Tor 0.4.9.2-alpha-dev
All Data Structures Files Functions Variables Typedefs Enumerations Enumerator Macros Modules Pages
relay.c
Go to the documentation of this file.
1/* Copyright (c) 2001 Matej Pfajfar.
2 * Copyright (c) 2001-2004, Roger Dingledine.
3 * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson.
4 * Copyright (c) 2007-2021, The Tor Project, Inc. */
5/* See LICENSE for licensing information */
6
7/**
8 * \file relay.c
9 * \brief Handle relay cell encryption/decryption, plus packaging and
10 * receiving from circuits, plus queuing on circuits.
11 *
12 * This is a core modules that makes Tor work. It's responsible for
13 * dealing with RELAY cells (the ones that travel more than one hop along a
14 * circuit), by:
15 * <ul>
16 * <li>constructing relays cells,
17 * <li>encrypting relay cells,
18 * <li>decrypting relay cells,
19 * <li>demultiplexing relay cells as they arrive on a connection,
20 * <li>queueing relay cells for retransmission,
21 * <li>or handling relay cells that are for us to receive (as an exit or a
22 * client).
23 * </ul>
24 *
25 * RELAY cells are generated throughout the code at the client or relay side,
26 * using relay_send_command_from_edge() or one of the functions like
27 * connection_edge_send_command() that calls it. Of particular interest is
28 * connection_edge_package_raw_inbuf(), which takes information that has
29 * arrived on an edge connection socket, and packages it as a RELAY_DATA cell
30 * -- this is how information is actually sent across the Tor network. The
31 * cryptography for these functions is handled deep in
32 * circuit_package_relay_cell(), which either adds a single layer of
33 * encryption (if we're an exit), or multiple layers (if we're the origin of
34 * the circuit). After construction and encryption, the RELAY cells are
35 * passed to append_cell_to_circuit_queue(), which queues them for
36 * transmission and tells the circuitmux (see circuitmux.c) that the circuit
37 * is waiting to send something.
38 *
39 * Incoming RELAY cells arrive at circuit_receive_relay_cell(), called from
40 * command.c. There they are decrypted and, if they are for us, are passed to
41 * connection_edge_process_relay_cell(). If they're not for us, they're
42 * re-queued for retransmission again with append_cell_to_circuit_queue().
43 *
44 * The connection_edge_process_relay_cell() function handles all the different
45 * types of relay cells, launching requests or transmitting data as needed.
46 **/
47
48#include "lib/log/log.h"
49#define RELAY_PRIVATE
50#include "core/or/or.h"
52#include "lib/err/backtrace.h"
53#include "lib/buf/buffers.h"
54#include "core/or/channel.h"
55#include "feature/client/circpathbias.h"
57#include "core/or/circuitlist.h"
58#include "core/or/circuituse.h"
60#include "core/or/extendinfo.h"
62#include "app/config/config.h"
70#include "feature/relay/dns.h"
73#include "feature/hs/hs_cache.h"
77#include "core/or/onion.h"
78#include "core/or/policies.h"
79#include "core/or/reasons.h"
80#include "core/or/relay.h"
85#include "core/or/scheduler.h"
88#include "core/or/relay_msg.h"
89
90#include "core/or/cell_st.h"
97#include "core/or/or_circuit_st.h"
101#include "core/or/sendme.h"
104#include "core/or/conflux.h"
105#include "core/or/conflux_util.h"
106#include "core/or/conflux_pool.h"
107#include "core/or/relay_msg_st.h"
108
110 const relay_msg_t *msg,
111 cell_direction_t cell_direction,
112 crypt_path_t *layer_hint);
113
114static void circuit_resume_edge_reading(circuit_t *circ,
115 crypt_path_t *layer_hint);
117 circuit_t *circ,
118 crypt_path_t *layer_hint);
120 crypt_path_t *layer_hint);
123 entry_connection_t *conn,
124 node_t *node,
125 const tor_addr_t *addr);
127 circuit_t *circ,
128 edge_connection_t *conn,
129 crypt_path_t *layer_hint);
130static void set_block_state_for_streams(circuit_t *circ,
131 edge_connection_t *stream_list,
132 int block, streamid_t stream_id);
133
134/** Stats: how many relay cells have originated at this hop, or have
135 * been relayed onward (not recognized at this hop)?
136 */
138/** Stats: how many relay cells have been delivered to streams at this
139 * hop?
140 */
142/** Stats: how many circuits have we closed due to the cell queue limit being
143 * reached (see append_cell_to_circuit_queue()) */
145uint64_t stats_n_circ_max_cell_outq_reached = 0;
146
147/**
148 * Update channel usage state based on the type of relay cell and
149 * circuit properties.
150 *
151 * This is needed to determine if a client channel is being
152 * used for application traffic, and if a relay channel is being
153 * used for multihop circuits and application traffic. The decision
154 * to pad in channelpadding.c depends upon this info (as well as
155 * consensus parameters) to decide what channels to pad.
156 */
157static void
159{
160 if (CIRCUIT_IS_ORIGIN(circ)) {
161 /*
162 * The client state was first set much earlier in
163 * circuit_send_next_onion_skin(), so we can start padding as early as
164 * possible.
165 *
166 * However, if padding turns out to be expensive, we may want to not do
167 * it until actual application traffic starts flowing (which is controlled
168 * via consensus param nf_pad_before_usage).
169 *
170 * So: If we're an origin circuit and we've created a full length circuit,
171 * then any CELL_RELAY cell means application data. Increase the usage
172 * state of the channel to indicate this.
173 *
174 * We want to wait for CELL_RELAY specifically here, so we know that
175 * the channel was definitely being used for data and not for extends.
176 * By default, we pad as soon as a channel has been used for *any*
177 * circuits, so this state is irrelevant to the padding decision in
178 * the default case. However, if padding turns out to be expensive,
179 * we would like the ability to avoid padding until we're absolutely
180 * sure that a channel is used for enough application data to be worth
181 * padding.
182 *
183 * (So it does not matter that CELL_RELAY_EARLY can actually contain
184 * application data. This is only a load reducing option and that edge
185 * case does not matter if we're desperately trying to reduce overhead
186 * anyway. See also consensus parameter nf_pad_before_usage).
187 */
188 if (BUG(!circ->n_chan))
189 return;
190
191 if (circ->n_chan->channel_usage == CHANNEL_USED_FOR_FULL_CIRCS &&
192 cell->command == CELL_RELAY) {
193 circ->n_chan->channel_usage = CHANNEL_USED_FOR_USER_TRAFFIC;
194 }
195 } else {
196 /* If we're a relay circuit, the question is more complicated. Basically:
197 * we only want to pad connections that carry multihop (anonymous)
198 * circuits.
199 *
200 * We assume we're more than one hop if either the previous hop
201 * is not a client, or if the previous hop is a client and there's
202 * a next hop. Then, circuit traffic starts at RELAY_EARLY, and
203 * user application traffic starts when we see RELAY cells.
204 */
205 or_circuit_t *or_circ = TO_OR_CIRCUIT(circ);
206
207 if (BUG(!or_circ->p_chan))
208 return;
209
210 if (!channel_is_client(or_circ->p_chan) ||
211 (channel_is_client(or_circ->p_chan) && circ->n_chan)) {
212 if (cell->command == CELL_RELAY_EARLY) {
213 if (or_circ->p_chan->channel_usage < CHANNEL_USED_FOR_FULL_CIRCS) {
214 or_circ->p_chan->channel_usage = CHANNEL_USED_FOR_FULL_CIRCS;
215 }
216 } else if (cell->command == CELL_RELAY) {
217 or_circ->p_chan->channel_usage = CHANNEL_USED_FOR_USER_TRAFFIC;
218 }
219 }
220 }
221}
222
223/** Receive a relay cell:
224 * - Crypt it (encrypt if headed toward the origin or if we <b>are</b> the
225 * origin; decrypt if we're headed toward the exit).
226 * - Check if recognized (if exitward).
227 * - If recognized and the digest checks out, then find if there's a stream
228 * that the cell is intended for, and deliver it to the right
229 * connection_edge.
230 * - If not recognized, then we need to relay it: append it to the appropriate
231 * cell_queue on <b>circ</b>.
232 *
233 * If a reason exists to close <b>circ</b>, circuit_mark_for_close()
234 * is called in this function, so the caller doesn't have to do it.
235 *
236 * Return -<b>reason</b> on failure, else 0.
237 */
238int
240 cell_direction_t cell_direction)
241{
242 channel_t *chan = NULL;
243 crypt_path_t *layer_hint=NULL;
244 char recognized=0;
245 int reason;
246
247 tor_assert(cell);
248 tor_assert(circ);
249 tor_assert(cell_direction == CELL_DIRECTION_OUT ||
250 cell_direction == CELL_DIRECTION_IN);
251 if (circ->marked_for_close)
252 return 0;
253
254 if (relay_decrypt_cell(circ, cell, cell_direction, &layer_hint, &recognized)
255 < 0) {
256 log_fn(LOG_PROTOCOL_WARN, LD_PROTOCOL,
257 "relay crypt failed. Dropping connection.");
258 reason = -END_CIRC_REASON_INTERNAL;
259 goto error;
260 }
261
263
264 if (recognized) {
265 edge_connection_t *conn = NULL;
266 relay_cell_fmt_t format = circuit_get_relay_format(circ, layer_hint);
267
268 relay_msg_t msg_buf;
269 if (relay_msg_decode_cell_in_place(format, cell, &msg_buf) < 0) {
270 log_fn(LOG_PROTOCOL_WARN, LD_PROTOCOL,
271 "Received undecodable relay cell");
272 return -END_CIRC_REASON_TORPROTOCOL;
273 }
274 const relay_msg_t *msg = &msg_buf;
275
277 if (pathbias_check_probe_response(circ, msg) == -1) {
279 }
280
281 /* We need to drop this cell no matter what to avoid code that expects
282 * a certain purpose (such as the hidserv code). */
283 return 0;
284 }
285
286 conn = relay_lookup_conn(circ, msg, cell_direction, layer_hint);
287 if (cell_direction == CELL_DIRECTION_OUT) {
289 log_debug(LD_OR,"Sending away from origin.");
290 reason = connection_edge_process_relay_cell(msg, circ, conn, NULL);
291 if (reason < 0) {
292 log_fn(LOG_PROTOCOL_WARN, LD_PROTOCOL,
293 "connection_edge_process_relay_cell (away from origin) "
294 "failed.");
295 goto error;
296 }
297 } else if (cell_direction == CELL_DIRECTION_IN) {
299 log_debug(LD_OR,"Sending to origin.");
300 reason = connection_edge_process_relay_cell(msg, circ, conn,
301 layer_hint);
302 if (reason < 0) {
303 /* If a client is trying to connect to unknown hidden service port,
304 * END_CIRC_AT_ORIGIN is sent back so we can then close the circuit.
305 * Do not log warn as this is an expected behavior for a service. */
306 if (reason != END_CIRC_AT_ORIGIN) {
307 log_warn(LD_OR,
308 "connection_edge_process_relay_cell (at origin) failed.");
309 }
310 goto error;
311 }
312 }
313 return 0;
314 }
315
316 /* not recognized. inform circpad and pass it on. */
317 circpad_deliver_unrecognized_cell_events(circ, cell_direction);
318
319 if (cell_direction == CELL_DIRECTION_OUT) {
320 cell->circ_id = circ->n_circ_id; /* switch it */
321 chan = circ->n_chan;
322 } else if (! CIRCUIT_IS_ORIGIN(circ)) {
323 cell->circ_id = TO_OR_CIRCUIT(circ)->p_circ_id; /* switch it */
324 chan = TO_OR_CIRCUIT(circ)->p_chan;
325 } else {
326 log_fn(LOG_PROTOCOL_WARN, LD_OR,
327 "Dropping unrecognized inbound cell on origin circuit.");
328 /* If we see unrecognized cells on path bias testing circs,
329 * it's bad mojo. Those circuits need to die.
330 * XXX: Shouldn't they always die? */
333 reason = -END_CIRC_REASON_TORPROTOCOL;
334 goto error;
335 } else {
336 return 0;
337 }
338 }
339
340 if (!chan) {
341 // XXXX Can this splice stuff be done more cleanly?
342 if (! CIRCUIT_IS_ORIGIN(circ) &&
343 TO_OR_CIRCUIT(circ)->rend_splice &&
344 cell_direction == CELL_DIRECTION_OUT) {
345 or_circuit_t *splice_ = TO_OR_CIRCUIT(circ)->rend_splice;
348 cell->circ_id = splice_->p_circ_id;
349 cell->command = CELL_RELAY; /* can't be relay_early anyway */
350 if ((reason = circuit_receive_relay_cell(cell, TO_CIRCUIT(splice_),
351 CELL_DIRECTION_IN)) < 0) {
352 log_warn(LD_REND, "Error relaying cell across rendezvous; closing "
353 "circuits");
354 goto error;
355 }
356 return 0;
357 }
358 if (BUG(CIRCUIT_IS_ORIGIN(circ))) {
359 /* Should be impossible at this point. */
360 reason = -END_CIRC_REASON_TORPROTOCOL;
361 goto error;
362 }
363 or_circuit_t *or_circ = TO_OR_CIRCUIT(circ);
364 if (++or_circ->n_cells_discarded_at_end == 1) {
365 time_t seconds_open = approx_time() - circ->timestamp_created.tv_sec;
366 log_fn(LOG_PROTOCOL_WARN, LD_PROTOCOL,
367 "Didn't recognize a cell, but circ stops here! Closing circuit. "
368 "It was created %ld seconds ago.", (long)seconds_open);
369 }
370 reason = -END_CIRC_REASON_TORPROTOCOL;
371 goto error;
372 }
373
374 log_debug(LD_OR,"Passing on unrecognized cell.");
375
376 ++stats_n_relay_cells_relayed; /* XXXX no longer quite accurate {cells}
377 * we might kill the circ before we relay
378 * the cells. */
379
380 if (append_cell_to_circuit_queue(circ, chan, cell, cell_direction, 0) < 0) {
381 reason = -END_CIRC_REASON_RESOURCELIMIT;
382 goto error;
383 }
384 return 0;
385
386error:
387 circuit_mark_for_close(circ, -reason);
388 return reason;
389}
390
391/** Package a relay cell from an edge:
392 * - Encrypt it to the right layer
393 * - Append it to the appropriate cell_queue on <b>circ</b>.
394 *
395 * Return 1 if the cell was successfully sent as in queued on the circuit.
396 * Return 0 if the cell needs to be dropped as in ignored.
397 * Return -1 on error for which the circuit should be marked for close. */
398MOCK_IMPL(int,
400 cell_direction_t cell_direction,
401 crypt_path_t *layer_hint, streamid_t on_stream,
402 const char *filename, int lineno))
403{
404 channel_t *chan; /* where to send the cell */
405
406 if (circ->marked_for_close) {
407 /* Circuit is marked; send nothing. */
408 return 0;
409 }
410
411 if (cell_direction == CELL_DIRECTION_OUT) {
412 chan = circ->n_chan;
413 if (!chan) {
414 log_warn(LD_BUG,"outgoing relay cell sent from %s:%d has n_chan==NULL."
415 " Dropping. Circuit is in state %s (%d), and is "
416 "%smarked for close. (%s:%d, %d)", filename, lineno,
417 circuit_state_to_string(circ->state), circ->state,
418 circ->marked_for_close ? "" : "not ",
421 if (CIRCUIT_IS_ORIGIN(circ)) {
423 }
424 log_backtrace(LOG_WARN,LD_BUG,"");
425 return 0; /* just drop it */
426 }
427 if (!CIRCUIT_IS_ORIGIN(circ)) {
428 log_warn(LD_BUG,"outgoing relay cell sent from %s:%d on non-origin "
429 "circ. Dropping.", filename, lineno);
430 log_backtrace(LOG_WARN,LD_BUG,"");
431 return 0; /* just drop it */
432 }
433
434 relay_encrypt_cell_outbound(cell, TO_ORIGIN_CIRCUIT(circ), layer_hint);
435
436 /* Update circ written totals for control port */
437 origin_circuit_t *ocirc = TO_ORIGIN_CIRCUIT(circ);
438 ocirc->n_written_circ_bw = tor_add_u32_nowrap(ocirc->n_written_circ_bw,
440
441 } else { /* incoming cell */
442 if (CIRCUIT_IS_ORIGIN(circ)) {
443 /* We should never package an _incoming_ cell from the circuit
444 * origin; that means we messed up somewhere. */
445 log_warn(LD_BUG,"incoming relay cell at origin circuit. Dropping.");
446 assert_circuit_ok(circ);
447 return 0; /* just drop it */
448 }
449 or_circuit_t *or_circ = TO_OR_CIRCUIT(circ);
450 relay_encrypt_cell_inbound(cell, or_circ);
451 chan = or_circ->p_chan;
452 }
454
455 return append_cell_to_circuit_queue(circ, chan, cell,
456 cell_direction, on_stream);
457}
458
459/** If cell's stream_id matches the stream_id of any conn that's
460 * attached to circ, return that conn, else return NULL.
461 */
462static edge_connection_t *
464 cell_direction_t cell_direction, crypt_path_t *layer_hint)
465{
466 edge_connection_t *tmpconn;
467
468 if (!msg->stream_id)
469 return NULL;
470
471 /* IN or OUT cells could have come from either direction, now
472 * that we allow rendezvous *to* an OP.
473 */
474 if (CIRCUIT_IS_ORIGIN(circ)) {
475 for (tmpconn = TO_ORIGIN_CIRCUIT(circ)->p_streams; tmpconn;
476 tmpconn=tmpconn->next_stream) {
477 if (msg->stream_id == tmpconn->stream_id &&
478 !tmpconn->base_.marked_for_close &&
479 edge_uses_cpath(tmpconn, layer_hint)) {
480 log_debug(LD_APP,"found conn for stream %d.", msg->stream_id);
481 return tmpconn;
482 }
483 }
484 } else {
485 for (tmpconn = TO_OR_CIRCUIT(circ)->n_streams; tmpconn;
486 tmpconn=tmpconn->next_stream) {
487 if (msg->stream_id == tmpconn->stream_id &&
488 !tmpconn->base_.marked_for_close) {
489 log_debug(LD_EXIT,"found conn for stream %d.", msg->stream_id);
490 if (cell_direction == CELL_DIRECTION_OUT ||
492 return tmpconn;
493 }
494 }
495 for (tmpconn = TO_OR_CIRCUIT(circ)->resolving_streams; tmpconn;
496 tmpconn=tmpconn->next_stream) {
497 if (msg->stream_id == tmpconn->stream_id &&
498 !tmpconn->base_.marked_for_close) {
499 log_debug(LD_EXIT,"found conn for stream %d.", msg->stream_id);
500 return tmpconn;
501 }
502 }
503 }
504 return NULL; /* probably a begin relay cell */
505}
506
507#ifdef TOR_UNIT_TESTS
508/** Pack the relay_header_t host-order structure <b>src</b> into
509 * network-order in the buffer <b>dest</b>. See tor-spec.txt for details
510 * about the wire format.
511 */
512void
513relay_header_pack(uint8_t *dest, const relay_header_t *src)
514{
515 set_uint8(dest, src->command);
516 set_uint16(dest+1, htons(src->recognized));
517 set_uint16(dest+3, htons(src->stream_id));
518 memcpy(dest+5, src->integrity, 4);
519 set_uint16(dest+9, htons(src->length));
520}
521
522/** Unpack the network-order buffer <b>src</b> into a host-order
523 * relay_header_t structure <b>dest</b>.
524 */
525void
526relay_header_unpack(relay_header_t *dest, const uint8_t *src)
527{
528 dest->command = get_uint8(src);
529 dest->recognized = ntohs(get_uint16(src+1));
530 dest->stream_id = ntohs(get_uint16(src+3));
531 memcpy(dest->integrity, src+5, 4);
532 dest->length = ntohs(get_uint16(src+9));
533}
534#endif
535
536/** Convert the relay <b>command</b> into a human-readable string. */
537const char *
539{
540 static char buf[64];
541 switch (command) {
542 case RELAY_COMMAND_BEGIN: return "BEGIN";
543 case RELAY_COMMAND_DATA: return "DATA";
544 case RELAY_COMMAND_END: return "END";
545 case RELAY_COMMAND_CONNECTED: return "CONNECTED";
546 case RELAY_COMMAND_SENDME: return "SENDME";
547 case RELAY_COMMAND_EXTEND: return "EXTEND";
548 case RELAY_COMMAND_EXTENDED: return "EXTENDED";
549 case RELAY_COMMAND_TRUNCATE: return "TRUNCATE";
550 case RELAY_COMMAND_TRUNCATED: return "TRUNCATED";
551 case RELAY_COMMAND_DROP: return "DROP";
552 case RELAY_COMMAND_RESOLVE: return "RESOLVE";
553 case RELAY_COMMAND_RESOLVED: return "RESOLVED";
554 case RELAY_COMMAND_BEGIN_DIR: return "BEGIN_DIR";
555 case RELAY_COMMAND_ESTABLISH_INTRO: return "ESTABLISH_INTRO";
556 case RELAY_COMMAND_ESTABLISH_RENDEZVOUS: return "ESTABLISH_RENDEZVOUS";
557 case RELAY_COMMAND_INTRODUCE1: return "INTRODUCE1";
558 case RELAY_COMMAND_INTRODUCE2: return "INTRODUCE2";
559 case RELAY_COMMAND_RENDEZVOUS1: return "RENDEZVOUS1";
560 case RELAY_COMMAND_RENDEZVOUS2: return "RENDEZVOUS2";
561 case RELAY_COMMAND_INTRO_ESTABLISHED: return "INTRO_ESTABLISHED";
562 case RELAY_COMMAND_RENDEZVOUS_ESTABLISHED:
563 return "RENDEZVOUS_ESTABLISHED";
564 case RELAY_COMMAND_INTRODUCE_ACK: return "INTRODUCE_ACK";
565 case RELAY_COMMAND_EXTEND2: return "EXTEND2";
566 case RELAY_COMMAND_EXTENDED2: return "EXTENDED2";
567 case RELAY_COMMAND_PADDING_NEGOTIATE: return "PADDING_NEGOTIATE";
568 case RELAY_COMMAND_PADDING_NEGOTIATED: return "PADDING_NEGOTIATED";
569 case RELAY_COMMAND_CONFLUX_LINK: return "CONFLUX_LINK";
570 case RELAY_COMMAND_CONFLUX_LINKED: return "CONFLUX_LINKED";
571 case RELAY_COMMAND_CONFLUX_LINKED_ACK: return "CONFLUX_LINKED_ACK";
572 case RELAY_COMMAND_CONFLUX_SWITCH: return "CONFLUX_SWITCH";
573 default:
574 tor_snprintf(buf, sizeof(buf), "Unrecognized relay command %u",
575 (unsigned)command);
576 return buf;
577 }
578}
579
580/** Make a relay cell out of <b>relay_command</b> and <b>payload</b>, and send
581 * it onto the open circuit <b>circ</b>. <b>stream_id</b> is the ID on
582 * <b>circ</b> for the stream that's sending the relay cell, or 0 if it's a
583 * control cell. <b>cpath_layer</b> is NULL for OR->OP cells, or the
584 * destination hop for OP->OR cells.
585 *
586 * If you can't send the cell, mark the circuit for close and return -1. Else
587 * return 0.
588 */
589MOCK_IMPL(int,
591 uint8_t relay_command, const char *payload,
592 size_t payload_len, crypt_path_t *cpath_layer,
593 const char *filename, int lineno))
594{
595 cell_t cell;
596 cell_direction_t cell_direction;
597 circuit_t *circ = orig_circ;
598
599 /* If conflux is enabled, decide which leg to send on, and use that */
600 if (orig_circ->conflux && conflux_should_multiplex(relay_command)) {
601 circ = conflux_decide_circ_for_send(orig_circ->conflux, orig_circ,
602 relay_command);
603 if (BUG(!circ)) {
604 log_warn(LD_BUG, "No circuit to send for conflux for relay command %d, "
605 "called from %s:%d", relay_command, filename, lineno);
606 conflux_log_set(LOG_WARN, orig_circ->conflux,
607 CIRCUIT_IS_ORIGIN(orig_circ));
608 circ = orig_circ;
609 } else {
610 /* Conflux circuits always send multiplexed relay commands to
611 * to the last hop. (Non-multiplexed commands go on their
612 * original circuit and hop). */
613 cpath_layer = conflux_get_destination_hop(circ);
614 }
615 }
616
617 /* XXXX NM Split this function into a separate versions per circuit type? */
618
619 tor_assert(circ);
620
621 size_t msg_body_len;
622 {
623 relay_cell_fmt_t cell_format = circuit_get_relay_format(circ, cpath_layer);
624 relay_msg_t msg;
625 if (payload_len >
626 relay_cell_max_payload_size(cell_format, relay_command)) {
627 // TODO CGO: Rate-limit this?
628 log_warn(LD_BUG, "Tried to send a command %d of length %d in "
629 "a v%d cell, from %s:%d",
630 (int)relay_command, (int)payload_len, (int)cell_format,
631 filename, lineno);
632 circuit_mark_for_close(circ, END_CIRC_REASON_INTERNAL);
633 return -1;
634 }
635
636 msg.command = relay_command;
637 msg.stream_id = stream_id;
638 msg.length = payload_len;
639 msg.body = (const uint8_t *) payload;
640 msg_body_len = msg.length;
641
642 if (relay_msg_encode_cell(cell_format, &msg, &cell) < 0) {
643 // We already called IF_BUG_ONCE in relay_msg_encode_cell.
644 circuit_mark_for_close(circ, END_CIRC_REASON_INTERNAL);
645 return -1;
646 }
647 }
648
649 cell.command = CELL_RELAY;
650 if (CIRCUIT_IS_ORIGIN(circ)) {
651 tor_assert(cpath_layer);
652 cell.circ_id = circ->n_circ_id;
653 cell_direction = CELL_DIRECTION_OUT;
654 } else {
655 tor_assert(! cpath_layer);
656 cell.circ_id = TO_OR_CIRCUIT(circ)->p_circ_id;
657 cell_direction = CELL_DIRECTION_IN;
658 }
659
660 log_debug(LD_OR,"delivering %d cell %s.", relay_command,
661 cell_direction == CELL_DIRECTION_OUT ? "forward" : "backward");
662
663 /* Tell circpad we're sending a relay cell */
664 circpad_deliver_sent_relay_cell_events(circ, relay_command);
665
666 /* If we are sending an END cell and this circuit is used for a tunneled
667 * directory request, advance its state. */
668 if (relay_command == RELAY_COMMAND_END && circ->dirreq_id)
669 geoip_change_dirreq_state(circ->dirreq_id, DIRREQ_TUNNELED,
671
672 if (cell_direction == CELL_DIRECTION_OUT && circ->n_chan) {
673 /* if we're using relaybandwidthrate, this conn wants priority */
675 }
676
677 if (cell_direction == CELL_DIRECTION_OUT) {
678 origin_circuit_t *origin_circ = TO_ORIGIN_CIRCUIT(circ);
679 if (origin_circ->remaining_relay_early_cells > 0 &&
680 (relay_command == RELAY_COMMAND_EXTEND ||
681 relay_command == RELAY_COMMAND_EXTEND2 ||
682 cpath_layer != origin_circ->cpath)) {
683 /* If we've got any relay_early cells left and (we're sending
684 * an extend cell or we're not talking to the first hop), use
685 * one of them. Don't worry about the conn protocol version:
686 * append_cell_to_circuit_queue will fix it up. */
687 cell.command = CELL_RELAY_EARLY;
688 /* If we're out of relay early cells, tell circpad */
689 if (--origin_circ->remaining_relay_early_cells == 0)
691 log_debug(LD_OR, "Sending a RELAY_EARLY cell; %d remaining.",
692 (int)origin_circ->remaining_relay_early_cells);
693 /* Memorize the command that is sent as RELAY_EARLY cell; helps debug
694 * task 878. */
695 origin_circ->relay_early_commands[
696 origin_circ->relay_early_cells_sent++] = relay_command;
697 } else if (relay_command == RELAY_COMMAND_EXTEND ||
698 relay_command == RELAY_COMMAND_EXTEND2) {
699 /* If no RELAY_EARLY cells can be sent over this circuit, log which
700 * commands have been sent as RELAY_EARLY cells before; helps debug
701 * task 878. */
702 smartlist_t *commands_list = smartlist_new();
703 int i = 0;
704 char *commands = NULL;
705 for (; i < origin_circ->relay_early_cells_sent; i++)
706 smartlist_add(commands_list, (char *)
708 commands = smartlist_join_strings(commands_list, ",", 0, NULL);
709 log_warn(LD_BUG, "Uh-oh. We're sending a RELAY_COMMAND_EXTEND cell, "
710 "but we have run out of RELAY_EARLY cells on that circuit. "
711 "Commands sent before: %s", commands);
712 tor_free(commands);
713 smartlist_free(commands_list);
714 }
715
716 /* Let's assume we're well-behaved: Anything that we decide to send is
717 * valid, delivered data. */
718 circuit_sent_valid_data(origin_circ, msg_body_len);
719 }
720
721 int ret = circuit_package_relay_cell(&cell, circ, cell_direction,
722 cpath_layer, stream_id, filename,
723 lineno);
724 if (ret < 0) {
725 circuit_mark_for_close(circ, END_CIRC_REASON_INTERNAL);
726 return -1;
727 } else if (ret == 0) {
728 /* This means we should drop the cell or that the circuit was already
729 * marked for close. At this point in time, we do NOT close the circuit if
730 * the cell is dropped. It is not the case with arti where each circuit
731 * protocol violation will lead to closing the circuit. */
732 return 0;
733 }
734
735 /* At this point, we are certain that the cell was queued on the circuit and
736 * thus will be sent on the wire. */
737
738 if (circ->conflux) {
739 conflux_note_cell_sent(circ->conflux, circ, relay_command);
740 }
741
742 /* If applicable, note the cell digest for the SENDME version 1 purpose if
743 * we need to. This call needs to be after the circuit_package_relay_cell()
744 * because the cell digest is set within that function. */
745 if (relay_command == RELAY_COMMAND_DATA) {
746 sendme_record_cell_digest_on_circ(circ, cpath_layer);
747
748 /* Handle the circuit-level SENDME package window. */
749 if (sendme_note_circuit_data_packaged(circ, cpath_layer) < 0) {
750 /* Package window has gone under 0. Protocol issue. */
751 log_fn(LOG_PROTOCOL_WARN, LD_PROTOCOL,
752 "Circuit package window is below 0. Closing circuit.");
753 circuit_mark_for_close(circ, END_CIRC_REASON_TORPROTOCOL);
754 return -1;
755 }
756 }
757
758 return 0;
759}
760
761/** Make a relay cell out of <b>relay_command</b> and <b>payload</b>, and
762 * send it onto the open circuit <b>circ</b>. <b>fromconn</b> is the stream
763 * that's sending the relay cell, or NULL if it's a control cell.
764 * <b>cpath_layer</b> is NULL for OR->OP cells, or the destination hop
765 * for OP->OR cells.
766 *
767 * If you can't send the cell, mark the circuit for close and
768 * return -1. Else return 0.
769 */
770int
772 uint8_t relay_command, const char *payload,
773 size_t payload_len)
774{
775 /* XXXX NM Split this function into a separate versions per circuit type? */
776 circuit_t *circ;
777 crypt_path_t *cpath_layer = fromconn->cpath_layer;
778 tor_assert(fromconn);
779
780 circ = fromconn->on_circuit;
781
782 if (fromconn->base_.marked_for_close) {
783 log_warn(LD_BUG,
784 "called on conn that's already marked for close at %s:%d.",
785 fromconn->base_.marked_for_close_file,
786 fromconn->base_.marked_for_close);
787 return 0;
788 }
789
790 if (!circ) {
791 if (fromconn->base_.type == CONN_TYPE_AP) {
792 log_info(LD_APP,"no circ. Closing conn.");
793 connection_mark_unattached_ap(EDGE_TO_ENTRY_CONN(fromconn),
794 END_STREAM_REASON_INTERNAL);
795 } else {
796 log_info(LD_EXIT,"no circ. Closing conn.");
797 fromconn->edge_has_sent_end = 1; /* no circ to send to */
798 fromconn->end_reason = END_STREAM_REASON_INTERNAL;
799 connection_mark_for_close(TO_CONN(fromconn));
800 }
801 return -1;
802 }
803
804 if (circ->marked_for_close) {
805 /* The circuit has been marked, but not freed yet. When it's freed, it
806 * will mark this connection for close. */
807 return -1;
808 }
809
810#ifdef MEASUREMENTS_21206
811 /* Keep track of the number of RELAY_DATA cells sent for directory
812 * connections. */
813 connection_t *linked_conn = TO_CONN(fromconn)->linked_conn;
814
815 if (linked_conn && linked_conn->type == CONN_TYPE_DIR) {
816 ++(TO_DIR_CONN(linked_conn)->data_cells_sent);
817 }
818#endif /* defined(MEASUREMENTS_21206) */
819
820 return relay_send_command_from_edge(fromconn->stream_id, circ,
821 relay_command, payload,
822 payload_len, cpath_layer);
823}
824
825/** How many times will I retry a stream that fails due to DNS
826 * resolve failure or misc error?
827 */
828#define MAX_RESOLVE_FAILURES 3
829
830/** Return 1 if reason is something that you should retry if you
831 * get the end cell before you've connected; else return 0. */
832static int
834{
835 return reason == END_STREAM_REASON_HIBERNATING ||
836 reason == END_STREAM_REASON_RESOURCELIMIT ||
837 reason == END_STREAM_REASON_EXITPOLICY ||
838 reason == END_STREAM_REASON_RESOLVEFAILED ||
839 reason == END_STREAM_REASON_MISC ||
840 reason == END_STREAM_REASON_NOROUTE;
841}
842
843/** Called when we receive an END cell on a stream that isn't open yet,
844 * from the client side.
845 * Arguments are as for connection_edge_process_relay_cell().
846 */
847static int
849 const relay_msg_t *msg, origin_circuit_t *circ,
850 entry_connection_t *conn, crypt_path_t *layer_hint)
851{
852 node_t *exitrouter;
853 int reason = get_uint8(msg->body);
854 int control_reason;
855 edge_connection_t *edge_conn = ENTRY_TO_EDGE_CONN(conn);
856 (void) layer_hint; /* unused */
857
858 if (msg->length > 0) {
859 if (reason == END_STREAM_REASON_TORPROTOCOL ||
860 reason == END_STREAM_REASON_DESTROY) {
861 /* Both of these reasons could mean a failed tag
862 * hit the exit and it complained. Do not probe.
863 * Fail the circuit. */
865 return -END_CIRC_REASON_TORPROTOCOL;
866 } else if (reason == END_STREAM_REASON_INTERNAL) {
867 /* We can't infer success or failure, since older Tors report
868 * ENETUNREACH as END_STREAM_REASON_INTERNAL. */
869 } else {
870 /* Path bias: If we get a valid reason code from the exit,
871 * it wasn't due to tagging.
872 *
873 * We rely on recognized+digest being strong enough to make
874 * tags unlikely to allow us to get tagged, yet 'recognized'
875 * reason codes here. */
877 }
878 }
879
880 /* This end cell is now valid. */
881 circuit_read_valid_data(circ, msg->length);
882
883 if (msg->length == 0) {
884 reason = END_STREAM_REASON_MISC;
885 }
886
887 control_reason = reason | END_STREAM_REASON_FLAG_REMOTE;
888
889 if (edge_reason_is_retriable(reason) &&
890 /* avoid retry if rend */
892 const char *chosen_exit_digest =
894 log_info(LD_APP,"Address '%s' refused due to '%s'. Considering retrying.",
895 safe_str(conn->socks_request->address),
897 exitrouter = node_get_mutable_by_id(chosen_exit_digest);
898 switch (reason) {
899 case END_STREAM_REASON_EXITPOLICY: {
900 tor_addr_t addr;
902 if (msg->length >= 5) {
903 int ttl = -1;
905 if (msg->length == 5 || msg->length == 9) {
906 tor_addr_from_ipv4n(&addr, get_uint32(msg->body + 1));
907 if (msg->length == 9)
908 ttl = (int)ntohl(get_uint32(msg->body + 5));
909 } else if (msg->length == 17 || msg->length == 21) {
910 tor_addr_from_ipv6_bytes(&addr, msg->body + 1);
911 if (msg->length == 21)
912 ttl = (int)ntohl(get_uint32(msg->body + 17));
913 }
914 if (tor_addr_is_null(&addr)) {
915 log_info(LD_APP,"Address '%s' resolved to 0.0.0.0. Closing,",
916 safe_str(conn->socks_request->address));
917 connection_mark_unattached_ap(conn, END_STREAM_REASON_TORPROTOCOL);
918 return 0;
919 }
920
921 if ((tor_addr_family(&addr) == AF_INET &&
922 !conn->entry_cfg.ipv4_traffic) ||
923 (tor_addr_family(&addr) == AF_INET6 &&
924 !conn->entry_cfg.ipv6_traffic)) {
925 log_fn(LOG_PROTOCOL_WARN, LD_APP,
926 "Got an EXITPOLICY failure on a connection with a "
927 "mismatched family. Closing.");
928 connection_mark_unattached_ap(conn, END_STREAM_REASON_TORPROTOCOL);
929 return 0;
930 }
931 if (get_options()->ClientDNSRejectInternalAddresses &&
932 tor_addr_is_internal(&addr, 0)) {
933 log_info(LD_APP,"Address '%s' resolved to internal. Closing,",
934 safe_str(conn->socks_request->address));
935 connection_mark_unattached_ap(conn, END_STREAM_REASON_TORPROTOCOL);
936 return 0;
937 }
938
940 conn->socks_request->address, &addr,
941 conn->chosen_exit_name, ttl);
942
943 {
944 char new_addr[TOR_ADDR_BUF_LEN];
945 tor_addr_to_str(new_addr, &addr, sizeof(new_addr), 1);
946 if (strcmp(conn->socks_request->address, new_addr)) {
947 strlcpy(conn->socks_request->address, new_addr,
948 sizeof(conn->socks_request->address));
949 control_event_stream_status(conn, STREAM_EVENT_REMAP, 0);
950 }
951 }
952 }
953 /* check if the exit *ought* to have allowed it */
954
956 conn,
957 exitrouter,
958 &addr);
959
960 if (conn->chosen_exit_optional ||
961 conn->chosen_exit_retries) {
962 /* stop wanting a specific exit */
963 conn->chosen_exit_optional = 0;
964 /* A non-zero chosen_exit_retries can happen if we set a
965 * TrackHostExits for this address under a port that the exit
966 * relay allows, but then try the same address with a different
967 * port that it doesn't allow to exit. We shouldn't unregister
968 * the mapping, since it is probably still wanted on the
969 * original port. But now we give away to the exit relay that
970 * we probably have a TrackHostExits on it. So be it. */
971 conn->chosen_exit_retries = 0;
972 tor_free(conn->chosen_exit_name); /* clears it */
973 }
974 if (connection_ap_detach_retriable(conn, circ, control_reason) >= 0)
975 return 0;
976 /* else, conn will get closed below */
977 break;
978 }
979 case END_STREAM_REASON_CONNECTREFUSED:
980 if (!conn->chosen_exit_optional)
981 break; /* break means it'll close, below */
982 /* Else fall through: expire this circuit, clear the
983 * chosen_exit_name field, and try again. */
984 FALLTHROUGH;
985 case END_STREAM_REASON_RESOLVEFAILED:
986 case END_STREAM_REASON_TIMEOUT:
987 case END_STREAM_REASON_MISC:
988 case END_STREAM_REASON_NOROUTE:
991 /* We haven't retried too many times; reattach the connection. */
993 /* Mark this circuit "unusable for new streams". */
995
996 if (conn->chosen_exit_optional) {
997 /* stop wanting a specific exit */
998 conn->chosen_exit_optional = 0;
999 tor_free(conn->chosen_exit_name); /* clears it */
1000 }
1001 if (connection_ap_detach_retriable(conn, circ, control_reason) >= 0)
1002 return 0;
1003 /* else, conn will get closed below */
1004 } else {
1005 log_notice(LD_APP,
1006 "Have tried resolving or connecting to address '%s' "
1007 "at %d different places. Giving up.",
1008 safe_str(conn->socks_request->address),
1010 /* clear the failures, so it will have a full try next time */
1012 }
1013 break;
1014 case END_STREAM_REASON_HIBERNATING:
1015 case END_STREAM_REASON_RESOURCELIMIT:
1016 if (exitrouter) {
1018 }
1019 if (conn->chosen_exit_optional) {
1020 /* stop wanting a specific exit */
1021 conn->chosen_exit_optional = 0;
1022 tor_free(conn->chosen_exit_name); /* clears it */
1023 }
1024 if (connection_ap_detach_retriable(conn, circ, control_reason) >= 0)
1025 return 0;
1026 /* else, will close below */
1027 break;
1028 } /* end switch */
1029 log_info(LD_APP,"Giving up on retrying; conn can't be handled.");
1030 }
1031
1032 log_info(LD_APP,
1033 "Edge got end (%s) before we're connected. Marking for close.",
1034 stream_end_reason_to_string(msg->length > 0 ? reason : -1));
1036 /* need to test because of detach_retriable */
1037 if (!ENTRY_TO_CONN(conn)->marked_for_close)
1038 connection_mark_unattached_ap(conn, control_reason);
1039 return 0;
1040}
1041
1042/** Called when we have gotten an END_REASON_EXITPOLICY failure on <b>circ</b>
1043 * for <b>conn</b>, while attempting to connect via <b>node</b>. If the node
1044 * told us which address it rejected, then <b>addr</b> is that address;
1045 * otherwise it is AF_UNSPEC.
1046 *
1047 * If we are sure the node should have allowed this address, mark the node as
1048 * having a reject *:* exit policy. Otherwise, mark the circuit as unusable
1049 * for this particular address.
1050 **/
1051static void
1053 entry_connection_t *conn,
1054 node_t *node,
1055 const tor_addr_t *addr)
1056{
1057 int make_reject_all = 0;
1058 const sa_family_t family = tor_addr_family(addr);
1059
1060 if (node) {
1061 tor_addr_t tmp;
1062 int asked_for_family = tor_addr_parse(&tmp, conn->socks_request->address);
1063 if (family == AF_UNSPEC) {
1064 make_reject_all = 1;
1065 } else if (node_exit_policy_is_exact(node, family) &&
1066 asked_for_family != -1 && !conn->chosen_exit_name) {
1067 make_reject_all = 1;
1068 }
1069
1070 if (make_reject_all) {
1071 log_info(LD_APP,
1072 "Exitrouter %s seems to be more restrictive than its exit "
1073 "policy. Not using this router as exit for now.",
1074 node_describe(node));
1076 }
1077 }
1078
1079 if (family != AF_UNSPEC)
1081}
1082
1083/** Helper: change the socks_request-&gt;address field on conn to the
1084 * dotted-quad representation of <b>new_addr</b>,
1085 * and send an appropriate REMAP event. */
1086static void
1088{
1089 tor_addr_to_str(conn->socks_request->address, new_addr,
1090 sizeof(conn->socks_request->address),
1091 1);
1092 control_event_stream_status(conn, STREAM_EVENT_REMAP,
1094}
1095
1096/** Extract the contents of a connected cell in <b>cell</b>, whose relay
1097 * header has already been parsed into <b>rh</b>. On success, set
1098 * <b>addr_out</b> to the address we're connected to, and <b>ttl_out</b> to
1099 * the ttl of that address, in seconds, and return 0. On failure, return
1100 * -1.
1101 *
1102 * Note that the resulting address can be UNSPEC if the connected cell had no
1103 * address (as for a stream to an union service or a tunneled directory
1104 * connection), and that the ttl can be absent (in which case <b>ttl_out</b>
1105 * is set to -1). */
1106STATIC int
1108 int *ttl_out)
1109{
1110 uint32_t bytes;
1111 const uint8_t *payload = msg->body;
1112
1113 tor_addr_make_unspec(addr_out);
1114 *ttl_out = -1;
1115 if (msg->length == 0)
1116 return 0;
1117 if (msg->length < 4)
1118 return -1;
1119 bytes = ntohl(get_uint32(payload));
1120
1121 /* If bytes is 0, this is maybe a v6 address. Otherwise it's a v4 address */
1122 if (bytes != 0) {
1123 /* v4 address */
1124 tor_addr_from_ipv4h(addr_out, bytes);
1125 if (msg->length >= 8) {
1126 bytes = ntohl(get_uint32(payload + 4));
1127 if (bytes <= INT32_MAX)
1128 *ttl_out = bytes;
1129 }
1130 } else {
1131 if (msg->length < 25) /* 4 bytes of 0s, 1 addr, 16 ipv4, 4 ttl. */
1132 return -1;
1133 if (get_uint8(payload + 4) != 6)
1134 return -1;
1135 tor_addr_from_ipv6_bytes(addr_out, (payload + 5));
1136 bytes = ntohl(get_uint32(payload + 21));
1137 if (bytes <= INT32_MAX)
1138 *ttl_out = (int) bytes;
1139 }
1140 return 0;
1141}
1142
1143/** Drop all storage held by <b>addr</b>. */
1144STATIC void
1145address_ttl_free_(address_ttl_t *addr)
1146{
1147 if (!addr)
1148 return;
1149 tor_free(addr->hostname);
1150 tor_free(addr);
1151}
1152
1153/** Parse a resolved cell in <b>cell</b>, with parsed header in <b>rh</b>.
1154 * Return -1 on parse error. On success, add one or more newly allocated
1155 * address_ttl_t to <b>addresses_out</b>; set *<b>errcode_out</b> to
1156 * one of 0, RESOLVED_TYPE_ERROR, or RESOLVED_TYPE_ERROR_TRANSIENT, and
1157 * return 0. */
1158STATIC int
1160 int *errcode_out)
1161{
1162 const uint8_t *cp;
1163 uint8_t answer_type;
1164 size_t answer_len;
1165 address_ttl_t *addr;
1166 size_t remaining;
1167 int errcode = 0;
1168 smartlist_t *addrs;
1169
1170 tor_assert(msg);
1171 tor_assert(addresses_out);
1172 tor_assert(errcode_out);
1173
1174 *errcode_out = 0;
1175
1176 if (msg->length > RELAY_PAYLOAD_SIZE_MAX)
1177 return -1;
1178
1179 addrs = smartlist_new();
1180
1181 cp = msg->body;
1182
1183 remaining = msg->length;
1184 while (remaining) {
1185 const uint8_t *cp_orig = cp;
1186 if (remaining < 2)
1187 goto err;
1188 answer_type = *cp++;
1189 answer_len = *cp++;
1190 if (remaining < 2 + answer_len + 4) {
1191 goto err;
1192 }
1193 if (answer_type == RESOLVED_TYPE_IPV4) {
1194 if (answer_len != 4) {
1195 goto err;
1196 }
1197 addr = tor_malloc_zero(sizeof(*addr));
1198 tor_addr_from_ipv4n(&addr->addr, get_uint32(cp));
1199 cp += 4;
1200 addr->ttl = ntohl(get_uint32(cp));
1201 cp += 4;
1202 smartlist_add(addrs, addr);
1203 } else if (answer_type == RESOLVED_TYPE_IPV6) {
1204 if (answer_len != 16)
1205 goto err;
1206 addr = tor_malloc_zero(sizeof(*addr));
1207 tor_addr_from_ipv6_bytes(&addr->addr, cp);
1208 cp += 16;
1209 addr->ttl = ntohl(get_uint32(cp));
1210 cp += 4;
1211 smartlist_add(addrs, addr);
1212 } else if (answer_type == RESOLVED_TYPE_HOSTNAME) {
1213 if (answer_len == 0) {
1214 goto err;
1215 }
1216 addr = tor_malloc_zero(sizeof(*addr));
1217 addr->hostname = tor_memdup_nulterm(cp, answer_len);
1218 cp += answer_len;
1219 addr->ttl = ntohl(get_uint32(cp));
1220 cp += 4;
1221 smartlist_add(addrs, addr);
1222 } else if (answer_type == RESOLVED_TYPE_ERROR_TRANSIENT ||
1223 answer_type == RESOLVED_TYPE_ERROR) {
1224 errcode = answer_type;
1225 /* Ignore the error contents */
1226 cp += answer_len + 4;
1227 } else {
1228 cp += answer_len + 4;
1229 }
1230 tor_assert(((ssize_t)remaining) >= (cp - cp_orig));
1231 remaining -= (cp - cp_orig);
1232 }
1233
1234 if (errcode && smartlist_len(addrs) == 0) {
1235 /* Report an error only if there were no results. */
1236 *errcode_out = errcode;
1237 }
1238
1239 smartlist_add_all(addresses_out, addrs);
1240 smartlist_free(addrs);
1241
1242 return 0;
1243
1244 err:
1245 /* On parse error, don't report any results */
1246 SMARTLIST_FOREACH(addrs, address_ttl_t *, a, address_ttl_free(a));
1247 smartlist_free(addrs);
1248 return -1;
1249}
1250
1251/** Helper for connection_edge_process_resolved_cell: given an error code,
1252 * an entry_connection, and a list of address_ttl_t *, report the best answer
1253 * to the entry_connection. */
1254static void
1256 int error_code,
1257 smartlist_t *results)
1258{
1259 address_ttl_t *addr_ipv4 = NULL;
1260 address_ttl_t *addr_ipv6 = NULL;
1261 address_ttl_t *addr_hostname = NULL;
1262 address_ttl_t *addr_best = NULL;
1263
1264 /* If it's an error code, that's easy. */
1265 if (error_code) {
1266 tor_assert(error_code == RESOLVED_TYPE_ERROR ||
1267 error_code == RESOLVED_TYPE_ERROR_TRANSIENT);
1269 error_code,0,NULL,-1,-1);
1270 return;
1271 }
1272
1273 /* Get the first answer of each type. */
1274 SMARTLIST_FOREACH_BEGIN(results, address_ttl_t *, addr) {
1275 if (addr->hostname) {
1276 if (!addr_hostname) {
1277 addr_hostname = addr;
1278 }
1279 } else if (tor_addr_family(&addr->addr) == AF_INET) {
1280 if (!addr_ipv4 && conn->entry_cfg.ipv4_traffic) {
1281 addr_ipv4 = addr;
1282 }
1283 } else if (tor_addr_family(&addr->addr) == AF_INET6) {
1284 if (!addr_ipv6 && conn->entry_cfg.ipv6_traffic) {
1285 addr_ipv6 = addr;
1286 }
1287 }
1288 } SMARTLIST_FOREACH_END(addr);
1289
1290 /* Now figure out which type we wanted to deliver. */
1292 if (addr_hostname) {
1294 RESOLVED_TYPE_HOSTNAME,
1295 strlen(addr_hostname->hostname),
1296 (uint8_t*)addr_hostname->hostname,
1297 addr_hostname->ttl,-1);
1298 } else {
1300 RESOLVED_TYPE_ERROR,0,NULL,-1,-1);
1301 }
1302 return;
1303 }
1304
1305 if (conn->entry_cfg.prefer_ipv6) {
1306 addr_best = addr_ipv6 ? addr_ipv6 : addr_ipv4;
1307 } else {
1308 addr_best = addr_ipv4 ? addr_ipv4 : addr_ipv6;
1309 }
1310
1311 /* Now convert it to the ugly old interface */
1312 if (! addr_best) {
1314 RESOLVED_TYPE_NOERROR,0,NULL,-1,-1);
1315 return;
1316 }
1317
1319 &addr_best->addr,
1320 addr_best->ttl,
1321 -1);
1322
1323 remap_event_helper(conn, &addr_best->addr);
1324}
1325
1326/** Handle a RELAY_COMMAND_RESOLVED cell that we received on a non-open AP
1327 * stream. */
1328STATIC int
1330 const relay_msg_t *msg)
1331{
1332 entry_connection_t *entry_conn = EDGE_TO_ENTRY_CONN(conn);
1333 smartlist_t *resolved_addresses = NULL;
1334 int errcode = 0;
1335
1336 if (conn->base_.state != AP_CONN_STATE_RESOLVE_WAIT) {
1337 log_fn(LOG_PROTOCOL_WARN, LD_APP, "Got a 'resolved' cell while "
1338 "not in state resolve_wait. Dropping.");
1339 return 0;
1340 }
1341 tor_assert(SOCKS_COMMAND_IS_RESOLVE(entry_conn->socks_request->command));
1342
1343 resolved_addresses = smartlist_new();
1344 if (resolved_cell_parse(msg, resolved_addresses, &errcode)) {
1345 log_fn(LOG_PROTOCOL_WARN, LD_PROTOCOL,
1346 "Dropping malformed 'resolved' cell");
1347 connection_mark_unattached_ap(entry_conn, END_STREAM_REASON_TORPROTOCOL);
1348 goto done;
1349 }
1350
1351 if (get_options()->ClientDNSRejectInternalAddresses) {
1352 int orig_len = smartlist_len(resolved_addresses);
1353 SMARTLIST_FOREACH_BEGIN(resolved_addresses, address_ttl_t *, addr) {
1354 if (addr->hostname == NULL && tor_addr_is_internal(&addr->addr, 0)) {
1355 log_info(LD_APP, "Got a resolved cell with answer %s; dropping that "
1356 "answer.",
1357 safe_str_client(fmt_addr(&addr->addr)));
1358 address_ttl_free(addr);
1359 SMARTLIST_DEL_CURRENT(resolved_addresses, addr);
1360 }
1361 } SMARTLIST_FOREACH_END(addr);
1362 if (orig_len && smartlist_len(resolved_addresses) == 0) {
1363 log_info(LD_APP, "Got a resolved cell with only private addresses; "
1364 "dropping it.");
1366 RESOLVED_TYPE_ERROR_TRANSIENT,
1367 0, NULL, 0, TIME_MAX);
1368 connection_mark_unattached_ap(entry_conn,
1369 END_STREAM_REASON_TORPROTOCOL);
1370 goto done;
1371 }
1372 }
1373
1374 /* This is valid data at this point. Count it */
1375 if (conn->on_circuit && CIRCUIT_IS_ORIGIN(conn->on_circuit)) {
1377 msg->length);
1378 }
1379
1381 errcode,
1382 resolved_addresses);
1383
1384 connection_mark_unattached_ap(entry_conn,
1385 END_STREAM_REASON_DONE |
1387
1388 done:
1389 SMARTLIST_FOREACH(resolved_addresses, address_ttl_t *, addr,
1390 address_ttl_free(addr));
1391 smartlist_free(resolved_addresses);
1392 return 0;
1393}
1394
1395/** An incoming relay cell has arrived from circuit <b>circ</b> to
1396 * stream <b>conn</b>.
1397 *
1398 * The arguments here are the same as in
1399 * connection_edge_process_relay_cell() below; this function is called
1400 * from there when <b>conn</b> is defined and not in an open state.
1401 */
1402static int
1404 const relay_msg_t *msg, circuit_t *circ,
1405 edge_connection_t *conn, crypt_path_t *layer_hint)
1406{
1407 if (msg->command == RELAY_COMMAND_END) {
1408 if (CIRCUIT_IS_ORIGIN(circ) && conn->base_.type == CONN_TYPE_AP) {
1410 TO_ORIGIN_CIRCUIT(circ),
1411 EDGE_TO_ENTRY_CONN(conn),
1412 layer_hint);
1413 } else {
1414 /* we just got an 'end', don't need to send one */
1415 conn->edge_has_sent_end = 1;
1417 connection_mark_for_close(TO_CONN(conn));
1418 return 0;
1419 }
1420 }
1421
1422 if (conn->base_.type == CONN_TYPE_AP &&
1423 msg->command == RELAY_COMMAND_CONNECTED) {
1424 tor_addr_t addr;
1425 int ttl;
1426 entry_connection_t *entry_conn = EDGE_TO_ENTRY_CONN(conn);
1428 if (conn->base_.state != AP_CONN_STATE_CONNECT_WAIT) {
1429 log_fn(LOG_PROTOCOL_WARN, LD_APP,
1430 "Got 'connected' while not in state connect_wait. Dropping.");
1431 return 0;
1432 }
1433 CONNECTION_AP_EXPECT_NONPENDING(entry_conn);
1434 conn->base_.state = AP_CONN_STATE_OPEN;
1435 log_info(LD_APP,"'connected' received for circid %u streamid %d "
1436 "after %d seconds.",
1437 (unsigned)circ->n_circ_id,
1438 msg->stream_id,
1439 (int)(time(NULL) - conn->base_.timestamp_last_read_allowed));
1440 if (connected_cell_parse(msg, &addr, &ttl) < 0) {
1441 log_fn(LOG_PROTOCOL_WARN, LD_APP,
1442 "Got a badly formatted connected cell. Closing.");
1443 connection_edge_end(conn, END_STREAM_REASON_TORPROTOCOL);
1444 connection_mark_unattached_ap(entry_conn, END_STREAM_REASON_TORPROTOCOL);
1445 return 0;
1446 }
1447 if (tor_addr_family(&addr) != AF_UNSPEC) {
1448 /* The family is not UNSPEC: so we were given an address in the
1449 * connected cell. (This is normal, except for BEGINDIR and onion
1450 * service streams.) */
1451 const sa_family_t family = tor_addr_family(&addr);
1452 if (tor_addr_is_null(&addr) ||
1453 (get_options()->ClientDNSRejectInternalAddresses &&
1454 tor_addr_is_internal(&addr, 0))) {
1455 log_info(LD_APP, "...but it claims the IP address was %s. Closing.",
1456 safe_str(fmt_addr(&addr)));
1457 connection_edge_end(conn, END_STREAM_REASON_TORPROTOCOL);
1458 connection_mark_unattached_ap(entry_conn,
1459 END_STREAM_REASON_TORPROTOCOL);
1460 return 0;
1461 }
1462
1463 if ((family == AF_INET && ! entry_conn->entry_cfg.ipv4_traffic) ||
1464 (family == AF_INET6 && ! entry_conn->entry_cfg.ipv6_traffic)) {
1465 log_fn(LOG_PROTOCOL_WARN, LD_APP,
1466 "Got a connected cell to %s with unsupported address family."
1467 " Closing.", safe_str(fmt_addr(&addr)));
1468 connection_edge_end(conn, END_STREAM_REASON_TORPROTOCOL);
1469 connection_mark_unattached_ap(entry_conn,
1470 END_STREAM_REASON_TORPROTOCOL);
1471 return 0;
1472 }
1473
1474 client_dns_set_addressmap(entry_conn,
1475 entry_conn->socks_request->address, &addr,
1476 entry_conn->chosen_exit_name, ttl);
1477
1478 remap_event_helper(entry_conn, &addr);
1479 }
1481 /* don't send a socks reply to transparent conns */
1482 tor_assert(entry_conn->socks_request != NULL);
1483 if (!entry_conn->socks_request->has_finished) {
1484 connection_ap_handshake_socks_reply(entry_conn, NULL, 0, 0);
1485 }
1486
1487 /* Was it a linked dir conn? If so, a dir request just started to
1488 * fetch something; this could be a bootstrap status milestone. */
1489 log_debug(LD_APP, "considering");
1490 if (TO_CONN(conn)->linked_conn &&
1491 TO_CONN(conn)->linked_conn->type == CONN_TYPE_DIR) {
1492 connection_t *dirconn = TO_CONN(conn)->linked_conn;
1493 log_debug(LD_APP, "it is! %d", dirconn->purpose);
1494 switch (dirconn->purpose) {
1497 control_event_bootstrap(BOOTSTRAP_STATUS_LOADING_KEYS, 0);
1498 break;
1500 control_event_bootstrap(BOOTSTRAP_STATUS_LOADING_STATUS, 0);
1501 break;
1504 if (TO_DIR_CONN(dirconn)->router_purpose == ROUTER_PURPOSE_GENERAL)
1505 control_event_boot_dir(BOOTSTRAP_STATUS_LOADING_DESCRIPTORS,
1507 break;
1508 }
1509 }
1510 /* This is definitely a success, so forget about any pending data we
1511 * had sent. */
1512 if (entry_conn->pending_optimistic_data) {
1513 buf_free(entry_conn->pending_optimistic_data);
1514 entry_conn->pending_optimistic_data = NULL;
1515 }
1516
1517 /* This is valid data at this point. Count it */
1518 circuit_read_valid_data(TO_ORIGIN_CIRCUIT(circ), msg->length);
1519
1520 /* handle anything that might have queued */
1521 if (connection_edge_package_raw_inbuf(conn, 1, NULL) < 0) {
1522 /* (We already sent an end cell if possible) */
1523 connection_mark_for_close(TO_CONN(conn));
1524 return 0;
1525 }
1526 return 0;
1527 }
1528 if (conn->base_.type == CONN_TYPE_AP &&
1529 msg->command == RELAY_COMMAND_RESOLVED) {
1530 return connection_edge_process_resolved_cell(conn, msg);
1531 }
1532
1533 log_fn(LOG_PROTOCOL_WARN, LD_PROTOCOL,
1534 "Got an unexpected relay command %d, in state %d (%s). Dropping.",
1535 msg->command, conn->base_.state,
1536 conn_state_to_string(conn->base_.type, conn->base_.state));
1537 return 0; /* for forward compatibility, don't kill the circuit */
1538// connection_edge_end(conn, END_STREAM_REASON_TORPROTOCOL);
1539// connection_mark_for_close(conn);
1540// return -1;
1541}
1542
1543/** Process a SENDME cell that arrived on <b>circ</b>. If it is a stream level
1544 * cell, it is destined for the given <b>conn</b>. If it is a circuit level
1545 * cell, it is destined for the <b>layer_hint</b>. The <b>domain</b> is the
1546 * logging domain that should be used.
1547 *
1548 * Return 0 if everything went well or a negative value representing a circuit
1549 * end reason on error for which the caller is responsible for closing it. */
1550static int
1552 edge_connection_t *conn, crypt_path_t *layer_hint,
1553 int domain)
1554{
1555 int ret;
1556
1557 tor_assert(msg);
1558
1559 if (!msg->stream_id) {
1560 /* Circuit level SENDME cell. */
1561 ret = sendme_process_circuit_level(layer_hint, circ, msg->body,
1562 msg->length);
1563 if (ret < 0) {
1564 return ret;
1565 }
1566 /* Resume reading on any streams now that we've processed a valid
1567 * SENDME cell that updated our package window. */
1568 circuit_resume_edge_reading(circ, layer_hint);
1569 /* We are done, the rest of the code is for the stream level. */
1570 return 0;
1571 }
1572
1573 /* No connection, might be half edge state. We are done if so. */
1574 if (!conn) {
1575 if (CIRCUIT_IS_ORIGIN(circ)) {
1576 origin_circuit_t *ocirc = TO_ORIGIN_CIRCUIT(circ);
1578 msg->stream_id)) {
1579 circuit_read_valid_data(ocirc, msg->length);
1580 log_info(domain, "Sendme cell on circ %u valid on half-closed "
1581 "stream id %d",
1582 ocirc->global_identifier, msg->stream_id);
1583 }
1584 }
1585
1586 log_info(domain, "SENDME cell dropped, unknown stream (streamid %d).",
1587 msg->stream_id);
1588 return 0;
1589 }
1590
1591 /* Stream level SENDME cell. */
1592 // TODO: Turn this off for cc_alg=1,2,3; use XON/XOFF instead
1593 ret = sendme_process_stream_level(conn, circ, msg->length);
1594 if (ret < 0) {
1595 /* Means we need to close the circuit with reason ret. */
1596 return ret;
1597 }
1598
1599 /* We've now processed properly a SENDME cell, all windows have been
1600 * properly updated, we'll read on the edge connection to see if we can
1601 * get data out towards the end point (Exit or client) since we are now
1602 * allowed to deliver more cells. */
1603
1605 /* Still waiting for queue to flush; don't touch conn */
1606 return 0;
1607 }
1609 /* handle whatever might still be on the inbuf */
1610 if (connection_edge_package_raw_inbuf(conn, 1, NULL) < 0) {
1611 /* (We already sent an end cell if possible) */
1612 connection_mark_for_close(TO_CONN(conn));
1613 return 0;
1614 }
1615 return 0;
1616}
1617
1618/** A helper for connection_edge_process_relay_cell(): Actually handles the
1619 * cell that we received on the connection.
1620 *
1621 * The arguments are the same as in the parent function
1622 * connection_edge_process_relay_cell(), plus the relay header <b>rh</b> as
1623 * unpacked by the parent function, and <b>optimistic_data</b> as set by the
1624 * parent function.
1625 */
1626STATIC int
1628 edge_connection_t *conn, crypt_path_t *layer_hint,
1629 int optimistic_data)
1630{
1631 unsigned domain = layer_hint?LD_APP:LD_EXIT;
1632 int reason;
1633
1634 tor_assert(msg);
1635
1636 /* First pass the cell to the circuit padding subsystem, in case it's a
1637 * padding cell or circuit that should be handled there. */
1638 if (circpad_check_received_cell(msg, circ, layer_hint) == 0) {
1639 log_debug(domain, "Cell handled as circuit padding");
1640 return 0;
1641 }
1642
1643 /* Now handle all the other commands */
1644 switch (msg->command) {
1645 case RELAY_COMMAND_CONFLUX_LINK:
1646 conflux_process_link(circ, msg);
1647 return 0;
1648 case RELAY_COMMAND_CONFLUX_LINKED:
1649 conflux_process_linked(circ, layer_hint, msg);
1650 return 0;
1651 case RELAY_COMMAND_CONFLUX_LINKED_ACK:
1653 return 0;
1654 case RELAY_COMMAND_CONFLUX_SWITCH:
1655 return conflux_process_switch_command(circ, layer_hint, msg);
1656 case RELAY_COMMAND_BEGIN:
1657 case RELAY_COMMAND_BEGIN_DIR:
1658 if (layer_hint &&
1660 log_fn(LOG_PROTOCOL_WARN, LD_APP,
1661 "Relay begin request unsupported at AP. Dropping.");
1662 return 0;
1663 }
1665 layer_hint != TO_ORIGIN_CIRCUIT(circ)->cpath->prev) {
1666 log_fn(LOG_PROTOCOL_WARN, LD_APP,
1667 "Relay begin request to Hidden Service "
1668 "from intermediary node. Dropping.");
1669 return 0;
1670 }
1671 if (conn) {
1672 log_fn(LOG_PROTOCOL_WARN, domain,
1673 "Begin cell for known stream. Dropping.");
1674 return 0;
1675 }
1676 if (msg->command == RELAY_COMMAND_BEGIN_DIR &&
1678 /* Assign this circuit and its app-ward OR connection a unique ID,
1679 * so that we can measure download times. The local edge and dir
1680 * connection will be assigned the same ID when they are created
1681 * and linked. */
1682 static uint64_t next_id = 0;
1683 circ->dirreq_id = ++next_id;
1684 TO_OR_CIRCUIT(circ)->p_chan->dirreq_id = circ->dirreq_id;
1685 }
1686 return connection_exit_begin_conn(msg, circ);
1687 case RELAY_COMMAND_DATA:
1689
1690 if (msg->stream_id == 0) {
1691 log_fn(LOG_PROTOCOL_WARN, LD_PROTOCOL, "Relay data cell with zero "
1692 "stream_id. Dropping.");
1693 return 0;
1694 } else if (!conn) {
1695 if (CIRCUIT_IS_ORIGIN(circ)) {
1696 origin_circuit_t *ocirc = TO_ORIGIN_CIRCUIT(circ);
1698 msg->stream_id)) {
1699 circuit_read_valid_data(ocirc, msg->length);
1700 log_info(domain,
1701 "data cell on circ %u valid on half-closed "
1702 "stream id %d", ocirc->global_identifier, msg->stream_id);
1703 }
1704 }
1705
1706 log_info(domain,"data cell dropped, unknown stream (streamid %d).",
1707 msg->stream_id);
1708 return 0;
1709 }
1710
1711 /* Update our stream-level deliver window that we just received a DATA
1712 * cell. Going below 0 means we have a protocol level error so the
1713 * stream and circuit are closed. */
1714 if (sendme_stream_data_received(conn) < 0) {
1715 log_fn(LOG_PROTOCOL_WARN, LD_PROTOCOL,
1716 "(relay data) conn deliver_window below 0. Killing.");
1717 connection_edge_end_close(conn, END_STREAM_REASON_TORPROTOCOL);
1718 return -END_CIRC_REASON_TORPROTOCOL;
1719 }
1720 /* Total all valid application bytes delivered */
1721 if (CIRCUIT_IS_ORIGIN(circ) && msg->length > 0) {
1722 circuit_read_valid_data(TO_ORIGIN_CIRCUIT(circ), msg->length);
1723 }
1724
1725 /* For onion service connection, update the metrics. */
1726 if (conn->hs_ident) {
1727 hs_metrics_app_write_bytes(&conn->hs_ident->identity_pk,
1728 conn->hs_ident->orig_virtual_port,
1729 msg->length);
1730 }
1731
1732 stats_n_data_bytes_received += msg->length;
1733 connection_buf_add((char*) msg->body, msg->length, TO_CONN(conn));
1734
1735#ifdef MEASUREMENTS_21206
1736 /* Count number of RELAY_DATA cells received on a linked directory
1737 * connection. */
1738 connection_t *linked_conn = TO_CONN(conn)->linked_conn;
1739
1740 if (linked_conn && linked_conn->type == CONN_TYPE_DIR) {
1741 ++(TO_DIR_CONN(linked_conn)->data_cells_received);
1742 }
1743#endif /* defined(MEASUREMENTS_21206) */
1744
1745 if (!optimistic_data) {
1746 /* Only send a SENDME if we're not getting optimistic data; otherwise
1747 * a SENDME could arrive before the CONNECTED.
1748 */
1750 }
1751
1752 return 0;
1753 case RELAY_COMMAND_XOFF:
1754 if (!conn) {
1755 if (CIRCUIT_IS_ORIGIN(circ)) {
1756 origin_circuit_t *ocirc = TO_ORIGIN_CIRCUIT(circ);
1757 if (relay_crypt_from_last_hop(ocirc, layer_hint) &&
1759 msg->stream_id)) {
1760 circuit_read_valid_data(ocirc, msg->length);
1761 }
1762 }
1763 return 0;
1764 }
1765
1766 if (circuit_process_stream_xoff(conn, layer_hint)) {
1767 if (CIRCUIT_IS_ORIGIN(circ)) {
1768 circuit_read_valid_data(TO_ORIGIN_CIRCUIT(circ), msg->length);
1769 }
1770 }
1771 return 0;
1772 case RELAY_COMMAND_XON:
1773 if (!conn) {
1774 if (CIRCUIT_IS_ORIGIN(circ)) {
1775 origin_circuit_t *ocirc = TO_ORIGIN_CIRCUIT(circ);
1776 if (relay_crypt_from_last_hop(ocirc, layer_hint) &&
1778 msg->stream_id)) {
1779 circuit_read_valid_data(ocirc, msg->length);
1780 }
1781 }
1782 return 0;
1783 }
1784
1785 if (circuit_process_stream_xon(conn, layer_hint, msg)) {
1786 if (CIRCUIT_IS_ORIGIN(circ)) {
1787 circuit_read_valid_data(TO_ORIGIN_CIRCUIT(circ), msg->length);
1788 }
1789 }
1790 return 0;
1791 case RELAY_COMMAND_END:
1792 reason = msg->length > 0 ? get_uint8(msg->body) : END_STREAM_REASON_MISC;
1793 if (!conn) {
1794 if (CIRCUIT_IS_ORIGIN(circ)) {
1795 origin_circuit_t *ocirc = TO_ORIGIN_CIRCUIT(circ);
1796 if (relay_crypt_from_last_hop(ocirc, layer_hint) &&
1798 msg->stream_id)) {
1799
1800 circuit_read_valid_data(ocirc, msg->length);
1801 log_info(domain,
1802 "end cell (%s) on circ %u valid on half-closed "
1803 "stream id %d",
1805 ocirc->global_identifier, msg->stream_id);
1806 return 0;
1807 }
1808 }
1809 log_info(domain,"end cell (%s) dropped, unknown stream.",
1811 return 0;
1812 }
1813/* XXX add to this log_fn the exit node's nickname? */
1814 log_info(domain,TOR_SOCKET_T_FORMAT": end cell (%s) for stream %d. "
1815 "Removing stream.",
1816 conn->base_.s,
1818 conn->stream_id);
1819 if (conn->base_.type == CONN_TYPE_AP) {
1820 entry_connection_t *entry_conn = EDGE_TO_ENTRY_CONN(conn);
1821 if (entry_conn->socks_request &&
1822 !entry_conn->socks_request->has_finished)
1823 log_warn(LD_BUG,
1824 "open stream hasn't sent socks answer yet? Closing.");
1825 }
1826 /* We just *got* an end; no reason to send one. */
1827 conn->edge_has_sent_end = 1;
1828 if (!conn->end_reason)
1830 if (!conn->base_.marked_for_close) {
1831 /* only mark it if not already marked. it's possible to
1832 * get the 'end' right around when the client hangs up on us. */
1833 connection_mark_and_flush(TO_CONN(conn));
1834
1835 /* Total all valid application bytes delivered */
1836 if (CIRCUIT_IS_ORIGIN(circ)) {
1837 circuit_read_valid_data(TO_ORIGIN_CIRCUIT(circ), msg->length);
1838 }
1839 }
1840 return 0;
1841 case RELAY_COMMAND_EXTEND:
1842 case RELAY_COMMAND_EXTEND2: {
1843 static uint64_t total_n_extend=0, total_nonearly=0;
1844 total_n_extend++;
1845 if (msg->stream_id) {
1846 log_fn(LOG_PROTOCOL_WARN, domain,
1847 "'extend' cell received for non-zero stream. Dropping.");
1848 return 0;
1849 }
1850 if (!msg->is_relay_early &&
1851 !networkstatus_get_param(NULL,"AllowNonearlyExtend",0,0,1)) {
1852#define EARLY_WARNING_INTERVAL 3600
1853 static ratelim_t early_warning_limit =
1854 RATELIM_INIT(EARLY_WARNING_INTERVAL);
1855 char *m;
1856 if (!msg->is_relay_early) {
1857 ++total_nonearly;
1858 if ((m = rate_limit_log(&early_warning_limit, approx_time()))) {
1859 double percentage = ((double)total_nonearly)/total_n_extend;
1860 percentage *= 100;
1861 log_fn(LOG_PROTOCOL_WARN, domain, "EXTEND cell received, "
1862 "but not via RELAY_EARLY. Dropping.%s", m);
1863 log_fn(LOG_PROTOCOL_WARN, domain, " (We have dropped %.02f%% of "
1864 "all EXTEND cells for this reason)", percentage);
1865 tor_free(m);
1866 }
1867 } else {
1868 log_fn(LOG_WARN, domain,
1869 "EXTEND cell received, in a cell with type %d! Dropping.",
1870 msg->command);
1871 }
1872 return 0;
1873 }
1874 return circuit_extend(msg, circ);
1875 }
1876 case RELAY_COMMAND_EXTENDED:
1877 case RELAY_COMMAND_EXTENDED2:
1878 if (!layer_hint) {
1879 log_fn(LOG_PROTOCOL_WARN, LD_PROTOCOL,
1880 "'extended' unsupported at non-origin. Dropping.");
1881 return 0;
1882 }
1883 log_debug(domain,"Got an extended cell! Yay.");
1884 {
1885 extended_cell_t extended_cell;
1886 if (extended_cell_parse(&extended_cell, msg->command,
1887 msg->body, msg->length) < 0) {
1888 log_warn(LD_PROTOCOL,
1889 "Can't parse EXTENDED cell; killing circuit.");
1890 return -END_CIRC_REASON_TORPROTOCOL;
1891 }
1892 if ((reason = circuit_finish_handshake(TO_ORIGIN_CIRCUIT(circ),
1893 &extended_cell.created_cell)) < 0) {
1894 circuit_mark_for_close(circ, -reason);
1895 return 0; /* We don't want to cause a warning, so we mark the circuit
1896 * here. */
1897 }
1898 }
1899 if ((reason=circuit_send_next_onion_skin(TO_ORIGIN_CIRCUIT(circ)))<0) {
1900 log_info(domain,"circuit_send_next_onion_skin() failed.");
1901 return reason;
1902 }
1903 /* Total all valid bytes delivered. */
1904 if (CIRCUIT_IS_ORIGIN(circ)) {
1905 circuit_read_valid_data(TO_ORIGIN_CIRCUIT(circ), msg->length);
1906 }
1907 return 0;
1908 case RELAY_COMMAND_TRUNCATE:
1909 if (layer_hint) {
1910 log_fn(LOG_PROTOCOL_WARN, LD_APP,
1911 "'truncate' unsupported at origin. Dropping.");
1912 return 0;
1913 }
1914 if (circ->n_hop) {
1915 if (circ->n_chan)
1916 log_warn(LD_BUG, "n_chan and n_hop set on the same circuit!");
1917 extend_info_free(circ->n_hop);
1918 circ->n_hop = NULL;
1921 }
1922 if (circ->n_chan) {
1923 uint8_t trunc_reason = get_uint8(msg->body);
1924 circuit_synchronize_written_or_bandwidth(circ, CIRCUIT_N_CHAN);
1925 circuit_clear_cell_queue(circ, circ->n_chan);
1927 trunc_reason);
1928 circuit_set_n_circid_chan(circ, 0, NULL);
1929 }
1930 log_debug(LD_EXIT, "Processed 'truncate', replying.");
1931 {
1932 char payload[1];
1933 payload[0] = (char)END_CIRC_REASON_REQUESTED;
1934 relay_send_command_from_edge(0, circ, RELAY_COMMAND_TRUNCATED,
1935 payload, sizeof(payload), NULL);
1936 }
1937 return 0;
1938 case RELAY_COMMAND_TRUNCATED:
1939 if (!layer_hint) {
1940 log_fn(LOG_PROTOCOL_WARN, LD_EXIT,
1941 "'truncated' unsupported at non-origin. Dropping.");
1942 return 0;
1943 }
1944
1945 /* Count the truncated as valid, for completeness. The
1946 * circuit is being torn down anyway, though. */
1947 if (CIRCUIT_IS_ORIGIN(circ)) {
1948 circuit_read_valid_data(TO_ORIGIN_CIRCUIT(circ), msg->length);
1949 }
1951 return 0;
1952 case RELAY_COMMAND_CONNECTED:
1953 if (conn) {
1954 log_fn(LOG_PROTOCOL_WARN, LD_PROTOCOL,
1955 "'connected' unsupported while open. Closing circ.");
1956 return -END_CIRC_REASON_TORPROTOCOL;
1957 }
1958
1959 if (CIRCUIT_IS_ORIGIN(circ)) {
1960 origin_circuit_t *ocirc = TO_ORIGIN_CIRCUIT(circ);
1962 msg->stream_id)) {
1963 circuit_read_valid_data(ocirc, msg->length);
1964 log_info(domain,
1965 "connected cell on circ %u valid on half-closed "
1966 "stream id %d", ocirc->global_identifier, msg->stream_id);
1967 return 0;
1968 }
1969 }
1970
1971 log_info(domain,
1972 "'connected' received on circid %u for streamid %d, "
1973 "no conn attached anymore. Ignoring.",
1974 (unsigned)circ->n_circ_id, msg->stream_id);
1975 return 0;
1976 case RELAY_COMMAND_SENDME:
1977 return process_sendme_cell(msg, circ, conn, layer_hint, domain);
1978 case RELAY_COMMAND_RESOLVE:
1979 if (layer_hint) {
1980 log_fn(LOG_PROTOCOL_WARN, LD_APP,
1981 "resolve request unsupported at AP; dropping.");
1982 return 0;
1983 } else if (conn) {
1984 log_fn(LOG_PROTOCOL_WARN, domain,
1985 "resolve request for known stream; dropping.");
1986 return 0;
1987 } else if (circ->purpose != CIRCUIT_PURPOSE_OR) {
1988 log_fn(LOG_PROTOCOL_WARN, domain,
1989 "resolve request on circ with purpose %d; dropping",
1990 circ->purpose);
1991 return 0;
1992 }
1994 case RELAY_COMMAND_RESOLVED:
1995 if (conn) {
1996 log_fn(LOG_PROTOCOL_WARN, domain,
1997 "'resolved' unsupported while open. Closing circ.");
1998 return -END_CIRC_REASON_TORPROTOCOL;
1999 }
2000
2001 if (CIRCUIT_IS_ORIGIN(circ)) {
2002 origin_circuit_t *ocirc = TO_ORIGIN_CIRCUIT(circ);
2003 if (relay_crypt_from_last_hop(ocirc, layer_hint) &&
2005 msg->stream_id)) {
2006 circuit_read_valid_data(ocirc, msg->length);
2007 log_info(domain,
2008 "resolved cell on circ %u valid on half-closed "
2009 "stream id %d", ocirc->global_identifier, msg->stream_id);
2010 return 0;
2011 }
2012 }
2013
2014 log_info(domain,
2015 "'resolved' received, no conn attached anymore. Ignoring.");
2016 return 0;
2017 case RELAY_COMMAND_ESTABLISH_INTRO:
2018 case RELAY_COMMAND_ESTABLISH_RENDEZVOUS:
2019 case RELAY_COMMAND_INTRODUCE1:
2020 case RELAY_COMMAND_INTRODUCE2:
2021 case RELAY_COMMAND_INTRODUCE_ACK:
2022 case RELAY_COMMAND_RENDEZVOUS1:
2023 case RELAY_COMMAND_RENDEZVOUS2:
2024 case RELAY_COMMAND_INTRO_ESTABLISHED:
2025 case RELAY_COMMAND_RENDEZVOUS_ESTABLISHED:
2026 rend_process_relay_cell(circ, layer_hint,
2027 msg->command, msg->length, msg->body);
2028 return 0;
2029 }
2030 log_fn(LOG_PROTOCOL_WARN, LD_PROTOCOL,
2031 "Received unknown relay command %d. Perhaps the other side is using "
2032 "a newer version of Tor? Dropping.",
2033 msg->command);
2034 return 0; /* for forward compatibility, don't kill the circuit */
2035}
2036
2037/** An incoming relay cell has arrived on circuit <b>circ</b>. If
2038 * <b>conn</b> is NULL this is a control cell, else <b>cell</b> is
2039 * destined for <b>conn</b>.
2040 *
2041 * If <b>layer_hint</b> is defined, then we're the origin of the
2042 * circuit, and it specifies the hop that packaged <b>cell</b>.
2043 *
2044 * Return -reason if you want to warn and tear down the circuit, else 0.
2045 */
2046STATIC int
2048 edge_connection_t *conn,
2049 crypt_path_t *layer_hint)
2050{
2051 static int num_seen=0;
2052 unsigned domain = layer_hint?LD_APP:LD_EXIT;
2053
2054 tor_assert(msg);
2055 tor_assert(circ);
2056
2057// log_fn(LOG_DEBUG,"command %d stream %d", rh.command, rh.stream_id);
2058 num_seen++;
2059 log_debug(domain, "Now seen %d relay cells here (command %d, stream %d).",
2060 num_seen, msg->command, msg->stream_id);
2061
2062 if (msg->stream_id == 0) {
2063 switch (msg->command) {
2064 case RELAY_COMMAND_BEGIN:
2065 case RELAY_COMMAND_CONNECTED:
2066 case RELAY_COMMAND_END:
2067 case RELAY_COMMAND_RESOLVE:
2068 case RELAY_COMMAND_RESOLVED:
2069 case RELAY_COMMAND_BEGIN_DIR:
2070 log_fn(LOG_PROTOCOL_WARN, LD_PROTOCOL, "Relay command %u with zero "
2071 "stream_id. Dropping.", msg->command);
2072 return 0;
2073 default:
2074 ;
2075 }
2076 }
2077
2078 /* Regardless of conflux or not, we always decide to send a SENDME
2079 * for RELAY_DATA immediately
2080 */
2081 if (msg->command == RELAY_COMMAND_DATA) {
2082 /* Update our circuit-level deliver window that we received a DATA cell.
2083 * If the deliver window goes below 0, we end the circuit and stream due
2084 * to a protocol failure. */
2085 if (sendme_circuit_data_received(circ, layer_hint) < 0) {
2086 log_fn(LOG_PROTOCOL_WARN, LD_PROTOCOL,
2087 "(relay data) circ deliver_window below 0. Killing.");
2088 connection_edge_end_close(conn, END_STREAM_REASON_TORPROTOCOL);
2089 return -END_CIRC_REASON_TORPROTOCOL;
2090 }
2091
2092 /* Consider sending a circuit-level SENDME cell. */
2093 sendme_circuit_consider_sending(circ, layer_hint);
2094
2095 /* Continue on to process the data cell via conflux or not */
2096 }
2097
2098 /* Conflux handling: If conflux is disabled, or the relay command is not
2099 * multiplexed across circuits, then process it immediately.
2100 *
2101 * Otherwise, we need to process the relay cell against our conflux
2102 * queues, and if doing so results in ordered cells to deliver, we
2103 * dequeue and process those in-order until there are no more.
2104 */
2105 if (!circ->conflux || !conflux_should_multiplex(msg->command)) {
2106 return connection_edge_process_ordered_relay_cell(msg, circ, conn,
2107 layer_hint);
2108 } else {
2109 // If conflux says this cell is in-order, then begin processing
2110 // cells from queue until there are none. Otherwise, we do nothing
2111 // until further cells arrive.
2112 if (conflux_process_relay_msg(circ->conflux, circ, layer_hint,
2113 (relay_msg_t *) msg)) {
2114 conflux_msg_t *c_msg = NULL;
2115
2116 /* First, process this cell */
2118 msg, circ, conn, layer_hint);
2119 if (ret < 0) {
2120 return ret;
2121 }
2122
2123 /* Now, check queue for more */
2124 while ((c_msg = conflux_dequeue_relay_msg(circ->conflux))) {
2125 conn = relay_lookup_conn(circ, c_msg->msg, CELL_DIRECTION_OUT,
2126 layer_hint);
2128 conn,
2129 layer_hint);
2130 if (ret < 0) {
2131 /* Negative return value is a fatal error. Return early and tear down
2132 * circuit */
2133 conflux_relay_msg_free(c_msg);
2134 return ret;
2135 }
2136 conflux_relay_msg_free(c_msg);
2137 }
2138 }
2139 }
2140
2141 return 0;
2142}
2143
2144/**
2145 * Helper function to process a relay cell that is in the proper order
2146 * for processing right now. */
2147static int
2149 circuit_t *circ,
2150 edge_connection_t *conn,
2151 crypt_path_t *layer_hint)
2152{
2153 int optimistic_data = 0; /* Set to 1 if we receive data on a stream
2154 * that's in the EXIT_CONN_STATE_RESOLVING
2155 * or EXIT_CONN_STATE_CONNECTING states. */
2156
2157 /* Tell circpad that we've received a recognized cell */
2158 circpad_deliver_recognized_relay_cell_events(circ, msg->command, layer_hint);
2159
2160 /* either conn is NULL, in which case we've got a control cell, or else
2161 * conn points to the recognized stream. */
2162 if (conn && !connection_state_is_open(TO_CONN(conn))) {
2163 if (conn->base_.type == CONN_TYPE_EXIT &&
2164 (conn->base_.state == EXIT_CONN_STATE_CONNECTING ||
2165 conn->base_.state == EXIT_CONN_STATE_RESOLVING) &&
2166 msg->command == RELAY_COMMAND_DATA) {
2167 /* Allow DATA cells to be delivered to an exit node in state
2168 * EXIT_CONN_STATE_CONNECTING or EXIT_CONN_STATE_RESOLVING.
2169 * This speeds up HTTP, for example. */
2170 optimistic_data = 1;
2171 } else if (msg->stream_id == 0 && msg->command == RELAY_COMMAND_DATA) {
2172 log_warn(LD_BUG, "Somehow I had a connection that matched a "
2173 "data cell with stream ID 0.");
2174 } else {
2176 msg, circ, conn, layer_hint);
2177 }
2178 }
2179
2180 return handle_relay_msg(msg, circ, conn, layer_hint, optimistic_data);
2181}
2182
2183/** How many relay_data cells have we built, ever? */
2185/** How many bytes of data have we put in relay_data cells have we built,
2186 * ever? This would be RELAY_PAYLOAD_SIZE*stats_n_data_cells_packaged if
2187 * every relay cell we ever sent were completely full of data. */
2189/** How many relay_data cells have we received, ever? */
2191/** How many bytes of data have we received relay_data cells, ever? This would
2192 * be RELAY_PAYLOAD_SIZE*stats_n_data_cells_packaged if every relay cell we
2193 * ever received were completely full of data. */
2195
2196/**
2197 * Called when initializing a circuit, or when we have reached the end of the
2198 * window in which we need to send some randomness so that incoming sendme
2199 * cells will be unpredictable. Resets the flags and picks a new window.
2200 */
2201void
2203{
2205 // XXX: do we need to change this check for congestion control?
2208}
2209
2210/**
2211 * Helper. Return the number of bytes that should be put into a cell from a
2212 * given edge connection on which <b>n_available</b> bytes are available.
2213 */
2214STATIC size_t
2216 int package_partial,
2217 circuit_t *on_circuit,
2218 crypt_path_t *cpath)
2219{
2220 if (!n_available)
2221 return 0;
2222
2223 /* Do we need to force this payload to have space for randomness? */
2224 const bool force_random_bytes =
2225 (on_circuit->send_randomness_after_n_cells == 0) &&
2226 (! on_circuit->have_sent_sufficiently_random_cell);
2227
2228 relay_cell_fmt_t cell_format = circuit_get_relay_format(on_circuit, cpath);
2229 size_t target_length =
2230 relay_cell_max_payload_size(cell_format, RELAY_COMMAND_DATA);
2231
2232#define RELAY_CELL_PADDING_GAP 4
2233
2234 /* Any relay data payload containing fewer than this many real bytes is
2235 * considered to have enough randomness to. */
2236 size_t target_length_with_random = target_length -
2237 RELAY_CELL_PADDING_GAP - 16;
2238 if (force_random_bytes) {
2239 target_length = target_length_with_random;
2240 }
2241
2242 /* Decide how many bytes we will actually put into this cell. */
2243 size_t package_length;
2244 if (n_available >= target_length) { /* A full payload is available. */
2245 package_length = target_length;
2246 } else { /* not a full payload available */
2247 if (package_partial)
2248 package_length = n_available; /* just take whatever's available now */
2249 else
2250 return 0; /* nothing to do until we have a full payload */
2251 }
2252
2253 /* If we reach this point, we will be definitely sending the cell. */
2254 tor_assert_nonfatal(package_length > 0);
2255
2256 if (package_length <= target_length_with_random) {
2257 /* This cell will have enough randomness in the padding to make a future
2258 * sendme cell unpredictable. */
2259 on_circuit->have_sent_sufficiently_random_cell = 1;
2260 }
2261
2262 if (on_circuit->send_randomness_after_n_cells == 0) {
2263 /* Either this cell, or some previous cell, had enough padding to
2264 * ensure sendme unpredictability. */
2265 tor_assert_nonfatal(on_circuit->have_sent_sufficiently_random_cell);
2266 /* Pick a new interval in which we need to send randomness. */
2268 }
2269
2270 --on_circuit->send_randomness_after_n_cells;
2271
2272 return package_length;
2273}
2274
2275/** If <b>conn</b> has an entire relay payload of bytes on its inbuf (or
2276 * <b>package_partial</b> is true), and the appropriate package windows aren't
2277 * empty, grab a cell and send it down the circuit.
2278 *
2279 * If *<b>max_cells</b> is given, package no more than max_cells. Decrement
2280 * *<b>max_cells</b> by the number of cells packaged.
2281 *
2282 * Return -1 (and send a RELAY_COMMAND_END cell if necessary) if conn should
2283 * be marked for close, else return 0.
2284 */
2285int
2287 int *max_cells)
2288{
2289 size_t bytes_to_process, length;
2290 char payload[CELL_PAYLOAD_SIZE];
2291 circuit_t *circ;
2292 const unsigned domain = conn->base_.type == CONN_TYPE_AP ? LD_APP : LD_EXIT;
2293 int sending_from_optimistic = 0;
2294 entry_connection_t *entry_conn =
2295 conn->base_.type == CONN_TYPE_AP ? EDGE_TO_ENTRY_CONN(conn) : NULL;
2296 const int sending_optimistically =
2297 entry_conn &&
2298 conn->base_.type == CONN_TYPE_AP &&
2299 conn->base_.state != AP_CONN_STATE_OPEN;
2300 crypt_path_t *cpath_layer = conn->cpath_layer;
2301
2302 tor_assert(conn);
2303
2304 if (BUG(conn->base_.marked_for_close)) {
2305 log_warn(LD_BUG,
2306 "called on conn that's already marked for close at %s:%d.",
2307 conn->base_.marked_for_close_file, conn->base_.marked_for_close);
2308 return 0;
2309 }
2310
2311 if (max_cells && *max_cells <= 0)
2312 return 0;
2313
2314 repeat_connection_edge_package_raw_inbuf:
2315
2316 circ = circuit_get_by_edge_conn(conn);
2317 if (!circ) {
2318 log_info(domain,"conn has no circuit! Closing.");
2320 return -1;
2321 }
2322
2323 if (circuit_consider_stop_edge_reading(circ, cpath_layer))
2324 return 0;
2325
2326 if (conn->package_window <= 0) {
2327 log_info(domain,"called with package_window %d. Skipping.",
2328 conn->package_window);
2330 return 0;
2331 }
2332
2333 sending_from_optimistic = entry_conn &&
2334 entry_conn->sending_optimistic_data != NULL;
2335
2336 if (PREDICT_UNLIKELY(sending_from_optimistic)) {
2337 bytes_to_process = buf_datalen(entry_conn->sending_optimistic_data);
2338 if (PREDICT_UNLIKELY(!bytes_to_process)) {
2339 log_warn(LD_BUG, "sending_optimistic_data was non-NULL but empty");
2340 bytes_to_process = connection_get_inbuf_len(TO_CONN(conn));
2341 sending_from_optimistic = 0;
2342 }
2343 } else {
2344 bytes_to_process = connection_get_inbuf_len(TO_CONN(conn));
2345 }
2346
2347 length = connection_edge_get_inbuf_bytes_to_package(bytes_to_process,
2348 package_partial, circ,
2349 cpath_layer);
2350 if (!length)
2351 return 0;
2352
2353 /* If we reach this point, we will definitely be packaging bytes into
2354 * a cell. */
2355
2358
2359 if (PREDICT_UNLIKELY(sending_from_optimistic)) {
2360 /* XXXX We could be more efficient here by sometimes packing
2361 * previously-sent optimistic data in the same cell with data
2362 * from the inbuf. */
2363 buf_get_bytes(entry_conn->sending_optimistic_data, payload, length);
2364 if (!buf_datalen(entry_conn->sending_optimistic_data)) {
2365 buf_free(entry_conn->sending_optimistic_data);
2366 entry_conn->sending_optimistic_data = NULL;
2367 }
2368 } else {
2369 connection_buf_get_bytes(payload, length, TO_CONN(conn));
2370 }
2371
2372 log_debug(domain,TOR_SOCKET_T_FORMAT": Packaging %d bytes (%d waiting).",
2373 conn->base_.s,
2374 (int)length, (int)connection_get_inbuf_len(TO_CONN(conn)));
2375
2376 if (sending_optimistically && !sending_from_optimistic) {
2377 /* This is new optimistic data; remember it in case we need to detach and
2378 retry */
2379 if (!entry_conn->pending_optimistic_data)
2380 entry_conn->pending_optimistic_data = buf_new();
2381 buf_add(entry_conn->pending_optimistic_data, payload, length);
2382 }
2383
2384 /* Send a data cell. This handles the circuit package window. */
2385 if (connection_edge_send_command(conn, RELAY_COMMAND_DATA,
2386 payload, length) < 0 ) {
2387 /* circuit got marked for close, don't continue, don't need to mark conn */
2388 return 0;
2389 }
2390
2391 /* Handle the stream-level SENDME package window. */
2392 if (sendme_note_stream_data_packaged(conn, length) < 0) {
2394 log_debug(domain,"conn->package_window reached 0.");
2395 circuit_consider_stop_edge_reading(circ, cpath_layer);
2396 return 0; /* don't process the inbuf any more */
2397 }
2398 log_debug(domain,"conn->package_window is now %d",conn->package_window);
2399
2400 if (max_cells) {
2401 *max_cells -= 1;
2402 if (*max_cells <= 0)
2403 return 0;
2404 }
2405
2406 /* handle more if there's more, or return 0 if there isn't */
2407 goto repeat_connection_edge_package_raw_inbuf;
2408}
2409
2410/** The circuit <b>circ</b> has received a circuit-level sendme
2411 * (on hop <b>layer_hint</b>, if we're the OP). Go through all the
2412 * attached streams and let them resume reading and packaging, if
2413 * their stream windows allow it.
2414 */
2415static void
2417{
2419 log_debug(layer_hint?LD_APP:LD_EXIT,"Too big queue, no resuming");
2420 return;
2421 }
2422
2423 /* If we have a conflux negotiated, and it still can't send on
2424 * any circuit, then do not resume sending. */
2425 if (circ->conflux && !conflux_can_send(circ->conflux)) {
2426 log_debug(layer_hint?LD_APP:LD_EXIT,
2427 "Conflux can't send, not resuming edges");
2428 return;
2429 }
2430
2431 log_debug(layer_hint?LD_APP:LD_EXIT,"resuming");
2432
2433 if (CIRCUIT_IS_ORIGIN(circ))
2435 circ, layer_hint);
2436 else
2438 circ, layer_hint);
2439}
2440
2441/** A helper function for circuit_resume_edge_reading() above.
2442 * The arguments are the same, except that <b>conn</b> is the head
2443 * of a linked list of edge streams that should each be considered.
2444 */
2445static int
2447 circuit_t *circ,
2448 crypt_path_t *layer_hint)
2449{
2450 edge_connection_t *conn;
2451 int n_packaging_streams, n_streams_left;
2452 int packaged_this_round;
2453 int cells_on_queue;
2454 int cells_per_conn;
2455 edge_connection_t *chosen_stream = NULL;
2456 int max_to_package;
2457
2458 if (first_conn == NULL) {
2459 /* Don't bother to try to do the rest of this if there are no connections
2460 * to resume. */
2461 return 0;
2462 }
2463
2464 /* Once we used to start listening on the streams in the order they
2465 * appeared in the linked list. That leads to starvation on the
2466 * streams that appeared later on the list, since the first streams
2467 * would always get to read first. Instead, we just pick a random
2468 * stream on the list, and enable reading for streams starting at that
2469 * point (and wrapping around as if the list were circular). It would
2470 * probably be better to actually remember which streams we've
2471 * serviced in the past, but this is simple and effective. */
2472
2473 /* Select a stream uniformly at random from the linked list. We
2474 * don't need cryptographic randomness here. */
2475 {
2476 int num_streams = 0;
2477 for (conn = first_conn; conn; conn = conn->next_stream) {
2478 num_streams++;
2479
2480 if (crypto_fast_rng_one_in_n(get_thread_fast_rng(), num_streams)) {
2481 chosen_stream = conn;
2482 }
2483 /* Invariant: chosen_stream has been chosen uniformly at random from
2484 * among the first num_streams streams on first_conn.
2485 *
2486 * (Note that we iterate over every stream on the circuit, so that after
2487 * we've considered the first stream, we've chosen it with P=1; and
2488 * after we consider the second stream, we've switched to it with P=1/2
2489 * and stayed with the first stream with P=1/2; and after we've
2490 * considered the third stream, we've switched to it with P=1/3 and
2491 * remained with one of the first two streams with P=(2/3), giving each
2492 * one P=(1/2)(2/3) )=(1/3).) */
2493 }
2494 }
2495
2496 /* Count how many non-marked streams there are that have anything on
2497 * their inbuf, and enable reading on all of the connections. */
2498 n_packaging_streams = 0;
2499 /* Activate reading starting from the chosen stream */
2500 for (conn=chosen_stream; conn; conn = conn->next_stream) {
2501 /* Start reading for the streams starting from here */
2502 if (conn->base_.marked_for_close || conn->package_window <= 0)
2503 continue;
2504
2505 if (edge_uses_cpath(conn, layer_hint)) {
2506 if (!conn->xoff_received) {
2508 }
2509
2510 if (connection_get_inbuf_len(TO_CONN(conn)) > 0)
2511 ++n_packaging_streams;
2512 }
2513 }
2514 /* Go back and do the ones we skipped, circular-style */
2515 for (conn = first_conn; conn != chosen_stream; conn = conn->next_stream) {
2516 if (conn->base_.marked_for_close || conn->package_window <= 0)
2517 continue;
2518
2519 if (edge_uses_cpath(conn, layer_hint)) {
2520 if (!conn->xoff_received) {
2522 }
2523
2524 if (connection_get_inbuf_len(TO_CONN(conn)) > 0)
2525 ++n_packaging_streams;
2526 }
2527 }
2528
2529 if (n_packaging_streams == 0) /* avoid divide-by-zero */
2530 return 0;
2531
2532 again:
2533
2534 /* If we're using conflux, the circuit we decide to send on may change
2535 * after we're sending. Get it again, and re-check package windows
2536 * for it */
2537 if (circ->conflux) {
2538 if (circuit_consider_stop_edge_reading(circ, layer_hint))
2539 return -1;
2540
2541 circ = conflux_decide_next_circ(circ->conflux);
2542
2543 /* Get the destination layer hint for this circuit */
2544 layer_hint = conflux_get_destination_hop(circ);
2545 }
2546
2547 /* How many cells do we have space for? It will be the minimum of
2548 * the number needed to exhaust the package window, and the minimum
2549 * needed to fill the cell queue. */
2550 max_to_package = congestion_control_get_package_window(circ, layer_hint);
2551 if (CIRCUIT_IS_ORIGIN(circ)) {
2552 cells_on_queue = circ->n_chan_cells.n;
2553 } else {
2554 or_circuit_t *or_circ = TO_OR_CIRCUIT(circ);
2555 cells_on_queue = or_circ->p_chan_cells.n;
2556 }
2557 if (cell_queue_highwatermark() - cells_on_queue < max_to_package)
2558 max_to_package = cell_queue_highwatermark() - cells_on_queue;
2559
2560 cells_per_conn = CEIL_DIV(max_to_package, n_packaging_streams);
2561
2562 packaged_this_round = 0;
2563 n_streams_left = 0;
2564
2565 /* Iterate over all connections. Package up to cells_per_conn cells on
2566 * each. Update packaged_this_round with the total number of cells
2567 * packaged, and n_streams_left with the number that still have data to
2568 * package.
2569 */
2570 for (conn=first_conn; conn; conn=conn->next_stream) {
2571 if (conn->base_.marked_for_close || conn->package_window <= 0)
2572 continue;
2573 if (edge_uses_cpath(conn, layer_hint)) {
2574 int n = cells_per_conn, r;
2575 /* handle whatever might still be on the inbuf */
2576 r = connection_edge_package_raw_inbuf(conn, 1, &n);
2577
2578 /* Note how many we packaged */
2579 packaged_this_round += (cells_per_conn-n);
2580
2581 if (r<0) {
2582 /* Problem while packaging. (We already sent an end cell if
2583 * possible) */
2584 connection_mark_for_close(TO_CONN(conn));
2585 continue;
2586 }
2587
2588 /* If there's still data to read, we'll be coming back to this stream. */
2589 if (connection_get_inbuf_len(TO_CONN(conn)))
2590 ++n_streams_left;
2591
2592 /* If the circuit won't accept any more data, return without looking
2593 * at any more of the streams. Any connections that should be stopped
2594 * have already been stopped by connection_edge_package_raw_inbuf. */
2595 if (circuit_consider_stop_edge_reading(circ, layer_hint))
2596 return -1;
2597 /* XXXX should we also stop immediately if we fill up the cell queue?
2598 * Probably. */
2599 }
2600 }
2601
2602 /* If we made progress, and we are willing to package more, and there are
2603 * any streams left that want to package stuff... try again!
2604 */
2605 if (packaged_this_round && packaged_this_round < max_to_package &&
2606 n_streams_left) {
2607 n_packaging_streams = n_streams_left;
2608 goto again;
2609 }
2610
2611 return 0;
2612}
2613
2614/** Check if the package window for <b>circ</b> is empty (at
2615 * hop <b>layer_hint</b> if it's defined).
2616 *
2617 * If yes, tell edge streams to stop reading and return 1.
2618 * Else return 0.
2619 */
2620static int
2622{
2623 edge_connection_t *conn = NULL;
2624 unsigned domain = layer_hint ? LD_APP : LD_EXIT;
2625
2626 if (!layer_hint) {
2627 or_circuit_t *or_circ = TO_OR_CIRCUIT(circ);
2628 log_debug(domain,"considering circ->package_window %d",
2629 circ->package_window);
2630 if (circuit_get_package_window(circ, layer_hint) <= 0) {
2631 log_debug(domain,"yes, not-at-origin. stopped.");
2632 for (conn = or_circ->n_streams; conn; conn=conn->next_stream)
2634 return 1;
2635 }
2636 return 0;
2637 }
2638 /* else, layer hint is defined, use it */
2639 log_debug(domain,"considering layer_hint->package_window %d",
2640 layer_hint->package_window);
2641 if (circuit_get_package_window(circ, layer_hint) <= 0) {
2642 log_debug(domain,"yes, at-origin. stopped.");
2643 for (conn = TO_ORIGIN_CIRCUIT(circ)->p_streams; conn;
2644 conn=conn->next_stream) {
2645 if (edge_uses_cpath(conn, layer_hint))
2647 }
2648 return 1;
2649 }
2650 return 0;
2651}
2652
2653/** The total number of cells we have allocated. */
2654static size_t total_cells_allocated = 0;
2655
2656/** Release storage held by <b>cell</b>. */
2657static inline void
2659{
2661 tor_free(cell);
2662}
2663
2664/** Allocate and return a new packed_cell_t. */
2667{
2669 return tor_malloc_zero(sizeof(packed_cell_t));
2670}
2671
2672/** Return a packed cell used outside by channel_t lower layer */
2673void
2675{
2676 if (!cell)
2677 return;
2679}
2680
2681/** Log current statistics for cell pool allocation at log level
2682 * <b>severity</b>. */
2683void
2685{
2686 int n_circs = 0;
2687 int n_cells = 0;
2689 n_cells += c->n_chan_cells.n;
2690 if (!CIRCUIT_IS_ORIGIN(c))
2691 n_cells += TO_OR_CIRCUIT(c)->p_chan_cells.n;
2692 ++n_circs;
2693 }
2694 SMARTLIST_FOREACH_END(c);
2695 tor_log(severity, LD_MM,
2696 "%d cells allocated on %d circuits. %d cells leaked.",
2697 n_cells, n_circs, (int)total_cells_allocated - n_cells);
2698}
2699
2700/** Allocate a new copy of packed <b>cell</b>. */
2701static inline packed_cell_t *
2702packed_cell_copy(const cell_t *cell, int wide_circ_ids)
2703{
2705 cell_pack(c, cell, wide_circ_ids);
2706 return c;
2707}
2708
2709/** Append <b>cell</b> to the end of <b>queue</b>. */
2710void
2712{
2713 TOR_SIMPLEQ_INSERT_TAIL(&queue->head, cell, next);
2714 ++queue->n;
2715}
2716
2717/** Append a newly allocated copy of <b>cell</b> to the end of the
2718 * <b>exitward</b> (or app-ward) <b>queue</b> of <b>circ</b>. If
2719 * <b>use_stats</b> is true, record statistics about the cell.
2720 */
2721void
2723 int exitward, const cell_t *cell,
2724 int wide_circ_ids, int use_stats)
2725{
2726 packed_cell_t *copy = packed_cell_copy(cell, wide_circ_ids);
2727 (void)circ;
2728 (void)exitward;
2729 (void)use_stats;
2730
2732
2733 cell_queue_append(queue, copy);
2734}
2735
2736/** Initialize <b>queue</b> as an empty cell queue. */
2737void
2739{
2740 memset(queue, 0, sizeof(cell_queue_t));
2741 TOR_SIMPLEQ_INIT(&queue->head);
2742}
2743
2744/** Remove and free every cell in <b>queue</b>. */
2745void
2747{
2748 packed_cell_t *cell;
2749 while ((cell = TOR_SIMPLEQ_FIRST(&queue->head))) {
2750 TOR_SIMPLEQ_REMOVE_HEAD(&queue->head, next);
2752 }
2753 TOR_SIMPLEQ_INIT(&queue->head);
2754 queue->n = 0;
2755}
2756
2757/** Extract and return the cell at the head of <b>queue</b>; return NULL if
2758 * <b>queue</b> is empty. */
2761{
2762 packed_cell_t *cell = TOR_SIMPLEQ_FIRST(&queue->head);
2763 if (!cell)
2764 return NULL;
2765 TOR_SIMPLEQ_REMOVE_HEAD(&queue->head, next);
2766 --queue->n;
2767 return cell;
2768}
2769
2770/** Initialize <b>queue</b> as an empty cell queue. */
2771void
2773{
2774 memset(queue, 0, sizeof(destroy_cell_queue_t));
2775 TOR_SIMPLEQ_INIT(&queue->head);
2776}
2777
2778/** Remove and free every cell in <b>queue</b>. */
2779void
2781{
2782 destroy_cell_t *cell;
2783 while ((cell = TOR_SIMPLEQ_FIRST(&queue->head))) {
2784 TOR_SIMPLEQ_REMOVE_HEAD(&queue->head, next);
2785 tor_free(cell);
2786 }
2787 TOR_SIMPLEQ_INIT(&queue->head);
2788 queue->n = 0;
2789}
2790
2791/** Extract and return the cell at the head of <b>queue</b>; return NULL if
2792 * <b>queue</b> is empty. */
2795{
2796 destroy_cell_t *cell = TOR_SIMPLEQ_FIRST(&queue->head);
2797 if (!cell)
2798 return NULL;
2799 TOR_SIMPLEQ_REMOVE_HEAD(&queue->head, next);
2800 --queue->n;
2801 return cell;
2802}
2803
2804/** Append a destroy cell for <b>circid</b> to <b>queue</b>. */
2805void
2807 circid_t circid,
2808 uint8_t reason)
2809{
2810 destroy_cell_t *cell = tor_malloc_zero(sizeof(destroy_cell_t));
2811 cell->circid = circid;
2812 cell->reason = reason;
2813 /* Not yet used, but will be required for OOM handling. */
2815
2816 TOR_SIMPLEQ_INSERT_TAIL(&queue->head, cell, next);
2817 ++queue->n;
2818}
2819
2820/** Convert a destroy_cell_t to a newly allocated cell_t. Frees its input. */
2821static packed_cell_t *
2823{
2824 packed_cell_t *packed = packed_cell_new();
2825 cell_t cell;
2826 memset(&cell, 0, sizeof(cell));
2827 cell.circ_id = inp->circid;
2828 cell.command = CELL_DESTROY;
2829 cell.payload[0] = inp->reason;
2830 cell_pack(packed, &cell, wide_circ_ids);
2831
2832 tor_free(inp);
2833 return packed;
2834}
2835
2836/** Return the total number of bytes used for each packed_cell in a queue.
2837 * Approximate. */
2838size_t
2840{
2841 return sizeof(packed_cell_t);
2842}
2843
2844/* DOCDOC */
2845size_t
2846cell_queues_get_total_allocation(void)
2847{
2849}
2850
2851/** How long after we've been low on memory should we try to conserve it? */
2852#define MEMORY_PRESSURE_INTERVAL (30*60)
2853
2854/** The time at which we were last low on memory. */
2856
2857/** Statistics on how many bytes were removed by the OOM per type. */
2859uint64_t oom_stats_n_bytes_removed_cell = 0;
2860uint64_t oom_stats_n_bytes_removed_geoip = 0;
2861uint64_t oom_stats_n_bytes_removed_hsdir = 0;
2862
2863/** Check whether we've got too much space used for cells. If so,
2864 * call the OOM handler and return 1. Otherwise, return 0. */
2865STATIC int
2867{
2868 size_t removed = 0;
2869 time_t now = time(NULL);
2870 size_t alloc = cell_queues_get_total_allocation();
2872 alloc += buf_get_total_allocation();
2874 const size_t hs_cache_total = hs_cache_get_total_allocation();
2875 alloc += hs_cache_total;
2876 const size_t geoip_client_cache_total =
2877 geoip_client_cache_total_allocation();
2878 alloc += geoip_client_cache_total;
2879 const size_t dns_cache_total = dns_cache_total_allocation();
2880 alloc += dns_cache_total;
2881 const size_t conflux_total = conflux_get_total_bytes_allocation();
2882 alloc += conflux_total;
2883 if (alloc >= get_options()->MaxMemInQueues_low_threshold) {
2885 if (alloc >= get_options()->MaxMemInQueues) {
2886 /* Note this overload down */
2887 rep_hist_note_overload(OVERLOAD_GENERAL);
2888
2889 /* If we're spending over 20% of the memory limit on hidden service
2890 * descriptors, free them until we're down to 10%. Do the same for geoip
2891 * client cache. */
2892 if (hs_cache_total > get_options()->MaxMemInQueues / 5) {
2893 const size_t bytes_to_remove =
2894 hs_cache_total - (size_t)(get_options()->MaxMemInQueues / 10);
2895 removed = hs_cache_handle_oom(bytes_to_remove);
2896 oom_stats_n_bytes_removed_hsdir += removed;
2897 alloc -= removed;
2898 }
2899 if (geoip_client_cache_total > get_options()->MaxMemInQueues / 5) {
2900 const size_t bytes_to_remove =
2901 geoip_client_cache_total -
2902 (size_t)(get_options()->MaxMemInQueues / 10);
2903 removed = geoip_client_cache_handle_oom(now, bytes_to_remove);
2904 oom_stats_n_bytes_removed_geoip += removed;
2905 alloc -= removed;
2906 }
2907 if (dns_cache_total > get_options()->MaxMemInQueues / 5) {
2908 const size_t bytes_to_remove =
2909 dns_cache_total - (size_t)(get_options()->MaxMemInQueues / 10);
2910 removed = dns_cache_handle_oom(now, bytes_to_remove);
2912 alloc -= removed;
2913 }
2914 /* Like onion service above, try to go down to 10% if we are above 20% */
2915 if (conflux_total > get_options()->MaxMemInQueues / 5) {
2916 const size_t bytes_to_remove =
2917 conflux_total - (size_t)(get_options()->MaxMemInQueues / 10);
2918 removed = conflux_handle_oom(bytes_to_remove);
2919 oom_stats_n_bytes_removed_cell += removed;
2920 alloc -= removed;
2921 }
2922 removed = circuits_handle_oom(alloc);
2923 oom_stats_n_bytes_removed_cell += removed;
2924 return 1;
2925 }
2926 }
2927 return 0;
2928}
2929
2930/** Return true if we've been under memory pressure in the last
2931 * MEMORY_PRESSURE_INTERVAL seconds. */
2932int
2934{
2936 < approx_time();
2937}
2938
2939/**
2940 * Update the number of cells available on the circuit's n_chan or p_chan's
2941 * circuit mux.
2942 */
2943void
2945 const char *file, int lineno)
2946{
2947 channel_t *chan = NULL;
2948 or_circuit_t *or_circ = NULL;
2949 circuitmux_t *cmux = NULL;
2950
2951 tor_assert(circ);
2952
2953 /* Okay, get the channel */
2954 if (direction == CELL_DIRECTION_OUT) {
2955 chan = circ->n_chan;
2956 } else {
2957 or_circ = TO_OR_CIRCUIT(circ);
2958 chan = or_circ->p_chan;
2959 }
2960
2961 tor_assert(chan);
2962 tor_assert(chan->cmux);
2963
2964 /* Now get the cmux */
2965 cmux = chan->cmux;
2966
2967 /* Cmux sanity check */
2968 if (! circuitmux_is_circuit_attached(cmux, circ)) {
2969 log_warn(LD_BUG, "called on non-attached circuit from %s:%d",
2970 file, lineno);
2971 return;
2972 }
2973 tor_assert(circuitmux_attached_circuit_direction(cmux, circ) == direction);
2974
2975 /* Update the number of cells we have for the circuit mux */
2976 if (direction == CELL_DIRECTION_OUT) {
2977 circuitmux_set_num_cells(cmux, circ, circ->n_chan_cells.n);
2978 } else {
2979 circuitmux_set_num_cells(cmux, circ, or_circ->p_chan_cells.n);
2980 }
2981}
2982
2983/** Remove all circuits from the cmux on <b>chan</b>.
2984 *
2985 * If <b>circuits_out</b> is non-NULL, add all detached circuits to
2986 * <b>circuits_out</b>.
2987 **/
2988void
2990{
2991 tor_assert(chan);
2992 tor_assert(chan->cmux);
2993
2994 circuitmux_detach_all_circuits(chan->cmux, circuits_out);
2995 chan->num_n_circuits = 0;
2996 chan->num_p_circuits = 0;
2997}
2998
2999/**
3000 * Called when a circuit becomes blocked or unblocked due to the channel
3001 * cell queue.
3002 *
3003 * Block (if <b>block</b> is true) or unblock (if <b>block</b> is false)
3004 * every edge connection that is using <b>circ</b> to write to <b>chan</b>,
3005 * and start or stop reading as appropriate.
3006 */
3007static void
3009{
3010 edge_connection_t *edge = NULL;
3011 if (circ->n_chan == chan) {
3012 circ->circuit_blocked_on_n_chan = block;
3013 if (CIRCUIT_IS_ORIGIN(circ))
3014 edge = TO_ORIGIN_CIRCUIT(circ)->p_streams;
3015 } else {
3016 circ->circuit_blocked_on_p_chan = block;
3018 edge = TO_OR_CIRCUIT(circ)->n_streams;
3019 }
3020
3021 set_block_state_for_streams(circ, edge, block, 0);
3022}
3023
3024/**
3025 * Helper function to block or unblock streams in a stream list.
3026 *
3027 * If <b>stream_id</b> is 0, apply the <b>block</b> state to all streams
3028 * in the stream list. If it is non-zero, only apply to that specific stream.
3029 */
3030static void
3032 int block, streamid_t stream_id)
3033{
3034 /* If we have a conflux object, we need to examine its status before
3035 * blocking and unblocking streams. */
3036 if (circ->conflux) {
3037 bool can_send = conflux_can_send(circ->conflux);
3038
3039 if (block && can_send) {
3040 /* Don't actually block streams, since conflux can send*/
3041 return;
3042 } else if (!block && !can_send) {
3043 /* Don't actually unblock streams, since conflux still can't send */
3044 return;
3045 }
3046 }
3047
3048 for (edge_connection_t *edge = stream_list; edge; edge = edge->next_stream) {
3049 connection_t *conn = TO_CONN(edge);
3050 if (stream_id && edge->stream_id != stream_id)
3051 continue;
3052
3053 if (!conn->read_event || edge->xoff_received ||
3054 conn->marked_for_close) {
3055 /* This connection should not start or stop reading. */
3056 continue;
3057 }
3058
3059 if (block) {
3060 if (connection_is_reading(conn))
3062 } else {
3063 /* Is this right? */
3064 if (!connection_is_reading(conn))
3066 }
3067 }
3068}
3069
3070/** Extract the command from a packed cell. */
3071uint8_t
3072packed_cell_get_command(const packed_cell_t *cell, int wide_circ_ids)
3073{
3074 if (wide_circ_ids) {
3075 return get_uint8(cell->body+4);
3076 } else {
3077 return get_uint8(cell->body+2);
3078 }
3079}
3080
3081/** Extract the circuit ID from a packed cell. */
3083packed_cell_get_circid(const packed_cell_t *cell, int wide_circ_ids)
3084{
3085 if (wide_circ_ids) {
3086 return ntohl(get_uint32(cell->body));
3087 } else {
3088 return ntohs(get_uint16(cell->body));
3089 }
3090}
3091
3092/** Pull as many cells as possible (but no more than <b>max</b>) from the
3093 * queue of the first active circuit on <b>chan</b>, and write them to
3094 * <b>chan</b>-&gt;outbuf. Return the number of cells written. Advance
3095 * the active circuit pointer to the next active circuit in the ring. */
3096MOCK_IMPL(int,
3098{
3099 circuitmux_t *cmux = NULL;
3100 int n_flushed = 0;
3101 cell_queue_t *queue;
3102 destroy_cell_queue_t *destroy_queue=NULL;
3103 circuit_t *circ;
3104 or_circuit_t *or_circ;
3105 int circ_blocked;
3106 packed_cell_t *cell;
3107
3108 /* Get the cmux */
3109 tor_assert(chan);
3110 tor_assert(chan->cmux);
3111 cmux = chan->cmux;
3112
3113 /* Main loop: pick a circuit, send a cell, update the cmux */
3114 while (n_flushed < max) {
3115 circ = circuitmux_get_first_active_circuit(cmux, &destroy_queue);
3116 if (destroy_queue) {
3117 destroy_cell_t *dcell;
3118 /* this code is duplicated from some of the logic below. Ugly! XXXX */
3119 /* If we are given a destroy_queue here, then it is required to be
3120 * nonempty... */
3121 tor_assert(destroy_queue->n > 0);
3122 dcell = destroy_cell_queue_pop(destroy_queue);
3123 /* ...and pop() will always yield a cell from a nonempty queue. */
3124 tor_assert(dcell);
3125 /* frees dcell */
3126 cell = destroy_cell_to_packed_cell(dcell, chan->wide_circ_ids);
3127 /* Send the DESTROY cell. It is very unlikely that this fails but just
3128 * in case, get rid of the channel. */
3129 if (channel_write_packed_cell(chan, cell) < 0) {
3130 /* The cell has been freed. */
3132 continue;
3133 }
3134 /* Update the cmux destroy counter */
3136 cell = NULL;
3137 ++n_flushed;
3138 continue;
3139 }
3140 /* If it returns NULL, no cells left to send */
3141 if (!circ) break;
3142
3143 if (circ->n_chan == chan) {
3144 queue = &circ->n_chan_cells;
3145 circ_blocked = circ->circuit_blocked_on_n_chan;
3146 } else {
3147 or_circ = TO_OR_CIRCUIT(circ);
3148 tor_assert(or_circ->p_chan == chan);
3149 queue = &TO_OR_CIRCUIT(circ)->p_chan_cells;
3150 circ_blocked = circ->circuit_blocked_on_p_chan;
3151 }
3152
3153 /* Circuitmux told us this was active, so it should have cells.
3154 *
3155 * Note: In terms of logic and coherence, this should never happen but the
3156 * cmux dragon is powerful. Reason is that when the OOM is triggered, when
3157 * cleaning up circuits, we mark them for close and then clear their cell
3158 * queues. And so, we can have a circuit considered active by the cmux
3159 * dragon but without cells. The cmux subsystem is only notified of this
3160 * when the circuit is freed which leaves a tiny window between close and
3161 * free to end up here.
3162 *
3163 * We are accepting this as an "ok" race else the changes are likely non
3164 * trivial to make the mark for close to set the num cells to 0 and change
3165 * the free functions to detach the circuit conditionally without creating
3166 * a chain effect of madness.
3167 *
3168 * The lesson here is arti will prevail and leave the cmux dragon alone. */
3169 if (queue->n == 0) {
3170 circuitmux_set_num_cells(cmux, circ, 0);
3171 if (! circ->marked_for_close)
3172 circuit_mark_for_close(circ, END_CIRC_REASON_INTERNAL);
3173 continue;
3174 }
3175
3176 tor_assert(queue->n > 0);
3177
3178 /*
3179 * Get just one cell here; once we've sent it, that can change the circuit
3180 * selection, so we have to loop around for another even if this circuit
3181 * has more than one.
3182 */
3183 cell = cell_queue_pop(queue);
3184
3185 /* Calculate the exact time that this cell has spent in the queue. */
3186 if (get_options()->CellStatistics ||
3187 get_options()->TestingEnableCellStatsEvent) {
3188 uint32_t timestamp_now = monotime_coarse_get_stamp();
3189 uint32_t msec_waiting =
3191 timestamp_now - cell->inserted_timestamp);
3192
3193 if (get_options()->CellStatistics && !CIRCUIT_IS_ORIGIN(circ)) {
3194 or_circ = TO_OR_CIRCUIT(circ);
3195 or_circ->total_cell_waiting_time += msec_waiting;
3196 or_circ->processed_cells++;
3197 }
3198
3199 if (get_options()->TestingEnableCellStatsEvent) {
3200 uint8_t command = packed_cell_get_command(cell, chan->wide_circ_ids);
3201
3203 tor_malloc_zero(sizeof(testing_cell_stats_entry_t));
3204 ent->command = command;
3205 ent->waiting_time = msec_waiting / 10;
3206 ent->removed = 1;
3207 if (circ->n_chan == chan)
3208 ent->exitward = 1;
3209 if (!circ->testing_cell_stats)
3212 }
3213 }
3214
3215 /* If we just flushed our queue and this circuit is used for a
3216 * tunneled directory request, possibly advance its state. */
3217 if (queue->n == 0 && chan->dirreq_id)
3219 DIRREQ_TUNNELED,
3221
3222 /* Now send the cell. It is very unlikely that this fails but just in
3223 * case, get rid of the channel. */
3224 if (channel_write_packed_cell(chan, cell) < 0) {
3225 /* The cell has been freed at this point. */
3227 continue;
3228 }
3229 cell = NULL;
3230
3231 /*
3232 * Don't packed_cell_free_unchecked(cell) here because the channel will
3233 * do so when it gets out of the channel queue (probably already did, in
3234 * which case that was an immediate double-free bug).
3235 */
3236
3237 /* Update the counter */
3238 ++n_flushed;
3239
3240 /*
3241 * Now update the cmux; tell it we've just sent a cell, and how many
3242 * we have left.
3243 */
3244 circuitmux_notify_xmit_cells(cmux, circ, 1);
3245 circuitmux_set_num_cells(cmux, circ, queue->n);
3246 if (queue->n == 0)
3247 log_debug(LD_GENERAL, "Made a circuit inactive.");
3248
3249 /* Is the cell queue low enough to unblock all the streams that are waiting
3250 * to write to this circuit? */
3251 if (circ_blocked && queue->n <= cell_queue_lowwatermark())
3252 set_circuit_blocked_on_chan(circ, chan, 0); /* unblock streams */
3253
3254 /* If n_flushed < max still, loop around and pick another circuit */
3255 }
3256
3257 /* Okay, we're done sending now */
3258 return n_flushed;
3259}
3260
3261/* Minimum value is the maximum circuit window size.
3262 *
3263 * This value is set to a lower bound we believe is reasonable with congestion
3264 * control and basic network running parameters.
3265 *
3266 * SENDME cells makes it that we can control how many cells can be inflight on
3267 * a circuit from end to end. This logic makes it that on any circuit cell
3268 * queue, we have a maximum of cells possible.
3269 *
3270 * Because the Tor protocol allows for a client to exit at any hop in a
3271 * circuit and a circuit can be of a maximum of 8 hops, so in theory the
3272 * normal worst case will be the circuit window start value times the maximum
3273 * number of hops (8). Having more cells then that means something is wrong.
3274 *
3275 * However, because padding cells aren't counted in the package window, we set
3276 * the maximum size to a reasonably large size for which we expect that we'll
3277 * never reach in theory. And if we ever do because of future changes, we'll
3278 * be able to control it with a consensus parameter.
3279 *
3280 * XXX: Unfortunately, END cells aren't accounted for in the circuit window
3281 * which means that for instance if a client opens 8001 streams, the 8001
3282 * following END cells will queue up in the circuit which will get closed if
3283 * the max limit is 8000. Which is sad because it is allowed by the Tor
3284 * protocol. But, we need an upper bound on circuit queue in order to avoid
3285 * DoS memory pressure so the default size is a middle ground between not
3286 * having any limit and having a very restricted one. This is why we can also
3287 * control it through a consensus parameter. */
3288#define RELAY_CIRC_CELL_QUEUE_SIZE_MIN 50
3289/* We can't have a consensus parameter above this value. */
3290#define RELAY_CIRC_CELL_QUEUE_SIZE_MAX INT32_MAX
3291/* Default value is set to a large value so we can handle padding cells
3292 * properly which aren't accounted for in the SENDME window. Default is 2500
3293 * allowed cells in the queue resulting in ~1MB. */
3294#define RELAY_CIRC_CELL_QUEUE_SIZE_DEFAULT \
3295 (50 * RELAY_CIRC_CELL_QUEUE_SIZE_MIN)
3296
3297/* The maximum number of cells a circuit queue can contain. This is updated at
3298 * every new consensus and controlled by a parameter. */
3299static int32_t max_circuit_cell_queue_size =
3300 RELAY_CIRC_CELL_QUEUE_SIZE_DEFAULT;
3301/** Maximum number of cell on an outbound circuit queue. This is updated at
3302 * every new consensus and controlled by a parameter. This default is incorrect
3303 * and won't be used at all except in unit tests. */
3305 RELAY_CIRC_CELL_QUEUE_SIZE_DEFAULT;
3306
3307/** Return consensus parameter "circ_max_cell_queue_size". The given ns can be
3308 * NULL. */
3309static uint32_t
3311{
3312 return networkstatus_get_param(ns, "circ_max_cell_queue_size",
3313 RELAY_CIRC_CELL_QUEUE_SIZE_DEFAULT,
3314 RELAY_CIRC_CELL_QUEUE_SIZE_MIN,
3315 RELAY_CIRC_CELL_QUEUE_SIZE_MAX);
3316}
3317
3318/** Return consensus parameter "circ_max_cell_queue_size_out". The given ns can
3319 * be NULL. */
3320static uint32_t
3322{
3323 return networkstatus_get_param(ns, "circ_max_cell_queue_size_out",
3325 RELAY_CIRC_CELL_QUEUE_SIZE_MIN,
3326 RELAY_CIRC_CELL_QUEUE_SIZE_MAX);
3327}
3328
3329/* Called when the consensus has changed. At this stage, the global consensus
3330 * object has NOT been updated. It is called from
3331 * notify_before_networkstatus_changes(). */
3332void
3333relay_consensus_has_changed(const networkstatus_t *ns)
3334{
3335 tor_assert(ns);
3336
3337 /* Update the circuit max cell queue size from the consensus. */
3338 max_circuit_cell_queue_size =
3342}
3343
3344/** Add <b>cell</b> to the queue of <b>circ</b> writing to <b>chan</b>
3345 * transmitting in <b>direction</b>.
3346 *
3347 * The given <b>cell</b> is copied onto the circuit queue so the caller must
3348 * cleanup the memory.
3349 *
3350 * This function is part of the fast path.
3351 *
3352 * Return 1 if the cell was successfully sent.
3353 * Return 0 if the cell can not be sent. The caller MUST NOT close the circuit.
3354 * Return -1 indicating an error and that the caller should mark the circuit
3355 * for close. */
3356int
3358 cell_t *cell, cell_direction_t direction,
3359 streamid_t fromstream)
3360{
3361 or_circuit_t *orcirc = NULL;
3362 edge_connection_t *stream_list = NULL;
3363 cell_queue_t *queue;
3364 int32_t max_queue_size;
3365 int circ_blocked;
3366 int exitward;
3367 if (circ->marked_for_close) {
3368 return 0;
3369 }
3370
3371 exitward = (direction == CELL_DIRECTION_OUT);
3372 if (exitward) {
3373 queue = &circ->n_chan_cells;
3374 circ_blocked = circ->circuit_blocked_on_n_chan;
3375 max_queue_size = max_circuit_cell_queue_size_out;
3376 if (CIRCUIT_IS_ORIGIN(circ))
3377 stream_list = TO_ORIGIN_CIRCUIT(circ)->p_streams;
3378 } else {
3379 orcirc = TO_OR_CIRCUIT(circ);
3380 queue = &orcirc->p_chan_cells;
3381 circ_blocked = circ->circuit_blocked_on_p_chan;
3382 max_queue_size = max_circuit_cell_queue_size;
3383 stream_list = TO_OR_CIRCUIT(circ)->n_streams;
3384 }
3385
3386 if (PREDICT_UNLIKELY(queue->n >= max_queue_size)) {
3387 /* This DoS defense only applies at the Guard as in the p_chan is likely
3388 * a client IP attacking the network. */
3389 if (exitward && CIRCUIT_IS_ORCIRC(circ)) {
3390 stats_n_circ_max_cell_outq_reached++;
3391 dos_note_circ_max_outq(CONST_TO_OR_CIRCUIT(circ)->p_chan);
3392 }
3393
3394 log_fn(LOG_PROTOCOL_WARN, LD_PROTOCOL,
3395 "%s circuit has %d cells in its queue, maximum allowed is %d. "
3396 "Closing circuit for safety reasons.",
3397 (exitward) ? "Outbound" : "Inbound", queue->n,
3398 max_queue_size);
3400 return -1;
3401 }
3402
3403 /* Very important that we copy to the circuit queue because all calls to
3404 * this function use the stack for the cell memory. */
3405 cell_queue_append_packed_copy(circ, queue, exitward, cell,
3406 chan->wide_circ_ids, 1);
3407
3408 /* Check and run the OOM if needed. */
3409 if (PREDICT_UNLIKELY(cell_queues_check_size())) {
3410 /* We ran the OOM handler which might have closed this circuit. */
3411 if (circ->marked_for_close) {
3412 return 0;
3413 }
3414 }
3415
3416 /* If we have too many cells on the circuit, note that it should
3417 * be blocked from new cells. */
3418 if (!circ_blocked && queue->n >= cell_queue_highwatermark())
3419 set_circuit_blocked_on_chan(circ, chan, 1);
3420
3421 if (circ_blocked && fromstream) {
3422 /* This edge connection is apparently not blocked; this can happen for
3423 * new streams on a blocked circuit, for their CONNECTED response.
3424 * block it now, unless we have conflux. */
3425 set_block_state_for_streams(circ, stream_list, 1, fromstream);
3426 }
3427
3428 update_circuit_on_cmux(circ, direction);
3429 if (queue->n == 1) {
3430 /* This was the first cell added to the queue. We just made this
3431 * circuit active. */
3432 log_debug(LD_GENERAL, "Made a circuit active.");
3433 }
3434
3435 /* New way: mark this as having waiting cells for the scheduler */
3437 return 1;
3438}
3439
3440/** Append an encoded value of <b>addr</b> to <b>payload_out</b>, which must
3441 * have at least 18 bytes of free space. The encoding is, as specified in
3442 * tor-spec.txt:
3443 * RESOLVED_TYPE_IPV4 or RESOLVED_TYPE_IPV6 [1 byte]
3444 * LENGTH [1 byte]
3445 * ADDRESS [length bytes]
3446 * Return the number of bytes added, or -1 on error */
3447int
3448append_address_to_payload(uint8_t *payload_out, const tor_addr_t *addr)
3449{
3450 uint32_t a;
3451 switch (tor_addr_family(addr)) {
3452 case AF_INET:
3453 payload_out[0] = RESOLVED_TYPE_IPV4;
3454 payload_out[1] = 4;
3455 a = tor_addr_to_ipv4n(addr);
3456 memcpy(payload_out+2, &a, 4);
3457 return 6;
3458 case AF_INET6:
3459 payload_out[0] = RESOLVED_TYPE_IPV6;
3460 payload_out[1] = 16;
3461 memcpy(payload_out+2, tor_addr_to_in6_addr8(addr), 16);
3462 return 18;
3463 case AF_UNSPEC:
3464 default:
3465 return -1;
3466 }
3467}
3468
3469/** Given <b>payload_len</b> bytes at <b>payload</b>, starting with an address
3470 * encoded as by append_address_to_payload(), try to decode the address into
3471 * *<b>addr_out</b>. Return the next byte in the payload after the address on
3472 * success, or NULL on failure. */
3473const uint8_t *
3474decode_address_from_payload(tor_addr_t *addr_out, const uint8_t *payload,
3475 int payload_len)
3476{
3477 if (payload_len < 2)
3478 return NULL;
3479 if (payload_len < 2+payload[1])
3480 return NULL;
3481
3482 switch (payload[0]) {
3483 case RESOLVED_TYPE_IPV4:
3484 if (payload[1] != 4)
3485 return NULL;
3486 tor_addr_from_ipv4n(addr_out, get_uint32(payload+2));
3487 break;
3488 case RESOLVED_TYPE_IPV6:
3489 if (payload[1] != 16)
3490 return NULL;
3491 tor_addr_from_ipv6_bytes(addr_out, (payload+2));
3492 break;
3493 default:
3494 tor_addr_make_unspec(addr_out);
3495 break;
3496 }
3497 return payload + 2 + payload[1];
3498}
3499
3500/** Remove all the cells queued on <b>circ</b> for <b>chan</b>. */
3501void
3503{
3504 cell_queue_t *queue;
3505 cell_direction_t direction;
3506
3507 if (circ->n_chan == chan) {
3508 queue = &circ->n_chan_cells;
3509 direction = CELL_DIRECTION_OUT;
3510 } else {
3511 or_circuit_t *orcirc = TO_OR_CIRCUIT(circ);
3512 tor_assert(orcirc->p_chan == chan);
3513 queue = &orcirc->p_chan_cells;
3514 direction = CELL_DIRECTION_IN;
3515 }
3516
3517 /* Clear the queue */
3518 cell_queue_clear(queue);
3519
3520 /* Update the cell counter in the cmux */
3521 if (chan->cmux && circuitmux_is_circuit_attached(chan->cmux, circ))
3522 update_circuit_on_cmux(circ, direction);
3523}
3524
3525/** Return 1 if we shouldn't restart reading on this circuit, even if
3526 * we get a SENDME. Else return 0.
3527*/
3528static int
3530{
3531 if (CIRCUIT_IS_ORIGIN(circ)) {
3532 return circ->circuit_blocked_on_n_chan;
3533 } else {
3534 return circ->circuit_blocked_on_p_chan;
3535 }
3536}
3537
3538/** Return the format to use.
3539 *
3540 * NULL can be passed but not for both. */
3543{
3544 if (circ && CIRCUIT_IS_ORCIRC(circ)) {
3545 return CONST_TO_OR_CIRCUIT(circ)->relay_cell_format;
3546 } else if (cpath) {
3547 return cpath->relay_cell_format;
3548 } else {
3549 /* We end up here when both params are NULL, which is not allowed, or when
3550 * only an origin circuit is given (which again is not allowed). */
3551 tor_assert_unreached();
3552 }
3553}
3554
3555/**
3556 * Return the maximum relay payload that can be sent to the chosen
3557 * point, with the specified command.
3558 */
3559size_t
3561 uint8_t relay_command)
3562{
3563 relay_cell_fmt_t fmt = circuit_get_relay_format(circ, cpath);
3564 return relay_cell_max_payload_size(fmt, relay_command);
3565}
void tor_addr_from_ipv4n(tor_addr_t *dest, uint32_t v4addr)
Definition: address.c:889
void tor_addr_make_unspec(tor_addr_t *a)
Definition: address.c:225
int tor_addr_parse(tor_addr_t *addr, const char *src)
Definition: address.c:1349
int tor_addr_is_null(const tor_addr_t *addr)
Definition: address.c:780
const char * tor_addr_to_str(char *dest, const tor_addr_t *addr, size_t len, int decorate)
Definition: address.c:328
void tor_addr_from_ipv6_bytes(tor_addr_t *dest, const uint8_t *ipv6_bytes)
Definition: address.c:900
static uint32_t tor_addr_to_ipv4n(const tor_addr_t *a)
Definition: address.h:152
static sa_family_t tor_addr_family(const tor_addr_t *a)
Definition: address.h:187
#define tor_addr_to_in6_addr8(x)
Definition: address.h:135
#define tor_addr_from_ipv4h(dest, v4addr)
Definition: address.h:327
#define fmt_addr(a)
Definition: address.h:239
#define TOR_ADDR_BUF_LEN
Definition: address.h:224
int client_dns_incr_failures(const char *address)
Definition: addressmap.c:638
void client_dns_set_addressmap(entry_connection_t *for_conn, const char *address, const tor_addr_t *val, const char *exitname, int ttl)
Definition: addressmap.c:728
void client_dns_clear_failures(const char *address)
Definition: addressmap.c:660
Header for addressmap.c.
time_t approx_time(void)
Definition: approx_time.c:32
Header for backtrace.c.
buf_t * buf_new(void)
Definition: buffers.c:365
int buf_add(buf_t *buf, const char *string, size_t string_len)
Definition: buffers.c:527
size_t buf_datalen(const buf_t *buf)
Definition: buffers.c:394
int buf_get_bytes(buf_t *buf, char *string, size_t string_len)
Definition: buffers.c:637
Header file for buffers.c.
static void set_uint16(void *cp, uint16_t v)
Definition: bytes.h:78
static uint16_t get_uint16(const void *cp)
Definition: bytes.h:42
static uint8_t get_uint8(const void *cp)
Definition: bytes.h:23
static void set_uint8(void *cp, uint8_t v)
Definition: bytes.h:31
static uint32_t get_uint32(const void *cp)
Definition: bytes.h:54
Cell queue structures.
Fixed-size cell structure.
void channel_timestamp_client(channel_t *chan)
Definition: channel.c:3198
int channel_send_destroy(circid_t circ_id, channel_t *chan, int reason)
Definition: channel.c:2038
int channel_is_client(const channel_t *chan)
Definition: channel.c:2918
void channel_mark_for_close(channel_t *chan)
Definition: channel.c:1142
int channel_write_packed_cell(channel_t *chan, packed_cell_t *cell)
Definition: channel.c:1489
Header file for channel.c.
void pathbias_count_valid_cells(circuit_t *circ, const relay_msg_t *msg)
Definition: circpathbias.c:962
int pathbias_check_probe_response(circuit_t *circ, const relay_msg_t *msg)
Definition: circpathbias.c:906
void pathbias_mark_use_success(origin_circuit_t *circ)
Definition: circpathbias.c:683
void circuit_log_path(int severity, unsigned int domain, origin_circuit_t *circ)
Definition: circuitbuild.c:358
int circuit_send_next_onion_skin(origin_circuit_t *circ)
Definition: circuitbuild.c:959
int circuit_finish_handshake(origin_circuit_t *circ, const created_cell_t *reply)
int circuit_truncated(origin_circuit_t *circ, int reason)
Header file for circuitbuild.c.
int circuit_extend(const relay_msg_t *rmsg, struct circuit_t *circ)
Header for feature/relay/circuitbuild_relay.c.
void circuit_synchronize_written_or_bandwidth(const circuit_t *c, circuit_channel_direction_t dir)
Definition: circuitlist.c:2103
void circuit_set_n_circid_chan(circuit_t *circ, circid_t id, channel_t *chan)
Definition: circuitlist.c:493
void circuit_set_state(circuit_t *circ, uint8_t state)
Definition: circuitlist.c:562
circuit_t * circuit_get_by_edge_conn(edge_connection_t *conn)
Definition: circuitlist.c:1606
origin_circuit_t * TO_ORIGIN_CIRCUIT(circuit_t *x)
Definition: circuitlist.c:185
void assert_circuit_ok(const circuit_t *c)
Definition: circuitlist.c:2778
const char * circuit_state_to_string(int state)
Definition: circuitlist.c:781
size_t circuits_handle_oom(size_t current_allocation)
Definition: circuitlist.c:2645
or_circuit_t * TO_OR_CIRCUIT(circuit_t *x)
Definition: circuitlist.c:173
smartlist_t * circuit_get_global_list(void)
Definition: circuitlist.c:713
Header file for circuitlist.c.
#define CIRCUIT_PURPOSE_PATH_BIAS_TESTING
Definition: circuitlist.h:123
#define CIRCUIT_STATE_OPEN
Definition: circuitlist.h:32
#define CIRCUIT_IS_ORCIRC(c)
Definition: circuitlist.h:161
#define CIRCUIT_IS_ORIGIN(c)
Definition: circuitlist.h:154
#define CIRCUIT_PURPOSE_OR
Definition: circuitlist.h:39
#define CIRCUIT_PURPOSE_S_REND_JOINED
Definition: circuitlist.h:110
#define CIRCUIT_PURPOSE_REND_ESTABLISHED
Definition: circuitlist.h:47
cell_direction_t circuitmux_attached_circuit_direction(circuitmux_t *cmux, circuit_t *circ)
Definition: circuitmux.c:549
void circuitmux_notify_xmit_destroy(circuitmux_t *cmux)
Definition: circuitmux.c:1164
void circuitmux_detach_all_circuits(circuitmux_t *cmux, smartlist_t *detached_out)
Definition: circuitmux.c:214
void circuitmux_notify_xmit_cells(circuitmux_t *cmux, circuit_t *circ, unsigned int n_cells)
Definition: circuitmux.c:1104
int circuitmux_is_circuit_attached(circuitmux_t *cmux, circuit_t *circ)
Definition: circuitmux.c:627
void circuitmux_set_num_cells(circuitmux_t *cmux, circuit_t *circ, unsigned int n_cells)
Definition: circuitmux.c:999
circuit_t * circuitmux_get_first_active_circuit(circuitmux_t *cmux, destroy_cell_queue_t **destroy_queue_out)
Definition: circuitmux.c:1061
int circpad_check_received_cell(const relay_msg_t *msg, circuit_t *circ, crypt_path_t *layer_hint)
void circpad_deliver_sent_relay_cell_events(circuit_t *circ, uint8_t relay_command)
void circpad_deliver_unrecognized_cell_events(circuit_t *circ, cell_direction_t dir)
void circpad_machine_event_circ_has_no_relay_early(origin_circuit_t *circ)
void circpad_deliver_recognized_relay_cell_events(circuit_t *circ, uint8_t relay_command, crypt_path_t *layer_hint)
Header file for circuitpadding.c.
void circuit_sent_valid_data(origin_circuit_t *circ, uint16_t relay_body_len)
Definition: circuituse.c:3180
void circuit_read_valid_data(origin_circuit_t *circ, uint16_t relay_body_len)
Definition: circuituse.c:3202
void mark_circuit_unusable_for_new_conns(origin_circuit_t *circ)
Definition: circuituse.c:3152
Header file for circuituse.c.
uint64_t monotime_coarse_stamp_units_to_approx_msec(uint64_t units)
Definition: compat_time.c:890
uint32_t monotime_coarse_get_stamp(void)
Definition: compat_time.c:864
size_t tor_compress_get_total_allocation(void)
Definition: compress.c:466
Headers for compress.c.
const or_options_t * get_options(void)
Definition: config.c:947
tor_cmdline_mode_t command
Definition: config.c:2477
Header file for config.c.
void conflux_note_cell_sent(conflux_t *cfx, circuit_t *circ, uint8_t relay_command)
Definition: conflux.c:529
bool conflux_should_multiplex(int relay_command)
Definition: conflux.c:50
circuit_t * conflux_decide_next_circ(conflux_t *cfx)
Definition: conflux.c:610
circuit_t * conflux_decide_circ_for_send(conflux_t *cfx, circuit_t *orig_circ, uint8_t relay_command)
Definition: conflux.c:458
conflux_msg_t * conflux_dequeue_relay_msg(conflux_t *cfx)
Definition: conflux.c:912
bool conflux_process_relay_msg(conflux_t *cfx, circuit_t *in_circ, crypt_path_t *layer_hint, const relay_msg_t *msg)
Definition: conflux.c:845
int conflux_process_switch_command(circuit_t *in_circ, crypt_path_t *layer_hint, const relay_msg_t *msg)
Definition: conflux.c:738
size_t conflux_handle_oom(size_t bytes_to_remove)
Definition: conflux.c:192
uint64_t conflux_get_total_bytes_allocation(void)
Definition: conflux.c:185
Public APIs for conflux multipath support.
void conflux_process_linked_ack(circuit_t *circ)
void conflux_log_set(int loglevel, const conflux_t *cfx, bool is_client)
void conflux_process_link(circuit_t *circ, const relay_msg_t *msg)
void conflux_process_linked(circuit_t *circ, crypt_path_t *layer_hint, const relay_msg_t *msg)
Header file for conflux_pool.c.
crypt_path_t * conflux_get_destination_hop(circuit_t *circ)
Definition: conflux_util.c:122
int circuit_get_package_window(circuit_t *circ, const crypt_path_t *cpath)
Definition: conflux_util.c:33
bool conflux_can_send(conflux_t *cfx)
Definition: conflux_util.c:99
bool relay_crypt_from_last_hop(const origin_circuit_t *circ, const crypt_path_t *layer_hint)
Definition: conflux_util.c:242
bool edge_uses_cpath(const edge_connection_t *conn, const crypt_path_t *cpath)
Definition: conflux_util.c:172
Header file for conflux_util.c.
int congestion_control_get_package_window(const circuit_t *circ, const crypt_path_t *cpath)
Public APIs for congestion control.
static int32_t cell_queue_highwatermark(void)
static int32_t cell_queue_lowwatermark(void)
bool circuit_process_stream_xoff(edge_connection_t *conn, const crypt_path_t *layer_hint)
bool circuit_process_stream_xon(edge_connection_t *conn, const crypt_path_t *layer_hint, const relay_msg_t *msg)
APIs for stream flow control on congestion controlled circuits.
int connection_buf_get_bytes(char *string, size_t len, connection_t *conn)
Definition: connection.c:4320
int connection_state_is_open(connection_t *conn)
Definition: connection.c:5053
const char * conn_state_to_string(int type, int state)
Definition: connection.c:304
Header file for connection.c.
#define CONN_TYPE_AP
Definition: connection.h:51
#define CONN_TYPE_DIR
Definition: connection.h:55
#define CONN_TYPE_EXIT
Definition: connection.h:46
int connection_half_edge_is_valid_data(const smartlist_t *half_conns, streamid_t stream_id)
int connection_exit_begin_resolve(const relay_msg_t *msg, or_circuit_t *circ)
int connection_ap_detach_retriable(entry_connection_t *conn, origin_circuit_t *circ, int reason)
void connection_ap_handshake_socks_reply(entry_connection_t *conn, char *reply, size_t replylen, int endreason)
int connection_half_edge_is_valid_end(smartlist_t *half_conns, streamid_t stream_id)
void connection_edge_end_close(edge_connection_t *conn, uint8_t reason)
int connection_half_edge_is_valid_connected(const smartlist_t *half_conns, streamid_t stream_id)
int connection_exit_begin_conn(const relay_msg_t *msg, circuit_t *circ)
entry_connection_t * EDGE_TO_ENTRY_CONN(edge_connection_t *c)
void connection_ap_handshake_socks_resolved_addr(entry_connection_t *conn, const tor_addr_t *answer, int ttl, time_t expires)
int connection_half_edge_is_valid_resolved(smartlist_t *half_conns, streamid_t stream_id)
int connection_edge_end(edge_connection_t *conn, uint8_t reason)
size_t half_streams_get_total_allocation(void)
int connection_half_edge_is_valid_sendme(const smartlist_t *half_conns, streamid_t stream_id)
int connection_edge_is_rendezvous_stream(const edge_connection_t *conn)
void connection_ap_handshake_socks_resolved(entry_connection_t *conn, int answer_type, size_t answer_len, const uint8_t *answer, int ttl, time_t expires)
Header file for connection_edge.c.
#define EXIT_CONN_STATE_CONNECTING
#define AP_CONN_STATE_CONNECT_WAIT
#define AP_CONN_STATE_OPEN
#define AP_CONN_STATE_RESOLVE_WAIT
#define EXIT_CONN_STATE_RESOLVING
void cell_pack(packed_cell_t *dst, const cell_t *src, int wide_circ_ids)
Header file for connection_or.c.
void control_event_boot_dir(bootstrap_status_t status, int progress)
void control_event_bootstrap(bootstrap_status_t status, int progress)
int control_event_stream_status(entry_connection_t *conn, stream_status_event_t tp, int reason_code)
Header file for control_events.c.
#define REMAP_STREAM_SOURCE_EXIT
Circuit-build-stse structure.
Common functions for using (pseudo-)random number generators.
#define crypto_fast_rng_one_in_n(rng, n)
Definition: crypto_rand.h:80
crypto_fast_rng_t * get_thread_fast_rng(void)
unsigned crypto_fast_rng_get_uint(crypto_fast_rng_t *rng, unsigned limit)
Common functions for cryptographic routines.
const char * node_describe(const node_t *node)
Definition: describe.c:160
Header file for describe.c.
Destroy-cell queue structures.
Client/server directory connection structure.
dir_connection_t * TO_DIR_CONN(connection_t *c)
Definition: directory.c:89
Header file for directory.c.
#define DIR_PURPOSE_FETCH_CERTIFICATE
Definition: directory.h:57
#define DIR_PURPOSE_FETCH_MICRODESC
Definition: directory.h:65
#define DIR_PURPOSE_FETCH_CONSENSUS
Definition: directory.h:54
#define DIR_PURPOSE_FETCH_SERVERDESC
Definition: directory.h:36
Header file for dns.c.
Entry connection structure.
#define ENTRY_TO_EDGE_CONN(c)
Extend-info structure.
Header for core/or/extendinfo.c.
Header file for geoip_stats.c.
@ DIRREQ_END_CELL_SENT
Definition: geoip_stats.h:66
@ DIRREQ_CIRC_QUEUE_FLUSHED
Definition: geoip_stats.h:69
void geoip_change_dirreq_state(uint64_t dirreq_id, dirreq_type_t type, dirreq_state_t new_state)
Definition: geoip_stats.c:552
size_t hs_cache_handle_oom(size_t min_remove_bytes)
Definition: hs_cache.c:1157
Header file for hs_cache.c.
Header for feature/hs/hs_metrics.c.
#define hs_metrics_app_write_bytes(i, port, n)
Definition: hs_metrics.h:47
uint16_t sa_family_t
Definition: inaddr_st.h:77
void tor_log(int severity, log_domain_mask_t domain, const char *format,...)
Definition: log.c:591
Headers for log.c.
#define log_fn(severity, domain, args,...)
Definition: log.h:283
#define LD_REND
Definition: log.h:84
#define LD_APP
Definition: log.h:78
#define LD_PROTOCOL
Definition: log.h:72
#define LD_OR
Definition: log.h:92
#define LD_MM
Definition: log.h:74
#define LD_BUG
Definition: log.h:86
#define LD_GENERAL
Definition: log.h:62
#define LOG_WARN
Definition: log.h:53
#define LOG_INFO
Definition: log.h:45
void connection_stop_reading(connection_t *conn)
Definition: mainloop.c:601
void connection_start_reading(connection_t *conn)
Definition: mainloop.c:623
int connection_is_reading(const connection_t *conn)
Definition: mainloop.c:500
Header file for mainloop.c.
#define tor_free(p)
Definition: malloc.h:56
int32_t networkstatus_get_param(const networkstatus_t *ns, const char *param_name, int32_t default_val, int32_t min_val, int32_t max_val)
int consensus_is_waiting_for_certs(void)
Header file for networkstatus.c.
int node_exit_policy_is_exact(const node_t *node, sa_family_t family)
Definition: nodelist.c:1639
node_t * node_get_mutable_by_id(const char *identity_digest)
Definition: nodelist.c:197
int count_loading_descriptors_progress(void)
Definition: nodelist.c:2833
Header file for nodelist.c.
int extended_cell_parse(extended_cell_t *cell_out, const uint8_t command, const uint8_t *payload, size_t payload_len)
Definition: onion.c:407
Header file for onion.c.
Master header file for Tor-specific functionality.
#define CELL_PAYLOAD_SIZE
Definition: or.h:525
#define END_STREAM_REASON_CANT_ATTACH
Definition: or.h:309
#define END_STREAM_REASON_FLAG_REMOTE
Definition: or.h:335
uint32_t circid_t
Definition: or.h:584
uint16_t streamid_t
Definition: or.h:586
#define TO_CIRCUIT(x)
Definition: or.h:947
#define END_STREAM_REASON_FLAG_ALREADY_SOCKS_REPLIED
Definition: or.h:342
#define TO_CONN(c)
Definition: or.h:705
cell_direction_t
Definition: or.h:423
@ CELL_DIRECTION_OUT
Definition: or.h:425
@ CELL_DIRECTION_IN
Definition: or.h:424
#define RELAY_PAYLOAD_SIZE_MAX
Definition: or.h:572
relay_cell_fmt_t
Definition: or.h:534
#define END_CIRC_AT_ORIGIN
Definition: or.h:366
#define ENTRY_TO_CONN(c)
Definition: or.h:708
#define CIRCWINDOW_INCREMENT
Definition: or.h:446
Origin circuit structure.
@ PATH_STATE_USE_FAILED
void addr_policy_append_reject_addr(smartlist_t **dest, const tor_addr_t *addr)
Definition: policies.c:1617
void policies_set_node_exitpolicy_to_reject_all(node_t *node)
Definition: policies.c:2194
Header file for policies.c.
int tor_snprintf(char *str, size_t size, const char *format,...)
Definition: printf.c:27
char * rate_limit_log(ratelim_t *lim, time_t now)
Definition: ratelim.c:42
const char * stream_end_reason_to_string(int reason)
Definition: reasons.c:64
Header file for reasons.c.
int channel_flush_from_first_active_circuit(channel_t *chan, int max)
Definition: relay.c:3097
static int connection_edge_process_relay_cell_not_open(const relay_msg_t *msg, circuit_t *circ, edge_connection_t *conn, crypt_path_t *layer_hint)
Definition: relay.c:1403
void destroy_cell_queue_init(destroy_cell_queue_t *queue)
Definition: relay.c:2772
static int connection_ap_process_end_not_open(const relay_msg_t *msg, origin_circuit_t *circ, entry_connection_t *conn, crypt_path_t *layer_hint)
Definition: relay.c:848
static int circuit_resume_edge_reading_helper(edge_connection_t *conn, circuit_t *circ, crypt_path_t *layer_hint)
Definition: relay.c:2446
int append_address_to_payload(uint8_t *payload_out, const tor_addr_t *addr)
Definition: relay.c:3448
STATIC int resolved_cell_parse(const relay_msg_t *msg, smartlist_t *addresses_out, int *errcode_out)
Definition: relay.c:1159
uint64_t stats_n_data_cells_received
Definition: relay.c:2190
void packed_cell_free_(packed_cell_t *cell)
Definition: relay.c:2674
STATIC int connection_edge_process_resolved_cell(edge_connection_t *conn, const relay_msg_t *msg)
Definition: relay.c:1329
void destroy_cell_queue_clear(destroy_cell_queue_t *queue)
Definition: relay.c:2780
void destroy_cell_queue_append(destroy_cell_queue_t *queue, circid_t circid, uint8_t reason)
Definition: relay.c:2806
relay_cell_fmt_t circuit_get_relay_format(const circuit_t *circ, const crypt_path_t *cpath)
Definition: relay.c:3542
void channel_unlink_all_circuits(channel_t *chan, smartlist_t *circuits_out)
Definition: relay.c:2989
int append_cell_to_circuit_queue(circuit_t *circ, channel_t *chan, cell_t *cell, cell_direction_t direction, streamid_t fromstream)
Definition: relay.c:3357
void cell_queue_append_packed_copy(circuit_t *circ, cell_queue_t *queue, int exitward, const cell_t *cell, int wide_circ_ids, int use_stats)
Definition: relay.c:2722
uint64_t oom_stats_n_bytes_removed_dns
Definition: relay.c:2858
static packed_cell_t * destroy_cell_to_packed_cell(destroy_cell_t *inp, int wide_circ_ids)
Definition: relay.c:2822
void dump_cell_pool_usage(int severity)
Definition: relay.c:2684
STATIC int connection_edge_process_relay_cell(const relay_msg_t *msg, circuit_t *circ, edge_connection_t *conn, crypt_path_t *layer_hint)
Definition: relay.c:2047
void circuit_reset_sendme_randomness(circuit_t *circ)
Definition: relay.c:2202
uint64_t stats_n_relay_cells_relayed
Definition: relay.c:137
size_t circuit_max_relay_payload(const circuit_t *circ, const crypt_path_t *cpath, uint8_t relay_command)
Definition: relay.c:3560
uint64_t stats_n_circ_max_cell_reached
Definition: relay.c:144
#define MAX_RESOLVE_FAILURES
Definition: relay.c:828
static void remap_event_helper(entry_connection_t *conn, const tor_addr_t *new_addr)
Definition: relay.c:1087
static int circuit_queue_streams_are_blocked(circuit_t *circ)
Definition: relay.c:3529
static void connection_ap_handshake_socks_got_resolved_cell(entry_connection_t *conn, int error_code, smartlist_t *results)
Definition: relay.c:1255
static void adjust_exit_policy_from_exitpolicy_failure(origin_circuit_t *circ, entry_connection_t *conn, node_t *node, const tor_addr_t *addr)
Definition: relay.c:1052
static void circuit_update_channel_usage(circuit_t *circ, cell_t *cell)
Definition: relay.c:158
uint64_t stats_n_data_cells_packaged
Definition: relay.c:2184
STATIC packed_cell_t * packed_cell_new(void)
Definition: relay.c:2666
void cell_queue_clear(cell_queue_t *queue)
Definition: relay.c:2746
void circuit_clear_cell_queue(circuit_t *circ, channel_t *chan)
Definition: relay.c:3502
void cell_queue_init(cell_queue_t *queue)
Definition: relay.c:2738
int circuit_package_relay_cell(cell_t *cell, circuit_t *circ, cell_direction_t cell_direction, crypt_path_t *layer_hint, streamid_t on_stream, const char *filename, int lineno)
Definition: relay.c:402
STATIC packed_cell_t * cell_queue_pop(cell_queue_t *queue)
Definition: relay.c:2760
int have_been_under_memory_pressure(void)
Definition: relay.c:2933
uint64_t stats_n_data_bytes_received
Definition: relay.c:2194
circid_t packed_cell_get_circid(const packed_cell_t *cell, int wide_circ_ids)
Definition: relay.c:3083
static int connection_edge_process_ordered_relay_cell(const relay_msg_t *msg, circuit_t *circ, edge_connection_t *conn, crypt_path_t *layer_hint)
Definition: relay.c:2148
const uint8_t * decode_address_from_payload(tor_addr_t *addr_out, const uint8_t *payload, int payload_len)
Definition: relay.c:3474
static uint32_t get_param_max_circuit_cell_queue_size(const networkstatus_t *ns)
Definition: relay.c:3310
void update_circuit_on_cmux_(circuit_t *circ, cell_direction_t direction, const char *file, int lineno)
Definition: relay.c:2944
STATIC destroy_cell_t * destroy_cell_queue_pop(destroy_cell_queue_t *queue)
Definition: relay.c:2794
uint8_t packed_cell_get_command(const packed_cell_t *cell, int wide_circ_ids)
Definition: relay.c:3072
uint64_t stats_n_relay_cells_delivered
Definition: relay.c:141
STATIC int cell_queues_check_size(void)
Definition: relay.c:2866
STATIC int connected_cell_parse(const relay_msg_t *msg, tor_addr_t *addr_out, int *ttl_out)
Definition: relay.c:1107
static size_t total_cells_allocated
Definition: relay.c:2654
static int32_t max_circuit_cell_queue_size_out
Definition: relay.c:3304
int relay_send_command_from_edge_(streamid_t stream_id, circuit_t *orig_circ, uint8_t relay_command, const char *payload, size_t payload_len, crypt_path_t *cpath_layer, const char *filename, int lineno)
Definition: relay.c:593
static void packed_cell_free_unchecked(packed_cell_t *cell)
Definition: relay.c:2658
static int edge_reason_is_retriable(int reason)
Definition: relay.c:833
STATIC size_t connection_edge_get_inbuf_bytes_to_package(size_t n_available, int package_partial, circuit_t *on_circuit, crypt_path_t *cpath)
Definition: relay.c:2215
static void circuit_resume_edge_reading(circuit_t *circ, crypt_path_t *layer_hint)
Definition: relay.c:2416
static void set_circuit_blocked_on_chan(circuit_t *circ, channel_t *chan, int block)
Definition: relay.c:3008
STATIC void address_ttl_free_(address_ttl_t *addr)
Definition: relay.c:1145
static uint32_t get_param_max_circuit_cell_queue_size_out(const networkstatus_t *ns)
Definition: relay.c:3321
STATIC int handle_relay_msg(const relay_msg_t *msg, circuit_t *circ, edge_connection_t *conn, crypt_path_t *layer_hint, int optimistic_data)
Definition: relay.c:1627
static int process_sendme_cell(const relay_msg_t *msg, circuit_t *circ, edge_connection_t *conn, crypt_path_t *layer_hint, int domain)
Definition: relay.c:1551
const char * relay_command_to_string(uint8_t command)
Definition: relay.c:538
#define MEMORY_PRESSURE_INTERVAL
Definition: relay.c:2852
static void set_block_state_for_streams(circuit_t *circ, edge_connection_t *stream_list, int block, streamid_t stream_id)
Definition: relay.c:3031
void cell_queue_append(cell_queue_t *queue, packed_cell_t *cell)
Definition: relay.c:2711
static edge_connection_t * relay_lookup_conn(circuit_t *circ, const relay_msg_t *msg, cell_direction_t cell_direction, crypt_path_t *layer_hint)
Definition: relay.c:463
static packed_cell_t * packed_cell_copy(const cell_t *cell, int wide_circ_ids)
Definition: relay.c:2702
int circuit_receive_relay_cell(cell_t *cell, circuit_t *circ, cell_direction_t cell_direction)
Definition: relay.c:239
int connection_edge_package_raw_inbuf(edge_connection_t *conn, int package_partial, int *max_cells)
Definition: relay.c:2286
int connection_edge_send_command(edge_connection_t *fromconn, uint8_t relay_command, const char *payload, size_t payload_len)
Definition: relay.c:771
uint64_t stats_n_data_bytes_packaged
Definition: relay.c:2188
size_t packed_cell_mem_cost(void)
Definition: relay.c:2839
static time_t last_time_under_memory_pressure
Definition: relay.c:2855
static int circuit_consider_stop_edge_reading(circuit_t *circ, crypt_path_t *layer_hint)
Definition: relay.c:2621
Header file for relay.c.
Header for relay_crypto.c.
void relay_encrypt_cell_outbound(cell_t *cell, origin_circuit_t *or_circ, crypt_path_t *layer_hint)
Definition: relay_crypto.c:244
int relay_decrypt_cell(circuit_t *circ, cell_t *cell, cell_direction_t cell_direction, crypt_path_t **layer_hint, char *recognized)
Definition: relay_crypto.c:151
void relay_encrypt_cell_inbound(cell_t *cell, or_circuit_t *or_circ)
Definition: relay_crypto.c:267
int relay_msg_encode_cell(relay_cell_fmt_t format, const relay_msg_t *msg, cell_t *cell_out)
Definition: relay_msg.c:225
int relay_msg_decode_cell_in_place(relay_cell_fmt_t format, const cell_t *cell, relay_msg_t *msg_out)
Definition: relay_msg.c:254
Header file for relay_msg.c.
static size_t relay_cell_max_payload_size(relay_cell_fmt_t format, uint8_t relay_command)
Definition: relay_msg.h:65
A relay message which contains a relay command and parameters, if any, that is from a relay cell.
void rend_process_relay_cell(circuit_t *circ, const crypt_path_t *layer_hint, int command, size_t length, const uint8_t *payload)
Definition: rendcommon.c:34
Header file for rendcommon.c.
void rep_hist_note_overload(overload_type_t overload)
Definition: rephist.c:541
Header file for rephist.c.
Router descriptor structure.
#define ROUTER_PURPOSE_GENERAL
Header file for routerlist.c.
void scheduler_channel_has_waiting_cells(channel_t *chan)
Definition: scheduler.c:548
Header file for scheduler*.c.
void sendme_connection_edge_consider_sending(edge_connection_t *conn)
Definition: sendme.c:393
void sendme_circuit_consider_sending(circuit_t *circ, crypt_path_t *layer_hint)
Definition: sendme.c:440
Header file for sendme.c.
char * smartlist_join_strings(smartlist_t *sl, const char *join, int terminate, size_t *len_out)
Definition: smartlist.c:279
void smartlist_add_all(smartlist_t *s1, const smartlist_t *s2)
smartlist_t * smartlist_new(void)
void smartlist_add(smartlist_t *sl, void *element)
#define SMARTLIST_FOREACH_BEGIN(sl, type, var)
#define SMARTLIST_FOREACH(sl, type, var, cmd)
#define SMARTLIST_DEL_CURRENT(sl, var)
Client request structure.
#define SOCKS_COMMAND_RESOLVE_PTR
Definition: cell_st.h:17
uint8_t payload[CELL_PAYLOAD_SIZE]
Definition: cell_st.h:21
uint8_t command
Definition: cell_st.h:19
circid_t circ_id
Definition: cell_st.h:18
unsigned int num_n_circuits
Definition: channel.h:411
uint64_t dirreq_id
Definition: channel.h:454
channel_usage_info_t channel_usage
Definition: channel.h:229
circuitmux_t * cmux
Definition: channel.h:398
int marked_for_close_reason
Definition: circuit_st.h:208
uint8_t state
Definition: circuit_st.h:111
unsigned int circuit_blocked_on_n_chan
Definition: circuit_st.h:92
uint16_t send_randomness_after_n_cells
Definition: circuit_st.h:128
struct create_cell_t * n_chan_create_cell
Definition: circuit_st.h:164
unsigned int circuit_blocked_on_p_chan
Definition: circuit_st.h:95
unsigned int have_sent_sufficiently_random_cell
Definition: circuit_st.h:109
uint64_t dirreq_id
Definition: circuit_st.h:215
cell_queue_t n_chan_cells
Definition: circuit_st.h:82
uint16_t marked_for_close
Definition: circuit_st.h:200
struct conflux_t * conflux
Definition: circuit_st.h:273
uint8_t purpose
Definition: circuit_st.h:112
const char * marked_for_close_file
Definition: circuit_st.h:203
int package_window
Definition: circuit_st.h:117
smartlist_t * testing_cell_stats
Definition: circuit_st.h:223
struct timeval timestamp_created
Definition: circuit_st.h:179
channel_t * n_chan
Definition: circuit_st.h:70
extend_info_t * n_hop
Definition: circuit_st.h:88
circid_t n_circ_id
Definition: circuit_st.h:79
relay_msg_t * msg
Definition: conflux.h:42
time_t timestamp_last_read_allowed
uint8_t state
Definition: connection_st.h:49
unsigned int type
Definition: connection_st.h:50
uint16_t marked_for_close
const char * marked_for_close_file
unsigned int purpose
Definition: connection_st.h:51
tor_socket_t s
struct event * read_event
extend_info_t * chosen_exit
relay_cell_fmt_t relay_cell_format
Definition: crypt_path_st.h:90
struct crypt_path_t * cpath_layer
struct edge_connection_t * next_stream
unsigned int edge_has_sent_end
struct circuit_t * on_circuit
socks_request_t * socks_request
unsigned int chosen_exit_optional
unsigned int chosen_exit_retries
struct buf_t * pending_optimistic_data
char identity_digest[DIGEST_LEN]
created_cell_t created_cell
Definition: onion.h:71
ed25519_public_key_t identity_pk
Definition: hs_ident.h:106
uint16_t orig_virtual_port
Definition: hs_ident.h:111
Definition: node_st.h:34
uint64_t total_cell_waiting_time
Definition: or_circuit_st.h:91
channel_t * p_chan
Definition: or_circuit_st.h:37
uint32_t n_cells_discarded_at_end
Definition: or_circuit_st.h:65
relay_cell_fmt_t relay_cell_format
circid_t p_circ_id
Definition: or_circuit_st.h:33
cell_queue_t p_chan_cells
Definition: or_circuit_st.h:35
struct or_circuit_t * rend_splice
Definition: or_circuit_st.h:58
edge_connection_t * n_streams
Definition: or_circuit_st.h:43
uint32_t processed_cells
Definition: or_circuit_st.h:86
uint64_t MaxMemInQueues
edge_connection_t * p_streams
uint8_t relay_early_commands[MAX_RELAY_EARLY_CELLS_PER_CIRCUIT]
unsigned int remaining_relay_early_cells
path_state_bitfield_t path_state
smartlist_t * prepend_policy
crypt_path_t * cpath
cpath_build_state_t * build_state
smartlist_t * half_streams
uint32_t inserted_timestamp
Definition: cell_queue_st.h:22
char body[CELL_MAX_NETWORK_SIZE]
Definition: cell_queue_st.h:21
unsigned int has_finished
char address[MAX_SOCKS_ADDR_LEN]
Definition: or.h:919
uint8_t command
Definition: or.h:920
unsigned int waiting_time
Definition: or.h:925
unsigned int exitward
Definition: or.h:927
unsigned int removed
Definition: or.h:926
#define STATIC
Definition: testsupport.h:32
#define MOCK_IMPL(rv, funcname, arglist)
Definition: testsupport.h:133
#define tor_assert(expr)
Definition: util_bug.h:103