Tor  0.4.8.0-alpha-dev
relay.c
Go to the documentation of this file.
1 /* Copyright (c) 2001 Matej Pfajfar.
2  * Copyright (c) 2001-2004, Roger Dingledine.
3  * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson.
4  * Copyright (c) 2007-2021, The Tor Project, Inc. */
5 /* See LICENSE for licensing information */
6 
7 /**
8  * \file relay.c
9  * \brief Handle relay cell encryption/decryption, plus packaging and
10  * receiving from circuits, plus queuing on circuits.
11  *
12  * This is a core modules that makes Tor work. It's responsible for
13  * dealing with RELAY cells (the ones that travel more than one hop along a
14  * circuit), by:
15  * <ul>
16  * <li>constructing relays cells,
17  * <li>encrypting relay cells,
18  * <li>decrypting relay cells,
19  * <li>demultiplexing relay cells as they arrive on a connection,
20  * <li>queueing relay cells for retransmission,
21  * <li>or handling relay cells that are for us to receive (as an exit or a
22  * client).
23  * </ul>
24  *
25  * RELAY cells are generated throughout the code at the client or relay side,
26  * using relay_send_command_from_edge() or one of the functions like
27  * connection_edge_send_command() that calls it. Of particular interest is
28  * connection_edge_package_raw_inbuf(), which takes information that has
29  * arrived on an edge connection socket, and packages it as a RELAY_DATA cell
30  * -- this is how information is actually sent across the Tor network. The
31  * cryptography for these functions is handled deep in
32  * circuit_package_relay_cell(), which either adds a single layer of
33  * encryption (if we're an exit), or multiple layers (if we're the origin of
34  * the circuit). After construction and encryption, the RELAY cells are
35  * passed to append_cell_to_circuit_queue(), which queues them for
36  * transmission and tells the circuitmux (see circuitmux.c) that the circuit
37  * is waiting to send something.
38  *
39  * Incoming RELAY cells arrive at circuit_receive_relay_cell(), called from
40  * command.c. There they are decrypted and, if they are for us, are passed to
41  * connection_edge_process_relay_cell(). If they're not for us, they're
42  * re-queued for retransmission again with append_cell_to_circuit_queue().
43  *
44  * The connection_edge_process_relay_cell() function handles all the different
45  * types of relay cells, launching requests or transmitting data as needed.
46  **/
47 
48 #define RELAY_PRIVATE
49 #include "core/or/or.h"
51 #include "lib/err/backtrace.h"
52 #include "lib/buf/buffers.h"
53 #include "core/or/channel.h"
54 #include "feature/client/circpathbias.h"
55 #include "core/or/circuitbuild.h"
56 #include "core/or/circuitlist.h"
57 #include "core/or/circuituse.h"
58 #include "core/or/circuitpadding.h"
59 #include "core/or/extendinfo.h"
60 #include "lib/compress/compress.h"
61 #include "app/config/config.h"
64 #include "core/or/connection_or.h"
69 #include "feature/relay/dns.h"
72 #include "feature/hs/hs_cache.h"
73 #include "core/mainloop/mainloop.h"
76 #include "core/or/onion.h"
77 #include "core/or/policies.h"
78 #include "core/or/reasons.h"
79 #include "core/or/relay.h"
84 #include "core/or/scheduler.h"
85 #include "feature/hs/hs_metrics.h"
86 #include "feature/stats/rephist.h"
87 
88 #include "core/or/cell_st.h"
89 #include "core/or/cell_queue_st.h"
94 #include "core/or/extend_info_st.h"
95 #include "core/or/or_circuit_st.h"
99 #include "core/or/sendme.h"
102 
104  cell_direction_t cell_direction,
105  crypt_path_t *layer_hint);
106 
107 static void circuit_resume_edge_reading(circuit_t *circ,
108  crypt_path_t *layer_hint);
110  circuit_t *circ,
111  crypt_path_t *layer_hint);
113  crypt_path_t *layer_hint);
116  entry_connection_t *conn,
117  node_t *node,
118  const tor_addr_t *addr);
119 
120 /** Stats: how many relay cells have originated at this hop, or have
121  * been relayed onward (not recognized at this hop)?
122  */
124 /** Stats: how many relay cells have been delivered to streams at this
125  * hop?
126  */
128 /** Stats: how many circuits have we closed due to the cell queue limit being
129  * reached (see append_cell_to_circuit_queue()) */
131 uint64_t stats_n_circ_max_cell_outq_reached = 0;
132 
133 /**
134  * Update channel usage state based on the type of relay cell and
135  * circuit properties.
136  *
137  * This is needed to determine if a client channel is being
138  * used for application traffic, and if a relay channel is being
139  * used for multihop circuits and application traffic. The decision
140  * to pad in channelpadding.c depends upon this info (as well as
141  * consensus parameters) to decide what channels to pad.
142  */
143 static void
145 {
146  if (CIRCUIT_IS_ORIGIN(circ)) {
147  /*
148  * The client state was first set much earlier in
149  * circuit_send_next_onion_skin(), so we can start padding as early as
150  * possible.
151  *
152  * However, if padding turns out to be expensive, we may want to not do
153  * it until actual application traffic starts flowing (which is controlled
154  * via consensus param nf_pad_before_usage).
155  *
156  * So: If we're an origin circuit and we've created a full length circuit,
157  * then any CELL_RELAY cell means application data. Increase the usage
158  * state of the channel to indicate this.
159  *
160  * We want to wait for CELL_RELAY specifically here, so we know that
161  * the channel was definitely being used for data and not for extends.
162  * By default, we pad as soon as a channel has been used for *any*
163  * circuits, so this state is irrelevant to the padding decision in
164  * the default case. However, if padding turns out to be expensive,
165  * we would like the ability to avoid padding until we're absolutely
166  * sure that a channel is used for enough application data to be worth
167  * padding.
168  *
169  * (So it does not matter that CELL_RELAY_EARLY can actually contain
170  * application data. This is only a load reducing option and that edge
171  * case does not matter if we're desperately trying to reduce overhead
172  * anyway. See also consensus parameter nf_pad_before_usage).
173  */
174  if (BUG(!circ->n_chan))
175  return;
176 
177  if (circ->n_chan->channel_usage == CHANNEL_USED_FOR_FULL_CIRCS &&
178  cell->command == CELL_RELAY) {
179  circ->n_chan->channel_usage = CHANNEL_USED_FOR_USER_TRAFFIC;
180  }
181  } else {
182  /* If we're a relay circuit, the question is more complicated. Basically:
183  * we only want to pad connections that carry multihop (anonymous)
184  * circuits.
185  *
186  * We assume we're more than one hop if either the previous hop
187  * is not a client, or if the previous hop is a client and there's
188  * a next hop. Then, circuit traffic starts at RELAY_EARLY, and
189  * user application traffic starts when we see RELAY cells.
190  */
191  or_circuit_t *or_circ = TO_OR_CIRCUIT(circ);
192 
193  if (BUG(!or_circ->p_chan))
194  return;
195 
196  if (!channel_is_client(or_circ->p_chan) ||
197  (channel_is_client(or_circ->p_chan) && circ->n_chan)) {
198  if (cell->command == CELL_RELAY_EARLY) {
199  if (or_circ->p_chan->channel_usage < CHANNEL_USED_FOR_FULL_CIRCS) {
200  or_circ->p_chan->channel_usage = CHANNEL_USED_FOR_FULL_CIRCS;
201  }
202  } else if (cell->command == CELL_RELAY) {
203  or_circ->p_chan->channel_usage = CHANNEL_USED_FOR_USER_TRAFFIC;
204  }
205  }
206  }
207 }
208 
209 /** Receive a relay cell:
210  * - Crypt it (encrypt if headed toward the origin or if we <b>are</b> the
211  * origin; decrypt if we're headed toward the exit).
212  * - Check if recognized (if exitward).
213  * - If recognized and the digest checks out, then find if there's a stream
214  * that the cell is intended for, and deliver it to the right
215  * connection_edge.
216  * - If not recognized, then we need to relay it: append it to the appropriate
217  * cell_queue on <b>circ</b>.
218  *
219  * Return -<b>reason</b> on failure.
220  */
221 int
223  cell_direction_t cell_direction)
224 {
225  channel_t *chan = NULL;
226  crypt_path_t *layer_hint=NULL;
227  char recognized=0;
228  int reason;
229 
230  tor_assert(cell);
231  tor_assert(circ);
232  tor_assert(cell_direction == CELL_DIRECTION_OUT ||
233  cell_direction == CELL_DIRECTION_IN);
234  if (circ->marked_for_close)
235  return 0;
236 
237  if (relay_decrypt_cell(circ, cell, cell_direction, &layer_hint, &recognized)
238  < 0) {
239  log_fn(LOG_PROTOCOL_WARN, LD_PROTOCOL,
240  "relay crypt failed. Dropping connection.");
241  return -END_CIRC_REASON_INTERNAL;
242  }
243 
244  circuit_update_channel_usage(circ, cell);
245 
246  if (recognized) {
247  edge_connection_t *conn = NULL;
248 
249  /* Recognized cell, the cell digest has been updated, we'll record it for
250  * the SENDME if need be. */
251  sendme_record_received_cell_digest(circ, layer_hint);
252 
254  if (pathbias_check_probe_response(circ, cell) == -1) {
255  pathbias_count_valid_cells(circ, cell);
256  }
257 
258  /* We need to drop this cell no matter what to avoid code that expects
259  * a certain purpose (such as the hidserv code). */
260  return 0;
261  }
262 
263  conn = relay_lookup_conn(circ, cell, cell_direction, layer_hint);
264  if (cell_direction == CELL_DIRECTION_OUT) {
266  log_debug(LD_OR,"Sending away from origin.");
267  reason = connection_edge_process_relay_cell(cell, circ, conn, NULL);
268  if (reason < 0) {
269  log_fn(LOG_PROTOCOL_WARN, LD_PROTOCOL,
270  "connection_edge_process_relay_cell (away from origin) "
271  "failed.");
272  return reason;
273  }
274  }
275  if (cell_direction == CELL_DIRECTION_IN) {
277  log_debug(LD_OR,"Sending to origin.");
278  reason = connection_edge_process_relay_cell(cell, circ, conn,
279  layer_hint);
280  if (reason < 0) {
281  /* If a client is trying to connect to unknown hidden service port,
282  * END_CIRC_AT_ORIGIN is sent back so we can then close the circuit.
283  * Do not log warn as this is an expected behavior for a service. */
284  if (reason != END_CIRC_AT_ORIGIN) {
285  log_warn(LD_OR,
286  "connection_edge_process_relay_cell (at origin) failed.");
287  }
288  return reason;
289  }
290  }
291  return 0;
292  }
293 
294  /* not recognized. inform circpad and pass it on. */
295  circpad_deliver_unrecognized_cell_events(circ, cell_direction);
296 
297  if (cell_direction == CELL_DIRECTION_OUT) {
298  cell->circ_id = circ->n_circ_id; /* switch it */
299  chan = circ->n_chan;
300  } else if (! CIRCUIT_IS_ORIGIN(circ)) {
301  cell->circ_id = TO_OR_CIRCUIT(circ)->p_circ_id; /* switch it */
302  chan = TO_OR_CIRCUIT(circ)->p_chan;
303  } else {
304  log_fn(LOG_PROTOCOL_WARN, LD_OR,
305  "Dropping unrecognized inbound cell on origin circuit.");
306  /* If we see unrecognized cells on path bias testing circs,
307  * it's bad mojo. Those circuits need to die.
308  * XXX: Shouldn't they always die? */
311  return -END_CIRC_REASON_TORPROTOCOL;
312  } else {
313  return 0;
314  }
315  }
316 
317  if (!chan) {
318  // XXXX Can this splice stuff be done more cleanly?
319  if (! CIRCUIT_IS_ORIGIN(circ) &&
320  TO_OR_CIRCUIT(circ)->rend_splice &&
321  cell_direction == CELL_DIRECTION_OUT) {
322  or_circuit_t *splice_ = TO_OR_CIRCUIT(circ)->rend_splice;
325  cell->circ_id = splice_->p_circ_id;
326  cell->command = CELL_RELAY; /* can't be relay_early anyway */
327  if ((reason = circuit_receive_relay_cell(cell, TO_CIRCUIT(splice_),
328  CELL_DIRECTION_IN)) < 0) {
329  log_warn(LD_REND, "Error relaying cell across rendezvous; closing "
330  "circuits");
331  /* XXXX Do this here, or just return -1? */
332  circuit_mark_for_close(circ, -reason);
333  return reason;
334  }
335  return 0;
336  }
337  if (BUG(CIRCUIT_IS_ORIGIN(circ))) {
338  /* Should be impossible at this point. */
339  return -END_CIRC_REASON_TORPROTOCOL;
340  }
341  or_circuit_t *or_circ = TO_OR_CIRCUIT(circ);
342  if (++or_circ->n_cells_discarded_at_end == 1) {
343  time_t seconds_open = approx_time() - circ->timestamp_created.tv_sec;
344  log_fn(LOG_PROTOCOL_WARN, LD_PROTOCOL,
345  "Didn't recognize a cell, but circ stops here! Closing circuit. "
346  "It was created %ld seconds ago.", (long)seconds_open);
347  }
348  return -END_CIRC_REASON_TORPROTOCOL;
349  }
350 
351  log_debug(LD_OR,"Passing on unrecognized cell.");
352 
353  ++stats_n_relay_cells_relayed; /* XXXX no longer quite accurate {cells}
354  * we might kill the circ before we relay
355  * the cells. */
356 
357  append_cell_to_circuit_queue(circ, chan, cell, cell_direction, 0);
358  return 0;
359 }
360 
361 /** Package a relay cell from an edge:
362  * - Encrypt it to the right layer
363  * - Append it to the appropriate cell_queue on <b>circ</b>.
364  */
365 MOCK_IMPL(int,
367  cell_direction_t cell_direction,
368  crypt_path_t *layer_hint, streamid_t on_stream,
369  const char *filename, int lineno))
370 {
371  channel_t *chan; /* where to send the cell */
372 
373  if (circ->marked_for_close) {
374  /* Circuit is marked; send nothing. */
375  return 0;
376  }
377 
378  if (cell_direction == CELL_DIRECTION_OUT) {
379  chan = circ->n_chan;
380  if (!chan) {
381  log_warn(LD_BUG,"outgoing relay cell sent from %s:%d has n_chan==NULL."
382  " Dropping. Circuit is in state %s (%d), and is "
383  "%smarked for close. (%s:%d, %d)", filename, lineno,
384  circuit_state_to_string(circ->state), circ->state,
385  circ->marked_for_close ? "" : "not ",
388  if (CIRCUIT_IS_ORIGIN(circ)) {
390  }
391  log_backtrace(LOG_WARN,LD_BUG,"");
392  return 0; /* just drop it */
393  }
394  if (!CIRCUIT_IS_ORIGIN(circ)) {
395  log_warn(LD_BUG,"outgoing relay cell sent from %s:%d on non-origin "
396  "circ. Dropping.", filename, lineno);
397  log_backtrace(LOG_WARN,LD_BUG,"");
398  return 0; /* just drop it */
399  }
400 
401  relay_encrypt_cell_outbound(cell, TO_ORIGIN_CIRCUIT(circ), layer_hint);
402 
403  /* Update circ written totals for control port */
404  origin_circuit_t *ocirc = TO_ORIGIN_CIRCUIT(circ);
405  ocirc->n_written_circ_bw = tor_add_u32_nowrap(ocirc->n_written_circ_bw,
407 
408  } else { /* incoming cell */
409  if (CIRCUIT_IS_ORIGIN(circ)) {
410  /* We should never package an _incoming_ cell from the circuit
411  * origin; that means we messed up somewhere. */
412  log_warn(LD_BUG,"incoming relay cell at origin circuit. Dropping.");
413  assert_circuit_ok(circ);
414  return 0; /* just drop it */
415  }
416  or_circuit_t *or_circ = TO_OR_CIRCUIT(circ);
417  relay_encrypt_cell_inbound(cell, or_circ);
418  chan = or_circ->p_chan;
419  }
421 
422  append_cell_to_circuit_queue(circ, chan, cell, cell_direction, on_stream);
423  return 0;
424 }
425 
426 /** If cell's stream_id matches the stream_id of any conn that's
427  * attached to circ, return that conn, else return NULL.
428  */
429 static edge_connection_t *
431  cell_direction_t cell_direction, crypt_path_t *layer_hint)
432 {
433  edge_connection_t *tmpconn;
434  relay_header_t rh;
435 
436  relay_header_unpack(&rh, cell->payload);
437 
438  if (!rh.stream_id)
439  return NULL;
440 
441  /* IN or OUT cells could have come from either direction, now
442  * that we allow rendezvous *to* an OP.
443  */
444 
445  if (CIRCUIT_IS_ORIGIN(circ)) {
446  for (tmpconn = TO_ORIGIN_CIRCUIT(circ)->p_streams; tmpconn;
447  tmpconn=tmpconn->next_stream) {
448  if (rh.stream_id == tmpconn->stream_id &&
449  !tmpconn->base_.marked_for_close &&
450  tmpconn->cpath_layer == layer_hint) {
451  log_debug(LD_APP,"found conn for stream %d.", rh.stream_id);
452  return tmpconn;
453  }
454  }
455  } else {
456  for (tmpconn = TO_OR_CIRCUIT(circ)->n_streams; tmpconn;
457  tmpconn=tmpconn->next_stream) {
458  if (rh.stream_id == tmpconn->stream_id &&
459  !tmpconn->base_.marked_for_close) {
460  log_debug(LD_EXIT,"found conn for stream %d.", rh.stream_id);
461  if (cell_direction == CELL_DIRECTION_OUT ||
463  return tmpconn;
464  }
465  }
466  for (tmpconn = TO_OR_CIRCUIT(circ)->resolving_streams; tmpconn;
467  tmpconn=tmpconn->next_stream) {
468  if (rh.stream_id == tmpconn->stream_id &&
469  !tmpconn->base_.marked_for_close) {
470  log_debug(LD_EXIT,"found conn for stream %d.", rh.stream_id);
471  return tmpconn;
472  }
473  }
474  }
475  return NULL; /* probably a begin relay cell */
476 }
477 
478 /** Pack the relay_header_t host-order structure <b>src</b> into
479  * network-order in the buffer <b>dest</b>. See tor-spec.txt for details
480  * about the wire format.
481  */
482 void
483 relay_header_pack(uint8_t *dest, const relay_header_t *src)
484 {
485  set_uint8(dest, src->command);
486  set_uint16(dest+1, htons(src->recognized));
487  set_uint16(dest+3, htons(src->stream_id));
488  memcpy(dest+5, src->integrity, 4);
489  set_uint16(dest+9, htons(src->length));
490 }
491 
492 /** Unpack the network-order buffer <b>src</b> into a host-order
493  * relay_header_t structure <b>dest</b>.
494  */
495 void
496 relay_header_unpack(relay_header_t *dest, const uint8_t *src)
497 {
498  dest->command = get_uint8(src);
499  dest->recognized = ntohs(get_uint16(src+1));
500  dest->stream_id = ntohs(get_uint16(src+3));
501  memcpy(dest->integrity, src+5, 4);
502  dest->length = ntohs(get_uint16(src+9));
503 }
504 
505 /** Convert the relay <b>command</b> into a human-readable string. */
506 const char *
508 {
509  static char buf[64];
510  switch (command) {
511  case RELAY_COMMAND_BEGIN: return "BEGIN";
512  case RELAY_COMMAND_DATA: return "DATA";
513  case RELAY_COMMAND_END: return "END";
514  case RELAY_COMMAND_CONNECTED: return "CONNECTED";
515  case RELAY_COMMAND_SENDME: return "SENDME";
516  case RELAY_COMMAND_EXTEND: return "EXTEND";
517  case RELAY_COMMAND_EXTENDED: return "EXTENDED";
518  case RELAY_COMMAND_TRUNCATE: return "TRUNCATE";
519  case RELAY_COMMAND_TRUNCATED: return "TRUNCATED";
520  case RELAY_COMMAND_DROP: return "DROP";
521  case RELAY_COMMAND_RESOLVE: return "RESOLVE";
522  case RELAY_COMMAND_RESOLVED: return "RESOLVED";
523  case RELAY_COMMAND_BEGIN_DIR: return "BEGIN_DIR";
524  case RELAY_COMMAND_ESTABLISH_INTRO: return "ESTABLISH_INTRO";
525  case RELAY_COMMAND_ESTABLISH_RENDEZVOUS: return "ESTABLISH_RENDEZVOUS";
526  case RELAY_COMMAND_INTRODUCE1: return "INTRODUCE1";
527  case RELAY_COMMAND_INTRODUCE2: return "INTRODUCE2";
528  case RELAY_COMMAND_RENDEZVOUS1: return "RENDEZVOUS1";
529  case RELAY_COMMAND_RENDEZVOUS2: return "RENDEZVOUS2";
530  case RELAY_COMMAND_INTRO_ESTABLISHED: return "INTRO_ESTABLISHED";
531  case RELAY_COMMAND_RENDEZVOUS_ESTABLISHED:
532  return "RENDEZVOUS_ESTABLISHED";
533  case RELAY_COMMAND_INTRODUCE_ACK: return "INTRODUCE_ACK";
534  case RELAY_COMMAND_EXTEND2: return "EXTEND2";
535  case RELAY_COMMAND_EXTENDED2: return "EXTENDED2";
536  case RELAY_COMMAND_PADDING_NEGOTIATE: return "PADDING_NEGOTIATE";
537  case RELAY_COMMAND_PADDING_NEGOTIATED: return "PADDING_NEGOTIATED";
538  default:
539  tor_snprintf(buf, sizeof(buf), "Unrecognized relay command %u",
540  (unsigned)command);
541  return buf;
542  }
543 }
544 
545 /** When padding a cell with randomness, leave this many zeros after the
546  * payload. */
547 #define CELL_PADDING_GAP 4
548 
549 /** Return the offset where the padding should start. The <b>data_len</b> is
550  * the relay payload length expected to be put in the cell. It can not be
551  * bigger than RELAY_PAYLOAD_SIZE else this function assert().
552  *
553  * Value will always be smaller than CELL_PAYLOAD_SIZE because this offset is
554  * for the entire cell length not just the data payload length. Zero is
555  * returned if there is no room for padding.
556  *
557  * This function always skips the first 4 bytes after the payload because
558  * having some unused zero bytes has saved us a lot of times in the past. */
559 
560 STATIC size_t
561 get_pad_cell_offset(size_t data_len)
562 {
563  /* This is never supposed to happen but in case it does, stop right away
564  * because if tor is tricked somehow into not adding random bytes to the
565  * payload with this function returning 0 for a bad data_len, the entire
566  * authenticated SENDME design can be bypassed leading to bad denial of
567  * service attacks. */
568  tor_assert(data_len <= RELAY_PAYLOAD_SIZE);
569 
570  /* If the offset is larger than the cell payload size, we return an offset
571  * of zero indicating that no padding needs to be added. */
572  size_t offset = RELAY_HEADER_SIZE + data_len + CELL_PADDING_GAP;
573  if (offset >= CELL_PAYLOAD_SIZE) {
574  return 0;
575  }
576  return offset;
577 }
578 
579 /* Add random bytes to the unused portion of the payload, to foil attacks
580  * where the other side can predict all of the bytes in the payload and thus
581  * compute the authenticated SENDME cells without seeing the traffic. See
582  * proposal 289. */
583 static void
584 pad_cell_payload(uint8_t *cell_payload, size_t data_len)
585 {
586  size_t pad_offset, pad_len;
587 
588  tor_assert(cell_payload);
589 
590  pad_offset = get_pad_cell_offset(data_len);
591  if (pad_offset == 0) {
592  /* We can't add padding so we are done. */
593  return;
594  }
595 
596  /* Remember here that the cell_payload is the length of the header and
597  * payload size so we offset it using the full length of the cell. */
598  pad_len = CELL_PAYLOAD_SIZE - pad_offset;
600  cell_payload + pad_offset, pad_len);
601 }
602 
603 /** Make a relay cell out of <b>relay_command</b> and <b>payload</b>, and send
604  * it onto the open circuit <b>circ</b>. <b>stream_id</b> is the ID on
605  * <b>circ</b> for the stream that's sending the relay cell, or 0 if it's a
606  * control cell. <b>cpath_layer</b> is NULL for OR->OP cells, or the
607  * destination hop for OP->OR cells.
608  *
609  * If you can't send the cell, mark the circuit for close and return -1. Else
610  * return 0.
611  */
612 MOCK_IMPL(int,
614  uint8_t relay_command, const char *payload,
615  size_t payload_len, crypt_path_t *cpath_layer,
616  const char *filename, int lineno))
617 {
618  cell_t cell;
619  relay_header_t rh;
620  cell_direction_t cell_direction;
621  /* XXXX NM Split this function into a separate versions per circuit type? */
622 
623  tor_assert(circ);
624  tor_assert(payload_len <= RELAY_PAYLOAD_SIZE);
625 
626  memset(&cell, 0, sizeof(cell_t));
627  cell.command = CELL_RELAY;
628  if (CIRCUIT_IS_ORIGIN(circ)) {
629  tor_assert(cpath_layer);
630  cell.circ_id = circ->n_circ_id;
631  cell_direction = CELL_DIRECTION_OUT;
632  } else {
633  tor_assert(! cpath_layer);
634  cell.circ_id = TO_OR_CIRCUIT(circ)->p_circ_id;
635  cell_direction = CELL_DIRECTION_IN;
636  }
637 
638  memset(&rh, 0, sizeof(rh));
639  rh.command = relay_command;
640  rh.stream_id = stream_id;
641  rh.length = payload_len;
642  relay_header_pack(cell.payload, &rh);
643  if (payload_len)
644  memcpy(cell.payload+RELAY_HEADER_SIZE, payload, payload_len);
645 
646  /* Add random padding to the cell if we can. */
647  pad_cell_payload(cell.payload, payload_len);
648 
649  log_debug(LD_OR,"delivering %d cell %s.", relay_command,
650  cell_direction == CELL_DIRECTION_OUT ? "forward" : "backward");
651 
652  /* Tell circpad we're sending a relay cell */
653  circpad_deliver_sent_relay_cell_events(circ, relay_command);
654 
655  /* If we are sending an END cell and this circuit is used for a tunneled
656  * directory request, advance its state. */
657  if (relay_command == RELAY_COMMAND_END && circ->dirreq_id)
658  geoip_change_dirreq_state(circ->dirreq_id, DIRREQ_TUNNELED,
660 
661  if (cell_direction == CELL_DIRECTION_OUT && circ->n_chan) {
662  /* if we're using relaybandwidthrate, this conn wants priority */
664  }
665 
666  if (cell_direction == CELL_DIRECTION_OUT) {
667  origin_circuit_t *origin_circ = TO_ORIGIN_CIRCUIT(circ);
668  if (origin_circ->remaining_relay_early_cells > 0 &&
669  (relay_command == RELAY_COMMAND_EXTEND ||
670  relay_command == RELAY_COMMAND_EXTEND2 ||
671  cpath_layer != origin_circ->cpath)) {
672  /* If we've got any relay_early cells left and (we're sending
673  * an extend cell or we're not talking to the first hop), use
674  * one of them. Don't worry about the conn protocol version:
675  * append_cell_to_circuit_queue will fix it up. */
676  cell.command = CELL_RELAY_EARLY;
677  /* If we're out of relay early cells, tell circpad */
678  if (--origin_circ->remaining_relay_early_cells == 0)
680  log_debug(LD_OR, "Sending a RELAY_EARLY cell; %d remaining.",
681  (int)origin_circ->remaining_relay_early_cells);
682  /* Memorize the command that is sent as RELAY_EARLY cell; helps debug
683  * task 878. */
684  origin_circ->relay_early_commands[
685  origin_circ->relay_early_cells_sent++] = relay_command;
686  } else if (relay_command == RELAY_COMMAND_EXTEND ||
687  relay_command == RELAY_COMMAND_EXTEND2) {
688  /* If no RELAY_EARLY cells can be sent over this circuit, log which
689  * commands have been sent as RELAY_EARLY cells before; helps debug
690  * task 878. */
691  smartlist_t *commands_list = smartlist_new();
692  int i = 0;
693  char *commands = NULL;
694  for (; i < origin_circ->relay_early_cells_sent; i++)
695  smartlist_add(commands_list, (char *)
697  commands = smartlist_join_strings(commands_list, ",", 0, NULL);
698  log_warn(LD_BUG, "Uh-oh. We're sending a RELAY_COMMAND_EXTEND cell, "
699  "but we have run out of RELAY_EARLY cells on that circuit. "
700  "Commands sent before: %s", commands);
701  tor_free(commands);
702  smartlist_free(commands_list);
703  }
704 
705  /* Let's assume we're well-behaved: Anything that we decide to send is
706  * valid, delivered data. */
707  circuit_sent_valid_data(origin_circ, rh.length);
708  }
709 
710  if (circuit_package_relay_cell(&cell, circ, cell_direction, cpath_layer,
711  stream_id, filename, lineno) < 0) {
712  log_warn(LD_BUG,"circuit_package_relay_cell failed. Closing.");
713  circuit_mark_for_close(circ, END_CIRC_REASON_INTERNAL);
714  return -1;
715  }
716 
717  /* If applicable, note the cell digest for the SENDME version 1 purpose if
718  * we need to. This call needs to be after the circuit_package_relay_cell()
719  * because the cell digest is set within that function. */
720  if (relay_command == RELAY_COMMAND_DATA) {
721  sendme_record_cell_digest_on_circ(circ, cpath_layer);
722  }
723 
724  return 0;
725 }
726 
727 /** Make a relay cell out of <b>relay_command</b> and <b>payload</b>, and
728  * send it onto the open circuit <b>circ</b>. <b>fromconn</b> is the stream
729  * that's sending the relay cell, or NULL if it's a control cell.
730  * <b>cpath_layer</b> is NULL for OR->OP cells, or the destination hop
731  * for OP->OR cells.
732  *
733  * If you can't send the cell, mark the circuit for close and
734  * return -1. Else return 0.
735  */
736 int
738  uint8_t relay_command, const char *payload,
739  size_t payload_len)
740 {
741  /* XXXX NM Split this function into a separate versions per circuit type? */
742  circuit_t *circ;
743  crypt_path_t *cpath_layer = fromconn->cpath_layer;
744  tor_assert(fromconn);
745  circ = fromconn->on_circuit;
746 
747  if (fromconn->base_.marked_for_close) {
748  log_warn(LD_BUG,
749  "called on conn that's already marked for close at %s:%d.",
750  fromconn->base_.marked_for_close_file,
751  fromconn->base_.marked_for_close);
752  return 0;
753  }
754 
755  if (!circ) {
756  if (fromconn->base_.type == CONN_TYPE_AP) {
757  log_info(LD_APP,"no circ. Closing conn.");
758  connection_mark_unattached_ap(EDGE_TO_ENTRY_CONN(fromconn),
759  END_STREAM_REASON_INTERNAL);
760  } else {
761  log_info(LD_EXIT,"no circ. Closing conn.");
762  fromconn->edge_has_sent_end = 1; /* no circ to send to */
763  fromconn->end_reason = END_STREAM_REASON_INTERNAL;
764  connection_mark_for_close(TO_CONN(fromconn));
765  }
766  return -1;
767  }
768 
769  if (circ->marked_for_close) {
770  /* The circuit has been marked, but not freed yet. When it's freed, it
771  * will mark this connection for close. */
772  return -1;
773  }
774 
775 #ifdef MEASUREMENTS_21206
776  /* Keep track of the number of RELAY_DATA cells sent for directory
777  * connections. */
778  connection_t *linked_conn = TO_CONN(fromconn)->linked_conn;
779 
780  if (linked_conn && linked_conn->type == CONN_TYPE_DIR) {
781  ++(TO_DIR_CONN(linked_conn)->data_cells_sent);
782  }
783 #endif /* defined(MEASUREMENTS_21206) */
784 
785  return relay_send_command_from_edge(fromconn->stream_id, circ,
786  relay_command, payload,
787  payload_len, cpath_layer);
788 }
789 
790 /** How many times will I retry a stream that fails due to DNS
791  * resolve failure or misc error?
792  */
793 #define MAX_RESOLVE_FAILURES 3
794 
795 /** Return 1 if reason is something that you should retry if you
796  * get the end cell before you've connected; else return 0. */
797 static int
799 {
800  return reason == END_STREAM_REASON_HIBERNATING ||
801  reason == END_STREAM_REASON_RESOURCELIMIT ||
802  reason == END_STREAM_REASON_EXITPOLICY ||
803  reason == END_STREAM_REASON_RESOLVEFAILED ||
804  reason == END_STREAM_REASON_MISC ||
805  reason == END_STREAM_REASON_NOROUTE;
806 }
807 
808 /** Called when we receive an END cell on a stream that isn't open yet,
809  * from the client side.
810  * Arguments are as for connection_edge_process_relay_cell().
811  */
812 static int
814  relay_header_t *rh, cell_t *cell, origin_circuit_t *circ,
815  entry_connection_t *conn, crypt_path_t *layer_hint)
816 {
817  node_t *exitrouter;
818  int reason = *(cell->payload+RELAY_HEADER_SIZE);
819  int control_reason;
820  edge_connection_t *edge_conn = ENTRY_TO_EDGE_CONN(conn);
821  (void) layer_hint; /* unused */
822 
823  if (rh->length > 0) {
824  if (reason == END_STREAM_REASON_TORPROTOCOL ||
825  reason == END_STREAM_REASON_DESTROY) {
826  /* Both of these reasons could mean a failed tag
827  * hit the exit and it complained. Do not probe.
828  * Fail the circuit. */
830  return -END_CIRC_REASON_TORPROTOCOL;
831  } else if (reason == END_STREAM_REASON_INTERNAL) {
832  /* We can't infer success or failure, since older Tors report
833  * ENETUNREACH as END_STREAM_REASON_INTERNAL. */
834  } else {
835  /* Path bias: If we get a valid reason code from the exit,
836  * it wasn't due to tagging.
837  *
838  * We rely on recognized+digest being strong enough to make
839  * tags unlikely to allow us to get tagged, yet 'recognized'
840  * reason codes here. */
842  }
843  }
844 
845  /* This end cell is now valid. */
846  circuit_read_valid_data(circ, rh->length);
847 
848  if (rh->length == 0) {
849  reason = END_STREAM_REASON_MISC;
850  }
851 
852  control_reason = reason | END_STREAM_REASON_FLAG_REMOTE;
853 
854  if (edge_reason_is_retriable(reason) &&
855  /* avoid retry if rend */
857  const char *chosen_exit_digest =
859  log_info(LD_APP,"Address '%s' refused due to '%s'. Considering retrying.",
860  safe_str(conn->socks_request->address),
862  exitrouter = node_get_mutable_by_id(chosen_exit_digest);
863  switch (reason) {
864  case END_STREAM_REASON_EXITPOLICY: {
865  tor_addr_t addr;
866  tor_addr_make_unspec(&addr);
867  if (rh->length >= 5) {
868  int ttl = -1;
869  tor_addr_make_unspec(&addr);
870  if (rh->length == 5 || rh->length == 9) {
871  tor_addr_from_ipv4n(&addr,
873  if (rh->length == 9)
874  ttl = (int)ntohl(get_uint32(cell->payload+RELAY_HEADER_SIZE+5));
875  } else if (rh->length == 17 || rh->length == 21) {
877  (cell->payload+RELAY_HEADER_SIZE+1));
878  if (rh->length == 21)
879  ttl = (int)ntohl(get_uint32(cell->payload+RELAY_HEADER_SIZE+17));
880  }
881  if (tor_addr_is_null(&addr)) {
882  log_info(LD_APP,"Address '%s' resolved to 0.0.0.0. Closing,",
883  safe_str(conn->socks_request->address));
884  connection_mark_unattached_ap(conn, END_STREAM_REASON_TORPROTOCOL);
885  return 0;
886  }
887 
888  if ((tor_addr_family(&addr) == AF_INET &&
889  !conn->entry_cfg.ipv4_traffic) ||
890  (tor_addr_family(&addr) == AF_INET6 &&
891  !conn->entry_cfg.ipv6_traffic)) {
892  log_fn(LOG_PROTOCOL_WARN, LD_APP,
893  "Got an EXITPOLICY failure on a connection with a "
894  "mismatched family. Closing.");
895  connection_mark_unattached_ap(conn, END_STREAM_REASON_TORPROTOCOL);
896  return 0;
897  }
898  if (get_options()->ClientDNSRejectInternalAddresses &&
899  tor_addr_is_internal(&addr, 0)) {
900  log_info(LD_APP,"Address '%s' resolved to internal. Closing,",
901  safe_str(conn->socks_request->address));
902  connection_mark_unattached_ap(conn, END_STREAM_REASON_TORPROTOCOL);
903  return 0;
904  }
905 
907  conn->socks_request->address, &addr,
908  conn->chosen_exit_name, ttl);
909 
910  {
911  char new_addr[TOR_ADDR_BUF_LEN];
912  tor_addr_to_str(new_addr, &addr, sizeof(new_addr), 1);
913  if (strcmp(conn->socks_request->address, new_addr)) {
914  strlcpy(conn->socks_request->address, new_addr,
915  sizeof(conn->socks_request->address));
916  control_event_stream_status(conn, STREAM_EVENT_REMAP, 0);
917  }
918  }
919  }
920  /* check if the exit *ought* to have allowed it */
921 
923  conn,
924  exitrouter,
925  &addr);
926 
927  if (conn->chosen_exit_optional ||
928  conn->chosen_exit_retries) {
929  /* stop wanting a specific exit */
930  conn->chosen_exit_optional = 0;
931  /* A non-zero chosen_exit_retries can happen if we set a
932  * TrackHostExits for this address under a port that the exit
933  * relay allows, but then try the same address with a different
934  * port that it doesn't allow to exit. We shouldn't unregister
935  * the mapping, since it is probably still wanted on the
936  * original port. But now we give away to the exit relay that
937  * we probably have a TrackHostExits on it. So be it. */
938  conn->chosen_exit_retries = 0;
939  tor_free(conn->chosen_exit_name); /* clears it */
940  }
941  if (connection_ap_detach_retriable(conn, circ, control_reason) >= 0)
942  return 0;
943  /* else, conn will get closed below */
944  break;
945  }
946  case END_STREAM_REASON_CONNECTREFUSED:
947  if (!conn->chosen_exit_optional)
948  break; /* break means it'll close, below */
949  /* Else fall through: expire this circuit, clear the
950  * chosen_exit_name field, and try again. */
951  FALLTHROUGH;
952  case END_STREAM_REASON_RESOLVEFAILED:
953  case END_STREAM_REASON_TIMEOUT:
954  case END_STREAM_REASON_MISC:
955  case END_STREAM_REASON_NOROUTE:
958  /* We haven't retried too many times; reattach the connection. */
960  /* Mark this circuit "unusable for new streams". */
962 
963  if (conn->chosen_exit_optional) {
964  /* stop wanting a specific exit */
965  conn->chosen_exit_optional = 0;
966  tor_free(conn->chosen_exit_name); /* clears it */
967  }
968  if (connection_ap_detach_retriable(conn, circ, control_reason) >= 0)
969  return 0;
970  /* else, conn will get closed below */
971  } else {
972  log_notice(LD_APP,
973  "Have tried resolving or connecting to address '%s' "
974  "at %d different places. Giving up.",
975  safe_str(conn->socks_request->address),
977  /* clear the failures, so it will have a full try next time */
979  }
980  break;
981  case END_STREAM_REASON_HIBERNATING:
982  case END_STREAM_REASON_RESOURCELIMIT:
983  if (exitrouter) {
985  }
986  if (conn->chosen_exit_optional) {
987  /* stop wanting a specific exit */
988  conn->chosen_exit_optional = 0;
989  tor_free(conn->chosen_exit_name); /* clears it */
990  }
991  if (connection_ap_detach_retriable(conn, circ, control_reason) >= 0)
992  return 0;
993  /* else, will close below */
994  break;
995  } /* end switch */
996  log_info(LD_APP,"Giving up on retrying; conn can't be handled.");
997  }
998 
999  log_info(LD_APP,
1000  "Edge got end (%s) before we're connected. Marking for close.",
1001  stream_end_reason_to_string(rh->length > 0 ? reason : -1));
1003  /* need to test because of detach_retriable */
1004  if (!ENTRY_TO_CONN(conn)->marked_for_close)
1005  connection_mark_unattached_ap(conn, control_reason);
1006  return 0;
1007 }
1008 
1009 /** Called when we have gotten an END_REASON_EXITPOLICY failure on <b>circ</b>
1010  * for <b>conn</b>, while attempting to connect via <b>node</b>. If the node
1011  * told us which address it rejected, then <b>addr</b> is that address;
1012  * otherwise it is AF_UNSPEC.
1013  *
1014  * If we are sure the node should have allowed this address, mark the node as
1015  * having a reject *:* exit policy. Otherwise, mark the circuit as unusable
1016  * for this particular address.
1017  **/
1018 static void
1020  entry_connection_t *conn,
1021  node_t *node,
1022  const tor_addr_t *addr)
1023 {
1024  int make_reject_all = 0;
1025  const sa_family_t family = tor_addr_family(addr);
1026 
1027  if (node) {
1028  tor_addr_t tmp;
1029  int asked_for_family = tor_addr_parse(&tmp, conn->socks_request->address);
1030  if (family == AF_UNSPEC) {
1031  make_reject_all = 1;
1032  } else if (node_exit_policy_is_exact(node, family) &&
1033  asked_for_family != -1 && !conn->chosen_exit_name) {
1034  make_reject_all = 1;
1035  }
1036 
1037  if (make_reject_all) {
1038  log_info(LD_APP,
1039  "Exitrouter %s seems to be more restrictive than its exit "
1040  "policy. Not using this router as exit for now.",
1041  node_describe(node));
1043  }
1044  }
1045 
1046  if (family != AF_UNSPEC)
1048 }
1049 
1050 /** Helper: change the socks_request-&gt;address field on conn to the
1051  * dotted-quad representation of <b>new_addr</b>,
1052  * and send an appropriate REMAP event. */
1053 static void
1055 {
1056  tor_addr_to_str(conn->socks_request->address, new_addr,
1057  sizeof(conn->socks_request->address),
1058  1);
1059  control_event_stream_status(conn, STREAM_EVENT_REMAP,
1061 }
1062 
1063 /** Extract the contents of a connected cell in <b>cell</b>, whose relay
1064  * header has already been parsed into <b>rh</b>. On success, set
1065  * <b>addr_out</b> to the address we're connected to, and <b>ttl_out</b> to
1066  * the ttl of that address, in seconds, and return 0. On failure, return
1067  * -1.
1068  *
1069  * Note that the resulting address can be UNSPEC if the connected cell had no
1070  * address (as for a stream to an union service or a tunneled directory
1071  * connection), and that the ttl can be absent (in which case <b>ttl_out</b>
1072  * is set to -1). */
1073 STATIC int
1075  tor_addr_t *addr_out, int *ttl_out)
1076 {
1077  uint32_t bytes;
1078  const uint8_t *payload = cell->payload + RELAY_HEADER_SIZE;
1079 
1080  tor_addr_make_unspec(addr_out);
1081  *ttl_out = -1;
1082  if (rh->length == 0)
1083  return 0;
1084  if (rh->length < 4)
1085  return -1;
1086  bytes = ntohl(get_uint32(payload));
1087 
1088  /* If bytes is 0, this is maybe a v6 address. Otherwise it's a v4 address */
1089  if (bytes != 0) {
1090  /* v4 address */
1091  tor_addr_from_ipv4h(addr_out, bytes);
1092  if (rh->length >= 8) {
1093  bytes = ntohl(get_uint32(payload + 4));
1094  if (bytes <= INT32_MAX)
1095  *ttl_out = bytes;
1096  }
1097  } else {
1098  if (rh->length < 25) /* 4 bytes of 0s, 1 addr, 16 ipv4, 4 ttl. */
1099  return -1;
1100  if (get_uint8(payload + 4) != 6)
1101  return -1;
1102  tor_addr_from_ipv6_bytes(addr_out, (payload + 5));
1103  bytes = ntohl(get_uint32(payload + 21));
1104  if (bytes <= INT32_MAX)
1105  *ttl_out = (int) bytes;
1106  }
1107  return 0;
1108 }
1109 
1110 /** Drop all storage held by <b>addr</b>. */
1111 STATIC void
1112 address_ttl_free_(address_ttl_t *addr)
1113 {
1114  if (!addr)
1115  return;
1116  tor_free(addr->hostname);
1117  tor_free(addr);
1118 }
1119 
1120 /** Parse a resolved cell in <b>cell</b>, with parsed header in <b>rh</b>.
1121  * Return -1 on parse error. On success, add one or more newly allocated
1122  * address_ttl_t to <b>addresses_out</b>; set *<b>errcode_out</b> to
1123  * one of 0, RESOLVED_TYPE_ERROR, or RESOLVED_TYPE_ERROR_TRANSIENT, and
1124  * return 0. */
1125 STATIC int
1127  smartlist_t *addresses_out, int *errcode_out)
1128 {
1129  const uint8_t *cp;
1130  uint8_t answer_type;
1131  size_t answer_len;
1132  address_ttl_t *addr;
1133  size_t remaining;
1134  int errcode = 0;
1135  smartlist_t *addrs;
1136 
1137  tor_assert(cell);
1138  tor_assert(rh);
1139  tor_assert(addresses_out);
1140  tor_assert(errcode_out);
1141 
1142  *errcode_out = 0;
1143 
1144  if (rh->length > RELAY_PAYLOAD_SIZE)
1145  return -1;
1146 
1147  addrs = smartlist_new();
1148 
1149  cp = cell->payload + RELAY_HEADER_SIZE;
1150 
1151  remaining = rh->length;
1152  while (remaining) {
1153  const uint8_t *cp_orig = cp;
1154  if (remaining < 2)
1155  goto err;
1156  answer_type = *cp++;
1157  answer_len = *cp++;
1158  if (remaining < 2 + answer_len + 4) {
1159  goto err;
1160  }
1161  if (answer_type == RESOLVED_TYPE_IPV4) {
1162  if (answer_len != 4) {
1163  goto err;
1164  }
1165  addr = tor_malloc_zero(sizeof(*addr));
1166  tor_addr_from_ipv4n(&addr->addr, get_uint32(cp));
1167  cp += 4;
1168  addr->ttl = ntohl(get_uint32(cp));
1169  cp += 4;
1170  smartlist_add(addrs, addr);
1171  } else if (answer_type == RESOLVED_TYPE_IPV6) {
1172  if (answer_len != 16)
1173  goto err;
1174  addr = tor_malloc_zero(sizeof(*addr));
1175  tor_addr_from_ipv6_bytes(&addr->addr, cp);
1176  cp += 16;
1177  addr->ttl = ntohl(get_uint32(cp));
1178  cp += 4;
1179  smartlist_add(addrs, addr);
1180  } else if (answer_type == RESOLVED_TYPE_HOSTNAME) {
1181  if (answer_len == 0) {
1182  goto err;
1183  }
1184  addr = tor_malloc_zero(sizeof(*addr));
1185  addr->hostname = tor_memdup_nulterm(cp, answer_len);
1186  cp += answer_len;
1187  addr->ttl = ntohl(get_uint32(cp));
1188  cp += 4;
1189  smartlist_add(addrs, addr);
1190  } else if (answer_type == RESOLVED_TYPE_ERROR_TRANSIENT ||
1191  answer_type == RESOLVED_TYPE_ERROR) {
1192  errcode = answer_type;
1193  /* Ignore the error contents */
1194  cp += answer_len + 4;
1195  } else {
1196  cp += answer_len + 4;
1197  }
1198  tor_assert(((ssize_t)remaining) >= (cp - cp_orig));
1199  remaining -= (cp - cp_orig);
1200  }
1201 
1202  if (errcode && smartlist_len(addrs) == 0) {
1203  /* Report an error only if there were no results. */
1204  *errcode_out = errcode;
1205  }
1206 
1207  smartlist_add_all(addresses_out, addrs);
1208  smartlist_free(addrs);
1209 
1210  return 0;
1211 
1212  err:
1213  /* On parse error, don't report any results */
1214  SMARTLIST_FOREACH(addrs, address_ttl_t *, a, address_ttl_free(a));
1215  smartlist_free(addrs);
1216  return -1;
1217 }
1218 
1219 /** Helper for connection_edge_process_resolved_cell: given an error code,
1220  * an entry_connection, and a list of address_ttl_t *, report the best answer
1221  * to the entry_connection. */
1222 static void
1224  int error_code,
1225  smartlist_t *results)
1226 {
1227  address_ttl_t *addr_ipv4 = NULL;
1228  address_ttl_t *addr_ipv6 = NULL;
1229  address_ttl_t *addr_hostname = NULL;
1230  address_ttl_t *addr_best = NULL;
1231 
1232  /* If it's an error code, that's easy. */
1233  if (error_code) {
1234  tor_assert(error_code == RESOLVED_TYPE_ERROR ||
1235  error_code == RESOLVED_TYPE_ERROR_TRANSIENT);
1237  error_code,0,NULL,-1,-1);
1238  return;
1239  }
1240 
1241  /* Get the first answer of each type. */
1242  SMARTLIST_FOREACH_BEGIN(results, address_ttl_t *, addr) {
1243  if (addr->hostname) {
1244  if (!addr_hostname) {
1245  addr_hostname = addr;
1246  }
1247  } else if (tor_addr_family(&addr->addr) == AF_INET) {
1248  if (!addr_ipv4 && conn->entry_cfg.ipv4_traffic) {
1249  addr_ipv4 = addr;
1250  }
1251  } else if (tor_addr_family(&addr->addr) == AF_INET6) {
1252  if (!addr_ipv6 && conn->entry_cfg.ipv6_traffic) {
1253  addr_ipv6 = addr;
1254  }
1255  }
1256  } SMARTLIST_FOREACH_END(addr);
1257 
1258  /* Now figure out which type we wanted to deliver. */
1260  if (addr_hostname) {
1262  RESOLVED_TYPE_HOSTNAME,
1263  strlen(addr_hostname->hostname),
1264  (uint8_t*)addr_hostname->hostname,
1265  addr_hostname->ttl,-1);
1266  } else {
1268  RESOLVED_TYPE_ERROR,0,NULL,-1,-1);
1269  }
1270  return;
1271  }
1272 
1273  if (conn->entry_cfg.prefer_ipv6) {
1274  addr_best = addr_ipv6 ? addr_ipv6 : addr_ipv4;
1275  } else {
1276  addr_best = addr_ipv4 ? addr_ipv4 : addr_ipv6;
1277  }
1278 
1279  /* Now convert it to the ugly old interface */
1280  if (! addr_best) {
1282  RESOLVED_TYPE_ERROR,0,NULL,-1,-1);
1283  return;
1284  }
1285 
1287  &addr_best->addr,
1288  addr_best->ttl,
1289  -1);
1290 
1291  remap_event_helper(conn, &addr_best->addr);
1292 }
1293 
1294 /** Handle a RELAY_COMMAND_RESOLVED cell that we received on a non-open AP
1295  * stream. */
1296 STATIC int
1298  const cell_t *cell,
1299  const relay_header_t *rh)
1300 {
1301  entry_connection_t *entry_conn = EDGE_TO_ENTRY_CONN(conn);
1302  smartlist_t *resolved_addresses = NULL;
1303  int errcode = 0;
1304 
1305  if (conn->base_.state != AP_CONN_STATE_RESOLVE_WAIT) {
1306  log_fn(LOG_PROTOCOL_WARN, LD_APP, "Got a 'resolved' cell while "
1307  "not in state resolve_wait. Dropping.");
1308  return 0;
1309  }
1310  tor_assert(SOCKS_COMMAND_IS_RESOLVE(entry_conn->socks_request->command));
1311 
1312  resolved_addresses = smartlist_new();
1313  if (resolved_cell_parse(cell, rh, resolved_addresses, &errcode)) {
1314  log_fn(LOG_PROTOCOL_WARN, LD_PROTOCOL,
1315  "Dropping malformed 'resolved' cell");
1316  connection_mark_unattached_ap(entry_conn, END_STREAM_REASON_TORPROTOCOL);
1317  goto done;
1318  }
1319 
1320  if (get_options()->ClientDNSRejectInternalAddresses) {
1321  int orig_len = smartlist_len(resolved_addresses);
1322  SMARTLIST_FOREACH_BEGIN(resolved_addresses, address_ttl_t *, addr) {
1323  if (addr->hostname == NULL && tor_addr_is_internal(&addr->addr, 0)) {
1324  log_info(LD_APP, "Got a resolved cell with answer %s; dropping that "
1325  "answer.",
1326  safe_str_client(fmt_addr(&addr->addr)));
1327  address_ttl_free(addr);
1328  SMARTLIST_DEL_CURRENT(resolved_addresses, addr);
1329  }
1330  } SMARTLIST_FOREACH_END(addr);
1331  if (orig_len && smartlist_len(resolved_addresses) == 0) {
1332  log_info(LD_APP, "Got a resolved cell with only private addresses; "
1333  "dropping it.");
1335  RESOLVED_TYPE_ERROR_TRANSIENT,
1336  0, NULL, 0, TIME_MAX);
1337  connection_mark_unattached_ap(entry_conn,
1338  END_STREAM_REASON_TORPROTOCOL);
1339  goto done;
1340  }
1341  }
1342 
1343  /* This is valid data at this point. Count it */
1344  if (conn->on_circuit && CIRCUIT_IS_ORIGIN(conn->on_circuit)) {
1346  rh->length);
1347  }
1348 
1350  errcode,
1351  resolved_addresses);
1352 
1353  connection_mark_unattached_ap(entry_conn,
1354  END_STREAM_REASON_DONE |
1356 
1357  done:
1358  SMARTLIST_FOREACH(resolved_addresses, address_ttl_t *, addr,
1359  address_ttl_free(addr));
1360  smartlist_free(resolved_addresses);
1361  return 0;
1362 }
1363 
1364 /** An incoming relay cell has arrived from circuit <b>circ</b> to
1365  * stream <b>conn</b>.
1366  *
1367  * The arguments here are the same as in
1368  * connection_edge_process_relay_cell() below; this function is called
1369  * from there when <b>conn</b> is defined and not in an open state.
1370  */
1371 static int
1373  relay_header_t *rh, cell_t *cell, circuit_t *circ,
1374  edge_connection_t *conn, crypt_path_t *layer_hint)
1375 {
1376  if (rh->command == RELAY_COMMAND_END) {
1377  if (CIRCUIT_IS_ORIGIN(circ) && conn->base_.type == CONN_TYPE_AP) {
1378  return connection_ap_process_end_not_open(rh, cell,
1379  TO_ORIGIN_CIRCUIT(circ),
1380  EDGE_TO_ENTRY_CONN(conn),
1381  layer_hint);
1382  } else {
1383  /* we just got an 'end', don't need to send one */
1384  conn->edge_has_sent_end = 1;
1385  conn->end_reason = *(cell->payload+RELAY_HEADER_SIZE) |
1387  connection_mark_for_close(TO_CONN(conn));
1388  return 0;
1389  }
1390  }
1391 
1392  if (conn->base_.type == CONN_TYPE_AP &&
1393  rh->command == RELAY_COMMAND_CONNECTED) {
1394  tor_addr_t addr;
1395  int ttl;
1396  entry_connection_t *entry_conn = EDGE_TO_ENTRY_CONN(conn);
1398  if (conn->base_.state != AP_CONN_STATE_CONNECT_WAIT) {
1399  log_fn(LOG_PROTOCOL_WARN, LD_APP,
1400  "Got 'connected' while not in state connect_wait. Dropping.");
1401  return 0;
1402  }
1403  CONNECTION_AP_EXPECT_NONPENDING(entry_conn);
1404  conn->base_.state = AP_CONN_STATE_OPEN;
1405  log_info(LD_APP,"'connected' received for circid %u streamid %d "
1406  "after %d seconds.",
1407  (unsigned)circ->n_circ_id,
1408  rh->stream_id,
1409  (int)(time(NULL) - conn->base_.timestamp_last_read_allowed));
1410  if (connected_cell_parse(rh, cell, &addr, &ttl) < 0) {
1411  log_fn(LOG_PROTOCOL_WARN, LD_APP,
1412  "Got a badly formatted connected cell. Closing.");
1413  connection_edge_end(conn, END_STREAM_REASON_TORPROTOCOL);
1414  connection_mark_unattached_ap(entry_conn, END_STREAM_REASON_TORPROTOCOL);
1415  return 0;
1416  }
1417  if (tor_addr_family(&addr) != AF_UNSPEC) {
1418  /* The family is not UNSPEC: so we were given an address in the
1419  * connected cell. (This is normal, except for BEGINDIR and onion
1420  * service streams.) */
1421  const sa_family_t family = tor_addr_family(&addr);
1422  if (tor_addr_is_null(&addr) ||
1423  (get_options()->ClientDNSRejectInternalAddresses &&
1424  tor_addr_is_internal(&addr, 0))) {
1425  log_info(LD_APP, "...but it claims the IP address was %s. Closing.",
1426  fmt_addr(&addr));
1427  connection_edge_end(conn, END_STREAM_REASON_TORPROTOCOL);
1428  connection_mark_unattached_ap(entry_conn,
1429  END_STREAM_REASON_TORPROTOCOL);
1430  return 0;
1431  }
1432 
1433  if ((family == AF_INET && ! entry_conn->entry_cfg.ipv4_traffic) ||
1434  (family == AF_INET6 && ! entry_conn->entry_cfg.ipv6_traffic)) {
1435  log_fn(LOG_PROTOCOL_WARN, LD_APP,
1436  "Got a connected cell to %s with unsupported address family."
1437  " Closing.", fmt_addr(&addr));
1438  connection_edge_end(conn, END_STREAM_REASON_TORPROTOCOL);
1439  connection_mark_unattached_ap(entry_conn,
1440  END_STREAM_REASON_TORPROTOCOL);
1441  return 0;
1442  }
1443 
1444  client_dns_set_addressmap(entry_conn,
1445  entry_conn->socks_request->address, &addr,
1446  entry_conn->chosen_exit_name, ttl);
1447 
1448  remap_event_helper(entry_conn, &addr);
1449  }
1451  /* don't send a socks reply to transparent conns */
1452  tor_assert(entry_conn->socks_request != NULL);
1453  if (!entry_conn->socks_request->has_finished) {
1454  connection_ap_handshake_socks_reply(entry_conn, NULL, 0, 0);
1455  }
1456 
1457  /* Was it a linked dir conn? If so, a dir request just started to
1458  * fetch something; this could be a bootstrap status milestone. */
1459  log_debug(LD_APP, "considering");
1460  if (TO_CONN(conn)->linked_conn &&
1461  TO_CONN(conn)->linked_conn->type == CONN_TYPE_DIR) {
1462  connection_t *dirconn = TO_CONN(conn)->linked_conn;
1463  log_debug(LD_APP, "it is! %d", dirconn->purpose);
1464  switch (dirconn->purpose) {
1467  control_event_bootstrap(BOOTSTRAP_STATUS_LOADING_KEYS, 0);
1468  break;
1470  control_event_bootstrap(BOOTSTRAP_STATUS_LOADING_STATUS, 0);
1471  break;
1474  if (TO_DIR_CONN(dirconn)->router_purpose == ROUTER_PURPOSE_GENERAL)
1475  control_event_boot_dir(BOOTSTRAP_STATUS_LOADING_DESCRIPTORS,
1477  break;
1478  }
1479  }
1480  /* This is definitely a success, so forget about any pending data we
1481  * had sent. */
1482  if (entry_conn->pending_optimistic_data) {
1483  buf_free(entry_conn->pending_optimistic_data);
1484  entry_conn->pending_optimistic_data = NULL;
1485  }
1486 
1487  /* This is valid data at this point. Count it */
1489 
1490  /* handle anything that might have queued */
1491  if (connection_edge_package_raw_inbuf(conn, 1, NULL) < 0) {
1492  /* (We already sent an end cell if possible) */
1493  connection_mark_for_close(TO_CONN(conn));
1494  return 0;
1495  }
1496  return 0;
1497  }
1498  if (conn->base_.type == CONN_TYPE_AP &&
1499  rh->command == RELAY_COMMAND_RESOLVED) {
1500  return connection_edge_process_resolved_cell(conn, cell, rh);
1501  }
1502 
1503  log_fn(LOG_PROTOCOL_WARN, LD_PROTOCOL,
1504  "Got an unexpected relay command %d, in state %d (%s). Dropping.",
1505  rh->command, conn->base_.state,
1506  conn_state_to_string(conn->base_.type, conn->base_.state));
1507  return 0; /* for forward compatibility, don't kill the circuit */
1508 // connection_edge_end(conn, END_STREAM_REASON_TORPROTOCOL);
1509 // connection_mark_for_close(conn);
1510 // return -1;
1511 }
1512 
1513 /**
1514  * Return true iff our decryption layer_hint is from the last hop
1515  * in a circuit.
1516  */
1517 static bool
1519 {
1520  tor_assert(circ);
1521  tor_assert(layer_hint);
1522  tor_assert(circ->cpath);
1523 
1524  if (layer_hint != circ->cpath->prev) {
1525  log_fn(LOG_PROTOCOL_WARN, LD_CIRC,
1526  "Got unexpected relay data from intermediate hop");
1527  return false;
1528  }
1529  return true;
1530 }
1531 
1532 /** Process a SENDME cell that arrived on <b>circ</b>. If it is a stream level
1533  * cell, it is destined for the given <b>conn</b>. If it is a circuit level
1534  * cell, it is destined for the <b>layer_hint</b>. The <b>domain</b> is the
1535  * logging domain that should be used.
1536  *
1537  * Return 0 if everything went well or a negative value representing a circuit
1538  * end reason on error for which the caller is responsible for closing it. */
1539 static int
1541  circuit_t *circ, edge_connection_t *conn,
1542  crypt_path_t *layer_hint, int domain)
1543 {
1544  int ret;
1545 
1546  tor_assert(rh);
1547 
1548  if (!rh->stream_id) {
1549  /* Circuit level SENDME cell. */
1550  ret = sendme_process_circuit_level(layer_hint, circ,
1551  cell->payload + RELAY_HEADER_SIZE,
1552  rh->length);
1553  if (ret < 0) {
1554  return ret;
1555  }
1556  /* Resume reading on any streams now that we've processed a valid
1557  * SENDME cell that updated our package window. */
1558  circuit_resume_edge_reading(circ, layer_hint);
1559  /* We are done, the rest of the code is for the stream level. */
1560  return 0;
1561  }
1562 
1563  /* No connection, might be half edge state. We are done if so. */
1564  if (!conn) {
1565  if (CIRCUIT_IS_ORIGIN(circ)) {
1566  origin_circuit_t *ocirc = TO_ORIGIN_CIRCUIT(circ);
1568  rh->stream_id)) {
1569  circuit_read_valid_data(ocirc, rh->length);
1570  log_info(domain, "Sendme cell on circ %u valid on half-closed "
1571  "stream id %d",
1572  ocirc->global_identifier, rh->stream_id);
1573  }
1574  }
1575 
1576  log_info(domain, "SENDME cell dropped, unknown stream (streamid %d).",
1577  rh->stream_id);
1578  return 0;
1579  }
1580 
1581  /* Stream level SENDME cell. */
1582  // TODO: Turn this off for cc_alg=1,2,3; use XON/XOFF instead
1583  ret = sendme_process_stream_level(conn, circ, rh->length);
1584  if (ret < 0) {
1585  /* Means we need to close the circuit with reason ret. */
1586  return ret;
1587  }
1588 
1589  /* We've now processed properly a SENDME cell, all windows have been
1590  * properly updated, we'll read on the edge connection to see if we can
1591  * get data out towards the end point (Exit or client) since we are now
1592  * allowed to deliver more cells. */
1593 
1595  /* Still waiting for queue to flush; don't touch conn */
1596  return 0;
1597  }
1599  /* handle whatever might still be on the inbuf */
1600  if (connection_edge_package_raw_inbuf(conn, 1, NULL) < 0) {
1601  /* (We already sent an end cell if possible) */
1602  connection_mark_for_close(TO_CONN(conn));
1603  return 0;
1604  }
1605  return 0;
1606 }
1607 
1608 /** A helper for connection_edge_process_relay_cell(): Actually handles the
1609  * cell that we received on the connection.
1610  *
1611  * The arguments are the same as in the parent function
1612  * connection_edge_process_relay_cell(), plus the relay header <b>rh</b> as
1613  * unpacked by the parent function, and <b>optimistic_data</b> as set by the
1614  * parent function.
1615  */
1616 STATIC int
1618  edge_connection_t *conn, crypt_path_t *layer_hint,
1619  relay_header_t *rh, int optimistic_data)
1620 {
1621  unsigned domain = layer_hint?LD_APP:LD_EXIT;
1622  int reason;
1623 
1624  tor_assert(rh);
1625 
1626  /* First pass the cell to the circuit padding subsystem, in case it's a
1627  * padding cell or circuit that should be handled there. */
1628  if (circpad_check_received_cell(cell, circ, layer_hint, rh) == 0) {
1629  log_debug(domain, "Cell handled as circuit padding");
1630  return 0;
1631  }
1632 
1633  /* Now handle all the other commands */
1634  switch (rh->command) {
1635  case RELAY_COMMAND_BEGIN:
1636  case RELAY_COMMAND_BEGIN_DIR:
1637  if (layer_hint &&
1639  log_fn(LOG_PROTOCOL_WARN, LD_APP,
1640  "Relay begin request unsupported at AP. Dropping.");
1641  return 0;
1642  }
1643  if (circ->purpose == CIRCUIT_PURPOSE_S_REND_JOINED &&
1644  layer_hint != TO_ORIGIN_CIRCUIT(circ)->cpath->prev) {
1645  log_fn(LOG_PROTOCOL_WARN, LD_APP,
1646  "Relay begin request to Hidden Service "
1647  "from intermediary node. Dropping.");
1648  return 0;
1649  }
1650  if (conn) {
1651  log_fn(LOG_PROTOCOL_WARN, domain,
1652  "Begin cell for known stream. Dropping.");
1653  return 0;
1654  }
1655  if (rh->command == RELAY_COMMAND_BEGIN_DIR &&
1657  /* Assign this circuit and its app-ward OR connection a unique ID,
1658  * so that we can measure download times. The local edge and dir
1659  * connection will be assigned the same ID when they are created
1660  * and linked. */
1661  static uint64_t next_id = 0;
1662  circ->dirreq_id = ++next_id;
1663  TO_OR_CIRCUIT(circ)->p_chan->dirreq_id = circ->dirreq_id;
1664  }
1665  return connection_exit_begin_conn(cell, circ);
1666  case RELAY_COMMAND_DATA:
1668 
1669  /* Update our circuit-level deliver window that we received a DATA cell.
1670  * If the deliver window goes below 0, we end the circuit and stream due
1671  * to a protocol failure. */
1672  if (sendme_circuit_data_received(circ, layer_hint) < 0) {
1673  log_fn(LOG_PROTOCOL_WARN, LD_PROTOCOL,
1674  "(relay data) circ deliver_window below 0. Killing.");
1675  connection_edge_end_close(conn, END_STREAM_REASON_TORPROTOCOL);
1676  return -END_CIRC_REASON_TORPROTOCOL;
1677  }
1678 
1679  /* Consider sending a circuit-level SENDME cell. */
1680  sendme_circuit_consider_sending(circ, layer_hint);
1681 
1682  if (rh->stream_id == 0) {
1683  log_fn(LOG_PROTOCOL_WARN, LD_PROTOCOL, "Relay data cell with zero "
1684  "stream_id. Dropping.");
1685  return 0;
1686  } else if (!conn) {
1687  if (CIRCUIT_IS_ORIGIN(circ)) {
1688  origin_circuit_t *ocirc = TO_ORIGIN_CIRCUIT(circ);
1690  rh->stream_id)) {
1691  circuit_read_valid_data(ocirc, rh->length);
1692  log_info(domain,
1693  "data cell on circ %u valid on half-closed "
1694  "stream id %d", ocirc->global_identifier, rh->stream_id);
1695  }
1696  }
1697 
1698  log_info(domain,"data cell dropped, unknown stream (streamid %d).",
1699  rh->stream_id);
1700  return 0;
1701  }
1702 
1703  /* Update our stream-level deliver window that we just received a DATA
1704  * cell. Going below 0 means we have a protocol level error so the
1705  * stream and circuit are closed. */
1706 
1707  if (sendme_stream_data_received(conn) < 0) {
1708  log_fn(LOG_PROTOCOL_WARN, LD_PROTOCOL,
1709  "(relay data) conn deliver_window below 0. Killing.");
1710  connection_edge_end_close(conn, END_STREAM_REASON_TORPROTOCOL);
1711  return -END_CIRC_REASON_TORPROTOCOL;
1712  }
1713  /* Total all valid application bytes delivered */
1714  if (CIRCUIT_IS_ORIGIN(circ) && rh->length > 0) {
1716  }
1717 
1718  /* For onion service connection, update the metrics. */
1719  if (conn->hs_ident) {
1720  hs_metrics_app_write_bytes(&conn->hs_ident->identity_pk,
1721  conn->hs_ident->orig_virtual_port,
1722  rh->length);
1723  }
1724 
1726  connection_buf_add((char*)(cell->payload + RELAY_HEADER_SIZE),
1727  rh->length, TO_CONN(conn));
1728 
1729 #ifdef MEASUREMENTS_21206
1730  /* Count number of RELAY_DATA cells received on a linked directory
1731  * connection. */
1732  connection_t *linked_conn = TO_CONN(conn)->linked_conn;
1733 
1734  if (linked_conn && linked_conn->type == CONN_TYPE_DIR) {
1735  ++(TO_DIR_CONN(linked_conn)->data_cells_received);
1736  }
1737 #endif /* defined(MEASUREMENTS_21206) */
1738 
1739  if (!optimistic_data) {
1740  /* Only send a SENDME if we're not getting optimistic data; otherwise
1741  * a SENDME could arrive before the CONNECTED.
1742  */
1744  }
1745 
1746  return 0;
1747  case RELAY_COMMAND_XOFF:
1748  if (!conn) {
1749  if (CIRCUIT_IS_ORIGIN(circ)) {
1750  origin_circuit_t *ocirc = TO_ORIGIN_CIRCUIT(circ);
1751  if (relay_crypt_from_last_hop(ocirc, layer_hint) &&
1753  rh->stream_id)) {
1754  circuit_read_valid_data(ocirc, rh->length);
1755  }
1756  }
1757  return 0;
1758  }
1759 
1760  if (circuit_process_stream_xoff(conn, layer_hint, cell)) {
1761  if (CIRCUIT_IS_ORIGIN(circ)) {
1763  }
1764  }
1765  return 0;
1766  case RELAY_COMMAND_XON:
1767  if (!conn) {
1768  if (CIRCUIT_IS_ORIGIN(circ)) {
1769  origin_circuit_t *ocirc = TO_ORIGIN_CIRCUIT(circ);
1770  if (relay_crypt_from_last_hop(ocirc, layer_hint) &&
1772  rh->stream_id)) {
1773  circuit_read_valid_data(ocirc, rh->length);
1774  }
1775  }
1776  return 0;
1777  }
1778 
1779  if (circuit_process_stream_xon(conn, layer_hint, cell)) {
1780  if (CIRCUIT_IS_ORIGIN(circ)) {
1782  }
1783  }
1784  return 0;
1785  case RELAY_COMMAND_END:
1786  reason = rh->length > 0 ?
1787  get_uint8(cell->payload+RELAY_HEADER_SIZE) : END_STREAM_REASON_MISC;
1788  if (!conn) {
1789  if (CIRCUIT_IS_ORIGIN(circ)) {
1790  origin_circuit_t *ocirc = TO_ORIGIN_CIRCUIT(circ);
1791  if (relay_crypt_from_last_hop(ocirc, layer_hint) &&
1793  rh->stream_id)) {
1794 
1795  circuit_read_valid_data(ocirc, rh->length);
1796  log_info(domain,
1797  "end cell (%s) on circ %u valid on half-closed "
1798  "stream id %d",
1800  ocirc->global_identifier, rh->stream_id);
1801  return 0;
1802  }
1803  }
1804  log_info(domain,"end cell (%s) dropped, unknown stream.",
1805  stream_end_reason_to_string(reason));
1806  return 0;
1807  }
1808 /* XXX add to this log_fn the exit node's nickname? */
1809  log_info(domain,TOR_SOCKET_T_FORMAT": end cell (%s) for stream %d. "
1810  "Removing stream.",
1811  conn->base_.s,
1813  conn->stream_id);
1814  if (conn->base_.type == CONN_TYPE_AP) {
1815  entry_connection_t *entry_conn = EDGE_TO_ENTRY_CONN(conn);
1816  if (entry_conn->socks_request &&
1817  !entry_conn->socks_request->has_finished)
1818  log_warn(LD_BUG,
1819  "open stream hasn't sent socks answer yet? Closing.");
1820  }
1821  /* We just *got* an end; no reason to send one. */
1822  conn->edge_has_sent_end = 1;
1823  if (!conn->end_reason)
1824  conn->end_reason = reason | END_STREAM_REASON_FLAG_REMOTE;
1825  if (!conn->base_.marked_for_close) {
1826  /* only mark it if not already marked. it's possible to
1827  * get the 'end' right around when the client hangs up on us. */
1828  connection_mark_and_flush(TO_CONN(conn));
1829 
1830  /* Total all valid application bytes delivered */
1831  if (CIRCUIT_IS_ORIGIN(circ)) {
1833  }
1834  }
1835  return 0;
1836  case RELAY_COMMAND_EXTEND:
1837  case RELAY_COMMAND_EXTEND2: {
1838  static uint64_t total_n_extend=0, total_nonearly=0;
1839  total_n_extend++;
1840  if (rh->stream_id) {
1841  log_fn(LOG_PROTOCOL_WARN, domain,
1842  "'extend' cell received for non-zero stream. Dropping.");
1843  return 0;
1844  }
1845  if (cell->command != CELL_RELAY_EARLY &&
1846  !networkstatus_get_param(NULL,"AllowNonearlyExtend",0,0,1)) {
1847 #define EARLY_WARNING_INTERVAL 3600
1848  static ratelim_t early_warning_limit =
1849  RATELIM_INIT(EARLY_WARNING_INTERVAL);
1850  char *m;
1851  if (cell->command == CELL_RELAY) {
1852  ++total_nonearly;
1853  if ((m = rate_limit_log(&early_warning_limit, approx_time()))) {
1854  double percentage = ((double)total_nonearly)/total_n_extend;
1855  percentage *= 100;
1856  log_fn(LOG_PROTOCOL_WARN, domain, "EXTEND cell received, "
1857  "but not via RELAY_EARLY. Dropping.%s", m);
1858  log_fn(LOG_PROTOCOL_WARN, domain, " (We have dropped %.02f%% of "
1859  "all EXTEND cells for this reason)", percentage);
1860  tor_free(m);
1861  }
1862  } else {
1863  log_fn(LOG_WARN, domain,
1864  "EXTEND cell received, in a cell with type %d! Dropping.",
1865  cell->command);
1866  }
1867  return 0;
1868  }
1869  return circuit_extend(cell, circ);
1870  }
1871  case RELAY_COMMAND_EXTENDED:
1872  case RELAY_COMMAND_EXTENDED2:
1873  if (!layer_hint) {
1874  log_fn(LOG_PROTOCOL_WARN, LD_PROTOCOL,
1875  "'extended' unsupported at non-origin. Dropping.");
1876  return 0;
1877  }
1878  log_debug(domain,"Got an extended cell! Yay.");
1879  {
1880  extended_cell_t extended_cell;
1881  if (extended_cell_parse(&extended_cell, rh->command,
1882  (const uint8_t*)cell->payload+RELAY_HEADER_SIZE,
1883  rh->length)<0) {
1884  log_warn(LD_PROTOCOL,
1885  "Can't parse EXTENDED cell; killing circuit.");
1886  return -END_CIRC_REASON_TORPROTOCOL;
1887  }
1888  if ((reason = circuit_finish_handshake(TO_ORIGIN_CIRCUIT(circ),
1889  &extended_cell.created_cell)) < 0) {
1890  circuit_mark_for_close(circ, -reason);
1891  return 0; /* We don't want to cause a warning, so we mark the circuit
1892  * here. */
1893  }
1894  }
1895  if ((reason=circuit_send_next_onion_skin(TO_ORIGIN_CIRCUIT(circ)))<0) {
1896  log_info(domain,"circuit_send_next_onion_skin() failed.");
1897  return reason;
1898  }
1899  /* Total all valid bytes delivered. */
1900  if (CIRCUIT_IS_ORIGIN(circ)) {
1902  }
1903  return 0;
1904  case RELAY_COMMAND_TRUNCATE:
1905  if (layer_hint) {
1906  log_fn(LOG_PROTOCOL_WARN, LD_APP,
1907  "'truncate' unsupported at origin. Dropping.");
1908  return 0;
1909  }
1910  if (circ->n_hop) {
1911  if (circ->n_chan)
1912  log_warn(LD_BUG, "n_chan and n_hop set on the same circuit!");
1913  extend_info_free(circ->n_hop);
1914  circ->n_hop = NULL;
1917  }
1918  if (circ->n_chan) {
1919  uint8_t trunc_reason = get_uint8(cell->payload + RELAY_HEADER_SIZE);
1920  circuit_synchronize_written_or_bandwidth(circ, CIRCUIT_N_CHAN);
1921  circuit_clear_cell_queue(circ, circ->n_chan);
1922  channel_send_destroy(circ->n_circ_id, circ->n_chan,
1923  trunc_reason);
1924  circuit_set_n_circid_chan(circ, 0, NULL);
1925  }
1926  log_debug(LD_EXIT, "Processed 'truncate', replying.");
1927  {
1928  char payload[1];
1929  payload[0] = (char)END_CIRC_REASON_REQUESTED;
1930  relay_send_command_from_edge(0, circ, RELAY_COMMAND_TRUNCATED,
1931  payload, sizeof(payload), NULL);
1932  }
1933  return 0;
1934  case RELAY_COMMAND_TRUNCATED:
1935  if (!layer_hint) {
1936  log_fn(LOG_PROTOCOL_WARN, LD_EXIT,
1937  "'truncated' unsupported at non-origin. Dropping.");
1938  return 0;
1939  }
1940 
1941  /* Count the truncated as valid, for completeness. The
1942  * circuit is being torn down anyway, though. */
1943  if (CIRCUIT_IS_ORIGIN(circ)) {
1945  rh->length);
1946  }
1949  return 0;
1950  case RELAY_COMMAND_CONNECTED:
1951  if (conn) {
1952  log_fn(LOG_PROTOCOL_WARN, LD_PROTOCOL,
1953  "'connected' unsupported while open. Closing circ.");
1954  return -END_CIRC_REASON_TORPROTOCOL;
1955  }
1956 
1957  if (CIRCUIT_IS_ORIGIN(circ)) {
1958  origin_circuit_t *ocirc = TO_ORIGIN_CIRCUIT(circ);
1960  rh->stream_id)) {
1961  circuit_read_valid_data(ocirc, rh->length);
1962  log_info(domain,
1963  "connected cell on circ %u valid on half-closed "
1964  "stream id %d", ocirc->global_identifier, rh->stream_id);
1965  return 0;
1966  }
1967  }
1968 
1969  log_info(domain,
1970  "'connected' received on circid %u for streamid %d, "
1971  "no conn attached anymore. Ignoring.",
1972  (unsigned)circ->n_circ_id, rh->stream_id);
1973  return 0;
1974  case RELAY_COMMAND_SENDME:
1975  return process_sendme_cell(rh, cell, circ, conn, layer_hint, domain);
1976  case RELAY_COMMAND_RESOLVE:
1977  if (layer_hint) {
1978  log_fn(LOG_PROTOCOL_WARN, LD_APP,
1979  "resolve request unsupported at AP; dropping.");
1980  return 0;
1981  } else if (conn) {
1982  log_fn(LOG_PROTOCOL_WARN, domain,
1983  "resolve request for known stream; dropping.");
1984  return 0;
1985  } else if (circ->purpose != CIRCUIT_PURPOSE_OR) {
1986  log_fn(LOG_PROTOCOL_WARN, domain,
1987  "resolve request on circ with purpose %d; dropping",
1988  circ->purpose);
1989  return 0;
1990  }
1992  return 0;
1993  case RELAY_COMMAND_RESOLVED:
1994  if (conn) {
1995  log_fn(LOG_PROTOCOL_WARN, domain,
1996  "'resolved' unsupported while open. Closing circ.");
1997  return -END_CIRC_REASON_TORPROTOCOL;
1998  }
1999 
2000  if (CIRCUIT_IS_ORIGIN(circ)) {
2001  origin_circuit_t *ocirc = TO_ORIGIN_CIRCUIT(circ);
2002  if (relay_crypt_from_last_hop(ocirc, layer_hint) &&
2004  rh->stream_id)) {
2005  circuit_read_valid_data(ocirc, rh->length);
2006  log_info(domain,
2007  "resolved cell on circ %u valid on half-closed "
2008  "stream id %d", ocirc->global_identifier, rh->stream_id);
2009  return 0;
2010  }
2011  }
2012 
2013  log_info(domain,
2014  "'resolved' received, no conn attached anymore. Ignoring.");
2015  return 0;
2016  case RELAY_COMMAND_ESTABLISH_INTRO:
2017  case RELAY_COMMAND_ESTABLISH_RENDEZVOUS:
2018  case RELAY_COMMAND_INTRODUCE1:
2019  case RELAY_COMMAND_INTRODUCE2:
2020  case RELAY_COMMAND_INTRODUCE_ACK:
2021  case RELAY_COMMAND_RENDEZVOUS1:
2022  case RELAY_COMMAND_RENDEZVOUS2:
2023  case RELAY_COMMAND_INTRO_ESTABLISHED:
2024  case RELAY_COMMAND_RENDEZVOUS_ESTABLISHED:
2025  rend_process_relay_cell(circ, layer_hint,
2026  rh->command, rh->length,
2027  cell->payload+RELAY_HEADER_SIZE);
2028  return 0;
2029  }
2030  log_fn(LOG_PROTOCOL_WARN, LD_PROTOCOL,
2031  "Received unknown relay command %d. Perhaps the other side is using "
2032  "a newer version of Tor? Dropping.",
2033  rh->command);
2034  return 0; /* for forward compatibility, don't kill the circuit */
2035 }
2036 
2037 /** An incoming relay cell has arrived on circuit <b>circ</b>. If
2038  * <b>conn</b> is NULL this is a control cell, else <b>cell</b> is
2039  * destined for <b>conn</b>.
2040  *
2041  * If <b>layer_hint</b> is defined, then we're the origin of the
2042  * circuit, and it specifies the hop that packaged <b>cell</b>.
2043  *
2044  * Return -reason if you want to warn and tear down the circuit, else 0.
2045  */
2046 STATIC int
2048  edge_connection_t *conn,
2049  crypt_path_t *layer_hint)
2050 {
2051  static int num_seen=0;
2052  relay_header_t rh;
2053  unsigned domain = layer_hint?LD_APP:LD_EXIT;
2054  int optimistic_data = 0; /* Set to 1 if we receive data on a stream
2055  * that's in the EXIT_CONN_STATE_RESOLVING
2056  * or EXIT_CONN_STATE_CONNECTING states. */
2057 
2058  tor_assert(cell);
2059  tor_assert(circ);
2060 
2061  relay_header_unpack(&rh, cell->payload);
2062 // log_fn(LOG_DEBUG,"command %d stream %d", rh.command, rh.stream_id);
2063  num_seen++;
2064  log_debug(domain, "Now seen %d relay cells here (command %d, stream %d).",
2065  num_seen, rh.command, rh.stream_id);
2066 
2067  if (rh.length > RELAY_PAYLOAD_SIZE) {
2068  log_fn(LOG_PROTOCOL_WARN, LD_PROTOCOL,
2069  "Relay cell length field too long. Closing circuit.");
2070  return - END_CIRC_REASON_TORPROTOCOL;
2071  }
2072 
2073  if (rh.stream_id == 0) {
2074  switch (rh.command) {
2075  case RELAY_COMMAND_BEGIN:
2076  case RELAY_COMMAND_CONNECTED:
2077  case RELAY_COMMAND_END:
2078  case RELAY_COMMAND_RESOLVE:
2079  case RELAY_COMMAND_RESOLVED:
2080  case RELAY_COMMAND_BEGIN_DIR:
2081  log_fn(LOG_PROTOCOL_WARN, LD_PROTOCOL, "Relay command %d with zero "
2082  "stream_id. Dropping.", (int)rh.command);
2083  return 0;
2084  default:
2085  ;
2086  }
2087  }
2088 
2089  /* Tell circpad that we've received a recognized cell */
2091 
2092  /* either conn is NULL, in which case we've got a control cell, or else
2093  * conn points to the recognized stream. */
2094  if (conn && !connection_state_is_open(TO_CONN(conn))) {
2095  if (conn->base_.type == CONN_TYPE_EXIT &&
2096  (conn->base_.state == EXIT_CONN_STATE_CONNECTING ||
2097  conn->base_.state == EXIT_CONN_STATE_RESOLVING) &&
2098  rh.command == RELAY_COMMAND_DATA) {
2099  /* Allow DATA cells to be delivered to an exit node in state
2100  * EXIT_CONN_STATE_CONNECTING or EXIT_CONN_STATE_RESOLVING.
2101  * This speeds up HTTP, for example. */
2102  optimistic_data = 1;
2103  } else if (rh.stream_id == 0 && rh.command == RELAY_COMMAND_DATA) {
2104  log_warn(LD_BUG, "Somehow I had a connection that matched a "
2105  "data cell with stream ID 0.");
2106  } else {
2108  &rh, cell, circ, conn, layer_hint);
2109  }
2110  }
2111 
2112  return handle_relay_cell_command(cell, circ, conn, layer_hint,
2113  &rh, optimistic_data);
2114 }
2115 
2116 /** How many relay_data cells have we built, ever? */
2118 /** How many bytes of data have we put in relay_data cells have we built,
2119  * ever? This would be RELAY_PAYLOAD_SIZE*stats_n_data_cells_packaged if
2120  * every relay cell we ever sent were completely full of data. */
2122 /** How many relay_data cells have we received, ever? */
2124 /** How many bytes of data have we received relay_data cells, ever? This would
2125  * be RELAY_PAYLOAD_SIZE*stats_n_data_cells_packaged if every relay cell we
2126  * ever received were completely full of data. */
2128 
2129 /**
2130  * Called when initializing a circuit, or when we have reached the end of the
2131  * window in which we need to send some randomness so that incoming sendme
2132  * cells will be unpredictable. Resets the flags and picks a new window.
2133  */
2134 void
2136 {
2138  // XXX: do we need to change this check for congestion control?
2141 }
2142 
2143 /**
2144  * Any relay data payload containing fewer than this many real bytes is
2145  * considered to have enough randomness to.
2146  **/
2147 #define RELAY_PAYLOAD_LENGTH_FOR_RANDOM_SENDMES \
2148  (RELAY_PAYLOAD_SIZE - CELL_PADDING_GAP - 16)
2149 
2150 /**
2151  * Helper. Return the number of bytes that should be put into a cell from a
2152  * given edge connection on which <b>n_available</b> bytes are available.
2153  */
2154 STATIC size_t
2156  int package_partial,
2157  circuit_t *on_circuit)
2158 {
2159  if (!n_available)
2160  return 0;
2161 
2162  /* Do we need to force this payload to have space for randomness? */
2163  const bool force_random_bytes =
2164  (on_circuit->send_randomness_after_n_cells == 0) &&
2165  (! on_circuit->have_sent_sufficiently_random_cell);
2166 
2167  /* At most how much would we like to send in this cell? */
2168  size_t target_length;
2169  if (force_random_bytes) {
2171  } else {
2172  target_length = RELAY_PAYLOAD_SIZE;
2173  }
2174 
2175  /* Decide how many bytes we will actually put into this cell. */
2176  size_t package_length;
2177  if (n_available >= target_length) { /* A full payload is available. */
2178  package_length = target_length;
2179  } else { /* not a full payload available */
2180  if (package_partial)
2181  package_length = n_available; /* just take whatever's available now */
2182  else
2183  return 0; /* nothing to do until we have a full payload */
2184  }
2185 
2186  /* If we reach this point, we will be definitely sending the cell. */
2187  tor_assert_nonfatal(package_length > 0);
2188 
2189  if (package_length <= RELAY_PAYLOAD_LENGTH_FOR_RANDOM_SENDMES) {
2190  /* This cell will have enough randomness in the padding to make a future
2191  * sendme cell unpredictable. */
2192  on_circuit->have_sent_sufficiently_random_cell = 1;
2193  }
2194 
2195  if (on_circuit->send_randomness_after_n_cells == 0) {
2196  /* Either this cell, or some previous cell, had enough padding to
2197  * ensure sendme unpredictability. */
2198  tor_assert_nonfatal(on_circuit->have_sent_sufficiently_random_cell);
2199  /* Pick a new interval in which we need to send randomness. */
2200  circuit_reset_sendme_randomness(on_circuit);
2201  }
2202 
2203  --on_circuit->send_randomness_after_n_cells;
2204 
2205  return package_length;
2206 }
2207 
2208 /** If <b>conn</b> has an entire relay payload of bytes on its inbuf (or
2209  * <b>package_partial</b> is true), and the appropriate package windows aren't
2210  * empty, grab a cell and send it down the circuit.
2211  *
2212  * If *<b>max_cells</b> is given, package no more than max_cells. Decrement
2213  * *<b>max_cells</b> by the number of cells packaged.
2214  *
2215  * Return -1 (and send a RELAY_COMMAND_END cell if necessary) if conn should
2216  * be marked for close, else return 0.
2217  */
2218 int
2220  int *max_cells)
2221 {
2222  size_t bytes_to_process, length;
2223  char payload[CELL_PAYLOAD_SIZE];
2224  circuit_t *circ;
2225  const unsigned domain = conn->base_.type == CONN_TYPE_AP ? LD_APP : LD_EXIT;
2226  int sending_from_optimistic = 0;
2227  entry_connection_t *entry_conn =
2228  conn->base_.type == CONN_TYPE_AP ? EDGE_TO_ENTRY_CONN(conn) : NULL;
2229  const int sending_optimistically =
2230  entry_conn &&
2231  conn->base_.type == CONN_TYPE_AP &&
2232  conn->base_.state != AP_CONN_STATE_OPEN;
2233  crypt_path_t *cpath_layer = conn->cpath_layer;
2234 
2235  tor_assert(conn);
2236 
2237  if (conn->base_.marked_for_close) {
2238  log_warn(LD_BUG,
2239  "called on conn that's already marked for close at %s:%d.",
2240  conn->base_.marked_for_close_file, conn->base_.marked_for_close);
2241  return 0;
2242  }
2243 
2244  if (max_cells && *max_cells <= 0)
2245  return 0;
2246 
2247  repeat_connection_edge_package_raw_inbuf:
2248 
2249  circ = circuit_get_by_edge_conn(conn);
2250  if (!circ) {
2251  log_info(domain,"conn has no circuit! Closing.");
2253  return -1;
2254  }
2255 
2256  if (circuit_consider_stop_edge_reading(circ, cpath_layer))
2257  return 0;
2258 
2259  if (conn->package_window <= 0) {
2260  log_info(domain,"called with package_window %d. Skipping.",
2261  conn->package_window);
2263  return 0;
2264  }
2265 
2266  sending_from_optimistic = entry_conn &&
2267  entry_conn->sending_optimistic_data != NULL;
2268 
2269  if (PREDICT_UNLIKELY(sending_from_optimistic)) {
2270  bytes_to_process = buf_datalen(entry_conn->sending_optimistic_data);
2271  if (PREDICT_UNLIKELY(!bytes_to_process)) {
2272  log_warn(LD_BUG, "sending_optimistic_data was non-NULL but empty");
2273  bytes_to_process = connection_get_inbuf_len(TO_CONN(conn));
2274  sending_from_optimistic = 0;
2275  }
2276  } else {
2277  bytes_to_process = connection_get_inbuf_len(TO_CONN(conn));
2278  }
2279 
2280  length = connection_edge_get_inbuf_bytes_to_package(bytes_to_process,
2281  package_partial, circ);
2282  if (!length)
2283  return 0;
2284 
2285  /* If we reach this point, we will definitely be packaging bytes into
2286  * a cell. */
2287 
2288  stats_n_data_bytes_packaged += length;
2290 
2291  if (PREDICT_UNLIKELY(sending_from_optimistic)) {
2292  /* XXXX We could be more efficient here by sometimes packing
2293  * previously-sent optimistic data in the same cell with data
2294  * from the inbuf. */
2295  buf_get_bytes(entry_conn->sending_optimistic_data, payload, length);
2296  if (!buf_datalen(entry_conn->sending_optimistic_data)) {
2297  buf_free(entry_conn->sending_optimistic_data);
2298  entry_conn->sending_optimistic_data = NULL;
2299  }
2300  } else {
2301  connection_buf_get_bytes(payload, length, TO_CONN(conn));
2302  }
2303 
2304  log_debug(domain,TOR_SOCKET_T_FORMAT": Packaging %d bytes (%d waiting).",
2305  conn->base_.s,
2306  (int)length, (int)connection_get_inbuf_len(TO_CONN(conn)));
2307 
2308  if (sending_optimistically && !sending_from_optimistic) {
2309  /* This is new optimistic data; remember it in case we need to detach and
2310  retry */
2311  if (!entry_conn->pending_optimistic_data)
2312  entry_conn->pending_optimistic_data = buf_new();
2313  buf_add(entry_conn->pending_optimistic_data, payload, length);
2314  }
2315 
2316  if (connection_edge_send_command(conn, RELAY_COMMAND_DATA,
2317  payload, length) < 0 ) {
2318  /* circuit got marked for close, don't continue, don't need to mark conn */
2319  return 0;
2320  }
2321 
2322  /* Handle the circuit-level SENDME package window. */
2323  if (sendme_note_circuit_data_packaged(circ, cpath_layer) < 0) {
2324  /* Package window has gone under 0. Protocol issue. */
2325  log_fn(LOG_PROTOCOL_WARN, LD_PROTOCOL,
2326  "Circuit package window is below 0. Closing circuit.");
2327  conn->end_reason = END_STREAM_REASON_TORPROTOCOL;
2328  return -1;
2329  }
2330 
2331  /* Handle the stream-level SENDME package window. */
2332  if (sendme_note_stream_data_packaged(conn, length) < 0) {
2334  log_debug(domain,"conn->package_window reached 0.");
2335  circuit_consider_stop_edge_reading(circ, cpath_layer);
2336  return 0; /* don't process the inbuf any more */
2337  }
2338  log_debug(domain,"conn->package_window is now %d",conn->package_window);
2339 
2340  if (max_cells) {
2341  *max_cells -= 1;
2342  if (*max_cells <= 0)
2343  return 0;
2344  }
2345 
2346  /* handle more if there's more, or return 0 if there isn't */
2347  goto repeat_connection_edge_package_raw_inbuf;
2348 }
2349 
2350 /** The circuit <b>circ</b> has received a circuit-level sendme
2351  * (on hop <b>layer_hint</b>, if we're the OP). Go through all the
2352  * attached streams and let them resume reading and packaging, if
2353  * their stream windows allow it.
2354  */
2355 static void
2357 {
2359  log_debug(layer_hint?LD_APP:LD_EXIT,"Too big queue, no resuming");
2360  return;
2361  }
2362  log_debug(layer_hint?LD_APP:LD_EXIT,"resuming");
2363 
2364  if (CIRCUIT_IS_ORIGIN(circ))
2366  circ, layer_hint);
2367  else
2369  circ, layer_hint);
2370 }
2371 
2372 /** A helper function for circuit_resume_edge_reading() above.
2373  * The arguments are the same, except that <b>conn</b> is the head
2374  * of a linked list of edge streams that should each be considered.
2375  */
2376 static int
2378  circuit_t *circ,
2379  crypt_path_t *layer_hint)
2380 {
2381  edge_connection_t *conn;
2382  int n_packaging_streams, n_streams_left;
2383  int packaged_this_round;
2384  int cells_on_queue;
2385  int cells_per_conn;
2386  edge_connection_t *chosen_stream = NULL;
2387  int max_to_package;
2388 
2389  if (first_conn == NULL) {
2390  /* Don't bother to try to do the rest of this if there are no connections
2391  * to resume. */
2392  return 0;
2393  }
2394 
2395  /* How many cells do we have space for? It will be the minimum of
2396  * the number needed to exhaust the package window, and the minimum
2397  * needed to fill the cell queue. */
2398 
2399  max_to_package = congestion_control_get_package_window(circ, layer_hint);
2400  if (CIRCUIT_IS_ORIGIN(circ)) {
2401  cells_on_queue = circ->n_chan_cells.n;
2402  } else {
2403  or_circuit_t *or_circ = TO_OR_CIRCUIT(circ);
2404  cells_on_queue = or_circ->p_chan_cells.n;
2405  }
2406  if (cell_queue_highwatermark() - cells_on_queue < max_to_package)
2407  max_to_package = cell_queue_highwatermark() - cells_on_queue;
2408 
2409  /* Once we used to start listening on the streams in the order they
2410  * appeared in the linked list. That leads to starvation on the
2411  * streams that appeared later on the list, since the first streams
2412  * would always get to read first. Instead, we just pick a random
2413  * stream on the list, and enable reading for streams starting at that
2414  * point (and wrapping around as if the list were circular). It would
2415  * probably be better to actually remember which streams we've
2416  * serviced in the past, but this is simple and effective. */
2417 
2418  /* Select a stream uniformly at random from the linked list. We
2419  * don't need cryptographic randomness here. */
2420  {
2421  int num_streams = 0;
2422  for (conn = first_conn; conn; conn = conn->next_stream) {
2423  num_streams++;
2424 
2425  if (crypto_fast_rng_one_in_n(get_thread_fast_rng(), num_streams)) {
2426  chosen_stream = conn;
2427  }
2428  /* Invariant: chosen_stream has been chosen uniformly at random from
2429  * among the first num_streams streams on first_conn.
2430  *
2431  * (Note that we iterate over every stream on the circuit, so that after
2432  * we've considered the first stream, we've chosen it with P=1; and
2433  * after we consider the second stream, we've switched to it with P=1/2
2434  * and stayed with the first stream with P=1/2; and after we've
2435  * considered the third stream, we've switched to it with P=1/3 and
2436  * remained with one of the first two streams with P=(2/3), giving each
2437  * one P=(1/2)(2/3) )=(1/3).) */
2438  }
2439  }
2440 
2441  /* Count how many non-marked streams there are that have anything on
2442  * their inbuf, and enable reading on all of the connections. */
2443  n_packaging_streams = 0;
2444  /* Activate reading starting from the chosen stream */
2445  for (conn=chosen_stream; conn; conn = conn->next_stream) {
2446  /* Start reading for the streams starting from here */
2447  if (conn->base_.marked_for_close || conn->package_window <= 0 ||
2448  conn->xoff_received)
2449  continue;
2450  if (!layer_hint || conn->cpath_layer == layer_hint) {
2452 
2453  if (connection_get_inbuf_len(TO_CONN(conn)) > 0)
2454  ++n_packaging_streams;
2455  }
2456  }
2457  /* Go back and do the ones we skipped, circular-style */
2458  for (conn = first_conn; conn != chosen_stream; conn = conn->next_stream) {
2459  if (conn->base_.marked_for_close || conn->package_window <= 0 ||
2460  conn->xoff_received)
2461  continue;
2462  if (!layer_hint || conn->cpath_layer == layer_hint) {
2464 
2465  if (connection_get_inbuf_len(TO_CONN(conn)) > 0)
2466  ++n_packaging_streams;
2467  }
2468  }
2469 
2470  if (n_packaging_streams == 0) /* avoid divide-by-zero */
2471  return 0;
2472 
2473  again:
2474 
2475  cells_per_conn = CEIL_DIV(max_to_package, n_packaging_streams);
2476 
2477  packaged_this_round = 0;
2478  n_streams_left = 0;
2479 
2480  /* Iterate over all connections. Package up to cells_per_conn cells on
2481  * each. Update packaged_this_round with the total number of cells
2482  * packaged, and n_streams_left with the number that still have data to
2483  * package.
2484  */
2485  for (conn=first_conn; conn; conn=conn->next_stream) {
2486  if (conn->base_.marked_for_close || conn->package_window <= 0)
2487  continue;
2488  if (!layer_hint || conn->cpath_layer == layer_hint) {
2489  int n = cells_per_conn, r;
2490  /* handle whatever might still be on the inbuf */
2491  r = connection_edge_package_raw_inbuf(conn, 1, &n);
2492 
2493  /* Note how many we packaged */
2494  packaged_this_round += (cells_per_conn-n);
2495 
2496  if (r<0) {
2497  /* Problem while packaging. (We already sent an end cell if
2498  * possible) */
2499  connection_mark_for_close(TO_CONN(conn));
2500  continue;
2501  }
2502 
2503  /* If there's still data to read, we'll be coming back to this stream. */
2504  if (connection_get_inbuf_len(TO_CONN(conn)))
2505  ++n_streams_left;
2506 
2507  /* If the circuit won't accept any more data, return without looking
2508  * at any more of the streams. Any connections that should be stopped
2509  * have already been stopped by connection_edge_package_raw_inbuf. */
2510  if (circuit_consider_stop_edge_reading(circ, layer_hint))
2511  return -1;
2512  /* XXXX should we also stop immediately if we fill up the cell queue?
2513  * Probably. */
2514  }
2515  }
2516 
2517  /* If we made progress, and we are willing to package more, and there are
2518  * any streams left that want to package stuff... try again!
2519  */
2520  if (packaged_this_round && packaged_this_round < max_to_package &&
2521  n_streams_left) {
2522  max_to_package -= packaged_this_round;
2523  n_packaging_streams = n_streams_left;
2524  goto again;
2525  }
2526 
2527  return 0;
2528 }
2529 
2530 /** Check if the package window for <b>circ</b> is empty (at
2531  * hop <b>layer_hint</b> if it's defined).
2532  *
2533  * If yes, tell edge streams to stop reading and return 1.
2534  * Else return 0.
2535  */
2536 static int
2538 {
2539  edge_connection_t *conn = NULL;
2540  unsigned domain = layer_hint ? LD_APP : LD_EXIT;
2541 
2542  if (!layer_hint) {
2543  or_circuit_t *or_circ = TO_OR_CIRCUIT(circ);
2544  log_debug(domain,"considering circ->package_window %d",
2545  circ->package_window);
2546  if (congestion_control_get_package_window(circ, layer_hint) <= 0) {
2547  log_debug(domain,"yes, not-at-origin. stopped.");
2548  for (conn = or_circ->n_streams; conn; conn=conn->next_stream)
2550  return 1;
2551  }
2552  return 0;
2553  }
2554  /* else, layer hint is defined, use it */
2555  log_debug(domain,"considering layer_hint->package_window %d",
2556  layer_hint->package_window);
2557  if (congestion_control_get_package_window(circ, layer_hint) <= 0) {
2558  log_debug(domain,"yes, at-origin. stopped.");
2559  for (conn = TO_ORIGIN_CIRCUIT(circ)->p_streams; conn;
2560  conn=conn->next_stream) {
2561  if (conn->cpath_layer == layer_hint)
2563  }
2564  return 1;
2565  }
2566  return 0;
2567 }
2568 
2569 /** The total number of cells we have allocated. */
2570 static size_t total_cells_allocated = 0;
2571 
2572 /** Release storage held by <b>cell</b>. */
2573 static inline void
2575 {
2577  tor_free(cell);
2578 }
2579 
2580 /** Allocate and return a new packed_cell_t. */
2583 {
2585  return tor_malloc_zero(sizeof(packed_cell_t));
2586 }
2587 
2588 /** Return a packed cell used outside by channel_t lower layer */
2589 void
2591 {
2592  if (!cell)
2593  return;
2595 }
2596 
2597 /** Log current statistics for cell pool allocation at log level
2598  * <b>severity</b>. */
2599 void
2601 {
2602  int n_circs = 0;
2603  int n_cells = 0;
2605  n_cells += c->n_chan_cells.n;
2606  if (!CIRCUIT_IS_ORIGIN(c))
2607  n_cells += TO_OR_CIRCUIT(c)->p_chan_cells.n;
2608  ++n_circs;
2609  }
2610  SMARTLIST_FOREACH_END(c);
2611  tor_log(severity, LD_MM,
2612  "%d cells allocated on %d circuits. %d cells leaked.",
2613  n_cells, n_circs, (int)total_cells_allocated - n_cells);
2614 }
2615 
2616 /** Allocate a new copy of packed <b>cell</b>. */
2617 static inline packed_cell_t *
2618 packed_cell_copy(const cell_t *cell, int wide_circ_ids)
2619 {
2621  cell_pack(c, cell, wide_circ_ids);
2622  return c;
2623 }
2624 
2625 /** Append <b>cell</b> to the end of <b>queue</b>. */
2626 void
2628 {
2629  TOR_SIMPLEQ_INSERT_TAIL(&queue->head, cell, next);
2630  ++queue->n;
2631 }
2632 
2633 /** Append a newly allocated copy of <b>cell</b> to the end of the
2634  * <b>exitward</b> (or app-ward) <b>queue</b> of <b>circ</b>. If
2635  * <b>use_stats</b> is true, record statistics about the cell.
2636  */
2637 void
2639  int exitward, const cell_t *cell,
2640  int wide_circ_ids, int use_stats)
2641 {
2642  packed_cell_t *copy = packed_cell_copy(cell, wide_circ_ids);
2643  (void)circ;
2644  (void)exitward;
2645  (void)use_stats;
2646 
2648 
2649  cell_queue_append(queue, copy);
2650 }
2651 
2652 /** Initialize <b>queue</b> as an empty cell queue. */
2653 void
2655 {
2656  memset(queue, 0, sizeof(cell_queue_t));
2657  TOR_SIMPLEQ_INIT(&queue->head);
2658 }
2659 
2660 /** Remove and free every cell in <b>queue</b>. */
2661 void
2663 {
2664  packed_cell_t *cell;
2665  while ((cell = TOR_SIMPLEQ_FIRST(&queue->head))) {
2666  TOR_SIMPLEQ_REMOVE_HEAD(&queue->head, next);
2668  }
2669  TOR_SIMPLEQ_INIT(&queue->head);
2670  queue->n = 0;
2671 }
2672 
2673 /** Extract and return the cell at the head of <b>queue</b>; return NULL if
2674  * <b>queue</b> is empty. */
2677 {
2678  packed_cell_t *cell = TOR_SIMPLEQ_FIRST(&queue->head);
2679  if (!cell)
2680  return NULL;
2681  TOR_SIMPLEQ_REMOVE_HEAD(&queue->head, next);
2682  --queue->n;
2683  return cell;
2684 }
2685 
2686 /** Initialize <b>queue</b> as an empty cell queue. */
2687 void
2689 {
2690  memset(queue, 0, sizeof(destroy_cell_queue_t));
2691  TOR_SIMPLEQ_INIT(&queue->head);
2692 }
2693 
2694 /** Remove and free every cell in <b>queue</b>. */
2695 void
2697 {
2698  destroy_cell_t *cell;
2699  while ((cell = TOR_SIMPLEQ_FIRST(&queue->head))) {
2700  TOR_SIMPLEQ_REMOVE_HEAD(&queue->head, next);
2701  tor_free(cell);
2702  }
2703  TOR_SIMPLEQ_INIT(&queue->head);
2704  queue->n = 0;
2705 }
2706 
2707 /** Extract and return the cell at the head of <b>queue</b>; return NULL if
2708  * <b>queue</b> is empty. */
2711 {
2712  destroy_cell_t *cell = TOR_SIMPLEQ_FIRST(&queue->head);
2713  if (!cell)
2714  return NULL;
2715  TOR_SIMPLEQ_REMOVE_HEAD(&queue->head, next);
2716  --queue->n;
2717  return cell;
2718 }
2719 
2720 /** Append a destroy cell for <b>circid</b> to <b>queue</b>. */
2721 void
2723  circid_t circid,
2724  uint8_t reason)
2725 {
2726  destroy_cell_t *cell = tor_malloc_zero(sizeof(destroy_cell_t));
2727  cell->circid = circid;
2728  cell->reason = reason;
2729  /* Not yet used, but will be required for OOM handling. */
2731 
2732  TOR_SIMPLEQ_INSERT_TAIL(&queue->head, cell, next);
2733  ++queue->n;
2734 }
2735 
2736 /** Convert a destroy_cell_t to a newly allocated cell_t. Frees its input. */
2737 static packed_cell_t *
2739 {
2740  packed_cell_t *packed = packed_cell_new();
2741  cell_t cell;
2742  memset(&cell, 0, sizeof(cell));
2743  cell.circ_id = inp->circid;
2744  cell.command = CELL_DESTROY;
2745  cell.payload[0] = inp->reason;
2746  cell_pack(packed, &cell, wide_circ_ids);
2747 
2748  tor_free(inp);
2749  return packed;
2750 }
2751 
2752 /** Return the total number of bytes used for each packed_cell in a queue.
2753  * Approximate. */
2754 size_t
2756 {
2757  return sizeof(packed_cell_t);
2758 }
2759 
2760 /* DOCDOC */
2761 size_t
2762 cell_queues_get_total_allocation(void)
2763 {
2765 }
2766 
2767 /** How long after we've been low on memory should we try to conserve it? */
2768 #define MEMORY_PRESSURE_INTERVAL (30*60)
2769 
2770 /** The time at which we were last low on memory. */
2772 
2773 /** Statistics on how many bytes were removed by the OOM per type. */
2775 uint64_t oom_stats_n_bytes_removed_cell = 0;
2776 uint64_t oom_stats_n_bytes_removed_geoip = 0;
2777 uint64_t oom_stats_n_bytes_removed_hsdir = 0;
2778 
2779 /** Check whether we've got too much space used for cells. If so,
2780  * call the OOM handler and return 1. Otherwise, return 0. */
2781 STATIC int
2783 {
2784  size_t removed = 0;
2785  time_t now = time(NULL);
2786  size_t alloc = cell_queues_get_total_allocation();
2788  alloc += buf_get_total_allocation();
2790  const size_t hs_cache_total = hs_cache_get_total_allocation();
2791  alloc += hs_cache_total;
2792  const size_t geoip_client_cache_total =
2793  geoip_client_cache_total_allocation();
2794  alloc += geoip_client_cache_total;
2795  const size_t dns_cache_total = dns_cache_total_allocation();
2796  alloc += dns_cache_total;
2797  if (alloc >= get_options()->MaxMemInQueues_low_threshold) {
2799  if (alloc >= get_options()->MaxMemInQueues) {
2800  /* Note this overload down */
2801  rep_hist_note_overload(OVERLOAD_GENERAL);
2802 
2803  /* If we're spending over 20% of the memory limit on hidden service
2804  * descriptors, free them until we're down to 10%. Do the same for geoip
2805  * client cache. */
2806  if (hs_cache_total > get_options()->MaxMemInQueues / 5) {
2807  const size_t bytes_to_remove =
2808  hs_cache_total - (size_t)(get_options()->MaxMemInQueues / 10);
2809  removed = hs_cache_handle_oom(now, bytes_to_remove);
2810  oom_stats_n_bytes_removed_hsdir += removed;
2811  alloc -= removed;
2812  }
2813  if (geoip_client_cache_total > get_options()->MaxMemInQueues / 5) {
2814  const size_t bytes_to_remove =
2815  geoip_client_cache_total -
2816  (size_t)(get_options()->MaxMemInQueues / 10);
2817  removed = geoip_client_cache_handle_oom(now, bytes_to_remove);
2818  oom_stats_n_bytes_removed_geoip += removed;
2819  alloc -= removed;
2820  }
2821  if (dns_cache_total > get_options()->MaxMemInQueues / 5) {
2822  const size_t bytes_to_remove =
2823  dns_cache_total - (size_t)(get_options()->MaxMemInQueues / 10);
2824  removed = dns_cache_handle_oom(now, bytes_to_remove);
2825  oom_stats_n_bytes_removed_dns += removed;
2826  alloc -= removed;
2827  }
2828  removed = circuits_handle_oom(alloc);
2829  oom_stats_n_bytes_removed_cell += removed;
2830  return 1;
2831  }
2832  }
2833  return 0;
2834 }
2835 
2836 /** Return true if we've been under memory pressure in the last
2837  * MEMORY_PRESSURE_INTERVAL seconds. */
2838 int
2840 {
2842  < approx_time();
2843 }
2844 
2845 /**
2846  * Update the number of cells available on the circuit's n_chan or p_chan's
2847  * circuit mux.
2848  */
2849 void
2851  const char *file, int lineno)
2852 {
2853  channel_t *chan = NULL;
2854  or_circuit_t *or_circ = NULL;
2855  circuitmux_t *cmux = NULL;
2856 
2857  tor_assert(circ);
2858 
2859  /* Okay, get the channel */
2860  if (direction == CELL_DIRECTION_OUT) {
2861  chan = circ->n_chan;
2862  } else {
2863  or_circ = TO_OR_CIRCUIT(circ);
2864  chan = or_circ->p_chan;
2865  }
2866 
2867  tor_assert(chan);
2868  tor_assert(chan->cmux);
2869 
2870  /* Now get the cmux */
2871  cmux = chan->cmux;
2872 
2873  /* Cmux sanity check */
2874  if (! circuitmux_is_circuit_attached(cmux, circ)) {
2875  log_warn(LD_BUG, "called on non-attached circuit from %s:%d",
2876  file, lineno);
2877  return;
2878  }
2879  tor_assert(circuitmux_attached_circuit_direction(cmux, circ) == direction);
2880 
2881  /* Update the number of cells we have for the circuit mux */
2882  if (direction == CELL_DIRECTION_OUT) {
2883  circuitmux_set_num_cells(cmux, circ, circ->n_chan_cells.n);
2884  } else {
2885  circuitmux_set_num_cells(cmux, circ, or_circ->p_chan_cells.n);
2886  }
2887 }
2888 
2889 /** Remove all circuits from the cmux on <b>chan</b>.
2890  *
2891  * If <b>circuits_out</b> is non-NULL, add all detached circuits to
2892  * <b>circuits_out</b>.
2893  **/
2894 void
2896 {
2897  tor_assert(chan);
2898  tor_assert(chan->cmux);
2899 
2900  circuitmux_detach_all_circuits(chan->cmux, circuits_out);
2901  chan->num_n_circuits = 0;
2902  chan->num_p_circuits = 0;
2903 }
2904 
2905 /** Block (if <b>block</b> is true) or unblock (if <b>block</b> is false)
2906  * every edge connection that is using <b>circ</b> to write to <b>chan</b>,
2907  * and start or stop reading as appropriate.
2908  *
2909  * If <b>stream_id</b> is nonzero, block only the edge connection whose
2910  * stream_id matches it.
2911  *
2912  * Returns the number of streams whose status we changed.
2913  */
2914 static int
2916  int block, streamid_t stream_id)
2917 {
2918  edge_connection_t *edge = NULL;
2919  int n = 0;
2920  if (circ->n_chan == chan) {
2921  circ->streams_blocked_on_n_chan = block;
2922  if (CIRCUIT_IS_ORIGIN(circ))
2923  edge = TO_ORIGIN_CIRCUIT(circ)->p_streams;
2924  } else {
2925  circ->streams_blocked_on_p_chan = block;
2926  tor_assert(!CIRCUIT_IS_ORIGIN(circ));
2927  edge = TO_OR_CIRCUIT(circ)->n_streams;
2928  }
2929 
2930  for (; edge; edge = edge->next_stream) {
2931  connection_t *conn = TO_CONN(edge);
2932  if (stream_id && edge->stream_id != stream_id)
2933  continue;
2934 
2935  if (edge->edge_blocked_on_circ != block) {
2936  ++n;
2937  edge->edge_blocked_on_circ = block;
2938  }
2939 
2940  if (!conn->read_event) {
2941  /* This connection is a placeholder for something; probably a DNS
2942  * request. It can't actually stop or start reading.*/
2943  continue;
2944  }
2945 
2946  if (block) {
2947  if (connection_is_reading(conn))
2949  } else {
2950  /* Is this right? */
2951  if (!connection_is_reading(conn))
2953  }
2954  }
2955 
2956  return n;
2957 }
2958 
2959 /** Extract the command from a packed cell. */
2960 uint8_t
2961 packed_cell_get_command(const packed_cell_t *cell, int wide_circ_ids)
2962 {
2963  if (wide_circ_ids) {
2964  return get_uint8(cell->body+4);
2965  } else {
2966  return get_uint8(cell->body+2);
2967  }
2968 }
2969 
2970 /** Extract the circuit ID from a packed cell. */
2971 circid_t
2972 packed_cell_get_circid(const packed_cell_t *cell, int wide_circ_ids)
2973 {
2974  if (wide_circ_ids) {
2975  return ntohl(get_uint32(cell->body));
2976  } else {
2977  return ntohs(get_uint16(cell->body));
2978  }
2979 }
2980 
2981 /** Pull as many cells as possible (but no more than <b>max</b>) from the
2982  * queue of the first active circuit on <b>chan</b>, and write them to
2983  * <b>chan</b>-&gt;outbuf. Return the number of cells written. Advance
2984  * the active circuit pointer to the next active circuit in the ring. */
2985 MOCK_IMPL(int,
2987 {
2988  circuitmux_t *cmux = NULL;
2989  int n_flushed = 0;
2990  cell_queue_t *queue;
2991  destroy_cell_queue_t *destroy_queue=NULL;
2992  circuit_t *circ;
2993  or_circuit_t *or_circ;
2994  int streams_blocked;
2995  packed_cell_t *cell;
2996 
2997  /* Get the cmux */
2998  tor_assert(chan);
2999  tor_assert(chan->cmux);
3000  cmux = chan->cmux;
3001 
3002  /* Main loop: pick a circuit, send a cell, update the cmux */
3003  while (n_flushed < max) {
3004  circ = circuitmux_get_first_active_circuit(cmux, &destroy_queue);
3005  if (destroy_queue) {
3006  destroy_cell_t *dcell;
3007  /* this code is duplicated from some of the logic below. Ugly! XXXX */
3008  /* If we are given a destroy_queue here, then it is required to be
3009  * nonempty... */
3010  tor_assert(destroy_queue->n > 0);
3011  dcell = destroy_cell_queue_pop(destroy_queue);
3012  /* ...and pop() will always yield a cell from a nonempty queue. */
3013  tor_assert(dcell);
3014  /* frees dcell */
3015  cell = destroy_cell_to_packed_cell(dcell, chan->wide_circ_ids);
3016  /* Send the DESTROY cell. It is very unlikely that this fails but just
3017  * in case, get rid of the channel. */
3018  if (channel_write_packed_cell(chan, cell) < 0) {
3019  /* The cell has been freed. */
3020  channel_mark_for_close(chan);
3021  continue;
3022  }
3023  /* Update the cmux destroy counter */
3025  cell = NULL;
3026  ++n_flushed;
3027  continue;
3028  }
3029  /* If it returns NULL, no cells left to send */
3030  if (!circ) break;
3031 
3032  if (circ->n_chan == chan) {
3033  queue = &circ->n_chan_cells;
3034  streams_blocked = circ->streams_blocked_on_n_chan;
3035  } else {
3036  or_circ = TO_OR_CIRCUIT(circ);
3037  tor_assert(or_circ->p_chan == chan);
3038  queue = &TO_OR_CIRCUIT(circ)->p_chan_cells;
3039  streams_blocked = circ->streams_blocked_on_p_chan;
3040  }
3041 
3042  /* Circuitmux told us this was active, so it should have cells.
3043  *
3044  * Note: In terms of logic and coherence, this should never happen but the
3045  * cmux dragon is powerful. Reason is that when the OOM is triggered, when
3046  * cleaning up circuits, we mark them for close and then clear their cell
3047  * queues. And so, we can have a circuit considered active by the cmux
3048  * dragon but without cells. The cmux subsystem is only notified of this
3049  * when the circuit is freed which leaves a tiny window between close and
3050  * free to end up here.
3051  *
3052  * We are accepting this as an "ok" race else the changes are likely non
3053  * trivial to make the mark for close to set the num cells to 0 and change
3054  * the free functions to detach the circuit conditionally without creating
3055  * a chain effect of madness.
3056  *
3057  * The lesson here is arti will prevail and leave the cmux dragon alone. */
3058  if (queue->n == 0) {
3059  circuitmux_set_num_cells(cmux, circ, 0);
3060  if (! circ->marked_for_close)
3061  circuit_mark_for_close(circ, END_CIRC_REASON_INTERNAL);
3062  continue;
3063  }
3064 
3065  tor_assert(queue->n > 0);
3066 
3067  /*
3068  * Get just one cell here; once we've sent it, that can change the circuit
3069  * selection, so we have to loop around for another even if this circuit
3070  * has more than one.
3071  */
3072  cell = cell_queue_pop(queue);
3073 
3074  /* Calculate the exact time that this cell has spent in the queue. */
3075  if (get_options()->CellStatistics ||
3076  get_options()->TestingEnableCellStatsEvent) {
3077  uint32_t timestamp_now = monotime_coarse_get_stamp();
3078  uint32_t msec_waiting =
3080  timestamp_now - cell->inserted_timestamp);
3081 
3082  if (get_options()->CellStatistics && !CIRCUIT_IS_ORIGIN(circ)) {
3083  or_circ = TO_OR_CIRCUIT(circ);
3084  or_circ->total_cell_waiting_time += msec_waiting;
3085  or_circ->processed_cells++;
3086  }
3087 
3088  if (get_options()->TestingEnableCellStatsEvent) {
3089  uint8_t command = packed_cell_get_command(cell, chan->wide_circ_ids);
3090 
3092  tor_malloc_zero(sizeof(testing_cell_stats_entry_t));
3093  ent->command = command;
3094  ent->waiting_time = msec_waiting / 10;
3095  ent->removed = 1;
3096  if (circ->n_chan == chan)
3097  ent->exitward = 1;
3098  if (!circ->testing_cell_stats)
3100  smartlist_add(circ->testing_cell_stats, ent);
3101  }
3102  }
3103 
3104  /* If we just flushed our queue and this circuit is used for a
3105  * tunneled directory request, possibly advance its state. */
3106  if (queue->n == 0 && chan->dirreq_id)
3108  DIRREQ_TUNNELED,
3110 
3111  /* Now send the cell. It is very unlikely that this fails but just in
3112  * case, get rid of the channel. */
3113  if (channel_write_packed_cell(chan, cell) < 0) {
3114  /* The cell has been freed at this point. */
3115  channel_mark_for_close(chan);
3116  continue;
3117  }
3118  cell = NULL;
3119 
3120  /*
3121  * Don't packed_cell_free_unchecked(cell) here because the channel will
3122  * do so when it gets out of the channel queue (probably already did, in
3123  * which case that was an immediate double-free bug).
3124  */
3125 
3126  /* Update the counter */
3127  ++n_flushed;
3128 
3129  /*
3130  * Now update the cmux; tell it we've just sent a cell, and how many
3131  * we have left.
3132  */
3133  circuitmux_notify_xmit_cells(cmux, circ, 1);
3134  circuitmux_set_num_cells(cmux, circ, queue->n);
3135  if (queue->n == 0)
3136  log_debug(LD_GENERAL, "Made a circuit inactive.");
3137 
3138  /* Is the cell queue low enough to unblock all the streams that are waiting
3139  * to write to this circuit? */
3140  if (streams_blocked && queue->n <= cell_queue_lowwatermark())
3141  set_streams_blocked_on_circ(circ, chan, 0, 0); /* unblock streams */
3142 
3143  /* If n_flushed < max still, loop around and pick another circuit */
3144  }
3145 
3146  /* Okay, we're done sending now */
3147  return n_flushed;
3148 }
3149 
3150 /* Minimum value is the maximum circuit window size.
3151  *
3152  * This value is set to a lower bound we believe is reasonable with congestion
3153  * control and basic network running parameters.
3154  *
3155  * SENDME cells makes it that we can control how many cells can be inflight on
3156  * a circuit from end to end. This logic makes it that on any circuit cell
3157  * queue, we have a maximum of cells possible.
3158  *
3159  * Because the Tor protocol allows for a client to exit at any hop in a
3160  * circuit and a circuit can be of a maximum of 8 hops, so in theory the
3161  * normal worst case will be the circuit window start value times the maximum
3162  * number of hops (8). Having more cells then that means something is wrong.
3163  *
3164  * However, because padding cells aren't counted in the package window, we set
3165  * the maximum size to a reasonably large size for which we expect that we'll
3166  * never reach in theory. And if we ever do because of future changes, we'll
3167  * be able to control it with a consensus parameter.
3168  *
3169  * XXX: Unfortunately, END cells aren't accounted for in the circuit window
3170  * which means that for instance if a client opens 8001 streams, the 8001
3171  * following END cells will queue up in the circuit which will get closed if
3172  * the max limit is 8000. Which is sad because it is allowed by the Tor
3173  * protocol. But, we need an upper bound on circuit queue in order to avoid
3174  * DoS memory pressure so the default size is a middle ground between not
3175  * having any limit and having a very restricted one. This is why we can also
3176  * control it through a consensus parameter. */
3177 #define RELAY_CIRC_CELL_QUEUE_SIZE_MIN 50
3178 /* We can't have a consensus parameter above this value. */
3179 #define RELAY_CIRC_CELL_QUEUE_SIZE_MAX INT32_MAX
3180 /* Default value is set to a large value so we can handle padding cells
3181  * properly which aren't accounted for in the SENDME window. Default is 2500
3182  * allowed cells in the queue resulting in ~1MB. */
3183 #define RELAY_CIRC_CELL_QUEUE_SIZE_DEFAULT \
3184  (50 * RELAY_CIRC_CELL_QUEUE_SIZE_MIN)
3185 
3186 /* The maximum number of cells a circuit queue can contain. This is updated at
3187  * every new consensus and controlled by a parameter. */
3188 static int32_t max_circuit_cell_queue_size =
3189  RELAY_CIRC_CELL_QUEUE_SIZE_DEFAULT;
3190 /** Maximum number of cell on an outbound circuit queue. This is updated at
3191  * every new consensus and controlled by a parameter. This default is incorrect
3192  * and won't be used at all except in unit tests. */
3194  RELAY_CIRC_CELL_QUEUE_SIZE_DEFAULT;
3195 
3196 /** Return consensus parameter "circ_max_cell_queue_size". The given ns can be
3197  * NULL. */
3198 static uint32_t
3200 {
3201  return networkstatus_get_param(ns, "circ_max_cell_queue_size",
3202  RELAY_CIRC_CELL_QUEUE_SIZE_DEFAULT,
3203  RELAY_CIRC_CELL_QUEUE_SIZE_MIN,
3204  RELAY_CIRC_CELL_QUEUE_SIZE_MAX);
3205 }
3206 
3207 /** Return consensus parameter "circ_max_cell_queue_size_out". The given ns can
3208  * be NULL. */
3209 static uint32_t
3211 {
3212  return networkstatus_get_param(ns, "circ_max_cell_queue_size_out",
3214  RELAY_CIRC_CELL_QUEUE_SIZE_MIN,
3215  RELAY_CIRC_CELL_QUEUE_SIZE_MAX);
3216 }
3217 
3218 /* Called when the consensus has changed. At this stage, the global consensus
3219  * object has NOT been updated. It is called from
3220  * notify_before_networkstatus_changes(). */
3221 void
3222 relay_consensus_has_changed(const networkstatus_t *ns)
3223 {
3224  tor_assert(ns);
3225 
3226  /* Update the circuit max cell queue size from the consensus. */
3227  max_circuit_cell_queue_size =
3231 }
3232 
3233 /** Add <b>cell</b> to the queue of <b>circ</b> writing to <b>chan</b>
3234  * transmitting in <b>direction</b>.
3235  *
3236  * The given <b>cell</b> is copied onto the circuit queue so the caller must
3237  * cleanup the memory.
3238  *
3239  * This function is part of the fast path. */
3240 void
3242  cell_t *cell, cell_direction_t direction,
3243  streamid_t fromstream)
3244 {
3245  or_circuit_t *orcirc = NULL;
3246  cell_queue_t *queue;
3247  int32_t max_queue_size;
3248  int streams_blocked;
3249  int exitward;
3250  if (circ->marked_for_close)
3251  return;
3252 
3253  exitward = (direction == CELL_DIRECTION_OUT);
3254  if (exitward) {
3255  queue = &circ->n_chan_cells;
3256  streams_blocked = circ->streams_blocked_on_n_chan;
3257  max_queue_size = max_circuit_cell_queue_size_out;
3258  } else {
3259  orcirc = TO_OR_CIRCUIT(circ);
3260  queue = &orcirc->p_chan_cells;
3261  streams_blocked = circ->streams_blocked_on_p_chan;
3262  max_queue_size = max_circuit_cell_queue_size;
3263  }
3264 
3265  if (PREDICT_UNLIKELY(queue->n >= max_queue_size)) {
3266  /* This DoS defense only applies at the Guard as in the p_chan is likely
3267  * a client IP attacking the network. */
3268  if (exitward && CIRCUIT_IS_ORCIRC(circ)) {
3269  stats_n_circ_max_cell_outq_reached++;
3270  dos_note_circ_max_outq(CONST_TO_OR_CIRCUIT(circ)->p_chan);
3271  }
3272 
3273  log_fn(LOG_PROTOCOL_WARN, LD_PROTOCOL,
3274  "%s circuit has %d cells in its queue, maximum allowed is %d. "
3275  "Closing circuit for safety reasons.",
3276  (exitward) ? "Outbound" : "Inbound", queue->n,
3277  max_queue_size);
3278  circuit_mark_for_close(circ, END_CIRC_REASON_RESOURCELIMIT);
3280  return;
3281  }
3282 
3283  /* Very important that we copy to the circuit queue because all calls to
3284  * this function use the stack for the cell memory. */
3285  cell_queue_append_packed_copy(circ, queue, exitward, cell,
3286  chan->wide_circ_ids, 1);
3287 
3288  /* Check and run the OOM if needed. */
3289  if (PREDICT_UNLIKELY(cell_queues_check_size())) {
3290  /* We ran the OOM handler which might have closed this circuit. */
3291  if (circ->marked_for_close)
3292  return;
3293  }
3294 
3295  /* If we have too many cells on the circuit, we should stop reading from
3296  * the edge streams for a while. */
3297  if (!streams_blocked && queue->n >= cell_queue_highwatermark())
3298  set_streams_blocked_on_circ(circ, chan, 1, 0); /* block streams */
3299 
3300  if (streams_blocked && fromstream) {
3301  /* This edge connection is apparently not blocked; block it. */
3302  set_streams_blocked_on_circ(circ, chan, 1, fromstream);
3303  }
3304 
3305  update_circuit_on_cmux(circ, direction);
3306  if (queue->n == 1) {
3307  /* This was the first cell added to the queue. We just made this
3308  * circuit active. */
3309  log_debug(LD_GENERAL, "Made a circuit active.");
3310  }
3311 
3312  /* New way: mark this as having waiting cells for the scheduler */
3314 }
3315 
3316 /** Append an encoded value of <b>addr</b> to <b>payload_out</b>, which must
3317  * have at least 18 bytes of free space. The encoding is, as specified in
3318  * tor-spec.txt:
3319  * RESOLVED_TYPE_IPV4 or RESOLVED_TYPE_IPV6 [1 byte]
3320  * LENGTH [1 byte]
3321  * ADDRESS [length bytes]
3322  * Return the number of bytes added, or -1 on error */
3323 int
3324 append_address_to_payload(uint8_t *payload_out, const tor_addr_t *addr)
3325 {
3326  uint32_t a;
3327  switch (tor_addr_family(addr)) {
3328  case AF_INET:
3329  payload_out[0] = RESOLVED_TYPE_IPV4;
3330  payload_out[1] = 4;
3331  a = tor_addr_to_ipv4n(addr);
3332  memcpy(payload_out+2, &a, 4);
3333  return 6;
3334  case AF_INET6:
3335  payload_out[0] = RESOLVED_TYPE_IPV6;
3336  payload_out[1] = 16;
3337  memcpy(payload_out+2, tor_addr_to_in6_addr8(addr), 16);
3338  return 18;
3339  case AF_UNSPEC:
3340  default:
3341  return -1;
3342  }
3343 }
3344 
3345 /** Given <b>payload_len</b> bytes at <b>payload</b>, starting with an address
3346  * encoded as by append_address_to_payload(), try to decode the address into
3347  * *<b>addr_out</b>. Return the next byte in the payload after the address on
3348  * success, or NULL on failure. */
3349 const uint8_t *
3350 decode_address_from_payload(tor_addr_t *addr_out, const uint8_t *payload,
3351  int payload_len)
3352 {
3353  if (payload_len < 2)
3354  return NULL;
3355  if (payload_len < 2+payload[1])
3356  return NULL;
3357 
3358  switch (payload[0]) {
3359  case RESOLVED_TYPE_IPV4:
3360  if (payload[1] != 4)
3361  return NULL;
3362  tor_addr_from_ipv4n(addr_out, get_uint32(payload+2));
3363  break;
3364  case RESOLVED_TYPE_IPV6:
3365  if (payload[1] != 16)
3366  return NULL;
3367  tor_addr_from_ipv6_bytes(addr_out, (payload+2));
3368  break;
3369  default:
3370  tor_addr_make_unspec(addr_out);
3371  break;
3372  }
3373  return payload + 2 + payload[1];
3374 }
3375 
3376 /** Remove all the cells queued on <b>circ</b> for <b>chan</b>. */
3377 void
3379 {
3380  cell_queue_t *queue;
3381  cell_direction_t direction;
3382 
3383  if (circ->n_chan == chan) {
3384  queue = &circ->n_chan_cells;
3385  direction = CELL_DIRECTION_OUT;
3386  } else {
3387  or_circuit_t *orcirc = TO_OR_CIRCUIT(circ);
3388  tor_assert(orcirc->p_chan == chan);
3389  queue = &orcirc->p_chan_cells;
3390  direction = CELL_DIRECTION_IN;
3391  }
3392 
3393  /* Clear the queue */
3394  cell_queue_clear(queue);
3395 
3396  /* Update the cell counter in the cmux */
3397  if (chan->cmux && circuitmux_is_circuit_attached(chan->cmux, circ))
3398  update_circuit_on_cmux(circ, direction);
3399 }
3400 
3401 /** Return 1 if we shouldn't restart reading on this circuit, even if
3402  * we get a SENDME. Else return 0.
3403 */
3404 static int
3406 {
3407  if (CIRCUIT_IS_ORIGIN(circ)) {
3408  return circ->streams_blocked_on_n_chan;
3409  } else {
3410  return circ->streams_blocked_on_p_chan;
3411  }
3412 }
void tor_addr_from_ipv4n(tor_addr_t *dest, uint32_t v4addr)
Definition: address.c:889
void tor_addr_make_unspec(tor_addr_t *a)
Definition: address.c:225
const char * tor_addr_to_str(char *dest, const tor_addr_t *addr, size_t len, int decorate)
Definition: address.c:328
int tor_addr_parse(tor_addr_t *addr, const char *src)
Definition: address.c:1349
int tor_addr_is_null(const tor_addr_t *addr)
Definition: address.c:780
void tor_addr_from_ipv6_bytes(tor_addr_t *dest, const uint8_t *ipv6_bytes)
Definition: address.c:900
static uint32_t tor_addr_to_ipv4n(const tor_addr_t *a)
Definition: address.h:152
static sa_family_t tor_addr_family(const tor_addr_t *a)
Definition: address.h:187
#define tor_addr_to_in6_addr8(x)
Definition: address.h:135
#define tor_addr_from_ipv4h(dest, v4addr)
Definition: address.h:327
#define fmt_addr(a)
Definition: address.h:239
#define TOR_ADDR_BUF_LEN
Definition: address.h:224
int client_dns_incr_failures(const char *address)
Definition: addressmap.c:638
void client_dns_set_addressmap(entry_connection_t *for_conn, const char *address, const tor_addr_t *val, const char *exitname, int ttl)
Definition: addressmap.c:728
void client_dns_clear_failures(const char *address)
Definition: addressmap.c:660
Header for addressmap.c.
time_t approx_time(void)
Definition: approx_time.c:32
Header for backtrace.c.
int buf_add(buf_t *buf, const char *string, size_t string_len)
Definition: buffers.c:527
buf_t * buf_new(void)
Definition: buffers.c:365
size_t buf_datalen(const buf_t *buf)
Definition: buffers.c:394
int buf_get_bytes(buf_t *buf, char *string, size_t string_len)
Definition: buffers.c:637
Header file for buffers.c.
static void set_uint16(void *cp, uint16_t v)
Definition: bytes.h:78
static uint16_t get_uint16(const void *cp)
Definition: bytes.h:42
static uint8_t get_uint8(const void *cp)
Definition: bytes.h:23
static void set_uint8(void *cp, uint8_t v)
Definition: bytes.h:31
static uint32_t get_uint32(const void *cp)
Definition: bytes.h:54
Cell queue structures.
Fixed-size cell structure.
void channel_timestamp_client(channel_t *chan)
Definition: channel.c:3195
int channel_send_destroy(circid_t circ_id, channel_t *chan, int reason)
Definition: channel.c:2035
int channel_is_client(const channel_t *chan)
Definition: channel.c:2915
void channel_mark_for_close(channel_t *chan)
Definition: channel.c:1141
int channel_write_packed_cell(channel_t *chan, packed_cell_t *cell)
Definition: channel.c:1488
Header file for channel.c.
void pathbias_count_valid_cells(circuit_t *circ, const cell_t *cell)
Definition: circpathbias.c:955
int pathbias_check_probe_response(circuit_t *circ, const cell_t *cell)
Definition: circpathbias.c:895
void pathbias_mark_use_success(origin_circuit_t *circ)
Definition: circpathbias.c:672
void circuit_log_path(int severity, unsigned int domain, origin_circuit_t *circ)
Definition: circuitbuild.c:355
int circuit_send_next_onion_skin(origin_circuit_t *circ)
Definition: circuitbuild.c:935
int circuit_finish_handshake(origin_circuit_t *circ, const created_cell_t *reply)
int circuit_truncated(origin_circuit_t *circ, int reason)
Header file for circuitbuild.c.
int circuit_extend(struct cell_t *cell, struct circuit_t *circ)
Header for feature/relay/circuitbuild_relay.c.
void circuit_synchronize_written_or_bandwidth(const circuit_t *c, circuit_channel_direction_t dir)
Definition: circuitlist.c:2105
void circuit_set_n_circid_chan(circuit_t *circ, circid_t id, channel_t *chan)
Definition: circuitlist.c:485
void circuit_set_state(circuit_t *circ, uint8_t state)
Definition: circuitlist.c:554
circuit_t * circuit_get_by_edge_conn(edge_connection_t *conn)
Definition: circuitlist.c:1584
void assert_circuit_ok(const circuit_t *c)
Definition: circuitlist.c:2764
smartlist_t * circuit_get_global_list(void)
Definition: circuitlist.c:705
origin_circuit_t * TO_ORIGIN_CIRCUIT(circuit_t *x)
Definition: circuitlist.c:177
size_t circuits_handle_oom(size_t current_allocation)
Definition: circuitlist.c:2632
or_circuit_t * TO_OR_CIRCUIT(circuit_t *x)
Definition: circuitlist.c:165
const char * circuit_state_to_string(int state)
Definition: circuitlist.c:773
Header file for circuitlist.c.
#define CIRCUIT_PURPOSE_PATH_BIAS_TESTING
Definition: circuitlist.h:123
#define CIRCUIT_STATE_OPEN
Definition: circuitlist.h:32
#define CIRCUIT_IS_ORCIRC(c)
Definition: circuitlist.h:154
#define CIRCUIT_IS_ORIGIN(c)
Definition: circuitlist.h:147
#define CIRCUIT_PURPOSE_OR
Definition: circuitlist.h:39
#define CIRCUIT_PURPOSE_S_REND_JOINED
Definition: circuitlist.h:110
#define CIRCUIT_PURPOSE_REND_ESTABLISHED
Definition: circuitlist.h:47
cell_direction_t circuitmux_attached_circuit_direction(circuitmux_t *cmux, circuit_t *circ)
Definition: circuitmux.c:549
void circuitmux_notify_xmit_destroy(circuitmux_t *cmux)
Definition: circuitmux.c:1164
void circuitmux_detach_all_circuits(circuitmux_t *cmux, smartlist_t *detached_out)
Definition: circuitmux.c:214
void circuitmux_notify_xmit_cells(circuitmux_t *cmux, circuit_t *circ, unsigned int n_cells)
Definition: circuitmux.c:1104
int circuitmux_is_circuit_attached(circuitmux_t *cmux, circuit_t *circ)
Definition: circuitmux.c:627
circuit_t * circuitmux_get_first_active_circuit(circuitmux_t *cmux, destroy_cell_queue_t **destroy_queue_out)
Definition: circuitmux.c:1061
void circuitmux_set_num_cells(circuitmux_t *cmux, circuit_t *circ, unsigned int n_cells)
Definition: circuitmux.c:999
void circpad_deliver_sent_relay_cell_events(circuit_t *circ, uint8_t relay_command)
void circpad_deliver_unrecognized_cell_events(circuit_t *circ, cell_direction_t dir)
void circpad_machine_event_circ_has_no_relay_early(origin_circuit_t *circ)
void circpad_deliver_recognized_relay_cell_events(circuit_t *circ, uint8_t relay_command, crypt_path_t *layer_hint)
int circpad_check_received_cell(cell_t *cell, circuit_t *circ, crypt_path_t *layer_hint, const relay_header_t *rh)
Header file for circuitpadding.c.
void circuit_sent_valid_data(origin_circuit_t *circ, uint16_t relay_body_len)
Definition: circuituse.c:3098
void circuit_read_valid_data(origin_circuit_t *circ, uint16_t relay_body_len)
Definition: circuituse.c:3119
void mark_circuit_unusable_for_new_conns(origin_circuit_t *circ)
Definition: circuituse.c:3074
Header file for circuituse.c.
uint64_t monotime_coarse_stamp_units_to_approx_msec(uint64_t units)
Definition: compat_time.c:873
uint32_t monotime_coarse_get_stamp(void)
Definition: compat_time.c:847
size_t tor_compress_get_total_allocation(void)
Definition: compress.c:458
Headers for compress.c.
const or_options_t * get_options(void)
Definition: config.c:926
tor_cmdline_mode_t command
Definition: config.c:2449
Header file for config.c.
int congestion_control_get_package_window(const circuit_t *circ, const crypt_path_t *cpath)
Public APIs for congestion control.
static int32_t cell_queue_highwatermark(void)
static int32_t cell_queue_lowwatermark(void)
bool circuit_process_stream_xoff(edge_connection_t *conn, const crypt_path_t *layer_hint, const cell_t *cell)
bool circuit_process_stream_xon(edge_connection_t *conn, const crypt_path_t *layer_hint, const cell_t *cell)
APIs for stream flow control on congestion controlled circuits.
int connection_buf_get_bytes(char *string, size_t len, connection_t *conn)
Definition: connection.c:4311
const char * conn_state_to_string(int type, int state)
Definition: connection.c:305
int connection_state_is_open(connection_t *conn)
Definition: connection.c:5045
Header file for connection.c.
#define CONN_TYPE_AP
Definition: connection.h:51
#define CONN_TYPE_DIR
Definition: connection.h:55
#define CONN_TYPE_EXIT
Definition: connection.h:46
int connection_half_edge_is_valid_data(const smartlist_t *half_conns, streamid_t stream_id)
int connection_ap_detach_retriable(entry_connection_t *conn, origin_circuit_t *circ, int reason)
void connection_ap_handshake_socks_reply(entry_connection_t *conn, char *reply, size_t replylen, int endreason)
int connection_half_edge_is_valid_end(smartlist_t *half_conns, streamid_t stream_id)
void connection_edge_end_close(edge_connection_t *conn, uint8_t reason)
int connection_exit_begin_resolve(cell_t *cell, or_circuit_t *circ)
int connection_half_edge_is_valid_connected(const smartlist_t *half_conns, streamid_t stream_id)
entry_connection_t * EDGE_TO_ENTRY_CONN(edge_connection_t *c)
void connection_ap_handshake_socks_resolved_addr(entry_connection_t *conn, const tor_addr_t *answer, int ttl, time_t expires)
int connection_half_edge_is_valid_resolved(smartlist_t *half_conns, streamid_t stream_id)
int connection_edge_end(edge_connection_t *conn, uint8_t reason)
size_t half_streams_get_total_allocation(void)
int connection_half_edge_is_valid_sendme(const smartlist_t *half_conns, streamid_t stream_id)
int connection_edge_is_rendezvous_stream(const edge_connection_t *conn)
void connection_ap_handshake_socks_resolved(entry_connection_t *conn, int answer_type, size_t answer_len, const uint8_t *answer, int ttl, time_t expires)
int connection_exit_begin_conn(cell_t *cell, circuit_t *circ)
Header file for connection_edge.c.
#define EXIT_CONN_STATE_CONNECTING
#define AP_CONN_STATE_CONNECT_WAIT
#define AP_CONN_STATE_OPEN
#define AP_CONN_STATE_RESOLVE_WAIT
#define EXIT_CONN_STATE_RESOLVING
void cell_pack(packed_cell_t *dst, const cell_t *src, int wide_circ_ids)
Header file for connection_or.c.
void control_event_boot_dir(bootstrap_status_t status, int progress)
void control_event_bootstrap(bootstrap_status_t status, int progress)
int control_event_stream_status(entry_connection_t *conn, stream_status_event_t tp, int reason_code)
Header file for control_events.c.
#define REMAP_STREAM_SOURCE_EXIT
Circuit-build-stse structure.
Common functions for using (pseudo-)random number generators.
#define crypto_fast_rng_one_in_n(rng, n)
Definition: crypto_rand.h:80
crypto_fast_rng_t * get_thread_fast_rng(void)
unsigned crypto_fast_rng_get_uint(crypto_fast_rng_t *rng, unsigned limit)
void crypto_fast_rng_getbytes(crypto_fast_rng_t *rng, uint8_t *out, size_t n)
Common functions for cryptographic routines.
const char * node_describe(const node_t *node)
Definition: describe.c:160
Header file for describe.c.
Destroy-cell queue structures.
Client/server directory connection structure.
dir_connection_t * TO_DIR_CONN(connection_t *c)
Definition: directory.c:88
Header file for directory.c.
#define DIR_PURPOSE_FETCH_CERTIFICATE
Definition: directory.h:57
#define DIR_PURPOSE_FETCH_MICRODESC
Definition: directory.h:65
#define DIR_PURPOSE_FETCH_CONSENSUS
Definition: directory.h:54
#define DIR_PURPOSE_FETCH_SERVERDESC
Definition: directory.h:36
Header file for dns.c.
Entry connection structure.
#define ENTRY_TO_EDGE_CONN(c)
Extend-info structure.
Header for core/or/extendinfo.c.
Header file for geoip_stats.c.
@ DIRREQ_END_CELL_SENT
Definition: geoip_stats.h:66
@ DIRREQ_CIRC_QUEUE_FLUSHED
Definition: geoip_stats.h:69
void geoip_change_dirreq_state(uint64_t dirreq_id, dirreq_type_t type, dirreq_state_t new_state)
Definition: geoip_stats.c:552
size_t hs_cache_handle_oom(time_t now, size_t min_remove_bytes)
Definition: hs_cache.c:1072
Header file for hs_cache.c.
Header for feature/hs/hs_metrics.c.
#define hs_metrics_app_write_bytes(i, port, n)
Definition: hs_metrics.h:47
uint16_t sa_family_t
Definition: inaddr_st.h:77
void tor_log(int severity, log_domain_mask_t domain, const char *format,...)
Definition: log.c:590
#define log_fn(severity, domain, args,...)
Definition: log.h:283
#define LD_REND
Definition: log.h:84
#define LD_APP
Definition: log.h:78
#define LD_PROTOCOL
Definition: log.h:72
#define LD_OR
Definition: log.h:92
#define LD_MM
Definition: log.h:74
#define LD_BUG
Definition: log.h:86
#define LD_GENERAL
Definition: log.h:62
#define LD_CIRC
Definition: log.h:82
#define LOG_WARN
Definition: log.h:53
#define LOG_INFO
Definition: log.h:45
void connection_stop_reading(connection_t *conn)
Definition: mainloop.c:601
void connection_start_reading(connection_t *conn)
Definition: mainloop.c:623
int connection_is_reading(connection_t *conn)
Definition: mainloop.c:500
Header file for mainloop.c.
#define tor_free(p)
Definition: malloc.h:56
int32_t networkstatus_get_param(const networkstatus_t *ns, const char *param_name, int32_t default_val, int32_t min_val, int32_t max_val)
int consensus_is_waiting_for_certs(void)
Header file for networkstatus.c.
node_t * node_get_mutable_by_id(const char *identity_digest)
Definition: nodelist.c:197
int node_exit_policy_is_exact(const node_t *node, sa_family_t family)
Definition: nodelist.c:1596
int count_loading_descriptors_progress(void)
Definition: nodelist.c:2770
Header file for nodelist.c.
int extended_cell_parse(extended_cell_t *cell_out, const uint8_t command, const uint8_t *payload, size_t payload_len)
Definition: onion.c:469
Header file for onion.c.
Master header file for Tor-specific functionality.
#define CELL_PAYLOAD_SIZE
Definition: or.h:456
#define END_STREAM_REASON_CANT_ATTACH
Definition: or.h:254
#define END_STREAM_REASON_FLAG_REMOTE
Definition: or.h:280
uint32_t circid_t
Definition: or.h:488
uint16_t streamid_t
Definition: or.h:490
#define TO_CIRCUIT(x)
Definition: or.h:836
#define RELAY_PAYLOAD_SIZE
Definition: or.h:485
#define END_STREAM_REASON_FLAG_ALREADY_SOCKS_REPLIED
Definition: or.h:287
#define TO_CONN(c)
Definition: or.h:603
#define RELAY_HEADER_SIZE
Definition: or.h:483
cell_direction_t
Definition: or.h:366
@ CELL_DIRECTION_OUT
Definition: or.h:368
@ CELL_DIRECTION_IN
Definition: or.h:367
#define END_CIRC_AT_ORIGIN
Definition: or.h:309
#define ENTRY_TO_CONN(c)
Definition: or.h:606
#define CIRCWINDOW_INCREMENT
Definition: or.h:389
Origin circuit structure.
@ PATH_STATE_USE_FAILED
void addr_policy_append_reject_addr(smartlist_t **dest, const tor_addr_t *addr)
Definition: policies.c:1617
void policies_set_node_exitpolicy_to_reject_all(node_t *node)
Definition: policies.c:2194
Header file for policies.c.
int tor_snprintf(char *str, size_t size, const char *format,...)
Definition: printf.c:27
char * rate_limit_log(ratelim_t *lim, time_t now)
Definition: ratelim.c:42
const char * stream_end_reason_to_string(int reason)
Definition: reasons.c:64
Header file for reasons.c.
int channel_flush_from_first_active_circuit(channel_t *chan, int max)
Definition: relay.c:2986
STATIC size_t connection_edge_get_inbuf_bytes_to_package(size_t n_available, int package_partial, circuit_t *on_circuit)
Definition: relay.c:2155
void destroy_cell_queue_init(destroy_cell_queue_t *queue)
Definition: relay.c:2688
static int circuit_resume_edge_reading_helper(edge_connection_t *conn, circuit_t *circ, crypt_path_t *layer_hint)
Definition: relay.c:2377
int append_address_to_payload(uint8_t *payload_out, const tor_addr_t *addr)
Definition: relay.c:3324
uint64_t stats_n_data_cells_received
Definition: relay.c:2123
void packed_cell_free_(packed_cell_t *cell)
Definition: relay.c:2590
void destroy_cell_queue_clear(destroy_cell_queue_t *queue)
Definition: relay.c:2696
void destroy_cell_queue_append(destroy_cell_queue_t *queue, circid_t circid, uint8_t reason)
Definition: relay.c:2722
void channel_unlink_all_circuits(channel_t *chan, smartlist_t *circuits_out)
Definition: relay.c:2895
void cell_queue_append_packed_copy(circuit_t *circ, cell_queue_t *queue, int exitward, const cell_t *cell, int wide_circ_ids, int use_stats)
Definition: relay.c:2638
STATIC size_t get_pad_cell_offset(size_t data_len)
Definition: relay.c:561
uint64_t oom_stats_n_bytes_removed_dns
Definition: relay.c:2774
void dump_cell_pool_usage(int severity)
Definition: relay.c:2600
STATIC int connection_edge_process_relay_cell(cell_t *cell, circuit_t *circ, edge_connection_t *conn, crypt_path_t *layer_hint)
Definition: relay.c:2047
static packed_cell_t * destroy_cell_to_packed_cell(destroy_cell_t *inp, int wide_circ_ids)
Definition: relay.c:2738
void circuit_reset_sendme_randomness(circuit_t *circ)
Definition: relay.c:2135
const uint8_t * decode_address_from_payload(tor_addr_t *addr_out, const uint8_t *payload, int payload_len)
Definition: relay.c:3350
uint64_t stats_n_relay_cells_relayed
Definition: relay.c:123
uint64_t stats_n_circ_max_cell_reached
Definition: relay.c:130
STATIC packed_cell_t * packed_cell_new(void)
Definition: relay.c:2582
STATIC destroy_cell_t * destroy_cell_queue_pop(destroy_cell_queue_t *queue)
Definition: relay.c:2710
#define MAX_RESOLVE_FAILURES
Definition: relay.c:793
static packed_cell_t * packed_cell_copy(const cell_t *cell, int wide_circ_ids)
Definition: relay.c:2618
static void remap_event_helper(entry_connection_t *conn, const tor_addr_t *new_addr)
Definition: relay.c:1054
STATIC packed_cell_t * cell_queue_pop(cell_queue_t *queue)
Definition: relay.c:2676
static int circuit_queue_streams_are_blocked(circuit_t *circ)
Definition: relay.c:3405
static void connection_ap_handshake_socks_got_resolved_cell(entry_connection_t *conn, int error_code, smartlist_t *results)
Definition: relay.c:1223
static void adjust_exit_policy_from_exitpolicy_failure(origin_circuit_t *circ, entry_connection_t *conn, node_t *node, const tor_addr_t *addr)
Definition: relay.c:1019
static void circuit_update_channel_usage(circuit_t *circ, cell_t *cell)
Definition: relay.c:144
uint64_t stats_n_data_cells_packaged
Definition: relay.c:2117
void cell_queue_clear(cell_queue_t *queue)
Definition: relay.c:2662
STATIC int connected_cell_parse(const relay_header_t *rh, const cell_t *cell, tor_addr_t *addr_out, int *ttl_out)
Definition: relay.c:1074
static int set_streams_blocked_on_circ(circuit_t *circ, channel_t *chan, int block, streamid_t stream_id)
Definition: relay.c:2915
void circuit_clear_cell_queue(circuit_t *circ, channel_t *chan)
Definition: relay.c:3378
void cell_queue_init(cell_queue_t *queue)
Definition: relay.c:2654
int circuit_package_relay_cell(cell_t *cell, circuit_t *circ, cell_direction_t cell_direction, crypt_path_t *layer_hint, streamid_t on_stream, const char *filename, int lineno)
Definition: relay.c:369
int have_been_under_memory_pressure(void)
Definition: relay.c:2839
uint64_t stats_n_data_bytes_received
Definition: relay.c:2127
void relay_header_pack(uint8_t *dest, const relay_header_t *src)
Definition: relay.c:483
circid_t packed_cell_get_circid(const packed_cell_t *cell, int wide_circ_ids)
Definition: relay.c:2972
static edge_connection_t * relay_lookup_conn(circuit_t *circ, cell_t *cell, cell_direction_t cell_direction, crypt_path_t *layer_hint)
Definition: relay.c:430
static uint32_t get_param_max_circuit_cell_queue_size(const networkstatus_t *ns)
Definition: relay.c:3199
void update_circuit_on_cmux_(circuit_t *circ, cell_direction_t direction, const char *file, int lineno)
Definition: relay.c:2850
void append_cell_to_circuit_queue(circuit_t *circ, channel_t *chan, cell_t *cell, cell_direction_t direction, streamid_t fromstream)
Definition: relay.c:3241
int relay_send_command_from_edge_(streamid_t stream_id, circuit_t *circ, uint8_t relay_command, const char *payload, size_t payload_len, crypt_path_t *cpath_layer, const char *filename, int lineno)
Definition: relay.c:616
void relay_header_unpack(relay_header_t *dest, const uint8_t *src)
Definition: relay.c:496
static int connection_edge_process_relay_cell_not_open(relay_header_t *rh, cell_t *cell, circuit_t *circ, edge_connection_t *conn, crypt_path_t *layer_hint)
Definition: relay.c:1372
const char * relay_command_to_string(uint8_t command)
Definition: relay.c:507
uint8_t packed_cell_get_command(const packed_cell_t *cell, int wide_circ_ids)
Definition: relay.c:2961
uint64_t stats_n_relay_cells_delivered
Definition: relay.c:127
STATIC int cell_queues_check_size(void)
Definition: relay.c:2782
static bool relay_crypt_from_last_hop(origin_circuit_t *circ, crypt_path_t *layer_hint)
Definition: relay.c:1518
static int process_sendme_cell(const relay_header_t *rh, const cell_t *cell, circuit_t *circ, edge_connection_t *conn, crypt_path_t *layer_hint, int domain)
Definition: relay.c:1540
STATIC int handle_relay_cell_command(cell_t *cell, circuit_t *circ, edge_connection_t *conn, crypt_path_t *layer_hint, relay_header_t *rh, int optimistic_data)
Definition: relay.c:1617
static size_t total_cells_allocated
Definition: relay.c:2570
static int32_t max_circuit_cell_queue_size_out
Definition: relay.c:3193
static void packed_cell_free_unchecked(packed_cell_t *cell)
Definition: relay.c:2574
static int edge_reason_is_retriable(int reason)
Definition: relay.c:798
static void circuit_resume_edge_reading(circuit_t *circ, crypt_path_t *layer_hint)
Definition: relay.c:2356
#define RELAY_PAYLOAD_LENGTH_FOR_RANDOM_SENDMES
Definition: relay.c:2147
STATIC void address_ttl_free_(address_ttl_t *addr)
Definition: relay.c:1112
static uint32_t get_param_max_circuit_cell_queue_size_out(const networkstatus_t *ns)
Definition: relay.c:3210
#define MEMORY_PRESSURE_INTERVAL
Definition: relay.c:2768
void cell_queue_append(cell_queue_t *queue, packed_cell_t *cell)
Definition: relay.c:2627
static int connection_ap_process_end_not_open(relay_header_t *rh, cell_t *cell, origin_circuit_t *circ, entry_connection_t *conn, crypt_path_t *layer_hint)
Definition: relay.c:813
int circuit_receive_relay_cell(cell_t *cell, circuit_t *circ, cell_direction_t cell_direction)
Definition: relay.c:222
int connection_edge_package_raw_inbuf(edge_connection_t *conn, int package_partial, int *max_cells)
Definition: relay.c:2219
int connection_edge_send_command(edge_connection_t *fromconn, uint8_t relay_command, const char *payload, size_t payload_len)
Definition: relay.c:737
STATIC int resolved_cell_parse(const cell_t *cell, const relay_header_t *rh, smartlist_t *addresses_out, int *errcode_out)
Definition: relay.c:1126
uint64_t stats_n_data_bytes_packaged
Definition: relay.c:2121
STATIC int connection_edge_process_resolved_cell(edge_connection_t *conn, const cell_t *cell, const relay_header_t *rh)
Definition: relay.c:1297
size_t packed_cell_mem_cost(void)
Definition: relay.c:2755
#define CELL_PADDING_GAP
Definition: relay.c:547
static time_t last_time_under_memory_pressure
Definition: relay.c:2771
static int circuit_consider_stop_edge_reading(circuit_t *circ, crypt_path_t *layer_hint)
Definition: relay.c:2537
Header file for relay.c.
Header for relay_crypto.c.
void relay_encrypt_cell_outbound(cell_t *cell, origin_circuit_t *or_circ, crypt_path_t *layer_hint)
Definition: relay_crypto.c:219
int relay_decrypt_cell(circuit_t *circ, cell_t *cell, cell_direction_t cell_direction, crypt_path_t **layer_hint, char *recognized)
Definition: relay_crypto.c:145
void relay_encrypt_cell_inbound(cell_t *cell, or_circuit_t *or_circ)
Definition: relay_crypto.c:248
void rend_process_relay_cell(circuit_t *circ, const crypt_path_t *layer_hint, int command, size_t length, const uint8_t *payload)
Definition: rendcommon.c:34
Header file for rendcommon.c.
void rep_hist_note_overload(overload_type_t overload)
Definition: rephist.c:538
Header file for rephist.c.
Router descriptor structure.
#define ROUTER_PURPOSE_GENERAL
Definition: routerinfo_st.h:98
Header file for routerlist.c.
void scheduler_channel_has_waiting_cells(channel_t *chan)
Definition: scheduler.c:548
Header file for scheduler*.c.
void sendme_connection_edge_consider_sending(edge_connection_t *conn)
Definition: sendme.c:373
void sendme_circuit_consider_sending(circuit_t *circ, crypt_path_t *layer_hint)
Definition: sendme.c:420
Header file for sendme.c.
char * smartlist_join_strings(smartlist_t *sl, const char *join, int terminate, size_t *len_out)
Definition: smartlist.c:279
void smartlist_add_all(smartlist_t *s1, const smartlist_t *s2)
smartlist_t * smartlist_new(void)
void smartlist_add(smartlist_t *sl, void *element)
#define SMARTLIST_FOREACH_BEGIN(sl, type, var)
#define SMARTLIST_FOREACH(sl, type, var, cmd)
#define SMARTLIST_DEL_CURRENT(sl, var)
Client request structure.
#define SOCKS_COMMAND_RESOLVE_PTR
Definition: cell_st.h:17
uint8_t payload[CELL_PAYLOAD_SIZE]
Definition: cell_st.h:21
uint8_t command
Definition: cell_st.h:19
circid_t circ_id
Definition: cell_st.h:18
unsigned int num_n_circuits
Definition: channel.h:410
uint64_t dirreq_id
Definition: channel.h:453
channel_usage_info_t channel_usage
Definition: channel.h:228
circuitmux_t * cmux
Definition: channel.h:397
int marked_for_close_reason
Definition: circuit_st.h:198
uint8_t state
Definition: circuit_st.h:111
uint16_t send_randomness_after_n_cells
Definition: circuit_st.h:128
struct create_cell_t * n_chan_create_cell
Definition: circuit_st.h:154
unsigned int have_sent_sufficiently_random_cell
Definition: circuit_st.h:109
unsigned int streams_blocked_on_n_chan
Definition: circuit_st.h:92
uint64_t dirreq_id
Definition: circuit_st.h:205
cell_queue_t n_chan_cells
Definition: circuit_st.h:82
uint16_t marked_for_close
Definition: circuit_st.h:190
uint8_t purpose
Definition: circuit_st.h:112
const char * marked_for_close_file
Definition: circuit_st.h:193
int package_window
Definition: circuit_st.h:117
smartlist_t * testing_cell_stats
Definition: circuit_st.h:213
struct timeval timestamp_created
Definition: circuit_st.h:169
unsigned int streams_blocked_on_p_chan
Definition: circuit_st.h:95
channel_t * n_chan
Definition: circuit_st.h:70
extend_info_t * n_hop
Definition: circuit_st.h:88
circid_t n_circ_id
Definition: circuit_st.h:79
time_t timestamp_last_read_allowed
uint8_t state
Definition: connection_st.h:49
unsigned int type
Definition: connection_st.h:50
uint16_t marked_for_close
const char * marked_for_close_file
unsigned int purpose
Definition: connection_st.h:51
tor_socket_t s
struct event * read_event
extend_info_t * chosen_exit
struct crypt_path_t * prev
Definition: crypt_path_st.h:80
struct crypt_path_t * cpath_layer
struct edge_connection_t * next_stream
unsigned int edge_has_sent_end
unsigned int edge_blocked_on_circ
struct circuit_t * on_circuit
socks_request_t * socks_request
unsigned int chosen_exit_optional
unsigned int chosen_exit_retries
struct buf_t * pending_optimistic_data
char identity_digest[DIGEST_LEN]
created_cell_t created_cell
Definition: onion.h:68
ed25519_public_key_t identity_pk
Definition: hs_ident.h:106
uint16_t orig_virtual_port
Definition: hs_ident.h:111
Definition: node_st.h:34
uint64_t total_cell_waiting_time
Definition: or_circuit_st.h:83
channel_t * p_chan
Definition: or_circuit_st.h:37
uint32_t n_cells_discarded_at_end
Definition: or_circuit_st.h:57
circid_t p_circ_id
Definition: or_circuit_st.h:33
cell_queue_t p_chan_cells
Definition: or_circuit_st.h:35
struct or_circuit_t * rend_splice
Definition: or_circuit_st.h:50
edge_connection_t * n_streams
Definition: or_circuit_st.h:39
uint32_t processed_cells
Definition: or_circuit_st.h:78
uint64_t MaxMemInQueues
uint32_t n_written_circ_bw
edge_connection_t * p_streams
uint8_t relay_early_commands[MAX_RELAY_EARLY_CELLS_PER_CIRCUIT]
unsigned int remaining_relay_early_cells
path_state_bitfield_t path_state
smartlist_t * prepend_policy
crypt_path_t * cpath
cpath_build_state_t * build_state
smartlist_t * half_streams
uint32_t inserted_timestamp
Definition: cell_queue_st.h:22
char body[CELL_MAX_NETWORK_SIZE]
Definition: cell_queue_st.h:21
uint16_t length
Definition: or.h:522
uint8_t command
Definition: or.h:518
streamid_t stream_id
Definition: or.h:520
uint16_t recognized
Definition: or.h:519
char integrity[4]
Definition: or.h:521
unsigned int has_finished
char address[MAX_SOCKS_ADDR_LEN]
Definition: or.h:808
uint8_t command
Definition: or.h:809
unsigned int waiting_time
Definition: or.h:814
unsigned int exitward
Definition: or.h:816
unsigned int removed
Definition: or.h:815
#define STATIC
Definition: testsupport.h:32
#define MOCK_IMPL(rv, funcname, arglist)
Definition: testsupport.h:133
#define tor_assert(expr)
Definition: util_bug.h:102