Some more documentation and specs for CONNECT_DIR and BEGIN_DIR.

Demand that BEGIN_DIR cells have an empty payload.


svn:r9104
This commit is contained in:
Roger Dingledine 2006-12-13 22:42:52 +00:00
parent 04409f202d
commit 5cce710e2b
5 changed files with 37 additions and 11 deletions

View File

@ -54,7 +54,10 @@ R - Specify actual events.
o Implement o Implement
o Use for something, so we can be sure it works. o Use for something, so we can be sure it works.
o Test and debug o Test and debug
- be able to connect without having a server descriptor, to bootstrap - turn the received socks addr:port into a digest for setting .exit
- be able to connect without having a server descriptor, to bootstrap.
- handle connect-dir streams that don't have a chosen_exit_name set.
- include ORPort in DirServers lines so we can know where to connect.
N - Document .noconnect addresses... but where? N - Document .noconnect addresses... but where?

View File

@ -53,7 +53,15 @@ Tor's extensions to the SOCKS protocol
address" portion of the reply. address" portion of the reply.
(This command was not supported before Tor 0.1.2.2-alpha.) (This command was not supported before Tor 0.1.2.2-alpha.)
3. HTTP-resistance 3. Other command extensions.
Tor 0.1.2.4-alpha added a new command value: "CONNECT_DIR" [F2].
In this case, Tor will open an encrypted direct TCP connection to the
directory port of the Tor server specified by address:port (the port
specified should be the ORPort of the server). It uses a one-hop tunnel
and a "BEGIN_DIR" relay cell to accomplish this secure connection.
4. HTTP-resistance
Tor checks the first byte of each SOCKS request to see whether it looks Tor checks the first byte of each SOCKS request to see whether it looks
more like an HTTP request (that is, it starts with a "G", "H", or "P"). If more like an HTTP request (that is, it starts with a "G", "H", or "P"). If

View File

@ -733,6 +733,9 @@ TODO:
If the Tor server is not running a directory service, it should respond If the Tor server is not running a directory service, it should respond
with a REASON_NOTDIRECTORY RELAY_END cell. with a REASON_NOTDIRECTORY RELAY_END cell.
Clients MUST generate an all-zero payload for RELAY_BEGIN_DIR cells,
and servers MUST ignore the payload.
[RELAY_BEGIN_DIR was not supported before Tor 0.1.2.2-alpha; clients [RELAY_BEGIN_DIR was not supported before Tor 0.1.2.2-alpha; clients
SHOULD NOT send it to routers running earlier versions of Tor.] SHOULD NOT send it to routers running earlier versions of Tor.]

View File

@ -1651,8 +1651,9 @@ connection_ap_handshake_send_begin(edge_connection_t *ap_conn,
tor_assert(circ->build_state->onehop_tunnel == 0); tor_assert(circ->build_state->onehop_tunnel == 0);
} }
if (connection_edge_send_command(ap_conn, TO_CIRCUIT(circ), if (connection_edge_send_command(ap_conn, TO_CIRCUIT(circ), begin_type,
begin_type, payload, payload_len, begin_type == RELAY_COMMAND_BEGIN ? payload : NULL,
begin_type == RELAY_COMMAND_BEGIN ? payload_len : 0,
ap_conn->cpath_layer) < 0) ap_conn->cpath_layer) < 0)
return -1; /* circuit is closed, don't continue */ return -1; /* circuit is closed, don't continue */

View File

@ -1185,7 +1185,9 @@ typedef struct {
int need_capacity; int need_capacity;
/** Whether the last hop was picked with exiting in mind. */ /** Whether the last hop was picked with exiting in mind. */
int is_internal; int is_internal;
/** Did we pick this as a one-hop tunnel (not safe for other conns)? */ /** Did we pick this as a one-hop tunnel (not safe for other conns)?
* These are for encrypted connections that exit to this router, not
* for arbitrary exits from the circuit. */
int onehop_tunnel; int onehop_tunnel;
/** The crypt_path_t to append after rendezvous: used for rendezvous. */ /** The crypt_path_t to append after rendezvous: used for rendezvous. */
crypt_path_t *pending_final_cpath; crypt_path_t *pending_final_cpath;
@ -1710,10 +1712,16 @@ static INLINE void or_state_mark_dirty(or_state_t *state, time_t when)
#define MAX_SOCKS_REPLY_LEN 1024 #define MAX_SOCKS_REPLY_LEN 1024
#define MAX_SOCKS_ADDR_LEN 256 #define MAX_SOCKS_ADDR_LEN 256
/** Please open a TCP connection to this addr:port. */
#define SOCKS_COMMAND_CONNECT 0x01 #define SOCKS_COMMAND_CONNECT 0x01
#define SOCKS_COMMAND_CONNECT_DIR 0xE0 /** Please turn this FQDN into an IP address, privately. */
#define SOCKS_COMMAND_RESOLVE 0xF0 #define SOCKS_COMMAND_RESOLVE 0xF0
/** Please turn this IP address into an FQDN, privately. */
#define SOCKS_COMMAND_RESOLVE_PTR 0xF1 #define SOCKS_COMMAND_RESOLVE_PTR 0xF1
/** Please open an encrypted direct TCP connection to the directory port
* of the Tor server specified by address:port. (In this case address:port
* specifies the ORPort of the server.) */
#define SOCKS_COMMAND_CONNECT_DIR 0xF2
#define SOCKS_COMMAND_IS_CONNECT(c) ((c)==SOCKS_COMMAND_CONNECT || \ #define SOCKS_COMMAND_IS_CONNECT(c) ((c)==SOCKS_COMMAND_CONNECT || \
(c)==SOCKS_COMMAND_CONNECT_DIR) (c)==SOCKS_COMMAND_CONNECT_DIR)
@ -1722,8 +1730,11 @@ static INLINE void or_state_mark_dirty(or_state_t *state, time_t when)
/** State of a SOCKS request from a user to an OP */ /** State of a SOCKS request from a user to an OP */
struct socks_request_t { struct socks_request_t {
char socks_version; /**< Which version of SOCKS did the client use? */ /** Which version of SOCKS did the client use? One of "0, 4, 5" -- where
int command; /**< What has the user requested? One from the above list. */ * 0 means that no socks handshake ever took place, and this is just a
* stub connection (e.g. see connection_ap_make_bridge()). */
char socks_version;
int command; /**< What is this stream's goal? One from the above list. */
size_t replylen; /**< Length of <b>reply</b>. */ size_t replylen; /**< Length of <b>reply</b>. */
char reply[MAX_SOCKS_REPLY_LEN]; /**< Write an entry into this string if char reply[MAX_SOCKS_REPLY_LEN]; /**< Write an entry into this string if
* we want to specify our own socks reply, * we want to specify our own socks reply,