src/core/or/connection_edge.h

   1 /* Copyright (c) 2001 Matej Pfajfar.
   2  * Copyright (c) 2001-2004, Roger Dingledine.
   3  * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson.
   4  * Copyright (c) 2007-2018, The Tor Project, Inc. */
   5 /* See LICENSE for licensing information */
   6
   7 /**
   8  * \file connection_edge.h
   9  * \brief Header file for connection_edge.c.
  10  **/
  11
  12 #ifndef TOR_CONNECTION_EDGE_H
  13 #define TOR_CONNECTION_EDGE_H
  14
  15 #include "lib/testsupport/testsupport.h"
  16
  17 edge_connection_t *TO_EDGE_CONN(connection_t *);
  18 entry_connection_t *TO_ENTRY_CONN(connection_t *);
  19 entry_connection_t *EDGE_TO_ENTRY_CONN(edge_connection_t *);
  20
  21 #define EXIT_CONN_STATE_MIN_ 1
  22 /** State for an exit connection: waiting for response from DNS farm. */
  23 #define EXIT_CONN_STATE_RESOLVING 1
  24 /** State for an exit connection: waiting for connect() to finish. */
  25 #define EXIT_CONN_STATE_CONNECTING 2
  26 /** State for an exit connection: open and ready to transmit data. */
  27 #define EXIT_CONN_STATE_OPEN 3
  28 /** State for an exit connection: waiting to be removed. */
  29 #define EXIT_CONN_STATE_RESOLVEFAILED 4
  30 #define EXIT_CONN_STATE_MAX_ 4
  31
  32 /* The AP state values must be disjoint from the EXIT state values. */
  33 #define AP_CONN_STATE_MIN_ 5
  34 /** State for a SOCKS connection: waiting for SOCKS request. */
  35 #define AP_CONN_STATE_SOCKS_WAIT 5
  36 /** State for a SOCKS connection: got a y.onion URL; waiting to receive
  37  * rendezvous descriptor. */
  38 #define AP_CONN_STATE_RENDDESC_WAIT 6
  39 /** The controller will attach this connection to a circuit; it isn't our
  40  * job to do so. */
  41 #define AP_CONN_STATE_CONTROLLER_WAIT 7
  42 /** State for a SOCKS connection: waiting for a completed circuit. */
  43 #define AP_CONN_STATE_CIRCUIT_WAIT 8
  44 /** State for a SOCKS connection: sent BEGIN, waiting for CONNECTED. */
  45 #define AP_CONN_STATE_CONNECT_WAIT 9
  46 /** State for a SOCKS connection: sent RESOLVE, waiting for RESOLVED. */
  47 #define AP_CONN_STATE_RESOLVE_WAIT 10
  48 /** State for a SOCKS connection: ready to send and receive. */
  49 #define AP_CONN_STATE_OPEN 11
  50 /** State for a transparent natd connection: waiting for original
  51  * destination. */
  52 #define AP_CONN_STATE_NATD_WAIT 12
  53 /** State for an HTTP tunnel: waiting for an HTTP CONNECT command. */
  54 #define AP_CONN_STATE_HTTP_CONNECT_WAIT 13
  55 #define AP_CONN_STATE_MAX_ 13
  56
  57 #define EXIT_PURPOSE_MIN_ 1
  58 /** This exit stream wants to do an ordinary connect. */
  59 #define EXIT_PURPOSE_CONNECT 1
  60 /** This exit stream wants to do a resolve (either normal or reverse). */
  61 #define EXIT_PURPOSE_RESOLVE 2
  62 #define EXIT_PURPOSE_MAX_ 2
  63
  64 /** True iff the AP_CONN_STATE_* value <b>s</b> means that the corresponding
  65  * edge connection is not attached to any circuit. */
  66 #define AP_CONN_STATE_IS_UNATTACHED(s) \
  67   ((s) <= AP_CONN_STATE_CIRCUIT_WAIT || (s) == AP_CONN_STATE_NATD_WAIT)
  68
  69 #define connection_mark_unattached_ap(conn, endreason)                  \
  70   connection_mark_unattached_ap_((conn), (endreason), __LINE__, SHORT_FILE__)
  71
  72 MOCK_DECL(void,connection_mark_unattached_ap_,
  73           (entry_connection_t *conn, int endreason,
  74            int line, const char *file));
  75 int connection_edge_reached_eof(edge_connection_t *conn);
  76 int connection_edge_process_inbuf(edge_connection_t *conn,
  77                                   int package_partial);
  78 int connection_edge_destroy(circid_t circ_id, edge_connection_t *conn);
  79 int connection_edge_end(edge_connection_t *conn, uint8_t reason);
  80 int connection_edge_end_errno(edge_connection_t *conn);
  81 int connection_edge_flushed_some(edge_connection_t *conn);
  82 int connection_edge_finished_flushing(edge_connection_t *conn);
  83 int connection_edge_finished_connecting(edge_connection_t *conn);
  84
  85 void connection_ap_about_to_close(entry_connection_t *edge_conn);
  86 void connection_exit_about_to_close(edge_connection_t *edge_conn);
  87
  88 MOCK_DECL(int,
  89           connection_ap_handshake_send_begin,(entry_connection_t *ap_conn));
  90 int connection_ap_handshake_send_resolve(entry_connection_t *ap_conn);
  91
  92 entry_connection_t  *connection_ap_make_link(connection_t *partner,
  93                                             char *address, uint16_t port,
  94                                             const char *digest,
  95                                             int session_group,
  96                                             int isolation_flags,
  97                                             int use_begindir, int want_onehop);
  98 void connection_ap_handshake_socks_reply(entry_connection_t *conn, char *reply,
  99                                          size_t replylen,
 100                                          int endreason);
 101 MOCK_DECL(void,connection_ap_handshake_socks_resolved,
 102           (entry_connection_t *conn,
 103            int answer_type,
 104            size_t answer_len,
 105            const uint8_t *answer,
 106            int ttl,
 107            time_t expires));
 108 void connection_ap_handshake_socks_resolved_addr(entry_connection_t *conn,
 109                                                  const tor_addr_t *answer,
 110                                                  int ttl,
 111                                                  time_t expires);
 112
 113 int connection_exit_begin_conn(cell_t *cell, circuit_t *circ);
 114 int connection_exit_begin_resolve(cell_t *cell, or_circuit_t *circ);
 115 void connection_exit_connect(edge_connection_t *conn);
 116 int connection_edge_is_rendezvous_stream(const edge_connection_t *conn);
 117 int connection_ap_can_use_exit(const entry_connection_t *conn,
 118                                const node_t *exit);
 119 void connection_ap_expire_beginning(void);
 120 void connection_ap_rescan_and_attach_pending(void);
 121 void connection_ap_attach_pending(int retry);
 122 void connection_ap_mark_as_pending_circuit_(entry_connection_t *entry_conn,
 123                                            const char *file, int line);
 124 #define connection_ap_mark_as_pending_circuit(c) \
 125   connection_ap_mark_as_pending_circuit_((c), __FILE__, __LINE__)
 126 void connection_ap_mark_as_non_pending_circuit(entry_connection_t *entry_conn);
 127 #define CONNECTION_AP_EXPECT_NONPENDING(c) do {                         \
 128     if (ENTRY_TO_CONN(c)->state == AP_CONN_STATE_CIRCUIT_WAIT) {        \
 129       log_warn(LD_BUG, "At %s:%d: %p was unexpectedly in circuit_wait.", \
 130                __FILE__, __LINE__, (c));                                \
 131       connection_ap_mark_as_non_pending_circuit(c);                     \
 132     }                                                                   \
 133   } while (0)
 134 void connection_ap_fail_onehop(const char *failed_digest,
 135                                cpath_build_state_t *build_state);
 136 void circuit_discard_optional_exit_enclaves(extend_info_t *info);
 137 int connection_ap_detach_retriable(entry_connection_t *conn,
 138                                    origin_circuit_t *circ,
 139                                    int reason);
 140 int connection_ap_process_transparent(entry_connection_t *conn);
 141
 142 int address_is_invalid_destination(const char *address, int client);
 143
 144 MOCK_DECL(int, connection_ap_rewrite_and_attach_if_allowed,
 145                                                 (entry_connection_t *conn,
 146                                                  origin_circuit_t *circ,
 147                                                  crypt_path_t *cpath));
 148 int connection_ap_handshake_rewrite_and_attach(entry_connection_t *conn,
 149                                                origin_circuit_t *circ,
 150                                                crypt_path_t *cpath);
 151
 152 /** Possible return values for parse_extended_hostname. */
 153 typedef enum hostname_type_t {
 154   NORMAL_HOSTNAME, ONION_V2_HOSTNAME, ONION_V3_HOSTNAME,
 155   EXIT_HOSTNAME, BAD_HOSTNAME
 156 } hostname_type_t;
 157 hostname_type_t parse_extended_hostname(char *address);
 158
 159 #if defined(HAVE_NET_IF_H) && defined(HAVE_NET_PFVAR_H)
 160 int get_pf_socket(void);
 161 #endif
 162
 163 int connection_edge_compatible_with_circuit(const entry_connection_t *conn,
 164                                             const origin_circuit_t *circ);
 165 int connection_edge_update_circuit_isolation(const entry_connection_t *conn,
 166                                              origin_circuit_t *circ,
 167                                              int dry_run);
 168 void circuit_clear_isolation(origin_circuit_t *circ);
 169 streamid_t get_unique_stream_id_by_circ(origin_circuit_t *circ);
 170
 171 void connection_edge_free_all(void);
 172
 173 void connection_ap_warn_and_unmark_if_pending_circ(
 174                                              entry_connection_t *entry_conn,
 175                                              const char *where);
 176
 177 int connection_half_edge_is_valid_data(const smartlist_t *half_conns,
 178                                        streamid_t stream_id);
 179 int connection_half_edge_is_valid_sendme(const smartlist_t *half_conns,
 180                                          streamid_t stream_id);
 181 int connection_half_edge_is_valid_connected(const smartlist_t *half_conns,
 182                                             streamid_t stream_id);
 183 int connection_half_edge_is_valid_end(smartlist_t *half_conns,
 184                                       streamid_t stream_id);
 185 int connection_half_edge_is_valid_resolved(smartlist_t *half_conns,
 186                                            streamid_t stream_id);
 187
 188 /** @name Begin-cell flags
 189  *
 190  * These flags are used in RELAY_BEGIN cells to change the default behavior
 191  * of the cell.
 192  *
 193  * @{
 194  **/
 195 /** When this flag is set, the client is willing to get connected to IPv6
 196  * addresses */
 197 #define BEGIN_FLAG_IPV6_OK        (1u<<0)
 198 /** When this flag is set, the client DOES NOT support connecting to IPv4
 199  * addresses.  (The sense of this flag is inverted from IPV6_OK, so that the
 200  * old default behavior of Tor is equivalent to having all flags set to 0.)
 201  **/
 202 #define BEGIN_FLAG_IPV4_NOT_OK    (1u<<1)
 203 /** When this flag is set, if we find both an IPv4 and an IPv6 address,
 204  * we use the IPv6 address.  Otherwise we use the IPv4 address. */
 205 #define BEGIN_FLAG_IPV6_PREFERRED (1u<<2)
 206 /**@}*/
 207
 208 #ifdef CONNECTION_EDGE_PRIVATE
 209
 210 /** A parsed BEGIN or BEGIN_DIR cell */
 211 typedef struct begin_cell_t {
 212   /** The address the client has asked us to connect to, or NULL if this is
 213    * a BEGIN_DIR cell*/
 214   char *address;
 215   /** The flags specified in the BEGIN cell's body.  One or more of
 216    * BEGIN_FLAG_*. */
 217   uint32_t flags;
 218   /** The client's requested port. */
 219   uint16_t port;
 220   /** The client's requested Stream ID */
 221   uint16_t stream_id;
 222   /** True iff this is a BEGIN_DIR cell. */
 223   unsigned is_begindir : 1;
 224 } begin_cell_t;
 225
 226 STATIC int begin_cell_parse(const cell_t *cell, begin_cell_t *bcell,
 227                      uint8_t *end_reason_out);
 228 STATIC int connected_cell_format_payload(uint8_t *payload_out,
 229                                   const tor_addr_t *addr,
 230                                   uint32_t ttl);
 231
 232 typedef struct {
 233   /** Original address, after we lowercased it but before we started
 234    * mapping it.
 235    */
 236   char orig_address[MAX_SOCKS_ADDR_LEN];
 237   /** True iff the address has been automatically remapped to a local
 238    * address in VirtualAddrNetwork.  (Only set true when we do a resolve
 239    * and get a virtual address; not when we connect to the address.) */
 240   int automap;
 241   /** If this connection has a .exit address, who put it there? */
 242   addressmap_entry_source_t exit_source;
 243   /** If we've rewritten the address, when does this map expire? */
 244   time_t map_expires;
 245   /** If we should close the connection, this is the end_reason to pass
 246    * to connection_mark_unattached_ap */
 247   int end_reason;
 248   /** True iff we should close the connection, either because of error or
 249    * because of successful early RESOLVED reply. */
 250   int should_close;
 251 } rewrite_result_t;
 252
 253 STATIC void connection_ap_handshake_rewrite(entry_connection_t *conn,
 254                                             rewrite_result_t *out);
 255
 256 STATIC int connection_ap_process_http_connect(entry_connection_t *conn);
 257 struct half_edge_t;
 258 STATIC void connection_half_edge_add(const edge_connection_t *conn,
 259                                      origin_circuit_t *circ);
 260 STATIC struct half_edge_t *connection_half_edge_find_stream_id(
 261                                      const smartlist_t *half_conns,
 262                                      streamid_t stream_id);
 263 #endif /* defined(CONNECTION_EDGE_PRIVATE) */
 264
 265 #endif /* !defined(TOR_CONNECTION_EDGE_H) */