;
1787 tor_addr_t addr;
1788
1789 /* Try to do this the smart way if possible. */
1790 if ((addrs = get_interface_addresses_raw(severity, family))) {
1791 SMARTLIST_FOREACH_BEGIN(addrs, tor_addr_t *, a)
1792 {
1793 if (tor_addr_is_loopback(a) ||
1794 tor_addr_is_multicast(a)) {
1795 SMARTLIST_DEL_CURRENT_KEEPORDER(addrs, a);
1796 tor_free(a);
1797 continue;
1798 }
1799
1800 if (!include_internal && tor_addr_is_internal(a, 0)) {
1801 SMARTLIST_DEL_CURRENT_KEEPORDER(addrs, a);
1802 tor_free(a);
1803 continue;
1804 }
1805 } SMARTLIST_FOREACH_END(a);
1806 }
1807
1808 if (addrs && smartlist_len(addrs) > 0) {
1809 return addrs;
1810 }
1811
1812 /* if we removed all entries as unsuitable */
1813 if (addrs) {
1814 smartlist_free(addrs);
1815 }
1816
1817 /* Okay, the smart way is out. */
1818 addrs = smartlist_new();
1819
1820 if (family == AF_INET || family == AF_UNSPEC) {
1821 if (get_interface_address6_via_udp_socket_hack(severity,AF_INET,
1822 &addr) == 0) {
1823 if (include_internal || !tor_addr_is_internal(&addr, 0)) {
1824 smartlist_add(addrs, tor_memdup(&addr, sizeof(addr)));
1825 }
1826 }
1827 }
1828
1829 if (family == AF_INET6 || family == AF_UNSPEC) {
1830 if (get_interface_address6_via_udp_socket_hack(severity,AF_INET6,
1831 &addr) == 0) {
1832 if (include_internal || !tor_addr_is_internal(&addr, 0)) {
1833 smartlist_add(addrs, tor_memdup(&addr, sizeof(addr)));
1834 }
1835 }
1836 }
1837
1838 return addrs;
1839 }
1840
1841 /* ======
1842 * IPv4 helpers
1843 * XXXX IPv6 deprecate some of these.
1844 */
1845
1846 /** Given an address of the form "ip:port", try to divide it into its
1847 * ip and port portions, setting *<b>address_out</b> to a newly
1848 * allocated string holding the address portion and *<b>port_out</b>
1849 * to the port.
1850 *
1851 * Don't do DNS lookups and don't allow domain names in the "ip" field.
1852 *
1853 * If <b>default_port</b> is less than 0, don't accept <b>addrport</b> of the
1854 * form "ip" or "ip:0". Otherwise, accept those forms, and set
1855 * *<b>port_out</b> to <b>default_port</b>.
1856 *
1857 * Return 0 on success, -1 on failure. */
1858 int
1859 tor_addr_port_parse(int severity, const char *addrport,
1860 tor_addr_t *address_out, uint16_t *port_out,
1861 int default_port)
1862 {
1863 int retval = -1;
1864 int r;
1865 char *addr_tmp = NULL;
1866
1867 tor_assert(addrport);
1868 tor_assert(address_out);
1869 tor_assert(port_out);
1870
1871 r = tor_addr_port_split(severity, addrport, &addr_tmp, port_out);
1872 if (r < 0)
1873 goto done;
1874
1875 if (!*port_out) {
1876 if (default_port >= 0)
1877 *port_out = default_port;
1878 else
1879 goto done;
1880 }
1881
1882 /* make sure that address_out is an IP address */
1883 if (tor_addr_parse(address_out, addr_tmp) < 0)
1884 goto done;
1885
1886 retval = 0;
1887
1888 done:
1889 tor_free(addr_tmp);
1890 return retval;
1891 }
1892
1893 /** Given an address of the form "host[:port]", try to divide it into its host
1894 * and port portions, setting *<b>address_out</b> to a newly allocated string
1895 * holding the address portion and *<b>port_out</b> to the port (or 0 if no
1896 * port is given). Return 0 on success, -1 on failure. */
1897 int
1898 tor_addr_port_split(int severity, const char *addrport,
1899 char **address_out, uint16_t *port_out)
1900 {
1901 tor_addr_t a_tmp;
1902 tor_assert(addrport);
1903 tor_assert(address_out);
1904 tor_assert(port_out);
1905 /* We need to check for IPv6 manually because addr_port_lookup() doesn't
1906 * do a good job on IPv6 addresses that lack a port. */
1907 if (tor_addr_parse(&a_tmp, addrport) == AF_INET6) {
1908 *port_out = 0;
1909 *address_out = tor_strdup(addrport);
1910 return 0;
1911 }
1912
1913 return addr_port_lookup(severity, addrport, address_out, NULL, port_out);
1914 }
1915
1916 /** Parse a string of the form "host[:port]" from <b>addrport</b>. If
1917 * <b>address</b> is provided, set *<b>address</b> to a copy of the
1918 * host portion of the string. If <b>addr</b> is provided, try to
1919 * resolve the host portion of the string and store it into
1920 * *<b>addr</b> (in host byte order). If <b>port_out</b> is provided,
1921 * store the port number into *<b>port_out</b>, or 0 if no port is given.
1922 * If <b>port_out</b> is NULL, then there must be no port number in
1923 * <b>addrport</b>.
1924 * Return 0 on success, -1 on failure.
1925 */
1926 int
1927 addr_port_lookup(int severity, const char *addrport, char **address,
1928 uint32_t *addr, uint16_t *port_out)
1929 {
1930 const char *colon;
1931 char *address_ = NULL;
1932 int port_;
1933 int ok = 1;
1934
1935 tor_assert(addrport);
1936
1937 colon = strrchr(addrport, ':');
1938 if (colon) {
1939 address_ = tor_strndup(addrport, colon-addrport);
1940 port_ = (int) tor_parse_long(colon+1,10,1,65535,NULL,NULL);
1941 if (!port_) {
1942 log_fn(severity, LD_GENERAL, "Port %s out of range", escaped(colon+1));
1943 ok = 0;
1944 }
1945 if (!port_out) {
1946 char *esc_addrport = esc_for_log(addrport);
1947 log_fn(severity, LD_GENERAL,
1948 "Port %s given on %s when not required",
1949 escaped(colon+1), esc_addrport);
1950 tor_free(esc_addrport);
1951 ok = 0;
1952 }
1953 } else {
1954 address_ = tor_strdup(addrport);
1955 port_ = 0;
1956 }
1957
1958 if (addr) {
1959 /* There's an addr pointer, so we need to resolve the hostname. */
1960 if (tor_lookup_hostname(address_,addr)) {
1961 log_fn(severity, LD_NET, "Couldn't look up %s", escaped(address_));
1962 ok = 0;
1963 *addr = 0;
1964 }
1965 }
1966
1967 if (address && ok) {
1968 *address = address_;
1969 } else {
1970 if (address)
1971 *address = NULL;
1972 tor_free(address_);
1973 }
1974 if (port_out)
1975 *port_out = ok ? ((uint16_t) port_) : 0;
1976
1977 return ok ? 0 : -1;
1978 }
1979
1980 /** If <b>mask</b> is an address mask for a bit-prefix, return the number of
1981 * bits. Otherwise, return -1. */
1982 int
1983 addr_mask_get_bits(uint32_t mask)
1984 {
1985 int i;
1986 if (mask == 0)
1987 return 0;
1988 if (mask == 0xFFFFFFFFu)
1989 return 32;
1990 for (i=1; i<=32; ++i) {
1991 if (mask == (uint32_t) ~((1u<<(32-i))-1)) {
1992 return i;
1993 }
1994 }
1995 return -1;
1996 }
1997
1998 /** Parse a string <b>s</b> in the format of (*|port(-maxport)?)?, setting the
1999 * various *out pointers as appropriate. Return 0 on success, -1 on failure.
2000 */
2001 int
2002 parse_port_range(const char *port, uint16_t *port_min_out,
2003 uint16_t *port_max_out)
2004 {
2005 int port_min, port_max, ok;
2006 tor_assert(port_min_out);
2007 tor_assert(port_max_out);
2008
2009 if (!port || *port == '\0' || strcmp(port, "*") == 0) {
2010 port_min = 1;
2011 port_max = 65535;
2012 } else {
2013 char *endptr = NULL;
2014 port_min = (int)tor_parse_long(port, 10, 0, 65535, &ok, &endptr);
2015 if (!ok) {
2016 log_warn(LD_GENERAL,
2017 "Malformed port %s on address range; rejecting.",
2018 escaped(port));
2019 return -1;
2020 } else if (endptr && *endptr == '-') {
2021 port = endptr+1;
2022 endptr = NULL;
2023 port_max = (int)tor_parse_long(port, 10, 1, 65535, &ok, &endptr);
2024 if (!ok) {
2025 log_warn(LD_GENERAL,
2026 "Malformed port %s on address range; rejecting.",
2027 escaped(port));
2028 return -1;
2029 }
2030 } else {
2031 port_max = port_min;
2032 }
2033 if (port_min > port_max) {
2034 log_warn(LD_GENERAL, "Insane port range on address policy; rejecting.");
2035 return -1;
2036 }
2037 }
2038
2039 if (port_min < 1)
2040 port_min = 1;
2041 if (port_max > 65535)
2042 port_max = 65535;
2043
2044 *port_min_out = (uint16_t) port_min;
2045 *port_max_out = (uint16_t) port_max;
2046
2047 return 0;
2048 }
2049
2050 /** Given an IPv4 in_addr struct *<b>in</b> (in network order, as usual),
2051 * write it as a string into the <b>buf_len</b>-byte buffer in
2052 * <b>buf</b>.
2053 */
2054 int
2055 tor_inet_ntoa(const struct in_addr *in, char *buf, size_t buf_len)
2056 {
2057 uint32_t a = ntohl(in->s_addr);
2058 return tor_snprintf(buf, buf_len, "%d.%d.%d.%d",
2059 (int)(uint8_t)((a>>24)&0xff),
2060 (int)(uint8_t)((a>>16)&0xff),
2061 (int)(uint8_t)((a>>8 )&0xff),
2062 (int)(uint8_t)((a )&0xff));
2063 }
2064
2065 /** Given a host-order <b>addr</b>, call tor_inet_ntop() on it
2066 * and return a strdup of the resulting address.
2067 */
2068 char *
2069 tor_dup_ip(uint32_t addr)
2070 {
2071 char buf[TOR_ADDR_BUF_LEN];
2072 struct in_addr in;
2073
2074 in.s_addr = htonl(addr);
2075 tor_inet_ntop(AF_INET, &in, buf, sizeof(buf));
2076 return tor_strdup(buf);
2077 }
2078
2079 /**
2080 * Set *<b>addr</b> to a host-order IPv4 address (if any) of an
2081 * interface that connects to the Internet. Prefer public IP addresses to
2082 * internal IP addresses. This address should only be used in checking
2083 * whether our address has changed, as it may be an internal IPv4 address.
2084 * Return 0 on success, -1 on failure.
2085 * Prefer get_interface_address_list6 for a list of all IPv4 and IPv6
2086 * addresses on all interfaces which connect to the Internet.
2087 */
2088 MOCK_IMPL(int,
2089 get_interface_address,(int severity, uint32_t *addr))
2090 {
2091 tor_addr_t local_addr;
2092 int r;
2093
2094 memset(addr, 0, sizeof(uint32_t));
2095
2096 r = get_interface_address6(severity, AF_INET, &local_addr);
2097 if (r>=0)
2098 *addr = tor_addr_to_ipv4h(&local_addr);
2099 return r;
2100 }
2101
2102 /** Return true if we can tell that <b>name</b> is a canonical name for the
2103 * loopback address. */
2104 int
2105 tor_addr_hostname_is_local(const char *name)
2106 {
2107 return !strcasecmp(name, "localhost") ||
2108 !strcasecmp(name, "local") ||
2109 !strcasecmpend(name, ".local");
2110 }
2111
2112 /** Return a newly allocated tor_addr_port_t with <b>addr</b> and
2113 <b>port</b> filled in. */
2114 tor_addr_port_t *
2115 tor_addr_port_new(const tor_addr_t *addr, uint16_t port)
2116 {
2117 tor_addr_port_t *ap = tor_malloc_zero(sizeof(tor_addr_port_t));
2118 if (addr)
2119 tor_addr_copy(&ap->addr, addr);
2120 ap->port = port;
2121 return ap;
2122 }
2123
The Onion Router