Tor  0.4.8.0-alpha-dev
connection_edge.h
Go to the documentation of this file.
1 /* Copyright (c) 2001 Matej Pfajfar.
2  * Copyright (c) 2001-2004, Roger Dingledine.
3  * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson.
4  * Copyright (c) 2007-2021, The Tor Project, Inc. */
5 /* See LICENSE for licensing information */
6 
7 /**
8  * \file connection_edge.h
9  * \brief Header file for connection_edge.c.
10  **/
11 
12 #ifndef TOR_CONNECTION_EDGE_H
13 #define TOR_CONNECTION_EDGE_H
14 
16 
17 #include "feature/hs/hs_service.h"
18 
22 
26 
27 #define EXIT_CONN_STATE_MIN_ 1
28 /** State for an exit connection: waiting for response from DNS farm. */
29 #define EXIT_CONN_STATE_RESOLVING 1
30 /** State for an exit connection: waiting for connect() to finish. */
31 #define EXIT_CONN_STATE_CONNECTING 2
32 /** State for an exit connection: open and ready to transmit data. */
33 #define EXIT_CONN_STATE_OPEN 3
34 /** State for an exit connection: waiting to be removed. */
35 #define EXIT_CONN_STATE_RESOLVEFAILED 4
36 #define EXIT_CONN_STATE_MAX_ 4
37 
38 /* The AP state values must be disjoint from the EXIT state values. */
39 #define AP_CONN_STATE_MIN_ 5
40 /** State for a SOCKS connection: waiting for SOCKS request. */
41 #define AP_CONN_STATE_SOCKS_WAIT 5
42 /** State for a SOCKS connection: got a y.onion URL; waiting to receive
43  * rendezvous descriptor. */
44 #define AP_CONN_STATE_RENDDESC_WAIT 6
45 /** The controller will attach this connection to a circuit; it isn't our
46  * job to do so. */
47 #define AP_CONN_STATE_CONTROLLER_WAIT 7
48 /** State for a SOCKS connection: waiting for a completed circuit. */
49 #define AP_CONN_STATE_CIRCUIT_WAIT 8
50 /** State for a SOCKS connection: sent BEGIN, waiting for CONNECTED. */
51 #define AP_CONN_STATE_CONNECT_WAIT 9
52 /** State for a SOCKS connection: sent RESOLVE, waiting for RESOLVED. */
53 #define AP_CONN_STATE_RESOLVE_WAIT 10
54 /** State for a SOCKS connection: ready to send and receive. */
55 #define AP_CONN_STATE_OPEN 11
56 /** State for a transparent natd connection: waiting for original
57  * destination. */
58 #define AP_CONN_STATE_NATD_WAIT 12
59 /** State for an HTTP tunnel: waiting for an HTTP CONNECT command. */
60 #define AP_CONN_STATE_HTTP_CONNECT_WAIT 13
61 #define AP_CONN_STATE_MAX_ 13
62 
63 #define EXIT_PURPOSE_MIN_ 1
64 /** This exit stream wants to do an ordinary connect. */
65 #define EXIT_PURPOSE_CONNECT 1
66 /** This exit stream wants to do a resolve (either normal or reverse). */
67 #define EXIT_PURPOSE_RESOLVE 2
68 #define EXIT_PURPOSE_MAX_ 2
69 
70 /** True iff the AP_CONN_STATE_* value <b>s</b> means that the corresponding
71  * edge connection is not attached to any circuit. */
72 #define AP_CONN_STATE_IS_UNATTACHED(s) \
73  ((s) <= AP_CONN_STATE_CIRCUIT_WAIT || (s) == AP_CONN_STATE_NATD_WAIT)
74 
75 #define connection_mark_unattached_ap(conn, endreason) \
76  connection_mark_unattached_ap_((conn), (endreason), __LINE__, SHORT_FILE__)
77 
78 /** Possible return values for parse_extended_hostname. */
79 typedef enum hostname_type_t {
80  BAD_HOSTNAME,
81  EXIT_HOSTNAME,
82  NORMAL_HOSTNAME,
83  ONION_V3_HOSTNAME,
85 
87  (entry_connection_t *conn, int endreason,
88  int line, const char *file));
91  int package_partial);
93 int connection_edge_end(edge_connection_t *conn, uint8_t reason);
95 void connection_edge_end_close(edge_connection_t *conn, uint8_t reason);
99 
101 
104 
105 MOCK_DECL(int,
108 
110  char *address, uint16_t port,
111  const char *digest,
112  int session_group,
113  int isolation_flags,
114  int use_begindir, int want_onehop);
116  size_t replylen,
117  int endreason);
119  (entry_connection_t *conn,
120  int answer_type,
121  size_t answer_len,
122  const uint8_t *answer,
123  int ttl,
124  time_t expires));
126  const tor_addr_t *answer,
127  int ttl,
128  time_t expires);
129 
135  const node_t *exit);
138 void connection_ap_attach_pending(int retry);
140  const char *file, int line);
141 #define connection_ap_mark_as_pending_circuit(c) \
142  connection_ap_mark_as_pending_circuit_((c), __FILE__, __LINE__)
145  entry_connection_t *entry_conn);
146 
147 #define CONNECTION_AP_EXPECT_NONPENDING(c) do { \
148  if (ENTRY_TO_CONN(c)->state == AP_CONN_STATE_CIRCUIT_WAIT) { \
149  log_warn(LD_BUG, "At %s:%d: %p was unexpectedly in circuit_wait.", \
150  __FILE__, __LINE__, (c)); \
151  connection_ap_mark_as_non_pending_circuit(c); \
152  } \
153  } while (0)
154 void connection_ap_fail_onehop(const char *failed_digest,
155  cpath_build_state_t *build_state);
158  origin_circuit_t *circ,
159  int reason);
161 
162 int address_is_invalid_destination(const char *address, int client);
163 
165  (entry_connection_t *conn,
166  origin_circuit_t *circ,
167  crypt_path_t *cpath));
169  origin_circuit_t *circ,
170  crypt_path_t *cpath);
171 
172 #if defined(HAVE_NET_IF_H) && defined(HAVE_NET_PFVAR_H)
173 int get_pf_socket(void);
174 #endif
175 
177  const origin_circuit_t *circ);
179  origin_circuit_t *circ,
180  int dry_run);
183 
184 void connection_edge_free_all(void);
185 
186 void connection_ap_warn_and_unmark_if_pending_circ(
187  entry_connection_t *entry_conn,
188  const char *where);
189 
190 /** Lowest value for DNS ttl clipping excluding the random addition. */
191 #define MIN_DNS_TTL (5*60)
192 /** Highest value for DNS ttl clipping excluding the random addition. */
193 #define MAX_DNS_TTL (60*60)
194 /** How long do we keep DNS cache entries before purging them (regardless of
195  * their TTL)? */
196 #define MAX_DNS_ENTRY_AGE (3*60*60)
197 /** How long do we cache/tell clients to cache DNS records when no TTL is
198  * known? */
199 #define DEFAULT_DNS_TTL (30*60)
200 /** How much should we +- each TTL to make it fuzzy with uniform sampling at
201  * exits? The value 4 minutes was chosen so that the lowest possible clip is
202  * 60s. Such low clips were used in the past for all TTLs due to a bug in Tor,
203  * see "The effect of DNS on Tor's Anonymity" by Greschbach et al. In other
204  * words, sampling such low clips is unlikely to cause any breakage at exits.
205  */
206 #define FUZZY_DNS_TTL (4*60)
207 
208 uint32_t clip_dns_ttl(uint32_t ttl);
209 uint32_t clip_dns_fuzzy_ttl(uint32_t ttl);
210 
211 int connection_half_edge_is_valid_data(const smartlist_t *half_conns,
212  streamid_t stream_id);
214  streamid_t stream_id);
216  streamid_t stream_id);
218  streamid_t stream_id);
220  streamid_t stream_id);
221 
223 struct half_edge_t;
224 void half_edge_free_(struct half_edge_t *he);
225 #define half_edge_free(he) \
226  FREE_AND_NULL(half_edge_t, half_edge_free_, (he))
227 
228 /** @name Begin-cell flags
229  *
230  * These flags are used in RELAY_BEGIN cells to change the default behavior
231  * of the cell.
232  *
233  * @{
234  **/
235 /** When this flag is set, the client is willing to get connected to IPv6
236  * addresses */
237 #define BEGIN_FLAG_IPV6_OK (1u<<0)
238 /** When this flag is set, the client DOES NOT support connecting to IPv4
239  * addresses. (The sense of this flag is inverted from IPV6_OK, so that the
240  * old default behavior of Tor is equivalent to having all flags set to 0.)
241  **/
242 #define BEGIN_FLAG_IPV4_NOT_OK (1u<<1)
243 /** When this flag is set, if we find both an IPv4 and an IPv6 address,
244  * we use the IPv6 address. Otherwise we use the IPv4 address. */
245 #define BEGIN_FLAG_IPV6_PREFERRED (1u<<2)
246 /**@}*/
247 
248 #ifdef CONNECTION_EDGE_PRIVATE
249 
250 STATIC bool parse_extended_hostname(char *address, hostname_type_t *type_out);
251 
252 /** A parsed BEGIN or BEGIN_DIR cell */
253 typedef struct begin_cell_t {
254  /** The address the client has asked us to connect to, or NULL if this is
255  * a BEGIN_DIR cell*/
256  char *address;
257  /** The flags specified in the BEGIN cell's body. One or more of
258  * BEGIN_FLAG_*. */
259  uint32_t flags;
260  /** The client's requested port. */
261  uint16_t port;
262  /** The client's requested Stream ID */
263  uint16_t stream_id;
264  /** True iff this is a BEGIN_DIR cell. */
265  unsigned is_begindir : 1;
266 } begin_cell_t;
267 
268 STATIC int begin_cell_parse(const cell_t *cell, begin_cell_t *bcell,
269  uint8_t *end_reason_out);
270 STATIC int connected_cell_format_payload(uint8_t *payload_out,
271  const tor_addr_t *addr,
272  uint32_t ttl);
273 
274 typedef struct {
275  /** Original address, after we lowercased it but before we started
276  * mapping it.
277  */
278  char orig_address[MAX_SOCKS_ADDR_LEN];
279  /** True iff the address has been automatically remapped to a local
280  * address in VirtualAddrNetwork. (Only set true when we do a resolve
281  * and get a virtual address; not when we connect to the address.) */
282  int automap;
283  /** If this connection has a .exit address, who put it there? */
284  addressmap_entry_source_t exit_source;
285  /** If we've rewritten the address, when does this map expire? */
286  time_t map_expires;
287  /** If we should close the connection, this is the end_reason to pass
288  * to connection_mark_unattached_ap */
289  int end_reason;
290  /** True iff we should close the connection, either because of error or
291  * because of successful early RESOLVED reply. */
292  int should_close;
293 } rewrite_result_t;
294 
295 STATIC void connection_ap_handshake_rewrite(entry_connection_t *conn,
296  rewrite_result_t *out);
297 
299 STATIC void export_hs_client_circuit_id(edge_connection_t *edge_conn,
300  hs_circuit_id_protocol_t protocol);
301 
302 struct half_edge_t;
304  origin_circuit_t *circ);
306  const smartlist_t *half_conns,
308 #endif /* defined(CONNECTION_EDGE_PRIVATE) */
309 
310 #endif /* !defined(TOR_CONNECTION_EDGE_H) */
STATIC int connection_ap_process_http_connect(entry_connection_t *conn)
STATIC int connected_cell_format_payload(uint8_t *payload_out, const tor_addr_t *addr, uint32_t ttl)
STATIC bool parse_extended_hostname(char *address, hostname_type_t *type_out)
STATIC int begin_cell_parse(const cell_t *cell, begin_cell_t *bcell, uint8_t *end_reason_out)
STATIC void connection_half_edge_add(const edge_connection_t *conn, origin_circuit_t *circ)
STATIC half_edge_t * connection_half_edge_find_stream_id(const smartlist_t *half_conns, streamid_t stream_id)
int connection_edge_compatible_with_circuit(const entry_connection_t *conn, const origin_circuit_t *circ)
int connection_ap_handshake_rewrite_and_attach(entry_connection_t *conn, origin_circuit_t *circ, crypt_path_t *cpath)
entry_connection_t * EDGE_TO_ENTRY_CONN(edge_connection_t *)
int connection_half_edge_is_valid_data(const smartlist_t *half_conns, streamid_t stream_id)
void connection_ap_mark_as_waiting_for_renddesc(entry_connection_t *entry_conn)
const entry_connection_t * CONST_EDGE_TO_ENTRY_CONN(const edge_connection_t *)
void connection_mark_unattached_ap_(entry_connection_t *conn, int endreason, int line, const char *file)
void connection_ap_about_to_close(entry_connection_t *edge_conn)
const edge_connection_t * CONST_TO_EDGE_CONN(const connection_t *)
void connection_edge_free_all(void)
void connection_ap_mark_as_pending_circuit_(entry_connection_t *entry_conn, const char *file, int line)
void connection_ap_mark_as_non_pending_circuit(entry_connection_t *entry_conn)
int connection_ap_rewrite_and_attach_if_allowed(entry_connection_t *conn, origin_circuit_t *circ, crypt_path_t *cpath)
uint32_t clip_dns_fuzzy_ttl(uint32_t ttl)
entry_connection_t * connection_ap_make_link(connection_t *partner, char *address, uint16_t port, const char *digest, int session_group, int isolation_flags, int use_begindir, int want_onehop)
void connection_ap_expire_beginning(void)
void connection_ap_fail_onehop(const char *failed_digest, cpath_build_state_t *build_state)
int connection_ap_detach_retriable(entry_connection_t *conn, origin_circuit_t *circ, int reason)
void connection_ap_rescan_and_attach_pending(void)
int connection_ap_can_use_exit(const entry_connection_t *conn, const node_t *exit)
int connection_ap_handshake_send_begin(entry_connection_t *ap_conn)
int address_is_invalid_destination(const char *address, int client)
Definition: addressmap.c:1082
void connection_ap_handshake_socks_reply(entry_connection_t *conn, char *reply, size_t replylen, int endreason)
int connection_half_edge_is_valid_end(smartlist_t *half_conns, streamid_t stream_id)
hostname_type_t
uint32_t clip_dns_ttl(uint32_t ttl)
void half_edge_free_(struct half_edge_t *he)
int connection_ap_process_transparent(entry_connection_t *conn)
void connection_edge_end_close(edge_connection_t *conn, uint8_t reason)
int connection_edge_destroy(circid_t circ_id, edge_connection_t *conn)
int connection_edge_finished_flushing(edge_connection_t *conn)
void circuit_clear_isolation(origin_circuit_t *circ)
int connection_exit_begin_resolve(cell_t *cell, or_circuit_t *circ)
void connection_exit_about_to_close(edge_connection_t *edge_conn)
int connection_half_edge_is_valid_connected(const smartlist_t *half_conns, streamid_t stream_id)
int connection_edge_flushed_some(edge_connection_t *conn)
edge_connection_t * TO_EDGE_CONN(connection_t *)
const entry_connection_t * CONST_TO_ENTRY_CONN(const connection_t *)
int connection_ap_handshake_send_resolve(entry_connection_t *ap_conn)
void connection_ap_handshake_socks_resolved_addr(entry_connection_t *conn, const tor_addr_t *answer, int ttl, time_t expires)
int connection_edge_update_circuit_isolation(const entry_connection_t *conn, origin_circuit_t *circ, int dry_run)
int connection_edge_reached_eof(edge_connection_t *conn)
int connection_half_edge_is_valid_resolved(smartlist_t *half_conns, streamid_t stream_id)
int connection_edge_finished_connecting(edge_connection_t *conn)
int connection_edge_end_errno(edge_connection_t *conn)
int connection_edge_end(edge_connection_t *conn, uint8_t reason)
void connection_ap_attach_pending(int retry)
size_t half_streams_get_total_allocation(void)
int connection_half_edge_is_valid_sendme(const smartlist_t *half_conns, streamid_t stream_id)
int connection_edge_is_rendezvous_stream(const edge_connection_t *conn)
void connection_ap_handshake_socks_resolved(entry_connection_t *conn, int answer_type, size_t answer_len, const uint8_t *answer, int ttl, time_t expires)
entry_connection_t * TO_ENTRY_CONN(connection_t *)
int connection_exit_begin_conn(cell_t *cell, circuit_t *circ)
void connection_entry_set_controller_wait(entry_connection_t *conn)
streamid_t get_unique_stream_id_by_circ(origin_circuit_t *circ)
void circuit_discard_optional_exit_enclaves(extend_info_t *info)
void connection_exit_connect(edge_connection_t *conn)
int connection_edge_process_inbuf(edge_connection_t *conn, int package_partial)
Header file containing service data for the HS subsystem.
hs_circuit_id_protocol_t
Definition: hs_service.h:194
addressmap_entry_source_t
Definition: or.h:906
uint32_t circid_t
Definition: or.h:488
uint16_t streamid_t
Definition: or.h:490
Definition: cell_st.h:17
streamid_t stream_id
Definition: half_edge_st.h:24
Definition: node_st.h:34
Macros to implement mocking and selective exposure for the test code.
#define STATIC
Definition: testsupport.h:32
#define MOCK_DECL(rv, funcname, arglist)
Definition: testsupport.h:127