Implemented link padding and receiver token buckets
Each socket reads at most 'bandwidth' bytes per second sustained, but
can handle bursts of up to 10*bandwidth bytes.
Cells are now sent out at evenly-spaced intervals, with padding sent
out otherwise. Set Linkpadding=0 in the rc file to send cells as soon
as they're available (and to never send padding cells).
Added license/copyrights statements at the top of most files.
router->min and router->max have been merged into a single 'bandwidth'
value. We should make the routerinfo_t reflect this (want to do that,
Mat?)
As the bandwidth increases, and we want to stop sleeping more and more
frequently to send a single cell, cpu usage goes up. At 128kB/s we're
pretty much calling poll with a timeout of 1ms or even 0ms. The current
code takes a timeout of 0-9ms and makes it 10ms. prepare_for_poll()
handles everything that should have happened in the past, so as long as
our buffers don't get too full in that 10ms, we're ok.
Speaking of too full, if you run three servers at 100kB/s with -l debug,
it spends too much time printing debugging messages to be able to keep
up with the cells. The outbuf ultimately fills up and it kills that
connection. If you run with -l err, it works fine up through 500kB/s and
probably beyond. Down the road we'll want to teach it to recognize when
an outbuf is getting full, and back off.
svn:r50
2002-07-16 03:12:15 +02:00
|
|
|
/* Copyright 2001,2002 Roger Dingledine, Matej Pfajfar. */
|
|
|
|
|
/* See LICENSE for licensing information */
|
|
|
|
|
/* $Id$ */
|
2002-06-27 00:45:49 +02:00
|
|
|
|
|
|
|
|
#include "or.h"
|
|
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
*
|
|
|
|
|
* these two functions are the main ways 'in' to connection_or
|
|
|
|
|
*
|
|
|
|
|
*/
|
|
|
|
|
|
|
|
|
|
int connection_or_process_inbuf(connection_t *conn) {
|
|
|
|
|
|
|
|
|
|
assert(conn && conn->type == CONN_TYPE_OR);
|
|
|
|
|
|
|
|
|
|
if(conn->inbuf_reached_eof) {
|
|
|
|
|
/* eof reached, kill it. */
|
|
|
|
|
log(LOG_DEBUG,"connection_or_process_inbuf(): conn reached eof. Closing.");
|
|
|
|
|
return -1;
|
|
|
|
|
}
|
|
|
|
|
|
Implemented link padding and receiver token buckets
Each socket reads at most 'bandwidth' bytes per second sustained, but
can handle bursts of up to 10*bandwidth bytes.
Cells are now sent out at evenly-spaced intervals, with padding sent
out otherwise. Set Linkpadding=0 in the rc file to send cells as soon
as they're available (and to never send padding cells).
Added license/copyrights statements at the top of most files.
router->min and router->max have been merged into a single 'bandwidth'
value. We should make the routerinfo_t reflect this (want to do that,
Mat?)
As the bandwidth increases, and we want to stop sleeping more and more
frequently to send a single cell, cpu usage goes up. At 128kB/s we're
pretty much calling poll with a timeout of 1ms or even 0ms. The current
code takes a timeout of 0-9ms and makes it 10ms. prepare_for_poll()
handles everything that should have happened in the past, so as long as
our buffers don't get too full in that 10ms, we're ok.
Speaking of too full, if you run three servers at 100kB/s with -l debug,
it spends too much time printing debugging messages to be able to keep
up with the cells. The outbuf ultimately fills up and it kills that
connection. If you run with -l err, it works fine up through 500kB/s and
probably beyond. Down the road we'll want to teach it to recognize when
an outbuf is getting full, and back off.
svn:r50
2002-07-16 03:12:15 +02:00
|
|
|
// log(LOG_DEBUG,"connection_or_process_inbuf(): state %d.",conn->state);
|
2002-06-27 00:45:49 +02:00
|
|
|
|
|
|
|
|
switch(conn->state) {
|
|
|
|
|
case OR_CONN_STATE_CLIENT_AUTH_WAIT:
|
|
|
|
|
return or_handshake_client_process_auth(conn);
|
|
|
|
|
case OR_CONN_STATE_SERVER_AUTH_WAIT:
|
|
|
|
|
return or_handshake_server_process_auth(conn);
|
|
|
|
|
case OR_CONN_STATE_SERVER_NONCE_WAIT:
|
|
|
|
|
return or_handshake_server_process_nonce(conn);
|
|
|
|
|
case OR_CONN_STATE_OPEN:
|
|
|
|
|
return connection_process_cell_from_inbuf(conn);
|
|
|
|
|
default:
|
|
|
|
|
log(LOG_DEBUG,"connection_or_process_inbuf() called in state where I'm writing. Ignoring buf for now.");
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return 0;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
int connection_or_finished_flushing(connection_t *conn) {
|
|
|
|
|
int e, len=sizeof(e);
|
|
|
|
|
|
|
|
|
|
assert(conn && conn->type == CONN_TYPE_OR);
|
|
|
|
|
|
|
|
|
|
switch(conn->state) {
|
Integrated onion proxy into or/
The 'or' process can now be told (by the global_role variable) what
roles this server should play -- connect to all ORs, listen for ORs,
listen for OPs, listen for APs, or any combination.
* everything in /src/op/ is now obsolete.
* connection_ap.c now handles all interactions with application proxies
* "port" is now or_port, op_port, ap_port. But routers are still always
referenced (say, in conn_get_by_addr_port()) by addr / or_port. We
should make routers.c actually read these new ports (currently I've
kludged it so op_port = or_port+10, ap_port=or_port+20)
* circuits currently know if they're at the beginning of the path because
circ->cpath is set. They use this instead for crypts (both ways),
if it's set.
* I still obey the "send a 0 back to the AP when you're ready" protocol,
but I think we should phase it out. I can simply not read from the AP
socket until I'm ready.
I need to do a lot of cleanup work here, but the code appears to work, so
now's a good time for a checkin.
svn:r22
2002-07-02 11:36:58 +02:00
|
|
|
case OR_CONN_STATE_OP_CONNECTING:
|
|
|
|
|
if (getsockopt(conn->s, SOL_SOCKET, SO_ERROR, &e, &len) < 0) { /* not yet */
|
|
|
|
|
if(errno != EINPROGRESS){
|
|
|
|
|
/* yuck. kill it. */
|
|
|
|
|
log(LOG_DEBUG,"connection_or_finished_flushing(): in-progress connect failed. Removing.");
|
|
|
|
|
return -1;
|
|
|
|
|
} else {
|
|
|
|
|
return 0; /* no change, see if next time is better */
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
/* the connect has finished. */
|
|
|
|
|
|
2002-07-03 19:30:59 +02:00
|
|
|
log(LOG_DEBUG,"connection_or_finished_flushing() : OP connection to router %s:%u established.",
|
2002-08-24 09:55:49 +02:00
|
|
|
conn->address,conn->port);
|
Integrated onion proxy into or/
The 'or' process can now be told (by the global_role variable) what
roles this server should play -- connect to all ORs, listen for ORs,
listen for OPs, listen for APs, or any combination.
* everything in /src/op/ is now obsolete.
* connection_ap.c now handles all interactions with application proxies
* "port" is now or_port, op_port, ap_port. But routers are still always
referenced (say, in conn_get_by_addr_port()) by addr / or_port. We
should make routers.c actually read these new ports (currently I've
kludged it so op_port = or_port+10, ap_port=or_port+20)
* circuits currently know if they're at the beginning of the path because
circ->cpath is set. They use this instead for crypts (both ways),
if it's set.
* I still obey the "send a 0 back to the AP when you're ready" protocol,
but I think we should phase it out. I can simply not read from the AP
socket until I'm ready.
I need to do a lot of cleanup work here, but the code appears to work, so
now's a good time for a checkin.
svn:r22
2002-07-02 11:36:58 +02:00
|
|
|
|
|
|
|
|
return or_handshake_op_send_keys(conn);
|
|
|
|
|
case OR_CONN_STATE_OP_SENDING_KEYS:
|
|
|
|
|
return or_handshake_op_finished_sending_keys(conn);
|
2002-06-27 00:45:49 +02:00
|
|
|
case OR_CONN_STATE_CLIENT_CONNECTING:
|
|
|
|
|
if (getsockopt(conn->s, SOL_SOCKET, SO_ERROR, &e, &len) < 0) { /* not yet */
|
|
|
|
|
if(errno != EINPROGRESS){
|
|
|
|
|
/* yuck. kill it. */
|
2002-09-26 14:09:10 +02:00
|
|
|
log(LOG_DEBUG,"connection_or_finished_flushing(): in-progress connect failed. Removing.");
|
2002-06-27 00:45:49 +02:00
|
|
|
return -1;
|
|
|
|
|
} else {
|
|
|
|
|
return 0; /* no change, see if next time is better */
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
/* the connect has finished. */
|
|
|
|
|
|
2002-07-03 19:30:59 +02:00
|
|
|
log(LOG_DEBUG,"connection_or_finished_flushing() : OR connection to router %s:%u established.",
|
2002-08-24 09:55:49 +02:00
|
|
|
conn->address,conn->port);
|
2002-06-27 00:45:49 +02:00
|
|
|
|
|
|
|
|
return or_handshake_client_send_auth(conn);
|
|
|
|
|
case OR_CONN_STATE_CLIENT_SENDING_AUTH:
|
|
|
|
|
log(LOG_DEBUG,"connection_or_finished_flushing(): client finished sending auth.");
|
|
|
|
|
conn->state = OR_CONN_STATE_CLIENT_AUTH_WAIT;
|
|
|
|
|
connection_watch_events(conn, POLLIN);
|
|
|
|
|
return 0;
|
|
|
|
|
case OR_CONN_STATE_CLIENT_SENDING_NONCE:
|
|
|
|
|
log(LOG_DEBUG,"connection_or_finished_flushing(): client finished sending nonce.");
|
|
|
|
|
conn_or_init_crypto(conn);
|
|
|
|
|
conn->state = OR_CONN_STATE_OPEN;
|
Implemented link padding and receiver token buckets
Each socket reads at most 'bandwidth' bytes per second sustained, but
can handle bursts of up to 10*bandwidth bytes.
Cells are now sent out at evenly-spaced intervals, with padding sent
out otherwise. Set Linkpadding=0 in the rc file to send cells as soon
as they're available (and to never send padding cells).
Added license/copyrights statements at the top of most files.
router->min and router->max have been merged into a single 'bandwidth'
value. We should make the routerinfo_t reflect this (want to do that,
Mat?)
As the bandwidth increases, and we want to stop sleeping more and more
frequently to send a single cell, cpu usage goes up. At 128kB/s we're
pretty much calling poll with a timeout of 1ms or even 0ms. The current
code takes a timeout of 0-9ms and makes it 10ms. prepare_for_poll()
handles everything that should have happened in the past, so as long as
our buffers don't get too full in that 10ms, we're ok.
Speaking of too full, if you run three servers at 100kB/s with -l debug,
it spends too much time printing debugging messages to be able to keep
up with the cells. The outbuf ultimately fills up and it kills that
connection. If you run with -l err, it works fine up through 500kB/s and
probably beyond. Down the road we'll want to teach it to recognize when
an outbuf is getting full, and back off.
svn:r50
2002-07-16 03:12:15 +02:00
|
|
|
connection_init_timeval(conn);
|
2002-06-27 00:45:49 +02:00
|
|
|
connection_watch_events(conn, POLLIN);
|
2002-09-20 21:33:13 +02:00
|
|
|
return connection_process_inbuf(conn); /* in case there's anything waiting on it */
|
2002-06-27 00:45:49 +02:00
|
|
|
case OR_CONN_STATE_SERVER_SENDING_AUTH:
|
|
|
|
|
log(LOG_DEBUG,"connection_or_finished_flushing(): server finished sending auth.");
|
|
|
|
|
conn->state = OR_CONN_STATE_SERVER_NONCE_WAIT;
|
|
|
|
|
connection_watch_events(conn, POLLIN);
|
|
|
|
|
return 0;
|
|
|
|
|
case OR_CONN_STATE_OPEN:
|
|
|
|
|
/* FIXME down the road, we'll clear out circuits that are pending to close */
|
2002-07-18 08:37:58 +02:00
|
|
|
connection_stop_writing(conn);
|
2002-06-27 00:45:49 +02:00
|
|
|
return 0;
|
|
|
|
|
default:
|
|
|
|
|
log(LOG_DEBUG,"Bug: connection_or_finished_flushing() called in unexpected state.");
|
|
|
|
|
return 0;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return 0;
|
|
|
|
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/*********************/
|
|
|
|
|
|
|
|
|
|
void conn_or_init_crypto(connection_t *conn) {
|
2002-09-03 21:03:16 +02:00
|
|
|
//int x;
|
2002-08-22 09:30:03 +02:00
|
|
|
unsigned char iv[16];
|
2002-06-27 00:45:49 +02:00
|
|
|
|
|
|
|
|
assert(conn);
|
2002-08-24 08:58:25 +02:00
|
|
|
#if 0
|
2002-06-27 00:45:49 +02:00
|
|
|
printf("f_session_key: ");
|
|
|
|
|
for(x=0;x<8;x++) {
|
2002-08-22 09:30:03 +02:00
|
|
|
printf("%d ",conn->f_crypto->key[x]);
|
2002-06-27 00:45:49 +02:00
|
|
|
}
|
|
|
|
|
printf("\nb_session_key: ");
|
|
|
|
|
for(x=0;x<8;x++) {
|
2002-08-22 09:30:03 +02:00
|
|
|
printf("%d ",conn->b_crypto->key[x]);
|
2002-06-27 00:45:49 +02:00
|
|
|
}
|
|
|
|
|
printf("\n");
|
2002-08-24 08:58:25 +02:00
|
|
|
#endif
|
2002-06-27 00:45:49 +02:00
|
|
|
|
2002-08-22 09:30:03 +02:00
|
|
|
memset((void *)iv, 0, 16);
|
|
|
|
|
crypto_cipher_set_iv(conn->f_crypto, iv);
|
|
|
|
|
crypto_cipher_set_iv(conn->b_crypto, iv);
|
|
|
|
|
|
|
|
|
|
crypto_cipher_encrypt_init_cipher(conn->f_crypto);
|
|
|
|
|
crypto_cipher_decrypt_init_cipher(conn->b_crypto);
|
2002-06-27 00:45:49 +02:00
|
|
|
/* always encrypt with f, always decrypt with b */
|
|
|
|
|
|
|
|
|
|
}
|
|
|
|
|
|
Integrated onion proxy into or/
The 'or' process can now be told (by the global_role variable) what
roles this server should play -- connect to all ORs, listen for ORs,
listen for OPs, listen for APs, or any combination.
* everything in /src/op/ is now obsolete.
* connection_ap.c now handles all interactions with application proxies
* "port" is now or_port, op_port, ap_port. But routers are still always
referenced (say, in conn_get_by_addr_port()) by addr / or_port. We
should make routers.c actually read these new ports (currently I've
kludged it so op_port = or_port+10, ap_port=or_port+20)
* circuits currently know if they're at the beginning of the path because
circ->cpath is set. They use this instead for crypts (both ways),
if it's set.
* I still obey the "send a 0 back to the AP when you're ready" protocol,
but I think we should phase it out. I can simply not read from the AP
socket until I'm ready.
I need to do a lot of cleanup work here, but the code appears to work, so
now's a good time for a checkin.
svn:r22
2002-07-02 11:36:58 +02:00
|
|
|
/* helper function for connection_or_connect_as_or and _as_op.
|
|
|
|
|
* returns NULL if the connection fails. If it succeeds, it sets
|
|
|
|
|
* *result to 1 if connect() returned before completing, or to 2
|
|
|
|
|
* if it completed, and returns the new conn.
|
2002-06-27 00:45:49 +02:00
|
|
|
*/
|
2002-10-03 00:54:20 +02:00
|
|
|
connection_t *connection_or_connect(routerinfo_t *router, uint16_t port, int *result) {
|
2002-06-27 00:45:49 +02:00
|
|
|
connection_t *conn;
|
|
|
|
|
struct sockaddr_in router_addr;
|
|
|
|
|
int s;
|
|
|
|
|
|
2002-06-30 09:37:49 +02:00
|
|
|
conn = connection_new(CONN_TYPE_OR);
|
2003-03-19 23:02:35 +01:00
|
|
|
if(!conn) {
|
Integrated onion proxy into or/
The 'or' process can now be told (by the global_role variable) what
roles this server should play -- connect to all ORs, listen for ORs,
listen for OPs, listen for APs, or any combination.
* everything in /src/op/ is now obsolete.
* connection_ap.c now handles all interactions with application proxies
* "port" is now or_port, op_port, ap_port. But routers are still always
referenced (say, in conn_get_by_addr_port()) by addr / or_port. We
should make routers.c actually read these new ports (currently I've
kludged it so op_port = or_port+10, ap_port=or_port+20)
* circuits currently know if they're at the beginning of the path because
circ->cpath is set. They use this instead for crypts (both ways),
if it's set.
* I still obey the "send a 0 back to the AP when you're ready" protocol,
but I think we should phase it out. I can simply not read from the AP
socket until I'm ready.
I need to do a lot of cleanup work here, but the code appears to work, so
now's a good time for a checkin.
svn:r22
2002-07-02 11:36:58 +02:00
|
|
|
return NULL;
|
2003-03-19 23:02:35 +01:00
|
|
|
}
|
2002-06-27 00:45:49 +02:00
|
|
|
|
|
|
|
|
/* set up conn so it's got all the data we need to remember */
|
2002-10-03 00:54:20 +02:00
|
|
|
conn->addr = router->addr;
|
|
|
|
|
conn->port = router->or_port; /* NOTE we store or_port here always */
|
2002-09-24 12:43:57 +02:00
|
|
|
conn->bandwidth = router->bandwidth;
|
|
|
|
|
conn->pkey = crypto_pk_dup_key(router->pkey);
|
2002-06-27 00:45:49 +02:00
|
|
|
conn->address = strdup(router->address);
|
|
|
|
|
|
|
|
|
|
s=socket(PF_INET,SOCK_STREAM,IPPROTO_TCP);
|
|
|
|
|
if (s < 0)
|
|
|
|
|
{
|
|
|
|
|
log(LOG_ERR,"Error creating network socket.");
|
|
|
|
|
connection_free(conn);
|
Integrated onion proxy into or/
The 'or' process can now be told (by the global_role variable) what
roles this server should play -- connect to all ORs, listen for ORs,
listen for OPs, listen for APs, or any combination.
* everything in /src/op/ is now obsolete.
* connection_ap.c now handles all interactions with application proxies
* "port" is now or_port, op_port, ap_port. But routers are still always
referenced (say, in conn_get_by_addr_port()) by addr / or_port. We
should make routers.c actually read these new ports (currently I've
kludged it so op_port = or_port+10, ap_port=or_port+20)
* circuits currently know if they're at the beginning of the path because
circ->cpath is set. They use this instead for crypts (both ways),
if it's set.
* I still obey the "send a 0 back to the AP when you're ready" protocol,
but I think we should phase it out. I can simply not read from the AP
socket until I'm ready.
I need to do a lot of cleanup work here, but the code appears to work, so
now's a good time for a checkin.
svn:r22
2002-07-02 11:36:58 +02:00
|
|
|
return NULL;
|
2002-06-27 00:45:49 +02:00
|
|
|
}
|
|
|
|
|
fcntl(s, F_SETFL, O_NONBLOCK); /* set s to non-blocking */
|
|
|
|
|
|
|
|
|
|
memset((void *)&router_addr,0,sizeof(router_addr));
|
|
|
|
|
router_addr.sin_family = AF_INET;
|
2002-08-24 09:55:49 +02:00
|
|
|
router_addr.sin_port = htons(port);
|
2002-10-03 00:54:20 +02:00
|
|
|
router_addr.sin_addr.s_addr = htonl(router->addr);
|
2002-06-27 00:45:49 +02:00
|
|
|
|
2002-10-03 00:54:20 +02:00
|
|
|
log(LOG_DEBUG,"connection_or_connect() : Trying to connect to %s:%u.",router->address,port);
|
2002-06-27 00:45:49 +02:00
|
|
|
|
|
|
|
|
if(connect(s,(struct sockaddr *)&router_addr,sizeof(router_addr)) < 0){
|
|
|
|
|
if(errno != EINPROGRESS){
|
|
|
|
|
/* yuck. kill it. */
|
|
|
|
|
connection_free(conn);
|
Integrated onion proxy into or/
The 'or' process can now be told (by the global_role variable) what
roles this server should play -- connect to all ORs, listen for ORs,
listen for OPs, listen for APs, or any combination.
* everything in /src/op/ is now obsolete.
* connection_ap.c now handles all interactions with application proxies
* "port" is now or_port, op_port, ap_port. But routers are still always
referenced (say, in conn_get_by_addr_port()) by addr / or_port. We
should make routers.c actually read these new ports (currently I've
kludged it so op_port = or_port+10, ap_port=or_port+20)
* circuits currently know if they're at the beginning of the path because
circ->cpath is set. They use this instead for crypts (both ways),
if it's set.
* I still obey the "send a 0 back to the AP when you're ready" protocol,
but I think we should phase it out. I can simply not read from the AP
socket until I'm ready.
I need to do a lot of cleanup work here, but the code appears to work, so
now's a good time for a checkin.
svn:r22
2002-07-02 11:36:58 +02:00
|
|
|
return NULL;
|
2002-06-27 00:45:49 +02:00
|
|
|
} else {
|
|
|
|
|
/* it's in progress. set state appropriately and return. */
|
|
|
|
|
conn->s = s;
|
|
|
|
|
|
|
|
|
|
if(connection_add(conn) < 0) { /* no space, forget it */
|
|
|
|
|
connection_free(conn);
|
Integrated onion proxy into or/
The 'or' process can now be told (by the global_role variable) what
roles this server should play -- connect to all ORs, listen for ORs,
listen for OPs, listen for APs, or any combination.
* everything in /src/op/ is now obsolete.
* connection_ap.c now handles all interactions with application proxies
* "port" is now or_port, op_port, ap_port. But routers are still always
referenced (say, in conn_get_by_addr_port()) by addr / or_port. We
should make routers.c actually read these new ports (currently I've
kludged it so op_port = or_port+10, ap_port=or_port+20)
* circuits currently know if they're at the beginning of the path because
circ->cpath is set. They use this instead for crypts (both ways),
if it's set.
* I still obey the "send a 0 back to the AP when you're ready" protocol,
but I think we should phase it out. I can simply not read from the AP
socket until I'm ready.
I need to do a lot of cleanup work here, but the code appears to work, so
now's a good time for a checkin.
svn:r22
2002-07-02 11:36:58 +02:00
|
|
|
return NULL;
|
2002-06-27 00:45:49 +02:00
|
|
|
}
|
Integrated onion proxy into or/
The 'or' process can now be told (by the global_role variable) what
roles this server should play -- connect to all ORs, listen for ORs,
listen for OPs, listen for APs, or any combination.
* everything in /src/op/ is now obsolete.
* connection_ap.c now handles all interactions with application proxies
* "port" is now or_port, op_port, ap_port. But routers are still always
referenced (say, in conn_get_by_addr_port()) by addr / or_port. We
should make routers.c actually read these new ports (currently I've
kludged it so op_port = or_port+10, ap_port=or_port+20)
* circuits currently know if they're at the beginning of the path because
circ->cpath is set. They use this instead for crypts (both ways),
if it's set.
* I still obey the "send a 0 back to the AP when you're ready" protocol,
but I think we should phase it out. I can simply not read from the AP
socket until I'm ready.
I need to do a lot of cleanup work here, but the code appears to work, so
now's a good time for a checkin.
svn:r22
2002-07-02 11:36:58 +02:00
|
|
|
|
|
|
|
|
log(LOG_DEBUG,"connection_or_connect() : connect in progress.");
|
2002-07-18 08:37:58 +02:00
|
|
|
connection_watch_events(conn, POLLIN | POLLOUT); /* writable indicates finish, readable indicates broken link */
|
Integrated onion proxy into or/
The 'or' process can now be told (by the global_role variable) what
roles this server should play -- connect to all ORs, listen for ORs,
listen for OPs, listen for APs, or any combination.
* everything in /src/op/ is now obsolete.
* connection_ap.c now handles all interactions with application proxies
* "port" is now or_port, op_port, ap_port. But routers are still always
referenced (say, in conn_get_by_addr_port()) by addr / or_port. We
should make routers.c actually read these new ports (currently I've
kludged it so op_port = or_port+10, ap_port=or_port+20)
* circuits currently know if they're at the beginning of the path because
circ->cpath is set. They use this instead for crypts (both ways),
if it's set.
* I still obey the "send a 0 back to the AP when you're ready" protocol,
but I think we should phase it out. I can simply not read from the AP
socket until I'm ready.
I need to do a lot of cleanup work here, but the code appears to work, so
now's a good time for a checkin.
svn:r22
2002-07-02 11:36:58 +02:00
|
|
|
*result = 1; /* connecting */
|
|
|
|
|
return conn;
|
|
|
|
|
|
2002-06-27 00:45:49 +02:00
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/* it succeeded. we're connected. */
|
|
|
|
|
conn->s = s;
|
|
|
|
|
|
|
|
|
|
if(connection_add(conn) < 0) { /* no space, forget it */
|
|
|
|
|
connection_free(conn);
|
Integrated onion proxy into or/
The 'or' process can now be told (by the global_role variable) what
roles this server should play -- connect to all ORs, listen for ORs,
listen for OPs, listen for APs, or any combination.
* everything in /src/op/ is now obsolete.
* connection_ap.c now handles all interactions with application proxies
* "port" is now or_port, op_port, ap_port. But routers are still always
referenced (say, in conn_get_by_addr_port()) by addr / or_port. We
should make routers.c actually read these new ports (currently I've
kludged it so op_port = or_port+10, ap_port=or_port+20)
* circuits currently know if they're at the beginning of the path because
circ->cpath is set. They use this instead for crypts (both ways),
if it's set.
* I still obey the "send a 0 back to the AP when you're ready" protocol,
but I think we should phase it out. I can simply not read from the AP
socket until I'm ready.
I need to do a lot of cleanup work here, but the code appears to work, so
now's a good time for a checkin.
svn:r22
2002-07-02 11:36:58 +02:00
|
|
|
return NULL;
|
|
|
|
|
}
|
|
|
|
|
|
2002-08-24 09:55:49 +02:00
|
|
|
log(LOG_DEBUG,"connection_or_connect() : Connection to router %s:%u established.",router->address,port);
|
Integrated onion proxy into or/
The 'or' process can now be told (by the global_role variable) what
roles this server should play -- connect to all ORs, listen for ORs,
listen for OPs, listen for APs, or any combination.
* everything in /src/op/ is now obsolete.
* connection_ap.c now handles all interactions with application proxies
* "port" is now or_port, op_port, ap_port. But routers are still always
referenced (say, in conn_get_by_addr_port()) by addr / or_port. We
should make routers.c actually read these new ports (currently I've
kludged it so op_port = or_port+10, ap_port=or_port+20)
* circuits currently know if they're at the beginning of the path because
circ->cpath is set. They use this instead for crypts (both ways),
if it's set.
* I still obey the "send a 0 back to the AP when you're ready" protocol,
but I think we should phase it out. I can simply not read from the AP
socket until I'm ready.
I need to do a lot of cleanup work here, but the code appears to work, so
now's a good time for a checkin.
svn:r22
2002-07-02 11:36:58 +02:00
|
|
|
|
|
|
|
|
*result = 2; /* connection finished */
|
|
|
|
|
return(conn);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
*
|
|
|
|
|
* handshake for connecting to the op_port of an onion router
|
|
|
|
|
*
|
|
|
|
|
*/
|
|
|
|
|
|
2002-10-03 00:54:20 +02:00
|
|
|
connection_t *connection_or_connect_as_op(routerinfo_t *router) {
|
Integrated onion proxy into or/
The 'or' process can now be told (by the global_role variable) what
roles this server should play -- connect to all ORs, listen for ORs,
listen for OPs, listen for APs, or any combination.
* everything in /src/op/ is now obsolete.
* connection_ap.c now handles all interactions with application proxies
* "port" is now or_port, op_port, ap_port. But routers are still always
referenced (say, in conn_get_by_addr_port()) by addr / or_port. We
should make routers.c actually read these new ports (currently I've
kludged it so op_port = or_port+10, ap_port=or_port+20)
* circuits currently know if they're at the beginning of the path because
circ->cpath is set. They use this instead for crypts (both ways),
if it's set.
* I still obey the "send a 0 back to the AP when you're ready" protocol,
but I think we should phase it out. I can simply not read from the AP
socket until I'm ready.
I need to do a lot of cleanup work here, but the code appears to work, so
now's a good time for a checkin.
svn:r22
2002-07-02 11:36:58 +02:00
|
|
|
connection_t *conn;
|
|
|
|
|
int result=0; /* so connection_or_connect() can tell us what happened */
|
|
|
|
|
|
2002-10-03 00:54:20 +02:00
|
|
|
assert(router);
|
Integrated onion proxy into or/
The 'or' process can now be told (by the global_role variable) what
roles this server should play -- connect to all ORs, listen for ORs,
listen for OPs, listen for APs, or any combination.
* everything in /src/op/ is now obsolete.
* connection_ap.c now handles all interactions with application proxies
* "port" is now or_port, op_port, ap_port. But routers are still always
referenced (say, in conn_get_by_addr_port()) by addr / or_port. We
should make routers.c actually read these new ports (currently I've
kludged it so op_port = or_port+10, ap_port=or_port+20)
* circuits currently know if they're at the beginning of the path because
circ->cpath is set. They use this instead for crypts (both ways),
if it's set.
* I still obey the "send a 0 back to the AP when you're ready" protocol,
but I think we should phase it out. I can simply not read from the AP
socket until I'm ready.
I need to do a lot of cleanup work here, but the code appears to work, so
now's a good time for a checkin.
svn:r22
2002-07-02 11:36:58 +02:00
|
|
|
|
2002-10-03 00:54:20 +02:00
|
|
|
if(router_is_me(router->addr, router->or_port)) {
|
Integrated onion proxy into or/
The 'or' process can now be told (by the global_role variable) what
roles this server should play -- connect to all ORs, listen for ORs,
listen for OPs, listen for APs, or any combination.
* everything in /src/op/ is now obsolete.
* connection_ap.c now handles all interactions with application proxies
* "port" is now or_port, op_port, ap_port. But routers are still always
referenced (say, in conn_get_by_addr_port()) by addr / or_port. We
should make routers.c actually read these new ports (currently I've
kludged it so op_port = or_port+10, ap_port=or_port+20)
* circuits currently know if they're at the beginning of the path because
circ->cpath is set. They use this instead for crypts (both ways),
if it's set.
* I still obey the "send a 0 back to the AP when you're ready" protocol,
but I think we should phase it out. I can simply not read from the AP
socket until I'm ready.
I need to do a lot of cleanup work here, but the code appears to work, so
now's a good time for a checkin.
svn:r22
2002-07-02 11:36:58 +02:00
|
|
|
/* this is me! don't connect to me. */
|
2002-09-04 08:29:28 +02:00
|
|
|
log(LOG_WARNING,"connection_or_connect_as_op(): You just asked me to connect to myself.");
|
Integrated onion proxy into or/
The 'or' process can now be told (by the global_role variable) what
roles this server should play -- connect to all ORs, listen for ORs,
listen for OPs, listen for APs, or any combination.
* everything in /src/op/ is now obsolete.
* connection_ap.c now handles all interactions with application proxies
* "port" is now or_port, op_port, ap_port. But routers are still always
referenced (say, in conn_get_by_addr_port()) by addr / or_port. We
should make routers.c actually read these new ports (currently I've
kludged it so op_port = or_port+10, ap_port=or_port+20)
* circuits currently know if they're at the beginning of the path because
circ->cpath is set. They use this instead for crypts (both ways),
if it's set.
* I still obey the "send a 0 back to the AP when you're ready" protocol,
but I think we should phase it out. I can simply not read from the AP
socket until I'm ready.
I need to do a lot of cleanup work here, but the code appears to work, so
now's a good time for a checkin.
svn:r22
2002-07-02 11:36:58 +02:00
|
|
|
return NULL;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/* this function should never be called if we're already connected to router, but */
|
2002-09-04 08:29:28 +02:00
|
|
|
/* check first to be sure */
|
|
|
|
|
conn = connection_exact_get_by_addr_port(router->addr,router->or_port);
|
|
|
|
|
if(conn)
|
|
|
|
|
return conn;
|
Integrated onion proxy into or/
The 'or' process can now be told (by the global_role variable) what
roles this server should play -- connect to all ORs, listen for ORs,
listen for OPs, listen for APs, or any combination.
* everything in /src/op/ is now obsolete.
* connection_ap.c now handles all interactions with application proxies
* "port" is now or_port, op_port, ap_port. But routers are still always
referenced (say, in conn_get_by_addr_port()) by addr / or_port. We
should make routers.c actually read these new ports (currently I've
kludged it so op_port = or_port+10, ap_port=or_port+20)
* circuits currently know if they're at the beginning of the path because
circ->cpath is set. They use this instead for crypts (both ways),
if it's set.
* I still obey the "send a 0 back to the AP when you're ready" protocol,
but I think we should phase it out. I can simply not read from the AP
socket until I'm ready.
I need to do a lot of cleanup work here, but the code appears to work, so
now's a good time for a checkin.
svn:r22
2002-07-02 11:36:58 +02:00
|
|
|
|
2002-10-03 00:54:20 +02:00
|
|
|
conn = connection_or_connect(router, router->op_port, &result);
|
Integrated onion proxy into or/
The 'or' process can now be told (by the global_role variable) what
roles this server should play -- connect to all ORs, listen for ORs,
listen for OPs, listen for APs, or any combination.
* everything in /src/op/ is now obsolete.
* connection_ap.c now handles all interactions with application proxies
* "port" is now or_port, op_port, ap_port. But routers are still always
referenced (say, in conn_get_by_addr_port()) by addr / or_port. We
should make routers.c actually read these new ports (currently I've
kludged it so op_port = or_port+10, ap_port=or_port+20)
* circuits currently know if they're at the beginning of the path because
circ->cpath is set. They use this instead for crypts (both ways),
if it's set.
* I still obey the "send a 0 back to the AP when you're ready" protocol,
but I think we should phase it out. I can simply not read from the AP
socket until I'm ready.
I need to do a lot of cleanup work here, but the code appears to work, so
now's a good time for a checkin.
svn:r22
2002-07-02 11:36:58 +02:00
|
|
|
if(!conn)
|
|
|
|
|
return NULL;
|
|
|
|
|
|
|
|
|
|
assert(result != 0); /* if conn is defined, then it must have set result */
|
|
|
|
|
|
|
|
|
|
/* now we know it succeeded */
|
|
|
|
|
if(result == 1) {
|
|
|
|
|
conn->state = OR_CONN_STATE_OP_CONNECTING;
|
|
|
|
|
return conn;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if(result == 2) {
|
|
|
|
|
/* move to the next step in the handshake */
|
|
|
|
|
if(or_handshake_op_send_keys(conn) < 0) {
|
|
|
|
|
connection_remove(conn);
|
|
|
|
|
connection_free(conn);
|
|
|
|
|
return NULL;
|
|
|
|
|
}
|
|
|
|
|
return conn;
|
|
|
|
|
}
|
|
|
|
|
return NULL; /* shouldn't get here; to keep gcc happy */
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
int or_handshake_op_send_keys(connection_t *conn) {
|
2002-09-03 21:03:16 +02:00
|
|
|
//int x;
|
Integrated onion proxy into or/
The 'or' process can now be told (by the global_role variable) what
roles this server should play -- connect to all ORs, listen for ORs,
listen for OPs, listen for APs, or any combination.
* everything in /src/op/ is now obsolete.
* connection_ap.c now handles all interactions with application proxies
* "port" is now or_port, op_port, ap_port. But routers are still always
referenced (say, in conn_get_by_addr_port()) by addr / or_port. We
should make routers.c actually read these new ports (currently I've
kludged it so op_port = or_port+10, ap_port=or_port+20)
* circuits currently know if they're at the beginning of the path because
circ->cpath is set. They use this instead for crypts (both ways),
if it's set.
* I still obey the "send a 0 back to the AP when you're ready" protocol,
but I think we should phase it out. I can simply not read from the AP
socket until I'm ready.
I need to do a lot of cleanup work here, but the code appears to work, so
now's a good time for a checkin.
svn:r22
2002-07-02 11:36:58 +02:00
|
|
|
uint32_t bandwidth = DEFAULT_BANDWIDTH_OP;
|
2003-03-19 21:48:56 +01:00
|
|
|
unsigned char message[36]; /* bandwidth(32bits), forward key(128bits), backward key(128bits) */
|
Integrated onion proxy into or/
The 'or' process can now be told (by the global_role variable) what
roles this server should play -- connect to all ORs, listen for ORs,
listen for OPs, listen for APs, or any combination.
* everything in /src/op/ is now obsolete.
* connection_ap.c now handles all interactions with application proxies
* "port" is now or_port, op_port, ap_port. But routers are still always
referenced (say, in conn_get_by_addr_port()) by addr / or_port. We
should make routers.c actually read these new ports (currently I've
kludged it so op_port = or_port+10, ap_port=or_port+20)
* circuits currently know if they're at the beginning of the path because
circ->cpath is set. They use this instead for crypts (both ways),
if it's set.
* I still obey the "send a 0 back to the AP when you're ready" protocol,
but I think we should phase it out. I can simply not read from the AP
socket until I'm ready.
I need to do a lot of cleanup work here, but the code appears to work, so
now's a good time for a checkin.
svn:r22
2002-07-02 11:36:58 +02:00
|
|
|
unsigned char cipher[128];
|
|
|
|
|
int retval;
|
|
|
|
|
|
|
|
|
|
assert(conn && conn->type == CONN_TYPE_OR);
|
|
|
|
|
|
|
|
|
|
/* generate random keys */
|
2002-08-22 09:30:03 +02:00
|
|
|
if(crypto_cipher_generate_key(conn->f_crypto) ||
|
|
|
|
|
crypto_cipher_generate_key(conn->b_crypto)) {
|
2003-03-19 21:48:56 +01:00
|
|
|
log(LOG_ERR,"Cannot generate a secure 3DES key.");
|
Integrated onion proxy into or/
The 'or' process can now be told (by the global_role variable) what
roles this server should play -- connect to all ORs, listen for ORs,
listen for OPs, listen for APs, or any combination.
* everything in /src/op/ is now obsolete.
* connection_ap.c now handles all interactions with application proxies
* "port" is now or_port, op_port, ap_port. But routers are still always
referenced (say, in conn_get_by_addr_port()) by addr / or_port. We
should make routers.c actually read these new ports (currently I've
kludged it so op_port = or_port+10, ap_port=or_port+20)
* circuits currently know if they're at the beginning of the path because
circ->cpath is set. They use this instead for crypts (both ways),
if it's set.
* I still obey the "send a 0 back to the AP when you're ready" protocol,
but I think we should phase it out. I can simply not read from the AP
socket until I'm ready.
I need to do a lot of cleanup work here, but the code appears to work, so
now's a good time for a checkin.
svn:r22
2002-07-02 11:36:58 +02:00
|
|
|
return -1;
|
|
|
|
|
}
|
2003-03-19 21:48:56 +01:00
|
|
|
log(LOG_DEBUG,"or_handshake_op_send_keys() : Generated 3DES keys.");
|
Integrated onion proxy into or/
The 'or' process can now be told (by the global_role variable) what
roles this server should play -- connect to all ORs, listen for ORs,
listen for OPs, listen for APs, or any combination.
* everything in /src/op/ is now obsolete.
* connection_ap.c now handles all interactions with application proxies
* "port" is now or_port, op_port, ap_port. But routers are still always
referenced (say, in conn_get_by_addr_port()) by addr / or_port. We
should make routers.c actually read these new ports (currently I've
kludged it so op_port = or_port+10, ap_port=or_port+20)
* circuits currently know if they're at the beginning of the path because
circ->cpath is set. They use this instead for crypts (both ways),
if it's set.
* I still obey the "send a 0 back to the AP when you're ready" protocol,
but I think we should phase it out. I can simply not read from the AP
socket until I'm ready.
I need to do a lot of cleanup work here, but the code appears to work, so
now's a good time for a checkin.
svn:r22
2002-07-02 11:36:58 +02:00
|
|
|
/* compose the message */
|
2002-08-24 08:58:25 +02:00
|
|
|
*(uint32_t *)message = htonl(bandwidth);
|
2003-03-19 21:48:56 +01:00
|
|
|
memcpy((void *)(message + 4), (void *)conn->f_crypto->key, 16);
|
|
|
|
|
memcpy((void *)(message + 20), (void *)conn->b_crypto->key, 16);
|
2002-09-04 08:29:28 +02:00
|
|
|
|
2002-08-24 08:58:25 +02:00
|
|
|
#if 0
|
Integrated onion proxy into or/
The 'or' process can now be told (by the global_role variable) what
roles this server should play -- connect to all ORs, listen for ORs,
listen for OPs, listen for APs, or any combination.
* everything in /src/op/ is now obsolete.
* connection_ap.c now handles all interactions with application proxies
* "port" is now or_port, op_port, ap_port. But routers are still always
referenced (say, in conn_get_by_addr_port()) by addr / or_port. We
should make routers.c actually read these new ports (currently I've
kludged it so op_port = or_port+10, ap_port=or_port+20)
* circuits currently know if they're at the beginning of the path because
circ->cpath is set. They use this instead for crypts (both ways),
if it's set.
* I still obey the "send a 0 back to the AP when you're ready" protocol,
but I think we should phase it out. I can simply not read from the AP
socket until I'm ready.
I need to do a lot of cleanup work here, but the code appears to work, so
now's a good time for a checkin.
svn:r22
2002-07-02 11:36:58 +02:00
|
|
|
printf("f_session_key: ");
|
2003-03-19 21:48:56 +01:00
|
|
|
for(x=0;x<16;x++) {
|
2002-08-22 09:30:03 +02:00
|
|
|
printf("%d ",conn->f_crypto->key[x]);
|
Integrated onion proxy into or/
The 'or' process can now be told (by the global_role variable) what
roles this server should play -- connect to all ORs, listen for ORs,
listen for OPs, listen for APs, or any combination.
* everything in /src/op/ is now obsolete.
* connection_ap.c now handles all interactions with application proxies
* "port" is now or_port, op_port, ap_port. But routers are still always
referenced (say, in conn_get_by_addr_port()) by addr / or_port. We
should make routers.c actually read these new ports (currently I've
kludged it so op_port = or_port+10, ap_port=or_port+20)
* circuits currently know if they're at the beginning of the path because
circ->cpath is set. They use this instead for crypts (both ways),
if it's set.
* I still obey the "send a 0 back to the AP when you're ready" protocol,
but I think we should phase it out. I can simply not read from the AP
socket until I'm ready.
I need to do a lot of cleanup work here, but the code appears to work, so
now's a good time for a checkin.
svn:r22
2002-07-02 11:36:58 +02:00
|
|
|
}
|
|
|
|
|
printf("\nb_session_key: ");
|
2003-03-19 21:48:56 +01:00
|
|
|
for(x=0;x<16;x++) {
|
2002-08-22 09:30:03 +02:00
|
|
|
printf("%d ",conn->b_crypto->key[x]);
|
Integrated onion proxy into or/
The 'or' process can now be told (by the global_role variable) what
roles this server should play -- connect to all ORs, listen for ORs,
listen for OPs, listen for APs, or any combination.
* everything in /src/op/ is now obsolete.
* connection_ap.c now handles all interactions with application proxies
* "port" is now or_port, op_port, ap_port. But routers are still always
referenced (say, in conn_get_by_addr_port()) by addr / or_port. We
should make routers.c actually read these new ports (currently I've
kludged it so op_port = or_port+10, ap_port=or_port+20)
* circuits currently know if they're at the beginning of the path because
circ->cpath is set. They use this instead for crypts (both ways),
if it's set.
* I still obey the "send a 0 back to the AP when you're ready" protocol,
but I think we should phase it out. I can simply not read from the AP
socket until I'm ready.
I need to do a lot of cleanup work here, but the code appears to work, so
now's a good time for a checkin.
svn:r22
2002-07-02 11:36:58 +02:00
|
|
|
}
|
|
|
|
|
printf("\n");
|
2002-08-24 08:58:25 +02:00
|
|
|
#endif
|
Integrated onion proxy into or/
The 'or' process can now be told (by the global_role variable) what
roles this server should play -- connect to all ORs, listen for ORs,
listen for OPs, listen for APs, or any combination.
* everything in /src/op/ is now obsolete.
* connection_ap.c now handles all interactions with application proxies
* "port" is now or_port, op_port, ap_port. But routers are still always
referenced (say, in conn_get_by_addr_port()) by addr / or_port. We
should make routers.c actually read these new ports (currently I've
kludged it so op_port = or_port+10, ap_port=or_port+20)
* circuits currently know if they're at the beginning of the path because
circ->cpath is set. They use this instead for crypts (both ways),
if it's set.
* I still obey the "send a 0 back to the AP when you're ready" protocol,
but I think we should phase it out. I can simply not read from the AP
socket until I'm ready.
I need to do a lot of cleanup work here, but the code appears to work, so
now's a good time for a checkin.
svn:r22
2002-07-02 11:36:58 +02:00
|
|
|
|
|
|
|
|
/* encrypt with RSA */
|
2003-03-19 21:48:56 +01:00
|
|
|
if(crypto_pk_public_encrypt(conn->pkey, message, 36, cipher, RSA_PKCS1_PADDING) < 0) {
|
Integrated onion proxy into or/
The 'or' process can now be told (by the global_role variable) what
roles this server should play -- connect to all ORs, listen for ORs,
listen for OPs, listen for APs, or any combination.
* everything in /src/op/ is now obsolete.
* connection_ap.c now handles all interactions with application proxies
* "port" is now or_port, op_port, ap_port. But routers are still always
referenced (say, in conn_get_by_addr_port()) by addr / or_port. We
should make routers.c actually read these new ports (currently I've
kludged it so op_port = or_port+10, ap_port=or_port+20)
* circuits currently know if they're at the beginning of the path because
circ->cpath is set. They use this instead for crypts (both ways),
if it's set.
* I still obey the "send a 0 back to the AP when you're ready" protocol,
but I think we should phase it out. I can simply not read from the AP
socket until I'm ready.
I need to do a lot of cleanup work here, but the code appears to work, so
now's a good time for a checkin.
svn:r22
2002-07-02 11:36:58 +02:00
|
|
|
log(LOG_ERR,"or_handshake_op_send_keys(): Public key encryption failed.");
|
2002-06-27 00:45:49 +02:00
|
|
|
return -1;
|
|
|
|
|
}
|
Integrated onion proxy into or/
The 'or' process can now be told (by the global_role variable) what
roles this server should play -- connect to all ORs, listen for ORs,
listen for OPs, listen for APs, or any combination.
* everything in /src/op/ is now obsolete.
* connection_ap.c now handles all interactions with application proxies
* "port" is now or_port, op_port, ap_port. But routers are still always
referenced (say, in conn_get_by_addr_port()) by addr / or_port. We
should make routers.c actually read these new ports (currently I've
kludged it so op_port = or_port+10, ap_port=or_port+20)
* circuits currently know if they're at the beginning of the path because
circ->cpath is set. They use this instead for crypts (both ways),
if it's set.
* I still obey the "send a 0 back to the AP when you're ready" protocol,
but I think we should phase it out. I can simply not read from the AP
socket until I'm ready.
I need to do a lot of cleanup work here, but the code appears to work, so
now's a good time for a checkin.
svn:r22
2002-07-02 11:36:58 +02:00
|
|
|
log(LOG_DEBUG,"or_handshake_op_send_keys() : Encrypted authentication message.");
|
2002-06-27 00:45:49 +02:00
|
|
|
|
Integrated onion proxy into or/
The 'or' process can now be told (by the global_role variable) what
roles this server should play -- connect to all ORs, listen for ORs,
listen for OPs, listen for APs, or any combination.
* everything in /src/op/ is now obsolete.
* connection_ap.c now handles all interactions with application proxies
* "port" is now or_port, op_port, ap_port. But routers are still always
referenced (say, in conn_get_by_addr_port()) by addr / or_port. We
should make routers.c actually read these new ports (currently I've
kludged it so op_port = or_port+10, ap_port=or_port+20)
* circuits currently know if they're at the beginning of the path because
circ->cpath is set. They use this instead for crypts (both ways),
if it's set.
* I still obey the "send a 0 back to the AP when you're ready" protocol,
but I think we should phase it out. I can simply not read from the AP
socket until I'm ready.
I need to do a lot of cleanup work here, but the code appears to work, so
now's a good time for a checkin.
svn:r22
2002-07-02 11:36:58 +02:00
|
|
|
/* send message */
|
2002-06-27 00:45:49 +02:00
|
|
|
|
Integrated onion proxy into or/
The 'or' process can now be told (by the global_role variable) what
roles this server should play -- connect to all ORs, listen for ORs,
listen for OPs, listen for APs, or any combination.
* everything in /src/op/ is now obsolete.
* connection_ap.c now handles all interactions with application proxies
* "port" is now or_port, op_port, ap_port. But routers are still always
referenced (say, in conn_get_by_addr_port()) by addr / or_port. We
should make routers.c actually read these new ports (currently I've
kludged it so op_port = or_port+10, ap_port=or_port+20)
* circuits currently know if they're at the beginning of the path because
circ->cpath is set. They use this instead for crypts (both ways),
if it's set.
* I still obey the "send a 0 back to the AP when you're ready" protocol,
but I think we should phase it out. I can simply not read from the AP
socket until I'm ready.
I need to do a lot of cleanup work here, but the code appears to work, so
now's a good time for a checkin.
svn:r22
2002-07-02 11:36:58 +02:00
|
|
|
if(connection_write_to_buf(cipher, 128, conn) < 0) {
|
|
|
|
|
log(LOG_DEBUG,"or_handshake_op_send_keys(): my outbuf is full. Oops.");
|
2002-06-27 00:45:49 +02:00
|
|
|
return -1;
|
|
|
|
|
}
|
Integrated onion proxy into or/
The 'or' process can now be told (by the global_role variable) what
roles this server should play -- connect to all ORs, listen for ORs,
listen for OPs, listen for APs, or any combination.
* everything in /src/op/ is now obsolete.
* connection_ap.c now handles all interactions with application proxies
* "port" is now or_port, op_port, ap_port. But routers are still always
referenced (say, in conn_get_by_addr_port()) by addr / or_port. We
should make routers.c actually read these new ports (currently I've
kludged it so op_port = or_port+10, ap_port=or_port+20)
* circuits currently know if they're at the beginning of the path because
circ->cpath is set. They use this instead for crypts (both ways),
if it's set.
* I still obey the "send a 0 back to the AP when you're ready" protocol,
but I think we should phase it out. I can simply not read from the AP
socket until I'm ready.
I need to do a lot of cleanup work here, but the code appears to work, so
now's a good time for a checkin.
svn:r22
2002-07-02 11:36:58 +02:00
|
|
|
retval = connection_flush_buf(conn);
|
|
|
|
|
if(retval < 0) {
|
|
|
|
|
log(LOG_DEBUG,"or_handshake_op_send_keys(): bad socket while flushing.");
|
|
|
|
|
return -1;
|
|
|
|
|
}
|
|
|
|
|
if(retval > 0) {
|
|
|
|
|
/* still stuff on the buffer. */
|
|
|
|
|
conn->state = OR_CONN_STATE_OP_SENDING_KEYS;
|
|
|
|
|
connection_watch_events(conn, POLLOUT | POLLIN);
|
|
|
|
|
return 0;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/* it finished sending */
|
|
|
|
|
log(LOG_DEBUG,"or_handshake_op_send_keys(): Finished sending authentication message.");
|
|
|
|
|
return or_handshake_op_finished_sending_keys(conn);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
int or_handshake_op_finished_sending_keys(connection_t *conn) {
|
|
|
|
|
|
|
|
|
|
/* do crypto initialization, etc */
|
|
|
|
|
conn_or_init_crypto(conn);
|
|
|
|
|
|
|
|
|
|
conn->state = OR_CONN_STATE_OPEN;
|
Implemented link padding and receiver token buckets
Each socket reads at most 'bandwidth' bytes per second sustained, but
can handle bursts of up to 10*bandwidth bytes.
Cells are now sent out at evenly-spaced intervals, with padding sent
out otherwise. Set Linkpadding=0 in the rc file to send cells as soon
as they're available (and to never send padding cells).
Added license/copyrights statements at the top of most files.
router->min and router->max have been merged into a single 'bandwidth'
value. We should make the routerinfo_t reflect this (want to do that,
Mat?)
As the bandwidth increases, and we want to stop sleeping more and more
frequently to send a single cell, cpu usage goes up. At 128kB/s we're
pretty much calling poll with a timeout of 1ms or even 0ms. The current
code takes a timeout of 0-9ms and makes it 10ms. prepare_for_poll()
handles everything that should have happened in the past, so as long as
our buffers don't get too full in that 10ms, we're ok.
Speaking of too full, if you run three servers at 100kB/s with -l debug,
it spends too much time printing debugging messages to be able to keep
up with the cells. The outbuf ultimately fills up and it kills that
connection. If you run with -l err, it works fine up through 500kB/s and
probably beyond. Down the road we'll want to teach it to recognize when
an outbuf is getting full, and back off.
svn:r50
2002-07-16 03:12:15 +02:00
|
|
|
connection_init_timeval(conn);
|
Integrated onion proxy into or/
The 'or' process can now be told (by the global_role variable) what
roles this server should play -- connect to all ORs, listen for ORs,
listen for OPs, listen for APs, or any combination.
* everything in /src/op/ is now obsolete.
* connection_ap.c now handles all interactions with application proxies
* "port" is now or_port, op_port, ap_port. But routers are still always
referenced (say, in conn_get_by_addr_port()) by addr / or_port. We
should make routers.c actually read these new ports (currently I've
kludged it so op_port = or_port+10, ap_port=or_port+20)
* circuits currently know if they're at the beginning of the path because
circ->cpath is set. They use this instead for crypts (both ways),
if it's set.
* I still obey the "send a 0 back to the AP when you're ready" protocol,
but I think we should phase it out. I can simply not read from the AP
socket until I'm ready.
I need to do a lot of cleanup work here, but the code appears to work, so
now's a good time for a checkin.
svn:r22
2002-07-02 11:36:58 +02:00
|
|
|
connection_watch_events(conn, POLLIN); /* give it a default, tho the ap_handshake call may change it */
|
2002-09-24 12:43:57 +02:00
|
|
|
ap_handshake_n_conn_open(conn); /* send the pending onions */
|
|
|
|
|
return 0;
|
Integrated onion proxy into or/
The 'or' process can now be told (by the global_role variable) what
roles this server should play -- connect to all ORs, listen for ORs,
listen for OPs, listen for APs, or any combination.
* everything in /src/op/ is now obsolete.
* connection_ap.c now handles all interactions with application proxies
* "port" is now or_port, op_port, ap_port. But routers are still always
referenced (say, in conn_get_by_addr_port()) by addr / or_port. We
should make routers.c actually read these new ports (currently I've
kludged it so op_port = or_port+10, ap_port=or_port+20)
* circuits currently know if they're at the beginning of the path because
circ->cpath is set. They use this instead for crypts (both ways),
if it's set.
* I still obey the "send a 0 back to the AP when you're ready" protocol,
but I think we should phase it out. I can simply not read from the AP
socket until I'm ready.
I need to do a lot of cleanup work here, but the code appears to work, so
now's a good time for a checkin.
svn:r22
2002-07-02 11:36:58 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
*
|
|
|
|
|
* auth handshake, as performed by OR *initiating* the connection
|
|
|
|
|
*
|
|
|
|
|
*/
|
|
|
|
|
|
2002-10-03 00:54:20 +02:00
|
|
|
connection_t *connection_or_connect_as_or(routerinfo_t *router) {
|
Integrated onion proxy into or/
The 'or' process can now be told (by the global_role variable) what
roles this server should play -- connect to all ORs, listen for ORs,
listen for OPs, listen for APs, or any combination.
* everything in /src/op/ is now obsolete.
* connection_ap.c now handles all interactions with application proxies
* "port" is now or_port, op_port, ap_port. But routers are still always
referenced (say, in conn_get_by_addr_port()) by addr / or_port. We
should make routers.c actually read these new ports (currently I've
kludged it so op_port = or_port+10, ap_port=or_port+20)
* circuits currently know if they're at the beginning of the path because
circ->cpath is set. They use this instead for crypts (both ways),
if it's set.
* I still obey the "send a 0 back to the AP when you're ready" protocol,
but I think we should phase it out. I can simply not read from the AP
socket until I'm ready.
I need to do a lot of cleanup work here, but the code appears to work, so
now's a good time for a checkin.
svn:r22
2002-07-02 11:36:58 +02:00
|
|
|
connection_t *conn;
|
|
|
|
|
int result=0; /* so connection_or_connect() can tell us what happened */
|
|
|
|
|
|
2002-10-03 00:54:20 +02:00
|
|
|
assert(router);
|
Integrated onion proxy into or/
The 'or' process can now be told (by the global_role variable) what
roles this server should play -- connect to all ORs, listen for ORs,
listen for OPs, listen for APs, or any combination.
* everything in /src/op/ is now obsolete.
* connection_ap.c now handles all interactions with application proxies
* "port" is now or_port, op_port, ap_port. But routers are still always
referenced (say, in conn_get_by_addr_port()) by addr / or_port. We
should make routers.c actually read these new ports (currently I've
kludged it so op_port = or_port+10, ap_port=or_port+20)
* circuits currently know if they're at the beginning of the path because
circ->cpath is set. They use this instead for crypts (both ways),
if it's set.
* I still obey the "send a 0 back to the AP when you're ready" protocol,
but I think we should phase it out. I can simply not read from the AP
socket until I'm ready.
I need to do a lot of cleanup work here, but the code appears to work, so
now's a good time for a checkin.
svn:r22
2002-07-02 11:36:58 +02:00
|
|
|
|
2002-10-03 00:54:20 +02:00
|
|
|
if(router_is_me(router->addr, router->or_port)) {
|
Integrated onion proxy into or/
The 'or' process can now be told (by the global_role variable) what
roles this server should play -- connect to all ORs, listen for ORs,
listen for OPs, listen for APs, or any combination.
* everything in /src/op/ is now obsolete.
* connection_ap.c now handles all interactions with application proxies
* "port" is now or_port, op_port, ap_port. But routers are still always
referenced (say, in conn_get_by_addr_port()) by addr / or_port. We
should make routers.c actually read these new ports (currently I've
kludged it so op_port = or_port+10, ap_port=or_port+20)
* circuits currently know if they're at the beginning of the path because
circ->cpath is set. They use this instead for crypts (both ways),
if it's set.
* I still obey the "send a 0 back to the AP when you're ready" protocol,
but I think we should phase it out. I can simply not read from the AP
socket until I'm ready.
I need to do a lot of cleanup work here, but the code appears to work, so
now's a good time for a checkin.
svn:r22
2002-07-02 11:36:58 +02:00
|
|
|
/* this is me! don't connect to me. */
|
|
|
|
|
log(LOG_DEBUG,"connection_or_connect_as_or(): This is me. Skipping.");
|
|
|
|
|
return NULL;
|
|
|
|
|
}
|
|
|
|
|
|
2002-10-03 00:54:20 +02:00
|
|
|
conn = connection_or_connect(router, router->or_port, &result);
|
Integrated onion proxy into or/
The 'or' process can now be told (by the global_role variable) what
roles this server should play -- connect to all ORs, listen for ORs,
listen for OPs, listen for APs, or any combination.
* everything in /src/op/ is now obsolete.
* connection_ap.c now handles all interactions with application proxies
* "port" is now or_port, op_port, ap_port. But routers are still always
referenced (say, in conn_get_by_addr_port()) by addr / or_port. We
should make routers.c actually read these new ports (currently I've
kludged it so op_port = or_port+10, ap_port=or_port+20)
* circuits currently know if they're at the beginning of the path because
circ->cpath is set. They use this instead for crypts (both ways),
if it's set.
* I still obey the "send a 0 back to the AP when you're ready" protocol,
but I think we should phase it out. I can simply not read from the AP
socket until I'm ready.
I need to do a lot of cleanup work here, but the code appears to work, so
now's a good time for a checkin.
svn:r22
2002-07-02 11:36:58 +02:00
|
|
|
if(!conn)
|
|
|
|
|
return NULL;
|
|
|
|
|
|
|
|
|
|
/* now we know it succeeded */
|
|
|
|
|
if(result == 1) {
|
|
|
|
|
conn->state = OR_CONN_STATE_CLIENT_CONNECTING;
|
|
|
|
|
return conn;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if(result == 2) {
|
|
|
|
|
/* move to the next step in the handshake */
|
|
|
|
|
if(or_handshake_client_send_auth(conn) < 0) {
|
|
|
|
|
connection_remove(conn);
|
|
|
|
|
connection_free(conn);
|
|
|
|
|
return NULL;
|
|
|
|
|
}
|
|
|
|
|
return conn;
|
|
|
|
|
}
|
|
|
|
|
return NULL; /* shouldn't get here; to keep gcc happy */
|
2002-06-27 00:45:49 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
int or_handshake_client_send_auth(connection_t *conn) {
|
|
|
|
|
int retval;
|
2003-03-19 22:34:38 +01:00
|
|
|
char buf[48];
|
2002-06-27 00:45:49 +02:00
|
|
|
char cipher[128];
|
2002-10-03 00:54:20 +02:00
|
|
|
struct sockaddr_in me; /* my router identity */
|
2002-06-27 00:45:49 +02:00
|
|
|
|
Implemented link padding and receiver token buckets
Each socket reads at most 'bandwidth' bytes per second sustained, but
can handle bursts of up to 10*bandwidth bytes.
Cells are now sent out at evenly-spaced intervals, with padding sent
out otherwise. Set Linkpadding=0 in the rc file to send cells as soon
as they're available (and to never send padding cells).
Added license/copyrights statements at the top of most files.
router->min and router->max have been merged into a single 'bandwidth'
value. We should make the routerinfo_t reflect this (want to do that,
Mat?)
As the bandwidth increases, and we want to stop sleeping more and more
frequently to send a single cell, cpu usage goes up. At 128kB/s we're
pretty much calling poll with a timeout of 1ms or even 0ms. The current
code takes a timeout of 0-9ms and makes it 10ms. prepare_for_poll()
handles everything that should have happened in the past, so as long as
our buffers don't get too full in that 10ms, we're ok.
Speaking of too full, if you run three servers at 100kB/s with -l debug,
it spends too much time printing debugging messages to be able to keep
up with the cells. The outbuf ultimately fills up and it kills that
connection. If you run with -l err, it works fine up through 500kB/s and
probably beyond. Down the road we'll want to teach it to recognize when
an outbuf is getting full, and back off.
svn:r50
2002-07-16 03:12:15 +02:00
|
|
|
assert(conn);
|
2002-06-27 00:45:49 +02:00
|
|
|
|
2002-10-03 00:54:20 +02:00
|
|
|
if(learn_my_address(&me) < 0)
|
|
|
|
|
return -1;
|
|
|
|
|
|
2002-06-27 00:45:49 +02:00
|
|
|
/* generate random keys */
|
2002-08-22 09:30:03 +02:00
|
|
|
if(crypto_cipher_generate_key(conn->f_crypto) ||
|
|
|
|
|
crypto_cipher_generate_key(conn->b_crypto)) {
|
2002-06-27 00:45:49 +02:00
|
|
|
log(LOG_ERR,"Cannot generate a secure DES key.");
|
|
|
|
|
return -1;
|
|
|
|
|
}
|
|
|
|
|
log(LOG_DEBUG,"or_handshake_client_send_auth() : Generated DES keys.");
|
|
|
|
|
|
|
|
|
|
/* generate first message */
|
2002-10-03 00:54:20 +02:00
|
|
|
*(uint32_t*)buf = me.sin_addr.s_addr; /* local address, network order */
|
|
|
|
|
*(uint16_t*)(buf+4) = me.sin_port; /* local port, network order */
|
2002-08-24 08:58:25 +02:00
|
|
|
*(uint32_t*)(buf+6) = htonl(conn->addr); /* remote address */
|
2002-08-24 09:55:49 +02:00
|
|
|
*(uint16_t*)(buf+10) = htons(conn->port); /* remote port */
|
2003-03-19 21:48:56 +01:00
|
|
|
memcpy(buf+12,conn->f_crypto->key,16); /* keys */
|
|
|
|
|
memcpy(buf+28,conn->b_crypto->key,16);
|
|
|
|
|
*(uint32_t *)(buf+44) = htonl(conn->bandwidth); /* max link utilisation */
|
2002-06-27 00:45:49 +02:00
|
|
|
log(LOG_DEBUG,"or_handshake_client_send_auth() : Generated first authentication message.");
|
|
|
|
|
|
|
|
|
|
/* encrypt message */
|
2003-03-19 21:48:56 +01:00
|
|
|
retval = crypto_pk_public_encrypt(conn->pkey, buf, 48, cipher,RSA_PKCS1_PADDING);
|
2002-06-27 00:45:49 +02:00
|
|
|
if (retval == -1) /* error */
|
|
|
|
|
{
|
2002-08-24 09:55:49 +02:00
|
|
|
log(LOG_ERR,"Public-key encryption failed during authentication to %s:%u.",conn->address,conn->port);
|
2002-08-22 09:30:03 +02:00
|
|
|
log(LOG_DEBUG,"or_handshake_client_send_auth() : Reason : %s.",crypto_perror());
|
2002-06-27 00:45:49 +02:00
|
|
|
return -1;
|
|
|
|
|
}
|
|
|
|
|
log(LOG_DEBUG,"or_handshake_client_send_auth() : Encrypted authentication message.");
|
|
|
|
|
|
|
|
|
|
/* send message */
|
|
|
|
|
|
|
|
|
|
if(connection_write_to_buf(cipher, 128, conn) < 0) {
|
|
|
|
|
log(LOG_DEBUG,"or_handshake_client_send_auth(): my outbuf is full. Oops.");
|
|
|
|
|
return -1;
|
|
|
|
|
}
|
|
|
|
|
retval = connection_flush_buf(conn);
|
|
|
|
|
if(retval < 0) {
|
|
|
|
|
log(LOG_DEBUG,"or_handshake_client_send_auth(): bad socket while flushing.");
|
|
|
|
|
return -1;
|
|
|
|
|
}
|
|
|
|
|
if(retval > 0) {
|
|
|
|
|
/* still stuff on the buffer. */
|
|
|
|
|
conn->state = OR_CONN_STATE_CLIENT_SENDING_AUTH;
|
|
|
|
|
connection_watch_events(conn, POLLOUT | POLLIN);
|
|
|
|
|
return 0;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/* it finished sending */
|
|
|
|
|
log(LOG_DEBUG,"or_handshake_client_send_auth(): Finished sending authentication message.");
|
|
|
|
|
conn->state = OR_CONN_STATE_CLIENT_AUTH_WAIT;
|
|
|
|
|
connection_watch_events(conn, POLLIN);
|
|
|
|
|
return 0;
|
|
|
|
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
int or_handshake_client_process_auth(connection_t *conn) {
|
2003-03-19 22:34:38 +01:00
|
|
|
char buf[128]; /* only 56 of this is expected to be used */
|
2002-06-27 00:45:49 +02:00
|
|
|
char cipher[128];
|
Implemented link padding and receiver token buckets
Each socket reads at most 'bandwidth' bytes per second sustained, but
can handle bursts of up to 10*bandwidth bytes.
Cells are now sent out at evenly-spaced intervals, with padding sent
out otherwise. Set Linkpadding=0 in the rc file to send cells as soon
as they're available (and to never send padding cells).
Added license/copyrights statements at the top of most files.
router->min and router->max have been merged into a single 'bandwidth'
value. We should make the routerinfo_t reflect this (want to do that,
Mat?)
As the bandwidth increases, and we want to stop sleeping more and more
frequently to send a single cell, cpu usage goes up. At 128kB/s we're
pretty much calling poll with a timeout of 1ms or even 0ms. The current
code takes a timeout of 0-9ms and makes it 10ms. prepare_for_poll()
handles everything that should have happened in the past, so as long as
our buffers don't get too full in that 10ms, we're ok.
Speaking of too full, if you run three servers at 100kB/s with -l debug,
it spends too much time printing debugging messages to be able to keep
up with the cells. The outbuf ultimately fills up and it kills that
connection. If you run with -l err, it works fine up through 500kB/s and
probably beyond. Down the road we'll want to teach it to recognize when
an outbuf is getting full, and back off.
svn:r50
2002-07-16 03:12:15 +02:00
|
|
|
uint32_t bandwidth;
|
2002-06-27 00:45:49 +02:00
|
|
|
int retval;
|
2002-10-03 00:54:20 +02:00
|
|
|
struct sockaddr_in me; /* my router identity */
|
2002-06-27 00:45:49 +02:00
|
|
|
|
|
|
|
|
assert(conn);
|
|
|
|
|
|
2002-10-03 00:54:20 +02:00
|
|
|
if(learn_my_address(&me) < 0)
|
|
|
|
|
return -1;
|
|
|
|
|
|
2002-06-27 00:45:49 +02:00
|
|
|
if(conn->inbuf_datalen < 128) /* entire response available? */
|
|
|
|
|
return 0; /* not yet */
|
|
|
|
|
|
|
|
|
|
if(connection_fetch_from_buf(cipher,128,conn) < 0) {
|
|
|
|
|
return -1;
|
|
|
|
|
}
|
|
|
|
|
log(LOG_DEBUG,"or_handshake_client_process_auth() : Received auth.");
|
|
|
|
|
|
|
|
|
|
/* decrypt response */
|
2002-09-28 02:52:59 +02:00
|
|
|
retval = crypto_pk_private_decrypt(getprivatekey(), cipher, 128, buf, RSA_PKCS1_PADDING);
|
2002-06-27 00:45:49 +02:00
|
|
|
if (retval == -1)
|
|
|
|
|
{
|
|
|
|
|
log(LOG_ERR,"Public-key decryption failed during authentication to %s:%u.",
|
2002-08-24 09:55:49 +02:00
|
|
|
conn->address,conn->port);
|
2002-06-27 00:45:49 +02:00
|
|
|
log(LOG_DEBUG,"or_handshake_client_process_auth() : Reason : %s.",
|
2002-08-22 09:30:03 +02:00
|
|
|
crypto_perror());
|
2002-06-27 00:45:49 +02:00
|
|
|
return -1;
|
|
|
|
|
}
|
2003-03-19 22:34:38 +01:00
|
|
|
else if (retval != 56)
|
2002-06-27 00:45:49 +02:00
|
|
|
{
|
2003-03-19 23:02:35 +01:00
|
|
|
log(LOG_ERR,"client_process_auth: incorrect response from router %s:%u.",
|
2002-08-24 09:55:49 +02:00
|
|
|
conn->address,conn->port);
|
2002-06-27 00:45:49 +02:00
|
|
|
return -1;
|
|
|
|
|
}
|
|
|
|
|
log(LOG_DEBUG,"or_handshake_client_process_auth() : Decrypted response.");
|
|
|
|
|
/* check validity */
|
2003-03-19 23:02:35 +01:00
|
|
|
if ( (*(uint32_t*)buf != me.sin_addr.s_addr) || /* local address, network order */
|
|
|
|
|
(*(uint16_t*)(buf+4) != me.sin_port) || /* local port, network order */
|
2002-08-24 08:58:25 +02:00
|
|
|
(ntohl(*(uint32_t*)(buf+6)) != conn->addr) || /* remote address */
|
2003-03-19 23:02:35 +01:00
|
|
|
(ntohs(*(uint16_t*)(buf+10)) != conn->port) ) { /* remote port */
|
|
|
|
|
log(LOG_ERR,"client_process_auth: Router %s:%u: bad address info.", conn->address,conn->port);
|
|
|
|
|
return -1;
|
|
|
|
|
}
|
|
|
|
|
if ( (memcmp(conn->f_crypto->key, buf+12, 16)) || /* keys */
|
|
|
|
|
(memcmp(conn->b_crypto->key, buf+28, 16)) ) {
|
|
|
|
|
log(LOG_ERR,"client_process_auth: Router %s:%u: bad key info.",conn->address,conn->port);
|
2002-06-27 00:45:49 +02:00
|
|
|
return -1;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
log(LOG_DEBUG,"or_handshake_client_process_auth() : Response valid.");
|
|
|
|
|
|
|
|
|
|
/* update link info */
|
2003-03-19 21:48:56 +01:00
|
|
|
bandwidth = ntohl(*(uint32_t *)(buf+44));
|
2002-06-27 00:45:49 +02:00
|
|
|
|
Implemented link padding and receiver token buckets
Each socket reads at most 'bandwidth' bytes per second sustained, but
can handle bursts of up to 10*bandwidth bytes.
Cells are now sent out at evenly-spaced intervals, with padding sent
out otherwise. Set Linkpadding=0 in the rc file to send cells as soon
as they're available (and to never send padding cells).
Added license/copyrights statements at the top of most files.
router->min and router->max have been merged into a single 'bandwidth'
value. We should make the routerinfo_t reflect this (want to do that,
Mat?)
As the bandwidth increases, and we want to stop sleeping more and more
frequently to send a single cell, cpu usage goes up. At 128kB/s we're
pretty much calling poll with a timeout of 1ms or even 0ms. The current
code takes a timeout of 0-9ms and makes it 10ms. prepare_for_poll()
handles everything that should have happened in the past, so as long as
our buffers don't get too full in that 10ms, we're ok.
Speaking of too full, if you run three servers at 100kB/s with -l debug,
it spends too much time printing debugging messages to be able to keep
up with the cells. The outbuf ultimately fills up and it kills that
connection. If you run with -l err, it works fine up through 500kB/s and
probably beyond. Down the road we'll want to teach it to recognize when
an outbuf is getting full, and back off.
svn:r50
2002-07-16 03:12:15 +02:00
|
|
|
if (conn->bandwidth > bandwidth)
|
|
|
|
|
conn->bandwidth = bandwidth;
|
2002-06-27 00:45:49 +02:00
|
|
|
|
|
|
|
|
/* reply is just local addr/port, remote addr/port, nonce */
|
2003-03-19 22:34:38 +01:00
|
|
|
memcpy(buf+12, buf+48, 8);
|
2002-06-27 00:45:49 +02:00
|
|
|
|
|
|
|
|
/* encrypt reply */
|
2002-08-22 09:30:03 +02:00
|
|
|
retval = crypto_pk_public_encrypt(conn->pkey, buf, 20, cipher,RSA_PKCS1_PADDING);
|
2002-06-27 00:45:49 +02:00
|
|
|
if (retval == -1) /* error */
|
|
|
|
|
{
|
2002-08-24 09:55:49 +02:00
|
|
|
log(LOG_ERR,"Public-key encryption failed during authentication to %s:%u.",conn->address,conn->port);
|
2002-08-22 09:30:03 +02:00
|
|
|
log(LOG_DEBUG,"or_handshake_client_process_auth() : Reason : %s.",crypto_perror());
|
2002-06-27 00:45:49 +02:00
|
|
|
return -1;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/* send the message */
|
|
|
|
|
|
|
|
|
|
if(connection_write_to_buf(cipher, 128, conn) < 0) {
|
|
|
|
|
log(LOG_DEBUG,"or_handshake_client_process_auth(): my outbuf is full. Oops.");
|
|
|
|
|
return -1;
|
|
|
|
|
}
|
|
|
|
|
retval = connection_flush_buf(conn);
|
|
|
|
|
if(retval < 0) {
|
|
|
|
|
log(LOG_DEBUG,"or_handshake_client_process_auth(): bad socket while flushing.");
|
|
|
|
|
return -1;
|
|
|
|
|
}
|
|
|
|
|
if(retval > 0) {
|
|
|
|
|
/* still stuff on the buffer. */
|
|
|
|
|
conn->state = OR_CONN_STATE_CLIENT_SENDING_NONCE;
|
|
|
|
|
connection_watch_events(conn, POLLOUT | POLLIN);
|
|
|
|
|
/* return(connection_process_inbuf(conn)); process the rest of the inbuf */
|
|
|
|
|
return 0;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/* it finished sending */
|
|
|
|
|
log(LOG_DEBUG,"or_handshake_client_process_auth(): Finished sending nonce.");
|
|
|
|
|
conn_or_init_crypto(conn);
|
|
|
|
|
conn->state = OR_CONN_STATE_OPEN;
|
Implemented link padding and receiver token buckets
Each socket reads at most 'bandwidth' bytes per second sustained, but
can handle bursts of up to 10*bandwidth bytes.
Cells are now sent out at evenly-spaced intervals, with padding sent
out otherwise. Set Linkpadding=0 in the rc file to send cells as soon
as they're available (and to never send padding cells).
Added license/copyrights statements at the top of most files.
router->min and router->max have been merged into a single 'bandwidth'
value. We should make the routerinfo_t reflect this (want to do that,
Mat?)
As the bandwidth increases, and we want to stop sleeping more and more
frequently to send a single cell, cpu usage goes up. At 128kB/s we're
pretty much calling poll with a timeout of 1ms or even 0ms. The current
code takes a timeout of 0-9ms and makes it 10ms. prepare_for_poll()
handles everything that should have happened in the past, so as long as
our buffers don't get too full in that 10ms, we're ok.
Speaking of too full, if you run three servers at 100kB/s with -l debug,
it spends too much time printing debugging messages to be able to keep
up with the cells. The outbuf ultimately fills up and it kills that
connection. If you run with -l err, it works fine up through 500kB/s and
probably beyond. Down the road we'll want to teach it to recognize when
an outbuf is getting full, and back off.
svn:r50
2002-07-16 03:12:15 +02:00
|
|
|
connection_init_timeval(conn);
|
2002-06-27 00:45:49 +02:00
|
|
|
connection_watch_events(conn, POLLIN);
|
|
|
|
|
return connection_process_inbuf(conn); /* process the rest of the inbuf */
|
|
|
|
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
*
|
|
|
|
|
* auth handshake, as performed by OR *receiving* the connection
|
|
|
|
|
*
|
|
|
|
|
*/
|
|
|
|
|
|
|
|
|
|
int or_handshake_server_process_auth(connection_t *conn) {
|
|
|
|
|
int retval;
|
|
|
|
|
|
2003-03-19 21:48:56 +01:00
|
|
|
char buf[128]; /* only 48 of this is expected to be used */
|
2002-06-27 00:45:49 +02:00
|
|
|
char cipher[128];
|
|
|
|
|
|
|
|
|
|
uint32_t addr;
|
|
|
|
|
uint16_t port;
|
|
|
|
|
|
Implemented link padding and receiver token buckets
Each socket reads at most 'bandwidth' bytes per second sustained, but
can handle bursts of up to 10*bandwidth bytes.
Cells are now sent out at evenly-spaced intervals, with padding sent
out otherwise. Set Linkpadding=0 in the rc file to send cells as soon
as they're available (and to never send padding cells).
Added license/copyrights statements at the top of most files.
router->min and router->max have been merged into a single 'bandwidth'
value. We should make the routerinfo_t reflect this (want to do that,
Mat?)
As the bandwidth increases, and we want to stop sleeping more and more
frequently to send a single cell, cpu usage goes up. At 128kB/s we're
pretty much calling poll with a timeout of 1ms or even 0ms. The current
code takes a timeout of 0-9ms and makes it 10ms. prepare_for_poll()
handles everything that should have happened in the past, so as long as
our buffers don't get too full in that 10ms, we're ok.
Speaking of too full, if you run three servers at 100kB/s with -l debug,
it spends too much time printing debugging messages to be able to keep
up with the cells. The outbuf ultimately fills up and it kills that
connection. If you run with -l err, it works fine up through 500kB/s and
probably beyond. Down the road we'll want to teach it to recognize when
an outbuf is getting full, and back off.
svn:r50
2002-07-16 03:12:15 +02:00
|
|
|
uint32_t bandwidth;
|
2002-06-27 00:45:49 +02:00
|
|
|
routerinfo_t *router;
|
|
|
|
|
|
|
|
|
|
assert(conn);
|
|
|
|
|
|
|
|
|
|
log(LOG_DEBUG,"or_handshake_server_process_auth() entered.");
|
|
|
|
|
|
|
|
|
|
if(conn->inbuf_datalen < 128) /* entire response available? */
|
|
|
|
|
return 0; /* not yet */
|
|
|
|
|
|
|
|
|
|
if(connection_fetch_from_buf(cipher,128,conn) < 0) {
|
|
|
|
|
return -1;
|
|
|
|
|
}
|
|
|
|
|
log(LOG_DEBUG,"or_handshake_server_process_auth() : Received auth.");
|
|
|
|
|
|
|
|
|
|
/* decrypt response */
|
2002-09-28 02:52:59 +02:00
|
|
|
retval = crypto_pk_private_decrypt(getprivatekey(), cipher, 128, buf, RSA_PKCS1_PADDING);
|
2002-06-27 00:45:49 +02:00
|
|
|
if (retval == -1)
|
|
|
|
|
{
|
2003-03-19 23:02:35 +01:00
|
|
|
log(LOG_ERR,"or_handshake_server_process_auth: Public-key decryption failed.");
|
2002-06-27 00:45:49 +02:00
|
|
|
log(LOG_DEBUG,"or_handshake_server_process_auth() : Reason : %s.",
|
2002-08-22 09:30:03 +02:00
|
|
|
crypto_perror());
|
2002-06-27 00:45:49 +02:00
|
|
|
return -1;
|
|
|
|
|
}
|
2003-03-19 21:48:56 +01:00
|
|
|
else if (retval != 48)
|
2002-06-27 00:45:49 +02:00
|
|
|
{
|
2003-03-19 23:02:35 +01:00
|
|
|
log(LOG_ERR,"or_handshake_server_process_auth(): received an incorrect authentication request.");
|
2002-06-27 00:45:49 +02:00
|
|
|
return -1;
|
|
|
|
|
}
|
|
|
|
|
log(LOG_DEBUG,"or_handshake_server_process_auth() : Decrypted authentication message.");
|
|
|
|
|
|
|
|
|
|
/* identify the router */
|
2002-08-24 08:58:25 +02:00
|
|
|
addr = ntohl(*(uint32_t*)buf); /* save the IP address */
|
2002-08-24 09:55:49 +02:00
|
|
|
port = ntohs(*(uint16_t*)(buf+4)); /* save the port */
|
2002-06-27 00:45:49 +02:00
|
|
|
|
|
|
|
|
router = router_get_by_addr_port(addr,port);
|
|
|
|
|
if (!router)
|
|
|
|
|
{
|
2003-03-19 23:02:35 +01:00
|
|
|
log(LOG_DEBUG,"or_handshake_server_process_auth() : unknown router '%s:%d'. Will drop.", conn->address, port);
|
2002-06-27 00:45:49 +02:00
|
|
|
return -1;
|
|
|
|
|
}
|
|
|
|
|
log(LOG_DEBUG,"or_handshake_server_process_auth() : Router identified as %s:%u.",
|
2002-08-24 09:55:49 +02:00
|
|
|
router->address,router->or_port);
|
2002-06-27 00:45:49 +02:00
|
|
|
|
2002-07-08 10:59:15 +02:00
|
|
|
if(connection_exact_get_by_addr_port(addr,port)) {
|
2002-06-27 00:45:49 +02:00
|
|
|
log(LOG_DEBUG,"or_handshake_server_process_auth(): That router is already connected. Dropping.");
|
|
|
|
|
return -1;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/* save keys */
|
2002-08-22 09:30:03 +02:00
|
|
|
crypto_cipher_set_key(conn->b_crypto,buf+12);
|
2003-03-19 21:48:56 +01:00
|
|
|
crypto_cipher_set_key(conn->f_crypto,buf+28);
|
2002-06-27 00:45:49 +02:00
|
|
|
|
|
|
|
|
/* update link info */
|
2003-03-19 21:48:56 +01:00
|
|
|
bandwidth = ntohl(*(uint32_t *)(buf+44));
|
2002-06-27 00:45:49 +02:00
|
|
|
|
2002-09-24 12:43:57 +02:00
|
|
|
conn->bandwidth = router->bandwidth;
|
2002-06-27 00:45:49 +02:00
|
|
|
|
Implemented link padding and receiver token buckets
Each socket reads at most 'bandwidth' bytes per second sustained, but
can handle bursts of up to 10*bandwidth bytes.
Cells are now sent out at evenly-spaced intervals, with padding sent
out otherwise. Set Linkpadding=0 in the rc file to send cells as soon
as they're available (and to never send padding cells).
Added license/copyrights statements at the top of most files.
router->min and router->max have been merged into a single 'bandwidth'
value. We should make the routerinfo_t reflect this (want to do that,
Mat?)
As the bandwidth increases, and we want to stop sleeping more and more
frequently to send a single cell, cpu usage goes up. At 128kB/s we're
pretty much calling poll with a timeout of 1ms or even 0ms. The current
code takes a timeout of 0-9ms and makes it 10ms. prepare_for_poll()
handles everything that should have happened in the past, so as long as
our buffers don't get too full in that 10ms, we're ok.
Speaking of too full, if you run three servers at 100kB/s with -l debug,
it spends too much time printing debugging messages to be able to keep
up with the cells. The outbuf ultimately fills up and it kills that
connection. If you run with -l err, it works fine up through 500kB/s and
probably beyond. Down the road we'll want to teach it to recognize when
an outbuf is getting full, and back off.
svn:r50
2002-07-16 03:12:15 +02:00
|
|
|
if (conn->bandwidth > bandwidth)
|
|
|
|
|
conn->bandwidth = bandwidth;
|
2002-06-27 00:45:49 +02:00
|
|
|
|
|
|
|
|
/* copy all relevant info to conn */
|
Integrated onion proxy into or/
The 'or' process can now be told (by the global_role variable) what
roles this server should play -- connect to all ORs, listen for ORs,
listen for OPs, listen for APs, or any combination.
* everything in /src/op/ is now obsolete.
* connection_ap.c now handles all interactions with application proxies
* "port" is now or_port, op_port, ap_port. But routers are still always
referenced (say, in conn_get_by_addr_port()) by addr / or_port. We
should make routers.c actually read these new ports (currently I've
kludged it so op_port = or_port+10, ap_port=or_port+20)
* circuits currently know if they're at the beginning of the path because
circ->cpath is set. They use this instead for crypts (both ways),
if it's set.
* I still obey the "send a 0 back to the AP when you're ready" protocol,
but I think we should phase it out. I can simply not read from the AP
socket until I'm ready.
I need to do a lot of cleanup work here, but the code appears to work, so
now's a good time for a checkin.
svn:r22
2002-07-02 11:36:58 +02:00
|
|
|
conn->addr = router->addr, conn->port = router->or_port;
|
2002-09-24 12:43:57 +02:00
|
|
|
conn->pkey = crypto_pk_dup_key(router->pkey);
|
2002-06-27 00:45:49 +02:00
|
|
|
conn->address = strdup(router->address);
|
|
|
|
|
|
|
|
|
|
/* generate a nonce */
|
2002-08-22 09:30:03 +02:00
|
|
|
retval = crypto_pseudo_rand(8, conn->nonce);
|
|
|
|
|
if (retval) /* error */
|
2002-06-27 00:45:49 +02:00
|
|
|
{
|
|
|
|
|
log(LOG_ERR,"Cannot generate a nonce.");
|
|
|
|
|
return -1;
|
|
|
|
|
}
|
|
|
|
|
log(LOG_DEBUG,"or_handshake_server_process_auth() : Nonce generated.");
|
|
|
|
|
|
2003-03-19 22:47:18 +01:00
|
|
|
*(uint32_t *)(buf+44) = htonl(conn->bandwidth); /* send max link utilisation */
|
2003-03-19 23:02:35 +01:00
|
|
|
memcpy(buf+48,conn->nonce,8); /* append the nonce to the end of the message */
|
2002-06-27 00:45:49 +02:00
|
|
|
|
|
|
|
|
/* encrypt message */
|
2003-03-19 21:48:56 +01:00
|
|
|
retval = crypto_pk_public_encrypt(conn->pkey, buf, 56, cipher,RSA_PKCS1_PADDING);
|
2002-06-27 00:45:49 +02:00
|
|
|
if (retval == -1) /* error */
|
|
|
|
|
{
|
2002-08-24 09:55:49 +02:00
|
|
|
log(LOG_ERR,"Public-key encryption failed during authentication to %s:%u.",conn->address,conn->port);
|
2002-08-22 09:30:03 +02:00
|
|
|
log(LOG_DEBUG,"or_handshake_server_process_auth() : Reason : %s.",crypto_perror());
|
2002-06-27 00:45:49 +02:00
|
|
|
return -1;
|
|
|
|
|
}
|
|
|
|
|
log(LOG_DEBUG,"or_handshake_server_process_auth() : Reply encrypted.");
|
|
|
|
|
|
|
|
|
|
/* send message */
|
|
|
|
|
|
|
|
|
|
if(connection_write_to_buf(cipher, 128, conn) < 0) {
|
|
|
|
|
log(LOG_DEBUG,"or_handshake_server_process_auth(): my outbuf is full. Oops.");
|
|
|
|
|
return -1;
|
|
|
|
|
}
|
|
|
|
|
retval = connection_flush_buf(conn);
|
|
|
|
|
if(retval < 0) {
|
|
|
|
|
log(LOG_DEBUG,"or_handshake_server_process_auth(): bad socket while flushing.");
|
|
|
|
|
return -1;
|
|
|
|
|
}
|
|
|
|
|
if(retval > 0) {
|
|
|
|
|
/* still stuff on the buffer. */
|
|
|
|
|
conn->state = OR_CONN_STATE_SERVER_SENDING_AUTH;
|
|
|
|
|
connection_watch_events(conn, POLLOUT | POLLIN);
|
|
|
|
|
return 0;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/* it finished sending */
|
|
|
|
|
log(LOG_DEBUG,"or_handshake_server_process_auth(): Finished sending auth.");
|
|
|
|
|
conn->state = OR_CONN_STATE_SERVER_NONCE_WAIT;
|
|
|
|
|
connection_watch_events(conn, POLLIN);
|
|
|
|
|
return 0;
|
|
|
|
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
int or_handshake_server_process_nonce(connection_t *conn) {
|
|
|
|
|
|
|
|
|
|
char buf[128];
|
|
|
|
|
char cipher[128];
|
|
|
|
|
int retval;
|
2002-10-03 00:54:20 +02:00
|
|
|
struct sockaddr_in me; /* my router identity */
|
2002-06-27 00:45:49 +02:00
|
|
|
|
|
|
|
|
assert(conn);
|
|
|
|
|
|
2002-10-03 00:54:20 +02:00
|
|
|
if(learn_my_address(&me) < 0)
|
|
|
|
|
return -1;
|
|
|
|
|
|
2002-06-27 00:45:49 +02:00
|
|
|
if(conn->inbuf_datalen < 128) /* entire response available? */
|
|
|
|
|
return 0; /* not yet */
|
|
|
|
|
|
|
|
|
|
if(connection_fetch_from_buf(cipher,128,conn) < 0) {
|
|
|
|
|
return -1;
|
|
|
|
|
}
|
|
|
|
|
log(LOG_DEBUG,"or_handshake_server_process_nonce() : Received auth.");
|
|
|
|
|
|
|
|
|
|
/* decrypt response */
|
2002-09-28 02:52:59 +02:00
|
|
|
retval = crypto_pk_private_decrypt(getprivatekey(), cipher, 128, buf,RSA_PKCS1_PADDING);
|
2002-06-27 00:45:49 +02:00
|
|
|
if (retval == -1)
|
|
|
|
|
{
|
|
|
|
|
log(LOG_ERR,"Public-key decryption failed during authentication to %s:%u.",
|
2002-08-24 09:55:49 +02:00
|
|
|
conn->address,conn->port);
|
2002-06-27 00:45:49 +02:00
|
|
|
log(LOG_DEBUG,"or_handshake_server_process_nonce() : Reason : %s.",
|
2002-08-22 09:30:03 +02:00
|
|
|
crypto_perror());
|
2002-06-27 00:45:49 +02:00
|
|
|
return -1;
|
|
|
|
|
}
|
|
|
|
|
else if (retval != 20)
|
|
|
|
|
{
|
2003-03-19 23:02:35 +01:00
|
|
|
log(LOG_ERR,"server_process_nonce: incorrect response from router %s:%u.",
|
2002-08-24 09:55:49 +02:00
|
|
|
conn->address,conn->port);
|
2002-06-27 00:45:49 +02:00
|
|
|
return -1;
|
|
|
|
|
}
|
|
|
|
|
log(LOG_DEBUG,"or_handshake_server_process_nonce() : Response decrypted.");
|
|
|
|
|
|
|
|
|
|
/* check validity */
|
2002-08-24 08:58:25 +02:00
|
|
|
if ((ntohl(*(uint32_t*)buf) != conn->addr) || /* remote address */
|
2002-08-24 09:55:49 +02:00
|
|
|
(ntohs(*(uint16_t*)(buf+4)) != conn->port) || /* remote port */
|
2002-10-03 00:54:20 +02:00
|
|
|
(*(uint32_t*)(buf+6) != me.sin_addr.s_addr) || /* local address, network order */
|
|
|
|
|
(*(uint16_t*)(buf+10) != me.sin_port) || /* local port, network order */
|
2002-06-27 00:45:49 +02:00
|
|
|
(memcmp(conn->nonce,buf+12,8))) /* nonce */
|
|
|
|
|
{
|
2003-03-19 23:02:35 +01:00
|
|
|
log(LOG_ERR,"server_process_nonce: Router %s:%u gave bad response.",conn->address,conn->port);
|
2002-06-27 00:45:49 +02:00
|
|
|
return -1;
|
|
|
|
|
}
|
|
|
|
|
log(LOG_DEBUG,"or_handshake_server_process_nonce() : Response valid. Authentication complete.");
|
|
|
|
|
|
|
|
|
|
conn_or_init_crypto(conn);
|
|
|
|
|
conn->state = OR_CONN_STATE_OPEN;
|
Implemented link padding and receiver token buckets
Each socket reads at most 'bandwidth' bytes per second sustained, but
can handle bursts of up to 10*bandwidth bytes.
Cells are now sent out at evenly-spaced intervals, with padding sent
out otherwise. Set Linkpadding=0 in the rc file to send cells as soon
as they're available (and to never send padding cells).
Added license/copyrights statements at the top of most files.
router->min and router->max have been merged into a single 'bandwidth'
value. We should make the routerinfo_t reflect this (want to do that,
Mat?)
As the bandwidth increases, and we want to stop sleeping more and more
frequently to send a single cell, cpu usage goes up. At 128kB/s we're
pretty much calling poll with a timeout of 1ms or even 0ms. The current
code takes a timeout of 0-9ms and makes it 10ms. prepare_for_poll()
handles everything that should have happened in the past, so as long as
our buffers don't get too full in that 10ms, we're ok.
Speaking of too full, if you run three servers at 100kB/s with -l debug,
it spends too much time printing debugging messages to be able to keep
up with the cells. The outbuf ultimately fills up and it kills that
connection. If you run with -l err, it works fine up through 500kB/s and
probably beyond. Down the road we'll want to teach it to recognize when
an outbuf is getting full, and back off.
svn:r50
2002-07-16 03:12:15 +02:00
|
|
|
connection_init_timeval(conn);
|
2002-06-27 00:45:49 +02:00
|
|
|
connection_watch_events(conn, POLLIN);
|
|
|
|
|
return connection_process_inbuf(conn); /* process the rest of the inbuf */
|
|
|
|
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
/* ********************************** */
|
|
|
|
|
|
|
|
|
|
|
2002-10-03 00:54:20 +02:00
|
|
|
int connection_or_create_listener(struct sockaddr_in *bindaddr) {
|
2002-06-27 00:45:49 +02:00
|
|
|
log(LOG_DEBUG,"connection_create_or_listener starting");
|
2002-10-03 00:54:20 +02:00
|
|
|
return connection_create_listener(bindaddr, CONN_TYPE_OR_LISTENER);
|
2002-06-27 00:45:49 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
int connection_or_handle_listener_read(connection_t *conn) {
|
|
|
|
|
log(LOG_NOTICE,"OR: Received a connection request from a router. Attempting to authenticate.");
|
|
|
|
|
return connection_handle_listener_read(conn, CONN_TYPE_OR, OR_CONN_STATE_SERVER_AUTH_WAIT);
|
|
|
|
|
}
|
|
|
|
|
|