2006-02-09 06:46:49 +01:00
|
|
|
/* Copyright (c) 2001 Matej Pfajfar.
|
|
|
|
* Copyright (c) 2001-2004, Roger Dingledine.
|
|
|
|
* Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson. */
|
Implemented link padding and receiver token buckets
Each socket reads at most 'bandwidth' bytes per second sustained, but
can handle bursts of up to 10*bandwidth bytes.
Cells are now sent out at evenly-spaced intervals, with padding sent
out otherwise. Set Linkpadding=0 in the rc file to send cells as soon
as they're available (and to never send padding cells).
Added license/copyrights statements at the top of most files.
router->min and router->max have been merged into a single 'bandwidth'
value. We should make the routerinfo_t reflect this (want to do that,
Mat?)
As the bandwidth increases, and we want to stop sleeping more and more
frequently to send a single cell, cpu usage goes up. At 128kB/s we're
pretty much calling poll with a timeout of 1ms or even 0ms. The current
code takes a timeout of 0-9ms and makes it 10ms. prepare_for_poll()
handles everything that should have happened in the past, so as long as
our buffers don't get too full in that 10ms, we're ok.
Speaking of too full, if you run three servers at 100kB/s with -l debug,
it spends too much time printing debugging messages to be able to keep
up with the cells. The outbuf ultimately fills up and it kills that
connection. If you run with -l err, it works fine up through 500kB/s and
probably beyond. Down the road we'll want to teach it to recognize when
an outbuf is getting full, and back off.
svn:r50
2002-07-16 03:12:15 +02:00
|
|
|
/* See LICENSE for licensing information */
|
|
|
|
/* $Id$ */
|
2005-12-14 21:40:40 +01:00
|
|
|
const char connection_or_c_id[] =
|
|
|
|
"$Id$";
|
2002-06-27 00:45:49 +02:00
|
|
|
|
2004-05-09 18:47:25 +02:00
|
|
|
/**
|
|
|
|
* \file connection_or.c
|
|
|
|
* \brief Functions to handle OR connections, TLS handshaking, and
|
|
|
|
* cells on the network.
|
|
|
|
**/
|
|
|
|
|
2002-06-27 00:45:49 +02:00
|
|
|
#include "or.h"
|
2003-06-21 21:29:32 +02:00
|
|
|
|
2004-11-14 23:08:25 +01:00
|
|
|
/** How much clock skew do we tolerate when checking certificates for
|
|
|
|
* known routers? (sec) */
|
2006-03-13 00:31:16 +01:00
|
|
|
|
2004-11-14 23:08:25 +01:00
|
|
|
#define TIGHT_CERT_ALLOW_SKEW (90*60)
|
|
|
|
|
2006-07-26 21:07:26 +02:00
|
|
|
static int connection_tls_finish_handshake(or_connection_t *conn);
|
|
|
|
static int connection_or_process_cells_from_inbuf(or_connection_t *conn);
|
2003-09-30 20:45:55 +02:00
|
|
|
|
2003-09-16 07:41:49 +02:00
|
|
|
/**************************************************************/
|
|
|
|
|
2005-11-30 04:01:16 +01:00
|
|
|
/** Map from identity digest of connected OR or desired OR to a connection_t
|
|
|
|
* with that identity digest. If there is more than one such connection_t,
|
2006-06-13 07:50:24 +02:00
|
|
|
* they form a linked list, with next_with_same_id as the next pointer. */
|
2005-11-30 04:01:16 +01:00
|
|
|
static digestmap_t *orconn_identity_map = NULL;
|
|
|
|
|
|
|
|
/** If conn is listed in orconn_identity_map, remove it, and clear
|
|
|
|
* conn->identity_digest. */
|
|
|
|
void
|
2006-07-26 21:07:26 +02:00
|
|
|
connection_or_remove_from_identity_map(or_connection_t *conn)
|
2005-11-30 04:01:16 +01:00
|
|
|
{
|
2006-07-26 21:07:26 +02:00
|
|
|
or_connection_t *tmp;
|
2005-11-30 04:01:16 +01:00
|
|
|
tor_assert(conn);
|
|
|
|
if (!orconn_identity_map)
|
|
|
|
return;
|
|
|
|
tmp = digestmap_get(orconn_identity_map, conn->identity_digest);
|
|
|
|
if (!tmp)
|
|
|
|
return;
|
|
|
|
if (conn == tmp) {
|
|
|
|
if (conn->next_with_same_id)
|
|
|
|
digestmap_set(orconn_identity_map, conn->identity_digest,
|
|
|
|
conn->next_with_same_id);
|
|
|
|
else
|
|
|
|
digestmap_remove(orconn_identity_map, conn->identity_digest);
|
|
|
|
} else {
|
|
|
|
while (tmp->next_with_same_id) {
|
|
|
|
if (tmp->next_with_same_id == conn) {
|
|
|
|
tmp->next_with_same_id = conn->next_with_same_id;
|
|
|
|
break;
|
|
|
|
}
|
|
|
|
tmp = tmp->next_with_same_id;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
memset(conn->identity_digest, 0, DIGEST_LEN);
|
|
|
|
conn->next_with_same_id = NULL;
|
|
|
|
}
|
|
|
|
|
2005-12-05 20:15:27 +01:00
|
|
|
/** Remove all entries from the identity-to-orconn map, and clear
|
|
|
|
* all identities in OR conns.*/
|
|
|
|
void
|
|
|
|
connection_or_clear_identity_map(void)
|
|
|
|
{
|
|
|
|
int i, n;
|
|
|
|
connection_t **carray;
|
|
|
|
|
|
|
|
get_connection_array(&carray,&n);
|
|
|
|
for (i = 0; i < n; ++i) {
|
|
|
|
connection_t* conn = carray[i];
|
|
|
|
if (conn->type == CONN_TYPE_OR) {
|
2006-07-26 21:07:26 +02:00
|
|
|
or_connection_t *or_conn = TO_OR_CONN(conn);
|
|
|
|
memset(or_conn->identity_digest, 0, DIGEST_LEN);
|
|
|
|
or_conn->next_with_same_id = NULL;
|
2005-12-05 20:15:27 +01:00
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2005-12-14 02:02:35 +01:00
|
|
|
if (orconn_identity_map) {
|
|
|
|
digestmap_free(orconn_identity_map, NULL);
|
|
|
|
orconn_identity_map = NULL;
|
|
|
|
}
|
2005-12-05 20:15:27 +01:00
|
|
|
}
|
|
|
|
|
2005-11-30 04:01:16 +01:00
|
|
|
/** Change conn->identity_digest to digest, and add conn into
|
|
|
|
* orconn_digest_map. */
|
|
|
|
static void
|
2006-07-26 21:07:26 +02:00
|
|
|
connection_or_set_identity_digest(or_connection_t *conn, const char *digest)
|
2005-11-30 04:01:16 +01:00
|
|
|
{
|
2006-07-26 21:07:26 +02:00
|
|
|
or_connection_t *tmp;
|
2005-11-30 04:01:16 +01:00
|
|
|
tor_assert(conn);
|
|
|
|
tor_assert(digest);
|
|
|
|
|
|
|
|
if (!orconn_identity_map)
|
|
|
|
orconn_identity_map = digestmap_new();
|
|
|
|
if (!memcmp(conn->identity_digest, digest, DIGEST_LEN))
|
|
|
|
return;
|
|
|
|
if (tor_digest_is_zero(conn->identity_digest))
|
|
|
|
connection_or_remove_from_identity_map(conn);
|
|
|
|
|
|
|
|
memcpy(conn->identity_digest, digest, DIGEST_LEN);
|
|
|
|
tmp = digestmap_set(orconn_identity_map, digest, conn);
|
|
|
|
conn->next_with_same_id = tmp;
|
|
|
|
|
|
|
|
/* Checking code; remove once I'm sure this works. XXXX*/
|
|
|
|
for (; tmp; tmp = tmp->next_with_same_id) {
|
|
|
|
tor_assert(!memcmp(tmp->identity_digest, digest, DIGEST_LEN));
|
|
|
|
tor_assert(tmp != conn);
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2004-05-09 18:47:25 +02:00
|
|
|
/** Pack the cell_t host-order structure <b>src</b> into network-order
|
|
|
|
* in the buffer <b>dest</b>. See tor-spec.txt for details about the
|
2004-05-07 10:53:40 +02:00
|
|
|
* wire format.
|
|
|
|
*/
|
2005-06-11 20:52:12 +02:00
|
|
|
static void
|
|
|
|
cell_pack(char *dest, const cell_t *src)
|
|
|
|
{
|
2005-08-23 11:50:51 +02:00
|
|
|
*(uint16_t*)dest = htons(src->circ_id);
|
|
|
|
*(uint8_t*)(dest+2) = src->command;
|
2003-12-16 10:48:17 +01:00
|
|
|
memcpy(dest+3, src->payload, CELL_PAYLOAD_SIZE);
|
2003-09-16 07:41:49 +02:00
|
|
|
}
|
|
|
|
|
2004-05-09 18:47:25 +02:00
|
|
|
/** Unpack the network-order buffer <b>src</b> into a host-order
|
|
|
|
* cell_t structure <b>dest</b>.
|
2004-05-07 10:53:40 +02:00
|
|
|
*/
|
2005-06-11 20:52:12 +02:00
|
|
|
static void
|
|
|
|
cell_unpack(cell_t *dest, const char *src)
|
|
|
|
{
|
2003-11-11 04:01:48 +01:00
|
|
|
dest->circ_id = ntohs(*(uint16_t*)(src));
|
2003-09-16 07:41:49 +02:00
|
|
|
dest->command = *(uint8_t*)(src+2);
|
2003-12-16 10:48:17 +01:00
|
|
|
memcpy(dest->payload, src+3, CELL_PAYLOAD_SIZE);
|
2003-09-16 07:41:49 +02:00
|
|
|
}
|
|
|
|
|
2005-06-11 20:52:12 +02:00
|
|
|
int
|
2006-07-26 21:07:26 +02:00
|
|
|
connection_or_reached_eof(or_connection_t *conn)
|
2005-06-11 20:52:12 +02:00
|
|
|
{
|
2006-02-13 10:02:35 +01:00
|
|
|
log_info(LD_OR,"OR connection reached EOF. Closing.");
|
2006-07-26 21:07:26 +02:00
|
|
|
connection_mark_for_close(TO_CONN(conn));
|
2004-11-21 11:14:57 +01:00
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
|
2005-02-24 11:56:55 +01:00
|
|
|
/** Read conn's inbuf. If the http response from the proxy is all
|
|
|
|
* here, make sure it's good news, and begin the tls handshake. If
|
|
|
|
* it's bad news, close the connection and return -1. Else return 0
|
|
|
|
* and hope for better luck next time.
|
|
|
|
*/
|
|
|
|
static int
|
2006-07-26 21:07:26 +02:00
|
|
|
connection_or_read_proxy_response(or_connection_t *or_conn)
|
2005-06-11 20:52:12 +02:00
|
|
|
{
|
2005-02-24 11:56:55 +01:00
|
|
|
char *headers;
|
2005-03-22 19:43:24 +01:00
|
|
|
char *reason=NULL;
|
2005-02-24 11:56:55 +01:00
|
|
|
int status_code;
|
|
|
|
time_t date_header;
|
2006-07-26 21:07:26 +02:00
|
|
|
connection_t *conn = TO_CONN(or_conn);
|
2005-02-24 11:56:55 +01:00
|
|
|
|
|
|
|
switch (fetch_from_buf_http(conn->inbuf,
|
|
|
|
&headers, MAX_HEADERS_SIZE,
|
2005-10-14 04:26:13 +02:00
|
|
|
NULL, NULL, 10000, 0)) {
|
2005-02-24 11:56:55 +01:00
|
|
|
case -1: /* overflow */
|
2006-02-13 10:02:35 +01:00
|
|
|
log_warn(LD_PROTOCOL,
|
|
|
|
"Your https proxy sent back an oversized response. Closing.");
|
2005-02-24 11:56:55 +01:00
|
|
|
return -1;
|
|
|
|
case 0:
|
2006-02-13 10:02:35 +01:00
|
|
|
log_info(LD_OR,"https proxy response not all here yet. Waiting.");
|
2005-02-24 11:56:55 +01:00
|
|
|
return 0;
|
|
|
|
/* case 1, fall through */
|
|
|
|
}
|
|
|
|
|
|
|
|
if (parse_http_response(headers, &status_code, &date_header,
|
2006-10-09 05:39:06 +02:00
|
|
|
NULL, &reason) < 0) {
|
2006-02-13 10:02:35 +01:00
|
|
|
log_warn(LD_OR,
|
|
|
|
"Unparseable headers from proxy (connecting to '%s'). Closing.",
|
|
|
|
conn->address);
|
2005-02-24 11:56:55 +01:00
|
|
|
tor_free(headers);
|
|
|
|
return -1;
|
|
|
|
}
|
2005-03-22 19:43:24 +01:00
|
|
|
if (!reason) reason = tor_strdup("[no reason given]");
|
2005-02-24 11:56:55 +01:00
|
|
|
|
|
|
|
if (status_code == 200) {
|
2006-02-13 10:02:35 +01:00
|
|
|
log_info(LD_OR,
|
2006-03-05 10:50:26 +01:00
|
|
|
"HTTPS connect to '%s' successful! (200 %s) Starting TLS.",
|
|
|
|
conn->address, escaped(reason));
|
2005-03-22 19:43:24 +01:00
|
|
|
tor_free(reason);
|
2006-07-26 21:07:26 +02:00
|
|
|
if (connection_tls_start_handshake(or_conn, 0) < 0) {
|
2005-02-24 11:56:55 +01:00
|
|
|
/* TLS handshaking error of some kind. */
|
|
|
|
connection_mark_for_close(conn);
|
2005-03-22 19:43:24 +01:00
|
|
|
|
2005-02-24 11:56:55 +01:00
|
|
|
return -1;
|
|
|
|
}
|
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
/* else, bad news on the status code */
|
2006-02-13 10:02:35 +01:00
|
|
|
log_warn(LD_OR,
|
2006-03-05 10:50:26 +01:00
|
|
|
"The https proxy sent back an unexpected status code %d (%s). "
|
2006-02-13 10:02:35 +01:00
|
|
|
"Closing.",
|
2006-03-05 10:50:26 +01:00
|
|
|
status_code, escaped(reason));
|
2005-03-22 19:43:24 +01:00
|
|
|
tor_free(reason);
|
2005-02-24 11:56:55 +01:00
|
|
|
connection_mark_for_close(conn);
|
|
|
|
return -1;
|
|
|
|
}
|
|
|
|
|
2004-05-09 18:47:25 +02:00
|
|
|
/** Handle any new bytes that have come in on connection <b>conn</b>.
|
2004-05-07 10:53:40 +02:00
|
|
|
* If conn is in 'open' state, hand it to
|
|
|
|
* connection_or_process_cells_from_inbuf()
|
|
|
|
* (else do nothing).
|
|
|
|
*/
|
2005-06-11 20:52:12 +02:00
|
|
|
int
|
2006-07-26 21:07:26 +02:00
|
|
|
connection_or_process_inbuf(or_connection_t *conn)
|
2005-06-11 20:52:12 +02:00
|
|
|
{
|
2004-10-17 00:14:52 +02:00
|
|
|
tor_assert(conn);
|
2002-06-27 00:45:49 +02:00
|
|
|
|
2006-07-26 21:07:26 +02:00
|
|
|
switch (conn->_base.state) {
|
2005-02-24 11:56:55 +01:00
|
|
|
case OR_CONN_STATE_PROXY_READING:
|
|
|
|
return connection_or_read_proxy_response(conn);
|
|
|
|
case OR_CONN_STATE_OPEN:
|
|
|
|
return connection_or_process_cells_from_inbuf(conn);
|
|
|
|
default:
|
|
|
|
return 0; /* don't do anything */
|
|
|
|
}
|
2002-06-27 00:45:49 +02:00
|
|
|
}
|
|
|
|
|
2004-05-09 18:47:25 +02:00
|
|
|
/** Connection <b>conn</b> has finished writing and has no bytes left on
|
2004-05-07 10:53:40 +02:00
|
|
|
* its outbuf.
|
|
|
|
*
|
2004-05-10 06:34:48 +02:00
|
|
|
* Otherwise it's in state "open": stop writing and return.
|
2004-05-10 05:54:33 +02:00
|
|
|
*
|
|
|
|
* If <b>conn</b> is broken, mark it for close and return -1, else
|
|
|
|
* return 0.
|
2004-05-07 10:53:40 +02:00
|
|
|
*/
|
2005-06-11 20:52:12 +02:00
|
|
|
int
|
2006-07-26 21:07:26 +02:00
|
|
|
connection_or_finished_flushing(or_connection_t *conn)
|
2005-06-11 20:52:12 +02:00
|
|
|
{
|
2004-10-17 00:14:52 +02:00
|
|
|
tor_assert(conn);
|
2006-07-26 21:07:26 +02:00
|
|
|
assert_connection_ok(TO_CONN(conn),0);
|
2002-06-27 00:45:49 +02:00
|
|
|
|
2006-07-26 21:07:26 +02:00
|
|
|
switch (conn->_base.state) {
|
2005-02-24 11:56:55 +01:00
|
|
|
case OR_CONN_STATE_PROXY_FLUSHING:
|
2006-02-13 10:02:35 +01:00
|
|
|
log_debug(LD_OR,"finished sending CONNECT to proxy.");
|
2006-07-26 21:07:26 +02:00
|
|
|
conn->_base.state = OR_CONN_STATE_PROXY_READING;
|
|
|
|
connection_stop_writing(TO_CONN(conn));
|
2005-02-24 11:56:55 +01:00
|
|
|
break;
|
|
|
|
case OR_CONN_STATE_OPEN:
|
2006-07-26 21:07:26 +02:00
|
|
|
connection_stop_writing(TO_CONN(conn));
|
2005-02-24 11:56:55 +01:00
|
|
|
break;
|
|
|
|
default:
|
2006-07-26 21:07:26 +02:00
|
|
|
log_err(LD_BUG,"BUG: called in unexpected state %d.", conn->_base.state);
|
2005-04-26 20:52:16 +02:00
|
|
|
tor_fragile_assert();
|
2005-02-24 11:56:55 +01:00
|
|
|
return -1;
|
2004-05-12 21:17:09 +02:00
|
|
|
}
|
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
|
|
|
|
/** Connected handler for OR connections: begin the TLS handshake.
|
|
|
|
*/
|
2005-06-11 20:52:12 +02:00
|
|
|
int
|
2006-07-26 21:07:26 +02:00
|
|
|
connection_or_finished_connecting(or_connection_t *or_conn)
|
2004-05-12 21:17:09 +02:00
|
|
|
{
|
2006-07-26 21:07:26 +02:00
|
|
|
connection_t *conn;
|
|
|
|
tor_assert(or_conn);
|
|
|
|
conn = TO_CONN(or_conn);
|
2004-05-12 21:17:09 +02:00
|
|
|
tor_assert(conn->state == OR_CONN_STATE_CONNECTING);
|
|
|
|
|
2006-02-13 10:02:35 +01:00
|
|
|
log_debug(LD_OR,"OR connect() to router at %s:%u finished.",
|
|
|
|
conn->address,conn->port);
|
2004-05-12 21:17:09 +02:00
|
|
|
|
2005-02-24 11:56:55 +01:00
|
|
|
if (get_options()->HttpsProxy) {
|
|
|
|
char buf[1024];
|
|
|
|
char addrbuf[INET_NTOA_BUF_LEN];
|
|
|
|
struct in_addr in;
|
2005-05-20 10:51:45 +02:00
|
|
|
char *base64_authenticator=NULL;
|
2005-04-26 20:33:33 +02:00
|
|
|
const char *authenticator = get_options()->HttpsProxyAuthenticator;
|
2005-02-24 11:56:55 +01:00
|
|
|
|
|
|
|
in.s_addr = htonl(conn->addr);
|
|
|
|
tor_inet_ntoa(&in, addrbuf, sizeof(addrbuf));
|
2005-04-26 20:33:33 +02:00
|
|
|
|
|
|
|
if (authenticator) {
|
2005-05-20 10:51:45 +02:00
|
|
|
base64_authenticator = alloc_http_authenticator(authenticator);
|
|
|
|
if (!base64_authenticator)
|
2006-02-13 10:02:35 +01:00
|
|
|
log_warn(LD_OR, "Encoding https authenticator failed");
|
2005-05-20 10:51:45 +02:00
|
|
|
}
|
|
|
|
if (base64_authenticator) {
|
2005-04-26 20:33:33 +02:00
|
|
|
tor_snprintf(buf, sizeof(buf), "CONNECT %s:%d HTTP/1.1\r\n"
|
|
|
|
"Proxy-Authorization: Basic %s\r\n\r\n", addrbuf,
|
|
|
|
conn->port, base64_authenticator);
|
|
|
|
tor_free(base64_authenticator);
|
|
|
|
} else {
|
|
|
|
tor_snprintf(buf, sizeof(buf), "CONNECT %s:%d HTTP/1.0\r\n\r\n",
|
|
|
|
addrbuf, conn->port);
|
|
|
|
}
|
2005-02-24 11:56:55 +01:00
|
|
|
connection_write_to_buf(buf, strlen(buf), conn);
|
|
|
|
conn->state = OR_CONN_STATE_PROXY_FLUSHING;
|
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
|
2006-07-26 21:07:26 +02:00
|
|
|
if (connection_tls_start_handshake(or_conn, 0) < 0) {
|
2004-05-12 23:12:33 +02:00
|
|
|
/* TLS handshaking error of some kind. */
|
|
|
|
connection_mark_for_close(conn);
|
2004-05-12 21:17:09 +02:00
|
|
|
return -1;
|
2002-06-27 00:45:49 +02:00
|
|
|
}
|
2004-05-12 21:17:09 +02:00
|
|
|
return 0;
|
2002-06-27 00:45:49 +02:00
|
|
|
}
|
|
|
|
|
2005-08-23 11:50:51 +02:00
|
|
|
/** If we don't necessarily know the router we're connecting to, but we
|
|
|
|
* have an addr/port/id_digest, then fill in as much as we can. Start
|
|
|
|
* by checking to see if this describes a router we know. */
|
2004-07-01 03:16:59 +02:00
|
|
|
static void
|
2006-07-26 21:07:26 +02:00
|
|
|
connection_or_init_conn_from_address(or_connection_t *conn,
|
2004-07-01 03:16:59 +02:00
|
|
|
uint32_t addr, uint16_t port,
|
2006-06-07 11:18:53 +02:00
|
|
|
const char *id_digest,
|
|
|
|
int started_here)
|
2004-07-01 03:16:59 +02:00
|
|
|
{
|
2004-11-06 06:18:11 +01:00
|
|
|
or_options_t *options = get_options();
|
|
|
|
routerinfo_t *r = router_get_by_digest(id_digest);
|
2006-06-07 11:18:53 +02:00
|
|
|
conn->bandwidthrate = (int)options->BandwidthRate;
|
|
|
|
conn->receiver_bucket = conn->bandwidthburst = (int)options->BandwidthBurst;
|
2006-06-13 07:36:35 +02:00
|
|
|
connection_or_set_identity_digest(conn, id_digest);
|
2006-07-26 21:07:26 +02:00
|
|
|
conn->_base.addr = addr;
|
|
|
|
conn->_base.port = port;
|
2004-07-01 03:16:59 +02:00
|
|
|
if (r) {
|
2006-06-13 07:36:35 +02:00
|
|
|
if (!started_here) {
|
|
|
|
/* Override the addr/port, so our log messages will make sense.
|
|
|
|
* This is dangerous, since if we ever try looking up a conn by
|
|
|
|
* its actual addr/port, we won't remember. Careful! */
|
2006-07-26 21:07:26 +02:00
|
|
|
conn->_base.addr = r->addr;
|
|
|
|
conn->_base.port = r->or_port;
|
2006-06-13 07:36:35 +02:00
|
|
|
}
|
|
|
|
conn->nickname = tor_strdup(r->nickname);
|
2006-07-26 21:07:26 +02:00
|
|
|
tor_free(conn->_base.address);
|
|
|
|
conn->_base.address = tor_strdup(r->address);
|
2004-09-29 00:24:56 +02:00
|
|
|
} else {
|
2006-06-07 11:18:53 +02:00
|
|
|
const char *n;
|
|
|
|
/* If we're an authoritative directory server, we may know a
|
|
|
|
* nickname for this router. */
|
|
|
|
n = dirserv_get_nickname_by_digest(id_digest);
|
|
|
|
if (n) {
|
|
|
|
conn->nickname = tor_strdup(n);
|
|
|
|
} else {
|
|
|
|
conn->nickname = tor_malloc(HEX_DIGEST_LEN+2);
|
|
|
|
conn->nickname[0] = '$';
|
|
|
|
base16_encode(conn->nickname+1, HEX_DIGEST_LEN+1,
|
|
|
|
conn->identity_digest, DIGEST_LEN);
|
|
|
|
}
|
2006-07-26 21:07:26 +02:00
|
|
|
tor_free(conn->_base.address);
|
|
|
|
conn->_base.address = tor_dup_addr(addr);
|
2004-09-29 00:24:56 +02:00
|
|
|
}
|
2004-07-01 03:16:59 +02:00
|
|
|
}
|
|
|
|
|
2005-11-30 04:01:16 +01:00
|
|
|
/** Return the best connection of type OR with the
|
|
|
|
* digest <b>digest</b> that we have, or NULL if we have none.
|
|
|
|
*
|
|
|
|
* 1) Don't return it if it's marked for close.
|
|
|
|
* 2) If there are any open conns, ignore non-open conns.
|
|
|
|
* 3) If there are any non-obsolete conns, ignore obsolete conns.
|
|
|
|
* 4) Then if there are any non-empty conns, ignore empty conns.
|
|
|
|
* 5) Of the remaining conns, prefer newer conns.
|
|
|
|
*/
|
2006-07-26 21:07:26 +02:00
|
|
|
or_connection_t *
|
2005-11-30 04:01:16 +01:00
|
|
|
connection_or_get_by_identity_digest(const char *digest)
|
|
|
|
{
|
|
|
|
int newer;
|
2006-07-26 21:07:26 +02:00
|
|
|
or_connection_t *conn, *best=NULL;
|
2005-11-30 04:01:16 +01:00
|
|
|
|
|
|
|
if (!orconn_identity_map)
|
|
|
|
return NULL;
|
|
|
|
|
|
|
|
conn = digestmap_get(orconn_identity_map, digest);
|
|
|
|
|
|
|
|
for (; conn; conn = conn->next_with_same_id) {
|
2006-07-26 21:07:26 +02:00
|
|
|
tor_assert(conn->_base.magic == OR_CONNECTION_MAGIC);
|
|
|
|
tor_assert(conn->_base.type == CONN_TYPE_OR);
|
2005-11-30 04:01:16 +01:00
|
|
|
tor_assert(!memcmp(conn->identity_digest, digest, DIGEST_LEN));
|
2006-07-26 21:07:26 +02:00
|
|
|
if (conn->_base.marked_for_close)
|
2005-11-30 04:01:16 +01:00
|
|
|
continue;
|
|
|
|
if (!best) {
|
|
|
|
best = conn; /* whatever it is, it's better than nothing. */
|
|
|
|
continue;
|
|
|
|
}
|
2006-07-26 21:07:26 +02:00
|
|
|
if (best->_base.state == OR_CONN_STATE_OPEN &&
|
|
|
|
conn->_base.state != OR_CONN_STATE_OPEN)
|
2005-11-30 04:01:16 +01:00
|
|
|
continue; /* avoid non-open conns if we can */
|
2006-07-26 21:07:26 +02:00
|
|
|
newer = best->_base.timestamp_created < conn->_base.timestamp_created;
|
2006-02-14 01:08:19 +01:00
|
|
|
|
2006-07-26 21:07:26 +02:00
|
|
|
if (!best->_base.or_is_obsolete && conn->_base.or_is_obsolete)
|
2006-02-14 01:08:19 +01:00
|
|
|
continue; /* We never prefer obsolete over non-obsolete connections. */
|
|
|
|
|
2006-02-14 18:48:51 +01:00
|
|
|
if (
|
|
|
|
/* We prefer non-obsolete connections: */
|
2006-07-26 21:07:26 +02:00
|
|
|
(best->_base.or_is_obsolete && !conn->_base.or_is_obsolete) ||
|
2006-02-14 01:08:19 +01:00
|
|
|
/* If both have circuits we prefer the newer: */
|
|
|
|
(best->n_circuits && conn->n_circuits && newer) ||
|
|
|
|
/* If neither has circuits we prefer the newer: */
|
|
|
|
(!best->n_circuits && !conn->n_circuits && newer) ||
|
|
|
|
/* We prefer connections with circuits: */
|
|
|
|
(!best->n_circuits && conn->n_circuits)) {
|
|
|
|
best = conn;
|
|
|
|
};
|
2005-11-30 04:01:16 +01:00
|
|
|
}
|
|
|
|
return best;
|
|
|
|
}
|
|
|
|
|
2004-07-02 11:29:01 +02:00
|
|
|
/** Launch a new OR connection to <b>addr</b>:<b>port</b> and expect to
|
|
|
|
* handshake with an OR with identity digest <b>id_digest</b>.
|
2004-05-07 10:53:40 +02:00
|
|
|
*
|
2004-07-02 11:29:01 +02:00
|
|
|
* If <b>id_digest</b> is me, do nothing. If we're already connected to it,
|
2004-07-21 02:12:42 +02:00
|
|
|
* return that connection. If the connect() is in progress, set the
|
|
|
|
* new conn's state to 'connecting' and return it. If connect() succeeds,
|
2005-08-23 11:50:51 +02:00
|
|
|
* call connection_tls_start_handshake() on it.
|
2004-05-07 10:53:40 +02:00
|
|
|
*
|
2004-05-09 18:33:04 +02:00
|
|
|
* This function is called from router_retry_connections(), for
|
2004-05-07 10:53:40 +02:00
|
|
|
* ORs connecting to ORs, and circuit_establish_circuit(), for
|
|
|
|
* OPs connecting to ORs.
|
|
|
|
*
|
|
|
|
* Return the launched conn, or NULL if it failed.
|
|
|
|
*/
|
2006-07-26 21:07:26 +02:00
|
|
|
or_connection_t *
|
2005-06-11 20:52:12 +02:00
|
|
|
connection_or_connect(uint32_t addr, uint16_t port, const char *id_digest)
|
|
|
|
{
|
2006-07-26 21:07:26 +02:00
|
|
|
or_connection_t *conn;
|
2005-02-24 11:56:55 +01:00
|
|
|
or_options_t *options = get_options();
|
2002-06-27 00:45:49 +02:00
|
|
|
|
2004-07-02 11:29:01 +02:00
|
|
|
tor_assert(id_digest);
|
2003-05-28 04:03:25 +02:00
|
|
|
|
2006-06-05 10:02:04 +02:00
|
|
|
if (server_mode(options) && router_digest_is_me(id_digest)) {
|
2006-02-13 10:02:35 +01:00
|
|
|
log_info(LD_PROTOCOL,"Client asked me to connect to myself. Refusing.");
|
2003-05-28 04:03:25 +02:00
|
|
|
return NULL;
|
|
|
|
}
|
|
|
|
|
2006-07-26 21:07:26 +02:00
|
|
|
conn = TO_OR_CONN(connection_new(CONN_TYPE_OR));
|
2002-06-27 00:45:49 +02:00
|
|
|
|
|
|
|
/* set up conn so it's got all the data we need to remember */
|
2006-06-07 11:18:53 +02:00
|
|
|
connection_or_init_conn_from_address(conn, addr, port, id_digest, 1);
|
2006-07-26 21:07:26 +02:00
|
|
|
conn->_base.state = OR_CONN_STATE_CONNECTING;
|
2004-11-03 19:33:07 +01:00
|
|
|
control_event_or_conn_status(conn, OR_CONN_EVENT_LAUNCHED);
|
2002-06-27 00:45:49 +02:00
|
|
|
|
2005-02-24 11:56:55 +01:00
|
|
|
if (options->HttpsProxy) {
|
|
|
|
/* we shouldn't connect directly. use the https proxy instead. */
|
|
|
|
addr = options->HttpsProxyAddr;
|
|
|
|
port = options->HttpsProxyPort;
|
|
|
|
}
|
|
|
|
|
2006-07-26 21:07:26 +02:00
|
|
|
switch (connection_connect(TO_CONN(conn), conn->_base.address, addr, port)) {
|
2003-09-16 03:58:46 +02:00
|
|
|
case -1:
|
2005-12-25 00:32:15 +01:00
|
|
|
/* If the connection failed immediately, and we're using
|
|
|
|
* an https proxy, our https proxy is down. Don't blame the
|
|
|
|
* Tor server. */
|
2005-12-11 12:54:55 +01:00
|
|
|
if (!options->HttpsProxy) {
|
2006-10-07 01:37:07 +02:00
|
|
|
entry_guard_register_connect_status(conn->identity_digest, 0,
|
|
|
|
time(NULL));
|
2006-03-18 02:24:04 +01:00
|
|
|
router_set_status(conn->identity_digest, 0);
|
2005-12-11 12:54:55 +01:00
|
|
|
}
|
2004-11-03 19:33:07 +01:00
|
|
|
control_event_or_conn_status(conn, OR_CONN_EVENT_FAILED);
|
2006-07-26 21:07:26 +02:00
|
|
|
connection_free(TO_CONN(conn));
|
Integrated onion proxy into or/
The 'or' process can now be told (by the global_role variable) what
roles this server should play -- connect to all ORs, listen for ORs,
listen for OPs, listen for APs, or any combination.
* everything in /src/op/ is now obsolete.
* connection_ap.c now handles all interactions with application proxies
* "port" is now or_port, op_port, ap_port. But routers are still always
referenced (say, in conn_get_by_addr_port()) by addr / or_port. We
should make routers.c actually read these new ports (currently I've
kludged it so op_port = or_port+10, ap_port=or_port+20)
* circuits currently know if they're at the beginning of the path because
circ->cpath is set. They use this instead for crypts (both ways),
if it's set.
* I still obey the "send a 0 back to the AP when you're ready" protocol,
but I think we should phase it out. I can simply not read from the AP
socket until I'm ready.
I need to do a lot of cleanup work here, but the code appears to work, so
now's a good time for a checkin.
svn:r22
2002-07-02 11:36:58 +02:00
|
|
|
return NULL;
|
2003-09-16 03:58:46 +02:00
|
|
|
case 0:
|
2006-07-26 21:07:26 +02:00
|
|
|
connection_watch_events(TO_CONN(conn), EV_READ | EV_WRITE);
|
2003-08-14 19:13:52 +02:00
|
|
|
/* writable indicates finish, readable indicates broken link,
|
|
|
|
error indicates broken link on windows */
|
Integrated onion proxy into or/
The 'or' process can now be told (by the global_role variable) what
roles this server should play -- connect to all ORs, listen for ORs,
listen for OPs, listen for APs, or any combination.
* everything in /src/op/ is now obsolete.
* connection_ap.c now handles all interactions with application proxies
* "port" is now or_port, op_port, ap_port. But routers are still always
referenced (say, in conn_get_by_addr_port()) by addr / or_port. We
should make routers.c actually read these new ports (currently I've
kludged it so op_port = or_port+10, ap_port=or_port+20)
* circuits currently know if they're at the beginning of the path because
circ->cpath is set. They use this instead for crypts (both ways),
if it's set.
* I still obey the "send a 0 back to the AP when you're ready" protocol,
but I think we should phase it out. I can simply not read from the AP
socket until I'm ready.
I need to do a lot of cleanup work here, but the code appears to work, so
now's a good time for a checkin.
svn:r22
2002-07-02 11:36:58 +02:00
|
|
|
return conn;
|
2003-09-16 03:58:46 +02:00
|
|
|
/* case 1: fall through */
|
Integrated onion proxy into or/
The 'or' process can now be told (by the global_role variable) what
roles this server should play -- connect to all ORs, listen for ORs,
listen for OPs, listen for APs, or any combination.
* everything in /src/op/ is now obsolete.
* connection_ap.c now handles all interactions with application proxies
* "port" is now or_port, op_port, ap_port. But routers are still always
referenced (say, in conn_get_by_addr_port()) by addr / or_port. We
should make routers.c actually read these new ports (currently I've
kludged it so op_port = or_port+10, ap_port=or_port+20)
* circuits currently know if they're at the beginning of the path because
circ->cpath is set. They use this instead for crypts (both ways),
if it's set.
* I still obey the "send a 0 back to the AP when you're ready" protocol,
but I think we should phase it out. I can simply not read from the AP
socket until I'm ready.
I need to do a lot of cleanup work here, but the code appears to work, so
now's a good time for a checkin.
svn:r22
2002-07-02 11:36:58 +02:00
|
|
|
}
|
|
|
|
|
2005-02-24 11:56:55 +01:00
|
|
|
if (connection_or_finished_connecting(conn) < 0) {
|
|
|
|
/* already marked for close */
|
|
|
|
return NULL;
|
|
|
|
}
|
|
|
|
return conn;
|
Integrated onion proxy into or/
The 'or' process can now be told (by the global_role variable) what
roles this server should play -- connect to all ORs, listen for ORs,
listen for OPs, listen for APs, or any combination.
* everything in /src/op/ is now obsolete.
* connection_ap.c now handles all interactions with application proxies
* "port" is now or_port, op_port, ap_port. But routers are still always
referenced (say, in conn_get_by_addr_port()) by addr / or_port. We
should make routers.c actually read these new ports (currently I've
kludged it so op_port = or_port+10, ap_port=or_port+20)
* circuits currently know if they're at the beginning of the path because
circ->cpath is set. They use this instead for crypts (both ways),
if it's set.
* I still obey the "send a 0 back to the AP when you're ready" protocol,
but I think we should phase it out. I can simply not read from the AP
socket until I'm ready.
I need to do a lot of cleanup work here, but the code appears to work, so
now's a good time for a checkin.
svn:r22
2002-07-02 11:36:58 +02:00
|
|
|
}
|
|
|
|
|
2004-05-09 18:47:25 +02:00
|
|
|
/** Begin the tls handshake with <b>conn</b>. <b>receiving</b> is 0 if
|
|
|
|
* we initiated the connection, else it's 1.
|
2004-05-07 10:53:40 +02:00
|
|
|
*
|
2005-12-25 00:32:15 +01:00
|
|
|
* Assign a new tls object to conn->tls, begin reading on <b>conn</b>, and
|
|
|
|
* pass <b>conn</b> to connection_tls_continue_handshake().
|
2004-05-07 10:53:40 +02:00
|
|
|
*
|
2004-05-09 18:47:25 +02:00
|
|
|
* Return -1 if <b>conn</b> is broken, else return 0.
|
2004-05-07 10:53:40 +02:00
|
|
|
*/
|
2005-06-11 20:52:12 +02:00
|
|
|
int
|
2006-07-26 21:07:26 +02:00
|
|
|
connection_tls_start_handshake(or_connection_t *conn, int receiving)
|
2005-06-11 20:52:12 +02:00
|
|
|
{
|
2006-07-26 21:07:26 +02:00
|
|
|
conn->_base.state = OR_CONN_STATE_HANDSHAKING;
|
|
|
|
conn->tls = tor_tls_new(conn->_base.s, receiving);
|
2005-10-06 07:08:00 +02:00
|
|
|
if (!conn->tls) {
|
2006-02-13 10:02:35 +01:00
|
|
|
log_warn(LD_BUG,"tor_tls_new failed. Closing.");
|
2003-09-30 20:45:55 +02:00
|
|
|
return -1;
|
|
|
|
}
|
2006-07-26 21:07:26 +02:00
|
|
|
connection_start_reading(TO_CONN(conn));
|
|
|
|
log_debug(LD_OR,"starting TLS handshake on fd %d", conn->_base.s);
|
2004-11-28 10:05:49 +01:00
|
|
|
if (connection_tls_continue_handshake(conn) < 0) {
|
2003-09-30 20:45:55 +02:00
|
|
|
return -1;
|
2004-03-06 02:43:37 +01:00
|
|
|
}
|
2003-09-30 20:45:55 +02:00
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
|
2004-05-09 18:47:25 +02:00
|
|
|
/** Move forward with the tls handshake. If it finishes, hand
|
|
|
|
* <b>conn</b> to connection_tls_finish_handshake().
|
2004-05-07 10:53:40 +02:00
|
|
|
*
|
2004-05-09 18:47:25 +02:00
|
|
|
* Return -1 if <b>conn</b> is broken, else return 0.
|
2004-05-07 10:53:40 +02:00
|
|
|
*/
|
2005-06-11 20:52:12 +02:00
|
|
|
int
|
2006-07-26 21:07:26 +02:00
|
|
|
connection_tls_continue_handshake(or_connection_t *conn)
|
2005-06-11 20:52:12 +02:00
|
|
|
{
|
2005-04-23 16:26:02 +02:00
|
|
|
check_no_tls_errors();
|
2004-11-28 10:05:49 +01:00
|
|
|
switch (tor_tls_handshake(conn->tls)) {
|
2003-09-30 20:45:55 +02:00
|
|
|
case TOR_TLS_ERROR:
|
|
|
|
case TOR_TLS_CLOSE:
|
2006-02-13 10:02:35 +01:00
|
|
|
log_info(LD_OR,"tls error. breaking connection.");
|
2003-09-30 20:45:55 +02:00
|
|
|
return -1;
|
|
|
|
case TOR_TLS_DONE:
|
|
|
|
return connection_tls_finish_handshake(conn);
|
|
|
|
case TOR_TLS_WANTWRITE:
|
2006-07-26 21:07:26 +02:00
|
|
|
connection_start_writing(TO_CONN(conn));
|
2006-02-13 10:02:35 +01:00
|
|
|
log_debug(LD_OR,"wanted write");
|
2003-09-30 20:45:55 +02:00
|
|
|
return 0;
|
|
|
|
case TOR_TLS_WANTREAD: /* handshaking conns are *always* reading */
|
2006-02-13 10:02:35 +01:00
|
|
|
log_debug(LD_OR,"wanted read");
|
2003-09-30 20:45:55 +02:00
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
|
2005-06-21 01:04:13 +02:00
|
|
|
/** Return 1 if we initiated this connection, or 0 if it started
|
|
|
|
* out as an incoming connection.
|
|
|
|
*
|
|
|
|
* This is implemented for now by checking to see if
|
|
|
|
* conn-\>identity_digest is set or not. Perhaps we should add a flag
|
|
|
|
* one day so we're clearer.
|
|
|
|
*/
|
2005-06-11 20:52:12 +02:00
|
|
|
int
|
2006-07-26 21:07:26 +02:00
|
|
|
connection_or_nonopen_was_started_here(or_connection_t *conn)
|
2004-10-13 22:05:57 +02:00
|
|
|
{
|
2006-07-26 21:07:26 +02:00
|
|
|
tor_assert(conn->_base.type == CONN_TYPE_OR);
|
2006-06-07 09:11:42 +02:00
|
|
|
if (!conn->tls)
|
|
|
|
return 1; /* it's still in proxy states or something */
|
|
|
|
return !tor_tls_is_server(conn->tls);
|
2004-07-21 04:25:14 +02:00
|
|
|
}
|
|
|
|
|
2005-06-21 01:04:13 +02:00
|
|
|
/** Conn just completed its handshake. Return 0 if all is well, and
|
|
|
|
* return -1 if he is lying, broken, or otherwise something is wrong.
|
2004-05-07 10:53:40 +02:00
|
|
|
*
|
2005-06-21 01:04:13 +02:00
|
|
|
* Make sure he sent a correctly formed certificate. If it has a
|
|
|
|
* recognized (approved) nickname, make sure his identity key matches
|
2005-08-23 11:50:51 +02:00
|
|
|
* it. If I initiated the connection, make sure it's the right guy.
|
2004-05-07 10:53:40 +02:00
|
|
|
*
|
2005-06-21 01:04:13 +02:00
|
|
|
* If we return 0, write a hash of the identity key into digest_rcvd,
|
|
|
|
* which must have DIGEST_LEN space in it. (If we return -1 this
|
|
|
|
* buffer is undefined.)
|
2004-05-07 10:53:40 +02:00
|
|
|
*
|
2005-06-21 01:04:13 +02:00
|
|
|
* As side effects,
|
2006-07-04 05:19:59 +02:00
|
|
|
* 1) Set conn->circ_id_type according to tor-spec.txt.
|
2005-06-21 01:04:13 +02:00
|
|
|
* 2) If we're an authdirserver and we initiated the connection: drop all
|
|
|
|
* descriptors that claim to be on that IP/port but that aren't
|
|
|
|
* this guy; and note that this guy is reachable.
|
2004-05-07 10:53:40 +02:00
|
|
|
*/
|
2005-06-21 03:08:01 +02:00
|
|
|
static int
|
2006-07-26 21:07:26 +02:00
|
|
|
connection_or_check_valid_handshake(or_connection_t *conn, char *digest_rcvd)
|
2005-06-21 03:08:01 +02:00
|
|
|
{
|
2003-09-30 20:45:55 +02:00
|
|
|
routerinfo_t *router;
|
2004-07-21 02:44:04 +02:00
|
|
|
crypto_pk_env_t *identity_rcvd=NULL;
|
2005-06-21 01:04:13 +02:00
|
|
|
char nickname[MAX_NICKNAME_LEN+1];
|
2004-11-06 06:18:11 +01:00
|
|
|
or_options_t *options = get_options();
|
2005-10-17 03:29:28 +02:00
|
|
|
int severity = server_mode(options) ? LOG_PROTOCOL_WARN : LOG_WARN;
|
2003-09-30 20:45:55 +02:00
|
|
|
|
2005-04-23 16:26:02 +02:00
|
|
|
check_no_tls_errors();
|
2005-01-13 21:22:38 +01:00
|
|
|
if (! tor_tls_peer_has_cert(conn->tls)) {
|
2006-05-26 18:32:16 +02:00
|
|
|
log_info(LD_PROTOCOL,"Peer (%s:%d) didn't send a cert! Closing.",
|
2006-07-26 21:07:26 +02:00
|
|
|
conn->_base.address, conn->_base.port);
|
2005-01-13 21:22:38 +01:00
|
|
|
return -1;
|
2003-11-18 08:25:04 +01:00
|
|
|
}
|
2005-04-23 16:26:02 +02:00
|
|
|
check_no_tls_errors();
|
2006-05-26 18:32:16 +02:00
|
|
|
if (tor_tls_get_peer_cert_nickname(severity, conn->tls, nickname,
|
|
|
|
sizeof(nickname))) {
|
2005-12-14 21:40:40 +01:00
|
|
|
log_fn(severity,LD_PROTOCOL,"Other side (%s:%d) has a cert without a "
|
|
|
|
"valid nickname. Closing.",
|
2006-07-26 21:07:26 +02:00
|
|
|
conn->_base.address, conn->_base.port);
|
2003-11-18 08:25:04 +01:00
|
|
|
return -1;
|
|
|
|
}
|
2005-04-23 16:26:02 +02:00
|
|
|
check_no_tls_errors();
|
2006-02-13 10:02:35 +01:00
|
|
|
log_debug(LD_OR, "Other side (%s:%d) claims to be router '%s'",
|
2006-07-26 21:07:26 +02:00
|
|
|
conn->_base.address, conn->_base.port, nickname);
|
2004-07-21 04:25:14 +02:00
|
|
|
|
2005-10-17 02:35:53 +02:00
|
|
|
if (tor_tls_verify(severity, conn->tls, &identity_rcvd) < 0) {
|
2005-12-14 21:40:40 +01:00
|
|
|
log_fn(severity,LD_OR,"Other side, which claims to be router '%s' (%s:%d),"
|
|
|
|
" has a cert but it's invalid. Closing.",
|
2006-07-26 21:07:26 +02:00
|
|
|
nickname, conn->_base.address, conn->_base.port);
|
2003-11-18 08:25:04 +01:00
|
|
|
return -1;
|
|
|
|
}
|
2005-04-23 16:26:02 +02:00
|
|
|
check_no_tls_errors();
|
2006-02-13 10:02:35 +01:00
|
|
|
log_debug(LD_OR,"The router's cert is valid.");
|
2004-07-21 04:25:14 +02:00
|
|
|
crypto_pk_get_digest(identity_rcvd, digest_rcvd);
|
|
|
|
|
2004-11-10 21:14:37 +01:00
|
|
|
if (crypto_pk_cmp_keys(get_identity_key(), identity_rcvd)<0) {
|
|
|
|
conn->circ_id_type = CIRC_ID_TYPE_LOWER;
|
|
|
|
} else {
|
|
|
|
conn->circ_id_type = CIRC_ID_TYPE_HIGHER;
|
|
|
|
}
|
2004-11-14 00:27:50 +01:00
|
|
|
crypto_free_pk_env(identity_rcvd);
|
2004-11-10 21:14:37 +01:00
|
|
|
|
2005-10-05 00:23:31 +02:00
|
|
|
router = router_get_by_nickname(nickname, 0);
|
2004-11-28 10:05:49 +01:00
|
|
|
if (router && /* we know this nickname */
|
2005-10-05 00:23:31 +02:00
|
|
|
router->is_named && /* make sure it's the right guy */
|
2005-11-05 21:15:27 +01:00
|
|
|
memcmp(digest_rcvd, router->cache_info.identity_digest,DIGEST_LEN) !=0) {
|
2005-10-25 09:05:03 +02:00
|
|
|
log_fn(severity, LD_OR,
|
2005-12-14 21:40:40 +01:00
|
|
|
"Identity key not as expected for router claiming to be "
|
|
|
|
"'%s' (%s:%d)",
|
2006-07-26 21:07:26 +02:00
|
|
|
nickname, conn->_base.address, conn->_base.port);
|
2004-07-21 02:44:04 +02:00
|
|
|
return -1;
|
|
|
|
}
|
2004-04-25 00:17:50 +02:00
|
|
|
|
2004-10-13 22:05:57 +02:00
|
|
|
if (connection_or_nonopen_was_started_here(conn)) {
|
2005-06-21 01:04:13 +02:00
|
|
|
int as_advertised = 1;
|
2005-08-23 11:50:51 +02:00
|
|
|
if (memcmp(digest_rcvd, conn->identity_digest, DIGEST_LEN)) {
|
|
|
|
/* I was aiming for a particular digest. I didn't get it! */
|
|
|
|
char seen[HEX_DIGEST_LEN+1];
|
|
|
|
char expected[HEX_DIGEST_LEN+1];
|
|
|
|
base16_encode(seen, sizeof(seen), digest_rcvd, DIGEST_LEN);
|
2005-12-14 21:40:40 +01:00
|
|
|
base16_encode(expected, sizeof(expected), conn->identity_digest,
|
|
|
|
DIGEST_LEN);
|
2005-10-25 09:05:03 +02:00
|
|
|
log_fn(severity, LD_OR,
|
2005-12-14 21:40:40 +01:00
|
|
|
"Identity key not as expected for router at %s:%d: wanted %s "
|
|
|
|
"but got %s",
|
2006-07-26 21:07:26 +02:00
|
|
|
conn->_base.address, conn->_base.port, expected, seen);
|
2006-10-08 02:33:43 +02:00
|
|
|
entry_guard_register_connect_status(conn->identity_digest,0,time(NULL));
|
2006-03-18 02:24:04 +01:00
|
|
|
router_set_status(conn->identity_digest, 0);
|
2004-11-03 19:33:07 +01:00
|
|
|
control_event_or_conn_status(conn, OR_CONN_EVENT_FAILED);
|
2005-06-21 01:04:13 +02:00
|
|
|
as_advertised = 0;
|
2003-09-30 20:45:55 +02:00
|
|
|
}
|
2005-06-21 01:04:13 +02:00
|
|
|
if (authdir_mode(options)) {
|
|
|
|
/* We initiated this connection to address:port. Drop all routers
|
|
|
|
* with the same address:port and a different key or nickname.
|
|
|
|
*/
|
2006-07-26 21:07:26 +02:00
|
|
|
dirserv_orconn_tls_done(conn->_base.address, conn->_base.port,
|
2005-06-21 01:04:13 +02:00
|
|
|
digest_rcvd, nickname, as_advertised);
|
|
|
|
}
|
|
|
|
if (!as_advertised)
|
|
|
|
return -1;
|
|
|
|
}
|
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
|
|
|
|
/** The tls handshake is finished.
|
|
|
|
*
|
|
|
|
* Make sure we are happy with the person we just handshaked with.
|
|
|
|
*
|
|
|
|
* If he initiated the connection, make sure he's not already connected,
|
|
|
|
* then initialize conn from the information in router.
|
|
|
|
*
|
|
|
|
* If all is successful, call circuit_n_conn_done() to handle events
|
|
|
|
* that have been pending on the tls handshake completion. Also set the
|
|
|
|
* directory to be dirty (only matters if I'm an authdirserver).
|
|
|
|
*/
|
|
|
|
static int
|
2006-07-26 21:07:26 +02:00
|
|
|
connection_tls_finish_handshake(or_connection_t *conn)
|
2005-06-21 01:04:13 +02:00
|
|
|
{
|
|
|
|
char digest_rcvd[DIGEST_LEN];
|
2005-12-28 08:19:55 +01:00
|
|
|
int started_here = connection_or_nonopen_was_started_here(conn);
|
2005-06-21 01:04:13 +02:00
|
|
|
|
2006-02-13 10:02:35 +01:00
|
|
|
log_debug(LD_OR,"tls handshake done. verifying.");
|
2005-06-21 01:04:13 +02:00
|
|
|
if (connection_or_check_valid_handshake(conn, digest_rcvd) < 0)
|
|
|
|
return -1;
|
|
|
|
|
2005-12-28 08:19:55 +01:00
|
|
|
if (!started_here) {
|
2006-07-26 21:07:37 +02:00
|
|
|
connection_or_init_conn_from_address(conn,conn->_base.addr,
|
|
|
|
conn->_base.port, digest_rcvd, 0);
|
2006-06-07 10:42:24 +02:00
|
|
|
|
|
|
|
/* Annotate that we received a TLS connection.
|
|
|
|
* (Todo: only actually consider ourselves reachable if there
|
|
|
|
* exists a testing circuit using conn.)
|
|
|
|
*
|
|
|
|
* We already consider ourselves reachable if we can ever process
|
|
|
|
* a create cell -- see onionskin_answer() in circuitbuild.c.
|
|
|
|
*
|
|
|
|
* The reason this bandaid is here is because there's a bug in
|
|
|
|
* Tor 0.1.1.x where middle hops don't always send their create
|
|
|
|
* cell; so some servers rarely find themselves reachable. */
|
2006-07-26 21:07:26 +02:00
|
|
|
// if (!is_local_IP(conn->_base.addr))
|
2006-06-10 02:57:12 +02:00
|
|
|
// router_orport_found_reachable();
|
2003-11-18 08:25:04 +01:00
|
|
|
}
|
2004-04-25 00:17:50 +02:00
|
|
|
|
2004-05-07 10:53:40 +02:00
|
|
|
directory_set_dirty();
|
2006-07-26 21:07:26 +02:00
|
|
|
conn->_base.state = OR_CONN_STATE_OPEN;
|
2005-12-28 08:19:55 +01:00
|
|
|
control_event_or_conn_status(conn, OR_CONN_EVENT_CONNECTED);
|
|
|
|
if (started_here) {
|
|
|
|
rep_hist_note_connect_succeeded(conn->identity_digest, time(NULL));
|
2006-10-07 01:37:07 +02:00
|
|
|
if (entry_guard_register_connect_status(conn->identity_digest, 1,
|
|
|
|
time(NULL)) < 0) {
|
2005-12-28 08:19:55 +01:00
|
|
|
/* pending circs get closed in circuit_about_to_close_connection() */
|
|
|
|
return -1;
|
|
|
|
}
|
2006-03-18 02:24:04 +01:00
|
|
|
router_set_status(conn->identity_digest, 1);
|
2005-12-28 08:19:55 +01:00
|
|
|
}
|
2006-07-26 21:07:26 +02:00
|
|
|
connection_watch_events(TO_CONN(conn), EV_READ);
|
2004-07-02 11:29:01 +02:00
|
|
|
circuit_n_conn_done(conn, 1); /* send the pending creates, if any. */
|
2003-09-30 20:45:55 +02:00
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
|
2004-05-13 00:56:26 +02:00
|
|
|
/** Pack <b>cell</b> into wire-format, and write it onto <b>conn</b>'s
|
|
|
|
* outbuf.
|
|
|
|
*
|
2005-12-28 08:19:55 +01:00
|
|
|
* If it's an OR conn, and an entire TLS record is
|
2004-05-13 00:56:26 +02:00
|
|
|
* ready, then try to flush the record now.
|
|
|
|
*/
|
2005-06-11 20:52:12 +02:00
|
|
|
void
|
2006-07-26 21:07:26 +02:00
|
|
|
connection_or_write_cell_to_buf(const cell_t *cell, or_connection_t *conn)
|
2005-06-11 20:52:12 +02:00
|
|
|
{
|
2003-09-13 00:45:31 +02:00
|
|
|
char networkcell[CELL_NETWORK_SIZE];
|
|
|
|
char *n = networkcell;
|
|
|
|
|
2004-10-17 00:14:52 +02:00
|
|
|
tor_assert(cell);
|
|
|
|
tor_assert(conn);
|
2003-10-09 20:45:14 +02:00
|
|
|
|
2003-12-23 08:45:31 +01:00
|
|
|
cell_pack(n, cell);
|
2003-12-17 22:09:31 +01:00
|
|
|
|
2006-07-26 21:07:26 +02:00
|
|
|
connection_write_to_buf(n, CELL_NETWORK_SIZE, TO_CONN(conn));
|
2004-05-13 00:56:26 +02:00
|
|
|
|
|
|
|
#define MIN_TLS_FLUSHLEN 15872
|
|
|
|
/* openssl tls record size is 16383, this is close. The goal here is to
|
|
|
|
* push data out as soon as we know there's enough for a tls record, so
|
|
|
|
* during periods of high load we won't read the entire megabyte from
|
2005-06-08 06:55:06 +02:00
|
|
|
* input before pushing any data out. It also has the feature of not
|
|
|
|
* growing huge outbufs unless something is slow. */
|
2006-07-26 21:07:26 +02:00
|
|
|
if (conn->_base.outbuf_flushlen-CELL_NETWORK_SIZE < MIN_TLS_FLUSHLEN &&
|
|
|
|
conn->_base.outbuf_flushlen >= MIN_TLS_FLUSHLEN) {
|
|
|
|
int extra = conn->_base.outbuf_flushlen - MIN_TLS_FLUSHLEN;
|
|
|
|
conn->_base.outbuf_flushlen = MIN_TLS_FLUSHLEN;
|
|
|
|
if (connection_handle_write(TO_CONN(conn)) < 0) {
|
|
|
|
if (!conn->_base.marked_for_close) {
|
2005-06-08 06:55:06 +02:00
|
|
|
/* this connection is broken. remove it. */
|
2006-02-13 10:02:35 +01:00
|
|
|
log_warn(LD_BUG,
|
|
|
|
"Bug: unhandled error on write for OR conn (fd %d); removing",
|
2006-07-26 21:07:26 +02:00
|
|
|
conn->_base.s);
|
2005-06-08 06:55:06 +02:00
|
|
|
tor_fragile_assert();
|
2006-07-26 21:07:26 +02:00
|
|
|
// XXX This was supposed to be edge-only!
|
|
|
|
// conn->has_sent_end = 1; /* don't cry wolf about duplicate close */
|
|
|
|
|
2005-06-08 06:55:06 +02:00
|
|
|
/* XXX do we need a close-immediate here, so we don't try to flush? */
|
2006-07-26 21:07:26 +02:00
|
|
|
connection_mark_for_close(TO_CONN(conn));
|
2005-06-08 06:55:06 +02:00
|
|
|
}
|
2004-05-13 00:56:26 +02:00
|
|
|
return;
|
|
|
|
}
|
2004-11-28 10:05:49 +01:00
|
|
|
if (extra) {
|
2006-07-26 21:07:26 +02:00
|
|
|
conn->_base.outbuf_flushlen += extra;
|
|
|
|
connection_start_writing(TO_CONN(conn));
|
2004-05-13 00:56:26 +02:00
|
|
|
}
|
|
|
|
}
|
2003-09-13 00:45:31 +02:00
|
|
|
}
|
|
|
|
|
2004-05-09 18:47:25 +02:00
|
|
|
/** Process cells from <b>conn</b>'s inbuf.
|
|
|
|
*
|
|
|
|
* Loop: while inbuf contains a cell, pull it off the inbuf, unpack it,
|
|
|
|
* and hand it to command_process_cell().
|
|
|
|
*
|
2004-05-07 10:53:40 +02:00
|
|
|
* Always return 0.
|
|
|
|
*/
|
2005-06-11 20:52:12 +02:00
|
|
|
static int
|
2006-07-26 21:07:26 +02:00
|
|
|
connection_or_process_cells_from_inbuf(or_connection_t *conn)
|
2005-06-11 20:52:12 +02:00
|
|
|
{
|
2003-09-13 00:45:31 +02:00
|
|
|
char buf[CELL_NETWORK_SIZE];
|
|
|
|
cell_t cell;
|
2003-09-25 07:17:11 +02:00
|
|
|
|
2003-11-12 06:12:51 +01:00
|
|
|
loop:
|
2006-02-13 10:02:35 +01:00
|
|
|
log_debug(LD_OR,
|
|
|
|
"%d: starting, inbuf_datalen %d (%d pending in tls object).",
|
2006-07-26 21:07:26 +02:00
|
|
|
conn->_base.s,(int)buf_datalen(conn->_base.inbuf),
|
2006-02-13 10:02:35 +01:00
|
|
|
tor_tls_get_pending_bytes(conn->tls));
|
2006-07-26 21:07:26 +02:00
|
|
|
if (buf_datalen(conn->_base.inbuf) < CELL_NETWORK_SIZE) /* whole response
|
|
|
|
available? */
|
2003-09-13 00:45:31 +02:00
|
|
|
return 0; /* not yet */
|
2003-12-17 22:09:31 +01:00
|
|
|
|
2006-07-26 21:07:26 +02:00
|
|
|
connection_fetch_from_buf(buf, CELL_NETWORK_SIZE, TO_CONN(conn));
|
2003-12-17 22:09:31 +01:00
|
|
|
|
2003-11-12 06:12:51 +01:00
|
|
|
/* retrieve cell info from buf (create the host-order struct from the
|
|
|
|
* network-order string) */
|
2003-09-13 00:45:31 +02:00
|
|
|
cell_unpack(&cell, buf);
|
2003-12-17 22:09:31 +01:00
|
|
|
|
2003-09-13 00:45:31 +02:00
|
|
|
command_process_cell(&cell, conn);
|
2003-10-09 20:45:14 +02:00
|
|
|
|
2003-11-12 06:12:51 +01:00
|
|
|
goto loop; /* process the remainder of the buffer */
|
2003-09-13 00:45:31 +02:00
|
|
|
}
|
2005-06-09 21:03:31 +02:00
|
|
|
|
2006-01-05 22:23:03 +01:00
|
|
|
/** Write a destroy cell with circ ID <b>circ_id</b> and reason <b>reason</b>
|
|
|
|
* onto OR connection <b>conn</b>. Don't perform range-checking on reason:
|
|
|
|
* we may want to propagate reasons from other cells.
|
|
|
|
*
|
|
|
|
* Return 0.
|
|
|
|
*/
|
|
|
|
int
|
2006-07-26 21:07:26 +02:00
|
|
|
connection_or_send_destroy(uint16_t circ_id, or_connection_t *conn, int reason)
|
2006-01-05 22:23:03 +01:00
|
|
|
{
|
|
|
|
cell_t cell;
|
|
|
|
|
|
|
|
tor_assert(conn);
|
|
|
|
|
|
|
|
memset(&cell, 0, sizeof(cell_t));
|
|
|
|
cell.circ_id = circ_id;
|
|
|
|
cell.command = CELL_DESTROY;
|
|
|
|
cell.payload[0] = (uint8_t) reason;
|
2006-02-13 10:02:35 +01:00
|
|
|
log_debug(LD_OR,"Sending destroy (circID %d).", circ_id);
|
2006-01-05 22:23:03 +01:00
|
|
|
connection_or_write_cell_to_buf(&cell, conn);
|
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
|