Tor 0.4.9.2-alpha-dev
All Data Structures Files Functions Variables Typedefs Enumerations Enumerator Macros Modules Pages
connection.c
Go to the documentation of this file.
1/* Copyright (c) 2001 Matej Pfajfar.
2 * Copyright (c) 2001-2004, Roger Dingledine.
3 * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson.
4 * Copyright (c) 2007-2021, The Tor Project, Inc. */
5/* See LICENSE for licensing information */
6
7/**
8 * \file connection.c
9 * \brief General high-level functions to handle reading and writing
10 * on connections.
11 *
12 * Each connection (ideally) represents a TLS connection, a TCP socket, a unix
13 * socket, or a UDP socket on which reads and writes can occur. (But see
14 * connection_edge.c for cases where connections can also represent streams
15 * that do not have a corresponding socket.)
16 *
17 * The module implements the abstract type, connection_t. The subtypes are:
18 * <ul>
19 * <li>listener_connection_t, implemented here in connection.c
20 * <li>dir_connection_t, implemented in directory.c
21 * <li>or_connection_t, implemented in connection_or.c
22 * <li>edge_connection_t, implemented in connection_edge.c, along with
23 * its subtype(s):
24 * <ul><li>entry_connection_t, also implemented in connection_edge.c
25 * </ul>
26 * <li>control_connection_t, implemented in control.c
27 * </ul>
28 *
29 * The base type implemented in this module is responsible for basic
30 * rate limiting, flow control, and marshalling bytes onto and off of the
31 * network (either directly or via TLS).
32 *
33 * Connections are registered with the main loop with connection_add(). As
34 * they become able to read or write register the fact with the event main
35 * loop by calling connection_watch_events(), connection_start_reading(), or
36 * connection_start_writing(). When they no longer want to read or write,
37 * they call connection_stop_reading() or connection_stop_writing().
38 *
39 * To queue data to be written on a connection, call
40 * connection_buf_add(). When data arrives, the
41 * connection_process_inbuf() callback is invoked, which dispatches to a
42 * type-specific function (such as connection_edge_process_inbuf() for
43 * example). Connection types that need notice of when data has been written
44 * receive notification via connection_flushed_some() and
45 * connection_finished_flushing(). These functions all delegate to
46 * type-specific implementations.
47 *
48 * Additionally, beyond the core of connection_t, this module also implements:
49 * <ul>
50 * <li>Listeners, which wait for incoming sockets and launch connections
51 * <li>Outgoing SOCKS proxy support
52 * <li>Outgoing HTTP proxy support
53 * <li>An out-of-sockets handler for dealing with socket exhaustion
54 * </ul>
55 **/
56
57#define CONNECTION_PRIVATE
58#include "core/or/or.h"
60#include "lib/buf/buffers.h"
61#include "lib/tls/buffers_tls.h"
62#include "lib/err/backtrace.h"
63
64/*
65 * Define this so we get channel internal functions, since we're implementing
66 * part of a subclass (channel_tls_t).
67 */
68#define CHANNEL_OBJECT_PRIVATE
69#include "app/config/config.h"
74#include "core/or/channel.h"
75#include "core/or/channeltls.h"
77#include "core/or/circuitlist.h"
78#include "core/or/circuituse.h"
81#include "core/or/dos.h"
82#include "core/or/policies.h"
83#include "core/or/reasons.h"
84#include "core/or/relay.h"
85#include "core/or/status.h"
86#include "core/or/crypt_path.h"
87#include "core/proto/proto_haproxy.h"
100#include "feature/hs/hs_common.h"
101#include "feature/hs/hs_ident.h"
106#include "feature/relay/dns.h"
112#include "feature/stats/bwhist.h"
115#include "lib/geoip/geoip.h"
116
117#include "lib/cc/ctassert.h"
118#include "lib/sandbox/sandbox.h"
119#include "lib/net/buffers_net.h"
120#include "lib/net/address.h"
121#include "lib/tls/tortls.h"
124
125#ifdef HAVE_PWD_H
126#include <pwd.h>
127#endif
128
129#ifdef HAVE_UNISTD_H
130#include <unistd.h>
131#endif
132#ifdef HAVE_SYS_STAT_H
133#include <sys/stat.h>
134#endif
135
136#ifdef HAVE_SYS_UN_H
137#include <sys/socket.h>
138#include <sys/un.h>
139#endif
140
146#include "core/or/port_cfg_st.h"
149
151
152/**
153 * On Windows and Linux we cannot reliably bind() a socket to an
154 * address and port if: 1) There's already a socket bound to wildcard
155 * address (0.0.0.0 or ::) with the same port; 2) We try to bind()
156 * to wildcard address and there's another socket bound to a
157 * specific address and the same port.
158 *
159 * To address this problem on these two platforms we implement a
160 * routine that:
161 * 1) Checks if first attempt to bind() a new socket failed with
162 * EADDRINUSE.
163 * 2) If so, it will close the appropriate old listener connection and
164 * 3) Attempts bind()'ing the new listener socket again.
165 *
166 * Just to be safe, we are enabling listener rebind code on all platforms,
167 * to account for unexpected cases where it may be needed.
168 */
169#define ENABLE_LISTENER_REBIND
170
172 const struct sockaddr *listensockaddr,
173 socklen_t listensocklen, int type,
174 const char *address,
175 const port_cfg_t *portcfg,
176 int *addr_in_use);
178 const port_cfg_t *port,
179 int *defer, int *addr_in_use);
180static void connection_init(time_t now, connection_t *conn, int type,
181 int socket_family);
182static int connection_handle_listener_read(connection_t *conn, int new_type);
184static int connection_flushed_some(connection_t *conn);
186static int connection_reached_eof(connection_t *conn);
188 ssize_t *max_to_read,
189 int *socket_error);
191static void set_constrained_socket_buffers(tor_socket_t sock, int size);
192
193static const char *connection_proxy_state_to_string(int state);
196static const char *proxy_type_to_string(int proxy_type);
197static int conn_get_proxy_type(const connection_t *conn);
199 const or_options_t *options, unsigned int conn_type);
200static void reenable_blocked_connection_init(const or_options_t *options);
202
203/** The last addresses that our network interface seemed to have been
204 * binding to. We use this as one way to detect when our IP changes.
205 *
206 * XXXX+ We should really use the entire list of interfaces here.
207 **/
209/* DOCDOC last_interface_ipv6 */
210static tor_addr_t *last_interface_ipv6 = NULL;
211/** A list of tor_addr_t for addresses we've used in outgoing connections.
212 * Used to detect IP address changes. */
214
215#define CASE_ANY_LISTENER_TYPE \
216 case CONN_TYPE_OR_LISTENER: \
217 case CONN_TYPE_EXT_OR_LISTENER: \
218 case CONN_TYPE_AP_LISTENER: \
219 case CONN_TYPE_DIR_LISTENER: \
220 case CONN_TYPE_CONTROL_LISTENER: \
221 case CONN_TYPE_AP_TRANS_LISTENER: \
222 case CONN_TYPE_AP_NATD_LISTENER: \
223 case CONN_TYPE_AP_DNS_LISTENER: \
224 case CONN_TYPE_AP_HTTP_CONNECT_LISTENER: \
225 case CONN_TYPE_METRICS_LISTENER
226
227/**************************************************************/
228
229/**
230 * Cast a `connection_t *` to a `listener_connection_t *`.
231 *
232 * Exit with an assertion failure if the input is not a
233 * `listener_connection_t`.
234 **/
237{
238 tor_assert(c->magic == LISTENER_CONNECTION_MAGIC);
240}
241
242/**
243 * Cast a `const connection_t *` to a `const listener_connection_t *`.
244 *
245 * Exit with an assertion failure if the input is not a
246 * `listener_connection_t`.
247 **/
250{
251 return TO_LISTENER_CONN((connection_t *)c);
252}
253
254size_t
255connection_get_inbuf_len(const connection_t *conn)
256{
257 return conn->inbuf ? buf_datalen(conn->inbuf) : 0;
258}
259
260size_t
261connection_get_outbuf_len(const connection_t *conn)
262{
263 return conn->outbuf ? buf_datalen(conn->outbuf) : 0;
264}
265
266/**
267 * Return the human-readable name for the connection type <b>type</b>
268 */
269const char *
271{
272 static char buf[64];
273 switch (type) {
274 case CONN_TYPE_OR_LISTENER: return "OR listener";
275 case CONN_TYPE_OR: return "OR";
276 case CONN_TYPE_EXIT: return "Exit";
277 case CONN_TYPE_AP_LISTENER: return "Socks listener";
279 return "Transparent pf/netfilter listener";
280 case CONN_TYPE_AP_NATD_LISTENER: return "Transparent natd listener";
281 case CONN_TYPE_AP_DNS_LISTENER: return "DNS listener";
282 case CONN_TYPE_AP: return "Socks";
283 case CONN_TYPE_DIR_LISTENER: return "Directory listener";
284 case CONN_TYPE_DIR: return "Directory";
285 case CONN_TYPE_CONTROL_LISTENER: return "Control listener";
286 case CONN_TYPE_CONTROL: return "Control";
287 case CONN_TYPE_EXT_OR: return "Extended OR";
288 case CONN_TYPE_EXT_OR_LISTENER: return "Extended OR listener";
289 case CONN_TYPE_AP_HTTP_CONNECT_LISTENER: return "HTTP tunnel listener";
290 case CONN_TYPE_METRICS_LISTENER: return "Metrics listener";
291 case CONN_TYPE_METRICS: return "Metrics";
292 default:
293 log_warn(LD_BUG, "unknown connection type %d", type);
294 tor_snprintf(buf, sizeof(buf), "unknown [%d]", type);
295 return buf;
296 }
297}
298
299/**
300 * Return the human-readable name for the connection state <b>state</b>
301 * for the connection type <b>type</b>
302 */
303const char *
304conn_state_to_string(int type, int state)
305{
306 static char buf[96];
307 switch (type) {
308 CASE_ANY_LISTENER_TYPE:
309 if (state == LISTENER_STATE_READY)
310 return "ready";
311 break;
312 case CONN_TYPE_OR:
313 switch (state) {
314 case OR_CONN_STATE_CONNECTING: return "connect()ing";
315 case OR_CONN_STATE_PROXY_HANDSHAKING: return "handshaking (proxy)";
316 case OR_CONN_STATE_TLS_HANDSHAKING: return "handshaking (TLS)";
318 return "waiting for V3+ handshake";
320 return "handshaking (Tor, v3 handshake)";
321 case OR_CONN_STATE_OPEN: return "open";
322 }
323 break;
324 case CONN_TYPE_EXT_OR:
325 switch (state) {
327 return "waiting for authentication type";
329 return "waiting for client nonce";
331 return "waiting for client hash";
332 case EXT_OR_CONN_STATE_OPEN: return "open";
333 case EXT_OR_CONN_STATE_FLUSHING: return "flushing final OKAY";
334 }
335 break;
336 case CONN_TYPE_EXIT:
337 switch (state) {
338 case EXIT_CONN_STATE_RESOLVING: return "waiting for dest info";
339 case EXIT_CONN_STATE_CONNECTING: return "connecting";
340 case EXIT_CONN_STATE_OPEN: return "open";
341 case EXIT_CONN_STATE_RESOLVEFAILED: return "resolve failed";
342 }
343 break;
344 case CONN_TYPE_AP:
345 switch (state) {
346 case AP_CONN_STATE_SOCKS_WAIT: return "waiting for socks info";
347 case AP_CONN_STATE_NATD_WAIT: return "waiting for natd dest info";
348 case AP_CONN_STATE_RENDDESC_WAIT: return "waiting for rendezvous desc";
349 case AP_CONN_STATE_CONTROLLER_WAIT: return "waiting for controller";
350 case AP_CONN_STATE_CIRCUIT_WAIT: return "waiting for circuit";
351 case AP_CONN_STATE_CONNECT_WAIT: return "waiting for connect response";
352 case AP_CONN_STATE_RESOLVE_WAIT: return "waiting for resolve response";
353 case AP_CONN_STATE_OPEN: return "open";
354 }
355 break;
356 case CONN_TYPE_DIR:
357 switch (state) {
358 case DIR_CONN_STATE_CONNECTING: return "connecting";
359 case DIR_CONN_STATE_CLIENT_SENDING: return "client sending";
360 case DIR_CONN_STATE_CLIENT_READING: return "client reading";
361 case DIR_CONN_STATE_CLIENT_FINISHED: return "client finished";
362 case DIR_CONN_STATE_SERVER_COMMAND_WAIT: return "waiting for command";
363 case DIR_CONN_STATE_SERVER_WRITING: return "writing";
364 }
365 break;
367 switch (state) {
368 case CONTROL_CONN_STATE_OPEN: return "open (protocol v1)";
370 return "waiting for authentication (protocol v1)";
371 }
372 break;
373 }
374
375 if (state == 0) {
376 return "uninitialized";
377 }
378
379 log_warn(LD_BUG, "unknown connection state %d (type %d)", state, type);
380 tor_snprintf(buf, sizeof(buf),
381 "unknown state [%d] on unknown [%s] connection",
382 state, conn_type_to_string(type));
383 tor_assert_nonfatal_unreached_once();
384 return buf;
385}
386
387/**
388 * Helper: describe the peer or address of connection @a conn in a
389 * human-readable manner.
390 *
391 * Returns a pointer to a static buffer; future calls to
392 * connection_describe_peer_internal() will invalidate this buffer.
393 *
394 * If <b>include_preposition</b> is true, include a preposition before the
395 * peer address.
396 *
397 * Nobody should parse the output of this function; it can and will change in
398 * future versions of tor.
399 **/
400static const char *
402 bool include_preposition)
403{
404 IF_BUG_ONCE(!conn) {
405 return "null peer";
406 }
407
408 static char peer_buf[256];
409 const tor_addr_t *addr = &conn->addr;
410 const char *address = NULL;
411 const char *prep;
412 bool scrub = false;
413 char extra_buf[128];
414 extra_buf[0] = 0;
415
416 /* First, figure out the preposition to use */
417 switch (conn->type) {
418 CASE_ANY_LISTENER_TYPE:
419 prep = "on";
420 break;
421 case CONN_TYPE_EXIT:
422 prep = "to";
423 break;
425 case CONN_TYPE_AP:
426 case CONN_TYPE_EXT_OR:
427 prep = "from";
428 break;
429 default:
430 prep = "with";
431 break;
432 }
433
434 /* Now figure out the address. */
435 if (conn->socket_family == AF_UNIX) {
436 /* For unix sockets, we always use the `address` string. */
437 address = conn->address ? conn->address : "unix socket";
438 } else if (conn->type == CONN_TYPE_OR) {
439 /* For OR connections, we have a lot to do. */
440 const or_connection_t *or_conn = CONST_TO_OR_CONN(conn);
441 /* We report the IDs we're talking to... */
442 if (fast_digest_is_zero(or_conn->identity_digest)) {
443 // This could be a client, so scrub it. No identity to report.
444 scrub = true;
445 } else {
446 const ed25519_public_key_t *ed_id =
448 char ed_id_buf[ED25519_BASE64_LEN+1];
449 char rsa_id_buf[HEX_DIGEST_LEN+1];
450 if (ed_id) {
451 ed25519_public_to_base64(ed_id_buf, ed_id);
452 } else {
453 strlcpy(ed_id_buf, "<none>", sizeof(ed_id_buf));
454 }
455 base16_encode(rsa_id_buf, sizeof(rsa_id_buf),
456 or_conn->identity_digest, DIGEST_LEN);
457 tor_snprintf(extra_buf, sizeof(extra_buf),
458 " ID=%s RSA_ID=%s", ed_id_buf, rsa_id_buf);
459 }
460 if (! scrub && (! tor_addr_eq(addr, &or_conn->canonical_orport.addr) ||
461 conn->port != or_conn->canonical_orport.port)) {
462 /* We report canonical address, if it's different */
463 char canonical_addr_buf[TOR_ADDR_BUF_LEN];
464 if (tor_addr_to_str(canonical_addr_buf, &or_conn->canonical_orport.addr,
465 sizeof(canonical_addr_buf), 1)) {
466 tor_snprintf(extra_buf+strlen(extra_buf),
467 sizeof(extra_buf)-strlen(extra_buf),
468 " canonical_addr=%s:%"PRIu16,
469 canonical_addr_buf,
470 or_conn->canonical_orport.port);
471 }
472 }
473 } else if (conn->type == CONN_TYPE_EXIT) {
474 scrub = true; /* This is a client's request; scrub it with SafeLogging. */
475 if (tor_addr_is_null(addr)) {
476 address = conn->address;
477 strlcpy(extra_buf, " (DNS lookup pending)", sizeof(extra_buf));
478 }
479 }
480
481 char addr_buf[TOR_ADDR_BUF_LEN];
482 if (address == NULL) {
483 if (tor_addr_family(addr) == 0) {
484 address = "<unset>";
485 } else {
486 address = tor_addr_to_str(addr_buf, addr, sizeof(addr_buf), 1);
487 if (!address) {
488 address = "<can't format!>";
489 tor_assert_nonfatal_unreached_once();
490 }
491 }
492 }
493
494 char portbuf[7];
495 portbuf[0]=0;
496 if (scrub && get_options()->SafeLogging_ != SAFELOG_SCRUB_NONE) {
497 address = "[scrubbed]";
498 } else {
499 /* Only set the port if we're not scrubbing the address. */
500 if (conn->port != 0) {
501 tor_snprintf(portbuf, sizeof(portbuf), ":%d", conn->port);
502 }
503 }
504
505 const char *sp = include_preposition ? " " : "";
506 if (! include_preposition)
507 prep = "";
508
509 tor_snprintf(peer_buf, sizeof(peer_buf),
510 "%s%s%s%s%s", prep, sp, address, portbuf, extra_buf);
511 return peer_buf;
512}
513
514/**
515 * Describe the peer or address of connection @a conn in a
516 * human-readable manner.
517 *
518 * Returns a pointer to a static buffer; future calls to
519 * connection_describe_peer() or connection_describe() will invalidate this
520 * buffer.
521 *
522 * Nobody should parse the output of this function; it can and will change in
523 * future versions of tor.
524 **/
525const char *
527{
528 return connection_describe_peer_internal(conn, false);
529}
530
531/**
532 * Describe a connection for logging purposes.
533 *
534 * Returns a pointer to a static buffer; future calls to connection_describe()
535 * will invalidate this buffer.
536 *
537 * Nobody should parse the output of this function; it can and will change in
538 * future versions of tor.
539 **/
540const char *
542{
543 IF_BUG_ONCE(!conn) {
544 return "null connection";
545 }
546 static char desc_buf[256];
547 const char *peer = connection_describe_peer_internal(conn, true);
548 tor_snprintf(desc_buf, sizeof(desc_buf),
549 "%s connection (%s) %s",
551 conn_state_to_string(conn->type, conn->state),
552 peer);
553 return desc_buf;
554}
555
556/** Allocate and return a new dir_connection_t, initialized as by
557 * connection_init(). */
559dir_connection_new(int socket_family)
560{
561 dir_connection_t *dir_conn = tor_malloc_zero(sizeof(dir_connection_t));
562 connection_init(time(NULL), TO_CONN(dir_conn), CONN_TYPE_DIR, socket_family);
563 return dir_conn;
564}
565
566/** Allocate and return a new or_connection_t, initialized as by
567 * connection_init().
568 *
569 * Initialize active_circuit_pqueue.
570 *
571 * Set active_circuit_pqueue_last_recalibrated to current cell_ewma tick.
572 */
574or_connection_new(int type, int socket_family)
575{
576 or_connection_t *or_conn = tor_malloc_zero(sizeof(or_connection_t));
577 time_t now = time(NULL);
578 tor_assert(type == CONN_TYPE_OR || type == CONN_TYPE_EXT_OR);
579 connection_init(now, TO_CONN(or_conn), type, socket_family);
580
582 connection_or_set_canonical(or_conn, 0);
583
584 if (type == CONN_TYPE_EXT_OR) {
585 /* If we aren't told an address for this connection, we should
586 * presume it isn't local, and should be rate-limited. */
587 TO_CONN(or_conn)->always_rate_limit_as_remote = 1;
588 }
589
590 return or_conn;
591}
592
593/** Allocate and return a new entry_connection_t, initialized as by
594 * connection_init().
595 *
596 * Allocate space to store the socks_request.
597 */
599entry_connection_new(int type, int socket_family)
600{
601 entry_connection_t *entry_conn = tor_malloc_zero(sizeof(entry_connection_t));
602 tor_assert(type == CONN_TYPE_AP);
603 connection_init(time(NULL), ENTRY_TO_CONN(entry_conn), type, socket_family);
604 entry_conn->socks_request = socks_request_new();
605 /* If this is coming from a listener, we'll set it up based on the listener
606 * in a little while. Otherwise, we're doing this as a linked connection
607 * of some kind, and we should set it up here based on the socket family */
608 if (socket_family == AF_INET)
609 entry_conn->entry_cfg.ipv4_traffic = 1;
610 else if (socket_family == AF_INET6)
611 entry_conn->entry_cfg.ipv6_traffic = 1;
612
613 /* Initialize the read token bucket to the maximum value which is the same as
614 * no rate limiting. */
615 token_bucket_rw_init(&ENTRY_TO_EDGE_CONN(entry_conn)->bucket, INT32_MAX,
616 INT32_MAX, monotime_coarse_get_stamp());
617 return entry_conn;
618}
619
620/** Allocate and return a new edge_connection_t, initialized as by
621 * connection_init(). */
623edge_connection_new(int type, int socket_family)
624{
625 edge_connection_t *edge_conn = tor_malloc_zero(sizeof(edge_connection_t));
626 tor_assert(type == CONN_TYPE_EXIT);
627 connection_init(time(NULL), TO_CONN(edge_conn), type, socket_family);
628 /* Initialize the read token bucket to the maximum value which is the same as
629 * no rate limiting. */
630 token_bucket_rw_init(&edge_conn->bucket, INT32_MAX, INT32_MAX,
632 return edge_conn;
633}
634
635/** Allocate and return a new control_connection_t, initialized as by
636 * connection_init(). */
638control_connection_new(int socket_family)
639{
640 control_connection_t *control_conn =
641 tor_malloc_zero(sizeof(control_connection_t));
642 connection_init(time(NULL),
643 TO_CONN(control_conn), CONN_TYPE_CONTROL, socket_family);
644 return control_conn;
645}
646
647/** Allocate and return a new listener_connection_t, initialized as by
648 * connection_init(). */
650listener_connection_new(int type, int socket_family)
651{
652 listener_connection_t *listener_conn =
653 tor_malloc_zero(sizeof(listener_connection_t));
654 connection_init(time(NULL), TO_CONN(listener_conn), type, socket_family);
655 /* Listener connections aren't accounted for with note_connection() so do
656 * this explicitly so to count them. */
657 rep_hist_note_conn_opened(false, type, socket_family);
658 return listener_conn;
659}
660
661/** Allocate, initialize, and return a new connection_t subtype of <b>type</b>
662 * to make or receive connections of address family <b>socket_family</b>. The
663 * type should be one of the CONN_TYPE_* constants. */
665connection_new(int type, int socket_family)
666{
667 switch (type) {
668 case CONN_TYPE_OR:
669 case CONN_TYPE_EXT_OR:
670 return TO_CONN(or_connection_new(type, socket_family));
671
672 case CONN_TYPE_EXIT:
673 return TO_CONN(edge_connection_new(type, socket_family));
674
675 case CONN_TYPE_AP:
676 return ENTRY_TO_CONN(entry_connection_new(type, socket_family));
677
678 case CONN_TYPE_DIR:
679 return TO_CONN(dir_connection_new(socket_family));
680
682 return TO_CONN(control_connection_new(socket_family));
683
684 CASE_ANY_LISTENER_TYPE:
685 return TO_CONN(listener_connection_new(type, socket_family));
686
687 default: {
688 connection_t *conn = tor_malloc_zero(sizeof(connection_t));
689 connection_init(time(NULL), conn, type, socket_family);
690 return conn;
691 }
692 }
693}
694
695/** Initializes conn. (you must call connection_add() to link it into the main
696 * array).
697 *
698 * Set conn->magic to the correct value.
699 *
700 * Set conn->type to <b>type</b>. Set conn->s and conn->conn_array_index to
701 * -1 to signify they are not yet assigned.
702 *
703 * Initialize conn's timestamps to now.
704 */
705static void
706connection_init(time_t now, connection_t *conn, int type, int socket_family)
707{
708 static uint64_t n_connections_allocated = 1;
709
710 switch (type) {
711 case CONN_TYPE_OR:
712 case CONN_TYPE_EXT_OR:
713 conn->magic = OR_CONNECTION_MAGIC;
714 break;
715 case CONN_TYPE_EXIT:
716 conn->magic = EDGE_CONNECTION_MAGIC;
717 break;
718 case CONN_TYPE_AP:
719 conn->magic = ENTRY_CONNECTION_MAGIC;
720 break;
721 case CONN_TYPE_DIR:
722 conn->magic = DIR_CONNECTION_MAGIC;
723 break;
725 conn->magic = CONTROL_CONNECTION_MAGIC;
726 break;
727 CASE_ANY_LISTENER_TYPE:
728 conn->magic = LISTENER_CONNECTION_MAGIC;
729 break;
730 default:
731 conn->magic = BASE_CONNECTION_MAGIC;
732 break;
733 }
734
735 conn->s = TOR_INVALID_SOCKET; /* give it a default of 'not used' */
736 conn->conn_array_index = -1; /* also default to 'not used' */
737 conn->global_identifier = n_connections_allocated++;
738
739 conn->type = type;
740 conn->socket_family = socket_family;
741 if (!connection_is_listener(conn)) {
742 /* listeners never use their buf */
743 conn->inbuf = buf_new();
744 conn->outbuf = buf_new();
745 }
746
747 conn->timestamp_created = now;
748 conn->timestamp_last_read_allowed = now;
750}
751
752/** Create a link between <b>conn_a</b> and <b>conn_b</b>. */
753void
755{
756 tor_assert(! SOCKET_OK(conn_a->s));
757 tor_assert(! SOCKET_OK(conn_b->s));
758
759 conn_a->linked = 1;
760 conn_b->linked = 1;
761 conn_a->linked_conn = conn_b;
762 conn_b->linked_conn = conn_a;
763}
764
765/** Return true iff the provided connection listener type supports AF_UNIX
766 * sockets. */
767int
769{
770 /* For now only control ports or SOCKS ports can be Unix domain sockets
771 * and listeners at the same time */
772 switch (type) {
775 return 1;
776 default:
777 return 0;
778 }
779}
780
781/** Deallocate memory used by <b>conn</b>. Deallocate its buffers if
782 * necessary, close its socket if necessary, and mark the directory as dirty
783 * if <b>conn</b> is an OR or OP connection.
784 */
785STATIC void
787{
788 void *mem;
789 size_t memlen;
790 if (!conn)
791 return;
792
793 switch (conn->type) {
794 case CONN_TYPE_OR:
795 case CONN_TYPE_EXT_OR:
796 tor_assert(conn->magic == OR_CONNECTION_MAGIC);
797 mem = TO_OR_CONN(conn);
798 memlen = sizeof(or_connection_t);
799 break;
800 case CONN_TYPE_AP:
801 tor_assert(conn->magic == ENTRY_CONNECTION_MAGIC);
802 mem = TO_ENTRY_CONN(conn);
803 memlen = sizeof(entry_connection_t);
804 break;
805 case CONN_TYPE_EXIT:
806 tor_assert(conn->magic == EDGE_CONNECTION_MAGIC);
807 mem = TO_EDGE_CONN(conn);
808 memlen = sizeof(edge_connection_t);
809 break;
810 case CONN_TYPE_DIR:
811 tor_assert(conn->magic == DIR_CONNECTION_MAGIC);
812 mem = TO_DIR_CONN(conn);
813 memlen = sizeof(dir_connection_t);
814 break;
816 tor_assert(conn->magic == CONTROL_CONNECTION_MAGIC);
817 mem = TO_CONTROL_CONN(conn);
818 memlen = sizeof(control_connection_t);
819 break;
820 CASE_ANY_LISTENER_TYPE:
821 tor_assert(conn->magic == LISTENER_CONNECTION_MAGIC);
822 mem = TO_LISTENER_CONN(conn);
823 memlen = sizeof(listener_connection_t);
824 break;
825 default:
826 tor_assert(conn->magic == BASE_CONNECTION_MAGIC);
827 mem = conn;
828 memlen = sizeof(connection_t);
829 break;
830 }
831
832 if (conn->linked) {
833 log_info(LD_GENERAL, "Freeing linked %s connection [%s] with %d "
834 "bytes on inbuf, %d on outbuf.",
836 conn_state_to_string(conn->type, conn->state),
837 (int)connection_get_inbuf_len(conn),
838 (int)connection_get_outbuf_len(conn));
839 }
840
841 if (!connection_is_listener(conn)) {
842 buf_free(conn->inbuf);
843 buf_free(conn->outbuf);
844 } else {
845 if (conn->socket_family == AF_UNIX) {
846 /* For now only control and SOCKS ports can be Unix domain sockets
847 * and listeners at the same time */
849
850 if (unlink(conn->address) < 0 && errno != ENOENT) {
851 log_warn(LD_NET, "Could not unlink %s: %s", conn->address,
852 strerror(errno));
853 }
854 }
855 }
856
858
859 if (connection_speaks_cells(conn)) {
860 or_connection_t *or_conn = TO_OR_CONN(conn);
861 if (or_conn->tls) {
862 if (! SOCKET_OK(conn->s)) {
863 /* The socket has been closed by somebody else; we must tell the
864 * TLS object not to close it. */
865 tor_tls_release_socket(or_conn->tls);
866 } else {
867 /* The tor_tls_free() call below will close the socket; we must tell
868 * the code below not to close it a second time. */
870 conn->s = TOR_INVALID_SOCKET;
871 }
872 tor_tls_free(or_conn->tls);
873 or_conn->tls = NULL;
874 }
875 or_handshake_state_free(or_conn->handshake_state);
876 or_conn->handshake_state = NULL;
878 if (or_conn->chan) {
879 /* Owww, this shouldn't happen, but... */
880 channel_t *base_chan = TLS_CHAN_TO_BASE(or_conn->chan);
881 tor_assert(base_chan);
882 log_info(LD_CHANNEL,
883 "Freeing orconn at %p, saw channel %p with ID "
884 "%"PRIu64 " left un-NULLed",
885 or_conn, base_chan,
886 base_chan->global_identifier);
887 if (!CHANNEL_FINISHED(base_chan)) {
888 channel_close_for_error(base_chan);
889 }
890
891 or_conn->chan->conn = NULL;
892 or_conn->chan = NULL;
893 }
894 }
895 if (conn->type == CONN_TYPE_AP) {
896 entry_connection_t *entry_conn = TO_ENTRY_CONN(conn);
899 if (entry_conn->socks_request)
900 socks_request_free(entry_conn->socks_request);
901 if (entry_conn->pending_optimistic_data) {
902 buf_free(entry_conn->pending_optimistic_data);
903 }
904 if (entry_conn->sending_optimistic_data) {
905 buf_free(entry_conn->sending_optimistic_data);
906 }
907 }
908 if (CONN_IS_EDGE(conn)) {
909 hs_ident_edge_conn_free(TO_EDGE_CONN(conn)->hs_ident);
910 }
911 if (conn->type == CONN_TYPE_CONTROL) {
912 control_connection_t *control_conn = TO_CONTROL_CONN(conn);
913 tor_free(control_conn->safecookie_client_hash);
914 tor_free(control_conn->incoming_cmd);
915 tor_free(control_conn->current_cmd);
916 if (control_conn->ephemeral_onion_services) {
917 SMARTLIST_FOREACH(control_conn->ephemeral_onion_services, char *, cp, {
918 memwipe(cp, 0, strlen(cp));
919 tor_free(cp);
920 });
921 smartlist_free(control_conn->ephemeral_onion_services);
922 }
923 }
924
925 /* Probably already freed by connection_free. */
926 tor_event_free(conn->read_event);
927 tor_event_free(conn->write_event);
928 conn->read_event = conn->write_event = NULL;
929
930 if (conn->type == CONN_TYPE_DIR) {
931 dir_connection_t *dir_conn = TO_DIR_CONN(conn);
932 tor_free(dir_conn->requested_resource);
933
934 tor_compress_free(dir_conn->compress_state);
935 dir_conn_clear_spool(dir_conn);
936
937 hs_ident_dir_conn_free(dir_conn->hs_ident);
938 if (dir_conn->guard_state) {
939 /* Cancel before freeing, if it's still there. */
941 }
942 circuit_guard_state_free(dir_conn->guard_state);
943 }
944
945 if (SOCKET_OK(conn->s)) {
946 log_debug(LD_NET,"closing fd %d.",(int)conn->s);
947 tor_close_socket(conn->s);
948 conn->s = TOR_INVALID_SOCKET;
949 }
950
951 if (conn->type == CONN_TYPE_OR &&
952 !tor_digest_is_zero(TO_OR_CONN(conn)->identity_digest)) {
953 log_warn(LD_BUG, "called on OR conn with non-zeroed identity_digest");
955 }
956 if (conn->type == CONN_TYPE_OR || conn->type == CONN_TYPE_EXT_OR) {
957 tor_free(TO_OR_CONN(conn)->ext_or_auth_correct_client_hash);
958 tor_free(TO_OR_CONN(conn)->ext_or_transport);
959 }
960
961 memwipe(mem, 0xCC, memlen); /* poison memory */
962 tor_free(mem);
963}
964
965/** Make sure <b>conn</b> isn't in any of the global conn lists; then free it.
966 */
967MOCK_IMPL(void,
969{
970 if (!conn)
971 return;
974 if (BUG(conn->linked_conn)) {
975 conn->linked_conn->linked_conn = NULL;
976 if (! conn->linked_conn->marked_for_close &&
979 conn->linked_conn = NULL;
980 }
981 if (connection_speaks_cells(conn)) {
982 if (!tor_digest_is_zero(TO_OR_CONN(conn)->identity_digest)) {
984 }
985 }
986 if (conn->type == CONN_TYPE_CONTROL) {
988 }
989#if 1
990 /* DEBUGGING */
991 if (conn->type == CONN_TYPE_AP) {
992 connection_ap_warn_and_unmark_if_pending_circ(TO_ENTRY_CONN(conn),
993 "connection_free");
994 }
995#endif /* 1 */
996
997 /* Notify the circuit creation DoS mitigation subsystem that an OR client
998 * connection has been closed. And only do that if we track it. */
999 if (conn->type == CONN_TYPE_OR) {
1000 dos_close_client_conn(TO_OR_CONN(conn));
1001 }
1002
1005}
1006
1007/**
1008 * Called when we're about to finally unlink and free a connection:
1009 * perform necessary accounting and cleanup
1010 * - Directory conns that failed to fetch a rendezvous descriptor
1011 * need to inform pending rendezvous streams.
1012 * - OR conns need to call rep_hist_note_*() to record status.
1013 * - AP conns need to send a socks reject if necessary.
1014 * - Exit conns need to call connection_dns_remove() if necessary.
1015 * - AP and Exit conns need to send an end cell if they can.
1016 * - DNS conns need to fail any resolves that are pending on them.
1017 * - OR and edge connections need to be unlinked from circuits.
1018 */
1019void
1021{
1023
1024 switch (conn->type) {
1025 case CONN_TYPE_DIR:
1027 break;
1028 case CONN_TYPE_OR:
1029 case CONN_TYPE_EXT_OR:
1031 break;
1032 case CONN_TYPE_AP:
1034 break;
1035 case CONN_TYPE_EXIT:
1037 break;
1038 }
1039}
1040
1041/** Return true iff connection_close_immediate() has been called on this
1042 * connection. */
1043#define CONN_IS_CLOSED(c) \
1044 ((c)->linked ? ((c)->linked_conn_is_closed) : (! SOCKET_OK(c->s)))
1045
1046/** Close the underlying socket for <b>conn</b>, so we don't try to
1047 * flush it. Must be used in conjunction with (right before)
1048 * connection_mark_for_close().
1049 */
1050void
1052{
1053 assert_connection_ok(conn,0);
1054 if (CONN_IS_CLOSED(conn)) {
1055 log_err(LD_BUG,"Attempt to close already-closed connection.");
1057 return;
1058 }
1059 if (connection_get_outbuf_len(conn)) {
1060 log_info(LD_NET,"fd %d, type %s, state %s, %"TOR_PRIuSZ" bytes on outbuf.",
1061 (int)conn->s, conn_type_to_string(conn->type),
1062 conn_state_to_string(conn->type, conn->state),
1063 buf_datalen(conn->outbuf));
1064 }
1065
1067
1068 /* Prevent the event from getting unblocked. */
1069 conn->read_blocked_on_bw = 0;
1070 conn->write_blocked_on_bw = 0;
1071
1072 if (SOCKET_OK(conn->s))
1073 tor_close_socket(conn->s);
1074 conn->s = TOR_INVALID_SOCKET;
1075 if (conn->linked)
1076 conn->linked_conn_is_closed = 1;
1077 if (conn->outbuf)
1078 buf_clear(conn->outbuf);
1079}
1080
1081/** Mark <b>conn</b> to be closed next time we loop through
1082 * conn_close_if_marked() in main.c. */
1083void
1084connection_mark_for_close_(connection_t *conn, int line, const char *file)
1085{
1086 assert_connection_ok(conn,0);
1087 tor_assert(line);
1088 tor_assert(line < 1<<16); /* marked_for_close can only fit a uint16_t. */
1089 tor_assert(file);
1090
1091 if (conn->type == CONN_TYPE_OR) {
1092 /*
1093 * An or_connection should have been closed through one of the channel-
1094 * aware functions in connection_or.c. We'll assume this is an error
1095 * close and do that, and log a bug warning.
1096 */
1097 log_warn(LD_CHANNEL | LD_BUG,
1098 "Something tried to close an or_connection_t without going "
1099 "through channels at %s:%d",
1100 file, line);
1102 } else {
1103 /* Pass it down to the real function */
1104 connection_mark_for_close_internal_(conn, line, file);
1105 }
1106}
1107
1108/** Mark <b>conn</b> to be closed next time we loop through
1109 * conn_close_if_marked() in main.c.
1110 *
1111 * This _internal version bypasses the CONN_TYPE_OR checks; this should be
1112 * called when you either are sure that if this is an or_connection_t the
1113 * controlling channel has been notified (e.g. with
1114 * connection_or_notify_error()), or you actually are the
1115 * connection_or_close_for_error() or connection_or_close_normally() function.
1116 * For all other cases, use connection_mark_and_flush() which checks for
1117 * or_connection_t properly, instead. See below.
1118 *
1119 * We want to keep this function simple and quick, since it can be called from
1120 * quite deep in the call chain, and hence it should avoid having side-effects
1121 * that interfere with its callers view of the connection.
1122 */
1123MOCK_IMPL(void,
1125 int line, const char *file))
1126{
1127 assert_connection_ok(conn,0);
1128 tor_assert(line);
1129 tor_assert(line < 1<<16); /* marked_for_close can only fit a uint16_t. */
1130 tor_assert(file);
1131
1132 if (conn->marked_for_close) {
1133 log_warn(LD_BUG,"Duplicate call to connection_mark_for_close at %s:%d"
1134 " (first at %s:%d)", file, line, conn->marked_for_close_file,
1135 conn->marked_for_close);
1137 return;
1138 }
1139
1140 if (conn->type == CONN_TYPE_OR) {
1141 /*
1142 * Bad news if this happens without telling the controlling channel; do
1143 * this so we can find things that call this wrongly when the asserts hit.
1144 */
1145 log_debug(LD_CHANNEL,
1146 "Calling connection_mark_for_close_internal_() on an OR conn "
1147 "at %s:%d",
1148 file, line);
1149 }
1150
1151 conn->marked_for_close = line;
1152 conn->marked_for_close_file = file;
1154
1155 /* in case we're going to be held-open-til-flushed, reset
1156 * the number of seconds since last successful write, so
1157 * we get our whole 15 seconds */
1158 conn->timestamp_last_write_allowed = time(NULL);
1159
1160 /* Note the connection close. */
1162 conn->socket_family);
1163}
1164
1165/** Find each connection that has hold_open_until_flushed set to
1166 * 1 but hasn't written in the past 15 seconds, and set
1167 * hold_open_until_flushed to 0. This means it will get cleaned
1168 * up in the next loop through close_if_marked() in main.c.
1169 */
1170void
1172{
1173 time_t now;
1175
1176 now = time(NULL);
1177
1178 SMARTLIST_FOREACH_BEGIN(conns, connection_t *, conn) {
1179 /* If we've been holding the connection open, but we haven't written
1180 * for 15 seconds...
1181 */
1182 if (conn->hold_open_until_flushed) {
1184 if (now - conn->timestamp_last_write_allowed >= 15) {
1185 int severity;
1186 if (conn->type == CONN_TYPE_EXIT ||
1187 (conn->type == CONN_TYPE_DIR &&
1188 conn->purpose == DIR_PURPOSE_SERVER))
1189 severity = LOG_INFO;
1190 else
1191 severity = LOG_NOTICE;
1192 log_fn(severity, LD_NET,
1193 "Giving up on marked_for_close conn that's been flushing "
1194 "for 15s (fd %d, type %s, state %s).",
1195 (int)conn->s, conn_type_to_string(conn->type),
1196 conn_state_to_string(conn->type, conn->state));
1197 conn->hold_open_until_flushed = 0;
1198 }
1199 }
1200 } SMARTLIST_FOREACH_END(conn);
1201}
1202
1203#if defined(HAVE_SYS_UN_H) || defined(RUNNING_DOXYGEN)
1204/** Create an AF_UNIX listenaddr struct.
1205 * <b>listenaddress</b> provides the path to the Unix socket.
1206 *
1207 * Eventually <b>listenaddress</b> will also optionally contain user, group,
1208 * and file permissions for the new socket. But not yet. XXX
1209 * Also, since we do not create the socket here the information doesn't help
1210 * here.
1211 *
1212 * If not NULL <b>readable_address</b> will contain a copy of the path part of
1213 * <b>listenaddress</b>.
1214 *
1215 * The listenaddr struct has to be freed by the caller.
1216 */
1217static struct sockaddr_un *
1218create_unix_sockaddr(const char *listenaddress, char **readable_address,
1219 socklen_t *len_out)
1220{
1221 struct sockaddr_un *sockaddr = NULL;
1222
1223 sockaddr = tor_malloc_zero(sizeof(struct sockaddr_un));
1224 sockaddr->sun_family = AF_UNIX;
1225 if (strlcpy(sockaddr->sun_path, listenaddress, sizeof(sockaddr->sun_path))
1226 >= sizeof(sockaddr->sun_path)) {
1227 log_warn(LD_CONFIG, "Unix socket path '%s' is too long to fit.",
1228 escaped(listenaddress));
1229 tor_free(sockaddr);
1230 return NULL;
1231 }
1232
1233 if (readable_address)
1234 *readable_address = tor_strdup(listenaddress);
1235
1236 *len_out = sizeof(struct sockaddr_un);
1237 return sockaddr;
1238}
1239#else /* !(defined(HAVE_SYS_UN_H) || defined(RUNNING_DOXYGEN)) */
1240static struct sockaddr *
1241create_unix_sockaddr(const char *listenaddress, char **readable_address,
1242 socklen_t *len_out)
1243{
1244 (void)listenaddress;
1245 (void)readable_address;
1247 "Unix domain sockets not supported, yet we tried to create one.");
1248 *len_out = 0;
1250 return NULL;
1251}
1252#endif /* defined(HAVE_SYS_UN_H) || defined(RUNNING_DOXYGEN) */
1253
1254/* Log a rate-limited warning about resource exhaustion */
1255static void
1256warn_about_resource_exhaution(void)
1257{
1258#define WARN_TOO_MANY_CONNS_INTERVAL (6*60*60)
1259 static ratelim_t last_warned = RATELIM_INIT(WARN_TOO_MANY_CONNS_INTERVAL);
1260 char *m;
1261 if ((m = rate_limit_log(&last_warned, approx_time()))) {
1262 int n_conns = get_n_open_sockets();
1263 log_warn(LD_NET,"Failing because we have %d connections already. Please "
1264 "read doc/TUNING for guidance.%s", n_conns, m);
1265 tor_free(m);
1266 control_event_general_status(LOG_WARN, "TOO_MANY_CONNECTIONS CURRENT=%d",
1267 n_conns);
1268 }
1269}
1270
1271/**
1272 * A socket failed from file descriptor exhaustion.
1273 *
1274 * Note down file descriptor exhaustion and log a warning. */
1275static inline void
1277{
1278 rep_hist_note_overload(OVERLOAD_FD_EXHAUSTED);
1279 warn_about_resource_exhaution();
1280}
1281
1282/**
1283 * A socket failed from TCP port exhaustion.
1284 *
1285 * Note down TCP port exhaustion and log a warning. */
1286static inline void
1288{
1290 warn_about_resource_exhaution();
1291}
1292
1293#ifdef HAVE_SYS_UN_H
1294
1295#define UNIX_SOCKET_PURPOSE_CONTROL_SOCKET 0
1296#define UNIX_SOCKET_PURPOSE_SOCKS_SOCKET 1
1297
1298/** Check if the purpose isn't one of the ones we know what to do with */
1299
1300static int
1301is_valid_unix_socket_purpose(int purpose)
1302{
1303 int valid = 0;
1304
1305 switch (purpose) {
1306 case UNIX_SOCKET_PURPOSE_CONTROL_SOCKET:
1307 case UNIX_SOCKET_PURPOSE_SOCKS_SOCKET:
1308 valid = 1;
1309 break;
1310 }
1311
1312 return valid;
1313}
1314
1315/** Return a string description of a unix socket purpose */
1316static const char *
1317unix_socket_purpose_to_string(int purpose)
1318{
1319 const char *s = "unknown-purpose socket";
1320
1321 switch (purpose) {
1322 case UNIX_SOCKET_PURPOSE_CONTROL_SOCKET:
1323 s = "control socket";
1324 break;
1325 case UNIX_SOCKET_PURPOSE_SOCKS_SOCKET:
1326 s = "SOCKS socket";
1327 break;
1328 }
1329
1330 return s;
1331}
1332
1333/** Check whether we should be willing to open an AF_UNIX socket in
1334 * <b>path</b>. Return 0 if we should go ahead and -1 if we shouldn't. */
1335static int
1336check_location_for_unix_socket(const or_options_t *options, const char *path,
1337 int purpose, const port_cfg_t *port)
1338{
1339 int r = -1;
1340 char *p = NULL;
1341
1342 tor_assert(is_valid_unix_socket_purpose(purpose));
1343
1344 p = tor_strdup(path);
1345 cpd_check_t flags = CPD_CHECK_MODE_ONLY;
1346 if (get_parent_directory(p)<0 || p[0] != '/') {
1347 log_warn(LD_GENERAL, "Bad unix socket address '%s'. Tor does not support "
1348 "relative paths for unix sockets.", path);
1349 goto done;
1350 }
1351
1352 if (port->is_world_writable) {
1353 /* World-writable sockets can go anywhere. */
1354 r = 0;
1355 goto done;
1356 }
1357
1358 if (port->is_group_writable) {
1359 flags |= CPD_GROUP_OK;
1360 }
1361
1362 if (port->relax_dirmode_check) {
1363 flags |= CPD_RELAX_DIRMODE_CHECK;
1364 }
1365
1366 if (check_private_dir(p, flags, options->User) < 0) {
1367 char *escpath, *escdir;
1368 escpath = esc_for_log(path);
1369 escdir = esc_for_log(p);
1370 log_warn(LD_GENERAL, "Before Tor can create a %s in %s, the directory "
1371 "%s needs to exist, and to be accessible only by the user%s "
1372 "account that is running Tor. (On some Unix systems, anybody "
1373 "who can list a socket can connect to it, so Tor is being "
1374 "careful.)",
1375 unix_socket_purpose_to_string(purpose), escpath, escdir,
1376 port->is_group_writable ? " and group" : "");
1377 tor_free(escpath);
1378 tor_free(escdir);
1379 goto done;
1380 }
1381
1382 r = 0;
1383 done:
1384 tor_free(p);
1385 return r;
1386}
1387#endif /* defined(HAVE_SYS_UN_H) */
1388
1389/** Tell the TCP stack that it shouldn't wait for a long time after
1390 * <b>sock</b> has closed before reusing its port. Return 0 on success,
1391 * -1 on failure. */
1392static int
1394{
1395#ifdef _WIN32
1396 (void) sock;
1397 return 0;
1398#else
1399 int one=1;
1400
1401 /* REUSEADDR on normal places means you can rebind to the port
1402 * right after somebody else has let it go. But REUSEADDR on win32
1403 * means you can bind to the port _even when somebody else
1404 * already has it bound_. So, don't do that on Win32. */
1405 if (setsockopt(sock, SOL_SOCKET, SO_REUSEADDR, (void*) &one,
1406 (socklen_t)sizeof(one)) == -1) {
1407 return -1;
1408 }
1409 return 0;
1410#endif /* defined(_WIN32) */
1411}
1412
1413#ifdef _WIN32
1414/** Tell the Windows TCP stack to prevent other applications from receiving
1415 * traffic from tor's open ports. Return 0 on success, -1 on failure. */
1416static int
1417make_win32_socket_exclusive(tor_socket_t sock)
1418{
1419#ifdef SO_EXCLUSIVEADDRUSE
1420 int one=1;
1421
1422 /* Any socket that sets REUSEADDR on win32 can bind to a port _even when
1423 * somebody else already has it bound_, and _even if the original socket
1424 * didn't set REUSEADDR_. Use EXCLUSIVEADDRUSE to prevent this port-stealing
1425 * on win32. */
1426 if (setsockopt(sock, SOL_SOCKET, SO_EXCLUSIVEADDRUSE, (void*) &one,
1427 (socklen_t)sizeof(one))) {
1428 return -1;
1429 }
1430 return 0;
1431#else /* !defined(SO_EXCLUSIVEADDRUSE) */
1432 (void) sock;
1433 return 0;
1434#endif /* defined(SO_EXCLUSIVEADDRUSE) */
1435}
1436#endif /* defined(_WIN32) */
1437
1438/** Max backlog to pass to listen. We start at */
1439static int listen_limit = INT_MAX;
1440
1441/* Listen on <b>fd</b> with appropriate backlog. Return as for listen. */
1442static int
1443tor_listen(tor_socket_t fd)
1444{
1445 int r;
1446
1447 if ((r = listen(fd, listen_limit)) < 0) {
1448 if (listen_limit == SOMAXCONN)
1449 return r;
1450 if ((r = listen(fd, SOMAXCONN)) == 0) {
1451 listen_limit = SOMAXCONN;
1452 log_warn(LD_NET, "Setting listen backlog to INT_MAX connections "
1453 "didn't work, but SOMAXCONN did. Lowering backlog limit.");
1454 }
1455 }
1456 return r;
1457}
1458
1459/** Bind a new non-blocking socket listening to the socket described
1460 * by <b>listensockaddr</b>.
1461 *
1462 * <b>address</b> is only used for logging purposes and to add the information
1463 * to the conn.
1464 *
1465 * Set <b>addr_in_use</b> to true in case socket binding fails with
1466 * EADDRINUSE.
1467 */
1468static connection_t *
1469connection_listener_new(const struct sockaddr *listensockaddr,
1470 socklen_t socklen,
1471 int type, const char *address,
1472 const port_cfg_t *port_cfg,
1473 int *addr_in_use)
1474{
1475 listener_connection_t *lis_conn;
1476 connection_t *conn = NULL;
1477 tor_socket_t s = TOR_INVALID_SOCKET; /* the socket we're going to make */
1478 or_options_t const *options = get_options();
1479 (void) options; /* Windows doesn't use this. */
1480#if defined(HAVE_PWD_H) && defined(HAVE_SYS_UN_H)
1481 const struct passwd *pw = NULL;
1482#endif
1483 uint16_t usePort = 0, gotPort = 0;
1484 int start_reading = 0;
1485 static int global_next_session_group = SESSION_GROUP_FIRST_AUTO;
1486 tor_addr_t addr;
1487 int exhaustion = 0;
1488
1489 if (addr_in_use)
1490 *addr_in_use = 0;
1491
1492 if (listensockaddr->sa_family == AF_INET ||
1493 listensockaddr->sa_family == AF_INET6) {
1494 int is_stream = (type != CONN_TYPE_AP_DNS_LISTENER);
1495 if (is_stream)
1496 start_reading = 1;
1497
1498 tor_addr_from_sockaddr(&addr, listensockaddr, &usePort);
1499 log_notice(LD_NET, "Opening %s on %s",
1500 conn_type_to_string(type), fmt_addrport(&addr, usePort));
1501
1503 is_stream ? SOCK_STREAM : SOCK_DGRAM,
1504 is_stream ? IPPROTO_TCP: IPPROTO_UDP);
1505 if (!SOCKET_OK(s)) {
1506 int e = tor_socket_errno(s);
1507 if (ERRNO_IS_RESOURCE_LIMIT(e)) {
1509 /*
1510 * We'll call the OOS handler at the error exit, so set the
1511 * exhaustion flag for it.
1512 */
1513 exhaustion = 1;
1514 } else {
1515 log_warn(LD_NET, "Socket creation failed: %s",
1516 tor_socket_strerror(e));
1517 }
1518 goto err;
1519 }
1520
1521 if (make_socket_reuseable(s) < 0) {
1522 log_warn(LD_NET, "Error setting SO_REUSEADDR flag on %s: %s",
1523 conn_type_to_string(type),
1524 tor_socket_strerror(errno));
1525 }
1526
1527#ifdef _WIN32
1528 if (make_win32_socket_exclusive(s) < 0) {
1529 log_warn(LD_NET, "Error setting SO_EXCLUSIVEADDRUSE flag on %s: %s",
1530 conn_type_to_string(type),
1531 tor_socket_strerror(errno));
1532 }
1533#endif /* defined(_WIN32) */
1534
1535#if defined(USE_TRANSPARENT) && defined(IP_TRANSPARENT)
1536 if (options->TransProxyType_parsed == TPT_TPROXY &&
1538 int one = 1;
1539 if (setsockopt(s, SOL_IP, IP_TRANSPARENT, (void*)&one,
1540 (socklen_t)sizeof(one)) < 0) {
1541 const char *extra = "";
1542 int e = tor_socket_errno(s);
1543 if (e == EPERM)
1544 extra = "TransTPROXY requires root privileges or similar"
1545 " capabilities.";
1546 log_warn(LD_NET, "Error setting IP_TRANSPARENT flag: %s.%s",
1547 tor_socket_strerror(e), extra);
1548 }
1549 }
1550#endif /* defined(USE_TRANSPARENT) && defined(IP_TRANSPARENT) */
1551
1552#ifdef IPV6_V6ONLY
1553 if (listensockaddr->sa_family == AF_INET6) {
1554 int one = 1;
1555 /* We need to set IPV6_V6ONLY so that this socket can't get used for
1556 * IPv4 connections. */
1557 if (setsockopt(s,IPPROTO_IPV6, IPV6_V6ONLY,
1558 (void*)&one, (socklen_t)sizeof(one)) < 0) {
1559 int e = tor_socket_errno(s);
1560 log_warn(LD_NET, "Error setting IPV6_V6ONLY flag: %s",
1561 tor_socket_strerror(e));
1562 /* Keep going; probably not harmful. */
1563 }
1564 }
1565#endif /* defined(IPV6_V6ONLY) */
1566
1567 if (bind(s,listensockaddr,socklen) < 0) {
1568 const char *helpfulhint = "";
1569 int e = tor_socket_errno(s);
1570 if (ERRNO_IS_EADDRINUSE(e)) {
1571 helpfulhint = ". Is Tor already running?";
1572 if (addr_in_use)
1573 *addr_in_use = 1;
1574 }
1575 log_warn(LD_NET, "Could not bind to %s:%u: %s%s", address, usePort,
1576 tor_socket_strerror(e), helpfulhint);
1577 goto err;
1578 }
1579
1580 if (is_stream) {
1581 if (tor_listen(s) < 0) {
1582 log_warn(LD_NET, "Could not listen on %s:%u: %s", address, usePort,
1583 tor_socket_strerror(tor_socket_errno(s)));
1584 goto err;
1585 }
1586 }
1587
1588 if (usePort != 0) {
1589 gotPort = usePort;
1590 } else {
1591 tor_addr_t addr2;
1592 struct sockaddr_storage ss;
1593 socklen_t ss_len=sizeof(ss);
1594 if (getsockname(s, (struct sockaddr*)&ss, &ss_len)<0) {
1595 log_warn(LD_NET, "getsockname() couldn't learn address for %s: %s",
1596 conn_type_to_string(type),
1597 tor_socket_strerror(tor_socket_errno(s)));
1598 gotPort = 0;
1599 }
1600 tor_addr_from_sockaddr(&addr2, (struct sockaddr*)&ss, &gotPort);
1601 }
1602#ifdef HAVE_SYS_UN_H
1603 /*
1604 * AF_UNIX generic setup stuff
1605 */
1606 } else if (listensockaddr->sa_family == AF_UNIX) {
1607 /* We want to start reading for both AF_UNIX cases */
1608 start_reading = 1;
1609
1611
1612 if (check_location_for_unix_socket(options, address,
1613 (type == CONN_TYPE_CONTROL_LISTENER) ?
1614 UNIX_SOCKET_PURPOSE_CONTROL_SOCKET :
1615 UNIX_SOCKET_PURPOSE_SOCKS_SOCKET, port_cfg) < 0) {
1616 goto err;
1617 }
1618
1619 log_notice(LD_NET, "Opening %s on %s",
1620 conn_type_to_string(type), address);
1621
1622 tor_addr_make_unspec(&addr);
1623
1624 if (unlink(address) < 0 && errno != ENOENT) {
1625 log_warn(LD_NET, "Could not unlink %s: %s", address,
1626 strerror(errno));
1627 goto err;
1628 }
1629
1630 s = tor_open_socket_nonblocking(AF_UNIX, SOCK_STREAM, 0);
1631 if (! SOCKET_OK(s)) {
1632 int e = tor_socket_errno(s);
1633 if (ERRNO_IS_RESOURCE_LIMIT(e)) {
1635 /*
1636 * We'll call the OOS handler at the error exit, so set the
1637 * exhaustion flag for it.
1638 */
1639 exhaustion = 1;
1640 } else {
1641 log_warn(LD_NET,"Socket creation failed: %s.", strerror(e));
1642 }
1643 goto err;
1644 }
1645
1646 if (bind(s, listensockaddr,
1647 (socklen_t)sizeof(struct sockaddr_un)) == -1) {
1648 log_warn(LD_NET,"Bind to %s failed: %s.", address,
1649 tor_socket_strerror(tor_socket_errno(s)));
1650 goto err;
1651 }
1652
1653#ifdef HAVE_PWD_H
1654 if (options->User) {
1655 pw = tor_getpwnam(options->User);
1656 struct stat st;
1657 if (pw == NULL) {
1658 log_warn(LD_NET,"Unable to chown() %s socket: user %s not found.",
1659 address, options->User);
1660 goto err;
1661 } else if (fstat(s, &st) == 0 &&
1662 st.st_uid == pw->pw_uid && st.st_gid == pw->pw_gid) {
1663 /* No change needed */
1664 } else if (chown(sandbox_intern_string(address),
1665 pw->pw_uid, pw->pw_gid) < 0) {
1666 log_warn(LD_NET,"Unable to chown() %s socket: %s.",
1667 address, strerror(errno));
1668 goto err;
1669 }
1670 }
1671#endif /* defined(HAVE_PWD_H) */
1672
1673 {
1674 unsigned mode;
1675 const char *status;
1676 struct stat st;
1677 if (port_cfg->is_world_writable) {
1678 mode = 0666;
1679 status = "world-writable";
1680 } else if (port_cfg->is_group_writable) {
1681 mode = 0660;
1682 status = "group-writable";
1683 } else {
1684 mode = 0600;
1685 status = "private";
1686 }
1687 /* We need to use chmod; fchmod doesn't work on sockets on all
1688 * platforms. */
1689 if (fstat(s, &st) == 0 && (st.st_mode & 0777) == mode) {
1690 /* no change needed */
1691 } else if (chmod(sandbox_intern_string(address), mode) < 0) {
1692 log_warn(LD_FS,"Unable to make %s %s.", address, status);
1693 goto err;
1694 }
1695 }
1696
1697 if (listen(s, SOMAXCONN) < 0) {
1698 log_warn(LD_NET, "Could not listen on %s: %s", address,
1699 tor_socket_strerror(tor_socket_errno(s)));
1700 goto err;
1701 }
1702
1703#ifndef __APPLE__
1704 /* This code was introduced to help debug #28229. */
1705 int value;
1706 socklen_t len = sizeof(value);
1707
1708 if (!getsockopt(s, SOL_SOCKET, SO_ACCEPTCONN, &value, &len)) {
1709 if (value == 0) {
1710 log_err(LD_NET, "Could not listen on %s - "
1711 "getsockopt(.,SO_ACCEPTCONN,.) yields 0.", address);
1712 goto err;
1713 }
1714 }
1715#endif /* !defined(__APPLE__) */
1716#endif /* defined(HAVE_SYS_UN_H) */
1717 } else {
1718 log_err(LD_BUG, "Got unexpected address family %d.",
1719 listensockaddr->sa_family);
1720 tor_assert(0);
1721 }
1722
1723 lis_conn = listener_connection_new(type, listensockaddr->sa_family);
1724 conn = TO_CONN(lis_conn);
1725 conn->socket_family = listensockaddr->sa_family;
1726 conn->s = s;
1727 s = TOR_INVALID_SOCKET; /* Prevent double-close */
1728 conn->address = tor_strdup(address);
1729 conn->port = gotPort;
1730 tor_addr_copy(&conn->addr, &addr);
1731
1732 memcpy(&lis_conn->entry_cfg, &port_cfg->entry_cfg, sizeof(entry_port_cfg_t));
1733
1734 if (port_cfg->entry_cfg.isolation_flags) {
1735 lis_conn->entry_cfg.isolation_flags = port_cfg->entry_cfg.isolation_flags;
1736 if (port_cfg->entry_cfg.session_group >= 0) {
1737 lis_conn->entry_cfg.session_group = port_cfg->entry_cfg.session_group;
1738 } else {
1739 /* This can wrap after around INT_MAX listeners are opened. But I don't
1740 * believe that matters, since you would need to open a ridiculous
1741 * number of listeners while keeping the early ones open before you ever
1742 * hit this. An OR with a dozen ports open, for example, would have to
1743 * close and re-open its listeners every second for 4 years nonstop.
1744 */
1745 lis_conn->entry_cfg.session_group = global_next_session_group--;
1746 }
1747 }
1748
1749 if (connection_add(conn) < 0) { /* no space, forget it */
1750 log_warn(LD_NET,"connection_add for listener failed. Giving up.");
1751 goto err;
1752 }
1753
1754 log_fn(usePort==gotPort ? LOG_DEBUG : LOG_NOTICE, LD_NET,
1755 "%s listening on port %u.",
1756 conn_type_to_string(type), gotPort);
1757
1759 if (start_reading) {
1761 } else {
1764 }
1765
1766 /*
1767 * Normal exit; call the OOS handler since connection count just changed;
1768 * the exhaustion flag will always be zero here though.
1769 */
1771
1772 log_notice(LD_NET, "Opened %s", connection_describe(conn));
1773
1774 return conn;
1775
1776 err:
1777 if (SOCKET_OK(s))
1779 if (conn)
1780 connection_free(conn);
1781
1782 /* Call the OOS handler, indicate if we saw an exhaustion-related error */
1784
1785 return NULL;
1786}
1787
1788/**
1789 * Create a new listener connection for a given <b>port</b>. In case we
1790 * for a reason that is not an error condition, set <b>defer</b>
1791 * to true. If we cannot bind listening socket because address is already
1792 * in use, set <b>addr_in_use</b> to true.
1793 */
1794static connection_t *
1796 int *defer, int *addr_in_use)
1797{
1798 connection_t *conn;
1799 struct sockaddr *listensockaddr;
1800 socklen_t listensocklen = 0;
1801 char *address=NULL;
1802 int real_port = port->port == CFG_AUTO_PORT ? 0 : port->port;
1803 tor_assert(real_port <= UINT16_MAX);
1804
1805 if (defer)
1806 *defer = 0;
1807
1808 if (port->server_cfg.no_listen) {
1809 if (defer)
1810 *defer = 1;
1811 return NULL;
1812 }
1813
1814#ifndef _WIN32
1815 /* We don't need to be root to create a UNIX socket, so defer until after
1816 * setuid. */
1817 const or_options_t *options = get_options();
1818 if (port->is_unix_addr && !geteuid() && (options->User) &&
1819 strcmp(options->User, "root")) {
1820 if (defer)
1821 *defer = 1;
1822 return NULL;
1823 }
1824#endif /* !defined(_WIN32) */
1825
1826 if (port->is_unix_addr) {
1827 listensockaddr = (struct sockaddr *)
1828 create_unix_sockaddr(port->unix_addr,
1829 &address, &listensocklen);
1830 } else {
1831 listensockaddr = tor_malloc(sizeof(struct sockaddr_storage));
1832 listensocklen = tor_addr_to_sockaddr(&port->addr,
1833 real_port,
1834 listensockaddr,
1835 sizeof(struct sockaddr_storage));
1836 address = tor_addr_to_str_dup(&port->addr);
1837 }
1838
1839 if (listensockaddr) {
1840 conn = connection_listener_new(listensockaddr, listensocklen,
1841 port->type, address, port,
1842 addr_in_use);
1843 tor_free(listensockaddr);
1844 tor_free(address);
1845 } else {
1846 conn = NULL;
1847 }
1848
1849 return conn;
1850}
1851
1852/** Do basic sanity checking on a newly received socket. Return 0
1853 * if it looks ok, else return -1.
1854 *
1855 * Notably, some TCP stacks can erroneously have accept() return successfully
1856 * with socklen 0, when the client sends an RST before the accept call (as
1857 * nmap does). We want to detect that, and not go on with the connection.
1858 */
1859static int
1860check_sockaddr(const struct sockaddr *sa, int len, int level)
1861{
1862 int ok = 1;
1863
1864 if (sa->sa_family == AF_INET) {
1865 struct sockaddr_in *sin=(struct sockaddr_in*)sa;
1866 if (len != sizeof(struct sockaddr_in)) {
1867 log_fn(level, LD_NET, "Length of address not as expected: %d vs %d",
1868 len,(int)sizeof(struct sockaddr_in));
1869 ok = 0;
1870 }
1871 if (sin->sin_addr.s_addr == 0 || sin->sin_port == 0) {
1872 log_fn(level, LD_NET,
1873 "Address for new connection has address/port equal to zero.");
1874 ok = 0;
1875 }
1876 } else if (sa->sa_family == AF_INET6) {
1877 struct sockaddr_in6 *sin6=(struct sockaddr_in6*)sa;
1878 if (len != sizeof(struct sockaddr_in6)) {
1879 log_fn(level, LD_NET, "Length of address not as expected: %d vs %d",
1880 len,(int)sizeof(struct sockaddr_in6));
1881 ok = 0;
1882 }
1883 if (fast_mem_is_zero((void*)sin6->sin6_addr.s6_addr, 16) ||
1884 sin6->sin6_port == 0) {
1885 log_fn(level, LD_NET,
1886 "Address for new connection has address/port equal to zero.");
1887 ok = 0;
1888 }
1889 } else if (sa->sa_family == AF_UNIX) {
1890 ok = 1;
1891 } else {
1892 ok = 0;
1893 }
1894 return ok ? 0 : -1;
1895}
1896
1897/** Check whether the socket family from an accepted socket <b>got</b> is the
1898 * same as the one that <b>listener</b> is waiting for. If it isn't, log
1899 * a useful message and return -1. Else return 0.
1900 *
1901 * This is annoying, but can apparently happen on some Darwins. */
1902static int
1904{
1905 if (got != listener->socket_family) {
1906 log_info(LD_BUG, "A listener connection returned a socket with a "
1907 "mismatched family. %s for addr_family %d gave us a socket "
1908 "with address family %d. Dropping.",
1909 conn_type_to_string(listener->type),
1910 (int)listener->socket_family,
1911 (int)got);
1912 return -1;
1913 }
1914 return 0;
1915}
1916
1917/** The listener connection <b>conn</b> told poll() it wanted to read.
1918 * Call accept() on conn->s, and add the new connection if necessary.
1919 */
1920static int
1922{
1923 tor_socket_t news; /* the new socket */
1924 connection_t *newconn = 0;
1925 /* information about the remote peer when connecting to other routers */
1926 struct sockaddr_storage addrbuf;
1927 struct sockaddr *remote = (struct sockaddr*)&addrbuf;
1928 /* length of the remote address. Must be whatever accept() needs. */
1929 socklen_t remotelen = (socklen_t)sizeof(addrbuf);
1930 const or_options_t *options = get_options();
1931
1932 tor_assert((size_t)remotelen >= sizeof(struct sockaddr_in));
1933 memset(&addrbuf, 0, sizeof(addrbuf));
1934
1935 news = tor_accept_socket_nonblocking(conn->s,remote,&remotelen);
1936 if (!SOCKET_OK(news)) { /* accept() error */
1937 int e = tor_socket_errno(conn->s);
1938 if (ERRNO_IS_ACCEPT_EAGAIN(e)) {
1939 /*
1940 * they hung up before we could accept(). that's fine.
1941 *
1942 * give the OOS handler a chance to run though
1943 */
1945 return 0;
1946 } else if (ERRNO_IS_RESOURCE_LIMIT(e)) {
1948 /* Exhaustion; tell the OOS handler */
1950 return 0;
1951 }
1952 /* else there was a real error. */
1953 log_warn(LD_NET,"accept() failed: %s. Closing listener.",
1954 tor_socket_strerror(e));
1955 connection_mark_for_close(conn);
1956 /* Tell the OOS handler about this too */
1958 return -1;
1959 }
1960 log_debug(LD_NET,
1961 "Connection accepted on socket %d (child of fd %d).",
1962 (int)news,(int)conn->s);
1963
1964 /* We accepted a new conn; run OOS handler */
1966
1967 if (make_socket_reuseable(news) < 0) {
1968 if (tor_socket_errno(news) == EINVAL) {
1969 /* This can happen on OSX if we get a badly timed shutdown. */
1970 log_debug(LD_NET, "make_socket_reuseable returned EINVAL");
1971 } else {
1972 log_warn(LD_NET, "Error setting SO_REUSEADDR flag on %s: %s",
1973 conn_type_to_string(new_type),
1974 tor_socket_strerror(errno));
1975 }
1976 tor_close_socket(news);
1977 return 0;
1978 }
1979
1980 if (options->ConstrainedSockets)
1982
1983 if (check_sockaddr_family_match(remote->sa_family, conn) < 0) {
1984 tor_close_socket(news);
1985 return 0;
1986 }
1987
1988 if (conn->socket_family == AF_INET || conn->socket_family == AF_INET6 ||
1989 (conn->socket_family == AF_UNIX && new_type == CONN_TYPE_AP)) {
1990 tor_addr_t addr;
1991 uint16_t port;
1992 if (check_sockaddr(remote, remotelen, LOG_INFO)<0) {
1993 log_info(LD_NET,
1994 "accept() returned a strange address; closing connection.");
1995 tor_close_socket(news);
1996 return 0;
1997 }
1998
1999 tor_addr_from_sockaddr(&addr, remote, &port);
2000
2001 /* process entrance policies here, before we even create the connection */
2002 if (new_type == CONN_TYPE_AP) {
2003 /* check sockspolicy to see if we should accept it */
2004 if (socks_policy_permits_address(&addr) == 0) {
2005 log_notice(LD_APP,
2006 "Denying socks connection from untrusted address %s.",
2007 fmt_and_decorate_addr(&addr));
2009 tor_close_socket(news);
2010 return 0;
2011 }
2012 }
2013 if (new_type == CONN_TYPE_DIR) {
2014 /* check dirpolicy to see if we should accept it */
2015 if (dir_policy_permits_address(&addr) == 0) {
2016 log_notice(LD_DIRSERV,"Denying dir connection from address %s.",
2017 fmt_and_decorate_addr(&addr));
2019 tor_close_socket(news);
2020 return 0;
2021 }
2022 }
2023 if (new_type == CONN_TYPE_OR) {
2024 /* Assess with the connection DoS mitigation subsystem if this address
2025 * can open a new connection. */
2026 if (dos_conn_addr_get_defense_type(&addr) == DOS_CONN_DEFENSE_CLOSE) {
2028 tor_close_socket(news);
2029 return 0;
2030 }
2031 }
2032
2033 newconn = connection_new(new_type, conn->socket_family);
2034 newconn->s = news;
2035
2036 /* remember the remote address */
2037 tor_addr_copy(&newconn->addr, &addr);
2038 if (new_type == CONN_TYPE_AP && conn->socket_family == AF_UNIX) {
2039 newconn->port = 0;
2040 newconn->address = tor_strdup(conn->address);
2041 } else {
2042 newconn->port = port;
2043 newconn->address = tor_addr_to_str_dup(&addr);
2044 }
2045
2046 if (new_type == CONN_TYPE_AP && conn->socket_family != AF_UNIX) {
2047 log_info(LD_NET, "New SOCKS connection opened from %s.",
2048 fmt_and_decorate_addr(&addr));
2049 }
2050 if (new_type == CONN_TYPE_AP && conn->socket_family == AF_UNIX) {
2051 log_info(LD_NET, "New SOCKS AF_UNIX connection opened");
2052 }
2053 if (new_type == CONN_TYPE_CONTROL) {
2054 log_notice(LD_CONTROL, "New control connection opened from %s.",
2055 fmt_and_decorate_addr(&addr));
2056 }
2057 if (new_type == CONN_TYPE_METRICS) {
2058 log_info(LD_CONTROL, "New metrics connection opened from %s.",
2059 fmt_and_decorate_addr(&addr));
2060 }
2061
2062 } else if (conn->socket_family == AF_UNIX && conn->type != CONN_TYPE_AP) {
2064 tor_assert(new_type == CONN_TYPE_CONTROL);
2065 log_notice(LD_CONTROL, "New control connection opened.");
2066
2067 newconn = connection_new(new_type, conn->socket_family);
2068 newconn->s = news;
2069
2070 /* remember the remote address -- do we have anything sane to put here? */
2071 tor_addr_make_unspec(&newconn->addr);
2072 newconn->port = 1;
2073 newconn->address = tor_strdup(conn->address);
2074 } else {
2075 tor_assert(0);
2076 };
2077
2078 /* We are receiving this connection. */
2079 newconn->from_listener = 1;
2080
2081 if (connection_add(newconn) < 0) { /* no space, forget it */
2082 connection_free(newconn);
2083 return 0; /* no need to tear down the parent */
2084 }
2085
2086 if (connection_init_accepted_conn(newconn, TO_LISTENER_CONN(conn)) < 0) {
2087 if (! newconn->marked_for_close)
2088 connection_mark_for_close(newconn);
2089 return 0;
2090 }
2091
2092 note_connection(true /* inbound */, newconn);
2093
2094 return 0;
2095}
2096
2097/** Initialize states for newly accepted connection <b>conn</b>.
2098 *
2099 * If conn is an OR, start the TLS handshake.
2100 *
2101 * If conn is a transparent AP, get its original destination
2102 * and place it in circuit_wait.
2103 *
2104 * The <b>listener</b> parameter is only used for AP connections.
2105 */
2106int
2108 const listener_connection_t *listener)
2109{
2110 int rv;
2111
2113
2114 switch (conn->type) {
2115 case CONN_TYPE_EXT_OR:
2116 /* Initiate Extended ORPort authentication. */
2118 case CONN_TYPE_OR:
2119 connection_or_event_status(TO_OR_CONN(conn), OR_CONN_EVENT_NEW, 0);
2121 if (rv < 0) {
2123 }
2124 return rv;
2125 break;
2126 case CONN_TYPE_AP:
2127 memcpy(&TO_ENTRY_CONN(conn)->entry_cfg, &listener->entry_cfg,
2128 sizeof(entry_port_cfg_t));
2130 TO_ENTRY_CONN(conn)->socks_request->listener_type = listener->base_.type;
2131
2132 /* Any incoming connection on an entry port counts as user activity. */
2134
2135 switch (TO_CONN(listener)->type) {
2139 listener->entry_cfg.socks_prefer_no_auth;
2141 listener->entry_cfg.extended_socks5_codes;
2142 break;
2145 /* XXXX028 -- is this correct still, with the addition of
2146 * pending_entry_connections ? */
2152 break;
2155 }
2156 break;
2157 case CONN_TYPE_DIR:
2160 break;
2161 case CONN_TYPE_CONTROL:
2163 break;
2164 }
2165 return 0;
2166}
2167
2168/** Take conn, make a nonblocking socket; try to connect to
2169 * sa, binding to bindaddr if sa is not localhost. If fail, return -1 and if
2170 * applicable put your best guess about errno into *<b>socket_error</b>.
2171 * If connected return 1, if EAGAIN return 0.
2172 */
2173MOCK_IMPL(STATIC int,
2175 const struct sockaddr *sa,
2176 socklen_t sa_len,
2177 const struct sockaddr *bindaddr,
2178 socklen_t bindaddr_len,
2179 int *socket_error))
2180{
2181 tor_socket_t s;
2182 int inprogress = 0;
2183 const or_options_t *options = get_options();
2184
2185 tor_assert(conn);
2186 tor_assert(sa);
2187 tor_assert(socket_error);
2188
2190 /* We should never even try to connect anyplace if the network is
2191 * completely shut off.
2192 *
2193 * (We don't check net_is_disabled() here, since we still sometimes
2194 * want to open connections when we're in soft hibernation.)
2195 */
2196 static ratelim_t disablenet_violated = RATELIM_INIT(30*60);
2197 *socket_error = SOCK_ERRNO(ENETUNREACH);
2198 log_fn_ratelim(&disablenet_violated, LOG_WARN, LD_BUG,
2199 "Tried to open a socket with DisableNetwork set.");
2201 return -1;
2202 }
2203
2204 const int protocol_family = sa->sa_family;
2205 const int proto = (sa->sa_family == AF_INET6 ||
2206 sa->sa_family == AF_INET) ? IPPROTO_TCP : 0;
2207
2208 s = tor_open_socket_nonblocking(protocol_family, SOCK_STREAM, proto);
2209 if (! SOCKET_OK(s)) {
2210 /*
2211 * Early OOS handler calls; it matters if it's an exhaustion-related
2212 * error or not.
2213 */
2214 *socket_error = tor_socket_errno(s);
2215 if (ERRNO_IS_RESOURCE_LIMIT(*socket_error)) {
2218 } else {
2219 log_warn(LD_NET,"Error creating network socket: %s",
2220 tor_socket_strerror(*socket_error));
2222 }
2223 return -1;
2224 }
2225
2226 if (make_socket_reuseable(s) < 0) {
2227 log_warn(LD_NET, "Error setting SO_REUSEADDR flag on new connection: %s",
2228 tor_socket_strerror(errno));
2229 }
2230
2231 /* From ip(7): Inform the kernel to not reserve an ephemeral port when using
2232 * bind(2) with a port number of 0. The port will later be automatically
2233 * chosen at connect(2) time, in a way that allows sharing a source port as
2234 * long as the 4-tuple is unique.
2235 *
2236 * This is needed for relays using OutboundBindAddresses because the port
2237 * value in the bind address is set to 0. */
2238#ifdef IP_BIND_ADDRESS_NO_PORT
2239 static int try_ip_bind_address_no_port = 1;
2240 if (bindaddr && try_ip_bind_address_no_port &&
2241 setsockopt(s, SOL_IP, IP_BIND_ADDRESS_NO_PORT, &(int){1}, sizeof(int))) {
2242 if (errno == EINVAL) {
2243 log_notice(LD_NET, "Tor was built with support for "
2244 "IP_BIND_ADDRESS_NO_PORT, but the current kernel "
2245 "doesn't support it. This might cause Tor to run out "
2246 "of ephemeral ports more quickly.");
2247 try_ip_bind_address_no_port = 0;
2248 } else {
2249 log_warn(LD_NET, "Error setting IP_BIND_ADDRESS_NO_PORT on new "
2250 "connection: %s", tor_socket_strerror(errno));
2251 }
2252 }
2253#endif
2254
2255 if (bindaddr && bind(s, bindaddr, bindaddr_len) < 0) {
2256 *socket_error = tor_socket_errno(s);
2257 if (ERRNO_IS_EADDRINUSE(*socket_error)) {
2260 } else {
2261 log_warn(LD_NET,"Error binding network socket: %s",
2262 tor_socket_strerror(*socket_error));
2264 }
2266 return -1;
2267 }
2268
2269 /*
2270 * We've got the socket open and bound; give the OOS handler a chance to
2271 * check against configured maximum socket number, but tell it no exhaustion
2272 * failure.
2273 */
2275
2276 tor_assert(options);
2277 if (options->ConstrainedSockets)
2279
2280 if (connect(s, sa, sa_len) < 0) {
2281 int e = tor_socket_errno(s);
2282 if (!ERRNO_IS_CONN_EINPROGRESS(e)) {
2283 /* yuck. kill it. */
2284 *socket_error = e;
2285 log_info(LD_NET,
2286 "connect() to socket failed: %s",
2287 tor_socket_strerror(e));
2289 return -1;
2290 } else {
2291 inprogress = 1;
2292 }
2293 }
2294
2295 note_connection(false /* outbound */, conn);
2296
2297 /* it succeeded. we're connected. */
2298 log_fn(inprogress ? LOG_DEBUG : LOG_INFO, LD_NET,
2299 "Connection to socket %s (sock "TOR_SOCKET_T_FORMAT").",
2300 inprogress ? "in progress" : "established", s);
2301 conn->s = s;
2302 if (connection_add_connecting(conn) < 0) {
2303 /* no space, forget it */
2304 *socket_error = SOCK_ERRNO(ENOBUFS);
2305 return -1;
2306 }
2307
2308 return inprogress ? 0 : 1;
2309}
2310
2311/* Log a message if connection attempt is made when IPv4 or IPv6 is disabled.
2312 * Log a less severe message if we couldn't conform to ClientPreferIPv6ORPort
2313 * or ClientPreferIPv6ORPort. */
2314static void
2315connection_connect_log_client_use_ip_version(const connection_t *conn)
2316{
2317 const or_options_t *options = get_options();
2318
2319 /* Only clients care about ClientUseIPv4/6, bail out early on servers, and
2320 * on connections we don't care about */
2321 if (server_mode(options) || !conn || conn->type == CONN_TYPE_EXIT) {
2322 return;
2323 }
2324
2325 /* We're only prepared to log OR and DIR connections here */
2326 if (conn->type != CONN_TYPE_OR && conn->type != CONN_TYPE_DIR) {
2327 return;
2328 }
2329
2330 const int must_ipv4 = !reachable_addr_use_ipv6(options);
2331 const int must_ipv6 = (options->ClientUseIPv4 == 0);
2332 const int pref_ipv6 = (conn->type == CONN_TYPE_OR
2335 tor_addr_t real_addr;
2336 tor_addr_copy(&real_addr, &conn->addr);
2337
2338 /* Check if we broke a mandatory address family restriction */
2339 if ((must_ipv4 && tor_addr_family(&real_addr) == AF_INET6)
2340 || (must_ipv6 && tor_addr_family(&real_addr) == AF_INET)) {
2341 static int logged_backtrace = 0;
2342 log_info(LD_BUG, "Outgoing %s connection to %s violated ClientUseIPv%s 0.",
2343 conn->type == CONN_TYPE_OR ? "OR" : "Dir",
2344 fmt_addr(&real_addr),
2345 options->ClientUseIPv4 == 0 ? "4" : "6");
2346 if (!logged_backtrace) {
2347 log_backtrace(LOG_INFO, LD_BUG, "Address came from");
2348 logged_backtrace = 1;
2349 }
2350 }
2351
2352 /* Bridges are allowed to break IPv4/IPv6 ORPort preferences to connect to
2353 * the node's configured address when ClientPreferIPv6ORPort is auto */
2354 if (options->UseBridges && conn->type == CONN_TYPE_OR
2355 && options->ClientPreferIPv6ORPort == -1) {
2356 return;
2357 }
2358
2359 if (reachable_addr_use_ipv6(options)) {
2360 log_info(LD_NET, "Our outgoing connection is using IPv%d.",
2361 tor_addr_family(&real_addr) == AF_INET6 ? 6 : 4);
2362 }
2363
2364 /* Check if we couldn't satisfy an address family preference */
2365 if ((!pref_ipv6 && tor_addr_family(&real_addr) == AF_INET6)
2366 || (pref_ipv6 && tor_addr_family(&real_addr) == AF_INET)) {
2367 log_info(LD_NET, "Outgoing connection to %s doesn't satisfy "
2368 "ClientPreferIPv6%sPort %d, with ClientUseIPv4 %d, and "
2369 "reachable_addr_use_ipv6 %d (ClientUseIPv6 %d and UseBridges "
2370 "%d).",
2371 fmt_addr(&real_addr),
2372 conn->type == CONN_TYPE_OR ? "OR" : "Dir",
2373 conn->type == CONN_TYPE_OR ? options->ClientPreferIPv6ORPort
2374 : options->ClientPreferIPv6DirPort,
2375 options->ClientUseIPv4, reachable_addr_use_ipv6(options),
2376 options->ClientUseIPv6, options->UseBridges);
2377 }
2378}
2379
2380/** Retrieve the outbound address depending on the protocol (IPv4 or IPv6)
2381 * and the connection type (relay, exit, ...)
2382 * Return a socket address or NULL in case nothing is configured.
2383 **/
2384const tor_addr_t *
2386 const or_options_t *options, unsigned int conn_type)
2387{
2388 const tor_addr_t *ext_addr = NULL;
2389
2390 int fam_index;
2391 switch (family) {
2392 case AF_INET:
2393 fam_index = 0;
2394 break;
2395 case AF_INET6:
2396 fam_index = 1;
2397 break;
2398 default:
2399 return NULL;
2400 }
2401
2402 // If an exit connection, use the exit address (if present)
2403 if (conn_type == CONN_TYPE_EXIT) {
2404 if (!tor_addr_is_null(
2405 &options->OutboundBindAddresses[OUTBOUND_ADDR_EXIT][fam_index])) {
2406 ext_addr = &options->OutboundBindAddresses[OUTBOUND_ADDR_EXIT]
2407 [fam_index];
2408 } else if (!tor_addr_is_null(
2410 [fam_index])) {
2411 ext_addr = &options->OutboundBindAddresses[OUTBOUND_ADDR_ANY]
2412 [fam_index];
2413 }
2414 } else { // All non-exit connections
2415 if (!tor_addr_is_null(
2416 &options->OutboundBindAddresses[OUTBOUND_ADDR_OR][fam_index])) {
2417 ext_addr = &options->OutboundBindAddresses[OUTBOUND_ADDR_OR]
2418 [fam_index];
2419 } else if (!tor_addr_is_null(
2421 [fam_index])) {
2422 ext_addr = &options->OutboundBindAddresses[OUTBOUND_ADDR_ANY]
2423 [fam_index];
2424 }
2425 }
2426 return ext_addr;
2427}
2428
2429/** Take conn, make a nonblocking socket; try to connect to
2430 * addr:port (port arrives in *host order*). If fail, return -1 and if
2431 * applicable put your best guess about errno into *<b>socket_error</b>.
2432 * Else assign s to conn->s: if connected return 1, if EAGAIN return 0.
2433 *
2434 * addr:port can be different to conn->addr:conn->port if connecting through
2435 * a proxy.
2436 *
2437 * address is used to make the logs useful.
2438 *
2439 * On success, add conn to the list of polled connections.
2440 */
2441int
2442connection_connect(connection_t *conn, const char *address,
2443 const tor_addr_t *addr, uint16_t port, int *socket_error)
2444{
2445 struct sockaddr_storage addrbuf;
2446 struct sockaddr_storage bind_addr_ss;
2447 struct sockaddr *bind_addr = NULL;
2448 struct sockaddr *dest_addr;
2449 int dest_addr_len, bind_addr_len = 0;
2450
2451 /* Log if we didn't stick to ClientUseIPv4/6 or ClientPreferIPv6OR/DirPort
2452 */
2453 connection_connect_log_client_use_ip_version(conn);
2454
2455 if (!tor_addr_is_loopback(addr)) {
2456 const tor_addr_t *ext_addr = NULL;
2458 conn->type);
2459 if (ext_addr) {
2460 memset(&bind_addr_ss, 0, sizeof(bind_addr_ss));
2461 bind_addr_len = tor_addr_to_sockaddr(ext_addr, 0,
2462 (struct sockaddr *) &bind_addr_ss,
2463 sizeof(bind_addr_ss));
2464 if (bind_addr_len == 0) {
2465 log_warn(LD_NET,
2466 "Error converting OutboundBindAddress %s into sockaddr. "
2467 "Ignoring.", fmt_and_decorate_addr(ext_addr));
2468 } else {
2469 bind_addr = (struct sockaddr *)&bind_addr_ss;
2470 }
2471 }
2472 }
2473
2474 memset(&addrbuf,0,sizeof(addrbuf));
2475 dest_addr = (struct sockaddr*) &addrbuf;
2476 dest_addr_len = tor_addr_to_sockaddr(addr, port, dest_addr, sizeof(addrbuf));
2477 tor_assert(dest_addr_len > 0);
2478
2479 log_debug(LD_NET, "Connecting to %s:%u.",
2480 escaped_safe_str_client(address), port);
2481
2482 return connection_connect_sockaddr(conn, dest_addr, dest_addr_len,
2483 bind_addr, bind_addr_len, socket_error);
2484}
2485
2486#ifdef HAVE_SYS_UN_H
2487
2488/** Take conn, make a nonblocking socket; try to connect to
2489 * an AF_UNIX socket at socket_path. If fail, return -1 and if applicable
2490 * put your best guess about errno into *<b>socket_error</b>. Else assign s
2491 * to conn->s: if connected return 1, if EAGAIN return 0.
2492 *
2493 * On success, add conn to the list of polled connections.
2494 */
2495int
2496connection_connect_unix(connection_t *conn, const char *socket_path,
2497 int *socket_error)
2498{
2499 struct sockaddr_un dest_addr;
2500
2501 tor_assert(socket_path);
2502
2503 /* Check that we'll be able to fit it into dest_addr later */
2504 if (strlen(socket_path) + 1 > sizeof(dest_addr.sun_path)) {
2505 log_warn(LD_NET,
2506 "Path %s is too long for an AF_UNIX socket\n",
2507 escaped_safe_str_client(socket_path));
2508 *socket_error = SOCK_ERRNO(ENAMETOOLONG);
2509 return -1;
2510 }
2511
2512 memset(&dest_addr, 0, sizeof(dest_addr));
2513 dest_addr.sun_family = AF_UNIX;
2514 strlcpy(dest_addr.sun_path, socket_path, sizeof(dest_addr.sun_path));
2515
2516 log_debug(LD_NET,
2517 "Connecting to AF_UNIX socket at %s.",
2518 escaped_safe_str_client(socket_path));
2519
2520 return connection_connect_sockaddr(conn,
2521 (struct sockaddr *)&dest_addr, sizeof(dest_addr),
2522 NULL, 0, socket_error);
2523}
2524
2525#endif /* defined(HAVE_SYS_UN_H) */
2526
2527/** Convert state number to string representation for logging purposes.
2528 */
2529static const char *
2531{
2532 static const char *unknown = "???";
2533 static const char *states[] = {
2534 "PROXY_NONE",
2535 "PROXY_INFANT",
2536 "PROXY_HTTPS_WANT_CONNECT_OK",
2537 "PROXY_SOCKS4_WANT_CONNECT_OK",
2538 "PROXY_SOCKS5_WANT_AUTH_METHOD_NONE",
2539 "PROXY_SOCKS5_WANT_AUTH_METHOD_RFC1929",
2540 "PROXY_SOCKS5_WANT_AUTH_RFC1929_OK",
2541 "PROXY_SOCKS5_WANT_CONNECT_OK",
2542 "PROXY_HAPROXY_WAIT_FOR_FLUSH",
2543 "PROXY_CONNECTED",
2544 };
2545
2546 CTASSERT(ARRAY_LENGTH(states) == PROXY_CONNECTED+1);
2547
2548 if (state < PROXY_NONE || state > PROXY_CONNECTED)
2549 return unknown;
2550
2551 return states[state];
2552}
2553
2554/** Returns the proxy type used by tor for a single connection, for
2555 * logging or high-level purposes. Don't use it to fill the
2556 * <b>proxy_type</b> field of or_connection_t; use the actual proxy
2557 * protocol instead.*/
2558static int
2560{
2561 const or_options_t *options = get_options();
2562
2563 if (options->ClientTransportPlugin) {
2564 /* If we have plugins configured *and* this addr/port is a known bridge
2565 * with a transport, then we should be PROXY_PLUGGABLE. */
2566 const transport_t *transport = NULL;
2567 int r;
2568 r = get_transport_by_bridge_addrport(&conn->addr, conn->port, &transport);
2569 if (r == 0 && transport)
2570 return PROXY_PLUGGABLE;
2571 }
2572
2573 /* In all other cases, we're using a global proxy. */
2574 if (options->HTTPSProxy)
2575 return PROXY_CONNECT;
2576 else if (options->Socks4Proxy)
2577 return PROXY_SOCKS4;
2578 else if (options->Socks5Proxy)
2579 return PROXY_SOCKS5;
2580 else if (options->TCPProxy) {
2581 /* The only supported protocol in TCPProxy is haproxy. */
2583 return PROXY_HAPROXY;
2584 } else
2585 return PROXY_NONE;
2586}
2587
2588/* One byte for the version, one for the command, two for the
2589 port, and four for the addr... and, one more for the
2590 username NUL: */
2591#define SOCKS4_STANDARD_BUFFER_SIZE (1 + 1 + 2 + 4 + 1)
2592
2593/** Write a proxy request of https to conn for conn->addr:conn->port,
2594 * authenticating with the auth details given in the configuration
2595 * (if available).
2596 *
2597 * Returns -1 if conn->addr is incompatible with the proxy protocol, and
2598 * 0 otherwise.
2599 */
2600static int
2602{
2603 tor_assert(conn);
2604
2605 const or_options_t *options = get_options();
2606 char buf[1024];
2607 char *base64_authenticator = NULL;
2608 const char *authenticator = options->HTTPSProxyAuthenticator;
2609
2610 /* Send HTTP CONNECT and authentication (if available) in
2611 * one request */
2612
2613 if (authenticator) {
2614 base64_authenticator = alloc_http_authenticator(authenticator);
2615 if (!base64_authenticator)
2616 log_warn(LD_OR, "Encoding https authenticator failed");
2617 }
2618
2619 if (base64_authenticator) {
2620 const char *addrport = fmt_addrport(&conn->addr, conn->port);
2621 tor_snprintf(buf, sizeof(buf), "CONNECT %s HTTP/1.1\r\n"
2622 "Host: %s\r\n"
2623 "Proxy-Authorization: Basic %s\r\n\r\n",
2624 addrport,
2625 addrport,
2626 base64_authenticator);
2627 tor_free(base64_authenticator);
2628 } else {
2629 tor_snprintf(buf, sizeof(buf), "CONNECT %s HTTP/1.0\r\n\r\n",
2630 fmt_addrport(&conn->addr, conn->port));
2631 }
2632
2633 connection_buf_add(buf, strlen(buf), conn);
2634 conn->proxy_state = PROXY_HTTPS_WANT_CONNECT_OK;
2635
2636 return 0;
2637}
2638
2639/** Write a proxy request of socks4 to conn for conn->addr:conn->port.
2640 *
2641 * Returns -1 if conn->addr is incompatible with the proxy protocol, and
2642 * 0 otherwise.
2643 */
2644static int
2646{
2647 tor_assert(conn);
2648
2649 unsigned char *buf;
2650 uint16_t portn;
2651 uint32_t ip4addr;
2652 size_t buf_size = 0;
2653 char *socks_args_string = NULL;
2654
2655 /* Send a SOCKS4 connect request */
2656
2657 if (tor_addr_family(&conn->addr) != AF_INET) {
2658 log_warn(LD_NET, "SOCKS4 client is incompatible with IPv6");
2659 return -1;
2660 }
2661
2662 { /* If we are here because we are trying to connect to a
2663 pluggable transport proxy, check if we have any SOCKS
2664 arguments to transmit. If we do, compress all arguments to
2665 a single string in 'socks_args_string': */
2666
2667 if (conn_get_proxy_type(conn) == PROXY_PLUGGABLE) {
2668 socks_args_string =
2670 if (socks_args_string)
2671 log_debug(LD_NET, "Sending out '%s' as our SOCKS argument string.",
2672 socks_args_string);
2673 }
2674 }
2675
2676 { /* Figure out the buffer size we need for the SOCKS message: */
2677
2678 buf_size = SOCKS4_STANDARD_BUFFER_SIZE;
2679
2680 /* If we have a SOCKS argument string, consider its size when
2681 calculating the buffer size: */
2682 if (socks_args_string)
2683 buf_size += strlen(socks_args_string);
2684 }
2685
2686 buf = tor_malloc_zero(buf_size);
2687
2688 ip4addr = tor_addr_to_ipv4n(&conn->addr);
2689 portn = htons(conn->port);
2690
2691 buf[0] = 4; /* version */
2692 buf[1] = SOCKS_COMMAND_CONNECT; /* command */
2693 memcpy(buf + 2, &portn, 2); /* port */
2694 memcpy(buf + 4, &ip4addr, 4); /* addr */
2695
2696 /* Next packet field is the userid. If we have pluggable
2697 transport SOCKS arguments, we have to embed them
2698 there. Otherwise, we use an empty userid. */
2699 if (socks_args_string) { /* place the SOCKS args string: */
2700 tor_assert(strlen(socks_args_string) > 0);
2701 tor_assert(buf_size >=
2702 SOCKS4_STANDARD_BUFFER_SIZE + strlen(socks_args_string));
2703 strlcpy((char *)buf + 8, socks_args_string, buf_size - 8);
2704 tor_free(socks_args_string);
2705 } else {
2706 buf[8] = 0; /* no userid */
2707 }
2708
2709 connection_buf_add((char *)buf, buf_size, conn);
2710 tor_free(buf);
2711
2712 conn->proxy_state = PROXY_SOCKS4_WANT_CONNECT_OK;
2713 return 0;
2714}
2715
2716/** Write a proxy request of socks5 to conn for conn->addr:conn->port,
2717 * authenticating with the auth details given in the configuration
2718 * (if available).
2719 *
2720 * Returns -1 if conn->addr is incompatible with the proxy protocol, and
2721 * 0 otherwise.
2722 */
2723static int
2725{
2726 tor_assert(conn);
2727
2728 const or_options_t *options = get_options();
2729 unsigned char buf[4]; /* fields: vers, num methods, method list */
2730
2731 /* Send a SOCKS5 greeting (connect request must wait) */
2732
2733 buf[0] = 5; /* version */
2734
2735 /* We have to use SOCKS5 authentication, if we have a
2736 Socks5ProxyUsername or if we want to pass arguments to our
2737 pluggable transport proxy: */
2738 if ((options->Socks5ProxyUsername) ||
2739 (conn_get_proxy_type(conn) == PROXY_PLUGGABLE &&
2740 (get_socks_args_by_bridge_addrport(&conn->addr, conn->port)))) {
2741 /* number of auth methods */
2742 buf[1] = 2;
2743 buf[2] = 0x00; /* no authentication */
2744 buf[3] = 0x02; /* rfc1929 Username/Passwd auth */
2745 conn->proxy_state = PROXY_SOCKS5_WANT_AUTH_METHOD_RFC1929;
2746 } else {
2747 buf[1] = 1;
2748 buf[2] = 0x00; /* no authentication */
2749 conn->proxy_state = PROXY_SOCKS5_WANT_AUTH_METHOD_NONE;
2750 }
2751
2752 connection_buf_add((char *)buf, 2 + buf[1], conn);
2753 return 0;
2754}
2755
2756/** Write a proxy request of haproxy to conn for conn->addr:conn->port.
2757 *
2758 * Returns -1 if conn->addr is incompatible with the proxy protocol, and
2759 * 0 otherwise.
2760 */
2761static int
2763{
2764 int ret = 0;
2765 tor_addr_port_t *addr_port = tor_addr_port_new(&conn->addr, conn->port);
2766 char *buf = haproxy_format_proxy_header_line(addr_port);
2767
2768 if (buf == NULL) {
2769 ret = -1;
2770 goto done;
2771 }
2772
2773 connection_buf_add(buf, strlen(buf), conn);
2774 /* In haproxy, we don't have to wait for the response, but we wait for ack.
2775 * So we can set the state to be PROXY_HAPROXY_WAIT_FOR_FLUSH. */
2776 conn->proxy_state = PROXY_HAPROXY_WAIT_FOR_FLUSH;
2777
2778 ret = 0;
2779 done:
2780 tor_free(buf);
2781 tor_free(addr_port);
2782 return ret;
2783}
2784
2785/** Write a proxy request of <b>type</b> (socks4, socks5, https, haproxy)
2786 * to conn for conn->addr:conn->port, authenticating with the auth details
2787 * given in the configuration (if available). SOCKS 5 and HTTP CONNECT
2788 * proxies support authentication.
2789 *
2790 * Returns -1 if conn->addr is incompatible with the proxy protocol, and
2791 * 0 otherwise.
2792 *
2793 * Use connection_read_proxy_handshake() to complete the handshake.
2794 */
2795int
2797{
2798 int ret = 0;
2799
2800 tor_assert(conn);
2801
2802 switch (type) {
2803 case PROXY_CONNECT:
2805 break;
2806
2807 case PROXY_SOCKS4:
2809 break;
2810
2811 case PROXY_SOCKS5:
2813 break;
2814
2815 case PROXY_HAPROXY:
2817 break;
2818
2819 default:
2820 log_err(LD_BUG, "Invalid proxy protocol, %d", type);
2822 ret = -1;
2823 break;
2824 }
2825
2826 if (ret == 0) {
2827 log_debug(LD_NET, "set state %s",
2829 }
2830
2831 return ret;
2832}
2833
2834/** Read conn's inbuf. If the http response from the proxy is all
2835 * here, make sure it's good news, then return 1. If it's bad news,
2836 * return -1. Else return 0 and hope for better luck next time.
2837 */
2838static int
2840{
2841 char *headers;
2842 char *reason=NULL;
2843 int status_code;
2844 time_t date_header;
2845
2846 switch (fetch_from_buf_http(conn->inbuf,
2847 &headers, MAX_HEADERS_SIZE,
2848 NULL, NULL, 10000, 0)) {
2849 case -1: /* overflow */
2850 log_warn(LD_PROTOCOL,
2851 "Your https proxy sent back an oversized response. Closing.");
2852 return -1;
2853 case 0:
2854 log_info(LD_NET,"https proxy response not all here yet. Waiting.");
2855 return 0;
2856 /* case 1, fall through */
2857 }
2858
2859 if (parse_http_response(headers, &status_code, &date_header,
2860 NULL, &reason) < 0) {
2861 log_warn(LD_NET,
2862 "Unparseable headers from proxy (%s). Closing.",
2863 connection_describe(conn));
2864 tor_free(headers);
2865 return -1;
2866 }
2867 tor_free(headers);
2868 if (!reason) reason = tor_strdup("[no reason given]");
2869
2870 if (status_code == 200) {
2871 log_info(LD_NET,
2872 "HTTPS connect for %s successful! (200 %s) Starting TLS.",
2873 connection_describe(conn), escaped(reason));
2874 tor_free(reason);
2875 return 1;
2876 }
2877 /* else, bad news on the status code */
2878 switch (status_code) {
2879 case 403:
2880 log_warn(LD_NET,
2881 "The https proxy refused to allow connection to %s "
2882 "(status code %d, %s). Closing.",
2883 conn->address, status_code, escaped(reason));
2884 break;
2885 default:
2886 log_warn(LD_NET,
2887 "The https proxy sent back an unexpected status code %d (%s). "
2888 "Closing.",
2889 status_code, escaped(reason));
2890 break;
2891 }
2892 tor_free(reason);
2893 return -1;
2894}
2895
2896/** Send SOCKS5 CONNECT command to <b>conn</b>, copying <b>conn->addr</b>
2897 * and <b>conn->port</b> into the request.
2898 */
2899static void
2901{
2902 unsigned char buf[1024];
2903 size_t reqsize = 6;
2904 uint16_t port = htons(conn->port);
2905
2906 buf[0] = 5; /* version */
2907 buf[1] = SOCKS_COMMAND_CONNECT; /* command */
2908 buf[2] = 0; /* reserved */
2909
2910 if (tor_addr_family(&conn->addr) == AF_INET) {
2911 uint32_t addr = tor_addr_to_ipv4n(&conn->addr);
2912
2913 buf[3] = 1;
2914 reqsize += 4;
2915 memcpy(buf + 4, &addr, 4);
2916 memcpy(buf + 8, &port, 2);
2917 } else { /* AF_INET6 */
2918 buf[3] = 4;
2919 reqsize += 16;
2920 memcpy(buf + 4, tor_addr_to_in6_addr8(&conn->addr), 16);
2921 memcpy(buf + 20, &port, 2);
2922 }
2923
2924 connection_buf_add((char *)buf, reqsize, conn);
2925
2926 conn->proxy_state = PROXY_SOCKS5_WANT_CONNECT_OK;
2927}
2928
2929/** Wrapper around fetch_from_buf_socks_client: see that functions
2930 * for documentation of its behavior. */
2931static int
2933 int state, char **reason)
2934{
2935 return fetch_from_buf_socks_client(conn->inbuf, state, reason);
2936}
2937
2938/** Call this from connection_*_process_inbuf() to advance the proxy
2939 * handshake.
2940 *
2941 * No matter what proxy protocol is used, if this function returns 1, the
2942 * handshake is complete, and the data remaining on inbuf may contain the
2943 * start of the communication with the requested server.
2944 *
2945 * Returns 0 if the current buffer contains an incomplete response, and -1
2946 * on error.
2947 */
2948int
2950{
2951 int ret = 0;
2952 char *reason = NULL;
2953
2954 log_debug(LD_NET, "enter state %s",
2956
2957 switch (conn->proxy_state) {
2958 case PROXY_HTTPS_WANT_CONNECT_OK:
2960 if (ret == 1)
2961 conn->proxy_state = PROXY_CONNECTED;
2962 break;
2963
2964 case PROXY_SOCKS4_WANT_CONNECT_OK:
2966 conn->proxy_state,
2967 &reason);
2968 if (ret == 1)
2969 conn->proxy_state = PROXY_CONNECTED;
2970 break;
2971
2972 case PROXY_SOCKS5_WANT_AUTH_METHOD_NONE:
2974 conn->proxy_state,
2975 &reason);
2976 /* no auth needed, do connect */
2977 if (ret == 1) {
2979 ret = 0;
2980 }
2981 break;
2982
2983 case PROXY_SOCKS5_WANT_AUTH_METHOD_RFC1929:
2985 conn->proxy_state,
2986 &reason);
2987
2988 /* send auth if needed, otherwise do connect */
2989 if (ret == 1) {
2991 ret = 0;
2992 } else if (ret == 2) {
2993 unsigned char buf[1024];
2994 size_t reqsize, usize, psize;
2995 const char *user, *pass;
2996 char *socks_args_string = NULL;
2997
2998 if (conn_get_proxy_type(conn) == PROXY_PLUGGABLE) {
2999 socks_args_string =
3001 if (!socks_args_string) {
3002 log_warn(LD_NET, "Could not create SOCKS args string for PT.");
3003 ret = -1;
3004 break;
3005 }
3006
3007 log_debug(LD_NET, "PT SOCKS5 arguments: %s", socks_args_string);
3008 tor_assert(strlen(socks_args_string) > 0);
3009 tor_assert(strlen(socks_args_string) <= MAX_SOCKS5_AUTH_SIZE_TOTAL);
3010
3011 if (strlen(socks_args_string) > MAX_SOCKS5_AUTH_FIELD_SIZE) {
3012 user = socks_args_string;
3014 pass = socks_args_string + MAX_SOCKS5_AUTH_FIELD_SIZE;
3015 psize = strlen(socks_args_string) - MAX_SOCKS5_AUTH_FIELD_SIZE;
3016 } else {
3017 user = socks_args_string;
3018 usize = strlen(socks_args_string);
3019 pass = "\0";
3020 psize = 1;
3021 }
3022 } else if (get_options()->Socks5ProxyUsername) {
3025 tor_assert(user && pass);
3026 usize = strlen(user);
3027 psize = strlen(pass);
3028 } else {
3029 log_err(LD_BUG, "We entered %s for no reason!", __func__);
3031 ret = -1;
3032 break;
3033 }
3034
3035 /* Username and password lengths should have been checked
3036 above and during torrc parsing. */
3039 reqsize = 3 + usize + psize;
3040
3041 buf[0] = 1; /* negotiation version */
3042 buf[1] = usize;
3043 memcpy(buf + 2, user, usize);
3044 buf[2 + usize] = psize;
3045 memcpy(buf + 3 + usize, pass, psize);
3046
3047 if (socks_args_string)
3048 tor_free(socks_args_string);
3049
3050 connection_buf_add((char *)buf, reqsize, conn);
3051
3052 conn->proxy_state = PROXY_SOCKS5_WANT_AUTH_RFC1929_OK;
3053 ret = 0;
3054 }
3055 break;
3056
3057 case PROXY_SOCKS5_WANT_AUTH_RFC1929_OK:
3059 conn->proxy_state,
3060 &reason);
3061 /* send the connect request */
3062 if (ret == 1) {
3064 ret = 0;
3065 }
3066 break;
3067
3068 case PROXY_SOCKS5_WANT_CONNECT_OK:
3070 conn->proxy_state,
3071 &reason);
3072 if (ret == 1)
3073 conn->proxy_state = PROXY_CONNECTED;
3074 break;
3075
3076 default:
3077 log_err(LD_BUG, "Invalid proxy_state for reading, %d",
3078 conn->proxy_state);
3080 ret = -1;
3081 break;
3082 }
3083
3084 log_debug(LD_NET, "leaving state %s",
3086
3087 if (ret < 0) {
3088 if (reason) {
3089 log_warn(LD_NET, "Proxy Client: unable to connect %s (%s)",
3090 connection_describe(conn), escaped(reason));
3091 tor_free(reason);
3092 } else {
3093 log_warn(LD_NET, "Proxy Client: unable to connect %s",
3094 connection_describe(conn));
3095 }
3096 } else if (ret == 1) {
3097 log_info(LD_NET, "Proxy Client: %s successful",
3098 connection_describe(conn));
3099 }
3100
3101 return ret;
3102}
3103
3104/** Given a list of listener connections in <b>old_conns</b>, and list of
3105 * port_cfg_t entries in <b>ports</b>, open a new listener for every port in
3106 * <b>ports</b> that does not already have a listener in <b>old_conns</b>.
3107 *
3108 * Remove from <b>old_conns</b> every connection that has a corresponding
3109 * entry in <b>ports</b>. Add to <b>new_conns</b> new every connection we
3110 * launch. If we may need to perform socket rebind when creating new
3111 * listener that replaces old one, create a <b>listener_replacement_t</b>
3112 * struct for affected pair and add it to <b>replacements</b>.
3113 *
3114 * If <b>control_listeners_only</b> is true, then we only open control
3115 * listeners, and we do not remove any noncontrol listeners from
3116 * old_conns.
3117 *
3118 * Return 0 on success, -1 on failure.
3119 **/
3120static int
3122 const smartlist_t *ports,
3123 smartlist_t *new_conns,
3124 smartlist_t *replacements,
3125 int control_listeners_only)
3126{
3127#ifndef ENABLE_LISTENER_REBIND
3128 (void)replacements;
3129#endif
3130
3131 smartlist_t *launch = smartlist_new();
3132 int r = 0;
3133
3134 if (control_listeners_only) {
3135 SMARTLIST_FOREACH(ports, port_cfg_t *, p, {
3136 if (p->type == CONN_TYPE_CONTROL_LISTENER)
3137 smartlist_add(launch, p);
3138 });
3139 } else {
3140 smartlist_add_all(launch, ports);
3141 }
3142
3143 /* Iterate through old_conns, comparing it to launch: remove from both lists
3144 * each pair of elements that corresponds to the same port. */
3145 SMARTLIST_FOREACH_BEGIN(old_conns, connection_t *, conn) {
3146 const port_cfg_t *found_port = NULL;
3147
3148 /* Okay, so this is a listener. Is it configured? */
3149 /* That is, is it either: 1) exact match - address and port
3150 * pair match exactly between old listener and new port; or 2)
3151 * wildcard match - port matches exactly, but *one* of the
3152 * addresses is wildcard (0.0.0.0 or ::)?
3153 */
3154 SMARTLIST_FOREACH_BEGIN(launch, const port_cfg_t *, wanted) {
3155 if (conn->type != wanted->type)
3156 continue;
3157 if ((conn->socket_family != AF_UNIX && wanted->is_unix_addr) ||
3158 (conn->socket_family == AF_UNIX && ! wanted->is_unix_addr))
3159 continue;
3160
3161 if (wanted->server_cfg.no_listen)
3162 continue; /* We don't want to open a listener for this one */
3163
3164 if (wanted->is_unix_addr) {
3165 if (conn->socket_family == AF_UNIX &&
3166 !strcmp(wanted->unix_addr, conn->address)) {
3167 found_port = wanted;
3168 break;
3169 }
3170 } else {
3171 /* Numeric values of old and new port match exactly. */
3172 const int port_matches_exact = (wanted->port == conn->port);
3173 /* Ports match semantically - either their specific values
3174 match exactly, or new port is 'auto'.
3175 */
3176 const int port_matches = (wanted->port == CFG_AUTO_PORT ||
3177 port_matches_exact);
3178
3179 if (port_matches && tor_addr_eq(&wanted->addr, &conn->addr)) {
3180 found_port = wanted;
3181 break;
3182 }
3183#ifdef ENABLE_LISTENER_REBIND
3184 /* Rebinding may be needed if all of the following are true:
3185 * 1) Address family is the same in old and new listeners.
3186 * 2) Port number matches exactly (numeric value is the same).
3187 * 3) *One* of listeners (either old one or new one) has a
3188 * wildcard IP address (0.0.0.0 or [::]).
3189 *
3190 * These are the exact conditions for a first bind() syscall
3191 * to fail with EADDRINUSE.
3192 */
3193 const int may_need_rebind =
3194 tor_addr_family(&wanted->addr) == tor_addr_family(&conn->addr) &&
3195 port_matches_exact && bool_neq(tor_addr_is_null(&wanted->addr),
3196 tor_addr_is_null(&conn->addr));
3197 if (replacements && may_need_rebind) {
3198 listener_replacement_t *replacement =
3199 tor_malloc(sizeof(listener_replacement_t));
3200
3201 replacement->old_conn = conn;
3202 replacement->new_port = wanted;
3203 smartlist_add(replacements, replacement);
3204
3205 SMARTLIST_DEL_CURRENT(launch, wanted);
3206 SMARTLIST_DEL_CURRENT(old_conns, conn);
3207 break;
3208 }
3209#endif /* defined(ENABLE_LISTENER_REBIND) */
3210 }
3211 } SMARTLIST_FOREACH_END(wanted);
3212
3213 if (found_port) {
3214 /* This listener is already running; we don't need to launch it. */
3215 //log_debug(LD_NET, "Already have %s on %s:%d",
3216 // conn_type_to_string(found_port->type), conn->address, conn->port);
3217 smartlist_remove(launch, found_port);
3218 /* And we can remove the connection from old_conns too. */
3219 SMARTLIST_DEL_CURRENT(old_conns, conn);
3220 }
3221 } SMARTLIST_FOREACH_END(conn);
3222
3223 /* Now open all the listeners that are configured but not opened. */
3224 SMARTLIST_FOREACH_BEGIN(launch, const port_cfg_t *, port) {
3225 int skip = 0;
3226 connection_t *conn = connection_listener_new_for_port(port, &skip, NULL);
3227
3228 if (conn && new_conns)
3229 smartlist_add(new_conns, conn);
3230 else if (!skip)
3231 r = -1;
3232 } SMARTLIST_FOREACH_END(port);
3233
3234 smartlist_free(launch);
3235
3236 return r;
3237}
3238
3239/** Launch listeners for each port you should have open. Only launch
3240 * listeners who are not already open, and only close listeners we no longer
3241 * want.
3242 *
3243 * Add all new connections to <b>new_conns</b>.
3244 *
3245 * If <b>close_all_noncontrol</b> is true, then we only open control
3246 * listeners, and we close all other listeners.
3247 */
3248int
3249retry_all_listeners(smartlist_t *new_conns, int close_all_noncontrol)
3250{
3251 smartlist_t *listeners = smartlist_new();
3252 smartlist_t *replacements = smartlist_new();
3253 const or_options_t *options = get_options();
3254 int retval = 0;
3255 const uint16_t old_or_port = routerconf_find_or_port(options, AF_INET);
3256 const uint16_t old_or_port_ipv6 =
3257 routerconf_find_or_port(options,AF_INET6);
3258 const uint16_t old_dir_port = routerconf_find_dir_port(options, 0);
3259
3261 if (connection_is_listener(conn) && !conn->marked_for_close)
3262 smartlist_add(listeners, conn);
3263 } SMARTLIST_FOREACH_END(conn);
3264
3265 if (retry_listener_ports(listeners,
3267 new_conns,
3268 replacements,
3269 close_all_noncontrol) < 0)
3270 retval = -1;
3271
3272#ifdef ENABLE_LISTENER_REBIND
3273 if (smartlist_len(replacements))
3274 log_debug(LD_NET, "%d replacements - starting rebinding loop.",
3275 smartlist_len(replacements));
3276
3278 int addr_in_use = 0;
3279 int skip = 0;
3280
3281 tor_assert(r->new_port);
3282 tor_assert(r->old_conn);
3283
3284 connection_t *new_conn =
3285 connection_listener_new_for_port(r->new_port, &skip, &addr_in_use);
3286 connection_t *old_conn = r->old_conn;
3287
3288 if (skip) {
3289 log_debug(LD_NET, "Skipping creating new listener for %s",
3290 connection_describe(old_conn));
3291 continue;
3292 }
3293
3295 connection_mark_for_close(old_conn);
3296
3297 if (addr_in_use) {
3298 new_conn = connection_listener_new_for_port(r->new_port,
3299 &skip, &addr_in_use);
3300 }
3301
3302 /* There are many reasons why we can't open a new listener port so in case
3303 * we hit those, bail early so tor can stop. */
3304 if (!new_conn) {
3305 log_warn(LD_NET, "Unable to create listener port: %s:%d",
3306 fmt_and_decorate_addr(&r->new_port->addr), r->new_port->port);
3307 retval = -1;
3308 break;
3309 }
3310
3311 smartlist_add(new_conns, new_conn);
3312
3313 char *old_desc = tor_strdup(connection_describe(old_conn));
3314 log_notice(LD_NET, "Closed no-longer-configured %s "
3315 "(replaced by %s)",
3316 old_desc, connection_describe(new_conn));
3317 tor_free(old_desc);
3318 } SMARTLIST_FOREACH_END(r);
3319#endif /* defined(ENABLE_LISTENER_REBIND) */
3320
3321 /* Any members that were still in 'listeners' don't correspond to
3322 * any configured port. Kill 'em. */
3323 SMARTLIST_FOREACH_BEGIN(listeners, connection_t *, conn) {
3324 log_notice(LD_NET, "Closing no-longer-configured %s on %s:%d",
3326 fmt_and_decorate_addr(&conn->addr), conn->port);
3328 connection_mark_for_close(conn);
3329 } SMARTLIST_FOREACH_END(conn);
3330
3331 smartlist_free(listeners);
3332 /* Cleanup any remaining listener replacement. */
3333 SMARTLIST_FOREACH(replacements, listener_replacement_t *, r, tor_free(r));
3334 smartlist_free(replacements);
3335
3336 if (old_or_port != routerconf_find_or_port(options, AF_INET) ||
3337 old_or_port_ipv6 != routerconf_find_or_port(options, AF_INET6) ||
3338 old_dir_port != routerconf_find_dir_port(options, 0)) {
3339 /* Our chosen ORPort or DirPort is not what it used to be: the
3340 * descriptor we had (if any) should be regenerated. (We won't
3341 * automatically notice this because of changes in the option,
3342 * since the value could be "auto".) */
3343 mark_my_descriptor_dirty("Chosen Or/DirPort changed");
3344 }
3345
3346 return retval;
3347}
3348
3349/** Mark every listener of type other than CONTROL_LISTENER to be closed. */
3350void
3352{
3354 if (conn->marked_for_close)
3355 continue;
3356 if (conn->type == CONN_TYPE_CONTROL_LISTENER)
3357 continue;
3358 if (connection_is_listener(conn))
3359 connection_mark_for_close(conn);
3360 } SMARTLIST_FOREACH_END(conn);
3361}
3362
3363/** Mark every external connection not used for controllers for close. */
3364void
3366{
3368 if (conn->marked_for_close)
3369 continue;
3370 switch (conn->type) {
3372 case CONN_TYPE_CONTROL:
3373 break;
3374 case CONN_TYPE_AP:
3375 connection_mark_unattached_ap(TO_ENTRY_CONN(conn),
3376 END_STREAM_REASON_HIBERNATING);
3377 break;
3378 case CONN_TYPE_OR:
3379 {
3380 or_connection_t *orconn = TO_OR_CONN(conn);
3381 if (orconn->chan) {
3383 } else {
3384 /*
3385 * There should have been one, but mark for close and hope
3386 * for the best..
3387 */
3388 connection_mark_for_close(conn);
3389 }
3390 }
3391 break;
3392 default:
3393 connection_mark_for_close(conn);
3394 break;
3395 }
3396 } SMARTLIST_FOREACH_END(conn);
3397}
3398
3399/** Return 1 if we should apply rate limiting to <b>conn</b>, and 0
3400 * otherwise.
3401 * Right now this just checks if it's an internal IP address or an
3402 * internal connection. We also should, but don't, check if the connection
3403 * uses pluggable transports, since we should then limit it even if it
3404 * comes from an internal IP address. */
3405static int
3407{
3408 const or_options_t *options = get_options();
3409 if (conn->linked)
3410 return 0; /* Internal connection */
3411 else if (! options->CountPrivateBandwidth &&
3413 (tor_addr_family(&conn->addr) == AF_UNSPEC || /* no address */
3414 tor_addr_family(&conn->addr) == AF_UNIX || /* no address */
3415 tor_addr_is_internal(&conn->addr, 0)))
3416 return 0; /* Internal address */
3417 else
3418 return 1;
3419}
3420
3421/** When was either global write bucket last empty? If this was recent, then
3422 * we're probably low on bandwidth, and we should be stingy with our bandwidth
3423 * usage. */
3424static time_t write_buckets_last_empty_at = -100;
3425
3426/** How many seconds of no active local circuits will make the
3427 * connection revert to the "relayed" bandwidth class? */
3428#define CLIENT_IDLE_TIME_FOR_PRIORITY 30
3429
3430/** Return 1 if <b>conn</b> should use tokens from the "relayed"
3431 * bandwidth rates, else 0. Currently, only OR conns with bandwidth
3432 * class 1, and directory conns that are serving data out, count.
3433 */
3434static int
3436{
3437 if (conn->type == CONN_TYPE_OR &&
3440 return 1;
3441 if (conn->type == CONN_TYPE_DIR && DIR_CONN_IS_SERVER(conn))
3442 return 1;
3443 return 0;
3444}
3445
3446/** Helper function to decide how many bytes out of <b>global_bucket</b>
3447 * we're willing to use for this transaction. <b>base</b> is the size
3448 * of a cell on the network; <b>priority</b> says whether we should
3449 * write many of them or just a few; and <b>conn_bucket</b> (if
3450 * non-negative) provides an upper limit for our answer. */
3451static ssize_t
3452connection_bucket_get_share(int base, int priority,
3453 ssize_t global_bucket_val, ssize_t conn_bucket)
3454{
3455 ssize_t at_most;
3456 ssize_t num_bytes_high = (priority ? 32 : 16) * base;
3457 ssize_t num_bytes_low = (priority ? 4 : 2) * base;
3458
3459 /* Do a rudimentary limiting so one circuit can't hog a connection.
3460 * Pick at most 32 cells, at least 4 cells if possible, and if we're in
3461 * the middle pick 1/8 of the available bandwidth. */
3462 at_most = global_bucket_val / 8;
3463 at_most -= (at_most % base); /* round down */
3464 if (at_most > num_bytes_high) /* 16 KB, or 8 KB for low-priority */
3465 at_most = num_bytes_high;
3466 else if (at_most < num_bytes_low) /* 2 KB, or 1 KB for low-priority */
3467 at_most = num_bytes_low;
3468
3469 if (at_most > global_bucket_val)
3470 at_most = global_bucket_val;
3471
3472 if (conn_bucket >= 0 && at_most > conn_bucket)
3473 at_most = conn_bucket;
3474
3475 if (at_most < 0)
3476 return 0;
3477 return at_most;
3478}
3479
3480/** How many bytes at most can we read onto this connection? */
3481static ssize_t
3483{
3484 int base = RELAY_PAYLOAD_SIZE_MAX;
3485 int priority = conn->type != CONN_TYPE_DIR;
3486 ssize_t conn_bucket = -1;
3487 size_t global_bucket_val = token_bucket_rw_get_read(&global_bucket);
3488 if (global_bucket_val == 0) {
3489 /* We reached our global read limit: count this as an overload.
3490 *
3491 * The token bucket is always initialized (see connection_bucket_init() and
3492 * options_validate_relay_bandwidth()) and hence we can assume that if the
3493 * token ever hits zero, it's a limit that got popped and not the bucket
3494 * being uninitialized.
3495 */
3496 rep_hist_note_overload(OVERLOAD_READ);
3497 }
3498
3499 if (connection_speaks_cells(conn)) {
3500 or_connection_t *or_conn = TO_OR_CONN(conn);
3501 if (conn->state == OR_CONN_STATE_OPEN)
3502 conn_bucket = token_bucket_rw_get_read(&or_conn->bucket);
3503 base = get_cell_network_size(or_conn->wide_circ_ids);
3504 }
3505
3506 /* Edge connection have their own read bucket due to flow control being able
3507 * to set a rate limit for them. However, for exit connections, we still need
3508 * to honor the global bucket as well. */
3509 if (CONN_IS_EDGE(conn)) {
3510 const edge_connection_t *edge_conn = CONST_TO_EDGE_CONN(conn);
3511 conn_bucket = token_bucket_rw_get_read(&edge_conn->bucket);
3512 if (conn->type == CONN_TYPE_EXIT) {
3513 /* Decide between our limit and the global one. */
3514 goto end;
3515 }
3516 return conn_bucket;
3517 }
3518
3519 if (!connection_is_rate_limited(conn)) {
3520 /* be willing to read on local conns even if our buckets are empty */
3521 return conn_bucket>=0 ? conn_bucket : 1<<14;
3522 }
3523
3524 if (connection_counts_as_relayed_traffic(conn, now)) {
3525 size_t relayed = token_bucket_rw_get_read(&global_relayed_bucket);
3526 global_bucket_val = MIN(global_bucket_val, relayed);
3527 }
3528
3529 end:
3530 return connection_bucket_get_share(base, priority,
3531 global_bucket_val, conn_bucket);
3532}
3533
3534/** How many bytes at most can we write onto this connection? */
3535ssize_t
3537{
3538 int base = RELAY_PAYLOAD_SIZE_MAX;
3539 int priority = conn->type != CONN_TYPE_DIR;
3540 size_t conn_bucket = buf_datalen(conn->outbuf);
3541 size_t global_bucket_val = token_bucket_rw_get_write(&global_bucket);
3542 if (global_bucket_val == 0) {
3543 /* We reached our global write limit: We should count this as an overload.
3544 * See above function for more information */
3545 rep_hist_note_overload(OVERLOAD_WRITE);
3546 }
3547
3548 if (!connection_is_rate_limited(conn)) {
3549 /* be willing to write to local conns even if our buckets are empty */
3550 return conn_bucket;
3551 }
3552
3553 if (connection_speaks_cells(conn)) {
3554 /* use the per-conn write limit if it's lower */
3555 or_connection_t *or_conn = TO_OR_CONN(conn);
3556 if (conn->state == OR_CONN_STATE_OPEN)
3557 conn_bucket = MIN(conn_bucket,
3558 token_bucket_rw_get_write(&or_conn->bucket));
3559 base = get_cell_network_size(or_conn->wide_circ_ids);
3560 }
3561
3562 if (connection_counts_as_relayed_traffic(conn, now)) {
3563 size_t relayed = token_bucket_rw_get_write(&global_relayed_bucket);
3564 global_bucket_val = MIN(global_bucket_val, relayed);
3565 }
3566
3567 return connection_bucket_get_share(base, priority,
3568 global_bucket_val, conn_bucket);
3569}
3570
3571/** Return true iff the global write buckets are low enough that we
3572 * shouldn't send <b>attempt</b> bytes of low-priority directory stuff
3573 * out to <b>conn</b>.
3574 *
3575 * If we are a directory authority, always answer dir requests thus true is
3576 * always returned.
3577 *
3578 * Note: There are a lot of parameters we could use here:
3579 * - global_relayed_write_bucket. Low is bad.
3580 * - global_write_bucket. Low is bad.
3581 * - bandwidthrate. Low is bad.
3582 * - bandwidthburst. Not a big factor?
3583 * - attempt. High is bad.
3584 * - total bytes queued on outbufs. High is bad. But I'm wary of
3585 * using this, since a few slow-flushing queues will pump up the
3586 * number without meaning what we meant to mean. What we really
3587 * mean is "total directory bytes added to outbufs recently", but
3588 * that's harder to quantify and harder to keep track of.
3589 */
3590bool
3592{
3593 size_t smaller_bucket =
3594 MIN(token_bucket_rw_get_write(&global_bucket),
3595 token_bucket_rw_get_write(&global_relayed_bucket));
3596
3597 /* Special case for authorities (directory only). */
3598 if (authdir_mode_v3(get_options())) {
3599 /* Are we configured to possibly reject requests under load? */
3601 /* Answer request no matter what. */
3602 return false;
3603 }
3604 /* Always answer requests from a known relay which includes the other
3605 * authorities. The following looks up the addresses for relays that we
3606 * have their descriptor _and_ any configured trusted directories. */
3608 return false;
3609 }
3610 }
3611
3612 if (!connection_is_rate_limited(conn))
3613 return false; /* local conns don't get limited */
3614
3615 if (smaller_bucket < attempt)
3616 return true; /* not enough space. */
3617
3618 {
3619 const time_t diff = approx_time() - write_buckets_last_empty_at;
3620 if (diff <= 1)
3621 return true; /* we're already hitting our limits, no more please */
3622 }
3623 return false;
3624}
3625
3626/** When did we last tell the accounting subsystem about transmitted
3627 * bandwidth? */
3629
3630/** Helper: adjusts our bandwidth history and informs the controller as
3631 * appropriate, given that we have just read <b>num_read</b> bytes and written
3632 * <b>num_written</b> bytes on <b>conn</b>. */
3633static void
3635 time_t now, size_t num_read, size_t num_written)
3636{
3637 /* Count bytes of answering direct and tunneled directory requests */
3638 if (conn->type == CONN_TYPE_DIR && conn->purpose == DIR_PURPOSE_SERVER) {
3639 if (num_read > 0)
3640 bwhist_note_dir_bytes_read(num_read, now);
3641 if (num_written > 0)
3642 bwhist_note_dir_bytes_written(num_written, now);
3643 }
3644
3645 /* Linked connections and internal IPs aren't counted for statistics or
3646 * accounting:
3647 * - counting linked connections would double-count BEGINDIR bytes, because
3648 * they are sent as Dir bytes on the linked connection, and OR bytes on
3649 * the OR connection;
3650 * - relays and clients don't connect to internal IPs, unless specifically
3651 * configured to do so. If they are configured that way, we don't count
3652 * internal bytes.
3653 */
3654 if (!connection_is_rate_limited(conn))
3655 return;
3656
3657 const bool is_ipv6 = (conn->socket_family == AF_INET6);
3658 if (conn->type == CONN_TYPE_OR)
3660 num_written, now, is_ipv6);
3661
3662 if (num_read > 0) {
3663 bwhist_note_bytes_read(num_read, now, is_ipv6);
3664 }
3665 if (num_written > 0) {
3666 bwhist_note_bytes_written(num_written, now, is_ipv6);
3667 }
3668 if (conn->type == CONN_TYPE_EXIT)
3669 rep_hist_note_exit_bytes(conn->port, num_written, num_read);
3670
3671 /* Remember these bytes towards statistics. */
3672 stats_increment_bytes_read_and_written(num_read, num_written);
3673
3674 /* Remember these bytes towards accounting. */
3677 accounting_add_bytes(num_read, num_written,
3678 (int)(now - last_recorded_accounting_at));
3679 } else {
3680 accounting_add_bytes(num_read, num_written, 0);
3681 }
3683 }
3684}
3685
3686/** We just read <b>num_read</b> and wrote <b>num_written</b> bytes
3687 * onto <b>conn</b>. Decrement buckets appropriately. */
3688static void
3690 size_t num_read, size_t num_written)
3691{
3692 if (num_written >= INT_MAX || num_read >= INT_MAX) {
3693 log_err(LD_BUG, "Value out of range. num_read=%lu, num_written=%lu, "
3694 "connection type=%s, state=%s",
3695 (unsigned long)num_read, (unsigned long)num_written,
3697 conn_state_to_string(conn->type, conn->state));
3699 if (num_written >= INT_MAX)
3700 num_written = 1;
3701 if (num_read >= INT_MAX)
3702 num_read = 1;
3703 }
3704
3705 record_num_bytes_transferred_impl(conn, now, num_read, num_written);
3706
3707 /* Edge connection need to decrement the read side of the bucket used by our
3708 * congestion control. */
3709 if (CONN_IS_EDGE(conn) && num_read > 0) {
3710 edge_connection_t *edge_conn = TO_EDGE_CONN(conn);
3711 token_bucket_rw_dec(&edge_conn->bucket, num_read, 0);
3712 }
3713
3714 if (!connection_is_rate_limited(conn))
3715 return; /* local IPs are free */
3716
3717 unsigned flags = 0;
3718 if (connection_counts_as_relayed_traffic(conn, now)) {
3719 flags = token_bucket_rw_dec(&global_relayed_bucket, num_read, num_written);
3720 }
3721 flags |= token_bucket_rw_dec(&global_bucket, num_read, num_written);
3722
3723 if (flags & TB_WRITE) {
3725 }
3726 if (connection_speaks_cells(conn) && conn->state == OR_CONN_STATE_OPEN) {
3727 or_connection_t *or_conn = TO_OR_CONN(conn);
3728 token_bucket_rw_dec(&or_conn->bucket, num_read, num_written);
3729 }
3730}
3731
3732/**
3733 * Mark <b>conn</b> as needing to stop reading because bandwidth has been
3734 * exhausted. If <b>is_global_bw</b>, it is closing because global bandwidth
3735 * limit has been exhausted. Otherwise, it is closing because its own
3736 * bandwidth limit has been exhausted.
3737 */
3738void
3740{
3741 (void)is_global_bw;
3742 // Double-calls to stop-reading are correlated with stalling for
3743 // ssh uploads. Might as well prevent this from happening,
3744 // especially the read_blocked_on_bw flag. That was clearly getting
3745 // set when it should not be, during an already-blocked XOFF
3746 // condition.
3747 if (!CONN_IS_EDGE(conn) || !TO_EDGE_CONN(conn)->xoff_received) {
3748 conn->read_blocked_on_bw = 1;
3751 }
3752}
3753
3754/**
3755 * Mark <b>conn</b> as needing to stop reading because write bandwidth has
3756 * been exhausted. If <b>is_global_bw</b>, it is closing because global
3757 * bandwidth limit has been exhausted. Otherwise, it is closing because its
3758 * own bandwidth limit has been exhausted.
3759*/
3760void
3762{
3763 (void)is_global_bw;
3764 conn->write_blocked_on_bw = 1;
3767}
3768
3769/** If we have exhausted our global buckets, or the buckets for conn,
3770 * stop reading. */
3771void
3773{
3774 int is_global = 1;
3775 const char *reason;
3776
3777 if (CONN_IS_EDGE(conn) &&
3778 token_bucket_rw_get_read(&TO_EDGE_CONN(conn)->bucket) <= 0) {
3779 reason = "edge connection read bucket exhausted. Pausing.";
3780 is_global = false;
3781 } else if (!connection_is_rate_limited(conn)) {
3782 return; /* Always okay. */
3783 } else if (token_bucket_rw_get_read(&global_bucket) <= 0) {
3784 reason = "global read bucket exhausted. Pausing.";
3786 token_bucket_rw_get_read(&global_relayed_bucket) <= 0) {
3787 reason = "global relayed read bucket exhausted. Pausing.";
3788 } else if (connection_speaks_cells(conn) &&
3789 conn->state == OR_CONN_STATE_OPEN &&
3790 token_bucket_rw_get_read(&TO_OR_CONN(conn)->bucket) <= 0) {
3791 reason = "connection read bucket exhausted. Pausing.";
3792 is_global = false;
3793 } else {
3794 return; /* all good, no need to stop it */
3795 }
3796
3797 LOG_FN_CONN(conn, (LOG_DEBUG, LD_NET, "%s", reason));
3798 connection_read_bw_exhausted(conn, is_global);
3799}
3800
3801/** If we have exhausted our global buckets, or the buckets for conn,
3802 * stop writing. */
3803void
3805{
3806 const char *reason;
3807
3808 if (!connection_is_rate_limited(conn))
3809 return; /* Always okay. */
3810
3811 bool is_global = true;
3812 if (token_bucket_rw_get_write(&global_bucket) <= 0) {
3813 reason = "global write bucket exhausted. Pausing.";
3815 token_bucket_rw_get_write(&global_relayed_bucket) <= 0) {
3816 reason = "global relayed write bucket exhausted. Pausing.";
3817 } else if (connection_speaks_cells(conn) &&
3818 conn->state == OR_CONN_STATE_OPEN &&
3819 token_bucket_rw_get_write(&TO_OR_CONN(conn)->bucket) <= 0) {
3820 reason = "connection write bucket exhausted. Pausing.";
3821 is_global = false;
3822 } else
3823 return; /* all good, no need to stop it */
3824
3825 LOG_FN_CONN(conn, (LOG_DEBUG, LD_NET, "%s", reason));
3826 connection_write_bw_exhausted(conn, is_global);
3827}
3828
3829/** Initialize the global buckets to the values configured in the
3830 * options */
3831void
3833{
3834 const or_options_t *options = get_options();
3835 const uint32_t now_ts = monotime_coarse_get_stamp();
3836 token_bucket_rw_init(&global_bucket,
3837 (int32_t)options->BandwidthRate,
3838 (int32_t)options->BandwidthBurst,
3839 now_ts);
3840 if (options->RelayBandwidthRate) {
3841 token_bucket_rw_init(&global_relayed_bucket,
3842 (int32_t)options->RelayBandwidthRate,
3843 (int32_t)options->RelayBandwidthBurst,
3844 now_ts);
3845 } else {
3846 token_bucket_rw_init(&global_relayed_bucket,
3847 (int32_t)options->BandwidthRate,
3848 (int32_t)options->BandwidthBurst,
3849 now_ts);
3850 }
3851
3853}
3854
3855/** Update the global connection bucket settings to a new value. */
3856void
3858{
3859 token_bucket_rw_adjust(&global_bucket,
3860 (int32_t)options->BandwidthRate,
3861 (int32_t)options->BandwidthBurst);
3862 if (options->RelayBandwidthRate) {
3863 token_bucket_rw_adjust(&global_relayed_bucket,
3864 (int32_t)options->RelayBandwidthRate,
3865 (int32_t)options->RelayBandwidthBurst);
3866 } else {
3867 token_bucket_rw_adjust(&global_relayed_bucket,
3868 (int32_t)options->BandwidthRate,
3869 (int32_t)options->BandwidthBurst);
3870 }
3871}
3872
3873/**
3874 * Cached value of the last coarse-timestamp when we refilled the
3875 * global buckets.
3876 */
3878/**
3879 * Refill the token buckets for a single connection <b>conn</b>, and the
3880 * global token buckets as appropriate. Requires that <b>now_ts</b> is
3881 * the time in coarse timestamp units.
3882 */
3883static void
3885{
3886 /* Note that we only check for equality here: the underlying
3887 * token bucket functions can handle moving backwards in time if they
3888 * need to. */
3889 if (now_ts != last_refilled_global_buckets_ts) {
3890 token_bucket_rw_refill(&global_bucket, now_ts);
3891 token_bucket_rw_refill(&global_relayed_bucket, now_ts);
3893 }
3894
3895 if (connection_speaks_cells(conn) && conn->state == OR_CONN_STATE_OPEN) {
3896 or_connection_t *or_conn = TO_OR_CONN(conn);
3897 token_bucket_rw_refill(&or_conn->bucket, now_ts);
3898 }
3899
3900 if (CONN_IS_EDGE(conn)) {
3901 token_bucket_rw_refill(&TO_EDGE_CONN(conn)->bucket, now_ts);
3902 }
3903}
3904
3905/**
3906 * Event to re-enable all connections that were previously blocked on read or
3907 * write.
3908 */
3910
3911/** True iff reenable_blocked_connections_ev is currently scheduled. */
3913
3914/** Delay after which to run reenable_blocked_connections_ev. */
3916
3917/**
3918 * Re-enable all connections that were previously blocked on read or write.
3919 * This event is scheduled after enough time has elapsed to be sure
3920 * that the buckets will refill when the connections have something to do.
3921 */
3922static void
3924{
3925 (void)ev;
3926 (void)arg;
3928 /* For conflux, we noticed logs of connection_start_reading() called
3929 * multiple times while we were blocked from a previous XOFF, and this
3930 * was log was correlated with stalls during ssh uploads. So we added
3931 * this additional check, to avoid connection_start_reading() without
3932 * getting an XON. The most important piece is always allowing
3933 * the read_blocked_on_bw to get cleared, either way. */
3934 if (conn->read_blocked_on_bw == 1 &&
3935 (!CONN_IS_EDGE(conn) || !TO_EDGE_CONN(conn)->xoff_received)) {
3937 }
3938 conn->read_blocked_on_bw = 0;
3939 if (conn->write_blocked_on_bw == 1) {
3941 conn->write_blocked_on_bw = 0;
3942 }
3943 } SMARTLIST_FOREACH_END(conn);
3944
3946}
3947
3948/**
3949 * Initialize the mainloop event that we use to wake up connections that
3950 * find themselves blocked on bandwidth.
3951 */
3952static void
3954{
3959 }
3960 time_t sec = options->TokenBucketRefillInterval / 1000;
3961 int msec = (options->TokenBucketRefillInterval % 1000);
3963 reenable_blocked_connections_delay.tv_usec = msec * 1000;
3964}
3965
3966/**
3967 * Called when we have blocked a connection for being low on bandwidth:
3968 * schedule an event to reenable such connections, if it is not already
3969 * scheduled.
3970 */
3971static void
3973{
3975 return;
3976 if (BUG(reenable_blocked_connections_ev == NULL)) {
3978 }
3982}
3983
3984/** Read bytes from conn->s and process them.
3985 *
3986 * It calls connection_buf_read_from_socket() to bring in any new bytes,
3987 * and then calls connection_process_inbuf() to process them.
3988 *
3989 * Mark the connection and return -1 if you want to close it, else
3990 * return 0.
3991 */
3992static int
3994{
3995 ssize_t max_to_read=-1, try_to_read;
3996 size_t before, n_read = 0;
3997 int socket_error = 0;
3998
3999 if (conn->marked_for_close)
4000 return 0; /* do nothing */
4001
4003
4005
4006 switch (conn->type) {
4023 /* This should never happen; eventdns.c handles the reads here. */
4025 return 0;
4026 }
4027
4028 loop_again:
4029 try_to_read = max_to_read;
4031
4032 before = buf_datalen(conn->inbuf);
4033 if (connection_buf_read_from_socket(conn, &max_to_read, &socket_error) < 0) {
4034 /* There's a read error; kill the connection.*/
4035 if (conn->type == CONN_TYPE_OR) {
4037 socket_error != 0 ?
4038 errno_to_orconn_end_reason(socket_error) :
4039 END_OR_CONN_REASON_CONNRESET,
4040 socket_error != 0 ?
4041 tor_socket_strerror(socket_error) :
4042 "(unknown, errno was 0)");
4043 }
4044 if (CONN_IS_EDGE(conn)) {
4045 edge_connection_t *edge_conn = TO_EDGE_CONN(conn);
4046 connection_edge_end_errno(edge_conn);
4047 if (conn->type == CONN_TYPE_AP && TO_ENTRY_CONN(conn)->socks_request) {
4048 /* broken, don't send a socks reply back */
4050 }
4051 }
4052 connection_close_immediate(conn); /* Don't flush; connection is dead. */
4053 /*
4054 * This can bypass normal channel checking since we did
4055 * connection_or_notify_error() above.
4056 */
4057 connection_mark_for_close_internal(conn);
4058 return -1;
4059 }
4060 n_read += buf_datalen(conn->inbuf) - before;
4061 if (CONN_IS_EDGE(conn) && try_to_read != max_to_read) {
4062 /* instruct it not to try to package partial cells. */
4063 if (connection_process_inbuf(conn, 0) < 0) {
4064 return -1;
4065 }
4066 if (!conn->marked_for_close &&
4067 connection_is_reading(conn) &&
4068 !conn->inbuf_reached_eof &&
4069 max_to_read > 0)
4070 goto loop_again; /* try reading again, in case more is here now */
4071 }
4072 /* one last try, packaging partial cells and all. */
4073 if (!conn->marked_for_close &&
4074 connection_process_inbuf(conn, 1) < 0) {
4075 return -1;
4076 }
4077 if (conn->linked_conn) {
4078 /* The other side's handle_write() will never actually get called, so
4079 * we need to invoke the appropriate callbacks ourself. */
4080 connection_t *linked = conn->linked_conn;
4081
4082 if (n_read) {
4083 /* Probably a no-op, since linked conns typically don't count for
4084 * bandwidth rate limiting. But do it anyway so we can keep stats
4085 * accurately. Note that since we read the bytes from conn, and
4086 * we're writing the bytes onto the linked connection, we count
4087 * these as <i>written</i> bytes. */
4088 connection_buckets_decrement(linked, approx_time(), 0, n_read);
4089
4090 if (connection_flushed_some(linked) < 0)
4091 connection_mark_for_close(linked);
4092 if (!connection_wants_to_flush(linked))
4094 }
4095
4096 if (!buf_datalen(linked->outbuf) && conn->active_on_link)
4098 }
4099 /* If we hit the EOF, call connection_reached_eof(). */
4100 if (!conn->marked_for_close &&
4101 conn->inbuf_reached_eof &&
4102 connection_reached_eof(conn) < 0) {
4103 return -1;
4104 }
4105 return 0;
4106}
4107
4108/* DOCDOC connection_handle_read */
4109int
4110connection_handle_read(connection_t *conn)
4111{
4112 int res;
4113 update_current_time(time(NULL));
4114 res = connection_handle_read_impl(conn);
4115 return res;
4116}
4117
4118/** Pull in new bytes from conn->s or conn->linked_conn onto conn->inbuf,
4119 * either directly or via TLS. Reduce the token buckets by the number of bytes
4120 * read.
4121 *
4122 * If *max_to_read is -1, then decide it ourselves, else go with the
4123 * value passed to us. When returning, if it's changed, subtract the
4124 * number of bytes we read from *max_to_read.
4125 *
4126 * Return -1 if we want to break conn, else return 0.
4127 */
4128static int
4130 int *socket_error)
4131{
4132 int result;
4133 ssize_t at_most = *max_to_read;
4134 size_t slack_in_buf, more_to_read;
4135 size_t n_read = 0, n_written = 0;
4136
4137 if (at_most == -1) { /* we need to initialize it */
4138 /* how many bytes are we allowed to read? */
4139 at_most = connection_bucket_read_limit(conn, approx_time());
4140 }
4141
4142 /* Do not allow inbuf to grow past BUF_MAX_LEN. */
4143 const ssize_t maximum = BUF_MAX_LEN - buf_datalen(conn->inbuf);
4144 if (at_most > maximum) {
4145 at_most = maximum;
4146 }
4147
4148 slack_in_buf = buf_slack(conn->inbuf);
4149 again:
4150 if ((size_t)at_most > slack_in_buf && slack_in_buf >= 1024) {
4151 more_to_read = at_most - slack_in_buf;
4152 at_most = slack_in_buf;
4153 } else {
4154 more_to_read = 0;
4155 }
4156
4157 if (connection_speaks_cells(conn) &&
4159 int pending;
4160 or_connection_t *or_conn = TO_OR_CONN(conn);
4161 size_t initial_size;
4162 if (conn->state == OR_CONN_STATE_TLS_HANDSHAKING) {
4163 /* continue handshaking even if global token bucket is empty */
4164 return connection_tls_continue_handshake(or_conn);
4165 }
4166
4167 log_debug(LD_NET,
4168 "%d: starting, inbuf_datalen %ld (%d pending in tls object)."
4169 " at_most %ld.",
4170 (int)conn->s,(long)buf_datalen(conn->inbuf),
4171 tor_tls_get_pending_bytes(or_conn->tls), (long)at_most);
4172
4173 initial_size = buf_datalen(conn->inbuf);
4174 /* else open, or closing */
4175 result = buf_read_from_tls(conn->inbuf, or_conn->tls, at_most);
4176 if (TOR_TLS_IS_ERROR(result) || result == TOR_TLS_CLOSE)
4177 or_conn->tls_error = result;
4178 else
4179 or_conn->tls_error = 0;
4180
4181 switch (result) {
4182 case TOR_TLS_CLOSE:
4183 case TOR_TLS_ERROR_IO:
4184 log_debug(LD_NET,"TLS %s closed %son read. Closing.",
4185 connection_describe(conn),
4186 result == TOR_TLS_CLOSE ? "cleanly " : "");
4187 return result;
4189 log_debug(LD_NET,"tls error [%s] from %s. Breaking.",
4190 tor_tls_err_to_string(result),
4191 connection_describe(conn));
4192 return result;
4193 case TOR_TLS_WANTWRITE:
4195 return 0;
4196 case TOR_TLS_WANTREAD:
4197 if (conn->in_connection_handle_write) {
4198 /* We've been invoked from connection_handle_write, because we're
4199 * waiting for a TLS renegotiation, the renegotiation started, and
4200 * SSL_read returned WANTWRITE. But now SSL_read is saying WANTREAD
4201 * again. Stop waiting for write events now, or else we'll
4202 * busy-loop until data arrives for us to read.
4203 * XXX: remove this when v2 handshakes support is dropped. */
4204 // XXXX Try to make sense of what is going on here.
4206 if (!connection_is_reading(conn))
4208 }
4209 /* we're already reading, one hopes */
4210 break;
4211 case TOR_TLS_DONE: /* no data read, so nothing to process */
4212 break; /* so we call bucket_decrement below */
4213 default:
4214 break;
4215 }
4216 pending = tor_tls_get_pending_bytes(or_conn->tls);
4217 if (pending) {
4218 /* If we have any pending bytes, we read them now. This *can*
4219 * take us over our read allotment, but really we shouldn't be
4220 * believing that SSL bytes are the same as TCP bytes anyway. */
4221 int r2 = buf_read_from_tls(conn->inbuf, or_conn->tls, pending);
4222 if (BUG(r2<0)) {
4223 log_warn(LD_BUG, "apparently, reading pending bytes can fail.");
4224 return -1;
4225 }
4226 }
4227 result = (int)(buf_datalen(conn->inbuf)-initial_size);
4228 tor_tls_get_n_raw_bytes(or_conn->tls, &n_read, &n_written);
4229 log_debug(LD_GENERAL, "After TLS read of %d: %ld read, %ld written",
4230 result, (long)n_read, (long)n_written);
4231 } else if (conn->linked) {
4232 if (conn->linked_conn) {
4233 result = (int) buf_move_all(conn->inbuf, conn->linked_conn->outbuf);
4234 } else {
4235 result = 0;
4236 }
4237 //log_notice(LD_GENERAL, "Moved %d bytes on an internal link!", result);
4238 /* If the other side has disappeared, or if it's been marked for close and
4239 * we flushed its outbuf, then we should set our inbuf_reached_eof. */
4240 if (!conn->linked_conn ||
4241 (conn->linked_conn->marked_for_close &&
4242 buf_datalen(conn->linked_conn->outbuf) == 0))
4243 conn->inbuf_reached_eof = 1;
4244
4245 n_read = (size_t) result;
4246 } else {
4247 /* !connection_speaks_cells, !conn->linked_conn. */
4248 int reached_eof = 0;
4249 CONN_LOG_PROTECT(conn,
4250 result = buf_read_from_socket(conn->inbuf, conn->s,
4251 at_most,
4252 &reached_eof,
4253 socket_error));
4254 if (reached_eof)
4255 conn->inbuf_reached_eof = 1;
4256
4257// log_fn(LOG_DEBUG,"read_to_buf returned %d.",read_result);
4258
4259 if (result < 0)
4260 return -1;
4261 n_read = (size_t) result;
4262 }
4263
4264 if (n_read > 0) {
4265 /* change *max_to_read */
4266 *max_to_read = at_most - n_read;
4267
4268 /* Onion service application connection. Note read bytes for metrics. */
4269 if (CONN_IS_EDGE(conn) && TO_EDGE_CONN(conn)->hs_ident) {
4270 edge_connection_t *edge_conn = TO_EDGE_CONN(conn);
4271 hs_metrics_app_read_bytes(&edge_conn->hs_ident->identity_pk,
4272 edge_conn->hs_ident->orig_virtual_port,
4273 n_read);
4274 }
4275
4276 /* Update edge_conn->n_read */
4277 if (conn->type == CONN_TYPE_AP) {
4278 edge_connection_t *edge_conn = TO_EDGE_CONN(conn);
4279
4280 /* Check for overflow: */
4281 if (PREDICT_LIKELY(UINT32_MAX - edge_conn->n_read > n_read))
4282 edge_conn->n_read += (int)n_read;
4283 else
4284 edge_conn->n_read = UINT32_MAX;
4285 }
4286
4287 /* If CONN_BW events are enabled, update conn->n_read_conn_bw for
4288 * OR/DIR/EXIT connections, checking for overflow. */
4290 (conn->type == CONN_TYPE_OR ||
4291 conn->type == CONN_TYPE_DIR ||
4292 conn->type == CONN_TYPE_EXIT)) {
4293 if (PREDICT_LIKELY(UINT32_MAX - conn->n_read_conn_bw > n_read))
4294 conn->n_read_conn_bw += (int)n_read;
4295 else
4296 conn->n_read_conn_bw = UINT32_MAX;
4297 }
4298 }
4299
4300 connection_buckets_decrement(conn, approx_time(), n_read, n_written);
4301
4302 if (more_to_read && result == at_most) {
4303 slack_in_buf = buf_slack(conn->inbuf);
4304 at_most = more_to_read;
4305 goto again;
4306 }
4307
4308 /* Call even if result is 0, since the global read bucket may
4309 * have reached 0 on a different conn, and this connection needs to
4310 * know to stop reading. */
4312 if (n_written > 0 && connection_is_writing(conn))
4314
4315 return 0;
4316}
4317
4318/** A pass-through to fetch_from_buf. */
4319int
4320connection_buf_get_bytes(char *string, size_t len, connection_t *conn)
4321{
4322 return buf_get_bytes(conn->inbuf, string, len);
4323}
4324
4325/** As buf_get_line(), but read from a connection's input buffer. */
4326int
4328 size_t *data_len)
4329{
4330 return buf_get_line(conn->inbuf, data, data_len);
4331}
4332
4333/** As fetch_from_buf_http, but fetches from a connection's input buffer_t as
4334 * appropriate. */
4335int
4337 char **headers_out, size_t max_headerlen,
4338 char **body_out, size_t *body_used,
4339 size_t max_bodylen, int force_complete)
4340{
4341 return fetch_from_buf_http(conn->inbuf, headers_out, max_headerlen,
4342 body_out, body_used, max_bodylen, force_complete);
4343}
4344
4345/** Return true if this connection has data to flush. */
4346int
4348{
4349 return connection_get_outbuf_len(conn) > 0;
4350}
4351
4352/** Are there too many bytes on edge connection <b>conn</b>'s outbuf to
4353 * send back a relay-level sendme yet? Return 1 if so, 0 if not. Used by
4354 * connection_edge_consider_sending_sendme().
4355 */
4356int
4358{
4359 return connection_get_outbuf_len(conn) > 10*CELL_PAYLOAD_SIZE;
4360}
4361
4362/**
4363 * On Windows Vista and Windows 7, tune the send buffer size according to a
4364 * hint from the OS.
4365 *
4366 * This should help fix slow upload rates.
4367 */
4368static void
4370{
4371#ifdef _WIN32
4372 /* We only do this on Vista and 7, because earlier versions of Windows
4373 * don't have the SIO_IDEAL_SEND_BACKLOG_QUERY functionality, and on
4374 * later versions it isn't necessary. */
4375 static int isVistaOr7 = -1;
4376 if (isVistaOr7 == -1) {
4377 isVistaOr7 = 0;
4378 OSVERSIONINFO osvi = { 0 };
4379 osvi.dwOSVersionInfoSize = sizeof(OSVERSIONINFO);
4380 GetVersionEx(&osvi);
4381 if (osvi.dwMajorVersion == 6 && osvi.dwMinorVersion < 2)
4382 isVistaOr7 = 1;
4383 }
4384 if (!isVistaOr7)
4385 return;
4386 if (get_options()->ConstrainedSockets)
4387 return;
4388 ULONG isb = 0;
4389 DWORD bytesReturned = 0;
4390 if (!WSAIoctl(sock, SIO_IDEAL_SEND_BACKLOG_QUERY, NULL, 0,
4391 &isb, sizeof(isb), &bytesReturned, NULL, NULL)) {
4392 setsockopt(sock, SOL_SOCKET, SO_SNDBUF, (const char*)&isb, sizeof(isb));
4393 }
4394#else /* !defined(_WIN32) */
4395 (void) sock;
4396#endif /* defined(_WIN32) */
4397}
4398
4399/** Try to flush more bytes onto <b>conn</b>->s.
4400 *
4401 * This function is called in connection_handle_write(), which gets
4402 * called from conn_write_callback() in main.c when libevent tells us
4403 * that <b>conn</b> wants to write.
4404 *
4405 * Update <b>conn</b>->timestamp_last_write_allowed to now, and call flush_buf
4406 * or flush_buf_tls appropriately. If it succeeds and there are no more
4407 * more bytes on <b>conn</b>->outbuf, then call connection_finished_flushing
4408 * on it too.
4409 *
4410 * If <b>force</b>, then write as many bytes as possible, ignoring bandwidth
4411 * limits. (Used for flushing messages to controller connections on fatal
4412 * errors.)
4413 *
4414 * Mark the connection and return -1 if you want to close it, else
4415 * return 0.
4416 */
4417static int
4419{
4420 int e;
4421 socklen_t len=(socklen_t)sizeof(e);
4422 int result;
4423 ssize_t max_to_write;
4424 time_t now = approx_time();
4425 size_t n_read = 0, n_written = 0;
4426 int dont_stop_writing = 0;
4427
4429
4430 if (conn->marked_for_close || !SOCKET_OK(conn->s))
4431 return 0; /* do nothing */
4432
4433 if (conn->in_flushed_some) {
4434 log_warn(LD_BUG, "called recursively from inside conn->in_flushed_some");
4435 return 0;
4436 }
4437
4438 conn->timestamp_last_write_allowed = now;
4439
4441
4442 /* Sometimes, "writable" means "connected". */
4444 if (getsockopt(conn->s, SOL_SOCKET, SO_ERROR, (void*)&e, &len) < 0) {
4445 log_warn(LD_BUG, "getsockopt() syscall failed");
4446 if (conn->type == CONN_TYPE_OR) {
4447 or_connection_t *orconn = TO_OR_CONN(conn);
4449 } else {
4450 if (CONN_IS_EDGE(conn)) {
4452 }
4453 connection_mark_for_close(conn);
4454 }
4455 return -1;
4456 }
4457 if (e) {
4458 /* some sort of error, but maybe just inprogress still */
4459 if (!ERRNO_IS_CONN_EINPROGRESS(e)) {
4460 log_info(LD_NET,"in-progress connect failed. Removing. (%s)",
4461 tor_socket_strerror(e));
4462 if (CONN_IS_EDGE(conn))
4464 if (conn->type == CONN_TYPE_OR)
4467 tor_socket_strerror(e));
4468
4470 /*
4471 * This can bypass normal channel checking since we did
4472 * connection_or_notify_error() above.
4473 */
4474 connection_mark_for_close_internal(conn);
4475 return -1;
4476 } else {
4477 return 0; /* no change, see if next time is better */
4478 }
4479 }
4480 /* The connection is successful. */
4482 return -1;
4483 }
4484
4485 max_to_write = force ? (ssize_t)buf_datalen(conn->outbuf)
4486 : connection_bucket_write_limit(conn, now);
4487
4488 if (connection_speaks_cells(conn) &&
4490 or_connection_t *or_conn = TO_OR_CONN(conn);
4491 size_t initial_size;
4492 if (conn->state == OR_CONN_STATE_TLS_HANDSHAKING) {
4494 if (connection_tls_continue_handshake(or_conn) < 0) {
4495 /* Don't flush; connection is dead. */
4497 END_OR_CONN_REASON_MISC,
4498 "TLS error in connection_tls_"
4499 "continue_handshake()");
4501 /*
4502 * This can bypass normal channel checking since we did
4503 * connection_or_notify_error() above.
4504 */
4505 connection_mark_for_close_internal(conn);
4506 return -1;
4507 }
4508 return 0;
4509 } else if (conn->state == OR_CONN_STATE_SERVER_VERSIONS_WAIT) {
4510 return connection_handle_read(conn);
4511 }
4512
4513 /* else open, or closing */
4514 initial_size = buf_datalen(conn->outbuf);
4515 result = buf_flush_to_tls(conn->outbuf, or_conn->tls,
4516 max_to_write);
4517
4518 if (result >= 0)
4520
4521 /* If we just flushed the last bytes, tell the channel on the
4522 * or_conn to check if it needs to geoip_change_dirreq_state() */
4523 /* XXXX move this to flushed_some or finished_flushing -NM */
4524 if (buf_datalen(conn->outbuf) == 0 && or_conn->chan)
4525 channel_notify_flushed(TLS_CHAN_TO_BASE(or_conn->chan));
4526
4527 switch (result) {
4529 case TOR_TLS_CLOSE:
4530 or_conn->tls_error = result;
4531 log_info(LD_NET, result != TOR_TLS_CLOSE ?
4532 "tls error. breaking.":"TLS connection closed on flush");
4533 /* Don't flush; connection is dead. */
4535 END_OR_CONN_REASON_MISC,
4536 result != TOR_TLS_CLOSE ?
4537 "TLS error in during flush" :
4538 "TLS closed during flush");
4540 /*
4541 * This can bypass normal channel checking since we did
4542 * connection_or_notify_error() above.
4543 */
4544 connection_mark_for_close_internal(conn);
4545 return -1;
4546 case TOR_TLS_WANTWRITE:
4547 log_debug(LD_NET,"wanted write.");
4548 /* we're already writing */
4549 dont_stop_writing = 1;
4550 break;
4551 case TOR_TLS_WANTREAD:
4552 /* Make sure to avoid a loop if the receive buckets are empty. */
4553 log_debug(LD_NET,"wanted read.");
4554 if (!connection_is_reading(conn)) {
4556 /* we'll start reading again when we get more tokens in our
4557 * read bucket; then we'll start writing again too.
4558 */
4559 }
4560 /* else no problem, we're already reading */
4561 return 0;
4562 /* case TOR_TLS_DONE:
4563 * for TOR_TLS_DONE, fall through to check if the flushlen
4564 * is empty, so we can stop writing.
4565 */
4566 }
4567
4568 tor_tls_get_n_raw_bytes(or_conn->tls, &n_read, &n_written);
4569 log_debug(LD_GENERAL, "After TLS write of %d: %ld read, %ld written",
4570 result, (long)n_read, (long)n_written);
4571 or_conn->bytes_xmitted += result;
4572 or_conn->bytes_xmitted_by_tls += n_written;
4573 /* So we notice bytes were written even on error */
4574 /* XXXX This cast is safe since we can never write INT_MAX bytes in a
4575 * single set of TLS operations. But it looks kinda ugly. If we refactor
4576 * the *_buf_tls functions, we should make them return ssize_t or size_t
4577 * or something. */
4578 result = (int)(initial_size-buf_datalen(conn->outbuf));
4579 } else {
4580 CONN_LOG_PROTECT(conn,
4581 result = buf_flush_to_socket(conn->outbuf, conn->s,
4582 max_to_write));
4583 if (result < 0) {
4584 if (CONN_IS_EDGE(conn))
4586 if (conn->type == CONN_TYPE_AP) {
4587 /* writing failed; we couldn't send a SOCKS reply if we wanted to */
4589 }
4590
4591 connection_close_immediate(conn); /* Don't flush; connection is dead. */
4592 connection_mark_for_close(conn);
4593 return -1;
4594 }
4596 n_written = (size_t) result;
4597 }
4598
4599 if (n_written && conn->type == CONN_TYPE_AP) {
4600 edge_connection_t *edge_conn = TO_EDGE_CONN(conn);
4601
4602 /* Check for overflow: */
4603 if (PREDICT_LIKELY(UINT32_MAX - edge_conn->n_written > n_written))
4604 edge_conn->n_written += (int)n_written;
4605 else
4606 edge_conn->n_written = UINT32_MAX;
4607 }
4608
4609 /* If CONN_BW events are enabled, update conn->n_written_conn_bw for
4610 * OR/DIR/EXIT connections, checking for overflow. */
4611 if (n_written && get_options()->TestingEnableConnBwEvent &&
4612 (conn->type == CONN_TYPE_OR ||
4613 conn->type == CONN_TYPE_DIR ||
4614 conn->type == CONN_TYPE_EXIT)) {
4615 if (PREDICT_LIKELY(UINT32_MAX - conn->n_written_conn_bw > n_written))
4616 conn->n_written_conn_bw += (int)n_written;
4617 else
4618 conn->n_written_conn_bw = UINT32_MAX;
4619 }
4620
4621 connection_buckets_decrement(conn, approx_time(), n_read, n_written);
4622
4623 if (result > 0) {
4624 /* If we wrote any bytes from our buffer, then call the appropriate
4625 * functions. */
4626 if (connection_flushed_some(conn) < 0) {
4627 if (connection_speaks_cells(conn)) {
4629 END_OR_CONN_REASON_MISC,
4630 "Got error back from "
4631 "connection_flushed_some()");
4632 }
4633
4634 /*
4635 * This can bypass normal channel checking since we did
4636 * connection_or_notify_error() above.
4637 */
4638 connection_mark_for_close_internal(conn);
4639 }
4640 }
4641
4642 if (!connection_wants_to_flush(conn) &&
4643 !dont_stop_writing) { /* it's done flushing */
4644 if (connection_finished_flushing(conn) < 0) {
4645 /* already marked */
4646 goto err;
4647 }
4648 goto done;
4649 }
4650
4651 /* Call even if result is 0, since the global write bucket may
4652 * have reached 0 on a different conn, and this connection needs to
4653 * know to stop writing. */
4655 if (n_read > 0 && connection_is_reading(conn))
4657
4658 done:
4659 /* If this is an edge connection with congestion control, check to see
4660 * if it is time to send an xon */
4661 if (conn_uses_flow_control(conn)) {
4662 flow_control_decide_xon(TO_EDGE_CONN(conn), n_written);
4663 }
4664
4665 return 0;
4666
4667 err:
4668 return -1;
4669}
4670
4671/* DOCDOC connection_handle_write */
4672int
4673connection_handle_write(connection_t *conn, int force)
4674{
4675 int res;
4676 update_current_time(time(NULL));
4677 /* connection_handle_write_impl() might call connection_handle_read()
4678 * if we're in the middle of a v2 handshake, in which case it needs this
4679 * flag set. */
4681 res = connection_handle_write_impl(conn, force);
4683 return res;
4684}
4685
4686/**
4687 * Try to flush data that's waiting for a write on <b>conn</b>. Return
4688 * -1 on failure, 0 on success.
4689 *
4690 * Don't use this function for regular writing; the buffers
4691 * system should be good enough at scheduling writes there. Instead, this
4692 * function is for cases when we're about to exit or something and we want
4693 * to report it right away.
4694 */
4695int
4697{
4698 return connection_handle_write(conn, 1);
4699}
4700
4701/** Helper for connection_write_to_buf_impl and connection_write_buf_to_buf:
4702 *
4703 * Return true iff it is okay to queue bytes on <b>conn</b>'s outbuf for
4704 * writing.
4705 */
4706static int
4708{
4709 /* if it's marked for close, only allow write if we mean to flush it */
4710 if (conn->marked_for_close && !conn->hold_open_until_flushed)
4711 return 0;
4712
4713 return 1;
4714}
4715
4716/** Helper for connection_write_to_buf_impl and connection_write_buf_to_buf:
4717 *
4718 * Called when an attempt to add bytes on <b>conn</b>'s outbuf has failed;
4719 * mark the connection and warn as appropriate.
4720 */
4721static void
4723{
4724 if (CONN_IS_EDGE(conn)) {
4725 /* if it failed, it means we have our package/delivery windows set
4726 wrong compared to our max outbuf size. close the whole circuit. */
4727 log_warn(LD_NET,
4728 "write_to_buf failed. Closing circuit (fd %d).", (int)conn->s);
4729 circuit_mark_for_close(circuit_get_by_edge_conn(TO_EDGE_CONN(conn)),
4730 END_CIRC_REASON_INTERNAL);
4731 } else if (conn->type == CONN_TYPE_OR) {
4732 or_connection_t *orconn = TO_OR_CONN(conn);
4733 log_warn(LD_NET,
4734 "write_to_buf failed on an orconn; notifying of error "
4735 "(fd %d)", (int)(conn->s));
4737 } else {
4738 log_warn(LD_NET,
4739 "write_to_buf failed. Closing connection (fd %d).",
4740 (int)conn->s);
4741 connection_mark_for_close(conn);
4742 }
4743}
4744
4745/** Helper for connection_write_to_buf_impl and connection_write_buf_to_buf:
4746 *
4747 * Called when an attempt to add bytes on <b>conn</b>'s outbuf has succeeded:
4748 * start writing if appropriate.
4749 */
4750static void
4752{
4753 /* If we receive optimistic data in the EXIT_CONN_STATE_RESOLVING
4754 * state, we don't want to try to write it right away, since
4755 * conn->write_event won't be set yet. Otherwise, write data from
4756 * this conn as the socket is available. */
4757 if (conn->write_event) {
4759 }
4760}
4761
4762/** Append <b>len</b> bytes of <b>string</b> onto <b>conn</b>'s
4763 * outbuf, and ask it to start writing.
4764 *
4765 * If <b>zlib</b> is nonzero, this is a directory connection that should get
4766 * its contents compressed or decompressed as they're written. If zlib is
4767 * negative, this is the last data to be compressed, and the connection's zlib
4768 * state should be flushed.
4769 */
4770MOCK_IMPL(void,
4771connection_write_to_buf_impl_,(const char *string, size_t len,
4772 connection_t *conn, int zlib))
4773{
4774 /* XXXX This function really needs to return -1 on failure. */
4775 int r;
4776 if (!len && !(zlib<0))
4777 return;
4778
4779 if (!connection_may_write_to_buf(conn))
4780 return;
4781
4782 if (zlib) {
4783 dir_connection_t *dir_conn = TO_DIR_CONN(conn);
4784 int done = zlib < 0;
4786 dir_conn->compress_state,
4787 string, len, done));
4788 } else {
4789 CONN_LOG_PROTECT(conn, r = buf_add(conn->outbuf, string, len));
4790 }
4791 if (r < 0) {
4793 return;
4794 }
4796}
4797
4798/**
4799 * Write a <b>string</b> (of size <b>len</b> to directory connection
4800 * <b>dir_conn</b>. Apply compression if connection is configured to use
4801 * it and finalize it if <b>done</b> is true.
4802 */
4803void
4804connection_dir_buf_add(const char *string, size_t len,
4805 dir_connection_t *dir_conn, int done)
4806{
4807 if (dir_conn->compress_state != NULL) {
4808 connection_buf_add_compress(string, len, dir_conn, done);
4809 return;
4810 }
4811
4812 connection_buf_add(string, len, TO_CONN(dir_conn));
4813}
4814
4815void
4816connection_buf_add_compress(const char *string, size_t len,
4817 dir_connection_t *conn, int done)
4818{
4819 connection_write_to_buf_impl_(string, len, TO_CONN(conn), done ? -1 : 1);
4820}
4821
4822/**
4823 * Add all bytes from <b>buf</b> to <b>conn</b>'s outbuf, draining them
4824 * from <b>buf</b>. (If the connection is marked and will soon be closed,
4825 * nothing is drained.)
4826 */
4827void
4829{
4830 tor_assert(conn);
4831 tor_assert(buf);
4832 size_t len = buf_datalen(buf);
4833 if (len == 0)
4834 return;
4835
4836 if (!connection_may_write_to_buf(conn))
4837 return;
4838
4839 buf_move_all(conn->outbuf, buf);
4841}
4842
4843#define CONN_GET_ALL_TEMPLATE(var, test) \
4844 STMT_BEGIN \
4845 smartlist_t *conns = get_connection_array(); \
4846 smartlist_t *ret_conns = smartlist_new(); \
4847 SMARTLIST_FOREACH_BEGIN(conns, connection_t *, var) { \
4848 if (var && (test) && !var->marked_for_close) \
4849 smartlist_add(ret_conns, var); \
4850 } SMARTLIST_FOREACH_END(var); \
4851 return ret_conns; \
4852 STMT_END
4853
4854/* Return a list of connections that aren't close and matches the given type
4855 * and state. The returned list can be empty and must be freed using
4856 * smartlist_free(). The caller does NOT have ownership of the objects in the
4857 * list so it must not free them nor reference them as they can disappear. */
4859connection_list_by_type_state(int type, int state)
4860{
4861 CONN_GET_ALL_TEMPLATE(conn, (conn->type == type && conn->state == state));
4862}
4863
4864/* Return a list of connections that aren't close and matches the given type
4865 * and purpose. The returned list can be empty and must be freed using
4866 * smartlist_free(). The caller does NOT have ownership of the objects in the
4867 * list so it must not free them nor reference them as they can disappear. */
4869connection_list_by_type_purpose(int type, int purpose)
4870{
4871 CONN_GET_ALL_TEMPLATE(conn,
4872 (conn->type == type && conn->purpose == purpose));
4873}
4874
4875/** Return a connection_t * from get_connection_array() that satisfies test on
4876 * var, and that is not marked for close. */
4877#define CONN_GET_TEMPLATE(var, test) \
4878 STMT_BEGIN \
4879 smartlist_t *conns = get_connection_array(); \
4880 SMARTLIST_FOREACH(conns, connection_t *, var, \
4881 { \
4882 if (var && (test) && !var->marked_for_close) \
4883 return var; \
4884 }); \
4885 return NULL; \
4886 STMT_END
4887
4888/** Return a connection with given type, address, port, and purpose;
4889 * or NULL if no such connection exists (or if all such connections are marked
4890 * for close). */
4893 const tor_addr_t *addr, uint16_t port,
4894 int purpose))
4895{
4896 CONN_GET_TEMPLATE(conn,
4897 (conn->type == type &&
4898 tor_addr_eq(&conn->addr, addr) &&
4899 conn->port == port &&
4900 conn->purpose == purpose));
4901}
4902
4903/** Return the stream with id <b>id</b> if it is not already marked for
4904 * close.
4905 */
4908{
4909 CONN_GET_TEMPLATE(conn, conn->global_identifier == id);
4910}
4911
4912/** Return a connection of type <b>type</b> that is not marked for close.
4913 */
4916{
4917 CONN_GET_TEMPLATE(conn, conn->type == type);
4918}
4919
4920/** Return a connection of type <b>type</b> that is in state <b>state</b>,
4921 * and that is not marked for close.
4922 */
4925{
4926 CONN_GET_TEMPLATE(conn, conn->type == type && conn->state == state);
4927}
4928
4929/**
4930 * Return a connection of type <b>type</b> that is not an internally linked
4931 * connection, and is not marked for close.
4932 **/
4935{
4936 CONN_GET_TEMPLATE(conn, conn->type == type && !conn->linked);
4937}
4938
4939/** Return a new smartlist of dir_connection_t * from get_connection_array()
4940 * that satisfy conn_test on connection_t *conn_var, and dirconn_test on
4941 * dir_connection_t *dirconn_var. conn_var must be of CONN_TYPE_DIR and not
4942 * marked for close to be included in the list. */
4943#define DIR_CONN_LIST_TEMPLATE(conn_var, conn_test, \
4944 dirconn_var, dirconn_test) \
4945 STMT_BEGIN \
4946 smartlist_t *conns = get_connection_array(); \
4947 smartlist_t *dir_conns = smartlist_new(); \
4948 SMARTLIST_FOREACH_BEGIN(conns, connection_t *, conn_var) { \
4949 if (conn_var && (conn_test) \
4950 && conn_var->type == CONN_TYPE_DIR \
4951 && !conn_var->marked_for_close) { \
4952 dir_connection_t *dirconn_var = TO_DIR_CONN(conn_var); \
4953 if (dirconn_var && (dirconn_test)) { \
4954 smartlist_add(dir_conns, dirconn_var); \
4955 } \
4956 } \
4957 } SMARTLIST_FOREACH_END(conn_var); \
4958 return dir_conns; \
4959 STMT_END
4960
4961/** Return a list of directory connections that are fetching the item
4962 * described by <b>purpose</b>/<b>resource</b>. If there are none,
4963 * return an empty list. This list must be freed using smartlist_free,
4964 * but the pointers in it must not be freed.
4965 * Note that this list should not be cached, as the pointers in it can be
4966 * freed if their connections close. */
4969 int purpose,
4970 const char *resource)
4971{
4973 conn->purpose == purpose,
4974 dirconn,
4975 0 == strcmp_opt(resource,
4976 dirconn->requested_resource));
4977}
4978
4979/** Return a list of directory connections that are fetching the item
4980 * described by <b>purpose</b>/<b>resource</b>/<b>state</b>. If there are
4981 * none, return an empty list. This list must be freed using smartlist_free,
4982 * but the pointers in it must not be freed.
4983 * Note that this list should not be cached, as the pointers in it can be
4984 * freed if their connections close. */
4987 int purpose,
4988 const char *resource,
4989 int state)
4990{
4992 conn->purpose == purpose && conn->state == state,
4993 dirconn,
4994 0 == strcmp_opt(resource,
4995 dirconn->requested_resource));
4996}
4997
4998#undef DIR_CONN_LIST_TEMPLATE
4999
5000/** Return an arbitrary active OR connection that isn't <b>this_conn</b>.
5001 *
5002 * We use this to guess if we should tell the controller that we
5003 * didn't manage to connect to any of our bridges. */
5004static connection_t *
5006{
5007 CONN_GET_TEMPLATE(conn,
5008 conn != TO_CONN(this_conn) && conn->type == CONN_TYPE_OR);
5009}
5010
5011/** Return 1 if there are any active OR connections apart from
5012 * <b>this_conn</b>.
5013 *
5014 * We use this to guess if we should tell the controller that we
5015 * didn't manage to connect to any of our bridges. */
5016int
5018{
5020 if (conn != NULL) {
5021 log_debug(LD_DIR, "%s: Found an OR connection: %s",
5022 __func__, connection_describe(conn));
5023 return 1;
5024 }
5025
5026 return 0;
5027}
5028
5029#undef CONN_GET_TEMPLATE
5030
5031/** Return 1 if <b>conn</b> is a listener conn, else return 0. */
5032int
5034{
5035 if (conn->type == CONN_TYPE_OR_LISTENER ||
5037 conn->type == CONN_TYPE_AP_LISTENER ||
5042 conn->type == CONN_TYPE_DIR_LISTENER ||
5045 return 1;
5046 return 0;
5047}
5048
5049/** Return 1 if <b>conn</b> is in state "open" and is not marked
5050 * for close, else return 0.
5051 */
5052int
5054{
5055 tor_assert(conn);
5056
5057 if (conn->marked_for_close)
5058 return 0;
5059
5060 if ((conn->type == CONN_TYPE_OR && conn->state == OR_CONN_STATE_OPEN) ||
5061 (conn->type == CONN_TYPE_EXT_OR) ||
5062 (conn->type == CONN_TYPE_AP && conn->state == AP_CONN_STATE_OPEN) ||
5063 (conn->type == CONN_TYPE_EXIT && conn->state == EXIT_CONN_STATE_OPEN) ||
5064 (conn->type == CONN_TYPE_CONTROL &&
5066 return 1;
5067
5068 return 0;
5069}
5070
5071/** Return 1 if conn is in 'connecting' state, else return 0. */
5072int
5074{
5075 tor_assert(conn);
5076
5077 if (conn->marked_for_close)
5078 return 0;
5079 switch (conn->type)
5080 {
5081 case CONN_TYPE_OR:
5082 return conn->state == OR_CONN_STATE_CONNECTING;
5083 case CONN_TYPE_EXIT:
5084 return conn->state == EXIT_CONN_STATE_CONNECTING;
5085 case CONN_TYPE_DIR:
5086 return conn->state == DIR_CONN_STATE_CONNECTING;
5087 }
5088
5089 return 0;
5090}
5091
5092/** Allocates a base64'ed authenticator for use in http or https
5093 * auth, based on the input string <b>authenticator</b>. Returns it
5094 * if success, else returns NULL. */
5095char *
5096alloc_http_authenticator(const char *authenticator)
5097{
5098 /* an authenticator in Basic authentication
5099 * is just the string "username:password" */
5100 const size_t authenticator_length = strlen(authenticator);
5101 const size_t base64_authenticator_length =
5102 base64_encode_size(authenticator_length, 0) + 1;
5103 char *base64_authenticator = tor_malloc(base64_authenticator_length);
5104 if (base64_encode(base64_authenticator, base64_authenticator_length,
5105 authenticator, authenticator_length, 0) < 0) {
5106 tor_free(base64_authenticator); /* free and set to null */
5107 }
5108 return base64_authenticator;
5109}
5110
5111/** Given a socket handle, check whether the local address (sockname) of the
5112 * socket is one that we've connected from before. If so, double-check
5113 * whether our address has changed and we need to generate keys. If we do,
5114 * call init_keys().
5115 */
5116static void
5118{
5119 tor_addr_t out_addr, iface_addr;
5120 tor_addr_t **last_interface_ip_ptr;
5121 sa_family_t family;
5122
5123 if (!outgoing_addrs)
5125
5126 if (tor_addr_from_getsockname(&out_addr, sock) < 0) {
5127 int e = tor_socket_errno(sock);
5128 log_warn(LD_NET, "getsockname() to check for address change failed: %s",
5129 tor_socket_strerror(e));
5130 return;
5131 }
5132 family = tor_addr_family(&out_addr);
5133
5134 if (family == AF_INET)
5135 last_interface_ip_ptr = &last_interface_ipv4;
5136 else if (family == AF_INET6)
5137 last_interface_ip_ptr = &last_interface_ipv6;
5138 else
5139 return;
5140
5141 if (! *last_interface_ip_ptr) {
5142 tor_addr_t *a = tor_malloc_zero(sizeof(tor_addr_t));
5143 if (get_interface_address6(LOG_INFO, family, a)==0) {
5144 *last_interface_ip_ptr = a;
5145 } else {
5146 tor_free(a);
5147 }
5148 }
5149
5150 /* If we've used this address previously, we're okay. */
5152 if (tor_addr_eq(a_ptr, &out_addr))
5153 return;
5154 );
5155
5156 /* Uh-oh. We haven't connected from this address before. Has the interface
5157 * address changed? */
5158 if (get_interface_address6(LOG_INFO, family, &iface_addr)<0)
5159 return;
5160
5161 if (tor_addr_eq(&iface_addr, *last_interface_ip_ptr)) {
5162 /* Nope, it hasn't changed. Add this address to the list. */
5163 smartlist_add(outgoing_addrs, tor_memdup(&out_addr, sizeof(tor_addr_t)));
5164 } else {
5165 /* The interface changed. We're a client, so we need to regenerate our
5166 * keys. First, reset the state. */
5167 log_notice(LD_NET, "Our IP address has changed. Rotating keys...");
5168 tor_addr_copy(*last_interface_ip_ptr, &iface_addr);
5171 smartlist_add(outgoing_addrs, tor_memdup(&out_addr, sizeof(tor_addr_t)));
5172 /* We'll need to resolve ourselves again. */
5173 resolved_addr_reset_last(AF_INET);
5174 /* Okay, now change our keys. */
5176 }
5177}
5178
5179/** Some systems have limited system buffers for recv and xmit on
5180 * sockets allocated in a virtual server or similar environment. For a Tor
5181 * server this can produce the "Error creating network socket: No buffer
5182 * space available" error once all available TCP buffer space is consumed.
5183 * This method will attempt to constrain the buffers allocated for the socket
5184 * to the desired size to stay below system TCP buffer limits.
5185 */
5186static void
5188{
5189 void *sz = (void*)&size;
5190 socklen_t sz_sz = (socklen_t) sizeof(size);
5191 if (setsockopt(sock, SOL_SOCKET, SO_SNDBUF, sz, sz_sz) < 0) {
5192 int e = tor_socket_errno(sock);
5193 log_warn(LD_NET, "setsockopt() to constrain send "
5194 "buffer to %d bytes failed: %s", size, tor_socket_strerror(e));
5195 }
5196 if (setsockopt(sock, SOL_SOCKET, SO_RCVBUF, sz, sz_sz) < 0) {
5197 int e = tor_socket_errno(sock);
5198 log_warn(LD_NET, "setsockopt() to constrain recv "
5199 "buffer to %d bytes failed: %s", size, tor_socket_strerror(e));
5200 }
5201}
5202
5203/** Process new bytes that have arrived on conn->inbuf.
5204 *
5205 * This function just passes conn to the connection-specific
5206 * connection_*_process_inbuf() function. It also passes in
5207 * package_partial if wanted.
5208 */
5209int
5210connection_process_inbuf(connection_t *conn, int package_partial)
5211{
5212 tor_assert(conn);
5213
5214 switch (conn->type) {
5215 case CONN_TYPE_OR:
5217 case CONN_TYPE_EXT_OR:
5219 case CONN_TYPE_EXIT:
5220 case CONN_TYPE_AP:
5222 package_partial);
5223 case CONN_TYPE_DIR:
5225 case CONN_TYPE_CONTROL:
5227 case CONN_TYPE_METRICS:
5229 default:
5230 log_err(LD_BUG,"got unexpected conn type %d.", conn->type);
5232 return -1;
5233 }
5234}
5235
5236/** Called whenever we've written data on a connection. */
5237static int
5239{
5240 int r = 0;
5242 conn->in_flushed_some = 1;
5243 if (conn->type == CONN_TYPE_DIR &&
5245 r = connection_dirserv_flushed_some(TO_DIR_CONN(conn));
5246 } else if (conn->type == CONN_TYPE_OR) {
5248 } else if (CONN_IS_EDGE(conn)) {
5250 }
5251 conn->in_flushed_some = 0;
5252 return r;
5253}
5254
5255/** We just finished flushing bytes to the appropriately low network layer,
5256 * and there are no more bytes remaining in conn->outbuf or
5257 * conn->tls to be flushed.
5258 *
5259 * This function just passes conn to the connection-specific
5260 * connection_*_finished_flushing() function.
5261 */
5262static int
5264{
5265 tor_assert(conn);
5266
5267 /* If the connection is closed, don't try to do anything more here. */
5268 if (CONN_IS_CLOSED(conn))
5269 return 0;
5270
5271// log_fn(LOG_DEBUG,"entered. Socket %u.", conn->s);
5272
5274
5275 switch (conn->type) {
5276 case CONN_TYPE_OR:
5278 case CONN_TYPE_EXT_OR:
5280 case CONN_TYPE_AP:
5281 case CONN_TYPE_EXIT:
5283 case CONN_TYPE_DIR:
5285 case CONN_TYPE_CONTROL:
5287 case CONN_TYPE_METRICS:
5289 default:
5290 log_err(LD_BUG,"got unexpected conn type %d.", conn->type);
5292 return -1;
5293 }
5294}
5295
5296/** Called when our attempt to connect() to a server has just succeeded.
5297 *
5298 * This function checks if the interface address has changed (clients only),
5299 * and then passes conn to the connection-specific
5300 * connection_*_finished_connecting() function.
5301 */
5302static int
5304{
5305 tor_assert(conn);
5306
5307 if (!server_mode(get_options())) {
5308 /* See whether getsockname() says our address changed. We need to do this
5309 * now that the connection has finished, because getsockname() on Windows
5310 * won't work until then. */
5312 }
5313
5314 switch (conn->type)
5315 {
5316 case CONN_TYPE_OR:
5318 case CONN_TYPE_EXIT:
5320 case CONN_TYPE_DIR:
5322 default:
5323 log_err(LD_BUG,"got unexpected conn type %d.", conn->type);
5325 return -1;
5326 }
5327}
5328
5329/** Callback: invoked when a connection reaches an EOF event. */
5330static int
5332{
5333 switch (conn->type) {
5334 case CONN_TYPE_OR:
5335 case CONN_TYPE_EXT_OR:
5337 case CONN_TYPE_AP:
5338 case CONN_TYPE_EXIT:
5340 case CONN_TYPE_DIR:
5342 case CONN_TYPE_CONTROL:
5344 case CONN_TYPE_METRICS:
5345 return metrics_connection_reached_eof(conn);
5346 default:
5347 log_err(LD_BUG,"got unexpected conn type %d.", conn->type);
5349 return -1;
5350 }
5351}
5352
5353/** Comparator for the two-orconn case in OOS victim sort */
5354static int
5356{
5357 int a_circs, b_circs;
5358 /* Fewer circuits == higher priority for OOS kill, sort earlier */
5359
5360 a_circs = connection_or_get_num_circuits(a);
5361 b_circs = connection_or_get_num_circuits(b);
5362
5363 if (a_circs < b_circs) return 1;
5364 else if (a_circs > b_circs) return -1;
5365 else return 0;
5366}
5367
5368/** Sort comparator for OOS victims; better targets sort before worse
5369 * ones. */
5370static int
5371oos_victim_comparator(const void **a_v, const void **b_v)
5372{
5373 connection_t *a = NULL, *b = NULL;
5374
5375 /* Get connection pointers out */
5376
5377 a = (connection_t *)(*a_v);
5378 b = (connection_t *)(*b_v);
5379
5380 tor_assert(a != NULL);
5381 tor_assert(b != NULL);
5382
5383 /*
5384 * We always prefer orconns as victims currently; we won't even see
5385 * these non-orconn cases, but if we do, sort them after orconns.
5386 */
5387 if (a->type == CONN_TYPE_OR && b->type == CONN_TYPE_OR) {
5389 } else {
5390 /*
5391 * One isn't an orconn; if one is, it goes first. We currently have no
5392 * opinions about cases where neither is an orconn.
5393 */
5394 if (a->type == CONN_TYPE_OR) return -1;
5395 else if (b->type == CONN_TYPE_OR) return 1;
5396 else return 0;
5397 }
5398}
5399
5400/** Pick n victim connections for the OOS handler and return them in a
5401 * smartlist.
5402 */
5405{
5406 smartlist_t *eligible = NULL, *victims = NULL;
5407 smartlist_t *conns;
5408 int conn_counts_by_type[CONN_TYPE_MAX_ + 1], i;
5409
5410 /*
5411 * Big damn assumption (someone improve this someday!):
5412 *
5413 * Socket exhaustion normally happens on high-volume relays, and so
5414 * most of the connections involved are orconns. We should pick victims
5415 * by assembling a list of all orconns, and sorting them in order of
5416 * how much 'damage' by some metric we'd be doing by dropping them.
5417 *
5418 * If we move on from orconns, we should probably think about incoming
5419 * directory connections next, or exit connections. Things we should
5420 * probably never kill are controller connections and listeners.
5421 *
5422 * This function will count how many connections of different types
5423 * exist and log it for purposes of gathering data on typical OOS
5424 * situations to guide future improvements.
5425 */
5426
5427 /* First, get the connection array */
5428 conns = get_connection_array();
5429 /*
5430 * Iterate it and pick out eligible connection types, and log some stats
5431 * along the way.
5432 */
5433 eligible = smartlist_new();
5434 memset(conn_counts_by_type, 0, sizeof(conn_counts_by_type));
5436 /* Bump the counter */
5437 tor_assert(c->type <= CONN_TYPE_MAX_);
5438 ++(conn_counts_by_type[c->type]);
5439
5440 /* Skip anything without a socket we can free */
5441 if (!(SOCKET_OK(c->s))) {
5442 continue;
5443 }
5444
5445 /* Skip anything we would count as moribund */
5446 if (connection_is_moribund(c)) {
5447 continue;
5448 }
5449
5450 switch (c->type) {
5451 case CONN_TYPE_OR:
5452 /* We've got an orconn, it's eligible to be OOSed */
5453 smartlist_add(eligible, c);
5454 break;
5455 default:
5456 /* We don't know what to do with it, ignore it */
5457 break;
5458 }
5459 } SMARTLIST_FOREACH_END(c);
5460
5461 /* Log some stats */
5462 if (smartlist_len(conns) > 0) {
5463 /* At least one counter must be non-zero */
5464 log_info(LD_NET, "Some stats on conn types seen during OOS follow");
5465 for (i = CONN_TYPE_MIN_; i <= CONN_TYPE_MAX_; ++i) {
5466 /* Did we see any? */
5467 if (conn_counts_by_type[i] > 0) {
5468 log_info(LD_NET, "%s: %d conns",
5470 conn_counts_by_type[i]);
5471 }
5472 }
5473 log_info(LD_NET, "Done with OOS conn type stats");
5474 }
5475
5476 /* Did we find more eligible targets than we want to kill? */
5477 if (smartlist_len(eligible) > n) {
5478 /* Sort the list in order of target preference */
5480 /* Pick first n as victims */
5481 victims = smartlist_new();
5482 for (i = 0; i < n; ++i) {
5483 smartlist_add(victims, smartlist_get(eligible, i));
5484 }
5485 /* Free the original list */
5486 smartlist_free(eligible);
5487 } else {
5488 /* No, we can just call them all victims */
5489 victims = eligible;
5490 }
5491
5492 return victims;
5493}
5494
5495/** Kill a list of connections for the OOS handler. */
5496MOCK_IMPL(STATIC void,
5498{
5499 if (!conns) return;
5500
5502 /* Make sure the channel layer gets told about orconns */
5503 if (c->type == CONN_TYPE_OR) {
5505 } else {
5506 connection_mark_for_close(c);
5507 }
5508 } SMARTLIST_FOREACH_END(c);
5509
5510 log_notice(LD_NET,
5511 "OOS handler marked %d connections",
5512 smartlist_len(conns));
5513}
5514
5515/** Check if a connection is on the way out so the OOS handler doesn't try
5516 * to kill more than it needs. */
5517int
5519{
5520 if (conn != NULL &&
5521 (conn->conn_array_index < 0 ||
5522 conn->marked_for_close)) {
5523 return 1;
5524 } else {
5525 return 0;
5526 }
5527}
5528
5529/** Out-of-Sockets handler; n_socks is the current number of open
5530 * sockets, and failed is non-zero if a socket exhaustion related
5531 * error immediately preceded this call. This is where to do
5532 * circuit-killing heuristics as needed.
5533 */
5534void
5535connection_check_oos(int n_socks, int failed)
5536{
5537 int target_n_socks = 0, moribund_socks, socks_to_kill;
5538 smartlist_t *conns;
5539
5540 /* Early exit: is OOS checking disabled? */
5541 if (get_options()->DisableOOSCheck) {
5542 return;
5543 }
5544
5545 /* Sanity-check args */
5546 tor_assert(n_socks >= 0);
5547
5548 /*
5549 * Make some log noise; keep it at debug level since this gets a chance
5550 * to run on every connection attempt.
5551 */
5552 log_debug(LD_NET,
5553 "Running the OOS handler (%d open sockets, %s)",
5554 n_socks, (failed != 0) ? "exhaustion seen" : "no exhaustion");
5555
5556 /*
5557 * Check if we're really handling an OOS condition, and if so decide how
5558 * many sockets we want to get down to. Be sure we check if the threshold
5559 * is distinct from zero first; it's possible for this to be called a few
5560 * times before we've finished reading the config.
5561 */
5562 if (n_socks >= get_options()->ConnLimit_high_thresh &&
5563 get_options()->ConnLimit_high_thresh != 0 &&
5564 get_options()->ConnLimit_ != 0) {
5565 /* Try to get down to the low threshold */
5566 target_n_socks = get_options()->ConnLimit_low_thresh;
5567 log_notice(LD_NET,
5568 "Current number of sockets %d is greater than configured "
5569 "limit %d; OOS handler trying to get down to %d",
5570 n_socks, get_options()->ConnLimit_high_thresh,
5571 target_n_socks);
5572 } else if (failed) {
5573 /*
5574 * If we're not at the limit but we hit a socket exhaustion error, try to
5575 * drop some (but not as aggressively as ConnLimit_low_threshold, which is
5576 * 3/4 of ConnLimit_)
5577 */
5578 target_n_socks = (n_socks * 9) / 10;
5579 log_notice(LD_NET,
5580 "We saw socket exhaustion at %d open sockets; OOS handler "
5581 "trying to get down to %d",
5582 n_socks, target_n_socks);
5583 }
5584
5585 if (target_n_socks > 0) {
5586 /*
5587 * It's an OOS!
5588 *
5589 * Count moribund sockets; it's be important that anything we decide
5590 * to get rid of here but don't immediately close get counted as moribund
5591 * on subsequent invocations so we don't try to kill too many things if
5592 * connection_check_oos() gets called multiple times.
5593 */
5594 moribund_socks = connection_count_moribund();
5595
5596 if (moribund_socks < n_socks - target_n_socks) {
5597 socks_to_kill = n_socks - target_n_socks - moribund_socks;
5598
5599 conns = pick_oos_victims(socks_to_kill);
5600 if (conns) {
5602 log_notice(LD_NET,
5603 "OOS handler killed %d conns", smartlist_len(conns));
5604 smartlist_free(conns);
5605 } else {
5606 log_notice(LD_NET, "OOS handler failed to pick any victim conns");
5607 }
5608 } else {
5609 log_notice(LD_NET,
5610 "Not killing any sockets for OOS because there are %d "
5611 "already moribund, and we only want to eliminate %d",
5612 moribund_socks, n_socks - target_n_socks);
5613 }
5614 }
5615}
5616
5617/** Log how many bytes are used by buffers of different kinds and sizes. */
5618void
5620{
5621 uint64_t used_by_type[CONN_TYPE_MAX_+1];
5622 uint64_t alloc_by_type[CONN_TYPE_MAX_+1];
5623 int n_conns_by_type[CONN_TYPE_MAX_+1];
5624 uint64_t total_alloc = 0;
5625 uint64_t total_used = 0;
5626 int i;
5628
5629 memset(used_by_type, 0, sizeof(used_by_type));
5630 memset(alloc_by_type, 0, sizeof(alloc_by_type));
5631 memset(n_conns_by_type, 0, sizeof(n_conns_by_type));
5632
5634 int tp = c->type;
5635 ++n_conns_by_type[tp];
5636 if (c->inbuf) {
5637 used_by_type[tp] += buf_datalen(c->inbuf);
5638 alloc_by_type[tp] += buf_allocation(c->inbuf);
5639 }
5640 if (c->outbuf) {
5641 used_by_type[tp] += buf_datalen(c->outbuf);
5642 alloc_by_type[tp] += buf_allocation(c->outbuf);
5643 }
5644 } SMARTLIST_FOREACH_END(c);
5645 for (i=0; i <= CONN_TYPE_MAX_; ++i) {
5646 total_used += used_by_type[i];
5647 total_alloc += alloc_by_type[i];
5648 }
5649
5650 tor_log(severity, LD_GENERAL,
5651 "In buffers for %d connections: %"PRIu64" used/%"PRIu64" allocated",
5652 smartlist_len(conns),
5653 (total_used), (total_alloc));
5654 for (i=CONN_TYPE_MIN_; i <= CONN_TYPE_MAX_; ++i) {
5655 if (!n_conns_by_type[i])
5656 continue;
5657 tor_log(severity, LD_GENERAL,
5658 " For %d %s connections: %"PRIu64" used/%"PRIu64" allocated",
5659 n_conns_by_type[i], conn_type_to_string(i),
5660 (used_by_type[i]), (alloc_by_type[i]));
5661 }
5662}
5663
5664/** Verify that connection <b>conn</b> has all of its invariants
5665 * correct. Trigger an assert if anything is invalid.
5666 */
5667void
5669{
5670 (void) now; /* XXXX unused. */
5671 tor_assert(conn);
5672 tor_assert(conn->type >= CONN_TYPE_MIN_);
5673 tor_assert(conn->type <= CONN_TYPE_MAX_);
5674
5675 switch (conn->type) {
5676 case CONN_TYPE_OR:
5677 case CONN_TYPE_EXT_OR:
5678 tor_assert(conn->magic == OR_CONNECTION_MAGIC);
5679 break;
5680 case CONN_TYPE_AP:
5681 tor_assert(conn->magic == ENTRY_CONNECTION_MAGIC);
5682 break;
5683 case CONN_TYPE_EXIT:
5684 tor_assert(conn->magic == EDGE_CONNECTION_MAGIC);
5685 break;
5686 case CONN_TYPE_DIR:
5687 tor_assert(conn->magic == DIR_CONNECTION_MAGIC);
5688 break;
5689 case CONN_TYPE_CONTROL:
5690 tor_assert(conn->magic == CONTROL_CONNECTION_MAGIC);
5691 break;
5692 CASE_ANY_LISTENER_TYPE:
5693 tor_assert(conn->magic == LISTENER_CONNECTION_MAGIC);
5694 break;
5695 default:
5696 tor_assert(conn->magic == BASE_CONNECTION_MAGIC);
5697 break;
5698 }
5699
5700 if (conn->linked_conn) {
5701 tor_assert(conn->linked_conn->linked_conn == conn);
5702 tor_assert(conn->linked);
5703 }
5704 if (conn->linked)
5705 tor_assert(!SOCKET_OK(conn->s));
5706
5707 if (conn->hold_open_until_flushed)
5709
5710 /* XXXX check: read_blocked_on_bw, write_blocked_on_bw, s, conn_array_index,
5711 * marked_for_close. */
5712
5713 /* buffers */
5714 if (conn->inbuf)
5715 buf_assert_ok(conn->inbuf);
5716 if (conn->outbuf)
5717 buf_assert_ok(conn->outbuf);
5718
5719 if (conn->type == CONN_TYPE_OR) {
5720 or_connection_t *or_conn = TO_OR_CONN(conn);
5721 if (conn->state == OR_CONN_STATE_OPEN) {
5722 /* tor_assert(conn->bandwidth > 0); */
5723 /* the above isn't necessarily true: if we just did a TLS
5724 * handshake but we didn't recognize the other peer, or it
5725 * gave a bad cert/etc, then we won't have assigned bandwidth,
5726 * yet it will be open. -RD
5727 */
5728// tor_assert(conn->read_bucket >= 0);
5729 }
5730// tor_assert(conn->addr && conn->port);
5731 tor_assert(conn->address);
5733 tor_assert(or_conn->tls);
5734 }
5735
5736 if (CONN_IS_EDGE(conn)) {
5737 /* XXX unchecked: package window, deliver window. */
5738 if (conn->type == CONN_TYPE_AP) {
5739 entry_connection_t *entry_conn = TO_ENTRY_CONN(conn);
5740 if (entry_conn->chosen_exit_optional || entry_conn->chosen_exit_retries)
5741 tor_assert(entry_conn->chosen_exit_name);
5742
5743 tor_assert(entry_conn->socks_request);
5744 if (conn->state == AP_CONN_STATE_OPEN) {
5746 if (!conn->marked_for_close) {
5747 tor_assert(ENTRY_TO_EDGE_CONN(entry_conn)->cpath_layer);
5748 cpath_assert_layer_ok(ENTRY_TO_EDGE_CONN(entry_conn)->cpath_layer);
5749 }
5750 }
5751 }
5752 if (conn->type == CONN_TYPE_EXIT) {
5754 conn->purpose == EXIT_PURPOSE_RESOLVE);
5755 }
5756 } else if (conn->type == CONN_TYPE_DIR) {
5757 } else {
5758 /* Purpose is only used for dir and exit types currently */
5759 tor_assert(!conn->purpose);
5760 }
5761
5762 switch (conn->type)
5763 {
5764 CASE_ANY_LISTENER_TYPE:
5766 break;
5767 case CONN_TYPE_OR:
5768 tor_assert(conn->state >= OR_CONN_STATE_MIN_);
5769 tor_assert(conn->state <= OR_CONN_STATE_MAX_);
5770 break;
5771 case CONN_TYPE_EXT_OR:
5773 tor_assert(conn->state <= EXT_OR_CONN_STATE_MAX_);
5774 break;
5775 case CONN_TYPE_EXIT:
5776 tor_assert(conn->state >= EXIT_CONN_STATE_MIN_);
5777 tor_assert(conn->state <= EXIT_CONN_STATE_MAX_);
5778 tor_assert(conn->purpose >= EXIT_PURPOSE_MIN_);
5779 tor_assert(conn->purpose <= EXIT_PURPOSE_MAX_);
5780 break;
5781 case CONN_TYPE_AP:
5782 tor_assert(conn->state >= AP_CONN_STATE_MIN_);
5783 tor_assert(conn->state <= AP_CONN_STATE_MAX_);
5784 tor_assert(TO_ENTRY_CONN(conn)->socks_request);
5785 break;
5786 case CONN_TYPE_DIR:
5787 tor_assert(conn->state >= DIR_CONN_STATE_MIN_);
5788 tor_assert(conn->state <= DIR_CONN_STATE_MAX_);
5789 tor_assert(conn->purpose >= DIR_PURPOSE_MIN_);
5790 tor_assert(conn->purpose <= DIR_PURPOSE_MAX_);
5791 break;
5792 case CONN_TYPE_CONTROL:
5793 tor_assert(conn->state >= CONTROL_CONN_STATE_MIN_);
5794 tor_assert(conn->state <= CONTROL_CONN_STATE_MAX_);
5795 break;
5796 case CONN_TYPE_METRICS:
5797 /* No state. */
5798 break;
5799 default:
5800 tor_assert(0);
5801 }
5802}
5803
5804/** Fills <b>addr</b> and <b>port</b> with the details of the global
5805 * proxy server we are using. Store a 1 to the int pointed to by
5806 * <b>is_put_out</b> if the connection is using a pluggable
5807 * transport; store 0 otherwise. <b>conn</b> contains the connection
5808 * we are using the proxy for.
5809 *
5810 * Return 0 on success, -1 on failure.
5811 */
5812int
5813get_proxy_addrport(tor_addr_t *addr, uint16_t *port, int *proxy_type,
5814 int *is_pt_out, const connection_t *conn)
5815{
5816 const or_options_t *options = get_options();
5817
5818 *is_pt_out = 0;
5819 /* Client Transport Plugins can use another proxy, but that should be hidden
5820 * from the rest of tor (as the plugin is responsible for dealing with the
5821 * proxy), check it first, then check the rest of the proxy types to allow
5822 * the config to have unused ClientTransportPlugin entries.
5823 */
5824 if (options->ClientTransportPlugin) {
5825 const transport_t *transport = NULL;
5826 int r;
5827 r = get_transport_by_bridge_addrport(&conn->addr, conn->port, &transport);
5828 if (r<0)
5829 return -1;
5830 if (transport) { /* transport found */
5831 tor_addr_copy(addr, &transport->addr);
5832 *port = transport->port;
5833 *proxy_type = transport->socks_version;
5834 *is_pt_out = 1;
5835 return 0;
5836 }
5837
5838 /* Unused ClientTransportPlugin. */
5839 }
5840
5841 if (options->HTTPSProxy) {
5842 tor_addr_copy(addr, &options->HTTPSProxyAddr);
5843 *port = options->HTTPSProxyPort;
5844 *proxy_type = PROXY_CONNECT;
5845 return 0;
5846 } else if (options->Socks4Proxy) {
5847 tor_addr_copy(addr, &options->Socks4ProxyAddr);
5848 *port = options->Socks4ProxyPort;
5849 *proxy_type = PROXY_SOCKS4;
5850 return 0;
5851 } else if (options->Socks5Proxy) {
5852 tor_addr_copy(addr, &options->Socks5ProxyAddr);
5853 *port = options->Socks5ProxyPort;
5854 *proxy_type = PROXY_SOCKS5;
5855 return 0;
5856 } else if (options->TCPProxy) {
5857 tor_addr_copy(addr, &options->TCPProxyAddr);
5858 *port = options->TCPProxyPort;
5859 /* The only supported protocol in TCPProxy is haproxy. */
5861 *proxy_type = PROXY_HAPROXY;
5862 return 0;
5863 }
5864
5866 *port = 0;
5867 *proxy_type = PROXY_NONE;
5868 return 0;
5869}
5870
5871/** Log a failed connection to a proxy server.
5872 * <b>conn</b> is the connection we use the proxy server for. */
5873void
5875{
5876 tor_addr_t proxy_addr;
5877 uint16_t proxy_port;
5878 int proxy_type, is_pt;
5879
5880 if (get_proxy_addrport(&proxy_addr, &proxy_port, &proxy_type, &is_pt,
5881 conn) != 0)
5882 return; /* if we have no proxy set up, leave this function. */
5883
5884 (void)is_pt;
5885 log_warn(LD_NET,
5886 "The connection to the %s proxy server at %s just failed. "
5887 "Make sure that the proxy server is up and running.",
5888 proxy_type_to_string(proxy_type),
5889 fmt_addrport(&proxy_addr, proxy_port));
5890}
5891
5892/** Return string representation of <b>proxy_type</b>. */
5893static const char *
5895{
5896 switch (proxy_type) {
5897 case PROXY_CONNECT: return "HTTP";
5898 case PROXY_SOCKS4: return "SOCKS4";
5899 case PROXY_SOCKS5: return "SOCKS5";
5900 case PROXY_HAPROXY: return "HAPROXY";
5901 case PROXY_PLUGGABLE: return "pluggable transports SOCKS";
5902 case PROXY_NONE: return "NULL";
5903 default: tor_assert(0);
5904 }
5905 return NULL; /*Unreached*/
5906}
5907
5908/** Call connection_free_minimal() on every connection in our array, and
5909 * release all storage held by connection.c.
5910 *
5911 * Don't do the checks in connection_free(), because they will
5912 * fail.
5913 */
5914void
5916{
5918
5919 /* We don't want to log any messages to controllers. */
5920 SMARTLIST_FOREACH(conns, connection_t *, conn,
5921 if (conn->type == CONN_TYPE_CONTROL)
5922 TO_CONTROL_CONN(conn)->event_mask = 0);
5923
5925
5926 /* Unlink everything from the identity map. */
5928
5929 /* Clear out our list of broken connections */
5931
5932 SMARTLIST_FOREACH(conns, connection_t *, conn,
5934
5935 if (outgoing_addrs) {
5937 smartlist_free(outgoing_addrs);
5938 outgoing_addrs = NULL;
5939 }
5940
5942 tor_free(last_interface_ipv6);
5944
5945 mainloop_event_free(reenable_blocked_connections_ev);
5947 memset(&reenable_blocked_connections_delay, 0, sizeof(struct timeval));
5948}
5949
5950/** Log a warning, and possibly emit a control event, that <b>received</b> came
5951 * at a skewed time. <b>trusted</b> indicates that the <b>source</b> was one
5952 * that we had more faith in and therefore the warning level should have higher
5953 * severity.
5954 */
5955MOCK_IMPL(void,
5956clock_skew_warning, (const connection_t *conn, long apparent_skew, int trusted,
5957 log_domain_mask_t domain, const char *received,
5958 const char *source))
5959{
5960 char dbuf[64];
5961 char *ext_source = NULL, *warn = NULL;
5962 format_time_interval(dbuf, sizeof(dbuf), apparent_skew);
5963 if (conn)
5964 tor_asprintf(&ext_source, "%s:%s:%d", source,
5965 fmt_and_decorate_addr(&conn->addr), conn->port);
5966 else
5967 ext_source = tor_strdup(source);
5968 log_fn(trusted ? LOG_WARN : LOG_INFO, domain,
5969 "Received %s with skewed time (%s): "
5970 "It seems that our clock is %s by %s, or that theirs is %s%s. "
5971 "Tor requires an accurate clock to work: please check your time, "
5972 "timezone, and date settings.", received, ext_source,
5973 apparent_skew > 0 ? "ahead" : "behind", dbuf,
5974 apparent_skew > 0 ? "behind" : "ahead",
5975 (!conn || trusted) ? "" : ", or they are sending us the wrong time");
5976 if (trusted) {
5977 control_event_general_status(LOG_WARN, "CLOCK_SKEW SKEW=%ld SOURCE=%s",
5978 apparent_skew, ext_source);
5979 tor_asprintf(&warn, "Clock skew %ld in %s from %s", apparent_skew,
5980 received, source);
5981 control_event_bootstrap_problem(warn, "CLOCK_SKEW", conn, 1);
5982 }
5983 tor_free(warn);
5984 tor_free(ext_source);
5985}
socklen_t tor_addr_to_sockaddr(const tor_addr_t *a, uint16_t port, struct sockaddr *sa_out, socklen_t len)
Definition: address.c:113
void tor_addr_copy(tor_addr_t *dest, const tor_addr_t *src)
Definition: address.c:933
void tor_addr_make_unspec(tor_addr_t *a)
Definition: address.c:225
tor_addr_port_t * tor_addr_port_new(const tor_addr_t *addr, uint16_t port)
Definition: address.c:2100
int tor_addr_is_loopback(const tor_addr_t *addr)
Definition: address.c:805
int tor_addr_is_null(const tor_addr_t *addr)
Definition: address.c:780
char * tor_addr_to_str_dup(const tor_addr_t *addr)
Definition: address.c:1164
int get_interface_address6(int severity, sa_family_t family, tor_addr_t *addr)
Definition: address.c:1723
const char * fmt_addrport(const tor_addr_t *addr, uint16_t port)
Definition: address.c:1199
const char * tor_addr_to_str(char *dest, const tor_addr_t *addr, size_t len, int decorate)
Definition: address.c:328
int tor_addr_from_sockaddr(tor_addr_t *a, const struct sockaddr *sa, uint16_t *port_out)
Definition: address.c:165
Headers for address.h.
#define fmt_and_decorate_addr(a)
Definition: address.h:243
static uint32_t tor_addr_to_ipv4n(const tor_addr_t *a)
Definition: address.h:152
static sa_family_t tor_addr_family(const tor_addr_t *a)
Definition: address.h:187
#define tor_addr_to_in6_addr8(x)
Definition: address.h:135
#define fmt_addr(a)
Definition: address.h:239
#define TOR_ADDR_BUF_LEN
Definition: address.h:224
#define tor_addr_eq(a, b)
Definition: address.h:280
time_t approx_time(void)
Definition: approx_time.c:32
Header file for directory authority mode.
Header for backtrace.c.
int base64_encode(char *dest, size_t destlen, const char *src, size_t srclen, int flags)
Definition: binascii.c:215
size_t base64_encode_size(size_t srclen, int flags)
Definition: binascii.c:166
void base16_encode(char *dest, size_t destlen, const char *src, size_t srclen)
Definition: binascii.c:478
int get_transport_by_bridge_addrport(const tor_addr_t *addr, uint16_t port, const transport_t **transport)
Definition: bridges.c:657
const smartlist_t * get_socks_args_by_bridge_addrport(const tor_addr_t *addr, uint16_t port)
Definition: bridges.c:687
Header file for circuitbuild.c.
buf_t * buf_new(void)
Definition: buffers.c:365
size_t buf_move_all(buf_t *buf_out, buf_t *buf_in)
Definition: buffers.c:691
void buf_clear(buf_t *buf)
Definition: buffers.c:381
int buf_add(buf_t *buf, const char *string, size_t string_len)
Definition: buffers.c:527
size_t buf_allocation(const buf_t *buf)
Definition: buffers.c:401
size_t buf_datalen(const buf_t *buf)
Definition: buffers.c:394
void buf_assert_ok(buf_t *buf)
Definition: buffers.c:910
int buf_get_line(buf_t *buf, char *data_out, size_t *data_len)
Definition: buffers.c:874
size_t buf_slack(const buf_t *buf)
Definition: buffers.c:414
int buf_get_bytes(buf_t *buf, char *string, size_t string_len)
Definition: buffers.c:637
Header file for buffers.c.
#define BUF_MAX_LEN
Definition: buffers.h:33
int buf_flush_to_socket(buf_t *buf, tor_socket_t s, size_t sz)
Definition: buffers_net.c:224
int buf_read_from_socket(buf_t *buf, tor_socket_t s, size_t at_most, int *reached_eof, int *socket_error)
Definition: buffers_net.c:235
Header file for buffers_net.c.
int buf_read_from_tls(buf_t *buf, tor_tls_t *tls, size_t at_most)
Definition: buffers_tls.c:67
int buf_flush_to_tls(buf_t *buf, tor_tls_t *tls, size_t flushlen)
Definition: buffers_tls.c:138
Header for buffers_tls.c.
void bwhist_note_dir_bytes_written(uint64_t num_bytes, time_t when)
Definition: bwhist.c:195
void bwhist_note_bytes_read(uint64_t num_bytes, time_t when, bool ipv6)
Definition: bwhist.c:183
void bwhist_note_dir_bytes_read(uint64_t num_bytes, time_t when)
Definition: bwhist.c:204
void bwhist_note_bytes_written(uint64_t num_bytes, time_t when, bool ipv6)
Definition: bwhist.c:164
Header for feature/stats/bwhist.c.
void channel_close_for_error(channel_t *chan)
Definition: channel.c:1249
void channel_notify_flushed(channel_t *chan)
Definition: channel.c:1795
Header file for channel.c.
Header file for channeltls.c.
Header file for circuitbuild.c.
circuit_t * circuit_get_by_edge_conn(edge_connection_t *conn)
Definition: circuitlist.c:1606
Header file for circuitlist.c.
Header file for circuituse.c.
#define ARRAY_LENGTH(x)
int mainloop_event_schedule(mainloop_event_t *event, const struct timeval *tv)
mainloop_event_t * mainloop_event_new(void(*cb)(mainloop_event_t *, void *), void *userdata)
Header for compat_libevent.c.
uint32_t monotime_coarse_get_stamp(void)
Definition: compat_time.c:864
Headers for compress.c.
int buf_add_compress(struct buf_t *buf, struct tor_compress_state_t *state, const char *data, size_t data_len, int done)
Definition: compress_buf.c:31
const smartlist_t * get_configured_ports(void)
Definition: config.c:6732
const char * escaped_safe_str_client(const char *address)
Definition: config.c:1145
const or_options_t * get_options(void)
Definition: config.c:947
Header file for config.c.
bool conn_uses_flow_control(connection_t *conn)
void flow_control_decide_xon(edge_connection_t *stream, size_t n_written)
APIs for stream flow control on congestion controlled circuits.
void connection_mark_all_noncontrol_listeners(void)
Definition: connection.c:3351
edge_connection_t * edge_connection_new(int type, int socket_family)
Definition: connection.c:623
smartlist_t * connection_dir_list_by_purpose_and_resource(int purpose, const char *resource)
Definition: connection.c:4968
static void client_check_address_changed(tor_socket_t sock)
Definition: connection.c:5117
int connection_buf_get_bytes(char *string, size_t len, connection_t *conn)
Definition: connection.c:4320
connection_t * connection_get_by_type_nonlinked(int type)
Definition: connection.c:4934
void clock_skew_warning(const connection_t *conn, long apparent_skew, int trusted, log_domain_mask_t domain, const char *received, const char *source)
Definition: connection.c:5958
connection_t * connection_new(int type, int socket_family)
Definition: connection.c:665
void connection_link_connections(connection_t *conn_a, connection_t *conn_b)
Definition: connection.c:754
static mainloop_event_t * reenable_blocked_connections_ev
Definition: connection.c:3909
int connection_fetch_from_buf_http(connection_t *conn, char **headers_out, size_t max_headerlen, char **body_out, size_t *body_used, size_t max_bodylen, int force_complete)
Definition: connection.c:4336
static int connection_read_https_proxy_response(connection_t *conn)
Definition: connection.c:2839
int connection_outbuf_too_full(connection_t *conn)
Definition: connection.c:4357
listener_connection_t * listener_connection_new(int type, int socket_family)
Definition: connection.c:650
bool connection_dir_is_global_write_low(const connection_t *conn, size_t attempt)
Definition: connection.c:3591
static int connection_reached_eof(connection_t *conn)
Definition: connection.c:5331
int connection_is_listener(connection_t *conn)
Definition: connection.c:5033
void connection_buf_add_buf(connection_t *conn, buf_t *buf)
Definition: connection.c:4828
static int connection_handle_listener_read(connection_t *conn, int new_type)
Definition: connection.c:1921
static int connection_flushed_some(connection_t *conn)
Definition: connection.c:5238
int get_proxy_addrport(tor_addr_t *addr, uint16_t *port, int *proxy_type, int *is_pt_out, const connection_t *conn)
Definition: connection.c:5813
static int connection_is_rate_limited(const connection_t *conn)
Definition: connection.c:3406
int connection_buf_get_line(connection_t *conn, char *data, size_t *data_len)
Definition: connection.c:4327
int connection_wants_to_flush(connection_t *conn)
Definition: connection.c:4347
static smartlist_t * outgoing_addrs
Definition: connection.c:213
STATIC smartlist_t * pick_oos_victims(int n)
Definition: connection.c:5404
static connection_t * connection_get_another_active_or_conn(const or_connection_t *this_conn)
Definition: connection.c:5005
void connection_mark_for_close_(connection_t *conn, int line, const char *file)
Definition: connection.c:1084
int connection_proxy_connect(connection_t *conn, int type)
Definition: connection.c:2796
int connection_is_moribund(connection_t *conn)
Definition: connection.c:5518
static void connection_write_to_buf_failed(connection_t *conn)
Definition: connection.c:4722
void connection_consider_empty_write_buckets(connection_t *conn)
Definition: connection.c:3804
static time_t last_recorded_accounting_at
Definition: connection.c:3628
static void record_num_bytes_transferred_impl(connection_t *conn, time_t now, size_t num_read, size_t num_written)
Definition: connection.c:3634
static void connection_write_to_buf_commit(connection_t *conn)
Definition: connection.c:4751
void connection_close_immediate(connection_t *conn)
Definition: connection.c:1051
static tor_addr_t * last_interface_ipv4
Definition: connection.c:208
static int retry_listener_ports(smartlist_t *old_conns, const smartlist_t *ports, smartlist_t *new_conns, smartlist_t *replacements, int control_listeners_only)
Definition: connection.c:3121
static int conn_get_proxy_type(const connection_t *conn)
Definition: connection.c:2559
void connection_dump_buffer_mem_stats(int severity)
Definition: connection.c:5619
char * alloc_http_authenticator(const char *authenticator)
Definition: connection.c:5096
#define CONN_GET_TEMPLATE(var, test)
Definition: connection.c:4877
void connection_bucket_init(void)
Definition: connection.c:3832
static ssize_t connection_bucket_get_share(int base, int priority, ssize_t global_bucket_val, ssize_t conn_bucket)
Definition: connection.c:3452
#define DIR_CONN_LIST_TEMPLATE(conn_var, conn_test, dirconn_var, dirconn_test)
Definition: connection.c:4943
void connection_read_bw_exhausted(connection_t *conn, bool is_global_bw)
Definition: connection.c:3739
static int listen_limit
Definition: connection.c:1439
const char * conn_type_to_string(int type)
Definition: connection.c:270
static int connection_https_proxy_connect(connection_t *conn)
Definition: connection.c:2601
static int connection_finished_connecting(connection_t *conn)
Definition: connection.c:5303
connection_t * connection_get_by_type_addr_port_purpose(int type, const tor_addr_t *addr, uint16_t port, int purpose)
Definition: connection.c:4894
static int connection_may_write_to_buf(connection_t *conn)
Definition: connection.c:4707
static int connection_buf_read_from_socket(connection_t *conn, ssize_t *max_to_read, int *socket_error)
Definition: connection.c:4129
static int connection_haproxy_proxy_connect(connection_t *conn)
Definition: connection.c:2762
int connection_flush(connection_t *conn)
Definition: connection.c:4696
void assert_connection_ok(connection_t *conn, time_t now)
Definition: connection.c:5668
connection_t * connection_get_by_type(int type)
Definition: connection.c:4915
int connection_read_proxy_handshake(connection_t *conn)
Definition: connection.c:2949
static int connection_finished_flushing(connection_t *conn)
Definition: connection.c:5263
int connection_process_inbuf(connection_t *conn, int package_partial)
Definition: connection.c:5210
static void reenable_blocked_connection_init(const or_options_t *options)
Definition: connection.c:3953
ssize_t connection_bucket_write_limit(connection_t *conn, time_t now)
Definition: connection.c:3536
static void reenable_blocked_connections_cb(mainloop_event_t *ev, void *arg)
Definition: connection.c:3923
static void connection_init(time_t now, connection_t *conn, int type, int socket_family)
Definition: connection.c:706
int retry_all_listeners(smartlist_t *new_conns, int close_all_noncontrol)
Definition: connection.c:3249
const tor_addr_t * conn_get_outbound_address(sa_family_t family, const or_options_t *options, unsigned int conn_type)
Definition: connection.c:2385
static void connection_send_socks5_connect(connection_t *conn)
Definition: connection.c:2900
const listener_connection_t * CONST_TO_LISTENER_CONN(const connection_t *c)
Definition: connection.c:249
static void set_constrained_socket_buffers(tor_socket_t sock, int size)
Definition: connection.c:5187
static void update_send_buffer_size(tor_socket_t sock)
Definition: connection.c:4369
void connection_write_to_buf_impl_(const char *string, size_t len, connection_t *conn, int zlib)
Definition: connection.c:4772
void connection_mark_for_close_internal_(connection_t *conn, int line, const char *file)
Definition: connection.c:1125
int connection_state_is_open(connection_t *conn)
Definition: connection.c:5053
static void connection_buckets_decrement(connection_t *conn, time_t now, size_t num_read, size_t num_written)
Definition: connection.c:3689
const char * connection_describe_peer(const connection_t *conn)
Definition: connection.c:526
static connection_t * connection_listener_new_for_port(const port_cfg_t *port, int *defer, int *addr_in_use)
Definition: connection.c:1795
static struct timeval reenable_blocked_connections_delay
Definition: connection.c:3915
static connection_t * connection_listener_new(const struct sockaddr *listensockaddr, socklen_t listensocklen, int type, const char *address, const port_cfg_t *portcfg, int *addr_in_use)
Definition: connection.c:1469
STATIC void connection_free_minimal(connection_t *conn)
Definition: connection.c:786
void connection_bucket_adjust(const or_options_t *options)
Definition: connection.c:3857
int any_other_active_or_conns(const or_connection_t *this_conn)
Definition: connection.c:5017
static const char * connection_describe_peer_internal(const connection_t *conn, bool include_preposition)
Definition: connection.c:401
entry_connection_t * entry_connection_new(int type, int socket_family)
Definition: connection.c:599
void connection_consider_empty_read_buckets(connection_t *conn)
Definition: connection.c:3772
static int connection_counts_as_relayed_traffic(connection_t *conn, time_t now)
Definition: connection.c:3435
static int oos_victim_comparator_for_orconns(or_connection_t *a, or_connection_t *b)
Definition: connection.c:5355
or_connection_t * or_connection_new(int type, int socket_family)
Definition: connection.c:574
int conn_listener_type_supports_af_unix(int type)
Definition: connection.c:768
static void socket_failed_from_tcp_port_exhaustion(void)
Definition: connection.c:1287
static uint32_t last_refilled_global_buckets_ts
Definition: connection.c:3877
void connection_free_all(void)
Definition: connection.c:5915
static time_t write_buckets_last_empty_at
Definition: connection.c:3424
static ssize_t connection_bucket_read_limit(connection_t *conn, time_t now)
Definition: connection.c:3482
smartlist_t * connection_dir_list_by_purpose_resource_and_state(int purpose, const char *resource, int state)
Definition: connection.c:4986
static int oos_victim_comparator(const void **a_v, const void **b_v)
Definition: connection.c:5371
static int connection_fetch_from_buf_socks_client(connection_t *conn, int state, char **reason)
Definition: connection.c:2932
static int connection_handle_write_impl(connection_t *conn, int force)
Definition: connection.c:4418
int connection_init_accepted_conn(connection_t *conn, const listener_connection_t *listener)
Definition: connection.c:2107
static void socket_failed_from_fd_exhaustion(void)
Definition: connection.c:1276
static int connection_handle_read_impl(connection_t *conn)
Definition: connection.c:3993
const char * connection_describe(const connection_t *conn)
Definition: connection.c:541
connection_t * connection_get_by_type_state(int type, int state)
Definition: connection.c:4924
STATIC int connection_connect_sockaddr(connection_t *conn, const struct sockaddr *sa, socklen_t sa_len, const struct sockaddr *bindaddr, socklen_t bindaddr_len, int *socket_error)
Definition: connection.c:2179
void connection_mark_all_noncontrol_connections(void)
Definition: connection.c:3365
dir_connection_t * dir_connection_new(int socket_family)
Definition: connection.c:559
void log_failed_proxy_connection(connection_t *conn)
Definition: connection.c:5874
void connection_write_bw_exhausted(connection_t *conn, bool is_global_bw)
Definition: connection.c:3761
static const char * connection_proxy_state_to_string(int state)
Definition: connection.c:2530
void connection_about_to_close_connection(connection_t *conn)
Definition: connection.c:1020
STATIC void kill_conn_list_for_oos(smartlist_t *conns)
Definition: connection.c:5497
#define CONN_IS_CLOSED(c)
Definition: connection.c:1043
static int reenable_blocked_connections_is_scheduled
Definition: connection.c:3912
static const char * proxy_type_to_string(int proxy_type)
Definition: connection.c:5894
void connection_free_(connection_t *conn)
Definition: connection.c:968
listener_connection_t * TO_LISTENER_CONN(connection_t *c)
Definition: connection.c:236
static void reenable_blocked_connection_schedule(void)
Definition: connection.c:3972
static int connection_socks4_proxy_connect(connection_t *conn)
Definition: connection.c:2645
int connection_state_is_connecting(connection_t *conn)
Definition: connection.c:5073
control_connection_t * control_connection_new(int socket_family)
Definition: connection.c:638
static int connection_socks5_proxy_connect(connection_t *conn)
Definition: connection.c:2724
static int make_socket_reuseable(tor_socket_t sock)
Definition: connection.c:1393
void connection_dir_buf_add(const char *string, size_t len, dir_connection_t *dir_conn, int done)
Definition: connection.c:4804
#define CLIENT_IDLE_TIME_FOR_PRIORITY
Definition: connection.c:3428
static int check_sockaddr_family_match(sa_family_t got, connection_t *listener)
Definition: connection.c:1903
int connection_connect(connection_t *conn, const char *address, const tor_addr_t *addr, uint16_t port, int *socket_error)
Definition: connection.c:2442
void connection_expire_held_open(void)
Definition: connection.c:1171
const char * conn_state_to_string(int type, int state)
Definition: connection.c:304
void connection_check_oos(int n_socks, int failed)
Definition: connection.c:5535
static void connection_bucket_refill_single(connection_t *conn, uint32_t now_ts)
Definition: connection.c:3884
connection_t * connection_get_by_global_id(uint64_t id)
Definition: connection.c:4907
static int check_sockaddr(const struct sockaddr *sa, int len, int level)
Definition: connection.c:1860
Header file for connection.c.
#define CONN_TYPE_METRICS
Definition: connection.h:79
#define CONN_TYPE_OR
Definition: connection.h:44
#define CONN_TYPE_AP_HTTP_CONNECT_LISTENER
Definition: connection.h:75
#define CONN_TYPE_DIR_LISTENER
Definition: connection.h:53
#define CONN_TYPE_OR_LISTENER
Definition: connection.h:41
#define CONN_TYPE_METRICS_LISTENER
Definition: connection.h:77
#define CONN_TYPE_CONTROL_LISTENER
Definition: connection.h:58
#define CONN_TYPE_CONTROL
Definition: connection.h:60
#define CONN_TYPE_EXT_OR
Definition: connection.h:71
#define CONN_TYPE_EXT_OR_LISTENER
Definition: connection.h:73
#define CONN_LOG_PROTECT(conn, stmt)
Definition: connection.h:368
#define MAX_SOCKS5_AUTH_SIZE_TOTAL
Definition: connection.h:215
#define CONN_TYPE_AP
Definition: connection.h:51
#define CONN_TYPE_DIR
Definition: connection.h:55
#define MAX_SOCKS5_AUTH_FIELD_SIZE
Definition: connection.h:211
#define CONN_TYPE_AP_NATD_LISTENER
Definition: connection.h:66
#define LISTENER_STATE_READY
Definition: connection.h:108
#define CONN_TYPE_AP_LISTENER
Definition: connection.h:48
#define CONN_TYPE_AP_DNS_LISTENER
Definition: connection.h:68
#define CONN_TYPE_EXIT
Definition: connection.h:46
#define CONN_TYPE_AP_TRANS_LISTENER
Definition: connection.h:63
const edge_connection_t * CONST_TO_EDGE_CONN(const connection_t *c)
int connection_ap_process_transparent(entry_connection_t *conn)
int connection_edge_finished_connecting(edge_connection_t *edge_conn)
int connection_edge_finished_flushing(edge_connection_t *conn)
void connection_exit_about_to_close(edge_connection_t *edge_conn)
int connection_edge_flushed_some(edge_connection_t *conn)
int connection_edge_reached_eof(edge_connection_t *conn)
int connection_edge_end_errno(edge_connection_t *conn)
void connection_ap_about_to_close(entry_connection_t *entry_conn)
entry_connection_t * TO_ENTRY_CONN(connection_t *c)
edge_connection_t * TO_EDGE_CONN(connection_t *c)
int connection_edge_process_inbuf(edge_connection_t *conn, int package_partial)
Header file for connection_edge.c.
#define AP_CONN_STATE_HTTP_CONNECT_WAIT
#define EXIT_CONN_STATE_CONNECTING
#define AP_CONN_STATE_CONTROLLER_WAIT
#define EXIT_CONN_STATE_OPEN
#define AP_CONN_STATE_SOCKS_WAIT
#define EXIT_CONN_STATE_RESOLVEFAILED
#define AP_CONN_STATE_CONNECT_WAIT
#define AP_CONN_STATE_OPEN
#define EXIT_PURPOSE_CONNECT
#define AP_CONN_STATE_RESOLVE_WAIT
#define AP_CONN_STATE_CIRCUIT_WAIT
#define EXIT_CONN_STATE_RESOLVING
#define AP_CONN_STATE_NATD_WAIT
#define AP_CONN_STATE_RENDDESC_WAIT
#define EXIT_PURPOSE_RESOLVE
void connection_or_event_status(or_connection_t *conn, or_conn_status_event_t tp, int reason)
or_connection_t * TO_OR_CONN(connection_t *c)
int connection_or_reached_eof(or_connection_t *conn)
int connection_tls_continue_handshake(or_connection_t *conn)
void connection_or_notify_error(or_connection_t *conn, int reason, const char *msg)
int connection_or_process_inbuf(or_connection_t *conn)
void connection_or_clear_identity(or_connection_t *conn)
time_t connection_or_client_used(or_connection_t *conn)
int connection_or_finished_flushing(or_connection_t *conn)
void clear_broken_connection_map(int stop_recording)
int connection_tls_start_handshake(or_connection_t *conn, int receiving)
int connection_or_get_num_circuits(or_connection_t *conn)
int connection_or_flushed_some(or_connection_t *conn)
const struct ed25519_public_key_t * connection_or_get_alleged_ed25519_id(const or_connection_t *conn)
void connection_or_close_for_error(or_connection_t *orconn, int flush)
const or_connection_t * CONST_TO_OR_CONN(const connection_t *c)
int connection_or_finished_connecting(or_connection_t *or_conn)
void connection_or_about_to_close(or_connection_t *or_conn)
void connection_or_clear_identity_map(void)
void connection_or_close_normally(or_connection_t *orconn, int flush)
Header file for connection_or.c.
#define CONN_IS_EDGE(x)
#define DIR_CONN_IS_SERVER(conn)
void conn_stats_note_or_conn_bytes(uint64_t conn_id, size_t num_read, size_t num_written, time_t when, bool is_ipv6)
Definition: connstats.c:185
Header for feature/stats/connstats.c.
control_connection_t * TO_CONTROL_CONN(connection_t *c)
Definition: control.c:71
int connection_control_reached_eof(control_connection_t *conn)
Definition: control.c:209
void connection_control_closed(control_connection_t *conn)
Definition: control.c:231
int connection_control_finished_flushing(control_connection_t *conn)
Definition: control.c:201
int connection_control_process_inbuf(control_connection_t *conn)
Definition: control.c:420
Header file for control.c.
#define LOG_FN_CONN(conn, args)
Definition: control.h:33
#define CONTROL_CONN_STATE_OPEN
Definition: control.h:20
#define CONTROL_CONN_STATE_NEEDAUTH
Definition: control.h:23
void control_event_bootstrap_problem(const char *warn, const char *reason, const connection_t *conn, int dowarn)
Controller connection structure.
int control_event_general_status(int severity, const char *format,...)
void control_update_global_event_mask(void)
Header file for control_events.c.
void cpath_assert_layer_ok(const crypt_path_t *cp)
Definition: crypt_path.c:107
Header file for crypt_path.c.
#define HEX_DIGEST_LEN
Definition: crypto_digest.h:35
void ed25519_public_to_base64(char *output, const ed25519_public_key_t *pkey)
Header for crypto_format.c.
void memwipe(void *mem, uint8_t byte, size_t sz)
Definition: crypto_util.c:55
Common functions for cryptographic routines.
#define tor_str_wipe_and_free(str)
Definition: crypto_util.h:28
Compile-time assertions: CTASSERT(expression).
#define DIGEST_LEN
Definition: digest_sizes.h:20
int check_private_dir(const char *dirname, cpd_check_t check, const char *effective_user)
Definition: dir.c:71
unsigned int cpd_check_t
Definition: dir.h:20
Client/server directory connection structure.
bool dirauth_should_reject_requests_under_load(void)
Header for feature/dirauth/dirauth_config.c.
int connection_dir_reached_eof(dir_connection_t *conn)
Definition: dirclient.c:2847
int connection_dir_finished_flushing(dir_connection_t *conn)
Definition: directory.c:515
int connection_dir_finished_connecting(dir_connection_t *conn)
Definition: directory.c:561
int parse_http_response(const char *headers, int *code, time_t *date, compress_method_t *compression, char **reason)
Definition: directory.c:361
dir_connection_t * TO_DIR_CONN(connection_t *c)
Definition: directory.c:89
void connection_dir_about_to_close(dir_connection_t *dir_conn)
Definition: directory.c:486
int connection_dir_process_inbuf(dir_connection_t *conn)
Definition: directory.c:444
Header file for directory.c.
#define DIR_CONN_STATE_CONNECTING
Definition: directory.h:20
#define DIR_CONN_STATE_CLIENT_FINISHED
Definition: directory.h:26
#define DIR_CONN_STATE_CLIENT_READING
Definition: directory.h:24
#define DIR_CONN_STATE_SERVER_WRITING
Definition: directory.h:30
#define DIR_CONN_STATE_SERVER_COMMAND_WAIT
Definition: directory.h:28
#define DIR_PURPOSE_SERVER
Definition: directory.h:60
#define DIR_CONN_STATE_CLIENT_SENDING
Definition: directory.h:22
Header file for dirserv.c.
Header file for dns.c.
void dnsserv_configure_listener(connection_t *conn)
Definition: dnsserv.c:397
Header file for dnsserv.c.
Entry connection structure.
#define ENTRY_TO_EDGE_CONN(c)
void entry_guard_cancel(circuit_guard_state_t **guard_state_p)
Definition: entrynodes.c:2636
CTASSERT(NUMBER_SECOND_GUARDS< 20)
Header file for circuitbuild.c.
char * esc_for_log(const char *s)
Definition: escape.c:30
const char * escaped(const char *s)
Definition: escape.c:126
int connection_ext_or_process_inbuf(or_connection_t *or_conn)
Definition: ext_orport.c:544
int connection_ext_or_start_auth(or_connection_t *or_conn)
Definition: ext_orport.c:640
int connection_ext_or_finished_flushing(or_connection_t *conn)
Definition: ext_orport.c:628
Header for ext_orport.c.
#define EXT_OR_CONN_STATE_AUTH_WAIT_CLIENT_HASH
Definition: ext_orport.h:24
#define EXT_OR_CONN_STATE_OPEN
Definition: ext_orport.h:28
#define EXT_OR_CONN_STATE_MIN_
Definition: ext_orport.h:17
#define EXT_OR_CONN_STATE_FLUSHING
Definition: ext_orport.h:31
#define EXT_OR_CONN_STATE_AUTH_WAIT_CLIENT_NONCE
Definition: ext_orport.h:22
#define EXT_OR_CONN_STATE_AUTH_WAIT_AUTH_TYPE
Definition: ext_orport.h:20
Header file for geoip.c.
void accounting_add_bytes(size_t n_read, size_t n_written, int seconds)
Definition: hibernate.c:331
int accounting_is_enabled(const or_options_t *options)
Definition: hibernate.c:305
Header file for hibernate.c.
Header file containing common data for the whole HS subsystem.
Header file containing circuit and connection identifier data for the whole HS subsystem.
Header for feature/hs/hs_metrics.c.
#define hs_metrics_app_read_bytes(i, port, n)
Definition: hs_metrics.h:52
uint16_t sa_family_t
Definition: inaddr_st.h:77
Listener connection structure.
void tor_log(int severity, log_domain_mask_t domain, const char *format,...)
Definition: log.c:591
#define log_fn(severity, domain, args,...)
Definition: log.h:283
#define log_fn_ratelim(ratelim, severity, domain, args,...)
Definition: log.h:288
#define LD_APP
Definition: log.h:78
#define LD_PROTOCOL
Definition: log.h:72
#define LD_CHANNEL
Definition: log.h:105
#define LD_DIRSERV
Definition: log.h:90
#define LOG_DEBUG
Definition: log.h:42
#define LD_OR
Definition: log.h:92
#define LOG_ERR
Definition: log.h:56
#define LD_FS
Definition: log.h:70
#define LD_BUG
Definition: log.h:86
#define LD_NET
Definition: log.h:66
#define LD_GENERAL
Definition: log.h:62
#define LD_DIR
Definition: log.h:88
#define LOG_NOTICE
Definition: log.h:50
#define LD_CONFIG
Definition: log.h:68
#define LD_CONTROL
Definition: log.h:80
#define LOG_WARN
Definition: log.h:53
#define LOG_INFO
Definition: log.h:45
uint64_t log_domain_mask_t
Definition: logging_types.h:21
#define bool_neq(a, b)
Definition: logic.h:18
void stats_increment_bytes_read_and_written(uint64_t r, uint64_t w)
Definition: mainloop.c:475
void connection_stop_reading(connection_t *conn)
Definition: mainloop.c:601
void connection_stop_reading_from_linked_conn(connection_t *conn)
Definition: mainloop.c:828
int connection_in_array(connection_t *conn)
Definition: mainloop.c:434
void ip_address_changed(int on_client_conn)
Definition: mainloop.c:2318
void connection_unregister_events(connection_t *conn)
Definition: mainloop.c:275
void add_connection_to_closeable_list(connection_t *conn)
Definition: mainloop.c:416
int connection_is_on_closeable_list(connection_t *conn)
Definition: mainloop.c:427
void connection_start_reading(connection_t *conn)
Definition: mainloop.c:623
void update_current_time(time_t now)
Definition: mainloop.c:2226
int connection_is_writing(connection_t *conn)
Definition: mainloop.c:663
int connection_is_reading(const connection_t *conn)
Definition: mainloop.c:500
void connection_start_writing(connection_t *conn)
Definition: mainloop.c:696
smartlist_t * get_connection_array(void)
Definition: mainloop.c:443
int connection_count_moribund(void)
Definition: mainloop.c:862
void connection_stop_writing(connection_t *conn)
Definition: mainloop.c:673
unsigned get_signewnym_epoch(void)
Definition: mainloop.c:1350
Header file for mainloop.c.
#define tor_free(p)
Definition: malloc.h:56
int metrics_connection_process_inbuf(connection_t *conn)
Definition: metrics.c:100
int metrics_connection_reached_eof(connection_t *conn)
Definition: metrics.c:252
int metrics_connection_finished_flushing(connection_t *conn)
Definition: metrics.c:264
Header for feature/metrics/metrics.c.
int net_is_completely_disabled(void)
Definition: netstatus.c:34
void note_user_activity(time_t now)
Definition: netstatus.c:63
Header for netstatus.c.
#define SOCKET_OK(s)
Definition: nettypes.h:39
#define TOR_INVALID_SOCKET
Definition: nettypes.h:41
#define tor_socket_t
Definition: nettypes.h:36
int nodelist_probably_contains_address(const tor_addr_t *addr)
Definition: nodelist.c:548
Header file for nodelist.c.
Master header file for Tor-specific functionality.
#define CELL_PAYLOAD_SIZE
Definition: or.h:520
#define CFG_AUTO_PORT
Definition: or.h:979
#define TO_CONN(c)
Definition: or.h:700
#define MAX_HEADERS_SIZE
Definition: or.h:122
#define DOWNCAST(to, ptr)
Definition: or.h:109
#define RELAY_PAYLOAD_SIZE_MAX
Definition: or.h:567
#define ENTRY_TO_CONN(c)
Definition: or.h:703
#define SESSION_GROUP_FIRST_AUTO
Definition: or.h:972
OR connection structure.
@ TCP_PROXY_PROTOCOL_HAPROXY
Definition: or_options_st.h:54
@ OUTBOUND_ADDR_OR
Definition: or_options_st.h:35
@ OUTBOUND_ADDR_EXIT
Definition: or_options_st.h:31
@ OUTBOUND_ADDR_ANY
Definition: or_options_st.h:45
#define OR_CONN_STATE_SERVER_VERSIONS_WAIT
Definition: orconn_event.h:39
#define OR_CONN_STATE_CONNECTING
Definition: orconn_event.h:31
#define OR_CONN_STATE_PROXY_HANDSHAKING
Definition: orconn_event.h:33
#define OR_CONN_STATE_TLS_HANDSHAKING
Definition: orconn_event.h:36
#define OR_CONN_STATE_OR_HANDSHAKING_V3
Definition: orconn_event.h:43
#define OR_CONN_STATE_OPEN
Definition: orconn_event.h:45
int get_parent_directory(char *fname)
Definition: path.c:195
int reachable_addr_prefer_ipv6_dirport(const or_options_t *options)
Definition: policies.c:512
int reachable_addr_prefer_ipv6_orport(const or_options_t *options)
Definition: policies.c:490
int reachable_addr_use_ipv6(const or_options_t *options)
Definition: policies.c:451
int dir_policy_permits_address(const tor_addr_t *addr)
Definition: policies.c:1054
int socks_policy_permits_address(const tor_addr_t *addr)
Definition: policies.c:1063
Header file for policies.c.
Listener port configuration structure.
int tor_asprintf(char **strp, const char *fmt,...)
Definition: printf.c:75
int tor_snprintf(char *str, size_t size, const char *format,...)
Definition: printf.c:27
int fetch_from_buf_http(buf_t *buf, char **headers_out, size_t max_headerlen, char **body_out, size_t *body_used, size_t max_bodylen, int force_complete)
Definition: proto_http.c:50
Header for proto_http.c.
socks_request_t * socks_request_new(void)
Definition: proto_socks.c:87
int fetch_from_buf_socks_client(buf_t *buf, int state, char **reason)
Definition: proto_socks.c:1019
Header for proto_socks.c.
char * rate_limit_log(ratelim_t *lim, time_t now)
Definition: ratelim.c:42
int errno_to_orconn_end_reason(int e)
Definition: reasons.c:291
Header file for reasons.c.
Header file for relay.c.
Header file for rendcommon.c.
void rep_hist_note_exit_bytes(uint16_t port, size_t num_written, size_t num_read)
Definition: rephist.c:1623
void rep_hist_note_conn_closed(bool from_listener, unsigned int type, int af)
Definition: rephist.c:1733
void rep_hist_note_conn_rejected(unsigned int type, int af)
Definition: rephist.c:1758
void rep_hist_note_conn_opened(bool from_listener, unsigned int type, int af)
Definition: rephist.c:1710
void rep_hist_note_overload(overload_type_t overload)
Definition: rephist.c:541
void rep_hist_note_tcp_exhaustion(void)
Definition: rephist.c:578
Header file for rephist.c.
void resolved_addr_reset_last(int family)
Definition: resolve_addr.c:159
Header file for resolve_addr.c.
uint16_t routerconf_find_or_port(const or_options_t *options, sa_family_t family)
Definition: router.c:1538
void mark_my_descriptor_dirty(const char *reason)
Definition: router.c:2621
uint16_t routerconf_find_dir_port(const or_options_t *options, uint16_t dirport)
Definition: router.c:1643
Router descriptor structure.
Header file for routerlist.c.
int server_mode(const or_options_t *options)
Definition: routermode.c:34
Header file for routermode.c.
Header file for sandbox.c.
#define sandbox_intern_string(s)
Definition: sandbox.h:110
void smartlist_sort(smartlist_t *sl, int(*compare)(const void **a, const void **b))
Definition: smartlist.c:334
void smartlist_add_all(smartlist_t *s1, const smartlist_t *s2)
smartlist_t * smartlist_new(void)
void smartlist_add(smartlist_t *sl, void *element)
void smartlist_clear(smartlist_t *sl)
void smartlist_remove(smartlist_t *sl, const void *element)
#define SMARTLIST_FOREACH_BEGIN(sl, type, var)
#define SMARTLIST_FOREACH(sl, type, var, cmd)
#define SMARTLIST_DEL_CURRENT(sl, var)
tor_socket_t tor_accept_socket_nonblocking(tor_socket_t sockfd, struct sockaddr *addr, socklen_t *len)
Definition: socket.c:366
int tor_close_socket(tor_socket_t s)
Definition: socket.c:217
int get_n_open_sockets(void)
Definition: socket.c:440
void tor_release_socket_ownership(tor_socket_t s)
Definition: socket.c:348
int tor_addr_from_getsockname(struct tor_addr_t *addr_out, tor_socket_t sock)
Definition: socket.c:544
tor_socket_t tor_open_socket_nonblocking(int domain, int type, int protocol)
Definition: socket.c:259
Client request structure.
#define SOCKS_COMMAND_CONNECT
void note_connection(bool inbound, const connection_t *conn)
Definition: status.c:134
Header for status.c.
uint64_t global_identifier
Definition: channel.h:197
time_t timestamp_last_read_allowed
unsigned int proxy_state
Definition: connection_st.h:96
uint8_t state
Definition: connection_st.h:49
struct buf_t * inbuf
unsigned int in_connection_handle_write
Definition: connection_st.h:71
struct event * write_event
uint32_t n_read_conn_bw
unsigned int inbuf_reached_eof
Definition: connection_st.h:64
struct connection_t * linked_conn
unsigned int hold_open_until_flushed
Definition: connection_st.h:61
unsigned int reading_from_linked_conn
Definition: connection_st.h:81
unsigned int type
Definition: connection_st.h:50
struct buf_t * outbuf
unsigned int from_listener
Definition: connection_st.h:93
uint32_t magic
Definition: connection_st.h:46
uint64_t global_identifier
unsigned int read_blocked_on_bw
Definition: connection_st.h:56
unsigned int linked
Definition: connection_st.h:78
uint16_t marked_for_close
uint16_t port
const char * marked_for_close_file
uint32_t n_written_conn_bw
unsigned int linked_conn_is_closed
Definition: connection_st.h:89
unsigned int in_flushed_some
Definition: connection_st.h:68
unsigned int purpose
Definition: connection_st.h:51
tor_socket_t s
unsigned int always_rate_limit_as_remote
Definition: connection_st.h:74
time_t timestamp_created
unsigned int active_on_link
Definition: connection_st.h:86
unsigned int write_blocked_on_bw
Definition: connection_st.h:58
struct event * read_event
time_t timestamp_last_write_allowed
tor_addr_t addr
smartlist_t * ephemeral_onion_services
struct tor_compress_state_t * compress_state
struct circuit_guard_state_t * guard_state
token_bucket_rw_t bucket
unsigned int is_transparent_ap
socks_request_t * socks_request
unsigned int chosen_exit_optional
unsigned int chosen_exit_retries
struct buf_t * pending_optimistic_data
unsigned int socks_prefer_no_auth
unsigned int extended_socks5_codes
ed25519_public_key_t identity_pk
Definition: hs_ident.h:106
uint16_t orig_virtual_port
Definition: hs_ident.h:111
token_bucket_rw_t bucket
channel_tls_t * chan
char identity_digest[DIGEST_LEN]
or_handshake_state_t * handshake_state
tor_addr_port_t canonical_orport
struct tor_tls_t * tls
tor_addr_t Socks4ProxyAddr
uint64_t RelayBandwidthBurst
int ClientPreferIPv6DirPort
tor_addr_t HTTPSProxyAddr
uint16_t Socks4ProxyPort
int TestingEnableConnBwEvent
char * HTTPSProxy
tor_addr_t TCPProxyAddr
int ConnLimit_low_thresh
tcp_proxy_protocol_t TCPProxyProtocol
struct config_line_t * ClientTransportPlugin
uint64_t BandwidthRate
uint64_t ConstrainedSockSize
int TokenBucketRefillInterval
char * Socks5Proxy
char * Socks4Proxy
int ConstrainedSockets
int ClientPreferIPv6ORPort
char * Socks5ProxyUsername
char * Socks5ProxyPassword
int CountPrivateBandwidth
tor_addr_t Socks5ProxyAddr
uint64_t RelayBandwidthRate
tor_addr_t OutboundBindAddresses[OUTBOUND_ADDR_MAX][2]
uint16_t TCPProxyPort
uint16_t Socks5ProxyPort
enum or_options_t::@2 TransProxyType_parsed
char * HTTPSProxyAuthenticator
uint16_t HTTPSProxyPort
uint64_t BandwidthBurst
char unix_addr[FLEXIBLE_ARRAY_MEMBER]
Definition: port_cfg_st.h:38
uint8_t type
Definition: port_cfg_st.h:23
unsigned is_unix_addr
Definition: port_cfg_st.h:24
entry_port_cfg_t entry_cfg
Definition: port_cfg_st.h:32
tor_addr_t addr
Definition: port_cfg_st.h:20
unsigned int has_finished
unsigned int socks_prefer_no_auth
unsigned int socks_use_extended_errors
int socks_version
Definition: transports.h:19
uint16_t port
Definition: transports.h:26
tor_addr_t addr
Definition: transports.h:24
#define STATIC
Definition: testsupport.h:32
#define MOCK_IMPL(rv, funcname, arglist)
Definition: testsupport.h:133
int format_time_interval(char *out, size_t out_len, long interval)
Definition: time_fmt.c:512
int token_bucket_rw_dec(token_bucket_rw_t *bucket, ssize_t n_read, ssize_t n_written)
Definition: token_bucket.c:249
int token_bucket_rw_refill(token_bucket_rw_t *bucket, uint32_t now_ts_stamp)
Definition: token_bucket.c:185
void token_bucket_rw_adjust(token_bucket_rw_t *bucket, uint32_t rate, uint32_t burst)
Definition: token_bucket.c:154
void token_bucket_rw_init(token_bucket_rw_t *bucket, uint32_t rate, uint32_t burst, uint32_t now_ts_stamp)
Definition: token_bucket.c:139
const char * tor_tls_err_to_string(int err)
Definition: tortls.c:142
Headers for tortls.c.
void tor_tls_get_n_raw_bytes(tor_tls_t *tls, size_t *n_read, size_t *n_written)
Definition: tortls_nss.c:611
#define CASE_TOR_TLS_ERROR_ANY
Definition: tortls.h:62
#define CASE_TOR_TLS_ERROR_ANY_NONIO
Definition: tortls.h:53
int tor_tls_get_pending_bytes(tor_tls_t *tls)
Definition: tortls_nss.c:591
void tor_tls_release_socket(tor_tls_t *tls)
Definition: tortls_nss.c:444
char * pt_get_socks_args_for_proxy_addrport(const tor_addr_t *addr, uint16_t port)
Definition: transports.c:1873
Headers for transports.c.
const struct passwd * tor_getpwnam(const char *username)
Definition: userdb.c:70
#define tor_assert_nonfatal_unreached()
Definition: util_bug.h:177
#define tor_assert(expr)
Definition: util_bug.h:103
#define tor_fragile_assert()
Definition: util_bug.h:278
#define IF_BUG_ONCE(cond)
Definition: util_bug.h:254
int strcmp_opt(const char *s1, const char *s2)
Definition: util_string.c:199
int fast_mem_is_zero(const char *mem, size_t len)
Definition: util_string.c:76
int tor_digest_is_zero(const char *digest)
Definition: util_string.c:98
#define ED25519_BASE64_LEN
Definition: x25519_sizes.h:43