2006-02-09 06:46:49 +01:00
|
|
|
/* Copyright (c) 2001 Matej Pfajfar.
|
|
|
|
|
* Copyright (c) 2001-2004, Roger Dingledine.
|
2007-12-12 22:09:01 +01:00
|
|
|
* Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson.
|
2011-01-03 17:50:39 +01:00
|
|
|
* Copyright (c) 2007-2011, The Tor Project, Inc. */
|
Implemented link padding and receiver token buckets
Each socket reads at most 'bandwidth' bytes per second sustained, but
can handle bursts of up to 10*bandwidth bytes.
Cells are now sent out at evenly-spaced intervals, with padding sent
out otherwise. Set Linkpadding=0 in the rc file to send cells as soon
as they're available (and to never send padding cells).
Added license/copyrights statements at the top of most files.
router->min and router->max have been merged into a single 'bandwidth'
value. We should make the routerinfo_t reflect this (want to do that,
Mat?)
As the bandwidth increases, and we want to stop sleeping more and more
frequently to send a single cell, cpu usage goes up. At 128kB/s we're
pretty much calling poll with a timeout of 1ms or even 0ms. The current
code takes a timeout of 0-9ms and makes it 10ms. prepare_for_poll()
handles everything that should have happened in the past, so as long as
our buffers don't get too full in that 10ms, we're ok.
Speaking of too full, if you run three servers at 100kB/s with -l debug,
it spends too much time printing debugging messages to be able to keep
up with the cells. The outbuf ultimately fills up and it kills that
connection. If you run with -l err, it works fine up through 500kB/s and
probably beyond. Down the road we'll want to teach it to recognize when
an outbuf is getting full, and back off.
svn:r50
2002-07-16 03:12:15 +02:00
|
|
|
/* See LICENSE for licensing information */
|
2002-06-27 00:45:49 +02:00
|
|
|
|
2004-05-09 18:47:25 +02:00
|
|
|
/**
|
|
|
|
|
* \file connection_or.c
|
|
|
|
|
* \brief Functions to handle OR connections, TLS handshaking, and
|
|
|
|
|
* cells on the network.
|
|
|
|
|
**/
|
|
|
|
|
|
2002-06-27 00:45:49 +02:00
|
|
|
#include "or.h"
|
2003-06-21 21:29:32 +02:00
|
|
|
|
2006-07-26 21:07:26 +02:00
|
|
|
static int connection_tls_finish_handshake(or_connection_t *conn);
|
|
|
|
|
static int connection_or_process_cells_from_inbuf(or_connection_t *conn);
|
2007-10-30 22:46:02 +01:00
|
|
|
static int connection_or_send_versions(or_connection_t *conn);
|
2007-11-05 19:15:50 +01:00
|
|
|
static int connection_init_or_handshake_state(or_connection_t *conn,
|
|
|
|
|
int started_here);
|
2007-12-01 09:47:13 +01:00
|
|
|
static int connection_or_check_valid_tls_handshake(or_connection_t *conn,
|
|
|
|
|
int started_here,
|
|
|
|
|
char *digest_rcvd_out);
|
2003-09-30 20:45:55 +02:00
|
|
|
|
2003-09-16 07:41:49 +02:00
|
|
|
/**************************************************************/
|
|
|
|
|
|
2005-11-30 04:01:16 +01:00
|
|
|
/** Map from identity digest of connected OR or desired OR to a connection_t
|
|
|
|
|
* with that identity digest. If there is more than one such connection_t,
|
2006-06-13 07:50:24 +02:00
|
|
|
* they form a linked list, with next_with_same_id as the next pointer. */
|
2005-11-30 04:01:16 +01:00
|
|
|
static digestmap_t *orconn_identity_map = NULL;
|
|
|
|
|
|
|
|
|
|
/** If conn is listed in orconn_identity_map, remove it, and clear
|
2007-02-12 22:39:33 +01:00
|
|
|
* conn->identity_digest. Otherwise do nothing. */
|
2005-11-30 04:01:16 +01:00
|
|
|
void
|
2006-07-26 21:07:26 +02:00
|
|
|
connection_or_remove_from_identity_map(or_connection_t *conn)
|
2005-11-30 04:01:16 +01:00
|
|
|
{
|
2006-07-26 21:07:26 +02:00
|
|
|
or_connection_t *tmp;
|
2005-11-30 04:01:16 +01:00
|
|
|
tor_assert(conn);
|
|
|
|
|
if (!orconn_identity_map)
|
|
|
|
|
return;
|
|
|
|
|
tmp = digestmap_get(orconn_identity_map, conn->identity_digest);
|
2007-02-12 22:39:33 +01:00
|
|
|
if (!tmp) {
|
|
|
|
|
if (!tor_digest_is_zero(conn->identity_digest)) {
|
2007-11-07 19:26:46 +01:00
|
|
|
log_warn(LD_BUG, "Didn't find connection '%s' on identity map when "
|
|
|
|
|
"trying to remove it.",
|
|
|
|
|
conn->nickname ? conn->nickname : "NULL");
|
2007-02-12 22:39:33 +01:00
|
|
|
}
|
2005-11-30 04:01:16 +01:00
|
|
|
return;
|
2007-02-12 22:39:33 +01:00
|
|
|
}
|
2005-11-30 04:01:16 +01:00
|
|
|
if (conn == tmp) {
|
|
|
|
|
if (conn->next_with_same_id)
|
|
|
|
|
digestmap_set(orconn_identity_map, conn->identity_digest,
|
|
|
|
|
conn->next_with_same_id);
|
|
|
|
|
else
|
|
|
|
|
digestmap_remove(orconn_identity_map, conn->identity_digest);
|
|
|
|
|
} else {
|
|
|
|
|
while (tmp->next_with_same_id) {
|
|
|
|
|
if (tmp->next_with_same_id == conn) {
|
|
|
|
|
tmp->next_with_same_id = conn->next_with_same_id;
|
|
|
|
|
break;
|
|
|
|
|
}
|
|
|
|
|
tmp = tmp->next_with_same_id;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
memset(conn->identity_digest, 0, DIGEST_LEN);
|
|
|
|
|
conn->next_with_same_id = NULL;
|
|
|
|
|
}
|
|
|
|
|
|
2005-12-05 20:15:27 +01:00
|
|
|
/** Remove all entries from the identity-to-orconn map, and clear
|
|
|
|
|
* all identities in OR conns.*/
|
|
|
|
|
void
|
|
|
|
|
connection_or_clear_identity_map(void)
|
|
|
|
|
{
|
2007-05-22 17:49:14 +02:00
|
|
|
smartlist_t *conns = get_connection_array();
|
|
|
|
|
SMARTLIST_FOREACH(conns, connection_t *, conn,
|
|
|
|
|
{
|
2005-12-05 20:15:27 +01:00
|
|
|
if (conn->type == CONN_TYPE_OR) {
|
2006-07-26 21:07:26 +02:00
|
|
|
or_connection_t *or_conn = TO_OR_CONN(conn);
|
|
|
|
|
memset(or_conn->identity_digest, 0, DIGEST_LEN);
|
|
|
|
|
or_conn->next_with_same_id = NULL;
|
2005-12-05 20:15:27 +01:00
|
|
|
}
|
2007-05-22 17:49:14 +02:00
|
|
|
});
|
2005-12-05 20:15:27 +01:00
|
|
|
|
2005-12-14 02:02:35 +01:00
|
|
|
if (orconn_identity_map) {
|
|
|
|
|
digestmap_free(orconn_identity_map, NULL);
|
|
|
|
|
orconn_identity_map = NULL;
|
|
|
|
|
}
|
2005-12-05 20:15:27 +01:00
|
|
|
}
|
|
|
|
|
|
2005-11-30 04:01:16 +01:00
|
|
|
/** Change conn->identity_digest to digest, and add conn into
|
2007-02-24 02:12:53 +01:00
|
|
|
* orconn_digest_map. */
|
2005-11-30 04:01:16 +01:00
|
|
|
static void
|
2006-07-26 21:07:26 +02:00
|
|
|
connection_or_set_identity_digest(or_connection_t *conn, const char *digest)
|
2005-11-30 04:01:16 +01:00
|
|
|
{
|
2006-07-26 21:07:26 +02:00
|
|
|
or_connection_t *tmp;
|
2005-11-30 04:01:16 +01:00
|
|
|
tor_assert(conn);
|
|
|
|
|
tor_assert(digest);
|
|
|
|
|
|
|
|
|
|
if (!orconn_identity_map)
|
|
|
|
|
orconn_identity_map = digestmap_new();
|
|
|
|
|
if (!memcmp(conn->identity_digest, digest, DIGEST_LEN))
|
|
|
|
|
return;
|
2007-02-12 22:39:33 +01:00
|
|
|
|
|
|
|
|
/* If the identity was set previously, remove the old mapping. */
|
|
|
|
|
if (! tor_digest_is_zero(conn->identity_digest))
|
2005-11-30 04:01:16 +01:00
|
|
|
connection_or_remove_from_identity_map(conn);
|
|
|
|
|
|
|
|
|
|
memcpy(conn->identity_digest, digest, DIGEST_LEN);
|
2007-02-12 22:39:33 +01:00
|
|
|
|
2007-02-24 02:12:53 +01:00
|
|
|
/* If we're setting the ID to zero, don't add a mapping. */
|
2007-02-12 22:39:33 +01:00
|
|
|
if (tor_digest_is_zero(digest))
|
|
|
|
|
return;
|
|
|
|
|
|
2005-11-30 04:01:16 +01:00
|
|
|
tmp = digestmap_set(orconn_identity_map, digest, conn);
|
|
|
|
|
conn->next_with_same_id = tmp;
|
|
|
|
|
|
2007-02-12 22:39:33 +01:00
|
|
|
#if 1
|
2006-12-29 03:47:51 +01:00
|
|
|
/* Testing code to check for bugs in representation. */
|
2005-11-30 04:01:16 +01:00
|
|
|
for (; tmp; tmp = tmp->next_with_same_id) {
|
|
|
|
|
tor_assert(!memcmp(tmp->identity_digest, digest, DIGEST_LEN));
|
|
|
|
|
tor_assert(tmp != conn);
|
|
|
|
|
}
|
2006-12-29 03:47:51 +01:00
|
|
|
#endif
|
2005-11-30 04:01:16 +01:00
|
|
|
}
|
|
|
|
|
|
2004-05-09 18:47:25 +02:00
|
|
|
/** Pack the cell_t host-order structure <b>src</b> into network-order
|
|
|
|
|
* in the buffer <b>dest</b>. See tor-spec.txt for details about the
|
2004-05-07 10:53:40 +02:00
|
|
|
* wire format.
|
2007-05-25 21:41:31 +02:00
|
|
|
*
|
|
|
|
|
* Note that this function doesn't touch <b>dst</b>-\>next: the caller
|
|
|
|
|
* should set it or clear it as appropriate.
|
2004-05-07 10:53:40 +02:00
|
|
|
*/
|
2007-04-10 01:15:46 +02:00
|
|
|
void
|
|
|
|
|
cell_pack(packed_cell_t *dst, const cell_t *src)
|
2005-06-11 20:52:12 +02:00
|
|
|
{
|
2007-04-10 01:15:46 +02:00
|
|
|
char *dest = dst->body;
|
2005-08-23 11:50:51 +02:00
|
|
|
*(uint16_t*)dest = htons(src->circ_id);
|
|
|
|
|
*(uint8_t*)(dest+2) = src->command;
|
2003-12-16 10:48:17 +01:00
|
|
|
memcpy(dest+3, src->payload, CELL_PAYLOAD_SIZE);
|
2003-09-16 07:41:49 +02:00
|
|
|
}
|
|
|
|
|
|
2004-05-09 18:47:25 +02:00
|
|
|
/** Unpack the network-order buffer <b>src</b> into a host-order
|
|
|
|
|
* cell_t structure <b>dest</b>.
|
2004-05-07 10:53:40 +02:00
|
|
|
*/
|
2005-06-11 20:52:12 +02:00
|
|
|
static void
|
|
|
|
|
cell_unpack(cell_t *dest, const char *src)
|
|
|
|
|
{
|
2003-11-11 04:01:48 +01:00
|
|
|
dest->circ_id = ntohs(*(uint16_t*)(src));
|
2003-09-16 07:41:49 +02:00
|
|
|
dest->command = *(uint8_t*)(src+2);
|
2003-12-16 10:48:17 +01:00
|
|
|
memcpy(dest->payload, src+3, CELL_PAYLOAD_SIZE);
|
2003-09-16 07:41:49 +02:00
|
|
|
}
|
|
|
|
|
|
2008-02-08 22:13:15 +01:00
|
|
|
/** Write the header of <b>cell</b> into the first VAR_CELL_HEADER_SIZE
|
|
|
|
|
* bytes of <b>hdr_out</b>. */
|
2007-11-05 22:46:35 +01:00
|
|
|
void
|
2007-11-06 00:34:39 +01:00
|
|
|
var_cell_pack_header(const var_cell_t *cell, char *hdr_out)
|
2007-11-05 22:46:35 +01:00
|
|
|
{
|
2008-11-12 15:41:44 +01:00
|
|
|
set_uint16(hdr_out, htons(cell->circ_id));
|
|
|
|
|
set_uint8(hdr_out+2, cell->command);
|
2007-11-05 22:46:35 +01:00
|
|
|
set_uint16(hdr_out+3, htons(cell->payload_len));
|
|
|
|
|
}
|
|
|
|
|
|
2008-02-08 22:13:15 +01:00
|
|
|
/** Allocate and return a new var_cell_t with <b>payload_len</b> bytes of
|
|
|
|
|
* payload space. */
|
2007-11-06 00:34:39 +01:00
|
|
|
var_cell_t *
|
|
|
|
|
var_cell_new(uint16_t payload_len)
|
|
|
|
|
{
|
|
|
|
|
var_cell_t *cell = tor_malloc(sizeof(var_cell_t)+payload_len-1);
|
|
|
|
|
cell->payload_len = payload_len;
|
|
|
|
|
cell->command = 0;
|
|
|
|
|
cell->circ_id = 0;
|
|
|
|
|
return cell;
|
|
|
|
|
}
|
|
|
|
|
|
2008-02-09 04:11:10 +01:00
|
|
|
/** Release all space held by <b>cell</b>. */
|
2007-11-05 22:46:35 +01:00
|
|
|
void
|
|
|
|
|
var_cell_free(var_cell_t *cell)
|
|
|
|
|
{
|
|
|
|
|
tor_free(cell);
|
|
|
|
|
}
|
|
|
|
|
|
2008-02-09 04:11:10 +01:00
|
|
|
/** We've received an EOF from <b>conn</b>. Mark it for close and return. */
|
2005-06-11 20:52:12 +02:00
|
|
|
int
|
2006-07-26 21:07:26 +02:00
|
|
|
connection_or_reached_eof(or_connection_t *conn)
|
2005-06-11 20:52:12 +02:00
|
|
|
{
|
2006-02-13 10:02:35 +01:00
|
|
|
log_info(LD_OR,"OR connection reached EOF. Closing.");
|
2006-07-26 21:07:26 +02:00
|
|
|
connection_mark_for_close(TO_CONN(conn));
|
2004-11-21 11:14:57 +01:00
|
|
|
return 0;
|
|
|
|
|
}
|
|
|
|
|
|
2005-02-24 11:56:55 +01:00
|
|
|
/** Read conn's inbuf. If the http response from the proxy is all
|
|
|
|
|
* here, make sure it's good news, and begin the tls handshake. If
|
|
|
|
|
* it's bad news, close the connection and return -1. Else return 0
|
|
|
|
|
* and hope for better luck next time.
|
|
|
|
|
*/
|
|
|
|
|
static int
|
2006-07-26 21:07:26 +02:00
|
|
|
connection_or_read_proxy_response(or_connection_t *or_conn)
|
2005-06-11 20:52:12 +02:00
|
|
|
{
|
2005-02-24 11:56:55 +01:00
|
|
|
char *headers;
|
2005-03-22 19:43:24 +01:00
|
|
|
char *reason=NULL;
|
2005-02-24 11:56:55 +01:00
|
|
|
int status_code;
|
|
|
|
|
time_t date_header;
|
2006-07-26 21:07:26 +02:00
|
|
|
connection_t *conn = TO_CONN(or_conn);
|
2005-02-24 11:56:55 +01:00
|
|
|
|
|
|
|
|
switch (fetch_from_buf_http(conn->inbuf,
|
|
|
|
|
&headers, MAX_HEADERS_SIZE,
|
2005-10-14 04:26:13 +02:00
|
|
|
NULL, NULL, 10000, 0)) {
|
2005-02-24 11:56:55 +01:00
|
|
|
case -1: /* overflow */
|
2006-02-13 10:02:35 +01:00
|
|
|
log_warn(LD_PROTOCOL,
|
|
|
|
|
"Your https proxy sent back an oversized response. Closing.");
|
2005-02-24 11:56:55 +01:00
|
|
|
return -1;
|
|
|
|
|
case 0:
|
2006-02-13 10:02:35 +01:00
|
|
|
log_info(LD_OR,"https proxy response not all here yet. Waiting.");
|
2005-02-24 11:56:55 +01:00
|
|
|
return 0;
|
|
|
|
|
/* case 1, fall through */
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if (parse_http_response(headers, &status_code, &date_header,
|
2006-10-09 05:39:06 +02:00
|
|
|
NULL, &reason) < 0) {
|
2006-02-13 10:02:35 +01:00
|
|
|
log_warn(LD_OR,
|
|
|
|
|
"Unparseable headers from proxy (connecting to '%s'). Closing.",
|
|
|
|
|
conn->address);
|
2005-02-24 11:56:55 +01:00
|
|
|
tor_free(headers);
|
|
|
|
|
return -1;
|
|
|
|
|
}
|
2005-03-22 19:43:24 +01:00
|
|
|
if (!reason) reason = tor_strdup("[no reason given]");
|
2005-02-24 11:56:55 +01:00
|
|
|
|
|
|
|
|
if (status_code == 200) {
|
2006-02-13 10:02:35 +01:00
|
|
|
log_info(LD_OR,
|
2006-03-05 10:50:26 +01:00
|
|
|
"HTTPS connect to '%s' successful! (200 %s) Starting TLS.",
|
|
|
|
|
conn->address, escaped(reason));
|
2005-03-22 19:43:24 +01:00
|
|
|
tor_free(reason);
|
2006-07-26 21:07:26 +02:00
|
|
|
if (connection_tls_start_handshake(or_conn, 0) < 0) {
|
2005-02-24 11:56:55 +01:00
|
|
|
/* TLS handshaking error of some kind. */
|
|
|
|
|
connection_mark_for_close(conn);
|
2005-03-22 19:43:24 +01:00
|
|
|
|
2005-02-24 11:56:55 +01:00
|
|
|
return -1;
|
|
|
|
|
}
|
|
|
|
|
return 0;
|
|
|
|
|
}
|
|
|
|
|
/* else, bad news on the status code */
|
2006-02-13 10:02:35 +01:00
|
|
|
log_warn(LD_OR,
|
2006-03-05 10:50:26 +01:00
|
|
|
"The https proxy sent back an unexpected status code %d (%s). "
|
2006-02-13 10:02:35 +01:00
|
|
|
"Closing.",
|
2006-03-05 10:50:26 +01:00
|
|
|
status_code, escaped(reason));
|
2005-03-22 19:43:24 +01:00
|
|
|
tor_free(reason);
|
2005-02-24 11:56:55 +01:00
|
|
|
connection_mark_for_close(conn);
|
|
|
|
|
return -1;
|
|
|
|
|
}
|
|
|
|
|
|
2004-05-09 18:47:25 +02:00
|
|
|
/** Handle any new bytes that have come in on connection <b>conn</b>.
|
2004-05-07 10:53:40 +02:00
|
|
|
* If conn is in 'open' state, hand it to
|
|
|
|
|
* connection_or_process_cells_from_inbuf()
|
|
|
|
|
* (else do nothing).
|
|
|
|
|
*/
|
2005-06-11 20:52:12 +02:00
|
|
|
int
|
2006-07-26 21:07:26 +02:00
|
|
|
connection_or_process_inbuf(or_connection_t *conn)
|
2005-06-11 20:52:12 +02:00
|
|
|
{
|
2004-10-17 00:14:52 +02:00
|
|
|
tor_assert(conn);
|
2002-06-27 00:45:49 +02:00
|
|
|
|
2006-07-26 21:07:26 +02:00
|
|
|
switch (conn->_base.state) {
|
2005-02-24 11:56:55 +01:00
|
|
|
case OR_CONN_STATE_PROXY_READING:
|
|
|
|
|
return connection_or_read_proxy_response(conn);
|
|
|
|
|
case OR_CONN_STATE_OPEN:
|
2008-01-06 04:16:11 +01:00
|
|
|
case OR_CONN_STATE_OR_HANDSHAKING:
|
2005-02-24 11:56:55 +01:00
|
|
|
return connection_or_process_cells_from_inbuf(conn);
|
|
|
|
|
default:
|
|
|
|
|
return 0; /* don't do anything */
|
|
|
|
|
}
|
2002-06-27 00:45:49 +02:00
|
|
|
}
|
|
|
|
|
|
2007-03-26 16:08:35 +02:00
|
|
|
/** When adding cells to an OR connection's outbuf, keep adding until the
|
|
|
|
|
* outbuf is at least this long, or we run out of cells. */
|
2007-03-26 16:08:18 +02:00
|
|
|
#define OR_CONN_HIGHWATER (32*1024)
|
|
|
|
|
|
2007-03-26 16:08:35 +02:00
|
|
|
/** Add cells to an OR connection's outbuf whenever the outbuf's data length
|
|
|
|
|
* drops below this size. */
|
2007-03-26 16:08:18 +02:00
|
|
|
#define OR_CONN_LOWWATER (16*1024)
|
|
|
|
|
|
2007-03-26 16:07:59 +02:00
|
|
|
/** Called whenever we have flushed some data on an or_conn: add more data
|
|
|
|
|
* from active circuits. */
|
2007-01-27 09:55:06 +01:00
|
|
|
int
|
|
|
|
|
connection_or_flushed_some(or_connection_t *conn)
|
|
|
|
|
{
|
2007-03-26 16:08:18 +02:00
|
|
|
size_t datalen = buf_datalen(conn->_base.outbuf);
|
2007-03-26 16:08:35 +02:00
|
|
|
/* If we're under the low water mark, add cells until we're just over the
|
|
|
|
|
* high water mark. */
|
2007-03-26 16:08:18 +02:00
|
|
|
if (datalen < OR_CONN_LOWWATER) {
|
2008-02-22 20:09:45 +01:00
|
|
|
ssize_t n = (OR_CONN_HIGHWATER - datalen + CELL_NETWORK_SIZE-1)
|
2007-03-26 16:08:35 +02:00
|
|
|
/ CELL_NETWORK_SIZE;
|
2008-12-19 19:51:35 +01:00
|
|
|
time_t now = approx_time();
|
2007-03-26 16:07:59 +02:00
|
|
|
while (conn->active_circuits && n > 0) {
|
2008-04-09 20:44:50 +02:00
|
|
|
int flushed;
|
|
|
|
|
flushed = connection_or_flush_from_first_active_circuit(conn, 1, now);
|
2007-03-26 16:07:59 +02:00
|
|
|
n -= flushed;
|
|
|
|
|
}
|
|
|
|
|
}
|
2007-01-27 09:55:06 +01:00
|
|
|
return 0;
|
|
|
|
|
}
|
|
|
|
|
|
2004-05-09 18:47:25 +02:00
|
|
|
/** Connection <b>conn</b> has finished writing and has no bytes left on
|
2004-05-07 10:53:40 +02:00
|
|
|
* its outbuf.
|
|
|
|
|
*
|
2004-05-10 06:34:48 +02:00
|
|
|
* Otherwise it's in state "open": stop writing and return.
|
2004-05-10 05:54:33 +02:00
|
|
|
*
|
|
|
|
|
* If <b>conn</b> is broken, mark it for close and return -1, else
|
|
|
|
|
* return 0.
|
2004-05-07 10:53:40 +02:00
|
|
|
*/
|
2005-06-11 20:52:12 +02:00
|
|
|
int
|
2006-07-26 21:07:26 +02:00
|
|
|
connection_or_finished_flushing(or_connection_t *conn)
|
2005-06-11 20:52:12 +02:00
|
|
|
{
|
2004-10-17 00:14:52 +02:00
|
|
|
tor_assert(conn);
|
2006-07-26 21:07:26 +02:00
|
|
|
assert_connection_ok(TO_CONN(conn),0);
|
2002-06-27 00:45:49 +02:00
|
|
|
|
2006-07-26 21:07:26 +02:00
|
|
|
switch (conn->_base.state) {
|
2005-02-24 11:56:55 +01:00
|
|
|
case OR_CONN_STATE_PROXY_FLUSHING:
|
2006-02-13 10:02:35 +01:00
|
|
|
log_debug(LD_OR,"finished sending CONNECT to proxy.");
|
2006-07-26 21:07:26 +02:00
|
|
|
conn->_base.state = OR_CONN_STATE_PROXY_READING;
|
|
|
|
|
connection_stop_writing(TO_CONN(conn));
|
2005-02-24 11:56:55 +01:00
|
|
|
break;
|
|
|
|
|
case OR_CONN_STATE_OPEN:
|
2008-01-06 04:16:11 +01:00
|
|
|
case OR_CONN_STATE_OR_HANDSHAKING:
|
2006-07-26 21:07:26 +02:00
|
|
|
connection_stop_writing(TO_CONN(conn));
|
2005-02-24 11:56:55 +01:00
|
|
|
break;
|
|
|
|
|
default:
|
2007-03-04 21:11:46 +01:00
|
|
|
log_err(LD_BUG,"Called in unexpected state %d.", conn->_base.state);
|
2005-04-26 20:52:16 +02:00
|
|
|
tor_fragile_assert();
|
2005-02-24 11:56:55 +01:00
|
|
|
return -1;
|
2004-05-12 21:17:09 +02:00
|
|
|
}
|
|
|
|
|
return 0;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/** Connected handler for OR connections: begin the TLS handshake.
|
|
|
|
|
*/
|
2005-06-11 20:52:12 +02:00
|
|
|
int
|
2006-07-26 21:07:26 +02:00
|
|
|
connection_or_finished_connecting(or_connection_t *or_conn)
|
2004-05-12 21:17:09 +02:00
|
|
|
{
|
2006-07-26 21:07:26 +02:00
|
|
|
connection_t *conn;
|
|
|
|
|
tor_assert(or_conn);
|
|
|
|
|
conn = TO_CONN(or_conn);
|
2004-05-12 21:17:09 +02:00
|
|
|
tor_assert(conn->state == OR_CONN_STATE_CONNECTING);
|
|
|
|
|
|
2006-02-13 10:02:35 +01:00
|
|
|
log_debug(LD_OR,"OR connect() to router at %s:%u finished.",
|
|
|
|
|
conn->address,conn->port);
|
2008-06-07 07:27:34 +02:00
|
|
|
control_event_bootstrap(BOOTSTRAP_STATUS_HANDSHAKE, 0);
|
2004-05-12 21:17:09 +02:00
|
|
|
|
2005-02-24 11:56:55 +01:00
|
|
|
if (get_options()->HttpsProxy) {
|
|
|
|
|
char buf[1024];
|
2005-05-20 10:51:45 +02:00
|
|
|
char *base64_authenticator=NULL;
|
2005-04-26 20:33:33 +02:00
|
|
|
const char *authenticator = get_options()->HttpsProxyAuthenticator;
|
2005-02-24 11:56:55 +01:00
|
|
|
|
2005-04-26 20:33:33 +02:00
|
|
|
if (authenticator) {
|
2005-05-20 10:51:45 +02:00
|
|
|
base64_authenticator = alloc_http_authenticator(authenticator);
|
|
|
|
|
if (!base64_authenticator)
|
2006-02-13 10:02:35 +01:00
|
|
|
log_warn(LD_OR, "Encoding https authenticator failed");
|
2005-05-20 10:51:45 +02:00
|
|
|
}
|
|
|
|
|
if (base64_authenticator) {
|
2005-04-26 20:33:33 +02:00
|
|
|
tor_snprintf(buf, sizeof(buf), "CONNECT %s:%d HTTP/1.1\r\n"
|
2008-08-05 22:08:19 +02:00
|
|
|
"Proxy-Authorization: Basic %s\r\n\r\n",
|
|
|
|
|
fmt_addr(&conn->addr),
|
2005-04-26 20:33:33 +02:00
|
|
|
conn->port, base64_authenticator);
|
|
|
|
|
tor_free(base64_authenticator);
|
|
|
|
|
} else {
|
|
|
|
|
tor_snprintf(buf, sizeof(buf), "CONNECT %s:%d HTTP/1.0\r\n\r\n",
|
2008-08-05 22:08:19 +02:00
|
|
|
fmt_addr(&conn->addr), conn->port);
|
2005-04-26 20:33:33 +02:00
|
|
|
}
|
2005-02-24 11:56:55 +01:00
|
|
|
connection_write_to_buf(buf, strlen(buf), conn);
|
|
|
|
|
conn->state = OR_CONN_STATE_PROXY_FLUSHING;
|
|
|
|
|
return 0;
|
|
|
|
|
}
|
|
|
|
|
|
2006-07-26 21:07:26 +02:00
|
|
|
if (connection_tls_start_handshake(or_conn, 0) < 0) {
|
2004-05-12 23:12:33 +02:00
|
|
|
/* TLS handshaking error of some kind. */
|
|
|
|
|
connection_mark_for_close(conn);
|
2004-05-12 21:17:09 +02:00
|
|
|
return -1;
|
2002-06-27 00:45:49 +02:00
|
|
|
}
|
2004-05-12 21:17:09 +02:00
|
|
|
return 0;
|
2002-06-27 00:45:49 +02:00
|
|
|
}
|
|
|
|
|
|
2005-08-23 11:50:51 +02:00
|
|
|
/** If we don't necessarily know the router we're connecting to, but we
|
|
|
|
|
* have an addr/port/id_digest, then fill in as much as we can. Start
|
|
|
|
|
* by checking to see if this describes a router we know. */
|
2004-07-01 03:16:59 +02:00
|
|
|
static void
|
2006-07-26 21:07:26 +02:00
|
|
|
connection_or_init_conn_from_address(or_connection_t *conn,
|
2008-08-05 22:08:19 +02:00
|
|
|
const tor_addr_t *addr, uint16_t port,
|
2006-06-07 11:18:53 +02:00
|
|
|
const char *id_digest,
|
|
|
|
|
int started_here)
|
2004-07-01 03:16:59 +02:00
|
|
|
{
|
2004-11-06 06:18:11 +01:00
|
|
|
or_options_t *options = get_options();
|
|
|
|
|
routerinfo_t *r = router_get_by_digest(id_digest);
|
2006-06-07 11:18:53 +02:00
|
|
|
conn->bandwidthrate = (int)options->BandwidthRate;
|
2006-12-13 08:08:36 +01:00
|
|
|
conn->read_bucket = conn->bandwidthburst = (int)options->BandwidthBurst;
|
2006-06-13 07:36:35 +02:00
|
|
|
connection_or_set_identity_digest(conn, id_digest);
|
2008-08-05 22:08:19 +02:00
|
|
|
|
2006-07-26 21:07:26 +02:00
|
|
|
conn->_base.port = port;
|
2008-08-05 22:08:19 +02:00
|
|
|
tor_addr_copy(&conn->_base.addr, addr);
|
|
|
|
|
tor_addr_copy(&conn->real_addr, addr);
|
2004-07-01 03:16:59 +02:00
|
|
|
if (r) {
|
2008-12-18 17:11:24 +01:00
|
|
|
/* XXXX proposal 118 will make this more complex. */
|
2008-08-05 22:08:19 +02:00
|
|
|
if (tor_addr_eq_ipv4h(&conn->_base.addr, r->addr))
|
2007-10-30 19:31:30 +01:00
|
|
|
conn->is_canonical = 1;
|
2006-06-13 07:36:35 +02:00
|
|
|
if (!started_here) {
|
|
|
|
|
/* Override the addr/port, so our log messages will make sense.
|
|
|
|
|
* This is dangerous, since if we ever try looking up a conn by
|
|
|
|
|
* its actual addr/port, we won't remember. Careful! */
|
2008-12-18 17:11:24 +01:00
|
|
|
/* XXXX arma: this is stupid, and it's the reason we need real_addr
|
2008-02-12 21:20:52 +01:00
|
|
|
* to track is_canonical properly. What requires it? */
|
2008-02-12 23:21:20 +01:00
|
|
|
/* XXXX <arma> i believe the reason we did this, originally, is because
|
|
|
|
|
* we wanted to log what OR a connection was to, and if we logged the
|
|
|
|
|
* right IP address and port 56244, that wouldn't be as helpful. now we
|
|
|
|
|
* log the "right" port too, so we know if it's moria1 or moria2.
|
2008-08-05 22:08:19 +02:00
|
|
|
*/
|
|
|
|
|
tor_addr_from_ipv4h(&conn->_base.addr, r->addr);
|
2006-07-26 21:07:26 +02:00
|
|
|
conn->_base.port = r->or_port;
|
2006-06-13 07:36:35 +02:00
|
|
|
}
|
|
|
|
|
conn->nickname = tor_strdup(r->nickname);
|
2006-07-26 21:07:26 +02:00
|
|
|
tor_free(conn->_base.address);
|
|
|
|
|
conn->_base.address = tor_strdup(r->address);
|
2004-09-29 00:24:56 +02:00
|
|
|
} else {
|
2006-06-07 11:18:53 +02:00
|
|
|
const char *n;
|
|
|
|
|
/* If we're an authoritative directory server, we may know a
|
|
|
|
|
* nickname for this router. */
|
|
|
|
|
n = dirserv_get_nickname_by_digest(id_digest);
|
|
|
|
|
if (n) {
|
|
|
|
|
conn->nickname = tor_strdup(n);
|
|
|
|
|
} else {
|
|
|
|
|
conn->nickname = tor_malloc(HEX_DIGEST_LEN+2);
|
|
|
|
|
conn->nickname[0] = '$';
|
|
|
|
|
base16_encode(conn->nickname+1, HEX_DIGEST_LEN+1,
|
|
|
|
|
conn->identity_digest, DIGEST_LEN);
|
|
|
|
|
}
|
2006-07-26 21:07:26 +02:00
|
|
|
tor_free(conn->_base.address);
|
2008-08-05 22:08:19 +02:00
|
|
|
conn->_base.address = tor_dup_addr(addr);
|
2004-09-29 00:24:56 +02:00
|
|
|
}
|
2004-07-01 03:16:59 +02:00
|
|
|
}
|
|
|
|
|
|
2008-12-24 03:38:04 +01:00
|
|
|
/** Return true iff <b>a</b> is "better" than <b>b</b> for new circuits.
|
2005-11-30 04:01:16 +01:00
|
|
|
*
|
2008-12-24 03:38:04 +01:00
|
|
|
* A more canonical connection is always better than a less canonical
|
|
|
|
|
* connection. That aside, a connection is better if it has circuits and the
|
|
|
|
|
* other does not, or if it was created more recently.
|
|
|
|
|
*
|
|
|
|
|
* Requires that both input connections are open; not is_bad_for_new_circs,
|
|
|
|
|
* and not impossibly non-canonical.
|
2009-01-28 18:36:41 +01:00
|
|
|
*
|
|
|
|
|
* If </b>forgive_new_connections</b> is true, then we do not call
|
|
|
|
|
* <b>a</b>better than <b>b</b> simply because b has no circuits,
|
|
|
|
|
* unless b is also relatively old.
|
2005-11-30 04:01:16 +01:00
|
|
|
*/
|
2008-12-24 03:38:04 +01:00
|
|
|
static int
|
2009-01-28 18:36:41 +01:00
|
|
|
connection_or_is_better(time_t now,
|
|
|
|
|
const or_connection_t *a,
|
|
|
|
|
const or_connection_t *b,
|
|
|
|
|
int forgive_new_connections)
|
2005-11-30 04:01:16 +01:00
|
|
|
{
|
|
|
|
|
int newer;
|
2009-01-28 18:36:41 +01:00
|
|
|
/** Do not definitively deprecate a new connection with no circuits on it
|
|
|
|
|
* until this much time has passed. */
|
|
|
|
|
#define NEW_CONN_GRACE_PERIOD (15*60)
|
2008-12-24 03:38:04 +01:00
|
|
|
|
|
|
|
|
if (b->is_canonical && !a->is_canonical)
|
|
|
|
|
return 0; /* A canonical connection is better than a non-canonical
|
|
|
|
|
* one, no matter how new it is or which has circuits. */
|
|
|
|
|
|
|
|
|
|
newer = b->_base.timestamp_created < a->_base.timestamp_created;
|
|
|
|
|
|
2009-01-28 18:36:41 +01:00
|
|
|
if (
|
|
|
|
|
/* We prefer canonical connections regardless of newness. */
|
|
|
|
|
(!b->is_canonical && a->is_canonical) ||
|
|
|
|
|
/* If both have circuits we prefer the newer: */
|
|
|
|
|
(b->n_circuits && a->n_circuits && newer) ||
|
|
|
|
|
/* If neither has circuits we prefer the newer: */
|
|
|
|
|
(!b->n_circuits && !a->n_circuits && newer))
|
|
|
|
|
return 1;
|
|
|
|
|
|
|
|
|
|
/* If one has no circuits and the other does... */
|
|
|
|
|
if (!b->n_circuits && a->n_circuits) {
|
|
|
|
|
/* Then it's bad, unless it's in its grace period and we're forgiving. */
|
|
|
|
|
if (forgive_new_connections &&
|
|
|
|
|
now < b->_base.timestamp_created + NEW_CONN_GRACE_PERIOD)
|
|
|
|
|
return 0;
|
|
|
|
|
else
|
|
|
|
|
return 1;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return 0;
|
2008-12-24 03:38:04 +01:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/** Return the OR connection we should use to extend a circuit to the router
|
|
|
|
|
* whose identity is <b>digest</b>, and whose address we believe (or have been
|
|
|
|
|
* told in an extend cell) is <b>target_addr</b>. If there is no good
|
|
|
|
|
* connection, set *<b>msg_out</b> to a message describing the connection's
|
|
|
|
|
* state and our next action, and set <b>launch_out</b> to a boolean for
|
|
|
|
|
* whether we should launch a new connection or not.
|
|
|
|
|
*/
|
|
|
|
|
or_connection_t *
|
|
|
|
|
connection_or_get_for_extend(const char *digest,
|
|
|
|
|
const tor_addr_t *target_addr,
|
|
|
|
|
const char **msg_out,
|
|
|
|
|
int *launch_out)
|
|
|
|
|
{
|
2006-07-26 21:07:26 +02:00
|
|
|
or_connection_t *conn, *best=NULL;
|
2008-12-24 03:38:04 +01:00
|
|
|
int n_inprogress_goodaddr = 0, n_old = 0, n_noncanonical = 0, n_possible = 0;
|
2009-01-28 18:36:41 +01:00
|
|
|
time_t now = approx_time();
|
2005-11-30 04:01:16 +01:00
|
|
|
|
2008-12-24 03:38:04 +01:00
|
|
|
tor_assert(msg_out);
|
|
|
|
|
tor_assert(launch_out);
|
|
|
|
|
|
|
|
|
|
if (!orconn_identity_map) {
|
|
|
|
|
*msg_out = "Router not connected (nothing is). Connecting.";
|
|
|
|
|
*launch_out = 1;
|
2005-11-30 04:01:16 +01:00
|
|
|
return NULL;
|
2008-12-24 03:38:04 +01:00
|
|
|
}
|
2005-11-30 04:01:16 +01:00
|
|
|
|
|
|
|
|
conn = digestmap_get(orconn_identity_map, digest);
|
|
|
|
|
|
|
|
|
|
for (; conn; conn = conn->next_with_same_id) {
|
2006-07-26 21:07:26 +02:00
|
|
|
tor_assert(conn->_base.magic == OR_CONNECTION_MAGIC);
|
|
|
|
|
tor_assert(conn->_base.type == CONN_TYPE_OR);
|
2005-11-30 04:01:16 +01:00
|
|
|
tor_assert(!memcmp(conn->identity_digest, digest, DIGEST_LEN));
|
2006-07-26 21:07:26 +02:00
|
|
|
if (conn->_base.marked_for_close)
|
2005-11-30 04:01:16 +01:00
|
|
|
continue;
|
2008-12-24 03:38:04 +01:00
|
|
|
/* Never return a non-open connection. */
|
|
|
|
|
if (conn->_base.state != OR_CONN_STATE_OPEN) {
|
|
|
|
|
/* If the address matches, don't launch a new connection for this
|
|
|
|
|
* circuit. */
|
|
|
|
|
if (!tor_addr_compare(&conn->real_addr, target_addr, CMP_EXACT))
|
|
|
|
|
++n_inprogress_goodaddr;
|
|
|
|
|
continue;
|
|
|
|
|
}
|
|
|
|
|
/* Never return a connection that shouldn't be used for circs. */
|
|
|
|
|
if (conn->is_bad_for_new_circs) {
|
|
|
|
|
++n_old;
|
|
|
|
|
continue;
|
|
|
|
|
}
|
|
|
|
|
/* Never return a non-canonical connection using a recent link protocol
|
|
|
|
|
* if the address is not what we wanted.
|
|
|
|
|
*
|
|
|
|
|
* (For old link protocols, we can't rely on is_canonical getting
|
|
|
|
|
* set properly if we're talking to the right address, since we might
|
|
|
|
|
* have an out-of-date descriptor, and we will get no NETINFO cell to
|
|
|
|
|
* tell us about the right address.) */
|
|
|
|
|
if (!conn->is_canonical && conn->link_proto >= 2 &&
|
|
|
|
|
tor_addr_compare(&conn->real_addr, target_addr, CMP_EXACT)) {
|
|
|
|
|
++n_noncanonical;
|
|
|
|
|
continue;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
++n_possible;
|
|
|
|
|
|
2005-11-30 04:01:16 +01:00
|
|
|
if (!best) {
|
2008-12-24 03:38:04 +01:00
|
|
|
best = conn; /* If we have no 'best' so far, this one is good enough. */
|
2005-11-30 04:01:16 +01:00
|
|
|
continue;
|
|
|
|
|
}
|
2008-12-24 03:38:04 +01:00
|
|
|
|
2009-01-28 18:36:41 +01:00
|
|
|
if (connection_or_is_better(now, conn, best, 0))
|
2006-02-14 01:08:19 +01:00
|
|
|
best = conn;
|
2005-11-30 04:01:16 +01:00
|
|
|
}
|
2008-12-24 03:38:04 +01:00
|
|
|
|
|
|
|
|
if (best) {
|
|
|
|
|
*msg_out = "Connection is fine; using it.";
|
|
|
|
|
*launch_out = 0;
|
|
|
|
|
return best;
|
|
|
|
|
} else if (n_inprogress_goodaddr) {
|
|
|
|
|
*msg_out = "Connection in progress; waiting.";
|
|
|
|
|
*launch_out = 0;
|
|
|
|
|
return NULL;
|
|
|
|
|
} else if (n_old || n_noncanonical) {
|
|
|
|
|
*msg_out = "Connections all too old, or too non-canonical. "
|
|
|
|
|
" Launching a new one.";
|
|
|
|
|
*launch_out = 1;
|
|
|
|
|
return NULL;
|
|
|
|
|
} else {
|
|
|
|
|
*msg_out = "Not connected. Connecting.";
|
|
|
|
|
*launch_out = 1;
|
|
|
|
|
return NULL;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/** How old do we let a connection to an OR get before deciding it's
|
|
|
|
|
* too old for new circuits? */
|
|
|
|
|
#define TIME_BEFORE_OR_CONN_IS_TOO_OLD (60*60*24*7)
|
|
|
|
|
|
|
|
|
|
/** Given the head of the linked list for all the or_connections with a given
|
|
|
|
|
* identity, set elements of that list as is_bad_for_new_circs() as
|
|
|
|
|
* appropriate. Helper for connection_or_set_bad_connections().
|
|
|
|
|
*/
|
|
|
|
|
static void
|
|
|
|
|
connection_or_group_set_badness(or_connection_t *head)
|
|
|
|
|
{
|
|
|
|
|
or_connection_t *or_conn = NULL, *best = NULL;
|
|
|
|
|
int n_old = 0, n_inprogress = 0, n_canonical = 0, n_other = 0;
|
|
|
|
|
time_t now = time(NULL);
|
|
|
|
|
|
|
|
|
|
/* Pass 1: expire everything that's old, and see what the status of
|
|
|
|
|
* everything else is. */
|
|
|
|
|
for (or_conn = head; or_conn; or_conn = or_conn->next_with_same_id) {
|
|
|
|
|
if (or_conn->_base.marked_for_close ||
|
|
|
|
|
or_conn->is_bad_for_new_circs)
|
|
|
|
|
continue;
|
|
|
|
|
if (or_conn->_base.timestamp_created + TIME_BEFORE_OR_CONN_IS_TOO_OLD
|
|
|
|
|
< now) {
|
|
|
|
|
log_info(LD_OR,
|
|
|
|
|
"Marking OR conn to %s:%d as too old for new circuits "
|
|
|
|
|
"(fd %d, %d secs old).",
|
|
|
|
|
or_conn->_base.address, or_conn->_base.port, or_conn->_base.s,
|
|
|
|
|
(int)(now - or_conn->_base.timestamp_created));
|
|
|
|
|
or_conn->is_bad_for_new_circs = 1;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if (or_conn->is_bad_for_new_circs) {
|
|
|
|
|
++n_old;
|
|
|
|
|
} else if (or_conn->_base.state != OR_CONN_STATE_OPEN) {
|
|
|
|
|
++n_inprogress;
|
|
|
|
|
} else if (or_conn->is_canonical) {
|
|
|
|
|
++n_canonical;
|
|
|
|
|
} else {
|
|
|
|
|
++n_other;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/* Pass 2: We know how about how good the best connection is.
|
|
|
|
|
* expire everything that's worse, and find the very best if we can. */
|
|
|
|
|
for (or_conn = head; or_conn; or_conn = or_conn->next_with_same_id) {
|
|
|
|
|
if (or_conn->_base.marked_for_close ||
|
|
|
|
|
or_conn->is_bad_for_new_circs)
|
|
|
|
|
continue; /* This one doesn't need to be marked bad. */
|
|
|
|
|
if (or_conn->_base.state != OR_CONN_STATE_OPEN)
|
|
|
|
|
continue; /* Don't mark anything bad until we have seen what happens
|
|
|
|
|
* when the connection finishes. */
|
|
|
|
|
if (n_canonical && !or_conn->is_canonical) {
|
|
|
|
|
/* We have at least one open canonical connection to this router,
|
|
|
|
|
* and this one is open but not canonical. Mark it bad. */
|
|
|
|
|
log_info(LD_OR,
|
|
|
|
|
"Marking OR conn to %s:%d as too old for new circuits: "
|
|
|
|
|
"(fd %d, %d secs old). It is not canonical, and we have "
|
|
|
|
|
"another connection to that OR that is.",
|
|
|
|
|
or_conn->_base.address, or_conn->_base.port, or_conn->_base.s,
|
|
|
|
|
(int)(now - or_conn->_base.timestamp_created));
|
|
|
|
|
or_conn->is_bad_for_new_circs = 1;
|
|
|
|
|
continue;
|
|
|
|
|
}
|
|
|
|
|
|
2009-01-28 18:36:41 +01:00
|
|
|
if (!best || connection_or_is_better(now, or_conn, best, 0))
|
2008-12-24 03:38:04 +01:00
|
|
|
best = or_conn;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if (!best)
|
|
|
|
|
return;
|
|
|
|
|
|
|
|
|
|
/* Pass 3: One connection to OR is best. If it's canonical, mark as bad
|
|
|
|
|
* every other open connection. If it's non-canonical, mark as bad
|
|
|
|
|
* every other open connection to the same address.
|
|
|
|
|
*
|
2008-12-29 20:57:13 +01:00
|
|
|
* XXXX This isn't optimal; if we have connections to an OR at multiple
|
|
|
|
|
* addresses, we'd like to pick the best _for each address_, and mark as
|
|
|
|
|
* bad every open connection that isn't best for its address. But this
|
|
|
|
|
* can only occur in cases where the other OR is old (so we have no
|
|
|
|
|
* canonical connection to it), or where all the connections to the OR are
|
|
|
|
|
* at noncanonical addresses and we have no good direct connection (which
|
|
|
|
|
* means we aren't at risk of attaching circuits to it anyway). As
|
|
|
|
|
* 0.1.2.x dies out, the first case will go away, and the second one is
|
|
|
|
|
* "mostly harmless", so a fix can wait until somebody is bored.
|
2008-12-24 03:38:04 +01:00
|
|
|
*/
|
|
|
|
|
for (or_conn = head; or_conn; or_conn = or_conn->next_with_same_id) {
|
|
|
|
|
if (or_conn->_base.marked_for_close ||
|
|
|
|
|
or_conn->is_bad_for_new_circs ||
|
|
|
|
|
or_conn->_base.state != OR_CONN_STATE_OPEN)
|
|
|
|
|
continue;
|
2009-01-28 18:36:41 +01:00
|
|
|
if (or_conn != best && connection_or_is_better(now, best, or_conn, 1)) {
|
|
|
|
|
/* This isn't the best conn, _and_ the best conn is better than it,
|
|
|
|
|
even when we're being forgiving. */
|
2008-12-24 03:38:04 +01:00
|
|
|
if (best->is_canonical) {
|
|
|
|
|
log_info(LD_OR,
|
|
|
|
|
"Marking OR conn to %s:%d as too old for new circuits: "
|
|
|
|
|
"(fd %d, %d secs old). We have a better canonical one "
|
|
|
|
|
"(fd %d; %d secs old).",
|
|
|
|
|
or_conn->_base.address, or_conn->_base.port, or_conn->_base.s,
|
|
|
|
|
(int)(now - or_conn->_base.timestamp_created),
|
|
|
|
|
best->_base.s, (int)(now - best->_base.timestamp_created));
|
|
|
|
|
or_conn->is_bad_for_new_circs = 1;
|
|
|
|
|
} else if (!tor_addr_compare(&or_conn->real_addr,
|
|
|
|
|
&best->real_addr, CMP_EXACT)) {
|
|
|
|
|
log_info(LD_OR,
|
|
|
|
|
"Marking OR conn to %s:%d as too old for new circuits: "
|
|
|
|
|
"(fd %d, %d secs old). We have a better one "
|
|
|
|
|
"(fd %d; %d secs old).",
|
|
|
|
|
or_conn->_base.address, or_conn->_base.port, or_conn->_base.s,
|
|
|
|
|
(int)(now - or_conn->_base.timestamp_created),
|
|
|
|
|
best->_base.s, (int)(now - best->_base.timestamp_created));
|
|
|
|
|
or_conn->is_bad_for_new_circs = 1;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/** Go through all the OR connections, and set the is_bad_for_new_circs
|
|
|
|
|
* flag on:
|
|
|
|
|
* - all connections that are too old.
|
|
|
|
|
* - all open non-canonical connections for which a canonical connection
|
|
|
|
|
* exists to the same router.
|
|
|
|
|
* - all open canonical connections for which a 'better' canonical
|
|
|
|
|
* connection exists to the same router.
|
|
|
|
|
* - all open non-canonical connections for which a 'better' non-canonical
|
|
|
|
|
* connection exists to the same router at the same address.
|
|
|
|
|
*
|
|
|
|
|
* See connection_or_is_better() for our idea of what makes one OR connection
|
|
|
|
|
* better than another.
|
|
|
|
|
*/
|
|
|
|
|
void
|
|
|
|
|
connection_or_set_bad_connections(void)
|
|
|
|
|
{
|
|
|
|
|
if (!orconn_identity_map)
|
|
|
|
|
return;
|
|
|
|
|
|
|
|
|
|
DIGESTMAP_FOREACH(orconn_identity_map, identity, or_connection_t *, conn) {
|
|
|
|
|
connection_or_group_set_badness(conn);
|
|
|
|
|
} DIGESTMAP_FOREACH_END;
|
2005-11-30 04:01:16 +01:00
|
|
|
}
|
|
|
|
|
|
2008-09-09 08:25:39 +02:00
|
|
|
/** <b>conn</b> is in the 'connecting' state, and it failed to complete
|
|
|
|
|
* a TCP connection. Send notifications appropriately.
|
|
|
|
|
*
|
|
|
|
|
* <b>reason</b> specifies the or_conn_end_reason for the failure;
|
|
|
|
|
* <b>msg</b> specifies the strerror-style error message.
|
|
|
|
|
*/
|
|
|
|
|
void
|
|
|
|
|
connection_or_connect_failed(or_connection_t *conn,
|
|
|
|
|
int reason, const char *msg)
|
|
|
|
|
{
|
|
|
|
|
control_event_or_conn_status(conn, OR_CONN_EVENT_FAILED, reason);
|
|
|
|
|
if (!authdir_mode_tests_reachability(get_options()))
|
|
|
|
|
control_event_bootstrap_problem(msg, reason);
|
|
|
|
|
}
|
|
|
|
|
|
2004-07-02 11:29:01 +02:00
|
|
|
/** Launch a new OR connection to <b>addr</b>:<b>port</b> and expect to
|
|
|
|
|
* handshake with an OR with identity digest <b>id_digest</b>.
|
2004-05-07 10:53:40 +02:00
|
|
|
*
|
2004-07-02 11:29:01 +02:00
|
|
|
* If <b>id_digest</b> is me, do nothing. If we're already connected to it,
|
2004-07-21 02:12:42 +02:00
|
|
|
* return that connection. If the connect() is in progress, set the
|
|
|
|
|
* new conn's state to 'connecting' and return it. If connect() succeeds,
|
2005-08-23 11:50:51 +02:00
|
|
|
* call connection_tls_start_handshake() on it.
|
2004-05-07 10:53:40 +02:00
|
|
|
*
|
2004-05-09 18:33:04 +02:00
|
|
|
* This function is called from router_retry_connections(), for
|
2004-05-07 10:53:40 +02:00
|
|
|
* ORs connecting to ORs, and circuit_establish_circuit(), for
|
|
|
|
|
* OPs connecting to ORs.
|
|
|
|
|
*
|
|
|
|
|
* Return the launched conn, or NULL if it failed.
|
|
|
|
|
*/
|
2006-07-26 21:07:26 +02:00
|
|
|
or_connection_t *
|
2008-08-05 22:08:19 +02:00
|
|
|
connection_or_connect(const tor_addr_t *_addr, uint16_t port,
|
|
|
|
|
const char *id_digest)
|
2005-06-11 20:52:12 +02:00
|
|
|
{
|
2006-07-26 21:07:26 +02:00
|
|
|
or_connection_t *conn;
|
2005-02-24 11:56:55 +01:00
|
|
|
or_options_t *options = get_options();
|
2008-06-11 03:14:23 +02:00
|
|
|
int socket_error = 0;
|
2008-08-05 22:08:19 +02:00
|
|
|
tor_addr_t addr;
|
2002-06-27 00:45:49 +02:00
|
|
|
|
2008-08-05 22:08:19 +02:00
|
|
|
tor_assert(_addr);
|
2004-07-02 11:29:01 +02:00
|
|
|
tor_assert(id_digest);
|
2008-08-05 22:08:19 +02:00
|
|
|
tor_addr_copy(&addr, _addr);
|
2003-05-28 04:03:25 +02:00
|
|
|
|
2006-06-05 10:02:04 +02:00
|
|
|
if (server_mode(options) && router_digest_is_me(id_digest)) {
|
2006-02-13 10:02:35 +01:00
|
|
|
log_info(LD_PROTOCOL,"Client asked me to connect to myself. Refusing.");
|
2003-05-28 04:03:25 +02:00
|
|
|
return NULL;
|
|
|
|
|
}
|
|
|
|
|
|
2008-09-06 00:09:44 +02:00
|
|
|
conn = or_connection_new(AF_INET);
|
2002-06-27 00:45:49 +02:00
|
|
|
|
|
|
|
|
/* set up conn so it's got all the data we need to remember */
|
2008-08-05 22:08:19 +02:00
|
|
|
connection_or_init_conn_from_address(conn, &addr, port, id_digest, 1);
|
2006-07-26 21:07:26 +02:00
|
|
|
conn->_base.state = OR_CONN_STATE_CONNECTING;
|
2007-01-15 22:13:37 +01:00
|
|
|
control_event_or_conn_status(conn, OR_CONN_EVENT_LAUNCHED, 0);
|
2002-06-27 00:45:49 +02:00
|
|
|
|
2005-02-24 11:56:55 +01:00
|
|
|
if (options->HttpsProxy) {
|
|
|
|
|
/* we shouldn't connect directly. use the https proxy instead. */
|
2008-08-05 22:08:19 +02:00
|
|
|
tor_addr_from_ipv4h(&addr, options->HttpsProxyAddr);
|
2005-02-24 11:56:55 +01:00
|
|
|
port = options->HttpsProxyPort;
|
|
|
|
|
}
|
|
|
|
|
|
2008-06-11 03:14:23 +02:00
|
|
|
switch (connection_connect(TO_CONN(conn), conn->_base.address,
|
2008-08-05 22:08:19 +02:00
|
|
|
&addr, port, &socket_error)) {
|
2003-09-16 03:58:46 +02:00
|
|
|
case -1:
|
2005-12-25 00:32:15 +01:00
|
|
|
/* If the connection failed immediately, and we're using
|
|
|
|
|
* an https proxy, our https proxy is down. Don't blame the
|
|
|
|
|
* Tor server. */
|
2009-02-05 00:27:35 +01:00
|
|
|
if (!options->HttpsProxy)
|
|
|
|
|
entry_guard_register_connect_status(conn->identity_digest,
|
|
|
|
|
0, 1, time(NULL));
|
2008-09-09 08:25:39 +02:00
|
|
|
connection_or_connect_failed(conn,
|
|
|
|
|
errno_to_orconn_end_reason(socket_error),
|
|
|
|
|
tor_socket_strerror(socket_error));
|
2006-07-26 21:07:26 +02:00
|
|
|
connection_free(TO_CONN(conn));
|
Integrated onion proxy into or/
The 'or' process can now be told (by the global_role variable) what
roles this server should play -- connect to all ORs, listen for ORs,
listen for OPs, listen for APs, or any combination.
* everything in /src/op/ is now obsolete.
* connection_ap.c now handles all interactions with application proxies
* "port" is now or_port, op_port, ap_port. But routers are still always
referenced (say, in conn_get_by_addr_port()) by addr / or_port. We
should make routers.c actually read these new ports (currently I've
kludged it so op_port = or_port+10, ap_port=or_port+20)
* circuits currently know if they're at the beginning of the path because
circ->cpath is set. They use this instead for crypts (both ways),
if it's set.
* I still obey the "send a 0 back to the AP when you're ready" protocol,
but I think we should phase it out. I can simply not read from the AP
socket until I'm ready.
I need to do a lot of cleanup work here, but the code appears to work, so
now's a good time for a checkin.
svn:r22
2002-07-02 11:36:58 +02:00
|
|
|
return NULL;
|
2003-09-16 03:58:46 +02:00
|
|
|
case 0:
|
2006-07-26 21:07:26 +02:00
|
|
|
connection_watch_events(TO_CONN(conn), EV_READ | EV_WRITE);
|
2003-08-14 19:13:52 +02:00
|
|
|
/* writable indicates finish, readable indicates broken link,
|
|
|
|
|
error indicates broken link on windows */
|
Integrated onion proxy into or/
The 'or' process can now be told (by the global_role variable) what
roles this server should play -- connect to all ORs, listen for ORs,
listen for OPs, listen for APs, or any combination.
* everything in /src/op/ is now obsolete.
* connection_ap.c now handles all interactions with application proxies
* "port" is now or_port, op_port, ap_port. But routers are still always
referenced (say, in conn_get_by_addr_port()) by addr / or_port. We
should make routers.c actually read these new ports (currently I've
kludged it so op_port = or_port+10, ap_port=or_port+20)
* circuits currently know if they're at the beginning of the path because
circ->cpath is set. They use this instead for crypts (both ways),
if it's set.
* I still obey the "send a 0 back to the AP when you're ready" protocol,
but I think we should phase it out. I can simply not read from the AP
socket until I'm ready.
I need to do a lot of cleanup work here, but the code appears to work, so
now's a good time for a checkin.
svn:r22
2002-07-02 11:36:58 +02:00
|
|
|
return conn;
|
2003-09-16 03:58:46 +02:00
|
|
|
/* case 1: fall through */
|
Integrated onion proxy into or/
The 'or' process can now be told (by the global_role variable) what
roles this server should play -- connect to all ORs, listen for ORs,
listen for OPs, listen for APs, or any combination.
* everything in /src/op/ is now obsolete.
* connection_ap.c now handles all interactions with application proxies
* "port" is now or_port, op_port, ap_port. But routers are still always
referenced (say, in conn_get_by_addr_port()) by addr / or_port. We
should make routers.c actually read these new ports (currently I've
kludged it so op_port = or_port+10, ap_port=or_port+20)
* circuits currently know if they're at the beginning of the path because
circ->cpath is set. They use this instead for crypts (both ways),
if it's set.
* I still obey the "send a 0 back to the AP when you're ready" protocol,
but I think we should phase it out. I can simply not read from the AP
socket until I'm ready.
I need to do a lot of cleanup work here, but the code appears to work, so
now's a good time for a checkin.
svn:r22
2002-07-02 11:36:58 +02:00
|
|
|
}
|
|
|
|
|
|
2005-02-24 11:56:55 +01:00
|
|
|
if (connection_or_finished_connecting(conn) < 0) {
|
|
|
|
|
/* already marked for close */
|
|
|
|
|
return NULL;
|
|
|
|
|
}
|
|
|
|
|
return conn;
|
Integrated onion proxy into or/
The 'or' process can now be told (by the global_role variable) what
roles this server should play -- connect to all ORs, listen for ORs,
listen for OPs, listen for APs, or any combination.
* everything in /src/op/ is now obsolete.
* connection_ap.c now handles all interactions with application proxies
* "port" is now or_port, op_port, ap_port. But routers are still always
referenced (say, in conn_get_by_addr_port()) by addr / or_port. We
should make routers.c actually read these new ports (currently I've
kludged it so op_port = or_port+10, ap_port=or_port+20)
* circuits currently know if they're at the beginning of the path because
circ->cpath is set. They use this instead for crypts (both ways),
if it's set.
* I still obey the "send a 0 back to the AP when you're ready" protocol,
but I think we should phase it out. I can simply not read from the AP
socket until I'm ready.
I need to do a lot of cleanup work here, but the code appears to work, so
now's a good time for a checkin.
svn:r22
2002-07-02 11:36:58 +02:00
|
|
|
}
|
|
|
|
|
|
2004-05-09 18:47:25 +02:00
|
|
|
/** Begin the tls handshake with <b>conn</b>. <b>receiving</b> is 0 if
|
|
|
|
|
* we initiated the connection, else it's 1.
|
2004-05-07 10:53:40 +02:00
|
|
|
*
|
2005-12-25 00:32:15 +01:00
|
|
|
* Assign a new tls object to conn->tls, begin reading on <b>conn</b>, and
|
|
|
|
|
* pass <b>conn</b> to connection_tls_continue_handshake().
|
2004-05-07 10:53:40 +02:00
|
|
|
*
|
2004-05-09 18:47:25 +02:00
|
|
|
* Return -1 if <b>conn</b> is broken, else return 0.
|
2004-05-07 10:53:40 +02:00
|
|
|
*/
|
2005-06-11 20:52:12 +02:00
|
|
|
int
|
2006-07-26 21:07:26 +02:00
|
|
|
connection_tls_start_handshake(or_connection_t *conn, int receiving)
|
2005-06-11 20:52:12 +02:00
|
|
|
{
|
2007-11-05 19:15:44 +01:00
|
|
|
conn->_base.state = OR_CONN_STATE_TLS_HANDSHAKING;
|
2006-07-26 21:07:26 +02:00
|
|
|
conn->tls = tor_tls_new(conn->_base.s, receiving);
|
2008-02-19 23:27:44 +01:00
|
|
|
tor_tls_set_logged_address(conn->tls, escaped_safe_str(conn->_base.address));
|
2005-10-06 07:08:00 +02:00
|
|
|
if (!conn->tls) {
|
2006-02-13 10:02:35 +01:00
|
|
|
log_warn(LD_BUG,"tor_tls_new failed. Closing.");
|
2003-09-30 20:45:55 +02:00
|
|
|
return -1;
|
|
|
|
|
}
|
2006-07-26 21:07:26 +02:00
|
|
|
connection_start_reading(TO_CONN(conn));
|
|
|
|
|
log_debug(LD_OR,"starting TLS handshake on fd %d", conn->_base.s);
|
2006-10-31 20:17:07 +01:00
|
|
|
note_crypto_pk_op(receiving ? TLS_HANDSHAKE_S : TLS_HANDSHAKE_C);
|
|
|
|
|
|
2004-11-28 10:05:49 +01:00
|
|
|
if (connection_tls_continue_handshake(conn) < 0) {
|
2003-09-30 20:45:55 +02:00
|
|
|
return -1;
|
2004-03-06 02:43:37 +01:00
|
|
|
}
|
2003-09-30 20:45:55 +02:00
|
|
|
return 0;
|
|
|
|
|
}
|
|
|
|
|
|
2008-02-08 22:13:15 +01:00
|
|
|
/** Invoked on the server side from inside tor_tls_read() when the server
|
|
|
|
|
* gets a successful TLS renegotiation from the client. */
|
2007-12-01 09:47:13 +01:00
|
|
|
static void
|
|
|
|
|
connection_or_tls_renegotiated_cb(tor_tls_t *tls, void *_conn)
|
|
|
|
|
{
|
|
|
|
|
or_connection_t *conn = _conn;
|
2008-01-13 01:20:47 +01:00
|
|
|
(void)tls;
|
2007-12-01 09:47:13 +01:00
|
|
|
|
2008-02-08 22:13:15 +01:00
|
|
|
/* Don't invoke this again. */
|
|
|
|
|
tor_tls_set_renegotiate_callback(tls, NULL, NULL);
|
2009-11-06 00:13:08 +01:00
|
|
|
tor_tls_block_renegotiation(tls);
|
2008-02-08 22:13:15 +01:00
|
|
|
|
2008-01-13 01:20:47 +01:00
|
|
|
if (connection_tls_finish_handshake(conn) < 0) {
|
2008-02-05 22:39:46 +01:00
|
|
|
/* XXXX_TLS double-check that it's ok to do this from inside read. */
|
2008-02-06 22:53:13 +01:00
|
|
|
/* XXXX_TLS double-check that this verifies certificates. */
|
2008-01-13 01:20:47 +01:00
|
|
|
connection_mark_for_close(TO_CONN(conn));
|
|
|
|
|
}
|
2007-12-01 09:47:13 +01:00
|
|
|
}
|
|
|
|
|
|
2004-05-09 18:47:25 +02:00
|
|
|
/** Move forward with the tls handshake. If it finishes, hand
|
|
|
|
|
* <b>conn</b> to connection_tls_finish_handshake().
|
2004-05-07 10:53:40 +02:00
|
|
|
*
|
2004-05-09 18:47:25 +02:00
|
|
|
* Return -1 if <b>conn</b> is broken, else return 0.
|
2004-05-07 10:53:40 +02:00
|
|
|
*/
|
2005-06-11 20:52:12 +02:00
|
|
|
int
|
2006-07-26 21:07:26 +02:00
|
|
|
connection_tls_continue_handshake(or_connection_t *conn)
|
2005-06-11 20:52:12 +02:00
|
|
|
{
|
2007-11-07 18:44:15 +01:00
|
|
|
int result;
|
2005-04-23 16:26:02 +02:00
|
|
|
check_no_tls_errors();
|
2007-12-01 09:09:48 +01:00
|
|
|
again:
|
2008-02-06 22:53:13 +01:00
|
|
|
if (conn->_base.state == OR_CONN_STATE_TLS_CLIENT_RENEGOTIATING) {
|
|
|
|
|
// log_notice(LD_OR, "Renegotiate with %p", conn->tls);
|
2007-12-01 09:09:48 +01:00
|
|
|
result = tor_tls_renegotiate(conn->tls);
|
2008-02-06 22:53:13 +01:00
|
|
|
// log_notice(LD_OR, "Result: %d", result);
|
|
|
|
|
} else {
|
2008-01-13 01:20:47 +01:00
|
|
|
tor_assert(conn->_base.state == OR_CONN_STATE_TLS_HANDSHAKING);
|
2008-02-06 22:53:13 +01:00
|
|
|
// log_notice(LD_OR, "Continue handshake with %p", conn->tls);
|
2007-12-01 09:09:48 +01:00
|
|
|
result = tor_tls_handshake(conn->tls);
|
2008-02-06 22:53:13 +01:00
|
|
|
// log_notice(LD_OR, "Result: %d", result);
|
2008-01-13 01:20:47 +01:00
|
|
|
}
|
2007-11-07 18:44:15 +01:00
|
|
|
switch (result) {
|
2007-01-15 22:21:05 +01:00
|
|
|
CASE_TOR_TLS_ERROR_ANY:
|
2007-11-07 18:44:15 +01:00
|
|
|
log_info(LD_OR,"tls error [%s]. breaking connection.",
|
|
|
|
|
tor_tls_err_to_string(result));
|
2003-09-30 20:45:55 +02:00
|
|
|
return -1;
|
|
|
|
|
case TOR_TLS_DONE:
|
2007-12-05 17:11:33 +01:00
|
|
|
if (! tor_tls_used_v1_handshake(conn->tls)) {
|
2007-12-01 09:47:13 +01:00
|
|
|
if (!tor_tls_is_server(conn->tls)) {
|
|
|
|
|
if (conn->_base.state == OR_CONN_STATE_TLS_HANDSHAKING) {
|
2008-02-06 22:53:13 +01:00
|
|
|
// log_notice(LD_OR,"Done. state was TLS_HANDSHAKING.");
|
2008-01-13 01:20:47 +01:00
|
|
|
conn->_base.state = OR_CONN_STATE_TLS_CLIENT_RENEGOTIATING;
|
2007-12-01 09:47:13 +01:00
|
|
|
goto again;
|
|
|
|
|
}
|
2008-02-06 22:53:13 +01:00
|
|
|
// log_notice(LD_OR,"Done. state was %d.", conn->_base.state);
|
2007-12-01 09:47:13 +01:00
|
|
|
} else {
|
|
|
|
|
/* improved handshake, but not a client. */
|
|
|
|
|
tor_tls_set_renegotiate_callback(conn->tls,
|
|
|
|
|
connection_or_tls_renegotiated_cb,
|
|
|
|
|
conn);
|
2008-01-13 01:20:47 +01:00
|
|
|
conn->_base.state = OR_CONN_STATE_TLS_SERVER_RENEGOTIATING;
|
|
|
|
|
connection_stop_writing(TO_CONN(conn));
|
|
|
|
|
connection_start_reading(TO_CONN(conn));
|
|
|
|
|
return 0;
|
2007-12-01 09:47:13 +01:00
|
|
|
}
|
2007-12-01 09:09:48 +01:00
|
|
|
}
|
2007-01-15 22:21:05 +01:00
|
|
|
return connection_tls_finish_handshake(conn);
|
2003-09-30 20:45:55 +02:00
|
|
|
case TOR_TLS_WANTWRITE:
|
2006-07-26 21:07:26 +02:00
|
|
|
connection_start_writing(TO_CONN(conn));
|
2006-02-13 10:02:35 +01:00
|
|
|
log_debug(LD_OR,"wanted write");
|
2003-09-30 20:45:55 +02:00
|
|
|
return 0;
|
|
|
|
|
case TOR_TLS_WANTREAD: /* handshaking conns are *always* reading */
|
2006-02-13 10:02:35 +01:00
|
|
|
log_debug(LD_OR,"wanted read");
|
2003-09-30 20:45:55 +02:00
|
|
|
return 0;
|
2007-01-15 22:21:05 +01:00
|
|
|
case TOR_TLS_CLOSE:
|
|
|
|
|
log_info(LD_OR,"tls closed. breaking connection.");
|
|
|
|
|
return -1;
|
2003-09-30 20:45:55 +02:00
|
|
|
}
|
|
|
|
|
return 0;
|
|
|
|
|
}
|
|
|
|
|
|
2005-06-21 01:04:13 +02:00
|
|
|
/** Return 1 if we initiated this connection, or 0 if it started
|
|
|
|
|
* out as an incoming connection.
|
|
|
|
|
*/
|
2005-06-11 20:52:12 +02:00
|
|
|
int
|
2006-07-26 21:07:26 +02:00
|
|
|
connection_or_nonopen_was_started_here(or_connection_t *conn)
|
2004-10-13 22:05:57 +02:00
|
|
|
{
|
2006-07-26 21:07:26 +02:00
|
|
|
tor_assert(conn->_base.type == CONN_TYPE_OR);
|
2006-06-07 09:11:42 +02:00
|
|
|
if (!conn->tls)
|
|
|
|
|
return 1; /* it's still in proxy states or something */
|
2007-11-14 21:01:12 +01:00
|
|
|
if (conn->handshake_state)
|
|
|
|
|
return conn->handshake_state->started_here;
|
2006-06-07 09:11:42 +02:00
|
|
|
return !tor_tls_is_server(conn->tls);
|
2004-07-21 04:25:14 +02:00
|
|
|
}
|
|
|
|
|
|
2007-02-12 22:39:33 +01:00
|
|
|
/** <b>Conn</b> just completed its handshake. Return 0 if all is well, and
|
2005-06-21 01:04:13 +02:00
|
|
|
* return -1 if he is lying, broken, or otherwise something is wrong.
|
2004-05-07 10:53:40 +02:00
|
|
|
*
|
2007-02-12 22:39:33 +01:00
|
|
|
* If we initiated this connection (<b>started_here</b> is true), make sure
|
|
|
|
|
* the other side sent sent a correctly formed certificate. If I initiated the
|
|
|
|
|
* connection, make sure it's the right guy.
|
2004-05-07 10:53:40 +02:00
|
|
|
*
|
2007-02-12 22:39:33 +01:00
|
|
|
* Otherwise (if we _didn't_ initiate this connection), it's okay for
|
|
|
|
|
* the certificate to be weird or absent.
|
|
|
|
|
*
|
|
|
|
|
* If we return 0, and the certificate is as expected, write a hash of the
|
|
|
|
|
* identity key into digest_rcvd, which must have DIGEST_LEN space in it. (If
|
|
|
|
|
* we return -1 this buffer is undefined.) If the certificate is invalid
|
|
|
|
|
* or missing on an incoming connection, we return 0 and set digest_rcvd to
|
|
|
|
|
* DIGEST_LEN 0 bytes.
|
2004-05-07 10:53:40 +02:00
|
|
|
*
|
2005-06-21 01:04:13 +02:00
|
|
|
* As side effects,
|
2006-07-04 05:19:59 +02:00
|
|
|
* 1) Set conn->circ_id_type according to tor-spec.txt.
|
2005-06-21 01:04:13 +02:00
|
|
|
* 2) If we're an authdirserver and we initiated the connection: drop all
|
|
|
|
|
* descriptors that claim to be on that IP/port but that aren't
|
|
|
|
|
* this guy; and note that this guy is reachable.
|
2004-05-07 10:53:40 +02:00
|
|
|
*/
|
2005-06-21 03:08:01 +02:00
|
|
|
static int
|
2007-11-06 19:00:07 +01:00
|
|
|
connection_or_check_valid_tls_handshake(or_connection_t *conn,
|
|
|
|
|
int started_here,
|
|
|
|
|
char *digest_rcvd_out)
|
2005-06-21 03:08:01 +02:00
|
|
|
{
|
2004-07-21 02:44:04 +02:00
|
|
|
crypto_pk_env_t *identity_rcvd=NULL;
|
2004-11-06 06:18:11 +01:00
|
|
|
or_options_t *options = get_options();
|
2005-10-17 03:29:28 +02:00
|
|
|
int severity = server_mode(options) ? LOG_PROTOCOL_WARN : LOG_WARN;
|
2007-01-23 20:22:49 +01:00
|
|
|
const char *safe_address =
|
|
|
|
|
started_here ? conn->_base.address : safe_str(conn->_base.address);
|
2007-02-12 22:39:33 +01:00
|
|
|
const char *conn_type = started_here ? "outgoing" : "incoming";
|
2007-12-01 09:09:48 +01:00
|
|
|
int has_cert = 0, has_identity=0;
|
2003-09-30 20:45:55 +02:00
|
|
|
|
2005-04-23 16:26:02 +02:00
|
|
|
check_no_tls_errors();
|
2007-02-12 22:39:33 +01:00
|
|
|
has_cert = tor_tls_peer_has_cert(conn->tls);
|
|
|
|
|
if (started_here && !has_cert) {
|
|
|
|
|
log_info(LD_PROTOCOL,"Tried connecting to router at %s:%d, but it didn't "
|
|
|
|
|
"send a cert! Closing.",
|
|
|
|
|
safe_address, conn->_base.port);
|
2003-11-18 08:25:04 +01:00
|
|
|
return -1;
|
2007-02-12 22:39:33 +01:00
|
|
|
} else if (!has_cert) {
|
|
|
|
|
log_debug(LD_PROTOCOL,"Got incoming connection with no certificate. "
|
|
|
|
|
"That's ok.");
|
2003-11-18 08:25:04 +01:00
|
|
|
}
|
2005-04-23 16:26:02 +02:00
|
|
|
check_no_tls_errors();
|
2004-07-21 04:25:14 +02:00
|
|
|
|
2007-12-01 09:09:48 +01:00
|
|
|
if (has_cert) {
|
2008-02-12 21:20:52 +01:00
|
|
|
int v = tor_tls_verify(started_here?severity:LOG_INFO,
|
|
|
|
|
conn->tls, &identity_rcvd);
|
2007-12-01 09:09:48 +01:00
|
|
|
if (started_here && v<0) {
|
|
|
|
|
log_fn(severity,LD_OR,"Tried connecting to router at %s:%d: It"
|
|
|
|
|
" has a cert but it's invalid. Closing.",
|
|
|
|
|
safe_address, conn->_base.port);
|
2007-11-14 21:01:12 +01:00
|
|
|
return -1;
|
2007-12-01 09:09:48 +01:00
|
|
|
} else if (v<0) {
|
|
|
|
|
log_info(LD_PROTOCOL,"Incoming connection gave us an invalid cert "
|
|
|
|
|
"chain; ignoring.");
|
|
|
|
|
} else {
|
|
|
|
|
log_debug(LD_OR,"The certificate seems to be valid on %s connection "
|
|
|
|
|
"with %s:%d", conn_type, safe_address, conn->_base.port);
|
2007-02-12 22:39:33 +01:00
|
|
|
}
|
2007-12-01 09:09:48 +01:00
|
|
|
check_no_tls_errors();
|
2003-11-18 08:25:04 +01:00
|
|
|
}
|
2004-07-21 04:25:14 +02:00
|
|
|
|
2007-02-12 22:39:33 +01:00
|
|
|
if (identity_rcvd) {
|
2007-12-01 09:09:48 +01:00
|
|
|
has_identity = 1;
|
2007-11-06 19:00:07 +01:00
|
|
|
crypto_pk_get_digest(identity_rcvd, digest_rcvd_out);
|
2007-02-12 22:39:33 +01:00
|
|
|
if (crypto_pk_cmp_keys(get_identity_key(), identity_rcvd)<0) {
|
|
|
|
|
conn->circ_id_type = CIRC_ID_TYPE_LOWER;
|
|
|
|
|
} else {
|
|
|
|
|
conn->circ_id_type = CIRC_ID_TYPE_HIGHER;
|
|
|
|
|
}
|
|
|
|
|
crypto_free_pk_env(identity_rcvd);
|
2004-11-10 21:14:37 +01:00
|
|
|
} else {
|
2007-11-06 19:00:07 +01:00
|
|
|
memset(digest_rcvd_out, 0, DIGEST_LEN);
|
2007-02-12 22:39:33 +01:00
|
|
|
conn->circ_id_type = CIRC_ID_TYPE_NEITHER;
|
2004-07-21 02:44:04 +02:00
|
|
|
}
|
2004-04-25 00:17:50 +02:00
|
|
|
|
2007-06-15 08:01:04 +02:00
|
|
|
if (started_here && tor_digest_is_zero(conn->identity_digest)) {
|
2008-01-30 23:23:44 +01:00
|
|
|
connection_or_set_identity_digest(conn, digest_rcvd_out);
|
2007-11-03 15:44:53 +01:00
|
|
|
tor_free(conn->nickname);
|
2007-06-15 08:01:04 +02:00
|
|
|
conn->nickname = tor_malloc(HEX_DIGEST_LEN+2);
|
|
|
|
|
conn->nickname[0] = '$';
|
|
|
|
|
base16_encode(conn->nickname+1, HEX_DIGEST_LEN+1,
|
|
|
|
|
conn->identity_digest, DIGEST_LEN);
|
|
|
|
|
log_info(LD_OR, "Connected to router %s at %s:%d without knowing "
|
|
|
|
|
"its key. Hoping for the best.",
|
|
|
|
|
conn->nickname, conn->_base.address, conn->_base.port);
|
|
|
|
|
}
|
|
|
|
|
|
2007-01-23 20:22:49 +01:00
|
|
|
if (started_here) {
|
2005-06-21 01:04:13 +02:00
|
|
|
int as_advertised = 1;
|
2007-02-12 22:39:33 +01:00
|
|
|
tor_assert(has_cert);
|
|
|
|
|
tor_assert(has_identity);
|
2007-11-06 19:00:07 +01:00
|
|
|
if (memcmp(digest_rcvd_out, conn->identity_digest, DIGEST_LEN)) {
|
2005-08-23 11:50:51 +02:00
|
|
|
/* I was aiming for a particular digest. I didn't get it! */
|
|
|
|
|
char seen[HEX_DIGEST_LEN+1];
|
|
|
|
|
char expected[HEX_DIGEST_LEN+1];
|
2007-11-06 19:00:07 +01:00
|
|
|
base16_encode(seen, sizeof(seen), digest_rcvd_out, DIGEST_LEN);
|
2005-12-14 21:40:40 +01:00
|
|
|
base16_encode(expected, sizeof(expected), conn->identity_digest,
|
|
|
|
|
DIGEST_LEN);
|
2005-10-25 09:05:03 +02:00
|
|
|
log_fn(severity, LD_OR,
|
2007-02-12 22:39:33 +01:00
|
|
|
"Tried connecting to router at %s:%d, but identity key was not "
|
2007-02-24 02:12:53 +01:00
|
|
|
"as expected: wanted %s but got %s.",
|
2006-07-26 21:07:26 +02:00
|
|
|
conn->_base.address, conn->_base.port, expected, seen);
|
2009-02-05 00:27:35 +01:00
|
|
|
entry_guard_register_connect_status(conn->identity_digest, 0, 1,
|
|
|
|
|
time(NULL));
|
2007-01-15 22:13:37 +01:00
|
|
|
control_event_or_conn_status(conn, OR_CONN_EVENT_FAILED,
|
|
|
|
|
END_OR_CONN_REASON_OR_IDENTITY);
|
2008-06-18 09:34:04 +02:00
|
|
|
if (!authdir_mode_tests_reachability(options))
|
|
|
|
|
control_event_bootstrap_problem("foo", END_OR_CONN_REASON_OR_IDENTITY);
|
2005-06-21 01:04:13 +02:00
|
|
|
as_advertised = 0;
|
2003-09-30 20:45:55 +02:00
|
|
|
}
|
2007-06-09 09:05:19 +02:00
|
|
|
if (authdir_mode_tests_reachability(options)) {
|
2005-06-21 01:04:13 +02:00
|
|
|
/* We initiated this connection to address:port. Drop all routers
|
2007-02-24 02:26:09 +01:00
|
|
|
* with the same address:port and a different key.
|
2005-06-21 01:04:13 +02:00
|
|
|
*/
|
2006-07-26 21:07:26 +02:00
|
|
|
dirserv_orconn_tls_done(conn->_base.address, conn->_base.port,
|
2007-11-06 19:00:07 +01:00
|
|
|
digest_rcvd_out, as_advertised);
|
2005-06-21 01:04:13 +02:00
|
|
|
}
|
|
|
|
|
if (!as_advertised)
|
|
|
|
|
return -1;
|
|
|
|
|
}
|
|
|
|
|
return 0;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/** The tls handshake is finished.
|
|
|
|
|
*
|
|
|
|
|
* Make sure we are happy with the person we just handshaked with.
|
|
|
|
|
*
|
|
|
|
|
* If he initiated the connection, make sure he's not already connected,
|
|
|
|
|
* then initialize conn from the information in router.
|
|
|
|
|
*
|
|
|
|
|
* If all is successful, call circuit_n_conn_done() to handle events
|
2007-01-23 20:22:49 +01:00
|
|
|
* that have been pending on the <tls handshake completion. Also set the
|
2005-06-21 01:04:13 +02:00
|
|
|
* directory to be dirty (only matters if I'm an authdirserver).
|
|
|
|
|
*/
|
|
|
|
|
static int
|
2006-07-26 21:07:26 +02:00
|
|
|
connection_tls_finish_handshake(or_connection_t *conn)
|
2005-06-21 01:04:13 +02:00
|
|
|
{
|
|
|
|
|
char digest_rcvd[DIGEST_LEN];
|
2005-12-28 08:19:55 +01:00
|
|
|
int started_here = connection_or_nonopen_was_started_here(conn);
|
2005-06-21 01:04:13 +02:00
|
|
|
|
2008-02-06 22:53:13 +01:00
|
|
|
log_debug(LD_OR,"tls handshake with %s done. verifying.",
|
2008-08-07 22:06:40 +02:00
|
|
|
safe_str(conn->_base.address));
|
2004-04-25 00:17:50 +02:00
|
|
|
|
2004-05-07 10:53:40 +02:00
|
|
|
directory_set_dirty();
|
2007-10-30 22:46:02 +01:00
|
|
|
|
2008-01-13 01:20:47 +01:00
|
|
|
if (connection_or_check_valid_tls_handshake(conn, started_here,
|
|
|
|
|
digest_rcvd) < 0)
|
|
|
|
|
return -1;
|
|
|
|
|
|
2007-10-30 22:46:02 +01:00
|
|
|
if (tor_tls_used_v1_handshake(conn->tls)) {
|
|
|
|
|
conn->link_proto = 1;
|
2007-11-07 18:11:23 +01:00
|
|
|
if (!started_here) {
|
2008-08-05 22:08:19 +02:00
|
|
|
connection_or_init_conn_from_address(conn, &conn->_base.addr,
|
2007-11-07 18:11:23 +01:00
|
|
|
conn->_base.port, digest_rcvd, 0);
|
|
|
|
|
}
|
2009-11-06 00:13:08 +01:00
|
|
|
tor_tls_block_renegotiation(conn->tls);
|
2007-10-30 22:46:02 +01:00
|
|
|
return connection_or_set_state_open(conn);
|
|
|
|
|
} else {
|
2007-11-05 19:15:44 +01:00
|
|
|
conn->_base.state = OR_CONN_STATE_OR_HANDSHAKING;
|
2007-11-05 19:15:50 +01:00
|
|
|
if (connection_init_or_handshake_state(conn, started_here) < 0)
|
2007-11-05 19:15:47 +01:00
|
|
|
return -1;
|
2008-02-09 00:41:29 +01:00
|
|
|
if (!started_here) {
|
2008-08-05 22:08:19 +02:00
|
|
|
connection_or_init_conn_from_address(conn, &conn->_base.addr,
|
2008-02-09 00:41:29 +01:00
|
|
|
conn->_base.port, digest_rcvd, 0);
|
|
|
|
|
}
|
2007-10-30 22:46:02 +01:00
|
|
|
return connection_or_send_versions(conn);
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2008-02-11 02:09:24 +01:00
|
|
|
/** Allocate a new connection handshake state for the connection
|
|
|
|
|
* <b>conn</b>. Return 0 on success, -1 on failure. */
|
2007-11-05 19:15:50 +01:00
|
|
|
static int
|
|
|
|
|
connection_init_or_handshake_state(or_connection_t *conn, int started_here)
|
|
|
|
|
{
|
|
|
|
|
or_handshake_state_t *s;
|
|
|
|
|
s = conn->handshake_state = tor_malloc_zero(sizeof(or_handshake_state_t));
|
|
|
|
|
s->started_here = started_here ? 1 : 0;
|
|
|
|
|
return 0;
|
|
|
|
|
}
|
2007-11-05 19:15:47 +01:00
|
|
|
|
2008-02-11 02:09:24 +01:00
|
|
|
/** Free all storage held by <b>state</b>. */
|
2007-11-05 19:15:44 +01:00
|
|
|
void
|
|
|
|
|
or_handshake_state_free(or_handshake_state_t *state)
|
|
|
|
|
{
|
|
|
|
|
tor_assert(state);
|
2007-11-05 19:15:47 +01:00
|
|
|
memset(state, 0xBE, sizeof(or_handshake_state_t));
|
2007-11-05 19:15:44 +01:00
|
|
|
tor_free(state);
|
|
|
|
|
}
|
|
|
|
|
|
2008-02-11 02:09:24 +01:00
|
|
|
/** Set <b>conn</b>'s state to OR_CONN_STATE_OPEN, and tell other subsystems
|
|
|
|
|
* as appropriate. Called when we are done with all TLS and OR handshaking.
|
|
|
|
|
*/
|
2007-10-30 22:46:02 +01:00
|
|
|
int
|
|
|
|
|
connection_or_set_state_open(or_connection_t *conn)
|
|
|
|
|
{
|
|
|
|
|
int started_here = connection_or_nonopen_was_started_here(conn);
|
2007-12-17 23:44:11 +01:00
|
|
|
time_t now = time(NULL);
|
2006-07-26 21:07:26 +02:00
|
|
|
conn->_base.state = OR_CONN_STATE_OPEN;
|
2007-01-15 22:13:37 +01:00
|
|
|
control_event_or_conn_status(conn, OR_CONN_EVENT_CONNECTED, 0);
|
2007-10-30 22:46:02 +01:00
|
|
|
|
2005-12-28 08:19:55 +01:00
|
|
|
if (started_here) {
|
2007-12-17 23:44:11 +01:00
|
|
|
rep_hist_note_connect_succeeded(conn->identity_digest, now);
|
|
|
|
|
if (entry_guard_register_connect_status(conn->identity_digest,
|
2009-02-05 00:27:35 +01:00
|
|
|
1, 0, now) < 0) {
|
2008-04-22 20:38:25 +02:00
|
|
|
/* Close any circuits pending on this conn. We leave it in state
|
|
|
|
|
* 'open' though, because it didn't actually *fail* -- we just
|
|
|
|
|
* chose not to use it. (Otherwise
|
|
|
|
|
* connection_about_to_close_connection() will call a big pile of
|
|
|
|
|
* functions to indicate we shouldn't try it again.) */
|
2008-06-11 01:00:11 +02:00
|
|
|
log_debug(LD_OR, "New entry guard was reachable, but closing this "
|
|
|
|
|
"connection so we can retry the earlier entry guards.");
|
2008-04-22 20:38:25 +02:00
|
|
|
circuit_n_conn_done(conn, 0);
|
2005-12-28 08:19:55 +01:00
|
|
|
return -1;
|
|
|
|
|
}
|
2006-03-18 02:24:04 +01:00
|
|
|
router_set_status(conn->identity_digest, 1);
|
2007-12-17 23:44:11 +01:00
|
|
|
} else {
|
2007-12-25 01:07:13 +01:00
|
|
|
/* only report it to the geoip module if it's not a known router */
|
2008-08-05 22:08:19 +02:00
|
|
|
if (!router_get_by_digest(conn->identity_digest)) {
|
|
|
|
|
if (tor_addr_family(&TO_CONN(conn)->addr) == AF_INET) {
|
2008-12-18 17:11:24 +01:00
|
|
|
/*XXXX IP6 support ipv6 geoip.*/
|
2008-08-05 22:08:19 +02:00
|
|
|
uint32_t a = tor_addr_to_ipv4h(&TO_CONN(conn)->addr);
|
|
|
|
|
geoip_note_client_seen(GEOIP_CLIENT_CONNECT, a, now);
|
|
|
|
|
}
|
|
|
|
|
}
|
2005-12-28 08:19:55 +01:00
|
|
|
}
|
2007-11-14 21:01:12 +01:00
|
|
|
if (conn->handshake_state) {
|
|
|
|
|
or_handshake_state_free(conn->handshake_state);
|
|
|
|
|
conn->handshake_state = NULL;
|
|
|
|
|
}
|
2008-02-09 00:41:29 +01:00
|
|
|
connection_start_reading(TO_CONN(conn));
|
2004-07-02 11:29:01 +02:00
|
|
|
circuit_n_conn_done(conn, 1); /* send the pending creates, if any. */
|
2007-10-30 19:31:30 +01:00
|
|
|
|
2003-09-30 20:45:55 +02:00
|
|
|
return 0;
|
|
|
|
|
}
|
|
|
|
|
|
2007-03-26 16:08:35 +02:00
|
|
|
/** Pack <b>cell</b> into wire-format, and write it onto <b>conn</b>'s outbuf.
|
|
|
|
|
* For cells that use or affect a circuit, this should only be called by
|
2008-01-19 21:00:53 +01:00
|
|
|
* connection_or_flush_from_first_active_circuit().
|
2004-05-13 00:56:26 +02:00
|
|
|
*/
|
2005-06-11 20:52:12 +02:00
|
|
|
void
|
2006-07-26 21:07:26 +02:00
|
|
|
connection_or_write_cell_to_buf(const cell_t *cell, or_connection_t *conn)
|
2005-06-11 20:52:12 +02:00
|
|
|
{
|
2007-04-10 01:15:46 +02:00
|
|
|
packed_cell_t networkcell;
|
2003-09-13 00:45:31 +02:00
|
|
|
|
2004-10-17 00:14:52 +02:00
|
|
|
tor_assert(cell);
|
|
|
|
|
tor_assert(conn);
|
2003-10-09 20:45:14 +02:00
|
|
|
|
2007-04-10 01:15:46 +02:00
|
|
|
cell_pack(&networkcell, cell);
|
2003-12-17 22:09:31 +01:00
|
|
|
|
2007-04-10 01:15:46 +02:00
|
|
|
connection_write_to_buf(networkcell.body, CELL_NETWORK_SIZE, TO_CONN(conn));
|
2007-11-08 17:19:07 +01:00
|
|
|
|
|
|
|
|
if (cell->command != CELL_PADDING)
|
2008-12-19 19:51:35 +01:00
|
|
|
conn->timestamp_last_added_nonpadding = approx_time();
|
2003-09-13 00:45:31 +02:00
|
|
|
}
|
|
|
|
|
|
2008-02-08 22:13:15 +01:00
|
|
|
/** Pack a variable-length <b>cell</b> into wire-format, and write it onto
|
|
|
|
|
* <b>conn</b>'s outbuf. Right now, this <em>DOES NOT</em> support cells that
|
|
|
|
|
* affect a circuit.
|
|
|
|
|
*/
|
2007-11-06 00:34:39 +01:00
|
|
|
void
|
|
|
|
|
connection_or_write_var_cell_to_buf(const var_cell_t *cell,
|
|
|
|
|
or_connection_t *conn)
|
|
|
|
|
{
|
|
|
|
|
char hdr[VAR_CELL_HEADER_SIZE];
|
|
|
|
|
tor_assert(cell);
|
|
|
|
|
tor_assert(conn);
|
|
|
|
|
var_cell_pack_header(cell, hdr);
|
|
|
|
|
connection_write_to_buf(hdr, sizeof(hdr), TO_CONN(conn));
|
2010-12-14 01:34:01 +01:00
|
|
|
connection_write_to_buf((char*)cell->payload,
|
|
|
|
|
cell->payload_len, TO_CONN(conn));
|
2007-11-08 17:19:07 +01:00
|
|
|
if (cell->command != CELL_PADDING)
|
2008-12-19 19:51:35 +01:00
|
|
|
conn->timestamp_last_added_nonpadding = approx_time();
|
2007-11-06 00:34:39 +01:00
|
|
|
}
|
|
|
|
|
|
2008-02-08 22:13:15 +01:00
|
|
|
/** See whether there's a variable-length cell waiting on <b>conn</b>'s
|
|
|
|
|
* inbuf. Return values as for fetch_var_cell_from_buf(). */
|
2007-11-05 22:46:35 +01:00
|
|
|
static int
|
|
|
|
|
connection_fetch_var_cell_from_buf(or_connection_t *conn, var_cell_t **out)
|
|
|
|
|
{
|
2008-02-08 22:13:15 +01:00
|
|
|
return fetch_var_cell_from_buf(conn->_base.inbuf, out, conn->link_proto);
|
2007-11-05 22:46:35 +01:00
|
|
|
}
|
|
|
|
|
|
2004-05-09 18:47:25 +02:00
|
|
|
/** Process cells from <b>conn</b>'s inbuf.
|
|
|
|
|
*
|
|
|
|
|
* Loop: while inbuf contains a cell, pull it off the inbuf, unpack it,
|
|
|
|
|
* and hand it to command_process_cell().
|
|
|
|
|
*
|
2004-05-07 10:53:40 +02:00
|
|
|
* Always return 0.
|
|
|
|
|
*/
|
2005-06-11 20:52:12 +02:00
|
|
|
static int
|
2006-07-26 21:07:26 +02:00
|
|
|
connection_or_process_cells_from_inbuf(or_connection_t *conn)
|
2005-06-11 20:52:12 +02:00
|
|
|
{
|
2007-11-05 22:46:35 +01:00
|
|
|
var_cell_t *var_cell;
|
|
|
|
|
|
|
|
|
|
while (1) {
|
|
|
|
|
log_debug(LD_OR,
|
|
|
|
|
"%d: starting, inbuf_datalen %d (%d pending in tls object).",
|
|
|
|
|
conn->_base.s,(int)buf_datalen(conn->_base.inbuf),
|
|
|
|
|
tor_tls_get_pending_bytes(conn->tls));
|
|
|
|
|
if (connection_fetch_var_cell_from_buf(conn, &var_cell)) {
|
|
|
|
|
if (!var_cell)
|
|
|
|
|
return 0; /* not yet. */
|
|
|
|
|
command_process_var_cell(var_cell, conn);
|
|
|
|
|
var_cell_free(var_cell);
|
|
|
|
|
} else {
|
|
|
|
|
char buf[CELL_NETWORK_SIZE];
|
|
|
|
|
cell_t cell;
|
|
|
|
|
if (buf_datalen(conn->_base.inbuf) < CELL_NETWORK_SIZE) /* whole response
|
|
|
|
|
available? */
|
|
|
|
|
return 0; /* not yet */
|
2003-12-17 22:09:31 +01:00
|
|
|
|
2007-11-05 22:46:35 +01:00
|
|
|
connection_fetch_from_buf(buf, CELL_NETWORK_SIZE, TO_CONN(conn));
|
2003-12-17 22:09:31 +01:00
|
|
|
|
2007-11-05 22:46:35 +01:00
|
|
|
/* retrieve cell info from buf (create the host-order struct from the
|
|
|
|
|
* network-order string) */
|
|
|
|
|
cell_unpack(&cell, buf);
|
2003-10-09 20:45:14 +02:00
|
|
|
|
2007-11-05 22:46:35 +01:00
|
|
|
command_process_cell(&cell, conn);
|
|
|
|
|
}
|
|
|
|
|
}
|
2003-09-13 00:45:31 +02:00
|
|
|
}
|
2005-06-09 21:03:31 +02:00
|
|
|
|
2006-01-05 22:23:03 +01:00
|
|
|
/** Write a destroy cell with circ ID <b>circ_id</b> and reason <b>reason</b>
|
|
|
|
|
* onto OR connection <b>conn</b>. Don't perform range-checking on reason:
|
|
|
|
|
* we may want to propagate reasons from other cells.
|
|
|
|
|
*
|
|
|
|
|
* Return 0.
|
|
|
|
|
*/
|
|
|
|
|
int
|
2008-07-23 17:58:30 +02:00
|
|
|
connection_or_send_destroy(circid_t circ_id, or_connection_t *conn, int reason)
|
2006-01-05 22:23:03 +01:00
|
|
|
{
|
|
|
|
|
cell_t cell;
|
|
|
|
|
|
|
|
|
|
tor_assert(conn);
|
|
|
|
|
|
|
|
|
|
memset(&cell, 0, sizeof(cell_t));
|
|
|
|
|
cell.circ_id = circ_id;
|
|
|
|
|
cell.command = CELL_DESTROY;
|
|
|
|
|
cell.payload[0] = (uint8_t) reason;
|
2006-02-13 10:02:35 +01:00
|
|
|
log_debug(LD_OR,"Sending destroy (circID %d).", circ_id);
|
2007-03-26 16:08:35 +02:00
|
|
|
|
2008-02-05 22:39:46 +01:00
|
|
|
/* XXXX It's possible that under some circumstances, we want the destroy
|
|
|
|
|
* to take precedence over other data waiting on the circuit's cell queue.
|
|
|
|
|
*/
|
2007-03-26 16:08:35 +02:00
|
|
|
|
2006-01-05 22:23:03 +01:00
|
|
|
connection_or_write_cell_to_buf(&cell, conn);
|
|
|
|
|
return 0;
|
|
|
|
|
}
|
|
|
|
|
|
2008-02-08 22:13:15 +01:00
|
|
|
/** Array of recognized link protocol versions. */
|
2008-01-13 01:20:47 +01:00
|
|
|
static const uint16_t or_protocol_versions[] = { 1, 2 };
|
2008-02-08 22:13:15 +01:00
|
|
|
/** Number of versions in <b>or_protocol_versions</b>. */
|
2008-01-13 01:20:47 +01:00
|
|
|
static const int n_or_protocol_versions =
|
2008-02-22 20:09:45 +01:00
|
|
|
(int)( sizeof(or_protocol_versions)/sizeof(uint16_t) );
|
2008-01-13 01:20:47 +01:00
|
|
|
|
2008-02-08 22:13:15 +01:00
|
|
|
/** Return true iff <b>v</b> is a link protocol version that this Tor
|
|
|
|
|
* implementation believes it can support. */
|
2008-01-13 01:20:47 +01:00
|
|
|
int
|
|
|
|
|
is_or_protocol_version_known(uint16_t v)
|
|
|
|
|
{
|
|
|
|
|
int i;
|
|
|
|
|
for (i = 0; i < n_or_protocol_versions; ++i) {
|
|
|
|
|
if (or_protocol_versions[i] == v)
|
|
|
|
|
return 1;
|
|
|
|
|
}
|
|
|
|
|
return 0;
|
|
|
|
|
}
|
|
|
|
|
|
2008-02-08 22:13:15 +01:00
|
|
|
/** Send a VERSIONS cell on <b>conn</b>, telling the other host about the
|
|
|
|
|
* link protocol versions that this Tor can support. */
|
2007-10-30 19:31:30 +01:00
|
|
|
static int
|
|
|
|
|
connection_or_send_versions(or_connection_t *conn)
|
|
|
|
|
{
|
2007-11-06 00:34:39 +01:00
|
|
|
var_cell_t *cell;
|
2007-10-30 19:31:30 +01:00
|
|
|
int i;
|
2007-11-05 19:15:44 +01:00
|
|
|
tor_assert(conn->handshake_state &&
|
|
|
|
|
!conn->handshake_state->sent_versions_at);
|
2008-01-13 01:20:47 +01:00
|
|
|
cell = var_cell_new(n_or_protocol_versions * 2);
|
2007-11-06 00:34:39 +01:00
|
|
|
cell->command = CELL_VERSIONS;
|
2008-01-13 01:20:47 +01:00
|
|
|
for (i = 0; i < n_or_protocol_versions; ++i) {
|
|
|
|
|
uint16_t v = or_protocol_versions[i];
|
2007-11-06 00:34:39 +01:00
|
|
|
set_uint16(cell->payload+(2*i), htons(v));
|
2007-10-30 19:31:30 +01:00
|
|
|
}
|
|
|
|
|
|
2007-11-06 00:34:39 +01:00
|
|
|
connection_or_write_var_cell_to_buf(cell, conn);
|
2007-11-05 19:15:44 +01:00
|
|
|
conn->handshake_state->sent_versions_at = time(NULL);
|
2007-10-30 22:46:02 +01:00
|
|
|
|
2007-11-06 00:55:43 +01:00
|
|
|
var_cell_free(cell);
|
2007-10-30 22:46:02 +01:00
|
|
|
return 0;
|
2007-10-30 19:31:30 +01:00
|
|
|
}
|
|
|
|
|
|
2008-02-08 22:13:15 +01:00
|
|
|
/** Send a NETINFO cell on <b>conn</b>, telling the other server what we know
|
|
|
|
|
* about their address, our address, and the current time. */
|
2007-10-30 22:46:02 +01:00
|
|
|
int
|
2007-10-30 19:31:30 +01:00
|
|
|
connection_or_send_netinfo(or_connection_t *conn)
|
|
|
|
|
{
|
|
|
|
|
cell_t cell;
|
|
|
|
|
time_t now = time(NULL);
|
|
|
|
|
routerinfo_t *me;
|
2008-08-05 22:08:19 +02:00
|
|
|
int len;
|
2010-12-14 01:34:01 +01:00
|
|
|
uint8_t *out;
|
2007-10-30 19:31:30 +01:00
|
|
|
|
|
|
|
|
memset(&cell, 0, sizeof(cell_t));
|
|
|
|
|
cell.command = CELL_NETINFO;
|
|
|
|
|
|
2008-08-05 22:08:19 +02:00
|
|
|
/* Timestamp. */
|
2008-02-22 20:09:45 +01:00
|
|
|
set_uint32(cell.payload, htonl((uint32_t)now));
|
2008-08-05 22:08:19 +02:00
|
|
|
|
|
|
|
|
/* Their address. */
|
|
|
|
|
out = cell.payload + 4;
|
|
|
|
|
len = append_address_to_payload(out, &conn->_base.addr);
|
|
|
|
|
if (len<0)
|
|
|
|
|
return -1;
|
|
|
|
|
out += len;
|
2007-10-30 19:31:30 +01:00
|
|
|
|
|
|
|
|
/* My address. */
|
|
|
|
|
if ((me = router_get_my_routerinfo())) {
|
2008-08-05 22:08:19 +02:00
|
|
|
tor_addr_t my_addr;
|
|
|
|
|
*out++ = 1; /* only one address is supported. */
|
|
|
|
|
|
|
|
|
|
tor_addr_from_ipv4h(&my_addr, me->addr);
|
|
|
|
|
len = append_address_to_payload(out, &my_addr);
|
|
|
|
|
if (len < 0)
|
|
|
|
|
return -1;
|
|
|
|
|
out += len;
|
2007-10-30 19:31:30 +01:00
|
|
|
} else {
|
2008-08-05 22:08:19 +02:00
|
|
|
*out++ = 0;
|
2007-10-30 19:31:30 +01:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
connection_or_write_cell_to_buf(&cell, conn);
|
|
|
|
|
|
2007-10-30 22:46:02 +01:00
|
|
|
return 0;
|
2007-10-30 19:31:30 +01:00
|
|
|
}
|
2007-10-31 21:48:10 +01:00
|
|
|
|