2006-02-09 06:46:49 +01:00
|
|
|
/* Copyright (c) 2001 Matej Pfajfar.
|
|
|
|
* Copyright (c) 2001-2004, Roger Dingledine.
|
2007-12-12 22:09:01 +01:00
|
|
|
* Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson.
|
2016-02-27 18:48:19 +01:00
|
|
|
* Copyright (c) 2007-2016, The Tor Project, Inc. */
|
Implemented link padding and receiver token buckets
Each socket reads at most 'bandwidth' bytes per second sustained, but
can handle bursts of up to 10*bandwidth bytes.
Cells are now sent out at evenly-spaced intervals, with padding sent
out otherwise. Set Linkpadding=0 in the rc file to send cells as soon
as they're available (and to never send padding cells).
Added license/copyrights statements at the top of most files.
router->min and router->max have been merged into a single 'bandwidth'
value. We should make the routerinfo_t reflect this (want to do that,
Mat?)
As the bandwidth increases, and we want to stop sleeping more and more
frequently to send a single cell, cpu usage goes up. At 128kB/s we're
pretty much calling poll with a timeout of 1ms or even 0ms. The current
code takes a timeout of 0-9ms and makes it 10ms. prepare_for_poll()
handles everything that should have happened in the past, so as long as
our buffers don't get too full in that 10ms, we're ok.
Speaking of too full, if you run three servers at 100kB/s with -l debug,
it spends too much time printing debugging messages to be able to keep
up with the cells. The outbuf ultimately fills up and it kills that
connection. If you run with -l err, it works fine up through 500kB/s and
probably beyond. Down the road we'll want to teach it to recognize when
an outbuf is getting full, and back off.
svn:r50
2002-07-16 03:12:15 +02:00
|
|
|
/* See LICENSE for licensing information */
|
2002-06-27 00:45:49 +02:00
|
|
|
|
2004-05-09 18:47:25 +02:00
|
|
|
/**
|
|
|
|
* \file connection_or.c
|
|
|
|
* \brief Functions to handle OR connections, TLS handshaking, and
|
|
|
|
* cells on the network.
|
|
|
|
**/
|
2002-06-27 00:45:49 +02:00
|
|
|
#include "or.h"
|
2010-07-22 00:46:18 +02:00
|
|
|
#include "buffers.h"
|
2012-08-01 13:18:42 +02:00
|
|
|
/*
|
|
|
|
* Define this so we get channel internal functions, since we're implementing
|
|
|
|
* part of a subclass (channel_tls_t).
|
|
|
|
*/
|
2012-10-12 18:22:13 +02:00
|
|
|
#define TOR_CHANNEL_INTERNAL_
|
2012-08-01 13:18:42 +02:00
|
|
|
#include "channel.h"
|
|
|
|
#include "channeltls.h"
|
2010-07-22 01:21:00 +02:00
|
|
|
#include "circuitbuild.h"
|
2011-06-22 19:57:19 +02:00
|
|
|
#include "circuitlist.h"
|
2012-10-15 20:48:34 +02:00
|
|
|
#include "circuitstats.h"
|
2010-07-22 10:08:32 +02:00
|
|
|
#include "command.h"
|
2010-07-22 10:22:51 +02:00
|
|
|
#include "config.h"
|
2010-07-22 10:32:52 +02:00
|
|
|
#include "connection.h"
|
2010-07-22 10:50:34 +02:00
|
|
|
#include "connection_or.h"
|
2010-07-22 11:35:09 +02:00
|
|
|
#include "control.h"
|
2010-07-22 12:09:49 +02:00
|
|
|
#include "dirserv.h"
|
2012-10-15 20:48:34 +02:00
|
|
|
#include "entrynodes.h"
|
2010-07-21 14:38:52 +02:00
|
|
|
#include "geoip.h"
|
2010-07-23 19:58:06 +02:00
|
|
|
#include "main.h"
|
2014-10-17 23:06:31 +02:00
|
|
|
#include "link_handshake.h"
|
2016-06-28 06:15:11 +02:00
|
|
|
#include "microdesc.h"
|
2010-07-23 20:18:55 +02:00
|
|
|
#include "networkstatus.h"
|
Initial conversion to use node_t throughout our codebase.
A node_t is an abstraction over routerstatus_t, routerinfo_t, and
microdesc_t. It should try to present a consistent interface to all
of them. There should be a node_t for a server whenever there is
* A routerinfo_t for it in the routerlist
* A routerstatus_t in the current_consensus.
(note that a microdesc_t alone isn't enough to make a node_t exist,
since microdescriptors aren't usable on their own.)
There are three ways to get a node_t right now: looking it up by ID,
looking it up by nickname, and iterating over the whole list of
microdescriptors.
All (or nearly all) functions that are supposed to return "a router"
-- especially those used in building connections and circuits --
should return a node_t, not a routerinfo_t or a routerstatus_t.
A node_t should hold all the *mutable* flags about a node. This
patch moves the is_foo flags from routerinfo_t into node_t. The
flags in routerstatus_t remain, but they get set from the consensus
and should not change.
Some other highlights of this patch are:
* Looking up routerinfo and routerstatus by nickname is now
unified and based on the "look up a node by nickname" function.
This tries to look only at the values from current consensus,
and not get confused by the routerinfo_t->is_named flag, which
could get set for other weird reasons. This changes the
behavior of how authorities (when acting as clients) deal with
nodes that have been listed by nickname.
* I tried not to artificially increase the size of the diff here
by moving functions around. As a result, some functions that
now operate on nodes are now in the wrong file -- they should
get moved to nodelist.c once this refactoring settles down.
This moving should happen as part of a patch that moves
functions AND NOTHING ELSE.
* Some old code is now left around inside #if 0/1 blocks, and
should get removed once I've verified that I don't want it
sitting around to see how we used to do things.
There are still some unimplemented functions: these are flagged
with "UNIMPLEMENTED_NODELIST()." I'll work on filling in the
implementation here, piece by piece.
I wish this patch could have been smaller, but there did not seem to
be any piece of it that was independent from the rest. Moving flags
forces many functions that once returned routerinfo_t * to return
node_t *, which forces their friends to change, and so on.
2010-09-29 21:00:41 +02:00
|
|
|
#include "nodelist.h"
|
2010-07-23 21:08:30 +02:00
|
|
|
#include "reasons.h"
|
2010-07-23 21:53:11 +02:00
|
|
|
#include "relay.h"
|
2010-07-23 22:57:20 +02:00
|
|
|
#include "rephist.h"
|
2010-07-21 16:17:10 +02:00
|
|
|
#include "router.h"
|
2010-07-21 17:08:11 +02:00
|
|
|
#include "routerlist.h"
|
2012-12-05 18:18:18 +01:00
|
|
|
#include "ext_orport.h"
|
2013-08-25 17:45:07 +02:00
|
|
|
#include "scheduler.h"
|
|
|
|
|
2006-07-26 21:07:26 +02:00
|
|
|
static int connection_tls_finish_handshake(or_connection_t *conn);
|
2011-09-27 19:15:36 +02:00
|
|
|
static int connection_or_launch_v3_or_handshake(or_connection_t *conn);
|
2006-07-26 21:07:26 +02:00
|
|
|
static int connection_or_process_cells_from_inbuf(or_connection_t *conn);
|
2007-12-01 09:47:13 +01:00
|
|
|
static int connection_or_check_valid_tls_handshake(or_connection_t *conn,
|
|
|
|
int started_here,
|
|
|
|
char *digest_rcvd_out);
|
2003-09-30 20:45:55 +02:00
|
|
|
|
2010-10-11 19:45:27 +02:00
|
|
|
static void connection_or_tls_renegotiated_cb(tor_tls_t *tls, void *_conn);
|
|
|
|
|
2012-08-01 13:18:42 +02:00
|
|
|
static unsigned int
|
|
|
|
connection_or_is_bad_for_new_circs(or_connection_t *or_conn);
|
|
|
|
static void connection_or_mark_bad_for_new_circs(or_connection_t *or_conn);
|
|
|
|
|
|
|
|
/*
|
|
|
|
* Call this when changing connection state, so notifications to the owning
|
|
|
|
* channel can be handled.
|
|
|
|
*/
|
|
|
|
|
|
|
|
static void connection_or_change_state(or_connection_t *conn, uint8_t state);
|
|
|
|
|
2003-09-16 07:41:49 +02:00
|
|
|
/**************************************************************/
|
|
|
|
|
2005-11-30 04:01:16 +01:00
|
|
|
/** Map from identity digest of connected OR or desired OR to a connection_t
|
|
|
|
* with that identity digest. If there is more than one such connection_t,
|
2006-06-13 07:50:24 +02:00
|
|
|
* they form a linked list, with next_with_same_id as the next pointer. */
|
2005-11-30 04:01:16 +01:00
|
|
|
static digestmap_t *orconn_identity_map = NULL;
|
|
|
|
|
2012-03-24 06:05:48 +01:00
|
|
|
/** Global map between Extended ORPort identifiers and OR
|
|
|
|
* connections. */
|
2012-03-16 14:40:44 +01:00
|
|
|
static digestmap_t *orconn_ext_or_id_map = NULL;
|
|
|
|
|
2005-11-30 04:01:16 +01:00
|
|
|
/** If conn is listed in orconn_identity_map, remove it, and clear
|
2007-02-12 22:39:33 +01:00
|
|
|
* conn->identity_digest. Otherwise do nothing. */
|
2005-11-30 04:01:16 +01:00
|
|
|
void
|
2006-07-26 21:07:26 +02:00
|
|
|
connection_or_remove_from_identity_map(or_connection_t *conn)
|
2005-11-30 04:01:16 +01:00
|
|
|
{
|
2006-07-26 21:07:26 +02:00
|
|
|
or_connection_t *tmp;
|
2005-11-30 04:01:16 +01:00
|
|
|
tor_assert(conn);
|
|
|
|
if (!orconn_identity_map)
|
|
|
|
return;
|
|
|
|
tmp = digestmap_get(orconn_identity_map, conn->identity_digest);
|
2007-02-12 22:39:33 +01:00
|
|
|
if (!tmp) {
|
|
|
|
if (!tor_digest_is_zero(conn->identity_digest)) {
|
2007-11-07 19:26:46 +01:00
|
|
|
log_warn(LD_BUG, "Didn't find connection '%s' on identity map when "
|
|
|
|
"trying to remove it.",
|
|
|
|
conn->nickname ? conn->nickname : "NULL");
|
2007-02-12 22:39:33 +01:00
|
|
|
}
|
2005-11-30 04:01:16 +01:00
|
|
|
return;
|
2007-02-12 22:39:33 +01:00
|
|
|
}
|
2005-11-30 04:01:16 +01:00
|
|
|
if (conn == tmp) {
|
|
|
|
if (conn->next_with_same_id)
|
|
|
|
digestmap_set(orconn_identity_map, conn->identity_digest,
|
|
|
|
conn->next_with_same_id);
|
|
|
|
else
|
|
|
|
digestmap_remove(orconn_identity_map, conn->identity_digest);
|
|
|
|
} else {
|
|
|
|
while (tmp->next_with_same_id) {
|
|
|
|
if (tmp->next_with_same_id == conn) {
|
|
|
|
tmp->next_with_same_id = conn->next_with_same_id;
|
|
|
|
break;
|
|
|
|
}
|
|
|
|
tmp = tmp->next_with_same_id;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
memset(conn->identity_digest, 0, DIGEST_LEN);
|
|
|
|
conn->next_with_same_id = NULL;
|
|
|
|
}
|
|
|
|
|
2005-12-05 20:15:27 +01:00
|
|
|
/** Remove all entries from the identity-to-orconn map, and clear
|
|
|
|
* all identities in OR conns.*/
|
|
|
|
void
|
|
|
|
connection_or_clear_identity_map(void)
|
|
|
|
{
|
2007-05-22 17:49:14 +02:00
|
|
|
smartlist_t *conns = get_connection_array();
|
|
|
|
SMARTLIST_FOREACH(conns, connection_t *, conn,
|
|
|
|
{
|
2005-12-05 20:15:27 +01:00
|
|
|
if (conn->type == CONN_TYPE_OR) {
|
2006-07-26 21:07:26 +02:00
|
|
|
or_connection_t *or_conn = TO_OR_CONN(conn);
|
|
|
|
memset(or_conn->identity_digest, 0, DIGEST_LEN);
|
|
|
|
or_conn->next_with_same_id = NULL;
|
2005-12-05 20:15:27 +01:00
|
|
|
}
|
2007-05-22 17:49:14 +02:00
|
|
|
});
|
2005-12-05 20:15:27 +01:00
|
|
|
|
2009-12-12 08:07:59 +01:00
|
|
|
digestmap_free(orconn_identity_map, NULL);
|
|
|
|
orconn_identity_map = NULL;
|
2005-12-05 20:15:27 +01:00
|
|
|
}
|
|
|
|
|
2005-11-30 04:01:16 +01:00
|
|
|
/** Change conn->identity_digest to digest, and add conn into
|
2007-02-24 02:12:53 +01:00
|
|
|
* orconn_digest_map. */
|
2005-11-30 04:01:16 +01:00
|
|
|
static void
|
2006-07-26 21:07:26 +02:00
|
|
|
connection_or_set_identity_digest(or_connection_t *conn, const char *digest)
|
2005-11-30 04:01:16 +01:00
|
|
|
{
|
2006-07-26 21:07:26 +02:00
|
|
|
or_connection_t *tmp;
|
2005-11-30 04:01:16 +01:00
|
|
|
tor_assert(conn);
|
|
|
|
tor_assert(digest);
|
|
|
|
|
|
|
|
if (!orconn_identity_map)
|
|
|
|
orconn_identity_map = digestmap_new();
|
2011-05-10 22:23:43 +02:00
|
|
|
if (tor_memeq(conn->identity_digest, digest, DIGEST_LEN))
|
2005-11-30 04:01:16 +01:00
|
|
|
return;
|
2007-02-12 22:39:33 +01:00
|
|
|
|
|
|
|
/* If the identity was set previously, remove the old mapping. */
|
2012-08-01 13:18:42 +02:00
|
|
|
if (! tor_digest_is_zero(conn->identity_digest)) {
|
2005-11-30 04:01:16 +01:00
|
|
|
connection_or_remove_from_identity_map(conn);
|
2012-08-01 13:18:42 +02:00
|
|
|
if (conn->chan)
|
|
|
|
channel_clear_identity_digest(TLS_CHAN_TO_BASE(conn->chan));
|
|
|
|
}
|
2005-11-30 04:01:16 +01:00
|
|
|
|
|
|
|
memcpy(conn->identity_digest, digest, DIGEST_LEN);
|
2007-02-12 22:39:33 +01:00
|
|
|
|
2007-02-24 02:12:53 +01:00
|
|
|
/* If we're setting the ID to zero, don't add a mapping. */
|
2007-02-12 22:39:33 +01:00
|
|
|
if (tor_digest_is_zero(digest))
|
|
|
|
return;
|
|
|
|
|
2005-11-30 04:01:16 +01:00
|
|
|
tmp = digestmap_set(orconn_identity_map, digest, conn);
|
|
|
|
conn->next_with_same_id = tmp;
|
|
|
|
|
2012-08-01 13:18:42 +02:00
|
|
|
/* Deal with channels */
|
|
|
|
if (conn->chan)
|
|
|
|
channel_set_identity_digest(TLS_CHAN_TO_BASE(conn->chan), digest);
|
|
|
|
|
2007-02-12 22:39:33 +01:00
|
|
|
#if 1
|
2006-12-29 03:47:51 +01:00
|
|
|
/* Testing code to check for bugs in representation. */
|
2005-11-30 04:01:16 +01:00
|
|
|
for (; tmp; tmp = tmp->next_with_same_id) {
|
2011-05-10 22:23:43 +02:00
|
|
|
tor_assert(tor_memeq(tmp->identity_digest, digest, DIGEST_LEN));
|
2005-11-30 04:01:16 +01:00
|
|
|
tor_assert(tmp != conn);
|
|
|
|
}
|
2006-12-29 03:47:51 +01:00
|
|
|
#endif
|
2005-11-30 04:01:16 +01:00
|
|
|
}
|
|
|
|
|
2012-03-24 06:05:48 +01:00
|
|
|
/** Remove the Extended ORPort identifier of <b>conn</b> from the
|
2012-12-05 18:15:28 +01:00
|
|
|
* global identifier list. Also, clear the identifier from the
|
|
|
|
* connection itself. */
|
2012-03-16 14:40:44 +01:00
|
|
|
void
|
|
|
|
connection_or_remove_from_ext_or_id_map(or_connection_t *conn)
|
|
|
|
{
|
|
|
|
or_connection_t *tmp;
|
2012-12-05 17:19:44 +01:00
|
|
|
if (!orconn_ext_or_id_map)
|
|
|
|
return;
|
|
|
|
if (!conn->ext_or_conn_id)
|
|
|
|
return;
|
2012-03-16 14:40:44 +01:00
|
|
|
|
|
|
|
tmp = digestmap_remove(orconn_ext_or_id_map, conn->ext_or_conn_id);
|
|
|
|
if (!tor_digest_is_zero(conn->ext_or_conn_id))
|
|
|
|
tor_assert(tmp == conn);
|
|
|
|
|
|
|
|
memset(conn->ext_or_conn_id, 0, EXT_OR_CONN_ID_LEN);
|
|
|
|
}
|
|
|
|
|
2013-07-18 21:51:29 +02:00
|
|
|
/** Return the connection whose ext_or_id is <b>id</b>. Return NULL if no such
|
|
|
|
* connection is found. */
|
|
|
|
or_connection_t *
|
|
|
|
connection_or_get_by_ext_or_id(const char *id)
|
|
|
|
{
|
|
|
|
if (!orconn_ext_or_id_map)
|
|
|
|
return NULL;
|
|
|
|
return digestmap_get(orconn_ext_or_id_map, id);
|
|
|
|
}
|
|
|
|
|
2012-03-24 06:05:48 +01:00
|
|
|
/** Deallocate the global Extended ORPort identifier list */
|
2012-03-16 14:40:44 +01:00
|
|
|
void
|
|
|
|
connection_or_clear_ext_or_id_map(void)
|
|
|
|
{
|
|
|
|
digestmap_free(orconn_ext_or_id_map, NULL);
|
2012-12-05 17:19:44 +01:00
|
|
|
orconn_ext_or_id_map = NULL;
|
2012-03-16 14:40:44 +01:00
|
|
|
}
|
|
|
|
|
2014-03-25 16:16:18 +01:00
|
|
|
/** Creates an Extended ORPort identifier for <b>conn</b> and deposits
|
2012-03-24 06:05:48 +01:00
|
|
|
* it into the global list of identifiers. */
|
2012-03-16 14:40:44 +01:00
|
|
|
void
|
|
|
|
connection_or_set_ext_or_identifier(or_connection_t *conn)
|
|
|
|
{
|
|
|
|
char random_id[EXT_OR_CONN_ID_LEN];
|
|
|
|
or_connection_t *tmp;
|
|
|
|
|
|
|
|
if (!orconn_ext_or_id_map)
|
|
|
|
orconn_ext_or_id_map = digestmap_new();
|
|
|
|
|
2012-03-24 06:05:48 +01:00
|
|
|
/* Remove any previous identifiers: */
|
2012-12-05 17:19:44 +01:00
|
|
|
if (conn->ext_or_conn_id && !tor_digest_is_zero(conn->ext_or_conn_id))
|
2012-03-16 14:40:44 +01:00
|
|
|
connection_or_remove_from_ext_or_id_map(conn);
|
|
|
|
|
|
|
|
do {
|
|
|
|
crypto_rand(random_id, sizeof(random_id));
|
|
|
|
} while (digestmap_get(orconn_ext_or_id_map, random_id));
|
|
|
|
|
2012-12-05 17:19:44 +01:00
|
|
|
if (!conn->ext_or_conn_id)
|
|
|
|
conn->ext_or_conn_id = tor_malloc_zero(EXT_OR_CONN_ID_LEN);
|
|
|
|
|
2012-03-16 14:40:44 +01:00
|
|
|
memcpy(conn->ext_or_conn_id, random_id, EXT_OR_CONN_ID_LEN);
|
|
|
|
|
|
|
|
tmp = digestmap_set(orconn_ext_or_id_map, random_id, conn);
|
|
|
|
tor_assert(!tmp);
|
|
|
|
}
|
|
|
|
|
2011-06-22 21:29:30 +02:00
|
|
|
/**************************************************************/
|
|
|
|
|
2011-06-28 21:06:56 +02:00
|
|
|
/** Map from a string describing what a non-open OR connection was doing when
|
|
|
|
* failed, to an intptr_t describing the count of connections that failed that
|
|
|
|
* way. Note that the count is stored _as_ the pointer.
|
|
|
|
*/
|
2011-06-22 21:29:30 +02:00
|
|
|
static strmap_t *broken_connection_counts;
|
|
|
|
|
2011-07-11 22:10:24 +02:00
|
|
|
/** If true, do not record information in <b>broken_connection_counts</b>. */
|
|
|
|
static int disable_broken_connection_counts = 0;
|
|
|
|
|
2011-06-28 21:06:56 +02:00
|
|
|
/** Record that an OR connection failed in <b>state</b>. */
|
2011-06-22 21:29:30 +02:00
|
|
|
static void
|
|
|
|
note_broken_connection(const char *state)
|
|
|
|
{
|
|
|
|
void *ptr;
|
|
|
|
intptr_t val;
|
2011-07-11 22:10:24 +02:00
|
|
|
if (disable_broken_connection_counts)
|
|
|
|
return;
|
|
|
|
|
2011-06-22 21:29:30 +02:00
|
|
|
if (!broken_connection_counts)
|
|
|
|
broken_connection_counts = strmap_new();
|
|
|
|
|
|
|
|
ptr = strmap_get(broken_connection_counts, state);
|
|
|
|
val = (intptr_t)ptr;
|
|
|
|
val++;
|
|
|
|
ptr = (void*)val;
|
|
|
|
strmap_set(broken_connection_counts, state, ptr);
|
|
|
|
}
|
|
|
|
|
2011-07-11 22:10:24 +02:00
|
|
|
/** Forget all recorded states for failed connections. If
|
|
|
|
* <b>stop_recording</b> is true, don't record any more. */
|
2011-06-22 21:29:30 +02:00
|
|
|
void
|
2011-07-11 22:10:24 +02:00
|
|
|
clear_broken_connection_map(int stop_recording)
|
2011-06-22 21:29:30 +02:00
|
|
|
{
|
|
|
|
if (broken_connection_counts)
|
|
|
|
strmap_free(broken_connection_counts, NULL);
|
|
|
|
broken_connection_counts = NULL;
|
2011-07-11 22:10:24 +02:00
|
|
|
if (stop_recording)
|
|
|
|
disable_broken_connection_counts = 1;
|
2011-06-22 21:29:30 +02:00
|
|
|
}
|
|
|
|
|
2011-06-28 21:06:56 +02:00
|
|
|
/** Write a detailed description the state of <b>orconn</b> into the
|
|
|
|
* <b>buflen</b>-byte buffer at <b>buf</b>. This description includes not
|
|
|
|
* only the OR-conn level state but also the TLS state. It's useful for
|
|
|
|
* diagnosing broken handshakes. */
|
2011-06-22 21:29:30 +02:00
|
|
|
static void
|
|
|
|
connection_or_get_state_description(or_connection_t *orconn,
|
|
|
|
char *buf, size_t buflen)
|
|
|
|
{
|
|
|
|
connection_t *conn = TO_CONN(orconn);
|
|
|
|
const char *conn_state;
|
|
|
|
char tls_state[256];
|
|
|
|
|
2012-03-16 14:40:44 +01:00
|
|
|
tor_assert(conn->type == CONN_TYPE_OR || conn->type == CONN_TYPE_EXT_OR);
|
2011-06-22 21:29:30 +02:00
|
|
|
|
|
|
|
conn_state = conn_state_to_string(conn->type, conn->state);
|
|
|
|
tor_tls_get_state_description(orconn->tls, tls_state, sizeof(tls_state));
|
|
|
|
|
|
|
|
tor_snprintf(buf, buflen, "%s with SSL state %s", conn_state, tls_state);
|
|
|
|
}
|
|
|
|
|
2011-06-28 21:06:56 +02:00
|
|
|
/** Record the current state of <b>orconn</b> as the state of a broken
|
|
|
|
* connection. */
|
2011-06-22 21:29:30 +02:00
|
|
|
static void
|
|
|
|
connection_or_note_state_when_broken(or_connection_t *orconn)
|
|
|
|
{
|
|
|
|
char buf[256];
|
2011-07-11 22:10:24 +02:00
|
|
|
if (disable_broken_connection_counts)
|
|
|
|
return;
|
2011-06-22 21:29:30 +02:00
|
|
|
connection_or_get_state_description(orconn, buf, sizeof(buf));
|
|
|
|
log_info(LD_HANDSHAKE,"Connection died in state '%s'", buf);
|
|
|
|
note_broken_connection(buf);
|
|
|
|
}
|
|
|
|
|
2011-06-28 21:06:56 +02:00
|
|
|
/** Helper type used to sort connection states and find the most frequent. */
|
2011-06-22 21:29:30 +02:00
|
|
|
typedef struct broken_state_count_t {
|
|
|
|
intptr_t count;
|
|
|
|
const char *state;
|
|
|
|
} broken_state_count_t;
|
|
|
|
|
2011-06-28 21:06:56 +02:00
|
|
|
/** Helper function used to sort broken_state_count_t by frequency. */
|
2011-06-22 21:29:30 +02:00
|
|
|
static int
|
|
|
|
broken_state_count_compare(const void **a_ptr, const void **b_ptr)
|
|
|
|
{
|
|
|
|
const broken_state_count_t *a = *a_ptr, *b = *b_ptr;
|
2011-07-12 17:23:55 +02:00
|
|
|
if (b->count < a->count)
|
|
|
|
return -1;
|
|
|
|
else if (b->count == a->count)
|
|
|
|
return 0;
|
|
|
|
else
|
|
|
|
return 1;
|
2011-06-22 21:29:30 +02:00
|
|
|
}
|
|
|
|
|
2011-06-28 21:06:56 +02:00
|
|
|
/** Upper limit on the number of different states to report for connection
|
|
|
|
* failure. */
|
2011-06-28 20:23:28 +02:00
|
|
|
#define MAX_REASONS_TO_REPORT 10
|
|
|
|
|
2011-06-28 21:06:56 +02:00
|
|
|
/** Report a list of the top states for failed OR connections at log level
|
|
|
|
* <b>severity</b>, in log domain <b>domain</b>. */
|
2011-06-22 21:29:30 +02:00
|
|
|
void
|
|
|
|
connection_or_report_broken_states(int severity, int domain)
|
|
|
|
{
|
|
|
|
int total = 0;
|
|
|
|
smartlist_t *items;
|
|
|
|
|
2011-07-11 22:10:24 +02:00
|
|
|
if (!broken_connection_counts || disable_broken_connection_counts)
|
2011-06-22 21:29:30 +02:00
|
|
|
return;
|
2011-06-28 21:06:56 +02:00
|
|
|
|
2012-01-18 21:53:30 +01:00
|
|
|
items = smartlist_new();
|
2011-06-22 21:29:30 +02:00
|
|
|
STRMAP_FOREACH(broken_connection_counts, state, void *, countptr) {
|
|
|
|
broken_state_count_t *c = tor_malloc(sizeof(broken_state_count_t));
|
2011-07-15 23:12:43 +02:00
|
|
|
c->count = (intptr_t)countptr;
|
|
|
|
total += (int)c->count;
|
2011-06-22 21:29:30 +02:00
|
|
|
c->state = state;
|
|
|
|
smartlist_add(items, c);
|
|
|
|
} STRMAP_FOREACH_END;
|
|
|
|
|
|
|
|
smartlist_sort(items, broken_state_count_compare);
|
|
|
|
|
2013-02-01 21:43:37 +01:00
|
|
|
tor_log(severity, domain, "%d connections have failed%s", total,
|
2011-06-28 20:23:28 +02:00
|
|
|
smartlist_len(items) > MAX_REASONS_TO_REPORT ? ". Top reasons:" : ":");
|
2011-06-22 21:29:30 +02:00
|
|
|
|
|
|
|
SMARTLIST_FOREACH_BEGIN(items, const broken_state_count_t *, c) {
|
2011-06-28 20:23:28 +02:00
|
|
|
if (c_sl_idx > MAX_REASONS_TO_REPORT)
|
|
|
|
break;
|
2013-02-01 21:43:37 +01:00
|
|
|
tor_log(severity, domain,
|
2011-06-22 21:29:30 +02:00
|
|
|
" %d connections died in state %s", (int)c->count, c->state);
|
|
|
|
} SMARTLIST_FOREACH_END(c);
|
|
|
|
|
|
|
|
SMARTLIST_FOREACH(items, broken_state_count_t *, c, tor_free(c));
|
|
|
|
smartlist_free(items);
|
|
|
|
}
|
|
|
|
|
2012-08-01 13:18:42 +02:00
|
|
|
/** Call this to change or_connection_t states, so the owning channel_tls_t can
|
|
|
|
* be notified.
|
|
|
|
*/
|
|
|
|
|
|
|
|
static void
|
|
|
|
connection_or_change_state(or_connection_t *conn, uint8_t state)
|
|
|
|
{
|
|
|
|
uint8_t old_state;
|
|
|
|
|
|
|
|
tor_assert(conn);
|
|
|
|
|
2012-10-12 18:22:13 +02:00
|
|
|
old_state = conn->base_.state;
|
|
|
|
conn->base_.state = state;
|
2012-08-01 13:18:42 +02:00
|
|
|
|
|
|
|
if (conn->chan)
|
|
|
|
channel_tls_handle_state_change_on_orconn(conn->chan, conn,
|
|
|
|
old_state, state);
|
|
|
|
}
|
|
|
|
|
|
|
|
/** Return the number of circuits using an or_connection_t; this used to
|
|
|
|
* be an or_connection_t field, but it got moved to channel_t and we
|
|
|
|
* shouldn't maintain two copies. */
|
|
|
|
|
2016-07-02 10:02:47 +02:00
|
|
|
MOCK_IMPL(int,
|
|
|
|
connection_or_get_num_circuits, (or_connection_t *conn))
|
2012-08-01 13:18:42 +02:00
|
|
|
{
|
|
|
|
tor_assert(conn);
|
|
|
|
|
|
|
|
if (conn->chan) {
|
2012-09-21 23:46:22 +02:00
|
|
|
return channel_num_circuits(TLS_CHAN_TO_BASE(conn->chan));
|
2012-08-01 13:18:42 +02:00
|
|
|
} else return 0;
|
|
|
|
}
|
|
|
|
|
2011-06-22 21:29:30 +02:00
|
|
|
/**************************************************************/
|
|
|
|
|
2004-05-09 18:47:25 +02:00
|
|
|
/** Pack the cell_t host-order structure <b>src</b> into network-order
|
|
|
|
* in the buffer <b>dest</b>. See tor-spec.txt for details about the
|
2004-05-07 10:53:40 +02:00
|
|
|
* wire format.
|
2007-05-25 21:41:31 +02:00
|
|
|
*
|
|
|
|
* Note that this function doesn't touch <b>dst</b>-\>next: the caller
|
|
|
|
* should set it or clear it as appropriate.
|
2004-05-07 10:53:40 +02:00
|
|
|
*/
|
2007-04-10 01:15:46 +02:00
|
|
|
void
|
2012-11-07 01:56:47 +01:00
|
|
|
cell_pack(packed_cell_t *dst, const cell_t *src, int wide_circ_ids)
|
2005-06-11 20:52:12 +02:00
|
|
|
{
|
2007-04-10 01:15:46 +02:00
|
|
|
char *dest = dst->body;
|
2012-11-07 01:56:47 +01:00
|
|
|
if (wide_circ_ids) {
|
|
|
|
set_uint32(dest, htonl(src->circ_id));
|
|
|
|
dest += 4;
|
|
|
|
} else {
|
|
|
|
set_uint16(dest, htons(src->circ_id));
|
|
|
|
dest += 2;
|
2012-11-07 03:24:05 +01:00
|
|
|
memset(dest+CELL_MAX_NETWORK_SIZE-2, 0, 2); /*make sure it's clear */
|
2012-11-07 01:56:47 +01:00
|
|
|
}
|
|
|
|
set_uint8(dest, src->command);
|
|
|
|
memcpy(dest+1, src->payload, CELL_PAYLOAD_SIZE);
|
2003-09-16 07:41:49 +02:00
|
|
|
}
|
|
|
|
|
2004-05-09 18:47:25 +02:00
|
|
|
/** Unpack the network-order buffer <b>src</b> into a host-order
|
|
|
|
* cell_t structure <b>dest</b>.
|
2004-05-07 10:53:40 +02:00
|
|
|
*/
|
2005-06-11 20:52:12 +02:00
|
|
|
static void
|
2012-11-07 01:56:47 +01:00
|
|
|
cell_unpack(cell_t *dest, const char *src, int wide_circ_ids)
|
2005-06-11 20:52:12 +02:00
|
|
|
{
|
2012-11-07 01:56:47 +01:00
|
|
|
if (wide_circ_ids) {
|
|
|
|
dest->circ_id = ntohl(get_uint32(src));
|
|
|
|
src += 4;
|
|
|
|
} else {
|
|
|
|
dest->circ_id = ntohs(get_uint16(src));
|
|
|
|
src += 2;
|
|
|
|
}
|
|
|
|
dest->command = get_uint8(src);
|
|
|
|
memcpy(dest->payload, src+1, CELL_PAYLOAD_SIZE);
|
2003-09-16 07:41:49 +02:00
|
|
|
}
|
|
|
|
|
2012-11-07 01:56:47 +01:00
|
|
|
/** Write the header of <b>cell</b> into the first VAR_CELL_MAX_HEADER_SIZE
|
|
|
|
* bytes of <b>hdr_out</b>. Returns number of bytes used. */
|
|
|
|
int
|
|
|
|
var_cell_pack_header(const var_cell_t *cell, char *hdr_out, int wide_circ_ids)
|
2007-11-05 22:46:35 +01:00
|
|
|
{
|
2012-11-07 01:56:47 +01:00
|
|
|
int r;
|
|
|
|
if (wide_circ_ids) {
|
|
|
|
set_uint32(hdr_out, htonl(cell->circ_id));
|
|
|
|
hdr_out += 4;
|
|
|
|
r = VAR_CELL_MAX_HEADER_SIZE;
|
|
|
|
} else {
|
|
|
|
set_uint16(hdr_out, htons(cell->circ_id));
|
|
|
|
hdr_out += 2;
|
|
|
|
r = VAR_CELL_MAX_HEADER_SIZE - 2;
|
|
|
|
}
|
|
|
|
set_uint8(hdr_out, cell->command);
|
|
|
|
set_uint16(hdr_out+1, htons(cell->payload_len));
|
|
|
|
return r;
|
2007-11-05 22:46:35 +01:00
|
|
|
}
|
|
|
|
|
2008-02-08 22:13:15 +01:00
|
|
|
/** Allocate and return a new var_cell_t with <b>payload_len</b> bytes of
|
|
|
|
* payload space. */
|
2007-11-06 00:34:39 +01:00
|
|
|
var_cell_t *
|
|
|
|
var_cell_new(uint16_t payload_len)
|
|
|
|
{
|
2011-01-06 21:59:05 +01:00
|
|
|
size_t size = STRUCT_OFFSET(var_cell_t, payload) + payload_len;
|
2012-09-06 00:22:32 +02:00
|
|
|
var_cell_t *cell = tor_malloc_zero(size);
|
2007-11-06 00:34:39 +01:00
|
|
|
cell->payload_len = payload_len;
|
|
|
|
cell->command = 0;
|
|
|
|
cell->circ_id = 0;
|
|
|
|
return cell;
|
|
|
|
}
|
|
|
|
|
2016-03-15 08:40:19 +01:00
|
|
|
/**
|
|
|
|
* Copy a var_cell_t
|
|
|
|
*/
|
|
|
|
|
|
|
|
var_cell_t *
|
|
|
|
var_cell_copy(const var_cell_t *src)
|
|
|
|
{
|
|
|
|
var_cell_t *copy = NULL;
|
|
|
|
size_t size = 0;
|
|
|
|
|
|
|
|
if (src != NULL) {
|
|
|
|
size = STRUCT_OFFSET(var_cell_t, payload) + src->payload_len;
|
|
|
|
copy = tor_malloc_zero(size);
|
|
|
|
copy->payload_len = src->payload_len;
|
|
|
|
copy->command = src->command;
|
|
|
|
copy->circ_id = src->circ_id;
|
|
|
|
memcpy(copy->payload, src->payload, copy->payload_len);
|
|
|
|
}
|
|
|
|
|
|
|
|
return copy;
|
|
|
|
}
|
|
|
|
|
2008-02-09 04:11:10 +01:00
|
|
|
/** Release all space held by <b>cell</b>. */
|
2007-11-05 22:46:35 +01:00
|
|
|
void
|
|
|
|
var_cell_free(var_cell_t *cell)
|
|
|
|
{
|
|
|
|
tor_free(cell);
|
|
|
|
}
|
|
|
|
|
2008-02-09 04:11:10 +01:00
|
|
|
/** We've received an EOF from <b>conn</b>. Mark it for close and return. */
|
2005-06-11 20:52:12 +02:00
|
|
|
int
|
2006-07-26 21:07:26 +02:00
|
|
|
connection_or_reached_eof(or_connection_t *conn)
|
2005-06-11 20:52:12 +02:00
|
|
|
{
|
2012-08-01 13:18:42 +02:00
|
|
|
tor_assert(conn);
|
|
|
|
|
2006-02-13 10:02:35 +01:00
|
|
|
log_info(LD_OR,"OR connection reached EOF. Closing.");
|
2012-08-01 13:18:42 +02:00
|
|
|
connection_or_close_normally(conn, 1);
|
|
|
|
|
2004-11-21 11:14:57 +01:00
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
|
2004-05-09 18:47:25 +02:00
|
|
|
/** Handle any new bytes that have come in on connection <b>conn</b>.
|
2004-05-07 10:53:40 +02:00
|
|
|
* If conn is in 'open' state, hand it to
|
|
|
|
* connection_or_process_cells_from_inbuf()
|
|
|
|
* (else do nothing).
|
|
|
|
*/
|
2005-06-11 20:52:12 +02:00
|
|
|
int
|
2006-07-26 21:07:26 +02:00
|
|
|
connection_or_process_inbuf(or_connection_t *conn)
|
2005-06-11 20:52:12 +02:00
|
|
|
{
|
2012-05-31 17:19:35 +02:00
|
|
|
/** Don't let the inbuf of a nonopen OR connection grow beyond this many
|
|
|
|
* bytes: it's either a broken client, a non-Tor client, or a DOS
|
|
|
|
* attempt. */
|
|
|
|
#define MAX_OR_INBUF_WHEN_NONOPEN 0
|
|
|
|
|
|
|
|
int ret = 0;
|
2004-10-17 00:14:52 +02:00
|
|
|
tor_assert(conn);
|
2002-06-27 00:45:49 +02:00
|
|
|
|
2012-10-12 18:22:13 +02:00
|
|
|
switch (conn->base_.state) {
|
2009-06-19 01:59:18 +02:00
|
|
|
case OR_CONN_STATE_PROXY_HANDSHAKING:
|
|
|
|
ret = connection_read_proxy_handshake(TO_CONN(conn));
|
|
|
|
|
|
|
|
/* start TLS after handshake completion, or deal with error */
|
|
|
|
if (ret == 1) {
|
|
|
|
tor_assert(TO_CONN(conn)->proxy_state == PROXY_CONNECTED);
|
|
|
|
if (connection_tls_start_handshake(conn, 0) < 0)
|
|
|
|
ret = -1;
|
2012-08-01 13:18:42 +02:00
|
|
|
/* Touch the channel's active timestamp if there is one */
|
|
|
|
if (conn->chan)
|
|
|
|
channel_timestamp_active(TLS_CHAN_TO_BASE(conn->chan));
|
2009-06-19 01:59:18 +02:00
|
|
|
}
|
|
|
|
if (ret < 0) {
|
2012-08-01 13:18:42 +02:00
|
|
|
connection_or_close_for_error(conn, 0);
|
2009-06-19 01:59:18 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
return ret;
|
2010-10-11 19:45:27 +02:00
|
|
|
case OR_CONN_STATE_TLS_SERVER_RENEGOTIATING:
|
2005-02-24 11:56:55 +01:00
|
|
|
case OR_CONN_STATE_OPEN:
|
2011-09-13 16:03:09 +02:00
|
|
|
case OR_CONN_STATE_OR_HANDSHAKING_V2:
|
2011-09-27 19:15:36 +02:00
|
|
|
case OR_CONN_STATE_OR_HANDSHAKING_V3:
|
2005-02-24 11:56:55 +01:00
|
|
|
return connection_or_process_cells_from_inbuf(conn);
|
|
|
|
default:
|
2012-05-31 17:19:35 +02:00
|
|
|
break; /* don't do anything */
|
|
|
|
}
|
|
|
|
|
2012-06-04 17:47:36 +02:00
|
|
|
/* This check was necessary with 0.2.2, when the TLS_SERVER_RENEGOTIATING
|
|
|
|
* check would otherwise just let data accumulate. It serves no purpose
|
|
|
|
* in 0.2.3.
|
|
|
|
*
|
2016-05-30 22:18:16 +02:00
|
|
|
* XXXX Remove this check once we verify that the above paragraph is
|
2012-06-04 17:47:36 +02:00
|
|
|
* 100% true. */
|
2012-10-12 18:22:13 +02:00
|
|
|
if (buf_datalen(conn->base_.inbuf) > MAX_OR_INBUF_WHEN_NONOPEN) {
|
2012-05-31 17:19:35 +02:00
|
|
|
log_fn(LOG_PROTOCOL_WARN, LD_NET, "Accumulated too much data (%d bytes) "
|
2012-06-05 06:49:18 +02:00
|
|
|
"on nonopen OR connection %s %s:%u in state %s; closing.",
|
2012-10-12 18:22:13 +02:00
|
|
|
(int)buf_datalen(conn->base_.inbuf),
|
2012-06-05 06:49:18 +02:00
|
|
|
connection_or_nonopen_was_started_here(conn) ? "to" : "from",
|
2012-10-12 18:22:13 +02:00
|
|
|
conn->base_.address, conn->base_.port,
|
|
|
|
conn_state_to_string(conn->base_.type, conn->base_.state));
|
2012-08-01 13:18:42 +02:00
|
|
|
connection_or_close_for_error(conn, 0);
|
2012-05-31 17:19:35 +02:00
|
|
|
ret = -1;
|
2005-02-24 11:56:55 +01:00
|
|
|
}
|
2012-05-31 17:19:35 +02:00
|
|
|
|
|
|
|
return ret;
|
2002-06-27 00:45:49 +02:00
|
|
|
}
|
|
|
|
|
2007-03-26 16:07:59 +02:00
|
|
|
/** Called whenever we have flushed some data on an or_conn: add more data
|
|
|
|
* from active circuits. */
|
2007-01-27 09:55:06 +01:00
|
|
|
int
|
|
|
|
connection_or_flushed_some(or_connection_t *conn)
|
|
|
|
{
|
2013-11-01 03:37:57 +01:00
|
|
|
size_t datalen;
|
2012-08-01 13:18:42 +02:00
|
|
|
|
2013-11-05 09:30:02 +01:00
|
|
|
/* The channel will want to update its estimated queue size */
|
|
|
|
channel_update_xmit_queue_size(TLS_CHAN_TO_BASE(conn->chan));
|
2012-08-01 13:18:42 +02:00
|
|
|
|
2007-03-26 16:08:35 +02:00
|
|
|
/* If we're under the low water mark, add cells until we're just over the
|
|
|
|
* high water mark. */
|
2012-08-01 13:18:42 +02:00
|
|
|
datalen = connection_get_outbuf_len(TO_CONN(conn));
|
2007-03-26 16:08:18 +02:00
|
|
|
if (datalen < OR_CONN_LOWWATER) {
|
2013-08-25 17:45:07 +02:00
|
|
|
/* Let the scheduler know */
|
|
|
|
scheduler_channel_wants_writes(TLS_CHAN_TO_BASE(conn->chan));
|
2007-03-26 16:07:59 +02:00
|
|
|
}
|
2012-08-01 13:18:42 +02:00
|
|
|
|
2007-01-27 09:55:06 +01:00
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
|
2013-08-25 17:45:07 +02:00
|
|
|
/** This is for channeltls.c to ask how many cells we could accept if
|
|
|
|
* they were available. */
|
|
|
|
ssize_t
|
|
|
|
connection_or_num_cells_writeable(or_connection_t *conn)
|
|
|
|
{
|
|
|
|
size_t datalen, cell_network_size;
|
|
|
|
ssize_t n = 0;
|
|
|
|
|
|
|
|
tor_assert(conn);
|
|
|
|
|
|
|
|
/*
|
|
|
|
* If we're under the high water mark, we're potentially
|
|
|
|
* writeable; note this is different from the calculation above
|
|
|
|
* used to trigger when to start writing after we've stopped.
|
|
|
|
*/
|
|
|
|
datalen = connection_get_outbuf_len(TO_CONN(conn));
|
|
|
|
if (datalen < OR_CONN_HIGHWATER) {
|
|
|
|
cell_network_size = get_cell_network_size(conn->wide_circ_ids);
|
|
|
|
n = CEIL_DIV(OR_CONN_HIGHWATER - datalen, cell_network_size);
|
|
|
|
}
|
|
|
|
|
|
|
|
return n;
|
|
|
|
}
|
|
|
|
|
2004-05-09 18:47:25 +02:00
|
|
|
/** Connection <b>conn</b> has finished writing and has no bytes left on
|
2004-05-07 10:53:40 +02:00
|
|
|
* its outbuf.
|
|
|
|
*
|
2004-05-10 06:34:48 +02:00
|
|
|
* Otherwise it's in state "open": stop writing and return.
|
2004-05-10 05:54:33 +02:00
|
|
|
*
|
|
|
|
* If <b>conn</b> is broken, mark it for close and return -1, else
|
|
|
|
* return 0.
|
2004-05-07 10:53:40 +02:00
|
|
|
*/
|
2005-06-11 20:52:12 +02:00
|
|
|
int
|
2006-07-26 21:07:26 +02:00
|
|
|
connection_or_finished_flushing(or_connection_t *conn)
|
2005-06-11 20:52:12 +02:00
|
|
|
{
|
2004-10-17 00:14:52 +02:00
|
|
|
tor_assert(conn);
|
2006-07-26 21:07:26 +02:00
|
|
|
assert_connection_ok(TO_CONN(conn),0);
|
2002-06-27 00:45:49 +02:00
|
|
|
|
2012-10-12 18:22:13 +02:00
|
|
|
switch (conn->base_.state) {
|
2009-06-19 01:59:18 +02:00
|
|
|
case OR_CONN_STATE_PROXY_HANDSHAKING:
|
2005-02-24 11:56:55 +01:00
|
|
|
case OR_CONN_STATE_OPEN:
|
2011-09-13 16:03:09 +02:00
|
|
|
case OR_CONN_STATE_OR_HANDSHAKING_V2:
|
2011-09-27 19:40:39 +02:00
|
|
|
case OR_CONN_STATE_OR_HANDSHAKING_V3:
|
2005-02-24 11:56:55 +01:00
|
|
|
break;
|
|
|
|
default:
|
2012-10-12 18:22:13 +02:00
|
|
|
log_err(LD_BUG,"Called in unexpected state %d.", conn->base_.state);
|
2005-04-26 20:52:16 +02:00
|
|
|
tor_fragile_assert();
|
2005-02-24 11:56:55 +01:00
|
|
|
return -1;
|
2004-05-12 21:17:09 +02:00
|
|
|
}
|
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
|
|
|
|
/** Connected handler for OR connections: begin the TLS handshake.
|
|
|
|
*/
|
2005-06-11 20:52:12 +02:00
|
|
|
int
|
2006-07-26 21:07:26 +02:00
|
|
|
connection_or_finished_connecting(or_connection_t *or_conn)
|
2004-05-12 21:17:09 +02:00
|
|
|
{
|
2011-07-03 06:13:41 +02:00
|
|
|
const int proxy_type = or_conn->proxy_type;
|
2006-07-26 21:07:26 +02:00
|
|
|
connection_t *conn;
|
2012-08-01 13:18:42 +02:00
|
|
|
|
2006-07-26 21:07:26 +02:00
|
|
|
tor_assert(or_conn);
|
|
|
|
conn = TO_CONN(or_conn);
|
2004-05-12 21:17:09 +02:00
|
|
|
tor_assert(conn->state == OR_CONN_STATE_CONNECTING);
|
|
|
|
|
2009-09-24 18:31:22 +02:00
|
|
|
log_debug(LD_HANDSHAKE,"OR connect() to router at %s:%u finished.",
|
2006-02-13 10:02:35 +01:00
|
|
|
conn->address,conn->port);
|
2008-06-07 07:27:34 +02:00
|
|
|
control_event_bootstrap(BOOTSTRAP_STATUS_HANDSHAKE, 0);
|
2004-05-12 21:17:09 +02:00
|
|
|
|
2009-06-19 01:59:18 +02:00
|
|
|
if (proxy_type != PROXY_NONE) {
|
|
|
|
/* start proxy handshake */
|
|
|
|
if (connection_proxy_connect(conn, proxy_type) < 0) {
|
2012-08-01 13:18:42 +02:00
|
|
|
connection_or_close_for_error(or_conn, 0);
|
2009-06-19 01:59:18 +02:00
|
|
|
return -1;
|
2005-04-26 20:33:33 +02:00
|
|
|
}
|
2009-06-19 01:59:18 +02:00
|
|
|
|
|
|
|
connection_start_reading(conn);
|
2012-08-01 13:18:42 +02:00
|
|
|
connection_or_change_state(or_conn, OR_CONN_STATE_PROXY_HANDSHAKING);
|
2005-02-24 11:56:55 +01:00
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
|
2006-07-26 21:07:26 +02:00
|
|
|
if (connection_tls_start_handshake(or_conn, 0) < 0) {
|
2004-05-12 23:12:33 +02:00
|
|
|
/* TLS handshaking error of some kind. */
|
2012-08-01 13:18:42 +02:00
|
|
|
connection_or_close_for_error(or_conn, 0);
|
2004-05-12 21:17:09 +02:00
|
|
|
return -1;
|
2002-06-27 00:45:49 +02:00
|
|
|
}
|
2004-05-12 21:17:09 +02:00
|
|
|
return 0;
|
2002-06-27 00:45:49 +02:00
|
|
|
}
|
|
|
|
|
2012-06-05 01:51:00 +02:00
|
|
|
/** Called when we're about to finally unlink and free an OR connection:
|
2011-06-22 19:57:19 +02:00
|
|
|
* perform necessary accounting and cleanup */
|
|
|
|
void
|
|
|
|
connection_or_about_to_close(or_connection_t *or_conn)
|
|
|
|
{
|
|
|
|
time_t now = time(NULL);
|
|
|
|
connection_t *conn = TO_CONN(or_conn);
|
|
|
|
|
2012-08-01 13:18:42 +02:00
|
|
|
/* Tell the controlling channel we're closed */
|
|
|
|
if (or_conn->chan) {
|
|
|
|
channel_closed(TLS_CHAN_TO_BASE(or_conn->chan));
|
2014-02-06 23:47:34 +01:00
|
|
|
/*
|
|
|
|
* NULL this out because the channel might hang around a little
|
|
|
|
* longer before channel_run_cleanup() gets it.
|
|
|
|
*/
|
|
|
|
or_conn->chan->conn = NULL;
|
2012-08-01 13:18:42 +02:00
|
|
|
or_conn->chan = NULL;
|
|
|
|
}
|
|
|
|
|
2011-06-22 19:57:19 +02:00
|
|
|
/* Remember why we're closing this connection. */
|
|
|
|
if (conn->state != OR_CONN_STATE_OPEN) {
|
|
|
|
/* now mark things down as needed */
|
|
|
|
if (connection_or_nonopen_was_started_here(or_conn)) {
|
|
|
|
const or_options_t *options = get_options();
|
2011-06-22 21:29:30 +02:00
|
|
|
connection_or_note_state_when_broken(or_conn);
|
2011-06-22 19:57:19 +02:00
|
|
|
rep_hist_note_connect_failed(or_conn->identity_digest, now);
|
|
|
|
entry_guard_register_connect_status(or_conn->identity_digest,0,
|
|
|
|
!options->HTTPSProxy, now);
|
|
|
|
if (conn->state >= OR_CONN_STATE_TLS_HANDSHAKING) {
|
|
|
|
int reason = tls_error_to_orconn_end_reason(or_conn->tls_error);
|
|
|
|
control_event_or_conn_status(or_conn, OR_CONN_EVENT_FAILED,
|
|
|
|
reason);
|
|
|
|
if (!authdir_mode_tests_reachability(options))
|
|
|
|
control_event_bootstrap_problem(
|
2014-03-10 23:52:07 +01:00
|
|
|
orconn_end_reason_to_control_string(reason),
|
|
|
|
reason, or_conn);
|
2011-06-22 19:57:19 +02:00
|
|
|
}
|
|
|
|
}
|
|
|
|
} else if (conn->hold_open_until_flushed) {
|
|
|
|
/* We only set hold_open_until_flushed when we're intentionally
|
|
|
|
* closing a connection. */
|
|
|
|
rep_hist_note_disconnect(or_conn->identity_digest, now);
|
|
|
|
control_event_or_conn_status(or_conn, OR_CONN_EVENT_CLOSED,
|
|
|
|
tls_error_to_orconn_end_reason(or_conn->tls_error));
|
|
|
|
} else if (!tor_digest_is_zero(or_conn->identity_digest)) {
|
|
|
|
rep_hist_note_connection_died(or_conn->identity_digest, now);
|
|
|
|
control_event_or_conn_status(or_conn, OR_CONN_EVENT_CLOSED,
|
|
|
|
tls_error_to_orconn_end_reason(or_conn->tls_error));
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2009-12-23 10:56:24 +01:00
|
|
|
/** Return 1 if identity digest <b>id_digest</b> is known to be a
|
|
|
|
* currently or recently running relay. Otherwise return 0. */
|
2010-03-11 04:43:23 +01:00
|
|
|
int
|
2009-12-23 10:56:24 +01:00
|
|
|
connection_or_digest_is_known_relay(const char *id_digest)
|
|
|
|
{
|
|
|
|
if (router_get_consensus_status_by_id(id_digest))
|
|
|
|
return 1; /* It's in the consensus: "yes" */
|
2010-10-14 17:49:51 +02:00
|
|
|
if (router_get_by_id_digest(id_digest))
|
2009-12-23 10:56:24 +01:00
|
|
|
return 1; /* Not in the consensus, but we have a descriptor for
|
|
|
|
* it. Probably it was in a recent consensus. "Yes". */
|
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
|
2010-08-15 08:27:07 +02:00
|
|
|
/** Set the per-conn read and write limits for <b>conn</b>. If it's a known
|
|
|
|
* relay, we will rely on the global read and write buckets, so give it
|
|
|
|
* per-conn limits that are big enough they'll never matter. But if it's
|
|
|
|
* not a known relay, first check if we set PerConnBwRate/Burst, then
|
|
|
|
* check if the consensus sets them, else default to 'big enough'.
|
2011-03-25 22:21:16 +01:00
|
|
|
*
|
|
|
|
* If <b>reset</b> is true, set the bucket to be full. Otherwise, just
|
|
|
|
* clip the bucket if it happens to be <em>too</em> full.
|
2010-08-15 08:27:07 +02:00
|
|
|
*/
|
2010-08-15 10:01:42 +02:00
|
|
|
static void
|
|
|
|
connection_or_update_token_buckets_helper(or_connection_t *conn, int reset,
|
2011-06-14 19:01:38 +02:00
|
|
|
const or_options_t *options)
|
2004-07-01 03:16:59 +02:00
|
|
|
{
|
2009-12-30 05:13:03 +01:00
|
|
|
int rate, burst; /* per-connection rate limiting params */
|
2010-08-15 08:27:07 +02:00
|
|
|
if (connection_or_digest_is_known_relay(conn->identity_digest)) {
|
2009-12-23 10:56:24 +01:00
|
|
|
/* It's in the consensus, or we have a descriptor for it meaning it
|
|
|
|
* was probably in a recent consensus. It's a recognized relay:
|
|
|
|
* give it full bandwidth. */
|
2009-12-30 05:13:03 +01:00
|
|
|
rate = (int)options->BandwidthRate;
|
|
|
|
burst = (int)options->BandwidthBurst;
|
|
|
|
} else {
|
|
|
|
/* Not a recognized relay. Squeeze it down based on the suggested
|
|
|
|
* bandwidth parameters in the consensus, but allow local config
|
|
|
|
* options to override. */
|
|
|
|
rate = options->PerConnBWRate ? (int)options->PerConnBWRate :
|
2010-12-30 19:54:13 +01:00
|
|
|
networkstatus_get_param(NULL, "perconnbwrate",
|
|
|
|
(int)options->BandwidthRate, 1, INT32_MAX);
|
2009-12-30 05:13:03 +01:00
|
|
|
burst = options->PerConnBWBurst ? (int)options->PerConnBWBurst :
|
2010-12-30 19:54:13 +01:00
|
|
|
networkstatus_get_param(NULL, "perconnbwburst",
|
|
|
|
(int)options->BandwidthBurst, 1, INT32_MAX);
|
2009-12-23 10:56:24 +01:00
|
|
|
}
|
|
|
|
|
2009-12-30 05:13:03 +01:00
|
|
|
conn->bandwidthrate = rate;
|
2010-08-15 10:01:42 +02:00
|
|
|
conn->bandwidthburst = burst;
|
|
|
|
if (reset) { /* set up the token buckets to be full */
|
|
|
|
conn->read_bucket = conn->write_bucket = burst;
|
|
|
|
return;
|
|
|
|
}
|
|
|
|
/* If the new token bucket is smaller, take out the extra tokens.
|
|
|
|
* (If it's larger, don't -- the buckets can grow to reach the cap.) */
|
|
|
|
if (conn->read_bucket > burst)
|
|
|
|
conn->read_bucket = burst;
|
|
|
|
if (conn->write_bucket > burst)
|
|
|
|
conn->write_bucket = burst;
|
|
|
|
}
|
|
|
|
|
|
|
|
/** Either our set of relays or our per-conn rate limits have changed.
|
2011-03-25 22:21:16 +01:00
|
|
|
* Go through all the OR connections and update their token buckets to make
|
|
|
|
* sure they don't exceed their maximum values. */
|
2010-08-15 10:01:42 +02:00
|
|
|
void
|
2011-06-14 19:01:38 +02:00
|
|
|
connection_or_update_token_buckets(smartlist_t *conns,
|
|
|
|
const or_options_t *options)
|
2010-08-15 10:01:42 +02:00
|
|
|
{
|
|
|
|
SMARTLIST_FOREACH(conns, connection_t *, conn,
|
|
|
|
{
|
|
|
|
if (connection_speaks_cells(conn))
|
|
|
|
connection_or_update_token_buckets_helper(TO_OR_CONN(conn), 0, options);
|
|
|
|
});
|
2010-08-15 08:27:07 +02:00
|
|
|
}
|
|
|
|
|
2014-04-09 17:13:37 +02:00
|
|
|
/** How long do we wait before killing non-canonical OR connections with no
|
|
|
|
* circuits? In Tor versions up to 0.2.1.25 and 0.2.2.12-alpha, we waited 15
|
|
|
|
* minutes before cancelling these connections, which caused fast relays to
|
|
|
|
* accrue many many idle connections. Hopefully 3-4.5 minutes is low enough
|
|
|
|
* that it kills most idle connections, without being so low that we cause
|
|
|
|
* clients to bounce on and off.
|
|
|
|
*
|
|
|
|
* For canonical connections, the limit is higher, at 15-22.5 minutes.
|
|
|
|
*
|
|
|
|
* For each OR connection, we randomly add up to 50% extra to its idle_timeout
|
|
|
|
* field, to avoid exposing when exactly the last circuit closed. Since we're
|
|
|
|
* storing idle_timeout in a uint16_t, don't let these values get higher than
|
|
|
|
* 12 hours or so without revising connection_or_set_canonical and/or expanding
|
|
|
|
* idle_timeout.
|
|
|
|
*/
|
|
|
|
#define IDLE_OR_CONN_TIMEOUT_NONCANONICAL 180
|
|
|
|
#define IDLE_OR_CONN_TIMEOUT_CANONICAL 900
|
|
|
|
|
|
|
|
/* Mark <b>or_conn</b> as canonical if <b>is_canonical</b> is set, and
|
|
|
|
* non-canonical otherwise. Adjust idle_timeout accordingly.
|
|
|
|
*/
|
|
|
|
void
|
|
|
|
connection_or_set_canonical(or_connection_t *or_conn,
|
|
|
|
int is_canonical)
|
|
|
|
{
|
|
|
|
const unsigned int timeout_base = is_canonical ?
|
|
|
|
IDLE_OR_CONN_TIMEOUT_CANONICAL : IDLE_OR_CONN_TIMEOUT_NONCANONICAL;
|
|
|
|
|
|
|
|
if (bool_eq(is_canonical, or_conn->is_canonical) &&
|
|
|
|
or_conn->idle_timeout != 0) {
|
|
|
|
/* Don't recalculate an existing idle_timeout unless the canonical
|
|
|
|
* status changed. */
|
|
|
|
return;
|
|
|
|
}
|
|
|
|
|
|
|
|
or_conn->is_canonical = !! is_canonical; /* force to a 1-bit boolean */
|
|
|
|
or_conn->idle_timeout = timeout_base + crypto_rand_int(timeout_base / 2);
|
|
|
|
}
|
|
|
|
|
2010-08-15 08:27:07 +02:00
|
|
|
/** If we don't necessarily know the router we're connecting to, but we
|
|
|
|
* have an addr/port/id_digest, then fill in as much as we can. Start
|
2011-11-24 18:39:27 +01:00
|
|
|
* by checking to see if this describes a router we know.
|
|
|
|
* <b>started_here</b> is 1 if we are the initiator of <b>conn</b> and
|
|
|
|
* 0 if it's an incoming connection. */
|
2011-09-27 19:15:36 +02:00
|
|
|
void
|
2010-08-15 08:27:07 +02:00
|
|
|
connection_or_init_conn_from_address(or_connection_t *conn,
|
|
|
|
const tor_addr_t *addr, uint16_t port,
|
|
|
|
const char *id_digest,
|
|
|
|
int started_here)
|
|
|
|
{
|
Initial conversion to use node_t throughout our codebase.
A node_t is an abstraction over routerstatus_t, routerinfo_t, and
microdesc_t. It should try to present a consistent interface to all
of them. There should be a node_t for a server whenever there is
* A routerinfo_t for it in the routerlist
* A routerstatus_t in the current_consensus.
(note that a microdesc_t alone isn't enough to make a node_t exist,
since microdescriptors aren't usable on their own.)
There are three ways to get a node_t right now: looking it up by ID,
looking it up by nickname, and iterating over the whole list of
microdescriptors.
All (or nearly all) functions that are supposed to return "a router"
-- especially those used in building connections and circuits --
should return a node_t, not a routerinfo_t or a routerstatus_t.
A node_t should hold all the *mutable* flags about a node. This
patch moves the is_foo flags from routerinfo_t into node_t. The
flags in routerstatus_t remain, but they get set from the consensus
and should not change.
Some other highlights of this patch are:
* Looking up routerinfo and routerstatus by nickname is now
unified and based on the "look up a node by nickname" function.
This tries to look only at the values from current consensus,
and not get confused by the routerinfo_t->is_named flag, which
could get set for other weird reasons. This changes the
behavior of how authorities (when acting as clients) deal with
nodes that have been listed by nickname.
* I tried not to artificially increase the size of the diff here
by moving functions around. As a result, some functions that
now operate on nodes are now in the wrong file -- they should
get moved to nodelist.c once this refactoring settles down.
This moving should happen as part of a patch that moves
functions AND NOTHING ELSE.
* Some old code is now left around inside #if 0/1 blocks, and
should get removed once I've verified that I don't want it
sitting around to see how we used to do things.
There are still some unimplemented functions: these are flagged
with "UNIMPLEMENTED_NODELIST()." I'll work on filling in the
implementation here, piece by piece.
I wish this patch could have been smaller, but there did not seem to
be any piece of it that was independent from the rest. Moving flags
forces many functions that once returned routerinfo_t * to return
node_t *, which forces their friends to change, and so on.
2010-09-29 21:00:41 +02:00
|
|
|
const node_t *r = node_get_by_id(id_digest);
|
2010-08-15 08:27:07 +02:00
|
|
|
connection_or_set_identity_digest(conn, id_digest);
|
2010-08-15 10:01:42 +02:00
|
|
|
connection_or_update_token_buckets_helper(conn, 1, get_options());
|
2009-12-30 05:13:03 +01:00
|
|
|
|
2012-10-12 18:22:13 +02:00
|
|
|
conn->base_.port = port;
|
|
|
|
tor_addr_copy(&conn->base_.addr, addr);
|
2008-08-05 22:08:19 +02:00
|
|
|
tor_addr_copy(&conn->real_addr, addr);
|
2004-07-01 03:16:59 +02:00
|
|
|
if (r) {
|
2011-11-28 12:15:58 +01:00
|
|
|
tor_addr_port_t node_ap;
|
|
|
|
node_get_pref_orport(r, &node_ap);
|
2011-11-24 18:59:24 +01:00
|
|
|
/* XXXX proposal 186 is making this more complex. For now, a conn
|
|
|
|
is canonical when it uses the _preferred_ address. */
|
2012-10-12 18:22:13 +02:00
|
|
|
if (tor_addr_eq(&conn->base_.addr, &node_ap.addr))
|
2014-04-09 17:13:37 +02:00
|
|
|
connection_or_set_canonical(conn, 1);
|
2006-06-13 07:36:35 +02:00
|
|
|
if (!started_here) {
|
|
|
|
/* Override the addr/port, so our log messages will make sense.
|
|
|
|
* This is dangerous, since if we ever try looking up a conn by
|
|
|
|
* its actual addr/port, we won't remember. Careful! */
|
2008-12-18 17:11:24 +01:00
|
|
|
/* XXXX arma: this is stupid, and it's the reason we need real_addr
|
2008-02-12 21:20:52 +01:00
|
|
|
* to track is_canonical properly. What requires it? */
|
2008-02-12 23:21:20 +01:00
|
|
|
/* XXXX <arma> i believe the reason we did this, originally, is because
|
|
|
|
* we wanted to log what OR a connection was to, and if we logged the
|
|
|
|
* right IP address and port 56244, that wouldn't be as helpful. now we
|
|
|
|
* log the "right" port too, so we know if it's moria1 or moria2.
|
2008-08-05 22:08:19 +02:00
|
|
|
*/
|
2012-10-12 18:22:13 +02:00
|
|
|
tor_addr_copy(&conn->base_.addr, &node_ap.addr);
|
|
|
|
conn->base_.port = node_ap.port;
|
2006-06-13 07:36:35 +02:00
|
|
|
}
|
Initial conversion to use node_t throughout our codebase.
A node_t is an abstraction over routerstatus_t, routerinfo_t, and
microdesc_t. It should try to present a consistent interface to all
of them. There should be a node_t for a server whenever there is
* A routerinfo_t for it in the routerlist
* A routerstatus_t in the current_consensus.
(note that a microdesc_t alone isn't enough to make a node_t exist,
since microdescriptors aren't usable on their own.)
There are three ways to get a node_t right now: looking it up by ID,
looking it up by nickname, and iterating over the whole list of
microdescriptors.
All (or nearly all) functions that are supposed to return "a router"
-- especially those used in building connections and circuits --
should return a node_t, not a routerinfo_t or a routerstatus_t.
A node_t should hold all the *mutable* flags about a node. This
patch moves the is_foo flags from routerinfo_t into node_t. The
flags in routerstatus_t remain, but they get set from the consensus
and should not change.
Some other highlights of this patch are:
* Looking up routerinfo and routerstatus by nickname is now
unified and based on the "look up a node by nickname" function.
This tries to look only at the values from current consensus,
and not get confused by the routerinfo_t->is_named flag, which
could get set for other weird reasons. This changes the
behavior of how authorities (when acting as clients) deal with
nodes that have been listed by nickname.
* I tried not to artificially increase the size of the diff here
by moving functions around. As a result, some functions that
now operate on nodes are now in the wrong file -- they should
get moved to nodelist.c once this refactoring settles down.
This moving should happen as part of a patch that moves
functions AND NOTHING ELSE.
* Some old code is now left around inside #if 0/1 blocks, and
should get removed once I've verified that I don't want it
sitting around to see how we used to do things.
There are still some unimplemented functions: these are flagged
with "UNIMPLEMENTED_NODELIST()." I'll work on filling in the
implementation here, piece by piece.
I wish this patch could have been smaller, but there did not seem to
be any piece of it that was independent from the rest. Moving flags
forces many functions that once returned routerinfo_t * to return
node_t *, which forces their friends to change, and so on.
2010-09-29 21:00:41 +02:00
|
|
|
conn->nickname = tor_strdup(node_get_nickname(r));
|
2012-10-12 18:22:13 +02:00
|
|
|
tor_free(conn->base_.address);
|
2016-03-28 22:36:51 +02:00
|
|
|
conn->base_.address = tor_addr_to_str_dup(&node_ap.addr);
|
2004-09-29 00:24:56 +02:00
|
|
|
} else {
|
2014-09-04 23:16:51 +02:00
|
|
|
conn->nickname = tor_malloc(HEX_DIGEST_LEN+2);
|
|
|
|
conn->nickname[0] = '$';
|
|
|
|
base16_encode(conn->nickname+1, HEX_DIGEST_LEN+1,
|
|
|
|
conn->identity_digest, DIGEST_LEN);
|
|
|
|
|
2012-10-12 18:22:13 +02:00
|
|
|
tor_free(conn->base_.address);
|
2016-03-28 22:36:51 +02:00
|
|
|
conn->base_.address = tor_addr_to_str_dup(addr);
|
2004-09-29 00:24:56 +02:00
|
|
|
}
|
2014-09-05 20:08:46 +02:00
|
|
|
|
|
|
|
/*
|
|
|
|
* We have to tell channeltls.c to update the channel marks (local, in
|
|
|
|
* particular), since we may have changed the address.
|
|
|
|
*/
|
|
|
|
|
|
|
|
if (conn->chan) {
|
|
|
|
channel_tls_update_marks(conn);
|
|
|
|
}
|
2004-07-01 03:16:59 +02:00
|
|
|
}
|
|
|
|
|
2012-08-01 13:18:42 +02:00
|
|
|
/** These just pass all the is_bad_for_new_circs manipulation on to
|
|
|
|
* channel_t */
|
2009-01-28 18:36:41 +01:00
|
|
|
|
2012-08-01 13:18:42 +02:00
|
|
|
static unsigned int
|
|
|
|
connection_or_is_bad_for_new_circs(or_connection_t *or_conn)
|
|
|
|
{
|
|
|
|
tor_assert(or_conn);
|
2009-01-28 18:36:41 +01:00
|
|
|
|
2012-08-01 13:18:42 +02:00
|
|
|
if (or_conn->chan)
|
|
|
|
return channel_is_bad_for_new_circs(TLS_CHAN_TO_BASE(or_conn->chan));
|
|
|
|
else return 0;
|
2008-12-24 03:38:04 +01:00
|
|
|
}
|
|
|
|
|
2012-08-01 13:18:42 +02:00
|
|
|
static void
|
|
|
|
connection_or_mark_bad_for_new_circs(or_connection_t *or_conn)
|
2008-12-24 03:38:04 +01:00
|
|
|
{
|
2012-08-01 13:18:42 +02:00
|
|
|
tor_assert(or_conn);
|
2008-12-24 03:38:04 +01:00
|
|
|
|
2012-08-01 13:18:42 +02:00
|
|
|
if (or_conn->chan)
|
|
|
|
channel_mark_bad_for_new_circs(TLS_CHAN_TO_BASE(or_conn->chan));
|
2008-12-24 03:38:04 +01:00
|
|
|
}
|
|
|
|
|
|
|
|
/** How old do we let a connection to an OR get before deciding it's
|
|
|
|
* too old for new circuits? */
|
|
|
|
#define TIME_BEFORE_OR_CONN_IS_TOO_OLD (60*60*24*7)
|
|
|
|
|
|
|
|
/** Given the head of the linked list for all the or_connections with a given
|
2010-09-29 05:27:00 +02:00
|
|
|
* identity, set elements of that list as is_bad_for_new_circs as
|
|
|
|
* appropriate. Helper for connection_or_set_bad_connections().
|
|
|
|
*
|
|
|
|
* Specifically, we set the is_bad_for_new_circs flag on:
|
|
|
|
* - all connections if <b>force</b> is true.
|
|
|
|
* - all connections that are too old.
|
|
|
|
* - all open non-canonical connections for which a canonical connection
|
|
|
|
* exists to the same router.
|
|
|
|
* - all open canonical connections for which a 'better' canonical
|
|
|
|
* connection exists to the same router.
|
|
|
|
* - all open non-canonical connections for which a 'better' non-canonical
|
|
|
|
* connection exists to the same router at the same address.
|
|
|
|
*
|
2012-08-01 13:18:42 +02:00
|
|
|
* See channel_is_better() in channel.c for our idea of what makes one OR
|
|
|
|
* connection better than another.
|
2008-12-24 03:38:04 +01:00
|
|
|
*/
|
|
|
|
static void
|
2010-09-29 04:32:38 +02:00
|
|
|
connection_or_group_set_badness(or_connection_t *head, int force)
|
2008-12-24 03:38:04 +01:00
|
|
|
{
|
|
|
|
or_connection_t *or_conn = NULL, *best = NULL;
|
|
|
|
int n_old = 0, n_inprogress = 0, n_canonical = 0, n_other = 0;
|
|
|
|
time_t now = time(NULL);
|
|
|
|
|
|
|
|
/* Pass 1: expire everything that's old, and see what the status of
|
|
|
|
* everything else is. */
|
|
|
|
for (or_conn = head; or_conn; or_conn = or_conn->next_with_same_id) {
|
2012-10-12 18:22:13 +02:00
|
|
|
if (or_conn->base_.marked_for_close ||
|
2012-08-01 13:18:42 +02:00
|
|
|
connection_or_is_bad_for_new_circs(or_conn))
|
2008-12-24 03:38:04 +01:00
|
|
|
continue;
|
2010-09-29 04:32:38 +02:00
|
|
|
if (force ||
|
2012-10-12 18:22:13 +02:00
|
|
|
or_conn->base_.timestamp_created + TIME_BEFORE_OR_CONN_IS_TOO_OLD
|
2010-09-29 04:32:38 +02:00
|
|
|
< now) {
|
2008-12-24 03:38:04 +01:00
|
|
|
log_info(LD_OR,
|
|
|
|
"Marking OR conn to %s:%d as too old for new circuits "
|
2012-11-02 19:22:21 +01:00
|
|
|
"(fd "TOR_SOCKET_T_FORMAT", %d secs old).",
|
2012-10-12 18:22:13 +02:00
|
|
|
or_conn->base_.address, or_conn->base_.port, or_conn->base_.s,
|
|
|
|
(int)(now - or_conn->base_.timestamp_created));
|
2012-08-01 13:18:42 +02:00
|
|
|
connection_or_mark_bad_for_new_circs(or_conn);
|
2008-12-24 03:38:04 +01:00
|
|
|
}
|
|
|
|
|
2012-08-01 13:18:42 +02:00
|
|
|
if (connection_or_is_bad_for_new_circs(or_conn)) {
|
2008-12-24 03:38:04 +01:00
|
|
|
++n_old;
|
2012-10-12 18:22:13 +02:00
|
|
|
} else if (or_conn->base_.state != OR_CONN_STATE_OPEN) {
|
2008-12-24 03:38:04 +01:00
|
|
|
++n_inprogress;
|
|
|
|
} else if (or_conn->is_canonical) {
|
|
|
|
++n_canonical;
|
|
|
|
} else {
|
|
|
|
++n_other;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
/* Pass 2: We know how about how good the best connection is.
|
|
|
|
* expire everything that's worse, and find the very best if we can. */
|
|
|
|
for (or_conn = head; or_conn; or_conn = or_conn->next_with_same_id) {
|
2012-10-12 18:22:13 +02:00
|
|
|
if (or_conn->base_.marked_for_close ||
|
2012-08-01 13:18:42 +02:00
|
|
|
connection_or_is_bad_for_new_circs(or_conn))
|
2008-12-24 03:38:04 +01:00
|
|
|
continue; /* This one doesn't need to be marked bad. */
|
2012-10-12 18:22:13 +02:00
|
|
|
if (or_conn->base_.state != OR_CONN_STATE_OPEN)
|
2008-12-24 03:38:04 +01:00
|
|
|
continue; /* Don't mark anything bad until we have seen what happens
|
|
|
|
* when the connection finishes. */
|
|
|
|
if (n_canonical && !or_conn->is_canonical) {
|
|
|
|
/* We have at least one open canonical connection to this router,
|
|
|
|
* and this one is open but not canonical. Mark it bad. */
|
|
|
|
log_info(LD_OR,
|
2010-05-12 20:15:39 +02:00
|
|
|
"Marking OR conn to %s:%d as unsuitable for new circuits: "
|
2012-12-07 20:14:20 +01:00
|
|
|
"(fd "TOR_SOCKET_T_FORMAT", %d secs old). It is not "
|
|
|
|
"canonical, and we have another connection to that OR that is.",
|
2012-10-12 18:22:13 +02:00
|
|
|
or_conn->base_.address, or_conn->base_.port, or_conn->base_.s,
|
|
|
|
(int)(now - or_conn->base_.timestamp_created));
|
2012-08-01 13:18:42 +02:00
|
|
|
connection_or_mark_bad_for_new_circs(or_conn);
|
2008-12-24 03:38:04 +01:00
|
|
|
continue;
|
|
|
|
}
|
|
|
|
|
2012-08-01 13:18:42 +02:00
|
|
|
if (!best ||
|
|
|
|
channel_is_better(now,
|
|
|
|
TLS_CHAN_TO_BASE(or_conn->chan),
|
|
|
|
TLS_CHAN_TO_BASE(best->chan),
|
|
|
|
0)) {
|
2008-12-24 03:38:04 +01:00
|
|
|
best = or_conn;
|
2012-08-01 13:18:42 +02:00
|
|
|
}
|
2008-12-24 03:38:04 +01:00
|
|
|
}
|
|
|
|
|
|
|
|
if (!best)
|
|
|
|
return;
|
|
|
|
|
|
|
|
/* Pass 3: One connection to OR is best. If it's canonical, mark as bad
|
|
|
|
* every other open connection. If it's non-canonical, mark as bad
|
|
|
|
* every other open connection to the same address.
|
|
|
|
*
|
2008-12-29 20:57:13 +01:00
|
|
|
* XXXX This isn't optimal; if we have connections to an OR at multiple
|
|
|
|
* addresses, we'd like to pick the best _for each address_, and mark as
|
|
|
|
* bad every open connection that isn't best for its address. But this
|
|
|
|
* can only occur in cases where the other OR is old (so we have no
|
|
|
|
* canonical connection to it), or where all the connections to the OR are
|
|
|
|
* at noncanonical addresses and we have no good direct connection (which
|
|
|
|
* means we aren't at risk of attaching circuits to it anyway). As
|
|
|
|
* 0.1.2.x dies out, the first case will go away, and the second one is
|
|
|
|
* "mostly harmless", so a fix can wait until somebody is bored.
|
2008-12-24 03:38:04 +01:00
|
|
|
*/
|
|
|
|
for (or_conn = head; or_conn; or_conn = or_conn->next_with_same_id) {
|
2012-10-12 18:22:13 +02:00
|
|
|
if (or_conn->base_.marked_for_close ||
|
2012-08-01 13:18:42 +02:00
|
|
|
connection_or_is_bad_for_new_circs(or_conn) ||
|
2012-10-12 18:22:13 +02:00
|
|
|
or_conn->base_.state != OR_CONN_STATE_OPEN)
|
2008-12-24 03:38:04 +01:00
|
|
|
continue;
|
2012-08-01 13:18:42 +02:00
|
|
|
if (or_conn != best &&
|
|
|
|
channel_is_better(now,
|
|
|
|
TLS_CHAN_TO_BASE(best->chan),
|
|
|
|
TLS_CHAN_TO_BASE(or_conn->chan), 1)) {
|
2009-01-28 18:36:41 +01:00
|
|
|
/* This isn't the best conn, _and_ the best conn is better than it,
|
|
|
|
even when we're being forgiving. */
|
2008-12-24 03:38:04 +01:00
|
|
|
if (best->is_canonical) {
|
|
|
|
log_info(LD_OR,
|
2010-05-12 20:15:39 +02:00
|
|
|
"Marking OR conn to %s:%d as unsuitable for new circuits: "
|
2012-11-02 19:22:21 +01:00
|
|
|
"(fd "TOR_SOCKET_T_FORMAT", %d secs old). "
|
|
|
|
"We have a better canonical one "
|
|
|
|
"(fd "TOR_SOCKET_T_FORMAT"; %d secs old).",
|
2012-10-12 18:22:13 +02:00
|
|
|
or_conn->base_.address, or_conn->base_.port, or_conn->base_.s,
|
|
|
|
(int)(now - or_conn->base_.timestamp_created),
|
|
|
|
best->base_.s, (int)(now - best->base_.timestamp_created));
|
2012-08-01 13:18:42 +02:00
|
|
|
connection_or_mark_bad_for_new_circs(or_conn);
|
2008-12-24 03:38:04 +01:00
|
|
|
} else if (!tor_addr_compare(&or_conn->real_addr,
|
|
|
|
&best->real_addr, CMP_EXACT)) {
|
|
|
|
log_info(LD_OR,
|
2010-05-12 20:15:39 +02:00
|
|
|
"Marking OR conn to %s:%d as unsuitable for new circuits: "
|
2012-11-02 19:22:21 +01:00
|
|
|
"(fd "TOR_SOCKET_T_FORMAT", %d secs old). We have a better "
|
|
|
|
"one with the "
|
|
|
|
"same address (fd "TOR_SOCKET_T_FORMAT"; %d secs old).",
|
2012-10-12 18:22:13 +02:00
|
|
|
or_conn->base_.address, or_conn->base_.port, or_conn->base_.s,
|
|
|
|
(int)(now - or_conn->base_.timestamp_created),
|
|
|
|
best->base_.s, (int)(now - best->base_.timestamp_created));
|
2012-08-01 13:18:42 +02:00
|
|
|
connection_or_mark_bad_for_new_circs(or_conn);
|
2008-12-24 03:38:04 +01:00
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2010-09-29 04:32:38 +02:00
|
|
|
/** Go through all the OR connections (or if <b>digest</b> is non-NULL, just
|
|
|
|
* the OR connections with that digest), and set the is_bad_for_new_circs
|
2010-09-29 05:27:00 +02:00
|
|
|
* flag based on the rules in connection_or_group_set_badness() (or just
|
|
|
|
* always set it if <b>force</b> is true).
|
2008-12-24 03:38:04 +01:00
|
|
|
*/
|
|
|
|
void
|
2010-09-29 04:32:38 +02:00
|
|
|
connection_or_set_bad_connections(const char *digest, int force)
|
2008-12-24 03:38:04 +01:00
|
|
|
{
|
|
|
|
if (!orconn_identity_map)
|
|
|
|
return;
|
|
|
|
|
|
|
|
DIGESTMAP_FOREACH(orconn_identity_map, identity, or_connection_t *, conn) {
|
2011-05-11 22:27:27 +02:00
|
|
|
if (!digest || tor_memeq(digest, conn->identity_digest, DIGEST_LEN))
|
2010-09-29 04:32:38 +02:00
|
|
|
connection_or_group_set_badness(conn, force);
|
2008-12-24 03:38:04 +01:00
|
|
|
} DIGESTMAP_FOREACH_END;
|
2005-11-30 04:01:16 +01:00
|
|
|
}
|
|
|
|
|
2008-09-09 08:25:39 +02:00
|
|
|
/** <b>conn</b> is in the 'connecting' state, and it failed to complete
|
|
|
|
* a TCP connection. Send notifications appropriately.
|
|
|
|
*
|
|
|
|
* <b>reason</b> specifies the or_conn_end_reason for the failure;
|
|
|
|
* <b>msg</b> specifies the strerror-style error message.
|
|
|
|
*/
|
|
|
|
void
|
|
|
|
connection_or_connect_failed(or_connection_t *conn,
|
|
|
|
int reason, const char *msg)
|
|
|
|
{
|
|
|
|
control_event_or_conn_status(conn, OR_CONN_EVENT_FAILED, reason);
|
|
|
|
if (!authdir_mode_tests_reachability(get_options()))
|
2014-03-10 23:52:07 +01:00
|
|
|
control_event_bootstrap_problem(msg, reason, conn);
|
2008-09-09 08:25:39 +02:00
|
|
|
}
|
|
|
|
|
2012-08-01 13:18:42 +02:00
|
|
|
/** <b>conn</b> got an error in connection_handle_read_impl() or
|
|
|
|
* connection_handle_write_impl() and is going to die soon.
|
|
|
|
*
|
|
|
|
* <b>reason</b> specifies the or_conn_end_reason for the failure;
|
|
|
|
* <b>msg</b> specifies the strerror-style error message.
|
|
|
|
*/
|
|
|
|
void
|
|
|
|
connection_or_notify_error(or_connection_t *conn,
|
|
|
|
int reason, const char *msg)
|
|
|
|
{
|
|
|
|
channel_t *chan;
|
|
|
|
|
|
|
|
tor_assert(conn);
|
|
|
|
|
|
|
|
/* If we're connecting, call connect_failed() too */
|
|
|
|
if (TO_CONN(conn)->state == OR_CONN_STATE_CONNECTING)
|
|
|
|
connection_or_connect_failed(conn, reason, msg);
|
|
|
|
|
|
|
|
/* Tell the controlling channel if we have one */
|
|
|
|
if (conn->chan) {
|
|
|
|
chan = TLS_CHAN_TO_BASE(conn->chan);
|
|
|
|
/* Don't transition if we're already in closing, closed or error */
|
2014-11-23 20:42:46 +01:00
|
|
|
if (!CHANNEL_CONDEMNED(chan)) {
|
2012-08-01 13:18:42 +02:00
|
|
|
channel_close_for_error(chan);
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
/* No need to mark for error because connection.c is about to do that */
|
|
|
|
}
|
|
|
|
|
2004-07-02 11:29:01 +02:00
|
|
|
/** Launch a new OR connection to <b>addr</b>:<b>port</b> and expect to
|
2012-08-01 13:18:42 +02:00
|
|
|
* handshake with an OR with identity digest <b>id_digest</b>. Optionally,
|
|
|
|
* pass in a pointer to a channel using this connection.
|
2004-05-07 10:53:40 +02:00
|
|
|
*
|
2004-07-02 11:29:01 +02:00
|
|
|
* If <b>id_digest</b> is me, do nothing. If we're already connected to it,
|
2004-07-21 02:12:42 +02:00
|
|
|
* return that connection. If the connect() is in progress, set the
|
|
|
|
* new conn's state to 'connecting' and return it. If connect() succeeds,
|
2005-08-23 11:50:51 +02:00
|
|
|
* call connection_tls_start_handshake() on it.
|
2004-05-07 10:53:40 +02:00
|
|
|
*
|
2004-05-09 18:33:04 +02:00
|
|
|
* This function is called from router_retry_connections(), for
|
2004-05-07 10:53:40 +02:00
|
|
|
* ORs connecting to ORs, and circuit_establish_circuit(), for
|
|
|
|
* OPs connecting to ORs.
|
|
|
|
*
|
|
|
|
* Return the launched conn, or NULL if it failed.
|
|
|
|
*/
|
2014-01-23 13:54:44 +01:00
|
|
|
|
|
|
|
MOCK_IMPL(or_connection_t *,
|
|
|
|
connection_or_connect, (const tor_addr_t *_addr, uint16_t port,
|
|
|
|
const char *id_digest, channel_tls_t *chan))
|
2005-06-11 20:52:12 +02:00
|
|
|
{
|
2006-07-26 21:07:26 +02:00
|
|
|
or_connection_t *conn;
|
2011-06-14 19:01:38 +02:00
|
|
|
const or_options_t *options = get_options();
|
2008-06-11 03:14:23 +02:00
|
|
|
int socket_error = 0;
|
2008-08-05 22:08:19 +02:00
|
|
|
tor_addr_t addr;
|
2002-06-27 00:45:49 +02:00
|
|
|
|
2011-06-14 04:28:36 +02:00
|
|
|
int r;
|
|
|
|
tor_addr_t proxy_addr;
|
|
|
|
uint16_t proxy_port;
|
2011-07-03 06:13:41 +02:00
|
|
|
int proxy_type;
|
2011-06-14 04:28:36 +02:00
|
|
|
|
2008-08-05 22:08:19 +02:00
|
|
|
tor_assert(_addr);
|
2004-07-02 11:29:01 +02:00
|
|
|
tor_assert(id_digest);
|
2008-08-05 22:08:19 +02:00
|
|
|
tor_addr_copy(&addr, _addr);
|
2003-05-28 04:03:25 +02:00
|
|
|
|
2006-06-05 10:02:04 +02:00
|
|
|
if (server_mode(options) && router_digest_is_me(id_digest)) {
|
2006-02-13 10:02:35 +01:00
|
|
|
log_info(LD_PROTOCOL,"Client asked me to connect to myself. Refusing.");
|
2003-05-28 04:03:25 +02:00
|
|
|
return NULL;
|
|
|
|
}
|
|
|
|
|
2012-03-16 14:40:44 +01:00
|
|
|
conn = or_connection_new(CONN_TYPE_OR, tor_addr_family(&addr));
|
2002-06-27 00:45:49 +02:00
|
|
|
|
2012-08-01 13:18:42 +02:00
|
|
|
/*
|
|
|
|
* Set up conn so it's got all the data we need to remember for channels
|
|
|
|
*
|
|
|
|
* This stuff needs to happen before connection_or_init_conn_from_address()
|
|
|
|
* so connection_or_set_identity_digest() and such know where to look to
|
|
|
|
* keep the channel up to date.
|
|
|
|
*/
|
|
|
|
conn->chan = chan;
|
|
|
|
chan->conn = conn;
|
2008-08-05 22:08:19 +02:00
|
|
|
connection_or_init_conn_from_address(conn, &addr, port, id_digest, 1);
|
2012-08-01 13:18:42 +02:00
|
|
|
connection_or_change_state(conn, OR_CONN_STATE_CONNECTING);
|
2007-01-15 22:13:37 +01:00
|
|
|
control_event_or_conn_status(conn, OR_CONN_EVENT_LAUNCHED, 0);
|
2002-06-27 00:45:49 +02:00
|
|
|
|
2011-10-23 23:58:00 +02:00
|
|
|
conn->is_outgoing = 1;
|
|
|
|
|
2011-06-14 16:00:55 +02:00
|
|
|
/* If we are using a proxy server, find it and use it. */
|
2011-07-03 06:13:41 +02:00
|
|
|
r = get_proxy_addrport(&proxy_addr, &proxy_port, &proxy_type, TO_CONN(conn));
|
|
|
|
if (r == 0) {
|
|
|
|
conn->proxy_type = proxy_type;
|
|
|
|
if (proxy_type != PROXY_NONE) {
|
|
|
|
tor_addr_copy(&addr, &proxy_addr);
|
|
|
|
port = proxy_port;
|
2012-10-12 18:22:13 +02:00
|
|
|
conn->base_.proxy_state = PROXY_INFANT;
|
2011-07-03 06:13:41 +02:00
|
|
|
}
|
|
|
|
} else {
|
2012-05-18 02:07:46 +02:00
|
|
|
/* get_proxy_addrport() might fail if we have a Bridge line that
|
|
|
|
references a transport, but no ClientTransportPlugin lines
|
|
|
|
defining its transport proxy. If this is the case, let's try to
|
|
|
|
output a useful log message to the user. */
|
|
|
|
const char *transport_name =
|
|
|
|
find_transport_name_by_bridge_addrport(&TO_CONN(conn)->addr,
|
|
|
|
TO_CONN(conn)->port);
|
|
|
|
|
|
|
|
if (transport_name) {
|
2012-10-07 06:25:25 +02:00
|
|
|
log_warn(LD_GENERAL, "We were supposed to connect to bridge '%s' "
|
2012-06-14 17:01:22 +02:00
|
|
|
"using pluggable transport '%s', but we can't find a pluggable "
|
|
|
|
"transport proxy supporting '%s'. This can happen if you "
|
|
|
|
"haven't provided a ClientTransportPlugin line, or if "
|
|
|
|
"your pluggable transport proxy stopped running.",
|
2012-10-07 06:25:25 +02:00
|
|
|
fmt_addrport(&TO_CONN(conn)->addr, TO_CONN(conn)->port),
|
2012-05-18 02:07:46 +02:00
|
|
|
transport_name, transport_name);
|
2013-11-05 03:50:16 +01:00
|
|
|
|
|
|
|
control_event_bootstrap_problem(
|
|
|
|
"Can't connect to bridge",
|
2014-04-07 19:44:22 +02:00
|
|
|
END_OR_CONN_REASON_PT_MISSING,
|
2014-04-07 19:41:07 +02:00
|
|
|
conn);
|
2013-11-05 03:50:16 +01:00
|
|
|
|
2012-05-18 02:07:46 +02:00
|
|
|
} else {
|
2012-10-07 06:25:25 +02:00
|
|
|
log_warn(LD_GENERAL, "Tried to connect to '%s' through a proxy, but "
|
2012-05-18 02:07:46 +02:00
|
|
|
"the proxy address could not be found.",
|
2012-10-07 06:25:25 +02:00
|
|
|
fmt_addrport(&TO_CONN(conn)->addr, TO_CONN(conn)->port));
|
2012-05-18 02:07:46 +02:00
|
|
|
}
|
|
|
|
|
2011-06-22 23:28:11 +02:00
|
|
|
connection_free(TO_CONN(conn));
|
|
|
|
return NULL;
|
2005-02-24 11:56:55 +01:00
|
|
|
}
|
|
|
|
|
2012-10-12 18:22:13 +02:00
|
|
|
switch (connection_connect(TO_CONN(conn), conn->base_.address,
|
2008-08-05 22:08:19 +02:00
|
|
|
&addr, port, &socket_error)) {
|
2003-09-16 03:58:46 +02:00
|
|
|
case -1:
|
2016-03-23 12:35:37 +01:00
|
|
|
/* We failed to establish a connection probably because of a local
|
|
|
|
* error. No need to blame the guard in this case. Notify the networking
|
|
|
|
* system of this failure. */
|
2008-09-09 08:25:39 +02:00
|
|
|
connection_or_connect_failed(conn,
|
|
|
|
errno_to_orconn_end_reason(socket_error),
|
|
|
|
tor_socket_strerror(socket_error));
|
2006-07-26 21:07:26 +02:00
|
|
|
connection_free(TO_CONN(conn));
|
Integrated onion proxy into or/
The 'or' process can now be told (by the global_role variable) what
roles this server should play -- connect to all ORs, listen for ORs,
listen for OPs, listen for APs, or any combination.
* everything in /src/op/ is now obsolete.
* connection_ap.c now handles all interactions with application proxies
* "port" is now or_port, op_port, ap_port. But routers are still always
referenced (say, in conn_get_by_addr_port()) by addr / or_port. We
should make routers.c actually read these new ports (currently I've
kludged it so op_port = or_port+10, ap_port=or_port+20)
* circuits currently know if they're at the beginning of the path because
circ->cpath is set. They use this instead for crypts (both ways),
if it's set.
* I still obey the "send a 0 back to the AP when you're ready" protocol,
but I think we should phase it out. I can simply not read from the AP
socket until I'm ready.
I need to do a lot of cleanup work here, but the code appears to work, so
now's a good time for a checkin.
svn:r22
2002-07-02 11:36:58 +02:00
|
|
|
return NULL;
|
2003-09-16 03:58:46 +02:00
|
|
|
case 0:
|
2009-06-04 20:49:16 +02:00
|
|
|
connection_watch_events(TO_CONN(conn), READ_EVENT | WRITE_EVENT);
|
2003-08-14 19:13:52 +02:00
|
|
|
/* writable indicates finish, readable indicates broken link,
|
|
|
|
error indicates broken link on windows */
|
Integrated onion proxy into or/
The 'or' process can now be told (by the global_role variable) what
roles this server should play -- connect to all ORs, listen for ORs,
listen for OPs, listen for APs, or any combination.
* everything in /src/op/ is now obsolete.
* connection_ap.c now handles all interactions with application proxies
* "port" is now or_port, op_port, ap_port. But routers are still always
referenced (say, in conn_get_by_addr_port()) by addr / or_port. We
should make routers.c actually read these new ports (currently I've
kludged it so op_port = or_port+10, ap_port=or_port+20)
* circuits currently know if they're at the beginning of the path because
circ->cpath is set. They use this instead for crypts (both ways),
if it's set.
* I still obey the "send a 0 back to the AP when you're ready" protocol,
but I think we should phase it out. I can simply not read from the AP
socket until I'm ready.
I need to do a lot of cleanup work here, but the code appears to work, so
now's a good time for a checkin.
svn:r22
2002-07-02 11:36:58 +02:00
|
|
|
return conn;
|
2003-09-16 03:58:46 +02:00
|
|
|
/* case 1: fall through */
|
Integrated onion proxy into or/
The 'or' process can now be told (by the global_role variable) what
roles this server should play -- connect to all ORs, listen for ORs,
listen for OPs, listen for APs, or any combination.
* everything in /src/op/ is now obsolete.
* connection_ap.c now handles all interactions with application proxies
* "port" is now or_port, op_port, ap_port. But routers are still always
referenced (say, in conn_get_by_addr_port()) by addr / or_port. We
should make routers.c actually read these new ports (currently I've
kludged it so op_port = or_port+10, ap_port=or_port+20)
* circuits currently know if they're at the beginning of the path because
circ->cpath is set. They use this instead for crypts (both ways),
if it's set.
* I still obey the "send a 0 back to the AP when you're ready" protocol,
but I think we should phase it out. I can simply not read from the AP
socket until I'm ready.
I need to do a lot of cleanup work here, but the code appears to work, so
now's a good time for a checkin.
svn:r22
2002-07-02 11:36:58 +02:00
|
|
|
}
|
|
|
|
|
2005-02-24 11:56:55 +01:00
|
|
|
if (connection_or_finished_connecting(conn) < 0) {
|
|
|
|
/* already marked for close */
|
|
|
|
return NULL;
|
|
|
|
}
|
|
|
|
return conn;
|
Integrated onion proxy into or/
The 'or' process can now be told (by the global_role variable) what
roles this server should play -- connect to all ORs, listen for ORs,
listen for OPs, listen for APs, or any combination.
* everything in /src/op/ is now obsolete.
* connection_ap.c now handles all interactions with application proxies
* "port" is now or_port, op_port, ap_port. But routers are still always
referenced (say, in conn_get_by_addr_port()) by addr / or_port. We
should make routers.c actually read these new ports (currently I've
kludged it so op_port = or_port+10, ap_port=or_port+20)
* circuits currently know if they're at the beginning of the path because
circ->cpath is set. They use this instead for crypts (both ways),
if it's set.
* I still obey the "send a 0 back to the AP when you're ready" protocol,
but I think we should phase it out. I can simply not read from the AP
socket until I'm ready.
I need to do a lot of cleanup work here, but the code appears to work, so
now's a good time for a checkin.
svn:r22
2002-07-02 11:36:58 +02:00
|
|
|
}
|
|
|
|
|
2012-08-01 13:18:42 +02:00
|
|
|
/** Mark orconn for close and transition the associated channel, if any, to
|
|
|
|
* the closing state.
|
2013-09-23 18:37:26 +02:00
|
|
|
*
|
|
|
|
* It's safe to call this and connection_or_close_for_error() any time, and
|
|
|
|
* channel layer will treat it as a connection closing for reasons outside
|
|
|
|
* its control, like the remote end closing it. It can also be a local
|
|
|
|
* reason that's specific to connection_t/or_connection_t rather than
|
|
|
|
* the channel mechanism, such as expiration of old connections in
|
|
|
|
* run_connection_housekeeping(). If you want to close a channel_t
|
|
|
|
* from somewhere that logically works in terms of generic channels
|
|
|
|
* rather than connections, use channel_mark_for_close(); see also
|
|
|
|
* the comment on that function in channel.c.
|
2012-08-01 13:18:42 +02:00
|
|
|
*/
|
|
|
|
|
|
|
|
void
|
|
|
|
connection_or_close_normally(or_connection_t *orconn, int flush)
|
|
|
|
{
|
|
|
|
channel_t *chan = NULL;
|
|
|
|
|
|
|
|
tor_assert(orconn);
|
2012-11-09 23:06:54 +01:00
|
|
|
if (flush) connection_mark_and_flush_internal(TO_CONN(orconn));
|
|
|
|
else connection_mark_for_close_internal(TO_CONN(orconn));
|
2012-08-01 13:18:42 +02:00
|
|
|
if (orconn->chan) {
|
|
|
|
chan = TLS_CHAN_TO_BASE(orconn->chan);
|
|
|
|
/* Don't transition if we're already in closing, closed or error */
|
2014-11-23 20:42:46 +01:00
|
|
|
if (!CHANNEL_CONDEMNED(chan)) {
|
2012-08-01 13:18:42 +02:00
|
|
|
channel_close_from_lower_layer(chan);
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
/** Mark orconn for close and transition the associated channel, if any, to
|
|
|
|
* the error state.
|
|
|
|
*/
|
|
|
|
|
2014-10-08 21:39:34 +02:00
|
|
|
MOCK_IMPL(void,
|
|
|
|
connection_or_close_for_error,(or_connection_t *orconn, int flush))
|
2012-08-01 13:18:42 +02:00
|
|
|
{
|
|
|
|
channel_t *chan = NULL;
|
|
|
|
|
|
|
|
tor_assert(orconn);
|
2012-11-09 23:06:54 +01:00
|
|
|
if (flush) connection_mark_and_flush_internal(TO_CONN(orconn));
|
|
|
|
else connection_mark_for_close_internal(TO_CONN(orconn));
|
2012-08-01 13:18:42 +02:00
|
|
|
if (orconn->chan) {
|
|
|
|
chan = TLS_CHAN_TO_BASE(orconn->chan);
|
|
|
|
/* Don't transition if we're already in closing, closed or error */
|
2014-11-23 20:42:46 +01:00
|
|
|
if (!CHANNEL_CONDEMNED(chan)) {
|
2012-08-01 13:18:42 +02:00
|
|
|
channel_close_for_error(chan);
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2004-05-09 18:47:25 +02:00
|
|
|
/** Begin the tls handshake with <b>conn</b>. <b>receiving</b> is 0 if
|
|
|
|
* we initiated the connection, else it's 1.
|
2004-05-07 10:53:40 +02:00
|
|
|
*
|
2005-12-25 00:32:15 +01:00
|
|
|
* Assign a new tls object to conn->tls, begin reading on <b>conn</b>, and
|
|
|
|
* pass <b>conn</b> to connection_tls_continue_handshake().
|
2004-05-07 10:53:40 +02:00
|
|
|
*
|
2004-05-09 18:47:25 +02:00
|
|
|
* Return -1 if <b>conn</b> is broken, else return 0.
|
2004-05-07 10:53:40 +02:00
|
|
|
*/
|
2013-08-01 23:29:10 +02:00
|
|
|
MOCK_IMPL(int,
|
|
|
|
connection_tls_start_handshake,(or_connection_t *conn, int receiving))
|
2005-06-11 20:52:12 +02:00
|
|
|
{
|
2012-10-09 09:51:33 +02:00
|
|
|
channel_listener_t *chan_listener;
|
|
|
|
channel_t *chan;
|
2012-08-01 13:18:42 +02:00
|
|
|
|
|
|
|
/* Incoming connections will need a new channel passed to the
|
|
|
|
* channel_tls_listener */
|
|
|
|
if (receiving) {
|
|
|
|
/* It shouldn't already be set */
|
|
|
|
tor_assert(!(conn->chan));
|
|
|
|
chan_listener = channel_tls_get_listener();
|
|
|
|
if (!chan_listener) {
|
|
|
|
chan_listener = channel_tls_start_listener();
|
|
|
|
command_setup_listener(chan_listener);
|
|
|
|
}
|
|
|
|
chan = channel_tls_handle_incoming(conn);
|
2012-10-09 09:51:33 +02:00
|
|
|
channel_listener_queue_incoming(chan_listener, chan);
|
2012-08-01 13:18:42 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
connection_or_change_state(conn, OR_CONN_STATE_TLS_HANDSHAKING);
|
2009-08-14 20:34:16 +02:00
|
|
|
tor_assert(!conn->tls);
|
2012-10-12 18:22:13 +02:00
|
|
|
conn->tls = tor_tls_new(conn->base_.s, receiving);
|
2005-10-06 07:08:00 +02:00
|
|
|
if (!conn->tls) {
|
2006-02-13 10:02:35 +01:00
|
|
|
log_warn(LD_BUG,"tor_tls_new failed. Closing.");
|
2003-09-30 20:45:55 +02:00
|
|
|
return -1;
|
|
|
|
}
|
2011-12-20 19:17:58 +01:00
|
|
|
tor_tls_set_logged_address(conn->tls, // XXX client and relay?
|
2012-10-12 18:22:13 +02:00
|
|
|
escaped_safe_str(conn->base_.address));
|
2011-12-20 19:17:58 +01:00
|
|
|
|
2006-07-26 21:07:26 +02:00
|
|
|
connection_start_reading(TO_CONN(conn));
|
2012-11-02 19:22:21 +01:00
|
|
|
log_debug(LD_HANDSHAKE,"starting TLS handshake on fd "TOR_SOCKET_T_FORMAT,
|
|
|
|
conn->base_.s);
|
2006-10-31 20:17:07 +01:00
|
|
|
note_crypto_pk_op(receiving ? TLS_HANDSHAKE_S : TLS_HANDSHAKE_C);
|
|
|
|
|
2016-08-02 19:15:10 +02:00
|
|
|
if (connection_tls_continue_handshake(conn) < 0)
|
|
|
|
return -1;
|
|
|
|
|
2003-09-30 20:45:55 +02:00
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
|
2012-10-16 19:41:55 +02:00
|
|
|
/** Block all future attempts to renegotiate on 'conn' */
|
|
|
|
void
|
|
|
|
connection_or_block_renegotiation(or_connection_t *conn)
|
|
|
|
{
|
|
|
|
tor_tls_t *tls = conn->tls;
|
|
|
|
if (!tls)
|
|
|
|
return;
|
|
|
|
tor_tls_set_renegotiate_callback(tls, NULL, NULL);
|
|
|
|
tor_tls_block_renegotiation(tls);
|
|
|
|
}
|
|
|
|
|
2008-02-08 22:13:15 +01:00
|
|
|
/** Invoked on the server side from inside tor_tls_read() when the server
|
|
|
|
* gets a successful TLS renegotiation from the client. */
|
2007-12-01 09:47:13 +01:00
|
|
|
static void
|
|
|
|
connection_or_tls_renegotiated_cb(tor_tls_t *tls, void *_conn)
|
|
|
|
{
|
|
|
|
or_connection_t *conn = _conn;
|
2008-01-13 01:20:47 +01:00
|
|
|
(void)tls;
|
2007-12-01 09:47:13 +01:00
|
|
|
|
2011-12-07 01:49:21 +01:00
|
|
|
/* Don't invoke this again. */
|
2012-10-16 19:41:55 +02:00
|
|
|
connection_or_block_renegotiation(conn);
|
2011-12-07 01:49:21 +01:00
|
|
|
|
2008-01-13 01:20:47 +01:00
|
|
|
if (connection_tls_finish_handshake(conn) < 0) {
|
2008-02-05 22:39:46 +01:00
|
|
|
/* XXXX_TLS double-check that it's ok to do this from inside read. */
|
2008-02-06 22:53:13 +01:00
|
|
|
/* XXXX_TLS double-check that this verifies certificates. */
|
2012-08-01 13:18:42 +02:00
|
|
|
connection_or_close_for_error(conn, 0);
|
2008-01-13 01:20:47 +01:00
|
|
|
}
|
2007-12-01 09:47:13 +01:00
|
|
|
}
|
|
|
|
|
2004-05-09 18:47:25 +02:00
|
|
|
/** Move forward with the tls handshake. If it finishes, hand
|
|
|
|
* <b>conn</b> to connection_tls_finish_handshake().
|
2004-05-07 10:53:40 +02:00
|
|
|
*
|
2004-05-09 18:47:25 +02:00
|
|
|
* Return -1 if <b>conn</b> is broken, else return 0.
|
2004-05-07 10:53:40 +02:00
|
|
|
*/
|
2005-06-11 20:52:12 +02:00
|
|
|
int
|
2006-07-26 21:07:26 +02:00
|
|
|
connection_tls_continue_handshake(or_connection_t *conn)
|
2005-06-11 20:52:12 +02:00
|
|
|
{
|
2007-11-07 18:44:15 +01:00
|
|
|
int result;
|
2005-04-23 16:26:02 +02:00
|
|
|
check_no_tls_errors();
|
2015-10-07 16:04:12 +02:00
|
|
|
|
|
|
|
tor_assert(conn->base_.state == OR_CONN_STATE_TLS_HANDSHAKING);
|
|
|
|
// log_notice(LD_OR, "Continue handshake with %p", conn->tls);
|
|
|
|
result = tor_tls_handshake(conn->tls);
|
|
|
|
// log_notice(LD_OR, "Result: %d", result);
|
|
|
|
|
2007-11-07 18:44:15 +01:00
|
|
|
switch (result) {
|
2007-01-15 22:21:05 +01:00
|
|
|
CASE_TOR_TLS_ERROR_ANY:
|
2007-11-07 18:44:15 +01:00
|
|
|
log_info(LD_OR,"tls error [%s]. breaking connection.",
|
|
|
|
tor_tls_err_to_string(result));
|
2003-09-30 20:45:55 +02:00
|
|
|
return -1;
|
|
|
|
case TOR_TLS_DONE:
|
2007-12-05 17:11:33 +01:00
|
|
|
if (! tor_tls_used_v1_handshake(conn->tls)) {
|
2007-12-01 09:47:13 +01:00
|
|
|
if (!tor_tls_is_server(conn->tls)) {
|
2015-10-07 16:32:54 +02:00
|
|
|
tor_assert(conn->base_.state == OR_CONN_STATE_TLS_HANDSHAKING);
|
|
|
|
return connection_or_launch_v3_or_handshake(conn);
|
2007-12-01 09:47:13 +01:00
|
|
|
} else {
|
2015-10-07 16:32:54 +02:00
|
|
|
/* v2/v3 handshake, but we are not a client. */
|
2011-06-17 09:31:59 +02:00
|
|
|
log_debug(LD_OR, "Done with initial SSL handshake (server-side). "
|
2011-09-27 19:15:36 +02:00
|
|
|
"Expecting renegotiation or VERSIONS cell");
|
2011-12-07 01:49:20 +01:00
|
|
|
tor_tls_set_renegotiate_callback(conn->tls,
|
2011-12-07 01:49:19 +01:00
|
|
|
connection_or_tls_renegotiated_cb,
|
|
|
|
conn);
|
2012-08-01 13:18:42 +02:00
|
|
|
connection_or_change_state(conn,
|
|
|
|
OR_CONN_STATE_TLS_SERVER_RENEGOTIATING);
|
2008-01-13 01:20:47 +01:00
|
|
|
connection_stop_writing(TO_CONN(conn));
|
|
|
|
connection_start_reading(TO_CONN(conn));
|
|
|
|
return 0;
|
2007-12-01 09:47:13 +01:00
|
|
|
}
|
2007-12-01 09:09:48 +01:00
|
|
|
}
|
2015-11-25 15:12:50 +01:00
|
|
|
tor_assert(tor_tls_is_server(conn->tls));
|
2007-01-15 22:21:05 +01:00
|
|
|
return connection_tls_finish_handshake(conn);
|
2003-09-30 20:45:55 +02:00
|
|
|
case TOR_TLS_WANTWRITE:
|
2006-07-26 21:07:26 +02:00
|
|
|
connection_start_writing(TO_CONN(conn));
|
2006-02-13 10:02:35 +01:00
|
|
|
log_debug(LD_OR,"wanted write");
|
2003-09-30 20:45:55 +02:00
|
|
|
return 0;
|
|
|
|
case TOR_TLS_WANTREAD: /* handshaking conns are *always* reading */
|
2006-02-13 10:02:35 +01:00
|
|
|
log_debug(LD_OR,"wanted read");
|
2003-09-30 20:45:55 +02:00
|
|
|
return 0;
|
2007-01-15 22:21:05 +01:00
|
|
|
case TOR_TLS_CLOSE:
|
|
|
|
log_info(LD_OR,"tls closed. breaking connection.");
|
|
|
|
return -1;
|
2003-09-30 20:45:55 +02:00
|
|
|
}
|
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
|
2005-06-21 01:04:13 +02:00
|
|
|
/** Return 1 if we initiated this connection, or 0 if it started
|
|
|
|
* out as an incoming connection.
|
|
|
|
*/
|
2005-06-11 20:52:12 +02:00
|
|
|
int
|
2006-07-26 21:07:26 +02:00
|
|
|
connection_or_nonopen_was_started_here(or_connection_t *conn)
|
2004-10-13 22:05:57 +02:00
|
|
|
{
|
2012-03-16 14:40:44 +01:00
|
|
|
tor_assert(conn->base_.type == CONN_TYPE_OR ||
|
|
|
|
conn->base_.type == CONN_TYPE_EXT_OR);
|
2006-06-07 09:11:42 +02:00
|
|
|
if (!conn->tls)
|
|
|
|
return 1; /* it's still in proxy states or something */
|
2007-11-14 21:01:12 +01:00
|
|
|
if (conn->handshake_state)
|
|
|
|
return conn->handshake_state->started_here;
|
2006-06-07 09:11:42 +02:00
|
|
|
return !tor_tls_is_server(conn->tls);
|
2004-07-21 04:25:14 +02:00
|
|
|
}
|
|
|
|
|
2007-02-12 22:39:33 +01:00
|
|
|
/** <b>Conn</b> just completed its handshake. Return 0 if all is well, and
|
2016-01-26 03:45:01 +01:00
|
|
|
* return -1 if they are lying, broken, or otherwise something is wrong.
|
2004-05-07 10:53:40 +02:00
|
|
|
*
|
2007-02-12 22:39:33 +01:00
|
|
|
* If we initiated this connection (<b>started_here</b> is true), make sure
|
2009-12-18 12:55:05 +01:00
|
|
|
* the other side sent a correctly formed certificate. If I initiated the
|
2016-01-27 14:51:28 +01:00
|
|
|
* connection, make sure it's the right relay by checking the certificate.
|
2004-05-07 10:53:40 +02:00
|
|
|
*
|
2007-02-12 22:39:33 +01:00
|
|
|
* Otherwise (if we _didn't_ initiate this connection), it's okay for
|
|
|
|
* the certificate to be weird or absent.
|
|
|
|
*
|
|
|
|
* If we return 0, and the certificate is as expected, write a hash of the
|
2010-06-04 02:29:29 +02:00
|
|
|
* identity key into <b>digest_rcvd_out</b>, which must have DIGEST_LEN
|
|
|
|
* space in it.
|
|
|
|
* If the certificate is invalid or missing on an incoming connection,
|
|
|
|
* we return 0 and set <b>digest_rcvd_out</b> to DIGEST_LEN NUL bytes.
|
|
|
|
* (If we return -1, the contents of this buffer are undefined.)
|
2004-05-07 10:53:40 +02:00
|
|
|
*
|
2005-06-21 01:04:13 +02:00
|
|
|
* As side effects,
|
2006-07-04 05:19:59 +02:00
|
|
|
* 1) Set conn->circ_id_type according to tor-spec.txt.
|
2005-06-21 01:04:13 +02:00
|
|
|
* 2) If we're an authdirserver and we initiated the connection: drop all
|
|
|
|
* descriptors that claim to be on that IP/port but that aren't
|
2016-01-27 14:51:28 +01:00
|
|
|
* this relay; and note that this relay is reachable.
|
2010-06-04 02:29:29 +02:00
|
|
|
* 3) If this is a bridge and we didn't configure its identity
|
|
|
|
* fingerprint, remember the keyid we just learned.
|
2004-05-07 10:53:40 +02:00
|
|
|
*/
|
2005-06-21 03:08:01 +02:00
|
|
|
static int
|
2007-11-06 19:00:07 +01:00
|
|
|
connection_or_check_valid_tls_handshake(or_connection_t *conn,
|
|
|
|
int started_here,
|
|
|
|
char *digest_rcvd_out)
|
2005-06-21 03:08:01 +02:00
|
|
|
{
|
2012-01-18 21:53:30 +01:00
|
|
|
crypto_pk_t *identity_rcvd=NULL;
|
2011-06-14 19:01:38 +02:00
|
|
|
const or_options_t *options = get_options();
|
2005-10-17 03:29:28 +02:00
|
|
|
int severity = server_mode(options) ? LOG_PROTOCOL_WARN : LOG_WARN;
|
2007-01-23 20:22:49 +01:00
|
|
|
const char *safe_address =
|
2012-10-12 18:22:13 +02:00
|
|
|
started_here ? conn->base_.address :
|
|
|
|
safe_str_client(conn->base_.address);
|
2007-02-12 22:39:33 +01:00
|
|
|
const char *conn_type = started_here ? "outgoing" : "incoming";
|
2011-09-27 19:15:36 +02:00
|
|
|
int has_cert = 0;
|
2003-09-30 20:45:55 +02:00
|
|
|
|
2005-04-23 16:26:02 +02:00
|
|
|
check_no_tls_errors();
|
2007-02-12 22:39:33 +01:00
|
|
|
has_cert = tor_tls_peer_has_cert(conn->tls);
|
|
|
|
if (started_here && !has_cert) {
|
2009-09-24 18:31:22 +02:00
|
|
|
log_info(LD_HANDSHAKE,"Tried connecting to router at %s:%d, but it didn't "
|
2007-02-12 22:39:33 +01:00
|
|
|
"send a cert! Closing.",
|
2012-10-12 18:22:13 +02:00
|
|
|
safe_address, conn->base_.port);
|
2003-11-18 08:25:04 +01:00
|
|
|
return -1;
|
2007-02-12 22:39:33 +01:00
|
|
|
} else if (!has_cert) {
|
2009-09-24 18:31:22 +02:00
|
|
|
log_debug(LD_HANDSHAKE,"Got incoming connection with no certificate. "
|
2007-02-12 22:39:33 +01:00
|
|
|
"That's ok.");
|
2003-11-18 08:25:04 +01:00
|
|
|
}
|
2005-04-23 16:26:02 +02:00
|
|
|
check_no_tls_errors();
|
2004-07-21 04:25:14 +02:00
|
|
|
|
2007-12-01 09:09:48 +01:00
|
|
|
if (has_cert) {
|
2008-02-12 21:20:52 +01:00
|
|
|
int v = tor_tls_verify(started_here?severity:LOG_INFO,
|
|
|
|
conn->tls, &identity_rcvd);
|
2007-12-01 09:09:48 +01:00
|
|
|
if (started_here && v<0) {
|
2009-09-24 18:31:22 +02:00
|
|
|
log_fn(severity,LD_HANDSHAKE,"Tried connecting to router at %s:%d: It"
|
2007-12-01 09:09:48 +01:00
|
|
|
" has a cert but it's invalid. Closing.",
|
2012-10-12 18:22:13 +02:00
|
|
|
safe_address, conn->base_.port);
|
2007-11-14 21:01:12 +01:00
|
|
|
return -1;
|
2007-12-01 09:09:48 +01:00
|
|
|
} else if (v<0) {
|
2009-09-24 18:31:22 +02:00
|
|
|
log_info(LD_HANDSHAKE,"Incoming connection gave us an invalid cert "
|
2007-12-01 09:09:48 +01:00
|
|
|
"chain; ignoring.");
|
|
|
|
} else {
|
2009-09-24 18:31:22 +02:00
|
|
|
log_debug(LD_HANDSHAKE,
|
|
|
|
"The certificate seems to be valid on %s connection "
|
2012-10-12 18:22:13 +02:00
|
|
|
"with %s:%d", conn_type, safe_address, conn->base_.port);
|
2007-02-12 22:39:33 +01:00
|
|
|
}
|
2007-12-01 09:09:48 +01:00
|
|
|
check_no_tls_errors();
|
2003-11-18 08:25:04 +01:00
|
|
|
}
|
2004-07-21 04:25:14 +02:00
|
|
|
|
2007-02-12 22:39:33 +01:00
|
|
|
if (identity_rcvd) {
|
2007-11-06 19:00:07 +01:00
|
|
|
crypto_pk_get_digest(identity_rcvd, digest_rcvd_out);
|
2004-11-10 21:14:37 +01:00
|
|
|
} else {
|
2007-11-06 19:00:07 +01:00
|
|
|
memset(digest_rcvd_out, 0, DIGEST_LEN);
|
2004-07-21 02:44:04 +02:00
|
|
|
}
|
2004-04-25 00:17:50 +02:00
|
|
|
|
2012-08-01 13:18:42 +02:00
|
|
|
tor_assert(conn->chan);
|
2012-11-07 03:33:53 +01:00
|
|
|
channel_set_circid_type(TLS_CHAN_TO_BASE(conn->chan), identity_rcvd, 1);
|
|
|
|
|
2012-01-18 21:53:30 +01:00
|
|
|
crypto_pk_free(identity_rcvd);
|
2011-09-27 19:15:36 +02:00
|
|
|
|
|
|
|
if (started_here)
|
|
|
|
return connection_or_client_learned_peer_id(conn,
|
|
|
|
(const uint8_t*)digest_rcvd_out);
|
|
|
|
|
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
|
|
|
|
/** Called when we (as a connection initiator) have definitively,
|
|
|
|
* authenticatedly, learned that ID of the Tor instance on the other
|
|
|
|
* side of <b>conn</b> is <b>peer_id</b>. For v1 and v2 handshakes,
|
|
|
|
* this is right after we get a certificate chain in a TLS handshake
|
|
|
|
* or renegotiation. For v3 handshakes, this is right after we get a
|
2011-10-31 09:33:38 +01:00
|
|
|
* certificate chain in a CERTS cell.
|
2011-09-27 19:15:36 +02:00
|
|
|
*
|
2016-06-28 06:12:18 +02:00
|
|
|
* If we did not know the ID before, record the one we got.
|
2011-09-27 19:15:36 +02:00
|
|
|
*
|
2016-06-28 06:12:18 +02:00
|
|
|
* If we wanted an ID, but we didn't get the one we expected, log a message
|
|
|
|
* and return -1.
|
|
|
|
* On relays:
|
|
|
|
* - log a protocol warning whenever the fingerprints don't match;
|
|
|
|
* On clients:
|
|
|
|
* - if a relay's fingerprint doesn't match, log a warning;
|
2016-06-28 06:15:11 +02:00
|
|
|
* - if we don't have updated relay fingerprints from a recent consensus, and
|
|
|
|
* a fallback directory mirror's hard-coded fingerprint has changed, log an
|
|
|
|
* info explaining that we will try another fallback.
|
2011-09-27 19:15:36 +02:00
|
|
|
*
|
|
|
|
* If we're testing reachability, remember what we learned.
|
|
|
|
*
|
|
|
|
* Return 0 on success, -1 on failure.
|
|
|
|
*/
|
|
|
|
int
|
|
|
|
connection_or_client_learned_peer_id(or_connection_t *conn,
|
|
|
|
const uint8_t *peer_id)
|
|
|
|
{
|
|
|
|
const or_options_t *options = get_options();
|
|
|
|
|
|
|
|
if (tor_digest_is_zero(conn->identity_digest)) {
|
|
|
|
connection_or_set_identity_digest(conn, (const char*)peer_id);
|
2007-11-03 15:44:53 +01:00
|
|
|
tor_free(conn->nickname);
|
2007-06-15 08:01:04 +02:00
|
|
|
conn->nickname = tor_malloc(HEX_DIGEST_LEN+2);
|
|
|
|
conn->nickname[0] = '$';
|
|
|
|
base16_encode(conn->nickname+1, HEX_DIGEST_LEN+1,
|
|
|
|
conn->identity_digest, DIGEST_LEN);
|
2009-09-24 18:31:22 +02:00
|
|
|
log_info(LD_HANDSHAKE, "Connected to router %s at %s:%d without knowing "
|
2007-06-15 08:01:04 +02:00
|
|
|
"its key. Hoping for the best.",
|
2012-10-12 18:22:13 +02:00
|
|
|
conn->nickname, conn->base_.address, conn->base_.port);
|
2010-06-04 02:29:29 +02:00
|
|
|
/* if it's a bridge and we didn't know its identity fingerprint, now
|
|
|
|
* we do -- remember it for future attempts. */
|
2012-10-12 18:22:13 +02:00
|
|
|
learned_router_identity(&conn->base_.addr, conn->base_.port,
|
2011-09-27 19:15:36 +02:00
|
|
|
(const char*)peer_id);
|
2007-06-15 08:01:04 +02:00
|
|
|
}
|
|
|
|
|
2011-09-27 19:15:36 +02:00
|
|
|
if (tor_memneq(peer_id, conn->identity_digest, DIGEST_LEN)) {
|
|
|
|
/* I was aiming for a particular digest. I didn't get it! */
|
|
|
|
char seen[HEX_DIGEST_LEN+1];
|
|
|
|
char expected[HEX_DIGEST_LEN+1];
|
|
|
|
base16_encode(seen, sizeof(seen), (const char*)peer_id, DIGEST_LEN);
|
|
|
|
base16_encode(expected, sizeof(expected), conn->identity_digest,
|
|
|
|
DIGEST_LEN);
|
2016-06-28 06:15:11 +02:00
|
|
|
const int using_hardcoded_fingerprints =
|
|
|
|
!networkstatus_get_reasonably_live_consensus(time(NULL),
|
|
|
|
usable_consensus_flavor());
|
|
|
|
const int is_fallback_fingerprint = router_digest_is_fallback_dir(
|
|
|
|
conn->identity_digest);
|
|
|
|
const int is_authority_fingerprint = router_digest_is_trusted_dir(
|
2016-06-28 17:14:42 +02:00
|
|
|
conn->identity_digest);
|
2016-06-28 06:12:18 +02:00
|
|
|
int severity;
|
2016-06-28 06:15:11 +02:00
|
|
|
const char *extra_log = "";
|
2016-06-28 06:12:18 +02:00
|
|
|
|
|
|
|
if (server_mode(options)) {
|
|
|
|
severity = LOG_PROTOCOL_WARN;
|
|
|
|
} else {
|
2016-06-28 06:15:11 +02:00
|
|
|
if (using_hardcoded_fingerprints) {
|
|
|
|
/* We need to do the checks in this order, because the list of
|
|
|
|
* fallbacks includes the list of authorities */
|
|
|
|
if (is_authority_fingerprint) {
|
|
|
|
severity = LOG_WARN;
|
|
|
|
} else if (is_fallback_fingerprint) {
|
|
|
|
/* we expect a small number of fallbacks to change from their
|
|
|
|
* hard-coded fingerprints over the life of a release */
|
|
|
|
severity = LOG_INFO;
|
|
|
|
extra_log = " Tor will try a different fallback.";
|
|
|
|
} else {
|
|
|
|
/* it's a bridge, it's either a misconfiguration, or unexpected */
|
|
|
|
severity = LOG_WARN;
|
|
|
|
}
|
|
|
|
} else {
|
|
|
|
/* a relay has changed its fingerprint from the one in the consensus */
|
|
|
|
severity = LOG_WARN;
|
|
|
|
}
|
2016-06-28 06:12:18 +02:00
|
|
|
}
|
|
|
|
|
2011-09-27 19:15:36 +02:00
|
|
|
log_fn(severity, LD_HANDSHAKE,
|
|
|
|
"Tried connecting to router at %s:%d, but identity key was not "
|
2016-06-28 06:15:11 +02:00
|
|
|
"as expected: wanted %s but got %s.%s",
|
|
|
|
conn->base_.address, conn->base_.port, expected, seen, extra_log);
|
2011-09-27 19:15:36 +02:00
|
|
|
entry_guard_register_connect_status(conn->identity_digest, 0, 1,
|
|
|
|
time(NULL));
|
|
|
|
control_event_or_conn_status(conn, OR_CONN_EVENT_FAILED,
|
|
|
|
END_OR_CONN_REASON_OR_IDENTITY);
|
|
|
|
if (!authdir_mode_tests_reachability(options))
|
2011-12-02 22:27:33 +01:00
|
|
|
control_event_bootstrap_problem(
|
|
|
|
"Unexpected identity in router certificate",
|
2014-03-10 23:52:07 +01:00
|
|
|
END_OR_CONN_REASON_OR_IDENTITY,
|
|
|
|
conn);
|
2012-03-29 22:37:50 +02:00
|
|
|
return -1;
|
2011-09-27 19:15:36 +02:00
|
|
|
}
|
|
|
|
if (authdir_mode_tests_reachability(options)) {
|
2012-10-12 18:22:13 +02:00
|
|
|
dirserv_orconn_tls_done(&conn->base_.addr, conn->base_.port,
|
2012-03-29 22:37:50 +02:00
|
|
|
(const char*)peer_id);
|
2005-06-21 01:04:13 +02:00
|
|
|
}
|
2011-09-27 19:15:36 +02:00
|
|
|
|
2005-06-21 01:04:13 +02:00
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
|
2012-08-01 13:18:42 +02:00
|
|
|
/** Return when a client used this, for connection.c, since client_used
|
|
|
|
* is now one of the timestamps of channel_t */
|
|
|
|
|
|
|
|
time_t
|
|
|
|
connection_or_client_used(or_connection_t *conn)
|
|
|
|
{
|
|
|
|
tor_assert(conn);
|
|
|
|
|
|
|
|
if (conn->chan) {
|
|
|
|
return channel_when_last_client(TLS_CHAN_TO_BASE(conn->chan));
|
|
|
|
} else return 0;
|
|
|
|
}
|
|
|
|
|
2011-09-27 19:15:36 +02:00
|
|
|
/** The v1/v2 TLS handshake is finished.
|
2005-06-21 01:04:13 +02:00
|
|
|
*
|
|
|
|
* Make sure we are happy with the person we just handshaked with.
|
|
|
|
*
|
2016-01-26 03:45:01 +01:00
|
|
|
* If they initiated the connection, make sure they're not already connected,
|
2005-06-21 01:04:13 +02:00
|
|
|
* then initialize conn from the information in router.
|
|
|
|
*
|
|
|
|
* If all is successful, call circuit_n_conn_done() to handle events
|
2007-01-23 20:22:49 +01:00
|
|
|
* that have been pending on the <tls handshake completion. Also set the
|
2005-06-21 01:04:13 +02:00
|
|
|
* directory to be dirty (only matters if I'm an authdirserver).
|
2011-09-27 19:15:36 +02:00
|
|
|
*
|
|
|
|
* If this is a v2 TLS handshake, send a versions cell.
|
2005-06-21 01:04:13 +02:00
|
|
|
*/
|
|
|
|
static int
|
2006-07-26 21:07:26 +02:00
|
|
|
connection_tls_finish_handshake(or_connection_t *conn)
|
2005-06-21 01:04:13 +02:00
|
|
|
{
|
|
|
|
char digest_rcvd[DIGEST_LEN];
|
2005-12-28 08:19:55 +01:00
|
|
|
int started_here = connection_or_nonopen_was_started_here(conn);
|
2005-06-21 01:04:13 +02:00
|
|
|
|
2015-10-07 16:32:54 +02:00
|
|
|
tor_assert(!started_here);
|
|
|
|
|
2012-11-28 19:31:17 +01:00
|
|
|
log_debug(LD_HANDSHAKE,"%s tls handshake on %p with %s done, using "
|
|
|
|
"ciphersuite %s. verifying.",
|
2010-10-11 19:45:27 +02:00
|
|
|
started_here?"outgoing":"incoming",
|
|
|
|
conn,
|
2012-11-28 19:31:17 +01:00
|
|
|
safe_str_client(conn->base_.address),
|
|
|
|
tor_tls_get_ciphersuite_name(conn->tls));
|
2004-04-25 00:17:50 +02:00
|
|
|
|
2008-01-13 01:20:47 +01:00
|
|
|
if (connection_or_check_valid_tls_handshake(conn, started_here,
|
|
|
|
digest_rcvd) < 0)
|
|
|
|
return -1;
|
|
|
|
|
2013-08-21 18:10:05 +02:00
|
|
|
circuit_build_times_network_is_live(get_circuit_build_times_mutable());
|
2009-09-01 03:10:27 +02:00
|
|
|
|
2007-10-30 22:46:02 +01:00
|
|
|
if (tor_tls_used_v1_handshake(conn->tls)) {
|
|
|
|
conn->link_proto = 1;
|
2015-10-07 16:10:08 +02:00
|
|
|
connection_or_init_conn_from_address(conn, &conn->base_.addr,
|
|
|
|
conn->base_.port, digest_rcvd, 0);
|
2011-12-07 01:49:21 +01:00
|
|
|
tor_tls_block_renegotiation(conn->tls);
|
2015-03-10 15:07:41 +01:00
|
|
|
rep_hist_note_negotiated_link_proto(1, started_here);
|
2007-10-30 22:46:02 +01:00
|
|
|
return connection_or_set_state_open(conn);
|
|
|
|
} else {
|
2012-08-01 13:18:42 +02:00
|
|
|
connection_or_change_state(conn, OR_CONN_STATE_OR_HANDSHAKING_V2);
|
2007-11-05 19:15:50 +01:00
|
|
|
if (connection_init_or_handshake_state(conn, started_here) < 0)
|
2007-11-05 19:15:47 +01:00
|
|
|
return -1;
|
2015-10-07 16:32:54 +02:00
|
|
|
connection_or_init_conn_from_address(conn, &conn->base_.addr,
|
|
|
|
conn->base_.port, digest_rcvd, 0);
|
2011-09-27 19:15:36 +02:00
|
|
|
return connection_or_send_versions(conn, 0);
|
2007-10-30 22:46:02 +01:00
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2011-09-27 19:15:36 +02:00
|
|
|
/**
|
|
|
|
* Called as client when initial TLS handshake is done, and we notice
|
|
|
|
* that we got a v3-handshake signalling certificate from the server.
|
|
|
|
* Set up structures, do bookkeeping, and send the versions cell.
|
|
|
|
* Return 0 on success and -1 on failure.
|
|
|
|
*/
|
|
|
|
static int
|
|
|
|
connection_or_launch_v3_or_handshake(or_connection_t *conn)
|
|
|
|
{
|
|
|
|
tor_assert(connection_or_nonopen_was_started_here(conn));
|
|
|
|
|
2013-08-21 18:10:05 +02:00
|
|
|
circuit_build_times_network_is_live(get_circuit_build_times_mutable());
|
2011-09-27 19:15:36 +02:00
|
|
|
|
2012-08-01 13:18:42 +02:00
|
|
|
connection_or_change_state(conn, OR_CONN_STATE_OR_HANDSHAKING_V3);
|
2011-09-27 19:15:36 +02:00
|
|
|
if (connection_init_or_handshake_state(conn, 1) < 0)
|
|
|
|
return -1;
|
|
|
|
|
|
|
|
return connection_or_send_versions(conn, 1);
|
|
|
|
}
|
|
|
|
|
2008-02-11 02:09:24 +01:00
|
|
|
/** Allocate a new connection handshake state for the connection
|
|
|
|
* <b>conn</b>. Return 0 on success, -1 on failure. */
|
2011-09-27 19:15:36 +02:00
|
|
|
int
|
2007-11-05 19:15:50 +01:00
|
|
|
connection_init_or_handshake_state(or_connection_t *conn, int started_here)
|
|
|
|
{
|
|
|
|
or_handshake_state_t *s;
|
2011-10-27 02:19:25 +02:00
|
|
|
if (conn->handshake_state) {
|
|
|
|
log_warn(LD_BUG, "Duplicate call to connection_init_or_handshake_state!");
|
|
|
|
return 0;
|
|
|
|
}
|
2007-11-05 19:15:50 +01:00
|
|
|
s = conn->handshake_state = tor_malloc_zero(sizeof(or_handshake_state_t));
|
|
|
|
s->started_here = started_here ? 1 : 0;
|
2011-09-28 16:31:56 +02:00
|
|
|
s->digest_sent_data = 1;
|
|
|
|
s->digest_received_data = 1;
|
2007-11-05 19:15:50 +01:00
|
|
|
return 0;
|
|
|
|
}
|
2007-11-05 19:15:47 +01:00
|
|
|
|
2008-02-11 02:09:24 +01:00
|
|
|
/** Free all storage held by <b>state</b>. */
|
2007-11-05 19:15:44 +01:00
|
|
|
void
|
|
|
|
or_handshake_state_free(or_handshake_state_t *state)
|
|
|
|
{
|
2009-09-28 16:37:01 +02:00
|
|
|
if (!state)
|
|
|
|
return;
|
2012-01-18 21:53:30 +01:00
|
|
|
crypto_digest_free(state->digest_sent);
|
|
|
|
crypto_digest_free(state->digest_received);
|
2014-09-30 14:31:08 +02:00
|
|
|
tor_x509_cert_free(state->auth_cert);
|
|
|
|
tor_x509_cert_free(state->id_cert);
|
2012-11-07 22:09:58 +01:00
|
|
|
memwipe(state, 0xBE, sizeof(or_handshake_state_t));
|
2007-11-05 19:15:44 +01:00
|
|
|
tor_free(state);
|
|
|
|
}
|
|
|
|
|
2011-09-17 00:32:11 +02:00
|
|
|
/**
|
|
|
|
* Remember that <b>cell</b> has been transmitted (if <b>incoming</b> is
|
2012-06-05 01:56:16 +02:00
|
|
|
* false) or received (if <b>incoming</b> is true) during a V3 handshake using
|
2011-09-17 00:32:11 +02:00
|
|
|
* <b>state</b>.
|
|
|
|
*
|
|
|
|
* (We don't record the cell, but we keep a digest of everything sent or
|
|
|
|
* received during the v3 handshake, and the client signs it in an
|
|
|
|
* authenticate cell.)
|
|
|
|
*/
|
|
|
|
void
|
2012-11-07 01:56:47 +01:00
|
|
|
or_handshake_state_record_cell(or_connection_t *conn,
|
|
|
|
or_handshake_state_t *state,
|
2011-09-17 00:32:11 +02:00
|
|
|
const cell_t *cell,
|
|
|
|
int incoming)
|
|
|
|
{
|
2013-02-09 06:56:53 +01:00
|
|
|
size_t cell_network_size = get_cell_network_size(conn->wide_circ_ids);
|
2012-01-18 21:53:30 +01:00
|
|
|
crypto_digest_t *d, **dptr;
|
2011-09-17 00:32:11 +02:00
|
|
|
packed_cell_t packed;
|
2011-09-28 16:31:56 +02:00
|
|
|
if (incoming) {
|
|
|
|
if (!state->digest_received_data)
|
|
|
|
return;
|
|
|
|
} else {
|
|
|
|
if (!state->digest_sent_data)
|
|
|
|
return;
|
|
|
|
}
|
2011-09-17 00:32:11 +02:00
|
|
|
if (!incoming) {
|
|
|
|
log_warn(LD_BUG, "We shouldn't be sending any non-variable-length cells "
|
2011-09-27 20:39:57 +02:00
|
|
|
"while making a handshake digest. But we think we are sending "
|
|
|
|
"one with type %d.", (int)cell->command);
|
2011-09-17 00:32:11 +02:00
|
|
|
}
|
|
|
|
dptr = incoming ? &state->digest_received : &state->digest_sent;
|
|
|
|
if (! *dptr)
|
2012-01-18 21:53:30 +01:00
|
|
|
*dptr = crypto_digest256_new(DIGEST_SHA256);
|
2011-09-17 00:32:11 +02:00
|
|
|
|
|
|
|
d = *dptr;
|
|
|
|
/* Re-packing like this is a little inefficient, but we don't have to do
|
|
|
|
this very often at all. */
|
2012-11-07 01:56:47 +01:00
|
|
|
cell_pack(&packed, cell, conn->wide_circ_ids);
|
|
|
|
crypto_digest_add_bytes(d, packed.body, cell_network_size);
|
2012-11-07 22:09:58 +01:00
|
|
|
memwipe(&packed, 0, sizeof(packed));
|
2011-09-17 00:32:11 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
/** Remember that a variable-length <b>cell</b> has been transmitted (if
|
2012-06-05 01:56:16 +02:00
|
|
|
* <b>incoming</b> is false) or received (if <b>incoming</b> is true) during a
|
|
|
|
* V3 handshake using <b>state</b>.
|
2011-09-17 00:32:11 +02:00
|
|
|
*
|
|
|
|
* (We don't record the cell, but we keep a digest of everything sent or
|
|
|
|
* received during the v3 handshake, and the client signs it in an
|
|
|
|
* authenticate cell.)
|
|
|
|
*/
|
|
|
|
void
|
2012-11-07 01:56:47 +01:00
|
|
|
or_handshake_state_record_var_cell(or_connection_t *conn,
|
|
|
|
or_handshake_state_t *state,
|
2011-09-17 00:32:11 +02:00
|
|
|
const var_cell_t *cell,
|
|
|
|
int incoming)
|
|
|
|
{
|
2012-01-18 21:53:30 +01:00
|
|
|
crypto_digest_t *d, **dptr;
|
2012-11-07 01:56:47 +01:00
|
|
|
int n;
|
|
|
|
char buf[VAR_CELL_MAX_HEADER_SIZE];
|
2011-09-28 16:31:56 +02:00
|
|
|
if (incoming) {
|
|
|
|
if (!state->digest_received_data)
|
|
|
|
return;
|
|
|
|
} else {
|
|
|
|
if (!state->digest_sent_data)
|
|
|
|
return;
|
|
|
|
}
|
2011-09-17 00:32:11 +02:00
|
|
|
dptr = incoming ? &state->digest_received : &state->digest_sent;
|
|
|
|
if (! *dptr)
|
2012-01-18 21:53:30 +01:00
|
|
|
*dptr = crypto_digest256_new(DIGEST_SHA256);
|
2011-09-17 00:32:11 +02:00
|
|
|
|
|
|
|
d = *dptr;
|
|
|
|
|
2012-11-07 01:56:47 +01:00
|
|
|
n = var_cell_pack_header(cell, buf, conn->wide_circ_ids);
|
|
|
|
crypto_digest_add_bytes(d, buf, n);
|
2011-09-17 00:32:11 +02:00
|
|
|
crypto_digest_add_bytes(d, (const char *)cell->payload, cell->payload_len);
|
|
|
|
|
2012-11-07 22:09:58 +01:00
|
|
|
memwipe(buf, 0, sizeof(buf));
|
2011-09-17 00:32:11 +02:00
|
|
|
}
|
|
|
|
|
2008-02-11 02:09:24 +01:00
|
|
|
/** Set <b>conn</b>'s state to OR_CONN_STATE_OPEN, and tell other subsystems
|
|
|
|
* as appropriate. Called when we are done with all TLS and OR handshaking.
|
|
|
|
*/
|
2007-10-30 22:46:02 +01:00
|
|
|
int
|
|
|
|
connection_or_set_state_open(or_connection_t *conn)
|
|
|
|
{
|
2012-08-01 13:18:42 +02:00
|
|
|
connection_or_change_state(conn, OR_CONN_STATE_OPEN);
|
2007-01-15 22:13:37 +01:00
|
|
|
control_event_or_conn_status(conn, OR_CONN_EVENT_CONNECTED, 0);
|
2007-10-30 22:46:02 +01:00
|
|
|
|
2009-12-12 08:07:59 +01:00
|
|
|
or_handshake_state_free(conn->handshake_state);
|
|
|
|
conn->handshake_state = NULL;
|
2016-08-02 19:15:10 +02:00
|
|
|
connection_start_reading(TO_CONN(conn));
|
2009-12-12 08:07:59 +01:00
|
|
|
|
2003-09-30 20:45:55 +02:00
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
|
2007-03-26 16:08:35 +02:00
|
|
|
/** Pack <b>cell</b> into wire-format, and write it onto <b>conn</b>'s outbuf.
|
|
|
|
* For cells that use or affect a circuit, this should only be called by
|
2008-01-19 21:00:53 +01:00
|
|
|
* connection_or_flush_from_first_active_circuit().
|
2004-05-13 00:56:26 +02:00
|
|
|
*/
|
2005-06-11 20:52:12 +02:00
|
|
|
void
|
2006-07-26 21:07:26 +02:00
|
|
|
connection_or_write_cell_to_buf(const cell_t *cell, or_connection_t *conn)
|
2005-06-11 20:52:12 +02:00
|
|
|
{
|
2007-04-10 01:15:46 +02:00
|
|
|
packed_cell_t networkcell;
|
2013-02-09 06:56:53 +01:00
|
|
|
size_t cell_network_size = get_cell_network_size(conn->wide_circ_ids);
|
2003-09-13 00:45:31 +02:00
|
|
|
|
2004-10-17 00:14:52 +02:00
|
|
|
tor_assert(cell);
|
|
|
|
tor_assert(conn);
|
2003-10-09 20:45:14 +02:00
|
|
|
|
2012-11-07 01:56:47 +01:00
|
|
|
cell_pack(&networkcell, cell, conn->wide_circ_ids);
|
2003-12-17 22:09:31 +01:00
|
|
|
|
2012-11-07 01:56:47 +01:00
|
|
|
connection_write_to_buf(networkcell.body, cell_network_size, TO_CONN(conn));
|
2007-11-08 17:19:07 +01:00
|
|
|
|
2012-08-01 13:18:42 +02:00
|
|
|
/* Touch the channel's active timestamp if there is one */
|
|
|
|
if (conn->chan)
|
|
|
|
channel_timestamp_active(TLS_CHAN_TO_BASE(conn->chan));
|
|
|
|
|
2012-10-12 18:22:13 +02:00
|
|
|
if (conn->base_.state == OR_CONN_STATE_OR_HANDSHAKING_V3)
|
2012-11-07 01:56:47 +01:00
|
|
|
or_handshake_state_record_cell(conn, conn->handshake_state, cell, 0);
|
2003-09-13 00:45:31 +02:00
|
|
|
}
|
|
|
|
|
2008-02-08 22:13:15 +01:00
|
|
|
/** Pack a variable-length <b>cell</b> into wire-format, and write it onto
|
|
|
|
* <b>conn</b>'s outbuf. Right now, this <em>DOES NOT</em> support cells that
|
|
|
|
* affect a circuit.
|
|
|
|
*/
|
2014-10-08 21:39:34 +02:00
|
|
|
MOCK_IMPL(void,
|
|
|
|
connection_or_write_var_cell_to_buf,(const var_cell_t *cell,
|
|
|
|
or_connection_t *conn))
|
2007-11-06 00:34:39 +01:00
|
|
|
{
|
2012-11-07 01:56:47 +01:00
|
|
|
int n;
|
|
|
|
char hdr[VAR_CELL_MAX_HEADER_SIZE];
|
2007-11-06 00:34:39 +01:00
|
|
|
tor_assert(cell);
|
|
|
|
tor_assert(conn);
|
2012-11-07 01:56:47 +01:00
|
|
|
n = var_cell_pack_header(cell, hdr, conn->wide_circ_ids);
|
|
|
|
connection_write_to_buf(hdr, n, TO_CONN(conn));
|
2010-12-14 01:34:01 +01:00
|
|
|
connection_write_to_buf((char*)cell->payload,
|
|
|
|
cell->payload_len, TO_CONN(conn));
|
2012-10-12 18:22:13 +02:00
|
|
|
if (conn->base_.state == OR_CONN_STATE_OR_HANDSHAKING_V3)
|
2012-11-07 01:56:47 +01:00
|
|
|
or_handshake_state_record_var_cell(conn, conn->handshake_state, cell, 0);
|
2012-08-01 13:18:42 +02:00
|
|
|
|
|
|
|
/* Touch the channel's active timestamp if there is one */
|
|
|
|
if (conn->chan)
|
|
|
|
channel_timestamp_active(TLS_CHAN_TO_BASE(conn->chan));
|
2007-11-06 00:34:39 +01:00
|
|
|
}
|
|
|
|
|
2009-08-09 20:40:28 +02:00
|
|
|
/** See whether there's a variable-length cell waiting on <b>or_conn</b>'s
|
2008-02-08 22:13:15 +01:00
|
|
|
* inbuf. Return values as for fetch_var_cell_from_buf(). */
|
2007-11-05 22:46:35 +01:00
|
|
|
static int
|
2009-08-09 20:40:28 +02:00
|
|
|
connection_fetch_var_cell_from_buf(or_connection_t *or_conn, var_cell_t **out)
|
2007-11-05 22:46:35 +01:00
|
|
|
{
|
2009-08-09 20:40:28 +02:00
|
|
|
connection_t *conn = TO_CONN(or_conn);
|
2016-08-02 19:15:10 +02:00
|
|
|
return fetch_var_cell_from_buf(conn->inbuf, out, or_conn->link_proto);
|
2007-11-05 22:46:35 +01:00
|
|
|
}
|
|
|
|
|
2004-05-09 18:47:25 +02:00
|
|
|
/** Process cells from <b>conn</b>'s inbuf.
|
|
|
|
*
|
|
|
|
* Loop: while inbuf contains a cell, pull it off the inbuf, unpack it,
|
|
|
|
* and hand it to command_process_cell().
|
|
|
|
*
|
2004-05-07 10:53:40 +02:00
|
|
|
* Always return 0.
|
|
|
|
*/
|
2005-06-11 20:52:12 +02:00
|
|
|
static int
|
2006-07-26 21:07:26 +02:00
|
|
|
connection_or_process_cells_from_inbuf(or_connection_t *conn)
|
2005-06-11 20:52:12 +02:00
|
|
|
{
|
2007-11-05 22:46:35 +01:00
|
|
|
var_cell_t *var_cell;
|
|
|
|
|
2016-03-15 08:40:19 +01:00
|
|
|
/*
|
|
|
|
* Note on memory management for incoming cells: below the channel layer,
|
|
|
|
* we shouldn't need to consider its internal queueing/copying logic. It
|
|
|
|
* is safe to pass cells to it on the stack or on the heap, but in the
|
|
|
|
* latter case we must be sure we free them later.
|
|
|
|
*
|
|
|
|
* The incoming cell queue code in channel.c will (in the common case)
|
|
|
|
* decide it can pass them to the upper layer immediately, in which case
|
|
|
|
* those functions may run directly on the cell pointers we pass here, or
|
|
|
|
* it may decide to queue them, in which case it will allocate its own
|
|
|
|
* buffer and copy the cell.
|
|
|
|
*/
|
|
|
|
|
2007-11-05 22:46:35 +01:00
|
|
|
while (1) {
|
|
|
|
log_debug(LD_OR,
|
2012-11-02 19:22:21 +01:00
|
|
|
TOR_SOCKET_T_FORMAT": starting, inbuf_datalen %d "
|
|
|
|
"(%d pending in tls object).",
|
2012-10-12 18:22:13 +02:00
|
|
|
conn->base_.s,(int)connection_get_inbuf_len(TO_CONN(conn)),
|
2007-11-05 22:46:35 +01:00
|
|
|
tor_tls_get_pending_bytes(conn->tls));
|
|
|
|
if (connection_fetch_var_cell_from_buf(conn, &var_cell)) {
|
|
|
|
if (!var_cell)
|
|
|
|
return 0; /* not yet. */
|
2012-08-01 13:18:42 +02:00
|
|
|
|
|
|
|
/* Touch the channel's active timestamp if there is one */
|
|
|
|
if (conn->chan)
|
|
|
|
channel_timestamp_active(TLS_CHAN_TO_BASE(conn->chan));
|
|
|
|
|
2013-08-21 18:10:05 +02:00
|
|
|
circuit_build_times_network_is_live(get_circuit_build_times_mutable());
|
2012-08-01 13:18:42 +02:00
|
|
|
channel_tls_handle_var_cell(var_cell, conn);
|
2007-11-05 22:46:35 +01:00
|
|
|
var_cell_free(var_cell);
|
|
|
|
} else {
|
2012-11-07 01:56:47 +01:00
|
|
|
const int wide_circ_ids = conn->wide_circ_ids;
|
2013-02-09 06:56:53 +01:00
|
|
|
size_t cell_network_size = get_cell_network_size(conn->wide_circ_ids);
|
2012-11-07 01:56:47 +01:00
|
|
|
char buf[CELL_MAX_NETWORK_SIZE];
|
2007-11-05 22:46:35 +01:00
|
|
|
cell_t cell;
|
2009-07-31 17:39:31 +02:00
|
|
|
if (connection_get_inbuf_len(TO_CONN(conn))
|
2012-11-07 01:56:47 +01:00
|
|
|
< cell_network_size) /* whole response available? */
|
2007-11-05 22:46:35 +01:00
|
|
|
return 0; /* not yet */
|
2003-12-17 22:09:31 +01:00
|
|
|
|
2012-08-01 13:18:42 +02:00
|
|
|
/* Touch the channel's active timestamp if there is one */
|
|
|
|
if (conn->chan)
|
|
|
|
channel_timestamp_active(TLS_CHAN_TO_BASE(conn->chan));
|
|
|
|
|
2013-08-21 18:10:05 +02:00
|
|
|
circuit_build_times_network_is_live(get_circuit_build_times_mutable());
|
2012-11-07 01:56:47 +01:00
|
|
|
connection_fetch_from_buf(buf, cell_network_size, TO_CONN(conn));
|
2003-12-17 22:09:31 +01:00
|
|
|
|
2007-11-05 22:46:35 +01:00
|
|
|
/* retrieve cell info from buf (create the host-order struct from the
|
|
|
|
* network-order string) */
|
2012-11-07 01:56:47 +01:00
|
|
|
cell_unpack(&cell, buf, wide_circ_ids);
|
2003-10-09 20:45:14 +02:00
|
|
|
|
2012-08-01 13:18:42 +02:00
|
|
|
channel_tls_handle_cell(&cell, conn);
|
2007-11-05 22:46:35 +01:00
|
|
|
}
|
|
|
|
}
|
2003-09-13 00:45:31 +02:00
|
|
|
}
|
2005-06-09 21:03:31 +02:00
|
|
|
|
2008-02-08 22:13:15 +01:00
|
|
|
/** Array of recognized link protocol versions. */
|
2012-11-07 01:56:47 +01:00
|
|
|
static const uint16_t or_protocol_versions[] = { 1, 2, 3, 4 };
|
2008-02-08 22:13:15 +01:00
|
|
|
/** Number of versions in <b>or_protocol_versions</b>. */
|
2008-01-13 01:20:47 +01:00
|
|
|
static const int n_or_protocol_versions =
|
2008-02-22 20:09:45 +01:00
|
|
|
(int)( sizeof(or_protocol_versions)/sizeof(uint16_t) );
|
2008-01-13 01:20:47 +01:00
|
|
|
|
2008-02-08 22:13:15 +01:00
|
|
|
/** Return true iff <b>v</b> is a link protocol version that this Tor
|
|
|
|
* implementation believes it can support. */
|
2008-01-13 01:20:47 +01:00
|
|
|
int
|
|
|
|
is_or_protocol_version_known(uint16_t v)
|
|
|
|
{
|
|
|
|
int i;
|
|
|
|
for (i = 0; i < n_or_protocol_versions; ++i) {
|
|
|
|
if (or_protocol_versions[i] == v)
|
|
|
|
return 1;
|
|
|
|
}
|
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
|
2008-02-08 22:13:15 +01:00
|
|
|
/** Send a VERSIONS cell on <b>conn</b>, telling the other host about the
|
2011-09-27 19:15:36 +02:00
|
|
|
* link protocol versions that this Tor can support.
|
|
|
|
*
|
|
|
|
* If <b>v3_plus</b>, this is part of a V3 protocol handshake, so only
|
|
|
|
* allow protocol version v3 or later. If not <b>v3_plus</b>, this is
|
|
|
|
* not part of a v3 protocol handshake, so don't allow protocol v3 or
|
|
|
|
* later.
|
|
|
|
**/
|
|
|
|
int
|
|
|
|
connection_or_send_versions(or_connection_t *conn, int v3_plus)
|
2007-10-30 19:31:30 +01:00
|
|
|
{
|
2007-11-06 00:34:39 +01:00
|
|
|
var_cell_t *cell;
|
2007-10-30 19:31:30 +01:00
|
|
|
int i;
|
2011-09-27 19:15:36 +02:00
|
|
|
int n_versions = 0;
|
|
|
|
const int min_version = v3_plus ? 3 : 0;
|
|
|
|
const int max_version = v3_plus ? UINT16_MAX : 2;
|
2007-11-05 19:15:44 +01:00
|
|
|
tor_assert(conn->handshake_state &&
|
|
|
|
!conn->handshake_state->sent_versions_at);
|
2008-01-13 01:20:47 +01:00
|
|
|
cell = var_cell_new(n_or_protocol_versions * 2);
|
2007-11-06 00:34:39 +01:00
|
|
|
cell->command = CELL_VERSIONS;
|
2008-01-13 01:20:47 +01:00
|
|
|
for (i = 0; i < n_or_protocol_versions; ++i) {
|
|
|
|
uint16_t v = or_protocol_versions[i];
|
2011-09-27 19:15:36 +02:00
|
|
|
if (v < min_version || v > max_version)
|
|
|
|
continue;
|
|
|
|
set_uint16(cell->payload+(2*n_versions), htons(v));
|
|
|
|
++n_versions;
|
2007-10-30 19:31:30 +01:00
|
|
|
}
|
2011-09-27 19:15:36 +02:00
|
|
|
cell->payload_len = n_versions * 2;
|
2007-10-30 19:31:30 +01:00
|
|
|
|
2007-11-06 00:34:39 +01:00
|
|
|
connection_or_write_var_cell_to_buf(cell, conn);
|
2007-11-05 19:15:44 +01:00
|
|
|
conn->handshake_state->sent_versions_at = time(NULL);
|
2007-10-30 22:46:02 +01:00
|
|
|
|
2007-11-06 00:55:43 +01:00
|
|
|
var_cell_free(cell);
|
2007-10-30 22:46:02 +01:00
|
|
|
return 0;
|
2007-10-30 19:31:30 +01:00
|
|
|
}
|
|
|
|
|
2008-02-08 22:13:15 +01:00
|
|
|
/** Send a NETINFO cell on <b>conn</b>, telling the other server what we know
|
|
|
|
* about their address, our address, and the current time. */
|
2014-10-08 21:39:34 +02:00
|
|
|
MOCK_IMPL(int,
|
|
|
|
connection_or_send_netinfo,(or_connection_t *conn))
|
2007-10-30 19:31:30 +01:00
|
|
|
{
|
|
|
|
cell_t cell;
|
|
|
|
time_t now = time(NULL);
|
2010-09-29 06:38:32 +02:00
|
|
|
const routerinfo_t *me;
|
2008-08-05 22:08:19 +02:00
|
|
|
int len;
|
2010-12-14 01:34:01 +01:00
|
|
|
uint8_t *out;
|
2007-10-30 19:31:30 +01:00
|
|
|
|
2011-09-28 16:31:56 +02:00
|
|
|
tor_assert(conn->handshake_state);
|
|
|
|
|
2013-08-20 20:52:56 +02:00
|
|
|
if (conn->handshake_state->sent_netinfo) {
|
|
|
|
log_warn(LD_BUG, "Attempted to send an extra netinfo cell on a connection "
|
|
|
|
"where we already sent one.");
|
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
|
2007-10-30 19:31:30 +01:00
|
|
|
memset(&cell, 0, sizeof(cell_t));
|
|
|
|
cell.command = CELL_NETINFO;
|
|
|
|
|
2013-09-21 14:52:27 +02:00
|
|
|
/* Timestamp, if we're a relay. */
|
|
|
|
if (public_server_mode(get_options()) || ! conn->is_outgoing)
|
|
|
|
set_uint32(cell.payload, htonl((uint32_t)now));
|
2008-08-05 22:08:19 +02:00
|
|
|
|
|
|
|
/* Their address. */
|
|
|
|
out = cell.payload + 4;
|
2011-11-16 14:07:10 +01:00
|
|
|
/* We use &conn->real_addr below, unless it hasn't yet been set. If it
|
2012-10-12 18:22:13 +02:00
|
|
|
* hasn't yet been set, we know that base_.addr hasn't been tampered with
|
2011-11-16 14:07:10 +01:00
|
|
|
* yet either. */
|
|
|
|
len = append_address_to_payload(out, !tor_addr_is_null(&conn->real_addr)
|
2012-10-12 18:22:13 +02:00
|
|
|
? &conn->real_addr : &conn->base_.addr);
|
2008-08-05 22:08:19 +02:00
|
|
|
if (len<0)
|
|
|
|
return -1;
|
|
|
|
out += len;
|
2007-10-30 19:31:30 +01:00
|
|
|
|
2011-10-30 02:43:23 +01:00
|
|
|
/* My address -- only include it if I'm a public relay, or if I'm a
|
|
|
|
* bridge and this is an incoming connection. If I'm a bridge and this
|
|
|
|
* is an outgoing connection, act like a normal client and omit it. */
|
|
|
|
if ((public_server_mode(get_options()) || !conn->is_outgoing) &&
|
|
|
|
(me = router_get_my_routerinfo())) {
|
2008-08-05 22:08:19 +02:00
|
|
|
tor_addr_t my_addr;
|
2012-08-14 14:03:58 +02:00
|
|
|
*out++ = 1 + !tor_addr_is_null(&me->ipv6_addr);
|
2008-08-05 22:08:19 +02:00
|
|
|
|
|
|
|
tor_addr_from_ipv4h(&my_addr, me->addr);
|
|
|
|
len = append_address_to_payload(out, &my_addr);
|
|
|
|
if (len < 0)
|
|
|
|
return -1;
|
2012-08-14 14:03:58 +02:00
|
|
|
out += len;
|
|
|
|
|
|
|
|
if (!tor_addr_is_null(&me->ipv6_addr)) {
|
|
|
|
len = append_address_to_payload(out, &me->ipv6_addr);
|
|
|
|
if (len < 0)
|
|
|
|
return -1;
|
|
|
|
}
|
2007-10-30 19:31:30 +01:00
|
|
|
} else {
|
2011-04-26 04:50:15 +02:00
|
|
|
*out = 0;
|
2007-10-30 19:31:30 +01:00
|
|
|
}
|
|
|
|
|
2011-09-28 16:31:56 +02:00
|
|
|
conn->handshake_state->digest_sent_data = 0;
|
2013-08-20 20:52:56 +02:00
|
|
|
conn->handshake_state->sent_netinfo = 1;
|
2007-10-30 19:31:30 +01:00
|
|
|
connection_or_write_cell_to_buf(&cell, conn);
|
|
|
|
|
2007-10-30 22:46:02 +01:00
|
|
|
return 0;
|
2007-10-30 19:31:30 +01:00
|
|
|
}
|
2007-10-31 21:48:10 +01:00
|
|
|
|
2011-10-31 09:33:38 +01:00
|
|
|
/** Send a CERTS cell on the connection <b>conn</b>. Return 0 on success, -1
|
2011-09-13 17:38:38 +02:00
|
|
|
* on failure. */
|
|
|
|
int
|
2011-10-31 09:33:38 +01:00
|
|
|
connection_or_send_certs_cell(or_connection_t *conn)
|
2011-09-13 17:38:38 +02:00
|
|
|
{
|
2014-09-30 14:31:08 +02:00
|
|
|
const tor_x509_cert_t *link_cert = NULL, *id_cert = NULL;
|
2011-09-13 17:38:38 +02:00
|
|
|
const uint8_t *link_encoded = NULL, *id_encoded = NULL;
|
|
|
|
size_t link_len, id_len;
|
|
|
|
var_cell_t *cell;
|
|
|
|
size_t cell_len;
|
2011-10-11 03:06:41 +02:00
|
|
|
ssize_t pos;
|
2011-09-13 17:38:38 +02:00
|
|
|
|
2012-10-12 18:22:13 +02:00
|
|
|
tor_assert(conn->base_.state == OR_CONN_STATE_OR_HANDSHAKING_V3);
|
2011-09-13 17:38:38 +02:00
|
|
|
|
|
|
|
if (! conn->handshake_state)
|
|
|
|
return -1;
|
2016-07-05 20:19:31 +02:00
|
|
|
const int conn_in_server_mode = ! conn->handshake_state->started_here;
|
|
|
|
if (tor_tls_get_my_certs(conn_in_server_mode, &link_cert, &id_cert) < 0)
|
2011-09-13 17:38:38 +02:00
|
|
|
return -1;
|
2014-09-30 14:31:08 +02:00
|
|
|
tor_x509_cert_get_der(link_cert, &link_encoded, &link_len);
|
|
|
|
tor_x509_cert_get_der(id_cert, &id_encoded, &id_len);
|
2011-09-13 17:38:38 +02:00
|
|
|
|
2011-10-11 17:30:01 +02:00
|
|
|
cell_len = 1 /* 1 byte: num certs in cell */ +
|
|
|
|
2 * ( 1 + 2 ) /* For each cert: 1 byte for type, 2 for length */ +
|
2011-09-13 17:38:38 +02:00
|
|
|
link_len + id_len;
|
|
|
|
cell = var_cell_new(cell_len);
|
2011-10-31 09:33:38 +01:00
|
|
|
cell->command = CELL_CERTS;
|
2011-09-13 17:38:38 +02:00
|
|
|
cell->payload[0] = 2;
|
|
|
|
pos = 1;
|
|
|
|
|
2016-07-05 20:19:31 +02:00
|
|
|
if (conn_in_server_mode)
|
2011-09-14 20:44:42 +02:00
|
|
|
cell->payload[pos] = OR_CERT_TYPE_TLS_LINK; /* Link cert */
|
|
|
|
else
|
|
|
|
cell->payload[pos] = OR_CERT_TYPE_AUTH_1024; /* client authentication */
|
2011-09-13 17:38:38 +02:00
|
|
|
set_uint16(&cell->payload[pos+1], htons(link_len));
|
|
|
|
memcpy(&cell->payload[pos+3], link_encoded, link_len);
|
|
|
|
pos += 3 + link_len;
|
|
|
|
|
|
|
|
cell->payload[pos] = OR_CERT_TYPE_ID_1024; /* ID cert */
|
|
|
|
set_uint16(&cell->payload[pos+1], htons(id_len));
|
|
|
|
memcpy(&cell->payload[pos+3], id_encoded, id_len);
|
|
|
|
pos += 3 + id_len;
|
|
|
|
|
|
|
|
tor_assert(pos == (int)cell_len); /* Otherwise we just smashed the heap */
|
|
|
|
|
|
|
|
connection_or_write_var_cell_to_buf(cell, conn);
|
|
|
|
var_cell_free(cell);
|
|
|
|
|
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
|
|
|
|
/** Send an AUTH_CHALLENGE cell on the connection <b>conn</b>. Return 0
|
|
|
|
* on success, -1 on failure. */
|
|
|
|
int
|
|
|
|
connection_or_send_auth_challenge_cell(or_connection_t *conn)
|
|
|
|
{
|
2014-10-17 23:06:31 +02:00
|
|
|
var_cell_t *cell = NULL;
|
|
|
|
int r = -1;
|
2012-10-12 18:22:13 +02:00
|
|
|
tor_assert(conn->base_.state == OR_CONN_STATE_OR_HANDSHAKING_V3);
|
2011-09-13 17:38:38 +02:00
|
|
|
|
|
|
|
if (! conn->handshake_state)
|
|
|
|
return -1;
|
|
|
|
|
2014-10-17 23:06:31 +02:00
|
|
|
auth_challenge_cell_t *ac = auth_challenge_cell_new();
|
|
|
|
|
2015-11-25 16:42:00 +01:00
|
|
|
crypto_rand((char*)ac->challenge, sizeof(ac->challenge));
|
2014-10-17 23:06:31 +02:00
|
|
|
|
|
|
|
auth_challenge_cell_add_methods(ac, AUTHTYPE_RSA_SHA256_TLSSECRET);
|
|
|
|
auth_challenge_cell_set_n_methods(ac,
|
|
|
|
auth_challenge_cell_getlen_methods(ac));
|
|
|
|
|
|
|
|
cell = var_cell_new(auth_challenge_cell_encoded_len(ac));
|
|
|
|
ssize_t len = auth_challenge_cell_encode(cell->payload, cell->payload_len,
|
|
|
|
ac);
|
|
|
|
if (len != cell->payload_len)
|
|
|
|
goto done;
|
2011-09-13 17:38:38 +02:00
|
|
|
cell->command = CELL_AUTH_CHALLENGE;
|
|
|
|
|
|
|
|
connection_or_write_var_cell_to_buf(cell, conn);
|
2014-10-17 23:06:31 +02:00
|
|
|
r = 0;
|
|
|
|
|
|
|
|
done:
|
2011-09-13 17:38:38 +02:00
|
|
|
var_cell_free(cell);
|
2014-10-17 23:06:31 +02:00
|
|
|
auth_challenge_cell_free(ac);
|
2011-09-13 17:38:38 +02:00
|
|
|
|
2014-10-17 23:06:31 +02:00
|
|
|
return r;
|
2011-09-13 17:38:38 +02:00
|
|
|
}
|
|
|
|
|
2011-09-14 20:44:42 +02:00
|
|
|
/** Compute the main body of an AUTHENTICATE cell that a client can use
|
|
|
|
* to authenticate itself on a v3 handshake for <b>conn</b>. Write it to the
|
|
|
|
* <b>outlen</b>-byte buffer at <b>out</b>.
|
|
|
|
*
|
|
|
|
* If <b>server</b> is true, only calculate the first
|
2011-09-13 22:24:49 +02:00
|
|
|
* V3_AUTH_FIXED_PART_LEN bytes -- the part of the authenticator that's
|
2011-09-14 20:44:42 +02:00
|
|
|
* determined by the rest of the handshake, and which match the provided value
|
|
|
|
* exactly.
|
|
|
|
*
|
|
|
|
* If <b>server</b> is false and <b>signing_key</b> is NULL, calculate the
|
2011-09-13 22:24:49 +02:00
|
|
|
* first V3_AUTH_BODY_LEN bytes of the authenticator (that is, everything
|
2011-09-14 20:44:42 +02:00
|
|
|
* that should be signed), but don't actually sign it.
|
|
|
|
*
|
|
|
|
* If <b>server</b> is false and <b>signing_key</b> is provided, calculate the
|
|
|
|
* entire authenticator, signed with <b>signing_key</b>.
|
2012-06-05 00:50:13 +02:00
|
|
|
*
|
|
|
|
* Return the length of the cell body on success, and -1 on failure.
|
2011-09-14 20:44:42 +02:00
|
|
|
*/
|
|
|
|
int
|
|
|
|
connection_or_compute_authenticate_cell_body(or_connection_t *conn,
|
|
|
|
uint8_t *out, size_t outlen,
|
2012-01-18 21:53:30 +01:00
|
|
|
crypto_pk_t *signing_key,
|
2011-09-14 20:44:42 +02:00
|
|
|
int server)
|
|
|
|
{
|
2014-10-17 23:06:31 +02:00
|
|
|
auth1_t *auth = NULL;
|
|
|
|
auth_ctx_t *ctx = auth_ctx_new();
|
|
|
|
int result;
|
2011-09-14 20:44:42 +02:00
|
|
|
|
|
|
|
/* assert state is reasonable XXXX */
|
|
|
|
|
2014-10-17 23:06:31 +02:00
|
|
|
ctx->is_ed = 0;
|
2011-09-14 20:44:42 +02:00
|
|
|
|
2014-10-17 23:06:31 +02:00
|
|
|
auth = auth1_new();
|
2011-09-14 20:44:42 +02:00
|
|
|
|
|
|
|
/* Type: 8 bytes. */
|
2014-10-17 23:06:31 +02:00
|
|
|
memcpy(auth1_getarray_type(auth), "AUTH0001", 8);
|
2011-09-14 20:44:42 +02:00
|
|
|
|
|
|
|
{
|
2014-09-30 14:31:08 +02:00
|
|
|
const tor_x509_cert_t *id_cert=NULL, *link_cert=NULL;
|
2016-02-10 21:28:19 +01:00
|
|
|
const common_digests_t *my_digests, *their_digests;
|
2011-09-14 20:44:42 +02:00
|
|
|
const uint8_t *my_id, *their_id, *client_id, *server_id;
|
2013-08-21 16:10:35 +02:00
|
|
|
if (tor_tls_get_my_certs(server, &link_cert, &id_cert))
|
2015-05-28 18:51:20 +02:00
|
|
|
goto err;
|
2014-09-30 14:31:08 +02:00
|
|
|
my_digests = tor_x509_cert_get_id_digests(id_cert);
|
2014-09-30 14:35:02 +02:00
|
|
|
their_digests =
|
|
|
|
tor_x509_cert_get_id_digests(conn->handshake_state->id_cert);
|
2011-10-05 16:33:39 +02:00
|
|
|
tor_assert(my_digests);
|
|
|
|
tor_assert(their_digests);
|
|
|
|
my_id = (uint8_t*)my_digests->d[DIGEST_SHA256];
|
|
|
|
their_id = (uint8_t*)their_digests->d[DIGEST_SHA256];
|
|
|
|
|
2011-09-14 20:44:42 +02:00
|
|
|
client_id = server ? their_id : my_id;
|
|
|
|
server_id = server ? my_id : their_id;
|
|
|
|
|
|
|
|
/* Client ID digest: 32 octets. */
|
2014-10-17 23:06:31 +02:00
|
|
|
memcpy(auth->cid, client_id, 32);
|
2011-09-14 20:44:42 +02:00
|
|
|
|
|
|
|
/* Server ID digest: 32 octets. */
|
2014-10-17 23:06:31 +02:00
|
|
|
memcpy(auth->sid, server_id, 32);
|
2011-09-14 20:44:42 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
{
|
2012-01-18 21:53:30 +01:00
|
|
|
crypto_digest_t *server_d, *client_d;
|
2011-09-14 20:44:42 +02:00
|
|
|
if (server) {
|
|
|
|
server_d = conn->handshake_state->digest_sent;
|
|
|
|
client_d = conn->handshake_state->digest_received;
|
|
|
|
} else {
|
|
|
|
client_d = conn->handshake_state->digest_sent;
|
|
|
|
server_d = conn->handshake_state->digest_received;
|
|
|
|
}
|
|
|
|
|
|
|
|
/* Server log digest : 32 octets */
|
2014-10-17 23:06:31 +02:00
|
|
|
crypto_digest_get_digest(server_d, (char*)auth->slog, 32);
|
2011-09-14 20:44:42 +02:00
|
|
|
|
|
|
|
/* Client log digest : 32 octets */
|
2014-10-17 23:06:31 +02:00
|
|
|
crypto_digest_get_digest(client_d, (char*)auth->clog, 32);
|
2011-09-14 20:44:42 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
{
|
|
|
|
/* Digest of cert used on TLS link : 32 octets. */
|
2014-09-30 14:31:08 +02:00
|
|
|
const tor_x509_cert_t *cert = NULL;
|
|
|
|
tor_x509_cert_t *freecert = NULL;
|
2011-09-14 20:44:42 +02:00
|
|
|
if (server) {
|
|
|
|
tor_tls_get_my_certs(1, &cert, NULL);
|
|
|
|
} else {
|
|
|
|
freecert = tor_tls_get_peer_cert(conn->tls);
|
|
|
|
cert = freecert;
|
|
|
|
}
|
2014-10-17 23:06:31 +02:00
|
|
|
if (!cert) {
|
|
|
|
log_warn(LD_OR, "Unable to find cert when making AUTH1 data.");
|
|
|
|
goto err;
|
|
|
|
}
|
|
|
|
|
|
|
|
memcpy(auth->scert,
|
|
|
|
tor_x509_cert_get_cert_digests(cert)->d[DIGEST_SHA256], 32);
|
2011-09-14 20:44:42 +02:00
|
|
|
|
|
|
|
if (freecert)
|
2014-09-30 14:31:08 +02:00
|
|
|
tor_x509_cert_free(freecert);
|
2011-09-14 20:44:42 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
/* HMAC of clientrandom and serverrandom using master key : 32 octets */
|
2014-10-17 23:06:31 +02:00
|
|
|
tor_tls_get_tlssecrets(conn->tls, auth->tlssecrets);
|
2011-09-14 20:44:42 +02:00
|
|
|
|
2013-09-18 16:51:04 +02:00
|
|
|
/* 8 octets were reserved for the current time, but we're trying to get out
|
|
|
|
* of the habit of sending time around willynilly. Fortunately, nothing
|
|
|
|
* checks it. That's followed by 16 bytes of nonce. */
|
2014-10-17 23:06:31 +02:00
|
|
|
crypto_rand((char*)auth->rand, 24);
|
2011-09-14 20:44:42 +02:00
|
|
|
|
2014-10-17 23:06:31 +02:00
|
|
|
ssize_t len;
|
|
|
|
if ((len = auth1_encode(out, outlen, auth, ctx)) < 0) {
|
|
|
|
log_warn(LD_OR, "Unable to encode signed part of AUTH1 data.");
|
|
|
|
goto err;
|
|
|
|
}
|
2011-09-14 20:44:42 +02:00
|
|
|
|
2014-10-17 23:06:31 +02:00
|
|
|
if (server) {
|
|
|
|
auth1_t *tmp = NULL;
|
|
|
|
ssize_t len2 = auth1_parse(&tmp, out, len, ctx);
|
|
|
|
if (!tmp) {
|
|
|
|
log_warn(LD_OR, "Unable to parse signed part of AUTH1 data.");
|
|
|
|
goto err;
|
|
|
|
}
|
|
|
|
result = (int) (tmp->end_of_fixed_part - out);
|
|
|
|
auth1_free(tmp);
|
|
|
|
if (len2 != len) {
|
|
|
|
log_warn(LD_OR, "Mismatched length when re-parsing AUTH1 data.");
|
|
|
|
goto err;
|
|
|
|
}
|
|
|
|
goto done;
|
|
|
|
}
|
2011-09-14 20:44:42 +02:00
|
|
|
|
2014-10-17 23:06:31 +02:00
|
|
|
if (signing_key) {
|
|
|
|
auth1_setlen_sig(auth, crypto_pk_keysize(signing_key));
|
2011-09-14 20:44:42 +02:00
|
|
|
|
|
|
|
char d[32];
|
2014-10-17 23:06:31 +02:00
|
|
|
crypto_digest256(d, (char*)out, len, DIGEST_SHA256);
|
|
|
|
int siglen = crypto_pk_private_sign(signing_key,
|
|
|
|
(char*)auth1_getarray_sig(auth),
|
|
|
|
auth1_getlen_sig(auth),
|
2011-09-14 20:44:42 +02:00
|
|
|
d, 32);
|
2014-10-17 23:06:31 +02:00
|
|
|
if (siglen < 0) {
|
|
|
|
log_warn(LD_OR, "Unable to sign AUTH1 data.");
|
2015-05-28 18:51:20 +02:00
|
|
|
goto err;
|
2014-10-17 23:06:31 +02:00
|
|
|
}
|
2011-09-14 20:44:42 +02:00
|
|
|
|
2014-10-17 23:06:31 +02:00
|
|
|
auth1_setlen_sig(auth, siglen);
|
|
|
|
|
|
|
|
len = auth1_encode(out, outlen, auth, ctx);
|
|
|
|
if (len < 0) {
|
|
|
|
log_warn(LD_OR, "Unable to encode signed AUTH1 data.");
|
|
|
|
goto err;
|
|
|
|
}
|
2011-09-14 20:44:42 +02:00
|
|
|
}
|
2014-10-17 23:06:31 +02:00
|
|
|
result = (int) len;
|
|
|
|
goto done;
|
|
|
|
|
|
|
|
err:
|
|
|
|
result = -1;
|
|
|
|
done:
|
|
|
|
auth1_free(auth);
|
|
|
|
auth_ctx_free(ctx);
|
|
|
|
return result;
|
2011-09-14 20:44:42 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
/** Send an AUTHENTICATE cell on the connection <b>conn</b>. Return 0 on
|
|
|
|
* success, -1 on failure */
|
2014-10-08 21:39:34 +02:00
|
|
|
MOCK_IMPL(int,
|
|
|
|
connection_or_send_authenticate_cell,(or_connection_t *conn, int authtype))
|
2011-09-14 20:44:42 +02:00
|
|
|
{
|
|
|
|
var_cell_t *cell;
|
2012-01-18 21:53:30 +01:00
|
|
|
crypto_pk_t *pk = tor_tls_get_my_client_auth_key();
|
2011-09-14 20:44:42 +02:00
|
|
|
int authlen;
|
2011-10-11 03:06:41 +02:00
|
|
|
size_t cell_maxlen;
|
2011-09-14 20:44:42 +02:00
|
|
|
/* XXXX make sure we're actually supposed to send this! */
|
|
|
|
|
2011-10-06 20:58:59 +02:00
|
|
|
if (!pk) {
|
2011-10-11 17:30:01 +02:00
|
|
|
log_warn(LD_BUG, "Can't compute authenticate cell: no client auth key");
|
2011-10-06 20:58:59 +02:00
|
|
|
return -1;
|
|
|
|
}
|
|
|
|
if (authtype != AUTHTYPE_RSA_SHA256_TLSSECRET) {
|
|
|
|
log_warn(LD_BUG, "Tried to send authenticate cell with unknown "
|
|
|
|
"authentication type %d", authtype);
|
|
|
|
return -1;
|
|
|
|
}
|
2011-09-27 19:15:36 +02:00
|
|
|
|
2011-09-14 20:44:42 +02:00
|
|
|
cell_maxlen = 4 + /* overhead */
|
2011-09-13 22:24:49 +02:00
|
|
|
V3_AUTH_BODY_LEN + /* Authentication body */
|
2011-09-14 20:44:42 +02:00
|
|
|
crypto_pk_keysize(pk) + /* Max signature length */
|
2011-10-06 20:58:59 +02:00
|
|
|
16 /* add a few extra bytes just in case. */;
|
2011-09-14 20:44:42 +02:00
|
|
|
|
|
|
|
cell = var_cell_new(cell_maxlen);
|
2011-09-27 21:20:17 +02:00
|
|
|
cell->command = CELL_AUTHENTICATE;
|
2011-09-14 20:44:42 +02:00
|
|
|
set_uint16(cell->payload, htons(AUTHTYPE_RSA_SHA256_TLSSECRET));
|
|
|
|
/* skip over length ; we don't know that yet. */
|
|
|
|
|
|
|
|
authlen = connection_or_compute_authenticate_cell_body(conn,
|
|
|
|
cell->payload+4,
|
|
|
|
cell_maxlen-4,
|
|
|
|
pk,
|
|
|
|
0 /* not server */);
|
|
|
|
if (authlen < 0) {
|
2011-10-06 20:58:59 +02:00
|
|
|
log_warn(LD_BUG, "Unable to compute authenticate cell!");
|
2011-09-14 20:44:42 +02:00
|
|
|
var_cell_free(cell);
|
|
|
|
return -1;
|
|
|
|
}
|
|
|
|
tor_assert(authlen + 4 <= cell->payload_len);
|
|
|
|
set_uint16(cell->payload+2, htons(authlen));
|
|
|
|
cell->payload_len = authlen + 4;
|
|
|
|
|
|
|
|
connection_or_write_var_cell_to_buf(cell, conn);
|
|
|
|
var_cell_free(cell);
|
|
|
|
|
|
|
|
return 0;
|
|
|
|
}
|
2012-12-05 18:26:24 +01:00
|
|
|
|