Line data Source code
1 : /* Copyright (c) 2001 Matej Pfajfar.
2 : * Copyright (c) 2001-2004, Roger Dingledine.
3 : * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson.
4 : * Copyright (c) 2007-2021, The Tor Project, Inc. */
5 : /* See LICENSE for licensing information */
6 :
7 : /**
8 : * \file relay.c
9 : * \brief Handle relay cell encryption/decryption, plus packaging and
10 : * receiving from circuits, plus queuing on circuits.
11 : *
12 : * This is a core modules that makes Tor work. It's responsible for
13 : * dealing with RELAY cells (the ones that travel more than one hop along a
14 : * circuit), by:
15 : * <ul>
16 : * <li>constructing relays cells,
17 : * <li>encrypting relay cells,
18 : * <li>decrypting relay cells,
19 : * <li>demultiplexing relay cells as they arrive on a connection,
20 : * <li>queueing relay cells for retransmission,
21 : * <li>or handling relay cells that are for us to receive (as an exit or a
22 : * client).
23 : * </ul>
24 : *
25 : * RELAY cells are generated throughout the code at the client or relay side,
26 : * using relay_send_command_from_edge() or one of the functions like
27 : * connection_edge_send_command() that calls it. Of particular interest is
28 : * connection_edge_package_raw_inbuf(), which takes information that has
29 : * arrived on an edge connection socket, and packages it as a RELAY_DATA cell
30 : * -- this is how information is actually sent across the Tor network. The
31 : * cryptography for these functions is handled deep in
32 : * circuit_package_relay_cell(), which either adds a single layer of
33 : * encryption (if we're an exit), or multiple layers (if we're the origin of
34 : * the circuit). After construction and encryption, the RELAY cells are
35 : * passed to append_cell_to_circuit_queue(), which queues them for
36 : * transmission and tells the circuitmux (see circuitmux.c) that the circuit
37 : * is waiting to send something.
38 : *
39 : * Incoming RELAY cells arrive at circuit_receive_relay_cell(), called from
40 : * command.c. There they are decrypted and, if they are for us, are passed to
41 : * connection_edge_process_relay_cell(). If they're not for us, they're
42 : * re-queued for retransmission again with append_cell_to_circuit_queue().
43 : *
44 : * The connection_edge_process_relay_cell() function handles all the different
45 : * types of relay cells, launching requests or transmitting data as needed.
46 : **/
47 :
48 : #define RELAY_PRIVATE
49 : #include "core/or/or.h"
50 : #include "feature/client/addressmap.h"
51 : #include "lib/err/backtrace.h"
52 : #include "lib/buf/buffers.h"
53 : #include "core/or/channel.h"
54 : #include "feature/client/circpathbias.h"
55 : #include "core/or/circuitbuild.h"
56 : #include "core/or/circuitlist.h"
57 : #include "core/or/circuituse.h"
58 : #include "core/or/circuitpadding.h"
59 : #include "core/or/extendinfo.h"
60 : #include "lib/compress/compress.h"
61 : #include "app/config/config.h"
62 : #include "core/mainloop/connection.h"
63 : #include "core/or/connection_edge.h"
64 : #include "core/or/connection_or.h"
65 : #include "feature/control/control_events.h"
66 : #include "lib/crypt_ops/crypto_rand.h"
67 : #include "lib/crypt_ops/crypto_util.h"
68 : #include "feature/dircommon/directory.h"
69 : #include "feature/relay/dns.h"
70 : #include "feature/relay/circuitbuild_relay.h"
71 : #include "feature/stats/geoip_stats.h"
72 : #include "feature/hs/hs_cache.h"
73 : #include "core/mainloop/mainloop.h"
74 : #include "feature/nodelist/networkstatus.h"
75 : #include "feature/nodelist/nodelist.h"
76 : #include "core/or/onion.h"
77 : #include "core/or/policies.h"
78 : #include "core/or/reasons.h"
79 : #include "core/or/relay.h"
80 : #include "core/crypto/relay_crypto.h"
81 : #include "feature/rend/rendcommon.h"
82 : #include "feature/nodelist/describe.h"
83 : #include "feature/nodelist/routerlist.h"
84 : #include "core/or/scheduler.h"
85 : #include "feature/hs/hs_metrics.h"
86 : #include "feature/stats/rephist.h"
87 :
88 : #include "core/or/cell_st.h"
89 : #include "core/or/cell_queue_st.h"
90 : #include "core/or/cpath_build_state_st.h"
91 : #include "feature/dircommon/dir_connection_st.h"
92 : #include "core/or/destroy_cell_queue_st.h"
93 : #include "core/or/entry_connection_st.h"
94 : #include "core/or/extend_info_st.h"
95 : #include "core/or/or_circuit_st.h"
96 : #include "core/or/origin_circuit_st.h"
97 : #include "feature/nodelist/routerinfo_st.h"
98 : #include "core/or/socks_request_st.h"
99 : #include "core/or/sendme.h"
100 :
101 : static edge_connection_t *relay_lookup_conn(circuit_t *circ, cell_t *cell,
102 : cell_direction_t cell_direction,
103 : crypt_path_t *layer_hint);
104 :
105 : static void circuit_resume_edge_reading(circuit_t *circ,
106 : crypt_path_t *layer_hint);
107 : static int circuit_resume_edge_reading_helper(edge_connection_t *conn,
108 : circuit_t *circ,
109 : crypt_path_t *layer_hint);
110 : static int circuit_consider_stop_edge_reading(circuit_t *circ,
111 : crypt_path_t *layer_hint);
112 : static int circuit_queue_streams_are_blocked(circuit_t *circ);
113 : static void adjust_exit_policy_from_exitpolicy_failure(origin_circuit_t *circ,
114 : entry_connection_t *conn,
115 : node_t *node,
116 : const tor_addr_t *addr);
117 :
118 : /** Stop reading on edge connections when we have this many cells
119 : * waiting on the appropriate queue. */
120 : #define CELL_QUEUE_HIGHWATER_SIZE 256
121 : /** Start reading from edge connections again when we get down to this many
122 : * cells. */
123 : #define CELL_QUEUE_LOWWATER_SIZE 64
124 :
125 : /** Stats: how many relay cells have originated at this hop, or have
126 : * been relayed onward (not recognized at this hop)?
127 : */
128 : uint64_t stats_n_relay_cells_relayed = 0;
129 : /** Stats: how many relay cells have been delivered to streams at this
130 : * hop?
131 : */
132 : uint64_t stats_n_relay_cells_delivered = 0;
133 : /** Stats: how many circuits have we closed due to the cell queue limit being
134 : * reached (see append_cell_to_circuit_queue()) */
135 : uint64_t stats_n_circ_max_cell_reached = 0;
136 :
137 : /**
138 : * Update channel usage state based on the type of relay cell and
139 : * circuit properties.
140 : *
141 : * This is needed to determine if a client channel is being
142 : * used for application traffic, and if a relay channel is being
143 : * used for multihop circuits and application traffic. The decision
144 : * to pad in channelpadding.c depends upon this info (as well as
145 : * consensus parameters) to decide what channels to pad.
146 : */
147 : static void
148 0 : circuit_update_channel_usage(circuit_t *circ, cell_t *cell)
149 : {
150 0 : if (CIRCUIT_IS_ORIGIN(circ)) {
151 : /*
152 : * The client state was first set much earlier in
153 : * circuit_send_next_onion_skin(), so we can start padding as early as
154 : * possible.
155 : *
156 : * However, if padding turns out to be expensive, we may want to not do
157 : * it until actual application traffic starts flowing (which is controlled
158 : * via consensus param nf_pad_before_usage).
159 : *
160 : * So: If we're an origin circuit and we've created a full length circuit,
161 : * then any CELL_RELAY cell means application data. Increase the usage
162 : * state of the channel to indicate this.
163 : *
164 : * We want to wait for CELL_RELAY specifically here, so we know that
165 : * the channel was definitely being used for data and not for extends.
166 : * By default, we pad as soon as a channel has been used for *any*
167 : * circuits, so this state is irrelevant to the padding decision in
168 : * the default case. However, if padding turns out to be expensive,
169 : * we would like the ability to avoid padding until we're absolutely
170 : * sure that a channel is used for enough application data to be worth
171 : * padding.
172 : *
173 : * (So it does not matter that CELL_RELAY_EARLY can actually contain
174 : * application data. This is only a load reducing option and that edge
175 : * case does not matter if we're desperately trying to reduce overhead
176 : * anyway. See also consensus parameter nf_pad_before_usage).
177 : */
178 0 : if (BUG(!circ->n_chan))
179 0 : return;
180 :
181 0 : if (circ->n_chan->channel_usage == CHANNEL_USED_FOR_FULL_CIRCS &&
182 0 : cell->command == CELL_RELAY) {
183 0 : circ->n_chan->channel_usage = CHANNEL_USED_FOR_USER_TRAFFIC;
184 : }
185 : } else {
186 : /* If we're a relay circuit, the question is more complicated. Basically:
187 : * we only want to pad connections that carry multihop (anonymous)
188 : * circuits.
189 : *
190 : * We assume we're more than one hop if either the previous hop
191 : * is not a client, or if the previous hop is a client and there's
192 : * a next hop. Then, circuit traffic starts at RELAY_EARLY, and
193 : * user application traffic starts when we see RELAY cells.
194 : */
195 0 : or_circuit_t *or_circ = TO_OR_CIRCUIT(circ);
196 :
197 0 : if (BUG(!or_circ->p_chan))
198 0 : return;
199 :
200 0 : if (!channel_is_client(or_circ->p_chan) ||
201 0 : (channel_is_client(or_circ->p_chan) && circ->n_chan)) {
202 0 : if (cell->command == CELL_RELAY_EARLY) {
203 0 : if (or_circ->p_chan->channel_usage < CHANNEL_USED_FOR_FULL_CIRCS) {
204 0 : or_circ->p_chan->channel_usage = CHANNEL_USED_FOR_FULL_CIRCS;
205 : }
206 0 : } else if (cell->command == CELL_RELAY) {
207 0 : or_circ->p_chan->channel_usage = CHANNEL_USED_FOR_USER_TRAFFIC;
208 : }
209 : }
210 : }
211 : }
212 :
213 : /** Receive a relay cell:
214 : * - Crypt it (encrypt if headed toward the origin or if we <b>are</b> the
215 : * origin; decrypt if we're headed toward the exit).
216 : * - Check if recognized (if exitward).
217 : * - If recognized and the digest checks out, then find if there's a stream
218 : * that the cell is intended for, and deliver it to the right
219 : * connection_edge.
220 : * - If not recognized, then we need to relay it: append it to the appropriate
221 : * cell_queue on <b>circ</b>.
222 : *
223 : * Return -<b>reason</b> on failure.
224 : */
225 : int
226 0 : circuit_receive_relay_cell(cell_t *cell, circuit_t *circ,
227 : cell_direction_t cell_direction)
228 : {
229 0 : channel_t *chan = NULL;
230 0 : crypt_path_t *layer_hint=NULL;
231 0 : char recognized=0;
232 0 : int reason;
233 :
234 0 : tor_assert(cell);
235 0 : tor_assert(circ);
236 0 : tor_assert(cell_direction == CELL_DIRECTION_OUT ||
237 : cell_direction == CELL_DIRECTION_IN);
238 0 : if (circ->marked_for_close)
239 : return 0;
240 :
241 0 : if (relay_decrypt_cell(circ, cell, cell_direction, &layer_hint, &recognized)
242 : < 0) {
243 0 : log_fn(LOG_PROTOCOL_WARN, LD_PROTOCOL,
244 : "relay crypt failed. Dropping connection.");
245 0 : return -END_CIRC_REASON_INTERNAL;
246 : }
247 :
248 0 : circuit_update_channel_usage(circ, cell);
249 :
250 0 : if (recognized) {
251 0 : edge_connection_t *conn = NULL;
252 :
253 : /* Recognized cell, the cell digest has been updated, we'll record it for
254 : * the SENDME if need be. */
255 0 : sendme_record_received_cell_digest(circ, layer_hint);
256 :
257 0 : if (circ->purpose == CIRCUIT_PURPOSE_PATH_BIAS_TESTING) {
258 0 : if (pathbias_check_probe_response(circ, cell) == -1) {
259 0 : pathbias_count_valid_cells(circ, cell);
260 : }
261 :
262 : /* We need to drop this cell no matter what to avoid code that expects
263 : * a certain purpose (such as the hidserv code). */
264 0 : return 0;
265 : }
266 :
267 0 : conn = relay_lookup_conn(circ, cell, cell_direction, layer_hint);
268 0 : if (cell_direction == CELL_DIRECTION_OUT) {
269 0 : ++stats_n_relay_cells_delivered;
270 0 : log_debug(LD_OR,"Sending away from origin.");
271 0 : reason = connection_edge_process_relay_cell(cell, circ, conn, NULL);
272 0 : if (reason < 0) {
273 0 : log_fn(LOG_PROTOCOL_WARN, LD_PROTOCOL,
274 : "connection_edge_process_relay_cell (away from origin) "
275 : "failed.");
276 0 : return reason;
277 : }
278 : }
279 0 : if (cell_direction == CELL_DIRECTION_IN) {
280 0 : ++stats_n_relay_cells_delivered;
281 0 : log_debug(LD_OR,"Sending to origin.");
282 0 : reason = connection_edge_process_relay_cell(cell, circ, conn,
283 : layer_hint);
284 0 : if (reason < 0) {
285 : /* If a client is trying to connect to unknown hidden service port,
286 : * END_CIRC_AT_ORIGIN is sent back so we can then close the circuit.
287 : * Do not log warn as this is an expected behavior for a service. */
288 0 : if (reason != END_CIRC_AT_ORIGIN) {
289 0 : log_warn(LD_OR,
290 : "connection_edge_process_relay_cell (at origin) failed.");
291 : }
292 0 : return reason;
293 : }
294 : }
295 0 : return 0;
296 : }
297 :
298 : /* not recognized. inform circpad and pass it on. */
299 0 : circpad_deliver_unrecognized_cell_events(circ, cell_direction);
300 :
301 0 : if (cell_direction == CELL_DIRECTION_OUT) {
302 0 : cell->circ_id = circ->n_circ_id; /* switch it */
303 0 : chan = circ->n_chan;
304 0 : } else if (! CIRCUIT_IS_ORIGIN(circ)) {
305 0 : cell->circ_id = TO_OR_CIRCUIT(circ)->p_circ_id; /* switch it */
306 0 : chan = TO_OR_CIRCUIT(circ)->p_chan;
307 : } else {
308 0 : log_fn(LOG_PROTOCOL_WARN, LD_OR,
309 : "Dropping unrecognized inbound cell on origin circuit.");
310 : /* If we see unrecognized cells on path bias testing circs,
311 : * it's bad mojo. Those circuits need to die.
312 : * XXX: Shouldn't they always die? */
313 0 : if (circ->purpose == CIRCUIT_PURPOSE_PATH_BIAS_TESTING) {
314 0 : TO_ORIGIN_CIRCUIT(circ)->path_state = PATH_STATE_USE_FAILED;
315 0 : return -END_CIRC_REASON_TORPROTOCOL;
316 : } else {
317 : return 0;
318 : }
319 : }
320 :
321 0 : if (!chan) {
322 : // XXXX Can this splice stuff be done more cleanly?
323 0 : if (! CIRCUIT_IS_ORIGIN(circ) &&
324 0 : TO_OR_CIRCUIT(circ)->rend_splice &&
325 : cell_direction == CELL_DIRECTION_OUT) {
326 0 : or_circuit_t *splice_ = TO_OR_CIRCUIT(circ)->rend_splice;
327 0 : tor_assert(circ->purpose == CIRCUIT_PURPOSE_REND_ESTABLISHED);
328 0 : tor_assert(splice_->base_.purpose == CIRCUIT_PURPOSE_REND_ESTABLISHED);
329 0 : cell->circ_id = splice_->p_circ_id;
330 0 : cell->command = CELL_RELAY; /* can't be relay_early anyway */
331 0 : if ((reason = circuit_receive_relay_cell(cell, TO_CIRCUIT(splice_),
332 : CELL_DIRECTION_IN)) < 0) {
333 0 : log_warn(LD_REND, "Error relaying cell across rendezvous; closing "
334 : "circuits");
335 : /* XXXX Do this here, or just return -1? */
336 0 : circuit_mark_for_close(circ, -reason);
337 0 : return reason;
338 : }
339 : return 0;
340 : }
341 0 : log_fn(LOG_PROTOCOL_WARN, LD_PROTOCOL,
342 : "Didn't recognize cell, but circ stops here! Closing circ.");
343 0 : return -END_CIRC_REASON_TORPROTOCOL;
344 : }
345 :
346 0 : log_debug(LD_OR,"Passing on unrecognized cell.");
347 :
348 0 : ++stats_n_relay_cells_relayed; /* XXXX no longer quite accurate {cells}
349 : * we might kill the circ before we relay
350 : * the cells. */
351 :
352 0 : append_cell_to_circuit_queue(circ, chan, cell, cell_direction, 0);
353 0 : return 0;
354 : }
355 :
356 : /** Package a relay cell from an edge:
357 : * - Encrypt it to the right layer
358 : * - Append it to the appropriate cell_queue on <b>circ</b>.
359 : */
360 1 : MOCK_IMPL(int,
361 : circuit_package_relay_cell, (cell_t *cell, circuit_t *circ,
362 : cell_direction_t cell_direction,
363 : crypt_path_t *layer_hint, streamid_t on_stream,
364 : const char *filename, int lineno))
365 : {
366 1 : channel_t *chan; /* where to send the cell */
367 :
368 1 : if (circ->marked_for_close) {
369 : /* Circuit is marked; send nothing. */
370 : return 0;
371 : }
372 :
373 1 : if (cell_direction == CELL_DIRECTION_OUT) {
374 1 : chan = circ->n_chan;
375 1 : if (!chan) {
376 1 : log_warn(LD_BUG,"outgoing relay cell sent from %s:%d has n_chan==NULL."
377 : " Dropping. Circuit is in state %s (%d), and is "
378 : "%smarked for close. (%s:%d, %d)", filename, lineno,
379 : circuit_state_to_string(circ->state), circ->state,
380 : circ->marked_for_close ? "" : "not ",
381 : circ->marked_for_close_file?circ->marked_for_close_file:"",
382 : circ->marked_for_close, circ->marked_for_close_reason);
383 1 : if (CIRCUIT_IS_ORIGIN(circ)) {
384 1 : circuit_log_path(LOG_WARN, LD_BUG, TO_ORIGIN_CIRCUIT(circ));
385 : }
386 1 : log_backtrace(LOG_WARN,LD_BUG,"");
387 1 : return 0; /* just drop it */
388 : }
389 0 : if (!CIRCUIT_IS_ORIGIN(circ)) {
390 0 : log_warn(LD_BUG,"outgoing relay cell sent from %s:%d on non-origin "
391 : "circ. Dropping.", filename, lineno);
392 0 : log_backtrace(LOG_WARN,LD_BUG,"");
393 0 : return 0; /* just drop it */
394 : }
395 :
396 0 : relay_encrypt_cell_outbound(cell, TO_ORIGIN_CIRCUIT(circ), layer_hint);
397 :
398 : /* Update circ written totals for control port */
399 0 : origin_circuit_t *ocirc = TO_ORIGIN_CIRCUIT(circ);
400 0 : ocirc->n_written_circ_bw = tor_add_u32_nowrap(ocirc->n_written_circ_bw,
401 : CELL_PAYLOAD_SIZE);
402 :
403 : } else { /* incoming cell */
404 0 : if (CIRCUIT_IS_ORIGIN(circ)) {
405 : /* We should never package an _incoming_ cell from the circuit
406 : * origin; that means we messed up somewhere. */
407 0 : log_warn(LD_BUG,"incoming relay cell at origin circuit. Dropping.");
408 0 : assert_circuit_ok(circ);
409 0 : return 0; /* just drop it */
410 : }
411 0 : or_circuit_t *or_circ = TO_OR_CIRCUIT(circ);
412 0 : relay_encrypt_cell_inbound(cell, or_circ);
413 0 : chan = or_circ->p_chan;
414 : }
415 0 : ++stats_n_relay_cells_relayed;
416 :
417 0 : append_cell_to_circuit_queue(circ, chan, cell, cell_direction, on_stream);
418 0 : return 0;
419 : }
420 :
421 : /** If cell's stream_id matches the stream_id of any conn that's
422 : * attached to circ, return that conn, else return NULL.
423 : */
424 : static edge_connection_t *
425 0 : relay_lookup_conn(circuit_t *circ, cell_t *cell,
426 : cell_direction_t cell_direction, crypt_path_t *layer_hint)
427 : {
428 0 : edge_connection_t *tmpconn;
429 0 : relay_header_t rh;
430 :
431 0 : relay_header_unpack(&rh, cell->payload);
432 :
433 0 : if (!rh.stream_id)
434 : return NULL;
435 :
436 : /* IN or OUT cells could have come from either direction, now
437 : * that we allow rendezvous *to* an OP.
438 : */
439 :
440 0 : if (CIRCUIT_IS_ORIGIN(circ)) {
441 0 : for (tmpconn = TO_ORIGIN_CIRCUIT(circ)->p_streams; tmpconn;
442 0 : tmpconn=tmpconn->next_stream) {
443 0 : if (rh.stream_id == tmpconn->stream_id &&
444 0 : !tmpconn->base_.marked_for_close &&
445 0 : tmpconn->cpath_layer == layer_hint) {
446 0 : log_debug(LD_APP,"found conn for stream %d.", rh.stream_id);
447 0 : return tmpconn;
448 : }
449 : }
450 : } else {
451 0 : for (tmpconn = TO_OR_CIRCUIT(circ)->n_streams; tmpconn;
452 0 : tmpconn=tmpconn->next_stream) {
453 0 : if (rh.stream_id == tmpconn->stream_id &&
454 0 : !tmpconn->base_.marked_for_close) {
455 0 : log_debug(LD_EXIT,"found conn for stream %d.", rh.stream_id);
456 0 : if (cell_direction == CELL_DIRECTION_OUT ||
457 0 : connection_edge_is_rendezvous_stream(tmpconn))
458 0 : return tmpconn;
459 : }
460 : }
461 0 : for (tmpconn = TO_OR_CIRCUIT(circ)->resolving_streams; tmpconn;
462 0 : tmpconn=tmpconn->next_stream) {
463 0 : if (rh.stream_id == tmpconn->stream_id &&
464 0 : !tmpconn->base_.marked_for_close) {
465 0 : log_debug(LD_EXIT,"found conn for stream %d.", rh.stream_id);
466 0 : return tmpconn;
467 : }
468 : }
469 : }
470 : return NULL; /* probably a begin relay cell */
471 : }
472 :
473 : /** Pack the relay_header_t host-order structure <b>src</b> into
474 : * network-order in the buffer <b>dest</b>. See tor-spec.txt for details
475 : * about the wire format.
476 : */
477 : void
478 1572 : relay_header_pack(uint8_t *dest, const relay_header_t *src)
479 : {
480 1572 : set_uint8(dest, src->command);
481 1572 : set_uint16(dest+1, htons(src->recognized));
482 1572 : set_uint16(dest+3, htons(src->stream_id));
483 1572 : memcpy(dest+5, src->integrity, 4);
484 1572 : set_uint16(dest+9, htons(src->length));
485 1572 : }
486 :
487 : /** Unpack the network-order buffer <b>src</b> into a host-order
488 : * relay_header_t structure <b>dest</b>.
489 : */
490 : void
491 1715 : relay_header_unpack(relay_header_t *dest, const uint8_t *src)
492 : {
493 1715 : dest->command = get_uint8(src);
494 1715 : dest->recognized = ntohs(get_uint16(src+1));
495 1715 : dest->stream_id = ntohs(get_uint16(src+3));
496 1715 : memcpy(dest->integrity, src+5, 4);
497 1715 : dest->length = ntohs(get_uint16(src+9));
498 1715 : }
499 :
500 : /** Convert the relay <b>command</b> into a human-readable string. */
501 : static const char *
502 0 : relay_command_to_string(uint8_t command)
503 : {
504 0 : static char buf[64];
505 0 : switch (command) {
506 : case RELAY_COMMAND_BEGIN: return "BEGIN";
507 0 : case RELAY_COMMAND_DATA: return "DATA";
508 0 : case RELAY_COMMAND_END: return "END";
509 0 : case RELAY_COMMAND_CONNECTED: return "CONNECTED";
510 0 : case RELAY_COMMAND_SENDME: return "SENDME";
511 0 : case RELAY_COMMAND_EXTEND: return "EXTEND";
512 0 : case RELAY_COMMAND_EXTENDED: return "EXTENDED";
513 0 : case RELAY_COMMAND_TRUNCATE: return "TRUNCATE";
514 0 : case RELAY_COMMAND_TRUNCATED: return "TRUNCATED";
515 0 : case RELAY_COMMAND_DROP: return "DROP";
516 0 : case RELAY_COMMAND_RESOLVE: return "RESOLVE";
517 0 : case RELAY_COMMAND_RESOLVED: return "RESOLVED";
518 0 : case RELAY_COMMAND_BEGIN_DIR: return "BEGIN_DIR";
519 0 : case RELAY_COMMAND_ESTABLISH_INTRO: return "ESTABLISH_INTRO";
520 0 : case RELAY_COMMAND_ESTABLISH_RENDEZVOUS: return "ESTABLISH_RENDEZVOUS";
521 0 : case RELAY_COMMAND_INTRODUCE1: return "INTRODUCE1";
522 0 : case RELAY_COMMAND_INTRODUCE2: return "INTRODUCE2";
523 0 : case RELAY_COMMAND_RENDEZVOUS1: return "RENDEZVOUS1";
524 0 : case RELAY_COMMAND_RENDEZVOUS2: return "RENDEZVOUS2";
525 0 : case RELAY_COMMAND_INTRO_ESTABLISHED: return "INTRO_ESTABLISHED";
526 0 : case RELAY_COMMAND_RENDEZVOUS_ESTABLISHED:
527 0 : return "RENDEZVOUS_ESTABLISHED";
528 0 : case RELAY_COMMAND_INTRODUCE_ACK: return "INTRODUCE_ACK";
529 0 : case RELAY_COMMAND_EXTEND2: return "EXTEND2";
530 0 : case RELAY_COMMAND_EXTENDED2: return "EXTENDED2";
531 0 : case RELAY_COMMAND_PADDING_NEGOTIATE: return "PADDING_NEGOTIATE";
532 0 : case RELAY_COMMAND_PADDING_NEGOTIATED: return "PADDING_NEGOTIATED";
533 0 : default:
534 0 : tor_snprintf(buf, sizeof(buf), "Unrecognized relay command %u",
535 : (unsigned)command);
536 0 : return buf;
537 : }
538 : }
539 :
540 : /** When padding a cell with randomness, leave this many zeros after the
541 : * payload. */
542 : #define CELL_PADDING_GAP 4
543 :
544 : /** Return the offset where the padding should start. The <b>data_len</b> is
545 : * the relay payload length expected to be put in the cell. It can not be
546 : * bigger than RELAY_PAYLOAD_SIZE else this function assert().
547 : *
548 : * Value will always be smaller than CELL_PAYLOAD_SIZE because this offset is
549 : * for the entire cell length not just the data payload length. Zero is
550 : * returned if there is no room for padding.
551 : *
552 : * This function always skips the first 4 bytes after the payload because
553 : * having some unused zero bytes has saved us a lot of times in the past. */
554 :
555 : STATIC size_t
556 170 : get_pad_cell_offset(size_t data_len)
557 : {
558 : /* This is never supposed to happen but in case it does, stop right away
559 : * because if tor is tricked somehow into not adding random bytes to the
560 : * payload with this function returning 0 for a bad data_len, the entire
561 : * authenticated SENDME design can be bypassed leading to bad denial of
562 : * service attacks. */
563 170 : tor_assert(data_len <= RELAY_PAYLOAD_SIZE);
564 :
565 : /* If the offset is larger than the cell payload size, we return an offset
566 : * of zero indicating that no padding needs to be added. */
567 170 : size_t offset = RELAY_HEADER_SIZE + data_len + CELL_PADDING_GAP;
568 170 : if (offset >= CELL_PAYLOAD_SIZE) {
569 2 : return 0;
570 : }
571 : return offset;
572 : }
573 :
574 : /* Add random bytes to the unused portion of the payload, to foil attacks
575 : * where the other side can predict all of the bytes in the payload and thus
576 : * compute the authenticated SENDME cells without seeing the traffic. See
577 : * proposal 289. */
578 : static void
579 165 : pad_cell_payload(uint8_t *cell_payload, size_t data_len)
580 : {
581 165 : size_t pad_offset, pad_len;
582 :
583 165 : tor_assert(cell_payload);
584 :
585 165 : pad_offset = get_pad_cell_offset(data_len);
586 165 : if (pad_offset == 0) {
587 : /* We can't add padding so we are done. */
588 : return;
589 : }
590 :
591 : /* Remember here that the cell_payload is the length of the header and
592 : * payload size so we offset it using the full length of the cell. */
593 165 : pad_len = CELL_PAYLOAD_SIZE - pad_offset;
594 165 : crypto_fast_rng_getbytes(get_thread_fast_rng(),
595 : cell_payload + pad_offset, pad_len);
596 : }
597 :
598 : /** Make a relay cell out of <b>relay_command</b> and <b>payload</b>, and send
599 : * it onto the open circuit <b>circ</b>. <b>stream_id</b> is the ID on
600 : * <b>circ</b> for the stream that's sending the relay cell, or 0 if it's a
601 : * control cell. <b>cpath_layer</b> is NULL for OR->OP cells, or the
602 : * destination hop for OP->OR cells.
603 : *
604 : * If you can't send the cell, mark the circuit for close and return -1. Else
605 : * return 0.
606 : */
607 165 : MOCK_IMPL(int,
608 : relay_send_command_from_edge_,(streamid_t stream_id, circuit_t *circ,
609 : uint8_t relay_command, const char *payload,
610 : size_t payload_len, crypt_path_t *cpath_layer,
611 : const char *filename, int lineno))
612 : {
613 165 : cell_t cell;
614 165 : relay_header_t rh;
615 165 : cell_direction_t cell_direction;
616 : /* XXXX NM Split this function into a separate versions per circuit type? */
617 :
618 165 : tor_assert(circ);
619 165 : tor_assert(payload_len <= RELAY_PAYLOAD_SIZE);
620 :
621 165 : memset(&cell, 0, sizeof(cell_t));
622 165 : cell.command = CELL_RELAY;
623 165 : if (CIRCUIT_IS_ORIGIN(circ)) {
624 33 : tor_assert(cpath_layer);
625 33 : cell.circ_id = circ->n_circ_id;
626 33 : cell_direction = CELL_DIRECTION_OUT;
627 : } else {
628 132 : tor_assert(! cpath_layer);
629 132 : cell.circ_id = TO_OR_CIRCUIT(circ)->p_circ_id;
630 132 : cell_direction = CELL_DIRECTION_IN;
631 : }
632 :
633 165 : memset(&rh, 0, sizeof(rh));
634 165 : rh.command = relay_command;
635 165 : rh.stream_id = stream_id;
636 165 : rh.length = payload_len;
637 165 : relay_header_pack(cell.payload, &rh);
638 165 : if (payload_len)
639 43 : memcpy(cell.payload+RELAY_HEADER_SIZE, payload, payload_len);
640 :
641 : /* Add random padding to the cell if we can. */
642 165 : pad_cell_payload(cell.payload, payload_len);
643 :
644 297 : log_debug(LD_OR,"delivering %d cell %s.", relay_command,
645 : cell_direction == CELL_DIRECTION_OUT ? "forward" : "backward");
646 :
647 : /* Tell circpad we're sending a relay cell */
648 165 : circpad_deliver_sent_relay_cell_events(circ, relay_command);
649 :
650 : /* If we are sending an END cell and this circuit is used for a tunneled
651 : * directory request, advance its state. */
652 165 : if (relay_command == RELAY_COMMAND_END && circ->dirreq_id)
653 0 : geoip_change_dirreq_state(circ->dirreq_id, DIRREQ_TUNNELED,
654 : DIRREQ_END_CELL_SENT);
655 :
656 165 : if (cell_direction == CELL_DIRECTION_OUT && circ->n_chan) {
657 : /* if we're using relaybandwidthrate, this conn wants priority */
658 0 : channel_timestamp_client(circ->n_chan);
659 : }
660 :
661 165 : if (cell_direction == CELL_DIRECTION_OUT) {
662 33 : origin_circuit_t *origin_circ = TO_ORIGIN_CIRCUIT(circ);
663 33 : if (origin_circ->remaining_relay_early_cells > 0 &&
664 22 : (relay_command == RELAY_COMMAND_EXTEND ||
665 22 : relay_command == RELAY_COMMAND_EXTEND2 ||
666 22 : cpath_layer != origin_circ->cpath)) {
667 : /* If we've got any relay_early cells left and (we're sending
668 : * an extend cell or we're not talking to the first hop), use
669 : * one of them. Don't worry about the conn protocol version:
670 : * append_cell_to_circuit_queue will fix it up. */
671 21 : cell.command = CELL_RELAY_EARLY;
672 : /* If we're out of relay early cells, tell circpad */
673 21 : if (--origin_circ->remaining_relay_early_cells == 0)
674 2 : circpad_machine_event_circ_has_no_relay_early(origin_circ);
675 21 : log_debug(LD_OR, "Sending a RELAY_EARLY cell; %d remaining.",
676 : (int)origin_circ->remaining_relay_early_cells);
677 : /* Memorize the command that is sent as RELAY_EARLY cell; helps debug
678 : * task 878. */
679 21 : origin_circ->relay_early_commands[
680 21 : origin_circ->relay_early_cells_sent++] = relay_command;
681 12 : } else if (relay_command == RELAY_COMMAND_EXTEND ||
682 12 : relay_command == RELAY_COMMAND_EXTEND2) {
683 : /* If no RELAY_EARLY cells can be sent over this circuit, log which
684 : * commands have been sent as RELAY_EARLY cells before; helps debug
685 : * task 878. */
686 0 : smartlist_t *commands_list = smartlist_new();
687 0 : int i = 0;
688 0 : char *commands = NULL;
689 0 : for (; i < origin_circ->relay_early_cells_sent; i++)
690 0 : smartlist_add(commands_list, (char *)
691 0 : relay_command_to_string(origin_circ->relay_early_commands[i]));
692 0 : commands = smartlist_join_strings(commands_list, ",", 0, NULL);
693 0 : log_warn(LD_BUG, "Uh-oh. We're sending a RELAY_COMMAND_EXTEND cell, "
694 : "but we have run out of RELAY_EARLY cells on that circuit. "
695 : "Commands sent before: %s", commands);
696 0 : tor_free(commands);
697 0 : smartlist_free(commands_list);
698 : }
699 :
700 : /* Let's assume we're well-behaved: Anything that we decide to send is
701 : * valid, delivered data. */
702 33 : circuit_sent_valid_data(origin_circ, rh.length);
703 : }
704 :
705 165 : if (circuit_package_relay_cell(&cell, circ, cell_direction, cpath_layer,
706 : stream_id, filename, lineno) < 0) {
707 0 : log_warn(LD_BUG,"circuit_package_relay_cell failed. Closing.");
708 0 : circuit_mark_for_close(circ, END_CIRC_REASON_INTERNAL);
709 0 : return -1;
710 : }
711 :
712 : /* If applicable, note the cell digest for the SENDME version 1 purpose if
713 : * we need to. This call needs to be after the circuit_package_relay_cell()
714 : * because the cell digest is set within that function. */
715 165 : if (relay_command == RELAY_COMMAND_DATA) {
716 0 : sendme_record_cell_digest_on_circ(circ, cpath_layer);
717 : }
718 :
719 : return 0;
720 : }
721 :
722 : /** Make a relay cell out of <b>relay_command</b> and <b>payload</b>, and
723 : * send it onto the open circuit <b>circ</b>. <b>fromconn</b> is the stream
724 : * that's sending the relay cell, or NULL if it's a control cell.
725 : * <b>cpath_layer</b> is NULL for OR->OP cells, or the destination hop
726 : * for OP->OR cells.
727 : *
728 : * If you can't send the cell, mark the circuit for close and
729 : * return -1. Else return 0.
730 : */
731 : int
732 7 : connection_edge_send_command(edge_connection_t *fromconn,
733 : uint8_t relay_command, const char *payload,
734 : size_t payload_len)
735 : {
736 : /* XXXX NM Split this function into a separate versions per circuit type? */
737 7 : circuit_t *circ;
738 7 : crypt_path_t *cpath_layer = fromconn->cpath_layer;
739 7 : tor_assert(fromconn);
740 7 : circ = fromconn->on_circuit;
741 :
742 7 : if (fromconn->base_.marked_for_close) {
743 0 : log_warn(LD_BUG,
744 : "called on conn that's already marked for close at %s:%d.",
745 : fromconn->base_.marked_for_close_file,
746 : fromconn->base_.marked_for_close);
747 0 : return 0;
748 : }
749 :
750 7 : if (!circ) {
751 0 : if (fromconn->base_.type == CONN_TYPE_AP) {
752 0 : log_info(LD_APP,"no circ. Closing conn.");
753 0 : connection_mark_unattached_ap(EDGE_TO_ENTRY_CONN(fromconn),
754 : END_STREAM_REASON_INTERNAL);
755 : } else {
756 0 : log_info(LD_EXIT,"no circ. Closing conn.");
757 0 : fromconn->edge_has_sent_end = 1; /* no circ to send to */
758 0 : fromconn->end_reason = END_STREAM_REASON_INTERNAL;
759 0 : connection_mark_for_close(TO_CONN(fromconn));
760 : }
761 0 : return -1;
762 : }
763 :
764 7 : if (circ->marked_for_close) {
765 : /* The circuit has been marked, but not freed yet. When it's freed, it
766 : * will mark this connection for close. */
767 : return -1;
768 : }
769 :
770 : #ifdef MEASUREMENTS_21206
771 : /* Keep track of the number of RELAY_DATA cells sent for directory
772 : * connections. */
773 : connection_t *linked_conn = TO_CONN(fromconn)->linked_conn;
774 :
775 : if (linked_conn && linked_conn->type == CONN_TYPE_DIR) {
776 : ++(TO_DIR_CONN(linked_conn)->data_cells_sent);
777 : }
778 : #endif /* defined(MEASUREMENTS_21206) */
779 :
780 7 : return relay_send_command_from_edge(fromconn->stream_id, circ,
781 : relay_command, payload,
782 : payload_len, cpath_layer);
783 : }
784 :
785 : /** How many times will I retry a stream that fails due to DNS
786 : * resolve failure or misc error?
787 : */
788 : #define MAX_RESOLVE_FAILURES 3
789 :
790 : /** Return 1 if reason is something that you should retry if you
791 : * get the end cell before you've connected; else return 0. */
792 : static int
793 1 : edge_reason_is_retriable(int reason)
794 : {
795 1 : return reason == END_STREAM_REASON_HIBERNATING ||
796 1 : reason == END_STREAM_REASON_RESOURCELIMIT ||
797 : reason == END_STREAM_REASON_EXITPOLICY ||
798 : reason == END_STREAM_REASON_RESOLVEFAILED ||
799 1 : reason == END_STREAM_REASON_MISC ||
800 : reason == END_STREAM_REASON_NOROUTE;
801 : }
802 :
803 : /** Called when we receive an END cell on a stream that isn't open yet,
804 : * from the client side.
805 : * Arguments are as for connection_edge_process_relay_cell().
806 : */
807 : static int
808 1 : connection_ap_process_end_not_open(
809 : relay_header_t *rh, cell_t *cell, origin_circuit_t *circ,
810 : entry_connection_t *conn, crypt_path_t *layer_hint)
811 : {
812 1 : node_t *exitrouter;
813 1 : int reason = *(cell->payload+RELAY_HEADER_SIZE);
814 1 : int control_reason;
815 1 : edge_connection_t *edge_conn = ENTRY_TO_EDGE_CONN(conn);
816 1 : (void) layer_hint; /* unused */
817 :
818 1 : if (rh->length > 0) {
819 1 : if (reason == END_STREAM_REASON_TORPROTOCOL ||
820 1 : reason == END_STREAM_REASON_DESTROY) {
821 : /* Both of these reasons could mean a failed tag
822 : * hit the exit and it complained. Do not probe.
823 : * Fail the circuit. */
824 0 : circ->path_state = PATH_STATE_USE_FAILED;
825 0 : return -END_CIRC_REASON_TORPROTOCOL;
826 1 : } else if (reason == END_STREAM_REASON_INTERNAL) {
827 : /* We can't infer success or failure, since older Tors report
828 : * ENETUNREACH as END_STREAM_REASON_INTERNAL. */
829 : } else {
830 : /* Path bias: If we get a valid reason code from the exit,
831 : * it wasn't due to tagging.
832 : *
833 : * We rely on recognized+digest being strong enough to make
834 : * tags unlikely to allow us to get tagged, yet 'recognized'
835 : * reason codes here. */
836 1 : pathbias_mark_use_success(circ);
837 : }
838 : }
839 :
840 : /* This end cell is now valid. */
841 1 : circuit_read_valid_data(circ, rh->length);
842 :
843 1 : if (rh->length == 0) {
844 0 : reason = END_STREAM_REASON_MISC;
845 : }
846 :
847 1 : control_reason = reason | END_STREAM_REASON_FLAG_REMOTE;
848 :
849 1 : if (edge_reason_is_retriable(reason) &&
850 : /* avoid retry if rend */
851 0 : !connection_edge_is_rendezvous_stream(edge_conn)) {
852 0 : const char *chosen_exit_digest =
853 0 : circ->build_state->chosen_exit->identity_digest;
854 0 : log_info(LD_APP,"Address '%s' refused due to '%s'. Considering retrying.",
855 : safe_str(conn->socks_request->address),
856 : stream_end_reason_to_string(reason));
857 0 : exitrouter = node_get_mutable_by_id(chosen_exit_digest);
858 0 : switch (reason) {
859 0 : case END_STREAM_REASON_EXITPOLICY: {
860 0 : tor_addr_t addr;
861 0 : tor_addr_make_unspec(&addr);
862 0 : if (rh->length >= 5) {
863 0 : int ttl = -1;
864 0 : tor_addr_make_unspec(&addr);
865 0 : if (rh->length == 5 || rh->length == 9) {
866 0 : tor_addr_from_ipv4n(&addr,
867 : get_uint32(cell->payload+RELAY_HEADER_SIZE+1));
868 0 : if (rh->length == 9)
869 0 : ttl = (int)ntohl(get_uint32(cell->payload+RELAY_HEADER_SIZE+5));
870 0 : } else if (rh->length == 17 || rh->length == 21) {
871 0 : tor_addr_from_ipv6_bytes(&addr,
872 : (cell->payload+RELAY_HEADER_SIZE+1));
873 0 : if (rh->length == 21)
874 0 : ttl = (int)ntohl(get_uint32(cell->payload+RELAY_HEADER_SIZE+17));
875 : }
876 0 : if (tor_addr_is_null(&addr)) {
877 0 : log_info(LD_APP,"Address '%s' resolved to 0.0.0.0. Closing,",
878 : safe_str(conn->socks_request->address));
879 0 : connection_mark_unattached_ap(conn, END_STREAM_REASON_TORPROTOCOL);
880 0 : return 0;
881 : }
882 :
883 0 : if ((tor_addr_family(&addr) == AF_INET &&
884 0 : !conn->entry_cfg.ipv4_traffic) ||
885 0 : (tor_addr_family(&addr) == AF_INET6 &&
886 0 : !conn->entry_cfg.ipv6_traffic)) {
887 0 : log_fn(LOG_PROTOCOL_WARN, LD_APP,
888 : "Got an EXITPOLICY failure on a connection with a "
889 : "mismatched family. Closing.");
890 0 : connection_mark_unattached_ap(conn, END_STREAM_REASON_TORPROTOCOL);
891 0 : return 0;
892 : }
893 0 : if (get_options()->ClientDNSRejectInternalAddresses &&
894 0 : tor_addr_is_internal(&addr, 0)) {
895 0 : log_info(LD_APP,"Address '%s' resolved to internal. Closing,",
896 : safe_str(conn->socks_request->address));
897 0 : connection_mark_unattached_ap(conn, END_STREAM_REASON_TORPROTOCOL);
898 0 : return 0;
899 : }
900 :
901 0 : client_dns_set_addressmap(conn,
902 0 : conn->socks_request->address, &addr,
903 0 : conn->chosen_exit_name, ttl);
904 :
905 : {
906 0 : char new_addr[TOR_ADDR_BUF_LEN];
907 0 : tor_addr_to_str(new_addr, &addr, sizeof(new_addr), 1);
908 0 : if (strcmp(conn->socks_request->address, new_addr)) {
909 0 : strlcpy(conn->socks_request->address, new_addr,
910 : sizeof(conn->socks_request->address));
911 0 : control_event_stream_status(conn, STREAM_EVENT_REMAP, 0);
912 : }
913 : }
914 : }
915 : /* check if the exit *ought* to have allowed it */
916 :
917 0 : adjust_exit_policy_from_exitpolicy_failure(circ,
918 : conn,
919 : exitrouter,
920 : &addr);
921 :
922 0 : if (conn->chosen_exit_optional ||
923 : conn->chosen_exit_retries) {
924 : /* stop wanting a specific exit */
925 0 : conn->chosen_exit_optional = 0;
926 : /* A non-zero chosen_exit_retries can happen if we set a
927 : * TrackHostExits for this address under a port that the exit
928 : * relay allows, but then try the same address with a different
929 : * port that it doesn't allow to exit. We shouldn't unregister
930 : * the mapping, since it is probably still wanted on the
931 : * original port. But now we give away to the exit relay that
932 : * we probably have a TrackHostExits on it. So be it. */
933 0 : conn->chosen_exit_retries = 0;
934 0 : tor_free(conn->chosen_exit_name); /* clears it */
935 : }
936 0 : if (connection_ap_detach_retriable(conn, circ, control_reason) >= 0)
937 : return 0;
938 : /* else, conn will get closed below */
939 0 : break;
940 : }
941 0 : case END_STREAM_REASON_CONNECTREFUSED:
942 0 : if (!conn->chosen_exit_optional)
943 : break; /* break means it'll close, below */
944 : /* Else fall through: expire this circuit, clear the
945 : * chosen_exit_name field, and try again. */
946 0 : FALLTHROUGH;
947 : case END_STREAM_REASON_RESOLVEFAILED:
948 : case END_STREAM_REASON_TIMEOUT:
949 : case END_STREAM_REASON_MISC:
950 : case END_STREAM_REASON_NOROUTE:
951 0 : if (client_dns_incr_failures(conn->socks_request->address)
952 : < MAX_RESOLVE_FAILURES) {
953 : /* We haven't retried too many times; reattach the connection. */
954 0 : circuit_log_path(LOG_INFO,LD_APP,circ);
955 : /* Mark this circuit "unusable for new streams". */
956 0 : mark_circuit_unusable_for_new_conns(circ);
957 :
958 0 : if (conn->chosen_exit_optional) {
959 : /* stop wanting a specific exit */
960 0 : conn->chosen_exit_optional = 0;
961 0 : tor_free(conn->chosen_exit_name); /* clears it */
962 : }
963 0 : if (connection_ap_detach_retriable(conn, circ, control_reason) >= 0)
964 : return 0;
965 : /* else, conn will get closed below */
966 : } else {
967 0 : log_notice(LD_APP,
968 : "Have tried resolving or connecting to address '%s' "
969 : "at %d different places. Giving up.",
970 : safe_str(conn->socks_request->address),
971 : MAX_RESOLVE_FAILURES);
972 : /* clear the failures, so it will have a full try next time */
973 0 : client_dns_clear_failures(conn->socks_request->address);
974 : }
975 : break;
976 0 : case END_STREAM_REASON_HIBERNATING:
977 : case END_STREAM_REASON_RESOURCELIMIT:
978 0 : if (exitrouter) {
979 0 : policies_set_node_exitpolicy_to_reject_all(exitrouter);
980 : }
981 0 : if (conn->chosen_exit_optional) {
982 : /* stop wanting a specific exit */
983 0 : conn->chosen_exit_optional = 0;
984 0 : tor_free(conn->chosen_exit_name); /* clears it */
985 : }
986 0 : if (connection_ap_detach_retriable(conn, circ, control_reason) >= 0)
987 : return 0;
988 : /* else, will close below */
989 : break;
990 : } /* end switch */
991 0 : log_info(LD_APP,"Giving up on retrying; conn can't be handled.");
992 : }
993 :
994 2 : log_info(LD_APP,
995 : "Edge got end (%s) before we're connected. Marking for close.",
996 : stream_end_reason_to_string(rh->length > 0 ? reason : -1));
997 1 : circuit_log_path(LOG_INFO,LD_APP,circ);
998 : /* need to test because of detach_retriable */
999 1 : if (!ENTRY_TO_CONN(conn)->marked_for_close)
1000 1 : connection_mark_unattached_ap(conn, control_reason);
1001 : return 0;
1002 : }
1003 :
1004 : /** Called when we have gotten an END_REASON_EXITPOLICY failure on <b>circ</b>
1005 : * for <b>conn</b>, while attempting to connect via <b>node</b>. If the node
1006 : * told us which address it rejected, then <b>addr</b> is that address;
1007 : * otherwise it is AF_UNSPEC.
1008 : *
1009 : * If we are sure the node should have allowed this address, mark the node as
1010 : * having a reject *:* exit policy. Otherwise, mark the circuit as unusable
1011 : * for this particular address.
1012 : **/
1013 : static void
1014 0 : adjust_exit_policy_from_exitpolicy_failure(origin_circuit_t *circ,
1015 : entry_connection_t *conn,
1016 : node_t *node,
1017 : const tor_addr_t *addr)
1018 : {
1019 0 : int make_reject_all = 0;
1020 0 : const sa_family_t family = tor_addr_family(addr);
1021 :
1022 0 : if (node) {
1023 0 : tor_addr_t tmp;
1024 0 : int asked_for_family = tor_addr_parse(&tmp, conn->socks_request->address);
1025 0 : if (family == AF_UNSPEC) {
1026 : make_reject_all = 1;
1027 0 : } else if (node_exit_policy_is_exact(node, family) &&
1028 0 : asked_for_family != -1 && !conn->chosen_exit_name) {
1029 : make_reject_all = 1;
1030 : }
1031 :
1032 : if (make_reject_all) {
1033 0 : log_info(LD_APP,
1034 : "Exitrouter %s seems to be more restrictive than its exit "
1035 : "policy. Not using this router as exit for now.",
1036 : node_describe(node));
1037 0 : policies_set_node_exitpolicy_to_reject_all(node);
1038 : }
1039 : }
1040 :
1041 0 : if (family != AF_UNSPEC)
1042 0 : addr_policy_append_reject_addr(&circ->prepend_policy, addr);
1043 0 : }
1044 :
1045 : /** Helper: change the socks_request->address field on conn to the
1046 : * dotted-quad representation of <b>new_addr</b>,
1047 : * and send an appropriate REMAP event. */
1048 : static void
1049 6 : remap_event_helper(entry_connection_t *conn, const tor_addr_t *new_addr)
1050 : {
1051 6 : tor_addr_to_str(conn->socks_request->address, new_addr,
1052 : sizeof(conn->socks_request->address),
1053 : 1);
1054 6 : control_event_stream_status(conn, STREAM_EVENT_REMAP,
1055 : REMAP_STREAM_SOURCE_EXIT);
1056 6 : }
1057 :
1058 : /** Extract the contents of a connected cell in <b>cell</b>, whose relay
1059 : * header has already been parsed into <b>rh</b>. On success, set
1060 : * <b>addr_out</b> to the address we're connected to, and <b>ttl_out</b> to
1061 : * the ttl of that address, in seconds, and return 0. On failure, return
1062 : * -1.
1063 : *
1064 : * Note that the resulting address can be UNSPEC if the connected cell had no
1065 : * address (as for a stream to an union service or a tunneled directory
1066 : * connection), and that the ttl can be absent (in which case <b>ttl_out</b>
1067 : * is set to -1). */
1068 : STATIC int
1069 13 : connected_cell_parse(const relay_header_t *rh, const cell_t *cell,
1070 : tor_addr_t *addr_out, int *ttl_out)
1071 : {
1072 13 : uint32_t bytes;
1073 13 : const uint8_t *payload = cell->payload + RELAY_HEADER_SIZE;
1074 :
1075 13 : tor_addr_make_unspec(addr_out);
1076 13 : *ttl_out = -1;
1077 13 : if (rh->length == 0)
1078 : return 0;
1079 12 : if (rh->length < 4)
1080 : return -1;
1081 11 : bytes = ntohl(get_uint32(payload));
1082 :
1083 : /* If bytes is 0, this is maybe a v6 address. Otherwise it's a v4 address */
1084 11 : if (bytes != 0) {
1085 : /* v4 address */
1086 6 : tor_addr_from_ipv4h(addr_out, bytes);
1087 6 : if (rh->length >= 8) {
1088 4 : bytes = ntohl(get_uint32(payload + 4));
1089 4 : if (bytes <= INT32_MAX)
1090 3 : *ttl_out = bytes;
1091 : }
1092 : } else {
1093 5 : if (rh->length < 25) /* 4 bytes of 0s, 1 addr, 16 ipv4, 4 ttl. */
1094 : return -1;
1095 4 : if (get_uint8(payload + 4) != 6)
1096 : return -1;
1097 3 : tor_addr_from_ipv6_bytes(addr_out, (payload + 5));
1098 3 : bytes = ntohl(get_uint32(payload + 21));
1099 3 : if (bytes <= INT32_MAX)
1100 2 : *ttl_out = (int) bytes;
1101 : }
1102 : return 0;
1103 : }
1104 :
1105 : /** Drop all storage held by <b>addr</b>. */
1106 : STATIC void
1107 33 : address_ttl_free_(address_ttl_t *addr)
1108 : {
1109 33 : if (!addr)
1110 : return;
1111 33 : tor_free(addr->hostname);
1112 33 : tor_free(addr);
1113 : }
1114 :
1115 : /** Parse a resolved cell in <b>cell</b>, with parsed header in <b>rh</b>.
1116 : * Return -1 on parse error. On success, add one or more newly allocated
1117 : * address_ttl_t to <b>addresses_out</b>; set *<b>errcode_out</b> to
1118 : * one of 0, RESOLVED_TYPE_ERROR, or RESOLVED_TYPE_ERROR_TRANSIENT, and
1119 : * return 0. */
1120 : STATIC int
1121 35 : resolved_cell_parse(const cell_t *cell, const relay_header_t *rh,
1122 : smartlist_t *addresses_out, int *errcode_out)
1123 : {
1124 35 : const uint8_t *cp;
1125 35 : uint8_t answer_type;
1126 35 : size_t answer_len;
1127 35 : address_ttl_t *addr;
1128 35 : size_t remaining;
1129 35 : int errcode = 0;
1130 35 : smartlist_t *addrs;
1131 :
1132 35 : tor_assert(cell);
1133 35 : tor_assert(rh);
1134 35 : tor_assert(addresses_out);
1135 35 : tor_assert(errcode_out);
1136 :
1137 35 : *errcode_out = 0;
1138 :
1139 35 : if (rh->length > RELAY_PAYLOAD_SIZE)
1140 : return -1;
1141 :
1142 34 : addrs = smartlist_new();
1143 :
1144 34 : cp = cell->payload + RELAY_HEADER_SIZE;
1145 :
1146 34 : remaining = rh->length;
1147 73 : while (remaining) {
1148 52 : const uint8_t *cp_orig = cp;
1149 52 : if (remaining < 2)
1150 2 : goto err;
1151 50 : answer_type = *cp++;
1152 50 : answer_len = *cp++;
1153 50 : if (remaining < 2 + answer_len + 4) {
1154 7 : goto err;
1155 : }
1156 43 : if (answer_type == RESOLVED_TYPE_IPV4) {
1157 22 : if (answer_len != 4) {
1158 2 : goto err;
1159 : }
1160 20 : addr = tor_malloc_zero(sizeof(*addr));
1161 20 : tor_addr_from_ipv4n(&addr->addr, get_uint32(cp));
1162 20 : cp += 4;
1163 20 : addr->ttl = ntohl(get_uint32(cp));
1164 20 : cp += 4;
1165 20 : smartlist_add(addrs, addr);
1166 21 : } else if (answer_type == RESOLVED_TYPE_IPV6) {
1167 8 : if (answer_len != 16)
1168 1 : goto err;
1169 7 : addr = tor_malloc_zero(sizeof(*addr));
1170 7 : tor_addr_from_ipv6_bytes(&addr->addr, cp);
1171 7 : cp += 16;
1172 7 : addr->ttl = ntohl(get_uint32(cp));
1173 7 : cp += 4;
1174 7 : smartlist_add(addrs, addr);
1175 13 : } else if (answer_type == RESOLVED_TYPE_HOSTNAME) {
1176 7 : if (answer_len == 0) {
1177 1 : goto err;
1178 : }
1179 6 : addr = tor_malloc_zero(sizeof(*addr));
1180 6 : addr->hostname = tor_memdup_nulterm(cp, answer_len);
1181 6 : cp += answer_len;
1182 6 : addr->ttl = ntohl(get_uint32(cp));
1183 6 : cp += 4;
1184 6 : smartlist_add(addrs, addr);
1185 6 : } else if (answer_type == RESOLVED_TYPE_ERROR_TRANSIENT ||
1186 : answer_type == RESOLVED_TYPE_ERROR) {
1187 4 : errcode = answer_type;
1188 : /* Ignore the error contents */
1189 4 : cp += answer_len + 4;
1190 : } else {
1191 2 : cp += answer_len + 4;
1192 : }
1193 39 : tor_assert(((ssize_t)remaining) >= (cp - cp_orig));
1194 39 : remaining -= (cp - cp_orig);
1195 : }
1196 :
1197 21 : if (errcode && smartlist_len(addrs) == 0) {
1198 : /* Report an error only if there were no results. */
1199 3 : *errcode_out = errcode;
1200 : }
1201 :
1202 21 : smartlist_add_all(addresses_out, addrs);
1203 21 : smartlist_free(addrs);
1204 :
1205 21 : return 0;
1206 :
1207 13 : err:
1208 : /* On parse error, don't report any results */
1209 16 : SMARTLIST_FOREACH(addrs, address_ttl_t *, a, address_ttl_free(a));
1210 13 : smartlist_free(addrs);
1211 13 : return -1;
1212 : }
1213 :
1214 : /** Helper for connection_edge_process_resolved_cell: given an error code,
1215 : * an entry_connection, and a list of address_ttl_t *, report the best answer
1216 : * to the entry_connection. */
1217 : static void
1218 9 : connection_ap_handshake_socks_got_resolved_cell(entry_connection_t *conn,
1219 : int error_code,
1220 : smartlist_t *results)
1221 : {
1222 9 : address_ttl_t *addr_ipv4 = NULL;
1223 9 : address_ttl_t *addr_ipv6 = NULL;
1224 9 : address_ttl_t *addr_hostname = NULL;
1225 9 : address_ttl_t *addr_best = NULL;
1226 :
1227 : /* If it's an error code, that's easy. */
1228 9 : if (error_code) {
1229 1 : tor_assert(error_code == RESOLVED_TYPE_ERROR ||
1230 : error_code == RESOLVED_TYPE_ERROR_TRANSIENT);
1231 1 : connection_ap_handshake_socks_resolved(conn,
1232 : error_code,0,NULL,-1,-1);
1233 1 : return;
1234 : }
1235 :
1236 : /* Get the first answer of each type. */
1237 20 : SMARTLIST_FOREACH_BEGIN(results, address_ttl_t *, addr) {
1238 12 : if (addr->hostname) {
1239 1 : if (!addr_hostname) {
1240 1 : addr_hostname = addr;
1241 : }
1242 11 : } else if (tor_addr_family(&addr->addr) == AF_INET) {
1243 8 : if (!addr_ipv4 && conn->entry_cfg.ipv4_traffic) {
1244 6 : addr_ipv4 = addr;
1245 : }
1246 3 : } else if (tor_addr_family(&addr->addr) == AF_INET6) {
1247 3 : if (!addr_ipv6 && conn->entry_cfg.ipv6_traffic) {
1248 3 : addr_ipv6 = addr;
1249 : }
1250 : }
1251 12 : } SMARTLIST_FOREACH_END(addr);
1252 :
1253 : /* Now figure out which type we wanted to deliver. */
1254 8 : if (conn->socks_request->command == SOCKS_COMMAND_RESOLVE_PTR) {
1255 2 : if (addr_hostname) {
1256 1 : connection_ap_handshake_socks_resolved(conn,
1257 : RESOLVED_TYPE_HOSTNAME,
1258 : strlen(addr_hostname->hostname),
1259 1 : (uint8_t*)addr_hostname->hostname,
1260 : addr_hostname->ttl,-1);
1261 : } else {
1262 1 : connection_ap_handshake_socks_resolved(conn,
1263 : RESOLVED_TYPE_ERROR,0,NULL,-1,-1);
1264 : }
1265 2 : return;
1266 : }
1267 :
1268 6 : if (conn->entry_cfg.prefer_ipv6) {
1269 3 : addr_best = addr_ipv6 ? addr_ipv6 : addr_ipv4;
1270 : } else {
1271 3 : addr_best = addr_ipv4 ? addr_ipv4 : addr_ipv6;
1272 : }
1273 :
1274 : /* Now convert it to the ugly old interface */
1275 6 : if (! addr_best) {
1276 1 : connection_ap_handshake_socks_resolved(conn,
1277 : RESOLVED_TYPE_ERROR,0,NULL,-1,-1);
1278 1 : return;
1279 : }
1280 :
1281 5 : connection_ap_handshake_socks_resolved_addr(conn,
1282 5 : &addr_best->addr,
1283 : addr_best->ttl,
1284 : -1);
1285 :
1286 5 : remap_event_helper(conn, &addr_best->addr);
1287 : }
1288 :
1289 : /** Handle a RELAY_COMMAND_RESOLVED cell that we received on a non-open AP
1290 : * stream. */
1291 : STATIC int
1292 12 : connection_edge_process_resolved_cell(edge_connection_t *conn,
1293 : const cell_t *cell,
1294 : const relay_header_t *rh)
1295 : {
1296 12 : entry_connection_t *entry_conn = EDGE_TO_ENTRY_CONN(conn);
1297 12 : smartlist_t *resolved_addresses = NULL;
1298 12 : int errcode = 0;
1299 :
1300 12 : if (conn->base_.state != AP_CONN_STATE_RESOLVE_WAIT) {
1301 1 : log_fn(LOG_PROTOCOL_WARN, LD_APP, "Got a 'resolved' cell while "
1302 : "not in state resolve_wait. Dropping.");
1303 1 : return 0;
1304 : }
1305 11 : tor_assert(SOCKS_COMMAND_IS_RESOLVE(entry_conn->socks_request->command));
1306 :
1307 11 : resolved_addresses = smartlist_new();
1308 11 : if (resolved_cell_parse(cell, rh, resolved_addresses, &errcode)) {
1309 1 : log_fn(LOG_PROTOCOL_WARN, LD_PROTOCOL,
1310 : "Dropping malformed 'resolved' cell");
1311 1 : connection_mark_unattached_ap(entry_conn, END_STREAM_REASON_TORPROTOCOL);
1312 1 : goto done;
1313 : }
1314 :
1315 10 : if (get_options()->ClientDNSRejectInternalAddresses) {
1316 9 : int orig_len = smartlist_len(resolved_addresses);
1317 22 : SMARTLIST_FOREACH_BEGIN(resolved_addresses, address_ttl_t *, addr) {
1318 13 : if (addr->hostname == NULL && tor_addr_is_internal(&addr->addr, 0)) {
1319 4 : log_info(LD_APP, "Got a resolved cell with answer %s; dropping that "
1320 : "answer.",
1321 : safe_str_client(fmt_addr(&addr->addr)));
1322 4 : address_ttl_free(addr);
1323 4 : SMARTLIST_DEL_CURRENT(resolved_addresses, addr);
1324 : }
1325 13 : } SMARTLIST_FOREACH_END(addr);
1326 9 : if (orig_len && smartlist_len(resolved_addresses) == 0) {
1327 1 : log_info(LD_APP, "Got a resolved cell with only private addresses; "
1328 : "dropping it.");
1329 1 : connection_ap_handshake_socks_resolved(entry_conn,
1330 : RESOLVED_TYPE_ERROR_TRANSIENT,
1331 : 0, NULL, 0, TIME_MAX);
1332 1 : connection_mark_unattached_ap(entry_conn,
1333 : END_STREAM_REASON_TORPROTOCOL);
1334 1 : goto done;
1335 : }
1336 : }
1337 :
1338 : /* This is valid data at this point. Count it */
1339 9 : if (conn->on_circuit && CIRCUIT_IS_ORIGIN(conn->on_circuit)) {
1340 1 : circuit_read_valid_data(TO_ORIGIN_CIRCUIT(conn->on_circuit),
1341 1 : rh->length);
1342 : }
1343 :
1344 9 : connection_ap_handshake_socks_got_resolved_cell(entry_conn,
1345 : errcode,
1346 : resolved_addresses);
1347 :
1348 9 : connection_mark_unattached_ap(entry_conn,
1349 : END_STREAM_REASON_DONE |
1350 : END_STREAM_REASON_FLAG_ALREADY_SOCKS_REPLIED);
1351 :
1352 11 : done:
1353 23 : SMARTLIST_FOREACH(resolved_addresses, address_ttl_t *, addr,
1354 : address_ttl_free(addr));
1355 11 : smartlist_free(resolved_addresses);
1356 11 : return 0;
1357 : }
1358 :
1359 : /** An incoming relay cell has arrived from circuit <b>circ</b> to
1360 : * stream <b>conn</b>.
1361 : *
1362 : * The arguments here are the same as in
1363 : * connection_edge_process_relay_cell() below; this function is called
1364 : * from there when <b>conn</b> is defined and not in an open state.
1365 : */
1366 : static int
1367 3 : connection_edge_process_relay_cell_not_open(
1368 : relay_header_t *rh, cell_t *cell, circuit_t *circ,
1369 : edge_connection_t *conn, crypt_path_t *layer_hint)
1370 : {
1371 3 : if (rh->command == RELAY_COMMAND_END) {
1372 1 : if (CIRCUIT_IS_ORIGIN(circ) && conn->base_.type == CONN_TYPE_AP) {
1373 1 : return connection_ap_process_end_not_open(rh, cell,
1374 : TO_ORIGIN_CIRCUIT(circ),
1375 : EDGE_TO_ENTRY_CONN(conn),
1376 : layer_hint);
1377 : } else {
1378 : /* we just got an 'end', don't need to send one */
1379 0 : conn->edge_has_sent_end = 1;
1380 0 : conn->end_reason = *(cell->payload+RELAY_HEADER_SIZE) |
1381 : END_STREAM_REASON_FLAG_REMOTE;
1382 0 : connection_mark_for_close(TO_CONN(conn));
1383 0 : return 0;
1384 : }
1385 : }
1386 :
1387 2 : if (conn->base_.type == CONN_TYPE_AP &&
1388 : rh->command == RELAY_COMMAND_CONNECTED) {
1389 1 : tor_addr_t addr;
1390 1 : int ttl;
1391 1 : entry_connection_t *entry_conn = EDGE_TO_ENTRY_CONN(conn);
1392 1 : tor_assert(CIRCUIT_IS_ORIGIN(circ));
1393 1 : if (conn->base_.state != AP_CONN_STATE_CONNECT_WAIT) {
1394 0 : log_fn(LOG_PROTOCOL_WARN, LD_APP,
1395 : "Got 'connected' while not in state connect_wait. Dropping.");
1396 0 : return 0;
1397 : }
1398 1 : CONNECTION_AP_EXPECT_NONPENDING(entry_conn);
1399 1 : conn->base_.state = AP_CONN_STATE_OPEN;
1400 1 : log_info(LD_APP,"'connected' received for circid %u streamid %d "
1401 : "after %d seconds.",
1402 : (unsigned)circ->n_circ_id,
1403 : rh->stream_id,
1404 : (int)(time(NULL) - conn->base_.timestamp_last_read_allowed));
1405 1 : if (connected_cell_parse(rh, cell, &addr, &ttl) < 0) {
1406 0 : log_fn(LOG_PROTOCOL_WARN, LD_APP,
1407 : "Got a badly formatted connected cell. Closing.");
1408 0 : connection_edge_end(conn, END_STREAM_REASON_TORPROTOCOL);
1409 0 : connection_mark_unattached_ap(entry_conn, END_STREAM_REASON_TORPROTOCOL);
1410 0 : return 0;
1411 : }
1412 1 : if (tor_addr_family(&addr) != AF_UNSPEC) {
1413 : /* The family is not UNSPEC: so we were given an address in the
1414 : * connected cell. (This is normal, except for BEGINDIR and onion
1415 : * service streams.) */
1416 1 : const sa_family_t family = tor_addr_family(&addr);
1417 1 : if (tor_addr_is_null(&addr) ||
1418 2 : (get_options()->ClientDNSRejectInternalAddresses &&
1419 1 : tor_addr_is_internal(&addr, 0))) {
1420 0 : log_info(LD_APP, "...but it claims the IP address was %s. Closing.",
1421 : fmt_addr(&addr));
1422 0 : connection_edge_end(conn, END_STREAM_REASON_TORPROTOCOL);
1423 0 : connection_mark_unattached_ap(entry_conn,
1424 : END_STREAM_REASON_TORPROTOCOL);
1425 0 : return 0;
1426 : }
1427 :
1428 1 : if ((family == AF_INET && ! entry_conn->entry_cfg.ipv4_traffic) ||
1429 0 : (family == AF_INET6 && ! entry_conn->entry_cfg.ipv6_traffic)) {
1430 0 : log_fn(LOG_PROTOCOL_WARN, LD_APP,
1431 : "Got a connected cell to %s with unsupported address family."
1432 : " Closing.", fmt_addr(&addr));
1433 0 : connection_edge_end(conn, END_STREAM_REASON_TORPROTOCOL);
1434 0 : connection_mark_unattached_ap(entry_conn,
1435 : END_STREAM_REASON_TORPROTOCOL);
1436 0 : return 0;
1437 : }
1438 :
1439 1 : client_dns_set_addressmap(entry_conn,
1440 1 : entry_conn->socks_request->address, &addr,
1441 1 : entry_conn->chosen_exit_name, ttl);
1442 :
1443 1 : remap_event_helper(entry_conn, &addr);
1444 : }
1445 1 : circuit_log_path(LOG_INFO,LD_APP,TO_ORIGIN_CIRCUIT(circ));
1446 : /* don't send a socks reply to transparent conns */
1447 1 : tor_assert(entry_conn->socks_request != NULL);
1448 1 : if (!entry_conn->socks_request->has_finished) {
1449 1 : connection_ap_handshake_socks_reply(entry_conn, NULL, 0, 0);
1450 : }
1451 :
1452 : /* Was it a linked dir conn? If so, a dir request just started to
1453 : * fetch something; this could be a bootstrap status milestone. */
1454 1 : log_debug(LD_APP, "considering");
1455 1 : if (TO_CONN(conn)->linked_conn &&
1456 0 : TO_CONN(conn)->linked_conn->type == CONN_TYPE_DIR) {
1457 0 : connection_t *dirconn = TO_CONN(conn)->linked_conn;
1458 0 : log_debug(LD_APP, "it is! %d", dirconn->purpose);
1459 0 : switch (dirconn->purpose) {
1460 0 : case DIR_PURPOSE_FETCH_CERTIFICATE:
1461 0 : if (consensus_is_waiting_for_certs())
1462 0 : control_event_bootstrap(BOOTSTRAP_STATUS_LOADING_KEYS, 0);
1463 : break;
1464 0 : case DIR_PURPOSE_FETCH_CONSENSUS:
1465 0 : control_event_bootstrap(BOOTSTRAP_STATUS_LOADING_STATUS, 0);
1466 0 : break;
1467 0 : case DIR_PURPOSE_FETCH_SERVERDESC:
1468 : case DIR_PURPOSE_FETCH_MICRODESC:
1469 0 : if (TO_DIR_CONN(dirconn)->router_purpose == ROUTER_PURPOSE_GENERAL)
1470 0 : control_event_boot_dir(BOOTSTRAP_STATUS_LOADING_DESCRIPTORS,
1471 : count_loading_descriptors_progress());
1472 : break;
1473 : }
1474 : }
1475 : /* This is definitely a success, so forget about any pending data we
1476 : * had sent. */
1477 1 : if (entry_conn->pending_optimistic_data) {
1478 0 : buf_free(entry_conn->pending_optimistic_data);
1479 0 : entry_conn->pending_optimistic_data = NULL;
1480 : }
1481 :
1482 : /* This is valid data at this point. Count it */
1483 1 : circuit_read_valid_data(TO_ORIGIN_CIRCUIT(circ), rh->length);
1484 :
1485 : /* handle anything that might have queued */
1486 1 : if (connection_edge_package_raw_inbuf(conn, 1, NULL) < 0) {
1487 : /* (We already sent an end cell if possible) */
1488 0 : connection_mark_for_close(TO_CONN(conn));
1489 0 : return 0;
1490 : }
1491 : return 0;
1492 : }
1493 1 : if (conn->base_.type == CONN_TYPE_AP &&
1494 : rh->command == RELAY_COMMAND_RESOLVED) {
1495 1 : return connection_edge_process_resolved_cell(conn, cell, rh);
1496 : }
1497 :
1498 0 : log_fn(LOG_PROTOCOL_WARN, LD_PROTOCOL,
1499 : "Got an unexpected relay command %d, in state %d (%s). Dropping.",
1500 : rh->command, conn->base_.state,
1501 : conn_state_to_string(conn->base_.type, conn->base_.state));
1502 0 : return 0; /* for forward compatibility, don't kill the circuit */
1503 : // connection_edge_end(conn, END_STREAM_REASON_TORPROTOCOL);
1504 : // connection_mark_for_close(conn);
1505 : // return -1;
1506 : }
1507 :
1508 : /** Process a SENDME cell that arrived on <b>circ</b>. If it is a stream level
1509 : * cell, it is destined for the given <b>conn</b>. If it is a circuit level
1510 : * cell, it is destined for the <b>layer_hint</b>. The <b>domain</b> is the
1511 : * logging domain that should be used.
1512 : *
1513 : * Return 0 if everything went well or a negative value representing a circuit
1514 : * end reason on error for which the caller is responsible for closing it. */
1515 : static int
1516 20 : process_sendme_cell(const relay_header_t *rh, const cell_t *cell,
1517 : circuit_t *circ, edge_connection_t *conn,
1518 : crypt_path_t *layer_hint, int domain)
1519 : {
1520 20 : int ret;
1521 :
1522 20 : tor_assert(rh);
1523 :
1524 20 : if (!rh->stream_id) {
1525 : /* Circuit level SENDME cell. */
1526 4 : ret = sendme_process_circuit_level(layer_hint, circ,
1527 : cell->payload + RELAY_HEADER_SIZE,
1528 2 : rh->length);
1529 2 : if (ret < 0) {
1530 : return ret;
1531 : }
1532 : /* Resume reading on any streams now that we've processed a valid
1533 : * SENDME cell that updated our package window. */
1534 1 : circuit_resume_edge_reading(circ, layer_hint);
1535 : /* We are done, the rest of the code is for the stream level. */
1536 1 : return 0;
1537 : }
1538 :
1539 : /* No connection, might be half edge state. We are done if so. */
1540 18 : if (!conn) {
1541 14 : if (CIRCUIT_IS_ORIGIN(circ)) {
1542 14 : origin_circuit_t *ocirc = TO_ORIGIN_CIRCUIT(circ);
1543 14 : if (connection_half_edge_is_valid_sendme(ocirc->half_streams,
1544 14 : rh->stream_id)) {
1545 9 : circuit_read_valid_data(ocirc, rh->length);
1546 9 : log_info(domain, "Sendme cell on circ %u valid on half-closed "
1547 : "stream id %d",
1548 : ocirc->global_identifier, rh->stream_id);
1549 : }
1550 : }
1551 :
1552 14 : log_info(domain, "SENDME cell dropped, unknown stream (streamid %d).",
1553 : rh->stream_id);
1554 14 : return 0;
1555 : }
1556 :
1557 : /* Stream level SENDME cell. */
1558 4 : ret = sendme_process_stream_level(conn, circ, rh->length);
1559 4 : if (ret < 0) {
1560 : /* Means we need to close the circuit with reason ret. */
1561 : return ret;
1562 : }
1563 :
1564 : /* We've now processed properly a SENDME cell, all windows have been
1565 : * properly updated, we'll read on the edge connection to see if we can
1566 : * get data out towards the end point (Exit or client) since we are now
1567 : * allowed to deliver more cells. */
1568 :
1569 1 : if (circuit_queue_streams_are_blocked(circ)) {
1570 : /* Still waiting for queue to flush; don't touch conn */
1571 : return 0;
1572 : }
1573 1 : connection_start_reading(TO_CONN(conn));
1574 : /* handle whatever might still be on the inbuf */
1575 1 : if (connection_edge_package_raw_inbuf(conn, 1, NULL) < 0) {
1576 : /* (We already sent an end cell if possible) */
1577 0 : connection_mark_for_close(TO_CONN(conn));
1578 0 : return 0;
1579 : }
1580 : return 0;
1581 : }
1582 :
1583 : /** A helper for connection_edge_process_relay_cell(): Actually handles the
1584 : * cell that we received on the connection.
1585 : *
1586 : * The arguments are the same as in the parent function
1587 : * connection_edge_process_relay_cell(), plus the relay header <b>rh</b> as
1588 : * unpacked by the parent function, and <b>optimistic_data</b> as set by the
1589 : * parent function.
1590 : */
1591 : STATIC int
1592 549 : handle_relay_cell_command(cell_t *cell, circuit_t *circ,
1593 : edge_connection_t *conn, crypt_path_t *layer_hint,
1594 : relay_header_t *rh, int optimistic_data)
1595 : {
1596 549 : unsigned domain = layer_hint?LD_APP:LD_EXIT;
1597 549 : int reason;
1598 :
1599 549 : tor_assert(rh);
1600 :
1601 : /* First pass the cell to the circuit padding subsystem, in case it's a
1602 : * padding cell or circuit that should be handled there. */
1603 549 : if (circpad_check_received_cell(cell, circ, layer_hint, rh) == 0) {
1604 2 : log_debug(domain, "Cell handled as circuit padding");
1605 2 : return 0;
1606 : }
1607 :
1608 : /* Now handle all the other commands */
1609 547 : switch (rh->command) {
1610 0 : case RELAY_COMMAND_BEGIN:
1611 : case RELAY_COMMAND_BEGIN_DIR:
1612 0 : if (layer_hint &&
1613 0 : circ->purpose != CIRCUIT_PURPOSE_S_REND_JOINED) {
1614 0 : log_fn(LOG_PROTOCOL_WARN, LD_APP,
1615 : "Relay begin request unsupported at AP. Dropping.");
1616 0 : return 0;
1617 : }
1618 0 : if (circ->purpose == CIRCUIT_PURPOSE_S_REND_JOINED &&
1619 0 : layer_hint != TO_ORIGIN_CIRCUIT(circ)->cpath->prev) {
1620 0 : log_fn(LOG_PROTOCOL_WARN, LD_APP,
1621 : "Relay begin request to Hidden Service "
1622 : "from intermediary node. Dropping.");
1623 0 : return 0;
1624 : }
1625 0 : if (conn) {
1626 0 : log_fn(LOG_PROTOCOL_WARN, domain,
1627 : "Begin cell for known stream. Dropping.");
1628 0 : return 0;
1629 : }
1630 0 : if (rh->command == RELAY_COMMAND_BEGIN_DIR &&
1631 0 : circ->purpose != CIRCUIT_PURPOSE_S_REND_JOINED) {
1632 : /* Assign this circuit and its app-ward OR connection a unique ID,
1633 : * so that we can measure download times. The local edge and dir
1634 : * connection will be assigned the same ID when they are created
1635 : * and linked. */
1636 0 : static uint64_t next_id = 0;
1637 0 : circ->dirreq_id = ++next_id;
1638 0 : TO_OR_CIRCUIT(circ)->p_chan->dirreq_id = circ->dirreq_id;
1639 : }
1640 0 : return connection_exit_begin_conn(cell, circ);
1641 507 : case RELAY_COMMAND_DATA:
1642 507 : ++stats_n_data_cells_received;
1643 :
1644 : /* Update our circuit-level deliver window that we received a DATA cell.
1645 : * If the deliver window goes below 0, we end the circuit and stream due
1646 : * to a protocol failure. */
1647 507 : if (sendme_circuit_data_received(circ, layer_hint) < 0) {
1648 0 : log_fn(LOG_PROTOCOL_WARN, LD_PROTOCOL,
1649 : "(relay data) circ deliver_window below 0. Killing.");
1650 0 : connection_edge_end_close(conn, END_STREAM_REASON_TORPROTOCOL);
1651 0 : return -END_CIRC_REASON_TORPROTOCOL;
1652 : }
1653 :
1654 : /* Consider sending a circuit-level SENDME cell. */
1655 507 : sendme_circuit_consider_sending(circ, layer_hint);
1656 :
1657 507 : if (rh->stream_id == 0) {
1658 1 : log_fn(LOG_PROTOCOL_WARN, LD_PROTOCOL, "Relay data cell with zero "
1659 : "stream_id. Dropping.");
1660 1 : return 0;
1661 506 : } else if (!conn) {
1662 504 : if (CIRCUIT_IS_ORIGIN(circ)) {
1663 504 : origin_circuit_t *ocirc = TO_ORIGIN_CIRCUIT(circ);
1664 504 : if (connection_half_edge_is_valid_data(ocirc->half_streams,
1665 504 : rh->stream_id)) {
1666 500 : circuit_read_valid_data(ocirc, rh->length);
1667 500 : log_info(domain,
1668 : "data cell on circ %u valid on half-closed "
1669 : "stream id %d", ocirc->global_identifier, rh->stream_id);
1670 : }
1671 : }
1672 :
1673 504 : log_info(domain,"data cell dropped, unknown stream (streamid %d).",
1674 : rh->stream_id);
1675 504 : return 0;
1676 : }
1677 :
1678 : /* Update our stream-level deliver window that we just received a DATA
1679 : * cell. Going below 0 means we have a protocol level error so the
1680 : * stream and circuit are closed. */
1681 :
1682 2 : if (sendme_stream_data_received(conn) < 0) {
1683 0 : log_fn(LOG_PROTOCOL_WARN, LD_PROTOCOL,
1684 : "(relay data) conn deliver_window below 0. Killing.");
1685 0 : connection_edge_end_close(conn, END_STREAM_REASON_TORPROTOCOL);
1686 0 : return -END_CIRC_REASON_TORPROTOCOL;
1687 : }
1688 : /* Total all valid application bytes delivered */
1689 2 : if (CIRCUIT_IS_ORIGIN(circ) && rh->length > 0) {
1690 1 : circuit_read_valid_data(TO_ORIGIN_CIRCUIT(circ), rh->length);
1691 : }
1692 :
1693 : /* For onion service connection, update the metrics. */
1694 2 : if (conn->hs_ident) {
1695 0 : hs_metrics_app_write_bytes(&conn->hs_ident->identity_pk,
1696 : conn->hs_ident->orig_virtual_port,
1697 : rh->length);
1698 : }
1699 :
1700 2 : stats_n_data_bytes_received += rh->length;
1701 2 : connection_buf_add((char*)(cell->payload + RELAY_HEADER_SIZE),
1702 2 : rh->length, TO_CONN(conn));
1703 :
1704 : #ifdef MEASUREMENTS_21206
1705 : /* Count number of RELAY_DATA cells received on a linked directory
1706 : * connection. */
1707 : connection_t *linked_conn = TO_CONN(conn)->linked_conn;
1708 :
1709 : if (linked_conn && linked_conn->type == CONN_TYPE_DIR) {
1710 : ++(TO_DIR_CONN(linked_conn)->data_cells_received);
1711 : }
1712 : #endif /* defined(MEASUREMENTS_21206) */
1713 :
1714 2 : if (!optimistic_data) {
1715 : /* Only send a SENDME if we're not getting optimistic data; otherwise
1716 : * a SENDME could arrive before the CONNECTED.
1717 : */
1718 2 : sendme_connection_edge_consider_sending(conn);
1719 : }
1720 :
1721 : return 0;
1722 6 : case RELAY_COMMAND_END:
1723 12 : reason = rh->length > 0 ?
1724 6 : get_uint8(cell->payload+RELAY_HEADER_SIZE) : END_STREAM_REASON_MISC;
1725 6 : if (!conn) {
1726 5 : if (CIRCUIT_IS_ORIGIN(circ)) {
1727 5 : origin_circuit_t *ocirc = TO_ORIGIN_CIRCUIT(circ);
1728 5 : if (connection_half_edge_is_valid_end(ocirc->half_streams,
1729 5 : rh->stream_id)) {
1730 :
1731 2 : circuit_read_valid_data(ocirc, rh->length);
1732 2 : log_info(domain,
1733 : "end cell (%s) on circ %u valid on half-closed "
1734 : "stream id %d",
1735 : stream_end_reason_to_string(reason),
1736 : ocirc->global_identifier, rh->stream_id);
1737 2 : return 0;
1738 : }
1739 : }
1740 3 : log_info(domain,"end cell (%s) dropped, unknown stream.",
1741 : stream_end_reason_to_string(reason));
1742 3 : return 0;
1743 : }
1744 : /* XXX add to this log_fn the exit node's nickname? */
1745 1 : log_info(domain,TOR_SOCKET_T_FORMAT": end cell (%s) for stream %d. "
1746 : "Removing stream.",
1747 : conn->base_.s,
1748 : stream_end_reason_to_string(reason),
1749 : conn->stream_id);
1750 1 : if (conn->base_.type == CONN_TYPE_AP) {
1751 1 : entry_connection_t *entry_conn = EDGE_TO_ENTRY_CONN(conn);
1752 1 : if (entry_conn->socks_request &&
1753 1 : !entry_conn->socks_request->has_finished)
1754 0 : log_warn(LD_BUG,
1755 : "open stream hasn't sent socks answer yet? Closing.");
1756 : }
1757 : /* We just *got* an end; no reason to send one. */
1758 1 : conn->edge_has_sent_end = 1;
1759 1 : if (!conn->end_reason)
1760 0 : conn->end_reason = reason | END_STREAM_REASON_FLAG_REMOTE;
1761 1 : if (!conn->base_.marked_for_close) {
1762 : /* only mark it if not already marked. it's possible to
1763 : * get the 'end' right around when the client hangs up on us. */
1764 1 : connection_mark_and_flush(TO_CONN(conn));
1765 :
1766 : /* Total all valid application bytes delivered */
1767 1 : if (CIRCUIT_IS_ORIGIN(circ)) {
1768 1 : circuit_read_valid_data(TO_ORIGIN_CIRCUIT(circ), rh->length);
1769 : }
1770 : }
1771 : return 0;
1772 0 : case RELAY_COMMAND_EXTEND:
1773 : case RELAY_COMMAND_EXTEND2: {
1774 0 : static uint64_t total_n_extend=0, total_nonearly=0;
1775 0 : total_n_extend++;
1776 0 : if (rh->stream_id) {
1777 0 : log_fn(LOG_PROTOCOL_WARN, domain,
1778 : "'extend' cell received for non-zero stream. Dropping.");
1779 0 : return 0;
1780 : }
1781 0 : if (cell->command != CELL_RELAY_EARLY &&
1782 0 : !networkstatus_get_param(NULL,"AllowNonearlyExtend",0,0,1)) {
1783 : #define EARLY_WARNING_INTERVAL 3600
1784 0 : static ratelim_t early_warning_limit =
1785 : RATELIM_INIT(EARLY_WARNING_INTERVAL);
1786 0 : char *m;
1787 0 : if (cell->command == CELL_RELAY) {
1788 0 : ++total_nonearly;
1789 0 : if ((m = rate_limit_log(&early_warning_limit, approx_time()))) {
1790 0 : double percentage = ((double)total_nonearly)/total_n_extend;
1791 0 : percentage *= 100;
1792 0 : log_fn(LOG_PROTOCOL_WARN, domain, "EXTEND cell received, "
1793 : "but not via RELAY_EARLY. Dropping.%s", m);
1794 0 : log_fn(LOG_PROTOCOL_WARN, domain, " (We have dropped %.02f%% of "
1795 : "all EXTEND cells for this reason)", percentage);
1796 0 : tor_free(m);
1797 : }
1798 : } else {
1799 0 : log_fn(LOG_WARN, domain,
1800 : "EXTEND cell received, in a cell with type %d! Dropping.",
1801 : cell->command);
1802 : }
1803 0 : return 0;
1804 : }
1805 0 : return circuit_extend(cell, circ);
1806 : }
1807 2 : case RELAY_COMMAND_EXTENDED:
1808 : case RELAY_COMMAND_EXTENDED2:
1809 2 : if (!layer_hint) {
1810 0 : log_fn(LOG_PROTOCOL_WARN, LD_PROTOCOL,
1811 : "'extended' unsupported at non-origin. Dropping.");
1812 0 : return 0;
1813 : }
1814 2 : log_debug(domain,"Got an extended cell! Yay.");
1815 : {
1816 2 : extended_cell_t extended_cell;
1817 2 : if (extended_cell_parse(&extended_cell, rh->command,
1818 : (const uint8_t*)cell->payload+RELAY_HEADER_SIZE,
1819 2 : rh->length)<0) {
1820 2 : log_warn(LD_PROTOCOL,
1821 : "Can't parse EXTENDED cell; killing circuit.");
1822 2 : return -END_CIRC_REASON_TORPROTOCOL;
1823 : }
1824 0 : if ((reason = circuit_finish_handshake(TO_ORIGIN_CIRCUIT(circ),
1825 : &extended_cell.created_cell)) < 0) {
1826 0 : circuit_mark_for_close(circ, -reason);
1827 0 : return 0; /* We don't want to cause a warning, so we mark the circuit
1828 : * here. */
1829 : }
1830 : }
1831 0 : if ((reason=circuit_send_next_onion_skin(TO_ORIGIN_CIRCUIT(circ)))<0) {
1832 0 : log_info(domain,"circuit_send_next_onion_skin() failed.");
1833 0 : return reason;
1834 : }
1835 : /* Total all valid bytes delivered. */
1836 0 : if (CIRCUIT_IS_ORIGIN(circ)) {
1837 0 : circuit_read_valid_data(TO_ORIGIN_CIRCUIT(circ), rh->length);
1838 : }
1839 : return 0;
1840 0 : case RELAY_COMMAND_TRUNCATE:
1841 0 : if (layer_hint) {
1842 0 : log_fn(LOG_PROTOCOL_WARN, LD_APP,
1843 : "'truncate' unsupported at origin. Dropping.");
1844 0 : return 0;
1845 : }
1846 0 : if (circ->n_hop) {
1847 0 : if (circ->n_chan)
1848 0 : log_warn(LD_BUG, "n_chan and n_hop set on the same circuit!");
1849 0 : extend_info_free(circ->n_hop);
1850 0 : circ->n_hop = NULL;
1851 0 : tor_free(circ->n_chan_create_cell);
1852 0 : circuit_set_state(circ, CIRCUIT_STATE_OPEN);
1853 : }
1854 0 : if (circ->n_chan) {
1855 0 : uint8_t trunc_reason = get_uint8(cell->payload + RELAY_HEADER_SIZE);
1856 0 : circuit_synchronize_written_or_bandwidth(circ, CIRCUIT_N_CHAN);
1857 0 : circuit_clear_cell_queue(circ, circ->n_chan);
1858 0 : channel_send_destroy(circ->n_circ_id, circ->n_chan,
1859 : trunc_reason);
1860 0 : circuit_set_n_circid_chan(circ, 0, NULL);
1861 : }
1862 0 : log_debug(LD_EXIT, "Processed 'truncate', replying.");
1863 : {
1864 0 : char payload[1];
1865 0 : payload[0] = (char)END_CIRC_REASON_REQUESTED;
1866 0 : relay_send_command_from_edge(0, circ, RELAY_COMMAND_TRUNCATED,
1867 : payload, sizeof(payload), NULL);
1868 : }
1869 0 : return 0;
1870 0 : case RELAY_COMMAND_TRUNCATED:
1871 0 : if (!layer_hint) {
1872 0 : log_fn(LOG_PROTOCOL_WARN, LD_EXIT,
1873 : "'truncated' unsupported at non-origin. Dropping.");
1874 0 : return 0;
1875 : }
1876 :
1877 : /* Count the truncated as valid, for completeness. The
1878 : * circuit is being torn down anyway, though. */
1879 0 : if (CIRCUIT_IS_ORIGIN(circ)) {
1880 0 : circuit_read_valid_data(TO_ORIGIN_CIRCUIT(circ),
1881 0 : rh->length);
1882 : }
1883 0 : circuit_truncated(TO_ORIGIN_CIRCUIT(circ),
1884 0 : get_uint8(cell->payload + RELAY_HEADER_SIZE));
1885 0 : return 0;
1886 5 : case RELAY_COMMAND_CONNECTED:
1887 5 : if (conn) {
1888 1 : log_fn(LOG_PROTOCOL_WARN, LD_PROTOCOL,
1889 : "'connected' unsupported while open. Closing circ.");
1890 1 : return -END_CIRC_REASON_TORPROTOCOL;
1891 : }
1892 :
1893 4 : if (CIRCUIT_IS_ORIGIN(circ)) {
1894 4 : origin_circuit_t *ocirc = TO_ORIGIN_CIRCUIT(circ);
1895 4 : if (connection_half_edge_is_valid_connected(ocirc->half_streams,
1896 4 : rh->stream_id)) {
1897 1 : circuit_read_valid_data(ocirc, rh->length);
1898 1 : log_info(domain,
1899 : "connected cell on circ %u valid on half-closed "
1900 : "stream id %d", ocirc->global_identifier, rh->stream_id);
1901 1 : return 0;
1902 : }
1903 : }
1904 :
1905 3 : log_info(domain,
1906 : "'connected' received on circid %u for streamid %d, "
1907 : "no conn attached anymore. Ignoring.",
1908 : (unsigned)circ->n_circ_id, rh->stream_id);
1909 3 : return 0;
1910 20 : case RELAY_COMMAND_SENDME:
1911 20 : return process_sendme_cell(rh, cell, circ, conn, layer_hint, domain);
1912 0 : case RELAY_COMMAND_RESOLVE:
1913 0 : if (layer_hint) {
1914 0 : log_fn(LOG_PROTOCOL_WARN, LD_APP,
1915 : "resolve request unsupported at AP; dropping.");
1916 0 : return 0;
1917 0 : } else if (conn) {
1918 0 : log_fn(LOG_PROTOCOL_WARN, domain,
1919 : "resolve request for known stream; dropping.");
1920 0 : return 0;
1921 0 : } else if (circ->purpose != CIRCUIT_PURPOSE_OR) {
1922 0 : log_fn(LOG_PROTOCOL_WARN, domain,
1923 : "resolve request on circ with purpose %d; dropping",
1924 : circ->purpose);
1925 0 : return 0;
1926 : }
1927 0 : connection_exit_begin_resolve(cell, TO_OR_CIRCUIT(circ));
1928 0 : return 0;
1929 5 : case RELAY_COMMAND_RESOLVED:
1930 5 : if (conn) {
1931 1 : log_fn(LOG_PROTOCOL_WARN, domain,
1932 : "'resolved' unsupported while open. Closing circ.");
1933 1 : return -END_CIRC_REASON_TORPROTOCOL;
1934 : }
1935 :
1936 4 : if (CIRCUIT_IS_ORIGIN(circ)) {
1937 4 : origin_circuit_t *ocirc = TO_ORIGIN_CIRCUIT(circ);
1938 4 : if (connection_half_edge_is_valid_resolved(ocirc->half_streams,
1939 4 : rh->stream_id)) {
1940 1 : circuit_read_valid_data(ocirc, rh->length);
1941 1 : log_info(domain,
1942 : "resolved cell on circ %u valid on half-closed "
1943 : "stream id %d", ocirc->global_identifier, rh->stream_id);
1944 1 : return 0;
1945 : }
1946 : }
1947 :
1948 3 : log_info(domain,
1949 : "'resolved' received, no conn attached anymore. Ignoring.");
1950 3 : return 0;
1951 2 : case RELAY_COMMAND_ESTABLISH_INTRO:
1952 : case RELAY_COMMAND_ESTABLISH_RENDEZVOUS:
1953 : case RELAY_COMMAND_INTRODUCE1:
1954 : case RELAY_COMMAND_INTRODUCE2:
1955 : case RELAY_COMMAND_INTRODUCE_ACK:
1956 : case RELAY_COMMAND_RENDEZVOUS1:
1957 : case RELAY_COMMAND_RENDEZVOUS2:
1958 : case RELAY_COMMAND_INTRO_ESTABLISHED:
1959 : case RELAY_COMMAND_RENDEZVOUS_ESTABLISHED:
1960 2 : rend_process_relay_cell(circ, layer_hint,
1961 2 : rh->command, rh->length,
1962 : cell->payload+RELAY_HEADER_SIZE);
1963 2 : return 0;
1964 : }
1965 0 : log_fn(LOG_PROTOCOL_WARN, LD_PROTOCOL,
1966 : "Received unknown relay command %d. Perhaps the other side is using "
1967 : "a newer version of Tor? Dropping.",
1968 : rh->command);
1969 0 : return 0; /* for forward compatibility, don't kill the circuit */
1970 : }
1971 :
1972 : /** An incoming relay cell has arrived on circuit <b>circ</b>. If
1973 : * <b>conn</b> is NULL this is a control cell, else <b>cell</b> is
1974 : * destined for <b>conn</b>.
1975 : *
1976 : * If <b>layer_hint</b> is defined, then we're the origin of the
1977 : * circuit, and it specifies the hop that packaged <b>cell</b>.
1978 : *
1979 : * Return -reason if you want to warn and tear down the circuit, else 0.
1980 : */
1981 : STATIC int
1982 552 : connection_edge_process_relay_cell(cell_t *cell, circuit_t *circ,
1983 : edge_connection_t *conn,
1984 : crypt_path_t *layer_hint)
1985 : {
1986 552 : static int num_seen=0;
1987 552 : relay_header_t rh;
1988 552 : unsigned domain = layer_hint?LD_APP:LD_EXIT;
1989 552 : int optimistic_data = 0; /* Set to 1 if we receive data on a stream
1990 : * that's in the EXIT_CONN_STATE_RESOLVING
1991 : * or EXIT_CONN_STATE_CONNECTING states. */
1992 :
1993 552 : tor_assert(cell);
1994 552 : tor_assert(circ);
1995 :
1996 552 : relay_header_unpack(&rh, cell->payload);
1997 : // log_fn(LOG_DEBUG,"command %d stream %d", rh.command, rh.stream_id);
1998 552 : num_seen++;
1999 552 : log_debug(domain, "Now seen %d relay cells here (command %d, stream %d).",
2000 : num_seen, rh.command, rh.stream_id);
2001 :
2002 552 : if (rh.length > RELAY_PAYLOAD_SIZE) {
2003 0 : log_fn(LOG_PROTOCOL_WARN, LD_PROTOCOL,
2004 : "Relay cell length field too long. Closing circuit.");
2005 0 : return - END_CIRC_REASON_TORPROTOCOL;
2006 : }
2007 :
2008 552 : if (rh.stream_id == 0) {
2009 4 : switch (rh.command) {
2010 1 : case RELAY_COMMAND_BEGIN:
2011 : case RELAY_COMMAND_CONNECTED:
2012 : case RELAY_COMMAND_END:
2013 : case RELAY_COMMAND_RESOLVE:
2014 : case RELAY_COMMAND_RESOLVED:
2015 : case RELAY_COMMAND_BEGIN_DIR:
2016 1 : log_fn(LOG_PROTOCOL_WARN, LD_PROTOCOL, "Relay command %d with zero "
2017 : "stream_id. Dropping.", (int)rh.command);
2018 1 : return 0;
2019 548 : default:
2020 551 : ;
2021 : }
2022 : }
2023 :
2024 : /* Tell circpad that we've received a recognized cell */
2025 551 : circpad_deliver_recognized_relay_cell_events(circ, rh.command, layer_hint);
2026 :
2027 : /* either conn is NULL, in which case we've got a control cell, or else
2028 : * conn points to the recognized stream. */
2029 551 : if (conn && !connection_state_is_open(TO_CONN(conn))) {
2030 3 : if (conn->base_.type == CONN_TYPE_EXIT &&
2031 0 : (conn->base_.state == EXIT_CONN_STATE_CONNECTING ||
2032 0 : conn->base_.state == EXIT_CONN_STATE_RESOLVING) &&
2033 0 : rh.command == RELAY_COMMAND_DATA) {
2034 : /* Allow DATA cells to be delivered to an exit node in state
2035 : * EXIT_CONN_STATE_CONNECTING or EXIT_CONN_STATE_RESOLVING.
2036 : * This speeds up HTTP, for example. */
2037 : optimistic_data = 1;
2038 3 : } else if (rh.stream_id == 0 && rh.command == RELAY_COMMAND_DATA) {
2039 0 : log_warn(LD_BUG, "Somehow I had a connection that matched a "
2040 : "data cell with stream ID 0.");
2041 : } else {
2042 3 : return connection_edge_process_relay_cell_not_open(
2043 : &rh, cell, circ, conn, layer_hint);
2044 : }
2045 : }
2046 :
2047 548 : return handle_relay_cell_command(cell, circ, conn, layer_hint,
2048 : &rh, optimistic_data);
2049 : }
2050 :
2051 : /** How many relay_data cells have we built, ever? */
2052 : uint64_t stats_n_data_cells_packaged = 0;
2053 : /** How many bytes of data have we put in relay_data cells have we built,
2054 : * ever? This would be RELAY_PAYLOAD_SIZE*stats_n_data_cells_packaged if
2055 : * every relay cell we ever sent were completely full of data. */
2056 : uint64_t stats_n_data_bytes_packaged = 0;
2057 : /** How many relay_data cells have we received, ever? */
2058 : uint64_t stats_n_data_cells_received = 0;
2059 : /** How many bytes of data have we received relay_data cells, ever? This would
2060 : * be RELAY_PAYLOAD_SIZE*stats_n_data_cells_packaged if every relay cell we
2061 : * ever received were completely full of data. */
2062 : uint64_t stats_n_data_bytes_received = 0;
2063 :
2064 : /**
2065 : * Called when initializing a circuit, or when we have reached the end of the
2066 : * window in which we need to send some randomness so that incoming sendme
2067 : * cells will be unpredictable. Resets the flags and picks a new window.
2068 : */
2069 : void
2070 198 : circuit_reset_sendme_randomness(circuit_t *circ)
2071 : {
2072 198 : circ->have_sent_sufficiently_random_cell = 0;
2073 396 : circ->send_randomness_after_n_cells = CIRCWINDOW_INCREMENT / 2 +
2074 198 : crypto_fast_rng_get_uint(get_thread_fast_rng(), CIRCWINDOW_INCREMENT / 2);
2075 198 : }
2076 :
2077 : /**
2078 : * Any relay data payload containing fewer than this many real bytes is
2079 : * considered to have enough randomness to.
2080 : **/
2081 : #define RELAY_PAYLOAD_LENGTH_FOR_RANDOM_SENDMES \
2082 : (RELAY_PAYLOAD_SIZE - CELL_PADDING_GAP - 16)
2083 :
2084 : /**
2085 : * Helper. Return the number of bytes that should be put into a cell from a
2086 : * given edge connection on which <b>n_available</b> bytes are available.
2087 : */
2088 : STATIC size_t
2089 10 : connection_edge_get_inbuf_bytes_to_package(size_t n_available,
2090 : int package_partial,
2091 : circuit_t *on_circuit)
2092 : {
2093 10 : if (!n_available)
2094 : return 0;
2095 :
2096 : /* Do we need to force this payload to have space for randomness? */
2097 16 : const bool force_random_bytes =
2098 8 : (on_circuit->send_randomness_after_n_cells == 0) &&
2099 3 : (! on_circuit->have_sent_sufficiently_random_cell);
2100 :
2101 : /* At most how much would we like to send in this cell? */
2102 8 : size_t target_length;
2103 8 : if (force_random_bytes) {
2104 : target_length = RELAY_PAYLOAD_LENGTH_FOR_RANDOM_SENDMES;
2105 : } else {
2106 6 : target_length = RELAY_PAYLOAD_SIZE;
2107 : }
2108 :
2109 : /* Decide how many bytes we will actually put into this cell. */
2110 8 : size_t package_length;
2111 8 : if (n_available >= target_length) { /* A full payload is available. */
2112 : package_length = target_length;
2113 : } else { /* not a full payload available */
2114 3 : if (package_partial)
2115 : package_length = n_available; /* just take whatever's available now */
2116 : else
2117 : return 0; /* nothing to do until we have a full payload */
2118 : }
2119 :
2120 : /* If we reach this point, we will be definitely sending the cell. */
2121 7 : tor_assert_nonfatal(package_length > 0);
2122 :
2123 7 : if (package_length <= RELAY_PAYLOAD_LENGTH_FOR_RANDOM_SENDMES) {
2124 : /* This cell will have enough randomness in the padding to make a future
2125 : * sendme cell unpredictable. */
2126 3 : on_circuit->have_sent_sufficiently_random_cell = 1;
2127 : }
2128 :
2129 7 : if (on_circuit->send_randomness_after_n_cells == 0) {
2130 : /* Either this cell, or some previous cell, had enough padding to
2131 : * ensure sendme unpredictability. */
2132 3 : tor_assert_nonfatal(on_circuit->have_sent_sufficiently_random_cell);
2133 : /* Pick a new interval in which we need to send randomness. */
2134 3 : circuit_reset_sendme_randomness(on_circuit);
2135 : }
2136 :
2137 7 : --on_circuit->send_randomness_after_n_cells;
2138 :
2139 7 : return package_length;
2140 : }
2141 :
2142 : /** If <b>conn</b> has an entire relay payload of bytes on its inbuf (or
2143 : * <b>package_partial</b> is true), and the appropriate package windows aren't
2144 : * empty, grab a cell and send it down the circuit.
2145 : *
2146 : * If *<b>max_cells</b> is given, package no more than max_cells. Decrement
2147 : * *<b>max_cells</b> by the number of cells packaged.
2148 : *
2149 : * Return -1 (and send a RELAY_COMMAND_END cell if necessary) if conn should
2150 : * be marked for close, else return 0.
2151 : */
2152 : int
2153 2 : connection_edge_package_raw_inbuf(edge_connection_t *conn, int package_partial,
2154 : int *max_cells)
2155 : {
2156 2 : size_t bytes_to_process, length;
2157 2 : char payload[CELL_PAYLOAD_SIZE];
2158 2 : circuit_t *circ;
2159 2 : const unsigned domain = conn->base_.type == CONN_TYPE_AP ? LD_APP : LD_EXIT;
2160 2 : int sending_from_optimistic = 0;
2161 6 : entry_connection_t *entry_conn =
2162 2 : conn->base_.type == CONN_TYPE_AP ? EDGE_TO_ENTRY_CONN(conn) : NULL;
2163 4 : const int sending_optimistically =
2164 2 : entry_conn &&
2165 2 : conn->base_.type == CONN_TYPE_AP &&
2166 2 : conn->base_.state != AP_CONN_STATE_OPEN;
2167 2 : crypt_path_t *cpath_layer = conn->cpath_layer;
2168 :
2169 2 : tor_assert(conn);
2170 :
2171 2 : if (conn->base_.marked_for_close) {
2172 0 : log_warn(LD_BUG,
2173 : "called on conn that's already marked for close at %s:%d.",
2174 : conn->base_.marked_for_close_file, conn->base_.marked_for_close);
2175 0 : return 0;
2176 : }
2177 :
2178 2 : if (max_cells && *max_cells <= 0)
2179 : return 0;
2180 :
2181 2 : repeat_connection_edge_package_raw_inbuf:
2182 :
2183 2 : circ = circuit_get_by_edge_conn(conn);
2184 2 : if (!circ) {
2185 0 : log_info(domain,"conn has no circuit! Closing.");
2186 0 : conn->end_reason = END_STREAM_REASON_CANT_ATTACH;
2187 0 : return -1;
2188 : }
2189 :
2190 2 : if (circuit_consider_stop_edge_reading(circ, cpath_layer))
2191 : return 0;
2192 :
2193 2 : if (conn->package_window <= 0) {
2194 0 : log_info(domain,"called with package_window %d. Skipping.",
2195 : conn->package_window);
2196 0 : connection_stop_reading(TO_CONN(conn));
2197 0 : return 0;
2198 : }
2199 :
2200 2 : sending_from_optimistic = entry_conn &&
2201 2 : entry_conn->sending_optimistic_data != NULL;
2202 :
2203 2 : if (PREDICT_UNLIKELY(sending_from_optimistic)) {
2204 0 : bytes_to_process = buf_datalen(entry_conn->sending_optimistic_data);
2205 0 : if (PREDICT_UNLIKELY(!bytes_to_process)) {
2206 0 : log_warn(LD_BUG, "sending_optimistic_data was non-NULL but empty");
2207 0 : bytes_to_process = connection_get_inbuf_len(TO_CONN(conn));
2208 0 : sending_from_optimistic = 0;
2209 : }
2210 : } else {
2211 2 : bytes_to_process = connection_get_inbuf_len(TO_CONN(conn));
2212 : }
2213 :
2214 2 : length = connection_edge_get_inbuf_bytes_to_package(bytes_to_process,
2215 : package_partial, circ);
2216 2 : if (!length)
2217 : return 0;
2218 :
2219 : /* If we reach this point, we will definitely be packaging bytes into
2220 : * a cell. */
2221 :
2222 0 : stats_n_data_bytes_packaged += length;
2223 0 : stats_n_data_cells_packaged += 1;
2224 :
2225 0 : if (PREDICT_UNLIKELY(sending_from_optimistic)) {
2226 : /* XXXX We could be more efficient here by sometimes packing
2227 : * previously-sent optimistic data in the same cell with data
2228 : * from the inbuf. */
2229 0 : buf_get_bytes(entry_conn->sending_optimistic_data, payload, length);
2230 0 : if (!buf_datalen(entry_conn->sending_optimistic_data)) {
2231 0 : buf_free(entry_conn->sending_optimistic_data);
2232 0 : entry_conn->sending_optimistic_data = NULL;
2233 : }
2234 : } else {
2235 0 : connection_buf_get_bytes(payload, length, TO_CONN(conn));
2236 : }
2237 :
2238 0 : log_debug(domain,TOR_SOCKET_T_FORMAT": Packaging %d bytes (%d waiting).",
2239 : conn->base_.s,
2240 : (int)length, (int)connection_get_inbuf_len(TO_CONN(conn)));
2241 :
2242 0 : if (sending_optimistically && !sending_from_optimistic) {
2243 : /* This is new optimistic data; remember it in case we need to detach and
2244 : retry */
2245 0 : if (!entry_conn->pending_optimistic_data)
2246 0 : entry_conn->pending_optimistic_data = buf_new();
2247 0 : buf_add(entry_conn->pending_optimistic_data, payload, length);
2248 : }
2249 :
2250 0 : if (connection_edge_send_command(conn, RELAY_COMMAND_DATA,
2251 : payload, length) < 0 ) {
2252 : /* circuit got marked for close, don't continue, don't need to mark conn */
2253 : return 0;
2254 : }
2255 :
2256 : /* Handle the circuit-level SENDME package window. */
2257 0 : if (sendme_note_circuit_data_packaged(circ, cpath_layer) < 0) {
2258 : /* Package window has gone under 0. Protocol issue. */
2259 0 : log_fn(LOG_PROTOCOL_WARN, LD_PROTOCOL,
2260 : "Circuit package window is below 0. Closing circuit.");
2261 0 : conn->end_reason = END_STREAM_REASON_TORPROTOCOL;
2262 0 : return -1;
2263 : }
2264 :
2265 : /* Handle the stream-level SENDME package window. */
2266 0 : if (sendme_note_stream_data_packaged(conn) < 0) {
2267 0 : connection_stop_reading(TO_CONN(conn));
2268 0 : log_debug(domain,"conn->package_window reached 0.");
2269 0 : circuit_consider_stop_edge_reading(circ, cpath_layer);
2270 0 : return 0; /* don't process the inbuf any more */
2271 : }
2272 0 : log_debug(domain,"conn->package_window is now %d",conn->package_window);
2273 :
2274 0 : if (max_cells) {
2275 0 : *max_cells -= 1;
2276 0 : if (*max_cells <= 0)
2277 : return 0;
2278 : }
2279 :
2280 : /* handle more if there's more, or return 0 if there isn't */
2281 0 : goto repeat_connection_edge_package_raw_inbuf;
2282 : }
2283 :
2284 : /** The circuit <b>circ</b> has received a circuit-level sendme
2285 : * (on hop <b>layer_hint</b>, if we're the OP). Go through all the
2286 : * attached streams and let them resume reading and packaging, if
2287 : * their stream windows allow it.
2288 : */
2289 : static void
2290 1 : circuit_resume_edge_reading(circuit_t *circ, crypt_path_t *layer_hint)
2291 : {
2292 1 : if (circuit_queue_streams_are_blocked(circ)) {
2293 0 : log_debug(layer_hint?LD_APP:LD_EXIT,"Too big queue, no resuming");
2294 0 : return;
2295 : }
2296 1 : log_debug(layer_hint?LD_APP:LD_EXIT,"resuming");
2297 :
2298 1 : if (CIRCUIT_IS_ORIGIN(circ))
2299 1 : circuit_resume_edge_reading_helper(TO_ORIGIN_CIRCUIT(circ)->p_streams,
2300 : circ, layer_hint);
2301 : else
2302 0 : circuit_resume_edge_reading_helper(TO_OR_CIRCUIT(circ)->n_streams,
2303 : circ, layer_hint);
2304 : }
2305 :
2306 : /** A helper function for circuit_resume_edge_reading() above.
2307 : * The arguments are the same, except that <b>conn</b> is the head
2308 : * of a linked list of edge streams that should each be considered.
2309 : */
2310 : static int
2311 1 : circuit_resume_edge_reading_helper(edge_connection_t *first_conn,
2312 : circuit_t *circ,
2313 : crypt_path_t *layer_hint)
2314 : {
2315 1 : edge_connection_t *conn;
2316 1 : int n_packaging_streams, n_streams_left;
2317 1 : int packaged_this_round;
2318 1 : int cells_on_queue;
2319 1 : int cells_per_conn;
2320 1 : edge_connection_t *chosen_stream = NULL;
2321 1 : int max_to_package;
2322 :
2323 1 : if (first_conn == NULL) {
2324 : /* Don't bother to try to do the rest of this if there are no connections
2325 : * to resume. */
2326 : return 0;
2327 : }
2328 :
2329 : /* How many cells do we have space for? It will be the minimum of
2330 : * the number needed to exhaust the package window, and the minimum
2331 : * needed to fill the cell queue. */
2332 0 : max_to_package = circ->package_window;
2333 0 : if (CIRCUIT_IS_ORIGIN(circ)) {
2334 0 : cells_on_queue = circ->n_chan_cells.n;
2335 : } else {
2336 0 : or_circuit_t *or_circ = TO_OR_CIRCUIT(circ);
2337 0 : cells_on_queue = or_circ->p_chan_cells.n;
2338 : }
2339 0 : if (CELL_QUEUE_HIGHWATER_SIZE - cells_on_queue < max_to_package)
2340 : max_to_package = CELL_QUEUE_HIGHWATER_SIZE - cells_on_queue;
2341 :
2342 : /* Once we used to start listening on the streams in the order they
2343 : * appeared in the linked list. That leads to starvation on the
2344 : * streams that appeared later on the list, since the first streams
2345 : * would always get to read first. Instead, we just pick a random
2346 : * stream on the list, and enable reading for streams starting at that
2347 : * point (and wrapping around as if the list were circular). It would
2348 : * probably be better to actually remember which streams we've
2349 : * serviced in the past, but this is simple and effective. */
2350 :
2351 : /* Select a stream uniformly at random from the linked list. We
2352 : * don't need cryptographic randomness here. */
2353 : {
2354 0 : int num_streams = 0;
2355 0 : for (conn = first_conn; conn; conn = conn->next_stream) {
2356 0 : num_streams++;
2357 :
2358 0 : if (crypto_fast_rng_one_in_n(get_thread_fast_rng(), num_streams)) {
2359 0 : chosen_stream = conn;
2360 : }
2361 : /* Invariant: chosen_stream has been chosen uniformly at random from
2362 : * among the first num_streams streams on first_conn.
2363 : *
2364 : * (Note that we iterate over every stream on the circuit, so that after
2365 : * we've considered the first stream, we've chosen it with P=1; and
2366 : * after we consider the second stream, we've switched to it with P=1/2
2367 : * and stayed with the first stream with P=1/2; and after we've
2368 : * considered the third stream, we've switched to it with P=1/3 and
2369 : * remained with one of the first two streams with P=(2/3), giving each
2370 : * one P=(1/2)(2/3) )=(1/3).) */
2371 : }
2372 : }
2373 :
2374 : /* Count how many non-marked streams there are that have anything on
2375 : * their inbuf, and enable reading on all of the connections. */
2376 : n_packaging_streams = 0;
2377 : /* Activate reading starting from the chosen stream */
2378 0 : for (conn=chosen_stream; conn; conn = conn->next_stream) {
2379 : /* Start reading for the streams starting from here */
2380 0 : if (conn->base_.marked_for_close || conn->package_window <= 0)
2381 0 : continue;
2382 0 : if (!layer_hint || conn->cpath_layer == layer_hint) {
2383 0 : connection_start_reading(TO_CONN(conn));
2384 :
2385 0 : if (connection_get_inbuf_len(TO_CONN(conn)) > 0)
2386 0 : ++n_packaging_streams;
2387 : }
2388 : }
2389 : /* Go back and do the ones we skipped, circular-style */
2390 0 : for (conn = first_conn; conn != chosen_stream; conn = conn->next_stream) {
2391 0 : if (conn->base_.marked_for_close || conn->package_window <= 0)
2392 0 : continue;
2393 0 : if (!layer_hint || conn->cpath_layer == layer_hint) {
2394 0 : connection_start_reading(TO_CONN(conn));
2395 :
2396 0 : if (connection_get_inbuf_len(TO_CONN(conn)) > 0)
2397 0 : ++n_packaging_streams;
2398 : }
2399 : }
2400 :
2401 0 : if (n_packaging_streams == 0) /* avoid divide-by-zero */
2402 : return 0;
2403 :
2404 0 : again:
2405 :
2406 0 : cells_per_conn = CEIL_DIV(max_to_package, n_packaging_streams);
2407 :
2408 0 : packaged_this_round = 0;
2409 0 : n_streams_left = 0;
2410 :
2411 : /* Iterate over all connections. Package up to cells_per_conn cells on
2412 : * each. Update packaged_this_round with the total number of cells
2413 : * packaged, and n_streams_left with the number that still have data to
2414 : * package.
2415 : */
2416 0 : for (conn=first_conn; conn; conn=conn->next_stream) {
2417 0 : if (conn->base_.marked_for_close || conn->package_window <= 0)
2418 0 : continue;
2419 0 : if (!layer_hint || conn->cpath_layer == layer_hint) {
2420 0 : int n = cells_per_conn, r;
2421 : /* handle whatever might still be on the inbuf */
2422 0 : r = connection_edge_package_raw_inbuf(conn, 1, &n);
2423 :
2424 : /* Note how many we packaged */
2425 0 : packaged_this_round += (cells_per_conn-n);
2426 :
2427 0 : if (r<0) {
2428 : /* Problem while packaging. (We already sent an end cell if
2429 : * possible) */
2430 0 : connection_mark_for_close(TO_CONN(conn));
2431 0 : continue;
2432 : }
2433 :
2434 : /* If there's still data to read, we'll be coming back to this stream. */
2435 0 : if (connection_get_inbuf_len(TO_CONN(conn)))
2436 0 : ++n_streams_left;
2437 :
2438 : /* If the circuit won't accept any more data, return without looking
2439 : * at any more of the streams. Any connections that should be stopped
2440 : * have already been stopped by connection_edge_package_raw_inbuf. */
2441 0 : if (circuit_consider_stop_edge_reading(circ, layer_hint))
2442 0 : return -1;
2443 : /* XXXX should we also stop immediately if we fill up the cell queue?
2444 : * Probably. */
2445 : }
2446 : }
2447 :
2448 : /* If we made progress, and we are willing to package more, and there are
2449 : * any streams left that want to package stuff... try again!
2450 : */
2451 0 : if (packaged_this_round && packaged_this_round < max_to_package &&
2452 : n_streams_left) {
2453 0 : max_to_package -= packaged_this_round;
2454 0 : n_packaging_streams = n_streams_left;
2455 0 : goto again;
2456 : }
2457 :
2458 : return 0;
2459 : }
2460 :
2461 : /** Check if the package window for <b>circ</b> is empty (at
2462 : * hop <b>layer_hint</b> if it's defined).
2463 : *
2464 : * If yes, tell edge streams to stop reading and return 1.
2465 : * Else return 0.
2466 : */
2467 : static int
2468 2 : circuit_consider_stop_edge_reading(circuit_t *circ, crypt_path_t *layer_hint)
2469 : {
2470 2 : edge_connection_t *conn = NULL;
2471 2 : unsigned domain = layer_hint ? LD_APP : LD_EXIT;
2472 :
2473 2 : if (!layer_hint) {
2474 0 : or_circuit_t *or_circ = TO_OR_CIRCUIT(circ);
2475 0 : log_debug(domain,"considering circ->package_window %d",
2476 : circ->package_window);
2477 0 : if (circ->package_window <= 0) {
2478 0 : log_debug(domain,"yes, not-at-origin. stopped.");
2479 0 : for (conn = or_circ->n_streams; conn; conn=conn->next_stream)
2480 0 : connection_stop_reading(TO_CONN(conn));
2481 : return 1;
2482 : }
2483 : return 0;
2484 : }
2485 : /* else, layer hint is defined, use it */
2486 2 : log_debug(domain,"considering layer_hint->package_window %d",
2487 : layer_hint->package_window);
2488 2 : if (layer_hint->package_window <= 0) {
2489 0 : log_debug(domain,"yes, at-origin. stopped.");
2490 0 : for (conn = TO_ORIGIN_CIRCUIT(circ)->p_streams; conn;
2491 0 : conn=conn->next_stream) {
2492 0 : if (conn->cpath_layer == layer_hint)
2493 0 : connection_stop_reading(TO_CONN(conn));
2494 : }
2495 : return 1;
2496 : }
2497 : return 0;
2498 : }
2499 :
2500 : /** The total number of cells we have allocated. */
2501 : static size_t total_cells_allocated = 0;
2502 :
2503 : /** Release storage held by <b>cell</b>. */
2504 : static inline void
2505 721 : packed_cell_free_unchecked(packed_cell_t *cell)
2506 : {
2507 721 : --total_cells_allocated;
2508 721 : tor_free(cell);
2509 721 : }
2510 :
2511 : /** Allocate and return a new packed_cell_t. */
2512 : STATIC packed_cell_t *
2513 721 : packed_cell_new(void)
2514 : {
2515 721 : ++total_cells_allocated;
2516 721 : return tor_malloc_zero(sizeof(packed_cell_t));
2517 : }
2518 :
2519 : /** Return a packed cell used outside by channel_t lower layer */
2520 : void
2521 12 : packed_cell_free_(packed_cell_t *cell)
2522 : {
2523 12 : if (!cell)
2524 : return;
2525 8 : packed_cell_free_unchecked(cell);
2526 : }
2527 :
2528 : /** Log current statistics for cell pool allocation at log level
2529 : * <b>severity</b>. */
2530 : void
2531 0 : dump_cell_pool_usage(int severity)
2532 : {
2533 0 : int n_circs = 0;
2534 0 : int n_cells = 0;
2535 0 : SMARTLIST_FOREACH_BEGIN(circuit_get_global_list(), circuit_t *, c) {
2536 0 : n_cells += c->n_chan_cells.n;
2537 0 : if (!CIRCUIT_IS_ORIGIN(c))
2538 0 : n_cells += TO_OR_CIRCUIT(c)->p_chan_cells.n;
2539 0 : ++n_circs;
2540 : }
2541 0 : SMARTLIST_FOREACH_END(c);
2542 0 : tor_log(severity, LD_MM,
2543 : "%d cells allocated on %d circuits. %d cells leaked.",
2544 0 : n_cells, n_circs, (int)total_cells_allocated - n_cells);
2545 0 : }
2546 :
2547 : /** Allocate a new copy of packed <b>cell</b>. */
2548 : static inline packed_cell_t *
2549 708 : packed_cell_copy(const cell_t *cell, int wide_circ_ids)
2550 : {
2551 708 : packed_cell_t *c = packed_cell_new();
2552 708 : cell_pack(c, cell, wide_circ_ids);
2553 708 : return c;
2554 : }
2555 :
2556 : /** Append <b>cell</b> to the end of <b>queue</b>. */
2557 : void
2558 722 : cell_queue_append(cell_queue_t *queue, packed_cell_t *cell)
2559 : {
2560 722 : TOR_SIMPLEQ_INSERT_TAIL(&queue->head, cell, next);
2561 722 : ++queue->n;
2562 722 : }
2563 :
2564 : /** Append a newly allocated copy of <b>cell</b> to the end of the
2565 : * <b>exitward</b> (or app-ward) <b>queue</b> of <b>circ</b>. If
2566 : * <b>use_stats</b> is true, record statistics about the cell.
2567 : */
2568 : void
2569 708 : cell_queue_append_packed_copy(circuit_t *circ, cell_queue_t *queue,
2570 : int exitward, const cell_t *cell,
2571 : int wide_circ_ids, int use_stats)
2572 : {
2573 708 : packed_cell_t *copy = packed_cell_copy(cell, wide_circ_ids);
2574 708 : (void)circ;
2575 708 : (void)exitward;
2576 708 : (void)use_stats;
2577 :
2578 708 : copy->inserted_timestamp = monotime_coarse_get_stamp();
2579 :
2580 708 : cell_queue_append(queue, copy);
2581 708 : }
2582 :
2583 : /** Initialize <b>queue</b> as an empty cell queue. */
2584 : void
2585 288 : cell_queue_init(cell_queue_t *queue)
2586 : {
2587 288 : memset(queue, 0, sizeof(cell_queue_t));
2588 288 : TOR_SIMPLEQ_INIT(&queue->head);
2589 288 : }
2590 :
2591 : /** Remove and free every cell in <b>queue</b>. */
2592 : void
2593 212 : cell_queue_clear(cell_queue_t *queue)
2594 : {
2595 212 : packed_cell_t *cell;
2596 925 : while ((cell = TOR_SIMPLEQ_FIRST(&queue->head))) {
2597 713 : TOR_SIMPLEQ_REMOVE_HEAD(&queue->head, next);
2598 713 : packed_cell_free_unchecked(cell);
2599 : }
2600 212 : TOR_SIMPLEQ_INIT(&queue->head);
2601 212 : queue->n = 0;
2602 212 : }
2603 :
2604 : /** Extract and return the cell at the head of <b>queue</b>; return NULL if
2605 : * <b>queue</b> is empty. */
2606 : STATIC packed_cell_t *
2607 12 : cell_queue_pop(cell_queue_t *queue)
2608 : {
2609 12 : packed_cell_t *cell = TOR_SIMPLEQ_FIRST(&queue->head);
2610 12 : if (!cell)
2611 : return NULL;
2612 9 : TOR_SIMPLEQ_REMOVE_HEAD(&queue->head, next);
2613 9 : --queue->n;
2614 9 : return cell;
2615 : }
2616 :
2617 : /** Initialize <b>queue</b> as an empty cell queue. */
2618 : void
2619 200 : destroy_cell_queue_init(destroy_cell_queue_t *queue)
2620 : {
2621 200 : memset(queue, 0, sizeof(destroy_cell_queue_t));
2622 200 : TOR_SIMPLEQ_INIT(&queue->head);
2623 200 : }
2624 :
2625 : /** Remove and free every cell in <b>queue</b>. */
2626 : void
2627 199 : destroy_cell_queue_clear(destroy_cell_queue_t *queue)
2628 : {
2629 199 : destroy_cell_t *cell;
2630 202 : while ((cell = TOR_SIMPLEQ_FIRST(&queue->head))) {
2631 3 : TOR_SIMPLEQ_REMOVE_HEAD(&queue->head, next);
2632 3 : tor_free(cell);
2633 : }
2634 199 : TOR_SIMPLEQ_INIT(&queue->head);
2635 199 : queue->n = 0;
2636 199 : }
2637 :
2638 : /** Extract and return the cell at the head of <b>queue</b>; return NULL if
2639 : * <b>queue</b> is empty. */
2640 : STATIC destroy_cell_t *
2641 1 : destroy_cell_queue_pop(destroy_cell_queue_t *queue)
2642 : {
2643 1 : destroy_cell_t *cell = TOR_SIMPLEQ_FIRST(&queue->head);
2644 1 : if (!cell)
2645 : return NULL;
2646 1 : TOR_SIMPLEQ_REMOVE_HEAD(&queue->head, next);
2647 1 : --queue->n;
2648 1 : return cell;
2649 : }
2650 :
2651 : /** Append a destroy cell for <b>circid</b> to <b>queue</b>. */
2652 : void
2653 4 : destroy_cell_queue_append(destroy_cell_queue_t *queue,
2654 : circid_t circid,
2655 : uint8_t reason)
2656 : {
2657 4 : destroy_cell_t *cell = tor_malloc_zero(sizeof(destroy_cell_t));
2658 4 : cell->circid = circid;
2659 4 : cell->reason = reason;
2660 : /* Not yet used, but will be required for OOM handling. */
2661 4 : cell->inserted_timestamp = monotime_coarse_get_stamp();
2662 :
2663 4 : TOR_SIMPLEQ_INSERT_TAIL(&queue->head, cell, next);
2664 4 : ++queue->n;
2665 4 : }
2666 :
2667 : /** Convert a destroy_cell_t to a newly allocated cell_t. Frees its input. */
2668 : static packed_cell_t *
2669 0 : destroy_cell_to_packed_cell(destroy_cell_t *inp, int wide_circ_ids)
2670 : {
2671 0 : packed_cell_t *packed = packed_cell_new();
2672 0 : cell_t cell;
2673 0 : memset(&cell, 0, sizeof(cell));
2674 0 : cell.circ_id = inp->circid;
2675 0 : cell.command = CELL_DESTROY;
2676 0 : cell.payload[0] = inp->reason;
2677 0 : cell_pack(packed, &cell, wide_circ_ids);
2678 :
2679 0 : tor_free(inp);
2680 0 : return packed;
2681 : }
2682 :
2683 : /** Return the total number of bytes used for each packed_cell in a queue.
2684 : * Approximate. */
2685 : size_t
2686 45 : packed_cell_mem_cost(void)
2687 : {
2688 45 : return sizeof(packed_cell_t);
2689 : }
2690 :
2691 : /* DOCDOC */
2692 : size_t
2693 30 : cell_queues_get_total_allocation(void)
2694 : {
2695 30 : return total_cells_allocated * packed_cell_mem_cost();
2696 : }
2697 :
2698 : /** How long after we've been low on memory should we try to conserve it? */
2699 : #define MEMORY_PRESSURE_INTERVAL (30*60)
2700 :
2701 : /** The time at which we were last low on memory. */
2702 : static time_t last_time_under_memory_pressure = 0;
2703 :
2704 : /** Statistics on how many bytes were removed by the OOM per type. */
2705 : uint64_t oom_stats_n_bytes_removed_dns = 0;
2706 : uint64_t oom_stats_n_bytes_removed_cell = 0;
2707 : uint64_t oom_stats_n_bytes_removed_geoip = 0;
2708 : uint64_t oom_stats_n_bytes_removed_hsdir = 0;
2709 :
2710 : /** Check whether we've got too much space used for cells. If so,
2711 : * call the OOM handler and return 1. Otherwise, return 0. */
2712 : STATIC int
2713 12 : cell_queues_check_size(void)
2714 : {
2715 12 : size_t removed = 0;
2716 12 : time_t now = time(NULL);
2717 12 : size_t alloc = cell_queues_get_total_allocation();
2718 12 : alloc += half_streams_get_total_allocation();
2719 12 : alloc += buf_get_total_allocation();
2720 12 : alloc += tor_compress_get_total_allocation();
2721 12 : const size_t hs_cache_total = hs_cache_get_total_allocation();
2722 12 : alloc += hs_cache_total;
2723 12 : const size_t geoip_client_cache_total =
2724 12 : geoip_client_cache_total_allocation();
2725 12 : alloc += geoip_client_cache_total;
2726 12 : const size_t dns_cache_total = dns_cache_total_allocation();
2727 12 : alloc += dns_cache_total;
2728 12 : if (alloc >= get_options()->MaxMemInQueues_low_threshold) {
2729 12 : last_time_under_memory_pressure = approx_time();
2730 12 : if (alloc >= get_options()->MaxMemInQueues) {
2731 : /* Note this overload down */
2732 7 : rep_hist_note_overload(OVERLOAD_GENERAL);
2733 :
2734 : /* If we're spending over 20% of the memory limit on hidden service
2735 : * descriptors, free them until we're down to 10%. Do the same for geoip
2736 : * client cache. */
2737 7 : if (hs_cache_total > get_options()->MaxMemInQueues / 5) {
2738 0 : const size_t bytes_to_remove =
2739 0 : hs_cache_total - (size_t)(get_options()->MaxMemInQueues / 10);
2740 0 : removed = hs_cache_handle_oom(now, bytes_to_remove);
2741 0 : oom_stats_n_bytes_removed_hsdir += removed;
2742 0 : alloc -= removed;
2743 : }
2744 7 : if (geoip_client_cache_total > get_options()->MaxMemInQueues / 5) {
2745 0 : const size_t bytes_to_remove =
2746 : geoip_client_cache_total -
2747 0 : (size_t)(get_options()->MaxMemInQueues / 10);
2748 0 : removed = geoip_client_cache_handle_oom(now, bytes_to_remove);
2749 0 : oom_stats_n_bytes_removed_geoip += removed;
2750 0 : alloc -= removed;
2751 : }
2752 7 : if (dns_cache_total > get_options()->MaxMemInQueues / 5) {
2753 8 : const size_t bytes_to_remove =
2754 4 : dns_cache_total - (size_t)(get_options()->MaxMemInQueues / 10);
2755 4 : removed = dns_cache_handle_oom(now, bytes_to_remove);
2756 4 : oom_stats_n_bytes_removed_dns += removed;
2757 4 : alloc -= removed;
2758 : }
2759 7 : removed = circuits_handle_oom(alloc);
2760 7 : oom_stats_n_bytes_removed_cell += removed;
2761 7 : return 1;
2762 : }
2763 : }
2764 : return 0;
2765 : }
2766 :
2767 : /** Return true if we've been under memory pressure in the last
2768 : * MEMORY_PRESSURE_INTERVAL seconds. */
2769 : int
2770 0 : have_been_under_memory_pressure(void)
2771 : {
2772 0 : return last_time_under_memory_pressure + MEMORY_PRESSURE_INTERVAL
2773 0 : < approx_time();
2774 : }
2775 :
2776 : /**
2777 : * Update the number of cells available on the circuit's n_chan or p_chan's
2778 : * circuit mux.
2779 : */
2780 : void
2781 5 : update_circuit_on_cmux_(circuit_t *circ, cell_direction_t direction,
2782 : const char *file, int lineno)
2783 : {
2784 5 : channel_t *chan = NULL;
2785 5 : or_circuit_t *or_circ = NULL;
2786 5 : circuitmux_t *cmux = NULL;
2787 :
2788 5 : tor_assert(circ);
2789 :
2790 : /* Okay, get the channel */
2791 5 : if (direction == CELL_DIRECTION_OUT) {
2792 3 : chan = circ->n_chan;
2793 : } else {
2794 2 : or_circ = TO_OR_CIRCUIT(circ);
2795 2 : chan = or_circ->p_chan;
2796 : }
2797 :
2798 5 : tor_assert(chan);
2799 5 : tor_assert(chan->cmux);
2800 :
2801 : /* Now get the cmux */
2802 5 : cmux = chan->cmux;
2803 :
2804 : /* Cmux sanity check */
2805 5 : if (! circuitmux_is_circuit_attached(cmux, circ)) {
2806 0 : log_warn(LD_BUG, "called on non-attached circuit from %s:%d",
2807 : file, lineno);
2808 0 : return;
2809 : }
2810 5 : tor_assert(circuitmux_attached_circuit_direction(cmux, circ) == direction);
2811 :
2812 : /* Update the number of cells we have for the circuit mux */
2813 5 : if (direction == CELL_DIRECTION_OUT) {
2814 3 : circuitmux_set_num_cells(cmux, circ, circ->n_chan_cells.n);
2815 : } else {
2816 2 : circuitmux_set_num_cells(cmux, circ, or_circ->p_chan_cells.n);
2817 : }
2818 : }
2819 :
2820 : /** Remove all circuits from the cmux on <b>chan</b>.
2821 : *
2822 : * If <b>circuits_out</b> is non-NULL, add all detached circuits to
2823 : * <b>circuits_out</b>.
2824 : **/
2825 : void
2826 19 : channel_unlink_all_circuits(channel_t *chan, smartlist_t *circuits_out)
2827 : {
2828 19 : tor_assert(chan);
2829 19 : tor_assert(chan->cmux);
2830 :
2831 19 : circuitmux_detach_all_circuits(chan->cmux, circuits_out);
2832 19 : chan->num_n_circuits = 0;
2833 19 : chan->num_p_circuits = 0;
2834 19 : }
2835 :
2836 : /** Block (if <b>block</b> is true) or unblock (if <b>block</b> is false)
2837 : * every edge connection that is using <b>circ</b> to write to <b>chan</b>,
2838 : * and start or stop reading as appropriate.
2839 : *
2840 : * If <b>stream_id</b> is nonzero, block only the edge connection whose
2841 : * stream_id matches it.
2842 : *
2843 : * Returns the number of streams whose status we changed.
2844 : */
2845 : static int
2846 0 : set_streams_blocked_on_circ(circuit_t *circ, channel_t *chan,
2847 : int block, streamid_t stream_id)
2848 : {
2849 0 : edge_connection_t *edge = NULL;
2850 0 : int n = 0;
2851 0 : if (circ->n_chan == chan) {
2852 0 : circ->streams_blocked_on_n_chan = block;
2853 0 : if (CIRCUIT_IS_ORIGIN(circ))
2854 0 : edge = TO_ORIGIN_CIRCUIT(circ)->p_streams;
2855 : } else {
2856 0 : circ->streams_blocked_on_p_chan = block;
2857 0 : tor_assert(!CIRCUIT_IS_ORIGIN(circ));
2858 0 : edge = TO_OR_CIRCUIT(circ)->n_streams;
2859 : }
2860 :
2861 0 : for (; edge; edge = edge->next_stream) {
2862 0 : connection_t *conn = TO_CONN(edge);
2863 0 : if (stream_id && edge->stream_id != stream_id)
2864 0 : continue;
2865 :
2866 0 : if (edge->edge_blocked_on_circ != block) {
2867 0 : ++n;
2868 0 : edge->edge_blocked_on_circ = block;
2869 : }
2870 :
2871 0 : if (!conn->read_event) {
2872 : /* This connection is a placeholder for something; probably a DNS
2873 : * request. It can't actually stop or start reading.*/
2874 0 : continue;
2875 : }
2876 :
2877 0 : if (block) {
2878 0 : if (connection_is_reading(conn))
2879 0 : connection_stop_reading(conn);
2880 : } else {
2881 : /* Is this right? */
2882 0 : if (!connection_is_reading(conn))
2883 0 : connection_start_reading(conn);
2884 : }
2885 : }
2886 :
2887 0 : return n;
2888 : }
2889 :
2890 : /** Extract the command from a packed cell. */
2891 : uint8_t
2892 4 : packed_cell_get_command(const packed_cell_t *cell, int wide_circ_ids)
2893 : {
2894 4 : if (wide_circ_ids) {
2895 0 : return get_uint8(cell->body+4);
2896 : } else {
2897 4 : return get_uint8(cell->body+2);
2898 : }
2899 : }
2900 :
2901 : /** Extract the circuit ID from a packed cell. */
2902 : circid_t
2903 0 : packed_cell_get_circid(const packed_cell_t *cell, int wide_circ_ids)
2904 : {
2905 0 : if (wide_circ_ids) {
2906 0 : return ntohl(get_uint32(cell->body));
2907 : } else {
2908 0 : return ntohs(get_uint16(cell->body));
2909 : }
2910 : }
2911 :
2912 : /** Pull as many cells as possible (but no more than <b>max</b>) from the
2913 : * queue of the first active circuit on <b>chan</b>, and write them to
2914 : * <b>chan</b>->outbuf. Return the number of cells written. Advance
2915 : * the active circuit pointer to the next active circuit in the ring. */
2916 2 : MOCK_IMPL(int,
2917 : channel_flush_from_first_active_circuit, (channel_t *chan, int max))
2918 : {
2919 2 : circuitmux_t *cmux = NULL;
2920 2 : int n_flushed = 0;
2921 2 : cell_queue_t *queue;
2922 2 : destroy_cell_queue_t *destroy_queue=NULL;
2923 2 : circuit_t *circ;
2924 2 : or_circuit_t *or_circ;
2925 2 : int streams_blocked;
2926 2 : packed_cell_t *cell;
2927 :
2928 : /* Get the cmux */
2929 2 : tor_assert(chan);
2930 2 : tor_assert(chan->cmux);
2931 4 : cmux = chan->cmux;
2932 :
2933 : /* Main loop: pick a circuit, send a cell, update the cmux */
2934 4 : while (n_flushed < max) {
2935 2 : circ = circuitmux_get_first_active_circuit(cmux, &destroy_queue);
2936 2 : if (destroy_queue) {
2937 0 : destroy_cell_t *dcell;
2938 : /* this code is duplicated from some of the logic below. Ugly! XXXX */
2939 : /* If we are given a destroy_queue here, then it is required to be
2940 : * nonempty... */
2941 0 : tor_assert(destroy_queue->n > 0);
2942 0 : dcell = destroy_cell_queue_pop(destroy_queue);
2943 : /* ...and pop() will always yield a cell from a nonempty queue. */
2944 0 : tor_assert(dcell);
2945 : /* frees dcell */
2946 0 : cell = destroy_cell_to_packed_cell(dcell, chan->wide_circ_ids);
2947 : /* Send the DESTROY cell. It is very unlikely that this fails but just
2948 : * in case, get rid of the channel. */
2949 0 : if (channel_write_packed_cell(chan, cell) < 0) {
2950 : /* The cell has been freed. */
2951 0 : channel_mark_for_close(chan);
2952 0 : continue;
2953 : }
2954 : /* Update the cmux destroy counter */
2955 0 : circuitmux_notify_xmit_destroy(cmux);
2956 0 : cell = NULL;
2957 0 : ++n_flushed;
2958 0 : continue;
2959 : }
2960 : /* If it returns NULL, no cells left to send */
2961 2 : if (!circ) break;
2962 :
2963 2 : if (circ->n_chan == chan) {
2964 2 : queue = &circ->n_chan_cells;
2965 2 : streams_blocked = circ->streams_blocked_on_n_chan;
2966 : } else {
2967 0 : or_circ = TO_OR_CIRCUIT(circ);
2968 0 : tor_assert(or_circ->p_chan == chan);
2969 0 : queue = &TO_OR_CIRCUIT(circ)->p_chan_cells;
2970 0 : streams_blocked = circ->streams_blocked_on_p_chan;
2971 : }
2972 :
2973 : /* Circuitmux told us this was active, so it should have cells */
2974 2 : if (/*BUG(*/ queue->n == 0 /*)*/) {
2975 0 : log_warn(LD_BUG, "Found a supposedly active circuit with no cells "
2976 : "to send. Trying to recover.");
2977 0 : circuitmux_set_num_cells(cmux, circ, 0);
2978 0 : if (! circ->marked_for_close)
2979 0 : circuit_mark_for_close(circ, END_CIRC_REASON_INTERNAL);
2980 0 : continue;
2981 : }
2982 :
2983 2 : tor_assert(queue->n > 0);
2984 :
2985 : /*
2986 : * Get just one cell here; once we've sent it, that can change the circuit
2987 : * selection, so we have to loop around for another even if this circuit
2988 : * has more than one.
2989 : */
2990 2 : cell = cell_queue_pop(queue);
2991 :
2992 : /* Calculate the exact time that this cell has spent in the queue. */
2993 2 : if (get_options()->CellStatistics ||
2994 2 : get_options()->TestingEnableCellStatsEvent) {
2995 0 : uint32_t timestamp_now = monotime_coarse_get_stamp();
2996 0 : uint32_t msec_waiting =
2997 0 : (uint32_t) monotime_coarse_stamp_units_to_approx_msec(
2998 0 : timestamp_now - cell->inserted_timestamp);
2999 :
3000 0 : if (get_options()->CellStatistics && !CIRCUIT_IS_ORIGIN(circ)) {
3001 0 : or_circ = TO_OR_CIRCUIT(circ);
3002 0 : or_circ->total_cell_waiting_time += msec_waiting;
3003 0 : or_circ->processed_cells++;
3004 : }
3005 :
3006 0 : if (get_options()->TestingEnableCellStatsEvent) {
3007 0 : uint8_t command = packed_cell_get_command(cell, chan->wide_circ_ids);
3008 :
3009 0 : testing_cell_stats_entry_t *ent =
3010 0 : tor_malloc_zero(sizeof(testing_cell_stats_entry_t));
3011 0 : ent->command = command;
3012 0 : ent->waiting_time = msec_waiting / 10;
3013 0 : ent->removed = 1;
3014 0 : if (circ->n_chan == chan)
3015 0 : ent->exitward = 1;
3016 0 : if (!circ->testing_cell_stats)
3017 0 : circ->testing_cell_stats = smartlist_new();
3018 0 : smartlist_add(circ->testing_cell_stats, ent);
3019 : }
3020 : }
3021 :
3022 : /* If we just flushed our queue and this circuit is used for a
3023 : * tunneled directory request, possibly advance its state. */
3024 2 : if (queue->n == 0 && chan->dirreq_id)
3025 0 : geoip_change_dirreq_state(chan->dirreq_id,
3026 : DIRREQ_TUNNELED,
3027 : DIRREQ_CIRC_QUEUE_FLUSHED);
3028 :
3029 : /* Now send the cell. It is very unlikely that this fails but just in
3030 : * case, get rid of the channel. */
3031 2 : if (channel_write_packed_cell(chan, cell) < 0) {
3032 : /* The cell has been freed at this point. */
3033 0 : channel_mark_for_close(chan);
3034 0 : continue;
3035 : }
3036 2 : cell = NULL;
3037 :
3038 : /*
3039 : * Don't packed_cell_free_unchecked(cell) here because the channel will
3040 : * do so when it gets out of the channel queue (probably already did, in
3041 : * which case that was an immediate double-free bug).
3042 : */
3043 :
3044 : /* Update the counter */
3045 2 : ++n_flushed;
3046 :
3047 : /*
3048 : * Now update the cmux; tell it we've just sent a cell, and how many
3049 : * we have left.
3050 : */
3051 2 : circuitmux_notify_xmit_cells(cmux, circ, 1);
3052 2 : circuitmux_set_num_cells(cmux, circ, queue->n);
3053 2 : if (queue->n == 0)
3054 1 : log_debug(LD_GENERAL, "Made a circuit inactive.");
3055 :
3056 : /* Is the cell queue low enough to unblock all the streams that are waiting
3057 : * to write to this circuit? */
3058 2 : if (streams_blocked && queue->n <= CELL_QUEUE_LOWWATER_SIZE)
3059 0 : set_streams_blocked_on_circ(circ, chan, 0, 0); /* unblock streams */
3060 :
3061 : /* If n_flushed < max still, loop around and pick another circuit */
3062 : }
3063 :
3064 : /* Okay, we're done sending now */
3065 2 : return n_flushed;
3066 : }
3067 :
3068 : /* Minimum value is the maximum circuit window size.
3069 : *
3070 : * SENDME cells makes it that we can control how many cells can be inflight on
3071 : * a circuit from end to end. This logic makes it that on any circuit cell
3072 : * queue, we have a maximum of cells possible.
3073 : *
3074 : * Because the Tor protocol allows for a client to exit at any hop in a
3075 : * circuit and a circuit can be of a maximum of 8 hops, so in theory the
3076 : * normal worst case will be the circuit window start value times the maximum
3077 : * number of hops (8). Having more cells then that means something is wrong.
3078 : *
3079 : * However, because padding cells aren't counted in the package window, we set
3080 : * the maximum size to a reasonably large size for which we expect that we'll
3081 : * never reach in theory. And if we ever do because of future changes, we'll
3082 : * be able to control it with a consensus parameter.
3083 : *
3084 : * XXX: Unfortunately, END cells aren't accounted for in the circuit window
3085 : * which means that for instance if a client opens 8001 streams, the 8001
3086 : * following END cells will queue up in the circuit which will get closed if
3087 : * the max limit is 8000. Which is sad because it is allowed by the Tor
3088 : * protocol. But, we need an upper bound on circuit queue in order to avoid
3089 : * DoS memory pressure so the default size is a middle ground between not
3090 : * having any limit and having a very restricted one. This is why we can also
3091 : * control it through a consensus parameter. */
3092 : #define RELAY_CIRC_CELL_QUEUE_SIZE_MIN CIRCWINDOW_START_MAX
3093 : /* We can't have a consensus parameter above this value. */
3094 : #define RELAY_CIRC_CELL_QUEUE_SIZE_MAX INT32_MAX
3095 : /* Default value is set to a large value so we can handle padding cells
3096 : * properly which aren't accounted for in the SENDME window. Default is 50000
3097 : * allowed cells in the queue resulting in ~25MB. */
3098 : #define RELAY_CIRC_CELL_QUEUE_SIZE_DEFAULT \
3099 : (50 * RELAY_CIRC_CELL_QUEUE_SIZE_MIN)
3100 :
3101 : /* The maximum number of cell a circuit queue can contain. This is updated at
3102 : * every new consensus and controlled by a parameter. */
3103 : static int32_t max_circuit_cell_queue_size =
3104 : RELAY_CIRC_CELL_QUEUE_SIZE_DEFAULT;
3105 :
3106 : /* Called when the consensus has changed. At this stage, the global consensus
3107 : * object has NOT been updated. It is called from
3108 : * notify_before_networkstatus_changes(). */
3109 : void
3110 5 : relay_consensus_has_changed(const networkstatus_t *ns)
3111 : {
3112 5 : tor_assert(ns);
3113 :
3114 : /* Update the circuit max cell queue size from the consensus. */
3115 10 : max_circuit_cell_queue_size =
3116 5 : networkstatus_get_param(ns, "circ_max_cell_queue_size",
3117 : RELAY_CIRC_CELL_QUEUE_SIZE_DEFAULT,
3118 : RELAY_CIRC_CELL_QUEUE_SIZE_MIN,
3119 : RELAY_CIRC_CELL_QUEUE_SIZE_MAX);
3120 5 : }
3121 :
3122 : /** Add <b>cell</b> to the queue of <b>circ</b> writing to <b>chan</b>
3123 : * transmitting in <b>direction</b>.
3124 : *
3125 : * The given <b>cell</b> is copied onto the circuit queue so the caller must
3126 : * cleanup the memory.
3127 : *
3128 : * This function is part of the fast path. */
3129 : void
3130 4 : append_cell_to_circuit_queue(circuit_t *circ, channel_t *chan,
3131 : cell_t *cell, cell_direction_t direction,
3132 : streamid_t fromstream)
3133 : {
3134 4 : or_circuit_t *orcirc = NULL;
3135 4 : cell_queue_t *queue;
3136 4 : int streams_blocked;
3137 4 : int exitward;
3138 4 : if (circ->marked_for_close)
3139 : return;
3140 :
3141 4 : exitward = (direction == CELL_DIRECTION_OUT);
3142 4 : if (exitward) {
3143 2 : queue = &circ->n_chan_cells;
3144 2 : streams_blocked = circ->streams_blocked_on_n_chan;
3145 : } else {
3146 2 : orcirc = TO_OR_CIRCUIT(circ);
3147 2 : queue = &orcirc->p_chan_cells;
3148 2 : streams_blocked = circ->streams_blocked_on_p_chan;
3149 : }
3150 :
3151 4 : if (PREDICT_UNLIKELY(queue->n >= max_circuit_cell_queue_size)) {
3152 0 : log_fn(LOG_PROTOCOL_WARN, LD_PROTOCOL,
3153 : "%s circuit has %d cells in its queue, maximum allowed is %d. "
3154 : "Closing circuit for safety reasons.",
3155 : (exitward) ? "Outbound" : "Inbound", queue->n,
3156 : max_circuit_cell_queue_size);
3157 0 : circuit_mark_for_close(circ, END_CIRC_REASON_RESOURCELIMIT);
3158 0 : stats_n_circ_max_cell_reached++;
3159 0 : return;
3160 : }
3161 :
3162 : /* Very important that we copy to the circuit queue because all calls to
3163 : * this function use the stack for the cell memory. */
3164 4 : cell_queue_append_packed_copy(circ, queue, exitward, cell,
3165 4 : chan->wide_circ_ids, 1);
3166 :
3167 : /* Check and run the OOM if needed. */
3168 4 : if (PREDICT_UNLIKELY(cell_queues_check_size())) {
3169 : /* We ran the OOM handler which might have closed this circuit. */
3170 4 : if (circ->marked_for_close)
3171 : return;
3172 : }
3173 :
3174 : /* If we have too many cells on the circuit, we should stop reading from
3175 : * the edge streams for a while. */
3176 4 : if (!streams_blocked && queue->n >= CELL_QUEUE_HIGHWATER_SIZE)
3177 0 : set_streams_blocked_on_circ(circ, chan, 1, 0); /* block streams */
3178 :
3179 4 : if (streams_blocked && fromstream) {
3180 : /* This edge connection is apparently not blocked; block it. */
3181 0 : set_streams_blocked_on_circ(circ, chan, 1, fromstream);
3182 : }
3183 :
3184 4 : update_circuit_on_cmux(circ, direction);
3185 4 : if (queue->n == 1) {
3186 : /* This was the first cell added to the queue. We just made this
3187 : * circuit active. */
3188 4 : log_debug(LD_GENERAL, "Made a circuit active.");
3189 : }
3190 :
3191 : /* New way: mark this as having waiting cells for the scheduler */
3192 4 : scheduler_channel_has_waiting_cells(chan);
3193 : }
3194 :
3195 : /** Append an encoded value of <b>addr</b> to <b>payload_out</b>, which must
3196 : * have at least 18 bytes of free space. The encoding is, as specified in
3197 : * tor-spec.txt:
3198 : * RESOLVED_TYPE_IPV4 or RESOLVED_TYPE_IPV6 [1 byte]
3199 : * LENGTH [1 byte]
3200 : * ADDRESS [length bytes]
3201 : * Return the number of bytes added, or -1 on error */
3202 : int
3203 0 : append_address_to_payload(uint8_t *payload_out, const tor_addr_t *addr)
3204 : {
3205 0 : uint32_t a;
3206 0 : switch (tor_addr_family(addr)) {
3207 0 : case AF_INET:
3208 0 : payload_out[0] = RESOLVED_TYPE_IPV4;
3209 0 : payload_out[1] = 4;
3210 0 : a = tor_addr_to_ipv4n(addr);
3211 0 : memcpy(payload_out+2, &a, 4);
3212 0 : return 6;
3213 0 : case AF_INET6:
3214 0 : payload_out[0] = RESOLVED_TYPE_IPV6;
3215 0 : payload_out[1] = 16;
3216 0 : memcpy(payload_out+2, tor_addr_to_in6_addr8(addr), 16);
3217 0 : return 18;
3218 : case AF_UNSPEC:
3219 : default:
3220 : return -1;
3221 : }
3222 : }
3223 :
3224 : /** Given <b>payload_len</b> bytes at <b>payload</b>, starting with an address
3225 : * encoded as by append_address_to_payload(), try to decode the address into
3226 : * *<b>addr_out</b>. Return the next byte in the payload after the address on
3227 : * success, or NULL on failure. */
3228 : const uint8_t *
3229 0 : decode_address_from_payload(tor_addr_t *addr_out, const uint8_t *payload,
3230 : int payload_len)
3231 : {
3232 0 : if (payload_len < 2)
3233 : return NULL;
3234 0 : if (payload_len < 2+payload[1])
3235 : return NULL;
3236 :
3237 0 : switch (payload[0]) {
3238 0 : case RESOLVED_TYPE_IPV4:
3239 0 : if (payload[1] != 4)
3240 : return NULL;
3241 0 : tor_addr_from_ipv4n(addr_out, get_uint32(payload+2));
3242 0 : break;
3243 0 : case RESOLVED_TYPE_IPV6:
3244 0 : if (payload[1] != 16)
3245 : return NULL;
3246 0 : tor_addr_from_ipv6_bytes(addr_out, (payload+2));
3247 0 : break;
3248 0 : default:
3249 0 : tor_addr_make_unspec(addr_out);
3250 0 : break;
3251 : }
3252 0 : return payload + 2 + payload[1];
3253 : }
3254 :
3255 : /** Remove all the cells queued on <b>circ</b> for <b>chan</b>. */
3256 : void
3257 0 : circuit_clear_cell_queue(circuit_t *circ, channel_t *chan)
3258 : {
3259 0 : cell_queue_t *queue;
3260 0 : cell_direction_t direction;
3261 :
3262 0 : if (circ->n_chan == chan) {
3263 0 : queue = &circ->n_chan_cells;
3264 0 : direction = CELL_DIRECTION_OUT;
3265 : } else {
3266 0 : or_circuit_t *orcirc = TO_OR_CIRCUIT(circ);
3267 0 : tor_assert(orcirc->p_chan == chan);
3268 0 : queue = &orcirc->p_chan_cells;
3269 0 : direction = CELL_DIRECTION_IN;
3270 : }
3271 :
3272 : /* Clear the queue */
3273 0 : cell_queue_clear(queue);
3274 :
3275 : /* Update the cell counter in the cmux */
3276 0 : if (chan->cmux && circuitmux_is_circuit_attached(chan->cmux, circ))
3277 0 : update_circuit_on_cmux(circ, direction);
3278 0 : }
3279 :
3280 : /** Return 1 if we shouldn't restart reading on this circuit, even if
3281 : * we get a SENDME. Else return 0.
3282 : */
3283 : static int
3284 2 : circuit_queue_streams_are_blocked(circuit_t *circ)
3285 : {
3286 2 : if (CIRCUIT_IS_ORIGIN(circ)) {
3287 2 : return circ->streams_blocked_on_n_chan;
3288 : } else {
3289 0 : return circ->streams_blocked_on_p_chan;
3290 : }
3291 : }
|
