Tor 0.4.9.2-alpha-dev
All Data Structures Files Functions Variables Typedefs Enumerations Enumerator Macros Modules Pages
connection_or.c
Go to the documentation of this file.
1/* Copyright (c) 2001 Matej Pfajfar.
2 * Copyright (c) 2001-2004, Roger Dingledine.
3 * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson.
4 * Copyright (c) 2007-2021, The Tor Project, Inc. */
5/* See LICENSE for licensing information */
6
7/**
8 * \file connection_or.c
9 * \brief Functions to handle OR connections, TLS handshaking, and
10 * cells on the network.
11 *
12 * An or_connection_t is a subtype of connection_t (as implemented in
13 * connection.c) that uses a TLS connection to send and receive cells on the
14 * Tor network. (By sending and receiving cells connection_or.c, it cooperates
15 * with channeltls.c to implement a the channel interface of channel.c.)
16 *
17 * Every OR connection has an underlying tortls_t object (as implemented in
18 * tortls.c) which it uses as its TLS stream. It is responsible for
19 * sending and receiving cells over that TLS.
20 *
21 * This module also implements the client side of the v3 (and greater) Tor
22 * link handshake.
23 **/
24#include "core/or/or.h"
26#include "lib/buf/buffers.h"
27/*
28 * Define this so we get channel internal functions, since we're implementing
29 * part of a subclass (channel_tls_t).
30 */
31#define CHANNEL_OBJECT_PRIVATE
32#define CONNECTION_OR_PRIVATE
33#define ORCONN_EVENT_PRIVATE
34#include "core/or/channel.h"
35#include "core/or/channeltls.h"
37#include "core/or/circuitlist.h"
39#include "core/or/command.h"
40#include "app/config/config.h"
48#include "lib/geoip/geoip.h"
50#include "trunnel/netinfo.h"
55#include "core/or/reasons.h"
56#include "core/or/relay.h"
65#include "core/or/scheduler.h"
67#include "core/or/channelpadding.h"
71
72#include "core/or/cell_st.h"
79#include "core/or/var_cell_st.h"
81
82#include "lib/tls/tortls.h"
83
85
88
89static unsigned int
91static void connection_or_mark_bad_for_new_circs(or_connection_t *or_conn);
92
94 int started_here);
95
96/**************************************************************/
97
98/**
99 * Cast a `connection_t *` to an `or_connection_t *`.
100 *
101 * Exit with an assertion failure if the input is not an `or_connection_t`.
102 **/
105{
106 tor_assert(c->magic == OR_CONNECTION_MAGIC);
107 return DOWNCAST(or_connection_t, c);
108}
109
110/**
111 * Cast a `const connection_t *` to a `const or_connection_t *`.
112 *
113 * Exit with an assertion failure if the input is not an `or_connection_t`.
114 **/
115const or_connection_t *
117{
118 return TO_OR_CONN((connection_t *)c);
119}
120
121/** Clear clear conn->identity_digest and update other data
122 * structures as appropriate.*/
123void
125{
126 tor_assert(conn);
127 memset(conn->identity_digest, 0, DIGEST_LEN);
128}
129
130/** Clear all identities in OR conns.*/
131void
133{
135 SMARTLIST_FOREACH(conns, connection_t *, conn,
136 {
137 if (conn->type == CONN_TYPE_OR) {
138 connection_or_clear_identity(TO_OR_CONN(conn));
139 }
140 });
141}
142
143/** Change conn->identity_digest to digest, and add conn into
144 * the appropriate digest maps.
145 *
146 * NOTE that this function only allows two kinds of transitions: from
147 * unset identity to set identity, and from idempotent re-settings
148 * of the same identity. It's not allowed to clear an identity or to
149 * change an identity. Return 0 on success, and -1 if the transition
150 * is not allowed.
151 **/
152static void
154 const char *rsa_digest,
155 const ed25519_public_key_t *ed_id)
156{
157 channel_t *chan = NULL;
158 tor_assert(conn);
159 tor_assert(rsa_digest);
160
161 if (conn->chan)
162 chan = TLS_CHAN_TO_BASE(conn->chan);
163
164 log_info(LD_HANDSHAKE, "Set identity digest for %s at %p: %s %s.",
166 conn,
167 hex_str(rsa_digest, DIGEST_LEN),
168 ed25519_fmt(ed_id));
169 log_info(LD_HANDSHAKE, " (Previously: %s %s)",
171 chan ? ed25519_fmt(&chan->ed25519_identity) : "<null>");
172
173 const int rsa_id_was_set = ! tor_digest_is_zero(conn->identity_digest);
174 const int ed_id_was_set =
176 const int new_ed_id_is_set =
177 (ed_id && !ed25519_public_key_is_zero(ed_id));
178 const int rsa_changed =
179 tor_memneq(conn->identity_digest, rsa_digest, DIGEST_LEN);
180 const int ed_changed = bool_neq(ed_id_was_set, new_ed_id_is_set) ||
181 (ed_id_was_set && new_ed_id_is_set && chan &&
182 !ed25519_pubkey_eq(ed_id, &chan->ed25519_identity));
183
184 if (BUG(rsa_changed && rsa_id_was_set))
185 return;
186 if (BUG(ed_changed && ed_id_was_set))
187 return;
188
189 if (!rsa_changed && !ed_changed)
190 return;
191
192 /* If the identity was set previously, remove the old mapping. */
193 if (rsa_id_was_set) {
195 if (chan)
197 }
198
199 memcpy(conn->identity_digest, rsa_digest, DIGEST_LEN);
200
201 /* If we're initializing the IDs to zero, don't add a mapping yet. */
202 if (tor_digest_is_zero(rsa_digest) && !new_ed_id_is_set)
203 return;
204
205 /* Deal with channels */
206 if (chan)
207 channel_set_identity_digest(chan, rsa_digest, ed_id);
208}
209
210/**
211 * Return the Ed25519 identity of the peer for this connection (if any).
212 *
213 * Note that this ID may not be the _actual_ identity for the peer if
214 * authentication is not complete.
215 **/
216const struct ed25519_public_key_t *
218{
219 if (conn && conn->chan) {
220 const channel_t *chan = NULL;
221 chan = TLS_CHAN_TO_BASE(conn->chan);
223 return &chan->ed25519_identity;
224 }
225 }
226
227 return NULL;
228}
229
230/**************************************************************/
231
232/** Map from a string describing what a non-open OR connection was doing when
233 * failed, to an intptr_t describing the count of connections that failed that
234 * way. Note that the count is stored _as_ the pointer.
235 */
237
238/** If true, do not record information in <b>broken_connection_counts</b>. */
240
241/** Record that an OR connection failed in <b>state</b>. */
242static void
243note_broken_connection(const char *state)
244{
245 void *ptr;
246 intptr_t val;
248 return;
249
251 broken_connection_counts = strmap_new();
252
253 ptr = strmap_get(broken_connection_counts, state);
254 val = (intptr_t)ptr;
255 val++;
256 ptr = (void*)val;
257 strmap_set(broken_connection_counts, state, ptr);
258}
259
260/** Forget all recorded states for failed connections. If
261 * <b>stop_recording</b> is true, don't record any more. */
262void
264{
266 strmap_free(broken_connection_counts, NULL);
268 if (stop_recording)
270}
271
272/** Write a detailed description the state of <b>orconn</b> into the
273 * <b>buflen</b>-byte buffer at <b>buf</b>. This description includes not
274 * only the OR-conn level state but also the TLS state. It's useful for
275 * diagnosing broken handshakes. */
276static void
278 char *buf, size_t buflen)
279{
280 connection_t *conn = TO_CONN(orconn);
281 const char *conn_state;
282 char tls_state[256];
283
284 tor_assert(conn->type == CONN_TYPE_OR || conn->type == CONN_TYPE_EXT_OR);
285
286 conn_state = conn_state_to_string(conn->type, conn->state);
287 tor_tls_get_state_description(orconn->tls, tls_state, sizeof(tls_state));
288
289 tor_snprintf(buf, buflen, "%s with SSL state %s", conn_state, tls_state);
290}
291
292/** Record the current state of <b>orconn</b> as the state of a broken
293 * connection. */
294static void
296{
297 char buf[256];
299 return;
300 connection_or_get_state_description(orconn, buf, sizeof(buf));
301 log_info(LD_HANDSHAKE,"Connection died in state '%s'", buf);
303}
304
305/** Helper type used to sort connection states and find the most frequent. */
306typedef struct broken_state_count_t {
307 intptr_t count;
308 const char *state;
310
311/** Helper function used to sort broken_state_count_t by frequency. */
312static int
313broken_state_count_compare(const void **a_ptr, const void **b_ptr)
314{
315 const broken_state_count_t *a = *a_ptr, *b = *b_ptr;
316 if (b->count < a->count)
317 return -1;
318 else if (b->count == a->count)
319 return 0;
320 else
321 return 1;
322}
323
324/** Upper limit on the number of different states to report for connection
325 * failure. */
326#define MAX_REASONS_TO_REPORT 10
327
328/** Report a list of the top states for failed OR connections at log level
329 * <b>severity</b>, in log domain <b>domain</b>. */
330void
331connection_or_report_broken_states(int severity, int domain)
332{
333 int total = 0;
334 smartlist_t *items;
335
337 return;
338
339 items = smartlist_new();
340 STRMAP_FOREACH(broken_connection_counts, state, void *, countptr) {
341 broken_state_count_t *c = tor_malloc(sizeof(broken_state_count_t));
342 c->count = (intptr_t)countptr;
343 total += (int)c->count;
344 c->state = state;
345 smartlist_add(items, c);
346 } STRMAP_FOREACH_END;
347
349
350 tor_log(severity, domain, "%d connections have failed%s", total,
351 smartlist_len(items) > MAX_REASONS_TO_REPORT ? ". Top reasons:" : ":");
352
354 if (c_sl_idx > MAX_REASONS_TO_REPORT)
355 break;
356 tor_log(severity, domain,
357 " %d connections died in state %s", (int)c->count, c->state);
358 } SMARTLIST_FOREACH_END(c);
359
361 smartlist_free(items);
362}
363
364/**
365 * Helper function to publish an OR connection status event
366 *
367 * Publishes a messages to subscribers of ORCONN messages, and sends
368 * the control event.
369 **/
370void
372 int reason)
373{
374 orconn_status_msg_t *msg = tor_malloc(sizeof(*msg));
375
376 msg->gid = conn->base_.global_identifier;
377 msg->status = tp;
378 msg->reason = reason;
379 orconn_status_publish(msg);
380 control_event_or_conn_status(conn, tp, reason);
381}
382
383/**
384 * Helper function to publish a state change message
385 *
386 * connection_or_change_state() calls this to notify subscribers about
387 * a change of an OR connection state.
388 **/
389static void
391{
392 orconn_state_msg_t *msg = tor_malloc(sizeof(*msg));
393
394 msg->gid = conn->base_.global_identifier;
395 if (conn->is_pt) {
396 /* Do extra decoding because conn->proxy_type indicates the proxy
397 * protocol that tor uses to talk with the transport plugin,
398 * instead of PROXY_PLUGGABLE. */
399 tor_assert_nonfatal(conn->proxy_type != PROXY_NONE);
400 msg->proxy_type = PROXY_PLUGGABLE;
401 } else {
402 msg->proxy_type = conn->proxy_type;
403 }
404 msg->state = state;
405 if (conn->chan) {
406 msg->chan = TLS_CHAN_TO_BASE(conn->chan)->global_identifier;
407 } else {
408 msg->chan = 0;
409 }
410 orconn_state_publish(msg);
411}
412
413/** Call this to change or_connection_t states, so the owning channel_tls_t can
414 * be notified.
415 */
416
417MOCK_IMPL(void,
419{
420 tor_assert(conn);
421
422 conn->base_.state = state;
423
424 connection_or_state_publish(conn, state);
425 if (conn->chan)
427}
428
429/** Return the number of circuits using an or_connection_t; this used to
430 * be an or_connection_t field, but it got moved to channel_t and we
431 * shouldn't maintain two copies. */
432
433MOCK_IMPL(int,
435{
436 tor_assert(conn);
437
438 if (conn->chan) {
439 return channel_num_circuits(TLS_CHAN_TO_BASE(conn->chan));
440 } else return 0;
441}
442
443/**************************************************************/
444
445/** Pack the cell_t host-order structure <b>src</b> into network-order
446 * in the buffer <b>dest</b>. See tor-spec.txt for details about the
447 * wire format.
448 *
449 * Note that this function doesn't touch <b>dst</b>->next: the caller
450 * should set it or clear it as appropriate.
451 */
452void
453cell_pack(packed_cell_t *dst, const cell_t *src, int wide_circ_ids)
454{
455 char *dest = dst->body;
456 if (wide_circ_ids) {
457 set_uint32(dest, htonl(src->circ_id));
458 dest += 4;
459 } else {
460 /* Clear the last two bytes of dest, in case we can accidentally
461 * send them to the network somehow. */
462 memset(dest+CELL_MAX_NETWORK_SIZE-2, 0, 2);
463 set_uint16(dest, htons(src->circ_id));
464 dest += 2;
465 }
466 set_uint8(dest, src->command);
467 memcpy(dest+1, src->payload, CELL_PAYLOAD_SIZE);
468}
469
470/** Unpack the network-order buffer <b>src</b> into a host-order
471 * cell_t structure <b>dest</b>.
472 */
473static void
474cell_unpack(cell_t *dest, const char *src, int wide_circ_ids)
475{
476 if (wide_circ_ids) {
477 dest->circ_id = ntohl(get_uint32(src));
478 src += 4;
479 } else {
480 dest->circ_id = ntohs(get_uint16(src));
481 src += 2;
482 }
483 dest->command = get_uint8(src);
484 memcpy(dest->payload, src+1, CELL_PAYLOAD_SIZE);
485}
486
487/** Write the header of <b>cell</b> into the first VAR_CELL_MAX_HEADER_SIZE
488 * bytes of <b>hdr_out</b>. Returns number of bytes used. */
489int
490var_cell_pack_header(const var_cell_t *cell, char *hdr_out, int wide_circ_ids)
491{
492 int r;
493 if (wide_circ_ids) {
494 set_uint32(hdr_out, htonl(cell->circ_id));
495 hdr_out += 4;
497 } else {
498 set_uint16(hdr_out, htons(cell->circ_id));
499 hdr_out += 2;
501 }
502 set_uint8(hdr_out, cell->command);
503 set_uint16(hdr_out+1, htons(cell->payload_len));
504 return r;
505}
506
507/** Allocate and return a new var_cell_t with <b>payload_len</b> bytes of
508 * payload space. */
510var_cell_new(uint16_t payload_len)
511{
512 size_t size = offsetof(var_cell_t, payload) + payload_len;
513 var_cell_t *cell = tor_malloc_zero(size);
514 cell->payload_len = payload_len;
515 cell->command = 0;
516 cell->circ_id = 0;
517 return cell;
518}
519
520/**
521 * Copy a var_cell_t
522 */
523
526{
527 var_cell_t *copy = NULL;
528 size_t size = 0;
529
530 if (src != NULL) {
531 size = offsetof(var_cell_t, payload) + src->payload_len;
532 copy = tor_malloc_zero(size);
533 copy->payload_len = src->payload_len;
534 copy->command = src->command;
535 copy->circ_id = src->circ_id;
536 memcpy(copy->payload, src->payload, copy->payload_len);
537 }
538
539 return copy;
540}
541
542/** Release all space held by <b>cell</b>. */
543void
545{
546 tor_free(cell);
547}
548
549/** We've received an EOF from <b>conn</b>. Mark it for close and return. */
550int
552{
553 tor_assert(conn);
554
555 log_info(LD_OR,"OR connection reached EOF. Closing.");
557
558 return 0;
559}
560
561/** Handle any new bytes that have come in on connection <b>conn</b>.
562 * If conn is in 'open' state, hand it to
563 * connection_or_process_cells_from_inbuf()
564 * (else do nothing).
565 */
566int
568{
569 int ret = 0;
570 tor_assert(conn);
571
572 switch (conn->base_.state) {
575
576 /* start TLS after handshake completion, or deal with error */
577 if (ret == 1) {
578 tor_assert(TO_CONN(conn)->proxy_state == PROXY_CONNECTED);
579 if (buf_datalen(conn->base_.inbuf) != 0) {
580 log_fn(LOG_PROTOCOL_WARN, LD_NET, "Found leftover (%d bytes) "
581 "when transitioning from PROXY_HANDSHAKING state on %s: "
582 "closing.",
583 (int)buf_datalen(conn->base_.inbuf),
586 return -1;
587 }
588 if (connection_tls_start_handshake(conn, 0) < 0)
589 ret = -1;
590 /* Touch the channel's active timestamp if there is one */
591 if (conn->chan)
592 channel_timestamp_active(TLS_CHAN_TO_BASE(conn->chan));
593 }
594 if (ret < 0) {
596 }
597
598 return ret;
603 default:
604 break; /* don't do anything */
605 }
606
607 /* This check makes sure that we don't have any data on the inbuf if we're
608 * doing our TLS handshake: if we did, they were probably put there by a
609 * SOCKS proxy trying to trick us into accepting unauthenticated data.
610 */
611 if (buf_datalen(conn->base_.inbuf) != 0) {
612 log_fn(LOG_PROTOCOL_WARN, LD_NET, "Accumulated data (%d bytes) "
613 "on non-open %s; closing.",
614 (int)buf_datalen(conn->base_.inbuf),
617 ret = -1;
618 }
619
620 return ret;
621}
622
623/** Called whenever we have flushed some data on an or_conn: add more data
624 * from active circuits. */
625int
627{
628 size_t datalen;
629
630 /* Update the channel's active timestamp if there is one */
631 if (conn->chan)
632 channel_timestamp_active(TLS_CHAN_TO_BASE(conn->chan));
633
634 /* If we're under the low water mark, add cells until we're just over the
635 * high water mark. */
636 datalen = connection_get_outbuf_len(TO_CONN(conn));
637 if (datalen < or_conn_lowwatermark()) {
638 /* Let the scheduler know */
639 scheduler_channel_wants_writes(TLS_CHAN_TO_BASE(conn->chan));
640 }
641
642 return 0;
643}
644
645/** This is for channeltls.c to ask how many cells we could accept if
646 * they were available. */
647ssize_t
649{
650 size_t datalen, cell_network_size;
651 ssize_t n = 0;
652
653 tor_assert(conn);
654
655 /*
656 * If we're under the high water mark, we're potentially
657 * writeable; note this is different from the calculation above
658 * used to trigger when to start writing after we've stopped.
659 */
660 datalen = connection_get_outbuf_len(TO_CONN(conn));
661 if (datalen < or_conn_highwatermark()) {
662 cell_network_size = get_cell_network_size(conn->wide_circ_ids);
663 n = CEIL_DIV(or_conn_highwatermark() - datalen, cell_network_size);
664 }
665
666 return n;
667}
668
669/** Connection <b>conn</b> has finished writing and has no bytes left on
670 * its outbuf.
671 *
672 * Otherwise it's in state "open": stop writing and return.
673 *
674 * If <b>conn</b> is broken, mark it for close and return -1, else
675 * return 0.
676 */
677int
679{
680 tor_assert(conn);
682
683 switch (conn->base_.state) {
685 /* PROXY_HAPROXY gets connected by receiving an ack. */
686 if (conn->proxy_type == PROXY_HAPROXY) {
687 tor_assert(TO_CONN(conn)->proxy_state == PROXY_HAPROXY_WAIT_FOR_FLUSH);
688 IF_BUG_ONCE(buf_datalen(TO_CONN(conn)->inbuf) != 0) {
689 /* This should be impossible; we're not even reading. */
691 return -1;
692 }
693 TO_CONN(conn)->proxy_state = PROXY_CONNECTED;
694
695 if (connection_tls_start_handshake(conn, 0) < 0) {
696 /* TLS handshaking error of some kind. */
698 return -1;
699 }
700 break;
701 }
702 break;
705 break;
706 default:
707 log_err(LD_BUG,"Called in unexpected state %d.", conn->base_.state);
709 return -1;
710 }
711
712 /* Update the channel's active timestamp if there is one */
713 if (conn->chan)
714 channel_timestamp_active(TLS_CHAN_TO_BASE(conn->chan));
715
716 return 0;
717}
718
719/** Connected handler for OR connections: begin the TLS handshake.
720 */
721int
723{
724 const int proxy_type = or_conn->proxy_type;
725 connection_t *conn;
726
727 tor_assert(or_conn);
728 conn = TO_CONN(or_conn);
730
731 log_debug(LD_HANDSHAKE,"connect finished for %s",
732 connection_describe(conn));
733
734 if (proxy_type != PROXY_NONE) {
735 /* start proxy handshake */
736 if (connection_proxy_connect(conn, proxy_type) < 0) {
738 return -1;
739 }
740
743
744 return 0;
745 }
746
747 if (connection_tls_start_handshake(or_conn, 0) < 0) {
748 /* TLS handshaking error of some kind. */
750 return -1;
751 }
752 return 0;
753}
754
755/** Called when we're about to finally unlink and free an OR connection:
756 * perform necessary accounting and cleanup */
757void
759{
760 connection_t *conn = TO_CONN(or_conn);
761
762 /* Tell the controlling channel we're closed */
763 if (or_conn->chan) {
764 channel_closed(TLS_CHAN_TO_BASE(or_conn->chan));
765 /*
766 * NULL this out because the channel might hang around a little
767 * longer before channel_run_cleanup() gets it.
768 */
769 or_conn->chan->conn = NULL;
770 or_conn->chan = NULL;
771 }
772
773 /* Remember why we're closing this connection. */
774 if (conn->state != OR_CONN_STATE_OPEN) {
775 /* now mark things down as needed */
777 const or_options_t *options = get_options();
779 /* Tell the new guard API about the channel failure */
780 entry_guard_chan_failed(TLS_CHAN_TO_BASE(or_conn->chan));
782 int reason = tls_error_to_orconn_end_reason(or_conn->tls_error);
783 connection_or_event_status(or_conn, OR_CONN_EVENT_FAILED,
784 reason);
785 if (!authdir_mode_tests_reachability(options)) {
786 const char *warning = NULL;
787 if (reason == END_OR_CONN_REASON_TLS_ERROR && or_conn->tls) {
788 warning = tor_tls_get_last_error_msg(or_conn->tls);
789 }
790 if (warning == NULL) {
791 warning = orconn_end_reason_to_control_string(reason);
792 }
793 control_event_bootstrap_prob_or(warning, reason, or_conn);
794 }
795 }
796 }
797 } else if (conn->hold_open_until_flushed) {
798 /* We only set hold_open_until_flushed when we're intentionally
799 * closing a connection. */
800 connection_or_event_status(or_conn, OR_CONN_EVENT_CLOSED,
802 } else if (!tor_digest_is_zero(or_conn->identity_digest)) {
803 connection_or_event_status(or_conn, OR_CONN_EVENT_CLOSED,
805 } else {
806 /* Normal close, we notify of a done connection. */
807 connection_or_event_status(or_conn, OR_CONN_EVENT_CLOSED,
808 END_OR_CONN_REASON_DONE);
809 }
810}
811
812/** Return 1 if identity digest <b>id_digest</b> is known to be a
813 * currently or recently running relay. Otherwise return 0. */
814int
816{
818 return 1; /* It's in the consensus: "yes" */
819 if (router_get_by_id_digest(id_digest))
820 return 1; /* Not in the consensus, but we have a descriptor for
821 * it. Probably it was in a recent consensus. "Yes". */
822 return 0;
823}
824
825/** Set the per-conn read and write limits for <b>conn</b>. If it's a known
826 * relay, we will rely on the global read and write buckets, so give it
827 * per-conn limits that are big enough they'll never matter. But if it's
828 * not a known relay, first check if we set PerConnBwRate/Burst, then
829 * check if the consensus sets them, else default to 'big enough'.
830 *
831 * If <b>reset</b> is true, set the bucket to be full. Otherwise, just
832 * clip the bucket if it happens to be <em>too</em> full.
833 */
834static void
836 const or_options_t *options)
837{
838 int rate, burst; /* per-connection rate limiting params */
840 /* It's in the consensus, or we have a descriptor for it meaning it
841 * was probably in a recent consensus. It's a recognized relay:
842 * give it full bandwidth. */
843 rate = (int)options->BandwidthRate;
844 burst = (int)options->BandwidthBurst;
845 } else {
846 /* Not a recognized relay. Squeeze it down based on the suggested
847 * bandwidth parameters in the consensus, but allow local config
848 * options to override. */
849 rate = options->PerConnBWRate ? (int)options->PerConnBWRate :
850 networkstatus_get_param(NULL, "perconnbwrate",
851 (int)options->BandwidthRate, 1, INT32_MAX);
852 burst = options->PerConnBWBurst ? (int)options->PerConnBWBurst :
853 networkstatus_get_param(NULL, "perconnbwburst",
854 (int)options->BandwidthBurst, 1, INT32_MAX);
855 }
856
857 token_bucket_rw_adjust(&conn->bucket, rate, burst);
858 if (reset) {
860 }
861}
862
863/** Either our set of relays or our per-conn rate limits have changed.
864 * Go through all the OR connections and update their token buckets to make
865 * sure they don't exceed their maximum values. */
866void
868 const or_options_t *options)
869{
870 SMARTLIST_FOREACH(conns, connection_t *, conn,
871 {
872 if (connection_speaks_cells(conn))
874 });
875}
876
877/* Mark <b>or_conn</b> as canonical if <b>is_canonical</b> is set, and
878 * non-canonical otherwise. Adjust idle_timeout accordingly.
879 */
880void
881connection_or_set_canonical(or_connection_t *or_conn,
882 int is_canonical)
883{
884 if (bool_eq(is_canonical, or_conn->is_canonical) &&
885 or_conn->idle_timeout != 0) {
886 /* Don't recalculate an existing idle_timeout unless the canonical
887 * status changed. */
888 return;
889 }
890
891 or_conn->is_canonical = !! is_canonical; /* force to a 1-bit boolean */
893 TLS_CHAN_TO_BASE(or_conn->chan), is_canonical);
894
895 log_info(LD_CIRC,
896 "Channel %"PRIu64 " chose an idle timeout of %d.",
897 or_conn->chan ?
898 (TLS_CHAN_TO_BASE(or_conn->chan)->global_identifier):0,
899 or_conn->idle_timeout);
900}
901
902/** If we don't necessarily know the router we're connecting to, but we
903 * have an addr/port/id_digest, then fill in as much as we can. Start
904 * by checking to see if this describes a router we know.
905 * <b>started_here</b> is 1 if we are the initiator of <b>conn</b> and
906 * 0 if it's an incoming connection. */
907void
909 const tor_addr_t *addr, uint16_t port,
910 const char *id_digest,
911 const ed25519_public_key_t *ed_id,
912 int started_here)
913{
914 log_debug(LD_HANDSHAKE, "init conn from address %s: %s, %s (%d)",
915 fmt_addr(addr),
916 hex_str((const char*)id_digest, DIGEST_LEN),
917 ed25519_fmt(ed_id),
918 started_here);
919
920 connection_or_set_identity_digest(conn, id_digest, ed_id);
922
923 conn->base_.port = port;
924 tor_addr_copy(&conn->base_.addr, addr);
925 if (! conn->base_.address) {
926 conn->base_.address = tor_strdup(fmt_addr(addr));
927 }
928
929 connection_or_check_canonicity(conn, started_here);
930}
931
932/** Check whether the identity of <b>conn</b> matches a known node. If it
933 * does, check whether the address of conn matches the expected address, and
934 * update the connection's is_canonical flag, nickname, and address fields as
935 * appropriate. */
936static void
938{
939 (void) started_here;
940
941 const char *id_digest = conn->identity_digest;
942 const ed25519_public_key_t *ed_id = NULL;
943 if (conn->chan)
944 ed_id = & TLS_CHAN_TO_BASE(conn->chan)->ed25519_identity;
945
946 const node_t *r = node_get_by_id(id_digest);
947 if (r &&
949 ! node_ed25519_id_matches(r, ed_id)) {
950 /* If this node is capable of proving an ed25519 ID,
951 * we can't call this a canonical connection unless both IDs match. */
952 r = NULL;
953 }
954
955 if (r) {
956 tor_addr_port_t node_ipv4_ap;
957 tor_addr_port_t node_ipv6_ap;
958 node_get_prim_orport(r, &node_ipv4_ap);
959 node_get_pref_ipv6_orport(r, &node_ipv6_ap);
960 if (tor_addr_eq(&conn->base_.addr, &node_ipv4_ap.addr) ||
961 tor_addr_eq(&conn->base_.addr, &node_ipv6_ap.addr)) {
962 connection_or_set_canonical(conn, 1);
963 }
964 /* Choose the correct canonical address and port. */
965 tor_addr_port_t *node_ap;
966 if (tor_addr_family(&conn->base_.addr) == AF_INET) {
967 node_ap = &node_ipv4_ap;
968 } else {
969 node_ap = &node_ipv6_ap;
970 }
971 /* Remember the canonical addr/port so our log messages will make
972 sense. */
973 tor_addr_port_copy(&conn->canonical_orport, node_ap);
974 tor_free(conn->nickname);
975 conn->nickname = tor_strdup(node_get_nickname(r));
976 } else {
977 tor_free(conn->nickname);
978 conn->nickname = tor_malloc(HEX_DIGEST_LEN+2);
979 conn->nickname[0] = '$';
982 }
983
984 /*
985 * We have to tell channeltls.c to update the channel marks (local, in
986 * particular), since we may have changed the address.
987 */
988
989 if (conn->chan) {
991 }
992}
993
994/** These just pass all the is_bad_for_new_circs manipulation on to
995 * channel_t */
996
997static unsigned int
999{
1000 tor_assert(or_conn);
1001
1002 if (or_conn->chan)
1003 return channel_is_bad_for_new_circs(TLS_CHAN_TO_BASE(or_conn->chan));
1004 else return 0;
1005}
1006
1007static void
1008connection_or_mark_bad_for_new_circs(or_connection_t *or_conn)
1009{
1010 tor_assert(or_conn);
1011
1012 if (or_conn->chan)
1013 channel_mark_bad_for_new_circs(TLS_CHAN_TO_BASE(or_conn->chan));
1014}
1015
1016/** How old do we let a connection to an OR get before deciding it's
1017 * too old for new circuits? */
1018#define TIME_BEFORE_OR_CONN_IS_TOO_OLD (60*60*24*7)
1019
1020/** Expire an or_connection if it is too old. Helper for
1021 * connection_or_group_set_badness_ and fast path for
1022 * channel_rsa_id_group_set_badness.
1023 *
1024 * Returns 1 if the connection was already expired, else 0.
1025 */
1026int
1028 or_connection_t *or_conn,
1029 int force)
1030{
1031 /* XXXX this function should also be about channels? */
1032 if (or_conn->base_.marked_for_close ||
1034 return 1;
1035
1036 if (force ||
1038 < now) {
1039 log_info(LD_OR,
1040 "Marking %s as too old for new circuits "
1041 "(fd "TOR_SOCKET_T_FORMAT", %d secs old).",
1042 connection_describe(TO_CONN(or_conn)),
1043 or_conn->base_.s,
1044 (int)(now - or_conn->base_.timestamp_created));
1045 connection_or_mark_bad_for_new_circs(or_conn);
1046 }
1047
1048 return 0;
1049}
1050
1051/** Given a list of all the or_connections with a given
1052 * identity, set elements of that list as is_bad_for_new_circs as
1053 * appropriate. Helper for connection_or_set_bad_connections().
1054 *
1055 * Specifically, we set the is_bad_for_new_circs flag on:
1056 * - all connections if <b>force</b> is true.
1057 * - all connections that are too old.
1058 * - all open non-canonical connections for which a canonical connection
1059 * exists to the same router.
1060 * - all open canonical connections for which a 'better' canonical
1061 * connection exists to the same router.
1062 * - all open non-canonical connections for which a 'better' non-canonical
1063 * connection exists to the same router at the same address.
1064 *
1065 * See channel_is_better() in channel.c for our idea of what makes one OR
1066 * connection better than another.
1067 */
1068void
1070{
1071 /* XXXX this function should be entirely about channels, not OR
1072 * XXXX connections. */
1073
1074 or_connection_t *best = NULL;
1075 int n_canonical = 0;
1076 time_t now = time(NULL);
1077
1078 /* Pass 1: expire everything that's old, and see what the status of
1079 * everything else is. */
1080 SMARTLIST_FOREACH_BEGIN(group, or_connection_t *, or_conn) {
1081 if (connection_or_single_set_badness_(now, or_conn, force))
1082 continue;
1083
1084 if (or_conn->is_canonical) {
1085 ++n_canonical;
1086 }
1087 } SMARTLIST_FOREACH_END(or_conn);
1088
1089 /* Pass 2: We know how about how good the best connection is.
1090 * expire everything that's worse, and find the very best if we can. */
1091 SMARTLIST_FOREACH_BEGIN(group, or_connection_t *, or_conn) {
1092 if (or_conn->base_.marked_for_close ||
1094 continue; /* This one doesn't need to be marked bad. */
1095 if (or_conn->base_.state != OR_CONN_STATE_OPEN)
1096 continue; /* Don't mark anything bad until we have seen what happens
1097 * when the connection finishes. */
1098 if (n_canonical && !or_conn->is_canonical) {
1099 /* We have at least one open canonical connection to this router,
1100 * and this one is open but not canonical. Mark it bad. */
1101 log_info(LD_OR,
1102 "Marking %s unsuitable for new circuits: "
1103 "(fd "TOR_SOCKET_T_FORMAT", %d secs old). It is not "
1104 "canonical, and we have another connection to that OR that is.",
1105 connection_describe(TO_CONN(or_conn)),
1106 or_conn->base_.s,
1107 (int)(now - or_conn->base_.timestamp_created));
1108 connection_or_mark_bad_for_new_circs(or_conn);
1109 continue;
1110 }
1111
1112 if (!best ||
1113 channel_is_better(TLS_CHAN_TO_BASE(or_conn->chan),
1114 TLS_CHAN_TO_BASE(best->chan))) {
1115 best = or_conn;
1116 }
1117 } SMARTLIST_FOREACH_END(or_conn);
1118
1119 if (!best)
1120 return;
1121
1122 /* Pass 3: One connection to OR is best. If it's canonical, mark as bad
1123 * every other open connection. If it's non-canonical, mark as bad
1124 * every other open connection to the same address.
1125 *
1126 * XXXX This isn't optimal; if we have connections to an OR at multiple
1127 * addresses, we'd like to pick the best _for each address_, and mark as
1128 * bad every open connection that isn't best for its address. But this
1129 * can only occur in cases where the other OR is old (so we have no
1130 * canonical connection to it), or where all the connections to the OR are
1131 * at noncanonical addresses and we have no good direct connection (which
1132 * means we aren't at risk of attaching circuits to it anyway). As
1133 * 0.1.2.x dies out, the first case will go away, and the second one is
1134 * "mostly harmless", so a fix can wait until somebody is bored.
1135 */
1136 SMARTLIST_FOREACH_BEGIN(group, or_connection_t *, or_conn) {
1137 if (or_conn->base_.marked_for_close ||
1139 or_conn->base_.state != OR_CONN_STATE_OPEN)
1140 continue;
1141 if (or_conn != best &&
1142 channel_is_better(TLS_CHAN_TO_BASE(best->chan),
1143 TLS_CHAN_TO_BASE(or_conn->chan))) {
1144 /* This isn't the best conn, _and_ the best conn is better than it */
1145 if (best->is_canonical) {
1146 log_info(LD_OR,
1147 "Marking %s as unsuitable for new circuits: "
1148 "(fd "TOR_SOCKET_T_FORMAT", %d secs old). "
1149 "We have a better canonical one "
1150 "(fd "TOR_SOCKET_T_FORMAT"; %d secs old).",
1151 connection_describe(TO_CONN(or_conn)),
1152 or_conn->base_.s,
1153 (int)(now - or_conn->base_.timestamp_created),
1154 best->base_.s, (int)(now - best->base_.timestamp_created));
1155 connection_or_mark_bad_for_new_circs(or_conn);
1156 } else if (tor_addr_eq(&TO_CONN(or_conn)->addr,
1157 &TO_CONN(best)->addr)) {
1158 log_info(LD_OR,
1159 "Marking %s unsuitable for new circuits: "
1160 "(fd "TOR_SOCKET_T_FORMAT", %d secs old). We have a better "
1161 "one with the "
1162 "same address (fd "TOR_SOCKET_T_FORMAT"; %d secs old).",
1163 connection_describe(TO_CONN(or_conn)),
1164 or_conn->base_.s,
1165 (int)(now - or_conn->base_.timestamp_created),
1166 best->base_.s, (int)(now - best->base_.timestamp_created));
1167 connection_or_mark_bad_for_new_circs(or_conn);
1168 }
1169 }
1170 } SMARTLIST_FOREACH_END(or_conn);
1171}
1172
1173/* Lifetime of a connection failure. After that, we'll retry. This is in
1174 * seconds. */
1175#define OR_CONNECT_FAILURE_LIFETIME 60
1176/* The interval to use with when to clean up the failure cache. */
1177#define OR_CONNECT_FAILURE_CLEANUP_INTERVAL 60
1178
1179/* When is the next time we have to cleanup the failure map. We keep this
1180 * because we clean it opportunistically. */
1181static time_t or_connect_failure_map_next_cleanup_ts = 0;
1182
1183/* OR connection failure entry data structure. It is kept in the connection
1184 * failure map defined below and indexed by OR identity digest, address and
1185 * port.
1186 *
1187 * We need to identify a connection failure with these three values because we
1188 * want to avoid to wrongfully block a relay if someone is trying to
1189 * extend to a known identity digest but with the wrong IP/port. For instance,
1190 * it can happen if a relay changed its port but the client still has an old
1191 * descriptor with the old port. We want to stop connecting to that
1192 * IP/port/identity all together, not only the relay identity. */
1194 HT_ENTRY(or_connect_failure_entry_t) node;
1195 /* Identity digest of the connection where it is connecting to. */
1196 uint8_t identity_digest[DIGEST_LEN];
1197 /* This is the connection address from the base connection_t. After the
1198 * connection is checked for canonicity, the base address should represent
1199 * what we know instead of where we are connecting to. This is what we need
1200 * so we can correlate known relays within the consensus. */
1201 tor_addr_t addr;
1202 uint16_t port;
1203 /* Last time we were unable to connect. */
1204 time_t last_failed_connect_ts;
1206
1207/* Map where we keep connection failure entries. They are indexed by addr,
1208 * port and identity digest. */
1209static HT_HEAD(or_connect_failure_ht, or_connect_failure_entry_t)
1210 or_connect_failures_map = HT_INITIALIZER();
1211
1212/* Helper: Hashtable equal function. Return 1 if equal else 0. */
1213static int
1214or_connect_failure_ht_eq(const or_connect_failure_entry_t *a,
1216{
1217 return fast_memeq(a->identity_digest, b->identity_digest, DIGEST_LEN) &&
1218 tor_addr_eq(&a->addr, &b->addr) &&
1219 a->port == b->port;
1220}
1221
1222/* Helper: Return the hash for the hashtable of the given entry. For this
1223 * table, it is a combination of address, port and identity digest. */
1224static unsigned int
1225or_connect_failure_ht_hash(const or_connect_failure_entry_t *entry)
1226{
1227 size_t offset = 0, addr_size;
1228 const void *addr_ptr;
1229 /* Largest size is IPv6 and IPv4 is smaller so it is fine. */
1230 uint8_t data[16 + sizeof(uint16_t) + DIGEST_LEN];
1231
1232 /* Get the right address bytes depending on the family. */
1233 switch (tor_addr_family(&entry->addr)) {
1234 case AF_INET:
1235 addr_size = 4;
1236 addr_ptr = &entry->addr.addr.in_addr.s_addr;
1237 break;
1238 case AF_INET6:
1239 addr_size = 16;
1240 addr_ptr = &entry->addr.addr.in6_addr.s6_addr;
1241 break;
1242 default:
1244 return 0;
1245 }
1246
1247 memcpy(data, addr_ptr, addr_size);
1248 offset += addr_size;
1249 memcpy(data + offset, entry->identity_digest, DIGEST_LEN);
1250 offset += DIGEST_LEN;
1251 set_uint16(data + offset, entry->port);
1252 offset += sizeof(uint16_t);
1253
1254 return (unsigned int) siphash24g(data, offset);
1255}
1256
1257HT_PROTOTYPE(or_connect_failure_ht, or_connect_failure_entry_t, node,
1258 or_connect_failure_ht_hash, or_connect_failure_ht_eq);
1259
1260HT_GENERATE2(or_connect_failure_ht, or_connect_failure_entry_t, node,
1261 or_connect_failure_ht_hash, or_connect_failure_ht_eq,
1263
1264/* Initialize a given connect failure entry with the given identity_digest,
1265 * addr and port. All field are optional except ocf. */
1266static void
1267or_connect_failure_init(const char *identity_digest, const tor_addr_t *addr,
1268 uint16_t port, or_connect_failure_entry_t *ocf)
1269{
1270 tor_assert(ocf);
1271 if (identity_digest) {
1272 memcpy(ocf->identity_digest, identity_digest,
1273 sizeof(ocf->identity_digest));
1274 }
1275 if (addr) {
1276 tor_addr_copy(&ocf->addr, addr);
1277 }
1278 ocf->port = port;
1279}
1280
1281/* Return a newly allocated connection failure entry. It is initialized with
1282 * the given or_conn data. This can't fail. */
1284or_connect_failure_new(const or_connection_t *or_conn)
1285{
1286 or_connect_failure_entry_t *ocf = tor_malloc_zero(sizeof(*ocf));
1287 or_connect_failure_init(or_conn->identity_digest, &TO_CONN(or_conn)->addr,
1288 TO_CONN(or_conn)->port, ocf);
1289 return ocf;
1290}
1291
1292/* Return a connection failure entry matching the given or_conn. NULL is
1293 * returned if not found. */
1295or_connect_failure_find(const or_connection_t *or_conn)
1296{
1298 tor_assert(or_conn);
1299 or_connect_failure_init(or_conn->identity_digest, &TO_CONN(or_conn)->addr,
1300 TO_CONN(or_conn)->port, &lookup);
1301 return HT_FIND(or_connect_failure_ht, &or_connect_failures_map, &lookup);
1302}
1303
1304/* Note down in the connection failure cache that a failure occurred on the
1305 * given or_conn. */
1306STATIC void
1307note_or_connect_failed(const or_connection_t *or_conn)
1308{
1309 or_connect_failure_entry_t *ocf = NULL;
1310
1311 tor_assert(or_conn);
1312
1314 /* Don't cache connection failures for connections we initiated ourself.
1315 * If these direct connections fail, we're supposed to recognize that
1316 * the destination is down and stop trying. See ticket 40499. */
1317 return;
1318 }
1319
1320 ocf = or_connect_failure_find(or_conn);
1321 if (ocf == NULL) {
1322 ocf = or_connect_failure_new(or_conn);
1323 HT_INSERT(or_connect_failure_ht, &or_connect_failures_map, ocf);
1324 }
1325 ocf->last_failed_connect_ts = approx_time();
1326}
1327
1328/* Cleanup the connection failure cache and remove all entries below the
1329 * given cutoff. */
1330static void
1331or_connect_failure_map_cleanup(time_t cutoff)
1332{
1333 or_connect_failure_entry_t **ptr, **next, *entry;
1334
1335 for (ptr = HT_START(or_connect_failure_ht, &or_connect_failures_map);
1336 ptr != NULL; ptr = next) {
1337 entry = *ptr;
1338 if (entry->last_failed_connect_ts <= cutoff) {
1339 next = HT_NEXT_RMV(or_connect_failure_ht, &or_connect_failures_map, ptr);
1340 tor_free(entry);
1341 } else {
1342 next = HT_NEXT(or_connect_failure_ht, &or_connect_failures_map, ptr);
1343 }
1344 }
1345}
1346
1347/* Return true iff the given OR connection can connect to its destination that
1348 * is the triplet identity_digest, address and port.
1349 *
1350 * The or_conn MUST have gone through connection_or_check_canonicity() so the
1351 * base address is properly set to what we know or doesn't know. */
1352STATIC int
1353should_connect_to_relay(const or_connection_t *or_conn)
1354{
1355 time_t now, cutoff;
1356 time_t connect_failed_since_ts = 0;
1358
1359 tor_assert(or_conn);
1360
1361 now = approx_time();
1362 cutoff = now - OR_CONNECT_FAILURE_LIFETIME;
1363
1364 /* Opportunistically try to cleanup the failure cache. We do that at regular
1365 * interval so it doesn't grow too big. */
1366 if (or_connect_failure_map_next_cleanup_ts <= now) {
1367 or_connect_failure_map_cleanup(cutoff);
1368 or_connect_failure_map_next_cleanup_ts =
1369 now + OR_CONNECT_FAILURE_CLEANUP_INTERVAL;
1370 }
1371
1372 /* Look if we have failed previously to the same destination as this
1373 * OR connection. */
1374 ocf = or_connect_failure_find(or_conn);
1375 if (ocf) {
1376 connect_failed_since_ts = ocf->last_failed_connect_ts;
1377 }
1378 /* If we do have an unable to connect timestamp and it is below cutoff, we
1379 * can connect. Or we have never failed before so let it connect. */
1380 if (connect_failed_since_ts > cutoff) {
1381 goto no_connect;
1382 }
1383
1384 /* Ok we can connect! */
1385 return 1;
1386 no_connect:
1387 return 0;
1388}
1389
1390/** <b>conn</b> is in the 'connecting' state, and it failed to complete
1391 * a TCP connection. Send notifications appropriately.
1392 *
1393 * <b>reason</b> specifies the or_conn_end_reason for the failure;
1394 * <b>msg</b> specifies the strerror-style error message.
1395 */
1396void
1398 int reason, const char *msg)
1399{
1400 connection_or_event_status(conn, OR_CONN_EVENT_FAILED, reason);
1402 control_event_bootstrap_prob_or(msg, reason, conn);
1403 note_or_connect_failed(conn);
1404}
1405
1406/** <b>conn</b> got an error in connection_handle_read_impl() or
1407 * connection_handle_write_impl() and is going to die soon.
1408 *
1409 * <b>reason</b> specifies the or_conn_end_reason for the failure;
1410 * <b>msg</b> specifies the strerror-style error message.
1411 */
1412void
1414 int reason, const char *msg)
1415{
1416 channel_t *chan;
1417
1418 tor_assert(conn);
1419
1420 /* If we're connecting, call connect_failed() too */
1421 if (TO_CONN(conn)->state == OR_CONN_STATE_CONNECTING)
1422 connection_or_connect_failed(conn, reason, msg);
1423
1424 /* Tell the controlling channel if we have one */
1425 if (conn->chan) {
1426 chan = TLS_CHAN_TO_BASE(conn->chan);
1427 /* Don't transition if we're already in closing, closed or error */
1428 if (!CHANNEL_CONDEMNED(chan)) {
1430 }
1431 }
1432
1433 /* No need to mark for error because connection.c is about to do that */
1434}
1435
1436/** Launch a new OR connection to <b>addr</b>:<b>port</b> and expect to
1437 * handshake with an OR with identity digest <b>id_digest</b>. Optionally,
1438 * pass in a pointer to a channel using this connection.
1439 *
1440 * If <b>id_digest</b> is me, do nothing. If we're already connected to it,
1441 * return that connection. If the connect() is in progress, set the
1442 * new conn's state to 'connecting' and return it. If connect() succeeds,
1443 * call connection_tls_start_handshake() on it.
1444 *
1445 * This function is called from router_retry_connections(), for
1446 * ORs connecting to ORs, and circuit_establish_circuit(), for
1447 * OPs connecting to ORs.
1448 *
1449 * Return the launched conn, or NULL if it failed.
1450 */
1451
1453connection_or_connect, (const tor_addr_t *_addr, uint16_t port,
1454 const char *id_digest,
1455 const ed25519_public_key_t *ed_id,
1456 channel_tls_t *chan))
1457{
1458 or_connection_t *conn;
1459 const or_options_t *options = get_options();
1460 int socket_error = 0;
1461 tor_addr_t addr;
1462
1463 int r;
1464 tor_addr_t proxy_addr;
1465 uint16_t proxy_port;
1466 int proxy_type, is_pt = 0;
1467
1468 tor_assert(_addr);
1469 tor_assert(id_digest);
1470 tor_addr_copy(&addr, _addr);
1471
1472 if (server_mode(options) && router_digest_is_me(id_digest)) {
1473 log_info(LD_PROTOCOL,"Client asked me to connect to myself. Refusing.");
1474 return NULL;
1475 }
1476 if (server_mode(options) && router_ed25519_id_is_me(ed_id)) {
1477 log_info(LD_PROTOCOL,"Client asked me to connect to myself by Ed25519 "
1478 "identity. Refusing.");
1479 return NULL;
1480 }
1481
1483
1484 /*
1485 * Set up conn so it's got all the data we need to remember for channels
1486 *
1487 * This stuff needs to happen before connection_or_init_conn_from_address()
1488 * so connection_or_set_identity_digest() and such know where to look to
1489 * keep the channel up to date.
1490 */
1491 conn->chan = chan;
1492 chan->conn = conn;
1493 connection_or_init_conn_from_address(conn, &addr, port, id_digest, ed_id, 1);
1494
1495 /* We have a proper OR connection setup, now check if we can connect to it
1496 * that is we haven't had a failure earlier. This is to avoid to try to
1497 * constantly connect to relays that we think are not reachable. */
1498 if (!should_connect_to_relay(conn)) {
1499 log_info(LD_GENERAL, "Can't connect to %s because we "
1500 "failed earlier. Refusing.",
1503 return NULL;
1504 }
1505
1506 conn->is_outgoing = 1;
1507
1508 /* If we are using a proxy server, find it and use it. */
1509 r = get_proxy_addrport(&proxy_addr, &proxy_port, &proxy_type, &is_pt,
1510 TO_CONN(conn));
1511 if (r == 0) {
1512 conn->proxy_type = proxy_type;
1513 if (proxy_type != PROXY_NONE) {
1514 tor_addr_copy(&addr, &proxy_addr);
1515 port = proxy_port;
1516 conn->base_.proxy_state = PROXY_INFANT;
1517 conn->is_pt = is_pt;
1518 }
1520 connection_or_event_status(conn, OR_CONN_EVENT_LAUNCHED, 0);
1521 } else {
1522 /* This duplication of state change calls is necessary in case we
1523 * run into an error condition below */
1525 connection_or_event_status(conn, OR_CONN_EVENT_LAUNCHED, 0);
1526
1527 /* get_proxy_addrport() might fail if we have a Bridge line that
1528 references a transport, but no ClientTransportPlugin lines
1529 defining its transport proxy. If this is the case, let's try to
1530 output a useful log message to the user. */
1531 const char *transport_name =
1533 TO_CONN(conn)->port);
1534
1535 if (transport_name) {
1536 log_warn(LD_GENERAL, "We were supposed to connect to bridge '%s' "
1537 "using pluggable transport '%s', but we can't find a pluggable "
1538 "transport proxy supporting '%s'. This can happen if you "
1539 "haven't provided a ClientTransportPlugin line, or if "
1540 "your pluggable transport proxy stopped running.",
1542 transport_name, transport_name);
1543
1545 "Can't connect to bridge",
1546 END_OR_CONN_REASON_PT_MISSING,
1547 conn);
1548
1549 } else {
1550 log_warn(LD_GENERAL, "Tried to connect to %s through a proxy, but "
1551 "the proxy address could not be found.",
1553 }
1554
1556 return NULL;
1557 }
1558
1559 switch (connection_connect(TO_CONN(conn), conn->base_.address,
1560 &addr, port, &socket_error)) {
1561 case -1:
1562 /* We failed to establish a connection probably because of a local
1563 * error. No need to blame the guard in this case. Notify the networking
1564 * system of this failure. */
1566 errno_to_orconn_end_reason(socket_error),
1567 tor_socket_strerror(socket_error));
1569 return NULL;
1570 case 0:
1572 /* writable indicates finish, readable indicates broken link,
1573 error indicates broken link on windows */
1574 return conn;
1575 /* case 1: fall through */
1576 }
1577
1578 if (connection_or_finished_connecting(conn) < 0) {
1579 /* already marked for close */
1580 return NULL;
1581 }
1582 return conn;
1583}
1584
1585/** Mark orconn for close and transition the associated channel, if any, to
1586 * the closing state.
1587 *
1588 * It's safe to call this and connection_or_close_for_error() any time, and
1589 * channel layer will treat it as a connection closing for reasons outside
1590 * its control, like the remote end closing it. It can also be a local
1591 * reason that's specific to connection_t/or_connection_t rather than
1592 * the channel mechanism, such as expiration of old connections in
1593 * run_connection_housekeeping(). If you want to close a channel_t
1594 * from somewhere that logically works in terms of generic channels
1595 * rather than connections, use channel_mark_for_close(); see also
1596 * the comment on that function in channel.c.
1597 */
1598
1599void
1601{
1602 channel_t *chan = NULL;
1603
1604 tor_assert(orconn);
1605 if (flush) connection_mark_and_flush_internal(TO_CONN(orconn));
1606 else connection_mark_for_close_internal(TO_CONN(orconn));
1607 if (orconn->chan) {
1608 chan = TLS_CHAN_TO_BASE(orconn->chan);
1609 /* Don't transition if we're already in closing, closed or error */
1610 if (!CHANNEL_CONDEMNED(chan)) {
1612 }
1613 }
1614}
1615
1616/** Mark orconn for close and transition the associated channel, if any, to
1617 * the error state.
1618 */
1619
1620MOCK_IMPL(void,
1622{
1623 channel_t *chan = NULL;
1624
1625 tor_assert(orconn);
1626 if (flush) connection_mark_and_flush_internal(TO_CONN(orconn));
1627 else connection_mark_for_close_internal(TO_CONN(orconn));
1628 if (orconn->chan) {
1629 chan = TLS_CHAN_TO_BASE(orconn->chan);
1630 /* Don't transition if we're already in closing, closed or error */
1631 if (!CHANNEL_CONDEMNED(chan)) {
1633 }
1634 }
1635}
1636
1637/** Begin the tls handshake with <b>conn</b>. <b>receiving</b> is 0 if
1638 * we initiated the connection, else it's 1.
1639 *
1640 * Assign a new tls object to conn->tls, begin reading on <b>conn</b>, and
1641 * pass <b>conn</b> to connection_tls_continue_handshake().
1642 *
1643 * Return -1 if <b>conn</b> is broken, else return 0.
1644 */
1645MOCK_IMPL(int,
1647{
1648 channel_listener_t *chan_listener;
1649 channel_t *chan;
1650
1651 /* Incoming connections will need a new channel passed to the
1652 * channel_tls_listener */
1653 if (receiving) {
1654 /* It shouldn't already be set */
1655 tor_assert(!(conn->chan));
1656 chan_listener = channel_tls_get_listener();
1657 if (!chan_listener) {
1658 chan_listener = channel_tls_start_listener();
1659 command_setup_listener(chan_listener);
1660 }
1661 chan = channel_tls_handle_incoming(conn);
1662 channel_listener_queue_incoming(chan_listener, chan);
1663 }
1664
1666 tor_assert(!conn->tls);
1667 conn->tls = tor_tls_new(conn->base_.s, receiving);
1668 if (!conn->tls) {
1669 log_warn(LD_BUG,"tor_tls_new failed. Closing.");
1670 return -1;
1671 }
1674
1676 log_debug(LD_HANDSHAKE,"starting TLS handshake on fd "TOR_SOCKET_T_FORMAT,
1677 conn->base_.s);
1678
1680 return -1;
1681
1682 return 0;
1683}
1684
1685/** Move forward with the tls handshake. If it finishes, hand
1686 * <b>conn</b> to connection_tls_finish_handshake().
1687 *
1688 * Return -1 if <b>conn</b> is broken, else return 0.
1689 */
1690int
1692{
1693 int result;
1694 check_no_tls_errors();
1695
1697 // log_notice(LD_OR, "Continue handshake with %p", conn->tls);
1698 result = tor_tls_handshake(conn->tls);
1699 // log_notice(LD_OR, "Result: %d", result);
1700
1701 switch (result) {
1703 conn->tls_error = result;
1704 log_info(LD_OR,"tls error [%s]. breaking connection.",
1705 tor_tls_err_to_string(result));
1706 return -1;
1707 case TOR_TLS_DONE:
1708 {
1709 if (!tor_tls_is_server(conn->tls)) {
1712 } else {
1713 /* v3+ handshake, but we are not a client. */
1714 log_debug(LD_OR, "Done with initial SSL handshake (server-side). "
1715 "Expecting VERSIONS cell");
1716 /* Note: We could instead just send a VERSIONS cell now,
1717 * since the V2 handshake is no longer a thing.
1718 * But that would require re-plumbing this state machine. */
1723 return 0;
1724 }
1725 }
1726 case TOR_TLS_WANTWRITE:
1728 log_debug(LD_OR,"wanted write");
1729 return 0;
1730 case TOR_TLS_WANTREAD: /* handshaking conns are *always* reading */
1731 log_debug(LD_OR,"wanted read");
1732 return 0;
1733 case TOR_TLS_CLOSE:
1734 conn->tls_error = result;
1735 log_info(LD_OR,"tls closed. breaking connection.");
1736 return -1;
1737 }
1738 return 0;
1739}
1740
1741/** Return 1 if we initiated this connection, or 0 if it started
1742 * out as an incoming connection.
1743 */
1744int
1746{
1747 tor_assert(conn->base_.type == CONN_TYPE_OR ||
1748 conn->base_.type == CONN_TYPE_EXT_OR);
1749 if (!conn->tls)
1750 return 1; /* it's still in proxy states or something */
1751 if (conn->handshake_state)
1752 return conn->handshake_state->started_here;
1753 return !tor_tls_is_server(conn->tls);
1754}
1755
1756/** Called when we (as a connection initiator) have definitively,
1757 * authenticatedly, learned that ID of the Tor instance on the other
1758 * side of <b>conn</b> is <b>rsa_peer_id</b> and optionally <b>ed_peer_id</b>.
1759 * For v1 and v2 handshakes,
1760 * this is right after we get a certificate chain in a TLS handshake
1761 * or renegotiation. For v3+ handshakes, this is right after we get a
1762 * certificate chain in a CERTS cell.
1763 *
1764 * If we did not know the ID before, record the one we got.
1765 *
1766 * If we wanted an ID, but we didn't get the one we expected, log a message
1767 * and return -1.
1768 * On relays:
1769 * - log a protocol warning whenever the fingerprints don't match;
1770 * On clients:
1771 * - if a relay's fingerprint doesn't match, log a warning;
1772 * - if we don't have updated relay fingerprints from a recent consensus, and
1773 * a fallback directory mirror's hard-coded fingerprint has changed, log an
1774 * info explaining that we will try another fallback.
1775 *
1776 * If we're testing reachability, remember what we learned.
1777 *
1778 * Return 0 on success, -1 on failure.
1779 */
1780int
1782 const uint8_t *rsa_peer_id,
1783 const ed25519_public_key_t *ed_peer_id)
1784{
1785 const or_options_t *options = get_options();
1786 channel_tls_t *chan_tls = conn->chan;
1787 channel_t *chan = channel_tls_to_base(chan_tls);
1788 int changed_identity = 0;
1789 tor_assert(chan);
1790
1791 const int expected_rsa_key =
1793 const int expected_ed_key =
1795
1796 log_info(LD_HANDSHAKE, "learned peer id for %s at %p: %s, %s",
1798 conn,
1799 hex_str((const char*)rsa_peer_id, DIGEST_LEN),
1800 ed25519_fmt(ed_peer_id));
1801
1802 if (! expected_rsa_key && ! expected_ed_key) {
1803 log_info(LD_HANDSHAKE, "(we had no ID in mind when we made this "
1804 "connection.");
1806 (const char*)rsa_peer_id, ed_peer_id);
1807 tor_free(conn->nickname);
1808 conn->nickname = tor_malloc(HEX_DIGEST_LEN+2);
1809 conn->nickname[0] = '$';
1812 log_info(LD_HANDSHAKE, "Connected to router at %s without knowing "
1813 "its key. Hoping for the best.",
1815 /* if it's a bridge and we didn't know its identity fingerprint, now
1816 * we do -- remember it for future attempts. */
1817 learned_router_identity(&conn->base_.addr, conn->base_.port,
1818 (const char*)rsa_peer_id, ed_peer_id);
1819 changed_identity = 1;
1820 }
1821
1822 const int rsa_mismatch = expected_rsa_key &&
1823 tor_memneq(rsa_peer_id, conn->identity_digest, DIGEST_LEN);
1824 /* It only counts as an ed25519 mismatch if we wanted an ed25519 identity
1825 * and didn't get it. It's okay if we get one that we didn't ask for. */
1826 const int ed25519_mismatch =
1827 expected_ed_key &&
1828 (ed_peer_id == NULL ||
1829 ! ed25519_pubkey_eq(&chan->ed25519_identity, ed_peer_id));
1830
1831 if (rsa_mismatch || ed25519_mismatch) {
1832 /* I was aiming for a particular digest. I didn't get it! */
1833 char seen_rsa[HEX_DIGEST_LEN+1];
1834 char expected_rsa[HEX_DIGEST_LEN+1];
1835 char seen_ed[ED25519_BASE64_LEN+1];
1836 char expected_ed[ED25519_BASE64_LEN+1];
1837 base16_encode(seen_rsa, sizeof(seen_rsa),
1838 (const char*)rsa_peer_id, DIGEST_LEN);
1839 base16_encode(expected_rsa, sizeof(expected_rsa), conn->identity_digest,
1840 DIGEST_LEN);
1841 if (ed_peer_id) {
1842 ed25519_public_to_base64(seen_ed, ed_peer_id);
1843 } else {
1844 strlcpy(seen_ed, "no ed25519 key", sizeof(seen_ed));
1845 }
1847 ed25519_public_to_base64(expected_ed, &chan->ed25519_identity);
1848 } else {
1849 strlcpy(expected_ed, "no ed25519 key", sizeof(expected_ed));
1850 }
1851 const int using_hardcoded_fingerprints =
1854 const int is_fallback_fingerprint = router_digest_is_fallback_dir(
1855 conn->identity_digest);
1856 const int is_authority_fingerprint = router_digest_is_trusted_dir(
1857 conn->identity_digest);
1858 const int non_anonymous_mode =
1859 hs_service_non_anonymous_mode_enabled(options);
1860 int severity;
1861 const char *extra_log = "";
1862
1863 /* Relays and Single Onion Services make direct connections using
1864 * untrusted authentication keys. */
1865 if (server_mode(options) || non_anonymous_mode) {
1866 severity = LOG_PROTOCOL_WARN;
1867 } else {
1868 if (using_hardcoded_fingerprints) {
1869 /* We need to do the checks in this order, because the list of
1870 * fallbacks includes the list of authorities */
1871 if (is_authority_fingerprint) {
1872 severity = LOG_WARN;
1873 } else if (is_fallback_fingerprint) {
1874 /* we expect a small number of fallbacks to change from their
1875 * hard-coded fingerprints over the life of a release */
1876 severity = LOG_INFO;
1877 extra_log = " Tor will try a different fallback.";
1878 } else {
1879 /* it's a bridge, it's either a misconfiguration, or unexpected */
1880 severity = LOG_WARN;
1881 }
1882 } else {
1883 /* a relay has changed its fingerprint from the one in the consensus */
1884 severity = LOG_WARN;
1885 }
1886 }
1887
1888 log_fn(severity, LD_HANDSHAKE,
1889 "Tried connecting to router at %s, but RSA + ed25519 identity "
1890 "keys were not as expected: wanted %s + %s but got %s + %s.%s",
1892 expected_rsa, expected_ed, seen_rsa, seen_ed, extra_log);
1893
1894 /* Tell the new guard API about the channel failure */
1895 entry_guard_chan_failed(TLS_CHAN_TO_BASE(conn->chan));
1896 connection_or_event_status(conn, OR_CONN_EVENT_FAILED,
1897 END_OR_CONN_REASON_OR_IDENTITY);
1898 if (!authdir_mode_tests_reachability(options))
1900 "Unexpected identity in router certificate",
1901 END_OR_CONN_REASON_OR_IDENTITY,
1902 conn);
1903 return -1;
1904 }
1905
1906 if (!expected_ed_key && ed_peer_id) {
1907 log_info(LD_HANDSHAKE, "(We had no Ed25519 ID in mind when we made this "
1908 "connection.)");
1910 (const char*)rsa_peer_id, ed_peer_id);
1911 changed_identity = 1;
1912 }
1913
1914 if (changed_identity) {
1915 /* If we learned an identity for this connection, then we might have
1916 * just discovered it to be canonical. */
1918 if (conn->tls)
1921 }
1922
1923 if (authdir_mode_tests_reachability(options)) {
1924 // We don't want to use canonical_orport here -- we want the address
1925 // that we really used.
1926 dirserv_orconn_tls_done(&conn->base_.addr, conn->base_.port,
1927 (const char*)rsa_peer_id, ed_peer_id);
1928 }
1929
1930 return 0;
1931}
1932
1933/** Return when we last used this channel for client activity (origin
1934 * circuits). This is called from connection.c, since client_used is now one
1935 * of the timestamps in channel_t */
1936
1937time_t
1939{
1940 tor_assert(conn);
1941
1942 if (conn->chan) {
1943 return channel_when_last_client(TLS_CHAN_TO_BASE(conn->chan));
1944 } else return 0;
1945}
1946
1947/**
1948 * Called as client when initial TLS handshake is done, and we notice
1949 * that we got a v3-handshake signalling certificate from the server.
1950 * Set up structures, do bookkeeping, and send the versions cell.
1951 * Return 0 on success and -1 on failure.
1952 */
1953static int
1955{
1957
1959
1961 if (connection_init_or_handshake_state(conn, 1) < 0)
1962 return -1;
1963
1964 return connection_or_send_versions(conn, 1);
1965}
1966
1967/** Allocate a new connection handshake state for the connection
1968 * <b>conn</b>. Return 0 on success, -1 on failure. */
1969int
1971{
1973 if (conn->handshake_state) {
1974 log_warn(LD_BUG, "Duplicate call to connection_init_or_handshake_state!");
1975 return 0;
1976 }
1977 s = conn->handshake_state = tor_malloc_zero(sizeof(or_handshake_state_t));
1978 s->started_here = started_here ? 1 : 0;
1979 s->digest_sent_data = 1;
1980 s->digest_received_data = 1;
1981 if (! started_here && get_current_link_cert_cert()) {
1982 s->own_link_cert = tor_cert_dup(get_current_link_cert_cert());
1983 }
1986 return 0;
1987}
1988
1989/** Free all storage held by <b>state</b>. */
1990void
1992{
1993 if (!state)
1994 return;
1996 crypto_digest_free(state->digest_received);
1997 or_handshake_certs_free(state->certs);
1998 tor_cert_free(state->own_link_cert);
1999 memwipe(state, 0xBE, sizeof(or_handshake_state_t));
2000 tor_free(state);
2001}
2002
2003/**
2004 * Remember that <b>cell</b> has been transmitted (if <b>incoming</b> is
2005 * false) or received (if <b>incoming</b> is true) during a V3 handshake using
2006 * <b>state</b>.
2007 *
2008 * (We don't record the cell, but we keep a digest of everything sent or
2009 * received during the v3 handshake, and the client signs it in an
2010 * authenticate cell.)
2011 */
2012void
2014 or_handshake_state_t *state,
2015 const cell_t *cell,
2016 int incoming)
2017{
2018 size_t cell_network_size = get_cell_network_size(conn->wide_circ_ids);
2019 crypto_digest_t *d, **dptr;
2020 packed_cell_t packed;
2021 if (incoming) {
2022 if (!state->digest_received_data)
2023 return;
2024 } else {
2025 if (!state->digest_sent_data)
2026 return;
2027 }
2028 if (!incoming) {
2029 log_warn(LD_BUG, "We shouldn't be sending any non-variable-length cells "
2030 "while making a handshake digest. But we think we are sending "
2031 "one with type %d.", (int)cell->command);
2032 }
2033 dptr = incoming ? &state->digest_received : &state->digest_sent;
2034 if (! *dptr)
2035 *dptr = crypto_digest256_new(DIGEST_SHA256);
2036
2037 d = *dptr;
2038 /* Re-packing like this is a little inefficient, but we don't have to do
2039 this very often at all. */
2040 cell_pack(&packed, cell, conn->wide_circ_ids);
2041 crypto_digest_add_bytes(d, packed.body, cell_network_size);
2042 memwipe(&packed, 0, sizeof(packed));
2043}
2044
2045/** Remember that a variable-length <b>cell</b> has been transmitted (if
2046 * <b>incoming</b> is false) or received (if <b>incoming</b> is true) during a
2047 * V3 handshake using <b>state</b>.
2048 *
2049 * (We don't record the cell, but we keep a digest of everything sent or
2050 * received during the v3 handshake, and the client signs it in an
2051 * authenticate cell.)
2052 */
2053void
2055 or_handshake_state_t *state,
2056 const var_cell_t *cell,
2057 int incoming)
2058{
2059 crypto_digest_t *d, **dptr;
2060 int n;
2061 char buf[VAR_CELL_MAX_HEADER_SIZE];
2062 if (incoming) {
2063 if (!state->digest_received_data)
2064 return;
2065 } else {
2066 if (!state->digest_sent_data)
2067 return;
2068 }
2069 dptr = incoming ? &state->digest_received : &state->digest_sent;
2070 if (! *dptr)
2071 *dptr = crypto_digest256_new(DIGEST_SHA256);
2072
2073 d = *dptr;
2074
2075 n = var_cell_pack_header(cell, buf, conn->wide_circ_ids);
2076 crypto_digest_add_bytes(d, buf, n);
2077 crypto_digest_add_bytes(d, (const char *)cell->payload, cell->payload_len);
2078
2079 memwipe(buf, 0, sizeof(buf));
2080}
2081
2082/** Set <b>conn</b>'s state to OR_CONN_STATE_OPEN, and tell other subsystems
2083 * as appropriate. Called when we are done with all TLS and OR handshaking.
2084 */
2085int
2087{
2089 connection_or_event_status(conn, OR_CONN_EVENT_CONNECTED, 0);
2090
2091 /* Link protocol 3 appeared in Tor 0.2.3.6-alpha, so any connection
2092 * that uses an earlier link protocol should not be treated as a relay. */
2093 if (conn->link_proto < 3) {
2094 channel_mark_client(TLS_CHAN_TO_BASE(conn->chan));
2095 }
2096
2097 or_handshake_state_free(conn->handshake_state);
2098 conn->handshake_state = NULL;
2100
2101 return 0;
2102}
2103
2104/** Pack <b>cell</b> into wire-format, and write it onto <b>conn</b>'s outbuf.
2105 * For cells that use or affect a circuit, this should only be called by
2106 * connection_or_flush_from_first_active_circuit().
2107 */
2108void
2110{
2111 packed_cell_t networkcell;
2112 size_t cell_network_size = get_cell_network_size(conn->wide_circ_ids);
2113
2114 tor_assert(cell);
2115 tor_assert(conn);
2116
2117 cell_pack(&networkcell, cell, conn->wide_circ_ids);
2118
2119 /* We need to count padding cells from this non-packed code path
2120 * since they are sent via chan->write_cell() (which is not packed) */
2122 if (cell->command == CELL_PADDING)
2124
2125 connection_buf_add(networkcell.body, cell_network_size, TO_CONN(conn));
2126
2127 /* Touch the channel's active timestamp if there is one */
2128 if (conn->chan) {
2129 channel_timestamp_active(TLS_CHAN_TO_BASE(conn->chan));
2130
2131 if (TLS_CHAN_TO_BASE(conn->chan)->padding_enabled) {
2133 if (cell->command == CELL_PADDING)
2135 }
2136 }
2137
2138 if (conn->base_.state == OR_CONN_STATE_OR_HANDSHAKING_V3)
2139 or_handshake_state_record_cell(conn, conn->handshake_state, cell, 0);
2140}
2141
2142/** Pack a variable-length <b>cell</b> into wire-format, and write it onto
2143 * <b>conn</b>'s outbuf. Right now, this <em>DOES NOT</em> support cells that
2144 * affect a circuit.
2145 */
2146MOCK_IMPL(void,
2149{
2150 int n;
2151 char hdr[VAR_CELL_MAX_HEADER_SIZE];
2152 tor_assert(cell);
2153 tor_assert(conn);
2154 n = var_cell_pack_header(cell, hdr, conn->wide_circ_ids);
2155 connection_buf_add(hdr, n, TO_CONN(conn));
2156 connection_buf_add((char*)cell->payload,
2157 cell->payload_len, TO_CONN(conn));
2158 if (conn->base_.state == OR_CONN_STATE_OR_HANDSHAKING_V3)
2160
2162 /* Touch the channel's active timestamp if there is one */
2163 if (conn->chan)
2164 channel_timestamp_active(TLS_CHAN_TO_BASE(conn->chan));
2165}
2166
2167/** See whether there's a variable-length cell waiting on <b>or_conn</b>'s
2168 * inbuf. Return values as for fetch_var_cell_from_buf(). */
2169static int
2171{
2172 connection_t *conn = TO_CONN(or_conn);
2173 return fetch_var_cell_from_buf(conn->inbuf, out, or_conn->link_proto);
2174}
2175
2176/** Process cells from <b>conn</b>'s inbuf.
2177 *
2178 * Loop: while inbuf contains a cell, pull it off the inbuf, unpack it,
2179 * and hand it to command_process_cell().
2180 *
2181 * Always return 0.
2182 */
2183static int
2185{
2186 var_cell_t *var_cell;
2187
2188 /*
2189 * Note on memory management for incoming cells: below the channel layer,
2190 * we shouldn't need to consider its internal queueing/copying logic. It
2191 * is safe to pass cells to it on the stack or on the heap, but in the
2192 * latter case we must be sure we free them later.
2193 *
2194 * The incoming cell queue code in channel.c will (in the common case)
2195 * decide it can pass them to the upper layer immediately, in which case
2196 * those functions may run directly on the cell pointers we pass here, or
2197 * it may decide to queue them, in which case it will allocate its own
2198 * buffer and copy the cell.
2199 */
2200
2201 while (1) {
2202 log_debug(LD_OR,
2203 TOR_SOCKET_T_FORMAT": starting, inbuf_datalen %d "
2204 "(%d pending in tls object).",
2205 conn->base_.s,(int)connection_get_inbuf_len(TO_CONN(conn)),
2207 if (connection_fetch_var_cell_from_buf(conn, &var_cell)) {
2208 if (!var_cell)
2209 return 0; /* not yet. */
2210
2211 /* Touch the channel's active timestamp if there is one */
2212 if (conn->chan)
2213 channel_timestamp_active(TLS_CHAN_TO_BASE(conn->chan));
2214
2216 channel_tls_handle_var_cell(var_cell, conn);
2217 var_cell_free(var_cell);
2218 } else {
2219 const int wide_circ_ids = conn->wide_circ_ids;
2220 size_t cell_network_size = get_cell_network_size(conn->wide_circ_ids);
2221 char buf[CELL_MAX_NETWORK_SIZE];
2222 cell_t cell;
2223 if (connection_get_inbuf_len(TO_CONN(conn))
2224 < cell_network_size) /* whole response available? */
2225 return 0; /* not yet */
2226
2227 /* Touch the channel's active timestamp if there is one */
2228 if (conn->chan)
2229 channel_timestamp_active(TLS_CHAN_TO_BASE(conn->chan));
2230
2232 connection_buf_get_bytes(buf, cell_network_size, TO_CONN(conn));
2233
2234 /* retrieve cell info from buf (create the host-order struct from the
2235 * network-order string) */
2236 cell_unpack(&cell, buf, wide_circ_ids);
2237
2238 channel_tls_handle_cell(&cell, conn);
2239 }
2240 }
2241}
2242
2243/** Array of supported link protocol versions. */
2244static const uint16_t or_protocol_versions[] = { 3, 4, 5 };
2245/** Number of versions in <b>or_protocol_versions</b>. */
2246static const int n_or_protocol_versions =
2247 (int)( sizeof(or_protocol_versions)/sizeof(uint16_t) );
2248
2249/** Return true iff <b>v</b> is a link protocol version that this Tor
2250 * implementation believes it can support. */
2251int
2253{
2254 int i;
2255 for (i = 0; i < n_or_protocol_versions; ++i) {
2256 if (or_protocol_versions[i] == v)
2257 return 1;
2258 }
2259 return 0;
2260}
2261
2262/** Send a VERSIONS cell on <b>conn</b>, telling the other host about the
2263 * link protocol versions that this Tor can support.
2264 *
2265 * If <b>v3_plus</b>, this is part of a V3 protocol handshake, so only
2266 * allow protocol version v3 or later. If not <b>v3_plus</b>, this is
2267 * not part of a v3 protocol handshake, so don't allow protocol v3 or
2268 * later.
2269 **/
2270int
2272{
2273 var_cell_t *cell;
2274 int i;
2275 int n_versions = 0;
2276 const int min_version = v3_plus ? 3 : 0;
2277 const int max_version = v3_plus ? UINT16_MAX : 2;
2281 cell->command = CELL_VERSIONS;
2282 for (i = 0; i < n_or_protocol_versions; ++i) {
2283 uint16_t v = or_protocol_versions[i];
2284 if (v < min_version || v > max_version)
2285 continue;
2286 set_uint16(cell->payload+(2*n_versions), htons(v));
2287 ++n_versions;
2288 }
2289 cell->payload_len = n_versions * 2;
2290
2292 conn->handshake_state->sent_versions_at = time(NULL);
2293
2294 var_cell_free(cell);
2295 return 0;
2296}
2297
2298static netinfo_addr_t *
2299netinfo_addr_from_tor_addr(const tor_addr_t *tor_addr)
2300{
2301 sa_family_t addr_family = tor_addr_family(tor_addr);
2302
2303 if (BUG(addr_family != AF_INET && addr_family != AF_INET6))
2304 return NULL;
2305
2306 netinfo_addr_t *netinfo_addr = netinfo_addr_new();
2307
2308 if (addr_family == AF_INET) {
2309 netinfo_addr_set_addr_type(netinfo_addr, NETINFO_ADDR_TYPE_IPV4);
2310 netinfo_addr_set_len(netinfo_addr, 4);
2311 netinfo_addr_set_addr_ipv4(netinfo_addr, tor_addr_to_ipv4h(tor_addr));
2312 } else if (addr_family == AF_INET6) {
2313 netinfo_addr_set_addr_type(netinfo_addr, NETINFO_ADDR_TYPE_IPV6);
2314 netinfo_addr_set_len(netinfo_addr, 16);
2315 uint8_t *ipv6_buf = netinfo_addr_getarray_addr_ipv6(netinfo_addr);
2316 const uint8_t *in6_addr = tor_addr_to_in6_addr8(tor_addr);
2317 memcpy(ipv6_buf, in6_addr, 16);
2318 }
2319
2320 return netinfo_addr;
2321}
2322
2323/** Send a NETINFO cell on <b>conn</b>, telling the other server what we know
2324 * about their address, our address, and the current time. */
2325MOCK_IMPL(int,
2327{
2328 cell_t cell;
2329 time_t now = time(NULL);
2330 const routerinfo_t *me;
2331 int r = -1;
2332
2334
2335 if (conn->handshake_state->sent_netinfo) {
2336 log_warn(LD_BUG, "Attempted to send an extra netinfo cell on a connection "
2337 "where we already sent one.");
2338 return 0;
2339 }
2340
2341 memset(&cell, 0, sizeof(cell_t));
2342 cell.command = CELL_NETINFO;
2343
2344 netinfo_cell_t *netinfo_cell = netinfo_cell_new();
2345
2346 /* Timestamp, if we're a relay. */
2347 if (public_server_mode(get_options()) || ! conn->is_outgoing)
2348 netinfo_cell_set_timestamp(netinfo_cell, (uint32_t)now);
2349
2350 /* Their address. */
2351 const tor_addr_t *remote_tor_addr = &TO_CONN(conn)->addr;
2352 /* We can safely use TO_CONN(conn)->addr here, since we no longer replace
2353 * it with a canonical address. */
2354 netinfo_addr_t *their_addr = netinfo_addr_from_tor_addr(remote_tor_addr);
2355
2356 netinfo_cell_set_other_addr(netinfo_cell, their_addr);
2357
2358 /* My address -- only include it if I'm a public relay, or if I'm a
2359 * bridge and this is an incoming connection. If I'm a bridge and this
2360 * is an outgoing connection, act like a normal client and omit it. */
2361 if ((public_server_mode(get_options()) || !conn->is_outgoing) &&
2362 (me = router_get_my_routerinfo())) {
2363 uint8_t n_my_addrs = 1 + !tor_addr_is_null(&me->ipv6_addr);
2364 netinfo_cell_set_n_my_addrs(netinfo_cell, n_my_addrs);
2365
2366 netinfo_cell_add_my_addrs(netinfo_cell,
2367 netinfo_addr_from_tor_addr(&me->ipv4_addr));
2368
2369 if (!tor_addr_is_null(&me->ipv6_addr)) {
2370 netinfo_cell_add_my_addrs(netinfo_cell,
2371 netinfo_addr_from_tor_addr(&me->ipv6_addr));
2372 }
2373 }
2374
2375 const char *errmsg = NULL;
2376 if ((errmsg = netinfo_cell_check(netinfo_cell))) {
2377 log_warn(LD_OR, "Failed to validate NETINFO cell with error: %s",
2378 errmsg);
2379 goto cleanup;
2380 }
2381
2382 if (netinfo_cell_encode(cell.payload, CELL_PAYLOAD_SIZE,
2383 netinfo_cell) < 0) {
2384 log_warn(LD_OR, "Failed generating NETINFO cell");
2385 goto cleanup;
2386 }
2387
2389 conn->handshake_state->sent_netinfo = 1;
2391
2392 r = 0;
2393 cleanup:
2394 netinfo_cell_free(netinfo_cell);
2395
2396 return r;
2397}
void tor_addr_copy(tor_addr_t *dest, const tor_addr_t *src)
Definition: address.c:933
int tor_addr_is_null(const tor_addr_t *addr)
Definition: address.c:780
void tor_addr_port_copy(tor_addr_port_t *dest, const tor_addr_port_t *source)
Definition: address.c:2121
static sa_family_t tor_addr_family(const tor_addr_t *a)
Definition: address.h:187
static uint32_t tor_addr_to_ipv4h(const tor_addr_t *a)
Definition: address.h:160
#define tor_addr_to_in6_addr8(x)
Definition: address.h:135
#define fmt_addr(a)
Definition: address.h:239
#define tor_addr_eq(a, b)
Definition: address.h:280
time_t approx_time(void)
Definition: approx_time.c:32
int authdir_mode_tests_reachability(const or_options_t *options)
Definition: authmode.c:68
Header file for directory authority mode.
const char * hex_str(const char *from, size_t fromlen)
Definition: binascii.c:34
void base16_encode(char *dest, size_t destlen, const char *src, size_t srclen)
Definition: binascii.c:478
void learned_router_identity(const tor_addr_t *addr, uint16_t port, const char *digest, const ed25519_public_key_t *ed_id)
Definition: bridges.c:440
const char * find_transport_name_by_bridge_addrport(const tor_addr_t *addr, uint16_t port)
Definition: bridges.c:634
Header file for circuitbuild.c.
size_t buf_datalen(const buf_t *buf)
Definition: buffers.c:394
Header file for buffers.c.
static void set_uint16(void *cp, uint16_t v)
Definition: bytes.h:78
static uint16_t get_uint16(const void *cp)
Definition: bytes.h:42
static void set_uint32(void *cp, uint32_t v)
Definition: bytes.h:87
static uint8_t get_uint8(const void *cp)
Definition: bytes.h:23
static void set_uint8(void *cp, uint8_t v)
Definition: bytes.h:31
static uint32_t get_uint32(const void *cp)
Definition: bytes.h:54
Cell queue structures.
Fixed-size cell structure.
void channel_timestamp_active(channel_t *chan)
Definition: channel.c:3147
int channel_is_better(channel_t *a, channel_t *b)
Definition: channel.c:2344
int channel_is_bad_for_new_circs(channel_t *chan)
Definition: channel.c:2890
void channel_set_identity_digest(channel_t *chan, const char *identity_digest, const ed25519_public_key_t *ed_identity)
Definition: channel.c:1336
void channel_mark_client(channel_t *chan)
Definition: channel.c:2931
void channel_closed(channel_t *chan)
Definition: channel.c:1276
void channel_close_from_lower_layer(channel_t *chan)
Definition: channel.c:1221
void channel_listener_queue_incoming(channel_listener_t *listener, channel_t *incoming)
Definition: channel.c:1932
time_t channel_when_last_client(channel_t *chan)
Definition: channel.c:3267
void channel_mark_bad_for_new_circs(channel_t *chan)
Definition: channel.c:2903
void channel_close_for_error(channel_t *chan)
Definition: channel.c:1249
void channel_clear_identity_digest(channel_t *chan)
Definition: channel.c:1307
unsigned int channel_num_circuits(channel_t *chan)
Definition: channel.c:3341
Header file for channel.c.
unsigned int channelpadding_get_channel_idle_timeout(const channel_t *chan, int is_canonical)
void channel_tls_handle_var_cell(var_cell_t *var_cell, or_connection_t *conn)
Definition: channeltls.c:1199
channel_listener_t * channel_tls_start_listener(void)
Definition: channeltls.c:269
void channel_tls_handle_state_change_on_orconn(channel_tls_t *chan, or_connection_t *conn, uint8_t state)
Definition: channeltls.c:980
void channel_tls_handle_cell(cell_t *cell, or_connection_t *conn)
Definition: channeltls.c:1083
channel_listener_t * channel_tls_get_listener(void)
Definition: channeltls.c:257
void channel_tls_update_marks(or_connection_t *conn)
Definition: channeltls.c:1353
channel_t * channel_tls_handle_incoming(or_connection_t *orconn)
Definition: channeltls.c:332
channel_t * channel_tls_to_base(channel_tls_t *tlschan)
Definition: channeltls.c:413
Header file for channeltls.c.
Header file for circuitbuild.c.
Header file for circuitlist.c.
circuit_build_times_t * get_circuit_build_times_mutable(void)
Definition: circuitstats.c:85
void circuit_build_times_network_is_live(circuit_build_times_t *cbt)
Header file for circuitstats.c.
void command_setup_listener(channel_listener_t *listener)
Definition: command.c:723
Header file for command.c.
uint32_t monotime_coarse_get_stamp(void)
Definition: compat_time.c:864
const or_options_t * get_options(void)
Definition: config.c:947
Header file for config.c.
Public APIs for congestion control.
static uint32_t or_conn_highwatermark(void)
static uint32_t or_conn_lowwatermark(void)
int connection_buf_get_bytes(char *string, size_t len, connection_t *conn)
Definition: connection.c:4320
int get_proxy_addrport(tor_addr_t *addr, uint16_t *port, int *proxy_type, int *is_pt_out, const connection_t *conn)
Definition: connection.c:5813
int connection_proxy_connect(connection_t *conn, int type)
Definition: connection.c:2796
void assert_connection_ok(connection_t *conn, time_t now)
Definition: connection.c:5668
int connection_read_proxy_handshake(connection_t *conn)
Definition: connection.c:2949
const char * connection_describe_peer(const connection_t *conn)
Definition: connection.c:526
or_connection_t * or_connection_new(int type, int socket_family)
Definition: connection.c:574
const char * connection_describe(const connection_t *conn)
Definition: connection.c:541
void connection_free_(connection_t *conn)
Definition: connection.c:968
int connection_connect(connection_t *conn, const char *address, const tor_addr_t *addr, uint16_t port, int *socket_error)
Definition: connection.c:2442
const char * conn_state_to_string(int type, int state)
Definition: connection.c:304
Header file for connection.c.
#define CONN_TYPE_OR
Definition: connection.h:44
#define CONN_TYPE_EXT_OR
Definition: connection.h:71
void connection_or_event_status(or_connection_t *conn, or_conn_status_event_t tp, int reason)
or_connection_t * TO_OR_CONN(connection_t *c)
int is_or_protocol_version_known(uint16_t v)
int connection_or_set_state_open(or_connection_t *conn)
int connection_or_reached_eof(or_connection_t *conn)
static const int n_or_protocol_versions
int connection_tls_continue_handshake(or_connection_t *conn)
static void connection_or_set_identity_digest(or_connection_t *conn, const char *rsa_digest, const ed25519_public_key_t *ed_id)
void connection_or_notify_error(or_connection_t *conn, int reason, const char *msg)
void connection_or_write_cell_to_buf(const cell_t *cell, or_connection_t *conn)
int connection_or_process_inbuf(or_connection_t *conn)
static int connection_fetch_var_cell_from_buf(or_connection_t *or_conn, var_cell_t **out)
void connection_or_clear_identity(or_connection_t *conn)
int connection_or_send_versions(or_connection_t *conn, int v3_plus)
int connection_or_client_learned_peer_id(or_connection_t *conn, const uint8_t *rsa_peer_id, const ed25519_public_key_t *ed_peer_id)
static void connection_or_update_token_buckets_helper(or_connection_t *conn, int reset, const or_options_t *options)
time_t connection_or_client_used(or_connection_t *conn)
void cell_pack(packed_cell_t *dst, const cell_t *src, int wide_circ_ids)
static void connection_or_note_state_when_broken(or_connection_t *orconn)
var_cell_t * var_cell_new(uint16_t payload_len)
void or_handshake_state_free_(or_handshake_state_t *state)
void or_handshake_state_record_var_cell(or_connection_t *conn, or_handshake_state_t *state, const var_cell_t *cell, int incoming)
int var_cell_pack_header(const var_cell_t *cell, char *hdr_out, int wide_circ_ids)
int connection_or_finished_flushing(or_connection_t *conn)
static unsigned int connection_or_is_bad_for_new_circs(or_connection_t *or_conn)
void clear_broken_connection_map(int stop_recording)
static void cell_unpack(cell_t *dest, const char *src, int wide_circ_ids)
void connection_or_connect_failed(or_connection_t *conn, int reason, const char *msg)
static int connection_or_process_cells_from_inbuf(or_connection_t *conn)
int connection_or_send_netinfo(or_connection_t *conn)
void var_cell_free_(var_cell_t *cell)
int connection_or_single_set_badness_(time_t now, or_connection_t *or_conn, int force)
int connection_tls_start_handshake(or_connection_t *conn, int receiving)
void connection_or_change_state(or_connection_t *conn, uint8_t state)
void or_handshake_state_record_cell(or_connection_t *conn, or_handshake_state_t *state, const cell_t *cell, int incoming)
var_cell_t * var_cell_copy(const var_cell_t *src)
static int connection_or_launch_v3_or_handshake(or_connection_t *conn)
static void note_broken_connection(const char *state)
void connection_or_report_broken_states(int severity, int domain)
static void connection_or_check_canonicity(or_connection_t *conn, int started_here)
int connection_or_digest_is_known_relay(const char *id_digest)
#define MAX_REASONS_TO_REPORT
void connection_or_init_conn_from_address(or_connection_t *conn, const tor_addr_t *addr, uint16_t port, const char *id_digest, const ed25519_public_key_t *ed_id, int started_here)
static const uint16_t or_protocol_versions[]
int connection_or_get_num_circuits(or_connection_t *conn)
int connection_or_flushed_some(or_connection_t *conn)
const struct ed25519_public_key_t * connection_or_get_alleged_ed25519_id(const or_connection_t *conn)
int connection_or_nonopen_was_started_here(or_connection_t *conn)
static int disable_broken_connection_counts
or_connection_t * connection_or_connect(const tor_addr_t *_addr, uint16_t port, const char *id_digest, const ed25519_public_key_t *ed_id, channel_tls_t *chan)
void connection_or_close_for_error(or_connection_t *orconn, int flush)
const or_connection_t * CONST_TO_OR_CONN(const connection_t *c)
static strmap_t * broken_connection_counts
void connection_or_update_token_buckets(smartlist_t *conns, const or_options_t *options)
static void connection_or_get_state_description(or_connection_t *orconn, char *buf, size_t buflen)
void connection_or_group_set_badness_(smartlist_t *group, int force)
int connection_or_finished_connecting(or_connection_t *or_conn)
void connection_or_about_to_close(or_connection_t *or_conn)
static int broken_state_count_compare(const void **a_ptr, const void **b_ptr)
ssize_t connection_or_num_cells_writeable(or_connection_t *conn)
int connection_init_or_handshake_state(or_connection_t *conn, int started_here)
void connection_or_clear_identity_map(void)
void connection_or_close_normally(or_connection_t *orconn, int flush)
static void connection_or_state_publish(const or_connection_t *conn, uint8_t state)
void connection_or_write_var_cell_to_buf(const var_cell_t *cell, or_connection_t *conn)
#define TIME_BEFORE_OR_CONN_IS_TOO_OLD
Header file for connection_or.c.
void control_event_bootstrap_prob_or(const char *warn, int reason, or_connection_t *or_conn)
int control_event_or_conn_status(or_connection_t *conn, or_conn_status_event_t tp, int reason)
Header file for control_events.c.
#define HEX_DIGEST_LEN
Definition: crypto_digest.h:35
#define crypto_digest_free(d)
crypto_digest_t * crypto_digest256_new(digest_algorithm_t algorithm)
void crypto_digest_add_bytes(crypto_digest_t *digest, const char *data, size_t len)
int ed25519_public_key_is_zero(const ed25519_public_key_t *pubkey)
int ed25519_pubkey_eq(const ed25519_public_key_t *key1, const ed25519_public_key_t *key2)
void ed25519_public_to_base64(char *output, const ed25519_public_key_t *pkey)
const char * ed25519_fmt(const ed25519_public_key_t *pkey)
Header for crypto_format.c.
void memwipe(void *mem, uint8_t byte, size_t sz)
Definition: crypto_util.c:55
Common functions for cryptographic routines.
#define fast_memeq(a, b, c)
Definition: di_ops.h:35
#define tor_memneq(a, b, sz)
Definition: di_ops.h:21
#define DIGEST_LEN
Definition: digest_sizes.h:20
int router_digest_is_fallback_dir(const char *digest)
Definition: dirlist.c:205
Header file for dirlist.c.
void entry_guard_chan_failed(channel_t *chan)
Definition: entrynodes.c:2677
Header file for circuitbuild.c.
Header for ext_orport.c.
Header file for geoip.c.
HT_PROTOTYPE(hs_circuitmap_ht, circuit_t, hs_circuitmap_node, hs_circuit_hash_token, hs_circuits_have_same_token)
Header file containing service data for the HS subsystem.
typedef HT_HEAD(hs_service_ht, hs_service_t) hs_service_ht
uint16_t sa_family_t
Definition: inaddr_st.h:77
void tor_log(int severity, log_domain_mask_t domain, const char *format,...)
Definition: log.c:591
#define log_fn(severity, domain, args,...)
Definition: log.h:283
#define LD_PROTOCOL
Definition: log.h:72
#define LD_OR
Definition: log.h:92
#define LD_BUG
Definition: log.h:86
#define LD_HANDSHAKE
Definition: log.h:101
#define LD_NET
Definition: log.h:66
#define LD_GENERAL
Definition: log.h:62
#define LD_CIRC
Definition: log.h:82
#define LOG_WARN
Definition: log.h:53
#define LOG_INFO
Definition: log.h:45
#define bool_neq(a, b)
Definition: logic.h:18
#define bool_eq(a, b)
Definition: logic.h:16
void connection_watch_events(connection_t *conn, watchable_events_t events)
Definition: mainloop.c:485
void connection_start_reading(connection_t *conn)
Definition: mainloop.c:623
void connection_start_writing(connection_t *conn)
Definition: mainloop.c:696
smartlist_t * get_connection_array(void)
Definition: mainloop.c:443
void connection_stop_writing(connection_t *conn)
Definition: mainloop.c:673
Header file for mainloop.c.
@ WRITE_EVENT
Definition: mainloop.h:38
@ READ_EVENT
Definition: mainloop.h:37
void * tor_reallocarray_(void *ptr, size_t sz1, size_t sz2)
Definition: malloc.c:146
void tor_free_(void *mem)
Definition: malloc.c:227
#define tor_free(p)
Definition: malloc.h:56
int usable_consensus_flavor(void)
Definition: microdesc.c:1088
Header file for microdesc.c.
networkstatus_t * networkstatus_get_reasonably_live_consensus(time_t now, int flavor)
const routerstatus_t * router_get_consensus_status_by_id(const char *digest)
int32_t networkstatus_get_param(const networkstatus_t *ns, const char *param_name, int32_t default_val, int32_t min_val, int32_t max_val)
Header file for networkstatus.c.
void node_get_prim_orport(const node_t *node, tor_addr_port_t *ap_out)
Definition: nodelist.c:1864
const node_t * node_get_by_id(const char *identity_digest)
Definition: nodelist.c:226
const char * node_get_nickname(const node_t *node)
Definition: nodelist.c:1493
bool node_supports_ed25519_link_authentication(const node_t *node, bool compatible_with_us)
Definition: nodelist.c:1269
int node_ed25519_id_matches(const node_t *node, const ed25519_public_key_t *id)
Definition: nodelist.c:1229
void node_get_pref_ipv6_orport(const node_t *node, tor_addr_port_t *ap_out)
Definition: nodelist.c:1900
Header file for nodelist.c.
Master header file for Tor-specific functionality.
#define CELL_PAYLOAD_SIZE
Definition: or.h:520
#define VAR_CELL_MAX_HEADER_SIZE
Definition: or.h:526
#define CELL_MAX_NETWORK_SIZE
Definition: or.h:523
#define TO_CONN(c)
Definition: or.h:700
#define DOWNCAST(to, ptr)
Definition: or.h:109
OR connection structure.
OR handshake certs structure.
OR handshake state structure.
The or_state_t structure, which represents Tor's state file.
Header file for orconn_event.c.
#define OR_CONN_STATE_SERVER_VERSIONS_WAIT
Definition: orconn_event.h:39
or_conn_status_event_t
Definition: orconn_event.h:51
#define OR_CONN_STATE_CONNECTING
Definition: orconn_event.h:31
#define OR_CONN_STATE_PROXY_HANDSHAKING
Definition: orconn_event.h:33
#define OR_CONN_STATE_TLS_HANDSHAKING
Definition: orconn_event.h:36
#define OR_CONN_STATE_OR_HANDSHAKING_V3
Definition: orconn_event.h:43
#define OR_CONN_STATE_OPEN
Definition: orconn_event.h:45
int tor_snprintf(char *str, size_t size, const char *format,...)
Definition: printf.c:27
int fetch_var_cell_from_buf(buf_t *buf, var_cell_t **out, int linkproto)
Definition: proto_cell.c:57
Header for proto_cell.c.
void dirserv_orconn_tls_done(const tor_addr_t *addr, uint16_t or_port, const char *digest_rcvd, const ed25519_public_key_t *ed_id_rcvd)
Definition: reachability.c:40
Header file for reachability.c.
int tls_error_to_orconn_end_reason(int e)
Definition: reasons.c:263
int errno_to_orconn_end_reason(int e)
Definition: reasons.c:291
const char * orconn_end_reason_to_control_string(int r)
Definition: reasons.c:225
Header file for reasons.c.
Header file for relay.c.
Header for feature/relay/relay_handshake.c.
Header file for rendcommon.c.
void rep_hist_padding_count_write(padding_type_t type)
Definition: rephist.c:2816
Header file for rephist.c.
@ PADDING_TYPE_ENABLED_CELL
Definition: rephist.h:158
@ PADDING_TYPE_TOTAL
Definition: rephist.h:154
@ PADDING_TYPE_ENABLED_TOTAL
Definition: rephist.h:156
@ PADDING_TYPE_CELL
Definition: rephist.h:152
int router_digest_is_me(const char *digest)
Definition: router.c:1775
const routerinfo_t * router_get_my_routerinfo(void)
Definition: router.c:1837
Header file for router.c.
Router descriptor structure.
int router_ed25519_id_is_me(const ed25519_public_key_t *id)
Definition: routerkeys.c:639
Header for routerkeys.c.
const routerinfo_t * router_get_by_id_digest(const char *digest)
Definition: routerlist.c:778
Header file for routerlist.c.
int public_server_mode(const or_options_t *options)
Definition: routermode.c:43
int server_mode(const or_options_t *options)
Definition: routermode.c:34
Header file for routermode.c.
void scheduler_channel_wants_writes(channel_t *chan)
Definition: scheduler.c:673
Header file for scheduler*.c.
void smartlist_sort(smartlist_t *sl, int(*compare)(const void **a, const void **b))
Definition: smartlist.c:334
smartlist_t * smartlist_new(void)
void smartlist_add(smartlist_t *sl, void *element)
#define SMARTLIST_FOREACH_BEGIN(sl, type, var)
#define SMARTLIST_FOREACH(sl, type, var, cmd)
Definition: cell_st.h:17
uint8_t payload[CELL_PAYLOAD_SIZE]
Definition: cell_st.h:21
uint8_t command
Definition: cell_st.h:19
circid_t circ_id
Definition: cell_st.h:18
struct ed25519_public_key_t ed25519_identity
Definition: channel.h:388
unsigned int proxy_state
Definition: connection_st.h:96
uint8_t state
Definition: connection_st.h:49
struct buf_t * inbuf
unsigned int hold_open_until_flushed
Definition: connection_st.h:61
unsigned int type
Definition: connection_st.h:50
uint32_t magic
Definition: connection_st.h:46
uint64_t global_identifier
uint16_t marked_for_close
uint16_t port
tor_socket_t s
time_t timestamp_created
tor_addr_t addr
Definition: node_st.h:34
token_bucket_rw_t bucket
channel_tls_t * chan
unsigned int potentially_used_for_bootstrapping
char identity_digest[DIGEST_LEN]
unsigned int is_outgoing
or_handshake_state_t * handshake_state
unsigned int is_pt
tor_addr_port_t canonical_orport
struct tor_tls_t * tls
unsigned int is_canonical
unsigned int proxy_type
struct tor_cert_st * own_link_cert
crypto_digest_t * digest_sent
or_handshake_certs_t * certs
uint64_t BandwidthRate
uint64_t PerConnBWBurst
uint64_t PerConnBWRate
uint64_t BandwidthBurst
char body[CELL_MAX_NETWORK_SIZE]
Definition: cell_queue_st.h:21
tor_addr_t ipv6_addr
Definition: routerinfo_st.h:31
tor_addr_t ipv4_addr
Definition: routerinfo_st.h:26
uint8_t command
Definition: var_cell_st.h:18
uint16_t payload_len
Definition: var_cell_st.h:22
circid_t circ_id
Definition: var_cell_st.h:20
uint8_t payload[FLEXIBLE_ARRAY_MEMBER]
Definition: var_cell_st.h:24
#define STATIC
Definition: testsupport.h:32
#define MOCK_IMPL(rv, funcname, arglist)
Definition: testsupport.h:133
void token_bucket_rw_adjust(token_bucket_rw_t *bucket, uint32_t rate, uint32_t burst)
Definition: token_bucket.c:154
void token_bucket_rw_reset(token_bucket_rw_t *bucket, uint32_t now_ts_stamp)
Definition: token_bucket.c:169
tor_cert_t * tor_cert_dup(const tor_cert_t *cert)
Definition: torcert.c:294
or_handshake_certs_t * or_handshake_certs_new(void)
Definition: torcert.c:471
Header for torcert.c.
int tor_tls_is_server(tor_tls_t *tls)
Definition: tortls.c:365
void tor_tls_set_logged_address(tor_tls_t *tls, const char *address)
Definition: tortls.c:355
const char * tor_tls_err_to_string(int err)
Definition: tortls.c:142
Headers for tortls.c.
#define CASE_TOR_TLS_ERROR_ANY
Definition: tortls.h:62
int tor_tls_get_pending_bytes(tor_tls_t *tls)
Definition: tortls_nss.c:596
int tor_tls_handshake(tor_tls_t *tls)
Definition: tortls_nss.c:578
tor_tls_t * tor_tls_new(tor_socket_t sock, int is_server)
Definition: tortls_nss.c:386
const char * tor_tls_get_last_error_msg(const tor_tls_t *tls)
Definition: tortls_nss.c:374
void tor_tls_get_state_description(tor_tls_t *tls, char *buf, size_t sz)
Definition: tortls_nss.c:323
#define tor_assert_nonfatal_unreached()
Definition: util_bug.h:177
#define tor_assert(expr)
Definition: util_bug.h:103
#define tor_fragile_assert()
Definition: util_bug.h:278
#define IF_BUG_ONCE(cond)
Definition: util_bug.h:254
int tor_digest_is_zero(const char *digest)
Definition: util_string.c:98
Variable-length cell structure.
#define ED25519_BASE64_LEN
Definition: x25519_sizes.h:43