Implemented link padding and receiver token buckets
Each socket reads at most 'bandwidth' bytes per second sustained, but
can handle bursts of up to 10*bandwidth bytes.
Cells are now sent out at evenly-spaced intervals, with padding sent
out otherwise. Set Linkpadding=0 in the rc file to send cells as soon
as they're available (and to never send padding cells).
Added license/copyrights statements at the top of most files.
router->min and router->max have been merged into a single 'bandwidth'
value. We should make the routerinfo_t reflect this (want to do that,
Mat?)
As the bandwidth increases, and we want to stop sleeping more and more
frequently to send a single cell, cpu usage goes up. At 128kB/s we're
pretty much calling poll with a timeout of 1ms or even 0ms. The current
code takes a timeout of 0-9ms and makes it 10ms. prepare_for_poll()
handles everything that should have happened in the past, so as long as
our buffers don't get too full in that 10ms, we're ok.
Speaking of too full, if you run three servers at 100kB/s with -l debug,
it spends too much time printing debugging messages to be able to keep
up with the cells. The outbuf ultimately fills up and it kills that
connection. If you run with -l err, it works fine up through 500kB/s and
probably beyond. Down the road we'll want to teach it to recognize when
an outbuf is getting full, and back off.
svn:r50
2002-07-16 03:12:15 +02:00
|
|
|
/* Copyright 2001,2002 Roger Dingledine, Matej Pfajfar. */
|
|
|
|
/* See LICENSE for licensing information */
|
2002-06-27 00:45:49 +02:00
|
|
|
/* $Id$ */
|
|
|
|
|
|
|
|
#ifndef __OR_H
|
|
|
|
#define __OR_H
|
|
|
|
|
2002-09-03 20:44:24 +02:00
|
|
|
#include "orconfig.h"
|
|
|
|
|
2002-06-27 00:45:49 +02:00
|
|
|
#include <stdio.h>
|
|
|
|
#include <stdlib.h>
|
2002-09-09 06:10:58 +02:00
|
|
|
#include <limits.h>
|
2003-08-12 05:08:41 +02:00
|
|
|
#ifdef HAVE_UNISTD_H
|
2002-06-27 00:45:49 +02:00
|
|
|
#include <unistd.h>
|
2003-08-12 05:08:41 +02:00
|
|
|
#endif
|
|
|
|
#ifdef HAVE_STRING_H
|
2002-06-27 00:45:49 +02:00
|
|
|
#include <string.h>
|
2003-08-12 05:08:41 +02:00
|
|
|
#endif
|
|
|
|
#ifdef HAVE_SIGNAL_H
|
2002-06-27 00:45:49 +02:00
|
|
|
#include <signal.h>
|
2003-08-12 05:08:41 +02:00
|
|
|
#endif
|
|
|
|
#ifdef HAVE_NETDB_H
|
2002-06-27 00:45:49 +02:00
|
|
|
#include <netdb.h>
|
2003-08-12 05:08:41 +02:00
|
|
|
#endif
|
|
|
|
#ifdef HAVE_CTYPE_H
|
2002-06-27 00:45:49 +02:00
|
|
|
#include <ctype.h>
|
2003-08-12 05:08:41 +02:00
|
|
|
#endif
|
2003-08-11 22:40:21 +02:00
|
|
|
#include "../common/torint.h"
|
2002-09-03 20:44:24 +02:00
|
|
|
#ifdef HAVE_SYS_POLL_H
|
2002-06-27 00:45:49 +02:00
|
|
|
#include <sys/poll.h>
|
2002-09-03 20:44:24 +02:00
|
|
|
#elif HAVE_POLL_H
|
|
|
|
#include <poll.h>
|
|
|
|
#else
|
|
|
|
#include "../common/fakepoll.h"
|
|
|
|
#endif
|
2003-08-12 05:08:41 +02:00
|
|
|
#ifdef HAVE_SYS_TYPES_H
|
2002-06-27 00:45:49 +02:00
|
|
|
#include <sys/types.h>
|
2003-08-12 05:08:41 +02:00
|
|
|
#endif
|
2003-08-12 08:41:53 +02:00
|
|
|
#ifdef HAVE_SYS_WAIT_H
|
|
|
|
#include <sys/wait.h>
|
|
|
|
#endif
|
2003-08-12 05:08:41 +02:00
|
|
|
#ifdef HAVE_SYS_FCNTL_H
|
2002-06-27 00:45:49 +02:00
|
|
|
#include <sys/fcntl.h>
|
2003-08-12 05:08:41 +02:00
|
|
|
#endif
|
|
|
|
#ifdef HAVE_FCNTL_H
|
|
|
|
#include <fcntl.h>
|
|
|
|
#endif
|
|
|
|
#ifdef HAVE_SYS_IOCTL_H
|
2002-06-27 00:45:49 +02:00
|
|
|
#include <sys/ioctl.h>
|
2003-08-12 05:08:41 +02:00
|
|
|
#endif
|
|
|
|
#ifdef HAVE_SYS_SOCKET_H
|
2002-06-27 00:45:49 +02:00
|
|
|
#include <sys/socket.h>
|
2003-08-12 05:08:41 +02:00
|
|
|
#endif
|
|
|
|
#ifdef HAVE_SYS_TIME_H
|
2002-06-27 00:45:49 +02:00
|
|
|
#include <sys/time.h>
|
2003-08-12 05:08:41 +02:00
|
|
|
#endif
|
|
|
|
#ifdef HAVE_SYS_STAT_H
|
2002-09-24 12:43:57 +02:00
|
|
|
#include <sys/stat.h>
|
2003-08-12 05:08:41 +02:00
|
|
|
#endif
|
|
|
|
#ifdef HAVE_NETINET_IN_H
|
2002-06-27 00:45:49 +02:00
|
|
|
#include <netinet/in.h>
|
2003-08-12 05:08:41 +02:00
|
|
|
#endif
|
|
|
|
#ifdef HAVE_ARPA_INET_H
|
2002-06-27 00:45:49 +02:00
|
|
|
#include <arpa/inet.h>
|
2003-08-12 05:08:41 +02:00
|
|
|
#endif
|
|
|
|
#ifdef HAVE_ERRNO_H
|
2002-06-27 00:45:49 +02:00
|
|
|
#include <errno.h>
|
2003-08-12 05:08:41 +02:00
|
|
|
#endif
|
|
|
|
#ifdef HAVE_ASSERT_H
|
2002-06-27 00:45:49 +02:00
|
|
|
#include <assert.h>
|
2003-08-12 05:08:41 +02:00
|
|
|
#endif
|
|
|
|
#ifdef HAVE_TIME_H
|
2002-08-22 09:30:03 +02:00
|
|
|
#include <time.h>
|
2003-08-12 05:08:41 +02:00
|
|
|
#endif
|
|
|
|
#ifdef HAVE_WINSOCK_H
|
|
|
|
#include <winsock.h>
|
|
|
|
#endif
|
|
|
|
#if _MSC_VER > 1300
|
|
|
|
#include <winsock2.h>
|
|
|
|
#include <ws2tcpip.h>
|
|
|
|
#elif defined(_MSC_VER)
|
|
|
|
#include <winsock.h>
|
|
|
|
#endif
|
|
|
|
|
2003-08-12 17:08:51 +02:00
|
|
|
#ifdef MS_WINDOWS
|
2003-08-12 05:08:41 +02:00
|
|
|
#include <io.h>
|
|
|
|
#define WIN32_LEAN_AND_MEAN
|
|
|
|
#include <windows.h>
|
2003-08-12 17:08:51 +02:00
|
|
|
#define snprintf _snprintf
|
2003-08-12 05:08:41 +02:00
|
|
|
#endif
|
|
|
|
|
2002-08-22 09:30:03 +02:00
|
|
|
#include "../common/crypto.h"
|
2002-06-27 00:45:49 +02:00
|
|
|
#include "../common/log.h"
|
2003-04-16 19:04:58 +02:00
|
|
|
#include "../common/util.h"
|
2002-06-27 00:45:49 +02:00
|
|
|
|
2003-02-18 02:35:55 +01:00
|
|
|
#define MAXCONNECTIONS 1000 /* upper bound on max connections.
|
major overhaul: dns slave subsystem, topics
on startup, it forks off a master dns handler, which forks off dns
slaves (like the apache model). slaves as spawned as load increases,
and then reused. excess slaves are not ever killed, currently.
implemented topics. each topic has a receive window in each direction
at each edge of the circuit, and sends sendme's at the data level, as
per before. each circuit also has receive windows in each direction at
each hop; an edge sends a circuit-level sendme as soon as enough data
cells have arrived (regardless of whether the data cells were flushed
to the exit conns). removed the 'connected' cell type, since it's now
a topic command within data cells.
at the edge of the circuit, there can be multiple connections associated
with a single circuit. you find them via the linked list conn->next_topic.
currently each new ap connection starts its own circuit, so we ought
to see comparable performance to what we had before. but that's only
because i haven't written the code to reattach to old circuits. please
try to break it as-is, and then i'll make it reuse the same circuit and
we'll try to break that.
svn:r152
2003-01-26 10:02:24 +01:00
|
|
|
can be lowered by config file */
|
2002-06-27 00:45:49 +02:00
|
|
|
|
Implemented link padding and receiver token buckets
Each socket reads at most 'bandwidth' bytes per second sustained, but
can handle bursts of up to 10*bandwidth bytes.
Cells are now sent out at evenly-spaced intervals, with padding sent
out otherwise. Set Linkpadding=0 in the rc file to send cells as soon
as they're available (and to never send padding cells).
Added license/copyrights statements at the top of most files.
router->min and router->max have been merged into a single 'bandwidth'
value. We should make the routerinfo_t reflect this (want to do that,
Mat?)
As the bandwidth increases, and we want to stop sleeping more and more
frequently to send a single cell, cpu usage goes up. At 128kB/s we're
pretty much calling poll with a timeout of 1ms or even 0ms. The current
code takes a timeout of 0-9ms and makes it 10ms. prepare_for_poll()
handles everything that should have happened in the past, so as long as
our buffers don't get too full in that 10ms, we're ok.
Speaking of too full, if you run three servers at 100kB/s with -l debug,
it spends too much time printing debugging messages to be able to keep
up with the cells. The outbuf ultimately fills up and it kills that
connection. If you run with -l err, it works fine up through 500kB/s and
probably beyond. Down the road we'll want to teach it to recognize when
an outbuf is getting full, and back off.
svn:r50
2002-07-16 03:12:15 +02:00
|
|
|
#define MAX_BUF_SIZE (640*1024)
|
2003-02-18 02:55:51 +01:00
|
|
|
#define DEFAULT_BANDWIDTH_OP (1024 * 1000)
|
2002-06-27 00:45:49 +02:00
|
|
|
|
2003-05-28 04:03:25 +02:00
|
|
|
#define HANDSHAKE_AS_OP 1
|
|
|
|
#define HANDSHAKE_AS_OR 2
|
|
|
|
|
2002-06-27 00:45:49 +02:00
|
|
|
#define ACI_TYPE_LOWER 0
|
|
|
|
#define ACI_TYPE_HIGHER 1
|
Integrated onion proxy into or/
The 'or' process can now be told (by the global_role variable) what
roles this server should play -- connect to all ORs, listen for ORs,
listen for OPs, listen for APs, or any combination.
* everything in /src/op/ is now obsolete.
* connection_ap.c now handles all interactions with application proxies
* "port" is now or_port, op_port, ap_port. But routers are still always
referenced (say, in conn_get_by_addr_port()) by addr / or_port. We
should make routers.c actually read these new ports (currently I've
kludged it so op_port = or_port+10, ap_port=or_port+20)
* circuits currently know if they're at the beginning of the path because
circ->cpath is set. They use this instead for crypts (both ways),
if it's set.
* I still obey the "send a 0 back to the AP when you're ready" protocol,
but I think we should phase it out. I can simply not read from the AP
socket until I'm ready.
I need to do a lot of cleanup work here, but the code appears to work, so
now's a good time for a checkin.
svn:r22
2002-07-02 11:36:58 +02:00
|
|
|
#define ACI_TYPE_BOTH 2
|
|
|
|
|
2002-06-27 00:45:49 +02:00
|
|
|
#define CONN_TYPE_OR_LISTENER 3
|
|
|
|
#define CONN_TYPE_OR 4
|
2002-06-30 09:37:49 +02:00
|
|
|
#define CONN_TYPE_EXIT 5
|
|
|
|
#define CONN_TYPE_AP_LISTENER 6
|
|
|
|
#define CONN_TYPE_AP 7
|
2002-09-26 14:09:10 +02:00
|
|
|
#define CONN_TYPE_DIR_LISTENER 8
|
|
|
|
#define CONN_TYPE_DIR 9
|
2003-06-17 16:31:05 +02:00
|
|
|
#define CONN_TYPE_DNSWORKER 10
|
2003-08-21 01:05:22 +02:00
|
|
|
#define CONN_TYPE_CPUWORKER 11
|
2002-06-27 00:45:49 +02:00
|
|
|
|
|
|
|
#define LISTENER_STATE_READY 0
|
|
|
|
|
2003-06-17 16:31:05 +02:00
|
|
|
#define DNSWORKER_STATE_IDLE 0
|
|
|
|
#define DNSWORKER_STATE_BUSY 1
|
major overhaul: dns slave subsystem, topics
on startup, it forks off a master dns handler, which forks off dns
slaves (like the apache model). slaves as spawned as load increases,
and then reused. excess slaves are not ever killed, currently.
implemented topics. each topic has a receive window in each direction
at each edge of the circuit, and sends sendme's at the data level, as
per before. each circuit also has receive windows in each direction at
each hop; an edge sends a circuit-level sendme as soon as enough data
cells have arrived (regardless of whether the data cells were flushed
to the exit conns). removed the 'connected' cell type, since it's now
a topic command within data cells.
at the edge of the circuit, there can be multiple connections associated
with a single circuit. you find them via the linked list conn->next_topic.
currently each new ap connection starts its own circuit, so we ought
to see comparable performance to what we had before. but that's only
because i haven't written the code to reattach to old circuits. please
try to break it as-is, and then i'll make it reuse the same circuit and
we'll try to break that.
svn:r152
2003-01-26 10:02:24 +01:00
|
|
|
|
2003-08-21 01:05:22 +02:00
|
|
|
#define CPUWORKER_STATE_IDLE 0
|
|
|
|
#define CPUWORKER_STATE_BUSY_ONION 1
|
|
|
|
#define CPUWORKER_STATE_BUSY_HANDSHAKE 2
|
|
|
|
|
|
|
|
#define CPUWORKER_TASK_ONION CPUWORKER_STATE_BUSY_ONION
|
|
|
|
#define CPUWORKER_TASK_HANDSHAKE CPUWORKER_STATE_BUSY_HANDSHAKE
|
|
|
|
|
2002-06-30 09:37:49 +02:00
|
|
|
/* how to read these states:
|
|
|
|
* foo_CONN_STATE_bar_baz:
|
|
|
|
* "I am acting as a bar, currently in stage baz of talking with a foo."
|
|
|
|
*/
|
2003-05-28 04:03:25 +02:00
|
|
|
//#define OR_CONN_STATE_OP_CONNECTING 0 /* an application proxy wants me to connect to this OR */
|
2002-06-30 09:37:49 +02:00
|
|
|
#define OR_CONN_STATE_OP_SENDING_KEYS 1
|
2003-05-28 04:03:25 +02:00
|
|
|
#define OR_CONN_STATE_CLIENT_CONNECTING 2 /* connecting to this OR */
|
2002-06-30 09:37:49 +02:00
|
|
|
#define OR_CONN_STATE_CLIENT_SENDING_AUTH 3 /* sending address and info */
|
|
|
|
#define OR_CONN_STATE_CLIENT_AUTH_WAIT 4 /* have sent address and info, waiting */
|
|
|
|
#define OR_CONN_STATE_CLIENT_SENDING_NONCE 5 /* sending nonce, last piece of handshake */
|
|
|
|
#define OR_CONN_STATE_SERVER_AUTH_WAIT 6 /* waiting for address and info */
|
|
|
|
#define OR_CONN_STATE_SERVER_SENDING_AUTH 7 /* writing auth and nonce */
|
|
|
|
#define OR_CONN_STATE_SERVER_NONCE_WAIT 8 /* waiting for confirmation of nonce */
|
|
|
|
#define OR_CONN_STATE_OPEN 9 /* ready to send/receive cells. */
|
|
|
|
|
2003-06-17 16:31:05 +02:00
|
|
|
#define EXIT_CONN_STATE_RESOLVING 0 /* waiting for response from dns farm */
|
major overhaul: dns slave subsystem, topics
on startup, it forks off a master dns handler, which forks off dns
slaves (like the apache model). slaves as spawned as load increases,
and then reused. excess slaves are not ever killed, currently.
implemented topics. each topic has a receive window in each direction
at each edge of the circuit, and sends sendme's at the data level, as
per before. each circuit also has receive windows in each direction at
each hop; an edge sends a circuit-level sendme as soon as enough data
cells have arrived (regardless of whether the data cells were flushed
to the exit conns). removed the 'connected' cell type, since it's now
a topic command within data cells.
at the edge of the circuit, there can be multiple connections associated
with a single circuit. you find them via the linked list conn->next_topic.
currently each new ap connection starts its own circuit, so we ought
to see comparable performance to what we had before. but that's only
because i haven't written the code to reattach to old circuits. please
try to break it as-is, and then i'll make it reuse the same circuit and
we'll try to break that.
svn:r152
2003-01-26 10:02:24 +01:00
|
|
|
#define EXIT_CONN_STATE_CONNECTING 1 /* waiting for connect() to finish */
|
2002-06-30 09:37:49 +02:00
|
|
|
#define EXIT_CONN_STATE_OPEN 2
|
2002-06-27 00:45:49 +02:00
|
|
|
#if 0
|
2002-06-30 09:37:49 +02:00
|
|
|
#define EXIT_CONN_STATE_CLOSE 3 /* flushing the buffer, then will close */
|
|
|
|
#define EXIT_CONN_STATE_CLOSE_WAIT 4 /* have sent a destroy, awaiting a confirmation */
|
2002-06-27 00:45:49 +02:00
|
|
|
#endif
|
|
|
|
|
2003-04-12 00:11:11 +02:00
|
|
|
#define AP_CONN_STATE_SOCKS_WAIT 3
|
|
|
|
#define AP_CONN_STATE_OR_WAIT 4
|
|
|
|
#define AP_CONN_STATE_OPEN 5
|
2002-06-30 09:37:49 +02:00
|
|
|
|
2002-09-26 14:09:10 +02:00
|
|
|
#define DIR_CONN_STATE_CONNECTING 0
|
|
|
|
#define DIR_CONN_STATE_SENDING_COMMAND 1
|
|
|
|
#define DIR_CONN_STATE_READING 2
|
|
|
|
#define DIR_CONN_STATE_COMMAND_WAIT 3
|
|
|
|
#define DIR_CONN_STATE_WRITING 4
|
|
|
|
|
2003-05-06 01:24:46 +02:00
|
|
|
#define CIRCUIT_STATE_BUILDING 0 /* I'm the OP, still haven't done all my handshakes */
|
|
|
|
#define CIRCUIT_STATE_ONIONSKIN_PENDING 1 /* waiting to process the onion */
|
|
|
|
#define CIRCUIT_STATE_OR_WAIT 2 /* I'm the OP, my firsthop is still connecting */
|
2002-11-27 05:08:20 +01:00
|
|
|
#define CIRCUIT_STATE_OPEN 3 /* onion processed, ready to send data along the connection */
|
|
|
|
//#define CIRCUIT_STATE_CLOSE_WAIT1 4 /* sent two "destroy" signals, waiting for acks */
|
|
|
|
//#define CIRCUIT_STATE_CLOSE_WAIT2 5 /* received one ack, waiting for one more
|
|
|
|
// (or if just one was sent, waiting for that one */
|
2002-06-27 00:45:49 +02:00
|
|
|
//#define CIRCUIT_STATE_CLOSE 4 /* both acks received, connection is dead */ /* NOT USED */
|
|
|
|
|
2003-05-01 08:42:29 +02:00
|
|
|
#define RELAY_COMMAND_BEGIN 1
|
|
|
|
#define RELAY_COMMAND_DATA 2
|
|
|
|
#define RELAY_COMMAND_END 3
|
|
|
|
#define RELAY_COMMAND_CONNECTED 4
|
|
|
|
#define RELAY_COMMAND_SENDME 5
|
2003-05-06 01:24:46 +02:00
|
|
|
#define RELAY_COMMAND_EXTEND 6
|
|
|
|
#define RELAY_COMMAND_EXTENDED 7
|
2003-06-12 12:16:33 +02:00
|
|
|
#define RELAY_COMMAND_TRUNCATE 8
|
|
|
|
#define RELAY_COMMAND_TRUNCATED 9
|
major overhaul: dns slave subsystem, topics
on startup, it forks off a master dns handler, which forks off dns
slaves (like the apache model). slaves as spawned as load increases,
and then reused. excess slaves are not ever killed, currently.
implemented topics. each topic has a receive window in each direction
at each edge of the circuit, and sends sendme's at the data level, as
per before. each circuit also has receive windows in each direction at
each hop; an edge sends a circuit-level sendme as soon as enough data
cells have arrived (regardless of whether the data cells were flushed
to the exit conns). removed the 'connected' cell type, since it's now
a topic command within data cells.
at the edge of the circuit, there can be multiple connections associated
with a single circuit. you find them via the linked list conn->next_topic.
currently each new ap connection starts its own circuit, so we ought
to see comparable performance to what we had before. but that's only
because i haven't written the code to reattach to old circuits. please
try to break it as-is, and then i'll make it reuse the same circuit and
we'll try to break that.
svn:r152
2003-01-26 10:02:24 +01:00
|
|
|
|
2003-05-02 23:29:25 +02:00
|
|
|
#define RELAY_HEADER_SIZE 8
|
major overhaul: dns slave subsystem, topics
on startup, it forks off a master dns handler, which forks off dns
slaves (like the apache model). slaves as spawned as load increases,
and then reused. excess slaves are not ever killed, currently.
implemented topics. each topic has a receive window in each direction
at each edge of the circuit, and sends sendme's at the data level, as
per before. each circuit also has receive windows in each direction at
each hop; an edge sends a circuit-level sendme as soon as enough data
cells have arrived (regardless of whether the data cells were flushed
to the exit conns). removed the 'connected' cell type, since it's now
a topic command within data cells.
at the edge of the circuit, there can be multiple connections associated
with a single circuit. you find them via the linked list conn->next_topic.
currently each new ap connection starts its own circuit, so we ought
to see comparable performance to what we had before. but that's only
because i haven't written the code to reattach to old circuits. please
try to break it as-is, and then i'll make it reuse the same circuit and
we'll try to break that.
svn:r152
2003-01-26 10:02:24 +01:00
|
|
|
|
2003-05-01 08:42:29 +02:00
|
|
|
#define RELAY_STATE_RESOLVING
|
major overhaul: dns slave subsystem, topics
on startup, it forks off a master dns handler, which forks off dns
slaves (like the apache model). slaves as spawned as load increases,
and then reused. excess slaves are not ever killed, currently.
implemented topics. each topic has a receive window in each direction
at each edge of the circuit, and sends sendme's at the data level, as
per before. each circuit also has receive windows in each direction at
each hop; an edge sends a circuit-level sendme as soon as enough data
cells have arrived (regardless of whether the data cells were flushed
to the exit conns). removed the 'connected' cell type, since it's now
a topic command within data cells.
at the edge of the circuit, there can be multiple connections associated
with a single circuit. you find them via the linked list conn->next_topic.
currently each new ap connection starts its own circuit, so we ought
to see comparable performance to what we had before. but that's only
because i haven't written the code to reattach to old circuits. please
try to break it as-is, and then i'll make it reuse the same circuit and
we'll try to break that.
svn:r152
2003-01-26 10:02:24 +01:00
|
|
|
|
Integrated onion proxy into or/
The 'or' process can now be told (by the global_role variable) what
roles this server should play -- connect to all ORs, listen for ORs,
listen for OPs, listen for APs, or any combination.
* everything in /src/op/ is now obsolete.
* connection_ap.c now handles all interactions with application proxies
* "port" is now or_port, op_port, ap_port. But routers are still always
referenced (say, in conn_get_by_addr_port()) by addr / or_port. We
should make routers.c actually read these new ports (currently I've
kludged it so op_port = or_port+10, ap_port=or_port+20)
* circuits currently know if they're at the beginning of the path because
circ->cpath is set. They use this instead for crypts (both ways),
if it's set.
* I still obey the "send a 0 back to the AP when you're ready" protocol,
but I think we should phase it out. I can simply not read from the AP
socket until I'm ready.
I need to do a lot of cleanup work here, but the code appears to work, so
now's a good time for a checkin.
svn:r22
2002-07-02 11:36:58 +02:00
|
|
|
/* default cipher function */
|
2003-07-08 10:38:24 +02:00
|
|
|
#define DEFAULT_CIPHER CRYPTO_CIPHER_AES_CTR
|
2003-07-30 21:12:03 +02:00
|
|
|
/* Used to en/decrypt onion skins */
|
|
|
|
#define ONION_CIPHER DEFAULT_CIPHER
|
|
|
|
/* Used to en/decrypt cells between ORs/OPs. */
|
|
|
|
#define CONNECTION_CIPHER DEFAULT_CIPHER
|
|
|
|
/* Used to en/decrypt RELAY cells */
|
|
|
|
#define CIRCUIT_CIPHER DEFAULT_CIPHER
|
Integrated onion proxy into or/
The 'or' process can now be told (by the global_role variable) what
roles this server should play -- connect to all ORs, listen for ORs,
listen for OPs, listen for APs, or any combination.
* everything in /src/op/ is now obsolete.
* connection_ap.c now handles all interactions with application proxies
* "port" is now or_port, op_port, ap_port. But routers are still always
referenced (say, in conn_get_by_addr_port()) by addr / or_port. We
should make routers.c actually read these new ports (currently I've
kludged it so op_port = or_port+10, ap_port=or_port+20)
* circuits currently know if they're at the beginning of the path because
circ->cpath is set. They use this instead for crypts (both ways),
if it's set.
* I still obey the "send a 0 back to the AP when you're ready" protocol,
but I think we should phase it out. I can simply not read from the AP
socket until I'm ready.
I need to do a lot of cleanup work here, but the code appears to work, so
now's a good time for a checkin.
svn:r22
2002-07-02 11:36:58 +02:00
|
|
|
|
major overhaul: dns slave subsystem, topics
on startup, it forks off a master dns handler, which forks off dns
slaves (like the apache model). slaves as spawned as load increases,
and then reused. excess slaves are not ever killed, currently.
implemented topics. each topic has a receive window in each direction
at each edge of the circuit, and sends sendme's at the data level, as
per before. each circuit also has receive windows in each direction at
each hop; an edge sends a circuit-level sendme as soon as enough data
cells have arrived (regardless of whether the data cells were flushed
to the exit conns). removed the 'connected' cell type, since it's now
a topic command within data cells.
at the edge of the circuit, there can be multiple connections associated
with a single circuit. you find them via the linked list conn->next_topic.
currently each new ap connection starts its own circuit, so we ought
to see comparable performance to what we had before. but that's only
because i haven't written the code to reattach to old circuits. please
try to break it as-is, and then i'll make it reuse the same circuit and
we'll try to break that.
svn:r152
2003-01-26 10:02:24 +01:00
|
|
|
#define CELL_DIRECTION_IN 1
|
|
|
|
#define CELL_DIRECTION_OUT 2
|
2003-04-12 00:11:11 +02:00
|
|
|
#define EDGE_EXIT CONN_TYPE_EXIT
|
|
|
|
#define EDGE_AP CONN_TYPE_AP
|
2003-06-12 12:16:33 +02:00
|
|
|
#define CELL_DIRECTION(x) ((x) == EDGE_EXIT ? CELL_DIRECTION_IN : CELL_DIRECTION_OUT)
|
major overhaul: dns slave subsystem, topics
on startup, it forks off a master dns handler, which forks off dns
slaves (like the apache model). slaves as spawned as load increases,
and then reused. excess slaves are not ever killed, currently.
implemented topics. each topic has a receive window in each direction
at each edge of the circuit, and sends sendme's at the data level, as
per before. each circuit also has receive windows in each direction at
each hop; an edge sends a circuit-level sendme as soon as enough data
cells have arrived (regardless of whether the data cells were flushed
to the exit conns). removed the 'connected' cell type, since it's now
a topic command within data cells.
at the edge of the circuit, there can be multiple connections associated
with a single circuit. you find them via the linked list conn->next_topic.
currently each new ap connection starts its own circuit, so we ought
to see comparable performance to what we had before. but that's only
because i haven't written the code to reattach to old circuits. please
try to break it as-is, and then i'll make it reuse the same circuit and
we'll try to break that.
svn:r152
2003-01-26 10:02:24 +01:00
|
|
|
|
|
|
|
#define CIRCWINDOW_START 1000
|
|
|
|
#define CIRCWINDOW_INCREMENT 100
|
|
|
|
|
2003-05-01 08:42:29 +02:00
|
|
|
#define STREAMWINDOW_START 500
|
|
|
|
#define STREAMWINDOW_INCREMENT 50
|
2002-07-18 08:37:58 +02:00
|
|
|
|
2002-07-19 20:48:28 +02:00
|
|
|
/* cell commands */
|
|
|
|
#define CELL_PADDING 0
|
|
|
|
#define CELL_CREATE 1
|
2003-05-06 01:24:46 +02:00
|
|
|
#define CELL_CREATED 2
|
|
|
|
#define CELL_RELAY 3
|
|
|
|
#define CELL_DESTROY 4
|
2002-07-19 20:48:28 +02:00
|
|
|
|
2003-03-24 05:02:24 +01:00
|
|
|
#define CELL_PAYLOAD_SIZE 248
|
|
|
|
#define CELL_NETWORK_SIZE 256
|
2002-07-19 20:48:28 +02:00
|
|
|
|
2002-11-23 07:49:01 +01:00
|
|
|
/* enumeration of types which option values can take */
|
|
|
|
#define CONFIG_TYPE_STRING 0
|
|
|
|
#define CONFIG_TYPE_CHAR 1
|
|
|
|
#define CONFIG_TYPE_INT 2
|
|
|
|
#define CONFIG_TYPE_LONG 3
|
|
|
|
#define CONFIG_TYPE_DOUBLE 4
|
2003-03-17 03:42:45 +01:00
|
|
|
#define CONFIG_TYPE_BOOL 5
|
2002-11-23 07:49:01 +01:00
|
|
|
|
|
|
|
#define CONFIG_LINE_MAXLEN 1024
|
|
|
|
|
|
|
|
/* legal characters in a filename */
|
|
|
|
#define CONFIG_LEGAL_FILENAME_CHARACTERS "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789.-_/"
|
|
|
|
|
|
|
|
struct config_line {
|
|
|
|
char *key;
|
|
|
|
char *value;
|
|
|
|
struct config_line *next;
|
|
|
|
};
|
|
|
|
|
2002-06-27 00:45:49 +02:00
|
|
|
typedef uint16_t aci_t;
|
|
|
|
|
2002-07-19 20:48:28 +02:00
|
|
|
/* cell definition */
|
2002-12-03 23:18:23 +01:00
|
|
|
typedef struct {
|
2002-07-19 20:48:28 +02:00
|
|
|
aci_t aci; /* Anonymous Connection Identifier */
|
|
|
|
unsigned char command;
|
2003-05-02 23:29:25 +02:00
|
|
|
unsigned char length; /* of payload if relay cell */
|
2002-07-19 20:48:28 +02:00
|
|
|
uint32_t seq; /* sequence number */
|
2003-04-16 19:44:33 +02:00
|
|
|
|
2003-03-24 05:02:24 +01:00
|
|
|
unsigned char payload[CELL_PAYLOAD_SIZE];
|
2002-07-19 20:48:28 +02:00
|
|
|
} cell_t;
|
2003-05-01 08:42:29 +02:00
|
|
|
#define CELL_RELAY_COMMAND(c) (*(uint8_t*)((c).payload))
|
|
|
|
#define SET_CELL_RELAY_COMMAND(c,cmd) (*(uint8_t*)((c).payload) = (cmd))
|
2003-05-02 23:29:25 +02:00
|
|
|
#define STREAM_ID_SIZE 7
|
|
|
|
#define SET_CELL_STREAM_ID(c,id) memcpy((c).payload+1,(id),STREAM_ID_SIZE)
|
|
|
|
|
|
|
|
#define ZERO_STREAM "\0\0\0\0\0\0\0\0"
|
2002-07-19 20:48:28 +02:00
|
|
|
|
2002-09-22 13:09:07 +02:00
|
|
|
#define SOCKS4_REQUEST_GRANTED 90
|
|
|
|
#define SOCKS4_REQUEST_REJECT 91
|
|
|
|
#define SOCKS4_REQUEST_IDENT_FAILED 92
|
|
|
|
#define SOCKS4_REQUEST_IDENT_CONFLICT 93
|
|
|
|
|
|
|
|
/* structure of a socks client operation */
|
|
|
|
typedef struct {
|
|
|
|
unsigned char version; /* socks version number */
|
|
|
|
unsigned char command; /* command code */
|
|
|
|
unsigned char destport[2]; /* destination port, network order */
|
|
|
|
unsigned char destip[4]; /* destination address */
|
|
|
|
/* userid follows, terminated by a NULL */
|
|
|
|
/* dest host follows, terminated by a NULL */
|
|
|
|
} socks4_t;
|
|
|
|
|
major overhaul: dns slave subsystem, topics
on startup, it forks off a master dns handler, which forks off dns
slaves (like the apache model). slaves as spawned as load increases,
and then reused. excess slaves are not ever killed, currently.
implemented topics. each topic has a receive window in each direction
at each edge of the circuit, and sends sendme's at the data level, as
per before. each circuit also has receive windows in each direction at
each hop; an edge sends a circuit-level sendme as soon as enough data
cells have arrived (regardless of whether the data cells were flushed
to the exit conns). removed the 'connected' cell type, since it's now
a topic command within data cells.
at the edge of the circuit, there can be multiple connections associated
with a single circuit. you find them via the linked list conn->next_topic.
currently each new ap connection starts its own circuit, so we ought
to see comparable performance to what we had before. but that's only
because i haven't written the code to reattach to old circuits. please
try to break it as-is, and then i'll make it reuse the same circuit and
we'll try to break that.
svn:r152
2003-01-26 10:02:24 +01:00
|
|
|
struct connection_t {
|
2002-06-27 00:45:49 +02:00
|
|
|
|
|
|
|
/* Used by all types: */
|
|
|
|
|
2003-07-05 07:46:06 +02:00
|
|
|
uint8_t type;
|
2002-06-27 00:45:49 +02:00
|
|
|
int state;
|
2003-07-05 07:46:06 +02:00
|
|
|
uint8_t wants_to_read;
|
2002-06-27 00:45:49 +02:00
|
|
|
int s; /* our socket */
|
|
|
|
int poll_index;
|
|
|
|
int marked_for_close;
|
|
|
|
|
|
|
|
char *inbuf;
|
2002-08-24 06:59:21 +02:00
|
|
|
int inbuflen;
|
|
|
|
int inbuf_datalen;
|
2002-06-27 00:45:49 +02:00
|
|
|
int inbuf_reached_eof;
|
2002-10-02 01:37:31 +02:00
|
|
|
long timestamp_lastread;
|
2002-06-27 00:45:49 +02:00
|
|
|
|
|
|
|
char *outbuf;
|
2002-08-24 06:59:21 +02:00
|
|
|
int outbuflen; /* how many bytes are allocated for the outbuf? */
|
|
|
|
int outbuf_flushlen; /* how much data should we try to flush from the outbuf? */
|
|
|
|
int outbuf_datalen; /* how much data is there total on the outbuf? */
|
2002-10-02 01:37:31 +02:00
|
|
|
long timestamp_lastwritten;
|
|
|
|
|
|
|
|
long timestamp_created;
|
2002-06-27 00:45:49 +02:00
|
|
|
|
|
|
|
/* used by OR and OP: */
|
|
|
|
|
|
|
|
uint32_t bandwidth; /* connection bandwidth */
|
Implemented link padding and receiver token buckets
Each socket reads at most 'bandwidth' bytes per second sustained, but
can handle bursts of up to 10*bandwidth bytes.
Cells are now sent out at evenly-spaced intervals, with padding sent
out otherwise. Set Linkpadding=0 in the rc file to send cells as soon
as they're available (and to never send padding cells).
Added license/copyrights statements at the top of most files.
router->min and router->max have been merged into a single 'bandwidth'
value. We should make the routerinfo_t reflect this (want to do that,
Mat?)
As the bandwidth increases, and we want to stop sleeping more and more
frequently to send a single cell, cpu usage goes up. At 128kB/s we're
pretty much calling poll with a timeout of 1ms or even 0ms. The current
code takes a timeout of 0-9ms and makes it 10ms. prepare_for_poll()
handles everything that should have happened in the past, so as long as
our buffers don't get too full in that 10ms, we're ok.
Speaking of too full, if you run three servers at 100kB/s with -l debug,
it spends too much time printing debugging messages to be able to keep
up with the cells. The outbuf ultimately fills up and it kills that
connection. If you run with -l err, it works fine up through 500kB/s and
probably beyond. Down the road we'll want to teach it to recognize when
an outbuf is getting full, and back off.
svn:r50
2002-07-16 03:12:15 +02:00
|
|
|
int receiver_bucket; /* when this hits 0, stop receiving. Every second we
|
major overhaul: dns slave subsystem, topics
on startup, it forks off a master dns handler, which forks off dns
slaves (like the apache model). slaves as spawned as load increases,
and then reused. excess slaves are not ever killed, currently.
implemented topics. each topic has a receive window in each direction
at each edge of the circuit, and sends sendme's at the data level, as
per before. each circuit also has receive windows in each direction at
each hop; an edge sends a circuit-level sendme as soon as enough data
cells have arrived (regardless of whether the data cells were flushed
to the exit conns). removed the 'connected' cell type, since it's now
a topic command within data cells.
at the edge of the circuit, there can be multiple connections associated
with a single circuit. you find them via the linked list conn->next_topic.
currently each new ap connection starts its own circuit, so we ought
to see comparable performance to what we had before. but that's only
because i haven't written the code to reattach to old circuits. please
try to break it as-is, and then i'll make it reuse the same circuit and
we'll try to break that.
svn:r152
2003-01-26 10:02:24 +01:00
|
|
|
* add 'bandwidth' to this, capping it at 10*bandwidth.
|
|
|
|
*/
|
Implemented link padding and receiver token buckets
Each socket reads at most 'bandwidth' bytes per second sustained, but
can handle bursts of up to 10*bandwidth bytes.
Cells are now sent out at evenly-spaced intervals, with padding sent
out otherwise. Set Linkpadding=0 in the rc file to send cells as soon
as they're available (and to never send padding cells).
Added license/copyrights statements at the top of most files.
router->min and router->max have been merged into a single 'bandwidth'
value. We should make the routerinfo_t reflect this (want to do that,
Mat?)
As the bandwidth increases, and we want to stop sleeping more and more
frequently to send a single cell, cpu usage goes up. At 128kB/s we're
pretty much calling poll with a timeout of 1ms or even 0ms. The current
code takes a timeout of 0-9ms and makes it 10ms. prepare_for_poll()
handles everything that should have happened in the past, so as long as
our buffers don't get too full in that 10ms, we're ok.
Speaking of too full, if you run three servers at 100kB/s with -l debug,
it spends too much time printing debugging messages to be able to keep
up with the cells. The outbuf ultimately fills up and it kills that
connection. If you run with -l err, it works fine up through 500kB/s and
probably beyond. Down the road we'll want to teach it to recognize when
an outbuf is getting full, and back off.
svn:r50
2002-07-16 03:12:15 +02:00
|
|
|
struct timeval send_timeval; /* for determining when to send the next cell */
|
2002-06-27 00:45:49 +02:00
|
|
|
|
|
|
|
/* link encryption */
|
2002-08-22 09:30:03 +02:00
|
|
|
crypto_cipher_env_t *f_crypto;
|
|
|
|
crypto_cipher_env_t *b_crypto;
|
2002-06-27 00:45:49 +02:00
|
|
|
|
|
|
|
// struct timeval lastsend; /* time of last transmission to the client */
|
|
|
|
// struct timeval interval; /* transmission interval */
|
|
|
|
|
2002-10-03 00:54:20 +02:00
|
|
|
uint32_t addr; /* these two uniquely identify a router. Both in host order. */
|
2002-06-27 00:45:49 +02:00
|
|
|
uint16_t port;
|
|
|
|
|
Integrated onion proxy into or/
The 'or' process can now be told (by the global_role variable) what
roles this server should play -- connect to all ORs, listen for ORs,
listen for OPs, listen for APs, or any combination.
* everything in /src/op/ is now obsolete.
* connection_ap.c now handles all interactions with application proxies
* "port" is now or_port, op_port, ap_port. But routers are still always
referenced (say, in conn_get_by_addr_port()) by addr / or_port. We
should make routers.c actually read these new ports (currently I've
kludged it so op_port = or_port+10, ap_port=or_port+20)
* circuits currently know if they're at the beginning of the path because
circ->cpath is set. They use this instead for crypts (both ways),
if it's set.
* I still obey the "send a 0 back to the AP when you're ready" protocol,
but I think we should phase it out. I can simply not read from the AP
socket until I'm ready.
I need to do a lot of cleanup work here, but the code appears to work, so
now's a good time for a checkin.
svn:r22
2002-07-02 11:36:58 +02:00
|
|
|
/* used by exit and ap: */
|
2003-05-02 23:29:25 +02:00
|
|
|
char stream_id[STREAM_ID_SIZE];
|
2003-05-01 08:42:29 +02:00
|
|
|
struct connection_t *next_stream;
|
2003-05-02 23:29:25 +02:00
|
|
|
struct crypt_path_t *cpath_layer; /* a pointer to which node in the circ this conn exits at */
|
2003-05-20 08:41:23 +02:00
|
|
|
int package_window;
|
|
|
|
int deliver_window;
|
2003-03-17 03:42:45 +01:00
|
|
|
int done_sending;
|
|
|
|
int done_receiving;
|
2002-09-22 13:09:07 +02:00
|
|
|
|
2003-03-17 03:42:45 +01:00
|
|
|
/* Used by ap: */
|
2002-09-22 13:09:07 +02:00
|
|
|
char socks_version;
|
|
|
|
char read_username;
|
Integrated onion proxy into or/
The 'or' process can now be told (by the global_role variable) what
roles this server should play -- connect to all ORs, listen for ORs,
listen for OPs, listen for APs, or any combination.
* everything in /src/op/ is now obsolete.
* connection_ap.c now handles all interactions with application proxies
* "port" is now or_port, op_port, ap_port. But routers are still always
referenced (say, in conn_get_by_addr_port()) by addr / or_port. We
should make routers.c actually read these new ports (currently I've
kludged it so op_port = or_port+10, ap_port=or_port+20)
* circuits currently know if they're at the beginning of the path because
circ->cpath is set. They use this instead for crypts (both ways),
if it's set.
* I still obey the "send a 0 back to the AP when you're ready" protocol,
but I think we should phase it out. I can simply not read from the AP
socket until I'm ready.
I need to do a lot of cleanup work here, but the code appears to work, so
now's a good time for a checkin.
svn:r22
2002-07-02 11:36:58 +02:00
|
|
|
|
2003-03-17 03:42:45 +01:00
|
|
|
/* Used by exit and ap: */
|
2002-09-22 13:09:07 +02:00
|
|
|
char *dest_addr;
|
2002-10-03 00:54:20 +02:00
|
|
|
uint16_t dest_port; /* host order */
|
2002-09-23 03:04:59 +02:00
|
|
|
|
2003-03-17 03:42:45 +01:00
|
|
|
/* Used by everyone */
|
Integrated onion proxy into or/
The 'or' process can now be told (by the global_role variable) what
roles this server should play -- connect to all ORs, listen for ORs,
listen for OPs, listen for APs, or any combination.
* everything in /src/op/ is now obsolete.
* connection_ap.c now handles all interactions with application proxies
* "port" is now or_port, op_port, ap_port. But routers are still always
referenced (say, in conn_get_by_addr_port()) by addr / or_port. We
should make routers.c actually read these new ports (currently I've
kludged it so op_port = or_port+10, ap_port=or_port+20)
* circuits currently know if they're at the beginning of the path because
circ->cpath is set. They use this instead for crypts (both ways),
if it's set.
* I still obey the "send a 0 back to the AP when you're ready" protocol,
but I think we should phase it out. I can simply not read from the AP
socket until I'm ready.
I need to do a lot of cleanup work here, but the code appears to work, so
now's a good time for a checkin.
svn:r22
2002-07-02 11:36:58 +02:00
|
|
|
char *address; /* strdup into this, because free_connection frees it */
|
2003-03-17 03:42:45 +01:00
|
|
|
/* Used for cell connections */
|
2002-08-22 09:30:03 +02:00
|
|
|
crypto_pk_env_t *pkey; /* public RSA key for the other side */
|
2002-06-27 00:45:49 +02:00
|
|
|
|
2003-03-17 03:42:45 +01:00
|
|
|
/* Used while negotiating OR/OR connections */
|
2002-06-27 00:45:49 +02:00
|
|
|
char nonce[8];
|
2003-06-17 16:31:05 +02:00
|
|
|
|
|
|
|
/* Used by worker connections */
|
2003-08-21 01:05:22 +02:00
|
|
|
int num_processed; /* statistics kept by dns worker */
|
|
|
|
struct circuit_t *circ; /* by cpu worker to know who he's working for */
|
major overhaul: dns slave subsystem, topics
on startup, it forks off a master dns handler, which forks off dns
slaves (like the apache model). slaves as spawned as load increases,
and then reused. excess slaves are not ever killed, currently.
implemented topics. each topic has a receive window in each direction
at each edge of the circuit, and sends sendme's at the data level, as
per before. each circuit also has receive windows in each direction at
each hop; an edge sends a circuit-level sendme as soon as enough data
cells have arrived (regardless of whether the data cells were flushed
to the exit conns). removed the 'connected' cell type, since it's now
a topic command within data cells.
at the edge of the circuit, there can be multiple connections associated
with a single circuit. you find them via the linked list conn->next_topic.
currently each new ap connection starts its own circuit, so we ought
to see comparable performance to what we had before. but that's only
because i haven't written the code to reattach to old circuits. please
try to break it as-is, and then i'll make it reuse the same circuit and
we'll try to break that.
svn:r152
2003-01-26 10:02:24 +01:00
|
|
|
};
|
|
|
|
|
|
|
|
typedef struct connection_t connection_t;
|
2002-06-27 00:45:49 +02:00
|
|
|
|
2003-04-07 06:38:19 +02:00
|
|
|
#define EXIT_POLICY_ACCEPT 1
|
|
|
|
#define EXIT_POLICY_REJECT 2
|
|
|
|
|
|
|
|
struct exit_policy_t {
|
|
|
|
char policy_type;
|
|
|
|
char *string;
|
|
|
|
char *address;
|
|
|
|
char *port;
|
|
|
|
|
|
|
|
struct exit_policy_t *next;
|
|
|
|
};
|
|
|
|
|
2002-06-27 00:45:49 +02:00
|
|
|
/* config stuff we know about the other ORs in the network */
|
2002-12-03 23:18:23 +01:00
|
|
|
typedef struct {
|
2002-06-27 00:45:49 +02:00
|
|
|
char *address;
|
|
|
|
|
2002-10-03 00:54:20 +02:00
|
|
|
uint32_t addr; /* all host order */
|
Integrated onion proxy into or/
The 'or' process can now be told (by the global_role variable) what
roles this server should play -- connect to all ORs, listen for ORs,
listen for OPs, listen for APs, or any combination.
* everything in /src/op/ is now obsolete.
* connection_ap.c now handles all interactions with application proxies
* "port" is now or_port, op_port, ap_port. But routers are still always
referenced (say, in conn_get_by_addr_port()) by addr / or_port. We
should make routers.c actually read these new ports (currently I've
kludged it so op_port = or_port+10, ap_port=or_port+20)
* circuits currently know if they're at the beginning of the path because
circ->cpath is set. They use this instead for crypts (both ways),
if it's set.
* I still obey the "send a 0 back to the AP when you're ready" protocol,
but I think we should phase it out. I can simply not read from the AP
socket until I'm ready.
I need to do a lot of cleanup work here, but the code appears to work, so
now's a good time for a checkin.
svn:r22
2002-07-02 11:36:58 +02:00
|
|
|
uint16_t or_port;
|
|
|
|
uint16_t op_port;
|
|
|
|
uint16_t ap_port;
|
2002-09-24 12:43:57 +02:00
|
|
|
uint16_t dir_port;
|
2002-06-27 00:45:49 +02:00
|
|
|
|
2002-08-22 09:30:03 +02:00
|
|
|
crypto_pk_env_t *pkey; /* public RSA key */
|
2003-05-07 04:13:23 +02:00
|
|
|
crypto_pk_env_t *signing_pkey; /* May be null */
|
2002-06-27 00:45:49 +02:00
|
|
|
|
|
|
|
/* link info */
|
2002-09-24 12:43:57 +02:00
|
|
|
uint32_t bandwidth;
|
2003-04-07 06:38:19 +02:00
|
|
|
struct exit_policy_t *exit_policy;
|
2002-06-27 00:45:49 +02:00
|
|
|
} routerinfo_t;
|
|
|
|
|
2003-05-09 04:00:33 +02:00
|
|
|
#define MAX_ROUTERS_IN_DIR 1024
|
2003-05-06 19:38:16 +02:00
|
|
|
typedef struct {
|
|
|
|
routerinfo_t **routers;
|
|
|
|
int n_routers;
|
2003-05-09 04:25:37 +02:00
|
|
|
char *software_versions;
|
2003-05-06 19:38:16 +02:00
|
|
|
} directory_t;
|
|
|
|
|
2003-05-02 23:29:25 +02:00
|
|
|
struct crypt_path_t {
|
Integrated onion proxy into or/
The 'or' process can now be told (by the global_role variable) what
roles this server should play -- connect to all ORs, listen for ORs,
listen for OPs, listen for APs, or any combination.
* everything in /src/op/ is now obsolete.
* connection_ap.c now handles all interactions with application proxies
* "port" is now or_port, op_port, ap_port. But routers are still always
referenced (say, in conn_get_by_addr_port()) by addr / or_port. We
should make routers.c actually read these new ports (currently I've
kludged it so op_port = or_port+10, ap_port=or_port+20)
* circuits currently know if they're at the beginning of the path because
circ->cpath is set. They use this instead for crypts (both ways),
if it's set.
* I still obey the "send a 0 back to the AP when you're ready" protocol,
but I think we should phase it out. I can simply not read from the AP
socket until I'm ready.
I need to do a lot of cleanup work here, but the code appears to work, so
now's a good time for a checkin.
svn:r22
2002-07-02 11:36:58 +02:00
|
|
|
|
2002-08-22 09:30:03 +02:00
|
|
|
/* crypto environments */
|
|
|
|
crypto_cipher_env_t *f_crypto;
|
|
|
|
crypto_cipher_env_t *b_crypto;
|
2003-05-02 00:55:51 +02:00
|
|
|
|
2003-05-06 01:24:46 +02:00
|
|
|
crypto_dh_env_t *handshake_state;
|
|
|
|
|
|
|
|
uint32_t addr;
|
|
|
|
uint16_t port;
|
|
|
|
|
2003-05-02 00:55:51 +02:00
|
|
|
char state;
|
|
|
|
#define CPATH_STATE_CLOSED 0
|
2003-05-06 01:24:46 +02:00
|
|
|
#define CPATH_STATE_AWAITING_KEYS 1
|
2003-05-02 00:55:51 +02:00
|
|
|
#define CPATH_STATE_OPEN 2
|
2003-05-02 23:29:25 +02:00
|
|
|
struct crypt_path_t *next;
|
|
|
|
struct crypt_path_t *prev; /* doubly linked list */
|
|
|
|
|
2003-05-20 08:41:23 +02:00
|
|
|
int package_window;
|
|
|
|
int deliver_window;
|
2003-05-02 23:29:25 +02:00
|
|
|
};
|
2003-05-02 00:55:51 +02:00
|
|
|
|
2003-05-07 04:28:42 +02:00
|
|
|
#define DH_KEY_LEN CRYPTO_DH_SIZE
|
|
|
|
#define DH_ONIONSKIN_LEN DH_KEY_LEN+16
|
2003-05-06 07:54:42 +02:00
|
|
|
|
2003-05-02 23:29:25 +02:00
|
|
|
typedef struct crypt_path_t crypt_path_t;
|
Integrated onion proxy into or/
The 'or' process can now be told (by the global_role variable) what
roles this server should play -- connect to all ORs, listen for ORs,
listen for OPs, listen for APs, or any combination.
* everything in /src/op/ is now obsolete.
* connection_ap.c now handles all interactions with application proxies
* "port" is now or_port, op_port, ap_port. But routers are still always
referenced (say, in conn_get_by_addr_port()) by addr / or_port. We
should make routers.c actually read these new ports (currently I've
kludged it so op_port = or_port+10, ap_port=or_port+20)
* circuits currently know if they're at the beginning of the path because
circ->cpath is set. They use this instead for crypts (both ways),
if it's set.
* I still obey the "send a 0 back to the AP when you're ready" protocol,
but I think we should phase it out. I can simply not read from the AP
socket until I'm ready.
I need to do a lot of cleanup work here, but the code appears to work, so
now's a good time for a checkin.
svn:r22
2002-07-02 11:36:58 +02:00
|
|
|
|
2003-04-16 08:18:31 +02:00
|
|
|
/* struct for a path (circuit) through the network */
|
2003-08-21 01:05:22 +02:00
|
|
|
struct circuit_t {
|
2002-06-27 00:45:49 +02:00
|
|
|
uint32_t n_addr;
|
|
|
|
uint16_t n_port;
|
|
|
|
connection_t *p_conn;
|
2003-05-28 01:39:04 +02:00
|
|
|
connection_t *n_conn; /* for the OR conn, if there is one */
|
|
|
|
connection_t *p_streams;
|
|
|
|
connection_t *n_streams;
|
2003-05-20 08:41:23 +02:00
|
|
|
int package_window;
|
|
|
|
int deliver_window;
|
2002-06-27 00:45:49 +02:00
|
|
|
|
|
|
|
aci_t p_aci; /* connection identifiers */
|
|
|
|
aci_t n_aci;
|
|
|
|
|
2003-05-02 00:55:51 +02:00
|
|
|
crypto_cipher_env_t *p_crypto; /* used only for intermediate hops */
|
2002-08-22 09:30:03 +02:00
|
|
|
crypto_cipher_env_t *n_crypto;
|
2002-06-27 00:45:49 +02:00
|
|
|
|
2003-05-02 00:55:51 +02:00
|
|
|
crypt_path_t *cpath;
|
Integrated onion proxy into or/
The 'or' process can now be told (by the global_role variable) what
roles this server should play -- connect to all ORs, listen for ORs,
listen for OPs, listen for APs, or any combination.
* everything in /src/op/ is now obsolete.
* connection_ap.c now handles all interactions with application proxies
* "port" is now or_port, op_port, ap_port. But routers are still always
referenced (say, in conn_get_by_addr_port()) by addr / or_port. We
should make routers.c actually read these new ports (currently I've
kludged it so op_port = or_port+10, ap_port=or_port+20)
* circuits currently know if they're at the beginning of the path because
circ->cpath is set. They use this instead for crypts (both ways),
if it's set.
* I still obey the "send a 0 back to the AP when you're ready" protocol,
but I think we should phase it out. I can simply not read from the AP
socket until I'm ready.
I need to do a lot of cleanup work here, but the code appears to work, so
now's a good time for a checkin.
svn:r22
2002-07-02 11:36:58 +02:00
|
|
|
|
2003-05-06 07:54:42 +02:00
|
|
|
char onionskin[DH_ONIONSKIN_LEN]; /* for storage while onionskin pending */
|
2003-04-16 08:18:31 +02:00
|
|
|
long timestamp_created;
|
|
|
|
char dirty; /* whether this circuit has been used yet */
|
2002-06-27 00:45:49 +02:00
|
|
|
|
|
|
|
int state;
|
|
|
|
|
2003-05-06 01:24:46 +02:00
|
|
|
// unsigned char *onion; /* stores the onion when state is CONN_STATE_OPEN_WAIT */
|
|
|
|
// uint32_t onionlen; /* total onion length */
|
|
|
|
// uint32_t recvlen; /* length of the onion so far */
|
2002-06-27 00:45:49 +02:00
|
|
|
|
|
|
|
void *next;
|
2003-08-21 01:05:22 +02:00
|
|
|
};
|
|
|
|
|
|
|
|
typedef struct circuit_t circuit_t;
|
2002-06-27 00:45:49 +02:00
|
|
|
|
major overhaul: dns slave subsystem, topics
on startup, it forks off a master dns handler, which forks off dns
slaves (like the apache model). slaves as spawned as load increases,
and then reused. excess slaves are not ever killed, currently.
implemented topics. each topic has a receive window in each direction
at each edge of the circuit, and sends sendme's at the data level, as
per before. each circuit also has receive windows in each direction at
each hop; an edge sends a circuit-level sendme as soon as enough data
cells have arrived (regardless of whether the data cells were flushed
to the exit conns). removed the 'connected' cell type, since it's now
a topic command within data cells.
at the edge of the circuit, there can be multiple connections associated
with a single circuit. you find them via the linked list conn->next_topic.
currently each new ap connection starts its own circuit, so we ought
to see comparable performance to what we had before. but that's only
because i haven't written the code to reattach to old circuits. please
try to break it as-is, and then i'll make it reuse the same circuit and
we'll try to break that.
svn:r152
2003-01-26 10:02:24 +01:00
|
|
|
struct onion_queue_t {
|
|
|
|
circuit_t *circ;
|
|
|
|
struct onion_queue_t *next;
|
|
|
|
};
|
|
|
|
|
2002-12-03 23:18:23 +01:00
|
|
|
typedef struct {
|
2002-07-03 18:31:22 +02:00
|
|
|
char *LogLevel;
|
|
|
|
char *RouterFile;
|
2003-05-08 00:40:03 +02:00
|
|
|
char *SigningPrivateKeyFile;
|
2002-07-03 18:31:22 +02:00
|
|
|
char *PrivateKeyFile;
|
2002-11-23 07:49:01 +01:00
|
|
|
double CoinWeight;
|
2003-03-17 03:42:45 +01:00
|
|
|
int Daemon;
|
2002-07-03 18:31:22 +02:00
|
|
|
int ORPort;
|
|
|
|
int APPort;
|
2002-09-26 14:09:10 +02:00
|
|
|
int DirPort;
|
2002-07-03 18:31:22 +02:00
|
|
|
int MaxConn;
|
2003-05-28 04:03:25 +02:00
|
|
|
int OnionRouter;
|
2002-07-03 18:31:22 +02:00
|
|
|
int TrafficShaping;
|
Implemented link padding and receiver token buckets
Each socket reads at most 'bandwidth' bytes per second sustained, but
can handle bursts of up to 10*bandwidth bytes.
Cells are now sent out at evenly-spaced intervals, with padding sent
out otherwise. Set Linkpadding=0 in the rc file to send cells as soon
as they're available (and to never send padding cells).
Added license/copyrights statements at the top of most files.
router->min and router->max have been merged into a single 'bandwidth'
value. We should make the routerinfo_t reflect this (want to do that,
Mat?)
As the bandwidth increases, and we want to stop sleeping more and more
frequently to send a single cell, cpu usage goes up. At 128kB/s we're
pretty much calling poll with a timeout of 1ms or even 0ms. The current
code takes a timeout of 0-9ms and makes it 10ms. prepare_for_poll()
handles everything that should have happened in the past, so as long as
our buffers don't get too full in that 10ms, we're ok.
Speaking of too full, if you run three servers at 100kB/s with -l debug,
it spends too much time printing debugging messages to be able to keep
up with the cells. The outbuf ultimately fills up and it kills that
connection. If you run with -l err, it works fine up through 500kB/s and
probably beyond. Down the road we'll want to teach it to recognize when
an outbuf is getting full, and back off.
svn:r50
2002-07-16 03:12:15 +02:00
|
|
|
int LinkPadding;
|
2002-09-26 14:09:10 +02:00
|
|
|
int DirRebuildPeriod;
|
|
|
|
int DirFetchPeriod;
|
2002-10-02 01:37:31 +02:00
|
|
|
int KeepalivePeriod;
|
2002-11-27 05:08:20 +01:00
|
|
|
int MaxOnionsPending;
|
2003-04-16 08:18:31 +02:00
|
|
|
int NewCircuitPeriod;
|
2003-06-27 02:57:04 +02:00
|
|
|
int TotalBandwidth;
|
2003-08-14 05:52:51 +02:00
|
|
|
int NumCpus;
|
Implemented link padding and receiver token buckets
Each socket reads at most 'bandwidth' bytes per second sustained, but
can handle bursts of up to 10*bandwidth bytes.
Cells are now sent out at evenly-spaced intervals, with padding sent
out otherwise. Set Linkpadding=0 in the rc file to send cells as soon
as they're available (and to never send padding cells).
Added license/copyrights statements at the top of most files.
router->min and router->max have been merged into a single 'bandwidth'
value. We should make the routerinfo_t reflect this (want to do that,
Mat?)
As the bandwidth increases, and we want to stop sleeping more and more
frequently to send a single cell, cpu usage goes up. At 128kB/s we're
pretty much calling poll with a timeout of 1ms or even 0ms. The current
code takes a timeout of 0-9ms and makes it 10ms. prepare_for_poll()
handles everything that should have happened in the past, so as long as
our buffers don't get too full in that 10ms, we're ok.
Speaking of too full, if you run three servers at 100kB/s with -l debug,
it spends too much time printing debugging messages to be able to keep
up with the cells. The outbuf ultimately fills up and it kills that
connection. If you run with -l err, it works fine up through 500kB/s and
probably beyond. Down the road we'll want to teach it to recognize when
an outbuf is getting full, and back off.
svn:r50
2002-07-16 03:12:15 +02:00
|
|
|
int Role;
|
2002-07-11 16:50:26 +02:00
|
|
|
int loglevel;
|
2002-07-03 18:31:22 +02:00
|
|
|
} or_options_t;
|
2002-06-27 00:45:49 +02:00
|
|
|
|
|
|
|
/* all the function prototypes go here */
|
|
|
|
|
|
|
|
/********************************* buffers.c ***************************/
|
|
|
|
|
2002-08-24 06:59:21 +02:00
|
|
|
int buf_new(char **buf, int *buflen, int *buf_datalen);
|
2002-06-27 00:45:49 +02:00
|
|
|
|
2002-06-30 09:37:49 +02:00
|
|
|
void buf_free(char *buf);
|
2002-06-27 00:45:49 +02:00
|
|
|
|
2002-08-24 06:59:21 +02:00
|
|
|
int read_to_buf(int s, int at_most, char **buf, int *buflen, int *buf_datalen, int *reached_eof);
|
2002-06-27 00:45:49 +02:00
|
|
|
/* grab from s, put onto buf, return how many bytes read */
|
|
|
|
|
2002-08-24 06:59:21 +02:00
|
|
|
int flush_buf(int s, char **buf, int *buflen, int *buf_flushlen, int *buf_datalen);
|
2002-06-27 00:45:49 +02:00
|
|
|
/* push from buf onto s
|
|
|
|
* then memmove to front of buf
|
|
|
|
* return -1 or how many bytes remain on the buf */
|
|
|
|
|
2002-08-24 06:59:21 +02:00
|
|
|
int write_to_buf(char *string, int string_len,
|
|
|
|
char **buf, int *buflen, int *buf_datalen);
|
2002-06-27 00:45:49 +02:00
|
|
|
/* append string to buf (growing as needed, return -1 if "too big")
|
|
|
|
* return total number of bytes on the buf
|
|
|
|
*/
|
|
|
|
|
2003-03-17 03:42:45 +01:00
|
|
|
|
2002-08-24 06:59:21 +02:00
|
|
|
int fetch_from_buf(char *string, int string_len,
|
major overhaul: dns slave subsystem, topics
on startup, it forks off a master dns handler, which forks off dns
slaves (like the apache model). slaves as spawned as load increases,
and then reused. excess slaves are not ever killed, currently.
implemented topics. each topic has a receive window in each direction
at each edge of the circuit, and sends sendme's at the data level, as
per before. each circuit also has receive windows in each direction at
each hop; an edge sends a circuit-level sendme as soon as enough data
cells have arrived (regardless of whether the data cells were flushed
to the exit conns). removed the 'connected' cell type, since it's now
a topic command within data cells.
at the edge of the circuit, there can be multiple connections associated
with a single circuit. you find them via the linked list conn->next_topic.
currently each new ap connection starts its own circuit, so we ought
to see comparable performance to what we had before. but that's only
because i haven't written the code to reattach to old circuits. please
try to break it as-is, and then i'll make it reuse the same circuit and
we'll try to break that.
svn:r152
2003-01-26 10:02:24 +01:00
|
|
|
char **buf, int *buflen, int *buf_datalen);
|
2002-09-28 07:53:00 +02:00
|
|
|
/* if there is string_len bytes in buf, write them onto string,
|
|
|
|
* then memmove buf back (that is, remove them from buf)
|
|
|
|
*/
|
|
|
|
|
|
|
|
int find_on_inbuf(char *string, int string_len,
|
|
|
|
char *buf, int buf_datalen);
|
|
|
|
/* find first instance of needle 'string' on haystack 'buf'. return how
|
|
|
|
* many bytes from the beginning of buf to the end of string.
|
|
|
|
* If it's not there, return -1.
|
|
|
|
*/
|
2002-06-27 00:45:49 +02:00
|
|
|
|
|
|
|
/********************************* cell.c ***************************/
|
|
|
|
|
2002-07-19 20:48:28 +02:00
|
|
|
int pack_create(uint16_t aci, unsigned char *onion, uint32_t onionlen, unsigned char **cellbuf, unsigned int *cellbuflen);
|
2002-06-27 00:45:49 +02:00
|
|
|
|
|
|
|
/********************************* circuit.c ***************************/
|
|
|
|
|
|
|
|
void circuit_add(circuit_t *circ);
|
|
|
|
void circuit_remove(circuit_t *circ);
|
|
|
|
|
|
|
|
circuit_t *circuit_new(aci_t p_aci, connection_t *p_conn);
|
|
|
|
|
|
|
|
/* internal */
|
|
|
|
aci_t get_unique_aci_by_addr_port(uint32_t addr, uint16_t port, int aci_type);
|
|
|
|
|
|
|
|
circuit_t *circuit_get_by_aci_conn(aci_t aci, connection_t *conn);
|
|
|
|
circuit_t *circuit_get_by_conn(connection_t *conn);
|
2003-05-02 00:55:51 +02:00
|
|
|
circuit_t *circuit_get_newest_ap(void);
|
2002-09-24 12:43:57 +02:00
|
|
|
circuit_t *circuit_enumerate_by_naddr_nport(circuit_t *start, uint32_t naddr, uint16_t nport);
|
2002-06-27 00:45:49 +02:00
|
|
|
|
2003-05-02 23:29:25 +02:00
|
|
|
int circuit_deliver_relay_cell(cell_t *cell, circuit_t *circ,
|
|
|
|
int cell_direction, crypt_path_t *layer_hint);
|
|
|
|
int relay_crypt(circuit_t *circ, char *in, int inlen, char cell_direction,
|
2003-05-20 08:41:23 +02:00
|
|
|
crypt_path_t **layer_hint, char *recognized, connection_t **conn);
|
2003-05-02 23:29:25 +02:00
|
|
|
int relay_check_recognized(circuit_t *circ, int cell_direction, char *stream, connection_t **conn);
|
2002-06-27 00:45:49 +02:00
|
|
|
|
2003-05-20 08:41:23 +02:00
|
|
|
void circuit_resume_edge_reading(circuit_t *circ, int edge_type, crypt_path_t *layer_hint);
|
|
|
|
int circuit_consider_stop_edge_reading(circuit_t *circ, int edge_type, crypt_path_t *layer_hint);
|
|
|
|
int circuit_consider_sending_sendme(circuit_t *circ, int edge_type, crypt_path_t *layer_hint);
|
major overhaul: dns slave subsystem, topics
on startup, it forks off a master dns handler, which forks off dns
slaves (like the apache model). slaves as spawned as load increases,
and then reused. excess slaves are not ever killed, currently.
implemented topics. each topic has a receive window in each direction
at each edge of the circuit, and sends sendme's at the data level, as
per before. each circuit also has receive windows in each direction at
each hop; an edge sends a circuit-level sendme as soon as enough data
cells have arrived (regardless of whether the data cells were flushed
to the exit conns). removed the 'connected' cell type, since it's now
a topic command within data cells.
at the edge of the circuit, there can be multiple connections associated
with a single circuit. you find them via the linked list conn->next_topic.
currently each new ap connection starts its own circuit, so we ought
to see comparable performance to what we had before. but that's only
because i haven't written the code to reattach to old circuits. please
try to break it as-is, and then i'll make it reuse the same circuit and
we'll try to break that.
svn:r152
2003-01-26 10:02:24 +01:00
|
|
|
|
2002-06-27 00:45:49 +02:00
|
|
|
void circuit_free(circuit_t *circ);
|
2003-05-02 00:55:51 +02:00
|
|
|
void circuit_free_cpath(crypt_path_t *cpath);
|
|
|
|
void circuit_free_cpath_node(crypt_path_t *victim);
|
2002-06-27 00:45:49 +02:00
|
|
|
|
|
|
|
void circuit_close(circuit_t *circ);
|
|
|
|
|
|
|
|
void circuit_about_to_close_connection(connection_t *conn);
|
|
|
|
/* flush and send destroys for all circuits using conn */
|
|
|
|
|
2002-09-22 00:41:48 +02:00
|
|
|
void circuit_dump_by_conn(connection_t *conn);
|
|
|
|
|
2003-04-16 18:17:27 +02:00
|
|
|
void circuit_expire_unused_circuits(void);
|
2003-04-16 08:18:31 +02:00
|
|
|
void circuit_launch_new(int failure_status);
|
2003-05-06 01:24:46 +02:00
|
|
|
int circuit_establish_circuit(void);
|
2003-04-16 08:18:31 +02:00
|
|
|
void circuit_n_conn_open(connection_t *or_conn);
|
2003-05-06 01:24:46 +02:00
|
|
|
int circuit_send_next_onion_skin(circuit_t *circ);
|
|
|
|
int circuit_extend(cell_t *cell, circuit_t *circ);
|
|
|
|
int circuit_finish_handshake(circuit_t *circ, char *reply);
|
2003-06-12 12:16:33 +02:00
|
|
|
int circuit_truncated(circuit_t *circ, crypt_path_t *layer);
|
2003-04-16 08:18:31 +02:00
|
|
|
|
2002-06-27 00:45:49 +02:00
|
|
|
/********************************* command.c ***************************/
|
|
|
|
|
|
|
|
void command_process_cell(cell_t *cell, connection_t *conn);
|
|
|
|
|
|
|
|
void command_process_create_cell(cell_t *cell, connection_t *conn);
|
2003-05-06 01:24:46 +02:00
|
|
|
void command_process_created_cell(cell_t *cell, connection_t *conn);
|
2002-07-18 08:37:58 +02:00
|
|
|
void command_process_sendme_cell(cell_t *cell, connection_t *conn);
|
2003-05-01 08:42:29 +02:00
|
|
|
void command_process_relay_cell(cell_t *cell, connection_t *conn);
|
2002-06-27 00:45:49 +02:00
|
|
|
void command_process_destroy_cell(cell_t *cell, connection_t *conn);
|
2002-09-17 10:14:37 +02:00
|
|
|
void command_process_connected_cell(cell_t *cell, connection_t *conn);
|
2002-06-27 00:45:49 +02:00
|
|
|
|
|
|
|
/********************************* config.c ***************************/
|
|
|
|
|
2002-11-23 07:49:01 +01:00
|
|
|
/* open configuration file for reading */
|
|
|
|
FILE *config_open(const unsigned char *filename);
|
|
|
|
|
|
|
|
/* close configuration file */
|
|
|
|
int config_close(FILE *f);
|
|
|
|
|
|
|
|
struct config_line *config_get_commandlines(int argc, char **argv);
|
|
|
|
|
|
|
|
/* parse the config file and strdup into key/value strings. Return list.
|
|
|
|
* * * Warn and ignore mangled lines. */
|
|
|
|
struct config_line *config_get_lines(FILE *f);
|
|
|
|
|
|
|
|
void config_free_lines(struct config_line *front);
|
|
|
|
|
|
|
|
int config_compare(struct config_line *c, char *key, int type, void *arg);
|
|
|
|
|
|
|
|
void config_assign(or_options_t *options, struct config_line *list);
|
2002-06-27 00:45:49 +02:00
|
|
|
|
2002-11-23 07:49:01 +01:00
|
|
|
/* return 0 if success, <0 if failure. */
|
|
|
|
int getconfig(int argc, char **argv, or_options_t *options);
|
2002-07-03 18:31:22 +02:00
|
|
|
|
2002-06-27 00:45:49 +02:00
|
|
|
/********************************* connection.c ***************************/
|
|
|
|
|
Implemented link padding and receiver token buckets
Each socket reads at most 'bandwidth' bytes per second sustained, but
can handle bursts of up to 10*bandwidth bytes.
Cells are now sent out at evenly-spaced intervals, with padding sent
out otherwise. Set Linkpadding=0 in the rc file to send cells as soon
as they're available (and to never send padding cells).
Added license/copyrights statements at the top of most files.
router->min and router->max have been merged into a single 'bandwidth'
value. We should make the routerinfo_t reflect this (want to do that,
Mat?)
As the bandwidth increases, and we want to stop sleeping more and more
frequently to send a single cell, cpu usage goes up. At 128kB/s we're
pretty much calling poll with a timeout of 1ms or even 0ms. The current
code takes a timeout of 0-9ms and makes it 10ms. prepare_for_poll()
handles everything that should have happened in the past, so as long as
our buffers don't get too full in that 10ms, we're ok.
Speaking of too full, if you run three servers at 100kB/s with -l debug,
it spends too much time printing debugging messages to be able to keep
up with the cells. The outbuf ultimately fills up and it kills that
connection. If you run with -l err, it works fine up through 500kB/s and
probably beyond. Down the road we'll want to teach it to recognize when
an outbuf is getting full, and back off.
svn:r50
2002-07-16 03:12:15 +02:00
|
|
|
int tv_cmp(struct timeval *a, struct timeval *b);
|
|
|
|
|
2002-06-27 00:45:49 +02:00
|
|
|
connection_t *connection_new(int type);
|
|
|
|
|
|
|
|
void connection_free(connection_t *conn);
|
|
|
|
|
2002-10-03 00:54:20 +02:00
|
|
|
int connection_create_listener(struct sockaddr_in *bindaddr, int type);
|
2002-06-27 00:45:49 +02:00
|
|
|
|
|
|
|
int connection_handle_listener_read(connection_t *conn, int new_type, int new_state);
|
|
|
|
|
|
|
|
/* start all connections that should be up but aren't */
|
2003-05-28 04:03:25 +02:00
|
|
|
int retry_all_connections(uint16_t or_listenport, uint16_t ap_listenport, uint16_t dir_listenport);
|
2002-06-27 00:45:49 +02:00
|
|
|
|
|
|
|
int connection_read_to_buf(connection_t *conn);
|
|
|
|
|
|
|
|
int connection_fetch_from_buf(char *string, int len, connection_t *conn);
|
|
|
|
|
2002-07-18 08:37:58 +02:00
|
|
|
int connection_outbuf_too_full(connection_t *conn);
|
2002-09-28 07:53:00 +02:00
|
|
|
int connection_find_on_inbuf(char *string, int len, connection_t *conn);
|
2002-07-18 08:37:58 +02:00
|
|
|
int connection_wants_to_flush(connection_t *conn);
|
2002-06-27 00:45:49 +02:00
|
|
|
int connection_flush_buf(connection_t *conn);
|
|
|
|
|
|
|
|
int connection_write_to_buf(char *string, int len, connection_t *conn);
|
Implemented link padding and receiver token buckets
Each socket reads at most 'bandwidth' bytes per second sustained, but
can handle bursts of up to 10*bandwidth bytes.
Cells are now sent out at evenly-spaced intervals, with padding sent
out otherwise. Set Linkpadding=0 in the rc file to send cells as soon
as they're available (and to never send padding cells).
Added license/copyrights statements at the top of most files.
router->min and router->max have been merged into a single 'bandwidth'
value. We should make the routerinfo_t reflect this (want to do that,
Mat?)
As the bandwidth increases, and we want to stop sleeping more and more
frequently to send a single cell, cpu usage goes up. At 128kB/s we're
pretty much calling poll with a timeout of 1ms or even 0ms. The current
code takes a timeout of 0-9ms and makes it 10ms. prepare_for_poll()
handles everything that should have happened in the past, so as long as
our buffers don't get too full in that 10ms, we're ok.
Speaking of too full, if you run three servers at 100kB/s with -l debug,
it spends too much time printing debugging messages to be able to keep
up with the cells. The outbuf ultimately fills up and it kills that
connection. If you run with -l err, it works fine up through 500kB/s and
probably beyond. Down the road we'll want to teach it to recognize when
an outbuf is getting full, and back off.
svn:r50
2002-07-16 03:12:15 +02:00
|
|
|
void connection_send_cell(connection_t *conn);
|
|
|
|
|
|
|
|
int connection_receiver_bucket_should_increase(connection_t *conn);
|
|
|
|
|
|
|
|
void connection_increment_send_timeval(connection_t *conn);
|
|
|
|
void connection_init_timeval(connection_t *conn);
|
|
|
|
|
2003-05-28 04:03:25 +02:00
|
|
|
#define connection_speaks_cells(conn) ((conn)->type == CONN_TYPE_OR)
|
2002-09-22 00:41:48 +02:00
|
|
|
int connection_is_listener(connection_t *conn);
|
Implemented link padding and receiver token buckets
Each socket reads at most 'bandwidth' bytes per second sustained, but
can handle bursts of up to 10*bandwidth bytes.
Cells are now sent out at evenly-spaced intervals, with padding sent
out otherwise. Set Linkpadding=0 in the rc file to send cells as soon
as they're available (and to never send padding cells).
Added license/copyrights statements at the top of most files.
router->min and router->max have been merged into a single 'bandwidth'
value. We should make the routerinfo_t reflect this (want to do that,
Mat?)
As the bandwidth increases, and we want to stop sleeping more and more
frequently to send a single cell, cpu usage goes up. At 128kB/s we're
pretty much calling poll with a timeout of 1ms or even 0ms. The current
code takes a timeout of 0-9ms and makes it 10ms. prepare_for_poll()
handles everything that should have happened in the past, so as long as
our buffers don't get too full in that 10ms, we're ok.
Speaking of too full, if you run three servers at 100kB/s with -l debug,
it spends too much time printing debugging messages to be able to keep
up with the cells. The outbuf ultimately fills up and it kills that
connection. If you run with -l err, it works fine up through 500kB/s and
probably beyond. Down the road we'll want to teach it to recognize when
an outbuf is getting full, and back off.
svn:r50
2002-07-16 03:12:15 +02:00
|
|
|
int connection_state_is_open(connection_t *conn);
|
|
|
|
|
2002-06-27 00:45:49 +02:00
|
|
|
int connection_send_destroy(aci_t aci, connection_t *conn);
|
2002-09-17 10:14:37 +02:00
|
|
|
int connection_send_connected(aci_t aci, connection_t *conn);
|
2002-10-02 22:12:44 +02:00
|
|
|
int connection_encrypt_cell(char *cellp, connection_t *conn);
|
2003-02-18 02:35:55 +01:00
|
|
|
int connection_write_cell_to_buf(const cell_t *cellp, connection_t *conn);
|
2002-06-27 00:45:49 +02:00
|
|
|
|
|
|
|
int connection_process_inbuf(connection_t *conn);
|
Integrated onion proxy into or/
The 'or' process can now be told (by the global_role variable) what
roles this server should play -- connect to all ORs, listen for ORs,
listen for OPs, listen for APs, or any combination.
* everything in /src/op/ is now obsolete.
* connection_ap.c now handles all interactions with application proxies
* "port" is now or_port, op_port, ap_port. But routers are still always
referenced (say, in conn_get_by_addr_port()) by addr / or_port. We
should make routers.c actually read these new ports (currently I've
kludged it so op_port = or_port+10, ap_port=or_port+20)
* circuits currently know if they're at the beginning of the path because
circ->cpath is set. They use this instead for crypts (both ways),
if it's set.
* I still obey the "send a 0 back to the AP when you're ready" protocol,
but I think we should phase it out. I can simply not read from the AP
socket until I'm ready.
I need to do a lot of cleanup work here, but the code appears to work, so
now's a good time for a checkin.
svn:r22
2002-07-02 11:36:58 +02:00
|
|
|
int connection_package_raw_inbuf(connection_t *conn);
|
2002-06-27 00:45:49 +02:00
|
|
|
int connection_process_cell_from_inbuf(connection_t *conn);
|
|
|
|
|
major overhaul: dns slave subsystem, topics
on startup, it forks off a master dns handler, which forks off dns
slaves (like the apache model). slaves as spawned as load increases,
and then reused. excess slaves are not ever killed, currently.
implemented topics. each topic has a receive window in each direction
at each edge of the circuit, and sends sendme's at the data level, as
per before. each circuit also has receive windows in each direction at
each hop; an edge sends a circuit-level sendme as soon as enough data
cells have arrived (regardless of whether the data cells were flushed
to the exit conns). removed the 'connected' cell type, since it's now
a topic command within data cells.
at the edge of the circuit, there can be multiple connections associated
with a single circuit. you find them via the linked list conn->next_topic.
currently each new ap connection starts its own circuit, so we ought
to see comparable performance to what we had before. but that's only
because i haven't written the code to reattach to old circuits. please
try to break it as-is, and then i'll make it reuse the same circuit and
we'll try to break that.
svn:r152
2003-01-26 10:02:24 +01:00
|
|
|
int connection_consider_sending_sendme(connection_t *conn, int edge_type);
|
2002-06-27 00:45:49 +02:00
|
|
|
int connection_finished_flushing(connection_t *conn);
|
|
|
|
|
2003-04-16 19:44:33 +02:00
|
|
|
void cell_pack(char *dest, const cell_t *src);
|
|
|
|
void cell_unpack(cell_t *dest, const char *src);
|
|
|
|
|
Integrated onion proxy into or/
The 'or' process can now be told (by the global_role variable) what
roles this server should play -- connect to all ORs, listen for ORs,
listen for OPs, listen for APs, or any combination.
* everything in /src/op/ is now obsolete.
* connection_ap.c now handles all interactions with application proxies
* "port" is now or_port, op_port, ap_port. But routers are still always
referenced (say, in conn_get_by_addr_port()) by addr / or_port. We
should make routers.c actually read these new ports (currently I've
kludged it so op_port = or_port+10, ap_port=or_port+20)
* circuits currently know if they're at the beginning of the path because
circ->cpath is set. They use this instead for crypts (both ways),
if it's set.
* I still obey the "send a 0 back to the AP when you're ready" protocol,
but I think we should phase it out. I can simply not read from the AP
socket until I'm ready.
I need to do a lot of cleanup work here, but the code appears to work, so
now's a good time for a checkin.
svn:r22
2002-07-02 11:36:58 +02:00
|
|
|
/********************************* connection_ap.c ****************************/
|
2002-06-27 00:45:49 +02:00
|
|
|
|
2002-09-22 13:09:07 +02:00
|
|
|
int ap_handshake_process_socks(connection_t *conn);
|
2002-06-27 00:45:49 +02:00
|
|
|
|
major overhaul: dns slave subsystem, topics
on startup, it forks off a master dns handler, which forks off dns
slaves (like the apache model). slaves as spawned as load increases,
and then reused. excess slaves are not ever killed, currently.
implemented topics. each topic has a receive window in each direction
at each edge of the circuit, and sends sendme's at the data level, as
per before. each circuit also has receive windows in each direction at
each hop; an edge sends a circuit-level sendme as soon as enough data
cells have arrived (regardless of whether the data cells were flushed
to the exit conns). removed the 'connected' cell type, since it's now
a topic command within data cells.
at the edge of the circuit, there can be multiple connections associated
with a single circuit. you find them via the linked list conn->next_topic.
currently each new ap connection starts its own circuit, so we ought
to see comparable performance to what we had before. but that's only
because i haven't written the code to reattach to old circuits. please
try to break it as-is, and then i'll make it reuse the same circuit and
we'll try to break that.
svn:r152
2003-01-26 10:02:24 +01:00
|
|
|
int ap_handshake_send_begin(connection_t *ap_conn, circuit_t *circ);
|
Integrated onion proxy into or/
The 'or' process can now be told (by the global_role variable) what
roles this server should play -- connect to all ORs, listen for ORs,
listen for OPs, listen for APs, or any combination.
* everything in /src/op/ is now obsolete.
* connection_ap.c now handles all interactions with application proxies
* "port" is now or_port, op_port, ap_port. But routers are still always
referenced (say, in conn_get_by_addr_port()) by addr / or_port. We
should make routers.c actually read these new ports (currently I've
kludged it so op_port = or_port+10, ap_port=or_port+20)
* circuits currently know if they're at the beginning of the path because
circ->cpath is set. They use this instead for crypts (both ways),
if it's set.
* I still obey the "send a 0 back to the AP when you're ready" protocol,
but I think we should phase it out. I can simply not read from the AP
socket until I'm ready.
I need to do a lot of cleanup work here, but the code appears to work, so
now's a good time for a checkin.
svn:r22
2002-07-02 11:36:58 +02:00
|
|
|
|
2002-09-22 13:09:07 +02:00
|
|
|
int ap_handshake_socks_reply(connection_t *conn, char result);
|
Integrated onion proxy into or/
The 'or' process can now be told (by the global_role variable) what
roles this server should play -- connect to all ORs, listen for ORs,
listen for OPs, listen for APs, or any combination.
* everything in /src/op/ is now obsolete.
* connection_ap.c now handles all interactions with application proxies
* "port" is now or_port, op_port, ap_port. But routers are still always
referenced (say, in conn_get_by_addr_port()) by addr / or_port. We
should make routers.c actually read these new ports (currently I've
kludged it so op_port = or_port+10, ap_port=or_port+20)
* circuits currently know if they're at the beginning of the path because
circ->cpath is set. They use this instead for crypts (both ways),
if it's set.
* I still obey the "send a 0 back to the AP when you're ready" protocol,
but I think we should phase it out. I can simply not read from the AP
socket until I'm ready.
I need to do a lot of cleanup work here, but the code appears to work, so
now's a good time for a checkin.
svn:r22
2002-07-02 11:36:58 +02:00
|
|
|
|
2002-10-03 00:54:20 +02:00
|
|
|
int connection_ap_create_listener(struct sockaddr_in *bindaddr);
|
Integrated onion proxy into or/
The 'or' process can now be told (by the global_role variable) what
roles this server should play -- connect to all ORs, listen for ORs,
listen for OPs, listen for APs, or any combination.
* everything in /src/op/ is now obsolete.
* connection_ap.c now handles all interactions with application proxies
* "port" is now or_port, op_port, ap_port. But routers are still always
referenced (say, in conn_get_by_addr_port()) by addr / or_port. We
should make routers.c actually read these new ports (currently I've
kludged it so op_port = or_port+10, ap_port=or_port+20)
* circuits currently know if they're at the beginning of the path because
circ->cpath is set. They use this instead for crypts (both ways),
if it's set.
* I still obey the "send a 0 back to the AP when you're ready" protocol,
but I think we should phase it out. I can simply not read from the AP
socket until I'm ready.
I need to do a lot of cleanup work here, but the code appears to work, so
now's a good time for a checkin.
svn:r22
2002-07-02 11:36:58 +02:00
|
|
|
|
|
|
|
int connection_ap_handle_listener_read(connection_t *conn);
|
|
|
|
|
2003-04-12 00:11:11 +02:00
|
|
|
/********************************* connection_edge.c ***************************/
|
|
|
|
|
|
|
|
int connection_edge_process_inbuf(connection_t *conn);
|
2003-06-12 12:16:33 +02:00
|
|
|
int connection_edge_send_command(connection_t *fromconn, circuit_t *circ, int relay_command);
|
2003-05-20 08:41:23 +02:00
|
|
|
int connection_edge_process_relay_cell(cell_t *cell, circuit_t *circ, connection_t *conn, int edge_type, crypt_path_t *layer_hint);
|
2003-04-12 00:11:11 +02:00
|
|
|
int connection_edge_finished_flushing(connection_t *conn);
|
|
|
|
|
Integrated onion proxy into or/
The 'or' process can now be told (by the global_role variable) what
roles this server should play -- connect to all ORs, listen for ORs,
listen for OPs, listen for APs, or any combination.
* everything in /src/op/ is now obsolete.
* connection_ap.c now handles all interactions with application proxies
* "port" is now or_port, op_port, ap_port. But routers are still always
referenced (say, in conn_get_by_addr_port()) by addr / or_port. We
should make routers.c actually read these new ports (currently I've
kludged it so op_port = or_port+10, ap_port=or_port+20)
* circuits currently know if they're at the beginning of the path because
circ->cpath is set. They use this instead for crypts (both ways),
if it's set.
* I still obey the "send a 0 back to the AP when you're ready" protocol,
but I think we should phase it out. I can simply not read from the AP
socket until I'm ready.
I need to do a lot of cleanup work here, but the code appears to work, so
now's a good time for a checkin.
svn:r22
2002-07-02 11:36:58 +02:00
|
|
|
/********************************* connection_exit.c ***************************/
|
|
|
|
|
2002-09-17 10:14:37 +02:00
|
|
|
int connection_exit_send_connected(connection_t *conn);
|
2003-04-12 00:11:11 +02:00
|
|
|
int connection_exit_begin_conn(cell_t *cell, circuit_t *circ);
|
Integrated onion proxy into or/
The 'or' process can now be told (by the global_role variable) what
roles this server should play -- connect to all ORs, listen for ORs,
listen for OPs, listen for APs, or any combination.
* everything in /src/op/ is now obsolete.
* connection_ap.c now handles all interactions with application proxies
* "port" is now or_port, op_port, ap_port. But routers are still always
referenced (say, in conn_get_by_addr_port()) by addr / or_port. We
should make routers.c actually read these new ports (currently I've
kludged it so op_port = or_port+10, ap_port=or_port+20)
* circuits currently know if they're at the beginning of the path because
circ->cpath is set. They use this instead for crypts (both ways),
if it's set.
* I still obey the "send a 0 back to the AP when you're ready" protocol,
but I think we should phase it out. I can simply not read from the AP
socket until I'm ready.
I need to do a lot of cleanup work here, but the code appears to work, so
now's a good time for a checkin.
svn:r22
2002-07-02 11:36:58 +02:00
|
|
|
|
major overhaul: dns slave subsystem, topics
on startup, it forks off a master dns handler, which forks off dns
slaves (like the apache model). slaves as spawned as load increases,
and then reused. excess slaves are not ever killed, currently.
implemented topics. each topic has a receive window in each direction
at each edge of the circuit, and sends sendme's at the data level, as
per before. each circuit also has receive windows in each direction at
each hop; an edge sends a circuit-level sendme as soon as enough data
cells have arrived (regardless of whether the data cells were flushed
to the exit conns). removed the 'connected' cell type, since it's now
a topic command within data cells.
at the edge of the circuit, there can be multiple connections associated
with a single circuit. you find them via the linked list conn->next_topic.
currently each new ap connection starts its own circuit, so we ought
to see comparable performance to what we had before. but that's only
because i haven't written the code to reattach to old circuits. please
try to break it as-is, and then i'll make it reuse the same circuit and
we'll try to break that.
svn:r152
2003-01-26 10:02:24 +01:00
|
|
|
int connection_exit_connect(connection_t *conn);
|
2002-06-27 00:45:49 +02:00
|
|
|
|
|
|
|
/********************************* connection_op.c ***************************/
|
|
|
|
|
|
|
|
int op_handshake_process_keys(connection_t *conn);
|
|
|
|
|
|
|
|
int connection_op_process_inbuf(connection_t *conn);
|
|
|
|
|
|
|
|
int connection_op_finished_flushing(connection_t *conn);
|
|
|
|
|
2002-10-03 00:54:20 +02:00
|
|
|
int connection_op_create_listener(struct sockaddr_in *bindaddr);
|
2002-06-27 00:45:49 +02:00
|
|
|
|
|
|
|
int connection_op_handle_listener_read(connection_t *conn);
|
|
|
|
|
Integrated onion proxy into or/
The 'or' process can now be told (by the global_role variable) what
roles this server should play -- connect to all ORs, listen for ORs,
listen for OPs, listen for APs, or any combination.
* everything in /src/op/ is now obsolete.
* connection_ap.c now handles all interactions with application proxies
* "port" is now or_port, op_port, ap_port. But routers are still always
referenced (say, in conn_get_by_addr_port()) by addr / or_port. We
should make routers.c actually read these new ports (currently I've
kludged it so op_port = or_port+10, ap_port=or_port+20)
* circuits currently know if they're at the beginning of the path because
circ->cpath is set. They use this instead for crypts (both ways),
if it's set.
* I still obey the "send a 0 back to the AP when you're ready" protocol,
but I think we should phase it out. I can simply not read from the AP
socket until I'm ready.
I need to do a lot of cleanup work here, but the code appears to work, so
now's a good time for a checkin.
svn:r22
2002-07-02 11:36:58 +02:00
|
|
|
/********************************* connection_or.c ***************************/
|
2002-06-27 00:45:49 +02:00
|
|
|
|
Integrated onion proxy into or/
The 'or' process can now be told (by the global_role variable) what
roles this server should play -- connect to all ORs, listen for ORs,
listen for OPs, listen for APs, or any combination.
* everything in /src/op/ is now obsolete.
* connection_ap.c now handles all interactions with application proxies
* "port" is now or_port, op_port, ap_port. But routers are still always
referenced (say, in conn_get_by_addr_port()) by addr / or_port. We
should make routers.c actually read these new ports (currently I've
kludged it so op_port = or_port+10, ap_port=or_port+20)
* circuits currently know if they're at the beginning of the path because
circ->cpath is set. They use this instead for crypts (both ways),
if it's set.
* I still obey the "send a 0 back to the AP when you're ready" protocol,
but I think we should phase it out. I can simply not read from the AP
socket until I'm ready.
I need to do a lot of cleanup work here, but the code appears to work, so
now's a good time for a checkin.
svn:r22
2002-07-02 11:36:58 +02:00
|
|
|
int connection_or_process_inbuf(connection_t *conn);
|
|
|
|
int connection_or_finished_flushing(connection_t *conn);
|
2002-06-27 00:45:49 +02:00
|
|
|
|
2003-05-28 04:03:25 +02:00
|
|
|
connection_t *connection_or_connect(routerinfo_t *router);
|
Integrated onion proxy into or/
The 'or' process can now be told (by the global_role variable) what
roles this server should play -- connect to all ORs, listen for ORs,
listen for OPs, listen for APs, or any combination.
* everything in /src/op/ is now obsolete.
* connection_ap.c now handles all interactions with application proxies
* "port" is now or_port, op_port, ap_port. But routers are still always
referenced (say, in conn_get_by_addr_port()) by addr / or_port. We
should make routers.c actually read these new ports (currently I've
kludged it so op_port = or_port+10, ap_port=or_port+20)
* circuits currently know if they're at the beginning of the path because
circ->cpath is set. They use this instead for crypts (both ways),
if it's set.
* I still obey the "send a 0 back to the AP when you're ready" protocol,
but I think we should phase it out. I can simply not read from the AP
socket until I'm ready.
I need to do a lot of cleanup work here, but the code appears to work, so
now's a good time for a checkin.
svn:r22
2002-07-02 11:36:58 +02:00
|
|
|
|
2002-10-03 00:54:20 +02:00
|
|
|
int connection_or_create_listener(struct sockaddr_in *bindaddr);
|
Integrated onion proxy into or/
The 'or' process can now be told (by the global_role variable) what
roles this server should play -- connect to all ORs, listen for ORs,
listen for OPs, listen for APs, or any combination.
* everything in /src/op/ is now obsolete.
* connection_ap.c now handles all interactions with application proxies
* "port" is now or_port, op_port, ap_port. But routers are still always
referenced (say, in conn_get_by_addr_port()) by addr / or_port. We
should make routers.c actually read these new ports (currently I've
kludged it so op_port = or_port+10, ap_port=or_port+20)
* circuits currently know if they're at the beginning of the path because
circ->cpath is set. They use this instead for crypts (both ways),
if it's set.
* I still obey the "send a 0 back to the AP when you're ready" protocol,
but I think we should phase it out. I can simply not read from the AP
socket until I'm ready.
I need to do a lot of cleanup work here, but the code appears to work, so
now's a good time for a checkin.
svn:r22
2002-07-02 11:36:58 +02:00
|
|
|
int connection_or_handle_listener_read(connection_t *conn);
|
2002-06-27 00:45:49 +02:00
|
|
|
|
2003-08-21 01:05:22 +02:00
|
|
|
/********************************* cpuworker.c *****************************/
|
|
|
|
|
|
|
|
void cpu_init(void);
|
|
|
|
int connection_cpu_finished_flushing(connection_t *conn);
|
|
|
|
int connection_cpu_process_inbuf(connection_t *conn);
|
|
|
|
int cpuworker_main(void *data);
|
|
|
|
int assign_to_cpuworker(connection_t *cpuworker, unsigned char question_type,
|
|
|
|
void *task);
|
|
|
|
|
2002-09-26 14:09:10 +02:00
|
|
|
/********************************* directory.c ***************************/
|
|
|
|
|
|
|
|
void directory_initiate_fetch(routerinfo_t *router);
|
|
|
|
int directory_send_command(connection_t *conn);
|
2003-03-11 02:51:41 +01:00
|
|
|
void directory_set_dirty(void);
|
2002-09-26 14:09:10 +02:00
|
|
|
void directory_rebuild(void);
|
|
|
|
int connection_dir_process_inbuf(connection_t *conn);
|
|
|
|
int directory_handle_command(connection_t *conn);
|
|
|
|
int directory_handle_reading(connection_t *conn);
|
|
|
|
int connection_dir_finished_flushing(connection_t *conn);
|
2002-10-03 00:54:20 +02:00
|
|
|
int connection_dir_create_listener(struct sockaddr_in *bindaddr);
|
2002-09-26 14:09:10 +02:00
|
|
|
int connection_dir_handle_listener_read(connection_t *conn);
|
|
|
|
|
major overhaul: dns slave subsystem, topics
on startup, it forks off a master dns handler, which forks off dns
slaves (like the apache model). slaves as spawned as load increases,
and then reused. excess slaves are not ever killed, currently.
implemented topics. each topic has a receive window in each direction
at each edge of the circuit, and sends sendme's at the data level, as
per before. each circuit also has receive windows in each direction at
each hop; an edge sends a circuit-level sendme as soon as enough data
cells have arrived (regardless of whether the data cells were flushed
to the exit conns). removed the 'connected' cell type, since it's now
a topic command within data cells.
at the edge of the circuit, there can be multiple connections associated
with a single circuit. you find them via the linked list conn->next_topic.
currently each new ap connection starts its own circuit, so we ought
to see comparable performance to what we had before. but that's only
because i haven't written the code to reattach to old circuits. please
try to break it as-is, and then i'll make it reuse the same circuit and
we'll try to break that.
svn:r152
2003-01-26 10:02:24 +01:00
|
|
|
/********************************* dns.c ***************************/
|
|
|
|
|
2003-06-25 09:19:30 +02:00
|
|
|
void dns_init(void);
|
major overhaul: dns slave subsystem, topics
on startup, it forks off a master dns handler, which forks off dns
slaves (like the apache model). slaves as spawned as load increases,
and then reused. excess slaves are not ever killed, currently.
implemented topics. each topic has a receive window in each direction
at each edge of the circuit, and sends sendme's at the data level, as
per before. each circuit also has receive windows in each direction at
each hop; an edge sends a circuit-level sendme as soon as enough data
cells have arrived (regardless of whether the data cells were flushed
to the exit conns). removed the 'connected' cell type, since it's now
a topic command within data cells.
at the edge of the circuit, there can be multiple connections associated
with a single circuit. you find them via the linked list conn->next_topic.
currently each new ap connection starts its own circuit, so we ought
to see comparable performance to what we had before. but that's only
because i haven't written the code to reattach to old circuits. please
try to break it as-is, and then i'll make it reuse the same circuit and
we'll try to break that.
svn:r152
2003-01-26 10:02:24 +01:00
|
|
|
int connection_dns_finished_flushing(connection_t *conn);
|
|
|
|
int connection_dns_process_inbuf(connection_t *conn);
|
2003-06-27 02:57:04 +02:00
|
|
|
void dns_cancel_pending_resolve(char *question, connection_t *onlyconn);
|
2003-02-14 08:53:55 +01:00
|
|
|
int dns_resolve(connection_t *exitconn);
|
major overhaul: dns slave subsystem, topics
on startup, it forks off a master dns handler, which forks off dns
slaves (like the apache model). slaves as spawned as load increases,
and then reused. excess slaves are not ever killed, currently.
implemented topics. each topic has a receive window in each direction
at each edge of the circuit, and sends sendme's at the data level, as
per before. each circuit also has receive windows in each direction at
each hop; an edge sends a circuit-level sendme as soon as enough data
cells have arrived (regardless of whether the data cells were flushed
to the exit conns). removed the 'connected' cell type, since it's now
a topic command within data cells.
at the edge of the circuit, there can be multiple connections associated
with a single circuit. you find them via the linked list conn->next_topic.
currently each new ap connection starts its own circuit, so we ought
to see comparable performance to what we had before. but that's only
because i haven't written the code to reattach to old circuits. please
try to break it as-is, and then i'll make it reuse the same circuit and
we'll try to break that.
svn:r152
2003-01-26 10:02:24 +01:00
|
|
|
|
2002-06-27 00:45:49 +02:00
|
|
|
/********************************* main.c ***************************/
|
|
|
|
|
2003-05-08 00:40:03 +02:00
|
|
|
void set_privatekey(crypto_pk_env_t *k);
|
|
|
|
crypto_pk_env_t *get_privatekey(void);
|
|
|
|
void set_signing_privatekey(crypto_pk_env_t *k);
|
|
|
|
crypto_pk_env_t *get_signing_privatekey(void);
|
2002-06-27 00:45:49 +02:00
|
|
|
int connection_add(connection_t *conn);
|
|
|
|
int connection_remove(connection_t *conn);
|
|
|
|
void connection_set_poll_socket(connection_t *conn);
|
|
|
|
|
2002-07-08 10:59:15 +02:00
|
|
|
connection_t *connection_twin_get_by_addr_port(uint32_t addr, uint16_t port);
|
|
|
|
connection_t *connection_exact_get_by_addr_port(uint32_t addr, uint16_t port);
|
2002-06-27 00:45:49 +02:00
|
|
|
|
|
|
|
connection_t *connection_get_by_type(int type);
|
2003-06-17 16:31:05 +02:00
|
|
|
connection_t *connection_get_by_type_state(int type, int state);
|
2003-06-25 09:19:30 +02:00
|
|
|
connection_t *connection_get_by_type_state_lastwritten(int type, int state);
|
2002-06-27 00:45:49 +02:00
|
|
|
|
|
|
|
void connection_watch_events(connection_t *conn, short events);
|
Implemented link padding and receiver token buckets
Each socket reads at most 'bandwidth' bytes per second sustained, but
can handle bursts of up to 10*bandwidth bytes.
Cells are now sent out at evenly-spaced intervals, with padding sent
out otherwise. Set Linkpadding=0 in the rc file to send cells as soon
as they're available (and to never send padding cells).
Added license/copyrights statements at the top of most files.
router->min and router->max have been merged into a single 'bandwidth'
value. We should make the routerinfo_t reflect this (want to do that,
Mat?)
As the bandwidth increases, and we want to stop sleeping more and more
frequently to send a single cell, cpu usage goes up. At 128kB/s we're
pretty much calling poll with a timeout of 1ms or even 0ms. The current
code takes a timeout of 0-9ms and makes it 10ms. prepare_for_poll()
handles everything that should have happened in the past, so as long as
our buffers don't get too full in that 10ms, we're ok.
Speaking of too full, if you run three servers at 100kB/s with -l debug,
it spends too much time printing debugging messages to be able to keep
up with the cells. The outbuf ultimately fills up and it kills that
connection. If you run with -l err, it works fine up through 500kB/s and
probably beyond. Down the road we'll want to teach it to recognize when
an outbuf is getting full, and back off.
svn:r50
2002-07-16 03:12:15 +02:00
|
|
|
void connection_stop_reading(connection_t *conn);
|
|
|
|
void connection_start_reading(connection_t *conn);
|
2002-07-18 08:37:58 +02:00
|
|
|
void connection_stop_writing(connection_t *conn);
|
|
|
|
void connection_start_writing(connection_t *conn);
|
2002-06-27 00:45:49 +02:00
|
|
|
|
2003-05-08 05:36:53 +02:00
|
|
|
int dump_signed_directory_to_string(char *s, int maxlen,
|
|
|
|
crypto_pk_env_t *private_key);
|
|
|
|
/* Exported for debugging */
|
|
|
|
int dump_signed_directory_to_string_impl(char *s, int maxlen,
|
|
|
|
directory_t *dir,
|
|
|
|
crypto_pk_env_t *private_key);
|
2002-09-22 00:41:48 +02:00
|
|
|
|
2002-06-27 00:45:49 +02:00
|
|
|
int main(int argc, char *argv[]);
|
|
|
|
|
|
|
|
/********************************* onion.c ***************************/
|
|
|
|
|
|
|
|
int decide_aci_type(uint32_t local_addr, uint16_t local_port,
|
|
|
|
uint32_t remote_addr, uint16_t remote_port);
|
|
|
|
|
2002-11-27 05:08:20 +01:00
|
|
|
int onion_pending_add(circuit_t *circ);
|
2003-08-21 01:05:22 +02:00
|
|
|
circuit_t *onion_next_task(void);
|
2002-11-27 05:08:20 +01:00
|
|
|
void onion_pending_remove(circuit_t *circ);
|
2002-06-27 00:45:49 +02:00
|
|
|
|
2003-08-21 01:05:22 +02:00
|
|
|
int onionskin_process(circuit_t *circ, unsigned char *payload, unsigned char *keys);
|
|
|
|
|
Integrated onion proxy into or/
The 'or' process can now be told (by the global_role variable) what
roles this server should play -- connect to all ORs, listen for ORs,
listen for OPs, listen for APs, or any combination.
* everything in /src/op/ is now obsolete.
* connection_ap.c now handles all interactions with application proxies
* "port" is now or_port, op_port, ap_port. But routers are still always
referenced (say, in conn_get_by_addr_port()) by addr / or_port. We
should make routers.c actually read these new ports (currently I've
kludged it so op_port = or_port+10, ap_port=or_port+20)
* circuits currently know if they're at the beginning of the path because
circ->cpath is set. They use this instead for crypts (both ways),
if it's set.
* I still obey the "send a 0 back to the AP when you're ready" protocol,
but I think we should phase it out. I can simply not read from the AP
socket until I'm ready.
I need to do a lot of cleanup work here, but the code appears to work, so
now's a good time for a checkin.
svn:r22
2002-07-02 11:36:58 +02:00
|
|
|
/* uses a weighted coin with weight cw to choose a route length */
|
|
|
|
int chooselen(double cw);
|
|
|
|
|
|
|
|
/* returns an array of pointers to routent that define a new route through the OR network
|
|
|
|
* int cw is the coin weight to use when choosing the route
|
|
|
|
* order of routers is from last to first
|
|
|
|
*/
|
2002-08-24 06:59:21 +02:00
|
|
|
unsigned int *new_route(double cw, routerinfo_t **rarray, int rarray_len, int *routelen);
|
Integrated onion proxy into or/
The 'or' process can now be told (by the global_role variable) what
roles this server should play -- connect to all ORs, listen for ORs,
listen for OPs, listen for APs, or any combination.
* everything in /src/op/ is now obsolete.
* connection_ap.c now handles all interactions with application proxies
* "port" is now or_port, op_port, ap_port. But routers are still always
referenced (say, in conn_get_by_addr_port()) by addr / or_port. We
should make routers.c actually read these new ports (currently I've
kludged it so op_port = or_port+10, ap_port=or_port+20)
* circuits currently know if they're at the beginning of the path because
circ->cpath is set. They use this instead for crypts (both ways),
if it's set.
* I still obey the "send a 0 back to the AP when you're ready" protocol,
but I think we should phase it out. I can simply not read from the AP
socket until I'm ready.
I need to do a lot of cleanup work here, but the code appears to work, so
now's a good time for a checkin.
svn:r22
2002-07-02 11:36:58 +02:00
|
|
|
|
2003-05-06 01:24:46 +02:00
|
|
|
crypt_path_t *onion_generate_cpath(routerinfo_t **firsthop);
|
2003-04-16 18:19:27 +02:00
|
|
|
|
2003-05-05 06:27:00 +02:00
|
|
|
int onion_skin_create(crypto_pk_env_t *router_key,
|
|
|
|
crypto_dh_env_t **handshake_state_out,
|
2003-05-06 07:54:42 +02:00
|
|
|
char *onion_skin_out); /* Must be DH_ONIONSKIN_LEN bytes long */
|
2003-05-05 06:27:00 +02:00
|
|
|
|
2003-05-06 07:54:42 +02:00
|
|
|
int onion_skin_server_handshake(char *onion_skin, /* DH_ONIONSKIN_LEN bytes long */
|
2003-05-05 06:27:00 +02:00
|
|
|
crypto_pk_env_t *private_key,
|
2003-05-06 07:54:42 +02:00
|
|
|
char *handshake_reply_out, /* DH_KEY_LEN bytes long */
|
2003-05-05 06:27:00 +02:00
|
|
|
char *key_out,
|
|
|
|
int key_out_len);
|
|
|
|
|
|
|
|
int onion_skin_client_handshake(crypto_dh_env_t *handshake_state,
|
2003-05-06 07:54:42 +02:00
|
|
|
char *handshake_reply,/* Must be DH_KEY_LEN bytes long*/
|
2003-05-05 06:27:00 +02:00
|
|
|
char *key_out,
|
|
|
|
int key_out_len);
|
|
|
|
|
2002-06-27 00:45:49 +02:00
|
|
|
/********************************* routers.c ***************************/
|
|
|
|
|
2002-10-03 00:54:20 +02:00
|
|
|
int learn_my_address(struct sockaddr_in *me);
|
|
|
|
void router_retry_connections(void);
|
2002-09-26 14:09:10 +02:00
|
|
|
routerinfo_t *router_pick_directory_server(void);
|
|
|
|
routerinfo_t *router_get_by_addr_port(uint32_t addr, uint16_t port);
|
2003-05-06 19:38:16 +02:00
|
|
|
void router_get_directory(directory_t **pdirectory);
|
2002-10-03 00:54:20 +02:00
|
|
|
int router_is_me(uint32_t addr, uint16_t port);
|
2002-09-26 15:17:14 +02:00
|
|
|
void router_forget_router(uint32_t addr, uint16_t port);
|
2002-10-03 00:54:20 +02:00
|
|
|
int router_get_list_from_file(char *routerfile);
|
2003-05-07 20:30:46 +02:00
|
|
|
int router_resolve(routerinfo_t *router);
|
2003-05-08 14:32:30 +02:00
|
|
|
int router_resolve_directory(directory_t *dir);
|
|
|
|
|
2003-05-08 05:36:53 +02:00
|
|
|
/* Reads a list of known routers, unsigned. */
|
2002-10-03 00:54:20 +02:00
|
|
|
int router_get_list_from_string(char *s);
|
2003-05-08 05:36:53 +02:00
|
|
|
/* Exported for debugging */
|
2003-05-06 19:38:16 +02:00
|
|
|
int router_get_list_from_string_impl(char *s, directory_t **dest);
|
2003-05-08 05:36:53 +02:00
|
|
|
/* Reads a signed directory. */
|
2003-05-07 20:30:46 +02:00
|
|
|
int router_get_dir_from_string(char *s, crypto_pk_env_t *pkey);
|
2003-05-08 05:36:53 +02:00
|
|
|
/* Exported or debugging */
|
2003-05-07 20:30:46 +02:00
|
|
|
int router_get_dir_from_string_impl(char *s, directory_t **dest,
|
|
|
|
crypto_pk_env_t *pkey);
|
2003-05-06 19:38:16 +02:00
|
|
|
routerinfo_t *router_get_entry_from_string(char **s);
|
2003-04-08 08:44:38 +02:00
|
|
|
int router_compare_to_exit_policy(connection_t *conn);
|
2003-05-09 04:00:33 +02:00
|
|
|
void routerinfo_free(routerinfo_t *router);
|
2003-04-08 08:44:38 +02:00
|
|
|
|
2002-06-27 00:45:49 +02:00
|
|
|
#endif
|
2003-04-07 04:12:02 +02:00
|
|
|
|
|
|
|
/*
|
|
|
|
Local Variables:
|
|
|
|
mode:c
|
|
|
|
indent-tabs-mode:nil
|
|
|
|
c-basic-offset:2
|
|
|
|
End:
|
|
|
|
*/
|