test_entryconn.c 28 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526527528529530531532533534535536537538539540541542543544545546547548549550551552553554555556557558559560561562563564565566567568569570571572573574575576577578579580581582583584585586587588589590591592593594595596597598599600601602603604605606607608609610611612613614615616617618619620621622623624625626627628629630631632633634635636637638639640641642643644645646647648649650651652653654655656657658659660661662663664665666667668669670671672673674675676677678679680681682683684685686687688689690691692693694695696697698699700701702703704705706707708709710711712713714715716717718719720721722723724725726727728729730731732733734735736737738739740741742743744745746747748749750751752753754755756757758759760761762763764765766767768769770771772773774775776777778779780781782783784785786787788789790791792793794795796797798799800801802803804805806807808809810811812813814815816817818819820821822823824825826827828829830831832833
  1. /* Copyright (c) 2014-2017, The Tor Project, Inc. */
  2. /* See LICENSE for licensing information */
  3. #include "orconfig.h"
  4. #define CONNECTION_PRIVATE
  5. #define CONNECTION_EDGE_PRIVATE
  6. #include "or.h"
  7. #include "test.h"
  8. #include "addressmap.h"
  9. #include "config.h"
  10. #include "confparse.h"
  11. #include "connection.h"
  12. #include "connection_edge.h"
  13. #include "nodelist.h"
  14. #include "hs_cache.h"
  15. #include "rendcache.h"
  16. static void *
  17. entryconn_rewrite_setup(const struct testcase_t *tc)
  18. {
  19. (void)tc;
  20. entry_connection_t *ec = entry_connection_new(CONN_TYPE_AP, AF_INET);
  21. addressmap_init();
  22. return ec;
  23. }
  24. static int
  25. entryconn_rewrite_teardown(const struct testcase_t *tc, void *arg)
  26. {
  27. (void)tc;
  28. entry_connection_t *ec = arg;
  29. if (ec)
  30. connection_free_(ENTRY_TO_CONN(ec));
  31. addressmap_free_all();
  32. return 1;
  33. }
  34. static struct testcase_setup_t test_rewrite_setup = {
  35. entryconn_rewrite_setup, entryconn_rewrite_teardown
  36. };
  37. /* Simple rewrite: no changes needed */
  38. static void
  39. test_entryconn_rewrite_basic(void *arg)
  40. {
  41. entry_connection_t *ec = arg;
  42. rewrite_result_t rr;
  43. tt_assert(ec->socks_request);
  44. strlcpy(ec->socks_request->address, "www.TORproject.org",
  45. sizeof(ec->socks_request->address));
  46. ec->socks_request->command = SOCKS_COMMAND_CONNECT;
  47. connection_ap_handshake_rewrite(ec, &rr);
  48. tt_int_op(rr.should_close, OP_EQ, 0);
  49. tt_int_op(rr.end_reason, OP_EQ, 0);
  50. tt_int_op(rr.automap, OP_EQ, 0);
  51. tt_i64_op(rr.map_expires, OP_EQ, TIME_MAX);
  52. tt_int_op(rr.exit_source, OP_EQ, ADDRMAPSRC_NONE);
  53. tt_str_op(rr.orig_address, OP_EQ, "www.torproject.org");
  54. tt_str_op(ec->socks_request->address, OP_EQ, "www.torproject.org");
  55. tt_str_op(ec->original_dest_address, OP_EQ, "www.torproject.org");
  56. done:
  57. ;
  58. }
  59. /* Rewrite but reject because of disallowed .exit */
  60. static void
  61. test_entryconn_rewrite_bad_dotexit(void *arg)
  62. {
  63. entry_connection_t *ec = arg;
  64. rewrite_result_t rr;
  65. tt_assert(ec->socks_request);
  66. strlcpy(ec->socks_request->address, "www.TORproject.org.foo.exit",
  67. sizeof(ec->socks_request->address));
  68. ec->socks_request->command = SOCKS_COMMAND_CONNECT;
  69. connection_ap_handshake_rewrite(ec, &rr);
  70. tt_int_op(rr.should_close, OP_EQ, 1);
  71. tt_int_op(rr.end_reason, OP_EQ, END_STREAM_REASON_TORPROTOCOL);
  72. done:
  73. ;
  74. }
  75. /* Automap on resolve, connect to automapped address, resolve again and get
  76. * same answer. (IPv4) */
  77. static void
  78. test_entryconn_rewrite_automap_ipv4(void *arg)
  79. {
  80. entry_connection_t *ec = arg;
  81. entry_connection_t *ec2=NULL, *ec3=NULL;
  82. rewrite_result_t rr;
  83. char *msg = NULL;
  84. ec2 = entry_connection_new(CONN_TYPE_AP, AF_INET);
  85. ec3 = entry_connection_new(CONN_TYPE_AP, AF_INET);
  86. get_options_mutable()->AutomapHostsOnResolve = 1;
  87. smartlist_add_strdup(get_options_mutable()->AutomapHostsSuffixes, ".");
  88. parse_virtual_addr_network("127.202.0.0/16", AF_INET, 0, &msg);
  89. /* Automap this on resolve. */
  90. strlcpy(ec->socks_request->address, "WWW.MIT.EDU",
  91. sizeof(ec->socks_request->address));
  92. ec->socks_request->command = SOCKS_COMMAND_RESOLVE;
  93. connection_ap_handshake_rewrite(ec, &rr);
  94. tt_int_op(rr.automap, OP_EQ, 1);
  95. tt_int_op(rr.should_close, OP_EQ, 0);
  96. tt_int_op(rr.end_reason, OP_EQ, 0);
  97. tt_i64_op(rr.map_expires, OP_EQ, TIME_MAX);
  98. tt_int_op(rr.exit_source, OP_EQ, ADDRMAPSRC_NONE);
  99. tt_str_op(rr.orig_address, OP_EQ, "www.mit.edu");
  100. tt_str_op(ec->original_dest_address, OP_EQ, "www.mit.edu");
  101. tt_assert(!strcmpstart(ec->socks_request->address,"127.202."));
  102. /* Connect to it and make sure we get the original address back. */
  103. strlcpy(ec2->socks_request->address, ec->socks_request->address,
  104. sizeof(ec2->socks_request->address));
  105. ec2->socks_request->command = SOCKS_COMMAND_CONNECT;
  106. connection_ap_handshake_rewrite(ec2, &rr);
  107. tt_int_op(rr.automap, OP_EQ, 0);
  108. tt_int_op(rr.should_close, OP_EQ, 0);
  109. tt_int_op(rr.end_reason, OP_EQ, 0);
  110. tt_i64_op(rr.map_expires, OP_EQ, TIME_MAX);
  111. tt_int_op(rr.exit_source, OP_EQ, ADDRMAPSRC_NONE);
  112. tt_str_op(rr.orig_address, OP_EQ, ec->socks_request->address);
  113. tt_str_op(ec2->original_dest_address, OP_EQ, ec->socks_request->address);
  114. tt_str_op(ec2->socks_request->address, OP_EQ, "www.mit.edu");
  115. /* Resolve it again, make sure the answer is the same. */
  116. strlcpy(ec3->socks_request->address, "www.MIT.EDU",
  117. sizeof(ec3->socks_request->address));
  118. ec3->socks_request->command = SOCKS_COMMAND_RESOLVE;
  119. connection_ap_handshake_rewrite(ec3, &rr);
  120. tt_int_op(rr.automap, OP_EQ, 1);
  121. tt_int_op(rr.should_close, OP_EQ, 0);
  122. tt_int_op(rr.end_reason, OP_EQ, 0);
  123. tt_i64_op(rr.map_expires, OP_EQ, TIME_MAX);
  124. tt_int_op(rr.exit_source, OP_EQ, ADDRMAPSRC_NONE);
  125. tt_str_op(rr.orig_address, OP_EQ, "www.mit.edu");
  126. tt_str_op(ec3->original_dest_address, OP_EQ, "www.mit.edu");
  127. tt_str_op(ec3->socks_request->address, OP_EQ,
  128. ec->socks_request->address);
  129. done:
  130. connection_free_(ENTRY_TO_CONN(ec2));
  131. connection_free_(ENTRY_TO_CONN(ec3));
  132. }
  133. /* Automap on resolve, connect to automapped address, resolve again and get
  134. * same answer. (IPv6) */
  135. static void
  136. test_entryconn_rewrite_automap_ipv6(void *arg)
  137. {
  138. (void)arg;
  139. entry_connection_t *ec =NULL;
  140. entry_connection_t *ec2=NULL, *ec3=NULL;
  141. rewrite_result_t rr;
  142. char *msg = NULL;
  143. ec = entry_connection_new(CONN_TYPE_AP, AF_INET6);
  144. ec2 = entry_connection_new(CONN_TYPE_AP, AF_INET6);
  145. ec3 = entry_connection_new(CONN_TYPE_AP, AF_INET6);
  146. get_options_mutable()->AutomapHostsOnResolve = 1;
  147. smartlist_add_strdup(get_options_mutable()->AutomapHostsSuffixes, ".");
  148. parse_virtual_addr_network("FE80::/32", AF_INET6, 0, &msg);
  149. /* Automap this on resolve. */
  150. strlcpy(ec->socks_request->address, "WWW.MIT.EDU",
  151. sizeof(ec->socks_request->address));
  152. ec->socks_request->command = SOCKS_COMMAND_RESOLVE;
  153. connection_ap_handshake_rewrite(ec, &rr);
  154. tt_int_op(rr.automap, OP_EQ, 1);
  155. tt_int_op(rr.should_close, OP_EQ, 0);
  156. tt_int_op(rr.end_reason, OP_EQ, 0);
  157. tt_i64_op(rr.map_expires, OP_EQ, TIME_MAX);
  158. tt_int_op(rr.exit_source, OP_EQ, ADDRMAPSRC_NONE);
  159. tt_str_op(rr.orig_address, OP_EQ, "www.mit.edu");
  160. tt_str_op(ec->original_dest_address, OP_EQ, "www.mit.edu");
  161. /* Yes, this [ should be here. */
  162. tt_assert(!strcmpstart(ec->socks_request->address,"[fe80:"));
  163. /* Connect to it and make sure we get the original address back. */
  164. strlcpy(ec2->socks_request->address, ec->socks_request->address,
  165. sizeof(ec2->socks_request->address));
  166. ec2->socks_request->command = SOCKS_COMMAND_CONNECT;
  167. connection_ap_handshake_rewrite(ec2, &rr);
  168. tt_int_op(rr.automap, OP_EQ, 0);
  169. tt_int_op(rr.should_close, OP_EQ, 0);
  170. tt_int_op(rr.end_reason, OP_EQ, 0);
  171. tt_i64_op(rr.map_expires, OP_EQ, TIME_MAX);
  172. tt_int_op(rr.exit_source, OP_EQ, ADDRMAPSRC_NONE);
  173. tt_str_op(rr.orig_address, OP_EQ, ec->socks_request->address);
  174. tt_str_op(ec2->original_dest_address, OP_EQ, ec->socks_request->address);
  175. tt_str_op(ec2->socks_request->address, OP_EQ, "www.mit.edu");
  176. /* Resolve it again, make sure the answer is the same. */
  177. strlcpy(ec3->socks_request->address, "www.MIT.EDU",
  178. sizeof(ec3->socks_request->address));
  179. ec3->socks_request->command = SOCKS_COMMAND_RESOLVE;
  180. connection_ap_handshake_rewrite(ec3, &rr);
  181. tt_int_op(rr.automap, OP_EQ, 1);
  182. tt_int_op(rr.should_close, OP_EQ, 0);
  183. tt_int_op(rr.end_reason, OP_EQ, 0);
  184. tt_i64_op(rr.map_expires, OP_EQ, TIME_MAX);
  185. tt_int_op(rr.exit_source, OP_EQ, ADDRMAPSRC_NONE);
  186. tt_str_op(rr.orig_address, OP_EQ, "www.mit.edu");
  187. tt_str_op(ec3->original_dest_address, OP_EQ, "www.mit.edu");
  188. tt_str_op(ec3->socks_request->address, OP_EQ,
  189. ec->socks_request->address);
  190. done:
  191. connection_free_(ENTRY_TO_CONN(ec));
  192. connection_free_(ENTRY_TO_CONN(ec2));
  193. connection_free_(ENTRY_TO_CONN(ec3));
  194. }
  195. #if 0
  196. /* FFFF not actually supported. */
  197. /* automap on resolve, reverse lookup. */
  198. static void
  199. test_entryconn_rewrite_automap_reverse(void *arg)
  200. {
  201. entry_connection_t *ec = arg;
  202. entry_connection_t *ec2=NULL;
  203. rewrite_result_t rr;
  204. char *msg = NULL;
  205. ec2 = entry_connection_new(CONN_TYPE_AP, AF_INET);
  206. get_options_mutable()->AutomapHostsOnResolve = 1;
  207. get_options_mutable()->SafeLogging_ = SAFELOG_SCRUB_NONE;
  208. smartlist_add(get_options_mutable()->AutomapHostsSuffixes,
  209. tor_strdup(".bloom"));
  210. parse_virtual_addr_network("127.80.0.0/16", AF_INET, 0, &msg);
  211. /* Automap this on resolve. */
  212. strlcpy(ec->socks_request->address, "www.poldy.BLOOM",
  213. sizeof(ec->socks_request->address));
  214. ec->socks_request->command = SOCKS_COMMAND_RESOLVE;
  215. connection_ap_handshake_rewrite(ec, &rr);
  216. tt_int_op(rr.automap, OP_EQ, 1);
  217. tt_int_op(rr.should_close, OP_EQ, 0);
  218. tt_int_op(rr.end_reason, OP_EQ, 0);
  219. tt_i64_op(rr.map_expires, OP_EQ, TIME_MAX);
  220. tt_int_op(rr.exit_source, OP_EQ, ADDRMAPSRC_NONE);
  221. tt_str_op(rr.orig_address, OP_EQ, "www.poldy.bloom");
  222. tt_str_op(ec->original_dest_address, OP_EQ, "www.poldy.bloom");
  223. tt_assert(!strcmpstart(ec->socks_request->address,"127.80."));
  224. strlcpy(ec2->socks_request->address, ec->socks_request->address,
  225. sizeof(ec2->socks_request->address));
  226. ec2->socks_request->command = SOCKS_COMMAND_RESOLVE_PTR;
  227. connection_ap_handshake_rewrite(ec2, &rr);
  228. tt_int_op(rr.automap, OP_EQ, 0);
  229. tt_int_op(rr.should_close, OP_EQ, 1);
  230. tt_int_op(rr.end_reason, OP_EQ,
  231. END_STREAM_REASON_DONE|END_STREAM_REASON_FLAG_ALREADY_SOCKS_REPLIED);
  232. tt_i64_op(rr.map_expires, OP_EQ, TIME_MAX);
  233. tt_int_op(rr.exit_source, OP_EQ, ADDRMAPSRC_NONE);
  234. done:
  235. connection_free_(ENTRY_TO_CONN(ec2));
  236. }
  237. #endif /* 0 */
  238. /* Rewrite because of cached DNS entry. */
  239. static void
  240. test_entryconn_rewrite_cached_dns_ipv4(void *arg)
  241. {
  242. entry_connection_t *ec = arg;
  243. rewrite_result_t rr;
  244. time_t expires = time(NULL) + 3600;
  245. entry_connection_t *ec2=NULL;
  246. ec2 = entry_connection_new(CONN_TYPE_AP, AF_INET);
  247. addressmap_register("www.friendly.example.com",
  248. tor_strdup("240.240.241.241"),
  249. expires,
  250. ADDRMAPSRC_DNS,
  251. 0, 0);
  252. strlcpy(ec->socks_request->address, "www.friendly.example.com",
  253. sizeof(ec->socks_request->address));
  254. strlcpy(ec2->socks_request->address, "www.friendly.example.com",
  255. sizeof(ec2->socks_request->address));
  256. ec->socks_request->command = SOCKS_COMMAND_CONNECT;
  257. ec2->socks_request->command = SOCKS_COMMAND_CONNECT;
  258. ec2->entry_cfg.use_cached_ipv4_answers = 1; /* only ec2 gets this flag */
  259. connection_ap_handshake_rewrite(ec, &rr);
  260. tt_int_op(rr.automap, OP_EQ, 0);
  261. tt_int_op(rr.should_close, OP_EQ, 0);
  262. tt_int_op(rr.end_reason, OP_EQ, 0);
  263. tt_i64_op(rr.map_expires, OP_EQ, TIME_MAX);
  264. tt_int_op(rr.exit_source, OP_EQ, ADDRMAPSRC_NONE);
  265. tt_str_op(rr.orig_address, OP_EQ, "www.friendly.example.com");
  266. tt_str_op(ec->socks_request->address, OP_EQ, "www.friendly.example.com");
  267. connection_ap_handshake_rewrite(ec2, &rr);
  268. tt_int_op(rr.automap, OP_EQ, 0);
  269. tt_int_op(rr.should_close, OP_EQ, 0);
  270. tt_int_op(rr.end_reason, OP_EQ, 0);
  271. tt_i64_op(rr.map_expires, OP_EQ, expires);
  272. tt_int_op(rr.exit_source, OP_EQ, ADDRMAPSRC_NONE);
  273. tt_str_op(rr.orig_address, OP_EQ, "www.friendly.example.com");
  274. tt_str_op(ec2->socks_request->address, OP_EQ, "240.240.241.241");
  275. done:
  276. connection_free_(ENTRY_TO_CONN(ec2));
  277. }
  278. /* Rewrite because of cached DNS entry. */
  279. static void
  280. test_entryconn_rewrite_cached_dns_ipv6(void *arg)
  281. {
  282. entry_connection_t *ec = NULL;
  283. rewrite_result_t rr;
  284. time_t expires = time(NULL) + 3600;
  285. entry_connection_t *ec2=NULL;
  286. (void)arg;
  287. ec = entry_connection_new(CONN_TYPE_AP, AF_INET6);
  288. ec2 = entry_connection_new(CONN_TYPE_AP, AF_INET6);
  289. addressmap_register("www.friendly.example.com",
  290. tor_strdup("[::f00f]"),
  291. expires,
  292. ADDRMAPSRC_DNS,
  293. 0, 0);
  294. strlcpy(ec->socks_request->address, "www.friendly.example.com",
  295. sizeof(ec->socks_request->address));
  296. strlcpy(ec2->socks_request->address, "www.friendly.example.com",
  297. sizeof(ec2->socks_request->address));
  298. ec->socks_request->command = SOCKS_COMMAND_CONNECT;
  299. ec2->socks_request->command = SOCKS_COMMAND_CONNECT;
  300. ec2->entry_cfg.use_cached_ipv6_answers = 1; /* only ec2 gets this flag */
  301. connection_ap_handshake_rewrite(ec, &rr);
  302. tt_int_op(rr.automap, OP_EQ, 0);
  303. tt_int_op(rr.should_close, OP_EQ, 0);
  304. tt_int_op(rr.end_reason, OP_EQ, 0);
  305. tt_i64_op(rr.map_expires, OP_EQ, TIME_MAX);
  306. tt_int_op(rr.exit_source, OP_EQ, ADDRMAPSRC_NONE);
  307. tt_str_op(rr.orig_address, OP_EQ, "www.friendly.example.com");
  308. tt_str_op(ec->socks_request->address, OP_EQ, "www.friendly.example.com");
  309. connection_ap_handshake_rewrite(ec2, &rr);
  310. tt_int_op(rr.automap, OP_EQ, 0);
  311. tt_int_op(rr.should_close, OP_EQ, 0);
  312. tt_int_op(rr.end_reason, OP_EQ, 0);
  313. tt_i64_op(rr.map_expires, OP_EQ, expires);
  314. tt_int_op(rr.exit_source, OP_EQ, ADDRMAPSRC_NONE);
  315. tt_str_op(rr.orig_address, OP_EQ, "www.friendly.example.com");
  316. tt_str_op(ec2->socks_request->address, OP_EQ, "[::f00f]");
  317. done:
  318. connection_free_(ENTRY_TO_CONN(ec));
  319. connection_free_(ENTRY_TO_CONN(ec2));
  320. }
  321. /* Fail to connect to unmapped address in virtual range. */
  322. static void
  323. test_entryconn_rewrite_unmapped_virtual(void *arg)
  324. {
  325. entry_connection_t *ec = arg;
  326. rewrite_result_t rr;
  327. entry_connection_t *ec2 = NULL;
  328. char *msg = NULL;
  329. ec2 = entry_connection_new(CONN_TYPE_AP, AF_INET6);
  330. parse_virtual_addr_network("18.202.0.0/16", AF_INET, 0, &msg);
  331. parse_virtual_addr_network("[ABCD::]/16", AF_INET6, 0, &msg);
  332. strlcpy(ec->socks_request->address, "18.202.5.5",
  333. sizeof(ec->socks_request->address));
  334. ec->socks_request->command = SOCKS_COMMAND_CONNECT;
  335. connection_ap_handshake_rewrite(ec, &rr);
  336. tt_int_op(rr.should_close, OP_EQ, 1);
  337. tt_int_op(rr.end_reason, OP_EQ, END_STREAM_REASON_INTERNAL);
  338. tt_int_op(rr.automap, OP_EQ, 0);
  339. tt_i64_op(rr.map_expires, OP_EQ, TIME_MAX);
  340. tt_int_op(rr.exit_source, OP_EQ, ADDRMAPSRC_NONE);
  341. strlcpy(ec2->socks_request->address, "[ABCD:9::5314:9543]",
  342. sizeof(ec2->socks_request->address));
  343. ec2->socks_request->command = SOCKS_COMMAND_CONNECT;
  344. connection_ap_handshake_rewrite(ec2, &rr);
  345. tt_int_op(rr.should_close, OP_EQ, 1);
  346. tt_int_op(rr.end_reason, OP_EQ, END_STREAM_REASON_INTERNAL);
  347. tt_int_op(rr.automap, OP_EQ, 0);
  348. tt_i64_op(rr.map_expires, OP_EQ, TIME_MAX);
  349. tt_int_op(rr.exit_source, OP_EQ, ADDRMAPSRC_NONE);
  350. done:
  351. connection_free_(ENTRY_TO_CONN(ec2));
  352. }
  353. /* Rewrite because of mapaddress option */
  354. static void
  355. test_entryconn_rewrite_mapaddress(void *arg)
  356. {
  357. entry_connection_t *ec = arg;
  358. rewrite_result_t rr;
  359. config_line_append(&get_options_mutable()->AddressMap,
  360. "MapAddress", "meta metaobjects.example");
  361. config_register_addressmaps(get_options());
  362. strlcpy(ec->socks_request->address, "meta",
  363. sizeof(ec->socks_request->address));
  364. ec->socks_request->command = SOCKS_COMMAND_CONNECT;
  365. connection_ap_handshake_rewrite(ec, &rr);
  366. tt_int_op(rr.should_close, OP_EQ, 0);
  367. tt_int_op(rr.end_reason, OP_EQ, 0);
  368. tt_int_op(rr.automap, OP_EQ, 0);
  369. tt_i64_op(rr.map_expires, OP_EQ, TIME_MAX);
  370. tt_int_op(rr.exit_source, OP_EQ, ADDRMAPSRC_NONE);
  371. tt_str_op(ec->socks_request->address, OP_EQ, "metaobjects.example");
  372. done:
  373. ;
  374. }
  375. /* Reject reverse lookups of internal address. */
  376. static void
  377. test_entryconn_rewrite_reject_internal_reverse(void *arg)
  378. {
  379. entry_connection_t *ec = arg;
  380. rewrite_result_t rr;
  381. strlcpy(ec->socks_request->address, "10.0.0.1",
  382. sizeof(ec->socks_request->address));
  383. ec->socks_request->command = SOCKS_COMMAND_RESOLVE_PTR;
  384. connection_ap_handshake_rewrite(ec, &rr);
  385. tt_int_op(rr.should_close, OP_EQ, 1);
  386. tt_int_op(rr.end_reason, OP_EQ, END_STREAM_REASON_SOCKSPROTOCOL |
  387. END_STREAM_REASON_FLAG_ALREADY_SOCKS_REPLIED);
  388. tt_int_op(rr.automap, OP_EQ, 0);
  389. tt_i64_op(rr.map_expires, OP_EQ, TIME_MAX);
  390. tt_int_op(rr.exit_source, OP_EQ, ADDRMAPSRC_NONE);
  391. done:
  392. ;
  393. }
  394. /* Rewrite into .exit because of virtual address mapping. */
  395. static void
  396. test_entryconn_rewrite_automap_exit(void *arg)
  397. {
  398. entry_connection_t *ec = arg;
  399. entry_connection_t *ec2=NULL;
  400. rewrite_result_t rr;
  401. char *msg = NULL;
  402. ec2 = entry_connection_new(CONN_TYPE_AP, AF_INET);
  403. smartlist_add_strdup(get_options_mutable()->AutomapHostsSuffixes,
  404. ".EXIT");
  405. parse_virtual_addr_network("127.1.0.0/16", AF_INET, 0, &msg);
  406. /* Try to automap this on resolve. */
  407. strlcpy(ec->socks_request->address, "website.example.exit",
  408. sizeof(ec->socks_request->address));
  409. ec->socks_request->command = SOCKS_COMMAND_RESOLVE;
  410. connection_ap_handshake_rewrite(ec, &rr);
  411. /* Make sure it isn't allowed -- there is no longer an AllowDotExit
  412. * option. */
  413. tt_int_op(rr.automap, OP_EQ, 0);
  414. tt_int_op(rr.should_close, OP_EQ, 1);
  415. tt_int_op(rr.end_reason, OP_EQ, END_STREAM_REASON_TORPROTOCOL);
  416. done:
  417. connection_free_(ENTRY_TO_CONN(ec2));
  418. }
  419. /* Rewrite into .exit because of mapaddress */
  420. static void
  421. test_entryconn_rewrite_mapaddress_exit(void *arg)
  422. {
  423. entry_connection_t *ec = arg;
  424. rewrite_result_t rr;
  425. config_line_append(&get_options_mutable()->AddressMap,
  426. "MapAddress", "*.example.com *.example.com.abc.exit");
  427. config_register_addressmaps(get_options());
  428. /* Automap this on resolve. */
  429. strlcpy(ec->socks_request->address, "abc.example.com",
  430. sizeof(ec->socks_request->address));
  431. ec->socks_request->command = SOCKS_COMMAND_CONNECT;
  432. connection_ap_handshake_rewrite(ec, &rr);
  433. tt_int_op(rr.automap, OP_EQ, 0);
  434. tt_int_op(rr.should_close, OP_EQ, 0);
  435. tt_int_op(rr.end_reason, OP_EQ, 0);
  436. tt_i64_op(rr.map_expires, OP_EQ, TIME_MAX);
  437. tt_int_op(rr.exit_source, OP_EQ, ADDRMAPSRC_TORRC);
  438. tt_str_op(rr.orig_address, OP_EQ, "abc.example.com");
  439. tt_str_op(ec->socks_request->address, OP_EQ, "abc.example.com.abc.exit");
  440. done:
  441. ;
  442. }
  443. /* Map foo.onion to longthing.onion, and also automap. */
  444. static void
  445. test_entryconn_rewrite_mapaddress_automap_onion(void *arg)
  446. {
  447. entry_connection_t *ec = arg;
  448. entry_connection_t *ec2 = NULL;
  449. entry_connection_t *ec3 = NULL;
  450. entry_connection_t *ec4 = NULL;
  451. rewrite_result_t rr;
  452. char *msg = NULL;
  453. ec2 = entry_connection_new(CONN_TYPE_AP, AF_INET);
  454. ec3 = entry_connection_new(CONN_TYPE_AP, AF_INET);
  455. ec4 = entry_connection_new(CONN_TYPE_AP, AF_INET);
  456. get_options_mutable()->AutomapHostsOnResolve = 1;
  457. smartlist_add_strdup(get_options_mutable()->AutomapHostsSuffixes,
  458. ".onion");
  459. parse_virtual_addr_network("192.168.0.0/16", AF_INET, 0, &msg);
  460. config_line_append(&get_options_mutable()->AddressMap,
  461. "MapAddress", "foo.onion abcdefghijklmnop.onion");
  462. config_register_addressmaps(get_options());
  463. /* Connect to foo.onion. */
  464. strlcpy(ec->socks_request->address, "foo.onion",
  465. sizeof(ec->socks_request->address));
  466. ec->socks_request->command = SOCKS_COMMAND_CONNECT;
  467. connection_ap_handshake_rewrite(ec, &rr);
  468. tt_int_op(rr.automap, OP_EQ, 0);
  469. tt_int_op(rr.should_close, OP_EQ, 0);
  470. tt_int_op(rr.end_reason, OP_EQ, 0);
  471. tt_i64_op(rr.map_expires, OP_EQ, TIME_MAX);
  472. tt_int_op(rr.exit_source, OP_EQ, ADDRMAPSRC_NONE);
  473. tt_str_op(rr.orig_address, OP_EQ, "foo.onion");
  474. tt_str_op(ec->socks_request->address, OP_EQ, "abcdefghijklmnop.onion");
  475. /* Okay, resolve foo.onion */
  476. strlcpy(ec2->socks_request->address, "foo.onion",
  477. sizeof(ec2->socks_request->address));
  478. ec2->socks_request->command = SOCKS_COMMAND_RESOLVE;
  479. connection_ap_handshake_rewrite(ec2, &rr);
  480. tt_int_op(rr.automap, OP_EQ, 1);
  481. tt_int_op(rr.should_close, OP_EQ, 0);
  482. tt_int_op(rr.end_reason, OP_EQ, 0);
  483. tt_i64_op(rr.map_expires, OP_EQ, TIME_MAX);
  484. tt_int_op(rr.exit_source, OP_EQ, ADDRMAPSRC_NONE);
  485. tt_str_op(rr.orig_address, OP_EQ, "foo.onion");
  486. tt_assert(!strcmpstart(ec2->socks_request->address, "192.168."));
  487. /* Now connect */
  488. strlcpy(ec3->socks_request->address, ec2->socks_request->address,
  489. sizeof(ec3->socks_request->address));
  490. ec3->socks_request->command = SOCKS_COMMAND_CONNECT;
  491. connection_ap_handshake_rewrite(ec3, &rr);
  492. tt_int_op(rr.automap, OP_EQ, 0);
  493. tt_int_op(rr.should_close, OP_EQ, 0);
  494. tt_int_op(rr.end_reason, OP_EQ, 0);
  495. tt_assert(!strcmpstart(ec3->socks_request->address,
  496. "abcdefghijklmnop.onion"));
  497. /* Now resolve abcefghijklmnop.onion. */
  498. strlcpy(ec4->socks_request->address, "abcdefghijklmnop.onion",
  499. sizeof(ec4->socks_request->address));
  500. ec4->socks_request->command = SOCKS_COMMAND_RESOLVE;
  501. connection_ap_handshake_rewrite(ec4, &rr);
  502. tt_int_op(rr.automap, OP_EQ, 1);
  503. tt_int_op(rr.should_close, OP_EQ, 0);
  504. tt_int_op(rr.end_reason, OP_EQ, 0);
  505. tt_i64_op(rr.map_expires, OP_EQ, TIME_MAX);
  506. tt_int_op(rr.exit_source, OP_EQ, ADDRMAPSRC_NONE);
  507. tt_str_op(rr.orig_address, OP_EQ, "abcdefghijklmnop.onion");
  508. tt_assert(!strcmpstart(ec4->socks_request->address, "192.168."));
  509. /* XXXX doesn't work
  510. tt_str_op(ec4->socks_request->address, OP_EQ, ec2->socks_request->address);
  511. */
  512. done:
  513. connection_free_(ENTRY_TO_CONN(ec2));
  514. connection_free_(ENTRY_TO_CONN(ec3));
  515. connection_free_(ENTRY_TO_CONN(ec4));
  516. }
  517. static void
  518. test_entryconn_rewrite_mapaddress_automap_onion_common(entry_connection_t *ec,
  519. int map_to_onion,
  520. int map_to_address)
  521. {
  522. entry_connection_t *ec2 = NULL;
  523. entry_connection_t *ec3 = NULL;
  524. rewrite_result_t rr;
  525. ec2 = entry_connection_new(CONN_TYPE_AP, AF_INET);
  526. ec3 = entry_connection_new(CONN_TYPE_AP, AF_INET);
  527. /* Connect to irc.example.com */
  528. strlcpy(ec->socks_request->address, "irc.example.com",
  529. sizeof(ec->socks_request->address));
  530. ec->socks_request->command = SOCKS_COMMAND_CONNECT;
  531. connection_ap_handshake_rewrite(ec, &rr);
  532. tt_int_op(rr.automap, OP_EQ, 0);
  533. tt_int_op(rr.should_close, OP_EQ, 0);
  534. tt_int_op(rr.end_reason, OP_EQ, 0);
  535. tt_i64_op(rr.map_expires, OP_EQ, TIME_MAX);
  536. tt_int_op(rr.exit_source, OP_EQ, ADDRMAPSRC_NONE);
  537. tt_str_op(rr.orig_address, OP_EQ, "irc.example.com");
  538. tt_str_op(ec->socks_request->address, OP_EQ,
  539. map_to_onion ? "abcdefghijklmnop.onion" : "irc.example.com");
  540. /* Okay, resolve irc.example.com */
  541. strlcpy(ec2->socks_request->address, "irc.example.com",
  542. sizeof(ec2->socks_request->address));
  543. ec2->socks_request->command = SOCKS_COMMAND_RESOLVE;
  544. connection_ap_handshake_rewrite(ec2, &rr);
  545. tt_int_op(rr.automap, OP_EQ, map_to_onion && map_to_address);
  546. tt_int_op(rr.should_close, OP_EQ, 0);
  547. tt_int_op(rr.end_reason, OP_EQ, 0);
  548. tt_i64_op(rr.map_expires, OP_EQ, TIME_MAX);
  549. tt_int_op(rr.exit_source, OP_EQ, ADDRMAPSRC_NONE);
  550. tt_str_op(rr.orig_address, OP_EQ, "irc.example.com");
  551. if (map_to_onion && map_to_address)
  552. tt_assert(!strcmpstart(ec2->socks_request->address, "192.168."));
  553. /* Now connect */
  554. strlcpy(ec3->socks_request->address, ec2->socks_request->address,
  555. sizeof(ec3->socks_request->address));
  556. ec3->socks_request->command = SOCKS_COMMAND_CONNECT;
  557. connection_ap_handshake_rewrite(ec3, &rr);
  558. tt_int_op(rr.automap, OP_EQ, 0);
  559. tt_int_op(rr.should_close, OP_EQ, 0);
  560. tt_int_op(rr.end_reason, OP_EQ, 0);
  561. if (map_to_onion)
  562. tt_assert(!strcmpstart(ec3->socks_request->address,
  563. "abcdefghijklmnop.onion"));
  564. done:
  565. connection_free_(ENTRY_TO_CONN(ec2));
  566. connection_free_(ENTRY_TO_CONN(ec3));
  567. }
  568. /* This time is the same, but we start with a mapping from a non-onion
  569. * address. */
  570. static void
  571. test_entryconn_rewrite_mapaddress_automap_onion2(void *arg)
  572. {
  573. char *msg = NULL;
  574. get_options_mutable()->AutomapHostsOnResolve = 1;
  575. smartlist_add_strdup(get_options_mutable()->AutomapHostsSuffixes,
  576. ".onion");
  577. parse_virtual_addr_network("192.168.0.0/16", AF_INET, 0, &msg);
  578. config_line_append(&get_options_mutable()->AddressMap,
  579. "MapAddress", "irc.example.com abcdefghijklmnop.onion");
  580. config_register_addressmaps(get_options());
  581. test_entryconn_rewrite_mapaddress_automap_onion_common(arg, 1, 1);
  582. }
  583. /* Same as above, with automapped turned off */
  584. static void
  585. test_entryconn_rewrite_mapaddress_automap_onion3(void *arg)
  586. {
  587. config_line_append(&get_options_mutable()->AddressMap,
  588. "MapAddress", "irc.example.com abcdefghijklmnop.onion");
  589. config_register_addressmaps(get_options());
  590. test_entryconn_rewrite_mapaddress_automap_onion_common(arg, 1, 0);
  591. }
  592. /* As above, with no mapping. */
  593. static void
  594. test_entryconn_rewrite_mapaddress_automap_onion4(void *arg)
  595. {
  596. char *msg = NULL;
  597. get_options_mutable()->AutomapHostsOnResolve = 1;
  598. smartlist_add_strdup(get_options_mutable()->AutomapHostsSuffixes,
  599. ".onion");
  600. parse_virtual_addr_network("192.168.0.0/16", AF_INET, 0, &msg);
  601. test_entryconn_rewrite_mapaddress_automap_onion_common(arg, 0, 1);
  602. }
  603. /** Test that rewrite functions can handle v2 addresses */
  604. static void
  605. test_entryconn_rewrite_onion_v2(void *arg)
  606. {
  607. int retval;
  608. entry_connection_t *conn = arg;
  609. (void) arg;
  610. rend_cache_init();
  611. /* Make a SOCKS request */
  612. conn->socks_request->command = SOCKS_COMMAND_CONNECT;
  613. strlcpy(conn->socks_request->address,
  614. "pqeed46efnwmfuid.onion",
  615. sizeof(conn->socks_request->address));
  616. /* Make an onion connection using the SOCKS request */
  617. conn->entry_cfg.onion_traffic = 1;
  618. ENTRY_TO_CONN(conn)->state = AP_CONN_STATE_SOCKS_WAIT;
  619. tt_assert(!ENTRY_TO_EDGE_CONN(conn)->rend_data);
  620. /* Handle SOCKS and rewrite! */
  621. retval = connection_ap_handshake_rewrite_and_attach(conn, NULL, NULL);
  622. tt_int_op(retval, OP_EQ, 0);
  623. /* Check connection state after rewrite */
  624. tt_int_op(ENTRY_TO_CONN(conn)->state, OP_EQ, AP_CONN_STATE_RENDDESC_WAIT);
  625. /* check that the address got rewritten */
  626. tt_str_op(conn->socks_request->address, OP_EQ,
  627. "pqeed46efnwmfuid");
  628. /* check that HS information got attached to the connection */
  629. tt_assert(ENTRY_TO_EDGE_CONN(conn)->rend_data);
  630. tt_assert(!ENTRY_TO_EDGE_CONN(conn)->hs_ident);
  631. done:
  632. rend_cache_free_all();
  633. /* 'conn' is cleaned by handler */
  634. }
  635. /** Test that rewrite functions can handle v3 onion addresses */
  636. static void
  637. test_entryconn_rewrite_onion_v3(void *arg)
  638. {
  639. int retval;
  640. entry_connection_t *conn = arg;
  641. (void) arg;
  642. hs_cache_init();
  643. /* Make a SOCKS request */
  644. conn->socks_request->command = SOCKS_COMMAND_CONNECT;
  645. strlcpy(conn->socks_request->address,
  646. "git.25njqamcweflpvkl73j4szahhihoc4xt3ktcgjnpaingr5yhkenl5sid.onion",
  647. sizeof(conn->socks_request->address));
  648. /* Make an onion connection using the SOCKS request */
  649. conn->entry_cfg.onion_traffic = 1;
  650. ENTRY_TO_CONN(conn)->state = AP_CONN_STATE_SOCKS_WAIT;
  651. tt_assert(!ENTRY_TO_EDGE_CONN(conn)->rend_data);
  652. tt_assert(!ENTRY_TO_EDGE_CONN(conn)->hs_ident);
  653. /* Handle SOCKS and rewrite! */
  654. retval = connection_ap_handshake_rewrite_and_attach(conn, NULL, NULL);
  655. tt_int_op(retval, OP_EQ, 0);
  656. /* Check connection state after rewrite. It should be in waiting for
  657. * descriptor state. */
  658. tt_int_op(ENTRY_TO_CONN(conn)->state, OP_EQ, AP_CONN_STATE_RENDDESC_WAIT);
  659. /* check that the address got rewritten */
  660. tt_str_op(conn->socks_request->address, OP_EQ,
  661. "25njqamcweflpvkl73j4szahhihoc4xt3ktcgjnpaingr5yhkenl5sid");
  662. /* check that HS information got attached to the connection */
  663. tt_assert(ENTRY_TO_EDGE_CONN(conn)->hs_ident);
  664. tt_assert(!ENTRY_TO_EDGE_CONN(conn)->rend_data);
  665. done:
  666. hs_free_all();
  667. /* 'conn' is cleaned by handler */
  668. }
  669. #define REWRITE(name) \
  670. { #name, test_entryconn_##name, TT_FORK, &test_rewrite_setup, NULL }
  671. struct testcase_t entryconn_tests[] = {
  672. REWRITE(rewrite_basic),
  673. REWRITE(rewrite_bad_dotexit),
  674. REWRITE(rewrite_automap_ipv4),
  675. REWRITE(rewrite_automap_ipv6),
  676. // REWRITE(rewrite_automap_reverse),
  677. REWRITE(rewrite_cached_dns_ipv4),
  678. REWRITE(rewrite_cached_dns_ipv6),
  679. REWRITE(rewrite_unmapped_virtual),
  680. REWRITE(rewrite_mapaddress),
  681. REWRITE(rewrite_reject_internal_reverse),
  682. REWRITE(rewrite_automap_exit),
  683. REWRITE(rewrite_mapaddress_exit),
  684. REWRITE(rewrite_mapaddress_automap_onion),
  685. REWRITE(rewrite_mapaddress_automap_onion2),
  686. REWRITE(rewrite_mapaddress_automap_onion3),
  687. REWRITE(rewrite_mapaddress_automap_onion4),
  688. REWRITE(rewrite_onion_v2),
  689. REWRITE(rewrite_onion_v3),
  690. END_OF_TESTCASES
  691. };