Tor  0.4.8.0-alpha-dev
circuitbuild.c
Go to the documentation of this file.
1 /* Copyright (c) 2001 Matej Pfajfar.
2  * Copyright (c) 2001-2004, Roger Dingledine.
3  * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson.
4  * Copyright (c) 2007-2021, The Tor Project, Inc. */
5 /* See LICENSE for licensing information */
6 
7 /**
8  * \file circuitbuild.c
9  *
10  * \brief Implements the details of building circuits (by choosing paths,
11  * constructing/sending create/extend cells, and so on).
12  *
13  * On the client side, this module handles launching circuits. Circuit
14  * launches are started from circuit_establish_circuit(), called from
15  * circuit_launch_by_extend_info()). To choose the path the circuit will
16  * take, onion_extend_cpath() calls into a maze of node selection functions.
17  *
18  * Once the circuit is ready to be launched, the first hop is treated as a
19  * special case with circuit_handle_first_hop(), since it might need to open a
20  * channel. As the channel opens, and later as CREATED and RELAY_EXTENDED
21  * cells arrive, the client will invoke circuit_send_next_onion_skin() to send
22  * CREATE or RELAY_EXTEND cells.
23  *
24  * The server side is handled in feature/relay/circuitbuild_relay.c.
25  **/
26 
27 #define CIRCUITBUILD_PRIVATE
28 #define OCIRC_EVENT_PRIVATE
29 
30 #include "core/or/or.h"
31 #include "app/config/config.h"
32 #include "lib/confmgt/confmgt.h"
33 #include "core/crypto/hs_ntor.h"
35 #include "core/crypto/onion_fast.h"
36 #include "core/crypto/onion_tap.h"
38 #include "core/mainloop/mainloop.h"
39 #include "core/or/channel.h"
40 #include "core/or/circuitbuild.h"
41 #include "core/or/circuitlist.h"
42 #include "core/or/circuitstats.h"
43 #include "core/or/circuituse.h"
44 #include "core/or/circuitpadding.h"
45 #include "core/or/command.h"
47 #include "core/or/connection_or.h"
48 #include "core/or/extendinfo.h"
49 #include "core/or/onion.h"
50 #include "core/or/ocirc_event.h"
51 #include "core/or/policies.h"
52 #include "core/or/relay.h"
53 #include "core/or/trace_probes_circuit.h"
54 #include "core/or/crypt_path.h"
55 #include "feature/client/bridges.h"
56 #include "feature/client/circpathbias.h"
69 #include "feature/relay/router.h"
71 #include "feature/relay/selftest.h"
74 #include "lib/trace/events.h"
76 
77 #include "core/or/cell_st.h"
80 #include "core/or/extend_info_st.h"
82 #include "core/or/or_circuit_st.h"
84 
85 #include "trunnel/extension.h"
86 #include "trunnel/congestion_control.h"
87 
91  crypt_path_t *hop);
92 static const node_t *choose_good_middle_server(uint8_t purpose,
93  cpath_build_state_t *state,
94  crypt_path_t *head,
95  int cur_len);
96 
97 /** This function tries to get a channel to the specified endpoint,
98  * and then calls command_setup_channel() to give it the right
99  * callbacks.
100  */
103 {
104  channel_t *chan;
105 
106  const tor_addr_port_t *orport = extend_info_pick_orport(ei);
107  if (!orport)
108  return NULL;
109  const char *id_digest = ei->identity_digest;
110  const ed25519_public_key_t *ed_id = &ei->ed_identity;
111 
112  chan = channel_connect(&orport->addr, orport->port, id_digest, ed_id);
113  if (chan) command_setup_channel(chan);
114 
115  return chan;
116 }
117 
118 /** Search for a value for circ_id that we can use on <b>chan</b> for an
119  * outbound circuit, until we get a circ_id that is not in use by any other
120  * circuit on that conn.
121  *
122  * Return it, or 0 if can't get a unique circ_id.
123  */
126 {
127 /* This number is chosen somewhat arbitrarily; see comment below for more
128  * info. When the space is 80% full, it gives a one-in-a-million failure
129  * chance; when the space is 90% full, it gives a one-in-850 chance; and when
130  * the space is 95% full, it gives a one-in-26 failure chance. That seems
131  * okay, though you could make a case IMO for anything between N=32 and
132  * N=256. */
133 #define MAX_CIRCID_ATTEMPTS 64
134  int in_use;
135  unsigned n_with_circ = 0, n_pending_destroy = 0, n_weird_pending_destroy = 0;
136  circid_t test_circ_id;
137  circid_t attempts=0;
138  circid_t high_bit, max_range, mask;
139  int64_t pending_destroy_time_total = 0;
140  int64_t pending_destroy_time_max = 0;
141 
142  tor_assert(chan);
143 
144  if (chan->circ_id_type == CIRC_ID_TYPE_NEITHER) {
145  log_warn(LD_BUG,
146  "Trying to pick a circuit ID for a connection from "
147  "a client with no identity.");
148  return 0;
149  }
150  max_range = (chan->wide_circ_ids) ? (1u<<31) : (1u<<15);
151  mask = max_range - 1;
152  high_bit = (chan->circ_id_type == CIRC_ID_TYPE_HIGHER) ? max_range : 0;
153  do {
154  if (++attempts > MAX_CIRCID_ATTEMPTS) {
155  /* Make sure we don't loop forever because all circuit IDs are used.
156  *
157  * Once, we would try until we had tried every possible circuit ID. But
158  * that's quite expensive. Instead, we try MAX_CIRCID_ATTEMPTS random
159  * circuit IDs, and then give up.
160  *
161  * This potentially causes us to give up early if our circuit ID space
162  * is nearly full. If we have N circuit IDs in use, then we will reject
163  * a new circuit with probability (N / max_range) ^ MAX_CIRCID_ATTEMPTS.
164  * This means that in practice, a few percent of our circuit ID capacity
165  * will go unused.
166  *
167  * The alternative here, though, is to do a linear search over the
168  * whole circuit ID space every time we extend a circuit, which is
169  * not so great either.
170  */
171  int64_t queued_destroys;
173  approx_time());
174  if (m == NULL)
175  return 0; /* This message has been rate-limited away. */
176  if (n_pending_destroy)
177  pending_destroy_time_total /= n_pending_destroy;
178  log_warn(LD_CIRC,"No unused circIDs found on channel %s wide "
179  "circID support, with %u inbound and %u outbound circuits. "
180  "Found %u circuit IDs in use by circuits, and %u with "
181  "pending destroy cells. (%u of those were marked bogusly.) "
182  "The ones with pending destroy cells "
183  "have been marked unusable for an average of %ld seconds "
184  "and a maximum of %ld seconds. This channel is %ld seconds "
185  "old. Failing a circuit.%s",
186  chan->wide_circ_ids ? "with" : "without",
187  chan->num_p_circuits, chan->num_n_circuits,
188  n_with_circ, n_pending_destroy, n_weird_pending_destroy,
189  (long)pending_destroy_time_total,
190  (long)pending_destroy_time_max,
191  (long)(approx_time() - chan->timestamp_created),
192  m);
193  tor_free(m);
194 
195  if (!chan->cmux) {
196  /* This warning should be impossible. */
197  log_warn(LD_BUG, " This channel somehow has no cmux on it!");
198  return 0;
199  }
200 
201  /* analysis so far on 12184 suggests that we're running out of circuit
202  IDs because it looks like we have too many pending destroy
203  cells. Let's see how many we really have pending.
204  */
205  queued_destroys = circuitmux_count_queued_destroy_cells(chan,
206  chan->cmux);
207 
208  log_warn(LD_CIRC, " Circuitmux on this channel has %u circuits, "
209  "of which %u are active. It says it has %"PRId64
210  " destroy cells queued.",
213  (queued_destroys));
214 
215  /* Change this into "if (1)" in order to get more information about
216  * possible failure modes here. You'll need to know how to use gdb with
217  * Tor: this will make Tor exit with an assertion failure if the cmux is
218  * corrupt. */
219  if (0)
220  circuitmux_assert_okay(chan->cmux);
221 
223 
224  return 0;
225  }
226 
227  do {
228  crypto_rand((char*) &test_circ_id, sizeof(test_circ_id));
229  test_circ_id &= mask;
230  } while (test_circ_id == 0);
231 
232  test_circ_id |= high_bit;
233 
234  in_use = circuit_id_in_use_on_channel(test_circ_id, chan);
235  if (in_use == 1)
236  ++n_with_circ;
237  else if (in_use == 2) {
238  time_t since_when;
239  ++n_pending_destroy;
240  since_when =
241  circuit_id_when_marked_unusable_on_channel(test_circ_id, chan);
242  if (since_when) {
243  time_t waiting = approx_time() - since_when;
244  pending_destroy_time_total += waiting;
245  if (waiting > pending_destroy_time_max)
246  pending_destroy_time_max = waiting;
247  } else {
248  ++n_weird_pending_destroy;
249  }
250  }
251  } while (in_use);
252  return test_circ_id;
253 }
254 
255 /** If <b>verbose</b> is false, allocate and return a comma-separated list of
256  * the currently built elements of <b>circ</b>. If <b>verbose</b> is true, also
257  * list information about link status in a more verbose format using spaces.
258  * If <b>verbose_names</b> is false, give hex digests; if <b>verbose_names</b>
259  * is true, use $DIGEST=Name style names.
260  */
261 static char *
262 circuit_list_path_impl(origin_circuit_t *circ, int verbose, int verbose_names)
263 {
264  crypt_path_t *hop;
265  smartlist_t *elements;
266  const char *states[] = {"closed", "waiting for keys", "open"};
267  char *s;
268 
269  elements = smartlist_new();
270 
271  if (verbose) {
272  const char *nickname = build_state_get_exit_nickname(circ->build_state);
273  smartlist_add_asprintf(elements, "%s%s circ (length %d%s%s):",
274  circ->build_state->is_internal ? "internal" : "exit",
275  circ->build_state->need_uptime ? " (high-uptime)" : "",
277  circ->base_.state == CIRCUIT_STATE_OPEN ? "" : ", last hop ",
278  circ->base_.state == CIRCUIT_STATE_OPEN ? "" :
279  (nickname?nickname:"*unnamed*"));
280  }
281 
282  hop = circ->cpath;
283  do {
284  char *elt;
285  const char *id;
286  const node_t *node;
287  if (!hop)
288  break;
289  if (!verbose && hop->state != CPATH_STATE_OPEN)
290  break;
291  if (!hop->extend_info)
292  break;
293  id = hop->extend_info->identity_digest;
294  if (verbose_names) {
295  elt = tor_malloc(MAX_VERBOSE_NICKNAME_LEN+1);
296  if ((node = node_get_by_id(id))) {
297  node_get_verbose_nickname(node, elt);
298  } else if (is_legal_nickname(hop->extend_info->nickname)) {
299  elt[0] = '$';
300  base16_encode(elt+1, HEX_DIGEST_LEN+1, id, DIGEST_LEN);
301  elt[HEX_DIGEST_LEN+1]= '~';
302  strlcpy(elt+HEX_DIGEST_LEN+2,
304  } else {
305  elt[0] = '$';
306  base16_encode(elt+1, HEX_DIGEST_LEN+1, id, DIGEST_LEN);
307  }
308  } else { /* ! verbose_names */
309  elt = tor_malloc(HEX_DIGEST_LEN+2);
310  elt[0] = '$';
311  base16_encode(elt+1, HEX_DIGEST_LEN+1, id, DIGEST_LEN);
312  }
313  tor_assert(elt);
314  if (verbose) {
315  tor_assert(hop->state <= 2);
316  smartlist_add_asprintf(elements,"%s(%s)",elt,states[hop->state]);
317  tor_free(elt);
318  } else {
319  smartlist_add(elements, elt);
320  }
321  hop = hop->next;
322  } while (hop != circ->cpath);
323 
324  s = smartlist_join_strings(elements, verbose?" ":",", 0, NULL);
325  SMARTLIST_FOREACH(elements, char*, cp, tor_free(cp));
326  smartlist_free(elements);
327  return s;
328 }
329 
330 /** If <b>verbose</b> is false, allocate and return a comma-separated
331  * list of the currently built elements of <b>circ</b>. If
332  * <b>verbose</b> is true, also list information about link status in
333  * a more verbose format using spaces.
334  */
335 char *
337 {
338  return circuit_list_path_impl(circ, verbose, 0);
339 }
340 
341 /** Allocate and return a comma-separated list of the currently built elements
342  * of <b>circ</b>, giving each as a verbose nickname.
343  */
344 char *
346 {
347  return circuit_list_path_impl(circ, 0, 1);
348 }
349 
350 /** Log, at severity <b>severity</b>, the nicknames of each router in
351  * <b>circ</b>'s cpath. Also log the length of the cpath, and the intended
352  * exit point.
353  */
354 void
355 circuit_log_path(int severity, unsigned int domain, origin_circuit_t *circ)
356 {
357  char *s = circuit_list_path(circ,1);
358  tor_log(severity,domain,"%s",s);
359  tor_free(s);
360 }
361 
362 /** Return 1 iff every node in circ's cpath definitely supports ntor. */
363 static int
365 {
366  crypt_path_t *head, *cpath;
367 
368  cpath = head = circ->cpath;
369  do {
370  /* if the extend_info is missing, we can't tell if it supports ntor */
371  if (!cpath->extend_info) {
372  return 0;
373  }
374 
375  /* if the key is blank, it definitely doesn't support ntor */
376  if (!extend_info_supports_ntor(cpath->extend_info)) {
377  return 0;
378  }
379  cpath = cpath->next;
380  } while (cpath != head);
381 
382  return 1;
383 }
384 
385 /** Pick all the entries in our cpath. Stop and return 0 when we're
386  * happy, or return -1 if an error occurs. */
387 static int
389 {
390  int r = 0;
391 
392  /* onion_extend_cpath assumes these are non-NULL */
393  tor_assert(circ);
394  tor_assert(circ->build_state);
395 
396  while (r == 0) {
397  r = onion_extend_cpath(circ);
398  if (r < 0) {
399  log_info(LD_CIRC,"Generating cpath hop failed.");
400  return -1;
401  }
402  }
403 
404  /* The path is complete */
405  tor_assert(r == 1);
406 
407  /* Does every node in this path support ntor? */
408  int path_supports_ntor = circuit_cpath_supports_ntor(circ);
409 
410  /* We would like every path to support ntor, but we have to allow for some
411  * edge cases. */
413  if (circuit_can_use_tap(circ)) {
414  /* Circuits from clients to intro points, and hidden services to rend
415  * points do not support ntor, because the hidden service protocol does
416  * not include ntor onion keys. This is also true for Single Onion
417  * Services. */
418  return 0;
419  }
420 
421  if (circuit_get_cpath_len(circ) == 1) {
422  /* Allow for bootstrapping: when we're fetching directly from a fallback,
423  * authority, or bridge, we have no way of knowing its ntor onion key
424  * before we connect to it. So instead, we try connecting, and end up using
425  * CREATE_FAST. */
426  tor_assert(circ->cpath);
427  tor_assert(circ->cpath->extend_info);
428  const node_t *node = node_get_by_id(
430  /* If we don't know the node and its descriptor, we must be bootstrapping.
431  */
432  if (!node || !node_has_preferred_descriptor(node, 1)) {
433  return 0;
434  }
435  }
436 
437  if (BUG(!path_supports_ntor)) {
438  /* If we're building a multi-hop path, and it's not one of the HS or
439  * bootstrapping exceptions, and it doesn't support ntor, something has
440  * gone wrong. */
441  return -1;
442  }
443 
444  return 0;
445 }
446 
447 /** Create and return a new origin circuit. Initialize its purpose and
448  * build-state based on our arguments. The <b>flags</b> argument is a
449  * bitfield of CIRCLAUNCH_* flags, see circuit_launch_by_extend_info() for
450  * more details. */
452 origin_circuit_init(uint8_t purpose, int flags)
453 {
454  /* sets circ->p_circ_id and circ->p_chan */
457  circ->build_state = tor_malloc_zero(sizeof(cpath_build_state_t));
458  circ->build_state->onehop_tunnel =
459  ((flags & CIRCLAUNCH_ONEHOP_TUNNEL) ? 1 : 0);
460  circ->build_state->need_uptime =
461  ((flags & CIRCLAUNCH_NEED_UPTIME) ? 1 : 0);
462  circ->build_state->need_capacity =
463  ((flags & CIRCLAUNCH_NEED_CAPACITY) ? 1 : 0);
464  circ->build_state->is_internal =
465  ((flags & CIRCLAUNCH_IS_INTERNAL) ? 1 : 0);
467  ((flags & CIRCLAUNCH_IS_IPV6_SELFTEST) ? 1 : 0);
468  circ->base_.purpose = purpose;
469  return circ;
470 }
471 
472 /** Build a new circuit for <b>purpose</b>. If <b>exit</b> is defined, then use
473  * that as your exit router, else choose a suitable exit node. The <b>flags</b>
474  * argument is a bitfield of CIRCLAUNCH_* flags, see
475  * circuit_launch_by_extend_info() for more details.
476  *
477  * Also launch a connection to the first OR in the chosen path, if
478  * it's not open already.
479  */
481 circuit_establish_circuit(uint8_t purpose, extend_info_t *exit_ei, int flags)
482 {
483  origin_circuit_t *circ;
484  int err_reason = 0;
485  int is_hs_v3_rp_circuit = 0;
486 
487  if (flags & CIRCLAUNCH_IS_V3_RP) {
488  is_hs_v3_rp_circuit = 1;
489  }
490 
491  circ = origin_circuit_init(purpose, flags);
492 
493  if (onion_pick_cpath_exit(circ, exit_ei, is_hs_v3_rp_circuit) < 0 ||
494  onion_populate_cpath(circ) < 0) {
495  circuit_mark_for_close(TO_CIRCUIT(circ), END_CIRC_REASON_NOPATH);
496  return NULL;
497  }
498 
499  circuit_event_status(circ, CIRC_EVENT_LAUNCHED, 0);
500 
501  if ((err_reason = circuit_handle_first_hop(circ)) < 0) {
502  circuit_mark_for_close(TO_CIRCUIT(circ), -err_reason);
503  return NULL;
504  }
505 
506  tor_trace(TR_SUBSYS(circuit), TR_EV(establish), circ);
507  return circ;
508 }
509 
510 /** Return the guard state associated with <b>circ</b>, which may be NULL. */
511 circuit_guard_state_t *
513 {
514  return circ->guard_state;
515 }
516 
517 /**
518  * Helper function to publish a channel association message
519  *
520  * circuit_handle_first_hop() calls this to notify subscribers about a
521  * channel launch event, which associates a circuit with a channel.
522  * This doesn't always correspond to an assignment of the circuit's
523  * n_chan field, because that seems to be only for fully-open
524  * channels.
525  **/
526 static void
528 {
529  ocirc_chan_msg_t *msg = tor_malloc(sizeof(*msg));
530 
531  msg->gid = circ->global_identifier;
532  msg->chan = chan->global_identifier;
533  msg->onehop = circ->build_state->onehop_tunnel;
534 
535  ocirc_chan_publish(msg);
536 }
537 
538 /** Start establishing the first hop of our circuit. Figure out what
539  * OR we should connect to, and if necessary start the connection to
540  * it. If we're already connected, then send the 'create' cell.
541  * Return 0 for ok, -reason if circ should be marked-for-close. */
542 int
544 {
545  crypt_path_t *firsthop;
546  channel_t *n_chan;
547  int err_reason = 0;
548  const char *msg = NULL;
549  int should_launch = 0;
550  const or_options_t *options = get_options();
551 
552  firsthop = cpath_get_next_non_open_hop(circ->cpath);
553  tor_assert(firsthop);
554  tor_assert(firsthop->extend_info);
555 
556  /* Some bridges are on private addresses. Others pass a dummy private
557  * address to the pluggable transport, which ignores it.
558  * Deny the connection if:
559  * - the address is internal, and
560  * - we're not connecting to a configured bridge, and
561  * - we're not configured to allow extends to private addresses. */
564  !options->ExtendAllowPrivateAddresses) {
565  log_fn(LOG_PROTOCOL_WARN, LD_PROTOCOL,
566  "Client asked me to connect directly to a private address");
567  return -END_CIRC_REASON_TORPROTOCOL;
568  }
569 
570  /* now see if we're already connected to the first OR in 'route' */
571  const tor_addr_port_t *orport4 =
572  extend_info_get_orport(firsthop->extend_info, AF_INET);
573  const tor_addr_port_t *orport6 =
574  extend_info_get_orport(firsthop->extend_info, AF_INET6);
575  n_chan = channel_get_for_extend(
576  firsthop->extend_info->identity_digest,
577  &firsthop->extend_info->ed_identity,
578  orport4 ? &orport4->addr : NULL,
579  orport6 ? &orport6->addr : NULL,
580  true,
581  &msg,
582  &should_launch);
583 
584  if (!n_chan) {
585  /* not currently connected in a useful way. */
586  log_info(LD_CIRC, "Next router is %s: %s",
587  safe_str_client(extend_info_describe(firsthop->extend_info)),
588  msg?msg:"???");
589  circ->base_.n_hop = extend_info_dup(firsthop->extend_info);
590 
591  if (should_launch) {
592  n_chan = channel_connect_for_circuit(firsthop->extend_info);
593  if (!n_chan) { /* connect failed, forget the whole thing */
594  log_info(LD_CIRC,"connect to firsthop failed. Closing.");
595  return -END_CIRC_REASON_CONNECTFAILED;
596  }
597  /* We didn't find a channel, but we're launching one for an origin
598  * circuit. (If we decided not to launch a channel, then we found at
599  * least one once good in-progress channel use for this circuit, and
600  * marked it in channel_get_for_extend().) */
602  circuit_chan_publish(circ, n_chan);
603  }
604 
605  log_debug(LD_CIRC,"connecting in progress (or finished). Good.");
606  /* return success. The onion/circuit/etc will be taken care of
607  * automatically (may already have been) whenever n_chan reaches
608  * OR_CONN_STATE_OPEN.
609  */
610  return 0;
611  } else { /* it's already open. use it. */
612  tor_assert(!circ->base_.n_hop);
613  circ->base_.n_chan = n_chan;
614  /* We found a channel, and we're using it for an origin circuit. */
616  circuit_chan_publish(circ, n_chan);
617  log_debug(LD_CIRC,"Conn open for %s. Delivering first onion skin.",
618  safe_str_client(extend_info_describe(firsthop->extend_info)));
619  if ((err_reason = circuit_send_next_onion_skin(circ)) < 0) {
620  log_info(LD_CIRC,"circuit_send_next_onion_skin failed.");
621  circ->base_.n_chan = NULL;
622  return err_reason;
623  }
624  }
625  return 0;
626 }
627 
628 /** Find any circuits that are waiting on <b>or_conn</b> to become
629  * open and get them to send their create cells forward.
630  *
631  * Status is 1 if connect succeeded, or 0 if connect failed.
632  *
633  * Close_origin_circuits is 1 if we should close all the origin circuits
634  * through this channel, or 0 otherwise. (This happens when we want to retry
635  * an older guard.)
636  */
637 void
638 circuit_n_chan_done(channel_t *chan, int status, int close_origin_circuits)
639 {
640  smartlist_t *pending_circs;
641  int err_reason = 0;
642 
643  tor_assert(chan);
644 
645  log_debug(LD_CIRC,"chan to %s, status=%d",
646  channel_describe_peer(chan), status);
647 
648  pending_circs = smartlist_new();
649  circuit_get_all_pending_on_channel(pending_circs, chan);
650 
651  SMARTLIST_FOREACH_BEGIN(pending_circs, circuit_t *, circ)
652  {
653  /* These checks are redundant wrt get_all_pending_on_or_conn, but I'm
654  * leaving them in in case it's possible for the status of a circuit to
655  * change as we're going down the list. */
656  if (circ->marked_for_close || circ->n_chan || !circ->n_hop ||
657  circ->state != CIRCUIT_STATE_CHAN_WAIT)
658  continue;
659 
660  const char *rsa_ident = NULL;
661  const ed25519_public_key_t *ed_ident = NULL;
662  if (! tor_digest_is_zero(circ->n_hop->identity_digest)) {
663  rsa_ident = circ->n_hop->identity_digest;
664  }
665  if (! ed25519_public_key_is_zero(&circ->n_hop->ed_identity)) {
666  ed_ident = &circ->n_hop->ed_identity;
667  }
668 
669  if (rsa_ident == NULL && ed_ident == NULL) {
670  /* Look at addr/port. This is an unkeyed connection. */
671  if (!channel_matches_extend_info(chan, circ->n_hop))
672  continue;
673  } else {
674  /* We expected a key or keys. See if they matched. */
675  if (!channel_remote_identity_matches(chan, rsa_ident, ed_ident))
676  continue;
677 
678  /* If the channel is canonical, great. If not, it needs to match
679  * the requested address exactly. */
680  if (! chan->is_canonical &&
681  ! channel_matches_extend_info(chan, circ->n_hop)) {
682  continue;
683  }
684  }
685  if (!status) { /* chan failed; close circ */
686  log_info(LD_CIRC,"Channel failed; closing circ.");
687  circuit_mark_for_close(circ, END_CIRC_REASON_CHANNEL_CLOSED);
688  continue;
689  }
690 
691  if (close_origin_circuits && CIRCUIT_IS_ORIGIN(circ)) {
692  log_info(LD_CIRC,"Channel deprecated for origin circs; closing circ.");
693  circuit_mark_for_close(circ, END_CIRC_REASON_CHANNEL_CLOSED);
694  continue;
695  }
696  log_debug(LD_CIRC, "Found circ, sending create cell.");
697  /* circuit_deliver_create_cell will set n_circ_id and add us to
698  * chan_circuid_circuit_map, so we don't need to call
699  * set_circid_chan here. */
700  circ->n_chan = chan;
701  extend_info_free(circ->n_hop);
702  circ->n_hop = NULL;
703 
704  if (CIRCUIT_IS_ORIGIN(circ)) {
705  if ((err_reason =
707  log_info(LD_CIRC,
708  "send_next_onion_skin failed; circuit marked for closing.");
709  circuit_mark_for_close(circ, -err_reason);
710  continue;
711  /* XXX could this be bad, eg if next_onion_skin failed because conn
712  * died? */
713  }
714  } else {
715  /* pull the create cell out of circ->n_chan_create_cell, and send it */
716  tor_assert(circ->n_chan_create_cell);
717  if (circuit_deliver_create_cell(circ, circ->n_chan_create_cell, 1)<0) {
718  circuit_mark_for_close(circ, END_CIRC_REASON_RESOURCELIMIT);
719  continue;
720  }
721  tor_free(circ->n_chan_create_cell);
723  }
724  }
725  SMARTLIST_FOREACH_END(circ);
726 
727  smartlist_free(pending_circs);
728 }
729 
730 /** Find a new circid that isn't currently in use on the circ->n_chan
731  * for the outgoing
732  * circuit <b>circ</b>, and deliver the cell <b>create_cell</b> to this
733  * circuit. If <b>relayed</b> is true, this is a create cell somebody
734  * gave us via an EXTEND cell, so we shouldn't worry if we don't understand
735  * it. Return -1 if we failed to find a suitable circid, else return 0.
736  */
737 MOCK_IMPL(int,
739  const struct create_cell_t *create_cell,
740  int relayed))
741 {
742  cell_t cell;
743  circid_t id;
744  int r;
745 
746  tor_assert(circ);
747  tor_assert(circ->n_chan);
748  tor_assert(create_cell);
749  tor_assert(create_cell->cell_type == CELL_CREATE ||
750  create_cell->cell_type == CELL_CREATE_FAST ||
751  create_cell->cell_type == CELL_CREATE2);
752 
754  if (!id) {
755  static ratelim_t circid_warning_limit = RATELIM_INIT(9600);
756  log_fn_ratelim(&circid_warning_limit, LOG_WARN, LD_CIRC,
757  "failed to get unique circID.");
758  goto error;
759  }
760 
761  tor_assert_nonfatal_once(circ->n_chan->is_canonical);
762 
763  memset(&cell, 0, sizeof(cell_t));
764  r = relayed ? create_cell_format_relayed(&cell, create_cell)
765  : create_cell_format(&cell, create_cell);
766  if (r < 0) {
767  log_warn(LD_CIRC,"Couldn't format create cell");
768  goto error;
769  }
770  log_debug(LD_CIRC,"Chosen circID %u.", (unsigned)id);
771  circuit_set_n_circid_chan(circ, id, circ->n_chan);
772  cell.circ_id = circ->n_circ_id;
773 
774  append_cell_to_circuit_queue(circ, circ->n_chan, &cell,
775  CELL_DIRECTION_OUT, 0);
776 
777  if (CIRCUIT_IS_ORIGIN(circ)) {
778  /* Update began timestamp for circuits starting their first hop */
779  if (TO_ORIGIN_CIRCUIT(circ)->cpath->state == CPATH_STATE_CLOSED) {
780  if (!CHANNEL_IS_OPEN(circ->n_chan)) {
781  log_warn(LD_CIRC,
782  "Got first hop for a circuit without an opened channel. "
783  "State: %s.", channel_state_to_string(circ->n_chan->state));
785  }
786 
788  }
789 
790  /* mark it so it gets better rate limiting treatment. */
792  }
793 
794  return 0;
795  error:
796  circ->n_chan = NULL;
797  return -1;
798 }
799 
800 /** Return true iff we should send a create_fast cell to start building a
801  * given circuit */
802 static inline bool
804 {
805  tor_assert(circ->cpath);
806  tor_assert(circ->cpath->extend_info);
807 
808  return ! circuit_has_usable_onion_key(circ);
809 }
810 
811 /**
812  * Return true if <b>circ</b> is the type of circuit we want to count
813  * timeouts from.
814  *
815  * In particular, we want to consider any circuit that plans to build
816  * at least 3 hops (but maybe more), but has 3 or fewer hops built
817  * so far.
818  *
819  * We still want to consider circuits before 3 hops, because we need
820  * to decide if we should convert them to a measurement circuit in
821  * circuit_build_times_handle_completed_hop(), rather than letting
822  * slow circuits get killed right away.
823  */
824 int
826 {
827  return !circ->has_opened
830 }
831 
832 /** Decide whether to use a TAP or ntor handshake for connecting to <b>ei</b>
833  * directly, and set *<b>cell_type_out</b> and *<b>handshake_type_out</b>
834  * accordingly.
835  * Note that TAP handshakes in CREATE cells are only used for direct
836  * connections:
837  * - from Single Onions to rend points not in the service's consensus.
838  * This is checked in onion_populate_cpath. */
839 static void
840 circuit_pick_create_handshake(uint8_t *cell_type_out,
841  uint16_t *handshake_type_out,
842  const extend_info_t *ei)
843 {
844  /* torspec says: In general, clients SHOULD use CREATE whenever they are
845  * using the TAP handshake, and CREATE2 otherwise. */
846  if (extend_info_supports_ntor(ei)) {
847  *cell_type_out = CELL_CREATE2;
848  /* Only use ntor v3 with exits that support congestion control,
849  * and only when it is enabled. */
852  *handshake_type_out = ONION_HANDSHAKE_TYPE_NTOR_V3;
853  else
854  *handshake_type_out = ONION_HANDSHAKE_TYPE_NTOR;
855  } else {
856  /* XXXX030 Remove support for deciding to use TAP and EXTEND. */
857  *cell_type_out = CELL_CREATE;
858  *handshake_type_out = ONION_HANDSHAKE_TYPE_TAP;
859  }
860 }
861 
862 /** Decide whether to use a TAP or ntor handshake for extending to <b>ei</b>
863  * and set *<b>handshake_type_out</b> accordingly. Decide whether we should
864  * use an EXTEND2 or an EXTEND cell to do so, and set *<b>cell_type_out</b>
865  * and *<b>create_cell_type_out</b> accordingly.
866  * Note that TAP handshakes in EXTEND cells are only used:
867  * - from clients to intro points, and
868  * - from hidden services to rend points.
869  * This is checked in onion_populate_cpath.
870  */
871 static void
872 circuit_pick_extend_handshake(uint8_t *cell_type_out,
873  uint8_t *create_cell_type_out,
874  uint16_t *handshake_type_out,
875  const extend_info_t *ei)
876 {
877  uint8_t t;
878  circuit_pick_create_handshake(&t, handshake_type_out, ei);
879 
880  /* torspec says: Clients SHOULD use the EXTEND format whenever sending a TAP
881  * handshake... In other cases, clients SHOULD use EXTEND2. */
882  if (*handshake_type_out != ONION_HANDSHAKE_TYPE_TAP) {
883  *cell_type_out = RELAY_COMMAND_EXTEND2;
884  *create_cell_type_out = CELL_CREATE2;
885  } else {
886  /* XXXX030 Remove support for deciding to use TAP and EXTEND. */
887  *cell_type_out = RELAY_COMMAND_EXTEND;
888  *create_cell_type_out = CELL_CREATE;
889  }
890 }
891 
892 /**
893  * Return true iff <b>circ</b> is allowed
894  * to have no guard configured, even if the circuit is multihop
895  * and guards are enabled.
896  */
897 static int
899 {
900  if (BUG(!circ))
901  return 0;
902 
903  if (circ->first_hop_from_controller) {
904  /* The controller picked the first hop: that bypasses the guard system. */
905  return 1;
906  }
907 
908  switch (circ->base_.purpose) {
911  /* Testing circuits may omit guards because they're measuring
912  * liveness or performance, and don't want guards to interfere. */
913  return 1;
914  default:
915  /* All other multihop circuits should use guards if guards are
916  * enabled. */
917  return 0;
918  }
919 }
920 
921 /** This is the backbone function for building circuits.
922  *
923  * If circ's first hop is closed, then we need to build a create
924  * cell and send it forward.
925  *
926  * Otherwise, if circ's cpath still has any non-open hops, we need to
927  * build a relay extend cell and send it forward to the next non-open hop.
928  *
929  * If all hops on the cpath are open, we're done building the circuit
930  * and we should do housekeeping for the newly opened circuit.
931  *
932  * Return -reason if we want to tear down circ, else return 0.
933  */
934 int
936 {
937  tor_assert(circ);
938 
939  if (circ->cpath->state == CPATH_STATE_CLOSED) {
940  /* Case one: we're on the first hop. */
941  return circuit_send_first_onion_skin(circ);
942  }
943 
944  tor_assert(circ->cpath->state == CPATH_STATE_OPEN);
945  tor_assert(circ->base_.state == CIRCUIT_STATE_BUILDING);
946 
949 
951 
952  if (hop) {
953  /* Case two: we're on a hop after the first. */
954  return circuit_send_intermediate_onion_skin(circ, hop);
955  }
956 
957  /* Case three: the circuit is finished. Do housekeeping tasks on it. */
959  return circuit_build_no_more_hops(circ);
960 }
961 
962 /**
963  * Called from circuit_send_next_onion_skin() when we find ourselves connected
964  * to the first hop in <b>circ</b>: Send a CREATE or CREATE2 or CREATE_FAST
965  * cell to that hop. Return 0 on success; -reason on failure (if the circuit
966  * should be torn down).
967  */
968 static int
970 {
971  int fast;
972  int len;
973  const node_t *node;
974  create_cell_t cc;
975  memset(&cc, 0, sizeof(cc));
976 
977  log_debug(LD_CIRC,"First skin; sending create cell.");
978 
979  if (circ->build_state->onehop_tunnel) {
980  control_event_bootstrap(BOOTSTRAP_STATUS_ONEHOP_CREATE, 0);
981  } else {
982  control_event_bootstrap(BOOTSTRAP_STATUS_CIRCUIT_CREATE, 0);
983 
984  /* If this is not a one-hop tunnel, the channel is being used
985  * for traffic that wants anonymity and protection from traffic
986  * analysis (such as netflow record retention). That means we want
987  * to pad it.
988  */
989  if (circ->base_.n_chan->channel_usage < CHANNEL_USED_FOR_FULL_CIRCS)
990  circ->base_.n_chan->channel_usage = CHANNEL_USED_FOR_FULL_CIRCS;
991  }
992 
993  node = node_get_by_id(circ->base_.n_chan->identity_digest);
995  if (!fast) {
996  /* We know the right onion key: we should send a create cell. */
998  circ->cpath->extend_info);
999  } else {
1000  /* We don't know an onion key, so we need to fall back to CREATE_FAST. */
1001  cc.cell_type = CELL_CREATE_FAST;
1002  cc.handshake_type = ONION_HANDSHAKE_TYPE_FAST;
1003  }
1004 
1006  circ->cpath->extend_info,
1007  &circ->cpath->handshake_state,
1008  cc.onionskin,
1009  sizeof(cc.onionskin));
1010  if (len < 0) {
1011  log_warn(LD_CIRC,"onion_skin_create (first hop) failed.");
1012  return - END_CIRC_REASON_INTERNAL;
1013  }
1014  cc.handshake_len = len;
1015 
1016  if (circuit_deliver_create_cell(TO_CIRCUIT(circ), &cc, 0) < 0)
1017  return - END_CIRC_REASON_RESOURCELIMIT;
1018  tor_trace(TR_SUBSYS(circuit), TR_EV(first_onion_skin), circ, circ->cpath);
1019 
1020  circ->cpath->state = CPATH_STATE_AWAITING_KEYS;
1022  log_info(LD_CIRC,"First hop: finished sending %s cell to '%s'",
1023  fast ? "CREATE_FAST" : "CREATE",
1024  node ? node_describe(node) : "<unnamed>");
1025  return 0;
1026 }
1027 
1028 /**
1029  * Called from circuit_send_next_onion_skin() when we find that we have no
1030  * more hops: mark the circuit as finished, and perform the necessary
1031  * bookkeeping. Return 0 on success; -reason on failure (if the circuit
1032  * should be torn down).
1033  */
1034 static int
1036 {
1037  guard_usable_t r;
1038  if (! circ->guard_state) {
1039  if (circuit_get_cpath_len(circ) != 1 &&
1040  ! circuit_may_omit_guard(circ) &&
1041  get_options()->UseEntryGuards) {
1042  log_warn(LD_BUG, "%d-hop circuit %p with purpose %d has no "
1043  "guard state",
1044  circuit_get_cpath_len(circ), circ, circ->base_.purpose);
1045  }
1046  r = GUARD_USABLE_NOW;
1047  } else {
1048  r = entry_guard_succeeded(&circ->guard_state);
1049  }
1050  const int is_usable_for_streams = (r == GUARD_USABLE_NOW);
1051  if (r == GUARD_USABLE_NOW) {
1053  } else if (r == GUARD_MAYBE_USABLE_LATER) {
1054  // Wait till either a better guard succeeds, or till
1055  // all better guards fail.
1057  } else {
1058  tor_assert_nonfatal(r == GUARD_USABLE_NEVER);
1059  return - END_CIRC_REASON_INTERNAL;
1060  }
1061 
1062  /* XXXX #21422 -- the rest of this branch needs careful thought!
1063  * Some of the things here need to happen when a circuit becomes
1064  * mechanically open; some need to happen when it is actually usable.
1065  * I think I got them right, but more checking would be wise. -NM
1066  */
1067 
1068  log_info(LD_CIRC,"circuit built!");
1070 
1071  if (circ->build_state->onehop_tunnel || circ->has_opened) {
1072  control_event_bootstrap(BOOTSTRAP_STATUS_REQUESTING_STATUS, 0);
1073  }
1074 
1076  if (is_usable_for_streams)
1077  circuit_has_opened(circ); /* do other actions as necessary */
1078 
1080  const or_options_t *options = get_options();
1082  /* FFFF Log a count of known routers here */
1083  log_info(LD_GENERAL,
1084  "Tor has successfully opened a circuit. "
1085  "Looks like client functionality is working.");
1086  control_event_bootstrap(BOOTSTRAP_STATUS_DONE, 0);
1087  control_event_client_status(LOG_NOTICE, "CIRCUIT_ESTABLISHED");
1089  if (server_mode(options) &&
1090  !router_all_orports_seem_reachable(options)) {
1092  }
1093  }
1094 
1095  /* We're done with measurement circuits here. Just close them */
1096  if (circ->base_.purpose == CIRCUIT_PURPOSE_C_MEASURE_TIMEOUT) {
1097  circuit_mark_for_close(TO_CIRCUIT(circ), END_CIRC_REASON_FINISHED);
1098  }
1099  return 0;
1100 }
1101 
1102 /**
1103  * Called from circuit_send_next_onion_skin() when we find that we have a hop
1104  * other than the first that we need to extend to: use <b>hop</b>'s
1105  * information to extend the circuit another step. Return 0 on success;
1106  * -reason on failure (if the circuit should be torn down).
1107  */
1108 static int
1110  crypt_path_t *hop)
1111 {
1112  int len;
1113  extend_cell_t ec;
1114  /* Relays and bridges can send IPv6 extends. But for clients, it's an
1115  * obvious version distinguisher. */
1116  const bool include_ipv6 = server_mode(get_options());
1117  memset(&ec, 0, sizeof(ec));
1120 
1121  log_debug(LD_CIRC,"starting to send subsequent skin.");
1122 
1124  &ec.create_cell.cell_type,
1126  hop->extend_info);
1127 
1128  const tor_addr_port_t *orport4 =
1129  extend_info_get_orport(hop->extend_info, AF_INET);
1130  const tor_addr_port_t *orport6 =
1131  extend_info_get_orport(hop->extend_info, AF_INET6);
1132  int n_addrs_set = 0;
1133  if (orport4) {
1134  tor_addr_copy(&ec.orport_ipv4.addr, &orport4->addr);
1135  ec.orport_ipv4.port = orport4->port;
1136  ++n_addrs_set;
1137  }
1138  if (orport6 && include_ipv6) {
1139  tor_addr_copy(&ec.orport_ipv6.addr, &orport6->addr);
1140  ec.orport_ipv6.port = orport6->port;
1141  ++n_addrs_set;
1142  }
1143 
1144  if (n_addrs_set == 0) {
1145  log_warn(LD_BUG, "No supported address family found in extend_info.");
1146  return - END_CIRC_REASON_INTERNAL;
1147  }
1148  memcpy(ec.node_id, hop->extend_info->identity_digest, DIGEST_LEN);
1149  /* Set the ED25519 identity too -- it will only get included
1150  * in the extend2 cell if we're configured to use it, though. */
1152 
1154  hop->extend_info,
1155  &hop->handshake_state,
1157  sizeof(ec.create_cell.onionskin));
1158  if (len < 0) {
1159  log_warn(LD_CIRC,"onion_skin_create failed.");
1160  return - END_CIRC_REASON_INTERNAL;
1161  }
1162  ec.create_cell.handshake_len = len;
1163 
1164  log_info(LD_CIRC,"Sending extend relay cell.");
1165  {
1166  uint8_t command = 0;
1167  uint16_t payload_len=0;
1168  uint8_t payload[RELAY_PAYLOAD_SIZE];
1169  if (extend_cell_format(&command, &payload_len, payload, &ec)<0) {
1170  log_warn(LD_CIRC,"Couldn't format extend cell");
1171  return -END_CIRC_REASON_INTERNAL;
1172  }
1173 
1174  /* send it to hop->prev, because that relay will transfer
1175  * it to a create cell and then send to hop */
1176  if (relay_send_command_from_edge(0, TO_CIRCUIT(circ),
1177  command,
1178  (char*)payload, payload_len,
1179  hop->prev) < 0)
1180  return 0; /* circuit is closed */
1181  }
1182  hop->state = CPATH_STATE_AWAITING_KEYS;
1183  tor_trace(TR_SUBSYS(circuit), TR_EV(intermediate_onion_skin), circ, hop);
1184  return 0;
1185 }
1186 
1187 /** Our clock just jumped by <b>seconds_elapsed</b>. If <b>was_idle</b> is
1188  * true, then the monotonic time matches; otherwise it doesn't. Assume
1189  * something has also gone wrong with our network: notify the user, and
1190  * abandon all not-yet-used circuits. */
1191 void
1192 circuit_note_clock_jumped(int64_t seconds_elapsed, bool was_idle)
1193 {
1194  int severity = server_mode(get_options()) ? LOG_WARN : LOG_NOTICE;
1195  if (was_idle) {
1196  tor_log(severity, LD_GENERAL, "Tor has been idle for %"PRId64
1197  " seconds; assuming established circuits no longer work.",
1198  (seconds_elapsed));
1199  } else {
1200  tor_log(severity, LD_GENERAL,
1201  "Your system clock just jumped %"PRId64" seconds %s; "
1202  "assuming established circuits no longer work.",
1203  (
1204  seconds_elapsed >=0 ? seconds_elapsed : -seconds_elapsed),
1205  seconds_elapsed >=0 ? "forward" : "backward");
1206  }
1207  control_event_general_status(LOG_WARN, "CLOCK_JUMPED TIME=%"PRId64
1208  " IDLE=%d",
1209  (seconds_elapsed), was_idle?1:0);
1210  /* so we log when it works again */
1212  control_event_client_status(severity, "CIRCUIT_NOT_ESTABLISHED REASON=%s",
1213  "CLOCK_JUMPED");
1216  if (seconds_elapsed < 0) {
1217  /* Restart all the timers in case we jumped a long way into the past. */
1219  }
1220 }
1221 
1222 /** A "created" cell <b>reply</b> came back to us on circuit <b>circ</b>.
1223  * (The body of <b>reply</b> varies depending on what sort of handshake
1224  * this is.)
1225  *
1226  * Calculate the appropriate keys and digests, make sure KH is
1227  * correct, and initialize this hop of the cpath.
1228  *
1229  * Return - reason if we want to mark circ for close, else return 0.
1230  */
1231 int
1233  const created_cell_t *reply)
1234 {
1235  char keys[CPATH_KEY_MATERIAL_LEN];
1236  crypt_path_t *hop;
1237  int rv;
1238 
1239  if ((rv = pathbias_count_build_attempt(circ)) < 0) {
1240  log_warn(LD_CIRC, "pathbias_count_build_attempt failed: %d", rv);
1241  return rv;
1242  }
1243 
1244  if (circ->cpath->state == CPATH_STATE_AWAITING_KEYS) {
1245  hop = circ->cpath;
1246  } else {
1247  hop = cpath_get_next_non_open_hop(circ->cpath);
1248  if (!hop) { /* got an extended when we're all done? */
1249  log_warn(LD_PROTOCOL,"got extended when circ already built? Closing.");
1250  return - END_CIRC_REASON_TORPROTOCOL;
1251  }
1252  }
1253  tor_assert(hop->state == CPATH_STATE_AWAITING_KEYS);
1254 
1255  circuit_params_t params;
1256  {
1257  const char *msg = NULL;
1259  &hop->handshake_state,
1260  reply->reply, reply->handshake_len,
1261  (uint8_t*)keys, sizeof(keys),
1262  (uint8_t*)hop->rend_circ_nonce,
1263  &params,
1264  &msg) < 0) {
1265  if (msg)
1266  log_warn(LD_CIRC,"onion_skin_client_handshake failed: %s", msg);
1267  return -END_CIRC_REASON_TORPROTOCOL;
1268  }
1269  }
1270 
1272 
1273  if (cpath_init_circuit_crypto(hop, keys, sizeof(keys), 0, 0)<0) {
1274  return -END_CIRC_REASON_TORPROTOCOL;
1275  }
1276 
1277  if (params.cc_enabled) {
1278  int circ_len = circuit_get_cpath_len(circ);
1279 
1280  if (circ_len == DEFAULT_ROUTE_LEN &&
1281  circuit_get_cpath_hop(circ, DEFAULT_ROUTE_LEN) == hop) {
1282  hop->ccontrol = congestion_control_new(&params, CC_PATH_EXIT);
1283  } else if (circ_len == SBWS_ROUTE_LEN &&
1284  circuit_get_cpath_hop(circ, SBWS_ROUTE_LEN) == hop) {
1285  hop->ccontrol = congestion_control_new(&params, CC_PATH_SBWS);
1286  } else {
1287  if (circ_len > DEFAULT_ROUTE_LEN) {
1288  /* This can happen for unknown reasons; cannibalization codepaths
1289  * don't seem able to do it, so there is some magic way that hops can
1290  * still get added. Perhaps some cases of circuit pre-build that change
1291  * purpose? */
1292  log_info(LD_CIRC,
1293  "Unexpected path length %d for exit circuit %d, purpose %d",
1294  circ_len, circ->global_identifier,
1295  TO_CIRCUIT(circ)->purpose);
1296  hop->ccontrol = congestion_control_new(&params, CC_PATH_EXIT);
1297  } else {
1298  /* This is likely directory requests, which should block on orconn
1299  * before congestion control, but lets give them the lower sbws
1300  * param set anyway just in case. */
1301  log_info(LD_CIRC,
1302  "Unexpected path length %d for exit circuit %d, purpose %d",
1303  circ_len, circ->global_identifier,
1304  TO_CIRCUIT(circ)->purpose);
1305 
1306  hop->ccontrol = congestion_control_new(&params, CC_PATH_SBWS);
1307  }
1308  }
1309  }
1310 
1311  hop->state = CPATH_STATE_OPEN;
1312  log_info(LD_CIRC,"Finished building circuit hop:");
1314  circuit_event_status(circ, CIRC_EVENT_EXTENDED, 0);
1315 
1316  return 0;
1317 }
1318 
1319 /** We received a relay truncated cell on circ.
1320  *
1321  * Since we don't send truncates currently, getting a truncated
1322  * means that a connection broke or an extend failed. For now,
1323  * just give up: force circ to close, and return 0.
1324  */
1325 int
1327 {
1328 // crypt_path_t *victim;
1329 // connection_t *stream;
1330 
1331  tor_assert(circ);
1332 
1333  /* XXX Since we don't send truncates currently, getting a truncated
1334  * means that a connection broke or an extend failed. For now,
1335  * just give up.
1336  */
1337  circuit_mark_for_close(TO_CIRCUIT(circ),
1339  return 0;
1340 
1341 #if 0
1342  while (layer->next != circ->cpath) {
1343  /* we need to clear out layer->next */
1344  victim = layer->next;
1345  log_debug(LD_CIRC, "Killing a layer of the cpath.");
1346 
1347  for (stream = circ->p_streams; stream; stream=stream->next_stream) {
1348  if (stream->cpath_layer == victim) {
1349  log_info(LD_APP, "Marking stream %d for close because of truncate.",
1350  stream->stream_id);
1351  /* no need to send 'end' relay cells,
1352  * because the other side's already dead
1353  */
1354  connection_mark_unattached_ap(stream, END_STREAM_REASON_DESTROY);
1355  }
1356  }
1357 
1358  layer->next = victim->next;
1359  cpath_free(victim);
1360  }
1361 
1362  log_info(LD_CIRC, "finished");
1363  return 0;
1364 #endif /* 0 */
1365 }
1366 
1367 /** Helper for new_route_len(). Choose a circuit length for purpose
1368  * <b>purpose</b>: DEFAULT_ROUTE_LEN (+ 1 if someone else chose the
1369  * exit). If someone else chose the exit, they could be colluding
1370  * with the exit, so add a randomly selected node to preserve
1371  * anonymity.
1372  *
1373  * Here, "exit node" sometimes means an OR acting as an internal
1374  * endpoint, rather than as a relay to an external endpoint. This
1375  * means there need to be at least DEFAULT_ROUTE_LEN routers between
1376  * us and the internal endpoint to preserve the same anonymity
1377  * properties that we would get when connecting to an external
1378  * endpoint. These internal endpoints can include:
1379  *
1380  * - Connections to a directory of hidden services
1381  * (CIRCUIT_PURPOSE_C_GENERAL)
1382  *
1383  * - A client connecting to an introduction point, which the hidden
1384  * service picked (CIRCUIT_PURPOSE_C_INTRODUCING, via
1385  * circuit_get_open_circ_or_launch() which rewrites it from
1386  * CIRCUIT_PURPOSE_C_INTRODUCE_ACK_WAIT)
1387  *
1388  * - A hidden service connecting to a rendezvous point, which the
1389  * client picked (CIRCUIT_PURPOSE_S_CONNECT_REND.
1390  *
1391  * There are currently two situations where we picked the exit node
1392  * ourselves, making DEFAULT_ROUTE_LEN a safe circuit length:
1393  *
1394  * - We are a hidden service connecting to an introduction point
1395  * (CIRCUIT_PURPOSE_S_ESTABLISH_INTRO).
1396  *
1397  * - We are a router testing its own reachabiity
1398  * (CIRCUIT_PURPOSE_TESTING, via router_do_reachability_checks())
1399  *
1400  * onion_pick_cpath_exit() bypasses us (by not calling
1401  * new_route_len()) in the one-hop tunnel case, so we don't need to
1402  * handle that.
1403  */
1404 int
1405 route_len_for_purpose(uint8_t purpose, extend_info_t *exit_ei)
1406 {
1407  int routelen = DEFAULT_ROUTE_LEN;
1408  int known_purpose = 0;
1409 
1410  /* If we're using L3 vanguards, we need longer paths for onion services */
1411  if (circuit_purpose_is_hidden_service(purpose) &&
1412  get_options()->HSLayer3Nodes) {
1413  /* Clients want an extra hop for rends to avoid linkability.
1414  * Services want it for intro points to avoid publishing their
1415  * layer3 guards. They want it for hsdir posts to use
1416  * their full layer3 guard set for those connections.
1417  * Ex: C - G - L2 - L3 - R
1418  * S - G - L2 - L3 - HSDIR
1419  * S - G - L2 - L3 - I
1420  */
1421  if (purpose == CIRCUIT_PURPOSE_C_ESTABLISH_REND ||
1422  purpose == CIRCUIT_PURPOSE_S_HSDIR_POST ||
1423  purpose == CIRCUIT_PURPOSE_HS_VANGUARDS ||
1425  return routelen+1;
1426 
1427  /* For connections to hsdirs, clients want two extra hops
1428  * when using layer3 guards, to avoid linkability.
1429  * Same goes for intro points. Note that the route len
1430  * includes the intro point or hsdir, hence the +2.
1431  * Ex: C - G - L2 - L3 - M - I
1432  * C - G - L2 - L3 - M - HSDIR
1433  * S - G - L2 - L3 - M - R
1434  */
1435  if (purpose == CIRCUIT_PURPOSE_S_CONNECT_REND ||
1436  purpose == CIRCUIT_PURPOSE_C_HSDIR_GET ||
1437  purpose == CIRCUIT_PURPOSE_C_INTRODUCING)
1438  return routelen+2;
1439  }
1440 
1441  if (!exit_ei)
1442  return routelen;
1443 
1444  switch (purpose) {
1445  /* These purposes connect to a router that we chose, so DEFAULT_ROUTE_LEN
1446  * is safe: */
1448  /* router reachability testing */
1449  known_purpose = 1;
1450  break;
1451 
1452  /* These purposes connect to a router that someone else
1453  * might have chosen, so add an extra hop to protect anonymity. */
1457  /* connecting to hidden service directory */
1459  /* client connecting to introduction point */
1461  /* hidden service connecting to rendezvous point */
1463  /* hidden service connecting to intro point. In this case we want an extra
1464  hop to avoid linkability attacks by the introduction point. */
1465  known_purpose = 1;
1466  routelen++;
1467  break;
1468 
1469  default:
1470  /* Got a purpose not listed above along with a chosen exit.
1471  * Increase the circuit length by one anyway for safety. */
1472  routelen++;
1473  break;
1474  }
1475 
1476  if (BUG(exit_ei && !known_purpose)) {
1477  log_warn(LD_BUG, "Unhandled purpose %d with a chosen exit; "
1478  "assuming routelen %d.", purpose, routelen);
1479  }
1480  return routelen;
1481 }
1482 
1483 /** Choose a length for a circuit of purpose <b>purpose</b> and check
1484  * if enough routers are available.
1485  *
1486  * If the routerlist <b>nodes</b> doesn't have enough routers
1487  * to handle the desired path length, return -1.
1488  */
1489 STATIC int
1490 new_route_len(uint8_t purpose, extend_info_t *exit_ei,
1491  const smartlist_t *nodes)
1492 {
1493  int routelen;
1494 
1495  tor_assert(nodes);
1496 
1497  routelen = route_len_for_purpose(purpose, exit_ei);
1498 
1499  int num_acceptable_direct = count_acceptable_nodes(nodes, 1);
1500  int num_acceptable_indirect = count_acceptable_nodes(nodes, 0);
1501 
1502  log_debug(LD_CIRC,"Chosen route length %d (%d direct and %d indirect "
1503  "routers suitable).", routelen, num_acceptable_direct,
1504  num_acceptable_indirect);
1505 
1506  if (num_acceptable_direct < 1 || num_acceptable_indirect < routelen - 1) {
1507  log_info(LD_CIRC,
1508  "Not enough acceptable routers (%d/%d direct and %d/%d "
1509  "indirect routers suitable). Discarding this circuit.",
1510  num_acceptable_direct, routelen,
1511  num_acceptable_indirect, routelen);
1512  return -1;
1513  }
1514 
1515  return routelen;
1516 }
1517 
1518 /** Return a newly allocated list of uint16_t * for each predicted port not
1519  * handled by a current circuit. */
1520 static smartlist_t *
1522 {
1525  return dest;
1526 }
1527 
1528 /** Return 1 if we already have circuits present or on the way for
1529  * all anticipated ports. Return 0 if we should make more.
1530  *
1531  * If we're returning 0, set need_uptime and need_capacity to
1532  * indicate any requirements that the unhandled ports have.
1533  */
1534 MOCK_IMPL(int,
1535 circuit_all_predicted_ports_handled, (time_t now, int *need_uptime,
1536  int *need_capacity))
1537 {
1538  int i, enough;
1539  uint16_t *port;
1541  smartlist_t *LongLivedServices = get_options()->LongLivedPorts;
1542  tor_assert(need_uptime);
1543  tor_assert(need_capacity);
1544  // Always predict need_capacity
1545  *need_capacity = 1;
1546  enough = (smartlist_len(sl) == 0);
1547  for (i = 0; i < smartlist_len(sl); ++i) {
1548  port = smartlist_get(sl, i);
1549  if (smartlist_contains_int_as_string(LongLivedServices, *port))
1550  *need_uptime = 1;
1551  tor_free(port);
1552  }
1553  smartlist_free(sl);
1554  return enough;
1555 }
1556 
1557 /** Return 1 if <b>node</b> can handle one or more of the ports in
1558  * <b>needed_ports</b>, else return 0.
1559  */
1560 static int
1561 node_handles_some_port(const node_t *node, smartlist_t *needed_ports)
1562 { /* XXXX MOVE */
1563  int i;
1564  uint16_t port;
1565 
1566  for (i = 0; i < smartlist_len(needed_ports); ++i) {
1568  /* alignment issues aren't a worry for this dereference, since
1569  needed_ports is explicitly a smartlist of uint16_t's */
1570  port = *(uint16_t *)smartlist_get(needed_ports, i);
1571  tor_assert(port);
1572  if (node)
1573  r = compare_tor_addr_to_node_policy(NULL, port, node);
1574  else
1575  continue;
1577  return 1;
1578  }
1579  return 0;
1580 }
1581 
1582 /** Return true iff <b>conn</b> needs another general circuit to be
1583  * built. */
1584 static int
1586 {
1587  entry_connection_t *entry;
1588  if (conn->type != CONN_TYPE_AP)
1589  return 0;
1590  entry = TO_ENTRY_CONN(conn);
1591 
1592  if (conn->state == AP_CONN_STATE_CIRCUIT_WAIT &&
1593  !conn->marked_for_close &&
1594  !(entry->want_onehop) && /* ignore one-hop streams */
1595  !(entry->use_begindir) && /* ignore targeted dir fetches */
1596  !(entry->chosen_exit_name) && /* ignore defined streams */
1600  return 1;
1601  return 0;
1602 }
1603 
1604 /** Return a pointer to a suitable router to be the exit node for the
1605  * general-purpose circuit we're about to build.
1606  *
1607  * Look through the connection array, and choose a router that maximizes
1608  * the number of pending streams that can exit from this router.
1609  *
1610  * Return NULL if we can't find any suitable routers.
1611  */
1612 static const node_t *
1614 {
1615  int *n_supported;
1616  int n_pending_connections = 0;
1617  smartlist_t *connections;
1618  int best_support = -1;
1619  int n_best_support=0;
1620  const or_options_t *options = get_options();
1621  const smartlist_t *the_nodes;
1622  const node_t *selected_node=NULL;
1623  const int need_uptime = (flags & CRN_NEED_UPTIME) != 0;
1624  const int need_capacity = (flags & CRN_NEED_CAPACITY) != 0;
1625 
1626  /* We should not require guard flags on exits. */
1627  IF_BUG_ONCE(flags & CRN_NEED_GUARD)
1628  return NULL;
1629 
1630  /* We reject single-hop exits for all node positions. */
1631  IF_BUG_ONCE(flags & CRN_DIRECT_CONN)
1632  return NULL;
1633 
1634  /* This isn't the function for picking rendezvous nodes. */
1635  IF_BUG_ONCE(flags & CRN_RENDEZVOUS_V3)
1636  return NULL;
1637 
1638  /* We only want exits to extend if we cannibalize the circuit.
1639  * But we don't require IPv6 extends yet. */
1640  IF_BUG_ONCE(flags & CRN_INITIATE_IPV6_EXTEND)
1641  return NULL;
1642 
1643  connections = get_connection_array();
1644 
1645  /* Count how many connections are waiting for a circuit to be built.
1646  * We use this for log messages now, but in the future we may depend on it.
1647  */
1648  SMARTLIST_FOREACH(connections, connection_t *, conn,
1649  {
1651  ++n_pending_connections;
1652  });
1653 // log_fn(LOG_DEBUG, "Choosing exit node; %d connections are pending",
1654 // n_pending_connections);
1655  /* Now we count, for each of the routers in the directory, how many
1656  * of the pending connections could possibly exit from that
1657  * router (n_supported[i]). (We can't be sure about cases where we
1658  * don't know the IP address of the pending connection.)
1659  *
1660  * -1 means "Don't use this router at all."
1661  */
1662  the_nodes = nodelist_get_list();
1663  n_supported = tor_calloc(smartlist_len(the_nodes), sizeof(int));
1664  SMARTLIST_FOREACH_BEGIN(the_nodes, const node_t *, node) {
1665  const int i = node_sl_idx;
1666  if (router_digest_is_me(node->identity)) {
1667  n_supported[i] = -1;
1668 // log_fn(LOG_DEBUG,"Skipping node %s -- it's me.", router->nickname);
1669  /* XXX there's probably a reverse predecessor attack here, but
1670  * it's slow. should we take this out? -RD
1671  */
1672  continue;
1673  }
1674  if (!router_can_choose_node(node, flags)) {
1675  n_supported[i] = -1;
1676  continue;
1677  }
1678  if (node->is_bad_exit) {
1679  n_supported[i] = -1;
1680  continue; /* skip routers that are known to be down or bad exits */
1681  }
1682  if (routerset_contains_node(options->ExcludeExitNodesUnion_, node)) {
1683  n_supported[i] = -1;
1684  continue; /* user asked us not to use it, no matter what */
1685  }
1686  if (options->ExitNodes &&
1687  !routerset_contains_node(options->ExitNodes, node)) {
1688  n_supported[i] = -1;
1689  continue; /* not one of our chosen exit nodes */
1690  }
1691  if (node_exit_policy_rejects_all(node)) {
1692  n_supported[i] = -1;
1693 // log_fn(LOG_DEBUG,"Skipping node %s (index %d) -- it rejects all.",
1694 // router->nickname, i);
1695  continue; /* skip routers that reject all */
1696  }
1697  n_supported[i] = 0;
1698  /* iterate over connections */
1699  SMARTLIST_FOREACH_BEGIN(connections, connection_t *, conn) {
1700  if (!ap_stream_wants_exit_attention(conn))
1701  continue; /* Skip everything but APs in CIRCUIT_WAIT */
1702  if (connection_ap_can_use_exit(TO_ENTRY_CONN(conn), node)) {
1703  ++n_supported[i];
1704 // log_fn(LOG_DEBUG,"%s is supported. n_supported[%d] now %d.",
1705 // router->nickname, i, n_supported[i]);
1706  } else {
1707 // log_fn(LOG_DEBUG,"%s (index %d) would reject this stream.",
1708 // router->nickname, i);
1709  }
1710  } SMARTLIST_FOREACH_END(conn);
1711  if (n_pending_connections > 0 && n_supported[i] == 0) {
1712  /* Leave best_support at -1 if that's where it is, so we can
1713  * distinguish it later. */
1714  continue;
1715  }
1716  if (n_supported[i] > best_support) {
1717  /* If this router is better than previous ones, remember its index
1718  * and goodness, and start counting how many routers are this good. */
1719  best_support = n_supported[i]; n_best_support=1;
1720 // log_fn(LOG_DEBUG,"%s is new best supported option so far.",
1721 // router->nickname);
1722  } else if (n_supported[i] == best_support) {
1723  /* If this router is _as good_ as the best one, just increment the
1724  * count of equally good routers.*/
1725  ++n_best_support;
1726  }
1727  } SMARTLIST_FOREACH_END(node);
1728  log_info(LD_CIRC,
1729  "Found %d servers that might support %d/%d pending connections.",
1730  n_best_support, best_support >= 0 ? best_support : 0,
1731  n_pending_connections);
1732 
1733  /* If any routers definitely support any pending connections, choose one
1734  * at random. */
1735  if (best_support > 0) {
1736  smartlist_t *supporting = smartlist_new();
1737 
1738  SMARTLIST_FOREACH(the_nodes, const node_t *, node, {
1739  if (n_supported[node_sl_idx] == best_support)
1740  smartlist_add(supporting, (void*)node);
1741  });
1742 
1743  selected_node = node_sl_choose_by_bandwidth(supporting, WEIGHT_FOR_EXIT);
1744  smartlist_free(supporting);
1745  } else {
1746  /* Either there are no pending connections, or no routers even seem to
1747  * possibly support any of them. Choose a router at random that satisfies
1748  * at least one predicted exit port. */
1749 
1750  int attempt;
1751  smartlist_t *needed_ports, *supporting;
1752 
1753  if (best_support == -1) {
1754  if (need_uptime || need_capacity) {
1755  log_info(LD_CIRC,
1756  "We couldn't find any live%s%s routers; falling back "
1757  "to list of all routers.",
1758  need_capacity?", fast":"",
1759  need_uptime?", stable":"");
1760  tor_free(n_supported);
1761  flags &= ~(CRN_NEED_UPTIME|CRN_NEED_CAPACITY);
1762  return choose_good_exit_server_general(flags);
1763  }
1764  log_notice(LD_CIRC, "All routers are down or won't exit%s -- "
1765  "choosing a doomed exit at random.",
1766  options->ExcludeExitNodesUnion_ ? " or are Excluded" : "");
1767  }
1768  supporting = smartlist_new();
1769  needed_ports = circuit_get_unhandled_ports(time(NULL));
1770  for (attempt = 0; attempt < 2; attempt++) {
1771  /* try once to pick only from routers that satisfy a needed port,
1772  * then if there are none, pick from any that support exiting. */
1773  SMARTLIST_FOREACH_BEGIN(the_nodes, const node_t *, node) {
1774  if (n_supported[node_sl_idx] != -1 &&
1775  (attempt || node_handles_some_port(node, needed_ports))) {
1776 // log_fn(LOG_DEBUG,"Try %d: '%s' is a possibility.",
1777 // try, router->nickname);
1778  smartlist_add(supporting, (void*)node);
1779  }
1780  } SMARTLIST_FOREACH_END(node);
1781 
1782  selected_node = node_sl_choose_by_bandwidth(supporting, WEIGHT_FOR_EXIT);
1783  if (selected_node)
1784  break;
1785  smartlist_clear(supporting);
1786  /* If we reach this point, we can't actually support any unhandled
1787  * predicted ports, so clear all the remaining ones. */
1788  if (smartlist_len(needed_ports))
1789  rep_hist_remove_predicted_ports(needed_ports);
1790  }
1791  SMARTLIST_FOREACH(needed_ports, uint16_t *, cp, tor_free(cp));
1792  smartlist_free(needed_ports);
1793  smartlist_free(supporting);
1794  }
1795 
1796  tor_free(n_supported);
1797  if (selected_node) {
1798  log_info(LD_CIRC, "Chose exit server '%s'", node_describe(selected_node));
1799  return selected_node;
1800  }
1801  if (options->ExitNodes) {
1802  log_warn(LD_CIRC,
1803  "No exits in ExitNodes%s seem to be running: "
1804  "can't choose an exit.",
1805  options->ExcludeExitNodesUnion_ ?
1806  ", except possibly those excluded by your configuration, " : "");
1807  }
1808  return NULL;
1809 }
1810 
1811 /* Pick a Rendezvous Point for our HS circuits according to <b>flags</b>. */
1812 static const node_t *
1813 pick_rendezvous_node(router_crn_flags_t flags)
1814 {
1815  const or_options_t *options = get_options();
1816  return router_choose_random_node(NULL, options->ExcludeNodes, flags);
1817 }
1818 
1819 /*
1820  * Helper function to pick a configured restricted middle node
1821  * (either HSLayer2Nodes or HSLayer3Nodes).
1822  *
1823  * Make sure that the node we chose is alive, and not excluded,
1824  * and return it.
1825  *
1826  * The exclude_set is a routerset of nodes that the selected node
1827  * must not match, and the exclude_list is a simple list of nodes
1828  * that the selected node must not be in. Either or both may be
1829  * NULL.
1830  *
1831  * Return NULL if no usable nodes could be found. */
1832 static const node_t *
1834  const routerset_t *pick_from,
1835  const routerset_t *exclude_set,
1836  const smartlist_t *exclude_list,
1837  int position_hint)
1838 {
1839  const node_t *middle_node = NULL;
1840 
1841  smartlist_t *allowlisted_live_middles = smartlist_new();
1842  smartlist_t *all_live_nodes = smartlist_new();
1843 
1844  tor_assert(pick_from);
1845 
1846  /* Add all running nodes to all_live_nodes */
1847  router_add_running_nodes_to_smartlist(all_live_nodes, flags);
1848 
1849  /* Filter all_live_nodes to only add live *and* allowlisted middles
1850  * to the list allowlisted_live_middles. */
1851  SMARTLIST_FOREACH_BEGIN(all_live_nodes, node_t *, live_node) {
1852  if (routerset_contains_node(pick_from, live_node)) {
1853  smartlist_add(allowlisted_live_middles, live_node);
1854  }
1855  } SMARTLIST_FOREACH_END(live_node);
1856 
1857  /* Honor ExcludeNodes */
1858  if (exclude_set) {
1859  routerset_subtract_nodes(allowlisted_live_middles, exclude_set);
1860  }
1861 
1862  if (exclude_list) {
1863  smartlist_subtract(allowlisted_live_middles, exclude_list);
1864  }
1865 
1866  /**
1867  * Max number of restricted nodes before we alert the user and try
1868  * to load balance for them.
1869  *
1870  * The most aggressive vanguard design had 16 nodes at layer3.
1871  * Let's give a small ceiling above that. */
1872 #define MAX_SANE_RESTRICTED_NODES 20
1873  /* If the user (or associated tor controller) selected only a few nodes,
1874  * assume they took load balancing into account and don't do it for them.
1875  *
1876  * If there are a lot of nodes in here, assume they did not load balance
1877  * and do it for them, but also warn them that they may be Doing It Wrong.
1878  */
1879  if (smartlist_len(allowlisted_live_middles) <=
1880  MAX_SANE_RESTRICTED_NODES) {
1881  middle_node = smartlist_choose(allowlisted_live_middles);
1882  } else {
1883  static ratelim_t pinned_notice_limit = RATELIM_INIT(24*3600);
1884  log_fn_ratelim(&pinned_notice_limit, LOG_NOTICE, LD_CIRC,
1885  "Your _HSLayer%dNodes setting has resulted "
1886  "in %d total nodes. This is a lot of nodes. "
1887  "You may want to consider using a Tor controller "
1888  "to select and update a smaller set of nodes instead.",
1889  position_hint, smartlist_len(allowlisted_live_middles));
1890 
1891  /* NO_WEIGHTING here just means don't take node flags into account
1892  * (ie: use consensus measurement only). This is done so that
1893  * we don't further surprise the user by not using Exits that they
1894  * specified at all */
1895  middle_node = node_sl_choose_by_bandwidth(allowlisted_live_middles,
1896  NO_WEIGHTING);
1897  }
1898 
1899  smartlist_free(allowlisted_live_middles);
1900  smartlist_free(all_live_nodes);
1901 
1902  return middle_node;
1903 }
1904 
1905 /** Return a pointer to a suitable router to be the exit node for the
1906  * circuit of purpose <b>purpose</b> that we're about to build (or NULL
1907  * if no router is suitable).
1908  *
1909  * For general-purpose circuits, pass it off to
1910  * choose_good_exit_server_general()
1911  *
1912  * For client-side rendezvous circuits, choose a random node, weighted
1913  * toward the preferences in 'options'.
1914  */
1915 static const node_t *
1917  router_crn_flags_t flags, int is_internal)
1918 {
1919  const or_options_t *options = get_options();
1920  flags |= CRN_NEED_DESC;
1921 
1922  switch (TO_CIRCUIT(circ)->purpose) {
1926  /* For these three, we want to pick the exit like a middle hop,
1927  * since it should be random. */
1928  tor_assert_nonfatal(is_internal);
1929  FALLTHROUGH;
1931  if (is_internal) /* pick it like a middle hop */
1932  return router_choose_random_node(NULL, options->ExcludeNodes, flags);
1933  else
1934  return choose_good_exit_server_general(flags);
1936  {
1937  /* Pick a new RP */
1938  const node_t *rendezvous_node = pick_rendezvous_node(flags);
1939  log_info(LD_REND, "Picked new RP: %s",
1940  safe_str_client(node_describe(rendezvous_node)));
1941  return rendezvous_node;
1942  }
1943  }
1944  log_warn(LD_BUG,"Unhandled purpose %d", TO_CIRCUIT(circ)->purpose);
1946  return NULL;
1947 }
1948 
1949 /** Log a warning if the user specified an exit for the circuit that
1950  * has been excluded from use by ExcludeNodes or ExcludeExitNodes. */
1951 static void
1953  const extend_info_t *exit_ei)
1954 {
1955  const or_options_t *options = get_options();
1956  routerset_t *rs = options->ExcludeNodes;
1957  const char *description;
1958  uint8_t purpose = circ->base_.purpose;
1959 
1960  if (circ->build_state->onehop_tunnel)
1961  return;
1962 
1963  switch (purpose)
1964  {
1965  default:
1966  case CIRCUIT_PURPOSE_OR:
1970  log_warn(LD_BUG, "Called on non-origin circuit (purpose %d, %s)",
1971  (int)purpose,
1972  circuit_purpose_to_string(purpose));
1973  return;
1977  if (circ->build_state->is_internal)
1978  return;
1979  description = "requested exit node";
1980  rs = options->ExcludeExitNodesUnion_;
1981  break;
1989  return;
1994  description = "chosen rendezvous point";
1995  break;
1997  rs = options->ExcludeExitNodesUnion_;
1998  description = "controller-selected circuit target";
1999  break;
2000  }
2001 
2002  if (routerset_contains_extendinfo(rs, exit_ei)) {
2003  /* We should never get here if StrictNodes is set to 1. */
2004  if (options->StrictNodes) {
2005  log_warn(LD_BUG, "Using %s '%s' which is listed in ExcludeNodes%s, "
2006  "even though StrictNodes is set. Please report. "
2007  "(Circuit purpose: %s)",
2008  description, extend_info_describe(exit_ei),
2009  rs==options->ExcludeNodes?"":" or ExcludeExitNodes",
2010  circuit_purpose_to_string(purpose));
2011  } else {
2012  log_warn(LD_CIRC, "Using %s '%s' which is listed in "
2013  "ExcludeNodes%s, because no better options were available. To "
2014  "prevent this (and possibly break your Tor functionality), "
2015  "set the StrictNodes configuration option. "
2016  "(Circuit purpose: %s)",
2017  description, extend_info_describe(exit_ei),
2018  rs==options->ExcludeNodes?"":" or ExcludeExitNodes",
2019  circuit_purpose_to_string(purpose));
2020  }
2022  }
2023 
2024  return;
2025 }
2026 
2027 /* Return a set of generic CRN_* flags based on <b>state</b>.
2028  *
2029  * Called for every position in the circuit. */
2030 STATIC int
2031 cpath_build_state_to_crn_flags(const cpath_build_state_t *state)
2032 {
2033  router_crn_flags_t flags = 0;
2034  /* These flags apply to entry, middle, and exit nodes.
2035  * If a flag only applies to a specific position, it should be checked in
2036  * that function. */
2037  if (state->need_uptime)
2038  flags |= CRN_NEED_UPTIME;
2039  if (state->need_capacity)
2040  flags |= CRN_NEED_CAPACITY;
2041  return flags;
2042 }
2043 
2044 /* Return the CRN_INITIATE_IPV6_EXTEND flag, based on <b>state</b> and
2045  * <b>cur_len</b>.
2046  *
2047  * Only called for middle nodes (for now). Must not be called on single-hop
2048  * circuits. */
2049 STATIC int
2050 cpath_build_state_to_crn_ipv6_extend_flag(const cpath_build_state_t *state,
2051  int cur_len)
2052 {
2053  IF_BUG_ONCE(state->desired_path_len < 2)
2054  return 0;
2055 
2056  /* The last node is the relay doing the self-test. So we want to extend over
2057  * IPv6 from the second-last node. */
2058  if (state->is_ipv6_selftest && cur_len == state->desired_path_len - 2)
2059  return CRN_INITIATE_IPV6_EXTEND;
2060  else
2061  return 0;
2062 }
2063 
2064 /** Decide a suitable length for circ's cpath, and pick an exit
2065  * router (or use <b>exit_ei</b> if provided). Store these in the
2066  * cpath.
2067  *
2068  * If <b>is_hs_v3_rp_circuit</b> is set, then this exit should be suitable to
2069  * be used as an HS v3 rendezvous point.
2070  *
2071  * Return 0 if ok, -1 if circuit should be closed. */
2072 STATIC int
2074  int is_hs_v3_rp_circuit)
2075 {
2076  cpath_build_state_t *state = circ->build_state;
2077 
2078  if (state->onehop_tunnel) {
2079  log_debug(LD_CIRC, "Launching a one-hop circuit for dir tunnel%s.",
2080  (hs_service_allow_non_anonymous_connection(get_options()) ?
2081  ", or intro or rendezvous connection" : ""));
2082  state->desired_path_len = 1;
2083  } else {
2084  int r = new_route_len(circ->base_.purpose, exit_ei, nodelist_get_list());
2085  if (r < 1) /* must be at least 1 */
2086  return -1;
2087  state->desired_path_len = r;
2088  }
2089 
2090  if (exit_ei) { /* the circuit-builder pre-requested one */
2091  warn_if_last_router_excluded(circ, exit_ei);
2092  log_info(LD_CIRC,"Using requested exit node '%s'",
2093  extend_info_describe(exit_ei));
2094  exit_ei = extend_info_dup(exit_ei);
2095  } else { /* we have to decide one */
2096  router_crn_flags_t flags = CRN_NEED_DESC;
2097  flags |= cpath_build_state_to_crn_flags(state);
2098  /* Some internal exits are one hop, for example directory connections.
2099  * (Guards are always direct, middles are never direct.) */
2100  if (state->onehop_tunnel)
2101  flags |= CRN_DIRECT_CONN;
2102  if (is_hs_v3_rp_circuit)
2103  flags |= CRN_RENDEZVOUS_V3;
2104  const node_t *node =
2105  choose_good_exit_server(circ, flags, state->is_internal);
2106  if (!node) {
2107  log_warn(LD_CIRC,"Failed to choose an exit server");
2108  return -1;
2109  }
2110  exit_ei = extend_info_from_node(node, state->onehop_tunnel,
2111  /* for_exit_use */
2112  !state->is_internal && TO_CIRCUIT(circ)->purpose ==
2114  if (BUG(exit_ei == NULL))
2115  return -1;
2116  }
2117  state->chosen_exit = exit_ei;
2118  return 0;
2119 }
2120 
2121 /** Give <b>circ</b> a new exit destination to <b>exit_ei</b>, and add a
2122  * hop to the cpath reflecting this. Don't send the next extend cell --
2123  * the caller will do this if it wants to.
2124  */
2125 int
2127 {
2128  cpath_build_state_t *state;
2129  tor_assert(exit_ei);
2130  tor_assert(circ);
2131 
2132  state = circ->build_state;
2133  tor_assert(state);
2134  extend_info_free(state->chosen_exit);
2135  state->chosen_exit = extend_info_dup(exit_ei);
2136 
2137  ++circ->build_state->desired_path_len;
2138  cpath_append_hop(&circ->cpath, exit_ei);
2139  return 0;
2140 }
2141 
2142 /** Take an open <b>circ</b>, and add a new hop at the end, based on
2143  * <b>info</b>. Set its state back to CIRCUIT_STATE_BUILDING, and then
2144  * send the next extend cell to begin connecting to that hop.
2145  */
2146 int
2148 {
2149  int err_reason = 0;
2150  warn_if_last_router_excluded(circ, exit_ei);
2151 
2152  tor_gettimeofday(&circ->base_.timestamp_began);
2153 
2154  circuit_append_new_exit(circ, exit_ei);
2156  if ((err_reason = circuit_send_next_onion_skin(circ))<0) {
2157  log_warn(LD_CIRC, "Couldn't extend circuit to new point %s.",
2158  extend_info_describe(exit_ei));
2159  circuit_mark_for_close(TO_CIRCUIT(circ), -err_reason);
2160  return -1;
2161  }
2162 
2163  return 0;
2164 }
2165 
2166 /** Return the number of routers in <b>nodes</b> that are currently up and
2167  * available for building circuits through.
2168  *
2169  * If <b>direct</b> is true, only count nodes that are suitable for direct
2170  * connections. Counts nodes regardless of whether their addresses are
2171  * preferred.
2172  */
2173 MOCK_IMPL(STATIC int,
2174 count_acceptable_nodes, (const smartlist_t *nodes, int direct))
2175 {
2176  int num=0;
2177  int flags = CRN_NEED_DESC;
2178 
2179  if (direct)
2180  flags |= CRN_DIRECT_CONN;
2181 
2182  SMARTLIST_FOREACH_BEGIN(nodes, const node_t *, node) {
2183  // log_debug(LD_CIRC,
2184  // "Contemplating whether router %d (%s) is a new option.",
2185  // i, r->nickname);
2186  if (!router_can_choose_node(node, flags))
2187  continue;
2188  ++num;
2189  } SMARTLIST_FOREACH_END(node);
2190 
2191 // log_debug(LD_CIRC,"I like %d. num_acceptable_routers now %d.",i, num);
2192 
2193  return num;
2194 }
2195 
2196 /**
2197  * Build the exclude list for vanguard circuits.
2198  *
2199  * For vanguard circuits we exclude all the already chosen nodes (including the
2200  * exit) from being middle hops to prevent the creation of A - B - A subpaths.
2201  * We also allow the 4th hop to be the same as the guard node so as to not leak
2202  * guard information to RP/IP/HSDirs.
2203  *
2204  * For vanguard circuits, we don't apply any subnet or family restrictions.
2205  * This is to avoid impossible-to-build circuit paths, or just situations where
2206  * our earlier guards prevent us from using most of our later ones.
2207  *
2208  * The alternative is building the circuit in reverse. Reverse calls to
2209  * onion_extend_cpath() (ie: select outer hops first) would then have the
2210  * property that you don't gain information about inner hops by observing
2211  * outer ones. See https://bugs.torproject.org/tpo/core/tor/24487
2212  * for this.
2213  *
2214  * (Note further that we still exclude the exit to prevent A - B - A
2215  * at the end of the path. */
2216 static smartlist_t *
2218  cpath_build_state_t *state,
2219  crypt_path_t *head,
2220  int cur_len)
2221 {
2222  smartlist_t *excluded;
2223  const node_t *r;
2224  crypt_path_t *cpath;
2225  int i;
2226 
2227  (void) purpose;
2228 
2229  excluded = smartlist_new();
2230 
2231  /* Add the exit to the exclude list (note that the exit/last hop is always
2232  * chosen first in circuit_establish_circuit()). */
2233  if ((r = build_state_get_exit_node(state))) {
2234  smartlist_add(excluded, (node_t*)r);
2235  }
2236 
2237  /* If we are picking the 4th hop, allow that node to be the guard too.
2238  * This prevents us from avoiding the Guard for those hops, which
2239  * gives the adversary information about our guard if they control
2240  * the RP, IP, or HSDIR. We don't do this check based on purpose
2241  * because we also want to allow HS_VANGUARDS pre-build circuits
2242  * to use the guard for that last hop.
2243  */
2244  if (cur_len == DEFAULT_ROUTE_LEN+1) {
2245  /* Skip the first hop for the exclude list below */
2246  head = head->next;
2247  cur_len--;
2248  }
2249 
2250  for (i = 0, cpath = head; cpath && i < cur_len; ++i, cpath=cpath->next) {
2251  if ((r = node_get_by_id(cpath->extend_info->identity_digest))) {
2252  smartlist_add(excluded, (node_t*)r);
2253  }
2254  }
2255 
2256  return excluded;
2257 }
2258 
2259 /**
2260  * Build a list of nodes to exclude from the choice of this middle
2261  * hop, based on already chosen nodes.
2262  */
2263 static smartlist_t *
2265  cpath_build_state_t *state,
2266  crypt_path_t *head,
2267  int cur_len)
2268 {
2269  smartlist_t *excluded;
2270  const node_t *r;
2271  crypt_path_t *cpath;
2272  int i;
2273 
2274  /** Vanguard circuits have their own path selection rules */
2275  if (circuit_should_use_vanguards(purpose)) {
2276  return build_vanguard_middle_exclude_list(purpose, state, head, cur_len);
2277  }
2278 
2279  excluded = smartlist_new();
2280 
2281  /* For non-vanguard circuits, add the exit and its family to the exclude list
2282  * (note that the exit/last hop is always chosen first in
2283  * circuit_establish_circuit()). */
2284  if ((r = build_state_get_exit_node(state))) {
2285  nodelist_add_node_and_family(excluded, r);
2286  }
2287 
2288  /* also exclude all other already chosen nodes and their family */
2289  for (i = 0, cpath = head; cpath && i < cur_len; ++i, cpath=cpath->next) {
2290  if ((r = node_get_by_id(cpath->extend_info->identity_digest))) {
2291  nodelist_add_node_and_family(excluded, r);
2292  }
2293  }
2294 
2295  return excluded;
2296 }
2297 
2298 /** Return true if we MUST use vanguards for picking this middle node. */
2299 static int
2301  uint8_t purpose, int cur_len)
2302 {
2303  /* If this is not a hidden service circuit, don't use vanguards */
2304  if (!circuit_purpose_is_hidden_service(purpose)) {
2305  return 0;
2306  }
2307 
2308  /* Don't even bother if the feature is disabled */
2309  if (!vanguards_lite_is_enabled()) {
2310  return 0;
2311  }
2312 
2313  /* If we are a hidden service circuit, always use either vanguards-lite
2314  * or HSLayer2Nodes for 2nd hop. */
2315  if (cur_len == 1) {
2316  return 1;
2317  }
2318 
2319  /* If we have sticky L3 nodes, and this is an L3 pick, use vanguards */
2320  if (options->HSLayer3Nodes && cur_len == 2) {
2321  return 1;
2322  }
2323 
2324  return 0;
2325 }
2326 
2327 /** Pick a sticky vanguard middle node or return NULL if not found.
2328  * See doc of pick_restricted_middle_node() for argument details. */
2329 static const node_t *
2331  router_crn_flags_t flags, int cur_len,
2332  const smartlist_t *excluded)
2333 {
2334  const routerset_t *vanguard_routerset = NULL;
2335  const node_t *node = NULL;
2336 
2337  /* Pick the right routerset based on the current hop */
2338  if (cur_len == 1) {
2339  vanguard_routerset = options->HSLayer2Nodes ?
2340  options->HSLayer2Nodes : get_layer2_guards();
2341  } else if (cur_len == 2) {
2342  vanguard_routerset = options->HSLayer3Nodes;
2343  } else {
2344  /* guaranteed by middle_node_should_be_vanguard() */
2346  return NULL;
2347  }
2348 
2349  if (BUG(!vanguard_routerset)) {
2350  return NULL;
2351  }
2352 
2353  node = pick_restricted_middle_node(flags, vanguard_routerset,
2354  options->ExcludeNodes, excluded,
2355  cur_len+1);
2356 
2357  if (!node) {
2358  static ratelim_t pinned_warning_limit = RATELIM_INIT(300);
2359  log_fn_ratelim(&pinned_warning_limit, LOG_WARN, LD_CIRC,
2360  "Could not find a node that matches the configured "
2361  "_HSLayer%dNodes set", cur_len+1);
2362  }
2363 
2364  return node;
2365 }
2366 
2367 /** A helper function used by onion_extend_cpath(). Use <b>purpose</b>
2368  * and <b>state</b> and the cpath <b>head</b> (currently populated only
2369  * to length <b>cur_len</b> to decide a suitable middle hop for a
2370  * circuit. In particular, make sure we don't pick the exit node or its
2371  * family, and make sure we don't duplicate any previous nodes or their
2372  * families. */
2373 static const node_t *
2375  cpath_build_state_t *state,
2376  crypt_path_t *head,
2377  int cur_len)
2378 {
2379  const node_t *choice;
2380  smartlist_t *excluded;
2381  const or_options_t *options = get_options();
2382  router_crn_flags_t flags = CRN_NEED_DESC;
2383  tor_assert(CIRCUIT_PURPOSE_MIN_ <= purpose &&
2384  purpose <= CIRCUIT_PURPOSE_MAX_);
2385 
2386  log_debug(LD_CIRC, "Contemplating intermediate hop #%d: random choice.",
2387  cur_len+1);
2388 
2389  excluded = build_middle_exclude_list(purpose, state, head, cur_len);
2390 
2391  flags |= cpath_build_state_to_crn_flags(state);
2392  flags |= cpath_build_state_to_crn_ipv6_extend_flag(state, cur_len);
2393 
2394  /** If a hidden service circuit wants a specific middle node, pin it. */
2395  if (middle_node_must_be_vanguard(options, purpose, cur_len)) {
2396  log_debug(LD_GENERAL, "Picking a sticky node (cur_len = %d)", cur_len);
2397  choice = pick_vanguard_middle_node(options, flags, cur_len, excluded);
2398  smartlist_free(excluded);
2399  return choice;
2400  }
2401 
2402  if (options->MiddleNodes) {
2403  smartlist_t *sl = smartlist_new();
2404  routerset_get_all_nodes(sl, options->MiddleNodes,
2405  options->ExcludeNodes, 1);
2406 
2407  smartlist_subtract(sl, excluded);
2408 
2409  choice = node_sl_choose_by_bandwidth(sl, WEIGHT_FOR_MID);
2410  smartlist_free(sl);
2411  if (choice) {
2412  log_fn(LOG_INFO, LD_CIRC, "Chose fixed middle node: %s",
2413  hex_str(choice->identity, DIGEST_LEN));
2414  } else {
2415  log_fn(LOG_NOTICE, LD_CIRC, "Restricted middle not available");
2416  }
2417  } else {
2418  choice = router_choose_random_node(excluded, options->ExcludeNodes, flags);
2419  }
2420  smartlist_free(excluded);
2421  return choice;
2422 }
2423 
2424 /** Pick a good entry server for the circuit to be built according to
2425  * <b>state</b>. Don't reuse a chosen exit (if any), don't use this
2426  * router (if we're an OR), and respect firewall settings; if we're
2427  * configured to use entry guards, return one.
2428  *
2429  * Set *<b>guard_state_out</b> to information about the guard that
2430  * we're selecting, which we'll use later to remember whether the
2431  * guard worked or not.
2432  */
2433 const node_t *
2435  circuit_guard_state_t **guard_state_out)
2436 {
2437  const node_t *choice;
2438  smartlist_t *excluded;
2439  const or_options_t *options = get_options();
2440  /* If possible, choose an entry server with a preferred address,
2441  * otherwise, choose one with an allowed address */
2442  router_crn_flags_t flags = (CRN_NEED_GUARD|CRN_NEED_DESC|CRN_PREF_ADDR|
2443  CRN_DIRECT_CONN);
2444  const node_t *node;
2445 
2446  /* Once we used this function to select a node to be a guard. We had
2447  * 'state == NULL' be the signal for that. But we don't do that any more.
2448  */
2449  tor_assert_nonfatal(state);
2450 
2451  if (state && options->UseEntryGuards &&
2452  (purpose != CIRCUIT_PURPOSE_TESTING || options->BridgeRelay)) {
2453  /* This request is for an entry server to use for a regular circuit,
2454  * and we use entry guard nodes. Just return one of the guard nodes. */
2455  tor_assert(guard_state_out);
2456  return guards_choose_guard(state, purpose, guard_state_out);
2457  }
2458 
2459  excluded = smartlist_new();
2460 
2461  if (state && (node = build_state_get_exit_node(state))) {
2462  /* Exclude the exit node from the state, if we have one. Also exclude its
2463  * family. */
2464  nodelist_add_node_and_family(excluded, node);
2465  }
2466 
2467  if (state) {
2468  flags |= cpath_build_state_to_crn_flags(state);
2469  }
2470 
2471  choice = router_choose_random_node(excluded, options->ExcludeNodes, flags);
2472  smartlist_free(excluded);
2473  return choice;
2474 }
2475 
2476 /** Choose a suitable next hop for the circuit <b>circ</b>.
2477  * Append the hop info to circ->cpath.
2478  *
2479  * Return 1 if the path is complete, 0 if we successfully added a hop,
2480  * and -1 on error.
2481  */
2482 STATIC int
2484 {
2485  uint8_t purpose = circ->base_.purpose;
2486  cpath_build_state_t *state = circ->build_state;
2487  int cur_len = circuit_get_cpath_len(circ);
2488  extend_info_t *info = NULL;
2489 
2490  if (cur_len >= state->desired_path_len) {
2491  log_debug(LD_CIRC, "Path is complete: %d steps long",
2492  state->desired_path_len);
2493  return 1;
2494  }
2495 
2496  log_debug(LD_CIRC, "Path is %d long; we want %d", cur_len,
2497  state->desired_path_len);
2498 
2499  if (cur_len == state->desired_path_len - 1) { /* Picking last node */
2500  info = extend_info_dup(state->chosen_exit);
2501  } else if (cur_len == 0) { /* picking first node */
2502  const node_t *r = choose_good_entry_server(purpose, state,
2503  &circ->guard_state);
2504  if (r) {
2505  /* If we're a client, use the preferred address rather than the
2506  primary address, for potentially connecting to an IPv6 OR
2507  port. Servers always want the primary (IPv4) address. */
2508  int client = (server_mode(get_options()) == 0);
2509  info = extend_info_from_node(r, client, false);
2510  /* Clients can fail to find an allowed address */
2511  tor_assert_nonfatal(info || client);
2512  }
2513  } else {
2514  const node_t *r =
2515  choose_good_middle_server(purpose, state, circ->cpath, cur_len);
2516  if (r) {
2517  info = extend_info_from_node(r, 0, false);
2518  }
2519  }
2520 
2521  if (!info) {
2522  /* This can happen on first startup, possibly due to insufficient relays
2523  * downloaded to pick vanguards-lite layer2 nodes, or other ephemeral
2524  * reasons. It only happens briefly, is hard to reproduce, and then goes
2525  * away for ever. :/ */
2527  log_info(LD_CIRC,
2528  "Failed to find node for hop #%d of our path. Discarding "
2529  "this circuit.", cur_len+1);
2530  } else {
2531  log_notice(LD_CIRC,
2532  "Failed to find node for hop #%d of our path. Discarding "
2533  "this circuit.", cur_len+1);
2534  }
2535  return -1;
2536  }
2537 
2538  log_debug(LD_CIRC,"Chose router %s for hop #%d (exit is %s)",
2539  extend_info_describe(info),
2540  cur_len+1, build_state_get_exit_nickname(state));
2541 
2542  cpath_append_hop(&circ->cpath, info);
2543  extend_info_free(info);
2544  return 0;
2545 }
2546 
2547 /** Return the node_t for the chosen exit router in <b>state</b>.
2548  * If there is no chosen exit, or if we don't know the node_t for
2549  * the chosen exit, return NULL.
2550  */
2551 MOCK_IMPL(const node_t *,
2553 {
2554  if (!state || !state->chosen_exit)
2555  return NULL;
2556  return node_get_by_id(state->chosen_exit->identity_digest);
2557 }
2558 
2559 /** Return the RSA ID digest for the chosen exit router in <b>state</b>.
2560  * If there is no chosen exit, return NULL.
2561  */
2562 const uint8_t *
2564 {
2565  if (!state || !state->chosen_exit)
2566  return NULL;
2567  return (const uint8_t *) state->chosen_exit->identity_digest;
2568 }
2569 
2570 /** Return the nickname for the chosen exit router in <b>state</b>. If
2571  * there is no chosen exit, or if we don't know the routerinfo_t for the
2572  * chosen exit, return NULL.
2573  */
2574 const char *
2576 {
2577  if (!state || !state->chosen_exit)
2578  return NULL;
2579  return state->chosen_exit->nickname;
2580 }
2581 
2582 /* Is circuit purpose allowed to use the deprecated TAP encryption protocol?
2583  * The hidden service protocol still uses TAP for some connections, because
2584  * ntor onion keys aren't included in HS descriptors or INTRODUCE cells. */
2585 static int
2586 circuit_purpose_can_use_tap_impl(uint8_t purpose)
2587 {
2588  return (purpose == CIRCUIT_PURPOSE_S_CONNECT_REND ||
2589  purpose == CIRCUIT_PURPOSE_C_INTRODUCING);
2590 }
2591 
2592 /* Is circ allowed to use the deprecated TAP encryption protocol?
2593  * The hidden service protocol still uses TAP for some connections, because
2594  * ntor onion keys aren't included in HS descriptors or INTRODUCE cells. */
2595 int
2596 circuit_can_use_tap(const origin_circuit_t *circ)
2597 {
2598  tor_assert(circ);
2599  tor_assert(circ->cpath);
2600  tor_assert(circ->cpath->extend_info);
2601  return (circuit_purpose_can_use_tap_impl(circ->base_.purpose) &&
2602  extend_info_supports_tap(circ->cpath->extend_info));
2603 }
2604 
2605 /* Does circ have an onion key which it's allowed to use? */
2606 int
2607 circuit_has_usable_onion_key(const origin_circuit_t *circ)
2608 {
2609  tor_assert(circ);
2610  tor_assert(circ->cpath);
2611  tor_assert(circ->cpath->extend_info);
2612  return (extend_info_supports_ntor(circ->cpath->extend_info) ||
2613  circuit_can_use_tap(circ));
2614 }
2615 
2616 /** Find the circuits that are waiting to find out whether their guards are
2617  * usable, and if any are ready to become usable, mark them open and try
2618  * attaching streams as appropriate. */
2619 void
2621 {
2622  smartlist_t *to_upgrade =
2624 
2625  if (to_upgrade == NULL)
2626  return;
2627 
2628  log_info(LD_GUARD, "Upgrading %d circuits from 'waiting for better guard' "
2629  "to 'open'.", smartlist_len(to_upgrade));
2630 
2631  SMARTLIST_FOREACH_BEGIN(to_upgrade, origin_circuit_t *, circ) {
2633  circuit_has_opened(circ);
2634  } SMARTLIST_FOREACH_END(circ);
2635 
2636  smartlist_free(to_upgrade);
2637 }
2638 
2639 /**
2640  * Try to generate a circuit-negotiation message for communication with a
2641  * given relay. Assumes we are using ntor v3, or some later version that
2642  * supports parameter negotiatoin.
2643  *
2644  * On success, return 0 and pass back a message in the `out` parameters.
2645  * Otherwise, return -1.
2646  **/
2647 int
2649  uint8_t **msg_out,
2650  size_t *msg_len_out)
2651 {
2652  tor_assert(ei && msg_out && msg_len_out);
2653 
2655  return -1;
2656  }
2657 
2658  return congestion_control_build_ext_request(msg_out, msg_len_out);
2659 }
void tor_addr_copy(tor_addr_t *dest, const tor_addr_t *src)
Definition: address.c:933
void tor_addr_make_unspec(tor_addr_t *a)
Definition: address.c:225
time_t approx_time(void)
Definition: approx_time.c:32
const char * hex_str(const char *from, size_t fromlen)
Definition: binascii.c:34
void base16_encode(char *dest, size_t destlen, const char *src, size_t srclen)
Definition: binascii.c:478
int extend_info_is_a_configured_bridge(const extend_info_t *ei)
Definition: bridges.c:290
Header file for circuitbuild.c.
Fixed-size cell structure.
void channel_timestamp_client(channel_t *chan)
Definition: channel.c:3195
channel_t * channel_connect(const tor_addr_t *addr, uint16_t port, const char *id_digest, const ed25519_public_key_t *ed_id)
Definition: channel.c:2323
int channel_matches_extend_info(channel_t *chan, extend_info_t *extend_info)
Definition: channel.c:3292
int channel_remote_identity_matches(const channel_t *chan, const char *rsa_id_digest, const ed25519_public_key_t *ed_id)
Definition: channel.c:667
const char * channel_state_to_string(channel_state_t state)
Definition: channel.c:315
const char * channel_describe_peer(channel_t *chan)
Definition: channel.c:2837
void channel_dump_statistics(channel_t *chan, int severity)
Definition: channel.c:2541
channel_t * channel_get_for_extend(const char *rsa_id_digest, const ed25519_public_key_t *ed_id, const tor_addr_t *target_ipv4_addr, const tor_addr_t *target_ipv6_addr, bool for_origin_circ, const char **msg_out, int *launch_out)
Definition: channel.c:2413
Header file for channel.c.
void channel_mark_as_used_for_origin_circuit(channel_t *chan)
Definition: channeltls.c:375
@ CIRC_ID_TYPE_NEITHER
Definition: channel.h:44
@ CIRC_ID_TYPE_HIGHER
Definition: channel.h:41
int pathbias_count_build_attempt(origin_circuit_t *circ)
Definition: circpathbias.c:435
void pathbias_count_build_success(origin_circuit_t *circ)
Definition: circpathbias.c:523
static int circuit_send_first_onion_skin(origin_circuit_t *circ)
Definition: circuitbuild.c:969
const char * build_state_get_exit_nickname(cpath_build_state_t *state)
static void circuit_pick_extend_handshake(uint8_t *cell_type_out, uint8_t *create_cell_type_out, uint16_t *handshake_type_out, const extend_info_t *ei)
Definition: circuitbuild.c:872
static int circuit_build_no_more_hops(origin_circuit_t *circ)
int circuit_extend_to_new_exit(origin_circuit_t *circ, extend_info_t *exit_ei)
char * circuit_list_path(origin_circuit_t *circ, int verbose)
Definition: circuitbuild.c:336
STATIC int count_acceptable_nodes(const smartlist_t *nodes, int direct)
STATIC int onion_pick_cpath_exit(origin_circuit_t *circ, extend_info_t *exit_ei, int is_hs_v3_rp_circuit)
int circuit_handle_first_hop(origin_circuit_t *circ)
Definition: circuitbuild.c:543
static smartlist_t * circuit_get_unhandled_ports(time_t now)
static int middle_node_must_be_vanguard(const or_options_t *options, uint8_t purpose, int cur_len)
origin_circuit_t * circuit_establish_circuit(uint8_t purpose, extend_info_t *exit_ei, int flags)
Definition: circuitbuild.c:481
void circuit_log_path(int severity, unsigned int domain, origin_circuit_t *circ)
Definition: circuitbuild.c:355
static const node_t * choose_good_exit_server(origin_circuit_t *circ, router_crn_flags_t flags, int is_internal)
static const node_t * pick_vanguard_middle_node(const or_options_t *options, router_crn_flags_t flags, int cur_len, const smartlist_t *excluded)
STATIC circid_t get_unique_circ_id_by_chan(channel_t *chan)
Definition: circuitbuild.c:125
int route_len_for_purpose(uint8_t purpose, extend_info_t *exit_ei)
const uint8_t * build_state_get_exit_rsa_id(cpath_build_state_t *state)
STATIC int onion_extend_cpath(origin_circuit_t *circ)
int client_circ_negotiation_message(const extend_info_t *ei, uint8_t **msg_out, size_t *msg_len_out)
static void circuit_pick_create_handshake(uint8_t *cell_type_out, uint16_t *handshake_type_out, const extend_info_t *ei)
Definition: circuitbuild.c:840
char * circuit_list_path_for_controller(origin_circuit_t *circ)
Definition: circuitbuild.c:345
const node_t * build_state_get_exit_node(cpath_build_state_t *state)
STATIC int new_route_len(uint8_t purpose, extend_info_t *exit_ei, const smartlist_t *nodes)
static int onion_populate_cpath(origin_circuit_t *circ)
Definition: circuitbuild.c:388
int circuit_deliver_create_cell(circuit_t *circ, const struct create_cell_t *create_cell, int relayed)
Definition: circuitbuild.c:740
static int circuit_may_omit_guard(const origin_circuit_t *circ)
Definition: circuitbuild.c:898
const node_t * choose_good_entry_server(uint8_t purpose, cpath_build_state_t *state, circuit_guard_state_t **guard_state_out)
static int ap_stream_wants_exit_attention(connection_t *conn)
void circuit_n_chan_done(channel_t *chan, int status, int close_origin_circuits)
Definition: circuitbuild.c:638
static int circuit_cpath_supports_ntor(const origin_circuit_t *circ)
Definition: circuitbuild.c:364
int circuit_timeout_want_to_count_circ(const origin_circuit_t *circ)
Definition: circuitbuild.c:825
static void warn_if_last_router_excluded(origin_circuit_t *circ, const extend_info_t *exit_ei)
static char * circuit_list_path_impl(origin_circuit_t *circ, int verbose, int verbose_names)
Definition: circuitbuild.c:262
static smartlist_t * build_vanguard_middle_exclude_list(uint8_t purpose, cpath_build_state_t *state, crypt_path_t *head, int cur_len)
static const node_t * pick_restricted_middle_node(router_crn_flags_t flags, const routerset_t *pick_from, const routerset_t *exclude_set, const smartlist_t *exclude_list, int position_hint)
origin_circuit_t * origin_circuit_init(uint8_t purpose, int flags)
Definition: circuitbuild.c:452
int circuit_all_predicted_ports_handled(time_t now, int *need_uptime, int *need_capacity)
void circuit_note_clock_jumped(int64_t seconds_elapsed, bool was_idle)
int circuit_send_next_onion_skin(origin_circuit_t *circ)
Definition: circuitbuild.c:935
static smartlist_t * build_middle_exclude_list(uint8_t purpose, cpath_build_state_t *state, crypt_path_t *head, int cur_len)
int circuit_finish_handshake(origin_circuit_t *circ, const created_cell_t *reply)
int circuit_append_new_exit(origin_circuit_t *circ, extend_info_t *exit_ei)
int circuit_truncated(origin_circuit_t *circ, int reason)
circuit_guard_state_t * origin_circuit_get_guard_state(origin_circuit_t *circ)
Definition: circuitbuild.c:512
static const node_t * choose_good_middle_server(uint8_t purpose, cpath_build_state_t *state, crypt_path_t *head, int cur_len)
static void circuit_chan_publish(const origin_circuit_t *circ, const channel_t *chan)
Definition: circuitbuild.c:527
static bool should_use_create_fast_for_circuit(origin_circuit_t *circ)
Definition: circuitbuild.c:803
static int circuit_send_intermediate_onion_skin(origin_circuit_t *circ, crypt_path_t *hop)
static const node_t * choose_good_exit_server_general(router_crn_flags_t flags)
channel_t * channel_connect_for_circuit(const extend_info_t *ei)
Definition: circuitbuild.c:102
static int node_handles_some_port(const node_t *node, smartlist_t *needed_ports)
void circuit_upgrade_circuits_from_guard_wait(void)
Header file for circuitbuild.c.
int circuit_id_in_use_on_channel(circid_t circ_id, channel_t *chan)
Definition: circuitlist.c:1552
void circuit_set_n_circid_chan(circuit_t *circ, circid_t id, channel_t *chan)
Definition: circuitlist.c:485
void circuit_mark_all_dirty_circs_as_unusable(void)
Definition: circuitlist.c:2077
origin_circuit_t * origin_circuit_new(void)
Definition: circuitlist.c:1029
void circuit_set_state(circuit_t *circ, uint8_t state)
Definition: circuitlist.c:554
const char * circuit_purpose_to_string(uint8_t purpose)
Definition: circuitlist.c:914
int circuit_get_cpath_len(origin_circuit_t *circ)
Definition: circuitlist.c:2006
smartlist_t * circuit_find_circuits_to_upgrade_from_guard_wait(void)
Definition: circuitlist.c:1978
int circuit_get_cpath_opened_len(const origin_circuit_t *circ)
Definition: circuitlist.c:2022
origin_circuit_t * TO_ORIGIN_CIRCUIT(circuit_t *x)
Definition: circuitlist.c:177
void circuit_get_all_pending_on_channel(smartlist_t *out, channel_t *chan)
Definition: circuitlist.c:589
int circuit_event_status(origin_circuit_t *circ, circuit_status_event_t tp, int reason_code)
Definition: circuitlist.c:510
crypt_path_t * circuit_get_cpath_hop(origin_circuit_t *circ, int hopnum)
Definition: circuitlist.c:2042
time_t circuit_id_when_marked_unusable_on_channel(circid_t circ_id, channel_t *chan)
Definition: circuitlist.c:1565
void circuit_mark_all_unused_circs(void)
Definition: circuitlist.c:2058
Header file for circuitlist.c.
#define CIRCUIT_PURPOSE_S_CONNECT_REND
Definition: circuitlist.h:107
#define CIRCUIT_PURPOSE_C_MEASURE_TIMEOUT
Definition: circuitlist.h:93
#define CIRCUIT_PURPOSE_REND_POINT_WAITING
Definition: circuitlist.h:45
#define CIRCUIT_STATE_OPEN
Definition: circuitlist.h:32
#define CIRCUIT_STATE_BUILDING
Definition: circuitlist.h:21
#define CIRCUIT_PURPOSE_C_REND_JOINED
Definition: circuitlist.h:88
#define CIRCUIT_PURPOSE_INTRO_POINT
Definition: circuitlist.h:42
#define CIRCUIT_PURPOSE_CONTROLLER
Definition: circuitlist.h:121
#define CIRCUIT_IS_ORIGIN(c)
Definition: circuitlist.h:147
#define CIRCUIT_PURPOSE_C_REND_READY_INTRO_ACKED
Definition: circuitlist.h:86
#define CIRCUIT_STATE_GUARD_WAIT
Definition: circuitlist.h:30
#define CIRCUIT_PURPOSE_TESTING
Definition: circuitlist.h:118
#define CIRCUIT_PURPOSE_OR
Definition: circuitlist.h:39
#define CIRCUIT_STATE_CHAN_WAIT
Definition: circuitlist.h:26
#define CIRCUIT_PURPOSE_C_INTRODUCE_ACK_WAIT
Definition: circuitlist.h:76
#define CIRCUIT_PURPOSE_S_REND_JOINED
Definition: circuitlist.h:110
#define CIRCUIT_PURPOSE_C_REND_READY
Definition: circuitlist.h:83
#define CIRCUIT_PURPOSE_S_HSDIR_POST
Definition: circuitlist.h:112
#define CIRCUIT_PURPOSE_C_HSDIR_GET
Definition: circuitlist.h:90
#define CIRCUIT_PURPOSE_REND_ESTABLISHED
Definition: circuitlist.h:47
#define CIRCUIT_PURPOSE_C_INTRODUCE_ACKED
Definition: circuitlist.h:79
#define CIRCUIT_PURPOSE_C_INTRODUCING
Definition: circuitlist.h:73
#define CIRCUIT_PURPOSE_S_ESTABLISH_INTRO
Definition: circuitlist.h:101
#define CIRCUIT_PURPOSE_C_ESTABLISH_REND
Definition: circuitlist.h:81
#define CIRCUIT_PURPOSE_C_GENERAL
Definition: circuitlist.h:70
#define CIRCUIT_PURPOSE_HS_VANGUARDS
Definition: circuitlist.h:131
unsigned int circuitmux_num_active_circuits(circuitmux_t *cmux)
Definition: circuitmux.c:702
unsigned int circuitmux_num_circuits(circuitmux_t *cmux)
Definition: circuitmux.c:714
void circpad_machine_event_circ_added_hop(origin_circuit_t *on_circ)
void circpad_machine_event_circ_built(origin_circuit_t *circ)
Header file for circuitpadding.c.
void circuit_build_times_handle_completed_hop(origin_circuit_t *circ)
Definition: circuitstats.c:679
Header file for circuitstats.c.
int circuit_should_use_vanguards(uint8_t purpose)
Definition: circuituse.c:1980
void circuit_has_opened(origin_circuit_t *circ)
Definition: circuituse.c:1631
void circuit_reset_failure_count(int timeout)
Definition: circuituse.c:2180
int circuit_stream_is_being_handled(entry_connection_t *conn, uint16_t port, int min)
Definition: circuituse.c:993
void circuit_remove_handled_ports(smartlist_t *needed_ports)
Definition: circuituse.c:968
int circuit_purpose_is_hidden_service(uint8_t purpose)
Definition: circuituse.c:1918
Header file for circuituse.c.
#define CIRCLAUNCH_NEED_CAPACITY
Definition: circuituse.h:43
#define CIRCLAUNCH_IS_IPV6_SELFTEST
Definition: circuituse.h:54
#define CIRCLAUNCH_ONEHOP_TUNNEL
Definition: circuituse.h:39
#define CIRCLAUNCH_IS_V3_RP
Definition: circuituse.h:49
#define CIRCLAUNCH_IS_INTERNAL
Definition: circuituse.h:46
#define CIRCLAUNCH_NEED_UPTIME
Definition: circuituse.h:41
void command_setup_channel(channel_t *chan)
Definition: command.c:697
Header file for command.c.
const or_options_t * get_options(void)
Definition: config.c:926
tor_cmdline_mode_t command
Definition: config.c:2449
Header file for config.c.
Header for confmgt.c.
int congestion_control_build_ext_request(uint8_t **msg_out, size_t *msg_len_out)
congestion_control_t * congestion_control_new(const circuit_params_t *params, cc_path_t path)
bool congestion_control_enabled(void)
Public APIs for congestion control.
#define SBWS_ROUTE_LEN
Header file for connection.c.
#define CONN_TYPE_AP
Definition: connection.h:51
int connection_ap_can_use_exit(const entry_connection_t *conn, const node_t *exit_node)
int connection_edge_is_rendezvous_stream(const edge_connection_t *conn)
edge_connection_t * TO_EDGE_CONN(connection_t *c)
entry_connection_t * TO_ENTRY_CONN(connection_t *c)
Header file for connection_edge.c.
#define AP_CONN_STATE_CIRCUIT_WAIT
void clear_broken_connection_map(int stop_recording)
Header file for connection_or.c.
void control_event_bootstrap(bootstrap_status_t status, int progress)
int control_event_general_status(int severity, const char *format,...)
int control_event_client_status(int severity, const char *format,...)
Header file for control_events.c.
Circuit-build-stse structure.
int cpath_append_hop(crypt_path_t **head_ptr, extend_info_t *choice)
Definition: crypt_path.c:59
int cpath_init_circuit_crypto(crypt_path_t *cpath, const char *key_data, size_t key_data_len, int reverse, int is_hs_v3)
Definition: crypt_path.c:148
crypt_path_t * cpath_get_next_non_open_hop(crypt_path_t *cpath)
Definition: crypt_path.c:227
void cpath_free(crypt_path_t *victim)
Definition: crypt_path.c:160
Header file for crypt_path.c.
#define HEX_DIGEST_LEN
Definition: crypto_digest.h:35
void ed25519_pubkey_copy(ed25519_public_key_t *dest, const ed25519_public_key_t *src)
int ed25519_public_key_is_zero(const ed25519_public_key_t *pubkey)
void crypto_rand(char *to, size_t n)
Definition: crypto_rand.c:479
void * smartlist_choose(const smartlist_t *sl)
Definition: crypto_rand.c:594
Common functions for using (pseudo-)random number generators.
const char * extend_info_describe(const extend_info_t *ei)
Definition: describe.c:224
const char * node_describe(const node_t *node)
Definition: describe.c:160
Header file for describe.c.
#define DIGEST_LEN
Definition: digest_sizes.h:20
Header file for directory.c.
Entry connection structure.
guard_usable_t entry_guard_succeeded(circuit_guard_state_t **guard_state_p)
Definition: entrynodes.c:2520
const routerset_t * get_layer2_guards(void)
Definition: entrynodes.c:4218
bool vanguards_lite_is_enabled(void)
Definition: entrynodes.c:3991
const node_t * guards_choose_guard(cpath_build_state_t *state, uint8_t purpose, circuit_guard_state_t **guard_state_out)
Definition: entrynodes.c:3783
Header file for circuitbuild.c.
Header file for Tor tracing instrumentation definition.
#define TR_SUBSYS(name)
Definition: events.h:45
Extend-info structure.
const tor_addr_port_t * extend_info_get_orport(const extend_info_t *ei, int family)
Definition: extendinfo.c:285
extend_info_t * extend_info_from_node(const node_t *node, int for_direct_connect, bool for_exit)
Definition: extendinfo.c:100
const tor_addr_port_t * extend_info_pick_orport(const extend_info_t *ei)
Definition: extendinfo.c:300
bool extend_info_any_orport_addr_is_internal(const extend_info_t *ei)
Definition: extendinfo.c:340
extend_info_t * extend_info_dup(extend_info_t *info)
Definition: extendinfo.c:193
Header for core/or/extendinfo.c.
Header for hs_ntor.c.
void tor_log(int severity, log_domain_mask_t domain, const char *format,...)
Definition: log.c:590
#define log_fn(severity, domain, args,...)
Definition: log.h:283
#define LD_REND
Definition: log.h:84
#define log_fn_ratelim(ratelim, severity, domain, args,...)
Definition: log.h:288
#define LD_APP
Definition: log.h:78
#define LD_PROTOCOL
Definition: log.h:72
#define LD_BUG
Definition: log.h:86
#define LD_GUARD
Definition: log.h:109
#define LD_GENERAL
Definition: log.h:62
#define LOG_NOTICE
Definition: log.h:50
#define LD_CIRC
Definition: log.h:82
#define LOG_WARN
Definition: log.h:53
#define LOG_INFO
Definition: log.h:45
void note_that_we_maybe_cant_complete_circuits(void)
Definition: mainloop.c:234
int have_completed_a_circuit(void)
Definition: mainloop.c:218
void note_that_we_completed_a_circuit(void)
Definition: mainloop.c:226
smartlist_t * get_connection_array(void)
Definition: mainloop.c:443
void reset_all_main_loop_timers(void)
Definition: mainloop.c:1456
Header file for mainloop.c.
#define tor_free(p)
Definition: malloc.h:56
Header file for microdesc.c.
Header file for networkstatus.c.
int is_legal_nickname(const char *s)
Definition: nickname.c:19
Header file for nickname.c.
const node_t * router_choose_random_node(smartlist_t *excludedsmartlist, routerset_t *excludedset, router_crn_flags_t flags)
Definition: node_select.c:979
const node_t * node_sl_choose_by_bandwidth(const smartlist_t *sl, bandwidth_weight_rule_t rule)
Definition: node_select.c:856
Header file for node_select.c.
router_crn_flags_t
Definition: node_select.h:16
Node information structure.
void nodelist_add_node_and_family(smartlist_t *sl, const node_t *node)
Definition: nodelist.c:2242
const smartlist_t * nodelist_get_list(void)
Definition: nodelist.c:1047
int node_has_preferred_descriptor(const node_t *node, int for_direct_connect)
Definition: nodelist.c:1500
const node_t * node_get_by_id(const char *identity_digest)
Definition: nodelist.c:226
void node_get_verbose_nickname(const node_t *node, char *verbose_name_out)
Definition: nodelist.c:1533
int router_have_minimum_dir_info(void)
Definition: nodelist.c:2427
int node_exit_policy_rejects_all(const node_t *node)
Definition: nodelist.c:1579
Header file for nodelist.c.
Header file for ocirc_event.c.
int extend_cell_format(uint8_t *command_out, uint16_t *len_out, uint8_t *payload_out, const extend_cell_t *cell_in)
Definition: onion.c:617
Header file for onion.c.
int onion_skin_client_handshake(int type, const onion_handshake_state_t *handshake_state, const uint8_t *reply, size_t reply_len, uint8_t *keys_out, size_t keys_out_len, uint8_t *rend_authenticator_out, circuit_params_t *params_out, const char **msg_out)
Definition: onion_crypto.c:459
int onion_skin_create(int type, const extend_info_t *node, onion_handshake_state_t *state_out, uint8_t *onion_skin_out, size_t onion_skin_out_maxlen)
Definition: onion_crypto.c:129
void onion_handshake_state_release(onion_handshake_state_t *state)
Definition: onion_crypto.c:94
Header file for onion_crypto.c.
Header file for onion_fast.c.
Header file for onion_tap.c.
Master header file for Tor-specific functionality.
#define MAX_NICKNAME_LEN
Definition: or.h:112
#define MIN_CIRCUITS_HANDLING_STREAM
Definition: or.h:180
#define DEFAULT_ROUTE_LEN
Definition: or.h:890
uint32_t circid_t
Definition: or.h:488
#define END_CIRC_REASON_NOPATH
Definition: or.h:307
#define TO_CIRCUIT(x)
Definition: or.h:836
#define MAX_VERBOSE_NICKNAME_LEN
Definition: or.h:118
#define RELAY_PAYLOAD_SIZE
Definition: or.h:485
#define END_CIRC_REASON_FLAG_REMOTE
Definition: or.h:332
@ CELL_DIRECTION_OUT
Definition: or.h:368
Origin circuit structure.
addr_policy_result_t compare_tor_addr_to_node_policy(const tor_addr_t *addr, uint16_t port, const node_t *node)
Definition: policies.c:2907
Header file for policies.c.
addr_policy_result_t
Definition: policies.h:38
@ ADDR_POLICY_PROBABLY_REJECTED
Definition: policies.h:48
@ ADDR_POLICY_REJECTED
Definition: policies.h:42
void rep_hist_remove_predicted_ports(const smartlist_t *rmv_ports)
smartlist_t * rep_hist_get_predicted_ports(time_t now)
Header file for predict_ports.c.
char * rate_limit_log(ratelim_t *lim, time_t now)
Definition: ratelim.c:42
void append_cell_to_circuit_queue(circuit_t *circ, channel_t *chan, cell_t *cell, cell_direction_t direction, streamid_t fromstream)
Definition: relay.c:3241
Header file for relay.c.
int router_digest_is_me(const char *digest)
Definition: router.c:1739
Header file for router.c.
void router_add_running_nodes_to_smartlist(smartlist_t *sl, int flags)
Definition: routerlist.c:613
Header file for routerlist.c.
int server_mode(const or_options_t *options)
Definition: routermode.c:34
Header file for routermode.c.
int routerset_contains_node(const routerset_t *set, const node_t *node)
Definition: routerset.c:353
void routerset_get_all_nodes(smartlist_t *out, const routerset_t *routerset, const routerset_t *excludeset, int running_only)
Definition: routerset.c:379
int routerset_contains_extendinfo(const routerset_t *set, const extend_info_t *ei)
Definition: routerset.c:308
void routerset_subtract_nodes(smartlist_t *lst, const routerset_t *routerset)
Definition: routerset.c:413
Header file for routerset.c.
void router_do_reachability_checks(void)
Definition: selftest.c:292
Header file for selftest.c.
void smartlist_add_asprintf(struct smartlist_t *sl, const char *pattern,...)
Definition: smartlist.c:36
int smartlist_contains_int_as_string(const smartlist_t *sl, int num)
Definition: smartlist.c:147
void smartlist_subtract(smartlist_t *sl1, const smartlist_t *sl2)
Definition: smartlist.c:264
char * smartlist_join_strings(smartlist_t *sl, const char *join, int terminate, size_t *len_out)
Definition: smartlist.c:279
smartlist_t * smartlist_new(void)
void smartlist_add(smartlist_t *sl, void *element)
void smartlist_clear(smartlist_t *sl)
#define SMARTLIST_FOREACH_BEGIN(sl, type, var)
#define SMARTLIST_FOREACH(sl, type, var, cmd)
Definition: cell_st.h:17
circid_t circ_id
Definition: cell_st.h:18
channel_state_t state
Definition: channel.h:192
int(* is_canonical)(channel_t *)
Definition: channel.h:353
unsigned int num_n_circuits
Definition: channel.h:410
circ_id_type_bitfield_t circ_id_type
Definition: channel.h:405
char identity_digest[DIGEST_LEN]
Definition: channel.h:378
uint64_t global_identifier
Definition: channel.h:197
channel_usage_info_t channel_usage
Definition: channel.h:228
time_t timestamp_created
Definition: channel.h:298
circuitmux_t * cmux
Definition: channel.h:397
ratelim_t last_warned_circ_ids_exhausted
Definition: channel.h:438
uint8_t state
Definition: circuit_st.h:111
uint8_t purpose
Definition: circuit_st.h:112
struct timeval timestamp_began
Definition: circuit_st.h:166
channel_t * n_chan
Definition: circuit_st.h:70
extend_info_t * n_hop
Definition: circuit_st.h:88
circid_t n_circ_id
Definition: circuit_st.h:79
uint8_t state
Definition: connection_st.h:49
unsigned int type
Definition: connection_st.h:50
uint16_t marked_for_close
extend_info_t * chosen_exit
uint16_t handshake_len
Definition: onion.h:30
uint16_t handshake_type
Definition: onion.h:28
uint8_t onionskin[CELL_PAYLOAD_SIZE - 4]
Definition: onion.h:32
uint8_t cell_type
Definition: onion.h:26
uint16_t handshake_len
Definition: onion.h:40
uint8_t reply[CELL_PAYLOAD_SIZE - 2]
Definition: onion.h:42
struct crypt_path_t * prev
Definition: crypt_path_st.h:80
uint8_t state
Definition: crypt_path_st.h:73
struct crypt_path_t * next
Definition: crypt_path_st.h:77
extend_info_t * extend_info
Definition: crypt_path_st.h:66
char rend_circ_nonce[DIGEST_LEN]
Definition: crypt_path_st.h:63
onion_handshake_state_t handshake_state
Definition: crypt_path_st.h:57
struct congestion_control_t * ccontrol
Definition: crypt_path_st.h:89
struct edge_connection_t * next_stream
tor_addr_port_t orport_ipv4
Definition: onion.h:50
create_cell_t create_cell
Definition: onion.h:60
struct ed25519_public_key_t ed_pubkey
Definition: onion.h:56
uint8_t node_id[DIGEST_LEN]
Definition: onion.h:54
tor_addr_port_t orport_ipv6
Definition: onion.h:52
uint8_t cell_type
Definition: onion.h:48
ed25519_public_key_t ed_identity
char identity_digest[DIGEST_LEN]
char nickname[MAX_HEX_NICKNAME_LEN+1]
bool exit_supports_congestion_control
Definition: node_st.h:34
char identity[DIGEST_LEN]
Definition: node_st.h:46
struct routerset_t * ExcludeExitNodesUnion_
struct routerset_t * ExcludeNodes
struct routerset_t * ExitNodes
struct routerset_t * HSLayer2Nodes
struct smartlist_t * LongLivedPorts
int ExtendAllowPrivateAddresses
struct routerset_t * MiddleNodes
struct routerset_t * HSLayer3Nodes
edge_connection_t * p_streams
unsigned int has_opened
crypt_path_t * cpath
cpath_build_state_t * build_state
struct circuit_guard_state_t * guard_state
unsigned first_hop_from_controller
#define STATIC
Definition: testsupport.h:32
#define MOCK_IMPL(rv, funcname, arglist)
Definition: testsupport.h:133
void tor_gettimeofday(struct timeval *timeval)
Headers for transports.c.
#define tor_assert_nonfatal_unreached()
Definition: util_bug.h:176
#define tor_assert(expr)
Definition: util_bug.h:102
#define tor_fragile_assert()
Definition: util_bug.h:270
#define IF_BUG_ONCE(cond)
Definition: util_bug.h:246
int tor_digest_is_zero(const char *digest)
Definition: util_string.c:96