Tor  0.4.7.0-alpha-dev
Macros | Enumerations | Functions | Variables
channeltls.c File Reference

A concrete subclass of channel_t using or_connection_t to transfer cells between Tor instances. More...

#include "core/or/or.h"
#include "core/or/channel.h"
#include "core/or/channeltls.h"
#include "core/or/circuitmux.h"
#include "core/or/circuitmux_ewma.h"
#include "core/or/command.h"
#include "app/config/config.h"
#include "app/config/resolve_addr.h"
#include "core/mainloop/connection.h"
#include "core/or/connection_or.h"
#include "feature/relay/relay_handshake.h"
#include "feature/control/control.h"
#include "feature/client/entrynodes.h"
#include "trunnel/link_handshake.h"
#include "core/or/relay.h"
#include "feature/stats/rephist.h"
#include "feature/relay/router.h"
#include "feature/relay/routermode.h"
#include "feature/nodelist/dirlist.h"
#include "core/or/scheduler.h"
#include "feature/nodelist/torcert.h"
#include "feature/nodelist/networkstatus.h"
#include "trunnel/channelpadding_negotiation.h"
#include "trunnel/netinfo.h"
#include "core/or/channelpadding.h"
#include "core/or/extendinfo.h"
#include "core/or/cell_st.h"
#include "core/or/cell_queue_st.h"
#include "core/or/or_connection_st.h"
#include "core/or/or_handshake_certs_st.h"
#include "core/or/or_handshake_state_st.h"
#include "feature/nodelist/routerinfo_st.h"
#include "core/or/var_cell_st.h"
#include "feature/relay/relay_find_addr.h"
#include "lib/tls/tortls.h"
#include "lib/tls/x509.h"

Go to the source code of this file.

Macros

#define CHANNEL_OBJECT_PRIVATE
 
#define CHANNELTLS_PRIVATE
 
#define PROCESS_CELL(tp, cl, cn)   channel_tls_process_ ## tp ## _cell(cl, cn)
 
#define NETINFO_NOTICE_SKEW   3600
 
#define MAX_CERT_TYPE_WANTED   CERTTYPE_RSA1024_ID_EDID
 
#define ERR(s)
 
#define ERR(s)
 
#define ERR(s)
 

Enumerations

enum  cert_encoding_t { CERT_ENCODING_UNKNOWN , CERT_ENCODING_X509 , CERT_ENCODING_ED25519 , CERT_ENCODING_RSA_CROSSCERT }
 

Functions

static void channel_tls_close_method (channel_t *chan)
 
static const char * channel_tls_describe_transport_method (channel_t *chan)
 
static void channel_tls_free_method (channel_t *chan)
 
static double channel_tls_get_overhead_estimate_method (channel_t *chan)
 
static int channel_tls_get_remote_addr_method (const channel_t *chan, tor_addr_t *addr_out)
 
static int channel_tls_get_transport_name_method (channel_t *chan, char **transport_out)
 
static const char * channel_tls_describe_peer_method (const channel_t *chan)
 
static int channel_tls_has_queued_writes_method (channel_t *chan)
 
static int channel_tls_is_canonical_method (channel_t *chan)
 
static int channel_tls_matches_extend_info_method (channel_t *chan, extend_info_t *extend_info)
 
static int channel_tls_matches_target_method (channel_t *chan, const tor_addr_t *target)
 
static int channel_tls_num_cells_writeable_method (channel_t *chan)
 
static size_t channel_tls_num_bytes_queued_method (channel_t *chan)
 
static int channel_tls_write_cell_method (channel_t *chan, cell_t *cell)
 
static int channel_tls_write_packed_cell_method (channel_t *chan, packed_cell_t *packed_cell)
 
static int channel_tls_write_var_cell_method (channel_t *chan, var_cell_t *var_cell)
 
static void channel_tls_listener_close_method (channel_listener_t *chan_l)
 
static const char * channel_tls_listener_describe_transport_method (channel_listener_t *chan_l)
 
static void channel_tls_process_versions_cell (var_cell_t *cell, channel_tls_t *tlschan)
 
static void channel_tls_process_netinfo_cell (cell_t *cell, channel_tls_t *tlschan)
 
static int command_allowed_before_handshake (uint8_t command)
 
static int enter_v3_handshake_with_cell (var_cell_t *cell, channel_tls_t *tlschan)
 
static void channel_tls_process_padding_negotiate_cell (cell_t *cell, channel_tls_t *chan)
 
STATIC void channel_tls_common_init (channel_tls_t *tlschan)
 
channel_tchannel_tls_connect (const tor_addr_t *addr, uint16_t port, const char *id_digest, const ed25519_public_key_t *ed_id)
 
channel_listener_tchannel_tls_get_listener (void)
 
channel_listener_tchannel_tls_start_listener (void)
 
void channel_tls_free_all (void)
 
channel_tchannel_tls_handle_incoming (or_connection_t *orconn)
 
void channel_mark_as_used_for_origin_circuit (channel_t *chan)
 
channel_tchannel_tls_to_base (channel_tls_t *tlschan)
 
channel_tls_t * channel_tls_from_base (channel_t *chan)
 
const channel_tchannel_tls_to_base_const (const channel_tls_t *tlschan)
 
const channel_tls_t * channel_tls_from_base_const (const channel_t *chan)
 
void channel_tls_handle_state_change_on_orconn (channel_tls_t *chan, or_connection_t *conn, uint8_t state)
 
void channel_tls_handle_cell (cell_t *cell, or_connection_t *conn)
 
void channel_tls_handle_var_cell (var_cell_t *var_cell, or_connection_t *conn)
 
void channel_tls_update_marks (or_connection_t *conn)
 
static int tor_addr_from_netinfo_addr (tor_addr_t *tor_addr, const netinfo_addr_t *netinfo_addr)
 
static time_t time_abs (time_t val)
 
static bool can_process_netinfo_cell (const channel_tls_t *chan)
 
static void mark_channel_tls_endpoint_as_client (channel_tls_t *chan)
 
static cert_encoding_t certs_cell_typenum_to_cert_type (int typenum)
 
STATIC void channel_tls_process_certs_cell (var_cell_t *cell, channel_tls_t *chan)
 
STATIC void channel_tls_process_auth_challenge_cell (var_cell_t *cell, channel_tls_t *chan)
 
STATIC void channel_tls_process_authenticate_cell (var_cell_t *cell, channel_tls_t *chan)
 

Variables

uint64_t stats_n_padding_cells_processed = 0
 
uint64_t stats_n_versions_cells_processed = 0
 
uint64_t stats_n_netinfo_cells_processed = 0
 
uint64_t stats_n_vpadding_cells_processed = 0
 
uint64_t stats_n_certs_cells_processed = 0
 
uint64_t stats_n_auth_challenge_cells_processed = 0
 
uint64_t stats_n_authenticate_cells_processed = 0
 
uint64_t stats_n_authorize_cells_processed = 0
 
static channel_listener_tchannel_tls_listener = NULL
 

Detailed Description

A concrete subclass of channel_t using or_connection_t to transfer cells between Tor instances.

This module fills in the various function pointers in channel_t, to implement the channel_tls_t channels as used in Tor today. These channels are created from channel_tls_connect() and channel_tls_handle_incoming(). Each corresponds 1:1 to or_connection_t object, as implemented in connection_or.c. These channels transmit cells to the underlying or_connection_t by calling connection_or_write_*_cell_to_buf(), and receive cells from the underlying or_connection_t when connection_or_process_cells_from_inbuf() calls channel_tls_handle_*_cell().

Here we also implement the server (responder) side of the v3+ Tor link handshake, which uses CERTS and AUTHENTICATE cell to negotiate versions, exchange expected and observed IP and time information, and bootstrap a level of authentication higher than we have gotten on the raw TLS handshake.

NOTE: Since there is currently only one type of channel, there are probably more than a few cases where functionality that is currently in channeltls.c, connection_or.c, and channel.c ought to be divided up differently. The right time to do this is probably whenever we introduce our next channel type.

Definition in file channeltls.c.

Macro Definition Documentation

◆ ERR [1/3]

#define ERR (   s)
Value:
do { \
log_fn(LOG_PROTOCOL_WARN, LD_PROTOCOL, \
"Received a bad CERTS cell on %s: %s", \
connection_describe(TO_CONN(chan->conn)), \
(s)); \
connection_or_close_for_error(chan->conn, 0); \
goto err; \
} while (0)
const char * connection_describe(const connection_t *conn)
Definition: connection.c:543
#define LD_PROTOCOL
Definition: log.h:72
#define TO_CONN(c)
Definition: or.h:616

◆ ERR [2/3]

#define ERR (   s)
Value:
do { \
log_fn(LOG_PROTOCOL_WARN, LD_PROTOCOL, \
"Received a bad AUTH_CHALLENGE cell on %s: %s", \
connection_describe(TO_CONN(chan->conn)), \
(s)); \
connection_or_close_for_error(chan->conn, 0); \
goto done; \
} while (0)

◆ ERR [3/3]

#define ERR (   s)
Value:
do { \
log_fn(LOG_PROTOCOL_WARN, LD_PROTOCOL, \
"Received a bad AUTHENTICATE cell on %s: %s", \
connection_describe(TO_CONN(chan->conn)), \
(s)); \
connection_or_close_for_error(chan->conn, 0); \
var_cell_free(expected_cell); \
return; \
} while (0)

Enumeration Type Documentation

◆ cert_encoding_t

Types of certificates that we know how to parse from CERTS cells. Each type corresponds to a different encoding format.

Enumerator
CERT_ENCODING_UNKNOWN 

We don't recognize this.

CERT_ENCODING_X509 

It's an RSA key, signed with RSA, encoded in x509. (Actually, it might not be RSA. We test that later.)

CERT_ENCODING_ED25519 

It's something signed with an Ed25519 key, encoded asa a tor_cert_t.

CERT_ENCODING_RSA_CROSSCERT 

It's an Ed key signed with an RSA key.

Definition at line 1986 of file channeltls.c.

Function Documentation

◆ can_process_netinfo_cell()

static bool can_process_netinfo_cell ( const channel_tls_t *  chan)
static

Return true iff the channel can process a NETINFO cell. For this to return true, these channel conditions apply:

  1. Link protocol is version 2 or higher (tor-spec.txt, NETINFO cells section).
  2. Underlying OR connection of the channel is either in v2 or v3 handshaking state.

Definition at line 1708 of file channeltls.c.

◆ certs_cell_typenum_to_cert_type()

static cert_encoding_t certs_cell_typenum_to_cert_type ( int  typenum)
static

Given one of the certificate type codes used in a CERTS cell, return the corresponding cert_encoding_t that we should use to parse the certificate.

Definition at line 2001 of file channeltls.c.

◆ channel_mark_as_used_for_origin_circuit()

void channel_mark_as_used_for_origin_circuit ( channel_t chan)

Set the potentially_used_for_bootstrapping flag on the or_connection_t corresponding to the provided channel.

This flag indicates that if the connection fails, it might be interesting to the bootstrapping subsystem. (The bootstrapping system only cares about channels that we have tried to use for our own circuits. Other channels may have been launched in response to EXTEND cells from somebody else, and if they fail, it won't necessarily indicate a bootstrapping problem.)

Definition at line 374 of file channeltls.c.

◆ channel_tls_close_method()

static void channel_tls_close_method ( channel_t chan)
static

Close a channel_tls_t.

This implements the close method for channel_tls_t.

Definition at line 446 of file channeltls.c.

◆ channel_tls_common_init()

STATIC void channel_tls_common_init ( channel_tls_t *  tlschan)

Do parts of channel_tls_t initialization common to channel_tls_connect() and channel_tls_handle_incoming().

Definition at line 151 of file channeltls.c.

◆ channel_tls_connect()

channel_t* channel_tls_connect ( const tor_addr_t addr,
uint16_t  port,
const char *  id_digest,
const ed25519_public_key_t ed_id 
)

Start a new TLS channel.

Launch a new OR connection to addr:port and expect to handshake with an OR with identity digest id_digest, and wrap it in a channel_tls_t.

Definition at line 191 of file channeltls.c.

Referenced by channel_connect().

◆ channel_tls_describe_peer_method()

static const char * channel_tls_describe_peer_method ( const channel_t chan)
static

Get a human-readable endpoint description of a channel_tls_t.

This format is intended for logging, and may change in the future; nothing should parse or rely on its particular details.

Definition at line 613 of file channeltls.c.

◆ channel_tls_describe_transport_method()

static const char * channel_tls_describe_transport_method ( channel_t chan)
static

Describe the transport for a channel_tls_t.

This returns the string "TLS channel on connection <id>" to the upper layer.

Definition at line 469 of file channeltls.c.

◆ channel_tls_free_all()

void channel_tls_free_all ( void  )

Free everything on shutdown.

Not much to do here, since channel_free_all() takes care of a lot, but let's get rid of the listener.

Definition at line 297 of file channeltls.c.

◆ channel_tls_free_method()

static void channel_tls_free_method ( channel_t chan)
static

Free a channel_tls_t.

This is called by the generic channel layer when freeing a channel_tls_t; this happens either on a channel which has already reached CHANNEL_STATE_CLOSED or CHANNEL_STATE_ERROR from channel_run_cleanup() or on shutdown from channel_free_all(). In the latter case we might still have an orconn active (which connection_free_all() will get to later), so we should null out its channel pointer now.

Definition at line 507 of file channeltls.c.

◆ channel_tls_from_base()

channel_tls_t* channel_tls_from_base ( channel_t chan)

Cast a channel_t to a channel_tls_t, with appropriate type-checking asserts.

Definition at line 408 of file channeltls.c.

Referenced by channel_tls_from_base_const().

◆ channel_tls_from_base_const()

const channel_tls_t* channel_tls_from_base_const ( const channel_t chan)

Cast a const channel_t to a const channel_tls_t, with appropriate type-checking asserts.

Definition at line 431 of file channeltls.c.

◆ channel_tls_get_listener()

channel_listener_t* channel_tls_get_listener ( void  )

Return the current channel_tls_t listener.

Returns the current channel listener for incoming TLS connections, or NULL if none has been established

Definition at line 254 of file channeltls.c.

Referenced by connection_tls_start_handshake().

◆ channel_tls_get_overhead_estimate_method()

static double channel_tls_get_overhead_estimate_method ( channel_t chan)
static

Get an estimate of the average TLS overhead for the upper layer.

Definition at line 523 of file channeltls.c.

◆ channel_tls_get_remote_addr_method()

static int channel_tls_get_remote_addr_method ( const channel_t chan,
tor_addr_t addr_out 
)
static

Get the remote address of a channel_tls_t.

This implements the get_remote_addr method for channel_tls_t; copy the remote endpoint of the channel to addr_out and return 1. (Always succeeds if this channel is attached to an OR connection.)

Always returns the real address of the peer, not the canonical address.

Definition at line 563 of file channeltls.c.

◆ channel_tls_get_transport_name_method()

static int channel_tls_get_transport_name_method ( channel_t chan,
char **  transport_out 
)
static

Get the name of the pluggable transport used by a channel_tls_t.

This implements the get_transport_name for channel_tls_t. If the channel uses a pluggable transport, copy its name to transport_out and return 0. If the channel did not use a pluggable transport, return -1.

Definition at line 591 of file channeltls.c.

◆ channel_tls_handle_cell()

void channel_tls_handle_cell ( cell_t cell,
or_connection_t conn 
)

Handle an incoming cell on a channel_tls_t.

This is called from connection_or.c to handle an arriving cell; it checks for cell types specific to the handshake for this transport protocol and handles them, and queues all other cells to the channel_t layer, which eventually will hand them off to command.c.

The channel layer itself decides whether the cell should be queued or can be handed off immediately to the upper-layer code. It is responsible for copying in the case that it queues; we merely pass pointers through which we get from connection_or_process_cells_from_inbuf().

Definition at line 1066 of file channeltls.c.

◆ channel_tls_handle_incoming()

channel_t* channel_tls_handle_incoming ( or_connection_t orconn)

Create a new channel around an incoming or_connection_t.

Definition at line 329 of file channeltls.c.

Referenced by connection_tls_start_handshake().

◆ channel_tls_handle_state_change_on_orconn()

void channel_tls_handle_state_change_on_orconn ( channel_tls_t *  chan,
or_connection_t conn,
uint8_t  state 
)

Handle an orconn state change.

This function will be called by connection_or.c when the or_connection_t associated with this channel_tls_t changes state.

Definition at line 963 of file channeltls.c.

Referenced by connection_or_change_state().

◆ channel_tls_handle_var_cell()

void channel_tls_handle_var_cell ( var_cell_t var_cell,
or_connection_t conn 
)

Handle an incoming variable-length cell on a channel_tls_t.

Process a var_cell that was just received on conn. Keep internal statistics about how many of each cell we've processed so far this second, and the total number of microseconds it took to process each type of cell. All the var_cell commands are handshake- related and live below the channel_t layer, so no variable-length cells ever get delivered in the current implementation, but I've left the mechanism in place for future use.

If we were handing them off to the upper layer, the channel_t queueing code would be responsible for memory management, and we'd just be passing pointers through from connection_or_process_cells_from_inbuf(). That caller always frees them after this function returns, so this function should never free var_cell.

Definition at line 1182 of file channeltls.c.

◆ channel_tls_has_queued_writes_method()

static int channel_tls_has_queued_writes_method ( channel_t chan)
static

Tell the upper layer if we have queued writes.

This implements the has_queued_writes method for channel_tls t_; it returns 1 iff we have queued writes on the outbuf of the underlying or_connection_t.

Definition at line 632 of file channeltls.c.

◆ channel_tls_is_canonical_method()

static int channel_tls_is_canonical_method ( channel_t chan)
static

Tell the upper layer if we're canonical.

This implements the is_canonical method for channel_tls_t: it returns whether this is a canonical channel.

Definition at line 659 of file channeltls.c.

◆ channel_tls_listener_close_method()

static void channel_tls_listener_close_method ( channel_listener_t chan_l)
static

Close a channel_listener_t.

This implements the close method for channel_listener_t.

Definition at line 905 of file channeltls.c.

◆ channel_tls_listener_describe_transport_method()

static const char * channel_tls_listener_describe_transport_method ( channel_listener_t chan_l)
static

Describe the transport for a channel_listener_t.

This returns the string "TLS channel (listening)" to the upper layer.

Definition at line 945 of file channeltls.c.

◆ channel_tls_matches_extend_info_method()

static int channel_tls_matches_extend_info_method ( channel_t chan,
extend_info_t extend_info 
)
static

Check if we match an extend_info_t.

This implements the matches_extend_info method for channel_tls_t; the upper layer wants to know if this channel matches an extend_info_t.

NOTE that this function only checks for an address/port match, and should be used only when no identify is available.

Definition at line 688 of file channeltls.c.

◆ channel_tls_matches_target_method()

static int channel_tls_matches_target_method ( channel_t chan,
const tor_addr_t target 
)
static

Check if we match a target address; return true iff we do.

This implements the matches_target method for channel_tls t_; the upper layer wants to know if this channel matches a target address when extending a circuit.

Definition at line 728 of file channeltls.c.

◆ channel_tls_num_bytes_queued_method()

static size_t channel_tls_num_bytes_queued_method ( channel_t chan)
static

Tell the upper layer how many bytes we have queued and not yet sent.

Definition at line 765 of file channeltls.c.

◆ channel_tls_num_cells_writeable_method()

static int channel_tls_num_cells_writeable_method ( channel_t chan)
static

Tell the upper layer how many cells we can accept to write.

This implements the num_cells_writeable method for channel_tls_t; it returns an estimate of the number of cells we can accept with channel_tls_write_*_cell().

Definition at line 783 of file channeltls.c.

◆ channel_tls_process_auth_challenge_cell()

STATIC void channel_tls_process_auth_challenge_cell ( var_cell_t cell,
channel_tls_t *  chan 
)

Process an AUTH_CHALLENGE cell from a channel_tls_t.

This function is called to handle an incoming AUTH_CHALLENGE cell on a channel_tls_t; if we weren't supposed to get one (for example, because we're not the originator of the channel), or it's ill-formed, or we aren't doing a v3 handshake, mark the channel. If the cell is well-formed but we don't want to authenticate, just drop it. If the cell is well-formed and we want to authenticate, send an AUTHENTICATE cell and then a NETINFO cell.

Definition at line 2291 of file channeltls.c.

◆ channel_tls_process_authenticate_cell()

STATIC void channel_tls_process_authenticate_cell ( var_cell_t cell,
channel_tls_t *  chan 
)

Process an AUTHENTICATE cell from a channel_tls_t.

If it's ill-formed or we weren't supposed to get one or we're not doing a v3 handshake, then mark the connection. If it does not authenticate the other side of the connection successfully (because it isn't signed right, we didn't get a CERTS cell, etc) mark the connection. Otherwise, accept the identity of the router on the other side of the connection.

Definition at line 2390 of file channeltls.c.

◆ channel_tls_process_certs_cell()

STATIC void channel_tls_process_certs_cell ( var_cell_t cell,
channel_tls_t *  chan 
)

Process a CERTS cell from a channel.

This function is called to process an incoming CERTS cell on a channel_tls_t:

If the other side should not have sent us a CERTS cell, or the cell is malformed, or it is supposed to authenticate the TLS key but it doesn't, then mark the connection.

If the cell has a good cert chain and we're doing a v3 handshake, then store the certificates in or_handshake_state. If this is the client side of the connection, we then authenticate the server or mark the connection. If it's the server side, wait for an AUTHENTICATE cell.

Definition at line 2035 of file channeltls.c.

◆ channel_tls_process_netinfo_cell()

static void channel_tls_process_netinfo_cell ( cell_t cell,
channel_tls_t *  chan 
)
static

Process a 'netinfo' cell

This function is called to handle an incoming NETINFO cell; read and act on its contents, and set the connection state to "open".

Warn when we get a netinfo skew with at least this value.

Definition at line 1784 of file channeltls.c.

◆ channel_tls_process_padding_negotiate_cell()

static void channel_tls_process_padding_negotiate_cell ( cell_t cell,
channel_tls_t *  chan 
)
static

Process a 'padding_negotiate' cell.

This function is called to handle an incoming PADDING_NEGOTIATE cell; enable or disable padding accordingly, and read and act on its timeout value contents.

Definition at line 1628 of file channeltls.c.

◆ channel_tls_process_versions_cell()

static void channel_tls_process_versions_cell ( var_cell_t cell,
channel_tls_t *  chan 
)
static

Handle incoming cells for the handshake stuff here rather than passing them on up.

Process a 'versions' cell.

This function is called to handle an incoming VERSIONS cell; the current link protocol version must be 0 to indicate that no version has yet been negotiated. We compare the versions in the cell to the list of versions we support, pick the highest version we have in common, and continue the negotiation from there.

Definition at line 1450 of file channeltls.c.

◆ channel_tls_start_listener()

channel_listener_t* channel_tls_start_listener ( void  )

Start a channel_tls_t listener if necessary.

Return the current channel_tls_t listener, or start one if we haven't yet, and return that.

Definition at line 266 of file channeltls.c.

Referenced by connection_tls_start_handshake().

◆ channel_tls_to_base()

channel_t* channel_tls_to_base ( channel_tls_t *  tlschan)

Cast a channel_tls_t to a channel_t.

Definition at line 396 of file channeltls.c.

Referenced by channel_tls_to_base_const(), and connection_or_client_learned_peer_id().

◆ channel_tls_to_base_const()

const channel_t* channel_tls_to_base_const ( const channel_tls_t *  tlschan)

Cast a const channel_tls_t to a const channel_t.

Definition at line 421 of file channeltls.c.

◆ channel_tls_update_marks()

void channel_tls_update_marks ( or_connection_t conn)

Update channel marks after connection_or.c has changed an address.

This is called from connection_or_init_conn_from_address() after the connection's _base.addr or real_addr fields have potentially been changed so we can recalculate the local mark. Notably, this happens when incoming connections are reverse-proxied and we only learn the real address of the remote router by looking it up in the consensus after we finish the handshake and know an authenticated identity digest.

Definition at line 1356 of file channeltls.c.

◆ channel_tls_write_cell_method()

static int channel_tls_write_cell_method ( channel_t chan,
cell_t cell 
)
static

Write a cell to a channel_tls_t.

This implements the write_cell method for channel_tls_t; given a channel_tls_t and a cell_t, transmit the cell_t.

Definition at line 812 of file channeltls.c.

◆ channel_tls_write_packed_cell_method()

static int channel_tls_write_packed_cell_method ( channel_t chan,
packed_cell_t packed_cell 
)
static

Write a packed cell to a channel_tls_t.

This implements the write_packed_cell method for channel_tls_t; given a channel_tls_t and a packed_cell_t, transmit the packed_cell_t.

Return 0 on success or negative value on error. The caller must free the packed cell.

Definition at line 843 of file channeltls.c.

◆ channel_tls_write_var_cell_method()

static int channel_tls_write_var_cell_method ( channel_t chan,
var_cell_t var_cell 
)
static

Write a variable-length cell to a channel_tls_t.

This implements the write_var_cell method for channel_tls_t; given a channel_tls_t and a var_cell_t, transmit the var_cell_t.

Definition at line 874 of file channeltls.c.

◆ command_allowed_before_handshake()

static int command_allowed_before_handshake ( uint8_t  command)
static

Check if this cell type is allowed before the handshake is finished.

Return true if command is a cell command that's allowed to start a V3 handshake.

Definition at line 1389 of file channeltls.c.

◆ enter_v3_handshake_with_cell()

static int enter_v3_handshake_with_cell ( var_cell_t cell,
channel_tls_t *  chan 
)
static

Start a V3 handshake on an incoming connection.

Called when we as a server receive an appropriate cell while waiting either for a cell or a TLS handshake. Set the connection's state to "handshaking_v3', initializes the or_handshake_state field as needed, and add the cell to the hash of incoming cells.)

Definition at line 1410 of file channeltls.c.

◆ mark_channel_tls_endpoint_as_client()

static void mark_channel_tls_endpoint_as_client ( channel_tls_t *  chan)
static

Mark the given channel endpoint as a client (which means either a tor client or a tor bridge).

This MUST be done on an unauthenticated channel. It is a mistake to mark an authenticated channel as a client.

The following is done on the channel:

  1. Marked as a client.
  2. Type of circuit ID type is set.
  3. The underlying OR connection is initialized with the address of the endpoint.

Definition at line 1747 of file channeltls.c.

◆ time_abs()

static time_t time_abs ( time_t  val)
inlinestatic

Helper: compute the absolute value of a time_t.

(we need this because labs() doesn't always work for time_t, since long can be shorter than time_t.)

Definition at line 1693 of file channeltls.c.

◆ tor_addr_from_netinfo_addr()

static int tor_addr_from_netinfo_addr ( tor_addr_t tor_addr,
const netinfo_addr_t *  netinfo_addr 
)
static

Convert netinfo_addr into corresponding tor_addr. Return 0 on success; on failure, return -1 and log a warning.

Definition at line 1662 of file channeltls.c.

Variable Documentation

◆ channel_tls_listener

channel_listener_t* channel_tls_listener = NULL
static

Active listener, if any

Definition at line 98 of file channeltls.c.

Referenced by channel_tls_get_listener(), channel_tls_listener_close_method(), and channel_tls_start_listener().

◆ stats_n_auth_challenge_cells_processed

uint64_t stats_n_auth_challenge_cells_processed = 0

How many CELL_AUTH_CHALLENGE cells have we received, ever?

Definition at line 91 of file channeltls.c.

◆ stats_n_authenticate_cells_processed

uint64_t stats_n_authenticate_cells_processed = 0

How many CELL_AUTHENTICATE cells have we received, ever?

Definition at line 93 of file channeltls.c.

◆ stats_n_authorize_cells_processed

uint64_t stats_n_authorize_cells_processed = 0

How many CELL_AUTHORIZE cells have we received, ever?

Definition at line 95 of file channeltls.c.

◆ stats_n_certs_cells_processed

uint64_t stats_n_certs_cells_processed = 0

How many CELL_CERTS cells have we received, ever?

Definition at line 89 of file channeltls.c.

◆ stats_n_netinfo_cells_processed

uint64_t stats_n_netinfo_cells_processed = 0

How many CELL_NETINFO cells have we received, ever?

Definition at line 85 of file channeltls.c.

◆ stats_n_padding_cells_processed

uint64_t stats_n_padding_cells_processed = 0

How many CELL_PADDING cells have we received, ever?

Definition at line 81 of file channeltls.c.

◆ stats_n_versions_cells_processed

uint64_t stats_n_versions_cells_processed = 0

How many CELL_VERSIONS cells have we received, ever?

Definition at line 83 of file channeltls.c.

◆ stats_n_vpadding_cells_processed

uint64_t stats_n_vpadding_cells_processed = 0

How many CELL_VPADDING cells have we received, ever?

Definition at line 87 of file channeltls.c.