From 37cdfdcd51e03253501546f6b2fc86f90f073aaa Mon Sep 17 00:00:00 2001 From: Simon Tatham Date: Sun, 22 Nov 2015 09:58:14 +0000 Subject: [PATCH] Tell the truth about DNS lookups in the Event Log. We've always had the back-end code unconditionally print 'Looking up host' before calling name_lookup. But name_lookup doesn't always do an actual lookup - in cases where the connection will be proxied and we're configured to let the proxy do the DNS for us, it just calls sk_nonamelookup to return a dummy SockAddr with the unresolved name still in it. It's better to print a message that varies depending on whether we're _really_ doing DNS or not, e.g. so that people can tell the difference between DNS failure and proxy misconfiguration. Hence, those log messages are now generated inside name_lookup(), which takes a couple of extra parameters for the purpose - a frontend pointer to pass to logevent(), and a reason string so that it can say what the hostname it's (optionally) looking up is going to be used for. (The latter is intended for possible use in logging subsidiary lookups for port forwarding, though the moment I haven't changed the current setup where those connection setups aren't logged in detail - we just pass NULL in that situation.) --- network.h | 3 ++- portfwd.c | 3 ++- proxy.c | 25 ++++++++++++++++++++++--- raw.c | 12 ++---------- rlogin.c | 12 ++---------- ssh.c | 6 ++---- telnet.c | 14 +++----------- x11fwd.c | 3 ++- 8 files changed, 37 insertions(+), 41 deletions(-) diff --git a/network.h b/network.h index 3625613b..fa90e60e 100644 --- a/network.h +++ b/network.h @@ -100,7 +100,8 @@ Socket new_connection(SockAddr addr, const char *hostname, Socket new_listener(const char *srcaddr, int port, Plug plug, int local_host_only, Conf *conf, int addressfamily); SockAddr name_lookup(const char *host, int port, char **canonicalname, - Conf *conf, int addressfamily); + Conf *conf, int addressfamily, void *frontend_for_logging, + const char *lookup_reason_for_logging); int proxy_for_destination (SockAddr addr, const char *hostname, int port, Conf *conf); diff --git a/portfwd.c b/portfwd.c index 325e8687..8a73a182 100644 --- a/portfwd.c +++ b/portfwd.c @@ -443,7 +443,8 @@ char *pfd_connect(struct PortForwarding **pf_ret, char *hostname,int port, /* * Try to find host. */ - addr = name_lookup(hostname, port, &dummy_realhost, conf, addressfamily); + addr = name_lookup(hostname, port, &dummy_realhost, conf, addressfamily, + NULL, NULL); if ((err = sk_addr_error(addr)) != NULL) { char *err_ret = dupstr(err); sk_addr_free(addr); diff --git a/proxy.c b/proxy.c index 3104ef0d..1f4d7d3d 100644 --- a/proxy.c +++ b/proxy.c @@ -363,16 +363,35 @@ int proxy_for_destination (SockAddr addr, const char *hostname, } SockAddr name_lookup(const char *host, int port, char **canonicalname, - Conf *conf, int addressfamily) + Conf *conf, int addressfamily, void *frontend, + const char *reason) { + char *logmsg; if (conf_get_int(conf, CONF_proxy_type) != PROXY_NONE && do_proxy_dns(conf) && proxy_for_destination(NULL, host, port, conf)) { + + if (frontend) { + logmsg = dupprintf("Leaving host lookup to proxy of \"%s\"" + " (for %s)", host, reason); + logevent(frontend, logmsg); + sfree(logmsg); + } + *canonicalname = dupstr(host); return sk_nonamelookup(host); - } + } else { + if (frontend) { + logmsg = dupprintf("Looking up host \"%s\"%s for %s", host, + (addressfamily == ADDRTYPE_IPV4 ? " (IPv4)" : + addressfamily == ADDRTYPE_IPV6 ? " (IPv6)" : + ""), reason); + logevent(frontend, logmsg); + sfree(logmsg); + } - return sk_namelookup(host, canonicalname, addressfamily); + return sk_namelookup(host, canonicalname, addressfamily); + } } Socket new_connection(SockAddr addr, const char *hostname, diff --git a/raw.c b/raw.c index 6262ed89..60fbbf65 100644 --- a/raw.c +++ b/raw.c @@ -154,16 +154,8 @@ static const char *raw_init(void *frontend_handle, void **backend_handle, /* * Try to find host. */ - { - char *buf; - buf = dupprintf("Looking up host \"%s\"%s", host, - (addressfamily == ADDRTYPE_IPV4 ? " (IPv4)" : - (addressfamily == ADDRTYPE_IPV6 ? " (IPv6)" : - ""))); - logevent(raw->frontend, buf); - sfree(buf); - } - addr = name_lookup(host, port, realhost, conf, addressfamily); + addr = name_lookup(host, port, realhost, conf, addressfamily, + raw->frontend, "main connection"); if ((err = sk_addr_error(addr)) != NULL) { sk_addr_free(addr); return err; diff --git a/rlogin.c b/rlogin.c index d73f7f9f..e5d2e39c 100644 --- a/rlogin.c +++ b/rlogin.c @@ -194,16 +194,8 @@ static const char *rlogin_init(void *frontend_handle, void **backend_handle, /* * Try to find host. */ - { - char *buf; - buf = dupprintf("Looking up host \"%s\"%s", host, - (addressfamily == ADDRTYPE_IPV4 ? " (IPv4)" : - (addressfamily == ADDRTYPE_IPV6 ? " (IPv6)" : - ""))); - logevent(rlogin->frontend, buf); - sfree(buf); - } - addr = name_lookup(host, port, realhost, conf, addressfamily); + addr = name_lookup(host, port, realhost, conf, addressfamily, + rlogin->frontend, "rlogin connection"); if ((err = sk_addr_error(addr)) != NULL) { sk_addr_free(addr); return err; diff --git a/ssh.c b/ssh.c index 01c261a2..b13802fe 100644 --- a/ssh.c +++ b/ssh.c @@ -3674,10 +3674,8 @@ static const char *connect_to_host(Ssh ssh, const char *host, int port, * Try to find host. */ addressfamily = conf_get_int(ssh->conf, CONF_addressfamily); - logeventf(ssh, "Looking up host \"%s\"%s", host, - (addressfamily == ADDRTYPE_IPV4 ? " (IPv4)" : - (addressfamily == ADDRTYPE_IPV6 ? " (IPv6)" : ""))); - addr = name_lookup(host, port, realhost, ssh->conf, addressfamily); + addr = name_lookup(host, port, realhost, ssh->conf, addressfamily, + ssh->frontend, "SSH connection"); if ((err = sk_addr_error(addr)) != NULL) { sk_addr_free(addr); return err; diff --git a/telnet.c b/telnet.c index 0de8b016..e7a8d8ba 100644 --- a/telnet.c +++ b/telnet.c @@ -751,17 +751,9 @@ static const char *telnet_init(void *frontend_handle, void **backend_handle, /* * Try to find host. */ - { - char *buf; - addressfamily = conf_get_int(telnet->conf, CONF_addressfamily); - buf = dupprintf("Looking up host \"%s\"%s", host, - (addressfamily == ADDRTYPE_IPV4 ? " (IPv4)" : - (addressfamily == ADDRTYPE_IPV6 ? " (IPv6)" : - ""))); - logevent(telnet->frontend, buf); - sfree(buf); - } - addr = name_lookup(host, port, realhost, telnet->conf, addressfamily); + addressfamily = conf_get_int(telnet->conf, CONF_addressfamily); + addr = name_lookup(host, port, realhost, telnet->conf, addressfamily, + telnet->frontend, "Telnet connection"); if ((err = sk_addr_error(addr)) != NULL) { sk_addr_free(addr); return err; diff --git a/x11fwd.c b/x11fwd.c index 6cfec728..bdfc4e74 100644 --- a/x11fwd.c +++ b/x11fwd.c @@ -286,7 +286,8 @@ struct X11Display *x11_setup_display(const char *display, Conf *conf) disp->port = 6000 + disp->displaynum; disp->addr = name_lookup(disp->hostname, disp->port, - &disp->realhost, conf, ADDRTYPE_UNSPEC); + &disp->realhost, conf, ADDRTYPE_UNSPEC, + NULL, NULL); if ((err = sk_addr_error(disp->addr)) != NULL) { sk_addr_free(disp->addr);