src/or/reasons.c

   1 /* Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson.
   2  * Copyright (c) 2007-2017, The Tor Project, Inc. */
   3 /* See LICENSE for licensing information */
   4
   5 /**
   6  * \file reasons.c
   7  * \brief Convert circuit, stream, and orconn error reasons to and/or from
   8  * strings and errno values.
   9  *
  10  * This module is just a bunch of functions full of case statements that
  11  * convert from one representation of our error codes to another. These are
  12  * mainly used in generating log messages, in sending messages to the
  13  * controller in control.c, and in converting errors from one protocol layer
  14  * to another.
  15  **/
  16
  17 #include "or.h"
  18 #include "config.h"
  19 #include "reasons.h"
  20
  21 /***************************** Edge (stream) reasons **********************/
  22
  23 /** Convert the reason for ending a stream <b>reason</b> into the format used
  24  * in STREAM events. Return NULL if the reason is unrecognized. */
  25 const char *
  26 stream_end_reason_to_control_string(int reason)
  27 {
  28   reason &= END_STREAM_REASON_MASK;
  29   switch (reason) {
  30     case END_STREAM_REASON_MISC: return "MISC";
  31     case END_STREAM_REASON_RESOLVEFAILED: return "RESOLVEFAILED";
  32     case END_STREAM_REASON_CONNECTREFUSED: return "CONNECTREFUSED";
  33     case END_STREAM_REASON_EXITPOLICY: return "EXITPOLICY";
  34     case END_STREAM_REASON_DESTROY: return "DESTROY";
  35     case END_STREAM_REASON_DONE: return "DONE";
  36     case END_STREAM_REASON_TIMEOUT: return "TIMEOUT";
  37     case END_STREAM_REASON_NOROUTE: return "NOROUTE";
  38     case END_STREAM_REASON_HIBERNATING: return "HIBERNATING";
  39     case END_STREAM_REASON_INTERNAL: return "INTERNAL";
  40     case END_STREAM_REASON_RESOURCELIMIT: return "RESOURCELIMIT";
  41     case END_STREAM_REASON_CONNRESET: return "CONNRESET";
  42     case END_STREAM_REASON_TORPROTOCOL: return "TORPROTOCOL";
  43     case END_STREAM_REASON_NOTDIRECTORY: return "NOTDIRECTORY";
  44
  45     case END_STREAM_REASON_CANT_ATTACH: return "CANT_ATTACH";
  46     case END_STREAM_REASON_NET_UNREACHABLE: return "NET_UNREACHABLE";
  47     case END_STREAM_REASON_SOCKSPROTOCOL: return "SOCKS_PROTOCOL";
  48     // XXXX Controlspec
  49     case END_STREAM_REASON_HTTPPROTOCOL: return "HTTP_PROTOCOL";
  50
  51     case END_STREAM_REASON_PRIVATE_ADDR: return "PRIVATE_ADDR";
  52
  53     default: return NULL;
  54   }
  55 }
  56
  57 /** Translate <b>reason</b>, which came from a relay 'end' cell,
  58  * into a static const string describing why the stream is closing.
  59  * <b>reason</b> is -1 if no reason was provided.
  60  */
  61 const char *
  62 stream_end_reason_to_string(int reason)
  63 {
  64   switch (reason) {
  65     case -1:
  66       log_fn(LOG_PROTOCOL_WARN, LD_PROTOCOL,
  67              "End cell arrived with length 0. Should be at least 1.");
  68       return "MALFORMED";
  69     case END_STREAM_REASON_MISC:           return "misc error";
  70     case END_STREAM_REASON_RESOLVEFAILED:  return "resolve failed";
  71     case END_STREAM_REASON_CONNECTREFUSED: return "connection refused";
  72     case END_STREAM_REASON_EXITPOLICY:     return "exit policy failed";
  73     case END_STREAM_REASON_DESTROY:        return "destroyed";
  74     case END_STREAM_REASON_DONE:           return "closed normally";
  75     case END_STREAM_REASON_TIMEOUT:        return "gave up (timeout)";
  76     case END_STREAM_REASON_NOROUTE:        return "no route to host";
  77     case END_STREAM_REASON_HIBERNATING:    return "server is hibernating";
  78     case END_STREAM_REASON_INTERNAL:       return "internal error at server";
  79     case END_STREAM_REASON_RESOURCELIMIT:  return "server out of resources";
  80     case END_STREAM_REASON_CONNRESET:      return "connection reset";
  81     case END_STREAM_REASON_TORPROTOCOL:    return "Tor protocol error";
  82     case END_STREAM_REASON_NOTDIRECTORY:   return "not a directory";
  83     default:
  84       log_fn(LOG_PROTOCOL_WARN, LD_PROTOCOL,
  85              "Reason for ending (%d) not recognized.",reason);
  86       return "unknown";
  87   }
  88 }
  89
  90 /** Translate <b>reason</b> (as from a relay 'end' cell) into an
  91  * appropriate SOCKS5 reply code.
  92  *
  93  * A reason of 0 means that we're not actually expecting to send
  94  * this code back to the socks client; we just call it 'succeeded'
  95  * to keep things simple.
  96  */
  97 socks5_reply_status_t
  98 stream_end_reason_to_socks5_response(int reason)
  99 {
 100   switch (reason & END_STREAM_REASON_MASK) {
 101     case 0:
 102       return SOCKS5_SUCCEEDED;
 103     case END_STREAM_REASON_MISC:
 104       return SOCKS5_GENERAL_ERROR;
 105     case END_STREAM_REASON_RESOLVEFAILED:
 106       return SOCKS5_HOST_UNREACHABLE;
 107     case END_STREAM_REASON_CONNECTREFUSED:
 108       return SOCKS5_CONNECTION_REFUSED;
 109     case END_STREAM_REASON_ENTRYPOLICY:
 110       return SOCKS5_NOT_ALLOWED;
 111     case END_STREAM_REASON_EXITPOLICY:
 112       return SOCKS5_NOT_ALLOWED;
 113     case END_STREAM_REASON_DESTROY:
 114       return SOCKS5_GENERAL_ERROR;
 115     case END_STREAM_REASON_DONE:
 116       /* Note that 'DONE' usually indicates a successful close from the other
 117        * side of the stream... but if we receive it before a connected cell --
 118        * that is, before we have sent a SOCKS reply -- that means that the
 119        * other side of the circuit closed the connection before telling us it
 120        * was complete. */
 121       return SOCKS5_CONNECTION_REFUSED;
 122     case END_STREAM_REASON_TIMEOUT:
 123       return SOCKS5_TTL_EXPIRED;
 124     case END_STREAM_REASON_NOROUTE:
 125       return SOCKS5_HOST_UNREACHABLE;
 126     case END_STREAM_REASON_RESOURCELIMIT:
 127       return SOCKS5_GENERAL_ERROR;
 128     case END_STREAM_REASON_HIBERNATING:
 129       return SOCKS5_GENERAL_ERROR;
 130     case END_STREAM_REASON_INTERNAL:
 131       return SOCKS5_GENERAL_ERROR;
 132     case END_STREAM_REASON_CONNRESET:
 133       return SOCKS5_CONNECTION_REFUSED;
 134     case END_STREAM_REASON_TORPROTOCOL:
 135       return SOCKS5_GENERAL_ERROR;
 136
 137     case END_STREAM_REASON_CANT_ATTACH:
 138       return SOCKS5_GENERAL_ERROR;
 139     case END_STREAM_REASON_NET_UNREACHABLE:
 140       return SOCKS5_NET_UNREACHABLE;
 141     case END_STREAM_REASON_SOCKSPROTOCOL:
 142       return SOCKS5_GENERAL_ERROR;
 143     case END_STREAM_REASON_HTTPPROTOCOL:
 144       // LCOV_EXCL_START
 145       tor_assert_nonfatal_unreached();
 146       return SOCKS5_GENERAL_ERROR;
 147       // LCOV_EXCL_STOP
 148     case END_STREAM_REASON_PRIVATE_ADDR:
 149       return SOCKS5_GENERAL_ERROR;
 150
 151     default:
 152       log_fn(LOG_PROTOCOL_WARN, LD_PROTOCOL,
 153              "Reason for ending (%d) not recognized; "
 154              "sending generic socks error.", reason);
 155       return SOCKS5_GENERAL_ERROR;
 156   }
 157 }
 158
 159 /* We need to use a few macros to deal with the fact that Windows
 160  * decided that their sockets interface should be a permakludge.
 161  * E_CASE is for errors where windows has both a EFOO and a WSAEFOO
 162  * version, and S_CASE is for errors where windows has only a WSAEFOO
 163  * version.  (The E is for 'error', the S is for 'socket'). */
 164 #ifdef _WIN32
 165 #define E_CASE(s) case s: case WSA ## s
 166 #define S_CASE(s) case WSA ## s
 167 #else
 168 #define E_CASE(s) case s
 169 #define S_CASE(s) case s
 170 #endif /* defined(_WIN32) */
 171
 172 /** Given an errno from a failed exit connection, return a reason code
 173  * appropriate for use in a RELAY END cell. */
 174 uint8_t
 175 errno_to_stream_end_reason(int e)
 176 {
 177   /* To add new errors here, find out if they exist on Windows, and if a WSA*
 178    * equivalent exists on windows. Add a case, an S_CASE, or an E_CASE as
 179    * appropriate. */
 180   switch (e) {
 181     case EPIPE:
 182       return END_STREAM_REASON_DONE;
 183     E_CASE(EBADF):
 184     E_CASE(EFAULT):
 185     E_CASE(EINVAL):
 186     S_CASE(EISCONN):
 187     S_CASE(ENOTSOCK):
 188     S_CASE(EPROTONOSUPPORT):
 189     S_CASE(EAFNOSUPPORT):
 190     S_CASE(ENOTCONN):
 191       return END_STREAM_REASON_INTERNAL;
 192     S_CASE(ENETUNREACH):
 193     S_CASE(EHOSTUNREACH):
 194     E_CASE(EACCES):
 195     case EPERM:
 196       return END_STREAM_REASON_NOROUTE;
 197     S_CASE(ECONNREFUSED):
 198       return END_STREAM_REASON_CONNECTREFUSED;
 199     S_CASE(ECONNRESET):
 200       return END_STREAM_REASON_CONNRESET;
 201     S_CASE(ETIMEDOUT):
 202       return END_STREAM_REASON_TIMEOUT;
 203     S_CASE(ENOBUFS):
 204     case ENOMEM:
 205     case ENFILE:
 206     S_CASE(EADDRINUSE):
 207     S_CASE(EADDRNOTAVAIL):
 208     E_CASE(EMFILE):
 209       return END_STREAM_REASON_RESOURCELIMIT;
 210     default:
 211       log_info(LD_EXIT, "Didn't recognize errno %d (%s); telling the client "
 212                "that we are ending a stream for 'misc' reason.",
 213                e, tor_socket_strerror(e));
 214       return END_STREAM_REASON_MISC;
 215   }
 216 }
 217
 218 /***************************** ORConn reasons *****************************/
 219
 220 /** Convert the reason for ending an OR connection <b>r</b> into the format
 221  * used in ORCONN events. Return "UNKNOWN" if the reason is unrecognized. */
 222 const char *
 223 orconn_end_reason_to_control_string(int r)
 224 {
 225   /* To add new errors here, find out if they exist on Windows, and if a WSA*
 226    * equivalent exists on windows. Add a case, an S_CASE, or an E_CASE as
 227    * appropriate. */
 228   switch (r) {
 229     case END_OR_CONN_REASON_DONE:
 230       return "DONE";
 231     case END_OR_CONN_REASON_REFUSED:
 232       return "CONNECTREFUSED";
 233     case END_OR_CONN_REASON_OR_IDENTITY:
 234       return "IDENTITY";
 235     case END_OR_CONN_REASON_CONNRESET:
 236       return "CONNECTRESET";
 237     case END_OR_CONN_REASON_TIMEOUT:
 238       return "TIMEOUT";
 239     case END_OR_CONN_REASON_NO_ROUTE:
 240       return "NOROUTE";
 241     case END_OR_CONN_REASON_IO_ERROR:
 242       return "IOERROR";
 243     case END_OR_CONN_REASON_RESOURCE_LIMIT:
 244       return "RESOURCELIMIT";
 245     case END_OR_CONN_REASON_MISC:
 246       return "MISC";
 247     case END_OR_CONN_REASON_PT_MISSING:
 248       return "PT_MISSING";
 249     case 0:
 250       return "";
 251     default:
 252       log_warn(LD_BUG, "Unrecognized or_conn reason code %d", r);
 253       return "UNKNOWN";
 254   }
 255 }
 256
 257 /** Convert a TOR_TLS_* error code into an END_OR_CONN_* reason. */
 258 int
 259 tls_error_to_orconn_end_reason(int e)
 260 {
 261   switch (e) {
 262     case TOR_TLS_ERROR_IO:
 263       return END_OR_CONN_REASON_IO_ERROR;
 264     case TOR_TLS_ERROR_CONNREFUSED:
 265       return END_OR_CONN_REASON_REFUSED;
 266     case TOR_TLS_ERROR_CONNRESET:
 267       return END_OR_CONN_REASON_CONNRESET;
 268     case TOR_TLS_ERROR_NO_ROUTE:
 269       return END_OR_CONN_REASON_NO_ROUTE;
 270     case TOR_TLS_ERROR_TIMEOUT:
 271       return END_OR_CONN_REASON_TIMEOUT;
 272     case TOR_TLS_WANTREAD:
 273     case TOR_TLS_WANTWRITE:
 274     case TOR_TLS_CLOSE:
 275     case TOR_TLS_DONE:
 276       return END_OR_CONN_REASON_DONE;
 277     default:
 278       return END_OR_CONN_REASON_MISC;
 279   }
 280 }
 281
 282 /** Given an errno from a failed ORConn connection, return a reason code
 283  * appropriate for use in the controller orconn events. */
 284 int
 285 errno_to_orconn_end_reason(int e)
 286 {
 287   switch (e) {
 288     case EPIPE:
 289       return END_OR_CONN_REASON_DONE;
 290     S_CASE(ENOTCONN):
 291     S_CASE(ENETUNREACH):
 292     S_CASE(ENETDOWN):
 293     S_CASE(EHOSTUNREACH):
 294       return END_OR_CONN_REASON_NO_ROUTE;
 295     S_CASE(ECONNREFUSED):
 296       return END_OR_CONN_REASON_REFUSED;
 297     S_CASE(ECONNRESET):
 298       return END_OR_CONN_REASON_CONNRESET;
 299     S_CASE(ETIMEDOUT):
 300       return END_OR_CONN_REASON_TIMEOUT;
 301     S_CASE(ENOBUFS):
 302     case ENOMEM:
 303     case ENFILE:
 304     E_CASE(EMFILE):
 305     E_CASE(EACCES):
 306     E_CASE(EBADF):
 307     E_CASE(EFAULT):
 308     E_CASE(EINVAL):
 309       return END_OR_CONN_REASON_RESOURCE_LIMIT;
 310     default:
 311       log_info(LD_OR, "Didn't recognize errno %d (%s).",
 312                e, tor_socket_strerror(e));
 313       return END_OR_CONN_REASON_MISC;
 314   }
 315 }
 316
 317 /***************************** Circuit reasons *****************************/
 318
 319 /** Convert a numeric reason for destroying a circuit into a string for a
 320  * CIRCUIT event. */
 321 const char *
 322 circuit_end_reason_to_control_string(int reason)
 323 {
 324   int is_remote = 0;
 325
 326   if (reason >= 0 && reason & END_CIRC_REASON_FLAG_REMOTE) {
 327     reason &= ~END_CIRC_REASON_FLAG_REMOTE;
 328     is_remote = 1;
 329   }
 330
 331   switch (reason) {
 332     case END_CIRC_AT_ORIGIN:
 333       /* This shouldn't get passed here; it's a catch-all reason. */
 334       return "ORIGIN";
 335     case END_CIRC_REASON_NONE:
 336       /* This shouldn't get passed here; it's a catch-all reason. */
 337       return "NONE";
 338     case END_CIRC_REASON_TORPROTOCOL:
 339       return "TORPROTOCOL";
 340     case END_CIRC_REASON_INTERNAL:
 341       return "INTERNAL";
 342     case END_CIRC_REASON_REQUESTED:
 343       return "REQUESTED";
 344     case END_CIRC_REASON_HIBERNATING:
 345       return "HIBERNATING";
 346     case END_CIRC_REASON_RESOURCELIMIT:
 347       return "RESOURCELIMIT";
 348     case END_CIRC_REASON_CONNECTFAILED:
 349       return "CONNECTFAILED";
 350     case END_CIRC_REASON_OR_IDENTITY:
 351       return "OR_IDENTITY";
 352     case END_CIRC_REASON_CHANNEL_CLOSED:
 353       return "CHANNEL_CLOSED";
 354     case END_CIRC_REASON_FINISHED:
 355       return "FINISHED";
 356     case END_CIRC_REASON_TIMEOUT:
 357       return "TIMEOUT";
 358     case END_CIRC_REASON_DESTROYED:
 359       return "DESTROYED";
 360     case END_CIRC_REASON_NOPATH:
 361       return "NOPATH";
 362     case END_CIRC_REASON_NOSUCHSERVICE:
 363       return "NOSUCHSERVICE";
 364     case END_CIRC_REASON_MEASUREMENT_EXPIRED:
 365       return "MEASUREMENT_EXPIRED";
 366     case END_CIRC_REASON_IP_NOW_REDUNDANT:
 367       return "IP_NOW_REDUNDANT";
 368     default:
 369       if (is_remote) {
 370         /*
 371          * If it's remote, it's not a bug *here*, so don't use LD_BUG, but
 372          * do note that the someone we're talking to is speaking the Tor
 373          * protocol with a weird accent.
 374          */
 375         log_warn(LD_PROTOCOL,
 376                  "Remote server sent bogus reason code %d", reason);
 377       } else {
 378         log_warn(LD_BUG,
 379                  "Unrecognized reason code %d", reason);
 380       }
 381       return NULL;
 382   }
 383 }
 384
 385 /** Return a string corresponding to a SOCKS4 response code. */
 386 const char *
 387 socks4_response_code_to_string(uint8_t code)
 388 {
 389   switch (code) {
 390     case 0x5a:
 391       return "connection accepted";
 392     case 0x5b:
 393       return "server rejected connection";
 394     case 0x5c:
 395       return "server cannot connect to identd on this client";
 396     case 0x5d:
 397       return "user id does not match identd";
 398     default:
 399       return "invalid SOCKS 4 response code";
 400   }
 401 }
 402
 403 /** Return a string corresponding to a SOCKS5 response code. */
 404 const char *
 405 socks5_response_code_to_string(uint8_t code)
 406 {
 407   switch (code) {
 408     case 0x00:
 409       return "connection accepted";
 410     case 0x01:
 411       return "general SOCKS server failure";
 412     case 0x02:
 413       return "connection not allowed by ruleset";
 414     case 0x03:
 415       return "Network unreachable";
 416     case 0x04:
 417       return "Host unreachable";
 418     case 0x05:
 419       return "Connection refused";
 420     case 0x06:
 421       return "TTL expired";
 422     case 0x07:
 423       return "Command not supported";
 424     case 0x08:
 425       return "Address type not supported";
 426     default:
 427       return "unknown reason";
 428   }
 429 }
 430
 431 /** Return a string corresponding to a bandwidth_weight_rule_t */
 432 const char *
 433 bandwidth_weight_rule_to_string(bandwidth_weight_rule_t rule)
 434 {
 435   switch (rule)
 436     {
 437     case NO_WEIGHTING:
 438       return "no weighting";
 439     case WEIGHT_FOR_EXIT:
 440       return "weight as exit";
 441     case WEIGHT_FOR_MID:
 442       return "weight as middle node";
 443     case WEIGHT_FOR_GUARD:
 444       return "weight as guard";
 445     case WEIGHT_FOR_DIR:
 446       return "weight as directory";
 447     default:
 448       return "unknown rule";
 449   }
 450 }
 451
 452 /** Given a RELAY_END reason value, convert it to an HTTP response to be
 453  * send over an HTTP tunnel connection. */
 454 const char *
 455 end_reason_to_http_connect_response_line(int endreason)
 456 {
 457   endreason &= END_STREAM_REASON_MASK;
 458   /* XXXX these are probably all wrong. Should they all be 502? */
 459   switch (endreason) {
 460     case 0:
 461       return "HTTP/1.0 200 OK\r\n\r\n";
 462     case END_STREAM_REASON_MISC:
 463       return "HTTP/1.0 500 Internal Server Error\r\n\r\n";
 464     case END_STREAM_REASON_RESOLVEFAILED:
 465       return "HTTP/1.0 404 Not Found (resolve failed)\r\n\r\n";
 466     case END_STREAM_REASON_NOROUTE:
 467       return "HTTP/1.0 404 Not Found (no route)\r\n\r\n";
 468     case END_STREAM_REASON_CONNECTREFUSED:
 469       return "HTTP/1.0 403 Forbidden (connection refused)\r\n\r\n";
 470     case END_STREAM_REASON_EXITPOLICY:
 471       return "HTTP/1.0 403 Forbidden (exit policy)\r\n\r\n";
 472     case END_STREAM_REASON_DESTROY:
 473       return "HTTP/1.0 502 Bad Gateway (destroy cell received)\r\n\r\n";
 474     case END_STREAM_REASON_DONE:
 475       return "HTTP/1.0 502 Bad Gateway (unexpected close)\r\n\r\n";
 476     case END_STREAM_REASON_TIMEOUT:
 477       return "HTTP/1.0 504 Gateway Timeout\r\n\r\n";
 478     case END_STREAM_REASON_HIBERNATING:
 479       return "HTTP/1.0 502 Bad Gateway (hibernating server)\r\n\r\n";
 480     case END_STREAM_REASON_INTERNAL:
 481       return "HTTP/1.0 502 Bad Gateway (internal error)\r\n\r\n";
 482     case END_STREAM_REASON_RESOURCELIMIT:
 483       return "HTTP/1.0 502 Bad Gateway (resource limit)\r\n\r\n";
 484     case END_STREAM_REASON_CONNRESET:
 485       return "HTTP/1.0 403 Forbidden (connection reset)\r\n\r\n";
 486     case END_STREAM_REASON_TORPROTOCOL:
 487       return "HTTP/1.0 502 Bad Gateway (tor protocol violation)\r\n\r\n";
 488     case END_STREAM_REASON_ENTRYPOLICY:
 489       return "HTTP/1.0 403 Forbidden (entry policy violation)\r\n\r\n";
 490     case END_STREAM_REASON_NOTDIRECTORY: /* Fall Through */
 491     default:
 492       tor_assert_nonfatal_unreached();
 493       return "HTTP/1.0 500 Internal Server Error (weird end reason)\r\n\r\n";
 494   }
 495 }
 496