Tor 0.4.9.0-alpha-dev
relay.c
Go to the documentation of this file.
1/* Copyright (c) 2001 Matej Pfajfar.
2 * Copyright (c) 2001-2004, Roger Dingledine.
3 * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson.
4 * Copyright (c) 2007-2021, The Tor Project, Inc. */
5/* See LICENSE for licensing information */
6
7/**
8 * \file relay.c
9 * \brief Handle relay cell encryption/decryption, plus packaging and
10 * receiving from circuits, plus queuing on circuits.
11 *
12 * This is a core modules that makes Tor work. It's responsible for
13 * dealing with RELAY cells (the ones that travel more than one hop along a
14 * circuit), by:
15 * <ul>
16 * <li>constructing relays cells,
17 * <li>encrypting relay cells,
18 * <li>decrypting relay cells,
19 * <li>demultiplexing relay cells as they arrive on a connection,
20 * <li>queueing relay cells for retransmission,
21 * <li>or handling relay cells that are for us to receive (as an exit or a
22 * client).
23 * </ul>
24 *
25 * RELAY cells are generated throughout the code at the client or relay side,
26 * using relay_send_command_from_edge() or one of the functions like
27 * connection_edge_send_command() that calls it. Of particular interest is
28 * connection_edge_package_raw_inbuf(), which takes information that has
29 * arrived on an edge connection socket, and packages it as a RELAY_DATA cell
30 * -- this is how information is actually sent across the Tor network. The
31 * cryptography for these functions is handled deep in
32 * circuit_package_relay_cell(), which either adds a single layer of
33 * encryption (if we're an exit), or multiple layers (if we're the origin of
34 * the circuit). After construction and encryption, the RELAY cells are
35 * passed to append_cell_to_circuit_queue(), which queues them for
36 * transmission and tells the circuitmux (see circuitmux.c) that the circuit
37 * is waiting to send something.
38 *
39 * Incoming RELAY cells arrive at circuit_receive_relay_cell(), called from
40 * command.c. There they are decrypted and, if they are for us, are passed to
41 * connection_edge_process_relay_cell(). If they're not for us, they're
42 * re-queued for retransmission again with append_cell_to_circuit_queue().
43 *
44 * The connection_edge_process_relay_cell() function handles all the different
45 * types of relay cells, launching requests or transmitting data as needed.
46 **/
47
48#define RELAY_PRIVATE
49#include "core/or/or.h"
51#include "lib/err/backtrace.h"
52#include "lib/buf/buffers.h"
53#include "core/or/channel.h"
54#include "feature/client/circpathbias.h"
56#include "core/or/circuitlist.h"
57#include "core/or/circuituse.h"
59#include "core/or/extendinfo.h"
61#include "app/config/config.h"
69#include "feature/relay/dns.h"
72#include "feature/hs/hs_cache.h"
76#include "core/or/onion.h"
77#include "core/or/policies.h"
78#include "core/or/reasons.h"
79#include "core/or/relay.h"
84#include "core/or/scheduler.h"
87
88#include "core/or/cell_st.h"
95#include "core/or/or_circuit_st.h"
99#include "core/or/sendme.h"
102#include "core/or/conflux.h"
103#include "core/or/conflux_util.h"
104#include "core/or/conflux_pool.h"
105
107 cell_direction_t cell_direction,
108 crypt_path_t *layer_hint);
109
110static void circuit_resume_edge_reading(circuit_t *circ,
111 crypt_path_t *layer_hint);
113 circuit_t *circ,
114 crypt_path_t *layer_hint);
116 crypt_path_t *layer_hint);
119 entry_connection_t *conn,
120 node_t *node,
121 const tor_addr_t *addr);
123 circuit_t *circ,
124 edge_connection_t *conn,
125 crypt_path_t *layer_hint,
126 relay_header_t *rh);
127static void set_block_state_for_streams(circuit_t *circ,
128 edge_connection_t *stream_list,
129 int block, streamid_t stream_id);
130
131/** Stats: how many relay cells have originated at this hop, or have
132 * been relayed onward (not recognized at this hop)?
133 */
135/** Stats: how many relay cells have been delivered to streams at this
136 * hop?
137 */
139/** Stats: how many circuits have we closed due to the cell queue limit being
140 * reached (see append_cell_to_circuit_queue()) */
142uint64_t stats_n_circ_max_cell_outq_reached = 0;
143
144/**
145 * Update channel usage state based on the type of relay cell and
146 * circuit properties.
147 *
148 * This is needed to determine if a client channel is being
149 * used for application traffic, and if a relay channel is being
150 * used for multihop circuits and application traffic. The decision
151 * to pad in channelpadding.c depends upon this info (as well as
152 * consensus parameters) to decide what channels to pad.
153 */
154static void
156{
157 if (CIRCUIT_IS_ORIGIN(circ)) {
158 /*
159 * The client state was first set much earlier in
160 * circuit_send_next_onion_skin(), so we can start padding as early as
161 * possible.
162 *
163 * However, if padding turns out to be expensive, we may want to not do
164 * it until actual application traffic starts flowing (which is controlled
165 * via consensus param nf_pad_before_usage).
166 *
167 * So: If we're an origin circuit and we've created a full length circuit,
168 * then any CELL_RELAY cell means application data. Increase the usage
169 * state of the channel to indicate this.
170 *
171 * We want to wait for CELL_RELAY specifically here, so we know that
172 * the channel was definitely being used for data and not for extends.
173 * By default, we pad as soon as a channel has been used for *any*
174 * circuits, so this state is irrelevant to the padding decision in
175 * the default case. However, if padding turns out to be expensive,
176 * we would like the ability to avoid padding until we're absolutely
177 * sure that a channel is used for enough application data to be worth
178 * padding.
179 *
180 * (So it does not matter that CELL_RELAY_EARLY can actually contain
181 * application data. This is only a load reducing option and that edge
182 * case does not matter if we're desperately trying to reduce overhead
183 * anyway. See also consensus parameter nf_pad_before_usage).
184 */
185 if (BUG(!circ->n_chan))
186 return;
187
188 if (circ->n_chan->channel_usage == CHANNEL_USED_FOR_FULL_CIRCS &&
189 cell->command == CELL_RELAY) {
190 circ->n_chan->channel_usage = CHANNEL_USED_FOR_USER_TRAFFIC;
191 }
192 } else {
193 /* If we're a relay circuit, the question is more complicated. Basically:
194 * we only want to pad connections that carry multihop (anonymous)
195 * circuits.
196 *
197 * We assume we're more than one hop if either the previous hop
198 * is not a client, or if the previous hop is a client and there's
199 * a next hop. Then, circuit traffic starts at RELAY_EARLY, and
200 * user application traffic starts when we see RELAY cells.
201 */
202 or_circuit_t *or_circ = TO_OR_CIRCUIT(circ);
203
204 if (BUG(!or_circ->p_chan))
205 return;
206
207 if (!channel_is_client(or_circ->p_chan) ||
208 (channel_is_client(or_circ->p_chan) && circ->n_chan)) {
209 if (cell->command == CELL_RELAY_EARLY) {
210 if (or_circ->p_chan->channel_usage < CHANNEL_USED_FOR_FULL_CIRCS) {
211 or_circ->p_chan->channel_usage = CHANNEL_USED_FOR_FULL_CIRCS;
212 }
213 } else if (cell->command == CELL_RELAY) {
214 or_circ->p_chan->channel_usage = CHANNEL_USED_FOR_USER_TRAFFIC;
215 }
216 }
217 }
218}
219
220/** Receive a relay cell:
221 * - Crypt it (encrypt if headed toward the origin or if we <b>are</b> the
222 * origin; decrypt if we're headed toward the exit).
223 * - Check if recognized (if exitward).
224 * - If recognized and the digest checks out, then find if there's a stream
225 * that the cell is intended for, and deliver it to the right
226 * connection_edge.
227 * - If not recognized, then we need to relay it: append it to the appropriate
228 * cell_queue on <b>circ</b>.
229 *
230 * Return -<b>reason</b> on failure.
231 */
232int
234 cell_direction_t cell_direction)
235{
236 channel_t *chan = NULL;
237 crypt_path_t *layer_hint=NULL;
238 char recognized=0;
239 int reason;
240
241 tor_assert(cell);
242 tor_assert(circ);
243 tor_assert(cell_direction == CELL_DIRECTION_OUT ||
244 cell_direction == CELL_DIRECTION_IN);
245 if (circ->marked_for_close)
246 return 0;
247
248 if (relay_decrypt_cell(circ, cell, cell_direction, &layer_hint, &recognized)
249 < 0) {
250 log_fn(LOG_PROTOCOL_WARN, LD_PROTOCOL,
251 "relay crypt failed. Dropping connection.");
252 return -END_CIRC_REASON_INTERNAL;
253 }
254
256
257 if (recognized) {
258 edge_connection_t *conn = NULL;
259
260 /* Recognized cell, the cell digest has been updated, we'll record it for
261 * the SENDME if need be. */
262 sendme_record_received_cell_digest(circ, layer_hint);
263
265 if (pathbias_check_probe_response(circ, cell) == -1) {
266 pathbias_count_valid_cells(circ, cell);
267 }
268
269 /* We need to drop this cell no matter what to avoid code that expects
270 * a certain purpose (such as the hidserv code). */
271 return 0;
272 }
273
274 conn = relay_lookup_conn(circ, cell, cell_direction, layer_hint);
275 if (cell_direction == CELL_DIRECTION_OUT) {
277 log_debug(LD_OR,"Sending away from origin.");
278 reason = connection_edge_process_relay_cell(cell, circ, conn, NULL);
279 if (reason < 0) {
280 log_fn(LOG_PROTOCOL_WARN, LD_PROTOCOL,
281 "connection_edge_process_relay_cell (away from origin) "
282 "failed.");
283 return reason;
284 }
285 }
286 if (cell_direction == CELL_DIRECTION_IN) {
288 log_debug(LD_OR,"Sending to origin.");
289 reason = connection_edge_process_relay_cell(cell, circ, conn,
290 layer_hint);
291 if (reason < 0) {
292 /* If a client is trying to connect to unknown hidden service port,
293 * END_CIRC_AT_ORIGIN is sent back so we can then close the circuit.
294 * Do not log warn as this is an expected behavior for a service. */
295 if (reason != END_CIRC_AT_ORIGIN) {
296 log_warn(LD_OR,
297 "connection_edge_process_relay_cell (at origin) failed.");
298 }
299 return reason;
300 }
301 }
302 return 0;
303 }
304
305 /* not recognized. inform circpad and pass it on. */
306 circpad_deliver_unrecognized_cell_events(circ, cell_direction);
307
308 if (cell_direction == CELL_DIRECTION_OUT) {
309 cell->circ_id = circ->n_circ_id; /* switch it */
310 chan = circ->n_chan;
311 } else if (! CIRCUIT_IS_ORIGIN(circ)) {
312 cell->circ_id = TO_OR_CIRCUIT(circ)->p_circ_id; /* switch it */
313 chan = TO_OR_CIRCUIT(circ)->p_chan;
314 } else {
315 log_fn(LOG_PROTOCOL_WARN, LD_OR,
316 "Dropping unrecognized inbound cell on origin circuit.");
317 /* If we see unrecognized cells on path bias testing circs,
318 * it's bad mojo. Those circuits need to die.
319 * XXX: Shouldn't they always die? */
322 return -END_CIRC_REASON_TORPROTOCOL;
323 } else {
324 return 0;
325 }
326 }
327
328 if (!chan) {
329 // XXXX Can this splice stuff be done more cleanly?
330 if (! CIRCUIT_IS_ORIGIN(circ) &&
331 TO_OR_CIRCUIT(circ)->rend_splice &&
332 cell_direction == CELL_DIRECTION_OUT) {
333 or_circuit_t *splice_ = TO_OR_CIRCUIT(circ)->rend_splice;
336 cell->circ_id = splice_->p_circ_id;
337 cell->command = CELL_RELAY; /* can't be relay_early anyway */
338 if ((reason = circuit_receive_relay_cell(cell, TO_CIRCUIT(splice_),
339 CELL_DIRECTION_IN)) < 0) {
340 log_warn(LD_REND, "Error relaying cell across rendezvous; closing "
341 "circuits");
342 /* XXXX Do this here, or just return -1? */
343 circuit_mark_for_close(circ, -reason);
344 return reason;
345 }
346 return 0;
347 }
348 if (BUG(CIRCUIT_IS_ORIGIN(circ))) {
349 /* Should be impossible at this point. */
350 return -END_CIRC_REASON_TORPROTOCOL;
351 }
352 or_circuit_t *or_circ = TO_OR_CIRCUIT(circ);
353 if (++or_circ->n_cells_discarded_at_end == 1) {
354 time_t seconds_open = approx_time() - circ->timestamp_created.tv_sec;
355 log_fn(LOG_PROTOCOL_WARN, LD_PROTOCOL,
356 "Didn't recognize a cell, but circ stops here! Closing circuit. "
357 "It was created %ld seconds ago.", (long)seconds_open);
358 }
359 return -END_CIRC_REASON_TORPROTOCOL;
360 }
361
362 log_debug(LD_OR,"Passing on unrecognized cell.");
363
364 ++stats_n_relay_cells_relayed; /* XXXX no longer quite accurate {cells}
365 * we might kill the circ before we relay
366 * the cells. */
367
368 if (append_cell_to_circuit_queue(circ, chan, cell, cell_direction, 0) < 0) {
369 return -END_CIRC_REASON_RESOURCELIMIT;
370 }
371 return 0;
372}
373
374/** Package a relay cell from an edge:
375 * - Encrypt it to the right layer
376 * - Append it to the appropriate cell_queue on <b>circ</b>.
377 *
378 * Return 1 if the cell was successfully sent as in queued on the circuit.
379 * Return 0 if the cell needs to be dropped as in ignored.
380 * Return -1 on error for which the circuit should be marked for close. */
381MOCK_IMPL(int,
383 cell_direction_t cell_direction,
384 crypt_path_t *layer_hint, streamid_t on_stream,
385 const char *filename, int lineno))
386{
387 channel_t *chan; /* where to send the cell */
388
389 if (circ->marked_for_close) {
390 /* Circuit is marked; send nothing. */
391 return 0;
392 }
393
394 if (cell_direction == CELL_DIRECTION_OUT) {
395 chan = circ->n_chan;
396 if (!chan) {
397 log_warn(LD_BUG,"outgoing relay cell sent from %s:%d has n_chan==NULL."
398 " Dropping. Circuit is in state %s (%d), and is "
399 "%smarked for close. (%s:%d, %d)", filename, lineno,
400 circuit_state_to_string(circ->state), circ->state,
401 circ->marked_for_close ? "" : "not ",
404 if (CIRCUIT_IS_ORIGIN(circ)) {
406 }
407 log_backtrace(LOG_WARN,LD_BUG,"");
408 return 0; /* just drop it */
409 }
410 if (!CIRCUIT_IS_ORIGIN(circ)) {
411 log_warn(LD_BUG,"outgoing relay cell sent from %s:%d on non-origin "
412 "circ. Dropping.", filename, lineno);
413 log_backtrace(LOG_WARN,LD_BUG,"");
414 return 0; /* just drop it */
415 }
416
417 relay_encrypt_cell_outbound(cell, TO_ORIGIN_CIRCUIT(circ), layer_hint);
418
419 /* Update circ written totals for control port */
420 origin_circuit_t *ocirc = TO_ORIGIN_CIRCUIT(circ);
421 ocirc->n_written_circ_bw = tor_add_u32_nowrap(ocirc->n_written_circ_bw,
423
424 } else { /* incoming cell */
425 if (CIRCUIT_IS_ORIGIN(circ)) {
426 /* We should never package an _incoming_ cell from the circuit
427 * origin; that means we messed up somewhere. */
428 log_warn(LD_BUG,"incoming relay cell at origin circuit. Dropping.");
429 assert_circuit_ok(circ);
430 return 0; /* just drop it */
431 }
432 or_circuit_t *or_circ = TO_OR_CIRCUIT(circ);
433 relay_encrypt_cell_inbound(cell, or_circ);
434 chan = or_circ->p_chan;
435 }
437
438 return append_cell_to_circuit_queue(circ, chan, cell,
439 cell_direction, on_stream);
440}
441
442/** If cell's stream_id matches the stream_id of any conn that's
443 * attached to circ, return that conn, else return NULL.
444 */
445static edge_connection_t *
447 cell_direction_t cell_direction, crypt_path_t *layer_hint)
448{
449 edge_connection_t *tmpconn;
451
452 relay_header_unpack(&rh, cell->payload);
453
454 if (!rh.stream_id)
455 return NULL;
456
457 /* IN or OUT cells could have come from either direction, now
458 * that we allow rendezvous *to* an OP.
459 */
460 if (CIRCUIT_IS_ORIGIN(circ)) {
461 for (tmpconn = TO_ORIGIN_CIRCUIT(circ)->p_streams; tmpconn;
462 tmpconn=tmpconn->next_stream) {
463 if (rh.stream_id == tmpconn->stream_id &&
464 !tmpconn->base_.marked_for_close &&
465 edge_uses_cpath(tmpconn, layer_hint)) {
466 log_debug(LD_APP,"found conn for stream %d.", rh.stream_id);
467 return tmpconn;
468 }
469 }
470 } else {
471 for (tmpconn = TO_OR_CIRCUIT(circ)->n_streams; tmpconn;
472 tmpconn=tmpconn->next_stream) {
473 if (rh.stream_id == tmpconn->stream_id &&
474 !tmpconn->base_.marked_for_close) {
475 log_debug(LD_EXIT,"found conn for stream %d.", rh.stream_id);
476 if (cell_direction == CELL_DIRECTION_OUT ||
478 return tmpconn;
479 }
480 }
481 for (tmpconn = TO_OR_CIRCUIT(circ)->resolving_streams; tmpconn;
482 tmpconn=tmpconn->next_stream) {
483 if (rh.stream_id == tmpconn->stream_id &&
484 !tmpconn->base_.marked_for_close) {
485 log_debug(LD_EXIT,"found conn for stream %d.", rh.stream_id);
486 return tmpconn;
487 }
488 }
489 }
490 return NULL; /* probably a begin relay cell */
491}
492
493/** Pack the relay_header_t host-order structure <b>src</b> into
494 * network-order in the buffer <b>dest</b>. See tor-spec.txt for details
495 * about the wire format.
496 */
497void
498relay_header_pack(uint8_t *dest, const relay_header_t *src)
499{
500 set_uint8(dest, src->command);
501 set_uint16(dest+1, htons(src->recognized));
502 set_uint16(dest+3, htons(src->stream_id));
503 memcpy(dest+5, src->integrity, 4);
504 set_uint16(dest+9, htons(src->length));
505}
506
507/** Unpack the network-order buffer <b>src</b> into a host-order
508 * relay_header_t structure <b>dest</b>.
509 */
510void
511relay_header_unpack(relay_header_t *dest, const uint8_t *src)
512{
513 dest->command = get_uint8(src);
514 dest->recognized = ntohs(get_uint16(src+1));
515 dest->stream_id = ntohs(get_uint16(src+3));
516 memcpy(dest->integrity, src+5, 4);
517 dest->length = ntohs(get_uint16(src+9));
518}
519
520/** Convert the relay <b>command</b> into a human-readable string. */
521const char *
523{
524 static char buf[64];
525 switch (command) {
526 case RELAY_COMMAND_BEGIN: return "BEGIN";
527 case RELAY_COMMAND_DATA: return "DATA";
528 case RELAY_COMMAND_END: return "END";
529 case RELAY_COMMAND_CONNECTED: return "CONNECTED";
530 case RELAY_COMMAND_SENDME: return "SENDME";
531 case RELAY_COMMAND_EXTEND: return "EXTEND";
532 case RELAY_COMMAND_EXTENDED: return "EXTENDED";
533 case RELAY_COMMAND_TRUNCATE: return "TRUNCATE";
534 case RELAY_COMMAND_TRUNCATED: return "TRUNCATED";
535 case RELAY_COMMAND_DROP: return "DROP";
536 case RELAY_COMMAND_RESOLVE: return "RESOLVE";
537 case RELAY_COMMAND_RESOLVED: return "RESOLVED";
538 case RELAY_COMMAND_BEGIN_DIR: return "BEGIN_DIR";
539 case RELAY_COMMAND_ESTABLISH_INTRO: return "ESTABLISH_INTRO";
540 case RELAY_COMMAND_ESTABLISH_RENDEZVOUS: return "ESTABLISH_RENDEZVOUS";
541 case RELAY_COMMAND_INTRODUCE1: return "INTRODUCE1";
542 case RELAY_COMMAND_INTRODUCE2: return "INTRODUCE2";
543 case RELAY_COMMAND_RENDEZVOUS1: return "RENDEZVOUS1";
544 case RELAY_COMMAND_RENDEZVOUS2: return "RENDEZVOUS2";
545 case RELAY_COMMAND_INTRO_ESTABLISHED: return "INTRO_ESTABLISHED";
546 case RELAY_COMMAND_RENDEZVOUS_ESTABLISHED:
547 return "RENDEZVOUS_ESTABLISHED";
548 case RELAY_COMMAND_INTRODUCE_ACK: return "INTRODUCE_ACK";
549 case RELAY_COMMAND_EXTEND2: return "EXTEND2";
550 case RELAY_COMMAND_EXTENDED2: return "EXTENDED2";
551 case RELAY_COMMAND_PADDING_NEGOTIATE: return "PADDING_NEGOTIATE";
552 case RELAY_COMMAND_PADDING_NEGOTIATED: return "PADDING_NEGOTIATED";
553 case RELAY_COMMAND_CONFLUX_LINK: return "CONFLUX_LINK";
554 case RELAY_COMMAND_CONFLUX_LINKED: return "CONFLUX_LINKED";
555 case RELAY_COMMAND_CONFLUX_LINKED_ACK: return "CONFLUX_LINKED_ACK";
556 case RELAY_COMMAND_CONFLUX_SWITCH: return "CONFLUX_SWITCH";
557 default:
558 tor_snprintf(buf, sizeof(buf), "Unrecognized relay command %u",
559 (unsigned)command);
560 return buf;
561 }
562}
563
564/** When padding a cell with randomness, leave this many zeros after the
565 * payload. */
566#define CELL_PADDING_GAP 4
567
568/** Return the offset where the padding should start. The <b>data_len</b> is
569 * the relay payload length expected to be put in the cell. It can not be
570 * bigger than RELAY_PAYLOAD_SIZE else this function assert().
571 *
572 * Value will always be smaller than CELL_PAYLOAD_SIZE because this offset is
573 * for the entire cell length not just the data payload length. Zero is
574 * returned if there is no room for padding.
575 *
576 * This function always skips the first 4 bytes after the payload because
577 * having some unused zero bytes has saved us a lot of times in the past. */
578
579STATIC size_t
580get_pad_cell_offset(size_t data_len)
581{
582 /* This is never supposed to happen but in case it does, stop right away
583 * because if tor is tricked somehow into not adding random bytes to the
584 * payload with this function returning 0 for a bad data_len, the entire
585 * authenticated SENDME design can be bypassed leading to bad denial of
586 * service attacks. */
587 tor_assert(data_len <= RELAY_PAYLOAD_SIZE);
588
589 /* If the offset is larger than the cell payload size, we return an offset
590 * of zero indicating that no padding needs to be added. */
591 size_t offset = RELAY_HEADER_SIZE + data_len + CELL_PADDING_GAP;
592 if (offset >= CELL_PAYLOAD_SIZE) {
593 return 0;
594 }
595 return offset;
596}
597
598/* Add random bytes to the unused portion of the payload, to foil attacks
599 * where the other side can predict all of the bytes in the payload and thus
600 * compute the authenticated SENDME cells without seeing the traffic. See
601 * proposal 289. */
602static void
603pad_cell_payload(uint8_t *cell_payload, size_t data_len)
604{
605 size_t pad_offset, pad_len;
606
607 tor_assert(cell_payload);
608
609 pad_offset = get_pad_cell_offset(data_len);
610 if (pad_offset == 0) {
611 /* We can't add padding so we are done. */
612 return;
613 }
614
615 /* Remember here that the cell_payload is the length of the header and
616 * payload size so we offset it using the full length of the cell. */
617 pad_len = CELL_PAYLOAD_SIZE - pad_offset;
619 cell_payload + pad_offset, pad_len);
620}
621
622/** Make a relay cell out of <b>relay_command</b> and <b>payload</b>, and send
623 * it onto the open circuit <b>circ</b>. <b>stream_id</b> is the ID on
624 * <b>circ</b> for the stream that's sending the relay cell, or 0 if it's a
625 * control cell. <b>cpath_layer</b> is NULL for OR->OP cells, or the
626 * destination hop for OP->OR cells.
627 *
628 * If you can't send the cell, mark the circuit for close and return -1. Else
629 * return 0.
630 */
631MOCK_IMPL(int,
633 uint8_t relay_command, const char *payload,
634 size_t payload_len, crypt_path_t *cpath_layer,
635 const char *filename, int lineno))
636{
637 cell_t cell;
639 cell_direction_t cell_direction;
640 circuit_t *circ = orig_circ;
641
642 /* If conflux is enabled, decide which leg to send on, and use that */
643 if (orig_circ->conflux && conflux_should_multiplex(relay_command)) {
644 circ = conflux_decide_circ_for_send(orig_circ->conflux, orig_circ,
645 relay_command);
646 if (BUG(!circ)) {
647 log_warn(LD_BUG, "No circuit to send for conflux for relay command %d, "
648 "called from %s:%d", relay_command, filename, lineno);
649 conflux_log_set(LOG_WARN, orig_circ->conflux,
650 CIRCUIT_IS_ORIGIN(orig_circ));
651 circ = orig_circ;
652 } else {
653 /* Conflux circuits always send multiplexed relay commands to
654 * to the last hop. (Non-multiplexed commands go on their
655 * original circuit and hop). */
656 cpath_layer = conflux_get_destination_hop(circ);
657 }
658 }
659
660 /* XXXX NM Split this function into a separate versions per circuit type? */
661
662 tor_assert(circ);
663 tor_assert(payload_len <= RELAY_PAYLOAD_SIZE);
664
665 memset(&cell, 0, sizeof(cell_t));
666 cell.command = CELL_RELAY;
667 if (CIRCUIT_IS_ORIGIN(circ)) {
668 tor_assert(cpath_layer);
669 cell.circ_id = circ->n_circ_id;
670 cell_direction = CELL_DIRECTION_OUT;
671 } else {
672 tor_assert(! cpath_layer);
673 cell.circ_id = TO_OR_CIRCUIT(circ)->p_circ_id;
674 cell_direction = CELL_DIRECTION_IN;
675 }
676
677 memset(&rh, 0, sizeof(rh));
678 rh.command = relay_command;
679 rh.stream_id = stream_id;
680 rh.length = payload_len;
681 relay_header_pack(cell.payload, &rh);
682
683 if (payload_len)
684 memcpy(cell.payload+RELAY_HEADER_SIZE, payload, payload_len);
685
686 /* Add random padding to the cell if we can. */
687 pad_cell_payload(cell.payload, payload_len);
688
689 log_debug(LD_OR,"delivering %d cell %s.", relay_command,
690 cell_direction == CELL_DIRECTION_OUT ? "forward" : "backward");
691
692 /* Tell circpad we're sending a relay cell */
693 circpad_deliver_sent_relay_cell_events(circ, relay_command);
694
695 /* If we are sending an END cell and this circuit is used for a tunneled
696 * directory request, advance its state. */
697 if (relay_command == RELAY_COMMAND_END && circ->dirreq_id)
698 geoip_change_dirreq_state(circ->dirreq_id, DIRREQ_TUNNELED,
700
701 if (cell_direction == CELL_DIRECTION_OUT && circ->n_chan) {
702 /* if we're using relaybandwidthrate, this conn wants priority */
704 }
705
706 if (cell_direction == CELL_DIRECTION_OUT) {
707 origin_circuit_t *origin_circ = TO_ORIGIN_CIRCUIT(circ);
708 if (origin_circ->remaining_relay_early_cells > 0 &&
709 (relay_command == RELAY_COMMAND_EXTEND ||
710 relay_command == RELAY_COMMAND_EXTEND2 ||
711 cpath_layer != origin_circ->cpath)) {
712 /* If we've got any relay_early cells left and (we're sending
713 * an extend cell or we're not talking to the first hop), use
714 * one of them. Don't worry about the conn protocol version:
715 * append_cell_to_circuit_queue will fix it up. */
716 cell.command = CELL_RELAY_EARLY;
717 /* If we're out of relay early cells, tell circpad */
718 if (--origin_circ->remaining_relay_early_cells == 0)
720 log_debug(LD_OR, "Sending a RELAY_EARLY cell; %d remaining.",
721 (int)origin_circ->remaining_relay_early_cells);
722 /* Memorize the command that is sent as RELAY_EARLY cell; helps debug
723 * task 878. */
724 origin_circ->relay_early_commands[
725 origin_circ->relay_early_cells_sent++] = relay_command;
726 } else if (relay_command == RELAY_COMMAND_EXTEND ||
727 relay_command == RELAY_COMMAND_EXTEND2) {
728 /* If no RELAY_EARLY cells can be sent over this circuit, log which
729 * commands have been sent as RELAY_EARLY cells before; helps debug
730 * task 878. */
731 smartlist_t *commands_list = smartlist_new();
732 int i = 0;
733 char *commands = NULL;
734 for (; i < origin_circ->relay_early_cells_sent; i++)
735 smartlist_add(commands_list, (char *)
737 commands = smartlist_join_strings(commands_list, ",", 0, NULL);
738 log_warn(LD_BUG, "Uh-oh. We're sending a RELAY_COMMAND_EXTEND cell, "
739 "but we have run out of RELAY_EARLY cells on that circuit. "
740 "Commands sent before: %s", commands);
741 tor_free(commands);
742 smartlist_free(commands_list);
743 }
744
745 /* Let's assume we're well-behaved: Anything that we decide to send is
746 * valid, delivered data. */
747 circuit_sent_valid_data(origin_circ, rh.length);
748 }
749
750 int ret = circuit_package_relay_cell(&cell, circ, cell_direction,
751 cpath_layer, stream_id, filename,
752 lineno);
753 if (ret < 0) {
754 circuit_mark_for_close(circ, END_CIRC_REASON_INTERNAL);
755 return -1;
756 } else if (ret == 0) {
757 /* This means we should drop the cell or that the circuit was already
758 * marked for close. At this point in time, we do NOT close the circuit if
759 * the cell is dropped. It is not the case with arti where each circuit
760 * protocol violation will lead to closing the circuit. */
761 return 0;
762 }
763
764 /* At this point, we are certain that the cell was queued on the circuit and
765 * thus will be sent on the wire. */
766
767 if (circ->conflux) {
768 conflux_note_cell_sent(circ->conflux, circ, relay_command);
769 }
770
771 /* If applicable, note the cell digest for the SENDME version 1 purpose if
772 * we need to. This call needs to be after the circuit_package_relay_cell()
773 * because the cell digest is set within that function. */
774 if (relay_command == RELAY_COMMAND_DATA) {
775 sendme_record_cell_digest_on_circ(circ, cpath_layer);
776
777 /* Handle the circuit-level SENDME package window. */
778 if (sendme_note_circuit_data_packaged(circ, cpath_layer) < 0) {
779 /* Package window has gone under 0. Protocol issue. */
780 log_fn(LOG_PROTOCOL_WARN, LD_PROTOCOL,
781 "Circuit package window is below 0. Closing circuit.");
782 circuit_mark_for_close(circ, END_CIRC_REASON_TORPROTOCOL);
783 return -1;
784 }
785 }
786
787 return 0;
788}
789
790/** Make a relay cell out of <b>relay_command</b> and <b>payload</b>, and
791 * send it onto the open circuit <b>circ</b>. <b>fromconn</b> is the stream
792 * that's sending the relay cell, or NULL if it's a control cell.
793 * <b>cpath_layer</b> is NULL for OR->OP cells, or the destination hop
794 * for OP->OR cells.
795 *
796 * If you can't send the cell, mark the circuit for close and
797 * return -1. Else return 0.
798 */
799int
801 uint8_t relay_command, const char *payload,
802 size_t payload_len)
803{
804 /* XXXX NM Split this function into a separate versions per circuit type? */
805 circuit_t *circ;
806 crypt_path_t *cpath_layer = fromconn->cpath_layer;
807 tor_assert(fromconn);
808
809 circ = fromconn->on_circuit;
810
811 if (fromconn->base_.marked_for_close) {
812 log_warn(LD_BUG,
813 "called on conn that's already marked for close at %s:%d.",
814 fromconn->base_.marked_for_close_file,
815 fromconn->base_.marked_for_close);
816 return 0;
817 }
818
819 if (!circ) {
820 if (fromconn->base_.type == CONN_TYPE_AP) {
821 log_info(LD_APP,"no circ. Closing conn.");
822 connection_mark_unattached_ap(EDGE_TO_ENTRY_CONN(fromconn),
823 END_STREAM_REASON_INTERNAL);
824 } else {
825 log_info(LD_EXIT,"no circ. Closing conn.");
826 fromconn->edge_has_sent_end = 1; /* no circ to send to */
827 fromconn->end_reason = END_STREAM_REASON_INTERNAL;
828 connection_mark_for_close(TO_CONN(fromconn));
829 }
830 return -1;
831 }
832
833 if (circ->marked_for_close) {
834 /* The circuit has been marked, but not freed yet. When it's freed, it
835 * will mark this connection for close. */
836 return -1;
837 }
838
839#ifdef MEASUREMENTS_21206
840 /* Keep track of the number of RELAY_DATA cells sent for directory
841 * connections. */
842 connection_t *linked_conn = TO_CONN(fromconn)->linked_conn;
843
844 if (linked_conn && linked_conn->type == CONN_TYPE_DIR) {
845 ++(TO_DIR_CONN(linked_conn)->data_cells_sent);
846 }
847#endif /* defined(MEASUREMENTS_21206) */
848
849 return relay_send_command_from_edge(fromconn->stream_id, circ,
850 relay_command, payload,
851 payload_len, cpath_layer);
852}
853
854/** How many times will I retry a stream that fails due to DNS
855 * resolve failure or misc error?
856 */
857#define MAX_RESOLVE_FAILURES 3
858
859/** Return 1 if reason is something that you should retry if you
860 * get the end cell before you've connected; else return 0. */
861static int
863{
864 return reason == END_STREAM_REASON_HIBERNATING ||
865 reason == END_STREAM_REASON_RESOURCELIMIT ||
866 reason == END_STREAM_REASON_EXITPOLICY ||
867 reason == END_STREAM_REASON_RESOLVEFAILED ||
868 reason == END_STREAM_REASON_MISC ||
869 reason == END_STREAM_REASON_NOROUTE;
870}
871
872/** Called when we receive an END cell on a stream that isn't open yet,
873 * from the client side.
874 * Arguments are as for connection_edge_process_relay_cell().
875 */
876static int
878 relay_header_t *rh, cell_t *cell, origin_circuit_t *circ,
879 entry_connection_t *conn, crypt_path_t *layer_hint)
880{
881 node_t *exitrouter;
882 int reason = *(cell->payload+RELAY_HEADER_SIZE);
883 int control_reason;
884 edge_connection_t *edge_conn = ENTRY_TO_EDGE_CONN(conn);
885 (void) layer_hint; /* unused */
886
887 if (rh->length > 0) {
888 if (reason == END_STREAM_REASON_TORPROTOCOL ||
889 reason == END_STREAM_REASON_DESTROY) {
890 /* Both of these reasons could mean a failed tag
891 * hit the exit and it complained. Do not probe.
892 * Fail the circuit. */
894 return -END_CIRC_REASON_TORPROTOCOL;
895 } else if (reason == END_STREAM_REASON_INTERNAL) {
896 /* We can't infer success or failure, since older Tors report
897 * ENETUNREACH as END_STREAM_REASON_INTERNAL. */
898 } else {
899 /* Path bias: If we get a valid reason code from the exit,
900 * it wasn't due to tagging.
901 *
902 * We rely on recognized+digest being strong enough to make
903 * tags unlikely to allow us to get tagged, yet 'recognized'
904 * reason codes here. */
906 }
907 }
908
909 /* This end cell is now valid. */
911
912 if (rh->length == 0) {
913 reason = END_STREAM_REASON_MISC;
914 }
915
916 control_reason = reason | END_STREAM_REASON_FLAG_REMOTE;
917
918 if (edge_reason_is_retriable(reason) &&
919 /* avoid retry if rend */
921 const char *chosen_exit_digest =
923 log_info(LD_APP,"Address '%s' refused due to '%s'. Considering retrying.",
924 safe_str(conn->socks_request->address),
926 exitrouter = node_get_mutable_by_id(chosen_exit_digest);
927 switch (reason) {
928 case END_STREAM_REASON_EXITPOLICY: {
929 tor_addr_t addr;
931 if (rh->length >= 5) {
932 int ttl = -1;
934 if (rh->length == 5 || rh->length == 9) {
937 if (rh->length == 9)
938 ttl = (int)ntohl(get_uint32(cell->payload+RELAY_HEADER_SIZE+5));
939 } else if (rh->length == 17 || rh->length == 21) {
941 (cell->payload+RELAY_HEADER_SIZE+1));
942 if (rh->length == 21)
943 ttl = (int)ntohl(get_uint32(cell->payload+RELAY_HEADER_SIZE+17));
944 }
945 if (tor_addr_is_null(&addr)) {
946 log_info(LD_APP,"Address '%s' resolved to 0.0.0.0. Closing,",
947 safe_str(conn->socks_request->address));
948 connection_mark_unattached_ap(conn, END_STREAM_REASON_TORPROTOCOL);
949 return 0;
950 }
951
952 if ((tor_addr_family(&addr) == AF_INET &&
953 !conn->entry_cfg.ipv4_traffic) ||
954 (tor_addr_family(&addr) == AF_INET6 &&
955 !conn->entry_cfg.ipv6_traffic)) {
956 log_fn(LOG_PROTOCOL_WARN, LD_APP,
957 "Got an EXITPOLICY failure on a connection with a "
958 "mismatched family. Closing.");
959 connection_mark_unattached_ap(conn, END_STREAM_REASON_TORPROTOCOL);
960 return 0;
961 }
962 if (get_options()->ClientDNSRejectInternalAddresses &&
963 tor_addr_is_internal(&addr, 0)) {
964 log_info(LD_APP,"Address '%s' resolved to internal. Closing,",
965 safe_str(conn->socks_request->address));
966 connection_mark_unattached_ap(conn, END_STREAM_REASON_TORPROTOCOL);
967 return 0;
968 }
969
971 conn->socks_request->address, &addr,
972 conn->chosen_exit_name, ttl);
973
974 {
975 char new_addr[TOR_ADDR_BUF_LEN];
976 tor_addr_to_str(new_addr, &addr, sizeof(new_addr), 1);
977 if (strcmp(conn->socks_request->address, new_addr)) {
978 strlcpy(conn->socks_request->address, new_addr,
979 sizeof(conn->socks_request->address));
980 control_event_stream_status(conn, STREAM_EVENT_REMAP, 0);
981 }
982 }
983 }
984 /* check if the exit *ought* to have allowed it */
985
987 conn,
988 exitrouter,
989 &addr);
990
991 if (conn->chosen_exit_optional ||
992 conn->chosen_exit_retries) {
993 /* stop wanting a specific exit */
994 conn->chosen_exit_optional = 0;
995 /* A non-zero chosen_exit_retries can happen if we set a
996 * TrackHostExits for this address under a port that the exit
997 * relay allows, but then try the same address with a different
998 * port that it doesn't allow to exit. We shouldn't unregister
999 * the mapping, since it is probably still wanted on the
1000 * original port. But now we give away to the exit relay that
1001 * we probably have a TrackHostExits on it. So be it. */
1002 conn->chosen_exit_retries = 0;
1003 tor_free(conn->chosen_exit_name); /* clears it */
1004 }
1005 if (connection_ap_detach_retriable(conn, circ, control_reason) >= 0)
1006 return 0;
1007 /* else, conn will get closed below */
1008 break;
1009 }
1010 case END_STREAM_REASON_CONNECTREFUSED:
1011 if (!conn->chosen_exit_optional)
1012 break; /* break means it'll close, below */
1013 /* Else fall through: expire this circuit, clear the
1014 * chosen_exit_name field, and try again. */
1015 FALLTHROUGH;
1016 case END_STREAM_REASON_RESOLVEFAILED:
1017 case END_STREAM_REASON_TIMEOUT:
1018 case END_STREAM_REASON_MISC:
1019 case END_STREAM_REASON_NOROUTE:
1022 /* We haven't retried too many times; reattach the connection. */
1024 /* Mark this circuit "unusable for new streams". */
1026
1027 if (conn->chosen_exit_optional) {
1028 /* stop wanting a specific exit */
1029 conn->chosen_exit_optional = 0;
1030 tor_free(conn->chosen_exit_name); /* clears it */
1031 }
1032 if (connection_ap_detach_retriable(conn, circ, control_reason) >= 0)
1033 return 0;
1034 /* else, conn will get closed below */
1035 } else {
1036 log_notice(LD_APP,
1037 "Have tried resolving or connecting to address '%s' "
1038 "at %d different places. Giving up.",
1039 safe_str(conn->socks_request->address),
1041 /* clear the failures, so it will have a full try next time */
1043 }
1044 break;
1045 case END_STREAM_REASON_HIBERNATING:
1046 case END_STREAM_REASON_RESOURCELIMIT:
1047 if (exitrouter) {
1049 }
1050 if (conn->chosen_exit_optional) {
1051 /* stop wanting a specific exit */
1052 conn->chosen_exit_optional = 0;
1053 tor_free(conn->chosen_exit_name); /* clears it */
1054 }
1055 if (connection_ap_detach_retriable(conn, circ, control_reason) >= 0)
1056 return 0;
1057 /* else, will close below */
1058 break;
1059 } /* end switch */
1060 log_info(LD_APP,"Giving up on retrying; conn can't be handled.");
1061 }
1062
1063 log_info(LD_APP,
1064 "Edge got end (%s) before we're connected. Marking for close.",
1065 stream_end_reason_to_string(rh->length > 0 ? reason : -1));
1067 /* need to test because of detach_retriable */
1068 if (!ENTRY_TO_CONN(conn)->marked_for_close)
1069 connection_mark_unattached_ap(conn, control_reason);
1070 return 0;
1071}
1072
1073/** Called when we have gotten an END_REASON_EXITPOLICY failure on <b>circ</b>
1074 * for <b>conn</b>, while attempting to connect via <b>node</b>. If the node
1075 * told us which address it rejected, then <b>addr</b> is that address;
1076 * otherwise it is AF_UNSPEC.
1077 *
1078 * If we are sure the node should have allowed this address, mark the node as
1079 * having a reject *:* exit policy. Otherwise, mark the circuit as unusable
1080 * for this particular address.
1081 **/
1082static void
1084 entry_connection_t *conn,
1085 node_t *node,
1086 const tor_addr_t *addr)
1087{
1088 int make_reject_all = 0;
1089 const sa_family_t family = tor_addr_family(addr);
1090
1091 if (node) {
1092 tor_addr_t tmp;
1093 int asked_for_family = tor_addr_parse(&tmp, conn->socks_request->address);
1094 if (family == AF_UNSPEC) {
1095 make_reject_all = 1;
1096 } else if (node_exit_policy_is_exact(node, family) &&
1097 asked_for_family != -1 && !conn->chosen_exit_name) {
1098 make_reject_all = 1;
1099 }
1100
1101 if (make_reject_all) {
1102 log_info(LD_APP,
1103 "Exitrouter %s seems to be more restrictive than its exit "
1104 "policy. Not using this router as exit for now.",
1105 node_describe(node));
1107 }
1108 }
1109
1110 if (family != AF_UNSPEC)
1112}
1113
1114/** Helper: change the socks_request-&gt;address field on conn to the
1115 * dotted-quad representation of <b>new_addr</b>,
1116 * and send an appropriate REMAP event. */
1117static void
1119{
1120 tor_addr_to_str(conn->socks_request->address, new_addr,
1121 sizeof(conn->socks_request->address),
1122 1);
1123 control_event_stream_status(conn, STREAM_EVENT_REMAP,
1125}
1126
1127/** Extract the contents of a connected cell in <b>cell</b>, whose relay
1128 * header has already been parsed into <b>rh</b>. On success, set
1129 * <b>addr_out</b> to the address we're connected to, and <b>ttl_out</b> to
1130 * the ttl of that address, in seconds, and return 0. On failure, return
1131 * -1.
1132 *
1133 * Note that the resulting address can be UNSPEC if the connected cell had no
1134 * address (as for a stream to an union service or a tunneled directory
1135 * connection), and that the ttl can be absent (in which case <b>ttl_out</b>
1136 * is set to -1). */
1137STATIC int
1139 tor_addr_t *addr_out, int *ttl_out)
1140{
1141 uint32_t bytes;
1142 const uint8_t *payload = cell->payload + RELAY_HEADER_SIZE;
1143
1144 tor_addr_make_unspec(addr_out);
1145 *ttl_out = -1;
1146 if (rh->length == 0)
1147 return 0;
1148 if (rh->length < 4)
1149 return -1;
1150 bytes = ntohl(get_uint32(payload));
1151
1152 /* If bytes is 0, this is maybe a v6 address. Otherwise it's a v4 address */
1153 if (bytes != 0) {
1154 /* v4 address */
1155 tor_addr_from_ipv4h(addr_out, bytes);
1156 if (rh->length >= 8) {
1157 bytes = ntohl(get_uint32(payload + 4));
1158 if (bytes <= INT32_MAX)
1159 *ttl_out = bytes;
1160 }
1161 } else {
1162 if (rh->length < 25) /* 4 bytes of 0s, 1 addr, 16 ipv4, 4 ttl. */
1163 return -1;
1164 if (get_uint8(payload + 4) != 6)
1165 return -1;
1166 tor_addr_from_ipv6_bytes(addr_out, (payload + 5));
1167 bytes = ntohl(get_uint32(payload + 21));
1168 if (bytes <= INT32_MAX)
1169 *ttl_out = (int) bytes;
1170 }
1171 return 0;
1172}
1173
1174/** Drop all storage held by <b>addr</b>. */
1175STATIC void
1176address_ttl_free_(address_ttl_t *addr)
1177{
1178 if (!addr)
1179 return;
1180 tor_free(addr->hostname);
1181 tor_free(addr);
1182}
1183
1184/** Parse a resolved cell in <b>cell</b>, with parsed header in <b>rh</b>.
1185 * Return -1 on parse error. On success, add one or more newly allocated
1186 * address_ttl_t to <b>addresses_out</b>; set *<b>errcode_out</b> to
1187 * one of 0, RESOLVED_TYPE_ERROR, or RESOLVED_TYPE_ERROR_TRANSIENT, and
1188 * return 0. */
1189STATIC int
1191 smartlist_t *addresses_out, int *errcode_out)
1192{
1193 const uint8_t *cp;
1194 uint8_t answer_type;
1195 size_t answer_len;
1196 address_ttl_t *addr;
1197 size_t remaining;
1198 int errcode = 0;
1199 smartlist_t *addrs;
1200
1201 tor_assert(cell);
1202 tor_assert(rh);
1203 tor_assert(addresses_out);
1204 tor_assert(errcode_out);
1205
1206 *errcode_out = 0;
1207
1208 if (rh->length > RELAY_PAYLOAD_SIZE)
1209 return -1;
1210
1211 addrs = smartlist_new();
1212
1213 cp = cell->payload + RELAY_HEADER_SIZE;
1214
1215 remaining = rh->length;
1216 while (remaining) {
1217 const uint8_t *cp_orig = cp;
1218 if (remaining < 2)
1219 goto err;
1220 answer_type = *cp++;
1221 answer_len = *cp++;
1222 if (remaining < 2 + answer_len + 4) {
1223 goto err;
1224 }
1225 if (answer_type == RESOLVED_TYPE_IPV4) {
1226 if (answer_len != 4) {
1227 goto err;
1228 }
1229 addr = tor_malloc_zero(sizeof(*addr));
1230 tor_addr_from_ipv4n(&addr->addr, get_uint32(cp));
1231 cp += 4;
1232 addr->ttl = ntohl(get_uint32(cp));
1233 cp += 4;
1234 smartlist_add(addrs, addr);
1235 } else if (answer_type == RESOLVED_TYPE_IPV6) {
1236 if (answer_len != 16)
1237 goto err;
1238 addr = tor_malloc_zero(sizeof(*addr));
1239 tor_addr_from_ipv6_bytes(&addr->addr, cp);
1240 cp += 16;
1241 addr->ttl = ntohl(get_uint32(cp));
1242 cp += 4;
1243 smartlist_add(addrs, addr);
1244 } else if (answer_type == RESOLVED_TYPE_HOSTNAME) {
1245 if (answer_len == 0) {
1246 goto err;
1247 }
1248 addr = tor_malloc_zero(sizeof(*addr));
1249 addr->hostname = tor_memdup_nulterm(cp, answer_len);
1250 cp += answer_len;
1251 addr->ttl = ntohl(get_uint32(cp));
1252 cp += 4;
1253 smartlist_add(addrs, addr);
1254 } else if (answer_type == RESOLVED_TYPE_ERROR_TRANSIENT ||
1255 answer_type == RESOLVED_TYPE_ERROR) {
1256 errcode = answer_type;
1257 /* Ignore the error contents */
1258 cp += answer_len + 4;
1259 } else {
1260 cp += answer_len + 4;
1261 }
1262 tor_assert(((ssize_t)remaining) >= (cp - cp_orig));
1263 remaining -= (cp - cp_orig);
1264 }
1265
1266 if (errcode && smartlist_len(addrs) == 0) {
1267 /* Report an error only if there were no results. */
1268 *errcode_out = errcode;
1269 }
1270
1271 smartlist_add_all(addresses_out, addrs);
1272 smartlist_free(addrs);
1273
1274 return 0;
1275
1276 err:
1277 /* On parse error, don't report any results */
1278 SMARTLIST_FOREACH(addrs, address_ttl_t *, a, address_ttl_free(a));
1279 smartlist_free(addrs);
1280 return -1;
1281}
1282
1283/** Helper for connection_edge_process_resolved_cell: given an error code,
1284 * an entry_connection, and a list of address_ttl_t *, report the best answer
1285 * to the entry_connection. */
1286static void
1288 int error_code,
1289 smartlist_t *results)
1290{
1291 address_ttl_t *addr_ipv4 = NULL;
1292 address_ttl_t *addr_ipv6 = NULL;
1293 address_ttl_t *addr_hostname = NULL;
1294 address_ttl_t *addr_best = NULL;
1295
1296 /* If it's an error code, that's easy. */
1297 if (error_code) {
1298 tor_assert(error_code == RESOLVED_TYPE_ERROR ||
1299 error_code == RESOLVED_TYPE_ERROR_TRANSIENT);
1301 error_code,0,NULL,-1,-1);
1302 return;
1303 }
1304
1305 /* Get the first answer of each type. */
1306 SMARTLIST_FOREACH_BEGIN(results, address_ttl_t *, addr) {
1307 if (addr->hostname) {
1308 if (!addr_hostname) {
1309 addr_hostname = addr;
1310 }
1311 } else if (tor_addr_family(&addr->addr) == AF_INET) {
1312 if (!addr_ipv4 && conn->entry_cfg.ipv4_traffic) {
1313 addr_ipv4 = addr;
1314 }
1315 } else if (tor_addr_family(&addr->addr) == AF_INET6) {
1316 if (!addr_ipv6 && conn->entry_cfg.ipv6_traffic) {
1317 addr_ipv6 = addr;
1318 }
1319 }
1320 } SMARTLIST_FOREACH_END(addr);
1321
1322 /* Now figure out which type we wanted to deliver. */
1324 if (addr_hostname) {
1326 RESOLVED_TYPE_HOSTNAME,
1327 strlen(addr_hostname->hostname),
1328 (uint8_t*)addr_hostname->hostname,
1329 addr_hostname->ttl,-1);
1330 } else {
1332 RESOLVED_TYPE_ERROR,0,NULL,-1,-1);
1333 }
1334 return;
1335 }
1336
1337 if (conn->entry_cfg.prefer_ipv6) {
1338 addr_best = addr_ipv6 ? addr_ipv6 : addr_ipv4;
1339 } else {
1340 addr_best = addr_ipv4 ? addr_ipv4 : addr_ipv6;
1341 }
1342
1343 /* Now convert it to the ugly old interface */
1344 if (! addr_best) {
1346 RESOLVED_TYPE_NOERROR,0,NULL,-1,-1);
1347 return;
1348 }
1349
1351 &addr_best->addr,
1352 addr_best->ttl,
1353 -1);
1354
1355 remap_event_helper(conn, &addr_best->addr);
1356}
1357
1358/** Handle a RELAY_COMMAND_RESOLVED cell that we received on a non-open AP
1359 * stream. */
1360STATIC int
1362 const cell_t *cell,
1363 const relay_header_t *rh)
1364{
1365 entry_connection_t *entry_conn = EDGE_TO_ENTRY_CONN(conn);
1366 smartlist_t *resolved_addresses = NULL;
1367 int errcode = 0;
1368
1369 if (conn->base_.state != AP_CONN_STATE_RESOLVE_WAIT) {
1370 log_fn(LOG_PROTOCOL_WARN, LD_APP, "Got a 'resolved' cell while "
1371 "not in state resolve_wait. Dropping.");
1372 return 0;
1373 }
1374 tor_assert(SOCKS_COMMAND_IS_RESOLVE(entry_conn->socks_request->command));
1375
1376 resolved_addresses = smartlist_new();
1377 if (resolved_cell_parse(cell, rh, resolved_addresses, &errcode)) {
1378 log_fn(LOG_PROTOCOL_WARN, LD_PROTOCOL,
1379 "Dropping malformed 'resolved' cell");
1380 connection_mark_unattached_ap(entry_conn, END_STREAM_REASON_TORPROTOCOL);
1381 goto done;
1382 }
1383
1384 if (get_options()->ClientDNSRejectInternalAddresses) {
1385 int orig_len = smartlist_len(resolved_addresses);
1386 SMARTLIST_FOREACH_BEGIN(resolved_addresses, address_ttl_t *, addr) {
1387 if (addr->hostname == NULL && tor_addr_is_internal(&addr->addr, 0)) {
1388 log_info(LD_APP, "Got a resolved cell with answer %s; dropping that "
1389 "answer.",
1390 safe_str_client(fmt_addr(&addr->addr)));
1391 address_ttl_free(addr);
1392 SMARTLIST_DEL_CURRENT(resolved_addresses, addr);
1393 }
1394 } SMARTLIST_FOREACH_END(addr);
1395 if (orig_len && smartlist_len(resolved_addresses) == 0) {
1396 log_info(LD_APP, "Got a resolved cell with only private addresses; "
1397 "dropping it.");
1399 RESOLVED_TYPE_ERROR_TRANSIENT,
1400 0, NULL, 0, TIME_MAX);
1401 connection_mark_unattached_ap(entry_conn,
1402 END_STREAM_REASON_TORPROTOCOL);
1403 goto done;
1404 }
1405 }
1406
1407 /* This is valid data at this point. Count it */
1408 if (conn->on_circuit && CIRCUIT_IS_ORIGIN(conn->on_circuit)) {
1410 rh->length);
1411 }
1412
1414 errcode,
1415 resolved_addresses);
1416
1417 connection_mark_unattached_ap(entry_conn,
1418 END_STREAM_REASON_DONE |
1420
1421 done:
1422 SMARTLIST_FOREACH(resolved_addresses, address_ttl_t *, addr,
1423 address_ttl_free(addr));
1424 smartlist_free(resolved_addresses);
1425 return 0;
1426}
1427
1428/** An incoming relay cell has arrived from circuit <b>circ</b> to
1429 * stream <b>conn</b>.
1430 *
1431 * The arguments here are the same as in
1432 * connection_edge_process_relay_cell() below; this function is called
1433 * from there when <b>conn</b> is defined and not in an open state.
1434 */
1435static int
1437 relay_header_t *rh, cell_t *cell, circuit_t *circ,
1438 edge_connection_t *conn, crypt_path_t *layer_hint)
1439{
1440 if (rh->command == RELAY_COMMAND_END) {
1441 if (CIRCUIT_IS_ORIGIN(circ) && conn->base_.type == CONN_TYPE_AP) {
1442 return connection_ap_process_end_not_open(rh, cell,
1443 TO_ORIGIN_CIRCUIT(circ),
1444 EDGE_TO_ENTRY_CONN(conn),
1445 layer_hint);
1446 } else {
1447 /* we just got an 'end', don't need to send one */
1448 conn->edge_has_sent_end = 1;
1449 conn->end_reason = *(cell->payload+RELAY_HEADER_SIZE) |
1451 connection_mark_for_close(TO_CONN(conn));
1452 return 0;
1453 }
1454 }
1455
1456 if (conn->base_.type == CONN_TYPE_AP &&
1457 rh->command == RELAY_COMMAND_CONNECTED) {
1458 tor_addr_t addr;
1459 int ttl;
1460 entry_connection_t *entry_conn = EDGE_TO_ENTRY_CONN(conn);
1462 if (conn->base_.state != AP_CONN_STATE_CONNECT_WAIT) {
1463 log_fn(LOG_PROTOCOL_WARN, LD_APP,
1464 "Got 'connected' while not in state connect_wait. Dropping.");
1465 return 0;
1466 }
1467 CONNECTION_AP_EXPECT_NONPENDING(entry_conn);
1468 conn->base_.state = AP_CONN_STATE_OPEN;
1469 log_info(LD_APP,"'connected' received for circid %u streamid %d "
1470 "after %d seconds.",
1471 (unsigned)circ->n_circ_id,
1472 rh->stream_id,
1473 (int)(time(NULL) - conn->base_.timestamp_last_read_allowed));
1474 if (connected_cell_parse(rh, cell, &addr, &ttl) < 0) {
1475 log_fn(LOG_PROTOCOL_WARN, LD_APP,
1476 "Got a badly formatted connected cell. Closing.");
1477 connection_edge_end(conn, END_STREAM_REASON_TORPROTOCOL);
1478 connection_mark_unattached_ap(entry_conn, END_STREAM_REASON_TORPROTOCOL);
1479 return 0;
1480 }
1481 if (tor_addr_family(&addr) != AF_UNSPEC) {
1482 /* The family is not UNSPEC: so we were given an address in the
1483 * connected cell. (This is normal, except for BEGINDIR and onion
1484 * service streams.) */
1485 const sa_family_t family = tor_addr_family(&addr);
1486 if (tor_addr_is_null(&addr) ||
1487 (get_options()->ClientDNSRejectInternalAddresses &&
1488 tor_addr_is_internal(&addr, 0))) {
1489 log_info(LD_APP, "...but it claims the IP address was %s. Closing.",
1490 safe_str(fmt_addr(&addr)));
1491 connection_edge_end(conn, END_STREAM_REASON_TORPROTOCOL);
1492 connection_mark_unattached_ap(entry_conn,
1493 END_STREAM_REASON_TORPROTOCOL);
1494 return 0;
1495 }
1496
1497 if ((family == AF_INET && ! entry_conn->entry_cfg.ipv4_traffic) ||
1498 (family == AF_INET6 && ! entry_conn->entry_cfg.ipv6_traffic)) {
1499 log_fn(LOG_PROTOCOL_WARN, LD_APP,
1500 "Got a connected cell to %s with unsupported address family."
1501 " Closing.", safe_str(fmt_addr(&addr)));
1502 connection_edge_end(conn, END_STREAM_REASON_TORPROTOCOL);
1503 connection_mark_unattached_ap(entry_conn,
1504 END_STREAM_REASON_TORPROTOCOL);
1505 return 0;
1506 }
1507
1508 client_dns_set_addressmap(entry_conn,
1509 entry_conn->socks_request->address, &addr,
1510 entry_conn->chosen_exit_name, ttl);
1511
1512 remap_event_helper(entry_conn, &addr);
1513 }
1515 /* don't send a socks reply to transparent conns */
1516 tor_assert(entry_conn->socks_request != NULL);
1517 if (!entry_conn->socks_request->has_finished) {
1518 connection_ap_handshake_socks_reply(entry_conn, NULL, 0, 0);
1519 }
1520
1521 /* Was it a linked dir conn? If so, a dir request just started to
1522 * fetch something; this could be a bootstrap status milestone. */
1523 log_debug(LD_APP, "considering");
1524 if (TO_CONN(conn)->linked_conn &&
1525 TO_CONN(conn)->linked_conn->type == CONN_TYPE_DIR) {
1526 connection_t *dirconn = TO_CONN(conn)->linked_conn;
1527 log_debug(LD_APP, "it is! %d", dirconn->purpose);
1528 switch (dirconn->purpose) {
1531 control_event_bootstrap(BOOTSTRAP_STATUS_LOADING_KEYS, 0);
1532 break;
1534 control_event_bootstrap(BOOTSTRAP_STATUS_LOADING_STATUS, 0);
1535 break;
1538 if (TO_DIR_CONN(dirconn)->router_purpose == ROUTER_PURPOSE_GENERAL)
1539 control_event_boot_dir(BOOTSTRAP_STATUS_LOADING_DESCRIPTORS,
1541 break;
1542 }
1543 }
1544 /* This is definitely a success, so forget about any pending data we
1545 * had sent. */
1546 if (entry_conn->pending_optimistic_data) {
1547 buf_free(entry_conn->pending_optimistic_data);
1548 entry_conn->pending_optimistic_data = NULL;
1549 }
1550
1551 /* This is valid data at this point. Count it */
1553
1554 /* handle anything that might have queued */
1555 if (connection_edge_package_raw_inbuf(conn, 1, NULL) < 0) {
1556 /* (We already sent an end cell if possible) */
1557 connection_mark_for_close(TO_CONN(conn));
1558 return 0;
1559 }
1560 return 0;
1561 }
1562 if (conn->base_.type == CONN_TYPE_AP &&
1563 rh->command == RELAY_COMMAND_RESOLVED) {
1564 return connection_edge_process_resolved_cell(conn, cell, rh);
1565 }
1566
1567 log_fn(LOG_PROTOCOL_WARN, LD_PROTOCOL,
1568 "Got an unexpected relay command %d, in state %d (%s). Dropping.",
1569 rh->command, conn->base_.state,
1570 conn_state_to_string(conn->base_.type, conn->base_.state));
1571 return 0; /* for forward compatibility, don't kill the circuit */
1572// connection_edge_end(conn, END_STREAM_REASON_TORPROTOCOL);
1573// connection_mark_for_close(conn);
1574// return -1;
1575}
1576
1577/** Process a SENDME cell that arrived on <b>circ</b>. If it is a stream level
1578 * cell, it is destined for the given <b>conn</b>. If it is a circuit level
1579 * cell, it is destined for the <b>layer_hint</b>. The <b>domain</b> is the
1580 * logging domain that should be used.
1581 *
1582 * Return 0 if everything went well or a negative value representing a circuit
1583 * end reason on error for which the caller is responsible for closing it. */
1584static int
1586 circuit_t *circ, edge_connection_t *conn,
1587 crypt_path_t *layer_hint, int domain)
1588{
1589 int ret;
1590
1591 tor_assert(rh);
1592
1593 if (!rh->stream_id) {
1594 /* Circuit level SENDME cell. */
1595 ret = sendme_process_circuit_level(layer_hint, circ,
1596 cell->payload + RELAY_HEADER_SIZE,
1597 rh->length);
1598 if (ret < 0) {
1599 return ret;
1600 }
1601 /* Resume reading on any streams now that we've processed a valid
1602 * SENDME cell that updated our package window. */
1603 circuit_resume_edge_reading(circ, layer_hint);
1604 /* We are done, the rest of the code is for the stream level. */
1605 return 0;
1606 }
1607
1608 /* No connection, might be half edge state. We are done if so. */
1609 if (!conn) {
1610 if (CIRCUIT_IS_ORIGIN(circ)) {
1611 origin_circuit_t *ocirc = TO_ORIGIN_CIRCUIT(circ);
1613 rh->stream_id)) {
1614 circuit_read_valid_data(ocirc, rh->length);
1615 log_info(domain, "Sendme cell on circ %u valid on half-closed "
1616 "stream id %d",
1617 ocirc->global_identifier, rh->stream_id);
1618 }
1619 }
1620
1621 log_info(domain, "SENDME cell dropped, unknown stream (streamid %d).",
1622 rh->stream_id);
1623 return 0;
1624 }
1625
1626 /* Stream level SENDME cell. */
1627 // TODO: Turn this off for cc_alg=1,2,3; use XON/XOFF instead
1628 ret = sendme_process_stream_level(conn, circ, rh->length);
1629 if (ret < 0) {
1630 /* Means we need to close the circuit with reason ret. */
1631 return ret;
1632 }
1633
1634 /* We've now processed properly a SENDME cell, all windows have been
1635 * properly updated, we'll read on the edge connection to see if we can
1636 * get data out towards the end point (Exit or client) since we are now
1637 * allowed to deliver more cells. */
1638
1640 /* Still waiting for queue to flush; don't touch conn */
1641 return 0;
1642 }
1644 /* handle whatever might still be on the inbuf */
1645 if (connection_edge_package_raw_inbuf(conn, 1, NULL) < 0) {
1646 /* (We already sent an end cell if possible) */
1647 connection_mark_for_close(TO_CONN(conn));
1648 return 0;
1649 }
1650 return 0;
1651}
1652
1653/** A helper for connection_edge_process_relay_cell(): Actually handles the
1654 * cell that we received on the connection.
1655 *
1656 * The arguments are the same as in the parent function
1657 * connection_edge_process_relay_cell(), plus the relay header <b>rh</b> as
1658 * unpacked by the parent function, and <b>optimistic_data</b> as set by the
1659 * parent function.
1660 */
1661STATIC int
1663 edge_connection_t *conn, crypt_path_t *layer_hint,
1664 relay_header_t *rh, int optimistic_data)
1665{
1666 unsigned domain = layer_hint?LD_APP:LD_EXIT;
1667 int reason;
1668
1669 tor_assert(rh);
1670
1671 /* First pass the cell to the circuit padding subsystem, in case it's a
1672 * padding cell or circuit that should be handled there. */
1673 if (circpad_check_received_cell(cell, circ, layer_hint, rh) == 0) {
1674 log_debug(domain, "Cell handled as circuit padding");
1675 return 0;
1676 }
1677
1678 /* Now handle all the other commands */
1679 switch (rh->command) {
1680 case RELAY_COMMAND_CONFLUX_LINK:
1681 conflux_process_link(circ, cell, rh->length);
1682 return 0;
1683 case RELAY_COMMAND_CONFLUX_LINKED:
1684 conflux_process_linked(circ, layer_hint, cell, rh->length);
1685 return 0;
1686 case RELAY_COMMAND_CONFLUX_LINKED_ACK:
1688 return 0;
1689 case RELAY_COMMAND_CONFLUX_SWITCH:
1690 return conflux_process_switch_command(circ, layer_hint, cell, rh);
1691 case RELAY_COMMAND_BEGIN:
1692 case RELAY_COMMAND_BEGIN_DIR:
1693 if (layer_hint &&
1695 log_fn(LOG_PROTOCOL_WARN, LD_APP,
1696 "Relay begin request unsupported at AP. Dropping.");
1697 return 0;
1698 }
1700 layer_hint != TO_ORIGIN_CIRCUIT(circ)->cpath->prev) {
1701 log_fn(LOG_PROTOCOL_WARN, LD_APP,
1702 "Relay begin request to Hidden Service "
1703 "from intermediary node. Dropping.");
1704 return 0;
1705 }
1706 if (conn) {
1707 log_fn(LOG_PROTOCOL_WARN, domain,
1708 "Begin cell for known stream. Dropping.");
1709 return 0;
1710 }
1711 if (rh->command == RELAY_COMMAND_BEGIN_DIR &&
1713 /* Assign this circuit and its app-ward OR connection a unique ID,
1714 * so that we can measure download times. The local edge and dir
1715 * connection will be assigned the same ID when they are created
1716 * and linked. */
1717 static uint64_t next_id = 0;
1718 circ->dirreq_id = ++next_id;
1719 TO_OR_CIRCUIT(circ)->p_chan->dirreq_id = circ->dirreq_id;
1720 }
1721 return connection_exit_begin_conn(cell, circ);
1722 case RELAY_COMMAND_DATA:
1724
1725 if (rh->stream_id == 0) {
1726 log_fn(LOG_PROTOCOL_WARN, LD_PROTOCOL, "Relay data cell with zero "
1727 "stream_id. Dropping.");
1728 return 0;
1729 } else if (!conn) {
1730 if (CIRCUIT_IS_ORIGIN(circ)) {
1731 origin_circuit_t *ocirc = TO_ORIGIN_CIRCUIT(circ);
1733 rh->stream_id)) {
1734 circuit_read_valid_data(ocirc, rh->length);
1735 log_info(domain,
1736 "data cell on circ %u valid on half-closed "
1737 "stream id %d", ocirc->global_identifier, rh->stream_id);
1738 }
1739 }
1740
1741 log_info(domain,"data cell dropped, unknown stream (streamid %d).",
1742 rh->stream_id);
1743 return 0;
1744 }
1745
1746 /* Update our stream-level deliver window that we just received a DATA
1747 * cell. Going below 0 means we have a protocol level error so the
1748 * stream and circuit are closed. */
1749 if (sendme_stream_data_received(conn) < 0) {
1750 log_fn(LOG_PROTOCOL_WARN, LD_PROTOCOL,
1751 "(relay data) conn deliver_window below 0. Killing.");
1752 connection_edge_end_close(conn, END_STREAM_REASON_TORPROTOCOL);
1753 return -END_CIRC_REASON_TORPROTOCOL;
1754 }
1755 /* Total all valid application bytes delivered */
1756 if (CIRCUIT_IS_ORIGIN(circ) && rh->length > 0) {
1758 }
1759
1760 /* For onion service connection, update the metrics. */
1761 if (conn->hs_ident) {
1762 hs_metrics_app_write_bytes(&conn->hs_ident->identity_pk,
1763 conn->hs_ident->orig_virtual_port,
1764 rh->length);
1765 }
1766
1768 connection_buf_add((char*)(cell->payload + RELAY_HEADER_SIZE),
1769 rh->length, TO_CONN(conn));
1770
1771#ifdef MEASUREMENTS_21206
1772 /* Count number of RELAY_DATA cells received on a linked directory
1773 * connection. */
1774 connection_t *linked_conn = TO_CONN(conn)->linked_conn;
1775
1776 if (linked_conn && linked_conn->type == CONN_TYPE_DIR) {
1777 ++(TO_DIR_CONN(linked_conn)->data_cells_received);
1778 }
1779#endif /* defined(MEASUREMENTS_21206) */
1780
1781 if (!optimistic_data) {
1782 /* Only send a SENDME if we're not getting optimistic data; otherwise
1783 * a SENDME could arrive before the CONNECTED.
1784 */
1786 }
1787
1788 return 0;
1789 case RELAY_COMMAND_XOFF:
1790 if (!conn) {
1791 if (CIRCUIT_IS_ORIGIN(circ)) {
1792 origin_circuit_t *ocirc = TO_ORIGIN_CIRCUIT(circ);
1793 if (relay_crypt_from_last_hop(ocirc, layer_hint) &&
1795 rh->stream_id)) {
1796 circuit_read_valid_data(ocirc, rh->length);
1797 }
1798 }
1799 return 0;
1800 }
1801
1802 if (circuit_process_stream_xoff(conn, layer_hint, cell)) {
1803 if (CIRCUIT_IS_ORIGIN(circ)) {
1805 }
1806 }
1807 return 0;
1808 case RELAY_COMMAND_XON:
1809 if (!conn) {
1810 if (CIRCUIT_IS_ORIGIN(circ)) {
1811 origin_circuit_t *ocirc = TO_ORIGIN_CIRCUIT(circ);
1812 if (relay_crypt_from_last_hop(ocirc, layer_hint) &&
1814 rh->stream_id)) {
1815 circuit_read_valid_data(ocirc, rh->length);
1816 }
1817 }
1818 return 0;
1819 }
1820
1821 if (circuit_process_stream_xon(conn, layer_hint, cell)) {
1822 if (CIRCUIT_IS_ORIGIN(circ)) {
1824 }
1825 }
1826 return 0;
1827 case RELAY_COMMAND_END:
1828 reason = rh->length > 0 ?
1829 get_uint8(cell->payload+RELAY_HEADER_SIZE) : END_STREAM_REASON_MISC;
1830 if (!conn) {
1831 if (CIRCUIT_IS_ORIGIN(circ)) {
1832 origin_circuit_t *ocirc = TO_ORIGIN_CIRCUIT(circ);
1833 if (relay_crypt_from_last_hop(ocirc, layer_hint) &&
1835 rh->stream_id)) {
1836
1837 circuit_read_valid_data(ocirc, rh->length);
1838 log_info(domain,
1839 "end cell (%s) on circ %u valid on half-closed "
1840 "stream id %d",
1842 ocirc->global_identifier, rh->stream_id);
1843 return 0;
1844 }
1845 }
1846 log_info(domain,"end cell (%s) dropped, unknown stream.",
1848 return 0;
1849 }
1850/* XXX add to this log_fn the exit node's nickname? */
1851 log_info(domain,TOR_SOCKET_T_FORMAT": end cell (%s) for stream %d. "
1852 "Removing stream.",
1853 conn->base_.s,
1855 conn->stream_id);
1856 if (conn->base_.type == CONN_TYPE_AP) {
1857 entry_connection_t *entry_conn = EDGE_TO_ENTRY_CONN(conn);
1858 if (entry_conn->socks_request &&
1859 !entry_conn->socks_request->has_finished)
1860 log_warn(LD_BUG,
1861 "open stream hasn't sent socks answer yet? Closing.");
1862 }
1863 /* We just *got* an end; no reason to send one. */
1864 conn->edge_has_sent_end = 1;
1865 if (!conn->end_reason)
1867 if (!conn->base_.marked_for_close) {
1868 /* only mark it if not already marked. it's possible to
1869 * get the 'end' right around when the client hangs up on us. */
1870 connection_mark_and_flush(TO_CONN(conn));
1871
1872 /* Total all valid application bytes delivered */
1873 if (CIRCUIT_IS_ORIGIN(circ)) {
1875 }
1876 }
1877 return 0;
1878 case RELAY_COMMAND_EXTEND:
1879 case RELAY_COMMAND_EXTEND2: {
1880 static uint64_t total_n_extend=0, total_nonearly=0;
1881 total_n_extend++;
1882 if (rh->stream_id) {
1883 log_fn(LOG_PROTOCOL_WARN, domain,
1884 "'extend' cell received for non-zero stream. Dropping.");
1885 return 0;
1886 }
1887 if (cell->command != CELL_RELAY_EARLY &&
1888 !networkstatus_get_param(NULL,"AllowNonearlyExtend",0,0,1)) {
1889#define EARLY_WARNING_INTERVAL 3600
1890 static ratelim_t early_warning_limit =
1891 RATELIM_INIT(EARLY_WARNING_INTERVAL);
1892 char *m;
1893 if (cell->command == CELL_RELAY) {
1894 ++total_nonearly;
1895 if ((m = rate_limit_log(&early_warning_limit, approx_time()))) {
1896 double percentage = ((double)total_nonearly)/total_n_extend;
1897 percentage *= 100;
1898 log_fn(LOG_PROTOCOL_WARN, domain, "EXTEND cell received, "
1899 "but not via RELAY_EARLY. Dropping.%s", m);
1900 log_fn(LOG_PROTOCOL_WARN, domain, " (We have dropped %.02f%% of "
1901 "all EXTEND cells for this reason)", percentage);
1902 tor_free(m);
1903 }
1904 } else {
1905 log_fn(LOG_WARN, domain,
1906 "EXTEND cell received, in a cell with type %d! Dropping.",
1907 cell->command);
1908 }
1909 return 0;
1910 }
1911 return circuit_extend(cell, circ);
1912 }
1913 case RELAY_COMMAND_EXTENDED:
1914 case RELAY_COMMAND_EXTENDED2:
1915 if (!layer_hint) {
1916 log_fn(LOG_PROTOCOL_WARN, LD_PROTOCOL,
1917 "'extended' unsupported at non-origin. Dropping.");
1918 return 0;
1919 }
1920 log_debug(domain,"Got an extended cell! Yay.");
1921 {
1922 extended_cell_t extended_cell;
1923 if (extended_cell_parse(&extended_cell, rh->command,
1924 (const uint8_t*)cell->payload+RELAY_HEADER_SIZE,
1925 rh->length)<0) {
1926 log_warn(LD_PROTOCOL,
1927 "Can't parse EXTENDED cell; killing circuit.");
1928 return -END_CIRC_REASON_TORPROTOCOL;
1929 }
1930 if ((reason = circuit_finish_handshake(TO_ORIGIN_CIRCUIT(circ),
1931 &extended_cell.created_cell)) < 0) {
1932 circuit_mark_for_close(circ, -reason);
1933 return 0; /* We don't want to cause a warning, so we mark the circuit
1934 * here. */
1935 }
1936 }
1937 if ((reason=circuit_send_next_onion_skin(TO_ORIGIN_CIRCUIT(circ)))<0) {
1938 log_info(domain,"circuit_send_next_onion_skin() failed.");
1939 return reason;
1940 }
1941 /* Total all valid bytes delivered. */
1942 if (CIRCUIT_IS_ORIGIN(circ)) {
1944 }
1945 return 0;
1946 case RELAY_COMMAND_TRUNCATE:
1947 if (layer_hint) {
1948 log_fn(LOG_PROTOCOL_WARN, LD_APP,
1949 "'truncate' unsupported at origin. Dropping.");
1950 return 0;
1951 }
1952 if (circ->n_hop) {
1953 if (circ->n_chan)
1954 log_warn(LD_BUG, "n_chan and n_hop set on the same circuit!");
1955 extend_info_free(circ->n_hop);
1956 circ->n_hop = NULL;
1959 }
1960 if (circ->n_chan) {
1961 uint8_t trunc_reason = get_uint8(cell->payload + RELAY_HEADER_SIZE);
1962 circuit_synchronize_written_or_bandwidth(circ, CIRCUIT_N_CHAN);
1963 circuit_clear_cell_queue(circ, circ->n_chan);
1965 trunc_reason);
1966 circuit_set_n_circid_chan(circ, 0, NULL);
1967 }
1968 log_debug(LD_EXIT, "Processed 'truncate', replying.");
1969 {
1970 char payload[1];
1971 payload[0] = (char)END_CIRC_REASON_REQUESTED;
1972 relay_send_command_from_edge(0, circ, RELAY_COMMAND_TRUNCATED,
1973 payload, sizeof(payload), NULL);
1974 }
1975 return 0;
1976 case RELAY_COMMAND_TRUNCATED:
1977 if (!layer_hint) {
1978 log_fn(LOG_PROTOCOL_WARN, LD_EXIT,
1979 "'truncated' unsupported at non-origin. Dropping.");
1980 return 0;
1981 }
1982
1983 /* Count the truncated as valid, for completeness. The
1984 * circuit is being torn down anyway, though. */
1985 if (CIRCUIT_IS_ORIGIN(circ)) {
1987 rh->length);
1988 }
1991 return 0;
1992 case RELAY_COMMAND_CONNECTED:
1993 if (conn) {
1994 log_fn(LOG_PROTOCOL_WARN, LD_PROTOCOL,
1995 "'connected' unsupported while open. Closing circ.");
1996 return -END_CIRC_REASON_TORPROTOCOL;
1997 }
1998
1999 if (CIRCUIT_IS_ORIGIN(circ)) {
2000 origin_circuit_t *ocirc = TO_ORIGIN_CIRCUIT(circ);
2002 rh->stream_id)) {
2003 circuit_read_valid_data(ocirc, rh->length);
2004 log_info(domain,
2005 "connected cell on circ %u valid on half-closed "
2006 "stream id %d", ocirc->global_identifier, rh->stream_id);
2007 return 0;
2008 }
2009 }
2010
2011 log_info(domain,
2012 "'connected' received on circid %u for streamid %d, "
2013 "no conn attached anymore. Ignoring.",
2014 (unsigned)circ->n_circ_id, rh->stream_id);
2015 return 0;
2016 case RELAY_COMMAND_SENDME:
2017 return process_sendme_cell(rh, cell, circ, conn, layer_hint, domain);
2018 case RELAY_COMMAND_RESOLVE:
2019 if (layer_hint) {
2020 log_fn(LOG_PROTOCOL_WARN, LD_APP,
2021 "resolve request unsupported at AP; dropping.");
2022 return 0;
2023 } else if (conn) {
2024 log_fn(LOG_PROTOCOL_WARN, domain,
2025 "resolve request for known stream; dropping.");
2026 return 0;
2027 } else if (circ->purpose != CIRCUIT_PURPOSE_OR) {
2028 log_fn(LOG_PROTOCOL_WARN, domain,
2029 "resolve request on circ with purpose %d; dropping",
2030 circ->purpose);
2031 return 0;
2032 }
2033 return connection_exit_begin_resolve(cell, TO_OR_CIRCUIT(circ));
2034 case RELAY_COMMAND_RESOLVED:
2035 if (conn) {
2036 log_fn(LOG_PROTOCOL_WARN, domain,
2037 "'resolved' unsupported while open. Closing circ.");
2038 return -END_CIRC_REASON_TORPROTOCOL;
2039 }
2040
2041 if (CIRCUIT_IS_ORIGIN(circ)) {
2042 origin_circuit_t *ocirc = TO_ORIGIN_CIRCUIT(circ);
2043 if (relay_crypt_from_last_hop(ocirc, layer_hint) &&
2045 rh->stream_id)) {
2046 circuit_read_valid_data(ocirc, rh->length);
2047 log_info(domain,
2048 "resolved cell on circ %u valid on half-closed "
2049 "stream id %d", ocirc->global_identifier, rh->stream_id);
2050 return 0;
2051 }
2052 }
2053
2054 log_info(domain,
2055 "'resolved' received, no conn attached anymore. Ignoring.");
2056 return 0;
2057 case RELAY_COMMAND_ESTABLISH_INTRO:
2058 case RELAY_COMMAND_ESTABLISH_RENDEZVOUS:
2059 case RELAY_COMMAND_INTRODUCE1:
2060 case RELAY_COMMAND_INTRODUCE2:
2061 case RELAY_COMMAND_INTRODUCE_ACK:
2062 case RELAY_COMMAND_RENDEZVOUS1:
2063 case RELAY_COMMAND_RENDEZVOUS2:
2064 case RELAY_COMMAND_INTRO_ESTABLISHED:
2065 case RELAY_COMMAND_RENDEZVOUS_ESTABLISHED:
2066 rend_process_relay_cell(circ, layer_hint,
2067 rh->command, rh->length,
2069 return 0;
2070 }
2071 log_fn(LOG_PROTOCOL_WARN, LD_PROTOCOL,
2072 "Received unknown relay command %d. Perhaps the other side is using "
2073 "a newer version of Tor? Dropping.",
2074 rh->command);
2075 return 0; /* for forward compatibility, don't kill the circuit */
2076}
2077
2078/** An incoming relay cell has arrived on circuit <b>circ</b>. If
2079 * <b>conn</b> is NULL this is a control cell, else <b>cell</b> is
2080 * destined for <b>conn</b>.
2081 *
2082 * If <b>layer_hint</b> is defined, then we're the origin of the
2083 * circuit, and it specifies the hop that packaged <b>cell</b>.
2084 *
2085 * Return -reason if you want to warn and tear down the circuit, else 0.
2086 */
2087STATIC int
2089 edge_connection_t *conn,
2090 crypt_path_t *layer_hint)
2091{
2092 static int num_seen=0;
2093 relay_header_t rh;
2094 unsigned domain = layer_hint?LD_APP:LD_EXIT;
2095
2096 tor_assert(cell);
2097 tor_assert(circ);
2098
2099 relay_header_unpack(&rh, cell->payload);
2100// log_fn(LOG_DEBUG,"command %d stream %d", rh.command, rh.stream_id);
2101 num_seen++;
2102 log_debug(domain, "Now seen %d relay cells here (command %d, stream %d).",
2103 num_seen, rh.command, rh.stream_id);
2104
2105 if (rh.length > RELAY_PAYLOAD_SIZE) {
2106 log_fn(LOG_PROTOCOL_WARN, LD_PROTOCOL,
2107 "Relay cell length field too long. Closing circuit.");
2108 return - END_CIRC_REASON_TORPROTOCOL;
2109 }
2110
2111 if (rh.stream_id == 0) {
2112 switch (rh.command) {
2113 case RELAY_COMMAND_BEGIN:
2114 case RELAY_COMMAND_CONNECTED:
2115 case RELAY_COMMAND_END:
2116 case RELAY_COMMAND_RESOLVE:
2117 case RELAY_COMMAND_RESOLVED:
2118 case RELAY_COMMAND_BEGIN_DIR:
2119 log_fn(LOG_PROTOCOL_WARN, LD_PROTOCOL, "Relay command %d with zero "
2120 "stream_id. Dropping.", (int)rh.command);
2121 return 0;
2122 default:
2123 ;
2124 }
2125 }
2126
2127 /* Regardless of conflux or not, we always decide to send a SENDME
2128 * for RELAY_DATA immediately
2129 */
2130 if (rh.command == RELAY_COMMAND_DATA) {
2131 /* Update our circuit-level deliver window that we received a DATA cell.
2132 * If the deliver window goes below 0, we end the circuit and stream due
2133 * to a protocol failure. */
2134 if (sendme_circuit_data_received(circ, layer_hint) < 0) {
2135 log_fn(LOG_PROTOCOL_WARN, LD_PROTOCOL,
2136 "(relay data) circ deliver_window below 0. Killing.");
2137 connection_edge_end_close(conn, END_STREAM_REASON_TORPROTOCOL);
2138 return -END_CIRC_REASON_TORPROTOCOL;
2139 }
2140
2141 /* Consider sending a circuit-level SENDME cell. */
2142 sendme_circuit_consider_sending(circ, layer_hint);
2143
2144 /* Continue on to process the data cell via conflux or not */
2145 }
2146
2147 /* Conflux handling: If conflux is disabled, or the relay command is not
2148 * multiplexed across circuits, then process it immediately.
2149 *
2150 * Otherwise, we need to process the relay cell against our conflux
2151 * queues, and if doing so results in ordered cells to deliver, we
2152 * dequeue and process those in-order until there are no more.
2153 */
2154 if (!circ->conflux || !conflux_should_multiplex(rh.command)) {
2155 return connection_edge_process_ordered_relay_cell(cell, circ, conn,
2156 layer_hint, &rh);
2157 } else {
2158 // If conflux says this cell is in-order, then begin processing
2159 // cells from queue until there are none. Otherwise, we do nothing
2160 // until further cells arrive.
2161 if (conflux_process_cell(circ->conflux, circ, layer_hint, cell)) {
2162 conflux_cell_t *c_cell = NULL;
2163 int ret = 0;
2164
2165 /* First, process this cell */
2166 if ((ret = connection_edge_process_ordered_relay_cell(cell, circ, conn,
2167 layer_hint, &rh)) < 0) {
2168 return ret;
2169 }
2170
2171 /* Now, check queue for more */
2172 while ((c_cell = conflux_dequeue_cell(circ->conflux))) {
2173 relay_header_unpack(&rh, c_cell->cell.payload);
2174 conn = relay_lookup_conn(circ, &c_cell->cell, CELL_DIRECTION_OUT,
2175 layer_hint);
2177 circ, conn, layer_hint,
2178 &rh)) < 0) {
2179 /* Negative return value is a fatal error. Return early and tear down
2180 * circuit */
2181 tor_free(c_cell);
2182 return ret;
2183 }
2184 tor_free(c_cell);
2185 }
2186 }
2187 }
2188
2189 return 0;
2190}
2191
2192/**
2193 * Helper function to process a relay cell that is in the proper order
2194 * for processing right now. */
2195static int
2197 edge_connection_t *conn,
2198 crypt_path_t *layer_hint,
2199 relay_header_t *rh)
2200{
2201 int optimistic_data = 0; /* Set to 1 if we receive data on a stream
2202 * that's in the EXIT_CONN_STATE_RESOLVING
2203 * or EXIT_CONN_STATE_CONNECTING states. */
2204
2205 /* Tell circpad that we've received a recognized cell */
2207
2208 /* either conn is NULL, in which case we've got a control cell, or else
2209 * conn points to the recognized stream. */
2210 if (conn && !connection_state_is_open(TO_CONN(conn))) {
2211 if (conn->base_.type == CONN_TYPE_EXIT &&
2212 (conn->base_.state == EXIT_CONN_STATE_CONNECTING ||
2213 conn->base_.state == EXIT_CONN_STATE_RESOLVING) &&
2214 rh->command == RELAY_COMMAND_DATA) {
2215 /* Allow DATA cells to be delivered to an exit node in state
2216 * EXIT_CONN_STATE_CONNECTING or EXIT_CONN_STATE_RESOLVING.
2217 * This speeds up HTTP, for example. */
2218 optimistic_data = 1;
2219 } else if (rh->stream_id == 0 && rh->command == RELAY_COMMAND_DATA) {
2220 log_warn(LD_BUG, "Somehow I had a connection that matched a "
2221 "data cell with stream ID 0.");
2222 } else {
2224 rh, cell, circ, conn, layer_hint);
2225 }
2226 }
2227
2228 return handle_relay_cell_command(cell, circ, conn, layer_hint,
2229 rh, optimistic_data);
2230}
2231
2232/** How many relay_data cells have we built, ever? */
2234/** How many bytes of data have we put in relay_data cells have we built,
2235 * ever? This would be RELAY_PAYLOAD_SIZE*stats_n_data_cells_packaged if
2236 * every relay cell we ever sent were completely full of data. */
2238/** How many relay_data cells have we received, ever? */
2240/** How many bytes of data have we received relay_data cells, ever? This would
2241 * be RELAY_PAYLOAD_SIZE*stats_n_data_cells_packaged if every relay cell we
2242 * ever received were completely full of data. */
2244
2245/**
2246 * Called when initializing a circuit, or when we have reached the end of the
2247 * window in which we need to send some randomness so that incoming sendme
2248 * cells will be unpredictable. Resets the flags and picks a new window.
2249 */
2250void
2252{
2254 // XXX: do we need to change this check for congestion control?
2257}
2258
2259/**
2260 * Any relay data payload containing fewer than this many real bytes is
2261 * considered to have enough randomness to.
2262 **/
2263#define RELAY_PAYLOAD_LENGTH_FOR_RANDOM_SENDMES \
2264 (RELAY_PAYLOAD_SIZE - CELL_PADDING_GAP - 16)
2265
2266/**
2267 * Helper. Return the number of bytes that should be put into a cell from a
2268 * given edge connection on which <b>n_available</b> bytes are available.
2269 */
2270STATIC size_t
2272 int package_partial,
2273 circuit_t *on_circuit)
2274{
2275 if (!n_available)
2276 return 0;
2277
2278 /* Do we need to force this payload to have space for randomness? */
2279 const bool force_random_bytes =
2280 (on_circuit->send_randomness_after_n_cells == 0) &&
2281 (! on_circuit->have_sent_sufficiently_random_cell);
2282
2283 /* At most how much would we like to send in this cell? */
2284 size_t target_length;
2285 if (force_random_bytes) {
2287 } else {
2288 target_length = RELAY_PAYLOAD_SIZE;
2289 }
2290
2291 /* Decide how many bytes we will actually put into this cell. */
2292 size_t package_length;
2293 if (n_available >= target_length) { /* A full payload is available. */
2294 package_length = target_length;
2295 } else { /* not a full payload available */
2296 if (package_partial)
2297 package_length = n_available; /* just take whatever's available now */
2298 else
2299 return 0; /* nothing to do until we have a full payload */
2300 }
2301
2302 /* If we reach this point, we will be definitely sending the cell. */
2303 tor_assert_nonfatal(package_length > 0);
2304
2305 if (package_length <= RELAY_PAYLOAD_LENGTH_FOR_RANDOM_SENDMES) {
2306 /* This cell will have enough randomness in the padding to make a future
2307 * sendme cell unpredictable. */
2308 on_circuit->have_sent_sufficiently_random_cell = 1;
2309 }
2310
2311 if (on_circuit->send_randomness_after_n_cells == 0) {
2312 /* Either this cell, or some previous cell, had enough padding to
2313 * ensure sendme unpredictability. */
2314 tor_assert_nonfatal(on_circuit->have_sent_sufficiently_random_cell);
2315 /* Pick a new interval in which we need to send randomness. */
2317 }
2318
2319 --on_circuit->send_randomness_after_n_cells;
2320
2321 return package_length;
2322}
2323
2324/** If <b>conn</b> has an entire relay payload of bytes on its inbuf (or
2325 * <b>package_partial</b> is true), and the appropriate package windows aren't
2326 * empty, grab a cell and send it down the circuit.
2327 *
2328 * If *<b>max_cells</b> is given, package no more than max_cells. Decrement
2329 * *<b>max_cells</b> by the number of cells packaged.
2330 *
2331 * Return -1 (and send a RELAY_COMMAND_END cell if necessary) if conn should
2332 * be marked for close, else return 0.
2333 */
2334int
2336 int *max_cells)
2337{
2338 size_t bytes_to_process, length;
2339 char payload[CELL_PAYLOAD_SIZE];
2340 circuit_t *circ;
2341 const unsigned domain = conn->base_.type == CONN_TYPE_AP ? LD_APP : LD_EXIT;
2342 int sending_from_optimistic = 0;
2343 entry_connection_t *entry_conn =
2344 conn->base_.type == CONN_TYPE_AP ? EDGE_TO_ENTRY_CONN(conn) : NULL;
2345 const int sending_optimistically =
2346 entry_conn &&
2347 conn->base_.type == CONN_TYPE_AP &&
2348 conn->base_.state != AP_CONN_STATE_OPEN;
2349 crypt_path_t *cpath_layer = conn->cpath_layer;
2350
2351 tor_assert(conn);
2352
2353 if (BUG(conn->base_.marked_for_close)) {
2354 log_warn(LD_BUG,
2355 "called on conn that's already marked for close at %s:%d.",
2356 conn->base_.marked_for_close_file, conn->base_.marked_for_close);
2357 return 0;
2358 }
2359
2360 if (max_cells && *max_cells <= 0)
2361 return 0;
2362
2363 repeat_connection_edge_package_raw_inbuf:
2364
2365 circ = circuit_get_by_edge_conn(conn);
2366 if (!circ) {
2367 log_info(domain,"conn has no circuit! Closing.");
2369 return -1;
2370 }
2371
2372 if (circuit_consider_stop_edge_reading(circ, cpath_layer))
2373 return 0;
2374
2375 if (conn->package_window <= 0) {
2376 log_info(domain,"called with package_window %d. Skipping.",
2377 conn->package_window);
2379 return 0;
2380 }
2381
2382 sending_from_optimistic = entry_conn &&
2383 entry_conn->sending_optimistic_data != NULL;
2384
2385 if (PREDICT_UNLIKELY(sending_from_optimistic)) {
2386 bytes_to_process = buf_datalen(entry_conn->sending_optimistic_data);
2387 if (PREDICT_UNLIKELY(!bytes_to_process)) {
2388 log_warn(LD_BUG, "sending_optimistic_data was non-NULL but empty");
2389 bytes_to_process = connection_get_inbuf_len(TO_CONN(conn));
2390 sending_from_optimistic = 0;
2391 }
2392 } else {
2393 bytes_to_process = connection_get_inbuf_len(TO_CONN(conn));
2394 }
2395
2396 length = connection_edge_get_inbuf_bytes_to_package(bytes_to_process,
2397 package_partial, circ);
2398 if (!length)
2399 return 0;
2400
2401 /* If we reach this point, we will definitely be packaging bytes into
2402 * a cell. */
2403
2406
2407 if (PREDICT_UNLIKELY(sending_from_optimistic)) {
2408 /* XXXX We could be more efficient here by sometimes packing
2409 * previously-sent optimistic data in the same cell with data
2410 * from the inbuf. */
2411 buf_get_bytes(entry_conn->sending_optimistic_data, payload, length);
2412 if (!buf_datalen(entry_conn->sending_optimistic_data)) {
2413 buf_free(entry_conn->sending_optimistic_data);
2414 entry_conn->sending_optimistic_data = NULL;
2415 }
2416 } else {
2417 connection_buf_get_bytes(payload, length, TO_CONN(conn));
2418 }
2419
2420 log_debug(domain,TOR_SOCKET_T_FORMAT": Packaging %d bytes (%d waiting).",
2421 conn->base_.s,
2422 (int)length, (int)connection_get_inbuf_len(TO_CONN(conn)));
2423
2424 if (sending_optimistically && !sending_from_optimistic) {
2425 /* This is new optimistic data; remember it in case we need to detach and
2426 retry */
2427 if (!entry_conn->pending_optimistic_data)
2428 entry_conn->pending_optimistic_data = buf_new();
2429 buf_add(entry_conn->pending_optimistic_data, payload, length);
2430 }
2431
2432 /* Send a data cell. This handles the circuit package window. */
2433 if (connection_edge_send_command(conn, RELAY_COMMAND_DATA,
2434 payload, length) < 0 ) {
2435 /* circuit got marked for close, don't continue, don't need to mark conn */
2436 return 0;
2437 }
2438
2439 /* Handle the stream-level SENDME package window. */
2440 if (sendme_note_stream_data_packaged(conn, length) < 0) {
2442 log_debug(domain,"conn->package_window reached 0.");
2443 circuit_consider_stop_edge_reading(circ, cpath_layer);
2444 return 0; /* don't process the inbuf any more */
2445 }
2446 log_debug(domain,"conn->package_window is now %d",conn->package_window);
2447
2448 if (max_cells) {
2449 *max_cells -= 1;
2450 if (*max_cells <= 0)
2451 return 0;
2452 }
2453
2454 /* handle more if there's more, or return 0 if there isn't */
2455 goto repeat_connection_edge_package_raw_inbuf;
2456}
2457
2458/** The circuit <b>circ</b> has received a circuit-level sendme
2459 * (on hop <b>layer_hint</b>, if we're the OP). Go through all the
2460 * attached streams and let them resume reading and packaging, if
2461 * their stream windows allow it.
2462 */
2463static void
2465{
2467 log_debug(layer_hint?LD_APP:LD_EXIT,"Too big queue, no resuming");
2468 return;
2469 }
2470
2471 /* If we have a conflux negotiated, and it still can't send on
2472 * any circuit, then do not resume sending. */
2473 if (circ->conflux && !conflux_can_send(circ->conflux)) {
2474 log_debug(layer_hint?LD_APP:LD_EXIT,
2475 "Conflux can't send, not resuming edges");
2476 return;
2477 }
2478
2479 log_debug(layer_hint?LD_APP:LD_EXIT,"resuming");
2480
2481 if (CIRCUIT_IS_ORIGIN(circ))
2483 circ, layer_hint);
2484 else
2486 circ, layer_hint);
2487}
2488
2489/** A helper function for circuit_resume_edge_reading() above.
2490 * The arguments are the same, except that <b>conn</b> is the head
2491 * of a linked list of edge streams that should each be considered.
2492 */
2493static int
2495 circuit_t *circ,
2496 crypt_path_t *layer_hint)
2497{
2498 edge_connection_t *conn;
2499 int n_packaging_streams, n_streams_left;
2500 int packaged_this_round;
2501 int cells_on_queue;
2502 int cells_per_conn;
2503 edge_connection_t *chosen_stream = NULL;
2504 int max_to_package;
2505
2506 if (first_conn == NULL) {
2507 /* Don't bother to try to do the rest of this if there are no connections
2508 * to resume. */
2509 return 0;
2510 }
2511
2512 /* Once we used to start listening on the streams in the order they
2513 * appeared in the linked list. That leads to starvation on the
2514 * streams that appeared later on the list, since the first streams
2515 * would always get to read first. Instead, we just pick a random
2516 * stream on the list, and enable reading for streams starting at that
2517 * point (and wrapping around as if the list were circular). It would
2518 * probably be better to actually remember which streams we've
2519 * serviced in the past, but this is simple and effective. */
2520
2521 /* Select a stream uniformly at random from the linked list. We
2522 * don't need cryptographic randomness here. */
2523 {
2524 int num_streams = 0;
2525 for (conn = first_conn; conn; conn = conn->next_stream) {
2526 num_streams++;
2527
2528 if (crypto_fast_rng_one_in_n(get_thread_fast_rng(), num_streams)) {
2529 chosen_stream = conn;
2530 }
2531 /* Invariant: chosen_stream has been chosen uniformly at random from
2532 * among the first num_streams streams on first_conn.
2533 *
2534 * (Note that we iterate over every stream on the circuit, so that after
2535 * we've considered the first stream, we've chosen it with P=1; and
2536 * after we consider the second stream, we've switched to it with P=1/2
2537 * and stayed with the first stream with P=1/2; and after we've
2538 * considered the third stream, we've switched to it with P=1/3 and
2539 * remained with one of the first two streams with P=(2/3), giving each
2540 * one P=(1/2)(2/3) )=(1/3).) */
2541 }
2542 }
2543
2544 /* Count how many non-marked streams there are that have anything on
2545 * their inbuf, and enable reading on all of the connections. */
2546 n_packaging_streams = 0;
2547 /* Activate reading starting from the chosen stream */
2548 for (conn=chosen_stream; conn; conn = conn->next_stream) {
2549 /* Start reading for the streams starting from here */
2550 if (conn->base_.marked_for_close || conn->package_window <= 0)
2551 continue;
2552
2553 if (edge_uses_cpath(conn, layer_hint)) {
2554 if (!conn->xoff_received) {
2556 }
2557
2558 if (connection_get_inbuf_len(TO_CONN(conn)) > 0)
2559 ++n_packaging_streams;
2560 }
2561 }
2562 /* Go back and do the ones we skipped, circular-style */
2563 for (conn = first_conn; conn != chosen_stream; conn = conn->next_stream) {
2564 if (conn->base_.marked_for_close || conn->package_window <= 0)
2565 continue;
2566
2567 if (edge_uses_cpath(conn, layer_hint)) {
2568 if (!conn->xoff_received) {
2570 }
2571
2572 if (connection_get_inbuf_len(TO_CONN(conn)) > 0)
2573 ++n_packaging_streams;
2574 }
2575 }
2576
2577 if (n_packaging_streams == 0) /* avoid divide-by-zero */
2578 return 0;
2579
2580 again:
2581
2582 /* If we're using conflux, the circuit we decide to send on may change
2583 * after we're sending. Get it again, and re-check package windows
2584 * for it */
2585 if (circ->conflux) {
2586 if (circuit_consider_stop_edge_reading(circ, layer_hint))
2587 return -1;
2588
2589 circ = conflux_decide_next_circ(circ->conflux);
2590
2591 /* Get the destination layer hint for this circuit */
2592 layer_hint = conflux_get_destination_hop(circ);
2593 }
2594
2595 /* How many cells do we have space for? It will be the minimum of
2596 * the number needed to exhaust the package window, and the minimum
2597 * needed to fill the cell queue. */
2598 max_to_package = congestion_control_get_package_window(circ, layer_hint);
2599 if (CIRCUIT_IS_ORIGIN(circ)) {
2600 cells_on_queue = circ->n_chan_cells.n;
2601 } else {
2602 or_circuit_t *or_circ = TO_OR_CIRCUIT(circ);
2603 cells_on_queue = or_circ->p_chan_cells.n;
2604 }
2605 if (cell_queue_highwatermark() - cells_on_queue < max_to_package)
2606 max_to_package = cell_queue_highwatermark() - cells_on_queue;
2607
2608 cells_per_conn = CEIL_DIV(max_to_package, n_packaging_streams);
2609
2610 packaged_this_round = 0;
2611 n_streams_left = 0;
2612
2613 /* Iterate over all connections. Package up to cells_per_conn cells on
2614 * each. Update packaged_this_round with the total number of cells
2615 * packaged, and n_streams_left with the number that still have data to
2616 * package.
2617 */
2618 for (conn=first_conn; conn; conn=conn->next_stream) {
2619 if (conn->base_.marked_for_close || conn->package_window <= 0)
2620 continue;
2621 if (edge_uses_cpath(conn, layer_hint)) {
2622 int n = cells_per_conn, r;
2623 /* handle whatever might still be on the inbuf */
2624 r = connection_edge_package_raw_inbuf(conn, 1, &n);
2625
2626 /* Note how many we packaged */
2627 packaged_this_round += (cells_per_conn-n);
2628
2629 if (r<0) {
2630 /* Problem while packaging. (We already sent an end cell if
2631 * possible) */
2632 connection_mark_for_close(TO_CONN(conn));
2633 continue;
2634 }
2635
2636 /* If there's still data to read, we'll be coming back to this stream. */
2637 if (connection_get_inbuf_len(TO_CONN(conn)))
2638 ++n_streams_left;
2639
2640 /* If the circuit won't accept any more data, return without looking
2641 * at any more of the streams. Any connections that should be stopped
2642 * have already been stopped by connection_edge_package_raw_inbuf. */
2643 if (circuit_consider_stop_edge_reading(circ, layer_hint))
2644 return -1;
2645 /* XXXX should we also stop immediately if we fill up the cell queue?
2646 * Probably. */
2647 }
2648 }
2649
2650 /* If we made progress, and we are willing to package more, and there are
2651 * any streams left that want to package stuff... try again!
2652 */
2653 if (packaged_this_round && packaged_this_round < max_to_package &&
2654 n_streams_left) {
2655 n_packaging_streams = n_streams_left;
2656 goto again;
2657 }
2658
2659 return 0;
2660}
2661
2662/** Check if the package window for <b>circ</b> is empty (at
2663 * hop <b>layer_hint</b> if it's defined).
2664 *
2665 * If yes, tell edge streams to stop reading and return 1.
2666 * Else return 0.
2667 */
2668static int
2670{
2671 edge_connection_t *conn = NULL;
2672 unsigned domain = layer_hint ? LD_APP : LD_EXIT;
2673
2674 if (!layer_hint) {
2675 or_circuit_t *or_circ = TO_OR_CIRCUIT(circ);
2676 log_debug(domain,"considering circ->package_window %d",
2677 circ->package_window);
2678 if (circuit_get_package_window(circ, layer_hint) <= 0) {
2679 log_debug(domain,"yes, not-at-origin. stopped.");
2680 for (conn = or_circ->n_streams; conn; conn=conn->next_stream)
2682 return 1;
2683 }
2684 return 0;
2685 }
2686 /* else, layer hint is defined, use it */
2687 log_debug(domain,"considering layer_hint->package_window %d",
2688 layer_hint->package_window);
2689 if (circuit_get_package_window(circ, layer_hint) <= 0) {
2690 log_debug(domain,"yes, at-origin. stopped.");
2691 for (conn = TO_ORIGIN_CIRCUIT(circ)->p_streams; conn;
2692 conn=conn->next_stream) {
2693 if (edge_uses_cpath(conn, layer_hint))
2695 }
2696 return 1;
2697 }
2698 return 0;
2699}
2700
2701/** The total number of cells we have allocated. */
2702static size_t total_cells_allocated = 0;
2703
2704/** Release storage held by <b>cell</b>. */
2705static inline void
2707{
2709 tor_free(cell);
2710}
2711
2712/** Allocate and return a new packed_cell_t. */
2715{
2717 return tor_malloc_zero(sizeof(packed_cell_t));
2718}
2719
2720/** Return a packed cell used outside by channel_t lower layer */
2721void
2723{
2724 if (!cell)
2725 return;
2727}
2728
2729/** Log current statistics for cell pool allocation at log level
2730 * <b>severity</b>. */
2731void
2733{
2734 int n_circs = 0;
2735 int n_cells = 0;
2737 n_cells += c->n_chan_cells.n;
2738 if (!CIRCUIT_IS_ORIGIN(c))
2739 n_cells += TO_OR_CIRCUIT(c)->p_chan_cells.n;
2740 ++n_circs;
2741 }
2742 SMARTLIST_FOREACH_END(c);
2743 tor_log(severity, LD_MM,
2744 "%d cells allocated on %d circuits. %d cells leaked.",
2745 n_cells, n_circs, (int)total_cells_allocated - n_cells);
2746}
2747
2748/** Allocate a new copy of packed <b>cell</b>. */
2749static inline packed_cell_t *
2750packed_cell_copy(const cell_t *cell, int wide_circ_ids)
2751{
2753 cell_pack(c, cell, wide_circ_ids);
2754 return c;
2755}
2756
2757/** Append <b>cell</b> to the end of <b>queue</b>. */
2758void
2760{
2761 TOR_SIMPLEQ_INSERT_TAIL(&queue->head, cell, next);
2762 ++queue->n;
2763}
2764
2765/** Append a newly allocated copy of <b>cell</b> to the end of the
2766 * <b>exitward</b> (or app-ward) <b>queue</b> of <b>circ</b>. If
2767 * <b>use_stats</b> is true, record statistics about the cell.
2768 */
2769void
2771 int exitward, const cell_t *cell,
2772 int wide_circ_ids, int use_stats)
2773{
2774 packed_cell_t *copy = packed_cell_copy(cell, wide_circ_ids);
2775 (void)circ;
2776 (void)exitward;
2777 (void)use_stats;
2778
2780
2781 cell_queue_append(queue, copy);
2782}
2783
2784/** Initialize <b>queue</b> as an empty cell queue. */
2785void
2787{
2788 memset(queue, 0, sizeof(cell_queue_t));
2789 TOR_SIMPLEQ_INIT(&queue->head);
2790}
2791
2792/** Remove and free every cell in <b>queue</b>. */
2793void
2795{
2796 packed_cell_t *cell;
2797 while ((cell = TOR_SIMPLEQ_FIRST(&queue->head))) {
2798 TOR_SIMPLEQ_REMOVE_HEAD(&queue->head, next);
2800 }
2801 TOR_SIMPLEQ_INIT(&queue->head);
2802 queue->n = 0;
2803}
2804
2805/** Extract and return the cell at the head of <b>queue</b>; return NULL if
2806 * <b>queue</b> is empty. */
2809{
2810 packed_cell_t *cell = TOR_SIMPLEQ_FIRST(&queue->head);
2811 if (!cell)
2812 return NULL;
2813 TOR_SIMPLEQ_REMOVE_HEAD(&queue->head, next);
2814 --queue->n;
2815 return cell;
2816}
2817
2818/** Initialize <b>queue</b> as an empty cell queue. */
2819void
2821{
2822 memset(queue, 0, sizeof(destroy_cell_queue_t));
2823 TOR_SIMPLEQ_INIT(&queue->head);
2824}
2825
2826/** Remove and free every cell in <b>queue</b>. */
2827void
2829{
2830 destroy_cell_t *cell;
2831 while ((cell = TOR_SIMPLEQ_FIRST(&queue->head))) {
2832 TOR_SIMPLEQ_REMOVE_HEAD(&queue->head, next);
2833 tor_free(cell);
2834 }
2835 TOR_SIMPLEQ_INIT(&queue->head);
2836 queue->n = 0;
2837}
2838
2839/** Extract and return the cell at the head of <b>queue</b>; return NULL if
2840 * <b>queue</b> is empty. */
2843{
2844 destroy_cell_t *cell = TOR_SIMPLEQ_FIRST(&queue->head);
2845 if (!cell)
2846 return NULL;
2847 TOR_SIMPLEQ_REMOVE_HEAD(&queue->head, next);
2848 --queue->n;
2849 return cell;
2850}
2851
2852/** Append a destroy cell for <b>circid</b> to <b>queue</b>. */
2853void
2855 circid_t circid,
2856 uint8_t reason)
2857{
2858 destroy_cell_t *cell = tor_malloc_zero(sizeof(destroy_cell_t));
2859 cell->circid = circid;
2860 cell->reason = reason;
2861 /* Not yet used, but will be required for OOM handling. */
2863
2864 TOR_SIMPLEQ_INSERT_TAIL(&queue->head, cell, next);
2865 ++queue->n;
2866}
2867
2868/** Convert a destroy_cell_t to a newly allocated cell_t. Frees its input. */
2869static packed_cell_t *
2871{
2872 packed_cell_t *packed = packed_cell_new();
2873 cell_t cell;
2874 memset(&cell, 0, sizeof(cell));
2875 cell.circ_id = inp->circid;
2876 cell.command = CELL_DESTROY;
2877 cell.payload[0] = inp->reason;
2878 cell_pack(packed, &cell, wide_circ_ids);
2879
2880 tor_free(inp);
2881 return packed;
2882}
2883
2884/** Return the total number of bytes used for each packed_cell in a queue.
2885 * Approximate. */
2886size_t
2888{
2889 return sizeof(packed_cell_t);
2890}
2891
2892/* DOCDOC */
2893size_t
2894cell_queues_get_total_allocation(void)
2895{
2897}
2898
2899/** How long after we've been low on memory should we try to conserve it? */
2900#define MEMORY_PRESSURE_INTERVAL (30*60)
2901
2902/** The time at which we were last low on memory. */
2904
2905/** Statistics on how many bytes were removed by the OOM per type. */
2907uint64_t oom_stats_n_bytes_removed_cell = 0;
2908uint64_t oom_stats_n_bytes_removed_geoip = 0;
2909uint64_t oom_stats_n_bytes_removed_hsdir = 0;
2910
2911/** Check whether we've got too much space used for cells. If so,
2912 * call the OOM handler and return 1. Otherwise, return 0. */
2913STATIC int
2915{
2916 size_t removed = 0;
2917 time_t now = time(NULL);
2918 size_t alloc = cell_queues_get_total_allocation();
2920 alloc += buf_get_total_allocation();
2922 const size_t hs_cache_total = hs_cache_get_total_allocation();
2923 alloc += hs_cache_total;
2924 const size_t geoip_client_cache_total =
2925 geoip_client_cache_total_allocation();
2926 alloc += geoip_client_cache_total;
2927 const size_t dns_cache_total = dns_cache_total_allocation();
2928 alloc += dns_cache_total;
2929 const size_t conflux_total = conflux_get_total_bytes_allocation();
2930 alloc += conflux_total;
2931 if (alloc >= get_options()->MaxMemInQueues_low_threshold) {
2933 if (alloc >= get_options()->MaxMemInQueues) {
2934 /* Note this overload down */
2935 rep_hist_note_overload(OVERLOAD_GENERAL);
2936
2937 /* If we're spending over 20% of the memory limit on hidden service
2938 * descriptors, free them until we're down to 10%. Do the same for geoip
2939 * client cache. */
2940 if (hs_cache_total > get_options()->MaxMemInQueues / 5) {
2941 const size_t bytes_to_remove =
2942 hs_cache_total - (size_t)(get_options()->MaxMemInQueues / 10);
2943 removed = hs_cache_handle_oom(now, bytes_to_remove);
2944 oom_stats_n_bytes_removed_hsdir += removed;
2945 alloc -= removed;
2946 }
2947 if (geoip_client_cache_total > get_options()->MaxMemInQueues / 5) {
2948 const size_t bytes_to_remove =
2949 geoip_client_cache_total -
2950 (size_t)(get_options()->MaxMemInQueues / 10);
2951 removed = geoip_client_cache_handle_oom(now, bytes_to_remove);
2952 oom_stats_n_bytes_removed_geoip += removed;
2953 alloc -= removed;
2954 }
2955 if (dns_cache_total > get_options()->MaxMemInQueues / 5) {
2956 const size_t bytes_to_remove =
2957 dns_cache_total - (size_t)(get_options()->MaxMemInQueues / 10);
2958 removed = dns_cache_handle_oom(now, bytes_to_remove);
2960 alloc -= removed;
2961 }
2962 /* Like onion service above, try to go down to 10% if we are above 20% */
2963 if (conflux_total > get_options()->MaxMemInQueues / 5) {
2964 const size_t bytes_to_remove =
2965 conflux_total - (size_t)(get_options()->MaxMemInQueues / 10);
2966 removed = conflux_handle_oom(bytes_to_remove);
2967 oom_stats_n_bytes_removed_cell += removed;
2968 alloc -= removed;
2969 }
2970 removed = circuits_handle_oom(alloc);
2971 oom_stats_n_bytes_removed_cell += removed;
2972 return 1;
2973 }
2974 }
2975 return 0;
2976}
2977
2978/** Return true if we've been under memory pressure in the last
2979 * MEMORY_PRESSURE_INTERVAL seconds. */
2980int
2982{
2984 < approx_time();
2985}
2986
2987/**
2988 * Update the number of cells available on the circuit's n_chan or p_chan's
2989 * circuit mux.
2990 */
2991void
2993 const char *file, int lineno)
2994{
2995 channel_t *chan = NULL;
2996 or_circuit_t *or_circ = NULL;
2997 circuitmux_t *cmux = NULL;
2998
2999 tor_assert(circ);
3000
3001 /* Okay, get the channel */
3002 if (direction == CELL_DIRECTION_OUT) {
3003 chan = circ->n_chan;
3004 } else {
3005 or_circ = TO_OR_CIRCUIT(circ);
3006 chan = or_circ->p_chan;
3007 }
3008
3009 tor_assert(chan);
3010 tor_assert(chan->cmux);
3011
3012 /* Now get the cmux */
3013 cmux = chan->cmux;
3014
3015 /* Cmux sanity check */
3016 if (! circuitmux_is_circuit_attached(cmux, circ)) {
3017 log_warn(LD_BUG, "called on non-attached circuit from %s:%d",
3018 file, lineno);
3019 return;
3020 }
3021 tor_assert(circuitmux_attached_circuit_direction(cmux, circ) == direction);
3022
3023 /* Update the number of cells we have for the circuit mux */
3024 if (direction == CELL_DIRECTION_OUT) {
3025 circuitmux_set_num_cells(cmux, circ, circ->n_chan_cells.n);
3026 } else {
3027 circuitmux_set_num_cells(cmux, circ, or_circ->p_chan_cells.n);
3028 }
3029}
3030
3031/** Remove all circuits from the cmux on <b>chan</b>.
3032 *
3033 * If <b>circuits_out</b> is non-NULL, add all detached circuits to
3034 * <b>circuits_out</b>.
3035 **/
3036void
3038{
3039 tor_assert(chan);
3040 tor_assert(chan->cmux);
3041
3042 circuitmux_detach_all_circuits(chan->cmux, circuits_out);
3043 chan->num_n_circuits = 0;
3044 chan->num_p_circuits = 0;
3045}
3046
3047/**
3048 * Called when a circuit becomes blocked or unblocked due to the channel
3049 * cell queue.
3050 *
3051 * Block (if <b>block</b> is true) or unblock (if <b>block</b> is false)
3052 * every edge connection that is using <b>circ</b> to write to <b>chan</b>,
3053 * and start or stop reading as appropriate.
3054 */
3055static void
3057{
3058 edge_connection_t *edge = NULL;
3059 if (circ->n_chan == chan) {
3060 circ->circuit_blocked_on_n_chan = block;
3061 if (CIRCUIT_IS_ORIGIN(circ))
3062 edge = TO_ORIGIN_CIRCUIT(circ)->p_streams;
3063 } else {
3064 circ->circuit_blocked_on_p_chan = block;
3066 edge = TO_OR_CIRCUIT(circ)->n_streams;
3067 }
3068
3069 set_block_state_for_streams(circ, edge, block, 0);
3070}
3071
3072/**
3073 * Helper function to block or unblock streams in a stream list.
3074 *
3075 * If <b>stream_id</b> is 0, apply the <b>block</b> state to all streams
3076 * in the stream list. If it is non-zero, only apply to that specific stream.
3077 */
3078static void
3080 int block, streamid_t stream_id)
3081{
3082 /* If we have a conflux object, we need to examine its status before
3083 * blocking and unblocking streams. */
3084 if (circ->conflux) {
3085 bool can_send = conflux_can_send(circ->conflux);
3086
3087 if (block && can_send) {
3088 /* Don't actually block streams, since conflux can send*/
3089 return;
3090 } else if (!block && !can_send) {
3091 /* Don't actually unblock streams, since conflux still can't send */
3092 return;
3093 }
3094 }
3095
3096 for (edge_connection_t *edge = stream_list; edge; edge = edge->next_stream) {
3097 connection_t *conn = TO_CONN(edge);
3098 if (stream_id && edge->stream_id != stream_id)
3099 continue;
3100
3101 if (!conn->read_event || edge->xoff_received ||
3102 conn->marked_for_close) {
3103 /* This connection should not start or stop reading. */
3104 continue;
3105 }
3106
3107 if (block) {
3108 if (connection_is_reading(conn))
3110 } else {
3111 /* Is this right? */
3112 if (!connection_is_reading(conn))
3114 }
3115 }
3116}
3117
3118/** Extract the command from a packed cell. */
3119uint8_t
3120packed_cell_get_command(const packed_cell_t *cell, int wide_circ_ids)
3121{
3122 if (wide_circ_ids) {
3123 return get_uint8(cell->body+4);
3124 } else {
3125 return get_uint8(cell->body+2);
3126 }
3127}
3128
3129/** Extract the circuit ID from a packed cell. */
3131packed_cell_get_circid(const packed_cell_t *cell, int wide_circ_ids)
3132{
3133 if (wide_circ_ids) {
3134 return ntohl(get_uint32(cell->body));
3135 } else {
3136 return ntohs(get_uint16(cell->body));
3137 }
3138}
3139
3140/** Pull as many cells as possible (but no more than <b>max</b>) from the
3141 * queue of the first active circuit on <b>chan</b>, and write them to
3142 * <b>chan</b>-&gt;outbuf. Return the number of cells written. Advance
3143 * the active circuit pointer to the next active circuit in the ring. */
3144MOCK_IMPL(int,
3146{
3147 circuitmux_t *cmux = NULL;
3148 int n_flushed = 0;
3149 cell_queue_t *queue;
3150 destroy_cell_queue_t *destroy_queue=NULL;
3151 circuit_t *circ;
3152 or_circuit_t *or_circ;
3153 int circ_blocked;
3154 packed_cell_t *cell;
3155
3156 /* Get the cmux */
3157 tor_assert(chan);
3158 tor_assert(chan->cmux);
3159 cmux = chan->cmux;
3160
3161 /* Main loop: pick a circuit, send a cell, update the cmux */
3162 while (n_flushed < max) {
3163 circ = circuitmux_get_first_active_circuit(cmux, &destroy_queue);
3164 if (destroy_queue) {
3165 destroy_cell_t *dcell;
3166 /* this code is duplicated from some of the logic below. Ugly! XXXX */
3167 /* If we are given a destroy_queue here, then it is required to be
3168 * nonempty... */
3169 tor_assert(destroy_queue->n > 0);
3170 dcell = destroy_cell_queue_pop(destroy_queue);
3171 /* ...and pop() will always yield a cell from a nonempty queue. */
3172 tor_assert(dcell);
3173 /* frees dcell */
3174 cell = destroy_cell_to_packed_cell(dcell, chan->wide_circ_ids);
3175 /* Send the DESTROY cell. It is very unlikely that this fails but just
3176 * in case, get rid of the channel. */
3177 if (channel_write_packed_cell(chan, cell) < 0) {
3178 /* The cell has been freed. */
3180 continue;
3181 }
3182 /* Update the cmux destroy counter */
3184 cell = NULL;
3185 ++n_flushed;
3186 continue;
3187 }
3188 /* If it returns NULL, no cells left to send */
3189 if (!circ) break;
3190
3191 if (circ->n_chan == chan) {
3192 queue = &circ->n_chan_cells;
3193 circ_blocked = circ->circuit_blocked_on_n_chan;
3194 } else {
3195 or_circ = TO_OR_CIRCUIT(circ);
3196 tor_assert(or_circ->p_chan == chan);
3197 queue = &TO_OR_CIRCUIT(circ)->p_chan_cells;
3198 circ_blocked = circ->circuit_blocked_on_p_chan;
3199 }
3200
3201 /* Circuitmux told us this was active, so it should have cells.
3202 *
3203 * Note: In terms of logic and coherence, this should never happen but the
3204 * cmux dragon is powerful. Reason is that when the OOM is triggered, when
3205 * cleaning up circuits, we mark them for close and then clear their cell
3206 * queues. And so, we can have a circuit considered active by the cmux
3207 * dragon but without cells. The cmux subsystem is only notified of this
3208 * when the circuit is freed which leaves a tiny window between close and
3209 * free to end up here.
3210 *
3211 * We are accepting this as an "ok" race else the changes are likely non
3212 * trivial to make the mark for close to set the num cells to 0 and change
3213 * the free functions to detach the circuit conditionally without creating
3214 * a chain effect of madness.
3215 *
3216 * The lesson here is arti will prevail and leave the cmux dragon alone. */
3217 if (queue->n == 0) {
3218 circuitmux_set_num_cells(cmux, circ, 0);
3219 if (! circ->marked_for_close)
3220 circuit_mark_for_close(circ, END_CIRC_REASON_INTERNAL);
3221 continue;
3222 }
3223
3224 tor_assert(queue->n > 0);
3225
3226 /*
3227 * Get just one cell here; once we've sent it, that can change the circuit
3228 * selection, so we have to loop around for another even if this circuit
3229 * has more than one.
3230 */
3231 cell = cell_queue_pop(queue);
3232
3233 /* Calculate the exact time that this cell has spent in the queue. */
3234 if (get_options()->CellStatistics ||
3235 get_options()->TestingEnableCellStatsEvent) {
3236 uint32_t timestamp_now = monotime_coarse_get_stamp();
3237 uint32_t msec_waiting =
3239 timestamp_now - cell->inserted_timestamp);
3240
3241 if (get_options()->CellStatistics && !CIRCUIT_IS_ORIGIN(circ)) {
3242 or_circ = TO_OR_CIRCUIT(circ);
3243 or_circ->total_cell_waiting_time += msec_waiting;
3244 or_circ->processed_cells++;
3245 }
3246
3247 if (get_options()->TestingEnableCellStatsEvent) {
3248 uint8_t command = packed_cell_get_command(cell, chan->wide_circ_ids);
3249
3251 tor_malloc_zero(sizeof(testing_cell_stats_entry_t));
3252 ent->command = command;
3253 ent->waiting_time = msec_waiting / 10;
3254 ent->removed = 1;
3255 if (circ->n_chan == chan)
3256 ent->exitward = 1;
3257 if (!circ->testing_cell_stats)
3260 }
3261 }
3262
3263 /* If we just flushed our queue and this circuit is used for a
3264 * tunneled directory request, possibly advance its state. */
3265 if (queue->n == 0 && chan->dirreq_id)
3267 DIRREQ_TUNNELED,
3269
3270 /* Now send the cell. It is very unlikely that this fails but just in
3271 * case, get rid of the channel. */
3272 if (channel_write_packed_cell(chan, cell) < 0) {
3273 /* The cell has been freed at this point. */
3275 continue;
3276 }
3277 cell = NULL;
3278
3279 /*
3280 * Don't packed_cell_free_unchecked(cell) here because the channel will
3281 * do so when it gets out of the channel queue (probably already did, in
3282 * which case that was an immediate double-free bug).
3283 */
3284
3285 /* Update the counter */
3286 ++n_flushed;
3287
3288 /*
3289 * Now update the cmux; tell it we've just sent a cell, and how many
3290 * we have left.
3291 */
3292 circuitmux_notify_xmit_cells(cmux, circ, 1);
3293 circuitmux_set_num_cells(cmux, circ, queue->n);
3294 if (queue->n == 0)
3295 log_debug(LD_GENERAL, "Made a circuit inactive.");
3296
3297 /* Is the cell queue low enough to unblock all the streams that are waiting
3298 * to write to this circuit? */
3299 if (circ_blocked && queue->n <= cell_queue_lowwatermark())
3300 set_circuit_blocked_on_chan(circ, chan, 0); /* unblock streams */
3301
3302 /* If n_flushed < max still, loop around and pick another circuit */
3303 }
3304
3305 /* Okay, we're done sending now */
3306 return n_flushed;
3307}
3308
3309/* Minimum value is the maximum circuit window size.
3310 *
3311 * This value is set to a lower bound we believe is reasonable with congestion
3312 * control and basic network running parameters.
3313 *
3314 * SENDME cells makes it that we can control how many cells can be inflight on
3315 * a circuit from end to end. This logic makes it that on any circuit cell
3316 * queue, we have a maximum of cells possible.
3317 *
3318 * Because the Tor protocol allows for a client to exit at any hop in a
3319 * circuit and a circuit can be of a maximum of 8 hops, so in theory the
3320 * normal worst case will be the circuit window start value times the maximum
3321 * number of hops (8). Having more cells then that means something is wrong.
3322 *
3323 * However, because padding cells aren't counted in the package window, we set
3324 * the maximum size to a reasonably large size for which we expect that we'll
3325 * never reach in theory. And if we ever do because of future changes, we'll
3326 * be able to control it with a consensus parameter.
3327 *
3328 * XXX: Unfortunately, END cells aren't accounted for in the circuit window
3329 * which means that for instance if a client opens 8001 streams, the 8001
3330 * following END cells will queue up in the circuit which will get closed if
3331 * the max limit is 8000. Which is sad because it is allowed by the Tor
3332 * protocol. But, we need an upper bound on circuit queue in order to avoid
3333 * DoS memory pressure so the default size is a middle ground between not
3334 * having any limit and having a very restricted one. This is why we can also
3335 * control it through a consensus parameter. */
3336#define RELAY_CIRC_CELL_QUEUE_SIZE_MIN 50
3337/* We can't have a consensus parameter above this value. */
3338#define RELAY_CIRC_CELL_QUEUE_SIZE_MAX INT32_MAX
3339/* Default value is set to a large value so we can handle padding cells
3340 * properly which aren't accounted for in the SENDME window. Default is 2500
3341 * allowed cells in the queue resulting in ~1MB. */
3342#define RELAY_CIRC_CELL_QUEUE_SIZE_DEFAULT \
3343 (50 * RELAY_CIRC_CELL_QUEUE_SIZE_MIN)
3344
3345/* The maximum number of cells a circuit queue can contain. This is updated at
3346 * every new consensus and controlled by a parameter. */
3347static int32_t max_circuit_cell_queue_size =
3348 RELAY_CIRC_CELL_QUEUE_SIZE_DEFAULT;
3349/** Maximum number of cell on an outbound circuit queue. This is updated at
3350 * every new consensus and controlled by a parameter. This default is incorrect
3351 * and won't be used at all except in unit tests. */
3353 RELAY_CIRC_CELL_QUEUE_SIZE_DEFAULT;
3354
3355/** Return consensus parameter "circ_max_cell_queue_size". The given ns can be
3356 * NULL. */
3357static uint32_t
3359{
3360 return networkstatus_get_param(ns, "circ_max_cell_queue_size",
3361 RELAY_CIRC_CELL_QUEUE_SIZE_DEFAULT,
3362 RELAY_CIRC_CELL_QUEUE_SIZE_MIN,
3363 RELAY_CIRC_CELL_QUEUE_SIZE_MAX);
3364}
3365
3366/** Return consensus parameter "circ_max_cell_queue_size_out". The given ns can
3367 * be NULL. */
3368static uint32_t
3370{
3371 return networkstatus_get_param(ns, "circ_max_cell_queue_size_out",
3373 RELAY_CIRC_CELL_QUEUE_SIZE_MIN,
3374 RELAY_CIRC_CELL_QUEUE_SIZE_MAX);
3375}
3376
3377/* Called when the consensus has changed. At this stage, the global consensus
3378 * object has NOT been updated. It is called from
3379 * notify_before_networkstatus_changes(). */
3380void
3381relay_consensus_has_changed(const networkstatus_t *ns)
3382{
3383 tor_assert(ns);
3384
3385 /* Update the circuit max cell queue size from the consensus. */
3386 max_circuit_cell_queue_size =
3390}
3391
3392/** Add <b>cell</b> to the queue of <b>circ</b> writing to <b>chan</b>
3393 * transmitting in <b>direction</b>.
3394 *
3395 * The given <b>cell</b> is copied onto the circuit queue so the caller must
3396 * cleanup the memory.
3397 *
3398 * This function is part of the fast path.
3399 *
3400 * Return 1 if the cell was successfully sent.
3401 * Return 0 if the cell can not be sent. The caller MUST NOT close the circuit.
3402 * Return -1 indicating an error and that the caller should mark the circuit
3403 * for close. */
3404int
3406 cell_t *cell, cell_direction_t direction,
3407 streamid_t fromstream)
3408{
3409 or_circuit_t *orcirc = NULL;
3410 edge_connection_t *stream_list = NULL;
3411 cell_queue_t *queue;
3412 int32_t max_queue_size;
3413 int circ_blocked;
3414 int exitward;
3415 if (circ->marked_for_close) {
3416 return 0;
3417 }
3418
3419 exitward = (direction == CELL_DIRECTION_OUT);
3420 if (exitward) {
3421 queue = &circ->n_chan_cells;
3422 circ_blocked = circ->circuit_blocked_on_n_chan;
3423 max_queue_size = max_circuit_cell_queue_size_out;
3424 if (CIRCUIT_IS_ORIGIN(circ))
3425 stream_list = TO_ORIGIN_CIRCUIT(circ)->p_streams;
3426 } else {
3427 orcirc = TO_OR_CIRCUIT(circ);
3428 queue = &orcirc->p_chan_cells;
3429 circ_blocked = circ->circuit_blocked_on_p_chan;
3430 max_queue_size = max_circuit_cell_queue_size;
3431 stream_list = TO_OR_CIRCUIT(circ)->n_streams;
3432 }
3433
3434 if (PREDICT_UNLIKELY(queue->n >= max_queue_size)) {
3435 /* This DoS defense only applies at the Guard as in the p_chan is likely
3436 * a client IP attacking the network. */
3437 if (exitward && CIRCUIT_IS_ORCIRC(circ)) {
3438 stats_n_circ_max_cell_outq_reached++;
3439 dos_note_circ_max_outq(CONST_TO_OR_CIRCUIT(circ)->p_chan);
3440 }
3441
3442 log_fn(LOG_PROTOCOL_WARN, LD_PROTOCOL,
3443 "%s circuit has %d cells in its queue, maximum allowed is %d. "
3444 "Closing circuit for safety reasons.",
3445 (exitward) ? "Outbound" : "Inbound", queue->n,
3446 max_queue_size);
3448 return -1;
3449 }
3450
3451 /* Very important that we copy to the circuit queue because all calls to
3452 * this function use the stack for the cell memory. */
3453 cell_queue_append_packed_copy(circ, queue, exitward, cell,
3454 chan->wide_circ_ids, 1);
3455
3456 /* Check and run the OOM if needed. */
3457 if (PREDICT_UNLIKELY(cell_queues_check_size())) {
3458 /* We ran the OOM handler which might have closed this circuit. */
3459 if (circ->marked_for_close) {
3460 return 0;
3461 }
3462 }
3463
3464 /* If we have too many cells on the circuit, note that it should
3465 * be blocked from new cells. */
3466 if (!circ_blocked && queue->n >= cell_queue_highwatermark())
3467 set_circuit_blocked_on_chan(circ, chan, 1);
3468
3469 if (circ_blocked && fromstream) {
3470 /* This edge connection is apparently not blocked; this can happen for
3471 * new streams on a blocked circuit, for their CONNECTED response.
3472 * block it now, unless we have conflux. */
3473 set_block_state_for_streams(circ, stream_list, 1, fromstream);
3474 }
3475
3476 update_circuit_on_cmux(circ, direction);
3477 if (queue->n == 1) {
3478 /* This was the first cell added to the queue. We just made this
3479 * circuit active. */
3480 log_debug(LD_GENERAL, "Made a circuit active.");
3481 }
3482
3483 /* New way: mark this as having waiting cells for the scheduler */
3485 return 1;
3486}
3487
3488/** Append an encoded value of <b>addr</b> to <b>payload_out</b>, which must
3489 * have at least 18 bytes of free space. The encoding is, as specified in
3490 * tor-spec.txt:
3491 * RESOLVED_TYPE_IPV4 or RESOLVED_TYPE_IPV6 [1 byte]
3492 * LENGTH [1 byte]
3493 * ADDRESS [length bytes]
3494 * Return the number of bytes added, or -1 on error */
3495int
3496append_address_to_payload(uint8_t *payload_out, const tor_addr_t *addr)
3497{
3498 uint32_t a;
3499 switch (tor_addr_family(addr)) {
3500 case AF_INET:
3501 payload_out[0] = RESOLVED_TYPE_IPV4;
3502 payload_out[1] = 4;
3503 a = tor_addr_to_ipv4n(addr);
3504 memcpy(payload_out+2, &a, 4);
3505 return 6;
3506 case AF_INET6:
3507 payload_out[0] = RESOLVED_TYPE_IPV6;
3508 payload_out[1] = 16;
3509 memcpy(payload_out+2, tor_addr_to_in6_addr8(addr), 16);
3510 return 18;
3511 case AF_UNSPEC:
3512 default:
3513 return -1;
3514 }
3515}
3516
3517/** Given <b>payload_len</b> bytes at <b>payload</b>, starting with an address
3518 * encoded as by append_address_to_payload(), try to decode the address into
3519 * *<b>addr_out</b>. Return the next byte in the payload after the address on
3520 * success, or NULL on failure. */
3521const uint8_t *
3522decode_address_from_payload(tor_addr_t *addr_out, const uint8_t *payload,
3523 int payload_len)
3524{
3525 if (payload_len < 2)
3526 return NULL;
3527 if (payload_len < 2+payload[1])
3528 return NULL;
3529
3530 switch (payload[0]) {
3531 case RESOLVED_TYPE_IPV4:
3532 if (payload[1] != 4)
3533 return NULL;
3534 tor_addr_from_ipv4n(addr_out, get_uint32(payload+2));
3535 break;
3536 case RESOLVED_TYPE_IPV6:
3537 if (payload[1] != 16)
3538 return NULL;
3539 tor_addr_from_ipv6_bytes(addr_out, (payload+2));
3540 break;
3541 default:
3542 tor_addr_make_unspec(addr_out);
3543 break;
3544 }
3545 return payload + 2 + payload[1];
3546}
3547
3548/** Remove all the cells queued on <b>circ</b> for <b>chan</b>. */
3549void
3551{
3552 cell_queue_t *queue;
3553 cell_direction_t direction;
3554
3555 if (circ->n_chan == chan) {
3556 queue = &circ->n_chan_cells;
3557 direction = CELL_DIRECTION_OUT;
3558 } else {
3559 or_circuit_t *orcirc = TO_OR_CIRCUIT(circ);
3560 tor_assert(orcirc->p_chan == chan);
3561 queue = &orcirc->p_chan_cells;
3562 direction = CELL_DIRECTION_IN;
3563 }
3564
3565 /* Clear the queue */
3566 cell_queue_clear(queue);
3567
3568 /* Update the cell counter in the cmux */
3569 if (chan->cmux && circuitmux_is_circuit_attached(chan->cmux, circ))
3570 update_circuit_on_cmux(circ, direction);
3571}
3572
3573/** Return 1 if we shouldn't restart reading on this circuit, even if
3574 * we get a SENDME. Else return 0.
3575*/
3576static int
3578{
3579 if (CIRCUIT_IS_ORIGIN(circ)) {
3580 return circ->circuit_blocked_on_n_chan;
3581 } else {
3582 return circ->circuit_blocked_on_p_chan;
3583 }
3584}
void tor_addr_from_ipv4n(tor_addr_t *dest, uint32_t v4addr)
Definition: address.c:889
void tor_addr_make_unspec(tor_addr_t *a)
Definition: address.c:225
int tor_addr_parse(tor_addr_t *addr, const char *src)
Definition: address.c:1349
int tor_addr_is_null(const tor_addr_t *addr)
Definition: address.c:780
const char * tor_addr_to_str(char *dest, const tor_addr_t *addr, size_t len, int decorate)
Definition: address.c:328
void tor_addr_from_ipv6_bytes(tor_addr_t *dest, const uint8_t *ipv6_bytes)
Definition: address.c:900
static uint32_t tor_addr_to_ipv4n(const tor_addr_t *a)
Definition: address.h:152
static sa_family_t tor_addr_family(const tor_addr_t *a)
Definition: address.h:187
#define tor_addr_to_in6_addr8(x)
Definition: address.h:135
#define tor_addr_from_ipv4h(dest, v4addr)
Definition: address.h:327
#define fmt_addr(a)
Definition: address.h:239
#define TOR_ADDR_BUF_LEN
Definition: address.h:224
int client_dns_incr_failures(const char *address)
Definition: addressmap.c:638
void client_dns_set_addressmap(entry_connection_t *for_conn, const char *address, const tor_addr_t *val, const char *exitname, int ttl)
Definition: addressmap.c:728
void client_dns_clear_failures(const char *address)
Definition: addressmap.c:660
Header for addressmap.c.
time_t approx_time(void)
Definition: approx_time.c:32
Header for backtrace.c.
buf_t * buf_new(void)
Definition: buffers.c:365
int buf_add(buf_t *buf, const char *string, size_t string_len)
Definition: buffers.c:527
size_t buf_datalen(const buf_t *buf)
Definition: buffers.c:394
int buf_get_bytes(buf_t *buf, char *string, size_t string_len)
Definition: buffers.c:637
Header file for buffers.c.
static void set_uint16(void *cp, uint16_t v)
Definition: bytes.h:78
static uint16_t get_uint16(const void *cp)
Definition: bytes.h:42
static uint8_t get_uint8(const void *cp)
Definition: bytes.h:23
static void set_uint8(void *cp, uint8_t v)
Definition: bytes.h:31
static uint32_t get_uint32(const void *cp)
Definition: bytes.h:54
Cell queue structures.
Fixed-size cell structure.
void channel_timestamp_client(channel_t *chan)
Definition: channel.c:3198
int channel_send_destroy(circid_t circ_id, channel_t *chan, int reason)
Definition: channel.c:2038
int channel_is_client(const channel_t *chan)
Definition: channel.c:2918
void channel_mark_for_close(channel_t *chan)
Definition: channel.c:1142
int channel_write_packed_cell(channel_t *chan, packed_cell_t *cell)
Definition: channel.c:1489
Header file for channel.c.
void pathbias_count_valid_cells(circuit_t *circ, const cell_t *cell)
Definition: circpathbias.c:966
int pathbias_check_probe_response(circuit_t *circ, const cell_t *cell)
Definition: circpathbias.c:906
void pathbias_mark_use_success(origin_circuit_t *circ)
Definition: circpathbias.c:683
void circuit_log_path(int severity, unsigned int domain, origin_circuit_t *circ)
Definition: circuitbuild.c:356
int circuit_send_next_onion_skin(origin_circuit_t *circ)
Definition: circuitbuild.c:960
int circuit_finish_handshake(origin_circuit_t *circ, const created_cell_t *reply)
int circuit_truncated(origin_circuit_t *circ, int reason)
Header file for circuitbuild.c.
int circuit_extend(struct cell_t *cell, struct circuit_t *circ)
Header for feature/relay/circuitbuild_relay.c.
void circuit_synchronize_written_or_bandwidth(const circuit_t *c, circuit_channel_direction_t dir)
Definition: circuitlist.c:2134
void circuit_set_n_circid_chan(circuit_t *circ, circid_t id, channel_t *chan)
Definition: circuitlist.c:493
void circuit_set_state(circuit_t *circ, uint8_t state)
Definition: circuitlist.c:562
circuit_t * circuit_get_by_edge_conn(edge_connection_t *conn)
Definition: circuitlist.c:1606
origin_circuit_t * TO_ORIGIN_CIRCUIT(circuit_t *x)
Definition: circuitlist.c:185
void assert_circuit_ok(const circuit_t *c)
Definition: circuitlist.c:2809
const char * circuit_state_to_string(int state)
Definition: circuitlist.c:781
size_t circuits_handle_oom(size_t current_allocation)
Definition: circuitlist.c:2676
or_circuit_t * TO_OR_CIRCUIT(circuit_t *x)
Definition: circuitlist.c:173
smartlist_t * circuit_get_global_list(void)
Definition: circuitlist.c:713
Header file for circuitlist.c.
#define CIRCUIT_PURPOSE_PATH_BIAS_TESTING
Definition: circuitlist.h:123
#define CIRCUIT_STATE_OPEN
Definition: circuitlist.h:32
#define CIRCUIT_IS_ORCIRC(c)
Definition: circuitlist.h:161
#define CIRCUIT_IS_ORIGIN(c)
Definition: circuitlist.h:154
#define CIRCUIT_PURPOSE_OR
Definition: circuitlist.h:39
#define CIRCUIT_PURPOSE_S_REND_JOINED
Definition: circuitlist.h:110
#define CIRCUIT_PURPOSE_REND_ESTABLISHED
Definition: circuitlist.h:47
cell_direction_t circuitmux_attached_circuit_direction(circuitmux_t *cmux, circuit_t *circ)
Definition: circuitmux.c:549
void circuitmux_notify_xmit_destroy(circuitmux_t *cmux)
Definition: circuitmux.c:1164
void circuitmux_detach_all_circuits(circuitmux_t *cmux, smartlist_t *detached_out)
Definition: circuitmux.c:214
void circuitmux_notify_xmit_cells(circuitmux_t *cmux, circuit_t *circ, unsigned int n_cells)
Definition: circuitmux.c:1104
int circuitmux_is_circuit_attached(circuitmux_t *cmux, circuit_t *circ)
Definition: circuitmux.c:627
void circuitmux_set_num_cells(circuitmux_t *cmux, circuit_t *circ, unsigned int n_cells)
Definition: circuitmux.c:999
circuit_t * circuitmux_get_first_active_circuit(circuitmux_t *cmux, destroy_cell_queue_t **destroy_queue_out)
Definition: circuitmux.c:1061
void circpad_deliver_sent_relay_cell_events(circuit_t *circ, uint8_t relay_command)
void circpad_deliver_unrecognized_cell_events(circuit_t *circ, cell_direction_t dir)
void circpad_machine_event_circ_has_no_relay_early(origin_circuit_t *circ)
void circpad_deliver_recognized_relay_cell_events(circuit_t *circ, uint8_t relay_command, crypt_path_t *layer_hint)
int circpad_check_received_cell(cell_t *cell, circuit_t *circ, crypt_path_t *layer_hint, const relay_header_t *rh)
Header file for circuitpadding.c.
void circuit_sent_valid_data(origin_circuit_t *circ, uint16_t relay_body_len)
Definition: circuituse.c:3176
void circuit_read_valid_data(origin_circuit_t *circ, uint16_t relay_body_len)
Definition: circuituse.c:3197
void mark_circuit_unusable_for_new_conns(origin_circuit_t *circ)
Definition: circuituse.c:3148
Header file for circuituse.c.
uint64_t monotime_coarse_stamp_units_to_approx_msec(uint64_t units)
Definition: compat_time.c:890
uint32_t monotime_coarse_get_stamp(void)
Definition: compat_time.c:864
size_t tor_compress_get_total_allocation(void)
Definition: compress.c:466
Headers for compress.c.
const or_options_t * get_options(void)
Definition: config.c:944
tor_cmdline_mode_t command
Definition: config.c:2468
Header file for config.c.
void conflux_note_cell_sent(conflux_t *cfx, circuit_t *circ, uint8_t relay_command)
Definition: conflux.c:525
bool conflux_process_cell(conflux_t *cfx, circuit_t *in_circ, crypt_path_t *layer_hint, cell_t *cell)
Definition: conflux.c:833
int conflux_process_switch_command(circuit_t *in_circ, crypt_path_t *layer_hint, cell_t *cell, relay_header_t *rh)
Definition: conflux.c:734
bool conflux_should_multiplex(int relay_command)
Definition: conflux.c:47
circuit_t * conflux_decide_next_circ(conflux_t *cfx)
Definition: conflux.c:606
conflux_cell_t * conflux_dequeue_cell(conflux_t *cfx)
Definition: conflux.c:892
circuit_t * conflux_decide_circ_for_send(conflux_t *cfx, circuit_t *orig_circ, uint8_t relay_command)
Definition: conflux.c:454
size_t conflux_handle_oom(size_t bytes_to_remove)
Definition: conflux.c:188
uint64_t conflux_get_total_bytes_allocation(void)
Definition: conflux.c:181
Public APIs for conflux multipath support.
void conflux_process_linked_ack(circuit_t *circ)
void conflux_log_set(int loglevel, const conflux_t *cfx, bool is_client)
void conflux_process_linked(circuit_t *circ, crypt_path_t *layer_hint, const cell_t *cell, const uint16_t cell_len)
void conflux_process_link(circuit_t *circ, const cell_t *cell, const uint16_t cell_len)
Header file for conflux_pool.c.
crypt_path_t * conflux_get_destination_hop(circuit_t *circ)
Definition: conflux_util.c:122
int circuit_get_package_window(circuit_t *circ, const crypt_path_t *cpath)
Definition: conflux_util.c:33
bool conflux_can_send(conflux_t *cfx)
Definition: conflux_util.c:99
bool relay_crypt_from_last_hop(const origin_circuit_t *circ, const crypt_path_t *layer_hint)
Definition: conflux_util.c:242
bool edge_uses_cpath(const edge_connection_t *conn, const crypt_path_t *cpath)
Definition: conflux_util.c:172
Header file for conflux_util.c.
int congestion_control_get_package_window(const circuit_t *circ, const crypt_path_t *cpath)
Public APIs for congestion control.
static int32_t cell_queue_highwatermark(void)
static int32_t cell_queue_lowwatermark(void)
bool circuit_process_stream_xoff(edge_connection_t *conn, const crypt_path_t *layer_hint, const cell_t *cell)
bool circuit_process_stream_xon(edge_connection_t *conn, const crypt_path_t *layer_hint, const cell_t *cell)
APIs for stream flow control on congestion controlled circuits.
int connection_buf_get_bytes(char *string, size_t len, connection_t *conn)
Definition: connection.c:4324
int connection_state_is_open(connection_t *conn)
Definition: connection.c:5058
const char * conn_state_to_string(int type, int state)
Definition: connection.c:304
Header file for connection.c.
#define CONN_TYPE_AP
Definition: connection.h:51
#define CONN_TYPE_DIR
Definition: connection.h:55
#define CONN_TYPE_EXIT
Definition: connection.h:46
int connection_half_edge_is_valid_data(const smartlist_t *half_conns, streamid_t stream_id)
int connection_ap_detach_retriable(entry_connection_t *conn, origin_circuit_t *circ, int reason)
void connection_ap_handshake_socks_reply(entry_connection_t *conn, char *reply, size_t replylen, int endreason)
int connection_half_edge_is_valid_end(smartlist_t *half_conns, streamid_t stream_id)
void connection_edge_end_close(edge_connection_t *conn, uint8_t reason)
int connection_exit_begin_resolve(cell_t *cell, or_circuit_t *circ)
int connection_half_edge_is_valid_connected(const smartlist_t *half_conns, streamid_t stream_id)
entry_connection_t * EDGE_TO_ENTRY_CONN(edge_connection_t *c)
void connection_ap_handshake_socks_resolved_addr(entry_connection_t *conn, const tor_addr_t *answer, int ttl, time_t expires)
int connection_half_edge_is_valid_resolved(smartlist_t *half_conns, streamid_t stream_id)
int connection_edge_end(edge_connection_t *conn, uint8_t reason)
size_t half_streams_get_total_allocation(void)
int connection_half_edge_is_valid_sendme(const smartlist_t *half_conns, streamid_t stream_id)
int connection_edge_is_rendezvous_stream(const edge_connection_t *conn)
void connection_ap_handshake_socks_resolved(entry_connection_t *conn, int answer_type, size_t answer_len, const uint8_t *answer, int ttl, time_t expires)
int connection_exit_begin_conn(cell_t *cell, circuit_t *circ)
Header file for connection_edge.c.
#define EXIT_CONN_STATE_CONNECTING
#define AP_CONN_STATE_CONNECT_WAIT
#define AP_CONN_STATE_OPEN
#define AP_CONN_STATE_RESOLVE_WAIT
#define EXIT_CONN_STATE_RESOLVING
void cell_pack(packed_cell_t *dst, const cell_t *src, int wide_circ_ids)
Header file for connection_or.c.
void control_event_boot_dir(bootstrap_status_t status, int progress)
void control_event_bootstrap(bootstrap_status_t status, int progress)
int control_event_stream_status(entry_connection_t *conn, stream_status_event_t tp, int reason_code)
Header file for control_events.c.
#define REMAP_STREAM_SOURCE_EXIT
Circuit-build-stse structure.
Common functions for using (pseudo-)random number generators.
#define crypto_fast_rng_one_in_n(rng, n)
Definition: crypto_rand.h:80
crypto_fast_rng_t * get_thread_fast_rng(void)
unsigned crypto_fast_rng_get_uint(crypto_fast_rng_t *rng, unsigned limit)
void crypto_fast_rng_getbytes(crypto_fast_rng_t *rng, uint8_t *out, size_t n)
Common functions for cryptographic routines.
const char * node_describe(const node_t *node)
Definition: describe.c:160
Header file for describe.c.
Destroy-cell queue structures.
Client/server directory connection structure.
dir_connection_t * TO_DIR_CONN(connection_t *c)
Definition: directory.c:88
Header file for directory.c.
#define DIR_PURPOSE_FETCH_CERTIFICATE
Definition: directory.h:57
#define DIR_PURPOSE_FETCH_MICRODESC
Definition: directory.h:65
#define DIR_PURPOSE_FETCH_CONSENSUS
Definition: directory.h:54
#define DIR_PURPOSE_FETCH_SERVERDESC
Definition: directory.h:36
Header file for dns.c.
Entry connection structure.
#define ENTRY_TO_EDGE_CONN(c)
Extend-info structure.
Header for core/or/extendinfo.c.
Header file for geoip_stats.c.
@ DIRREQ_END_CELL_SENT
Definition: geoip_stats.h:66
@ DIRREQ_CIRC_QUEUE_FLUSHED
Definition: geoip_stats.h:69
void geoip_change_dirreq_state(uint64_t dirreq_id, dirreq_type_t type, dirreq_state_t new_state)
Definition: geoip_stats.c:552
size_t hs_cache_handle_oom(time_t now, size_t min_remove_bytes)
Definition: hs_cache.c:1074
Header file for hs_cache.c.
Header for feature/hs/hs_metrics.c.
#define hs_metrics_app_write_bytes(i, port, n)
Definition: hs_metrics.h:47
uint16_t sa_family_t
Definition: inaddr_st.h:77
void tor_log(int severity, log_domain_mask_t domain, const char *format,...)
Definition: log.c:591
#define log_fn(severity, domain, args,...)
Definition: log.h:283
#define LD_REND
Definition: log.h:84
#define LD_APP
Definition: log.h:78
#define LD_PROTOCOL
Definition: log.h:72
#define LD_OR
Definition: log.h:92
#define LD_MM
Definition: log.h:74
#define LD_BUG
Definition: log.h:86
#define LD_GENERAL
Definition: log.h:62
#define LOG_WARN
Definition: log.h:53
#define LOG_INFO
Definition: log.h:45
void connection_stop_reading(connection_t *conn)
Definition: mainloop.c:601
void connection_start_reading(connection_t *conn)
Definition: mainloop.c:623
int connection_is_reading(const connection_t *conn)
Definition: mainloop.c:500
Header file for mainloop.c.
#define tor_free(p)
Definition: malloc.h:56
int32_t networkstatus_get_param(const networkstatus_t *ns, const char *param_name, int32_t default_val, int32_t min_val, int32_t max_val)
int consensus_is_waiting_for_certs(void)
Header file for networkstatus.c.
int node_exit_policy_is_exact(const node_t *node, sa_family_t family)
Definition: nodelist.c:1605
node_t * node_get_mutable_by_id(const char *identity_digest)
Definition: nodelist.c:197
int count_loading_descriptors_progress(void)
Definition: nodelist.c:2748
Header file for nodelist.c.
int extended_cell_parse(extended_cell_t *cell_out, const uint8_t command, const uint8_t *payload, size_t payload_len)
Definition: onion.c:407
Header file for onion.c.
Master header file for Tor-specific functionality.
#define CELL_PAYLOAD_SIZE
Definition: or.h:466
#define END_STREAM_REASON_CANT_ATTACH
Definition: or.h:263
#define END_STREAM_REASON_FLAG_REMOTE
Definition: or.h:289
uint32_t circid_t
Definition: or.h:498
uint16_t streamid_t
Definition: or.h:500
#define TO_CIRCUIT(x)
Definition: or.h:849
#define RELAY_PAYLOAD_SIZE
Definition: or.h:495
#define END_STREAM_REASON_FLAG_ALREADY_SOCKS_REPLIED
Definition: or.h:296
#define TO_CONN(c)
Definition: or.h:613
#define RELAY_HEADER_SIZE
Definition: or.h:493
cell_direction_t
Definition: or.h:376
@ CELL_DIRECTION_OUT
Definition: or.h:378
@ CELL_DIRECTION_IN
Definition: or.h:377
#define END_CIRC_AT_ORIGIN
Definition: or.h:319
#define ENTRY_TO_CONN(c)
Definition: or.h:616
#define CIRCWINDOW_INCREMENT
Definition: or.h:399
Origin circuit structure.
@ PATH_STATE_USE_FAILED
void addr_policy_append_reject_addr(smartlist_t **dest, const tor_addr_t *addr)
Definition: policies.c:1617
void policies_set_node_exitpolicy_to_reject_all(node_t *node)
Definition: policies.c:2194
Header file for policies.c.
int tor_snprintf(char *str, size_t size, const char *format,...)
Definition: printf.c:27
char * rate_limit_log(ratelim_t *lim, time_t now)
Definition: ratelim.c:42
const char * stream_end_reason_to_string(int reason)
Definition: reasons.c:64
Header file for reasons.c.
int channel_flush_from_first_active_circuit(channel_t *chan, int max)
Definition: relay.c:3145
STATIC size_t connection_edge_get_inbuf_bytes_to_package(size_t n_available, int package_partial, circuit_t *on_circuit)
Definition: relay.c:2271
static int connection_edge_process_ordered_relay_cell(cell_t *cell, circuit_t *circ, edge_connection_t *conn, crypt_path_t *layer_hint, relay_header_t *rh)
Definition: relay.c:2196
void destroy_cell_queue_init(destroy_cell_queue_t *queue)
Definition: relay.c:2820
static int circuit_resume_edge_reading_helper(edge_connection_t *conn, circuit_t *circ, crypt_path_t *layer_hint)
Definition: relay.c:2494
int append_address_to_payload(uint8_t *payload_out, const tor_addr_t *addr)
Definition: relay.c:3496
uint64_t stats_n_data_cells_received
Definition: relay.c:2239
void packed_cell_free_(packed_cell_t *cell)
Definition: relay.c:2722
void destroy_cell_queue_clear(destroy_cell_queue_t *queue)
Definition: relay.c:2828
void destroy_cell_queue_append(destroy_cell_queue_t *queue, circid_t circid, uint8_t reason)
Definition: relay.c:2854
void channel_unlink_all_circuits(channel_t *chan, smartlist_t *circuits_out)
Definition: relay.c:3037
int append_cell_to_circuit_queue(circuit_t *circ, channel_t *chan, cell_t *cell, cell_direction_t direction, streamid_t fromstream)
Definition: relay.c:3405
void cell_queue_append_packed_copy(circuit_t *circ, cell_queue_t *queue, int exitward, const cell_t *cell, int wide_circ_ids, int use_stats)
Definition: relay.c:2770
STATIC size_t get_pad_cell_offset(size_t data_len)
Definition: relay.c:580
uint64_t oom_stats_n_bytes_removed_dns
Definition: relay.c:2906
static packed_cell_t * destroy_cell_to_packed_cell(destroy_cell_t *inp, int wide_circ_ids)
Definition: relay.c:2870
void dump_cell_pool_usage(int severity)
Definition: relay.c:2732
STATIC int connection_edge_process_relay_cell(cell_t *cell, circuit_t *circ, edge_connection_t *conn, crypt_path_t *layer_hint)
Definition: relay.c:2088
void circuit_reset_sendme_randomness(circuit_t *circ)
Definition: relay.c:2251
uint64_t stats_n_relay_cells_relayed
Definition: relay.c:134
uint64_t stats_n_circ_max_cell_reached
Definition: relay.c:141
#define MAX_RESOLVE_FAILURES
Definition: relay.c:857
static void remap_event_helper(entry_connection_t *conn, const tor_addr_t *new_addr)
Definition: relay.c:1118
static int circuit_queue_streams_are_blocked(circuit_t *circ)
Definition: relay.c:3577
static void connection_ap_handshake_socks_got_resolved_cell(entry_connection_t *conn, int error_code, smartlist_t *results)
Definition: relay.c:1287
static void adjust_exit_policy_from_exitpolicy_failure(origin_circuit_t *circ, entry_connection_t *conn, node_t *node, const tor_addr_t *addr)
Definition: relay.c:1083
static void circuit_update_channel_usage(circuit_t *circ, cell_t *cell)
Definition: relay.c:155
uint64_t stats_n_data_cells_packaged
Definition: relay.c:2233
STATIC packed_cell_t * packed_cell_new(void)
Definition: relay.c:2714
void cell_queue_clear(cell_queue_t *queue)
Definition: relay.c:2794
STATIC int connected_cell_parse(const relay_header_t *rh, const cell_t *cell, tor_addr_t *addr_out, int *ttl_out)
Definition: relay.c:1138
void circuit_clear_cell_queue(circuit_t *circ, channel_t *chan)
Definition: relay.c:3550
void cell_queue_init(cell_queue_t *queue)
Definition: relay.c:2786
int circuit_package_relay_cell(cell_t *cell, circuit_t *circ, cell_direction_t cell_direction, crypt_path_t *layer_hint, streamid_t on_stream, const char *filename, int lineno)
Definition: relay.c:385
STATIC packed_cell_t * cell_queue_pop(cell_queue_t *queue)
Definition: relay.c:2808
int have_been_under_memory_pressure(void)
Definition: relay.c:2981
uint64_t stats_n_data_bytes_received
Definition: relay.c:2243
void relay_header_pack(uint8_t *dest, const relay_header_t *src)
Definition: relay.c:498
circid_t packed_cell_get_circid(const packed_cell_t *cell, int wide_circ_ids)
Definition: relay.c:3131
static edge_connection_t * relay_lookup_conn(circuit_t *circ, cell_t *cell, cell_direction_t cell_direction, crypt_path_t *layer_hint)
Definition: relay.c:446
const uint8_t * decode_address_from_payload(tor_addr_t *addr_out, const uint8_t *payload, int payload_len)
Definition: relay.c:3522
static uint32_t get_param_max_circuit_cell_queue_size(const networkstatus_t *ns)
Definition: relay.c:3358
void update_circuit_on_cmux_(circuit_t *circ, cell_direction_t direction, const char *file, int lineno)
Definition: relay.c:2992
STATIC destroy_cell_t * destroy_cell_queue_pop(destroy_cell_queue_t *queue)
Definition: relay.c:2842
void relay_header_unpack(relay_header_t *dest, const uint8_t *src)
Definition: relay.c:511
static int connection_edge_process_relay_cell_not_open(relay_header_t *rh, cell_t *cell, circuit_t *circ, edge_connection_t *conn, crypt_path_t *layer_hint)
Definition: relay.c:1436
uint8_t packed_cell_get_command(const packed_cell_t *cell, int wide_circ_ids)
Definition: relay.c:3120
uint64_t stats_n_relay_cells_delivered
Definition: relay.c:138
STATIC int cell_queues_check_size(void)
Definition: relay.c:2914
static int process_sendme_cell(const relay_header_t *rh, const cell_t *cell, circuit_t *circ, edge_connection_t *conn, crypt_path_t *layer_hint, int domain)
Definition: relay.c:1585
STATIC int handle_relay_cell_command(cell_t *cell, circuit_t *circ, edge_connection_t *conn, crypt_path_t *layer_hint, relay_header_t *rh, int optimistic_data)
Definition: relay.c:1662
static size_t total_cells_allocated
Definition: relay.c:2702
static int32_t max_circuit_cell_queue_size_out
Definition: relay.c:3352
int relay_send_command_from_edge_(streamid_t stream_id, circuit_t *orig_circ, uint8_t relay_command, const char *payload, size_t payload_len, crypt_path_t *cpath_layer, const char *filename, int lineno)
Definition: relay.c:635
static void packed_cell_free_unchecked(packed_cell_t *cell)
Definition: relay.c:2706
static int edge_reason_is_retriable(int reason)
Definition: relay.c:862
static void circuit_resume_edge_reading(circuit_t *circ, crypt_path_t *layer_hint)
Definition: relay.c:2464
#define RELAY_PAYLOAD_LENGTH_FOR_RANDOM_SENDMES
Definition: relay.c:2263
static void set_circuit_blocked_on_chan(circuit_t *circ, channel_t *chan, int block)
Definition: relay.c:3056
STATIC void address_ttl_free_(address_ttl_t *addr)
Definition: relay.c:1176
static uint32_t get_param_max_circuit_cell_queue_size_out(const networkstatus_t *ns)
Definition: relay.c:3369
const char * relay_command_to_string(uint8_t command)
Definition: relay.c:522
#define MEMORY_PRESSURE_INTERVAL
Definition: relay.c:2900
static void set_block_state_for_streams(circuit_t *circ, edge_connection_t *stream_list, int block, streamid_t stream_id)
Definition: relay.c:3079
void cell_queue_append(cell_queue_t *queue, packed_cell_t *cell)
Definition: relay.c:2759
static int connection_ap_process_end_not_open(relay_header_t *rh, cell_t *cell, origin_circuit_t *circ, entry_connection_t *conn, crypt_path_t *layer_hint)
Definition: relay.c:877
static packed_cell_t * packed_cell_copy(const cell_t *cell, int wide_circ_ids)
Definition: relay.c:2750
int circuit_receive_relay_cell(cell_t *cell, circuit_t *circ, cell_direction_t cell_direction)
Definition: relay.c:233
int connection_edge_package_raw_inbuf(edge_connection_t *conn, int package_partial, int *max_cells)
Definition: relay.c:2335
int connection_edge_send_command(edge_connection_t *fromconn, uint8_t relay_command, const char *payload, size_t payload_len)
Definition: relay.c:800
STATIC int resolved_cell_parse(const cell_t *cell, const relay_header_t *rh, smartlist_t *addresses_out, int *errcode_out)
Definition: relay.c:1190
uint64_t stats_n_data_bytes_packaged
Definition: relay.c:2237
STATIC int connection_edge_process_resolved_cell(edge_connection_t *conn, const cell_t *cell, const relay_header_t *rh)
Definition: relay.c:1361
size_t packed_cell_mem_cost(void)
Definition: relay.c:2887
#define CELL_PADDING_GAP
Definition: relay.c:566
static time_t last_time_under_memory_pressure
Definition: relay.c:2903
static int circuit_consider_stop_edge_reading(circuit_t *circ, crypt_path_t *layer_hint)
Definition: relay.c:2669
Header file for relay.c.
Header for relay_crypto.c.
void relay_encrypt_cell_outbound(cell_t *cell, origin_circuit_t *or_circ, crypt_path_t *layer_hint)
Definition: relay_crypto.c:219
int relay_decrypt_cell(circuit_t *circ, cell_t *cell, cell_direction_t cell_direction, crypt_path_t **layer_hint, char *recognized)
Definition: relay_crypto.c:145
void relay_encrypt_cell_inbound(cell_t *cell, or_circuit_t *or_circ)
Definition: relay_crypto.c:248
void rend_process_relay_cell(circuit_t *circ, const crypt_path_t *layer_hint, int command, size_t length, const uint8_t *payload)
Definition: rendcommon.c:34
Header file for rendcommon.c.
void rep_hist_note_overload(overload_type_t overload)
Definition: rephist.c:541
Header file for rephist.c.
Router descriptor structure.
#define ROUTER_PURPOSE_GENERAL
Header file for routerlist.c.
void scheduler_channel_has_waiting_cells(channel_t *chan)
Definition: scheduler.c:548
Header file for scheduler*.c.
void sendme_connection_edge_consider_sending(edge_connection_t *conn)
Definition: sendme.c:373
void sendme_circuit_consider_sending(circuit_t *circ, crypt_path_t *layer_hint)
Definition: sendme.c:420
Header file for sendme.c.
char * smartlist_join_strings(smartlist_t *sl, const char *join, int terminate, size_t *len_out)
Definition: smartlist.c:279
void smartlist_add_all(smartlist_t *s1, const smartlist_t *s2)
smartlist_t * smartlist_new(void)
void smartlist_add(smartlist_t *sl, void *element)
#define SMARTLIST_FOREACH_BEGIN(sl, type, var)
#define SMARTLIST_FOREACH(sl, type, var, cmd)
#define SMARTLIST_DEL_CURRENT(sl, var)
Client request structure.
#define SOCKS_COMMAND_RESOLVE_PTR
Definition: cell_st.h:17
uint8_t payload[CELL_PAYLOAD_SIZE]
Definition: cell_st.h:21
uint8_t command
Definition: cell_st.h:19
circid_t circ_id
Definition: cell_st.h:18
unsigned int num_n_circuits
Definition: channel.h:410
uint64_t dirreq_id
Definition: channel.h:453
channel_usage_info_t channel_usage
Definition: channel.h:228
circuitmux_t * cmux
Definition: channel.h:397
int marked_for_close_reason
Definition: circuit_st.h:198
uint8_t state
Definition: circuit_st.h:111
unsigned int circuit_blocked_on_n_chan
Definition: circuit_st.h:92
uint16_t send_randomness_after_n_cells
Definition: circuit_st.h:128
struct create_cell_t * n_chan_create_cell
Definition: circuit_st.h:154
unsigned int circuit_blocked_on_p_chan
Definition: circuit_st.h:95
unsigned int have_sent_sufficiently_random_cell
Definition: circuit_st.h:109
uint64_t dirreq_id
Definition: circuit_st.h:205
cell_queue_t n_chan_cells
Definition: circuit_st.h:82
uint16_t marked_for_close
Definition: circuit_st.h:190
struct conflux_t * conflux
Definition: circuit_st.h:263
uint8_t purpose
Definition: circuit_st.h:112
const char * marked_for_close_file
Definition: circuit_st.h:193
int package_window
Definition: circuit_st.h:117
smartlist_t * testing_cell_stats
Definition: circuit_st.h:213
struct timeval timestamp_created
Definition: circuit_st.h:169
channel_t * n_chan
Definition: circuit_st.h:70
extend_info_t * n_hop
Definition: circuit_st.h:88
circid_t n_circ_id
Definition: circuit_st.h:79
cell_t cell
Definition: conflux.h:42
time_t timestamp_last_read_allowed
uint8_t state
Definition: connection_st.h:49
unsigned int type
Definition: connection_st.h:50
uint16_t marked_for_close
const char * marked_for_close_file
unsigned int purpose
Definition: connection_st.h:51
tor_socket_t s
struct event * read_event
extend_info_t * chosen_exit
struct crypt_path_t * cpath_layer
struct edge_connection_t * next_stream
unsigned int edge_has_sent_end
struct circuit_t * on_circuit
socks_request_t * socks_request
unsigned int chosen_exit_optional
unsigned int chosen_exit_retries
struct buf_t * pending_optimistic_data
char identity_digest[DIGEST_LEN]
created_cell_t created_cell
Definition: onion.h:68
ed25519_public_key_t identity_pk
Definition: hs_ident.h:106
uint16_t orig_virtual_port
Definition: hs_ident.h:111
Definition: node_st.h:34
uint64_t total_cell_waiting_time
Definition: or_circuit_st.h:91
channel_t * p_chan
Definition: or_circuit_st.h:37
uint32_t n_cells_discarded_at_end
Definition: or_circuit_st.h:65
circid_t p_circ_id
Definition: or_circuit_st.h:33
cell_queue_t p_chan_cells
Definition: or_circuit_st.h:35
struct or_circuit_t * rend_splice
Definition: or_circuit_st.h:58
edge_connection_t * n_streams
Definition: or_circuit_st.h:43
uint32_t processed_cells
Definition: or_circuit_st.h:86
uint64_t MaxMemInQueues
edge_connection_t * p_streams
uint8_t relay_early_commands[MAX_RELAY_EARLY_CELLS_PER_CIRCUIT]
unsigned int remaining_relay_early_cells
path_state_bitfield_t path_state
smartlist_t * prepend_policy
crypt_path_t * cpath
cpath_build_state_t * build_state
smartlist_t * half_streams
uint32_t inserted_timestamp
Definition: cell_queue_st.h:22
char body[CELL_MAX_NETWORK_SIZE]
Definition: cell_queue_st.h:21
uint16_t length
Definition: or.h:532
uint8_t command
Definition: or.h:528
streamid_t stream_id
Definition: or.h:530
uint16_t recognized
Definition: or.h:529
char integrity[4]
Definition: or.h:531
unsigned int has_finished
char address[MAX_SOCKS_ADDR_LEN]
Definition: or.h:821
uint8_t command
Definition: or.h:822
unsigned int waiting_time
Definition: or.h:827
unsigned int exitward
Definition: or.h:829
unsigned int removed
Definition: or.h:828
#define STATIC
Definition: testsupport.h:32
#define MOCK_IMPL(rv, funcname, arglist)
Definition: testsupport.h:133
#define tor_assert(expr)
Definition: util_bug.h:103