Line data Source code
1 : /* Copyright (c) 2001 Matej Pfajfar.
2 : * Copyright (c) 2001-2004, Roger Dingledine.
3 : * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson.
4 : * Copyright (c) 2007-2021, The Tor Project, Inc. */
5 : /* See LICENSE for licensing information */
6 :
7 : /**
8 : * \file circuituse.c
9 : * \brief Launch the right sort of circuits and attach the right streams to
10 : * them.
11 : *
12 : * As distinct from circuitlist.c, which manages lookups to find circuits, and
13 : * circuitbuild.c, which handles the logistics of circuit construction, this
14 : * module keeps track of which streams can be attached to which circuits (in
15 : * circuit_get_best()), and attaches streams to circuits (with
16 : * circuit_try_attaching_streams(), connection_ap_handshake_attach_circuit(),
17 : * and connection_ap_handshake_attach_chosen_circuit() ).
18 : *
19 : * This module also makes sure that we are building circuits for all of the
20 : * predicted ports, using circuit_remove_handled_ports(),
21 : * circuit_stream_is_being_handled(), and circuit_build_needed_cirs(). It
22 : * handles launching circuits for specific targets using
23 : * circuit_launch_by_extend_info().
24 : *
25 : * This is also where we handle expiring circuits that have been around for
26 : * too long without actually completing, along with the circuit_build_timeout
27 : * logic in circuitstats.c.
28 : **/
29 :
30 : #include "core/or/or.h"
31 : #include "app/config/config.h"
32 : #include "core/mainloop/connection.h"
33 : #include "core/or/channel.h"
34 : #include "core/or/circuitbuild.h"
35 : #include "core/or/circuitlist.h"
36 : #include "core/or/circuitstats.h"
37 : #include "core/or/circuituse.h"
38 : #include "core/or/circuitpadding.h"
39 : #include "core/or/connection_edge.h"
40 : #include "core/or/extendinfo.h"
41 : #include "core/or/policies.h"
42 : #include "core/or/trace_probes_circuit.h"
43 : #include "feature/client/addressmap.h"
44 : #include "feature/client/bridges.h"
45 : #include "feature/client/circpathbias.h"
46 : #include "feature/client/entrynodes.h"
47 : #include "feature/client/proxymode.h"
48 : #include "feature/control/control_events.h"
49 : #include "feature/dircommon/directory.h"
50 : #include "feature/hs/hs_circuit.h"
51 : #include "feature/hs/hs_client.h"
52 : #include "feature/hs/hs_common.h"
53 : #include "feature/hs/hs_ident.h"
54 : #include "feature/hs/hs_stats.h"
55 : #include "feature/nodelist/describe.h"
56 : #include "feature/nodelist/networkstatus.h"
57 : #include "feature/nodelist/nodelist.h"
58 : #include "feature/nodelist/routerlist.h"
59 : #include "feature/relay/routermode.h"
60 : #include "feature/relay/selftest.h"
61 : #include "feature/stats/predict_ports.h"
62 : #include "lib/math/fp.h"
63 : #include "lib/time/tvdiff.h"
64 : #include "lib/trace/events.h"
65 :
66 : #include "core/or/cpath_build_state_st.h"
67 : #include "feature/dircommon/dir_connection_st.h"
68 : #include "core/or/entry_connection_st.h"
69 : #include "core/or/extend_info_st.h"
70 : #include "core/or/or_circuit_st.h"
71 : #include "core/or/origin_circuit_st.h"
72 : #include "core/or/socks_request_st.h"
73 :
74 : STATIC void circuit_expire_old_circuits_clientside(void);
75 : static void circuit_increment_failure_count(void);
76 :
77 : /** Check whether the hidden service destination of the stream at
78 : * <b>edge_conn</b> is the same as the destination of the circuit at
79 : * <b>origin_circ</b>. */
80 : static int
81 1 : circuit_matches_with_rend_stream(const edge_connection_t *edge_conn,
82 : const origin_circuit_t *origin_circ)
83 : {
84 : /* Check if this is a v3 rendezvous circ/stream */
85 1 : if ((edge_conn->hs_ident && !origin_circ->hs_ident) ||
86 1 : (!edge_conn->hs_ident && origin_circ->hs_ident) ||
87 2 : (edge_conn->hs_ident && origin_circ->hs_ident &&
88 1 : !ed25519_pubkey_eq(&edge_conn->hs_ident->identity_pk,
89 1 : &origin_circ->hs_ident->identity_pk))) {
90 : /* this circ is not for this conn */
91 0 : return 0;
92 : }
93 :
94 : return 1;
95 : }
96 :
97 : /** Return 1 if <b>circ</b> could be returned by circuit_get_best().
98 : * Else return 0.
99 : */
100 : static int
101 1 : circuit_is_acceptable(const origin_circuit_t *origin_circ,
102 : const entry_connection_t *conn,
103 : int must_be_open, uint8_t purpose,
104 : int need_uptime, int need_internal,
105 : time_t now)
106 : {
107 1 : const circuit_t *circ = TO_CIRCUIT(origin_circ);
108 1 : const node_t *exitnode;
109 1 : cpath_build_state_t *build_state;
110 1 : tor_assert(circ);
111 1 : tor_assert(conn);
112 1 : tor_assert(conn->socks_request);
113 :
114 1 : if (must_be_open && (circ->state != CIRCUIT_STATE_OPEN || !circ->n_chan))
115 : return 0; /* ignore non-open circs */
116 1 : if (circ->marked_for_close)
117 : return 0;
118 :
119 : /* if this circ isn't our purpose, skip. */
120 1 : if (purpose == CIRCUIT_PURPOSE_C_REND_JOINED && !must_be_open) {
121 0 : if (circ->purpose != CIRCUIT_PURPOSE_C_ESTABLISH_REND &&
122 : circ->purpose != CIRCUIT_PURPOSE_C_REND_READY &&
123 0 : circ->purpose != CIRCUIT_PURPOSE_C_REND_READY_INTRO_ACKED &&
124 : circ->purpose != CIRCUIT_PURPOSE_C_REND_JOINED)
125 : return 0;
126 1 : } else if (purpose == CIRCUIT_PURPOSE_C_INTRODUCE_ACK_WAIT &&
127 : !must_be_open) {
128 0 : if (circ->purpose != CIRCUIT_PURPOSE_C_INTRODUCING &&
129 : circ->purpose != CIRCUIT_PURPOSE_C_INTRODUCE_ACK_WAIT)
130 : return 0;
131 : } else {
132 1 : if (purpose != circ->purpose)
133 : return 0;
134 : }
135 :
136 : /* If this is a timed-out hidden service circuit, skip it. */
137 1 : if (origin_circ->hs_circ_has_timed_out) {
138 : return 0;
139 : }
140 :
141 1 : if (purpose == CIRCUIT_PURPOSE_C_GENERAL ||
142 1 : purpose == CIRCUIT_PURPOSE_C_HSDIR_GET ||
143 1 : purpose == CIRCUIT_PURPOSE_S_HSDIR_POST ||
144 1 : purpose == CIRCUIT_PURPOSE_HS_VANGUARDS ||
145 : purpose == CIRCUIT_PURPOSE_C_REND_JOINED) {
146 1 : if (circ->timestamp_dirty &&
147 0 : circ->timestamp_dirty+get_options()->MaxCircuitDirtiness <= now)
148 : return 0;
149 : }
150 :
151 1 : if (origin_circ->unusable_for_new_conns)
152 : return 0;
153 :
154 : /* decide if this circ is suitable for this conn */
155 :
156 : /* for rend circs, circ->cpath->prev is not the last router in the
157 : * circuit, it's the magical extra service hop. so just check the nickname
158 : * of the one we meant to finish at.
159 : */
160 1 : build_state = origin_circ->build_state;
161 1 : exitnode = build_state_get_exit_node(build_state);
162 :
163 1 : if (need_uptime && !build_state->need_uptime)
164 : return 0;
165 1 : if (need_internal != build_state->is_internal)
166 : return 0;
167 :
168 1 : if (purpose == CIRCUIT_PURPOSE_C_GENERAL ||
169 1 : purpose == CIRCUIT_PURPOSE_S_HSDIR_POST ||
170 0 : purpose == CIRCUIT_PURPOSE_C_HSDIR_GET) {
171 0 : tor_addr_t addr;
172 0 : if (!exitnode && !build_state->onehop_tunnel) {
173 0 : log_debug(LD_CIRC,"Not considering circuit with unknown router.");
174 0 : return 0; /* this circuit is screwed and doesn't know it yet,
175 : * or is a rendezvous circuit. */
176 : }
177 0 : if (build_state->onehop_tunnel) {
178 0 : if (!conn->want_onehop) {
179 0 : log_debug(LD_CIRC,"Skipping one-hop circuit.");
180 0 : return 0;
181 : }
182 0 : tor_assert(conn->chosen_exit_name);
183 0 : if (build_state->chosen_exit) {
184 0 : char digest[DIGEST_LEN];
185 0 : if (hexdigest_to_digest(conn->chosen_exit_name, digest) < 0)
186 0 : return 0; /* broken digest, we don't want it */
187 0 : if (tor_memneq(digest, build_state->chosen_exit->identity_digest,
188 : DIGEST_LEN))
189 : return 0; /* this is a circuit to somewhere else */
190 0 : if (tor_digest_is_zero(digest)) {
191 : /* we don't know the digest; have to compare addr:port */
192 0 : const int family = tor_addr_parse(&addr,
193 0 : conn->socks_request->address);
194 0 : if (family < 0 ||
195 0 : !extend_info_has_orport(build_state->chosen_exit, &addr,
196 0 : conn->socks_request->port))
197 0 : return 0;
198 : }
199 : }
200 : } else {
201 0 : if (conn->want_onehop) {
202 : /* don't use three-hop circuits -- that could hurt our anonymity. */
203 : return 0;
204 : }
205 : }
206 0 : if (origin_circ->prepend_policy) {
207 0 : if (tor_addr_parse(&addr, conn->socks_request->address) != -1) {
208 0 : int r = compare_tor_addr_to_addr_policy(&addr,
209 0 : conn->socks_request->port,
210 0 : origin_circ->prepend_policy);
211 0 : if (r == ADDR_POLICY_REJECTED)
212 : return 0;
213 : }
214 : }
215 0 : if (exitnode && !connection_ap_can_use_exit(conn, exitnode)) {
216 : /* can't exit from this router */
217 : return 0;
218 : }
219 : } else { /* not general: this might be a rend circuit */
220 1 : const edge_connection_t *edge_conn = ENTRY_TO_EDGE_CONN(conn);
221 1 : if (!circuit_matches_with_rend_stream(edge_conn, origin_circ)) {
222 : return 0;
223 : }
224 : }
225 :
226 1 : if (!connection_edge_compatible_with_circuit(conn, origin_circ)) {
227 : /* conn needs to be isolated from other conns that have already used
228 : * origin_circ */
229 0 : return 0;
230 : }
231 :
232 : return 1;
233 : }
234 :
235 : /** Return 1 if circuit <b>a</b> is better than circuit <b>b</b> for
236 : * <b>conn</b>, and return 0 otherwise. Used by circuit_get_best.
237 : */
238 : static int
239 0 : circuit_is_better(const origin_circuit_t *oa, const origin_circuit_t *ob,
240 : const entry_connection_t *conn)
241 : {
242 0 : const circuit_t *a = TO_CIRCUIT(oa);
243 0 : const circuit_t *b = TO_CIRCUIT(ob);
244 0 : const uint8_t purpose = ENTRY_TO_CONN(conn)->purpose;
245 0 : int a_bits, b_bits;
246 :
247 : /* If one of the circuits was allowed to live due to relaxing its timeout,
248 : * it is definitely worse (it's probably a much slower path). */
249 0 : if (oa->relaxed_timeout && !ob->relaxed_timeout)
250 : return 0; /* ob is better. It's not relaxed. */
251 0 : if (!oa->relaxed_timeout && ob->relaxed_timeout)
252 : return 1; /* oa is better. It's not relaxed. */
253 :
254 0 : switch (purpose) {
255 0 : case CIRCUIT_PURPOSE_S_HSDIR_POST:
256 : case CIRCUIT_PURPOSE_C_HSDIR_GET:
257 : case CIRCUIT_PURPOSE_C_GENERAL:
258 : /* if it's used but less dirty it's best;
259 : * else if it's more recently created it's best
260 : */
261 0 : if (b->timestamp_dirty) {
262 0 : if (a->timestamp_dirty &&
263 : a->timestamp_dirty > b->timestamp_dirty)
264 : return 1;
265 : } else {
266 0 : if (a->timestamp_dirty ||
267 0 : timercmp(&a->timestamp_began, &b->timestamp_began, OP_GT))
268 : return 1;
269 0 : if (ob->build_state->is_internal)
270 : /* XXXX++ what the heck is this internal thing doing here. I
271 : * think we can get rid of it. circuit_is_acceptable() already
272 : * makes sure that is_internal is exactly what we need it to
273 : * be. -RD */
274 : return 1;
275 : }
276 : break;
277 0 : case CIRCUIT_PURPOSE_C_INTRODUCE_ACK_WAIT:
278 : /* the closer it is to ack_wait the better it is */
279 0 : if (a->purpose > b->purpose)
280 : return 1;
281 : break;
282 0 : case CIRCUIT_PURPOSE_C_REND_JOINED:
283 : /* the closer it is to rend_joined the better it is */
284 0 : if (a->purpose > b->purpose)
285 : return 1;
286 : break;
287 : }
288 :
289 : /* XXXX Maybe this check should get a higher priority to avoid
290 : * using up circuits too rapidly. */
291 :
292 0 : a_bits = connection_edge_update_circuit_isolation(conn,
293 : (origin_circuit_t*)oa, 1);
294 0 : b_bits = connection_edge_update_circuit_isolation(conn,
295 : (origin_circuit_t*)ob, 1);
296 : /* if x_bits < 0, then we have not used x for anything; better not to dirty
297 : * a connection if we can help it. */
298 0 : if (a_bits < 0) {
299 : return 0;
300 0 : } else if (b_bits < 0) {
301 : return 1;
302 : }
303 0 : a_bits &= ~ oa->isolation_flags_mixed;
304 0 : a_bits &= ~ ob->isolation_flags_mixed;
305 0 : if (n_bits_set_u8(a_bits) < n_bits_set_u8(b_bits)) {
306 : /* The fewer new restrictions we need to make on a circuit for stream
307 : * isolation, the better. */
308 0 : return 1;
309 : }
310 :
311 : return 0;
312 : }
313 :
314 : /** Find the best circ that conn can use, preferably one which is
315 : * dirty. Circ must not be too old.
316 : *
317 : * Conn must be defined.
318 : *
319 : * If must_be_open, ignore circs not in CIRCUIT_STATE_OPEN.
320 : *
321 : * circ_purpose specifies what sort of circuit we must have.
322 : * It can be C_GENERAL, C_INTRODUCE_ACK_WAIT, or C_REND_JOINED.
323 : *
324 : * If it's REND_JOINED and must_be_open==0, then return the closest
325 : * rendezvous-purposed circuit that you can find.
326 : *
327 : * If it's INTRODUCE_ACK_WAIT and must_be_open==0, then return the
328 : * closest introduce-purposed circuit that you can find.
329 : */
330 : static origin_circuit_t *
331 1 : circuit_get_best(const entry_connection_t *conn,
332 : int must_be_open, uint8_t purpose,
333 : int need_uptime, int need_internal)
334 : {
335 1 : origin_circuit_t *best=NULL;
336 1 : struct timeval now;
337 1 : int intro_going_on_but_too_old = 0;
338 :
339 1 : tor_assert(conn);
340 :
341 1 : tor_assert(purpose == CIRCUIT_PURPOSE_C_GENERAL ||
342 : purpose == CIRCUIT_PURPOSE_HS_VANGUARDS ||
343 : purpose == CIRCUIT_PURPOSE_C_HSDIR_GET ||
344 : purpose == CIRCUIT_PURPOSE_S_HSDIR_POST ||
345 : purpose == CIRCUIT_PURPOSE_C_INTRODUCE_ACK_WAIT ||
346 : purpose == CIRCUIT_PURPOSE_C_REND_JOINED);
347 :
348 1 : tor_gettimeofday(&now);
349 :
350 2 : SMARTLIST_FOREACH_BEGIN(circuit_get_global_list(), circuit_t *, circ) {
351 1 : origin_circuit_t *origin_circ;
352 1 : if (!CIRCUIT_IS_ORIGIN(circ))
353 0 : continue;
354 1 : origin_circ = TO_ORIGIN_CIRCUIT(circ);
355 :
356 : /* Log an info message if we're going to launch a new intro circ in
357 : * parallel */
358 1 : if (purpose == CIRCUIT_PURPOSE_C_INTRODUCE_ACK_WAIT &&
359 1 : !must_be_open && origin_circ->hs_circ_has_timed_out &&
360 0 : !circ->marked_for_close) {
361 0 : intro_going_on_but_too_old = 1;
362 0 : continue;
363 : }
364 :
365 1 : if (!circuit_is_acceptable(origin_circ,conn,must_be_open,purpose,
366 1 : need_uptime,need_internal, (time_t)now.tv_sec))
367 0 : continue;
368 :
369 : /* now this is an acceptable circ to hand back. but that doesn't
370 : * mean it's the *best* circ to hand back. try to decide.
371 : */
372 1 : if (!best || circuit_is_better(origin_circ,best,conn))
373 : best = origin_circ;
374 : }
375 1 : SMARTLIST_FOREACH_END(circ);
376 :
377 1 : if (!best && intro_going_on_but_too_old)
378 0 : log_info(LD_REND|LD_CIRC, "There is an intro circuit being created "
379 : "right now, but it has already taken quite a while. Starting "
380 : "one in parallel.");
381 :
382 1 : return best;
383 : }
384 :
385 : /** Return the number of not-yet-open general-purpose origin circuits. */
386 : static int
387 0 : count_pending_general_client_circuits(void)
388 : {
389 0 : int count = 0;
390 :
391 0 : SMARTLIST_FOREACH_BEGIN(circuit_get_global_list(), circuit_t *, circ) {
392 0 : if (circ->marked_for_close ||
393 0 : circ->state == CIRCUIT_STATE_OPEN ||
394 0 : !CIRCUIT_PURPOSE_COUNTS_TOWARDS_MAXPENDING(circ->purpose) ||
395 : !CIRCUIT_IS_ORIGIN(circ))
396 0 : continue;
397 :
398 0 : ++count;
399 : }
400 0 : SMARTLIST_FOREACH_END(circ);
401 :
402 0 : return count;
403 : }
404 :
405 : #if 0
406 : /** Check whether, according to the policies in <b>options</b>, the
407 : * circuit <b>circ</b> makes sense. */
408 : /* XXXX currently only checks Exclude{Exit}Nodes; it should check more.
409 : * Also, it doesn't have the right definition of an exit circuit. Also,
410 : * it's never called. */
411 : int
412 : circuit_conforms_to_options(const origin_circuit_t *circ,
413 : const or_options_t *options)
414 : {
415 : const crypt_path_t *cpath, *cpath_next = NULL;
416 :
417 : /* first check if it includes any excluded nodes */
418 : for (cpath = circ->cpath; cpath_next != circ->cpath; cpath = cpath_next) {
419 : cpath_next = cpath->next;
420 : if (routerset_contains_extendinfo(options->ExcludeNodes,
421 : cpath->extend_info))
422 : return 0;
423 : }
424 :
425 : /* then consider the final hop */
426 : if (routerset_contains_extendinfo(options->ExcludeExitNodes,
427 : circ->cpath->prev->extend_info))
428 : return 0;
429 :
430 : return 1;
431 : }
432 : #endif /* 0 */
433 :
434 : /**
435 : * Close all circuits that start at us, aren't open, and were born
436 : * at least CircuitBuildTimeout seconds ago.
437 : *
438 : * TODO: This function is now partially redundant to
439 : * circuit_build_times_handle_completed_hop(), but that function only
440 : * covers circuits up to and including 3 hops that are still actually
441 : * completing hops. However, circuit_expire_building() also handles longer
442 : * circuits, as well as circuits that are completely stalled.
443 : * In the future (after prop247/other path selection revamping), we probably
444 : * want to eliminate this rats nest in favor of a simpler approach.
445 : */
446 : void
447 4 : circuit_expire_building(void)
448 : {
449 : /* circ_times.timeout_ms and circ_times.close_ms are from
450 : * circuit_build_times_get_initial_timeout() if we haven't computed
451 : * custom timeouts yet */
452 4 : struct timeval general_cutoff, begindir_cutoff, fourhop_cutoff,
453 : close_cutoff, extremely_old_cutoff, hs_extremely_old_cutoff,
454 : cannibalized_cutoff, c_intro_cutoff, s_intro_cutoff, stream_cutoff;
455 4 : const or_options_t *options = get_options();
456 4 : struct timeval now;
457 4 : cpath_build_state_t *build_state;
458 4 : int any_opened_circs = 0;
459 :
460 4 : tor_gettimeofday(&now);
461 :
462 : /* Check to see if we have any opened circuits. If we don't,
463 : * we want to be more lenient with timeouts, in case the
464 : * user has relocated and/or changed network connections.
465 : * See bug #3443. */
466 4 : any_opened_circs = circuit_any_opened_circuits();
467 :
468 : #define SET_CUTOFF(target, msec) do { \
469 : long ms = tor_lround(msec); \
470 : struct timeval diff; \
471 : diff.tv_sec = ms / 1000; \
472 : diff.tv_usec = (int)((ms % 1000) * 1000); \
473 : timersub(&now, &diff, &target); \
474 : } while (0)
475 :
476 : /**
477 : * Because circuit build timeout is calculated only based on 3 hop
478 : * general purpose circuit construction, we need to scale the timeout
479 : * to make it properly apply to longer circuits, and circuits of
480 : * certain usage types. The following diagram illustrates how we
481 : * derive the scaling below. In short, we calculate the number
482 : * of times our telescoping-based circuit construction causes cells
483 : * to traverse each link for the circuit purpose types in question,
484 : * and then assume each link is equivalent.
485 : *
486 : * OP --a--> A --b--> B --c--> C
487 : * OP --a--> A --b--> B --c--> C --d--> D
488 : *
489 : * Let h = a = b = c = d
490 : *
491 : * Three hops (general_cutoff)
492 : * RTTs = 3a + 2b + c
493 : * RTTs = 6h
494 : * Cannibalized:
495 : * RTTs = a+b+c+d
496 : * RTTs = 4h
497 : * Four hops:
498 : * RTTs = 4a + 3b + 2c + d
499 : * RTTs = 10h
500 : * Client INTRODUCE1+ACK: // XXX: correct?
501 : * RTTs = 5a + 4b + 3c + 2d
502 : * RTTs = 14h
503 : * Server intro:
504 : * RTTs = 4a + 3b + 2c
505 : * RTTs = 9h
506 : */
507 4 : SET_CUTOFF(general_cutoff, get_circuit_build_timeout_ms());
508 4 : SET_CUTOFF(begindir_cutoff, get_circuit_build_timeout_ms());
509 :
510 : // TODO: We should probably use route_len_for_purpose() here instead,
511 : // except that does not count the extra round trip for things like server
512 : // intros and rends.
513 :
514 : /* > 3hop circs seem to have a 1.0 second delay on their cannibalized
515 : * 4th hop. */
516 4 : SET_CUTOFF(fourhop_cutoff, get_circuit_build_timeout_ms() * (10/6.0) + 1000);
517 :
518 : /* CIRCUIT_PURPOSE_C_ESTABLISH_REND behaves more like a RELAY cell.
519 : * Use the stream cutoff (more or less). */
520 4 : SET_CUTOFF(stream_cutoff, MAX(options->CircuitStreamTimeout,15)*1000 + 1000);
521 :
522 : /* Be lenient with cannibalized circs. They already survived the official
523 : * CBT, and they're usually not performance-critical. */
524 4 : SET_CUTOFF(cannibalized_cutoff,
525 : MAX(get_circuit_build_close_time_ms()*(4/6.0),
526 : options->CircuitStreamTimeout * 1000) + 1000);
527 :
528 : /* Intro circs have an extra round trip (and are also 4 hops long) */
529 4 : SET_CUTOFF(c_intro_cutoff, get_circuit_build_timeout_ms() * (14/6.0) + 1000);
530 :
531 : /* Server intro circs have an extra round trip */
532 4 : SET_CUTOFF(s_intro_cutoff, get_circuit_build_timeout_ms() * (9/6.0) + 1000);
533 :
534 4 : SET_CUTOFF(close_cutoff, get_circuit_build_close_time_ms());
535 4 : SET_CUTOFF(extremely_old_cutoff, get_circuit_build_close_time_ms()*2 + 1000);
536 :
537 4 : SET_CUTOFF(hs_extremely_old_cutoff,
538 : MAX(get_circuit_build_close_time_ms()*2 + 1000,
539 : options->SocksTimeout * 1000));
540 :
541 4 : bool fixed_time = circuit_build_times_disabled(get_options());
542 :
543 10 : SMARTLIST_FOREACH_BEGIN(circuit_get_global_list(), circuit_t *,victim) {
544 6 : struct timeval cutoff;
545 :
546 6 : if (!CIRCUIT_IS_ORIGIN(victim) || /* didn't originate here */
547 6 : victim->marked_for_close) /* don't mess with marked circs */
548 0 : continue;
549 :
550 : /* If we haven't yet started the first hop, it means we don't have
551 : * any orconns available, and thus have not started counting time yet
552 : * for this circuit. See circuit_deliver_create_cell() and uses of
553 : * timestamp_began.
554 : *
555 : * Continue to wait in this case. The ORConn should timeout
556 : * independently and kill us then.
557 : */
558 6 : if (TO_ORIGIN_CIRCUIT(victim)->cpath->state == CPATH_STATE_CLOSED) {
559 0 : continue;
560 : }
561 :
562 6 : build_state = TO_ORIGIN_CIRCUIT(victim)->build_state;
563 6 : if (build_state && build_state->onehop_tunnel)
564 : cutoff = begindir_cutoff;
565 6 : else if (victim->purpose == CIRCUIT_PURPOSE_C_MEASURE_TIMEOUT)
566 : cutoff = close_cutoff;
567 5 : else if (victim->purpose == CIRCUIT_PURPOSE_C_INTRODUCE_ACK_WAIT)
568 : cutoff = c_intro_cutoff;
569 : else if (victim->purpose == CIRCUIT_PURPOSE_S_ESTABLISH_INTRO)
570 : cutoff = s_intro_cutoff;
571 : else if (victim->purpose == CIRCUIT_PURPOSE_C_ESTABLISH_REND)
572 : cutoff = stream_cutoff;
573 : else if (victim->purpose == CIRCUIT_PURPOSE_PATH_BIAS_TESTING)
574 : cutoff = close_cutoff;
575 5 : else if (TO_ORIGIN_CIRCUIT(victim)->has_opened &&
576 2 : victim->state != CIRCUIT_STATE_OPEN)
577 : cutoff = cannibalized_cutoff;
578 5 : else if (build_state && build_state->desired_path_len >= 4)
579 : cutoff = fourhop_cutoff;
580 : else
581 2 : cutoff = general_cutoff;
582 :
583 6 : if (TO_ORIGIN_CIRCUIT(victim)->hs_circ_has_timed_out)
584 0 : cutoff = hs_extremely_old_cutoff;
585 :
586 6 : if (timercmp(&victim->timestamp_began, &cutoff, OP_GT))
587 4 : continue; /* it's still young, leave it alone */
588 :
589 : /* We need to double-check the opened state here because
590 : * we don't want to consider opened 1-hop dircon circuits for
591 : * deciding when to relax the timeout, but we *do* want to relax
592 : * those circuits too if nothing else is opened *and* they still
593 : * aren't either. */
594 2 : if (!any_opened_circs && victim->state != CIRCUIT_STATE_OPEN) {
595 : /* It's still young enough that we wouldn't close it, right? */
596 2 : if (timercmp(&victim->timestamp_began, &close_cutoff, OP_GT)) {
597 1 : if (!TO_ORIGIN_CIRCUIT(victim)->relaxed_timeout) {
598 1 : int first_hop_succeeded = TO_ORIGIN_CIRCUIT(victim)->cpath->state
599 1 : == CPATH_STATE_OPEN;
600 1 : if (!fixed_time) {
601 1 : log_info(LD_CIRC,
602 : "No circuits are opened. Relaxing timeout for circuit %d "
603 : "(a %s %d-hop circuit in state %s with channel state %s).",
604 : TO_ORIGIN_CIRCUIT(victim)->global_identifier,
605 : circuit_purpose_to_string(victim->purpose),
606 : TO_ORIGIN_CIRCUIT(victim)->build_state ?
607 : TO_ORIGIN_CIRCUIT(victim)->build_state->desired_path_len :
608 : -1,
609 : circuit_state_to_string(victim->state),
610 : victim->n_chan ?
611 : channel_state_to_string(victim->n_chan->state) : "none");
612 : }
613 :
614 : /* We count the timeout here for CBT, because technically this
615 : * was a timeout, and the timeout value needs to reset if we
616 : * see enough of them. Note this means we also need to avoid
617 : * double-counting below, too. */
618 1 : circuit_build_times_count_timeout(get_circuit_build_times_mutable(),
619 : first_hop_succeeded);
620 1 : TO_ORIGIN_CIRCUIT(victim)->relaxed_timeout = 1;
621 : }
622 1 : continue;
623 : } else {
624 1 : static ratelim_t relax_timeout_limit = RATELIM_INIT(3600);
625 1 : const double build_close_ms = get_circuit_build_close_time_ms();
626 1 : if (!fixed_time) {
627 1 : log_fn_ratelim(&relax_timeout_limit, LOG_NOTICE, LD_CIRC,
628 : "No circuits are opened. Relaxed timeout for circuit %d "
629 : "(a %s %d-hop circuit in state %s with channel state %s) to "
630 : "%ldms. However, it appears the circuit has timed out "
631 : "anyway.",
632 : TO_ORIGIN_CIRCUIT(victim)->global_identifier,
633 : circuit_purpose_to_string(victim->purpose),
634 : TO_ORIGIN_CIRCUIT(victim)->build_state ?
635 : TO_ORIGIN_CIRCUIT(victim)->build_state->desired_path_len :
636 : -1,
637 : circuit_state_to_string(victim->state),
638 : victim->n_chan ?
639 : channel_state_to_string(victim->n_chan->state) : "none",
640 : (long)build_close_ms);
641 : }
642 : }
643 : }
644 :
645 : #if 0
646 : /* some debug logs, to help track bugs */
647 : if (victim->purpose >= CIRCUIT_PURPOSE_C_INTRODUCING &&
648 : victim->purpose <= CIRCUIT_PURPOSE_C_REND_READY_INTRO_ACKED) {
649 : if (!victim->timestamp_dirty)
650 : log_fn(LOG_DEBUG,"Considering %sopen purpose %d to %s (circid %d)."
651 : "(clean).",
652 : victim->state == CIRCUIT_STATE_OPEN ? "" : "non",
653 : victim->purpose, victim->build_state->chosen_exit_name,
654 : victim->n_circ_id);
655 : else
656 : log_fn(LOG_DEBUG,"Considering %sopen purpose %d to %s (circid %d). "
657 : "%d secs since dirty.",
658 : victim->state == CIRCUIT_STATE_OPEN ? "" : "non",
659 : victim->purpose, victim->build_state->chosen_exit_name,
660 : victim->n_circ_id,
661 : (int)(now - victim->timestamp_dirty));
662 : }
663 : #endif /* 0 */
664 :
665 : /* if circ is !open, or if it's open but purpose is a non-finished
666 : * intro or rend, then mark it for close */
667 1 : if (victim->state == CIRCUIT_STATE_OPEN) {
668 0 : switch (victim->purpose) {
669 0 : default: /* most open circuits can be left alone. */
670 0 : continue; /* yes, continue inside a switch refers to the nearest
671 : * enclosing loop. C is smart. */
672 : case CIRCUIT_PURPOSE_S_ESTABLISH_INTRO:
673 : break; /* too old, need to die */
674 0 : case CIRCUIT_PURPOSE_C_REND_READY:
675 : /* it's a rend_ready circ -- has it already picked a query? */
676 : /* c_rend_ready circs measure age since timestamp_dirty,
677 : * because that's set when they switch purposes
678 : */
679 0 : if (TO_ORIGIN_CIRCUIT(victim)->hs_ident ||
680 0 : victim->timestamp_dirty > cutoff.tv_sec)
681 0 : continue;
682 : break;
683 0 : case CIRCUIT_PURPOSE_PATH_BIAS_TESTING:
684 : /* Open path bias testing circuits are given a long
685 : * time to complete the test, but not forever */
686 0 : TO_ORIGIN_CIRCUIT(victim)->path_state = PATH_STATE_USE_FAILED;
687 0 : break;
688 0 : case CIRCUIT_PURPOSE_C_INTRODUCING:
689 : /* That purpose means that the intro point circuit has been opened
690 : * successfully but the INTRODUCE1 cell hasn't been sent yet because
691 : * the client is waiting for the rendezvous point circuit to open.
692 : * Keep this circuit open while waiting for the rendezvous circuit.
693 : * We let the circuit idle timeout take care of cleaning this
694 : * circuit if it never used. */
695 0 : continue;
696 0 : case CIRCUIT_PURPOSE_C_ESTABLISH_REND:
697 : case CIRCUIT_PURPOSE_C_REND_READY_INTRO_ACKED:
698 : case CIRCUIT_PURPOSE_C_INTRODUCE_ACK_WAIT:
699 : /* rend and intro circs become dirty each time they
700 : * make an introduction attempt. so timestamp_dirty
701 : * will reflect the time since the last attempt.
702 : */
703 0 : if (victim->timestamp_dirty > cutoff.tv_sec)
704 0 : continue;
705 : break;
706 : }
707 : } else { /* circuit not open, consider recording failure as timeout */
708 1 : int first_hop_succeeded = TO_ORIGIN_CIRCUIT(victim)->cpath &&
709 1 : TO_ORIGIN_CIRCUIT(victim)->cpath->state == CPATH_STATE_OPEN;
710 :
711 1 : if (TO_ORIGIN_CIRCUIT(victim)->p_streams != NULL) {
712 0 : log_warn(LD_BUG, "Circuit %d (purpose %d, %s) has timed out, "
713 : "yet has attached streams!",
714 : TO_ORIGIN_CIRCUIT(victim)->global_identifier,
715 : victim->purpose,
716 : circuit_purpose_to_string(victim->purpose));
717 0 : tor_fragile_assert();
718 0 : continue;
719 : }
720 :
721 1 : if (circuit_timeout_want_to_count_circ(TO_ORIGIN_CIRCUIT(victim)) &&
722 0 : circuit_build_times_enough_to_compute(get_circuit_build_times())) {
723 :
724 0 : log_info(LD_CIRC,
725 : "Deciding to count the timeout for circuit %"PRIu32,
726 : TO_ORIGIN_CIRCUIT(victim)->global_identifier);
727 :
728 : /* Circuits are allowed to last longer for measurement.
729 : * Switch their purpose and wait. */
730 0 : if (victim->purpose != CIRCUIT_PURPOSE_C_MEASURE_TIMEOUT) {
731 0 : circuit_build_times_mark_circ_as_measurement_only(TO_ORIGIN_CIRCUIT(
732 : victim));
733 0 : continue;
734 : }
735 :
736 : /*
737 : * If the circuit build time is much greater than we would have cut
738 : * it off at, we probably had a suspend event along this codepath,
739 : * and we should discard the value.
740 : */
741 0 : if (timercmp(&victim->timestamp_began, &extremely_old_cutoff, OP_LT)) {
742 0 : log_notice(LD_CIRC,
743 : "Extremely large value for circuit build timeout: %lds. "
744 : "Assuming clock jump. Purpose %d (%s)",
745 : (long)(now.tv_sec - victim->timestamp_began.tv_sec),
746 : victim->purpose,
747 : circuit_purpose_to_string(victim->purpose));
748 0 : } else if (circuit_build_times_count_close(
749 : get_circuit_build_times_mutable(),
750 : first_hop_succeeded,
751 0 : (time_t)victim->timestamp_created.tv_sec)) {
752 0 : circuit_build_times_set_timeout(get_circuit_build_times_mutable());
753 : }
754 : }
755 : }
756 :
757 : /* If this is a hidden service client circuit which is far enough along in
758 : * connecting to its destination, and we haven't already flagged it as
759 : * 'timed out', flag it so we'll launch another intro or rend circ, but
760 : * don't mark it for close yet.
761 : *
762 : * (Circs flagged as 'timed out' are given a much longer timeout
763 : * period above, so we won't close them in the next call to
764 : * circuit_expire_building.) */
765 1 : if (!(TO_ORIGIN_CIRCUIT(victim)->hs_circ_has_timed_out)) {
766 1 : switch (victim->purpose) {
767 0 : case CIRCUIT_PURPOSE_C_REND_READY:
768 : /* We only want to spare a rend circ iff it has been specified in an
769 : * INTRODUCE1 cell sent to a hidden service. */
770 0 : if (!hs_circ_is_rend_sent_in_intro1(CONST_TO_ORIGIN_CIRCUIT(victim))) {
771 : break;
772 : }
773 0 : FALLTHROUGH;
774 : case CIRCUIT_PURPOSE_C_INTRODUCE_ACK_WAIT:
775 : case CIRCUIT_PURPOSE_C_REND_READY_INTRO_ACKED:
776 : /* If we have reached this line, we want to spare the circ for now. */
777 0 : log_info(LD_CIRC,"Marking circ %u (state %d:%s, purpose %d) "
778 : "as timed-out HS circ",
779 : (unsigned)victim->n_circ_id,
780 : victim->state, circuit_state_to_string(victim->state),
781 : victim->purpose);
782 0 : TO_ORIGIN_CIRCUIT(victim)->hs_circ_has_timed_out = 1;
783 0 : continue;
784 : default:
785 : break;
786 : }
787 : }
788 :
789 : /* If this is a service-side rendezvous circuit which is far
790 : * enough along in connecting to its destination, consider sparing
791 : * it. */
792 1 : if (!(TO_ORIGIN_CIRCUIT(victim)->hs_circ_has_timed_out) &&
793 1 : victim->purpose == CIRCUIT_PURPOSE_S_CONNECT_REND) {
794 0 : log_info(LD_CIRC,"Marking circ %u (state %d:%s, purpose %d) "
795 : "as timed-out HS circ; relaunching rendezvous attempt.",
796 : (unsigned)victim->n_circ_id,
797 : victim->state, circuit_state_to_string(victim->state),
798 : victim->purpose);
799 0 : TO_ORIGIN_CIRCUIT(victim)->hs_circ_has_timed_out = 1;
800 0 : hs_circ_retry_service_rendezvous_point(TO_ORIGIN_CIRCUIT(victim));
801 0 : continue;
802 : }
803 :
804 1 : if (victim->n_chan)
805 0 : log_info(LD_CIRC,
806 : "Abandoning circ %u %s:%u (state %d,%d:%s, purpose %d, "
807 : "len %d)", TO_ORIGIN_CIRCUIT(victim)->global_identifier,
808 : channel_describe_peer(victim->n_chan),
809 : (unsigned)victim->n_circ_id,
810 : TO_ORIGIN_CIRCUIT(victim)->has_opened,
811 : victim->state, circuit_state_to_string(victim->state),
812 : victim->purpose,
813 : TO_ORIGIN_CIRCUIT(victim)->build_state ?
814 : TO_ORIGIN_CIRCUIT(victim)->build_state->desired_path_len :
815 : -1);
816 : else
817 1 : log_info(LD_CIRC,
818 : "Abandoning circ %u %u (state %d,%d:%s, purpose %d, len %d)",
819 : TO_ORIGIN_CIRCUIT(victim)->global_identifier,
820 : (unsigned)victim->n_circ_id,
821 : TO_ORIGIN_CIRCUIT(victim)->has_opened,
822 : victim->state,
823 : circuit_state_to_string(victim->state), victim->purpose,
824 : TO_ORIGIN_CIRCUIT(victim)->build_state ?
825 : TO_ORIGIN_CIRCUIT(victim)->build_state->desired_path_len :
826 : -1);
827 :
828 1 : circuit_log_path(LOG_INFO,LD_CIRC,TO_ORIGIN_CIRCUIT(victim));
829 1 : tor_trace(TR_SUBSYS(circuit), TR_EV(timeout), TO_ORIGIN_CIRCUIT(victim));
830 1 : if (victim->purpose == CIRCUIT_PURPOSE_C_MEASURE_TIMEOUT)
831 0 : circuit_mark_for_close(victim, END_CIRC_REASON_MEASUREMENT_EXPIRED);
832 : else
833 1 : circuit_mark_for_close(victim, END_CIRC_REASON_TIMEOUT);
834 :
835 1 : pathbias_count_timeout(TO_ORIGIN_CIRCUIT(victim));
836 6 : } SMARTLIST_FOREACH_END(victim);
837 4 : }
838 :
839 : /**
840 : * Mark for close all circuits that start here, that were built through a
841 : * guard we weren't sure if we wanted to use, and that have been waiting
842 : * around for way too long.
843 : */
844 : void
845 0 : circuit_expire_waiting_for_better_guard(void)
846 : {
847 0 : SMARTLIST_FOREACH_BEGIN(circuit_get_global_origin_circuit_list(),
848 : origin_circuit_t *, circ) {
849 0 : if (TO_CIRCUIT(circ)->marked_for_close)
850 0 : continue;
851 0 : if (circ->guard_state == NULL)
852 0 : continue;
853 0 : if (entry_guard_state_should_expire(circ->guard_state))
854 0 : circuit_mark_for_close(TO_CIRCUIT(circ), END_CIRC_REASON_NONE);
855 0 : } SMARTLIST_FOREACH_END(circ);
856 0 : }
857 :
858 : /** For debugging #8387: track when we last called
859 : * circuit_expire_old_circuits_clientside. */
860 : static time_t last_expired_clientside_circuits = 0;
861 :
862 : /**
863 : * As a diagnostic for bug 8387, log information about how many one-hop
864 : * circuits we have around that have been there for at least <b>age</b>
865 : * seconds. Log a few of them. Ignores Single Onion Service intro, it is
866 : * expected to be long-term one-hop circuits.
867 : */
868 : void
869 5 : circuit_log_ancient_one_hop_circuits(int age)
870 : {
871 : #define MAX_ANCIENT_ONEHOP_CIRCUITS_TO_LOG 10
872 5 : time_t now = time(NULL);
873 5 : time_t cutoff = now - age;
874 5 : int n_found = 0;
875 5 : smartlist_t *log_these = smartlist_new();
876 5 : const or_options_t *options = get_options();
877 :
878 5 : SMARTLIST_FOREACH_BEGIN(circuit_get_global_list(), circuit_t *, circ) {
879 0 : const origin_circuit_t *ocirc;
880 0 : if (! CIRCUIT_IS_ORIGIN(circ))
881 0 : continue;
882 0 : if (circ->timestamp_created.tv_sec >= cutoff)
883 0 : continue;
884 : /* Single Onion Services deliberately make long term one-hop intro
885 : * and rendezvous connections. Don't log the established ones. */
886 0 : if (hs_service_allow_non_anonymous_connection(options) &&
887 0 : (circ->purpose == CIRCUIT_PURPOSE_S_INTRO ||
888 : circ->purpose == CIRCUIT_PURPOSE_S_REND_JOINED))
889 0 : continue;
890 0 : ocirc = CONST_TO_ORIGIN_CIRCUIT(circ);
891 :
892 0 : if (ocirc->build_state && ocirc->build_state->onehop_tunnel) {
893 0 : ++n_found;
894 :
895 0 : if (smartlist_len(log_these) < MAX_ANCIENT_ONEHOP_CIRCUITS_TO_LOG)
896 0 : smartlist_add(log_these, (origin_circuit_t*) ocirc);
897 : }
898 : }
899 0 : SMARTLIST_FOREACH_END(circ);
900 :
901 5 : if (n_found == 0)
902 5 : goto done;
903 :
904 0 : log_notice(LD_HEARTBEAT,
905 : "Diagnostic for issue 8387: Found %d one-hop circuits more "
906 : "than %d seconds old! Logging %d...",
907 : n_found, age, smartlist_len(log_these));
908 :
909 0 : SMARTLIST_FOREACH_BEGIN(log_these, const origin_circuit_t *, ocirc) {
910 0 : char created[ISO_TIME_LEN+1];
911 0 : int stream_num;
912 0 : const edge_connection_t *conn;
913 0 : char *dirty = NULL;
914 0 : const circuit_t *circ = TO_CIRCUIT(ocirc);
915 :
916 0 : format_local_iso_time(created,
917 0 : (time_t)circ->timestamp_created.tv_sec);
918 :
919 0 : if (circ->timestamp_dirty) {
920 0 : char dirty_since[ISO_TIME_LEN+1];
921 0 : format_local_iso_time(dirty_since, circ->timestamp_dirty);
922 :
923 0 : tor_asprintf(&dirty, "Dirty since %s (%ld seconds vs %ld-second cutoff)",
924 0 : dirty_since, (long)(now - circ->timestamp_dirty),
925 0 : (long) options->MaxCircuitDirtiness);
926 : } else {
927 0 : dirty = tor_strdup("Not marked dirty");
928 : }
929 :
930 0 : log_notice(LD_HEARTBEAT, " #%d created at %s. %s, %s. %s for close. "
931 : "Package window: %d. "
932 : "%s for new conns. %s.",
933 : ocirc_sl_idx,
934 : created,
935 : circuit_state_to_string(circ->state),
936 : circuit_purpose_to_string(circ->purpose),
937 : circ->marked_for_close ? "Marked" : "Not marked",
938 : circ->package_window,
939 : ocirc->unusable_for_new_conns ? "Not usable" : "usable",
940 : dirty);
941 0 : tor_free(dirty);
942 :
943 0 : stream_num = 0;
944 0 : for (conn = ocirc->p_streams; conn; conn = conn->next_stream) {
945 0 : const connection_t *c = TO_CONN(conn);
946 0 : char stream_created[ISO_TIME_LEN+1];
947 0 : if (++stream_num >= 5)
948 : break;
949 :
950 0 : format_local_iso_time(stream_created, c->timestamp_created);
951 :
952 0 : log_notice(LD_HEARTBEAT, " Stream#%d created at %s. "
953 : "%s conn in state %s. "
954 : "It is %slinked and %sreading from a linked connection %p. "
955 : "Package window %d. "
956 : "%s for close (%s:%d). Hold-open is %sset. "
957 : "Has %ssent RELAY_END. %s on circuit.",
958 : stream_num,
959 : stream_created,
960 : conn_type_to_string(c->type),
961 : conn_state_to_string(c->type, c->state),
962 : c->linked ? "" : "not ",
963 : c->reading_from_linked_conn ? "": "not",
964 : c->linked_conn,
965 : conn->package_window,
966 : c->marked_for_close ? "Marked" : "Not marked",
967 : c->marked_for_close_file ? c->marked_for_close_file : "--",
968 : c->marked_for_close,
969 : c->hold_open_until_flushed ? "" : "not ",
970 : conn->edge_has_sent_end ? "" : "not ",
971 : conn->edge_blocked_on_circ ? "Blocked" : "Not blocked");
972 0 : if (! c->linked_conn)
973 0 : continue;
974 :
975 0 : c = c->linked_conn;
976 :
977 0 : log_notice(LD_HEARTBEAT, " Linked to %s connection in state %s "
978 : "(Purpose %d). %s for close (%s:%d). Hold-open is %sset. ",
979 : conn_type_to_string(c->type),
980 : conn_state_to_string(c->type, c->state),
981 : c->purpose,
982 : c->marked_for_close ? "Marked" : "Not marked",
983 : c->marked_for_close_file ? c->marked_for_close_file : "--",
984 : c->marked_for_close,
985 : c->hold_open_until_flushed ? "" : "not ");
986 : }
987 0 : } SMARTLIST_FOREACH_END(ocirc);
988 :
989 0 : log_notice(LD_HEARTBEAT, "It has been %ld seconds since I last called "
990 : "circuit_expire_old_circuits_clientside().",
991 : (long)(now - last_expired_clientside_circuits));
992 :
993 5 : done:
994 5 : smartlist_free(log_these);
995 5 : }
996 :
997 : /** Remove any elements in <b>needed_ports</b> that are handled by an
998 : * open or in-progress circuit.
999 : */
1000 : void
1001 3 : circuit_remove_handled_ports(smartlist_t *needed_ports)
1002 : {
1003 3 : int i;
1004 3 : uint16_t *port;
1005 :
1006 6 : for (i = 0; i < smartlist_len(needed_ports); ++i) {
1007 3 : port = smartlist_get(needed_ports, i);
1008 3 : tor_assert(*port);
1009 3 : if (circuit_stream_is_being_handled(NULL, *port,
1010 : MIN_CIRCUITS_HANDLING_STREAM)) {
1011 0 : log_debug(LD_CIRC,"Port %d is already being handled; removing.", *port);
1012 0 : smartlist_del(needed_ports, i--);
1013 0 : tor_free(port);
1014 : } else {
1015 3 : log_debug(LD_CIRC,"Port %d is not handled.", *port);
1016 : }
1017 : }
1018 3 : }
1019 :
1020 : /** Return 1 if at least <b>min</b> general-purpose non-internal circuits
1021 : * will have an acceptable exit node for exit stream <b>conn</b> if it
1022 : * is defined, else for "*:port".
1023 : * Else return 0.
1024 : */
1025 : int
1026 3 : circuit_stream_is_being_handled(entry_connection_t *conn,
1027 : uint16_t port, int min)
1028 : {
1029 3 : const node_t *exitnode;
1030 3 : int num=0;
1031 3 : time_t now = time(NULL);
1032 3 : int need_uptime = smartlist_contains_int_as_string(
1033 3 : get_options()->LongLivedPorts,
1034 0 : conn ? conn->socks_request->port : port);
1035 :
1036 6 : SMARTLIST_FOREACH_BEGIN(circuit_get_global_list(), circuit_t *, circ) {
1037 3 : if (CIRCUIT_IS_ORIGIN(circ) &&
1038 3 : !circ->marked_for_close &&
1039 3 : circ->purpose == CIRCUIT_PURPOSE_C_GENERAL &&
1040 3 : (!circ->timestamp_dirty ||
1041 0 : circ->timestamp_dirty + get_options()->MaxCircuitDirtiness > now)) {
1042 3 : origin_circuit_t *origin_circ = TO_ORIGIN_CIRCUIT(circ);
1043 3 : cpath_build_state_t *build_state = origin_circ->build_state;
1044 3 : if (build_state->is_internal || build_state->onehop_tunnel)
1045 0 : continue;
1046 3 : if (origin_circ->unusable_for_new_conns)
1047 0 : continue;
1048 3 : if (origin_circ->isolation_values_set &&
1049 0 : (conn == NULL ||
1050 0 : !connection_edge_compatible_with_circuit(conn, origin_circ)))
1051 0 : continue;
1052 :
1053 3 : exitnode = build_state_get_exit_node(build_state);
1054 3 : if (exitnode && (!need_uptime || build_state->need_uptime)) {
1055 0 : int ok;
1056 0 : if (conn) {
1057 0 : ok = connection_ap_can_use_exit(conn, exitnode);
1058 : } else {
1059 0 : addr_policy_result_t r;
1060 0 : r = compare_tor_addr_to_node_policy(NULL, port, exitnode);
1061 0 : ok = r != ADDR_POLICY_REJECTED && r != ADDR_POLICY_PROBABLY_REJECTED;
1062 : }
1063 0 : if (ok) {
1064 0 : if (++num >= min)
1065 : return 1;
1066 : }
1067 : }
1068 : }
1069 : }
1070 3 : SMARTLIST_FOREACH_END(circ);
1071 : return 0;
1072 : }
1073 :
1074 : /** Don't keep more than this many unused open circuits around. */
1075 : #define MAX_UNUSED_OPEN_CIRCUITS 14
1076 :
1077 : /* Return true if a circuit is available for use, meaning that it is open,
1078 : * clean, usable for new multi-hop connections, and a general purpose origin
1079 : * circuit.
1080 : * Accept any kind of circuit, return false if the above conditions are not
1081 : * met. */
1082 : STATIC int
1083 8 : circuit_is_available_for_use(const circuit_t *circ)
1084 : {
1085 8 : const origin_circuit_t *origin_circ;
1086 8 : cpath_build_state_t *build_state;
1087 :
1088 8 : if (!CIRCUIT_IS_ORIGIN(circ))
1089 : return 0; /* We first filter out only origin circuits before doing the
1090 : following checks. */
1091 4 : if (circ->marked_for_close)
1092 : return 0; /* Don't mess with marked circs */
1093 4 : if (circ->timestamp_dirty)
1094 : return 0; /* Only count clean circs */
1095 3 : if (circ->purpose != CIRCUIT_PURPOSE_C_GENERAL &&
1096 : circ->purpose != CIRCUIT_PURPOSE_HS_VANGUARDS)
1097 : return 0; /* We only pay attention to general purpose circuits.
1098 : General purpose circuits are always origin circuits. */
1099 :
1100 2 : origin_circ = CONST_TO_ORIGIN_CIRCUIT(circ);
1101 2 : if (origin_circ->unusable_for_new_conns)
1102 : return 0;
1103 :
1104 2 : build_state = origin_circ->build_state;
1105 2 : if (build_state->onehop_tunnel)
1106 1 : return 0;
1107 :
1108 : return 1;
1109 : }
1110 :
1111 : /* Return true if we need any more exit circuits.
1112 : * needs_uptime and needs_capacity are set only if we need more exit circuits.
1113 : * Check if we know of a port that's been requested recently and no circuit
1114 : * is currently available that can handle it. */
1115 : STATIC int
1116 4 : needs_exit_circuits(time_t now, int *needs_uptime, int *needs_capacity)
1117 : {
1118 4 : return (!circuit_all_predicted_ports_handled(now, needs_uptime,
1119 8 : needs_capacity) &&
1120 4 : router_have_consensus_path() == CONSENSUS_PATH_EXIT);
1121 : }
1122 :
1123 : /* Hidden services need at least this many internal circuits */
1124 : #define SUFFICIENT_UPTIME_INTERNAL_HS_SERVERS 3
1125 :
1126 : /* Return true if we need any more hidden service server circuits.
1127 : * HS servers only need an internal circuit. */
1128 : STATIC int
1129 0 : needs_hs_server_circuits(time_t now, int num_uptime_internal)
1130 : {
1131 0 : if (!hs_service_get_num_services()) {
1132 : /* No services, we don't need anything. */
1133 0 : goto no_need;
1134 : }
1135 :
1136 0 : if (num_uptime_internal >= SUFFICIENT_UPTIME_INTERNAL_HS_SERVERS) {
1137 : /* We have sufficient amount of internal circuit. */
1138 0 : goto no_need;
1139 : }
1140 :
1141 0 : if (router_have_consensus_path() == CONSENSUS_PATH_UNKNOWN) {
1142 : /* Consensus hasn't been checked or might be invalid so requesting
1143 : * internal circuits is not wise. */
1144 0 : goto no_need;
1145 : }
1146 :
1147 : /* At this point, we need a certain amount of circuits and we will most
1148 : * likely use them for rendezvous so we note down the use of internal
1149 : * circuit for our prediction for circuit needing uptime and capacity. */
1150 0 : rep_hist_note_used_internal(now, 1, 1);
1151 :
1152 0 : return 1;
1153 : no_need:
1154 : return 0;
1155 : }
1156 :
1157 : /* We need at least this many internal circuits for hidden service clients */
1158 : #define SUFFICIENT_INTERNAL_HS_CLIENTS 3
1159 :
1160 : /* We need at least this much uptime for internal circuits for hidden service
1161 : * clients */
1162 : #define SUFFICIENT_UPTIME_INTERNAL_HS_CLIENTS 2
1163 :
1164 : /* Return true if we need any more hidden service client circuits.
1165 : * HS clients only need an internal circuit. */
1166 : STATIC int
1167 0 : needs_hs_client_circuits(time_t now, int *needs_uptime, int *needs_capacity,
1168 : int num_internal, int num_uptime_internal)
1169 : {
1170 0 : int used_internal_recently = rep_hist_get_predicted_internal(now,
1171 : needs_uptime,
1172 : needs_capacity);
1173 0 : int requires_uptime = num_uptime_internal <
1174 0 : SUFFICIENT_UPTIME_INTERNAL_HS_CLIENTS &&
1175 : needs_uptime;
1176 :
1177 0 : return (used_internal_recently &&
1178 0 : (requires_uptime || num_internal < SUFFICIENT_INTERNAL_HS_CLIENTS) &&
1179 0 : router_have_consensus_path() != CONSENSUS_PATH_UNKNOWN);
1180 : }
1181 :
1182 : /* This is how many circuits can be opened concurrently during the cbt learning
1183 : * phase. This number cannot exceed the tor-wide MAX_UNUSED_OPEN_CIRCUITS. */
1184 : #define DFLT_CBT_UNUSED_OPEN_CIRCS (10)
1185 : #define MIN_CBT_UNUSED_OPEN_CIRCS 0
1186 : #define MAX_CBT_UNUSED_OPEN_CIRCS MAX_UNUSED_OPEN_CIRCUITS
1187 :
1188 : /* Return true if we need more circuits for a good build timeout.
1189 : * XXXX make the assumption that build timeout streams should be
1190 : * created whenever we can build internal circuits. */
1191 : STATIC int
1192 3 : needs_circuits_for_build(int num)
1193 : {
1194 3 : if (router_have_consensus_path() != CONSENSUS_PATH_UNKNOWN) {
1195 2 : if (num < networkstatus_get_param(NULL, "cbtmaxopencircs",
1196 : DFLT_CBT_UNUSED_OPEN_CIRCS,
1197 : MIN_CBT_UNUSED_OPEN_CIRCS,
1198 1 : MAX_CBT_UNUSED_OPEN_CIRCS) &&
1199 2 : !circuit_build_times_disabled(get_options()) &&
1200 1 : circuit_build_times_needs_circuits_now(get_circuit_build_times())) {
1201 1 : return 1;
1202 : }
1203 : }
1204 : return 0;
1205 : }
1206 :
1207 : /**
1208 : * Launch the appropriate type of predicted circuit for hidden
1209 : * services, depending on our options.
1210 : */
1211 : static void
1212 0 : circuit_launch_predicted_hs_circ(int flags)
1213 : {
1214 : /* K.I.S.S. implementation of bug #23101: If we are using
1215 : * vanguards or pinned middles, pre-build a specific purpose
1216 : * for HS circs. */
1217 0 : if (circuit_should_use_vanguards(CIRCUIT_PURPOSE_HS_VANGUARDS)) {
1218 0 : circuit_launch(CIRCUIT_PURPOSE_HS_VANGUARDS, flags);
1219 : } else {
1220 : /* If no vanguards, then no HS-specific prebuilt circuits are needed.
1221 : * Normal GENERAL circs are fine */
1222 0 : circuit_launch(CIRCUIT_PURPOSE_C_GENERAL, flags);
1223 : }
1224 0 : }
1225 :
1226 : /** Determine how many circuits we have open that are clean,
1227 : * Make sure it's enough for all the upcoming behaviors we predict we'll have.
1228 : * But put an upper bound on the total number of circuits.
1229 : */
1230 : static void
1231 0 : circuit_predict_and_launch_new(void)
1232 : {
1233 0 : int num=0, num_internal=0, num_uptime_internal=0;
1234 0 : int hidserv_needs_uptime=0, hidserv_needs_capacity=1;
1235 0 : int port_needs_uptime=0, port_needs_capacity=1;
1236 0 : time_t now = time(NULL);
1237 0 : int flags = 0;
1238 :
1239 : /* Count how many of each type of circuit we currently have. */
1240 0 : SMARTLIST_FOREACH_BEGIN(circuit_get_global_list(), circuit_t *, circ) {
1241 0 : if (!circuit_is_available_for_use(circ))
1242 0 : continue;
1243 :
1244 0 : num++;
1245 :
1246 0 : cpath_build_state_t *build_state = TO_ORIGIN_CIRCUIT(circ)->build_state;
1247 0 : if (build_state->is_internal)
1248 0 : num_internal++;
1249 0 : if (build_state->need_uptime && build_state->is_internal)
1250 0 : num_uptime_internal++;
1251 : }
1252 0 : SMARTLIST_FOREACH_END(circ);
1253 :
1254 : /* If that's enough, then stop now. */
1255 0 : if (num >= MAX_UNUSED_OPEN_CIRCUITS)
1256 0 : return;
1257 :
1258 0 : if (needs_exit_circuits(now, &port_needs_uptime, &port_needs_capacity)) {
1259 0 : if (port_needs_uptime)
1260 0 : flags |= CIRCLAUNCH_NEED_UPTIME;
1261 0 : if (port_needs_capacity)
1262 0 : flags |= CIRCLAUNCH_NEED_CAPACITY;
1263 :
1264 0 : log_info(LD_CIRC,
1265 : "Have %d clean circs (%d internal), need another exit circ.",
1266 : num, num_internal);
1267 0 : circuit_launch(CIRCUIT_PURPOSE_C_GENERAL, flags);
1268 0 : return;
1269 : }
1270 :
1271 0 : if (needs_hs_server_circuits(now, num_uptime_internal)) {
1272 0 : flags = (CIRCLAUNCH_NEED_CAPACITY | CIRCLAUNCH_NEED_UPTIME |
1273 : CIRCLAUNCH_IS_INTERNAL);
1274 :
1275 0 : log_info(LD_CIRC,
1276 : "Have %d clean circs (%d internal), need another internal "
1277 : "circ for my hidden service.",
1278 : num, num_internal);
1279 0 : circuit_launch_predicted_hs_circ(flags);
1280 0 : return;
1281 : }
1282 :
1283 0 : if (needs_hs_client_circuits(now, &hidserv_needs_uptime,
1284 : &hidserv_needs_capacity,
1285 : num_internal, num_uptime_internal))
1286 : {
1287 0 : if (hidserv_needs_uptime)
1288 0 : flags |= CIRCLAUNCH_NEED_UPTIME;
1289 0 : if (hidserv_needs_capacity)
1290 0 : flags |= CIRCLAUNCH_NEED_CAPACITY;
1291 0 : flags |= CIRCLAUNCH_IS_INTERNAL;
1292 :
1293 0 : log_info(LD_CIRC,
1294 : "Have %d clean circs (%d uptime-internal, %d internal), need"
1295 : " another hidden service circ.",
1296 : num, num_uptime_internal, num_internal);
1297 :
1298 0 : circuit_launch_predicted_hs_circ(flags);
1299 0 : return;
1300 : }
1301 :
1302 0 : if (needs_circuits_for_build(num)) {
1303 0 : flags = CIRCLAUNCH_NEED_CAPACITY;
1304 : /* if there are no exits in the consensus, make timeout
1305 : * circuits internal */
1306 0 : if (router_have_consensus_path() == CONSENSUS_PATH_INTERNAL)
1307 0 : flags |= CIRCLAUNCH_IS_INTERNAL;
1308 :
1309 0 : log_info(LD_CIRC,
1310 : "Have %d clean circs need another buildtime test circ.", num);
1311 0 : circuit_launch(CIRCUIT_PURPOSE_C_GENERAL, flags);
1312 0 : return;
1313 : }
1314 : }
1315 :
1316 : /** Build a new test circuit every 5 minutes */
1317 : #define TESTING_CIRCUIT_INTERVAL 300
1318 :
1319 : /** This function is called once a second, if router_have_minimum_dir_info()
1320 : * is true. Its job is to make sure all services we offer have enough circuits
1321 : * available. Some services just want enough circuits for current tasks,
1322 : * whereas others want a minimum set of idle circuits hanging around.
1323 : */
1324 : void
1325 0 : circuit_build_needed_circs(time_t now)
1326 : {
1327 0 : const or_options_t *options = get_options();
1328 :
1329 : /* launch a new circ for any pending streams that need one
1330 : * XXXX make the assumption that (some) AP streams (i.e. HS clients)
1331 : * don't require an exit circuit, review in #13814.
1332 : * This allows HSs to function in a consensus without exits. */
1333 0 : if (router_have_consensus_path() != CONSENSUS_PATH_UNKNOWN)
1334 0 : connection_ap_rescan_and_attach_pending();
1335 :
1336 0 : circuit_expire_old_circs_as_needed(now);
1337 :
1338 0 : if (!options->DisablePredictedCircuits)
1339 0 : circuit_predict_and_launch_new();
1340 0 : }
1341 :
1342 : /**
1343 : * Called once a second either directly or from
1344 : * circuit_build_needed_circs(). As appropriate (once per NewCircuitPeriod)
1345 : * resets failure counts and expires old circuits.
1346 : */
1347 : void
1348 0 : circuit_expire_old_circs_as_needed(time_t now)
1349 : {
1350 0 : static time_t time_to_expire_and_reset = 0;
1351 :
1352 0 : if (time_to_expire_and_reset < now) {
1353 0 : circuit_reset_failure_count(1);
1354 0 : time_to_expire_and_reset = now + get_options()->NewCircuitPeriod;
1355 0 : if (proxy_mode(get_options()))
1356 0 : addressmap_clean(now);
1357 0 : circuit_expire_old_circuits_clientside();
1358 :
1359 : #if 0 /* disable for now, until predict-and-launch-new can cull leftovers */
1360 :
1361 : /* If we ever re-enable, this has to move into
1362 : * circuit_build_needed_circs */
1363 :
1364 : circ = circuit_get_youngest_clean_open(CIRCUIT_PURPOSE_C_GENERAL);
1365 : if (get_options()->RunTesting &&
1366 : circ &&
1367 : circ->timestamp_began.tv_sec + TESTING_CIRCUIT_INTERVAL < now) {
1368 : log_fn(LOG_INFO,"Creating a new testing circuit.");
1369 : circuit_launch(CIRCUIT_PURPOSE_C_GENERAL, 0);
1370 : }
1371 : #endif /* 0 */
1372 : }
1373 0 : }
1374 :
1375 : /** If the stream <b>conn</b> is a member of any of the linked
1376 : * lists of <b>circ</b>, then remove it from the list.
1377 : */
1378 : void
1379 0 : circuit_detach_stream(circuit_t *circ, edge_connection_t *conn)
1380 : {
1381 0 : edge_connection_t *prevconn;
1382 :
1383 0 : tor_assert(circ);
1384 0 : tor_assert(conn);
1385 :
1386 0 : if (conn->base_.type == CONN_TYPE_AP) {
1387 0 : entry_connection_t *entry_conn = EDGE_TO_ENTRY_CONN(conn);
1388 0 : entry_conn->may_use_optimistic_data = 0;
1389 : }
1390 0 : conn->cpath_layer = NULL; /* don't keep a stale pointer */
1391 0 : conn->on_circuit = NULL;
1392 :
1393 0 : if (CIRCUIT_IS_ORIGIN(circ)) {
1394 0 : origin_circuit_t *origin_circ = TO_ORIGIN_CIRCUIT(circ);
1395 0 : int removed = 0;
1396 0 : if (conn == origin_circ->p_streams) {
1397 0 : origin_circ->p_streams = conn->next_stream;
1398 0 : removed = 1;
1399 : } else {
1400 : for (prevconn = origin_circ->p_streams;
1401 0 : prevconn && prevconn->next_stream && prevconn->next_stream != conn;
1402 : prevconn = prevconn->next_stream)
1403 : ;
1404 0 : if (prevconn && prevconn->next_stream) {
1405 0 : prevconn->next_stream = conn->next_stream;
1406 0 : removed = 1;
1407 : }
1408 : }
1409 0 : if (removed) {
1410 0 : log_debug(LD_APP, "Removing stream %d from circ %u",
1411 : conn->stream_id, (unsigned)circ->n_circ_id);
1412 :
1413 : /* If the stream was removed, and it was a rend stream, decrement the
1414 : * number of streams on the circuit associated with the rend service.
1415 : */
1416 0 : if (circ->purpose == CIRCUIT_PURPOSE_S_REND_JOINED) {
1417 0 : hs_dec_rdv_stream_counter(origin_circ);
1418 : }
1419 :
1420 : /* If there are no more streams on this circ, tell circpad */
1421 0 : if (!origin_circ->p_streams)
1422 0 : circpad_machine_event_circ_has_no_streams(origin_circ);
1423 :
1424 0 : return;
1425 : }
1426 : } else {
1427 0 : or_circuit_t *or_circ = TO_OR_CIRCUIT(circ);
1428 0 : if (conn == or_circ->n_streams) {
1429 0 : or_circ->n_streams = conn->next_stream;
1430 0 : return;
1431 : }
1432 0 : if (conn == or_circ->resolving_streams) {
1433 0 : or_circ->resolving_streams = conn->next_stream;
1434 0 : return;
1435 : }
1436 :
1437 : for (prevconn = or_circ->n_streams;
1438 0 : prevconn && prevconn->next_stream && prevconn->next_stream != conn;
1439 : prevconn = prevconn->next_stream)
1440 : ;
1441 0 : if (prevconn && prevconn->next_stream) {
1442 0 : prevconn->next_stream = conn->next_stream;
1443 0 : return;
1444 : }
1445 :
1446 : for (prevconn = or_circ->resolving_streams;
1447 0 : prevconn && prevconn->next_stream && prevconn->next_stream != conn;
1448 : prevconn = prevconn->next_stream)
1449 : ;
1450 0 : if (prevconn && prevconn->next_stream) {
1451 0 : prevconn->next_stream = conn->next_stream;
1452 0 : return;
1453 : }
1454 : }
1455 :
1456 0 : log_warn(LD_BUG,"Edge connection not in circuit's list.");
1457 : /* Don't give an error here; it's harmless. */
1458 0 : tor_fragile_assert();
1459 : }
1460 :
1461 : /** Find each circuit that has been unused for too long, or dirty
1462 : * for too long and has no streams on it: mark it for close.
1463 : */
1464 : STATIC void
1465 7 : circuit_expire_old_circuits_clientside(void)
1466 : {
1467 7 : struct timeval cutoff, now;
1468 :
1469 7 : tor_gettimeofday(&now);
1470 7 : last_expired_clientside_circuits = now.tv_sec;
1471 :
1472 14 : SMARTLIST_FOREACH_BEGIN(circuit_get_global_list(), circuit_t *, circ) {
1473 7 : if (circ->marked_for_close || !CIRCUIT_IS_ORIGIN(circ))
1474 0 : continue;
1475 :
1476 7 : cutoff = now;
1477 7 : cutoff.tv_sec -= TO_ORIGIN_CIRCUIT(circ)->circuit_idle_timeout;
1478 :
1479 : /* If the circuit has been dirty for too long, and there are no streams
1480 : * on it, mark it for close.
1481 : */
1482 7 : if (circ->timestamp_dirty &&
1483 6 : circ->timestamp_dirty + get_options()->MaxCircuitDirtiness <
1484 6 : now.tv_sec &&
1485 3 : !TO_ORIGIN_CIRCUIT(circ)->p_streams /* nothing attached */ ) {
1486 3 : log_debug(LD_CIRC, "Closing n_circ_id %u (dirty %ld sec ago, "
1487 : "purpose %d)",
1488 : (unsigned)circ->n_circ_id,
1489 : (long)(now.tv_sec - circ->timestamp_dirty),
1490 : circ->purpose);
1491 : /* Don't do this magic for testing circuits. Their death is governed
1492 : * by circuit_expire_building */
1493 3 : if (circ->purpose != CIRCUIT_PURPOSE_PATH_BIAS_TESTING) {
1494 : tor_trace(TR_SUBSYS(circuit), TR_EV(idle_timeout),
1495 3 : TO_ORIGIN_CIRCUIT(circ));
1496 3 : circuit_mark_for_close(circ, END_CIRC_REASON_FINISHED);
1497 : }
1498 4 : } else if (!circ->timestamp_dirty && circ->state == CIRCUIT_STATE_OPEN) {
1499 1 : if (timercmp(&circ->timestamp_began, &cutoff, OP_LT)) {
1500 1 : if (circ->purpose == CIRCUIT_PURPOSE_C_GENERAL ||
1501 : circ->purpose == CIRCUIT_PURPOSE_C_HSDIR_GET ||
1502 : circ->purpose == CIRCUIT_PURPOSE_S_HSDIR_POST ||
1503 : circ->purpose == CIRCUIT_PURPOSE_HS_VANGUARDS ||
1504 : circ->purpose == CIRCUIT_PURPOSE_C_MEASURE_TIMEOUT ||
1505 : circ->purpose == CIRCUIT_PURPOSE_S_ESTABLISH_INTRO ||
1506 : circ->purpose == CIRCUIT_PURPOSE_TESTING ||
1507 : circ->purpose == CIRCUIT_PURPOSE_C_CIRCUIT_PADDING ||
1508 : (circ->purpose >= CIRCUIT_PURPOSE_C_INTRODUCING &&
1509 : circ->purpose <= CIRCUIT_PURPOSE_C_REND_READY_INTRO_ACKED) ||
1510 : circ->purpose == CIRCUIT_PURPOSE_S_CONNECT_REND) {
1511 1 : log_info(LD_CIRC,
1512 : "Closing circuit %"PRIu32
1513 : " that has been unused for %ld msec.",
1514 : TO_ORIGIN_CIRCUIT(circ)->global_identifier,
1515 : tv_mdiff(&circ->timestamp_began, &now));
1516 : tor_trace(TR_SUBSYS(circuit), TR_EV(idle_timeout),
1517 1 : TO_ORIGIN_CIRCUIT(circ));
1518 1 : circuit_mark_for_close(circ, END_CIRC_REASON_FINISHED);
1519 0 : } else if (!TO_ORIGIN_CIRCUIT(circ)->is_ancient) {
1520 : /* Server-side rend joined circuits can end up really old, because
1521 : * they are reused by clients for longer than normal. The client
1522 : * controls their lifespan. (They never become dirty, because
1523 : * connection_exit_begin_conn() never marks anything as dirty.)
1524 : * Similarly, server-side intro circuits last a long time. */
1525 0 : if (circ->purpose != CIRCUIT_PURPOSE_S_REND_JOINED &&
1526 : circ->purpose != CIRCUIT_PURPOSE_S_INTRO) {
1527 0 : log_notice(LD_CIRC,
1528 : "Ancient non-dirty circuit %d is still around after "
1529 : "%ld milliseconds. Purpose: %d (%s)",
1530 : TO_ORIGIN_CIRCUIT(circ)->global_identifier,
1531 : tv_mdiff(&circ->timestamp_began, &now),
1532 : circ->purpose,
1533 : circuit_purpose_to_string(circ->purpose));
1534 0 : TO_ORIGIN_CIRCUIT(circ)->is_ancient = 1;
1535 : }
1536 : }
1537 : }
1538 : }
1539 7 : } SMARTLIST_FOREACH_END(circ);
1540 7 : }
1541 :
1542 : /** How long do we wait before killing circuits with the properties
1543 : * described below?
1544 : *
1545 : * Probably we could choose a number here as low as 5 to 10 seconds,
1546 : * since these circs are used for begindir, and a) generally you either
1547 : * ask another begindir question right after or you don't for a long time,
1548 : * b) clients at least through 0.2.1.x choose from the whole set of
1549 : * directory mirrors at each choice, and c) re-establishing a one-hop
1550 : * circuit via create-fast is a light operation assuming the TLS conn is
1551 : * still there.
1552 : *
1553 : * I expect "b" to go away one day when we move to using directory
1554 : * guards, but I think "a" and "c" are good enough reasons that a low
1555 : * number is safe even then.
1556 : */
1557 : #define IDLE_ONE_HOP_CIRC_TIMEOUT 60
1558 :
1559 : /** Find each non-origin circuit that has been unused for too long,
1560 : * has no streams on it, came from a client, and ends here: mark it
1561 : * for close.
1562 : */
1563 : void
1564 0 : circuit_expire_old_circuits_serverside(time_t now)
1565 : {
1566 0 : or_circuit_t *or_circ;
1567 0 : time_t cutoff = now - IDLE_ONE_HOP_CIRC_TIMEOUT;
1568 :
1569 0 : SMARTLIST_FOREACH_BEGIN(circuit_get_global_list(), circuit_t *, circ) {
1570 0 : if (circ->marked_for_close || CIRCUIT_IS_ORIGIN(circ))
1571 0 : continue;
1572 0 : or_circ = TO_OR_CIRCUIT(circ);
1573 : /* If the circuit has been idle for too long, and there are no streams
1574 : * on it, and it ends here, and it used a create_fast, mark it for close.
1575 : *
1576 : * Also if there is a rend_splice on it, it's a single onion service
1577 : * circuit and we should not close it.
1578 : */
1579 0 : if (or_circ->p_chan && channel_is_client(or_circ->p_chan) &&
1580 0 : !circ->n_chan &&
1581 0 : !or_circ->n_streams && !or_circ->resolving_streams &&
1582 0 : !or_circ->rend_splice &&
1583 0 : channel_when_last_xmit(or_circ->p_chan) <= cutoff) {
1584 0 : log_info(LD_CIRC, "Closing circ_id %u (empty %d secs ago)",
1585 : (unsigned)or_circ->p_circ_id,
1586 : (int)(now - channel_when_last_xmit(or_circ->p_chan)));
1587 0 : circuit_mark_for_close(circ, END_CIRC_REASON_FINISHED);
1588 : }
1589 : }
1590 0 : SMARTLIST_FOREACH_END(circ);
1591 0 : }
1592 :
1593 : /** Number of testing circuits we want open before testing our bandwidth. */
1594 : #define NUM_PARALLEL_TESTING_CIRCS 4
1595 :
1596 : /** True iff we've ever had enough testing circuits open to test our
1597 : * bandwidth. */
1598 : static int have_performed_bandwidth_test = 0;
1599 :
1600 : /** Reset have_performed_bandwidth_test, so we'll start building
1601 : * testing circuits again so we can exercise our bandwidth. */
1602 : void
1603 0 : reset_bandwidth_test(void)
1604 : {
1605 0 : have_performed_bandwidth_test = 0;
1606 0 : }
1607 :
1608 : /** Return 1 if we've already exercised our bandwidth, or if we
1609 : * have fewer than NUM_PARALLEL_TESTING_CIRCS testing circuits
1610 : * established or on the way. Else return 0.
1611 : */
1612 : int
1613 0 : circuit_enough_testing_circs(void)
1614 : {
1615 0 : int num = 0;
1616 :
1617 0 : if (have_performed_bandwidth_test)
1618 : return 1;
1619 :
1620 0 : SMARTLIST_FOREACH_BEGIN(circuit_get_global_list(), circuit_t *, circ) {
1621 0 : if (!circ->marked_for_close && CIRCUIT_IS_ORIGIN(circ) &&
1622 0 : circ->purpose == CIRCUIT_PURPOSE_TESTING &&
1623 : circ->state == CIRCUIT_STATE_OPEN)
1624 0 : num++;
1625 : }
1626 0 : SMARTLIST_FOREACH_END(circ);
1627 0 : return num >= NUM_PARALLEL_TESTING_CIRCS;
1628 : }
1629 :
1630 : /** A testing circuit has completed. Take whatever stats we want.
1631 : * Noticing reachability is taken care of in onionskin_answer(),
1632 : * so there's no need to record anything here. But if we still want
1633 : * to do the bandwidth test, and we now have enough testing circuits
1634 : * open, do it.
1635 : */
1636 : static void
1637 0 : circuit_testing_opened(origin_circuit_t *circ)
1638 : {
1639 0 : if (have_performed_bandwidth_test ||
1640 0 : !router_orport_seems_reachable(get_options(), AF_INET)) {
1641 : /* either we've already done everything we want with testing circuits,
1642 : * OR this IPv4 testing circuit became open due to a fluke, e.g. we picked
1643 : * a last hop where we already had the connection open due to a
1644 : * outgoing local circuit, OR this is an IPv6 self-test circuit, not
1645 : * a bandwidth test circuit. */
1646 0 : circuit_mark_for_close(TO_CIRCUIT(circ), END_CIRC_AT_ORIGIN);
1647 0 : } else if (circuit_enough_testing_circs()) {
1648 0 : router_perform_bandwidth_test(NUM_PARALLEL_TESTING_CIRCS, time(NULL));
1649 0 : have_performed_bandwidth_test = 1;
1650 : } else {
1651 0 : router_do_reachability_checks();
1652 : }
1653 0 : }
1654 :
1655 : /** A testing circuit has failed to build. Take whatever stats we want. */
1656 : static void
1657 0 : circuit_testing_failed(origin_circuit_t *circ, int at_last_hop)
1658 : {
1659 0 : const or_options_t *options = get_options();
1660 0 : if (server_mode(options) &&
1661 0 : router_all_orports_seem_reachable(options))
1662 : return;
1663 :
1664 0 : log_info(LD_GENERAL,
1665 : "Our testing circuit (to see if your ORPort is reachable) "
1666 : "has failed. I'll try again later.");
1667 :
1668 : /* These aren't used yet. */
1669 0 : (void)circ;
1670 0 : (void)at_last_hop;
1671 : }
1672 :
1673 : /** The circuit <b>circ</b> has just become open. Take the next
1674 : * step: for rendezvous circuits, we pass circ to the appropriate
1675 : * function in rendclient or rendservice. For general circuits, we
1676 : * call connection_ap_attach_pending, which looks for pending streams
1677 : * that could use circ.
1678 : */
1679 : void
1680 0 : circuit_has_opened(origin_circuit_t *circ)
1681 : {
1682 0 : tor_trace(TR_SUBSYS(circuit), TR_EV(opened), circ);
1683 0 : circuit_event_status(circ, CIRC_EVENT_BUILT, 0);
1684 :
1685 : /* Remember that this circuit has finished building. Now if we start
1686 : * it building again later (e.g. by extending it), we will know not
1687 : * to consider its build time. */
1688 0 : circ->has_opened = 1;
1689 :
1690 0 : switch (TO_CIRCUIT(circ)->purpose) {
1691 0 : case CIRCUIT_PURPOSE_C_ESTABLISH_REND:
1692 0 : hs_client_circuit_has_opened(circ);
1693 : /* Start building an intro circ if we don't have one yet. */
1694 0 : connection_ap_attach_pending(1);
1695 : /* This isn't a call to circuit_try_attaching_streams because a
1696 : * circuit in _C_ESTABLISH_REND state isn't connected to its
1697 : * hidden service yet, thus we can't attach streams to it yet,
1698 : * thus circuit_try_attaching_streams would always clear the
1699 : * circuit's isolation state. circuit_try_attaching_streams is
1700 : * called later, when the rend circ enters _C_REND_JOINED
1701 : * state. */
1702 0 : break;
1703 0 : case CIRCUIT_PURPOSE_C_INTRODUCING:
1704 0 : hs_client_circuit_has_opened(circ);
1705 0 : break;
1706 0 : case CIRCUIT_PURPOSE_C_GENERAL:
1707 : case CIRCUIT_PURPOSE_C_HSDIR_GET:
1708 : case CIRCUIT_PURPOSE_S_HSDIR_POST:
1709 : /* Tell any AP connections that have been waiting for a new
1710 : * circuit that one is ready. */
1711 0 : circuit_try_attaching_streams(circ);
1712 0 : break;
1713 0 : case CIRCUIT_PURPOSE_S_ESTABLISH_INTRO:
1714 : /* at the service, waiting for introductions */
1715 0 : hs_service_circuit_has_opened(circ);
1716 0 : break;
1717 0 : case CIRCUIT_PURPOSE_S_CONNECT_REND:
1718 : /* at the service, connecting to rend point */
1719 0 : hs_service_circuit_has_opened(circ);
1720 0 : break;
1721 0 : case CIRCUIT_PURPOSE_TESTING:
1722 0 : circuit_testing_opened(circ);
1723 0 : break;
1724 : /* default:
1725 : * This won't happen in normal operation, but might happen if the
1726 : * controller did it. Just let it slide. */
1727 : }
1728 0 : }
1729 :
1730 : /** If the stream-isolation state of <b>circ</b> can be cleared, clear
1731 : * it. Return non-zero iff <b>circ</b>'s isolation state was cleared. */
1732 : static int
1733 2 : circuit_try_clearing_isolation_state(origin_circuit_t *circ)
1734 : {
1735 2 : if (/* The circuit may have become non-open if it was cannibalized.*/
1736 2 : circ->base_.state == CIRCUIT_STATE_OPEN &&
1737 : /* If !isolation_values_set, there is nothing to clear. */
1738 1 : circ->isolation_values_set &&
1739 : /* It's not legal to clear a circuit's isolation info if it's ever had
1740 : * streams attached */
1741 : !circ->isolation_any_streams_attached) {
1742 : /* If we have any isolation information set on this circuit, and
1743 : * we didn't manage to attach any streams to it, then we can
1744 : * and should clear it and try again. */
1745 0 : circuit_clear_isolation(circ);
1746 0 : return 1;
1747 : } else {
1748 : return 0;
1749 : }
1750 : }
1751 :
1752 : /** Called when a circuit becomes ready for streams to be attached to
1753 : * it. */
1754 : void
1755 2 : circuit_try_attaching_streams(origin_circuit_t *circ)
1756 : {
1757 : /* Attach streams to this circuit if we can. */
1758 2 : connection_ap_attach_pending(1);
1759 :
1760 : /* The call to circuit_try_clearing_isolation_state here will do
1761 : * nothing and return 0 if we didn't attach any streams to circ
1762 : * above. */
1763 2 : if (circuit_try_clearing_isolation_state(circ)) {
1764 : /* Maybe *now* we can attach some streams to this circuit. */
1765 0 : connection_ap_attach_pending(1);
1766 : }
1767 2 : }
1768 :
1769 : /** Called whenever a circuit could not be successfully built.
1770 : */
1771 : void
1772 0 : circuit_build_failed(origin_circuit_t *circ)
1773 : {
1774 0 : channel_t *n_chan = NULL;
1775 : /* we should examine circ and see if it failed because of
1776 : * the last hop or an earlier hop. then use this info below.
1777 : */
1778 0 : int failed_at_last_hop = 0;
1779 :
1780 : /* First, check to see if this was a path failure, rather than build
1781 : * failure.
1782 : *
1783 : * Note that we deliberately use circuit_get_cpath_len() (and not
1784 : * circuit_get_cpath_opened_len()) because we only want to ensure
1785 : * that a full path is *chosen*. This is different than a full path
1786 : * being *built*. We only want to count *build* failures below.
1787 : *
1788 : * Path selection failures can happen spuriously for a number
1789 : * of reasons (such as aggressive/invalid user-specified path
1790 : * restrictions in the torrc, insufficient microdescriptors, and
1791 : * non-user reasons like exitpolicy issues), and so should not be
1792 : * counted as failures below.
1793 : */
1794 0 : if (circuit_get_cpath_len(circ) < circ->build_state->desired_path_len) {
1795 0 : static ratelim_t pathfail_limit = RATELIM_INIT(3600);
1796 0 : log_fn_ratelim(&pathfail_limit, LOG_NOTICE, LD_CIRC,
1797 : "Our circuit %u (id: %" PRIu32 ") died due to an invalid "
1798 : "selected path, purpose %s. This may be a torrc "
1799 : "configuration issue, or a bug.",
1800 : TO_CIRCUIT(circ)->n_circ_id, circ->global_identifier,
1801 : circuit_purpose_to_string(TO_CIRCUIT(circ)->purpose));
1802 :
1803 : /* If the path failed on an RP, retry it. */
1804 0 : if (TO_CIRCUIT(circ)->purpose == CIRCUIT_PURPOSE_S_CONNECT_REND)
1805 0 : hs_circ_retry_service_rendezvous_point(circ);
1806 :
1807 : /* In all other cases, just bail. The rest is just failure accounting
1808 : * that we don't want to do */
1809 0 : return;
1810 : }
1811 :
1812 : /* If the last hop isn't open, and the second-to-last is, we failed
1813 : * at the last hop. */
1814 0 : if (circ->cpath &&
1815 0 : circ->cpath->prev->state != CPATH_STATE_OPEN &&
1816 0 : circ->cpath->prev->prev->state == CPATH_STATE_OPEN) {
1817 0 : failed_at_last_hop = 1;
1818 : }
1819 :
1820 : /* Check if we failed at first hop */
1821 0 : if (circ->cpath &&
1822 0 : circ->cpath->state != CPATH_STATE_OPEN &&
1823 0 : ! circ->base_.received_destroy) {
1824 : /* We failed at the first hop for some reason other than a DESTROY cell.
1825 : * If there's an OR connection to blame, blame it. Also, avoid this relay
1826 : * for a while, and fail any one-hop directory fetches destined for it. */
1827 0 : const char *n_chan_ident = circ->cpath->extend_info->identity_digest;
1828 0 : tor_assert(n_chan_ident);
1829 0 : int already_marked = 0;
1830 0 : if (circ->base_.n_chan) {
1831 0 : n_chan = circ->base_.n_chan;
1832 :
1833 0 : if (n_chan->is_bad_for_new_circs) {
1834 : /* We only want to blame this router when a fresh healthy
1835 : * connection fails. So don't mark this router as newly failed,
1836 : * since maybe this was just an old circuit attempt that's
1837 : * finally timing out now. Also, there's no need to blow away
1838 : * circuits/streams/etc, since the failure of an unhealthy conn
1839 : * doesn't tell us much about whether a healthy conn would
1840 : * succeed. */
1841 0 : already_marked = 1;
1842 : }
1843 0 : log_info(LD_OR,
1844 : "Our circuit %u (id: %" PRIu32 ") failed to get a response "
1845 : "from the first hop (%s). I'm going to try to rotate to a "
1846 : "better connection.",
1847 : TO_CIRCUIT(circ)->n_circ_id, circ->global_identifier,
1848 : channel_describe_peer(n_chan));
1849 0 : n_chan->is_bad_for_new_circs = 1;
1850 : } else {
1851 0 : log_info(LD_OR,
1852 : "Our circuit %u (id: %" PRIu32 ") died before the first hop "
1853 : "with no connection",
1854 : TO_CIRCUIT(circ)->n_circ_id, circ->global_identifier);
1855 : }
1856 0 : if (!already_marked) {
1857 : /*
1858 : * If we have guard state (new guard API) and our path selection
1859 : * code actually chose a full path, then blame the failure of this
1860 : * circuit on the guard.
1861 : */
1862 0 : if (circ->guard_state)
1863 0 : entry_guard_failed(&circ->guard_state);
1864 : /* if there are any one-hop streams waiting on this circuit, fail
1865 : * them now so they can retry elsewhere. */
1866 0 : connection_ap_fail_onehop(n_chan_ident, circ->build_state);
1867 : }
1868 : }
1869 :
1870 0 : switch (circ->base_.purpose) {
1871 0 : case CIRCUIT_PURPOSE_C_HSDIR_GET:
1872 : case CIRCUIT_PURPOSE_S_HSDIR_POST:
1873 : case CIRCUIT_PURPOSE_C_GENERAL:
1874 : /* If we never built the circuit, note it as a failure. */
1875 0 : circuit_increment_failure_count();
1876 0 : if (failed_at_last_hop) {
1877 : /* Make sure any streams that demand our last hop as their exit
1878 : * know that it's unlikely to happen. */
1879 0 : circuit_discard_optional_exit_enclaves(circ->cpath->prev->extend_info);
1880 : }
1881 : break;
1882 0 : case CIRCUIT_PURPOSE_TESTING:
1883 0 : circuit_testing_failed(circ, failed_at_last_hop);
1884 0 : break;
1885 0 : case CIRCUIT_PURPOSE_S_ESTABLISH_INTRO:
1886 : /* at the service, waiting for introductions */
1887 0 : if (circ->base_.state != CIRCUIT_STATE_OPEN) {
1888 0 : circuit_increment_failure_count();
1889 : }
1890 : /* no need to care here, because the service will rebuild intro
1891 : * points periodically. */
1892 : break;
1893 : case CIRCUIT_PURPOSE_C_INTRODUCING:
1894 : /* at the client, connecting to intro point */
1895 : /* Don't increment failure count, since the service may have picked
1896 : * the introduction point maliciously */
1897 : /* The client will pick a new intro point when this one dies, if
1898 : * the stream in question still cares. No need to act here. */
1899 : break;
1900 0 : case CIRCUIT_PURPOSE_C_ESTABLISH_REND:
1901 : /* at the client, waiting for the service */
1902 0 : circuit_increment_failure_count();
1903 : /* the client will pick a new rend point when this one dies, if
1904 : * the stream in question still cares. No need to act here. */
1905 0 : break;
1906 0 : case CIRCUIT_PURPOSE_S_CONNECT_REND:
1907 : /* at the service, connecting to rend point */
1908 : /* Don't increment failure count, since the client may have picked
1909 : * the rendezvous point maliciously */
1910 0 : log_info(LD_REND,
1911 : "Couldn't connect to the client's chosen rend point %s "
1912 : "(%s hop failed).",
1913 : escaped(build_state_get_exit_nickname(circ->build_state)),
1914 : failed_at_last_hop?"last":"non-last");
1915 0 : hs_circ_retry_service_rendezvous_point(circ);
1916 0 : break;
1917 : /* default:
1918 : * This won't happen in normal operation, but might happen if the
1919 : * controller did it. Just let it slide. */
1920 : }
1921 : }
1922 :
1923 : /** Number of consecutive failures so far; should only be touched by
1924 : * circuit_launch_new and circuit_*_failure_count.
1925 : */
1926 : static int n_circuit_failures = 0;
1927 : /** Before the last time we called circuit_reset_failure_count(), were
1928 : * there a lot of failures? */
1929 : static int did_circs_fail_last_period = 0;
1930 :
1931 : /** Don't retry launching a new circuit if we try this many times with no
1932 : * success. */
1933 : #define MAX_CIRCUIT_FAILURES 5
1934 :
1935 : /** Launch a new circuit; see circuit_launch_by_extend_info() for
1936 : * details on arguments. */
1937 : origin_circuit_t *
1938 0 : circuit_launch(uint8_t purpose, int flags)
1939 : {
1940 0 : return circuit_launch_by_extend_info(purpose, NULL, flags);
1941 : }
1942 :
1943 : /* Do we have enough descriptors to build paths?
1944 : * If need_exit is true, return 1 if we can build exit paths.
1945 : * (We need at least one Exit in the consensus to build exit paths.)
1946 : * If need_exit is false, return 1 if we can build internal paths.
1947 : */
1948 : static int
1949 0 : have_enough_path_info(int need_exit)
1950 : {
1951 0 : if (need_exit)
1952 0 : return router_have_consensus_path() == CONSENSUS_PATH_EXIT;
1953 : else
1954 0 : return router_have_consensus_path() != CONSENSUS_PATH_UNKNOWN;
1955 : }
1956 :
1957 : /**
1958 : * Tell us if a circuit is a hidden service circuit.
1959 : */
1960 : int
1961 56 : circuit_purpose_is_hidden_service(uint8_t purpose)
1962 : {
1963 : /* HS Vanguard purpose. */
1964 56 : if (circuit_purpose_is_hs_vanguards(purpose)) {
1965 : return 1;
1966 : }
1967 :
1968 : /* Client-side purpose */
1969 38 : if (circuit_purpose_is_hs_client(purpose)) {
1970 : return 1;
1971 : }
1972 :
1973 : /* Service-side purpose */
1974 30 : if (circuit_purpose_is_hs_service(purpose)) {
1975 11 : return 1;
1976 : }
1977 :
1978 : return 0;
1979 : }
1980 :
1981 : /** Return true iff the given circuit is an HS client circuit. */
1982 : bool
1983 214 : circuit_purpose_is_hs_client(const uint8_t purpose)
1984 : {
1985 214 : return (purpose >= CIRCUIT_PURPOSE_C_HS_MIN_ &&
1986 : purpose <= CIRCUIT_PURPOSE_C_HS_MAX_);
1987 : }
1988 :
1989 : /** Return true iff the given circuit is an HS service circuit. */
1990 : bool
1991 55 : circuit_purpose_is_hs_service(const uint8_t purpose)
1992 : {
1993 55 : return (purpose >= CIRCUIT_PURPOSE_S_HS_MIN_ &&
1994 : purpose <= CIRCUIT_PURPOSE_S_HS_MAX_);
1995 : }
1996 :
1997 : /** Return true iff the given circuit is an HS Vanguards circuit. */
1998 : bool
1999 56 : circuit_purpose_is_hs_vanguards(const uint8_t purpose)
2000 : {
2001 56 : return (purpose == CIRCUIT_PURPOSE_HS_VANGUARDS);
2002 : }
2003 :
2004 : /** Return true iff the given circuit is an HS v3 circuit. */
2005 : bool
2006 18 : circuit_is_hs_v3(const circuit_t *circ)
2007 : {
2008 18 : return (CIRCUIT_IS_ORIGIN(circ) &&
2009 18 : (CONST_TO_ORIGIN_CIRCUIT(circ)->hs_ident != NULL));
2010 : }
2011 :
2012 : /**
2013 : * Return true if this circuit purpose should use vanguards
2014 : * or pinned Layer2 or Layer3 guards.
2015 : *
2016 : * This function takes both the circuit purpose and the
2017 : * torrc options for pinned middles/vanguards into account
2018 : * (ie: the circuit must be a hidden service circuit and
2019 : * vanguards/pinned middles must be enabled for it to return
2020 : * true).
2021 : */
2022 : int
2023 30 : circuit_should_use_vanguards(uint8_t purpose)
2024 : {
2025 30 : const or_options_t *options = get_options();
2026 :
2027 : /* Only hidden service circuits use vanguards */
2028 30 : if (!circuit_purpose_is_hidden_service(purpose))
2029 : return 0;
2030 :
2031 : /* Pinned middles are effectively vanguards */
2032 17 : if (options->HSLayer2Nodes || options->HSLayer3Nodes)
2033 12 : return 1;
2034 :
2035 : return 0;
2036 : }
2037 :
2038 : /**
2039 : * Return true for the set of conditions for which it is OK to use
2040 : * a cannibalized circuit.
2041 : *
2042 : * Don't cannibalize for onehops, or certain purposes.
2043 : */
2044 : static int
2045 0 : circuit_should_cannibalize_to_build(uint8_t purpose_to_build,
2046 : int has_extend_info,
2047 : int onehop_tunnel)
2048 : {
2049 :
2050 : /* Do not try to cannibalize if this is a one hop circuit. */
2051 0 : if (onehop_tunnel) {
2052 : return 0;
2053 : }
2054 :
2055 : /* Don't try to cannibalize for general purpose circuits that do not
2056 : * specify a custom exit. */
2057 0 : if (purpose_to_build == CIRCUIT_PURPOSE_C_GENERAL && !has_extend_info) {
2058 : return 0;
2059 : }
2060 :
2061 : /* Don't cannibalize for testing circuits. We want to see if they
2062 : * complete normally. Also don't cannibalize for vanguard-purpose
2063 : * circuits, since those are specially pre-built for later
2064 : * cannibalization by the actual specific circuit types that need
2065 : * vanguards.
2066 : */
2067 0 : if (purpose_to_build == CIRCUIT_PURPOSE_TESTING ||
2068 0 : purpose_to_build == CIRCUIT_PURPOSE_HS_VANGUARDS) {
2069 : return 0;
2070 : }
2071 :
2072 : /* For vanguards, the server-side intro circ is not cannibalized
2073 : * because we pre-build 4 hop HS circuits, and it only needs a 3 hop
2074 : * circuit. It is also long-lived, so it is more important that
2075 : * it have lower latency than get built fast.
2076 : */
2077 0 : if (circuit_should_use_vanguards(purpose_to_build) &&
2078 : purpose_to_build == CIRCUIT_PURPOSE_S_ESTABLISH_INTRO) {
2079 0 : return 0;
2080 : }
2081 :
2082 : return 1;
2083 : }
2084 :
2085 : /** Launch a new circuit with purpose <b>purpose</b> and exit node
2086 : * <b>extend_info</b> (or NULL to select a random exit node).
2087 : *
2088 : * If flags contains:
2089 : * - CIRCLAUNCH_ONEHOP_TUNNEL: the circuit will have only one hop;
2090 : * - CIRCLAUNCH_NEED_UPTIME: choose routers with high uptime;
2091 : * - CIRCLAUNCH_NEED_CAPACITY: choose routers with high bandwidth;
2092 : * - CIRCLAUNCH_IS_IPV6_SELFTEST: the second-last hop must support IPv6
2093 : * extends;
2094 : * - CIRCLAUNCH_IS_INTERNAL: the last hop need not be an exit node;
2095 : * - CIRCLAUNCH_IS_V3_RP: the last hop must support v3 onion service
2096 : * rendezvous.
2097 : *
2098 : * Return the newly allocated circuit on success, or NULL on failure. */
2099 : origin_circuit_t *
2100 0 : circuit_launch_by_extend_info(uint8_t purpose,
2101 : extend_info_t *extend_info,
2102 : int flags)
2103 : {
2104 0 : origin_circuit_t *circ;
2105 0 : int onehop_tunnel = (flags & CIRCLAUNCH_ONEHOP_TUNNEL) != 0;
2106 0 : int have_path = have_enough_path_info(! (flags & CIRCLAUNCH_IS_INTERNAL) );
2107 :
2108 : /* Keep some stats about our attempts to launch HS rendezvous circuits */
2109 0 : if (purpose == CIRCUIT_PURPOSE_S_CONNECT_REND) {
2110 0 : hs_stats_note_service_rendezvous_launch();
2111 : }
2112 :
2113 0 : if (!onehop_tunnel && (!router_have_minimum_dir_info() || !have_path)) {
2114 0 : log_debug(LD_CIRC,"Haven't %s yet; canceling "
2115 : "circuit launch.",
2116 : !router_have_minimum_dir_info() ?
2117 : "fetched enough directory info" :
2118 : "received a consensus with exits");
2119 0 : return NULL;
2120 : }
2121 :
2122 : /* If we can/should cannibalize another circuit to build this one,
2123 : * then do so. */
2124 0 : if (circuit_should_cannibalize_to_build(purpose,
2125 : extend_info != NULL,
2126 : onehop_tunnel)) {
2127 : /* see if there are appropriate circs available to cannibalize. */
2128 : /* XXX if we're planning to add a hop, perhaps we want to look for
2129 : * internal circs rather than exit circs? -RD */
2130 0 : circ = circuit_find_to_cannibalize(purpose, extend_info, flags);
2131 0 : if (circ) {
2132 0 : uint8_t old_purpose = circ->base_.purpose;
2133 0 : struct timeval old_timestamp_began = circ->base_.timestamp_began;
2134 :
2135 0 : log_info(LD_CIRC, "Cannibalizing circ %u (id: %" PRIu32 ") for "
2136 : "purpose %d (%s)",
2137 : TO_CIRCUIT(circ)->n_circ_id, circ->global_identifier, purpose,
2138 : circuit_purpose_to_string(purpose));
2139 :
2140 0 : if ((purpose == CIRCUIT_PURPOSE_S_CONNECT_REND ||
2141 0 : purpose == CIRCUIT_PURPOSE_C_INTRODUCING) &&
2142 0 : circ->path_state == PATH_STATE_BUILD_SUCCEEDED) {
2143 : /* Path bias: Cannibalized rends pre-emptively count as a
2144 : * successfully built but unused closed circuit. We don't
2145 : * wait until the extend (or the close) because the rend
2146 : * point could be malicious.
2147 : *
2148 : * Same deal goes for client side introductions. Clients
2149 : * can be manipulated to connect repeatedly to them
2150 : * (especially web clients).
2151 : *
2152 : * If we decide to probe the initial portion of these circs,
2153 : * (up to the adversary's final hop), we need to remove this,
2154 : * or somehow mark the circuit with a special path state.
2155 : */
2156 :
2157 : /* This must be called before the purpose change */
2158 0 : pathbias_check_close(circ, END_CIRC_REASON_FINISHED);
2159 : }
2160 :
2161 0 : circuit_change_purpose(TO_CIRCUIT(circ), purpose);
2162 : /* Reset the start date of this circ, else expire_building
2163 : * will see it and think it's been trying to build since it
2164 : * began.
2165 : *
2166 : * Technically, the code should reset this when the
2167 : * create cell is finally sent, but we're close enough
2168 : * here. */
2169 0 : tor_gettimeofday(&circ->base_.timestamp_began);
2170 :
2171 0 : control_event_circuit_cannibalized(circ, old_purpose,
2172 : &old_timestamp_began);
2173 :
2174 0 : switch (purpose) {
2175 : case CIRCUIT_PURPOSE_C_ESTABLISH_REND:
2176 : /* it's ready right now */
2177 : break;
2178 0 : case CIRCUIT_PURPOSE_C_INTRODUCING:
2179 : case CIRCUIT_PURPOSE_S_CONNECT_REND:
2180 : case CIRCUIT_PURPOSE_C_GENERAL:
2181 : case CIRCUIT_PURPOSE_S_HSDIR_POST:
2182 : case CIRCUIT_PURPOSE_C_HSDIR_GET:
2183 : case CIRCUIT_PURPOSE_S_ESTABLISH_INTRO:
2184 : /* need to add a new hop */
2185 0 : tor_assert(extend_info);
2186 0 : if (circuit_extend_to_new_exit(circ, extend_info) < 0)
2187 : return NULL;
2188 : break;
2189 0 : default:
2190 0 : log_warn(LD_BUG,
2191 : "unexpected purpose %d when cannibalizing a circ.",
2192 : purpose);
2193 0 : tor_fragile_assert();
2194 0 : return NULL;
2195 : }
2196 :
2197 0 : tor_trace(TR_SUBSYS(circuit), TR_EV(cannibalized), circ);
2198 0 : return circ;
2199 : }
2200 : }
2201 :
2202 0 : if (did_circs_fail_last_period &&
2203 0 : n_circuit_failures > MAX_CIRCUIT_FAILURES) {
2204 : /* too many failed circs in a row. don't try. */
2205 : // log_fn(LOG_INFO,"%d failures so far, not trying.",n_circuit_failures);
2206 : return NULL;
2207 : }
2208 :
2209 : /* try a circ. if it fails, circuit_mark_for_close will increment
2210 : * n_circuit_failures */
2211 0 : return circuit_establish_circuit(purpose, extend_info, flags);
2212 : }
2213 :
2214 : /** Record another failure at opening a general circuit. When we have
2215 : * too many, we'll stop trying for the remainder of this minute.
2216 : */
2217 : static void
2218 0 : circuit_increment_failure_count(void)
2219 : {
2220 0 : ++n_circuit_failures;
2221 0 : log_debug(LD_CIRC,"n_circuit_failures now %d.",n_circuit_failures);
2222 0 : }
2223 :
2224 : /** Reset the failure count for opening general circuits. This means
2225 : * we will try MAX_CIRCUIT_FAILURES times more (if necessary) before
2226 : * stopping again.
2227 : */
2228 : void
2229 0 : circuit_reset_failure_count(int timeout)
2230 : {
2231 0 : if (timeout && n_circuit_failures > MAX_CIRCUIT_FAILURES)
2232 0 : did_circs_fail_last_period = 1;
2233 : else
2234 0 : did_circs_fail_last_period = 0;
2235 0 : n_circuit_failures = 0;
2236 0 : }
2237 :
2238 : /** Find an open circ that we're happy to use for <b>conn</b> and return 1. If
2239 : * there isn't one, and there isn't one on the way, launch one and return
2240 : * 0. If it will never work, return -1.
2241 : *
2242 : * Write the found or in-progress or launched circ into *circp.
2243 : */
2244 : static int
2245 1 : circuit_get_open_circ_or_launch(entry_connection_t *conn,
2246 : uint8_t desired_circuit_purpose,
2247 : origin_circuit_t **circp)
2248 : {
2249 1 : origin_circuit_t *circ;
2250 1 : int check_exit_policy;
2251 1 : int need_uptime, need_internal;
2252 1 : int want_onehop;
2253 1 : const or_options_t *options = get_options();
2254 :
2255 1 : tor_assert(conn);
2256 1 : tor_assert(circp);
2257 1 : if (ENTRY_TO_CONN(conn)->state != AP_CONN_STATE_CIRCUIT_WAIT) {
2258 0 : connection_t *c = ENTRY_TO_CONN(conn);
2259 0 : log_err(LD_BUG, "Connection state mismatch: wanted "
2260 : "AP_CONN_STATE_CIRCUIT_WAIT, but got %d (%s)",
2261 : c->state, conn_state_to_string(c->type, c->state));
2262 : }
2263 1 : tor_assert(ENTRY_TO_CONN(conn)->state == AP_CONN_STATE_CIRCUIT_WAIT);
2264 :
2265 : /* Will the exit policy of the exit node apply to this stream? */
2266 2 : check_exit_policy =
2267 1 : conn->socks_request->command == SOCKS_COMMAND_CONNECT &&
2268 1 : !conn->use_begindir &&
2269 0 : !connection_edge_is_rendezvous_stream(ENTRY_TO_EDGE_CONN(conn));
2270 :
2271 : /* Does this connection want a one-hop circuit? */
2272 1 : want_onehop = conn->want_onehop;
2273 :
2274 : /* Do we need a high-uptime circuit? */
2275 2 : need_uptime = !conn->want_onehop && !conn->use_begindir &&
2276 1 : smartlist_contains_int_as_string(options->LongLivedPorts,
2277 1 : conn->socks_request->port);
2278 :
2279 : /* Do we need an "internal" circuit? */
2280 1 : if (desired_circuit_purpose != CIRCUIT_PURPOSE_C_GENERAL)
2281 : need_internal = 1;
2282 0 : else if (conn->use_begindir || conn->want_onehop)
2283 : need_internal = 1;
2284 : else
2285 0 : need_internal = 0;
2286 :
2287 : /* We now know what kind of circuit we need. See if there is an
2288 : * open circuit that we can use for this stream */
2289 1 : circ = circuit_get_best(conn, 1 /* Insist on open circuits */,
2290 : desired_circuit_purpose,
2291 : need_uptime, need_internal);
2292 :
2293 1 : if (circ) {
2294 : /* We got a circuit that will work for this stream! We can return it. */
2295 1 : *circp = circ;
2296 1 : return 1; /* we're happy */
2297 : }
2298 :
2299 : /* Okay, there's no circuit open that will work for this stream. Let's
2300 : * see if there's an in-progress circuit or if we have to launch one */
2301 :
2302 : /* Do we know enough directory info to build circuits at all? */
2303 0 : int have_path = have_enough_path_info(!need_internal);
2304 :
2305 0 : if (!want_onehop && (!router_have_minimum_dir_info() || !have_path)) {
2306 : /* If we don't have enough directory information, we can't build
2307 : * multihop circuits.
2308 : */
2309 0 : if (!connection_get_by_type(CONN_TYPE_DIR)) {
2310 0 : int severity = LOG_NOTICE;
2311 : /* Retry some stuff that might help the connection work. */
2312 : /* If we are configured with EntryNodes or UseBridges */
2313 0 : if (entry_list_is_constrained(options)) {
2314 : /* Retry all our guards / bridges.
2315 : * guards_retry_optimistic() always returns true here. */
2316 0 : int rv = guards_retry_optimistic(options);
2317 0 : tor_assert_nonfatal_once(rv);
2318 0 : log_fn(severity, LD_APP|LD_DIR,
2319 : "Application request when we haven't %s. "
2320 : "Optimistically trying known %s again.",
2321 : !router_have_minimum_dir_info() ?
2322 : "used client functionality lately" :
2323 : "received a consensus with exits",
2324 : options->UseBridges ? "bridges" : "entrynodes");
2325 : } else {
2326 : /* Getting directory documents doesn't help much if we have a limited
2327 : * number of guards */
2328 0 : tor_assert_nonfatal(!options->UseBridges);
2329 0 : tor_assert_nonfatal(!options->EntryNodes);
2330 : /* Retry our directory fetches, so we have a fresh set of guard info */
2331 0 : log_fn(severity, LD_APP|LD_DIR,
2332 : "Application request when we haven't %s. "
2333 : "Optimistically trying directory fetches again.",
2334 : !router_have_minimum_dir_info() ?
2335 : "used client functionality lately" :
2336 : "received a consensus with exits");
2337 0 : routerlist_retry_directory_downloads(time(NULL));
2338 : }
2339 : }
2340 : /* Since we didn't have enough directory info, we can't attach now. The
2341 : * stream will be dealt with when router_have_minimum_dir_info becomes 1,
2342 : * or when all directory attempts fail and directory_all_unreachable()
2343 : * kills it.
2344 : */
2345 0 : return 0;
2346 : }
2347 :
2348 : /* Check whether the exit policy of the chosen exit, or the exit policies
2349 : * of _all_ nodes, would forbid this node. */
2350 0 : if (check_exit_policy) {
2351 0 : if (!conn->chosen_exit_name) {
2352 0 : struct in_addr in;
2353 0 : tor_addr_t addr, *addrp=NULL;
2354 0 : if (tor_inet_aton(conn->socks_request->address, &in)) {
2355 0 : tor_addr_from_in(&addr, &in);
2356 0 : addrp = &addr;
2357 : }
2358 0 : if (router_exit_policy_all_nodes_reject(addrp,
2359 0 : conn->socks_request->port,
2360 : need_uptime)) {
2361 0 : log_notice(LD_APP,
2362 : "No Tor server allows exit to %s:%d. Rejecting.",
2363 : safe_str_client(conn->socks_request->address),
2364 : conn->socks_request->port);
2365 0 : return -1;
2366 : }
2367 : } else {
2368 : /* XXXX Duplicates checks in connection_ap_handshake_attach_circuit:
2369 : * refactor into a single function. */
2370 0 : const node_t *node = node_get_by_nickname(conn->chosen_exit_name, 0);
2371 0 : int opt = conn->chosen_exit_optional;
2372 0 : if (node && !connection_ap_can_use_exit(conn, node)) {
2373 0 : log_fn(opt ? LOG_INFO : LOG_WARN, LD_APP,
2374 : "Requested exit point '%s' is excluded or "
2375 : "would refuse request. %s.",
2376 : conn->chosen_exit_name, opt ? "Trying others" : "Closing");
2377 0 : if (opt) {
2378 0 : conn->chosen_exit_optional = 0;
2379 0 : tor_free(conn->chosen_exit_name);
2380 : /* Try again. */
2381 0 : return circuit_get_open_circ_or_launch(conn,
2382 : desired_circuit_purpose,
2383 : circp);
2384 : }
2385 : return -1;
2386 : }
2387 : }
2388 : }
2389 :
2390 : /* Now, check whether there already a circuit on the way that could handle
2391 : * this stream. This check matches the one above, but this time we
2392 : * do not require that the circuit will work. */
2393 0 : circ = circuit_get_best(conn, 0 /* don't insist on open circuits */,
2394 : desired_circuit_purpose,
2395 : need_uptime, need_internal);
2396 0 : if (circ)
2397 0 : log_debug(LD_CIRC, "one on the way!");
2398 :
2399 0 : if (!circ) {
2400 : /* No open or in-progress circuit could handle this stream! We
2401 : * will have to launch one!
2402 : */
2403 :
2404 : /* The chosen exit node, if there is one. */
2405 0 : extend_info_t *extend_info=NULL;
2406 0 : const int n_pending = count_pending_general_client_circuits();
2407 :
2408 : /* Do we have too many pending circuits? */
2409 0 : if (n_pending >= options->MaxClientCircuitsPending) {
2410 0 : static ratelim_t delay_limit = RATELIM_INIT(10*60);
2411 0 : char *m;
2412 0 : if ((m = rate_limit_log(&delay_limit, approx_time()))) {
2413 0 : log_notice(LD_APP, "We'd like to launch a circuit to handle a "
2414 : "connection, but we already have %d general-purpose client "
2415 : "circuits pending. Waiting until some finish.%s",
2416 : n_pending, m);
2417 0 : tor_free(m);
2418 : }
2419 0 : return 0;
2420 : }
2421 :
2422 : /* If this is a hidden service trying to start an introduction point,
2423 : * handle that case. */
2424 0 : if (desired_circuit_purpose == CIRCUIT_PURPOSE_C_INTRODUCE_ACK_WAIT) {
2425 0 : const edge_connection_t *edge_conn = ENTRY_TO_EDGE_CONN(conn);
2426 : /* need to pick an intro point */
2427 0 : extend_info = hs_client_get_random_intro_from_edge(edge_conn);
2428 0 : if (!extend_info) {
2429 0 : log_info(LD_REND, "No intro points: re-fetching service descriptor.");
2430 0 : hs_client_refetch_hsdesc(&edge_conn->hs_ident->identity_pk);
2431 0 : connection_ap_mark_as_waiting_for_renddesc(conn);
2432 0 : return 0;
2433 : }
2434 0 : log_info(LD_REND,"Chose %s as intro point for service",
2435 : extend_info_describe(extend_info));
2436 : }
2437 :
2438 : /* If we have specified a particular exit node for our
2439 : * connection, then be sure to open a circuit to that exit node.
2440 : */
2441 0 : if (desired_circuit_purpose == CIRCUIT_PURPOSE_C_GENERAL ||
2442 0 : desired_circuit_purpose == CIRCUIT_PURPOSE_S_HSDIR_POST ||
2443 : desired_circuit_purpose == CIRCUIT_PURPOSE_C_HSDIR_GET) {
2444 0 : if (conn->chosen_exit_name) {
2445 0 : const node_t *r;
2446 0 : int opt = conn->chosen_exit_optional;
2447 0 : r = node_get_by_nickname(conn->chosen_exit_name, 0);
2448 0 : if (r && node_has_preferred_descriptor(r, conn->want_onehop ? 1 : 0)) {
2449 : /* We might want to connect to an IPv6 bridge for loading
2450 : descriptors so we use the preferred address rather than
2451 : the primary. */
2452 0 : extend_info = extend_info_from_node(r, conn->want_onehop ? 1 : 0);
2453 0 : if (!extend_info) {
2454 0 : log_warn(LD_CIRC,"Could not make a one-hop connection to %s. "
2455 : "Discarding this circuit.", conn->chosen_exit_name);
2456 0 : return -1;
2457 : }
2458 : } else { /* ! (r && node_has_preferred_descriptor(...)) */
2459 0 : log_debug(LD_DIR, "considering %d, %s",
2460 : want_onehop, conn->chosen_exit_name);
2461 0 : if (want_onehop && conn->chosen_exit_name[0] == '$') {
2462 : /* We're asking for a one-hop circuit to a router that
2463 : * we don't have a routerinfo about. Make up an extend_info. */
2464 : /* XXX prop220: we need to make chosen_exit_name able to
2465 : * encode both key formats. This is not absolutely critical
2466 : * since this is just for one-hop circuits, but we should
2467 : * still get it done */
2468 0 : char digest[DIGEST_LEN];
2469 0 : char *hexdigest = conn->chosen_exit_name+1;
2470 0 : tor_addr_t addr;
2471 0 : if (strlen(hexdigest) < HEX_DIGEST_LEN ||
2472 0 : base16_decode(digest,DIGEST_LEN,
2473 : hexdigest,HEX_DIGEST_LEN) != DIGEST_LEN) {
2474 0 : log_info(LD_DIR, "Broken exit digest on tunnel conn. Closing.");
2475 0 : return -1;
2476 : }
2477 0 : if (tor_addr_parse(&addr, conn->socks_request->address) < 0) {
2478 0 : log_info(LD_DIR, "Broken address %s on tunnel conn. Closing.",
2479 : escaped_safe_str_client(conn->socks_request->address));
2480 0 : return -1;
2481 : }
2482 : /* XXXX prop220 add a workaround for ed25519 ID below*/
2483 0 : extend_info = extend_info_new(conn->chosen_exit_name+1,
2484 : digest,
2485 : NULL, /* Ed25519 ID */
2486 : NULL, NULL, /* onion keys */
2487 0 : &addr, conn->socks_request->port);
2488 : } else { /* ! (want_onehop && conn->chosen_exit_name[0] == '$') */
2489 : /* We will need an onion key for the router, and we
2490 : * don't have one. Refuse or relax requirements. */
2491 0 : log_fn(opt ? LOG_INFO : LOG_WARN, LD_APP,
2492 : "Requested exit point '%s' is not known. %s.",
2493 : conn->chosen_exit_name, opt ? "Trying others" : "Closing");
2494 0 : if (opt) {
2495 0 : conn->chosen_exit_optional = 0;
2496 0 : tor_free(conn->chosen_exit_name);
2497 : /* Try again with no requested exit */
2498 0 : return circuit_get_open_circ_or_launch(conn,
2499 : desired_circuit_purpose,
2500 : circp);
2501 : }
2502 : return -1;
2503 : }
2504 : }
2505 : }
2506 : } /* Done checking for general circutis with chosen exits. */
2507 :
2508 : /* What purpose do we need to launch this circuit with? */
2509 0 : uint8_t new_circ_purpose;
2510 0 : if (desired_circuit_purpose == CIRCUIT_PURPOSE_C_REND_JOINED)
2511 : new_circ_purpose = CIRCUIT_PURPOSE_C_ESTABLISH_REND;
2512 0 : else if (desired_circuit_purpose == CIRCUIT_PURPOSE_C_INTRODUCE_ACK_WAIT)
2513 : new_circ_purpose = CIRCUIT_PURPOSE_C_INTRODUCING;
2514 : else
2515 0 : new_circ_purpose = desired_circuit_purpose;
2516 :
2517 : /* Determine what kind of a circuit to launch, and actually launch it. */
2518 : {
2519 0 : int flags = CIRCLAUNCH_NEED_CAPACITY;
2520 0 : if (want_onehop) flags |= CIRCLAUNCH_ONEHOP_TUNNEL;
2521 0 : if (need_uptime) flags |= CIRCLAUNCH_NEED_UPTIME;
2522 0 : if (need_internal) flags |= CIRCLAUNCH_IS_INTERNAL;
2523 :
2524 : /* If we are about to pick a v3 RP right now, make sure we pick a
2525 : * rendezvous point that supports the v3 protocol! */
2526 0 : if (desired_circuit_purpose == CIRCUIT_PURPOSE_C_REND_JOINED &&
2527 0 : new_circ_purpose == CIRCUIT_PURPOSE_C_ESTABLISH_REND &&
2528 0 : ENTRY_TO_EDGE_CONN(conn)->hs_ident) {
2529 0 : flags |= CIRCLAUNCH_IS_V3_RP;
2530 0 : log_info(LD_GENERAL, "Getting rendezvous circuit to v3 service!");
2531 : }
2532 :
2533 0 : circ = circuit_launch_by_extend_info(new_circ_purpose, extend_info,
2534 : flags);
2535 : }
2536 :
2537 0 : extend_info_free(extend_info);
2538 :
2539 : /* Now trigger things that need to happen when we launch circuits */
2540 :
2541 0 : if (desired_circuit_purpose == CIRCUIT_PURPOSE_C_GENERAL ||
2542 0 : desired_circuit_purpose == CIRCUIT_PURPOSE_C_HSDIR_GET ||
2543 : desired_circuit_purpose == CIRCUIT_PURPOSE_S_HSDIR_POST) {
2544 : /* We just caused a circuit to get built because of this stream.
2545 : * If this stream has caused a _lot_ of circuits to be built, that's
2546 : * a bad sign: we should tell the user. */
2547 0 : if (conn->num_circuits_launched < NUM_CIRCUITS_LAUNCHED_THRESHOLD &&
2548 0 : ++conn->num_circuits_launched == NUM_CIRCUITS_LAUNCHED_THRESHOLD)
2549 0 : log_info(LD_CIRC, "The application request to %s:%d has launched "
2550 : "%d circuits without finding one it likes.",
2551 : escaped_safe_str_client(conn->socks_request->address),
2552 : conn->socks_request->port,
2553 : conn->num_circuits_launched);
2554 : } else {
2555 : /* help predict this next time */
2556 0 : rep_hist_note_used_internal(time(NULL), need_uptime, 1);
2557 0 : if (circ) {
2558 0 : const edge_connection_t *edge_conn = ENTRY_TO_EDGE_CONN(conn);
2559 0 : if (edge_conn->hs_ident) {
2560 0 : circ->hs_ident =
2561 0 : hs_ident_circuit_new(&edge_conn->hs_ident->identity_pk);
2562 : }
2563 0 : if (circ->base_.purpose == CIRCUIT_PURPOSE_C_ESTABLISH_REND &&
2564 : circ->base_.state == CIRCUIT_STATE_OPEN)
2565 0 : circuit_has_opened(circ);
2566 : }
2567 : }
2568 : } /* endif (!circ) */
2569 :
2570 : /* We either found a good circuit, or launched a new circuit, or failed to
2571 : * do so. Report success, and delay. */
2572 :
2573 0 : if (circ) {
2574 : /* Mark the circuit with the isolation fields for this connection.
2575 : * When the circuit arrives, we'll clear these flags: this is
2576 : * just some internal bookkeeping to make sure that we have
2577 : * launched enough circuits.
2578 : */
2579 0 : connection_edge_update_circuit_isolation(conn, circ, 0);
2580 : } else {
2581 0 : log_info(LD_APP,
2582 : "No safe circuit (purpose %d) ready for edge "
2583 : "connection; delaying.",
2584 : desired_circuit_purpose);
2585 : }
2586 0 : *circp = circ;
2587 0 : return 0;
2588 : }
2589 :
2590 : /** Return true iff <b>crypt_path</b> is one of the crypt_paths for
2591 : * <b>circ</b>. */
2592 : static int
2593 0 : cpath_is_on_circuit(origin_circuit_t *circ, crypt_path_t *crypt_path)
2594 : {
2595 0 : crypt_path_t *cpath, *cpath_next = NULL;
2596 0 : for (cpath = circ->cpath; cpath_next != circ->cpath; cpath = cpath_next) {
2597 0 : cpath_next = cpath->next;
2598 0 : if (crypt_path == cpath)
2599 : return 1;
2600 : }
2601 : return 0;
2602 : }
2603 :
2604 : /** Attach the AP stream <b>apconn</b> to circ's linked list of
2605 : * p_streams. Also set apconn's cpath_layer to <b>cpath</b>, or to the last
2606 : * hop in circ's cpath if <b>cpath</b> is NULL.
2607 : */
2608 : static void
2609 1 : link_apconn_to_circ(entry_connection_t *apconn, origin_circuit_t *circ,
2610 : crypt_path_t *cpath)
2611 : {
2612 1 : const node_t *exitnode = NULL;
2613 :
2614 : /* add it into the linked list of streams on this circuit */
2615 1 : log_debug(LD_APP|LD_CIRC, "attaching new conn to circ. n_circ_id %u.",
2616 : (unsigned)circ->base_.n_circ_id);
2617 :
2618 : /* If this is the first stream on this circuit, tell circpad
2619 : * that streams are attached */
2620 1 : if (!circ->p_streams)
2621 1 : circpad_machine_event_circ_has_streams(circ);
2622 :
2623 : /* reset it, so we can measure circ timeouts */
2624 1 : ENTRY_TO_CONN(apconn)->timestamp_last_read_allowed = time(NULL);
2625 1 : ENTRY_TO_EDGE_CONN(apconn)->next_stream = circ->p_streams;
2626 1 : ENTRY_TO_EDGE_CONN(apconn)->on_circuit = TO_CIRCUIT(circ);
2627 : /* assert_connection_ok(conn, time(NULL)); */
2628 1 : circ->p_streams = ENTRY_TO_EDGE_CONN(apconn);
2629 :
2630 1 : if (connection_edge_is_rendezvous_stream(ENTRY_TO_EDGE_CONN(apconn))) {
2631 : /* We are attaching a stream to a rendezvous circuit. That means
2632 : * that an attempt to connect to a hidden service just
2633 : * succeeded. Tell rendclient.c. */
2634 1 : hs_client_note_connection_attempt_succeeded(ENTRY_TO_EDGE_CONN(apconn));
2635 : }
2636 :
2637 1 : if (cpath) { /* we were given one; use it */
2638 0 : tor_assert(cpath_is_on_circuit(circ, cpath));
2639 : } else {
2640 : /* use the last hop in the circuit */
2641 1 : tor_assert(circ->cpath);
2642 1 : tor_assert(circ->cpath->prev);
2643 1 : tor_assert(circ->cpath->prev->state == CPATH_STATE_OPEN);
2644 : cpath = circ->cpath->prev;
2645 : }
2646 1 : ENTRY_TO_EDGE_CONN(apconn)->cpath_layer = cpath;
2647 :
2648 1 : circ->isolation_any_streams_attached = 1;
2649 1 : connection_edge_update_circuit_isolation(apconn, circ, 0);
2650 :
2651 : /* Compute the exitnode if possible, for logging below */
2652 1 : if (cpath->extend_info)
2653 0 : exitnode = node_get_by_id(cpath->extend_info->identity_digest);
2654 :
2655 : /* See if we can use optimistic data on this circuit */
2656 1 : if (circ->base_.purpose == CIRCUIT_PURPOSE_C_GENERAL ||
2657 1 : circ->base_.purpose == CIRCUIT_PURPOSE_C_HSDIR_GET ||
2658 1 : circ->base_.purpose == CIRCUIT_PURPOSE_S_HSDIR_POST ||
2659 : circ->base_.purpose == CIRCUIT_PURPOSE_C_REND_JOINED)
2660 1 : apconn->may_use_optimistic_data = 1;
2661 : else
2662 0 : apconn->may_use_optimistic_data = 0;
2663 1 : log_info(LD_APP, "Looks like completed circuit to %s %s allow "
2664 : "optimistic data for connection to %s",
2665 : (circ->base_.purpose == CIRCUIT_PURPOSE_C_GENERAL ||
2666 : circ->base_.purpose == CIRCUIT_PURPOSE_CONTROLLER) ?
2667 : /* node_describe() does the right thing if exitnode is NULL */
2668 : safe_str_client(node_describe(exitnode)) :
2669 : "hidden service",
2670 : apconn->may_use_optimistic_data ? "does" : "doesn't",
2671 : safe_str_client(apconn->socks_request->address));
2672 1 : }
2673 :
2674 : /** Return true iff <b>address</b> is matched by one of the entries in
2675 : * TrackHostExits. */
2676 : int
2677 0 : hostname_in_track_host_exits(const or_options_t *options, const char *address)
2678 : {
2679 0 : if (!options->TrackHostExits)
2680 : return 0;
2681 0 : SMARTLIST_FOREACH_BEGIN(options->TrackHostExits, const char *, cp) {
2682 0 : if (cp[0] == '.') { /* match end */
2683 0 : if (cp[1] == '\0' ||
2684 0 : !strcasecmpend(address, cp) ||
2685 0 : !strcasecmp(address, &cp[1]))
2686 0 : return 1;
2687 0 : } else if (strcasecmp(cp, address) == 0) {
2688 : return 1;
2689 : }
2690 0 : } SMARTLIST_FOREACH_END(cp);
2691 : return 0;
2692 : }
2693 :
2694 : /** If an exit wasn't explicitly specified for <b>conn</b>, consider saving
2695 : * the exit that we *did* choose for use by future connections to
2696 : * <b>conn</b>'s destination.
2697 : */
2698 : static void
2699 0 : consider_recording_trackhost(const entry_connection_t *conn,
2700 : const origin_circuit_t *circ)
2701 : {
2702 0 : const or_options_t *options = get_options();
2703 0 : char *new_address = NULL;
2704 0 : char fp[HEX_DIGEST_LEN+1];
2705 0 : uint64_t stream_id = 0;
2706 :
2707 0 : if (BUG(!conn)) {
2708 0 : return;
2709 : }
2710 :
2711 0 : stream_id = ENTRY_TO_CONN(conn)->global_identifier;
2712 :
2713 : /* Search the addressmap for this conn's destination. */
2714 : /* If they're not in the address map.. */
2715 0 : if (!options->TrackHostExits ||
2716 0 : addressmap_have_mapping(conn->socks_request->address,
2717 0 : options->TrackHostExitsExpire))
2718 0 : return; /* nothing to track, or already mapped */
2719 :
2720 0 : if (!hostname_in_track_host_exits(options, conn->socks_request->address) ||
2721 0 : !circ->build_state->chosen_exit)
2722 : return;
2723 :
2724 : /* write down the fingerprint of the chosen exit, not the nickname,
2725 : * because the chosen exit might not be named. */
2726 0 : base16_encode(fp, sizeof(fp),
2727 0 : circ->build_state->chosen_exit->identity_digest, DIGEST_LEN);
2728 :
2729 : /* Add this exit/hostname pair to the addressmap. */
2730 0 : tor_asprintf(&new_address, "%s.%s.exit",
2731 0 : conn->socks_request->address, fp);
2732 :
2733 0 : addressmap_register(conn->socks_request->address, new_address,
2734 0 : time(NULL) + options->TrackHostExitsExpire,
2735 : ADDRMAPSRC_TRACKEXIT, 0, 0, stream_id);
2736 : }
2737 :
2738 : /** Attempt to attach the connection <b>conn</b> to <b>circ</b>, and send a
2739 : * begin or resolve cell as appropriate. Return values are as for
2740 : * connection_ap_handshake_attach_circuit. The stream will exit from the hop
2741 : * indicated by <b>cpath</b>, or from the last hop in circ's cpath if
2742 : * <b>cpath</b> is NULL. */
2743 : int
2744 0 : connection_ap_handshake_attach_chosen_circuit(entry_connection_t *conn,
2745 : origin_circuit_t *circ,
2746 : crypt_path_t *cpath)
2747 : {
2748 0 : connection_t *base_conn = ENTRY_TO_CONN(conn);
2749 0 : tor_assert(conn);
2750 0 : tor_assert(base_conn->state == AP_CONN_STATE_CIRCUIT_WAIT ||
2751 : base_conn->state == AP_CONN_STATE_CONTROLLER_WAIT);
2752 0 : tor_assert(conn->socks_request);
2753 0 : tor_assert(circ);
2754 0 : tor_assert(circ->base_.state == CIRCUIT_STATE_OPEN);
2755 :
2756 0 : base_conn->state = AP_CONN_STATE_CIRCUIT_WAIT;
2757 :
2758 0 : if (!circ->base_.timestamp_dirty ||
2759 0 : ((conn->entry_cfg.isolation_flags & ISO_SOCKSAUTH) &&
2760 0 : (conn->entry_cfg.socks_iso_keep_alive) &&
2761 0 : (conn->socks_request->usernamelen ||
2762 0 : conn->socks_request->passwordlen))) {
2763 : /* When stream isolation is in use and controlled by an application
2764 : * we are willing to keep using the stream. */
2765 0 : circ->base_.timestamp_dirty = approx_time();
2766 : }
2767 :
2768 0 : pathbias_count_use_attempt(circ);
2769 :
2770 : /* Now, actually link the connection. */
2771 0 : link_apconn_to_circ(conn, circ, cpath);
2772 :
2773 0 : tor_assert(conn->socks_request);
2774 0 : if (conn->socks_request->command == SOCKS_COMMAND_CONNECT) {
2775 0 : if (!conn->use_begindir) {
2776 0 : consider_recording_trackhost(conn, circ);
2777 : }
2778 0 : if (connection_ap_handshake_send_begin(conn) < 0)
2779 0 : return -1;
2780 : } else {
2781 0 : if (connection_ap_handshake_send_resolve(conn) < 0)
2782 0 : return -1;
2783 : }
2784 :
2785 : return 1;
2786 : }
2787 :
2788 : /**
2789 : * Return an appropriate circuit purpose for non-rend streams.
2790 : * We don't handle rends here because a rend stream triggers two
2791 : * circuit builds with different purposes, so it is handled elsewhere.
2792 : *
2793 : * This function just figures out what type of hsdir activity this is,
2794 : * and tells us. Everything else is general.
2795 : */
2796 : static int
2797 0 : connection_ap_get_nonrend_circ_purpose(const entry_connection_t *conn)
2798 : {
2799 0 : const connection_t *base_conn = ENTRY_TO_CONN(conn);
2800 0 : tor_assert_nonfatal(!connection_edge_is_rendezvous_stream(
2801 : ENTRY_TO_EDGE_CONN(conn)));
2802 :
2803 0 : if (base_conn->linked_conn &&
2804 0 : base_conn->linked_conn->type == CONN_TYPE_DIR) {
2805 : /* Set a custom purpose for hsdir activity */
2806 0 : if (base_conn->linked_conn->purpose == DIR_PURPOSE_UPLOAD_HSDESC) {
2807 : return CIRCUIT_PURPOSE_S_HSDIR_POST;
2808 0 : } else if (base_conn->linked_conn->purpose == DIR_PURPOSE_FETCH_HSDESC) {
2809 0 : return CIRCUIT_PURPOSE_C_HSDIR_GET;
2810 : }
2811 : }
2812 :
2813 : /* All other purposes are general for now */
2814 : return CIRCUIT_PURPOSE_C_GENERAL;
2815 : }
2816 :
2817 : /** Try to find a safe live circuit for stream <b>conn</b>. If we find one,
2818 : * attach the stream, send appropriate cells, and return 1. Otherwise,
2819 : * try to launch new circuit(s) for the stream. If we can launch
2820 : * circuits, return 0. Otherwise, if we simply can't proceed with
2821 : * this stream, return -1. (conn needs to die, and is maybe already marked).
2822 : */
2823 : /* XXXX this function should mark for close whenever it returns -1;
2824 : * its callers shouldn't have to worry about that. */
2825 : int
2826 1 : connection_ap_handshake_attach_circuit(entry_connection_t *conn)
2827 : {
2828 1 : connection_t *base_conn = ENTRY_TO_CONN(conn);
2829 1 : int retval;
2830 1 : int conn_age;
2831 1 : int want_onehop;
2832 :
2833 1 : tor_assert(conn);
2834 1 : tor_assert(base_conn->state == AP_CONN_STATE_CIRCUIT_WAIT);
2835 1 : tor_assert(conn->socks_request);
2836 1 : want_onehop = conn->want_onehop;
2837 :
2838 1 : conn_age = (int)(time(NULL) - base_conn->timestamp_created);
2839 :
2840 : /* Is this connection so old that we should give up on it? */
2841 1 : if (conn_age >= get_options()->SocksTimeout) {
2842 0 : int severity = (tor_addr_is_null(&base_conn->addr) && !base_conn->port) ?
2843 0 : LOG_INFO : LOG_NOTICE;
2844 0 : log_fn(severity, LD_APP,
2845 : "Tried for %d seconds to get a connection to %s:%d. Giving up.",
2846 : conn_age, safe_str_client(conn->socks_request->address),
2847 : conn->socks_request->port);
2848 0 : return -1;
2849 : }
2850 :
2851 : /* We handle "general" (non-onion) connections much more straightforwardly.
2852 : */
2853 1 : if (!connection_edge_is_rendezvous_stream(ENTRY_TO_EDGE_CONN(conn))) {
2854 : /* we're a general conn */
2855 0 : origin_circuit_t *circ=NULL;
2856 :
2857 : /* Are we linked to a dir conn that aims to fetch a consensus?
2858 : * We check here because the conn might no longer be needed. */
2859 0 : if (base_conn->linked_conn &&
2860 0 : base_conn->linked_conn->type == CONN_TYPE_DIR &&
2861 : base_conn->linked_conn->purpose == DIR_PURPOSE_FETCH_CONSENSUS) {
2862 :
2863 : /* Yes we are. Is there a consensus fetch farther along than us? */
2864 0 : if (networkstatus_consensus_is_already_downloading(
2865 0 : TO_DIR_CONN(base_conn->linked_conn)->requested_resource)) {
2866 : /* We're doing the "multiple consensus fetch attempts" game from
2867 : * proposal 210, and we're late to the party. Just close this conn.
2868 : * The circuit and TLS conn that we made will time out after a while
2869 : * if nothing else wants to use them. */
2870 0 : log_info(LD_DIR, "Closing extra consensus fetch (to %s) since one "
2871 : "is already downloading.", base_conn->linked_conn->address);
2872 0 : return -1;
2873 : }
2874 : }
2875 :
2876 : /* If we have a chosen exit, we need to use a circuit that's
2877 : * open to that exit. See what exit we meant, and whether we can use it.
2878 : */
2879 0 : if (conn->chosen_exit_name) {
2880 0 : const node_t *node = node_get_by_nickname(conn->chosen_exit_name, 0);
2881 0 : int opt = conn->chosen_exit_optional;
2882 0 : if (!node && !want_onehop) {
2883 : /* We ran into this warning when trying to extend a circuit to a
2884 : * hidden service directory for which we didn't have a router
2885 : * descriptor. See flyspray task 767 for more details. We should
2886 : * keep this in mind when deciding to use BEGIN_DIR cells for other
2887 : * directory requests as well. -KL*/
2888 0 : log_fn(opt ? LOG_INFO : LOG_WARN, LD_APP,
2889 : "Requested exit point '%s' is not known. %s.",
2890 : conn->chosen_exit_name, opt ? "Trying others" : "Closing");
2891 0 : if (opt) {
2892 : /* If we are allowed to ignore the .exit request, do so */
2893 0 : conn->chosen_exit_optional = 0;
2894 0 : tor_free(conn->chosen_exit_name);
2895 0 : return 0;
2896 : }
2897 : return -1;
2898 : }
2899 0 : if (node && !connection_ap_can_use_exit(conn, node)) {
2900 0 : log_fn(opt ? LOG_INFO : LOG_WARN, LD_APP,
2901 : "Requested exit point '%s' is excluded or "
2902 : "would refuse request. %s.",
2903 : conn->chosen_exit_name, opt ? "Trying others" : "Closing");
2904 0 : if (opt) {
2905 : /* If we are allowed to ignore the .exit request, do so */
2906 0 : conn->chosen_exit_optional = 0;
2907 0 : tor_free(conn->chosen_exit_name);
2908 0 : return 0;
2909 : }
2910 : return -1;
2911 : }
2912 : }
2913 :
2914 : /* Find the circuit that we should use, if there is one. Otherwise
2915 : * launch it
2916 : */
2917 0 : retval = circuit_get_open_circ_or_launch(conn,
2918 0 : connection_ap_get_nonrend_circ_purpose(conn),
2919 : &circ);
2920 :
2921 0 : if (retval < 1) {
2922 : /* We were either told "-1" (complete failure) or 0 (circuit in
2923 : * progress); we can't attach this stream yet. */
2924 : return retval;
2925 : }
2926 :
2927 0 : log_debug(LD_APP|LD_CIRC,
2928 : "Attaching apconn to circ %u (stream %d sec old).",
2929 : (unsigned)circ->base_.n_circ_id, conn_age);
2930 : /* print the circ's path, so clients can figure out which circs are
2931 : * sucking. */
2932 0 : circuit_log_path(LOG_INFO,LD_APP|LD_CIRC,circ);
2933 :
2934 : /* We have found a suitable circuit for our conn. Hurray. Do
2935 : * the attachment. */
2936 0 : return connection_ap_handshake_attach_chosen_circuit(conn, circ, NULL);
2937 :
2938 : } else { /* we're a rendezvous conn */
2939 1 : origin_circuit_t *rendcirc=NULL, *introcirc=NULL;
2940 :
2941 1 : tor_assert(!ENTRY_TO_EDGE_CONN(conn)->cpath_layer);
2942 :
2943 : /* start by finding a rendezvous circuit for us */
2944 :
2945 1 : retval = circuit_get_open_circ_or_launch(
2946 : conn, CIRCUIT_PURPOSE_C_REND_JOINED, &rendcirc);
2947 1 : if (retval < 0) return -1; /* failed */
2948 :
2949 1 : if (retval > 0) {
2950 1 : tor_assert(rendcirc);
2951 : /* one is already established, attach */
2952 1 : log_info(LD_REND,
2953 : "rend joined circ %u (id: %" PRIu32 ") already here. "
2954 : "Attaching. (stream %d sec old)",
2955 : (unsigned) TO_CIRCUIT(rendcirc)->n_circ_id,
2956 : rendcirc->global_identifier, conn_age);
2957 : /* Mark rendezvous circuits as 'newly dirty' every time you use
2958 : * them, since the process of rebuilding a rendezvous circ is so
2959 : * expensive. There is a tradeoff between linkability and
2960 : * feasibility, at this point.
2961 : */
2962 1 : rendcirc->base_.timestamp_dirty = time(NULL);
2963 :
2964 : /* We've also attempted to use them. If they fail, we need to
2965 : * probe them for path bias */
2966 1 : pathbias_count_use_attempt(rendcirc);
2967 :
2968 1 : link_apconn_to_circ(conn, rendcirc, NULL);
2969 1 : if (connection_ap_handshake_send_begin(conn) < 0)
2970 : return 0; /* already marked, let them fade away */
2971 1 : return 1;
2972 : }
2973 :
2974 : /* At this point we need to re-check the state, since it's possible that
2975 : * our call to circuit_get_open_circ_or_launch() changed the connection's
2976 : * state from "CIRCUIT_WAIT" to "RENDDESC_WAIT" because we decided to
2977 : * re-fetch the descriptor.
2978 : */
2979 0 : if (ENTRY_TO_CONN(conn)->state != AP_CONN_STATE_CIRCUIT_WAIT) {
2980 0 : log_info(LD_REND, "This connection is no longer ready to attach; its "
2981 : "state changed."
2982 : "(We probably have to re-fetch its descriptor.)");
2983 0 : return 0;
2984 : }
2985 :
2986 0 : if (rendcirc && (rendcirc->base_.purpose ==
2987 : CIRCUIT_PURPOSE_C_REND_READY_INTRO_ACKED)) {
2988 0 : log_info(LD_REND,
2989 : "pending-join circ %u (id: %" PRIu32 ") already here, with "
2990 : "intro ack. Stalling. (stream %d sec old)",
2991 : (unsigned) TO_CIRCUIT(rendcirc)->n_circ_id,
2992 : rendcirc->global_identifier, conn_age);
2993 0 : return 0;
2994 : }
2995 :
2996 : /* it's on its way. find an intro circ. */
2997 0 : retval = circuit_get_open_circ_or_launch(
2998 : conn, CIRCUIT_PURPOSE_C_INTRODUCE_ACK_WAIT, &introcirc);
2999 0 : if (retval < 0) return -1; /* failed */
3000 :
3001 0 : if (retval > 0) {
3002 : /* one has already sent the intro. keep waiting. */
3003 0 : tor_assert(introcirc);
3004 0 : log_info(LD_REND, "Intro circ %u (id: %" PRIu32 ") present and "
3005 : "awaiting ACK. Rend circuit %u (id: %" PRIu32 "). "
3006 : "Stalling. (stream %d sec old)",
3007 : (unsigned) TO_CIRCUIT(introcirc)->n_circ_id,
3008 : introcirc->global_identifier,
3009 : rendcirc ? (unsigned) TO_CIRCUIT(rendcirc)->n_circ_id : 0,
3010 : rendcirc ? rendcirc->global_identifier : 0,
3011 : conn_age);
3012 0 : return 0;
3013 : }
3014 :
3015 : /* now rendcirc and introcirc are each either undefined or not finished */
3016 :
3017 0 : if (rendcirc && introcirc &&
3018 0 : rendcirc->base_.purpose == CIRCUIT_PURPOSE_C_REND_READY) {
3019 0 : log_info(LD_REND,
3020 : "ready rend circ %u (id: %" PRIu32 ") already here. No"
3021 : "intro-ack yet on intro %u (id: %" PRIu32 "). "
3022 : "(stream %d sec old)",
3023 : (unsigned) TO_CIRCUIT(rendcirc)->n_circ_id,
3024 : rendcirc->global_identifier,
3025 : (unsigned) TO_CIRCUIT(introcirc)->n_circ_id,
3026 : introcirc->global_identifier, conn_age);
3027 :
3028 0 : tor_assert(introcirc->base_.purpose == CIRCUIT_PURPOSE_C_INTRODUCING);
3029 0 : if (introcirc->base_.state == CIRCUIT_STATE_OPEN) {
3030 0 : int ret;
3031 0 : log_info(LD_REND, "Found open intro circ %u (id: %" PRIu32 "). "
3032 : "Rend circuit %u (id: %" PRIu32 "); Sending "
3033 : "introduction. (stream %d sec old)",
3034 : (unsigned) TO_CIRCUIT(introcirc)->n_circ_id,
3035 : introcirc->global_identifier,
3036 : (unsigned) TO_CIRCUIT(rendcirc)->n_circ_id,
3037 : rendcirc->global_identifier, conn_age);
3038 0 : ret = hs_client_send_introduce1(introcirc, rendcirc);
3039 0 : switch (ret) {
3040 0 : case 0: /* success */
3041 0 : rendcirc->base_.timestamp_dirty = time(NULL);
3042 0 : introcirc->base_.timestamp_dirty = time(NULL);
3043 :
3044 0 : pathbias_count_use_attempt(introcirc);
3045 0 : pathbias_count_use_attempt(rendcirc);
3046 :
3047 0 : assert_circuit_ok(TO_CIRCUIT(rendcirc));
3048 0 : assert_circuit_ok(TO_CIRCUIT(introcirc));
3049 0 : return 0;
3050 : case -1: /* transient error */
3051 : return 0;
3052 0 : case -2: /* permanent error */
3053 0 : return -1;
3054 0 : default: /* oops */
3055 0 : tor_fragile_assert();
3056 0 : return -1;
3057 : }
3058 : }
3059 : }
3060 :
3061 0 : log_info(LD_REND, "Intro %u (id: %" PRIu32 ") and rend circuit %u "
3062 : "(id: %" PRIu32 ") circuits are not both ready. "
3063 : "Stalling conn. (%d sec old)",
3064 : introcirc ? (unsigned) TO_CIRCUIT(introcirc)->n_circ_id : 0,
3065 : introcirc ? introcirc->global_identifier : 0,
3066 : rendcirc ? (unsigned) TO_CIRCUIT(rendcirc)->n_circ_id : 0,
3067 : rendcirc ? rendcirc->global_identifier : 0, conn_age);
3068 0 : return 0;
3069 : }
3070 : }
3071 :
3072 : /** Change <b>circ</b>'s purpose to <b>new_purpose</b>. */
3073 : void
3074 40 : circuit_change_purpose(circuit_t *circ, uint8_t new_purpose)
3075 : {
3076 40 : uint8_t old_purpose;
3077 : /* Don't allow an OR circ to become an origin circ or vice versa. */
3078 40 : tor_assert(!!(CIRCUIT_IS_ORIGIN(circ)) ==
3079 : !!(CIRCUIT_PURPOSE_IS_ORIGIN(new_purpose)));
3080 :
3081 40 : if (circ->purpose == new_purpose) return;
3082 :
3083 39 : if (CIRCUIT_IS_ORIGIN(circ)) {
3084 10 : char old_purpose_desc[80] = "";
3085 :
3086 10 : strncpy(old_purpose_desc, circuit_purpose_to_string(circ->purpose), 80-1);
3087 10 : old_purpose_desc[80-1] = '\0';
3088 :
3089 10 : log_debug(LD_CIRC,
3090 : "changing purpose of origin circ %d "
3091 : "from \"%s\" (%d) to \"%s\" (%d)",
3092 : TO_ORIGIN_CIRCUIT(circ)->global_identifier,
3093 : old_purpose_desc,
3094 : circ->purpose,
3095 : circuit_purpose_to_string(new_purpose),
3096 : new_purpose);
3097 :
3098 : /* Take specific actions if we are repurposing a hidden service circuit. */
3099 10 : if (circuit_purpose_is_hidden_service(circ->purpose) &&
3100 7 : !circuit_purpose_is_hidden_service(new_purpose)) {
3101 0 : hs_circ_cleanup_on_repurpose(circ);
3102 : }
3103 : }
3104 :
3105 39 : old_purpose = circ->purpose;
3106 39 : circ->purpose = new_purpose;
3107 : tor_trace(TR_SUBSYS(circuit), TR_EV(change_purpose), circ, old_purpose,
3108 39 : new_purpose);
3109 :
3110 39 : if (CIRCUIT_IS_ORIGIN(circ)) {
3111 10 : control_event_circuit_purpose_changed(TO_ORIGIN_CIRCUIT(circ),
3112 : old_purpose);
3113 :
3114 10 : circpad_machine_event_circ_purpose_changed(TO_ORIGIN_CIRCUIT(circ));
3115 : }
3116 : }
3117 :
3118 : /** Mark <b>circ</b> so that no more connections can be attached to it. */
3119 : void
3120 1 : mark_circuit_unusable_for_new_conns(origin_circuit_t *circ)
3121 : {
3122 1 : const or_options_t *options = get_options();
3123 1 : tor_assert(circ);
3124 :
3125 : /* XXXX This is a kludge; we're only keeping it around in case there's
3126 : * something that doesn't check unusable_for_new_conns, and to avoid
3127 : * deeper refactoring of our expiration logic. */
3128 1 : if (! circ->base_.timestamp_dirty)
3129 1 : circ->base_.timestamp_dirty = approx_time();
3130 1 : if (options->MaxCircuitDirtiness >= circ->base_.timestamp_dirty)
3131 0 : circ->base_.timestamp_dirty = 1; /* prevent underflow */
3132 : else
3133 1 : circ->base_.timestamp_dirty -= options->MaxCircuitDirtiness;
3134 :
3135 1 : circ->unusable_for_new_conns = 1;
3136 1 : }
3137 :
3138 : /**
3139 : * Add relay_body_len and RELAY_PAYLOAD_SIZE-relay_body_len to
3140 : * the valid delivered written fields and the overhead field,
3141 : * respectively.
3142 : */
3143 : void
3144 33 : circuit_sent_valid_data(origin_circuit_t *circ, uint16_t relay_body_len)
3145 : {
3146 33 : if (!circ) return;
3147 :
3148 33 : tor_assertf_nonfatal(relay_body_len <= RELAY_PAYLOAD_SIZE,
3149 : "Wrong relay_body_len: %d (should be at most %d)",
3150 : relay_body_len, RELAY_PAYLOAD_SIZE);
3151 :
3152 66 : circ->n_delivered_written_circ_bw =
3153 33 : tor_add_u32_nowrap(circ->n_delivered_written_circ_bw, relay_body_len);
3154 33 : circ->n_overhead_written_circ_bw =
3155 33 : tor_add_u32_nowrap(circ->n_overhead_written_circ_bw,
3156 33 : RELAY_PAYLOAD_SIZE-relay_body_len);
3157 : }
3158 :
3159 : /**
3160 : * Add relay_body_len and RELAY_PAYLOAD_SIZE-relay_body_len to
3161 : * the valid delivered read field and the overhead field,
3162 : * respectively.
3163 : */
3164 : void
3165 1045 : circuit_read_valid_data(origin_circuit_t *circ, uint16_t relay_body_len)
3166 : {
3167 1045 : if (!circ) return;
3168 :
3169 1045 : tor_assert_nonfatal(relay_body_len <= RELAY_PAYLOAD_SIZE);
3170 :
3171 2090 : circ->n_delivered_read_circ_bw =
3172 1045 : tor_add_u32_nowrap(circ->n_delivered_read_circ_bw, relay_body_len);
3173 1045 : circ->n_overhead_read_circ_bw =
3174 1045 : tor_add_u32_nowrap(circ->n_overhead_read_circ_bw,
3175 1045 : RELAY_PAYLOAD_SIZE-relay_body_len);
3176 : }
|
