| blob | 8125afdab9329156a7ca38d5b797a29e07ca8304 |
1 /* Copyright (c) 2001 Matej Pfajfar.
2 * Copyright (c) 2001-2004, Roger Dingledine.
3 * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson.
4 * Copyright (c) 2007-2008, The Tor Project, Inc. */
5 /* See LICENSE for licensing information */
6 /* $Id$ */
10 /**
11 * \file connection_or.c
12 * \brief Functions to handle OR connections, TLS handshaking, and
13 * cells on the network.
14 **/
27 /**************************************************************/
29 /** Map from identity digest of connected OR or desired OR to a connection_t
30 * with that identity digest. If there is more than one such connection_t,
31 * they form a linked list, with next_with_same_id as the next pointer. */
34 /** If conn is listed in orconn_identity_map, remove it, and clear
35 * conn->identity_digest. Otherwise do nothing. */
36 void
38 {
49 }
51 }
56 else
63 }
65 }
66 }
69 }
71 /** Remove all entries from the identity-to-orconn map, and clear
72 * all identities in OR conns.*/
73 void
75 {
78 {
83 }
84 });
89 }
90 }
92 /** Change conn->identity_digest to digest, and add conn into
93 * orconn_digest_map. */
94 static void
96 {
106 /* If the identity was set previously, remove the old mapping. */
112 /* If we're setting the ID to zero, don't add a mapping. */
119 #if 1
120 /* Testing code to check for bugs in representation. */
124 }
125 #endif
126 }
128 /** Pack the cell_t host-order structure <b>src</b> into network-order
129 * in the buffer <b>dest</b>. See tor-spec.txt for details about the
130 * wire format.
131 *
132 * Note that this function doesn't touch <b>dst</b>-\>next: the caller
133 * should set it or clear it as appropriate.
134 */
135 void
137 {
142 }
144 /** Unpack the network-order buffer <b>src</b> into a host-order
145 * cell_t structure <b>dest</b>.
146 */
147 static void
149 {
153 }
155 /** Write the header of <b>cell</b> into the first VAR_CELL_HEADER_SIZE
156 * bytes of <b>hdr_out</b>. */
157 void
159 {
163 }
165 /** Allocate and return a new var_cell_t with <b>payload_len</b> bytes of
166 * payload space. */
167 var_cell_t *
169 {
175 }
177 /** Release all space held by <b>cell</b>. */
178 void
180 {
182 }
184 /** We've received an EOF from <b>conn</b>. Mark it for close and return. */
185 int
187 {
191 }
193 /** Read conn's inbuf. If the http response from the proxy is all
194 * here, make sure it's good news, and begin the tls handshake. If
195 * it's bad news, close the connection and return -1. Else return 0
196 * and hope for better luck next time.
197 */
198 static int
200 {
217 /* case 1, fall through */
218 }
227 }
236 /* TLS handshaking error of some kind. */
240 }
242 }
243 /* else, bad news on the status code */
245 "The https proxy sent back an unexpected status code %d (%s). "
251 }
253 /** Handle any new bytes that have come in on connection <b>conn</b>.
254 * If conn is in 'open' state, hand it to
255 * connection_or_process_cells_from_inbuf()
256 * (else do nothing).
257 */
258 int
260 {
271 }
272 }
274 /** When adding cells to an OR connection's outbuf, keep adding until the
275 * outbuf is at least this long, or we run out of cells. */
276 #define OR_CONN_HIGHWATER (32*1024)
278 /** Add cells to an OR connection's outbuf whenever the outbuf's data length
279 * drops below this size. */
280 #define OR_CONN_LOWWATER (16*1024)
282 /** Called whenever we have flushed some data on an or_conn: add more data
283 * from active circuits. */
284 int
286 {
288 /* If we're under the low water mark, add cells until we're just over the
289 * high water mark. */
298 }
299 }
301 }
303 /** Connection <b>conn</b> has finished writing and has no bytes left on
304 * its outbuf.
305 *
306 * Otherwise it's in state "open": stop writing and return.
307 *
308 * If <b>conn</b> is broken, mark it for close and return -1, else
309 * return 0.
310 */
311 int
313 {
331 }
333 }
335 /** Connected handler for OR connections: begin the TLS handshake.
336 */
337 int
339 {
358 }
368 }
372 }
375 /* TLS handshaking error of some kind. */
378 }
380 }
382 /** If we don't necessarily know the router we're connecting to, but we
383 * have an addr/port/id_digest, then fill in as much as we can. Start
384 * by checking to see if this describes a router we know. */
385 static void
390 {
401 /* XXXX proposal 118 will make this more complex. */
405 /* Override the addr/port, so our log messages will make sense.
406 * This is dangerous, since if we ever try looking up a conn by
407 * its actual addr/port, we won't remember. Careful! */
408 /* XXXX arma: this is stupid, and it's the reason we need real_addr
409 * to track is_canonical properly. What requires it? */
410 /* XXXX <arma> i believe the reason we did this, originally, is because
411 * we wanted to log what OR a connection was to, and if we logged the
412 * right IP address and port 56244, that wouldn't be as helpful. now we
413 * log the "right" port too, so we know if it's moria1 or moria2.
414 */
417 }
423 /* If we're an authoritative directory server, we may know a
424 * nickname for this router. */
433 }
436 }
437 }
439 /** Return true iff <b>a</b> is "better" than <b>b</b> for new circuits.
440 *
441 * A more canonical connection is always better than a less canonical
442 * connection. That aside, a connection is better if it has circuits and the
443 * other does not, or if it was created more recently.
444 *
445 * Requires that both input connections are open; not is_bad_for_new_circs,
446 * and not impossibly non-canonical.
447 */
448 static int
451 {
456 * one, no matter how new it is or which has circuits. */
460 return
461 /* We prefer canonical connections regardless of newness. */
463 /* If both have circuits we prefer the newer: */
465 /* If neither has circuits we prefer the newer: */
467 /* If only one has circuits, use that. */
469 }
471 /** Return the OR connection we should use to extend a circuit to the router
472 * whose identity is <b>digest</b>, and whose address we believe (or have been
473 * told in an extend cell) is <b>target_addr</b>. If there is no good
474 * connection, set *<b>msg_out</b> to a message describing the connection's
475 * state and our next action, and set <b>launch_out</b> to a boolean for
476 * whether we should launch a new connection or not.
477 */
478 or_connection_t *
483 {
494 }
504 /* Never return a non-open connection. */
506 /* If the address matches, don't launch a new connection for this
507 * circuit. */
511 }
512 /* Never return a connection that shouldn't be used for circs. */
516 }
517 /* Never return a non-canonical connection using a recent link protocol
518 * if the address is not what we wanted.
519 *
520 * (For old link protocols, we can't rely on is_canonical getting
521 * set properly if we're talking to the right address, since we might
522 * have an out-of-date descriptor, and we will get no NETINFO cell to
523 * tell us about the right address.) */
528 }
535 }
539 }
558 }
559 }
561 /** How old do we let a connection to an OR get before deciding it's
562 * too old for new circuits? */
563 #define TIME_BEFORE_OR_CONN_IS_TOO_OLD (60*60*24*7)
565 /** Given the head of the linked list for all the or_connections with a given
566 * identity, set elements of that list as is_bad_for_new_circs() as
567 * appropriate. Helper for connection_or_set_bad_connections().
568 */
569 static void
571 {
576 /* Pass 1: expire everything that's old, and see what the status of
577 * everything else is. */
585 "Marking OR conn to %s:%d as too old for new circuits "
590 }
600 }
601 }
603 /* Pass 2: We know how about how good the best connection is.
604 * expire everything that's worse, and find the very best if we can. */
611 * when the connection finishes. */
613 /* We have at least one open canonical connection to this router,
614 * and this one is open but not canonical. Mark it bad. */
616 "Marking OR conn to %s:%d as too old for new circuits: "
617 "(fd %d, %d secs old). It is not canonical, and we have "
623 }
627 }
632 /* Pass 3: One connection to OR is best. If it's canonical, mark as bad
633 * every other open connection. If it's non-canonical, mark as bad
634 * every other open connection to the same address.
635 *
636 * XXXX021.
637 */
646 "Marking OR conn to %s:%d as too old for new circuits: "
647 "(fd %d, %d secs old). We have a better canonical one "
656 "Marking OR conn to %s:%d as too old for new circuits: "
657 "(fd %d, %d secs old). We have a better one "
663 }
664 }
665 }
666 }
668 /** Go through all the OR connections, and set the is_bad_for_new_circs
669 * flag on:
670 * - all connections that are too old.
671 * - all open non-canonical connections for which a canonical connection
672 * exists to the same router.
673 * - all open canonical connections for which a 'better' canonical
674 * connection exists to the same router.
675 * - all open non-canonical connections for which a 'better' non-canonical
676 * connection exists to the same router at the same address.
677 *
678 * See connection_or_is_better() for our idea of what makes one OR connection
679 * better than another.
680 */
681 void
683 {
690 }
692 /** <b>conn</b> is in the 'connecting' state, and it failed to complete
693 * a TCP connection. Send notifications appropriately.
694 *
695 * <b>reason</b> specifies the or_conn_end_reason for the failure;
696 * <b>msg</b> specifies the strerror-style error message.
697 */
698 void
701 {
705 }
707 /** Launch a new OR connection to <b>addr</b>:<b>port</b> and expect to
708 * handshake with an OR with identity digest <b>id_digest</b>.
709 *
710 * If <b>id_digest</b> is me, do nothing. If we're already connected to it,
711 * return that connection. If the connect() is in progress, set the
712 * new conn's state to 'connecting' and return it. If connect() succeeds,
713 * call connection_tls_start_handshake() on it.
714 *
715 * This function is called from router_retry_connections(), for
716 * ORs connecting to ORs, and circuit_establish_circuit(), for
717 * OPs connecting to ORs.
718 *
719 * Return the launched conn, or NULL if it failed.
720 */
721 or_connection_t *
724 {
728 tor_addr_t addr;
737 }
741 /* set up conn so it's got all the data we need to remember */
747 /* we shouldn't connect directly. use the https proxy instead. */
750 }
755 /* If the connection failed immediately, and we're using
756 * an https proxy, our https proxy is down. Don't blame the
757 * Tor server. */
762 }
770 /* writable indicates finish, readable indicates broken link,
771 error indicates broken link on windows */
773 /* case 1: fall through */
774 }
777 /* already marked for close */
779 }
781 }
783 /** Begin the tls handshake with <b>conn</b>. <b>receiving</b> is 0 if
784 * we initiated the connection, else it's 1.
785 *
786 * Assign a new tls object to conn->tls, begin reading on <b>conn</b>, and
787 * pass <b>conn</b> to connection_tls_continue_handshake().
788 *
789 * Return -1 if <b>conn</b> is broken, else return 0.
790 */
791 int
793 {
800 }
807 }
809 }
811 /** Invoked on the server side from inside tor_tls_read() when the server
812 * gets a successful TLS renegotiation from the client. */
813 static void
815 {
819 /* Don't invoke this again. */
823 /* XXXX_TLS double-check that it's ok to do this from inside read. */
824 /* XXXX_TLS double-check that this verifies certificates. */
826 }
827 }
829 /** Move forward with the tls handshake. If it finishes, hand
830 * <b>conn</b> to connection_tls_finish_handshake().
831 *
832 * Return -1 if <b>conn</b> is broken, else return 0.
833 */
834 int
836 {
839 again:
841 // log_notice(LD_OR, "Renegotiate with %p", conn->tls);
843 // log_notice(LD_OR, "Result: %d", result);
846 // log_notice(LD_OR, "Continue handshake with %p", conn->tls);
848 // log_notice(LD_OR, "Result: %d", result);
849 }
851 CASE_TOR_TLS_ERROR_ANY:
859 // log_notice(LD_OR,"Done. state was TLS_HANDSHAKING.");
862 }
863 // log_notice(LD_OR,"Done. state was %d.", conn->_base.state);
865 /* improved handshake, but not a client. */
867 connection_or_tls_renegotiated_cb,
868 conn);
873 }
874 }
886 }
888 }
890 /** Return 1 if we initiated this connection, or 0 if it started
891 * out as an incoming connection.
892 */
893 int
895 {
902 }
904 /** <b>Conn</b> just completed its handshake. Return 0 if all is well, and
905 * return -1 if he is lying, broken, or otherwise something is wrong.
906 *
907 * If we initiated this connection (<b>started_here</b> is true), make sure
908 * the other side sent sent a correctly formed certificate. If I initiated the
909 * connection, make sure it's the right guy.
910 *
911 * Otherwise (if we _didn't_ initiate this connection), it's okay for
912 * the certificate to be weird or absent.
913 *
914 * If we return 0, and the certificate is as expected, write a hash of the
915 * identity key into digest_rcvd, which must have DIGEST_LEN space in it. (If
916 * we return -1 this buffer is undefined.) If the certificate is invalid
917 * or missing on an incoming connection, we return 0 and set digest_rcvd to
918 * DIGEST_LEN 0 bytes.
919 *
920 * As side effects,
921 * 1) Set conn->circ_id_type according to tor-spec.txt.
922 * 2) If we're an authdirserver and we initiated the connection: drop all
923 * descriptors that claim to be on that IP/port but that aren't
924 * this guy; and note that this guy is reachable.
925 */
926 static int
930 {
949 }
966 }
968 }
977 }
982 }
994 }
1001 /* I was aiming for a particular digest. I didn't get it! */
1006 DIGEST_LEN);
1008 "Tried connecting to router at %s:%d, but identity key was not "
1014 END_OR_CONN_REASON_OR_IDENTITY);
1018 }
1020 /* We initiated this connection to address:port. Drop all routers
1021 * with the same address:port and a different key.
1022 */
1025 }
1028 }
1030 }
1032 /** The tls handshake is finished.
1033 *
1034 * Make sure we are happy with the person we just handshaked with.
1035 *
1036 * If he initiated the connection, make sure he's not already connected,
1037 * then initialize conn from the information in router.
1038 *
1039 * If all is successful, call circuit_n_conn_done() to handle events
1040 * that have been pending on the <tls handshake completion. Also set the
1041 * directory to be dirty (only matters if I'm an authdirserver).
1042 */
1043 static int
1045 {
1063 }
1072 }
1074 }
1075 }
1077 /** Allocate a new connection handshake state for the connection
1078 * <b>conn</b>. Return 0 on success, -1 on failure. */
1079 static int
1081 {
1086 }
1088 /** Free all storage held by <b>state</b>. */
1089 void
1091 {
1095 }
1097 /** Set <b>conn</b>'s state to OR_CONN_STATE_OPEN, and tell other subsystems
1098 * as appropriate. Called when we are done with all TLS and OR handshaking.
1099 */
1100 int
1102 {
1112 /* Close any circuits pending on this conn. We leave it in state
1113 * 'open' though, because it didn't actually *fail* -- we just
1114 * chose not to use it. (Otherwise
1115 * connection_about_to_close_connection() will call a big pile of
1116 * functions to indicate we shouldn't try it again.) */
1121 }
1124 /* only report it to the geoip module if it's not a known router */
1127 /*XXXX IP6 support ipv6 geoip.*/
1130 }
1131 }
1132 }
1136 }
1141 }
1143 /** Pack <b>cell</b> into wire-format, and write it onto <b>conn</b>'s outbuf.
1144 * For cells that use or affect a circuit, this should only be called by
1145 * connection_or_flush_from_first_active_circuit().
1146 */
1147 void
1149 {
1150 packed_cell_t networkcell;
1161 }
1163 /** Pack a variable-length <b>cell</b> into wire-format, and write it onto
1164 * <b>conn</b>'s outbuf. Right now, this <em>DOES NOT</em> support cells that
1165 * affect a circuit.
1166 */
1167 void
1170 {
1179 }
1181 /** See whether there's a variable-length cell waiting on <b>conn</b>'s
1182 * inbuf. Return values as for fetch_var_cell_from_buf(). */
1183 static int
1185 {
1187 }
1189 /** Process cells from <b>conn</b>'s inbuf.
1190 *
1191 * Loop: while inbuf contains a cell, pull it off the inbuf, unpack it,
1192 * and hand it to command_process_cell().
1193 *
1194 * Always return 0.
1195 */
1196 static int
1198 {
1213 cell_t cell;
1215 available? */
1220 /* retrieve cell info from buf (create the host-order struct from the
1221 * network-order string) */
1225 }
1226 }
1227 }
1229 /** Write a destroy cell with circ ID <b>circ_id</b> and reason <b>reason</b>
1230 * onto OR connection <b>conn</b>. Don't perform range-checking on reason:
1231 * we may want to propagate reasons from other cells.
1232 *
1233 * Return 0.
1234 */
1235 int
1237 {
1238 cell_t cell;
1248 /* XXXX It's possible that under some circumstances, we want the destroy
1249 * to take precedence over other data waiting on the circuit's cell queue.
1250 */
1254 }
1256 /** Array of recognized link protocol versions. */
1258 /** Number of versions in <b>or_protocol_versions</b>. */
1262 /** Return true iff <b>v</b> is a link protocol version that this Tor
1263 * implementation believes it can support. */
1264 int
1266 {
1271 }
1273 }
1275 /** Send a VERSIONS cell on <b>conn</b>, telling the other host about the
1276 * link protocol versions that this Tor can support. */
1277 static int
1279 {
1289 }
1296 }
1298 /** Send a NETINFO cell on <b>conn</b>, telling the other server what we know
1299 * about their address, our address, and the current time. */
1300 int
1302 {
1303 cell_t cell;
1312 /* Timestamp. */
1315 /* Their address. */
1322 /* My address. */
1324 tor_addr_t my_addr;
1334 }
1339 }