Tor  0.4.5.0-alpha-dev
circuituse.c
Go to the documentation of this file.
1 /* Copyright (c) 2001 Matej Pfajfar.
2  * Copyright (c) 2001-2004, Roger Dingledine.
3  * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson.
4  * Copyright (c) 2007-2020, The Tor Project, Inc. */
5 /* See LICENSE for licensing information */
6 
7 /**
8  * \file circuituse.c
9  * \brief Launch the right sort of circuits and attach the right streams to
10  * them.
11  *
12  * As distinct from circuitlist.c, which manages lookups to find circuits, and
13  * circuitbuild.c, which handles the logistics of circuit construction, this
14  * module keeps track of which streams can be attached to which circuits (in
15  * circuit_get_best()), and attaches streams to circuits (with
16  * circuit_try_attaching_streams(), connection_ap_handshake_attach_circuit(),
17  * and connection_ap_handshake_attach_chosen_circuit() ).
18  *
19  * This module also makes sure that we are building circuits for all of the
20  * predicted ports, using circuit_remove_handled_ports(),
21  * circuit_stream_is_being_handled(), and circuit_build_needed_cirs(). It
22  * handles launching circuits for specific targets using
23  * circuit_launch_by_extend_info().
24  *
25  * This is also where we handle expiring circuits that have been around for
26  * too long without actually completing, along with the circuit_build_timeout
27  * logic in circuitstats.c.
28  **/
29 
30 #include "core/or/or.h"
31 #include "app/config/config.h"
33 #include "core/or/channel.h"
34 #include "core/or/circuitbuild.h"
35 #include "core/or/circuitlist.h"
36 #include "core/or/circuitstats.h"
37 #include "core/or/circuituse.h"
38 #include "core/or/circuitpadding.h"
40 #include "core/or/extendinfo.h"
41 #include "core/or/policies.h"
42 #include "core/or/trace_probes_circuit.h"
44 #include "feature/client/bridges.h"
45 #include "feature/client/circpathbias.h"
50 #include "feature/hs/hs_circuit.h"
51 #include "feature/hs/hs_client.h"
52 #include "feature/hs/hs_common.h"
53 #include "feature/hs/hs_ident.h"
54 #include "feature/hs/hs_stats.h"
60 #include "feature/relay/selftest.h"
65 #include "lib/math/fp.h"
66 #include "lib/time/tvdiff.h"
67 #include "lib/trace/events.h"
68 
72 #include "core/or/extend_info_st.h"
73 #include "core/or/or_circuit_st.h"
76 
78 static void circuit_increment_failure_count(void);
79 
80 /** Check whether the hidden service destination of the stream at
81  * <b>edge_conn</b> is the same as the destination of the circuit at
82  * <b>origin_circ</b>. */
83 static int
85  const origin_circuit_t *origin_circ)
86 {
87  /* Check if this is a v2 rendezvous circ/stream */
88  if ((edge_conn->rend_data && !origin_circ->rend_data) ||
89  (!edge_conn->rend_data && origin_circ->rend_data) ||
90  (edge_conn->rend_data && origin_circ->rend_data &&
92  rend_data_get_address(origin_circ->rend_data)))) {
93  /* this circ is not for this conn */
94  return 0;
95  }
96 
97  /* Check if this is a v3 rendezvous circ/stream */
98  if ((edge_conn->hs_ident && !origin_circ->hs_ident) ||
99  (!edge_conn->hs_ident && origin_circ->hs_ident) ||
100  (edge_conn->hs_ident && origin_circ->hs_ident &&
101  !ed25519_pubkey_eq(&edge_conn->hs_ident->identity_pk,
102  &origin_circ->hs_ident->identity_pk))) {
103  /* this circ is not for this conn */
104  return 0;
105  }
106 
107  return 1;
108 }
109 
110 /** Return 1 if <b>circ</b> could be returned by circuit_get_best().
111  * Else return 0.
112  */
113 static int
115  const entry_connection_t *conn,
116  int must_be_open, uint8_t purpose,
117  int need_uptime, int need_internal,
118  time_t now)
119 {
120  const circuit_t *circ = TO_CIRCUIT(origin_circ);
121  const node_t *exitnode;
122  cpath_build_state_t *build_state;
123  tor_assert(circ);
124  tor_assert(conn);
125  tor_assert(conn->socks_request);
126 
127  if (must_be_open && (circ->state != CIRCUIT_STATE_OPEN || !circ->n_chan))
128  return 0; /* ignore non-open circs */
129  if (circ->marked_for_close)
130  return 0;
131 
132  /* if this circ isn't our purpose, skip. */
133  if (purpose == CIRCUIT_PURPOSE_C_REND_JOINED && !must_be_open) {
138  return 0;
139  } else if (purpose == CIRCUIT_PURPOSE_C_INTRODUCE_ACK_WAIT &&
140  !must_be_open) {
141  if (circ->purpose != CIRCUIT_PURPOSE_C_INTRODUCING &&
143  return 0;
144  } else {
145  if (purpose != circ->purpose)
146  return 0;
147  }
148 
149  /* If this is a timed-out hidden service circuit, skip it. */
150  if (origin_circ->hs_circ_has_timed_out) {
151  return 0;
152  }
153 
154  if (purpose == CIRCUIT_PURPOSE_C_GENERAL ||
155  purpose == CIRCUIT_PURPOSE_C_HSDIR_GET ||
156  purpose == CIRCUIT_PURPOSE_S_HSDIR_POST ||
157  purpose == CIRCUIT_PURPOSE_HS_VANGUARDS ||
158  purpose == CIRCUIT_PURPOSE_C_REND_JOINED) {
159  if (circ->timestamp_dirty &&
160  circ->timestamp_dirty+get_options()->MaxCircuitDirtiness <= now)
161  return 0;
162  }
163 
164  if (origin_circ->unusable_for_new_conns)
165  return 0;
166 
167  /* decide if this circ is suitable for this conn */
168 
169  /* for rend circs, circ->cpath->prev is not the last router in the
170  * circuit, it's the magical extra service hop. so just check the nickname
171  * of the one we meant to finish at.
172  */
173  build_state = origin_circ->build_state;
174  exitnode = build_state_get_exit_node(build_state);
175 
176  if (need_uptime && !build_state->need_uptime)
177  return 0;
178  if (need_internal != build_state->is_internal)
179  return 0;
180 
181  if (purpose == CIRCUIT_PURPOSE_C_GENERAL ||
182  purpose == CIRCUIT_PURPOSE_S_HSDIR_POST ||
183  purpose == CIRCUIT_PURPOSE_C_HSDIR_GET) {
184  tor_addr_t addr;
185  if (!exitnode && !build_state->onehop_tunnel) {
186  log_debug(LD_CIRC,"Not considering circuit with unknown router.");
187  return 0; /* this circuit is screwed and doesn't know it yet,
188  * or is a rendezvous circuit. */
189  }
190  if (build_state->onehop_tunnel) {
191  if (!conn->want_onehop) {
192  log_debug(LD_CIRC,"Skipping one-hop circuit.");
193  return 0;
194  }
196  if (build_state->chosen_exit) {
197  char digest[DIGEST_LEN];
198  if (hexdigest_to_digest(conn->chosen_exit_name, digest) < 0)
199  return 0; /* broken digest, we don't want it */
200  if (tor_memneq(digest, build_state->chosen_exit->identity_digest,
201  DIGEST_LEN))
202  return 0; /* this is a circuit to somewhere else */
203  if (tor_digest_is_zero(digest)) {
204  /* we don't know the digest; have to compare addr:port */
205  const int family = tor_addr_parse(&addr,
206  conn->socks_request->address);
207  if (family < 0 ||
208  !extend_info_has_orport(build_state->chosen_exit, &addr,
209  conn->socks_request->port))
210  return 0;
211  }
212  }
213  } else {
214  if (conn->want_onehop) {
215  /* don't use three-hop circuits -- that could hurt our anonymity. */
216  return 0;
217  }
218  }
219  if (origin_circ->prepend_policy) {
220  if (tor_addr_parse(&addr, conn->socks_request->address) != -1) {
221  int r = compare_tor_addr_to_addr_policy(&addr,
222  conn->socks_request->port,
223  origin_circ->prepend_policy);
224  if (r == ADDR_POLICY_REJECTED)
225  return 0;
226  }
227  }
228  if (exitnode && !connection_ap_can_use_exit(conn, exitnode)) {
229  /* can't exit from this router */
230  return 0;
231  }
232  } else { /* not general: this might be a rend circuit */
233  const edge_connection_t *edge_conn = ENTRY_TO_EDGE_CONN(conn);
234  if (!circuit_matches_with_rend_stream(edge_conn, origin_circ)) {
235  return 0;
236  }
237  }
238 
239  if (!connection_edge_compatible_with_circuit(conn, origin_circ)) {
240  /* conn needs to be isolated from other conns that have already used
241  * origin_circ */
242  return 0;
243  }
244 
245  return 1;
246 }
247 
248 /** Return 1 if circuit <b>a</b> is better than circuit <b>b</b> for
249  * <b>conn</b>, and return 0 otherwise. Used by circuit_get_best.
250  */
251 static int
253  const entry_connection_t *conn)
254 {
255  const circuit_t *a = TO_CIRCUIT(oa);
256  const circuit_t *b = TO_CIRCUIT(ob);
257  const uint8_t purpose = ENTRY_TO_CONN(conn)->purpose;
258  int a_bits, b_bits;
259 
260  /* If one of the circuits was allowed to live due to relaxing its timeout,
261  * it is definitely worse (it's probably a much slower path). */
262  if (oa->relaxed_timeout && !ob->relaxed_timeout)
263  return 0; /* ob is better. It's not relaxed. */
264  if (!oa->relaxed_timeout && ob->relaxed_timeout)
265  return 1; /* oa is better. It's not relaxed. */
266 
267  switch (purpose) {
271  /* if it's used but less dirty it's best;
272  * else if it's more recently created it's best
273  */
274  if (b->timestamp_dirty) {
275  if (a->timestamp_dirty &&
277  return 1;
278  } else {
279  if (a->timestamp_dirty ||
280  timercmp(&a->timestamp_began, &b->timestamp_began, OP_GT))
281  return 1;
282  if (ob->build_state->is_internal)
283  /* XXXX++ what the heck is this internal thing doing here. I
284  * think we can get rid of it. circuit_is_acceptable() already
285  * makes sure that is_internal is exactly what we need it to
286  * be. -RD */
287  return 1;
288  }
289  break;
291  /* the closer it is to ack_wait the better it is */
292  if (a->purpose > b->purpose)
293  return 1;
294  break;
296  /* the closer it is to rend_joined the better it is */
297  if (a->purpose > b->purpose)
298  return 1;
299  break;
300  }
301 
302  /* XXXX Maybe this check should get a higher priority to avoid
303  * using up circuits too rapidly. */
304 
306  (origin_circuit_t*)oa, 1);
308  (origin_circuit_t*)ob, 1);
309  /* if x_bits < 0, then we have not used x for anything; better not to dirty
310  * a connection if we can help it. */
311  if (a_bits < 0) {
312  return 0;
313  } else if (b_bits < 0) {
314  return 1;
315  }
316  a_bits &= ~ oa->isolation_flags_mixed;
317  a_bits &= ~ ob->isolation_flags_mixed;
318  if (n_bits_set_u8(a_bits) < n_bits_set_u8(b_bits)) {
319  /* The fewer new restrictions we need to make on a circuit for stream
320  * isolation, the better. */
321  return 1;
322  }
323 
324  return 0;
325 }
326 
327 /** Find the best circ that conn can use, preferably one which is
328  * dirty. Circ must not be too old.
329  *
330  * Conn must be defined.
331  *
332  * If must_be_open, ignore circs not in CIRCUIT_STATE_OPEN.
333  *
334  * circ_purpose specifies what sort of circuit we must have.
335  * It can be C_GENERAL, C_INTRODUCE_ACK_WAIT, or C_REND_JOINED.
336  *
337  * If it's REND_JOINED and must_be_open==0, then return the closest
338  * rendezvous-purposed circuit that you can find.
339  *
340  * If it's INTRODUCE_ACK_WAIT and must_be_open==0, then return the
341  * closest introduce-purposed circuit that you can find.
342  */
343 static origin_circuit_t *
345  int must_be_open, uint8_t purpose,
346  int need_uptime, int need_internal)
347 {
348  origin_circuit_t *best=NULL;
349  struct timeval now;
350  int intro_going_on_but_too_old = 0;
351 
352  tor_assert(conn);
353 
355  purpose == CIRCUIT_PURPOSE_HS_VANGUARDS ||
356  purpose == CIRCUIT_PURPOSE_C_HSDIR_GET ||
357  purpose == CIRCUIT_PURPOSE_S_HSDIR_POST ||
359  purpose == CIRCUIT_PURPOSE_C_REND_JOINED);
360 
361  tor_gettimeofday(&now);
362 
364  origin_circuit_t *origin_circ;
365  if (!CIRCUIT_IS_ORIGIN(circ))
366  continue;
367  origin_circ = TO_ORIGIN_CIRCUIT(circ);
368 
369  /* Log an info message if we're going to launch a new intro circ in
370  * parallel */
371  if (purpose == CIRCUIT_PURPOSE_C_INTRODUCE_ACK_WAIT &&
372  !must_be_open && origin_circ->hs_circ_has_timed_out &&
373  !circ->marked_for_close) {
374  intro_going_on_but_too_old = 1;
375  continue;
376  }
377 
378  if (!circuit_is_acceptable(origin_circ,conn,must_be_open,purpose,
379  need_uptime,need_internal, (time_t)now.tv_sec))
380  continue;
381 
382  /* now this is an acceptable circ to hand back. but that doesn't
383  * mean it's the *best* circ to hand back. try to decide.
384  */
385  if (!best || circuit_is_better(origin_circ,best,conn))
386  best = origin_circ;
387  }
388  SMARTLIST_FOREACH_END(circ);
389 
390  if (!best && intro_going_on_but_too_old)
391  log_info(LD_REND|LD_CIRC, "There is an intro circuit being created "
392  "right now, but it has already taken quite a while. Starting "
393  "one in parallel.");
394 
395  return best;
396 }
397 
398 /** Return the number of not-yet-open general-purpose origin circuits. */
399 static int
401 {
402  int count = 0;
403 
405  if (circ->marked_for_close ||
406  circ->state == CIRCUIT_STATE_OPEN ||
408  !CIRCUIT_IS_ORIGIN(circ))
409  continue;
410 
411  ++count;
412  }
413  SMARTLIST_FOREACH_END(circ);
414 
415  return count;
416 }
417 
418 #if 0
419 /** Check whether, according to the policies in <b>options</b>, the
420  * circuit <b>circ</b> makes sense. */
421 /* XXXX currently only checks Exclude{Exit}Nodes; it should check more.
422  * Also, it doesn't have the right definition of an exit circuit. Also,
423  * it's never called. */
424 int
425 circuit_conforms_to_options(const origin_circuit_t *circ,
426  const or_options_t *options)
427 {
428  const crypt_path_t *cpath, *cpath_next = NULL;
429 
430  /* first check if it includes any excluded nodes */
431  for (cpath = circ->cpath; cpath_next != circ->cpath; cpath = cpath_next) {
432  cpath_next = cpath->next;
434  cpath->extend_info))
435  return 0;
436  }
437 
438  /* then consider the final hop */
440  circ->cpath->prev->extend_info))
441  return 0;
442 
443  return 1;
444 }
445 #endif /* 0 */
446 
447 /**
448  * Close all circuits that start at us, aren't open, and were born
449  * at least CircuitBuildTimeout seconds ago.
450  *
451  * TODO: This function is now partially redundant to
452  * circuit_build_times_handle_completed_hop(), but that function only
453  * covers circuits up to and including 3 hops that are still actually
454  * completing hops. However, circuit_expire_building() also handles longer
455  * circuits, as well as circuits that are completely stalled.
456  * In the future (after prop247/other path selection revamping), we probably
457  * want to eliminate this rats nest in favor of a simpler approach.
458  */
459 void
461 {
462  /* circ_times.timeout_ms and circ_times.close_ms are from
463  * circuit_build_times_get_initial_timeout() if we haven't computed
464  * custom timeouts yet */
465  struct timeval general_cutoff, begindir_cutoff, fourhop_cutoff,
466  close_cutoff, extremely_old_cutoff, hs_extremely_old_cutoff,
467  cannibalized_cutoff, c_intro_cutoff, s_intro_cutoff, stream_cutoff;
468  const or_options_t *options = get_options();
469  struct timeval now;
470  cpath_build_state_t *build_state;
471  int any_opened_circs = 0;
472 
473  tor_gettimeofday(&now);
474 
475  /* Check to see if we have any opened circuits. If we don't,
476  * we want to be more lenient with timeouts, in case the
477  * user has relocated and/or changed network connections.
478  * See bug #3443. */
479  any_opened_circs = circuit_any_opened_circuits();
480 
481 #define SET_CUTOFF(target, msec) do { \
482  long ms = tor_lround(msec); \
483  struct timeval diff; \
484  diff.tv_sec = ms / 1000; \
485  diff.tv_usec = (int)((ms % 1000) * 1000); \
486  timersub(&now, &diff, &target); \
487  } while (0)
488 
489  /**
490  * Because circuit build timeout is calculated only based on 3 hop
491  * general purpose circuit construction, we need to scale the timeout
492  * to make it properly apply to longer circuits, and circuits of
493  * certain usage types. The following diagram illustrates how we
494  * derive the scaling below. In short, we calculate the number
495  * of times our telescoping-based circuit construction causes cells
496  * to traverse each link for the circuit purpose types in question,
497  * and then assume each link is equivalent.
498  *
499  * OP --a--> A --b--> B --c--> C
500  * OP --a--> A --b--> B --c--> C --d--> D
501  *
502  * Let h = a = b = c = d
503  *
504  * Three hops (general_cutoff)
505  * RTTs = 3a + 2b + c
506  * RTTs = 6h
507  * Cannibalized:
508  * RTTs = a+b+c+d
509  * RTTs = 4h
510  * Four hops:
511  * RTTs = 4a + 3b + 2c + d
512  * RTTs = 10h
513  * Client INTRODUCE1+ACK: // XXX: correct?
514  * RTTs = 5a + 4b + 3c + 2d
515  * RTTs = 14h
516  * Server intro:
517  * RTTs = 4a + 3b + 2c
518  * RTTs = 9h
519  */
520  SET_CUTOFF(general_cutoff, get_circuit_build_timeout_ms());
521  SET_CUTOFF(begindir_cutoff, get_circuit_build_timeout_ms());
522 
523  // TODO: We should probably use route_len_for_purpose() here instead,
524  // except that does not count the extra round trip for things like server
525  // intros and rends.
526 
527  /* > 3hop circs seem to have a 1.0 second delay on their cannibalized
528  * 4th hop. */
529  SET_CUTOFF(fourhop_cutoff, get_circuit_build_timeout_ms() * (10/6.0) + 1000);
530 
531  /* CIRCUIT_PURPOSE_C_ESTABLISH_REND behaves more like a RELAY cell.
532  * Use the stream cutoff (more or less). */
533  SET_CUTOFF(stream_cutoff, MAX(options->CircuitStreamTimeout,15)*1000 + 1000);
534 
535  /* Be lenient with cannibalized circs. They already survived the official
536  * CBT, and they're usually not performance-critical. */
537  SET_CUTOFF(cannibalized_cutoff,
539  options->CircuitStreamTimeout * 1000) + 1000);
540 
541  /* Intro circs have an extra round trip (and are also 4 hops long) */
542  SET_CUTOFF(c_intro_cutoff, get_circuit_build_timeout_ms() * (14/6.0) + 1000);
543 
544  /* Server intro circs have an extra round trip */
545  SET_CUTOFF(s_intro_cutoff, get_circuit_build_timeout_ms() * (9/6.0) + 1000);
546 
547  SET_CUTOFF(close_cutoff, get_circuit_build_close_time_ms());
548  SET_CUTOFF(extremely_old_cutoff, get_circuit_build_close_time_ms()*2 + 1000);
549 
550  SET_CUTOFF(hs_extremely_old_cutoff,
552  options->SocksTimeout * 1000));
553 
554  bool fixed_time = circuit_build_times_disabled(get_options());
555 
557  struct timeval cutoff;
558 
559  if (!CIRCUIT_IS_ORIGIN(victim) || /* didn't originate here */
560  victim->marked_for_close) /* don't mess with marked circs */
561  continue;
562 
563  /* If we haven't yet started the first hop, it means we don't have
564  * any orconns available, and thus have not started counting time yet
565  * for this circuit. See circuit_deliver_create_cell() and uses of
566  * timestamp_began.
567  *
568  * Continue to wait in this case. The ORConn should timeout
569  * independently and kill us then.
570  */
571  if (TO_ORIGIN_CIRCUIT(victim)->cpath->state == CPATH_STATE_CLOSED) {
572  continue;
573  }
574 
575  build_state = TO_ORIGIN_CIRCUIT(victim)->build_state;
576  if (build_state && build_state->onehop_tunnel)
577  cutoff = begindir_cutoff;
578  else if (victim->purpose == CIRCUIT_PURPOSE_C_MEASURE_TIMEOUT)
579  cutoff = close_cutoff;
580  else if (victim->purpose == CIRCUIT_PURPOSE_C_INTRODUCE_ACK_WAIT)
581  cutoff = c_intro_cutoff;
582  else if (victim->purpose == CIRCUIT_PURPOSE_S_ESTABLISH_INTRO)
583  cutoff = s_intro_cutoff;
584  else if (victim->purpose == CIRCUIT_PURPOSE_C_ESTABLISH_REND)
585  cutoff = stream_cutoff;
586  else if (victim->purpose == CIRCUIT_PURPOSE_PATH_BIAS_TESTING)
587  cutoff = close_cutoff;
588  else if (TO_ORIGIN_CIRCUIT(victim)->has_opened &&
589  victim->state != CIRCUIT_STATE_OPEN)
590  cutoff = cannibalized_cutoff;
591  else if (build_state && build_state->desired_path_len >= 4)
592  cutoff = fourhop_cutoff;
593  else
594  cutoff = general_cutoff;
595 
596  if (TO_ORIGIN_CIRCUIT(victim)->hs_circ_has_timed_out)
597  cutoff = hs_extremely_old_cutoff;
598 
599  if (timercmp(&victim->timestamp_began, &cutoff, OP_GT))
600  continue; /* it's still young, leave it alone */
601 
602  /* We need to double-check the opened state here because
603  * we don't want to consider opened 1-hop dircon circuits for
604  * deciding when to relax the timeout, but we *do* want to relax
605  * those circuits too if nothing else is opened *and* they still
606  * aren't either. */
607  if (!any_opened_circs && victim->state != CIRCUIT_STATE_OPEN) {
608  /* It's still young enough that we wouldn't close it, right? */
609  if (timercmp(&victim->timestamp_began, &close_cutoff, OP_GT)) {
610  if (!TO_ORIGIN_CIRCUIT(victim)->relaxed_timeout) {
611  int first_hop_succeeded = TO_ORIGIN_CIRCUIT(victim)->cpath->state
612  == CPATH_STATE_OPEN;
613  if (!fixed_time) {
614  log_info(LD_CIRC,
615  "No circuits are opened. Relaxing timeout for circuit %d "
616  "(a %s %d-hop circuit in state %s with channel state %s).",
617  TO_ORIGIN_CIRCUIT(victim)->global_identifier,
618  circuit_purpose_to_string(victim->purpose),
619  TO_ORIGIN_CIRCUIT(victim)->build_state ?
620  TO_ORIGIN_CIRCUIT(victim)->build_state->desired_path_len :
621  -1,
622  circuit_state_to_string(victim->state),
623  victim->n_chan ?
624  channel_state_to_string(victim->n_chan->state) : "none");
625  }
626 
627  /* We count the timeout here for CBT, because technically this
628  * was a timeout, and the timeout value needs to reset if we
629  * see enough of them. Note this means we also need to avoid
630  * double-counting below, too. */
632  first_hop_succeeded);
633  TO_ORIGIN_CIRCUIT(victim)->relaxed_timeout = 1;
634  }
635  continue;
636  } else {
637  static ratelim_t relax_timeout_limit = RATELIM_INIT(3600);
638  const double build_close_ms = get_circuit_build_close_time_ms();
639  if (!fixed_time) {
640  log_fn_ratelim(&relax_timeout_limit, LOG_NOTICE, LD_CIRC,
641  "No circuits are opened. Relaxed timeout for circuit %d "
642  "(a %s %d-hop circuit in state %s with channel state %s) to "
643  "%ldms. However, it appears the circuit has timed out "
644  "anyway.",
645  TO_ORIGIN_CIRCUIT(victim)->global_identifier,
646  circuit_purpose_to_string(victim->purpose),
647  TO_ORIGIN_CIRCUIT(victim)->build_state ?
648  TO_ORIGIN_CIRCUIT(victim)->build_state->desired_path_len :
649  -1,
650  circuit_state_to_string(victim->state),
651  victim->n_chan ?
652  channel_state_to_string(victim->n_chan->state) : "none",
653  (long)build_close_ms);
654  }
655  }
656  }
657 
658 #if 0
659  /* some debug logs, to help track bugs */
660  if (victim->purpose >= CIRCUIT_PURPOSE_C_INTRODUCING &&
661  victim->purpose <= CIRCUIT_PURPOSE_C_REND_READY_INTRO_ACKED) {
662  if (!victim->timestamp_dirty)
663  log_fn(LOG_DEBUG,"Considering %sopen purpose %d to %s (circid %d)."
664  "(clean).",
665  victim->state == CIRCUIT_STATE_OPEN ? "" : "non",
666  victim->purpose, victim->build_state->chosen_exit_name,
667  victim->n_circ_id);
668  else
669  log_fn(LOG_DEBUG,"Considering %sopen purpose %d to %s (circid %d). "
670  "%d secs since dirty.",
671  victim->state == CIRCUIT_STATE_OPEN ? "" : "non",
672  victim->purpose, victim->build_state->chosen_exit_name,
673  victim->n_circ_id,
674  (int)(now - victim->timestamp_dirty));
675  }
676 #endif /* 0 */
677 
678  /* if circ is !open, or if it's open but purpose is a non-finished
679  * intro or rend, then mark it for close */
680  if (victim->state == CIRCUIT_STATE_OPEN) {
681  switch (victim->purpose) {
682  default: /* most open circuits can be left alone. */
683  continue; /* yes, continue inside a switch refers to the nearest
684  * enclosing loop. C is smart. */
686  break; /* too old, need to die */
688  /* it's a rend_ready circ -- has it already picked a query? */
689  /* c_rend_ready circs measure age since timestamp_dirty,
690  * because that's set when they switch purposes
691  */
692  if (TO_ORIGIN_CIRCUIT(victim)->rend_data ||
693  TO_ORIGIN_CIRCUIT(victim)->hs_ident ||
694  victim->timestamp_dirty > cutoff.tv_sec)
695  continue;
696  break;
698  /* Open path bias testing circuits are given a long
699  * time to complete the test, but not forever */
701  break;
703  /* That purpose means that the intro point circuit has been opened
704  * successfully but the INTRODUCE1 cell hasn't been sent yet because
705  * the client is waiting for the rendezvous point circuit to open.
706  * Keep this circuit open while waiting for the rendezvous circuit.
707  * We let the circuit idle timeout take care of cleaning this
708  * circuit if it never used. */
709  continue;
713  /* rend and intro circs become dirty each time they
714  * make an introduction attempt. so timestamp_dirty
715  * will reflect the time since the last attempt.
716  */
717  if (victim->timestamp_dirty > cutoff.tv_sec)
718  continue;
719  break;
720  }
721  } else { /* circuit not open, consider recording failure as timeout */
722  int first_hop_succeeded = TO_ORIGIN_CIRCUIT(victim)->cpath &&
723  TO_ORIGIN_CIRCUIT(victim)->cpath->state == CPATH_STATE_OPEN;
724 
725  if (TO_ORIGIN_CIRCUIT(victim)->p_streams != NULL) {
726  log_warn(LD_BUG, "Circuit %d (purpose %d, %s) has timed out, "
727  "yet has attached streams!",
728  TO_ORIGIN_CIRCUIT(victim)->global_identifier,
729  victim->purpose,
730  circuit_purpose_to_string(victim->purpose));
732  continue;
733  }
734 
737 
738  log_info(LD_CIRC,
739  "Deciding to count the timeout for circuit %"PRIu32,
740  TO_ORIGIN_CIRCUIT(victim)->global_identifier);
741 
742  /* Circuits are allowed to last longer for measurement.
743  * Switch their purpose and wait. */
744  if (victim->purpose != CIRCUIT_PURPOSE_C_MEASURE_TIMEOUT) {
746  victim));
747  continue;
748  }
749 
750  /*
751  * If the circuit build time is much greater than we would have cut
752  * it off at, we probably had a suspend event along this codepath,
753  * and we should discard the value.
754  */
755  if (timercmp(&victim->timestamp_began, &extremely_old_cutoff, OP_LT)) {
756  log_notice(LD_CIRC,
757  "Extremely large value for circuit build timeout: %lds. "
758  "Assuming clock jump. Purpose %d (%s)",
759  (long)(now.tv_sec - victim->timestamp_began.tv_sec),
760  victim->purpose,
761  circuit_purpose_to_string(victim->purpose));
764  first_hop_succeeded,
765  (time_t)victim->timestamp_created.tv_sec)) {
767  }
768  }
769  }
770 
771  /* If this is a hidden service client circuit which is far enough along in
772  * connecting to its destination, and we haven't already flagged it as
773  * 'timed out', flag it so we'll launch another intro or rend circ, but
774  * don't mark it for close yet.
775  *
776  * (Circs flagged as 'timed out' are given a much longer timeout
777  * period above, so we won't close them in the next call to
778  * circuit_expire_building.) */
779  if (!(TO_ORIGIN_CIRCUIT(victim)->hs_circ_has_timed_out)) {
780  switch (victim->purpose) {
782  /* We only want to spare a rend circ iff it has been specified in an
783  * INTRODUCE1 cell sent to a hidden service. */
784  if (!hs_circ_is_rend_sent_in_intro1(CONST_TO_ORIGIN_CIRCUIT(victim))) {
785  break;
786  }
787  FALLTHROUGH;
790  /* If we have reached this line, we want to spare the circ for now. */
791  log_info(LD_CIRC,"Marking circ %u (state %d:%s, purpose %d) "
792  "as timed-out HS circ",
793  (unsigned)victim->n_circ_id,
794  victim->state, circuit_state_to_string(victim->state),
795  victim->purpose);
797  continue;
798  default:
799  break;
800  }
801  }
802 
803  /* If this is a service-side rendezvous circuit which is far
804  * enough along in connecting to its destination, consider sparing
805  * it. */
806  if (!(TO_ORIGIN_CIRCUIT(victim)->hs_circ_has_timed_out) &&
807  victim->purpose == CIRCUIT_PURPOSE_S_CONNECT_REND) {
808  log_info(LD_CIRC,"Marking circ %u (state %d:%s, purpose %d) "
809  "as timed-out HS circ; relaunching rendezvous attempt.",
810  (unsigned)victim->n_circ_id,
811  victim->state, circuit_state_to_string(victim->state),
812  victim->purpose);
815  continue;
816  }
817 
818  if (victim->n_chan)
819  log_info(LD_CIRC,
820  "Abandoning circ %u %s:%u (state %d,%d:%s, purpose %d, "
821  "len %d)", TO_ORIGIN_CIRCUIT(victim)->global_identifier,
822  channel_describe_peer(victim->n_chan),
823  (unsigned)victim->n_circ_id,
824  TO_ORIGIN_CIRCUIT(victim)->has_opened,
825  victim->state, circuit_state_to_string(victim->state),
826  victim->purpose,
827  TO_ORIGIN_CIRCUIT(victim)->build_state ?
828  TO_ORIGIN_CIRCUIT(victim)->build_state->desired_path_len :
829  -1);
830  else
831  log_info(LD_CIRC,
832  "Abandoning circ %u %u (state %d,%d:%s, purpose %d, len %d)",
833  TO_ORIGIN_CIRCUIT(victim)->global_identifier,
834  (unsigned)victim->n_circ_id,
835  TO_ORIGIN_CIRCUIT(victim)->has_opened,
836  victim->state,
837  circuit_state_to_string(victim->state), victim->purpose,
838  TO_ORIGIN_CIRCUIT(victim)->build_state ?
839  TO_ORIGIN_CIRCUIT(victim)->build_state->desired_path_len :
840  -1);
841 
843  tor_trace(TR_SUBSYS(circuit), TR_EV(timeout), TO_ORIGIN_CIRCUIT(victim));
844  if (victim->purpose == CIRCUIT_PURPOSE_C_MEASURE_TIMEOUT)
845  circuit_mark_for_close(victim, END_CIRC_REASON_MEASUREMENT_EXPIRED);
846  else
847  circuit_mark_for_close(victim, END_CIRC_REASON_TIMEOUT);
848 
850  } SMARTLIST_FOREACH_END(victim);
851 }
852 
853 /**
854  * Mark for close all circuits that start here, that were built through a
855  * guard we weren't sure if we wanted to use, and that have been waiting
856  * around for way too long.
857  */
858 void
860 {
862  origin_circuit_t *, circ) {
863  if (TO_CIRCUIT(circ)->marked_for_close)
864  continue;
865  if (circ->guard_state == NULL)
866  continue;
868  circuit_mark_for_close(TO_CIRCUIT(circ), END_CIRC_REASON_NONE);
869  } SMARTLIST_FOREACH_END(circ);
870 }
871 
872 /** For debugging #8387: track when we last called
873  * circuit_expire_old_circuits_clientside. */
875 
876 /**
877  * As a diagnostic for bug 8387, log information about how many one-hop
878  * circuits we have around that have been there for at least <b>age</b>
879  * seconds. Log a few of them. Ignores Single Onion Service intro, it is
880  * expected to be long-term one-hop circuits.
881  */
882 void
884 {
885 #define MAX_ANCIENT_ONEHOP_CIRCUITS_TO_LOG 10
886  time_t now = time(NULL);
887  time_t cutoff = now - age;
888  int n_found = 0;
889  smartlist_t *log_these = smartlist_new();
890  const or_options_t *options = get_options();
891 
893  const origin_circuit_t *ocirc;
894  if (! CIRCUIT_IS_ORIGIN(circ))
895  continue;
896  if (circ->timestamp_created.tv_sec >= cutoff)
897  continue;
898  /* Single Onion Services deliberately make long term one-hop intro
899  * and rendezvous connections. Don't log the established ones. */
900  if (rend_service_allow_non_anonymous_connection(options) &&
901  (circ->purpose == CIRCUIT_PURPOSE_S_INTRO ||
902  circ->purpose == CIRCUIT_PURPOSE_S_REND_JOINED))
903  continue;
904  ocirc = CONST_TO_ORIGIN_CIRCUIT(circ);
905 
906  if (ocirc->build_state && ocirc->build_state->onehop_tunnel) {
907  ++n_found;
908 
909  if (smartlist_len(log_these) < MAX_ANCIENT_ONEHOP_CIRCUITS_TO_LOG)
910  smartlist_add(log_these, (origin_circuit_t*) ocirc);
911  }
912  }
913  SMARTLIST_FOREACH_END(circ);
914 
915  if (n_found == 0)
916  goto done;
917 
918  log_notice(LD_HEARTBEAT,
919  "Diagnostic for issue 8387: Found %d one-hop circuits more "
920  "than %d seconds old! Logging %d...",
921  n_found, age, smartlist_len(log_these));
922 
923  SMARTLIST_FOREACH_BEGIN(log_these, const origin_circuit_t *, ocirc) {
924  char created[ISO_TIME_LEN+1];
925  int stream_num;
926  const edge_connection_t *conn;
927  char *dirty = NULL;
928  const circuit_t *circ = TO_CIRCUIT(ocirc);
929 
930  format_local_iso_time(created,
931  (time_t)circ->timestamp_created.tv_sec);
932 
933  if (circ->timestamp_dirty) {
934  char dirty_since[ISO_TIME_LEN+1];
935  format_local_iso_time(dirty_since, circ->timestamp_dirty);
936 
937  tor_asprintf(&dirty, "Dirty since %s (%ld seconds vs %ld-second cutoff)",
938  dirty_since, (long)(now - circ->timestamp_dirty),
939  (long) options->MaxCircuitDirtiness);
940  } else {
941  dirty = tor_strdup("Not marked dirty");
942  }
943 
944  log_notice(LD_HEARTBEAT, " #%d created at %s. %s, %s. %s for close. "
945  "Package window: %d. "
946  "%s for new conns. %s.",
947  ocirc_sl_idx,
948  created,
951  circ->marked_for_close ? "Marked" : "Not marked",
952  circ->package_window,
953  ocirc->unusable_for_new_conns ? "Not usable" : "usable",
954  dirty);
955  tor_free(dirty);
956 
957  stream_num = 0;
958  for (conn = ocirc->p_streams; conn; conn = conn->next_stream) {
959  const connection_t *c = TO_CONN(conn);
960  char stream_created[ISO_TIME_LEN+1];
961  if (++stream_num >= 5)
962  break;
963 
964  format_local_iso_time(stream_created, c->timestamp_created);
965 
966  log_notice(LD_HEARTBEAT, " Stream#%d created at %s. "
967  "%s conn in state %s. "
968  "It is %slinked and %sreading from a linked connection %p. "
969  "Package window %d. "
970  "%s for close (%s:%d). Hold-open is %sset. "
971  "Has %ssent RELAY_END. %s on circuit.",
972  stream_num,
973  stream_created,
976  c->linked ? "" : "not ",
977  c->reading_from_linked_conn ? "": "not",
978  c->linked_conn,
979  conn->package_window,
980  c->marked_for_close ? "Marked" : "Not marked",
982  c->marked_for_close,
983  c->hold_open_until_flushed ? "" : "not ",
984  conn->edge_has_sent_end ? "" : "not ",
985  conn->edge_blocked_on_circ ? "Blocked" : "Not blocked");
986  if (! c->linked_conn)
987  continue;
988 
989  c = c->linked_conn;
990 
991  log_notice(LD_HEARTBEAT, " Linked to %s connection in state %s "
992  "(Purpose %d). %s for close (%s:%d). Hold-open is %sset. ",
995  c->purpose,
996  c->marked_for_close ? "Marked" : "Not marked",
998  c->marked_for_close,
999  c->hold_open_until_flushed ? "" : "not ");
1000  }
1001  } SMARTLIST_FOREACH_END(ocirc);
1002 
1003  log_notice(LD_HEARTBEAT, "It has been %ld seconds since I last called "
1004  "circuit_expire_old_circuits_clientside().",
1005  (long)(now - last_expired_clientside_circuits));
1006 
1007  done:
1008  smartlist_free(log_these);
1009 }
1010 
1011 /** Remove any elements in <b>needed_ports</b> that are handled by an
1012  * open or in-progress circuit.
1013  */
1014 void
1016 {
1017  int i;
1018  uint16_t *port;
1019 
1020  for (i = 0; i < smartlist_len(needed_ports); ++i) {
1021  port = smartlist_get(needed_ports, i);
1022  tor_assert(*port);
1023  if (circuit_stream_is_being_handled(NULL, *port,
1025  log_debug(LD_CIRC,"Port %d is already being handled; removing.", *port);
1026  smartlist_del(needed_ports, i--);
1027  tor_free(port);
1028  } else {
1029  log_debug(LD_CIRC,"Port %d is not handled.", *port);
1030  }
1031  }
1032 }
1033 
1034 /** Return 1 if at least <b>min</b> general-purpose non-internal circuits
1035  * will have an acceptable exit node for exit stream <b>conn</b> if it
1036  * is defined, else for "*:port".
1037  * Else return 0.
1038  */
1039 int
1041  uint16_t port, int min)
1042 {
1043  const node_t *exitnode;
1044  int num=0;
1045  time_t now = time(NULL);
1046  int need_uptime = smartlist_contains_int_as_string(
1047  get_options()->LongLivedPorts,
1048  conn ? conn->socks_request->port : port);
1049 
1051  if (CIRCUIT_IS_ORIGIN(circ) &&
1052  !circ->marked_for_close &&
1053  circ->purpose == CIRCUIT_PURPOSE_C_GENERAL &&
1054  (!circ->timestamp_dirty ||
1055  circ->timestamp_dirty + get_options()->MaxCircuitDirtiness > now)) {
1056  origin_circuit_t *origin_circ = TO_ORIGIN_CIRCUIT(circ);
1057  cpath_build_state_t *build_state = origin_circ->build_state;
1058  if (build_state->is_internal || build_state->onehop_tunnel)
1059  continue;
1060  if (origin_circ->unusable_for_new_conns)
1061  continue;
1062  if (origin_circ->isolation_values_set &&
1063  (conn == NULL ||
1064  !connection_edge_compatible_with_circuit(conn, origin_circ)))
1065  continue;
1066 
1067  exitnode = build_state_get_exit_node(build_state);
1068  if (exitnode && (!need_uptime || build_state->need_uptime)) {
1069  int ok;
1070  if (conn) {
1071  ok = connection_ap_can_use_exit(conn, exitnode);
1072  } else {
1074  r = compare_tor_addr_to_node_policy(NULL, port, exitnode);
1076  }
1077  if (ok) {
1078  if (++num >= min)
1079  return 1;
1080  }
1081  }
1082  }
1083  }
1084  SMARTLIST_FOREACH_END(circ);
1085  return 0;
1086 }
1087 
1088 /** Don't keep more than this many unused open circuits around. */
1089 #define MAX_UNUSED_OPEN_CIRCUITS 14
1091 /* Return true if a circuit is available for use, meaning that it is open,
1092  * clean, usable for new multi-hop connections, and a general purpose origin
1093  * circuit.
1094  * Accept any kind of circuit, return false if the above conditions are not
1095  * met. */
1096 STATIC int
1097 circuit_is_available_for_use(const circuit_t *circ)
1098 {
1099  const origin_circuit_t *origin_circ;
1100  cpath_build_state_t *build_state;
1101 
1102  if (!CIRCUIT_IS_ORIGIN(circ))
1103  return 0; /* We first filter out only origin circuits before doing the
1104  following checks. */
1105  if (circ->marked_for_close)
1106  return 0; /* Don't mess with marked circs */
1107  if (circ->timestamp_dirty)
1108  return 0; /* Only count clean circs */
1109  if (circ->purpose != CIRCUIT_PURPOSE_C_GENERAL &&
1111  return 0; /* We only pay attention to general purpose circuits.
1112  General purpose circuits are always origin circuits. */
1113 
1114  origin_circ = CONST_TO_ORIGIN_CIRCUIT(circ);
1115  if (origin_circ->unusable_for_new_conns)
1116  return 0;
1117 
1118  build_state = origin_circ->build_state;
1119  if (build_state->onehop_tunnel)
1120  return 0;
1121 
1122  return 1;
1123 }
1124 
1125 /* Return true if we need any more exit circuits.
1126  * needs_uptime and needs_capacity are set only if we need more exit circuits.
1127  * Check if we know of a port that's been requested recently and no circuit
1128  * is currently available that can handle it. */
1129 STATIC int
1130 needs_exit_circuits(time_t now, int *needs_uptime, int *needs_capacity)
1131 {
1132  return (!circuit_all_predicted_ports_handled(now, needs_uptime,
1133  needs_capacity) &&
1134  router_have_consensus_path() == CONSENSUS_PATH_EXIT);
1135 }
1136 
1137 /* Hidden services need at least this many internal circuits */
1138 #define SUFFICIENT_UPTIME_INTERNAL_HS_SERVERS 3
1139 
1140 /* Return true if we need any more hidden service server circuits.
1141  * HS servers only need an internal circuit. */
1142 STATIC int
1143 needs_hs_server_circuits(time_t now, int num_uptime_internal)
1144 {
1146  /* No services, we don't need anything. */
1147  goto no_need;
1148  }
1149 
1150  if (num_uptime_internal >= SUFFICIENT_UPTIME_INTERNAL_HS_SERVERS) {
1151  /* We have sufficient amount of internal circuit. */
1152  goto no_need;
1153  }
1154 
1155  if (router_have_consensus_path() == CONSENSUS_PATH_UNKNOWN) {
1156  /* Consensus hasn't been checked or might be invalid so requesting
1157  * internal circuits is not wise. */
1158  goto no_need;
1159  }
1160 
1161  /* At this point, we need a certain amount of circuits and we will most
1162  * likely use them for rendezvous so we note down the use of internal
1163  * circuit for our prediction for circuit needing uptime and capacity. */
1164  rep_hist_note_used_internal(now, 1, 1);
1165 
1166  return 1;
1167  no_need:
1168  return 0;
1169 }
1170 
1171 /* We need at least this many internal circuits for hidden service clients */
1172 #define SUFFICIENT_INTERNAL_HS_CLIENTS 3
1173 
1174 /* We need at least this much uptime for internal circuits for hidden service
1175  * clients */
1176 #define SUFFICIENT_UPTIME_INTERNAL_HS_CLIENTS 2
1177 
1178 /* Return true if we need any more hidden service client circuits.
1179  * HS clients only need an internal circuit. */
1180 STATIC int
1181 needs_hs_client_circuits(time_t now, int *needs_uptime, int *needs_capacity,
1182  int num_internal, int num_uptime_internal)
1183 {
1184  int used_internal_recently = rep_hist_get_predicted_internal(now,
1185  needs_uptime,
1186  needs_capacity);
1187  int requires_uptime = num_uptime_internal <
1188  SUFFICIENT_UPTIME_INTERNAL_HS_CLIENTS &&
1189  needs_uptime;
1190 
1191  return (used_internal_recently &&
1192  (requires_uptime || num_internal < SUFFICIENT_INTERNAL_HS_CLIENTS) &&
1193  router_have_consensus_path() != CONSENSUS_PATH_UNKNOWN);
1194 }
1195 
1196 /* This is how many circuits can be opened concurrently during the cbt learning
1197  * phase. This number cannot exceed the tor-wide MAX_UNUSED_OPEN_CIRCUITS. */
1198 #define DFLT_CBT_UNUSED_OPEN_CIRCS (10)
1199 #define MIN_CBT_UNUSED_OPEN_CIRCS 0
1200 #define MAX_CBT_UNUSED_OPEN_CIRCS MAX_UNUSED_OPEN_CIRCUITS
1201 
1202 /* Return true if we need more circuits for a good build timeout.
1203  * XXXX make the assumption that build timeout streams should be
1204  * created whenever we can build internal circuits. */
1205 STATIC int
1206 needs_circuits_for_build(int num)
1207 {
1208  if (router_have_consensus_path() != CONSENSUS_PATH_UNKNOWN) {
1209  if (num < networkstatus_get_param(NULL, "cbtmaxopencircs",
1210  DFLT_CBT_UNUSED_OPEN_CIRCS,
1211  MIN_CBT_UNUSED_OPEN_CIRCS,
1212  MAX_CBT_UNUSED_OPEN_CIRCS) &&
1215  return 1;
1216  }
1217  }
1218  return 0;
1219 }
1220 
1221 /**
1222  * Launch the appropriate type of predicted circuit for hidden
1223  * services, depending on our options.
1224  */
1225 static void
1227 {
1228  /* K.I.S.S. implementation of bug #23101: If we are using
1229  * vanguards or pinned middles, pre-build a specific purpose
1230  * for HS circs. */
1233  } else {
1234  /* If no vanguards, then no HS-specific prebuilt circuits are needed.
1235  * Normal GENERAL circs are fine */
1237  }
1238 }
1239 
1240 /** Determine how many circuits we have open that are clean,
1241  * Make sure it's enough for all the upcoming behaviors we predict we'll have.
1242  * But put an upper bound on the total number of circuits.
1243  */
1244 static void
1246 {
1247  int num=0, num_internal=0, num_uptime_internal=0;
1248  int hidserv_needs_uptime=0, hidserv_needs_capacity=1;
1249  int port_needs_uptime=0, port_needs_capacity=1;
1250  time_t now = time(NULL);
1251  int flags = 0;
1252 
1253  /* Count how many of each type of circuit we currently have. */
1255  if (!circuit_is_available_for_use(circ))
1256  continue;
1257 
1258  num++;
1259 
1260  cpath_build_state_t *build_state = TO_ORIGIN_CIRCUIT(circ)->build_state;
1261  if (build_state->is_internal)
1262  num_internal++;
1263  if (build_state->need_uptime && build_state->is_internal)
1264  num_uptime_internal++;
1265  }
1266  SMARTLIST_FOREACH_END(circ);
1267 
1268  /* If that's enough, then stop now. */
1269  if (num >= MAX_UNUSED_OPEN_CIRCUITS)
1270  return;
1271 
1272  if (needs_exit_circuits(now, &port_needs_uptime, &port_needs_capacity)) {
1273  if (port_needs_uptime)
1274  flags |= CIRCLAUNCH_NEED_UPTIME;
1275  if (port_needs_capacity)
1276  flags |= CIRCLAUNCH_NEED_CAPACITY;
1277 
1278  log_info(LD_CIRC,
1279  "Have %d clean circs (%d internal), need another exit circ.",
1280  num, num_internal);
1282  return;
1283  }
1284 
1285  if (needs_hs_server_circuits(now, num_uptime_internal)) {
1288 
1289  log_info(LD_CIRC,
1290  "Have %d clean circs (%d internal), need another internal "
1291  "circ for my hidden service.",
1292  num, num_internal);
1294  return;
1295  }
1296 
1297  if (needs_hs_client_circuits(now, &hidserv_needs_uptime,
1298  &hidserv_needs_capacity,
1299  num_internal, num_uptime_internal))
1300  {
1301  if (hidserv_needs_uptime)
1302  flags |= CIRCLAUNCH_NEED_UPTIME;
1303  if (hidserv_needs_capacity)
1304  flags |= CIRCLAUNCH_NEED_CAPACITY;
1305  flags |= CIRCLAUNCH_IS_INTERNAL;
1306 
1307  log_info(LD_CIRC,
1308  "Have %d clean circs (%d uptime-internal, %d internal), need"
1309  " another hidden service circ.",
1310  num, num_uptime_internal, num_internal);
1311 
1313  return;
1314  }
1315 
1316  if (needs_circuits_for_build(num)) {
1317  flags = CIRCLAUNCH_NEED_CAPACITY;
1318  /* if there are no exits in the consensus, make timeout
1319  * circuits internal */
1320  if (router_have_consensus_path() == CONSENSUS_PATH_INTERNAL)
1321  flags |= CIRCLAUNCH_IS_INTERNAL;
1322 
1323  log_info(LD_CIRC,
1324  "Have %d clean circs need another buildtime test circ.", num);
1326  return;
1327  }
1328 }
1329 
1330 /** Build a new test circuit every 5 minutes */
1331 #define TESTING_CIRCUIT_INTERVAL 300
1333 /** This function is called once a second, if router_have_minimum_dir_info()
1334  * is true. Its job is to make sure all services we offer have enough circuits
1335  * available. Some services just want enough circuits for current tasks,
1336  * whereas others want a minimum set of idle circuits hanging around.
1337  */
1338 void
1340 {
1341  const or_options_t *options = get_options();
1342 
1343  /* launch a new circ for any pending streams that need one
1344  * XXXX make the assumption that (some) AP streams (i.e. HS clients)
1345  * don't require an exit circuit, review in #13814.
1346  * This allows HSs to function in a consensus without exits. */
1347  if (router_have_consensus_path() != CONSENSUS_PATH_UNKNOWN)
1349 
1351 
1352  if (!options->DisablePredictedCircuits)
1354 }
1355 
1356 /**
1357  * Called once a second either directly or from
1358  * circuit_build_needed_circs(). As appropriate (once per NewCircuitPeriod)
1359  * resets failure counts and expires old circuits.
1360  */
1361 void
1363 {
1364  static time_t time_to_expire_and_reset = 0;
1365 
1366  if (time_to_expire_and_reset < now) {
1368  time_to_expire_and_reset = now + get_options()->NewCircuitPeriod;
1369  if (proxy_mode(get_options()))
1370  addressmap_clean(now);
1372 
1373 #if 0 /* disable for now, until predict-and-launch-new can cull leftovers */
1374 
1375  /* If we ever re-enable, this has to move into
1376  * circuit_build_needed_circs */
1377 
1378  circ = circuit_get_youngest_clean_open(CIRCUIT_PURPOSE_C_GENERAL);
1379  if (get_options()->RunTesting &&
1380  circ &&
1381  circ->timestamp_began.tv_sec + TESTING_CIRCUIT_INTERVAL < now) {
1382  log_fn(LOG_INFO,"Creating a new testing circuit.");
1384  }
1385 #endif /* 0 */
1386  }
1387 }
1388 
1389 /** If the stream <b>conn</b> is a member of any of the linked
1390  * lists of <b>circ</b>, then remove it from the list.
1391  */
1392 void
1394 {
1395  edge_connection_t *prevconn;
1396 
1397  tor_assert(circ);
1398  tor_assert(conn);
1399 
1400  if (conn->base_.type == CONN_TYPE_AP) {
1401  entry_connection_t *entry_conn = EDGE_TO_ENTRY_CONN(conn);
1402  entry_conn->may_use_optimistic_data = 0;
1403  }
1404  conn->cpath_layer = NULL; /* don't keep a stale pointer */
1405  conn->on_circuit = NULL;
1406 
1407  if (CIRCUIT_IS_ORIGIN(circ)) {
1408  origin_circuit_t *origin_circ = TO_ORIGIN_CIRCUIT(circ);
1409  int removed = 0;
1410  if (conn == origin_circ->p_streams) {
1411  origin_circ->p_streams = conn->next_stream;
1412  removed = 1;
1413  } else {
1414  for (prevconn = origin_circ->p_streams;
1415  prevconn && prevconn->next_stream && prevconn->next_stream != conn;
1416  prevconn = prevconn->next_stream)
1417  ;
1418  if (prevconn && prevconn->next_stream) {
1419  prevconn->next_stream = conn->next_stream;
1420  removed = 1;
1421  }
1422  }
1423  if (removed) {
1424  log_debug(LD_APP, "Removing stream %d from circ %u",
1425  conn->stream_id, (unsigned)circ->n_circ_id);
1426 
1427  /* If the stream was removed, and it was a rend stream, decrement the
1428  * number of streams on the circuit associated with the rend service.
1429  */
1430  if (circ->purpose == CIRCUIT_PURPOSE_S_REND_JOINED) {
1431  hs_dec_rdv_stream_counter(origin_circ);
1432  }
1433 
1434  /* If there are no more streams on this circ, tell circpad */
1435  if (!origin_circ->p_streams)
1437 
1438  return;
1439  }
1440  } else {
1441  or_circuit_t *or_circ = TO_OR_CIRCUIT(circ);
1442  if (conn == or_circ->n_streams) {
1443  or_circ->n_streams = conn->next_stream;
1444  return;
1445  }
1446  if (conn == or_circ->resolving_streams) {
1447  or_circ->resolving_streams = conn->next_stream;
1448  return;
1449  }
1450 
1451  for (prevconn = or_circ->n_streams;
1452  prevconn && prevconn->next_stream && prevconn->next_stream != conn;
1453  prevconn = prevconn->next_stream)
1454  ;
1455  if (prevconn && prevconn->next_stream) {
1456  prevconn->next_stream = conn->next_stream;
1457  return;
1458  }
1459 
1460  for (prevconn = or_circ->resolving_streams;
1461  prevconn && prevconn->next_stream && prevconn->next_stream != conn;
1462  prevconn = prevconn->next_stream)
1463  ;
1464  if (prevconn && prevconn->next_stream) {
1465  prevconn->next_stream = conn->next_stream;
1466  return;
1467  }
1468  }
1469 
1470  log_warn(LD_BUG,"Edge connection not in circuit's list.");
1471  /* Don't give an error here; it's harmless. */
1473 }
1474 
1475 /** Find each circuit that has been unused for too long, or dirty
1476  * for too long and has no streams on it: mark it for close.
1477  */
1478 STATIC void
1480 {
1481  struct timeval cutoff, now;
1482 
1483  tor_gettimeofday(&now);
1484  last_expired_clientside_circuits = now.tv_sec;
1485 
1487  if (circ->marked_for_close || !CIRCUIT_IS_ORIGIN(circ))
1488  continue;
1489 
1490  cutoff = now;
1491  cutoff.tv_sec -= TO_ORIGIN_CIRCUIT(circ)->circuit_idle_timeout;
1492 
1493  /* If the circuit has been dirty for too long, and there are no streams
1494  * on it, mark it for close.
1495  */
1496  if (circ->timestamp_dirty &&
1497  circ->timestamp_dirty + get_options()->MaxCircuitDirtiness <
1498  now.tv_sec &&
1499  !TO_ORIGIN_CIRCUIT(circ)->p_streams /* nothing attached */ ) {
1500  log_debug(LD_CIRC, "Closing n_circ_id %u (dirty %ld sec ago, "
1501  "purpose %d)",
1502  (unsigned)circ->n_circ_id,
1503  (long)(now.tv_sec - circ->timestamp_dirty),
1504  circ->purpose);
1505  /* Don't do this magic for testing circuits. Their death is governed
1506  * by circuit_expire_building */
1507  if (circ->purpose != CIRCUIT_PURPOSE_PATH_BIAS_TESTING) {
1508  tor_trace(TR_SUBSYS(circuit), TR_EV(idle_timeout),
1509  TO_ORIGIN_CIRCUIT(circ));
1510  circuit_mark_for_close(circ, END_CIRC_REASON_FINISHED);
1511  }
1512  } else if (!circ->timestamp_dirty && circ->state == CIRCUIT_STATE_OPEN) {
1513  if (timercmp(&circ->timestamp_began, &cutoff, OP_LT)) {
1514  if (circ->purpose == CIRCUIT_PURPOSE_C_GENERAL ||
1515  circ->purpose == CIRCUIT_PURPOSE_C_HSDIR_GET ||
1516  circ->purpose == CIRCUIT_PURPOSE_S_HSDIR_POST ||
1517  circ->purpose == CIRCUIT_PURPOSE_HS_VANGUARDS ||
1518  circ->purpose == CIRCUIT_PURPOSE_C_MEASURE_TIMEOUT ||
1519  circ->purpose == CIRCUIT_PURPOSE_S_ESTABLISH_INTRO ||
1520  circ->purpose == CIRCUIT_PURPOSE_TESTING ||
1521  circ->purpose == CIRCUIT_PURPOSE_C_CIRCUIT_PADDING ||
1522  (circ->purpose >= CIRCUIT_PURPOSE_C_INTRODUCING &&
1523  circ->purpose <= CIRCUIT_PURPOSE_C_REND_READY_INTRO_ACKED) ||
1524  circ->purpose == CIRCUIT_PURPOSE_S_CONNECT_REND) {
1525  log_info(LD_CIRC,
1526  "Closing circuit %"PRIu32
1527  " that has been unused for %ld msec.",
1528  TO_ORIGIN_CIRCUIT(circ)->global_identifier,
1529  tv_mdiff(&circ->timestamp_began, &now));
1530  tor_trace(TR_SUBSYS(circuit), TR_EV(idle_timeout),
1531  TO_ORIGIN_CIRCUIT(circ));
1532  circuit_mark_for_close(circ, END_CIRC_REASON_FINISHED);
1533  } else if (!TO_ORIGIN_CIRCUIT(circ)->is_ancient) {
1534  /* Server-side rend joined circuits can end up really old, because
1535  * they are reused by clients for longer than normal. The client
1536  * controls their lifespan. (They never become dirty, because
1537  * connection_exit_begin_conn() never marks anything as dirty.)
1538  * Similarly, server-side intro circuits last a long time. */
1539  if (circ->purpose != CIRCUIT_PURPOSE_S_REND_JOINED &&
1540  circ->purpose != CIRCUIT_PURPOSE_S_INTRO) {
1541  log_notice(LD_CIRC,
1542  "Ancient non-dirty circuit %d is still around after "
1543  "%ld milliseconds. Purpose: %d (%s)",
1544  TO_ORIGIN_CIRCUIT(circ)->global_identifier,
1545  tv_mdiff(&circ->timestamp_began, &now),
1546  circ->purpose,
1547  circuit_purpose_to_string(circ->purpose));
1548  TO_ORIGIN_CIRCUIT(circ)->is_ancient = 1;
1549  }
1550  }
1551  }
1552  }
1553  } SMARTLIST_FOREACH_END(circ);
1554 }
1555 
1556 /** How long do we wait before killing circuits with the properties
1557  * described below?
1558  *
1559  * Probably we could choose a number here as low as 5 to 10 seconds,
1560  * since these circs are used for begindir, and a) generally you either
1561  * ask another begindir question right after or you don't for a long time,
1562  * b) clients at least through 0.2.1.x choose from the whole set of
1563  * directory mirrors at each choice, and c) re-establishing a one-hop
1564  * circuit via create-fast is a light operation assuming the TLS conn is
1565  * still there.
1566  *
1567  * I expect "b" to go away one day when we move to using directory
1568  * guards, but I think "a" and "c" are good enough reasons that a low
1569  * number is safe even then.
1570  */
1571 #define IDLE_ONE_HOP_CIRC_TIMEOUT 60
1573 /** Find each non-origin circuit that has been unused for too long,
1574  * has no streams on it, came from a client, and ends here: mark it
1575  * for close.
1576  */
1577 void
1579 {
1580  or_circuit_t *or_circ;
1581  time_t cutoff = now - IDLE_ONE_HOP_CIRC_TIMEOUT;
1582 
1584  if (circ->marked_for_close || CIRCUIT_IS_ORIGIN(circ))
1585  continue;
1586  or_circ = TO_OR_CIRCUIT(circ);
1587  /* If the circuit has been idle for too long, and there are no streams
1588  * on it, and it ends here, and it used a create_fast, mark it for close.
1589  *
1590  * Also if there is a rend_splice on it, it's a single onion service
1591  * circuit and we should not close it.
1592  */
1593  if (or_circ->p_chan && channel_is_client(or_circ->p_chan) &&
1594  !circ->n_chan &&
1595  !or_circ->n_streams && !or_circ->resolving_streams &&
1596  !or_circ->rend_splice &&
1597  channel_when_last_xmit(or_circ->p_chan) <= cutoff) {
1598  log_info(LD_CIRC, "Closing circ_id %u (empty %d secs ago)",
1599  (unsigned)or_circ->p_circ_id,
1600  (int)(now - channel_when_last_xmit(or_circ->p_chan)));
1601  circuit_mark_for_close(circ, END_CIRC_REASON_FINISHED);
1602  }
1603  }
1604  SMARTLIST_FOREACH_END(circ);
1605 }
1606 
1607 /** Number of testing circuits we want open before testing our bandwidth. */
1608 #define NUM_PARALLEL_TESTING_CIRCS 4
1610 /** True iff we've ever had enough testing circuits open to test our
1611  * bandwidth. */
1613 
1614 /** Reset have_performed_bandwidth_test, so we'll start building
1615  * testing circuits again so we can exercise our bandwidth. */
1616 void
1618 {
1620 }
1621 
1622 /** Return 1 if we've already exercised our bandwidth, or if we
1623  * have fewer than NUM_PARALLEL_TESTING_CIRCS testing circuits
1624  * established or on the way. Else return 0.
1625  */
1626 int
1628 {
1629  int num = 0;
1630 
1632  return 1;
1633 
1635  if (!circ->marked_for_close && CIRCUIT_IS_ORIGIN(circ) &&
1636  circ->purpose == CIRCUIT_PURPOSE_TESTING &&
1637  circ->state == CIRCUIT_STATE_OPEN)
1638  num++;
1639  }
1640  SMARTLIST_FOREACH_END(circ);
1641  return num >= NUM_PARALLEL_TESTING_CIRCS;
1642 }
1643 
1644 /** A testing circuit has completed. Take whatever stats we want.
1645  * Noticing reachability is taken care of in onionskin_answer(),
1646  * so there's no need to record anything here. But if we still want
1647  * to do the bandwidth test, and we now have enough testing circuits
1648  * open, do it.
1649  */
1650 static void
1652 {
1655  /* either we've already done everything we want with testing circuits,
1656  * OR this IPv4 testing circuit became open due to a fluke, e.g. we picked
1657  * a last hop where we already had the connection open due to a
1658  * outgoing local circuit, OR this is an IPv6 self-test circuit, not
1659  * a bandwidth test circuit. */
1660  circuit_mark_for_close(TO_CIRCUIT(circ), END_CIRC_AT_ORIGIN);
1661  } else if (circuit_enough_testing_circs()) {
1664  } else
1666 }
1667 
1668 /** A testing circuit has failed to build. Take whatever stats we want. */
1669 static void
1671 {
1672  const or_options_t *options = get_options();
1673  if (server_mode(options) &&
1674  router_all_orports_seem_reachable(options))
1675  return;
1676 
1677  log_info(LD_GENERAL,
1678  "Our testing circuit (to see if your ORPort is reachable) "
1679  "has failed. I'll try again later.");
1680 
1681  /* These aren't used yet. */
1682  (void)circ;
1683  (void)at_last_hop;
1684 }
1685 
1686 /** The circuit <b>circ</b> has just become open. Take the next
1687  * step: for rendezvous circuits, we pass circ to the appropriate
1688  * function in rendclient or rendservice. For general circuits, we
1689  * call connection_ap_attach_pending, which looks for pending streams
1690  * that could use circ.
1691  */
1692 void
1694 {
1695  tor_trace(TR_SUBSYS(circuit), TR_EV(opened), circ);
1696  circuit_event_status(circ, CIRC_EVENT_BUILT, 0);
1697 
1698  /* Remember that this circuit has finished building. Now if we start
1699  * it building again later (e.g. by extending it), we will know not
1700  * to consider its build time. */
1701  circ->has_opened = 1;
1702 
1703  switch (TO_CIRCUIT(circ)->purpose) {
1706  /* Start building an intro circ if we don't have one yet. */
1708  /* This isn't a call to circuit_try_attaching_streams because a
1709  * circuit in _C_ESTABLISH_REND state isn't connected to its
1710  * hidden service yet, thus we can't attach streams to it yet,
1711  * thus circuit_try_attaching_streams would always clear the
1712  * circuit's isolation state. circuit_try_attaching_streams is
1713  * called later, when the rend circ enters _C_REND_JOINED
1714  * state. */
1715  break;
1718  break;
1722  /* Tell any AP connections that have been waiting for a new
1723  * circuit that one is ready. */
1725  break;
1727  /* at the service, waiting for introductions */
1729  break;
1731  /* at the service, connecting to rend point */
1733  break;
1735  circuit_testing_opened(circ);
1736  break;
1737  /* default:
1738  * This won't happen in normal operation, but might happen if the
1739  * controller did it. Just let it slide. */
1740  }
1741 }
1742 
1743 /** If the stream-isolation state of <b>circ</b> can be cleared, clear
1744  * it. Return non-zero iff <b>circ</b>'s isolation state was cleared. */
1745 static int
1747 {
1748  if (/* The circuit may have become non-open if it was cannibalized.*/
1749  circ->base_.state == CIRCUIT_STATE_OPEN &&
1750  /* If !isolation_values_set, there is nothing to clear. */
1751  circ->isolation_values_set &&
1752  /* It's not legal to clear a circuit's isolation info if it's ever had
1753  * streams attached */
1755  /* If we have any isolation information set on this circuit, and
1756  * we didn't manage to attach any streams to it, then we can
1757  * and should clear it and try again. */
1759  return 1;
1760  } else {
1761  return 0;
1762  }
1763 }
1764 
1765 /** Called when a circuit becomes ready for streams to be attached to
1766  * it. */
1767 void
1769 {
1770  /* Attach streams to this circuit if we can. */
1772 
1773  /* The call to circuit_try_clearing_isolation_state here will do
1774  * nothing and return 0 if we didn't attach any streams to circ
1775  * above. */
1777  /* Maybe *now* we can attach some streams to this circuit. */
1779  }
1780 }
1781 
1782 /** Called whenever a circuit could not be successfully built.
1783  */
1784 void
1786 {
1787  channel_t *n_chan = NULL;
1788  /* we should examine circ and see if it failed because of
1789  * the last hop or an earlier hop. then use this info below.
1790  */
1791  int failed_at_last_hop = 0;
1792 
1793  /* First, check to see if this was a path failure, rather than build
1794  * failure.
1795  *
1796  * Note that we deliberately use circuit_get_cpath_len() (and not
1797  * circuit_get_cpath_opened_len()) because we only want to ensure
1798  * that a full path is *chosen*. This is different than a full path
1799  * being *built*. We only want to count *build* failures below.
1800  *
1801  * Path selection failures can happen spuriously for a number
1802  * of reasons (such as aggressive/invalid user-specified path
1803  * restrictions in the torrc, insufficient microdescriptors, and
1804  * non-user reasons like exitpolicy issues), and so should not be
1805  * counted as failures below.
1806  */
1807  if (circuit_get_cpath_len(circ) < circ->build_state->desired_path_len) {
1808  static ratelim_t pathfail_limit = RATELIM_INIT(3600);
1809  log_fn_ratelim(&pathfail_limit, LOG_NOTICE, LD_CIRC,
1810  "Our circuit %u (id: %" PRIu32 ") died due to an invalid "
1811  "selected path, purpose %s. This may be a torrc "
1812  "configuration issue, or a bug.",
1813  TO_CIRCUIT(circ)->n_circ_id, circ->global_identifier,
1814  circuit_purpose_to_string(TO_CIRCUIT(circ)->purpose));
1815 
1816  /* If the path failed on an RP, retry it. */
1817  if (TO_CIRCUIT(circ)->purpose == CIRCUIT_PURPOSE_S_CONNECT_REND)
1819 
1820  /* In all other cases, just bail. The rest is just failure accounting
1821  * that we don't want to do */
1822  return;
1823  }
1824 
1825  /* If the last hop isn't open, and the second-to-last is, we failed
1826  * at the last hop. */
1827  if (circ->cpath &&
1828  circ->cpath->prev->state != CPATH_STATE_OPEN &&
1829  circ->cpath->prev->prev->state == CPATH_STATE_OPEN) {
1830  failed_at_last_hop = 1;
1831  }
1832 
1833  /* Check if we failed at first hop */
1834  if (circ->cpath &&
1835  circ->cpath->state != CPATH_STATE_OPEN &&
1836  ! circ->base_.received_destroy) {
1837  /* We failed at the first hop for some reason other than a DESTROY cell.
1838  * If there's an OR connection to blame, blame it. Also, avoid this relay
1839  * for a while, and fail any one-hop directory fetches destined for it. */
1840  const char *n_chan_ident = circ->cpath->extend_info->identity_digest;
1841  tor_assert(n_chan_ident);
1842  int already_marked = 0;
1843  if (circ->base_.n_chan) {
1844  n_chan = circ->base_.n_chan;
1845 
1846  if (n_chan->is_bad_for_new_circs) {
1847  /* We only want to blame this router when a fresh healthy
1848  * connection fails. So don't mark this router as newly failed,
1849  * since maybe this was just an old circuit attempt that's
1850  * finally timing out now. Also, there's no need to blow away
1851  * circuits/streams/etc, since the failure of an unhealthy conn
1852  * doesn't tell us much about whether a healthy conn would
1853  * succeed. */
1854  already_marked = 1;
1855  }
1856  log_info(LD_OR,
1857  "Our circuit %u (id: %" PRIu32 ") failed to get a response "
1858  "from the first hop (%s). I'm going to try to rotate to a "
1859  "better connection.",
1860  TO_CIRCUIT(circ)->n_circ_id, circ->global_identifier,
1861  channel_describe_peer(n_chan));
1862  n_chan->is_bad_for_new_circs = 1;
1863  } else {
1864  log_info(LD_OR,
1865  "Our circuit %u (id: %" PRIu32 ") died before the first hop "
1866  "with no connection",
1867  TO_CIRCUIT(circ)->n_circ_id, circ->global_identifier);
1868  }
1869  if (!already_marked) {
1870  /*
1871  * If we have guard state (new guard API) and our path selection
1872  * code actually chose a full path, then blame the failure of this
1873  * circuit on the guard.
1874  */
1875  if (circ->guard_state)
1877  /* if there are any one-hop streams waiting on this circuit, fail
1878  * them now so they can retry elsewhere. */
1879  connection_ap_fail_onehop(n_chan_ident, circ->build_state);
1880  }
1881  }
1882 
1883  switch (circ->base_.purpose) {
1887  /* If we never built the circuit, note it as a failure. */
1889  if (failed_at_last_hop) {
1890  /* Make sure any streams that demand our last hop as their exit
1891  * know that it's unlikely to happen. */
1893  }
1894  break;
1896  circuit_testing_failed(circ, failed_at_last_hop);
1897  break;
1899  /* at the service, waiting for introductions */
1900  if (circ->base_.state != CIRCUIT_STATE_OPEN) {
1902  }
1903  /* no need to care here, because the service will rebuild intro
1904  * points periodically. */
1905  break;
1907  /* at the client, connecting to intro point */
1908  /* Don't increment failure count, since the service may have picked
1909  * the introduction point maliciously */
1910  /* The client will pick a new intro point when this one dies, if
1911  * the stream in question still cares. No need to act here. */
1912  break;
1914  /* at the client, waiting for the service */
1916  /* the client will pick a new rend point when this one dies, if
1917  * the stream in question still cares. No need to act here. */
1918  break;
1920  /* at the service, connecting to rend point */
1921  /* Don't increment failure count, since the client may have picked
1922  * the rendezvous point maliciously */
1923  log_info(LD_REND,
1924  "Couldn't connect to the client's chosen rend point %s "
1925  "(%s hop failed).",
1927  failed_at_last_hop?"last":"non-last");
1929  break;
1930  /* default:
1931  * This won't happen in normal operation, but might happen if the
1932  * controller did it. Just let it slide. */
1933  }
1934 }
1935 
1936 /** Number of consecutive failures so far; should only be touched by
1937  * circuit_launch_new and circuit_*_failure_count.
1938  */
1939 static int n_circuit_failures = 0;
1940 /** Before the last time we called circuit_reset_failure_count(), were
1941  * there a lot of failures? */
1943 
1944 /** Don't retry launching a new circuit if we try this many times with no
1945  * success. */
1946 #define MAX_CIRCUIT_FAILURES 5
1948 /** Launch a new circuit; see circuit_launch_by_extend_info() for
1949  * details on arguments. */
1951 circuit_launch(uint8_t purpose, int flags)
1952 {
1953  return circuit_launch_by_extend_info(purpose, NULL, flags);
1954 }
1955 
1956 /* Do we have enough descriptors to build paths?
1957  * If need_exit is true, return 1 if we can build exit paths.
1958  * (We need at least one Exit in the consensus to build exit paths.)
1959  * If need_exit is false, return 1 if we can build internal paths.
1960  */
1961 static int
1962 have_enough_path_info(int need_exit)
1963 {
1964  if (need_exit)
1965  return router_have_consensus_path() == CONSENSUS_PATH_EXIT;
1966  else
1967  return router_have_consensus_path() != CONSENSUS_PATH_UNKNOWN;
1968 }
1969 
1970 /**
1971  * Tell us if a circuit is a hidden service circuit.
1972  */
1973 int
1975 {
1976  /* HS Vanguard purpose. */
1977  if (circuit_purpose_is_hs_vanguards(purpose)) {
1978  return 1;
1979  }
1980 
1981  /* Client-side purpose */
1982  if (circuit_purpose_is_hs_client(purpose)) {
1983  return 1;
1984  }
1985 
1986  /* Service-side purpose */
1987  if (circuit_purpose_is_hs_service(purpose)) {
1988  return 1;
1989  }
1990 
1991  return 0;
1992 }
1993 
1994 /** Retrun true iff the given circuit is an HS client circuit. */
1995 bool
1996 circuit_purpose_is_hs_client(const uint8_t purpose)
1997 {
1998  return (purpose >= CIRCUIT_PURPOSE_C_HS_MIN_ &&
1999  purpose <= CIRCUIT_PURPOSE_C_HS_MAX_);
2000 }
2001 
2002 /** Retrun true iff the given circuit is an HS service circuit. */
2003 bool
2004 circuit_purpose_is_hs_service(const uint8_t purpose)
2005 {
2006  return (purpose >= CIRCUIT_PURPOSE_S_HS_MIN_ &&
2007  purpose <= CIRCUIT_PURPOSE_S_HS_MAX_);
2008 }
2009 
2010 /** Retrun true iff the given circuit is an HS Vanguards circuit. */
2011 bool
2012 circuit_purpose_is_hs_vanguards(const uint8_t purpose)
2013 {
2014  return (purpose == CIRCUIT_PURPOSE_HS_VANGUARDS);
2015 }
2016 
2017 /** Retrun true iff the given circuit is an HS v2 circuit. */
2018 bool
2020 {
2021  return (CIRCUIT_IS_ORIGIN(circ) &&
2022  (CONST_TO_ORIGIN_CIRCUIT(circ)->rend_data != NULL));
2023 }
2024 
2025 /** Retrun true iff the given circuit is an HS v3 circuit. */
2026 bool
2028 {
2029  return (CIRCUIT_IS_ORIGIN(circ) &&
2030  (CONST_TO_ORIGIN_CIRCUIT(circ)->hs_ident != NULL));
2031 }
2032 
2033 /**
2034  * Return true if this circuit purpose should use vanguards
2035  * or pinned Layer2 or Layer3 guards.
2036  *
2037  * This function takes both the circuit purpose and the
2038  * torrc options for pinned middles/vanguards into account
2039  * (ie: the circuit must be a hidden service circuit and
2040  * vanguards/pinned middles must be enabled for it to return
2041  * true).
2042  */
2043 int
2045 {
2046  const or_options_t *options = get_options();
2047 
2048  /* Only hidden service circuits use vanguards */
2049  if (!circuit_purpose_is_hidden_service(purpose))
2050  return 0;
2051 
2052  /* Pinned middles are effectively vanguards */
2053  if (options->HSLayer2Nodes || options->HSLayer3Nodes)
2054  return 1;
2055 
2056  return 0;
2057 }
2058 
2059 /**
2060  * Return true for the set of conditions for which it is OK to use
2061  * a cannibalized circuit.
2062  *
2063  * Don't cannibalize for onehops, or certain purposes.
2064  */
2065 static int
2066 circuit_should_cannibalize_to_build(uint8_t purpose_to_build,
2067  int has_extend_info,
2068  int onehop_tunnel)
2069 {
2070 
2071  /* Do not try to cannibalize if this is a one hop circuit. */
2072  if (onehop_tunnel) {
2073  return 0;
2074  }
2075 
2076  /* Don't try to cannibalize for general purpose circuits that do not
2077  * specify a custom exit. */
2078  if (purpose_to_build == CIRCUIT_PURPOSE_C_GENERAL && !has_extend_info) {
2079  return 0;
2080  }
2081 
2082  /* Don't cannibalize for testing circuits. We want to see if they
2083  * complete normally. Also don't cannibalize for vanguard-purpose
2084  * circuits, since those are specially pre-built for later
2085  * cannibalization by the actual specific circuit types that need
2086  * vanguards.
2087  */
2088  if (purpose_to_build == CIRCUIT_PURPOSE_TESTING ||
2089  purpose_to_build == CIRCUIT_PURPOSE_HS_VANGUARDS) {
2090  return 0;
2091  }
2092 
2093  /* For vanguards, the server-side intro circ is not cannibalized
2094  * because we pre-build 4 hop HS circuits, and it only needs a 3 hop
2095  * circuit. It is also long-lived, so it is more important that
2096  * it have lower latency than get built fast.
2097  */
2098  if (circuit_should_use_vanguards(purpose_to_build) &&
2099  purpose_to_build == CIRCUIT_PURPOSE_S_ESTABLISH_INTRO) {
2100  return 0;
2101  }
2102 
2103  return 1;
2104 }
2105 
2106 /** Launch a new circuit with purpose <b>purpose</b> and exit node
2107  * <b>extend_info</b> (or NULL to select a random exit node).
2108  *
2109  * If flags contains:
2110  * - CIRCLAUNCH_ONEHOP_TUNNEL: the circuit will have only one hop;
2111  * - CIRCLAUNCH_NEED_UPTIME: choose routers with high uptime;
2112  * - CIRCLAUNCH_NEED_CAPACITY: choose routers with high bandwidth;
2113  * - CIRCLAUNCH_IS_IPV6_SELFTEST: the second-last hop must support IPv6
2114  * extends;
2115  * - CIRCLAUNCH_IS_INTERNAL: the last hop need not be an exit node;
2116  * - CIRCLAUNCH_IS_V3_RP: the last hop must support v3 onion service
2117  * rendezvous.
2118  *
2119  * Return the newly allocated circuit on success, or NULL on failure. */
2122  extend_info_t *extend_info,
2123  int flags)
2124 {
2125  origin_circuit_t *circ;
2126  int onehop_tunnel = (flags & CIRCLAUNCH_ONEHOP_TUNNEL) != 0;
2127  int have_path = have_enough_path_info(! (flags & CIRCLAUNCH_IS_INTERNAL) );
2128 
2129  /* Keep some stats about our attempts to launch HS rendezvous circuits */
2130  if (purpose == CIRCUIT_PURPOSE_S_CONNECT_REND) {
2132  }
2133 
2134  if (!onehop_tunnel && (!router_have_minimum_dir_info() || !have_path)) {
2135  log_debug(LD_CIRC,"Haven't %s yet; canceling "
2136  "circuit launch.",
2138  "fetched enough directory info" :
2139  "received a consensus with exits");
2140  return NULL;
2141  }
2142 
2143  /* If we can/should cannibalize another circuit to build this one,
2144  * then do so. */
2146  extend_info != NULL,
2147  onehop_tunnel)) {
2148  /* see if there are appropriate circs available to cannibalize. */
2149  /* XXX if we're planning to add a hop, perhaps we want to look for
2150  * internal circs rather than exit circs? -RD */
2151  circ = circuit_find_to_cannibalize(purpose, extend_info, flags);
2152  if (circ) {
2153  uint8_t old_purpose = circ->base_.purpose;
2154  struct timeval old_timestamp_began = circ->base_.timestamp_began;
2155 
2156  log_info(LD_CIRC, "Cannibalizing circ %u (id: %" PRIu32 ") for "
2157  "purpose %d (%s)",
2158  TO_CIRCUIT(circ)->n_circ_id, circ->global_identifier, purpose,
2159  circuit_purpose_to_string(purpose));
2160 
2161  if ((purpose == CIRCUIT_PURPOSE_S_CONNECT_REND ||
2162  purpose == CIRCUIT_PURPOSE_C_INTRODUCING) &&
2164  /* Path bias: Cannibalized rends pre-emptively count as a
2165  * successfully built but unused closed circuit. We don't
2166  * wait until the extend (or the close) because the rend
2167  * point could be malicious.
2168  *
2169  * Same deal goes for client side introductions. Clients
2170  * can be manipulated to connect repeatedly to them
2171  * (especially web clients).
2172  *
2173  * If we decide to probe the initial portion of these circs,
2174  * (up to the adversary's final hop), we need to remove this,
2175  * or somehow mark the circuit with a special path state.
2176  */
2177 
2178  /* This must be called before the purpose change */
2179  pathbias_check_close(circ, END_CIRC_REASON_FINISHED);
2180  }
2181 
2182  circuit_change_purpose(TO_CIRCUIT(circ), purpose);
2183  /* Reset the start date of this circ, else expire_building
2184  * will see it and think it's been trying to build since it
2185  * began.
2186  *
2187  * Technically, the code should reset this when the
2188  * create cell is finally sent, but we're close enough
2189  * here. */
2190  tor_gettimeofday(&circ->base_.timestamp_began);
2191 
2192  control_event_circuit_cannibalized(circ, old_purpose,
2193  &old_timestamp_began);
2194 
2195  switch (purpose) {
2197  /* it's ready right now */
2198  break;
2205  /* need to add a new hop */
2206  tor_assert(extend_info);
2207  if (circuit_extend_to_new_exit(circ, extend_info) < 0)
2208  return NULL;
2209  break;
2210  default:
2211  log_warn(LD_BUG,
2212  "unexpected purpose %d when cannibalizing a circ.",
2213  purpose);
2215  return NULL;
2216  }
2217 
2218  tor_trace(TR_SUBSYS(circuit), TR_EV(cannibalized), circ);
2219  return circ;
2220  }
2221  }
2222 
2225  /* too many failed circs in a row. don't try. */
2226 // log_fn(LOG_INFO,"%d failures so far, not trying.",n_circuit_failures);
2227  return NULL;
2228  }
2229 
2230  /* try a circ. if it fails, circuit_mark_for_close will increment
2231  * n_circuit_failures */
2232  return circuit_establish_circuit(purpose, extend_info, flags);
2233 }
2234 
2235 /** Record another failure at opening a general circuit. When we have
2236  * too many, we'll stop trying for the remainder of this minute.
2237  */
2238 static void
2240 {
2242  log_debug(LD_CIRC,"n_circuit_failures now %d.",n_circuit_failures);
2243 }
2244 
2245 /** Reset the failure count for opening general circuits. This means
2246  * we will try MAX_CIRCUIT_FAILURES times more (if necessary) before
2247  * stopping again.
2248  */
2249 void
2251 {
2254  else
2256  n_circuit_failures = 0;
2257 }
2258 
2259 /** Find an open circ that we're happy to use for <b>conn</b> and return 1. If
2260  * there isn't one, and there isn't one on the way, launch one and return
2261  * 0. If it will never work, return -1.
2262  *
2263  * Write the found or in-progress or launched circ into *circp.
2264  */
2265 static int
2267  uint8_t desired_circuit_purpose,
2268  origin_circuit_t **circp)
2269 {
2270  origin_circuit_t *circ;
2271  int check_exit_policy;
2272  int need_uptime, need_internal;
2273  int want_onehop;
2274  const or_options_t *options = get_options();
2275 
2276  tor_assert(conn);
2277  tor_assert(circp);
2278  if (ENTRY_TO_CONN(conn)->state != AP_CONN_STATE_CIRCUIT_WAIT) {
2279  connection_t *c = ENTRY_TO_CONN(conn);
2280  log_err(LD_BUG, "Connection state mismatch: wanted "
2281  "AP_CONN_STATE_CIRCUIT_WAIT, but got %d (%s)",
2282  c->state, conn_state_to_string(c->type, c->state));
2283  }
2285 
2286  /* Will the exit policy of the exit node apply to this stream? */
2287  check_exit_policy =
2289  !conn->use_begindir &&
2291 
2292  /* Does this connection want a one-hop circuit? */
2293  want_onehop = conn->want_onehop;
2294 
2295  /* Do we need a high-uptime circuit? */
2296  need_uptime = !conn->want_onehop && !conn->use_begindir &&
2298  conn->socks_request->port);
2299 
2300  /* Do we need an "internal" circuit? */
2301  if (desired_circuit_purpose != CIRCUIT_PURPOSE_C_GENERAL)
2302  need_internal = 1;
2303  else if (conn->use_begindir || conn->want_onehop)
2304  need_internal = 1;
2305  else
2306  need_internal = 0;
2307 
2308  /* We now know what kind of circuit we need. See if there is an
2309  * open circuit that we can use for this stream */
2310  circ = circuit_get_best(conn, 1 /* Insist on open circuits */,
2311  desired_circuit_purpose,
2312  need_uptime, need_internal);
2313 
2314  if (circ) {
2315  /* We got a circuit that will work for this stream! We can return it. */
2316  *circp = circ;
2317  return 1; /* we're happy */
2318  }
2319 
2320  /* Okay, there's no circuit open that will work for this stream. Let's
2321  * see if there's an in-progress circuit or if we have to launch one */
2322 
2323  /* Do we know enough directory info to build circuits at all? */
2324  int have_path = have_enough_path_info(!need_internal);
2325 
2326  if (!want_onehop && (!router_have_minimum_dir_info() || !have_path)) {
2327  /* If we don't have enough directory information, we can't build
2328  * multihop circuits.
2329  */
2331  int severity = LOG_NOTICE;
2332  /* Retry some stuff that might help the connection work. */
2333  /* If we are configured with EntryNodes or UseBridges */
2334  if (entry_list_is_constrained(options)) {
2335  /* Retry all our guards / bridges.
2336  * guards_retry_optimistic() always returns true here. */
2337  int rv = guards_retry_optimistic(options);
2338  tor_assert_nonfatal_once(rv);
2339  log_fn(severity, LD_APP|LD_DIR,
2340  "Application request when we haven't %s. "
2341  "Optimistically trying known %s again.",
2343  "used client functionality lately" :
2344  "received a consensus with exits",
2345  options->UseBridges ? "bridges" : "entrynodes");
2346  } else {
2347  /* Getting directory documents doesn't help much if we have a limited
2348  * number of guards */
2349  tor_assert_nonfatal(!options->UseBridges);
2350  tor_assert_nonfatal(!options->EntryNodes);
2351  /* Retry our directory fetches, so we have a fresh set of guard info */
2352  log_fn(severity, LD_APP|LD_DIR,
2353  "Application request when we haven't %s. "
2354  "Optimistically trying directory fetches again.",
2356  "used client functionality lately" :
2357  "received a consensus with exits");
2359  }
2360  }
2361  /* Since we didn't have enough directory info, we can't attach now. The
2362  * stream will be dealt with when router_have_minimum_dir_info becomes 1,
2363  * or when all directory attempts fail and directory_all_unreachable()
2364  * kills it.
2365  */
2366  return 0;
2367  }
2368 
2369  /* Check whether the exit policy of the chosen exit, or the exit policies
2370  * of _all_ nodes, would forbid this node. */
2371  if (check_exit_policy) {
2372  if (!conn->chosen_exit_name) {
2373  struct in_addr in;
2374  tor_addr_t addr, *addrp=NULL;
2375  if (tor_inet_aton(conn->socks_request->address, &in)) {
2376  tor_addr_from_in(&addr, &in);
2377  addrp = &addr;
2378  }
2380  conn->socks_request->port,
2381  need_uptime)) {
2382  log_notice(LD_APP,
2383  "No Tor server allows exit to %s:%d. Rejecting.",
2384  safe_str_client(conn->socks_request->address),
2385  conn->socks_request->port);
2386  return -1;
2387  }
2388  } else {
2389  /* XXXX Duplicates checks in connection_ap_handshake_attach_circuit:
2390  * refactor into a single function. */
2391  const node_t *node = node_get_by_nickname(conn->chosen_exit_name, 0);
2392  int opt = conn->chosen_exit_optional;
2393  if (node && !connection_ap_can_use_exit(conn, node)) {
2394  log_fn(opt ? LOG_INFO : LOG_WARN, LD_APP,
2395  "Requested exit point '%s' is excluded or "
2396  "would refuse request. %s.",
2397  conn->chosen_exit_name, opt ? "Trying others" : "Closing");
2398  if (opt) {
2399  conn->chosen_exit_optional = 0;
2400  tor_free(conn->chosen_exit_name);
2401  /* Try again. */
2402  return circuit_get_open_circ_or_launch(conn,
2403  desired_circuit_purpose,
2404  circp);
2405  }
2406  return -1;
2407  }
2408  }
2409  }
2410 
2411  /* Now, check whether there already a circuit on the way that could handle
2412  * this stream. This check matches the one above, but this time we
2413  * do not require that the circuit will work. */
2414  circ = circuit_get_best(conn, 0 /* don't insist on open circuits */,
2415  desired_circuit_purpose,
2416  need_uptime, need_internal);
2417  if (circ)
2418  log_debug(LD_CIRC, "one on the way!");
2419 
2420  if (!circ) {
2421  /* No open or in-progress circuit could handle this stream! We
2422  * will have to launch one!
2423  */
2424 
2425  /* The chosen exit node, if there is one. */
2426  extend_info_t *extend_info=NULL;
2427  const int n_pending = count_pending_general_client_circuits();
2428 
2429  /* Do we have too many pending circuits? */
2430  if (n_pending >= options->MaxClientCircuitsPending) {
2431  static ratelim_t delay_limit = RATELIM_INIT(10*60);
2432  char *m;
2433  if ((m = rate_limit_log(&delay_limit, approx_time()))) {
2434  log_notice(LD_APP, "We'd like to launch a circuit to handle a "
2435  "connection, but we already have %d general-purpose client "
2436  "circuits pending. Waiting until some finish.%s",
2437  n_pending, m);
2438  tor_free(m);
2439  }
2440  return 0;
2441  }
2442 
2443  /* If this is a hidden service trying to start an introduction point,
2444  * handle that case. */
2445  if (desired_circuit_purpose == CIRCUIT_PURPOSE_C_INTRODUCE_ACK_WAIT) {
2446  const edge_connection_t *edge_conn = ENTRY_TO_EDGE_CONN(conn);
2447  /* need to pick an intro point */
2448  extend_info = hs_client_get_random_intro_from_edge(edge_conn);
2449  if (!extend_info) {
2450  log_info(LD_REND, "No intro points: re-fetching service descriptor.");
2451  if (edge_conn->rend_data) {
2453  } else {
2454  hs_client_refetch_hsdesc(&edge_conn->hs_ident->identity_pk);
2455  }
2457  return 0;
2458  }
2459  log_info(LD_REND,"Chose %s as intro point for '%s'.",
2460  extend_info_describe(extend_info),
2461  (edge_conn->rend_data) ?
2462  safe_str_client(rend_data_get_address(edge_conn->rend_data)) :
2463  "service");
2464  }
2465 
2466  /* If we have specified a particular exit node for our
2467  * connection, then be sure to open a circuit to that exit node.
2468  */
2469  if (desired_circuit_purpose == CIRCUIT_PURPOSE_C_GENERAL ||
2470  desired_circuit_purpose == CIRCUIT_PURPOSE_S_HSDIR_POST ||
2471  desired_circuit_purpose == CIRCUIT_PURPOSE_C_HSDIR_GET) {
2472  if (conn->chosen_exit_name) {
2473  const node_t *r;
2474  int opt = conn->chosen_exit_optional;
2475  r = node_get_by_nickname(conn->chosen_exit_name, 0);
2476  if (r && node_has_preferred_descriptor(r, conn->want_onehop ? 1 : 0)) {
2477  /* We might want to connect to an IPv6 bridge for loading
2478  descriptors so we use the preferred address rather than
2479  the primary. */
2480  extend_info = extend_info_from_node(r, conn->want_onehop ? 1 : 0);
2481  if (!extend_info) {
2482  log_warn(LD_CIRC,"Could not make a one-hop connection to %s. "
2483  "Discarding this circuit.", conn->chosen_exit_name);
2484  return -1;
2485  }
2486  } else { /* ! (r && node_has_preferred_descriptor(...)) */
2487  log_debug(LD_DIR, "considering %d, %s",
2488  want_onehop, conn->chosen_exit_name);
2489  if (want_onehop && conn->chosen_exit_name[0] == '$') {
2490  /* We're asking for a one-hop circuit to a router that
2491  * we don't have a routerinfo about. Make up an extend_info. */
2492  /* XXX prop220: we need to make chosen_exit_name able to
2493  * encode both key formats. This is not absolutely critical
2494  * since this is just for one-hop circuits, but we should
2495  * still get it done */
2496  char digest[DIGEST_LEN];
2497  char *hexdigest = conn->chosen_exit_name+1;
2498  tor_addr_t addr;
2499  if (strlen(hexdigest) < HEX_DIGEST_LEN ||
2500  base16_decode(digest,DIGEST_LEN,
2501  hexdigest,HEX_DIGEST_LEN) != DIGEST_LEN) {
2502  log_info(LD_DIR, "Broken exit digest on tunnel conn. Closing.");
2503  return -1;
2504  }
2505  if (tor_addr_parse(&addr, conn->socks_request->address) < 0) {
2506  log_info(LD_DIR, "Broken address %s on tunnel conn. Closing.",
2508  return -1;
2509  }
2510  /* XXXX prop220 add a workaround for ed25519 ID below*/
2511  extend_info = extend_info_new(conn->chosen_exit_name+1,
2512  digest,
2513  NULL, /* Ed25519 ID */
2514  NULL, NULL, /* onion keys */
2515  &addr, conn->socks_request->port);
2516  } else { /* ! (want_onehop && conn->chosen_exit_name[0] == '$') */
2517  /* We will need an onion key for the router, and we
2518  * don't have one. Refuse or relax requirements. */
2519  log_fn(opt ? LOG_INFO : LOG_WARN, LD_APP,
2520  "Requested exit point '%s' is not known. %s.",
2521  conn->chosen_exit_name, opt ? "Trying others" : "Closing");
2522  if (opt) {
2523  conn->chosen_exit_optional = 0;
2524  tor_free(conn->chosen_exit_name);
2525  /* Try again with no requested exit */
2526  return circuit_get_open_circ_or_launch(conn,
2527  desired_circuit_purpose,
2528  circp);
2529  }
2530  return -1;
2531  }
2532  }
2533  }
2534  } /* Done checking for general circutis with chosen exits. */
2535 
2536  /* What purpose do we need to launch this circuit with? */
2537  uint8_t new_circ_purpose;
2538  if (desired_circuit_purpose == CIRCUIT_PURPOSE_C_REND_JOINED)
2539  new_circ_purpose = CIRCUIT_PURPOSE_C_ESTABLISH_REND;
2540  else if (desired_circuit_purpose == CIRCUIT_PURPOSE_C_INTRODUCE_ACK_WAIT)
2541  new_circ_purpose = CIRCUIT_PURPOSE_C_INTRODUCING;
2542  else
2543  new_circ_purpose = desired_circuit_purpose;
2544 
2545  /* Determine what kind of a circuit to launch, and actually launch it. */
2546  {
2547  int flags = CIRCLAUNCH_NEED_CAPACITY;
2548  if (want_onehop) flags |= CIRCLAUNCH_ONEHOP_TUNNEL;
2549  if (need_uptime) flags |= CIRCLAUNCH_NEED_UPTIME;
2550  if (need_internal) flags |= CIRCLAUNCH_IS_INTERNAL;
2551 
2552  /* If we are about to pick a v3 RP right now, make sure we pick a
2553  * rendezvous point that supports the v3 protocol! */
2554  if (desired_circuit_purpose == CIRCUIT_PURPOSE_C_REND_JOINED &&
2555  new_circ_purpose == CIRCUIT_PURPOSE_C_ESTABLISH_REND &&
2556  ENTRY_TO_EDGE_CONN(conn)->hs_ident) {
2557  flags |= CIRCLAUNCH_IS_V3_RP;
2558  log_info(LD_GENERAL, "Getting rendezvous circuit to v3 service!");
2559  }
2560 
2561  circ = circuit_launch_by_extend_info(new_circ_purpose, extend_info,
2562  flags);
2563  }
2564 
2565  extend_info_free(extend_info);
2566 
2567  /* Now trigger things that need to happen when we launch circuits */
2568 
2569  if (desired_circuit_purpose == CIRCUIT_PURPOSE_C_GENERAL ||
2570  desired_circuit_purpose == CIRCUIT_PURPOSE_C_HSDIR_GET ||
2571  desired_circuit_purpose == CIRCUIT_PURPOSE_S_HSDIR_POST) {
2572  /* We just caused a circuit to get built because of this stream.
2573  * If this stream has caused a _lot_ of circuits to be built, that's
2574  * a bad sign: we should tell the user. */
2575  if (conn->num_circuits_launched < NUM_CIRCUITS_LAUNCHED_THRESHOLD &&
2576  ++conn->num_circuits_launched == NUM_CIRCUITS_LAUNCHED_THRESHOLD)
2577  log_info(LD_CIRC, "The application request to %s:%d has launched "
2578  "%d circuits without finding one it likes.",
2580  conn->socks_request->port,
2581  conn->num_circuits_launched);
2582  } else {
2583  /* help predict this next time */
2584  rep_hist_note_used_internal(time(NULL), need_uptime, 1);
2585  if (circ) {
2586  const edge_connection_t *edge_conn = ENTRY_TO_EDGE_CONN(conn);
2587  if (edge_conn->rend_data) {
2588  /* write the service_id into circ */
2589  circ->rend_data = rend_data_dup(edge_conn->rend_data);
2590  } else if (edge_conn->hs_ident) {
2591  circ->hs_ident =
2592  hs_ident_circuit_new(&edge_conn->hs_ident->identity_pk);
2593  }
2594  if (circ->base_.purpose == CIRCUIT_PURPOSE_C_ESTABLISH_REND &&
2595  circ->base_.state == CIRCUIT_STATE_OPEN)
2596  circuit_has_opened(circ);
2597  }
2598  }
2599  } /* endif (!circ) */
2600 
2601  /* We either found a good circuit, or launched a new circuit, or failed to
2602  * do so. Report success, and delay. */
2603 
2604  if (circ) {
2605  /* Mark the circuit with the isolation fields for this connection.
2606  * When the circuit arrives, we'll clear these flags: this is
2607  * just some internal bookkeeping to make sure that we have
2608  * launched enough circuits.
2609  */
2611  } else {
2612  log_info(LD_APP,
2613  "No safe circuit (purpose %d) ready for edge "
2614  "connection; delaying.",
2615  desired_circuit_purpose);
2616  }
2617  *circp = circ;
2618  return 0;
2619 }
2620 
2621 /** Return true iff <b>crypt_path</b> is one of the crypt_paths for
2622  * <b>circ</b>. */
2623 static int
2625 {
2626  crypt_path_t *cpath, *cpath_next = NULL;
2627  for (cpath = circ->cpath; cpath_next != circ->cpath; cpath = cpath_next) {
2628  cpath_next = cpath->next;
2629  if (crypt_path == cpath)
2630  return 1;
2631  }
2632  return 0;
2633 }
2634 
2635 /** Return true iff client-side optimistic data is supported. */
2636 static int
2638 {
2639  const or_options_t *options = get_options();
2640  if (options->OptimisticData < 0) {
2641  /* Note: this default was 0 before #18815 was merged. We can't take the
2642  * parameter out of the consensus until versions before that are all
2643  * obsolete. */
2644  const int32_t enabled =
2645  networkstatus_get_param(NULL, "UseOptimisticData", /*default*/ 1, 0, 1);
2646  return (int)enabled;
2647  }
2648  return options->OptimisticData;
2649 }
2650 
2651 /** Attach the AP stream <b>apconn</b> to circ's linked list of
2652  * p_streams. Also set apconn's cpath_layer to <b>cpath</b>, or to the last
2653  * hop in circ's cpath if <b>cpath</b> is NULL.
2654  */
2655 static void
2657  crypt_path_t *cpath)
2658 {
2659  const node_t *exitnode = NULL;
2660 
2661  /* add it into the linked list of streams on this circuit */
2662  log_debug(LD_APP|LD_CIRC, "attaching new conn to circ. n_circ_id %u.",
2663  (unsigned)circ->base_.n_circ_id);
2664 
2665  /* If this is the first stream on this circuit, tell circpad
2666  * that streams are attached */
2667  if (!circ->p_streams)
2669 
2670  /* reset it, so we can measure circ timeouts */
2671  ENTRY_TO_CONN(apconn)->timestamp_last_read_allowed = time(NULL);
2672  ENTRY_TO_EDGE_CONN(apconn)->next_stream = circ->p_streams;
2673  ENTRY_TO_EDGE_CONN(apconn)->on_circuit = TO_CIRCUIT(circ);
2674  /* assert_connection_ok(conn, time(NULL)); */
2675  circ->p_streams = ENTRY_TO_EDGE_CONN(apconn);
2676 
2678  /* We are attaching a stream to a rendezvous circuit. That means
2679  * that an attempt to connect to a hidden service just
2680  * succeeded. Tell rendclient.c. */
2682  }
2683 
2684  if (cpath) { /* we were given one; use it */
2685  tor_assert(cpath_is_on_circuit(circ, cpath));
2686  } else {
2687  /* use the last hop in the circuit */
2688  tor_assert(circ->cpath);
2689  tor_assert(circ->cpath->prev);
2690  tor_assert(circ->cpath->prev->state == CPATH_STATE_OPEN);
2691  cpath = circ->cpath->prev;
2692  }
2693  ENTRY_TO_EDGE_CONN(apconn)->cpath_layer = cpath;
2694 
2697 
2698  /* Compute the exitnode if possible, for logging below */
2699  if (cpath->extend_info)
2700  exitnode = node_get_by_id(cpath->extend_info->identity_digest);
2701 
2702  /* See if we can use optimistic data on this circuit */
2703  if (optimistic_data_enabled() &&
2704  (circ->base_.purpose == CIRCUIT_PURPOSE_C_GENERAL ||
2705  circ->base_.purpose == CIRCUIT_PURPOSE_C_HSDIR_GET ||
2706  circ->base_.purpose == CIRCUIT_PURPOSE_S_HSDIR_POST ||
2707  circ->base_.purpose == CIRCUIT_PURPOSE_C_REND_JOINED))
2708  apconn->may_use_optimistic_data = 1;
2709  else
2710  apconn->may_use_optimistic_data = 0;
2711  log_info(LD_APP, "Looks like completed circuit to %s %s allow "
2712  "optimistic data for connection to %s",
2713  circ->base_.purpose == CIRCUIT_PURPOSE_C_GENERAL ?
2714  /* node_describe() does the right thing if exitnode is NULL */
2715  safe_str_client(node_describe(exitnode)) :
2716  "hidden service",
2717  apconn->may_use_optimistic_data ? "does" : "doesn't",
2718  safe_str_client(apconn->socks_request->address));
2719 }
2720 
2721 /** Return true iff <b>address</b> is matched by one of the entries in
2722  * TrackHostExits. */
2723 int
2724 hostname_in_track_host_exits(const or_options_t *options, const char *address)
2725 {
2726  if (!options->TrackHostExits)
2727  return 0;
2728  SMARTLIST_FOREACH_BEGIN(options->TrackHostExits, const char *, cp) {
2729  if (cp[0] == '.') { /* match end */
2730  if (cp[1] == '\0' ||
2731  !strcasecmpend(address, cp) ||
2732  !strcasecmp(address, &cp[1]))
2733  return 1;
2734  } else if (strcasecmp(cp, address) == 0) {
2735  return 1;
2736  }
2737  } SMARTLIST_FOREACH_END(cp);
2738  return 0;
2739 }
2740 
2741 /** If an exit wasn't explicitly specified for <b>conn</b>, consider saving
2742  * the exit that we *did* choose for use by future connections to
2743  * <b>conn</b>'s destination.
2744  */
2745 static void
2747  const origin_circuit_t *circ)
2748 {
2749  const or_options_t *options = get_options();
2750  char *new_address = NULL;
2751  char fp[HEX_DIGEST_LEN+1];
2752 
2753  /* Search the addressmap for this conn's destination. */
2754  /* If they're not in the address map.. */
2755  if (!options->TrackHostExits ||
2757  options->TrackHostExitsExpire))
2758  return; /* nothing to track, or already mapped */
2759 
2760  if (!hostname_in_track_host_exits(options, conn->socks_request->address) ||
2761  !circ->build_state->chosen_exit)
2762  return;
2763 
2764  /* write down the fingerprint of the chosen exit, not the nickname,
2765  * because the chosen exit might not be named. */
2766  base16_encode(fp, sizeof(fp),
2768 
2769  /* Add this exit/hostname pair to the addressmap. */
2770  tor_asprintf(&new_address, "%s.%s.exit",
2771  conn->socks_request->address, fp);
2772 
2773  addressmap_register(conn->socks_request->address, new_address,
2774  time(NULL) + options->TrackHostExitsExpire,
2775  ADDRMAPSRC_TRACKEXIT, 0, 0);
2776 }
2777 
2778 /** Attempt to attach the connection <b>conn</b> to <b>circ</b>, and send a
2779  * begin or resolve cell as appropriate. Return values are as for
2780  * connection_ap_handshake_attach_circuit. The stream will exit from the hop
2781  * indicated by <b>cpath</b>, or from the last hop in circ's cpath if
2782  * <b>cpath</b> is NULL. */
2783 int
2785  origin_circuit_t *circ,
2786  crypt_path_t *cpath)
2787 {
2788  connection_t *base_conn = ENTRY_TO_CONN(conn);
2789  tor_assert(conn);
2791  base_conn->state == AP_CONN_STATE_CONTROLLER_WAIT);
2792  tor_assert(conn->socks_request);
2793  tor_assert(circ);
2794  tor_assert(circ->base_.state == CIRCUIT_STATE_OPEN);
2795 
2796  base_conn->state = AP_CONN_STATE_CIRCUIT_WAIT;
2797 
2798  if (!circ->base_.timestamp_dirty ||
2799  ((conn->entry_cfg.isolation_flags & ISO_SOCKSAUTH) &&
2800  (conn->entry_cfg.socks_iso_keep_alive) &&
2801  (conn->socks_request->usernamelen ||
2802  conn->socks_request->passwordlen))) {
2803  /* When stream isolation is in use and controlled by an application
2804  * we are willing to keep using the stream. */
2805  circ->base_.timestamp_dirty = approx_time();
2806  }
2807 
2809 
2810  /* Now, actually link the connection. */
2811  link_apconn_to_circ(conn, circ, cpath);
2812 
2813  tor_assert(conn->socks_request);
2815  if (!conn->use_begindir)
2816  consider_recording_trackhost(conn, circ);
2817  if (connection_ap_handshake_send_begin(conn) < 0)
2818  return -1;
2819  } else {
2821  return -1;
2822  }
2823 
2824  return 1;
2825 }
2826 
2827 /**
2828  * Return an appropriate circuit purpose for non-rend streams.
2829  * We don't handle rends here because a rend stream triggers two
2830  * circuit builds with different purposes, so it is handled elsewhere.
2831  *
2832  * This function just figures out what type of hsdir activity this is,
2833  * and tells us. Everything else is general.
2834  */
2835 static int
2837 {
2838  const connection_t *base_conn = ENTRY_TO_CONN(conn);
2839  tor_assert_nonfatal(!connection_edge_is_rendezvous_stream(
2840  ENTRY_TO_EDGE_CONN(conn)));
2841 
2842  if (base_conn->linked_conn &&
2843  base_conn->linked_conn->type == CONN_TYPE_DIR) {
2844  /* Set a custom purpose for hsdir activity */
2845  if (base_conn->linked_conn->purpose == DIR_PURPOSE_UPLOAD_RENDDESC_V2 ||
2848  } else if (base_conn->linked_conn->purpose
2850  base_conn->linked_conn->purpose
2853  }
2854  }
2855 
2856  /* All other purposes are general for now */
2858 }
2859 
2860 /** Try to find a safe live circuit for stream <b>conn</b>. If we find one,
2861  * attach the stream, send appropriate cells, and return 1. Otherwise,
2862  * try to launch new circuit(s) for the stream. If we can launch
2863  * circuits, return 0. Otherwise, if we simply can't proceed with
2864  * this stream, return -1. (conn needs to die, and is maybe already marked).
2865  */
2866 /* XXXX this function should mark for close whenever it returns -1;
2867  * its callers shouldn't have to worry about that. */
2868 int
2870 {
2871  connection_t *base_conn = ENTRY_TO_CONN(conn);
2872  int retval;
2873  int conn_age;
2874  int want_onehop;
2875 
2876  tor_assert(conn);
2878  tor_assert(conn->socks_request);
2879  want_onehop = conn->want_onehop;
2880 
2881  conn_age = (int)(time(NULL) - base_conn->timestamp_created);
2882 
2883  /* Is this connection so old that we should give up on it? */
2884  if (conn_age >= get_options()->SocksTimeout) {
2885  int severity = (tor_addr_is_null(&base_conn->addr) && !base_conn->port) ?
2886  LOG_INFO : LOG_NOTICE;
2887  log_fn(severity, LD_APP,
2888  "Tried for %d seconds to get a connection to %s:%d. Giving up.",
2889  conn_age, safe_str_client(conn->socks_request->address),
2890  conn->socks_request->port);
2891  return -1;
2892  }
2893 
2894  /* We handle "general" (non-onion) connections much more straightforwardly.
2895  */
2897  /* we're a general conn */
2898  origin_circuit_t *circ=NULL;
2899 
2900  /* Are we linked to a dir conn that aims to fetch a consensus?
2901  * We check here because the conn might no longer be needed. */
2902  if (base_conn->linked_conn &&
2903  base_conn->linked_conn->type == CONN_TYPE_DIR &&
2905 
2906  /* Yes we are. Is there a consensus fetch farther along than us? */
2907  if (networkstatus_consensus_is_already_downloading(
2908  TO_DIR_CONN(base_conn->linked_conn)->requested_resource)) {
2909  /* We're doing the "multiple consensus fetch attempts" game from
2910  * proposal 210, and we're late to the party. Just close this conn.
2911  * The circuit and TLS conn that we made will time out after a while
2912  * if nothing else wants to use them. */
2913  log_info(LD_DIR, "Closing extra consensus fetch (to %s) since one "
2914  "is already downloading.", base_conn->linked_conn->address);
2915  return -1;
2916  }
2917  }
2918 
2919  /* If we have a chosen exit, we need to use a circuit that's
2920  * open to that exit. See what exit we meant, and whether we can use it.
2921  */
2922  if (conn->chosen_exit_name) {
2923  const node_t *node = node_get_by_nickname(conn->chosen_exit_name, 0);
2924  int opt = conn->chosen_exit_optional;
2925  if (!node && !want_onehop) {
2926  /* We ran into this warning when trying to extend a circuit to a
2927  * hidden service directory for which we didn't have a router
2928  * descriptor. See flyspray task 767 for more details. We should
2929  * keep this in mind when deciding to use BEGIN_DIR cells for other
2930  * directory requests as well. -KL*/
2931  log_fn(opt ? LOG_INFO : LOG_WARN, LD_APP,
2932  "Requested exit point '%s' is not known. %s.",
2933  conn->chosen_exit_name, opt ? "Trying others" : "Closing");
2934  if (opt) {
2935  /* If we are allowed to ignore the .exit request, do so */
2936  conn->chosen_exit_optional = 0;
2937  tor_free(conn->chosen_exit_name);
2938  return 0;
2939  }
2940  return -1;
2941  }
2942  if (node && !connection_ap_can_use_exit(conn, node)) {
2943  log_fn(opt ? LOG_INFO : LOG_WARN, LD_APP,
2944  "Requested exit point '%s' is excluded or "
2945  "would refuse request. %s.",
2946  conn->chosen_exit_name, opt ? "Trying others" : "Closing");
2947  if (opt) {
2948  /* If we are allowed to ignore the .exit request, do so */
2949  conn->chosen_exit_optional = 0;
2950  tor_free(conn->chosen_exit_name);
2951  return 0;
2952  }
2953  return -1;
2954  }
2955  }
2956 
2957  /* Find the circuit that we should use, if there is one. Otherwise
2958  * launch it
2959  */
2960  retval = circuit_get_open_circ_or_launch(conn,
2962  &circ);
2963 
2964  if (retval < 1) {
2965  /* We were either told "-1" (complete failure) or 0 (circuit in
2966  * progress); we can't attach this stream yet. */
2967  return retval;
2968  }
2969 
2970  log_debug(LD_APP|LD_CIRC,
2971  "Attaching apconn to circ %u (stream %d sec old).",
2972  (unsigned)circ->base_.n_circ_id, conn_age);
2973  /* print the circ's path, so clients can figure out which circs are
2974  * sucking. */
2976 
2977  /* We have found a suitable circuit for our conn. Hurray. Do
2978  * the attachment. */
2979  return connection_ap_handshake_attach_chosen_circuit(conn, circ, NULL);
2980 
2981  } else { /* we're a rendezvous conn */
2982  origin_circuit_t *rendcirc=NULL, *introcirc=NULL;
2983 
2984  tor_assert(!ENTRY_TO_EDGE_CONN(conn)->cpath_layer);
2985 
2986  /* start by finding a rendezvous circuit for us */
2987 
2989  conn, CIRCUIT_PURPOSE_C_REND_JOINED, &rendcirc);
2990  if (retval < 0) return -1; /* failed */
2991 
2992  if (retval > 0) {
2993  tor_assert(rendcirc);
2994  /* one is already established, attach */
2995  log_info(LD_REND,
2996  "rend joined circ %u (id: %" PRIu32 ") already here. "
2997  "Attaching. (stream %d sec old)",
2998  (unsigned) TO_CIRCUIT(rendcirc)->n_circ_id,
2999  rendcirc->global_identifier, conn_age);
3000  /* Mark rendezvous circuits as 'newly dirty' every time you use
3001  * them, since the process of rebuilding a rendezvous circ is so
3002  * expensive. There is a tradeoff between linkability and
3003  * feasibility, at this point.
3004  */
3005  rendcirc->base_.timestamp_dirty = time(NULL);
3006 
3007  /* We've also attempted to use them. If they fail, we need to
3008  * probe them for path bias */
3009  pathbias_count_use_attempt(rendcirc);
3010 
3011  link_apconn_to_circ(conn, rendcirc, NULL);
3012  if (connection_ap_handshake_send_begin(conn) < 0)
3013  return 0; /* already marked, let them fade away */
3014  return 1;
3015  }
3016 
3017  /* At this point we need to re-check the state, since it's possible that
3018  * our call to circuit_get_open_circ_or_launch() changed the connection's
3019  * state from "CIRCUIT_WAIT" to "RENDDESC_WAIT" because we decided to
3020  * re-fetch the descriptor.
3021  */
3022  if (ENTRY_TO_CONN(conn)->state != AP_CONN_STATE_CIRCUIT_WAIT) {
3023  log_info(LD_REND, "This connection is no longer ready to attach; its "
3024  "state changed."
3025  "(We probably have to re-fetch its descriptor.)");
3026  return 0;
3027  }
3028 
3029  if (rendcirc && (rendcirc->base_.purpose ==
3031  log_info(LD_REND,
3032  "pending-join circ %u (id: %" PRIu32 ") already here, with "
3033  "intro ack. Stalling. (stream %d sec old)",
3034  (unsigned) TO_CIRCUIT(rendcirc)->n_circ_id,
3035  rendcirc->global_identifier, conn_age);
3036  return 0;
3037  }
3038 
3039  /* it's on its way. find an intro circ. */
3041  conn, CIRCUIT_PURPOSE_C_INTRODUCE_ACK_WAIT, &introcirc);
3042  if (retval < 0) return -1; /* failed */
3043 
3044  if (retval > 0) {
3045  /* one has already sent the intro. keep waiting. */
3046  tor_assert(introcirc);
3047  log_info(LD_REND, "Intro circ %u (id: %" PRIu32 ") present and "
3048  "awaiting ACK. Rend circuit %u (id: %" PRIu32 "). "
3049  "Stalling. (stream %d sec old)",
3050  (unsigned) TO_CIRCUIT(introcirc)->n_circ_id,
3051  introcirc->global_identifier,
3052  rendcirc ? (unsigned) TO_CIRCUIT(rendcirc)->n_circ_id : 0,
3053  rendcirc ? rendcirc->global_identifier : 0,
3054  conn_age);
3055  return 0;
3056  }
3057 
3058  /* now rendcirc and introcirc are each either undefined or not finished */
3059 
3060  if (rendcirc && introcirc &&
3061  rendcirc->base_.purpose == CIRCUIT_PURPOSE_C_REND_READY) {
3062  log_info(LD_REND,
3063  "ready rend circ %u (id: %" PRIu32 ") already here. No"
3064  "intro-ack yet on intro %u (id: %" PRIu32 "). "
3065  "(stream %d sec old)",
3066  (unsigned) TO_CIRCUIT(rendcirc)->n_circ_id,
3067  rendcirc->global_identifier,
3068  (unsigned) TO_CIRCUIT(introcirc)->n_circ_id,
3069  introcirc->global_identifier, conn_age);
3070 
3071  tor_assert(introcirc->base_.purpose == CIRCUIT_PURPOSE_C_INTRODUCING);
3072  if (introcirc->base_.state == CIRCUIT_STATE_OPEN) {
3073  int ret;
3074  log_info(LD_REND, "Found open intro circ %u (id: %" PRIu32 "). "
3075  "Rend circuit %u (id: %" PRIu32 "); Sending "
3076  "introduction. (stream %d sec old)",
3077  (unsigned) TO_CIRCUIT(introcirc)->n_circ_id,
3078  introcirc->global_identifier,
3079  (unsigned) TO_CIRCUIT(rendcirc)->n_circ_id,
3080  rendcirc->global_identifier, conn_age);
3081  ret = hs_client_send_introduce1(introcirc, rendcirc);
3082  switch (ret) {
3083  case 0: /* success */
3084  rendcirc->base_.timestamp_dirty = time(NULL);
3085  introcirc->base_.timestamp_dirty = time(NULL);
3086 
3087  pathbias_count_use_attempt(introcirc);
3088  pathbias_count_use_attempt(rendcirc);
3089 
3090  assert_circuit_ok(TO_CIRCUIT(rendcirc));
3091  assert_circuit_ok(TO_CIRCUIT(introcirc));
3092  return 0;
3093  case -1: /* transient error */
3094  return 0;
3095  case -2: /* permanent error */
3096  return -1;
3097  default: /* oops */
3099  return -1;
3100  }
3101  }
3102  }
3103 
3104  log_info(LD_REND, "Intro %u (id: %" PRIu32 ") and rend circuit %u "
3105  "(id: %" PRIu32 ") circuits are not both ready. "
3106  "Stalling conn. (%d sec old)",
3107  introcirc ? (unsigned) TO_CIRCUIT(introcirc)->n_circ_id : 0,
3108  introcirc ? introcirc->global_identifier : 0,
3109  rendcirc ? (unsigned) TO_CIRCUIT(rendcirc)->n_circ_id : 0,
3110  rendcirc ? rendcirc->global_identifier : 0, conn_age);
3111  return 0;
3112  }
3113 }
3114 
3115 /** Change <b>circ</b>'s purpose to <b>new_purpose</b>. */
3116 void
3117 circuit_change_purpose(circuit_t *circ, uint8_t new_purpose)
3118 {
3119  uint8_t old_purpose;
3120  /* Don't allow an OR circ to become an origin circ or vice versa. */
3121  tor_assert(!!(CIRCUIT_IS_ORIGIN(circ)) ==
3122  !!(CIRCUIT_PURPOSE_IS_ORIGIN(new_purpose)));
3123 
3124  if (circ->purpose == new_purpose) return;
3125 
3126  if (CIRCUIT_IS_ORIGIN(circ)) {
3127  char old_purpose_desc[80] = "";
3128 
3129  strncpy(old_purpose_desc, circuit_purpose_to_string(circ->purpose), 80-1);
3130  old_purpose_desc[80-1] = '\0';
3131 
3132  log_debug(LD_CIRC,
3133  "changing purpose of origin circ %d "
3134  "from \"%s\" (%d) to \"%s\" (%d)",
3135  TO_ORIGIN_CIRCUIT(circ)->global_identifier,
3136  old_purpose_desc,
3137  circ->purpose,
3138  circuit_purpose_to_string(new_purpose),
3139  new_purpose);
3140 
3141  /* Take specific actions if we are repurposing a hidden service circuit. */
3143  !circuit_purpose_is_hidden_service(new_purpose)) {
3145  }
3146  }
3147 
3148  old_purpose = circ->purpose;
3149  circ->purpose = new_purpose;
3150  tor_trace(TR_SUBSYS(circuit), TR_EV(change_purpose), circ, old_purpose,
3151  new_purpose);
3152 
3153  if (CIRCUIT_IS_ORIGIN(circ)) {
3155  old_purpose);
3156 
3158  }
3159 }
3160 
3161 /** Mark <b>circ</b> so that no more connections can be attached to it. */
3162 void
3164 {
3165  const or_options_t *options = get_options();
3166  tor_assert(circ);
3167 
3168  /* XXXX This is a kludge; we're only keeping it around in case there's
3169  * something that doesn't check unusable_for_new_conns, and to avoid
3170  * deeper refactoring of our expiration logic. */
3171  if (! circ->base_.timestamp_dirty)
3172  circ->base_.timestamp_dirty = approx_time();
3173  if (options->MaxCircuitDirtiness >= circ->base_.timestamp_dirty)
3174  circ->base_.timestamp_dirty = 1; /* prevent underflow */
3175  else
3176  circ->base_.timestamp_dirty -= options->MaxCircuitDirtiness;
3177 
3178  circ->unusable_for_new_conns = 1;
3179 }
3180 
3181 /**
3182  * Add relay_body_len and RELAY_PAYLOAD_SIZE-relay_body_len to
3183  * the valid delivered written fields and the overhead field,
3184  * respectively.
3185  */
3186 void
3187 circuit_sent_valid_data(origin_circuit_t *circ, uint16_t relay_body_len)
3188 {
3189  if (!circ) return;
3190 
3191  tor_assertf_nonfatal(relay_body_len <= RELAY_PAYLOAD_SIZE,
3192  "Wrong relay_body_len: %d (should be at most %d)",
3193  relay_body_len, RELAY_PAYLOAD_SIZE);
3194 
3196  tor_add_u32_nowrap(circ->n_delivered_written_circ_bw, relay_body_len);
3198  tor_add_u32_nowrap(circ->n_overhead_written_circ_bw,
3199  RELAY_PAYLOAD_SIZE-relay_body_len);
3200 }
3201 
3202 /**
3203  * Add relay_body_len and RELAY_PAYLOAD_SIZE-relay_body_len to
3204  * the valid delivered read field and the overhead field,
3205  * respectively.
3206  */
3207 void
3208 circuit_read_valid_data(origin_circuit_t *circ, uint16_t relay_body_len)
3209 {
3210  if (!circ) return;
3211 
3212  tor_assert_nonfatal(relay_body_len <= RELAY_PAYLOAD_SIZE);
3213 
3214  circ->n_delivered_read_circ_bw =
3215  tor_add_u32_nowrap(circ->n_delivered_read_circ_bw, relay_body_len);
3216  circ->n_overhead_read_circ_bw =
3217  tor_add_u32_nowrap(circ->n_overhead_read_circ_bw,
3218  RELAY_PAYLOAD_SIZE-relay_body_len);
3219 }
edge_connection_t::rend_data
rend_data_t * rend_data
Definition: edge_connection_st.h:38
log_fn
#define log_fn(severity, domain, args,...)
Definition: log.h:287
or_options_t::LongLivedPorts
struct smartlist_t * LongLivedPorts
Definition: or_options_st.h:347
selftest.h
Header file for selftest.c.
routermode.h
Header file for routermode.c.
tor_free
#define tor_free(p)
Definition: malloc.h:52
get_circuit_build_times_mutable
circuit_build_times_t * get_circuit_build_times_mutable(void)
Definition: circuitstats.c:86
circuit_purpose_is_hs_client
bool circuit_purpose_is_hs_client(const uint8_t purpose)
Definition: circuituse.c:1996
connection_edge.h
Header file for connection_edge.c.
dir_connection_t::requested_resource
char * requested_resource
Definition: dir_connection_st.h:30
LOG_DEBUG
#define LOG_DEBUG
Definition: log.h:42
n_bits_set_u8
int n_bits_set_u8(uint8_t v)
Definition: bits.c:72
IDLE_ONE_HOP_CIRC_TIMEOUT
#define IDLE_ONE_HOP_CIRC_TIMEOUT
Definition: circuituse.c:1571
CIRCUIT_PURPOSE_IS_ORIGIN
#define CIRCUIT_PURPOSE_IS_ORIGIN(p)
Definition: circuitlist.h:139
edge_connection_t::stream_id
streamid_t stream_id
Definition: edge_connection_st.h:50
channel_t::is_bad_for_new_circs
unsigned int is_bad_for_new_circs
Definition: channel.h:418
ADDR_POLICY_PROBABLY_REJECTED
@ ADDR_POLICY_PROBABLY_REJECTED
Definition: policies.h:48
CIRCUIT_STATE_OPEN
#define CIRCUIT_STATE_OPEN
Definition: circuitlist.h:32
circuit_t::purpose
uint8_t purpose
Definition: circuit_st.h:111
circuit_t::marked_for_close
uint16_t marked_for_close
Definition: circuit_st.h:189
circuit_t::timestamp_dirty
time_t timestamp_dirty
Definition: circuit_st.h:187
entry_connection_t::chosen_exit_optional
unsigned int chosen_exit_optional
Definition: entry_connection_st.h:83
hs_client_circuit_has_opened
void hs_client_circuit_has_opened(origin_circuit_t *circ)
Definition: hs_client.c:2091
connection_t::purpose
unsigned int purpose
Definition: connection_st.h:51
PATH_STATE_BUILD_SUCCEEDED
@ PATH_STATE_BUILD_SUCCEEDED
Definition: origin_circuit_st.h:44
channel_is_client
int channel_is_client(const channel_t *chan)
Definition: channel.c:2897
or_options_t::MaxClientCircuitsPending
int MaxClientCircuitsPending
Definition: or_options_st.h:849
entry_connection_st.h
Entry connection structure.
get_circuit_build_close_time_ms
double get_circuit_build_close_time_ms(void)
Definition: circuitstats.c:94
hs_ident.h
Header file containing circuit and connection identifier data for the whole HS subsytem.
tor_addr_t
Definition: address.h:69
origin_circuit_t::n_overhead_written_circ_bw
uint32_t n_overhead_written_circ_bw
Definition: origin_circuit_st.h:118
CIRCUIT_PURPOSE_C_GENERAL
#define CIRCUIT_PURPOSE_C_GENERAL
Definition: circuitlist.h:72
DIR_PURPOSE_UPLOAD_RENDDESC_V2
#define DIR_PURPOSE_UPLOAD_RENDDESC_V2
Definition: directory.h:66
edge_connection_t::cpath_layer
struct crypt_path_t * cpath_layer
Definition: edge_connection_st.h:35
compare_tor_addr_to_addr_policy
addr_policy_result_t compare_tor_addr_to_addr_policy(const tor_addr_t *addr, uint16_t port, const smartlist_t *policy)
Definition: policies.c:1486
smartlist_contains_int_as_string
int smartlist_contains_int_as_string(const smartlist_t *sl, int num)
Definition: smartlist.c:147
circuit_expire_building
void circuit_expire_building(void)
Definition: circuituse.c:460
TESTING_CIRCUIT_INTERVAL
#define TESTING_CIRCUIT_INTERVAL
Definition: circuituse.c:1331
connection_edge_compatible_with_circuit
int connection_edge_compatible_with_circuit(const entry_connection_t *conn, const origin_circuit_t *circ)
Definition: connection_edge.c:4514
connection_ap_fail_onehop
void connection_ap_fail_onehop(const char *failed_digest, cpath_build_state_t *build_state)
Definition: connection_edge.c:1472
approx_time
time_t approx_time(void)
Definition: approx_time.c:32
LOG_NOTICE
#define LOG_NOTICE
Definition: log.h:50
origin_circuit_t::prepend_policy
smartlist_t * prepend_policy
Definition: origin_circuit_st.h:293
origin_circuit_t::relaxed_timeout
unsigned int relaxed_timeout
Definition: origin_circuit_st.h:211
connection_t::address
char * address
Definition: connection_st.h:166
ADDR_POLICY_REJECTED
@ ADDR_POLICY_REJECTED
Definition: policies.h:42
edge_connection_t::edge_has_sent_end
unsigned int edge_has_sent_end
Definition: edge_connection_st.h:67
circuit_get_global_list
smartlist_t * circuit_get_global_list(void)
Definition: circuitlist.c:696
circuit_extend_to_new_exit
int circuit_extend_to_new_exit(origin_circuit_t *circ, extend_info_t *exit_ei)
Definition: circuitbuild.c:2083
circuit_sent_valid_data
void circuit_sent_valid_data(origin_circuit_t *circ, uint16_t relay_body_len)
Definition: circuituse.c:3187
connection_ap_can_use_exit
int connection_ap_can_use_exit(const entry_connection_t *conn, const node_t *exit_node)
Definition: connection_edge.c:4430
origin_circuit_t::isolation_values_set
unsigned int isolation_values_set
Definition: origin_circuit_st.h:247
routerset_contains_extendinfo
int routerset_contains_extendinfo(const routerset_t *set, const extend_info_t *ei)
Definition: routerset.c:307
circuit_discard_optional_exit_enclaves
void circuit_discard_optional_exit_enclaves(extend_info_t *info)
Definition: connection_edge.c:1513
AP_CONN_STATE_CIRCUIT_WAIT
#define AP_CONN_STATE_CIRCUIT_WAIT
Definition: connection_edge.h:49
CIRCLAUNCH_NEED_CAPACITY
#define CIRCLAUNCH_NEED_CAPACITY
Definition: circuituse.h:43
tor_assert
#define tor_assert(expr)
Definition: util_bug.h:102
CONN_TYPE_DIR
#define CONN_TYPE_DIR
Definition: connection.h:55
NUM_PARALLEL_TESTING_CIRCS
#define NUM_PARALLEL_TESTING_CIRCS
Definition: circuituse.c:1608
LD_BUG
#define LD_BUG
Definition: log.h:86
channel_state_to_string
const char * channel_state_to_string(channel_state_t state)
Definition: channel.c:315
ed25519_pubkey_eq
int ed25519_pubkey_eq(const ed25519_public_key_t *key1, const ed25519_public_key_t *key2)
Definition: crypto_ed25519.c:642
cpath_build_state_st.h
Circuit-build-stse structure.
hs_ident_circuit_t::identity_pk
ed25519_public_key_t identity_pk
Definition: hs_ident.h:45
CIRCUIT_PURPOSE_PATH_BIAS_TESTING
#define CIRCUIT_PURPOSE_PATH_BIAS_TESTING
Definition: circuitlist.h:122
circuituse.h
Header file for circuituse.c.
edge_connection_t::edge_blocked_on_circ
unsigned int edge_blocked_on_circ
Definition: edge_connection_st.h:73
or_options_t::OptimisticData
int OptimisticData
Definition: or_options_st.h:853
channel.h
Header file for channel.c.
router_exit_policy_all_nodes_reject
int router_exit_policy_all_nodes_reject(const tor_addr_t *addr, uint16_t port, int need_uptime)
Definition: nodelist.c:2269
connection_ap_handshake_attach_chosen_circuit
int connection_ap_handshake_attach_chosen_circuit(entry_connection_t *conn, origin_circuit_t *circ, crypt_path_t *cpath)
Definition: circuituse.c:2784
LD_GENERAL
#define LD_GENERAL
Definition: log.h:62
circuit_testing_opened
static void circuit_testing_opened(origin_circuit_t *circ)
Definition: circuituse.c:1651
circpad_machine_event_circ_purpose_changed
void circpad_machine_event_circ_purpose_changed(origin_circuit_t *circ)
Definition: circuitpadding.c:2272
count_pending_general_client_circuits
static int count_pending_general_client_circuits(void)
Definition: circuituse.c:400
base16_encode
void base16_encode(char *dest, size_t destlen, const char *src, size_t srclen)
Definition: binascii.c:478
conn_state_to_string
const char * conn_state_to_string(int type, int state)
Definition: connection.c:296
tor_fragile_assert
#define tor_fragile_assert()
Definition: util_bug.h:259
RELAY_PAYLOAD_SIZE
#define RELAY_PAYLOAD_SIZE
Definition: or.h:606
circuit_get_best
static origin_circuit_t * circuit_get_best(const entry_connection_t *conn, int must_be_open, uint8_t purpose, int need_uptime, int need_internal)
Definition: circuituse.c:344
crypt_path_t::state
uint8_t state
Definition: crypt_path_st.h:68
DIR_PURPOSE_UPLOAD_HSDESC
#define DIR_PURPOSE_UPLOAD_HSDESC
Definition: directory.h:73
describe.h
Header file for describe.c.
connection_t::reading_from_linked_conn
unsigned int reading_from_linked_conn
Definition: connection_st.h:81
node_get_by_nickname
const node_t * node_get_by_nickname(const char *nickname, unsigned flags)
Definition: nodelist.c:1004
circuit_is_acceptable
static int circuit_is_acceptable(const origin_circuit_t *origin_circ, const entry_connection_t *conn, int must_be_open, uint8_t purpose, int need_uptime, int need_internal, time_t now)
Definition: circuituse.c:114
cpath_build_state_t::is_internal
unsigned int is_internal
Definition: cpath_build_state_st.h:26
pathbias_count_use_attempt
void pathbias_count_use_attempt(origin_circuit_t *circ)
Definition: circpathbias.c:604
rep_hist_get_predicted_internal
int rep_hist_get_predicted_internal(time_t now, int *need_uptime, int *need_capacity)
Definition: predict_ports.c:229
DIR_PURPOSE_FETCH_CONSENSUS
#define DIR_PURPOSE_FETCH_CONSENSUS
Definition: directory.h:57
hs_client_note_connection_attempt_succeeded
void hs_client_note_connection_attempt_succeeded(const edge_connection_t *conn)
Definition: hs_client.c:1942
node_get_by_id
const node_t * node_get_by_id(const char *identity_digest)
Definition: nodelist.c:223
smartlist_add
void smartlist_add(smartlist_t *sl, void *element)
Definition: smartlist_core.c:117
circuit_purpose_is_hs_service
bool circuit_purpose_is_hs_service(const uint8_t purpose)
Definition: circuituse.c:2004
circuit_launch
origin_circuit_t * circuit_launch(uint8_t purpose, int flags)
Definition: circuituse.c:1951
CIRCUIT_PURPOSE_C_REND_JOINED
#define CIRCUIT_PURPOSE_C_REND_JOINED
Definition: circuitlist.h:90
channel_when_last_xmit
time_t channel_when_last_xmit(channel_t *chan)
Definition: channel.c:3272
circuit_remove_handled_ports
void circuit_remove_handled_ports(smartlist_t *needed_ports)
Definition: circuituse.c:1015
entry_port_cfg_t::socks_iso_keep_alive
unsigned int socks_iso_keep_alive
Definition: entry_port_cfg_st.h:29
circuit_t::n_chan
channel_t * n_chan
Definition: circuit_st.h:69
connection_t::linked
unsigned int linked
Definition: connection_st.h:78
circuit_enough_testing_circs
int circuit_enough_testing_circs(void)
Definition: circuituse.c:1627
or_options_t::NewCircuitPeriod
int NewCircuitPeriod
Definition: or_options_st.h:389
timercmp
#define timercmp(tv1, tv2, op)
Definition: timeval.h:81
entry_port_cfg_t::isolation_flags
uint8_t isolation_flags
Definition: entry_port_cfg_st.h:20
smartlist_new
smartlist_t * smartlist_new(void)
Definition: smartlist_core.c:26
circuit_t::received_destroy
unsigned int received_destroy
Definition: circuit_st.h:104
socks_request_st.h
Client request structure.
socks_request_t::passwordlen
uint8_t passwordlen
Definition: socks_request_st.h:77
or_options_t::TrackHostExitsExpire
int TrackHostExitsExpire
Definition: or_options_st.h:359
circuit_is_hs_v2
bool circuit_is_hs_v2(const circuit_t *circ)
Definition: circuituse.c:2019
CIRCUIT_IS_ORIGIN
#define CIRCUIT_IS_ORIGIN(c)
Definition: circuitlist.h:146
crypt_path_t
Definition: crypt_path_st.h:47
circuitpadding.h
Header file for circuitpadding.c.
connection_t::port
uint16_t port
Definition: connection_st.h:146
CIRCUIT_PURPOSE_C_INTRODUCE_ACK_WAIT
#define CIRCUIT_PURPOSE_C_INTRODUCE_ACK_WAIT
Definition: circuitlist.h:78
DIR_PURPOSE_FETCH_RENDDESC_V2
#define DIR_PURPOSE_FETCH_RENDDESC_V2
Definition: directory.h:69
circuit_expire_old_circuits_clientside
STATIC void circuit_expire_old_circuits_clientside(void)
Definition: circuituse.c:1479
rend_data_dup
rend_data_t * rend_data_dup(const rend_data_t *data)
Definition: hs_common.c:387
extend_info_describe
const char * extend_info_describe(const extend_info_t *ei)
Definition: describe.c:202
guards_retry_optimistic
int guards_retry_optimistic(const or_options_t *options)
Definition: entrynodes.c:3839
last_expired_clientside_circuits
static time_t last_expired_clientside_circuits
Definition: circuituse.c:874
build_state_get_exit_nickname
const char * build_state_get_exit_nickname(cpath_build_state_t *state)
Definition: circuitbuild.c:2492
networkstatus.h
Header file for networkstatus.c.
origin_circuit_t::global_identifier
uint32_t global_identifier
Definition: origin_circuit_st.h:240
END_CIRC_AT_ORIGIN
#define END_CIRC_AT_ORIGIN
Definition: or.h:306
origin_circuit_t::hs_circ_has_timed_out
unsigned int hs_circ_has_timed_out
Definition: origin_circuit_st.h:207
tvdiff.h
Header for tvdiff.c.
CIRCUIT_PURPOSE_C_ESTABLISH_REND
#define CIRCUIT_PURPOSE_C_ESTABLISH_REND
Definition: circuitlist.h:83
circuit_build_times_set_timeout
void circuit_build_times_set_timeout(circuit_build_times_t *cbt)
Definition: circuitstats.c:1817
control_event_circuit_cannibalized
int control_event_circuit_cannibalized(origin_circuit_t *circ, int old_purpose, const struct timeval *old_tv_created)
Definition: control_events.c:776
CIRCUIT_PURPOSE_S_HSDIR_POST
#define CIRCUIT_PURPOSE_S_HSDIR_POST
Definition: circuitlist.h:114
hs_client.h
Header file containing client data for the HS subsytem.
hs_client_get_random_intro_from_edge
extend_info_t * hs_client_get_random_intro_from_edge(const edge_connection_t *edge_conn)
Definition: hs_client.c:2417
cpath_is_on_circuit
static int cpath_is_on_circuit(origin_circuit_t *circ, crypt_path_t *crypt_path)
Definition: circuituse.c:2624
escaped_safe_str_client
const char * escaped_safe_str_client(const char *address)
Definition: config.c:1119
hs_circ_retry_service_rendezvous_point
void hs_circ_retry_service_rendezvous_point(origin_circuit_t *circ)
Definition: hs_circuit.c:711
circuit_build_times_enough_to_compute
int circuit_build_times_enough_to_compute(const circuit_build_times_t *cbt)
Definition: circuitstats.c:256
base16_decode
int base16_decode(char *dest, size_t destlen, const char *src, size_t srclen)
Definition: binascii.c:506
LD_CIRC
#define LD_CIRC
Definition: log.h:82
fp.h
Header for fp.c.
ENTRY_TO_EDGE_CONN
#define ENTRY_TO_EDGE_CONN(c)
Definition: entry_connection_st.h:102
circuit_increment_failure_count
static void circuit_increment_failure_count(void)
Definition: circuituse.c:2239
or_circuit_t::p_chan
channel_t * p_chan
Definition: or_circuit_st.h:37
MAX
#define MAX(a, b)
Definition: cmp.h:22
circuit_get_open_circ_or_launch
static int circuit_get_open_circ_or_launch(entry_connection_t *conn, uint8_t desired_circuit_purpose, origin_circuit_t **circp)
Definition: circuituse.c:2266
connection_ap_rescan_and_attach_pending
void connection_ap_rescan_and_attach_pending(void)
Definition: connection_edge.c:1257
extend_info_new
extend_info_t * extend_info_new(const char *nickname, const char *rsa_id_digest, const ed25519_public_key_t *ed_id, crypto_pk_t *onion_key, const curve25519_public_key_t *ntor_key, const tor_addr_t *addr, uint16_t port)
Definition: extendinfo.c:33
circuitlist.h
Header file for circuitlist.c.
control_event_circuit_purpose_changed
int control_event_circuit_purpose_changed(origin_circuit_t *circ, int old_purpose)
Definition: control_events.c:762
circuit_log_path
void circuit_log_path(int severity, unsigned int domain, origin_circuit_t *circ)
Definition: circuitbuild.c:352
DIGEST_LEN
#define DIGEST_LEN
Definition: digest_sizes.h:20
origin_circuit_t::is_ancient
unsigned int is_ancient
Definition: origin_circuit_st.h:152
END_CIRC_REASON_MEASUREMENT_EXPIRED
#define END_CIRC_REASON_MEASUREMENT_EXPIRED
Definition: or.h:301
rend_cmp_service_ids
int rend_cmp_service_ids(const char *one, const char *two)
Definition: rendcommon.c:49
circuit_expire_old_circuits_serverside
void circuit_expire_old_circuits_serverside(time_t now)
Definition: circuituse.c:1578
TR_SUBSYS
#define TR_SUBSYS(name)
Definition: events.h:45
channel_describe_peer
const char * channel_describe_peer(channel_t *chan)
Definition: channel.c:2819
CONN_TYPE_AP
#define CONN_TYPE_AP
Definition: connection.h:51
circuit_find_to_cannibalize
origin_circuit_t * circuit_find_to_cannibalize(uint8_t purpose_to_produce, extend_info_t *info, int flags)
Definition: circuitlist.c:1913
rate_limit_log
char * rate_limit_log(ratelim_t *lim, time_t now)
Definition: ratelim.c:41
events.h
Header file for Tor tracing instrumentation definition.
circuit_try_clearing_isolation_state
static int circuit_try_clearing_isolation_state(origin_circuit_t *circ)
Definition: circuituse.c:1746
extend_info_has_orport
bool extend_info_has_orport(const extend_info_t *ei, const tor_addr_t *addr, uint16_t port)
Definition: extendinfo.c:243
DIR_PURPOSE_FETCH_HSDESC
#define DIR_PURPOSE_FETCH_HSDESC
Definition: directory.h:75
cpath_build_state_t::chosen_exit
extend_info_t * chosen_exit
Definition: cpath_build_state_st.h:20
circuit_build_needed_circs
void circuit_build_needed_circs(time_t now)
Definition: circuituse.c:1339
circuit_expire_waiting_for_better_guard
void circuit_expire_waiting_for_better_guard(void)
Definition: circuituse.c:859
bridges.h
Header file for circuitbuild.c.
origin_circuit_t::path_state
path_state_bitfield_t path_state
Definition: origin_circuit_st.h:163
or_circuit_t::resolving_streams
edge_connection_t * resolving_streams
Definition: or_circuit_st.h:42
tor_addr_from_in
#define tor_addr_from_in(dest, in)
Definition: address.h:331
circuit_build_times_count_timeout
void circuit_build_times_count_timeout(circuit_build_times_t *cbt, int did_onehop)
Definition: circuitstats.c:1748
connection_t::hold_open_until_flushed
unsigned int hold_open_until_flushed
Definition: connection_st.h:61
link_apconn_to_circ
static void link_apconn_to_circ(entry_connection_t *apconn, origin_circuit_t *circ, crypt_path_t *cpath)
Definition: circuituse.c:2656
circuit_is_hs_v3
bool circuit_is_hs_v3(const circuit_t *circ)
Definition: circuituse.c:2027
proxy_mode
int proxy_mode(const or_options_t *options)
Definition: proxymode.c:21
connection_ap_mark_as_waiting_for_renddesc
void connection_ap_mark_as_waiting_for_renddesc(entry_connection_t *entry_conn)
Definition: connection_edge.c:1445
circuit_try_attaching_streams
void circuit_try_attaching_streams(origin_circuit_t *circ)
Definition: circuituse.c:1768
edge_connection_t::package_window
int package_window
Definition: edge_connection_st.h:26
tor_memneq
#define tor_memneq(a, b, sz)
Definition: di_ops.h:21
entrynodes.h
Header file for circuitbuild.c.
tor_inet_aton
int tor_inet_aton(const char *str, struct in_addr *addr)
Definition: inaddr.c:40
routerlist_retry_directory_downloads
void routerlist_retry_directory_downloads(time_t now)
Definition: routerlist.c:2314
node_t
Definition: node_st.h:34
origin_circuit_t
Definition: origin_circuit_st.h:79
LD_OR
#define LD_OR
Definition: log.h:92
timeout
Definition: timeout.h:115
circuit_any_opened_circuits
int circuit_any_opened_circuits(void)
Definition: circuitlist.c:720
circuit_get_global_origin_circuit_list
smartlist_t * circuit_get_global_origin_circuit_list(void)
Definition: circuitlist.c:705
hs_stats.h
Header file for hs_stats.c.
CIRCUIT_PURPOSE_C_CIRCUIT_PADDING
#define CIRCUIT_PURPOSE_C_CIRCUIT_PADDING
Definition: circuitlist.h:97
router_do_reachability_checks
void router_do_reachability_checks(int test_or, int test_dir)
Definition: selftest.c:323
CIRCLAUNCH_ONEHOP_TUNNEL
#define CIRCLAUNCH_ONEHOP_TUNNEL
Definition: circuituse.h:39
cpath_build_state_t::onehop_tunnel
unsigned int onehop_tunnel
Definition: cpath_build_state_st.h:32
MIN_CIRCUITS_HANDLING_STREAM
#define MIN_CIRCUITS_HANDLING_STREAM
Definition: or.h:180
or_options_t::HSLayer3Nodes
struct routerset_t * HSLayer3Nodes
Definition: or_options_st.h:299
SOCKS_COMMAND_CONNECT
#define SOCKS_COMMAND_CONNECT
Definition: socks_request_st.h:23
directory.h
Header file for directory.c.
extend_info_from_node
extend_info_t * extend_info_from_node(const node_t *node, int for_direct_connect)
Definition: extendinfo.c:92
entry_connection_t::use_begindir
unsigned int use_begindir
Definition: entry_connection_st.h:79
origin_circuit_t::has_opened
unsigned int has_opened
Definition: origin_circuit_st.h:156
tor_digest_is_zero
int tor_digest_is_zero(const char *digest)
Definition: util_string.c:96
ENTRY_TO_CONN
#define ENTRY_TO_CONN(c)
Definition: or.h:739
CIRCUIT_PURPOSE_HS_VANGUARDS
#define CIRCUIT_PURPOSE_HS_VANGUARDS
Definition: circuitlist.h:130
or_options_t::ExcludeNodes
struct routerset_t * ExcludeNodes
Definition: or_options_st.h:102
pathbias_count_timeout
void pathbias_count_timeout(origin_circuit_t *circ)
Definition: circpathbias.c:1220
entry_connection_t::chosen_exit_name
char * chosen_exit_name
Definition: entry_connection_st.h:25
get_circuit_build_timeout_ms
double get_circuit_build_timeout_ms(void)
Definition: circuitstats.c:102
connection_ap_handshake_send_resolve
int connection_ap_handshake_send_resolve(entry_connection_t *ap_conn)
Definition: connection_edge.c:3356
hs_client_send_introduce1
int hs_client_send_introduce1(origin_circuit_t *intro_circ, origin_circuit_t *rend_circ)
Definition: hs_client.c:2079
origin_circuit_t::circuit_idle_timeout
int circuit_idle_timeout
Definition: origin_circuit_st.h:299
LD_REND
#define LD_REND
Definition: log.h:84
or_circuit_t::n_streams
edge_connection_t * n_streams
Definition: or_circuit_st.h:39
escaped
const char * escaped(const char *s)
Definition: escape.c:126
ISO_SOCKSAUTH
#define ISO_SOCKSAUTH
Definition: or.h:978
circuit_should_cannibalize_to_build
static int circuit_should_cannibalize_to_build(uint8_t purpose_to_build, int has_extend_info, int onehop_tunnel)
Definition: circuituse.c:2066
circuit_change_purpose
void circuit_change_purpose(circuit_t *circ, uint8_t new_purpose)
Definition: circuituse.c:3117
smartlist_del
void smartlist_del(smartlist_t *sl, int idx)
Definition: smartlist_core.c:214
or_options_t::MaxCircuitDirtiness
int MaxCircuitDirtiness
Definition: or_options_st.h:391
connection_ap_attach_pending
void connection_ap_attach_pending(int retry)
Definition: connection_edge.c:1304
circuit_t::timestamp_began
struct timeval timestamp_began
Definition: circuit_st.h:165
circuit_purpose_is_hidden_service
int circuit_purpose_is_hidden_service(uint8_t purpose)
Definition: circuituse.c:1974
connection_ap_handshake_attach_circuit
int connection_ap_handshake_attach_circuit(entry_connection_t *conn)
Definition: circuituse.c:2869
CIRCUIT_PURPOSE_C_MEASURE_TIMEOUT
#define CIRCUIT_PURPOSE_C_MEASURE_TIMEOUT
Definition: circuitlist.h:95
entry_connection_t::may_use_optimistic_data
unsigned int may_use_optimistic_data
Definition: entry_connection_st.h:98
circuit_has_opened
void circuit_has_opened(origin_circuit_t *circ)
Definition: circuituse.c:1693
connection_t::marked_for_close
uint16_t marked_for_close
Definition: connection_st.h:149
circuit_t
Definition: circuit_st.h:61
or_options_t::ExcludeExitNodes
struct routerset_t * ExcludeExitNodes
Definition: or_options_st.h:106
nodelist.h
Header file for nodelist.c.
LD_HEARTBEAT
#define LD_HEARTBEAT
Definition: log.h:103
routerlist.h
Header file for routerlist.c.
circuit_timeout_want_to_count_circ
int circuit_timeout_want_to_count_circ(const origin_circuit_t *circ)
Definition: circuitbuild.c:808
predict_ports.h
Header file for predict_ports.c.
or_circuit_t::rend_splice
struct or_circuit_t * rend_splice
Definition: or_circuit_st.h:50
connection_t::addr
tor_addr_t addr
Definition: connection_st.h:145
get_circuit_build_times
const circuit_build_times_t * get_circuit_build_times(void)
Definition: circuitstats.c:79
tor_gettimeofday
void tor_gettimeofday(struct timeval *timeval)
Definition: tor_gettimeofday.c:42
circuit_expire_old_circs_as_needed
void circuit_expire_old_circs_as_needed(time_t now)
Definition: circuituse.c:1362
rendservice.h
Header file for rendservice.c.
circuitstats.h
Header file for circuitstats.c.
circuit_t::timestamp_created
struct timeval timestamp_created
Definition: circuit_st.h:168
circpad_machine_event_circ_has_streams
void circpad_machine_event_circ_has_streams(origin_circuit_t *circ)
Definition: circuitpadding.c:2301
extendinfo.h
Header for core/or/extendinfo.c.
circuit_t::package_window
int package_window
Definition: circuit_st.h:116
channel_t
Definition: channel.h:181
connection_edge_update_circuit_isolation
int connection_edge_update_circuit_isolation(const entry_connection_t *conn, origin_circuit_t *circ, int dry_run)
Definition: connection_edge.c:4584
entry_list_is_constrained
int entry_list_is_constrained(const or_options_t *options)
Definition: entrynodes.c:3392
rep_hist_note_used_internal
void rep_hist_note_used_internal(time_t now, int need_uptime, int need_capacity)
Definition: predict_ports.c:206
rend_client_refetch_v2_renddesc
void rend_client_refetch_v2_renddesc(rend_data_t *rend_query)
Definition: rendclient.c:716
circuit_purpose_is_hs_vanguards
bool circuit_purpose_is_hs_vanguards(const uint8_t purpose)
Definition: circuituse.c:2012
connection_ap_handshake_send_begin
int connection_ap_handshake_send_begin(entry_connection_t *ap_conn)
Definition: connection_edge.c:3237
connection_t
Definition: connection_st.h:45
connection_t::type
unsigned int type
Definition: connection_st.h:50
tor_addr_parse
int tor_addr_parse(tor_addr_t *addr, const char *src)
Definition: address.c:1349
circuit_t::n_circ_id
circid_t n_circ_id
Definition: circuit_st.h:78
entry_guard_state_should_expire
int entry_guard_state_should_expire(circuit_guard_state_t *guard_state)
Definition: entrynodes.c:2802
hs_client_refetch_hsdesc
int hs_client_refetch_hsdesc(const ed25519_public_key_t *identity_pk)
Definition: hs_client.c:2048
LOG_INFO
#define LOG_INFO
Definition: log.h:45
origin_circuit_t::guard_state
struct circuit_guard_state_t * guard_state
Definition: origin_circuit_st.h:141
entry_connection_t::socks_request
socks_request_t * socks_request
Definition: entry_connection_st.h:27
edge_connection_t::on_circuit
struct circuit_t * on_circuit
Definition: edge_connection_st.h:30
circuit_testing_failed
static void circuit_testing_failed(origin_circuit_t *circ, int at_last_hop)
Definition: circuituse.c:1670
circuit_establish_circuit
origin_circuit_t * circuit_establish_circuit(uint8_t purpose, extend_info_t *exit_ei, int flags)
Definition: circuitbuild.c:478
consider_recording_trackhost
static void consider_recording_trackhost(const entry_connection_t *conn, const origin_circuit_t *circ)
Definition: circuituse.c:2746
control_events.h
Header file for control_events.c.
circuit_matches_with_rend_stream
static int circuit_matches_with_rend_stream(const edge_connection_t *edge_conn, const origin_circuit_t *origin_circ)
Definition: circuituse.c:84
get_options
const or_options_t * get_options(void)
Definition: config.c:928
origin_circuit_t::build_state
cpath_build_state_t * build_state
Definition: origin_circuit_st.h:123
circuit_clear_isolation
void circuit_clear_isolation(origin_circuit_t *circ)
Definition: connection_edge.c:4662
circuitbuild.h
Header file for circuitbuild.c.
or_options_t::DisablePredictedCircuits
int DisablePredictedCircuits
Definition: or_options_st.h:521
CIRCUIT_PURPOSE_S_REND_JOINED
#define CIRCUIT_PURPOSE_S_REND_JOINED
Definition: circuitlist.h:112
connection_edge_is_rendezvous_stream
int connection_edge_is_rendezvous_stream(const edge_connection_t *conn)
Definition: connection_edge.c:4412
addressmap.h
Header for addressmap.c.
did_circs_fail_last_period
static int did_circs_fail_last_period
Definition: circuituse.c:1942
CIRCLAUNCH_IS_INTERNAL
#define CIRCLAUNCH_IS_INTERNAL
Definition: circuituse.h:46
extend_info_st.h
Extend-info structure.
node_describe
const char * node_describe(const node_t *node)
Definition: describe.c:142
hs_common.h
Header file containing common data for the whole HS subsytem.
circuit_build_times_mark_circ_as_measurement_only
void circuit_build_times_mark_circ_as_measurement_only(origin_circuit_t *circ)
Definition: circuitstats.c:638
CIRCLAUNCH_NEED_UPTIME
#define CIRCLAUNCH_NEED_UPTIME
Definition: circuituse.h:41
pathbias_check_close
int pathbias_check_close(origin_circuit_t *ocirc, int reason)
Definition: circpathbias.c:1015
origin_circuit_t::cpath
crypt_path_t * cpath
Definition: origin_circuit_st.h:129
origin_circuit_t::isolation_any_streams_attached
unsigned int isolation_any_streams_attached
Definition: origin_circuit_st.h:253
CIRCUIT_PURPOSE_C_HSDIR_GET
#define CIRCUIT_PURPOSE_C_HSDIR_GET
Definition: circuitlist.h:92
TO_ORIGIN_CIRCUIT
origin_circuit_t * TO_ORIGIN_CIRCUIT(circuit_t *x)
Definition: circuitlist.c:168
CIRCUIT_PURPOSE_C_REND_READY
#define CIRCUIT_PURPOSE_C_REND_READY
Definition: circuitlist.h:85
connection.h
Header file for connection.c.
circpad_machine_event_circ_has_no_streams
void circpad_machine_event_circ_has_no_streams(origin_circuit_t *circ)
Definition: circuitpadding.c:2316
connection_t::linked_conn
struct connection_t * linked_conn
Definition: connection_st.h:168
CIRCUIT_PURPOSE_COUNTS_TOWARDS_MAXPENDING
#define CIRCUIT_PURPOSE_COUNTS_TOWARDS_MAXPENDING(p)
Definition: circuitlist.h:159
assert_circuit_ok
void assert_circuit_ok(const circuit_t *c)
Definition: circuitlist.c:2772
extend_info_t::identity_digest
char identity_digest[DIGEST_LEN]
Definition: extend_info_st.h:31
CIRCUIT_PURPOSE_S_CONNECT_REND
#define CIRCUIT_PURPOSE_S_CONNECT_REND
Definition: circuitlist.h:109
cpath_build_state_t::need_uptime
unsigned int need_uptime
Definition: cpath_build_state_st.h:22
conn_type_to_string
const char * conn_type_to_string(int type)
Definition: connection.c:264
circuit_build_failed
void circuit_build_failed(origin_circuit_t *circ)
Definition: circuituse.c:1785
crypt_path_t::prev
struct crypt_path_t * prev
Definition: crypt_path_st.h:75
MAX_UNUSED_OPEN_CIRCUITS
#define MAX_UNUSED_OPEN_CIRCUITS
Definition: circuituse.c:1089
tv_mdiff
long tv_mdiff(const struct timeval *start, const struct timeval *end)
Definition: tvdiff.c:102
or_options_t::SocksTimeout
int SocksTimeout
Definition: or_options_st.h:373
connection_get_by_type
connection_t * connection_get_by_type(int type)
Definition: connection.c:4750
server_mode
int server_mode(const or_options_t *options)
Definition: routermode.c:34
hostname_in_track_host_exits
int hostname_in_track_host_exits(const or_options_t *options, const char *address)
Definition: circuituse.c:2724
tor_addr_is_null
int tor_addr_is_null(const tor_addr_t *addr)
Definition: address.c:780
PATH_STATE_USE_FAILED
@ PATH_STATE_USE_FAILED
Definition: origin_circuit_st.h:67
addressmap_clean
void addressmap_clean(time_t now)
Definition: addressmap.c:320
timeval
Definition: compat_time.h:151
circuit_should_use_vanguards
int circuit_should_use_vanguards(uint8_t purpose)
Definition: circuituse.c:2044
CIRCUIT_PURPOSE_S_ESTABLISH_INTRO
#define CIRCUIT_PURPOSE_S_ESTABLISH_INTRO
Definition: circuitlist.h:103
CIRCUIT_PURPOSE_C_REND_READY_INTRO_ACKED
#define CIRCUIT_PURPOSE_C_REND_READY_INTRO_ACKED
Definition: circuitlist.h:88
tor_asprintf
int tor_asprintf(char **strp, const char *fmt,...)
Definition: printf.c:75
origin_circuit_t::rend_data
rend_data_t * rend_data
Definition: origin_circuit_st.h:132
crypt_path_t::extend_info
extend_info_t * extend_info
Definition: crypt_path_st.h:61
ADDRMAPSRC_TRACKEXIT
@ ADDRMAPSRC_TRACKEXIT
Definition: or.h:1046
CIRCUIT_PURPOSE_S_INTRO
#define CIRCUIT_PURPOSE_S_INTRO
Definition: circuitlist.h:106
SMARTLIST_FOREACH_BEGIN
#define SMARTLIST_FOREACH_BEGIN(sl, type, var)
Definition: smartlist_foreach.h:78
proxymode.h
Header file for proxymode.c.
log_fn_ratelim
#define log_fn_ratelim(ratelim, severity, domain, args,...)
Definition: log.h:292
CIRCUIT_PURPOSE_TESTING
#define CIRCUIT_PURPOSE_TESTING
Definition: circuitlist.h:118
addr_policy_result_t
addr_policy_result_t
Definition: policies.h:38
circuit_read_valid_data
void circuit_read_valid_data(origin_circuit_t *circ, uint16_t relay_body_len)
Definition: circuituse.c:3208
circuit_build_times_count_close
int circuit_build_times_count_close(circuit_build_times_t *cbt, int did_onehop, time_t start_time)
Definition: circuitstats.c:1716
dir_connection_st.h
Client/server directory connection structure.
origin_circuit_t::n_delivered_read_circ_bw
uint32_t n_delivered_read_circ_bw
Definition: origin_circuit_st.h:103
HEX_DIGEST_LEN
#define HEX_DIGEST_LEN
Definition: crypto_digest.h:35
or_options_t::UseBridges
int UseBridges
Definition: or_options_st.h:233
rend_num_services
int rend_num_services(void)
Definition: rendservice.c:202
LOG_WARN
#define LOG_WARN
Definition: log.h:53
CIRCLAUNCH_IS_V3_RP
#define CIRCLAUNCH_IS_V3_RP
Definition: circuituse.h:49
router_have_consensus_path
consensus_path_type_t router_have_consensus_path(void)
Definition: nodelist.c:2379
connection_ap_get_nonrend_circ_purpose
static int connection_ap_get_nonrend_circ_purpose(const entry_connection_t *conn)
Definition: circuituse.c:2836
socks_request_t::usernamelen
size_t usernamelen
Definition: socks_request_st.h:75
circuit_stream_is_being_handled
int circuit_stream_is_being_handled(entry_connection_t *conn, uint16_t port, int min)
Definition: circuituse.c:1040
edge_connection_t
Definition: edge_connection_st.h:21
or_options_t::EntryNodes
struct routerset_t * EntryNodes
Definition: or_options_st.h:96
router_perform_bandwidth_test
void router_perform_bandwidth_test(int num_circs, time_t now)
Definition: selftest.c:484
MAX_CIRCUIT_FAILURES
#define MAX_CIRCUIT_FAILURES
Definition: circuituse.c:1946
entry_connection_t::want_onehop
unsigned int want_onehop
Definition: entry_connection_st.h:76
circuit_is_better
static int circuit_is_better(const origin_circuit_t *oa, const origin_circuit_t *ob, const entry_connection_t *conn)
Definition: circuituse.c:252
policies.h
Header file for policies.c.
TO_DIR_CONN
dir_connection_t * TO_DIR_CONN(connection_t *c)
Definition: directory.c:89
format_local_iso_time
void format_local_iso_time(char *buf, time_t t)
Definition: time_fmt.c:285
crypt_path_t::next
struct crypt_path_t * next
Definition: crypt_path_st.h:72
or_circuit_t
Definition: or_circuit_st.h:21
socks_request_t::address
char address[MAX_SOCKS_ADDR_LEN]
Definition: socks_request_st.h:57
have_performed_bandwidth_test
static int have_performed_bandwidth_test
Definition: circuituse.c:1612
or_circuit_t::p_circ_id
circid_t p_circ_id
Definition: or_circuit_st.h:33
rend_data_get_address
const char * rend_data_get_address(const rend_data_t *rend_data)
Definition: hs_common.c:529
LD_APP
#define LD_APP
Definition: log.h:78
strcasecmpend
int strcasecmpend(const char *s1, const char *s2)
Definition: util_string.c:255
config.h
Header file for config.c.
hexdigest_to_digest
int hexdigest_to_digest(const char *hexdigest, char *digest)
Definition: routerlist.c:747
cpath_build_state_t
Definition: cpath_build_state_st.h:16
circuit_launch_predicted_hs_circ
static void circuit_launch_predicted_hs_circ(int flags)
Definition: circuituse.c:1226
cpath_build_state_t::desired_path_len
int desired_path_len
Definition: cpath_build_state_st.h:18
compare_tor_addr_to_node_policy
addr_policy_result_t compare_tor_addr_to_node_policy(const tor_addr_t *addr, uint16_t port, const node_t *node)
Definition: policies.c:2857
origin_circuit_t::n_delivered_written_circ_bw
uint32_t n_delivered_written_circ_bw
Definition: origin_circuit_st.h:108
build_state_get_exit_node
const node_t * build_state_get_exit_node(cpath_build_state_t *state)
Definition: circuitbuild.c:2469
circuit_state_to_string
const char * circuit_state_to_string(int state)
Definition: circuitlist.c:764
hs_service_circuit_has_opened
void hs_service_circuit_has_opened(origin_circuit_t *circ)
Definition: hs_service.c:4018
connection_t::timestamp_created
time_t timestamp_created
Definition: connection_st.h:109
connection_t::state
uint8_t state
Definition: connection_st.h:49
or_options_t::TrackHostExits
struct smartlist_t * TrackHostExits
Definition: or_options_st.h:358
mark_circuit_unusable_for_new_conns
void mark_circuit_unusable_for_new_conns(origin_circuit_t *circ)
Definition: circuituse.c:3163
circuit_reset_failure_count
void circuit_reset_failure_count(int timeout)
Definition: circuituse.c:2250
origin_circuit_t::hs_ident
struct hs_ident_circuit_t * hs_ident
Definition: origin_circuit_st.h:136
circuit_get_cpath_len
int circuit_get_cpath_len(origin_circuit_t *circ)
Definition: circuitlist.c:2051
origin_circuit_t::p_streams
edge_connection_t * p_streams
Definition: origin_circuit_st.h:84
socks_request_t::command
uint8_t command
Definition: socks_request_st.h:47
TO_CIRCUIT
#define TO_CIRCUIT(x)
Definition: or.h:965
edge_connection_t::next_stream
struct edge_connection_t * next_stream
Definition: edge_connection_st.h:24
or_options_t
Definition: or_options_st.h:45
socks_request_t::port
uint16_t port
Definition: socks_request_st.h:59
entry_connection_t::num_circuits_launched
unsigned int num_circuits_launched
Definition: entry_connection_st.h:72
origin_circuit_t::n_overhead_read_circ_bw
uint32_t n_overhead_read_circ_bw
Definition: origin_circuit_st.h:113
n_circuit_failures
static int n_circuit_failures
Definition: circuituse.c:1939
TO_CONN
#define TO_CONN(c)
Definition: or.h:736
circuit_predict_and_launch_new
static void circuit_predict_and_launch_new(void)
Definition: circuituse.c:1245
circuit_log_ancient_one_hop_circuits
void circuit_log_ancient_one_hop_circuits(int age)
Definition: circuituse.c:883
reset_bandwidth_test
void reset_bandwidth_test(void)
Definition: circuituse.c:1617
STATIC
#define STATIC
Definition: testsupport.h:32
circuit_build_times_needs_circuits_now
int circuit_build_times_needs_circuits_now(const circuit_build_times_t *cbt)
Definition: circuitstats.c:1395
hs_ident_edge_conn_t::identity_pk
ed25519_public_key_t identity_pk
Definition: hs_ident.h:106
hs_dec_rdv_stream_counter
void hs_dec_rdv_stream_counter(origin_circuit_t *circ)
Definition: hs_common.c:1840
AP_CONN_STATE_CONTROLLER_WAIT
#define AP_CONN_STATE_CONTROLLER_WAIT
Definition: connection_edge.h:47
hs_circ_is_rend_sent_in_intro1
bool hs_circ_is_rend_sent_in_intro1(const origin_circuit_t *circ)
Definition: hs_circuit.c:1370
router_have_minimum_dir_info
int router_have_minimum_dir_info(void)
Definition: nodelist.c:2346
hs_circuit.h
Header file containing circuit data for the whole HS subsytem.
LD_DIR
#define LD_DIR
Definition: log.h:88
networkstatus_get_param
int32_t networkstatus_get_param(const networkstatus_t *ns, const char *param_name, int32_t default_val, int32_t min_val, int32_t max_val)
Definition: networkstatus.c:2495
entry_connection_t
Definition: entry_connection_st.h:19
hs_stats_note_service_rendezvous_launch
void hs_stats_note_service_rendezvous_launch(void)
Definition: hs_stats.c:47
TO_OR_CIRCUIT
or_circuit_t * TO_OR_CIRCUIT(circuit_t *x)
Definition: circuitlist.c:156
hs_ident_circuit_new
hs_ident_circuit_t * hs_ident_circuit_new(const ed25519_public_key_t *identity_pk)
Definition: hs_ident.c:16
origin_circuit_st.h
Origin circuit structure.
circuit_launch_by_extend_info
origin_circuit_t * circuit_launch_by_extend_info(uint8_t purpose, extend_info_t *extend_info, int flags)
Definition: circuituse.c:2121
node_has_preferred_descriptor
int node_has_preferred_descriptor(const node_t *node, int for_direct_connect)
Definition: nodelist.c:1419
entry_guard_failed
void entry_guard_failed(circuit_guard_state_t **guard_state_p)
Definition: entrynodes.c:2534
smartlist_t
Definition: smartlist_core.h:26
addressmap_have_mapping
int addressmap_have_mapping(const char *address, int update_expiry)
Definition: addressmap.c:544
rendclient.h
Header file for rendclient.c.
addressmap_register
void addressmap_register(const char *address, char *new_address, time_t expires, addressmap_entry_source_t source, const int wildcard_addr, const int wildcard_new_addr)
Definition: addressmap.c:576
circuit_t::state
uint8_t state
Definition: circuit_st.h:110
circuit_build_times_disabled
int circuit_build_times_disabled(const or_options_t *options)
Definition: circuitstats.c:118
hs_service_get_num_services
unsigned int hs_service_get_num_services(void)
Definition: hs_service.c:3799
rendcommon.h
Header file for rendcommon.c.
hs_circ_cleanup_on_repurpose
void hs_circ_cleanup_on_repurpose(circuit_t *circ)
Definition: hs_circuit.c:1348
CIRCUIT_PURPOSE_C_INTRODUCING
#define CIRCUIT_PURPOSE_C_INTRODUCING
Definition: circuitlist.h:75
EDGE_TO_ENTRY_CONN
entry_connection_t * EDGE_TO_ENTRY_CONN(edge_connection_t *c)
Definition: connection_edge.c:227
circuit_all_predicted_ports_handled
int circuit_all_predicted_ports_handled(time_t now, int *need_uptime, int *need_capacity)
Definition: circuitbuild.c:1475
extend_info_t
Definition: extend_info_st.h:27
circuit_purpose_to_string
const char * circuit_purpose_to_string(uint8_t purpose)
Definition: circuitlist.c:905
or_options_t::HSLayer2Nodes
struct routerset_t * HSLayer2Nodes
Definition: or_options_st.h:295
connection_t::marked_for_close_file
const char * marked_for_close_file
Definition: connection_st.h:153
router_orport_seems_reachable
int router_orport_seems_reachable(const or_options_t *options, int family)
Definition: selftest.c:93
ratelim_t
Definition: ratelim.h:42
or.h
Master header file for Tor-specific functionality.
circuit_event_status
int circuit_event_status(origin_circuit_t *circ, circuit_status_event_t tp, int reason_code)
Definition: circuitlist.c:501
optimistic_data_enabled
static int optimistic_data_enabled(void)
Definition: circuituse.c:2637
circuit_detach_stream
void circuit_detach_stream(circuit_t *circ, edge_connection_t *conn)
Definition: circuituse.c:1393