123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526527528529530531532533534535536537538539540541542543544545546547548549550551552553554555556557558559560561562563564565566567568569570571572573574575576577578579580581582583584585586587588589590591592593594595596597598599600601602603604605606607608609610611612613614615616617618619620621622623624625626627628629630631632633634635636637638639640641642643644645646647648649650651652653654655656657658659660661662663664665666667668669670671672673674675676677678679680681682683684685686687688689690691692693694695696697698699700701702703704705706707708709710711712713714715716717718719720721722723724725726727728729730731732733734735736737738739740741742743744745746747748749750751752753754755756757758759760761762763764765766767768769770771772773774775776777778779780781782783784785786787788789790791792793794795796797798799800801802803804805806807808809810811812813814815816817818819820821822823824825826827828829830831832833 |
- /* Copyright (c) 2014-2017, The Tor Project, Inc. */
- /* See LICENSE for licensing information */
- #include "orconfig.h"
- #define CONNECTION_PRIVATE
- #define CONNECTION_EDGE_PRIVATE
- #include "or.h"
- #include "test.h"
- #include "addressmap.h"
- #include "config.h"
- #include "confparse.h"
- #include "connection.h"
- #include "connection_edge.h"
- #include "nodelist.h"
- #include "hs_cache.h"
- #include "rendcache.h"
- static void *
- entryconn_rewrite_setup(const struct testcase_t *tc)
- {
- (void)tc;
- entry_connection_t *ec = entry_connection_new(CONN_TYPE_AP, AF_INET);
- addressmap_init();
- return ec;
- }
- static int
- entryconn_rewrite_teardown(const struct testcase_t *tc, void *arg)
- {
- (void)tc;
- entry_connection_t *ec = arg;
- if (ec)
- connection_free_(ENTRY_TO_CONN(ec));
- addressmap_free_all();
- return 1;
- }
- static struct testcase_setup_t test_rewrite_setup = {
- entryconn_rewrite_setup, entryconn_rewrite_teardown
- };
- /* Simple rewrite: no changes needed */
- static void
- test_entryconn_rewrite_basic(void *arg)
- {
- entry_connection_t *ec = arg;
- rewrite_result_t rr;
- tt_assert(ec->socks_request);
- strlcpy(ec->socks_request->address, "www.TORproject.org",
- sizeof(ec->socks_request->address));
- ec->socks_request->command = SOCKS_COMMAND_CONNECT;
- connection_ap_handshake_rewrite(ec, &rr);
- tt_int_op(rr.should_close, OP_EQ, 0);
- tt_int_op(rr.end_reason, OP_EQ, 0);
- tt_int_op(rr.automap, OP_EQ, 0);
- tt_i64_op(rr.map_expires, OP_EQ, TIME_MAX);
- tt_int_op(rr.exit_source, OP_EQ, ADDRMAPSRC_NONE);
- tt_str_op(rr.orig_address, OP_EQ, "www.torproject.org");
- tt_str_op(ec->socks_request->address, OP_EQ, "www.torproject.org");
- tt_str_op(ec->original_dest_address, OP_EQ, "www.torproject.org");
- done:
- ;
- }
- /* Rewrite but reject because of disallowed .exit */
- static void
- test_entryconn_rewrite_bad_dotexit(void *arg)
- {
- entry_connection_t *ec = arg;
- rewrite_result_t rr;
- tt_assert(ec->socks_request);
- strlcpy(ec->socks_request->address, "www.TORproject.org.foo.exit",
- sizeof(ec->socks_request->address));
- ec->socks_request->command = SOCKS_COMMAND_CONNECT;
- connection_ap_handshake_rewrite(ec, &rr);
- tt_int_op(rr.should_close, OP_EQ, 1);
- tt_int_op(rr.end_reason, OP_EQ, END_STREAM_REASON_TORPROTOCOL);
- done:
- ;
- }
- /* Automap on resolve, connect to automapped address, resolve again and get
- * same answer. (IPv4) */
- static void
- test_entryconn_rewrite_automap_ipv4(void *arg)
- {
- entry_connection_t *ec = arg;
- entry_connection_t *ec2=NULL, *ec3=NULL;
- rewrite_result_t rr;
- char *msg = NULL;
- ec2 = entry_connection_new(CONN_TYPE_AP, AF_INET);
- ec3 = entry_connection_new(CONN_TYPE_AP, AF_INET);
- get_options_mutable()->AutomapHostsOnResolve = 1;
- smartlist_add_strdup(get_options_mutable()->AutomapHostsSuffixes, ".");
- parse_virtual_addr_network("127.202.0.0/16", AF_INET, 0, &msg);
- /* Automap this on resolve. */
- strlcpy(ec->socks_request->address, "WWW.MIT.EDU",
- sizeof(ec->socks_request->address));
- ec->socks_request->command = SOCKS_COMMAND_RESOLVE;
- connection_ap_handshake_rewrite(ec, &rr);
- tt_int_op(rr.automap, OP_EQ, 1);
- tt_int_op(rr.should_close, OP_EQ, 0);
- tt_int_op(rr.end_reason, OP_EQ, 0);
- tt_i64_op(rr.map_expires, OP_EQ, TIME_MAX);
- tt_int_op(rr.exit_source, OP_EQ, ADDRMAPSRC_NONE);
- tt_str_op(rr.orig_address, OP_EQ, "www.mit.edu");
- tt_str_op(ec->original_dest_address, OP_EQ, "www.mit.edu");
- tt_assert(!strcmpstart(ec->socks_request->address,"127.202."));
- /* Connect to it and make sure we get the original address back. */
- strlcpy(ec2->socks_request->address, ec->socks_request->address,
- sizeof(ec2->socks_request->address));
- ec2->socks_request->command = SOCKS_COMMAND_CONNECT;
- connection_ap_handshake_rewrite(ec2, &rr);
- tt_int_op(rr.automap, OP_EQ, 0);
- tt_int_op(rr.should_close, OP_EQ, 0);
- tt_int_op(rr.end_reason, OP_EQ, 0);
- tt_i64_op(rr.map_expires, OP_EQ, TIME_MAX);
- tt_int_op(rr.exit_source, OP_EQ, ADDRMAPSRC_NONE);
- tt_str_op(rr.orig_address, OP_EQ, ec->socks_request->address);
- tt_str_op(ec2->original_dest_address, OP_EQ, ec->socks_request->address);
- tt_str_op(ec2->socks_request->address, OP_EQ, "www.mit.edu");
- /* Resolve it again, make sure the answer is the same. */
- strlcpy(ec3->socks_request->address, "www.MIT.EDU",
- sizeof(ec3->socks_request->address));
- ec3->socks_request->command = SOCKS_COMMAND_RESOLVE;
- connection_ap_handshake_rewrite(ec3, &rr);
- tt_int_op(rr.automap, OP_EQ, 1);
- tt_int_op(rr.should_close, OP_EQ, 0);
- tt_int_op(rr.end_reason, OP_EQ, 0);
- tt_i64_op(rr.map_expires, OP_EQ, TIME_MAX);
- tt_int_op(rr.exit_source, OP_EQ, ADDRMAPSRC_NONE);
- tt_str_op(rr.orig_address, OP_EQ, "www.mit.edu");
- tt_str_op(ec3->original_dest_address, OP_EQ, "www.mit.edu");
- tt_str_op(ec3->socks_request->address, OP_EQ,
- ec->socks_request->address);
- done:
- connection_free_(ENTRY_TO_CONN(ec2));
- connection_free_(ENTRY_TO_CONN(ec3));
- }
- /* Automap on resolve, connect to automapped address, resolve again and get
- * same answer. (IPv6) */
- static void
- test_entryconn_rewrite_automap_ipv6(void *arg)
- {
- (void)arg;
- entry_connection_t *ec =NULL;
- entry_connection_t *ec2=NULL, *ec3=NULL;
- rewrite_result_t rr;
- char *msg = NULL;
- ec = entry_connection_new(CONN_TYPE_AP, AF_INET6);
- ec2 = entry_connection_new(CONN_TYPE_AP, AF_INET6);
- ec3 = entry_connection_new(CONN_TYPE_AP, AF_INET6);
- get_options_mutable()->AutomapHostsOnResolve = 1;
- smartlist_add_strdup(get_options_mutable()->AutomapHostsSuffixes, ".");
- parse_virtual_addr_network("FE80::/32", AF_INET6, 0, &msg);
- /* Automap this on resolve. */
- strlcpy(ec->socks_request->address, "WWW.MIT.EDU",
- sizeof(ec->socks_request->address));
- ec->socks_request->command = SOCKS_COMMAND_RESOLVE;
- connection_ap_handshake_rewrite(ec, &rr);
- tt_int_op(rr.automap, OP_EQ, 1);
- tt_int_op(rr.should_close, OP_EQ, 0);
- tt_int_op(rr.end_reason, OP_EQ, 0);
- tt_i64_op(rr.map_expires, OP_EQ, TIME_MAX);
- tt_int_op(rr.exit_source, OP_EQ, ADDRMAPSRC_NONE);
- tt_str_op(rr.orig_address, OP_EQ, "www.mit.edu");
- tt_str_op(ec->original_dest_address, OP_EQ, "www.mit.edu");
- /* Yes, this [ should be here. */
- tt_assert(!strcmpstart(ec->socks_request->address,"[fe80:"));
- /* Connect to it and make sure we get the original address back. */
- strlcpy(ec2->socks_request->address, ec->socks_request->address,
- sizeof(ec2->socks_request->address));
- ec2->socks_request->command = SOCKS_COMMAND_CONNECT;
- connection_ap_handshake_rewrite(ec2, &rr);
- tt_int_op(rr.automap, OP_EQ, 0);
- tt_int_op(rr.should_close, OP_EQ, 0);
- tt_int_op(rr.end_reason, OP_EQ, 0);
- tt_i64_op(rr.map_expires, OP_EQ, TIME_MAX);
- tt_int_op(rr.exit_source, OP_EQ, ADDRMAPSRC_NONE);
- tt_str_op(rr.orig_address, OP_EQ, ec->socks_request->address);
- tt_str_op(ec2->original_dest_address, OP_EQ, ec->socks_request->address);
- tt_str_op(ec2->socks_request->address, OP_EQ, "www.mit.edu");
- /* Resolve it again, make sure the answer is the same. */
- strlcpy(ec3->socks_request->address, "www.MIT.EDU",
- sizeof(ec3->socks_request->address));
- ec3->socks_request->command = SOCKS_COMMAND_RESOLVE;
- connection_ap_handshake_rewrite(ec3, &rr);
- tt_int_op(rr.automap, OP_EQ, 1);
- tt_int_op(rr.should_close, OP_EQ, 0);
- tt_int_op(rr.end_reason, OP_EQ, 0);
- tt_i64_op(rr.map_expires, OP_EQ, TIME_MAX);
- tt_int_op(rr.exit_source, OP_EQ, ADDRMAPSRC_NONE);
- tt_str_op(rr.orig_address, OP_EQ, "www.mit.edu");
- tt_str_op(ec3->original_dest_address, OP_EQ, "www.mit.edu");
- tt_str_op(ec3->socks_request->address, OP_EQ,
- ec->socks_request->address);
- done:
- connection_free_(ENTRY_TO_CONN(ec));
- connection_free_(ENTRY_TO_CONN(ec2));
- connection_free_(ENTRY_TO_CONN(ec3));
- }
- #if 0
- /* FFFF not actually supported. */
- /* automap on resolve, reverse lookup. */
- static void
- test_entryconn_rewrite_automap_reverse(void *arg)
- {
- entry_connection_t *ec = arg;
- entry_connection_t *ec2=NULL;
- rewrite_result_t rr;
- char *msg = NULL;
- ec2 = entry_connection_new(CONN_TYPE_AP, AF_INET);
- get_options_mutable()->AutomapHostsOnResolve = 1;
- get_options_mutable()->SafeLogging_ = SAFELOG_SCRUB_NONE;
- smartlist_add(get_options_mutable()->AutomapHostsSuffixes,
- tor_strdup(".bloom"));
- parse_virtual_addr_network("127.80.0.0/16", AF_INET, 0, &msg);
- /* Automap this on resolve. */
- strlcpy(ec->socks_request->address, "www.poldy.BLOOM",
- sizeof(ec->socks_request->address));
- ec->socks_request->command = SOCKS_COMMAND_RESOLVE;
- connection_ap_handshake_rewrite(ec, &rr);
- tt_int_op(rr.automap, OP_EQ, 1);
- tt_int_op(rr.should_close, OP_EQ, 0);
- tt_int_op(rr.end_reason, OP_EQ, 0);
- tt_i64_op(rr.map_expires, OP_EQ, TIME_MAX);
- tt_int_op(rr.exit_source, OP_EQ, ADDRMAPSRC_NONE);
- tt_str_op(rr.orig_address, OP_EQ, "www.poldy.bloom");
- tt_str_op(ec->original_dest_address, OP_EQ, "www.poldy.bloom");
- tt_assert(!strcmpstart(ec->socks_request->address,"127.80."));
- strlcpy(ec2->socks_request->address, ec->socks_request->address,
- sizeof(ec2->socks_request->address));
- ec2->socks_request->command = SOCKS_COMMAND_RESOLVE_PTR;
- connection_ap_handshake_rewrite(ec2, &rr);
- tt_int_op(rr.automap, OP_EQ, 0);
- tt_int_op(rr.should_close, OP_EQ, 1);
- tt_int_op(rr.end_reason, OP_EQ,
- END_STREAM_REASON_DONE|END_STREAM_REASON_FLAG_ALREADY_SOCKS_REPLIED);
- tt_i64_op(rr.map_expires, OP_EQ, TIME_MAX);
- tt_int_op(rr.exit_source, OP_EQ, ADDRMAPSRC_NONE);
- done:
- connection_free_(ENTRY_TO_CONN(ec2));
- }
- #endif /* 0 */
- /* Rewrite because of cached DNS entry. */
- static void
- test_entryconn_rewrite_cached_dns_ipv4(void *arg)
- {
- entry_connection_t *ec = arg;
- rewrite_result_t rr;
- time_t expires = time(NULL) + 3600;
- entry_connection_t *ec2=NULL;
- ec2 = entry_connection_new(CONN_TYPE_AP, AF_INET);
- addressmap_register("www.friendly.example.com",
- tor_strdup("240.240.241.241"),
- expires,
- ADDRMAPSRC_DNS,
- 0, 0);
- strlcpy(ec->socks_request->address, "www.friendly.example.com",
- sizeof(ec->socks_request->address));
- strlcpy(ec2->socks_request->address, "www.friendly.example.com",
- sizeof(ec2->socks_request->address));
- ec->socks_request->command = SOCKS_COMMAND_CONNECT;
- ec2->socks_request->command = SOCKS_COMMAND_CONNECT;
- ec2->entry_cfg.use_cached_ipv4_answers = 1; /* only ec2 gets this flag */
- connection_ap_handshake_rewrite(ec, &rr);
- tt_int_op(rr.automap, OP_EQ, 0);
- tt_int_op(rr.should_close, OP_EQ, 0);
- tt_int_op(rr.end_reason, OP_EQ, 0);
- tt_i64_op(rr.map_expires, OP_EQ, TIME_MAX);
- tt_int_op(rr.exit_source, OP_EQ, ADDRMAPSRC_NONE);
- tt_str_op(rr.orig_address, OP_EQ, "www.friendly.example.com");
- tt_str_op(ec->socks_request->address, OP_EQ, "www.friendly.example.com");
- connection_ap_handshake_rewrite(ec2, &rr);
- tt_int_op(rr.automap, OP_EQ, 0);
- tt_int_op(rr.should_close, OP_EQ, 0);
- tt_int_op(rr.end_reason, OP_EQ, 0);
- tt_i64_op(rr.map_expires, OP_EQ, expires);
- tt_int_op(rr.exit_source, OP_EQ, ADDRMAPSRC_NONE);
- tt_str_op(rr.orig_address, OP_EQ, "www.friendly.example.com");
- tt_str_op(ec2->socks_request->address, OP_EQ, "240.240.241.241");
- done:
- connection_free_(ENTRY_TO_CONN(ec2));
- }
- /* Rewrite because of cached DNS entry. */
- static void
- test_entryconn_rewrite_cached_dns_ipv6(void *arg)
- {
- entry_connection_t *ec = NULL;
- rewrite_result_t rr;
- time_t expires = time(NULL) + 3600;
- entry_connection_t *ec2=NULL;
- (void)arg;
- ec = entry_connection_new(CONN_TYPE_AP, AF_INET6);
- ec2 = entry_connection_new(CONN_TYPE_AP, AF_INET6);
- addressmap_register("www.friendly.example.com",
- tor_strdup("[::f00f]"),
- expires,
- ADDRMAPSRC_DNS,
- 0, 0);
- strlcpy(ec->socks_request->address, "www.friendly.example.com",
- sizeof(ec->socks_request->address));
- strlcpy(ec2->socks_request->address, "www.friendly.example.com",
- sizeof(ec2->socks_request->address));
- ec->socks_request->command = SOCKS_COMMAND_CONNECT;
- ec2->socks_request->command = SOCKS_COMMAND_CONNECT;
- ec2->entry_cfg.use_cached_ipv6_answers = 1; /* only ec2 gets this flag */
- connection_ap_handshake_rewrite(ec, &rr);
- tt_int_op(rr.automap, OP_EQ, 0);
- tt_int_op(rr.should_close, OP_EQ, 0);
- tt_int_op(rr.end_reason, OP_EQ, 0);
- tt_i64_op(rr.map_expires, OP_EQ, TIME_MAX);
- tt_int_op(rr.exit_source, OP_EQ, ADDRMAPSRC_NONE);
- tt_str_op(rr.orig_address, OP_EQ, "www.friendly.example.com");
- tt_str_op(ec->socks_request->address, OP_EQ, "www.friendly.example.com");
- connection_ap_handshake_rewrite(ec2, &rr);
- tt_int_op(rr.automap, OP_EQ, 0);
- tt_int_op(rr.should_close, OP_EQ, 0);
- tt_int_op(rr.end_reason, OP_EQ, 0);
- tt_i64_op(rr.map_expires, OP_EQ, expires);
- tt_int_op(rr.exit_source, OP_EQ, ADDRMAPSRC_NONE);
- tt_str_op(rr.orig_address, OP_EQ, "www.friendly.example.com");
- tt_str_op(ec2->socks_request->address, OP_EQ, "[::f00f]");
- done:
- connection_free_(ENTRY_TO_CONN(ec));
- connection_free_(ENTRY_TO_CONN(ec2));
- }
- /* Fail to connect to unmapped address in virtual range. */
- static void
- test_entryconn_rewrite_unmapped_virtual(void *arg)
- {
- entry_connection_t *ec = arg;
- rewrite_result_t rr;
- entry_connection_t *ec2 = NULL;
- char *msg = NULL;
- ec2 = entry_connection_new(CONN_TYPE_AP, AF_INET6);
- parse_virtual_addr_network("18.202.0.0/16", AF_INET, 0, &msg);
- parse_virtual_addr_network("[ABCD::]/16", AF_INET6, 0, &msg);
- strlcpy(ec->socks_request->address, "18.202.5.5",
- sizeof(ec->socks_request->address));
- ec->socks_request->command = SOCKS_COMMAND_CONNECT;
- connection_ap_handshake_rewrite(ec, &rr);
- tt_int_op(rr.should_close, OP_EQ, 1);
- tt_int_op(rr.end_reason, OP_EQ, END_STREAM_REASON_INTERNAL);
- tt_int_op(rr.automap, OP_EQ, 0);
- tt_i64_op(rr.map_expires, OP_EQ, TIME_MAX);
- tt_int_op(rr.exit_source, OP_EQ, ADDRMAPSRC_NONE);
- strlcpy(ec2->socks_request->address, "[ABCD:9::5314:9543]",
- sizeof(ec2->socks_request->address));
- ec2->socks_request->command = SOCKS_COMMAND_CONNECT;
- connection_ap_handshake_rewrite(ec2, &rr);
- tt_int_op(rr.should_close, OP_EQ, 1);
- tt_int_op(rr.end_reason, OP_EQ, END_STREAM_REASON_INTERNAL);
- tt_int_op(rr.automap, OP_EQ, 0);
- tt_i64_op(rr.map_expires, OP_EQ, TIME_MAX);
- tt_int_op(rr.exit_source, OP_EQ, ADDRMAPSRC_NONE);
- done:
- connection_free_(ENTRY_TO_CONN(ec2));
- }
- /* Rewrite because of mapaddress option */
- static void
- test_entryconn_rewrite_mapaddress(void *arg)
- {
- entry_connection_t *ec = arg;
- rewrite_result_t rr;
- config_line_append(&get_options_mutable()->AddressMap,
- "MapAddress", "meta metaobjects.example");
- config_register_addressmaps(get_options());
- strlcpy(ec->socks_request->address, "meta",
- sizeof(ec->socks_request->address));
- ec->socks_request->command = SOCKS_COMMAND_CONNECT;
- connection_ap_handshake_rewrite(ec, &rr);
- tt_int_op(rr.should_close, OP_EQ, 0);
- tt_int_op(rr.end_reason, OP_EQ, 0);
- tt_int_op(rr.automap, OP_EQ, 0);
- tt_i64_op(rr.map_expires, OP_EQ, TIME_MAX);
- tt_int_op(rr.exit_source, OP_EQ, ADDRMAPSRC_NONE);
- tt_str_op(ec->socks_request->address, OP_EQ, "metaobjects.example");
- done:
- ;
- }
- /* Reject reverse lookups of internal address. */
- static void
- test_entryconn_rewrite_reject_internal_reverse(void *arg)
- {
- entry_connection_t *ec = arg;
- rewrite_result_t rr;
- strlcpy(ec->socks_request->address, "10.0.0.1",
- sizeof(ec->socks_request->address));
- ec->socks_request->command = SOCKS_COMMAND_RESOLVE_PTR;
- connection_ap_handshake_rewrite(ec, &rr);
- tt_int_op(rr.should_close, OP_EQ, 1);
- tt_int_op(rr.end_reason, OP_EQ, END_STREAM_REASON_SOCKSPROTOCOL |
- END_STREAM_REASON_FLAG_ALREADY_SOCKS_REPLIED);
- tt_int_op(rr.automap, OP_EQ, 0);
- tt_i64_op(rr.map_expires, OP_EQ, TIME_MAX);
- tt_int_op(rr.exit_source, OP_EQ, ADDRMAPSRC_NONE);
- done:
- ;
- }
- /* Rewrite into .exit because of virtual address mapping. */
- static void
- test_entryconn_rewrite_automap_exit(void *arg)
- {
- entry_connection_t *ec = arg;
- entry_connection_t *ec2=NULL;
- rewrite_result_t rr;
- char *msg = NULL;
- ec2 = entry_connection_new(CONN_TYPE_AP, AF_INET);
- smartlist_add_strdup(get_options_mutable()->AutomapHostsSuffixes,
- ".EXIT");
- parse_virtual_addr_network("127.1.0.0/16", AF_INET, 0, &msg);
- /* Try to automap this on resolve. */
- strlcpy(ec->socks_request->address, "website.example.exit",
- sizeof(ec->socks_request->address));
- ec->socks_request->command = SOCKS_COMMAND_RESOLVE;
- connection_ap_handshake_rewrite(ec, &rr);
- /* Make sure it isn't allowed -- there is no longer an AllowDotExit
- * option. */
- tt_int_op(rr.automap, OP_EQ, 0);
- tt_int_op(rr.should_close, OP_EQ, 1);
- tt_int_op(rr.end_reason, OP_EQ, END_STREAM_REASON_TORPROTOCOL);
- done:
- connection_free_(ENTRY_TO_CONN(ec2));
- }
- /* Rewrite into .exit because of mapaddress */
- static void
- test_entryconn_rewrite_mapaddress_exit(void *arg)
- {
- entry_connection_t *ec = arg;
- rewrite_result_t rr;
- config_line_append(&get_options_mutable()->AddressMap,
- "MapAddress", "*.example.com *.example.com.abc.exit");
- config_register_addressmaps(get_options());
- /* Automap this on resolve. */
- strlcpy(ec->socks_request->address, "abc.example.com",
- sizeof(ec->socks_request->address));
- ec->socks_request->command = SOCKS_COMMAND_CONNECT;
- connection_ap_handshake_rewrite(ec, &rr);
- tt_int_op(rr.automap, OP_EQ, 0);
- tt_int_op(rr.should_close, OP_EQ, 0);
- tt_int_op(rr.end_reason, OP_EQ, 0);
- tt_i64_op(rr.map_expires, OP_EQ, TIME_MAX);
- tt_int_op(rr.exit_source, OP_EQ, ADDRMAPSRC_TORRC);
- tt_str_op(rr.orig_address, OP_EQ, "abc.example.com");
- tt_str_op(ec->socks_request->address, OP_EQ, "abc.example.com.abc.exit");
- done:
- ;
- }
- /* Map foo.onion to longthing.onion, and also automap. */
- static void
- test_entryconn_rewrite_mapaddress_automap_onion(void *arg)
- {
- entry_connection_t *ec = arg;
- entry_connection_t *ec2 = NULL;
- entry_connection_t *ec3 = NULL;
- entry_connection_t *ec4 = NULL;
- rewrite_result_t rr;
- char *msg = NULL;
- ec2 = entry_connection_new(CONN_TYPE_AP, AF_INET);
- ec3 = entry_connection_new(CONN_TYPE_AP, AF_INET);
- ec4 = entry_connection_new(CONN_TYPE_AP, AF_INET);
- get_options_mutable()->AutomapHostsOnResolve = 1;
- smartlist_add_strdup(get_options_mutable()->AutomapHostsSuffixes,
- ".onion");
- parse_virtual_addr_network("192.168.0.0/16", AF_INET, 0, &msg);
- config_line_append(&get_options_mutable()->AddressMap,
- "MapAddress", "foo.onion abcdefghijklmnop.onion");
- config_register_addressmaps(get_options());
- /* Connect to foo.onion. */
- strlcpy(ec->socks_request->address, "foo.onion",
- sizeof(ec->socks_request->address));
- ec->socks_request->command = SOCKS_COMMAND_CONNECT;
- connection_ap_handshake_rewrite(ec, &rr);
- tt_int_op(rr.automap, OP_EQ, 0);
- tt_int_op(rr.should_close, OP_EQ, 0);
- tt_int_op(rr.end_reason, OP_EQ, 0);
- tt_i64_op(rr.map_expires, OP_EQ, TIME_MAX);
- tt_int_op(rr.exit_source, OP_EQ, ADDRMAPSRC_NONE);
- tt_str_op(rr.orig_address, OP_EQ, "foo.onion");
- tt_str_op(ec->socks_request->address, OP_EQ, "abcdefghijklmnop.onion");
- /* Okay, resolve foo.onion */
- strlcpy(ec2->socks_request->address, "foo.onion",
- sizeof(ec2->socks_request->address));
- ec2->socks_request->command = SOCKS_COMMAND_RESOLVE;
- connection_ap_handshake_rewrite(ec2, &rr);
- tt_int_op(rr.automap, OP_EQ, 1);
- tt_int_op(rr.should_close, OP_EQ, 0);
- tt_int_op(rr.end_reason, OP_EQ, 0);
- tt_i64_op(rr.map_expires, OP_EQ, TIME_MAX);
- tt_int_op(rr.exit_source, OP_EQ, ADDRMAPSRC_NONE);
- tt_str_op(rr.orig_address, OP_EQ, "foo.onion");
- tt_assert(!strcmpstart(ec2->socks_request->address, "192.168."));
- /* Now connect */
- strlcpy(ec3->socks_request->address, ec2->socks_request->address,
- sizeof(ec3->socks_request->address));
- ec3->socks_request->command = SOCKS_COMMAND_CONNECT;
- connection_ap_handshake_rewrite(ec3, &rr);
- tt_int_op(rr.automap, OP_EQ, 0);
- tt_int_op(rr.should_close, OP_EQ, 0);
- tt_int_op(rr.end_reason, OP_EQ, 0);
- tt_assert(!strcmpstart(ec3->socks_request->address,
- "abcdefghijklmnop.onion"));
- /* Now resolve abcefghijklmnop.onion. */
- strlcpy(ec4->socks_request->address, "abcdefghijklmnop.onion",
- sizeof(ec4->socks_request->address));
- ec4->socks_request->command = SOCKS_COMMAND_RESOLVE;
- connection_ap_handshake_rewrite(ec4, &rr);
- tt_int_op(rr.automap, OP_EQ, 1);
- tt_int_op(rr.should_close, OP_EQ, 0);
- tt_int_op(rr.end_reason, OP_EQ, 0);
- tt_i64_op(rr.map_expires, OP_EQ, TIME_MAX);
- tt_int_op(rr.exit_source, OP_EQ, ADDRMAPSRC_NONE);
- tt_str_op(rr.orig_address, OP_EQ, "abcdefghijklmnop.onion");
- tt_assert(!strcmpstart(ec4->socks_request->address, "192.168."));
- /* XXXX doesn't work
- tt_str_op(ec4->socks_request->address, OP_EQ, ec2->socks_request->address);
- */
- done:
- connection_free_(ENTRY_TO_CONN(ec2));
- connection_free_(ENTRY_TO_CONN(ec3));
- connection_free_(ENTRY_TO_CONN(ec4));
- }
- static void
- test_entryconn_rewrite_mapaddress_automap_onion_common(entry_connection_t *ec,
- int map_to_onion,
- int map_to_address)
- {
- entry_connection_t *ec2 = NULL;
- entry_connection_t *ec3 = NULL;
- rewrite_result_t rr;
- ec2 = entry_connection_new(CONN_TYPE_AP, AF_INET);
- ec3 = entry_connection_new(CONN_TYPE_AP, AF_INET);
- /* Connect to irc.example.com */
- strlcpy(ec->socks_request->address, "irc.example.com",
- sizeof(ec->socks_request->address));
- ec->socks_request->command = SOCKS_COMMAND_CONNECT;
- connection_ap_handshake_rewrite(ec, &rr);
- tt_int_op(rr.automap, OP_EQ, 0);
- tt_int_op(rr.should_close, OP_EQ, 0);
- tt_int_op(rr.end_reason, OP_EQ, 0);
- tt_i64_op(rr.map_expires, OP_EQ, TIME_MAX);
- tt_int_op(rr.exit_source, OP_EQ, ADDRMAPSRC_NONE);
- tt_str_op(rr.orig_address, OP_EQ, "irc.example.com");
- tt_str_op(ec->socks_request->address, OP_EQ,
- map_to_onion ? "abcdefghijklmnop.onion" : "irc.example.com");
- /* Okay, resolve irc.example.com */
- strlcpy(ec2->socks_request->address, "irc.example.com",
- sizeof(ec2->socks_request->address));
- ec2->socks_request->command = SOCKS_COMMAND_RESOLVE;
- connection_ap_handshake_rewrite(ec2, &rr);
- tt_int_op(rr.automap, OP_EQ, map_to_onion && map_to_address);
- tt_int_op(rr.should_close, OP_EQ, 0);
- tt_int_op(rr.end_reason, OP_EQ, 0);
- tt_i64_op(rr.map_expires, OP_EQ, TIME_MAX);
- tt_int_op(rr.exit_source, OP_EQ, ADDRMAPSRC_NONE);
- tt_str_op(rr.orig_address, OP_EQ, "irc.example.com");
- if (map_to_onion && map_to_address)
- tt_assert(!strcmpstart(ec2->socks_request->address, "192.168."));
- /* Now connect */
- strlcpy(ec3->socks_request->address, ec2->socks_request->address,
- sizeof(ec3->socks_request->address));
- ec3->socks_request->command = SOCKS_COMMAND_CONNECT;
- connection_ap_handshake_rewrite(ec3, &rr);
- tt_int_op(rr.automap, OP_EQ, 0);
- tt_int_op(rr.should_close, OP_EQ, 0);
- tt_int_op(rr.end_reason, OP_EQ, 0);
- if (map_to_onion)
- tt_assert(!strcmpstart(ec3->socks_request->address,
- "abcdefghijklmnop.onion"));
- done:
- connection_free_(ENTRY_TO_CONN(ec2));
- connection_free_(ENTRY_TO_CONN(ec3));
- }
- /* This time is the same, but we start with a mapping from a non-onion
- * address. */
- static void
- test_entryconn_rewrite_mapaddress_automap_onion2(void *arg)
- {
- char *msg = NULL;
- get_options_mutable()->AutomapHostsOnResolve = 1;
- smartlist_add_strdup(get_options_mutable()->AutomapHostsSuffixes,
- ".onion");
- parse_virtual_addr_network("192.168.0.0/16", AF_INET, 0, &msg);
- config_line_append(&get_options_mutable()->AddressMap,
- "MapAddress", "irc.example.com abcdefghijklmnop.onion");
- config_register_addressmaps(get_options());
- test_entryconn_rewrite_mapaddress_automap_onion_common(arg, 1, 1);
- }
- /* Same as above, with automapped turned off */
- static void
- test_entryconn_rewrite_mapaddress_automap_onion3(void *arg)
- {
- config_line_append(&get_options_mutable()->AddressMap,
- "MapAddress", "irc.example.com abcdefghijklmnop.onion");
- config_register_addressmaps(get_options());
- test_entryconn_rewrite_mapaddress_automap_onion_common(arg, 1, 0);
- }
- /* As above, with no mapping. */
- static void
- test_entryconn_rewrite_mapaddress_automap_onion4(void *arg)
- {
- char *msg = NULL;
- get_options_mutable()->AutomapHostsOnResolve = 1;
- smartlist_add_strdup(get_options_mutable()->AutomapHostsSuffixes,
- ".onion");
- parse_virtual_addr_network("192.168.0.0/16", AF_INET, 0, &msg);
- test_entryconn_rewrite_mapaddress_automap_onion_common(arg, 0, 1);
- }
- /** Test that rewrite functions can handle v2 addresses */
- static void
- test_entryconn_rewrite_onion_v2(void *arg)
- {
- int retval;
- entry_connection_t *conn = arg;
- (void) arg;
- rend_cache_init();
- /* Make a SOCKS request */
- conn->socks_request->command = SOCKS_COMMAND_CONNECT;
- strlcpy(conn->socks_request->address,
- "pqeed46efnwmfuid.onion",
- sizeof(conn->socks_request->address));
- /* Make an onion connection using the SOCKS request */
- conn->entry_cfg.onion_traffic = 1;
- ENTRY_TO_CONN(conn)->state = AP_CONN_STATE_SOCKS_WAIT;
- tt_assert(!ENTRY_TO_EDGE_CONN(conn)->rend_data);
- /* Handle SOCKS and rewrite! */
- retval = connection_ap_handshake_rewrite_and_attach(conn, NULL, NULL);
- tt_int_op(retval, OP_EQ, 0);
- /* Check connection state after rewrite */
- tt_int_op(ENTRY_TO_CONN(conn)->state, OP_EQ, AP_CONN_STATE_RENDDESC_WAIT);
- /* check that the address got rewritten */
- tt_str_op(conn->socks_request->address, OP_EQ,
- "pqeed46efnwmfuid");
- /* check that HS information got attached to the connection */
- tt_assert(ENTRY_TO_EDGE_CONN(conn)->rend_data);
- tt_assert(!ENTRY_TO_EDGE_CONN(conn)->hs_ident);
- done:
- rend_cache_free_all();
- /* 'conn' is cleaned by handler */
- }
- /** Test that rewrite functions can handle v3 onion addresses */
- static void
- test_entryconn_rewrite_onion_v3(void *arg)
- {
- int retval;
- entry_connection_t *conn = arg;
- (void) arg;
- hs_cache_init();
- /* Make a SOCKS request */
- conn->socks_request->command = SOCKS_COMMAND_CONNECT;
- strlcpy(conn->socks_request->address,
- "git.25njqamcweflpvkl73j4szahhihoc4xt3ktcgjnpaingr5yhkenl5sid.onion",
- sizeof(conn->socks_request->address));
- /* Make an onion connection using the SOCKS request */
- conn->entry_cfg.onion_traffic = 1;
- ENTRY_TO_CONN(conn)->state = AP_CONN_STATE_SOCKS_WAIT;
- tt_assert(!ENTRY_TO_EDGE_CONN(conn)->rend_data);
- tt_assert(!ENTRY_TO_EDGE_CONN(conn)->hs_ident);
- /* Handle SOCKS and rewrite! */
- retval = connection_ap_handshake_rewrite_and_attach(conn, NULL, NULL);
- tt_int_op(retval, OP_EQ, 0);
- /* Check connection state after rewrite. It should be in waiting for
- * descriptor state. */
- tt_int_op(ENTRY_TO_CONN(conn)->state, OP_EQ, AP_CONN_STATE_RENDDESC_WAIT);
- /* check that the address got rewritten */
- tt_str_op(conn->socks_request->address, OP_EQ,
- "25njqamcweflpvkl73j4szahhihoc4xt3ktcgjnpaingr5yhkenl5sid");
- /* check that HS information got attached to the connection */
- tt_assert(ENTRY_TO_EDGE_CONN(conn)->hs_ident);
- tt_assert(!ENTRY_TO_EDGE_CONN(conn)->rend_data);
- done:
- hs_free_all();
- /* 'conn' is cleaned by handler */
- }
- #define REWRITE(name) \
- { #name, test_entryconn_##name, TT_FORK, &test_rewrite_setup, NULL }
- struct testcase_t entryconn_tests[] = {
- REWRITE(rewrite_basic),
- REWRITE(rewrite_bad_dotexit),
- REWRITE(rewrite_automap_ipv4),
- REWRITE(rewrite_automap_ipv6),
- // REWRITE(rewrite_automap_reverse),
- REWRITE(rewrite_cached_dns_ipv4),
- REWRITE(rewrite_cached_dns_ipv6),
- REWRITE(rewrite_unmapped_virtual),
- REWRITE(rewrite_mapaddress),
- REWRITE(rewrite_reject_internal_reverse),
- REWRITE(rewrite_automap_exit),
- REWRITE(rewrite_mapaddress_exit),
- REWRITE(rewrite_mapaddress_automap_onion),
- REWRITE(rewrite_mapaddress_automap_onion2),
- REWRITE(rewrite_mapaddress_automap_onion3),
- REWRITE(rewrite_mapaddress_automap_onion4),
- REWRITE(rewrite_onion_v2),
- REWRITE(rewrite_onion_v3),
- END_OF_TESTCASES
- };
|