|
Tor 0.4.9.0-alpha-dev
|
Implements the details of building circuits (by choosing paths, constructing/sending create/extend cells, and so on). More...
#include "core/or/or.h"#include "app/config/config.h"#include "lib/confmgt/confmgt.h"#include "core/crypto/hs_ntor.h"#include "core/crypto/onion_crypto.h"#include "core/crypto/onion_fast.h"#include "core/crypto/onion_tap.h"#include "core/mainloop/connection.h"#include "core/mainloop/mainloop.h"#include "core/or/channel.h"#include "core/or/circuitbuild.h"#include "core/or/circuitlist.h"#include "core/or/circuitstats.h"#include "core/or/circuituse.h"#include "core/or/circuitpadding.h"#include "core/or/command.h"#include "core/or/connection_edge.h"#include "core/or/connection_or.h"#include "core/or/conflux_pool.h"#include "core/or/extendinfo.h"#include "core/or/onion.h"#include "core/or/ocirc_event.h"#include "core/or/policies.h"#include "core/or/relay.h"#include "core/or/trace_probes_circuit.h"#include "core/or/crypt_path.h"#include "feature/client/bridges.h"#include "feature/client/circpathbias.h"#include "feature/client/entrynodes.h"#include "feature/client/transports.h"#include "feature/control/control_events.h"#include "feature/dircommon/directory.h"#include "feature/nodelist/describe.h"#include "feature/nodelist/microdesc.h"#include "feature/nodelist/networkstatus.h"#include "feature/nodelist/nickname.h"#include "feature/nodelist/node_select.h"#include "feature/nodelist/nodelist.h"#include "feature/nodelist/routerlist.h"#include "feature/nodelist/routerset.h"#include "feature/relay/router.h"#include "feature/relay/routermode.h"#include "feature/relay/selftest.h"#include "feature/stats/predict_ports.h"#include "lib/crypt_ops/crypto_rand.h"#include "lib/trace/events.h"#include "core/or/congestion_control_common.h"#include "core/or/cell_st.h"#include "core/or/cpath_build_state_st.h"#include "core/or/entry_connection_st.h"#include "core/or/extend_info_st.h"#include "feature/nodelist/node_st.h"#include "core/or/or_circuit_st.h"#include "core/or/origin_circuit_st.h"#include "trunnel/extension.h"#include "trunnel/congestion_control.h"Go to the source code of this file.
Macros | |
| #define | CIRCUITBUILD_PRIVATE |
| #define | OCIRC_EVENT_PRIVATE |
| #define | MAX_CIRCID_ATTEMPTS 64 |
| #define | MAX_SANE_RESTRICTED_NODES 20 |
Implements the details of building circuits (by choosing paths, constructing/sending create/extend cells, and so on).
On the client side, this module handles launching circuits. Circuit launches are started from circuit_establish_circuit(), called from circuit_launch_by_extend_info()). To choose the path the circuit will take, onion_extend_cpath() calls into a maze of node selection functions.
Once the circuit is ready to be launched, the first hop is treated as a special case with circuit_handle_first_hop(), since it might need to open a channel. As the channel opens, and later as CREATED and RELAY_EXTENDED cells arrive, the client will invoke circuit_send_next_onion_skin() to send CREATE or RELAY_EXTEND cells.
The server side is handled in feature/relay/circuitbuild_relay.c.
Definition in file circuitbuild.c.
| #define CIRCUITBUILD_PRIVATE |
Definition at line 27 of file circuitbuild.c.
| #define OCIRC_EVENT_PRIVATE |
Definition at line 28 of file circuitbuild.c.
|
static |
Return true iff conn needs another general circuit to be built.
Definition at line 1633 of file circuitbuild.c.
|
static |
Build a list of nodes to exclude from the choice of this middle hop, based on already chosen nodes.
Vanguard circuits have their own path selection rules
Definition at line 2320 of file circuitbuild.c.
| const char * build_state_get_exit_nickname | ( | cpath_build_state_t * | state | ) |
Return the nickname for the chosen exit router in state. If there is no chosen exit, or if we don't know the routerinfo_t for the chosen exit, return NULL.
Definition at line 2637 of file circuitbuild.c.
Referenced by circuit_list_path_impl().
| const node_t * build_state_get_exit_node | ( | cpath_build_state_t * | state | ) |
Return the node_t for the chosen exit router in state. If there is no chosen exit, or if we don't know the node_t for the chosen exit, return NULL.
Definition at line 2614 of file circuitbuild.c.
Referenced by build_middle_exclude_list(), build_vanguard_middle_exclude_list(), and hs_circ_send_introduce1().
| const uint8_t * build_state_get_exit_rsa_id | ( | cpath_build_state_t * | state | ) |
Return the RSA ID digest for the chosen exit router in state. If there is no chosen exit, return NULL.
Definition at line 2625 of file circuitbuild.c.
|
static |
Build the exclude list for vanguard circuits.
For vanguard circuits we exclude all the already chosen nodes (including the exit) from being middle hops to prevent the creation of A - B - A subpaths. We also allow the 4th hop to be the same as the guard node so as to not leak guard information to RP/IP/HSDirs.
For vanguard circuits, we don't apply any subnet or family restrictions. This is to avoid impossible-to-build circuit paths, or just situations where our earlier guards prevent us from using most of our later ones.
The alternative is building the circuit in reverse. Reverse calls to onion_extend_cpath() (ie: select outer hops first) would then have the property that you don't gain information about inner hops by observing outer ones. See https://bugs.torproject.org/tpo/core/tor/24487 for this.
(Note further that we still exclude the exit to prevent A - B - A at the end of the path.
Definition at line 2273 of file circuitbuild.c.
Referenced by build_middle_exclude_list().
| channel_t * channel_connect_for_circuit | ( | const extend_info_t * | ei | ) |
This function tries to get a channel to the specified endpoint, and then calls command_setup_channel() to give it the right callbacks.
Definition at line 104 of file circuitbuild.c.
| const node_t * choose_good_entry_server | ( | const origin_circuit_t * | circ, |
| uint8_t | purpose, | ||
| cpath_build_state_t * | state, | ||
| circuit_guard_state_t ** | guard_state_out | ||
| ) |
Pick a good entry server for the circuit to be built according to state. Don't reuse a chosen exit (if any), don't use this router (if we're an OR), and respect firewall settings; if we're configured to use entry guards, return one.
Set *guard_state_out to information about the guard that we're selecting, which we'll use later to remember whether the guard worked or not.
Definition at line 2495 of file circuitbuild.c.
|
static |
Return a pointer to a suitable router to be the exit node for the circuit of purpose purpose that we're about to build (or NULL if no router is suitable).
For general-purpose circuits, pass it off to choose_good_exit_server_general()
For client-side rendezvous circuits, choose a random node, weighted toward the preferences in 'options'.
Definition at line 1964 of file circuitbuild.c.
|
static |
Return a pointer to a suitable router to be the exit node for the general-purpose circuit we're about to build.
Look through the connection array, and choose a router that maximizes the number of pending streams that can exit from this router.
Return NULL if we can't find any suitable routers.
Definition at line 1661 of file circuitbuild.c.
|
static |
A helper function used by onion_extend_cpath(). Use purpose and state and the cpath head (currently populated only to length cur_len to decide a suitable middle hop for a circuit. In particular, make sure we don't pick the exit node or its family, and make sure we don't duplicate any previous nodes or their families.
If a hidden service circuit wants a specific middle node, pin it.
Definition at line 2434 of file circuitbuild.c.
| int circuit_all_predicted_ports_handled | ( | time_t | now, |
| int * | need_uptime, | ||
| int * | need_capacity | ||
| ) |
Return 1 if we already have circuits present or on the way for all anticipated ports. Return 0 if we should make more.
If we're returning 0, set need_uptime and need_capacity to indicate any requirements that the unhandled ports have.
Definition at line 1584 of file circuitbuild.c.
| int circuit_append_new_exit | ( | origin_circuit_t * | circ, |
| extend_info_t * | exit_ei | ||
| ) |
Give circ a new exit destination to exit_ei, and add a hop to the cpath reflecting this. Don't send the next extend cell – the caller will do this if it wants to.
Definition at line 2182 of file circuitbuild.c.
Referenced by circuit_extend_to_new_exit().
|
static |
Called from circuit_send_next_onion_skin() when we find that we have no more hops: mark the circuit as finished, and perform the necessary bookkeeping. Return 0 on success; -reason on failure (if the circuit should be torn down).
Definition at line 1082 of file circuitbuild.c.
| int circuit_can_use_tap | ( | const origin_circuit_t * | circ | ) |
Definition at line 2658 of file circuitbuild.c.
|
static |
Helper function to publish a channel association message
circuit_handle_first_hop() calls this to notify subscribers about a channel launch event, which associates a circuit with a channel. This doesn't always correspond to an assignment of the circuit's n_chan field, because that seems to be only for fully-open channels.
Definition at line 572 of file circuitbuild.c.
|
static |
Return 1 iff every node in circ's cpath definitely supports ntor.
Definition at line 366 of file circuitbuild.c.
| int circuit_deliver_create_cell | ( | circuit_t * | circ, |
| const struct create_cell_t * | create_cell, | ||
| int | relayed | ||
| ) |
Find a new circid that isn't currently in use on the circ->n_chan for the outgoing circuit circ, and deliver the cell create_cell to this circuit. If relayed is true, this is a create cell somebody gave us via an EXTEND cell, so we shouldn't worry if we don't understand it. Return -1 if we failed to find a suitable circid, else return 0.
Definition at line 785 of file circuitbuild.c.
| origin_circuit_t * circuit_establish_circuit | ( | uint8_t | purpose, |
| extend_info_t * | exit_ei, | ||
| int | flags | ||
| ) |
Build a new circuit for purpose. If exit is defined, then use that as your exit router, else choose a suitable exit node. The flags argument is a bitfield of CIRCLAUNCH_* flags, see circuit_launch_by_extend_info() for more details.
Also launch a connection to the first OR in the chosen path, if it's not open already.
Definition at line 485 of file circuitbuild.c.
| origin_circuit_t * circuit_establish_circuit_conflux | ( | const uint8_t * | conflux_nonce, |
| uint8_t | purpose, | ||
| extend_info_t * | exit_ei, | ||
| int | flags | ||
| ) |
Build a new conflux circuit for purpose. If exit is defined, then use that as your exit router, else choose a suitable exit node. The flags argument is a bitfield of CIRCLAUNCH_* flags, see circuit_launch_by_extend_info() for more details.
Also launch a connection to the first OR in the chosen path, if it's not open already.
Definition at line 526 of file circuitbuild.c.
| int circuit_extend_to_new_exit | ( | origin_circuit_t * | circ, |
| extend_info_t * | exit_ei | ||
| ) |
Take an open circ, and add a new hop at the end, based on info. Set its state back to CIRCUIT_STATE_BUILDING, and then send the next extend cell to begin connecting to that hop.
Definition at line 2203 of file circuitbuild.c.
| int circuit_finish_handshake | ( | origin_circuit_t * | circ, |
| const created_cell_t * | reply | ||
| ) |
A "created" cell reply came back to us on circuit circ. (The body of reply varies depending on what sort of handshake this is.)
Calculate the appropriate keys and digests, make sure KH is correct, and initialize this hop of the cpath.
Return - reason if we want to mark circ for close, else return 0.
Definition at line 1279 of file circuitbuild.c.
|
static |
Return a newly allocated list of uint16_t * for each predicted port not handled by a current circuit.
Definition at line 1569 of file circuitbuild.c.
Referenced by circuit_all_predicted_ports_handled().
| int circuit_handle_first_hop | ( | origin_circuit_t * | circ | ) |
Start establishing the first hop of our circuit. Figure out what OR we should connect to, and if necessary start the connection to it. If we're already connected, then send the 'create' cell. Return 0 for ok, -reason if circ should be marked-for-close.
Definition at line 588 of file circuitbuild.c.
| int circuit_has_usable_onion_key | ( | const origin_circuit_t * | circ | ) |
Definition at line 2669 of file circuitbuild.c.
| char * circuit_list_path | ( | origin_circuit_t * | circ, |
| int | verbose | ||
| ) |
If verbose is false, allocate and return a comma-separated list of the currently built elements of circ. If verbose is true, also list information about link status in a more verbose format using spaces.
Definition at line 338 of file circuitbuild.c.
Referenced by circuit_log_path().
| char * circuit_list_path_for_controller | ( | origin_circuit_t * | circ | ) |
Allocate and return a comma-separated list of the currently built elements of circ, giving each as a verbose nickname.
Definition at line 347 of file circuitbuild.c.
Referenced by circuit_describe_status_for_controller().
|
static |
If verbose is false, allocate and return a comma-separated list of the currently built elements of circ. If verbose is true, also list information about link status in a more verbose format using spaces. If verbose_names is false, give hex digests; if verbose_names is true, use $DIGEST=Name style names.
Definition at line 264 of file circuitbuild.c.
Referenced by circuit_list_path(), and circuit_list_path_for_controller().
| void circuit_log_path | ( | int | severity, |
| unsigned int | domain, | ||
| origin_circuit_t * | circ | ||
| ) |
Log, at severity severity, the nicknames of each router in circ's cpath. Also log the length of the cpath, and the intended exit point.
Definition at line 357 of file circuitbuild.c.
|
static |
Return true iff circ is allowed to have no guard configured, even if the circuit is multihop and guards are enabled.
Definition at line 945 of file circuitbuild.c.
Referenced by circuit_build_no_more_hops().
| void circuit_n_chan_done | ( | channel_t * | chan, |
| int | status, | ||
| int | close_origin_circuits | ||
| ) |
Find any circuits that are waiting on or_conn to become open and get them to send their create cells forward.
Status is 1 if connect succeeded, or 0 if connect failed.
Close_origin_circuits is 1 if we should close all the origin circuits through this channel, or 0 otherwise. (This happens when we want to retry an older guard.)
Definition at line 683 of file circuitbuild.c.
| void circuit_note_clock_jumped | ( | int64_t | seconds_elapsed, |
| bool | was_idle | ||
| ) |
Our clock just jumped by seconds_elapsed. If was_idle is true, then the monotonic time matches; otherwise it doesn't. Assume something has also gone wrong with our network: notify the user, and abandon all not-yet-used circuits.
Definition at line 1239 of file circuitbuild.c.
|
static |
Decide whether to use a TAP or ntor handshake for connecting to ei directly, and set *cell_type_out and *handshake_type_out accordingly. Note that TAP handshakes in CREATE cells are only used for direct connections:
Definition at line 887 of file circuitbuild.c.
Referenced by circuit_pick_extend_handshake().
|
static |
Decide whether to use a TAP or ntor handshake for extending to ei and set *handshake_type_out accordingly. Decide whether we should use an EXTEND2 or an EXTEND cell to do so, and set *cell_type_out and *create_cell_type_out accordingly. Note that TAP handshakes in EXTEND cells are only used:
Definition at line 919 of file circuitbuild.c.
|
static |
Definition at line 2648 of file circuitbuild.c.
|
static |
Called from circuit_send_next_onion_skin() when we find ourselves connected to the first hop in circ: Send a CREATE or CREATE2 or CREATE_FAST cell to that hop. Return 0 on success; -reason on failure (if the circuit should be torn down).
Definition at line 1016 of file circuitbuild.c.
|
static |
Called from circuit_send_next_onion_skin() when we find that we have a hop other than the first that we need to extend to: use hop's information to extend the circuit another step. Return 0 on success; -reason on failure (if the circuit should be torn down).
Definition at line 1156 of file circuitbuild.c.
| int circuit_send_next_onion_skin | ( | origin_circuit_t * | circ | ) |
This is the backbone function for building circuits.
If circ's first hop is closed, then we need to build a create cell and send it forward.
Otherwise, if circ's cpath still has any non-open hops, we need to build a relay extend cell and send it forward to the next non-open hop.
If all hops on the cpath are open, we're done building the circuit and we should do housekeeping for the newly opened circuit.
Return -reason if we want to tear down circ, else return 0.
Definition at line 982 of file circuitbuild.c.
Referenced by circuit_extend_to_new_exit().
| int circuit_timeout_want_to_count_circ | ( | const origin_circuit_t * | circ | ) |
Return true if circ is the type of circuit we want to count timeouts from.
In particular, we want to consider any circuit that plans to build at least 3 hops (but maybe more), but has 3 or fewer hops built so far.
We still want to consider circuits before 3 hops, because we need to decide if we should convert them to a measurement circuit in circuit_build_times_handle_completed_hop(), rather than letting slow circuits get killed right away.
Definition at line 872 of file circuitbuild.c.
Referenced by circuit_build_times_handle_completed_hop().
| int circuit_truncated | ( | origin_circuit_t * | circ, |
| int | reason | ||
| ) |
We received a relay truncated cell on circ.
Since we don't send truncates currently, getting a truncated means that a connection broke or an extend failed. For now, just give up: force circ to close, and return 0.
Definition at line 1373 of file circuitbuild.c.
| void circuit_upgrade_circuits_from_guard_wait | ( | void | ) |
Find the circuits that are waiting to find out whether their guards are usable, and if any are ready to become usable, mark them open and try attaching streams as appropriate.
Definition at line 2682 of file circuitbuild.c.
Referenced by second_elapsed_callback().
| int client_circ_negotiation_message | ( | const extend_info_t * | ei, |
| uint8_t ** | msg_out, | ||
| size_t * | msg_len_out | ||
| ) |
Try to generate a circuit-negotiation message for communication with a given relay. Assumes we are using ntor v3, or some later version that supports parameter negotiatoin.
On success, return 0 and pass back a message in the out parameters. Otherwise, return -1.
Definition at line 2710 of file circuitbuild.c.
| STATIC int count_acceptable_nodes | ( | const smartlist_t * | nodes, |
| int | direct | ||
| ) |
Return the number of routers in nodes that are currently up and available for building circuits through.
If direct is true, only count nodes that are suitable for direct connections. Counts nodes regardless of whether their addresses are preferred.
Definition at line 2230 of file circuitbuild.c.
Referenced by new_route_len().
| STATIC int cpath_build_state_to_crn_flags | ( | const cpath_build_state_t * | state | ) |
Definition at line 2082 of file circuitbuild.c.
| STATIC int cpath_build_state_to_crn_ipv6_extend_flag | ( | const cpath_build_state_t * | state, |
| int | cur_len | ||
| ) |
Definition at line 2101 of file circuitbuild.c.
Search for a value for circ_id that we can use on chan for an outbound circuit, until we get a circ_id that is not in use by any other circuit on that conn.
Return it, or 0 if can't get a unique circ_id.
Definition at line 127 of file circuitbuild.c.
|
static |
Return true if we MUST use vanguards for picking this middle node.
Definition at line 2360 of file circuitbuild.c.
| STATIC int new_route_len | ( | uint8_t | purpose, |
| extend_info_t * | exit_ei, | ||
| const smartlist_t * | nodes | ||
| ) |
Choose a length for a circuit of purpose purpose and check if enough routers are available.
If the routerlist nodes doesn't have enough routers to handle the desired path length, return -1.
Definition at line 1538 of file circuitbuild.c.
|
static |
Return 1 if node can handle one or more of the ports in needed_ports, else return 0.
Definition at line 1609 of file circuitbuild.c.
| STATIC int onion_extend_cpath | ( | origin_circuit_t * | circ | ) |
Choose a suitable next hop for the circuit circ. Append the hop info to circ->cpath.
Return 1 if the path is complete, 0 if we successfully added a hop, and -1 on error.
Definition at line 2545 of file circuitbuild.c.
Referenced by onion_populate_cpath().
| STATIC int onion_pick_cpath_exit | ( | origin_circuit_t * | circ, |
| extend_info_t * | exit_ei, | ||
| int | is_hs_v3_rp_circuit | ||
| ) |
Decide a suitable length for circ's cpath, and pick an exit router (or use exit_ei if provided). Store these in the cpath.
If is_hs_v3_rp_circuit is set, then this exit should be suitable to be used as an HS v3 rendezvous point.
Return 0 if ok, -1 if circuit should be closed.
Definition at line 2124 of file circuitbuild.c.
Referenced by circuit_establish_circuit().
|
static |
Pick all the entries in our cpath. Stop and return 0 when we're happy, or return -1 if an error occurs.
Definition at line 390 of file circuitbuild.c.
Referenced by circuit_establish_circuit().
| circuit_guard_state_t * origin_circuit_get_guard_state | ( | origin_circuit_t * | circ | ) |
Return the guard state associated with circ, which may be NULL.
Definition at line 557 of file circuitbuild.c.
Referenced by circ_state_has_higher_priority().
| origin_circuit_t * origin_circuit_init | ( | uint8_t | purpose, |
| int | flags | ||
| ) |
Create and return a new origin circuit. Initialize its purpose and build-state based on our arguments. The flags argument is a bitfield of CIRCLAUNCH_* flags, see circuit_launch_by_extend_info() for more details.
Definition at line 454 of file circuitbuild.c.
Referenced by circuit_establish_circuit(), and circuit_establish_circuit_conflux().
|
static |
Definition at line 1861 of file circuitbuild.c.
|
static |
Max number of restricted nodes before we alert the user and try to load balance for them.
The most aggressive vanguard design had 16 nodes at layer3. Let's give a small ceiling above that.
Definition at line 1881 of file circuitbuild.c.
|
static |
Pick a sticky vanguard middle node or return NULL if not found. See doc of pick_restricted_middle_node() for argument details.
Definition at line 2390 of file circuitbuild.c.
| int route_len_for_purpose | ( | uint8_t | purpose, |
| extend_info_t * | exit_ei | ||
| ) |
Helper for new_route_len(). Choose a circuit length for purpose purpose: DEFAULT_ROUTE_LEN (+ 1 if someone else chose the exit). If someone else chose the exit, they could be colluding with the exit, so add a randomly selected node to preserve anonymity.
Here, "exit node" sometimes means an OR acting as an internal endpoint, rather than as a relay to an external endpoint. This means there need to be at least DEFAULT_ROUTE_LEN routers between us and the internal endpoint to preserve the same anonymity properties that we would get when connecting to an external endpoint. These internal endpoints can include:
There are currently two situations where we picked the exit node ourselves, making DEFAULT_ROUTE_LEN a safe circuit length:
onion_pick_cpath_exit() bypasses us (by not calling new_route_len()) in the one-hop tunnel case, so we don't need to handle that.
Definition at line 1452 of file circuitbuild.c.
Referenced by new_route_len().
|
inlinestatic |
Return true iff we should send a create_fast cell to start building a given circuit
Definition at line 850 of file circuitbuild.c.
|
static |
Log a warning if the user specified an exit for the circuit that has been excluded from use by ExcludeNodes or ExcludeExitNodes.
Definition at line 2001 of file circuitbuild.c.
Referenced by circuit_extend_to_new_exit().
1.9.4