Tor  0.4.8.0-alpha-dev
or.h
Go to the documentation of this file.
1 /* Copyright (c) 2001 Matej Pfajfar.
2  * Copyright (c) 2001-2004, Roger Dingledine.
3  * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson.
4  * Copyright (c) 2007-2021, The Tor Project, Inc. */
5 /* See LICENSE for licensing information */
6 
7 /**
8  * \file or.h
9  * \brief Master header file for Tor-specific functionality.
10  **/
11 
12 #ifndef TOR_OR_H
13 #define TOR_OR_H
14 
15 #include "orconfig.h"
16 #include "lib/cc/torint.h"
17 
18 #ifdef HAVE_SIGNAL_H
19 #include <signal.h>
20 #endif
21 #ifdef HAVE_TIME_H
22 #include <time.h>
23 #endif
24 
25 #include "lib/arch/bytes.h"
26 #include "lib/cc/compat_compiler.h"
27 #include "lib/container/map.h"
28 #include "lib/buf/buffers.h"
32 #include "lib/ctime/di_ops.h"
33 #include "lib/defs/dh_sizes.h"
34 #include "lib/encoding/binascii.h"
35 #include "lib/encoding/cstring.h"
36 #include "lib/encoding/time_fmt.h"
37 #include "lib/err/torerr.h"
38 #include "lib/fs/dir.h"
39 #include "lib/fs/files.h"
40 #include "lib/fs/mmap.h"
41 #include "lib/fs/path.h"
42 #include "lib/fs/userdb.h"
43 #include "lib/geoip/country.h"
44 #include "lib/intmath/addsub.h"
45 #include "lib/intmath/bits.h"
46 #include "lib/intmath/cmp.h"
47 #include "lib/intmath/logic.h"
48 #include "lib/intmath/muldiv.h"
49 #include "lib/log/escape.h"
50 #include "lib/log/ratelim.h"
51 #include "lib/log/util_bug.h"
52 #include "lib/malloc/malloc.h"
53 #include "lib/net/address.h"
54 #include "lib/net/inaddr.h"
55 #include "lib/net/socket.h"
58 #include "lib/string/parse_int.h"
59 #include "lib/string/printf.h"
60 #include "lib/string/scanf.h"
61 #include "lib/string/util_string.h"
63 #include "lib/thread/threads.h"
64 #include "lib/time/compat_time.h"
66 #include "lib/wallclock/timeval.h"
67 
68 #include "ht.h"
69 
70 // These, more than other includes, are for keeping the other struct
71 // definitions working. We should remove them when we minimize our includes.
73 
76 
77 /* These signals are defined to help handle_control_signal work.
78  */
79 #ifndef SIGHUP
80 #define SIGHUP 1
81 #endif
82 #ifndef SIGINT
83 #define SIGINT 2
84 #endif
85 #ifndef SIGUSR1
86 #define SIGUSR1 10
87 #endif
88 #ifndef SIGUSR2
89 #define SIGUSR2 12
90 #endif
91 #ifndef SIGTERM
92 #define SIGTERM 15
93 #endif
94 /* Controller signals start at a high number so we don't
95  * conflict with system-defined signals. */
96 #define SIGNEWNYM 129
97 #define SIGCLEARDNSCACHE 130
98 #define SIGHEARTBEAT 131
99 #define SIGACTIVE 132
100 #define SIGDORMANT 133
101 
102 #if (SIZEOF_CELL_T != 0)
103 /* On Irix, stdlib.h defines a cell_t type, so we need to make sure
104  * that our stuff always calls cell_t something different. */
105 #define cell_t tor_cell_t
106 #endif
107 
108 /** Helper macro: Given a pointer to to.base_, of type from*, return &to. */
109 #define DOWNCAST(to, ptr) ((to*)SUBTYPE_P(ptr, to, base_))
110 
111 /** Length of longest allowable configured nickname. */
112 #define MAX_NICKNAME_LEN 19
113 /** Length of a router identity encoded as a hexadecimal digest, plus
114  * possible dollar sign. */
115 #define MAX_HEX_NICKNAME_LEN (HEX_DIGEST_LEN+1)
116 /** Maximum length of verbose router identifier: dollar sign, hex ID digest,
117  * equal sign or tilde, nickname. */
118 #define MAX_VERBOSE_NICKNAME_LEN (1+HEX_DIGEST_LEN+1+MAX_NICKNAME_LEN)
119 
120 /** For HTTP parsing: Maximum number of bytes we'll accept in the headers
121  * of an HTTP request or response. */
122 #define MAX_HEADERS_SIZE 50000
123 
124 /** Maximum size, in bytes, of a single router descriptor uploaded to us
125  * as a directory authority. Caches and clients fetch whatever descriptors
126  * the authorities tell them to fetch, and don't care about size. */
127 #define MAX_DESCRIPTOR_UPLOAD_SIZE 20000
128 
129 /** Maximum size of a single extrainfo document, as above. */
130 #define MAX_EXTRAINFO_UPLOAD_SIZE 50000
131 
132 /** Minimum lifetime for an onion key in days. */
133 #define MIN_ONION_KEY_LIFETIME_DAYS (1)
134 
135 /** Maximum lifetime for an onion key in days. */
136 #define MAX_ONION_KEY_LIFETIME_DAYS (90)
137 
138 /** Default lifetime for an onion key in days. */
139 #define DEFAULT_ONION_KEY_LIFETIME_DAYS (28)
140 
141 /** Minimum grace period for acceptance of an onion key in days.
142  * The maximum value is defined in proposal #274 as being the current network
143  * consensus parameter for "onion-key-rotation-days". */
144 #define MIN_ONION_KEY_GRACE_PERIOD_DAYS (1)
145 
146 /** Default grace period for acceptance of an onion key in days. */
147 #define DEFAULT_ONION_KEY_GRACE_PERIOD_DAYS (7)
148 
149 /** How often we should check the network consensus if it is time to rotate or
150  * expire onion keys. */
151 #define ONION_KEY_CONSENSUS_CHECK_INTERVAL (60*60)
152 
153 /** How often do we rotate TLS contexts? */
154 #define MAX_SSL_KEY_LIFETIME_INTERNAL (2*60*60)
155 
156 /** How old do we allow a router to get before removing it
157  * from the router list? In seconds. */
158 #define ROUTER_MAX_AGE (60*60*48)
159 /** How old can a router get before we (as a server) will no longer
160  * consider it live? In seconds. */
161 #define ROUTER_MAX_AGE_TO_PUBLISH (60*60*24)
162 /** How old do we let a saved descriptor get before force-removing it? */
163 #define OLD_ROUTER_DESC_MAX_AGE (60*60*24*5)
164 
165 /* Proxy client types */
166 #define PROXY_NONE 0
167 #define PROXY_CONNECT 1
168 #define PROXY_SOCKS4 2
169 #define PROXY_SOCKS5 3
170 #define PROXY_HAPROXY 4
171 /* !!!! If there is ever a PROXY_* type over 7, we must grow the proxy_type
172  * field in or_connection_t */
173 
174 /* Pluggable transport proxy type. Don't use this in or_connection_t,
175  * instead use the actual underlying proxy type (see above). */
176 #define PROXY_PLUGGABLE 5
177 
178 /** How many circuits do we want simultaneously in-progress to handle
179  * a given stream? */
180 #define MIN_CIRCUITS_HANDLING_STREAM 2
181 
182 /* These RELAY_COMMAND constants define values for relay cell commands, and
183 * must match those defined in tor-spec.txt. */
184 #define RELAY_COMMAND_BEGIN 1
185 #define RELAY_COMMAND_DATA 2
186 #define RELAY_COMMAND_END 3
187 #define RELAY_COMMAND_CONNECTED 4
188 #define RELAY_COMMAND_SENDME 5
189 #define RELAY_COMMAND_EXTEND 6
190 #define RELAY_COMMAND_EXTENDED 7
191 #define RELAY_COMMAND_TRUNCATE 8
192 #define RELAY_COMMAND_TRUNCATED 9
193 #define RELAY_COMMAND_DROP 10
194 #define RELAY_COMMAND_RESOLVE 11
195 #define RELAY_COMMAND_RESOLVED 12
196 #define RELAY_COMMAND_BEGIN_DIR 13
197 #define RELAY_COMMAND_EXTEND2 14
198 #define RELAY_COMMAND_EXTENDED2 15
199 
200 #define RELAY_COMMAND_ESTABLISH_INTRO 32
201 #define RELAY_COMMAND_ESTABLISH_RENDEZVOUS 33
202 #define RELAY_COMMAND_INTRODUCE1 34
203 #define RELAY_COMMAND_INTRODUCE2 35
204 #define RELAY_COMMAND_RENDEZVOUS1 36
205 #define RELAY_COMMAND_RENDEZVOUS2 37
206 #define RELAY_COMMAND_INTRO_ESTABLISHED 38
207 #define RELAY_COMMAND_RENDEZVOUS_ESTABLISHED 39
208 #define RELAY_COMMAND_INTRODUCE_ACK 40
209 
210 #define RELAY_COMMAND_PADDING_NEGOTIATE 41
211 #define RELAY_COMMAND_PADDING_NEGOTIATED 42
212 
213 #define RELAY_COMMAND_XOFF 43
214 #define RELAY_COMMAND_XON 44
215 
216 /* Reasons why an OR connection is closed. */
217 #define END_OR_CONN_REASON_DONE 1
218 #define END_OR_CONN_REASON_REFUSED 2 /* connection refused */
219 #define END_OR_CONN_REASON_OR_IDENTITY 3
220 #define END_OR_CONN_REASON_CONNRESET 4 /* connection reset by peer */
221 #define END_OR_CONN_REASON_TIMEOUT 5
222 #define END_OR_CONN_REASON_NO_ROUTE 6 /* no route to host/net */
223 #define END_OR_CONN_REASON_IO_ERROR 7 /* read/write error */
224 #define END_OR_CONN_REASON_RESOURCE_LIMIT 8 /* sockets, buffers, etc */
225 #define END_OR_CONN_REASON_PT_MISSING 9 /* PT failed or not available */
226 #define END_OR_CONN_REASON_TLS_ERROR 10 /* Problem in TLS protocol */
227 #define END_OR_CONN_REASON_MISC 11
228 
229 /* Reasons why we (or a remote OR) might close a stream. See tor-spec.txt for
230  * documentation of these. The values must match. */
231 #define END_STREAM_REASON_MISC 1
232 #define END_STREAM_REASON_RESOLVEFAILED 2
233 #define END_STREAM_REASON_CONNECTREFUSED 3
234 #define END_STREAM_REASON_EXITPOLICY 4
235 #define END_STREAM_REASON_DESTROY 5
236 #define END_STREAM_REASON_DONE 6
237 #define END_STREAM_REASON_TIMEOUT 7
238 #define END_STREAM_REASON_NOROUTE 8
239 #define END_STREAM_REASON_HIBERNATING 9
240 #define END_STREAM_REASON_INTERNAL 10
241 #define END_STREAM_REASON_RESOURCELIMIT 11
242 #define END_STREAM_REASON_CONNRESET 12
243 #define END_STREAM_REASON_TORPROTOCOL 13
244 #define END_STREAM_REASON_NOTDIRECTORY 14
245 #define END_STREAM_REASON_ENTRYPOLICY 15
246 
247 /* These high-numbered end reasons are not part of the official spec,
248  * and are not intended to be put in relay end cells. They are here
249  * to be more informative when sending back socks replies to the
250  * application. */
251 /* XXXX 256 is no longer used; feel free to reuse it. */
252 /** We were unable to attach the connection to any circuit at all. */
253 /* XXXX the ways we use this one don't make a lot of sense. */
254 #define END_STREAM_REASON_CANT_ATTACH 257
255 /** We can't connect to any directories at all, so we killed our streams
256  * before they can time out. */
257 #define END_STREAM_REASON_NET_UNREACHABLE 258
258 /** This is a SOCKS connection, and the client used (or misused) the SOCKS
259  * protocol in a way we couldn't handle. */
260 #define END_STREAM_REASON_SOCKSPROTOCOL 259
261 /** This is a transparent proxy connection, but we can't extract the original
262  * target address:port. */
263 #define END_STREAM_REASON_CANT_FETCH_ORIG_DEST 260
264 /** This is a connection on the NATD port, and the destination IP:Port was
265  * either ill-formed or out-of-range. */
266 #define END_STREAM_REASON_INVALID_NATD_DEST 261
267 /** The target address is in a private network (like 127.0.0.1 or 10.0.0.1);
268  * you don't want to do that over a randomly chosen exit */
269 #define END_STREAM_REASON_PRIVATE_ADDR 262
270 /** This is an HTTP tunnel connection and the client used or misused HTTP in a
271  * way we can't handle.
272  */
273 #define END_STREAM_REASON_HTTPPROTOCOL 263
274 
275 /** Bitwise-and this value with endreason to mask out all flags. */
276 #define END_STREAM_REASON_MASK 511
277 
278 /** Bitwise-or this with the argument to control_event_stream_status
279  * to indicate that the reason came from an END cell. */
280 #define END_STREAM_REASON_FLAG_REMOTE 512
281 /** Bitwise-or this with the argument to control_event_stream_status
282  * to indicate that we already sent a CLOSED stream event. */
283 #define END_STREAM_REASON_FLAG_ALREADY_SENT_CLOSED 1024
284 /** Bitwise-or this with endreason to indicate that we already sent
285  * a socks reply, and no further reply needs to be sent from
286  * connection_mark_unattached_ap(). */
287 #define END_STREAM_REASON_FLAG_ALREADY_SOCKS_REPLIED 2048
288 
289 /* 'type' values to use in RESOLVED cells. Specified in tor-spec.txt. */
290 #define RESOLVED_TYPE_HOSTNAME 0
291 #define RESOLVED_TYPE_IPV4 4
292 #define RESOLVED_TYPE_IPV6 6
293 #define RESOLVED_TYPE_ERROR_TRANSIENT 0xF0
294 #define RESOLVED_TYPE_ERROR 0xF1
295 
296 /* Negative reasons are internal: we never send them in a DESTROY or TRUNCATE
297  * call; they only go to the controller for tracking */
298 
299 /* Closing introduction point that were opened in parallel. */
300 #define END_CIRC_REASON_IP_NOW_REDUNDANT -4
301 
302 /** Our post-timeout circuit time measurement period expired.
303  * We must give up now */
304 #define END_CIRC_REASON_MEASUREMENT_EXPIRED -3
305 
306 /** We couldn't build a path for this circuit. */
307 #define END_CIRC_REASON_NOPATH -2
308 /** Catch-all "other" reason for closing origin circuits. */
309 #define END_CIRC_AT_ORIGIN -1
310 
311 /* Reasons why we (or a remote OR) might close a circuit. See tor-spec.txt
312  * section 5.4 for documentation of these. */
313 #define END_CIRC_REASON_MIN_ 0
314 #define END_CIRC_REASON_NONE 0
315 #define END_CIRC_REASON_TORPROTOCOL 1
316 #define END_CIRC_REASON_INTERNAL 2
317 #define END_CIRC_REASON_REQUESTED 3
318 #define END_CIRC_REASON_HIBERNATING 4
319 #define END_CIRC_REASON_RESOURCELIMIT 5
320 #define END_CIRC_REASON_CONNECTFAILED 6
321 #define END_CIRC_REASON_OR_IDENTITY 7
322 #define END_CIRC_REASON_CHANNEL_CLOSED 8
323 #define END_CIRC_REASON_FINISHED 9
324 #define END_CIRC_REASON_TIMEOUT 10
325 #define END_CIRC_REASON_DESTROYED 11
326 #define END_CIRC_REASON_NOSUCHSERVICE 12
327 #define END_CIRC_REASON_MAX_ 12
328 
329 /** Bitwise-OR this with the argument to circuit_mark_for_close() or
330  * control_event_circuit_status() to indicate that the reason was
331  * passed through from a destroy or truncate cell. */
332 #define END_CIRC_REASON_FLAG_REMOTE 512
333 
334 /** Length of v2 descriptor ID (32 base32 chars = 160 bits).
335  *
336  * XXX: It is still used by v3 code but should be renamed or maybe removed. */
337 #define REND_DESC_ID_V2_LEN_BASE32 BASE32_DIGEST_LEN
338 
339 /** Maximum length of authorized client names for a hidden service. */
340 #define REND_CLIENTNAME_MAX_LEN 16
341 
342 /** Length of the rendezvous cookie that is used to connect circuits at the
343  * rendezvous point. */
344 #define REND_COOKIE_LEN DIGEST_LEN
345 
346 /** Client authorization type that a hidden service performs. */
347 typedef enum rend_auth_type_t {
348  REND_NO_AUTH = 0,
349  REND_V3_AUTH = 1, /* Dummy flag to allow adding v3 services on the
350  * control port */
352 
353 /* Stub because we can't include hs_ident.h. */
354 struct hs_ident_edge_conn_t;
355 struct hs_ident_dir_conn_t;
356 struct hs_ident_circuit_t;
357 
358 typedef struct hsdir_index_t hsdir_index_t;
359 
360 /** Time interval for tracking replays of DH public keys received in
361  * INTRODUCE2 cells. Used only to avoid launching multiple
362  * simultaneous attempts to connect to the same rendezvous point. */
363 #define REND_REPLAY_TIME_INTERVAL (5 * 60)
364 
365 /** Used to indicate which way a cell is going on a circuit. */
366 typedef enum {
367  CELL_DIRECTION_IN=1, /**< The cell is moving towards the origin. */
368  CELL_DIRECTION_OUT=2, /**< The cell is moving away from the origin. */
370 
371 /**
372  * An enum to allow us to specify which channel in a circuit
373  * we're interested in.
374  *
375  * This is needed because our data structures and other fields
376  * for channel delivery are disassociated from the channel.
377  */
378 typedef enum {
379  CIRCUIT_N_CHAN = 0,
380  CIRCUIT_P_CHAN = 1
382 
383 /** Initial value for both sides of a circuit transmission window when the
384  * circuit is initialized. Measured in cells. */
385 #define CIRCWINDOW_START 1000
386 #define CIRCWINDOW_START_MIN 100
387 #define CIRCWINDOW_START_MAX 1000
388 /** Amount to increment a circuit window when we get a circuit SENDME. */
389 #define CIRCWINDOW_INCREMENT 100
390 /** Initial value on both sides of a stream transmission window when the
391  * stream is initialized. Measured in cells. */
392 #define STREAMWINDOW_START 500
393 #define STREAMWINDOW_START_MAX 500
394 /** Amount to increment a stream window when we get a stream SENDME. */
395 #define STREAMWINDOW_INCREMENT 50
396 
397 /** Maximum number of queued cells on a circuit for which we are the
398  * midpoint before we give up and kill it. This must be >= circwindow
399  * to avoid killing innocent circuits, and >= circwindow*2 to give
400  * leaky-pipe a chance of working someday. The ORCIRC_MAX_MIDDLE_KILL_THRESH
401  * ratio controls the margin of error between emitting a warning and
402  * killing the circuit.
403  */
404 #define ORCIRC_MAX_MIDDLE_CELLS (CIRCWINDOW_START_MAX*2)
405 /** Ratio of hard (circuit kill) to soft (warning) thresholds for the
406  * ORCIRC_MAX_MIDDLE_CELLS tests.
407  */
408 #define ORCIRC_MAX_MIDDLE_KILL_THRESH (1.1f)
409 
410 /* Cell commands. These values are defined in tor-spec.txt. */
411 #define CELL_PADDING 0
412 #define CELL_CREATE 1
413 #define CELL_CREATED 2
414 #define CELL_RELAY 3
415 #define CELL_DESTROY 4
416 #define CELL_CREATE_FAST 5
417 #define CELL_CREATED_FAST 6
418 #define CELL_VERSIONS 7
419 #define CELL_NETINFO 8
420 #define CELL_RELAY_EARLY 9
421 #define CELL_CREATE2 10
422 #define CELL_CREATED2 11
423 #define CELL_PADDING_NEGOTIATE 12
424 
425 #define CELL_VPADDING 128
426 #define CELL_CERTS 129
427 #define CELL_AUTH_CHALLENGE 130
428 #define CELL_AUTHENTICATE 131
429 #define CELL_AUTHORIZE 132
430 #define CELL_COMMAND_MAX_ 132
431 
432 /** How long to test reachability before complaining to the user. */
433 #define TIMEOUT_UNTIL_UNREACHABILITY_COMPLAINT (20*60)
434 
435 /** Legal characters in a nickname. */
436 #define LEGAL_NICKNAME_CHARACTERS \
437  "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789"
438 
439 /** Name chosen by routers that don't configure nicknames */
440 #define UNNAMED_ROUTER_NICKNAME "Unnamed"
441 
442 /** Number of bytes in a SOCKS4 header. */
443 #define SOCKS4_NETWORK_LEN 8
444 
445 /*
446  * Relay payload:
447  * Relay command [1 byte]
448  * Recognized [2 bytes]
449  * Stream ID [2 bytes]
450  * Partial SHA-1 [4 bytes]
451  * Length [2 bytes]
452  * Relay payload [498 bytes]
453  */
454 
455 /** Number of bytes in a cell, minus cell header. */
456 #define CELL_PAYLOAD_SIZE 509
457 /** Number of bytes in a cell transmitted over the network, in the longest
458  * form */
459 #define CELL_MAX_NETWORK_SIZE 514
460 
461 /** Maximum length of a header on a variable-length cell. */
462 #define VAR_CELL_MAX_HEADER_SIZE 7
463 
464 static int get_cell_network_size(int wide_circ_ids);
465 static inline int get_cell_network_size(int wide_circ_ids)
466 {
467  return wide_circ_ids ? CELL_MAX_NETWORK_SIZE : CELL_MAX_NETWORK_SIZE - 2;
468 }
469 static int get_var_cell_header_size(int wide_circ_ids);
470 static inline int get_var_cell_header_size(int wide_circ_ids)
471 {
472  return wide_circ_ids ? VAR_CELL_MAX_HEADER_SIZE :
474 }
475 static int get_circ_id_size(int wide_circ_ids);
476 static inline int get_circ_id_size(int wide_circ_ids)
477 {
478  return wide_circ_ids ? 4 : 2;
479 }
480 
481 /** Number of bytes in a relay cell's header (not including general cell
482  * header). */
483 #define RELAY_HEADER_SIZE (1+2+2+4+2)
484 /** Largest number of bytes that can fit in a relay cell payload. */
485 #define RELAY_PAYLOAD_SIZE (CELL_PAYLOAD_SIZE-RELAY_HEADER_SIZE)
486 
487 /** Identifies a circuit on an or_connection */
488 typedef uint32_t circid_t;
489 /** Identifies a stream on a circuit */
490 typedef uint16_t streamid_t;
491 
492 /* channel_t typedef; struct channel_t is in channel.h */
493 
494 typedef struct channel_t channel_t;
495 
496 /* channel_listener_t typedef; struct channel_listener_t is in channel.h */
497 
499 
500 /* TLS channel stuff */
501 
502 typedef struct channel_tls_t channel_tls_t;
503 
504 /* circuitmux_t typedef; struct circuitmux_t is in circuitmux.h */
505 
506 typedef struct circuitmux_t circuitmux_t;
507 
508 typedef struct cell_t cell_t;
509 typedef struct var_cell_t var_cell_t;
510 typedef struct packed_cell_t packed_cell_t;
511 typedef struct cell_queue_t cell_queue_t;
512 typedef struct destroy_cell_t destroy_cell_t;
514 typedef struct ext_or_cmd_t ext_or_cmd_t;
515 
516 /** Beginning of a RELAY cell payload. */
517 typedef struct {
518  uint8_t command; /**< The end-to-end relay command. */
519  uint16_t recognized; /**< Used to tell whether cell is for us. */
520  streamid_t stream_id; /**< Which stream is this cell associated with? */
521  char integrity[4]; /**< Used to tell whether cell is corrupted. */
522  uint16_t length; /**< How long is the payload body? */
524 
525 typedef struct socks_request_t socks_request_t;
526 typedef struct entry_port_cfg_t entry_port_cfg_t;
527 typedef struct server_port_cfg_t server_port_cfg_t;
528 
529 /** Minimum length of the random part of an AUTH_CHALLENGE cell. */
530 #define OR_AUTH_CHALLENGE_LEN 32
531 
532 /**
533  * @name Certificate types for CERTS cells.
534  *
535  * These values are defined by the protocol, and affect how an X509
536  * certificate in a CERTS cell is interpreted and used.
537  *
538  * @{ */
539 /** A certificate that authenticates a TLS link key. The subject key
540  * must match the key used in the TLS handshake; it must be signed by
541  * the identity key. */
542 #define OR_CERT_TYPE_TLS_LINK 1
543 /** A self-signed identity certificate. The subject key must be a
544  * 1024-bit RSA key. */
545 #define OR_CERT_TYPE_ID_1024 2
546 /** A certificate that authenticates a key used in an AUTHENTICATE cell
547  * in the v3 handshake. The subject key must be a 1024-bit RSA key; it
548  * must be signed by the identity key */
549 #define OR_CERT_TYPE_AUTH_1024 3
550 /* DOCDOC */
551 #define OR_CERT_TYPE_RSA_ED_CROSSCERT 7
552 /**@}*/
553 
554 /** The first supported type of AUTHENTICATE cell. It contains
555  * a bunch of structures signed with an RSA1024 key. The signed
556  * structures include a HMAC using negotiated TLS secrets, and a digest
557  * of all cells sent or received before the AUTHENTICATE cell (including
558  * the random server-generated AUTH_CHALLENGE cell).
559  */
560 #define AUTHTYPE_RSA_SHA256_TLSSECRET 1
561 /** As AUTHTYPE_RSA_SHA256_TLSSECRET, but instead of using the
562  * negotiated TLS secrets, uses exported keying material from the TLS
563  * session as described in RFC 5705.
564  *
565  * Not used by today's tors, since everything that supports this
566  * also supports ED25519_SHA256_5705, which is better.
567  **/
568 #define AUTHTYPE_RSA_SHA256_RFC5705 2
569 /** As AUTHTYPE_RSA_SHA256_RFC5705, but uses an Ed25519 identity key to
570  * authenticate. */
571 #define AUTHTYPE_ED25519_SHA256_RFC5705 3
572 /*
573  * NOTE: authchallenge_type_is_better() relies on these AUTHTYPE codes
574  * being sorted in order of preference. If we someday add one with
575  * a higher numerical value that we don't like as much, we should revise
576  * authchallenge_type_is_better().
577  */
578 
579 /** The length of the part of the AUTHENTICATE cell body that the client and
580  * server can generate independently (when using RSA_SHA256_TLSSECRET). It
581  * contains everything except the client's timestamp, the client's randomly
582  * generated nonce, and the signature. */
583 #define V3_AUTH_FIXED_PART_LEN (8+(32*6))
584 /** The length of the part of the AUTHENTICATE cell body that the client
585  * signs. */
586 #define V3_AUTH_BODY_LEN (V3_AUTH_FIXED_PART_LEN + 8 + 16)
587 
590 
591 /** Length of Extended ORPort connection identifier. */
592 #define EXT_OR_CONN_ID_LEN DIGEST_LEN /* 20 */
593 
594 typedef struct connection_t connection_t;
596 typedef struct dir_connection_t dir_connection_t;
597 typedef struct edge_connection_t edge_connection_t;
600 typedef struct or_connection_t or_connection_t;
601 
602 /** Cast a connection_t subtype pointer to a connection_t **/
603 #define TO_CONN(c) (&(((c)->base_)))
604 
605 /** Cast a entry_connection_t subtype pointer to a connection_t **/
606 #define ENTRY_TO_CONN(c) (TO_CONN(ENTRY_TO_EDGE_CONN(c)))
607 
608 typedef struct addr_policy_t addr_policy_t;
609 
610 typedef struct cached_dir_t cached_dir_t;
611 
612 /** Enum used to remember where a signed_descriptor_t is stored and how to
613  * manage the memory for signed_descriptor_body. */
614 typedef enum {
615  /** The descriptor isn't stored on disk at all: the copy in memory is
616  * canonical; the saved_offset field is meaningless. */
618  /** The descriptor is stored in the cached_routers file: the
619  * signed_descriptor_body is meaningless; the signed_descriptor_len and
620  * saved_offset are used to index into the mmaped cache file. */
622  /** The descriptor is stored in the cached_routers.new file: the
623  * signed_descriptor_body and saved_offset fields are both set. */
624  /* FFFF (We could also mmap the file and grow the mmap as needed, or
625  * lazy-load the descriptor text by using seek and read. We don't, for
626  * now.)
627  */
630 #define saved_location_bitfield_t ENUM_BF(saved_location_t)
631 
632 /** Enumeration: what directory object is being downloaded?
633  * This determines which schedule is selected to perform the download. */
634 typedef enum {
635  DL_SCHED_GENERIC = 0,
636  DL_SCHED_CONSENSUS = 1,
637  DL_SCHED_BRIDGE = 2,
639 #define download_schedule_bitfield_t ENUM_BF(download_schedule_t)
640 
641 /** Enumeration: is the download schedule for downloading from an authority,
642  * or from any available directory mirror?
643  * During bootstrap, "any" means a fallback (or an authority, if there
644  * are no fallbacks).
645  * When we have a valid consensus, "any" means any directory server. */
646 typedef enum {
647  DL_WANT_ANY_DIRSERVER = 0,
648  DL_WANT_AUTHORITY = 1,
650 #define download_want_authority_bitfield_t \
651  ENUM_BF(download_want_authority_t)
652 
653 /** Enumeration: do we want to increment the schedule position each time a
654  * connection is attempted (these attempts can be concurrent), or do we want
655  * to increment the schedule position after a connection fails? */
656 typedef enum {
657  DL_SCHED_INCREMENT_FAILURE = 0,
658  DL_SCHED_INCREMENT_ATTEMPT = 1,
660 #define download_schedule_increment_bitfield_t \
661  ENUM_BF(download_schedule_increment_t)
662 
663 typedef struct download_status_t download_status_t;
664 
665 /** If n_download_failures is this high, the download can never happen. */
666 #define IMPOSSIBLE_TO_DOWNLOAD 255
667 
668 /** The max size we expect router descriptor annotations we create to
669  * be. We'll accept larger ones if we see them on disk, but we won't
670  * create any that are larger than this. */
671 #define ROUTER_ANNOTATION_BUF_LEN 256
672 
674 
675 /** Flags used to summarize the declared protocol versions of a relay,
676  * so we don't need to parse them again and again. */
677 typedef struct protover_summary_flags_t {
678  /** True iff we have a proto line for this router, or a versions line
679  * from which we could infer the protocols. */
680  unsigned int protocols_known:1;
681 
682  /** True iff this router has a version or protocol list that allows it to
683  * accept EXTEND2 cells. This requires Relay=2. */
684  unsigned int supports_extend2_cells:1;
685 
686  /** True iff this router has a version or protocol list that allows it to
687  * accept IPv6 connections. This requires Relay=2 or Relay=3. */
689 
690  /** True iff this router has a version or protocol list that allows it to
691  * initiate IPv6 connections. This requires Relay=3. */
693 
694  /** True iff this router has a version or protocol list that allows it to
695  * consider IPv6 connections canonical. This requires Relay=3. */
697 
698  /** True iff this router has a protocol list that allows it to negotiate
699  * ed25519 identity keys on a link handshake with us. This
700  * requires LinkAuth=3. */
702 
703  /** True iff this router has a protocol list that allows it to negotiate
704  * ed25519 identity keys on a link handshake, at all. This requires some
705  * LinkAuth=X for X >= 3. */
707 
708  /** True iff this router has a protocol list that allows it to be an
709  * introduction point supporting ed25519 authentication key which is part of
710  * the v3 protocol detailed in proposal 224. This requires HSIntro=4. */
711  unsigned int supports_ed25519_hs_intro : 1;
712 
713  /** True iff this router has a protocol list that allows it to support the
714  * ESTABLISH_INTRO DoS cell extension. Requires HSIntro=5. */
716 
717  /** True iff this router has a protocol list that allows it to be an hidden
718  * service directory supporting version 3 as seen in proposal 224. This
719  * requires HSDir=2. */
720  unsigned int supports_v3_hsdir : 1;
721 
722  /** True iff this router has a protocol list that allows it to be an hidden
723  * service rendezvous point supporting version 3 as seen in proposal 224.
724  * This requires HSRend=2. */
726 
727  /** True iff this router has a protocol list that allows clients to
728  * negotiate hs circuit setup padding. Requires Padding=2. */
729  unsigned int supports_hs_setup_padding : 1;
730 
731  /** True iff this router supports congestion control.
732  * Requires both FlowCtrl=2 *and* Relay=4 */
733  unsigned int supports_congestion_control : 1;
735 
736 typedef struct routerinfo_t routerinfo_t;
737 typedef struct extrainfo_t extrainfo_t;
738 typedef struct routerstatus_t routerstatus_t;
739 
740 typedef struct microdesc_t microdesc_t;
741 typedef struct node_t node_t;
747 
748 /** Enumerates recognized flavors of a consensus networkstatus document. All
749  * flavors of a consensus are generated from the same set of votes, but they
750  * present different types information to different versions of Tor. */
751 typedef enum {
752  FLAV_NS = 0,
753  FLAV_MICRODESC = 1,
755 
756 /** How many different consensus flavors are there? */
757 #define N_CONSENSUS_FLAVORS ((int)(FLAV_MICRODESC)+1)
758 
759 typedef struct networkstatus_t networkstatus_t;
761 typedef struct desc_store_t desc_store_t;
762 typedef struct routerlist_t routerlist_t;
763 typedef struct extend_info_t extend_info_t;
764 typedef struct authority_cert_t authority_cert_t;
765 
766 /** Bitfield enum type listing types of information that directory authorities
767  * can be authoritative about, and that directory caches may or may not cache.
768  *
769  * Note that the granularity here is based on authority granularity and on
770  * cache capabilities. Thus, one particular bit may correspond in practice to
771  * a few types of directory info, so long as every authority that pronounces
772  * officially about one of the types prounounces officially about all of them,
773  * and so long as every cache that caches one of them caches all of them.
774  */
775 typedef enum {
776  NO_DIRINFO = 0,
777  /** Serves/signs v3 directory information: votes, consensuses, certs */
778  V3_DIRINFO = 1 << 2,
779  /** Serves bridge descriptors. */
780  BRIDGE_DIRINFO = 1 << 4,
781  /** Serves extrainfo documents. */
783  /** Serves microdescriptors. */
786 
787 #define ALL_DIRINFO ((dirinfo_type_t)((1<<7)-1))
788 
789 #define ONION_HANDSHAKE_TYPE_TAP 0x0000
790 #define ONION_HANDSHAKE_TYPE_FAST 0x0001
791 #define ONION_HANDSHAKE_TYPE_NTOR 0x0002
792 #define ONION_HANDSHAKE_TYPE_NTOR_V3 0x0003
793 #define MAX_ONION_HANDSHAKE_TYPE 0x0003
794 
796 typedef struct relay_crypto_t relay_crypto_t;
797 typedef struct crypt_path_t crypt_path_t;
799 
800 #define CPATH_KEY_MATERIAL_LEN (20*2+16*2)
801 
803 
804 struct create_cell_t;
805 
806 /** Entry in the cell stats list of a circuit; used only if CELL_STATS
807  * events are enabled. */
809  uint8_t command; /**< cell command number. */
810  /** Waiting time in centiseconds if this event is for a removed cell,
811  * or 0 if this event is for adding a cell to the queue. 22 bits can
812  * store more than 11 hours, enough to assume that a circuit with this
813  * delay would long have been closed. */
814  unsigned int waiting_time:22;
815  unsigned int removed:1; /**< 0 for added to, 1 for removed from queue. */
816  unsigned int exitward:1; /**< 0 for app-ward, 1 for exit-ward. */
818 
819 typedef struct circuit_t circuit_t;
820 typedef struct origin_circuit_t origin_circuit_t;
821 typedef struct or_circuit_t or_circuit_t;
822 
823 /** Largest number of relay_early cells that we can send on a given
824  * circuit. */
825 #define MAX_RELAY_EARLY_CELLS_PER_CIRCUIT 8
826 
827 typedef enum path_state_t path_state_t;
828 #define path_state_bitfield_t ENUM_BF(path_state_t)
829 
830 #if REND_COOKIE_LEN != DIGEST_LEN
831 #error "The REND_TOKEN_LEN macro assumes REND_COOKIE_LEN == DIGEST_LEN"
832 #endif
833 #define REND_TOKEN_LEN DIGEST_LEN
834 
835 /** Convert a circuit subtype to a circuit_t. */
836 #define TO_CIRCUIT(x) (&((x)->base_))
837 
838 /** @name Isolation flags
839 
840  Ways to isolate client streams
841 
842  @{
843 */
844 /** Isolate based on destination port */
845 #define ISO_DESTPORT (1u<<0)
846 /** Isolate based on destination address */
847 #define ISO_DESTADDR (1u<<1)
848 /** Isolate based on SOCKS authentication */
849 #define ISO_SOCKSAUTH (1u<<2)
850 /** Isolate based on client protocol choice */
851 #define ISO_CLIENTPROTO (1u<<3)
852 /** Isolate based on client address */
853 #define ISO_CLIENTADDR (1u<<4)
854 /** Isolate based on session group (always on). */
855 #define ISO_SESSIONGRP (1u<<5)
856 /** Isolate based on newnym epoch (always on). */
857 #define ISO_NYM_EPOCH (1u<<6)
858 /** Isolate all streams (Internal only). */
859 #define ISO_STREAM (1u<<7)
860 /**@}*/
861 
862 /** Default isolation level for ports. */
863 #define ISO_DEFAULT (ISO_CLIENTADDR|ISO_SOCKSAUTH|ISO_SESSIONGRP|ISO_NYM_EPOCH)
864 
865 /** Indicates that we haven't yet set a session group on a port_cfg_t. */
866 #define SESSION_GROUP_UNSET -1
867 /** Session group reserved for directory connections */
868 #define SESSION_GROUP_DIRCONN -2
869 /** Session group reserved for resolve requests launched by a controller */
870 #define SESSION_GROUP_CONTROL_RESOLVE -3
871 /** First automatically allocated session group number */
872 #define SESSION_GROUP_FIRST_AUTO -4
873 
874 typedef struct port_cfg_t port_cfg_t;
875 typedef struct routerset_t routerset_t;
876 
877 /** A magic value for the (Socks|OR|...)Port options below, telling Tor
878  * to pick its own port. */
879 #define CFG_AUTO_PORT 0xc4005e
880 
881 typedef struct or_options_t or_options_t;
882 
883 typedef struct or_state_t or_state_t;
884 
885 #define MAX_SOCKS_ADDR_LEN 256
886 
887 /********************************* circuitbuild.c **********************/
888 
889 /** How many hops does a general-purpose circuit have by default? */
890 #define DEFAULT_ROUTE_LEN 3
891 
892 /* Circuit Build Timeout "public" structures. */
893 
894 /** Precision multiplier for the Bw weights */
895 #define BW_WEIGHT_SCALE 10000
896 #define BW_MIN_WEIGHT_SCALE 1
897 #define BW_MAX_WEIGHT_SCALE INT32_MAX
898 
900 
901 /********************************* config.c ***************************/
902 
903 /********************************* connection_edge.c *************************/
904 
905 /** Enumerates possible origins of a client-side address mapping. */
906 typedef enum {
907  /** We're remapping this address because the controller told us to. */
909  /** We're remapping this address because of an AutomapHostsOnResolve
910  * configuration. */
912  /** We're remapping this address because our configuration (via torrc, the
913  * command line, or a SETCONF command) told us to. */
915  /** We're remapping this address because we have TrackHostExit configured,
916  * and we want to remember to use the same exit next time. */
918  /** We're remapping this address because we got a DNS resolution from a
919  * Tor server that told us what its value was. */
921 
922  /** No remapping has occurred. This isn't a possible value for an
923  * addrmap_entry_t; it's used as a null value when we need to answer "Why
924  * did this remapping happen." */
927 #define addressmap_entry_source_bitfield_t ENUM_BF(addressmap_entry_source_t)
928 
929 #define WRITE_STATS_INTERVAL (24*60*60)
930 
931 /********************************* dirvote.c ************************/
932 
933 typedef struct vote_timing_t vote_timing_t;
934 
935 /********************************* microdesc.c *************************/
936 
937 typedef struct microdesc_cache_t microdesc_cache_t;
938 
939 /** The maximum number of non-circuit-build-timeout failures a hidden
940  * service client will tolerate while trying to build a circuit to an
941  * introduction point. */
942 #define MAX_INTRO_POINT_REACHABILITY_FAILURES 5
943 
944 /** The minimum and maximum number of distinct INTRODUCE2 cells which a
945  * hidden service's introduction point will receive before it begins to
946  * expire. */
947 #define INTRO_POINT_MIN_LIFETIME_INTRODUCTIONS 16384
948 /* Double the minimum value so the interval is [min, min * 2]. */
949 #define INTRO_POINT_MAX_LIFETIME_INTRODUCTIONS \
950  (INTRO_POINT_MIN_LIFETIME_INTRODUCTIONS * 2)
951 
952 /** The minimum number of seconds that an introduction point will last
953  * before expiring due to old age. (If it receives
954  * INTRO_POINT_LIFETIME_INTRODUCTIONS INTRODUCE2 cells, it may expire
955  * sooner.)
956  *
957  * XXX Should this be configurable? */
958 #define INTRO_POINT_LIFETIME_MIN_SECONDS (18*60*60)
959 /** The maximum number of seconds that an introduction point will last
960  * before expiring due to old age.
961  *
962  * XXX Should this be configurable? */
963 #define INTRO_POINT_LIFETIME_MAX_SECONDS (24*60*60)
964 
965 /** The maximum number of circuit creation retry we do to an intro point
966  * before giving up. We try to reuse intro point that fails during their
967  * lifetime so this is a hard limit on the amount of time we do that. */
968 #define MAX_INTRO_POINT_CIRCUIT_RETRIES 3
969 
970 /********************************* routerlist.c ***************************/
971 
972 typedef struct dir_server_t dir_server_t;
973 
974 #define RELAY_REQUIRED_MIN_BANDWIDTH (75*1024)
975 #define BRIDGE_REQUIRED_MIN_BANDWIDTH (50*1024)
976 
977 #define ROUTER_MAX_DECLARED_BANDWIDTH INT32_MAX
978 
979 typedef struct tor_version_t tor_version_t;
980 
981 #endif /* !defined(TOR_OR_H) */
Headers for address.h.
Header for addsub.c.
Header for approx_time.c.
Header for binascii.c.
Header for bits.c.
Header file for buffers.c.
Inline functions for reading and writing multibyte values from the middle of strings,...
Macro definitions for MIN, MAX, and CLAMP.
Utility macros to handle different features and behavior in different compilers.
Locale-independent character-type inspection (header)
Header for compat_string.c.
Functions and types for monotonic times.
Country type for geoip.
Headers for crypto_cipher.c.
Headers for crypto_rsa.c.
Header for cstring.c.
Definitions for sizes of Diffie-Hellman groups elements in Z_p.
Headers for di_ops.c.
Header for dir.c.
Configuration structure for client ports.
Header for escape.c.
Wrappers for reading and writing data to files on disk.
Header for inaddr.c.
Macros for comparing the boolean value of integers.
Headers for util_malloc.c.
Headers for map.c.
Header for mmap.c.
Header for muldiv.c.
saved_location_t
Definition: or.h:614
@ SAVED_IN_JOURNAL
Definition: or.h:628
@ SAVED_NOWHERE
Definition: or.h:617
@ SAVED_IN_CACHE
Definition: or.h:621
#define VAR_CELL_MAX_HEADER_SIZE
Definition: or.h:462
addressmap_entry_source_t
Definition: or.h:906
@ ADDRMAPSRC_TRACKEXIT
Definition: or.h:917
@ ADDRMAPSRC_AUTOMAP
Definition: or.h:911
@ ADDRMAPSRC_NONE
Definition: or.h:925
@ ADDRMAPSRC_CONTROLLER
Definition: or.h:908
@ ADDRMAPSRC_DNS
Definition: or.h:920
@ ADDRMAPSRC_TORRC
Definition: or.h:914
#define CELL_MAX_NETWORK_SIZE
Definition: or.h:459
uint32_t circid_t
Definition: or.h:488
uint16_t streamid_t
Definition: or.h:490
download_want_authority_t
Definition: or.h:646
rend_auth_type_t
Definition: or.h:347
download_schedule_t
Definition: or.h:634
cell_direction_t
Definition: or.h:366
@ CELL_DIRECTION_OUT
Definition: or.h:368
@ CELL_DIRECTION_IN
Definition: or.h:367
consensus_flavor_t
Definition: or.h:751
dirinfo_type_t
Definition: or.h:775
@ V3_DIRINFO
Definition: or.h:778
@ BRIDGE_DIRINFO
Definition: or.h:780
@ EXTRAINFO_DIRINFO
Definition: or.h:782
@ MICRODESC_DIRINFO
Definition: or.h:784
download_schedule_increment_t
Definition: or.h:656
circuit_channel_direction_t
Definition: or.h:378
path_state_t
Header for parse_int.c.
Header for path.c.
Header for printf.c.
Summarize similar messages that would otherwise flood the logs.
Header for scanf.c.
Header for smartlist.c.
Header for socket.c.
Definition: cell_st.h:17
Definition: node_st.h:34
unsigned int supports_extend2_cells
Definition: or.h:684
unsigned int supports_ed25519_link_handshake_compat
Definition: or.h:701
unsigned int supports_v3_rendezvous_point
Definition: or.h:725
unsigned int supports_hs_setup_padding
Definition: or.h:729
unsigned int supports_initiating_ipv6_extends
Definition: or.h:692
unsigned int supports_v3_hsdir
Definition: or.h:720
unsigned int supports_ed25519_link_handshake_any
Definition: or.h:706
unsigned int supports_congestion_control
Definition: or.h:733
unsigned int supports_canonical_ipv6_conns
Definition: or.h:696
unsigned int protocols_known
Definition: or.h:680
unsigned int supports_accepting_ipv6_extends
Definition: or.h:688
unsigned int supports_ed25519_hs_intro
Definition: or.h:711
unsigned int supports_establish_intro_dos_extension
Definition: or.h:715
uint16_t length
Definition: or.h:522
uint8_t command
Definition: or.h:518
streamid_t stream_id
Definition: or.h:520
uint16_t recognized
Definition: or.h:519
Definition: or.h:808
uint8_t command
Definition: or.h:809
unsigned int waiting_time
Definition: or.h:814
unsigned int exitward
Definition: or.h:816
unsigned int removed
Definition: or.h:815
Macros to implement mocking and selective exposure for the test code.
Header for threads.c.
Definitions for timing-related constants.
Header for time_fmt.c.
Declarations for timeval-related macros that some platforms are missing.
Headers for torerr.c.
Integer definitions used throughout Tor.
Header for userdb.c.
Macros to manage assertions, fatal and non-fatal.
Header for util_string.c.