Tor  0.4.6.0-alpha-dev
circuitbuild_relay.c
Go to the documentation of this file.
1 /* Copyright (c) 2001 Matej Pfajfar.
2  * Copyright (c) 2001-2004, Roger Dingledine.
3  * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson.
4  * Copyright (c) 2007-2020, The Tor Project, Inc. */
5 /* See LICENSE for licensing information */
6 
7 /**
8  * @file circuitbuild_relay.c
9  * @brief Implements the details of exteding circuits (by relaying extend
10  * cells as create cells, and answering create cells).
11  *
12  * On the server side, this module handles the logic of responding to
13  * RELAY_EXTEND requests, using circuit_extend() and onionskin_answer().
14  *
15  * The shared client and server code is in core/or/circuitbuild.c.
16  **/
17 
18 #include "orconfig.h"
20 
22 
23 #include "core/or/or.h"
24 #include "app/config/config.h"
25 
27 
28 #include "core/or/cell_st.h"
29 #include "core/or/circuit_st.h"
30 #include "core/or/extend_info_st.h"
31 #include "core/or/or_circuit_st.h"
32 
33 #include "core/or/channel.h"
34 #include "core/or/circuitbuild.h"
35 #include "core/or/circuitlist.h"
36 #include "core/or/extendinfo.h"
37 #include "core/or/onion.h"
38 #include "core/or/relay.h"
39 
41 
42 #include "feature/relay/router.h"
44 #include "feature/relay/selftest.h"
45 
46 /* Before replying to an extend cell, check the state of the circuit
47  * <b>circ</b>, and the configured tor mode.
48  *
49  * <b>circ</b> must not be NULL.
50  *
51  * If the state and mode are valid, return 0.
52  * Otherwise, if they are invalid, log a protocol warning, and return -1.
53  */
54 STATIC int
55 circuit_extend_state_valid_helper(const struct circuit_t *circ)
56 {
57  if (!server_mode(get_options())) {
58  circuitbuild_warn_client_extend();
59  return -1;
60  }
61 
62  IF_BUG_ONCE(!circ) {
63  return -1;
64  }
65 
66  if (circ->n_chan) {
67  log_fn(LOG_PROTOCOL_WARN, LD_PROTOCOL,
68  "n_chan already set. Bug/attack. Closing.");
69  return -1;
70  }
71 
72  if (circ->n_hop) {
73  log_fn(LOG_PROTOCOL_WARN, LD_PROTOCOL,
74  "conn to next hop already launched. Bug/attack. Closing.");
75  return -1;
76  }
77 
78  return 0;
79 }
80 
81 /* Make sure the extend cell <b>ec</b> has an ed25519 link specifier.
82  *
83  * First, check that the RSA node id is valid.
84  * If the node id is valid, add the ed25519 link specifier (if required),
85  * and return 0.
86  *
87  * Otherwise, if the node id is invalid, log a protocol warning,
88  * and return -1.(And do not modify the extend cell.)
89  *
90  * Must be called before circuit_extend_lspec_valid_helper().
91  */
92 STATIC int
93 circuit_extend_add_ed25519_helper(struct extend_cell_t *ec)
94 {
95  IF_BUG_ONCE(!ec) {
96  return -1;
97  }
98 
99  /* Check if they asked us for 0000..0000. We support using
100  * an empty fingerprint for the first hop (e.g. for a bridge relay),
101  * but we don't want to let clients send us extend cells for empty
102  * fingerprints -- a) because it opens the user up to a mitm attack,
103  * and b) because it lets an attacker force the relay to hold open a
104  * new TLS connection for each extend request. */
105  if (tor_digest_is_zero((const char*)ec->node_id)) {
106  log_fn(LOG_PROTOCOL_WARN, LD_PROTOCOL,
107  "Client asked me to extend without specifying an id_digest.");
108  return -1;
109  }
110 
111  /* Fill in ed_pubkey if it was not provided and we can infer it from
112  * our networkstatus */
114  const node_t *node = node_get_by_id((const char*)ec->node_id);
115  const ed25519_public_key_t *node_ed_id = NULL;
116  if (node &&
118  (node_ed_id = node_get_ed25519_id(node))) {
119  ed25519_pubkey_copy(&ec->ed_pubkey, node_ed_id);
120  }
121  }
122 
123  return 0;
124 }
125 
126 /* Make sure the extend cell <b>ec</b> has an IPv4 address if the relay
127  * supports in, and if not, fill it in. */
128 STATIC int
129 circuit_extend_add_ipv4_helper(struct extend_cell_t *ec)
130 {
131  IF_BUG_ONCE(!ec) {
132  return -1;
133  }
134 
135  const node_t *node = node_get_by_id((const char *) ec->node_id);
136  if (node) {
137  tor_addr_port_t node_ipv4;
138  node_get_prim_orport(node, &node_ipv4);
139  if (tor_addr_is_null(&ec->orport_ipv4.addr) &&
140  !tor_addr_is_null(&node_ipv4.addr)) {
141  tor_addr_copy(&ec->orport_ipv4.addr, &node_ipv4.addr);
142  ec->orport_ipv4.port = node_ipv4.port;
143  }
144  }
145 
146  return 0;
147 }
148 
149 /* Make sure the extend cell <b>ec</b> has an IPv6 address if the relay
150  * supports in, and if not, fill it in. */
151 STATIC int
152 circuit_extend_add_ipv6_helper(struct extend_cell_t *ec)
153 {
154  IF_BUG_ONCE(!ec) {
155  return -1;
156  }
157 
158  const node_t *node = node_get_by_id((const char *) ec->node_id);
159  if (node) {
160  tor_addr_port_t node_ipv6;
161  node_get_pref_ipv6_orport(node, &node_ipv6);
162  if (tor_addr_is_null(&ec->orport_ipv6.addr) &&
163  !tor_addr_is_null(&node_ipv6.addr)) {
164  tor_addr_copy(&ec->orport_ipv6.addr, &node_ipv6.addr);
165  ec->orport_ipv6.port = node_ipv6.port;
166  }
167  }
168 
169  return 0;
170 }
171 
172 /* Check if the address and port in the tor_addr_port_t <b>ap</b> are valid,
173  * and are allowed by the current ExtendAllowPrivateAddresses config.
174  *
175  * If they are valid, return true.
176  * Otherwise, if they are invalid, return false.
177  *
178  * If <b>log_zero_addrs</b> is true, log warnings about zero addresses at
179  * <b>log_level</b>. If <b>log_internal_addrs</b> is true, log warnings about
180  * internal addresses at <b>log_level</b>.
181  */
182 static bool
183 circuit_extend_addr_port_is_valid(const struct tor_addr_port_t *ap,
184  bool log_zero_addrs, bool log_internal_addrs,
185  int log_level)
186 {
187  /* It's safe to print the family. But we don't want to print the address,
188  * unless specifically configured to do so. (Zero addresses aren't sensitive,
189  * But some internal addresses might be.)*/
190 
191  if (!tor_addr_port_is_valid_ap(ap, 0)) {
192  if (log_zero_addrs) {
193  log_fn(log_level, LD_PROTOCOL,
194  "Client asked me to extend to a zero destination port or "
195  "%s address '%s'.",
196  fmt_addr_family(&ap->addr), safe_str(fmt_addrport_ap(ap)));
197  }
198  return false;
199  }
200 
201  if (tor_addr_is_internal(&ap->addr, 0) &&
202  !get_options()->ExtendAllowPrivateAddresses) {
203  if (log_internal_addrs) {
204  log_fn(log_level, LD_PROTOCOL,
205  "Client asked me to extend to a private %s address '%s'.",
206  fmt_addr_family(&ap->addr),
207  safe_str(fmt_and_decorate_addr(&ap->addr)));
208  }
209  return false;
210  }
211 
212  return true;
213 }
214 
215 /* Before replying to an extend cell, check the link specifiers in the extend
216  * cell <b>ec</b>, which was received on the circuit <b>circ</b>.
217  *
218  * If they are valid, return 0.
219  * Otherwise, if they are invalid, log a protocol warning, and return -1.
220  *
221  * Must be called after circuit_extend_add_ed25519_helper().
222  */
223 STATIC int
224 circuit_extend_lspec_valid_helper(const struct extend_cell_t *ec,
225  const struct circuit_t *circ)
226 {
227  IF_BUG_ONCE(!ec) {
228  return -1;
229  }
230 
231  IF_BUG_ONCE(!circ) {
232  return -1;
233  }
234 
235  /* Check the addresses, without logging */
236  const int ipv4_valid = circuit_extend_addr_port_is_valid(&ec->orport_ipv4,
237  false, false, 0);
238  const int ipv6_valid = circuit_extend_addr_port_is_valid(&ec->orport_ipv6,
239  false, false, 0);
240  /* We need at least one valid address */
241  if (!ipv4_valid && !ipv6_valid) {
242  /* Now, log the invalid addresses at protocol warning level */
243  circuit_extend_addr_port_is_valid(&ec->orport_ipv4,
244  true, true, LOG_PROTOCOL_WARN);
245  circuit_extend_addr_port_is_valid(&ec->orport_ipv6,
246  true, true, LOG_PROTOCOL_WARN);
247  /* And fail */
248  return -1;
249  } else if (!ipv4_valid) {
250  /* Always log unexpected internal addresses, but go on to use the other
251  * valid address */
252  circuit_extend_addr_port_is_valid(&ec->orport_ipv4,
253  false, true, LOG_PROTOCOL_WARN);
254  } else if (!ipv6_valid) {
255  circuit_extend_addr_port_is_valid(&ec->orport_ipv6,
256  false, true, LOG_PROTOCOL_WARN);
257  }
258 
260  return -1;
261  }
262 
263  const channel_t *p_chan = CONST_TO_OR_CIRCUIT(circ)->p_chan;
264 
265  IF_BUG_ONCE(!p_chan) {
266  return -1;
267  }
268 
269  /* Next, check if we're being asked to connect to the hop that the
270  * extend cell came from. There isn't any reason for that, and it can
271  * assist circular-path attacks. */
272  if (tor_memeq(ec->node_id, p_chan->identity_digest, DIGEST_LEN)) {
273  log_fn(LOG_PROTOCOL_WARN, LD_PROTOCOL,
274  "Client asked me to extend back to the previous hop.");
275  return -1;
276  }
277 
278  /* Check the previous hop Ed25519 ID too */
280  ed25519_pubkey_eq(&ec->ed_pubkey, &p_chan->ed25519_identity)) {
281  log_fn(LOG_PROTOCOL_WARN, LD_PROTOCOL,
282  "Client asked me to extend back to the previous hop "
283  "(by Ed25519 ID).");
284  return -1;
285  }
286 
287  return 0;
288 }
289 
290 /* If possible, return a supported, non-NULL IP address.
291  *
292  * If both addresses are supported and non-NULL, choose one uniformly at
293  * random.
294  *
295  * If we have an IPv6-only extend, but IPv6 is not supported, returns NULL.
296  * If both addresses are NULL, also returns NULL. */
297 STATIC const tor_addr_port_t *
298 circuit_choose_ip_ap_for_extend(const tor_addr_port_t *ipv4_ap,
299  const tor_addr_port_t *ipv6_ap)
300 {
301  const bool ipv6_supported = router_can_extend_over_ipv6(get_options());
302 
303  /* If IPv6 is not supported, we can't use the IPv6 address. */
304  if (!ipv6_supported) {
305  ipv6_ap = NULL;
306  }
307 
308  /* If there is no IPv6 address, IPv4 is always supported.
309  * Until clients include IPv6 ORPorts, and most relays support IPv6,
310  * this is the most common case. */
311  if (!ipv6_ap) {
312  return ipv4_ap;
313  }
314 
315  /* If there is no IPv4 address, return the (possibly NULL) IPv6 address. */
316  if (!ipv4_ap) {
317  return ipv6_ap;
318  }
319 
320  /* Now we have an IPv4 and an IPv6 address, and IPv6 is supported.
321  * So make an IPv6 connection at random, with probability 1 in N.
322  * 1 means "always IPv6 (and no IPv4)"
323  * 2 means "equal probability of IPv4 or IPv6"
324  * ... (and so on) ...
325  * (UINT_MAX - 1) means "almost always IPv4 (and almost never IPv6)"
326  * To disable IPv6, set ipv6_supported to 0.
327  */
328 #define IPV6_CONNECTION_ONE_IN_N 2
329 
330  bool choose_ipv6 = crypto_fast_rng_one_in_n(get_thread_fast_rng(),
331  IPV6_CONNECTION_ONE_IN_N);
332  if (choose_ipv6) {
333  return ipv6_ap;
334  } else {
335  return ipv4_ap;
336  }
337 }
338 
339 /* When there is no open channel for an extend cell <b>ec</b>, set up the
340  * circuit <b>circ</b> to wait for a new connection.
341  *
342  * If <b>should_launch</b> is true, open a new connection. (Otherwise, we are
343  * already waiting for a new connection to the same relay.)
344  *
345  * Check if IPv6 extends are supported by our current configuration. If they
346  * are, new connections may be made over IPv4 or IPv6. (IPv4 connections are
347  * always supported.)
348  */
349 STATIC void
350 circuit_open_connection_for_extend(const struct extend_cell_t *ec,
351  struct circuit_t *circ,
352  int should_launch)
353 {
354  /* We have to check circ first, so we can close it on all other failures */
355  IF_BUG_ONCE(!circ) {
356  /* We can't mark a NULL circuit for close. */
357  return;
358  }
359 
360  /* Now we know that circ is not NULL */
361  IF_BUG_ONCE(!ec) {
362  circuit_mark_for_close(circ, END_CIRC_REASON_CONNECTFAILED);
363  return;
364  }
365 
366  /* Check the addresses, without logging */
367  const int ipv4_valid = circuit_extend_addr_port_is_valid(&ec->orport_ipv4,
368  false, false, 0);
369  const int ipv6_valid = circuit_extend_addr_port_is_valid(&ec->orport_ipv6,
370  false, false, 0);
371 
372  IF_BUG_ONCE(!ipv4_valid && !ipv6_valid) {
373  /* circuit_extend_lspec_valid_helper() should have caught this */
374  circuit_mark_for_close(circ, END_CIRC_REASON_CONNECTFAILED);
375  return;
376  }
377 
378  const tor_addr_port_t *chosen_ap = circuit_choose_ip_ap_for_extend(
379  ipv4_valid ? &ec->orport_ipv4 : NULL,
380  ipv6_valid ? &ec->orport_ipv6 : NULL);
381  if (!chosen_ap) {
382  /* An IPv6-only extend, but IPv6 is not supported */
383  log_fn(LOG_PROTOCOL_WARN, LD_PROTOCOL,
384  "Received IPv6-only extend, but we don't have an IPv6 ORPort.");
385  circuit_mark_for_close(circ, END_CIRC_REASON_CONNECTFAILED);
386  return;
387  }
388 
389  circ->n_hop = extend_info_new(NULL /*nickname*/,
390  (const char*)ec->node_id,
391  &ec->ed_pubkey,
392  NULL, /*onion_key*/
393  NULL, /*curve25519_key*/
394  &chosen_ap->addr,
395  chosen_ap->port);
396 
397  circ->n_chan_create_cell = tor_memdup(&ec->create_cell,
398  sizeof(ec->create_cell));
399 
401 
402  if (should_launch) {
403  /* we should try to open a connection */
405  if (!n_chan) {
406  log_info(LD_CIRC,"Launching n_chan failed. Closing circuit.");
407  circuit_mark_for_close(circ, END_CIRC_REASON_CONNECTFAILED);
408  return;
409  }
410  log_debug(LD_CIRC,"connecting in progress (or finished). Good.");
411  }
412 }
413 
414 /** Take the 'extend' <b>cell</b>, pull out addr/port plus the onion
415  * skin and identity digest for the next hop. If we're already connected,
416  * pass the onion skin to the next hop using a create cell; otherwise
417  * launch a new OR connection, and <b>circ</b> will notice when the
418  * connection succeeds or fails.
419  *
420  * Return -1 if we want to warn and tear down the circuit, else return 0.
421  */
422 int
423 circuit_extend(struct cell_t *cell, struct circuit_t *circ)
424 {
425  channel_t *n_chan;
426  relay_header_t rh;
427  extend_cell_t ec;
428  const char *msg = NULL;
429  int should_launch = 0;
430 
431  IF_BUG_ONCE(!cell) {
432  return -1;
433  }
434 
435  IF_BUG_ONCE(!circ) {
436  return -1;
437  }
438 
439  if (circuit_extend_state_valid_helper(circ) < 0)
440  return -1;
441 
442  relay_header_unpack(&rh, cell->payload);
443 
444  if (extend_cell_parse(&ec, rh.command,
446  rh.length) < 0) {
447  log_fn(LOG_PROTOCOL_WARN, LD_PROTOCOL,
448  "Can't parse extend cell. Closing circuit.");
449  return -1;
450  }
451 
452  if (circuit_extend_add_ed25519_helper(&ec) < 0)
453  return -1;
454 
455  if (circuit_extend_lspec_valid_helper(&ec, circ) < 0)
456  return -1;
457 
458  if (circuit_extend_add_ipv4_helper(&ec) < 0)
459  return -1;
460 
461  if (circuit_extend_add_ipv6_helper(&ec) < 0)
462  return -1;
463 
464  /* Check the addresses, without logging */
465  const int ipv4_valid = circuit_extend_addr_port_is_valid(&ec.orport_ipv4,
466  false, false, 0);
467  const int ipv6_valid = circuit_extend_addr_port_is_valid(&ec.orport_ipv6,
468  false, false, 0);
469  IF_BUG_ONCE(!ipv4_valid && !ipv6_valid) {
470  /* circuit_extend_lspec_valid_helper() should have caught this */
471  return -1;
472  }
473 
474  n_chan = channel_get_for_extend((const char*)ec.node_id,
475  &ec.ed_pubkey,
476  ipv4_valid ? &ec.orport_ipv4.addr : NULL,
477  ipv6_valid ? &ec.orport_ipv6.addr : NULL,
478  false,
479  &msg,
480  &should_launch);
481 
482  if (!n_chan) {
483  /* We can't use fmt_addr*() twice in the same function call,
484  * because it uses a static buffer. */
485  log_debug(LD_CIRC|LD_OR, "Next router IPv4 (%s): %s.",
486  fmt_addrport_ap(&ec.orport_ipv4),
487  msg ? msg : "????");
488  log_debug(LD_CIRC|LD_OR, "Next router IPv6 (%s).",
489  fmt_addrport_ap(&ec.orport_ipv6));
490 
491  circuit_open_connection_for_extend(&ec, circ, should_launch);
492 
493  /* return success. The onion/circuit/etc will be taken care of
494  * automatically (may already have been) whenever n_chan reaches
495  * OR_CONN_STATE_OPEN.
496  */
497  return 0;
498  } else {
499  /* Connection is already established.
500  * So we need to extend the circuit to the next hop. */
501  tor_assert(!circ->n_hop);
502  circ->n_chan = n_chan;
503  log_debug(LD_CIRC,
504  "n_chan is %s.",
505  channel_describe_peer(n_chan));
506 
507  if (circuit_deliver_create_cell(circ, &ec.create_cell, 1) < 0)
508  return -1;
509 
510  return 0;
511  }
512 }
513 
514 /** On a relay, accept a create cell, initialise a circuit, and send a
515  * created cell back.
516  *
517  * Given:
518  * - a response payload consisting of:
519  * - the <b>created_cell</b> and
520  * - an optional <b>rend_circ_nonce</b>, and
521  * - <b>keys</b> of length <b>keys_len</b>, which must be
522  * CPATH_KEY_MATERIAL_LEN;
523  * then:
524  * - initialize the circuit <b>circ</b>'s cryptographic material,
525  * - set the circuit's state to open, and
526  * - send a created cell back on that circuit.
527  *
528  * If we haven't found our ORPorts reachable yet, and the channel meets the
529  * necessary conditions, mark the relevant ORPorts as reachable.
530  *
531  * Returns -1 if cell or circuit initialisation fails.
532  */
533 int
535  const created_cell_t *created_cell,
536  const char *keys, size_t keys_len,
537  const uint8_t *rend_circ_nonce)
538 {
539  cell_t cell;
540 
541  IF_BUG_ONCE(!circ) {
542  return -1;
543  }
544 
545  IF_BUG_ONCE(!created_cell) {
546  return -1;
547  }
548 
549  IF_BUG_ONCE(!keys) {
550  return -1;
551  }
552 
553  IF_BUG_ONCE(!rend_circ_nonce) {
554  return -1;
555  }
556 
557  tor_assert(keys_len == CPATH_KEY_MATERIAL_LEN);
558 
559  if (created_cell_format(&cell, created_cell) < 0) {
560  log_warn(LD_BUG,"couldn't format created cell (type=%d, len=%d).",
561  (int)created_cell->cell_type, (int)created_cell->handshake_len);
562  return -1;
563  }
564  cell.circ_id = circ->p_circ_id;
565 
567 
568  log_debug(LD_CIRC,"init digest forward 0x%.8x, backward 0x%.8x.",
569  (unsigned int)get_uint32(keys),
570  (unsigned int)get_uint32(keys+20));
571  if (relay_crypto_init(&circ->crypto, keys, keys_len, 0, 0)<0) {
572  log_warn(LD_BUG,"Circuit initialization failed.");
573  return -1;
574  }
575 
576  memcpy(circ->rend_circ_nonce, rend_circ_nonce, DIGEST_LEN);
577 
578  int used_create_fast = (created_cell->cell_type == CELL_CREATED_FAST);
579 
581  circ->p_chan, &cell, CELL_DIRECTION_IN, 0);
582  log_debug(LD_CIRC,"Finished sending '%s' cell.",
583  used_create_fast ? "created_fast" : "created");
584 
585  /* Ignore the local bit when ExtendAllowPrivateAddresses is set:
586  * it violates the assumption that private addresses are local.
587  * Also, many test networks run on local addresses, and
588  * TestingTorNetwork sets ExtendAllowPrivateAddresses. */
589  if ((!channel_is_local(circ->p_chan)
590  || get_options()->ExtendAllowPrivateAddresses)
591  && !channel_is_outgoing(circ->p_chan)) {
592  /* Okay, it's a create cell from a non-local connection
593  * that we didn't initiate. Presumably this means that create cells
594  * can reach us too. But what address can they reach us on? */
595  const tor_addr_t *my_supposed_addr = &circ->p_chan->addr_according_to_peer;
596  if (router_addr_is_my_published_addr(my_supposed_addr)) {
597  /* Great, this create cell came on connection where the peer says
598  * that the our address is an address we're actually advertising!
599  * That should mean that we're reachable. But before we finally
600  * declare ourselves reachable, make sure that the address listed
601  * by the peer is the same family as the peer is actually using.
602  */
603  tor_addr_t remote_addr;
604  int family = tor_addr_family(my_supposed_addr);
605  if (channel_get_addr_if_possible(circ->p_chan, &remote_addr) &&
606  tor_addr_family(&remote_addr) == family) {
608  }
609  }
610  }
611 
612  return 0;
613 }
log_fn
#define log_fn(severity, domain, args,...)
Definition: log.h:283
selftest.h
Header file for selftest.c.
routermode.h
Header file for routermode.c.
crypto_fast_rng_one_in_n
#define crypto_fast_rng_one_in_n(rng, n)
Definition: crypto_rand.h:80
tor_addr_family
static sa_family_t tor_addr_family(const tor_addr_t *a)
Definition: address.h:187
created_cell_t::cell_type
uint8_t cell_type
Definition: onion.h:38
channel_t::identity_digest
char identity_digest[DIGEST_LEN]
Definition: channel.h:378
CIRCUIT_STATE_OPEN
#define CIRCUIT_STATE_OPEN
Definition: circuitlist.h:32
get_thread_fast_rng
crypto_fast_rng_t * get_thread_fast_rng(void)
Definition: crypto_rand_fast.c:377
tor_addr_t
Definition: address.h:69
circuit_t::n_chan_create_cell
struct create_cell_t * n_chan_create_cell
Definition: circuit_st.h:153
relay_header_t::command
uint8_t command
Definition: or.h:639
tor_assert
#define tor_assert(expr)
Definition: util_bug.h:102
LD_BUG
#define LD_BUG
Definition: log.h:86
ed25519_pubkey_eq
int ed25519_pubkey_eq(const ed25519_public_key_t *key1, const ed25519_public_key_t *key2)
Definition: crypto_ed25519.c:642
router.h
Header file for router.c.
channel.h
Header file for channel.c.
or_circuit_t::rend_circ_nonce
char rend_circ_nonce[DIGEST_LEN]
Definition: or_circuit_st.h:53
created_cell_t
Definition: onion.h:36
node_get_by_id
const node_t * node_get_by_id(const char *identity_digest)
Definition: nodelist.c:223
ed25519_public_key_is_zero
int ed25519_public_key_is_zero(const ed25519_public_key_t *pubkey)
Definition: crypto_ed25519.c:227
extend_cell_t::create_cell
create_cell_t create_cell
Definition: onion.h:60
ed25519_pubkey_copy
void ed25519_pubkey_copy(ed25519_public_key_t *dest, const ed25519_public_key_t *src)
Definition: crypto_ed25519.c:654
circuit_t::n_chan
channel_t * n_chan
Definition: circuit_st.h:69
onion.h
Header file for onion.c.
append_cell_to_circuit_queue
void append_cell_to_circuit_queue(circuit_t *circ, channel_t *chan, cell_t *cell, cell_direction_t direction, streamid_t fromstream)
Definition: relay.c:3113
cell_t
Definition: cell_st.h:17
tor_memeq
int tor_memeq(const void *a, const void *b, size_t sz)
Definition: di_ops.c:107
LD_CIRC
#define LD_CIRC
Definition: log.h:82
channel_is_local
int channel_is_local(channel_t *chan)
Definition: channel.c:2979
relay_crypto_init
int relay_crypto_init(relay_crypto_t *crypto, const char *key_data, size_t key_data_len, int reverse, int is_hs_v3)
Definition: relay_crypto.c:293
or_circuit_t::p_chan
channel_t * p_chan
Definition: or_circuit_st.h:37
fmt_addr_family
const char * fmt_addr_family(const tor_addr_t *addr)
Definition: address.c:1276
extend_info_new
extend_info_t * extend_info_new(const char *nickname, const char *rsa_id_digest, const ed25519_public_key_t *ed_id, crypto_pk_t *onion_key, const curve25519_public_key_t *ntor_key, const tor_addr_t *addr, uint16_t port)
Definition: extendinfo.c:33
circuitlist.h
Header file for circuitlist.c.
OR_CIRCUIT_MAGIC
#define OR_CIRCUIT_MAGIC
Definition: circuit_st.h:32
DIGEST_LEN
#define DIGEST_LEN
Definition: digest_sizes.h:20
extend_cell_t::orport_ipv4
tor_addr_port_t orport_ipv4
Definition: onion.h:50
channel_describe_peer
const char * channel_describe_peer(channel_t *chan)
Definition: channel.c:2815
extend_cell_t::ed_pubkey
struct ed25519_public_key_t ed_pubkey
Definition: onion.h:56
fmt_and_decorate_addr
#define fmt_and_decorate_addr(a)
Definition: address.h:243
circuitbuild_relay.h
Header for feature/relay/circuitbuild_relay.c.
tor_addr_port_t
Definition: address.h:81
node_t
Definition: node_st.h:34
LD_OR
#define LD_OR
Definition: log.h:92
extend_cell_t
Definition: onion.h:46
created_cell_format
int created_cell_format(cell_t *cell_out, const created_cell_t *cell_in)
Definition: onion.c:563
tor_digest_is_zero
int tor_digest_is_zero(const char *digest)
Definition: util_string.c:96
ed25519_public_key_t
Definition: crypto_ed25519.h:23
channel_t::addr_according_to_peer
tor_addr_t addr_according_to_peer
Definition: channel.h:240
relay_header_unpack
void relay_header_unpack(relay_header_t *dest, const uint8_t *src)
Definition: relay.c:491
CIRCUIT_STATE_CHAN_WAIT
#define CIRCUIT_STATE_CHAN_WAIT
Definition: circuitlist.h:26
created_cell_t::handshake_len
uint16_t handshake_len
Definition: onion.h:40
circuit_t
Definition: circuit_st.h:61
nodelist.h
Header file for nodelist.c.
extendinfo.h
Header for core/or/extendinfo.c.
cell_t::payload
uint8_t payload[CELL_PAYLOAD_SIZE]
Definition: cell_st.h:21
channel_t
Definition: channel.h:181
channel_t::ed25519_identity
struct ed25519_public_key_t ed25519_identity
Definition: channel.h:388
extend_cell_t::orport_ipv6
tor_addr_port_t orport_ipv6
Definition: onion.h:52
relay_header_t::length
uint16_t length
Definition: or.h:643
crypto_rand.h
Common functions for using (pseudo-)random number generators.
node_get_pref_ipv6_orport
void node_get_pref_ipv6_orport(const node_t *node, tor_addr_port_t *ap_out)
Definition: nodelist.c:1776
get_options
const or_options_t * get_options(void)
Definition: config.c:932
circuitbuild.h
Header file for circuitbuild.c.
get_uint32
static uint32_t get_uint32(const void *cp)
Definition: bytes.h:54
extend_cell_t::node_id
uint8_t node_id[DIGEST_LEN]
Definition: onion.h:54
extend_info_st.h
Extend-info structure.
channel_connect_for_circuit
channel_t * channel_connect_for_circuit(const extend_info_t *ei)
Definition: circuitbuild.c:99
IF_BUG_ONCE
#define IF_BUG_ONCE(cond)
Definition: util_bug.h:246
relay.h
Header file for relay.c.
relay_header_t
Definition: or.h:638
onionskin_answer
int onionskin_answer(struct or_circuit_t *circ, const created_cell_t *created_cell, const char *keys, size_t keys_len, const uint8_t *rend_circ_nonce)
Definition: circuitbuild_relay.c:534
node_supports_ed25519_link_authentication
bool node_supports_ed25519_link_authentication(const node_t *node, bool compatible_with_us)
Definition: nodelist.c:1154
server_mode
int server_mode(const or_options_t *options)
Definition: routermode.c:34
tor_addr_is_null
int tor_addr_is_null(const tor_addr_t *addr)
Definition: address.c:780
node_get_ed25519_id
const ed25519_public_key_t * node_get_ed25519_id(const node_t *node)
Definition: nodelist.c:1069
relay_crypto.h
Header for relay_crypto.c.
node_get_prim_orport
void node_get_prim_orport(const node_t *node, tor_addr_port_t *ap_out)
Definition: nodelist.c:1740
cell_st.h
Fixed-size cell structure.
RELAY_HEADER_SIZE
#define RELAY_HEADER_SIZE
Definition: or.h:604
circuit_st.h
Base circuit structure.
or_circuit_t
Definition: or_circuit_st.h:21
or_circuit_t::p_circ_id
circid_t p_circ_id
Definition: or_circuit_st.h:33
circuit_deliver_create_cell
int circuit_deliver_create_cell(circuit_t *circ, const struct create_cell_t *create_cell, int relayed)
Definition: circuitbuild.c:737
circuit_set_state
void circuit_set_state(circuit_t *circ, uint8_t state)
Definition: circuitlist.c:545
router_addr_is_my_published_addr
bool router_addr_is_my_published_addr(const tor_addr_t *addr)
Definition: router.c:1741
config.h
Header file for config.c.
TO_CIRCUIT
#define TO_CIRCUIT(x)
Definition: or.h:965
extend_cell_parse
int extend_cell_parse(extend_cell_t *cell_out, const uint8_t command, const uint8_t *payload, size_t payload_length)
Definition: onion.c:396
circuit_t::n_hop
extend_info_t * n_hop
Definition: circuit_st.h:87
STATIC
#define STATIC
Definition: testsupport.h:32
channel_get_addr_if_possible
int channel_get_addr_if_possible(const channel_t *chan, tor_addr_t *addr_out)
Definition: channel.c:2835
channel_is_outgoing
int channel_is_outgoing(channel_t *chan)
Definition: channel.c:3025
or_circuit_t::crypto
relay_crypto_t crypto
Definition: or_circuit_st.h:46
circuit_extend
int circuit_extend(struct cell_t *cell, struct circuit_t *circ)
Definition: circuitbuild_relay.c:423
cell_t::circ_id
circid_t circ_id
Definition: cell_st.h:18
router_orport_found_reachable
void router_orport_found_reachable(int family)
Definition: selftest.c:427
CELL_DIRECTION_IN
@ CELL_DIRECTION_IN
Definition: or.h:484
circuit_t::magic
uint32_t magic
Definition: circuit_st.h:62
tor_addr_copy
void tor_addr_copy(tor_addr_t *dest, const tor_addr_t *src)
Definition: address.c:933
router_can_extend_over_ipv6
bool router_can_extend_over_ipv6(const or_options_t *options)
Definition: router.c:1556
or.h
Master header file for Tor-specific functionality.
channel_get_for_extend
channel_t * channel_get_for_extend(const char *rsa_id_digest, const ed25519_public_key_t *ed_id, const tor_addr_t *target_ipv4_addr, const tor_addr_t *target_ipv6_addr, bool for_origin_circ, const char **msg_out, int *launch_out)
Definition: channel.c:2409
LD_PROTOCOL
#define LD_PROTOCOL
Definition: log.h:72