Tor 0.4.9.2-alpha-dev
All Data Structures Files Functions Variables Typedefs Enumerations Enumerator Macros Modules Pages
relay.c
Go to the documentation of this file.
1/* Copyright (c) 2001 Matej Pfajfar.
2 * Copyright (c) 2001-2004, Roger Dingledine.
3 * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson.
4 * Copyright (c) 2007-2021, The Tor Project, Inc. */
5/* See LICENSE for licensing information */
6
7/**
8 * \file relay.c
9 * \brief Handle relay cell encryption/decryption, plus packaging and
10 * receiving from circuits, plus queuing on circuits.
11 *
12 * This is a core modules that makes Tor work. It's responsible for
13 * dealing with RELAY cells (the ones that travel more than one hop along a
14 * circuit), by:
15 * <ul>
16 * <li>constructing relays cells,
17 * <li>encrypting relay cells,
18 * <li>decrypting relay cells,
19 * <li>demultiplexing relay cells as they arrive on a connection,
20 * <li>queueing relay cells for retransmission,
21 * <li>or handling relay cells that are for us to receive (as an exit or a
22 * client).
23 * </ul>
24 *
25 * RELAY cells are generated throughout the code at the client or relay side,
26 * using relay_send_command_from_edge() or one of the functions like
27 * connection_edge_send_command() that calls it. Of particular interest is
28 * connection_edge_package_raw_inbuf(), which takes information that has
29 * arrived on an edge connection socket, and packages it as a RELAY_DATA cell
30 * -- this is how information is actually sent across the Tor network. The
31 * cryptography for these functions is handled deep in
32 * circuit_package_relay_cell(), which either adds a single layer of
33 * encryption (if we're an exit), or multiple layers (if we're the origin of
34 * the circuit). After construction and encryption, the RELAY cells are
35 * passed to append_cell_to_circuit_queue(), which queues them for
36 * transmission and tells the circuitmux (see circuitmux.c) that the circuit
37 * is waiting to send something.
38 *
39 * Incoming RELAY cells arrive at circuit_receive_relay_cell(), called from
40 * command.c. There they are decrypted and, if they are for us, are passed to
41 * connection_edge_process_relay_cell(). If they're not for us, they're
42 * re-queued for retransmission again with append_cell_to_circuit_queue().
43 *
44 * The connection_edge_process_relay_cell() function handles all the different
45 * types of relay cells, launching requests or transmitting data as needed.
46 **/
47
48#include "lib/log/log.h"
49#define RELAY_PRIVATE
50#include "core/or/or.h"
52#include "lib/err/backtrace.h"
53#include "lib/buf/buffers.h"
54#include "core/or/channel.h"
55#include "feature/client/circpathbias.h"
57#include "core/or/circuitlist.h"
58#include "core/or/circuituse.h"
60#include "core/or/extendinfo.h"
62#include "app/config/config.h"
70#include "feature/relay/dns.h"
73#include "feature/hs/hs_cache.h"
77#include "core/or/onion.h"
78#include "core/or/policies.h"
79#include "core/or/reasons.h"
80#include "core/or/relay.h"
85#include "core/or/scheduler.h"
88#include "core/or/relay_msg.h"
89
90#include "core/or/cell_st.h"
97#include "core/or/or_circuit_st.h"
101#include "core/or/sendme.h"
104#include "core/or/conflux.h"
105#include "core/or/conflux_util.h"
106#include "core/or/conflux_pool.h"
107#include "core/or/relay_msg_st.h"
108
110 const relay_msg_t *msg,
111 cell_direction_t cell_direction,
112 crypt_path_t *layer_hint);
113
114static void circuit_resume_edge_reading(circuit_t *circ,
115 crypt_path_t *layer_hint);
117 circuit_t *circ,
118 crypt_path_t *layer_hint);
120 crypt_path_t *layer_hint);
123 entry_connection_t *conn,
124 node_t *node,
125 const tor_addr_t *addr);
127 circuit_t *circ,
128 edge_connection_t *conn,
129 crypt_path_t *layer_hint);
130static void set_block_state_for_streams(circuit_t *circ,
131 edge_connection_t *stream_list,
132 int block, streamid_t stream_id);
133
134/** Stats: how many relay cells have originated at this hop, or have
135 * been relayed onward (not recognized at this hop)?
136 */
138/** Stats: how many relay cells have been delivered to streams at this
139 * hop?
140 */
142/** Stats: how many circuits have we closed due to the cell queue limit being
143 * reached (see append_cell_to_circuit_queue()) */
145uint64_t stats_n_circ_max_cell_outq_reached = 0;
146
147/**
148 * Update channel usage state based on the type of relay cell and
149 * circuit properties.
150 *
151 * This is needed to determine if a client channel is being
152 * used for application traffic, and if a relay channel is being
153 * used for multihop circuits and application traffic. The decision
154 * to pad in channelpadding.c depends upon this info (as well as
155 * consensus parameters) to decide what channels to pad.
156 */
157static void
159{
160 if (CIRCUIT_IS_ORIGIN(circ)) {
161 /*
162 * The client state was first set much earlier in
163 * circuit_send_next_onion_skin(), so we can start padding as early as
164 * possible.
165 *
166 * However, if padding turns out to be expensive, we may want to not do
167 * it until actual application traffic starts flowing (which is controlled
168 * via consensus param nf_pad_before_usage).
169 *
170 * So: If we're an origin circuit and we've created a full length circuit,
171 * then any CELL_RELAY cell means application data. Increase the usage
172 * state of the channel to indicate this.
173 *
174 * We want to wait for CELL_RELAY specifically here, so we know that
175 * the channel was definitely being used for data and not for extends.
176 * By default, we pad as soon as a channel has been used for *any*
177 * circuits, so this state is irrelevant to the padding decision in
178 * the default case. However, if padding turns out to be expensive,
179 * we would like the ability to avoid padding until we're absolutely
180 * sure that a channel is used for enough application data to be worth
181 * padding.
182 *
183 * (So it does not matter that CELL_RELAY_EARLY can actually contain
184 * application data. This is only a load reducing option and that edge
185 * case does not matter if we're desperately trying to reduce overhead
186 * anyway. See also consensus parameter nf_pad_before_usage).
187 */
188 if (BUG(!circ->n_chan))
189 return;
190
191 if (circ->n_chan->channel_usage == CHANNEL_USED_FOR_FULL_CIRCS &&
192 cell->command == CELL_RELAY) {
193 circ->n_chan->channel_usage = CHANNEL_USED_FOR_USER_TRAFFIC;
194 }
195 } else {
196 /* If we're a relay circuit, the question is more complicated. Basically:
197 * we only want to pad connections that carry multihop (anonymous)
198 * circuits.
199 *
200 * We assume we're more than one hop if either the previous hop
201 * is not a client, or if the previous hop is a client and there's
202 * a next hop. Then, circuit traffic starts at RELAY_EARLY, and
203 * user application traffic starts when we see RELAY cells.
204 */
205 or_circuit_t *or_circ = TO_OR_CIRCUIT(circ);
206
207 if (BUG(!or_circ->p_chan))
208 return;
209
210 if (!channel_is_client(or_circ->p_chan) ||
211 (channel_is_client(or_circ->p_chan) && circ->n_chan)) {
212 if (cell->command == CELL_RELAY_EARLY) {
213 if (or_circ->p_chan->channel_usage < CHANNEL_USED_FOR_FULL_CIRCS) {
214 or_circ->p_chan->channel_usage = CHANNEL_USED_FOR_FULL_CIRCS;
215 }
216 } else if (cell->command == CELL_RELAY) {
217 or_circ->p_chan->channel_usage = CHANNEL_USED_FOR_USER_TRAFFIC;
218 }
219 }
220 }
221}
222
223/** Receive a relay cell:
224 * - Crypt it (encrypt if headed toward the origin or if we <b>are</b> the
225 * origin; decrypt if we're headed toward the exit).
226 * - Check if recognized (if exitward).
227 * - If recognized and the digest checks out, then find if there's a stream
228 * that the cell is intended for, and deliver it to the right
229 * connection_edge.
230 * - If not recognized, then we need to relay it: append it to the appropriate
231 * cell_queue on <b>circ</b>.
232 *
233 * Return -<b>reason</b> on failure.
234 */
235int
237 cell_direction_t cell_direction)
238{
239 channel_t *chan = NULL;
240 crypt_path_t *layer_hint=NULL;
241 char recognized=0;
242 int reason;
243
244 tor_assert(cell);
245 tor_assert(circ);
246 tor_assert(cell_direction == CELL_DIRECTION_OUT ||
247 cell_direction == CELL_DIRECTION_IN);
248 if (circ->marked_for_close)
249 return 0;
250
251 if (relay_decrypt_cell(circ, cell, cell_direction, &layer_hint, &recognized)
252 < 0) {
253 log_fn(LOG_PROTOCOL_WARN, LD_PROTOCOL,
254 "relay crypt failed. Dropping connection.");
255 return -END_CIRC_REASON_INTERNAL;
256 }
257
259
260 if (recognized) {
261 edge_connection_t *conn = NULL;
262 relay_cell_fmt_t format = circuit_get_relay_format(circ, layer_hint);
263
264 /* Recognized cell, the cell digest has been updated, we'll record it for
265 * the SENDME if need be. */
266 sendme_record_received_cell_digest(circ, layer_hint);
267
268 relay_msg_t msg_buf;
269 if (relay_msg_decode_cell_in_place(format, cell, &msg_buf) < 0) {
270 log_fn(LOG_PROTOCOL_WARN, LD_PROTOCOL,
271 "Received undecodable relay cell");
272 return -END_CIRC_REASON_TORPROTOCOL;
273 }
274 const relay_msg_t *msg = &msg_buf;
275
277 if (pathbias_check_probe_response(circ, msg) == -1) {
279 }
280
281 /* We need to drop this cell no matter what to avoid code that expects
282 * a certain purpose (such as the hidserv code). */
283 return 0;
284 }
285
286 conn = relay_lookup_conn(circ, msg, cell_direction, layer_hint);
287 if (cell_direction == CELL_DIRECTION_OUT) {
289 log_debug(LD_OR,"Sending away from origin.");
290 reason = connection_edge_process_relay_cell(msg, circ, conn, NULL);
291 if (reason < 0) {
292 log_fn(LOG_PROTOCOL_WARN, LD_PROTOCOL,
293 "connection_edge_process_relay_cell (away from origin) "
294 "failed.");
295 return reason;
296 }
297 }
298 if (cell_direction == CELL_DIRECTION_IN) {
300 log_debug(LD_OR,"Sending to origin.");
301 reason = connection_edge_process_relay_cell(msg, circ, conn,
302 layer_hint);
303 if (reason < 0) {
304 /* If a client is trying to connect to unknown hidden service port,
305 * END_CIRC_AT_ORIGIN is sent back so we can then close the circuit.
306 * Do not log warn as this is an expected behavior for a service. */
307 if (reason != END_CIRC_AT_ORIGIN) {
308 log_warn(LD_OR,
309 "connection_edge_process_relay_cell (at origin) failed.");
310 }
311 return reason;
312 }
313 }
314 return 0;
315 }
316
317 /* not recognized. inform circpad and pass it on. */
318 circpad_deliver_unrecognized_cell_events(circ, cell_direction);
319
320 if (cell_direction == CELL_DIRECTION_OUT) {
321 cell->circ_id = circ->n_circ_id; /* switch it */
322 chan = circ->n_chan;
323 } else if (! CIRCUIT_IS_ORIGIN(circ)) {
324 cell->circ_id = TO_OR_CIRCUIT(circ)->p_circ_id; /* switch it */
325 chan = TO_OR_CIRCUIT(circ)->p_chan;
326 } else {
327 log_fn(LOG_PROTOCOL_WARN, LD_OR,
328 "Dropping unrecognized inbound cell on origin circuit.");
329 /* If we see unrecognized cells on path bias testing circs,
330 * it's bad mojo. Those circuits need to die.
331 * XXX: Shouldn't they always die? */
334 return -END_CIRC_REASON_TORPROTOCOL;
335 } else {
336 return 0;
337 }
338 }
339
340 if (!chan) {
341 // XXXX Can this splice stuff be done more cleanly?
342 if (! CIRCUIT_IS_ORIGIN(circ) &&
343 TO_OR_CIRCUIT(circ)->rend_splice &&
344 cell_direction == CELL_DIRECTION_OUT) {
345 or_circuit_t *splice_ = TO_OR_CIRCUIT(circ)->rend_splice;
348 cell->circ_id = splice_->p_circ_id;
349 cell->command = CELL_RELAY; /* can't be relay_early anyway */
350 if ((reason = circuit_receive_relay_cell(cell, TO_CIRCUIT(splice_),
351 CELL_DIRECTION_IN)) < 0) {
352 log_warn(LD_REND, "Error relaying cell across rendezvous; closing "
353 "circuits");
354 /* XXXX Do this here, or just return -1? */
355 circuit_mark_for_close(circ, -reason);
356 return reason;
357 }
358 return 0;
359 }
360 if (BUG(CIRCUIT_IS_ORIGIN(circ))) {
361 /* Should be impossible at this point. */
362 return -END_CIRC_REASON_TORPROTOCOL;
363 }
364 or_circuit_t *or_circ = TO_OR_CIRCUIT(circ);
365 if (++or_circ->n_cells_discarded_at_end == 1) {
366 time_t seconds_open = approx_time() - circ->timestamp_created.tv_sec;
367 log_fn(LOG_PROTOCOL_WARN, LD_PROTOCOL,
368 "Didn't recognize a cell, but circ stops here! Closing circuit. "
369 "It was created %ld seconds ago.", (long)seconds_open);
370 }
371 return -END_CIRC_REASON_TORPROTOCOL;
372 }
373
374 log_debug(LD_OR,"Passing on unrecognized cell.");
375
376 ++stats_n_relay_cells_relayed; /* XXXX no longer quite accurate {cells}
377 * we might kill the circ before we relay
378 * the cells. */
379
380 if (append_cell_to_circuit_queue(circ, chan, cell, cell_direction, 0) < 0) {
381 return -END_CIRC_REASON_RESOURCELIMIT;
382 }
383 return 0;
384}
385
386/** Package a relay cell from an edge:
387 * - Encrypt it to the right layer
388 * - Append it to the appropriate cell_queue on <b>circ</b>.
389 *
390 * Return 1 if the cell was successfully sent as in queued on the circuit.
391 * Return 0 if the cell needs to be dropped as in ignored.
392 * Return -1 on error for which the circuit should be marked for close. */
393MOCK_IMPL(int,
395 cell_direction_t cell_direction,
396 crypt_path_t *layer_hint, streamid_t on_stream,
397 const char *filename, int lineno))
398{
399 channel_t *chan; /* where to send the cell */
400
401 if (circ->marked_for_close) {
402 /* Circuit is marked; send nothing. */
403 return 0;
404 }
405
406 if (cell_direction == CELL_DIRECTION_OUT) {
407 chan = circ->n_chan;
408 if (!chan) {
409 log_warn(LD_BUG,"outgoing relay cell sent from %s:%d has n_chan==NULL."
410 " Dropping. Circuit is in state %s (%d), and is "
411 "%smarked for close. (%s:%d, %d)", filename, lineno,
412 circuit_state_to_string(circ->state), circ->state,
413 circ->marked_for_close ? "" : "not ",
416 if (CIRCUIT_IS_ORIGIN(circ)) {
418 }
419 log_backtrace(LOG_WARN,LD_BUG,"");
420 return 0; /* just drop it */
421 }
422 if (!CIRCUIT_IS_ORIGIN(circ)) {
423 log_warn(LD_BUG,"outgoing relay cell sent from %s:%d on non-origin "
424 "circ. Dropping.", filename, lineno);
425 log_backtrace(LOG_WARN,LD_BUG,"");
426 return 0; /* just drop it */
427 }
428
429 relay_encrypt_cell_outbound(cell, TO_ORIGIN_CIRCUIT(circ), layer_hint);
430
431 /* Update circ written totals for control port */
432 origin_circuit_t *ocirc = TO_ORIGIN_CIRCUIT(circ);
433 ocirc->n_written_circ_bw = tor_add_u32_nowrap(ocirc->n_written_circ_bw,
435
436 } else { /* incoming cell */
437 if (CIRCUIT_IS_ORIGIN(circ)) {
438 /* We should never package an _incoming_ cell from the circuit
439 * origin; that means we messed up somewhere. */
440 log_warn(LD_BUG,"incoming relay cell at origin circuit. Dropping.");
441 assert_circuit_ok(circ);
442 return 0; /* just drop it */
443 }
444 or_circuit_t *or_circ = TO_OR_CIRCUIT(circ);
445 relay_encrypt_cell_inbound(cell, or_circ);
446 chan = or_circ->p_chan;
447 }
449
450 return append_cell_to_circuit_queue(circ, chan, cell,
451 cell_direction, on_stream);
452}
453
454/** If cell's stream_id matches the stream_id of any conn that's
455 * attached to circ, return that conn, else return NULL.
456 */
457static edge_connection_t *
459 cell_direction_t cell_direction, crypt_path_t *layer_hint)
460{
461 edge_connection_t *tmpconn;
462
463 if (!msg->stream_id)
464 return NULL;
465
466 /* IN or OUT cells could have come from either direction, now
467 * that we allow rendezvous *to* an OP.
468 */
469 if (CIRCUIT_IS_ORIGIN(circ)) {
470 for (tmpconn = TO_ORIGIN_CIRCUIT(circ)->p_streams; tmpconn;
471 tmpconn=tmpconn->next_stream) {
472 if (msg->stream_id == tmpconn->stream_id &&
473 !tmpconn->base_.marked_for_close &&
474 edge_uses_cpath(tmpconn, layer_hint)) {
475 log_debug(LD_APP,"found conn for stream %d.", msg->stream_id);
476 return tmpconn;
477 }
478 }
479 } else {
480 for (tmpconn = TO_OR_CIRCUIT(circ)->n_streams; tmpconn;
481 tmpconn=tmpconn->next_stream) {
482 if (msg->stream_id == tmpconn->stream_id &&
483 !tmpconn->base_.marked_for_close) {
484 log_debug(LD_EXIT,"found conn for stream %d.", msg->stream_id);
485 if (cell_direction == CELL_DIRECTION_OUT ||
487 return tmpconn;
488 }
489 }
490 for (tmpconn = TO_OR_CIRCUIT(circ)->resolving_streams; tmpconn;
491 tmpconn=tmpconn->next_stream) {
492 if (msg->stream_id == tmpconn->stream_id &&
493 !tmpconn->base_.marked_for_close) {
494 log_debug(LD_EXIT,"found conn for stream %d.", msg->stream_id);
495 return tmpconn;
496 }
497 }
498 }
499 return NULL; /* probably a begin relay cell */
500}
501
502#ifdef TOR_UNIT_TESTS
503/** Pack the relay_header_t host-order structure <b>src</b> into
504 * network-order in the buffer <b>dest</b>. See tor-spec.txt for details
505 * about the wire format.
506 */
507void
508relay_header_pack(uint8_t *dest, const relay_header_t *src)
509{
510 set_uint8(dest, src->command);
511 set_uint16(dest+1, htons(src->recognized));
512 set_uint16(dest+3, htons(src->stream_id));
513 memcpy(dest+5, src->integrity, 4);
514 set_uint16(dest+9, htons(src->length));
515}
516
517/** Unpack the network-order buffer <b>src</b> into a host-order
518 * relay_header_t structure <b>dest</b>.
519 */
520void
521relay_header_unpack(relay_header_t *dest, const uint8_t *src)
522{
523 dest->command = get_uint8(src);
524 dest->recognized = ntohs(get_uint16(src+1));
525 dest->stream_id = ntohs(get_uint16(src+3));
526 memcpy(dest->integrity, src+5, 4);
527 dest->length = ntohs(get_uint16(src+9));
528}
529#endif
530
531/** Convert the relay <b>command</b> into a human-readable string. */
532const char *
534{
535 static char buf[64];
536 switch (command) {
537 case RELAY_COMMAND_BEGIN: return "BEGIN";
538 case RELAY_COMMAND_DATA: return "DATA";
539 case RELAY_COMMAND_END: return "END";
540 case RELAY_COMMAND_CONNECTED: return "CONNECTED";
541 case RELAY_COMMAND_SENDME: return "SENDME";
542 case RELAY_COMMAND_EXTEND: return "EXTEND";
543 case RELAY_COMMAND_EXTENDED: return "EXTENDED";
544 case RELAY_COMMAND_TRUNCATE: return "TRUNCATE";
545 case RELAY_COMMAND_TRUNCATED: return "TRUNCATED";
546 case RELAY_COMMAND_DROP: return "DROP";
547 case RELAY_COMMAND_RESOLVE: return "RESOLVE";
548 case RELAY_COMMAND_RESOLVED: return "RESOLVED";
549 case RELAY_COMMAND_BEGIN_DIR: return "BEGIN_DIR";
550 case RELAY_COMMAND_ESTABLISH_INTRO: return "ESTABLISH_INTRO";
551 case RELAY_COMMAND_ESTABLISH_RENDEZVOUS: return "ESTABLISH_RENDEZVOUS";
552 case RELAY_COMMAND_INTRODUCE1: return "INTRODUCE1";
553 case RELAY_COMMAND_INTRODUCE2: return "INTRODUCE2";
554 case RELAY_COMMAND_RENDEZVOUS1: return "RENDEZVOUS1";
555 case RELAY_COMMAND_RENDEZVOUS2: return "RENDEZVOUS2";
556 case RELAY_COMMAND_INTRO_ESTABLISHED: return "INTRO_ESTABLISHED";
557 case RELAY_COMMAND_RENDEZVOUS_ESTABLISHED:
558 return "RENDEZVOUS_ESTABLISHED";
559 case RELAY_COMMAND_INTRODUCE_ACK: return "INTRODUCE_ACK";
560 case RELAY_COMMAND_EXTEND2: return "EXTEND2";
561 case RELAY_COMMAND_EXTENDED2: return "EXTENDED2";
562 case RELAY_COMMAND_PADDING_NEGOTIATE: return "PADDING_NEGOTIATE";
563 case RELAY_COMMAND_PADDING_NEGOTIATED: return "PADDING_NEGOTIATED";
564 case RELAY_COMMAND_CONFLUX_LINK: return "CONFLUX_LINK";
565 case RELAY_COMMAND_CONFLUX_LINKED: return "CONFLUX_LINKED";
566 case RELAY_COMMAND_CONFLUX_LINKED_ACK: return "CONFLUX_LINKED_ACK";
567 case RELAY_COMMAND_CONFLUX_SWITCH: return "CONFLUX_SWITCH";
568 default:
569 tor_snprintf(buf, sizeof(buf), "Unrecognized relay command %u",
570 (unsigned)command);
571 return buf;
572 }
573}
574
575/** Make a relay cell out of <b>relay_command</b> and <b>payload</b>, and send
576 * it onto the open circuit <b>circ</b>. <b>stream_id</b> is the ID on
577 * <b>circ</b> for the stream that's sending the relay cell, or 0 if it's a
578 * control cell. <b>cpath_layer</b> is NULL for OR->OP cells, or the
579 * destination hop for OP->OR cells.
580 *
581 * If you can't send the cell, mark the circuit for close and return -1. Else
582 * return 0.
583 */
584MOCK_IMPL(int,
586 uint8_t relay_command, const char *payload,
587 size_t payload_len, crypt_path_t *cpath_layer,
588 const char *filename, int lineno))
589{
590 cell_t cell;
591 cell_direction_t cell_direction;
592 circuit_t *circ = orig_circ;
593
594 /* If conflux is enabled, decide which leg to send on, and use that */
595 if (orig_circ->conflux && conflux_should_multiplex(relay_command)) {
596 circ = conflux_decide_circ_for_send(orig_circ->conflux, orig_circ,
597 relay_command);
598 if (BUG(!circ)) {
599 log_warn(LD_BUG, "No circuit to send for conflux for relay command %d, "
600 "called from %s:%d", relay_command, filename, lineno);
601 conflux_log_set(LOG_WARN, orig_circ->conflux,
602 CIRCUIT_IS_ORIGIN(orig_circ));
603 circ = orig_circ;
604 } else {
605 /* Conflux circuits always send multiplexed relay commands to
606 * to the last hop. (Non-multiplexed commands go on their
607 * original circuit and hop). */
608 cpath_layer = conflux_get_destination_hop(circ);
609 }
610 }
611
612 /* XXXX NM Split this function into a separate versions per circuit type? */
613
614 tor_assert(circ);
615
616 size_t msg_body_len;
617 {
618 relay_cell_fmt_t cell_format = circuit_get_relay_format(circ, cpath_layer);
619 relay_msg_t msg;
620 if (payload_len >
621 relay_cell_max_payload_size(cell_format, relay_command)) {
622 // TODO CGO: Rate-limit this?
623 log_warn(LD_BUG, "Tried to send a command %d of length %d in "
624 "a v%d cell, from %s:%d",
625 (int)relay_command, (int)payload_len, (int)cell_format,
626 filename, lineno);
627 circuit_mark_for_close(circ, END_CIRC_REASON_INTERNAL);
628 return -1;
629 }
630
631 msg.command = relay_command;
632 msg.stream_id = stream_id;
633 msg.length = payload_len;
634 msg.body = (const uint8_t *) payload;
635 msg_body_len = msg.length;
636
637 if (relay_msg_encode_cell(cell_format, &msg, &cell) < 0) {
638 // We already called IF_BUG_ONCE in relay_msg_encode_cell.
639 circuit_mark_for_close(circ, END_CIRC_REASON_INTERNAL);
640 return -1;
641 }
642 }
643
644 cell.command = CELL_RELAY;
645 if (CIRCUIT_IS_ORIGIN(circ)) {
646 tor_assert(cpath_layer);
647 cell.circ_id = circ->n_circ_id;
648 cell_direction = CELL_DIRECTION_OUT;
649 } else {
650 tor_assert(! cpath_layer);
651 cell.circ_id = TO_OR_CIRCUIT(circ)->p_circ_id;
652 cell_direction = CELL_DIRECTION_IN;
653 }
654
655 log_debug(LD_OR,"delivering %d cell %s.", relay_command,
656 cell_direction == CELL_DIRECTION_OUT ? "forward" : "backward");
657
658 /* Tell circpad we're sending a relay cell */
659 circpad_deliver_sent_relay_cell_events(circ, relay_command);
660
661 /* If we are sending an END cell and this circuit is used for a tunneled
662 * directory request, advance its state. */
663 if (relay_command == RELAY_COMMAND_END && circ->dirreq_id)
664 geoip_change_dirreq_state(circ->dirreq_id, DIRREQ_TUNNELED,
666
667 if (cell_direction == CELL_DIRECTION_OUT && circ->n_chan) {
668 /* if we're using relaybandwidthrate, this conn wants priority */
670 }
671
672 if (cell_direction == CELL_DIRECTION_OUT) {
673 origin_circuit_t *origin_circ = TO_ORIGIN_CIRCUIT(circ);
674 if (origin_circ->remaining_relay_early_cells > 0 &&
675 (relay_command == RELAY_COMMAND_EXTEND ||
676 relay_command == RELAY_COMMAND_EXTEND2 ||
677 cpath_layer != origin_circ->cpath)) {
678 /* If we've got any relay_early cells left and (we're sending
679 * an extend cell or we're not talking to the first hop), use
680 * one of them. Don't worry about the conn protocol version:
681 * append_cell_to_circuit_queue will fix it up. */
682 cell.command = CELL_RELAY_EARLY;
683 /* If we're out of relay early cells, tell circpad */
684 if (--origin_circ->remaining_relay_early_cells == 0)
686 log_debug(LD_OR, "Sending a RELAY_EARLY cell; %d remaining.",
687 (int)origin_circ->remaining_relay_early_cells);
688 /* Memorize the command that is sent as RELAY_EARLY cell; helps debug
689 * task 878. */
690 origin_circ->relay_early_commands[
691 origin_circ->relay_early_cells_sent++] = relay_command;
692 } else if (relay_command == RELAY_COMMAND_EXTEND ||
693 relay_command == RELAY_COMMAND_EXTEND2) {
694 /* If no RELAY_EARLY cells can be sent over this circuit, log which
695 * commands have been sent as RELAY_EARLY cells before; helps debug
696 * task 878. */
697 smartlist_t *commands_list = smartlist_new();
698 int i = 0;
699 char *commands = NULL;
700 for (; i < origin_circ->relay_early_cells_sent; i++)
701 smartlist_add(commands_list, (char *)
703 commands = smartlist_join_strings(commands_list, ",", 0, NULL);
704 log_warn(LD_BUG, "Uh-oh. We're sending a RELAY_COMMAND_EXTEND cell, "
705 "but we have run out of RELAY_EARLY cells on that circuit. "
706 "Commands sent before: %s", commands);
707 tor_free(commands);
708 smartlist_free(commands_list);
709 }
710
711 /* Let's assume we're well-behaved: Anything that we decide to send is
712 * valid, delivered data. */
713 circuit_sent_valid_data(origin_circ, msg_body_len);
714 }
715
716 int ret = circuit_package_relay_cell(&cell, circ, cell_direction,
717 cpath_layer, stream_id, filename,
718 lineno);
719 if (ret < 0) {
720 circuit_mark_for_close(circ, END_CIRC_REASON_INTERNAL);
721 return -1;
722 } else if (ret == 0) {
723 /* This means we should drop the cell or that the circuit was already
724 * marked for close. At this point in time, we do NOT close the circuit if
725 * the cell is dropped. It is not the case with arti where each circuit
726 * protocol violation will lead to closing the circuit. */
727 return 0;
728 }
729
730 /* At this point, we are certain that the cell was queued on the circuit and
731 * thus will be sent on the wire. */
732
733 if (circ->conflux) {
734 conflux_note_cell_sent(circ->conflux, circ, relay_command);
735 }
736
737 /* If applicable, note the cell digest for the SENDME version 1 purpose if
738 * we need to. This call needs to be after the circuit_package_relay_cell()
739 * because the cell digest is set within that function. */
740 if (relay_command == RELAY_COMMAND_DATA) {
741 sendme_record_cell_digest_on_circ(circ, cpath_layer);
742
743 /* Handle the circuit-level SENDME package window. */
744 if (sendme_note_circuit_data_packaged(circ, cpath_layer) < 0) {
745 /* Package window has gone under 0. Protocol issue. */
746 log_fn(LOG_PROTOCOL_WARN, LD_PROTOCOL,
747 "Circuit package window is below 0. Closing circuit.");
748 circuit_mark_for_close(circ, END_CIRC_REASON_TORPROTOCOL);
749 return -1;
750 }
751 }
752
753 return 0;
754}
755
756/** Make a relay cell out of <b>relay_command</b> and <b>payload</b>, and
757 * send it onto the open circuit <b>circ</b>. <b>fromconn</b> is the stream
758 * that's sending the relay cell, or NULL if it's a control cell.
759 * <b>cpath_layer</b> is NULL for OR->OP cells, or the destination hop
760 * for OP->OR cells.
761 *
762 * If you can't send the cell, mark the circuit for close and
763 * return -1. Else return 0.
764 */
765int
767 uint8_t relay_command, const char *payload,
768 size_t payload_len)
769{
770 /* XXXX NM Split this function into a separate versions per circuit type? */
771 circuit_t *circ;
772 crypt_path_t *cpath_layer = fromconn->cpath_layer;
773 tor_assert(fromconn);
774
775 circ = fromconn->on_circuit;
776
777 if (fromconn->base_.marked_for_close) {
778 log_warn(LD_BUG,
779 "called on conn that's already marked for close at %s:%d.",
780 fromconn->base_.marked_for_close_file,
781 fromconn->base_.marked_for_close);
782 return 0;
783 }
784
785 if (!circ) {
786 if (fromconn->base_.type == CONN_TYPE_AP) {
787 log_info(LD_APP,"no circ. Closing conn.");
788 connection_mark_unattached_ap(EDGE_TO_ENTRY_CONN(fromconn),
789 END_STREAM_REASON_INTERNAL);
790 } else {
791 log_info(LD_EXIT,"no circ. Closing conn.");
792 fromconn->edge_has_sent_end = 1; /* no circ to send to */
793 fromconn->end_reason = END_STREAM_REASON_INTERNAL;
794 connection_mark_for_close(TO_CONN(fromconn));
795 }
796 return -1;
797 }
798
799 if (circ->marked_for_close) {
800 /* The circuit has been marked, but not freed yet. When it's freed, it
801 * will mark this connection for close. */
802 return -1;
803 }
804
805#ifdef MEASUREMENTS_21206
806 /* Keep track of the number of RELAY_DATA cells sent for directory
807 * connections. */
808 connection_t *linked_conn = TO_CONN(fromconn)->linked_conn;
809
810 if (linked_conn && linked_conn->type == CONN_TYPE_DIR) {
811 ++(TO_DIR_CONN(linked_conn)->data_cells_sent);
812 }
813#endif /* defined(MEASUREMENTS_21206) */
814
815 return relay_send_command_from_edge(fromconn->stream_id, circ,
816 relay_command, payload,
817 payload_len, cpath_layer);
818}
819
820/** How many times will I retry a stream that fails due to DNS
821 * resolve failure or misc error?
822 */
823#define MAX_RESOLVE_FAILURES 3
824
825/** Return 1 if reason is something that you should retry if you
826 * get the end cell before you've connected; else return 0. */
827static int
829{
830 return reason == END_STREAM_REASON_HIBERNATING ||
831 reason == END_STREAM_REASON_RESOURCELIMIT ||
832 reason == END_STREAM_REASON_EXITPOLICY ||
833 reason == END_STREAM_REASON_RESOLVEFAILED ||
834 reason == END_STREAM_REASON_MISC ||
835 reason == END_STREAM_REASON_NOROUTE;
836}
837
838/** Called when we receive an END cell on a stream that isn't open yet,
839 * from the client side.
840 * Arguments are as for connection_edge_process_relay_cell().
841 */
842static int
844 const relay_msg_t *msg, origin_circuit_t *circ,
845 entry_connection_t *conn, crypt_path_t *layer_hint)
846{
847 node_t *exitrouter;
848 int reason = get_uint8(msg->body);
849 int control_reason;
850 edge_connection_t *edge_conn = ENTRY_TO_EDGE_CONN(conn);
851 (void) layer_hint; /* unused */
852
853 if (msg->length > 0) {
854 if (reason == END_STREAM_REASON_TORPROTOCOL ||
855 reason == END_STREAM_REASON_DESTROY) {
856 /* Both of these reasons could mean a failed tag
857 * hit the exit and it complained. Do not probe.
858 * Fail the circuit. */
860 return -END_CIRC_REASON_TORPROTOCOL;
861 } else if (reason == END_STREAM_REASON_INTERNAL) {
862 /* We can't infer success or failure, since older Tors report
863 * ENETUNREACH as END_STREAM_REASON_INTERNAL. */
864 } else {
865 /* Path bias: If we get a valid reason code from the exit,
866 * it wasn't due to tagging.
867 *
868 * We rely on recognized+digest being strong enough to make
869 * tags unlikely to allow us to get tagged, yet 'recognized'
870 * reason codes here. */
872 }
873 }
874
875 /* This end cell is now valid. */
876 circuit_read_valid_data(circ, msg->length);
877
878 if (msg->length == 0) {
879 reason = END_STREAM_REASON_MISC;
880 }
881
882 control_reason = reason | END_STREAM_REASON_FLAG_REMOTE;
883
884 if (edge_reason_is_retriable(reason) &&
885 /* avoid retry if rend */
887 const char *chosen_exit_digest =
889 log_info(LD_APP,"Address '%s' refused due to '%s'. Considering retrying.",
890 safe_str(conn->socks_request->address),
892 exitrouter = node_get_mutable_by_id(chosen_exit_digest);
893 switch (reason) {
894 case END_STREAM_REASON_EXITPOLICY: {
895 tor_addr_t addr;
897 if (msg->length >= 5) {
898 int ttl = -1;
900 if (msg->length == 5 || msg->length == 9) {
901 tor_addr_from_ipv4n(&addr, get_uint32(msg->body + 1));
902 if (msg->length == 9)
903 ttl = (int)ntohl(get_uint32(msg->body + 5));
904 } else if (msg->length == 17 || msg->length == 21) {
905 tor_addr_from_ipv6_bytes(&addr, msg->body + 1);
906 if (msg->length == 21)
907 ttl = (int)ntohl(get_uint32(msg->body + 17));
908 }
909 if (tor_addr_is_null(&addr)) {
910 log_info(LD_APP,"Address '%s' resolved to 0.0.0.0. Closing,",
911 safe_str(conn->socks_request->address));
912 connection_mark_unattached_ap(conn, END_STREAM_REASON_TORPROTOCOL);
913 return 0;
914 }
915
916 if ((tor_addr_family(&addr) == AF_INET &&
917 !conn->entry_cfg.ipv4_traffic) ||
918 (tor_addr_family(&addr) == AF_INET6 &&
919 !conn->entry_cfg.ipv6_traffic)) {
920 log_fn(LOG_PROTOCOL_WARN, LD_APP,
921 "Got an EXITPOLICY failure on a connection with a "
922 "mismatched family. Closing.");
923 connection_mark_unattached_ap(conn, END_STREAM_REASON_TORPROTOCOL);
924 return 0;
925 }
926 if (get_options()->ClientDNSRejectInternalAddresses &&
927 tor_addr_is_internal(&addr, 0)) {
928 log_info(LD_APP,"Address '%s' resolved to internal. Closing,",
929 safe_str(conn->socks_request->address));
930 connection_mark_unattached_ap(conn, END_STREAM_REASON_TORPROTOCOL);
931 return 0;
932 }
933
935 conn->socks_request->address, &addr,
936 conn->chosen_exit_name, ttl);
937
938 {
939 char new_addr[TOR_ADDR_BUF_LEN];
940 tor_addr_to_str(new_addr, &addr, sizeof(new_addr), 1);
941 if (strcmp(conn->socks_request->address, new_addr)) {
942 strlcpy(conn->socks_request->address, new_addr,
943 sizeof(conn->socks_request->address));
944 control_event_stream_status(conn, STREAM_EVENT_REMAP, 0);
945 }
946 }
947 }
948 /* check if the exit *ought* to have allowed it */
949
951 conn,
952 exitrouter,
953 &addr);
954
955 if (conn->chosen_exit_optional ||
956 conn->chosen_exit_retries) {
957 /* stop wanting a specific exit */
958 conn->chosen_exit_optional = 0;
959 /* A non-zero chosen_exit_retries can happen if we set a
960 * TrackHostExits for this address under a port that the exit
961 * relay allows, but then try the same address with a different
962 * port that it doesn't allow to exit. We shouldn't unregister
963 * the mapping, since it is probably still wanted on the
964 * original port. But now we give away to the exit relay that
965 * we probably have a TrackHostExits on it. So be it. */
966 conn->chosen_exit_retries = 0;
967 tor_free(conn->chosen_exit_name); /* clears it */
968 }
969 if (connection_ap_detach_retriable(conn, circ, control_reason) >= 0)
970 return 0;
971 /* else, conn will get closed below */
972 break;
973 }
974 case END_STREAM_REASON_CONNECTREFUSED:
975 if (!conn->chosen_exit_optional)
976 break; /* break means it'll close, below */
977 /* Else fall through: expire this circuit, clear the
978 * chosen_exit_name field, and try again. */
979 FALLTHROUGH;
980 case END_STREAM_REASON_RESOLVEFAILED:
981 case END_STREAM_REASON_TIMEOUT:
982 case END_STREAM_REASON_MISC:
983 case END_STREAM_REASON_NOROUTE:
986 /* We haven't retried too many times; reattach the connection. */
988 /* Mark this circuit "unusable for new streams". */
990
991 if (conn->chosen_exit_optional) {
992 /* stop wanting a specific exit */
993 conn->chosen_exit_optional = 0;
994 tor_free(conn->chosen_exit_name); /* clears it */
995 }
996 if (connection_ap_detach_retriable(conn, circ, control_reason) >= 0)
997 return 0;
998 /* else, conn will get closed below */
999 } else {
1000 log_notice(LD_APP,
1001 "Have tried resolving or connecting to address '%s' "
1002 "at %d different places. Giving up.",
1003 safe_str(conn->socks_request->address),
1005 /* clear the failures, so it will have a full try next time */
1007 }
1008 break;
1009 case END_STREAM_REASON_HIBERNATING:
1010 case END_STREAM_REASON_RESOURCELIMIT:
1011 if (exitrouter) {
1013 }
1014 if (conn->chosen_exit_optional) {
1015 /* stop wanting a specific exit */
1016 conn->chosen_exit_optional = 0;
1017 tor_free(conn->chosen_exit_name); /* clears it */
1018 }
1019 if (connection_ap_detach_retriable(conn, circ, control_reason) >= 0)
1020 return 0;
1021 /* else, will close below */
1022 break;
1023 } /* end switch */
1024 log_info(LD_APP,"Giving up on retrying; conn can't be handled.");
1025 }
1026
1027 log_info(LD_APP,
1028 "Edge got end (%s) before we're connected. Marking for close.",
1029 stream_end_reason_to_string(msg->length > 0 ? reason : -1));
1031 /* need to test because of detach_retriable */
1032 if (!ENTRY_TO_CONN(conn)->marked_for_close)
1033 connection_mark_unattached_ap(conn, control_reason);
1034 return 0;
1035}
1036
1037/** Called when we have gotten an END_REASON_EXITPOLICY failure on <b>circ</b>
1038 * for <b>conn</b>, while attempting to connect via <b>node</b>. If the node
1039 * told us which address it rejected, then <b>addr</b> is that address;
1040 * otherwise it is AF_UNSPEC.
1041 *
1042 * If we are sure the node should have allowed this address, mark the node as
1043 * having a reject *:* exit policy. Otherwise, mark the circuit as unusable
1044 * for this particular address.
1045 **/
1046static void
1048 entry_connection_t *conn,
1049 node_t *node,
1050 const tor_addr_t *addr)
1051{
1052 int make_reject_all = 0;
1053 const sa_family_t family = tor_addr_family(addr);
1054
1055 if (node) {
1056 tor_addr_t tmp;
1057 int asked_for_family = tor_addr_parse(&tmp, conn->socks_request->address);
1058 if (family == AF_UNSPEC) {
1059 make_reject_all = 1;
1060 } else if (node_exit_policy_is_exact(node, family) &&
1061 asked_for_family != -1 && !conn->chosen_exit_name) {
1062 make_reject_all = 1;
1063 }
1064
1065 if (make_reject_all) {
1066 log_info(LD_APP,
1067 "Exitrouter %s seems to be more restrictive than its exit "
1068 "policy. Not using this router as exit for now.",
1069 node_describe(node));
1071 }
1072 }
1073
1074 if (family != AF_UNSPEC)
1076}
1077
1078/** Helper: change the socks_request-&gt;address field on conn to the
1079 * dotted-quad representation of <b>new_addr</b>,
1080 * and send an appropriate REMAP event. */
1081static void
1083{
1084 tor_addr_to_str(conn->socks_request->address, new_addr,
1085 sizeof(conn->socks_request->address),
1086 1);
1087 control_event_stream_status(conn, STREAM_EVENT_REMAP,
1089}
1090
1091/** Extract the contents of a connected cell in <b>cell</b>, whose relay
1092 * header has already been parsed into <b>rh</b>. On success, set
1093 * <b>addr_out</b> to the address we're connected to, and <b>ttl_out</b> to
1094 * the ttl of that address, in seconds, and return 0. On failure, return
1095 * -1.
1096 *
1097 * Note that the resulting address can be UNSPEC if the connected cell had no
1098 * address (as for a stream to an union service or a tunneled directory
1099 * connection), and that the ttl can be absent (in which case <b>ttl_out</b>
1100 * is set to -1). */
1101STATIC int
1103 int *ttl_out)
1104{
1105 uint32_t bytes;
1106 const uint8_t *payload = msg->body;
1107
1108 tor_addr_make_unspec(addr_out);
1109 *ttl_out = -1;
1110 if (msg->length == 0)
1111 return 0;
1112 if (msg->length < 4)
1113 return -1;
1114 bytes = ntohl(get_uint32(payload));
1115
1116 /* If bytes is 0, this is maybe a v6 address. Otherwise it's a v4 address */
1117 if (bytes != 0) {
1118 /* v4 address */
1119 tor_addr_from_ipv4h(addr_out, bytes);
1120 if (msg->length >= 8) {
1121 bytes = ntohl(get_uint32(payload + 4));
1122 if (bytes <= INT32_MAX)
1123 *ttl_out = bytes;
1124 }
1125 } else {
1126 if (msg->length < 25) /* 4 bytes of 0s, 1 addr, 16 ipv4, 4 ttl. */
1127 return -1;
1128 if (get_uint8(payload + 4) != 6)
1129 return -1;
1130 tor_addr_from_ipv6_bytes(addr_out, (payload + 5));
1131 bytes = ntohl(get_uint32(payload + 21));
1132 if (bytes <= INT32_MAX)
1133 *ttl_out = (int) bytes;
1134 }
1135 return 0;
1136}
1137
1138/** Drop all storage held by <b>addr</b>. */
1139STATIC void
1140address_ttl_free_(address_ttl_t *addr)
1141{
1142 if (!addr)
1143 return;
1144 tor_free(addr->hostname);
1145 tor_free(addr);
1146}
1147
1148/** Parse a resolved cell in <b>cell</b>, with parsed header in <b>rh</b>.
1149 * Return -1 on parse error. On success, add one or more newly allocated
1150 * address_ttl_t to <b>addresses_out</b>; set *<b>errcode_out</b> to
1151 * one of 0, RESOLVED_TYPE_ERROR, or RESOLVED_TYPE_ERROR_TRANSIENT, and
1152 * return 0. */
1153STATIC int
1155 int *errcode_out)
1156{
1157 const uint8_t *cp;
1158 uint8_t answer_type;
1159 size_t answer_len;
1160 address_ttl_t *addr;
1161 size_t remaining;
1162 int errcode = 0;
1163 smartlist_t *addrs;
1164
1165 tor_assert(msg);
1166 tor_assert(addresses_out);
1167 tor_assert(errcode_out);
1168
1169 *errcode_out = 0;
1170
1171 if (msg->length > RELAY_PAYLOAD_SIZE_MAX)
1172 return -1;
1173
1174 addrs = smartlist_new();
1175
1176 cp = msg->body;
1177
1178 remaining = msg->length;
1179 while (remaining) {
1180 const uint8_t *cp_orig = cp;
1181 if (remaining < 2)
1182 goto err;
1183 answer_type = *cp++;
1184 answer_len = *cp++;
1185 if (remaining < 2 + answer_len + 4) {
1186 goto err;
1187 }
1188 if (answer_type == RESOLVED_TYPE_IPV4) {
1189 if (answer_len != 4) {
1190 goto err;
1191 }
1192 addr = tor_malloc_zero(sizeof(*addr));
1193 tor_addr_from_ipv4n(&addr->addr, get_uint32(cp));
1194 cp += 4;
1195 addr->ttl = ntohl(get_uint32(cp));
1196 cp += 4;
1197 smartlist_add(addrs, addr);
1198 } else if (answer_type == RESOLVED_TYPE_IPV6) {
1199 if (answer_len != 16)
1200 goto err;
1201 addr = tor_malloc_zero(sizeof(*addr));
1202 tor_addr_from_ipv6_bytes(&addr->addr, cp);
1203 cp += 16;
1204 addr->ttl = ntohl(get_uint32(cp));
1205 cp += 4;
1206 smartlist_add(addrs, addr);
1207 } else if (answer_type == RESOLVED_TYPE_HOSTNAME) {
1208 if (answer_len == 0) {
1209 goto err;
1210 }
1211 addr = tor_malloc_zero(sizeof(*addr));
1212 addr->hostname = tor_memdup_nulterm(cp, answer_len);
1213 cp += answer_len;
1214 addr->ttl = ntohl(get_uint32(cp));
1215 cp += 4;
1216 smartlist_add(addrs, addr);
1217 } else if (answer_type == RESOLVED_TYPE_ERROR_TRANSIENT ||
1218 answer_type == RESOLVED_TYPE_ERROR) {
1219 errcode = answer_type;
1220 /* Ignore the error contents */
1221 cp += answer_len + 4;
1222 } else {
1223 cp += answer_len + 4;
1224 }
1225 tor_assert(((ssize_t)remaining) >= (cp - cp_orig));
1226 remaining -= (cp - cp_orig);
1227 }
1228
1229 if (errcode && smartlist_len(addrs) == 0) {
1230 /* Report an error only if there were no results. */
1231 *errcode_out = errcode;
1232 }
1233
1234 smartlist_add_all(addresses_out, addrs);
1235 smartlist_free(addrs);
1236
1237 return 0;
1238
1239 err:
1240 /* On parse error, don't report any results */
1241 SMARTLIST_FOREACH(addrs, address_ttl_t *, a, address_ttl_free(a));
1242 smartlist_free(addrs);
1243 return -1;
1244}
1245
1246/** Helper for connection_edge_process_resolved_cell: given an error code,
1247 * an entry_connection, and a list of address_ttl_t *, report the best answer
1248 * to the entry_connection. */
1249static void
1251 int error_code,
1252 smartlist_t *results)
1253{
1254 address_ttl_t *addr_ipv4 = NULL;
1255 address_ttl_t *addr_ipv6 = NULL;
1256 address_ttl_t *addr_hostname = NULL;
1257 address_ttl_t *addr_best = NULL;
1258
1259 /* If it's an error code, that's easy. */
1260 if (error_code) {
1261 tor_assert(error_code == RESOLVED_TYPE_ERROR ||
1262 error_code == RESOLVED_TYPE_ERROR_TRANSIENT);
1264 error_code,0,NULL,-1,-1);
1265 return;
1266 }
1267
1268 /* Get the first answer of each type. */
1269 SMARTLIST_FOREACH_BEGIN(results, address_ttl_t *, addr) {
1270 if (addr->hostname) {
1271 if (!addr_hostname) {
1272 addr_hostname = addr;
1273 }
1274 } else if (tor_addr_family(&addr->addr) == AF_INET) {
1275 if (!addr_ipv4 && conn->entry_cfg.ipv4_traffic) {
1276 addr_ipv4 = addr;
1277 }
1278 } else if (tor_addr_family(&addr->addr) == AF_INET6) {
1279 if (!addr_ipv6 && conn->entry_cfg.ipv6_traffic) {
1280 addr_ipv6 = addr;
1281 }
1282 }
1283 } SMARTLIST_FOREACH_END(addr);
1284
1285 /* Now figure out which type we wanted to deliver. */
1287 if (addr_hostname) {
1289 RESOLVED_TYPE_HOSTNAME,
1290 strlen(addr_hostname->hostname),
1291 (uint8_t*)addr_hostname->hostname,
1292 addr_hostname->ttl,-1);
1293 } else {
1295 RESOLVED_TYPE_ERROR,0,NULL,-1,-1);
1296 }
1297 return;
1298 }
1299
1300 if (conn->entry_cfg.prefer_ipv6) {
1301 addr_best = addr_ipv6 ? addr_ipv6 : addr_ipv4;
1302 } else {
1303 addr_best = addr_ipv4 ? addr_ipv4 : addr_ipv6;
1304 }
1305
1306 /* Now convert it to the ugly old interface */
1307 if (! addr_best) {
1309 RESOLVED_TYPE_NOERROR,0,NULL,-1,-1);
1310 return;
1311 }
1312
1314 &addr_best->addr,
1315 addr_best->ttl,
1316 -1);
1317
1318 remap_event_helper(conn, &addr_best->addr);
1319}
1320
1321/** Handle a RELAY_COMMAND_RESOLVED cell that we received on a non-open AP
1322 * stream. */
1323STATIC int
1325 const relay_msg_t *msg)
1326{
1327 entry_connection_t *entry_conn = EDGE_TO_ENTRY_CONN(conn);
1328 smartlist_t *resolved_addresses = NULL;
1329 int errcode = 0;
1330
1331 if (conn->base_.state != AP_CONN_STATE_RESOLVE_WAIT) {
1332 log_fn(LOG_PROTOCOL_WARN, LD_APP, "Got a 'resolved' cell while "
1333 "not in state resolve_wait. Dropping.");
1334 return 0;
1335 }
1336 tor_assert(SOCKS_COMMAND_IS_RESOLVE(entry_conn->socks_request->command));
1337
1338 resolved_addresses = smartlist_new();
1339 if (resolved_cell_parse(msg, resolved_addresses, &errcode)) {
1340 log_fn(LOG_PROTOCOL_WARN, LD_PROTOCOL,
1341 "Dropping malformed 'resolved' cell");
1342 connection_mark_unattached_ap(entry_conn, END_STREAM_REASON_TORPROTOCOL);
1343 goto done;
1344 }
1345
1346 if (get_options()->ClientDNSRejectInternalAddresses) {
1347 int orig_len = smartlist_len(resolved_addresses);
1348 SMARTLIST_FOREACH_BEGIN(resolved_addresses, address_ttl_t *, addr) {
1349 if (addr->hostname == NULL && tor_addr_is_internal(&addr->addr, 0)) {
1350 log_info(LD_APP, "Got a resolved cell with answer %s; dropping that "
1351 "answer.",
1352 safe_str_client(fmt_addr(&addr->addr)));
1353 address_ttl_free(addr);
1354 SMARTLIST_DEL_CURRENT(resolved_addresses, addr);
1355 }
1356 } SMARTLIST_FOREACH_END(addr);
1357 if (orig_len && smartlist_len(resolved_addresses) == 0) {
1358 log_info(LD_APP, "Got a resolved cell with only private addresses; "
1359 "dropping it.");
1361 RESOLVED_TYPE_ERROR_TRANSIENT,
1362 0, NULL, 0, TIME_MAX);
1363 connection_mark_unattached_ap(entry_conn,
1364 END_STREAM_REASON_TORPROTOCOL);
1365 goto done;
1366 }
1367 }
1368
1369 /* This is valid data at this point. Count it */
1370 if (conn->on_circuit && CIRCUIT_IS_ORIGIN(conn->on_circuit)) {
1372 msg->length);
1373 }
1374
1376 errcode,
1377 resolved_addresses);
1378
1379 connection_mark_unattached_ap(entry_conn,
1380 END_STREAM_REASON_DONE |
1382
1383 done:
1384 SMARTLIST_FOREACH(resolved_addresses, address_ttl_t *, addr,
1385 address_ttl_free(addr));
1386 smartlist_free(resolved_addresses);
1387 return 0;
1388}
1389
1390/** An incoming relay cell has arrived from circuit <b>circ</b> to
1391 * stream <b>conn</b>.
1392 *
1393 * The arguments here are the same as in
1394 * connection_edge_process_relay_cell() below; this function is called
1395 * from there when <b>conn</b> is defined and not in an open state.
1396 */
1397static int
1399 const relay_msg_t *msg, circuit_t *circ,
1400 edge_connection_t *conn, crypt_path_t *layer_hint)
1401{
1402 if (msg->command == RELAY_COMMAND_END) {
1403 if (CIRCUIT_IS_ORIGIN(circ) && conn->base_.type == CONN_TYPE_AP) {
1405 TO_ORIGIN_CIRCUIT(circ),
1406 EDGE_TO_ENTRY_CONN(conn),
1407 layer_hint);
1408 } else {
1409 /* we just got an 'end', don't need to send one */
1410 conn->edge_has_sent_end = 1;
1412 connection_mark_for_close(TO_CONN(conn));
1413 return 0;
1414 }
1415 }
1416
1417 if (conn->base_.type == CONN_TYPE_AP &&
1418 msg->command == RELAY_COMMAND_CONNECTED) {
1419 tor_addr_t addr;
1420 int ttl;
1421 entry_connection_t *entry_conn = EDGE_TO_ENTRY_CONN(conn);
1423 if (conn->base_.state != AP_CONN_STATE_CONNECT_WAIT) {
1424 log_fn(LOG_PROTOCOL_WARN, LD_APP,
1425 "Got 'connected' while not in state connect_wait. Dropping.");
1426 return 0;
1427 }
1428 CONNECTION_AP_EXPECT_NONPENDING(entry_conn);
1429 conn->base_.state = AP_CONN_STATE_OPEN;
1430 log_info(LD_APP,"'connected' received for circid %u streamid %d "
1431 "after %d seconds.",
1432 (unsigned)circ->n_circ_id,
1433 msg->stream_id,
1434 (int)(time(NULL) - conn->base_.timestamp_last_read_allowed));
1435 if (connected_cell_parse(msg, &addr, &ttl) < 0) {
1436 log_fn(LOG_PROTOCOL_WARN, LD_APP,
1437 "Got a badly formatted connected cell. Closing.");
1438 connection_edge_end(conn, END_STREAM_REASON_TORPROTOCOL);
1439 connection_mark_unattached_ap(entry_conn, END_STREAM_REASON_TORPROTOCOL);
1440 return 0;
1441 }
1442 if (tor_addr_family(&addr) != AF_UNSPEC) {
1443 /* The family is not UNSPEC: so we were given an address in the
1444 * connected cell. (This is normal, except for BEGINDIR and onion
1445 * service streams.) */
1446 const sa_family_t family = tor_addr_family(&addr);
1447 if (tor_addr_is_null(&addr) ||
1448 (get_options()->ClientDNSRejectInternalAddresses &&
1449 tor_addr_is_internal(&addr, 0))) {
1450 log_info(LD_APP, "...but it claims the IP address was %s. Closing.",
1451 safe_str(fmt_addr(&addr)));
1452 connection_edge_end(conn, END_STREAM_REASON_TORPROTOCOL);
1453 connection_mark_unattached_ap(entry_conn,
1454 END_STREAM_REASON_TORPROTOCOL);
1455 return 0;
1456 }
1457
1458 if ((family == AF_INET && ! entry_conn->entry_cfg.ipv4_traffic) ||
1459 (family == AF_INET6 && ! entry_conn->entry_cfg.ipv6_traffic)) {
1460 log_fn(LOG_PROTOCOL_WARN, LD_APP,
1461 "Got a connected cell to %s with unsupported address family."
1462 " Closing.", safe_str(fmt_addr(&addr)));
1463 connection_edge_end(conn, END_STREAM_REASON_TORPROTOCOL);
1464 connection_mark_unattached_ap(entry_conn,
1465 END_STREAM_REASON_TORPROTOCOL);
1466 return 0;
1467 }
1468
1469 client_dns_set_addressmap(entry_conn,
1470 entry_conn->socks_request->address, &addr,
1471 entry_conn->chosen_exit_name, ttl);
1472
1473 remap_event_helper(entry_conn, &addr);
1474 }
1476 /* don't send a socks reply to transparent conns */
1477 tor_assert(entry_conn->socks_request != NULL);
1478 if (!entry_conn->socks_request->has_finished) {
1479 connection_ap_handshake_socks_reply(entry_conn, NULL, 0, 0);
1480 }
1481
1482 /* Was it a linked dir conn? If so, a dir request just started to
1483 * fetch something; this could be a bootstrap status milestone. */
1484 log_debug(LD_APP, "considering");
1485 if (TO_CONN(conn)->linked_conn &&
1486 TO_CONN(conn)->linked_conn->type == CONN_TYPE_DIR) {
1487 connection_t *dirconn = TO_CONN(conn)->linked_conn;
1488 log_debug(LD_APP, "it is! %d", dirconn->purpose);
1489 switch (dirconn->purpose) {
1492 control_event_bootstrap(BOOTSTRAP_STATUS_LOADING_KEYS, 0);
1493 break;
1495 control_event_bootstrap(BOOTSTRAP_STATUS_LOADING_STATUS, 0);
1496 break;
1499 if (TO_DIR_CONN(dirconn)->router_purpose == ROUTER_PURPOSE_GENERAL)
1500 control_event_boot_dir(BOOTSTRAP_STATUS_LOADING_DESCRIPTORS,
1502 break;
1503 }
1504 }
1505 /* This is definitely a success, so forget about any pending data we
1506 * had sent. */
1507 if (entry_conn->pending_optimistic_data) {
1508 buf_free(entry_conn->pending_optimistic_data);
1509 entry_conn->pending_optimistic_data = NULL;
1510 }
1511
1512 /* This is valid data at this point. Count it */
1513 circuit_read_valid_data(TO_ORIGIN_CIRCUIT(circ), msg->length);
1514
1515 /* handle anything that might have queued */
1516 if (connection_edge_package_raw_inbuf(conn, 1, NULL) < 0) {
1517 /* (We already sent an end cell if possible) */
1518 connection_mark_for_close(TO_CONN(conn));
1519 return 0;
1520 }
1521 return 0;
1522 }
1523 if (conn->base_.type == CONN_TYPE_AP &&
1524 msg->command == RELAY_COMMAND_RESOLVED) {
1525 return connection_edge_process_resolved_cell(conn, msg);
1526 }
1527
1528 log_fn(LOG_PROTOCOL_WARN, LD_PROTOCOL,
1529 "Got an unexpected relay command %d, in state %d (%s). Dropping.",
1530 msg->command, conn->base_.state,
1531 conn_state_to_string(conn->base_.type, conn->base_.state));
1532 return 0; /* for forward compatibility, don't kill the circuit */
1533// connection_edge_end(conn, END_STREAM_REASON_TORPROTOCOL);
1534// connection_mark_for_close(conn);
1535// return -1;
1536}
1537
1538/** Process a SENDME cell that arrived on <b>circ</b>. If it is a stream level
1539 * cell, it is destined for the given <b>conn</b>. If it is a circuit level
1540 * cell, it is destined for the <b>layer_hint</b>. The <b>domain</b> is the
1541 * logging domain that should be used.
1542 *
1543 * Return 0 if everything went well or a negative value representing a circuit
1544 * end reason on error for which the caller is responsible for closing it. */
1545static int
1547 edge_connection_t *conn, crypt_path_t *layer_hint,
1548 int domain)
1549{
1550 int ret;
1551
1552 tor_assert(msg);
1553
1554 if (!msg->stream_id) {
1555 /* Circuit level SENDME cell. */
1556 ret = sendme_process_circuit_level(layer_hint, circ, msg->body,
1557 msg->length);
1558 if (ret < 0) {
1559 return ret;
1560 }
1561 /* Resume reading on any streams now that we've processed a valid
1562 * SENDME cell that updated our package window. */
1563 circuit_resume_edge_reading(circ, layer_hint);
1564 /* We are done, the rest of the code is for the stream level. */
1565 return 0;
1566 }
1567
1568 /* No connection, might be half edge state. We are done if so. */
1569 if (!conn) {
1570 if (CIRCUIT_IS_ORIGIN(circ)) {
1571 origin_circuit_t *ocirc = TO_ORIGIN_CIRCUIT(circ);
1573 msg->stream_id)) {
1574 circuit_read_valid_data(ocirc, msg->length);
1575 log_info(domain, "Sendme cell on circ %u valid on half-closed "
1576 "stream id %d",
1577 ocirc->global_identifier, msg->stream_id);
1578 }
1579 }
1580
1581 log_info(domain, "SENDME cell dropped, unknown stream (streamid %d).",
1582 msg->stream_id);
1583 return 0;
1584 }
1585
1586 /* Stream level SENDME cell. */
1587 // TODO: Turn this off for cc_alg=1,2,3; use XON/XOFF instead
1588 ret = sendme_process_stream_level(conn, circ, msg->length);
1589 if (ret < 0) {
1590 /* Means we need to close the circuit with reason ret. */
1591 return ret;
1592 }
1593
1594 /* We've now processed properly a SENDME cell, all windows have been
1595 * properly updated, we'll read on the edge connection to see if we can
1596 * get data out towards the end point (Exit or client) since we are now
1597 * allowed to deliver more cells. */
1598
1600 /* Still waiting for queue to flush; don't touch conn */
1601 return 0;
1602 }
1604 /* handle whatever might still be on the inbuf */
1605 if (connection_edge_package_raw_inbuf(conn, 1, NULL) < 0) {
1606 /* (We already sent an end cell if possible) */
1607 connection_mark_for_close(TO_CONN(conn));
1608 return 0;
1609 }
1610 return 0;
1611}
1612
1613/** A helper for connection_edge_process_relay_cell(): Actually handles the
1614 * cell that we received on the connection.
1615 *
1616 * The arguments are the same as in the parent function
1617 * connection_edge_process_relay_cell(), plus the relay header <b>rh</b> as
1618 * unpacked by the parent function, and <b>optimistic_data</b> as set by the
1619 * parent function.
1620 */
1621STATIC int
1623 edge_connection_t *conn, crypt_path_t *layer_hint,
1624 int optimistic_data)
1625{
1626 unsigned domain = layer_hint?LD_APP:LD_EXIT;
1627 int reason;
1628
1629 tor_assert(msg);
1630
1631 /* First pass the cell to the circuit padding subsystem, in case it's a
1632 * padding cell or circuit that should be handled there. */
1633 if (circpad_check_received_cell(msg, circ, layer_hint) == 0) {
1634 log_debug(domain, "Cell handled as circuit padding");
1635 return 0;
1636 }
1637
1638 /* Now handle all the other commands */
1639 switch (msg->command) {
1640 case RELAY_COMMAND_CONFLUX_LINK:
1641 conflux_process_link(circ, msg);
1642 return 0;
1643 case RELAY_COMMAND_CONFLUX_LINKED:
1644 conflux_process_linked(circ, layer_hint, msg);
1645 return 0;
1646 case RELAY_COMMAND_CONFLUX_LINKED_ACK:
1648 return 0;
1649 case RELAY_COMMAND_CONFLUX_SWITCH:
1650 return conflux_process_switch_command(circ, layer_hint, msg);
1651 case RELAY_COMMAND_BEGIN:
1652 case RELAY_COMMAND_BEGIN_DIR:
1653 if (layer_hint &&
1655 log_fn(LOG_PROTOCOL_WARN, LD_APP,
1656 "Relay begin request unsupported at AP. Dropping.");
1657 return 0;
1658 }
1660 layer_hint != TO_ORIGIN_CIRCUIT(circ)->cpath->prev) {
1661 log_fn(LOG_PROTOCOL_WARN, LD_APP,
1662 "Relay begin request to Hidden Service "
1663 "from intermediary node. Dropping.");
1664 return 0;
1665 }
1666 if (conn) {
1667 log_fn(LOG_PROTOCOL_WARN, domain,
1668 "Begin cell for known stream. Dropping.");
1669 return 0;
1670 }
1671 if (msg->command == RELAY_COMMAND_BEGIN_DIR &&
1673 /* Assign this circuit and its app-ward OR connection a unique ID,
1674 * so that we can measure download times. The local edge and dir
1675 * connection will be assigned the same ID when they are created
1676 * and linked. */
1677 static uint64_t next_id = 0;
1678 circ->dirreq_id = ++next_id;
1679 TO_OR_CIRCUIT(circ)->p_chan->dirreq_id = circ->dirreq_id;
1680 }
1681 return connection_exit_begin_conn(msg, circ);
1682 case RELAY_COMMAND_DATA:
1684
1685 if (msg->stream_id == 0) {
1686 log_fn(LOG_PROTOCOL_WARN, LD_PROTOCOL, "Relay data cell with zero "
1687 "stream_id. Dropping.");
1688 return 0;
1689 } else if (!conn) {
1690 if (CIRCUIT_IS_ORIGIN(circ)) {
1691 origin_circuit_t *ocirc = TO_ORIGIN_CIRCUIT(circ);
1693 msg->stream_id)) {
1694 circuit_read_valid_data(ocirc, msg->length);
1695 log_info(domain,
1696 "data cell on circ %u valid on half-closed "
1697 "stream id %d", ocirc->global_identifier, msg->stream_id);
1698 }
1699 }
1700
1701 log_info(domain,"data cell dropped, unknown stream (streamid %d).",
1702 msg->stream_id);
1703 return 0;
1704 }
1705
1706 /* Update our stream-level deliver window that we just received a DATA
1707 * cell. Going below 0 means we have a protocol level error so the
1708 * stream and circuit are closed. */
1709 if (sendme_stream_data_received(conn) < 0) {
1710 log_fn(LOG_PROTOCOL_WARN, LD_PROTOCOL,
1711 "(relay data) conn deliver_window below 0. Killing.");
1712 connection_edge_end_close(conn, END_STREAM_REASON_TORPROTOCOL);
1713 return -END_CIRC_REASON_TORPROTOCOL;
1714 }
1715 /* Total all valid application bytes delivered */
1716 if (CIRCUIT_IS_ORIGIN(circ) && msg->length > 0) {
1717 circuit_read_valid_data(TO_ORIGIN_CIRCUIT(circ), msg->length);
1718 }
1719
1720 /* For onion service connection, update the metrics. */
1721 if (conn->hs_ident) {
1722 hs_metrics_app_write_bytes(&conn->hs_ident->identity_pk,
1723 conn->hs_ident->orig_virtual_port,
1724 msg->length);
1725 }
1726
1727 stats_n_data_bytes_received += msg->length;
1728 connection_buf_add((char*) msg->body, msg->length, TO_CONN(conn));
1729
1730#ifdef MEASUREMENTS_21206
1731 /* Count number of RELAY_DATA cells received on a linked directory
1732 * connection. */
1733 connection_t *linked_conn = TO_CONN(conn)->linked_conn;
1734
1735 if (linked_conn && linked_conn->type == CONN_TYPE_DIR) {
1736 ++(TO_DIR_CONN(linked_conn)->data_cells_received);
1737 }
1738#endif /* defined(MEASUREMENTS_21206) */
1739
1740 if (!optimistic_data) {
1741 /* Only send a SENDME if we're not getting optimistic data; otherwise
1742 * a SENDME could arrive before the CONNECTED.
1743 */
1745 }
1746
1747 return 0;
1748 case RELAY_COMMAND_XOFF:
1749 if (!conn) {
1750 if (CIRCUIT_IS_ORIGIN(circ)) {
1751 origin_circuit_t *ocirc = TO_ORIGIN_CIRCUIT(circ);
1752 if (relay_crypt_from_last_hop(ocirc, layer_hint) &&
1754 msg->stream_id)) {
1755 circuit_read_valid_data(ocirc, msg->length);
1756 }
1757 }
1758 return 0;
1759 }
1760
1761 if (circuit_process_stream_xoff(conn, layer_hint)) {
1762 if (CIRCUIT_IS_ORIGIN(circ)) {
1763 circuit_read_valid_data(TO_ORIGIN_CIRCUIT(circ), msg->length);
1764 }
1765 }
1766 return 0;
1767 case RELAY_COMMAND_XON:
1768 if (!conn) {
1769 if (CIRCUIT_IS_ORIGIN(circ)) {
1770 origin_circuit_t *ocirc = TO_ORIGIN_CIRCUIT(circ);
1771 if (relay_crypt_from_last_hop(ocirc, layer_hint) &&
1773 msg->stream_id)) {
1774 circuit_read_valid_data(ocirc, msg->length);
1775 }
1776 }
1777 return 0;
1778 }
1779
1780 if (circuit_process_stream_xon(conn, layer_hint, msg)) {
1781 if (CIRCUIT_IS_ORIGIN(circ)) {
1782 circuit_read_valid_data(TO_ORIGIN_CIRCUIT(circ), msg->length);
1783 }
1784 }
1785 return 0;
1786 case RELAY_COMMAND_END:
1787 reason = msg->length > 0 ? get_uint8(msg->body) : END_STREAM_REASON_MISC;
1788 if (!conn) {
1789 if (CIRCUIT_IS_ORIGIN(circ)) {
1790 origin_circuit_t *ocirc = TO_ORIGIN_CIRCUIT(circ);
1791 if (relay_crypt_from_last_hop(ocirc, layer_hint) &&
1793 msg->stream_id)) {
1794
1795 circuit_read_valid_data(ocirc, msg->length);
1796 log_info(domain,
1797 "end cell (%s) on circ %u valid on half-closed "
1798 "stream id %d",
1800 ocirc->global_identifier, msg->stream_id);
1801 return 0;
1802 }
1803 }
1804 log_info(domain,"end cell (%s) dropped, unknown stream.",
1806 return 0;
1807 }
1808/* XXX add to this log_fn the exit node's nickname? */
1809 log_info(domain,TOR_SOCKET_T_FORMAT": end cell (%s) for stream %d. "
1810 "Removing stream.",
1811 conn->base_.s,
1813 conn->stream_id);
1814 if (conn->base_.type == CONN_TYPE_AP) {
1815 entry_connection_t *entry_conn = EDGE_TO_ENTRY_CONN(conn);
1816 if (entry_conn->socks_request &&
1817 !entry_conn->socks_request->has_finished)
1818 log_warn(LD_BUG,
1819 "open stream hasn't sent socks answer yet? Closing.");
1820 }
1821 /* We just *got* an end; no reason to send one. */
1822 conn->edge_has_sent_end = 1;
1823 if (!conn->end_reason)
1825 if (!conn->base_.marked_for_close) {
1826 /* only mark it if not already marked. it's possible to
1827 * get the 'end' right around when the client hangs up on us. */
1828 connection_mark_and_flush(TO_CONN(conn));
1829
1830 /* Total all valid application bytes delivered */
1831 if (CIRCUIT_IS_ORIGIN(circ)) {
1832 circuit_read_valid_data(TO_ORIGIN_CIRCUIT(circ), msg->length);
1833 }
1834 }
1835 return 0;
1836 case RELAY_COMMAND_EXTEND:
1837 case RELAY_COMMAND_EXTEND2: {
1838 static uint64_t total_n_extend=0, total_nonearly=0;
1839 total_n_extend++;
1840 if (msg->stream_id) {
1841 log_fn(LOG_PROTOCOL_WARN, domain,
1842 "'extend' cell received for non-zero stream. Dropping.");
1843 return 0;
1844 }
1845 if (!msg->is_relay_early &&
1846 !networkstatus_get_param(NULL,"AllowNonearlyExtend",0,0,1)) {
1847#define EARLY_WARNING_INTERVAL 3600
1848 static ratelim_t early_warning_limit =
1849 RATELIM_INIT(EARLY_WARNING_INTERVAL);
1850 char *m;
1851 if (!msg->is_relay_early) {
1852 ++total_nonearly;
1853 if ((m = rate_limit_log(&early_warning_limit, approx_time()))) {
1854 double percentage = ((double)total_nonearly)/total_n_extend;
1855 percentage *= 100;
1856 log_fn(LOG_PROTOCOL_WARN, domain, "EXTEND cell received, "
1857 "but not via RELAY_EARLY. Dropping.%s", m);
1858 log_fn(LOG_PROTOCOL_WARN, domain, " (We have dropped %.02f%% of "
1859 "all EXTEND cells for this reason)", percentage);
1860 tor_free(m);
1861 }
1862 } else {
1863 log_fn(LOG_WARN, domain,
1864 "EXTEND cell received, in a cell with type %d! Dropping.",
1865 msg->command);
1866 }
1867 return 0;
1868 }
1869 return circuit_extend(msg, circ);
1870 }
1871 case RELAY_COMMAND_EXTENDED:
1872 case RELAY_COMMAND_EXTENDED2:
1873 if (!layer_hint) {
1874 log_fn(LOG_PROTOCOL_WARN, LD_PROTOCOL,
1875 "'extended' unsupported at non-origin. Dropping.");
1876 return 0;
1877 }
1878 log_debug(domain,"Got an extended cell! Yay.");
1879 {
1880 extended_cell_t extended_cell;
1881 if (extended_cell_parse(&extended_cell, msg->command,
1882 msg->body, msg->length) < 0) {
1883 log_warn(LD_PROTOCOL,
1884 "Can't parse EXTENDED cell; killing circuit.");
1885 return -END_CIRC_REASON_TORPROTOCOL;
1886 }
1887 if ((reason = circuit_finish_handshake(TO_ORIGIN_CIRCUIT(circ),
1888 &extended_cell.created_cell)) < 0) {
1889 circuit_mark_for_close(circ, -reason);
1890 return 0; /* We don't want to cause a warning, so we mark the circuit
1891 * here. */
1892 }
1893 }
1894 if ((reason=circuit_send_next_onion_skin(TO_ORIGIN_CIRCUIT(circ)))<0) {
1895 log_info(domain,"circuit_send_next_onion_skin() failed.");
1896 return reason;
1897 }
1898 /* Total all valid bytes delivered. */
1899 if (CIRCUIT_IS_ORIGIN(circ)) {
1900 circuit_read_valid_data(TO_ORIGIN_CIRCUIT(circ), msg->length);
1901 }
1902 return 0;
1903 case RELAY_COMMAND_TRUNCATE:
1904 if (layer_hint) {
1905 log_fn(LOG_PROTOCOL_WARN, LD_APP,
1906 "'truncate' unsupported at origin. Dropping.");
1907 return 0;
1908 }
1909 if (circ->n_hop) {
1910 if (circ->n_chan)
1911 log_warn(LD_BUG, "n_chan and n_hop set on the same circuit!");
1912 extend_info_free(circ->n_hop);
1913 circ->n_hop = NULL;
1916 }
1917 if (circ->n_chan) {
1918 uint8_t trunc_reason = get_uint8(msg->body);
1919 circuit_synchronize_written_or_bandwidth(circ, CIRCUIT_N_CHAN);
1920 circuit_clear_cell_queue(circ, circ->n_chan);
1922 trunc_reason);
1923 circuit_set_n_circid_chan(circ, 0, NULL);
1924 }
1925 log_debug(LD_EXIT, "Processed 'truncate', replying.");
1926 {
1927 char payload[1];
1928 payload[0] = (char)END_CIRC_REASON_REQUESTED;
1929 relay_send_command_from_edge(0, circ, RELAY_COMMAND_TRUNCATED,
1930 payload, sizeof(payload), NULL);
1931 }
1932 return 0;
1933 case RELAY_COMMAND_TRUNCATED:
1934 if (!layer_hint) {
1935 log_fn(LOG_PROTOCOL_WARN, LD_EXIT,
1936 "'truncated' unsupported at non-origin. Dropping.");
1937 return 0;
1938 }
1939
1940 /* Count the truncated as valid, for completeness. The
1941 * circuit is being torn down anyway, though. */
1942 if (CIRCUIT_IS_ORIGIN(circ)) {
1943 circuit_read_valid_data(TO_ORIGIN_CIRCUIT(circ), msg->length);
1944 }
1946 return 0;
1947 case RELAY_COMMAND_CONNECTED:
1948 if (conn) {
1949 log_fn(LOG_PROTOCOL_WARN, LD_PROTOCOL,
1950 "'connected' unsupported while open. Closing circ.");
1951 return -END_CIRC_REASON_TORPROTOCOL;
1952 }
1953
1954 if (CIRCUIT_IS_ORIGIN(circ)) {
1955 origin_circuit_t *ocirc = TO_ORIGIN_CIRCUIT(circ);
1957 msg->stream_id)) {
1958 circuit_read_valid_data(ocirc, msg->length);
1959 log_info(domain,
1960 "connected cell on circ %u valid on half-closed "
1961 "stream id %d", ocirc->global_identifier, msg->stream_id);
1962 return 0;
1963 }
1964 }
1965
1966 log_info(domain,
1967 "'connected' received on circid %u for streamid %d, "
1968 "no conn attached anymore. Ignoring.",
1969 (unsigned)circ->n_circ_id, msg->stream_id);
1970 return 0;
1971 case RELAY_COMMAND_SENDME:
1972 return process_sendme_cell(msg, circ, conn, layer_hint, domain);
1973 case RELAY_COMMAND_RESOLVE:
1974 if (layer_hint) {
1975 log_fn(LOG_PROTOCOL_WARN, LD_APP,
1976 "resolve request unsupported at AP; dropping.");
1977 return 0;
1978 } else if (conn) {
1979 log_fn(LOG_PROTOCOL_WARN, domain,
1980 "resolve request for known stream; dropping.");
1981 return 0;
1982 } else if (circ->purpose != CIRCUIT_PURPOSE_OR) {
1983 log_fn(LOG_PROTOCOL_WARN, domain,
1984 "resolve request on circ with purpose %d; dropping",
1985 circ->purpose);
1986 return 0;
1987 }
1989 case RELAY_COMMAND_RESOLVED:
1990 if (conn) {
1991 log_fn(LOG_PROTOCOL_WARN, domain,
1992 "'resolved' unsupported while open. Closing circ.");
1993 return -END_CIRC_REASON_TORPROTOCOL;
1994 }
1995
1996 if (CIRCUIT_IS_ORIGIN(circ)) {
1997 origin_circuit_t *ocirc = TO_ORIGIN_CIRCUIT(circ);
1998 if (relay_crypt_from_last_hop(ocirc, layer_hint) &&
2000 msg->stream_id)) {
2001 circuit_read_valid_data(ocirc, msg->length);
2002 log_info(domain,
2003 "resolved cell on circ %u valid on half-closed "
2004 "stream id %d", ocirc->global_identifier, msg->stream_id);
2005 return 0;
2006 }
2007 }
2008
2009 log_info(domain,
2010 "'resolved' received, no conn attached anymore. Ignoring.");
2011 return 0;
2012 case RELAY_COMMAND_ESTABLISH_INTRO:
2013 case RELAY_COMMAND_ESTABLISH_RENDEZVOUS:
2014 case RELAY_COMMAND_INTRODUCE1:
2015 case RELAY_COMMAND_INTRODUCE2:
2016 case RELAY_COMMAND_INTRODUCE_ACK:
2017 case RELAY_COMMAND_RENDEZVOUS1:
2018 case RELAY_COMMAND_RENDEZVOUS2:
2019 case RELAY_COMMAND_INTRO_ESTABLISHED:
2020 case RELAY_COMMAND_RENDEZVOUS_ESTABLISHED:
2021 rend_process_relay_cell(circ, layer_hint,
2022 msg->command, msg->length, msg->body);
2023 return 0;
2024 }
2025 log_fn(LOG_PROTOCOL_WARN, LD_PROTOCOL,
2026 "Received unknown relay command %d. Perhaps the other side is using "
2027 "a newer version of Tor? Dropping.",
2028 msg->command);
2029 return 0; /* for forward compatibility, don't kill the circuit */
2030}
2031
2032/** An incoming relay cell has arrived on circuit <b>circ</b>. If
2033 * <b>conn</b> is NULL this is a control cell, else <b>cell</b> is
2034 * destined for <b>conn</b>.
2035 *
2036 * If <b>layer_hint</b> is defined, then we're the origin of the
2037 * circuit, and it specifies the hop that packaged <b>cell</b>.
2038 *
2039 * Return -reason if you want to warn and tear down the circuit, else 0.
2040 */
2041STATIC int
2043 edge_connection_t *conn,
2044 crypt_path_t *layer_hint)
2045{
2046 static int num_seen=0;
2047 unsigned domain = layer_hint?LD_APP:LD_EXIT;
2048
2049 tor_assert(msg);
2050 tor_assert(circ);
2051
2052// log_fn(LOG_DEBUG,"command %d stream %d", rh.command, rh.stream_id);
2053 num_seen++;
2054 log_debug(domain, "Now seen %d relay cells here (command %d, stream %d).",
2055 num_seen, msg->command, msg->stream_id);
2056
2057 if (msg->stream_id == 0) {
2058 switch (msg->command) {
2059 case RELAY_COMMAND_BEGIN:
2060 case RELAY_COMMAND_CONNECTED:
2061 case RELAY_COMMAND_END:
2062 case RELAY_COMMAND_RESOLVE:
2063 case RELAY_COMMAND_RESOLVED:
2064 case RELAY_COMMAND_BEGIN_DIR:
2065 log_fn(LOG_PROTOCOL_WARN, LD_PROTOCOL, "Relay command %u with zero "
2066 "stream_id. Dropping.", msg->command);
2067 return 0;
2068 default:
2069 ;
2070 }
2071 }
2072
2073 /* Regardless of conflux or not, we always decide to send a SENDME
2074 * for RELAY_DATA immediately
2075 */
2076 if (msg->command == RELAY_COMMAND_DATA) {
2077 /* Update our circuit-level deliver window that we received a DATA cell.
2078 * If the deliver window goes below 0, we end the circuit and stream due
2079 * to a protocol failure. */
2080 if (sendme_circuit_data_received(circ, layer_hint) < 0) {
2081 log_fn(LOG_PROTOCOL_WARN, LD_PROTOCOL,
2082 "(relay data) circ deliver_window below 0. Killing.");
2083 connection_edge_end_close(conn, END_STREAM_REASON_TORPROTOCOL);
2084 return -END_CIRC_REASON_TORPROTOCOL;
2085 }
2086
2087 /* Consider sending a circuit-level SENDME cell. */
2088 sendme_circuit_consider_sending(circ, layer_hint);
2089
2090 /* Continue on to process the data cell via conflux or not */
2091 }
2092
2093 /* Conflux handling: If conflux is disabled, or the relay command is not
2094 * multiplexed across circuits, then process it immediately.
2095 *
2096 * Otherwise, we need to process the relay cell against our conflux
2097 * queues, and if doing so results in ordered cells to deliver, we
2098 * dequeue and process those in-order until there are no more.
2099 */
2100 if (!circ->conflux || !conflux_should_multiplex(msg->command)) {
2101 return connection_edge_process_ordered_relay_cell(msg, circ, conn,
2102 layer_hint);
2103 } else {
2104 // If conflux says this cell is in-order, then begin processing
2105 // cells from queue until there are none. Otherwise, we do nothing
2106 // until further cells arrive.
2107 if (conflux_process_relay_msg(circ->conflux, circ, layer_hint,
2108 (relay_msg_t *) msg)) {
2109 conflux_msg_t *c_msg = NULL;
2110
2111 /* First, process this cell */
2113 msg, circ, conn, layer_hint);
2114 if (ret < 0) {
2115 return ret;
2116 }
2117
2118 /* Now, check queue for more */
2119 while ((c_msg = conflux_dequeue_relay_msg(circ->conflux))) {
2120 conn = relay_lookup_conn(circ, c_msg->msg, CELL_DIRECTION_OUT,
2121 layer_hint);
2123 conn,
2124 layer_hint);
2125 if (ret < 0) {
2126 /* Negative return value is a fatal error. Return early and tear down
2127 * circuit */
2128 conflux_relay_msg_free(c_msg);
2129 return ret;
2130 }
2131 conflux_relay_msg_free(c_msg);
2132 }
2133 }
2134 }
2135
2136 return 0;
2137}
2138
2139/**
2140 * Helper function to process a relay cell that is in the proper order
2141 * for processing right now. */
2142static int
2144 circuit_t *circ,
2145 edge_connection_t *conn,
2146 crypt_path_t *layer_hint)
2147{
2148 int optimistic_data = 0; /* Set to 1 if we receive data on a stream
2149 * that's in the EXIT_CONN_STATE_RESOLVING
2150 * or EXIT_CONN_STATE_CONNECTING states. */
2151
2152 /* Tell circpad that we've received a recognized cell */
2153 circpad_deliver_recognized_relay_cell_events(circ, msg->command, layer_hint);
2154
2155 /* either conn is NULL, in which case we've got a control cell, or else
2156 * conn points to the recognized stream. */
2157 if (conn && !connection_state_is_open(TO_CONN(conn))) {
2158 if (conn->base_.type == CONN_TYPE_EXIT &&
2159 (conn->base_.state == EXIT_CONN_STATE_CONNECTING ||
2160 conn->base_.state == EXIT_CONN_STATE_RESOLVING) &&
2161 msg->command == RELAY_COMMAND_DATA) {
2162 /* Allow DATA cells to be delivered to an exit node in state
2163 * EXIT_CONN_STATE_CONNECTING or EXIT_CONN_STATE_RESOLVING.
2164 * This speeds up HTTP, for example. */
2165 optimistic_data = 1;
2166 } else if (msg->stream_id == 0 && msg->command == RELAY_COMMAND_DATA) {
2167 log_warn(LD_BUG, "Somehow I had a connection that matched a "
2168 "data cell with stream ID 0.");
2169 } else {
2171 msg, circ, conn, layer_hint);
2172 }
2173 }
2174
2175 return handle_relay_msg(msg, circ, conn, layer_hint, optimistic_data);
2176}
2177
2178/** How many relay_data cells have we built, ever? */
2180/** How many bytes of data have we put in relay_data cells have we built,
2181 * ever? This would be RELAY_PAYLOAD_SIZE*stats_n_data_cells_packaged if
2182 * every relay cell we ever sent were completely full of data. */
2184/** How many relay_data cells have we received, ever? */
2186/** How many bytes of data have we received relay_data cells, ever? This would
2187 * be RELAY_PAYLOAD_SIZE*stats_n_data_cells_packaged if every relay cell we
2188 * ever received were completely full of data. */
2190
2191/**
2192 * Called when initializing a circuit, or when we have reached the end of the
2193 * window in which we need to send some randomness so that incoming sendme
2194 * cells will be unpredictable. Resets the flags and picks a new window.
2195 */
2196void
2198{
2200 // XXX: do we need to change this check for congestion control?
2203}
2204
2205/**
2206 * Helper. Return the number of bytes that should be put into a cell from a
2207 * given edge connection on which <b>n_available</b> bytes are available.
2208 */
2209STATIC size_t
2211 int package_partial,
2212 circuit_t *on_circuit,
2213 crypt_path_t *cpath)
2214{
2215 if (!n_available)
2216 return 0;
2217
2218 /* Do we need to force this payload to have space for randomness? */
2219 const bool force_random_bytes =
2220 (on_circuit->send_randomness_after_n_cells == 0) &&
2221 (! on_circuit->have_sent_sufficiently_random_cell);
2222
2223 relay_cell_fmt_t cell_format = circuit_get_relay_format(on_circuit, cpath);
2224 size_t target_length =
2225 relay_cell_max_payload_size(cell_format, RELAY_COMMAND_DATA);
2226
2227#define RELAY_CELL_PADDING_GAP 4
2228
2229 /* Any relay data payload containing fewer than this many real bytes is
2230 * considered to have enough randomness to. */
2231 size_t target_length_with_random = target_length -
2232 RELAY_CELL_PADDING_GAP - 16;
2233 if (force_random_bytes) {
2234 target_length = target_length_with_random;
2235 }
2236
2237 /* Decide how many bytes we will actually put into this cell. */
2238 size_t package_length;
2239 if (n_available >= target_length) { /* A full payload is available. */
2240 package_length = target_length;
2241 } else { /* not a full payload available */
2242 if (package_partial)
2243 package_length = n_available; /* just take whatever's available now */
2244 else
2245 return 0; /* nothing to do until we have a full payload */
2246 }
2247
2248 /* If we reach this point, we will be definitely sending the cell. */
2249 tor_assert_nonfatal(package_length > 0);
2250
2251 if (package_length <= target_length_with_random) {
2252 /* This cell will have enough randomness in the padding to make a future
2253 * sendme cell unpredictable. */
2254 on_circuit->have_sent_sufficiently_random_cell = 1;
2255 }
2256
2257 if (on_circuit->send_randomness_after_n_cells == 0) {
2258 /* Either this cell, or some previous cell, had enough padding to
2259 * ensure sendme unpredictability. */
2260 tor_assert_nonfatal(on_circuit->have_sent_sufficiently_random_cell);
2261 /* Pick a new interval in which we need to send randomness. */
2263 }
2264
2265 --on_circuit->send_randomness_after_n_cells;
2266
2267 return package_length;
2268}
2269
2270/** If <b>conn</b> has an entire relay payload of bytes on its inbuf (or
2271 * <b>package_partial</b> is true), and the appropriate package windows aren't
2272 * empty, grab a cell and send it down the circuit.
2273 *
2274 * If *<b>max_cells</b> is given, package no more than max_cells. Decrement
2275 * *<b>max_cells</b> by the number of cells packaged.
2276 *
2277 * Return -1 (and send a RELAY_COMMAND_END cell if necessary) if conn should
2278 * be marked for close, else return 0.
2279 */
2280int
2282 int *max_cells)
2283{
2284 size_t bytes_to_process, length;
2285 char payload[CELL_PAYLOAD_SIZE];
2286 circuit_t *circ;
2287 const unsigned domain = conn->base_.type == CONN_TYPE_AP ? LD_APP : LD_EXIT;
2288 int sending_from_optimistic = 0;
2289 entry_connection_t *entry_conn =
2290 conn->base_.type == CONN_TYPE_AP ? EDGE_TO_ENTRY_CONN(conn) : NULL;
2291 const int sending_optimistically =
2292 entry_conn &&
2293 conn->base_.type == CONN_TYPE_AP &&
2294 conn->base_.state != AP_CONN_STATE_OPEN;
2295 crypt_path_t *cpath_layer = conn->cpath_layer;
2296
2297 tor_assert(conn);
2298
2299 if (BUG(conn->base_.marked_for_close)) {
2300 log_warn(LD_BUG,
2301 "called on conn that's already marked for close at %s:%d.",
2302 conn->base_.marked_for_close_file, conn->base_.marked_for_close);
2303 return 0;
2304 }
2305
2306 if (max_cells && *max_cells <= 0)
2307 return 0;
2308
2309 repeat_connection_edge_package_raw_inbuf:
2310
2311 circ = circuit_get_by_edge_conn(conn);
2312 if (!circ) {
2313 log_info(domain,"conn has no circuit! Closing.");
2315 return -1;
2316 }
2317
2318 if (circuit_consider_stop_edge_reading(circ, cpath_layer))
2319 return 0;
2320
2321 if (conn->package_window <= 0) {
2322 log_info(domain,"called with package_window %d. Skipping.",
2323 conn->package_window);
2325 return 0;
2326 }
2327
2328 sending_from_optimistic = entry_conn &&
2329 entry_conn->sending_optimistic_data != NULL;
2330
2331 if (PREDICT_UNLIKELY(sending_from_optimistic)) {
2332 bytes_to_process = buf_datalen(entry_conn->sending_optimistic_data);
2333 if (PREDICT_UNLIKELY(!bytes_to_process)) {
2334 log_warn(LD_BUG, "sending_optimistic_data was non-NULL but empty");
2335 bytes_to_process = connection_get_inbuf_len(TO_CONN(conn));
2336 sending_from_optimistic = 0;
2337 }
2338 } else {
2339 bytes_to_process = connection_get_inbuf_len(TO_CONN(conn));
2340 }
2341
2342 length = connection_edge_get_inbuf_bytes_to_package(bytes_to_process,
2343 package_partial, circ,
2344 cpath_layer);
2345 if (!length)
2346 return 0;
2347
2348 /* If we reach this point, we will definitely be packaging bytes into
2349 * a cell. */
2350
2353
2354 if (PREDICT_UNLIKELY(sending_from_optimistic)) {
2355 /* XXXX We could be more efficient here by sometimes packing
2356 * previously-sent optimistic data in the same cell with data
2357 * from the inbuf. */
2358 buf_get_bytes(entry_conn->sending_optimistic_data, payload, length);
2359 if (!buf_datalen(entry_conn->sending_optimistic_data)) {
2360 buf_free(entry_conn->sending_optimistic_data);
2361 entry_conn->sending_optimistic_data = NULL;
2362 }
2363 } else {
2364 connection_buf_get_bytes(payload, length, TO_CONN(conn));
2365 }
2366
2367 log_debug(domain,TOR_SOCKET_T_FORMAT": Packaging %d bytes (%d waiting).",
2368 conn->base_.s,
2369 (int)length, (int)connection_get_inbuf_len(TO_CONN(conn)));
2370
2371 if (sending_optimistically && !sending_from_optimistic) {
2372 /* This is new optimistic data; remember it in case we need to detach and
2373 retry */
2374 if (!entry_conn->pending_optimistic_data)
2375 entry_conn->pending_optimistic_data = buf_new();
2376 buf_add(entry_conn->pending_optimistic_data, payload, length);
2377 }
2378
2379 /* Send a data cell. This handles the circuit package window. */
2380 if (connection_edge_send_command(conn, RELAY_COMMAND_DATA,
2381 payload, length) < 0 ) {
2382 /* circuit got marked for close, don't continue, don't need to mark conn */
2383 return 0;
2384 }
2385
2386 /* Handle the stream-level SENDME package window. */
2387 if (sendme_note_stream_data_packaged(conn, length) < 0) {
2389 log_debug(domain,"conn->package_window reached 0.");
2390 circuit_consider_stop_edge_reading(circ, cpath_layer);
2391 return 0; /* don't process the inbuf any more */
2392 }
2393 log_debug(domain,"conn->package_window is now %d",conn->package_window);
2394
2395 if (max_cells) {
2396 *max_cells -= 1;
2397 if (*max_cells <= 0)
2398 return 0;
2399 }
2400
2401 /* handle more if there's more, or return 0 if there isn't */
2402 goto repeat_connection_edge_package_raw_inbuf;
2403}
2404
2405/** The circuit <b>circ</b> has received a circuit-level sendme
2406 * (on hop <b>layer_hint</b>, if we're the OP). Go through all the
2407 * attached streams and let them resume reading and packaging, if
2408 * their stream windows allow it.
2409 */
2410static void
2412{
2414 log_debug(layer_hint?LD_APP:LD_EXIT,"Too big queue, no resuming");
2415 return;
2416 }
2417
2418 /* If we have a conflux negotiated, and it still can't send on
2419 * any circuit, then do not resume sending. */
2420 if (circ->conflux && !conflux_can_send(circ->conflux)) {
2421 log_debug(layer_hint?LD_APP:LD_EXIT,
2422 "Conflux can't send, not resuming edges");
2423 return;
2424 }
2425
2426 log_debug(layer_hint?LD_APP:LD_EXIT,"resuming");
2427
2428 if (CIRCUIT_IS_ORIGIN(circ))
2430 circ, layer_hint);
2431 else
2433 circ, layer_hint);
2434}
2435
2436/** A helper function for circuit_resume_edge_reading() above.
2437 * The arguments are the same, except that <b>conn</b> is the head
2438 * of a linked list of edge streams that should each be considered.
2439 */
2440static int
2442 circuit_t *circ,
2443 crypt_path_t *layer_hint)
2444{
2445 edge_connection_t *conn;
2446 int n_packaging_streams, n_streams_left;
2447 int packaged_this_round;
2448 int cells_on_queue;
2449 int cells_per_conn;
2450 edge_connection_t *chosen_stream = NULL;
2451 int max_to_package;
2452
2453 if (first_conn == NULL) {
2454 /* Don't bother to try to do the rest of this if there are no connections
2455 * to resume. */
2456 return 0;
2457 }
2458
2459 /* Once we used to start listening on the streams in the order they
2460 * appeared in the linked list. That leads to starvation on the
2461 * streams that appeared later on the list, since the first streams
2462 * would always get to read first. Instead, we just pick a random
2463 * stream on the list, and enable reading for streams starting at that
2464 * point (and wrapping around as if the list were circular). It would
2465 * probably be better to actually remember which streams we've
2466 * serviced in the past, but this is simple and effective. */
2467
2468 /* Select a stream uniformly at random from the linked list. We
2469 * don't need cryptographic randomness here. */
2470 {
2471 int num_streams = 0;
2472 for (conn = first_conn; conn; conn = conn->next_stream) {
2473 num_streams++;
2474
2475 if (crypto_fast_rng_one_in_n(get_thread_fast_rng(), num_streams)) {
2476 chosen_stream = conn;
2477 }
2478 /* Invariant: chosen_stream has been chosen uniformly at random from
2479 * among the first num_streams streams on first_conn.
2480 *
2481 * (Note that we iterate over every stream on the circuit, so that after
2482 * we've considered the first stream, we've chosen it with P=1; and
2483 * after we consider the second stream, we've switched to it with P=1/2
2484 * and stayed with the first stream with P=1/2; and after we've
2485 * considered the third stream, we've switched to it with P=1/3 and
2486 * remained with one of the first two streams with P=(2/3), giving each
2487 * one P=(1/2)(2/3) )=(1/3).) */
2488 }
2489 }
2490
2491 /* Count how many non-marked streams there are that have anything on
2492 * their inbuf, and enable reading on all of the connections. */
2493 n_packaging_streams = 0;
2494 /* Activate reading starting from the chosen stream */
2495 for (conn=chosen_stream; conn; conn = conn->next_stream) {
2496 /* Start reading for the streams starting from here */
2497 if (conn->base_.marked_for_close || conn->package_window <= 0)
2498 continue;
2499
2500 if (edge_uses_cpath(conn, layer_hint)) {
2501 if (!conn->xoff_received) {
2503 }
2504
2505 if (connection_get_inbuf_len(TO_CONN(conn)) > 0)
2506 ++n_packaging_streams;
2507 }
2508 }
2509 /* Go back and do the ones we skipped, circular-style */
2510 for (conn = first_conn; conn != chosen_stream; conn = conn->next_stream) {
2511 if (conn->base_.marked_for_close || conn->package_window <= 0)
2512 continue;
2513
2514 if (edge_uses_cpath(conn, layer_hint)) {
2515 if (!conn->xoff_received) {
2517 }
2518
2519 if (connection_get_inbuf_len(TO_CONN(conn)) > 0)
2520 ++n_packaging_streams;
2521 }
2522 }
2523
2524 if (n_packaging_streams == 0) /* avoid divide-by-zero */
2525 return 0;
2526
2527 again:
2528
2529 /* If we're using conflux, the circuit we decide to send on may change
2530 * after we're sending. Get it again, and re-check package windows
2531 * for it */
2532 if (circ->conflux) {
2533 if (circuit_consider_stop_edge_reading(circ, layer_hint))
2534 return -1;
2535
2536 circ = conflux_decide_next_circ(circ->conflux);
2537
2538 /* Get the destination layer hint for this circuit */
2539 layer_hint = conflux_get_destination_hop(circ);
2540 }
2541
2542 /* How many cells do we have space for? It will be the minimum of
2543 * the number needed to exhaust the package window, and the minimum
2544 * needed to fill the cell queue. */
2545 max_to_package = congestion_control_get_package_window(circ, layer_hint);
2546 if (CIRCUIT_IS_ORIGIN(circ)) {
2547 cells_on_queue = circ->n_chan_cells.n;
2548 } else {
2549 or_circuit_t *or_circ = TO_OR_CIRCUIT(circ);
2550 cells_on_queue = or_circ->p_chan_cells.n;
2551 }
2552 if (cell_queue_highwatermark() - cells_on_queue < max_to_package)
2553 max_to_package = cell_queue_highwatermark() - cells_on_queue;
2554
2555 cells_per_conn = CEIL_DIV(max_to_package, n_packaging_streams);
2556
2557 packaged_this_round = 0;
2558 n_streams_left = 0;
2559
2560 /* Iterate over all connections. Package up to cells_per_conn cells on
2561 * each. Update packaged_this_round with the total number of cells
2562 * packaged, and n_streams_left with the number that still have data to
2563 * package.
2564 */
2565 for (conn=first_conn; conn; conn=conn->next_stream) {
2566 if (conn->base_.marked_for_close || conn->package_window <= 0)
2567 continue;
2568 if (edge_uses_cpath(conn, layer_hint)) {
2569 int n = cells_per_conn, r;
2570 /* handle whatever might still be on the inbuf */
2571 r = connection_edge_package_raw_inbuf(conn, 1, &n);
2572
2573 /* Note how many we packaged */
2574 packaged_this_round += (cells_per_conn-n);
2575
2576 if (r<0) {
2577 /* Problem while packaging. (We already sent an end cell if
2578 * possible) */
2579 connection_mark_for_close(TO_CONN(conn));
2580 continue;
2581 }
2582
2583 /* If there's still data to read, we'll be coming back to this stream. */
2584 if (connection_get_inbuf_len(TO_CONN(conn)))
2585 ++n_streams_left;
2586
2587 /* If the circuit won't accept any more data, return without looking
2588 * at any more of the streams. Any connections that should be stopped
2589 * have already been stopped by connection_edge_package_raw_inbuf. */
2590 if (circuit_consider_stop_edge_reading(circ, layer_hint))
2591 return -1;
2592 /* XXXX should we also stop immediately if we fill up the cell queue?
2593 * Probably. */
2594 }
2595 }
2596
2597 /* If we made progress, and we are willing to package more, and there are
2598 * any streams left that want to package stuff... try again!
2599 */
2600 if (packaged_this_round && packaged_this_round < max_to_package &&
2601 n_streams_left) {
2602 n_packaging_streams = n_streams_left;
2603 goto again;
2604 }
2605
2606 return 0;
2607}
2608
2609/** Check if the package window for <b>circ</b> is empty (at
2610 * hop <b>layer_hint</b> if it's defined).
2611 *
2612 * If yes, tell edge streams to stop reading and return 1.
2613 * Else return 0.
2614 */
2615static int
2617{
2618 edge_connection_t *conn = NULL;
2619 unsigned domain = layer_hint ? LD_APP : LD_EXIT;
2620
2621 if (!layer_hint) {
2622 or_circuit_t *or_circ = TO_OR_CIRCUIT(circ);
2623 log_debug(domain,"considering circ->package_window %d",
2624 circ->package_window);
2625 if (circuit_get_package_window(circ, layer_hint) <= 0) {
2626 log_debug(domain,"yes, not-at-origin. stopped.");
2627 for (conn = or_circ->n_streams; conn; conn=conn->next_stream)
2629 return 1;
2630 }
2631 return 0;
2632 }
2633 /* else, layer hint is defined, use it */
2634 log_debug(domain,"considering layer_hint->package_window %d",
2635 layer_hint->package_window);
2636 if (circuit_get_package_window(circ, layer_hint) <= 0) {
2637 log_debug(domain,"yes, at-origin. stopped.");
2638 for (conn = TO_ORIGIN_CIRCUIT(circ)->p_streams; conn;
2639 conn=conn->next_stream) {
2640 if (edge_uses_cpath(conn, layer_hint))
2642 }
2643 return 1;
2644 }
2645 return 0;
2646}
2647
2648/** The total number of cells we have allocated. */
2649static size_t total_cells_allocated = 0;
2650
2651/** Release storage held by <b>cell</b>. */
2652static inline void
2654{
2656 tor_free(cell);
2657}
2658
2659/** Allocate and return a new packed_cell_t. */
2662{
2664 return tor_malloc_zero(sizeof(packed_cell_t));
2665}
2666
2667/** Return a packed cell used outside by channel_t lower layer */
2668void
2670{
2671 if (!cell)
2672 return;
2674}
2675
2676/** Log current statistics for cell pool allocation at log level
2677 * <b>severity</b>. */
2678void
2680{
2681 int n_circs = 0;
2682 int n_cells = 0;
2684 n_cells += c->n_chan_cells.n;
2685 if (!CIRCUIT_IS_ORIGIN(c))
2686 n_cells += TO_OR_CIRCUIT(c)->p_chan_cells.n;
2687 ++n_circs;
2688 }
2689 SMARTLIST_FOREACH_END(c);
2690 tor_log(severity, LD_MM,
2691 "%d cells allocated on %d circuits. %d cells leaked.",
2692 n_cells, n_circs, (int)total_cells_allocated - n_cells);
2693}
2694
2695/** Allocate a new copy of packed <b>cell</b>. */
2696static inline packed_cell_t *
2697packed_cell_copy(const cell_t *cell, int wide_circ_ids)
2698{
2700 cell_pack(c, cell, wide_circ_ids);
2701 return c;
2702}
2703
2704/** Append <b>cell</b> to the end of <b>queue</b>. */
2705void
2707{
2708 TOR_SIMPLEQ_INSERT_TAIL(&queue->head, cell, next);
2709 ++queue->n;
2710}
2711
2712/** Append a newly allocated copy of <b>cell</b> to the end of the
2713 * <b>exitward</b> (or app-ward) <b>queue</b> of <b>circ</b>. If
2714 * <b>use_stats</b> is true, record statistics about the cell.
2715 */
2716void
2718 int exitward, const cell_t *cell,
2719 int wide_circ_ids, int use_stats)
2720{
2721 packed_cell_t *copy = packed_cell_copy(cell, wide_circ_ids);
2722 (void)circ;
2723 (void)exitward;
2724 (void)use_stats;
2725
2727
2728 cell_queue_append(queue, copy);
2729}
2730
2731/** Initialize <b>queue</b> as an empty cell queue. */
2732void
2734{
2735 memset(queue, 0, sizeof(cell_queue_t));
2736 TOR_SIMPLEQ_INIT(&queue->head);
2737}
2738
2739/** Remove and free every cell in <b>queue</b>. */
2740void
2742{
2743 packed_cell_t *cell;
2744 while ((cell = TOR_SIMPLEQ_FIRST(&queue->head))) {
2745 TOR_SIMPLEQ_REMOVE_HEAD(&queue->head, next);
2747 }
2748 TOR_SIMPLEQ_INIT(&queue->head);
2749 queue->n = 0;
2750}
2751
2752/** Extract and return the cell at the head of <b>queue</b>; return NULL if
2753 * <b>queue</b> is empty. */
2756{
2757 packed_cell_t *cell = TOR_SIMPLEQ_FIRST(&queue->head);
2758 if (!cell)
2759 return NULL;
2760 TOR_SIMPLEQ_REMOVE_HEAD(&queue->head, next);
2761 --queue->n;
2762 return cell;
2763}
2764
2765/** Initialize <b>queue</b> as an empty cell queue. */
2766void
2768{
2769 memset(queue, 0, sizeof(destroy_cell_queue_t));
2770 TOR_SIMPLEQ_INIT(&queue->head);
2771}
2772
2773/** Remove and free every cell in <b>queue</b>. */
2774void
2776{
2777 destroy_cell_t *cell;
2778 while ((cell = TOR_SIMPLEQ_FIRST(&queue->head))) {
2779 TOR_SIMPLEQ_REMOVE_HEAD(&queue->head, next);
2780 tor_free(cell);
2781 }
2782 TOR_SIMPLEQ_INIT(&queue->head);
2783 queue->n = 0;
2784}
2785
2786/** Extract and return the cell at the head of <b>queue</b>; return NULL if
2787 * <b>queue</b> is empty. */
2790{
2791 destroy_cell_t *cell = TOR_SIMPLEQ_FIRST(&queue->head);
2792 if (!cell)
2793 return NULL;
2794 TOR_SIMPLEQ_REMOVE_HEAD(&queue->head, next);
2795 --queue->n;
2796 return cell;
2797}
2798
2799/** Append a destroy cell for <b>circid</b> to <b>queue</b>. */
2800void
2802 circid_t circid,
2803 uint8_t reason)
2804{
2805 destroy_cell_t *cell = tor_malloc_zero(sizeof(destroy_cell_t));
2806 cell->circid = circid;
2807 cell->reason = reason;
2808 /* Not yet used, but will be required for OOM handling. */
2810
2811 TOR_SIMPLEQ_INSERT_TAIL(&queue->head, cell, next);
2812 ++queue->n;
2813}
2814
2815/** Convert a destroy_cell_t to a newly allocated cell_t. Frees its input. */
2816static packed_cell_t *
2818{
2819 packed_cell_t *packed = packed_cell_new();
2820 cell_t cell;
2821 memset(&cell, 0, sizeof(cell));
2822 cell.circ_id = inp->circid;
2823 cell.command = CELL_DESTROY;
2824 cell.payload[0] = inp->reason;
2825 cell_pack(packed, &cell, wide_circ_ids);
2826
2827 tor_free(inp);
2828 return packed;
2829}
2830
2831/** Return the total number of bytes used for each packed_cell in a queue.
2832 * Approximate. */
2833size_t
2835{
2836 return sizeof(packed_cell_t);
2837}
2838
2839/* DOCDOC */
2840size_t
2841cell_queues_get_total_allocation(void)
2842{
2844}
2845
2846/** How long after we've been low on memory should we try to conserve it? */
2847#define MEMORY_PRESSURE_INTERVAL (30*60)
2848
2849/** The time at which we were last low on memory. */
2851
2852/** Statistics on how many bytes were removed by the OOM per type. */
2854uint64_t oom_stats_n_bytes_removed_cell = 0;
2855uint64_t oom_stats_n_bytes_removed_geoip = 0;
2856uint64_t oom_stats_n_bytes_removed_hsdir = 0;
2857
2858/** Check whether we've got too much space used for cells. If so,
2859 * call the OOM handler and return 1. Otherwise, return 0. */
2860STATIC int
2862{
2863 size_t removed = 0;
2864 time_t now = time(NULL);
2865 size_t alloc = cell_queues_get_total_allocation();
2867 alloc += buf_get_total_allocation();
2869 const size_t hs_cache_total = hs_cache_get_total_allocation();
2870 alloc += hs_cache_total;
2871 const size_t geoip_client_cache_total =
2872 geoip_client_cache_total_allocation();
2873 alloc += geoip_client_cache_total;
2874 const size_t dns_cache_total = dns_cache_total_allocation();
2875 alloc += dns_cache_total;
2876 const size_t conflux_total = conflux_get_total_bytes_allocation();
2877 alloc += conflux_total;
2878 if (alloc >= get_options()->MaxMemInQueues_low_threshold) {
2880 if (alloc >= get_options()->MaxMemInQueues) {
2881 /* Note this overload down */
2882 rep_hist_note_overload(OVERLOAD_GENERAL);
2883
2884 /* If we're spending over 20% of the memory limit on hidden service
2885 * descriptors, free them until we're down to 10%. Do the same for geoip
2886 * client cache. */
2887 if (hs_cache_total > get_options()->MaxMemInQueues / 5) {
2888 const size_t bytes_to_remove =
2889 hs_cache_total - (size_t)(get_options()->MaxMemInQueues / 10);
2890 removed = hs_cache_handle_oom(bytes_to_remove);
2891 oom_stats_n_bytes_removed_hsdir += removed;
2892 alloc -= removed;
2893 }
2894 if (geoip_client_cache_total > get_options()->MaxMemInQueues / 5) {
2895 const size_t bytes_to_remove =
2896 geoip_client_cache_total -
2897 (size_t)(get_options()->MaxMemInQueues / 10);
2898 removed = geoip_client_cache_handle_oom(now, bytes_to_remove);
2899 oom_stats_n_bytes_removed_geoip += removed;
2900 alloc -= removed;
2901 }
2902 if (dns_cache_total > get_options()->MaxMemInQueues / 5) {
2903 const size_t bytes_to_remove =
2904 dns_cache_total - (size_t)(get_options()->MaxMemInQueues / 10);
2905 removed = dns_cache_handle_oom(now, bytes_to_remove);
2907 alloc -= removed;
2908 }
2909 /* Like onion service above, try to go down to 10% if we are above 20% */
2910 if (conflux_total > get_options()->MaxMemInQueues / 5) {
2911 const size_t bytes_to_remove =
2912 conflux_total - (size_t)(get_options()->MaxMemInQueues / 10);
2913 removed = conflux_handle_oom(bytes_to_remove);
2914 oom_stats_n_bytes_removed_cell += removed;
2915 alloc -= removed;
2916 }
2917 removed = circuits_handle_oom(alloc);
2918 oom_stats_n_bytes_removed_cell += removed;
2919 return 1;
2920 }
2921 }
2922 return 0;
2923}
2924
2925/** Return true if we've been under memory pressure in the last
2926 * MEMORY_PRESSURE_INTERVAL seconds. */
2927int
2929{
2931 < approx_time();
2932}
2933
2934/**
2935 * Update the number of cells available on the circuit's n_chan or p_chan's
2936 * circuit mux.
2937 */
2938void
2940 const char *file, int lineno)
2941{
2942 channel_t *chan = NULL;
2943 or_circuit_t *or_circ = NULL;
2944 circuitmux_t *cmux = NULL;
2945
2946 tor_assert(circ);
2947
2948 /* Okay, get the channel */
2949 if (direction == CELL_DIRECTION_OUT) {
2950 chan = circ->n_chan;
2951 } else {
2952 or_circ = TO_OR_CIRCUIT(circ);
2953 chan = or_circ->p_chan;
2954 }
2955
2956 tor_assert(chan);
2957 tor_assert(chan->cmux);
2958
2959 /* Now get the cmux */
2960 cmux = chan->cmux;
2961
2962 /* Cmux sanity check */
2963 if (! circuitmux_is_circuit_attached(cmux, circ)) {
2964 log_warn(LD_BUG, "called on non-attached circuit from %s:%d",
2965 file, lineno);
2966 return;
2967 }
2968 tor_assert(circuitmux_attached_circuit_direction(cmux, circ) == direction);
2969
2970 /* Update the number of cells we have for the circuit mux */
2971 if (direction == CELL_DIRECTION_OUT) {
2972 circuitmux_set_num_cells(cmux, circ, circ->n_chan_cells.n);
2973 } else {
2974 circuitmux_set_num_cells(cmux, circ, or_circ->p_chan_cells.n);
2975 }
2976}
2977
2978/** Remove all circuits from the cmux on <b>chan</b>.
2979 *
2980 * If <b>circuits_out</b> is non-NULL, add all detached circuits to
2981 * <b>circuits_out</b>.
2982 **/
2983void
2985{
2986 tor_assert(chan);
2987 tor_assert(chan->cmux);
2988
2989 circuitmux_detach_all_circuits(chan->cmux, circuits_out);
2990 chan->num_n_circuits = 0;
2991 chan->num_p_circuits = 0;
2992}
2993
2994/**
2995 * Called when a circuit becomes blocked or unblocked due to the channel
2996 * cell queue.
2997 *
2998 * Block (if <b>block</b> is true) or unblock (if <b>block</b> is false)
2999 * every edge connection that is using <b>circ</b> to write to <b>chan</b>,
3000 * and start or stop reading as appropriate.
3001 */
3002static void
3004{
3005 edge_connection_t *edge = NULL;
3006 if (circ->n_chan == chan) {
3007 circ->circuit_blocked_on_n_chan = block;
3008 if (CIRCUIT_IS_ORIGIN(circ))
3009 edge = TO_ORIGIN_CIRCUIT(circ)->p_streams;
3010 } else {
3011 circ->circuit_blocked_on_p_chan = block;
3013 edge = TO_OR_CIRCUIT(circ)->n_streams;
3014 }
3015
3016 set_block_state_for_streams(circ, edge, block, 0);
3017}
3018
3019/**
3020 * Helper function to block or unblock streams in a stream list.
3021 *
3022 * If <b>stream_id</b> is 0, apply the <b>block</b> state to all streams
3023 * in the stream list. If it is non-zero, only apply to that specific stream.
3024 */
3025static void
3027 int block, streamid_t stream_id)
3028{
3029 /* If we have a conflux object, we need to examine its status before
3030 * blocking and unblocking streams. */
3031 if (circ->conflux) {
3032 bool can_send = conflux_can_send(circ->conflux);
3033
3034 if (block && can_send) {
3035 /* Don't actually block streams, since conflux can send*/
3036 return;
3037 } else if (!block && !can_send) {
3038 /* Don't actually unblock streams, since conflux still can't send */
3039 return;
3040 }
3041 }
3042
3043 for (edge_connection_t *edge = stream_list; edge; edge = edge->next_stream) {
3044 connection_t *conn = TO_CONN(edge);
3045 if (stream_id && edge->stream_id != stream_id)
3046 continue;
3047
3048 if (!conn->read_event || edge->xoff_received ||
3049 conn->marked_for_close) {
3050 /* This connection should not start or stop reading. */
3051 continue;
3052 }
3053
3054 if (block) {
3055 if (connection_is_reading(conn))
3057 } else {
3058 /* Is this right? */
3059 if (!connection_is_reading(conn))
3061 }
3062 }
3063}
3064
3065/** Extract the command from a packed cell. */
3066uint8_t
3067packed_cell_get_command(const packed_cell_t *cell, int wide_circ_ids)
3068{
3069 if (wide_circ_ids) {
3070 return get_uint8(cell->body+4);
3071 } else {
3072 return get_uint8(cell->body+2);
3073 }
3074}
3075
3076/** Extract the circuit ID from a packed cell. */
3078packed_cell_get_circid(const packed_cell_t *cell, int wide_circ_ids)
3079{
3080 if (wide_circ_ids) {
3081 return ntohl(get_uint32(cell->body));
3082 } else {
3083 return ntohs(get_uint16(cell->body));
3084 }
3085}
3086
3087/** Pull as many cells as possible (but no more than <b>max</b>) from the
3088 * queue of the first active circuit on <b>chan</b>, and write them to
3089 * <b>chan</b>-&gt;outbuf. Return the number of cells written. Advance
3090 * the active circuit pointer to the next active circuit in the ring. */
3091MOCK_IMPL(int,
3093{
3094 circuitmux_t *cmux = NULL;
3095 int n_flushed = 0;
3096 cell_queue_t *queue;
3097 destroy_cell_queue_t *destroy_queue=NULL;
3098 circuit_t *circ;
3099 or_circuit_t *or_circ;
3100 int circ_blocked;
3101 packed_cell_t *cell;
3102
3103 /* Get the cmux */
3104 tor_assert(chan);
3105 tor_assert(chan->cmux);
3106 cmux = chan->cmux;
3107
3108 /* Main loop: pick a circuit, send a cell, update the cmux */
3109 while (n_flushed < max) {
3110 circ = circuitmux_get_first_active_circuit(cmux, &destroy_queue);
3111 if (destroy_queue) {
3112 destroy_cell_t *dcell;
3113 /* this code is duplicated from some of the logic below. Ugly! XXXX */
3114 /* If we are given a destroy_queue here, then it is required to be
3115 * nonempty... */
3116 tor_assert(destroy_queue->n > 0);
3117 dcell = destroy_cell_queue_pop(destroy_queue);
3118 /* ...and pop() will always yield a cell from a nonempty queue. */
3119 tor_assert(dcell);
3120 /* frees dcell */
3121 cell = destroy_cell_to_packed_cell(dcell, chan->wide_circ_ids);
3122 /* Send the DESTROY cell. It is very unlikely that this fails but just
3123 * in case, get rid of the channel. */
3124 if (channel_write_packed_cell(chan, cell) < 0) {
3125 /* The cell has been freed. */
3127 continue;
3128 }
3129 /* Update the cmux destroy counter */
3131 cell = NULL;
3132 ++n_flushed;
3133 continue;
3134 }
3135 /* If it returns NULL, no cells left to send */
3136 if (!circ) break;
3137
3138 if (circ->n_chan == chan) {
3139 queue = &circ->n_chan_cells;
3140 circ_blocked = circ->circuit_blocked_on_n_chan;
3141 } else {
3142 or_circ = TO_OR_CIRCUIT(circ);
3143 tor_assert(or_circ->p_chan == chan);
3144 queue = &TO_OR_CIRCUIT(circ)->p_chan_cells;
3145 circ_blocked = circ->circuit_blocked_on_p_chan;
3146 }
3147
3148 /* Circuitmux told us this was active, so it should have cells.
3149 *
3150 * Note: In terms of logic and coherence, this should never happen but the
3151 * cmux dragon is powerful. Reason is that when the OOM is triggered, when
3152 * cleaning up circuits, we mark them for close and then clear their cell
3153 * queues. And so, we can have a circuit considered active by the cmux
3154 * dragon but without cells. The cmux subsystem is only notified of this
3155 * when the circuit is freed which leaves a tiny window between close and
3156 * free to end up here.
3157 *
3158 * We are accepting this as an "ok" race else the changes are likely non
3159 * trivial to make the mark for close to set the num cells to 0 and change
3160 * the free functions to detach the circuit conditionally without creating
3161 * a chain effect of madness.
3162 *
3163 * The lesson here is arti will prevail and leave the cmux dragon alone. */
3164 if (queue->n == 0) {
3165 circuitmux_set_num_cells(cmux, circ, 0);
3166 if (! circ->marked_for_close)
3167 circuit_mark_for_close(circ, END_CIRC_REASON_INTERNAL);
3168 continue;
3169 }
3170
3171 tor_assert(queue->n > 0);
3172
3173 /*
3174 * Get just one cell here; once we've sent it, that can change the circuit
3175 * selection, so we have to loop around for another even if this circuit
3176 * has more than one.
3177 */
3178 cell = cell_queue_pop(queue);
3179
3180 /* Calculate the exact time that this cell has spent in the queue. */
3181 if (get_options()->CellStatistics ||
3182 get_options()->TestingEnableCellStatsEvent) {
3183 uint32_t timestamp_now = monotime_coarse_get_stamp();
3184 uint32_t msec_waiting =
3186 timestamp_now - cell->inserted_timestamp);
3187
3188 if (get_options()->CellStatistics && !CIRCUIT_IS_ORIGIN(circ)) {
3189 or_circ = TO_OR_CIRCUIT(circ);
3190 or_circ->total_cell_waiting_time += msec_waiting;
3191 or_circ->processed_cells++;
3192 }
3193
3194 if (get_options()->TestingEnableCellStatsEvent) {
3195 uint8_t command = packed_cell_get_command(cell, chan->wide_circ_ids);
3196
3198 tor_malloc_zero(sizeof(testing_cell_stats_entry_t));
3199 ent->command = command;
3200 ent->waiting_time = msec_waiting / 10;
3201 ent->removed = 1;
3202 if (circ->n_chan == chan)
3203 ent->exitward = 1;
3204 if (!circ->testing_cell_stats)
3207 }
3208 }
3209
3210 /* If we just flushed our queue and this circuit is used for a
3211 * tunneled directory request, possibly advance its state. */
3212 if (queue->n == 0 && chan->dirreq_id)
3214 DIRREQ_TUNNELED,
3216
3217 /* Now send the cell. It is very unlikely that this fails but just in
3218 * case, get rid of the channel. */
3219 if (channel_write_packed_cell(chan, cell) < 0) {
3220 /* The cell has been freed at this point. */
3222 continue;
3223 }
3224 cell = NULL;
3225
3226 /*
3227 * Don't packed_cell_free_unchecked(cell) here because the channel will
3228 * do so when it gets out of the channel queue (probably already did, in
3229 * which case that was an immediate double-free bug).
3230 */
3231
3232 /* Update the counter */
3233 ++n_flushed;
3234
3235 /*
3236 * Now update the cmux; tell it we've just sent a cell, and how many
3237 * we have left.
3238 */
3239 circuitmux_notify_xmit_cells(cmux, circ, 1);
3240 circuitmux_set_num_cells(cmux, circ, queue->n);
3241 if (queue->n == 0)
3242 log_debug(LD_GENERAL, "Made a circuit inactive.");
3243
3244 /* Is the cell queue low enough to unblock all the streams that are waiting
3245 * to write to this circuit? */
3246 if (circ_blocked && queue->n <= cell_queue_lowwatermark())
3247 set_circuit_blocked_on_chan(circ, chan, 0); /* unblock streams */
3248
3249 /* If n_flushed < max still, loop around and pick another circuit */
3250 }
3251
3252 /* Okay, we're done sending now */
3253 return n_flushed;
3254}
3255
3256/* Minimum value is the maximum circuit window size.
3257 *
3258 * This value is set to a lower bound we believe is reasonable with congestion
3259 * control and basic network running parameters.
3260 *
3261 * SENDME cells makes it that we can control how many cells can be inflight on
3262 * a circuit from end to end. This logic makes it that on any circuit cell
3263 * queue, we have a maximum of cells possible.
3264 *
3265 * Because the Tor protocol allows for a client to exit at any hop in a
3266 * circuit and a circuit can be of a maximum of 8 hops, so in theory the
3267 * normal worst case will be the circuit window start value times the maximum
3268 * number of hops (8). Having more cells then that means something is wrong.
3269 *
3270 * However, because padding cells aren't counted in the package window, we set
3271 * the maximum size to a reasonably large size for which we expect that we'll
3272 * never reach in theory. And if we ever do because of future changes, we'll
3273 * be able to control it with a consensus parameter.
3274 *
3275 * XXX: Unfortunately, END cells aren't accounted for in the circuit window
3276 * which means that for instance if a client opens 8001 streams, the 8001
3277 * following END cells will queue up in the circuit which will get closed if
3278 * the max limit is 8000. Which is sad because it is allowed by the Tor
3279 * protocol. But, we need an upper bound on circuit queue in order to avoid
3280 * DoS memory pressure so the default size is a middle ground between not
3281 * having any limit and having a very restricted one. This is why we can also
3282 * control it through a consensus parameter. */
3283#define RELAY_CIRC_CELL_QUEUE_SIZE_MIN 50
3284/* We can't have a consensus parameter above this value. */
3285#define RELAY_CIRC_CELL_QUEUE_SIZE_MAX INT32_MAX
3286/* Default value is set to a large value so we can handle padding cells
3287 * properly which aren't accounted for in the SENDME window. Default is 2500
3288 * allowed cells in the queue resulting in ~1MB. */
3289#define RELAY_CIRC_CELL_QUEUE_SIZE_DEFAULT \
3290 (50 * RELAY_CIRC_CELL_QUEUE_SIZE_MIN)
3291
3292/* The maximum number of cells a circuit queue can contain. This is updated at
3293 * every new consensus and controlled by a parameter. */
3294static int32_t max_circuit_cell_queue_size =
3295 RELAY_CIRC_CELL_QUEUE_SIZE_DEFAULT;
3296/** Maximum number of cell on an outbound circuit queue. This is updated at
3297 * every new consensus and controlled by a parameter. This default is incorrect
3298 * and won't be used at all except in unit tests. */
3300 RELAY_CIRC_CELL_QUEUE_SIZE_DEFAULT;
3301
3302/** Return consensus parameter "circ_max_cell_queue_size". The given ns can be
3303 * NULL. */
3304static uint32_t
3306{
3307 return networkstatus_get_param(ns, "circ_max_cell_queue_size",
3308 RELAY_CIRC_CELL_QUEUE_SIZE_DEFAULT,
3309 RELAY_CIRC_CELL_QUEUE_SIZE_MIN,
3310 RELAY_CIRC_CELL_QUEUE_SIZE_MAX);
3311}
3312
3313/** Return consensus parameter "circ_max_cell_queue_size_out". The given ns can
3314 * be NULL. */
3315static uint32_t
3317{
3318 return networkstatus_get_param(ns, "circ_max_cell_queue_size_out",
3320 RELAY_CIRC_CELL_QUEUE_SIZE_MIN,
3321 RELAY_CIRC_CELL_QUEUE_SIZE_MAX);
3322}
3323
3324/* Called when the consensus has changed. At this stage, the global consensus
3325 * object has NOT been updated. It is called from
3326 * notify_before_networkstatus_changes(). */
3327void
3328relay_consensus_has_changed(const networkstatus_t *ns)
3329{
3330 tor_assert(ns);
3331
3332 /* Update the circuit max cell queue size from the consensus. */
3333 max_circuit_cell_queue_size =
3337}
3338
3339/** Add <b>cell</b> to the queue of <b>circ</b> writing to <b>chan</b>
3340 * transmitting in <b>direction</b>.
3341 *
3342 * The given <b>cell</b> is copied onto the circuit queue so the caller must
3343 * cleanup the memory.
3344 *
3345 * This function is part of the fast path.
3346 *
3347 * Return 1 if the cell was successfully sent.
3348 * Return 0 if the cell can not be sent. The caller MUST NOT close the circuit.
3349 * Return -1 indicating an error and that the caller should mark the circuit
3350 * for close. */
3351int
3353 cell_t *cell, cell_direction_t direction,
3354 streamid_t fromstream)
3355{
3356 or_circuit_t *orcirc = NULL;
3357 edge_connection_t *stream_list = NULL;
3358 cell_queue_t *queue;
3359 int32_t max_queue_size;
3360 int circ_blocked;
3361 int exitward;
3362 if (circ->marked_for_close) {
3363 return 0;
3364 }
3365
3366 exitward = (direction == CELL_DIRECTION_OUT);
3367 if (exitward) {
3368 queue = &circ->n_chan_cells;
3369 circ_blocked = circ->circuit_blocked_on_n_chan;
3370 max_queue_size = max_circuit_cell_queue_size_out;
3371 if (CIRCUIT_IS_ORIGIN(circ))
3372 stream_list = TO_ORIGIN_CIRCUIT(circ)->p_streams;
3373 } else {
3374 orcirc = TO_OR_CIRCUIT(circ);
3375 queue = &orcirc->p_chan_cells;
3376 circ_blocked = circ->circuit_blocked_on_p_chan;
3377 max_queue_size = max_circuit_cell_queue_size;
3378 stream_list = TO_OR_CIRCUIT(circ)->n_streams;
3379 }
3380
3381 if (PREDICT_UNLIKELY(queue->n >= max_queue_size)) {
3382 /* This DoS defense only applies at the Guard as in the p_chan is likely
3383 * a client IP attacking the network. */
3384 if (exitward && CIRCUIT_IS_ORCIRC(circ)) {
3385 stats_n_circ_max_cell_outq_reached++;
3386 dos_note_circ_max_outq(CONST_TO_OR_CIRCUIT(circ)->p_chan);
3387 }
3388
3389 log_fn(LOG_PROTOCOL_WARN, LD_PROTOCOL,
3390 "%s circuit has %d cells in its queue, maximum allowed is %d. "
3391 "Closing circuit for safety reasons.",
3392 (exitward) ? "Outbound" : "Inbound", queue->n,
3393 max_queue_size);
3395 return -1;
3396 }
3397
3398 /* Very important that we copy to the circuit queue because all calls to
3399 * this function use the stack for the cell memory. */
3400 cell_queue_append_packed_copy(circ, queue, exitward, cell,
3401 chan->wide_circ_ids, 1);
3402
3403 /* Check and run the OOM if needed. */
3404 if (PREDICT_UNLIKELY(cell_queues_check_size())) {
3405 /* We ran the OOM handler which might have closed this circuit. */
3406 if (circ->marked_for_close) {
3407 return 0;
3408 }
3409 }
3410
3411 /* If we have too many cells on the circuit, note that it should
3412 * be blocked from new cells. */
3413 if (!circ_blocked && queue->n >= cell_queue_highwatermark())
3414 set_circuit_blocked_on_chan(circ, chan, 1);
3415
3416 if (circ_blocked && fromstream) {
3417 /* This edge connection is apparently not blocked; this can happen for
3418 * new streams on a blocked circuit, for their CONNECTED response.
3419 * block it now, unless we have conflux. */
3420 set_block_state_for_streams(circ, stream_list, 1, fromstream);
3421 }
3422
3423 update_circuit_on_cmux(circ, direction);
3424 if (queue->n == 1) {
3425 /* This was the first cell added to the queue. We just made this
3426 * circuit active. */
3427 log_debug(LD_GENERAL, "Made a circuit active.");
3428 }
3429
3430 /* New way: mark this as having waiting cells for the scheduler */
3432 return 1;
3433}
3434
3435/** Append an encoded value of <b>addr</b> to <b>payload_out</b>, which must
3436 * have at least 18 bytes of free space. The encoding is, as specified in
3437 * tor-spec.txt:
3438 * RESOLVED_TYPE_IPV4 or RESOLVED_TYPE_IPV6 [1 byte]
3439 * LENGTH [1 byte]
3440 * ADDRESS [length bytes]
3441 * Return the number of bytes added, or -1 on error */
3442int
3443append_address_to_payload(uint8_t *payload_out, const tor_addr_t *addr)
3444{
3445 uint32_t a;
3446 switch (tor_addr_family(addr)) {
3447 case AF_INET:
3448 payload_out[0] = RESOLVED_TYPE_IPV4;
3449 payload_out[1] = 4;
3450 a = tor_addr_to_ipv4n(addr);
3451 memcpy(payload_out+2, &a, 4);
3452 return 6;
3453 case AF_INET6:
3454 payload_out[0] = RESOLVED_TYPE_IPV6;
3455 payload_out[1] = 16;
3456 memcpy(payload_out+2, tor_addr_to_in6_addr8(addr), 16);
3457 return 18;
3458 case AF_UNSPEC:
3459 default:
3460 return -1;
3461 }
3462}
3463
3464/** Given <b>payload_len</b> bytes at <b>payload</b>, starting with an address
3465 * encoded as by append_address_to_payload(), try to decode the address into
3466 * *<b>addr_out</b>. Return the next byte in the payload after the address on
3467 * success, or NULL on failure. */
3468const uint8_t *
3469decode_address_from_payload(tor_addr_t *addr_out, const uint8_t *payload,
3470 int payload_len)
3471{
3472 if (payload_len < 2)
3473 return NULL;
3474 if (payload_len < 2+payload[1])
3475 return NULL;
3476
3477 switch (payload[0]) {
3478 case RESOLVED_TYPE_IPV4:
3479 if (payload[1] != 4)
3480 return NULL;
3481 tor_addr_from_ipv4n(addr_out, get_uint32(payload+2));
3482 break;
3483 case RESOLVED_TYPE_IPV6:
3484 if (payload[1] != 16)
3485 return NULL;
3486 tor_addr_from_ipv6_bytes(addr_out, (payload+2));
3487 break;
3488 default:
3489 tor_addr_make_unspec(addr_out);
3490 break;
3491 }
3492 return payload + 2 + payload[1];
3493}
3494
3495/** Remove all the cells queued on <b>circ</b> for <b>chan</b>. */
3496void
3498{
3499 cell_queue_t *queue;
3500 cell_direction_t direction;
3501
3502 if (circ->n_chan == chan) {
3503 queue = &circ->n_chan_cells;
3504 direction = CELL_DIRECTION_OUT;
3505 } else {
3506 or_circuit_t *orcirc = TO_OR_CIRCUIT(circ);
3507 tor_assert(orcirc->p_chan == chan);
3508 queue = &orcirc->p_chan_cells;
3509 direction = CELL_DIRECTION_IN;
3510 }
3511
3512 /* Clear the queue */
3513 cell_queue_clear(queue);
3514
3515 /* Update the cell counter in the cmux */
3516 if (chan->cmux && circuitmux_is_circuit_attached(chan->cmux, circ))
3517 update_circuit_on_cmux(circ, direction);
3518}
3519
3520/** Return 1 if we shouldn't restart reading on this circuit, even if
3521 * we get a SENDME. Else return 0.
3522*/
3523static int
3525{
3526 if (CIRCUIT_IS_ORIGIN(circ)) {
3527 return circ->circuit_blocked_on_n_chan;
3528 } else {
3529 return circ->circuit_blocked_on_p_chan;
3530 }
3531}
3532
3533/** Return the format to use.
3534 *
3535 * NULL can be passed but not for both. */
3538{
3539 if (circ && CIRCUIT_IS_ORCIRC(circ)) {
3540 return CONST_TO_OR_CIRCUIT(circ)->relay_cell_format;
3541 } else if (cpath) {
3542 return cpath->relay_cell_format;
3543 } else {
3544 /* We end up here when both params are NULL, which is not allowed, or when
3545 * only an origin circuit is given (which again is not allowed). */
3546 tor_assert_unreached();
3547 }
3548}
3549
3550/**
3551 * Return the maximum relay payload that can be sent to the chosen
3552 * point, with the specified command.
3553 */
3554size_t
3556 uint8_t relay_command)
3557{
3558 relay_cell_fmt_t fmt = circuit_get_relay_format(circ, cpath);
3559 return relay_cell_max_payload_size(fmt, relay_command);
3560}
void tor_addr_from_ipv4n(tor_addr_t *dest, uint32_t v4addr)
Definition: address.c:889
void tor_addr_make_unspec(tor_addr_t *a)
Definition: address.c:225
int tor_addr_parse(tor_addr_t *addr, const char *src)
Definition: address.c:1349
int tor_addr_is_null(const tor_addr_t *addr)
Definition: address.c:780
const char * tor_addr_to_str(char *dest, const tor_addr_t *addr, size_t len, int decorate)
Definition: address.c:328
void tor_addr_from_ipv6_bytes(tor_addr_t *dest, const uint8_t *ipv6_bytes)
Definition: address.c:900
static uint32_t tor_addr_to_ipv4n(const tor_addr_t *a)
Definition: address.h:152
static sa_family_t tor_addr_family(const tor_addr_t *a)
Definition: address.h:187
#define tor_addr_to_in6_addr8(x)
Definition: address.h:135
#define tor_addr_from_ipv4h(dest, v4addr)
Definition: address.h:327
#define fmt_addr(a)
Definition: address.h:239
#define TOR_ADDR_BUF_LEN
Definition: address.h:224
int client_dns_incr_failures(const char *address)
Definition: addressmap.c:638
void client_dns_set_addressmap(entry_connection_t *for_conn, const char *address, const tor_addr_t *val, const char *exitname, int ttl)
Definition: addressmap.c:728
void client_dns_clear_failures(const char *address)
Definition: addressmap.c:660
Header for addressmap.c.
time_t approx_time(void)
Definition: approx_time.c:32
Header for backtrace.c.
buf_t * buf_new(void)
Definition: buffers.c:365
int buf_add(buf_t *buf, const char *string, size_t string_len)
Definition: buffers.c:527
size_t buf_datalen(const buf_t *buf)
Definition: buffers.c:394
int buf_get_bytes(buf_t *buf, char *string, size_t string_len)
Definition: buffers.c:637
Header file for buffers.c.
static void set_uint16(void *cp, uint16_t v)
Definition: bytes.h:78
static uint16_t get_uint16(const void *cp)
Definition: bytes.h:42
static uint8_t get_uint8(const void *cp)
Definition: bytes.h:23
static void set_uint8(void *cp, uint8_t v)
Definition: bytes.h:31
static uint32_t get_uint32(const void *cp)
Definition: bytes.h:54
Cell queue structures.
Fixed-size cell structure.
void channel_timestamp_client(channel_t *chan)
Definition: channel.c:3198
int channel_send_destroy(circid_t circ_id, channel_t *chan, int reason)
Definition: channel.c:2038
int channel_is_client(const channel_t *chan)
Definition: channel.c:2918
void channel_mark_for_close(channel_t *chan)
Definition: channel.c:1142
int channel_write_packed_cell(channel_t *chan, packed_cell_t *cell)
Definition: channel.c:1489
Header file for channel.c.
void pathbias_count_valid_cells(circuit_t *circ, const relay_msg_t *msg)
Definition: circpathbias.c:962
int pathbias_check_probe_response(circuit_t *circ, const relay_msg_t *msg)
Definition: circpathbias.c:906
void pathbias_mark_use_success(origin_circuit_t *circ)
Definition: circpathbias.c:683
void circuit_log_path(int severity, unsigned int domain, origin_circuit_t *circ)
Definition: circuitbuild.c:356
int circuit_send_next_onion_skin(origin_circuit_t *circ)
Definition: circuitbuild.c:955
int circuit_finish_handshake(origin_circuit_t *circ, const created_cell_t *reply)
int circuit_truncated(origin_circuit_t *circ, int reason)
Header file for circuitbuild.c.
int circuit_extend(const relay_msg_t *rmsg, struct circuit_t *circ)
Header for feature/relay/circuitbuild_relay.c.
void circuit_synchronize_written_or_bandwidth(const circuit_t *c, circuit_channel_direction_t dir)
Definition: circuitlist.c:2103
void circuit_set_n_circid_chan(circuit_t *circ, circid_t id, channel_t *chan)
Definition: circuitlist.c:493
void circuit_set_state(circuit_t *circ, uint8_t state)
Definition: circuitlist.c:562
circuit_t * circuit_get_by_edge_conn(edge_connection_t *conn)
Definition: circuitlist.c:1606
origin_circuit_t * TO_ORIGIN_CIRCUIT(circuit_t *x)
Definition: circuitlist.c:185
void assert_circuit_ok(const circuit_t *c)
Definition: circuitlist.c:2778
const char * circuit_state_to_string(int state)
Definition: circuitlist.c:781
size_t circuits_handle_oom(size_t current_allocation)
Definition: circuitlist.c:2645
or_circuit_t * TO_OR_CIRCUIT(circuit_t *x)
Definition: circuitlist.c:173
smartlist_t * circuit_get_global_list(void)
Definition: circuitlist.c:713
Header file for circuitlist.c.
#define CIRCUIT_PURPOSE_PATH_BIAS_TESTING
Definition: circuitlist.h:123
#define CIRCUIT_STATE_OPEN
Definition: circuitlist.h:32
#define CIRCUIT_IS_ORCIRC(c)
Definition: circuitlist.h:161
#define CIRCUIT_IS_ORIGIN(c)
Definition: circuitlist.h:154
#define CIRCUIT_PURPOSE_OR
Definition: circuitlist.h:39
#define CIRCUIT_PURPOSE_S_REND_JOINED
Definition: circuitlist.h:110
#define CIRCUIT_PURPOSE_REND_ESTABLISHED
Definition: circuitlist.h:47
cell_direction_t circuitmux_attached_circuit_direction(circuitmux_t *cmux, circuit_t *circ)
Definition: circuitmux.c:549
void circuitmux_notify_xmit_destroy(circuitmux_t *cmux)
Definition: circuitmux.c:1164
void circuitmux_detach_all_circuits(circuitmux_t *cmux, smartlist_t *detached_out)
Definition: circuitmux.c:214
void circuitmux_notify_xmit_cells(circuitmux_t *cmux, circuit_t *circ, unsigned int n_cells)
Definition: circuitmux.c:1104
int circuitmux_is_circuit_attached(circuitmux_t *cmux, circuit_t *circ)
Definition: circuitmux.c:627
void circuitmux_set_num_cells(circuitmux_t *cmux, circuit_t *circ, unsigned int n_cells)
Definition: circuitmux.c:999
circuit_t * circuitmux_get_first_active_circuit(circuitmux_t *cmux, destroy_cell_queue_t **destroy_queue_out)
Definition: circuitmux.c:1061
int circpad_check_received_cell(const relay_msg_t *msg, circuit_t *circ, crypt_path_t *layer_hint)
void circpad_deliver_sent_relay_cell_events(circuit_t *circ, uint8_t relay_command)
void circpad_deliver_unrecognized_cell_events(circuit_t *circ, cell_direction_t dir)
void circpad_machine_event_circ_has_no_relay_early(origin_circuit_t *circ)
void circpad_deliver_recognized_relay_cell_events(circuit_t *circ, uint8_t relay_command, crypt_path_t *layer_hint)
Header file for circuitpadding.c.
void circuit_sent_valid_data(origin_circuit_t *circ, uint16_t relay_body_len)
Definition: circuituse.c:3180
void circuit_read_valid_data(origin_circuit_t *circ, uint16_t relay_body_len)
Definition: circuituse.c:3202
void mark_circuit_unusable_for_new_conns(origin_circuit_t *circ)
Definition: circuituse.c:3152
Header file for circuituse.c.
uint64_t monotime_coarse_stamp_units_to_approx_msec(uint64_t units)
Definition: compat_time.c:890
uint32_t monotime_coarse_get_stamp(void)
Definition: compat_time.c:864
size_t tor_compress_get_total_allocation(void)
Definition: compress.c:466
Headers for compress.c.
const or_options_t * get_options(void)
Definition: config.c:947
tor_cmdline_mode_t command
Definition: config.c:2477
Header file for config.c.
void conflux_note_cell_sent(conflux_t *cfx, circuit_t *circ, uint8_t relay_command)
Definition: conflux.c:529
bool conflux_should_multiplex(int relay_command)
Definition: conflux.c:50
circuit_t * conflux_decide_next_circ(conflux_t *cfx)
Definition: conflux.c:610
circuit_t * conflux_decide_circ_for_send(conflux_t *cfx, circuit_t *orig_circ, uint8_t relay_command)
Definition: conflux.c:458
conflux_msg_t * conflux_dequeue_relay_msg(conflux_t *cfx)
Definition: conflux.c:912
bool conflux_process_relay_msg(conflux_t *cfx, circuit_t *in_circ, crypt_path_t *layer_hint, const relay_msg_t *msg)
Definition: conflux.c:845
int conflux_process_switch_command(circuit_t *in_circ, crypt_path_t *layer_hint, const relay_msg_t *msg)
Definition: conflux.c:738
size_t conflux_handle_oom(size_t bytes_to_remove)
Definition: conflux.c:192
uint64_t conflux_get_total_bytes_allocation(void)
Definition: conflux.c:185
Public APIs for conflux multipath support.
void conflux_process_linked_ack(circuit_t *circ)
void conflux_log_set(int loglevel, const conflux_t *cfx, bool is_client)
void conflux_process_link(circuit_t *circ, const relay_msg_t *msg)
void conflux_process_linked(circuit_t *circ, crypt_path_t *layer_hint, const relay_msg_t *msg)
Header file for conflux_pool.c.
crypt_path_t * conflux_get_destination_hop(circuit_t *circ)
Definition: conflux_util.c:122
int circuit_get_package_window(circuit_t *circ, const crypt_path_t *cpath)
Definition: conflux_util.c:33
bool conflux_can_send(conflux_t *cfx)
Definition: conflux_util.c:99
bool relay_crypt_from_last_hop(const origin_circuit_t *circ, const crypt_path_t *layer_hint)
Definition: conflux_util.c:242
bool edge_uses_cpath(const edge_connection_t *conn, const crypt_path_t *cpath)
Definition: conflux_util.c:172
Header file for conflux_util.c.
int congestion_control_get_package_window(const circuit_t *circ, const crypt_path_t *cpath)
Public APIs for congestion control.
static int32_t cell_queue_highwatermark(void)
static int32_t cell_queue_lowwatermark(void)
bool circuit_process_stream_xoff(edge_connection_t *conn, const crypt_path_t *layer_hint)
bool circuit_process_stream_xon(edge_connection_t *conn, const crypt_path_t *layer_hint, const relay_msg_t *msg)
APIs for stream flow control on congestion controlled circuits.
int connection_buf_get_bytes(char *string, size_t len, connection_t *conn)
Definition: connection.c:4320
int connection_state_is_open(connection_t *conn)
Definition: connection.c:5053
const char * conn_state_to_string(int type, int state)
Definition: connection.c:304
Header file for connection.c.
#define CONN_TYPE_AP
Definition: connection.h:51
#define CONN_TYPE_DIR
Definition: connection.h:55
#define CONN_TYPE_EXIT
Definition: connection.h:46
int connection_half_edge_is_valid_data(const smartlist_t *half_conns, streamid_t stream_id)
int connection_exit_begin_resolve(const relay_msg_t *msg, or_circuit_t *circ)
int connection_ap_detach_retriable(entry_connection_t *conn, origin_circuit_t *circ, int reason)
void connection_ap_handshake_socks_reply(entry_connection_t *conn, char *reply, size_t replylen, int endreason)
int connection_half_edge_is_valid_end(smartlist_t *half_conns, streamid_t stream_id)
void connection_edge_end_close(edge_connection_t *conn, uint8_t reason)
int connection_half_edge_is_valid_connected(const smartlist_t *half_conns, streamid_t stream_id)
int connection_exit_begin_conn(const relay_msg_t *msg, circuit_t *circ)
entry_connection_t * EDGE_TO_ENTRY_CONN(edge_connection_t *c)
void connection_ap_handshake_socks_resolved_addr(entry_connection_t *conn, const tor_addr_t *answer, int ttl, time_t expires)
int connection_half_edge_is_valid_resolved(smartlist_t *half_conns, streamid_t stream_id)
int connection_edge_end(edge_connection_t *conn, uint8_t reason)
size_t half_streams_get_total_allocation(void)
int connection_half_edge_is_valid_sendme(const smartlist_t *half_conns, streamid_t stream_id)
int connection_edge_is_rendezvous_stream(const edge_connection_t *conn)
void connection_ap_handshake_socks_resolved(entry_connection_t *conn, int answer_type, size_t answer_len, const uint8_t *answer, int ttl, time_t expires)
Header file for connection_edge.c.
#define EXIT_CONN_STATE_CONNECTING
#define AP_CONN_STATE_CONNECT_WAIT
#define AP_CONN_STATE_OPEN
#define AP_CONN_STATE_RESOLVE_WAIT
#define EXIT_CONN_STATE_RESOLVING
void cell_pack(packed_cell_t *dst, const cell_t *src, int wide_circ_ids)
Header file for connection_or.c.
void control_event_boot_dir(bootstrap_status_t status, int progress)
void control_event_bootstrap(bootstrap_status_t status, int progress)
int control_event_stream_status(entry_connection_t *conn, stream_status_event_t tp, int reason_code)
Header file for control_events.c.
#define REMAP_STREAM_SOURCE_EXIT
Circuit-build-stse structure.
Common functions for using (pseudo-)random number generators.
#define crypto_fast_rng_one_in_n(rng, n)
Definition: crypto_rand.h:80
crypto_fast_rng_t * get_thread_fast_rng(void)
unsigned crypto_fast_rng_get_uint(crypto_fast_rng_t *rng, unsigned limit)
Common functions for cryptographic routines.
const char * node_describe(const node_t *node)
Definition: describe.c:160
Header file for describe.c.
Destroy-cell queue structures.
Client/server directory connection structure.
dir_connection_t * TO_DIR_CONN(connection_t *c)
Definition: directory.c:89
Header file for directory.c.
#define DIR_PURPOSE_FETCH_CERTIFICATE
Definition: directory.h:57
#define DIR_PURPOSE_FETCH_MICRODESC
Definition: directory.h:65
#define DIR_PURPOSE_FETCH_CONSENSUS
Definition: directory.h:54
#define DIR_PURPOSE_FETCH_SERVERDESC
Definition: directory.h:36
Header file for dns.c.
Entry connection structure.
#define ENTRY_TO_EDGE_CONN(c)
Extend-info structure.
Header for core/or/extendinfo.c.
Header file for geoip_stats.c.
@ DIRREQ_END_CELL_SENT
Definition: geoip_stats.h:66
@ DIRREQ_CIRC_QUEUE_FLUSHED
Definition: geoip_stats.h:69
void geoip_change_dirreq_state(uint64_t dirreq_id, dirreq_type_t type, dirreq_state_t new_state)
Definition: geoip_stats.c:552
size_t hs_cache_handle_oom(size_t min_remove_bytes)
Definition: hs_cache.c:1157
Header file for hs_cache.c.
Header for feature/hs/hs_metrics.c.
#define hs_metrics_app_write_bytes(i, port, n)
Definition: hs_metrics.h:47
uint16_t sa_family_t
Definition: inaddr_st.h:77
void tor_log(int severity, log_domain_mask_t domain, const char *format,...)
Definition: log.c:591
Headers for log.c.
#define log_fn(severity, domain, args,...)
Definition: log.h:283
#define LD_REND
Definition: log.h:84
#define LD_APP
Definition: log.h:78
#define LD_PROTOCOL
Definition: log.h:72
#define LD_OR
Definition: log.h:92
#define LD_MM
Definition: log.h:74
#define LD_BUG
Definition: log.h:86
#define LD_GENERAL
Definition: log.h:62
#define LOG_WARN
Definition: log.h:53
#define LOG_INFO
Definition: log.h:45
void connection_stop_reading(connection_t *conn)
Definition: mainloop.c:601
void connection_start_reading(connection_t *conn)
Definition: mainloop.c:623
int connection_is_reading(const connection_t *conn)
Definition: mainloop.c:500
Header file for mainloop.c.
#define tor_free(p)
Definition: malloc.h:56
int32_t networkstatus_get_param(const networkstatus_t *ns, const char *param_name, int32_t default_val, int32_t min_val, int32_t max_val)
int consensus_is_waiting_for_certs(void)
Header file for networkstatus.c.
int node_exit_policy_is_exact(const node_t *node, sa_family_t family)
Definition: nodelist.c:1639
node_t * node_get_mutable_by_id(const char *identity_digest)
Definition: nodelist.c:197
int count_loading_descriptors_progress(void)
Definition: nodelist.c:2833
Header file for nodelist.c.
int extended_cell_parse(extended_cell_t *cell_out, const uint8_t command, const uint8_t *payload, size_t payload_len)
Definition: onion.c:407
Header file for onion.c.
Master header file for Tor-specific functionality.
#define CELL_PAYLOAD_SIZE
Definition: or.h:520
#define END_STREAM_REASON_CANT_ATTACH
Definition: or.h:309
#define END_STREAM_REASON_FLAG_REMOTE
Definition: or.h:335
uint32_t circid_t
Definition: or.h:579
uint16_t streamid_t
Definition: or.h:581
#define TO_CIRCUIT(x)
Definition: or.h:936
#define END_STREAM_REASON_FLAG_ALREADY_SOCKS_REPLIED
Definition: or.h:342
#define TO_CONN(c)
Definition: or.h:700
cell_direction_t
Definition: or.h:423
@ CELL_DIRECTION_OUT
Definition: or.h:425
@ CELL_DIRECTION_IN
Definition: or.h:424
#define RELAY_PAYLOAD_SIZE_MAX
Definition: or.h:567
relay_cell_fmt_t
Definition: or.h:529
#define END_CIRC_AT_ORIGIN
Definition: or.h:366
#define ENTRY_TO_CONN(c)
Definition: or.h:703
#define CIRCWINDOW_INCREMENT
Definition: or.h:446
Origin circuit structure.
@ PATH_STATE_USE_FAILED
void addr_policy_append_reject_addr(smartlist_t **dest, const tor_addr_t *addr)
Definition: policies.c:1617
void policies_set_node_exitpolicy_to_reject_all(node_t *node)
Definition: policies.c:2194
Header file for policies.c.
int tor_snprintf(char *str, size_t size, const char *format,...)
Definition: printf.c:27
char * rate_limit_log(ratelim_t *lim, time_t now)
Definition: ratelim.c:42
const char * stream_end_reason_to_string(int reason)
Definition: reasons.c:64
Header file for reasons.c.
int channel_flush_from_first_active_circuit(channel_t *chan, int max)
Definition: relay.c:3092
static int connection_edge_process_relay_cell_not_open(const relay_msg_t *msg, circuit_t *circ, edge_connection_t *conn, crypt_path_t *layer_hint)
Definition: relay.c:1398
void destroy_cell_queue_init(destroy_cell_queue_t *queue)
Definition: relay.c:2767
static int connection_ap_process_end_not_open(const relay_msg_t *msg, origin_circuit_t *circ, entry_connection_t *conn, crypt_path_t *layer_hint)
Definition: relay.c:843
static int circuit_resume_edge_reading_helper(edge_connection_t *conn, circuit_t *circ, crypt_path_t *layer_hint)
Definition: relay.c:2441
int append_address_to_payload(uint8_t *payload_out, const tor_addr_t *addr)
Definition: relay.c:3443
STATIC int resolved_cell_parse(const relay_msg_t *msg, smartlist_t *addresses_out, int *errcode_out)
Definition: relay.c:1154
uint64_t stats_n_data_cells_received
Definition: relay.c:2185
void packed_cell_free_(packed_cell_t *cell)
Definition: relay.c:2669
STATIC int connection_edge_process_resolved_cell(edge_connection_t *conn, const relay_msg_t *msg)
Definition: relay.c:1324
void destroy_cell_queue_clear(destroy_cell_queue_t *queue)
Definition: relay.c:2775
void destroy_cell_queue_append(destroy_cell_queue_t *queue, circid_t circid, uint8_t reason)
Definition: relay.c:2801
relay_cell_fmt_t circuit_get_relay_format(const circuit_t *circ, const crypt_path_t *cpath)
Definition: relay.c:3537
void channel_unlink_all_circuits(channel_t *chan, smartlist_t *circuits_out)
Definition: relay.c:2984
int append_cell_to_circuit_queue(circuit_t *circ, channel_t *chan, cell_t *cell, cell_direction_t direction, streamid_t fromstream)
Definition: relay.c:3352
void cell_queue_append_packed_copy(circuit_t *circ, cell_queue_t *queue, int exitward, const cell_t *cell, int wide_circ_ids, int use_stats)
Definition: relay.c:2717
uint64_t oom_stats_n_bytes_removed_dns
Definition: relay.c:2853
static packed_cell_t * destroy_cell_to_packed_cell(destroy_cell_t *inp, int wide_circ_ids)
Definition: relay.c:2817
void dump_cell_pool_usage(int severity)
Definition: relay.c:2679
STATIC int connection_edge_process_relay_cell(const relay_msg_t *msg, circuit_t *circ, edge_connection_t *conn, crypt_path_t *layer_hint)
Definition: relay.c:2042
void circuit_reset_sendme_randomness(circuit_t *circ)
Definition: relay.c:2197
uint64_t stats_n_relay_cells_relayed
Definition: relay.c:137
size_t circuit_max_relay_payload(const circuit_t *circ, const crypt_path_t *cpath, uint8_t relay_command)
Definition: relay.c:3555
uint64_t stats_n_circ_max_cell_reached
Definition: relay.c:144
#define MAX_RESOLVE_FAILURES
Definition: relay.c:823
static void remap_event_helper(entry_connection_t *conn, const tor_addr_t *new_addr)
Definition: relay.c:1082
static int circuit_queue_streams_are_blocked(circuit_t *circ)
Definition: relay.c:3524
static void connection_ap_handshake_socks_got_resolved_cell(entry_connection_t *conn, int error_code, smartlist_t *results)
Definition: relay.c:1250
static void adjust_exit_policy_from_exitpolicy_failure(origin_circuit_t *circ, entry_connection_t *conn, node_t *node, const tor_addr_t *addr)
Definition: relay.c:1047
static void circuit_update_channel_usage(circuit_t *circ, cell_t *cell)
Definition: relay.c:158
uint64_t stats_n_data_cells_packaged
Definition: relay.c:2179
STATIC packed_cell_t * packed_cell_new(void)
Definition: relay.c:2661
void cell_queue_clear(cell_queue_t *queue)
Definition: relay.c:2741
void circuit_clear_cell_queue(circuit_t *circ, channel_t *chan)
Definition: relay.c:3497
void cell_queue_init(cell_queue_t *queue)
Definition: relay.c:2733
int circuit_package_relay_cell(cell_t *cell, circuit_t *circ, cell_direction_t cell_direction, crypt_path_t *layer_hint, streamid_t on_stream, const char *filename, int lineno)
Definition: relay.c:397
STATIC packed_cell_t * cell_queue_pop(cell_queue_t *queue)
Definition: relay.c:2755
int have_been_under_memory_pressure(void)
Definition: relay.c:2928
uint64_t stats_n_data_bytes_received
Definition: relay.c:2189
circid_t packed_cell_get_circid(const packed_cell_t *cell, int wide_circ_ids)
Definition: relay.c:3078
static int connection_edge_process_ordered_relay_cell(const relay_msg_t *msg, circuit_t *circ, edge_connection_t *conn, crypt_path_t *layer_hint)
Definition: relay.c:2143
const uint8_t * decode_address_from_payload(tor_addr_t *addr_out, const uint8_t *payload, int payload_len)
Definition: relay.c:3469
static uint32_t get_param_max_circuit_cell_queue_size(const networkstatus_t *ns)
Definition: relay.c:3305
void update_circuit_on_cmux_(circuit_t *circ, cell_direction_t direction, const char *file, int lineno)
Definition: relay.c:2939
STATIC destroy_cell_t * destroy_cell_queue_pop(destroy_cell_queue_t *queue)
Definition: relay.c:2789
uint8_t packed_cell_get_command(const packed_cell_t *cell, int wide_circ_ids)
Definition: relay.c:3067
uint64_t stats_n_relay_cells_delivered
Definition: relay.c:141
STATIC int cell_queues_check_size(void)
Definition: relay.c:2861
STATIC int connected_cell_parse(const relay_msg_t *msg, tor_addr_t *addr_out, int *ttl_out)
Definition: relay.c:1102
static size_t total_cells_allocated
Definition: relay.c:2649
static int32_t max_circuit_cell_queue_size_out
Definition: relay.c:3299
int relay_send_command_from_edge_(streamid_t stream_id, circuit_t *orig_circ, uint8_t relay_command, const char *payload, size_t payload_len, crypt_path_t *cpath_layer, const char *filename, int lineno)
Definition: relay.c:588
static void packed_cell_free_unchecked(packed_cell_t *cell)
Definition: relay.c:2653
static int edge_reason_is_retriable(int reason)
Definition: relay.c:828
STATIC size_t connection_edge_get_inbuf_bytes_to_package(size_t n_available, int package_partial, circuit_t *on_circuit, crypt_path_t *cpath)
Definition: relay.c:2210
static void circuit_resume_edge_reading(circuit_t *circ, crypt_path_t *layer_hint)
Definition: relay.c:2411
static void set_circuit_blocked_on_chan(circuit_t *circ, channel_t *chan, int block)
Definition: relay.c:3003
STATIC void address_ttl_free_(address_ttl_t *addr)
Definition: relay.c:1140
static uint32_t get_param_max_circuit_cell_queue_size_out(const networkstatus_t *ns)
Definition: relay.c:3316
STATIC int handle_relay_msg(const relay_msg_t *msg, circuit_t *circ, edge_connection_t *conn, crypt_path_t *layer_hint, int optimistic_data)
Definition: relay.c:1622
static int process_sendme_cell(const relay_msg_t *msg, circuit_t *circ, edge_connection_t *conn, crypt_path_t *layer_hint, int domain)
Definition: relay.c:1546
const char * relay_command_to_string(uint8_t command)
Definition: relay.c:533
#define MEMORY_PRESSURE_INTERVAL
Definition: relay.c:2847
static void set_block_state_for_streams(circuit_t *circ, edge_connection_t *stream_list, int block, streamid_t stream_id)
Definition: relay.c:3026
void cell_queue_append(cell_queue_t *queue, packed_cell_t *cell)
Definition: relay.c:2706
static edge_connection_t * relay_lookup_conn(circuit_t *circ, const relay_msg_t *msg, cell_direction_t cell_direction, crypt_path_t *layer_hint)
Definition: relay.c:458
static packed_cell_t * packed_cell_copy(const cell_t *cell, int wide_circ_ids)
Definition: relay.c:2697
int circuit_receive_relay_cell(cell_t *cell, circuit_t *circ, cell_direction_t cell_direction)
Definition: relay.c:236
int connection_edge_package_raw_inbuf(edge_connection_t *conn, int package_partial, int *max_cells)
Definition: relay.c:2281
int connection_edge_send_command(edge_connection_t *fromconn, uint8_t relay_command, const char *payload, size_t payload_len)
Definition: relay.c:766
uint64_t stats_n_data_bytes_packaged
Definition: relay.c:2183
size_t packed_cell_mem_cost(void)
Definition: relay.c:2834
static time_t last_time_under_memory_pressure
Definition: relay.c:2850
static int circuit_consider_stop_edge_reading(circuit_t *circ, crypt_path_t *layer_hint)
Definition: relay.c:2616
Header file for relay.c.
Header for relay_crypto.c.
void relay_encrypt_cell_outbound(cell_t *cell, origin_circuit_t *or_circ, crypt_path_t *layer_hint)
Definition: relay_crypto.c:228
int relay_decrypt_cell(circuit_t *circ, cell_t *cell, cell_direction_t cell_direction, crypt_path_t **layer_hint, char *recognized)
Definition: relay_crypto.c:157
void relay_encrypt_cell_inbound(cell_t *cell, or_circuit_t *or_circ)
Definition: relay_crypto.c:257
int relay_msg_encode_cell(relay_cell_fmt_t format, const relay_msg_t *msg, cell_t *cell_out)
Definition: relay_msg.c:225
int relay_msg_decode_cell_in_place(relay_cell_fmt_t format, const cell_t *cell, relay_msg_t *msg_out)
Definition: relay_msg.c:254
Header file for relay_msg.c.
static size_t relay_cell_max_payload_size(relay_cell_fmt_t format, uint8_t relay_command)
Definition: relay_msg.h:65
A relay message which contains a relay command and parameters, if any, that is from a relay cell.
void rend_process_relay_cell(circuit_t *circ, const crypt_path_t *layer_hint, int command, size_t length, const uint8_t *payload)
Definition: rendcommon.c:34
Header file for rendcommon.c.
void rep_hist_note_overload(overload_type_t overload)
Definition: rephist.c:541
Header file for rephist.c.
Router descriptor structure.
#define ROUTER_PURPOSE_GENERAL
Header file for routerlist.c.
void scheduler_channel_has_waiting_cells(channel_t *chan)
Definition: scheduler.c:548
Header file for scheduler*.c.
void sendme_connection_edge_consider_sending(edge_connection_t *conn)
Definition: sendme.c:373
void sendme_circuit_consider_sending(circuit_t *circ, crypt_path_t *layer_hint)
Definition: sendme.c:420
Header file for sendme.c.
char * smartlist_join_strings(smartlist_t *sl, const char *join, int terminate, size_t *len_out)
Definition: smartlist.c:279
void smartlist_add_all(smartlist_t *s1, const smartlist_t *s2)
smartlist_t * smartlist_new(void)
void smartlist_add(smartlist_t *sl, void *element)
#define SMARTLIST_FOREACH_BEGIN(sl, type, var)
#define SMARTLIST_FOREACH(sl, type, var, cmd)
#define SMARTLIST_DEL_CURRENT(sl, var)
Client request structure.
#define SOCKS_COMMAND_RESOLVE_PTR
Definition: cell_st.h:17
uint8_t payload[CELL_PAYLOAD_SIZE]
Definition: cell_st.h:21
uint8_t command
Definition: cell_st.h:19
circid_t circ_id
Definition: cell_st.h:18
unsigned int num_n_circuits
Definition: channel.h:410
uint64_t dirreq_id
Definition: channel.h:453
channel_usage_info_t channel_usage
Definition: channel.h:228
circuitmux_t * cmux
Definition: channel.h:397
int marked_for_close_reason
Definition: circuit_st.h:198
uint8_t state
Definition: circuit_st.h:111
unsigned int circuit_blocked_on_n_chan
Definition: circuit_st.h:92
uint16_t send_randomness_after_n_cells
Definition: circuit_st.h:128
struct create_cell_t * n_chan_create_cell
Definition: circuit_st.h:154
unsigned int circuit_blocked_on_p_chan
Definition: circuit_st.h:95
unsigned int have_sent_sufficiently_random_cell
Definition: circuit_st.h:109
uint64_t dirreq_id
Definition: circuit_st.h:205
cell_queue_t n_chan_cells
Definition: circuit_st.h:82
uint16_t marked_for_close
Definition: circuit_st.h:190
struct conflux_t * conflux
Definition: circuit_st.h:263
uint8_t purpose
Definition: circuit_st.h:112
const char * marked_for_close_file
Definition: circuit_st.h:193
int package_window
Definition: circuit_st.h:117
smartlist_t * testing_cell_stats
Definition: circuit_st.h:213
struct timeval timestamp_created
Definition: circuit_st.h:169
channel_t * n_chan
Definition: circuit_st.h:70
extend_info_t * n_hop
Definition: circuit_st.h:88
circid_t n_circ_id
Definition: circuit_st.h:79
relay_msg_t * msg
Definition: conflux.h:42
time_t timestamp_last_read_allowed
uint8_t state
Definition: connection_st.h:49
unsigned int type
Definition: connection_st.h:50
uint16_t marked_for_close
const char * marked_for_close_file
unsigned int purpose
Definition: connection_st.h:51
tor_socket_t s
struct event * read_event
extend_info_t * chosen_exit
relay_cell_fmt_t relay_cell_format
Definition: crypt_path_st.h:91
struct crypt_path_t * cpath_layer
struct edge_connection_t * next_stream
unsigned int edge_has_sent_end
struct circuit_t * on_circuit
socks_request_t * socks_request
unsigned int chosen_exit_optional
unsigned int chosen_exit_retries
struct buf_t * pending_optimistic_data
char identity_digest[DIGEST_LEN]
created_cell_t created_cell
Definition: onion.h:71
ed25519_public_key_t identity_pk
Definition: hs_ident.h:106
uint16_t orig_virtual_port
Definition: hs_ident.h:111
Definition: node_st.h:34
uint64_t total_cell_waiting_time
Definition: or_circuit_st.h:91
channel_t * p_chan
Definition: or_circuit_st.h:37
uint32_t n_cells_discarded_at_end
Definition: or_circuit_st.h:65
relay_cell_fmt_t relay_cell_format
circid_t p_circ_id
Definition: or_circuit_st.h:33
cell_queue_t p_chan_cells
Definition: or_circuit_st.h:35
struct or_circuit_t * rend_splice
Definition: or_circuit_st.h:58
edge_connection_t * n_streams
Definition: or_circuit_st.h:43
uint32_t processed_cells
Definition: or_circuit_st.h:86
uint64_t MaxMemInQueues
edge_connection_t * p_streams
uint8_t relay_early_commands[MAX_RELAY_EARLY_CELLS_PER_CIRCUIT]
unsigned int remaining_relay_early_cells
path_state_bitfield_t path_state
smartlist_t * prepend_policy
crypt_path_t * cpath
cpath_build_state_t * build_state
smartlist_t * half_streams
uint32_t inserted_timestamp
Definition: cell_queue_st.h:22
char body[CELL_MAX_NETWORK_SIZE]
Definition: cell_queue_st.h:21
unsigned int has_finished
char address[MAX_SOCKS_ADDR_LEN]
Definition: or.h:908
uint8_t command
Definition: or.h:909
unsigned int waiting_time
Definition: or.h:914
unsigned int exitward
Definition: or.h:916
unsigned int removed
Definition: or.h:915
#define STATIC
Definition: testsupport.h:32
#define MOCK_IMPL(rv, funcname, arglist)
Definition: testsupport.h:133
#define tor_assert(expr)
Definition: util_bug.h:103