Tor 0.4.9.1-alpha-dev
conflux_pool.c
Go to the documentation of this file.
1/* Copyright (c) 2021, The Tor Project, Inc. */
2/* See LICENSE for licensing information */
3
4/**
5 * \file conflux_pool.c
6 * \brief Conflux circuit pool management
7 */
8
9#define TOR_CONFLUX_PRIVATE
10#define CONFLUX_CELL_PRIVATE
11
12#include "core/or/or.h"
13
14#include "app/config/config.h"
15
17#include "core/or/circuitlist.h"
19#include "core/or/circuituse.h"
21#include "core/or/conflux.h"
23#include "trunnel/conflux.h"
27#include "core/or/relay.h"
30
32#include "core/or/or_circuit_st.h"
35#include "core/or/conflux_st.h"
36
39#include "app/config/config.h"
40
43
44/* Indicate if we are shutting down. This is used so we avoid recovering a
45 * conflux set on total shutdown. */
46static bool shutting_down = false;
47
48/** The pool of client-side conflux_t that are built, linked, and ready
49 * to be used. Indexed by nonce. */
50static digest256map_t *client_linked_pool;
51
52/** The pool of origin unlinked_circuits_t indexed by nonce. */
53static digest256map_t *client_unlinked_pool;
54
55/** The pool of relay conflux_t indexed by nonce. We call these "server"
56 * because they could be onion-service side too (even though we likely will
57 * only implement onion service conflux in Arti). The code is littered with
58 * asserts to ensure there are no origin circuits in here for now, too. */
59static digest256map_t *server_linked_pool;
60
61/** The pool of relay unlinked_circuits_t indexed by nonce. */
62static digest256map_t *server_unlinked_pool;
63
64/* A leg is essentially a circuit for a conflux set. We use this object for the
65 * unlinked pool. */
66typedef struct leg_t {
67 /* The circuit of the leg. */
68 circuit_t *circ;
69
70 /* The LINK cell content which is used to put the information back in the
71 * conflux_t object once all legs have linked and validate the ack. */
73
74 /* Indicate if the leg has received the LINKED or the LINKED_ACK cell
75 * depending on its side of the circuit. When all legs are linked, we then
76 * finalize the conflux_t object and move it to the linked pool. */
77 bool linked;
78
79 /* What time did we send the LINK/LINKED (depending on which side) so we can
80 * calculate the RTT. */
81 uint64_t link_sent_usec;
82
83 /* The RTT value in usec takend from the LINK <--> LINKED round trip. */
84 uint64_t rtt_usec;
85} leg_t;
86
87/* Object used to track unlinked circuits which are kept in the unlinked pool
88 * until they are linked and moved to the linked pool and global circuit set.
89 */
90typedef struct unlinked_circuits_t {
91 /* If true, indicate that this unlinked set is client side as in the legs are
92 * origin circuits. Else, it is on the exit side and thus or circuits. */
93 bool is_client;
94
95 /* If true, indicate if the conflux_t is related to a linked set. */
96 bool is_for_linked_set;
97
98 /* Conflux object that will be set in each leg once all linked. */
99 conflux_t *cfx;
100
101 /* Legs. */
102 smartlist_t *legs;
104
105/** Error code used when linking circuits. Based on those, we decide to
106 * relaunch or not. */
107typedef enum link_circ_err_t {
108 /* Linking was successful. */
109 ERR_LINK_CIRC_OK = 0,
110 /* The RTT was not acceptable. */
111 ERR_LINK_CIRC_BAD_RTT = 1,
112 /* The leg can't be found. */
113 ERR_LINK_CIRC_MISSING_LEG = 2,
114 /* The set can't be found. */
115 ERR_LINK_CIRC_MISSING_SET = 3,
116 /* Invalid leg as in not pass validation. */
117 ERR_LINK_CIRC_INVALID_LEG = 4,
119
120#ifdef TOR_UNIT_TESTS
121digest256map_t *
122get_unlinked_pool(bool is_client)
123{
124 return is_client ? client_unlinked_pool : server_unlinked_pool;
125}
126
127digest256map_t *
128get_linked_pool(bool is_client)
129{
130 return is_client ? client_linked_pool : server_linked_pool;
131}
132#endif
133
134/* For unit tests only: please treat these exactly as the defines in the
135 * code. */
136STATIC uint8_t DEFAULT_CLIENT_UX = CONFLUX_UX_HIGH_THROUGHPUT;
137STATIC uint8_t DEFAULT_EXIT_UX = CONFLUX_UX_MIN_LATENCY;
138
139/** Helper: Format at 8 bytes the nonce for logging. */
140static inline const char *
141fmt_nonce(const uint8_t *nonce)
142{
143 return hex_str((char *) nonce, 8);
144}
145
146/**
147 * Return the conflux algorithm for a desired UX value.
148 */
149static uint8_t
150conflux_choose_algorithm(uint8_t desired_ux)
151{
152 switch (desired_ux) {
153 case CONFLUX_UX_NO_OPINION:
154 return CONFLUX_ALG_LOWRTT;
155 case CONFLUX_UX_MIN_LATENCY:
156 return CONFLUX_ALG_MINRTT;
157 case CONFLUX_UX_HIGH_THROUGHPUT:
158 return CONFLUX_ALG_LOWRTT;
159 /* For now, we have no low mem algs, so use minRTT since it should
160 * switch less and thus use less mem */
161 /* TODO-329-TUNING: Pick better algs here*/
162 case CONFLUX_UX_LOW_MEM_THROUGHPUT:
163 case CONFLUX_UX_LOW_MEM_LATENCY:
164 return CONFLUX_ALG_MINRTT;
165 default:
166 /* Trunnel should protect us from this */
168 return CONFLUX_ALG_LOWRTT;
169 }
170}
171
172/** Return a newly allocated conflux_t object. */
173static conflux_t *
175{
176 conflux_t *cfx = tor_malloc_zero(sizeof(*cfx));
177
178 cfx->ooo_q = smartlist_new();
179 cfx->legs = smartlist_new();
180
181 return cfx;
182}
183
184static void
185conflux_free_(conflux_t *cfx)
186{
187 if (!cfx) {
188 return;
189 }
190 tor_assert(cfx->legs);
191 tor_assert(cfx->ooo_q);
192
194 SMARTLIST_DEL_CURRENT(cfx->legs, leg);
195 tor_free(leg);
196 } SMARTLIST_FOREACH_END(leg);
197 smartlist_free(cfx->legs);
198
199 SMARTLIST_FOREACH(cfx->ooo_q, conflux_cell_t *, cell, tor_free(cell));
200 smartlist_free(cfx->ooo_q);
201
202 memwipe(cfx->nonce, 0, sizeof(cfx->nonce));
203 tor_free(cfx);
204}
205
206/** Wrapper for the free function, set the cfx pointer to NULL after free */
207#define conflux_free(cfx) \
208 FREE_AND_NULL(conflux_t, conflux_free_, cfx)
209
210/** Helper: Free function for the digest256map_free(). */
211static inline void
213{
214 conflux_t *cfx = (conflux_t *)ptr;
215 conflux_free(cfx);
216}
217
218/** Return a newly allocated leg object containing the given circuit and link
219 * pointer (no copy). */
220static leg_t *
222{
223 leg_t *leg = tor_malloc_zero(sizeof(*leg));
224 leg->circ = circ;
225 leg->link = link;
226 return leg;
227}
228
229/** Free the given leg object. Passing NULL is safe. */
230static void
232{
233 if (!leg) {
234 return;
235 }
236 if (leg->circ) {
238 leg->circ->conflux_pending_nonce = NULL;
239 }
240 tor_free(leg->link);
241 tor_free(leg);
242}
243
244/** Return a newly allocated unlinked set object for the given nonce. A new
245 * conflux object is also created. */
246static unlinked_circuits_t *
247unlinked_new(const uint8_t *nonce, bool is_client)
248{
249 unlinked_circuits_t *unlinked = tor_malloc_zero(sizeof(*unlinked));
250 unlinked->cfx = conflux_new();
251 unlinked->legs = smartlist_new();
252 unlinked->is_client = is_client;
253 memcpy(unlinked->cfx->nonce, nonce, sizeof(unlinked->cfx->nonce));
254
255 return unlinked;
256}
257
258/** Free the given unlinked object. */
259static void
261{
262 if (!unlinked) {
263 return;
264 }
265 tor_assert(unlinked->legs);
266
267 /* This cfx is pointing to a linked set. */
268 if (!unlinked->is_for_linked_set) {
269 conflux_free(unlinked->cfx);
270 }
271 SMARTLIST_FOREACH(unlinked->legs, leg_t *, leg, leg_free(leg));
272 smartlist_free(unlinked->legs);
273 tor_free(unlinked);
274}
275
276/** Add the given unlinked object to the unlinked pool. */
277static void
278unlinked_pool_add(unlinked_circuits_t *unlinked, bool is_client)
279{
280 tor_assert(unlinked);
281 if (is_client) {
282 digest256map_set(client_unlinked_pool, unlinked->cfx->nonce, unlinked);
283 } else {
284 digest256map_set(server_unlinked_pool, unlinked->cfx->nonce, unlinked);
285 }
286}
287
288/** Delete the given unlinked object from the unlinked pool. */
289static void
290unlinked_pool_del(unlinked_circuits_t *unlinked, bool is_client)
291{
292 tor_assert(unlinked);
293
294 if (is_client) {
295 digest256map_remove(client_unlinked_pool, unlinked->cfx->nonce);
296 } else {
297 digest256map_remove(server_unlinked_pool, unlinked->cfx->nonce);
298 }
299}
300
301/** Return an unlinked object for the given nonce else NULL. */
302static unlinked_circuits_t *
303unlinked_pool_get(const uint8_t *nonce, bool is_client)
304{
305 tor_assert(nonce);
306 if (is_client) {
307 return digest256map_get(client_unlinked_pool, nonce);
308 } else {
309 return digest256map_get(server_unlinked_pool, nonce);
310 }
311}
312
313/** Delete from the pool and free the given unlinked object. */
314static void
316{
317 tor_assert(unlinked);
318 unlinked_pool_del(unlinked, is_client);
319 unlinked_free(unlinked);
320}
321
322/** Add the given conflux object to the linked conflux set. */
323static void
324linked_pool_add(conflux_t *cfx, bool is_client)
325{
326 tor_assert(cfx);
327 if (is_client) {
328 digest256map_set(client_linked_pool, cfx->nonce, cfx);
329 } else {
330 digest256map_set(server_linked_pool, cfx->nonce, cfx);
331 }
332}
333
334/** Delete from the linked conflux set the given nonce. */
335static void
336linked_pool_del(const uint8_t *nonce, bool is_client)
337{
338 tor_assert(nonce);
339 if (is_client) {
340 digest256map_remove(client_linked_pool, nonce);
341 } else {
342 digest256map_remove(server_linked_pool, nonce);
343 }
344}
345
346/** Return a conflux_t object for the given nonce from the linked set. */
347static conflux_t *
348linked_pool_get(const uint8_t *nonce, bool is_client)
349{
350 tor_assert(nonce);
351 if (is_client) {
352 return digest256map_get(client_linked_pool, nonce);
353 } else {
354 return digest256map_get(server_linked_pool, nonce);
355 }
356}
357
358/** Add the given leg to the given unlinked object. */
359static inline void
361{
362 tor_assert(unlinked);
363 tor_assert(leg);
364
365 smartlist_add(unlinked->legs, leg);
366}
367
368/** Return an unlinked leg for the given unlinked object and for the given
369 * circuit. */
370static inline leg_t *
371leg_find(const unlinked_circuits_t *unlinked, const circuit_t *circ)
372{
373 SMARTLIST_FOREACH_BEGIN(unlinked->legs, leg_t *, leg) {
374 if (leg->circ == circ) {
375 return leg;
376 }
377 } SMARTLIST_FOREACH_END(leg);
378 return NULL;
379}
380
381/** Return the given circuit leg from its unlinked set (if any). */
382static leg_t *
383unlinked_leg_find(const circuit_t *circ, bool is_client)
384{
385 unlinked_circuits_t *unlinked =
387 if (!unlinked) {
388 return NULL;
389 }
390 return leg_find(unlinked, circ);
391}
392
393static void
394unlinked_leg_del_and_free(unlinked_circuits_t *unlinked,
395 const circuit_t *circ)
396{
397 tor_assert(circ);
398 tor_assert(unlinked);
399
400 SMARTLIST_FOREACH_BEGIN(unlinked->legs, leg_t *, leg) {
401 if (leg->circ == circ) {
402 SMARTLIST_DEL_CURRENT(unlinked->legs, leg);
403 leg_free(leg);
404 break;
405 }
406 } SMARTLIST_FOREACH_END(leg);
407}
408
409/**
410 * Ensure that the given circuit has no attached streams.
411 *
412 * This validation function is called at various stages for
413 * unlinked circuits, to make sure they have no streams.
414 */
415static void
417{
418 if (CIRCUIT_IS_ORIGIN(circ)) {
419 origin_circuit_t *ocirc = TO_ORIGIN_CIRCUIT(circ);
420 if (BUG(ocirc->p_streams)) {
421 log_warn(LD_BUG,
422 "Unlinked Conflux circuit %u has attached streams.",
423 ocirc->global_identifier);
424 ocirc->p_streams = NULL;
425 }
426 if (BUG(ocirc->half_streams)) {
427 log_warn(LD_BUG,
428 "Unlinked conflux circ %u has half streams.",
429 ocirc->global_identifier);
430 ocirc->half_streams = NULL;
431 }
432 } else {
433 or_circuit_t *orcirc = TO_OR_CIRCUIT(circ);
434 if (BUG(orcirc->n_streams)) {
435 log_warn(LD_BUG,
436 "Unlinked conflux circuit has attached streams.");
437 orcirc->n_streams = NULL;
438 }
439 if (BUG(orcirc->resolving_streams)) {
440 log_warn(LD_BUG,
441 "Unlinked conflux circuit has resolving streams.");
442 orcirc->resolving_streams = NULL;
443 }
444 }
445}
446
447/** Return true iff the legs in the given unlinked set are valid and coherent
448 * to be a linked set. */
449static bool
451{
452 bool valid = true;
453 uint8_t version;
454 uint8_t *nonce = NULL;
455
456 tor_assert(unlinked);
457
458 SMARTLIST_FOREACH_BEGIN(unlinked->legs, const leg_t *, leg) {
459 if (!nonce) {
460 nonce = leg->link->nonce;
461 version = leg->link->version;
462 } else {
463 /* Version and nonce must match in all legs. */
464 valid &= (leg->link->version == version &&
465 tor_memeq(leg->link->nonce, nonce, sizeof(leg->link->nonce)));
466 }
467
468 // If the other ends last sent sequence number is higher than the
469 // last sequence number we delivered, we have data loss, and cannot link.
470 if (leg->link->last_seqno_sent > unlinked->cfx->last_seq_delivered) {
471 log_fn(unlinked->is_client ? LOG_NOTICE : LOG_PROTOCOL_WARN, LD_CIRC,
472 "Data loss detected while trying to add a conflux leg.");
473 valid = false;
474
475 // TODO-329-ARTI: Instead of closing the set here, we could
476 // immediately send a SWITCH cell and re-send the missing data.
477 // To do this, though, we would need to constantly buffer at least
478 // a cwnd worth of sent data to retransmit. We're not going to try
479 // this in C-Tor, but arti could consider it.
480 }
482 } SMARTLIST_FOREACH_END(leg);
483
484 /* Note that if no legs, it validates. */
485
486 return valid;
487}
488
489/** Add up a new leg to the given conflux object. */
490static void
492{
493 tor_assert(cfx);
494 tor_assert(leg);
495 tor_assert(leg->link);
496
497 /* Big trouble if we add a leg to the wrong set. */
498 tor_assert(tor_memeq(cfx->nonce, leg->link->nonce, sizeof(cfx->nonce)));
499
500 conflux_leg_t *cleg = tor_malloc_zero(sizeof(*cleg));
501 cleg->circ = leg->circ;
502 // TODO-329-ARTI: Blindly copying the values from the cell. Is this correct?
503 // I think no... When adding new legs, switching to this leg is
504 // likely to break, unless the sender tracks what link cell it sent..
505 // Is that the best option? Or should we use the max of our legs, here?
506 // (It seems the other side will have no idea what our current maxes
507 /// are, so this option seems better right now)
508 cleg->last_seq_recv = leg->link->last_seqno_sent;
509 cleg->last_seq_sent = leg->link->last_seqno_recv;
510 cleg->circ_rtts_usec = leg->rtt_usec;
511 cleg->linked_sent_usec = leg->link_sent_usec;
512
513 cfx->params.alg = conflux_choose_algorithm(leg->link->desired_ux);
514
515 /* Add leg to given conflux. */
516 smartlist_add(cfx->legs, cleg);
517
518 /* Ensure the new circuit has no streams. */
520
521 /* If this is not the first leg, get the first leg, and get
522 * the reference streams from it. */
523 if (CONFLUX_NUM_LEGS(cfx) > 0) {
524 conflux_leg_t *first_leg = smartlist_get(cfx->legs, 0);
525 if (CIRCUIT_IS_ORIGIN(first_leg->circ)) {
526 origin_circuit_t *old_circ = TO_ORIGIN_CIRCUIT(first_leg->circ);
527 origin_circuit_t *new_circ = TO_ORIGIN_CIRCUIT(leg->circ);
528
529 new_circ->p_streams = old_circ->p_streams;
530 new_circ->half_streams = old_circ->half_streams;
531 /* Sync all legs with the new stream(s). */
532 conflux_sync_circ_fields(cfx, old_circ);
533 } else {
534 or_circuit_t *old_circ = TO_OR_CIRCUIT(first_leg->circ);
535 or_circuit_t *new_circ = TO_OR_CIRCUIT(leg->circ);
536 new_circ->n_streams = old_circ->n_streams;
537 new_circ->resolving_streams = old_circ->resolving_streams;
538 }
539 }
540
541 if (CIRCUIT_IS_ORIGIN(cleg->circ)) {
542 tor_assert_nonfatal(cleg->circ->purpose ==
544 circuit_change_purpose(cleg->circ, CIRCUIT_PURPOSE_CONFLUX_LINKED);
545 }
547}
548
549/**
550 * Clean up a circuit from its conflux_t object.
551 *
552 * Return true if closing this circuit should tear down the entire set,
553 * false otherwise.
554 */
555static bool
557{
558 conflux_leg_t *leg;
559 bool full_teardown = false;
560
561 tor_assert(cfx);
562 tor_assert(circ);
563
564 leg = conflux_get_leg(cfx, circ);
565 if (!leg) {
566 goto end;
567 }
568
569 // If the circuit still has inflight data, teardown
570 const struct congestion_control_t *cc = circuit_ccontrol(circ);
571 tor_assert(cc);
573 if (cc->inflight >= cc->sendme_inc) {
574 full_teardown = true;
575 log_info(LD_CIRC, "Conflux current circuit has closed with "
576 "data in flight, tearing down entire set.");
577 }
578
579 /* Remove it from the cfx. */
580 smartlist_remove(cfx->legs, leg);
581
582 /* After removal, if this leg had the highest sent (or recv)
583 * sequence number, it was in active use by us (or the other side).
584 * We need to tear down the entire set. */
585 // TODO-329-ARTI: If we support resumption, we don't need this.
586 if (CONFLUX_NUM_LEGS(cfx) > 0) {
587 if (conflux_get_max_seq_sent(cfx) < leg->last_seq_sent ||
589 full_teardown = true;
590 log_info(LD_CIRC, "Conflux sequence number check failed, "
591 "tearing down entire set.");
592 }
593 }
594
595 /* Cleanup any reference to leg. */
596 if (cfx->curr_leg == leg) {
597 cfx->curr_leg = NULL;
598 full_teardown = true;
599 log_info(LD_CIRC, "Conflux current circuit has closed, "
600 "tearing down entire set.");
601 }
602 if (cfx->prev_leg == leg) {
603 cfx->prev_leg = NULL;
604 }
605
606 tor_free(leg);
607
608 end:
609 return full_teardown;
610}
611
612/** Close the circuit of each legs of the given unlinked object. */
613static void
615{
616 smartlist_t *circ_to_close = NULL;
617
618 tor_assert(unlinked);
619
620 /* Small optimization here, avoid this work if no legs. */
621 if (smartlist_len(unlinked->legs) == 0) {
622 return;
623 }
624
625 /* We will iterate over all legs and put the circuit in its own list and then
626 * mark them for close. The unlinked object gets freed opportunistically once
627 * there is no more legs attached to it and so we can't hold a reference
628 * while closing circuits. */
629 circ_to_close = smartlist_new();
630
631 SMARTLIST_FOREACH(unlinked->legs, leg_t *, leg,
632 smartlist_add(circ_to_close, leg->circ));
633 unlinked = NULL;
634
635 /* The leg gets cleaned up in the circuit close. */
636 SMARTLIST_FOREACH_BEGIN(circ_to_close, circuit_t *, circ) {
637 if (CIRCUIT_IS_ORIGIN(circ)) {
638 tor_assert_nonfatal(circ->purpose == CIRCUIT_PURPOSE_CONFLUX_UNLINKED);
639 }
640 if (!circ->marked_for_close) {
641 circuit_mark_for_close(circ, END_CIRC_REASON_INTERNAL);
642 }
643 } SMARTLIST_FOREACH_END(circ);
644
645 /* Drop the list and ignore its content, we don't have ownership. */
646 smartlist_free(circ_to_close);
647}
648
649/** Either closee all legs of the given unlinked set or delete it from the pool
650 * and free its memory.
651 *
652 * Important: The unlinked object is freed opportunistically when legs are
653 * removed until the point none remains. And so, it is only safe to free the
654 * object if no more legs exist.
655 */
656static void
658{
659 if (!unlinked) {
660 return;
661 }
662
663 /* If we have legs, the circuit close will trigger the unlinked object to be
664 * opportunistically freed. Else, we do it explicitly. */
665 if (smartlist_len(unlinked->legs) > 0) {
666 unlinked_close_all_legs(unlinked);
667 } else {
668 unlinked_pool_del_and_free(unlinked, unlinked->is_client);
669 }
670 /* Either the unlinked object has been freed or the last leg close will free
671 * it so from this point on, nullify for safety reasons. */
672 unlinked = NULL;
673}
674
675/** Upon an error condition or a close of an in-use circuit, we must close all
676 * linked and unlinked circuits associated with a set. When the last leg of
677 * each set is closed, the set is removed from the pool. */
678static void
679conflux_mark_all_for_close(const uint8_t *nonce, bool is_client, int reason)
680{
681 /* It is possible that for a nonce we have both an unlinked set and a linked
682 * set. This happens if there is a recovery leg launched for an existing
683 * linked set. */
684
685 /* Close the unlinked set. */
686 unlinked_circuits_t *unlinked = unlinked_pool_get(nonce, is_client);
687 if (unlinked) {
688 unlinked_close_or_free(unlinked);
689 }
690 /* In case it gets freed, be safe here. */
691 unlinked = NULL;
692
693 /* Close the linked set. It will free itself upon the close of
694 * the last leg. */
695 conflux_t *linked = linked_pool_get(nonce, is_client);
696 if (linked) {
697 if (linked->in_full_teardown) {
698 return;
699 }
700 linked->in_full_teardown = true;
701
702 smartlist_t *circ_to_close = smartlist_new();
703
704 SMARTLIST_FOREACH(linked->legs, conflux_leg_t *, leg,
705 smartlist_add(circ_to_close, leg->circ));
706
707 SMARTLIST_FOREACH(circ_to_close, circuit_t *, circ,
708 circuit_mark_for_close(circ, reason));
709
710 /* Drop the list and ignore its content, we don't have ownership. */
711 smartlist_free(circ_to_close);
712 }
713}
714
715/** Helper: Free function taking a void pointer for the digest256map_free. */
716static inline void
718{
719 unlinked_circuits_t *unlinked = ptr;
720 unlinked_pool_del_and_free(unlinked, unlinked->is_client);
721}
722
723/** Attempt to finalize the unlinked set to become a linked set and be put in
724 * the linked pool.
725 *
726 * If this finalized successfully, the given unlinked object is freed. */
727static link_circ_err_t
729{
730 link_circ_err_t err = ERR_LINK_CIRC_OK;
731 bool is_client;
732
733 tor_assert(unlinked);
734 tor_assert(unlinked->legs);
735 tor_assert(unlinked->cfx);
736 tor_assert(unlinked->cfx->legs);
737
738 /* Without legs, this is not ready to become a linked set. */
739 if (BUG(smartlist_len(unlinked->legs) == 0)) {
740 err = ERR_LINK_CIRC_MISSING_LEG;
741 goto end;
742 }
743
744 /* If there are too many legs, we can't link. */
745 if (smartlist_len(unlinked->legs) +
746 smartlist_len(unlinked->cfx->legs) > conflux_params_get_max_legs_set()) {
747 log_fn(LOG_PROTOCOL_WARN, LD_CIRC,
748 "Conflux set has too many legs to link. "
749 "Rejecting this circuit.");
750 conflux_log_set(LOG_PROTOCOL_WARN, unlinked->cfx, unlinked->is_client);
751 err = ERR_LINK_CIRC_INVALID_LEG;
752 goto end;
753 }
754
755 /* Validate that all legs are coherent and parameters match. On failure, we
756 * teardown the whole unlinked set because this means we either have a code
757 * flow problem or the Exit is trying to trick us. */
758 if (!validate_unlinked_legs(unlinked)) {
759 log_fn(LOG_PROTOCOL_WARN, LD_CIRC,
760 "Conflux unlinked set legs are not validating. Tearing it down.");
761 conflux_mark_all_for_close(unlinked->cfx->nonce, unlinked->is_client,
762 END_CIRC_REASON_TORPROTOCOL);
763 err = ERR_LINK_CIRC_INVALID_LEG;
764 goto end;
765 }
766
767 /* Check all linked status. All need to be true in order to finalize the set
768 * and move it to the linked pool. */
769 SMARTLIST_FOREACH_BEGIN(unlinked->legs, const leg_t *, leg) {
770 /* We are still waiting on a leg. */
771 if (!leg->linked) {
772 log_info(LD_CIRC, "Can't finalize conflux set, still waiting on at "
773 "least one leg to link up.");
774
775 goto end;
776 }
777 } SMARTLIST_FOREACH_END(leg);
778
779 /* Finalize the cfx object by adding all legs into it. */
780 SMARTLIST_FOREACH_BEGIN(unlinked->legs, leg_t *, leg) {
781 /* Removing the leg from the list is important so we avoid ending up with a
782 * leg in the unlinked list that is set with LINKED purpose. */
783 SMARTLIST_DEL_CURRENT(unlinked->legs, leg);
784
785 /* We are ready to attach the leg to the cfx object now. */
786 cfx_add_leg(unlinked->cfx, leg);
787
788 /* Clean the pending nonce and set the conflux object in the circuit. */
789 leg->circ->conflux = unlinked->cfx;
790
791 /* We are done with this leg object. */
792 leg_free(leg);
793 } SMARTLIST_FOREACH_END(leg);
794
795 is_client = unlinked->is_client;
796
797 /* Add the conflux object to the linked pool. For an existing linked cfx
798 * object, we'll simply replace it with itself. */
799 linked_pool_add(unlinked->cfx, is_client);
800
801 /* Remove it from the unlinked pool. */
802 unlinked_pool_del(unlinked, is_client);
803
804 /* We don't recover a leg when it is linked but if we would like to support
805 * session ressumption, this would be very important in order to allow new
806 * legs to be created/recovered. */
807 unlinked->cfx->num_leg_launch = 0;
808
809 /* Nullify because we are about to free the unlinked object and the cfx has
810 * moved to all circuits. */
811 unlinked->cfx = NULL;
812 unlinked_free(unlinked);
813
814 log_info(LD_CIRC,
815 "Successfully linked a conflux %s set which is now usable.",
816 is_client ? "client" : "relay");
817
818 end:
819 return err;
820}
821
822/** Record the RTT for this client circuit.
823 *
824 * Return the RTT value. UINT64_MAX is returned if we couldn't find the initial
825 * measurement of when the cell was sent or if the leg is missing. */
826static uint64_t
828{
829 tor_assert(circ);
832
833 leg_t *leg = unlinked_leg_find(circ, true);
834
835 if (BUG(!leg || leg->link_sent_usec == 0)) {
836 log_warn(LD_BUG,
837 "Conflux: Trying to record client RTT without a timestamp");
838 goto err;
839 }
840
841 uint64_t now = monotime_absolute_usec();
842 tor_assert_nonfatal(now >= leg->link_sent_usec);
843 leg->rtt_usec = now - leg->link_sent_usec;
844 if (leg->rtt_usec == 0) {
845 log_warn(LD_CIRC, "Clock appears stalled for conflux.");
846 // TODO-329-TUNING: For now, let's accept this case. We need to do
847 // tuning and clean up the tests such that they use RTT in order to
848 // fail here.
849 //goto err;
850 }
851 return leg->rtt_usec;
852
853 err:
854 // Avoid using this leg until a timestamp comes in
855 if (leg)
856 leg->rtt_usec = UINT64_MAX;
857 return UINT64_MAX;
858}
859
860/** Record the RTT for this Exit circuit.
861 *
862 * Return the RTT value. UINT64_MAX is returned if we couldn't find the initial
863 * measurement of when the cell was sent or if the leg is missing. */
864
865static uint64_t
867{
868 tor_assert(circ);
869 tor_assert(circ->conflux);
871
872 conflux_leg_t *leg = conflux_get_leg(circ->conflux, circ);
873
874 if (BUG(!leg || leg->linked_sent_usec == 0)) {
875 log_warn(LD_BUG,
876 "Conflux: Trying to record exit RTT without a timestamp");
877 goto err;
878 }
879
880 uint64_t now = monotime_absolute_usec();
881 tor_assert_nonfatal(now >= leg->linked_sent_usec);
882 leg->circ_rtts_usec = now - leg->linked_sent_usec;
883
884 if (leg->circ_rtts_usec == 0) {
885 log_warn(LD_CIRC, "Clock appears stalled for conflux.");
886 goto err;
887 }
888 return leg->circ_rtts_usec;
889
890 err:
891 if (leg)
892 leg->circ_rtts_usec = UINT64_MAX;
893 return UINT64_MAX;
894}
895
896/** For the given circuit, record the RTT from when the LINK or LINKED cell was
897 * sent that is this function works for either client or Exit.
898 *
899 * Return false if the RTT is too high for our standard else true. */
900static bool
901record_rtt(const circuit_t *circ, bool is_client)
902{
903 uint64_t rtt_usec;
904
905 tor_assert(circ);
906
907 if (is_client) {
908 rtt_usec = record_rtt_client(circ);
909
910 if (rtt_usec == UINT64_MAX)
911 return false;
912
913 if (rtt_usec >= get_circuit_build_timeout_ms()*1000) {
914 log_info(LD_CIRC, "Conflux leg RTT is above circuit build time out "
915 "currently at %f msec. Relaunching.",
917 return false;
918 }
919 } else {
920 rtt_usec = record_rtt_exit(circ);
921 }
922
923 return true;
924}
925
926/** Link the given circuit within its unlinked set. This is called when either
927 * the LINKED or LINKED_ACK is received depending on which side of the circuit
928 * it is.
929 *
930 * It attempts to finalize the unlinked set as well which, if successful, puts
931 * it in the linked pool. */
932static link_circ_err_t
934{
935 link_circ_err_t err = ERR_LINK_CIRC_OK;
936 unlinked_circuits_t *unlinked = NULL;
937 bool is_client = false;
938
939 tor_assert(circ);
940 if (CIRCUIT_IS_ORIGIN(circ)) {
941 tor_assert_nonfatal(circ->purpose == CIRCUIT_PURPOSE_CONFLUX_UNLINKED);
942 is_client = true;
943 }
944
945 unlinked = unlinked_pool_get(circ->conflux_pending_nonce, is_client);
946 if (BUG(!unlinked)) {
947 log_warn(LD_BUG, "Failed to find the unlinked set %s when linking. "
948 "Closing circuit.",
950 err = ERR_LINK_CIRC_MISSING_SET;
951 goto end;
952 }
953
954 leg_t *leg = leg_find(unlinked, circ);
955 if (BUG(!leg)) {
956 /* Failure to find the leg when linking a circuit is an important problem
957 * so log loudly and error. */
958 log_warn(LD_BUG, "Failed to find leg for the unlinked set %s when "
959 "linking. Closing circuit.",
960 fmt_nonce(unlinked->cfx->nonce));
961 err = ERR_LINK_CIRC_MISSING_LEG;
962 goto end;
963 }
964
965 /* Successful link. Attempt to finalize the set in case this was the last
966 * LINKED or LINKED_ACK cell to receive. */
967 leg->linked = true;
968 err = try_finalize_set(unlinked);
969
970 end:
971 return err;
972}
973
974/** Launch a brand new set.
975 *
976 * Return true if all legs successfully launched or false if one failed. */
977STATIC bool
978launch_new_set(int num_legs)
979{
980 uint8_t nonce[DIGEST256_LEN];
981
982 /* Brand new nonce for this set. */
983 crypto_rand((char *) nonce, sizeof(nonce));
984
985 /* Launch all legs. */
986 for (int i = 0; i < num_legs; i++) {
987 if (!conflux_launch_leg(nonce)) {
988 /* This function cleans up entirely the unlinked set if a leg is unable
989 * to be launched. The recovery would be complex here. */
990 goto err;
991 }
992 }
993
994 return true;
995
996 err:
997 return false;
998}
999
1000static unlinked_circuits_t *
1001unlinked_get_or_create(const uint8_t *nonce, bool is_client)
1002{
1003 unlinked_circuits_t *unlinked;
1004
1005 tor_assert(nonce);
1006
1007 unlinked = unlinked_pool_get(nonce, is_client);
1008 if (!unlinked) {
1009 unlinked = unlinked_new(nonce, is_client);
1010
1011 /* If this is a leg of an existing linked set, use that conflux object
1012 * instead so all legs point to the same. It is put in the leg's circuit
1013 * once the link is confirmed. */
1014 conflux_t *cfx = linked_pool_get(nonce, is_client);
1015 if (cfx) {
1016 conflux_free(unlinked->cfx);
1017 unlinked->cfx = cfx;
1018 unlinked->is_for_linked_set = true;
1019 }
1020 /* Add this set to the unlinked pool. */
1021 unlinked_pool_add(unlinked, is_client);
1022 }
1023
1024 return unlinked;
1025}
1026
1027/**
1028 * On the client side, we need to determine if there is already
1029 * an exit in use for this set, and if so, use that.
1030 *
1031 * Otherwise, we return NULL and the exit is decided by the
1032 * circuitbuild.c code.
1033 */
1034static extend_info_t *
1035get_exit_for_nonce(const uint8_t *nonce)
1036{
1037 extend_info_t *exit = NULL;
1038
1039 tor_assert(nonce);
1040
1041 // First, check the linked pool for the nonce
1042 const conflux_t *cfx = linked_pool_get(nonce, true);
1043 if (cfx) {
1044 tor_assert(cfx->legs);
1045 /* Get the exit from the first leg */
1046 conflux_leg_t *leg = smartlist_get(cfx->legs, 0);
1047 tor_assert(leg);
1048 tor_assert(leg->circ);
1051 tor_assert(exit);
1052 } else {
1053 unlinked_circuits_t *unlinked = NULL;
1054 unlinked = unlinked_pool_get(nonce, true);
1055
1056 if (unlinked) {
1057 tor_assert(unlinked->legs);
1058 if (smartlist_len(unlinked->legs) > 0) {
1059 /* Get the exit from the first leg */
1060 leg_t *leg = smartlist_get(unlinked->legs, 0);
1061 tor_assert(leg);
1062 tor_assert(leg->circ);
1063 tor_assert(TO_ORIGIN_CIRCUIT(leg->circ)->cpath);
1064 exit = TO_ORIGIN_CIRCUIT(leg->circ)->cpath->prev->extend_info;
1065 tor_assert(exit);
1066 }
1067 }
1068 }
1069
1070 return exit;
1071}
1072
1073/**
1074 * Return the currently configured client UX.
1075 */
1076static uint8_t
1078{
1079#ifdef TOR_UNIT_TESTS
1080 return DEFAULT_CLIENT_UX;
1081#else
1082 const or_options_t *opt = get_options();
1083 tor_assert(opt);
1084 (void)DEFAULT_CLIENT_UX;
1085
1086 /* Return the UX */
1087 return opt->ConfluxClientUX;
1088#endif
1089}
1090
1091/** Return true iff the given conflux object is allowed to launch a new leg. If
1092 * the cfx object is NULL, then it is always allowed to launch a new leg. */
1093static bool
1095{
1096 if (!cfx) {
1097 goto allowed;
1098 }
1099
1100 /* The maximum number of retry is the minimum number of legs we are allowed
1101 * per set plus the maximum amount of retries we are allowed to do. */
1102 unsigned int max_num_launch =
1105
1106 /* Only log once per nonce if we've reached the maximum. */
1107 if (cfx->num_leg_launch == max_num_launch) {
1108 log_info(LD_CIRC, "Maximum number of leg launch reached for nonce %s",
1109 fmt_nonce(cfx->nonce));
1110 }
1111
1112 if (cfx->num_leg_launch >= max_num_launch) {
1113 return false;
1114 }
1115
1116 allowed:
1117 return true;
1118}
1119
1120/*
1121 * Public API.
1122 */
1123
1124/** Launch a new conflux leg for the given nonce.
1125 *
1126 * Return true on success else false which teardowns the entire unlinked set if
1127 * any. */
1128bool
1129conflux_launch_leg(const uint8_t *nonce)
1130{
1133 unlinked_circuits_t *unlinked = NULL;
1134 extend_info_t *exit = NULL;
1135
1136 tor_assert(nonce);
1137
1138 /* Get or create a new unlinked object for this leg. */
1139 unlinked = unlinked_get_or_create(nonce, true);
1140 tor_assert(unlinked);
1141
1142 /* If we have an existing linked set, validate the number of leg retries
1143 * before attempting the launch. */
1144 if (!launch_leg_is_allowed(unlinked->cfx)) {
1145 goto err;
1146 }
1147
1148 exit = get_exit_for_nonce(nonce);
1149
1150 if (exit) {
1151 log_info(LD_CIRC, "Launching conflux leg for nonce %s.", fmt_nonce(nonce));
1152 } else {
1153 log_info(LD_CIRC, "Launching new conflux set for nonce %s.",
1154 fmt_nonce(nonce));
1155 }
1156
1157 /* Increase the retry count for this conflux object as in this nonce.
1158 * We must do this now, because some of the maze's early failure paths
1159 * call right back into this function for relaunch. */
1160 unlinked->cfx->num_leg_launch++;
1161
1162 origin_circuit_t *circ =
1164 exit, flags);
1165 if (!circ) {
1166 goto err;
1167 }
1168 tor_assert(TO_CIRCUIT(circ)->conflux_pending_nonce);
1169
1170 /* At this point, the unlinked object has either a new conflux_t or the one
1171 * used by a linked set so it is fine to use the cfx from the unlinked object
1172 * from now on. */
1173
1174 /* Get the max_seq_sent and recv from the linked pool, if it exists, and pass
1175 * to new link cell. */
1176 uint64_t last_seq_sent = conflux_get_max_seq_sent(unlinked->cfx);
1177 uint64_t last_seq_recv = unlinked->cfx->last_seq_delivered;
1178
1179 // TODO-329-ARTI: To support resumption/retransmit, the client should store
1180 // the last_seq_sent now, so that it can know how much data to retransmit to
1181 // the server after link. C-Tor will not be implementing this, but arti and
1182 // arti-relay could (if resumption seems worthwhile; it may not be worth the
1183 // memory storage there, either).
1184
1185 /* We have a circuit, create the new leg and attach it to the set. */
1186 leg_t *leg = leg_new(TO_CIRCUIT(circ),
1187 conflux_cell_new_link(nonce,
1188 last_seq_sent, last_seq_recv,
1189 get_client_ux()));
1190
1191 unlinked_leg_add(unlinked, leg);
1192 return true;
1193
1194 err:
1195 return false;
1196}
1197
1198/**
1199 * Add the identity digest of the guard nodes of all legs of the conflux
1200 * circuit.
1201 *
1202 * This function checks both pending and linked conflux circuits.
1203 */
1204void
1206 smartlist_t *excluded)
1207{
1208 tor_assert(orig_circ);
1209 tor_assert(excluded);
1210
1211 /* Ease our lives. */
1212 const circuit_t *circ = TO_CIRCUIT(orig_circ);
1213
1214 /* Ignore if this is not conflux related. */
1215 if (!CIRCUIT_IS_CONFLUX(circ)) {
1216 return;
1217 }
1218
1219 /* When building a circuit, we should not have a conflux object
1220 * ourselves (though one may exist elsewhere). */
1221 tor_assert(!circ->conflux);
1222
1223 /* Getting here without a nonce is a code flow issue. */
1224 if (BUG(!circ->conflux_pending_nonce)) {
1225 return;
1226 }
1227
1228 /* If there is only one bridge, then only issue a warn once that
1229 * at least two bridges are best for conflux. Exempt Snowflake
1230 * from this warn */
1231 if (get_options()->UseBridges && !conflux_can_exclude_used_bridges()) {
1232 /* Do not build any exclude lists; not enough bridges */
1233 return;
1234 }
1235
1236 /* A linked set exists, use it. */
1237 const conflux_t *cfx = linked_pool_get(circ->conflux_pending_nonce, true);
1238 if (cfx) {
1239 CONFLUX_FOR_EACH_LEG_BEGIN(cfx, leg) {
1240 const origin_circuit_t *ocirc = CONST_TO_ORIGIN_CIRCUIT(leg->circ);
1241 smartlist_add(excluded,
1242 tor_memdup(ocirc->cpath->extend_info->identity_digest,
1243 DIGEST_LEN));
1244 } CONFLUX_FOR_EACH_LEG_END(leg);
1245 }
1246
1247 /* An unlinked set might exist for this nonce, if so, add the second hop of
1248 * the existing legs to the exclusion list. */
1249 unlinked_circuits_t *unlinked =
1251 if (unlinked) {
1252 tor_assert(unlinked->is_client);
1253 SMARTLIST_FOREACH_BEGIN(unlinked->legs, leg_t *, leg) {
1254 /* Convert to origin circ and get cpath */
1255 const origin_circuit_t *ocirc = CONST_TO_ORIGIN_CIRCUIT(leg->circ);
1256 smartlist_add(excluded,
1257 tor_memdup(ocirc->cpath->extend_info->identity_digest,
1258 DIGEST_LEN));
1259 } SMARTLIST_FOREACH_END(leg);
1260 }
1261}
1262
1263/**
1264 * Add the identity digest of the middle nodes of all legs of the conflux
1265 * circuit.
1266 *
1267 * This function checks both pending and linked conflux circuits.
1268 *
1269 * XXX: The add guard and middle could be merged since it is the exact same
1270 * code except for the cpath position and the identity digest vs node_t in
1271 * the list. We could use an extra param indicating guard or middle. */
1272void
1274 smartlist_t *excluded)
1275{
1276 tor_assert(orig_circ);
1277 tor_assert(excluded);
1278
1279 /* Ease our lives. */
1280 const circuit_t *circ = TO_CIRCUIT(orig_circ);
1281
1282 /* Ignore if this is not conflux related. */
1283 if (!CIRCUIT_IS_CONFLUX(circ)) {
1284 return;
1285 }
1286
1287 /* When building a circuit, we should not have a conflux object
1288 * ourselves (though one may exist elsewhere). */
1289 tor_assert(!circ->conflux);
1290
1291 /* Getting here without a nonce is a code flow issue. */
1292 if (BUG(!circ->conflux_pending_nonce)) {
1293 return;
1294 }
1295
1296 /* A linked set exists, use it. */
1297 const conflux_t *cfx = linked_pool_get(circ->conflux_pending_nonce, true);
1298 if (cfx) {
1299 CONFLUX_FOR_EACH_LEG_BEGIN(cfx, leg) {
1300 const origin_circuit_t *ocirc = CONST_TO_ORIGIN_CIRCUIT(leg->circ);
1303 if (node) {
1304 smartlist_add(excluded, node);
1305 }
1306 } CONFLUX_FOR_EACH_LEG_END(leg);
1307 }
1308
1309 /* An unlinked set might exist for this nonce, if so, add the second hop of
1310 * the existing legs to the exclusion list. */
1311 unlinked_circuits_t *unlinked =
1313 if (unlinked) {
1314 tor_assert(unlinked->is_client);
1315 SMARTLIST_FOREACH_BEGIN(unlinked->legs, leg_t *, leg) {
1316 /* Convert to origin circ and get cpath */
1317 const origin_circuit_t *ocirc = CONST_TO_ORIGIN_CIRCUIT(leg->circ);
1320 if (node) {
1321 smartlist_add(excluded, node);
1322 }
1323 } SMARTLIST_FOREACH_END(leg);
1324 }
1325}
1326
1327/** Return the number of unused client linked set. */
1328static int
1330{
1331 int count = 0;
1332
1333 DIGEST256MAP_FOREACH(client_linked_pool, key, conflux_t *, cfx) {
1334 conflux_leg_t *leg = smartlist_get(cfx->legs, 0);
1335 if (BUG(!leg->circ)) {
1336 log_warn(LD_BUG, "Client conflux linked set leg without a circuit");
1337 continue;
1338 }
1339
1340 /* The maze marks circuits used several different ways. If any of
1341 * them are marked for this leg, launch a new one. */
1342 if (!CONST_TO_ORIGIN_CIRCUIT(leg->circ)->unusable_for_new_conns &&
1343 !CONST_TO_ORIGIN_CIRCUIT(leg->circ)->isolation_values_set &&
1344 !leg->circ->timestamp_dirty) {
1345 count++;
1346 }
1347 } DIGEST256MAP_FOREACH_END;
1348
1349 return count;
1350}
1351
1352/** Determine if we need to launch new conflux circuits for our preemptive
1353 * pool.
1354 *
1355 * This is called once a second from the mainloop from
1356 * circuit_predict_and_launch_new(). */
1357void
1359{
1360 (void) now;
1361
1362 /* If conflux is disabled, or we have insufficient consensus exits,
1363 * don't prebuild. */
1364 if (!conflux_is_enabled(NULL) ||
1365 router_have_consensus_path() != CONSENSUS_PATH_EXIT) {
1366 return;
1367 }
1368
1369 /* Don't attempt to build a new set if we are above our allowed maximum of
1370 * linked sets. */
1371 if (digest256map_size(client_linked_pool) >=
1373 return;
1374 }
1375
1376 /* Count the linked and unlinked to get the total number of sets we have
1377 * (will have). */
1378 int num_linked = count_client_usable_sets();
1379 int num_unlinked = digest256map_size(client_unlinked_pool);
1380 int num_set = num_unlinked + num_linked;
1381 int max_prebuilt = conflux_params_get_max_prebuilt();
1382
1383 if (num_set >= max_prebuilt) {
1384 return;
1385 }
1386
1387 log_info(LD_CIRC, "Preemptively launching new conflux circuit set(s). "
1388 "We have %d linked and %d unlinked.",
1389 num_linked, num_unlinked);
1390
1391 for (int i = 0; i < (max_prebuilt - num_set); i++) {
1393 /* Failing once likely means we'll fail next attempt so stop for now and
1394 * we'll try later. */
1395 break;
1396 }
1397 }
1398}
1399
1400/** Return the first circuit from the linked pool that will work with the conn.
1401 * If no such circuit exists, return NULL. */
1404{
1405 /* Use conn to check the exit policy of the first circuit
1406 * of each set in the linked pool. */
1407 tor_assert(conn);
1408
1409 DIGEST256MAP_FOREACH(client_linked_pool, key, conflux_t *, cfx) {
1410 /* Get the first circuit of the set. */
1411 conflux_leg_t *leg = smartlist_get(cfx->legs, 0);
1412 tor_assert(leg);
1413 tor_assert(leg->circ);
1414
1415 /* Bug on these but we can recover. */
1416 if (BUG(leg->circ->purpose != CIRCUIT_PURPOSE_CONFLUX_LINKED)) {
1417 continue;
1418 }
1419 if (BUG(!CIRCUIT_IS_ORIGIN(leg->circ))) {
1420 continue;
1421 }
1423
1424 /* Make sure the connection conforms with the exit policy and the isolation
1425 * flags also allows it. */
1426 if (!circuit_is_acceptable(ocirc, conn, 1 /* Must be open */,
1427 CIRCUIT_PURPOSE_CONFLUX_LINKED,
1428 1 /* Need uptime */,
1429 0 /* No need for internal */, now)) {
1430 continue;
1431 }
1432
1433 /* Found a circuit that works. */
1434 return ocirc;
1435 } DIGEST256MAP_FOREACH_END;
1436
1437 return NULL;
1438}
1439
1440/** The given circuit is conflux pending and has closed. This deletes the leg
1441 * from the set, attempt to finalize it and relaunch a new leg. If the set is
1442 * empty after removing this leg, it is deleted. */
1443static void
1445{
1446 uint8_t nonce[DIGEST256_LEN];
1447 unlinked_circuits_t *unlinked = NULL;
1448 bool is_client = false;
1449
1450 tor_assert(circ);
1452
1453 if (CIRCUIT_IS_ORIGIN(circ)) {
1454 tor_assert_nonfatal(circ->purpose == CIRCUIT_PURPOSE_CONFLUX_UNLINKED);
1455 is_client = true;
1456 }
1457
1458 unlinked = unlinked_pool_get(circ->conflux_pending_nonce, is_client);
1459
1460 /* This circuit is part of set that has already been removed previously freed
1461 * by another leg closing. */
1462 if (!unlinked) {
1463 return;
1464 }
1465
1466 /* We keep the nonce here because we will try to recover if we can and the
1467 * pending nonce will get nullified early. */
1468 memcpy(nonce, circ->conflux_pending_nonce, sizeof(nonce));
1469
1470 log_info(LD_CIRC, "Conflux unlinked circuit with nonce %s has closed",
1471 fmt_nonce(nonce));
1472
1473 /* Remove leg from set. */
1474 unlinked_leg_del_and_free(unlinked, circ);
1475 /* The circuit pending nonce has been nullified at this point. */
1476
1477 /* If no more legs, opportunistically free the unlinked set. */
1478 if (smartlist_len(unlinked->legs) == 0) {
1479 unlinked_pool_del_and_free(unlinked, is_client);
1480 } else if (!shutting_down) {
1481 /* Launch a new leg for this set to recover. */
1482 if (CIRCUIT_IS_ORIGIN(circ)) {
1483 conflux_launch_leg(nonce);
1484 }
1485 }
1486 /* After this, it might have been freed. */
1487 unlinked = NULL;
1488
1489 /* Unlinked circuits should not have attached streams, but check
1490 * anyway, because The Maze. */
1492}
1493
1494/** Update all stream pointers to point to this circuit.
1495 * This is used when a linked circuit is closed and we need to update the
1496 * streams to point to the remaining circuit
1497 */
1498static void
1500{
1501 tor_assert(circ);
1502 tor_assert_nonfatal(circ->conflux);
1503
1504 if (CIRCUIT_IS_ORIGIN(circ)) {
1505 origin_circuit_t *ocirc = TO_ORIGIN_CIRCUIT(circ);
1506 tor_assert_nonfatal(circ->purpose == CIRCUIT_PURPOSE_CONFLUX_LINKED);
1507 /* Iterate over stream list using next_stream pointer, until null */
1508 for (edge_connection_t *stream = ocirc->p_streams; stream;
1509 stream = stream->next_stream) {
1510 /* Update the circuit pointer of each stream */
1511 stream->on_circuit = circ;
1512 stream->cpath_layer = ocirc->cpath->prev;
1513 }
1514 } else {
1515 or_circuit_t *orcirc = TO_OR_CIRCUIT(circ);
1516 /* Iterate over stream list using next_stream pointer, until null */
1517 for (edge_connection_t *stream = orcirc->n_streams; stream;
1518 stream = stream->next_stream) {
1519 /* Update the circuit pointer of each stream */
1520 stream->on_circuit = circ;
1521 }
1522 /* Iterate over stream list using next_stream pointer, until null */
1523 for (edge_connection_t *stream = orcirc->resolving_streams; stream;
1524 stream = stream->next_stream) {
1525 /* Update the circuit pointer of each stream */
1526 stream->on_circuit = circ;
1527 }
1528 }
1529}
1530
1531/** Nullify all streams of the given circuit. */
1532static void
1534{
1535 tor_assert(circ);
1536
1537 if (CIRCUIT_IS_ORIGIN(circ)) {
1538 origin_circuit_t *ocirc = TO_ORIGIN_CIRCUIT(circ);
1539 ocirc->p_streams = NULL;
1540 ocirc->half_streams = NULL;
1541 } else {
1542 or_circuit_t *orcirc = TO_OR_CIRCUIT(circ);
1543 orcirc->n_streams = NULL;
1544 orcirc->resolving_streams = NULL;
1545 }
1546}
1547
1548/** The given circuit is already linked to a set and has been closed. Remove it
1549 * from the set and free the pool if no more legs. */
1550static void
1552{
1553 bool is_client = false;
1554 bool full_teardown = false;
1555 uint8_t nonce[DIGEST256_LEN] = {0};
1556
1557 tor_assert(circ);
1558 tor_assert(circ->conflux);
1559
1560 if (CIRCUIT_IS_ORIGIN(circ)) {
1561 tor_assert_nonfatal(circ->purpose == CIRCUIT_PURPOSE_CONFLUX_LINKED);
1562 is_client = true;
1563 }
1564
1565 /* Unlink circuit from its conflux object. */
1566 full_teardown = cfx_del_leg(circ->conflux, circ);
1567
1568 if (CONFLUX_NUM_LEGS(circ->conflux) == 0) {
1569 /* Last leg, remove conflux object from linked set. */
1570 linked_pool_del(circ->conflux->nonce, is_client);
1571 } else {
1572 /* If there are other circuits, update streams backpointers and
1573 * nullify the stream lists. We do not free those streams in circuit_free_.
1574 * (They only get freed when the last circuit is freed). */
1575 conflux_leg_t *leg = smartlist_get(circ->conflux->legs, 0);
1578 }
1579
1580 /* Keep the nonce so we can use it through out the rest of the function in
1581 * case we nullify the conflux object before. Reason is that in the case of a
1582 * full teardown, this function becomes basically recursive and so we must
1583 * nullify the conflux object of this circuit now before the recursiveness
1584 * starts leading to all legs being removed and thus not noticing if we are
1585 * the last or the first.
1586 *
1587 * Not the prettiest but that is the price to pay to live in the C-tor maze
1588 * and protected by ballrogs. */
1589 memcpy(nonce, circ->conflux->nonce, sizeof(nonce));
1590
1591 /* Nullify the conflux object from the circuit being closed iff we have more
1592 * legs. Reason being that the last leg needs to have the conflux object
1593 * attached to the circuit so it can be freed in conflux_circuit_free(). */
1594 if (CONFLUX_NUM_LEGS(circ->conflux) > 0) {
1595 circ->conflux = NULL;
1596 }
1597
1598 /* If this was a teardown condition, we need to mark other circuits,
1599 * including any potential unlinked circuits, for close.
1600 *
1601 * This call is recursive in the sense that linked_circuit_closed() will end
1602 * up being called for all legs and so by the time we come back here, the
1603 * linked is likely entirely gone. Thus why this is done last. */
1604 if (full_teardown) {
1605 conflux_mark_all_for_close(nonce, is_client, END_CIRC_REASON_FINISHED);
1606 }
1607}
1608
1609/** The given circuit is being freed and it is a linked leg. Clean up and free
1610 * anything that has to do with this circuit.
1611 *
1612 * After this call, the circuit should NOT be referenced anymore anywhere. */
1613static void
1614linked_circuit_free(circuit_t *circ, bool is_client)
1615{
1616 tor_assert(circ);
1617 tor_assert(circ->conflux);
1618 tor_assert(circ->conflux->legs);
1619 tor_assert(circ->conflux->ooo_q);
1620
1621 if (is_client) {
1622 tor_assert(circ->purpose == CIRCUIT_PURPOSE_CONFLUX_LINKED);
1623 }
1624
1625 /* Circuit can be freed without being closed and so we try to delete this leg
1626 * so we can learn if this circuit is the last leg or not. */
1627 if (cfx_del_leg(circ->conflux, circ)) {
1628 /* Check for instances of bug #40870, which we suspect happen
1629 * during exit. If any happen outside of exit, BUG and warn. */
1630 if (!circ->conflux->in_full_teardown) {
1631 /* We should bug and warn if we're not in a shutdown process; that
1632 * means we got here somehow without a close. */
1633 if (BUG(!shutting_down)) {
1634 log_warn(LD_BUG,
1635 "Conflux circuit %p being freed without being marked for "
1636 "full teardown via close, with shutdown state %d. "
1637 "Please report this.", circ, shutting_down);
1638 conflux_log_set(LOG_WARN, circ->conflux, is_client);
1639 }
1640 circ->conflux->in_full_teardown = true;
1641 }
1642 }
1643
1644 if (CONFLUX_NUM_LEGS(circ->conflux) > 0) {
1645 /* The last leg will free the streams but until then, we nullify to avoid
1646 * use-after-free. */
1648 } else {
1649 /* We are the last leg. */
1650
1651 /* Remove from pool in case it is still lingering there else we'll end up
1652 * in a double free situation. */
1653 linked_pool_del(circ->conflux->nonce, is_client);
1654
1655 /* If there is an unlinked circuit that was also created for this set, we
1656 * need to look for it, and tell it is no longer part of a linked set
1657 * anymore, so it can be freed properly, or can complete the link if it is
1658 * able to. Effectively, the conflux_t object lifetime is longer than
1659 * either the linked or unlinked sets by themselves. This is a situation we
1660 * could cover with handles, but so far, it is not clear they are an
1661 * obvious benefit for other cases than this one. */
1662 unlinked_circuits_t *unlinked =
1663 unlinked_pool_get(circ->conflux->nonce, is_client);
1664 if (unlinked) {
1665 tor_assert(unlinked->is_for_linked_set);
1666 unlinked->is_for_linked_set = false;
1667 } else {
1668 /* We are the last one, clear the conflux object. If an unlinked object
1669 * has a reference to it, it won't get freed due to is_for_linked_set
1670 * flag. */
1671 conflux_free(circ->conflux);
1672 }
1673 }
1674}
1675
1676/** The given circuit is being freed and it is an unlinked leg. Clean up and
1677 * free anything that has to do with this circuit.
1678 *
1679 * After this call, the circuit should NOT be referenced anymore anywhere. */
1680static void
1681unlinked_circuit_free(circuit_t *circ, bool is_client)
1682{
1683 tor_assert(circ);
1685 if (is_client) {
1687 }
1688
1689 /* Cleanup circuit reference if a leg exists. This is possible if the circuit
1690 * was not marked for close before being freed. */
1691 leg_t *leg = unlinked_leg_find(circ, is_client);
1692 if (leg) {
1693 leg->circ = NULL;
1694 }
1695
1696 /* Null pointers are safe here. */
1698}
1699
1700/** Circuit has been marked for close. */
1701void
1703{
1704 /* The unlinked case. If an unlinked set exists, we delete the leg and then
1705 * attempt to finalize it. After that, we'll launch a new leg to recover. */
1706 if (circ->conflux_pending_nonce) {
1708 } else if (circ->conflux) {
1710 }
1711}
1712
1713/** Circuit with conflux purpose just opened. */
1714void
1716{
1717 circuit_t *circ = NULL;
1718 leg_t *leg = NULL;
1719
1720 tor_assert(orig_circ);
1721
1722 circ = TO_CIRCUIT(orig_circ);
1723
1724 /* Extra safety layer so we never let a circuit opens if conflux is not
1725 * enabled. */
1726 if (!conflux_is_enabled(circ)) {
1727 circuit_mark_for_close(circ, END_CIRC_REASON_TORPROTOCOL);
1728 static ratelim_t conflux_ratelim = RATELIM_INIT(600);
1729 log_fn_ratelim(&conflux_ratelim, LOG_NOTICE, LD_CIRC,
1730 "Conflux circuit opened without negotiating "
1731 "congestion control");
1732 return;
1733 }
1734
1735 /* Unrelated to conflux. */
1736 if (circ->conflux_pending_nonce == NULL) {
1737 goto end;
1738 }
1739
1740 log_info(LD_CIRC, "Conflux circuit has opened with nonce %s",
1742
1743 leg = unlinked_leg_find(circ, true);
1744 if (BUG(!leg)) {
1745 log_warn(LD_CIRC, "Unable to find conflux leg in unlinked set.");
1746 goto end;
1747 }
1748
1749 /* On failure here, the circuit is closed and thus the leg and unlinked set
1750 * will be cleaned up. */
1751 if (!conflux_cell_send_link(leg->link, orig_circ)) {
1752 goto end;
1753 }
1754
1755 /* Mark the leg on when the LINK cell is sent. Used to timeout the circuit
1756 * for a minimum RTT when getting the LINKED. */
1757 leg->link_sent_usec = monotime_absolute_usec();
1758
1759 end:
1761 return;
1762}
1763
1764/** Process a CONFLUX_LINK cell which arrived on the given circuit. */
1765void
1767 const uint16_t cell_len)
1768{
1769 unlinked_circuits_t *unlinked = NULL;
1770 conflux_cell_link_t *link = NULL;
1771
1772 tor_assert(circ);
1773 tor_assert(cell);
1774
1775 if (!conflux_is_enabled(circ)) {
1776 circuit_mark_for_close(circ, END_CIRC_REASON_TORPROTOCOL);
1777 goto end;
1778 }
1779
1780 /* This cell can't be received on an origin circuit because only the endpoint
1781 * creating the circuit sends it. */
1782 if (CIRCUIT_IS_ORIGIN(circ)) {
1783 log_fn(LOG_PROTOCOL_WARN, LD_CIRC,
1784 "Got a CONFLUX_LINK cell on an origin circuit. Closing circuit.");
1785 circuit_mark_for_close(circ, END_CIRC_REASON_TORPROTOCOL);
1786 goto end;
1787 }
1788
1789 if (!conflux_validate_source_hop(circ, NULL)) {
1790 log_fn(LOG_PROTOCOL_WARN, LD_CIRC,
1791 "Got a CONFLUX_LINK with further hops. Closing circuit.");
1792 circuit_mark_for_close(circ, END_CIRC_REASON_TORPROTOCOL);
1793 goto end;
1794 }
1795
1796 if (circ->conflux_pending_nonce) {
1797 log_fn(LOG_PROTOCOL_WARN, LD_CIRC,
1798 "Got a CONFLUX_LINK on a circuit with a pending nonce. "
1799 "Closing circuit.");
1800 circuit_mark_for_close(circ, END_CIRC_REASON_TORPROTOCOL);
1801 goto end;
1802 }
1803
1804 if (circ->conflux) {
1805 log_fn(LOG_PROTOCOL_WARN, LD_CIRC,
1806 "Got a CONFLUX_LINK on an already linked circuit "
1807 "Closing circuit.");
1808 circuit_mark_for_close(circ, END_CIRC_REASON_TORPROTOCOL);
1809 goto end;
1810 }
1811
1812 /* On errors, logging is emitted in this parsing function. */
1813 link = conflux_cell_parse_link(cell, cell_len);
1814 if (!link) {
1815 log_fn(LOG_PROTOCOL_WARN, LD_CIRC, "Unable to parse "
1816 "CONFLUX_LINK cell. Closing circuit.");
1817 circuit_mark_for_close(circ, END_CIRC_REASON_TORPROTOCOL);
1818 goto end;
1819 }
1820
1821 log_info(LD_CIRC, "Processing a CONFLUX_LINK for set %s",
1822 fmt_nonce(link->nonce));
1823
1824 /* Consider this circuit a new leg. We'll now attempt to attach it to an
1825 * existing set or unlinked one. */
1826 leg_t *leg = leg_new(circ, link);
1827 unlinked = unlinked_get_or_create(link->nonce, false);
1828 tor_assert(unlinked);
1829
1830 /* Attach leg to the unlinked set. */
1831 unlinked_leg_add(unlinked, leg);
1832
1833 /* Set the circuit in a pending conflux state for the LINKED_ACK. */
1834 circ->conflux_pending_nonce = tor_memdup(leg->link->nonce,
1835 sizeof(leg->link->nonce));
1836
1837 /* Mark when we send the LINKED. */
1838 leg->link_sent_usec = monotime_absolute_usec();
1839
1840 /* Send LINKED. */
1841 uint64_t last_seq_sent = conflux_get_max_seq_sent(unlinked->cfx);
1842 uint64_t last_seq_recv = unlinked->cfx->last_seq_delivered;
1843
1844 // TODO-329-ARTI: To support resumption/retransmit, the server should
1845 // store the last_seq_sent now, so that it can know how much data
1846 // to retransmit to the server after link. C-Tor will not be implementing
1847 // this, but arti and arti-relay could (if resumption seems worthwhile;
1848 // it may not be worth the memory storage there, either).
1849
1850 uint8_t nonce[DIGEST256_LEN];
1851 memcpy(nonce, circ->conflux_pending_nonce, sizeof(nonce));
1852
1853 /* Link the circuit to the a conflux set immediately before the LINKED is
1854 * sent. Reason is that once the client sends the LINKED_ACK, there is a race
1855 * with the BEGIN cell that can be sent immediately after and arrive first.
1856 * And so, we need to sync the streams before that happens that is before we
1857 * receive the LINKED_ACK. */
1858 if (link_circuit(circ) != ERR_LINK_CIRC_OK) {
1859 circuit_mark_for_close(circ, END_CIRC_REASON_TORPROTOCOL);
1860 goto end;
1861 }
1862
1863 /* Exits should always request min latency from clients */
1864 conflux_cell_link_t *linked = conflux_cell_new_link(nonce, last_seq_sent,
1865 last_seq_recv,
1866 DEFAULT_EXIT_UX);
1867
1868 conflux_cell_send_linked(linked, TO_OR_CIRCUIT(circ));
1869 tor_free(linked);
1870
1871 end:
1872 return;
1873}
1874
1875/** Process a CONFLUX_LINKED cell which arrived on the given circuit. */
1876void
1878 const cell_t *cell,
1879 const uint16_t cell_len)
1880{
1881 conflux_cell_link_t *link = NULL;
1882
1883 tor_assert(circ);
1884
1885 /*
1886 * There several ways a malicious exit could create problems when sending
1887 * back this LINKED cell.
1888 *
1889 * 1. Using a different nonce that it knows about from another set. Accepting
1890 * it would mean a confirmation attack of linking sets to the same client.
1891 * To address that, the cell nonce MUST be matched with the circuit nonce.
1892 *
1893 * 2. Re-Sending a LINKED cell on an already linked circuit could create side
1894 * channel attacks or unpredictable issues. Circuit is closed.
1895 *
1896 * 3. Receiving a LINKED cell on a circuit that was not expecting it. Again,
1897 * as (2), can create side channel(s). Circuit is closed.
1898 *
1899 * 4. Receiving a LINKED cell from the another hop other than the last one
1900 * (exit). Same as (2) and (3) in terms of issues. Circuit is closed.
1901 */
1902
1903 if (!conflux_is_enabled(circ)) {
1904 circuit_mark_for_close(circ, END_CIRC_REASON_TORPROTOCOL);
1905 goto end;
1906 }
1907
1908 /* LINKED cell are in response to a LINK cell which are only sent on an
1909 * origin circuit and thus received on such.*/
1910 if (!CIRCUIT_IS_ORIGIN(circ)) {
1911 log_fn(LOG_PROTOCOL_WARN, LD_CIRC,
1912 "Received CONFLUX_LINKED cell on a non origin circuit.");
1913 goto close;
1914 }
1915
1916 if (!circ->conflux_pending_nonce) {
1917 log_fn(LOG_PROTOCOL_WARN, LD_CIRC,
1918 "Received a CONFLUX_LINKED cell without having sent a "
1919 "CONFLUX_LINK cell. Closing circuit.");
1920 goto close;
1921 }
1922
1923 if (circ->conflux) {
1924 log_fn(LOG_PROTOCOL_WARN, LD_CIRC,
1925 "Received a CONFLUX_LINKED cell on a circuit that is already "
1926 "linked. Closing circuit.");
1927 goto close;
1928 }
1929
1930 if (!conflux_validate_source_hop(circ, layer_hint)) {
1931 log_fn(LOG_PROTOCOL_WARN, LD_CIRC,
1932 "Got a CONFLUX_LINKED from wrong hop on circuit. Closing circuit.");
1933 goto close;
1934 }
1935
1936 tor_assert_nonfatal(circ->purpose == CIRCUIT_PURPOSE_CONFLUX_UNLINKED);
1937
1938 /* On errors, logging is emitted in this parsing function. */
1939 link = conflux_cell_parse_link(cell, cell_len);
1940 if (!link) {
1941 goto close;
1942 }
1943
1944 log_info(LD_CIRC, "Processing a CONFLUX_LINKED for set %s",
1945 fmt_nonce(link->nonce));
1946
1947 /* Make sure the cell nonce matches the one on the circuit that was
1948 * previously set by the CONFLUX_LINK cell. */
1949 if (tor_memneq(link->nonce, circ->conflux_pending_nonce,
1950 sizeof(*link->nonce))) {
1951 log_fn(LOG_PROTOCOL_WARN, LD_CIRC,
1952 "Received CONFLUX_LINKED but circuit nonce doesn't match "
1953 "cell nonce. Closing circuit.");
1954 goto close;
1955 }
1956
1957 /* Find the leg from the associated unlinked set. */
1958 leg_t *leg = unlinked_leg_find(circ, true);
1959 if (BUG(!leg)) {
1960 log_warn(LD_CIRC, "Received CONFLUX_LINKED but can't find "
1961 "associated leg. Closing circuit.");
1962 goto close;
1963 }
1964
1965 log_info(LD_CIRC, "Successfully processed a CONFLUX_LINKED cell.");
1966
1967 /* Free the old link, and store the new one. We need to validate
1968 * the one we get during finalize, not the one we sent. */
1969 tor_free(leg->link);
1970 leg->link = link;
1971
1972 /* Record the RTT for this circuit. On failure, it means the RTT was too
1973 * high, we relaunch to recover. */
1974 if (!record_rtt(circ, true)) {
1975 goto close;
1976 }
1977
1978 /* The following will link the circuit with its set and attempt to finalize
1979 * the set if all expected legs have linked. On error, we close the circuit
1980 * because it means the unlinked set needs to be teardowned. */
1981 link_circ_err_t err = link_circuit(circ);
1982 switch (err) {
1983 case ERR_LINK_CIRC_OK:
1984 /* Successfully linked. */
1985 break;
1986 case ERR_LINK_CIRC_INVALID_LEG:
1987 case ERR_LINK_CIRC_MISSING_SET:
1988 /* No relaunch if the leg is invalid or the set is not found as in the
1989 * nonce is unknown. */
1990 break;
1991 case ERR_LINK_CIRC_BAD_RTT:
1992 case ERR_LINK_CIRC_MISSING_LEG:
1993 goto close;
1994 }
1995
1996 /* We can send the ack only if we finalize. This will not cause issues,
1997 * because LINKED_ACK is exempted from multiplexing in
1998 * conflux_should_multiplex(). */
1999 if (!conflux_cell_send_linked_ack(TO_ORIGIN_CIRCUIT(circ))) {
2000 /* On failure, the circuit is closed by the underlying function(s). */
2001 goto end;
2002 }
2003
2004 /* If this set is ready to use with a valid conflux set, try any pending
2005 * streams again. */
2006 if (circ->conflux) {
2008 }
2009
2010 /* This cell is now considered valid for clients. */
2012
2013 goto end;
2014
2015 close:
2016 circuit_mark_for_close(circ, END_CIRC_REASON_TORPROTOCOL);
2017
2018 end:
2019 return;
2020}
2021
2022/** Process a CONFLUX_LINKED_ACK cell which arrived on the given circuit. */
2023void
2025{
2026 tor_assert(circ);
2027
2028 if (!conflux_is_enabled(circ)) {
2029 goto close;
2030 }
2031
2032 if (CIRCUIT_IS_ORIGIN(circ)) {
2033 log_fn(LOG_PROTOCOL_WARN, LD_CIRC,
2034 "Received CONFLUX_LINKED_ACK cell on an origin circuit. Closing.");
2035 goto close;
2036 }
2037
2038 if (!conflux_validate_source_hop(circ, NULL)) {
2039 log_fn(LOG_PROTOCOL_WARN, LD_CIRC,
2040 "Got a CONFLUX_LINKED_ACK with further hops. Closing circuit.");
2041 goto close;
2042 }
2043
2044 if (BUG(!circ->conflux)) {
2045 log_fn(LOG_PROTOCOL_WARN, LD_CIRC,
2046 "Received a CONFLUX_LINKED_ACK cell on a circuit that is not"
2047 "linked. Closing circuit.");
2048 goto close;
2049 }
2050
2051 log_info(LD_CIRC, "Processing a CONFLUX_LINKED_ACK for set %s",
2052 fmt_nonce(circ->conflux->nonce));
2053
2054 /* Record the RTT for this circuit. This should not fail */
2055 if (BUG(!record_rtt(circ, false))) {
2056 goto close;
2057 }
2058
2059 return;
2060
2061 close:
2062 circuit_mark_for_close(circ, END_CIRC_REASON_TORPROTOCOL);
2063}
2064
2065/** Called when a circuit is freed.
2066 *
2067 * It is possible a conflux circuit gets freed without being closed (for
2068 * instance SIGTERM) and so this callback is needed in order to finalize the
2069 * cleanup. */
2070void
2072{
2073 tor_assert(circ);
2074
2075 bool is_client = CIRCUIT_IS_ORIGIN(circ);
2076
2077 if (circ->conflux) {
2078 linked_circuit_free(circ, is_client);
2079 } else if (circ->conflux_pending_nonce) {
2080 unlinked_circuit_free(circ, is_client);
2081 }
2082
2083 /* Whatever happens, nullify all conflux related pointers. */
2084 circ->conflux = NULL;
2085 circ->conflux_pending_nonce = NULL;
2086}
2087
2088/** Initialize the conflux pool subsystem. This is called by the subsys
2089 * manager. */
2090void
2092{
2093 if (!client_linked_pool) {
2094 client_linked_pool = digest256map_new();
2095 }
2096 if (!client_unlinked_pool) {
2097 client_unlinked_pool = digest256map_new();
2098 }
2099 if (!server_linked_pool) {
2100 server_linked_pool = digest256map_new();
2101 }
2102 if (!server_unlinked_pool) {
2103 server_unlinked_pool = digest256map_new();
2104 }
2105}
2106
2107/**
2108 * Return a description of all linked and unlinked circuits associated
2109 * with a conflux set.
2110 *
2111 * For use in rare bug cases that are hard to diagnose.
2112 */
2113void
2114conflux_log_set(int loglevel, const conflux_t *cfx, bool is_client)
2115{
2116 tor_assert(cfx);
2117
2118 log_fn(loglevel,
2119 LD_BUG,
2120 "Conflux %s: %d linked, %d launched. Delivered: %"PRIu64"; "
2121 "teardown: %d; Current: %p, Previous: %p",
2122 fmt_nonce(cfx->nonce), smartlist_len(cfx->legs),
2123 cfx->num_leg_launch,
2125 cfx->curr_leg, cfx->prev_leg);
2126
2127 // Log all linked legs
2128 int legs = 0;
2129 CONFLUX_FOR_EACH_LEG_BEGIN(cfx, leg) {
2130 const struct congestion_control_t *cc = circuit_ccontrol(leg->circ);
2131 log_fn(loglevel, LD_BUG,
2132 " - Linked Leg %d purpose=%d; RTT %"PRIu64", sent: %"PRIu64
2133 "; sent: %"PRIu64", recv: %"PRIu64", infl: %"PRIu64", "
2134 "ptr: %p, idx: %d, marked: %d",
2135 legs, leg->circ->purpose, leg->circ_rtts_usec,
2136 leg->linked_sent_usec, leg->last_seq_recv,
2137 leg->last_seq_sent, cc->inflight, leg->circ,
2138 leg->circ->global_circuitlist_idx,
2139 leg->circ->marked_for_close);
2140 legs++;
2141 } CONFLUX_FOR_EACH_LEG_END(leg);
2142
2143 // Look up the nonce to see if we have any unlinked circuits.
2144 unlinked_circuits_t *unlinked = unlinked_pool_get(cfx->nonce, is_client);
2145 if (unlinked) {
2146 // Log the number of legs and the is_for_linked_set status
2147 log_fn(loglevel, LD_BUG, " - Unlinked set: %d legs, for link: %d",
2148 smartlist_len(unlinked->legs), unlinked->is_for_linked_set);
2149 legs = 0;
2150 SMARTLIST_FOREACH_BEGIN(unlinked->legs, leg_t *, leg) {
2151 log_fn(loglevel, LD_BUG,
2152 " Unlinked Leg: %d purpose=%d; linked: %d, RTT %"PRIu64", "
2153 "sent: %"PRIu64" link ptr %p, circ ptr: %p, idx: %d, marked: %d",
2154 legs, leg->circ->purpose, leg->linked,
2155 leg->rtt_usec, leg->link_sent_usec,
2156 leg->link, leg->circ,
2157 leg->circ->global_circuitlist_idx,
2158 leg->circ->marked_for_close);
2159 legs++;
2160 } SMARTLIST_FOREACH_END(leg);
2161 }
2162}
2163
2164/**
2165 * Conflux needs a notification when tor_shutdown() begins, so that
2166 * when circuits are freed, new legs are not launched.
2167 *
2168 * This needs a separate notification from conflux_pool_free_all(),
2169 * because circuits must be freed before that function.
2170 */
2171void
2173{
2174 shutting_down = true;
2175}
2176
2177#ifdef TOR_UNIT_TESTS
2178/**
2179 * For unit tests: Clear the shutting down state so we resume building legs.
2180 */
2181void
2182conflux_clear_shutdown(void)
2183{
2184 shutting_down = false;
2185}
2186#endif
2187
2188/** Free and clean up the conflux pool subsystem. This is called by the subsys
2189 * manager AFTER all circuits have been freed which implies that all objects in
2190 * the pools aren't referenced anymore. */
2191void
2193{
2194 digest256map_free(client_linked_pool, free_conflux_void_);
2195 digest256map_free(server_linked_pool, free_conflux_void_);
2196 digest256map_free(client_unlinked_pool, free_unlinked_void_);
2197 digest256map_free(server_unlinked_pool, free_unlinked_void_);
2198}
const char * hex_str(const char *from, size_t fromlen)
Definition: binascii.c:34
bool conflux_can_exclude_used_bridges(void)
Definition: bridges.c:147
Header file for circuitbuild.c.
origin_circuit_t * circuit_establish_circuit_conflux(const uint8_t *conflux_nonce, uint8_t purpose, extend_info_t *exit_ei, int flags)
Definition: circuitbuild.c:518
Header file for circuitbuild.c.
origin_circuit_t * TO_ORIGIN_CIRCUIT(circuit_t *x)
Definition: circuitlist.c:185
or_circuit_t * TO_OR_CIRCUIT(circuit_t *x)
Definition: circuitlist.c:173
Header file for circuitlist.c.
#define CIRCUIT_IS_ORCIRC(c)
Definition: circuitlist.h:161
#define CIRCUIT_IS_ORIGIN(c)
Definition: circuitlist.h:154
#define CIRCUIT_PURPOSE_CONFLUX_UNLINKED
Definition: circuitlist.h:137
double get_circuit_build_timeout_ms(void)
Definition: circuitstats.c:101
Header file for circuitstats.c.
void circuit_read_valid_data(origin_circuit_t *circ, uint16_t relay_body_len)
Definition: circuituse.c:3202
void circuit_change_purpose(circuit_t *circ, uint8_t new_purpose)
Definition: circuituse.c:3100
int circuit_is_acceptable(const origin_circuit_t *origin_circ, const entry_connection_t *conn, int must_be_open, uint8_t purpose, int need_uptime, int need_internal, time_t now)
Definition: circuituse.c:107
Header file for circuituse.c.
#define CIRCLAUNCH_NEED_CAPACITY
Definition: circuituse.h:43
#define CIRCLAUNCH_NEED_UPTIME
Definition: circuituse.h:41
#define CIRCLAUNCH_NEED_CONFLUX
Definition: circuituse.h:56
uint64_t monotime_absolute_usec(void)
Definition: compat_time.c:804
const or_options_t * get_options(void)
Definition: config.c:944
Header file for config.c.
const congestion_control_t * circuit_ccontrol(const circuit_t *circ)
Definition: conflux.c:707
uint64_t conflux_get_max_seq_recv(const conflux_t *cfx)
Definition: conflux.c:153
uint64_t conflux_get_max_seq_sent(const conflux_t *cfx)
Definition: conflux.c:136
conflux_leg_t * conflux_get_leg(conflux_t *cfx, const circuit_t *circ)
Definition: conflux.c:115
Public APIs for conflux multipath support.
#define CONFLUX_FOR_EACH_LEG_BEGIN(cfx, var)
Definition: conflux.h:19
#define CONFLUX_NUM_LEGS(cfx)
Definition: conflux.h:25
Header file for conflux_cell.c.
Header file for conflux_params.c.
uint8_t conflux_params_get_max_legs_set(void)
uint8_t conflux_params_get_max_prebuilt(void)
uint8_t conflux_params_get_max_unlinked_leg_retry(void)
uint8_t conflux_params_get_num_legs_set(void)
uint8_t conflux_params_get_max_linked_set(void)
static void unlinked_pool_del(unlinked_circuits_t *unlinked, bool is_client)
Definition: conflux_pool.c:290
static const char * fmt_nonce(const uint8_t *nonce)
Definition: conflux_pool.c:141
static link_circ_err_t link_circuit(circuit_t *circ)
Definition: conflux_pool.c:933
static unlinked_circuits_t * unlinked_pool_get(const uint8_t *nonce, bool is_client)
Definition: conflux_pool.c:303
static leg_t * leg_find(const unlinked_circuits_t *unlinked, const circuit_t *circ)
Definition: conflux_pool.c:371
static void linked_circuit_closed(circuit_t *circ)
void conflux_circuit_has_opened(origin_circuit_t *orig_circ)
void conflux_process_linked_ack(circuit_t *circ)
static void unlinked_close_all_legs(unlinked_circuits_t *unlinked)
Definition: conflux_pool.c:614
static void leg_free(leg_t *leg)
Definition: conflux_pool.c:231
#define conflux_free(cfx)
Definition: conflux_pool.c:207
static bool cfx_del_leg(conflux_t *cfx, const circuit_t *circ)
Definition: conflux_pool.c:556
void conflux_log_set(int loglevel, const conflux_t *cfx, bool is_client)
void conflux_circuit_has_closed(circuit_t *circ)
static void linked_circuit_free(circuit_t *circ, bool is_client)
static void free_conflux_void_(void *ptr)
Definition: conflux_pool.c:212
static void cfx_add_leg(conflux_t *cfx, leg_t *leg)
Definition: conflux_pool.c:491
static extend_info_t * get_exit_for_nonce(const uint8_t *nonce)
void conflux_process_linked(circuit_t *circ, crypt_path_t *layer_hint, const cell_t *cell, const uint16_t cell_len)
static uint64_t record_rtt_client(const circuit_t *circ)
Definition: conflux_pool.c:827
STATIC bool launch_new_set(int num_legs)
Definition: conflux_pool.c:978
static bool validate_unlinked_legs(unlinked_circuits_t *unlinked)
Definition: conflux_pool.c:450
static bool record_rtt(const circuit_t *circ, bool is_client)
Definition: conflux_pool.c:901
void conflux_process_link(circuit_t *circ, const cell_t *cell, const uint16_t cell_len)
static leg_t * leg_new(circuit_t *circ, conflux_cell_link_t *link)
Definition: conflux_pool.c:221
void conflux_predict_new(time_t now)
static void linked_nullify_streams(circuit_t *circ)
static bool launch_leg_is_allowed(const conflux_t *cfx)
static digest256map_t * server_unlinked_pool
Definition: conflux_pool.c:62
void conflux_notify_shutdown(void)
static uint8_t conflux_choose_algorithm(uint8_t desired_ux)
Definition: conflux_pool.c:150
static void linked_pool_del(const uint8_t *nonce, bool is_client)
Definition: conflux_pool.c:336
static link_circ_err_t try_finalize_set(unlinked_circuits_t *unlinked)
Definition: conflux_pool.c:728
static void unlinked_pool_add(unlinked_circuits_t *unlinked, bool is_client)
Definition: conflux_pool.c:278
static digest256map_t * client_linked_pool
Definition: conflux_pool.c:50
static void linked_update_stream_backpointers(circuit_t *circ)
static void unlinked_pool_del_and_free(unlinked_circuits_t *unlinked, bool is_client)
Definition: conflux_pool.c:315
void conflux_pool_init(void)
static void unlinked_circuit_free(circuit_t *circ, bool is_client)
static void conflux_mark_all_for_close(const uint8_t *nonce, bool is_client, int reason)
Definition: conflux_pool.c:679
static conflux_t * linked_pool_get(const uint8_t *nonce, bool is_client)
Definition: conflux_pool.c:348
void conflux_add_middles_to_exclude_list(const origin_circuit_t *orig_circ, smartlist_t *excluded)
static void unlinked_close_or_free(unlinked_circuits_t *unlinked)
Definition: conflux_pool.c:657
void conflux_circuit_about_to_free(circuit_t *circ)
static unlinked_circuits_t * unlinked_new(const uint8_t *nonce, bool is_client)
Definition: conflux_pool.c:247
static uint64_t record_rtt_exit(const circuit_t *circ)
Definition: conflux_pool.c:866
static void free_unlinked_void_(void *ptr)
Definition: conflux_pool.c:717
static digest256map_t * client_unlinked_pool
Definition: conflux_pool.c:53
link_circ_err_t
Definition: conflux_pool.c:107
static digest256map_t * server_linked_pool
Definition: conflux_pool.c:59
static void linked_pool_add(conflux_t *cfx, bool is_client)
Definition: conflux_pool.c:324
bool conflux_launch_leg(const uint8_t *nonce)
static void unlinked_leg_add(unlinked_circuits_t *unlinked, leg_t *leg)
Definition: conflux_pool.c:360
static int count_client_usable_sets(void)
static void unlinked_free(unlinked_circuits_t *unlinked)
Definition: conflux_pool.c:260
void conflux_pool_free_all(void)
void conflux_add_guards_to_exclude_list(const origin_circuit_t *orig_circ, smartlist_t *excluded)
origin_circuit_t * conflux_get_circ_for_conn(const entry_connection_t *conn, time_t now)
static conflux_t * conflux_new(void)
Definition: conflux_pool.c:174
static void validate_circ_has_no_streams(circuit_t *circ)
Definition: conflux_pool.c:416
static uint8_t get_client_ux(void)
static void unlinked_circuit_closed(circuit_t *circ)
static leg_t * unlinked_leg_find(const circuit_t *circ, bool is_client)
Definition: conflux_pool.c:383
Header file for conflux_pool.c.
Structure definitions for conflux multipath.
void conflux_validate_stream_lists(const conflux_t *cfx)
Definition: conflux_util.c:373
bool conflux_validate_source_hop(circuit_t *in_circ, crypt_path_t *layer_hint)
Definition: conflux_util.c:145
void conflux_sync_circ_fields(conflux_t *cfx, origin_circuit_t *ref_circ)
Definition: conflux_util.c:302
Header file for conflux_util.c.
Structure definitions for congestion control.
void connection_ap_attach_pending(int retry)
Header file for connection_edge.c.
Path structures for origin circuits.
void crypto_rand(char *to, size_t n)
Definition: crypto_rand.c:479
Common functions for using (pseudo-)random number generators.
void memwipe(void *mem, uint8_t byte, size_t sz)
Definition: crypto_util.c:55
Common functions for cryptographic routines.
int tor_memeq(const void *a, const void *b, size_t sz)
Definition: di_ops.c:107
#define tor_memneq(a, b, sz)
Definition: di_ops.h:21
#define DIGEST_LEN
Definition: digest_sizes.h:20
#define DIGEST256_LEN
Definition: digest_sizes.h:23
Edge-connection structure.
Extend-info structure.
#define log_fn(severity, domain, args,...)
Definition: log.h:283
#define log_fn_ratelim(ratelim, severity, domain, args,...)
Definition: log.h:288
#define LD_BUG
Definition: log.h:86
#define LOG_NOTICE
Definition: log.h:50
#define LD_CIRC
Definition: log.h:82
#define LOG_WARN
Definition: log.h:53
#define tor_free(p)
Definition: malloc.h:56
consensus_path_type_t router_have_consensus_path(void)
Definition: nodelist.c:2438
node_t * node_get_mutable_by_id(const char *identity_digest)
Definition: nodelist.c:197
Header file for nodelist.c.
Master header file for Tor-specific functionality.
#define TO_CIRCUIT(x)
Definition: or.h:848
Origin circuit structure.
Header file for relay.c.
smartlist_t * smartlist_new(void)
void smartlist_add(smartlist_t *sl, void *element)
void smartlist_remove(smartlist_t *sl, const void *element)
#define SMARTLIST_FOREACH_BEGIN(sl, type, var)
#define SMARTLIST_FOREACH(sl, type, var, cmd)
#define SMARTLIST_DEL_CURRENT(sl, var)
Definition: cell_st.h:17
time_t timestamp_dirty
Definition: circuit_st.h:188
uint16_t marked_for_close
Definition: circuit_st.h:190
struct conflux_t * conflux
Definition: circuit_st.h:263
uint8_t purpose
Definition: circuit_st.h:112
uint8_t * conflux_pending_nonce
Definition: circuit_st.h:271
uint64_t last_seq_sent
Definition: conflux_st.h:66
uint64_t last_seq_recv
Definition: conflux_st.h:47
uint64_t circ_rtts_usec
Definition: conflux_st.h:75
uint64_t linked_sent_usec
Definition: conflux_st.h:79
circuit_t * circ
Definition: conflux_st.h:82
smartlist_t * ooo_q
Definition: conflux_st.h:103
struct conflux_leg_t * curr_leg
Definition: conflux_st.h:117
struct conflux_params_t params
Definition: conflux_st.h:88
struct conflux_leg_t * prev_leg
Definition: conflux_st.h:121
uint8_t nonce[DIGEST256_LEN]
Definition: conflux_st.h:124
uint64_t last_seq_delivered
Definition: conflux_st.h:108
smartlist_t * legs
Definition: conflux_st.h:93
bool in_full_teardown
Definition: conflux_st.h:129
unsigned int num_leg_launch
Definition: conflux_st.h:133
struct crypt_path_t * prev
Definition: crypt_path_st.h:79
struct crypt_path_t * next
Definition: crypt_path_st.h:76
extend_info_t * extend_info
Definition: crypt_path_st.h:65
struct edge_connection_t * next_stream
char identity_digest[DIGEST_LEN]
Definition: node_st.h:34
edge_connection_t * resolving_streams
Definition: or_circuit_st.h:50
edge_connection_t * n_streams
Definition: or_circuit_st.h:43
edge_connection_t * p_streams
unsigned int isolation_values_set
crypt_path_t * cpath
smartlist_t * half_streams
#define STATIC
Definition: testsupport.h:32
#define tor_assert_nonfatal_unreached()
Definition: util_bug.h:177
#define tor_assert(expr)
Definition: util_bug.h:103