mirror of
https://gitlab.torproject.org/tpo/core/tor.git
synced 2024-11-10 13:13:44 +01:00
Some more documentation and specs for CONNECT_DIR and BEGIN_DIR.
Demand that BEGIN_DIR cells have an empty payload. svn:r9104
This commit is contained in:
parent
04409f202d
commit
5cce710e2b
5
doc/TODO
5
doc/TODO
@ -54,7 +54,10 @@ R - Specify actual events.
|
|||||||
o Implement
|
o Implement
|
||||||
o Use for something, so we can be sure it works.
|
o Use for something, so we can be sure it works.
|
||||||
o Test and debug
|
o Test and debug
|
||||||
- be able to connect without having a server descriptor, to bootstrap
|
- turn the received socks addr:port into a digest for setting .exit
|
||||||
|
- be able to connect without having a server descriptor, to bootstrap.
|
||||||
|
- handle connect-dir streams that don't have a chosen_exit_name set.
|
||||||
|
- include ORPort in DirServers lines so we can know where to connect.
|
||||||
|
|
||||||
N - Document .noconnect addresses... but where?
|
N - Document .noconnect addresses... but where?
|
||||||
|
|
||||||
|
@ -53,7 +53,15 @@ Tor's extensions to the SOCKS protocol
|
|||||||
address" portion of the reply.
|
address" portion of the reply.
|
||||||
(This command was not supported before Tor 0.1.2.2-alpha.)
|
(This command was not supported before Tor 0.1.2.2-alpha.)
|
||||||
|
|
||||||
3. HTTP-resistance
|
3. Other command extensions.
|
||||||
|
|
||||||
|
Tor 0.1.2.4-alpha added a new command value: "CONNECT_DIR" [F2].
|
||||||
|
In this case, Tor will open an encrypted direct TCP connection to the
|
||||||
|
directory port of the Tor server specified by address:port (the port
|
||||||
|
specified should be the ORPort of the server). It uses a one-hop tunnel
|
||||||
|
and a "BEGIN_DIR" relay cell to accomplish this secure connection.
|
||||||
|
|
||||||
|
4. HTTP-resistance
|
||||||
|
|
||||||
Tor checks the first byte of each SOCKS request to see whether it looks
|
Tor checks the first byte of each SOCKS request to see whether it looks
|
||||||
more like an HTTP request (that is, it starts with a "G", "H", or "P"). If
|
more like an HTTP request (that is, it starts with a "G", "H", or "P"). If
|
||||||
|
@ -733,6 +733,9 @@ TODO:
|
|||||||
If the Tor server is not running a directory service, it should respond
|
If the Tor server is not running a directory service, it should respond
|
||||||
with a REASON_NOTDIRECTORY RELAY_END cell.
|
with a REASON_NOTDIRECTORY RELAY_END cell.
|
||||||
|
|
||||||
|
Clients MUST generate an all-zero payload for RELAY_BEGIN_DIR cells,
|
||||||
|
and servers MUST ignore the payload.
|
||||||
|
|
||||||
[RELAY_BEGIN_DIR was not supported before Tor 0.1.2.2-alpha; clients
|
[RELAY_BEGIN_DIR was not supported before Tor 0.1.2.2-alpha; clients
|
||||||
SHOULD NOT send it to routers running earlier versions of Tor.]
|
SHOULD NOT send it to routers running earlier versions of Tor.]
|
||||||
|
|
||||||
|
@ -1651,8 +1651,9 @@ connection_ap_handshake_send_begin(edge_connection_t *ap_conn,
|
|||||||
tor_assert(circ->build_state->onehop_tunnel == 0);
|
tor_assert(circ->build_state->onehop_tunnel == 0);
|
||||||
}
|
}
|
||||||
|
|
||||||
if (connection_edge_send_command(ap_conn, TO_CIRCUIT(circ),
|
if (connection_edge_send_command(ap_conn, TO_CIRCUIT(circ), begin_type,
|
||||||
begin_type, payload, payload_len,
|
begin_type == RELAY_COMMAND_BEGIN ? payload : NULL,
|
||||||
|
begin_type == RELAY_COMMAND_BEGIN ? payload_len : 0,
|
||||||
ap_conn->cpath_layer) < 0)
|
ap_conn->cpath_layer) < 0)
|
||||||
return -1; /* circuit is closed, don't continue */
|
return -1; /* circuit is closed, don't continue */
|
||||||
|
|
||||||
|
19
src/or/or.h
19
src/or/or.h
@ -1185,7 +1185,9 @@ typedef struct {
|
|||||||
int need_capacity;
|
int need_capacity;
|
||||||
/** Whether the last hop was picked with exiting in mind. */
|
/** Whether the last hop was picked with exiting in mind. */
|
||||||
int is_internal;
|
int is_internal;
|
||||||
/** Did we pick this as a one-hop tunnel (not safe for other conns)? */
|
/** Did we pick this as a one-hop tunnel (not safe for other conns)?
|
||||||
|
* These are for encrypted connections that exit to this router, not
|
||||||
|
* for arbitrary exits from the circuit. */
|
||||||
int onehop_tunnel;
|
int onehop_tunnel;
|
||||||
/** The crypt_path_t to append after rendezvous: used for rendezvous. */
|
/** The crypt_path_t to append after rendezvous: used for rendezvous. */
|
||||||
crypt_path_t *pending_final_cpath;
|
crypt_path_t *pending_final_cpath;
|
||||||
@ -1710,10 +1712,16 @@ static INLINE void or_state_mark_dirty(or_state_t *state, time_t when)
|
|||||||
#define MAX_SOCKS_REPLY_LEN 1024
|
#define MAX_SOCKS_REPLY_LEN 1024
|
||||||
#define MAX_SOCKS_ADDR_LEN 256
|
#define MAX_SOCKS_ADDR_LEN 256
|
||||||
|
|
||||||
|
/** Please open a TCP connection to this addr:port. */
|
||||||
#define SOCKS_COMMAND_CONNECT 0x01
|
#define SOCKS_COMMAND_CONNECT 0x01
|
||||||
#define SOCKS_COMMAND_CONNECT_DIR 0xE0
|
/** Please turn this FQDN into an IP address, privately. */
|
||||||
#define SOCKS_COMMAND_RESOLVE 0xF0
|
#define SOCKS_COMMAND_RESOLVE 0xF0
|
||||||
|
/** Please turn this IP address into an FQDN, privately. */
|
||||||
#define SOCKS_COMMAND_RESOLVE_PTR 0xF1
|
#define SOCKS_COMMAND_RESOLVE_PTR 0xF1
|
||||||
|
/** Please open an encrypted direct TCP connection to the directory port
|
||||||
|
* of the Tor server specified by address:port. (In this case address:port
|
||||||
|
* specifies the ORPort of the server.) */
|
||||||
|
#define SOCKS_COMMAND_CONNECT_DIR 0xF2
|
||||||
|
|
||||||
#define SOCKS_COMMAND_IS_CONNECT(c) ((c)==SOCKS_COMMAND_CONNECT || \
|
#define SOCKS_COMMAND_IS_CONNECT(c) ((c)==SOCKS_COMMAND_CONNECT || \
|
||||||
(c)==SOCKS_COMMAND_CONNECT_DIR)
|
(c)==SOCKS_COMMAND_CONNECT_DIR)
|
||||||
@ -1722,8 +1730,11 @@ static INLINE void or_state_mark_dirty(or_state_t *state, time_t when)
|
|||||||
|
|
||||||
/** State of a SOCKS request from a user to an OP */
|
/** State of a SOCKS request from a user to an OP */
|
||||||
struct socks_request_t {
|
struct socks_request_t {
|
||||||
char socks_version; /**< Which version of SOCKS did the client use? */
|
/** Which version of SOCKS did the client use? One of "0, 4, 5" -- where
|
||||||
int command; /**< What has the user requested? One from the above list. */
|
* 0 means that no socks handshake ever took place, and this is just a
|
||||||
|
* stub connection (e.g. see connection_ap_make_bridge()). */
|
||||||
|
char socks_version;
|
||||||
|
int command; /**< What is this stream's goal? One from the above list. */
|
||||||
size_t replylen; /**< Length of <b>reply</b>. */
|
size_t replylen; /**< Length of <b>reply</b>. */
|
||||||
char reply[MAX_SOCKS_REPLY_LEN]; /**< Write an entry into this string if
|
char reply[MAX_SOCKS_REPLY_LEN]; /**< Write an entry into this string if
|
||||||
* we want to specify our own socks reply,
|
* we want to specify our own socks reply,
|
||||||
|
Loading…
Reference in New Issue
Block a user