Put some last missing pieces together.

* Add some utility transport functions in circuitbuild.[ch] so that we
  can use them from pt.c.
* Make the accounting system consider traffic coming from proxies.
* Make sure that we only fetch bridge descriptors when all the
  transports are configured.

src/or/circuitbuild.c

@@ -26,6 +26,7 @@
 #include "nodelist.h"
 #include "onion.h"
 #include "policies.h"
+#include "pluggable_transports.h"
 #include "relay.h"
 #include "rephist.h"
 #include "router.h"
@@ -124,7 +125,6 @@ static int onion_append_hop(crypt_path_t **head_ptr, extend_info_t *choice);
 static void entry_guards_changed(void);
 
 static const transport_t *transport_get_by_name(const char *name);
-static void transport_free(transport_t *transport);
 static void bridge_free(bridge_info_t *bridge);
 
 /**
@@ -4591,7 +4591,7 @@ clear_transport_list(void)
 }
 
 /** Free the pluggable transport struct <b>transport</b>. */
-static void
+void
 transport_free(transport_t *transport)
 {
   if (!transport)
@@ -4619,29 +4619,35 @@ transport_get_by_name(const char *name)
   return NULL;
 }
 
-/** Remember a new pluggable transport proxy at <b>addr</b>:<b>port</b>.
+/** Returns a transport_t struct for a transport proxy supporting the
- *  <b>name</b> is set to the name of the protocol this proxy uses.
+    protocol <b>name</b> listening at <b>addr</b>:<b>port</b> using
- *  <b>socks_ver</b> is set to the SOCKS version of the proxy.
+    SOCKS version <b>socks_ver</b>. */
- *
+transport_t *
- *  Returns 0 on success, -1 on fail. */
+transport_create(const tor_addr_t *addr, uint16_t port,
-int
+                 const char *name, int socks_ver)
-transport_add_from_config(const tor_addr_t *addr, uint16_t port,
-                          const char *name, int socks_ver)
 {
-  transport_t *t;
+  transport_t *t = tor_malloc_zero(sizeof(transport_t));
 
-  if (transport_get_by_name(name)) { /* check for duplicate names */
-    log_warn(LD_CONFIG, "More than one transport has '%s' as "
-             "its name.", name);
-    return -1;
-  }
-
-  t = tor_malloc_zero(sizeof(transport_t));
   tor_addr_copy(&t->addr, addr);
   t->port = port;
   t->name = tor_strdup(name);
   t->socks_version = socks_ver;
 
+  return t;
+}
+
+/** Adds transport <b>t</b> to the internal list of pluggable transports. */
+int
+transport_add(transport_t *t)
+{
+  assert(t);
+
+  if (transport_get_by_name(t->name)) { /* check for duplicate names */
+    log_notice(LD_CONFIG, "More than one transports have '%s' as "
+               "their name.", t->name);
+    return -1;
+  }
+
   if (!transport_list)
     transport_list = smartlist_create();
 
@@ -4649,6 +4655,23 @@ transport_add_from_config(const tor_addr_t *addr, uint16_t port,
   return 0;
 }
 
+/** Remember a new pluggable transport proxy at <b>addr</b>:<b>port</b>.
+ *  <b>name</b> is set to the name of the protocol this proxy uses.
+ *  <b>socks_ver</b> is set to the SOCKS version of the proxy. */
+int
+transport_add_from_config(const tor_addr_t *addr, uint16_t port,
+                          const char *name, int socks_ver)
+{
+  transport_t *t = transport_create(addr, port, name, socks_ver);
+
+  if (transport_add(t) < 0) {
+    transport_free(t);
+    return -1;
+  } else {
+    return 0;
+  }
+}
+
 /** Warns the user of possible pluggable transport misconfiguration. */
 void
 validate_pluggable_transports_config(void)
@@ -4897,6 +4920,12 @@ fetch_bridge_descriptors(or_options_t *options, time_t now)
   if (!bridge_list)
     return;
 
+  /* ASN Should we move this to launch_direct_bridge_descriptor_fetch() ? */
+  /* If we still have unconfigured managed proxies, don't go and
+     connect to a bridge. */
+  if (pt_proxies_configuration_pending())
+    return;
+
   SMARTLIST_FOREACH_BEGIN(bridge_list, bridge_info_t *, bridge)
     {
       if (!download_status_is_ready(&bridge->fetch_status, now,

src/or/circuitbuild.h

@@ -142,6 +142,11 @@ int circuit_build_times_get_bw_scale(networkstatus_t *ns);
 void clear_transport_list(void);
 int transport_add_from_config(const tor_addr_t *addr, uint16_t port,
                                const char *name, int socks_ver);
+int transport_add(transport_t *t);
+void transport_free(transport_t *transport);
+transport_t *transport_create(const tor_addr_t *addr, uint16_t port,
+                                      const char *name, int socks_ver);
+
 int find_transport_by_bridge_addrport(const tor_addr_t *addr, uint16_t port,
                                       const transport_t **transport);
 void validate_pluggable_transports_config(void);

src/or/connection.c

@@ -2068,15 +2068,20 @@ retry_all_listeners(smartlist_t *replaced_conns,
   return retval;
 }
 
-/** Return 1 if we should apply rate limiting to <b>conn</b>,
+/** Return 1 if we should apply rate limiting to <b>conn</b>, and 0
- * and 0 otherwise. Right now this just checks if it's an internal
+ * otherwise.
- * IP address or an internal connection. */
+ * Right now this just checks if it's an internal IP address or an
+ * internal connection. We also check if the connection uses pluggable
+ * transports, since we should then limit it even if it comes from an
+ * internal IP address. */
 static int
 connection_is_rate_limited(connection_t *conn)
 {
   or_options_t *options = get_options();
   if (conn->linked)
     return 0; /* Internal connection */
+  else if (connection_uses_transport(conn)) /* pluggable transport proxy */
+    return 1;
   else if (! options->CountPrivateBandwidth &&
            (tor_addr_family(&conn->addr) == AF_UNSPEC || /* no address */
             tor_addr_is_internal(&conn->addr, 0)))
@@ -4147,6 +4152,19 @@ get_proxy_addrport(tor_addr_t *addr, uint16_t *port, int *proxy_type,
   return 0;
 }
 
+/** Returns true if connection <b>conn</b> is using a pluggable
+ *  transports proxy server. */
+int
+connection_uses_transport(connection_t *conn)
+{
+  const transport_t *transport=NULL;
+  if (find_transport_by_bridge_addrport(&conn->addr,
+                                        conn->port,&transport) == 0)
+    return 1;
+  else
+    return 0;
+}
+
 /** Returns the global proxy type used by tor. */
 static int
 get_proxy_type(void)

src/or/connection.h

@@ -60,6 +60,7 @@ int connection_read_proxy_handshake(connection_t *conn);
 void log_failed_proxy_connection(connection_t *conn);
 int get_proxy_addrport(tor_addr_t *addr, uint16_t *port, int *proxy_type,
                        const connection_t *conn);
+int connection_uses_transport(connection_t *conn);
 
 int retry_all_listeners(smartlist_t *replaced_conns,
                         smartlist_t *new_conns);

src/or/main.c

@@ -37,6 +37,7 @@
 #include "ntmain.h"
 #include "onion.h"
 #include "policies.h"
+#include "pluggable_transports.h"
 #include "relay.h"
 #include "rendclient.h"
 #include "rendcommon.h"
@@ -1447,7 +1448,7 @@ run_scheduled_events(time_t now)
     }
   }
 
-  /** 10b. write bridge networkstatus file to disk */
+  /** 10. write bridge networkstatus file to disk */
   if (options->BridgeAuthoritativeDir &&
       time_to_write_bridge_status_file < now) {
     networkstatus_dump_bridge_status_to_file(now);
@@ -1455,6 +1456,7 @@ run_scheduled_events(time_t now)
     time_to_write_bridge_status_file = now+BRIDGE_STATUSFILE_INTERVAL;
   }
 
+  /** 11. check the port forwarding app */
   if (time_to_check_port_forwarding < now &&
       options->PortForwarding &&
       is_server) {
@@ -1466,7 +1468,11 @@ run_scheduled_events(time_t now)
     time_to_check_port_forwarding = now+PORT_FORWARDING_CHECK_INTERVAL;
   }
 
-  /** 11. write the heartbeat message */
+  /** 11b. check pending unconfigured managed proxies */
+  if (pt_proxies_configuration_pending())
+    pt_configure_remaining_proxies();
+
+  /** 12. write the heartbeat message */
   if (options->HeartbeatPeriod &&
       time_to_next_heartbeat < now) {
     log_heartbeat(now);
@@ -2258,6 +2264,7 @@ tor_free_all(int postfork)
   clear_pending_onions();
   circuit_free_all();
   entry_guards_free_all();
+  pt_free_all();
   connection_free_all();
   buf_shrink_freelists(1);
   memarea_clear_freelist();