Tor 0.4.9.0-alpha-dev
connection_edge.h
Go to the documentation of this file.
1/* Copyright (c) 2001 Matej Pfajfar.
2 * Copyright (c) 2001-2004, Roger Dingledine.
3 * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson.
4 * Copyright (c) 2007-2021, The Tor Project, Inc. */
5/* See LICENSE for licensing information */
6
7/**
8 * \file connection_edge.h
9 * \brief Header file for connection_edge.c.
10 **/
11
12#ifndef TOR_CONNECTION_EDGE_H
13#define TOR_CONNECTION_EDGE_H
14
17
19
23
27
28#define EXIT_CONN_STATE_MIN_ 1
29/** State for an exit connection: waiting for response from DNS farm. */
30#define EXIT_CONN_STATE_RESOLVING 1
31/** State for an exit connection: waiting for connect() to finish. */
32#define EXIT_CONN_STATE_CONNECTING 2
33/** State for an exit connection: open and ready to transmit data. */
34#define EXIT_CONN_STATE_OPEN 3
35/** State for an exit connection: waiting to be removed. */
36#define EXIT_CONN_STATE_RESOLVEFAILED 4
37#define EXIT_CONN_STATE_MAX_ 4
38
39/* The AP state values must be disjoint from the EXIT state values. */
40#define AP_CONN_STATE_MIN_ 5
41/** State for a SOCKS connection: waiting for SOCKS request. */
42#define AP_CONN_STATE_SOCKS_WAIT 5
43/** State for a SOCKS connection: got a y.onion URL; waiting to receive
44 * rendezvous descriptor. */
45#define AP_CONN_STATE_RENDDESC_WAIT 6
46/** The controller will attach this connection to a circuit; it isn't our
47 * job to do so. */
48#define AP_CONN_STATE_CONTROLLER_WAIT 7
49/** State for a SOCKS connection: waiting for a completed circuit. */
50#define AP_CONN_STATE_CIRCUIT_WAIT 8
51/** State for a SOCKS connection: sent BEGIN, waiting for CONNECTED. */
52#define AP_CONN_STATE_CONNECT_WAIT 9
53/** State for a SOCKS connection: sent RESOLVE, waiting for RESOLVED. */
54#define AP_CONN_STATE_RESOLVE_WAIT 10
55/** State for a SOCKS connection: ready to send and receive. */
56#define AP_CONN_STATE_OPEN 11
57/** State for a transparent natd connection: waiting for original
58 * destination. */
59#define AP_CONN_STATE_NATD_WAIT 12
60/** State for an HTTP tunnel: waiting for an HTTP CONNECT command. */
61#define AP_CONN_STATE_HTTP_CONNECT_WAIT 13
62#define AP_CONN_STATE_MAX_ 13
63
64#define EXIT_PURPOSE_MIN_ 1
65/** This exit stream wants to do an ordinary connect. */
66#define EXIT_PURPOSE_CONNECT 1
67/** This exit stream wants to do a resolve (either normal or reverse). */
68#define EXIT_PURPOSE_RESOLVE 2
69#define EXIT_PURPOSE_MAX_ 2
70
71/** True iff the AP_CONN_STATE_* value <b>s</b> means that the corresponding
72 * edge connection is not attached to any circuit. */
73#define AP_CONN_STATE_IS_UNATTACHED(s) \
74 ((s) <= AP_CONN_STATE_CIRCUIT_WAIT || (s) == AP_CONN_STATE_NATD_WAIT)
75
76#define connection_mark_unattached_ap(conn, endreason) \
77 connection_mark_unattached_ap_((conn), (endreason), __LINE__, SHORT_FILE__)
78
79/** Possible return values for parse_extended_hostname. */
80typedef enum hostname_type_t {
81 BAD_HOSTNAME,
82 EXIT_HOSTNAME,
83 NORMAL_HOSTNAME,
84 ONION_V3_HOSTNAME,
86
88 (entry_connection_t *conn, int endreason,
89 int line, const char *file));
92 int package_partial);
94int connection_edge_end(edge_connection_t *conn, uint8_t reason);
96void connection_edge_end_close(edge_connection_t *conn, uint8_t reason);
100
102
105void connection_reapply_exit_policy(config_line_t *changes);
106
107MOCK_DECL(int,
110
112 char *address, uint16_t port,
113 const char *digest,
114 int session_group,
115 int isolation_flags,
116 int use_begindir, int want_onehop);
118 size_t replylen,
119 int endreason);
121 (entry_connection_t *conn,
122 int answer_type,
123 size_t answer_len,
124 const uint8_t *answer,
125 int ttl,
126 time_t expires));
128 const tor_addr_t *answer,
129 int ttl,
130 time_t expires);
131
137 const node_t *exit);
140void connection_ap_attach_pending(int retry);
142 const char *file, int line);
143#define connection_ap_mark_as_pending_circuit(c) \
144 connection_ap_mark_as_pending_circuit_((c), __FILE__, __LINE__)
147 entry_connection_t *entry_conn);
148
149#define CONNECTION_AP_EXPECT_NONPENDING(c) do { \
150 if (ENTRY_TO_CONN(c)->state == AP_CONN_STATE_CIRCUIT_WAIT) { \
151 log_warn(LD_BUG, "At %s:%d: %p was unexpectedly in circuit_wait.", \
152 __FILE__, __LINE__, (c)); \
153 connection_ap_mark_as_non_pending_circuit(c); \
154 } \
155 } while (0)
156void connection_ap_fail_onehop(const char *failed_digest,
157 cpath_build_state_t *build_state);
160 origin_circuit_t *circ,
161 int reason);
163
164int address_is_invalid_destination(const char *address, int client);
165
167 (entry_connection_t *conn,
168 origin_circuit_t *circ,
169 crypt_path_t *cpath));
171 origin_circuit_t *circ,
172 crypt_path_t *cpath);
173
174#if defined(HAVE_NET_IF_H) && defined(HAVE_NET_PFVAR_H)
175int get_pf_socket(void);
176#endif
177
179 const origin_circuit_t *circ);
181 origin_circuit_t *circ,
182 int dry_run);
185
186void connection_edge_free_all(void);
187
188void connection_ap_warn_and_unmark_if_pending_circ(
189 entry_connection_t *entry_conn,
190 const char *where);
191
192/** Lowest value for DNS ttl clipping excluding the random addition. */
193#define MIN_DNS_TTL (5*60)
194/** Highest value for DNS ttl clipping excluding the random addition. */
195#define MAX_DNS_TTL (60*60)
196/** How long do we keep DNS cache entries before purging them (regardless of
197 * their TTL)? */
198#define MAX_DNS_ENTRY_AGE (3*60*60)
199/** How long do we cache/tell clients to cache DNS records when no TTL is
200 * known? */
201#define DEFAULT_DNS_TTL (30*60)
202/** How much should we +- each TTL to make it fuzzy with uniform sampling at
203 * exits? The value 4 minutes was chosen so that the lowest possible clip is
204 * 60s. Such low clips were used in the past for all TTLs due to a bug in Tor,
205 * see "The effect of DNS on Tor's Anonymity" by Greschbach et al. In other
206 * words, sampling such low clips is unlikely to cause any breakage at exits.
207 */
208#define FUZZY_DNS_TTL (4*60)
209
210uint32_t clip_dns_ttl(uint32_t ttl);
211uint32_t clip_dns_fuzzy_ttl(uint32_t ttl);
212
214 streamid_t stream_id);
216 streamid_t stream_id);
218 streamid_t stream_id);
220 streamid_t stream_id);
222 streamid_t stream_id);
224
226struct half_edge_t;
227void half_edge_free_(struct half_edge_t *he);
228#define half_edge_free(he) \
229 FREE_AND_NULL(half_edge_t, half_edge_free_, (he))
230
231/** @name Begin-cell flags
232 *
233 * These flags are used in RELAY_BEGIN cells to change the default behavior
234 * of the cell.
235 *
236 * @{
237 **/
238/** When this flag is set, the client is willing to get connected to IPv6
239 * addresses */
240#define BEGIN_FLAG_IPV6_OK (1u<<0)
241/** When this flag is set, the client DOES NOT support connecting to IPv4
242 * addresses. (The sense of this flag is inverted from IPV6_OK, so that the
243 * old default behavior of Tor is equivalent to having all flags set to 0.)
244 **/
245#define BEGIN_FLAG_IPV4_NOT_OK (1u<<1)
246/** When this flag is set, if we find both an IPv4 and an IPv6 address,
247 * we use the IPv6 address. Otherwise we use the IPv4 address. */
248#define BEGIN_FLAG_IPV6_PREFERRED (1u<<2)
249/**@}*/
250
251#ifdef CONNECTION_EDGE_PRIVATE
252
253STATIC bool parse_extended_hostname(char *address, hostname_type_t *type_out);
254
255/** A parsed BEGIN or BEGIN_DIR cell */
256typedef struct begin_cell_t {
257 /** The address the client has asked us to connect to, or NULL if this is
258 * a BEGIN_DIR cell*/
259 char *address;
260 /** The flags specified in the BEGIN cell's body. One or more of
261 * BEGIN_FLAG_*. */
262 uint32_t flags;
263 /** The client's requested port. */
264 uint16_t port;
265 /** The client's requested Stream ID */
266 uint16_t stream_id;
267 /** True iff this is a BEGIN_DIR cell. */
268 unsigned is_begindir : 1;
269} begin_cell_t;
270
271STATIC int begin_cell_parse(const cell_t *cell, begin_cell_t *bcell,
272 uint8_t *end_reason_out);
273STATIC int connected_cell_format_payload(uint8_t *payload_out,
274 const tor_addr_t *addr,
275 uint32_t ttl);
276
277typedef struct {
278 /** Original address, after we lowercased it but before we started
279 * mapping it.
280 */
281 char orig_address[MAX_SOCKS_ADDR_LEN];
282 /** True iff the address has been automatically remapped to a local
283 * address in VirtualAddrNetwork. (Only set true when we do a resolve
284 * and get a virtual address; not when we connect to the address.) */
285 int automap;
286 /** If this connection has a .exit address, who put it there? */
287 addressmap_entry_source_t exit_source;
288 /** If we've rewritten the address, when does this map expire? */
289 time_t map_expires;
290 /** If we should close the connection, this is the end_reason to pass
291 * to connection_mark_unattached_ap */
292 int end_reason;
293 /** True iff we should close the connection, either because of error or
294 * because of successful early RESOLVED reply. */
295 int should_close;
296} rewrite_result_t;
297
298STATIC void connection_ap_handshake_rewrite(entry_connection_t *conn,
299 rewrite_result_t *out);
300
302STATIC void export_hs_client_circuit_id(edge_connection_t *edge_conn,
303 hs_circuit_id_protocol_t protocol);
304
305struct half_edge_t;
307 origin_circuit_t *circ);
309 const smartlist_t *half_conns,
311#endif /* defined(CONNECTION_EDGE_PRIVATE) */
312
313#endif /* !defined(TOR_CONNECTION_EDGE_H) */
Header for confline.c.
STATIC int connection_ap_process_http_connect(entry_connection_t *conn)
STATIC int connected_cell_format_payload(uint8_t *payload_out, const tor_addr_t *addr, uint32_t ttl)
STATIC bool parse_extended_hostname(char *address, hostname_type_t *type_out)
STATIC int begin_cell_parse(const cell_t *cell, begin_cell_t *bcell, uint8_t *end_reason_out)
STATIC void connection_half_edge_add(const edge_connection_t *conn, origin_circuit_t *circ)
STATIC half_edge_t * connection_half_edge_find_stream_id(const smartlist_t *half_conns, streamid_t stream_id)
int connection_edge_compatible_with_circuit(const entry_connection_t *conn, const origin_circuit_t *circ)
int connection_ap_handshake_rewrite_and_attach(entry_connection_t *conn, origin_circuit_t *circ, crypt_path_t *cpath)
int connection_half_edge_is_valid_data(const smartlist_t *half_conns, streamid_t stream_id)
const entry_connection_t * CONST_TO_ENTRY_CONN(const connection_t *)
void connection_ap_mark_as_waiting_for_renddesc(entry_connection_t *entry_conn)
edge_connection_t * TO_EDGE_CONN(connection_t *)
void connection_mark_unattached_ap_(entry_connection_t *conn, int endreason, int line, const char *file)
void connection_ap_about_to_close(entry_connection_t *edge_conn)
const entry_connection_t * CONST_EDGE_TO_ENTRY_CONN(const edge_connection_t *)
void connection_edge_free_all(void)
void connection_ap_mark_as_pending_circuit_(entry_connection_t *entry_conn, const char *file, int line)
void connection_ap_mark_as_non_pending_circuit(entry_connection_t *entry_conn)
int connection_ap_rewrite_and_attach_if_allowed(entry_connection_t *conn, origin_circuit_t *circ, crypt_path_t *cpath)
uint32_t clip_dns_fuzzy_ttl(uint32_t ttl)
entry_connection_t * connection_ap_make_link(connection_t *partner, char *address, uint16_t port, const char *digest, int session_group, int isolation_flags, int use_begindir, int want_onehop)
void connection_ap_expire_beginning(void)
void connection_ap_fail_onehop(const char *failed_digest, cpath_build_state_t *build_state)
int connection_ap_detach_retriable(entry_connection_t *conn, origin_circuit_t *circ, int reason)
void connection_ap_rescan_and_attach_pending(void)
int connection_ap_can_use_exit(const entry_connection_t *conn, const node_t *exit)
int connection_ap_handshake_send_begin(entry_connection_t *ap_conn)
int address_is_invalid_destination(const char *address, int client)
Definition: addressmap.c:1082
void connection_ap_handshake_socks_reply(entry_connection_t *conn, char *reply, size_t replylen, int endreason)
int connection_half_edge_is_valid_end(smartlist_t *half_conns, streamid_t stream_id)
hostname_type_t
uint32_t clip_dns_ttl(uint32_t ttl)
bool connection_half_edges_waiting(const origin_circuit_t *circ)
void half_edge_free_(struct half_edge_t *he)
int connection_ap_process_transparent(entry_connection_t *conn)
void connection_edge_end_close(edge_connection_t *conn, uint8_t reason)
int connection_edge_destroy(circid_t circ_id, edge_connection_t *conn)
int connection_edge_finished_flushing(edge_connection_t *conn)
void circuit_clear_isolation(origin_circuit_t *circ)
int connection_exit_begin_resolve(cell_t *cell, or_circuit_t *circ)
void connection_exit_about_to_close(edge_connection_t *edge_conn)
int connection_half_edge_is_valid_connected(const smartlist_t *half_conns, streamid_t stream_id)
int connection_edge_flushed_some(edge_connection_t *conn)
int connection_ap_handshake_send_resolve(entry_connection_t *ap_conn)
void connection_ap_handshake_socks_resolved_addr(entry_connection_t *conn, const tor_addr_t *answer, int ttl, time_t expires)
int connection_edge_update_circuit_isolation(const entry_connection_t *conn, origin_circuit_t *circ, int dry_run)
int connection_edge_reached_eof(edge_connection_t *conn)
entry_connection_t * TO_ENTRY_CONN(connection_t *)
int connection_half_edge_is_valid_resolved(smartlist_t *half_conns, streamid_t stream_id)
int connection_edge_finished_connecting(edge_connection_t *conn)
int connection_edge_end_errno(edge_connection_t *conn)
int connection_edge_end(edge_connection_t *conn, uint8_t reason)
void connection_ap_attach_pending(int retry)
size_t half_streams_get_total_allocation(void)
int connection_half_edge_is_valid_sendme(const smartlist_t *half_conns, streamid_t stream_id)
int connection_edge_is_rendezvous_stream(const edge_connection_t *conn)
entry_connection_t * EDGE_TO_ENTRY_CONN(edge_connection_t *)
void connection_ap_handshake_socks_resolved(entry_connection_t *conn, int answer_type, size_t answer_len, const uint8_t *answer, int ttl, time_t expires)
int connection_exit_begin_conn(cell_t *cell, circuit_t *circ)
void connection_entry_set_controller_wait(entry_connection_t *conn)
streamid_t get_unique_stream_id_by_circ(origin_circuit_t *circ)
const edge_connection_t * CONST_TO_EDGE_CONN(const connection_t *)
void circuit_discard_optional_exit_enclaves(extend_info_t *info)
void connection_exit_connect(edge_connection_t *conn)
int connection_edge_process_inbuf(edge_connection_t *conn, int package_partial)
Header file containing service data for the HS subsystem.
hs_circuit_id_protocol_t
Definition: hs_service.h:203
addressmap_entry_source_t
Definition: or.h:918
uint32_t circid_t
Definition: or.h:497
uint16_t streamid_t
Definition: or.h:499
Definition: cell_st.h:17
streamid_t stream_id
Definition: half_edge_st.h:24
Definition: node_st.h:34
Macros to implement mocking and selective exposure for the test code.
#define STATIC
Definition: testsupport.h:32
#define MOCK_DECL(rv, funcname, arglist)
Definition: testsupport.h:127