Patch from mwenge: update TrackHostExits mapping expiry times when the mappings are used, so that they expire a while after their last use, not a while after their creation.

svn:r17004

ChangeLog

@@ -62,6 +62,8 @@ Changes in version 0.2.1.6-alpha - 2008-09-29
       from Josh Albrecht. Resolves feature request 768.
     - Add a -p option to tor-resolve for specifying the SOCKS port: some
       people find host:port too confusing.
+    - Make TrackHostExit mappings expire a while after their last use, not
+      after their creation.  Patch from Robert Hogan.
 
   o Minor bugfixes:
     - Fix compile on OpenBSD 4.4-current. Bugfix on 0.2.1.5-alpha.

doc/TODO.021

@@ -347,7 +347,7 @@ P   - create a "make win32-bundle" for vidalia-privoxy-tor-torbutton bundle
     - Tor logs the libevent version on startup, for debugging purposes.
       This is great. But it does this before configuring the logs, so
       it only goes to stdout and is then lost.
-    - Make TrackHostExits expire TrackHostExitsExpire seconds after their
+    o Make TrackHostExits expire TrackHostExitsExpire seconds after their
       *last* use, not their *first* use.
     - enforce a lower limit on MaxCircuitDirtiness and CircuitBuildTimeout.
     - Make 'safelogging' extend to info-level logs too.

src/or/buffers.c

@@ -1402,7 +1402,7 @@ fetch_from_buf_socks(buf_t *buf, socks_request_t *req,
           req->port = ntohs(get_uint16(buf->head->data+4+addrlen));
           buf_remove_from_front(buf, 6+addrlen);
           if (req->command != SOCKS_COMMAND_RESOLVE_PTR &&
-              !addressmap_have_mapping(req->address) &&
+              !addressmap_have_mapping(req->address,0) &&
               !have_warned_about_unsafe_socks) {
             log_warn(LD_APP,
                 "Your application (using socks5 to port %d) is giving "
@@ -1412,7 +1412,8 @@ fetch_from_buf_socks(buf_t *buf, socks_request_t *req,
                 "please see http://wiki.noreply.org/noreply/TheOnionRouter/"
                 "TorFAQ#SOCKSAndDNS.%s", req->port,
                 safe_socks ? " Rejecting." : "");
-//            have_warned_about_unsafe_socks = 1; // (for now, warn every time)
+            /*have_warned_about_unsafe_socks = 1;*/
+                                      /*(for now, warn every time)*/
             control_event_client_status(LOG_WARN,
                           "DANGEROUS_SOCKS PROTOCOL=SOCKS5 ADDRESS=%s:%d",
                           req->address, req->port);
@@ -1514,7 +1515,7 @@ fetch_from_buf_socks(buf_t *buf, socks_request_t *req,
 
       startaddr = NULL;
       if (socks4_prot != socks4a &&
-          !addressmap_have_mapping(tmpbuf) &&
+          !addressmap_have_mapping(tmpbuf,0) &&
           !have_warned_about_unsafe_socks) {
         log_warn(LD_APP,
                  "Your application (using socks4 to port %d) is giving Tor "
@@ -1524,7 +1525,7 @@ fetch_from_buf_socks(buf_t *buf, socks_request_t *req,
                  "please see http://wiki.noreply.org/noreply/TheOnionRouter/"
                  "TorFAQ#SOCKSAndDNS.%s", req->port,
                  safe_socks ? " Rejecting." : "");
-//      have_warned_about_unsafe_socks = 1; // (for now, warn every time)
+        /*have_warned_about_unsafe_socks = 1;*/  /*(for now, warn every time)*/
         control_event_client_status(LOG_WARN,
                         "DANGEROUS_SOCKS PROTOCOL=SOCKS4 ADDRESS=%s:%d",
                         tmpbuf, req->port);

src/or/circuituse.c

@@ -1251,7 +1251,8 @@ consider_recording_trackhost(edge_connection_t *conn, origin_circuit_t *circ)
   /* Search the addressmap for this conn's destination. */
   /* If he's not in the address map.. */
   if (!options->TrackHostExits ||
-      addressmap_have_mapping(conn->socks_request->address))
+      addressmap_have_mapping(conn->socks_request->address,
+                              options->TrackHostExitsExpire))
     return; /* nothing to track, or already mapped */
 
   SMARTLIST_FOREACH(options->TrackHostExits, const char *, cp, {

src/or/connection_edge.c

@@ -610,7 +610,8 @@ connection_ap_detach_retriable(edge_connection_t *conn, origin_circuit_t *circ,
  *
  * (We overload the 'expires' field, using "0" for mappings set via
  * the configuration file, "1" for mappings set from the control
- * interface, and other values for DNS mappings that can expire.)
+ * interface, and other values for DNS and TrackHostExit mappings that can
+ * expire.)
  */
 typedef struct {
   char *new_address;
@@ -831,11 +832,19 @@ addressmap_rewrite_reverse(char *address, size_t maxlen, time_t *expires_out)
   return r;
 }
 
-/** Return 1 if <b>address</b> is already registered, else return 0 */
+/** Return 1 if <b>address</b> is already registered, else return 0. If address
+ * is already registered, and <b>update_expires</b> is non-zero, then update
+ * the expiry time on the mapping with update_expires if it is a
+ * mapping created by TrackHostExits. */
 int
-addressmap_have_mapping(const char *address)
+addressmap_have_mapping(const char *address, int update_expiry)
 {
-  return strmap_get_lc(addressmap, address) ? 1 : 0;
+  addressmap_entry_t *ent;
+  if (!(ent=strmap_get_lc(addressmap, address)))
+    return 0;
+  if (update_expiry && ent->source==ADDRMAPSRC_TRACKEXIT)
+    ent->expires=time(NULL) + update_expiry;
+  return 1;
 }
 
 /** Register a request to map <b>address</b> to <b>new_address</b>,

src/or/or.h

@@ -2997,7 +2997,7 @@ void addressmap_clear_configured(void);
 void addressmap_clear_transient(void);
 void addressmap_free_all(void);
 int addressmap_rewrite(char *address, size_t maxlen, time_t *expires_out);
-int addressmap_have_mapping(const char *address);
+int addressmap_have_mapping(const char *address, int update_timeout);
 typedef enum {
   ADDRMAPSRC_CONTROLLER, ADDRMAPSRC_TORRC, ADDRMAPSRC_TRACKEXIT,
   ADDRMAPSRC_DNS,