search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Use S_CASE for ehostunreach, not E_CASE. Partial backport of 69deb22f. Fixes 0.2...
[tor/rransom.git] / src / or / command.c
blob181bad8bcdacbf64031c7ef354fa7163e22c1b77
1 /* Copyright (c) 2001 Matej Pfajfar.
2 * Copyright (c) 2001-2004, Roger Dingledine.
3 * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson.
4 * Copyright (c) 2007-2010, The Tor Project, Inc. */
5 /* See LICENSE for licensing information */
6
7 /**
8 * \file command.c
9 * \brief Functions for processing incoming cells.
10 **/
11
12 /* In-points to command.c:
13 *
14 * - command_process_cell(), called from
15 * connection_or_process_cells_from_inbuf() in connection_or.c
16 */
17
18 #include "or.h"
19
20 /** How many CELL_PADDING cells have we received, ever? */
21 uint64_t stats_n_padding_cells_processed = 0;
22 /** How many CELL_CREATE cells have we received, ever? */
23 uint64_t stats_n_create_cells_processed = 0;
24 /** How many CELL_CREATED cells have we received, ever? */
25 uint64_t stats_n_created_cells_processed = 0;
26 /** How many CELL_RELAY cells have we received, ever? */
27 uint64_t stats_n_relay_cells_processed = 0;
28 /** How many CELL_DESTROY cells have we received, ever? */
29 uint64_t stats_n_destroy_cells_processed = 0;
30 /** How many CELL_VERSIONS cells have we received, ever? */
31 uint64_t stats_n_versions_cells_processed = 0;
32 /** How many CELL_NETINFO cells have we received, ever? */
33 uint64_t stats_n_netinfo_cells_processed = 0;
34
35 /* These are the main functions for processing cells */
36 static void command_process_create_cell(cell_t *cell, or_connection_t *conn);
37 static void command_process_created_cell(cell_t *cell, or_connection_t *conn);
38 static void command_process_relay_cell(cell_t *cell, or_connection_t *conn);
39 static void command_process_destroy_cell(cell_t *cell, or_connection_t *conn);
40 static void command_process_versions_cell(var_cell_t *cell,
41 or_connection_t *conn);
42 static void command_process_netinfo_cell(cell_t *cell, or_connection_t *conn);
43
44 #ifdef KEEP_TIMING_STATS
45 /** This is a wrapper function around the actual function that processes the
46 * <b>cell</b> that just arrived on <b>conn</b>. Increment <b>*time</b>
47 * by the number of microseconds used by the call to <b>*func(cell, conn)</b>.
48 */
49 static void
50 command_time_process_cell(cell_t *cell, or_connection_t *conn, int *time,
51 void (*func)(cell_t *, or_connection_t *))
52 {
53 struct timeval start, end;
54 long time_passed;
55
56 tor_gettimeofday(&start);
57
58 (*func)(cell, conn);
59
60 tor_gettimeofday(&end);
61 time_passed = tv_udiff(&start, &end) ;
62
63 if (time_passed > 10000) { /* more than 10ms */
64 log_debug(LD_OR,"That call just took %ld ms.",time_passed/1000);
65 }
66 if (time_passed < 0) {
67 log_info(LD_GENERAL,"That call took us back in time!");
68 time_passed = 0;
69 }
70 *time += time_passed;
71 }
72 #endif
73
74 /** Process a <b>cell</b> that was just received on <b>conn</b>. Keep internal
75 * statistics about how many of each cell we've processed so far
76 * this second, and the total number of microseconds it took to
77 * process each type of cell.
78 */
79 void
80 command_process_cell(cell_t *cell, or_connection_t *conn)
81 {
82 int handshaking = (conn->_base.state == OR_CONN_STATE_OR_HANDSHAKING);
83 #ifdef KEEP_TIMING_STATS
84 /* how many of each cell have we seen so far this second? needs better
85 * name. */
86 static int num_create=0, num_created=0, num_relay=0, num_destroy=0;
87 /* how long has it taken to process each type of cell? */
88 static int create_time=0, created_time=0, relay_time=0, destroy_time=0;
89 static time_t current_second = 0; /* from previous calls to time */
90
91 time_t now = time(NULL);
92
93 if (now > current_second) { /* the second has rolled over */
94 /* print stats */
95 log_info(LD_OR,
96 "At end of second: %d creates (%d ms), %d createds (%d ms), "
97 "%d relays (%d ms), %d destroys (%d ms)",
98 num_create, create_time/1000,
99 num_created, created_time/1000,
100 num_relay, relay_time/1000,
101 num_destroy, destroy_time/1000);
102
103 /* zero out stats */
104 num_create = num_created = num_relay = num_destroy = 0;
105 create_time = created_time = relay_time = destroy_time = 0;
106
107 /* remember which second it is, for next time */
108 current_second = now;
109 }
110 #endif
111
112 #ifdef KEEP_TIMING_STATS
113 #define PROCESS_CELL(tp, cl, cn) STMT_BEGIN { \
114 ++num ## tp; \
115 command_time_process_cell(cl, cn, & tp ## time , \
116 command_process_ ## tp ## _cell); \
117 } STMT_END
118 #else
119 #define PROCESS_CELL(tp, cl, cn) command_process_ ## tp ## _cell(cl, cn)
120 #endif
121
122 /* Reject all but VERSIONS and NETINFO when handshaking. */
123 if (handshaking && cell->command != CELL_VERSIONS &&
124 cell->command != CELL_NETINFO)
125 return;
126
127 switch (cell->command) {
128 case CELL_PADDING:
129 ++stats_n_padding_cells_processed;
130 /* do nothing */
131 break;
132 case CELL_CREATE:
133 case CELL_CREATE_FAST:
134 ++stats_n_create_cells_processed;
135 PROCESS_CELL(create, cell, conn);
136 break;
137 case CELL_CREATED:
138 case CELL_CREATED_FAST:
139 ++stats_n_created_cells_processed;
140 PROCESS_CELL(created, cell, conn);
141 break;
142 case CELL_RELAY:
143 case CELL_RELAY_EARLY:
144 ++stats_n_relay_cells_processed;
145 PROCESS_CELL(relay, cell, conn);
146 break;
147 case CELL_DESTROY:
148 ++stats_n_destroy_cells_processed;
149 PROCESS_CELL(destroy, cell, conn);
150 break;
151 case CELL_VERSIONS:
152 tor_fragile_assert();
153 break;
154 case CELL_NETINFO:
155 ++stats_n_netinfo_cells_processed;
156 PROCESS_CELL(netinfo, cell, conn);
157 break;
158 default:
159 log_fn(LOG_INFO, LD_PROTOCOL,
160 "Cell of unknown type (%d) received. Dropping.", cell->command);
161 break;
162 }
163 }
164
165 /** Process a <b>cell</b> that was just received on <b>conn</b>. Keep internal
166 * statistics about how many of each cell we've processed so far
167 * this second, and the total number of microseconds it took to
168 * process each type of cell.
169 */
170 void
171 command_process_var_cell(var_cell_t *cell, or_connection_t *conn)
172 {
173 #ifdef KEEP_TIMING_STATS
174 /* how many of each cell have we seen so far this second? needs better
175 * name. */
176 static int num_versions=0, num_cert=0;
177
178 time_t now = time(NULL);
179
180 if (now > current_second) { /* the second has rolled over */
181 /* print stats */
182 log_info(LD_OR,
183 "At end of second: %d versions (%d ms), %d cert (%d ms)",
184 num_versions, versions_time/1000,
185 cert, cert_time/1000);
186
187 num_versions = num_cert = 0;
188 versions_time = cert_time = 0;
189
190 /* remember which second it is, for next time */
191 current_second = now;
192 }
193 #endif
194
195 /* reject all when not handshaking. */
196 if (conn->_base.state != OR_CONN_STATE_OR_HANDSHAKING)
197 return;
198
199 switch (cell->command) {
200 case CELL_VERSIONS:
201 ++stats_n_versions_cells_processed;
202 PROCESS_CELL(versions, cell, conn);
203 break;
204 default:
205 log_warn(LD_BUG,
206 "Variable-length cell of unknown type (%d) received.",
207 cell->command);
208 tor_fragile_assert();
209 break;
210 }
211 }
212
213 /** Process a 'create' <b>cell</b> that just arrived from <b>conn</b>. Make a
214 * new circuit with the p_circ_id specified in cell. Put the circuit in state
215 * onionskin_pending, and pass the onionskin to the cpuworker. Circ will get
216 * picked up again when the cpuworker finishes decrypting it.
217 */
218 static void
219 command_process_create_cell(cell_t *cell, or_connection_t *conn)
220 {
221 or_circuit_t *circ;
222 int id_is_high;
223
224 if (we_are_hibernating()) {
225 log_info(LD_OR,
226 "Received create cell but we're shutting down. Sending back "
227 "destroy.");
228 connection_or_send_destroy(cell->circ_id, conn,
229 END_CIRC_REASON_HIBERNATING);
230 return;
231 }
232
233 if (!server_mode(get_options())) {
234 log_fn(LOG_PROTOCOL_WARN, LD_PROTOCOL,
235 "Received create cell (type %d) from %s:%d, but we're a client. "
236 "Sending back a destroy.",
237 (int)cell->command, conn->_base.address, conn->_base.port);
238 connection_or_send_destroy(cell->circ_id, conn,
239 END_CIRC_REASON_TORPROTOCOL);
240 return;
241 }
242
243 /* If the high bit of the circuit ID is not as expected, close the
244 * circ. */
245 id_is_high = cell->circ_id & (1<<15);
246 if ((id_is_high && conn->circ_id_type == CIRC_ID_TYPE_HIGHER) ||
247 (!id_is_high && conn->circ_id_type == CIRC_ID_TYPE_LOWER)) {
248 log_fn(LOG_PROTOCOL_WARN, LD_PROTOCOL,
249 "Received create cell with unexpected circ_id %d. Closing.",
250 cell->circ_id);
251 connection_or_send_destroy(cell->circ_id, conn,
252 END_CIRC_REASON_TORPROTOCOL);
253 return;
254 }
255
256 if (circuit_id_in_use_on_orconn(cell->circ_id, conn)) {
257 routerinfo_t *router = router_get_by_digest(conn->identity_digest);
258 log_fn(LOG_PROTOCOL_WARN, LD_PROTOCOL,
259 "Received CREATE cell (circID %d) for known circ. "
260 "Dropping (age %d).",
261 cell->circ_id, (int)(time(NULL) - conn->_base.timestamp_created));
262 if (router)
263 log_fn(LOG_PROTOCOL_WARN, LD_PROTOCOL,
264 "Details: nickname \"%s\", platform %s.",
265 router->nickname, escaped(router->platform));
266 return;
267 }
268
269 circ = or_circuit_new(cell->circ_id, conn);
270 circ->_base.purpose = CIRCUIT_PURPOSE_OR;
271 circuit_set_state(TO_CIRCUIT(circ), CIRCUIT_STATE_ONIONSKIN_PENDING);
272 if (cell->command == CELL_CREATE) {
273 char *onionskin = tor_malloc(ONIONSKIN_CHALLENGE_LEN);
274 memcpy(onionskin, cell->payload, ONIONSKIN_CHALLENGE_LEN);
275
276 /* hand it off to the cpuworkers, and then return. */
277 if (assign_onionskin_to_cpuworker(NULL, circ, onionskin) < 0) {
278 log_warn(LD_GENERAL,"Failed to hand off onionskin. Closing.");
279 circuit_mark_for_close(TO_CIRCUIT(circ), END_CIRC_REASON_INTERNAL);
280 return;
281 }
282 log_debug(LD_OR,"success: handed off onionskin.");
283 } else {
284 /* This is a CREATE_FAST cell; we can handle it immediately without using
285 * a CPU worker. */
286 char keys[CPATH_KEY_MATERIAL_LEN];
287 char reply[DIGEST_LEN*2];
288 tor_assert(cell->command == CELL_CREATE_FAST);
289 if (fast_server_handshake(cell->payload, reply, keys, sizeof(keys))<0) {
290 log_warn(LD_OR,"Failed to generate key material. Closing.");
291 circuit_mark_for_close(TO_CIRCUIT(circ), END_CIRC_REASON_INTERNAL);
292 return;
293 }
294 if (onionskin_answer(circ, CELL_CREATED_FAST, reply, keys)<0) {
295 log_warn(LD_OR,"Failed to reply to CREATE_FAST cell. Closing.");
296 circuit_mark_for_close(TO_CIRCUIT(circ), END_CIRC_REASON_INTERNAL);
297 return;
298 }
299 }
300 }
301
302 /** Process a 'created' <b>cell</b> that just arrived from <b>conn</b>.
303 * Find the circuit
304 * that it's intended for. If we're not the origin of the circuit, package
305 * the 'created' cell in an 'extended' relay cell and pass it back. If we
306 * are the origin of the circuit, send it to circuit_finish_handshake() to
307 * finish processing keys, and then call circuit_send_next_onion_skin() to
308 * extend to the next hop in the circuit if necessary.
309 */
310 static void
311 command_process_created_cell(cell_t *cell, or_connection_t *conn)
312 {
313 circuit_t *circ;
314
315 circ = circuit_get_by_circid_orconn(cell->circ_id, conn);
316
317 if (!circ) {
318 log_info(LD_OR,
319 "(circID %d) unknown circ (probably got a destroy earlier). "
320 "Dropping.", cell->circ_id);
321 return;
322 }
323
324 if (circ->n_circ_id != cell->circ_id) {
325 log_fn(LOG_PROTOCOL_WARN,LD_PROTOCOL,
326 "got created cell from Tor client? Closing.");
327 circuit_mark_for_close(circ, END_CIRC_REASON_TORPROTOCOL);
328 return;
329 }
330
331 if (CIRCUIT_IS_ORIGIN(circ)) { /* we're the OP. Handshake this. */
332 origin_circuit_t *origin_circ = TO_ORIGIN_CIRCUIT(circ);
333 int err_reason = 0;
334 log_debug(LD_OR,"at OP. Finishing handshake.");
335 if ((err_reason = circuit_finish_handshake(origin_circ, cell->command,
336 cell->payload)) < 0) {
337 log_warn(LD_OR,"circuit_finish_handshake failed.");
338 circuit_mark_for_close(circ, -err_reason);
339 return;
340 }
341 log_debug(LD_OR,"Moving to next skin.");
342 if ((err_reason = circuit_send_next_onion_skin(origin_circ)) < 0) {
343 log_info(LD_OR,"circuit_send_next_onion_skin failed.");
344 /* XXX push this circuit_close lower */
345 circuit_mark_for_close(circ, -err_reason);
346 return;
347 }
348 } else { /* pack it into an extended relay cell, and send it. */
349 log_debug(LD_OR,
350 "Converting created cell to extended relay cell, sending.");
351 relay_send_command_from_edge(0, circ, RELAY_COMMAND_EXTENDED,
352 cell->payload, ONIONSKIN_REPLY_LEN,
353 NULL);
354 }
355 }
356
357 /** Process a 'relay' or 'relay_early' <b>cell</b> that just arrived from
358 * <b>conn</b>. Make sure it came in with a recognized circ_id. Pass it on to
359 * circuit_receive_relay_cell() for actual processing.
360 */
361 static void
362 command_process_relay_cell(cell_t *cell, or_connection_t *conn)
363 {
364 circuit_t *circ;
365 int reason, direction;
366
367 circ = circuit_get_by_circid_orconn(cell->circ_id, conn);
368
369 if (!circ) {
370 log_debug(LD_OR,
371 "unknown circuit %d on connection from %s:%d. Dropping.",
372 cell->circ_id, conn->_base.address, conn->_base.port);
373 return;
374 }
375
376 if (circ->state == CIRCUIT_STATE_ONIONSKIN_PENDING) {
377 log_fn(LOG_PROTOCOL_WARN,LD_PROTOCOL,"circuit in create_wait. Closing.");
378 circuit_mark_for_close(circ, END_CIRC_REASON_TORPROTOCOL);
379 return;
380 }
381
382 if (CIRCUIT_IS_ORIGIN(circ)) {
383 /* if we're a relay and treating connections with recent local
384 * traffic better, then this is one of them. */
385 conn->client_used = time(NULL);
386 }
387
388 if (!CIRCUIT_IS_ORIGIN(circ) &&
389 cell->circ_id == TO_OR_CIRCUIT(circ)->p_circ_id)
390 direction = CELL_DIRECTION_OUT;
391 else
392 direction = CELL_DIRECTION_IN;
393
394 /* If we have a relay_early cell, make sure that it's outbound, and we've
395 * gotten no more than MAX_RELAY_EARLY_CELLS_PER_CIRCUIT of them. */
396 if (cell->command == CELL_RELAY_EARLY) {
397 if (direction == CELL_DIRECTION_IN) {
398 /* XXX Allow an unlimited number of inbound relay_early cells for
399 * now, for hidden service compatibility. See bug 1038. -RD */
400 } else {
401 or_circuit_t *or_circ = TO_OR_CIRCUIT(circ);
402 if (or_circ->remaining_relay_early_cells == 0) {
403 log_fn(LOG_PROTOCOL_WARN, LD_OR,
404 "Received too many RELAY_EARLY cells on circ %d from %s:%d."
405 " Closing circuit.",
406 cell->circ_id, safe_str(conn->_base.address), conn->_base.port);
407 circuit_mark_for_close(circ, END_CIRC_REASON_TORPROTOCOL);
408 return;
409 }
410 --or_circ->remaining_relay_early_cells;
411 }
412 }
413
414 if ((reason = circuit_receive_relay_cell(cell, circ, direction)) < 0) {
415 log_fn(LOG_PROTOCOL_WARN,LD_PROTOCOL,"circuit_receive_relay_cell "
416 "(%s) failed. Closing.",
417 direction==CELL_DIRECTION_OUT?"forward":"backward");
418 circuit_mark_for_close(circ, -reason);
419 }
420 }
421
422 /** Process a 'destroy' <b>cell</b> that just arrived from
423 * <b>conn</b>. Find the circ that it refers to (if any).
424 *
425 * If the circ is in state
426 * onionskin_pending, then call onion_pending_remove() to remove it
427 * from the pending onion list (note that if it's already being
428 * processed by the cpuworker, it won't be in the list anymore; but
429 * when the cpuworker returns it, the circuit will be gone, and the
430 * cpuworker response will be dropped).
431 *
432 * Then mark the circuit for close (which marks all edges for close,
433 * and passes the destroy cell onward if necessary).
434 */
435 static void
436 command_process_destroy_cell(cell_t *cell, or_connection_t *conn)
437 {
438 circuit_t *circ;
439 int reason;
440
441 circ = circuit_get_by_circid_orconn(cell->circ_id, conn);
442 reason = (uint8_t)cell->payload[0];
443 if (!circ) {
444 log_info(LD_OR,"unknown circuit %d on connection from %s:%d. Dropping.",
445 cell->circ_id, conn->_base.address, conn->_base.port);
446 return;
447 }
448 log_debug(LD_OR,"Received for circID %d.",cell->circ_id);
449
450 if (!CIRCUIT_IS_ORIGIN(circ) &&
451 cell->circ_id == TO_OR_CIRCUIT(circ)->p_circ_id) {
452 /* the destroy came from behind */
453 circuit_set_p_circid_orconn(TO_OR_CIRCUIT(circ), 0, NULL);
454 circuit_mark_for_close(circ, reason|END_CIRC_REASON_FLAG_REMOTE);
455 } else { /* the destroy came from ahead */
456 circuit_set_n_circid_orconn(circ, 0, NULL);
457 if (CIRCUIT_IS_ORIGIN(circ)) {
458 circuit_mark_for_close(circ, reason|END_CIRC_REASON_FLAG_REMOTE);
459 } else {
460 char payload[1];
461 log_debug(LD_OR, "Delivering 'truncated' back.");
462 payload[0] = (char)reason;
463 relay_send_command_from_edge(0, circ, RELAY_COMMAND_TRUNCATED,
464 payload, sizeof(payload), NULL);
465 }
466 }
467 }
468
469 /** Process a 'versions' cell. The current link protocol version must be 0
470 * to indicate that no version has yet been negotiated. We compare the
471 * versions in the cell to the list of versions we support, pick the
472 * highest version we have in common, and continue the negotiation from
473 * there.
474 */
475 static void
476 command_process_versions_cell(var_cell_t *cell, or_connection_t *conn)
477 {
478 int highest_supported_version = 0;
479 const char *cp, *end;
480 if (conn->link_proto != 0 ||
481 conn->_base.state != OR_CONN_STATE_OR_HANDSHAKING ||
482 (conn->handshake_state && conn->handshake_state->received_versions)) {
483 log_fn(LOG_PROTOCOL_WARN, LD_OR,
484 "Received a VERSIONS cell on a connection with its version "
485 "already set to %d; dropping", (int) conn->link_proto);
486 return;
487 }
488 tor_assert(conn->handshake_state);
489 end = cell->payload + cell->payload_len;
490 for (cp = cell->payload; cp+1 < end; ++cp) {
491 uint16_t v = ntohs(get_uint16(cp));
492 if (is_or_protocol_version_known(v) && v > highest_supported_version)
493 highest_supported_version = v;
494 }
495 if (!highest_supported_version) {
496 log_fn(LOG_PROTOCOL_WARN, LD_OR,
497 "Couldn't find a version in common between my version list and the "
498 "list in the VERSIONS cell; closing connection.");
499 connection_mark_for_close(TO_CONN(conn));
500 return;
501 } else if (highest_supported_version == 1) {
502 /* Negotiating version 1 makes no sense, since version 1 has no VERSIONS
503 * cells. */
504 log_fn(LOG_PROTOCOL_WARN, LD_OR,
505 "Used version negotiation protocol to negotiate a v1 connection. "
506 "That's crazily non-compliant. Closing connection.");
507 connection_mark_for_close(TO_CONN(conn));
508 return;
509 }
510 conn->link_proto = highest_supported_version;
511 conn->handshake_state->received_versions = 1;
512
513 log_info(LD_OR, "Negotiated version %d with %s:%d; sending NETINFO.",
514 highest_supported_version, safe_str(conn->_base.address),
515 conn->_base.port);
516 tor_assert(conn->link_proto >= 2);
517
518 if (connection_or_send_netinfo(conn) < 0) {
519 connection_mark_for_close(TO_CONN(conn));
520 return;
521 }
522 }
523
524 /** Process a 'netinfo' cell: read and act on its contents, and set the
525 * connection state to "open". */
526 static void
527 command_process_netinfo_cell(cell_t *cell, or_connection_t *conn)
528 {
529 time_t timestamp;
530 uint8_t my_addr_type;
531 uint8_t my_addr_len;
532 const char *my_addr_ptr;
533 const char *cp, *end;
534 uint8_t n_other_addrs;
535 time_t now = time(NULL);
536
537 long apparent_skew = 0;
538 uint32_t my_apparent_addr = 0;
539
540 if (conn->link_proto < 2) {
541 log_fn(LOG_PROTOCOL_WARN, LD_OR,
542 "Received a NETINFO cell on %s connection; dropping.",
543 conn->link_proto == 0 ? "non-versioned" : "a v1");
544 return;
545 }
546 if (conn->_base.state != OR_CONN_STATE_OR_HANDSHAKING) {
547 log_fn(LOG_PROTOCOL_WARN, LD_OR,
548 "Received a NETINFO cell on non-handshaking connection; dropping.");
549 return;
550 }
551 tor_assert(conn->handshake_state &&
552 conn->handshake_state->received_versions);
553 /* Decode the cell. */
554 timestamp = ntohl(get_uint32(cell->payload));
555 if (labs(now - conn->handshake_state->sent_versions_at) < 180) {
556 apparent_skew = now - timestamp;
557 }
558
559 my_addr_type = (uint8_t) cell->payload[4];
560 my_addr_len = (uint8_t) cell->payload[5];
561 my_addr_ptr = cell->payload + 6;
562 end = cell->payload + CELL_PAYLOAD_SIZE;
563 cp = cell->payload + 6 + my_addr_len;
564 if (cp >= end) {
565 log_fn(LOG_PROTOCOL_WARN, LD_OR,
566 "Addresses too long in netinfo cell; closing connection.");
567 connection_mark_for_close(TO_CONN(conn));
568 return;
569 } else if (my_addr_type == RESOLVED_TYPE_IPV4 && my_addr_len == 4) {
570 my_apparent_addr = ntohl(get_uint32(my_addr_ptr));
571 }
572
573 n_other_addrs = (uint8_t) *cp++;
574 while (n_other_addrs && cp < end-2) {
575 /* Consider all the other addresses; if any matches, this connection is
576 * "canonical." */
577 tor_addr_t addr;
578 const char *next = decode_address_from_payload(&addr, cp, (int)(end-cp));
579 if (next == NULL) {
580 log_fn(LOG_PROTOCOL_WARN, LD_OR,
581 "Bad address in netinfo cell; closing connection.");
582 connection_mark_for_close(TO_CONN(conn));
583 return;
584 }
585 if (tor_addr_eq(&addr, &conn->real_addr)) {
586 conn->is_canonical = 1;
587 break;
588 }
589 cp = next;
590 --n_other_addrs;
591 }
592
593 /* Act on apparent skew. */
594 /** Warn when we get a netinfo skew with at least this value. */
595 #define NETINFO_NOTICE_SKEW 3600
596 if (labs(apparent_skew) > NETINFO_NOTICE_SKEW &&
597 router_get_by_digest(conn->identity_digest)) {
598 char dbuf[64];
599 int severity;
600 /*XXXX be smarter about when everybody says we are skewed. */
601 if (router_digest_is_trusted_dir(conn->identity_digest))
602 severity = LOG_WARN;
603 else
604 severity = LOG_INFO;
605 format_time_interval(dbuf, sizeof(dbuf), apparent_skew);
606 log_fn(severity, LD_GENERAL, "Received NETINFO cell with skewed time from "
607 "server at %s:%d. It seems that our clock is %s by %s, or "
608 "that theirs is %s. Tor requires an accurate clock to work: "
609 "please check your time and date settings.",
610 conn->_base.address, (int)conn->_base.port,
611 apparent_skew>0 ? "ahead" : "behind", dbuf,
612 apparent_skew>0 ? "behind" : "ahead");
613 if (severity == LOG_WARN) /* only tell the controller if an authority */
614 control_event_general_status(LOG_WARN,
615 "CLOCK_SKEW SKEW=%ld SOURCE=OR:%s:%d",
616 apparent_skew,
617 conn->_base.address, conn->_base.port);
618 }
619
620 /* XXX maybe act on my_apparent_addr, if the source is sufficiently
621 * trustworthy. */
622
623 if (connection_or_set_state_open(conn)<0)
624 connection_mark_for_close(TO_CONN(conn));
625 else
626 log_info(LD_OR, "Got good NETINFO cell from %s:%d; OR connection is now "
627 "open, using protocol version %d",
628 safe_str(conn->_base.address), conn->_base.port,
629 (int)conn->link_proto);
630 assert_connection_ok(TO_CONN(conn),time(NULL));
631 }
632