commit a0b3e9116d1eb0cfa6a73b17d275c54516291b9b
parent 40eeb63b5ead3b8d2925387f0eecaa32a11a926d
Author: David Goulet <dgoulet@torproject.org>
Date: Wed, 3 Feb 2021 08:58:02 -0500
Merge branch 'maint-0.4.4' into maint-0.4.5
Diffstat:
3 files changed, 91 insertions(+), 0 deletions(-)
diff --git a/src/core/or/address_set.c b/src/core/or/address_set.c
@@ -68,3 +68,77 @@ address_set_probably_contains(const address_set_t *set,
{
return bloomfilt_probably_contains(set, addr);
}
+
+/* Length of the item is an address (IPv4 or IPv6) and a 2 byte port. We use
+ * 16 bytes for the address here (IPv6) since we do not know which family
+ * the given address in the item thus in the case of IPv4, the extra bytes
+ * are simply zeroes to accomodate. */
+#define BLOOMFILT_ADDR_PORT_ITEM_LEN (16 + sizeof(uint16_t))
+
+/** Build an item for the bloomfilter consisting of an address and port pair.
+ *
+ * If the given address is _not_ AF_INET or AF_INET6, then the item is an
+ * array of 0s.
+ *
+ * Return a pointer to a static buffer containing the item. Next call to this
+ * function invalidates its previous content. */
+static const uint8_t *
+build_addr_port_item(const tor_addr_t *addr, const uint16_t port)
+{
+ static uint8_t data[BLOOMFILT_ADDR_PORT_ITEM_LEN];
+
+ memset(data, 0, sizeof(data));
+ switch (tor_addr_family(addr)) {
+ case AF_INET:
+ memcpy(data, &addr->addr.in_addr.s_addr, 4);
+ break;
+ case AF_INET6:
+ memcpy(data, &addr->addr.in6_addr.s6_addr, 16);
+ break;
+ case AF_UNSPEC:
+ /* Leave the 0. */
+ break;
+ default:
+ /* LCOV_EXCL_START */
+ tor_fragile_assert();
+ /* LCOV_EXCL_STOP */
+ }
+
+ memcpy(data + 16, &port, sizeof(port));
+ return data;
+}
+
+/** Return a hash value for the given item that the bloomfilter will use. */
+static uint64_t
+bloomfilt_addr_port_hash(const struct sipkey *key,
+ const void *item)
+{
+ return siphash24(item, BLOOMFILT_ADDR_PORT_ITEM_LEN, key);
+}
+
+/** Allocate and return an addr_port_set_t, suitable for holding up to
+ * max_address_guess distinct values. */
+addr_port_set_t *
+addr_port_set_new(int max_addresses_guess)
+{
+ uint8_t k[BLOOMFILT_KEY_LEN];
+ crypto_rand((void*)k, sizeof(k));
+ return bloomfilt_new(max_addresses_guess, bloomfilt_addr_port_hash, k);
+}
+
+/** Add an address and port pair to the given set. */
+void
+addr_port_set_add(addr_port_set_t *set, const tor_addr_t *addr, uint16_t port)
+{
+ bloomfilt_add(set, build_addr_port_item(addr, port));
+}
+
+/** Return true if the given address and port pair are in the set. Of course,
+ * this is a bloomfilter and thus in rare occasion, a false positive happens
+ * thus the "probably". */
+bool
+addr_port_set_probably_contains(const addr_port_set_t *set,
+ const tor_addr_t *addr, uint16_t port)
+{
+ return !!bloomfilt_probably_contains(set, build_addr_port_item(addr, port));
+}
diff --git a/src/core/or/address_set.h b/src/core/or/address_set.h
@@ -29,4 +29,19 @@ void address_set_add_ipv4h(address_set_t *set, uint32_t addr);
int address_set_probably_contains(const address_set_t *set,
const struct tor_addr_t *addr);
+/**
+ * An addr_port_set_t represents a set of tor_addr_t values with a uint16_t
+ * port value. The implementation is probabilistic: false negatives cannot
+ * occur but false positives are possible.
+ */
+typedef struct bloomfilt_t addr_port_set_t;
+
+addr_port_set_t *addr_port_set_new(int max_addresses_guess);
+#define addr_port_set_free(s) bloomfilt_free(s)
+void addr_port_set_add(addr_port_set_t *set,
+ const struct tor_addr_t *addr, uint16_t port);
+bool addr_port_set_probably_contains(const addr_port_set_t *set,
+ const struct tor_addr_t *addr,
+ uint16_t port);
+
#endif /* !defined(TOR_ADDRESS_SET_H) */
diff --git a/src/feature/nodelist/dirlist.c b/src/feature/nodelist/dirlist.c
@@ -55,6 +55,8 @@ static smartlist_t *fallback_dir_servers = NULL;
static void
add_trusted_dir_to_nodelist_addr_set(const dir_server_t *dir)
{
+ tor_addr_t tmp_addr;
+
tor_assert(dir);
tor_assert(dir->is_authority);
