search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Merge remote-tracking branch 'origin/maint-0.2.4'
[tor.git] / src / or / relay.c
blobdc234c1f2ad7a4e113107663772ec1ca543c5957
1 /* Copyright (c) 2001 Matej Pfajfar.
2 * Copyright (c) 2001-2004, Roger Dingledine.
3 * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson.
4 * Copyright (c) 2007-2013, The Tor Project, Inc. */
5 /* See LICENSE for licensing information */
6
7 /**
8 * \file relay.c
9 * \brief Handle relay cell encryption/decryption, plus packaging and
10 * receiving from circuits, plus queuing on circuits.
11 **/
12
13 #define RELAY_PRIVATE
14 #include "or.h"
15 #include "addressmap.h"
16 #include "buffers.h"
17 #include "channel.h"
18 #include "circpathbias.h"
19 #include "circuitbuild.h"
20 #include "circuitlist.h"
21 #include "circuituse.h"
22 #include "config.h"
23 #include "connection.h"
24 #include "connection_edge.h"
25 #include "connection_or.h"
26 #include "control.h"
27 #include "geoip.h"
28 #include "main.h"
29 #include "mempool.h"
30 #include "networkstatus.h"
31 #include "nodelist.h"
32 #include "onion.h"
33 #include "policies.h"
34 #include "reasons.h"
35 #include "relay.h"
36 #include "rendcommon.h"
37 #include "router.h"
38 #include "routerlist.h"
39 #include "routerparse.h"
40
41 static edge_connection_t *relay_lookup_conn(circuit_t *circ, cell_t *cell,
42 cell_direction_t cell_direction,
43 crypt_path_t *layer_hint);
44
45 static int connection_edge_process_relay_cell(cell_t *cell, circuit_t *circ,
46 edge_connection_t *conn,
47 crypt_path_t *layer_hint);
48 static void circuit_consider_sending_sendme(circuit_t *circ,
49 crypt_path_t *layer_hint);
50 static void circuit_resume_edge_reading(circuit_t *circ,
51 crypt_path_t *layer_hint);
52 static int circuit_resume_edge_reading_helper(edge_connection_t *conn,
53 circuit_t *circ,
54 crypt_path_t *layer_hint);
55 static int circuit_consider_stop_edge_reading(circuit_t *circ,
56 crypt_path_t *layer_hint);
57 static int circuit_queue_streams_are_blocked(circuit_t *circ);
58 static void adjust_exit_policy_from_exitpolicy_failure(origin_circuit_t *circ,
59 entry_connection_t *conn,
60 node_t *node,
61 const tor_addr_t *addr);
62 #if 0
63 static int get_max_middle_cells(void);
64 #endif
65
66 /** Stop reading on edge connections when we have this many cells
67 * waiting on the appropriate queue. */
68 #define CELL_QUEUE_HIGHWATER_SIZE 256
69 /** Start reading from edge connections again when we get down to this many
70 * cells. */
71 #define CELL_QUEUE_LOWWATER_SIZE 64
72
73 /** Stats: how many relay cells have originated at this hop, or have
74 * been relayed onward (not recognized at this hop)?
75 */
76 uint64_t stats_n_relay_cells_relayed = 0;
77 /** Stats: how many relay cells have been delivered to streams at this
78 * hop?
79 */
80 uint64_t stats_n_relay_cells_delivered = 0;
81
82 /** Used to tell which stream to read from first on a circuit. */
83 static tor_weak_rng_t stream_choice_rng = TOR_WEAK_RNG_INIT;
84
85 /** Update digest from the payload of cell. Assign integrity part to
86 * cell.
87 */
88 static void
89 relay_set_digest(crypto_digest_t *digest, cell_t *cell)
90 {
91 char integrity[4];
92 relay_header_t rh;
93
94 crypto_digest_add_bytes(digest, (char*)cell->payload, CELL_PAYLOAD_SIZE);
95 crypto_digest_get_digest(digest, integrity, 4);
96 // log_fn(LOG_DEBUG,"Putting digest of %u %u %u %u into relay cell.",
97 // integrity[0], integrity[1], integrity[2], integrity[3]);
98 relay_header_unpack(&rh, cell->payload);
99 memcpy(rh.integrity, integrity, 4);
100 relay_header_pack(cell->payload, &rh);
101 }
102
103 /** Does the digest for this circuit indicate that this cell is for us?
104 *
105 * Update digest from the payload of cell (with the integrity part set
106 * to 0). If the integrity part is valid, return 1, else restore digest
107 * and cell to their original state and return 0.
108 */
109 static int
110 relay_digest_matches(crypto_digest_t *digest, cell_t *cell)
111 {
112 char received_integrity[4], calculated_integrity[4];
113 relay_header_t rh;
114 crypto_digest_t *backup_digest=NULL;
115
116 backup_digest = crypto_digest_dup(digest);
117
118 relay_header_unpack(&rh, cell->payload);
119 memcpy(received_integrity, rh.integrity, 4);
120 memset(rh.integrity, 0, 4);
121 relay_header_pack(cell->payload, &rh);
122
123 // log_fn(LOG_DEBUG,"Reading digest of %u %u %u %u from relay cell.",
124 // received_integrity[0], received_integrity[1],
125 // received_integrity[2], received_integrity[3]);
126
127 crypto_digest_add_bytes(digest, (char*) cell->payload, CELL_PAYLOAD_SIZE);
128 crypto_digest_get_digest(digest, calculated_integrity, 4);
129
130 if (tor_memneq(received_integrity, calculated_integrity, 4)) {
131 // log_fn(LOG_INFO,"Recognized=0 but bad digest. Not recognizing.");
132 // (%d vs %d).", received_integrity, calculated_integrity);
133 /* restore digest to its old form */
134 crypto_digest_assign(digest, backup_digest);
135 /* restore the relay header */
136 memcpy(rh.integrity, received_integrity, 4);
137 relay_header_pack(cell->payload, &rh);
138 crypto_digest_free(backup_digest);
139 return 0;
140 }
141 crypto_digest_free(backup_digest);
142 return 1;
143 }
144
145 /** Apply <b>cipher</b> to CELL_PAYLOAD_SIZE bytes of <b>in</b>
146 * (in place).
147 *
148 * If <b>encrypt_mode</b> is 1 then encrypt, else decrypt.
149 *
150 * Return -1 if the crypto fails, else return 0.
151 */
152 static int
153 relay_crypt_one_payload(crypto_cipher_t *cipher, uint8_t *in,
154 int encrypt_mode)
155 {
156 int r;
157 (void)encrypt_mode;
158 r = crypto_cipher_crypt_inplace(cipher, (char*) in, CELL_PAYLOAD_SIZE);
159
160 if (r) {
161 log_warn(LD_BUG,"Error during relay encryption");
162 return -1;
163 }
164 return 0;
165 }
166
167 /** Receive a relay cell:
168 * - Crypt it (encrypt if headed toward the origin or if we <b>are</b> the
169 * origin; decrypt if we're headed toward the exit).
170 * - Check if recognized (if exitward).
171 * - If recognized and the digest checks out, then find if there's a stream
172 * that the cell is intended for, and deliver it to the right
173 * connection_edge.
174 * - If not recognized, then we need to relay it: append it to the appropriate
175 * cell_queue on <b>circ</b>.
176 *
177 * Return -<b>reason</b> on failure.
178 */
179 int
180 circuit_receive_relay_cell(cell_t *cell, circuit_t *circ,
181 cell_direction_t cell_direction)
182 {
183 channel_t *chan = NULL;
184 crypt_path_t *layer_hint=NULL;
185 char recognized=0;
186 int reason;
187
188 tor_assert(cell);
189 tor_assert(circ);
190 tor_assert(cell_direction == CELL_DIRECTION_OUT ||
191 cell_direction == CELL_DIRECTION_IN);
192 if (circ->marked_for_close)
193 return 0;
194
195 if (relay_crypt(circ, cell, cell_direction, &layer_hint, &recognized) < 0) {
196 log_warn(LD_BUG,"relay crypt failed. Dropping connection.");
197 return -END_CIRC_REASON_INTERNAL;
198 }
199
200 if (recognized) {
201 edge_connection_t *conn = NULL;
202
203 if (circ->purpose == CIRCUIT_PURPOSE_PATH_BIAS_TESTING) {
204 pathbias_check_probe_response(circ, cell);
205
206 /* We need to drop this cell no matter what to avoid code that expects
207 * a certain purpose (such as the hidserv code). */
208 return 0;
209 }
210
211 conn = relay_lookup_conn(circ, cell, cell_direction,
212 layer_hint);
213 if (cell_direction == CELL_DIRECTION_OUT) {
214 ++stats_n_relay_cells_delivered;
215 log_debug(LD_OR,"Sending away from origin.");
216 if ((reason=connection_edge_process_relay_cell(cell, circ, conn, NULL))
217 < 0) {
218 log_fn(LOG_PROTOCOL_WARN, LD_PROTOCOL,
219 "connection_edge_process_relay_cell (away from origin) "
220 "failed.");
221 return reason;
222 }
223 }
224 if (cell_direction == CELL_DIRECTION_IN) {
225 ++stats_n_relay_cells_delivered;
226 log_debug(LD_OR,"Sending to origin.");
227 if ((reason = connection_edge_process_relay_cell(cell, circ, conn,
228 layer_hint)) < 0) {
229 log_warn(LD_OR,
230 "connection_edge_process_relay_cell (at origin) failed.");
231 return reason;
232 }
233 }
234 return 0;
235 }
236
237 /* not recognized. pass it on. */
238 if (cell_direction == CELL_DIRECTION_OUT) {
239 cell->circ_id = circ->n_circ_id; /* switch it */
240 chan = circ->n_chan;
241 } else if (! CIRCUIT_IS_ORIGIN(circ)) {
242 cell->circ_id = TO_OR_CIRCUIT(circ)->p_circ_id; /* switch it */
243 chan = TO_OR_CIRCUIT(circ)->p_chan;
244 } else {
245 log_fn(LOG_PROTOCOL_WARN, LD_OR,
246 "Dropping unrecognized inbound cell on origin circuit.");
247 /* If we see unrecognized cells on path bias testing circs,
248 * it's bad mojo. Those circuits need to die.
249 * XXX: Shouldn't they always die? */
250 if (circ->purpose == CIRCUIT_PURPOSE_PATH_BIAS_TESTING) {
251 TO_ORIGIN_CIRCUIT(circ)->path_state = PATH_STATE_USE_FAILED;
252 return -END_CIRC_REASON_TORPROTOCOL;
253 } else {
254 return 0;
255 }
256 }
257
258 if (!chan) {
259 // XXXX Can this splice stuff be done more cleanly?
260 if (! CIRCUIT_IS_ORIGIN(circ) &&
261 TO_OR_CIRCUIT(circ)->rend_splice &&
262 cell_direction == CELL_DIRECTION_OUT) {
263 or_circuit_t *splice = TO_OR_CIRCUIT(circ)->rend_splice;
264 tor_assert(circ->purpose == CIRCUIT_PURPOSE_REND_ESTABLISHED);
265 tor_assert(splice->base_.purpose == CIRCUIT_PURPOSE_REND_ESTABLISHED);
266 cell->circ_id = splice->p_circ_id;
267 cell->command = CELL_RELAY; /* can't be relay_early anyway */
268 if ((reason = circuit_receive_relay_cell(cell, TO_CIRCUIT(splice),
269 CELL_DIRECTION_IN)) < 0) {
270 log_warn(LD_REND, "Error relaying cell across rendezvous; closing "
271 "circuits");
272 /* XXXX Do this here, or just return -1? */
273 circuit_mark_for_close(circ, -reason);
274 return reason;
275 }
276 return 0;
277 }
278 log_fn(LOG_PROTOCOL_WARN, LD_PROTOCOL,
279 "Didn't recognize cell, but circ stops here! Closing circ.");
280 return -END_CIRC_REASON_TORPROTOCOL;
281 }
282
283 log_debug(LD_OR,"Passing on unrecognized cell.");
284
285 ++stats_n_relay_cells_relayed; /* XXXX no longer quite accurate {cells}
286 * we might kill the circ before we relay
287 * the cells. */
288
289 append_cell_to_circuit_queue(circ, chan, cell, cell_direction, 0);
290 return 0;
291 }
292
293 /** Do the appropriate en/decryptions for <b>cell</b> arriving on
294 * <b>circ</b> in direction <b>cell_direction</b>.
295 *
296 * If cell_direction == CELL_DIRECTION_IN:
297 * - If we're at the origin (we're the OP), for hops 1..N,
298 * decrypt cell. If recognized, stop.
299 * - Else (we're not the OP), encrypt one hop. Cell is not recognized.
300 *
301 * If cell_direction == CELL_DIRECTION_OUT:
302 * - decrypt one hop. Check if recognized.
303 *
304 * If cell is recognized, set *recognized to 1, and set
305 * *layer_hint to the hop that recognized it.
306 *
307 * Return -1 to indicate that we should mark the circuit for close,
308 * else return 0.
309 */
310 int
311 relay_crypt(circuit_t *circ, cell_t *cell, cell_direction_t cell_direction,
312 crypt_path_t **layer_hint, char *recognized)
313 {
314 relay_header_t rh;
315
316 tor_assert(circ);
317 tor_assert(cell);
318 tor_assert(recognized);
319 tor_assert(cell_direction == CELL_DIRECTION_IN ||
320 cell_direction == CELL_DIRECTION_OUT);
321
322 if (cell_direction == CELL_DIRECTION_IN) {
323 if (CIRCUIT_IS_ORIGIN(circ)) { /* We're at the beginning of the circuit.
324 * We'll want to do layered decrypts. */
325 crypt_path_t *thishop, *cpath = TO_ORIGIN_CIRCUIT(circ)->cpath;
326 thishop = cpath;
327 if (thishop->state != CPATH_STATE_OPEN) {
328 log_fn(LOG_PROTOCOL_WARN, LD_PROTOCOL,
329 "Relay cell before first created cell? Closing.");
330 return -1;
331 }
332 do { /* Remember: cpath is in forward order, that is, first hop first. */
333 tor_assert(thishop);
334
335 if (relay_crypt_one_payload(thishop->b_crypto, cell->payload, 0) < 0)
336 return -1;
337
338 relay_header_unpack(&rh, cell->payload);
339 if (rh.recognized == 0) {
340 /* it's possibly recognized. have to check digest to be sure. */
341 if (relay_digest_matches(thishop->b_digest, cell)) {
342 *recognized = 1;
343 *layer_hint = thishop;
344 return 0;
345 }
346 }
347
348 thishop = thishop->next;
349 } while (thishop != cpath && thishop->state == CPATH_STATE_OPEN);
350 log_fn(LOG_PROTOCOL_WARN, LD_OR,
351 "Incoming cell at client not recognized. Closing.");
352 return -1;
353 } else { /* we're in the middle. Just one crypt. */
354 if (relay_crypt_one_payload(TO_OR_CIRCUIT(circ)->p_crypto,
355 cell->payload, 1) < 0)
356 return -1;
357 // log_fn(LOG_DEBUG,"Skipping recognized check, because we're not "
358 // "the client.");
359 }
360 } else /* cell_direction == CELL_DIRECTION_OUT */ {
361 /* we're in the middle. Just one crypt. */
362
363 if (relay_crypt_one_payload(TO_OR_CIRCUIT(circ)->n_crypto,
364 cell->payload, 0) < 0)
365 return -1;
366
367 relay_header_unpack(&rh, cell->payload);
368 if (rh.recognized == 0) {
369 /* it's possibly recognized. have to check digest to be sure. */
370 if (relay_digest_matches(TO_OR_CIRCUIT(circ)->n_digest, cell)) {
371 *recognized = 1;
372 return 0;
373 }
374 }
375 }
376 return 0;
377 }
378
379 /** Package a relay cell from an edge:
380 * - Encrypt it to the right layer
381 * - Append it to the appropriate cell_queue on <b>circ</b>.
382 */
383 static int
384 circuit_package_relay_cell(cell_t *cell, circuit_t *circ,
385 cell_direction_t cell_direction,
386 crypt_path_t *layer_hint, streamid_t on_stream,
387 const char *filename, int lineno)
388 {
389 channel_t *chan; /* where to send the cell */
390
391 if (cell_direction == CELL_DIRECTION_OUT) {
392 crypt_path_t *thishop; /* counter for repeated crypts */
393 chan = circ->n_chan;
394 if (!chan) {
395 log_warn(LD_BUG,"outgoing relay cell sent from %s:%d has n_chan==NULL."
396 " Dropping.", filename, lineno);
397 return 0; /* just drop it */
398 }
399 if (!CIRCUIT_IS_ORIGIN(circ)) {
400 log_warn(LD_BUG,"outgoing relay cell sent from %s:%d on non-origin "
401 "circ. Dropping.", filename, lineno);
402 return 0; /* just drop it */
403 }
404
405 relay_set_digest(layer_hint->f_digest, cell);
406
407 thishop = layer_hint;
408 /* moving from farthest to nearest hop */
409 do {
410 tor_assert(thishop);
411 /* XXXX RD This is a bug, right? */
412 log_debug(LD_OR,"crypting a layer of the relay cell.");
413 if (relay_crypt_one_payload(thishop->f_crypto, cell->payload, 1) < 0) {
414 return -1;
415 }
416
417 thishop = thishop->prev;
418 } while (thishop != TO_ORIGIN_CIRCUIT(circ)->cpath->prev);
419
420 } else { /* incoming cell */
421 or_circuit_t *or_circ;
422 if (CIRCUIT_IS_ORIGIN(circ)) {
423 /* We should never package an _incoming_ cell from the circuit
424 * origin; that means we messed up somewhere. */
425 log_warn(LD_BUG,"incoming relay cell at origin circuit. Dropping.");
426 assert_circuit_ok(circ);
427 return 0; /* just drop it */
428 }
429 or_circ = TO_OR_CIRCUIT(circ);
430 chan = or_circ->p_chan;
431 relay_set_digest(or_circ->p_digest, cell);
432 if (relay_crypt_one_payload(or_circ->p_crypto, cell->payload, 1) < 0)
433 return -1;
434 }
435 ++stats_n_relay_cells_relayed;
436
437 append_cell_to_circuit_queue(circ, chan, cell, cell_direction, on_stream);
438 return 0;
439 }
440
441 /** If cell's stream_id matches the stream_id of any conn that's
442 * attached to circ, return that conn, else return NULL.
443 */
444 static edge_connection_t *
445 relay_lookup_conn(circuit_t *circ, cell_t *cell,
446 cell_direction_t cell_direction, crypt_path_t *layer_hint)
447 {
448 edge_connection_t *tmpconn;
449 relay_header_t rh;
450
451 relay_header_unpack(&rh, cell->payload);
452
453 if (!rh.stream_id)
454 return NULL;
455
456 /* IN or OUT cells could have come from either direction, now
457 * that we allow rendezvous *to* an OP.
458 */
459
460 if (CIRCUIT_IS_ORIGIN(circ)) {
461 for (tmpconn = TO_ORIGIN_CIRCUIT(circ)->p_streams; tmpconn;
462 tmpconn=tmpconn->next_stream) {
463 if (rh.stream_id == tmpconn->stream_id &&
464 !tmpconn->base_.marked_for_close &&
465 tmpconn->cpath_layer == layer_hint) {
466 log_debug(LD_APP,"found conn for stream %d.", rh.stream_id);
467 return tmpconn;
468 }
469 }
470 } else {
471 for (tmpconn = TO_OR_CIRCUIT(circ)->n_streams; tmpconn;
472 tmpconn=tmpconn->next_stream) {
473 if (rh.stream_id == tmpconn->stream_id &&
474 !tmpconn->base_.marked_for_close) {
475 log_debug(LD_EXIT,"found conn for stream %d.", rh.stream_id);
476 if (cell_direction == CELL_DIRECTION_OUT ||
477 connection_edge_is_rendezvous_stream(tmpconn))
478 return tmpconn;
479 }
480 }
481 for (tmpconn = TO_OR_CIRCUIT(circ)->resolving_streams; tmpconn;
482 tmpconn=tmpconn->next_stream) {
483 if (rh.stream_id == tmpconn->stream_id &&
484 !tmpconn->base_.marked_for_close) {
485 log_debug(LD_EXIT,"found conn for stream %d.", rh.stream_id);
486 return tmpconn;
487 }
488 }
489 }
490 return NULL; /* probably a begin relay cell */
491 }
492
493 /** Pack the relay_header_t host-order structure <b>src</b> into
494 * network-order in the buffer <b>dest</b>. See tor-spec.txt for details
495 * about the wire format.
496 */
497 void
498 relay_header_pack(uint8_t *dest, const relay_header_t *src)
499 {
500 set_uint8(dest, src->command);
501 set_uint16(dest+1, htons(src->recognized));
502 set_uint16(dest+3, htons(src->stream_id));
503 memcpy(dest+5, src->integrity, 4);
504 set_uint16(dest+9, htons(src->length));
505 }
506
507 /** Unpack the network-order buffer <b>src</b> into a host-order
508 * relay_header_t structure <b>dest</b>.
509 */
510 void
511 relay_header_unpack(relay_header_t *dest, const uint8_t *src)
512 {
513 dest->command = get_uint8(src);
514 dest->recognized = ntohs(get_uint16(src+1));
515 dest->stream_id = ntohs(get_uint16(src+3));
516 memcpy(dest->integrity, src+5, 4);
517 dest->length = ntohs(get_uint16(src+9));
518 }
519
520 /** Convert the relay <b>command</b> into a human-readable string. */
521 static const char *
522 relay_command_to_string(uint8_t command)
523 {
524 switch (command) {
525 case RELAY_COMMAND_BEGIN: return "BEGIN";
526 case RELAY_COMMAND_DATA: return "DATA";
527 case RELAY_COMMAND_END: return "END";
528 case RELAY_COMMAND_CONNECTED: return "CONNECTED";
529 case RELAY_COMMAND_SENDME: return "SENDME";
530 case RELAY_COMMAND_EXTEND: return "EXTEND";
531 case RELAY_COMMAND_EXTENDED: return "EXTENDED";
532 case RELAY_COMMAND_TRUNCATE: return "TRUNCATE";
533 case RELAY_COMMAND_TRUNCATED: return "TRUNCATED";
534 case RELAY_COMMAND_DROP: return "DROP";
535 case RELAY_COMMAND_RESOLVE: return "RESOLVE";
536 case RELAY_COMMAND_RESOLVED: return "RESOLVED";
537 case RELAY_COMMAND_BEGIN_DIR: return "BEGIN_DIR";
538 case RELAY_COMMAND_ESTABLISH_INTRO: return "ESTABLISH_INTRO";
539 case RELAY_COMMAND_ESTABLISH_RENDEZVOUS: return "ESTABLISH_RENDEZVOUS";
540 case RELAY_COMMAND_INTRODUCE1: return "INTRODUCE1";
541 case RELAY_COMMAND_INTRODUCE2: return "INTRODUCE2";
542 case RELAY_COMMAND_RENDEZVOUS1: return "RENDEZVOUS1";
543 case RELAY_COMMAND_RENDEZVOUS2: return "RENDEZVOUS2";
544 case RELAY_COMMAND_INTRO_ESTABLISHED: return "INTRO_ESTABLISHED";
545 case RELAY_COMMAND_RENDEZVOUS_ESTABLISHED:
546 return "RENDEZVOUS_ESTABLISHED";
547 case RELAY_COMMAND_INTRODUCE_ACK: return "INTRODUCE_ACK";
548 default: return "(unrecognized)";
549 }
550 }
551
552 /** Make a relay cell out of <b>relay_command</b> and <b>payload</b>, and send
553 * it onto the open circuit <b>circ</b>. <b>stream_id</b> is the ID on
554 * <b>circ</b> for the stream that's sending the relay cell, or 0 if it's a
555 * control cell. <b>cpath_layer</b> is NULL for OR->OP cells, or the
556 * destination hop for OP->OR cells.
557 *
558 * If you can't send the cell, mark the circuit for close and return -1. Else
559 * return 0.
560 */
561 int
562 relay_send_command_from_edge_(streamid_t stream_id, circuit_t *circ,
563 uint8_t relay_command, const char *payload,
564 size_t payload_len, crypt_path_t *cpath_layer,
565 const char *filename, int lineno)
566 {
567 cell_t cell;
568 relay_header_t rh;
569 cell_direction_t cell_direction;
570 /* XXXX NM Split this function into a separate versions per circuit type? */
571
572 tor_assert(circ);
573 tor_assert(payload_len <= RELAY_PAYLOAD_SIZE);
574
575 memset(&cell, 0, sizeof(cell_t));
576 cell.command = CELL_RELAY;
577 if (cpath_layer) {
578 cell.circ_id = circ->n_circ_id;
579 cell_direction = CELL_DIRECTION_OUT;
580 } else if (! CIRCUIT_IS_ORIGIN(circ)) {
581 cell.circ_id = TO_OR_CIRCUIT(circ)->p_circ_id;
582 cell_direction = CELL_DIRECTION_IN;
583 } else {
584 return -1;
585 }
586
587 memset(&rh, 0, sizeof(rh));
588 rh.command = relay_command;
589 rh.stream_id = stream_id;
590 rh.length = payload_len;
591 relay_header_pack(cell.payload, &rh);
592 if (payload_len)
593 memcpy(cell.payload+RELAY_HEADER_SIZE, payload, payload_len);
594
595 log_debug(LD_OR,"delivering %d cell %s.", relay_command,
596 cell_direction == CELL_DIRECTION_OUT ? "forward" : "backward");
597
598 /* If we are sending an END cell and this circuit is used for a tunneled
599 * directory request, advance its state. */
600 if (relay_command == RELAY_COMMAND_END && circ->dirreq_id)
601 geoip_change_dirreq_state(circ->dirreq_id, DIRREQ_TUNNELED,
602 DIRREQ_END_CELL_SENT);
603
604 if (cell_direction == CELL_DIRECTION_OUT && circ->n_chan) {
605 /* if we're using relaybandwidthrate, this conn wants priority */
606 channel_timestamp_client(circ->n_chan);
607 }
608
609 if (cell_direction == CELL_DIRECTION_OUT) {
610 origin_circuit_t *origin_circ = TO_ORIGIN_CIRCUIT(circ);
611 if (origin_circ->remaining_relay_early_cells > 0 &&
612 (relay_command == RELAY_COMMAND_EXTEND ||
613 relay_command == RELAY_COMMAND_EXTEND2 ||
614 cpath_layer != origin_circ->cpath)) {
615 /* If we've got any relay_early cells left and (we're sending
616 * an extend cell or we're not talking to the first hop), use
617 * one of them. Don't worry about the conn protocol version:
618 * append_cell_to_circuit_queue will fix it up. */
619 cell.command = CELL_RELAY_EARLY;
620 --origin_circ->remaining_relay_early_cells;
621 log_debug(LD_OR, "Sending a RELAY_EARLY cell; %d remaining.",
622 (int)origin_circ->remaining_relay_early_cells);
623 /* Memorize the command that is sent as RELAY_EARLY cell; helps debug
624 * task 878. */
625 origin_circ->relay_early_commands[
626 origin_circ->relay_early_cells_sent++] = relay_command;
627 } else if (relay_command == RELAY_COMMAND_EXTEND ||
628 relay_command == RELAY_COMMAND_EXTEND2) {
629 /* If no RELAY_EARLY cells can be sent over this circuit, log which
630 * commands have been sent as RELAY_EARLY cells before; helps debug
631 * task 878. */
632 smartlist_t *commands_list = smartlist_new();
633 int i = 0;
634 char *commands = NULL;
635 for (; i < origin_circ->relay_early_cells_sent; i++)
636 smartlist_add(commands_list, (char *)
637 relay_command_to_string(origin_circ->relay_early_commands[i]));
638 commands = smartlist_join_strings(commands_list, ",", 0, NULL);
639 log_warn(LD_BUG, "Uh-oh. We're sending a RELAY_COMMAND_EXTEND cell, "
640 "but we have run out of RELAY_EARLY cells on that circuit. "
641 "Commands sent before: %s", commands);
642 tor_free(commands);
643 smartlist_free(commands_list);
644 }
645 }
646
647 if (circuit_package_relay_cell(&cell, circ, cell_direction, cpath_layer,
648 stream_id, filename, lineno) < 0) {
649 log_warn(LD_BUG,"circuit_package_relay_cell failed. Closing.");
650 circuit_mark_for_close(circ, END_CIRC_REASON_INTERNAL);
651 return -1;
652 }
653 return 0;
654 }
655
656 /** Make a relay cell out of <b>relay_command</b> and <b>payload</b>, and
657 * send it onto the open circuit <b>circ</b>. <b>fromconn</b> is the stream
658 * that's sending the relay cell, or NULL if it's a control cell.
659 * <b>cpath_layer</b> is NULL for OR->OP cells, or the destination hop
660 * for OP->OR cells.
661 *
662 * If you can't send the cell, mark the circuit for close and
663 * return -1. Else return 0.
664 */
665 int
666 connection_edge_send_command(edge_connection_t *fromconn,
667 uint8_t relay_command, const char *payload,
668 size_t payload_len)
669 {
670 /* XXXX NM Split this function into a separate versions per circuit type? */
671 circuit_t *circ;
672 crypt_path_t *cpath_layer = fromconn->cpath_layer;
673 tor_assert(fromconn);
674 circ = fromconn->on_circuit;
675
676 if (fromconn->base_.marked_for_close) {
677 log_warn(LD_BUG,
678 "called on conn that's already marked for close at %s:%d.",
679 fromconn->base_.marked_for_close_file,
680 fromconn->base_.marked_for_close);
681 return 0;
682 }
683
684 if (!circ) {
685 if (fromconn->base_.type == CONN_TYPE_AP) {
686 log_info(LD_APP,"no circ. Closing conn.");
687 connection_mark_unattached_ap(EDGE_TO_ENTRY_CONN(fromconn),
688 END_STREAM_REASON_INTERNAL);
689 } else {
690 log_info(LD_EXIT,"no circ. Closing conn.");
691 fromconn->edge_has_sent_end = 1; /* no circ to send to */
692 fromconn->end_reason = END_STREAM_REASON_INTERNAL;
693 connection_mark_for_close(TO_CONN(fromconn));
694 }
695 return -1;
696 }
697
698 return relay_send_command_from_edge(fromconn->stream_id, circ,
699 relay_command, payload,
700 payload_len, cpath_layer);
701 }
702
703 /** How many times will I retry a stream that fails due to DNS
704 * resolve failure or misc error?
705 */
706 #define MAX_RESOLVE_FAILURES 3
707
708 /** Return 1 if reason is something that you should retry if you
709 * get the end cell before you've connected; else return 0. */
710 static int
711 edge_reason_is_retriable(int reason)
712 {
713 return reason == END_STREAM_REASON_HIBERNATING ||
714 reason == END_STREAM_REASON_RESOURCELIMIT ||
715 reason == END_STREAM_REASON_EXITPOLICY ||
716 reason == END_STREAM_REASON_RESOLVEFAILED ||
717 reason == END_STREAM_REASON_MISC ||
718 reason == END_STREAM_REASON_NOROUTE;
719 }
720
721 /** Called when we receive an END cell on a stream that isn't open yet,
722 * from the client side.
723 * Arguments are as for connection_edge_process_relay_cell().
724 */
725 static int
726 connection_ap_process_end_not_open(
727 relay_header_t *rh, cell_t *cell, origin_circuit_t *circ,
728 entry_connection_t *conn, crypt_path_t *layer_hint)
729 {
730 node_t *exitrouter;
731 int reason = *(cell->payload+RELAY_HEADER_SIZE);
732 int control_reason;
733 edge_connection_t *edge_conn = ENTRY_TO_EDGE_CONN(conn);
734 (void) layer_hint; /* unused */
735
736 if (rh->length > 0) {
737 if (reason == END_STREAM_REASON_TORPROTOCOL ||
738 reason == END_STREAM_REASON_DESTROY) {
739 /* Both of these reasons could mean a failed tag
740 * hit the exit and it complained. Do not probe.
741 * Fail the circuit. */
742 circ->path_state = PATH_STATE_USE_FAILED;
743 return -END_CIRC_REASON_TORPROTOCOL;
744 } else if (reason == END_STREAM_REASON_INTERNAL) {
745 /* We can't infer success or failure, since older Tors report
746 * ENETUNREACH as END_STREAM_REASON_INTERNAL. */
747 } else {
748 /* Path bias: If we get a valid reason code from the exit,
749 * it wasn't due to tagging.
750 *
751 * We rely on recognized+digest being strong enough to make
752 * tags unlikely to allow us to get tagged, yet 'recognized'
753 * reason codes here. */
754 pathbias_mark_use_success(circ);
755 }
756 }
757
758 if (rh->length == 0) {
759 reason = END_STREAM_REASON_MISC;
760 }
761
762 control_reason = reason | END_STREAM_REASON_FLAG_REMOTE;
763
764 if (edge_reason_is_retriable(reason) &&
765 /* avoid retry if rend */
766 !connection_edge_is_rendezvous_stream(edge_conn)) {
767 const char *chosen_exit_digest =
768 circ->build_state->chosen_exit->identity_digest;
769 log_info(LD_APP,"Address '%s' refused due to '%s'. Considering retrying.",
770 safe_str(conn->socks_request->address),
771 stream_end_reason_to_string(reason));
772 exitrouter = node_get_mutable_by_id(chosen_exit_digest);
773 switch (reason) {
774 case END_STREAM_REASON_EXITPOLICY: {
775 tor_addr_t addr;
776 tor_addr_make_unspec(&addr);
777 if (rh->length >= 5) {
778 int ttl = -1;
779 tor_addr_make_unspec(&addr);
780 if (rh->length == 5 || rh->length == 9) {
781 tor_addr_from_ipv4n(&addr,
782 get_uint32(cell->payload+RELAY_HEADER_SIZE+1));
783 if (rh->length == 9)
784 ttl = (int)ntohl(get_uint32(cell->payload+RELAY_HEADER_SIZE+5));
785 } else if (rh->length == 17 || rh->length == 21) {
786 tor_addr_from_ipv6_bytes(&addr,
787 (char*)(cell->payload+RELAY_HEADER_SIZE+1));
788 if (rh->length == 21)
789 ttl = (int)ntohl(get_uint32(cell->payload+RELAY_HEADER_SIZE+17));
790 }
791 if (tor_addr_is_null(&addr)) {
792 log_info(LD_APP,"Address '%s' resolved to 0.0.0.0. Closing,",
793 safe_str(conn->socks_request->address));
794 connection_mark_unattached_ap(conn, END_STREAM_REASON_TORPROTOCOL);
795 return 0;
796 }
797
798 if ((tor_addr_family(&addr) == AF_INET && !conn->ipv4_traffic_ok) ||
799 (tor_addr_family(&addr) == AF_INET6 && !conn->ipv6_traffic_ok)) {
800 log_fn(LOG_PROTOCOL_WARN, LD_APP,
801 "Got an EXITPOLICY failure on a connection with a "
802 "mismatched family. Closing.");
803 connection_mark_unattached_ap(conn, END_STREAM_REASON_TORPROTOCOL);
804 return 0;
805 }
806 if (get_options()->ClientDNSRejectInternalAddresses &&
807 tor_addr_is_internal(&addr, 0)) {
808 log_info(LD_APP,"Address '%s' resolved to internal. Closing,",
809 safe_str(conn->socks_request->address));
810 connection_mark_unattached_ap(conn, END_STREAM_REASON_TORPROTOCOL);
811 return 0;
812 }
813
814 client_dns_set_addressmap(conn,
815 conn->socks_request->address, &addr,
816 conn->chosen_exit_name, ttl);
817
818 {
819 char new_addr[TOR_ADDR_BUF_LEN];
820 tor_addr_to_str(new_addr, &addr, sizeof(new_addr), 1);
821 if (strcmp(conn->socks_request->address, new_addr)) {
822 strlcpy(conn->socks_request->address, new_addr,
823 sizeof(conn->socks_request->address));
824 control_event_stream_status(conn, STREAM_EVENT_REMAP, 0);
825 }
826 }
827 }
828 /* check if he *ought* to have allowed it */
829
830 adjust_exit_policy_from_exitpolicy_failure(circ,
831 conn,
832 exitrouter,
833 &addr);
834
835 if (conn->chosen_exit_optional ||
836 conn->chosen_exit_retries) {
837 /* stop wanting a specific exit */
838 conn->chosen_exit_optional = 0;
839 /* A non-zero chosen_exit_retries can happen if we set a
840 * TrackHostExits for this address under a port that the exit
841 * relay allows, but then try the same address with a different
842 * port that it doesn't allow to exit. We shouldn't unregister
843 * the mapping, since it is probably still wanted on the
844 * original port. But now we give away to the exit relay that
845 * we probably have a TrackHostExits on it. So be it. */
846 conn->chosen_exit_retries = 0;
847 tor_free(conn->chosen_exit_name); /* clears it */
848 }
849 if (connection_ap_detach_retriable(conn, circ, control_reason) >= 0)
850 return 0;
851 /* else, conn will get closed below */
852 break;
853 }
854 case END_STREAM_REASON_CONNECTREFUSED:
855 if (!conn->chosen_exit_optional)
856 break; /* break means it'll close, below */
857 /* Else fall through: expire this circuit, clear the
858 * chosen_exit_name field, and try again. */
859 case END_STREAM_REASON_RESOLVEFAILED:
860 case END_STREAM_REASON_TIMEOUT:
861 case END_STREAM_REASON_MISC:
862 case END_STREAM_REASON_NOROUTE:
863 if (client_dns_incr_failures(conn->socks_request->address)
864 < MAX_RESOLVE_FAILURES) {
865 /* We haven't retried too many times; reattach the connection. */
866 circuit_log_path(LOG_INFO,LD_APP,circ);
867 /* Mark this circuit "unusable for new streams". */
868 mark_circuit_unusable_for_new_conns(circ);
869
870 if (conn->chosen_exit_optional) {
871 /* stop wanting a specific exit */
872 conn->chosen_exit_optional = 0;
873 tor_free(conn->chosen_exit_name); /* clears it */
874 }
875 if (connection_ap_detach_retriable(conn, circ, control_reason) >= 0)
876 return 0;
877 /* else, conn will get closed below */
878 } else {
879 log_notice(LD_APP,
880 "Have tried resolving or connecting to address '%s' "
881 "at %d different places. Giving up.",
882 safe_str(conn->socks_request->address),
883 MAX_RESOLVE_FAILURES);
884 /* clear the failures, so it will have a full try next time */
885 client_dns_clear_failures(conn->socks_request->address);
886 }
887 break;
888 case END_STREAM_REASON_HIBERNATING:
889 case END_STREAM_REASON_RESOURCELIMIT:
890 if (exitrouter) {
891 policies_set_node_exitpolicy_to_reject_all(exitrouter);
892 }
893 if (conn->chosen_exit_optional) {
894 /* stop wanting a specific exit */
895 conn->chosen_exit_optional = 0;
896 tor_free(conn->chosen_exit_name); /* clears it */
897 }
898 if (connection_ap_detach_retriable(conn, circ, control_reason) >= 0)
899 return 0;
900 /* else, will close below */
901 break;
902 } /* end switch */
903 log_info(LD_APP,"Giving up on retrying; conn can't be handled.");
904 }
905
906 log_info(LD_APP,
907 "Edge got end (%s) before we're connected. Marking for close.",
908 stream_end_reason_to_string(rh->length > 0 ? reason : -1));
909 circuit_log_path(LOG_INFO,LD_APP,circ);
910 /* need to test because of detach_retriable */
911 if (!ENTRY_TO_CONN(conn)->marked_for_close)
912 connection_mark_unattached_ap(conn, control_reason);
913 return 0;
914 }
915
916 /** Called when we have gotten an END_REASON_EXITPOLICY failure on <b>circ</b>
917 * for <b>conn</b>, while attempting to connect via <b>node</b>. If the node
918 * told us which address it rejected, then <b>addr</b> is that address;
919 * otherwise it is AF_UNSPEC.
920 *
921 * If we are sure the node should have allowed this address, mark the node as
922 * having a reject *:* exit policy. Otherwise, mark the circuit as unusable
923 * for this particular address.
924 **/
925 static void
926 adjust_exit_policy_from_exitpolicy_failure(origin_circuit_t *circ,
927 entry_connection_t *conn,
928 node_t *node,
929 const tor_addr_t *addr)
930 {
931 int make_reject_all = 0;
932 const sa_family_t family = tor_addr_family(addr);
933
934 if (node) {
935 tor_addr_t tmp;
936 int asked_for_family = tor_addr_parse(&tmp, conn->socks_request->address);
937 if (family == AF_UNSPEC) {
938 make_reject_all = 1;
939 } else if (node_exit_policy_is_exact(node, family) &&
940 asked_for_family != -1 && !conn->chosen_exit_name) {
941 make_reject_all = 1;
942 }
943
944 if (make_reject_all) {
945 log_info(LD_APP,
946 "Exitrouter %s seems to be more restrictive than its exit "
947 "policy. Not using this router as exit for now.",
948 node_describe(node));
949 policies_set_node_exitpolicy_to_reject_all(node);
950 }
951 }
952
953 if (family != AF_UNSPEC)
954 addr_policy_append_reject_addr(&circ->prepend_policy, addr);
955 }
956
957 /** Helper: change the socks_request-&gt;address field on conn to the
958 * dotted-quad representation of <b>new_addr</b>,
959 * and send an appropriate REMAP event. */
960 static void
961 remap_event_helper(entry_connection_t *conn, const tor_addr_t *new_addr)
962 {
963 tor_addr_to_str(conn->socks_request->address, new_addr,
964 sizeof(conn->socks_request->address),
965 1);
966 control_event_stream_status(conn, STREAM_EVENT_REMAP,
967 REMAP_STREAM_SOURCE_EXIT);
968 }
969
970 /** Extract the contents of a connected cell in <b>cell</b>, whose relay
971 * header has already been parsed into <b>rh</b>. On success, set
972 * <b>addr_out</b> to the address we're connected to, and <b>ttl_out</b> to
973 * the ttl of that address, in seconds, and return 0. On failure, return
974 * -1. */
975 STATIC int
976 connected_cell_parse(const relay_header_t *rh, const cell_t *cell,
977 tor_addr_t *addr_out, int *ttl_out)
978 {
979 uint32_t bytes;
980 const uint8_t *payload = cell->payload + RELAY_HEADER_SIZE;
981
982 tor_addr_make_unspec(addr_out);
983 *ttl_out = -1;
984 if (rh->length == 0)
985 return 0;
986 if (rh->length < 4)
987 return -1;
988 bytes = ntohl(get_uint32(payload));
989
990 /* If bytes is 0, this is maybe a v6 address. Otherwise it's a v4 address */
991 if (bytes != 0) {
992 /* v4 address */
993 tor_addr_from_ipv4h(addr_out, bytes);
994 if (rh->length >= 8) {
995 bytes = ntohl(get_uint32(payload + 4));
996 if (bytes <= INT32_MAX)
997 *ttl_out = bytes;
998 }
999 } else {
1000 if (rh->length < 25) /* 4 bytes of 0s, 1 addr, 16 ipv4, 4 ttl. */
1001 return -1;
1002 if (get_uint8(payload + 4) != 6)
1003 return -1;
1004 tor_addr_from_ipv6_bytes(addr_out, (char*)(payload + 5));
1005 bytes = ntohl(get_uint32(payload + 21));
1006 if (bytes <= INT32_MAX)
1007 *ttl_out = (int) bytes;
1008 }
1009 return 0;
1010 }
1011
1012 /** An incoming relay cell has arrived from circuit <b>circ</b> to
1013 * stream <b>conn</b>.
1014 *
1015 * The arguments here are the same as in
1016 * connection_edge_process_relay_cell() below; this function is called
1017 * from there when <b>conn</b> is defined and not in an open state.
1018 */
1019 static int
1020 connection_edge_process_relay_cell_not_open(
1021 relay_header_t *rh, cell_t *cell, circuit_t *circ,
1022 edge_connection_t *conn, crypt_path_t *layer_hint)
1023 {
1024 if (rh->command == RELAY_COMMAND_END) {
1025 if (CIRCUIT_IS_ORIGIN(circ) && conn->base_.type == CONN_TYPE_AP) {
1026 return connection_ap_process_end_not_open(rh, cell,
1027 TO_ORIGIN_CIRCUIT(circ),
1028 EDGE_TO_ENTRY_CONN(conn),
1029 layer_hint);
1030 } else {
1031 /* we just got an 'end', don't need to send one */
1032 conn->edge_has_sent_end = 1;
1033 conn->end_reason = *(cell->payload+RELAY_HEADER_SIZE) |
1034 END_STREAM_REASON_FLAG_REMOTE;
1035 connection_mark_for_close(TO_CONN(conn));
1036 return 0;
1037 }
1038 }
1039
1040 if (conn->base_.type == CONN_TYPE_AP &&
1041 rh->command == RELAY_COMMAND_CONNECTED) {
1042 tor_addr_t addr;
1043 int ttl;
1044 entry_connection_t *entry_conn = EDGE_TO_ENTRY_CONN(conn);
1045 tor_assert(CIRCUIT_IS_ORIGIN(circ));
1046 if (conn->base_.state != AP_CONN_STATE_CONNECT_WAIT) {
1047 log_fn(LOG_PROTOCOL_WARN, LD_APP,
1048 "Got 'connected' while not in state connect_wait. Dropping.");
1049 return 0;
1050 }
1051 conn->base_.state = AP_CONN_STATE_OPEN;
1052 log_info(LD_APP,"'connected' received after %d seconds.",
1053 (int)(time(NULL) - conn->base_.timestamp_lastread));
1054 if (connected_cell_parse(rh, cell, &addr, &ttl) < 0) {
1055 log_fn(LOG_PROTOCOL_WARN, LD_APP,
1056 "Got a badly formatted connected cell. Closing.");
1057 connection_edge_end(conn, END_STREAM_REASON_TORPROTOCOL);
1058 connection_mark_unattached_ap(entry_conn, END_STREAM_REASON_TORPROTOCOL);
1059 }
1060 if (tor_addr_family(&addr) != AF_UNSPEC) {
1061 const sa_family_t family = tor_addr_family(&addr);
1062 if (tor_addr_is_null(&addr) ||
1063 (get_options()->ClientDNSRejectInternalAddresses &&
1064 tor_addr_is_internal(&addr, 0))) {
1065 log_info(LD_APP, "...but it claims the IP address was %s. Closing.",
1066 fmt_addr(&addr));
1067 connection_edge_end(conn, END_STREAM_REASON_TORPROTOCOL);
1068 connection_mark_unattached_ap(entry_conn,
1069 END_STREAM_REASON_TORPROTOCOL);
1070 return 0;
1071 }
1072
1073 if ((family == AF_INET && ! entry_conn->ipv4_traffic_ok) ||
1074 (family == AF_INET6 && ! entry_conn->ipv6_traffic_ok)) {
1075 log_fn(LOG_PROTOCOL_WARN, LD_APP,
1076 "Got a connected cell to %s with unsupported address family."
1077 " Closing.", fmt_addr(&addr));
1078 connection_edge_end(conn, END_STREAM_REASON_TORPROTOCOL);
1079 connection_mark_unattached_ap(entry_conn,
1080 END_STREAM_REASON_TORPROTOCOL);
1081 return 0;
1082 }
1083
1084 client_dns_set_addressmap(entry_conn,
1085 entry_conn->socks_request->address, &addr,
1086 entry_conn->chosen_exit_name, ttl);
1087
1088 remap_event_helper(entry_conn, &addr);
1089 }
1090 circuit_log_path(LOG_INFO,LD_APP,TO_ORIGIN_CIRCUIT(circ));
1091 /* don't send a socks reply to transparent conns */
1092 tor_assert(entry_conn->socks_request != NULL);
1093 if (!entry_conn->socks_request->has_finished)
1094 connection_ap_handshake_socks_reply(entry_conn, NULL, 0, 0);
1095
1096 /* Was it a linked dir conn? If so, a dir request just started to
1097 * fetch something; this could be a bootstrap status milestone. */
1098 log_debug(LD_APP, "considering");
1099 if (TO_CONN(conn)->linked_conn &&
1100 TO_CONN(conn)->linked_conn->type == CONN_TYPE_DIR) {
1101 connection_t *dirconn = TO_CONN(conn)->linked_conn;
1102 log_debug(LD_APP, "it is! %d", dirconn->purpose);
1103 switch (dirconn->purpose) {
1104 case DIR_PURPOSE_FETCH_CERTIFICATE:
1105 if (consensus_is_waiting_for_certs())
1106 control_event_bootstrap(BOOTSTRAP_STATUS_LOADING_KEYS, 0);
1107 break;
1108 case DIR_PURPOSE_FETCH_CONSENSUS:
1109 control_event_bootstrap(BOOTSTRAP_STATUS_LOADING_STATUS, 0);
1110 break;
1111 case DIR_PURPOSE_FETCH_SERVERDESC:
1112 case DIR_PURPOSE_FETCH_MICRODESC:
1113 if (TO_DIR_CONN(dirconn)->router_purpose == ROUTER_PURPOSE_GENERAL)
1114 control_event_bootstrap(BOOTSTRAP_STATUS_LOADING_DESCRIPTORS,
1115 count_loading_descriptors_progress());
1116 break;
1117 }
1118 }
1119 /* This is definitely a success, so forget about any pending data we
1120 * had sent. */
1121 if (entry_conn->pending_optimistic_data) {
1122 generic_buffer_free(entry_conn->pending_optimistic_data);
1123 entry_conn->pending_optimistic_data = NULL;
1124 }
1125
1126 /* handle anything that might have queued */
1127 if (connection_edge_package_raw_inbuf(conn, 1, NULL) < 0) {
1128 /* (We already sent an end cell if possible) */
1129 connection_mark_for_close(TO_CONN(conn));
1130 return 0;
1131 }
1132 return 0;
1133 }
1134 if (conn->base_.type == CONN_TYPE_AP &&
1135 rh->command == RELAY_COMMAND_RESOLVED) {
1136 int ttl;
1137 int answer_len;
1138 uint8_t answer_type;
1139 entry_connection_t *entry_conn = EDGE_TO_ENTRY_CONN(conn);
1140 if (conn->base_.state != AP_CONN_STATE_RESOLVE_WAIT) {
1141 log_fn(LOG_PROTOCOL_WARN, LD_APP, "Got a 'resolved' cell while "
1142 "not in state resolve_wait. Dropping.");
1143 return 0;
1144 }
1145 tor_assert(SOCKS_COMMAND_IS_RESOLVE(entry_conn->socks_request->command));
1146 answer_len = cell->payload[RELAY_HEADER_SIZE+1];
1147 if (rh->length < 2 || answer_len+2>rh->length) {
1148 log_fn(LOG_PROTOCOL_WARN, LD_PROTOCOL,
1149 "Dropping malformed 'resolved' cell");
1150 connection_mark_unattached_ap(entry_conn, END_STREAM_REASON_TORPROTOCOL);
1151 return 0;
1152 }
1153 answer_type = cell->payload[RELAY_HEADER_SIZE];
1154 if (rh->length >= answer_len+6)
1155 ttl = (int)ntohl(get_uint32(cell->payload+RELAY_HEADER_SIZE+
1156 2+answer_len));
1157 else
1158 ttl = -1;
1159 if (answer_type == RESOLVED_TYPE_IPV4 ||
1160 answer_type == RESOLVED_TYPE_IPV6) {
1161 tor_addr_t addr;
1162 if (decode_address_from_payload(&addr, cell->payload+RELAY_HEADER_SIZE,
1163 rh->length) &&
1164 tor_addr_is_internal(&addr, 0) &&
1165 get_options()->ClientDNSRejectInternalAddresses) {
1166 log_info(LD_APP,"Got a resolve with answer %s. Rejecting.",
1167 fmt_addr(&addr));
1168 connection_ap_handshake_socks_resolved(entry_conn,
1169 RESOLVED_TYPE_ERROR_TRANSIENT,
1170 0, NULL, 0, TIME_MAX);
1171 connection_mark_unattached_ap(entry_conn,
1172 END_STREAM_REASON_TORPROTOCOL);
1173 return 0;
1174 }
1175 }
1176 connection_ap_handshake_socks_resolved(entry_conn,
1177 answer_type,
1178 cell->payload[RELAY_HEADER_SIZE+1], /*answer_len*/
1179 cell->payload+RELAY_HEADER_SIZE+2, /*answer*/
1180 ttl,
1181 -1);
1182 if (answer_type == RESOLVED_TYPE_IPV4 && answer_len == 4) {
1183 tor_addr_t addr;
1184 tor_addr_from_ipv4n(&addr,
1185 get_uint32(cell->payload+RELAY_HEADER_SIZE+2));
1186 remap_event_helper(entry_conn, &addr);
1187 } else if (answer_type == RESOLVED_TYPE_IPV6 && answer_len == 16) {
1188 tor_addr_t addr;
1189 tor_addr_from_ipv6_bytes(&addr,
1190 (char*)(cell->payload+RELAY_HEADER_SIZE+2));
1191 remap_event_helper(entry_conn, &addr);
1192 }
1193 connection_mark_unattached_ap(entry_conn,
1194 END_STREAM_REASON_DONE |
1195 END_STREAM_REASON_FLAG_ALREADY_SOCKS_REPLIED);
1196 return 0;
1197 }
1198
1199 log_fn(LOG_PROTOCOL_WARN, LD_PROTOCOL,
1200 "Got an unexpected relay command %d, in state %d (%s). Dropping.",
1201 rh->command, conn->base_.state,
1202 conn_state_to_string(conn->base_.type, conn->base_.state));
1203 return 0; /* for forward compatibility, don't kill the circuit */
1204 // connection_edge_end(conn, END_STREAM_REASON_TORPROTOCOL);
1205 // connection_mark_for_close(conn);
1206 // return -1;
1207 }
1208
1209 /** An incoming relay cell has arrived on circuit <b>circ</b>. If
1210 * <b>conn</b> is NULL this is a control cell, else <b>cell</b> is
1211 * destined for <b>conn</b>.
1212 *
1213 * If <b>layer_hint</b> is defined, then we're the origin of the
1214 * circuit, and it specifies the hop that packaged <b>cell</b>.
1215 *
1216 * Return -reason if you want to warn and tear down the circuit, else 0.
1217 */
1218 static int
1219 connection_edge_process_relay_cell(cell_t *cell, circuit_t *circ,
1220 edge_connection_t *conn,
1221 crypt_path_t *layer_hint)
1222 {
1223 static int num_seen=0;
1224 relay_header_t rh;
1225 unsigned domain = layer_hint?LD_APP:LD_EXIT;
1226 int reason;
1227 int optimistic_data = 0; /* Set to 1 if we receive data on a stream
1228 * that's in the EXIT_CONN_STATE_RESOLVING
1229 * or EXIT_CONN_STATE_CONNECTING states. */
1230
1231 tor_assert(cell);
1232 tor_assert(circ);
1233
1234 relay_header_unpack(&rh, cell->payload);
1235 // log_fn(LOG_DEBUG,"command %d stream %d", rh.command, rh.stream_id);
1236 num_seen++;
1237 log_debug(domain, "Now seen %d relay cells here (command %d, stream %d).",
1238 num_seen, rh.command, rh.stream_id);
1239
1240 if (rh.length > RELAY_PAYLOAD_SIZE) {
1241 log_fn(LOG_PROTOCOL_WARN, LD_PROTOCOL,
1242 "Relay cell length field too long. Closing circuit.");
1243 return - END_CIRC_REASON_TORPROTOCOL;
1244 }
1245
1246 if (rh.stream_id == 0) {
1247 switch (rh.command) {
1248 case RELAY_COMMAND_BEGIN:
1249 case RELAY_COMMAND_CONNECTED:
1250 case RELAY_COMMAND_DATA:
1251 case RELAY_COMMAND_END:
1252 case RELAY_COMMAND_RESOLVE:
1253 case RELAY_COMMAND_RESOLVED:
1254 case RELAY_COMMAND_BEGIN_DIR:
1255 log_fn(LOG_PROTOCOL_WARN, LD_PROTOCOL, "Relay command %d with zero "
1256 "stream_id. Dropping.", (int)rh.command);
1257 return 0;
1258 default:
1259 ;
1260 }
1261 }
1262
1263 /* either conn is NULL, in which case we've got a control cell, or else
1264 * conn points to the recognized stream. */
1265
1266 if (conn && !connection_state_is_open(TO_CONN(conn))) {
1267 if (conn->base_.type == CONN_TYPE_EXIT &&
1268 (conn->base_.state == EXIT_CONN_STATE_CONNECTING ||
1269 conn->base_.state == EXIT_CONN_STATE_RESOLVING) &&
1270 rh.command == RELAY_COMMAND_DATA) {
1271 /* Allow DATA cells to be delivered to an exit node in state
1272 * EXIT_CONN_STATE_CONNECTING or EXIT_CONN_STATE_RESOLVING.
1273 * This speeds up HTTP, for example. */
1274 optimistic_data = 1;
1275 } else {
1276 return connection_edge_process_relay_cell_not_open(
1277 &rh, cell, circ, conn, layer_hint);
1278 }
1279 }
1280
1281 switch (rh.command) {
1282 case RELAY_COMMAND_DROP:
1283 // log_info(domain,"Got a relay-level padding cell. Dropping.");
1284 return 0;
1285 case RELAY_COMMAND_BEGIN:
1286 case RELAY_COMMAND_BEGIN_DIR:
1287 if (layer_hint &&
1288 circ->purpose != CIRCUIT_PURPOSE_S_REND_JOINED) {
1289 log_fn(LOG_PROTOCOL_WARN, LD_APP,
1290 "Relay begin request unsupported at AP. Dropping.");
1291 return 0;
1292 }
1293 if (circ->purpose == CIRCUIT_PURPOSE_S_REND_JOINED &&
1294 layer_hint != TO_ORIGIN_CIRCUIT(circ)->cpath->prev) {
1295 log_fn(LOG_PROTOCOL_WARN, LD_APP,
1296 "Relay begin request to Hidden Service "
1297 "from intermediary node. Dropping.");
1298 return 0;
1299 }
1300 if (conn) {
1301 log_fn(LOG_PROTOCOL_WARN, domain,
1302 "Begin cell for known stream. Dropping.");
1303 return 0;
1304 }
1305 if (rh.command == RELAY_COMMAND_BEGIN_DIR) {
1306 /* Assign this circuit and its app-ward OR connection a unique ID,
1307 * so that we can measure download times. The local edge and dir
1308 * connection will be assigned the same ID when they are created
1309 * and linked. */
1310 static uint64_t next_id = 0;
1311 circ->dirreq_id = ++next_id;
1312 TO_OR_CIRCUIT(circ)->p_chan->dirreq_id = circ->dirreq_id;
1313 }
1314
1315 return connection_exit_begin_conn(cell, circ);
1316 case RELAY_COMMAND_DATA:
1317 ++stats_n_data_cells_received;
1318 if (( layer_hint && --layer_hint->deliver_window < 0) ||
1319 (!layer_hint && --circ->deliver_window < 0)) {
1320 log_fn(LOG_PROTOCOL_WARN, LD_PROTOCOL,
1321 "(relay data) circ deliver_window below 0. Killing.");
1322 if (conn) {
1323 /* XXXX Do we actually need to do this? Will killing the circuit
1324 * not send an END and mark the stream for close as appropriate? */
1325 connection_edge_end(conn, END_STREAM_REASON_TORPROTOCOL);
1326 connection_mark_for_close(TO_CONN(conn));
1327 }
1328 return -END_CIRC_REASON_TORPROTOCOL;
1329 }
1330 log_debug(domain,"circ deliver_window now %d.", layer_hint ?
1331 layer_hint->deliver_window : circ->deliver_window);
1332
1333 circuit_consider_sending_sendme(circ, layer_hint);
1334
1335 if (!conn) {
1336 log_info(domain,"data cell dropped, unknown stream (streamid %d).",
1337 rh.stream_id);
1338 return 0;
1339 }
1340
1341 if (--conn->deliver_window < 0) { /* is it below 0 after decrement? */
1342 log_fn(LOG_PROTOCOL_WARN, LD_PROTOCOL,
1343 "(relay data) conn deliver_window below 0. Killing.");
1344 return -END_CIRC_REASON_TORPROTOCOL;
1345 }
1346
1347 stats_n_data_bytes_received += rh.length;
1348 connection_write_to_buf((char*)(cell->payload + RELAY_HEADER_SIZE),
1349 rh.length, TO_CONN(conn));
1350
1351 if (!optimistic_data) {
1352 /* Only send a SENDME if we're not getting optimistic data; otherwise
1353 * a SENDME could arrive before the CONNECTED.
1354 */
1355 connection_edge_consider_sending_sendme(conn);
1356 }
1357
1358 return 0;
1359 case RELAY_COMMAND_END:
1360 reason = rh.length > 0 ?
1361 get_uint8(cell->payload+RELAY_HEADER_SIZE) : END_STREAM_REASON_MISC;
1362 if (!conn) {
1363 log_info(domain,"end cell (%s) dropped, unknown stream.",
1364 stream_end_reason_to_string(reason));
1365 return 0;
1366 }
1367 /* XXX add to this log_fn the exit node's nickname? */
1368 log_info(domain,TOR_SOCKET_T_FORMAT": end cell (%s) for stream %d. "
1369 "Removing stream.",
1370 conn->base_.s,
1371 stream_end_reason_to_string(reason),
1372 conn->stream_id);
1373 if (conn->base_.type == CONN_TYPE_AP) {
1374 entry_connection_t *entry_conn = EDGE_TO_ENTRY_CONN(conn);
1375 if (entry_conn->socks_request &&
1376 !entry_conn->socks_request->has_finished)
1377 log_warn(LD_BUG,
1378 "open stream hasn't sent socks answer yet? Closing.");
1379 }
1380 /* We just *got* an end; no reason to send one. */
1381 conn->edge_has_sent_end = 1;
1382 if (!conn->end_reason)
1383 conn->end_reason = reason | END_STREAM_REASON_FLAG_REMOTE;
1384 if (!conn->base_.marked_for_close) {
1385 /* only mark it if not already marked. it's possible to
1386 * get the 'end' right around when the client hangs up on us. */
1387 connection_mark_and_flush(TO_CONN(conn));
1388 }
1389 return 0;
1390 case RELAY_COMMAND_EXTEND:
1391 case RELAY_COMMAND_EXTEND2: {
1392 static uint64_t total_n_extend=0, total_nonearly=0;
1393 total_n_extend++;
1394 if (rh.stream_id) {
1395 log_fn(LOG_PROTOCOL_WARN, domain,
1396 "'extend' cell received for non-zero stream. Dropping.");
1397 return 0;
1398 }
1399 if (cell->command != CELL_RELAY_EARLY &&
1400 !networkstatus_get_param(NULL,"AllowNonearlyExtend",0,0,1)) {
1401 #define EARLY_WARNING_INTERVAL 3600
1402 static ratelim_t early_warning_limit =
1403 RATELIM_INIT(EARLY_WARNING_INTERVAL);
1404 char *m;
1405 if (cell->command == CELL_RELAY) {
1406 ++total_nonearly;
1407 if ((m = rate_limit_log(&early_warning_limit, approx_time()))) {
1408 double percentage = ((double)total_nonearly)/total_n_extend;
1409 percentage *= 100;
1410 log_fn(LOG_PROTOCOL_WARN, domain, "EXTEND cell received, "
1411 "but not via RELAY_EARLY. Dropping.%s", m);
1412 log_fn(LOG_PROTOCOL_WARN, domain, " (We have dropped %.02f%% of "
1413 "all EXTEND cells for this reason)", percentage);
1414 tor_free(m);
1415 }
1416 } else {
1417 log_fn(LOG_WARN, domain,
1418 "EXTEND cell received, in a cell with type %d! Dropping.",
1419 cell->command);
1420 }
1421 return 0;
1422 }
1423 return circuit_extend(cell, circ);
1424 }
1425 case RELAY_COMMAND_EXTENDED:
1426 case RELAY_COMMAND_EXTENDED2:
1427 if (!layer_hint) {
1428 log_fn(LOG_PROTOCOL_WARN, LD_PROTOCOL,
1429 "'extended' unsupported at non-origin. Dropping.");
1430 return 0;
1431 }
1432 log_debug(domain,"Got an extended cell! Yay.");
1433 {
1434 extended_cell_t extended_cell;
1435 if (extended_cell_parse(&extended_cell, rh.command,
1436 (const uint8_t*)cell->payload+RELAY_HEADER_SIZE,
1437 rh.length)<0) {
1438 log_warn(LD_PROTOCOL,
1439 "Can't parse EXTENDED cell; killing circuit.");
1440 return -END_CIRC_REASON_TORPROTOCOL;
1441 }
1442 if ((reason = circuit_finish_handshake(TO_ORIGIN_CIRCUIT(circ),
1443 &extended_cell.created_cell)) < 0) {
1444 log_warn(domain,"circuit_finish_handshake failed.");
1445 return reason;
1446 }
1447 }
1448 if ((reason=circuit_send_next_onion_skin(TO_ORIGIN_CIRCUIT(circ)))<0) {
1449 log_info(domain,"circuit_send_next_onion_skin() failed.");
1450 return reason;
1451 }
1452 return 0;
1453 case RELAY_COMMAND_TRUNCATE:
1454 if (layer_hint) {
1455 log_fn(LOG_PROTOCOL_WARN, LD_APP,
1456 "'truncate' unsupported at origin. Dropping.");
1457 return 0;
1458 }
1459 if (circ->n_hop) {
1460 if (circ->n_chan)
1461 log_warn(LD_BUG, "n_chan and n_hop set on the same circuit!");
1462 extend_info_free(circ->n_hop);
1463 circ->n_hop = NULL;
1464 tor_free(circ->n_chan_create_cell);
1465 circuit_set_state(circ, CIRCUIT_STATE_OPEN);
1466 }
1467 if (circ->n_chan) {
1468 uint8_t trunc_reason = get_uint8(cell->payload + RELAY_HEADER_SIZE);
1469 circuit_clear_cell_queue(circ, circ->n_chan);
1470 channel_send_destroy(circ->n_circ_id, circ->n_chan,
1471 trunc_reason);
1472 circuit_set_n_circid_chan(circ, 0, NULL);
1473 }
1474 log_debug(LD_EXIT, "Processed 'truncate', replying.");
1475 {
1476 char payload[1];
1477 payload[0] = (char)END_CIRC_REASON_REQUESTED;
1478 relay_send_command_from_edge(0, circ, RELAY_COMMAND_TRUNCATED,
1479 payload, sizeof(payload), NULL);
1480 }
1481 return 0;
1482 case RELAY_COMMAND_TRUNCATED:
1483 if (!layer_hint) {
1484 log_fn(LOG_PROTOCOL_WARN, LD_EXIT,
1485 "'truncated' unsupported at non-origin. Dropping.");
1486 return 0;
1487 }
1488 circuit_truncated(TO_ORIGIN_CIRCUIT(circ), layer_hint,
1489 get_uint8(cell->payload + RELAY_HEADER_SIZE));
1490 return 0;
1491 case RELAY_COMMAND_CONNECTED:
1492 if (conn) {
1493 log_fn(LOG_PROTOCOL_WARN, LD_PROTOCOL,
1494 "'connected' unsupported while open. Closing circ.");
1495 return -END_CIRC_REASON_TORPROTOCOL;
1496 }
1497 log_info(domain,
1498 "'connected' received, no conn attached anymore. Ignoring.");
1499 return 0;
1500 case RELAY_COMMAND_SENDME:
1501 if (!rh.stream_id) {
1502 if (layer_hint) {
1503 if (layer_hint->package_window + CIRCWINDOW_INCREMENT >
1504 CIRCWINDOW_START_MAX) {
1505 static struct ratelim_t exit_warn_ratelim = RATELIM_INIT(600);
1506 log_fn_ratelim(&exit_warn_ratelim, LOG_WARN, LD_PROTOCOL,
1507 "Unexpected sendme cell from exit relay. "
1508 "Closing circ.");
1509 return -END_CIRC_REASON_TORPROTOCOL;
1510 }
1511 layer_hint->package_window += CIRCWINDOW_INCREMENT;
1512 log_debug(LD_APP,"circ-level sendme at origin, packagewindow %d.",
1513 layer_hint->package_window);
1514 circuit_resume_edge_reading(circ, layer_hint);
1515 } else {
1516 if (circ->package_window + CIRCWINDOW_INCREMENT >
1517 CIRCWINDOW_START_MAX) {
1518 static struct ratelim_t client_warn_ratelim = RATELIM_INIT(600);
1519 log_fn_ratelim(&client_warn_ratelim, LOG_WARN, LD_PROTOCOL,
1520 "Unexpected sendme cell from client. "
1521 "Closing circ (window %d).",
1522 circ->package_window);
1523 return -END_CIRC_REASON_TORPROTOCOL;
1524 }
1525 circ->package_window += CIRCWINDOW_INCREMENT;
1526 log_debug(LD_APP,
1527 "circ-level sendme at non-origin, packagewindow %d.",
1528 circ->package_window);
1529 circuit_resume_edge_reading(circ, layer_hint);
1530 }
1531 return 0;
1532 }
1533 if (!conn) {
1534 log_info(domain,"sendme cell dropped, unknown stream (streamid %d).",
1535 rh.stream_id);
1536 return 0;
1537 }
1538 conn->package_window += STREAMWINDOW_INCREMENT;
1539 log_debug(domain,"stream-level sendme, packagewindow now %d.",
1540 conn->package_window);
1541 if (circuit_queue_streams_are_blocked(circ)) {
1542 /* Still waiting for queue to flush; don't touch conn */
1543 return 0;
1544 }
1545 connection_start_reading(TO_CONN(conn));
1546 /* handle whatever might still be on the inbuf */
1547 if (connection_edge_package_raw_inbuf(conn, 1, NULL) < 0) {
1548 /* (We already sent an end cell if possible) */
1549 connection_mark_for_close(TO_CONN(conn));
1550 return 0;
1551 }
1552 return 0;
1553 case RELAY_COMMAND_RESOLVE:
1554 if (layer_hint) {
1555 log_fn(LOG_PROTOCOL_WARN, LD_APP,
1556 "resolve request unsupported at AP; dropping.");
1557 return 0;
1558 } else if (conn) {
1559 log_fn(LOG_PROTOCOL_WARN, domain,
1560 "resolve request for known stream; dropping.");
1561 return 0;
1562 } else if (circ->purpose != CIRCUIT_PURPOSE_OR) {
1563 log_fn(LOG_PROTOCOL_WARN, domain,
1564 "resolve request on circ with purpose %d; dropping",
1565 circ->purpose);
1566 return 0;
1567 }
1568 connection_exit_begin_resolve(cell, TO_OR_CIRCUIT(circ));
1569 return 0;
1570 case RELAY_COMMAND_RESOLVED:
1571 if (conn) {
1572 log_fn(LOG_PROTOCOL_WARN, domain,
1573 "'resolved' unsupported while open. Closing circ.");
1574 return -END_CIRC_REASON_TORPROTOCOL;
1575 }
1576 log_info(domain,
1577 "'resolved' received, no conn attached anymore. Ignoring.");
1578 return 0;
1579 case RELAY_COMMAND_ESTABLISH_INTRO:
1580 case RELAY_COMMAND_ESTABLISH_RENDEZVOUS:
1581 case RELAY_COMMAND_INTRODUCE1:
1582 case RELAY_COMMAND_INTRODUCE2:
1583 case RELAY_COMMAND_INTRODUCE_ACK:
1584 case RELAY_COMMAND_RENDEZVOUS1:
1585 case RELAY_COMMAND_RENDEZVOUS2:
1586 case RELAY_COMMAND_INTRO_ESTABLISHED:
1587 case RELAY_COMMAND_RENDEZVOUS_ESTABLISHED:
1588 rend_process_relay_cell(circ, layer_hint,
1589 rh.command, rh.length,
1590 cell->payload+RELAY_HEADER_SIZE);
1591 return 0;
1592 }
1593 log_fn(LOG_PROTOCOL_WARN, LD_PROTOCOL,
1594 "Received unknown relay command %d. Perhaps the other side is using "
1595 "a newer version of Tor? Dropping.",
1596 rh.command);
1597 return 0; /* for forward compatibility, don't kill the circuit */
1598 }
1599
1600 /** How many relay_data cells have we built, ever? */
1601 uint64_t stats_n_data_cells_packaged = 0;
1602 /** How many bytes of data have we put in relay_data cells have we built,
1603 * ever? This would be RELAY_PAYLOAD_SIZE*stats_n_data_cells_packaged if
1604 * every relay cell we ever sent were completely full of data. */
1605 uint64_t stats_n_data_bytes_packaged = 0;
1606 /** How many relay_data cells have we received, ever? */
1607 uint64_t stats_n_data_cells_received = 0;
1608 /** How many bytes of data have we received relay_data cells, ever? This would
1609 * be RELAY_PAYLOAD_SIZE*stats_n_data_cells_packaged if every relay cell we
1610 * ever received were completely full of data. */
1611 uint64_t stats_n_data_bytes_received = 0;
1612
1613 /** If <b>conn</b> has an entire relay payload of bytes on its inbuf (or
1614 * <b>package_partial</b> is true), and the appropriate package windows aren't
1615 * empty, grab a cell and send it down the circuit.
1616 *
1617 * If *<b>max_cells</b> is given, package no more than max_cells. Decrement
1618 * *<b>max_cells</b> by the number of cells packaged.
1619 *
1620 * Return -1 (and send a RELAY_COMMAND_END cell if necessary) if conn should
1621 * be marked for close, else return 0.
1622 */
1623 int
1624 connection_edge_package_raw_inbuf(edge_connection_t *conn, int package_partial,
1625 int *max_cells)
1626 {
1627 size_t bytes_to_process, length;
1628 char payload[CELL_PAYLOAD_SIZE];
1629 circuit_t *circ;
1630 const unsigned domain = conn->base_.type == CONN_TYPE_AP ? LD_APP : LD_EXIT;
1631 int sending_from_optimistic = 0;
1632 entry_connection_t *entry_conn =
1633 conn->base_.type == CONN_TYPE_AP ? EDGE_TO_ENTRY_CONN(conn) : NULL;
1634 const int sending_optimistically =
1635 entry_conn &&
1636 conn->base_.type == CONN_TYPE_AP &&
1637 conn->base_.state != AP_CONN_STATE_OPEN;
1638 crypt_path_t *cpath_layer = conn->cpath_layer;
1639
1640 tor_assert(conn);
1641
1642 if (conn->base_.marked_for_close) {
1643 log_warn(LD_BUG,
1644 "called on conn that's already marked for close at %s:%d.",
1645 conn->base_.marked_for_close_file, conn->base_.marked_for_close);
1646 return 0;
1647 }
1648
1649 if (max_cells && *max_cells <= 0)
1650 return 0;
1651
1652 repeat_connection_edge_package_raw_inbuf:
1653
1654 circ = circuit_get_by_edge_conn(conn);
1655 if (!circ) {
1656 log_info(domain,"conn has no circuit! Closing.");
1657 conn->end_reason = END_STREAM_REASON_CANT_ATTACH;
1658 return -1;
1659 }
1660
1661 if (circuit_consider_stop_edge_reading(circ, cpath_layer))
1662 return 0;
1663
1664 if (conn->package_window <= 0) {
1665 log_info(domain,"called with package_window %d. Skipping.",
1666 conn->package_window);
1667 connection_stop_reading(TO_CONN(conn));
1668 return 0;
1669 }
1670
1671 sending_from_optimistic = entry_conn &&
1672 entry_conn->sending_optimistic_data != NULL;
1673
1674 if (PREDICT_UNLIKELY(sending_from_optimistic)) {
1675 bytes_to_process = generic_buffer_len(entry_conn->sending_optimistic_data);
1676 if (PREDICT_UNLIKELY(!bytes_to_process)) {
1677 log_warn(LD_BUG, "sending_optimistic_data was non-NULL but empty");
1678 bytes_to_process = connection_get_inbuf_len(TO_CONN(conn));
1679 sending_from_optimistic = 0;
1680 }
1681 } else {
1682 bytes_to_process = connection_get_inbuf_len(TO_CONN(conn));
1683 }
1684
1685 if (!bytes_to_process)
1686 return 0;
1687
1688 if (!package_partial && bytes_to_process < RELAY_PAYLOAD_SIZE)
1689 return 0;
1690
1691 if (bytes_to_process > RELAY_PAYLOAD_SIZE) {
1692 length = RELAY_PAYLOAD_SIZE;
1693 } else {
1694 length = bytes_to_process;
1695 }
1696 stats_n_data_bytes_packaged += length;
1697 stats_n_data_cells_packaged += 1;
1698
1699 if (PREDICT_UNLIKELY(sending_from_optimistic)) {
1700 /* XXXX We could be more efficient here by sometimes packing
1701 * previously-sent optimistic data in the same cell with data
1702 * from the inbuf. */
1703 generic_buffer_get(entry_conn->sending_optimistic_data, payload, length);
1704 if (!generic_buffer_len(entry_conn->sending_optimistic_data)) {
1705 generic_buffer_free(entry_conn->sending_optimistic_data);
1706 entry_conn->sending_optimistic_data = NULL;
1707 }
1708 } else {
1709 connection_fetch_from_buf(payload, length, TO_CONN(conn));
1710 }
1711
1712 log_debug(domain,TOR_SOCKET_T_FORMAT": Packaging %d bytes (%d waiting).",
1713 conn->base_.s,
1714 (int)length, (int)connection_get_inbuf_len(TO_CONN(conn)));
1715
1716 if (sending_optimistically && !sending_from_optimistic) {
1717 /* This is new optimistic data; remember it in case we need to detach and
1718 retry */
1719 if (!entry_conn->pending_optimistic_data)
1720 entry_conn->pending_optimistic_data = generic_buffer_new();
1721 generic_buffer_add(entry_conn->pending_optimistic_data, payload, length);
1722 }
1723
1724 if (connection_edge_send_command(conn, RELAY_COMMAND_DATA,
1725 payload, length) < 0 )
1726 /* circuit got marked for close, don't continue, don't need to mark conn */
1727 return 0;
1728
1729 if (!cpath_layer) { /* non-rendezvous exit */
1730 tor_assert(circ->package_window > 0);
1731 circ->package_window--;
1732 } else { /* we're an AP, or an exit on a rendezvous circ */
1733 tor_assert(cpath_layer->package_window > 0);
1734 cpath_layer->package_window--;
1735 }
1736
1737 if (--conn->package_window <= 0) { /* is it 0 after decrement? */
1738 connection_stop_reading(TO_CONN(conn));
1739 log_debug(domain,"conn->package_window reached 0.");
1740 circuit_consider_stop_edge_reading(circ, cpath_layer);
1741 return 0; /* don't process the inbuf any more */
1742 }
1743 log_debug(domain,"conn->package_window is now %d",conn->package_window);
1744
1745 if (max_cells) {
1746 *max_cells -= 1;
1747 if (*max_cells <= 0)
1748 return 0;
1749 }
1750
1751 /* handle more if there's more, or return 0 if there isn't */
1752 goto repeat_connection_edge_package_raw_inbuf;
1753 }
1754
1755 /** Called when we've just received a relay data cell, when
1756 * we've just finished flushing all bytes to stream <b>conn</b>,
1757 * or when we've flushed *some* bytes to the stream <b>conn</b>.
1758 *
1759 * If conn->outbuf is not too full, and our deliver window is
1760 * low, send back a suitable number of stream-level sendme cells.
1761 */
1762 void
1763 connection_edge_consider_sending_sendme(edge_connection_t *conn)
1764 {
1765 circuit_t *circ;
1766
1767 if (connection_outbuf_too_full(TO_CONN(conn)))
1768 return;
1769
1770 circ = circuit_get_by_edge_conn(conn);
1771 if (!circ) {
1772 /* this can legitimately happen if the destroy has already
1773 * arrived and torn down the circuit */
1774 log_info(LD_APP,"No circuit associated with conn. Skipping.");
1775 return;
1776 }
1777
1778 while (conn->deliver_window <= STREAMWINDOW_START - STREAMWINDOW_INCREMENT) {
1779 log_debug(conn->base_.type == CONN_TYPE_AP ?LD_APP:LD_EXIT,
1780 "Outbuf %d, Queuing stream sendme.",
1781 (int)conn->base_.outbuf_flushlen);
1782 conn->deliver_window += STREAMWINDOW_INCREMENT;
1783 if (connection_edge_send_command(conn, RELAY_COMMAND_SENDME,
1784 NULL, 0) < 0) {
1785 log_warn(LD_APP,"connection_edge_send_command failed. Skipping.");
1786 return; /* the circuit's closed, don't continue */
1787 }
1788 }
1789 }
1790
1791 /** The circuit <b>circ</b> has received a circuit-level sendme
1792 * (on hop <b>layer_hint</b>, if we're the OP). Go through all the
1793 * attached streams and let them resume reading and packaging, if
1794 * their stream windows allow it.
1795 */
1796 static void
1797 circuit_resume_edge_reading(circuit_t *circ, crypt_path_t *layer_hint)
1798 {
1799 if (circuit_queue_streams_are_blocked(circ)) {
1800 log_debug(layer_hint?LD_APP:LD_EXIT,"Too big queue, no resuming");
1801 return;
1802 }
1803 log_debug(layer_hint?LD_APP:LD_EXIT,"resuming");
1804
1805 if (CIRCUIT_IS_ORIGIN(circ))
1806 circuit_resume_edge_reading_helper(TO_ORIGIN_CIRCUIT(circ)->p_streams,
1807 circ, layer_hint);
1808 else
1809 circuit_resume_edge_reading_helper(TO_OR_CIRCUIT(circ)->n_streams,
1810 circ, layer_hint);
1811 }
1812
1813 void
1814 stream_choice_seed_weak_rng(void)
1815 {
1816 crypto_seed_weak_rng(&stream_choice_rng);
1817 }
1818
1819 /** A helper function for circuit_resume_edge_reading() above.
1820 * The arguments are the same, except that <b>conn</b> is the head
1821 * of a linked list of edge streams that should each be considered.
1822 */
1823 static int
1824 circuit_resume_edge_reading_helper(edge_connection_t *first_conn,
1825 circuit_t *circ,
1826 crypt_path_t *layer_hint)
1827 {
1828 edge_connection_t *conn;
1829 int n_packaging_streams, n_streams_left;
1830 int packaged_this_round;
1831 int cells_on_queue;
1832 int cells_per_conn;
1833 edge_connection_t *chosen_stream = NULL;
1834 int max_to_package;
1835
1836 if (first_conn == NULL) {
1837 /* Don't bother to try to do the rest of this if there are no connections
1838 * to resume. */
1839 return 0;
1840 }
1841
1842 /* How many cells do we have space for? It will be the minimum of
1843 * the number needed to exhaust the package window, and the minimum
1844 * needed to fill the cell queue. */
1845 max_to_package = circ->package_window;
1846 if (CIRCUIT_IS_ORIGIN(circ)) {
1847 cells_on_queue = circ->n_chan_cells.n;
1848 } else {
1849 or_circuit_t *or_circ = TO_OR_CIRCUIT(circ);
1850 cells_on_queue = or_circ->p_chan_cells.n;
1851 }
1852 if (CELL_QUEUE_HIGHWATER_SIZE - cells_on_queue < max_to_package)
1853 max_to_package = CELL_QUEUE_HIGHWATER_SIZE - cells_on_queue;
1854
1855 /* Once we used to start listening on the streams in the order they
1856 * appeared in the linked list. That leads to starvation on the
1857 * streams that appeared later on the list, since the first streams
1858 * would always get to read first. Instead, we just pick a random
1859 * stream on the list, and enable reading for streams starting at that
1860 * point (and wrapping around as if the list were circular). It would
1861 * probably be better to actually remember which streams we've
1862 * serviced in the past, but this is simple and effective. */
1863
1864 /* Select a stream uniformly at random from the linked list. We
1865 * don't need cryptographic randomness here. */
1866 {
1867 int num_streams = 0;
1868 for (conn = first_conn; conn; conn = conn->next_stream) {
1869 num_streams++;
1870 if (tor_weak_random_one_in_n(&stream_choice_rng, num_streams)) {
1871 chosen_stream = conn;
1872 }
1873 /* Invariant: chosen_stream has been chosen uniformly at random from
1874 * among the first num_streams streams on first_conn.
1875 *
1876 * (Note that we iterate over every stream on the circuit, so that after
1877 * we've considered the first stream, we've chosen it with P=1; and
1878 * after we consider the second stream, we've switched to it with P=1/2
1879 * and stayed with the first stream with P=1/2; and after we've
1880 * considered the third stream, we've switched to it with P=1/3 and
1881 * remained with one of the first two streams with P=(2/3), giving each
1882 * one P=(1/2)(2/3) )=(1/3).) */
1883 }
1884 }
1885
1886 /* Count how many non-marked streams there are that have anything on
1887 * their inbuf, and enable reading on all of the connections. */
1888 n_packaging_streams = 0;
1889 /* Activate reading starting from the chosen stream */
1890 for (conn=chosen_stream; conn; conn = conn->next_stream) {
1891 /* Start reading for the streams starting from here */
1892 if (conn->base_.marked_for_close || conn->package_window <= 0)
1893 continue;
1894 if (!layer_hint || conn->cpath_layer == layer_hint) {
1895 connection_start_reading(TO_CONN(conn));
1896
1897 if (connection_get_inbuf_len(TO_CONN(conn)) > 0)
1898 ++n_packaging_streams;
1899 }
1900 }
1901 /* Go back and do the ones we skipped, circular-style */
1902 for (conn = first_conn; conn != chosen_stream; conn = conn->next_stream) {
1903 if (conn->base_.marked_for_close || conn->package_window <= 0)
1904 continue;
1905 if (!layer_hint || conn->cpath_layer == layer_hint) {
1906 connection_start_reading(TO_CONN(conn));
1907
1908 if (connection_get_inbuf_len(TO_CONN(conn)) > 0)
1909 ++n_packaging_streams;
1910 }
1911 }
1912
1913 if (n_packaging_streams == 0) /* avoid divide-by-zero */
1914 return 0;
1915
1916 again:
1917
1918 cells_per_conn = CEIL_DIV(max_to_package, n_packaging_streams);
1919
1920 packaged_this_round = 0;
1921 n_streams_left = 0;
1922
1923 /* Iterate over all connections. Package up to cells_per_conn cells on
1924 * each. Update packaged_this_round with the total number of cells
1925 * packaged, and n_streams_left with the number that still have data to
1926 * package.
1927 */
1928 for (conn=first_conn; conn; conn=conn->next_stream) {
1929 if (conn->base_.marked_for_close || conn->package_window <= 0)
1930 continue;
1931 if (!layer_hint || conn->cpath_layer == layer_hint) {
1932 int n = cells_per_conn, r;
1933 /* handle whatever might still be on the inbuf */
1934 r = connection_edge_package_raw_inbuf(conn, 1, &n);
1935
1936 /* Note how many we packaged */
1937 packaged_this_round += (cells_per_conn-n);
1938
1939 if (r<0) {
1940 /* Problem while packaging. (We already sent an end cell if
1941 * possible) */
1942 connection_mark_for_close(TO_CONN(conn));
1943 continue;
1944 }
1945
1946 /* If there's still data to read, we'll be coming back to this stream. */
1947 if (connection_get_inbuf_len(TO_CONN(conn)))
1948 ++n_streams_left;
1949
1950 /* If the circuit won't accept any more data, return without looking
1951 * at any more of the streams. Any connections that should be stopped
1952 * have already been stopped by connection_edge_package_raw_inbuf. */
1953 if (circuit_consider_stop_edge_reading(circ, layer_hint))
1954 return -1;
1955 /* XXXX should we also stop immediately if we fill up the cell queue?
1956 * Probably. */
1957 }
1958 }
1959
1960 /* If we made progress, and we are willing to package more, and there are
1961 * any streams left that want to package stuff... try again!
1962 */
1963 if (packaged_this_round && packaged_this_round < max_to_package &&
1964 n_streams_left) {
1965 max_to_package -= packaged_this_round;
1966 n_packaging_streams = n_streams_left;
1967 goto again;
1968 }
1969
1970 return 0;
1971 }
1972
1973 /** Check if the package window for <b>circ</b> is empty (at
1974 * hop <b>layer_hint</b> if it's defined).
1975 *
1976 * If yes, tell edge streams to stop reading and return 1.
1977 * Else return 0.
1978 */
1979 static int
1980 circuit_consider_stop_edge_reading(circuit_t *circ, crypt_path_t *layer_hint)
1981 {
1982 edge_connection_t *conn = NULL;
1983 unsigned domain = layer_hint ? LD_APP : LD_EXIT;
1984
1985 if (!layer_hint) {
1986 or_circuit_t *or_circ = TO_OR_CIRCUIT(circ);
1987 log_debug(domain,"considering circ->package_window %d",
1988 circ->package_window);
1989 if (circ->package_window <= 0) {
1990 log_debug(domain,"yes, not-at-origin. stopped.");
1991 for (conn = or_circ->n_streams; conn; conn=conn->next_stream)
1992 connection_stop_reading(TO_CONN(conn));
1993 return 1;
1994 }
1995 return 0;
1996 }
1997 /* else, layer hint is defined, use it */
1998 log_debug(domain,"considering layer_hint->package_window %d",
1999 layer_hint->package_window);
2000 if (layer_hint->package_window <= 0) {
2001 log_debug(domain,"yes, at-origin. stopped.");
2002 for (conn = TO_ORIGIN_CIRCUIT(circ)->p_streams; conn;
2003 conn=conn->next_stream) {
2004 if (conn->cpath_layer == layer_hint)
2005 connection_stop_reading(TO_CONN(conn));
2006 }
2007 return 1;
2008 }
2009 return 0;
2010 }
2011
2012 /** Check if the deliver_window for circuit <b>circ</b> (at hop
2013 * <b>layer_hint</b> if it's defined) is low enough that we should
2014 * send a circuit-level sendme back down the circuit. If so, send
2015 * enough sendmes that the window would be overfull if we sent any
2016 * more.
2017 */
2018 static void
2019 circuit_consider_sending_sendme(circuit_t *circ, crypt_path_t *layer_hint)
2020 {
2021 // log_fn(LOG_INFO,"Considering: layer_hint is %s",
2022 // layer_hint ? "defined" : "null");
2023 while ((layer_hint ? layer_hint->deliver_window : circ->deliver_window) <=
2024 CIRCWINDOW_START - CIRCWINDOW_INCREMENT) {
2025 log_debug(LD_CIRC,"Queuing circuit sendme.");
2026 if (layer_hint)
2027 layer_hint->deliver_window += CIRCWINDOW_INCREMENT;
2028 else
2029 circ->deliver_window += CIRCWINDOW_INCREMENT;
2030 if (relay_send_command_from_edge(0, circ, RELAY_COMMAND_SENDME,
2031 NULL, 0, layer_hint) < 0) {
2032 log_warn(LD_CIRC,
2033 "relay_send_command_from_edge failed. Circuit's closed.");
2034 return; /* the circuit's closed, don't continue */
2035 }
2036 }
2037 }
2038
2039 #ifdef ACTIVE_CIRCUITS_PARANOIA
2040 #define assert_cmux_ok_paranoid(chan) \
2041 assert_circuit_mux_okay(chan)
2042 #else
2043 #define assert_cmux_ok_paranoid(chan)
2044 #endif
2045
2046 /** The total number of cells we have allocated from the memory pool. */
2047 static size_t total_cells_allocated = 0;
2048
2049 /** A memory pool to allocate packed_cell_t objects. */
2050 static mp_pool_t *cell_pool = NULL;
2051
2052 /** Allocate structures to hold cells. */
2053 void
2054 init_cell_pool(void)
2055 {
2056 tor_assert(!cell_pool);
2057 cell_pool = mp_pool_new(sizeof(packed_cell_t), 128*1024);
2058 }
2059
2060 /** Free all storage used to hold cells (and insertion times/commands if we
2061 * measure cell statistics and/or if CELL_STATS events are enabled). */
2062 void
2063 free_cell_pool(void)
2064 {
2065 /* Maybe we haven't called init_cell_pool yet; need to check for it. */
2066 if (cell_pool) {
2067 mp_pool_destroy(cell_pool);
2068 cell_pool = NULL;
2069 }
2070 }
2071
2072 /** Free excess storage in cell pool. */
2073 void
2074 clean_cell_pool(void)
2075 {
2076 tor_assert(cell_pool);
2077 mp_pool_clean(cell_pool, 0, 1);
2078 }
2079
2080 /** Release storage held by <b>cell</b>. */
2081 static INLINE void
2082 packed_cell_free_unchecked(packed_cell_t *cell)
2083 {
2084 --total_cells_allocated;
2085 mp_pool_release(cell);
2086 }
2087
2088 /** Allocate and return a new packed_cell_t. */
2089 STATIC packed_cell_t *
2090 packed_cell_new(void)
2091 {
2092 ++total_cells_allocated;
2093 return mp_pool_get(cell_pool);
2094 }
2095
2096 /** Return a packed cell used outside by channel_t lower layer */
2097 void
2098 packed_cell_free(packed_cell_t *cell)
2099 {
2100 if (!cell)
2101 return;
2102 packed_cell_free_unchecked(cell);
2103 }
2104
2105 /** Log current statistics for cell pool allocation at log level
2106 * <b>severity</b>. */
2107 void
2108 dump_cell_pool_usage(int severity)
2109 {
2110 circuit_t *c;
2111 int n_circs = 0;
2112 int n_cells = 0;
2113 TOR_LIST_FOREACH(c, circuit_get_global_list(), head) {
2114 n_cells += c->n_chan_cells.n;
2115 if (!CIRCUIT_IS_ORIGIN(c))
2116 n_cells += TO_OR_CIRCUIT(c)->p_chan_cells.n;
2117 ++n_circs;
2118 }
2119 tor_log(severity, LD_MM,
2120 "%d cells allocated on %d circuits. %d cells leaked.",
2121 n_cells, n_circs, (int)total_cells_allocated - n_cells);
2122 mp_pool_log_status(cell_pool, severity);
2123 }
2124
2125 /** Allocate a new copy of packed <b>cell</b>. */
2126 static INLINE packed_cell_t *
2127 packed_cell_copy(const cell_t *cell, int wide_circ_ids)
2128 {
2129 packed_cell_t *c = packed_cell_new();
2130 cell_pack(c, cell, wide_circ_ids);
2131 return c;
2132 }
2133
2134 /** Append <b>cell</b> to the end of <b>queue</b>. */
2135 void
2136 cell_queue_append(cell_queue_t *queue, packed_cell_t *cell)
2137 {
2138 TOR_SIMPLEQ_INSERT_TAIL(&queue->head, cell, next);
2139 ++queue->n;
2140 }
2141
2142 /** Append a newly allocated copy of <b>cell</b> to the end of the
2143 * <b>exitward</b> (or app-ward) <b>queue</b> of <b>circ</b>. If
2144 * <b>use_stats</b> is true, record statistics about the cell.
2145 */
2146 void
2147 cell_queue_append_packed_copy(circuit_t *circ, cell_queue_t *queue,
2148 int exitward, const cell_t *cell,
2149 int wide_circ_ids, int use_stats)
2150 {
2151 struct timeval now;
2152 packed_cell_t *copy = packed_cell_copy(cell, wide_circ_ids);
2153 (void)circ;
2154 (void)exitward;
2155 (void)use_stats;
2156 tor_gettimeofday_cached(&now);
2157 copy->inserted_time = (uint32_t)tv_to_msec(&now);
2158
2159 cell_queue_append(queue, copy);
2160 }
2161
2162 /** Initialize <b>queue</b> as an empty cell queue. */
2163 void
2164 cell_queue_init(cell_queue_t *queue)
2165 {
2166 memset(queue, 0, sizeof(cell_queue_t));
2167 TOR_SIMPLEQ_INIT(&queue->head);
2168 }
2169
2170 /** Remove and free every cell in <b>queue</b>. */
2171 void
2172 cell_queue_clear(cell_queue_t *queue)
2173 {
2174 packed_cell_t *cell;
2175 while ((cell = TOR_SIMPLEQ_FIRST(&queue->head))) {
2176 TOR_SIMPLEQ_REMOVE_HEAD(&queue->head, next);
2177 packed_cell_free_unchecked(cell);
2178 }
2179 TOR_SIMPLEQ_INIT(&queue->head);
2180 queue->n = 0;
2181 }
2182
2183 /** Extract and return the cell at the head of <b>queue</b>; return NULL if
2184 * <b>queue</b> is empty. */
2185 STATIC packed_cell_t *
2186 cell_queue_pop(cell_queue_t *queue)
2187 {
2188 packed_cell_t *cell = TOR_SIMPLEQ_FIRST(&queue->head);
2189 if (!cell)
2190 return NULL;
2191 TOR_SIMPLEQ_REMOVE_HEAD(&queue->head, next);
2192 --queue->n;
2193 return cell;
2194 }
2195
2196 /** Return the total number of bytes used for each packed_cell in a queue.
2197 * Approximate. */
2198 size_t
2199 packed_cell_mem_cost(void)
2200 {
2201 return sizeof(packed_cell_t) + MP_POOL_ITEM_OVERHEAD;
2202 }
2203
2204 /** Check whether we've got too much space used for cells. If so,
2205 * call the OOM handler and return 1. Otherwise, return 0. */
2206 static int
2207 cell_queues_check_size(void)
2208 {
2209 size_t alloc = total_cells_allocated * packed_cell_mem_cost();
2210 if (alloc >= get_options()->MaxMemInCellQueues) {
2211 circuits_handle_oom(alloc);
2212 return 1;
2213 }
2214 return 0;
2215 }
2216
2217 /**
2218 * Update the number of cells available on the circuit's n_chan or p_chan's
2219 * circuit mux.
2220 */
2221 void
2222 update_circuit_on_cmux_(circuit_t *circ, cell_direction_t direction,
2223 const char *file, int lineno)
2224 {
2225 channel_t *chan = NULL;
2226 or_circuit_t *or_circ = NULL;
2227 circuitmux_t *cmux = NULL;
2228
2229 tor_assert(circ);
2230
2231 /* Okay, get the channel */
2232 if (direction == CELL_DIRECTION_OUT) {
2233 chan = circ->n_chan;
2234 } else {
2235 or_circ = TO_OR_CIRCUIT(circ);
2236 chan = or_circ->p_chan;
2237 }
2238
2239 tor_assert(chan);
2240 tor_assert(chan->cmux);
2241
2242 /* Now get the cmux */
2243 cmux = chan->cmux;
2244
2245 /* Cmux sanity check */
2246 if (! circuitmux_is_circuit_attached(cmux, circ)) {
2247 log_warn(LD_BUG, "called on non-attachd circuit from %s:%d",
2248 file, lineno);
2249 return;
2250 }
2251 tor_assert(circuitmux_attached_circuit_direction(cmux, circ) == direction);
2252
2253 assert_cmux_ok_paranoid(chan);
2254
2255 /* Update the number of cells we have for the circuit mux */
2256 if (direction == CELL_DIRECTION_OUT) {
2257 circuitmux_set_num_cells(cmux, circ, circ->n_chan_cells.n);
2258 } else {
2259 circuitmux_set_num_cells(cmux, circ, or_circ->p_chan_cells.n);
2260 }
2261
2262 assert_cmux_ok_paranoid(chan);
2263 }
2264
2265 /** Remove all circuits from the cmux on <b>chan</b>. */
2266 void
2267 channel_unlink_all_circuits(channel_t *chan)
2268 {
2269 tor_assert(chan);
2270 tor_assert(chan->cmux);
2271
2272 circuitmux_detach_all_circuits(chan->cmux);
2273 chan->num_n_circuits = 0;
2274 chan->num_p_circuits = 0;
2275 }
2276
2277 /** Block (if <b>block</b> is true) or unblock (if <b>block</b> is false)
2278 * every edge connection that is using <b>circ</b> to write to <b>chan</b>,
2279 * and start or stop reading as appropriate.
2280 *
2281 * If <b>stream_id</b> is nonzero, block only the edge connection whose
2282 * stream_id matches it.
2283 *
2284 * Returns the number of streams whose status we changed.
2285 */
2286 static int
2287 set_streams_blocked_on_circ(circuit_t *circ, channel_t *chan,
2288 int block, streamid_t stream_id)
2289 {
2290 edge_connection_t *edge = NULL;
2291 int n = 0;
2292 if (circ->n_chan == chan) {
2293 circ->streams_blocked_on_n_chan = block;
2294 if (CIRCUIT_IS_ORIGIN(circ))
2295 edge = TO_ORIGIN_CIRCUIT(circ)->p_streams;
2296 } else {
2297 circ->streams_blocked_on_p_chan = block;
2298 tor_assert(!CIRCUIT_IS_ORIGIN(circ));
2299 edge = TO_OR_CIRCUIT(circ)->n_streams;
2300 }
2301
2302 for (; edge; edge = edge->next_stream) {
2303 connection_t *conn = TO_CONN(edge);
2304 if (stream_id && edge->stream_id != stream_id)
2305 continue;
2306
2307 if (edge->edge_blocked_on_circ != block) {
2308 ++n;
2309 edge->edge_blocked_on_circ = block;
2310 }
2311
2312 if (!conn->read_event && !HAS_BUFFEREVENT(conn)) {
2313 /* This connection is a placeholder for something; probably a DNS
2314 * request. It can't actually stop or start reading.*/
2315 continue;
2316 }
2317
2318 if (block) {
2319 if (connection_is_reading(conn))
2320 connection_stop_reading(conn);
2321 } else {
2322 /* Is this right? */
2323 if (!connection_is_reading(conn))
2324 connection_start_reading(conn);
2325 }
2326 }
2327
2328 return n;
2329 }
2330
2331 /** Extract the command from a packed cell. */
2332 static uint8_t
2333 packed_cell_get_command(const packed_cell_t *cell, int wide_circ_ids)
2334 {
2335 if (wide_circ_ids) {
2336 return get_uint8(cell->body+4);
2337 } else {
2338 return get_uint8(cell->body+2);
2339 }
2340 }
2341
2342 /** Pull as many cells as possible (but no more than <b>max</b>) from the
2343 * queue of the first active circuit on <b>chan</b>, and write them to
2344 * <b>chan</b>-&gt;outbuf. Return the number of cells written. Advance
2345 * the active circuit pointer to the next active circuit in the ring. */
2346 int
2347 channel_flush_from_first_active_circuit(channel_t *chan, int max)
2348 {
2349 circuitmux_t *cmux = NULL;
2350 int n_flushed = 0;
2351 cell_queue_t *queue, *destroy_queue=NULL;
2352 circuit_t *circ;
2353 or_circuit_t *or_circ;
2354 int streams_blocked;
2355 packed_cell_t *cell;
2356
2357 /* Get the cmux */
2358 tor_assert(chan);
2359 tor_assert(chan->cmux);
2360 cmux = chan->cmux;
2361
2362 /* Main loop: pick a circuit, send a cell, update the cmux */
2363 while (n_flushed < max) {
2364 circ = circuitmux_get_first_active_circuit(cmux, &destroy_queue);
2365 if (destroy_queue) {
2366 /* this code is duplicated from some of the logic below. Ugly! XXXX */
2367 tor_assert(destroy_queue->n > 0);
2368 cell = cell_queue_pop(destroy_queue);
2369 channel_write_packed_cell(chan, cell);
2370 /* Update the cmux destroy counter */
2371 circuitmux_notify_xmit_destroy(cmux);
2372 cell = NULL;
2373 ++n_flushed;
2374 continue;
2375 }
2376 /* If it returns NULL, no cells left to send */
2377 if (!circ) break;
2378 assert_cmux_ok_paranoid(chan);
2379
2380 if (circ->n_chan == chan) {
2381 queue = &circ->n_chan_cells;
2382 streams_blocked = circ->streams_blocked_on_n_chan;
2383 } else {
2384 or_circ = TO_OR_CIRCUIT(circ);
2385 tor_assert(or_circ->p_chan == chan);
2386 queue = &TO_OR_CIRCUIT(circ)->p_chan_cells;
2387 streams_blocked = circ->streams_blocked_on_p_chan;
2388 }
2389
2390 /* Circuitmux told us this was active, so it should have cells */
2391 tor_assert(queue->n > 0);
2392
2393 /*
2394 * Get just one cell here; once we've sent it, that can change the circuit
2395 * selection, so we have to loop around for another even if this circuit
2396 * has more than one.
2397 */
2398 cell = cell_queue_pop(queue);
2399
2400 /* Calculate the exact time that this cell has spent in the queue. */
2401 if (get_options()->CellStatistics ||
2402 get_options()->TestingEnableCellStatsEvent) {
2403 uint32_t msec_waiting;
2404 struct timeval tvnow;
2405 tor_gettimeofday_cached(&tvnow);
2406 msec_waiting = ((uint32_t)tv_to_msec(&tvnow)) - cell->inserted_time;
2407
2408 if (get_options()->CellStatistics && !CIRCUIT_IS_ORIGIN(circ)) {
2409 or_circ = TO_OR_CIRCUIT(circ);
2410 or_circ->total_cell_waiting_time += msec_waiting;
2411 or_circ->processed_cells++;
2412 }
2413
2414 if (get_options()->TestingEnableCellStatsEvent) {
2415 uint8_t command = packed_cell_get_command(cell, chan->wide_circ_ids);
2416
2417 testing_cell_stats_entry_t *ent =
2418 tor_malloc_zero(sizeof(testing_cell_stats_entry_t));
2419 ent->command = command;
2420 ent->waiting_time = msec_waiting / 10;
2421 ent->removed = 1;
2422 if (circ->n_chan == chan)
2423 ent->exitward = 1;
2424 if (!circ->testing_cell_stats)
2425 circ->testing_cell_stats = smartlist_new();
2426 smartlist_add(circ->testing_cell_stats, ent);
2427 }
2428 }
2429
2430 /* If we just flushed our queue and this circuit is used for a
2431 * tunneled directory request, possibly advance its state. */
2432 if (queue->n == 0 && chan->dirreq_id)
2433 geoip_change_dirreq_state(chan->dirreq_id,
2434 DIRREQ_TUNNELED,
2435 DIRREQ_CIRC_QUEUE_FLUSHED);
2436
2437 /* Now send the cell */
2438 channel_write_packed_cell(chan, cell);
2439 cell = NULL;
2440
2441 /*
2442 * Don't packed_cell_free_unchecked(cell) here because the channel will
2443 * do so when it gets out of the channel queue (probably already did, in
2444 * which case that was an immediate double-free bug).
2445 */
2446
2447 /* Update the counter */
2448 ++n_flushed;
2449
2450 /*
2451 * Now update the cmux; tell it we've just sent a cell, and how many
2452 * we have left.
2453 */
2454 circuitmux_notify_xmit_cells(cmux, circ, 1);
2455 circuitmux_set_num_cells(cmux, circ, queue->n);
2456 if (queue->n == 0)
2457 log_debug(LD_GENERAL, "Made a circuit inactive.");
2458
2459 /* Is the cell queue low enough to unblock all the streams that are waiting
2460 * to write to this circuit? */
2461 if (streams_blocked && queue->n <= CELL_QUEUE_LOWWATER_SIZE)
2462 set_streams_blocked_on_circ(circ, chan, 0, 0); /* unblock streams */
2463
2464 /* If n_flushed < max still, loop around and pick another circuit */
2465 }
2466
2467 /* Okay, we're done sending now */
2468 assert_cmux_ok_paranoid(chan);
2469
2470 return n_flushed;
2471 }
2472
2473 #if 0
2474 /** Indicate the current preferred cap for middle circuits; zero disables
2475 * the cap. Right now it's just a constant, ORCIRC_MAX_MIDDLE_CELLS, but
2476 * the logic in append_cell_to_circuit_queue() is written to be correct
2477 * if we want to base it on a consensus param or something that might change
2478 * in the future.
2479 */
2480 static int
2481 get_max_middle_cells(void)
2482 {
2483 return ORCIRC_MAX_MIDDLE_CELLS;
2484 }
2485 #endif
2486
2487 /** Add <b>cell</b> to the queue of <b>circ</b> writing to <b>chan</b>
2488 * transmitting in <b>direction</b>. */
2489 void
2490 append_cell_to_circuit_queue(circuit_t *circ, channel_t *chan,
2491 cell_t *cell, cell_direction_t direction,
2492 streamid_t fromstream)
2493 {
2494 or_circuit_t *orcirc = NULL;
2495 cell_queue_t *queue;
2496 int streams_blocked;
2497 #if 0
2498 uint32_t tgt_max_middle_cells, p_len, n_len, tmp, hard_max_middle_cells;
2499 #endif
2500
2501 int exitward;
2502 if (circ->marked_for_close)
2503 return;
2504
2505 exitward = (direction == CELL_DIRECTION_OUT);
2506 if (exitward) {
2507 queue = &circ->n_chan_cells;
2508 streams_blocked = circ->streams_blocked_on_n_chan;
2509 } else {
2510 orcirc = TO_OR_CIRCUIT(circ);
2511 queue = &orcirc->p_chan_cells;
2512 streams_blocked = circ->streams_blocked_on_p_chan;
2513 }
2514
2515 /*
2516 * Disabling this for now because of a possible guard discovery attack
2517 */
2518 #if 0
2519 /* Are we a middle circuit about to exceed ORCIRC_MAX_MIDDLE_CELLS? */
2520 if ((circ->n_chan != NULL) && CIRCUIT_IS_ORCIRC(circ)) {
2521 orcirc = TO_OR_CIRCUIT(circ);
2522 if (orcirc->p_chan) {
2523 /* We are a middle circuit if we have both n_chan and p_chan */
2524 /* We'll need to know the current preferred maximum */
2525 tgt_max_middle_cells = get_max_middle_cells();
2526 if (tgt_max_middle_cells > 0) {
2527 /* Do we need to initialize middle_max_cells? */
2528 if (orcirc->max_middle_cells == 0) {
2529 orcirc->max_middle_cells = tgt_max_middle_cells;
2530 } else {
2531 if (tgt_max_middle_cells > orcirc->max_middle_cells) {
2532 /* If we want to increase the cap, we can do so right away */
2533 orcirc->max_middle_cells = tgt_max_middle_cells;
2534 } else if (tgt_max_middle_cells < orcirc->max_middle_cells) {
2535 /*
2536 * If we're shrinking the cap, we can't shrink past either queue;
2537 * compare tgt_max_middle_cells rather than tgt_max_middle_cells *
2538 * ORCIRC_MAX_MIDDLE_KILL_THRESH so the queues don't shrink enough
2539 * to generate spurious warnings, either.
2540 */
2541 n_len = circ->n_chan_cells.n;
2542 p_len = orcirc->p_chan_cells.n;
2543 tmp = tgt_max_middle_cells;
2544 if (tmp < n_len) tmp = n_len;
2545 if (tmp < p_len) tmp = p_len;
2546 orcirc->max_middle_cells = tmp;
2547 }
2548 /* else no change */
2549 }
2550 } else {
2551 /* tgt_max_middle_cells == 0 indicates we should disable the cap */
2552 orcirc->max_middle_cells = 0;
2553 }
2554
2555 /* Now we know orcirc->max_middle_cells is set correctly */
2556 if (orcirc->max_middle_cells > 0) {
2557 hard_max_middle_cells =
2558 (uint32_t)(((double)orcirc->max_middle_cells) *
2559 ORCIRC_MAX_MIDDLE_KILL_THRESH);
2560
2561 if ((unsigned)queue->n + 1 >= hard_max_middle_cells) {
2562 /* Queueing this cell would put queue over the kill theshold */
2563 log_warn(LD_CIRC,
2564 "Got a cell exceeding the hard cap of %u in the "
2565 "%s direction on middle circ ID %u on chan ID "
2566 U64_FORMAT "; killing the circuit.",
2567 hard_max_middle_cells,
2568 (direction == CELL_DIRECTION_OUT) ? "n" : "p",
2569 (direction == CELL_DIRECTION_OUT) ?
2570 circ->n_circ_id : orcirc->p_circ_id,
2571 U64_PRINTF_ARG(
2572 (direction == CELL_DIRECTION_OUT) ?
2573 circ->n_chan->global_identifier :
2574 orcirc->p_chan->global_identifier));
2575 circuit_mark_for_close(circ, END_CIRC_REASON_RESOURCELIMIT);
2576 return;
2577 } else if ((unsigned)queue->n + 1 == orcirc->max_middle_cells) {
2578 /* Only use ==, not >= for this test so we don't spam the log */
2579 log_warn(LD_CIRC,
2580 "While trying to queue a cell, reached the soft cap of %u "
2581 "in the %s direction on middle circ ID %u "
2582 "on chan ID " U64_FORMAT ".",
2583 orcirc->max_middle_cells,
2584 (direction == CELL_DIRECTION_OUT) ? "n" : "p",
2585 (direction == CELL_DIRECTION_OUT) ?
2586 circ->n_circ_id : orcirc->p_circ_id,
2587 U64_PRINTF_ARG(
2588 (direction == CELL_DIRECTION_OUT) ?
2589 circ->n_chan->global_identifier :
2590 orcirc->p_chan->global_identifier));
2591 }
2592 }
2593 }
2594 }
2595 #endif
2596
2597 cell_queue_append_packed_copy(circ, queue, exitward, cell,
2598 chan->wide_circ_ids, 1);
2599
2600 if (PREDICT_UNLIKELY(cell_queues_check_size())) {
2601 /* We ran the OOM handler */
2602 if (circ->marked_for_close)
2603 return;
2604 }
2605
2606 /* If we have too many cells on the circuit, we should stop reading from
2607 * the edge streams for a while. */
2608 if (!streams_blocked && queue->n >= CELL_QUEUE_HIGHWATER_SIZE)
2609 set_streams_blocked_on_circ(circ, chan, 1, 0); /* block streams */
2610
2611 if (streams_blocked && fromstream) {
2612 /* This edge connection is apparently not blocked; block it. */
2613 set_streams_blocked_on_circ(circ, chan, 1, fromstream);
2614 }
2615
2616 update_circuit_on_cmux(circ, direction);
2617 if (queue->n == 1) {
2618 /* This was the first cell added to the queue. We just made this
2619 * circuit active. */
2620 log_debug(LD_GENERAL, "Made a circuit active.");
2621 }
2622
2623 if (!channel_has_queued_writes(chan)) {
2624 /* There is no data at all waiting to be sent on the outbuf. Add a
2625 * cell, so that we can notice when it gets flushed, flushed_some can
2626 * get called, and we can start putting more data onto the buffer then.
2627 */
2628 log_debug(LD_GENERAL, "Primed a buffer.");
2629 channel_flush_from_first_active_circuit(chan, 1);
2630 }
2631 }
2632
2633 /** Append an encoded value of <b>addr</b> to <b>payload_out</b>, which must
2634 * have at least 18 bytes of free space. The encoding is, as specified in
2635 * tor-spec.txt:
2636 * RESOLVED_TYPE_IPV4 or RESOLVED_TYPE_IPV6 [1 byte]
2637 * LENGTH [1 byte]
2638 * ADDRESS [length bytes]
2639 * Return the number of bytes added, or -1 on error */
2640 int
2641 append_address_to_payload(uint8_t *payload_out, const tor_addr_t *addr)
2642 {
2643 uint32_t a;
2644 switch (tor_addr_family(addr)) {
2645 case AF_INET:
2646 payload_out[0] = RESOLVED_TYPE_IPV4;
2647 payload_out[1] = 4;
2648 a = tor_addr_to_ipv4n(addr);
2649 memcpy(payload_out+2, &a, 4);
2650 return 6;
2651 case AF_INET6:
2652 payload_out[0] = RESOLVED_TYPE_IPV6;
2653 payload_out[1] = 16;
2654 memcpy(payload_out+2, tor_addr_to_in6_addr8(addr), 16);
2655 return 18;
2656 case AF_UNSPEC:
2657 default:
2658 return -1;
2659 }
2660 }
2661
2662 /** Given <b>payload_len</b> bytes at <b>payload</b>, starting with an address
2663 * encoded as by append_address_to_payload(), try to decode the address into
2664 * *<b>addr_out</b>. Return the next byte in the payload after the address on
2665 * success, or NULL on failure. */
2666 const uint8_t *
2667 decode_address_from_payload(tor_addr_t *addr_out, const uint8_t *payload,
2668 int payload_len)
2669 {
2670 if (payload_len < 2)
2671 return NULL;
2672 if (payload_len < 2+payload[1])
2673 return NULL;
2674
2675 switch (payload[0]) {
2676 case RESOLVED_TYPE_IPV4:
2677 if (payload[1] != 4)
2678 return NULL;
2679 tor_addr_from_ipv4n(addr_out, get_uint32(payload+2));
2680 break;
2681 case RESOLVED_TYPE_IPV6:
2682 if (payload[1] != 16)
2683 return NULL;
2684 tor_addr_from_ipv6_bytes(addr_out, (char*)(payload+2));
2685 break;
2686 default:
2687 tor_addr_make_unspec(addr_out);
2688 break;
2689 }
2690 return payload + 2 + payload[1];
2691 }
2692
2693 /** Remove all the cells queued on <b>circ</b> for <b>chan</b>. */
2694 void
2695 circuit_clear_cell_queue(circuit_t *circ, channel_t *chan)
2696 {
2697 cell_queue_t *queue;
2698 cell_direction_t direction;
2699
2700 if (circ->n_chan == chan) {
2701 queue = &circ->n_chan_cells;
2702 direction = CELL_DIRECTION_OUT;
2703 } else {
2704 or_circuit_t *orcirc = TO_OR_CIRCUIT(circ);
2705 tor_assert(orcirc->p_chan == chan);
2706 queue = &orcirc->p_chan_cells;
2707 direction = CELL_DIRECTION_IN;
2708 }
2709
2710 /* Clear the queue */
2711 cell_queue_clear(queue);
2712
2713 /* Update the cell counter in the cmux */
2714 if (chan->cmux && circuitmux_is_circuit_attached(chan->cmux, circ))
2715 update_circuit_on_cmux(circ, direction);
2716 }
2717
2718 /** Fail with an assert if the circuit mux on chan is corrupt
2719 */
2720 void
2721 assert_circuit_mux_okay(channel_t *chan)
2722 {
2723 tor_assert(chan);
2724 tor_assert(chan->cmux);
2725
2726 circuitmux_assert_okay(chan->cmux);
2727 }
2728
2729 /** Return 1 if we shouldn't restart reading on this circuit, even if
2730 * we get a SENDME. Else return 0.
2731 */
2732 static int
2733 circuit_queue_streams_are_blocked(circuit_t *circ)
2734 {
2735 if (CIRCUIT_IS_ORIGIN(circ)) {
2736 return circ->streams_blocked_on_n_chan;
2737 } else {
2738 return circ->streams_blocked_on_p_chan;
2739 }
2740 }
2741
The Onion Router