fallbackdir: Update list generated on August 30, 2023

[tor.git] / src / core / or / circuit_st.h

/* Copyright (c) 2001 Matej Pfajfar.
 * Copyright (c) 2001-2004, Roger Dingledine.
 * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson.
 * Copyright (c) 2007-2021, The Tor Project, Inc. */
/* See LICENSE for licensing information */

/**
 * @file circuit_st.h
 * @brief Base circuit structure.
 **/

#ifndef CIRCUIT_ST_H
#define CIRCUIT_ST_H

#include "core/or/or.h"

#include "lib/container/handles.h"

#include "core/or/cell_queue_st.h"
#include "ext/ht.h"

struct hs_token_t;
struct circpad_machine_spec_t;
struct circpad_machine_runtime_t;
struct congestion_control_t;

/** Number of padding state machines on a circuit. */
#define CIRCPAD_MAX_MACHINES (2)

/** "magic" value for an origin_circuit_t */
#define ORIGIN_CIRCUIT_MAGIC 0x35315243u
/** "magic" value for an or_circuit_t */
#define OR_CIRCUIT_MAGIC 0x98ABC04Fu
/** "magic" value for a circuit that would have been freed by circuit_free,
 * but which we're keeping around until a cpuworker reply arrives.  See
 * circuit_free() for more documentation. */
#define DEAD_CIRCUIT_MAGIC 0xdeadc14c

/**
 * A circuit is a path over the onion routing
 * network. Applications can connect to one end of the circuit, and can
 * create exit connections at the other end of the circuit. AP and exit
 * connections have only one circuit associated with them (and thus these
 * connection types are closed when the circuit is closed), whereas
 * OR connections multiplex many circuits at once, and stay standing even
 * when there are no circuits running over them.
 *
 * A circuit_t structure can fill one of two roles.  First, a or_circuit_t
 * links two connections together: either an edge connection and an OR
 * connection, or two OR connections.  (When joined to an OR connection, a
 * circuit_t affects only cells sent to a particular circID on that
 * connection.  When joined to an edge connection, a circuit_t affects all
 * data.)

 * Second, an origin_circuit_t holds the cipher keys and state for sending data
 * along a given circuit.  At the OP, it has a sequence of ciphers, each
 * of which is shared with a single OR along the circuit.  Separate
 * ciphers are used for data going "forward" (away from the OP) and
 * "backward" (towards the OP).  At the OR, a circuit has only two stream
 * ciphers: one for data going forward, and one for data going backward.
 */
struct circuit_t {
  uint32_t magic; /**< For memory and type debugging: must equal
                   * ORIGIN_CIRCUIT_MAGIC or OR_CIRCUIT_MAGIC. */

  /** Handle entry for handle-based lookup */
  HANDLE_ENTRY(circuit, circuit_t);

  /** The channel that is next in this circuit. */
  channel_t *n_chan;

  /**
   * The circuit_id used in the next (forward) hop of this circuit;
   * this is unique to n_chan, but this ordered pair is globally
   * unique:
   *
   * (n_chan->global_identifier, n_circ_id)
   */
  circid_t n_circ_id;

  /** Queue of cells waiting to be transmitted on n_chan */
  cell_queue_t n_chan_cells;

  /**
   * The hop to which we want to extend this circuit.  Should be NULL if
   * the circuit has attached to a channel.
   */
  extend_info_t *n_hop;

  /** True iff we are waiting for n_chan_cells to become less full before
   * allowing any more cells on this circuit. (Origin circuit only.) */
  unsigned int circuit_blocked_on_n_chan : 1;
  /** True iff we are waiting for p_chan_cells to become less full before
   * allowing any more cells on this circuit. (OR circuit only.) */
  unsigned int circuit_blocked_on_p_chan : 1;

  /** True iff we have queued a delete backwards on this circuit, but not put
   * it on the output buffer. */
  unsigned int p_delete_pending : 1;
  /** True iff we have queued a delete forwards on this circuit, but not put
   * it on the output buffer. */
  unsigned int n_delete_pending : 1;

  /** True iff this circuit has received a DESTROY cell in either direction */
  unsigned int received_destroy : 1;

  /** True iff we have sent a sufficiently random data cell since last
   * we reset send_randomness_after_n_cells. */
  unsigned int have_sent_sufficiently_random_cell : 1;

  uint8_t state; /**< Current status of this circuit. */
  uint8_t purpose; /**< Why are we creating this circuit? */

  /** How many relay data cells can we package (read from edge streams)
   * on this circuit before we receive a circuit-level sendme cell asking
   * for more? */
  int package_window;
  /** How many relay data cells will we deliver (write to edge streams)
   * on this circuit? When deliver_window gets low, we send some
   * circuit-level sendme cells to indicate that we're willing to accept
   * more. */
  int deliver_window;
  /**
   * How many cells do we have until we need to send one that contains
   * sufficient randomness?  Used to ensure that authenticated SENDME cells
   * will reflect some unpredictable information.
   **/
  uint16_t send_randomness_after_n_cells;

  /** FIFO containing the digest of the cells that are just before a SENDME is
   * sent by the client. It is done at the last cell before our package_window
   * goes down to 0 which is when we expect a SENDME.
   *
   * Our current circuit package window is capped to 1000
   * (CIRCWINDOW_START_MAX) which is also the start value. The increment is
   * set to 100 (CIRCWINDOW_INCREMENT) which means we don't allow more than
   * 1000/100 = 10 outstanding SENDME cells worth of data. Meaning that this
   * list can not contain more than 10 digests of DIGEST_LEN bytes (20).
   *
   * At position i in the list, the digest corresponds to the
   * (CIRCWINDOW_INCREMENT * i)-nth cell received since we expect a SENDME to
   * be received containing that cell digest.
   *
   * For example, position 2 (starting at 0) means that we've received 300
   * cells so the 300th cell digest is kept at index 2.
   *
   * At maximum, this list contains 200 bytes plus the smartlist overhead. */
  smartlist_t *sendme_last_digests;

  /** Temporary field used during circuits_handle_oom. */
  uint32_t age_tmp;

  /** For storage while n_chan is pending (state CIRCUIT_STATE_CHAN_WAIT). */
  struct create_cell_t *n_chan_create_cell;

  /** When did circuit construction actually begin (ie send the
   * CREATE cell or begin cannibalization).
   *
   * Note: This timer will get reset if we decide to cannibalize
   * a circuit. It may also get reset during certain phases of hidden
   * service circuit use.
   *
   * We keep this timestamp with a higher resolution than most so that the
   * circuit-build-time tracking code can get millisecond resolution.
   */
  struct timeval timestamp_began;

  /** This timestamp marks when the init_circuit_base constructor ran. */
  struct timeval timestamp_created;

  /** When the circuit was first used, or 0 if the circuit is clean.
   *
   * XXXX Note that some code will artificially adjust this value backward
   * in time in order to indicate that a circuit shouldn't be used for new
   * streams, but that it can stay alive as long as it has streams on it.
   * That's a kludge we should fix.
   *
   * XXX The CBT code uses this field to record when HS-related
   * circuits entered certain states.  This usage probably won't
   * interfere with this field's primary purpose, but we should
   * document it more thoroughly to make sure of that.
   *
   * XXX The SocksPort option KeepaliveIsolateSOCKSAuth will artificially
   * adjust this value forward each time a suitable stream is attached to an
   * already constructed circuit, potentially keeping the circuit alive
   * indefinitely.
   */
  time_t timestamp_dirty;

  uint16_t marked_for_close; /**< Should we close this circuit at the end of
                              * the main loop? (If true, holds the line number
                              * where this circuit was marked.) */
  const char *marked_for_close_file; /**< For debugging: in which file was this
                                      * circuit marked for close? */
  /** For what reason (See END_CIRC_REASON...) is this circuit being closed?
   * This field is set in circuit_mark_for_close and used later in
   * circuit_about_to_free. */
  int marked_for_close_reason;
  /** As marked_for_close_reason, but reflects the underlying reason for
   * closing this circuit.
   */
  int marked_for_close_orig_reason;

  /** Unique ID for measuring tunneled network status requests. */
  uint64_t dirreq_id;

  /** Index in smartlist of all circuits (global_circuitlist). */
  int global_circuitlist_idx;

  /** Various statistics about cells being added to or removed from this
   * circuit's queues; used only if CELL_STATS events are enabled and
   * cleared after being sent to control port. */
  smartlist_t *testing_cell_stats;

  /** If set, points to an HS token that this circuit might be carrying.
   *  Used by the HS circuitmap.  */
  struct hs_token_t *hs_token;
  /** Hashtable node: used to look up the circuit by its HS token using the HS
      circuitmap. */
  HT_ENTRY(circuit_t) hs_circuitmap_node;

  /** Adaptive Padding state machines: these are immutable. The state machines
   *  that come from the consensus are saved to a global structure, to avoid
   *  per-circuit allocations. This merely points to the global copy in
   *  origin_padding_machines or relay_padding_machines that should never
   *  change or get deallocated.
   *
   *  Each element of this array corresponds to a different padding machine,
   *  and we can have up to CIRCPAD_MAX_MACHINES such machines. */
  const struct circpad_machine_spec_t *padding_machine[CIRCPAD_MAX_MACHINES];

  /** Adaptive Padding machine runtime info for above machines. This is
   *  the per-circuit mutable information, such as the current state and
   *  histogram token counts. Some of it is optional (aka NULL).
   *  If a machine is being shut down, these indexes can be NULL
   *  without the corresponding padding_machine being NULL, while we
   *  wait for the other end to respond to our shutdown request.
   *
   *  Each element of this array corresponds to a different padding machine,
   *  and we can have up to CIRCPAD_MAX_MACHINES such machines. */
  struct circpad_machine_runtime_t *padding_info[CIRCPAD_MAX_MACHINES];

  /** padding_machine_ctr increments each time a new padding machine
   * is negotiated. It is used for shutdown conditions, to ensure
   * that STOP commands actually correspond to the current machine,
   * and not a previous one. */
  uint32_t padding_machine_ctr;

  /** Congestion control fields */
  struct congestion_control_t *ccontrol;

  /** Conflux linked circuit information.
   *
   * If this is non-NULL, the circuit is linked and part of a usable set,
   * and for origin_circuit_t subtypes, the circuit purpose is
   * CIRCUIT_PURPOSE_CONFLUX_LINKED.
   *
   * If this is NULL, the circuit could still be part of a pending conflux
   * object, in which case the conflux_pending_nonce field is set, and for
   * origin_circuit_t subtypes, the purpose is
   * CIRCUIT_PURPOSE_CONFLUX_UNLINKED.
  */
  struct conflux_t *conflux;

  /** If set, this circuit is considered *unlinked* and in the pending pool.
   * The nonce value is used to find the other legs. Origin circuits that
   * have this set are in the CIRCUIT_PURPOSE_CONFLUX_UNLINKED purpose.
   *
   * If this is NULL, and conflux object is set, it means this circuit is
   * linked and thus part of a usable set. */
  uint8_t *conflux_pending_nonce;
};

#endif /* !defined(CIRCUIT_ST_H) */