bugfixes and refactorings

svn:r468

src/or/circuit.c

@@ -127,11 +127,13 @@ static aci_t get_unique_aci_by_addr_port(uint32_t addr, uint16_t port, int aci_t
   high_bit = (aci_type == ACI_TYPE_HIGHER) ? 1<<15 : 0;
   conn = connection_exact_get_by_addr_port(addr,port);
   if (!conn)
-    return 1; /* No connection exists; conflict is impossible. */
+    return (1|high_bit); /* No connection exists; conflict is impossible. */
 
   do {
     /* Sequentially iterate over test_aci=1...1<<15-1 until we find an
      * aci such that (high_bit|test_aci) is not already used. */
+    /* XXX Will loop forever if all aci's in our range are used.
+     * This matters because it's an external DoS vulnerability. */
     test_aci = conn->next_aci++;
     if (test_aci == 0 || test_aci >= 1<<15) {
       test_aci = 1;
@@ -225,13 +227,13 @@ circuit_t *circuit_get_by_conn(connection_t *conn) {
   return NULL;
 }
 
-circuit_t *circuit_get_newest_ap(void) {
+circuit_t *circuit_get_newest_open(void) {
   circuit_t *circ, *bestcirc=NULL;
 
   for(circ=global_circuitlist;circ;circ = circ->next) {
-    if(circ->cpath && circ->state == CIRCUIT_STATE_OPEN && (!bestcirc ||
+    if(circ->cpath && circ->state == CIRCUIT_STATE_OPEN && circ->n_conn && (!bestcirc ||
       bestcirc->timestamp_created < circ->timestamp_created)) {
-      log_fn(LOG_DEBUG,"Choosing n_aci %d.", circ->n_aci);
+      log_fn(LOG_DEBUG,"Choosing circuit %s:%d:%d.", circ->n_conn->address, circ->n_port, circ->n_aci);
       assert(circ->n_aci);
       bestcirc = circ;
     }
@@ -501,7 +503,7 @@ void circuit_close(circuit_t *circ) {
 
   assert(circ);
   if(options.APPort) {
-    youngest = circuit_get_newest_ap();
+    youngest = circuit_get_newest_open();
     log_fn(LOG_DEBUG,"youngest %d, circ %d.",(int)youngest, (int)circ);
   }
   circuit_remove(circ);
@@ -610,7 +612,7 @@ void circuit_expire_unused_circuits(void) {
   circuit_t *circ, *tmpcirc;
   circuit_t *youngest;
 
-  youngest = circuit_get_newest_ap();
+  youngest = circuit_get_newest_open();
 
   circ = global_circuitlist;
   while(circ) {

src/or/connection.c

@@ -848,7 +848,7 @@ void assert_connection_ok(connection_t *conn, time_t now)
              conn->state <= _EXIT_CONN_STATE_MAX);
       break;
     case CONN_TYPE_AP:
-      assert(conn->state >= _EXIT_CONN_STATE_MIN &&
+      assert(conn->state >= _AP_CONN_STATE_MIN &&
              conn->state <= _AP_CONN_STATE_MAX);
       break;
     case CONN_TYPE_DIR:

src/or/connection_edge.c

@@ -12,6 +12,21 @@ static int connection_ap_handshake_socks_reply(connection_t *conn, char result);
 
 static int connection_exit_begin_conn(cell_t *cell, circuit_t *circ);
 
+#define SOCKS4_REQUEST_GRANTED          90
+#define SOCKS4_REQUEST_REJECT           91
+#define SOCKS4_REQUEST_IDENT_FAILED     92
+#define SOCKS4_REQUEST_IDENT_CONFLICT   93
+
+/* structure of a socks client operation */
+typedef struct {
+   unsigned char version;     /* socks version number */
+   unsigned char command;     /* command code */
+   unsigned char destport[2]; /* destination port, network order */
+   unsigned char destip[4];   /* destination address */
+   /* userid follows, terminated by a NULL */
+   /* dest host follows, terminated by a NULL */
+} socks4_t;
+
 int connection_edge_process_inbuf(connection_t *conn) {
 
   assert(conn);
@@ -509,7 +524,7 @@ static int connection_ap_handshake_process_socks(connection_t *conn) {
   }
 
   /* find the circuit that we should use, if there is one. */
-  circ = circuit_get_newest_ap();
+  circ = circuit_get_newest_open();
 
   if(!circ) {
     log_fn(LOG_INFO,"No circuit ready. Closing.");

src/or/directory.c

@@ -21,6 +21,7 @@ static int reading_headers=0;
 static int directory_dirty=1;
 
 static char getstring[] = "GET / HTTP/1.0\r\n\r\n";
+static char poststring[] = "POST / HTTP/1.0\r\n\r\n";
 static char answerstring[] = "HTTP/1.0 200 OK\r\n\r\n";
 
 /********* END VARIABLES ************/
@@ -132,7 +133,7 @@ int connection_dir_process_inbuf(connection_t *conn) {
     if(router_get_dir_from_string(the_directory, conn->pkey) < 0) {
       log_fn(LOG_DEBUG,"...but parsing failed. Ignoring.");
     } else {
-      log_fn(LOG_DEBUG,"and got a %s directory; updated routers.", 
+      log_fn(LOG_DEBUG,"and got an %s directory; updated routers.", 
           conn->pkey ? "authenticated" : "unauthenticated");
     }
 
@@ -235,7 +236,6 @@ int connection_dir_finished_flushing(connection_t *conn) {
     case DIR_CONN_STATE_CONNECTING:
       if (getsockopt(conn->s, SOL_SOCKET, SO_ERROR, (void*)&e, &len) < 0)  { /* not yet */
         if(!ERRNO_CONN_EINPROGRESS(errno)) {
-          /* yuck. kill it. */
           log_fn(LOG_DEBUG,"in-progress connect failed. Removing.");
           router_forget_router(conn->addr, conn->port); /* don't try him again */
           return -1;

src/or/main.c

@@ -343,7 +343,7 @@ static int prepare_for_poll(void) {
     if(options.APPort && time_to_new_circuit < now.tv_sec) {
       circuit_expire_unused_circuits();
       circuit_launch_new(-1); /* tell it to forget about previous failures */
-      circ = circuit_get_newest_ap();
+      circ = circuit_get_newest_open();
       if(!circ || circ->dirty) {
         log(LOG_INFO,"prepare_for_poll(): Youngest circuit %s; launching replacement.", circ ? "dirty" : "missing");
         circuit_launch_new(0); /* make an onion and lay the circuit */

src/or/onion.c

@@ -21,6 +21,11 @@ int decide_aci_type(uint32_t local_addr, uint16_t local_port,
    return ACI_TYPE_LOWER; 
 }
 
+struct onion_queue_t {
+  circuit_t *circ;
+  struct onion_queue_t *next;
+};
+
 /* global (within this file) variables used by the next few functions */
 static struct onion_queue_t *ol_list=NULL;
 static struct onion_queue_t *ol_tail=NULL;

src/or/or.h

@@ -105,8 +105,10 @@
 #define MAX_BUF_SIZE (640*1024)
 #define DEFAULT_BANDWIDTH_OP (1024 * 1000)
 
+#ifndef USE_TLS
 #define HANDSHAKE_AS_OP 1
 #define HANDSHAKE_AS_OR 2
+#endif
 
 #define ACI_TYPE_LOWER 0
 #define ACI_TYPE_HIGHER 1
@@ -136,7 +138,6 @@
 #define _CPUWORKER_STATE_MAX 2
 
 #define CPUWORKER_TASK_ONION CPUWORKER_STATE_BUSY_ONION
-#define CPUWORKER_TASK_HANDSHAKE CPUWORKER_STATE_BUSY_HANDSHAKE
 
 #ifndef USE_TLS
 /* how to read these states:
@@ -180,21 +181,17 @@
 #define _AP_CONN_STATE_MAX 5
 
 #define _DIR_CONN_STATE_MIN 0
-#define DIR_CONN_STATE_CONNECTING 0
-#define DIR_CONN_STATE_SENDING_COMMAND 1
-#define DIR_CONN_STATE_READING 2
-#define DIR_CONN_STATE_COMMAND_WAIT 3
-#define DIR_CONN_STATE_WRITING 4
+#define DIR_CONN_STATE_CONNECTING 0 /* client */
+#define DIR_CONN_STATE_SENDING_COMMAND 1 /* client */
+#define DIR_CONN_STATE_READING 2 /* client */
+#define DIR_CONN_STATE_COMMAND_WAIT 3 /* dirserver */
+#define DIR_CONN_STATE_WRITING 4 /* dirserver */
 #define _DIR_CONN_STATE_MAX 4
 
 #define CIRCUIT_STATE_BUILDING 0 /* I'm the OP, still haven't done all my handshakes */
-#define CIRCUIT_STATE_ONIONSKIN_PENDING 1 /* waiting to process the onion */
+#define CIRCUIT_STATE_ONIONSKIN_PENDING 1 /* waiting to process the onionskin */
 #define CIRCUIT_STATE_OR_WAIT 2 /* I'm the OP, my firsthop is still connecting */
-#define CIRCUIT_STATE_OPEN 3 /* onion processed, ready to send data along the connection */
-//#define CIRCUIT_STATE_CLOSE_WAIT1 4 /* sent two "destroy" signals, waiting for acks */
-//#define CIRCUIT_STATE_CLOSE_WAIT2 5 /* received one ack, waiting for one more 
-//                                       (or if just one was sent, waiting for that one */
-//#define CIRCUIT_STATE_CLOSE 4 /* both acks received, connection is dead */ /* NOT USED */
+#define CIRCUIT_STATE_OPEN 3 /* onionskin(s) processed, ready to send/receive cells */
 
 #define RELAY_COMMAND_BEGIN 1
 #define RELAY_COMMAND_DATA 2
@@ -212,8 +209,10 @@
 #define DEFAULT_CIPHER CRYPTO_CIPHER_AES_CTR
 /* Used to en/decrypt onion skins */
 #define ONION_CIPHER      DEFAULT_CIPHER
+#ifndef USE_TLS
 /* Used to en/decrypt cells between ORs/OPs. */
 #define CONNECTION_CIPHER DEFAULT_CIPHER
+#endif
 /* Used to en/decrypt RELAY cells */
 #define CIRCUIT_CIPHER    DEFAULT_CIPHER
 
@@ -260,21 +259,6 @@ typedef struct {
 
 #define ZERO_STREAM "\0\0\0\0\0\0\0\0"
 
-#define SOCKS4_REQUEST_GRANTED          90
-#define SOCKS4_REQUEST_REJECT           91
-#define SOCKS4_REQUEST_IDENT_FAILED     92
-#define SOCKS4_REQUEST_IDENT_CONFLICT   93
-
-/* structure of a socks client operation */
-typedef struct {
-   unsigned char version;     /* socks version number */
-   unsigned char command;     /* command code */
-   unsigned char destport[2]; /* destination port, network order */
-   unsigned char destip[4];   /* destination address */
-   /* userid follows, terminated by a NULL */
-   /* dest host follows, terminated by a NULL */
-} socks4_t;
-
 struct connection_t { 
 
   uint8_t type;
@@ -428,7 +412,7 @@ struct circuit_t {
   int package_window;
   int deliver_window;
 
-  aci_t p_aci; /* connection identifiers */
+  aci_t p_aci; /* circuit identifiers */
   aci_t n_aci;
 
   crypto_cipher_env_t *p_crypto; /* used only for intermediate hops */
@@ -447,11 +431,6 @@ struct circuit_t {
 
 typedef struct circuit_t circuit_t;
 
-struct onion_queue_t {
-  circuit_t *circ;
-  struct onion_queue_t *next;
-};
-
 typedef struct {
    char *LogLevel;
    char *RouterFile;
@@ -507,7 +486,7 @@ void circuit_free(circuit_t *circ);
 circuit_t *circuit_enumerate_by_naddr_nport(circuit_t *start, uint32_t naddr, uint16_t nport);
 circuit_t *circuit_get_by_aci_conn(aci_t aci, connection_t *conn);
 circuit_t *circuit_get_by_conn(connection_t *conn);
-circuit_t *circuit_get_newest_ap(void);
+circuit_t *circuit_get_newest_open(void);
 
 int circuit_deliver_relay_cell(cell_t *cell, circuit_t *circ,
                                int cell_direction, crypt_path_t *layer_hint);