Tor  0.4.8.0-alpha-dev
connection.c
Go to the documentation of this file.
1 /* Copyright (c) 2001 Matej Pfajfar.
2  * Copyright (c) 2001-2004, Roger Dingledine.
3  * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson.
4  * Copyright (c) 2007-2021, The Tor Project, Inc. */
5 /* See LICENSE for licensing information */
6 
7 /**
8  * \file connection.c
9  * \brief General high-level functions to handle reading and writing
10  * on connections.
11  *
12  * Each connection (ideally) represents a TLS connection, a TCP socket, a unix
13  * socket, or a UDP socket on which reads and writes can occur. (But see
14  * connection_edge.c for cases where connections can also represent streams
15  * that do not have a corresponding socket.)
16  *
17  * The module implements the abstract type, connection_t. The subtypes are:
18  * <ul>
19  * <li>listener_connection_t, implemented here in connection.c
20  * <li>dir_connection_t, implemented in directory.c
21  * <li>or_connection_t, implemented in connection_or.c
22  * <li>edge_connection_t, implemented in connection_edge.c, along with
23  * its subtype(s):
24  * <ul><li>entry_connection_t, also implemented in connection_edge.c
25  * </ul>
26  * <li>control_connection_t, implemented in control.c
27  * </ul>
28  *
29  * The base type implemented in this module is responsible for basic
30  * rate limiting, flow control, and marshalling bytes onto and off of the
31  * network (either directly or via TLS).
32  *
33  * Connections are registered with the main loop with connection_add(). As
34  * they become able to read or write register the fact with the event main
35  * loop by calling connection_watch_events(), connection_start_reading(), or
36  * connection_start_writing(). When they no longer want to read or write,
37  * they call connection_stop_reading() or connection_stop_writing().
38  *
39  * To queue data to be written on a connection, call
40  * connection_buf_add(). When data arrives, the
41  * connection_process_inbuf() callback is invoked, which dispatches to a
42  * type-specific function (such as connection_edge_process_inbuf() for
43  * example). Connection types that need notice of when data has been written
44  * receive notification via connection_flushed_some() and
45  * connection_finished_flushing(). These functions all delegate to
46  * type-specific implementations.
47  *
48  * Additionally, beyond the core of connection_t, this module also implements:
49  * <ul>
50  * <li>Listeners, which wait for incoming sockets and launch connections
51  * <li>Outgoing SOCKS proxy support
52  * <li>Outgoing HTTP proxy support
53  * <li>An out-of-sockets handler for dealing with socket exhaustion
54  * </ul>
55  **/
56 
57 #define CONNECTION_PRIVATE
58 #include "core/or/or.h"
59 #include "feature/client/bridges.h"
60 #include "lib/buf/buffers.h"
61 #include "lib/tls/buffers_tls.h"
62 #include "lib/err/backtrace.h"
63 
64 /*
65  * Define this so we get channel internal functions, since we're implementing
66  * part of a subclass (channel_tls_t).
67  */
68 #define CHANNEL_OBJECT_PRIVATE
69 #include "app/config/config.h"
72 #include "core/mainloop/mainloop.h"
74 #include "core/or/channel.h"
75 #include "core/or/channeltls.h"
76 #include "core/or/circuitbuild.h"
77 #include "core/or/circuitlist.h"
78 #include "core/or/circuituse.h"
80 #include "core/or/connection_or.h"
81 #include "core/or/dos.h"
82 #include "core/or/policies.h"
83 #include "core/or/reasons.h"
84 #include "core/or/relay.h"
85 #include "core/or/status.h"
86 #include "core/or/crypt_path.h"
87 #include "core/proto/proto_haproxy.h"
88 #include "core/proto/proto_http.h"
89 #include "core/proto/proto_socks.h"
90 #include "feature/client/dnsserv.h"
100 #include "feature/hs/hs_common.h"
101 #include "feature/hs/hs_ident.h"
102 #include "feature/hs/hs_metrics.h"
103 #include "feature/metrics/metrics.h"
106 #include "feature/relay/dns.h"
109 #include "feature/rend/rendcommon.h"
110 #include "feature/stats/connstats.h"
111 #include "feature/stats/rephist.h"
112 #include "feature/stats/bwhist.h"
115 #include "lib/geoip/geoip.h"
116 
117 #include "lib/cc/ctassert.h"
118 #include "lib/sandbox/sandbox.h"
119 #include "lib/net/buffers_net.h"
120 #include "lib/net/address.h"
121 #include "lib/tls/tortls.h"
123 #include "lib/compress/compress.h"
124 
125 #ifdef HAVE_PWD_H
126 #include <pwd.h>
127 #endif
128 
129 #ifdef HAVE_UNISTD_H
130 #include <unistd.h>
131 #endif
132 #ifdef HAVE_SYS_STAT_H
133 #include <sys/stat.h>
134 #endif
135 
136 #ifdef HAVE_SYS_UN_H
137 #include <sys/socket.h>
138 #include <sys/un.h>
139 #endif
140 
146 #include "core/or/port_cfg_st.h"
149 
151 
152 /**
153  * On Windows and Linux we cannot reliably bind() a socket to an
154  * address and port if: 1) There's already a socket bound to wildcard
155  * address (0.0.0.0 or ::) with the same port; 2) We try to bind()
156  * to wildcard address and there's another socket bound to a
157  * specific address and the same port.
158  *
159  * To address this problem on these two platforms we implement a
160  * routine that:
161  * 1) Checks if first attempt to bind() a new socket failed with
162  * EADDRINUSE.
163  * 2) If so, it will close the appropriate old listener connection and
164  * 3) Attempts bind()'ing the new listener socket again.
165  *
166  * Just to be safe, we are enabling listener rebind code on all platforms,
167  * to account for unexpected cases where it may be needed.
168  */
169 #define ENABLE_LISTENER_REBIND
170 
172  const struct sockaddr *listensockaddr,
173  socklen_t listensocklen, int type,
174  const char *address,
175  const port_cfg_t *portcfg,
176  int *addr_in_use);
178  const port_cfg_t *port,
179  int *defer, int *addr_in_use);
180 static void connection_init(time_t now, connection_t *conn, int type,
181  int socket_family);
182 static int connection_handle_listener_read(connection_t *conn, int new_type);
184 static int connection_flushed_some(connection_t *conn);
186 static int connection_reached_eof(connection_t *conn);
188  ssize_t *max_to_read,
189  int *socket_error);
190 static int connection_process_inbuf(connection_t *conn, int package_partial);
192 static void set_constrained_socket_buffers(tor_socket_t sock, int size);
193 
194 static const char *connection_proxy_state_to_string(int state);
197 static const char *proxy_type_to_string(int proxy_type);
198 static int conn_get_proxy_type(const connection_t *conn);
200  const or_options_t *options, unsigned int conn_type);
201 static void reenable_blocked_connection_init(const or_options_t *options);
202 static void reenable_blocked_connection_schedule(void);
203 
204 /** The last addresses that our network interface seemed to have been
205  * binding to. We use this as one way to detect when our IP changes.
206  *
207  * XXXX+ We should really use the entire list of interfaces here.
208  **/
210 /* DOCDOC last_interface_ipv6 */
211 static tor_addr_t *last_interface_ipv6 = NULL;
212 /** A list of tor_addr_t for addresses we've used in outgoing connections.
213  * Used to detect IP address changes. */
215 
216 #define CASE_ANY_LISTENER_TYPE \
217  case CONN_TYPE_OR_LISTENER: \
218  case CONN_TYPE_EXT_OR_LISTENER: \
219  case CONN_TYPE_AP_LISTENER: \
220  case CONN_TYPE_DIR_LISTENER: \
221  case CONN_TYPE_CONTROL_LISTENER: \
222  case CONN_TYPE_AP_TRANS_LISTENER: \
223  case CONN_TYPE_AP_NATD_LISTENER: \
224  case CONN_TYPE_AP_DNS_LISTENER: \
225  case CONN_TYPE_AP_HTTP_CONNECT_LISTENER: \
226  case CONN_TYPE_METRICS_LISTENER
227 
228 /**************************************************************/
229 
230 /**
231  * Cast a `connection_t *` to a `listener_connection_t *`.
232  *
233  * Exit with an assertion failure if the input is not a
234  * `listener_connection_t`.
235  **/
238 {
239  tor_assert(c->magic == LISTENER_CONNECTION_MAGIC);
240  return DOWNCAST(listener_connection_t, c);
241 }
242 
243 /**
244  * Cast a `const connection_t *` to a `const listener_connection_t *`.
245  *
246  * Exit with an assertion failure if the input is not a
247  * `listener_connection_t`.
248  **/
249 const listener_connection_t *
251 {
252  return TO_LISTENER_CONN((connection_t *)c);
253 }
254 
255 size_t
256 connection_get_inbuf_len(const connection_t *conn)
257 {
258  return conn->inbuf ? buf_datalen(conn->inbuf) : 0;
259 }
260 
261 size_t
262 connection_get_outbuf_len(const connection_t *conn)
263 {
264  return conn->outbuf ? buf_datalen(conn->outbuf) : 0;
265 }
266 
267 /**
268  * Return the human-readable name for the connection type <b>type</b>
269  */
270 const char *
272 {
273  static char buf[64];
274  switch (type) {
275  case CONN_TYPE_OR_LISTENER: return "OR listener";
276  case CONN_TYPE_OR: return "OR";
277  case CONN_TYPE_EXIT: return "Exit";
278  case CONN_TYPE_AP_LISTENER: return "Socks listener";
280  return "Transparent pf/netfilter listener";
281  case CONN_TYPE_AP_NATD_LISTENER: return "Transparent natd listener";
282  case CONN_TYPE_AP_DNS_LISTENER: return "DNS listener";
283  case CONN_TYPE_AP: return "Socks";
284  case CONN_TYPE_DIR_LISTENER: return "Directory listener";
285  case CONN_TYPE_DIR: return "Directory";
286  case CONN_TYPE_CONTROL_LISTENER: return "Control listener";
287  case CONN_TYPE_CONTROL: return "Control";
288  case CONN_TYPE_EXT_OR: return "Extended OR";
289  case CONN_TYPE_EXT_OR_LISTENER: return "Extended OR listener";
290  case CONN_TYPE_AP_HTTP_CONNECT_LISTENER: return "HTTP tunnel listener";
291  case CONN_TYPE_METRICS_LISTENER: return "Metrics listener";
292  case CONN_TYPE_METRICS: return "Metrics";
293  default:
294  log_warn(LD_BUG, "unknown connection type %d", type);
295  tor_snprintf(buf, sizeof(buf), "unknown [%d]", type);
296  return buf;
297  }
298 }
299 
300 /**
301  * Return the human-readable name for the connection state <b>state</b>
302  * for the connection type <b>type</b>
303  */
304 const char *
305 conn_state_to_string(int type, int state)
306 {
307  static char buf[96];
308  switch (type) {
309  CASE_ANY_LISTENER_TYPE:
310  if (state == LISTENER_STATE_READY)
311  return "ready";
312  break;
313  case CONN_TYPE_OR:
314  switch (state) {
315  case OR_CONN_STATE_CONNECTING: return "connect()ing";
316  case OR_CONN_STATE_PROXY_HANDSHAKING: return "handshaking (proxy)";
317  case OR_CONN_STATE_TLS_HANDSHAKING: return "handshaking (TLS)";
319  return "renegotiating (TLS, v2 handshake)";
321  return "waiting for renegotiation or V3 handshake";
323  return "handshaking (Tor, v2 handshake)";
325  return "handshaking (Tor, v3 handshake)";
326  case OR_CONN_STATE_OPEN: return "open";
327  }
328  break;
329  case CONN_TYPE_EXT_OR:
330  switch (state) {
332  return "waiting for authentication type";
334  return "waiting for client nonce";
336  return "waiting for client hash";
337  case EXT_OR_CONN_STATE_OPEN: return "open";
338  case EXT_OR_CONN_STATE_FLUSHING: return "flushing final OKAY";
339  }
340  break;
341  case CONN_TYPE_EXIT:
342  switch (state) {
343  case EXIT_CONN_STATE_RESOLVING: return "waiting for dest info";
344  case EXIT_CONN_STATE_CONNECTING: return "connecting";
345  case EXIT_CONN_STATE_OPEN: return "open";
346  case EXIT_CONN_STATE_RESOLVEFAILED: return "resolve failed";
347  }
348  break;
349  case CONN_TYPE_AP:
350  switch (state) {
351  case AP_CONN_STATE_SOCKS_WAIT: return "waiting for socks info";
352  case AP_CONN_STATE_NATD_WAIT: return "waiting for natd dest info";
353  case AP_CONN_STATE_RENDDESC_WAIT: return "waiting for rendezvous desc";
354  case AP_CONN_STATE_CONTROLLER_WAIT: return "waiting for controller";
355  case AP_CONN_STATE_CIRCUIT_WAIT: return "waiting for circuit";
356  case AP_CONN_STATE_CONNECT_WAIT: return "waiting for connect response";
357  case AP_CONN_STATE_RESOLVE_WAIT: return "waiting for resolve response";
358  case AP_CONN_STATE_OPEN: return "open";
359  }
360  break;
361  case CONN_TYPE_DIR:
362  switch (state) {
363  case DIR_CONN_STATE_CONNECTING: return "connecting";
364  case DIR_CONN_STATE_CLIENT_SENDING: return "client sending";
365  case DIR_CONN_STATE_CLIENT_READING: return "client reading";
366  case DIR_CONN_STATE_CLIENT_FINISHED: return "client finished";
367  case DIR_CONN_STATE_SERVER_COMMAND_WAIT: return "waiting for command";
368  case DIR_CONN_STATE_SERVER_WRITING: return "writing";
369  }
370  break;
371  case CONN_TYPE_CONTROL:
372  switch (state) {
373  case CONTROL_CONN_STATE_OPEN: return "open (protocol v1)";
375  return "waiting for authentication (protocol v1)";
376  }
377  break;
378  }
379 
380  if (state == 0) {
381  return "uninitialized";
382  }
383 
384  log_warn(LD_BUG, "unknown connection state %d (type %d)", state, type);
385  tor_snprintf(buf, sizeof(buf),
386  "unknown state [%d] on unknown [%s] connection",
387  state, conn_type_to_string(type));
388  tor_assert_nonfatal_unreached_once();
389  return buf;
390 }
391 
392 /**
393  * Helper: describe the peer or address of connection @a conn in a
394  * human-readable manner.
395  *
396  * Returns a pointer to a static buffer; future calls to
397  * connection_describe_peer_internal() will invalidate this buffer.
398  *
399  * If <b>include_preposition</b> is true, include a preposition before the
400  * peer address.
401  *
402  * Nobody should parse the output of this function; it can and will change in
403  * future versions of tor.
404  **/
405 static const char *
407  bool include_preposition)
408 {
409  IF_BUG_ONCE(!conn) {
410  return "null peer";
411  }
412 
413  static char peer_buf[256];
414  const tor_addr_t *addr = &conn->addr;
415  const char *address = NULL;
416  const char *prep;
417  bool scrub = false;
418  char extra_buf[128];
419  extra_buf[0] = 0;
420 
421  /* First, figure out the preposition to use */
422  switch (conn->type) {
423  CASE_ANY_LISTENER_TYPE:
424  prep = "on";
425  break;
426  case CONN_TYPE_EXIT:
427  prep = "to";
428  break;
429  case CONN_TYPE_CONTROL:
430  case CONN_TYPE_AP:
431  case CONN_TYPE_EXT_OR:
432  prep = "from";
433  break;
434  default:
435  prep = "with";
436  break;
437  }
438 
439  /* Now figure out the address. */
440  if (conn->socket_family == AF_UNIX) {
441  /* For unix sockets, we always use the `address` string. */
442  address = conn->address ? conn->address : "unix socket";
443  } else if (conn->type == CONN_TYPE_OR) {
444  /* For OR connections, we have a lot to do. */
445  const or_connection_t *or_conn = CONST_TO_OR_CONN(conn);
446  /* We report the IDs we're talking to... */
447  if (fast_digest_is_zero(or_conn->identity_digest)) {
448  // This could be a client, so scrub it. No identity to report.
449  scrub = true;
450  } else {
451  const ed25519_public_key_t *ed_id =
453  char ed_id_buf[ED25519_BASE64_LEN+1];
454  char rsa_id_buf[HEX_DIGEST_LEN+1];
455  if (ed_id) {
456  ed25519_public_to_base64(ed_id_buf, ed_id);
457  } else {
458  strlcpy(ed_id_buf, "<none>", sizeof(ed_id_buf));
459  }
460  base16_encode(rsa_id_buf, sizeof(rsa_id_buf),
461  or_conn->identity_digest, DIGEST_LEN);
462  tor_snprintf(extra_buf, sizeof(extra_buf),
463  " ID=%s RSA_ID=%s", ed_id_buf, rsa_id_buf);
464  }
465  if (! scrub && (! tor_addr_eq(addr, &or_conn->canonical_orport.addr) ||
466  conn->port != or_conn->canonical_orport.port)) {
467  /* We report canonical address, if it's different */
468  char canonical_addr_buf[TOR_ADDR_BUF_LEN];
469  if (tor_addr_to_str(canonical_addr_buf, &or_conn->canonical_orport.addr,
470  sizeof(canonical_addr_buf), 1)) {
471  tor_snprintf(extra_buf+strlen(extra_buf),
472  sizeof(extra_buf)-strlen(extra_buf),
473  " canonical_addr=%s:%"PRIu16,
474  canonical_addr_buf,
475  or_conn->canonical_orport.port);
476  }
477  }
478  } else if (conn->type == CONN_TYPE_EXIT) {
479  scrub = true; /* This is a client's request; scrub it with SafeLogging. */
480  if (tor_addr_is_null(addr)) {
481  address = conn->address;
482  strlcpy(extra_buf, " (DNS lookup pending)", sizeof(extra_buf));
483  }
484  }
485 
486  char addr_buf[TOR_ADDR_BUF_LEN];
487  if (address == NULL) {
488  if (tor_addr_family(addr) == 0) {
489  address = "<unset>";
490  } else {
491  address = tor_addr_to_str(addr_buf, addr, sizeof(addr_buf), 1);
492  if (!address) {
493  address = "<can't format!>";
494  tor_assert_nonfatal_unreached_once();
495  }
496  }
497  }
498 
499  char portbuf[7];
500  portbuf[0]=0;
501  if (scrub && get_options()->SafeLogging_ != SAFELOG_SCRUB_NONE) {
502  address = "[scrubbed]";
503  } else {
504  /* Only set the port if we're not scrubbing the address. */
505  if (conn->port != 0) {
506  tor_snprintf(portbuf, sizeof(portbuf), ":%d", conn->port);
507  }
508  }
509 
510  const char *sp = include_preposition ? " " : "";
511  if (! include_preposition)
512  prep = "";
513 
514  tor_snprintf(peer_buf, sizeof(peer_buf),
515  "%s%s%s%s%s", prep, sp, address, portbuf, extra_buf);
516  return peer_buf;
517 }
518 
519 /**
520  * Describe the peer or address of connection @a conn in a
521  * human-readable manner.
522  *
523  * Returns a pointer to a static buffer; future calls to
524  * connection_describe_peer() or connection_describe() will invalidate this
525  * buffer.
526  *
527  * Nobody should parse the output of this function; it can and will change in
528  * future versions of tor.
529  **/
530 const char *
532 {
533  return connection_describe_peer_internal(conn, false);
534 }
535 
536 /**
537  * Describe a connection for logging purposes.
538  *
539  * Returns a pointer to a static buffer; future calls to connection_describe()
540  * will invalidate this buffer.
541  *
542  * Nobody should parse the output of this function; it can and will change in
543  * future versions of tor.
544  **/
545 const char *
547 {
548  IF_BUG_ONCE(!conn) {
549  return "null connection";
550  }
551  static char desc_buf[256];
552  const char *peer = connection_describe_peer_internal(conn, true);
553  tor_snprintf(desc_buf, sizeof(desc_buf),
554  "%s connection (%s) %s",
555  conn_type_to_string(conn->type),
556  conn_state_to_string(conn->type, conn->state),
557  peer);
558  return desc_buf;
559 }
560 
561 /** Allocate and return a new dir_connection_t, initialized as by
562  * connection_init(). */
564 dir_connection_new(int socket_family)
565 {
566  dir_connection_t *dir_conn = tor_malloc_zero(sizeof(dir_connection_t));
567  connection_init(time(NULL), TO_CONN(dir_conn), CONN_TYPE_DIR, socket_family);
568  return dir_conn;
569 }
570 
571 /** Allocate and return a new or_connection_t, initialized as by
572  * connection_init().
573  *
574  * Initialize active_circuit_pqueue.
575  *
576  * Set active_circuit_pqueue_last_recalibrated to current cell_ewma tick.
577  */
579 or_connection_new(int type, int socket_family)
580 {
581  or_connection_t *or_conn = tor_malloc_zero(sizeof(or_connection_t));
582  time_t now = time(NULL);
583  tor_assert(type == CONN_TYPE_OR || type == CONN_TYPE_EXT_OR);
584  connection_init(now, TO_CONN(or_conn), type, socket_family);
585 
586  tor_addr_make_unspec(&or_conn->canonical_orport.addr);
587  connection_or_set_canonical(or_conn, 0);
588 
589  if (type == CONN_TYPE_EXT_OR) {
590  /* If we aren't told an address for this connection, we should
591  * presume it isn't local, and should be rate-limited. */
592  TO_CONN(or_conn)->always_rate_limit_as_remote = 1;
593  }
594 
595  return or_conn;
596 }
597 
598 /** Allocate and return a new entry_connection_t, initialized as by
599  * connection_init().
600  *
601  * Allocate space to store the socks_request.
602  */
604 entry_connection_new(int type, int socket_family)
605 {
606  entry_connection_t *entry_conn = tor_malloc_zero(sizeof(entry_connection_t));
607  tor_assert(type == CONN_TYPE_AP);
608  connection_init(time(NULL), ENTRY_TO_CONN(entry_conn), type, socket_family);
609  entry_conn->socks_request = socks_request_new();
610  /* If this is coming from a listener, we'll set it up based on the listener
611  * in a little while. Otherwise, we're doing this as a linked connection
612  * of some kind, and we should set it up here based on the socket family */
613  if (socket_family == AF_INET)
614  entry_conn->entry_cfg.ipv4_traffic = 1;
615  else if (socket_family == AF_INET6)
616  entry_conn->entry_cfg.ipv6_traffic = 1;
617 
618  /* Initialize the read token bucket to the maximum value which is the same as
619  * no rate limiting. */
620  token_bucket_rw_init(&ENTRY_TO_EDGE_CONN(entry_conn)->bucket, INT32_MAX,
621  INT32_MAX, monotime_coarse_get_stamp());
622  return entry_conn;
623 }
624 
625 /** Allocate and return a new edge_connection_t, initialized as by
626  * connection_init(). */
628 edge_connection_new(int type, int socket_family)
629 {
630  edge_connection_t *edge_conn = tor_malloc_zero(sizeof(edge_connection_t));
631  tor_assert(type == CONN_TYPE_EXIT);
632  connection_init(time(NULL), TO_CONN(edge_conn), type, socket_family);
633  /* Initialize the read token bucket to the maximum value which is the same as
634  * no rate limiting. */
635  token_bucket_rw_init(&edge_conn->bucket, INT32_MAX, INT32_MAX,
637  return edge_conn;
638 }
639 
640 /** Allocate and return a new control_connection_t, initialized as by
641  * connection_init(). */
643 control_connection_new(int socket_family)
644 {
645  control_connection_t *control_conn =
646  tor_malloc_zero(sizeof(control_connection_t));
647  connection_init(time(NULL),
648  TO_CONN(control_conn), CONN_TYPE_CONTROL, socket_family);
649  return control_conn;
650 }
651 
652 /** Allocate and return a new listener_connection_t, initialized as by
653  * connection_init(). */
655 listener_connection_new(int type, int socket_family)
656 {
657  listener_connection_t *listener_conn =
658  tor_malloc_zero(sizeof(listener_connection_t));
659  connection_init(time(NULL), TO_CONN(listener_conn), type, socket_family);
660  /* Listener connections aren't accounted for with note_connection() so do
661  * this explicitly so to count them. */
662  rep_hist_note_conn_opened(false, type, socket_family);
663  return listener_conn;
664 }
665 
666 /** Allocate, initialize, and return a new connection_t subtype of <b>type</b>
667  * to make or receive connections of address family <b>socket_family</b>. The
668  * type should be one of the CONN_TYPE_* constants. */
669 connection_t *
670 connection_new(int type, int socket_family)
671 {
672  switch (type) {
673  case CONN_TYPE_OR:
674  case CONN_TYPE_EXT_OR:
675  return TO_CONN(or_connection_new(type, socket_family));
676 
677  case CONN_TYPE_EXIT:
678  return TO_CONN(edge_connection_new(type, socket_family));
679 
680  case CONN_TYPE_AP:
681  return ENTRY_TO_CONN(entry_connection_new(type, socket_family));
682 
683  case CONN_TYPE_DIR:
684  return TO_CONN(dir_connection_new(socket_family));
685 
686  case CONN_TYPE_CONTROL:
687  return TO_CONN(control_connection_new(socket_family));
688 
689  CASE_ANY_LISTENER_TYPE:
690  return TO_CONN(listener_connection_new(type, socket_family));
691 
692  default: {
693  connection_t *conn = tor_malloc_zero(sizeof(connection_t));
694  connection_init(time(NULL), conn, type, socket_family);
695  return conn;
696  }
697  }
698 }
699 
700 /** Initializes conn. (you must call connection_add() to link it into the main
701  * array).
702  *
703  * Set conn->magic to the correct value.
704  *
705  * Set conn->type to <b>type</b>. Set conn->s and conn->conn_array_index to
706  * -1 to signify they are not yet assigned.
707  *
708  * Initialize conn's timestamps to now.
709  */
710 static void
711 connection_init(time_t now, connection_t *conn, int type, int socket_family)
712 {
713  static uint64_t n_connections_allocated = 1;
714 
715  switch (type) {
716  case CONN_TYPE_OR:
717  case CONN_TYPE_EXT_OR:
718  conn->magic = OR_CONNECTION_MAGIC;
719  break;
720  case CONN_TYPE_EXIT:
721  conn->magic = EDGE_CONNECTION_MAGIC;
722  break;
723  case CONN_TYPE_AP:
724  conn->magic = ENTRY_CONNECTION_MAGIC;
725  break;
726  case CONN_TYPE_DIR:
727  conn->magic = DIR_CONNECTION_MAGIC;
728  break;
729  case CONN_TYPE_CONTROL:
730  conn->magic = CONTROL_CONNECTION_MAGIC;
731  break;
732  CASE_ANY_LISTENER_TYPE:
733  conn->magic = LISTENER_CONNECTION_MAGIC;
734  break;
735  default:
736  conn->magic = BASE_CONNECTION_MAGIC;
737  break;
738  }
739 
740  conn->s = TOR_INVALID_SOCKET; /* give it a default of 'not used' */
741  conn->conn_array_index = -1; /* also default to 'not used' */
742  conn->global_identifier = n_connections_allocated++;
743 
744  conn->type = type;
745  conn->socket_family = socket_family;
746  if (!connection_is_listener(conn)) {
747  /* listeners never use their buf */
748  conn->inbuf = buf_new();
749  conn->outbuf = buf_new();
750  }
751 
752  conn->timestamp_created = now;
753  conn->timestamp_last_read_allowed = now;
754  conn->timestamp_last_write_allowed = now;
755 }
756 
757 /** Create a link between <b>conn_a</b> and <b>conn_b</b>. */
758 void
760 {
761  tor_assert(! SOCKET_OK(conn_a->s));
762  tor_assert(! SOCKET_OK(conn_b->s));
763 
764  conn_a->linked = 1;
765  conn_b->linked = 1;
766  conn_a->linked_conn = conn_b;
767  conn_b->linked_conn = conn_a;
768 }
769 
770 /** Return true iff the provided connection listener type supports AF_UNIX
771  * sockets. */
772 int
774 {
775  /* For now only control ports or SOCKS ports can be Unix domain sockets
776  * and listeners at the same time */
777  switch (type) {
780  return 1;
781  default:
782  return 0;
783  }
784 }
785 
786 /** Deallocate memory used by <b>conn</b>. Deallocate its buffers if
787  * necessary, close its socket if necessary, and mark the directory as dirty
788  * if <b>conn</b> is an OR or OP connection.
789  */
790 STATIC void
792 {
793  void *mem;
794  size_t memlen;
795  if (!conn)
796  return;
797 
798  switch (conn->type) {
799  case CONN_TYPE_OR:
800  case CONN_TYPE_EXT_OR:
801  tor_assert(conn->magic == OR_CONNECTION_MAGIC);
802  mem = TO_OR_CONN(conn);
803  memlen = sizeof(or_connection_t);
804  break;
805  case CONN_TYPE_AP:
806  tor_assert(conn->magic == ENTRY_CONNECTION_MAGIC);
807  mem = TO_ENTRY_CONN(conn);
808  memlen = sizeof(entry_connection_t);
809  break;
810  case CONN_TYPE_EXIT:
811  tor_assert(conn->magic == EDGE_CONNECTION_MAGIC);
812  mem = TO_EDGE_CONN(conn);
813  memlen = sizeof(edge_connection_t);
814  break;
815  case CONN_TYPE_DIR:
816  tor_assert(conn->magic == DIR_CONNECTION_MAGIC);
817  mem = TO_DIR_CONN(conn);
818  memlen = sizeof(dir_connection_t);
819  break;
820  case CONN_TYPE_CONTROL:
821  tor_assert(conn->magic == CONTROL_CONNECTION_MAGIC);
822  mem = TO_CONTROL_CONN(conn);
823  memlen = sizeof(control_connection_t);
824  break;
825  CASE_ANY_LISTENER_TYPE:
826  tor_assert(conn->magic == LISTENER_CONNECTION_MAGIC);
827  mem = TO_LISTENER_CONN(conn);
828  memlen = sizeof(listener_connection_t);
829  break;
830  default:
831  tor_assert(conn->magic == BASE_CONNECTION_MAGIC);
832  mem = conn;
833  memlen = sizeof(connection_t);
834  break;
835  }
836 
837  if (conn->linked) {
838  log_info(LD_GENERAL, "Freeing linked %s connection [%s] with %d "
839  "bytes on inbuf, %d on outbuf.",
840  conn_type_to_string(conn->type),
841  conn_state_to_string(conn->type, conn->state),
842  (int)connection_get_inbuf_len(conn),
843  (int)connection_get_outbuf_len(conn));
844  }
845 
846  if (!connection_is_listener(conn)) {
847  buf_free(conn->inbuf);
848  buf_free(conn->outbuf);
849  } else {
850  if (conn->socket_family == AF_UNIX) {
851  /* For now only control and SOCKS ports can be Unix domain sockets
852  * and listeners at the same time */
854 
855  if (unlink(conn->address) < 0 && errno != ENOENT) {
856  log_warn(LD_NET, "Could not unlink %s: %s", conn->address,
857  strerror(errno));
858  }
859  }
860  }
861 
863 
864  if (connection_speaks_cells(conn)) {
865  or_connection_t *or_conn = TO_OR_CONN(conn);
866  if (or_conn->tls) {
867  if (! SOCKET_OK(conn->s)) {
868  /* The socket has been closed by somebody else; we must tell the
869  * TLS object not to close it. */
870  tor_tls_release_socket(or_conn->tls);
871  } else {
872  /* The tor_tls_free() call below will close the socket; we must tell
873  * the code below not to close it a second time. */
875  conn->s = TOR_INVALID_SOCKET;
876  }
877  tor_tls_free(or_conn->tls);
878  or_conn->tls = NULL;
879  }
880  or_handshake_state_free(or_conn->handshake_state);
881  or_conn->handshake_state = NULL;
883  if (or_conn->chan) {
884  /* Owww, this shouldn't happen, but... */
885  channel_t *base_chan = TLS_CHAN_TO_BASE(or_conn->chan);
886  tor_assert(base_chan);
887  log_info(LD_CHANNEL,
888  "Freeing orconn at %p, saw channel %p with ID "
889  "%"PRIu64 " left un-NULLed",
890  or_conn, base_chan,
891  base_chan->global_identifier);
892  if (!CHANNEL_FINISHED(base_chan)) {
893  channel_close_for_error(base_chan);
894  }
895 
896  or_conn->chan->conn = NULL;
897  or_conn->chan = NULL;
898  }
899  }
900  if (conn->type == CONN_TYPE_AP) {
901  entry_connection_t *entry_conn = TO_ENTRY_CONN(conn);
904  if (entry_conn->socks_request)
905  socks_request_free(entry_conn->socks_request);
906  if (entry_conn->pending_optimistic_data) {
907  buf_free(entry_conn->pending_optimistic_data);
908  }
909  if (entry_conn->sending_optimistic_data) {
910  buf_free(entry_conn->sending_optimistic_data);
911  }
912  }
913  if (CONN_IS_EDGE(conn)) {
914  hs_ident_edge_conn_free(TO_EDGE_CONN(conn)->hs_ident);
915  }
916  if (conn->type == CONN_TYPE_CONTROL) {
917  control_connection_t *control_conn = TO_CONTROL_CONN(conn);
918  tor_free(control_conn->safecookie_client_hash);
919  tor_free(control_conn->incoming_cmd);
920  tor_free(control_conn->current_cmd);
921  if (control_conn->ephemeral_onion_services) {
922  SMARTLIST_FOREACH(control_conn->ephemeral_onion_services, char *, cp, {
923  memwipe(cp, 0, strlen(cp));
924  tor_free(cp);
925  });
926  smartlist_free(control_conn->ephemeral_onion_services);
927  }
928  }
929 
930  /* Probably already freed by connection_free. */
931  tor_event_free(conn->read_event);
932  tor_event_free(conn->write_event);
933  conn->read_event = conn->write_event = NULL;
934 
935  if (conn->type == CONN_TYPE_DIR) {
936  dir_connection_t *dir_conn = TO_DIR_CONN(conn);
937  tor_free(dir_conn->requested_resource);
938 
939  tor_compress_free(dir_conn->compress_state);
940  dir_conn_clear_spool(dir_conn);
941 
942  hs_ident_dir_conn_free(dir_conn->hs_ident);
943  if (dir_conn->guard_state) {
944  /* Cancel before freeing, if it's still there. */
945  entry_guard_cancel(&dir_conn->guard_state);
946  }
947  circuit_guard_state_free(dir_conn->guard_state);
948  }
949 
950  if (SOCKET_OK(conn->s)) {
951  log_debug(LD_NET,"closing fd %d.",(int)conn->s);
952  tor_close_socket(conn->s);
953  conn->s = TOR_INVALID_SOCKET;
954  }
955 
956  if (conn->type == CONN_TYPE_OR &&
957  !tor_digest_is_zero(TO_OR_CONN(conn)->identity_digest)) {
958  log_warn(LD_BUG, "called on OR conn with non-zeroed identity_digest");
960  }
961  if (conn->type == CONN_TYPE_OR || conn->type == CONN_TYPE_EXT_OR) {
962  tor_free(TO_OR_CONN(conn)->ext_or_auth_correct_client_hash);
963  tor_free(TO_OR_CONN(conn)->ext_or_transport);
964  }
965 
966  memwipe(mem, 0xCC, memlen); /* poison memory */
967  tor_free(mem);
968 }
969 
970 /** Make sure <b>conn</b> isn't in any of the global conn lists; then free it.
971  */
972 MOCK_IMPL(void,
974 {
975  if (!conn)
976  return;
979  if (BUG(conn->linked_conn)) {
980  conn->linked_conn->linked_conn = NULL;
981  if (! conn->linked_conn->marked_for_close &&
984  conn->linked_conn = NULL;
985  }
986  if (connection_speaks_cells(conn)) {
987  if (!tor_digest_is_zero(TO_OR_CONN(conn)->identity_digest)) {
989  }
990  }
991  if (conn->type == CONN_TYPE_CONTROL) {
993  }
994 #if 1
995  /* DEBUGGING */
996  if (conn->type == CONN_TYPE_AP) {
997  connection_ap_warn_and_unmark_if_pending_circ(TO_ENTRY_CONN(conn),
998  "connection_free");
999  }
1000 #endif /* 1 */
1001 
1002  /* Notify the circuit creation DoS mitigation subsystem that an OR client
1003  * connection has been closed. And only do that if we track it. */
1004  if (conn->type == CONN_TYPE_OR) {
1005  dos_close_client_conn(TO_OR_CONN(conn));
1006  }
1007 
1010 }
1011 
1012 /**
1013  * Called when we're about to finally unlink and free a connection:
1014  * perform necessary accounting and cleanup
1015  * - Directory conns that failed to fetch a rendezvous descriptor
1016  * need to inform pending rendezvous streams.
1017  * - OR conns need to call rep_hist_note_*() to record status.
1018  * - AP conns need to send a socks reject if necessary.
1019  * - Exit conns need to call connection_dns_remove() if necessary.
1020  * - AP and Exit conns need to send an end cell if they can.
1021  * - DNS conns need to fail any resolves that are pending on them.
1022  * - OR and edge connections need to be unlinked from circuits.
1023  */
1024 void
1026 {
1028 
1029  switch (conn->type) {
1030  case CONN_TYPE_DIR:
1032  break;
1033  case CONN_TYPE_OR:
1034  case CONN_TYPE_EXT_OR:
1036  break;
1037  case CONN_TYPE_AP:
1039  break;
1040  case CONN_TYPE_EXIT:
1042  break;
1043  }
1044 }
1045 
1046 /** Return true iff connection_close_immediate() has been called on this
1047  * connection. */
1048 #define CONN_IS_CLOSED(c) \
1049  ((c)->linked ? ((c)->linked_conn_is_closed) : (! SOCKET_OK(c->s)))
1050 
1051 /** Close the underlying socket for <b>conn</b>, so we don't try to
1052  * flush it. Must be used in conjunction with (right before)
1053  * connection_mark_for_close().
1054  */
1055 void
1057 {
1058  assert_connection_ok(conn,0);
1059  if (CONN_IS_CLOSED(conn)) {
1060  log_err(LD_BUG,"Attempt to close already-closed connection.");
1062  return;
1063  }
1064  if (connection_get_outbuf_len(conn)) {
1065  log_info(LD_NET,"fd %d, type %s, state %s, %"TOR_PRIuSZ" bytes on outbuf.",
1066  (int)conn->s, conn_type_to_string(conn->type),
1067  conn_state_to_string(conn->type, conn->state),
1068  buf_datalen(conn->outbuf));
1069  }
1070 
1072 
1073  /* Prevent the event from getting unblocked. */
1074  conn->read_blocked_on_bw = 0;
1075  conn->write_blocked_on_bw = 0;
1076 
1077  if (SOCKET_OK(conn->s))
1078  tor_close_socket(conn->s);
1079  conn->s = TOR_INVALID_SOCKET;
1080  if (conn->linked)
1081  conn->linked_conn_is_closed = 1;
1082  if (conn->outbuf)
1083  buf_clear(conn->outbuf);
1084 }
1085 
1086 /** Mark <b>conn</b> to be closed next time we loop through
1087  * conn_close_if_marked() in main.c. */
1088 void
1089 connection_mark_for_close_(connection_t *conn, int line, const char *file)
1090 {
1091  assert_connection_ok(conn,0);
1092  tor_assert(line);
1093  tor_assert(line < 1<<16); /* marked_for_close can only fit a uint16_t. */
1094  tor_assert(file);
1095 
1096  if (conn->type == CONN_TYPE_OR) {
1097  /*
1098  * An or_connection should have been closed through one of the channel-
1099  * aware functions in connection_or.c. We'll assume this is an error
1100  * close and do that, and log a bug warning.
1101  */
1102  log_warn(LD_CHANNEL | LD_BUG,
1103  "Something tried to close an or_connection_t without going "
1104  "through channels at %s:%d",
1105  file, line);
1107  } else {
1108  /* Pass it down to the real function */
1109  connection_mark_for_close_internal_(conn, line, file);
1110  }
1111 }
1112 
1113 /** Mark <b>conn</b> to be closed next time we loop through
1114  * conn_close_if_marked() in main.c.
1115  *
1116  * This _internal version bypasses the CONN_TYPE_OR checks; this should be
1117  * called when you either are sure that if this is an or_connection_t the
1118  * controlling channel has been notified (e.g. with
1119  * connection_or_notify_error()), or you actually are the
1120  * connection_or_close_for_error() or connection_or_close_normally() function.
1121  * For all other cases, use connection_mark_and_flush() which checks for
1122  * or_connection_t properly, instead. See below.
1123  *
1124  * We want to keep this function simple and quick, since it can be called from
1125  * quite deep in the call chain, and hence it should avoid having side-effects
1126  * that interfere with its callers view of the connection.
1127  */
1128 MOCK_IMPL(void,
1130  int line, const char *file))
1131 {
1132  assert_connection_ok(conn,0);
1133  tor_assert(line);
1134  tor_assert(line < 1<<16); /* marked_for_close can only fit a uint16_t. */
1135  tor_assert(file);
1136 
1137  if (conn->marked_for_close) {
1138  log_warn(LD_BUG,"Duplicate call to connection_mark_for_close at %s:%d"
1139  " (first at %s:%d)", file, line, conn->marked_for_close_file,
1140  conn->marked_for_close);
1142  return;
1143  }
1144 
1145  if (conn->type == CONN_TYPE_OR) {
1146  /*
1147  * Bad news if this happens without telling the controlling channel; do
1148  * this so we can find things that call this wrongly when the asserts hit.
1149  */
1150  log_debug(LD_CHANNEL,
1151  "Calling connection_mark_for_close_internal_() on an OR conn "
1152  "at %s:%d",
1153  file, line);
1154  }
1155 
1156  conn->marked_for_close = line;
1157  conn->marked_for_close_file = file;
1159 
1160  /* in case we're going to be held-open-til-flushed, reset
1161  * the number of seconds since last successful write, so
1162  * we get our whole 15 seconds */
1163  conn->timestamp_last_write_allowed = time(NULL);
1164 
1165  /* Note the connection close. */
1167  conn->socket_family);
1168 }
1169 
1170 /** Find each connection that has hold_open_until_flushed set to
1171  * 1 but hasn't written in the past 15 seconds, and set
1172  * hold_open_until_flushed to 0. This means it will get cleaned
1173  * up in the next loop through close_if_marked() in main.c.
1174  */
1175 void
1177 {
1178  time_t now;
1179  smartlist_t *conns = get_connection_array();
1180 
1181  now = time(NULL);
1182 
1183  SMARTLIST_FOREACH_BEGIN(conns, connection_t *, conn) {
1184  /* If we've been holding the connection open, but we haven't written
1185  * for 15 seconds...
1186  */
1187  if (conn->hold_open_until_flushed) {
1189  if (now - conn->timestamp_last_write_allowed >= 15) {
1190  int severity;
1191  if (conn->type == CONN_TYPE_EXIT ||
1192  (conn->type == CONN_TYPE_DIR &&
1193  conn->purpose == DIR_PURPOSE_SERVER))
1194  severity = LOG_INFO;
1195  else
1196  severity = LOG_NOTICE;
1197  log_fn(severity, LD_NET,
1198  "Giving up on marked_for_close conn that's been flushing "
1199  "for 15s (fd %d, type %s, state %s).",
1200  (int)conn->s, conn_type_to_string(conn->type),
1201  conn_state_to_string(conn->type, conn->state));
1202  conn->hold_open_until_flushed = 0;
1203  }
1204  }
1205  } SMARTLIST_FOREACH_END(conn);
1206 }
1207 
1208 #if defined(HAVE_SYS_UN_H) || defined(RUNNING_DOXYGEN)
1209 /** Create an AF_UNIX listenaddr struct.
1210  * <b>listenaddress</b> provides the path to the Unix socket.
1211  *
1212  * Eventually <b>listenaddress</b> will also optionally contain user, group,
1213  * and file permissions for the new socket. But not yet. XXX
1214  * Also, since we do not create the socket here the information doesn't help
1215  * here.
1216  *
1217  * If not NULL <b>readable_address</b> will contain a copy of the path part of
1218  * <b>listenaddress</b>.
1219  *
1220  * The listenaddr struct has to be freed by the caller.
1221  */
1222 static struct sockaddr_un *
1223 create_unix_sockaddr(const char *listenaddress, char **readable_address,
1224  socklen_t *len_out)
1225 {
1226  struct sockaddr_un *sockaddr = NULL;
1227 
1228  sockaddr = tor_malloc_zero(sizeof(struct sockaddr_un));
1229  sockaddr->sun_family = AF_UNIX;
1230  if (strlcpy(sockaddr->sun_path, listenaddress, sizeof(sockaddr->sun_path))
1231  >= sizeof(sockaddr->sun_path)) {
1232  log_warn(LD_CONFIG, "Unix socket path '%s' is too long to fit.",
1233  escaped(listenaddress));
1234  tor_free(sockaddr);
1235  return NULL;
1236  }
1237 
1238  if (readable_address)
1239  *readable_address = tor_strdup(listenaddress);
1240 
1241  *len_out = sizeof(struct sockaddr_un);
1242  return sockaddr;
1243 }
1244 #else /* !(defined(HAVE_SYS_UN_H) || defined(RUNNING_DOXYGEN)) */
1245 static struct sockaddr *
1246 create_unix_sockaddr(const char *listenaddress, char **readable_address,
1247  socklen_t *len_out)
1248 {
1249  (void)listenaddress;
1250  (void)readable_address;
1252  "Unix domain sockets not supported, yet we tried to create one.");
1253  *len_out = 0;
1255  return NULL;
1256 }
1257 #endif /* defined(HAVE_SYS_UN_H) || defined(RUNNING_DOXYGEN) */
1258 
1259 /**
1260  * A socket failed from resource exhaustion.
1261  *
1262  * Among other actions, warn that an accept or a connect has failed because
1263  * we're running out of TCP sockets we can use on current system. Rate-limit
1264  * these warnings so that we don't spam the log. */
1265 static void
1267 {
1268  /* When we get to this point we know that a socket could not be
1269  * established. However the kernel does not let us know whether the reason is
1270  * because we ran out of TCP source ports, or because we exhausted all the
1271  * FDs on this system, or for any other reason.
1272  *
1273  * For this reason, we are going to use the following heuristic: If our
1274  * system supports a lot of sockets, we will assume that it's a problem of
1275  * TCP port exhaustion. Otherwise, if our system does not support many
1276  * sockets, we will assume that this is because of file descriptor
1277  * exhaustion.
1278  */
1279  if (get_max_sockets() > 65535) {
1280  /* TCP port exhaustion */
1282  } else {
1283  /* File descriptor exhaustion */
1284  rep_hist_note_overload(OVERLOAD_FD_EXHAUSTED);
1285  }
1286 
1287 #define WARN_TOO_MANY_CONNS_INTERVAL (6*60*60)
1288  static ratelim_t last_warned = RATELIM_INIT(WARN_TOO_MANY_CONNS_INTERVAL);
1289  char *m;
1290  if ((m = rate_limit_log(&last_warned, approx_time()))) {
1291  int n_conns = get_n_open_sockets();
1292  log_warn(LD_NET,"Failing because we have %d connections already. Please "
1293  "read doc/TUNING for guidance.%s", n_conns, m);
1294  tor_free(m);
1295  control_event_general_status(LOG_WARN, "TOO_MANY_CONNECTIONS CURRENT=%d",
1296  n_conns);
1297  }
1298 }
1299 
1300 #ifdef HAVE_SYS_UN_H
1301 
1302 #define UNIX_SOCKET_PURPOSE_CONTROL_SOCKET 0
1303 #define UNIX_SOCKET_PURPOSE_SOCKS_SOCKET 1
1304 
1305 /** Check if the purpose isn't one of the ones we know what to do with */
1306 
1307 static int
1308 is_valid_unix_socket_purpose(int purpose)
1309 {
1310  int valid = 0;
1311 
1312  switch (purpose) {
1313  case UNIX_SOCKET_PURPOSE_CONTROL_SOCKET:
1314  case UNIX_SOCKET_PURPOSE_SOCKS_SOCKET:
1315  valid = 1;
1316  break;
1317  }
1318 
1319  return valid;
1320 }
1321 
1322 /** Return a string description of a unix socket purpose */
1323 static const char *
1324 unix_socket_purpose_to_string(int purpose)
1325 {
1326  const char *s = "unknown-purpose socket";
1327 
1328  switch (purpose) {
1329  case UNIX_SOCKET_PURPOSE_CONTROL_SOCKET:
1330  s = "control socket";
1331  break;
1332  case UNIX_SOCKET_PURPOSE_SOCKS_SOCKET:
1333  s = "SOCKS socket";
1334  break;
1335  }
1336 
1337  return s;
1338 }
1339 
1340 /** Check whether we should be willing to open an AF_UNIX socket in
1341  * <b>path</b>. Return 0 if we should go ahead and -1 if we shouldn't. */
1342 static int
1343 check_location_for_unix_socket(const or_options_t *options, const char *path,
1344  int purpose, const port_cfg_t *port)
1345 {
1346  int r = -1;
1347  char *p = NULL;
1348 
1349  tor_assert(is_valid_unix_socket_purpose(purpose));
1350 
1351  p = tor_strdup(path);
1352  cpd_check_t flags = CPD_CHECK_MODE_ONLY;
1353  if (get_parent_directory(p)<0 || p[0] != '/') {
1354  log_warn(LD_GENERAL, "Bad unix socket address '%s'. Tor does not support "
1355  "relative paths for unix sockets.", path);
1356  goto done;
1357  }
1358 
1359  if (port->is_world_writable) {
1360  /* World-writable sockets can go anywhere. */
1361  r = 0;
1362  goto done;
1363  }
1364 
1365  if (port->is_group_writable) {
1366  flags |= CPD_GROUP_OK;
1367  }
1368 
1369  if (port->relax_dirmode_check) {
1370  flags |= CPD_RELAX_DIRMODE_CHECK;
1371  }
1372 
1373  if (check_private_dir(p, flags, options->User) < 0) {
1374  char *escpath, *escdir;
1375  escpath = esc_for_log(path);
1376  escdir = esc_for_log(p);
1377  log_warn(LD_GENERAL, "Before Tor can create a %s in %s, the directory "
1378  "%s needs to exist, and to be accessible only by the user%s "
1379  "account that is running Tor. (On some Unix systems, anybody "
1380  "who can list a socket can connect to it, so Tor is being "
1381  "careful.)",
1382  unix_socket_purpose_to_string(purpose), escpath, escdir,
1383  port->is_group_writable ? " and group" : "");
1384  tor_free(escpath);
1385  tor_free(escdir);
1386  goto done;
1387  }
1388 
1389  r = 0;
1390  done:
1391  tor_free(p);
1392  return r;
1393 }
1394 #endif /* defined(HAVE_SYS_UN_H) */
1395 
1396 /** Tell the TCP stack that it shouldn't wait for a long time after
1397  * <b>sock</b> has closed before reusing its port. Return 0 on success,
1398  * -1 on failure. */
1399 static int
1401 {
1402 #ifdef _WIN32
1403  (void) sock;
1404  return 0;
1405 #else
1406  int one=1;
1407 
1408  /* REUSEADDR on normal places means you can rebind to the port
1409  * right after somebody else has let it go. But REUSEADDR on win32
1410  * means you can bind to the port _even when somebody else
1411  * already has it bound_. So, don't do that on Win32. */
1412  if (setsockopt(sock, SOL_SOCKET, SO_REUSEADDR, (void*) &one,
1413  (socklen_t)sizeof(one)) == -1) {
1414  return -1;
1415  }
1416  return 0;
1417 #endif /* defined(_WIN32) */
1418 }
1419 
1420 #ifdef _WIN32
1421 /** Tell the Windows TCP stack to prevent other applications from receiving
1422  * traffic from tor's open ports. Return 0 on success, -1 on failure. */
1423 static int
1424 make_win32_socket_exclusive(tor_socket_t sock)
1425 {
1426 #ifdef SO_EXCLUSIVEADDRUSE
1427  int one=1;
1428 
1429  /* Any socket that sets REUSEADDR on win32 can bind to a port _even when
1430  * somebody else already has it bound_, and _even if the original socket
1431  * didn't set REUSEADDR_. Use EXCLUSIVEADDRUSE to prevent this port-stealing
1432  * on win32. */
1433  if (setsockopt(sock, SOL_SOCKET, SO_EXCLUSIVEADDRUSE, (void*) &one,
1434  (socklen_t)sizeof(one))) {
1435  return -1;
1436  }
1437  return 0;
1438 #else /* !defined(SO_EXCLUSIVEADDRUSE) */
1439  (void) sock;
1440  return 0;
1441 #endif /* defined(SO_EXCLUSIVEADDRUSE) */
1442 }
1443 #endif /* defined(_WIN32) */
1444 
1445 /** Max backlog to pass to listen. We start at */
1446 static int listen_limit = INT_MAX;
1447 
1448 /* Listen on <b>fd</b> with appropriate backlog. Return as for listen. */
1449 static int
1450 tor_listen(tor_socket_t fd)
1451 {
1452  int r;
1453 
1454  if ((r = listen(fd, listen_limit)) < 0) {
1455  if (listen_limit == SOMAXCONN)
1456  return r;
1457  if ((r = listen(fd, SOMAXCONN)) == 0) {
1458  listen_limit = SOMAXCONN;
1459  log_warn(LD_NET, "Setting listen backlog to INT_MAX connections "
1460  "didn't work, but SOMAXCONN did. Lowering backlog limit.");
1461  }
1462  }
1463  return r;
1464 }
1465 
1466 /** Bind a new non-blocking socket listening to the socket described
1467  * by <b>listensockaddr</b>.
1468  *
1469  * <b>address</b> is only used for logging purposes and to add the information
1470  * to the conn.
1471  *
1472  * Set <b>addr_in_use</b> to true in case socket binding fails with
1473  * EADDRINUSE.
1474  */
1475 static connection_t *
1476 connection_listener_new(const struct sockaddr *listensockaddr,
1477  socklen_t socklen,
1478  int type, const char *address,
1479  const port_cfg_t *port_cfg,
1480  int *addr_in_use)
1481 {
1482  listener_connection_t *lis_conn;
1483  connection_t *conn = NULL;
1484  tor_socket_t s = TOR_INVALID_SOCKET; /* the socket we're going to make */
1485  or_options_t const *options = get_options();
1486  (void) options; /* Windows doesn't use this. */
1487 #if defined(HAVE_PWD_H) && defined(HAVE_SYS_UN_H)
1488  const struct passwd *pw = NULL;
1489 #endif
1490  uint16_t usePort = 0, gotPort = 0;
1491  int start_reading = 0;
1492  static int global_next_session_group = SESSION_GROUP_FIRST_AUTO;
1493  tor_addr_t addr;
1494  int exhaustion = 0;
1495 
1496  if (addr_in_use)
1497  *addr_in_use = 0;
1498 
1499  if (listensockaddr->sa_family == AF_INET ||
1500  listensockaddr->sa_family == AF_INET6) {
1501  int is_stream = (type != CONN_TYPE_AP_DNS_LISTENER);
1502  if (is_stream)
1503  start_reading = 1;
1504 
1505  tor_addr_from_sockaddr(&addr, listensockaddr, &usePort);
1506  log_notice(LD_NET, "Opening %s on %s",
1507  conn_type_to_string(type), fmt_addrport(&addr, usePort));
1508 
1510  is_stream ? SOCK_STREAM : SOCK_DGRAM,
1511  is_stream ? IPPROTO_TCP: IPPROTO_UDP);
1512  if (!SOCKET_OK(s)) {
1513  int e = tor_socket_errno(s);
1514  if (ERRNO_IS_RESOURCE_LIMIT(e)) {
1516  /*
1517  * We'll call the OOS handler at the error exit, so set the
1518  * exhaustion flag for it.
1519  */
1520  exhaustion = 1;
1521  } else {
1522  log_warn(LD_NET, "Socket creation failed: %s",
1523  tor_socket_strerror(e));
1524  }
1525  goto err;
1526  }
1527 
1528  if (make_socket_reuseable(s) < 0) {
1529  log_warn(LD_NET, "Error setting SO_REUSEADDR flag on %s: %s",
1530  conn_type_to_string(type),
1531  tor_socket_strerror(errno));
1532  }
1533 
1534 #ifdef _WIN32
1535  if (make_win32_socket_exclusive(s) < 0) {
1536  log_warn(LD_NET, "Error setting SO_EXCLUSIVEADDRUSE flag on %s: %s",
1537  conn_type_to_string(type),
1538  tor_socket_strerror(errno));
1539  }
1540 #endif /* defined(_WIN32) */
1541 
1542 #if defined(USE_TRANSPARENT) && defined(IP_TRANSPARENT)
1543  if (options->TransProxyType_parsed == TPT_TPROXY &&
1544  type == CONN_TYPE_AP_TRANS_LISTENER) {
1545  int one = 1;
1546  if (setsockopt(s, SOL_IP, IP_TRANSPARENT, (void*)&one,
1547  (socklen_t)sizeof(one)) < 0) {
1548  const char *extra = "";
1549  int e = tor_socket_errno(s);
1550  if (e == EPERM)
1551  extra = "TransTPROXY requires root privileges or similar"
1552  " capabilities.";
1553  log_warn(LD_NET, "Error setting IP_TRANSPARENT flag: %s.%s",
1554  tor_socket_strerror(e), extra);
1555  }
1556  }
1557 #endif /* defined(USE_TRANSPARENT) && defined(IP_TRANSPARENT) */
1558 
1559 #ifdef IPV6_V6ONLY
1560  if (listensockaddr->sa_family == AF_INET6) {
1561  int one = 1;
1562  /* We need to set IPV6_V6ONLY so that this socket can't get used for
1563  * IPv4 connections. */
1564  if (setsockopt(s,IPPROTO_IPV6, IPV6_V6ONLY,
1565  (void*)&one, (socklen_t)sizeof(one)) < 0) {
1566  int e = tor_socket_errno(s);
1567  log_warn(LD_NET, "Error setting IPV6_V6ONLY flag: %s",
1568  tor_socket_strerror(e));
1569  /* Keep going; probably not harmful. */
1570  }
1571  }
1572 #endif /* defined(IPV6_V6ONLY) */
1573 
1574  if (bind(s,listensockaddr,socklen) < 0) {
1575  const char *helpfulhint = "";
1576  int e = tor_socket_errno(s);
1577  if (ERRNO_IS_EADDRINUSE(e)) {
1578  helpfulhint = ". Is Tor already running?";
1579  if (addr_in_use)
1580  *addr_in_use = 1;
1581  }
1582  log_warn(LD_NET, "Could not bind to %s:%u: %s%s", address, usePort,
1583  tor_socket_strerror(e), helpfulhint);
1584  goto err;
1585  }
1586 
1587  if (is_stream) {
1588  if (tor_listen(s) < 0) {
1589  log_warn(LD_NET, "Could not listen on %s:%u: %s", address, usePort,
1590  tor_socket_strerror(tor_socket_errno(s)));
1591  goto err;
1592  }
1593  }
1594 
1595  if (usePort != 0) {
1596  gotPort = usePort;
1597  } else {
1598  tor_addr_t addr2;
1599  struct sockaddr_storage ss;
1600  socklen_t ss_len=sizeof(ss);
1601  if (getsockname(s, (struct sockaddr*)&ss, &ss_len)<0) {
1602  log_warn(LD_NET, "getsockname() couldn't learn address for %s: %s",
1603  conn_type_to_string(type),
1604  tor_socket_strerror(tor_socket_errno(s)));
1605  gotPort = 0;
1606  }
1607  tor_addr_from_sockaddr(&addr2, (struct sockaddr*)&ss, &gotPort);
1608  }
1609 #ifdef HAVE_SYS_UN_H
1610  /*
1611  * AF_UNIX generic setup stuff
1612  */
1613  } else if (listensockaddr->sa_family == AF_UNIX) {
1614  /* We want to start reading for both AF_UNIX cases */
1615  start_reading = 1;
1616 
1618 
1619  if (check_location_for_unix_socket(options, address,
1620  (type == CONN_TYPE_CONTROL_LISTENER) ?
1621  UNIX_SOCKET_PURPOSE_CONTROL_SOCKET :
1622  UNIX_SOCKET_PURPOSE_SOCKS_SOCKET, port_cfg) < 0) {
1623  goto err;
1624  }
1625 
1626  log_notice(LD_NET, "Opening %s on %s",
1627  conn_type_to_string(type), address);
1628 
1629  tor_addr_make_unspec(&addr);
1630 
1631  if (unlink(address) < 0 && errno != ENOENT) {
1632  log_warn(LD_NET, "Could not unlink %s: %s", address,
1633  strerror(errno));
1634  goto err;
1635  }
1636 
1637  s = tor_open_socket_nonblocking(AF_UNIX, SOCK_STREAM, 0);
1638  if (! SOCKET_OK(s)) {
1639  int e = tor_socket_errno(s);
1640  if (ERRNO_IS_RESOURCE_LIMIT(e)) {
1642  /*
1643  * We'll call the OOS handler at the error exit, so set the
1644  * exhaustion flag for it.
1645  */
1646  exhaustion = 1;
1647  } else {
1648  log_warn(LD_NET,"Socket creation failed: %s.", strerror(e));
1649  }
1650  goto err;
1651  }
1652 
1653  if (bind(s, listensockaddr,
1654  (socklen_t)sizeof(struct sockaddr_un)) == -1) {
1655  log_warn(LD_NET,"Bind to %s failed: %s.", address,
1656  tor_socket_strerror(tor_socket_errno(s)));
1657  goto err;
1658  }
1659 
1660 #ifdef HAVE_PWD_H
1661  if (options->User) {
1662  pw = tor_getpwnam(options->User);
1663  struct stat st;
1664  if (pw == NULL) {
1665  log_warn(LD_NET,"Unable to chown() %s socket: user %s not found.",
1666  address, options->User);
1667  goto err;
1668  } else if (fstat(s, &st) == 0 &&
1669  st.st_uid == pw->pw_uid && st.st_gid == pw->pw_gid) {
1670  /* No change needed */
1671  } else if (chown(sandbox_intern_string(address),
1672  pw->pw_uid, pw->pw_gid) < 0) {
1673  log_warn(LD_NET,"Unable to chown() %s socket: %s.",
1674  address, strerror(errno));
1675  goto err;
1676  }
1677  }
1678 #endif /* defined(HAVE_PWD_H) */
1679 
1680  {
1681  unsigned mode;
1682  const char *status;
1683  struct stat st;
1684  if (port_cfg->is_world_writable) {
1685  mode = 0666;
1686  status = "world-writable";
1687  } else if (port_cfg->is_group_writable) {
1688  mode = 0660;
1689  status = "group-writable";
1690  } else {
1691  mode = 0600;
1692  status = "private";
1693  }
1694  /* We need to use chmod; fchmod doesn't work on sockets on all
1695  * platforms. */
1696  if (fstat(s, &st) == 0 && (st.st_mode & 0777) == mode) {
1697  /* no change needed */
1698  } else if (chmod(sandbox_intern_string(address), mode) < 0) {
1699  log_warn(LD_FS,"Unable to make %s %s.", address, status);
1700  goto err;
1701  }
1702  }
1703 
1704  if (listen(s, SOMAXCONN) < 0) {
1705  log_warn(LD_NET, "Could not listen on %s: %s", address,
1706  tor_socket_strerror(tor_socket_errno(s)));
1707  goto err;
1708  }
1709 
1710 #ifndef __APPLE__
1711  /* This code was introduced to help debug #28229. */
1712  int value;
1713  socklen_t len = sizeof(value);
1714 
1715  if (!getsockopt(s, SOL_SOCKET, SO_ACCEPTCONN, &value, &len)) {
1716  if (value == 0) {
1717  log_err(LD_NET, "Could not listen on %s - "
1718  "getsockopt(.,SO_ACCEPTCONN,.) yields 0.", address);
1719  goto err;
1720  }
1721  }
1722 #endif /* !defined(__APPLE__) */
1723 #endif /* defined(HAVE_SYS_UN_H) */
1724  } else {
1725  log_err(LD_BUG, "Got unexpected address family %d.",
1726  listensockaddr->sa_family);
1727  tor_assert(0);
1728  }
1729 
1730  lis_conn = listener_connection_new(type, listensockaddr->sa_family);
1731  conn = TO_CONN(lis_conn);
1732  conn->socket_family = listensockaddr->sa_family;
1733  conn->s = s;
1734  s = TOR_INVALID_SOCKET; /* Prevent double-close */
1735  conn->address = tor_strdup(address);
1736  conn->port = gotPort;
1737  tor_addr_copy(&conn->addr, &addr);
1738 
1739  memcpy(&lis_conn->entry_cfg, &port_cfg->entry_cfg, sizeof(entry_port_cfg_t));
1740 
1741  if (port_cfg->entry_cfg.isolation_flags) {
1742  lis_conn->entry_cfg.isolation_flags = port_cfg->entry_cfg.isolation_flags;
1743  if (port_cfg->entry_cfg.session_group >= 0) {
1744  lis_conn->entry_cfg.session_group = port_cfg->entry_cfg.session_group;
1745  } else {
1746  /* This can wrap after around INT_MAX listeners are opened. But I don't
1747  * believe that matters, since you would need to open a ridiculous
1748  * number of listeners while keeping the early ones open before you ever
1749  * hit this. An OR with a dozen ports open, for example, would have to
1750  * close and re-open its listeners every second for 4 years nonstop.
1751  */
1752  lis_conn->entry_cfg.session_group = global_next_session_group--;
1753  }
1754  }
1755 
1756  if (connection_add(conn) < 0) { /* no space, forget it */
1757  log_warn(LD_NET,"connection_add for listener failed. Giving up.");
1758  goto err;
1759  }
1760 
1761  log_fn(usePort==gotPort ? LOG_DEBUG : LOG_NOTICE, LD_NET,
1762  "%s listening on port %u.",
1763  conn_type_to_string(type), gotPort);
1764 
1765  conn->state = LISTENER_STATE_READY;
1766  if (start_reading) {
1768  } else {
1771  }
1772 
1773  /*
1774  * Normal exit; call the OOS handler since connection count just changed;
1775  * the exhaustion flag will always be zero here though.
1776  */
1778 
1779  log_notice(LD_NET, "Opened %s", connection_describe(conn));
1780 
1781  return conn;
1782 
1783  err:
1784  if (SOCKET_OK(s))
1785  tor_close_socket(s);
1786  if (conn)
1787  connection_free(conn);
1788 
1789  /* Call the OOS handler, indicate if we saw an exhaustion-related error */
1791 
1792  return NULL;
1793 }
1794 
1795 /**
1796  * Create a new listener connection for a given <b>port</b>. In case we
1797  * for a reason that is not an error condition, set <b>defer</b>
1798  * to true. If we cannot bind listening socket because address is already
1799  * in use, set <b>addr_in_use</b> to true.
1800  */
1801 static connection_t *
1803  int *defer, int *addr_in_use)
1804 {
1805  connection_t *conn;
1806  struct sockaddr *listensockaddr;
1807  socklen_t listensocklen = 0;
1808  char *address=NULL;
1809  int real_port = port->port == CFG_AUTO_PORT ? 0 : port->port;
1810  tor_assert(real_port <= UINT16_MAX);
1811 
1812  if (defer)
1813  *defer = 0;
1814 
1815  if (port->server_cfg.no_listen) {
1816  if (defer)
1817  *defer = 1;
1818  return NULL;
1819  }
1820 
1821 #ifndef _WIN32
1822  /* We don't need to be root to create a UNIX socket, so defer until after
1823  * setuid. */
1824  const or_options_t *options = get_options();
1825  if (port->is_unix_addr && !geteuid() && (options->User) &&
1826  strcmp(options->User, "root")) {
1827  if (defer)
1828  *defer = 1;
1829  return NULL;
1830  }
1831 #endif /* !defined(_WIN32) */
1832 
1833  if (port->is_unix_addr) {
1834  listensockaddr = (struct sockaddr *)
1835  create_unix_sockaddr(port->unix_addr,
1836  &address, &listensocklen);
1837  } else {
1838  listensockaddr = tor_malloc(sizeof(struct sockaddr_storage));
1839  listensocklen = tor_addr_to_sockaddr(&port->addr,
1840  real_port,
1841  listensockaddr,
1842  sizeof(struct sockaddr_storage));
1843  address = tor_addr_to_str_dup(&port->addr);
1844  }
1845 
1846  if (listensockaddr) {
1847  conn = connection_listener_new(listensockaddr, listensocklen,
1848  port->type, address, port,
1849  addr_in_use);
1850  tor_free(listensockaddr);
1851  tor_free(address);
1852  } else {
1853  conn = NULL;
1854  }
1855 
1856  return conn;
1857 }
1858 
1859 /** Do basic sanity checking on a newly received socket. Return 0
1860  * if it looks ok, else return -1.
1861  *
1862  * Notably, some TCP stacks can erroneously have accept() return successfully
1863  * with socklen 0, when the client sends an RST before the accept call (as
1864  * nmap does). We want to detect that, and not go on with the connection.
1865  */
1866 static int
1867 check_sockaddr(const struct sockaddr *sa, int len, int level)
1868 {
1869  int ok = 1;
1870 
1871  if (sa->sa_family == AF_INET) {
1872  struct sockaddr_in *sin=(struct sockaddr_in*)sa;
1873  if (len != sizeof(struct sockaddr_in)) {
1874  log_fn(level, LD_NET, "Length of address not as expected: %d vs %d",
1875  len,(int)sizeof(struct sockaddr_in));
1876  ok = 0;
1877  }
1878  if (sin->sin_addr.s_addr == 0 || sin->sin_port == 0) {
1879  log_fn(level, LD_NET,
1880  "Address for new connection has address/port equal to zero.");
1881  ok = 0;
1882  }
1883  } else if (sa->sa_family == AF_INET6) {
1884  struct sockaddr_in6 *sin6=(struct sockaddr_in6*)sa;
1885  if (len != sizeof(struct sockaddr_in6)) {
1886  log_fn(level, LD_NET, "Length of address not as expected: %d vs %d",
1887  len,(int)sizeof(struct sockaddr_in6));
1888  ok = 0;
1889  }
1890  if (fast_mem_is_zero((void*)sin6->sin6_addr.s6_addr, 16) ||
1891  sin6->sin6_port == 0) {
1892  log_fn(level, LD_NET,
1893  "Address for new connection has address/port equal to zero.");
1894  ok = 0;
1895  }
1896  } else if (sa->sa_family == AF_UNIX) {
1897  ok = 1;
1898  } else {
1899  ok = 0;
1900  }
1901  return ok ? 0 : -1;
1902 }
1903 
1904 /** Check whether the socket family from an accepted socket <b>got</b> is the
1905  * same as the one that <b>listener</b> is waiting for. If it isn't, log
1906  * a useful message and return -1. Else return 0.
1907  *
1908  * This is annoying, but can apparently happen on some Darwins. */
1909 static int
1911 {
1912  if (got != listener->socket_family) {
1913  log_info(LD_BUG, "A listener connection returned a socket with a "
1914  "mismatched family. %s for addr_family %d gave us a socket "
1915  "with address family %d. Dropping.",
1916  conn_type_to_string(listener->type),
1917  (int)listener->socket_family,
1918  (int)got);
1919  return -1;
1920  }
1921  return 0;
1922 }
1923 
1924 /** The listener connection <b>conn</b> told poll() it wanted to read.
1925  * Call accept() on conn->s, and add the new connection if necessary.
1926  */
1927 static int
1929 {
1930  tor_socket_t news; /* the new socket */
1931  connection_t *newconn = 0;
1932  /* information about the remote peer when connecting to other routers */
1933  struct sockaddr_storage addrbuf;
1934  struct sockaddr *remote = (struct sockaddr*)&addrbuf;
1935  /* length of the remote address. Must be whatever accept() needs. */
1936  socklen_t remotelen = (socklen_t)sizeof(addrbuf);
1937  const or_options_t *options = get_options();
1938 
1939  tor_assert((size_t)remotelen >= sizeof(struct sockaddr_in));
1940  memset(&addrbuf, 0, sizeof(addrbuf));
1941 
1942  news = tor_accept_socket_nonblocking(conn->s,remote,&remotelen);
1943  if (!SOCKET_OK(news)) { /* accept() error */
1944  int e = tor_socket_errno(conn->s);
1945  if (ERRNO_IS_ACCEPT_EAGAIN(e)) {
1946  /*
1947  * they hung up before we could accept(). that's fine.
1948  *
1949  * give the OOS handler a chance to run though
1950  */
1952  return 0;
1953  } else if (ERRNO_IS_RESOURCE_LIMIT(e)) {
1955  /* Exhaustion; tell the OOS handler */
1957  return 0;
1958  }
1959  /* else there was a real error. */
1960  log_warn(LD_NET,"accept() failed: %s. Closing listener.",
1961  tor_socket_strerror(e));
1962  connection_mark_for_close(conn);
1963  /* Tell the OOS handler about this too */
1965  return -1;
1966  }
1967  log_debug(LD_NET,
1968  "Connection accepted on socket %d (child of fd %d).",
1969  (int)news,(int)conn->s);
1970 
1971  /* We accepted a new conn; run OOS handler */
1973 
1974  if (make_socket_reuseable(news) < 0) {
1975  if (tor_socket_errno(news) == EINVAL) {
1976  /* This can happen on OSX if we get a badly timed shutdown. */
1977  log_debug(LD_NET, "make_socket_reuseable returned EINVAL");
1978  } else {
1979  log_warn(LD_NET, "Error setting SO_REUSEADDR flag on %s: %s",
1980  conn_type_to_string(new_type),
1981  tor_socket_strerror(errno));
1982  }
1983  tor_close_socket(news);
1984  return 0;
1985  }
1986 
1987  if (options->ConstrainedSockets)
1989 
1990  if (check_sockaddr_family_match(remote->sa_family, conn) < 0) {
1991  tor_close_socket(news);
1992  return 0;
1993  }
1994 
1995  if (conn->socket_family == AF_INET || conn->socket_family == AF_INET6 ||
1996  (conn->socket_family == AF_UNIX && new_type == CONN_TYPE_AP)) {
1997  tor_addr_t addr;
1998  uint16_t port;
1999  if (check_sockaddr(remote, remotelen, LOG_INFO)<0) {
2000  log_info(LD_NET,
2001  "accept() returned a strange address; closing connection.");
2002  tor_close_socket(news);
2003  return 0;
2004  }
2005 
2006  tor_addr_from_sockaddr(&addr, remote, &port);
2007 
2008  /* process entrance policies here, before we even create the connection */
2009  if (new_type == CONN_TYPE_AP) {
2010  /* check sockspolicy to see if we should accept it */
2011  if (socks_policy_permits_address(&addr) == 0) {
2012  log_notice(LD_APP,
2013  "Denying socks connection from untrusted address %s.",
2014  fmt_and_decorate_addr(&addr));
2015  rep_hist_note_conn_rejected(new_type, conn->socket_family);
2016  tor_close_socket(news);
2017  return 0;
2018  }
2019  }
2020  if (new_type == CONN_TYPE_DIR) {
2021  /* check dirpolicy to see if we should accept it */
2022  if (dir_policy_permits_address(&addr) == 0) {
2023  log_notice(LD_DIRSERV,"Denying dir connection from address %s.",
2024  fmt_and_decorate_addr(&addr));
2025  rep_hist_note_conn_rejected(new_type, conn->socket_family);
2026  tor_close_socket(news);
2027  return 0;
2028  }
2029  }
2030  if (new_type == CONN_TYPE_OR) {
2031  /* Assess with the connection DoS mitigation subsystem if this address
2032  * can open a new connection. */
2033  if (dos_conn_addr_get_defense_type(&addr) == DOS_CONN_DEFENSE_CLOSE) {
2034  rep_hist_note_conn_rejected(new_type, conn->socket_family);
2035  tor_close_socket(news);
2036  return 0;
2037  }
2038  }
2039 
2040  newconn = connection_new(new_type, conn->socket_family);
2041  newconn->s = news;
2042 
2043  /* remember the remote address */
2044  tor_addr_copy(&newconn->addr, &addr);
2045  if (new_type == CONN_TYPE_AP && conn->socket_family == AF_UNIX) {
2046  newconn->port = 0;
2047  newconn->address = tor_strdup(conn->address);
2048  } else {
2049  newconn->port = port;
2050  newconn->address = tor_addr_to_str_dup(&addr);
2051  }
2052 
2053  if (new_type == CONN_TYPE_AP && conn->socket_family != AF_UNIX) {
2054  log_info(LD_NET, "New SOCKS connection opened from %s.",
2055  fmt_and_decorate_addr(&addr));
2056  }
2057  if (new_type == CONN_TYPE_AP && conn->socket_family == AF_UNIX) {
2058  log_info(LD_NET, "New SOCKS AF_UNIX connection opened");
2059  }
2060  if (new_type == CONN_TYPE_CONTROL) {
2061  log_notice(LD_CONTROL, "New control connection opened from %s.",
2062  fmt_and_decorate_addr(&addr));
2063  }
2064  if (new_type == CONN_TYPE_METRICS) {
2065  log_info(LD_CONTROL, "New metrics connection opened from %s.",
2066  fmt_and_decorate_addr(&addr));
2067  }
2068 
2069  } else if (conn->socket_family == AF_UNIX && conn->type != CONN_TYPE_AP) {
2071  tor_assert(new_type == CONN_TYPE_CONTROL);
2072  log_notice(LD_CONTROL, "New control connection opened.");
2073 
2074  newconn = connection_new(new_type, conn->socket_family);
2075  newconn->s = news;
2076 
2077  /* remember the remote address -- do we have anything sane to put here? */
2078  tor_addr_make_unspec(&newconn->addr);
2079  newconn->port = 1;
2080  newconn->address = tor_strdup(conn->address);
2081  } else {
2082  tor_assert(0);
2083  };
2084 
2085  /* We are receiving this connection. */
2086  newconn->from_listener = 1;
2087 
2088  if (connection_add(newconn) < 0) { /* no space, forget it */
2089  connection_free(newconn);
2090  return 0; /* no need to tear down the parent */
2091  }
2092 
2093  if (connection_init_accepted_conn(newconn, TO_LISTENER_CONN(conn)) < 0) {
2094  if (! newconn->marked_for_close)
2095  connection_mark_for_close(newconn);
2096  return 0;
2097  }
2098 
2099  note_connection(true /* inbound */, newconn);
2100 
2101  return 0;
2102 }
2103 
2104 /** Initialize states for newly accepted connection <b>conn</b>.
2105  *
2106  * If conn is an OR, start the TLS handshake.
2107  *
2108  * If conn is a transparent AP, get its original destination
2109  * and place it in circuit_wait.
2110  *
2111  * The <b>listener</b> parameter is only used for AP connections.
2112  */
2113 int
2115  const listener_connection_t *listener)
2116 {
2117  int rv;
2118 
2120 
2121  switch (conn->type) {
2122  case CONN_TYPE_EXT_OR:
2123  /* Initiate Extended ORPort authentication. */
2125  case CONN_TYPE_OR:
2126  connection_or_event_status(TO_OR_CONN(conn), OR_CONN_EVENT_NEW, 0);
2128  if (rv < 0) {
2130  }
2131  return rv;
2132  break;
2133  case CONN_TYPE_AP:
2134  memcpy(&TO_ENTRY_CONN(conn)->entry_cfg, &listener->entry_cfg,
2135  sizeof(entry_port_cfg_t));
2137  TO_ENTRY_CONN(conn)->socks_request->listener_type = listener->base_.type;
2138 
2139  /* Any incoming connection on an entry port counts as user activity. */
2141 
2142  switch (TO_CONN(listener)->type) {
2143  case CONN_TYPE_AP_LISTENER:
2146  listener->entry_cfg.socks_prefer_no_auth;
2148  listener->entry_cfg.extended_socks5_codes;
2149  break;
2151  TO_ENTRY_CONN(conn)->is_transparent_ap = 1;
2152  /* XXXX028 -- is this correct still, with the addition of
2153  * pending_entry_connections ? */
2157  TO_ENTRY_CONN(conn)->is_transparent_ap = 1;
2159  break;
2162  }
2163  break;
2164  case CONN_TYPE_DIR:
2165  conn->purpose = DIR_PURPOSE_SERVER;
2167  break;
2168  case CONN_TYPE_CONTROL:
2170  break;
2171  }
2172  return 0;
2173 }
2174 
2175 /** Take conn, make a nonblocking socket; try to connect to
2176  * sa, binding to bindaddr if sa is not localhost. If fail, return -1 and if
2177  * applicable put your best guess about errno into *<b>socket_error</b>.
2178  * If connected return 1, if EAGAIN return 0.
2179  */
2180 MOCK_IMPL(STATIC int,
2182  const struct sockaddr *sa,
2183  socklen_t sa_len,
2184  const struct sockaddr *bindaddr,
2185  socklen_t bindaddr_len,
2186  int *socket_error))
2187 {
2188  tor_socket_t s;
2189  int inprogress = 0;
2190  const or_options_t *options = get_options();
2191 
2192  tor_assert(conn);
2193  tor_assert(sa);
2194  tor_assert(socket_error);
2195 
2197  /* We should never even try to connect anyplace if the network is
2198  * completely shut off.
2199  *
2200  * (We don't check net_is_disabled() here, since we still sometimes
2201  * want to open connections when we're in soft hibernation.)
2202  */
2203  static ratelim_t disablenet_violated = RATELIM_INIT(30*60);
2204  *socket_error = SOCK_ERRNO(ENETUNREACH);
2205  log_fn_ratelim(&disablenet_violated, LOG_WARN, LD_BUG,
2206  "Tried to open a socket with DisableNetwork set.");
2208  return -1;
2209  }
2210 
2211  const int protocol_family = sa->sa_family;
2212  const int proto = (sa->sa_family == AF_INET6 ||
2213  sa->sa_family == AF_INET) ? IPPROTO_TCP : 0;
2214 
2215  s = tor_open_socket_nonblocking(protocol_family, SOCK_STREAM, proto);
2216  if (! SOCKET_OK(s)) {
2217  /*
2218  * Early OOS handler calls; it matters if it's an exhaustion-related
2219  * error or not.
2220  */
2221  *socket_error = tor_socket_errno(s);
2222  if (ERRNO_IS_RESOURCE_LIMIT(*socket_error)) {
2225  } else {
2226  log_warn(LD_NET,"Error creating network socket: %s",
2227  tor_socket_strerror(*socket_error));
2229  }
2230  return -1;
2231  }
2232 
2233  if (make_socket_reuseable(s) < 0) {
2234  log_warn(LD_NET, "Error setting SO_REUSEADDR flag on new connection: %s",
2235  tor_socket_strerror(errno));
2236  }
2237 
2238 #ifdef IP_BIND_ADDRESS_NO_PORT
2239  static int try_ip_bind_address_no_port = 1;
2240  if (bindaddr && try_ip_bind_address_no_port &&
2241  setsockopt(s, SOL_IP, IP_BIND_ADDRESS_NO_PORT, &(int){1}, sizeof(int))) {
2242  if (errno == EINVAL) {
2243  log_notice(LD_NET, "Tor was built with support for "
2244  "IP_BIND_ADDRESS_NO_PORT, but the current kernel "
2245  "doesn't support it. This might cause Tor to run out "
2246  "of ephemeral ports more quickly.");
2247  try_ip_bind_address_no_port = 0;
2248  } else {
2249  log_warn(LD_NET, "Error setting IP_BIND_ADDRESS_NO_PORT on new "
2250  "connection: %s", tor_socket_strerror(errno));
2251  }
2252  }
2253 #endif
2254 
2255  if (bindaddr && bind(s, bindaddr, bindaddr_len) < 0) {
2256  *socket_error = tor_socket_errno(s);
2257  if (ERRNO_IS_EADDRINUSE(*socket_error)) {
2260  } else {
2261  log_warn(LD_NET,"Error binding network socket: %s",
2262  tor_socket_strerror(*socket_error));
2264  }
2265  tor_close_socket(s);
2266  return -1;
2267  }
2268 
2269  /*
2270  * We've got the socket open and bound; give the OOS handler a chance to
2271  * check against configured maximum socket number, but tell it no exhaustion
2272  * failure.
2273  */
2275 
2276  tor_assert(options);
2277  if (options->ConstrainedSockets)
2279 
2280  if (connect(s, sa, sa_len) < 0) {
2281  int e = tor_socket_errno(s);
2282  if (!ERRNO_IS_CONN_EINPROGRESS(e)) {
2283  /* yuck. kill it. */
2284  *socket_error = e;
2285  log_info(LD_NET,
2286  "connect() to socket failed: %s",
2287  tor_socket_strerror(e));
2288  tor_close_socket(s);
2289  return -1;
2290  } else {
2291  inprogress = 1;
2292  }
2293  }
2294 
2295  note_connection(false /* outbound */, conn);
2296 
2297  /* it succeeded. we're connected. */
2298  log_fn(inprogress ? LOG_DEBUG : LOG_INFO, LD_NET,
2299  "Connection to socket %s (sock "TOR_SOCKET_T_FORMAT").",
2300  inprogress ? "in progress" : "established", s);
2301  conn->s = s;
2302  if (connection_add_connecting(conn) < 0) {
2303  /* no space, forget it */
2304  *socket_error = SOCK_ERRNO(ENOBUFS);
2305  return -1;
2306  }
2307 
2308  return inprogress ? 0 : 1;
2309 }
2310 
2311 /* Log a message if connection attempt is made when IPv4 or IPv6 is disabled.
2312  * Log a less severe message if we couldn't conform to ClientPreferIPv6ORPort
2313  * or ClientPreferIPv6ORPort. */
2314 static void
2315 connection_connect_log_client_use_ip_version(const connection_t *conn)
2316 {
2317  const or_options_t *options = get_options();
2318 
2319  /* Only clients care about ClientUseIPv4/6, bail out early on servers, and
2320  * on connections we don't care about */
2321  if (server_mode(options) || !conn || conn->type == CONN_TYPE_EXIT) {
2322  return;
2323  }
2324 
2325  /* We're only prepared to log OR and DIR connections here */
2326  if (conn->type != CONN_TYPE_OR && conn->type != CONN_TYPE_DIR) {
2327  return;
2328  }
2329 
2330  const int must_ipv4 = !reachable_addr_use_ipv6(options);
2331  const int must_ipv6 = (options->ClientUseIPv4 == 0);
2332  const int pref_ipv6 = (conn->type == CONN_TYPE_OR
2335  tor_addr_t real_addr;
2336  tor_addr_copy(&real_addr, &conn->addr);
2337 
2338  /* Check if we broke a mandatory address family restriction */
2339  if ((must_ipv4 && tor_addr_family(&real_addr) == AF_INET6)
2340  || (must_ipv6 && tor_addr_family(&real_addr) == AF_INET)) {
2341  static int logged_backtrace = 0;
2342  log_info(LD_BUG, "Outgoing %s connection to %s violated ClientUseIPv%s 0.",
2343  conn->type == CONN_TYPE_OR ? "OR" : "Dir",
2344  fmt_addr(&real_addr),
2345  options->ClientUseIPv4 == 0 ? "4" : "6");
2346  if (!logged_backtrace) {
2347  log_backtrace(LOG_INFO, LD_BUG, "Address came from");
2348  logged_backtrace = 1;
2349  }
2350  }
2351 
2352  /* Bridges are allowed to break IPv4/IPv6 ORPort preferences to connect to
2353  * the node's configured address when ClientPreferIPv6ORPort is auto */
2354  if (options->UseBridges && conn->type == CONN_TYPE_OR
2355  && options->ClientPreferIPv6ORPort == -1) {
2356  return;
2357  }
2358 
2359  if (reachable_addr_use_ipv6(options)) {
2360  log_info(LD_NET, "Our outgoing connection is using IPv%d.",
2361  tor_addr_family(&real_addr) == AF_INET6 ? 6 : 4);
2362  }
2363 
2364  /* Check if we couldn't satisfy an address family preference */
2365  if ((!pref_ipv6 && tor_addr_family(&real_addr) == AF_INET6)
2366  || (pref_ipv6 && tor_addr_family(&real_addr) == AF_INET)) {
2367  log_info(LD_NET, "Outgoing connection to %s doesn't satisfy "
2368  "ClientPreferIPv6%sPort %d, with ClientUseIPv4 %d, and "
2369  "reachable_addr_use_ipv6 %d (ClientUseIPv6 %d and UseBridges "
2370  "%d).",
2371  fmt_addr(&real_addr),
2372  conn->type == CONN_TYPE_OR ? "OR" : "Dir",
2373  conn->type == CONN_TYPE_OR ? options->ClientPreferIPv6ORPort
2374  : options->ClientPreferIPv6DirPort,
2375  options->ClientUseIPv4, reachable_addr_use_ipv6(options),
2376  options->ClientUseIPv6, options->UseBridges);
2377  }
2378 }
2379 
2380 /** Retrieve the outbound address depending on the protocol (IPv4 or IPv6)
2381  * and the connection type (relay, exit, ...)
2382  * Return a socket address or NULL in case nothing is configured.
2383  **/
2384 const tor_addr_t *
2386  const or_options_t *options, unsigned int conn_type)
2387 {
2388  const tor_addr_t *ext_addr = NULL;
2389 
2390  int fam_index;
2391  switch (family) {
2392  case AF_INET:
2393  fam_index = 0;
2394  break;
2395  case AF_INET6:
2396  fam_index = 1;
2397  break;
2398  default:
2399  return NULL;
2400  }
2401 
2402  // If an exit connection, use the exit address (if present)
2403  if (conn_type == CONN_TYPE_EXIT) {
2404  if (!tor_addr_is_null(
2405  &options->OutboundBindAddresses[OUTBOUND_ADDR_EXIT][fam_index])) {
2406  ext_addr = &options->OutboundBindAddresses[OUTBOUND_ADDR_EXIT]
2407  [fam_index];
2408  } else if (!tor_addr_is_null(
2410  [fam_index])) {
2411  ext_addr = &options->OutboundBindAddresses[OUTBOUND_ADDR_ANY]
2412  [fam_index];
2413  }
2414  } else { // All non-exit connections
2415  if (!tor_addr_is_null(
2416  &options->OutboundBindAddresses[OUTBOUND_ADDR_OR][fam_index])) {
2417  ext_addr = &options->OutboundBindAddresses[OUTBOUND_ADDR_OR]
2418  [fam_index];
2419  } else if (!tor_addr_is_null(
2421  [fam_index])) {
2422  ext_addr = &options->OutboundBindAddresses[OUTBOUND_ADDR_ANY]
2423  [fam_index];
2424  }
2425  }
2426  return ext_addr;
2427 }
2428 
2429 /** Take conn, make a nonblocking socket; try to connect to
2430  * addr:port (port arrives in *host order*). If fail, return -1 and if
2431  * applicable put your best guess about errno into *<b>socket_error</b>.
2432  * Else assign s to conn->s: if connected return 1, if EAGAIN return 0.
2433  *
2434  * addr:port can be different to conn->addr:conn->port if connecting through
2435  * a proxy.
2436  *
2437  * address is used to make the logs useful.
2438  *
2439  * On success, add conn to the list of polled connections.
2440  */
2441 int
2442 connection_connect(connection_t *conn, const char *address,
2443  const tor_addr_t *addr, uint16_t port, int *socket_error)
2444 {
2445  struct sockaddr_storage addrbuf;
2446  struct sockaddr_storage bind_addr_ss;
2447  struct sockaddr *bind_addr = NULL;
2448  struct sockaddr *dest_addr;
2449  int dest_addr_len, bind_addr_len = 0;
2450 
2451  /* Log if we didn't stick to ClientUseIPv4/6 or ClientPreferIPv6OR/DirPort
2452  */
2453  connection_connect_log_client_use_ip_version(conn);
2454 
2455  if (!tor_addr_is_loopback(addr)) {
2456  const tor_addr_t *ext_addr = NULL;
2458  conn->type);
2459  if (ext_addr) {
2460  memset(&bind_addr_ss, 0, sizeof(bind_addr_ss));
2461  bind_addr_len = tor_addr_to_sockaddr(ext_addr, 0,
2462  (struct sockaddr *) &bind_addr_ss,
2463  sizeof(bind_addr_ss));
2464  if (bind_addr_len == 0) {
2465  log_warn(LD_NET,
2466  "Error converting OutboundBindAddress %s into sockaddr. "
2467  "Ignoring.", fmt_and_decorate_addr(ext_addr));
2468  } else {
2469  bind_addr = (struct sockaddr *)&bind_addr_ss;
2470  }
2471  }
2472  }
2473 
2474  memset(&addrbuf,0,sizeof(addrbuf));
2475  dest_addr = (struct sockaddr*) &addrbuf;
2476  dest_addr_len = tor_addr_to_sockaddr(addr, port, dest_addr, sizeof(addrbuf));
2477  tor_assert(dest_addr_len > 0);
2478 
2479  log_debug(LD_NET, "Connecting to %s:%u.",
2480  escaped_safe_str_client(address), port);
2481 
2482  return connection_connect_sockaddr(conn, dest_addr, dest_addr_len,
2483  bind_addr, bind_addr_len, socket_error);
2484 }
2485 
2486 #ifdef HAVE_SYS_UN_H
2487 
2488 /** Take conn, make a nonblocking socket; try to connect to
2489  * an AF_UNIX socket at socket_path. If fail, return -1 and if applicable
2490  * put your best guess about errno into *<b>socket_error</b>. Else assign s
2491  * to conn->s: if connected return 1, if EAGAIN return 0.
2492  *
2493  * On success, add conn to the list of polled connections.
2494  */
2495 int
2496 connection_connect_unix(connection_t *conn, const char *socket_path,
2497  int *socket_error)
2498 {
2499  struct sockaddr_un dest_addr;
2500 
2501  tor_assert(socket_path);
2502 
2503  /* Check that we'll be able to fit it into dest_addr later */
2504  if (strlen(socket_path) + 1 > sizeof(dest_addr.sun_path)) {
2505  log_warn(LD_NET,
2506  "Path %s is too long for an AF_UNIX socket\n",
2507  escaped_safe_str_client(socket_path));
2508  *socket_error = SOCK_ERRNO(ENAMETOOLONG);
2509  return -1;
2510  }
2511 
2512  memset(&dest_addr, 0, sizeof(dest_addr));
2513  dest_addr.sun_family = AF_UNIX;
2514  strlcpy(dest_addr.sun_path, socket_path, sizeof(dest_addr.sun_path));
2515 
2516  log_debug(LD_NET,
2517  "Connecting to AF_UNIX socket at %s.",
2518  escaped_safe_str_client(socket_path));
2519 
2520  return connection_connect_sockaddr(conn,
2521  (struct sockaddr *)&dest_addr, sizeof(dest_addr),
2522  NULL, 0, socket_error);
2523 }
2524 
2525 #endif /* defined(HAVE_SYS_UN_H) */
2526 
2527 /** Convert state number to string representation for logging purposes.
2528  */
2529 static const char *
2531 {
2532  static const char *unknown = "???";
2533  static const char *states[] = {
2534  "PROXY_NONE",
2535  "PROXY_INFANT",
2536  "PROXY_HTTPS_WANT_CONNECT_OK",
2537  "PROXY_SOCKS4_WANT_CONNECT_OK",
2538  "PROXY_SOCKS5_WANT_AUTH_METHOD_NONE",
2539  "PROXY_SOCKS5_WANT_AUTH_METHOD_RFC1929",
2540  "PROXY_SOCKS5_WANT_AUTH_RFC1929_OK",
2541  "PROXY_SOCKS5_WANT_CONNECT_OK",
2542  "PROXY_HAPROXY_WAIT_FOR_FLUSH",
2543  "PROXY_CONNECTED",
2544  };
2545 
2546  CTASSERT(ARRAY_LENGTH(states) == PROXY_CONNECTED+1);
2547 
2548  if (state < PROXY_NONE || state > PROXY_CONNECTED)
2549  return unknown;
2550 
2551  return states[state];
2552 }
2553 
2554 /** Returns the proxy type used by tor for a single connection, for
2555  * logging or high-level purposes. Don't use it to fill the
2556  * <b>proxy_type</b> field of or_connection_t; use the actual proxy
2557  * protocol instead.*/
2558 static int
2560 {
2561  const or_options_t *options = get_options();
2562 
2563  if (options->ClientTransportPlugin) {
2564  /* If we have plugins configured *and* this addr/port is a known bridge
2565  * with a transport, then we should be PROXY_PLUGGABLE. */
2566  const transport_t *transport = NULL;
2567  int r;
2568  r = get_transport_by_bridge_addrport(&conn->addr, conn->port, &transport);
2569  if (r == 0 && transport)
2570  return PROXY_PLUGGABLE;
2571  }
2572 
2573  /* In all other cases, we're using a global proxy. */
2574  if (options->HTTPSProxy)
2575  return PROXY_CONNECT;
2576  else if (options->Socks4Proxy)
2577  return PROXY_SOCKS4;
2578  else if (options->Socks5Proxy)
2579  return PROXY_SOCKS5;
2580  else if (options->TCPProxy) {
2581  /* The only supported protocol in TCPProxy is haproxy. */
2583  return PROXY_HAPROXY;
2584  } else
2585  return PROXY_NONE;
2586 }
2587 
2588 /* One byte for the version, one for the command, two for the
2589  port, and four for the addr... and, one more for the
2590  username NUL: */
2591 #define SOCKS4_STANDARD_BUFFER_SIZE (1 + 1 + 2 + 4 + 1)
2592 
2593 /** Write a proxy request of https to conn for conn->addr:conn->port,
2594  * authenticating with the auth details given in the configuration
2595  * (if available).
2596  *
2597  * Returns -1 if conn->addr is incompatible with the proxy protocol, and
2598  * 0 otherwise.
2599  */
2600 static int
2602 {
2603  tor_assert(conn);
2604 
2605  const or_options_t *options = get_options();
2606  char buf[1024];
2607  char *base64_authenticator = NULL;
2608  const char *authenticator = options->HTTPSProxyAuthenticator;
2609 
2610  /* Send HTTP CONNECT and authentication (if available) in
2611  * one request */
2612 
2613  if (authenticator) {
2614  base64_authenticator = alloc_http_authenticator(authenticator);
2615  if (!base64_authenticator)
2616  log_warn(LD_OR, "Encoding https authenticator failed");
2617  }
2618 
2619  if (base64_authenticator) {
2620  const char *addrport = fmt_addrport(&conn->addr, conn->port);
2621  tor_snprintf(buf, sizeof(buf), "CONNECT %s HTTP/1.1\r\n"
2622  "Host: %s\r\n"
2623  "Proxy-Authorization: Basic %s\r\n\r\n",
2624  addrport,
2625  addrport,
2626  base64_authenticator);
2627  tor_free(base64_authenticator);
2628  } else {
2629  tor_snprintf(buf, sizeof(buf), "CONNECT %s HTTP/1.0\r\n\r\n",
2630  fmt_addrport(&conn->addr, conn->port));
2631  }
2632 
2633  connection_buf_add(buf, strlen(buf), conn);
2634  conn->proxy_state = PROXY_HTTPS_WANT_CONNECT_OK;
2635 
2636  return 0;
2637 }
2638 
2639 /** Write a proxy request of socks4 to conn for conn->addr:conn->port.
2640  *
2641  * Returns -1 if conn->addr is incompatible with the proxy protocol, and
2642  * 0 otherwise.
2643  */
2644 static int
2646 {
2647  tor_assert(conn);
2648 
2649  unsigned char *buf;
2650  uint16_t portn;
2651  uint32_t ip4addr;
2652  size_t buf_size = 0;
2653  char *socks_args_string = NULL;
2654 
2655  /* Send a SOCKS4 connect request */
2656 
2657  if (tor_addr_family(&conn->addr) != AF_INET) {
2658  log_warn(LD_NET, "SOCKS4 client is incompatible with IPv6");
2659  return -1;
2660  }
2661 
2662  { /* If we are here because we are trying to connect to a
2663  pluggable transport proxy, check if we have any SOCKS
2664  arguments to transmit. If we do, compress all arguments to
2665  a single string in 'socks_args_string': */
2666 
2667  if (conn_get_proxy_type(conn) == PROXY_PLUGGABLE) {
2668  socks_args_string =
2670  if (socks_args_string)
2671  log_debug(LD_NET, "Sending out '%s' as our SOCKS argument string.",
2672  socks_args_string);
2673  }
2674  }
2675 
2676  { /* Figure out the buffer size we need for the SOCKS message: */
2677 
2678  buf_size = SOCKS4_STANDARD_BUFFER_SIZE;
2679 
2680  /* If we have a SOCKS argument string, consider its size when
2681  calculating the buffer size: */
2682  if (socks_args_string)
2683  buf_size += strlen(socks_args_string);
2684  }
2685 
2686  buf = tor_malloc_zero(buf_size);
2687 
2688  ip4addr = tor_addr_to_ipv4n(&conn->addr);
2689  portn = htons(conn->port);
2690 
2691  buf[0] = 4; /* version */
2692  buf[1] = SOCKS_COMMAND_CONNECT; /* command */
2693  memcpy(buf + 2, &portn, 2); /* port */
2694  memcpy(buf + 4, &ip4addr, 4); /* addr */
2695 
2696  /* Next packet field is the userid. If we have pluggable
2697  transport SOCKS arguments, we have to embed them
2698  there. Otherwise, we use an empty userid. */
2699  if (socks_args_string) { /* place the SOCKS args string: */
2700  tor_assert(strlen(socks_args_string) > 0);
2701  tor_assert(buf_size >=
2702  SOCKS4_STANDARD_BUFFER_SIZE + strlen(socks_args_string));
2703  strlcpy((char *)buf + 8, socks_args_string, buf_size - 8);
2704  tor_free(socks_args_string);
2705  } else {
2706  buf[8] = 0; /* no userid */
2707  }
2708 
2709  connection_buf_add((char *)buf, buf_size, conn);
2710  tor_free(buf);
2711 
2712  conn->proxy_state = PROXY_SOCKS4_WANT_CONNECT_OK;
2713  return 0;
2714 }
2715 
2716 /** Write a proxy request of socks5 to conn for conn->addr:conn->port,
2717  * authenticating with the auth details given in the configuration
2718  * (if available).
2719  *
2720  * Returns -1 if conn->addr is incompatible with the proxy protocol, and
2721  * 0 otherwise.
2722  */
2723 static int
2725 {
2726  tor_assert(conn);
2727 
2728  const or_options_t *options = get_options();
2729  unsigned char buf[4]; /* fields: vers, num methods, method list */
2730 
2731  /* Send a SOCKS5 greeting (connect request must wait) */
2732 
2733  buf[0] = 5; /* version */
2734 
2735  /* We have to use SOCKS5 authentication, if we have a
2736  Socks5ProxyUsername or if we want to pass arguments to our
2737  pluggable transport proxy: */
2738  if ((options->Socks5ProxyUsername) ||
2739  (conn_get_proxy_type(conn) == PROXY_PLUGGABLE &&
2740  (get_socks_args_by_bridge_addrport(&conn->addr, conn->port)))) {
2741  /* number of auth methods */
2742  buf[1] = 2;
2743  buf[2] = 0x00; /* no authentication */
2744  buf[3] = 0x02; /* rfc1929 Username/Passwd auth */
2745  conn->proxy_state = PROXY_SOCKS5_WANT_AUTH_METHOD_RFC1929;
2746  } else {
2747  buf[1] = 1;
2748  buf[2] = 0x00; /* no authentication */
2749  conn->proxy_state = PROXY_SOCKS5_WANT_AUTH_METHOD_NONE;
2750  }
2751 
2752  connection_buf_add((char *)buf, 2 + buf[1], conn);
2753  return 0;
2754 }
2755 
2756 /** Write a proxy request of haproxy to conn for conn->addr:conn->port.
2757  *
2758  * Returns -1 if conn->addr is incompatible with the proxy protocol, and
2759  * 0 otherwise.
2760  */
2761 static int
2763 {
2764  int ret = 0;
2765  tor_addr_port_t *addr_port = tor_addr_port_new(&conn->addr, conn->port);
2766  char *buf = haproxy_format_proxy_header_line(addr_port);
2767 
2768  if (buf == NULL) {
2769  ret = -1;
2770  goto done;
2771  }
2772 
2773  connection_buf_add(buf, strlen(buf), conn);
2774  /* In haproxy, we don't have to wait for the response, but we wait for ack.
2775  * So we can set the state to be PROXY_HAPROXY_WAIT_FOR_FLUSH. */
2776  conn->proxy_state = PROXY_HAPROXY_WAIT_FOR_FLUSH;
2777 
2778  ret = 0;
2779  done:
2780  tor_free(buf);
2781  tor_free(addr_port);
2782  return ret;
2783 }
2784 
2785 /** Write a proxy request of <b>type</b> (socks4, socks5, https, haproxy)
2786  * to conn for conn->addr:conn->port, authenticating with the auth details
2787  * given in the configuration (if available). SOCKS 5 and HTTP CONNECT
2788  * proxies support authentication.
2789  *
2790  * Returns -1 if conn->addr is incompatible with the proxy protocol, and
2791  * 0 otherwise.
2792  *
2793  * Use connection_read_proxy_handshake() to complete the handshake.
2794  */
2795 int
2797 {
2798  int ret = 0;
2799 
2800  tor_assert(conn);
2801 
2802  switch (type) {
2803  case PROXY_CONNECT:
2804  ret = connection_https_proxy_connect(conn);
2805  break;
2806 
2807  case PROXY_SOCKS4:
2808  ret = connection_socks4_proxy_connect(conn);
2809  break;
2810 
2811  case PROXY_SOCKS5:
2812  ret = connection_socks5_proxy_connect(conn);
2813  break;
2814 
2815  case PROXY_HAPROXY:
2817  break;
2818 
2819  default:
2820  log_err(LD_BUG, "Invalid proxy protocol, %d", type);
2822  ret = -1;
2823  break;
2824  }
2825 
2826  if (ret == 0) {
2827  log_debug(LD_NET, "set state %s",
2829  }
2830 
2831  return ret;
2832 }
2833 
2834 /** Read conn's inbuf. If the http response from the proxy is all
2835  * here, make sure it's good news, then return 1. If it's bad news,
2836  * return -1. Else return 0 and hope for better luck next time.
2837  */
2838 static int
2840 {
2841  char *headers;
2842  char *reason=NULL;
2843  int status_code;
2844  time_t date_header;
2845 
2846  switch (fetch_from_buf_http(conn->inbuf,
2847  &headers, MAX_HEADERS_SIZE,
2848  NULL, NULL, 10000, 0)) {
2849  case -1: /* overflow */
2850  log_warn(LD_PROTOCOL,
2851  "Your https proxy sent back an oversized response. Closing.");
2852  return -1;
2853  case 0:
2854  log_info(LD_NET,"https proxy response not all here yet. Waiting.");
2855  return 0;
2856  /* case 1, fall through */
2857  }
2858 
2859  if (parse_http_response(headers, &status_code, &date_header,
2860  NULL, &reason) < 0) {
2861  log_warn(LD_NET,
2862  "Unparseable headers from proxy (%s). Closing.",
2863  connection_describe(conn));
2864  tor_free(headers);
2865  return -1;
2866  }
2867  tor_free(headers);
2868  if (!reason) reason = tor_strdup("[no reason given]");
2869 
2870  if (status_code == 200) {
2871  log_info(LD_NET,
2872  "HTTPS connect for %s successful! (200 %s) Starting TLS.",
2873  connection_describe(conn), escaped(reason));
2874  tor_free(reason);
2875  return 1;
2876  }
2877  /* else, bad news on the status code */
2878  switch (status_code) {
2879  case 403:
2880  log_warn(LD_NET,
2881  "The https proxy refused to allow connection to %s "
2882  "(status code %d, %s). Closing.",
2883  conn->address, status_code, escaped(reason));
2884  break;
2885  default:
2886  log_warn(LD_NET,
2887  "The https proxy sent back an unexpected status code %d (%s). "
2888  "Closing.",
2889  status_code, escaped(reason));
2890  break;
2891  }
2892  tor_free(reason);
2893  return -1;
2894 }
2895 
2896 /** Send SOCKS5 CONNECT command to <b>conn</b>, copying <b>conn->addr</b>
2897  * and <b>conn->port</b> into the request.
2898  */
2899 static void
2901 {
2902  unsigned char buf[1024];
2903  size_t reqsize = 6;
2904  uint16_t port = htons(conn->port);
2905 
2906  buf[0] = 5; /* version */
2907  buf[1] = SOCKS_COMMAND_CONNECT; /* command */
2908  buf[2] = 0; /* reserved */
2909 
2910  if (tor_addr_family(&conn->addr) == AF_INET) {
2911  uint32_t addr = tor_addr_to_ipv4n(&conn->addr);
2912 
2913  buf[3] = 1;
2914  reqsize += 4;
2915  memcpy(buf + 4, &addr, 4);
2916  memcpy(buf + 8, &port, 2);
2917  } else { /* AF_INET6 */
2918  buf[3] = 4;
2919  reqsize += 16;
2920  memcpy(buf + 4, tor_addr_to_in6_addr8(&conn->addr), 16);
2921  memcpy(buf + 20, &port, 2);
2922  }
2923 
2924  connection_buf_add((char *)buf, reqsize, conn);
2925 
2926  conn->proxy_state = PROXY_SOCKS5_WANT_CONNECT_OK;
2927 }
2928 
2929 /** Wrapper around fetch_from_buf_socks_client: see that functions
2930  * for documentation of its behavior. */
2931 static int
2933  int state, char **reason)
2934 {
2935  return fetch_from_buf_socks_client(conn->inbuf, state, reason);
2936 }
2937 
2938 /** Call this from connection_*_process_inbuf() to advance the proxy
2939  * handshake.
2940  *
2941  * No matter what proxy protocol is used, if this function returns 1, the
2942  * handshake is complete, and the data remaining on inbuf may contain the
2943  * start of the communication with the requested server.
2944  *
2945  * Returns 0 if the current buffer contains an incomplete response, and -1
2946  * on error.
2947  */
2948 int
2950 {
2951  int ret = 0;
2952  char *reason = NULL;
2953 
2954  log_debug(LD_NET, "enter state %s",
2956 
2957  switch (conn->proxy_state) {
2958  case PROXY_HTTPS_WANT_CONNECT_OK:
2960  if (ret == 1)
2961  conn->proxy_state = PROXY_CONNECTED;
2962  break;
2963 
2964  case PROXY_SOCKS4_WANT_CONNECT_OK:
2966  conn->proxy_state,
2967  &reason);
2968  if (ret == 1)
2969  conn->proxy_state = PROXY_CONNECTED;
2970  break;
2971 
2972  case PROXY_SOCKS5_WANT_AUTH_METHOD_NONE:
2974  conn->proxy_state,
2975  &reason);
2976  /* no auth needed, do connect */
2977  if (ret == 1) {
2979  ret = 0;
2980  }
2981  break;
2982 
2983  case PROXY_SOCKS5_WANT_AUTH_METHOD_RFC1929:
2985  conn->proxy_state,
2986  &reason);
2987 
2988  /* send auth if needed, otherwise do connect */
2989  if (ret == 1) {
2991  ret = 0;
2992  } else if (ret == 2) {
2993  unsigned char buf[1024];
2994  size_t reqsize, usize, psize;
2995  const char *user, *pass;
2996  char *socks_args_string = NULL;
2997 
2998  if (conn_get_proxy_type(conn) == PROXY_PLUGGABLE) {
2999  socks_args_string =
3001  if (!socks_args_string) {
3002  log_warn(LD_NET, "Could not create SOCKS args string for PT.");
3003  ret = -1;
3004  break;
3005  }
3006 
3007  log_debug(LD_NET, "PT SOCKS5 arguments: %s", socks_args_string);
3008  tor_assert(strlen(socks_args_string) > 0);
3009  tor_assert(strlen(socks_args_string) <= MAX_SOCKS5_AUTH_SIZE_TOTAL);
3010 
3011  if (strlen(socks_args_string) > MAX_SOCKS5_AUTH_FIELD_SIZE) {
3012  user = socks_args_string;
3014  pass = socks_args_string + MAX_SOCKS5_AUTH_FIELD_SIZE;
3015  psize = strlen(socks_args_string) - MAX_SOCKS5_AUTH_FIELD_SIZE;
3016  } else {
3017  user = socks_args_string;
3018  usize = strlen(socks_args_string);
3019  pass = "\0";
3020  psize = 1;
3021  }
3022  } else if (get_options()->Socks5ProxyUsername) {
3023  user = get_options()->Socks5ProxyUsername;
3024  pass = get_options()->Socks5ProxyPassword;
3025  tor_assert(user && pass);
3026  usize = strlen(user);
3027  psize = strlen(pass);
3028  } else {
3029  log_err(LD_BUG, "We entered %s for no reason!", __func__);
3031  ret = -1;
3032  break;
3033  }
3034 
3035  /* Username and password lengths should have been checked
3036  above and during torrc parsing. */
3038  psize <= MAX_SOCKS5_AUTH_FIELD_SIZE);
3039  reqsize = 3 + usize + psize;
3040 
3041  buf[0] = 1; /* negotiation version */
3042  buf[1] = usize;
3043  memcpy(buf + 2, user, usize);
3044  buf[2 + usize] = psize;
3045  memcpy(buf + 3 + usize, pass, psize);
3046 
3047  if (socks_args_string)
3048  tor_free(socks_args_string);
3049 
3050  connection_buf_add((char *)buf, reqsize, conn);
3051 
3052  conn->proxy_state = PROXY_SOCKS5_WANT_AUTH_RFC1929_OK;
3053  ret = 0;
3054  }
3055  break;
3056 
3057  case PROXY_SOCKS5_WANT_AUTH_RFC1929_OK:
3059  conn->proxy_state,
3060  &reason);
3061  /* send the connect request */
3062  if (ret == 1) {
3064  ret = 0;
3065  }
3066  break;
3067 
3068  case PROXY_SOCKS5_WANT_CONNECT_OK:
3070  conn->proxy_state,
3071  &reason);
3072  if (ret == 1)
3073  conn->proxy_state = PROXY_CONNECTED;
3074  break;
3075 
3076  default:
3077  log_err(LD_BUG, "Invalid proxy_state for reading, %d",
3078  conn->proxy_state);
3080  ret = -1;
3081  break;
3082  }
3083 
3084  log_debug(LD_NET, "leaving state %s",
3086 
3087  if (ret < 0) {
3088  if (reason) {
3089  log_warn(LD_NET, "Proxy Client: unable to connect %s (%s)",
3090  connection_describe(conn), escaped(reason));
3091  tor_free(reason);
3092  } else {
3093  log_warn(LD_NET, "Proxy Client: unable to connect %s",
3094  connection_describe(conn));
3095  }
3096  } else if (ret == 1) {
3097  log_info(LD_NET, "Proxy Client: %s successful",
3098  connection_describe(conn));
3099  }
3100 
3101  return ret;
3102 }
3103 
3104 /** Given a list of listener connections in <b>old_conns</b>, and list of
3105  * port_cfg_t entries in <b>ports</b>, open a new listener for every port in
3106  * <b>ports</b> that does not already have a listener in <b>old_conns</b>.
3107  *
3108  * Remove from <b>old_conns</b> every connection that has a corresponding
3109  * entry in <b>ports</b>. Add to <b>new_conns</b> new every connection we
3110  * launch. If we may need to perform socket rebind when creating new
3111  * listener that replaces old one, create a <b>listener_replacement_t</b>
3112  * struct for affected pair and add it to <b>replacements</b>.
3113  *
3114  * If <b>control_listeners_only</b> is true, then we only open control
3115  * listeners, and we do not remove any noncontrol listeners from
3116  * old_conns.
3117  *
3118  * Return 0 on success, -1 on failure.
3119  **/
3120 static int
3122  const smartlist_t *ports,
3123  smartlist_t *new_conns,
3124  smartlist_t *replacements,
3125  int control_listeners_only)
3126 {
3127 #ifndef ENABLE_LISTENER_REBIND
3128  (void)replacements;
3129 #endif
3130 
3131  smartlist_t *launch = smartlist_new();
3132  int r = 0;
3133 
3134  if (control_listeners_only) {
3135  SMARTLIST_FOREACH(ports, port_cfg_t *, p, {
3136  if (p->type == CONN_TYPE_CONTROL_LISTENER)
3137  smartlist_add(launch, p);
3138  });
3139  } else {
3140  smartlist_add_all(launch, ports);
3141  }
3142 
3143  /* Iterate through old_conns, comparing it to launch: remove from both lists
3144  * each pair of elements that corresponds to the same port. */
3145  SMARTLIST_FOREACH_BEGIN(old_conns, connection_t *, conn) {
3146  const port_cfg_t *found_port = NULL;
3147 
3148  /* Okay, so this is a listener. Is it configured? */
3149  /* That is, is it either: 1) exact match - address and port
3150  * pair match exactly between old listener and new port; or 2)
3151  * wildcard match - port matches exactly, but *one* of the
3152  * addresses is wildcard (0.0.0.0 or ::)?
3153  */
3154  SMARTLIST_FOREACH_BEGIN(launch, const port_cfg_t *, wanted) {
3155  if (conn->type != wanted->type)
3156  continue;
3157  if ((conn->socket_family != AF_UNIX && wanted->is_unix_addr) ||
3158  (conn->socket_family == AF_UNIX && ! wanted->is_unix_addr))
3159  continue;
3160 
3161  if (wanted->server_cfg.no_listen)
3162  continue; /* We don't want to open a listener for this one */
3163 
3164  if (wanted->is_unix_addr) {
3165  if (conn->socket_family == AF_UNIX &&
3166  !strcmp(wanted->unix_addr, conn->address)) {
3167  found_port = wanted;
3168  break;
3169  }
3170  } else {
3171  /* Numeric values of old and new port match exactly. */
3172  const int port_matches_exact = (wanted->port == conn->port);
3173  /* Ports match semantically - either their specific values
3174  match exactly, or new port is 'auto'.
3175  */
3176  const int port_matches = (wanted->port == CFG_AUTO_PORT ||
3177  port_matches_exact);
3178 
3179  if (port_matches && tor_addr_eq(&wanted->addr, &conn->addr)) {
3180  found_port = wanted;
3181  break;
3182  }
3183 #ifdef ENABLE_LISTENER_REBIND
3184  /* Rebinding may be needed if all of the following are true:
3185  * 1) Address family is the same in old and new listeners.
3186  * 2) Port number matches exactly (numeric value is the same).
3187  * 3) *One* of listeners (either old one or new one) has a
3188  * wildcard IP address (0.0.0.0 or [::]).
3189  *
3190  * These are the exact conditions for a first bind() syscall
3191  * to fail with EADDRINUSE.
3192  */
3193  const int may_need_rebind =
3194  tor_addr_family(&wanted->addr) == tor_addr_family(&conn->addr) &&
3195  port_matches_exact && bool_neq(tor_addr_is_null(&wanted->addr),
3196  tor_addr_is_null(&conn->addr));
3197  if (replacements && may_need_rebind) {
3198  listener_replacement_t *replacement =
3199  tor_malloc(sizeof(listener_replacement_t));
3200 
3201  replacement->old_conn = conn;
3202  replacement->new_port = wanted;
3203  smartlist_add(replacements, replacement);
3204 
3205  SMARTLIST_DEL_CURRENT(launch, wanted);
3206  SMARTLIST_DEL_CURRENT(old_conns, conn);
3207  break;
3208  }
3209 #endif /* defined(ENABLE_LISTENER_REBIND) */
3210  }
3211  } SMARTLIST_FOREACH_END(wanted);
3212 
3213  if (found_port) {
3214  /* This listener is already running; we don't need to launch it. */
3215  //log_debug(LD_NET, "Already have %s on %s:%d",
3216  // conn_type_to_string(found_port->type), conn->address, conn->port);
3217  smartlist_remove(launch, found_port);
3218  /* And we can remove the connection from old_conns too. */
3219  SMARTLIST_DEL_CURRENT(old_conns, conn);
3220  }
3221  } SMARTLIST_FOREACH_END(conn);
3222 
3223  /* Now open all the listeners that are configured but not opened. */
3224  SMARTLIST_FOREACH_BEGIN(launch, const port_cfg_t *, port) {
3225  int skip = 0;
3226  connection_t *conn = connection_listener_new_for_port(port, &skip, NULL);
3227 
3228  if (conn && new_conns)
3229  smartlist_add(new_conns, conn);
3230  else if (!skip)
3231  r = -1;
3232  } SMARTLIST_FOREACH_END(port);
3233 
3234  smartlist_free(launch);
3235 
3236  return r;
3237 }
3238 
3239 /** Launch listeners for each port you should have open. Only launch
3240  * listeners who are not already open, and only close listeners we no longer
3241  * want.
3242  *
3243  * Add all new connections to <b>new_conns</b>.
3244  *
3245  * If <b>close_all_noncontrol</b> is true, then we only open control
3246  * listeners, and we close all other listeners.
3247  */
3248 int
3249 retry_all_listeners(smartlist_t *new_conns, int close_all_noncontrol)
3250 {
3251  smartlist_t *listeners = smartlist_new();
3252  smartlist_t *replacements = smartlist_new();
3253  const or_options_t *options = get_options();
3254  int retval = 0;
3255  const uint16_t old_or_port = routerconf_find_or_port(options, AF_INET);
3256  const uint16_t old_or_port_ipv6 =
3257  routerconf_find_or_port(options,AF_INET6);
3258  const uint16_t old_dir_port = routerconf_find_dir_port(options, 0);
3259 
3261  if (connection_is_listener(conn) && !conn->marked_for_close)
3262  smartlist_add(listeners, conn);
3263  } SMARTLIST_FOREACH_END(conn);
3264 
3265  if (retry_listener_ports(listeners,
3267  new_conns,
3268  replacements,
3269  close_all_noncontrol) < 0)
3270  retval = -1;
3271 
3272 #ifdef ENABLE_LISTENER_REBIND
3273  if (smartlist_len(replacements))
3274  log_debug(LD_NET, "%d replacements - starting rebinding loop.",
3275  smartlist_len(replacements));
3276 
3277  SMARTLIST_FOREACH_BEGIN(replacements, listener_replacement_t *, r) {
3278  int addr_in_use = 0;
3279  int skip = 0;
3280 
3281  tor_assert(r->new_port);
3282  tor_assert(r->old_conn);
3283 
3284  connection_t *new_conn =
3285  connection_listener_new_for_port(r->new_port, &skip, &addr_in_use);
3286  connection_t *old_conn = r->old_conn;
3287 
3288  if (skip) {
3289  log_debug(LD_NET, "Skipping creating new listener for %s",
3290  connection_describe(old_conn));
3291  continue;
3292  }
3293 
3294  connection_close_immediate(old_conn);
3295  connection_mark_for_close(old_conn);
3296 
3297  if (addr_in_use) {
3298  new_conn = connection_listener_new_for_port(r->new_port,
3299  &skip, &addr_in_use);
3300  }
3301 
3302  /* There are many reasons why we can't open a new listener port so in case
3303  * we hit those, bail early so tor can stop. */
3304  if (!new_conn) {
3305  log_warn(LD_NET, "Unable to create listener port: %s:%d",
3306  fmt_and_decorate_addr(&r->new_port->addr), r->new_port->port);
3307  retval = -1;
3308  break;
3309  }
3310 
3311  smartlist_add(new_conns, new_conn);
3312 
3313  char *old_desc = tor_strdup(connection_describe(old_conn));
3314  log_notice(LD_NET, "Closed no-longer-configured %s "
3315  "(replaced by %s)",
3316  old_desc, connection_describe(new_conn));
3317  tor_free(old_desc);
3318  } SMARTLIST_FOREACH_END(r);
3319 #endif /* defined(ENABLE_LISTENER_REBIND) */
3320 
3321  /* Any members that were still in 'listeners' don't correspond to
3322  * any configured port. Kill 'em. */
3323  SMARTLIST_FOREACH_BEGIN(listeners, connection_t *, conn) {
3324  log_notice(LD_NET, "Closing no-longer-configured %s on %s:%d",
3325  conn_type_to_string(conn->type),
3326  fmt_and_decorate_addr(&conn->addr), conn->port);
3328  connection_mark_for_close(conn);
3329  } SMARTLIST_FOREACH_END(conn);
3330 
3331  smartlist_free(listeners);
3332  /* Cleanup any remaining listener replacement. */
3333  SMARTLIST_FOREACH(replacements, listener_replacement_t *, r, tor_free(r));
3334  smartlist_free(replacements);
3335 
3336  if (old_or_port != routerconf_find_or_port(options, AF_INET) ||
3337  old_or_port_ipv6 != routerconf_find_or_port(options, AF_INET6) ||
3338  old_dir_port != routerconf_find_dir_port(options, 0)) {
3339  /* Our chosen ORPort or DirPort is not what it used to be: the
3340  * descriptor we had (if any) should be regenerated. (We won't
3341  * automatically notice this because of changes in the option,
3342  * since the value could be "auto".) */
3343  mark_my_descriptor_dirty("Chosen Or/DirPort changed");
3344  }
3345 
3346  return retval;
3347 }
3348 
3349 /** Mark every listener of type other than CONTROL_LISTENER to be closed. */
3350 void
3352 {
3354  if (conn->marked_for_close)
3355  continue;
3356  if (conn->type == CONN_TYPE_CONTROL_LISTENER)
3357  continue;
3358  if (connection_is_listener(conn))
3359  connection_mark_for_close(conn);
3360  } SMARTLIST_FOREACH_END(conn);
3361 }
3362 
3363 /** Mark every external connection not used for controllers for close. */
3364 void
3366 {
3368  if (conn->marked_for_close)
3369  continue;
3370  switch (conn->type) {
3372  case CONN_TYPE_CONTROL:
3373  break;
3374  case CONN_TYPE_AP:
3375  connection_mark_unattached_ap(TO_ENTRY_CONN(conn),
3376  END_STREAM_REASON_HIBERNATING);
3377  break;
3378  case CONN_TYPE_OR:
3379  {
3380  or_connection_t *orconn = TO_OR_CONN(conn);
3381  if (orconn->chan) {
3382  connection_or_close_normally(orconn, 0);
3383  } else {
3384  /*
3385  * There should have been one, but mark for close and hope
3386  * for the best..
3387  */
3388  connection_mark_for_close(conn);
3389  }
3390  }
3391  break;
3392  default:
3393  connection_mark_for_close(conn);
3394  break;
3395  }
3396  } SMARTLIST_FOREACH_END(conn);
3397 }
3398 
3399 /** Return 1 if we should apply rate limiting to <b>conn</b>, and 0
3400  * otherwise.
3401  * Right now this just checks if it's an internal IP address or an
3402  * internal connection. We also should, but don't, check if the connection
3403  * uses pluggable transports, since we should then limit it even if it
3404  * comes from an internal IP address. */
3405 static int
3407 {
3408  const or_options_t *options = get_options();
3409  if (conn->linked)
3410  return 0; /* Internal connection */
3411  else if (! options->CountPrivateBandwidth &&
3412  ! conn->always_rate_limit_as_remote &&
3413  (tor_addr_family(&conn->addr) == AF_UNSPEC || /* no address */
3414  tor_addr_family(&conn->addr) == AF_UNIX || /* no address */
3415  tor_addr_is_internal(&conn->addr, 0)))
3416  return 0; /* Internal address */
3417  else
3418  return 1;
3419 }
3420 
3421 /** When was either global write bucket last empty? If this was recent, then
3422  * we're probably low on bandwidth, and we should be stingy with our bandwidth
3423  * usage. */
3424 static time_t write_buckets_last_empty_at = -100;
3425 
3426 /** How many seconds of no active local circuits will make the
3427  * connection revert to the "relayed" bandwidth class? */
3428 #define CLIENT_IDLE_TIME_FOR_PRIORITY 30
3429 
3430 /** Return 1 if <b>conn</b> should use tokens from the "relayed"
3431  * bandwidth rates, else 0. Currently, only OR conns with bandwidth
3432  * class 1, and directory conns that are serving data out, count.
3433  */
3434 static int
3436 {
3437  if (conn->type == CONN_TYPE_OR &&
3440  return 1;
3441  if (conn->type == CONN_TYPE_DIR && DIR_CONN_IS_SERVER(conn))
3442  return 1;
3443  return 0;
3444 }
3445 
3446 /** Helper function to decide how many bytes out of <b>global_bucket</b>
3447  * we're willing to use for this transaction. <b>base</b> is the size
3448  * of a cell on the network; <b>priority</b> says whether we should
3449  * write many of them or just a few; and <b>conn_bucket</b> (if
3450  * non-negative) provides an upper limit for our answer. */
3451 static ssize_t
3452 connection_bucket_get_share(int base, int priority,
3453  ssize_t global_bucket_val, ssize_t conn_bucket)
3454 {
3455  ssize_t at_most;
3456  ssize_t num_bytes_high = (priority ? 32 : 16) * base;
3457  ssize_t num_bytes_low = (priority ? 4 : 2) * base;
3458 
3459  /* Do a rudimentary limiting so one circuit can't hog a connection.
3460  * Pick at most 32 cells, at least 4 cells if possible, and if we're in
3461  * the middle pick 1/8 of the available bandwidth. */
3462  at_most = global_bucket_val / 8;
3463  at_most -= (at_most % base); /* round down */
3464  if (at_most > num_bytes_high) /* 16 KB, or 8 KB for low-priority */
3465  at_most = num_bytes_high;
3466  else if (at_most < num_bytes_low) /* 2 KB, or 1 KB for low-priority */
3467  at_most = num_bytes_low;
3468 
3469  if (at_most > global_bucket_val)
3470  at_most = global_bucket_val;
3471 
3472  if (conn_bucket >= 0 && at_most > conn_bucket)
3473  at_most = conn_bucket;
3474 
3475  if (at_most < 0)
3476  return 0;
3477  return at_most;
3478 }
3479 
3480 /** How many bytes at most can we read onto this connection? */
3481 static ssize_t
3483 {
3484  int base = RELAY_PAYLOAD_SIZE;
3485  int priority = conn->type != CONN_TYPE_DIR;
3486  ssize_t conn_bucket = -1;
3487  size_t global_bucket_val = token_bucket_rw_get_read(&global_bucket);
3488  if (global_bucket_val == 0) {
3489  /* We reached our global read limit: count this as an overload.
3490  *
3491  * The token bucket is always initialized (see connection_bucket_init() and
3492  * options_validate_relay_bandwidth()) and hence we can assume that if the
3493  * token ever hits zero, it's a limit that got popped and not the bucket
3494  * being uninitialized.
3495  */
3496  rep_hist_note_overload(OVERLOAD_READ);
3497  }
3498 
3499  if (connection_speaks_cells(conn)) {
3500  or_connection_t *or_conn = TO_OR_CONN(conn);
3501  if (conn->state == OR_CONN_STATE_OPEN)
3502  conn_bucket = token_bucket_rw_get_read(&or_conn->bucket);
3503  base = get_cell_network_size(or_conn->wide_circ_ids);
3504  }
3505 
3506  /* Edge connection have their own read bucket due to flow control being able
3507  * to set a rate limit for them. However, for exit connections, we still need
3508  * to honor the global bucket as well. */
3509  if (CONN_IS_EDGE(conn)) {
3510  const edge_connection_t *edge_conn = CONST_TO_EDGE_CONN(conn);
3511  conn_bucket = token_bucket_rw_get_read(&edge_conn->bucket);
3512  if (conn->type == CONN_TYPE_EXIT) {
3513  /* Decide between our limit and the global one. */
3514  goto end;
3515  }
3516  return conn_bucket;
3517  }
3518 
3519  if (!connection_is_rate_limited(conn)) {
3520  /* be willing to read on local conns even if our buckets are empty */
3521  return conn_bucket>=0 ? conn_bucket : 1<<14;
3522  }
3523 
3524  if (connection_counts_as_relayed_traffic(conn, now)) {
3525  size_t relayed = token_bucket_rw_get_read(&global_relayed_bucket);
3526  global_bucket_val = MIN(global_bucket_val, relayed);
3527  }
3528 
3529  end:
3530  return connection_bucket_get_share(base, priority,
3531  global_bucket_val, conn_bucket);
3532 }
3533 
3534 /** How many bytes at most can we write onto this connection? */
3535 ssize_t
3537 {
3538  int base = RELAY_PAYLOAD_SIZE;
3539  int priority = conn->type != CONN_TYPE_DIR;
3540  size_t conn_bucket = buf_datalen(conn->outbuf);
3541  size_t global_bucket_val = token_bucket_rw_get_write(&global_bucket);
3542  if (global_bucket_val == 0) {
3543  /* We reached our global write limit: We should count this as an overload.
3544  * See above function for more information */
3545  rep_hist_note_overload(OVERLOAD_WRITE);
3546  }
3547 
3548  if (!connection_is_rate_limited(conn)) {
3549  /* be willing to write to local conns even if our buckets are empty */
3550  return conn_bucket;
3551  }
3552 
3553  if (connection_speaks_cells(conn)) {
3554  /* use the per-conn write limit if it's lower */
3555  or_connection_t *or_conn = TO_OR_CONN(conn);
3556  if (conn->state == OR_CONN_STATE_OPEN)
3557  conn_bucket = MIN(conn_bucket,
3558  token_bucket_rw_get_write(&or_conn->bucket));
3559  base = get_cell_network_size(or_conn->wide_circ_ids);
3560  }
3561 
3562  if (connection_counts_as_relayed_traffic(conn, now)) {
3563  size_t relayed = token_bucket_rw_get_write(&global_relayed_bucket);
3564  global_bucket_val = MIN(global_bucket_val, relayed);
3565  }
3566 
3567  return connection_bucket_get_share(base, priority,
3568  global_bucket_val, conn_bucket);
3569 }
3570 
3571 /** Return true iff the global write buckets are low enough that we
3572  * shouldn't send <b>attempt</b> bytes of low-priority directory stuff
3573  * out to <b>conn</b>.
3574  *
3575  * If we are a directory authority, always answer dir requests thus true is
3576  * always returned.
3577  *
3578  * Note: There are a lot of parameters we could use here:
3579  * - global_relayed_write_bucket. Low is bad.
3580  * - global_write_bucket. Low is bad.
3581  * - bandwidthrate. Low is bad.
3582  * - bandwidthburst. Not a big factor?
3583  * - attempt. High is bad.
3584  * - total bytes queued on outbufs. High is bad. But I'm wary of
3585  * using this, since a few slow-flushing queues will pump up the
3586  * number without meaning what we meant to mean. What we really
3587  * mean is "total directory bytes added to outbufs recently", but
3588  * that's harder to quantify and harder to keep track of.
3589  */
3590 bool
3592 {
3593  size_t smaller_bucket =
3594  MIN(token_bucket_rw_get_write(&global_bucket),
3595  token_bucket_rw_get_write(&global_relayed_bucket));
3596 
3597  /* Special case for authorities (directory only). */
3598  if (authdir_mode_v3(get_options())) {
3599  /* Are we configured to possibly reject requests under load? */
3601  /* Answer request no matter what. */
3602  return false;
3603  }
3604  /* Always answer requests from a known relay which includes the other
3605  * authorities. The following looks up the addresses for relays that we
3606  * have their descriptor _and_ any configured trusted directories. */
3608  return false;
3609  }
3610  }
3611 
3612  if (!connection_is_rate_limited(conn))
3613  return false; /* local conns don't get limited */
3614 
3615  if (smaller_bucket < attempt)
3616  return true; /* not enough space. */
3617 
3618  {
3619  const time_t diff = approx_time() - write_buckets_last_empty_at;
3620  if (diff <= 1)
3621  return true; /* we're already hitting our limits, no more please */
3622  }
3623  return false;
3624 }
3625 
3626 /** When did we last tell the accounting subsystem about transmitted
3627  * bandwidth? */
3629 
3630 /** Helper: adjusts our bandwidth history and informs the controller as
3631  * appropriate, given that we have just read <b>num_read</b> bytes and written
3632  * <b>num_written</b> bytes on <b>conn</b>. */
3633 static void
3635  time_t now, size_t num_read, size_t num_written)
3636 {
3637  /* Count bytes of answering direct and tunneled directory requests */
3638  if (conn->type == CONN_TYPE_DIR && conn->purpose == DIR_PURPOSE_SERVER) {
3639  if (num_read > 0)
3640  bwhist_note_dir_bytes_read(num_read, now);
3641  if (num_written > 0)
3642  bwhist_note_dir_bytes_written(num_written, now);
3643  }
3644 
3645  /* Linked connections and internal IPs aren't counted for statistics or
3646  * accounting:
3647  * - counting linked connections would double-count BEGINDIR bytes, because
3648  * they are sent as Dir bytes on the linked connection, and OR bytes on
3649  * the OR connection;
3650  * - relays and clients don't connect to internal IPs, unless specifically
3651  * configured to do so. If they are configured that way, we don't count
3652  * internal bytes.
3653  */
3654  if (!connection_is_rate_limited(conn))
3655  return;
3656 
3657  const bool is_ipv6 = (conn->socket_family == AF_INET6);
3658  if (conn->type == CONN_TYPE_OR)
3660  num_written, now, is_ipv6);
3661 
3662  if (num_read > 0) {
3663  bwhist_note_bytes_read(num_read, now, is_ipv6);
3664  }
3665  if (num_written > 0) {
3666  bwhist_note_bytes_written(num_written, now, is_ipv6);
3667  }
3668  if (conn->type == CONN_TYPE_EXIT)
3669  rep_hist_note_exit_bytes(conn->port, num_written, num_read);
3670 
3671  /* Remember these bytes towards statistics. */
3672  stats_increment_bytes_read_and_written(num_read, num_written);
3673 
3674  /* Remember these bytes towards accounting. */
3677  accounting_add_bytes(num_read, num_written,
3678  (int)(now - last_recorded_accounting_at));
3679  } else {
3680  accounting_add_bytes(num_read, num_written, 0);
3681  }
3683  }
3684 }
3685 
3686 /** We just read <b>num_read</b> and wrote <b>num_written</b> bytes
3687  * onto <b>conn</b>. Decrement buckets appropriately. */
3688 static void
3690  size_t num_read, size_t num_written)
3691 {
3692  if (num_written >= INT_MAX || num_read >= INT_MAX) {
3693  log_err(LD_BUG, "Value out of range. num_read=%lu, num_written=%lu, "
3694  "connection type=%s, state=%s",
3695  (unsigned long)num_read, (unsigned long)num_written,
3696  conn_type_to_string(conn->type),
3697  conn_state_to_string(conn->type, conn->state));
3699  if (num_written >= INT_MAX)
3700  num_written = 1;
3701  if (num_read >= INT_MAX)
3702  num_read = 1;
3703  }
3704 
3705  record_num_bytes_transferred_impl(conn, now, num_read, num_written);
3706 
3707  /* Edge connection need to decrement the read side of the bucket used by our
3708  * congestion control. */
3709  if (CONN_IS_EDGE(conn) && num_read > 0) {
3710  edge_connection_t *edge_conn = TO_EDGE_CONN(conn);
3711  token_bucket_rw_dec(&edge_conn->bucket, num_read, 0);
3712  }
3713 
3714  if (!connection_is_rate_limited(conn))
3715  return; /* local IPs are free */
3716 
3717  unsigned flags = 0;
3718  if (connection_counts_as_relayed_traffic(conn, now)) {
3719  flags = token_bucket_rw_dec(&global_relayed_bucket, num_read, num_written);
3720  }
3721  flags |= token_bucket_rw_dec(&global_bucket, num_read, num_written);
3722 
3723  if (flags & TB_WRITE) {
3725  }
3726  if (connection_speaks_cells(conn) && conn->state == OR_CONN_STATE_OPEN) {
3727  or_connection_t *or_conn = TO_OR_CONN(conn);
3728  token_bucket_rw_dec(&or_conn->bucket, num_read, num_written);
3729  }
3730 }
3731 
3732 /**
3733  * Mark <b>conn</b> as needing to stop reading because bandwidth has been
3734  * exhausted. If <b>is_global_bw</b>, it is closing because global bandwidth
3735  * limit has been exhausted. Otherwise, it is closing because its own
3736  * bandwidth limit has been exhausted.
3737  */
3738 void
3740 {
3741  (void)is_global_bw;
3742  conn->read_blocked_on_bw = 1;
3745 }
3746 
3747 /**
3748  * Mark <b>conn</b> as needing to stop reading because write bandwidth has
3749  * been exhausted. If <b>is_global_bw</b>, it is closing because global
3750  * bandwidth limit has been exhausted. Otherwise, it is closing because its
3751  * own bandwidth limit has been exhausted.
3752 */
3753 void
3755 {
3756  (void)is_global_bw;
3757  conn->write_blocked_on_bw = 1;
3760 }
3761 
3762 /** If we have exhausted our global buckets, or the buckets for conn,
3763  * stop reading. */
3764 void
3766 {
3767  int is_global = 1;
3768  const char *reason;
3769 
3770  if (CONN_IS_EDGE(conn) &&
3771  token_bucket_rw_get_read(&TO_EDGE_CONN(conn)->bucket) <= 0) {
3772  reason = "edge connection read bucket exhausted. Pausing.";
3773  is_global = false;
3774  } else if (!connection_is_rate_limited(conn)) {
3775  return; /* Always okay. */
3776  } else if (token_bucket_rw_get_read(&global_bucket) <= 0) {
3777  reason = "global read bucket exhausted. Pausing.";
3778  } else if (connection_counts_as_relayed_traffic(conn, approx_time()) &&
3779  token_bucket_rw_get_read(&global_relayed_bucket) <= 0) {
3780  reason = "global relayed read bucket exhausted. Pausing.";
3781  } else if (connection_speaks_cells(conn) &&
3782  conn->state == OR_CONN_STATE_OPEN &&
3783  token_bucket_rw_get_read(&TO_OR_CONN(conn)->bucket) <= 0) {
3784  reason = "connection read bucket exhausted. Pausing.";
3785  is_global = false;
3786  } else {
3787  return; /* all good, no need to stop it */
3788  }
3789 
3790  LOG_FN_CONN(conn, (LOG_DEBUG, LD_NET, "%s", reason));
3791  connection_read_bw_exhausted(conn, is_global);
3792 }
3793 
3794 /** If we have exhausted our global buckets, or the buckets for conn,
3795  * stop writing. */
3796 void
3798 {
3799  const char *reason;
3800 
3801  if (!connection_is_rate_limited(conn))
3802  return; /* Always okay. */
3803 
3804  bool is_global = true;
3805  if (token_bucket_rw_get_write(&global_bucket) <= 0) {
3806  reason = "global write bucket exhausted. Pausing.";
3807  } else if (connection_counts_as_relayed_traffic(conn, approx_time()) &&
3808  token_bucket_rw_get_write(&global_relayed_bucket) <= 0) {
3809  reason = "global relayed write bucket exhausted. Pausing.";
3810  } else if (connection_speaks_cells(conn) &&
3811  conn->state == OR_CONN_STATE_OPEN &&
3812  token_bucket_rw_get_write(&TO_OR_CONN(conn)->bucket) <= 0) {
3813  reason = "connection write bucket exhausted. Pausing.";
3814  is_global = false;
3815  } else
3816  return; /* all good, no need to stop it */
3817 
3818  LOG_FN_CONN(conn, (LOG_DEBUG, LD_NET, "%s", reason));
3819  connection_write_bw_exhausted(conn, is_global);
3820 }
3821 
3822 /** Initialize the global buckets to the values configured in the
3823  * options */
3824 void
3826 {
3827  const or_options_t *options = get_options();
3828  const uint32_t now_ts = monotime_coarse_get_stamp();
3829  token_bucket_rw_init(&global_bucket,
3830  (int32_t)options->BandwidthRate,
3831  (int32_t)options->BandwidthBurst,
3832  now_ts);
3833  if (options->RelayBandwidthRate) {
3834  token_bucket_rw_init(&global_relayed_bucket,
3835  (int32_t)options->RelayBandwidthRate,
3836  (int32_t)options->RelayBandwidthBurst,
3837  now_ts);
3838  } else {
3839  token_bucket_rw_init(&global_relayed_bucket,
3840  (int32_t)options->BandwidthRate,
3841  (int32_t)options->BandwidthBurst,
3842  now_ts);
3843  }
3844 
3846 }
3847 
3848 /** Update the global connection bucket settings to a new value. */
3849 void
3851 {
3852  token_bucket_rw_adjust(&global_bucket,
3853  (int32_t)options->BandwidthRate,
3854  (int32_t)options->BandwidthBurst);
3855  if (options->RelayBandwidthRate) {
3856  token_bucket_rw_adjust(&global_relayed_bucket,
3857  (int32_t)options->RelayBandwidthRate,
3858  (int32_t)options->RelayBandwidthBurst);
3859  } else {
3860  token_bucket_rw_adjust(&global_relayed_bucket,
3861  (int32_t)options->BandwidthRate,
3862  (int32_t)options->BandwidthBurst);
3863  }
3864 }
3865 
3866 /**
3867  * Cached value of the last coarse-timestamp when we refilled the
3868  * global buckets.
3869  */
3871 /**
3872  * Refill the token buckets for a single connection <b>conn</b>, and the
3873  * global token buckets as appropriate. Requires that <b>now_ts</b> is
3874  * the time in coarse timestamp units.
3875  */
3876 static void
3878 {
3879  /* Note that we only check for equality here: the underlying
3880  * token bucket functions can handle moving backwards in time if they
3881  * need to. */
3882  if (now_ts != last_refilled_global_buckets_ts) {
3883  token_bucket_rw_refill(&global_bucket, now_ts);
3884  token_bucket_rw_refill(&global_relayed_bucket, now_ts);
3886  }
3887 
3888  if (connection_speaks_cells(conn) && conn->state == OR_CONN_STATE_OPEN) {
3889  or_connection_t *or_conn = TO_OR_CONN(conn);
3890  token_bucket_rw_refill(&or_conn->bucket, now_ts);
3891  }
3892 
3893  if (CONN_IS_EDGE(conn)) {
3894  token_bucket_rw_refill(&TO_EDGE_CONN(conn)->bucket, now_ts);
3895  }
3896 }
3897 
3898 /**
3899  * Event to re-enable all connections that were previously blocked on read or
3900  * write.
3901  */
3903 
3904 /** True iff reenable_blocked_connections_ev is currently scheduled. */
3906 
3907 /** Delay after which to run reenable_blocked_connections_ev. */
3909 
3910 /**
3911  * Re-enable all connections that were previously blocked on read or write.
3912  * This event is scheduled after enough time has elapsed to be sure
3913  * that the buckets will refill when the connections have something to do.
3914  */
3915 static void
3917 {
3918  (void)ev;
3919  (void)arg;
3921  if (conn->read_blocked_on_bw == 1) {
3923  conn->read_blocked_on_bw = 0;
3924  }
3925  if (conn->write_blocked_on_bw == 1) {
3927  conn->write_blocked_on_bw = 0;
3928  }
3929  } SMARTLIST_FOREACH_END(conn);
3930 
3932 }
3933 
3934 /**
3935  * Initialize the mainloop event that we use to wake up connections that
3936  * find themselves blocked on bandwidth.
3937  */
3938 static void
3940 {
3945  }
3946  time_t sec = options->TokenBucketRefillInterval / 1000;
3947  int msec = (options->TokenBucketRefillInterval % 1000);
3949  reenable_blocked_connections_delay.tv_usec = msec * 1000;
3950 }
3951 
3952 /**
3953  * Called when we have blocked a connection for being low on bandwidth:
3954  * schedule an event to reenable such connections, if it is not already
3955  * scheduled.
3956  */
3957 static void
3959 {
3961  return;
3962  if (BUG(reenable_blocked_connections_ev == NULL)) {
3964  }
3968 }
3969 
3970 /** Read bytes from conn->s and process them.
3971  *
3972  * It calls connection_buf_read_from_socket() to bring in any new bytes,
3973  * and then calls connection_process_inbuf() to process them.
3974  *
3975  * Mark the connection and return -1 if you want to close it, else
3976  * return 0.
3977  */
3978 static int
3980 {
3981  ssize_t max_to_read=-1, try_to_read;
3982  size_t before, n_read = 0;
3983  int socket_error = 0;
3984 
3985  if (conn->marked_for_close)
3986  return 0; /* do nothing */
3987 
3989 
3991 
3992  switch (conn->type) {
3993  case CONN_TYPE_OR_LISTENER:
3997  case CONN_TYPE_AP_LISTENER:
4009  /* This should never happen; eventdns.c handles the reads here. */
4011  return 0;
4012  }
4013 
4014  loop_again:
4015  try_to_read = max_to_read;
4016  tor_assert(!conn->marked_for_close);
4017 
4018  before = buf_datalen(conn->inbuf);
4019  if (connection_buf_read_from_socket(conn, &max_to_read, &socket_error) < 0) {
4020  /* There's a read error; kill the connection.*/
4021  if (conn->type == CONN_TYPE_OR) {
4023  socket_error != 0 ?
4024  errno_to_orconn_end_reason(socket_error) :
4025  END_OR_CONN_REASON_CONNRESET,
4026  socket_error != 0 ?
4027  tor_socket_strerror(socket_error) :
4028  "(unknown, errno was 0)");
4029  }
4030  if (CONN_IS_EDGE(conn)) {
4031  edge_connection_t *edge_conn = TO_EDGE_CONN(conn);
4032  connection_edge_end_errno(edge_conn);
4033  if (conn->type == CONN_TYPE_AP && TO_ENTRY_CONN(conn)->socks_request) {
4034  /* broken, don't send a socks reply back */
4036  }
4037  }
4038  connection_close_immediate(conn); /* Don't flush; connection is dead. */
4039  /*
4040  * This can bypass normal channel checking since we did
4041  * connection_or_notify_error() above.
4042  */
4043  connection_mark_for_close_internal(conn);
4044  return -1;
4045  }
4046  n_read += buf_datalen(conn->inbuf) - before;
4047  if (CONN_IS_EDGE(conn) && try_to_read != max_to_read) {
4048  /* instruct it not to try to package partial cells. */
4049  if (connection_process_inbuf(conn, 0) < 0) {
4050  return -1;
4051  }
4052  if (!conn->marked_for_close &&
4053  connection_is_reading(conn) &&
4054  !conn->inbuf_reached_eof &&
4055  max_to_read > 0)
4056  goto loop_again; /* try reading again, in case more is here now */
4057  }
4058  /* one last try, packaging partial cells and all. */
4059  if (!conn->marked_for_close &&
4060  connection_process_inbuf(conn, 1) < 0) {
4061  return -1;
4062  }
4063  if (conn->linked_conn) {
4064  /* The other side's handle_write() will never actually get called, so
4065  * we need to invoke the appropriate callbacks ourself. */
4066  connection_t *linked = conn->linked_conn;
4067 
4068  if (n_read) {
4069  /* Probably a no-op, since linked conns typically don't count for
4070  * bandwidth rate limiting. But do it anyway so we can keep stats
4071  * accurately. Note that since we read the bytes from conn, and
4072  * we're writing the bytes onto the linked connection, we count
4073  * these as <i>written</i> bytes. */
4074  connection_buckets_decrement(linked, approx_time(), 0, n_read);
4075 
4076  if (connection_flushed_some(linked) < 0)
4077  connection_mark_for_close(linked);
4078  if (!connection_wants_to_flush(linked))
4080  }
4081 
4082  if (!buf_datalen(linked->outbuf) && conn->active_on_link)
4084  }
4085  /* If we hit the EOF, call connection_reached_eof(). */
4086  if (!conn->marked_for_close &&
4087  conn->inbuf_reached_eof &&
4088  connection_reached_eof(conn) < 0) {
4089  return -1;
4090  }
4091  return 0;
4092 }
4093 
4094 /* DOCDOC connection_handle_read */
4095 int
4096 connection_handle_read(connection_t *conn)
4097 {
4098  int res;
4099  update_current_time(time(NULL));
4100  res = connection_handle_read_impl(conn);
4101  return res;
4102 }
4103 
4104 /** Pull in new bytes from conn->s or conn->linked_conn onto conn->inbuf,
4105  * either directly or via TLS. Reduce the token buckets by the number of bytes
4106  * read.
4107  *
4108  * If *max_to_read is -1, then decide it ourselves, else go with the
4109  * value passed to us. When returning, if it's changed, subtract the
4110  * number of bytes we read from *max_to_read.
4111  *
4112  * Return -1 if we want to break conn, else return 0.
4113  */
4114 static int
4115 connection_buf_read_from_socket(connection_t *conn, ssize_t *max_to_read,
4116  int *socket_error)
4117 {
4118  int result;
4119  ssize_t at_most = *max_to_read;
4120  size_t slack_in_buf, more_to_read;
4121  size_t n_read = 0, n_written = 0;
4122 
4123  if (at_most == -1) { /* we need to initialize it */
4124  /* how many bytes are we allowed to read? */
4125  at_most = connection_bucket_read_limit(conn, approx_time());
4126  }
4127 
4128  /* Do not allow inbuf to grow past BUF_MAX_LEN. */
4129  const ssize_t maximum = BUF_MAX_LEN - buf_datalen(conn->inbuf);
4130  if (at_most > maximum) {
4131  at_most = maximum;
4132  }
4133 
4134  slack_in_buf = buf_slack(conn->inbuf);
4135  again:
4136  if ((size_t)at_most > slack_in_buf && slack_in_buf >= 1024) {
4137  more_to_read = at_most - slack_in_buf;
4138  at_most = slack_in_buf;
4139  } else {
4140  more_to_read = 0;
4141  }
4142 
4143  if (connection_speaks_cells(conn) &&
4145  int pending;
4146  or_connection_t *or_conn = TO_OR_CONN(conn);
4147  size_t initial_size;
4148  if (conn->state == OR_CONN_STATE_TLS_HANDSHAKING ||
4150  /* continue handshaking even if global token bucket is empty */
4151  return connection_tls_continue_handshake(or_conn);
4152  }
4153 
4154  log_debug(LD_NET,
4155  "%d: starting, inbuf_datalen %ld (%d pending in tls object)."
4156  " at_most %ld.",
4157  (int)conn->s,(long)buf_datalen(conn->inbuf),
4158  tor_tls_get_pending_bytes(or_conn->tls), (long)at_most);
4159 
4160  initial_size = buf_datalen(conn->inbuf);
4161  /* else open, or closing */
4162  result = buf_read_from_tls(conn->inbuf, or_conn->tls, at_most);
4163  if (TOR_TLS_IS_ERROR(result) || result == TOR_TLS_CLOSE)
4164  or_conn->tls_error = result;
4165  else
4166  or_conn->tls_error = 0;
4167 
4168  switch (result) {
4169  case TOR_TLS_CLOSE:
4170  case TOR_TLS_ERROR_IO:
4171  log_debug(LD_NET,"TLS %s closed %son read. Closing.",
4172  connection_describe(conn),
4173  result == TOR_TLS_CLOSE ? "cleanly " : "");
4174  return result;
4176  log_debug(LD_NET,"tls error [%s] from %s. Breaking.",
4177  tor_tls_err_to_string(result),
4178  connection_describe(conn));
4179  return result;
4180  case TOR_TLS_WANTWRITE:
4182  return 0;
4183  case TOR_TLS_WANTREAD:
4184  if (conn->in_connection_handle_write) {
4185  /* We've been invoked from connection_handle_write, because we're
4186  * waiting for a TLS renegotiation, the renegotiation started, and
4187  * SSL_read returned WANTWRITE. But now SSL_read is saying WANTREAD
4188  * again. Stop waiting for write events now, or else we'll
4189  * busy-loop until data arrives for us to read.
4190  * XXX: remove this when v2 handshakes support is dropped. */
4192  if (!connection_is_reading(conn))
4194  }
4195  /* we're already reading, one hopes */
4196  break;
4197  case TOR_TLS_DONE: /* no data read, so nothing to process */
4198  break; /* so we call bucket_decrement below */
4199  default:
4200  break;
4201  }
4202  pending = tor_tls_get_pending_bytes(or_conn->tls);
4203  if (pending) {
4204  /* If we have any pending bytes, we read them now. This *can*
4205  * take us over our read allotment, but really we shouldn't be
4206  * believing that SSL bytes are the same as TCP bytes anyway. */
4207  int r2 = buf_read_from_tls(conn->inbuf, or_conn->tls, pending);
4208  if (BUG(r2<0)) {
4209  log_warn(LD_BUG, "apparently, reading pending bytes can fail.");
4210  return -1;
4211  }
4212  }
4213  result = (int)(buf_datalen(conn->inbuf)-initial_size);
4214  tor_tls_get_n_raw_bytes(or_conn->tls, &n_read, &n_written);
4215  log_debug(LD_GENERAL, "After TLS read of %d: %ld read, %ld written",
4216  result, (long)n_read, (long)n_written);
4217  } else if (conn->linked) {
4218  if (conn->linked_conn) {
4219  result = (int) buf_move_all(conn->inbuf, conn->linked_conn->outbuf);
4220  } else {
4221  result = 0;
4222  }
4223  //log_notice(LD_GENERAL, "Moved %d bytes on an internal link!", result);
4224  /* If the other side has disappeared, or if it's been marked for close and
4225  * we flushed its outbuf, then we should set our inbuf_reached_eof. */
4226  if (!conn->linked_conn ||
4227  (conn->linked_conn->marked_for_close &&
4228  buf_datalen(conn->linked_conn->outbuf) == 0))
4229  conn->inbuf_reached_eof = 1;
4230 
4231  n_read = (size_t) result;
4232  } else {
4233  /* !connection_speaks_cells, !conn->linked_conn. */
4234  int reached_eof = 0;
4235  CONN_LOG_PROTECT(conn,
4236  result = buf_read_from_socket(conn->inbuf, conn->s,
4237  at_most,
4238  &reached_eof,
4239  socket_error));
4240  if (reached_eof)
4241  conn->inbuf_reached_eof = 1;
4242 
4243 // log_fn(LOG_DEBUG,"read_to_buf returned %d.",read_result);
4244 
4245  if (result < 0)
4246  return -1;
4247  n_read = (size_t) result;
4248  }
4249 
4250  if (n_read > 0) {
4251  /* change *max_to_read */
4252  *max_to_read = at_most - n_read;
4253 
4254  /* Onion service application connection. Note read bytes for metrics. */
4255  if (CONN_IS_EDGE(conn) && TO_EDGE_CONN(conn)->hs_ident) {
4256  edge_connection_t *edge_conn = TO_EDGE_CONN(conn);
4257  hs_metrics_app_read_bytes(&edge_conn->hs_ident->identity_pk,
4258  edge_conn->hs_ident->orig_virtual_port,
4259  n_read);
4260  }
4261 
4262  /* Update edge_conn->n_read */
4263  if (conn->type == CONN_TYPE_AP) {
4264  edge_connection_t *edge_conn = TO_EDGE_CONN(conn);
4265 
4266  /* Check for overflow: */
4267  if (PREDICT_LIKELY(UINT32_MAX - edge_conn->n_read > n_read))
4268  edge_conn->n_read += (int)n_read;
4269  else
4270  edge_conn->n_read = UINT32_MAX;
4271  }
4272 
4273  /* If CONN_BW events are enabled, update conn->n_read_conn_bw for
4274  * OR/DIR/EXIT connections, checking for overflow. */
4276  (conn->type == CONN_TYPE_OR ||
4277  conn->type == CONN_TYPE_DIR ||
4278  conn->type == CONN_TYPE_EXIT)) {
4279  if (PREDICT_LIKELY(UINT32_MAX - conn->n_read_conn_bw > n_read))
4280  conn->n_read_conn_bw += (int)n_read;
4281  else
4282  conn->n_read_conn_bw = UINT32_MAX;
4283  }
4284  }
4285 
4286  connection_buckets_decrement(conn, approx_time(), n_read, n_written);
4287 
4288  if (more_to_read && result == at_most) {
4289  slack_in_buf = buf_slack(conn->inbuf);
4290  at_most = more_to_read;
4291  goto again;
4292  }
4293 
4294  /* Call even if result is 0, since the global read bucket may
4295  * have reached 0 on a different conn, and this connection needs to
4296  * know to stop reading. */
4298  if (n_written > 0 && connection_is_writing(conn))
4300 
4301  return 0;
4302 }
4303 
4304 /** A pass-through to fetch_from_buf. */
4305 int
4306 connection_buf_get_bytes(char *string, size_t len, connection_t *conn)
4307 {
4308  return buf_get_bytes(conn->inbuf, string, len);
4309 }
4310 
4311 /** As buf_get_line(), but read from a connection's input buffer. */
4312 int
4314  size_t *data_len)
4315 {
4316  return buf_get_line(conn->inbuf, data, data_len);
4317 }
4318 
4319 /** As fetch_from_buf_http, but fetches from a connection's input buffer_t as
4320  * appropriate. */
4321 int
4323  char **headers_out, size_t max_headerlen,
4324  char **body_out, size_t *body_used,
4325  size_t max_bodylen, int force_complete)
4326 {
4327  return fetch_from_buf_http(conn->inbuf, headers_out, max_headerlen,
4328  body_out, body_used, max_bodylen, force_complete);
4329 }
4330 
4331 /** Return true if this connection has data to flush. */
4332 int
4334 {
4335  return connection_get_outbuf_len(conn) > 0;
4336 }
4337 
4338 /** Are there too many bytes on edge connection <b>conn</b>'s outbuf to
4339  * send back a relay-level sendme yet? Return 1 if so, 0 if not. Used by
4340  * connection_edge_consider_sending_sendme().
4341  */
4342 int
4344 {
4345  return connection_get_outbuf_len(conn) > 10*CELL_PAYLOAD_SIZE;
4346 }
4347 
4348 /**
4349  * On Windows Vista and Windows 7, tune the send buffer size according to a
4350  * hint from the OS.
4351  *
4352  * This should help fix slow upload rates.
4353  */
4354 static void
4356 {
4357 #ifdef _WIN32
4358  /* We only do this on Vista and 7, because earlier versions of Windows
4359  * don't have the SIO_IDEAL_SEND_BACKLOG_QUERY functionality, and on
4360  * later versions it isn't necessary. */
4361  static int isVistaOr7 = -1;
4362  if (isVistaOr7 == -1) {
4363  isVistaOr7 = 0;
4364  OSVERSIONINFO osvi = { 0 };
4365  osvi.dwOSVersionInfoSize = sizeof(OSVERSIONINFO);
4366  GetVersionEx(&osvi);
4367  if (osvi.dwMajorVersion == 6 && osvi.dwMinorVersion < 2)
4368  isVistaOr7 = 1;
4369  }
4370  if (!isVistaOr7)
4371  return;
4372  if (get_options()->ConstrainedSockets)
4373  return;
4374  ULONG isb = 0;
4375  DWORD bytesReturned = 0;
4376  if (!WSAIoctl(sock, SIO_IDEAL_SEND_BACKLOG_QUERY, NULL, 0,
4377  &isb, sizeof(isb), &bytesReturned, NULL, NULL)) {
4378  setsockopt(sock, SOL_SOCKET, SO_SNDBUF, (const char*)&isb, sizeof(isb));
4379  }
4380 #else /* !defined(_WIN32) */
4381  (void) sock;
4382 #endif /* defined(_WIN32) */
4383 }
4384 
4385 /** Try to flush more bytes onto <b>conn</b>->s.
4386  *
4387  * This function is called in connection_handle_write(), which gets
4388  * called from conn_write_callback() in main.c when libevent tells us
4389  * that <b>conn</b> wants to write.
4390  *
4391  * Update <b>conn</b>->timestamp_last_write_allowed to now, and call flush_buf
4392  * or flush_buf_tls appropriately. If it succeeds and there are no more
4393  * more bytes on <b>conn</b>->outbuf, then call connection_finished_flushing
4394  * on it too.
4395  *
4396  * If <b>force</b>, then write as many bytes as possible, ignoring bandwidth
4397  * limits. (Used for flushing messages to controller connections on fatal
4398  * errors.)
4399  *
4400  * Mark the connection and return -1 if you want to close it, else
4401  * return 0.
4402  */
4403 static int
4405 {
4406  int e;
4407  socklen_t len=(socklen_t)sizeof(e);
4408  int result;
4409  ssize_t max_to_write;
4410  time_t now = approx_time();
4411  size_t n_read = 0, n_written = 0;
4412  int dont_stop_writing = 0;
4413 
4415 
4416  if (conn->marked_for_close || !SOCKET_OK(conn->s))
4417  return 0; /* do nothing */
4418 
4419  if (conn->in_flushed_some) {
4420  log_warn(LD_BUG, "called recursively from inside conn->in_flushed_some");
4421  return 0;
4422  }
4423 
4424  conn->timestamp_last_write_allowed = now;
4425 
4427 
4428  /* Sometimes, "writable" means "connected". */
4429  if (connection_state_is_connecting(conn)) {
4430  if (getsockopt(conn->s, SOL_SOCKET, SO_ERROR, (void*)&e, &len) < 0) {
4431  log_warn(LD_BUG, "getsockopt() syscall failed");
4432  if (conn->type == CONN_TYPE_OR) {
4433  or_connection_t *orconn = TO_OR_CONN(conn);
4434  connection_or_close_for_error(orconn, 0);
4435  } else {
4436  if (CONN_IS_EDGE(conn)) {
4438  }
4439  connection_mark_for_close(conn);
4440  }
4441  return -1;
4442  }
4443  if (e) {
4444  /* some sort of error, but maybe just inprogress still */
4445  if (!ERRNO_IS_CONN_EINPROGRESS(e)) {
4446  log_info(LD_NET,"in-progress connect failed. Removing. (%s)",
4447  tor_socket_strerror(e));
4448  if (CONN_IS_EDGE(conn))
4450  if (conn->type == CONN_TYPE_OR)
4453  tor_socket_strerror(e));
4454 
4456  /*
4457  * This can bypass normal channel checking since we did
4458  * connection_or_notify_error() above.
4459  */
4460  connection_mark_for_close_internal(conn);
4461  return -1;
4462  } else {
4463  return 0; /* no change, see if next time is better */
4464  }
4465  }
4466  /* The connection is successful. */
4467  if (connection_finished_connecting(conn)<0)
4468  return -1;
4469  }
4470 
4471  max_to_write = force ? (ssize_t)buf_datalen(conn->outbuf)
4472  : connection_bucket_write_limit(conn, now);
4473 
4474  if (connection_speaks_cells(conn) &&
4476  or_connection_t *or_conn = TO_OR_CONN(conn);
4477  size_t initial_size;
4478  if (conn->state == OR_CONN_STATE_TLS_HANDSHAKING ||
4481  if (connection_tls_continue_handshake(or_conn) < 0) {
4482  /* Don't flush; connection is dead. */
4484  END_OR_CONN_REASON_MISC,
4485  "TLS error in connection_tls_"
4486  "continue_handshake()");
4488  /*
4489  * This can bypass normal channel checking since we did
4490  * connection_or_notify_error() above.
4491  */
4492  connection_mark_for_close_internal(conn);
4493  return -1;
4494  }
4495  return 0;
4496  } else if (conn->state == OR_CONN_STATE_TLS_SERVER_RENEGOTIATING) {
4497  return connection_handle_read(conn);
4498  }
4499 
4500  /* else open, or closing */
4501  initial_size = buf_datalen(conn->outbuf);
4502  result = buf_flush_to_tls(conn->outbuf, or_conn->tls,
4503  max_to_write);
4504 
4505  if (result >= 0)
4506  update_send_buffer_size(conn->s);
4507 
4508  /* If we just flushed the last bytes, tell the channel on the
4509  * or_conn to check if it needs to geoip_change_dirreq_state() */
4510  /* XXXX move this to flushed_some or finished_flushing -NM */
4511  if (buf_datalen(conn->outbuf) == 0 && or_conn->chan)
4512  channel_notify_flushed(TLS_CHAN_TO_BASE(or_conn->chan));
4513 
4514  switch (result) {
4516  case TOR_TLS_CLOSE:
4517  or_conn->tls_error = result;
4518  log_info(LD_NET, result != TOR_TLS_CLOSE ?
4519  "tls error. breaking.":"TLS connection closed on flush");
4520  /* Don't flush; connection is dead. */
4522  END_OR_CONN_REASON_MISC,
4523  result != TOR_TLS_CLOSE ?
4524  "TLS error in during flush" :
4525  "TLS closed during flush");
4527  /*
4528  * This can bypass normal channel checking since we did
4529  * connection_or_notify_error() above.
4530  */
4531  connection_mark_for_close_internal(conn);
4532  return -1;
4533  case TOR_TLS_WANTWRITE:
4534  log_debug(LD_NET,"wanted write.");
4535  /* we're already writing */
4536  dont_stop_writing = 1;
4537  break;
4538  case TOR_TLS_WANTREAD:
4539  /* Make sure to avoid a loop if the receive buckets are empty. */
4540  log_debug(LD_NET,"wanted read.");
4541  if (!connection_is_reading(conn)) {
4542  connection_write_bw_exhausted(conn, true);
4543  /* we'll start reading again when we get more tokens in our
4544  * read bucket; then we'll start writing again too.
4545  */
4546  }
4547  /* else no problem, we're already reading */
4548  return 0;
4549  /* case TOR_TLS_DONE:
4550  * for TOR_TLS_DONE, fall through to check if the flushlen
4551  * is empty, so we can stop writing.
4552  */
4553  }
4554 
4555  tor_tls_get_n_raw_bytes(or_conn->tls, &n_read, &n_written);
4556  log_debug(LD_GENERAL, "After TLS write of %d: %ld read, %ld written",
4557  result, (long)n_read, (long)n_written);
4558  or_conn->bytes_xmitted += result;
4559  or_conn->bytes_xmitted_by_tls += n_written;
4560  /* So we notice bytes were written even on error */
4561  /* XXXX This cast is safe since we can never write INT_MAX bytes in a
4562  * single set of TLS operations. But it looks kinda ugly. If we refactor
4563  * the *_buf_tls functions, we should make them return ssize_t or size_t
4564  * or something. */
4565  result = (int)(initial_size-buf_datalen(conn->outbuf));
4566  } else {
4567  CONN_LOG_PROTECT(conn,
4568  result = buf_flush_to_socket(conn->outbuf, conn->s,
4569  max_to_write));
4570  if (result < 0) {
4571  if (CONN_IS_EDGE(conn))
4573  if (conn->type == CONN_TYPE_AP) {
4574  /* writing failed; we couldn't send a SOCKS reply if we wanted to */
4576  }
4577 
4578  connection_close_immediate(conn); /* Don't flush; connection is dead. */
4579  connection_mark_for_close(conn);
4580  return -1;
4581  }
4582  update_send_buffer_size(conn->s);
4583  n_written = (size_t) result;
4584  }
4585 
4586  if (n_written && conn->type == CONN_TYPE_AP) {
4587  edge_connection_t *edge_conn = TO_EDGE_CONN(conn);
4588 
4589  /* Check for overflow: */
4590  if (PREDICT_LIKELY(UINT32_MAX - edge_conn->n_written > n_written))
4591  edge_conn->n_written += (int)n_written;
4592  else
4593  edge_conn->n_written = UINT32_MAX;
4594  }
4595 
4596  /* If CONN_BW events are enabled, update conn->n_written_conn_bw for
4597  * OR/DIR/EXIT connections, checking for overflow. */
4598  if (n_written && get_options()->TestingEnableConnBwEvent &&
4599  (conn->type == CONN_TYPE_OR ||
4600  conn->type == CONN_TYPE_DIR ||
4601  conn->type == CONN_TYPE_EXIT)) {
4602  if (PREDICT_LIKELY(UINT32_MAX - conn->n_written_conn_bw > n_written))
4603  conn->n_written_conn_bw += (int)n_written;
4604  else
4605  conn->n_written_conn_bw = UINT32_MAX;
4606  }
4607 
4608  connection_buckets_decrement(conn, approx_time(), n_read, n_written);
4609 
4610  if (result > 0) {
4611  /* If we wrote any bytes from our buffer, then call the appropriate
4612  * functions. */
4613  if (connection_flushed_some(conn) < 0) {
4614  if (connection_speaks_cells(conn)) {
4616  END_OR_CONN_REASON_MISC,
4617  "Got error back from "
4618  "connection_flushed_some()");
4619  }
4620 
4621  /*
4622  * This can bypass normal channel checking since we did
4623  * connection_or_notify_error() above.
4624  */
4625  connection_mark_for_close_internal(conn);
4626  }
4627  }
4628 
4629  if (!connection_wants_to_flush(conn) &&
4630  !dont_stop_writing) { /* it's done flushing */
4631  if (connection_finished_flushing(conn) < 0) {
4632  /* already marked */
4633  goto err;
4634  }
4635  goto done;
4636  }
4637 
4638  /* Call even if result is 0, since the global write bucket may
4639  * have reached 0 on a different conn, and this connection needs to
4640  * know to stop writing. */
4642  if (n_read > 0 && connection_is_reading(conn))
4644 
4645  done:
4646  /* If this is an edge connection with congestion control, check to see
4647  * if it is time to send an xon */
4648  if (conn_uses_flow_control(conn)) {
4649  flow_control_decide_xon(TO_EDGE_CONN(conn), n_written);
4650  }
4651 
4652  return 0;
4653 
4654  err:
4655  return -1;
4656 }
4657 
4658 /* DOCDOC connection_handle_write */
4659 int
4660 connection_handle_write(connection_t *conn, int force)
4661 {
4662  int res;
4663  update_current_time(time(NULL));
4664  /* connection_handle_write_impl() might call connection_handle_read()
4665  * if we're in the middle of a v2 handshake, in which case it needs this
4666  * flag set. */
4667  conn->in_connection_handle_write = 1;
4668  res = connection_handle_write_impl(conn, force);
4669  conn->in_connection_handle_write = 0;
4670  return res;
4671 }
4672 
4673 /**
4674  * Try to flush data that's waiting for a write on <b>conn</b>. Return
4675  * -1 on failure, 0 on success.
4676  *
4677  * Don't use this function for regular writing; the buffers
4678  * system should be good enough at scheduling writes there. Instead, this
4679  * function is for cases when we're about to exit or something and we want
4680  * to report it right away.
4681  */
4682 int
4684 {
4685  return connection_handle_write(conn, 1);
4686 }
4687 
4688 /** Helper for connection_write_to_buf_impl and connection_write_buf_to_buf:
4689  *
4690  * Return true iff it is okay to queue bytes on <b>conn</b>'s outbuf for
4691  * writing.
4692  */
4693 static int
4695 {
4696  /* if it's marked for close, only allow write if we mean to flush it */
4697  if (conn->marked_for_close && !conn->hold_open_until_flushed)
4698  return 0;
4699 
4700  return 1;
4701 }
4702 
4703 /** Helper for connection_write_to_buf_impl and connection_write_buf_to_buf:
4704  *
4705  * Called when an attempt to add bytes on <b>conn</b>'s outbuf has failed;
4706  * mark the connection and warn as appropriate.
4707  */
4708 static void
4710 {
4711  if (CONN_IS_EDGE(conn)) {
4712  /* if it failed, it means we have our package/delivery windows set
4713  wrong compared to our max outbuf size. close the whole circuit. */
4714  log_warn(LD_NET,
4715  "write_to_buf failed. Closing circuit (fd %d).", (int)conn->s);
4716  circuit_mark_for_close(circuit_get_by_edge_conn(TO_EDGE_CONN(conn)),
4717  END_CIRC_REASON_INTERNAL);
4718  } else if (conn->type == CONN_TYPE_OR) {
4719  or_connection_t *orconn = TO_OR_CONN(conn);
4720  log_warn(LD_NET,
4721  "write_to_buf failed on an orconn; notifying of error "
4722  "(fd %d)", (int)(conn->s));
4723  connection_or_close_for_error(orconn, 0);
4724  } else {
4725  log_warn(LD_NET,
4726  "write_to_buf failed. Closing connection (fd %d).",
4727  (int)conn->s);
4728  connection_mark_for_close(conn);
4729  }
4730 }
4731 
4732 /** Helper for connection_write_to_buf_impl and connection_write_buf_to_buf:
4733  *
4734  * Called when an attempt to add bytes on <b>conn</b>'s outbuf has succeeded:
4735  * start writing if appropriate.
4736  */
4737 static void
4739 {
4740  /* If we receive optimistic data in the EXIT_CONN_STATE_RESOLVING
4741  * state, we don't want to try to write it right away, since
4742  * conn->write_event won't be set yet. Otherwise, write data from
4743  * this conn as the socket is available. */
4744  if (conn->write_event) {
4746  }
4747 }
4748 
4749 /** Append <b>len</b> bytes of <b>string</b> onto <b>conn</b>'s
4750  * outbuf, and ask it to start writing.
4751  *
4752  * If <b>zlib</b> is nonzero, this is a directory connection that should get
4753  * its contents compressed or decompressed as they're written. If zlib is
4754  * negative, this is the last data to be compressed, and the connection's zlib
4755  * state should be flushed.
4756  */
4757 MOCK_IMPL(void,
4758 connection_write_to_buf_impl_,(const char *string, size_t len,
4759  connection_t *conn, int zlib))
4760 {
4761  /* XXXX This function really needs to return -1 on failure. */
4762  int r;
4763  if (!len && !(zlib<0))
4764  return;
4765 
4766  if (!connection_may_write_to_buf(conn))
4767  return;
4768 
4769  if (zlib) {
4770  dir_connection_t *dir_conn = TO_DIR_CONN(conn);
4771  int done = zlib < 0;
4772  CONN_LOG_PROTECT(conn, r = buf_add_compress(conn->outbuf,
4773  dir_conn->compress_state,
4774  string, len, done));
4775  } else {
4776  CONN_LOG_PROTECT(conn, r = buf_add(conn->outbuf, string, len));
4777  }
4778  if (r < 0) {
4780  return;
4781  }
4783 }
4784 
4785 /**
4786  * Write a <b>string</b> (of size <b>len</b> to directory connection
4787  * <b>dir_conn</b>. Apply compression if connection is configured to use
4788  * it and finalize it if <b>done</b> is true.
4789  */
4790 void
4791 connection_dir_buf_add(const char *string, size_t len,
4792  dir_connection_t *dir_conn, int done)
4793 {
4794  if (dir_conn->compress_state != NULL) {
4795  connection_buf_add_compress(string, len, dir_conn, done);
4796  return;
4797  }
4798 
4799  connection_buf_add(string, len, TO_CONN(dir_conn));
4800 }
4801 
4802 void
4803 connection_buf_add_compress(const char *string, size_t len,
4804  dir_connection_t *conn, int done)
4805 {
4806  connection_write_to_buf_impl_(string, len, TO_CONN(conn), done ? -1 : 1);
4807 }
4808 
4809 /**
4810  * Add all bytes from <b>buf</b> to <b>conn</b>'s outbuf, draining them
4811  * from <b>buf</b>. (If the connection is marked and will soon be closed,
4812  * nothing is drained.)
4813  */
4814 void
4816 {
4817  tor_assert(conn);
4818  tor_assert(buf);
4819  size_t len = buf_datalen(buf);
4820  if (len == 0)
4821  return;
4822 
4823  if (!connection_may_write_to_buf(conn))
4824  return;
4825 
4826  buf_move_all(conn->outbuf, buf);
4828 }
4829 
4830 #define CONN_GET_ALL_TEMPLATE(var, test) \
4831  STMT_BEGIN \
4832  smartlist_t *conns = get_connection_array(); \
4833  smartlist_t *ret_conns = smartlist_new(); \
4834  SMARTLIST_FOREACH_BEGIN(conns, connection_t *, var) { \
4835  if (var && (test) && !var->marked_for_close) \
4836  smartlist_add(ret_conns, var); \
4837  } SMARTLIST_FOREACH_END(var); \
4838  return ret_conns; \
4839  STMT_END
4840 
4841 /* Return a list of connections that aren't close and matches the given type
4842  * and state. The returned list can be empty and must be freed using
4843  * smartlist_free(). The caller does NOT have ownership of the objects in the
4844  * list so it must not free them nor reference them as they can disappear. */
4845 smartlist_t *
4846 connection_list_by_type_state(int type, int state)
4847 {
4848  CONN_GET_ALL_TEMPLATE(conn, (conn->type == type && conn->state == state));
4849 }
4850 
4851 /* Return a list of connections that aren't close and matches the given type
4852  * and purpose. The returned list can be empty and must be freed using
4853  * smartlist_free(). The caller does NOT have ownership of the objects in the
4854  * list so it must not free them nor reference them as they can disappear. */
4855 smartlist_t *
4856 connection_list_by_type_purpose(int type, int purpose)
4857 {
4858  CONN_GET_ALL_TEMPLATE(conn,
4859  (conn->type == type && conn->purpose == purpose));
4860 }
4861 
4862 /** Return a connection_t * from get_connection_array() that satisfies test on
4863  * var, and that is not marked for close. */
4864 #define CONN_GET_TEMPLATE(var, test) \
4865  STMT_BEGIN \
4866  smartlist_t *conns = get_connection_array(); \
4867  SMARTLIST_FOREACH(conns, connection_t *, var, \
4868  { \
4869  if (var && (test) && !var->marked_for_close) \
4870  return var; \
4871  }); \
4872  return NULL; \
4873  STMT_END
4874 
4875 /** Return a connection with given type, address, port, and purpose;
4876  * or NULL if no such connection exists (or if all such connections are marked
4877  * for close). */
4880  const tor_addr_t *addr, uint16_t port,
4881  int purpose))
4882 {
4883  CONN_GET_TEMPLATE(conn,
4884  (conn->type == type &&
4885  tor_addr_eq(&conn->addr, addr) &&
4886  conn->port == port &&
4887  conn->purpose == purpose));
4888 }
4889 
4890 /** Return the stream with id <b>id</b> if it is not already marked for
4891  * close.
4892  */
4893 connection_t *
4895 {
4896  CONN_GET_TEMPLATE(conn, conn->global_identifier == id);
4897 }
4898 
4899 /** Return a connection of type <b>type</b> that is not marked for close.
4900  */
4901 connection_t *
4903 {
4904  CONN_GET_TEMPLATE(conn, conn->type == type);
4905 }
4906 
4907 /** Return a connection of type <b>type</b> that is in state <b>state</b>,
4908  * and that is not marked for close.
4909  */
4910 connection_t *
4911 connection_get_by_type_state(int type, int state)
4912 {
4913  CONN_GET_TEMPLATE(conn, conn->type == type && conn->state == state);
4914 }
4915 
4916 /**
4917  * Return a connection of type <b>type</b> that is not an internally linked
4918  * connection, and is not marked for close.
4919  **/
4922 {
4923  CONN_GET_TEMPLATE(conn, conn->type == type && !conn->linked);
4924 }
4925 
4926 /** Return a new smartlist of dir_connection_t * from get_connection_array()
4927  * that satisfy conn_test on connection_t *conn_var, and dirconn_test on
4928  * dir_connection_t *dirconn_var. conn_var must be of CONN_TYPE_DIR and not
4929  * marked for close to be included in the list. */
4930 #define DIR_CONN_LIST_TEMPLATE(conn_var, conn_test, \
4931  dirconn_var, dirconn_test) \
4932  STMT_BEGIN \
4933  smartlist_t *conns = get_connection_array(); \
4934  smartlist_t *dir_conns = smartlist_new(); \
4935  SMARTLIST_FOREACH_BEGIN(conns, connection_t *, conn_var) { \
4936  if (conn_var && (conn_test) \
4937  && conn_var->type == CONN_TYPE_DIR \
4938  && !conn_var->marked_for_close) { \
4939  dir_connection_t *dirconn_var = TO_DIR_CONN(conn_var); \
4940  if (dirconn_var && (dirconn_test)) { \
4941  smartlist_add(dir_conns, dirconn_var); \
4942  } \
4943  } \
4944  } SMARTLIST_FOREACH_END(conn_var); \
4945  return dir_conns; \
4946  STMT_END
4947 
4948 /** Return a list of directory connections that are fetching the item
4949  * described by <b>purpose</b>/<b>resource</b>. If there are none,
4950  * return an empty list. This list must be freed using smartlist_free,
4951  * but the pointers in it must not be freed.
4952  * Note that this list should not be cached, as the pointers in it can be
4953  * freed if their connections close. */
4954 smartlist_t *
4956  int purpose,
4957  const char *resource)
4958 {
4960  conn->purpose == purpose,
4961  dirconn,
4962  0 == strcmp_opt(resource,
4963  dirconn->requested_resource));
4964 }
4965 
4966 /** Return a list of directory connections that are fetching the item
4967  * described by <b>purpose</b>/<b>resource</b>/<b>state</b>. If there are
4968  * none, return an empty list. This list must be freed using smartlist_free,
4969  * but the pointers in it must not be freed.
4970  * Note that this list should not be cached, as the pointers in it can be
4971  * freed if their connections close. */
4972 smartlist_t *
4974  int purpose,
4975  const char *resource,
4976  int state)
4977 {
4979  conn->purpose == purpose && conn->state == state,
4980  dirconn,
4981  0 == strcmp_opt(resource,
4982  dirconn->requested_resource));
4983 }
4984 
4985 #undef DIR_CONN_LIST_TEMPLATE
4986 
4987 /** Return an arbitrary active OR connection that isn't <b>this_conn</b>.
4988  *
4989  * We use this to guess if we should tell the controller that we
4990  * didn't manage to connect to any of our bridges. */
4991 static connection_t *
4993 {
4994  CONN_GET_TEMPLATE(conn,
4995  conn != TO_CONN(this_conn) && conn->type == CONN_TYPE_OR);
4996 }
4997 
4998 /** Return 1 if there are any active OR connections apart from
4999  * <b>this_conn</b>.
5000  *
5001  * We use this to guess if we should tell the controller that we
5002  * didn't manage to connect to any of our bridges. */
5003 int
5005 {
5007  if (conn != NULL) {
5008  log_debug(LD_DIR, "%s: Found an OR connection: %s",
5009  __func__, connection_describe(conn));
5010  return 1;
5011  }
5012 
5013  return 0;
5014 }
5015 
5016 #undef CONN_GET_TEMPLATE
5017 
5018 /** Return 1 if <b>conn</b> is a listener conn, else return 0. */
5019 int
5021 {
5022  if (conn->type == CONN_TYPE_OR_LISTENER ||
5023  conn->type == CONN_TYPE_EXT_OR_LISTENER ||
5024  conn->type == CONN_TYPE_AP_LISTENER ||
5025  conn->type == CONN_TYPE_AP_TRANS_LISTENER ||
5026  conn->type == CONN_TYPE_AP_DNS_LISTENER ||
5027  conn->type == CONN_TYPE_AP_NATD_LISTENER ||
5029  conn->type == CONN_TYPE_DIR_LISTENER ||
5030  conn->type == CONN_TYPE_METRICS_LISTENER ||
5032  return 1;
5033  return 0;
5034 }
5035 
5036 /** Return 1 if <b>conn</b> is in state "open" and is not marked
5037  * for close, else return 0.
5038  */
5039 int
5041 {
5042  tor_assert(conn);
5043 
5044  if (conn->marked_for_close)
5045  return 0;
5046 
5047  if ((conn->type == CONN_TYPE_OR && conn->state == OR_CONN_STATE_OPEN) ||
5048  (conn->type == CONN_TYPE_EXT_OR) ||
5049  (conn->type == CONN_TYPE_AP && conn->state == AP_CONN_STATE_OPEN) ||
5050  (conn->type == CONN_TYPE_EXIT && conn->state == EXIT_CONN_STATE_OPEN) ||
5051  (conn->type == CONN_TYPE_CONTROL &&
5052  conn->state == CONTROL_CONN_STATE_OPEN))
5053  return 1;
5054 
5055  return 0;
5056 }
5057 
5058 /** Return 1 if conn is in 'connecting' state, else return 0. */
5059 int
5061 {
5062  tor_assert(conn);
5063 
5064  if (conn->marked_for_close)
5065  return 0;
5066  switch (conn->type)
5067  {
5068  case CONN_TYPE_OR:
5069  return conn->state == OR_CONN_STATE_CONNECTING;
5070  case CONN_TYPE_EXIT:
5071  return conn->state == EXIT_CONN_STATE_CONNECTING;
5072  case CONN_TYPE_DIR:
5073  return conn->state == DIR_CONN_STATE_CONNECTING;
5074  }
5075 
5076  return 0;
5077 }
5078 
5079 /** Allocates a base64'ed authenticator for use in http or https
5080  * auth, based on the input string <b>authenticator</b>. Returns it
5081  * if success, else returns NULL. */
5082 char *
5083 alloc_http_authenticator(const char *authenticator)
5084 {
5085  /* an authenticator in Basic authentication
5086  * is just the string "username:password" */
5087  const size_t authenticator_length = strlen(authenticator);
5088  const size_t base64_authenticator_length =
5089  base64_encode_size(authenticator_length, 0) + 1;
5090  char *base64_authenticator = tor_malloc(base64_authenticator_length);
5091  if (base64_encode(base64_authenticator, base64_authenticator_length,
5092  authenticator, authenticator_length, 0) < 0) {
5093  tor_free(base64_authenticator); /* free and set to null */
5094  }
5095  return base64_authenticator;
5096 }
5097 
5098 /** Given a socket handle, check whether the local address (sockname) of the
5099  * socket is one that we've connected from before. If so, double-check
5100  * whether our address has changed and we need to generate keys. If we do,
5101  * call init_keys().
5102  */
5103 static void
5105 {
5106  tor_addr_t out_addr, iface_addr;
5107  tor_addr_t **last_interface_ip_ptr;
5108  sa_family_t family;
5109 
5110  if (!outgoing_addrs)
5112 
5113  if (tor_addr_from_getsockname(&out_addr, sock) < 0) {
5114  int e = tor_socket_errno(sock);
5115  log_warn(LD_NET, "getsockname() to check for address change failed: %s",
5116  tor_socket_strerror(e));
5117  return;
5118  }
5119  family = tor_addr_family(&out_addr);
5120 
5121  if (family == AF_INET)
5122  last_interface_ip_ptr = &last_interface_ipv4;
5123  else if (family == AF_INET6)
5124  last_interface_ip_ptr = &last_interface_ipv6;
5125  else
5126  return;
5127 
5128  if (! *last_interface_ip_ptr) {
5129  tor_addr_t *a = tor_malloc_zero(sizeof(tor_addr_t));
5130  if (get_interface_address6(LOG_INFO, family, a)==0) {
5131  *last_interface_ip_ptr = a;
5132  } else {
5133  tor_free(a);
5134  }
5135  }
5136 
5137  /* If we've used this address previously, we're okay. */
5139  if (tor_addr_eq(a_ptr, &out_addr))
5140  return;
5141  );
5142 
5143  /* Uh-oh. We haven't connected from this address before. Has the interface
5144  * address changed? */
5145  if (get_interface_address6(LOG_INFO, family, &iface_addr)<0)
5146  return;
5147 
5148  if (tor_addr_eq(&iface_addr, *last_interface_ip_ptr)) {
5149  /* Nope, it hasn't changed. Add this address to the list. */
5150  smartlist_add(outgoing_addrs, tor_memdup(&out_addr, sizeof(tor_addr_t)));
5151  } else {
5152  /* The interface changed. We're a client, so we need to regenerate our
5153  * keys. First, reset the state. */
5154  log_notice(LD_NET, "Our IP address has changed. Rotating keys...");
5155  tor_addr_copy(*last_interface_ip_ptr, &iface_addr);
5158  smartlist_add(outgoing_addrs, tor_memdup(&out_addr, sizeof(tor_addr_t)));
5159  /* We'll need to resolve ourselves again. */
5160  resolved_addr_reset_last(AF_INET);
5161  /* Okay, now change our keys. */
5162  ip_address_changed(1);
5163  }
5164 }
5165 
5166 /** Some systems have limited system buffers for recv and xmit on
5167  * sockets allocated in a virtual server or similar environment. For a Tor
5168  * server this can produce the "Error creating network socket: No buffer
5169  * space available" error once all available TCP buffer space is consumed.
5170  * This method will attempt to constrain the buffers allocated for the socket
5171  * to the desired size to stay below system TCP buffer limits.
5172  */
5173 static void
5175 {
5176  void *sz = (void*)&size;
5177  socklen_t sz_sz = (socklen_t) sizeof(size);
5178  if (setsockopt(sock, SOL_SOCKET, SO_SNDBUF, sz, sz_sz) < 0) {
5179  int e = tor_socket_errno(sock);
5180  log_warn(LD_NET, "setsockopt() to constrain send "
5181  "buffer to %d bytes failed: %s", size, tor_socket_strerror(e));
5182  }
5183  if (setsockopt(sock, SOL_SOCKET, SO_RCVBUF, sz, sz_sz) < 0) {
5184  int e = tor_socket_errno(sock);
5185  log_warn(LD_NET, "setsockopt() to constrain recv "
5186  "buffer to %d bytes failed: %s", size, tor_socket_strerror(e));
5187  }
5188 }
5189 
5190 /** Process new bytes that have arrived on conn->inbuf.
5191  *
5192  * This function just passes conn to the connection-specific
5193  * connection_*_process_inbuf() function. It also passes in
5194  * package_partial if wanted.
5195  */
5196 static int
5197 connection_process_inbuf(connection_t *conn, int package_partial)
5198 {
5199  tor_assert(conn);
5200 
5201  switch (conn->type) {
5202  case CONN_TYPE_OR:
5204  case CONN_TYPE_EXT_OR:
5206  case CONN_TYPE_EXIT:
5207  case CONN_TYPE_AP:
5209  package_partial);
5210  case CONN_TYPE_DIR:
5212  case CONN_TYPE_CONTROL:
5214  case CONN_TYPE_METRICS:
5215  return metrics_connection_process_inbuf(conn);
5216  default:
5217  log_err(LD_BUG,"got unexpected conn type %d.", conn->type);
5219  return -1;
5220  }
5221 }
5222 
5223 /** Called whenever we've written data on a connection. */
5224 static int
5226 {
5227  int r = 0;
5228  tor_assert(!conn->in_flushed_some);
5229  conn->in_flushed_some = 1;
5230  if (conn->type == CONN_TYPE_DIR &&
5232  r = connection_dirserv_flushed_some(TO_DIR_CONN(conn));
5233  } else if (conn->type == CONN_TYPE_OR) {
5235  } else if (CONN_IS_EDGE(conn)) {
5237  }
5238  conn->in_flushed_some = 0;
5239  return r;
5240 }
5241 
5242 /** We just finished flushing bytes to the appropriately low network layer,
5243  * and there are no more bytes remaining in conn->outbuf or
5244  * conn->tls to be flushed.
5245  *
5246  * This function just passes conn to the connection-specific
5247  * connection_*_finished_flushing() function.
5248  */
5249 static int
5251 {
5252  tor_assert(conn);
5253 
5254  /* If the connection is closed, don't try to do anything more here. */
5255  if (CONN_IS_CLOSED(conn))
5256  return 0;
5257 
5258 // log_fn(LOG_DEBUG,"entered. Socket %u.", conn->s);
5259 
5261 
5262  switch (conn->type) {
5263  case CONN_TYPE_OR:
5265  case CONN_TYPE_EXT_OR:
5267  case CONN_TYPE_AP:
5268  case CONN_TYPE_EXIT:
5270  case CONN_TYPE_DIR:
5272  case CONN_TYPE_CONTROL:
5274  case CONN_TYPE_METRICS:
5276  default:
5277  log_err(LD_BUG,"got unexpected conn type %d.", conn->type);
5279  return -1;
5280  }
5281 }
5282 
5283 /** Called when our attempt to connect() to a server has just succeeded.
5284  *
5285  * This function checks if the interface address has changed (clients only),
5286  * and then passes conn to the connection-specific
5287  * connection_*_finished_connecting() function.
5288  */
5289 static int
5291 {
5292  tor_assert(conn);
5293 
5294  if (!server_mode(get_options())) {
5295  /* See whether getsockname() says our address changed. We need to do this
5296  * now that the connection has finished, because getsockname() on Windows
5297  * won't work until then. */
5299  }
5300 
5301  switch (conn->type)
5302  {
5303  case CONN_TYPE_OR:
5305  case CONN_TYPE_EXIT:
5307  case CONN_TYPE_DIR:
5309  default:
5310  log_err(LD_BUG,"got unexpected conn type %d.", conn->type);
5312  return -1;
5313  }
5314 }
5315 
5316 /** Callback: invoked when a connection reaches an EOF event. */
5317 static int
5319 {
5320  switch (conn->type) {
5321  case CONN_TYPE_OR:
5322  case CONN_TYPE_EXT_OR:
5323  return connection_or_reached_eof(TO_OR_CONN(conn));
5324  case CONN_TYPE_AP:
5325  case CONN_TYPE_EXIT:
5327  case CONN_TYPE_DIR:
5329  case CONN_TYPE_CONTROL:
5331  case CONN_TYPE_METRICS:
5332  return metrics_connection_reached_eof(conn);
5333  default:
5334  log_err(LD_BUG,"got unexpected conn type %d.", conn->type);
5336  return -1;
5337  }
5338 }
5339 
5340 /** Comparator for the two-orconn case in OOS victim sort */
5341 static int
5343 {
5344  int a_circs, b_circs;
5345  /* Fewer circuits == higher priority for OOS kill, sort earlier */
5346 
5347  a_circs = connection_or_get_num_circuits(a);
5348  b_circs = connection_or_get_num_circuits(b);
5349 
5350  if (a_circs < b_circs) return 1;
5351  else if (a_circs > b_circs) return -1;
5352  else return 0;
5353 }
5354 
5355 /** Sort comparator for OOS victims; better targets sort before worse
5356  * ones. */
5357 static int
5358 oos_victim_comparator(const void **a_v, const void **b_v)
5359 {
5360  connection_t *a = NULL, *b = NULL;
5361 
5362  /* Get connection pointers out */
5363 
5364  a = (connection_t *)(*a_v);
5365  b = (connection_t *)(*b_v);
5366 
5367  tor_assert(a != NULL);
5368  tor_assert(b != NULL);
5369 
5370  /*
5371  * We always prefer orconns as victims currently; we won't even see
5372  * these non-orconn cases, but if we do, sort them after orconns.
5373  */
5374  if (a->type == CONN_TYPE_OR && b->type == CONN_TYPE_OR) {
5376  } else {
5377  /*
5378  * One isn't an orconn; if one is, it goes first. We currently have no
5379  * opinions about cases where neither is an orconn.
5380  */
5381  if (a->type == CONN_TYPE_OR) return -1;
5382  else if (b->type == CONN_TYPE_OR) return 1;
5383  else return 0;
5384  }
5385 }
5386 
5387 /** Pick n victim connections for the OOS handler and return them in a
5388  * smartlist.
5389  */
5392 {
5393  smartlist_t *eligible = NULL, *victims = NULL;
5394  smartlist_t *conns;
5395  int conn_counts_by_type[CONN_TYPE_MAX_ + 1], i;
5396 
5397  /*
5398  * Big damn assumption (someone improve this someday!):
5399  *
5400  * Socket exhaustion normally happens on high-volume relays, and so
5401  * most of the connections involved are orconns. We should pick victims
5402  * by assembling a list of all orconns, and sorting them in order of
5403  * how much 'damage' by some metric we'd be doing by dropping them.
5404  *
5405  * If we move on from orconns, we should probably think about incoming
5406  * directory connections next, or exit connections. Things we should
5407  * probably never kill are controller connections and listeners.
5408  *
5409  * This function will count how many connections of different types
5410  * exist and log it for purposes of gathering data on typical OOS
5411  * situations to guide future improvements.
5412  */
5413 
5414  /* First, get the connection array */
5415  conns = get_connection_array();
5416  /*
5417  * Iterate it and pick out eligible connection types, and log some stats
5418  * along the way.
5419  */
5420  eligible = smartlist_new();
5421  memset(conn_counts_by_type, 0, sizeof(conn_counts_by_type));
5422  SMARTLIST_FOREACH_BEGIN(conns, connection_t *, c) {
5423  /* Bump the counter */
5424  tor_assert(c->type <= CONN_TYPE_MAX_);
5425  ++(conn_counts_by_type[c->type]);
5426 
5427  /* Skip anything without a socket we can free */
5428  if (!(SOCKET_OK(c->s))) {
5429  continue;
5430  }
5431 
5432  /* Skip anything we would count as moribund */
5433  if (connection_is_moribund(c)) {
5434  continue;
5435  }
5436 
5437  switch (c->type) {
5438  case CONN_TYPE_OR:
5439  /* We've got an orconn, it's eligible to be OOSed */
5440  smartlist_add(eligible, c);
5441  break;
5442  default:
5443  /* We don't know what to do with it, ignore it */
5444  break;
5445  }
5446  } SMARTLIST_FOREACH_END(c);
5447 
5448  /* Log some stats */
5449  if (smartlist_len(conns) > 0) {
5450  /* At least one counter must be non-zero */
5451  log_info(LD_NET, "Some stats on conn types seen during OOS follow");
5452  for (i = CONN_TYPE_MIN_; i <= CONN_TYPE_MAX_; ++i) {
5453  /* Did we see any? */
5454  if (conn_counts_by_type[i] > 0) {
5455  log_info(LD_NET, "%s: %d conns",
5457  conn_counts_by_type[i]);
5458  }
5459  }
5460  log_info(LD_NET, "Done with OOS conn type stats");
5461  }
5462 
5463  /* Did we find more eligible targets than we want to kill? */
5464  if (smartlist_len(eligible) > n) {
5465  /* Sort the list in order of target preference */
5467  /* Pick first n as victims */
5468  victims = smartlist_new();
5469  for (i = 0; i < n; ++i) {
5470  smartlist_add(victims, smartlist_get(eligible, i));
5471  }
5472  /* Free the original list */
5473  smartlist_free(eligible);
5474  } else {
5475  /* No, we can just call them all victims */
5476  victims = eligible;
5477  }
5478 
5479  return victims;
5480 }
5481 
5482 /** Kill a list of connections for the OOS handler. */
5483 MOCK_IMPL(STATIC void,
5485 {
5486  if (!conns) return;
5487 
5488  SMARTLIST_FOREACH_BEGIN(conns, connection_t *, c) {
5489  /* Make sure the channel layer gets told about orconns */
5490  if (c->type == CONN_TYPE_OR) {
5492  } else {
5493  connection_mark_for_close(c);
5494  }
5495  } SMARTLIST_FOREACH_END(c);
5496 
5497  log_notice(LD_NET,
5498  "OOS handler marked %d connections",
5499  smartlist_len(conns));
5500 }
5501 
5502 /** Check if a connection is on the way out so the OOS handler doesn't try
5503  * to kill more than it needs. */
5504 int
5506 {
5507  if (conn != NULL &&
5508  (conn->conn_array_index < 0 ||
5509  conn->marked_for_close)) {
5510  return 1;
5511  } else {
5512  return 0;
5513  }
5514 }
5515 
5516 /** Out-of-Sockets handler; n_socks is the current number of open
5517  * sockets, and failed is non-zero if a socket exhaustion related
5518  * error immediately preceded this call. This is where to do
5519  * circuit-killing heuristics as needed.
5520  */
5521 void
5522 connection_check_oos(int n_socks, int failed)
5523 {
5524  int target_n_socks = 0, moribund_socks, socks_to_kill;
5525  smartlist_t *conns;
5526 
5527  /* Early exit: is OOS checking disabled? */
5528  if (get_options()->DisableOOSCheck) {
5529  return;
5530  }
5531 
5532  /* Sanity-check args */
5533  tor_assert(n_socks >= 0);
5534 
5535  /*
5536  * Make some log noise; keep it at debug level since this gets a chance
5537  * to run on every connection attempt.
5538  */
5539  log_debug(LD_NET,
5540  "Running the OOS handler (%d open sockets, %s)",
5541  n_socks, (failed != 0) ? "exhaustion seen" : "no exhaustion");
5542 
5543  /*
5544  * Check if we're really handling an OOS condition, and if so decide how
5545  * many sockets we want to get down to. Be sure we check if the threshold
5546  * is distinct from zero first; it's possible for this to be called a few
5547  * times before we've finished reading the config.
5548  */
5549  if (n_socks >= get_options()->ConnLimit_high_thresh &&
5550  get_options()->ConnLimit_high_thresh != 0 &&
5551  get_options()->ConnLimit_ != 0) {
5552  /* Try to get down to the low threshold */
5553  target_n_socks = get_options()->ConnLimit_low_thresh;
5554  log_notice(LD_NET,
5555  "Current number of sockets %d is greater than configured "
5556  "limit %d; OOS handler trying to get down to %d",
5557  n_socks, get_options()->ConnLimit_high_thresh,
5558  target_n_socks);
5559  } else if (failed) {
5560  /*
5561  * If we're not at the limit but we hit a socket exhaustion error, try to
5562  * drop some (but not as aggressively as ConnLimit_low_threshold, which is
5563  * 3/4 of ConnLimit_)
5564  */
5565  target_n_socks = (n_socks * 9) / 10;
5566  log_notice(LD_NET,
5567  "We saw socket exhaustion at %d open sockets; OOS handler "
5568  "trying to get down to %d",
5569  n_socks, target_n_socks);
5570  }
5571 
5572  if (target_n_socks > 0) {
5573  /*
5574  * It's an OOS!
5575  *
5576  * Count moribund sockets; it's be important that anything we decide
5577  * to get rid of here but don't immediately close get counted as moribund
5578  * on subsequent invocations so we don't try to kill too many things if
5579  * connection_check_oos() gets called multiple times.
5580  */
5581  moribund_socks = connection_count_moribund();
5582 
5583  if (moribund_socks < n_socks - target_n_socks) {
5584  socks_to_kill = n_socks - target_n_socks - moribund_socks;
5585 
5586  conns = pick_oos_victims(socks_to_kill);
5587  if (conns) {
5588  kill_conn_list_for_oos(conns);
5589  log_notice(LD_NET,
5590  "OOS handler killed %d conns", smartlist_len(conns));
5591  smartlist_free(conns);
5592  } else {
5593  log_notice(LD_NET, "OOS handler failed to pick any victim conns");
5594  }
5595  } else {
5596  log_notice(LD_NET,
5597  "Not killing any sockets for OOS because there are %d "
5598  "already moribund, and we only want to eliminate %d",
5599  moribund_socks, n_socks - target_n_socks);
5600  }
5601  }
5602 }
5603 
5604 /** Log how many bytes are used by buffers of different kinds and sizes. */
5605 void
5607 {
5608  uint64_t used_by_type[CONN_TYPE_MAX_+1];
5609  uint64_t alloc_by_type[CONN_TYPE_MAX_+1];
5610  int n_conns_by_type[CONN_TYPE_MAX_+1];
5611  uint64_t total_alloc = 0;
5612  uint64_t total_used = 0;
5613  int i;
5614  smartlist_t *conns = get_connection_array();
5615 
5616  memset(used_by_type, 0, sizeof(used_by_type));
5617  memset(alloc_by_type, 0, sizeof(alloc_by_type));
5618  memset(n_conns_by_type, 0, sizeof(n_conns_by_type));
5619 
5620  SMARTLIST_FOREACH_BEGIN(conns, connection_t *, c) {
5621  int tp = c->type;
5622  ++n_conns_by_type[tp];
5623  if (c->inbuf) {
5624  used_by_type[tp] += buf_datalen(c->inbuf);
5625  alloc_by_type[tp] += buf_allocation(c->inbuf);
5626  }
5627  if (c->outbuf) {
5628  used_by_type[tp] += buf_datalen(c->outbuf);
5629  alloc_by_type[tp] += buf_allocation(c->outbuf);
5630  }
5631  } SMARTLIST_FOREACH_END(c);
5632  for (i=0; i <= CONN_TYPE_MAX_; ++i) {
5633  total_used += used_by_type[i];
5634  total_alloc += alloc_by_type[i];
5635  }
5636 
5637  tor_log(severity, LD_GENERAL,
5638  "In buffers for %d connections: %"PRIu64" used/%"PRIu64" allocated",
5639  smartlist_len(conns),
5640  (total_used), (total_alloc));
5641  for (i=CONN_TYPE_MIN_; i <= CONN_TYPE_MAX_; ++i) {
5642  if (!n_conns_by_type[i])
5643  continue;
5644  tor_log(severity, LD_GENERAL,
5645  " For %d %s connections: %"PRIu64" used/%"PRIu64" allocated",
5646  n_conns_by_type[i], conn_type_to_string(i),
5647  (used_by_type[i]), (alloc_by_type[i]));
5648  }
5649 }
5650 
5651 /** Verify that connection <b>conn</b> has all of its invariants
5652  * correct. Trigger an assert if anything is invalid.
5653  */
5654 void
5656 {
5657  (void) now; /* XXXX unused. */
5658  tor_assert(conn);
5659  tor_assert(conn->type >= CONN_TYPE_MIN_);
5660  tor_assert(conn->type <= CONN_TYPE_MAX_);
5661 
5662  switch (conn->type) {
5663  case CONN_TYPE_OR:
5664  case CONN_TYPE_EXT_OR:
5665  tor_assert(conn->magic == OR_CONNECTION_MAGIC);
5666  break;
5667  case CONN_TYPE_AP:
5668  tor_assert(conn->magic == ENTRY_CONNECTION_MAGIC);
5669  break;
5670  case CONN_TYPE_EXIT:
5671  tor_assert(conn->magic == EDGE_CONNECTION_MAGIC);
5672  break;
5673  case CONN_TYPE_DIR:
5674  tor_assert(conn->magic == DIR_CONNECTION_MAGIC);
5675  break;
5676  case CONN_TYPE_CONTROL:
5677  tor_assert(conn->magic == CONTROL_CONNECTION_MAGIC);
5678  break;
5679  CASE_ANY_LISTENER_TYPE:
5680  tor_assert(conn->magic == LISTENER_CONNECTION_MAGIC);
5681  break;
5682  default:
5683  tor_assert(conn->magic == BASE_CONNECTION_MAGIC);
5684  break;
5685  }
5686 
5687  if (conn->linked_conn) {
5688  tor_assert(conn->linked_conn->linked_conn == conn);
5689  tor_assert(conn->linked);
5690  }
5691  if (conn->linked)
5692  tor_assert(!SOCKET_OK(conn->s));
5693 
5694  if (conn->hold_open_until_flushed)
5696 
5697  /* XXXX check: read_blocked_on_bw, write_blocked_on_bw, s, conn_array_index,
5698  * marked_for_close. */
5699 
5700  /* buffers */
5701  if (conn->inbuf)
5702  buf_assert_ok(conn->inbuf);
5703  if (conn->outbuf)
5704  buf_assert_ok(conn->outbuf);
5705 
5706  if (conn->type == CONN_TYPE_OR) {
5707  or_connection_t *or_conn = TO_OR_CONN(conn);
5708  if (conn->state == OR_CONN_STATE_OPEN) {
5709  /* tor_assert(conn->bandwidth > 0); */
5710  /* the above isn't necessarily true: if we just did a TLS
5711  * handshake but we didn't recognize the other peer, or it
5712  * gave a bad cert/etc, then we won't have assigned bandwidth,
5713  * yet it will be open. -RD
5714  */
5715 // tor_assert(conn->read_bucket >= 0);
5716  }
5717 // tor_assert(conn->addr && conn->port);
5718  tor_assert(conn->address);
5720  tor_assert(or_conn->tls);
5721  }
5722 
5723  if (CONN_IS_EDGE(conn)) {
5724  /* XXX unchecked: package window, deliver window. */
5725  if (conn->type == CONN_TYPE_AP) {
5726  entry_connection_t *entry_conn = TO_ENTRY_CONN(conn);
5727  if (entry_conn->chosen_exit_optional || entry_conn->chosen_exit_retries)
5728  tor_assert(entry_conn->chosen_exit_name);
5729 
5730  tor_assert(entry_conn->socks_request);
5731  if (conn->state == AP_CONN_STATE_OPEN) {
5732  tor_assert(entry_conn->socks_request->has_finished);
5733  if (!conn->marked_for_close) {
5734  tor_assert(ENTRY_TO_EDGE_CONN(entry_conn)->cpath_layer);
5735  cpath_assert_layer_ok(ENTRY_TO_EDGE_CONN(entry_conn)->cpath_layer);
5736  }
5737  }
5738  }
5739  if (conn->type == CONN_TYPE_EXIT) {
5741  conn->purpose == EXIT_PURPOSE_RESOLVE);
5742  }
5743  } else if (conn->type == CONN_TYPE_DIR) {
5744  } else {
5745  /* Purpose is only used for dir and exit types currently */
5746  tor_assert(!conn->purpose);
5747  }
5748 
5749  switch (conn->type)
5750  {
5751  CASE_ANY_LISTENER_TYPE:
5753  break;
5754  case CONN_TYPE_OR:
5755  tor_assert(conn->state >= OR_CONN_STATE_MIN_);
5756  tor_assert(conn->state <= OR_CONN_STATE_MAX_);
5757  break;
5758  case CONN_TYPE_EXT_OR:
5760  tor_assert(conn->state <= EXT_OR_CONN_STATE_MAX_);
5761  break;
5762  case CONN_TYPE_EXIT:
5763  tor_assert(conn->state >= EXIT_CONN_STATE_MIN_);
5764  tor_assert(conn->state <= EXIT_CONN_STATE_MAX_);
5765  tor_assert(conn->purpose >= EXIT_PURPOSE_MIN_);
5766  tor_assert(conn->purpose <= EXIT_PURPOSE_MAX_);
5767  break;
5768  case CONN_TYPE_AP:
5769  tor_assert(conn->state >= AP_CONN_STATE_MIN_);
5770  tor_assert(conn->state <= AP_CONN_STATE_MAX_);
5771  tor_assert(TO_ENTRY_CONN(conn)->socks_request);
5772  break;
5773  case CONN_TYPE_DIR:
5774  tor_assert(conn->state >= DIR_CONN_STATE_MIN_);
5775  tor_assert(conn->state <= DIR_CONN_STATE_MAX_);
5776  tor_assert(conn->purpose >= DIR_PURPOSE_MIN_);
5777  tor_assert(conn->purpose <= DIR_PURPOSE_MAX_);
5778  break;
5779  case CONN_TYPE_CONTROL:
5780  tor_assert(conn->state >= CONTROL_CONN_STATE_MIN_);
5781  tor_assert(conn->state <= CONTROL_CONN_STATE_MAX_);
5782  break;
5783  case CONN_TYPE_METRICS:
5784  /* No state. */
5785  break;
5786  default:
5787  tor_assert(0);
5788  }
5789 }
5790 
5791 /** Fills <b>addr</b> and <b>port</b> with the details of the global
5792  * proxy server we are using. Store a 1 to the int pointed to by
5793  * <b>is_put_out</b> if the connection is using a pluggable
5794  * transport; store 0 otherwise. <b>conn</b> contains the connection
5795  * we are using the proxy for.
5796  *
5797  * Return 0 on success, -1 on failure.
5798  */
5799 int
5800 get_proxy_addrport(tor_addr_t *addr, uint16_t *port, int *proxy_type,
5801  int *is_pt_out, const connection_t *conn)
5802 {
5803  const or_options_t *options = get_options();
5804 
5805  *is_pt_out = 0;
5806  /* Client Transport Plugins can use another proxy, but that should be hidden
5807  * from the rest of tor (as the plugin is responsible for dealing with the
5808  * proxy), check it first, then check the rest of the proxy types to allow
5809  * the config to have unused ClientTransportPlugin entries.
5810  */
5811  if (options->ClientTransportPlugin) {
5812  const transport_t *transport = NULL;
5813  int r;
5814  r = get_transport_by_bridge_addrport(&conn->addr, conn->port, &transport);
5815  if (r<0)
5816  return -1;
5817  if (transport) { /* transport found */
5818  tor_addr_copy(addr, &transport->addr);
5819  *port = transport->port;
5820  *proxy_type = transport->socks_version;
5821  *is_pt_out = 1;
5822  return 0;
5823  }
5824 
5825  /* Unused ClientTransportPlugin. */
5826  }
5827 
5828  if (options->HTTPSProxy) {
5829  tor_addr_copy(addr, &options->HTTPSProxyAddr);
5830  *port = options->HTTPSProxyPort;
5831  *proxy_type = PROXY_CONNECT;
5832  return 0;
5833  } else if (options->Socks4Proxy) {
5834  tor_addr_copy(addr, &options->Socks4ProxyAddr);
5835  *port = options->Socks4ProxyPort;
5836  *proxy_type = PROXY_SOCKS4;
5837  return 0;
5838  } else if (options->Socks5Proxy) {
5839  tor_addr_copy(addr, &options->Socks5ProxyAddr);
5840  *port = options->Socks5ProxyPort;
5841  *proxy_type = PROXY_SOCKS5;
5842  return 0;
5843  } else if (options->TCPProxy) {
5844  tor_addr_copy(addr, &options->TCPProxyAddr);
5845  *port = options->TCPProxyPort;
5846  /* The only supported protocol in TCPProxy is haproxy. */
5848  *proxy_type = PROXY_HAPROXY;
5849  return 0;
5850  }
5851 
5852  tor_addr_make_unspec(addr);
5853  *port = 0;
5854  *proxy_type = PROXY_NONE;
5855  return 0;
5856 }
5857 
5858 /** Log a failed connection to a proxy server.
5859  * <b>conn</b> is the connection we use the proxy server for. */
5860 void
5862 {
5863  tor_addr_t proxy_addr;
5864  uint16_t proxy_port;
5865  int proxy_type, is_pt;
5866 
5867  if (get_proxy_addrport(&proxy_addr, &proxy_port, &proxy_type, &is_pt,
5868