2006-02-09 06:46:49 +01:00
|
|
|
/* Copyright (c) 2001 Matej Pfajfar.
|
|
|
|
|
* Copyright (c) 2001-2004, Roger Dingledine.
|
2007-12-12 22:09:01 +01:00
|
|
|
* Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson.
|
2011-01-03 17:50:39 +01:00
|
|
|
* Copyright (c) 2007-2011, The Tor Project, Inc. */
|
Implemented link padding and receiver token buckets
Each socket reads at most 'bandwidth' bytes per second sustained, but
can handle bursts of up to 10*bandwidth bytes.
Cells are now sent out at evenly-spaced intervals, with padding sent
out otherwise. Set Linkpadding=0 in the rc file to send cells as soon
as they're available (and to never send padding cells).
Added license/copyrights statements at the top of most files.
router->min and router->max have been merged into a single 'bandwidth'
value. We should make the routerinfo_t reflect this (want to do that,
Mat?)
As the bandwidth increases, and we want to stop sleeping more and more
frequently to send a single cell, cpu usage goes up. At 128kB/s we're
pretty much calling poll with a timeout of 1ms or even 0ms. The current
code takes a timeout of 0-9ms and makes it 10ms. prepare_for_poll()
handles everything that should have happened in the past, so as long as
our buffers don't get too full in that 10ms, we're ok.
Speaking of too full, if you run three servers at 100kB/s with -l debug,
it spends too much time printing debugging messages to be able to keep
up with the cells. The outbuf ultimately fills up and it kills that
connection. If you run with -l err, it works fine up through 500kB/s and
probably beyond. Down the road we'll want to teach it to recognize when
an outbuf is getting full, and back off.
svn:r50
2002-07-16 03:12:15 +02:00
|
|
|
/* See LICENSE for licensing information */
|
2002-06-27 00:45:49 +02:00
|
|
|
|
2004-05-09 18:47:25 +02:00
|
|
|
/**
|
|
|
|
|
* \file command.c
|
2005-06-11 07:31:17 +02:00
|
|
|
* \brief Functions for processing incoming cells.
|
2004-05-09 18:47:25 +02:00
|
|
|
**/
|
|
|
|
|
|
2004-05-11 05:21:18 +02:00
|
|
|
/* In-points to command.c:
|
|
|
|
|
*
|
|
|
|
|
* - command_process_cell(), called from
|
2004-05-13 01:48:57 +02:00
|
|
|
* connection_or_process_cells_from_inbuf() in connection_or.c
|
2004-05-11 05:21:18 +02:00
|
|
|
*/
|
|
|
|
|
|
2002-06-27 00:45:49 +02:00
|
|
|
#include "or.h"
|
2010-07-22 01:21:00 +02:00
|
|
|
#include "circuitbuild.h"
|
2010-07-22 09:46:23 +02:00
|
|
|
#include "circuitlist.h"
|
2010-07-22 10:08:32 +02:00
|
|
|
#include "command.h"
|
2010-07-22 10:32:52 +02:00
|
|
|
#include "connection.h"
|
2010-07-22 10:50:34 +02:00
|
|
|
#include "connection_or.h"
|
2010-07-22 10:22:51 +02:00
|
|
|
#include "config.h"
|
2010-07-22 11:35:09 +02:00
|
|
|
#include "control.h"
|
2010-07-22 11:40:39 +02:00
|
|
|
#include "cpuworker.h"
|
2010-07-22 12:30:46 +02:00
|
|
|
#include "hibernate.h"
|
Initial conversion to use node_t throughout our codebase.
A node_t is an abstraction over routerstatus_t, routerinfo_t, and
microdesc_t. It should try to present a consistent interface to all
of them. There should be a node_t for a server whenever there is
* A routerinfo_t for it in the routerlist
* A routerstatus_t in the current_consensus.
(note that a microdesc_t alone isn't enough to make a node_t exist,
since microdescriptors aren't usable on their own.)
There are three ways to get a node_t right now: looking it up by ID,
looking it up by nickname, and iterating over the whole list of
microdescriptors.
All (or nearly all) functions that are supposed to return "a router"
-- especially those used in building connections and circuits --
should return a node_t, not a routerinfo_t or a routerstatus_t.
A node_t should hold all the *mutable* flags about a node. This
patch moves the is_foo flags from routerinfo_t into node_t. The
flags in routerstatus_t remain, but they get set from the consensus
and should not change.
Some other highlights of this patch are:
* Looking up routerinfo and routerstatus by nickname is now
unified and based on the "look up a node by nickname" function.
This tries to look only at the values from current consensus,
and not get confused by the routerinfo_t->is_named flag, which
could get set for other weird reasons. This changes the
behavior of how authorities (when acting as clients) deal with
nodes that have been listed by nickname.
* I tried not to artificially increase the size of the diff here
by moving functions around. As a result, some functions that
now operate on nodes are now in the wrong file -- they should
get moved to nodelist.c once this refactoring settles down.
This moving should happen as part of a patch that moves
functions AND NOTHING ELSE.
* Some old code is now left around inside #if 0/1 blocks, and
should get removed once I've verified that I don't want it
sitting around to see how we used to do things.
There are still some unimplemented functions: these are flagged
with "UNIMPLEMENTED_NODELIST()." I'll work on filling in the
implementation here, piece by piece.
I wish this patch could have been smaller, but there did not seem to
be any piece of it that was independent from the rest. Moving flags
forces many functions that once returned routerinfo_t * to return
node_t *, which forces their friends to change, and so on.
2010-09-29 21:00:41 +02:00
|
|
|
#include "nodelist.h"
|
2010-07-23 20:38:25 +02:00
|
|
|
#include "onion.h"
|
2010-07-23 21:53:11 +02:00
|
|
|
#include "relay.h"
|
2010-07-21 16:17:10 +02:00
|
|
|
#include "router.h"
|
2010-07-21 17:08:11 +02:00
|
|
|
#include "routerlist.h"
|
2002-06-27 00:45:49 +02:00
|
|
|
|
2008-12-23 18:56:31 +01:00
|
|
|
/** How many CELL_PADDING cells have we received, ever? */
|
2005-12-31 09:09:26 +01:00
|
|
|
uint64_t stats_n_padding_cells_processed = 0;
|
2008-12-23 18:56:31 +01:00
|
|
|
/** How many CELL_CREATE cells have we received, ever? */
|
2005-12-31 09:09:26 +01:00
|
|
|
uint64_t stats_n_create_cells_processed = 0;
|
2008-12-23 18:56:31 +01:00
|
|
|
/** How many CELL_CREATED cells have we received, ever? */
|
2005-12-31 09:09:26 +01:00
|
|
|
uint64_t stats_n_created_cells_processed = 0;
|
2008-12-23 18:56:31 +01:00
|
|
|
/** How many CELL_RELAY cells have we received, ever? */
|
2005-12-31 09:09:26 +01:00
|
|
|
uint64_t stats_n_relay_cells_processed = 0;
|
2008-12-23 18:56:31 +01:00
|
|
|
/** How many CELL_DESTROY cells have we received, ever? */
|
2005-12-31 09:09:26 +01:00
|
|
|
uint64_t stats_n_destroy_cells_processed = 0;
|
2008-12-23 18:56:31 +01:00
|
|
|
/** How many CELL_VERSIONS cells have we received, ever? */
|
2007-10-30 19:31:30 +01:00
|
|
|
uint64_t stats_n_versions_cells_processed = 0;
|
2008-12-23 18:56:31 +01:00
|
|
|
/** How many CELL_NETINFO cells have we received, ever? */
|
2007-10-30 19:31:30 +01:00
|
|
|
uint64_t stats_n_netinfo_cells_processed = 0;
|
2003-10-02 22:00:38 +02:00
|
|
|
|
2011-09-27 19:15:36 +02:00
|
|
|
/** How many CELL_VPADDING cells have we received, ever? */
|
|
|
|
|
uint64_t stats_n_vpadding_cells_processed = 0;
|
|
|
|
|
/** How many CELL_CERTS cells have we received, ever? */
|
2011-10-31 09:33:38 +01:00
|
|
|
uint64_t stats_n_certs_cells_processed = 0;
|
2011-09-27 19:15:36 +02:00
|
|
|
/** How many CELL_AUTH_CHALLENGE cells have we received, ever? */
|
|
|
|
|
uint64_t stats_n_auth_challenge_cells_processed = 0;
|
|
|
|
|
/** How many CELL_AUTHENTICATE cells have we received, ever? */
|
|
|
|
|
uint64_t stats_n_authenticate_cells_processed = 0;
|
2011-10-27 02:19:29 +02:00
|
|
|
/** How many CELL_AUTHORIZE cells have we received, ever? */
|
|
|
|
|
uint64_t stats_n_authorize_cells_processed = 0;
|
2011-09-27 19:15:36 +02:00
|
|
|
|
2007-10-30 19:31:30 +01:00
|
|
|
/* These are the main functions for processing cells */
|
2006-07-26 21:07:26 +02:00
|
|
|
static void command_process_create_cell(cell_t *cell, or_connection_t *conn);
|
|
|
|
|
static void command_process_created_cell(cell_t *cell, or_connection_t *conn);
|
|
|
|
|
static void command_process_relay_cell(cell_t *cell, or_connection_t *conn);
|
|
|
|
|
static void command_process_destroy_cell(cell_t *cell, or_connection_t *conn);
|
2007-11-05 22:46:35 +01:00
|
|
|
static void command_process_versions_cell(var_cell_t *cell,
|
|
|
|
|
or_connection_t *conn);
|
2007-10-30 19:31:30 +01:00
|
|
|
static void command_process_netinfo_cell(cell_t *cell, or_connection_t *conn);
|
2011-10-31 09:33:38 +01:00
|
|
|
static void command_process_certs_cell(var_cell_t *cell,
|
2011-09-27 19:15:36 +02:00
|
|
|
or_connection_t *conn);
|
|
|
|
|
static void command_process_auth_challenge_cell(var_cell_t *cell,
|
|
|
|
|
or_connection_t *conn);
|
|
|
|
|
static void command_process_authenticate_cell(var_cell_t *cell,
|
|
|
|
|
or_connection_t *conn);
|
2011-10-27 02:19:29 +02:00
|
|
|
static int enter_v3_handshake_with_cell(var_cell_t *cell,
|
|
|
|
|
or_connection_t *conn);
|
2003-09-16 07:41:49 +02:00
|
|
|
|
2005-01-03 21:03:49 +01:00
|
|
|
#ifdef KEEP_TIMING_STATS
|
2004-05-09 18:47:25 +02:00
|
|
|
/** This is a wrapper function around the actual function that processes the
|
|
|
|
|
* <b>cell</b> that just arrived on <b>conn</b>. Increment <b>*time</b>
|
|
|
|
|
* by the number of microseconds used by the call to <b>*func(cell, conn)</b>.
|
2004-05-07 10:07:41 +02:00
|
|
|
*/
|
2005-06-11 20:52:12 +02:00
|
|
|
static void
|
2006-07-26 21:07:26 +02:00
|
|
|
command_time_process_cell(cell_t *cell, or_connection_t *conn, int *time,
|
|
|
|
|
void (*func)(cell_t *, or_connection_t *))
|
2005-06-11 20:52:12 +02:00
|
|
|
{
|
2002-11-24 09:45:54 +01:00
|
|
|
struct timeval start, end;
|
2003-12-17 22:09:31 +01:00
|
|
|
long time_passed;
|
2002-11-24 09:45:54 +01:00
|
|
|
|
2003-10-04 05:29:09 +02:00
|
|
|
tor_gettimeofday(&start);
|
2002-11-24 09:45:54 +01:00
|
|
|
|
|
|
|
|
(*func)(cell, conn);
|
|
|
|
|
|
2003-10-04 05:29:09 +02:00
|
|
|
tor_gettimeofday(&end);
|
2003-04-16 19:04:58 +02:00
|
|
|
time_passed = tv_udiff(&start, &end) ;
|
2002-11-24 09:45:54 +01:00
|
|
|
|
2004-02-28 08:01:22 +01:00
|
|
|
if (time_passed > 10000) { /* more than 10ms */
|
2006-02-13 09:28:42 +01:00
|
|
|
log_debug(LD_OR,"That call just took %ld ms.",time_passed/1000);
|
2002-11-24 09:45:54 +01:00
|
|
|
}
|
2004-11-23 01:08:26 +01:00
|
|
|
if (time_passed < 0) {
|
2006-02-13 09:28:42 +01:00
|
|
|
log_info(LD_GENERAL,"That call took us back in time!");
|
2004-11-23 01:08:26 +01:00
|
|
|
time_passed = 0;
|
|
|
|
|
}
|
2002-11-24 09:45:54 +01:00
|
|
|
*time += time_passed;
|
|
|
|
|
}
|
2005-01-03 21:03:49 +01:00
|
|
|
#endif
|
2002-11-24 09:45:54 +01:00
|
|
|
|
2004-05-09 18:47:25 +02:00
|
|
|
/** Process a <b>cell</b> that was just received on <b>conn</b>. Keep internal
|
2004-05-07 10:07:41 +02:00
|
|
|
* statistics about how many of each cell we've processed so far
|
|
|
|
|
* this second, and the total number of microseconds it took to
|
|
|
|
|
* process each type of cell.
|
|
|
|
|
*/
|
2005-06-11 20:52:12 +02:00
|
|
|
void
|
2006-07-26 21:07:26 +02:00
|
|
|
command_process_cell(cell_t *cell, or_connection_t *conn)
|
2005-06-11 20:52:12 +02:00
|
|
|
{
|
2011-09-27 19:15:36 +02:00
|
|
|
int handshaking = (conn->_base.state != OR_CONN_STATE_OPEN);
|
2004-12-25 07:10:34 +01:00
|
|
|
#ifdef KEEP_TIMING_STATS
|
2004-05-07 10:07:41 +02:00
|
|
|
/* how many of each cell have we seen so far this second? needs better
|
|
|
|
|
* name. */
|
2003-05-20 08:41:23 +02:00
|
|
|
static int num_create=0, num_created=0, num_relay=0, num_destroy=0;
|
2004-05-07 10:07:41 +02:00
|
|
|
/* how long has it taken to process each type of cell? */
|
2003-05-20 08:41:23 +02:00
|
|
|
static int create_time=0, created_time=0, relay_time=0, destroy_time=0;
|
2003-10-04 05:29:09 +02:00
|
|
|
static time_t current_second = 0; /* from previous calls to time */
|
2004-05-07 10:07:41 +02:00
|
|
|
|
2003-10-04 05:29:09 +02:00
|
|
|
time_t now = time(NULL);
|
2002-11-24 09:45:54 +01:00
|
|
|
|
2004-11-28 10:05:49 +01:00
|
|
|
if (now > current_second) { /* the second has rolled over */
|
2002-11-24 09:45:54 +01:00
|
|
|
/* print stats */
|
2006-02-13 09:28:42 +01:00
|
|
|
log_info(LD_OR,
|
|
|
|
|
"At end of second: %d creates (%d ms), %d createds (%d ms), "
|
2005-12-14 21:40:40 +01:00
|
|
|
"%d relays (%d ms), %d destroys (%d ms)",
|
2005-12-10 10:36:26 +01:00
|
|
|
num_create, create_time/1000,
|
|
|
|
|
num_created, created_time/1000,
|
|
|
|
|
num_relay, relay_time/1000,
|
|
|
|
|
num_destroy, destroy_time/1000);
|
2002-11-24 09:45:54 +01:00
|
|
|
|
|
|
|
|
/* zero out stats */
|
2003-05-20 08:41:23 +02:00
|
|
|
num_create = num_created = num_relay = num_destroy = 0;
|
|
|
|
|
create_time = created_time = relay_time = destroy_time = 0;
|
2002-11-24 09:45:54 +01:00
|
|
|
|
|
|
|
|
/* remember which second it is, for next time */
|
2003-10-04 05:29:09 +02:00
|
|
|
current_second = now;
|
2002-11-24 09:45:54 +01:00
|
|
|
}
|
2004-12-25 07:10:34 +01:00
|
|
|
#endif
|
2002-06-27 00:45:49 +02:00
|
|
|
|
2007-10-30 19:31:30 +01:00
|
|
|
#ifdef KEEP_TIMING_STATS
|
|
|
|
|
#define PROCESS_CELL(tp, cl, cn) STMT_BEGIN { \
|
|
|
|
|
++num ## tp; \
|
|
|
|
|
command_time_process_cell(cl, cn, & tp ## time , \
|
|
|
|
|
command_process_ ## tp ## _cell); \
|
|
|
|
|
} STMT_END
|
|
|
|
|
#else
|
|
|
|
|
#define PROCESS_CELL(tp, cl, cn) command_process_ ## tp ## _cell(cl, cn)
|
|
|
|
|
#endif
|
|
|
|
|
|
2011-10-28 23:04:15 +02:00
|
|
|
if (conn->_base.marked_for_close)
|
|
|
|
|
return;
|
|
|
|
|
|
2008-02-09 00:41:29 +01:00
|
|
|
/* Reject all but VERSIONS and NETINFO when handshaking. */
|
2011-10-06 20:58:59 +02:00
|
|
|
/* (VERSIONS should actually be impossible; it's variable-length.) */
|
2008-02-09 00:41:29 +01:00
|
|
|
if (handshaking && cell->command != CELL_VERSIONS &&
|
2011-10-06 20:58:59 +02:00
|
|
|
cell->command != CELL_NETINFO) {
|
|
|
|
|
log_fn(LOG_PROTOCOL_WARN, LD_PROTOCOL,
|
|
|
|
|
"Received unexpected cell command %d in state %s; ignoring it.",
|
|
|
|
|
(int)cell->command,
|
|
|
|
|
conn_state_to_string(CONN_TYPE_OR,conn->_base.state));
|
2008-02-06 06:31:21 +01:00
|
|
|
return;
|
2011-10-06 20:58:59 +02:00
|
|
|
}
|
2011-09-27 19:15:36 +02:00
|
|
|
|
|
|
|
|
if (conn->_base.state == OR_CONN_STATE_OR_HANDSHAKING_V3)
|
|
|
|
|
or_handshake_state_record_cell(conn->handshake_state, cell, 1);
|
2008-02-06 06:31:21 +01:00
|
|
|
|
2004-11-28 10:05:49 +01:00
|
|
|
switch (cell->command) {
|
2002-06-27 00:45:49 +02:00
|
|
|
case CELL_PADDING:
|
2003-10-02 22:00:38 +02:00
|
|
|
++stats_n_padding_cells_processed;
|
2002-06-27 00:45:49 +02:00
|
|
|
/* do nothing */
|
|
|
|
|
break;
|
|
|
|
|
case CELL_CREATE:
|
2005-05-03 00:35:18 +02:00
|
|
|
case CELL_CREATE_FAST:
|
2003-10-02 22:00:38 +02:00
|
|
|
++stats_n_create_cells_processed;
|
2007-10-30 19:31:30 +01:00
|
|
|
PROCESS_CELL(create, cell, conn);
|
2002-06-27 00:45:49 +02:00
|
|
|
break;
|
2003-05-06 01:24:46 +02:00
|
|
|
case CELL_CREATED:
|
2005-05-03 00:35:18 +02:00
|
|
|
case CELL_CREATED_FAST:
|
2003-10-02 22:00:38 +02:00
|
|
|
++stats_n_created_cells_processed;
|
2007-10-30 19:31:30 +01:00
|
|
|
PROCESS_CELL(created, cell, conn);
|
2003-05-06 01:24:46 +02:00
|
|
|
break;
|
2003-05-01 08:42:29 +02:00
|
|
|
case CELL_RELAY:
|
2007-11-14 21:01:15 +01:00
|
|
|
case CELL_RELAY_EARLY:
|
2003-10-02 22:00:38 +02:00
|
|
|
++stats_n_relay_cells_processed;
|
2007-10-30 19:31:30 +01:00
|
|
|
PROCESS_CELL(relay, cell, conn);
|
2002-06-27 00:45:49 +02:00
|
|
|
break;
|
|
|
|
|
case CELL_DESTROY:
|
2003-10-02 22:00:38 +02:00
|
|
|
++stats_n_destroy_cells_processed;
|
2007-10-30 19:31:30 +01:00
|
|
|
PROCESS_CELL(destroy, cell, conn);
|
|
|
|
|
break;
|
|
|
|
|
case CELL_VERSIONS:
|
2007-11-05 22:46:35 +01:00
|
|
|
tor_fragile_assert();
|
2007-10-30 19:31:30 +01:00
|
|
|
break;
|
|
|
|
|
case CELL_NETINFO:
|
|
|
|
|
++stats_n_netinfo_cells_processed;
|
|
|
|
|
PROCESS_CELL(netinfo, cell, conn);
|
2002-06-27 00:45:49 +02:00
|
|
|
break;
|
2002-07-18 08:37:58 +02:00
|
|
|
default:
|
2007-10-30 19:31:30 +01:00
|
|
|
log_fn(LOG_INFO, LD_PROTOCOL,
|
2005-10-17 02:35:53 +02:00
|
|
|
"Cell of unknown type (%d) received. Dropping.", cell->command);
|
2002-07-18 08:37:58 +02:00
|
|
|
break;
|
2002-06-27 00:45:49 +02:00
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2011-10-27 02:19:29 +02:00
|
|
|
/** Return true if <b>command</b> is a cell command that's allowed to start a
|
|
|
|
|
* V3 handshake. */
|
|
|
|
|
static int
|
|
|
|
|
command_allowed_before_handshake(uint8_t command)
|
|
|
|
|
{
|
|
|
|
|
switch (command) {
|
|
|
|
|
case CELL_VERSIONS:
|
|
|
|
|
case CELL_VPADDING:
|
|
|
|
|
case CELL_AUTHORIZE:
|
|
|
|
|
return 1;
|
|
|
|
|
default:
|
|
|
|
|
return 0;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2007-11-05 22:46:35 +01:00
|
|
|
/** Process a <b>cell</b> that was just received on <b>conn</b>. Keep internal
|
|
|
|
|
* statistics about how many of each cell we've processed so far
|
|
|
|
|
* this second, and the total number of microseconds it took to
|
|
|
|
|
* process each type of cell.
|
|
|
|
|
*/
|
|
|
|
|
void
|
|
|
|
|
command_process_var_cell(var_cell_t *cell, or_connection_t *conn)
|
|
|
|
|
{
|
|
|
|
|
#ifdef KEEP_TIMING_STATS
|
|
|
|
|
/* how many of each cell have we seen so far this second? needs better
|
|
|
|
|
* name. */
|
2011-10-31 09:33:38 +01:00
|
|
|
static int num_versions=0, num_certs=0;
|
2007-11-05 22:46:35 +01:00
|
|
|
|
|
|
|
|
time_t now = time(NULL);
|
|
|
|
|
|
|
|
|
|
if (now > current_second) { /* the second has rolled over */
|
|
|
|
|
/* print stats */
|
|
|
|
|
log_info(LD_OR,
|
2011-10-31 09:33:38 +01:00
|
|
|
"At end of second: %d versions (%d ms), %d certs (%d ms)",
|
2007-11-05 22:46:35 +01:00
|
|
|
num_versions, versions_time/1000,
|
2011-10-31 09:33:38 +01:00
|
|
|
num_certs, certs_time/1000);
|
2007-11-05 22:46:35 +01:00
|
|
|
|
2011-10-31 09:33:38 +01:00
|
|
|
num_versions = num_certs = 0;
|
|
|
|
|
versions_time = certs_time = 0;
|
2007-11-05 22:46:35 +01:00
|
|
|
|
|
|
|
|
/* remember which second it is, for next time */
|
|
|
|
|
current_second = now;
|
|
|
|
|
}
|
|
|
|
|
#endif
|
|
|
|
|
|
2011-10-28 23:04:15 +02:00
|
|
|
if (conn->_base.marked_for_close)
|
|
|
|
|
return;
|
|
|
|
|
|
2011-09-27 19:15:36 +02:00
|
|
|
switch (conn->_base.state)
|
|
|
|
|
{
|
|
|
|
|
case OR_CONN_STATE_OR_HANDSHAKING_V2:
|
|
|
|
|
if (cell->command != CELL_VERSIONS)
|
|
|
|
|
return;
|
|
|
|
|
break;
|
|
|
|
|
case OR_CONN_STATE_TLS_HANDSHAKING:
|
|
|
|
|
/* If we're using bufferevents, it's entirely possible for us to
|
|
|
|
|
* notice "hey, data arrived!" before we notice "hey, the handshake
|
|
|
|
|
* finished!" And we need to be accepting both at once to handle both
|
|
|
|
|
* the v2 and v3 handshakes. */
|
|
|
|
|
|
|
|
|
|
/* fall through */
|
|
|
|
|
case OR_CONN_STATE_TLS_SERVER_RENEGOTIATING:
|
2011-10-27 02:19:29 +02:00
|
|
|
if (! command_allowed_before_handshake(cell->command)) {
|
2011-10-06 20:58:59 +02:00
|
|
|
log_fn(LOG_PROTOCOL_WARN, LD_PROTOCOL,
|
2011-10-27 02:19:29 +02:00
|
|
|
"Received a cell with command %d in state %s; "
|
2011-10-06 20:58:59 +02:00
|
|
|
"ignoring it.",
|
|
|
|
|
(int)cell->command,
|
|
|
|
|
conn_state_to_string(CONN_TYPE_OR,conn->_base.state));
|
|
|
|
|
return;
|
2011-10-27 02:19:29 +02:00
|
|
|
} else {
|
|
|
|
|
if (enter_v3_handshake_with_cell(cell, conn)<0)
|
|
|
|
|
return;
|
2011-10-06 20:58:59 +02:00
|
|
|
}
|
2011-09-27 19:15:36 +02:00
|
|
|
break;
|
|
|
|
|
case OR_CONN_STATE_OR_HANDSHAKING_V3:
|
2011-09-28 16:31:56 +02:00
|
|
|
if (cell->command != CELL_AUTHENTICATE)
|
|
|
|
|
or_handshake_state_record_var_cell(conn->handshake_state, cell, 1);
|
2011-09-27 19:15:36 +02:00
|
|
|
break; /* Everything is allowed */
|
|
|
|
|
case OR_CONN_STATE_OPEN:
|
2011-10-06 20:58:59 +02:00
|
|
|
if (conn->link_proto < 3) {
|
|
|
|
|
log_fn(LOG_PROTOCOL_WARN, LD_PROTOCOL,
|
|
|
|
|
"Received a variable-length cell with command %d in state %s "
|
|
|
|
|
"with link protocol %d; ignoring it.",
|
|
|
|
|
(int)cell->command,
|
|
|
|
|
conn_state_to_string(CONN_TYPE_OR,conn->_base.state),
|
|
|
|
|
(int)conn->link_proto);
|
2011-09-27 19:15:36 +02:00
|
|
|
return;
|
2011-10-06 20:58:59 +02:00
|
|
|
}
|
|
|
|
|
break;
|
2011-09-27 19:15:36 +02:00
|
|
|
default:
|
2011-10-06 20:58:59 +02:00
|
|
|
log_fn(LOG_PROTOCOL_WARN, LD_PROTOCOL,
|
|
|
|
|
"Received var-length cell with command %d in unexpected state "
|
|
|
|
|
"%s [%d]; ignoring it.",
|
|
|
|
|
(int)cell->command,
|
|
|
|
|
conn_state_to_string(CONN_TYPE_OR,conn->_base.state),
|
|
|
|
|
(int)conn->_base.state);
|
2011-09-27 19:15:36 +02:00
|
|
|
return;
|
|
|
|
|
}
|
2008-02-06 06:31:21 +01:00
|
|
|
|
2007-11-05 22:46:35 +01:00
|
|
|
switch (cell->command) {
|
|
|
|
|
case CELL_VERSIONS:
|
|
|
|
|
++stats_n_versions_cells_processed;
|
|
|
|
|
PROCESS_CELL(versions, cell, conn);
|
|
|
|
|
break;
|
2011-09-27 19:15:36 +02:00
|
|
|
case CELL_VPADDING:
|
|
|
|
|
++stats_n_vpadding_cells_processed;
|
2011-10-26 17:50:50 +02:00
|
|
|
/* Do nothing */
|
2011-09-27 19:15:36 +02:00
|
|
|
break;
|
2011-10-31 09:33:38 +01:00
|
|
|
case CELL_CERTS:
|
|
|
|
|
++stats_n_certs_cells_processed;
|
|
|
|
|
PROCESS_CELL(certs, cell, conn);
|
2011-09-27 19:15:36 +02:00
|
|
|
break;
|
|
|
|
|
case CELL_AUTH_CHALLENGE:
|
|
|
|
|
++stats_n_auth_challenge_cells_processed;
|
|
|
|
|
PROCESS_CELL(auth_challenge, cell, conn);
|
|
|
|
|
break;
|
|
|
|
|
case CELL_AUTHENTICATE:
|
|
|
|
|
++stats_n_authenticate_cells_processed;
|
|
|
|
|
PROCESS_CELL(authenticate, cell, conn);
|
|
|
|
|
break;
|
2011-10-27 02:19:29 +02:00
|
|
|
case CELL_AUTHORIZE:
|
|
|
|
|
++stats_n_authorize_cells_processed;
|
|
|
|
|
/* Ignored so far. */
|
|
|
|
|
break;
|
2007-11-05 22:46:35 +01:00
|
|
|
default:
|
2011-09-13 16:03:09 +02:00
|
|
|
log_fn(LOG_INFO, LD_PROTOCOL,
|
2007-11-05 22:46:35 +01:00
|
|
|
"Variable-length cell of unknown type (%d) received.",
|
|
|
|
|
cell->command);
|
|
|
|
|
break;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2005-12-14 21:40:40 +01:00
|
|
|
/** Process a 'create' <b>cell</b> that just arrived from <b>conn</b>. Make a
|
|
|
|
|
* new circuit with the p_circ_id specified in cell. Put the circuit in state
|
|
|
|
|
* onionskin_pending, and pass the onionskin to the cpuworker. Circ will get
|
|
|
|
|
* picked up again when the cpuworker finishes decrypting it.
|
2004-05-07 10:07:41 +02:00
|
|
|
*/
|
2005-06-11 20:52:12 +02:00
|
|
|
static void
|
2006-07-26 21:07:26 +02:00
|
|
|
command_process_create_cell(cell_t *cell, or_connection_t *conn)
|
2005-06-11 20:52:12 +02:00
|
|
|
{
|
2006-07-23 09:37:35 +02:00
|
|
|
or_circuit_t *circ;
|
2011-10-27 00:15:25 +02:00
|
|
|
const or_options_t *options = get_options();
|
2005-12-14 21:40:40 +01:00
|
|
|
int id_is_high;
|
2002-06-27 00:45:49 +02:00
|
|
|
|
2004-11-28 10:05:49 +01:00
|
|
|
if (we_are_hibernating()) {
|
2006-02-13 09:28:42 +01:00
|
|
|
log_info(LD_OR,
|
|
|
|
|
"Received create cell but we're shutting down. Sending back "
|
|
|
|
|
"destroy.");
|
2006-01-05 22:23:03 +01:00
|
|
|
connection_or_send_destroy(cell->circ_id, conn,
|
|
|
|
|
END_CIRC_REASON_HIBERNATING);
|
2004-07-21 01:31:00 +02:00
|
|
|
return;
|
|
|
|
|
}
|
|
|
|
|
|
2011-10-24 00:21:49 +02:00
|
|
|
if (!server_mode(options) ||
|
|
|
|
|
(!public_server_mode(options) && conn->is_outgoing)) {
|
2006-07-30 06:32:58 +02:00
|
|
|
log_fn(LOG_PROTOCOL_WARN, LD_PROTOCOL,
|
2011-10-24 00:21:49 +02:00
|
|
|
"Received create cell (type %d) from %s:%d, but we're connected "
|
|
|
|
|
"to it as a client. "
|
2006-07-30 06:32:58 +02:00
|
|
|
"Sending back a destroy.",
|
|
|
|
|
(int)cell->command, conn->_base.address, conn->_base.port);
|
|
|
|
|
connection_or_send_destroy(cell->circ_id, conn,
|
|
|
|
|
END_CIRC_REASON_TORPROTOCOL);
|
|
|
|
|
return;
|
|
|
|
|
}
|
|
|
|
|
|
2006-07-04 05:27:09 +02:00
|
|
|
/* If the high bit of the circuit ID is not as expected, close the
|
|
|
|
|
* circ. */
|
2005-12-14 21:40:40 +01:00
|
|
|
id_is_high = cell->circ_id & (1<<15);
|
2006-07-04 05:27:09 +02:00
|
|
|
if ((id_is_high && conn->circ_id_type == CIRC_ID_TYPE_HIGHER) ||
|
|
|
|
|
(!id_is_high && conn->circ_id_type == CIRC_ID_TYPE_LOWER)) {
|
|
|
|
|
log_fn(LOG_PROTOCOL_WARN, LD_PROTOCOL,
|
|
|
|
|
"Received create cell with unexpected circ_id %d. Closing.",
|
|
|
|
|
cell->circ_id);
|
|
|
|
|
connection_or_send_destroy(cell->circ_id, conn,
|
|
|
|
|
END_CIRC_REASON_TORPROTOCOL);
|
|
|
|
|
return;
|
2004-11-10 21:14:37 +01:00
|
|
|
}
|
|
|
|
|
|
2008-07-23 14:55:55 +02:00
|
|
|
if (circuit_id_in_use_on_orconn(cell->circ_id, conn)) {
|
Initial conversion to use node_t throughout our codebase.
A node_t is an abstraction over routerstatus_t, routerinfo_t, and
microdesc_t. It should try to present a consistent interface to all
of them. There should be a node_t for a server whenever there is
* A routerinfo_t for it in the routerlist
* A routerstatus_t in the current_consensus.
(note that a microdesc_t alone isn't enough to make a node_t exist,
since microdescriptors aren't usable on their own.)
There are three ways to get a node_t right now: looking it up by ID,
looking it up by nickname, and iterating over the whole list of
microdescriptors.
All (or nearly all) functions that are supposed to return "a router"
-- especially those used in building connections and circuits --
should return a node_t, not a routerinfo_t or a routerstatus_t.
A node_t should hold all the *mutable* flags about a node. This
patch moves the is_foo flags from routerinfo_t into node_t. The
flags in routerstatus_t remain, but they get set from the consensus
and should not change.
Some other highlights of this patch are:
* Looking up routerinfo and routerstatus by nickname is now
unified and based on the "look up a node by nickname" function.
This tries to look only at the values from current consensus,
and not get confused by the routerinfo_t->is_named flag, which
could get set for other weird reasons. This changes the
behavior of how authorities (when acting as clients) deal with
nodes that have been listed by nickname.
* I tried not to artificially increase the size of the diff here
by moving functions around. As a result, some functions that
now operate on nodes are now in the wrong file -- they should
get moved to nodelist.c once this refactoring settles down.
This moving should happen as part of a patch that moves
functions AND NOTHING ELSE.
* Some old code is now left around inside #if 0/1 blocks, and
should get removed once I've verified that I don't want it
sitting around to see how we used to do things.
There are still some unimplemented functions: these are flagged
with "UNIMPLEMENTED_NODELIST()." I'll work on filling in the
implementation here, piece by piece.
I wish this patch could have been smaller, but there did not seem to
be any piece of it that was independent from the rest. Moving flags
forces many functions that once returned routerinfo_t * to return
node_t *, which forces their friends to change, and so on.
2010-09-29 21:00:41 +02:00
|
|
|
const node_t *node = node_get_by_id(conn->identity_digest);
|
2005-10-25 09:04:36 +02:00
|
|
|
log_fn(LOG_PROTOCOL_WARN, LD_PROTOCOL,
|
2006-07-04 05:27:09 +02:00
|
|
|
"Received CREATE cell (circID %d) for known circ. "
|
2005-12-14 21:40:40 +01:00
|
|
|
"Dropping (age %d).",
|
2006-07-26 21:07:26 +02:00
|
|
|
cell->circ_id, (int)(time(NULL) - conn->_base.timestamp_created));
|
2010-10-01 00:37:53 +02:00
|
|
|
if (node) {
|
|
|
|
|
char *p = esc_for_log(node_get_platform(node));
|
2005-10-25 09:04:36 +02:00
|
|
|
log_fn(LOG_PROTOCOL_WARN, LD_PROTOCOL,
|
2011-05-16 03:58:46 +02:00
|
|
|
"Details: router %s, platform %s.",
|
2011-05-30 21:41:46 +02:00
|
|
|
node_describe(node), p);
|
2010-10-01 00:37:53 +02:00
|
|
|
tor_free(p);
|
|
|
|
|
}
|
2004-12-01 05:55:03 +01:00
|
|
|
return;
|
|
|
|
|
}
|
|
|
|
|
|
2006-07-23 09:37:35 +02:00
|
|
|
circ = or_circuit_new(cell->circ_id, conn);
|
|
|
|
|
circ->_base.purpose = CIRCUIT_PURPOSE_OR;
|
|
|
|
|
circuit_set_state(TO_CIRCUIT(circ), CIRCUIT_STATE_ONIONSKIN_PENDING);
|
2005-05-03 00:35:18 +02:00
|
|
|
if (cell->command == CELL_CREATE) {
|
2008-02-06 00:20:49 +01:00
|
|
|
char *onionskin = tor_malloc(ONIONSKIN_CHALLENGE_LEN);
|
|
|
|
|
memcpy(onionskin, cell->payload, ONIONSKIN_CHALLENGE_LEN);
|
2003-05-06 01:24:46 +02:00
|
|
|
|
2006-07-04 05:27:09 +02:00
|
|
|
/* hand it off to the cpuworkers, and then return. */
|
2008-02-06 00:20:49 +01:00
|
|
|
if (assign_onionskin_to_cpuworker(NULL, circ, onionskin) < 0) {
|
2010-08-31 18:52:11 +02:00
|
|
|
#define WARN_HANDOFF_FAILURE_INTERVAL (6*60*60)
|
|
|
|
|
static ratelim_t handoff_warning =
|
|
|
|
|
RATELIM_INIT(WARN_HANDOFF_FAILURE_INTERVAL);
|
2010-08-18 21:55:49 +02:00
|
|
|
char *m;
|
|
|
|
|
if ((m = rate_limit_log(&handoff_warning, approx_time()))) {
|
|
|
|
|
log_warn(LD_GENERAL,"Failed to hand off onionskin. Closing.%s",m);
|
|
|
|
|
tor_free(m);
|
|
|
|
|
}
|
2006-07-23 09:37:35 +02:00
|
|
|
circuit_mark_for_close(TO_CIRCUIT(circ), END_CIRC_REASON_INTERNAL);
|
2005-05-03 00:35:18 +02:00
|
|
|
return;
|
|
|
|
|
}
|
2006-02-13 09:28:42 +01:00
|
|
|
log_debug(LD_OR,"success: handed off onionskin.");
|
2005-05-03 00:35:18 +02:00
|
|
|
} else {
|
2005-12-08 18:38:32 +01:00
|
|
|
/* This is a CREATE_FAST cell; we can handle it immediately without using
|
2006-07-04 05:27:09 +02:00
|
|
|
* a CPU worker. */
|
2005-05-07 07:55:06 +02:00
|
|
|
char keys[CPATH_KEY_MATERIAL_LEN];
|
|
|
|
|
char reply[DIGEST_LEN*2];
|
2011-10-23 23:27:56 +02:00
|
|
|
|
2005-05-03 00:35:18 +02:00
|
|
|
tor_assert(cell->command == CELL_CREATE_FAST);
|
2011-10-23 23:27:56 +02:00
|
|
|
|
|
|
|
|
/* Make sure we never try to use the OR connection on which we
|
|
|
|
|
* received this cell to satisfy an EXTEND request, */
|
|
|
|
|
conn->is_connection_with_client = 1;
|
|
|
|
|
|
2010-12-14 01:34:01 +01:00
|
|
|
if (fast_server_handshake(cell->payload, (uint8_t*)reply,
|
|
|
|
|
(uint8_t*)keys, sizeof(keys))<0) {
|
2006-02-13 09:28:42 +01:00
|
|
|
log_warn(LD_OR,"Failed to generate key material. Closing.");
|
2006-07-23 09:37:35 +02:00
|
|
|
circuit_mark_for_close(TO_CIRCUIT(circ), END_CIRC_REASON_INTERNAL);
|
2005-05-03 00:35:18 +02:00
|
|
|
return;
|
|
|
|
|
}
|
|
|
|
|
if (onionskin_answer(circ, CELL_CREATED_FAST, reply, keys)<0) {
|
2006-02-13 09:28:42 +01:00
|
|
|
log_warn(LD_OR,"Failed to reply to CREATE_FAST cell. Closing.");
|
2006-07-23 09:37:35 +02:00
|
|
|
circuit_mark_for_close(TO_CIRCUIT(circ), END_CIRC_REASON_INTERNAL);
|
2005-05-03 00:35:18 +02:00
|
|
|
return;
|
|
|
|
|
}
|
2003-05-06 01:24:46 +02:00
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2005-11-19 02:56:58 +01:00
|
|
|
/** Process a 'created' <b>cell</b> that just arrived from <b>conn</b>.
|
|
|
|
|
* Find the circuit
|
2004-05-09 18:47:25 +02:00
|
|
|
* that it's intended for. If we're not the origin of the circuit, package
|
|
|
|
|
* the 'created' cell in an 'extended' relay cell and pass it back. If we
|
2004-05-07 10:07:41 +02:00
|
|
|
* are the origin of the circuit, send it to circuit_finish_handshake() to
|
|
|
|
|
* finish processing keys, and then call circuit_send_next_onion_skin() to
|
|
|
|
|
* extend to the next hop in the circuit if necessary.
|
|
|
|
|
*/
|
2005-06-11 20:52:12 +02:00
|
|
|
static void
|
2006-07-26 21:07:26 +02:00
|
|
|
command_process_created_cell(cell_t *cell, or_connection_t *conn)
|
2005-06-11 20:52:12 +02:00
|
|
|
{
|
2003-05-06 01:24:46 +02:00
|
|
|
circuit_t *circ;
|
|
|
|
|
|
2005-04-06 07:33:32 +02:00
|
|
|
circ = circuit_get_by_circid_orconn(cell->circ_id, conn);
|
2003-05-06 01:24:46 +02:00
|
|
|
|
2004-11-28 10:05:49 +01:00
|
|
|
if (!circ) {
|
2006-02-13 09:28:42 +01:00
|
|
|
log_info(LD_OR,
|
|
|
|
|
"(circID %d) unknown circ (probably got a destroy earlier). "
|
|
|
|
|
"Dropping.", cell->circ_id);
|
2003-05-06 01:24:46 +02:00
|
|
|
return;
|
|
|
|
|
}
|
|
|
|
|
|
2004-11-28 10:05:49 +01:00
|
|
|
if (circ->n_circ_id != cell->circ_id) {
|
2005-10-25 09:04:36 +02:00
|
|
|
log_fn(LOG_PROTOCOL_WARN,LD_PROTOCOL,
|
2006-09-07 03:00:37 +02:00
|
|
|
"got created cell from Tor client? Closing.");
|
2006-01-05 22:23:03 +01:00
|
|
|
circuit_mark_for_close(circ, END_CIRC_REASON_TORPROTOCOL);
|
2003-05-06 01:24:46 +02:00
|
|
|
return;
|
|
|
|
|
}
|
|
|
|
|
|
2004-11-28 10:05:49 +01:00
|
|
|
if (CIRCUIT_IS_ORIGIN(circ)) { /* we're the OP. Handshake this. */
|
2006-07-23 09:37:35 +02:00
|
|
|
origin_circuit_t *origin_circ = TO_ORIGIN_CIRCUIT(circ);
|
2006-10-09 17:47:27 +02:00
|
|
|
int err_reason = 0;
|
2006-02-13 09:28:42 +01:00
|
|
|
log_debug(LD_OR,"at OP. Finishing handshake.");
|
2006-10-09 17:47:27 +02:00
|
|
|
if ((err_reason = circuit_finish_handshake(origin_circ, cell->command,
|
2010-12-14 01:34:01 +01:00
|
|
|
cell->payload)) < 0) {
|
2006-02-13 09:28:42 +01:00
|
|
|
log_warn(LD_OR,"circuit_finish_handshake failed.");
|
2006-10-09 17:47:27 +02:00
|
|
|
circuit_mark_for_close(circ, -err_reason);
|
2002-06-27 00:45:49 +02:00
|
|
|
return;
|
|
|
|
|
}
|
2006-02-13 09:28:42 +01:00
|
|
|
log_debug(LD_OR,"Moving to next skin.");
|
2006-10-09 17:47:27 +02:00
|
|
|
if ((err_reason = circuit_send_next_onion_skin(origin_circ)) < 0) {
|
2006-02-13 09:28:42 +01:00
|
|
|
log_info(LD_OR,"circuit_send_next_onion_skin failed.");
|
2006-01-05 22:23:03 +01:00
|
|
|
/* XXX push this circuit_close lower */
|
2006-10-09 17:47:27 +02:00
|
|
|
circuit_mark_for_close(circ, -err_reason);
|
2002-06-27 00:45:49 +02:00
|
|
|
return;
|
|
|
|
|
}
|
2003-05-06 01:24:46 +02:00
|
|
|
} else { /* pack it into an extended relay cell, and send it. */
|
2006-02-13 09:28:42 +01:00
|
|
|
log_debug(LD_OR,
|
|
|
|
|
"Converting created cell to extended relay cell, sending.");
|
2007-03-24 16:58:11 +01:00
|
|
|
relay_send_command_from_edge(0, circ, RELAY_COMMAND_EXTENDED,
|
2010-12-14 01:34:01 +01:00
|
|
|
(char*)cell->payload, ONIONSKIN_REPLY_LEN,
|
2007-03-24 16:58:11 +01:00
|
|
|
NULL);
|
2002-11-27 05:08:20 +01:00
|
|
|
}
|
|
|
|
|
}
|
2002-06-27 00:45:49 +02:00
|
|
|
|
2008-07-23 17:58:38 +02:00
|
|
|
/** Process a 'relay' or 'relay_early' <b>cell</b> that just arrived from
|
|
|
|
|
* <b>conn</b>. Make sure it came in with a recognized circ_id. Pass it on to
|
2004-05-07 10:07:41 +02:00
|
|
|
* circuit_receive_relay_cell() for actual processing.
|
|
|
|
|
*/
|
2005-06-11 20:52:12 +02:00
|
|
|
static void
|
2006-07-26 21:07:26 +02:00
|
|
|
command_process_relay_cell(cell_t *cell, or_connection_t *conn)
|
2005-06-11 20:52:12 +02:00
|
|
|
{
|
2002-07-18 08:37:58 +02:00
|
|
|
circuit_t *circ;
|
2007-03-26 16:07:59 +02:00
|
|
|
int reason, direction;
|
2002-06-27 00:45:49 +02:00
|
|
|
|
2005-04-06 07:33:32 +02:00
|
|
|
circ = circuit_get_by_circid_orconn(cell->circ_id, conn);
|
2002-06-27 00:45:49 +02:00
|
|
|
|
2004-11-28 10:05:49 +01:00
|
|
|
if (!circ) {
|
2006-02-13 09:28:42 +01:00
|
|
|
log_debug(LD_OR,
|
|
|
|
|
"unknown circuit %d on connection from %s:%d. Dropping.",
|
2006-07-26 21:07:26 +02:00
|
|
|
cell->circ_id, conn->_base.address, conn->_base.port);
|
2002-06-27 00:45:49 +02:00
|
|
|
return;
|
|
|
|
|
}
|
|
|
|
|
|
2004-11-28 10:05:49 +01:00
|
|
|
if (circ->state == CIRCUIT_STATE_ONIONSKIN_PENDING) {
|
2005-10-25 09:04:36 +02:00
|
|
|
log_fn(LOG_PROTOCOL_WARN,LD_PROTOCOL,"circuit in create_wait. Closing.");
|
2006-01-05 22:23:03 +01:00
|
|
|
circuit_mark_for_close(circ, END_CIRC_REASON_TORPROTOCOL);
|
2002-11-27 05:08:20 +01:00
|
|
|
return;
|
|
|
|
|
}
|
major overhaul: dns slave subsystem, topics
on startup, it forks off a master dns handler, which forks off dns
slaves (like the apache model). slaves as spawned as load increases,
and then reused. excess slaves are not ever killed, currently.
implemented topics. each topic has a receive window in each direction
at each edge of the circuit, and sends sendme's at the data level, as
per before. each circuit also has receive windows in each direction at
each hop; an edge sends a circuit-level sendme as soon as enough data
cells have arrived (regardless of whether the data cells were flushed
to the exit conns). removed the 'connected' cell type, since it's now
a topic command within data cells.
at the edge of the circuit, there can be multiple connections associated
with a single circuit. you find them via the linked list conn->next_topic.
currently each new ap connection starts its own circuit, so we ought
to see comparable performance to what we had before. but that's only
because i haven't written the code to reattach to old circuits. please
try to break it as-is, and then i'll make it reuse the same circuit and
we'll try to break that.
svn:r152
2003-01-26 10:02:24 +01:00
|
|
|
|
2007-07-30 00:13:44 +02:00
|
|
|
if (CIRCUIT_IS_ORIGIN(circ)) {
|
2007-12-04 19:35:03 +01:00
|
|
|
/* if we're a relay and treating connections with recent local
|
2007-07-30 00:13:44 +02:00
|
|
|
* traffic better, then this is one of them. */
|
|
|
|
|
conn->client_used = time(NULL);
|
|
|
|
|
}
|
|
|
|
|
|
2006-07-23 09:37:35 +02:00
|
|
|
if (!CIRCUIT_IS_ORIGIN(circ) &&
|
2007-03-26 16:07:59 +02:00
|
|
|
cell->circ_id == TO_OR_CIRCUIT(circ)->p_circ_id)
|
|
|
|
|
direction = CELL_DIRECTION_OUT;
|
|
|
|
|
else
|
|
|
|
|
direction = CELL_DIRECTION_IN;
|
|
|
|
|
|
2008-07-23 17:58:38 +02:00
|
|
|
/* If we have a relay_early cell, make sure that it's outbound, and we've
|
|
|
|
|
* gotten no more than MAX_RELAY_EARLY_CELLS_PER_CIRCUIT of them. */
|
|
|
|
|
if (cell->command == CELL_RELAY_EARLY) {
|
|
|
|
|
if (direction == CELL_DIRECTION_IN) {
|
2009-10-26 06:32:27 +01:00
|
|
|
/* Allow an unlimited number of inbound relay_early cells,
|
|
|
|
|
* for hidden service compatibility. There isn't any way to make
|
|
|
|
|
* a long circuit through inbound relay_early cells anyway. See
|
|
|
|
|
* bug 1038. -RD */
|
2008-07-23 17:58:38 +02:00
|
|
|
} else {
|
|
|
|
|
or_circuit_t *or_circ = TO_OR_CIRCUIT(circ);
|
|
|
|
|
if (or_circ->remaining_relay_early_cells == 0) {
|
|
|
|
|
log_fn(LOG_PROTOCOL_WARN, LD_OR,
|
|
|
|
|
"Received too many RELAY_EARLY cells on circ %d from %s:%d."
|
|
|
|
|
" Closing circuit.",
|
2009-12-15 23:23:36 +01:00
|
|
|
cell->circ_id, safe_str(conn->_base.address),
|
2009-09-28 15:08:32 +02:00
|
|
|
conn->_base.port);
|
2008-07-23 17:58:38 +02:00
|
|
|
circuit_mark_for_close(circ, END_CIRC_REASON_TORPROTOCOL);
|
|
|
|
|
return;
|
|
|
|
|
}
|
|
|
|
|
--or_circ->remaining_relay_early_cells;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2007-03-26 16:07:59 +02:00
|
|
|
if ((reason = circuit_receive_relay_cell(cell, circ, direction)) < 0) {
|
|
|
|
|
log_fn(LOG_PROTOCOL_WARN,LD_PROTOCOL,"circuit_receive_relay_cell "
|
|
|
|
|
"(%s) failed. Closing.",
|
|
|
|
|
direction==CELL_DIRECTION_OUT?"forward":"backward");
|
|
|
|
|
circuit_mark_for_close(circ, -reason);
|
2002-06-27 00:45:49 +02:00
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2004-05-09 18:47:25 +02:00
|
|
|
/** Process a 'destroy' <b>cell</b> that just arrived from
|
|
|
|
|
* <b>conn</b>. Find the circ that it refers to (if any).
|
2004-05-07 10:07:41 +02:00
|
|
|
*
|
|
|
|
|
* If the circ is in state
|
|
|
|
|
* onionskin_pending, then call onion_pending_remove() to remove it
|
|
|
|
|
* from the pending onion list (note that if it's already being
|
|
|
|
|
* processed by the cpuworker, it won't be in the list anymore; but
|
|
|
|
|
* when the cpuworker returns it, the circuit will be gone, and the
|
|
|
|
|
* cpuworker response will be dropped).
|
|
|
|
|
*
|
|
|
|
|
* Then mark the circuit for close (which marks all edges for close,
|
|
|
|
|
* and passes the destroy cell onward if necessary).
|
|
|
|
|
*/
|
2005-06-11 20:52:12 +02:00
|
|
|
static void
|
2006-07-26 21:07:26 +02:00
|
|
|
command_process_destroy_cell(cell_t *cell, or_connection_t *conn)
|
2005-06-11 20:52:12 +02:00
|
|
|
{
|
2002-06-27 00:45:49 +02:00
|
|
|
circuit_t *circ;
|
2006-10-20 01:04:49 +02:00
|
|
|
int reason;
|
2002-06-27 00:45:49 +02:00
|
|
|
|
2005-04-06 07:33:32 +02:00
|
|
|
circ = circuit_get_by_circid_orconn(cell->circ_id, conn);
|
2006-01-05 22:23:03 +01:00
|
|
|
reason = (uint8_t)cell->payload[0];
|
2004-11-28 10:05:49 +01:00
|
|
|
if (!circ) {
|
2006-02-13 09:28:42 +01:00
|
|
|
log_info(LD_OR,"unknown circuit %d on connection from %s:%d. Dropping.",
|
2006-07-26 21:07:26 +02:00
|
|
|
cell->circ_id, conn->_base.address, conn->_base.port);
|
2002-06-27 00:45:49 +02:00
|
|
|
return;
|
|
|
|
|
}
|
2006-02-13 09:28:42 +01:00
|
|
|
log_debug(LD_OR,"Received for circID %d.",cell->circ_id);
|
major overhaul: dns slave subsystem, topics
on startup, it forks off a master dns handler, which forks off dns
slaves (like the apache model). slaves as spawned as load increases,
and then reused. excess slaves are not ever killed, currently.
implemented topics. each topic has a receive window in each direction
at each edge of the circuit, and sends sendme's at the data level, as
per before. each circuit also has receive windows in each direction at
each hop; an edge sends a circuit-level sendme as soon as enough data
cells have arrived (regardless of whether the data cells were flushed
to the exit conns). removed the 'connected' cell type, since it's now
a topic command within data cells.
at the edge of the circuit, there can be multiple connections associated
with a single circuit. you find them via the linked list conn->next_topic.
currently each new ap connection starts its own circuit, so we ought
to see comparable performance to what we had before. but that's only
because i haven't written the code to reattach to old circuits. please
try to break it as-is, and then i'll make it reuse the same circuit and
we'll try to break that.
svn:r152
2003-01-26 10:02:24 +01:00
|
|
|
|
2006-07-23 09:37:35 +02:00
|
|
|
if (!CIRCUIT_IS_ORIGIN(circ) &&
|
|
|
|
|
cell->circ_id == TO_OR_CIRCUIT(circ)->p_circ_id) {
|
2004-04-26 06:32:01 +02:00
|
|
|
/* the destroy came from behind */
|
2006-07-23 09:37:35 +02:00
|
|
|
circuit_set_p_circid_orconn(TO_OR_CIRCUIT(circ), 0, NULL);
|
2006-11-01 00:35:50 +01:00
|
|
|
circuit_mark_for_close(circ, reason|END_CIRC_REASON_FLAG_REMOTE);
|
2003-06-13 11:20:23 +02:00
|
|
|
} else { /* the destroy came from ahead */
|
2006-07-23 09:37:35 +02:00
|
|
|
circuit_set_n_circid_orconn(circ, 0, NULL);
|
2005-04-03 07:25:26 +02:00
|
|
|
if (CIRCUIT_IS_ORIGIN(circ)) {
|
2006-10-20 01:04:49 +02:00
|
|
|
circuit_mark_for_close(circ, reason|END_CIRC_REASON_FLAG_REMOTE);
|
2005-04-03 07:25:26 +02:00
|
|
|
} else {
|
2006-01-05 22:23:03 +01:00
|
|
|
char payload[1];
|
2006-02-13 09:28:42 +01:00
|
|
|
log_debug(LD_OR, "Delivering 'truncated' back.");
|
2006-01-05 22:23:03 +01:00
|
|
|
payload[0] = (char)reason;
|
2007-03-24 16:58:11 +01:00
|
|
|
relay_send_command_from_edge(0, circ, RELAY_COMMAND_TRUNCATED,
|
|
|
|
|
payload, sizeof(payload), NULL);
|
2004-04-26 06:32:01 +02:00
|
|
|
}
|
2003-06-13 11:20:23 +02:00
|
|
|
}
|
2002-06-27 00:45:49 +02:00
|
|
|
}
|
2005-06-09 21:03:31 +02:00
|
|
|
|
2011-10-27 02:19:29 +02:00
|
|
|
/** Called when we as a server receive an appropriate cell while waiting
|
|
|
|
|
* either for a cell or a TLS handshake. Set the connection's state to
|
|
|
|
|
* "handshaking_v3', initializes the or_handshake_state field as needed,
|
|
|
|
|
* and add the cell to the hash of incoming cells.)
|
|
|
|
|
*
|
|
|
|
|
* Return 0 on success; return -1 and mark the connection on failure.
|
|
|
|
|
*/
|
|
|
|
|
static int
|
|
|
|
|
enter_v3_handshake_with_cell(var_cell_t *cell, or_connection_t *conn)
|
|
|
|
|
{
|
|
|
|
|
const int started_here = connection_or_nonopen_was_started_here(conn);
|
|
|
|
|
|
|
|
|
|
tor_assert(conn->_base.state == OR_CONN_STATE_TLS_HANDSHAKING ||
|
|
|
|
|
conn->_base.state == OR_CONN_STATE_TLS_SERVER_RENEGOTIATING);
|
|
|
|
|
|
|
|
|
|
if (started_here) {
|
|
|
|
|
log_fn(LOG_PROTOCOL_WARN, LD_OR,
|
|
|
|
|
"Received a cell while TLS-handshaking, not in "
|
|
|
|
|
"OR_HANDSHAKING_V3, on a connection we originated.");
|
|
|
|
|
}
|
|
|
|
|
conn->_base.state = OR_CONN_STATE_OR_HANDSHAKING_V3;
|
|
|
|
|
if (connection_init_or_handshake_state(conn, started_here) < 0) {
|
|
|
|
|
connection_mark_for_close(TO_CONN(conn));
|
|
|
|
|
return -1;
|
|
|
|
|
}
|
|
|
|
|
or_handshake_state_record_var_cell(conn->handshake_state, cell, 1);
|
|
|
|
|
return 0;
|
|
|
|
|
}
|
|
|
|
|
|
2008-02-13 17:34:00 +01:00
|
|
|
/** Process a 'versions' cell. The current link protocol version must be 0
|
|
|
|
|
* to indicate that no version has yet been negotiated. We compare the
|
|
|
|
|
* versions in the cell to the list of versions we support, pick the
|
|
|
|
|
* highest version we have in common, and continue the negotiation from
|
|
|
|
|
* there.
|
2008-02-10 19:40:29 +01:00
|
|
|
*/
|
2007-10-30 19:31:30 +01:00
|
|
|
static void
|
2007-11-05 22:46:35 +01:00
|
|
|
command_process_versions_cell(var_cell_t *cell, or_connection_t *conn)
|
2007-10-30 19:31:30 +01:00
|
|
|
{
|
|
|
|
|
int highest_supported_version = 0;
|
2010-12-14 01:34:01 +01:00
|
|
|
const uint8_t *cp, *end;
|
2011-09-27 19:15:36 +02:00
|
|
|
const int started_here = connection_or_nonopen_was_started_here(conn);
|
2007-10-30 22:46:02 +01:00
|
|
|
if (conn->link_proto != 0 ||
|
2007-11-05 19:15:44 +01:00
|
|
|
(conn->handshake_state && conn->handshake_state->received_versions)) {
|
2007-10-30 19:31:30 +01:00
|
|
|
log_fn(LOG_PROTOCOL_WARN, LD_OR,
|
|
|
|
|
"Received a VERSIONS cell on a connection with its version "
|
|
|
|
|
"already set to %d; dropping", (int) conn->link_proto);
|
|
|
|
|
return;
|
|
|
|
|
}
|
2011-09-27 19:15:36 +02:00
|
|
|
switch (conn->_base.state)
|
|
|
|
|
{
|
|
|
|
|
case OR_CONN_STATE_OR_HANDSHAKING_V2:
|
2011-10-27 02:19:29 +02:00
|
|
|
case OR_CONN_STATE_OR_HANDSHAKING_V3:
|
2011-09-27 19:15:36 +02:00
|
|
|
break;
|
|
|
|
|
case OR_CONN_STATE_TLS_HANDSHAKING:
|
|
|
|
|
case OR_CONN_STATE_TLS_SERVER_RENEGOTIATING:
|
|
|
|
|
default:
|
|
|
|
|
log_fn(LOG_PROTOCOL_WARN, LD_OR,
|
|
|
|
|
"VERSIONS cell while in unexpected state");
|
|
|
|
|
return;
|
|
|
|
|
}
|
|
|
|
|
|
2007-11-05 19:15:44 +01:00
|
|
|
tor_assert(conn->handshake_state);
|
2007-11-06 00:34:39 +01:00
|
|
|
end = cell->payload + cell->payload_len;
|
|
|
|
|
for (cp = cell->payload; cp+1 < end; ++cp) {
|
|
|
|
|
uint16_t v = ntohs(get_uint16(cp));
|
2008-01-13 01:20:47 +01:00
|
|
|
if (is_or_protocol_version_known(v) && v > highest_supported_version)
|
|
|
|
|
highest_supported_version = v;
|
2007-10-30 19:31:30 +01:00
|
|
|
}
|
2007-10-30 22:46:02 +01:00
|
|
|
if (!highest_supported_version) {
|
2007-10-30 19:31:30 +01:00
|
|
|
log_fn(LOG_PROTOCOL_WARN, LD_OR,
|
2007-11-14 21:01:12 +01:00
|
|
|
"Couldn't find a version in common between my version list and the "
|
|
|
|
|
"list in the VERSIONS cell; closing connection.");
|
|
|
|
|
connection_mark_for_close(TO_CONN(conn));
|
2007-10-30 19:31:30 +01:00
|
|
|
return;
|
2008-02-10 19:40:29 +01:00
|
|
|
} else if (highest_supported_version == 1) {
|
2008-02-21 05:30:14 +01:00
|
|
|
/* Negotiating version 1 makes no sense, since version 1 has no VERSIONS
|
|
|
|
|
* cells. */
|
2008-02-10 19:40:29 +01:00
|
|
|
log_fn(LOG_PROTOCOL_WARN, LD_OR,
|
|
|
|
|
"Used version negotiation protocol to negotiate a v1 connection. "
|
|
|
|
|
"That's crazily non-compliant. Closing connection.");
|
|
|
|
|
connection_mark_for_close(TO_CONN(conn));
|
|
|
|
|
return;
|
2011-09-27 19:15:36 +02:00
|
|
|
} else if (highest_supported_version < 3 &&
|
|
|
|
|
conn->_base.state == OR_CONN_STATE_OR_HANDSHAKING_V3) {
|
|
|
|
|
log_fn(LOG_PROTOCOL_WARN, LD_OR,
|
|
|
|
|
"Negotiated link protocol 2 or lower after doing a v3 TLS "
|
|
|
|
|
"handshake. Closing connection.");
|
|
|
|
|
connection_mark_for_close(TO_CONN(conn));
|
|
|
|
|
return;
|
2007-10-30 19:31:30 +01:00
|
|
|
}
|
2011-09-27 19:15:36 +02:00
|
|
|
|
2007-10-30 22:46:02 +01:00
|
|
|
conn->link_proto = highest_supported_version;
|
2007-11-05 19:15:44 +01:00
|
|
|
conn->handshake_state->received_versions = 1;
|
2007-10-30 22:46:02 +01:00
|
|
|
|
2011-09-27 19:15:36 +02:00
|
|
|
if (conn->link_proto == 2) {
|
|
|
|
|
log_info(LD_OR, "Negotiated version %d with %s:%d; sending NETINFO.",
|
|
|
|
|
highest_supported_version,
|
|
|
|
|
safe_str_client(conn->_base.address),
|
|
|
|
|
conn->_base.port);
|
2008-02-06 22:53:13 +01:00
|
|
|
|
2011-09-27 19:15:36 +02:00
|
|
|
if (connection_or_send_netinfo(conn) < 0) {
|
|
|
|
|
connection_mark_for_close(TO_CONN(conn));
|
|
|
|
|
return;
|
|
|
|
|
}
|
|
|
|
|
} else {
|
|
|
|
|
const int send_versions = !started_here;
|
|
|
|
|
/* If we want to authenticate, send a CERTS cell */
|
|
|
|
|
const int send_certs = !started_here || public_server_mode(get_options());
|
|
|
|
|
/* If we're a relay that got a connection, ask for authentication. */
|
|
|
|
|
const int send_chall = !started_here && public_server_mode(get_options());
|
2011-11-03 17:31:31 +01:00
|
|
|
/* If our certs cell will authenticate us, we can send a netinfo cell
|
|
|
|
|
* right now. */
|
2011-11-03 17:03:05 +01:00
|
|
|
const int send_netinfo = !started_here;
|
2011-09-27 19:15:36 +02:00
|
|
|
const int send_any =
|
|
|
|
|
send_versions || send_certs || send_chall || send_netinfo;
|
|
|
|
|
tor_assert(conn->link_proto >= 3);
|
|
|
|
|
|
|
|
|
|
log_info(LD_OR, "Negotiated version %d with %s:%d; %s%s%s%s%s",
|
|
|
|
|
highest_supported_version,
|
|
|
|
|
safe_str_client(conn->_base.address),
|
|
|
|
|
conn->_base.port,
|
|
|
|
|
send_any ? "Sending cells:" : "Waiting for CERTS cell",
|
|
|
|
|
send_versions ? " VERSIONS" : "",
|
|
|
|
|
send_certs ? " CERTS" : "",
|
2011-09-27 20:40:27 +02:00
|
|
|
send_chall ? " AUTH_CHALLENGE" : "",
|
2011-09-27 19:15:36 +02:00
|
|
|
send_netinfo ? " NETINFO" : "");
|
|
|
|
|
|
2011-10-11 05:12:29 +02:00
|
|
|
#ifdef DISABLE_V3_LINKPROTO_SERVERSIDE
|
|
|
|
|
if (1) {
|
|
|
|
|
connection_mark_for_close(TO_CONN(conn));
|
|
|
|
|
return;
|
|
|
|
|
}
|
|
|
|
|
#endif
|
|
|
|
|
|
2011-09-27 19:15:36 +02:00
|
|
|
if (send_versions) {
|
|
|
|
|
if (connection_or_send_versions(conn, 1) < 0) {
|
|
|
|
|
log_warn(LD_OR, "Couldn't send versions cell");
|
|
|
|
|
connection_mark_for_close(TO_CONN(conn));
|
|
|
|
|
return;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
if (send_certs) {
|
2011-10-31 09:33:38 +01:00
|
|
|
if (connection_or_send_certs_cell(conn) < 0) {
|
|
|
|
|
log_warn(LD_OR, "Couldn't send certs cell");
|
2011-09-27 19:15:36 +02:00
|
|
|
connection_mark_for_close(TO_CONN(conn));
|
|
|
|
|
return;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
if (send_chall) {
|
|
|
|
|
if (connection_or_send_auth_challenge_cell(conn) < 0) {
|
|
|
|
|
log_warn(LD_OR, "Couldn't send auth_challenge cell");
|
|
|
|
|
connection_mark_for_close(TO_CONN(conn));
|
|
|
|
|
return;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
if (send_netinfo) {
|
|
|
|
|
if (connection_or_send_netinfo(conn) < 0) {
|
|
|
|
|
log_warn(LD_OR, "Couldn't send netinfo cell");
|
|
|
|
|
connection_mark_for_close(TO_CONN(conn));
|
|
|
|
|
return;
|
|
|
|
|
}
|
|
|
|
|
}
|
2007-11-05 20:19:46 +01:00
|
|
|
}
|
2007-10-30 19:31:30 +01:00
|
|
|
}
|
|
|
|
|
|
2008-02-11 02:09:24 +01:00
|
|
|
/** Process a 'netinfo' cell: read and act on its contents, and set the
|
|
|
|
|
* connection state to "open". */
|
2007-10-30 19:31:30 +01:00
|
|
|
static void
|
|
|
|
|
command_process_netinfo_cell(cell_t *cell, or_connection_t *conn)
|
|
|
|
|
{
|
|
|
|
|
time_t timestamp;
|
|
|
|
|
uint8_t my_addr_type;
|
|
|
|
|
uint8_t my_addr_len;
|
2010-12-14 01:34:01 +01:00
|
|
|
const uint8_t *my_addr_ptr;
|
|
|
|
|
const uint8_t *cp, *end;
|
2007-10-30 19:31:30 +01:00
|
|
|
uint8_t n_other_addrs;
|
|
|
|
|
time_t now = time(NULL);
|
2008-02-09 00:41:29 +01:00
|
|
|
|
2008-02-10 19:40:23 +01:00
|
|
|
long apparent_skew = 0;
|
|
|
|
|
uint32_t my_apparent_addr = 0;
|
|
|
|
|
|
2007-11-05 19:15:44 +01:00
|
|
|
if (conn->link_proto < 2) {
|
2007-10-30 19:31:30 +01:00
|
|
|
log_fn(LOG_PROTOCOL_WARN, LD_OR,
|
|
|
|
|
"Received a NETINFO cell on %s connection; dropping.",
|
|
|
|
|
conn->link_proto == 0 ? "non-versioned" : "a v1");
|
|
|
|
|
return;
|
|
|
|
|
}
|
2011-09-27 19:15:36 +02:00
|
|
|
if (conn->_base.state != OR_CONN_STATE_OR_HANDSHAKING_V2 &&
|
|
|
|
|
conn->_base.state != OR_CONN_STATE_OR_HANDSHAKING_V3) {
|
2007-11-05 19:15:44 +01:00
|
|
|
log_fn(LOG_PROTOCOL_WARN, LD_OR,
|
2008-04-22 18:23:47 +02:00
|
|
|
"Received a NETINFO cell on non-handshaking connection; dropping.");
|
2007-11-05 19:15:44 +01:00
|
|
|
return;
|
|
|
|
|
}
|
|
|
|
|
tor_assert(conn->handshake_state &&
|
|
|
|
|
conn->handshake_state->received_versions);
|
2011-09-27 19:15:36 +02:00
|
|
|
|
|
|
|
|
if (conn->_base.state == OR_CONN_STATE_OR_HANDSHAKING_V3) {
|
|
|
|
|
tor_assert(conn->link_proto >= 3);
|
|
|
|
|
if (conn->handshake_state->started_here) {
|
|
|
|
|
if (!conn->handshake_state->authenticated) {
|
|
|
|
|
log_fn(LOG_PROTOCOL_WARN, LD_OR, "Got a NETINFO cell from server, "
|
|
|
|
|
"but no authentication. Closing the connection.");
|
|
|
|
|
connection_mark_for_close(TO_CONN(conn));
|
2011-09-28 19:10:40 +02:00
|
|
|
return;
|
|
|
|
|
}
|
|
|
|
|
} else {
|
|
|
|
|
/* we're the server. If the client never authenticated, we have
|
|
|
|
|
some housekeeping to do.*/
|
|
|
|
|
if (!conn->handshake_state->authenticated) {
|
|
|
|
|
tor_assert(tor_digest_is_zero(
|
|
|
|
|
(const char*)conn->handshake_state->authenticated_peer_id));
|
|
|
|
|
connection_or_set_circid_type(conn, NULL);
|
|
|
|
|
|
|
|
|
|
connection_or_init_conn_from_address(conn,
|
|
|
|
|
&conn->_base.addr,
|
|
|
|
|
conn->_base.port,
|
|
|
|
|
(const char*)conn->handshake_state->authenticated_peer_id,
|
|
|
|
|
0);
|
2011-09-27 19:15:36 +02:00
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2007-10-30 19:31:30 +01:00
|
|
|
/* Decode the cell. */
|
|
|
|
|
timestamp = ntohl(get_uint32(cell->payload));
|
2008-02-22 04:44:36 +01:00
|
|
|
if (labs(now - conn->handshake_state->sent_versions_at) < 180) {
|
2008-02-10 19:40:23 +01:00
|
|
|
apparent_skew = now - timestamp;
|
2007-11-05 19:15:44 +01:00
|
|
|
}
|
|
|
|
|
|
2007-10-30 19:31:30 +01:00
|
|
|
my_addr_type = (uint8_t) cell->payload[4];
|
|
|
|
|
my_addr_len = (uint8_t) cell->payload[5];
|
2010-12-14 01:34:01 +01:00
|
|
|
my_addr_ptr = (uint8_t*) cell->payload + 6;
|
2007-10-30 19:31:30 +01:00
|
|
|
end = cell->payload + CELL_PAYLOAD_SIZE;
|
|
|
|
|
cp = cell->payload + 6 + my_addr_len;
|
|
|
|
|
if (cp >= end) {
|
|
|
|
|
log_fn(LOG_PROTOCOL_WARN, LD_OR,
|
2007-11-14 21:01:12 +01:00
|
|
|
"Addresses too long in netinfo cell; closing connection.");
|
|
|
|
|
connection_mark_for_close(TO_CONN(conn));
|
2007-10-30 19:31:30 +01:00
|
|
|
return;
|
2007-11-05 19:15:44 +01:00
|
|
|
} else if (my_addr_type == RESOLVED_TYPE_IPV4 && my_addr_len == 4) {
|
2008-02-10 19:40:23 +01:00
|
|
|
my_apparent_addr = ntohl(get_uint32(my_addr_ptr));
|
2007-10-30 19:31:30 +01:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
n_other_addrs = (uint8_t) *cp++;
|
|
|
|
|
while (n_other_addrs && cp < end-2) {
|
|
|
|
|
/* Consider all the other addresses; if any matches, this connection is
|
|
|
|
|
* "canonical." */
|
2008-08-05 22:08:19 +02:00
|
|
|
tor_addr_t addr;
|
2011-01-03 17:57:42 +01:00
|
|
|
const uint8_t *next =
|
|
|
|
|
decode_address_from_payload(&addr, cp, (int)(end-cp));
|
2008-08-05 22:08:19 +02:00
|
|
|
if (next == NULL) {
|
|
|
|
|
log_fn(LOG_PROTOCOL_WARN, LD_OR,
|
2008-12-22 10:52:56 +01:00
|
|
|
"Bad address in netinfo cell; closing connection.");
|
2007-11-14 21:01:12 +01:00
|
|
|
connection_mark_for_close(TO_CONN(conn));
|
|
|
|
|
return;
|
|
|
|
|
}
|
2008-08-05 22:08:19 +02:00
|
|
|
if (tor_addr_eq(&addr, &conn->real_addr)) {
|
|
|
|
|
conn->is_canonical = 1;
|
|
|
|
|
break;
|
2007-10-30 19:31:30 +01:00
|
|
|
}
|
2008-08-05 22:08:19 +02:00
|
|
|
cp = next;
|
2007-10-30 19:31:30 +01:00
|
|
|
--n_other_addrs;
|
|
|
|
|
}
|
2007-11-05 19:15:44 +01:00
|
|
|
|
2008-02-10 19:40:23 +01:00
|
|
|
/* Act on apparent skew. */
|
2011-02-28 18:58:29 +01:00
|
|
|
/** Warn when we get a netinfo skew with at least this value. */
|
2008-02-10 19:40:23 +01:00
|
|
|
#define NETINFO_NOTICE_SKEW 3600
|
2008-02-22 04:44:36 +01:00
|
|
|
if (labs(apparent_skew) > NETINFO_NOTICE_SKEW &&
|
2011-02-28 18:58:29 +01:00
|
|
|
router_get_by_id_digest(conn->identity_digest)) {
|
2008-02-10 19:40:23 +01:00
|
|
|
char dbuf[64];
|
2011-02-28 18:58:29 +01:00
|
|
|
int severity;
|
|
|
|
|
/*XXXX be smarter about when everybody says we are skewed. */
|
|
|
|
|
if (router_digest_is_trusted_dir(conn->identity_digest))
|
|
|
|
|
severity = LOG_WARN;
|
|
|
|
|
else
|
|
|
|
|
severity = LOG_INFO;
|
2008-02-10 19:40:23 +01:00
|
|
|
format_time_interval(dbuf, sizeof(dbuf), apparent_skew);
|
2008-02-10 19:40:29 +01:00
|
|
|
log_fn(severity, LD_GENERAL, "Received NETINFO cell with skewed time from "
|
2008-02-10 19:40:23 +01:00
|
|
|
"server at %s:%d. It seems that our clock is %s by %s, or "
|
|
|
|
|
"that theirs is %s. Tor requires an accurate clock to work: "
|
|
|
|
|
"please check your time and date settings.",
|
|
|
|
|
conn->_base.address, (int)conn->_base.port,
|
|
|
|
|
apparent_skew>0 ? "ahead" : "behind", dbuf,
|
|
|
|
|
apparent_skew>0 ? "behind" : "ahead");
|
2011-02-28 18:58:29 +01:00
|
|
|
if (severity == LOG_WARN) /* only tell the controller if an authority */
|
2009-08-28 09:42:09 +02:00
|
|
|
control_event_general_status(LOG_WARN,
|
|
|
|
|
"CLOCK_SKEW SKEW=%ld SOURCE=OR:%s:%d",
|
|
|
|
|
apparent_skew,
|
|
|
|
|
conn->_base.address, conn->_base.port);
|
2008-02-09 00:41:29 +01:00
|
|
|
}
|
|
|
|
|
|
2008-12-18 17:11:24 +01:00
|
|
|
/* XXX maybe act on my_apparent_addr, if the source is sufficiently
|
2008-02-16 00:39:08 +01:00
|
|
|
* trustworthy. */
|
2011-05-23 23:04:38 +02:00
|
|
|
(void)my_apparent_addr;
|
2008-02-10 19:40:23 +01:00
|
|
|
|
2011-09-28 19:10:40 +02:00
|
|
|
if (connection_or_set_state_open(conn)<0) {
|
|
|
|
|
log_fn(LOG_PROTOCOL_WARN, LD_OR, "Got good NETINFO cell from %s:%d; but "
|
|
|
|
|
"was unable to make the OR connection become open.",
|
|
|
|
|
safe_str_client(conn->_base.address),
|
|
|
|
|
conn->_base.port);
|
2008-02-10 19:40:23 +01:00
|
|
|
connection_mark_for_close(TO_CONN(conn));
|
2011-09-28 19:10:40 +02:00
|
|
|
} else {
|
2009-01-06 20:21:47 +01:00
|
|
|
log_info(LD_OR, "Got good NETINFO cell from %s:%d; OR connection is now "
|
2011-09-28 19:10:40 +02:00
|
|
|
"open, using protocol version %d. Its ID digest is %s",
|
2009-12-15 23:23:36 +01:00
|
|
|
safe_str_client(conn->_base.address),
|
2011-09-28 19:10:40 +02:00
|
|
|
conn->_base.port, (int)conn->link_proto,
|
|
|
|
|
hex_str(conn->identity_digest, DIGEST_LEN));
|
|
|
|
|
}
|
2008-02-09 00:41:29 +01:00
|
|
|
assert_connection_ok(TO_CONN(conn),time(NULL));
|
2007-10-30 19:31:30 +01:00
|
|
|
}
|
|
|
|
|
|
2011-10-31 09:33:38 +01:00
|
|
|
/** Process a CERTS cell from an OR connection.
|
2011-09-13 22:24:49 +02:00
|
|
|
*
|
2011-10-31 09:33:38 +01:00
|
|
|
* If the other side should not have sent us a CERTS cell, or the cell is
|
2011-09-13 22:24:49 +02:00
|
|
|
* malformed, or it is supposed to authenticate the TLS key but it doesn't,
|
|
|
|
|
* then mark the connection.
|
|
|
|
|
*
|
|
|
|
|
* If the cell has a good cert chain and we're doing a v3 handshake, then
|
|
|
|
|
* store the certificates in or_handshake_state. If this is the client side
|
|
|
|
|
* of the connection, we then authenticate the server or mark the connection.
|
|
|
|
|
* If it's the server side, wait for an AUTHENTICATE cell.
|
|
|
|
|
*/
|
|
|
|
|
static void
|
2011-10-31 09:33:38 +01:00
|
|
|
command_process_certs_cell(var_cell_t *cell, or_connection_t *conn)
|
2011-09-13 22:24:49 +02:00
|
|
|
{
|
|
|
|
|
#define ERR(s) \
|
|
|
|
|
do { \
|
|
|
|
|
log_fn(LOG_PROTOCOL_WARN, LD_PROTOCOL, \
|
2011-10-31 09:33:38 +01:00
|
|
|
"Received a bad CERTS cell from %s:%d: %s", \
|
2011-09-28 19:19:55 +02:00
|
|
|
safe_str(conn->_base.address), conn->_base.port, (s)); \
|
2011-09-13 22:24:49 +02:00
|
|
|
connection_mark_for_close(TO_CONN(conn)); \
|
|
|
|
|
goto err; \
|
|
|
|
|
} while (0)
|
|
|
|
|
|
|
|
|
|
tor_cert_t *link_cert = NULL;
|
|
|
|
|
tor_cert_t *id_cert = NULL;
|
|
|
|
|
tor_cert_t *auth_cert = NULL;
|
|
|
|
|
|
|
|
|
|
uint8_t *ptr;
|
|
|
|
|
int n_certs, i;
|
2011-11-03 17:31:31 +01:00
|
|
|
int send_netinfo = 0;
|
2011-09-13 22:24:49 +02:00
|
|
|
|
|
|
|
|
if (conn->_base.state != OR_CONN_STATE_OR_HANDSHAKING_V3)
|
|
|
|
|
ERR("We're not doing a v3 handshake!");
|
2011-09-27 19:15:36 +02:00
|
|
|
if (conn->link_proto < 3)
|
|
|
|
|
ERR("We're not using link protocol >= 3");
|
2011-10-31 09:33:38 +01:00
|
|
|
if (conn->handshake_state->received_certs_cell)
|
2011-09-13 22:24:49 +02:00
|
|
|
ERR("We already got one");
|
2011-09-27 19:15:36 +02:00
|
|
|
if (conn->handshake_state->authenticated) {
|
|
|
|
|
/* Should be unreachable, but let's make sure. */
|
|
|
|
|
ERR("We're already authenticated!");
|
|
|
|
|
}
|
2011-09-13 22:24:49 +02:00
|
|
|
if (cell->payload_len < 1)
|
|
|
|
|
ERR("It had no body");
|
|
|
|
|
if (cell->circ_id)
|
|
|
|
|
ERR("It had a nonzero circuit ID");
|
|
|
|
|
|
|
|
|
|
n_certs = cell->payload[0];
|
|
|
|
|
ptr = cell->payload + 1;
|
|
|
|
|
for (i = 0; i < n_certs; ++i) {
|
|
|
|
|
uint8_t cert_type;
|
|
|
|
|
uint16_t cert_len;
|
|
|
|
|
if (ptr + 3 > cell->payload + cell->payload_len) {
|
|
|
|
|
goto truncated;
|
|
|
|
|
}
|
|
|
|
|
cert_type = *ptr;
|
|
|
|
|
cert_len = ntohs(get_uint16(ptr+1));
|
|
|
|
|
if (ptr + 3 + cert_len > cell->payload + cell->payload_len) {
|
|
|
|
|
goto truncated;
|
|
|
|
|
}
|
|
|
|
|
if (cert_type == OR_CERT_TYPE_TLS_LINK ||
|
|
|
|
|
cert_type == OR_CERT_TYPE_ID_1024 ||
|
|
|
|
|
cert_type == OR_CERT_TYPE_AUTH_1024) {
|
|
|
|
|
tor_cert_t *cert = tor_cert_decode(ptr + 3, cert_len);
|
|
|
|
|
if (!cert) {
|
|
|
|
|
log_fn(LOG_PROTOCOL_WARN, LD_PROTOCOL,
|
2011-10-31 09:33:38 +01:00
|
|
|
"Received undecodable certificate in CERTS cell from %s:%d",
|
2011-09-28 19:19:55 +02:00
|
|
|
safe_str(conn->_base.address), conn->_base.port);
|
2011-09-13 22:24:49 +02:00
|
|
|
} else {
|
2011-10-05 16:44:22 +02:00
|
|
|
if (cert_type == OR_CERT_TYPE_TLS_LINK) {
|
|
|
|
|
if (link_cert) {
|
|
|
|
|
tor_cert_free(cert);
|
|
|
|
|
ERR("Too many TLS_LINK certificates");
|
|
|
|
|
}
|
2011-09-13 22:24:49 +02:00
|
|
|
link_cert = cert;
|
2011-10-05 16:44:22 +02:00
|
|
|
} else if (cert_type == OR_CERT_TYPE_ID_1024) {
|
|
|
|
|
if (id_cert) {
|
|
|
|
|
tor_cert_free(cert);
|
|
|
|
|
ERR("Too many ID_1024 certificates");
|
|
|
|
|
}
|
2011-09-13 22:24:49 +02:00
|
|
|
id_cert = cert;
|
2011-10-05 16:44:22 +02:00
|
|
|
} else if (cert_type == OR_CERT_TYPE_AUTH_1024) {
|
|
|
|
|
if (auth_cert) {
|
|
|
|
|
tor_cert_free(cert);
|
|
|
|
|
ERR("Too many AUTH_1024 certificates");
|
|
|
|
|
}
|
2011-09-13 22:24:49 +02:00
|
|
|
auth_cert = cert;
|
2011-10-05 16:44:22 +02:00
|
|
|
} else {
|
2011-09-13 22:24:49 +02:00
|
|
|
tor_cert_free(cert);
|
2011-10-05 16:44:22 +02:00
|
|
|
}
|
2011-09-13 22:24:49 +02:00
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
ptr += 3 + cert_len;
|
|
|
|
|
continue;
|
|
|
|
|
|
|
|
|
|
truncated:
|
|
|
|
|
ERR("It ends in the middle of a certificate");
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if (conn->handshake_state->started_here) {
|
2011-11-03 18:01:59 +01:00
|
|
|
int severity;
|
2011-09-13 22:24:49 +02:00
|
|
|
if (! (id_cert && link_cert))
|
|
|
|
|
ERR("The certs we wanted were missing");
|
|
|
|
|
/* Okay. We should be able to check the certificates now. */
|
|
|
|
|
if (! tor_tls_cert_matches_key(conn->tls, link_cert)) {
|
|
|
|
|
ERR("The link certificate didn't match the TLS public key");
|
|
|
|
|
}
|
2011-11-03 18:01:59 +01:00
|
|
|
/* Note that this warns more loudly about time and validity if we were
|
|
|
|
|
* _trying_ to connect to an authority, not necessarily if we _did_ connect
|
|
|
|
|
* to one. */
|
|
|
|
|
if (router_digest_is_trusted_dir(conn->identity_digest))
|
|
|
|
|
severity = LOG_WARN;
|
|
|
|
|
else
|
|
|
|
|
severity = LOG_PROTOCOL_WARN;
|
|
|
|
|
|
|
|
|
|
if (! tor_tls_cert_is_valid(severity, link_cert, id_cert, 0))
|
2011-09-13 22:24:49 +02:00
|
|
|
ERR("The link certificate was not valid");
|
2011-11-03 18:01:59 +01:00
|
|
|
if (! tor_tls_cert_is_valid(severity, id_cert, id_cert, 1))
|
2011-09-13 22:24:49 +02:00
|
|
|
ERR("The ID certificate was not valid");
|
|
|
|
|
|
2011-09-27 19:15:36 +02:00
|
|
|
conn->handshake_state->authenticated = 1;
|
|
|
|
|
{
|
|
|
|
|
const digests_t *id_digests = tor_cert_get_id_digests(id_cert);
|
2012-01-18 21:53:30 +01:00
|
|
|
crypto_pk_t *identity_rcvd;
|
2011-10-05 16:33:39 +02:00
|
|
|
if (!id_digests)
|
|
|
|
|
ERR("Couldn't compute digests for key in ID cert");
|
|
|
|
|
|
|
|
|
|
identity_rcvd = tor_tls_cert_get_key(id_cert);
|
2011-10-23 19:30:33 +02:00
|
|
|
if (!identity_rcvd)
|
|
|
|
|
ERR("Internal error: Couldn't get RSA key from ID cert.");
|
2011-09-27 19:15:36 +02:00
|
|
|
memcpy(conn->handshake_state->authenticated_peer_id,
|
|
|
|
|
id_digests->d[DIGEST_SHA1], DIGEST_LEN);
|
|
|
|
|
connection_or_set_circid_type(conn, identity_rcvd);
|
2012-01-18 21:53:30 +01:00
|
|
|
crypto_pk_free(identity_rcvd);
|
2011-09-27 19:15:36 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if (connection_or_client_learned_peer_id(conn,
|
|
|
|
|
conn->handshake_state->authenticated_peer_id) < 0)
|
|
|
|
|
ERR("Problem setting or checking peer id");
|
|
|
|
|
|
2011-10-11 04:24:33 +02:00
|
|
|
log_info(LD_OR, "Got some good certificates from %s:%d: Authenticated it.",
|
2011-09-28 19:19:55 +02:00
|
|
|
safe_str(conn->_base.address), conn->_base.port);
|
2011-09-13 22:24:49 +02:00
|
|
|
|
|
|
|
|
conn->handshake_state->id_cert = id_cert;
|
|
|
|
|
id_cert = NULL;
|
2011-11-03 17:31:31 +01:00
|
|
|
|
2011-11-03 17:03:05 +01:00
|
|
|
if (!public_server_mode(get_options())) {
|
2011-11-03 17:31:31 +01:00
|
|
|
/* If we initiated the connection and we are not a public server, we
|
|
|
|
|
* aren't planning to authenticate at all. At this point we know who we
|
|
|
|
|
* are talking to, so we can just send a netinfo now. */
|
|
|
|
|
send_netinfo = 1;
|
2011-11-03 17:03:05 +01:00
|
|
|
}
|
2011-09-13 22:24:49 +02:00
|
|
|
} else {
|
|
|
|
|
if (! (id_cert && auth_cert))
|
|
|
|
|
ERR("The certs we wanted were missing");
|
|
|
|
|
|
|
|
|
|
/* Remember these certificates so we can check an AUTHENTICATE cell */
|
2011-11-15 17:56:21 +01:00
|
|
|
if (! tor_tls_cert_is_valid(LOG_PROTOCOL_WARN, auth_cert, id_cert, 1))
|
2011-09-13 22:24:49 +02:00
|
|
|
ERR("The authentication certificate was not valid");
|
2011-11-15 17:56:21 +01:00
|
|
|
if (! tor_tls_cert_is_valid(LOG_PROTOCOL_WARN, id_cert, id_cert, 1))
|
2011-09-13 22:24:49 +02:00
|
|
|
ERR("The ID certificate was not valid");
|
|
|
|
|
|
2011-10-11 04:24:33 +02:00
|
|
|
log_info(LD_OR, "Got some good certificates from %s:%d: "
|
2011-09-28 19:10:40 +02:00
|
|
|
"Waiting for AUTHENTICATE.",
|
2011-09-28 19:19:55 +02:00
|
|
|
safe_str(conn->_base.address), conn->_base.port);
|
2011-09-13 22:24:49 +02:00
|
|
|
/* XXXX check more stuff? */
|
|
|
|
|
|
2011-10-28 22:38:56 +02:00
|
|
|
conn->handshake_state->id_cert = id_cert;
|
|
|
|
|
conn->handshake_state->auth_cert = auth_cert;
|
2011-09-13 22:24:49 +02:00
|
|
|
id_cert = auth_cert = NULL;
|
|
|
|
|
}
|
|
|
|
|
|
2011-10-31 09:33:38 +01:00
|
|
|
conn->handshake_state->received_certs_cell = 1;
|
2011-11-03 17:31:31 +01:00
|
|
|
|
|
|
|
|
if (send_netinfo) {
|
|
|
|
|
if (connection_or_send_netinfo(conn) < 0) {
|
|
|
|
|
log_warn(LD_OR, "Couldn't send netinfo cell");
|
|
|
|
|
connection_mark_for_close(TO_CONN(conn));
|
|
|
|
|
goto err;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2011-10-11 17:30:01 +02:00
|
|
|
err:
|
2011-09-13 22:24:49 +02:00
|
|
|
tor_cert_free(id_cert);
|
|
|
|
|
tor_cert_free(link_cert);
|
|
|
|
|
tor_cert_free(auth_cert);
|
|
|
|
|
#undef ERR
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/** Process an AUTH_CHALLENGE cell from an OR connection.
|
|
|
|
|
*
|
|
|
|
|
* If we weren't supposed to get one (for example, because we're not the
|
|
|
|
|
* originator of the connection), or it's ill-formed, or we aren't doing a v3
|
|
|
|
|
* handshake, mark the connection. If the cell is well-formed but we don't
|
|
|
|
|
* want to authenticate, just drop it. If the cell is well-formed *and* we
|
2011-10-31 09:33:38 +01:00
|
|
|
* want to authenticate, send an AUTHENTICATE cell and then a NETINFO cell. */
|
2011-09-13 22:24:49 +02:00
|
|
|
static void
|
|
|
|
|
command_process_auth_challenge_cell(var_cell_t *cell, or_connection_t *conn)
|
|
|
|
|
{
|
|
|
|
|
int n_types, i, use_type = -1;
|
|
|
|
|
uint8_t *cp;
|
|
|
|
|
|
|
|
|
|
#define ERR(s) \
|
|
|
|
|
do { \
|
|
|
|
|
log_fn(LOG_PROTOCOL_WARN, LD_PROTOCOL, \
|
|
|
|
|
"Received a bad AUTH_CHALLENGE cell from %s:%d: %s", \
|
2011-09-28 19:19:55 +02:00
|
|
|
safe_str(conn->_base.address), conn->_base.port, (s)); \
|
2011-09-13 22:24:49 +02:00
|
|
|
connection_mark_for_close(TO_CONN(conn)); \
|
|
|
|
|
return; \
|
|
|
|
|
} while (0)
|
|
|
|
|
|
|
|
|
|
if (conn->_base.state != OR_CONN_STATE_OR_HANDSHAKING_V3)
|
|
|
|
|
ERR("We're not currently doing a v3 handshake");
|
2011-09-27 19:15:36 +02:00
|
|
|
if (conn->link_proto < 3)
|
|
|
|
|
ERR("We're not using link protocol >= 3");
|
2011-09-13 22:24:49 +02:00
|
|
|
if (! conn->handshake_state->started_here)
|
|
|
|
|
ERR("We didn't originate this connection");
|
|
|
|
|
if (conn->handshake_state->received_auth_challenge)
|
|
|
|
|
ERR("We already received one");
|
2011-10-31 09:33:38 +01:00
|
|
|
if (! conn->handshake_state->received_certs_cell)
|
2011-09-27 19:15:36 +02:00
|
|
|
ERR("We haven't gotten a CERTS cell yet");
|
2011-09-13 22:24:49 +02:00
|
|
|
if (cell->payload_len < OR_AUTH_CHALLENGE_LEN + 2)
|
|
|
|
|
ERR("It was too short");
|
|
|
|
|
if (cell->circ_id)
|
|
|
|
|
ERR("It had a nonzero circuit ID");
|
|
|
|
|
|
|
|
|
|
n_types = ntohs(get_uint16(cell->payload + OR_AUTH_CHALLENGE_LEN));
|
|
|
|
|
if (cell->payload_len < OR_AUTH_CHALLENGE_LEN + 2 + 2*n_types)
|
|
|
|
|
ERR("It looks truncated");
|
|
|
|
|
|
|
|
|
|
/* Now see if there is an authentication type we can use */
|
|
|
|
|
cp=cell->payload+OR_AUTH_CHALLENGE_LEN+2;
|
|
|
|
|
for (i=0; i < n_types; ++i, cp += 2) {
|
|
|
|
|
uint16_t authtype = ntohs(get_uint16(cp));
|
|
|
|
|
if (authtype == AUTHTYPE_RSA_SHA256_TLSSECRET)
|
|
|
|
|
use_type = authtype;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
conn->handshake_state->received_auth_challenge = 1;
|
|
|
|
|
|
2011-11-03 17:40:02 +01:00
|
|
|
if (! public_server_mode(get_options())) {
|
|
|
|
|
/* If we're not a public server then we don't want to authenticate on a
|
|
|
|
|
connection we originated, and we already sent a NETINFO cell when we
|
|
|
|
|
got the CERTS cell. We have nothing more to do. */
|
|
|
|
|
return;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if (use_type >= 0) {
|
2011-09-28 19:10:40 +02:00
|
|
|
log_info(LD_OR, "Got an AUTH_CHALLENGE cell from %s:%d: Sending "
|
|
|
|
|
"authentication",
|
2011-09-28 19:19:55 +02:00
|
|
|
safe_str(conn->_base.address), conn->_base.port);
|
2011-09-28 19:10:40 +02:00
|
|
|
|
2011-09-27 19:15:36 +02:00
|
|
|
if (connection_or_send_authenticate_cell(conn, use_type) < 0) {
|
|
|
|
|
log_warn(LD_OR, "Couldn't send authenticate cell");
|
|
|
|
|
connection_mark_for_close(TO_CONN(conn));
|
|
|
|
|
return;
|
|
|
|
|
}
|
2011-09-28 19:10:40 +02:00
|
|
|
} else {
|
2011-11-03 17:40:02 +01:00
|
|
|
log_info(LD_OR, "Got an AUTH_CHALLENGE cell from %s:%d, but we don't "
|
|
|
|
|
"know any of its authentication types. Not authenticating.",
|
2011-09-28 19:19:55 +02:00
|
|
|
safe_str(conn->_base.address), conn->_base.port);
|
2011-09-27 19:15:36 +02:00
|
|
|
}
|
2011-11-03 17:40:02 +01:00
|
|
|
|
|
|
|
|
if (connection_or_send_netinfo(conn) < 0) {
|
|
|
|
|
log_warn(LD_OR, "Couldn't send netinfo cell");
|
|
|
|
|
connection_mark_for_close(TO_CONN(conn));
|
|
|
|
|
return;
|
|
|
|
|
}
|
|
|
|
|
|
2011-09-13 22:24:49 +02:00
|
|
|
#undef ERR
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/** Process an AUTHENTICATE cell from an OR connection.
|
|
|
|
|
*
|
|
|
|
|
* If it's ill-formed or we weren't supposed to get one or we're not doing a
|
|
|
|
|
* v3 handshake, then mark the connection. If it does not authenticate the
|
|
|
|
|
* other side of the connection successfully (because it isn't signed right,
|
2011-10-31 09:33:38 +01:00
|
|
|
* we didn't get a CERTS cell, etc) mark the connection. Otherwise, accept
|
2011-09-13 22:24:49 +02:00
|
|
|
* the identity of the router on the other side of the connection.
|
|
|
|
|
*/
|
|
|
|
|
static void
|
2011-09-27 19:15:36 +02:00
|
|
|
command_process_authenticate_cell(var_cell_t *cell, or_connection_t *conn)
|
2011-09-13 22:24:49 +02:00
|
|
|
{
|
|
|
|
|
uint8_t expected[V3_AUTH_FIXED_PART_LEN];
|
|
|
|
|
const uint8_t *auth;
|
|
|
|
|
int authlen;
|
|
|
|
|
|
|
|
|
|
#define ERR(s) \
|
|
|
|
|
do { \
|
|
|
|
|
log_fn(LOG_PROTOCOL_WARN, LD_PROTOCOL, \
|
2011-10-28 22:41:04 +02:00
|
|
|
"Received a bad AUTHENTICATE cell from %s:%d: %s", \
|
2011-09-28 19:19:55 +02:00
|
|
|
safe_str(conn->_base.address), conn->_base.port, (s)); \
|
2011-09-13 22:24:49 +02:00
|
|
|
connection_mark_for_close(TO_CONN(conn)); \
|
|
|
|
|
return; \
|
|
|
|
|
} while (0)
|
|
|
|
|
|
|
|
|
|
if (conn->_base.state != OR_CONN_STATE_OR_HANDSHAKING_V3)
|
|
|
|
|
ERR("We're not doing a v3 handshake");
|
2011-09-27 19:15:36 +02:00
|
|
|
if (conn->link_proto < 3)
|
|
|
|
|
ERR("We're not using link protocol >= 3");
|
2011-09-27 21:20:17 +02:00
|
|
|
if (conn->handshake_state->started_here)
|
2011-09-13 22:24:49 +02:00
|
|
|
ERR("We originated this connection");
|
|
|
|
|
if (conn->handshake_state->received_authenticate)
|
|
|
|
|
ERR("We already got one!");
|
2011-09-27 19:15:36 +02:00
|
|
|
if (conn->handshake_state->authenticated) {
|
|
|
|
|
/* Should be impossible given other checks */
|
|
|
|
|
ERR("The peer is already authenticated");
|
|
|
|
|
}
|
2011-10-31 09:33:38 +01:00
|
|
|
if (! conn->handshake_state->received_certs_cell)
|
|
|
|
|
ERR("We never got a certs cell");
|
2011-09-13 22:24:49 +02:00
|
|
|
if (conn->handshake_state->auth_cert == NULL)
|
|
|
|
|
ERR("We never got an authentication certificate");
|
2011-09-27 19:15:36 +02:00
|
|
|
if (conn->handshake_state->id_cert == NULL)
|
|
|
|
|
ERR("We never got an identity certificate");
|
2011-09-13 22:24:49 +02:00
|
|
|
if (cell->payload_len < 4)
|
|
|
|
|
ERR("Cell was way too short");
|
|
|
|
|
|
|
|
|
|
auth = cell->payload;
|
|
|
|
|
{
|
|
|
|
|
uint16_t type = ntohs(get_uint16(auth));
|
|
|
|
|
uint16_t len = ntohs(get_uint16(auth+2));
|
|
|
|
|
if (4 + len > cell->payload_len)
|
|
|
|
|
ERR("Authenticator was truncated");
|
|
|
|
|
|
|
|
|
|
if (type != AUTHTYPE_RSA_SHA256_TLSSECRET)
|
|
|
|
|
ERR("Authenticator type was not recognized");
|
|
|
|
|
|
|
|
|
|
auth += 4;
|
|
|
|
|
authlen = len;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if (authlen < V3_AUTH_BODY_LEN + 1)
|
|
|
|
|
ERR("Authenticator was too short");
|
|
|
|
|
|
|
|
|
|
if (connection_or_compute_authenticate_cell_body(
|
|
|
|
|
conn, expected, sizeof(expected), NULL, 1) < 0)
|
|
|
|
|
ERR("Couldn't compute expected AUTHENTICATE cell body");
|
|
|
|
|
|
|
|
|
|
if (tor_memneq(expected, auth, sizeof(expected)))
|
|
|
|
|
ERR("Some field in the AUTHENTICATE cell body was not as expected");
|
|
|
|
|
|
|
|
|
|
{
|
2012-01-18 21:53:30 +01:00
|
|
|
crypto_pk_t *pk = tor_tls_cert_get_key(
|
2011-09-13 22:24:49 +02:00
|
|
|
conn->handshake_state->auth_cert);
|
|
|
|
|
char d[DIGEST256_LEN];
|
|
|
|
|
char *signed_data;
|
|
|
|
|
size_t keysize;
|
|
|
|
|
int signed_len;
|
|
|
|
|
|
2011-10-23 19:30:33 +02:00
|
|
|
if (!pk)
|
|
|
|
|
ERR("Internal error: couldn't get RSA key from AUTH cert.");
|
2011-09-13 22:24:49 +02:00
|
|
|
crypto_digest256(d, (char*)auth, V3_AUTH_BODY_LEN, DIGEST_SHA256);
|
|
|
|
|
|
|
|
|
|
keysize = crypto_pk_keysize(pk);
|
|
|
|
|
signed_data = tor_malloc(keysize);
|
|
|
|
|
signed_len = crypto_pk_public_checksig(pk, signed_data, keysize,
|
|
|
|
|
(char*)auth + V3_AUTH_BODY_LEN,
|
|
|
|
|
authlen - V3_AUTH_BODY_LEN);
|
2012-01-18 21:53:30 +01:00
|
|
|
crypto_pk_free(pk);
|
2011-09-13 22:24:49 +02:00
|
|
|
if (signed_len < 0) {
|
|
|
|
|
tor_free(signed_data);
|
|
|
|
|
ERR("Signature wasn't valid");
|
|
|
|
|
}
|
|
|
|
|
if (signed_len < DIGEST256_LEN) {
|
|
|
|
|
tor_free(signed_data);
|
|
|
|
|
ERR("Not enough data was signed");
|
|
|
|
|
}
|
2011-09-27 19:15:36 +02:00
|
|
|
/* Note that we deliberately allow *more* than DIGEST256_LEN bytes here,
|
|
|
|
|
* in case they're later used to hold a SHA3 digest or something. */
|
2011-09-13 22:24:49 +02:00
|
|
|
if (tor_memneq(signed_data, d, DIGEST256_LEN)) {
|
|
|
|
|
tor_free(signed_data);
|
|
|
|
|
ERR("Signature did not match data to be signed.");
|
|
|
|
|
}
|
|
|
|
|
tor_free(signed_data);
|
|
|
|
|
}
|
|
|
|
|
|
2011-09-27 19:15:36 +02:00
|
|
|
/* Okay, we are authenticated. */
|
2011-09-13 22:24:49 +02:00
|
|
|
conn->handshake_state->received_authenticate = 1;
|
2011-09-27 19:15:36 +02:00
|
|
|
conn->handshake_state->authenticated = 1;
|
2011-09-28 16:31:56 +02:00
|
|
|
conn->handshake_state->digest_received_data = 0;
|
2011-09-27 19:15:36 +02:00
|
|
|
{
|
2012-01-18 21:53:30 +01:00
|
|
|
crypto_pk_t *identity_rcvd =
|
2011-09-27 19:15:36 +02:00
|
|
|
tor_tls_cert_get_key(conn->handshake_state->id_cert);
|
|
|
|
|
const digests_t *id_digests =
|
|
|
|
|
tor_cert_get_id_digests(conn->handshake_state->id_cert);
|
|
|
|
|
|
2011-10-05 16:33:39 +02:00
|
|
|
/* This must exist; we checked key type when reading the cert. */
|
|
|
|
|
tor_assert(id_digests);
|
|
|
|
|
|
2011-09-27 19:15:36 +02:00
|
|
|
memcpy(conn->handshake_state->authenticated_peer_id,
|
|
|
|
|
id_digests->d[DIGEST_SHA1], DIGEST_LEN);
|
|
|
|
|
|
|
|
|
|
connection_or_set_circid_type(conn, identity_rcvd);
|
2012-01-18 21:53:30 +01:00
|
|
|
crypto_pk_free(identity_rcvd);
|
2011-09-27 19:15:36 +02:00
|
|
|
|
|
|
|
|
connection_or_init_conn_from_address(conn,
|
|
|
|
|
&conn->_base.addr,
|
|
|
|
|
conn->_base.port,
|
|
|
|
|
(const char*)conn->handshake_state->authenticated_peer_id,
|
|
|
|
|
0);
|
2011-09-28 19:10:40 +02:00
|
|
|
|
|
|
|
|
log_info(LD_OR, "Got an AUTHENTICATE cell from %s:%d: Looks good.",
|
2011-09-28 19:19:55 +02:00
|
|
|
safe_str(conn->_base.address), conn->_base.port);
|
2011-09-27 19:15:36 +02:00
|
|
|
}
|
|
|
|
|
|
2011-09-13 22:24:49 +02:00
|
|
|
#undef ERR
|
|
|
|
|
}
|
|
|
|
|
|