1 /* Copyright (c) 2001 Matej Pfajfar.
2 * Copyright (c) 2001-2004, Roger Dingledine.
3 * Copyright (c) 2004-2007, Roger Dingledine, Nick Mathewson. */
4 /* See LICENSE for licensing information */
6 const char connection_or_c_id
[] =
10 * \file connection_or.c
11 * \brief Functions to handle OR connections, TLS handshaking, and
12 * cells on the network.
17 static int connection_tls_finish_handshake(or_connection_t
*conn
);
18 static int connection_or_process_cells_from_inbuf(or_connection_t
*conn
);
19 static int connection_or_empty_enough_for_dirserv_data(or_connection_t
*conn
);
21 /**************************************************************/
23 /** Map from identity digest of connected OR or desired OR to a connection_t
24 * with that identity digest. If there is more than one such connection_t,
25 * they form a linked list, with next_with_same_id as the next pointer. */
26 static digestmap_t
*orconn_identity_map
= NULL
;
28 /** If conn is listed in orconn_identity_map, remove it, and clear
29 * conn->identity_digest. Otherwise do nothing. */
31 connection_or_remove_from_identity_map(or_connection_t
*conn
)
35 if (!orconn_identity_map
)
37 tmp
= digestmap_get(orconn_identity_map
, conn
->identity_digest
);
39 if (!tor_digest_is_zero(conn
->identity_digest
)) {
40 log_warn(LD_BUG
, "Bug: Didn't find connection on identity map when "
41 "trying to remove it.");
46 if (conn
->next_with_same_id
)
47 digestmap_set(orconn_identity_map
, conn
->identity_digest
,
48 conn
->next_with_same_id
);
50 digestmap_remove(orconn_identity_map
, conn
->identity_digest
);
52 while (tmp
->next_with_same_id
) {
53 if (tmp
->next_with_same_id
== conn
) {
54 tmp
->next_with_same_id
= conn
->next_with_same_id
;
57 tmp
= tmp
->next_with_same_id
;
60 memset(conn
->identity_digest
, 0, DIGEST_LEN
);
61 conn
->next_with_same_id
= NULL
;
64 /** Remove all entries from the identity-to-orconn map, and clear
65 * all identities in OR conns.*/
67 connection_or_clear_identity_map(void)
70 connection_t
**carray
;
72 get_connection_array(&carray
,&n
);
73 for (i
= 0; i
< n
; ++i
) {
74 connection_t
* conn
= carray
[i
];
75 if (conn
->type
== CONN_TYPE_OR
) {
76 or_connection_t
*or_conn
= TO_OR_CONN(conn
);
77 memset(or_conn
->identity_digest
, 0, DIGEST_LEN
);
78 or_conn
->next_with_same_id
= NULL
;
82 if (orconn_identity_map
) {
83 digestmap_free(orconn_identity_map
, NULL
);
84 orconn_identity_map
= NULL
;
88 /** Change conn->identity_digest to digest, and add conn into
89 * orconn_digest_map. */
91 connection_or_set_identity_digest(or_connection_t
*conn
, const char *digest
)
97 if (!orconn_identity_map
)
98 orconn_identity_map
= digestmap_new();
99 if (!memcmp(conn
->identity_digest
, digest
, DIGEST_LEN
))
102 /* If the identity was set previously, remove the old mapping. */
103 if (! tor_digest_is_zero(conn
->identity_digest
))
104 connection_or_remove_from_identity_map(conn
);
106 memcpy(conn
->identity_digest
, digest
, DIGEST_LEN
);
108 /* If we're setting the ID to zero, don't add a mapping. */
109 if (tor_digest_is_zero(digest
))
112 tmp
= digestmap_set(orconn_identity_map
, digest
, conn
);
113 conn
->next_with_same_id
= tmp
;
116 /* Testing code to check for bugs in representation. */
117 for (; tmp
; tmp
= tmp
->next_with_same_id
) {
118 tor_assert(!memcmp(tmp
->identity_digest
, digest
, DIGEST_LEN
));
119 tor_assert(tmp
!= conn
);
124 /** Pack the cell_t host-order structure <b>src</b> into network-order
125 * in the buffer <b>dest</b>. See tor-spec.txt for details about the
129 cell_pack(char *dest
, const cell_t
*src
)
131 *(uint16_t*)dest
= htons(src
->circ_id
);
132 *(uint8_t*)(dest
+2) = src
->command
;
133 memcpy(dest
+3, src
->payload
, CELL_PAYLOAD_SIZE
);
136 /** Unpack the network-order buffer <b>src</b> into a host-order
137 * cell_t structure <b>dest</b>.
140 cell_unpack(cell_t
*dest
, const char *src
)
142 dest
->circ_id
= ntohs(*(uint16_t*)(src
));
143 dest
->command
= *(uint8_t*)(src
+2);
144 memcpy(dest
->payload
, src
+3, CELL_PAYLOAD_SIZE
);
148 connection_or_reached_eof(or_connection_t
*conn
)
150 log_info(LD_OR
,"OR connection reached EOF. Closing.");
151 connection_mark_for_close(TO_CONN(conn
));
155 /** Read conn's inbuf. If the http response from the proxy is all
156 * here, make sure it's good news, and begin the tls handshake. If
157 * it's bad news, close the connection and return -1. Else return 0
158 * and hope for better luck next time.
161 connection_or_read_proxy_response(or_connection_t
*or_conn
)
167 connection_t
*conn
= TO_CONN(or_conn
);
169 switch (fetch_from_buf_http(conn
->inbuf
,
170 &headers
, MAX_HEADERS_SIZE
,
171 NULL
, NULL
, 10000, 0)) {
172 case -1: /* overflow */
173 log_warn(LD_PROTOCOL
,
174 "Your https proxy sent back an oversized response. Closing.");
177 log_info(LD_OR
,"https proxy response not all here yet. Waiting.");
179 /* case 1, fall through */
182 if (parse_http_response(headers
, &status_code
, &date_header
,
183 NULL
, &reason
) < 0) {
185 "Unparseable headers from proxy (connecting to '%s'). Closing.",
190 if (!reason
) reason
= tor_strdup("[no reason given]");
192 if (status_code
== 200) {
194 "HTTPS connect to '%s' successful! (200 %s) Starting TLS.",
195 conn
->address
, escaped(reason
));
197 if (connection_tls_start_handshake(or_conn
, 0) < 0) {
198 /* TLS handshaking error of some kind. */
199 connection_mark_for_close(conn
);
205 /* else, bad news on the status code */
207 "The https proxy sent back an unexpected status code %d (%s). "
209 status_code
, escaped(reason
));
211 connection_mark_for_close(conn
);
215 /** Handle any new bytes that have come in on connection <b>conn</b>.
216 * If conn is in 'open' state, hand it to
217 * connection_or_process_cells_from_inbuf()
221 connection_or_process_inbuf(or_connection_t
*conn
)
225 switch (conn
->_base
.state
) {
226 case OR_CONN_STATE_PROXY_READING
:
227 return connection_or_read_proxy_response(conn
);
228 case OR_CONN_STATE_OPEN
:
229 return connection_or_process_cells_from_inbuf(conn
);
231 return 0; /* don't do anything */
235 /** Called whenever we have flushed some data on an or_conn. */
237 connection_or_flushed_some(or_connection_t
*conn
)
239 if (conn
->blocked_dir_connections
&&
240 connection_or_empty_enough_for_dirserv_data(conn
)) {
241 connection_dirserv_stop_blocking_all_on_or_conn(conn
);
246 /** Connection <b>conn</b> has finished writing and has no bytes left on
249 * Otherwise it's in state "open": stop writing and return.
251 * If <b>conn</b> is broken, mark it for close and return -1, else
255 connection_or_finished_flushing(or_connection_t
*conn
)
258 assert_connection_ok(TO_CONN(conn
),0);
260 switch (conn
->_base
.state
) {
261 case OR_CONN_STATE_PROXY_FLUSHING
:
262 log_debug(LD_OR
,"finished sending CONNECT to proxy.");
263 conn
->_base
.state
= OR_CONN_STATE_PROXY_READING
;
264 connection_stop_writing(TO_CONN(conn
));
266 case OR_CONN_STATE_OPEN
:
267 connection_stop_writing(TO_CONN(conn
));
270 log_err(LD_BUG
,"BUG: called in unexpected state %d.", conn
->_base
.state
);
271 tor_fragile_assert();
277 /** Connected handler for OR connections: begin the TLS handshake.
280 connection_or_finished_connecting(or_connection_t
*or_conn
)
284 conn
= TO_CONN(or_conn
);
285 tor_assert(conn
->state
== OR_CONN_STATE_CONNECTING
);
287 log_debug(LD_OR
,"OR connect() to router at %s:%u finished.",
288 conn
->address
,conn
->port
);
290 if (get_options()->HttpsProxy
) {
292 char addrbuf
[INET_NTOA_BUF_LEN
];
294 char *base64_authenticator
=NULL
;
295 const char *authenticator
= get_options()->HttpsProxyAuthenticator
;
297 in
.s_addr
= htonl(conn
->addr
);
298 tor_inet_ntoa(&in
, addrbuf
, sizeof(addrbuf
));
301 base64_authenticator
= alloc_http_authenticator(authenticator
);
302 if (!base64_authenticator
)
303 log_warn(LD_OR
, "Encoding https authenticator failed");
305 if (base64_authenticator
) {
306 tor_snprintf(buf
, sizeof(buf
), "CONNECT %s:%d HTTP/1.1\r\n"
307 "Proxy-Authorization: Basic %s\r\n\r\n", addrbuf
,
308 conn
->port
, base64_authenticator
);
309 tor_free(base64_authenticator
);
311 tor_snprintf(buf
, sizeof(buf
), "CONNECT %s:%d HTTP/1.0\r\n\r\n",
312 addrbuf
, conn
->port
);
314 connection_write_to_buf(buf
, strlen(buf
), conn
);
315 conn
->state
= OR_CONN_STATE_PROXY_FLUSHING
;
319 if (connection_tls_start_handshake(or_conn
, 0) < 0) {
320 /* TLS handshaking error of some kind. */
321 connection_mark_for_close(conn
);
327 /** If we don't necessarily know the router we're connecting to, but we
328 * have an addr/port/id_digest, then fill in as much as we can. Start
329 * by checking to see if this describes a router we know. */
331 connection_or_init_conn_from_address(or_connection_t
*conn
,
332 uint32_t addr
, uint16_t port
,
333 const char *id_digest
,
336 or_options_t
*options
= get_options();
337 routerinfo_t
*r
= router_get_by_digest(id_digest
);
338 conn
->bandwidthrate
= (int)options
->BandwidthRate
;
339 conn
->read_bucket
= conn
->bandwidthburst
= (int)options
->BandwidthBurst
;
340 connection_or_set_identity_digest(conn
, id_digest
);
341 conn
->_base
.addr
= addr
;
342 conn
->_base
.port
= port
;
345 /* Override the addr/port, so our log messages will make sense.
346 * This is dangerous, since if we ever try looking up a conn by
347 * its actual addr/port, we won't remember. Careful! */
348 conn
->_base
.addr
= r
->addr
;
349 conn
->_base
.port
= r
->or_port
;
351 conn
->nickname
= tor_strdup(r
->nickname
);
352 tor_free(conn
->_base
.address
);
353 conn
->_base
.address
= tor_strdup(r
->address
);
356 /* If we're an authoritative directory server, we may know a
357 * nickname for this router. */
358 n
= dirserv_get_nickname_by_digest(id_digest
);
360 conn
->nickname
= tor_strdup(n
);
362 conn
->nickname
= tor_malloc(HEX_DIGEST_LEN
+2);
363 conn
->nickname
[0] = '$';
364 base16_encode(conn
->nickname
+1, HEX_DIGEST_LEN
+1,
365 conn
->identity_digest
, DIGEST_LEN
);
367 tor_free(conn
->_base
.address
);
368 conn
->_base
.address
= tor_dup_addr(addr
);
372 /** Return the best connection of type OR with the
373 * digest <b>digest</b> that we have, or NULL if we have none.
375 * 1) Don't return it if it's marked for close.
376 * 2) If there are any open conns, ignore non-open conns.
377 * 3) If there are any non-obsolete conns, ignore obsolete conns.
378 * 4) Then if there are any non-empty conns, ignore empty conns.
379 * 5) Of the remaining conns, prefer newer conns.
382 connection_or_get_by_identity_digest(const char *digest
)
385 or_connection_t
*conn
, *best
=NULL
;
387 if (!orconn_identity_map
)
390 conn
= digestmap_get(orconn_identity_map
, digest
);
392 for (; conn
; conn
= conn
->next_with_same_id
) {
393 tor_assert(conn
->_base
.magic
== OR_CONNECTION_MAGIC
);
394 tor_assert(conn
->_base
.type
== CONN_TYPE_OR
);
395 tor_assert(!memcmp(conn
->identity_digest
, digest
, DIGEST_LEN
));
396 if (conn
->_base
.marked_for_close
)
399 best
= conn
; /* whatever it is, it's better than nothing. */
402 if (best
->_base
.state
== OR_CONN_STATE_OPEN
&&
403 conn
->_base
.state
!= OR_CONN_STATE_OPEN
)
404 continue; /* avoid non-open conns if we can */
405 newer
= best
->_base
.timestamp_created
< conn
->_base
.timestamp_created
;
407 if (!best
->_base
.or_is_obsolete
&& conn
->_base
.or_is_obsolete
)
408 continue; /* We never prefer obsolete over non-obsolete connections. */
411 /* We prefer non-obsolete connections: */
412 (best
->_base
.or_is_obsolete
&& !conn
->_base
.or_is_obsolete
) ||
413 /* If both have circuits we prefer the newer: */
414 (best
->n_circuits
&& conn
->n_circuits
&& newer
) ||
415 /* If neither has circuits we prefer the newer: */
416 (!best
->n_circuits
&& !conn
->n_circuits
&& newer
) ||
417 /* We prefer connections with circuits: */
418 (!best
->n_circuits
&& conn
->n_circuits
)) {
425 /** Launch a new OR connection to <b>addr</b>:<b>port</b> and expect to
426 * handshake with an OR with identity digest <b>id_digest</b>.
428 * If <b>id_digest</b> is me, do nothing. If we're already connected to it,
429 * return that connection. If the connect() is in progress, set the
430 * new conn's state to 'connecting' and return it. If connect() succeeds,
431 * call connection_tls_start_handshake() on it.
433 * This function is called from router_retry_connections(), for
434 * ORs connecting to ORs, and circuit_establish_circuit(), for
435 * OPs connecting to ORs.
437 * Return the launched conn, or NULL if it failed.
440 connection_or_connect(uint32_t addr
, uint16_t port
, const char *id_digest
)
442 or_connection_t
*conn
;
443 or_options_t
*options
= get_options();
445 tor_assert(id_digest
);
447 if (server_mode(options
) && router_digest_is_me(id_digest
)) {
448 log_info(LD_PROTOCOL
,"Client asked me to connect to myself. Refusing.");
452 conn
= TO_OR_CONN(connection_new(CONN_TYPE_OR
));
454 /* set up conn so it's got all the data we need to remember */
455 connection_or_init_conn_from_address(conn
, addr
, port
, id_digest
, 1);
456 conn
->_base
.state
= OR_CONN_STATE_CONNECTING
;
457 control_event_or_conn_status(conn
, OR_CONN_EVENT_LAUNCHED
, 0);
459 if (options
->HttpsProxy
) {
460 /* we shouldn't connect directly. use the https proxy instead. */
461 addr
= options
->HttpsProxyAddr
;
462 port
= options
->HttpsProxyPort
;
465 switch (connection_connect(TO_CONN(conn
), conn
->_base
.address
, addr
, port
)) {
467 /* If the connection failed immediately, and we're using
468 * an https proxy, our https proxy is down. Don't blame the
470 if (!options
->HttpsProxy
) {
471 entry_guard_register_connect_status(conn
->identity_digest
, 0,
473 router_set_status(conn
->identity_digest
, 0);
475 control_event_or_conn_status(conn
, OR_CONN_EVENT_FAILED
,
476 END_OR_CONN_REASON_TCP_REFUSED
);
477 connection_free(TO_CONN(conn
));
480 connection_watch_events(TO_CONN(conn
), EV_READ
| EV_WRITE
);
481 /* writable indicates finish, readable indicates broken link,
482 error indicates broken link on windows */
484 /* case 1: fall through */
487 if (connection_or_finished_connecting(conn
) < 0) {
488 /* already marked for close */
494 /** Begin the tls handshake with <b>conn</b>. <b>receiving</b> is 0 if
495 * we initiated the connection, else it's 1.
497 * Assign a new tls object to conn->tls, begin reading on <b>conn</b>, and
498 * pass <b>conn</b> to connection_tls_continue_handshake().
500 * Return -1 if <b>conn</b> is broken, else return 0.
503 connection_tls_start_handshake(or_connection_t
*conn
, int receiving
)
505 conn
->_base
.state
= OR_CONN_STATE_HANDSHAKING
;
506 conn
->tls
= tor_tls_new(conn
->_base
.s
, receiving
);
508 log_warn(LD_BUG
,"tor_tls_new failed. Closing.");
511 connection_start_reading(TO_CONN(conn
));
512 log_debug(LD_OR
,"starting TLS handshake on fd %d", conn
->_base
.s
);
513 note_crypto_pk_op(receiving
? TLS_HANDSHAKE_S
: TLS_HANDSHAKE_C
);
515 if (connection_tls_continue_handshake(conn
) < 0) {
521 /** Move forward with the tls handshake. If it finishes, hand
522 * <b>conn</b> to connection_tls_finish_handshake().
524 * Return -1 if <b>conn</b> is broken, else return 0.
527 connection_tls_continue_handshake(or_connection_t
*conn
)
529 check_no_tls_errors();
530 switch (tor_tls_handshake(conn
->tls
)) {
531 CASE_TOR_TLS_ERROR_ANY
:
532 log_info(LD_OR
,"tls error. breaking connection.");
535 return connection_tls_finish_handshake(conn
);
536 case TOR_TLS_WANTWRITE
:
537 connection_start_writing(TO_CONN(conn
));
538 log_debug(LD_OR
,"wanted write");
540 case TOR_TLS_WANTREAD
: /* handshaking conns are *always* reading */
541 log_debug(LD_OR
,"wanted read");
544 log_info(LD_OR
,"tls closed. breaking connection.");
550 /** Return 1 if we initiated this connection, or 0 if it started
551 * out as an incoming connection.
553 * This is implemented for now by checking to see if
554 * conn-\>identity_digest is set or not. Perhaps we should add a flag
555 * one day so we're clearer.
558 connection_or_nonopen_was_started_here(or_connection_t
*conn
)
560 tor_assert(conn
->_base
.type
== CONN_TYPE_OR
);
562 return 1; /* it's still in proxy states or something */
563 return !tor_tls_is_server(conn
->tls
);
566 /** <b>Conn</b> just completed its handshake. Return 0 if all is well, and
567 * return -1 if he is lying, broken, or otherwise something is wrong.
569 * If we initiated this connection (<b>started_here</b> is true), make sure
570 * the other side sent sent a correctly formed certificate. If I initiated the
571 * connection, make sure it's the right guy.
573 * Otherwise (if we _didn't_ initiate this connection), it's okay for
574 * the certificate to be weird or absent.
576 * If we return 0, and the certificate is as expected, write a hash of the
577 * identity key into digest_rcvd, which must have DIGEST_LEN space in it. (If
578 * we return -1 this buffer is undefined.) If the certificate is invalid
579 * or missing on an incoming connection, we return 0 and set digest_rcvd to
580 * DIGEST_LEN 0 bytes.
583 * 1) Set conn->circ_id_type according to tor-spec.txt.
584 * 2) If we're an authdirserver and we initiated the connection: drop all
585 * descriptors that claim to be on that IP/port but that aren't
586 * this guy; and note that this guy is reachable.
589 connection_or_check_valid_handshake(or_connection_t
*conn
, int started_here
,
592 crypto_pk_env_t
*identity_rcvd
=NULL
;
593 or_options_t
*options
= get_options();
594 int severity
= server_mode(options
) ? LOG_PROTOCOL_WARN
: LOG_WARN
;
595 const char *safe_address
=
596 started_here
? conn
->_base
.address
: safe_str(conn
->_base
.address
);
597 const char *conn_type
= started_here
? "outgoing" : "incoming";
598 int has_cert
= 0, has_identity
= 0;
600 check_no_tls_errors();
601 has_cert
= tor_tls_peer_has_cert(conn
->tls
);
602 if (started_here
&& !has_cert
) {
603 log_info(LD_PROTOCOL
,"Tried connecting to router at %s:%d, but it didn't "
604 "send a cert! Closing.",
605 safe_address
, conn
->_base
.port
);
607 } else if (!has_cert
) {
608 log_debug(LD_PROTOCOL
,"Got incoming connection with no certificate. "
611 check_no_tls_errors();
614 int v
= tor_tls_verify(started_here
?severity
:LOG_INFO
,
615 conn
->tls
, &identity_rcvd
);
616 if (started_here
&& v
<0) {
617 log_fn(severity
,LD_OR
,"Tried connecting to router at %s:%d: It"
618 " has a cert but it's invalid. Closing.",
619 safe_address
, conn
->_base
.port
);
622 log_info(LD_PROTOCOL
,"Incoming connection gave us an invalid cert "
625 log_debug(LD_OR
,"The certificate seems to be valid on %s connection "
626 "with %s:%d", conn_type
, safe_address
, conn
->_base
.port
);
628 check_no_tls_errors();
633 crypto_pk_get_digest(identity_rcvd
, digest_rcvd
);
635 if (crypto_pk_cmp_keys(get_identity_key(), identity_rcvd
)<0) {
636 conn
->circ_id_type
= CIRC_ID_TYPE_LOWER
;
638 conn
->circ_id_type
= CIRC_ID_TYPE_HIGHER
;
640 crypto_free_pk_env(identity_rcvd
);
642 memset(digest_rcvd
, 0, DIGEST_LEN
);
643 conn
->circ_id_type
= CIRC_ID_TYPE_NEITHER
;
647 int as_advertised
= 1;
648 tor_assert(has_cert
);
649 tor_assert(has_identity
);
650 if (memcmp(digest_rcvd
, conn
->identity_digest
, DIGEST_LEN
)) {
651 /* I was aiming for a particular digest. I didn't get it! */
652 char seen
[HEX_DIGEST_LEN
+1];
653 char expected
[HEX_DIGEST_LEN
+1];
654 base16_encode(seen
, sizeof(seen
), digest_rcvd
, DIGEST_LEN
);
655 base16_encode(expected
, sizeof(expected
), conn
->identity_digest
,
657 log_fn(severity
, LD_OR
,
658 "Tried connecting to router at %s:%d, but identity key was not "
659 "as expected: wanted %s but got %s.",
660 conn
->_base
.address
, conn
->_base
.port
, expected
, seen
);
661 entry_guard_register_connect_status(conn
->identity_digest
,0,time(NULL
));
662 router_set_status(conn
->identity_digest
, 0);
663 control_event_or_conn_status(conn
, OR_CONN_EVENT_FAILED
,
664 END_OR_CONN_REASON_OR_IDENTITY
);
667 if (authdir_mode(options
)) {
668 /* We initiated this connection to address:port. Drop all routers
669 * with the same address:port and a different key.
671 dirserv_orconn_tls_done(conn
->_base
.address
, conn
->_base
.port
,
672 digest_rcvd
, as_advertised
);
680 /** The tls handshake is finished.
682 * Make sure we are happy with the person we just handshaked with.
684 * If he initiated the connection, make sure he's not already connected,
685 * then initialize conn from the information in router.
687 * If all is successful, call circuit_n_conn_done() to handle events
688 * that have been pending on the <tls handshake completion. Also set the
689 * directory to be dirty (only matters if I'm an authdirserver).
692 connection_tls_finish_handshake(or_connection_t
*conn
)
694 char digest_rcvd
[DIGEST_LEN
];
695 int started_here
= connection_or_nonopen_was_started_here(conn
);
697 log_debug(LD_OR
,"tls handshake done. verifying.");
698 if (connection_or_check_valid_handshake(conn
, started_here
, digest_rcvd
) < 0)
702 connection_or_init_conn_from_address(conn
,conn
->_base
.addr
,
703 conn
->_base
.port
, digest_rcvd
, 0);
706 directory_set_dirty();
707 conn
->_base
.state
= OR_CONN_STATE_OPEN
;
708 control_event_or_conn_status(conn
, OR_CONN_EVENT_CONNECTED
, 0);
710 rep_hist_note_connect_succeeded(conn
->identity_digest
, time(NULL
));
711 if (entry_guard_register_connect_status(conn
->identity_digest
, 1,
713 /* pending circs get closed in circuit_about_to_close_connection() */
716 router_set_status(conn
->identity_digest
, 1);
718 connection_watch_events(TO_CONN(conn
), EV_READ
);
719 circuit_n_conn_done(conn
, 1); /* send the pending creates, if any. */
723 /** Pack <b>cell</b> into wire-format, and write it onto <b>conn</b>'s
727 connection_or_write_cell_to_buf(const cell_t
*cell
, or_connection_t
*conn
)
729 char networkcell
[CELL_NETWORK_SIZE
];
730 char *n
= networkcell
;
737 connection_write_to_buf(n
, CELL_NETWORK_SIZE
, TO_CONN(conn
));
740 /** Process cells from <b>conn</b>'s inbuf.
742 * Loop: while inbuf contains a cell, pull it off the inbuf, unpack it,
743 * and hand it to command_process_cell().
748 connection_or_process_cells_from_inbuf(or_connection_t
*conn
)
750 char buf
[CELL_NETWORK_SIZE
];
755 "%d: starting, inbuf_datalen %d (%d pending in tls object).",
756 conn
->_base
.s
,(int)buf_datalen(conn
->_base
.inbuf
),
757 tor_tls_get_pending_bytes(conn
->tls
));
758 if (buf_datalen(conn
->_base
.inbuf
) < CELL_NETWORK_SIZE
) /* whole response
760 return 0; /* not yet */
762 connection_fetch_from_buf(buf
, CELL_NETWORK_SIZE
, TO_CONN(conn
));
764 /* retrieve cell info from buf (create the host-order struct from the
765 * network-order string) */
766 cell_unpack(&cell
, buf
);
768 command_process_cell(&cell
, conn
);
770 goto loop
; /* process the remainder of the buffer */
773 /** Write a destroy cell with circ ID <b>circ_id</b> and reason <b>reason</b>
774 * onto OR connection <b>conn</b>. Don't perform range-checking on reason:
775 * we may want to propagate reasons from other cells.
780 connection_or_send_destroy(uint16_t circ_id
, or_connection_t
*conn
, int reason
)
786 memset(&cell
, 0, sizeof(cell_t
));
787 cell
.circ_id
= circ_id
;
788 cell
.command
= CELL_DESTROY
;
789 cell
.payload
[0] = (uint8_t) reason
;
790 log_debug(LD_OR
,"Sending destroy (circID %d).", circ_id
);
791 connection_or_write_cell_to_buf(&cell
, conn
);
795 /** A high waterlevel for whether to refill this OR connection
796 * with more directory information, if any is pending. */
797 #define BUF_FULLNESS_THRESHOLD (128*1024)
798 /** A bottom waterlevel for whether to refill this OR connection
799 * with more directory information, if any is pending. We don't want
800 * to make this too low, since we already run the risk of starving
801 * the pending dir connections if the OR conn is frequently busy with
803 #define BUF_EMPTINESS_THRESHOLD (96*1024)
805 /** Return true iff there is so much data waiting to be flushed on <b>conn</b>
806 * that we should stop writing directory data to it. */
808 connection_or_too_full_for_dirserv_data(or_connection_t
*conn
)
810 return buf_datalen(conn
->_base
.outbuf
) > BUF_FULLNESS_THRESHOLD
;
813 /** Return true iff there is no longer so much data waiting to be flushed on
814 * <b>conn</b> that we should not write directory data to it. */
816 connection_or_empty_enough_for_dirserv_data(or_connection_t
*conn
)
818 /* Note that the threshold to stop writing is a bit higher than the
819 * threshold to start again: this should (with any luck) keep us from
820 * flapping about indefinitely. */
821 return buf_datalen(conn
->_base
.outbuf
) < BUF_EMPTINESS_THRESHOLD
;