1 /* Copyright (c) 2001 Matej Pfajfar.
2 * Copyright (c) 2001-2004, Roger Dingledine.
3 * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson.
4 * Copyright (c) 2007-2013, The Tor Project, Inc. */
5 /* See LICENSE for licensing information */
9 * \brief Handle relay cell encryption/decryption, plus packaging and
10 * receiving from circuits, plus queuing on circuits.
15 #include "addressmap.h"
18 #include "circpathbias.h"
19 #include "circuitbuild.h"
20 #include "circuitlist.h"
21 #include "circuituse.h"
23 #include "connection.h"
24 #include "connection_edge.h"
25 #include "connection_or.h"
30 #include "networkstatus.h"
36 #include "rendcommon.h"
38 #include "routerlist.h"
39 #include "routerparse.h"
41 static edge_connection_t
*relay_lookup_conn(circuit_t
*circ
, cell_t
*cell
,
42 cell_direction_t cell_direction
,
43 crypt_path_t
*layer_hint
);
45 static int connection_edge_process_relay_cell(cell_t
*cell
, circuit_t
*circ
,
46 edge_connection_t
*conn
,
47 crypt_path_t
*layer_hint
);
48 static void circuit_consider_sending_sendme(circuit_t
*circ
,
49 crypt_path_t
*layer_hint
);
50 static void circuit_resume_edge_reading(circuit_t
*circ
,
51 crypt_path_t
*layer_hint
);
52 static int circuit_resume_edge_reading_helper(edge_connection_t
*conn
,
54 crypt_path_t
*layer_hint
);
55 static int circuit_consider_stop_edge_reading(circuit_t
*circ
,
56 crypt_path_t
*layer_hint
);
57 static int circuit_queue_streams_are_blocked(circuit_t
*circ
);
58 static void adjust_exit_policy_from_exitpolicy_failure(origin_circuit_t
*circ
,
59 entry_connection_t
*conn
,
61 const tor_addr_t
*addr
);
63 static int get_max_middle_cells(void);
66 /** Stop reading on edge connections when we have this many cells
67 * waiting on the appropriate queue. */
68 #define CELL_QUEUE_HIGHWATER_SIZE 256
69 /** Start reading from edge connections again when we get down to this many
71 #define CELL_QUEUE_LOWWATER_SIZE 64
73 /** Stats: how many relay cells have originated at this hop, or have
74 * been relayed onward (not recognized at this hop)?
76 uint64_t stats_n_relay_cells_relayed
= 0;
77 /** Stats: how many relay cells have been delivered to streams at this
80 uint64_t stats_n_relay_cells_delivered
= 0;
82 /** Used to tell which stream to read from first on a circuit. */
83 static tor_weak_rng_t stream_choice_rng
= TOR_WEAK_RNG_INIT
;
85 /** Update digest from the payload of cell. Assign integrity part to
89 relay_set_digest(crypto_digest_t
*digest
, cell_t
*cell
)
94 crypto_digest_add_bytes(digest
, (char*)cell
->payload
, CELL_PAYLOAD_SIZE
);
95 crypto_digest_get_digest(digest
, integrity
, 4);
96 // log_fn(LOG_DEBUG,"Putting digest of %u %u %u %u into relay cell.",
97 // integrity[0], integrity[1], integrity[2], integrity[3]);
98 relay_header_unpack(&rh
, cell
->payload
);
99 memcpy(rh
.integrity
, integrity
, 4);
100 relay_header_pack(cell
->payload
, &rh
);
103 /** Does the digest for this circuit indicate that this cell is for us?
105 * Update digest from the payload of cell (with the integrity part set
106 * to 0). If the integrity part is valid, return 1, else restore digest
107 * and cell to their original state and return 0.
110 relay_digest_matches(crypto_digest_t
*digest
, cell_t
*cell
)
112 char received_integrity
[4], calculated_integrity
[4];
114 crypto_digest_t
*backup_digest
=NULL
;
116 backup_digest
= crypto_digest_dup(digest
);
118 relay_header_unpack(&rh
, cell
->payload
);
119 memcpy(received_integrity
, rh
.integrity
, 4);
120 memset(rh
.integrity
, 0, 4);
121 relay_header_pack(cell
->payload
, &rh
);
123 // log_fn(LOG_DEBUG,"Reading digest of %u %u %u %u from relay cell.",
124 // received_integrity[0], received_integrity[1],
125 // received_integrity[2], received_integrity[3]);
127 crypto_digest_add_bytes(digest
, (char*) cell
->payload
, CELL_PAYLOAD_SIZE
);
128 crypto_digest_get_digest(digest
, calculated_integrity
, 4);
130 if (tor_memneq(received_integrity
, calculated_integrity
, 4)) {
131 // log_fn(LOG_INFO,"Recognized=0 but bad digest. Not recognizing.");
132 // (%d vs %d).", received_integrity, calculated_integrity);
133 /* restore digest to its old form */
134 crypto_digest_assign(digest
, backup_digest
);
135 /* restore the relay header */
136 memcpy(rh
.integrity
, received_integrity
, 4);
137 relay_header_pack(cell
->payload
, &rh
);
138 crypto_digest_free(backup_digest
);
141 crypto_digest_free(backup_digest
);
145 /** Apply <b>cipher</b> to CELL_PAYLOAD_SIZE bytes of <b>in</b>
148 * If <b>encrypt_mode</b> is 1 then encrypt, else decrypt.
150 * Return -1 if the crypto fails, else return 0.
153 relay_crypt_one_payload(crypto_cipher_t
*cipher
, uint8_t *in
,
158 r
= crypto_cipher_crypt_inplace(cipher
, (char*) in
, CELL_PAYLOAD_SIZE
);
161 log_warn(LD_BUG
,"Error during relay encryption");
167 /** Receive a relay cell:
168 * - Crypt it (encrypt if headed toward the origin or if we <b>are</b> the
169 * origin; decrypt if we're headed toward the exit).
170 * - Check if recognized (if exitward).
171 * - If recognized and the digest checks out, then find if there's a stream
172 * that the cell is intended for, and deliver it to the right
174 * - If not recognized, then we need to relay it: append it to the appropriate
175 * cell_queue on <b>circ</b>.
177 * Return -<b>reason</b> on failure.
180 circuit_receive_relay_cell(cell_t
*cell
, circuit_t
*circ
,
181 cell_direction_t cell_direction
)
183 channel_t
*chan
= NULL
;
184 crypt_path_t
*layer_hint
=NULL
;
190 tor_assert(cell_direction
== CELL_DIRECTION_OUT
||
191 cell_direction
== CELL_DIRECTION_IN
);
192 if (circ
->marked_for_close
)
195 if (relay_crypt(circ
, cell
, cell_direction
, &layer_hint
, &recognized
) < 0) {
196 log_warn(LD_BUG
,"relay crypt failed. Dropping connection.");
197 return -END_CIRC_REASON_INTERNAL
;
201 edge_connection_t
*conn
= NULL
;
203 if (circ
->purpose
== CIRCUIT_PURPOSE_PATH_BIAS_TESTING
) {
204 pathbias_check_probe_response(circ
, cell
);
206 /* We need to drop this cell no matter what to avoid code that expects
207 * a certain purpose (such as the hidserv code). */
211 conn
= relay_lookup_conn(circ
, cell
, cell_direction
,
213 if (cell_direction
== CELL_DIRECTION_OUT
) {
214 ++stats_n_relay_cells_delivered
;
215 log_debug(LD_OR
,"Sending away from origin.");
216 if ((reason
=connection_edge_process_relay_cell(cell
, circ
, conn
, NULL
))
218 log_fn(LOG_PROTOCOL_WARN
, LD_PROTOCOL
,
219 "connection_edge_process_relay_cell (away from origin) "
224 if (cell_direction
== CELL_DIRECTION_IN
) {
225 ++stats_n_relay_cells_delivered
;
226 log_debug(LD_OR
,"Sending to origin.");
227 if ((reason
= connection_edge_process_relay_cell(cell
, circ
, conn
,
230 "connection_edge_process_relay_cell (at origin) failed.");
237 /* not recognized. pass it on. */
238 if (cell_direction
== CELL_DIRECTION_OUT
) {
239 cell
->circ_id
= circ
->n_circ_id
; /* switch it */
241 } else if (! CIRCUIT_IS_ORIGIN(circ
)) {
242 cell
->circ_id
= TO_OR_CIRCUIT(circ
)->p_circ_id
; /* switch it */
243 chan
= TO_OR_CIRCUIT(circ
)->p_chan
;
245 log_fn(LOG_PROTOCOL_WARN
, LD_OR
,
246 "Dropping unrecognized inbound cell on origin circuit.");
247 /* If we see unrecognized cells on path bias testing circs,
248 * it's bad mojo. Those circuits need to die.
249 * XXX: Shouldn't they always die? */
250 if (circ
->purpose
== CIRCUIT_PURPOSE_PATH_BIAS_TESTING
) {
251 TO_ORIGIN_CIRCUIT(circ
)->path_state
= PATH_STATE_USE_FAILED
;
252 return -END_CIRC_REASON_TORPROTOCOL
;
259 // XXXX Can this splice stuff be done more cleanly?
260 if (! CIRCUIT_IS_ORIGIN(circ
) &&
261 TO_OR_CIRCUIT(circ
)->rend_splice
&&
262 cell_direction
== CELL_DIRECTION_OUT
) {
263 or_circuit_t
*splice
= TO_OR_CIRCUIT(circ
)->rend_splice
;
264 tor_assert(circ
->purpose
== CIRCUIT_PURPOSE_REND_ESTABLISHED
);
265 tor_assert(splice
->base_
.purpose
== CIRCUIT_PURPOSE_REND_ESTABLISHED
);
266 cell
->circ_id
= splice
->p_circ_id
;
267 cell
->command
= CELL_RELAY
; /* can't be relay_early anyway */
268 if ((reason
= circuit_receive_relay_cell(cell
, TO_CIRCUIT(splice
),
269 CELL_DIRECTION_IN
)) < 0) {
270 log_warn(LD_REND
, "Error relaying cell across rendezvous; closing "
272 /* XXXX Do this here, or just return -1? */
273 circuit_mark_for_close(circ
, -reason
);
278 log_fn(LOG_PROTOCOL_WARN
, LD_PROTOCOL
,
279 "Didn't recognize cell, but circ stops here! Closing circ.");
280 return -END_CIRC_REASON_TORPROTOCOL
;
283 log_debug(LD_OR
,"Passing on unrecognized cell.");
285 ++stats_n_relay_cells_relayed
; /* XXXX no longer quite accurate {cells}
286 * we might kill the circ before we relay
289 append_cell_to_circuit_queue(circ
, chan
, cell
, cell_direction
, 0);
293 /** Do the appropriate en/decryptions for <b>cell</b> arriving on
294 * <b>circ</b> in direction <b>cell_direction</b>.
296 * If cell_direction == CELL_DIRECTION_IN:
297 * - If we're at the origin (we're the OP), for hops 1..N,
298 * decrypt cell. If recognized, stop.
299 * - Else (we're not the OP), encrypt one hop. Cell is not recognized.
301 * If cell_direction == CELL_DIRECTION_OUT:
302 * - decrypt one hop. Check if recognized.
304 * If cell is recognized, set *recognized to 1, and set
305 * *layer_hint to the hop that recognized it.
307 * Return -1 to indicate that we should mark the circuit for close,
311 relay_crypt(circuit_t
*circ
, cell_t
*cell
, cell_direction_t cell_direction
,
312 crypt_path_t
**layer_hint
, char *recognized
)
318 tor_assert(recognized
);
319 tor_assert(cell_direction
== CELL_DIRECTION_IN
||
320 cell_direction
== CELL_DIRECTION_OUT
);
322 if (cell_direction
== CELL_DIRECTION_IN
) {
323 if (CIRCUIT_IS_ORIGIN(circ
)) { /* We're at the beginning of the circuit.
324 * We'll want to do layered decrypts. */
325 crypt_path_t
*thishop
, *cpath
= TO_ORIGIN_CIRCUIT(circ
)->cpath
;
327 if (thishop
->state
!= CPATH_STATE_OPEN
) {
328 log_fn(LOG_PROTOCOL_WARN
, LD_PROTOCOL
,
329 "Relay cell before first created cell? Closing.");
332 do { /* Remember: cpath is in forward order, that is, first hop first. */
335 if (relay_crypt_one_payload(thishop
->b_crypto
, cell
->payload
, 0) < 0)
338 relay_header_unpack(&rh
, cell
->payload
);
339 if (rh
.recognized
== 0) {
340 /* it's possibly recognized. have to check digest to be sure. */
341 if (relay_digest_matches(thishop
->b_digest
, cell
)) {
343 *layer_hint
= thishop
;
348 thishop
= thishop
->next
;
349 } while (thishop
!= cpath
&& thishop
->state
== CPATH_STATE_OPEN
);
350 log_fn(LOG_PROTOCOL_WARN
, LD_OR
,
351 "Incoming cell at client not recognized. Closing.");
353 } else { /* we're in the middle. Just one crypt. */
354 if (relay_crypt_one_payload(TO_OR_CIRCUIT(circ
)->p_crypto
,
355 cell
->payload
, 1) < 0)
357 // log_fn(LOG_DEBUG,"Skipping recognized check, because we're not "
360 } else /* cell_direction == CELL_DIRECTION_OUT */ {
361 /* we're in the middle. Just one crypt. */
363 if (relay_crypt_one_payload(TO_OR_CIRCUIT(circ
)->n_crypto
,
364 cell
->payload
, 0) < 0)
367 relay_header_unpack(&rh
, cell
->payload
);
368 if (rh
.recognized
== 0) {
369 /* it's possibly recognized. have to check digest to be sure. */
370 if (relay_digest_matches(TO_OR_CIRCUIT(circ
)->n_digest
, cell
)) {
379 /** Package a relay cell from an edge:
380 * - Encrypt it to the right layer
381 * - Append it to the appropriate cell_queue on <b>circ</b>.
384 circuit_package_relay_cell(cell_t
*cell
, circuit_t
*circ
,
385 cell_direction_t cell_direction
,
386 crypt_path_t
*layer_hint
, streamid_t on_stream
,
387 const char *filename
, int lineno
)
389 channel_t
*chan
; /* where to send the cell */
391 if (cell_direction
== CELL_DIRECTION_OUT
) {
392 crypt_path_t
*thishop
; /* counter for repeated crypts */
395 log_warn(LD_BUG
,"outgoing relay cell sent from %s:%d has n_chan==NULL."
396 " Dropping.", filename
, lineno
);
397 return 0; /* just drop it */
399 if (!CIRCUIT_IS_ORIGIN(circ
)) {
400 log_warn(LD_BUG
,"outgoing relay cell sent from %s:%d on non-origin "
401 "circ. Dropping.", filename
, lineno
);
402 return 0; /* just drop it */
405 relay_set_digest(layer_hint
->f_digest
, cell
);
407 thishop
= layer_hint
;
408 /* moving from farthest to nearest hop */
411 /* XXXX RD This is a bug, right? */
412 log_debug(LD_OR
,"crypting a layer of the relay cell.");
413 if (relay_crypt_one_payload(thishop
->f_crypto
, cell
->payload
, 1) < 0) {
417 thishop
= thishop
->prev
;
418 } while (thishop
!= TO_ORIGIN_CIRCUIT(circ
)->cpath
->prev
);
420 } else { /* incoming cell */
421 or_circuit_t
*or_circ
;
422 if (CIRCUIT_IS_ORIGIN(circ
)) {
423 /* We should never package an _incoming_ cell from the circuit
424 * origin; that means we messed up somewhere. */
425 log_warn(LD_BUG
,"incoming relay cell at origin circuit. Dropping.");
426 assert_circuit_ok(circ
);
427 return 0; /* just drop it */
429 or_circ
= TO_OR_CIRCUIT(circ
);
430 chan
= or_circ
->p_chan
;
431 relay_set_digest(or_circ
->p_digest
, cell
);
432 if (relay_crypt_one_payload(or_circ
->p_crypto
, cell
->payload
, 1) < 0)
435 ++stats_n_relay_cells_relayed
;
437 append_cell_to_circuit_queue(circ
, chan
, cell
, cell_direction
, on_stream
);
441 /** If cell's stream_id matches the stream_id of any conn that's
442 * attached to circ, return that conn, else return NULL.
444 static edge_connection_t
*
445 relay_lookup_conn(circuit_t
*circ
, cell_t
*cell
,
446 cell_direction_t cell_direction
, crypt_path_t
*layer_hint
)
448 edge_connection_t
*tmpconn
;
451 relay_header_unpack(&rh
, cell
->payload
);
456 /* IN or OUT cells could have come from either direction, now
457 * that we allow rendezvous *to* an OP.
460 if (CIRCUIT_IS_ORIGIN(circ
)) {
461 for (tmpconn
= TO_ORIGIN_CIRCUIT(circ
)->p_streams
; tmpconn
;
462 tmpconn
=tmpconn
->next_stream
) {
463 if (rh
.stream_id
== tmpconn
->stream_id
&&
464 !tmpconn
->base_
.marked_for_close
&&
465 tmpconn
->cpath_layer
== layer_hint
) {
466 log_debug(LD_APP
,"found conn for stream %d.", rh
.stream_id
);
471 for (tmpconn
= TO_OR_CIRCUIT(circ
)->n_streams
; tmpconn
;
472 tmpconn
=tmpconn
->next_stream
) {
473 if (rh
.stream_id
== tmpconn
->stream_id
&&
474 !tmpconn
->base_
.marked_for_close
) {
475 log_debug(LD_EXIT
,"found conn for stream %d.", rh
.stream_id
);
476 if (cell_direction
== CELL_DIRECTION_OUT
||
477 connection_edge_is_rendezvous_stream(tmpconn
))
481 for (tmpconn
= TO_OR_CIRCUIT(circ
)->resolving_streams
; tmpconn
;
482 tmpconn
=tmpconn
->next_stream
) {
483 if (rh
.stream_id
== tmpconn
->stream_id
&&
484 !tmpconn
->base_
.marked_for_close
) {
485 log_debug(LD_EXIT
,"found conn for stream %d.", rh
.stream_id
);
490 return NULL
; /* probably a begin relay cell */
493 /** Pack the relay_header_t host-order structure <b>src</b> into
494 * network-order in the buffer <b>dest</b>. See tor-spec.txt for details
495 * about the wire format.
498 relay_header_pack(uint8_t *dest
, const relay_header_t
*src
)
500 set_uint8(dest
, src
->command
);
501 set_uint16(dest
+1, htons(src
->recognized
));
502 set_uint16(dest
+3, htons(src
->stream_id
));
503 memcpy(dest
+5, src
->integrity
, 4);
504 set_uint16(dest
+9, htons(src
->length
));
507 /** Unpack the network-order buffer <b>src</b> into a host-order
508 * relay_header_t structure <b>dest</b>.
511 relay_header_unpack(relay_header_t
*dest
, const uint8_t *src
)
513 dest
->command
= get_uint8(src
);
514 dest
->recognized
= ntohs(get_uint16(src
+1));
515 dest
->stream_id
= ntohs(get_uint16(src
+3));
516 memcpy(dest
->integrity
, src
+5, 4);
517 dest
->length
= ntohs(get_uint16(src
+9));
520 /** Convert the relay <b>command</b> into a human-readable string. */
522 relay_command_to_string(uint8_t command
)
525 case RELAY_COMMAND_BEGIN
: return "BEGIN";
526 case RELAY_COMMAND_DATA
: return "DATA";
527 case RELAY_COMMAND_END
: return "END";
528 case RELAY_COMMAND_CONNECTED
: return "CONNECTED";
529 case RELAY_COMMAND_SENDME
: return "SENDME";
530 case RELAY_COMMAND_EXTEND
: return "EXTEND";
531 case RELAY_COMMAND_EXTENDED
: return "EXTENDED";
532 case RELAY_COMMAND_TRUNCATE
: return "TRUNCATE";
533 case RELAY_COMMAND_TRUNCATED
: return "TRUNCATED";
534 case RELAY_COMMAND_DROP
: return "DROP";
535 case RELAY_COMMAND_RESOLVE
: return "RESOLVE";
536 case RELAY_COMMAND_RESOLVED
: return "RESOLVED";
537 case RELAY_COMMAND_BEGIN_DIR
: return "BEGIN_DIR";
538 case RELAY_COMMAND_ESTABLISH_INTRO
: return "ESTABLISH_INTRO";
539 case RELAY_COMMAND_ESTABLISH_RENDEZVOUS
: return "ESTABLISH_RENDEZVOUS";
540 case RELAY_COMMAND_INTRODUCE1
: return "INTRODUCE1";
541 case RELAY_COMMAND_INTRODUCE2
: return "INTRODUCE2";
542 case RELAY_COMMAND_RENDEZVOUS1
: return "RENDEZVOUS1";
543 case RELAY_COMMAND_RENDEZVOUS2
: return "RENDEZVOUS2";
544 case RELAY_COMMAND_INTRO_ESTABLISHED
: return "INTRO_ESTABLISHED";
545 case RELAY_COMMAND_RENDEZVOUS_ESTABLISHED
:
546 return "RENDEZVOUS_ESTABLISHED";
547 case RELAY_COMMAND_INTRODUCE_ACK
: return "INTRODUCE_ACK";
548 default: return "(unrecognized)";
552 /** Make a relay cell out of <b>relay_command</b> and <b>payload</b>, and send
553 * it onto the open circuit <b>circ</b>. <b>stream_id</b> is the ID on
554 * <b>circ</b> for the stream that's sending the relay cell, or 0 if it's a
555 * control cell. <b>cpath_layer</b> is NULL for OR->OP cells, or the
556 * destination hop for OP->OR cells.
558 * If you can't send the cell, mark the circuit for close and return -1. Else
562 relay_send_command_from_edge_(streamid_t stream_id
, circuit_t
*circ
,
563 uint8_t relay_command
, const char *payload
,
564 size_t payload_len
, crypt_path_t
*cpath_layer
,
565 const char *filename
, int lineno
)
569 cell_direction_t cell_direction
;
570 /* XXXX NM Split this function into a separate versions per circuit type? */
573 tor_assert(payload_len
<= RELAY_PAYLOAD_SIZE
);
575 memset(&cell
, 0, sizeof(cell_t
));
576 cell
.command
= CELL_RELAY
;
578 cell
.circ_id
= circ
->n_circ_id
;
579 cell_direction
= CELL_DIRECTION_OUT
;
580 } else if (! CIRCUIT_IS_ORIGIN(circ
)) {
581 cell
.circ_id
= TO_OR_CIRCUIT(circ
)->p_circ_id
;
582 cell_direction
= CELL_DIRECTION_IN
;
587 memset(&rh
, 0, sizeof(rh
));
588 rh
.command
= relay_command
;
589 rh
.stream_id
= stream_id
;
590 rh
.length
= payload_len
;
591 relay_header_pack(cell
.payload
, &rh
);
593 memcpy(cell
.payload
+RELAY_HEADER_SIZE
, payload
, payload_len
);
595 log_debug(LD_OR
,"delivering %d cell %s.", relay_command
,
596 cell_direction
== CELL_DIRECTION_OUT
? "forward" : "backward");
598 /* If we are sending an END cell and this circuit is used for a tunneled
599 * directory request, advance its state. */
600 if (relay_command
== RELAY_COMMAND_END
&& circ
->dirreq_id
)
601 geoip_change_dirreq_state(circ
->dirreq_id
, DIRREQ_TUNNELED
,
602 DIRREQ_END_CELL_SENT
);
604 if (cell_direction
== CELL_DIRECTION_OUT
&& circ
->n_chan
) {
605 /* if we're using relaybandwidthrate, this conn wants priority */
606 channel_timestamp_client(circ
->n_chan
);
609 if (cell_direction
== CELL_DIRECTION_OUT
) {
610 origin_circuit_t
*origin_circ
= TO_ORIGIN_CIRCUIT(circ
);
611 if (origin_circ
->remaining_relay_early_cells
> 0 &&
612 (relay_command
== RELAY_COMMAND_EXTEND
||
613 relay_command
== RELAY_COMMAND_EXTEND2
||
614 cpath_layer
!= origin_circ
->cpath
)) {
615 /* If we've got any relay_early cells left and (we're sending
616 * an extend cell or we're not talking to the first hop), use
617 * one of them. Don't worry about the conn protocol version:
618 * append_cell_to_circuit_queue will fix it up. */
619 cell
.command
= CELL_RELAY_EARLY
;
620 --origin_circ
->remaining_relay_early_cells
;
621 log_debug(LD_OR
, "Sending a RELAY_EARLY cell; %d remaining.",
622 (int)origin_circ
->remaining_relay_early_cells
);
623 /* Memorize the command that is sent as RELAY_EARLY cell; helps debug
625 origin_circ
->relay_early_commands
[
626 origin_circ
->relay_early_cells_sent
++] = relay_command
;
627 } else if (relay_command
== RELAY_COMMAND_EXTEND
||
628 relay_command
== RELAY_COMMAND_EXTEND2
) {
629 /* If no RELAY_EARLY cells can be sent over this circuit, log which
630 * commands have been sent as RELAY_EARLY cells before; helps debug
632 smartlist_t
*commands_list
= smartlist_new();
634 char *commands
= NULL
;
635 for (; i
< origin_circ
->relay_early_cells_sent
; i
++)
636 smartlist_add(commands_list
, (char *)
637 relay_command_to_string(origin_circ
->relay_early_commands
[i
]));
638 commands
= smartlist_join_strings(commands_list
, ",", 0, NULL
);
639 log_warn(LD_BUG
, "Uh-oh. We're sending a RELAY_COMMAND_EXTEND cell, "
640 "but we have run out of RELAY_EARLY cells on that circuit. "
641 "Commands sent before: %s", commands
);
643 smartlist_free(commands_list
);
647 if (circuit_package_relay_cell(&cell
, circ
, cell_direction
, cpath_layer
,
648 stream_id
, filename
, lineno
) < 0) {
649 log_warn(LD_BUG
,"circuit_package_relay_cell failed. Closing.");
650 circuit_mark_for_close(circ
, END_CIRC_REASON_INTERNAL
);
656 /** Make a relay cell out of <b>relay_command</b> and <b>payload</b>, and
657 * send it onto the open circuit <b>circ</b>. <b>fromconn</b> is the stream
658 * that's sending the relay cell, or NULL if it's a control cell.
659 * <b>cpath_layer</b> is NULL for OR->OP cells, or the destination hop
662 * If you can't send the cell, mark the circuit for close and
663 * return -1. Else return 0.
666 connection_edge_send_command(edge_connection_t
*fromconn
,
667 uint8_t relay_command
, const char *payload
,
670 /* XXXX NM Split this function into a separate versions per circuit type? */
672 crypt_path_t
*cpath_layer
= fromconn
->cpath_layer
;
673 tor_assert(fromconn
);
674 circ
= fromconn
->on_circuit
;
676 if (fromconn
->base_
.marked_for_close
) {
678 "called on conn that's already marked for close at %s:%d.",
679 fromconn
->base_
.marked_for_close_file
,
680 fromconn
->base_
.marked_for_close
);
685 if (fromconn
->base_
.type
== CONN_TYPE_AP
) {
686 log_info(LD_APP
,"no circ. Closing conn.");
687 connection_mark_unattached_ap(EDGE_TO_ENTRY_CONN(fromconn
),
688 END_STREAM_REASON_INTERNAL
);
690 log_info(LD_EXIT
,"no circ. Closing conn.");
691 fromconn
->edge_has_sent_end
= 1; /* no circ to send to */
692 fromconn
->end_reason
= END_STREAM_REASON_INTERNAL
;
693 connection_mark_for_close(TO_CONN(fromconn
));
698 return relay_send_command_from_edge(fromconn
->stream_id
, circ
,
699 relay_command
, payload
,
700 payload_len
, cpath_layer
);
703 /** How many times will I retry a stream that fails due to DNS
704 * resolve failure or misc error?
706 #define MAX_RESOLVE_FAILURES 3
708 /** Return 1 if reason is something that you should retry if you
709 * get the end cell before you've connected; else return 0. */
711 edge_reason_is_retriable(int reason
)
713 return reason
== END_STREAM_REASON_HIBERNATING
||
714 reason
== END_STREAM_REASON_RESOURCELIMIT
||
715 reason
== END_STREAM_REASON_EXITPOLICY
||
716 reason
== END_STREAM_REASON_RESOLVEFAILED
||
717 reason
== END_STREAM_REASON_MISC
||
718 reason
== END_STREAM_REASON_NOROUTE
;
721 /** Called when we receive an END cell on a stream that isn't open yet,
722 * from the client side.
723 * Arguments are as for connection_edge_process_relay_cell().
726 connection_ap_process_end_not_open(
727 relay_header_t
*rh
, cell_t
*cell
, origin_circuit_t
*circ
,
728 entry_connection_t
*conn
, crypt_path_t
*layer_hint
)
731 int reason
= *(cell
->payload
+RELAY_HEADER_SIZE
);
733 edge_connection_t
*edge_conn
= ENTRY_TO_EDGE_CONN(conn
);
734 (void) layer_hint
; /* unused */
736 if (rh
->length
> 0) {
737 if (reason
== END_STREAM_REASON_TORPROTOCOL
||
738 reason
== END_STREAM_REASON_DESTROY
) {
739 /* Both of these reasons could mean a failed tag
740 * hit the exit and it complained. Do not probe.
741 * Fail the circuit. */
742 circ
->path_state
= PATH_STATE_USE_FAILED
;
743 return -END_CIRC_REASON_TORPROTOCOL
;
744 } else if (reason
== END_STREAM_REASON_INTERNAL
) {
745 /* We can't infer success or failure, since older Tors report
746 * ENETUNREACH as END_STREAM_REASON_INTERNAL. */
748 /* Path bias: If we get a valid reason code from the exit,
749 * it wasn't due to tagging.
751 * We rely on recognized+digest being strong enough to make
752 * tags unlikely to allow us to get tagged, yet 'recognized'
753 * reason codes here. */
754 pathbias_mark_use_success(circ
);
758 if (rh
->length
== 0) {
759 reason
= END_STREAM_REASON_MISC
;
762 control_reason
= reason
| END_STREAM_REASON_FLAG_REMOTE
;
764 if (edge_reason_is_retriable(reason
) &&
765 /* avoid retry if rend */
766 !connection_edge_is_rendezvous_stream(edge_conn
)) {
767 const char *chosen_exit_digest
=
768 circ
->build_state
->chosen_exit
->identity_digest
;
769 log_info(LD_APP
,"Address '%s' refused due to '%s'. Considering retrying.",
770 safe_str(conn
->socks_request
->address
),
771 stream_end_reason_to_string(reason
));
772 exitrouter
= node_get_mutable_by_id(chosen_exit_digest
);
774 case END_STREAM_REASON_EXITPOLICY
: {
776 tor_addr_make_unspec(&addr
);
777 if (rh
->length
>= 5) {
779 tor_addr_make_unspec(&addr
);
780 if (rh
->length
== 5 || rh
->length
== 9) {
781 tor_addr_from_ipv4n(&addr
,
782 get_uint32(cell
->payload
+RELAY_HEADER_SIZE
+1));
784 ttl
= (int)ntohl(get_uint32(cell
->payload
+RELAY_HEADER_SIZE
+5));
785 } else if (rh
->length
== 17 || rh
->length
== 21) {
786 tor_addr_from_ipv6_bytes(&addr
,
787 (char*)(cell
->payload
+RELAY_HEADER_SIZE
+1));
788 if (rh
->length
== 21)
789 ttl
= (int)ntohl(get_uint32(cell
->payload
+RELAY_HEADER_SIZE
+17));
791 if (tor_addr_is_null(&addr
)) {
792 log_info(LD_APP
,"Address '%s' resolved to 0.0.0.0. Closing,",
793 safe_str(conn
->socks_request
->address
));
794 connection_mark_unattached_ap(conn
, END_STREAM_REASON_TORPROTOCOL
);
798 if ((tor_addr_family(&addr
) == AF_INET
&& !conn
->ipv4_traffic_ok
) ||
799 (tor_addr_family(&addr
) == AF_INET6
&& !conn
->ipv6_traffic_ok
)) {
800 log_fn(LOG_PROTOCOL_WARN
, LD_APP
,
801 "Got an EXITPOLICY failure on a connection with a "
802 "mismatched family. Closing.");
803 connection_mark_unattached_ap(conn
, END_STREAM_REASON_TORPROTOCOL
);
806 if (get_options()->ClientDNSRejectInternalAddresses
&&
807 tor_addr_is_internal(&addr
, 0)) {
808 log_info(LD_APP
,"Address '%s' resolved to internal. Closing,",
809 safe_str(conn
->socks_request
->address
));
810 connection_mark_unattached_ap(conn
, END_STREAM_REASON_TORPROTOCOL
);
814 client_dns_set_addressmap(conn
,
815 conn
->socks_request
->address
, &addr
,
816 conn
->chosen_exit_name
, ttl
);
819 char new_addr
[TOR_ADDR_BUF_LEN
];
820 tor_addr_to_str(new_addr
, &addr
, sizeof(new_addr
), 1);
821 if (strcmp(conn
->socks_request
->address
, new_addr
)) {
822 strlcpy(conn
->socks_request
->address
, new_addr
,
823 sizeof(conn
->socks_request
->address
));
824 control_event_stream_status(conn
, STREAM_EVENT_REMAP
, 0);
828 /* check if he *ought* to have allowed it */
830 adjust_exit_policy_from_exitpolicy_failure(circ
,
835 if (conn
->chosen_exit_optional
||
836 conn
->chosen_exit_retries
) {
837 /* stop wanting a specific exit */
838 conn
->chosen_exit_optional
= 0;
839 /* A non-zero chosen_exit_retries can happen if we set a
840 * TrackHostExits for this address under a port that the exit
841 * relay allows, but then try the same address with a different
842 * port that it doesn't allow to exit. We shouldn't unregister
843 * the mapping, since it is probably still wanted on the
844 * original port. But now we give away to the exit relay that
845 * we probably have a TrackHostExits on it. So be it. */
846 conn
->chosen_exit_retries
= 0;
847 tor_free(conn
->chosen_exit_name
); /* clears it */
849 if (connection_ap_detach_retriable(conn
, circ
, control_reason
) >= 0)
851 /* else, conn will get closed below */
854 case END_STREAM_REASON_CONNECTREFUSED
:
855 if (!conn
->chosen_exit_optional
)
856 break; /* break means it'll close, below */
857 /* Else fall through: expire this circuit, clear the
858 * chosen_exit_name field, and try again. */
859 case END_STREAM_REASON_RESOLVEFAILED
:
860 case END_STREAM_REASON_TIMEOUT
:
861 case END_STREAM_REASON_MISC
:
862 case END_STREAM_REASON_NOROUTE
:
863 if (client_dns_incr_failures(conn
->socks_request
->address
)
864 < MAX_RESOLVE_FAILURES
) {
865 /* We haven't retried too many times; reattach the connection. */
866 circuit_log_path(LOG_INFO
,LD_APP
,circ
);
867 /* Mark this circuit "unusable for new streams". */
868 mark_circuit_unusable_for_new_conns(circ
);
870 if (conn
->chosen_exit_optional
) {
871 /* stop wanting a specific exit */
872 conn
->chosen_exit_optional
= 0;
873 tor_free(conn
->chosen_exit_name
); /* clears it */
875 if (connection_ap_detach_retriable(conn
, circ
, control_reason
) >= 0)
877 /* else, conn will get closed below */
880 "Have tried resolving or connecting to address '%s' "
881 "at %d different places. Giving up.",
882 safe_str(conn
->socks_request
->address
),
883 MAX_RESOLVE_FAILURES
);
884 /* clear the failures, so it will have a full try next time */
885 client_dns_clear_failures(conn
->socks_request
->address
);
888 case END_STREAM_REASON_HIBERNATING
:
889 case END_STREAM_REASON_RESOURCELIMIT
:
891 policies_set_node_exitpolicy_to_reject_all(exitrouter
);
893 if (conn
->chosen_exit_optional
) {
894 /* stop wanting a specific exit */
895 conn
->chosen_exit_optional
= 0;
896 tor_free(conn
->chosen_exit_name
); /* clears it */
898 if (connection_ap_detach_retriable(conn
, circ
, control_reason
) >= 0)
900 /* else, will close below */
903 log_info(LD_APP
,"Giving up on retrying; conn can't be handled.");
907 "Edge got end (%s) before we're connected. Marking for close.",
908 stream_end_reason_to_string(rh
->length
> 0 ? reason
: -1));
909 circuit_log_path(LOG_INFO
,LD_APP
,circ
);
910 /* need to test because of detach_retriable */
911 if (!ENTRY_TO_CONN(conn
)->marked_for_close
)
912 connection_mark_unattached_ap(conn
, control_reason
);
916 /** Called when we have gotten an END_REASON_EXITPOLICY failure on <b>circ</b>
917 * for <b>conn</b>, while attempting to connect via <b>node</b>. If the node
918 * told us which address it rejected, then <b>addr</b> is that address;
919 * otherwise it is AF_UNSPEC.
921 * If we are sure the node should have allowed this address, mark the node as
922 * having a reject *:* exit policy. Otherwise, mark the circuit as unusable
923 * for this particular address.
926 adjust_exit_policy_from_exitpolicy_failure(origin_circuit_t
*circ
,
927 entry_connection_t
*conn
,
929 const tor_addr_t
*addr
)
931 int make_reject_all
= 0;
932 const sa_family_t family
= tor_addr_family(addr
);
936 int asked_for_family
= tor_addr_parse(&tmp
, conn
->socks_request
->address
);
937 if (family
== AF_UNSPEC
) {
939 } else if (node_exit_policy_is_exact(node
, family
) &&
940 asked_for_family
!= -1 && !conn
->chosen_exit_name
) {
944 if (make_reject_all
) {
946 "Exitrouter %s seems to be more restrictive than its exit "
947 "policy. Not using this router as exit for now.",
948 node_describe(node
));
949 policies_set_node_exitpolicy_to_reject_all(node
);
953 if (family
!= AF_UNSPEC
)
954 addr_policy_append_reject_addr(&circ
->prepend_policy
, addr
);
957 /** Helper: change the socks_request->address field on conn to the
958 * dotted-quad representation of <b>new_addr</b>,
959 * and send an appropriate REMAP event. */
961 remap_event_helper(entry_connection_t
*conn
, const tor_addr_t
*new_addr
)
963 tor_addr_to_str(conn
->socks_request
->address
, new_addr
,
964 sizeof(conn
->socks_request
->address
),
966 control_event_stream_status(conn
, STREAM_EVENT_REMAP
,
967 REMAP_STREAM_SOURCE_EXIT
);
970 /** Extract the contents of a connected cell in <b>cell</b>, whose relay
971 * header has already been parsed into <b>rh</b>. On success, set
972 * <b>addr_out</b> to the address we're connected to, and <b>ttl_out</b> to
973 * the ttl of that address, in seconds, and return 0. On failure, return
976 connected_cell_parse(const relay_header_t
*rh
, const cell_t
*cell
,
977 tor_addr_t
*addr_out
, int *ttl_out
)
980 const uint8_t *payload
= cell
->payload
+ RELAY_HEADER_SIZE
;
982 tor_addr_make_unspec(addr_out
);
988 bytes
= ntohl(get_uint32(payload
));
990 /* If bytes is 0, this is maybe a v6 address. Otherwise it's a v4 address */
993 tor_addr_from_ipv4h(addr_out
, bytes
);
994 if (rh
->length
>= 8) {
995 bytes
= ntohl(get_uint32(payload
+ 4));
996 if (bytes
<= INT32_MAX
)
1000 if (rh
->length
< 25) /* 4 bytes of 0s, 1 addr, 16 ipv4, 4 ttl. */
1002 if (get_uint8(payload
+ 4) != 6)
1004 tor_addr_from_ipv6_bytes(addr_out
, (char*)(payload
+ 5));
1005 bytes
= ntohl(get_uint32(payload
+ 21));
1006 if (bytes
<= INT32_MAX
)
1007 *ttl_out
= (int) bytes
;
1012 /** An incoming relay cell has arrived from circuit <b>circ</b> to
1013 * stream <b>conn</b>.
1015 * The arguments here are the same as in
1016 * connection_edge_process_relay_cell() below; this function is called
1017 * from there when <b>conn</b> is defined and not in an open state.
1020 connection_edge_process_relay_cell_not_open(
1021 relay_header_t
*rh
, cell_t
*cell
, circuit_t
*circ
,
1022 edge_connection_t
*conn
, crypt_path_t
*layer_hint
)
1024 if (rh
->command
== RELAY_COMMAND_END
) {
1025 if (CIRCUIT_IS_ORIGIN(circ
) && conn
->base_
.type
== CONN_TYPE_AP
) {
1026 return connection_ap_process_end_not_open(rh
, cell
,
1027 TO_ORIGIN_CIRCUIT(circ
),
1028 EDGE_TO_ENTRY_CONN(conn
),
1031 /* we just got an 'end', don't need to send one */
1032 conn
->edge_has_sent_end
= 1;
1033 conn
->end_reason
= *(cell
->payload
+RELAY_HEADER_SIZE
) |
1034 END_STREAM_REASON_FLAG_REMOTE
;
1035 connection_mark_for_close(TO_CONN(conn
));
1040 if (conn
->base_
.type
== CONN_TYPE_AP
&&
1041 rh
->command
== RELAY_COMMAND_CONNECTED
) {
1044 entry_connection_t
*entry_conn
= EDGE_TO_ENTRY_CONN(conn
);
1045 tor_assert(CIRCUIT_IS_ORIGIN(circ
));
1046 if (conn
->base_
.state
!= AP_CONN_STATE_CONNECT_WAIT
) {
1047 log_fn(LOG_PROTOCOL_WARN
, LD_APP
,
1048 "Got 'connected' while not in state connect_wait. Dropping.");
1051 conn
->base_
.state
= AP_CONN_STATE_OPEN
;
1052 log_info(LD_APP
,"'connected' received after %d seconds.",
1053 (int)(time(NULL
) - conn
->base_
.timestamp_lastread
));
1054 if (connected_cell_parse(rh
, cell
, &addr
, &ttl
) < 0) {
1055 log_fn(LOG_PROTOCOL_WARN
, LD_APP
,
1056 "Got a badly formatted connected cell. Closing.");
1057 connection_edge_end(conn
, END_STREAM_REASON_TORPROTOCOL
);
1058 connection_mark_unattached_ap(entry_conn
, END_STREAM_REASON_TORPROTOCOL
);
1060 if (tor_addr_family(&addr
) != AF_UNSPEC
) {
1061 const sa_family_t family
= tor_addr_family(&addr
);
1062 if (tor_addr_is_null(&addr
) ||
1063 (get_options()->ClientDNSRejectInternalAddresses
&&
1064 tor_addr_is_internal(&addr
, 0))) {
1065 log_info(LD_APP
, "...but it claims the IP address was %s. Closing.",
1067 connection_edge_end(conn
, END_STREAM_REASON_TORPROTOCOL
);
1068 connection_mark_unattached_ap(entry_conn
,
1069 END_STREAM_REASON_TORPROTOCOL
);
1073 if ((family
== AF_INET
&& ! entry_conn
->ipv4_traffic_ok
) ||
1074 (family
== AF_INET6
&& ! entry_conn
->ipv6_traffic_ok
)) {
1075 log_fn(LOG_PROTOCOL_WARN
, LD_APP
,
1076 "Got a connected cell to %s with unsupported address family."
1077 " Closing.", fmt_addr(&addr
));
1078 connection_edge_end(conn
, END_STREAM_REASON_TORPROTOCOL
);
1079 connection_mark_unattached_ap(entry_conn
,
1080 END_STREAM_REASON_TORPROTOCOL
);
1084 client_dns_set_addressmap(entry_conn
,
1085 entry_conn
->socks_request
->address
, &addr
,
1086 entry_conn
->chosen_exit_name
, ttl
);
1088 remap_event_helper(entry_conn
, &addr
);
1090 circuit_log_path(LOG_INFO
,LD_APP
,TO_ORIGIN_CIRCUIT(circ
));
1091 /* don't send a socks reply to transparent conns */
1092 tor_assert(entry_conn
->socks_request
!= NULL
);
1093 if (!entry_conn
->socks_request
->has_finished
)
1094 connection_ap_handshake_socks_reply(entry_conn
, NULL
, 0, 0);
1096 /* Was it a linked dir conn? If so, a dir request just started to
1097 * fetch something; this could be a bootstrap status milestone. */
1098 log_debug(LD_APP
, "considering");
1099 if (TO_CONN(conn
)->linked_conn
&&
1100 TO_CONN(conn
)->linked_conn
->type
== CONN_TYPE_DIR
) {
1101 connection_t
*dirconn
= TO_CONN(conn
)->linked_conn
;
1102 log_debug(LD_APP
, "it is! %d", dirconn
->purpose
);
1103 switch (dirconn
->purpose
) {
1104 case DIR_PURPOSE_FETCH_CERTIFICATE
:
1105 if (consensus_is_waiting_for_certs())
1106 control_event_bootstrap(BOOTSTRAP_STATUS_LOADING_KEYS
, 0);
1108 case DIR_PURPOSE_FETCH_CONSENSUS
:
1109 control_event_bootstrap(BOOTSTRAP_STATUS_LOADING_STATUS
, 0);
1111 case DIR_PURPOSE_FETCH_SERVERDESC
:
1112 case DIR_PURPOSE_FETCH_MICRODESC
:
1113 if (TO_DIR_CONN(dirconn
)->router_purpose
== ROUTER_PURPOSE_GENERAL
)
1114 control_event_bootstrap(BOOTSTRAP_STATUS_LOADING_DESCRIPTORS
,
1115 count_loading_descriptors_progress());
1119 /* This is definitely a success, so forget about any pending data we
1121 if (entry_conn
->pending_optimistic_data
) {
1122 generic_buffer_free(entry_conn
->pending_optimistic_data
);
1123 entry_conn
->pending_optimistic_data
= NULL
;
1126 /* handle anything that might have queued */
1127 if (connection_edge_package_raw_inbuf(conn
, 1, NULL
) < 0) {
1128 /* (We already sent an end cell if possible) */
1129 connection_mark_for_close(TO_CONN(conn
));
1134 if (conn
->base_
.type
== CONN_TYPE_AP
&&
1135 rh
->command
== RELAY_COMMAND_RESOLVED
) {
1138 uint8_t answer_type
;
1139 entry_connection_t
*entry_conn
= EDGE_TO_ENTRY_CONN(conn
);
1140 if (conn
->base_
.state
!= AP_CONN_STATE_RESOLVE_WAIT
) {
1141 log_fn(LOG_PROTOCOL_WARN
, LD_APP
, "Got a 'resolved' cell while "
1142 "not in state resolve_wait. Dropping.");
1145 tor_assert(SOCKS_COMMAND_IS_RESOLVE(entry_conn
->socks_request
->command
));
1146 answer_len
= cell
->payload
[RELAY_HEADER_SIZE
+1];
1147 if (rh
->length
< 2 || answer_len
+2>rh
->length
) {
1148 log_fn(LOG_PROTOCOL_WARN
, LD_PROTOCOL
,
1149 "Dropping malformed 'resolved' cell");
1150 connection_mark_unattached_ap(entry_conn
, END_STREAM_REASON_TORPROTOCOL
);
1153 answer_type
= cell
->payload
[RELAY_HEADER_SIZE
];
1154 if (rh
->length
>= answer_len
+6)
1155 ttl
= (int)ntohl(get_uint32(cell
->payload
+RELAY_HEADER_SIZE
+
1159 if (answer_type
== RESOLVED_TYPE_IPV4
||
1160 answer_type
== RESOLVED_TYPE_IPV6
) {
1162 if (decode_address_from_payload(&addr
, cell
->payload
+RELAY_HEADER_SIZE
,
1164 tor_addr_is_internal(&addr
, 0) &&
1165 get_options()->ClientDNSRejectInternalAddresses
) {
1166 log_info(LD_APP
,"Got a resolve with answer %s. Rejecting.",
1168 connection_ap_handshake_socks_resolved(entry_conn
,
1169 RESOLVED_TYPE_ERROR_TRANSIENT
,
1170 0, NULL
, 0, TIME_MAX
);
1171 connection_mark_unattached_ap(entry_conn
,
1172 END_STREAM_REASON_TORPROTOCOL
);
1176 connection_ap_handshake_socks_resolved(entry_conn
,
1178 cell
->payload
[RELAY_HEADER_SIZE
+1], /*answer_len*/
1179 cell
->payload
+RELAY_HEADER_SIZE
+2, /*answer*/
1182 if (answer_type
== RESOLVED_TYPE_IPV4
&& answer_len
== 4) {
1184 tor_addr_from_ipv4n(&addr
,
1185 get_uint32(cell
->payload
+RELAY_HEADER_SIZE
+2));
1186 remap_event_helper(entry_conn
, &addr
);
1187 } else if (answer_type
== RESOLVED_TYPE_IPV6
&& answer_len
== 16) {
1189 tor_addr_from_ipv6_bytes(&addr
,
1190 (char*)(cell
->payload
+RELAY_HEADER_SIZE
+2));
1191 remap_event_helper(entry_conn
, &addr
);
1193 connection_mark_unattached_ap(entry_conn
,
1194 END_STREAM_REASON_DONE
|
1195 END_STREAM_REASON_FLAG_ALREADY_SOCKS_REPLIED
);
1199 log_fn(LOG_PROTOCOL_WARN
, LD_PROTOCOL
,
1200 "Got an unexpected relay command %d, in state %d (%s). Dropping.",
1201 rh
->command
, conn
->base_
.state
,
1202 conn_state_to_string(conn
->base_
.type
, conn
->base_
.state
));
1203 return 0; /* for forward compatibility, don't kill the circuit */
1204 // connection_edge_end(conn, END_STREAM_REASON_TORPROTOCOL);
1205 // connection_mark_for_close(conn);
1209 /** An incoming relay cell has arrived on circuit <b>circ</b>. If
1210 * <b>conn</b> is NULL this is a control cell, else <b>cell</b> is
1211 * destined for <b>conn</b>.
1213 * If <b>layer_hint</b> is defined, then we're the origin of the
1214 * circuit, and it specifies the hop that packaged <b>cell</b>.
1216 * Return -reason if you want to warn and tear down the circuit, else 0.
1219 connection_edge_process_relay_cell(cell_t
*cell
, circuit_t
*circ
,
1220 edge_connection_t
*conn
,
1221 crypt_path_t
*layer_hint
)
1223 static int num_seen
=0;
1225 unsigned domain
= layer_hint
?LD_APP
:LD_EXIT
;
1227 int optimistic_data
= 0; /* Set to 1 if we receive data on a stream
1228 * that's in the EXIT_CONN_STATE_RESOLVING
1229 * or EXIT_CONN_STATE_CONNECTING states. */
1234 relay_header_unpack(&rh
, cell
->payload
);
1235 // log_fn(LOG_DEBUG,"command %d stream %d", rh.command, rh.stream_id);
1237 log_debug(domain
, "Now seen %d relay cells here (command %d, stream %d).",
1238 num_seen
, rh
.command
, rh
.stream_id
);
1240 if (rh
.length
> RELAY_PAYLOAD_SIZE
) {
1241 log_fn(LOG_PROTOCOL_WARN
, LD_PROTOCOL
,
1242 "Relay cell length field too long. Closing circuit.");
1243 return - END_CIRC_REASON_TORPROTOCOL
;
1246 if (rh
.stream_id
== 0) {
1247 switch (rh
.command
) {
1248 case RELAY_COMMAND_BEGIN
:
1249 case RELAY_COMMAND_CONNECTED
:
1250 case RELAY_COMMAND_DATA
:
1251 case RELAY_COMMAND_END
:
1252 case RELAY_COMMAND_RESOLVE
:
1253 case RELAY_COMMAND_RESOLVED
:
1254 case RELAY_COMMAND_BEGIN_DIR
:
1255 log_fn(LOG_PROTOCOL_WARN
, LD_PROTOCOL
, "Relay command %d with zero "
1256 "stream_id. Dropping.", (int)rh
.command
);
1263 /* either conn is NULL, in which case we've got a control cell, or else
1264 * conn points to the recognized stream. */
1266 if (conn
&& !connection_state_is_open(TO_CONN(conn
))) {
1267 if (conn
->base_
.type
== CONN_TYPE_EXIT
&&
1268 (conn
->base_
.state
== EXIT_CONN_STATE_CONNECTING
||
1269 conn
->base_
.state
== EXIT_CONN_STATE_RESOLVING
) &&
1270 rh
.command
== RELAY_COMMAND_DATA
) {
1271 /* Allow DATA cells to be delivered to an exit node in state
1272 * EXIT_CONN_STATE_CONNECTING or EXIT_CONN_STATE_RESOLVING.
1273 * This speeds up HTTP, for example. */
1274 optimistic_data
= 1;
1276 return connection_edge_process_relay_cell_not_open(
1277 &rh
, cell
, circ
, conn
, layer_hint
);
1281 switch (rh
.command
) {
1282 case RELAY_COMMAND_DROP
:
1283 // log_info(domain,"Got a relay-level padding cell. Dropping.");
1285 case RELAY_COMMAND_BEGIN
:
1286 case RELAY_COMMAND_BEGIN_DIR
:
1288 circ
->purpose
!= CIRCUIT_PURPOSE_S_REND_JOINED
) {
1289 log_fn(LOG_PROTOCOL_WARN
, LD_APP
,
1290 "Relay begin request unsupported at AP. Dropping.");
1293 if (circ
->purpose
== CIRCUIT_PURPOSE_S_REND_JOINED
&&
1294 layer_hint
!= TO_ORIGIN_CIRCUIT(circ
)->cpath
->prev
) {
1295 log_fn(LOG_PROTOCOL_WARN
, LD_APP
,
1296 "Relay begin request to Hidden Service "
1297 "from intermediary node. Dropping.");
1301 log_fn(LOG_PROTOCOL_WARN
, domain
,
1302 "Begin cell for known stream. Dropping.");
1305 if (rh
.command
== RELAY_COMMAND_BEGIN_DIR
) {
1306 /* Assign this circuit and its app-ward OR connection a unique ID,
1307 * so that we can measure download times. The local edge and dir
1308 * connection will be assigned the same ID when they are created
1310 static uint64_t next_id
= 0;
1311 circ
->dirreq_id
= ++next_id
;
1312 TO_OR_CIRCUIT(circ
)->p_chan
->dirreq_id
= circ
->dirreq_id
;
1315 return connection_exit_begin_conn(cell
, circ
);
1316 case RELAY_COMMAND_DATA
:
1317 ++stats_n_data_cells_received
;
1318 if (( layer_hint
&& --layer_hint
->deliver_window
< 0) ||
1319 (!layer_hint
&& --circ
->deliver_window
< 0)) {
1320 log_fn(LOG_PROTOCOL_WARN
, LD_PROTOCOL
,
1321 "(relay data) circ deliver_window below 0. Killing.");
1323 /* XXXX Do we actually need to do this? Will killing the circuit
1324 * not send an END and mark the stream for close as appropriate? */
1325 connection_edge_end(conn
, END_STREAM_REASON_TORPROTOCOL
);
1326 connection_mark_for_close(TO_CONN(conn
));
1328 return -END_CIRC_REASON_TORPROTOCOL
;
1330 log_debug(domain
,"circ deliver_window now %d.", layer_hint
?
1331 layer_hint
->deliver_window
: circ
->deliver_window
);
1333 circuit_consider_sending_sendme(circ
, layer_hint
);
1336 log_info(domain
,"data cell dropped, unknown stream (streamid %d).",
1341 if (--conn
->deliver_window
< 0) { /* is it below 0 after decrement? */
1342 log_fn(LOG_PROTOCOL_WARN
, LD_PROTOCOL
,
1343 "(relay data) conn deliver_window below 0. Killing.");
1344 return -END_CIRC_REASON_TORPROTOCOL
;
1347 stats_n_data_bytes_received
+= rh
.length
;
1348 connection_write_to_buf((char*)(cell
->payload
+ RELAY_HEADER_SIZE
),
1349 rh
.length
, TO_CONN(conn
));
1351 if (!optimistic_data
) {
1352 /* Only send a SENDME if we're not getting optimistic data; otherwise
1353 * a SENDME could arrive before the CONNECTED.
1355 connection_edge_consider_sending_sendme(conn
);
1359 case RELAY_COMMAND_END
:
1360 reason
= rh
.length
> 0 ?
1361 get_uint8(cell
->payload
+RELAY_HEADER_SIZE
) : END_STREAM_REASON_MISC
;
1363 log_info(domain
,"end cell (%s) dropped, unknown stream.",
1364 stream_end_reason_to_string(reason
));
1367 /* XXX add to this log_fn the exit node's nickname? */
1368 log_info(domain
,TOR_SOCKET_T_FORMAT
": end cell (%s) for stream %d. "
1371 stream_end_reason_to_string(reason
),
1373 if (conn
->base_
.type
== CONN_TYPE_AP
) {
1374 entry_connection_t
*entry_conn
= EDGE_TO_ENTRY_CONN(conn
);
1375 if (entry_conn
->socks_request
&&
1376 !entry_conn
->socks_request
->has_finished
)
1378 "open stream hasn't sent socks answer yet? Closing.");
1380 /* We just *got* an end; no reason to send one. */
1381 conn
->edge_has_sent_end
= 1;
1382 if (!conn
->end_reason
)
1383 conn
->end_reason
= reason
| END_STREAM_REASON_FLAG_REMOTE
;
1384 if (!conn
->base_
.marked_for_close
) {
1385 /* only mark it if not already marked. it's possible to
1386 * get the 'end' right around when the client hangs up on us. */
1387 connection_mark_and_flush(TO_CONN(conn
));
1390 case RELAY_COMMAND_EXTEND
:
1391 case RELAY_COMMAND_EXTEND2
: {
1392 static uint64_t total_n_extend
=0, total_nonearly
=0;
1395 log_fn(LOG_PROTOCOL_WARN
, domain
,
1396 "'extend' cell received for non-zero stream. Dropping.");
1399 if (cell
->command
!= CELL_RELAY_EARLY
&&
1400 !networkstatus_get_param(NULL
,"AllowNonearlyExtend",0,0,1)) {
1401 #define EARLY_WARNING_INTERVAL 3600
1402 static ratelim_t early_warning_limit
=
1403 RATELIM_INIT(EARLY_WARNING_INTERVAL
);
1405 if (cell
->command
== CELL_RELAY
) {
1407 if ((m
= rate_limit_log(&early_warning_limit
, approx_time()))) {
1408 double percentage
= ((double)total_nonearly
)/total_n_extend
;
1410 log_fn(LOG_PROTOCOL_WARN
, domain
, "EXTEND cell received, "
1411 "but not via RELAY_EARLY. Dropping.%s", m
);
1412 log_fn(LOG_PROTOCOL_WARN
, domain
, " (We have dropped %.02f%% of "
1413 "all EXTEND cells for this reason)", percentage
);
1417 log_fn(LOG_WARN
, domain
,
1418 "EXTEND cell received, in a cell with type %d! Dropping.",
1423 return circuit_extend(cell
, circ
);
1425 case RELAY_COMMAND_EXTENDED
:
1426 case RELAY_COMMAND_EXTENDED2
:
1428 log_fn(LOG_PROTOCOL_WARN
, LD_PROTOCOL
,
1429 "'extended' unsupported at non-origin. Dropping.");
1432 log_debug(domain
,"Got an extended cell! Yay.");
1434 extended_cell_t extended_cell
;
1435 if (extended_cell_parse(&extended_cell
, rh
.command
,
1436 (const uint8_t*)cell
->payload
+RELAY_HEADER_SIZE
,
1438 log_warn(LD_PROTOCOL
,
1439 "Can't parse EXTENDED cell; killing circuit.");
1440 return -END_CIRC_REASON_TORPROTOCOL
;
1442 if ((reason
= circuit_finish_handshake(TO_ORIGIN_CIRCUIT(circ
),
1443 &extended_cell
.created_cell
)) < 0) {
1444 log_warn(domain
,"circuit_finish_handshake failed.");
1448 if ((reason
=circuit_send_next_onion_skin(TO_ORIGIN_CIRCUIT(circ
)))<0) {
1449 log_info(domain
,"circuit_send_next_onion_skin() failed.");
1453 case RELAY_COMMAND_TRUNCATE
:
1455 log_fn(LOG_PROTOCOL_WARN
, LD_APP
,
1456 "'truncate' unsupported at origin. Dropping.");
1461 log_warn(LD_BUG
, "n_chan and n_hop set on the same circuit!");
1462 extend_info_free(circ
->n_hop
);
1464 tor_free(circ
->n_chan_create_cell
);
1465 circuit_set_state(circ
, CIRCUIT_STATE_OPEN
);
1468 uint8_t trunc_reason
= get_uint8(cell
->payload
+ RELAY_HEADER_SIZE
);
1469 circuit_clear_cell_queue(circ
, circ
->n_chan
);
1470 channel_send_destroy(circ
->n_circ_id
, circ
->n_chan
,
1472 circuit_set_n_circid_chan(circ
, 0, NULL
);
1474 log_debug(LD_EXIT
, "Processed 'truncate', replying.");
1477 payload
[0] = (char)END_CIRC_REASON_REQUESTED
;
1478 relay_send_command_from_edge(0, circ
, RELAY_COMMAND_TRUNCATED
,
1479 payload
, sizeof(payload
), NULL
);
1482 case RELAY_COMMAND_TRUNCATED
:
1484 log_fn(LOG_PROTOCOL_WARN
, LD_EXIT
,
1485 "'truncated' unsupported at non-origin. Dropping.");
1488 circuit_truncated(TO_ORIGIN_CIRCUIT(circ
), layer_hint
,
1489 get_uint8(cell
->payload
+ RELAY_HEADER_SIZE
));
1491 case RELAY_COMMAND_CONNECTED
:
1493 log_fn(LOG_PROTOCOL_WARN
, LD_PROTOCOL
,
1494 "'connected' unsupported while open. Closing circ.");
1495 return -END_CIRC_REASON_TORPROTOCOL
;
1498 "'connected' received, no conn attached anymore. Ignoring.");
1500 case RELAY_COMMAND_SENDME
:
1501 if (!rh
.stream_id
) {
1503 if (layer_hint
->package_window
+ CIRCWINDOW_INCREMENT
>
1504 CIRCWINDOW_START_MAX
) {
1505 static struct ratelim_t exit_warn_ratelim
= RATELIM_INIT(600);
1506 log_fn_ratelim(&exit_warn_ratelim
, LOG_WARN
, LD_PROTOCOL
,
1507 "Unexpected sendme cell from exit relay. "
1509 return -END_CIRC_REASON_TORPROTOCOL
;
1511 layer_hint
->package_window
+= CIRCWINDOW_INCREMENT
;
1512 log_debug(LD_APP
,"circ-level sendme at origin, packagewindow %d.",
1513 layer_hint
->package_window
);
1514 circuit_resume_edge_reading(circ
, layer_hint
);
1516 if (circ
->package_window
+ CIRCWINDOW_INCREMENT
>
1517 CIRCWINDOW_START_MAX
) {
1518 static struct ratelim_t client_warn_ratelim
= RATELIM_INIT(600);
1519 log_fn_ratelim(&client_warn_ratelim
, LOG_WARN
, LD_PROTOCOL
,
1520 "Unexpected sendme cell from client. "
1521 "Closing circ (window %d).",
1522 circ
->package_window
);
1523 return -END_CIRC_REASON_TORPROTOCOL
;
1525 circ
->package_window
+= CIRCWINDOW_INCREMENT
;
1527 "circ-level sendme at non-origin, packagewindow %d.",
1528 circ
->package_window
);
1529 circuit_resume_edge_reading(circ
, layer_hint
);
1534 log_info(domain
,"sendme cell dropped, unknown stream (streamid %d).",
1538 conn
->package_window
+= STREAMWINDOW_INCREMENT
;
1539 log_debug(domain
,"stream-level sendme, packagewindow now %d.",
1540 conn
->package_window
);
1541 if (circuit_queue_streams_are_blocked(circ
)) {
1542 /* Still waiting for queue to flush; don't touch conn */
1545 connection_start_reading(TO_CONN(conn
));
1546 /* handle whatever might still be on the inbuf */
1547 if (connection_edge_package_raw_inbuf(conn
, 1, NULL
) < 0) {
1548 /* (We already sent an end cell if possible) */
1549 connection_mark_for_close(TO_CONN(conn
));
1553 case RELAY_COMMAND_RESOLVE
:
1555 log_fn(LOG_PROTOCOL_WARN
, LD_APP
,
1556 "resolve request unsupported at AP; dropping.");
1559 log_fn(LOG_PROTOCOL_WARN
, domain
,
1560 "resolve request for known stream; dropping.");
1562 } else if (circ
->purpose
!= CIRCUIT_PURPOSE_OR
) {
1563 log_fn(LOG_PROTOCOL_WARN
, domain
,
1564 "resolve request on circ with purpose %d; dropping",
1568 connection_exit_begin_resolve(cell
, TO_OR_CIRCUIT(circ
));
1570 case RELAY_COMMAND_RESOLVED
:
1572 log_fn(LOG_PROTOCOL_WARN
, domain
,
1573 "'resolved' unsupported while open. Closing circ.");
1574 return -END_CIRC_REASON_TORPROTOCOL
;
1577 "'resolved' received, no conn attached anymore. Ignoring.");
1579 case RELAY_COMMAND_ESTABLISH_INTRO
:
1580 case RELAY_COMMAND_ESTABLISH_RENDEZVOUS
:
1581 case RELAY_COMMAND_INTRODUCE1
:
1582 case RELAY_COMMAND_INTRODUCE2
:
1583 case RELAY_COMMAND_INTRODUCE_ACK
:
1584 case RELAY_COMMAND_RENDEZVOUS1
:
1585 case RELAY_COMMAND_RENDEZVOUS2
:
1586 case RELAY_COMMAND_INTRO_ESTABLISHED
:
1587 case RELAY_COMMAND_RENDEZVOUS_ESTABLISHED
:
1588 rend_process_relay_cell(circ
, layer_hint
,
1589 rh
.command
, rh
.length
,
1590 cell
->payload
+RELAY_HEADER_SIZE
);
1593 log_fn(LOG_PROTOCOL_WARN
, LD_PROTOCOL
,
1594 "Received unknown relay command %d. Perhaps the other side is using "
1595 "a newer version of Tor? Dropping.",
1597 return 0; /* for forward compatibility, don't kill the circuit */
1600 /** How many relay_data cells have we built, ever? */
1601 uint64_t stats_n_data_cells_packaged
= 0;
1602 /** How many bytes of data have we put in relay_data cells have we built,
1603 * ever? This would be RELAY_PAYLOAD_SIZE*stats_n_data_cells_packaged if
1604 * every relay cell we ever sent were completely full of data. */
1605 uint64_t stats_n_data_bytes_packaged
= 0;
1606 /** How many relay_data cells have we received, ever? */
1607 uint64_t stats_n_data_cells_received
= 0;
1608 /** How many bytes of data have we received relay_data cells, ever? This would
1609 * be RELAY_PAYLOAD_SIZE*stats_n_data_cells_packaged if every relay cell we
1610 * ever received were completely full of data. */
1611 uint64_t stats_n_data_bytes_received
= 0;
1613 /** If <b>conn</b> has an entire relay payload of bytes on its inbuf (or
1614 * <b>package_partial</b> is true), and the appropriate package windows aren't
1615 * empty, grab a cell and send it down the circuit.
1617 * If *<b>max_cells</b> is given, package no more than max_cells. Decrement
1618 * *<b>max_cells</b> by the number of cells packaged.
1620 * Return -1 (and send a RELAY_COMMAND_END cell if necessary) if conn should
1621 * be marked for close, else return 0.
1624 connection_edge_package_raw_inbuf(edge_connection_t
*conn
, int package_partial
,
1627 size_t bytes_to_process
, length
;
1628 char payload
[CELL_PAYLOAD_SIZE
];
1630 const unsigned domain
= conn
->base_
.type
== CONN_TYPE_AP
? LD_APP
: LD_EXIT
;
1631 int sending_from_optimistic
= 0;
1632 entry_connection_t
*entry_conn
=
1633 conn
->base_
.type
== CONN_TYPE_AP
? EDGE_TO_ENTRY_CONN(conn
) : NULL
;
1634 const int sending_optimistically
=
1636 conn
->base_
.type
== CONN_TYPE_AP
&&
1637 conn
->base_
.state
!= AP_CONN_STATE_OPEN
;
1638 crypt_path_t
*cpath_layer
= conn
->cpath_layer
;
1642 if (conn
->base_
.marked_for_close
) {
1644 "called on conn that's already marked for close at %s:%d.",
1645 conn
->base_
.marked_for_close_file
, conn
->base_
.marked_for_close
);
1649 if (max_cells
&& *max_cells
<= 0)
1652 repeat_connection_edge_package_raw_inbuf
:
1654 circ
= circuit_get_by_edge_conn(conn
);
1656 log_info(domain
,"conn has no circuit! Closing.");
1657 conn
->end_reason
= END_STREAM_REASON_CANT_ATTACH
;
1661 if (circuit_consider_stop_edge_reading(circ
, cpath_layer
))
1664 if (conn
->package_window
<= 0) {
1665 log_info(domain
,"called with package_window %d. Skipping.",
1666 conn
->package_window
);
1667 connection_stop_reading(TO_CONN(conn
));
1671 sending_from_optimistic
= entry_conn
&&
1672 entry_conn
->sending_optimistic_data
!= NULL
;
1674 if (PREDICT_UNLIKELY(sending_from_optimistic
)) {
1675 bytes_to_process
= generic_buffer_len(entry_conn
->sending_optimistic_data
);
1676 if (PREDICT_UNLIKELY(!bytes_to_process
)) {
1677 log_warn(LD_BUG
, "sending_optimistic_data was non-NULL but empty");
1678 bytes_to_process
= connection_get_inbuf_len(TO_CONN(conn
));
1679 sending_from_optimistic
= 0;
1682 bytes_to_process
= connection_get_inbuf_len(TO_CONN(conn
));
1685 if (!bytes_to_process
)
1688 if (!package_partial
&& bytes_to_process
< RELAY_PAYLOAD_SIZE
)
1691 if (bytes_to_process
> RELAY_PAYLOAD_SIZE
) {
1692 length
= RELAY_PAYLOAD_SIZE
;
1694 length
= bytes_to_process
;
1696 stats_n_data_bytes_packaged
+= length
;
1697 stats_n_data_cells_packaged
+= 1;
1699 if (PREDICT_UNLIKELY(sending_from_optimistic
)) {
1700 /* XXXX We could be more efficient here by sometimes packing
1701 * previously-sent optimistic data in the same cell with data
1702 * from the inbuf. */
1703 generic_buffer_get(entry_conn
->sending_optimistic_data
, payload
, length
);
1704 if (!generic_buffer_len(entry_conn
->sending_optimistic_data
)) {
1705 generic_buffer_free(entry_conn
->sending_optimistic_data
);
1706 entry_conn
->sending_optimistic_data
= NULL
;
1709 connection_fetch_from_buf(payload
, length
, TO_CONN(conn
));
1712 log_debug(domain
,TOR_SOCKET_T_FORMAT
": Packaging %d bytes (%d waiting).",
1714 (int)length
, (int)connection_get_inbuf_len(TO_CONN(conn
)));
1716 if (sending_optimistically
&& !sending_from_optimistic
) {
1717 /* This is new optimistic data; remember it in case we need to detach and
1719 if (!entry_conn
->pending_optimistic_data
)
1720 entry_conn
->pending_optimistic_data
= generic_buffer_new();
1721 generic_buffer_add(entry_conn
->pending_optimistic_data
, payload
, length
);
1724 if (connection_edge_send_command(conn
, RELAY_COMMAND_DATA
,
1725 payload
, length
) < 0 )
1726 /* circuit got marked for close, don't continue, don't need to mark conn */
1729 if (!cpath_layer
) { /* non-rendezvous exit */
1730 tor_assert(circ
->package_window
> 0);
1731 circ
->package_window
--;
1732 } else { /* we're an AP, or an exit on a rendezvous circ */
1733 tor_assert(cpath_layer
->package_window
> 0);
1734 cpath_layer
->package_window
--;
1737 if (--conn
->package_window
<= 0) { /* is it 0 after decrement? */
1738 connection_stop_reading(TO_CONN(conn
));
1739 log_debug(domain
,"conn->package_window reached 0.");
1740 circuit_consider_stop_edge_reading(circ
, cpath_layer
);
1741 return 0; /* don't process the inbuf any more */
1743 log_debug(domain
,"conn->package_window is now %d",conn
->package_window
);
1747 if (*max_cells
<= 0)
1751 /* handle more if there's more, or return 0 if there isn't */
1752 goto repeat_connection_edge_package_raw_inbuf
;
1755 /** Called when we've just received a relay data cell, when
1756 * we've just finished flushing all bytes to stream <b>conn</b>,
1757 * or when we've flushed *some* bytes to the stream <b>conn</b>.
1759 * If conn->outbuf is not too full, and our deliver window is
1760 * low, send back a suitable number of stream-level sendme cells.
1763 connection_edge_consider_sending_sendme(edge_connection_t
*conn
)
1767 if (connection_outbuf_too_full(TO_CONN(conn
)))
1770 circ
= circuit_get_by_edge_conn(conn
);
1772 /* this can legitimately happen if the destroy has already
1773 * arrived and torn down the circuit */
1774 log_info(LD_APP
,"No circuit associated with conn. Skipping.");
1778 while (conn
->deliver_window
<= STREAMWINDOW_START
- STREAMWINDOW_INCREMENT
) {
1779 log_debug(conn
->base_
.type
== CONN_TYPE_AP
?LD_APP
:LD_EXIT
,
1780 "Outbuf %d, Queuing stream sendme.",
1781 (int)conn
->base_
.outbuf_flushlen
);
1782 conn
->deliver_window
+= STREAMWINDOW_INCREMENT
;
1783 if (connection_edge_send_command(conn
, RELAY_COMMAND_SENDME
,
1785 log_warn(LD_APP
,"connection_edge_send_command failed. Skipping.");
1786 return; /* the circuit's closed, don't continue */
1791 /** The circuit <b>circ</b> has received a circuit-level sendme
1792 * (on hop <b>layer_hint</b>, if we're the OP). Go through all the
1793 * attached streams and let them resume reading and packaging, if
1794 * their stream windows allow it.
1797 circuit_resume_edge_reading(circuit_t
*circ
, crypt_path_t
*layer_hint
)
1799 if (circuit_queue_streams_are_blocked(circ
)) {
1800 log_debug(layer_hint
?LD_APP
:LD_EXIT
,"Too big queue, no resuming");
1803 log_debug(layer_hint
?LD_APP
:LD_EXIT
,"resuming");
1805 if (CIRCUIT_IS_ORIGIN(circ
))
1806 circuit_resume_edge_reading_helper(TO_ORIGIN_CIRCUIT(circ
)->p_streams
,
1809 circuit_resume_edge_reading_helper(TO_OR_CIRCUIT(circ
)->n_streams
,
1814 stream_choice_seed_weak_rng(void)
1816 crypto_seed_weak_rng(&stream_choice_rng
);
1819 /** A helper function for circuit_resume_edge_reading() above.
1820 * The arguments are the same, except that <b>conn</b> is the head
1821 * of a linked list of edge streams that should each be considered.
1824 circuit_resume_edge_reading_helper(edge_connection_t
*first_conn
,
1826 crypt_path_t
*layer_hint
)
1828 edge_connection_t
*conn
;
1829 int n_packaging_streams
, n_streams_left
;
1830 int packaged_this_round
;
1833 edge_connection_t
*chosen_stream
= NULL
;
1836 if (first_conn
== NULL
) {
1837 /* Don't bother to try to do the rest of this if there are no connections
1842 /* How many cells do we have space for? It will be the minimum of
1843 * the number needed to exhaust the package window, and the minimum
1844 * needed to fill the cell queue. */
1845 max_to_package
= circ
->package_window
;
1846 if (CIRCUIT_IS_ORIGIN(circ
)) {
1847 cells_on_queue
= circ
->n_chan_cells
.n
;
1849 or_circuit_t
*or_circ
= TO_OR_CIRCUIT(circ
);
1850 cells_on_queue
= or_circ
->p_chan_cells
.n
;
1852 if (CELL_QUEUE_HIGHWATER_SIZE
- cells_on_queue
< max_to_package
)
1853 max_to_package
= CELL_QUEUE_HIGHWATER_SIZE
- cells_on_queue
;
1855 /* Once we used to start listening on the streams in the order they
1856 * appeared in the linked list. That leads to starvation on the
1857 * streams that appeared later on the list, since the first streams
1858 * would always get to read first. Instead, we just pick a random
1859 * stream on the list, and enable reading for streams starting at that
1860 * point (and wrapping around as if the list were circular). It would
1861 * probably be better to actually remember which streams we've
1862 * serviced in the past, but this is simple and effective. */
1864 /* Select a stream uniformly at random from the linked list. We
1865 * don't need cryptographic randomness here. */
1867 int num_streams
= 0;
1868 for (conn
= first_conn
; conn
; conn
= conn
->next_stream
) {
1870 if (tor_weak_random_one_in_n(&stream_choice_rng
, num_streams
)) {
1871 chosen_stream
= conn
;
1873 /* Invariant: chosen_stream has been chosen uniformly at random from
1874 * among the first num_streams streams on first_conn.
1876 * (Note that we iterate over every stream on the circuit, so that after
1877 * we've considered the first stream, we've chosen it with P=1; and
1878 * after we consider the second stream, we've switched to it with P=1/2
1879 * and stayed with the first stream with P=1/2; and after we've
1880 * considered the third stream, we've switched to it with P=1/3 and
1881 * remained with one of the first two streams with P=(2/3), giving each
1882 * one P=(1/2)(2/3) )=(1/3).) */
1886 /* Count how many non-marked streams there are that have anything on
1887 * their inbuf, and enable reading on all of the connections. */
1888 n_packaging_streams
= 0;
1889 /* Activate reading starting from the chosen stream */
1890 for (conn
=chosen_stream
; conn
; conn
= conn
->next_stream
) {
1891 /* Start reading for the streams starting from here */
1892 if (conn
->base_
.marked_for_close
|| conn
->package_window
<= 0)
1894 if (!layer_hint
|| conn
->cpath_layer
== layer_hint
) {
1895 connection_start_reading(TO_CONN(conn
));
1897 if (connection_get_inbuf_len(TO_CONN(conn
)) > 0)
1898 ++n_packaging_streams
;
1901 /* Go back and do the ones we skipped, circular-style */
1902 for (conn
= first_conn
; conn
!= chosen_stream
; conn
= conn
->next_stream
) {
1903 if (conn
->base_
.marked_for_close
|| conn
->package_window
<= 0)
1905 if (!layer_hint
|| conn
->cpath_layer
== layer_hint
) {
1906 connection_start_reading(TO_CONN(conn
));
1908 if (connection_get_inbuf_len(TO_CONN(conn
)) > 0)
1909 ++n_packaging_streams
;
1913 if (n_packaging_streams
== 0) /* avoid divide-by-zero */
1918 cells_per_conn
= CEIL_DIV(max_to_package
, n_packaging_streams
);
1920 packaged_this_round
= 0;
1923 /* Iterate over all connections. Package up to cells_per_conn cells on
1924 * each. Update packaged_this_round with the total number of cells
1925 * packaged, and n_streams_left with the number that still have data to
1928 for (conn
=first_conn
; conn
; conn
=conn
->next_stream
) {
1929 if (conn
->base_
.marked_for_close
|| conn
->package_window
<= 0)
1931 if (!layer_hint
|| conn
->cpath_layer
== layer_hint
) {
1932 int n
= cells_per_conn
, r
;
1933 /* handle whatever might still be on the inbuf */
1934 r
= connection_edge_package_raw_inbuf(conn
, 1, &n
);
1936 /* Note how many we packaged */
1937 packaged_this_round
+= (cells_per_conn
-n
);
1940 /* Problem while packaging. (We already sent an end cell if
1942 connection_mark_for_close(TO_CONN(conn
));
1946 /* If there's still data to read, we'll be coming back to this stream. */
1947 if (connection_get_inbuf_len(TO_CONN(conn
)))
1950 /* If the circuit won't accept any more data, return without looking
1951 * at any more of the streams. Any connections that should be stopped
1952 * have already been stopped by connection_edge_package_raw_inbuf. */
1953 if (circuit_consider_stop_edge_reading(circ
, layer_hint
))
1955 /* XXXX should we also stop immediately if we fill up the cell queue?
1960 /* If we made progress, and we are willing to package more, and there are
1961 * any streams left that want to package stuff... try again!
1963 if (packaged_this_round
&& packaged_this_round
< max_to_package
&&
1965 max_to_package
-= packaged_this_round
;
1966 n_packaging_streams
= n_streams_left
;
1973 /** Check if the package window for <b>circ</b> is empty (at
1974 * hop <b>layer_hint</b> if it's defined).
1976 * If yes, tell edge streams to stop reading and return 1.
1980 circuit_consider_stop_edge_reading(circuit_t
*circ
, crypt_path_t
*layer_hint
)
1982 edge_connection_t
*conn
= NULL
;
1983 unsigned domain
= layer_hint
? LD_APP
: LD_EXIT
;
1986 or_circuit_t
*or_circ
= TO_OR_CIRCUIT(circ
);
1987 log_debug(domain
,"considering circ->package_window %d",
1988 circ
->package_window
);
1989 if (circ
->package_window
<= 0) {
1990 log_debug(domain
,"yes, not-at-origin. stopped.");
1991 for (conn
= or_circ
->n_streams
; conn
; conn
=conn
->next_stream
)
1992 connection_stop_reading(TO_CONN(conn
));
1997 /* else, layer hint is defined, use it */
1998 log_debug(domain
,"considering layer_hint->package_window %d",
1999 layer_hint
->package_window
);
2000 if (layer_hint
->package_window
<= 0) {
2001 log_debug(domain
,"yes, at-origin. stopped.");
2002 for (conn
= TO_ORIGIN_CIRCUIT(circ
)->p_streams
; conn
;
2003 conn
=conn
->next_stream
) {
2004 if (conn
->cpath_layer
== layer_hint
)
2005 connection_stop_reading(TO_CONN(conn
));
2012 /** Check if the deliver_window for circuit <b>circ</b> (at hop
2013 * <b>layer_hint</b> if it's defined) is low enough that we should
2014 * send a circuit-level sendme back down the circuit. If so, send
2015 * enough sendmes that the window would be overfull if we sent any
2019 circuit_consider_sending_sendme(circuit_t
*circ
, crypt_path_t
*layer_hint
)
2021 // log_fn(LOG_INFO,"Considering: layer_hint is %s",
2022 // layer_hint ? "defined" : "null");
2023 while ((layer_hint
? layer_hint
->deliver_window
: circ
->deliver_window
) <=
2024 CIRCWINDOW_START
- CIRCWINDOW_INCREMENT
) {
2025 log_debug(LD_CIRC
,"Queuing circuit sendme.");
2027 layer_hint
->deliver_window
+= CIRCWINDOW_INCREMENT
;
2029 circ
->deliver_window
+= CIRCWINDOW_INCREMENT
;
2030 if (relay_send_command_from_edge(0, circ
, RELAY_COMMAND_SENDME
,
2031 NULL
, 0, layer_hint
) < 0) {
2033 "relay_send_command_from_edge failed. Circuit's closed.");
2034 return; /* the circuit's closed, don't continue */
2039 #ifdef ACTIVE_CIRCUITS_PARANOIA
2040 #define assert_cmux_ok_paranoid(chan) \
2041 assert_circuit_mux_okay(chan)
2043 #define assert_cmux_ok_paranoid(chan)
2046 /** The total number of cells we have allocated from the memory pool. */
2047 static size_t total_cells_allocated
= 0;
2049 /** A memory pool to allocate packed_cell_t objects. */
2050 static mp_pool_t
*cell_pool
= NULL
;
2052 /** Allocate structures to hold cells. */
2054 init_cell_pool(void)
2056 tor_assert(!cell_pool
);
2057 cell_pool
= mp_pool_new(sizeof(packed_cell_t
), 128*1024);
2060 /** Free all storage used to hold cells (and insertion times/commands if we
2061 * measure cell statistics and/or if CELL_STATS events are enabled). */
2063 free_cell_pool(void)
2065 /* Maybe we haven't called init_cell_pool yet; need to check for it. */
2067 mp_pool_destroy(cell_pool
);
2072 /** Free excess storage in cell pool. */
2074 clean_cell_pool(void)
2076 tor_assert(cell_pool
);
2077 mp_pool_clean(cell_pool
, 0, 1);
2080 /** Release storage held by <b>cell</b>. */
2082 packed_cell_free_unchecked(packed_cell_t
*cell
)
2084 --total_cells_allocated
;
2085 mp_pool_release(cell
);
2088 /** Allocate and return a new packed_cell_t. */
2089 STATIC packed_cell_t
*
2090 packed_cell_new(void)
2092 ++total_cells_allocated
;
2093 return mp_pool_get(cell_pool
);
2096 /** Return a packed cell used outside by channel_t lower layer */
2098 packed_cell_free(packed_cell_t
*cell
)
2102 packed_cell_free_unchecked(cell
);
2105 /** Log current statistics for cell pool allocation at log level
2106 * <b>severity</b>. */
2108 dump_cell_pool_usage(int severity
)
2113 TOR_LIST_FOREACH(c
, circuit_get_global_list(), head
) {
2114 n_cells
+= c
->n_chan_cells
.n
;
2115 if (!CIRCUIT_IS_ORIGIN(c
))
2116 n_cells
+= TO_OR_CIRCUIT(c
)->p_chan_cells
.n
;
2119 tor_log(severity
, LD_MM
,
2120 "%d cells allocated on %d circuits. %d cells leaked.",
2121 n_cells
, n_circs
, (int)total_cells_allocated
- n_cells
);
2122 mp_pool_log_status(cell_pool
, severity
);
2125 /** Allocate a new copy of packed <b>cell</b>. */
2126 static INLINE packed_cell_t
*
2127 packed_cell_copy(const cell_t
*cell
, int wide_circ_ids
)
2129 packed_cell_t
*c
= packed_cell_new();
2130 cell_pack(c
, cell
, wide_circ_ids
);
2134 /** Append <b>cell</b> to the end of <b>queue</b>. */
2136 cell_queue_append(cell_queue_t
*queue
, packed_cell_t
*cell
)
2138 TOR_SIMPLEQ_INSERT_TAIL(&queue
->head
, cell
, next
);
2142 /** Append a newly allocated copy of <b>cell</b> to the end of the
2143 * <b>exitward</b> (or app-ward) <b>queue</b> of <b>circ</b>. If
2144 * <b>use_stats</b> is true, record statistics about the cell.
2147 cell_queue_append_packed_copy(circuit_t
*circ
, cell_queue_t
*queue
,
2148 int exitward
, const cell_t
*cell
,
2149 int wide_circ_ids
, int use_stats
)
2152 packed_cell_t
*copy
= packed_cell_copy(cell
, wide_circ_ids
);
2156 tor_gettimeofday_cached(&now
);
2157 copy
->inserted_time
= (uint32_t)tv_to_msec(&now
);
2159 cell_queue_append(queue
, copy
);
2162 /** Initialize <b>queue</b> as an empty cell queue. */
2164 cell_queue_init(cell_queue_t
*queue
)
2166 memset(queue
, 0, sizeof(cell_queue_t
));
2167 TOR_SIMPLEQ_INIT(&queue
->head
);
2170 /** Remove and free every cell in <b>queue</b>. */
2172 cell_queue_clear(cell_queue_t
*queue
)
2174 packed_cell_t
*cell
;
2175 while ((cell
= TOR_SIMPLEQ_FIRST(&queue
->head
))) {
2176 TOR_SIMPLEQ_REMOVE_HEAD(&queue
->head
, next
);
2177 packed_cell_free_unchecked(cell
);
2179 TOR_SIMPLEQ_INIT(&queue
->head
);
2183 /** Extract and return the cell at the head of <b>queue</b>; return NULL if
2184 * <b>queue</b> is empty. */
2185 STATIC packed_cell_t
*
2186 cell_queue_pop(cell_queue_t
*queue
)
2188 packed_cell_t
*cell
= TOR_SIMPLEQ_FIRST(&queue
->head
);
2191 TOR_SIMPLEQ_REMOVE_HEAD(&queue
->head
, next
);
2196 /** Return the total number of bytes used for each packed_cell in a queue.
2199 packed_cell_mem_cost(void)
2201 return sizeof(packed_cell_t
) + MP_POOL_ITEM_OVERHEAD
;
2204 /** Check whether we've got too much space used for cells. If so,
2205 * call the OOM handler and return 1. Otherwise, return 0. */
2207 cell_queues_check_size(void)
2209 size_t alloc
= total_cells_allocated
* packed_cell_mem_cost();
2210 if (alloc
>= get_options()->MaxMemInCellQueues
) {
2211 circuits_handle_oom(alloc
);
2218 * Update the number of cells available on the circuit's n_chan or p_chan's
2222 update_circuit_on_cmux_(circuit_t
*circ
, cell_direction_t direction
,
2223 const char *file
, int lineno
)
2225 channel_t
*chan
= NULL
;
2226 or_circuit_t
*or_circ
= NULL
;
2227 circuitmux_t
*cmux
= NULL
;
2231 /* Okay, get the channel */
2232 if (direction
== CELL_DIRECTION_OUT
) {
2233 chan
= circ
->n_chan
;
2235 or_circ
= TO_OR_CIRCUIT(circ
);
2236 chan
= or_circ
->p_chan
;
2240 tor_assert(chan
->cmux
);
2242 /* Now get the cmux */
2245 /* Cmux sanity check */
2246 if (! circuitmux_is_circuit_attached(cmux
, circ
)) {
2247 log_warn(LD_BUG
, "called on non-attachd circuit from %s:%d",
2251 tor_assert(circuitmux_attached_circuit_direction(cmux
, circ
) == direction
);
2253 assert_cmux_ok_paranoid(chan
);
2255 /* Update the number of cells we have for the circuit mux */
2256 if (direction
== CELL_DIRECTION_OUT
) {
2257 circuitmux_set_num_cells(cmux
, circ
, circ
->n_chan_cells
.n
);
2259 circuitmux_set_num_cells(cmux
, circ
, or_circ
->p_chan_cells
.n
);
2262 assert_cmux_ok_paranoid(chan
);
2265 /** Remove all circuits from the cmux on <b>chan</b>. */
2267 channel_unlink_all_circuits(channel_t
*chan
)
2270 tor_assert(chan
->cmux
);
2272 circuitmux_detach_all_circuits(chan
->cmux
);
2273 chan
->num_n_circuits
= 0;
2274 chan
->num_p_circuits
= 0;
2277 /** Block (if <b>block</b> is true) or unblock (if <b>block</b> is false)
2278 * every edge connection that is using <b>circ</b> to write to <b>chan</b>,
2279 * and start or stop reading as appropriate.
2281 * If <b>stream_id</b> is nonzero, block only the edge connection whose
2282 * stream_id matches it.
2284 * Returns the number of streams whose status we changed.
2287 set_streams_blocked_on_circ(circuit_t
*circ
, channel_t
*chan
,
2288 int block
, streamid_t stream_id
)
2290 edge_connection_t
*edge
= NULL
;
2292 if (circ
->n_chan
== chan
) {
2293 circ
->streams_blocked_on_n_chan
= block
;
2294 if (CIRCUIT_IS_ORIGIN(circ
))
2295 edge
= TO_ORIGIN_CIRCUIT(circ
)->p_streams
;
2297 circ
->streams_blocked_on_p_chan
= block
;
2298 tor_assert(!CIRCUIT_IS_ORIGIN(circ
));
2299 edge
= TO_OR_CIRCUIT(circ
)->n_streams
;
2302 for (; edge
; edge
= edge
->next_stream
) {
2303 connection_t
*conn
= TO_CONN(edge
);
2304 if (stream_id
&& edge
->stream_id
!= stream_id
)
2307 if (edge
->edge_blocked_on_circ
!= block
) {
2309 edge
->edge_blocked_on_circ
= block
;
2312 if (!conn
->read_event
&& !HAS_BUFFEREVENT(conn
)) {
2313 /* This connection is a placeholder for something; probably a DNS
2314 * request. It can't actually stop or start reading.*/
2319 if (connection_is_reading(conn
))
2320 connection_stop_reading(conn
);
2322 /* Is this right? */
2323 if (!connection_is_reading(conn
))
2324 connection_start_reading(conn
);
2331 /** Extract the command from a packed cell. */
2333 packed_cell_get_command(const packed_cell_t
*cell
, int wide_circ_ids
)
2335 if (wide_circ_ids
) {
2336 return get_uint8(cell
->body
+4);
2338 return get_uint8(cell
->body
+2);
2342 /** Pull as many cells as possible (but no more than <b>max</b>) from the
2343 * queue of the first active circuit on <b>chan</b>, and write them to
2344 * <b>chan</b>->outbuf. Return the number of cells written. Advance
2345 * the active circuit pointer to the next active circuit in the ring. */
2347 channel_flush_from_first_active_circuit(channel_t
*chan
, int max
)
2349 circuitmux_t
*cmux
= NULL
;
2351 cell_queue_t
*queue
, *destroy_queue
=NULL
;
2353 or_circuit_t
*or_circ
;
2354 int streams_blocked
;
2355 packed_cell_t
*cell
;
2359 tor_assert(chan
->cmux
);
2362 /* Main loop: pick a circuit, send a cell, update the cmux */
2363 while (n_flushed
< max
) {
2364 circ
= circuitmux_get_first_active_circuit(cmux
, &destroy_queue
);
2365 if (destroy_queue
) {
2366 /* this code is duplicated from some of the logic below. Ugly! XXXX */
2367 tor_assert(destroy_queue
->n
> 0);
2368 cell
= cell_queue_pop(destroy_queue
);
2369 channel_write_packed_cell(chan
, cell
);
2370 /* Update the cmux destroy counter */
2371 circuitmux_notify_xmit_destroy(cmux
);
2376 /* If it returns NULL, no cells left to send */
2378 assert_cmux_ok_paranoid(chan
);
2380 if (circ
->n_chan
== chan
) {
2381 queue
= &circ
->n_chan_cells
;
2382 streams_blocked
= circ
->streams_blocked_on_n_chan
;
2384 or_circ
= TO_OR_CIRCUIT(circ
);
2385 tor_assert(or_circ
->p_chan
== chan
);
2386 queue
= &TO_OR_CIRCUIT(circ
)->p_chan_cells
;
2387 streams_blocked
= circ
->streams_blocked_on_p_chan
;
2390 /* Circuitmux told us this was active, so it should have cells */
2391 tor_assert(queue
->n
> 0);
2394 * Get just one cell here; once we've sent it, that can change the circuit
2395 * selection, so we have to loop around for another even if this circuit
2396 * has more than one.
2398 cell
= cell_queue_pop(queue
);
2400 /* Calculate the exact time that this cell has spent in the queue. */
2401 if (get_options()->CellStatistics
||
2402 get_options()->TestingEnableCellStatsEvent
) {
2403 uint32_t msec_waiting
;
2404 struct timeval tvnow
;
2405 tor_gettimeofday_cached(&tvnow
);
2406 msec_waiting
= ((uint32_t)tv_to_msec(&tvnow
)) - cell
->inserted_time
;
2408 if (get_options()->CellStatistics
&& !CIRCUIT_IS_ORIGIN(circ
)) {
2409 or_circ
= TO_OR_CIRCUIT(circ
);
2410 or_circ
->total_cell_waiting_time
+= msec_waiting
;
2411 or_circ
->processed_cells
++;
2414 if (get_options()->TestingEnableCellStatsEvent
) {
2415 uint8_t command
= packed_cell_get_command(cell
, chan
->wide_circ_ids
);
2417 testing_cell_stats_entry_t
*ent
=
2418 tor_malloc_zero(sizeof(testing_cell_stats_entry_t
));
2419 ent
->command
= command
;
2420 ent
->waiting_time
= msec_waiting
/ 10;
2422 if (circ
->n_chan
== chan
)
2424 if (!circ
->testing_cell_stats
)
2425 circ
->testing_cell_stats
= smartlist_new();
2426 smartlist_add(circ
->testing_cell_stats
, ent
);
2430 /* If we just flushed our queue and this circuit is used for a
2431 * tunneled directory request, possibly advance its state. */
2432 if (queue
->n
== 0 && chan
->dirreq_id
)
2433 geoip_change_dirreq_state(chan
->dirreq_id
,
2435 DIRREQ_CIRC_QUEUE_FLUSHED
);
2437 /* Now send the cell */
2438 channel_write_packed_cell(chan
, cell
);
2442 * Don't packed_cell_free_unchecked(cell) here because the channel will
2443 * do so when it gets out of the channel queue (probably already did, in
2444 * which case that was an immediate double-free bug).
2447 /* Update the counter */
2451 * Now update the cmux; tell it we've just sent a cell, and how many
2454 circuitmux_notify_xmit_cells(cmux
, circ
, 1);
2455 circuitmux_set_num_cells(cmux
, circ
, queue
->n
);
2457 log_debug(LD_GENERAL
, "Made a circuit inactive.");
2459 /* Is the cell queue low enough to unblock all the streams that are waiting
2460 * to write to this circuit? */
2461 if (streams_blocked
&& queue
->n
<= CELL_QUEUE_LOWWATER_SIZE
)
2462 set_streams_blocked_on_circ(circ
, chan
, 0, 0); /* unblock streams */
2464 /* If n_flushed < max still, loop around and pick another circuit */
2467 /* Okay, we're done sending now */
2468 assert_cmux_ok_paranoid(chan
);
2474 /** Indicate the current preferred cap for middle circuits; zero disables
2475 * the cap. Right now it's just a constant, ORCIRC_MAX_MIDDLE_CELLS, but
2476 * the logic in append_cell_to_circuit_queue() is written to be correct
2477 * if we want to base it on a consensus param or something that might change
2481 get_max_middle_cells(void)
2483 return ORCIRC_MAX_MIDDLE_CELLS
;
2487 /** Add <b>cell</b> to the queue of <b>circ</b> writing to <b>chan</b>
2488 * transmitting in <b>direction</b>. */
2490 append_cell_to_circuit_queue(circuit_t
*circ
, channel_t
*chan
,
2491 cell_t
*cell
, cell_direction_t direction
,
2492 streamid_t fromstream
)
2494 or_circuit_t
*orcirc
= NULL
;
2495 cell_queue_t
*queue
;
2496 int streams_blocked
;
2498 uint32_t tgt_max_middle_cells
, p_len
, n_len
, tmp
, hard_max_middle_cells
;
2502 if (circ
->marked_for_close
)
2505 exitward
= (direction
== CELL_DIRECTION_OUT
);
2507 queue
= &circ
->n_chan_cells
;
2508 streams_blocked
= circ
->streams_blocked_on_n_chan
;
2510 orcirc
= TO_OR_CIRCUIT(circ
);
2511 queue
= &orcirc
->p_chan_cells
;
2512 streams_blocked
= circ
->streams_blocked_on_p_chan
;
2516 * Disabling this for now because of a possible guard discovery attack
2519 /* Are we a middle circuit about to exceed ORCIRC_MAX_MIDDLE_CELLS? */
2520 if ((circ
->n_chan
!= NULL
) && CIRCUIT_IS_ORCIRC(circ
)) {
2521 orcirc
= TO_OR_CIRCUIT(circ
);
2522 if (orcirc
->p_chan
) {
2523 /* We are a middle circuit if we have both n_chan and p_chan */
2524 /* We'll need to know the current preferred maximum */
2525 tgt_max_middle_cells
= get_max_middle_cells();
2526 if (tgt_max_middle_cells
> 0) {
2527 /* Do we need to initialize middle_max_cells? */
2528 if (orcirc
->max_middle_cells
== 0) {
2529 orcirc
->max_middle_cells
= tgt_max_middle_cells
;
2531 if (tgt_max_middle_cells
> orcirc
->max_middle_cells
) {
2532 /* If we want to increase the cap, we can do so right away */
2533 orcirc
->max_middle_cells
= tgt_max_middle_cells
;
2534 } else if (tgt_max_middle_cells
< orcirc
->max_middle_cells
) {
2536 * If we're shrinking the cap, we can't shrink past either queue;
2537 * compare tgt_max_middle_cells rather than tgt_max_middle_cells *
2538 * ORCIRC_MAX_MIDDLE_KILL_THRESH so the queues don't shrink enough
2539 * to generate spurious warnings, either.
2541 n_len
= circ
->n_chan_cells
.n
;
2542 p_len
= orcirc
->p_chan_cells
.n
;
2543 tmp
= tgt_max_middle_cells
;
2544 if (tmp
< n_len
) tmp
= n_len
;
2545 if (tmp
< p_len
) tmp
= p_len
;
2546 orcirc
->max_middle_cells
= tmp
;
2548 /* else no change */
2551 /* tgt_max_middle_cells == 0 indicates we should disable the cap */
2552 orcirc
->max_middle_cells
= 0;
2555 /* Now we know orcirc->max_middle_cells is set correctly */
2556 if (orcirc
->max_middle_cells
> 0) {
2557 hard_max_middle_cells
=
2558 (uint32_t)(((double)orcirc
->max_middle_cells
) *
2559 ORCIRC_MAX_MIDDLE_KILL_THRESH
);
2561 if ((unsigned)queue
->n
+ 1 >= hard_max_middle_cells
) {
2562 /* Queueing this cell would put queue over the kill theshold */
2564 "Got a cell exceeding the hard cap of %u in the "
2565 "%s direction on middle circ ID %u on chan ID "
2566 U64_FORMAT
"; killing the circuit.",
2567 hard_max_middle_cells
,
2568 (direction
== CELL_DIRECTION_OUT
) ? "n" : "p",
2569 (direction
== CELL_DIRECTION_OUT
) ?
2570 circ
->n_circ_id
: orcirc
->p_circ_id
,
2572 (direction
== CELL_DIRECTION_OUT
) ?
2573 circ
->n_chan
->global_identifier
:
2574 orcirc
->p_chan
->global_identifier
));
2575 circuit_mark_for_close(circ
, END_CIRC_REASON_RESOURCELIMIT
);
2577 } else if ((unsigned)queue
->n
+ 1 == orcirc
->max_middle_cells
) {
2578 /* Only use ==, not >= for this test so we don't spam the log */
2580 "While trying to queue a cell, reached the soft cap of %u "
2581 "in the %s direction on middle circ ID %u "
2582 "on chan ID " U64_FORMAT
".",
2583 orcirc
->max_middle_cells
,
2584 (direction
== CELL_DIRECTION_OUT
) ? "n" : "p",
2585 (direction
== CELL_DIRECTION_OUT
) ?
2586 circ
->n_circ_id
: orcirc
->p_circ_id
,
2588 (direction
== CELL_DIRECTION_OUT
) ?
2589 circ
->n_chan
->global_identifier
:
2590 orcirc
->p_chan
->global_identifier
));
2597 cell_queue_append_packed_copy(circ
, queue
, exitward
, cell
,
2598 chan
->wide_circ_ids
, 1);
2600 if (PREDICT_UNLIKELY(cell_queues_check_size())) {
2601 /* We ran the OOM handler */
2602 if (circ
->marked_for_close
)
2606 /* If we have too many cells on the circuit, we should stop reading from
2607 * the edge streams for a while. */
2608 if (!streams_blocked
&& queue
->n
>= CELL_QUEUE_HIGHWATER_SIZE
)
2609 set_streams_blocked_on_circ(circ
, chan
, 1, 0); /* block streams */
2611 if (streams_blocked
&& fromstream
) {
2612 /* This edge connection is apparently not blocked; block it. */
2613 set_streams_blocked_on_circ(circ
, chan
, 1, fromstream
);
2616 update_circuit_on_cmux(circ
, direction
);
2617 if (queue
->n
== 1) {
2618 /* This was the first cell added to the queue. We just made this
2619 * circuit active. */
2620 log_debug(LD_GENERAL
, "Made a circuit active.");
2623 if (!channel_has_queued_writes(chan
)) {
2624 /* There is no data at all waiting to be sent on the outbuf. Add a
2625 * cell, so that we can notice when it gets flushed, flushed_some can
2626 * get called, and we can start putting more data onto the buffer then.
2628 log_debug(LD_GENERAL
, "Primed a buffer.");
2629 channel_flush_from_first_active_circuit(chan
, 1);
2633 /** Append an encoded value of <b>addr</b> to <b>payload_out</b>, which must
2634 * have at least 18 bytes of free space. The encoding is, as specified in
2636 * RESOLVED_TYPE_IPV4 or RESOLVED_TYPE_IPV6 [1 byte]
2638 * ADDRESS [length bytes]
2639 * Return the number of bytes added, or -1 on error */
2641 append_address_to_payload(uint8_t *payload_out
, const tor_addr_t
*addr
)
2644 switch (tor_addr_family(addr
)) {
2646 payload_out
[0] = RESOLVED_TYPE_IPV4
;
2648 a
= tor_addr_to_ipv4n(addr
);
2649 memcpy(payload_out
+2, &a
, 4);
2652 payload_out
[0] = RESOLVED_TYPE_IPV6
;
2653 payload_out
[1] = 16;
2654 memcpy(payload_out
+2, tor_addr_to_in6_addr8(addr
), 16);
2662 /** Given <b>payload_len</b> bytes at <b>payload</b>, starting with an address
2663 * encoded as by append_address_to_payload(), try to decode the address into
2664 * *<b>addr_out</b>. Return the next byte in the payload after the address on
2665 * success, or NULL on failure. */
2667 decode_address_from_payload(tor_addr_t
*addr_out
, const uint8_t *payload
,
2670 if (payload_len
< 2)
2672 if (payload_len
< 2+payload
[1])
2675 switch (payload
[0]) {
2676 case RESOLVED_TYPE_IPV4
:
2677 if (payload
[1] != 4)
2679 tor_addr_from_ipv4n(addr_out
, get_uint32(payload
+2));
2681 case RESOLVED_TYPE_IPV6
:
2682 if (payload
[1] != 16)
2684 tor_addr_from_ipv6_bytes(addr_out
, (char*)(payload
+2));
2687 tor_addr_make_unspec(addr_out
);
2690 return payload
+ 2 + payload
[1];
2693 /** Remove all the cells queued on <b>circ</b> for <b>chan</b>. */
2695 circuit_clear_cell_queue(circuit_t
*circ
, channel_t
*chan
)
2697 cell_queue_t
*queue
;
2698 cell_direction_t direction
;
2700 if (circ
->n_chan
== chan
) {
2701 queue
= &circ
->n_chan_cells
;
2702 direction
= CELL_DIRECTION_OUT
;
2704 or_circuit_t
*orcirc
= TO_OR_CIRCUIT(circ
);
2705 tor_assert(orcirc
->p_chan
== chan
);
2706 queue
= &orcirc
->p_chan_cells
;
2707 direction
= CELL_DIRECTION_IN
;
2710 /* Clear the queue */
2711 cell_queue_clear(queue
);
2713 /* Update the cell counter in the cmux */
2714 if (chan
->cmux
&& circuitmux_is_circuit_attached(chan
->cmux
, circ
))
2715 update_circuit_on_cmux(circ
, direction
);
2718 /** Fail with an assert if the circuit mux on chan is corrupt
2721 assert_circuit_mux_okay(channel_t
*chan
)
2724 tor_assert(chan
->cmux
);
2726 circuitmux_assert_okay(chan
->cmux
);
2729 /** Return 1 if we shouldn't restart reading on this circuit, even if
2730 * we get a SENDME. Else return 0.
2733 circuit_queue_streams_are_blocked(circuit_t
*circ
)
2735 if (CIRCUIT_IS_ORIGIN(circ
)) {
2736 return circ
->streams_blocked_on_n_chan
;
2738 return circ
->streams_blocked_on_p_chan
;