| blob | 13d37fee0c9134a288da47d68fe8e743535adde1 |
1 /* Copyright (c) 2001 Matej Pfajfar.
2 * Copyright (c) 2001-2004, Roger Dingledine.
3 * Copyright (c) 2004-2007, Roger Dingledine, Nick Mathewson. */
4 /* See LICENSE for licensing information */
5 /* $Id$ */
9 /**
10 * \file connection_or.c
11 * \brief Functions to handle OR connections, TLS handshaking, and
12 * cells on the network.
13 **/
21 /**************************************************************/
23 /** Map from identity digest of connected OR or desired OR to a connection_t
24 * with that identity digest. If there is more than one such connection_t,
25 * they form a linked list, with next_with_same_id as the next pointer. */
28 /** If conn is listed in orconn_identity_map, remove it, and clear
29 * conn->identity_digest. Otherwise do nothing. */
30 void
32 {
42 }
44 }
49 else
56 }
58 }
59 }
62 }
64 /** Remove all entries from the identity-to-orconn map, and clear
65 * all identities in OR conns.*/
66 void
68 {
79 }
80 }
85 }
86 }
88 /** Change conn->identity_digest to digest, and add conn into
89 * orconn_digest_map. */
90 static void
92 {
102 /* If the identity was set previously, remove the old mapping. */
108 /* If we're setting the ID to zero, don't add a mapping. */
115 #if 1
116 /* Testing code to check for bugs in representation. */
120 }
121 #endif
122 }
124 /** Pack the cell_t host-order structure <b>src</b> into network-order
125 * in the buffer <b>dest</b>. See tor-spec.txt for details about the
126 * wire format.
127 */
128 static void
130 {
134 }
136 /** Unpack the network-order buffer <b>src</b> into a host-order
137 * cell_t structure <b>dest</b>.
138 */
139 static void
141 {
145 }
147 int
149 {
153 }
155 /** Read conn's inbuf. If the http response from the proxy is all
156 * here, make sure it's good news, and begin the tls handshake. If
157 * it's bad news, close the connection and return -1. Else return 0
158 * and hope for better luck next time.
159 */
160 static int
162 {
179 /* case 1, fall through */
180 }
189 }
198 /* TLS handshaking error of some kind. */
202 }
204 }
205 /* else, bad news on the status code */
207 "The https proxy sent back an unexpected status code %d (%s). "
213 }
215 /** Handle any new bytes that have come in on connection <b>conn</b>.
216 * If conn is in 'open' state, hand it to
217 * connection_or_process_cells_from_inbuf()
218 * (else do nothing).
219 */
220 int
222 {
232 }
233 }
235 /** Called whenever we have flushed some data on an or_conn. */
236 int
238 {
242 }
244 }
246 /** Connection <b>conn</b> has finished writing and has no bytes left on
247 * its outbuf.
248 *
249 * Otherwise it's in state "open": stop writing and return.
250 *
251 * If <b>conn</b> is broken, mark it for close and return -1, else
252 * return 0.
253 */
254 int
256 {
273 }
275 }
277 /** Connected handler for OR connections: begin the TLS handshake.
278 */
279 int
281 {
304 }
313 }
317 }
320 /* TLS handshaking error of some kind. */
323 }
325 }
327 /** If we don't necessarily know the router we're connecting to, but we
328 * have an addr/port/id_digest, then fill in as much as we can. Start
329 * by checking to see if this describes a router we know. */
330 static void
335 {
345 /* Override the addr/port, so our log messages will make sense.
346 * This is dangerous, since if we ever try looking up a conn by
347 * its actual addr/port, we won't remember. Careful! */
350 }
356 /* If we're an authoritative directory server, we may know a
357 * nickname for this router. */
366 }
369 }
370 }
372 /** Return the best connection of type OR with the
373 * digest <b>digest</b> that we have, or NULL if we have none.
374 *
375 * 1) Don't return it if it's marked for close.
376 * 2) If there are any open conns, ignore non-open conns.
377 * 3) If there are any non-obsolete conns, ignore obsolete conns.
378 * 4) Then if there are any non-empty conns, ignore empty conns.
379 * 5) Of the remaining conns, prefer newer conns.
380 */
381 or_connection_t *
383 {
401 }
411 /* We prefer non-obsolete connections: */
413 /* If both have circuits we prefer the newer: */
415 /* If neither has circuits we prefer the newer: */
417 /* We prefer connections with circuits: */
420 };
421 }
423 }
425 /** Launch a new OR connection to <b>addr</b>:<b>port</b> and expect to
426 * handshake with an OR with identity digest <b>id_digest</b>.
427 *
428 * If <b>id_digest</b> is me, do nothing. If we're already connected to it,
429 * return that connection. If the connect() is in progress, set the
430 * new conn's state to 'connecting' and return it. If connect() succeeds,
431 * call connection_tls_start_handshake() on it.
432 *
433 * This function is called from router_retry_connections(), for
434 * ORs connecting to ORs, and circuit_establish_circuit(), for
435 * OPs connecting to ORs.
436 *
437 * Return the launched conn, or NULL if it failed.
438 */
439 or_connection_t *
441 {
450 }
454 /* set up conn so it's got all the data we need to remember */
460 /* we shouldn't connect directly. use the https proxy instead. */
463 }
467 /* If the connection failed immediately, and we're using
468 * an https proxy, our https proxy is down. Don't blame the
469 * Tor server. */
474 }
476 END_OR_CONN_REASON_TCP_REFUSED);
481 /* writable indicates finish, readable indicates broken link,
482 error indicates broken link on windows */
484 /* case 1: fall through */
485 }
488 /* already marked for close */
490 }
492 }
494 /** Begin the tls handshake with <b>conn</b>. <b>receiving</b> is 0 if
495 * we initiated the connection, else it's 1.
496 *
497 * Assign a new tls object to conn->tls, begin reading on <b>conn</b>, and
498 * pass <b>conn</b> to connection_tls_continue_handshake().
499 *
500 * Return -1 if <b>conn</b> is broken, else return 0.
501 */
502 int
504 {
510 }
517 }
519 }
521 /** Move forward with the tls handshake. If it finishes, hand
522 * <b>conn</b> to connection_tls_finish_handshake().
523 *
524 * Return -1 if <b>conn</b> is broken, else return 0.
525 */
526 int
528 {
531 CASE_TOR_TLS_ERROR_ANY:
546 }
548 }
550 /** Return 1 if we initiated this connection, or 0 if it started
551 * out as an incoming connection.
552 *
553 * This is implemented for now by checking to see if
554 * conn-\>identity_digest is set or not. Perhaps we should add a flag
555 * one day so we're clearer.
556 */
557 int
559 {
564 }
566 /** <b>Conn</b> just completed its handshake. Return 0 if all is well, and
567 * return -1 if he is lying, broken, or otherwise something is wrong.
568 *
569 * If we initiated this connection (<b>started_here</b> is true), make sure
570 * the other side sent sent a correctly formed certificate. If I initiated the
571 * connection, make sure it's the right guy.
572 *
573 * Otherwise (if we _didn't_ initiate this connection), it's okay for
574 * the certificate to be weird or absent.
575 *
576 * If we return 0, and the certificate is as expected, write a hash of the
577 * identity key into digest_rcvd, which must have DIGEST_LEN space in it. (If
578 * we return -1 this buffer is undefined.) If the certificate is invalid
579 * or missing on an incoming connection, we return 0 and set digest_rcvd to
580 * DIGEST_LEN 0 bytes.
581 *
582 * As side effects,
583 * 1) Set conn->circ_id_type according to tor-spec.txt.
584 * 2) If we're an authdirserver and we initiated the connection: drop all
585 * descriptors that claim to be on that IP/port but that aren't
586 * this guy; and note that this guy is reachable.
587 */
588 static int
591 {
610 }
627 }
629 }
639 }
644 }
651 /* I was aiming for a particular digest. I didn't get it! */
656 DIGEST_LEN);
658 "Tried connecting to router at %s:%d, but identity key was not "
664 END_OR_CONN_REASON_OR_IDENTITY);
666 }
668 /* We initiated this connection to address:port. Drop all routers
669 * with the same address:port and a different key.
670 */
673 }
676 }
678 }
680 /** The tls handshake is finished.
681 *
682 * Make sure we are happy with the person we just handshaked with.
683 *
684 * If he initiated the connection, make sure he's not already connected,
685 * then initialize conn from the information in router.
686 *
687 * If all is successful, call circuit_n_conn_done() to handle events
688 * that have been pending on the <tls handshake completion. Also set the
689 * directory to be dirty (only matters if I'm an authdirserver).
690 */
691 static int
693 {
704 }
713 /* pending circs get closed in circuit_about_to_close_connection() */
715 }
717 }
721 }
723 /** Pack <b>cell</b> into wire-format, and write it onto <b>conn</b>'s
724 * outbuf.
725 */
726 void
728 {
738 }
740 /** Process cells from <b>conn</b>'s inbuf.
741 *
742 * Loop: while inbuf contains a cell, pull it off the inbuf, unpack it,
743 * and hand it to command_process_cell().
744 *
745 * Always return 0.
746 */
747 static int
749 {
751 cell_t cell;
753 loop:
759 available? */
764 /* retrieve cell info from buf (create the host-order struct from the
765 * network-order string) */
771 }
773 /** Write a destroy cell with circ ID <b>circ_id</b> and reason <b>reason</b>
774 * onto OR connection <b>conn</b>. Don't perform range-checking on reason:
775 * we may want to propagate reasons from other cells.
776 *
777 * Return 0.
778 */
779 int
781 {
782 cell_t cell;
793 }
795 /** A high waterlevel for whether to refill this OR connection
796 * with more directory information, if any is pending. */
797 #define BUF_FULLNESS_THRESHOLD (128*1024)
798 /** A bottom waterlevel for whether to refill this OR connection
799 * with more directory information, if any is pending. We don't want
800 * to make this too low, since we already run the risk of starving
801 * the pending dir connections if the OR conn is frequently busy with
802 * other things. */
803 #define BUF_EMPTINESS_THRESHOLD (96*1024)
805 /** Return true iff there is so much data waiting to be flushed on <b>conn</b>
806 * that we should stop writing directory data to it. */
807 int
809 {
811 }
813 /** Return true iff there is no longer so much data waiting to be flushed on
814 * <b>conn</b> that we should not write directory data to it. */
815 static int
817 {
818 /* Note that the threshold to stop writing is a bit higher than the
819 * threshold to start again: this should (with any luck) keep us from
820 * flapping about indefinitely. */
822 }