Tor  0.4.6.0-alpha-dev
connection.c
Go to the documentation of this file.
1 /* Copyright (c) 2001 Matej Pfajfar.
2  * Copyright (c) 2001-2004, Roger Dingledine.
3  * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson.
4  * Copyright (c) 2007-2020, The Tor Project, Inc. */
5 /* See LICENSE for licensing information */
6 
7 /**
8  * \file connection.c
9  * \brief General high-level functions to handle reading and writing
10  * on connections.
11  *
12  * Each connection (ideally) represents a TLS connection, a TCP socket, a unix
13  * socket, or a UDP socket on which reads and writes can occur. (But see
14  * connection_edge.c for cases where connections can also represent streams
15  * that do not have a corresponding socket.)
16  *
17  * The module implements the abstract type, connection_t. The subtypes are:
18  * <ul>
19  * <li>listener_connection_t, implemented here in connection.c
20  * <li>dir_connection_t, implemented in directory.c
21  * <li>or_connection_t, implemented in connection_or.c
22  * <li>edge_connection_t, implemented in connection_edge.c, along with
23  * its subtype(s):
24  * <ul><li>entry_connection_t, also implemented in connection_edge.c
25  * </ul>
26  * <li>control_connection_t, implemented in control.c
27  * </ul>
28  *
29  * The base type implemented in this module is responsible for basic
30  * rate limiting, flow control, and marshalling bytes onto and off of the
31  * network (either directly or via TLS).
32  *
33  * Connections are registered with the main loop with connection_add(). As
34  * they become able to read or write register the fact with the event main
35  * loop by calling connection_watch_events(), connection_start_reading(), or
36  * connection_start_writing(). When they no longer want to read or write,
37  * they call connection_stop_reading() or connection_stop_writing().
38  *
39  * To queue data to be written on a connection, call
40  * connection_buf_add(). When data arrives, the
41  * connection_process_inbuf() callback is invoked, which dispatches to a
42  * type-specific function (such as connection_edge_process_inbuf() for
43  * example). Connection types that need notice of when data has been written
44  * receive notification via connection_flushed_some() and
45  * connection_finished_flushing(). These functions all delegate to
46  * type-specific implementations.
47  *
48  * Additionally, beyond the core of connection_t, this module also implements:
49  * <ul>
50  * <li>Listeners, which wait for incoming sockets and launch connections
51  * <li>Outgoing SOCKS proxy support
52  * <li>Outgoing HTTP proxy support
53  * <li>An out-of-sockets handler for dealing with socket exhaustion
54  * </ul>
55  **/
56 
57 #define CONNECTION_PRIVATE
58 #include "core/or/or.h"
59 #include "feature/client/bridges.h"
60 #include "lib/buf/buffers.h"
61 #include "lib/tls/buffers_tls.h"
62 #include "lib/err/backtrace.h"
63 
64 /*
65  * Define this so we get channel internal functions, since we're implementing
66  * part of a subclass (channel_tls_t).
67  */
68 #define CHANNEL_OBJECT_PRIVATE
69 #include "app/config/config.h"
72 #include "core/mainloop/mainloop.h"
74 #include "core/or/channel.h"
75 #include "core/or/channeltls.h"
76 #include "core/or/circuitbuild.h"
77 #include "core/or/circuitlist.h"
78 #include "core/or/circuituse.h"
80 #include "core/or/connection_or.h"
81 #include "core/or/dos.h"
82 #include "core/or/policies.h"
83 #include "core/or/reasons.h"
84 #include "core/or/relay.h"
85 #include "core/or/status.h"
86 #include "core/or/crypt_path.h"
87 #include "core/proto/proto_haproxy.h"
88 #include "core/proto/proto_http.h"
89 #include "core/proto/proto_socks.h"
90 #include "feature/client/dnsserv.h"
100 #include "feature/hs/hs_common.h"
101 #include "feature/hs/hs_ident.h"
102 #include "feature/hs/hs_metrics.h"
103 #include "feature/metrics/metrics.h"
106 #include "feature/relay/dns.h"
109 #include "feature/rend/rendclient.h"
110 #include "feature/rend/rendcommon.h"
111 #include "feature/stats/connstats.h"
112 #include "feature/stats/rephist.h"
113 #include "feature/stats/bwhist.h"
116 #include "lib/geoip/geoip.h"
117 
118 #include "lib/cc/ctassert.h"
119 #include "lib/sandbox/sandbox.h"
120 #include "lib/net/buffers_net.h"
121 #include "lib/tls/tortls.h"
123 #include "lib/compress/compress.h"
124 
125 #ifdef HAVE_PWD_H
126 #include <pwd.h>
127 #endif
128 
129 #ifdef HAVE_UNISTD_H
130 #include <unistd.h>
131 #endif
132 #ifdef HAVE_SYS_STAT_H
133 #include <sys/stat.h>
134 #endif
135 
136 #ifdef HAVE_SYS_UN_H
137 #include <sys/socket.h>
138 #include <sys/un.h>
139 #endif
140 
146 #include "core/or/port_cfg_st.h"
149 
150 /**
151  * On Windows and Linux we cannot reliably bind() a socket to an
152  * address and port if: 1) There's already a socket bound to wildcard
153  * address (0.0.0.0 or ::) with the same port; 2) We try to bind()
154  * to wildcard address and there's another socket bound to a
155  * specific address and the same port.
156  *
157  * To address this problem on these two platforms we implement a
158  * routine that:
159  * 1) Checks if first attempt to bind() a new socket failed with
160  * EADDRINUSE.
161  * 2) If so, it will close the appropriate old listener connection and
162  * 3) Attempts bind()'ing the new listener socket again.
163  *
164  * Just to be safe, we are enabling listener rebind code on all platforms,
165  * to account for unexpected cases where it may be needed.
166  */
167 #define ENABLE_LISTENER_REBIND
168 
170  const struct sockaddr *listensockaddr,
171  socklen_t listensocklen, int type,
172  const char *address,
173  const port_cfg_t *portcfg,
174  int *addr_in_use);
176  const port_cfg_t *port,
177  int *defer, int *addr_in_use);
178 static void connection_init(time_t now, connection_t *conn, int type,
179  int socket_family);
180 static int connection_handle_listener_read(connection_t *conn, int new_type);
182 static int connection_flushed_some(connection_t *conn);
184 static int connection_reached_eof(connection_t *conn);
186  ssize_t *max_to_read,
187  int *socket_error);
188 static int connection_process_inbuf(connection_t *conn, int package_partial);
190 static void set_constrained_socket_buffers(tor_socket_t sock, int size);
191 
192 static const char *connection_proxy_state_to_string(int state);
195 static const char *proxy_type_to_string(int proxy_type);
196 static int conn_get_proxy_type(const connection_t *conn);
198  const or_options_t *options, unsigned int conn_type);
199 static void reenable_blocked_connection_init(const or_options_t *options);
200 static void reenable_blocked_connection_schedule(void);
201 
202 /** The last addresses that our network interface seemed to have been
203  * binding to. We use this as one way to detect when our IP changes.
204  *
205  * XXXX+ We should really use the entire list of interfaces here.
206  **/
208 /* DOCDOC last_interface_ipv6 */
209 static tor_addr_t *last_interface_ipv6 = NULL;
210 /** A list of tor_addr_t for addresses we've used in outgoing connections.
211  * Used to detect IP address changes. */
213 
214 #define CASE_ANY_LISTENER_TYPE \
215  case CONN_TYPE_OR_LISTENER: \
216  case CONN_TYPE_EXT_OR_LISTENER: \
217  case CONN_TYPE_AP_LISTENER: \
218  case CONN_TYPE_DIR_LISTENER: \
219  case CONN_TYPE_CONTROL_LISTENER: \
220  case CONN_TYPE_AP_TRANS_LISTENER: \
221  case CONN_TYPE_AP_NATD_LISTENER: \
222  case CONN_TYPE_AP_DNS_LISTENER: \
223  case CONN_TYPE_AP_HTTP_CONNECT_LISTENER: \
224  case CONN_TYPE_METRICS_LISTENER
225 
226 /**************************************************************/
227 
228 /**
229  * Cast a `connection_t *` to a `listener_connection_t *`.
230  *
231  * Exit with an assertion failure if the input is not a
232  * `listener_connection_t`.
233  **/
236 {
237  tor_assert(c->magic == LISTENER_CONNECTION_MAGIC);
238  return DOWNCAST(listener_connection_t, c);
239 }
240 
241 /**
242  * Cast a `const connection_t *` to a `const listener_connection_t *`.
243  *
244  * Exit with an assertion failure if the input is not a
245  * `listener_connection_t`.
246  **/
247 const listener_connection_t *
249 {
250  return TO_LISTENER_CONN((connection_t *)c);
251 }
252 
253 size_t
254 connection_get_inbuf_len(connection_t *conn)
255 {
256  return conn->inbuf ? buf_datalen(conn->inbuf) : 0;
257 }
258 
259 size_t
260 connection_get_outbuf_len(connection_t *conn)
261 {
262  return conn->outbuf ? buf_datalen(conn->outbuf) : 0;
263 }
264 
265 /**
266  * Return the human-readable name for the connection type <b>type</b>
267  */
268 const char *
270 {
271  static char buf[64];
272  switch (type) {
273  case CONN_TYPE_OR_LISTENER: return "OR listener";
274  case CONN_TYPE_OR: return "OR";
275  case CONN_TYPE_EXIT: return "Exit";
276  case CONN_TYPE_AP_LISTENER: return "Socks listener";
278  return "Transparent pf/netfilter listener";
279  case CONN_TYPE_AP_NATD_LISTENER: return "Transparent natd listener";
280  case CONN_TYPE_AP_DNS_LISTENER: return "DNS listener";
281  case CONN_TYPE_AP: return "Socks";
282  case CONN_TYPE_DIR_LISTENER: return "Directory listener";
283  case CONN_TYPE_DIR: return "Directory";
284  case CONN_TYPE_CONTROL_LISTENER: return "Control listener";
285  case CONN_TYPE_CONTROL: return "Control";
286  case CONN_TYPE_EXT_OR: return "Extended OR";
287  case CONN_TYPE_EXT_OR_LISTENER: return "Extended OR listener";
288  case CONN_TYPE_AP_HTTP_CONNECT_LISTENER: return "HTTP tunnel listener";
289  case CONN_TYPE_METRICS_LISTENER: return "Metrics listener";
290  case CONN_TYPE_METRICS: return "Metrics";
291  default:
292  log_warn(LD_BUG, "unknown connection type %d", type);
293  tor_snprintf(buf, sizeof(buf), "unknown [%d]", type);
294  return buf;
295  }
296 }
297 
298 /**
299  * Return the human-readable name for the connection state <b>state</b>
300  * for the connection type <b>type</b>
301  */
302 const char *
303 conn_state_to_string(int type, int state)
304 {
305  static char buf[96];
306  switch (type) {
307  CASE_ANY_LISTENER_TYPE:
308  if (state == LISTENER_STATE_READY)
309  return "ready";
310  break;
311  case CONN_TYPE_OR:
312  switch (state) {
313  case OR_CONN_STATE_CONNECTING: return "connect()ing";
314  case OR_CONN_STATE_PROXY_HANDSHAKING: return "handshaking (proxy)";
315  case OR_CONN_STATE_TLS_HANDSHAKING: return "handshaking (TLS)";
317  return "renegotiating (TLS, v2 handshake)";
319  return "waiting for renegotiation or V3 handshake";
321  return "handshaking (Tor, v2 handshake)";
323  return "handshaking (Tor, v3 handshake)";
324  case OR_CONN_STATE_OPEN: return "open";
325  }
326  break;
327  case CONN_TYPE_EXT_OR:
328  switch (state) {
330  return "waiting for authentication type";
332  return "waiting for client nonce";
334  return "waiting for client hash";
335  case EXT_OR_CONN_STATE_OPEN: return "open";
336  case EXT_OR_CONN_STATE_FLUSHING: return "flushing final OKAY";
337  }
338  break;
339  case CONN_TYPE_EXIT:
340  switch (state) {
341  case EXIT_CONN_STATE_RESOLVING: return "waiting for dest info";
342  case EXIT_CONN_STATE_CONNECTING: return "connecting";
343  case EXIT_CONN_STATE_OPEN: return "open";
344  case EXIT_CONN_STATE_RESOLVEFAILED: return "resolve failed";
345  }
346  break;
347  case CONN_TYPE_AP:
348  switch (state) {
349  case AP_CONN_STATE_SOCKS_WAIT: return "waiting for socks info";
350  case AP_CONN_STATE_NATD_WAIT: return "waiting for natd dest info";
351  case AP_CONN_STATE_RENDDESC_WAIT: return "waiting for rendezvous desc";
352  case AP_CONN_STATE_CONTROLLER_WAIT: return "waiting for controller";
353  case AP_CONN_STATE_CIRCUIT_WAIT: return "waiting for circuit";
354  case AP_CONN_STATE_CONNECT_WAIT: return "waiting for connect response";
355  case AP_CONN_STATE_RESOLVE_WAIT: return "waiting for resolve response";
356  case AP_CONN_STATE_OPEN: return "open";
357  }
358  break;
359  case CONN_TYPE_DIR:
360  switch (state) {
361  case DIR_CONN_STATE_CONNECTING: return "connecting";
362  case DIR_CONN_STATE_CLIENT_SENDING: return "client sending";
363  case DIR_CONN_STATE_CLIENT_READING: return "client reading";
364  case DIR_CONN_STATE_CLIENT_FINISHED: return "client finished";
365  case DIR_CONN_STATE_SERVER_COMMAND_WAIT: return "waiting for command";
366  case DIR_CONN_STATE_SERVER_WRITING: return "writing";
367  }
368  break;
369  case CONN_TYPE_CONTROL:
370  switch (state) {
371  case CONTROL_CONN_STATE_OPEN: return "open (protocol v1)";
373  return "waiting for authentication (protocol v1)";
374  }
375  break;
376  }
377 
378  if (state == 0) {
379  return "uninitialized";
380  }
381 
382  log_warn(LD_BUG, "unknown connection state %d (type %d)", state, type);
383  tor_snprintf(buf, sizeof(buf),
384  "unknown state [%d] on unknown [%s] connection",
385  state, conn_type_to_string(type));
386  tor_assert_nonfatal_unreached_once();
387  return buf;
388 }
389 
390 /**
391  * Helper: describe the peer or address of connection @a conn in a
392  * human-readable manner.
393  *
394  * Returns a pointer to a static buffer; future calls to
395  * connection_describe_peer_internal() will invalidate this buffer.
396  *
397  * If <b>include_preposition</b> is true, include a preposition before the
398  * peer address.
399  *
400  * Nobody should parse the output of this function; it can and will change in
401  * future versions of tor.
402  **/
403 static const char *
405  bool include_preposition)
406 {
407  IF_BUG_ONCE(!conn) {
408  return "null peer";
409  }
410 
411  static char peer_buf[256];
412  const tor_addr_t *addr = &conn->addr;
413  const char *address = NULL;
414  const char *prep;
415  bool scrub = false;
416  char extra_buf[128];
417  extra_buf[0] = 0;
418 
419  /* First, figure out the preposition to use */
420  switch (conn->type) {
421  CASE_ANY_LISTENER_TYPE:
422  prep = "on";
423  break;
424  case CONN_TYPE_EXIT:
425  prep = "to";
426  break;
427  case CONN_TYPE_CONTROL:
428  case CONN_TYPE_AP:
429  case CONN_TYPE_EXT_OR:
430  prep = "from";
431  break;
432  default:
433  prep = "with";
434  break;
435  }
436 
437  /* Now figure out the address. */
438  if (conn->socket_family == AF_UNIX) {
439  /* For unix sockets, we always use the `address` string. */
440  address = conn->address ? conn->address : "unix socket";
441  } else if (conn->type == CONN_TYPE_OR) {
442  /* For OR connections, we have a lot to do. */
443  const or_connection_t *or_conn = CONST_TO_OR_CONN(conn);
444  /* We report the IDs we're talking to... */
445  if (fast_digest_is_zero(or_conn->identity_digest)) {
446  // This could be a client, so scrub it. No identity to report.
447  scrub = true;
448  } else {
449  const ed25519_public_key_t *ed_id =
451  char ed_id_buf[ED25519_BASE64_LEN+1];
452  char rsa_id_buf[HEX_DIGEST_LEN+1];
453  if (ed_id) {
454  ed25519_public_to_base64(ed_id_buf, ed_id);
455  } else {
456  strlcpy(ed_id_buf, "<none>", sizeof(ed_id_buf));
457  }
458  base16_encode(rsa_id_buf, sizeof(rsa_id_buf),
459  or_conn->identity_digest, DIGEST_LEN);
460  tor_snprintf(extra_buf, sizeof(extra_buf),
461  " ID=%s RSA_ID=%s", ed_id_buf, rsa_id_buf);
462  }
463  if (! scrub && (! tor_addr_eq(addr, &or_conn->canonical_orport.addr) ||
464  conn->port != or_conn->canonical_orport.port)) {
465  /* We report canonical address, if it's different */
466  char canonical_addr_buf[TOR_ADDR_BUF_LEN];
467  if (tor_addr_to_str(canonical_addr_buf, &or_conn->canonical_orport.addr,
468  sizeof(canonical_addr_buf), 1)) {
469  tor_snprintf(extra_buf+strlen(extra_buf),
470  sizeof(extra_buf)-strlen(extra_buf),
471  " canonical_addr=%s:%"PRIu16,
472  canonical_addr_buf,
473  or_conn->canonical_orport.port);
474  }
475  }
476  } else if (conn->type == CONN_TYPE_EXIT) {
477  scrub = true; /* This is a client's request; scrub it with SafeLogging. */
478  if (tor_addr_is_null(addr)) {
479  address = conn->address;
480  strlcpy(extra_buf, " (DNS lookup pending)", sizeof(extra_buf));
481  }
482  }
483 
484  char addr_buf[TOR_ADDR_BUF_LEN];
485  if (address == NULL) {
486  if (tor_addr_family(addr) == 0) {
487  address = "<unset>";
488  } else {
489  address = tor_addr_to_str(addr_buf, addr, sizeof(addr_buf), 1);
490  if (!address) {
491  address = "<can't format!>";
492  tor_assert_nonfatal_unreached_once();
493  }
494  }
495  }
496 
497  char portbuf[7];
498  portbuf[0]=0;
499  if (scrub && get_options()->SafeLogging_ != SAFELOG_SCRUB_NONE) {
500  address = "[scrubbed]";
501  } else {
502  /* Only set the port if we're not scrubbing the address. */
503  if (conn->port != 0) {
504  tor_snprintf(portbuf, sizeof(portbuf), ":%d", conn->port);
505  }
506  }
507 
508  const char *sp = include_preposition ? " " : "";
509  if (! include_preposition)
510  prep = "";
511 
512  tor_snprintf(peer_buf, sizeof(peer_buf),
513  "%s%s%s%s%s", prep, sp, address, portbuf, extra_buf);
514  return peer_buf;
515 }
516 
517 /**
518  * Describe the peer or address of connection @a conn in a
519  * human-readable manner.
520  *
521  * Returns a pointer to a static buffer; future calls to
522  * connection_describe_peer() or connection_describe() will invalidate this
523  * buffer.
524  *
525  * Nobody should parse the output of this function; it can and will change in
526  * future versions of tor.
527  **/
528 const char *
530 {
531  return connection_describe_peer_internal(conn, false);
532 }
533 
534 /**
535  * Describe a connection for logging purposes.
536  *
537  * Returns a pointer to a static buffer; future calls to connection_describe()
538  * will invalidate this buffer.
539  *
540  * Nobody should parse the output of this function; it can and will change in
541  * future versions of tor.
542  **/
543 const char *
545 {
546  IF_BUG_ONCE(!conn) {
547  return "null connection";
548  }
549  static char desc_buf[256];
550  const char *peer = connection_describe_peer_internal(conn, true);
551  tor_snprintf(desc_buf, sizeof(desc_buf),
552  "%s connection (%s) %s",
553  conn_type_to_string(conn->type),
554  conn_state_to_string(conn->type, conn->state),
555  peer);
556  return desc_buf;
557 }
558 
559 /** Allocate and return a new dir_connection_t, initialized as by
560  * connection_init(). */
562 dir_connection_new(int socket_family)
563 {
564  dir_connection_t *dir_conn = tor_malloc_zero(sizeof(dir_connection_t));
565  connection_init(time(NULL), TO_CONN(dir_conn), CONN_TYPE_DIR, socket_family);
566  return dir_conn;
567 }
568 
569 /** Allocate and return a new or_connection_t, initialized as by
570  * connection_init().
571  *
572  * Initialize active_circuit_pqueue.
573  *
574  * Set active_circuit_pqueue_last_recalibrated to current cell_ewma tick.
575  */
577 or_connection_new(int type, int socket_family)
578 {
579  or_connection_t *or_conn = tor_malloc_zero(sizeof(or_connection_t));
580  time_t now = time(NULL);
581  tor_assert(type == CONN_TYPE_OR || type == CONN_TYPE_EXT_OR);
582  connection_init(now, TO_CONN(or_conn), type, socket_family);
583 
584  tor_addr_make_unspec(&or_conn->canonical_orport.addr);
585  connection_or_set_canonical(or_conn, 0);
586 
587  if (type == CONN_TYPE_EXT_OR) {
588  /* If we aren't told an address for this connection, we should
589  * presume it isn't local, and should be rate-limited. */
590  TO_CONN(or_conn)->always_rate_limit_as_remote = 1;
592  }
593 
594  return or_conn;
595 }
596 
597 /** Allocate and return a new entry_connection_t, initialized as by
598  * connection_init().
599  *
600  * Allocate space to store the socks_request.
601  */
603 entry_connection_new(int type, int socket_family)
604 {
605  entry_connection_t *entry_conn = tor_malloc_zero(sizeof(entry_connection_t));
606  tor_assert(type == CONN_TYPE_AP);
607  connection_init(time(NULL), ENTRY_TO_CONN(entry_conn), type, socket_family);
608  entry_conn->socks_request = socks_request_new();
609  /* If this is coming from a listener, we'll set it up based on the listener
610  * in a little while. Otherwise, we're doing this as a linked connection
611  * of some kind, and we should set it up here based on the socket family */
612  if (socket_family == AF_INET)
613  entry_conn->entry_cfg.ipv4_traffic = 1;
614  else if (socket_family == AF_INET6)
615  entry_conn->entry_cfg.ipv6_traffic = 1;
616  return entry_conn;
617 }
618 
619 /** Allocate and return a new edge_connection_t, initialized as by
620  * connection_init(). */
622 edge_connection_new(int type, int socket_family)
623 {
624  edge_connection_t *edge_conn = tor_malloc_zero(sizeof(edge_connection_t));
625  tor_assert(type == CONN_TYPE_EXIT);
626  connection_init(time(NULL), TO_CONN(edge_conn), type, socket_family);
627  return edge_conn;
628 }
629 
630 /** Allocate and return a new control_connection_t, initialized as by
631  * connection_init(). */
633 control_connection_new(int socket_family)
634 {
635  control_connection_t *control_conn =
636  tor_malloc_zero(sizeof(control_connection_t));
637  connection_init(time(NULL),
638  TO_CONN(control_conn), CONN_TYPE_CONTROL, socket_family);
639  return control_conn;
640 }
641 
642 /** Allocate and return a new listener_connection_t, initialized as by
643  * connection_init(). */
645 listener_connection_new(int type, int socket_family)
646 {
647  listener_connection_t *listener_conn =
648  tor_malloc_zero(sizeof(listener_connection_t));
649  connection_init(time(NULL), TO_CONN(listener_conn), type, socket_family);
650  return listener_conn;
651 }
652 
653 /** Allocate, initialize, and return a new connection_t subtype of <b>type</b>
654  * to make or receive connections of address family <b>socket_family</b>. The
655  * type should be one of the CONN_TYPE_* constants. */
656 connection_t *
657 connection_new(int type, int socket_family)
658 {
659  switch (type) {
660  case CONN_TYPE_OR:
661  case CONN_TYPE_EXT_OR:
662  return TO_CONN(or_connection_new(type, socket_family));
663 
664  case CONN_TYPE_EXIT:
665  return TO_CONN(edge_connection_new(type, socket_family));
666 
667  case CONN_TYPE_AP:
668  return ENTRY_TO_CONN(entry_connection_new(type, socket_family));
669 
670  case CONN_TYPE_DIR:
671  return TO_CONN(dir_connection_new(socket_family));
672 
673  case CONN_TYPE_CONTROL:
674  return TO_CONN(control_connection_new(socket_family));
675 
676  CASE_ANY_LISTENER_TYPE:
677  return TO_CONN(listener_connection_new(type, socket_family));
678 
679  default: {
680  connection_t *conn = tor_malloc_zero(sizeof(connection_t));
681  connection_init(time(NULL), conn, type, socket_family);
682  return conn;
683  }
684  }
685 }
686 
687 /** Initializes conn. (you must call connection_add() to link it into the main
688  * array).
689  *
690  * Set conn->magic to the correct value.
691  *
692  * Set conn->type to <b>type</b>. Set conn->s and conn->conn_array_index to
693  * -1 to signify they are not yet assigned.
694  *
695  * Initialize conn's timestamps to now.
696  */
697 static void
698 connection_init(time_t now, connection_t *conn, int type, int socket_family)
699 {
700  static uint64_t n_connections_allocated = 1;
701 
702  switch (type) {
703  case CONN_TYPE_OR:
704  case CONN_TYPE_EXT_OR:
705  conn->magic = OR_CONNECTION_MAGIC;
706  break;
707  case CONN_TYPE_EXIT:
708  conn->magic = EDGE_CONNECTION_MAGIC;
709  break;
710  case CONN_TYPE_AP:
711  conn->magic = ENTRY_CONNECTION_MAGIC;
712  break;
713  case CONN_TYPE_DIR:
714  conn->magic = DIR_CONNECTION_MAGIC;
715  break;
716  case CONN_TYPE_CONTROL:
717  conn->magic = CONTROL_CONNECTION_MAGIC;
718  break;
719  CASE_ANY_LISTENER_TYPE:
720  conn->magic = LISTENER_CONNECTION_MAGIC;
721  break;
722  default:
723  conn->magic = BASE_CONNECTION_MAGIC;
724  break;
725  }
726 
727  conn->s = TOR_INVALID_SOCKET; /* give it a default of 'not used' */
728  conn->conn_array_index = -1; /* also default to 'not used' */
729  conn->global_identifier = n_connections_allocated++;
730 
731  conn->type = type;
732  conn->socket_family = socket_family;
733  if (!connection_is_listener(conn)) {
734  /* listeners never use their buf */
735  conn->inbuf = buf_new();
736  conn->outbuf = buf_new();
737  }
738 
739  conn->timestamp_created = now;
740  conn->timestamp_last_read_allowed = now;
741  conn->timestamp_last_write_allowed = now;
742 }
743 
744 /** Create a link between <b>conn_a</b> and <b>conn_b</b>. */
745 void
747 {
748  tor_assert(! SOCKET_OK(conn_a->s));
749  tor_assert(! SOCKET_OK(conn_b->s));
750 
751  conn_a->linked = 1;
752  conn_b->linked = 1;
753  conn_a->linked_conn = conn_b;
754  conn_b->linked_conn = conn_a;
755 }
756 
757 /** Return true iff the provided connection listener type supports AF_UNIX
758  * sockets. */
759 int
761 {
762  /* For now only control ports or SOCKS ports can be Unix domain sockets
763  * and listeners at the same time */
764  switch (type) {
767  return 1;
768  default:
769  return 0;
770  }
771 }
772 
773 /** Deallocate memory used by <b>conn</b>. Deallocate its buffers if
774  * necessary, close its socket if necessary, and mark the directory as dirty
775  * if <b>conn</b> is an OR or OP connection.
776  */
777 STATIC void
779 {
780  void *mem;
781  size_t memlen;
782  if (!conn)
783  return;
784 
785  switch (conn->type) {
786  case CONN_TYPE_OR:
787  case CONN_TYPE_EXT_OR:
788  tor_assert(conn->magic == OR_CONNECTION_MAGIC);
789  mem = TO_OR_CONN(conn);
790  memlen = sizeof(or_connection_t);
791  break;
792  case CONN_TYPE_AP:
793  tor_assert(conn->magic == ENTRY_CONNECTION_MAGIC);
794  mem = TO_ENTRY_CONN(conn);
795  memlen = sizeof(entry_connection_t);
796  break;
797  case CONN_TYPE_EXIT:
798  tor_assert(conn->magic == EDGE_CONNECTION_MAGIC);
799  mem = TO_EDGE_CONN(conn);
800  memlen = sizeof(edge_connection_t);
801  break;
802  case CONN_TYPE_DIR:
803  tor_assert(conn->magic == DIR_CONNECTION_MAGIC);
804  mem = TO_DIR_CONN(conn);
805  memlen = sizeof(dir_connection_t);
806  break;
807  case CONN_TYPE_CONTROL:
808  tor_assert(conn->magic == CONTROL_CONNECTION_MAGIC);
809  mem = TO_CONTROL_CONN(conn);
810  memlen = sizeof(control_connection_t);
811  break;
812  CASE_ANY_LISTENER_TYPE:
813  tor_assert(conn->magic == LISTENER_CONNECTION_MAGIC);
814  mem = TO_LISTENER_CONN(conn);
815  memlen = sizeof(listener_connection_t);
816  break;
817  default:
818  tor_assert(conn->magic == BASE_CONNECTION_MAGIC);
819  mem = conn;
820  memlen = sizeof(connection_t);
821  break;
822  }
823 
824  if (conn->linked) {
825  log_info(LD_GENERAL, "Freeing linked %s connection [%s] with %d "
826  "bytes on inbuf, %d on outbuf.",
827  conn_type_to_string(conn->type),
828  conn_state_to_string(conn->type, conn->state),
829  (int)connection_get_inbuf_len(conn),
830  (int)connection_get_outbuf_len(conn));
831  }
832 
833  if (!connection_is_listener(conn)) {
834  buf_free(conn->inbuf);
835  buf_free(conn->outbuf);
836  } else {
837  if (conn->socket_family == AF_UNIX) {
838  /* For now only control and SOCKS ports can be Unix domain sockets
839  * and listeners at the same time */
841 
842  if (unlink(conn->address) < 0 && errno != ENOENT) {
843  log_warn(LD_NET, "Could not unlink %s: %s", conn->address,
844  strerror(errno));
845  }
846  }
847  }
848 
850 
851  if (connection_speaks_cells(conn)) {
852  or_connection_t *or_conn = TO_OR_CONN(conn);
853  if (or_conn->tls) {
854  if (! SOCKET_OK(conn->s)) {
855  /* The socket has been closed by somebody else; we must tell the
856  * TLS object not to close it. */
857  tor_tls_release_socket(or_conn->tls);
858  } else {
859  /* The tor_tls_free() call below will close the socket; we must tell
860  * the code below not to close it a second time. */
862  conn->s = TOR_INVALID_SOCKET;
863  }
864  tor_tls_free(or_conn->tls);
865  or_conn->tls = NULL;
866  }
867  or_handshake_state_free(or_conn->handshake_state);
868  or_conn->handshake_state = NULL;
870  if (or_conn->chan) {
871  /* Owww, this shouldn't happen, but... */
872  channel_t *base_chan = TLS_CHAN_TO_BASE(or_conn->chan);
873  tor_assert(base_chan);
874  log_info(LD_CHANNEL,
875  "Freeing orconn at %p, saw channel %p with ID "
876  "%"PRIu64 " left un-NULLed",
877  or_conn, base_chan,
878  base_chan->global_identifier);
879  if (!CHANNEL_FINISHED(base_chan)) {
880  channel_close_for_error(base_chan);
881  }
882 
883  or_conn->chan->conn = NULL;
884  or_conn->chan = NULL;
885  }
886  }
887  if (conn->type == CONN_TYPE_AP) {
888  entry_connection_t *entry_conn = TO_ENTRY_CONN(conn);
891  if (entry_conn->socks_request)
892  socks_request_free(entry_conn->socks_request);
893  if (entry_conn->pending_optimistic_data) {
894  buf_free(entry_conn->pending_optimistic_data);
895  }
896  if (entry_conn->sending_optimistic_data) {
897  buf_free(entry_conn->sending_optimistic_data);
898  }
899  }
900  if (CONN_IS_EDGE(conn)) {
901  rend_data_free(TO_EDGE_CONN(conn)->rend_data);
902  hs_ident_edge_conn_free(TO_EDGE_CONN(conn)->hs_ident);
903  }
904  if (conn->type == CONN_TYPE_CONTROL) {
905  control_connection_t *control_conn = TO_CONTROL_CONN(conn);
906  tor_free(control_conn->safecookie_client_hash);
907  tor_free(control_conn->incoming_cmd);
908  tor_free(control_conn->current_cmd);
909  if (control_conn->ephemeral_onion_services) {
910  SMARTLIST_FOREACH(control_conn->ephemeral_onion_services, char *, cp, {
911  memwipe(cp, 0, strlen(cp));
912  tor_free(cp);
913  });
914  smartlist_free(control_conn->ephemeral_onion_services);
915  }
916  }
917 
918  /* Probably already freed by connection_free. */
919  tor_event_free(conn->read_event);
920  tor_event_free(conn->write_event);
921  conn->read_event = conn->write_event = NULL;
922 
923  if (conn->type == CONN_TYPE_DIR) {
924  dir_connection_t *dir_conn = TO_DIR_CONN(conn);
925  tor_free(dir_conn->requested_resource);
926 
927  tor_compress_free(dir_conn->compress_state);
928  dir_conn_clear_spool(dir_conn);
929 
930  rend_data_free(dir_conn->rend_data);
931  hs_ident_dir_conn_free(dir_conn->hs_ident);
932  if (dir_conn->guard_state) {
933  /* Cancel before freeing, if it's still there. */
934  entry_guard_cancel(&dir_conn->guard_state);
935  }
936  circuit_guard_state_free(dir_conn->guard_state);
937  }
938 
939  if (SOCKET_OK(conn->s)) {
940  log_debug(LD_NET,"closing fd %d.",(int)conn->s);
941  tor_close_socket(conn->s);
942  conn->s = TOR_INVALID_SOCKET;
943  }
944 
945  if (conn->type == CONN_TYPE_OR &&
946  !tor_digest_is_zero(TO_OR_CONN(conn)->identity_digest)) {
947  log_warn(LD_BUG, "called on OR conn with non-zeroed identity_digest");
949  }
950  if (conn->type == CONN_TYPE_OR || conn->type == CONN_TYPE_EXT_OR) {
951  tor_free(TO_OR_CONN(conn)->ext_or_conn_id);
952  tor_free(TO_OR_CONN(conn)->ext_or_auth_correct_client_hash);
953  tor_free(TO_OR_CONN(conn)->ext_or_transport);
954  }
955 
956  memwipe(mem, 0xCC, memlen); /* poison memory */
957  tor_free(mem);
958 }
959 
960 /** Make sure <b>conn</b> isn't in any of the global conn lists; then free it.
961  */
962 MOCK_IMPL(void,
964 {
965  if (!conn)
966  return;
969  if (BUG(conn->linked_conn)) {
970  conn->linked_conn->linked_conn = NULL;
971  if (! conn->linked_conn->marked_for_close &&
974  conn->linked_conn = NULL;
975  }
976  if (connection_speaks_cells(conn)) {
977  if (!tor_digest_is_zero(TO_OR_CONN(conn)->identity_digest)) {
979  }
980  }
981  if (conn->type == CONN_TYPE_CONTROL) {
983  }
984 #if 1
985  /* DEBUGGING */
986  if (conn->type == CONN_TYPE_AP) {
987  connection_ap_warn_and_unmark_if_pending_circ(TO_ENTRY_CONN(conn),
988  "connection_free");
989  }
990 #endif /* 1 */
991 
992  /* Notify the circuit creation DoS mitigation subsystem that an OR client
993  * connection has been closed. And only do that if we track it. */
994  if (conn->type == CONN_TYPE_OR) {
995  dos_close_client_conn(TO_OR_CONN(conn));
996  }
997 
1000 }
1001 
1002 /**
1003  * Called when we're about to finally unlink and free a connection:
1004  * perform necessary accounting and cleanup
1005  * - Directory conns that failed to fetch a rendezvous descriptor
1006  * need to inform pending rendezvous streams.
1007  * - OR conns need to call rep_hist_note_*() to record status.
1008  * - AP conns need to send a socks reject if necessary.
1009  * - Exit conns need to call connection_dns_remove() if necessary.
1010  * - AP and Exit conns need to send an end cell if they can.
1011  * - DNS conns need to fail any resolves that are pending on them.
1012  * - OR and edge connections need to be unlinked from circuits.
1013  */
1014 void
1016 {
1018 
1019  switch (conn->type) {
1020  case CONN_TYPE_DIR:
1022  break;
1023  case CONN_TYPE_OR:
1024  case CONN_TYPE_EXT_OR:
1026  break;
1027  case CONN_TYPE_AP:
1029  break;
1030  case CONN_TYPE_EXIT:
1032  break;
1033  }
1034 }
1035 
1036 /** Return true iff connection_close_immediate() has been called on this
1037  * connection. */
1038 #define CONN_IS_CLOSED(c) \
1039  ((c)->linked ? ((c)->linked_conn_is_closed) : (! SOCKET_OK(c->s)))
1040 
1041 /** Close the underlying socket for <b>conn</b>, so we don't try to
1042  * flush it. Must be used in conjunction with (right before)
1043  * connection_mark_for_close().
1044  */
1045 void
1047 {
1048  assert_connection_ok(conn,0);
1049  if (CONN_IS_CLOSED(conn)) {
1050  log_err(LD_BUG,"Attempt to close already-closed connection.");
1052  return;
1053  }
1054  if (connection_get_outbuf_len(conn)) {
1055  log_info(LD_NET,"fd %d, type %s, state %s, %"TOR_PRIuSZ" bytes on outbuf.",
1056  (int)conn->s, conn_type_to_string(conn->type),
1057  conn_state_to_string(conn->type, conn->state),
1058  buf_datalen(conn->outbuf));
1059  }
1060 
1062 
1063  /* Prevent the event from getting unblocked. */
1064  conn->read_blocked_on_bw = 0;
1065  conn->write_blocked_on_bw = 0;
1066 
1067  if (SOCKET_OK(conn->s))
1068  tor_close_socket(conn->s);
1069  conn->s = TOR_INVALID_SOCKET;
1070  if (conn->linked)
1071  conn->linked_conn_is_closed = 1;
1072  if (conn->outbuf)
1073  buf_clear(conn->outbuf);
1074 }
1075 
1076 /** Mark <b>conn</b> to be closed next time we loop through
1077  * conn_close_if_marked() in main.c. */
1078 void
1079 connection_mark_for_close_(connection_t *conn, int line, const char *file)
1080 {
1081  assert_connection_ok(conn,0);
1082  tor_assert(line);
1083  tor_assert(line < 1<<16); /* marked_for_close can only fit a uint16_t. */
1084  tor_assert(file);
1085 
1086  if (conn->type == CONN_TYPE_OR) {
1087  /*
1088  * An or_connection should have been closed through one of the channel-
1089  * aware functions in connection_or.c. We'll assume this is an error
1090  * close and do that, and log a bug warning.
1091  */
1092  log_warn(LD_CHANNEL | LD_BUG,
1093  "Something tried to close an or_connection_t without going "
1094  "through channels at %s:%d",
1095  file, line);
1097  } else {
1098  /* Pass it down to the real function */
1099  connection_mark_for_close_internal_(conn, line, file);
1100  }
1101 }
1102 
1103 /** Mark <b>conn</b> to be closed next time we loop through
1104  * conn_close_if_marked() in main.c.
1105  *
1106  * This _internal version bypasses the CONN_TYPE_OR checks; this should be
1107  * called when you either are sure that if this is an or_connection_t the
1108  * controlling channel has been notified (e.g. with
1109  * connection_or_notify_error()), or you actually are the
1110  * connection_or_close_for_error() or connection_or_close_normally() function.
1111  * For all other cases, use connection_mark_and_flush() which checks for
1112  * or_connection_t properly, instead. See below.
1113  *
1114  * We want to keep this function simple and quick, since it can be called from
1115  * quite deep in the call chain, and hence it should avoid having side-effects
1116  * that interfere with its callers view of the connection.
1117  */
1118 MOCK_IMPL(void,
1120  int line, const char *file))
1121 {
1122  assert_connection_ok(conn,0);
1123  tor_assert(line);
1124  tor_assert(line < 1<<16); /* marked_for_close can only fit a uint16_t. */
1125  tor_assert(file);
1126 
1127  if (conn->marked_for_close) {
1128  log_warn(LD_BUG,"Duplicate call to connection_mark_for_close at %s:%d"
1129  " (first at %s:%d)", file, line, conn->marked_for_close_file,
1130  conn->marked_for_close);
1132  return;
1133  }
1134 
1135  if (conn->type == CONN_TYPE_OR) {
1136  /*
1137  * Bad news if this happens without telling the controlling channel; do
1138  * this so we can find things that call this wrongly when the asserts hit.
1139  */
1140  log_debug(LD_CHANNEL,
1141  "Calling connection_mark_for_close_internal_() on an OR conn "
1142  "at %s:%d",
1143  file, line);
1144  }
1145 
1146  conn->marked_for_close = line;
1147  conn->marked_for_close_file = file;
1149 
1150  /* in case we're going to be held-open-til-flushed, reset
1151  * the number of seconds since last successful write, so
1152  * we get our whole 15 seconds */
1153  conn->timestamp_last_write_allowed = time(NULL);
1154 }
1155 
1156 /** Find each connection that has hold_open_until_flushed set to
1157  * 1 but hasn't written in the past 15 seconds, and set
1158  * hold_open_until_flushed to 0. This means it will get cleaned
1159  * up in the next loop through close_if_marked() in main.c.
1160  */
1161 void
1163 {
1164  time_t now;
1165  smartlist_t *conns = get_connection_array();
1166 
1167  now = time(NULL);
1168 
1169  SMARTLIST_FOREACH_BEGIN(conns, connection_t *, conn) {
1170  /* If we've been holding the connection open, but we haven't written
1171  * for 15 seconds...
1172  */
1173  if (conn->hold_open_until_flushed) {
1175  if (now - conn->timestamp_last_write_allowed >= 15) {
1176  int severity;
1177  if (conn->type == CONN_TYPE_EXIT ||
1178  (conn->type == CONN_TYPE_DIR &&
1179  conn->purpose == DIR_PURPOSE_SERVER))
1180  severity = LOG_INFO;
1181  else
1182  severity = LOG_NOTICE;
1183  log_fn(severity, LD_NET,
1184  "Giving up on marked_for_close conn that's been flushing "
1185  "for 15s (fd %d, type %s, state %s).",
1186  (int)conn->s, conn_type_to_string(conn->type),
1187  conn_state_to_string(conn->type, conn->state));
1188  conn->hold_open_until_flushed = 0;
1189  }
1190  }
1191  } SMARTLIST_FOREACH_END(conn);
1192 }
1193 
1194 #if defined(HAVE_SYS_UN_H) || defined(RUNNING_DOXYGEN)
1195 /** Create an AF_UNIX listenaddr struct.
1196  * <b>listenaddress</b> provides the path to the Unix socket.
1197  *
1198  * Eventually <b>listenaddress</b> will also optionally contain user, group,
1199  * and file permissions for the new socket. But not yet. XXX
1200  * Also, since we do not create the socket here the information doesn't help
1201  * here.
1202  *
1203  * If not NULL <b>readable_address</b> will contain a copy of the path part of
1204  * <b>listenaddress</b>.
1205  *
1206  * The listenaddr struct has to be freed by the caller.
1207  */
1208 static struct sockaddr_un *
1209 create_unix_sockaddr(const char *listenaddress, char **readable_address,
1210  socklen_t *len_out)
1211 {
1212  struct sockaddr_un *sockaddr = NULL;
1213 
1214  sockaddr = tor_malloc_zero(sizeof(struct sockaddr_un));
1215  sockaddr->sun_family = AF_UNIX;
1216  if (strlcpy(sockaddr->sun_path, listenaddress, sizeof(sockaddr->sun_path))
1217  >= sizeof(sockaddr->sun_path)) {
1218  log_warn(LD_CONFIG, "Unix socket path '%s' is too long to fit.",
1219  escaped(listenaddress));
1220  tor_free(sockaddr);
1221  return NULL;
1222  }
1223 
1224  if (readable_address)
1225  *readable_address = tor_strdup(listenaddress);
1226 
1227  *len_out = sizeof(struct sockaddr_un);
1228  return sockaddr;
1229 }
1230 #else /* !(defined(HAVE_SYS_UN_H) || defined(RUNNING_DOXYGEN)) */
1231 static struct sockaddr *
1232 create_unix_sockaddr(const char *listenaddress, char **readable_address,
1233  socklen_t *len_out)
1234 {
1235  (void)listenaddress;
1236  (void)readable_address;
1238  "Unix domain sockets not supported, yet we tried to create one.");
1239  *len_out = 0;
1241  return NULL;
1242 }
1243 #endif /* defined(HAVE_SYS_UN_H) || defined(RUNNING_DOXYGEN) */
1244 
1245 /** Warn that an accept or a connect has failed because we're running out of
1246  * TCP sockets we can use on current system. Rate-limit these warnings so
1247  * that we don't spam the log. */
1248 static void
1250 {
1251 #define WARN_TOO_MANY_CONNS_INTERVAL (6*60*60)
1252  static ratelim_t last_warned = RATELIM_INIT(WARN_TOO_MANY_CONNS_INTERVAL);
1253  char *m;
1254  if ((m = rate_limit_log(&last_warned, approx_time()))) {
1255  int n_conns = get_n_open_sockets();
1256  log_warn(LD_NET,"Failing because we have %d connections already. Please "
1257  "read doc/TUNING for guidance.%s", n_conns, m);
1258  tor_free(m);
1259  control_event_general_status(LOG_WARN, "TOO_MANY_CONNECTIONS CURRENT=%d",
1260  n_conns);
1261  }
1262 }
1263 
1264 #ifdef HAVE_SYS_UN_H
1265 
1266 #define UNIX_SOCKET_PURPOSE_CONTROL_SOCKET 0
1267 #define UNIX_SOCKET_PURPOSE_SOCKS_SOCKET 1
1268 
1269 /** Check if the purpose isn't one of the ones we know what to do with */
1270 
1271 static int
1272 is_valid_unix_socket_purpose(int purpose)
1273 {
1274  int valid = 0;
1275 
1276  switch (purpose) {
1277  case UNIX_SOCKET_PURPOSE_CONTROL_SOCKET:
1278  case UNIX_SOCKET_PURPOSE_SOCKS_SOCKET:
1279  valid = 1;
1280  break;
1281  }
1282 
1283  return valid;
1284 }
1285 
1286 /** Return a string description of a unix socket purpose */
1287 static const char *
1288 unix_socket_purpose_to_string(int purpose)
1289 {
1290  const char *s = "unknown-purpose socket";
1291 
1292  switch (purpose) {
1293  case UNIX_SOCKET_PURPOSE_CONTROL_SOCKET:
1294  s = "control socket";
1295  break;
1296  case UNIX_SOCKET_PURPOSE_SOCKS_SOCKET:
1297  s = "SOCKS socket";
1298  break;
1299  }
1300 
1301  return s;
1302 }
1303 
1304 /** Check whether we should be willing to open an AF_UNIX socket in
1305  * <b>path</b>. Return 0 if we should go ahead and -1 if we shouldn't. */
1306 static int
1307 check_location_for_unix_socket(const or_options_t *options, const char *path,
1308  int purpose, const port_cfg_t *port)
1309 {
1310  int r = -1;
1311  char *p = NULL;
1312 
1313  tor_assert(is_valid_unix_socket_purpose(purpose));
1314 
1315  p = tor_strdup(path);
1316  cpd_check_t flags = CPD_CHECK_MODE_ONLY;
1317  if (get_parent_directory(p)<0 || p[0] != '/') {
1318  log_warn(LD_GENERAL, "Bad unix socket address '%s'. Tor does not support "
1319  "relative paths for unix sockets.", path);
1320  goto done;
1321  }
1322 
1323  if (port->is_world_writable) {
1324  /* World-writable sockets can go anywhere. */
1325  r = 0;
1326  goto done;
1327  }
1328 
1329  if (port->is_group_writable) {
1330  flags |= CPD_GROUP_OK;
1331  }
1332 
1333  if (port->relax_dirmode_check) {
1334  flags |= CPD_RELAX_DIRMODE_CHECK;
1335  }
1336 
1337  if (check_private_dir(p, flags, options->User) < 0) {
1338  char *escpath, *escdir;
1339  escpath = esc_for_log(path);
1340  escdir = esc_for_log(p);
1341  log_warn(LD_GENERAL, "Before Tor can create a %s in %s, the directory "
1342  "%s needs to exist, and to be accessible only by the user%s "
1343  "account that is running Tor. (On some Unix systems, anybody "
1344  "who can list a socket can connect to it, so Tor is being "
1345  "careful.)",
1346  unix_socket_purpose_to_string(purpose), escpath, escdir,
1347  port->is_group_writable ? " and group" : "");
1348  tor_free(escpath);
1349  tor_free(escdir);
1350  goto done;
1351  }
1352 
1353  r = 0;
1354  done:
1355  tor_free(p);
1356  return r;
1357 }
1358 #endif /* defined(HAVE_SYS_UN_H) */
1359 
1360 /** Tell the TCP stack that it shouldn't wait for a long time after
1361  * <b>sock</b> has closed before reusing its port. Return 0 on success,
1362  * -1 on failure. */
1363 static int
1365 {
1366 #ifdef _WIN32
1367  (void) sock;
1368  return 0;
1369 #else
1370  int one=1;
1371 
1372  /* REUSEADDR on normal places means you can rebind to the port
1373  * right after somebody else has let it go. But REUSEADDR on win32
1374  * means you can bind to the port _even when somebody else
1375  * already has it bound_. So, don't do that on Win32. */
1376  if (setsockopt(sock, SOL_SOCKET, SO_REUSEADDR, (void*) &one,
1377  (socklen_t)sizeof(one)) == -1) {
1378  return -1;
1379  }
1380  return 0;
1381 #endif /* defined(_WIN32) */
1382 }
1383 
1384 #ifdef _WIN32
1385 /** Tell the Windows TCP stack to prevent other applications from receiving
1386  * traffic from tor's open ports. Return 0 on success, -1 on failure. */
1387 static int
1388 make_win32_socket_exclusive(tor_socket_t sock)
1389 {
1390 #ifdef SO_EXCLUSIVEADDRUSE
1391  int one=1;
1392 
1393  /* Any socket that sets REUSEADDR on win32 can bind to a port _even when
1394  * somebody else already has it bound_, and _even if the original socket
1395  * didn't set REUSEADDR_. Use EXCLUSIVEADDRUSE to prevent this port-stealing
1396  * on win32. */
1397  if (setsockopt(sock, SOL_SOCKET, SO_EXCLUSIVEADDRUSE, (void*) &one,
1398  (socklen_t)sizeof(one))) {
1399  return -1;
1400  }
1401  return 0;
1402 #else /* !defined(SO_EXCLUSIVEADDRUSE) */
1403  (void) sock;
1404  return 0;
1405 #endif /* defined(SO_EXCLUSIVEADDRUSE) */
1406 }
1407 #endif /* defined(_WIN32) */
1408 
1409 /** Max backlog to pass to listen. We start at */
1410 static int listen_limit = INT_MAX;
1411 
1412 /* Listen on <b>fd</b> with appropriate backlog. Return as for listen. */
1413 static int
1414 tor_listen(tor_socket_t fd)
1415 {
1416  int r;
1417 
1418  if ((r = listen(fd, listen_limit)) < 0) {
1419  if (listen_limit == SOMAXCONN)
1420  return r;
1421  if ((r = listen(fd, SOMAXCONN)) == 0) {
1422  listen_limit = SOMAXCONN;
1423  log_warn(LD_NET, "Setting listen backlog to INT_MAX connections "
1424  "didn't work, but SOMAXCONN did. Lowering backlog limit.");
1425  }
1426  }
1427  return r;
1428 }
1429 
1430 /** Bind a new non-blocking socket listening to the socket described
1431  * by <b>listensockaddr</b>.
1432  *
1433  * <b>address</b> is only used for logging purposes and to add the information
1434  * to the conn.
1435  *
1436  * Set <b>addr_in_use</b> to true in case socket binding fails with
1437  * EADDRINUSE.
1438  */
1439 static connection_t *
1440 connection_listener_new(const struct sockaddr *listensockaddr,
1441  socklen_t socklen,
1442  int type, const char *address,
1443  const port_cfg_t *port_cfg,
1444  int *addr_in_use)
1445 {
1446  listener_connection_t *lis_conn;
1447  connection_t *conn = NULL;
1448  tor_socket_t s = TOR_INVALID_SOCKET; /* the socket we're going to make */
1449  or_options_t const *options = get_options();
1450  (void) options; /* Windows doesn't use this. */
1451 #if defined(HAVE_PWD_H) && defined(HAVE_SYS_UN_H)
1452  const struct passwd *pw = NULL;
1453 #endif
1454  uint16_t usePort = 0, gotPort = 0;
1455  int start_reading = 0;
1456  static int global_next_session_group = SESSION_GROUP_FIRST_AUTO;
1457  tor_addr_t addr;
1458  int exhaustion = 0;
1459 
1460  if (addr_in_use)
1461  *addr_in_use = 0;
1462 
1463  if (listensockaddr->sa_family == AF_INET ||
1464  listensockaddr->sa_family == AF_INET6) {
1465  int is_stream = (type != CONN_TYPE_AP_DNS_LISTENER);
1466  if (is_stream)
1467  start_reading = 1;
1468 
1469  tor_addr_from_sockaddr(&addr, listensockaddr, &usePort);
1470  log_notice(LD_NET, "Opening %s on %s",
1471  conn_type_to_string(type), fmt_addrport(&addr, usePort));
1472 
1474  is_stream ? SOCK_STREAM : SOCK_DGRAM,
1475  is_stream ? IPPROTO_TCP: IPPROTO_UDP);
1476  if (!SOCKET_OK(s)) {
1477  int e = tor_socket_errno(s);
1478  if (ERRNO_IS_RESOURCE_LIMIT(e)) {
1480  /*
1481  * We'll call the OOS handler at the error exit, so set the
1482  * exhaustion flag for it.
1483  */
1484  exhaustion = 1;
1485  } else {
1486  log_warn(LD_NET, "Socket creation failed: %s",
1487  tor_socket_strerror(e));
1488  }
1489  goto err;
1490  }
1491 
1492  if (make_socket_reuseable(s) < 0) {
1493  log_warn(LD_NET, "Error setting SO_REUSEADDR flag on %s: %s",
1494  conn_type_to_string(type),
1495  tor_socket_strerror(errno));
1496  }
1497 
1498 #ifdef _WIN32
1499  if (make_win32_socket_exclusive(s) < 0) {
1500  log_warn(LD_NET, "Error setting SO_EXCLUSIVEADDRUSE flag on %s: %s",
1501  conn_type_to_string(type),
1502  tor_socket_strerror(errno));
1503  }
1504 #endif /* defined(_WIN32) */
1505 
1506 #if defined(USE_TRANSPARENT) && defined(IP_TRANSPARENT)
1507  if (options->TransProxyType_parsed == TPT_TPROXY &&
1508  type == CONN_TYPE_AP_TRANS_LISTENER) {
1509  int one = 1;
1510  if (setsockopt(s, SOL_IP, IP_TRANSPARENT, (void*)&one,
1511  (socklen_t)sizeof(one)) < 0) {
1512  const char *extra = "";
1513  int e = tor_socket_errno(s);
1514  if (e == EPERM)
1515  extra = "TransTPROXY requires root privileges or similar"
1516  " capabilities.";
1517  log_warn(LD_NET, "Error setting IP_TRANSPARENT flag: %s.%s",
1518  tor_socket_strerror(e), extra);
1519  }
1520  }
1521 #endif /* defined(USE_TRANSPARENT) && defined(IP_TRANSPARENT) */
1522 
1523 #ifdef IPV6_V6ONLY
1524  if (listensockaddr->sa_family == AF_INET6) {
1525  int one = 1;
1526  /* We need to set IPV6_V6ONLY so that this socket can't get used for
1527  * IPv4 connections. */
1528  if (setsockopt(s,IPPROTO_IPV6, IPV6_V6ONLY,
1529  (void*)&one, (socklen_t)sizeof(one)) < 0) {
1530  int e = tor_socket_errno(s);
1531  log_warn(LD_NET, "Error setting IPV6_V6ONLY flag: %s",
1532  tor_socket_strerror(e));
1533  /* Keep going; probably not harmful. */
1534  }
1535  }
1536 #endif /* defined(IPV6_V6ONLY) */
1537 
1538  if (bind(s,listensockaddr,socklen) < 0) {
1539  const char *helpfulhint = "";
1540  int e = tor_socket_errno(s);
1541  if (ERRNO_IS_EADDRINUSE(e)) {
1542  helpfulhint = ". Is Tor already running?";
1543  if (addr_in_use)
1544  *addr_in_use = 1;
1545  }
1546  log_warn(LD_NET, "Could not bind to %s:%u: %s%s", address, usePort,
1547  tor_socket_strerror(e), helpfulhint);
1548  goto err;
1549  }
1550 
1551  if (is_stream) {
1552  if (tor_listen(s) < 0) {
1553  log_warn(LD_NET, "Could not listen on %s:%u: %s", address, usePort,
1554  tor_socket_strerror(tor_socket_errno(s)));
1555  goto err;
1556  }
1557  }
1558 
1559  if (usePort != 0) {
1560  gotPort = usePort;
1561  } else {
1562  tor_addr_t addr2;
1563  struct sockaddr_storage ss;
1564  socklen_t ss_len=sizeof(ss);
1565  if (getsockname(s, (struct sockaddr*)&ss, &ss_len)<0) {
1566  log_warn(LD_NET, "getsockname() couldn't learn address for %s: %s",
1567  conn_type_to_string(type),
1568  tor_socket_strerror(tor_socket_errno(s)));
1569  gotPort = 0;
1570  }
1571  tor_addr_from_sockaddr(&addr2, (struct sockaddr*)&ss, &gotPort);
1572  }
1573 #ifdef HAVE_SYS_UN_H
1574  /*
1575  * AF_UNIX generic setup stuff
1576  */
1577  } else if (listensockaddr->sa_family == AF_UNIX) {
1578  /* We want to start reading for both AF_UNIX cases */
1579  start_reading = 1;
1580 
1582 
1583  if (check_location_for_unix_socket(options, address,
1584  (type == CONN_TYPE_CONTROL_LISTENER) ?
1585  UNIX_SOCKET_PURPOSE_CONTROL_SOCKET :
1586  UNIX_SOCKET_PURPOSE_SOCKS_SOCKET, port_cfg) < 0) {
1587  goto err;
1588  }
1589 
1590  log_notice(LD_NET, "Opening %s on %s",
1591  conn_type_to_string(type), address);
1592 
1593  tor_addr_make_unspec(&addr);
1594 
1595  if (unlink(address) < 0 && errno != ENOENT) {
1596  log_warn(LD_NET, "Could not unlink %s: %s", address,
1597  strerror(errno));
1598  goto err;
1599  }
1600 
1601  s = tor_open_socket_nonblocking(AF_UNIX, SOCK_STREAM, 0);
1602  if (! SOCKET_OK(s)) {
1603  int e = tor_socket_errno(s);
1604  if (ERRNO_IS_RESOURCE_LIMIT(e)) {
1606  /*
1607  * We'll call the OOS handler at the error exit, so set the
1608  * exhaustion flag for it.
1609  */
1610  exhaustion = 1;
1611  } else {
1612  log_warn(LD_NET,"Socket creation failed: %s.", strerror(e));
1613  }
1614  goto err;
1615  }
1616 
1617  if (bind(s, listensockaddr,
1618  (socklen_t)sizeof(struct sockaddr_un)) == -1) {
1619  log_warn(LD_NET,"Bind to %s failed: %s.", address,
1620  tor_socket_strerror(tor_socket_errno(s)));
1621  goto err;
1622  }
1623 
1624 #ifdef HAVE_PWD_H
1625  if (options->User) {
1626  pw = tor_getpwnam(options->User);
1627  struct stat st;
1628  if (pw == NULL) {
1629  log_warn(LD_NET,"Unable to chown() %s socket: user %s not found.",
1630  address, options->User);
1631  goto err;
1632  } else if (fstat(s, &st) == 0 &&
1633  st.st_uid == pw->pw_uid && st.st_gid == pw->pw_gid) {
1634  /* No change needed */
1635  } else if (chown(sandbox_intern_string(address),
1636  pw->pw_uid, pw->pw_gid) < 0) {
1637  log_warn(LD_NET,"Unable to chown() %s socket: %s.",
1638  address, strerror(errno));
1639  goto err;
1640  }
1641  }
1642 #endif /* defined(HAVE_PWD_H) */
1643 
1644  {
1645  unsigned mode;
1646  const char *status;
1647  struct stat st;
1648  if (port_cfg->is_world_writable) {
1649  mode = 0666;
1650  status = "world-writable";
1651  } else if (port_cfg->is_group_writable) {
1652  mode = 0660;
1653  status = "group-writable";
1654  } else {
1655  mode = 0600;
1656  status = "private";
1657  }
1658  /* We need to use chmod; fchmod doesn't work on sockets on all
1659  * platforms. */
1660  if (fstat(s, &st) == 0 && (st.st_mode & 0777) == mode) {
1661  /* no change needed */
1662  } else if (chmod(sandbox_intern_string(address), mode) < 0) {
1663  log_warn(LD_FS,"Unable to make %s %s.", address, status);
1664  goto err;
1665  }
1666  }
1667 
1668  if (listen(s, SOMAXCONN) < 0) {
1669  log_warn(LD_NET, "Could not listen on %s: %s", address,
1670  tor_socket_strerror(tor_socket_errno(s)));
1671  goto err;
1672  }
1673 
1674 #ifndef __APPLE__
1675  /* This code was introduced to help debug #28229. */
1676  int value;
1677  socklen_t len = sizeof(value);
1678 
1679  if (!getsockopt(s, SOL_SOCKET, SO_ACCEPTCONN, &value, &len)) {
1680  if (value == 0) {
1681  log_err(LD_NET, "Could not listen on %s - "
1682  "getsockopt(.,SO_ACCEPTCONN,.) yields 0.", address);
1683  goto err;
1684  }
1685  }
1686 #endif /* !defined(__APPLE__) */
1687 #endif /* defined(HAVE_SYS_UN_H) */
1688  } else {
1689  log_err(LD_BUG, "Got unexpected address family %d.",
1690  listensockaddr->sa_family);
1691  tor_assert(0);
1692  }
1693 
1694  lis_conn = listener_connection_new(type, listensockaddr->sa_family);
1695  conn = TO_CONN(lis_conn);
1696  conn->socket_family = listensockaddr->sa_family;
1697  conn->s = s;
1698  s = TOR_INVALID_SOCKET; /* Prevent double-close */
1699  conn->address = tor_strdup(address);
1700  conn->port = gotPort;
1701  tor_addr_copy(&conn->addr, &addr);
1702 
1703  memcpy(&lis_conn->entry_cfg, &port_cfg->entry_cfg, sizeof(entry_port_cfg_t));
1704 
1705  if (port_cfg->entry_cfg.isolation_flags) {
1706  lis_conn->entry_cfg.isolation_flags = port_cfg->entry_cfg.isolation_flags;
1707  if (port_cfg->entry_cfg.session_group >= 0) {
1708  lis_conn->entry_cfg.session_group = port_cfg->entry_cfg.session_group;
1709  } else {
1710  /* This can wrap after around INT_MAX listeners are opened. But I don't
1711  * believe that matters, since you would need to open a ridiculous
1712  * number of listeners while keeping the early ones open before you ever
1713  * hit this. An OR with a dozen ports open, for example, would have to
1714  * close and re-open its listeners every second for 4 years nonstop.
1715  */
1716  lis_conn->entry_cfg.session_group = global_next_session_group--;
1717  }
1718  }
1719 
1720  if (connection_add(conn) < 0) { /* no space, forget it */
1721  log_warn(LD_NET,"connection_add for listener failed. Giving up.");
1722  goto err;
1723  }
1724 
1725  log_fn(usePort==gotPort ? LOG_DEBUG : LOG_NOTICE, LD_NET,
1726  "%s listening on port %u.",
1727  conn_type_to_string(type), gotPort);
1728 
1729  conn->state = LISTENER_STATE_READY;
1730  if (start_reading) {
1732  } else {
1735  }
1736 
1737  /*
1738  * Normal exit; call the OOS handler since connection count just changed;
1739  * the exhaustion flag will always be zero here though.
1740  */
1742 
1743  log_notice(LD_NET, "Opened %s", connection_describe(conn));
1744 
1745  return conn;
1746 
1747  err:
1748  if (SOCKET_OK(s))
1749  tor_close_socket(s);
1750  if (conn)
1751  connection_free(conn);
1752 
1753  /* Call the OOS handler, indicate if we saw an exhaustion-related error */
1755 
1756  return NULL;
1757 }
1758 
1759 /**
1760  * Create a new listener connection for a given <b>port</b>. In case we
1761  * for a reason that is not an error condition, set <b>defer</b>
1762  * to true. If we cannot bind listening socket because address is already
1763  * in use, set <b>addr_in_use</b> to true.
1764  */
1765 static connection_t *
1767  int *defer, int *addr_in_use)
1768 {
1769  connection_t *conn;
1770  struct sockaddr *listensockaddr;
1771  socklen_t listensocklen = 0;
1772  char *address=NULL;
1773  int real_port = port->port == CFG_AUTO_PORT ? 0 : port->port;
1774  tor_assert(real_port <= UINT16_MAX);
1775 
1776  if (defer)
1777  *defer = 0;
1778 
1779  if (port->server_cfg.no_listen) {
1780  if (defer)
1781  *defer = 1;
1782  return NULL;
1783  }
1784 
1785 #ifndef _WIN32
1786  /* We don't need to be root to create a UNIX socket, so defer until after
1787  * setuid. */
1788  const or_options_t *options = get_options();
1789  if (port->is_unix_addr && !geteuid() && (options->User) &&
1790  strcmp(options->User, "root")) {
1791  if (defer)
1792  *defer = 1;
1793  return NULL;
1794  }
1795 #endif /* !defined(_WIN32) */
1796 
1797  if (port->is_unix_addr) {
1798  listensockaddr = (struct sockaddr *)
1799  create_unix_sockaddr(port->unix_addr,
1800  &address, &listensocklen);
1801  } else {
1802  listensockaddr = tor_malloc(sizeof(struct sockaddr_storage));
1803  listensocklen = tor_addr_to_sockaddr(&port->addr,
1804  real_port,
1805  listensockaddr,
1806  sizeof(struct sockaddr_storage));
1807  address = tor_addr_to_str_dup(&port->addr);
1808  }
1809 
1810  if (listensockaddr) {
1811  conn = connection_listener_new(listensockaddr, listensocklen,
1812  port->type, address, port,
1813  addr_in_use);
1814  tor_free(listensockaddr);
1815  tor_free(address);
1816  } else {
1817  conn = NULL;
1818  }
1819 
1820  return conn;
1821 }
1822 
1823 /** Do basic sanity checking on a newly received socket. Return 0
1824  * if it looks ok, else return -1.
1825  *
1826  * Notably, some TCP stacks can erroneously have accept() return successfully
1827  * with socklen 0, when the client sends an RST before the accept call (as
1828  * nmap does). We want to detect that, and not go on with the connection.
1829  */
1830 static int
1831 check_sockaddr(const struct sockaddr *sa, int len, int level)
1832 {
1833  int ok = 1;
1834 
1835  if (sa->sa_family == AF_INET) {
1836  struct sockaddr_in *sin=(struct sockaddr_in*)sa;
1837  if (len != sizeof(struct sockaddr_in)) {
1838  log_fn(level, LD_NET, "Length of address not as expected: %d vs %d",
1839  len,(int)sizeof(struct sockaddr_in));
1840  ok = 0;
1841  }
1842  if (sin->sin_addr.s_addr == 0 || sin->sin_port == 0) {
1843  log_fn(level, LD_NET,
1844  "Address for new connection has address/port equal to zero.");
1845  ok = 0;
1846  }
1847  } else if (sa->sa_family == AF_INET6) {
1848  struct sockaddr_in6 *sin6=(struct sockaddr_in6*)sa;
1849  if (len != sizeof(struct sockaddr_in6)) {
1850  log_fn(level, LD_NET, "Length of address not as expected: %d vs %d",
1851  len,(int)sizeof(struct sockaddr_in6));
1852  ok = 0;
1853  }
1854  if (fast_mem_is_zero((void*)sin6->sin6_addr.s6_addr, 16) ||
1855  sin6->sin6_port == 0) {
1856  log_fn(level, LD_NET,
1857  "Address for new connection has address/port equal to zero.");
1858  ok = 0;
1859  }
1860  } else if (sa->sa_family == AF_UNIX) {
1861  ok = 1;
1862  } else {
1863  ok = 0;
1864  }
1865  return ok ? 0 : -1;
1866 }
1867 
1868 /** Check whether the socket family from an accepted socket <b>got</b> is the
1869  * same as the one that <b>listener</b> is waiting for. If it isn't, log
1870  * a useful message and return -1. Else return 0.
1871  *
1872  * This is annoying, but can apparently happen on some Darwins. */
1873 static int
1875 {
1876  if (got != listener->socket_family) {
1877  log_info(LD_BUG, "A listener connection returned a socket with a "
1878  "mismatched family. %s for addr_family %d gave us a socket "
1879  "with address family %d. Dropping.",
1880  conn_type_to_string(listener->type),
1881  (int)listener->socket_family,
1882  (int)got);
1883  return -1;
1884  }
1885  return 0;
1886 }
1887 
1888 /** The listener connection <b>conn</b> told poll() it wanted to read.
1889  * Call accept() on conn->s, and add the new connection if necessary.
1890  */
1891 static int
1893 {
1894  tor_socket_t news; /* the new socket */
1895  connection_t *newconn = 0;
1896  /* information about the remote peer when connecting to other routers */
1897  struct sockaddr_storage addrbuf;
1898  struct sockaddr *remote = (struct sockaddr*)&addrbuf;
1899  /* length of the remote address. Must be whatever accept() needs. */
1900  socklen_t remotelen = (socklen_t)sizeof(addrbuf);
1901  const or_options_t *options = get_options();
1902 
1903  tor_assert((size_t)remotelen >= sizeof(struct sockaddr_in));
1904  memset(&addrbuf, 0, sizeof(addrbuf));
1905 
1906  news = tor_accept_socket_nonblocking(conn->s,remote,&remotelen);
1907  if (!SOCKET_OK(news)) { /* accept() error */
1908  int e = tor_socket_errno(conn->s);
1909  if (ERRNO_IS_ACCEPT_EAGAIN(e)) {
1910  /*
1911  * they hung up before we could accept(). that's fine.
1912  *
1913  * give the OOS handler a chance to run though
1914  */
1916  return 0;
1917  } else if (ERRNO_IS_RESOURCE_LIMIT(e)) {
1919  /* Exhaustion; tell the OOS handler */
1921  return 0;
1922  }
1923  /* else there was a real error. */
1924  log_warn(LD_NET,"accept() failed: %s. Closing listener.",
1925  tor_socket_strerror(e));
1926  connection_mark_for_close(conn);
1927  /* Tell the OOS handler about this too */
1929  return -1;
1930  }
1931  log_debug(LD_NET,
1932  "Connection accepted on socket %d (child of fd %d).",
1933  (int)news,(int)conn->s);
1934 
1935  /* We accepted a new conn; run OOS handler */
1937 
1938  if (make_socket_reuseable(news) < 0) {
1939  if (tor_socket_errno(news) == EINVAL) {
1940  /* This can happen on OSX if we get a badly timed shutdown. */
1941  log_debug(LD_NET, "make_socket_reuseable returned EINVAL");
1942  } else {
1943  log_warn(LD_NET, "Error setting SO_REUSEADDR flag on %s: %s",
1944  conn_type_to_string(new_type),
1945  tor_socket_strerror(errno));
1946  }
1947  tor_close_socket(news);
1948  return 0;
1949  }
1950 
1951  if (options->ConstrainedSockets)
1953 
1954  if (check_sockaddr_family_match(remote->sa_family, conn) < 0) {
1955  tor_close_socket(news);
1956  return 0;
1957  }
1958 
1959  if (conn->socket_family == AF_INET || conn->socket_family == AF_INET6 ||
1960  (conn->socket_family == AF_UNIX && new_type == CONN_TYPE_AP)) {
1961  tor_addr_t addr;
1962  uint16_t port;
1963  if (check_sockaddr(remote, remotelen, LOG_INFO)<0) {
1964  log_info(LD_NET,
1965  "accept() returned a strange address; closing connection.");
1966  tor_close_socket(news);
1967  return 0;
1968  }
1969 
1970  tor_addr_from_sockaddr(&addr, remote, &port);
1971 
1972  /* process entrance policies here, before we even create the connection */
1973  if (new_type == CONN_TYPE_AP) {
1974  /* check sockspolicy to see if we should accept it */
1975  if (socks_policy_permits_address(&addr) == 0) {
1976  log_notice(LD_APP,
1977  "Denying socks connection from untrusted address %s.",
1978  fmt_and_decorate_addr(&addr));
1979  tor_close_socket(news);
1980  return 0;
1981  }
1982  }
1983  if (new_type == CONN_TYPE_DIR) {
1984  /* check dirpolicy to see if we should accept it */
1985  if (dir_policy_permits_address(&addr) == 0) {
1986  log_notice(LD_DIRSERV,"Denying dir connection from address %s.",
1987  fmt_and_decorate_addr(&addr));
1988  tor_close_socket(news);
1989  return 0;
1990  }
1991  }
1992  if (new_type == CONN_TYPE_OR) {
1993  /* Assess with the connection DoS mitigation subsystem if this address
1994  * can open a new connection. */
1995  if (dos_conn_addr_get_defense_type(&addr) == DOS_CONN_DEFENSE_CLOSE) {
1996  tor_close_socket(news);
1997  return 0;
1998  }
1999  }
2000 
2001  newconn = connection_new(new_type, conn->socket_family);
2002  newconn->s = news;
2003 
2004  /* remember the remote address */
2005  tor_addr_copy(&newconn->addr, &addr);
2006  if (new_type == CONN_TYPE_AP && conn->socket_family == AF_UNIX) {
2007  newconn->port = 0;
2008  newconn->address = tor_strdup(conn->address);
2009  } else {
2010  newconn->port = port;
2011  newconn->address = tor_addr_to_str_dup(&addr);
2012  }
2013 
2014  if (new_type == CONN_TYPE_AP && conn->socket_family != AF_UNIX) {
2015  log_info(LD_NET, "New SOCKS connection opened from %s.",
2016  fmt_and_decorate_addr(&addr));
2017  }
2018  if (new_type == CONN_TYPE_AP && conn->socket_family == AF_UNIX) {
2019  log_info(LD_NET, "New SOCKS AF_UNIX connection opened");
2020  }
2021  if (new_type == CONN_TYPE_CONTROL) {
2022  log_notice(LD_CONTROL, "New control connection opened from %s.",
2023  fmt_and_decorate_addr(&addr));
2024  }
2025  if (new_type == CONN_TYPE_METRICS) {
2026  log_info(LD_CONTROL, "New metrics connection opened from %s.",
2027  fmt_and_decorate_addr(&addr));
2028  }
2029 
2030  } else if (conn->socket_family == AF_UNIX && conn->type != CONN_TYPE_AP) {
2032  tor_assert(new_type == CONN_TYPE_CONTROL);
2033  log_notice(LD_CONTROL, "New control connection opened.");
2034 
2035  newconn = connection_new(new_type, conn->socket_family);
2036  newconn->s = news;
2037 
2038  /* remember the remote address -- do we have anything sane to put here? */
2039  tor_addr_make_unspec(&newconn->addr);
2040  newconn->port = 1;
2041  newconn->address = tor_strdup(conn->address);
2042  } else {
2043  tor_assert(0);
2044  };
2045 
2046  if (connection_add(newconn) < 0) { /* no space, forget it */
2047  connection_free(newconn);
2048  return 0; /* no need to tear down the parent */
2049  }
2050 
2051  if (connection_init_accepted_conn(newconn, TO_LISTENER_CONN(conn)) < 0) {
2052  if (! newconn->marked_for_close)
2053  connection_mark_for_close(newconn);
2054  return 0;
2055  }
2056 
2057  note_connection(true /* inbound */, conn->socket_family);
2058 
2059  return 0;
2060 }
2061 
2062 /** Initialize states for newly accepted connection <b>conn</b>.
2063  *
2064  * If conn is an OR, start the TLS handshake.
2065  *
2066  * If conn is a transparent AP, get its original destination
2067  * and place it in circuit_wait.
2068  *
2069  * The <b>listener</b> parameter is only used for AP connections.
2070  */
2071 int
2073  const listener_connection_t *listener)
2074 {
2075  int rv;
2076 
2078 
2079  switch (conn->type) {
2080  case CONN_TYPE_EXT_OR:
2081  /* Initiate Extended ORPort authentication. */
2083  case CONN_TYPE_OR:
2084  connection_or_event_status(TO_OR_CONN(conn), OR_CONN_EVENT_NEW, 0);
2086  if (rv < 0) {
2088  }
2089  return rv;
2090  break;
2091  case CONN_TYPE_AP:
2092  memcpy(&TO_ENTRY_CONN(conn)->entry_cfg, &listener->entry_cfg,
2093  sizeof(entry_port_cfg_t));
2095  TO_ENTRY_CONN(conn)->socks_request->listener_type = listener->base_.type;
2096 
2097  /* Any incoming connection on an entry port counts as user activity. */
2099 
2100  switch (TO_CONN(listener)->type) {
2101  case CONN_TYPE_AP_LISTENER:
2104  listener->entry_cfg.socks_prefer_no_auth;
2106  listener->entry_cfg.extended_socks5_codes;
2107  break;
2109  TO_ENTRY_CONN(conn)->is_transparent_ap = 1;
2110  /* XXXX028 -- is this correct still, with the addition of
2111  * pending_entry_connections ? */
2115  TO_ENTRY_CONN(conn)->is_transparent_ap = 1;
2117  break;
2120  }
2121  break;
2122  case CONN_TYPE_DIR:
2123  conn->purpose = DIR_PURPOSE_SERVER;
2125  break;
2126  case CONN_TYPE_CONTROL:
2128  break;
2129  }
2130  return 0;
2131 }
2132 
2133 /** Take conn, make a nonblocking socket; try to connect to
2134  * sa, binding to bindaddr if sa is not localhost. If fail, return -1 and if
2135  * applicable put your best guess about errno into *<b>socket_error</b>.
2136  * If connected return 1, if EAGAIN return 0.
2137  */
2138 MOCK_IMPL(STATIC int,
2140  const struct sockaddr *sa,
2141  socklen_t sa_len,
2142  const struct sockaddr *bindaddr,
2143  socklen_t bindaddr_len,
2144  int *socket_error))
2145 {
2146  tor_socket_t s;
2147  int inprogress = 0;
2148  const or_options_t *options = get_options();
2149 
2150  tor_assert(conn);
2151  tor_assert(sa);
2152  tor_assert(socket_error);
2153 
2155  /* We should never even try to connect anyplace if the network is
2156  * completely shut off.
2157  *
2158  * (We don't check net_is_disabled() here, since we still sometimes
2159  * want to open connections when we're in soft hibernation.)
2160  */
2161  static ratelim_t disablenet_violated = RATELIM_INIT(30*60);
2162  *socket_error = SOCK_ERRNO(ENETUNREACH);
2163  log_fn_ratelim(&disablenet_violated, LOG_WARN, LD_BUG,
2164  "Tried to open a socket with DisableNetwork set.");
2166  return -1;
2167  }
2168 
2169  const int protocol_family = sa->sa_family;
2170  const int proto = (sa->sa_family == AF_INET6 ||
2171  sa->sa_family == AF_INET) ? IPPROTO_TCP : 0;
2172 
2173  s = tor_open_socket_nonblocking(protocol_family, SOCK_STREAM, proto);
2174  if (! SOCKET_OK(s)) {
2175  /*
2176  * Early OOS handler calls; it matters if it's an exhaustion-related
2177  * error or not.
2178  */
2179  *socket_error = tor_socket_errno(s);
2180  if (ERRNO_IS_RESOURCE_LIMIT(*socket_error)) {
2183  } else {
2184  log_warn(LD_NET,"Error creating network socket: %s",
2185  tor_socket_strerror(*socket_error));
2187  }
2188  return -1;
2189  }
2190 
2191  if (make_socket_reuseable(s) < 0) {
2192  log_warn(LD_NET, "Error setting SO_REUSEADDR flag on new connection: %s",
2193  tor_socket_strerror(errno));
2194  }
2195 
2196  /*
2197  * We've got the socket open; give the OOS handler a chance to check
2198  * against configured maximum socket number, but tell it no exhaustion
2199  * failure.
2200  */
2202 
2203  if (bindaddr && bind(s, bindaddr, bindaddr_len) < 0) {
2204  *socket_error = tor_socket_errno(s);
2205  log_warn(LD_NET,"Error binding network socket: %s",
2206  tor_socket_strerror(*socket_error));
2207  tor_close_socket(s);
2208  return -1;
2209  }
2210 
2211  tor_assert(options);
2212  if (options->ConstrainedSockets)
2214 
2215  if (connect(s, sa, sa_len) < 0) {
2216  int e = tor_socket_errno(s);
2217  if (!ERRNO_IS_CONN_EINPROGRESS(e)) {
2218  /* yuck. kill it. */
2219  *socket_error = e;
2220  log_info(LD_NET,
2221  "connect() to socket failed: %s",
2222  tor_socket_strerror(e));
2223  tor_close_socket(s);
2224  return -1;
2225  } else {
2226  inprogress = 1;
2227  }
2228  }
2229 
2230  note_connection(false /* outbound */, conn->socket_family);
2231 
2232  /* it succeeded. we're connected. */
2233  log_fn(inprogress ? LOG_DEBUG : LOG_INFO, LD_NET,
2234  "Connection to socket %s (sock "TOR_SOCKET_T_FORMAT").",
2235  inprogress ? "in progress" : "established", s);
2236  conn->s = s;
2237  if (connection_add_connecting(conn) < 0) {
2238  /* no space, forget it */
2239  *socket_error = SOCK_ERRNO(ENOBUFS);
2240  return -1;
2241  }
2242 
2243  return inprogress ? 0 : 1;
2244 }
2245 
2246 /* Log a message if connection attempt is made when IPv4 or IPv6 is disabled.
2247  * Log a less severe message if we couldn't conform to ClientPreferIPv6ORPort
2248  * or ClientPreferIPv6ORPort. */
2249 static void
2250 connection_connect_log_client_use_ip_version(const connection_t *conn)
2251 {
2252  const or_options_t *options = get_options();
2253 
2254  /* Only clients care about ClientUseIPv4/6, bail out early on servers, and
2255  * on connections we don't care about */
2256  if (server_mode(options) || !conn || conn->type == CONN_TYPE_EXIT) {
2257  return;
2258  }
2259 
2260  /* We're only prepared to log OR and DIR connections here */
2261  if (conn->type != CONN_TYPE_OR && conn->type != CONN_TYPE_DIR) {
2262  return;
2263  }
2264 
2265  const int must_ipv4 = !reachable_addr_use_ipv6(options);
2266  const int must_ipv6 = (options->ClientUseIPv4 == 0);
2267  const int pref_ipv6 = (conn->type == CONN_TYPE_OR
2270  tor_addr_t real_addr;
2271  tor_addr_copy(&real_addr, &conn->addr);
2272 
2273  /* Check if we broke a mandatory address family restriction */
2274  if ((must_ipv4 && tor_addr_family(&real_addr) == AF_INET6)
2275  || (must_ipv6 && tor_addr_family(&real_addr) == AF_INET)) {
2276  static int logged_backtrace = 0;
2277  log_info(LD_BUG, "Outgoing %s connection to %s violated ClientUseIPv%s 0.",
2278  conn->type == CONN_TYPE_OR ? "OR" : "Dir",
2279  fmt_addr(&real_addr),
2280  options->ClientUseIPv4 == 0 ? "4" : "6");
2281  if (!logged_backtrace) {
2282  log_backtrace(LOG_INFO, LD_BUG, "Address came from");
2283  logged_backtrace = 1;
2284  }
2285  }
2286 
2287  /* Bridges are allowed to break IPv4/IPv6 ORPort preferences to connect to
2288  * the node's configured address when ClientPreferIPv6ORPort is auto */
2289  if (options->UseBridges && conn->type == CONN_TYPE_OR
2290  && options->ClientPreferIPv6ORPort == -1) {
2291  return;
2292  }
2293 
2294  if (reachable_addr_use_ipv6(options)) {
2295  log_info(LD_NET, "Our outgoing connection is using IPv%d.",
2296  tor_addr_family(&real_addr) == AF_INET6 ? 6 : 4);
2297  }
2298 
2299  /* Check if we couldn't satisfy an address family preference */
2300  if ((!pref_ipv6 && tor_addr_family(&real_addr) == AF_INET6)
2301  || (pref_ipv6 && tor_addr_family(&real_addr) == AF_INET)) {
2302  log_info(LD_NET, "Outgoing connection to %s doesn't satisfy "
2303  "ClientPreferIPv6%sPort %d, with ClientUseIPv4 %d, and "
2304  "reachable_addr_use_ipv6 %d (ClientUseIPv6 %d and UseBridges "
2305  "%d).",
2306  fmt_addr(&real_addr),
2307  conn->type == CONN_TYPE_OR ? "OR" : "Dir",
2308  conn->type == CONN_TYPE_OR ? options->ClientPreferIPv6ORPort
2309  : options->ClientPreferIPv6DirPort,
2310  options->ClientUseIPv4, reachable_addr_use_ipv6(options),
2311  options->ClientUseIPv6, options->UseBridges);
2312  }
2313 }
2314 
2315 /** Retrieve the outbound address depending on the protocol (IPv4 or IPv6)
2316  * and the connection type (relay, exit, ...)
2317  * Return a socket address or NULL in case nothing is configured.
2318  **/
2319 const tor_addr_t *
2321  const or_options_t *options, unsigned int conn_type)
2322 {
2323  const tor_addr_t *ext_addr = NULL;
2324 
2325  int fam_index;
2326  switch (family) {
2327  case AF_INET:
2328  fam_index = 0;
2329  break;
2330  case AF_INET6:
2331  fam_index = 1;
2332  break;
2333  default:
2334  return NULL;
2335  }
2336 
2337  // If an exit connection, use the exit address (if present)
2338  if (conn_type == CONN_TYPE_EXIT) {
2339  if (!tor_addr_is_null(
2340  &options->OutboundBindAddresses[OUTBOUND_ADDR_EXIT][fam_index])) {
2341  ext_addr = &options->OutboundBindAddresses[OUTBOUND_ADDR_EXIT]
2342  [fam_index];
2343  } else if (!tor_addr_is_null(
2345  [fam_index])) {
2346  ext_addr = &options->OutboundBindAddresses[OUTBOUND_ADDR_ANY]
2347  [fam_index];
2348  }
2349  } else { // All non-exit connections
2350  if (!tor_addr_is_null(
2351  &options->OutboundBindAddresses[OUTBOUND_ADDR_OR][fam_index])) {
2352  ext_addr = &options->OutboundBindAddresses[OUTBOUND_ADDR_OR]
2353  [fam_index];
2354  } else if (!tor_addr_is_null(
2356  [fam_index])) {
2357  ext_addr = &options->OutboundBindAddresses[OUTBOUND_ADDR_ANY]
2358  [fam_index];
2359  }
2360  }
2361  return ext_addr;
2362 }
2363 
2364 /** Take conn, make a nonblocking socket; try to connect to
2365  * addr:port (port arrives in *host order*). If fail, return -1 and if
2366  * applicable put your best guess about errno into *<b>socket_error</b>.
2367  * Else assign s to conn->s: if connected return 1, if EAGAIN return 0.
2368  *
2369  * addr:port can be different to conn->addr:conn->port if connecting through
2370  * a proxy.
2371  *
2372  * address is used to make the logs useful.
2373  *
2374  * On success, add conn to the list of polled connections.
2375  */
2376 int
2377 connection_connect(connection_t *conn, const char *address,
2378  const tor_addr_t *addr, uint16_t port, int *socket_error)
2379 {
2380  struct sockaddr_storage addrbuf;
2381  struct sockaddr_storage bind_addr_ss;
2382  struct sockaddr *bind_addr = NULL;
2383  struct sockaddr *dest_addr;
2384  int dest_addr_len, bind_addr_len = 0;
2385 
2386  /* Log if we didn't stick to ClientUseIPv4/6 or ClientPreferIPv6OR/DirPort
2387  */
2388  connection_connect_log_client_use_ip_version(conn);
2389 
2390  if (!tor_addr_is_loopback(addr)) {
2391  const tor_addr_t *ext_addr = NULL;
2393  conn->type);
2394  if (ext_addr) {
2395  memset(&bind_addr_ss, 0, sizeof(bind_addr_ss));
2396  bind_addr_len = tor_addr_to_sockaddr(ext_addr, 0,
2397  (struct sockaddr *) &bind_addr_ss,
2398  sizeof(bind_addr_ss));
2399  if (bind_addr_len == 0) {
2400  log_warn(LD_NET,
2401  "Error converting OutboundBindAddress %s into sockaddr. "
2402  "Ignoring.", fmt_and_decorate_addr(ext_addr));
2403  } else {
2404  bind_addr = (struct sockaddr *)&bind_addr_ss;
2405  }
2406  }
2407  }
2408 
2409  memset(&addrbuf,0,sizeof(addrbuf));
2410  dest_addr = (struct sockaddr*) &addrbuf;
2411  dest_addr_len = tor_addr_to_sockaddr(addr, port, dest_addr, sizeof(addrbuf));
2412  tor_assert(dest_addr_len > 0);
2413 
2414  log_debug(LD_NET, "Connecting to %s:%u.",
2415  escaped_safe_str_client(address), port);
2416 
2417  return connection_connect_sockaddr(conn, dest_addr, dest_addr_len,
2418  bind_addr, bind_addr_len, socket_error);
2419 }
2420 
2421 #ifdef HAVE_SYS_UN_H
2422 
2423 /** Take conn, make a nonblocking socket; try to connect to
2424  * an AF_UNIX socket at socket_path. If fail, return -1 and if applicable
2425  * put your best guess about errno into *<b>socket_error</b>. Else assign s
2426  * to conn->s: if connected return 1, if EAGAIN return 0.
2427  *
2428  * On success, add conn to the list of polled connections.
2429  */
2430 int
2431 connection_connect_unix(connection_t *conn, const char *socket_path,
2432  int *socket_error)
2433 {
2434  struct sockaddr_un dest_addr;
2435 
2436  tor_assert(socket_path);
2437 
2438  /* Check that we'll be able to fit it into dest_addr later */
2439  if (strlen(socket_path) + 1 > sizeof(dest_addr.sun_path)) {
2440  log_warn(LD_NET,
2441  "Path %s is too long for an AF_UNIX socket\n",
2442  escaped_safe_str_client(socket_path));
2443  *socket_error = SOCK_ERRNO(ENAMETOOLONG);
2444  return -1;
2445  }
2446 
2447  memset(&dest_addr, 0, sizeof(dest_addr));
2448  dest_addr.sun_family = AF_UNIX;
2449  strlcpy(dest_addr.sun_path, socket_path, sizeof(dest_addr.sun_path));
2450 
2451  log_debug(LD_NET,
2452  "Connecting to AF_UNIX socket at %s.",
2453  escaped_safe_str_client(socket_path));
2454 
2455  return connection_connect_sockaddr(conn,
2456  (struct sockaddr *)&dest_addr, sizeof(dest_addr),
2457  NULL, 0, socket_error);
2458 }
2459 
2460 #endif /* defined(HAVE_SYS_UN_H) */
2461 
2462 /** Convert state number to string representation for logging purposes.
2463  */
2464 static const char *
2466 {
2467  static const char *unknown = "???";
2468  static const char *states[] = {
2469  "PROXY_NONE",
2470  "PROXY_INFANT",
2471  "PROXY_HTTPS_WANT_CONNECT_OK",
2472  "PROXY_SOCKS4_WANT_CONNECT_OK",
2473  "PROXY_SOCKS5_WANT_AUTH_METHOD_NONE",
2474  "PROXY_SOCKS5_WANT_AUTH_METHOD_RFC1929",
2475  "PROXY_SOCKS5_WANT_AUTH_RFC1929_OK",
2476  "PROXY_SOCKS5_WANT_CONNECT_OK",
2477  "PROXY_HAPROXY_WAIT_FOR_FLUSH",
2478  "PROXY_CONNECTED",
2479  };
2480 
2481  CTASSERT(ARRAY_LENGTH(states) == PROXY_CONNECTED+1);
2482 
2483  if (state < PROXY_NONE || state > PROXY_CONNECTED)
2484  return unknown;
2485 
2486  return states[state];
2487 }
2488 
2489 /** Returns the proxy type used by tor for a single connection, for
2490  * logging or high-level purposes. Don't use it to fill the
2491  * <b>proxy_type</b> field of or_connection_t; use the actual proxy
2492  * protocol instead.*/
2493 static int
2495 {
2496  const or_options_t *options = get_options();
2497 
2498  if (options->ClientTransportPlugin) {
2499  /* If we have plugins configured *and* this addr/port is a known bridge
2500  * with a transport, then we should be PROXY_PLUGGABLE. */
2501  const transport_t *transport = NULL;
2502  int r;
2503  r = get_transport_by_bridge_addrport(&conn->addr, conn->port, &transport);
2504  if (r == 0 && transport)
2505  return PROXY_PLUGGABLE;
2506  }
2507 
2508  /* In all other cases, we're using a global proxy. */
2509  if (options->HTTPSProxy)
2510  return PROXY_CONNECT;
2511  else if (options->Socks4Proxy)
2512  return PROXY_SOCKS4;
2513  else if (options->Socks5Proxy)
2514  return PROXY_SOCKS5;
2515  else if (options->TCPProxy) {
2516  /* The only supported protocol in TCPProxy is haproxy. */
2518  return PROXY_HAPROXY;
2519  } else
2520  return PROXY_NONE;
2521 }
2522 
2523 /* One byte for the version, one for the command, two for the
2524  port, and four for the addr... and, one more for the
2525  username NUL: */
2526 #define SOCKS4_STANDARD_BUFFER_SIZE (1 + 1 + 2 + 4 + 1)
2527 
2528 /** Write a proxy request of https to conn for conn->addr:conn->port,
2529  * authenticating with the auth details given in the configuration
2530  * (if available).
2531  *
2532  * Returns -1 if conn->addr is incompatible with the proxy protocol, and
2533  * 0 otherwise.
2534  */
2535 static int
2537 {
2538  tor_assert(conn);
2539 
2540  const or_options_t *options = get_options();
2541  char buf[1024];
2542  char *base64_authenticator = NULL;
2543  const char *authenticator = options->HTTPSProxyAuthenticator;
2544 
2545  /* Send HTTP CONNECT and authentication (if available) in
2546  * one request */
2547 
2548  if (authenticator) {
2549  base64_authenticator = alloc_http_authenticator(authenticator);
2550  if (!base64_authenticator)
2551  log_warn(LD_OR, "Encoding https authenticator failed");
2552  }
2553 
2554  if (base64_authenticator) {
2555  const char *addrport = fmt_addrport(&conn->addr, conn->port);
2556  tor_snprintf(buf, sizeof(buf), "CONNECT %s HTTP/1.1\r\n"
2557  "Host: %s\r\n"
2558  "Proxy-Authorization: Basic %s\r\n\r\n",
2559  addrport,
2560  addrport,
2561  base64_authenticator);
2562  tor_free(base64_authenticator);
2563  } else {
2564  tor_snprintf(buf, sizeof(buf), "CONNECT %s HTTP/1.0\r\n\r\n",
2565  fmt_addrport(&conn->addr, conn->port));
2566  }
2567 
2568  connection_buf_add(buf, strlen(buf), conn);
2569  conn->proxy_state = PROXY_HTTPS_WANT_CONNECT_OK;
2570 
2571  return 0;
2572 }
2573 
2574 /** Write a proxy request of socks4 to conn for conn->addr:conn->port.
2575  *
2576  * Returns -1 if conn->addr is incompatible with the proxy protocol, and
2577  * 0 otherwise.
2578  */
2579 static int
2581 {
2582  tor_assert(conn);
2583 
2584  unsigned char *buf;
2585  uint16_t portn;
2586  uint32_t ip4addr;
2587  size_t buf_size = 0;
2588  char *socks_args_string = NULL;
2589 
2590  /* Send a SOCKS4 connect request */
2591 
2592  if (tor_addr_family(&conn->addr) != AF_INET) {
2593  log_warn(LD_NET, "SOCKS4 client is incompatible with IPv6");
2594  return -1;
2595  }
2596 
2597  { /* If we are here because we are trying to connect to a
2598  pluggable transport proxy, check if we have any SOCKS
2599  arguments to transmit. If we do, compress all arguments to
2600  a single string in 'socks_args_string': */
2601 
2602  if (conn_get_proxy_type(conn) == PROXY_PLUGGABLE) {
2603  socks_args_string =
2605  if (socks_args_string)
2606  log_debug(LD_NET, "Sending out '%s' as our SOCKS argument string.",
2607  socks_args_string);
2608  }
2609  }
2610 
2611  { /* Figure out the buffer size we need for the SOCKS message: */
2612 
2613  buf_size = SOCKS4_STANDARD_BUFFER_SIZE;
2614 
2615  /* If we have a SOCKS argument string, consider its size when
2616  calculating the buffer size: */
2617  if (socks_args_string)
2618  buf_size += strlen(socks_args_string);
2619  }
2620 
2621  buf = tor_malloc_zero(buf_size);
2622 
2623  ip4addr = tor_addr_to_ipv4n(&conn->addr);
2624  portn = htons(conn->port);
2625 
2626  buf[0] = 4; /* version */
2627  buf[1] = SOCKS_COMMAND_CONNECT; /* command */
2628  memcpy(buf + 2, &portn, 2); /* port */
2629  memcpy(buf + 4, &ip4addr, 4); /* addr */
2630 
2631  /* Next packet field is the userid. If we have pluggable
2632  transport SOCKS arguments, we have to embed them
2633  there. Otherwise, we use an empty userid. */
2634  if (socks_args_string) { /* place the SOCKS args string: */
2635  tor_assert(strlen(socks_args_string) > 0);
2636  tor_assert(buf_size >=
2637  SOCKS4_STANDARD_BUFFER_SIZE + strlen(socks_args_string));
2638  strlcpy((char *)buf + 8, socks_args_string, buf_size - 8);
2639  tor_free(socks_args_string);
2640  } else {
2641  buf[8] = 0; /* no userid */
2642  }
2643 
2644  connection_buf_add((char *)buf, buf_size, conn);
2645  tor_free(buf);
2646 
2647  conn->proxy_state = PROXY_SOCKS4_WANT_CONNECT_OK;
2648  return 0;
2649 }
2650 
2651 /** Write a proxy request of socks5 to conn for conn->addr:conn->port,
2652  * authenticating with the auth details given in the configuration
2653  * (if available).
2654  *
2655  * Returns -1 if conn->addr is incompatible with the proxy protocol, and
2656  * 0 otherwise.
2657  */
2658 static int
2660 {
2661  tor_assert(conn);
2662 
2663  const or_options_t *options = get_options();
2664  unsigned char buf[4]; /* fields: vers, num methods, method list */
2665 
2666  /* Send a SOCKS5 greeting (connect request must wait) */
2667 
2668  buf[0] = 5; /* version */
2669 
2670  /* We have to use SOCKS5 authentication, if we have a
2671  Socks5ProxyUsername or if we want to pass arguments to our
2672  pluggable transport proxy: */
2673  if ((options->Socks5ProxyUsername) ||
2674  (conn_get_proxy_type(conn) == PROXY_PLUGGABLE &&
2675  (get_socks_args_by_bridge_addrport(&conn->addr, conn->port)))) {
2676  /* number of auth methods */
2677  buf[1] = 2;
2678  buf[2] = 0x00; /* no authentication */
2679  buf[3] = 0x02; /* rfc1929 Username/Passwd auth */
2680  conn->proxy_state = PROXY_SOCKS5_WANT_AUTH_METHOD_RFC1929;
2681  } else {
2682  buf[1] = 1;
2683  buf[2] = 0x00; /* no authentication */
2684  conn->proxy_state = PROXY_SOCKS5_WANT_AUTH_METHOD_NONE;
2685  }
2686 
2687  connection_buf_add((char *)buf, 2 + buf[1], conn);
2688  return 0;
2689 }
2690 
2691 /** Write a proxy request of haproxy to conn for conn->addr:conn->port.
2692  *
2693  * Returns -1 if conn->addr is incompatible with the proxy protocol, and
2694  * 0 otherwise.
2695  */
2696 static int
2698 {
2699  int ret = 0;
2700  tor_addr_port_t *addr_port = tor_addr_port_new(&conn->addr, conn->port);
2701  char *buf = haproxy_format_proxy_header_line(addr_port);
2702 
2703  if (buf == NULL) {
2704  ret = -1;
2705  goto done;
2706  }
2707 
2708  connection_buf_add(buf, strlen(buf), conn);
2709  /* In haproxy, we don't have to wait for the response, but we wait for ack.
2710  * So we can set the state to be PROXY_HAPROXY_WAIT_FOR_FLUSH. */
2711  conn->proxy_state = PROXY_HAPROXY_WAIT_FOR_FLUSH;
2712 
2713  ret = 0;
2714  done:
2715  tor_free(buf);
2716  tor_free(addr_port);
2717  return ret;
2718 }
2719 
2720 /** Write a proxy request of <b>type</b> (socks4, socks5, https, haproxy)
2721  * to conn for conn->addr:conn->port, authenticating with the auth details
2722  * given in the configuration (if available). SOCKS 5 and HTTP CONNECT
2723  * proxies support authentication.
2724  *
2725  * Returns -1 if conn->addr is incompatible with the proxy protocol, and
2726  * 0 otherwise.
2727  *
2728  * Use connection_read_proxy_handshake() to complete the handshake.
2729  */
2730 int
2732 {
2733  int ret = 0;
2734 
2735  tor_assert(conn);
2736 
2737  switch (type) {
2738  case PROXY_CONNECT:
2739  ret = connection_https_proxy_connect(conn);
2740  break;
2741 
2742  case PROXY_SOCKS4:
2743  ret = connection_socks4_proxy_connect(conn);
2744  break;
2745 
2746  case PROXY_SOCKS5:
2747  ret = connection_socks5_proxy_connect(conn);
2748  break;
2749 
2750  case PROXY_HAPROXY:
2752  break;
2753 
2754  default:
2755  log_err(LD_BUG, "Invalid proxy protocol, %d", type);
2757  ret = -1;
2758  break;
2759  }
2760 
2761  if (ret == 0) {
2762  log_debug(LD_NET, "set state %s",
2764  }
2765 
2766  return ret;
2767 }
2768 
2769 /** Read conn's inbuf. If the http response from the proxy is all
2770  * here, make sure it's good news, then return 1. If it's bad news,
2771  * return -1. Else return 0 and hope for better luck next time.
2772  */
2773 static int
2775 {
2776  char *headers;
2777  char *reason=NULL;
2778  int status_code;
2779  time_t date_header;
2780 
2781  switch (fetch_from_buf_http(conn->inbuf,
2782  &headers, MAX_HEADERS_SIZE,
2783  NULL, NULL, 10000, 0)) {
2784  case -1: /* overflow */
2785  log_warn(LD_PROTOCOL,
2786  "Your https proxy sent back an oversized response. Closing.");
2787  return -1;
2788  case 0:
2789  log_info(LD_NET,"https proxy response not all here yet. Waiting.");
2790  return 0;
2791  /* case 1, fall through */
2792  }
2793 
2794  if (parse_http_response(headers, &status_code, &date_header,
2795  NULL, &reason) < 0) {
2796  log_warn(LD_NET,
2797  "Unparseable headers from proxy (%s). Closing.",
2798  connection_describe(conn));
2799  tor_free(headers);
2800  return -1;
2801  }
2802  tor_free(headers);
2803  if (!reason) reason = tor_strdup("[no reason given]");
2804 
2805  if (status_code == 200) {
2806  log_info(LD_NET,
2807  "HTTPS connect for %s successful! (200 %s) Starting TLS.",
2808  connection_describe(conn), escaped(reason));
2809  tor_free(reason);
2810  return 1;
2811  }
2812  /* else, bad news on the status code */
2813  switch (status_code) {
2814  case 403:
2815  log_warn(LD_NET,
2816  "The https proxy refused to allow connection to %s "
2817  "(status code %d, %s). Closing.",
2818  conn->address, status_code, escaped(reason));
2819  break;
2820  default:
2821  log_warn(LD_NET,
2822  "The https proxy sent back an unexpected status code %d (%s). "
2823  "Closing.",
2824  status_code, escaped(reason));
2825  break;
2826  }
2827  tor_free(reason);
2828  return -1;
2829 }
2830 
2831 /** Send SOCKS5 CONNECT command to <b>conn</b>, copying <b>conn->addr</b>
2832  * and <b>conn->port</b> into the request.
2833  */
2834 static void
2836 {
2837  unsigned char buf[1024];
2838  size_t reqsize = 6;
2839  uint16_t port = htons(conn->port);
2840 
2841  buf[0] = 5; /* version */
2842  buf[1] = SOCKS_COMMAND_CONNECT; /* command */
2843  buf[2] = 0; /* reserved */
2844 
2845  if (tor_addr_family(&conn->addr) == AF_INET) {
2846  uint32_t addr = tor_addr_to_ipv4n(&conn->addr);
2847 
2848  buf[3] = 1;
2849  reqsize += 4;
2850  memcpy(buf + 4, &addr, 4);
2851  memcpy(buf + 8, &port, 2);
2852  } else { /* AF_INET6 */
2853  buf[3] = 4;
2854  reqsize += 16;
2855  memcpy(buf + 4, tor_addr_to_in6_addr8(&conn->addr), 16);
2856  memcpy(buf + 20, &port, 2);
2857  }
2858 
2859  connection_buf_add((char *)buf, reqsize, conn);
2860 
2861  conn->proxy_state = PROXY_SOCKS5_WANT_CONNECT_OK;
2862 }
2863 
2864 /** Wrapper around fetch_from_buf_socks_client: see that functions
2865  * for documentation of its behavior. */
2866 static int
2868  int state, char **reason)
2869 {
2870  return fetch_from_buf_socks_client(conn->inbuf, state, reason);
2871 }
2872 
2873 /** Call this from connection_*_process_inbuf() to advance the proxy
2874  * handshake.
2875  *
2876  * No matter what proxy protocol is used, if this function returns 1, the
2877  * handshake is complete, and the data remaining on inbuf may contain the
2878  * start of the communication with the requested server.
2879  *
2880  * Returns 0 if the current buffer contains an incomplete response, and -1
2881  * on error.
2882  */
2883 int
2885 {
2886  int ret = 0;
2887  char *reason = NULL;
2888 
2889  log_debug(LD_NET, "enter state %s",
2891 
2892  switch (conn->proxy_state) {
2893  case PROXY_HTTPS_WANT_CONNECT_OK:
2895  if (ret == 1)
2896  conn->proxy_state = PROXY_CONNECTED;
2897  break;
2898 
2899  case PROXY_SOCKS4_WANT_CONNECT_OK:
2901  conn->proxy_state,
2902  &reason);
2903  if (ret == 1)
2904  conn->proxy_state = PROXY_CONNECTED;
2905  break;
2906 
2907  case PROXY_SOCKS5_WANT_AUTH_METHOD_NONE:
2909  conn->proxy_state,
2910  &reason);
2911  /* no auth needed, do connect */
2912  if (ret == 1) {
2914  ret = 0;
2915  }
2916  break;
2917 
2918  case PROXY_SOCKS5_WANT_AUTH_METHOD_RFC1929:
2920  conn->proxy_state,
2921  &reason);
2922 
2923  /* send auth if needed, otherwise do connect */
2924  if (ret == 1) {
2926  ret = 0;
2927  } else if (ret == 2) {
2928  unsigned char buf[1024];
2929  size_t reqsize, usize, psize;
2930  const char *user, *pass;
2931  char *socks_args_string = NULL;
2932 
2933  if (conn_get_proxy_type(conn) == PROXY_PLUGGABLE) {
2934  socks_args_string =
2936  if (!socks_args_string) {
2937  log_warn(LD_NET, "Could not create SOCKS args string for PT.");
2938  ret = -1;
2939  break;
2940  }
2941 
2942  log_debug(LD_NET, "PT SOCKS5 arguments: %s", socks_args_string);
2943  tor_assert(strlen(socks_args_string) > 0);
2944  tor_assert(strlen(socks_args_string) <= MAX_SOCKS5_AUTH_SIZE_TOTAL);
2945 
2946  if (strlen(socks_args_string) > MAX_SOCKS5_AUTH_FIELD_SIZE) {
2947  user = socks_args_string;
2949  pass = socks_args_string + MAX_SOCKS5_AUTH_FIELD_SIZE;
2950  psize = strlen(socks_args_string) - MAX_SOCKS5_AUTH_FIELD_SIZE;
2951  } else {
2952  user = socks_args_string;
2953  usize = strlen(socks_args_string);
2954  pass = "\0";
2955  psize = 1;
2956  }
2957  } else if (get_options()->Socks5ProxyUsername) {
2958  user = get_options()->Socks5ProxyUsername;
2959  pass = get_options()->Socks5ProxyPassword;
2960  tor_assert(user && pass);
2961  usize = strlen(user);
2962  psize = strlen(pass);
2963  } else {
2964  log_err(LD_BUG, "We entered %s for no reason!", __func__);
2966  ret = -1;
2967  break;
2968  }
2969 
2970  /* Username and password lengths should have been checked
2971  above and during torrc parsing. */
2973  psize <= MAX_SOCKS5_AUTH_FIELD_SIZE);
2974  reqsize = 3 + usize + psize;
2975 
2976  buf[0] = 1; /* negotiation version */
2977  buf[1] = usize;
2978  memcpy(buf + 2, user, usize);
2979  buf[2 + usize] = psize;
2980  memcpy(buf + 3 + usize, pass, psize);
2981 
2982  if (socks_args_string)
2983  tor_free(socks_args_string);
2984 
2985  connection_buf_add((char *)buf, reqsize, conn);
2986 
2987  conn->proxy_state = PROXY_SOCKS5_WANT_AUTH_RFC1929_OK;
2988  ret = 0;
2989  }
2990  break;
2991 
2992  case PROXY_SOCKS5_WANT_AUTH_RFC1929_OK:
2994  conn->proxy_state,
2995  &reason);
2996  /* send the connect request */
2997  if (ret == 1) {
2999  ret = 0;
3000  }
3001  break;
3002 
3003  case PROXY_SOCKS5_WANT_CONNECT_OK:
3005  conn->proxy_state,
3006  &reason);
3007  if (ret == 1)
3008  conn->proxy_state = PROXY_CONNECTED;
3009  break;
3010 
3011  default:
3012  log_err(LD_BUG, "Invalid proxy_state for reading, %d",
3013  conn->proxy_state);
3015  ret = -1;
3016  break;
3017  }
3018 
3019  log_debug(LD_NET, "leaving state %s",
3021 
3022  if (ret < 0) {
3023  if (reason) {
3024  log_warn(LD_NET, "Proxy Client: unable to connect %s (%s)",
3025  connection_describe(conn), escaped(reason));
3026  tor_free(reason);
3027  } else {
3028  log_warn(LD_NET, "Proxy Client: unable to connect %s",
3029  connection_describe(conn));
3030  }
3031  } else if (ret == 1) {
3032  log_info(LD_NET, "Proxy Client: %s successful",
3033  connection_describe(conn));
3034  }
3035 
3036  return ret;
3037 }
3038 
3039 /** Given a list of listener connections in <b>old_conns</b>, and list of
3040  * port_cfg_t entries in <b>ports</b>, open a new listener for every port in
3041  * <b>ports</b> that does not already have a listener in <b>old_conns</b>.
3042  *
3043  * Remove from <b>old_conns</b> every connection that has a corresponding
3044  * entry in <b>ports</b>. Add to <b>new_conns</b> new every connection we
3045  * launch. If we may need to perform socket rebind when creating new
3046  * listener that replaces old one, create a <b>listener_replacement_t</b>
3047  * struct for affected pair and add it to <b>replacements</b>.
3048  *
3049  * If <b>control_listeners_only</b> is true, then we only open control
3050  * listeners, and we do not remove any noncontrol listeners from
3051  * old_conns.
3052  *
3053  * Return 0 on success, -1 on failure.
3054  **/
3055 static int
3057  const smartlist_t *ports,
3058  smartlist_t *new_conns,
3059  smartlist_t *replacements,
3060  int control_listeners_only)
3061 {
3062 #ifndef ENABLE_LISTENER_REBIND
3063  (void)replacements;
3064 #endif
3065 
3066  smartlist_t *launch = smartlist_new();
3067  int r = 0;
3068 
3069  if (control_listeners_only) {
3070  SMARTLIST_FOREACH(ports, port_cfg_t *, p, {
3071  if (p->type == CONN_TYPE_CONTROL_LISTENER)
3072  smartlist_add(launch, p);
3073  });
3074  } else {
3075  smartlist_add_all(launch, ports);
3076  }
3077 
3078  /* Iterate through old_conns, comparing it to launch: remove from both lists
3079  * each pair of elements that corresponds to the same port. */
3080  SMARTLIST_FOREACH_BEGIN(old_conns, connection_t *, conn) {
3081  const port_cfg_t *found_port = NULL;
3082 
3083  /* Okay, so this is a listener. Is it configured? */
3084  /* That is, is it either: 1) exact match - address and port
3085  * pair match exactly between old listener and new port; or 2)
3086  * wildcard match - port matches exactly, but *one* of the
3087  * addresses is wildcard (0.0.0.0 or ::)?
3088  */
3089  SMARTLIST_FOREACH_BEGIN(launch, const port_cfg_t *, wanted) {
3090  if (conn->type != wanted->type)
3091  continue;
3092  if ((conn->socket_family != AF_UNIX && wanted->is_unix_addr) ||
3093  (conn->socket_family == AF_UNIX && ! wanted->is_unix_addr))
3094  continue;
3095 
3096  if (wanted->server_cfg.no_listen)
3097  continue; /* We don't want to open a listener for this one */
3098 
3099  if (wanted->is_unix_addr) {
3100  if (conn->socket_family == AF_UNIX &&
3101  !strcmp(wanted->unix_addr, conn->address)) {
3102  found_port = wanted;
3103  break;
3104  }
3105  } else {
3106  /* Numeric values of old and new port match exactly. */
3107  const int port_matches_exact = (wanted->port == conn->port);
3108  /* Ports match semantically - either their specific values
3109  match exactly, or new port is 'auto'.
3110  */
3111  const int port_matches = (wanted->port == CFG_AUTO_PORT ||
3112  port_matches_exact);
3113 
3114  if (port_matches && tor_addr_eq(&wanted->addr, &conn->addr)) {
3115  found_port = wanted;
3116  break;
3117  }
3118 #ifdef ENABLE_LISTENER_REBIND
3119  /* Rebinding may be needed if all of the following are true:
3120  * 1) Address family is the same in old and new listeners.
3121  * 2) Port number matches exactly (numeric value is the same).
3122  * 3) *One* of listeners (either old one or new one) has a
3123  * wildcard IP address (0.0.0.0 or [::]).
3124  *
3125  * These are the exact conditions for a first bind() syscall
3126  * to fail with EADDRINUSE.
3127  */
3128  const int may_need_rebind =
3129  tor_addr_family(&wanted->addr) == tor_addr_family(&conn->addr) &&
3130  port_matches_exact && bool_neq(tor_addr_is_null(&wanted->addr),
3131  tor_addr_is_null(&conn->addr));
3132  if (replacements && may_need_rebind) {
3133  listener_replacement_t *replacement =
3134  tor_malloc(sizeof(listener_replacement_t));
3135 
3136  replacement->old_conn = conn;
3137  replacement->new_port = wanted;
3138  smartlist_add(replacements, replacement);
3139 
3140  SMARTLIST_DEL_CURRENT(launch, wanted);
3141  SMARTLIST_DEL_CURRENT(old_conns, conn);
3142  break;
3143  }
3144 #endif /* defined(ENABLE_LISTENER_REBIND) */
3145  }
3146  } SMARTLIST_FOREACH_END(wanted);
3147 
3148  if (found_port) {
3149  /* This listener is already running; we don't need to launch it. */
3150  //log_debug(LD_NET, "Already have %s on %s:%d",
3151  // conn_type_to_string(found_port->type), conn->address, conn->port);
3152  smartlist_remove(launch, found_port);
3153  /* And we can remove the connection from old_conns too. */
3154  SMARTLIST_DEL_CURRENT(old_conns, conn);
3155  }
3156  } SMARTLIST_FOREACH_END(conn);
3157 
3158  /* Now open all the listeners that are configured but not opened. */
3159  SMARTLIST_FOREACH_BEGIN(launch, const port_cfg_t *, port) {
3160  int skip = 0;
3161  connection_t *conn = connection_listener_new_for_port(port, &skip, NULL);
3162 
3163  if (conn && new_conns)
3164  smartlist_add(new_conns, conn);
3165  else if (!skip)
3166  r = -1;
3167  } SMARTLIST_FOREACH_END(port);
3168 
3169  smartlist_free(launch);
3170 
3171  return r;
3172 }
3173 
3174 /** Launch listeners for each port you should have open. Only launch
3175  * listeners who are not already open, and only close listeners we no longer
3176  * want.
3177  *
3178  * Add all new connections to <b>new_conns</b>.
3179  *
3180  * If <b>close_all_noncontrol</b> is true, then we only open control
3181  * listeners, and we close all other listeners.
3182  */
3183 int
3184 retry_all_listeners(smartlist_t *new_conns, int close_all_noncontrol)
3185 {
3186  smartlist_t *listeners = smartlist_new();
3187  smartlist_t *replacements = smartlist_new();
3188  const or_options_t *options = get_options();
3189  int retval = 0;
3190  const uint16_t old_or_port = routerconf_find_or_port(options, AF_INET);
3191  const uint16_t old_or_port_ipv6 =
3192  routerconf_find_or_port(options,AF_INET6);
3193  const uint16_t old_dir_port = routerconf_find_dir_port(options, 0);
3194 
3196  if (connection_is_listener(conn) && !conn->marked_for_close)
3197  smartlist_add(listeners, conn);
3198  } SMARTLIST_FOREACH_END(conn);
3199 
3200  if (retry_listener_ports(listeners,
3202  new_conns,
3203  replacements,
3204  close_all_noncontrol) < 0)
3205  retval = -1;
3206 
3207 #ifdef ENABLE_LISTENER_REBIND
3208  if (smartlist_len(replacements))
3209  log_debug(LD_NET, "%d replacements - starting rebinding loop.",
3210  smartlist_len(replacements));
3211 
3212  SMARTLIST_FOREACH_BEGIN(replacements, listener_replacement_t *, r) {
3213  int addr_in_use = 0;
3214  int skip = 0;
3215 
3216  tor_assert(r->new_port);
3217  tor_assert(r->old_conn);
3218 
3219  connection_t *new_conn =
3220  connection_listener_new_for_port(r->new_port, &skip, &addr_in_use);
3221  connection_t *old_conn = r->old_conn;
3222 
3223  if (skip) {
3224  log_debug(LD_NET, "Skipping creating new listener for %s",
3225  connection_describe(old_conn));
3226  continue;
3227  }
3228 
3229  connection_close_immediate(old_conn);
3230  connection_mark_for_close(old_conn);
3231 
3232  if (addr_in_use) {
3233  new_conn = connection_listener_new_for_port(r->new_port,
3234  &skip, &addr_in_use);
3235  }
3236 
3237  /* There are many reasons why we can't open a new listener port so in case
3238  * we hit those, bail early so tor can stop. */
3239  if (!new_conn) {
3240  log_warn(LD_NET, "Unable to create listener port: %s:%d",
3241  fmt_addr(&r->new_port->addr), r->new_port->port);
3242  retval = -1;
3243  break;
3244  }
3245 
3246  smartlist_add(new_conns, new_conn);
3247 
3248  char *old_desc = tor_strdup(connection_describe(old_conn));
3249  log_notice(LD_NET, "Closed no-longer-configured %s "
3250  "(replaced by %s)",
3251  old_desc, connection_describe(new_conn));
3252  tor_free(old_desc);
3253  } SMARTLIST_FOREACH_END(r);
3254 #endif /* defined(ENABLE_LISTENER_REBIND) */
3255 
3256  /* Any members that were still in 'listeners' don't correspond to
3257  * any configured port. Kill 'em. */
3258  SMARTLIST_FOREACH_BEGIN(listeners, connection_t *, conn) {
3259  log_notice(LD_NET, "Closing no-longer-configured %s on %s:%d",
3260  conn_type_to_string(conn->type), conn->address, conn->port);
3262  connection_mark_for_close(conn);
3263  } SMARTLIST_FOREACH_END(conn);
3264 
3265  smartlist_free(listeners);
3266  /* Cleanup any remaining listener replacement. */
3267  SMARTLIST_FOREACH(replacements, listener_replacement_t *, r, tor_free(r));
3268  smartlist_free(replacements);
3269 
3270  if (old_or_port != routerconf_find_or_port(options, AF_INET) ||
3271  old_or_port_ipv6 != routerconf_find_or_port(options, AF_INET6) ||
3272  old_dir_port != routerconf_find_dir_port(options, 0)) {
3273  /* Our chosen ORPort or DirPort is not what it used to be: the
3274  * descriptor we had (if any) should be regenerated. (We won't
3275  * automatically notice this because of changes in the option,
3276  * since the value could be "auto".) */
3277  mark_my_descriptor_dirty("Chosen Or/DirPort changed");
3278  }
3279 
3280  return retval;
3281 }
3282 
3283 /** Mark every listener of type other than CONTROL_LISTENER to be closed. */
3284 void
3286 {
3288  if (conn->marked_for_close)
3289  continue;
3290  if (conn->type == CONN_TYPE_CONTROL_LISTENER)
3291  continue;
3292  if (connection_is_listener(conn))
3293  connection_mark_for_close(conn);
3294  } SMARTLIST_FOREACH_END(conn);
3295 }
3296 
3297 /** Mark every external connection not used for controllers for close. */
3298 void
3300 {
3302  if (conn->marked_for_close)
3303  continue;
3304  switch (conn->type) {
3306  case CONN_TYPE_CONTROL:
3307  break;
3308  case CONN_TYPE_AP:
3309  connection_mark_unattached_ap(TO_ENTRY_CONN(conn),
3310  END_STREAM_REASON_HIBERNATING);
3311  break;
3312  case CONN_TYPE_OR:
3313  {
3314  or_connection_t *orconn = TO_OR_CONN(conn);
3315  if (orconn->chan) {
3316  connection_or_close_normally(orconn, 0);
3317  } else {
3318  /*
3319  * There should have been one, but mark for close and hope
3320  * for the best..
3321  */
3322  connection_mark_for_close(conn);
3323  }
3324  }
3325  break;
3326  default:
3327  connection_mark_for_close(conn);
3328  break;
3329  }
3330  } SMARTLIST_FOREACH_END(conn);
3331 }
3332 
3333 /** Return 1 if we should apply rate limiting to <b>conn</b>, and 0
3334  * otherwise.
3335  * Right now this just checks if it's an internal IP address or an
3336  * internal connection. We also should, but don't, check if the connection
3337  * uses pluggable transports, since we should then limit it even if it
3338  * comes from an internal IP address. */
3339 static int
3341 {
3342  const or_options_t *options = get_options();
3343  if (conn->linked)
3344  return 0; /* Internal connection */
3345  else if (! options->CountPrivateBandwidth &&
3346  ! conn->always_rate_limit_as_remote &&
3347  (tor_addr_family(&conn->addr) == AF_UNSPEC || /* no address */
3348  tor_addr_family(&conn->addr) == AF_UNIX || /* no address */
3349  tor_addr_is_internal(&conn->addr, 0)))
3350  return 0; /* Internal address */
3351  else
3352  return 1;
3353 }
3354 
3355 /** When was either global write bucket last empty? If this was recent, then
3356  * we're probably low on bandwidth, and we should be stingy with our bandwidth
3357  * usage. */
3358 static time_t write_buckets_last_empty_at = -100;
3359 
3360 /** How many seconds of no active local circuits will make the
3361  * connection revert to the "relayed" bandwidth class? */
3362 #define CLIENT_IDLE_TIME_FOR_PRIORITY 30
3363 
3364 /** Return 1 if <b>conn</b> should use tokens from the "relayed"
3365  * bandwidth rates, else 0. Currently, only OR conns with bandwidth
3366  * class 1, and directory conns that are serving data out, count.
3367  */
3368 static int
3370 {
3371  if (conn->type == CONN_TYPE_OR &&
3374  return 1;
3375  if (conn->type == CONN_TYPE_DIR && DIR_CONN_IS_SERVER(conn))
3376  return 1;
3377  return 0;
3378 }
3379 
3380 /** Helper function to decide how many bytes out of <b>global_bucket</b>
3381  * we're willing to use for this transaction. <b>base</b> is the size
3382  * of a cell on the network; <b>priority</b> says whether we should
3383  * write many of them or just a few; and <b>conn_bucket</b> (if
3384  * non-negative) provides an upper limit for our answer. */
3385 static ssize_t
3386 connection_bucket_get_share(int base, int priority,
3387  ssize_t global_bucket_val, ssize_t conn_bucket)
3388 {
3389  ssize_t at_most;
3390  ssize_t num_bytes_high = (priority ? 32 : 16) * base;
3391  ssize_t num_bytes_low = (priority ? 4 : 2) * base;
3392 
3393  /* Do a rudimentary limiting so one circuit can't hog a connection.
3394  * Pick at most 32 cells, at least 4 cells if possible, and if we're in
3395  * the middle pick 1/8 of the available bandwidth. */
3396  at_most = global_bucket_val / 8;
3397  at_most -= (at_most % base); /* round down */
3398  if (at_most > num_bytes_high) /* 16 KB, or 8 KB for low-priority */
3399  at_most = num_bytes_high;
3400  else if (at_most < num_bytes_low) /* 2 KB, or 1 KB for low-priority */
3401  at_most = num_bytes_low;
3402 
3403  if (at_most > global_bucket_val)
3404  at_most = global_bucket_val;
3405 
3406  if (conn_bucket >= 0 && at_most > conn_bucket)
3407  at_most = conn_bucket;
3408 
3409  if (at_most < 0)
3410  return 0;
3411  return at_most;
3412 }
3413 
3414 /** How many bytes at most can we read onto this connection? */
3415 static ssize_t
3417 {
3418  int base = RELAY_PAYLOAD_SIZE;
3419  int priority = conn->type != CONN_TYPE_DIR;
3420  ssize_t conn_bucket = -1;
3421  size_t global_bucket_val = token_bucket_rw_get_read(&global_bucket);
3422 
3423  if (connection_speaks_cells(conn)) {
3424  or_connection_t *or_conn = TO_OR_CONN(conn);
3425  if (conn->state == OR_CONN_STATE_OPEN)
3426  conn_bucket = token_bucket_rw_get_read(&or_conn->bucket);
3427  base = get_cell_network_size(or_conn->wide_circ_ids);
3428  }
3429 
3430  if (!connection_is_rate_limited(conn)) {
3431  /* be willing to read on local conns even if our buckets are empty */
3432  return conn_bucket>=0 ? conn_bucket : 1<<14;
3433  }
3434 
3435  if (connection_counts_as_relayed_traffic(conn, now)) {
3436  size_t relayed = token_bucket_rw_get_read(&global_relayed_bucket);
3437  global_bucket_val = MIN(global_bucket_val, relayed);
3438  }
3439 
3440  return connection_bucket_get_share(base, priority,
3441  global_bucket_val, conn_bucket);
3442 }
3443 
3444 /** How many bytes at most can we write onto this connection? */
3445 ssize_t
3447 {
3448  int base = RELAY_PAYLOAD_SIZE;
3449  int priority = conn->type != CONN_TYPE_DIR;
3450  size_t conn_bucket = buf_datalen(conn->outbuf);
3451  size_t global_bucket_val = token_bucket_rw_get_write(&global_bucket);
3452 
3453  if (!connection_is_rate_limited(conn)) {
3454  /* be willing to write to local conns even if our buckets are empty */
3455  return conn_bucket;
3456  }
3457 
3458  if (connection_speaks_cells(conn)) {
3459  /* use the per-conn write limit if it's lower */
3460  or_connection_t *or_conn = TO_OR_CONN(conn);
3461  if (conn->state == OR_CONN_STATE_OPEN)
3462  conn_bucket = MIN(conn_bucket,
3463  token_bucket_rw_get_write(&or_conn->bucket));
3464  base = get_cell_network_size(or_conn->wide_circ_ids);
3465  }
3466 
3467  if (connection_counts_as_relayed_traffic(conn, now)) {
3468  size_t relayed = token_bucket_rw_get_write(&global_relayed_bucket);
3469  global_bucket_val = MIN(global_bucket_val, relayed);
3470  }
3471 
3472  return connection_bucket_get_share(base, priority,
3473  global_bucket_val, conn_bucket);
3474 }
3475 
3476 /** Return true iff the global write buckets are low enough that we
3477  * shouldn't send <b>attempt</b> bytes of low-priority directory stuff
3478  * out to <b>conn</b>.
3479  *
3480  * If we are a directory authority, always answer dir requests thus true is
3481  * always returned.
3482  *
3483  * Note: There are a lot of parameters we could use here:
3484  * - global_relayed_write_bucket. Low is bad.
3485  * - global_write_bucket. Low is bad.
3486  * - bandwidthrate. Low is bad.
3487  * - bandwidthburst. Not a big factor?
3488  * - attempt. High is bad.
3489  * - total bytes queued on outbufs. High is bad. But I'm wary of
3490  * using this, since a few slow-flushing queues will pump up the
3491  * number without meaning what we meant to mean. What we really
3492  * mean is "total directory bytes added to outbufs recently", but
3493  * that's harder to quantify and harder to keep track of.
3494  */
3495 bool
3497 {
3498  size_t smaller_bucket =
3499  MIN(token_bucket_rw_get_write(&global_bucket),
3500  token_bucket_rw_get_write(&global_relayed_bucket));
3501 
3502  /* Special case for authorities (directory only). */
3503  if (authdir_mode_v3(get_options())) {
3504  /* Are we configured to possibly reject requests under load? */
3506  /* Answer request no matter what. */
3507  return false;
3508  }
3509  /* Always answer requests from a known relay which includes the other
3510  * authorities. The following looks up the addresses for relays that we
3511  * have their descriptor _and_ any configured trusted directories. */
3513  return false;
3514  }
3515  }
3516 
3517  if (!connection_is_rate_limited(conn))
3518  return false; /* local conns don't get limited */
3519 
3520  if (smaller_bucket < attempt)
3521  return true; /* not enough space. */
3522 
3523  {
3524  const time_t diff = approx_time() - write_buckets_last_empty_at;
3525  if (diff <= 1)
3526  return true; /* we're already hitting our limits, no more please */
3527  }
3528  return false;
3529 }
3530 
3531 /** When did we last tell the accounting subsystem about transmitted
3532  * bandwidth? */
3534 
3535 /** Helper: adjusts our bandwidth history and informs the controller as
3536  * appropriate, given that we have just read <b>num_read</b> bytes and written
3537  * <b>num_written</b> bytes on <b>conn</b>. */
3538 static void
3540  time_t now, size_t num_read, size_t num_written)
3541 {
3542  /* Count bytes of answering direct and tunneled directory requests */
3543  if (conn->type == CONN_TYPE_DIR && conn->purpose == DIR_PURPOSE_SERVER) {
3544  if (num_read > 0)
3545  bwhist_note_dir_bytes_read(num_read, now);
3546  if (num_written > 0)
3547  bwhist_note_dir_bytes_written(num_written, now);
3548  }
3549 
3550  /* Linked connections and internal IPs aren't counted for statistics or
3551  * accounting:
3552  * - counting linked connections would double-count BEGINDIR bytes, because
3553  * they are sent as Dir bytes on the linked connection, and OR bytes on
3554  * the OR connection;
3555  * - relays and clients don't connect to internal IPs, unless specifically
3556  * configured to do so. If they are configured that way, we don't count
3557  * internal bytes.
3558  */
3559  if (!connection_is_rate_limited(conn))
3560  return;
3561 
3562  const bool is_ipv6 = (conn->socket_family == AF_INET6);
3563  if (conn->type == CONN_TYPE_OR)
3565  num_written, now, is_ipv6);
3566 
3567  if (num_read > 0) {
3568  bwhist_note_bytes_read(num_read, now, is_ipv6);
3569  }
3570  if (num_written > 0) {
3571  bwhist_note_bytes_written(num_written, now, is_ipv6);
3572  }
3573  if (conn->type == CONN_TYPE_EXIT)
3574  rep_hist_note_exit_bytes(conn->port, num_written, num_read);
3575 
3576  /* Remember these bytes towards statistics. */
3577  stats_increment_bytes_read_and_written(num_read, num_written);
3578 
3579  /* Remember these bytes towards accounting. */
3582  accounting_add_bytes(num_read, num_written,
3583  (int)(now - last_recorded_accounting_at));
3584  } else {
3585  accounting_add_bytes(num_read, num_written, 0);
3586  }
3588  }
3589 }
3590 
3591 /** We just read <b>num_read</b> and wrote <b>num_written</b> bytes
3592  * onto <b>conn</b>. Decrement buckets appropriately. */
3593 static void
3595  size_t num_read, size_t num_written)
3596 {
3597  if (num_written >= INT_MAX || num_read >= INT_MAX) {
3598  log_err(LD_BUG, "Value out of range. num_read=%lu, num_written=%lu, "
3599  "connection type=%s, state=%s",
3600  (unsigned long)num_read, (unsigned long)num_written,
3601  conn_type_to_string(conn->type),
3602  conn_state_to_string(conn->type, conn->state));
3604  if (num_written >= INT_MAX)
3605  num_written = 1;
3606  if (num_read >= INT_MAX)
3607  num_read = 1;
3608  }
3609 
3610  record_num_bytes_transferred_impl(conn, now, num_read, num_written);
3611 
3612  if (!connection_is_rate_limited(conn))
3613  return; /* local IPs are free */
3614 
3615  unsigned flags = 0;
3616  if (connection_counts_as_relayed_traffic(conn, now)) {
3617  flags = token_bucket_rw_dec(&global_relayed_bucket, num_read, num_written);
3618  }
3619  flags |= token_bucket_rw_dec(&global_bucket, num_read, num_written);
3620 
3621  if (flags & TB_WRITE) {
3623  }
3624  if (connection_speaks_cells(conn) && conn->state == OR_CONN_STATE_OPEN) {
3625  or_connection_t *or_conn = TO_OR_CONN(conn);
3626  token_bucket_rw_dec(&or_conn->bucket, num_read, num_written);
3627  }
3628 }
3629 
3630 /**
3631  * Mark <b>conn</b> as needing to stop reading because bandwidth has been
3632  * exhausted. If <b>is_global_bw</b>, it is closing because global bandwidth
3633  * limit has been exhausted. Otherwise, it is closing because its own
3634  * bandwidth limit has been exhausted.
3635  */
3636 void
3638 {
3639  (void)is_global_bw;
3640  conn->read_blocked_on_bw = 1;
3643 }
3644 
3645 /**
3646  * Mark <b>conn</b> as needing to stop reading because write bandwidth has
3647  * been exhausted. If <b>is_global_bw</b>, it is closing because global
3648  * bandwidth limit has been exhausted. Otherwise, it is closing because its
3649  * own bandwidth limit has been exhausted.
3650 */
3651 void
3653 {
3654  (void)is_global_bw;
3655  conn->write_blocked_on_bw = 1;
3658 }
3659 
3660 /** If we have exhausted our global buckets, or the buckets for conn,
3661  * stop reading. */
3662 void
3664 {
3665  const char *reason;
3666 
3667  if (!connection_is_rate_limited(conn))
3668  return; /* Always okay. */
3669 
3670  int is_global = 1;
3671 
3672  if (token_bucket_rw_get_read(&global_bucket) <= 0) {
3673  reason = "global read bucket exhausted. Pausing.";
3674  } else if (connection_counts_as_relayed_traffic(conn, approx_time()) &&
3675  token_bucket_rw_get_read(&global_relayed_bucket) <= 0) {
3676  reason = "global relayed read bucket exhausted. Pausing.";
3677  } else if (connection_speaks_cells(conn) &&
3678  conn->state == OR_CONN_STATE_OPEN &&
3679  token_bucket_rw_get_read(&TO_OR_CONN(conn)->bucket) <= 0) {
3680  reason = "connection read bucket exhausted. Pausing.";
3681  is_global = false;
3682  } else
3683  return; /* all good, no need to stop it */
3684 
3685  LOG_FN_CONN(conn, (LOG_DEBUG, LD_NET, "%s", reason));
3686  connection_read_bw_exhausted(conn, is_global);
3687 }
3688 
3689 /** If we have exhausted our global buckets, or the buckets for conn,
3690  * stop writing. */
3691 void
3693 {
3694  const char *reason;
3695 
3696  if (!connection_is_rate_limited(conn))
3697  return; /* Always okay. */
3698 
3699  bool is_global = true;
3700  if (token_bucket_rw_get_write(&global_bucket) <= 0) {
3701  reason = "global write bucket exhausted. Pausing.";
3702  } else if (connection_counts_as_relayed_traffic(conn, approx_time()) &&
3703  token_bucket_rw_get_write(&global_relayed_bucket) <= 0) {
3704  reason = "global relayed write bucket exhausted. Pausing.";
3705  } else if (connection_speaks_cells(conn) &&
3706  conn->state == OR_CONN_STATE_OPEN &&
3707  token_bucket_rw_get_write(&TO_OR_CONN(conn)->bucket) <= 0) {
3708  reason = "connection write bucket exhausted. Pausing.";
3709  is_global = false;
3710  } else
3711  return; /* all good, no need to stop it */
3712 
3713  LOG_FN_CONN(conn, (LOG_DEBUG, LD_NET, "%s", reason));
3714  connection_write_bw_exhausted(conn, is_global);
3715 }
3716 
3717 /** Initialize the global buckets to the values configured in the
3718  * options */
3719 void
3721 {
3722  const or_options_t *options = get_options();
3723  const uint32_t now_ts = monotime_coarse_get_stamp();
3724  token_bucket_rw_init(&global_bucket,
3725  (int32_t)options->BandwidthRate,
3726  (int32_t)options->BandwidthBurst,
3727  now_ts);
3728  if (options->RelayBandwidthRate) {
3729  token_bucket_rw_init(&global_relayed_bucket,
3730  (int32_t)options->RelayBandwidthRate,
3731  (int32_t)options->RelayBandwidthBurst,
3732  now_ts);
3733  } else {
3734  token_bucket_rw_init(&global_relayed_bucket,
3735  (int32_t)options->BandwidthRate,
3736  (int32_t)options->BandwidthBurst,
3737  now_ts);
3738  }
3739 
3741 }
3742 
3743 /** Update the global connection bucket settings to a new value. */
3744 void
3746 {
3747  token_bucket_rw_adjust(&global_bucket,
3748  (int32_t)options->BandwidthRate,
3749  (int32_t)options->BandwidthBurst);
3750  if (options->RelayBandwidthRate) {
3751  token_bucket_rw_adjust(&global_relayed_bucket,
3752  (int32_t)options->RelayBandwidthRate,
3753  (int32_t)options->RelayBandwidthBurst);
3754  } else {
3755  token_bucket_rw_adjust(&global_relayed_bucket,
3756  (int32_t)options->BandwidthRate,
3757  (int32_t)options->BandwidthBurst);
3758  }
3759 }
3760 
3761 /**
3762  * Cached value of the last coarse-timestamp when we refilled the
3763  * global buckets.
3764  */
3766 /**
3767  * Refill the token buckets for a single connection <b>conn</b>, and the
3768  * global token buckets as appropriate. Requires that <b>now_ts</b> is
3769  * the time in coarse timestamp units.
3770  */
3771 static void
3773 {
3774  /* Note that we only check for equality here: the underlying
3775  * token bucket functions can handle moving backwards in time if they
3776  * need to. */
3777  if (now_ts != last_refilled_global_buckets_ts) {
3778  token_bucket_rw_refill(&global_bucket, now_ts);
3779  token_bucket_rw_refill(&global_relayed_bucket, now_ts);
3781  }
3782 
3783  if (connection_speaks_cells(conn) && conn->state == OR_CONN_STATE_OPEN) {
3784  or_connection_t *or_conn = TO_OR_CONN(conn);
3785  token_bucket_rw_refill(&or_conn->bucket, now_ts);
3786  }
3787 }
3788 
3789 /**
3790  * Event to re-enable all connections that were previously blocked on read or
3791  * write.
3792  */
3794 
3795 /** True iff reenable_blocked_connections_ev is currently scheduled. */
3797 
3798 /** Delay after which to run reenable_blocked_connections_ev. */
3800 
3801 /**
3802  * Re-enable all connections that were previously blocked on read or write.
3803  * This event is scheduled after enough time has elapsed to be sure
3804  * that the buckets will refill when the connections have something to do.
3805  */
3806 static void
3808 {
3809  (void)ev;
3810  (void)arg;
3812  if (conn->read_blocked_on_bw == 1) {
3814  conn->read_blocked_on_bw = 0;
3815  }
3816  if (conn->write_blocked_on_bw == 1) {
3818  conn->write_blocked_on_bw = 0;
3819  }
3820  } SMARTLIST_FOREACH_END(conn);
3821 
3823 }
3824 
3825 /**
3826  * Initialize the mainloop event that we use to wake up connections that
3827  * find themselves blocked on bandwidth.
3828  */
3829 static void
3831 {
3836  }
3837  time_t sec = options->TokenBucketRefillInterval / 1000;
3838  int msec = (options->TokenBucketRefillInterval % 1000);
3840  reenable_blocked_connections_delay.tv_usec = msec * 1000;
3841 }
3842 
3843 /**
3844  * Called when we have blocked a connection for being low on bandwidth:
3845  * schedule an event to reenable such connections, if it is not already
3846  * scheduled.
3847  */
3848 static void
3850 {
3852  return;
3853  if (BUG(reenable_blocked_connections_ev == NULL)) {
3855  }
3859 }
3860 
3861 /** Read bytes from conn->s and process them.
3862  *
3863  * It calls connection_buf_read_from_socket() to bring in any new bytes,
3864  * and then calls connection_process_inbuf() to process them.
3865  *
3866  * Mark the connection and return -1 if you want to close it, else
3867  * return 0.
3868  */
3869 static int
3871 {
3872  ssize_t max_to_read=-1, try_to_read;
3873  size_t before, n_read = 0;
3874  int socket_error = 0;
3875 
3876  if (conn->marked_for_close)
3877  return 0; /* do nothing */
3878 
3880 
3882 
3883  switch (conn->type) {
3884  case CONN_TYPE_OR_LISTENER:
3888  case CONN_TYPE_AP_LISTENER:
3900  /* This should never happen; eventdns.c handles the reads here. */
3902  return 0;
3903  }
3904 
3905  loop_again:
3906  try_to_read = max_to_read;
3907  tor_assert(!conn->marked_for_close);
3908 
3909  before = buf_datalen(conn->inbuf);
3910  if (connection_buf_read_from_socket(conn, &max_to_read, &socket_error) < 0) {
3911  /* There's a read error; kill the connection.*/
3912  if (conn->type == CONN_TYPE_OR) {
3914  socket_error != 0 ?
3915  errno_to_orconn_end_reason(socket_error) :
3916  END_OR_CONN_REASON_CONNRESET,
3917  socket_error != 0 ?
3918  tor_socket_strerror(socket_error) :
3919  "(unknown, errno was 0)");
3920  }
3921  if (CONN_IS_EDGE(conn)) {
3922  edge_connection_t *edge_conn = TO_EDGE_CONN(conn);
3923  connection_edge_end_errno(edge_conn);
3924  if (conn->type == CONN_TYPE_AP && TO_ENTRY_CONN(conn)->socks_request) {
3925  /* broken, don't send a socks reply back */
3927  }
3928  }
3929  connection_close_immediate(conn); /* Don't flush; connection is dead. */
3930  /*
3931  * This can bypass normal channel checking since we did
3932  * connection_or_notify_error() above.
3933  */
3934  connection_mark_for_close_internal(conn);
3935  return -1;
3936  }
3937  n_read += buf_datalen(conn->inbuf) - before;
3938  if (CONN_IS_EDGE(conn) && try_to_read != max_to_read) {
3939  /* instruct it not to try to package partial cells. */
3940  if (connection_process_inbuf(conn, 0) < 0) {
3941  return -1;
3942  }
3943  if (!conn->marked_for_close &&
3944  connection_is_reading(conn) &&
3945  !conn->inbuf_reached_eof &&
3946  max_to_read > 0)
3947  goto loop_again; /* try reading again, in case more is here now */
3948  }
3949  /* one last try, packaging partial cells and all. */
3950  if (!conn->marked_for_close &&
3951  connection_process_inbuf(conn, 1) < 0) {
3952  return -1;
3953  }
3954  if (conn->linked_conn) {
3955  /* The other side's handle_write() will never actually get called, so
3956  * we need to invoke the appropriate callbacks ourself. */
3957  connection_t *linked = conn->linked_conn;
3958 
3959  if (n_read) {
3960  /* Probably a no-op, since linked conns typically don't count for
3961  * bandwidth rate limiting. But do it anyway so we can keep stats
3962  * accurately. Note that since we read the bytes from conn, and
3963  * we're writing the bytes onto the linked connection, we count
3964  * these as <i>written</i> bytes. */
3965  connection_buckets_decrement(linked, approx_time(), 0, n_read);
3966 
3967  if (connection_flushed_some(linked) < 0)
3968  connection_mark_for_close(linked);
3969  if (!connection_wants_to_flush(linked))
3971  }
3972 
3973  if (!buf_datalen(linked->outbuf) && conn->active_on_link)
3975  }
3976  /* If we hit the EOF, call connection_reached_eof(). */
3977  if (!conn->marked_for_close &&
3978  conn->inbuf_reached_eof &&
3979  connection_reached_eof(conn) < 0) {
3980  return -1;
3981  }
3982  return 0;
3983 }
3984 
3985 /* DOCDOC connection_handle_read */
3986 int
3987 connection_handle_read(connection_t *conn)
3988 {
3989  int res;
3990  update_current_time(time(NULL));
3991  res = connection_handle_read_impl(conn);
3992  return res;
3993 }
3994 
3995 /** Pull in new bytes from conn->s or conn->linked_conn onto conn->inbuf,
3996  * either directly or via TLS. Reduce the token buckets by the number of bytes
3997  * read.
3998  *
3999  * If *max_to_read is -1, then decide it ourselves, else go with the
4000  * value passed to us. When returning, if it's changed, subtract the
4001  * number of bytes we read from *max_to_read.
4002  *
4003  * Return -1 if we want to break conn, else return 0.
4004  */
4005 static int
4006 connection_buf_read_from_socket(connection_t *conn, ssize_t *max_to_read,
4007  int *socket_error)
4008 {
4009  int result;
4010  ssize_t at_most = *max_to_read;
4011  size_t slack_in_buf, more_to_read;
4012  size_t n_read = 0, n_written = 0;
4013 
4014  if (at_most == -1) { /* we need to initialize it */
4015  /* how many bytes are we allowed to read? */
4016  at_most = connection_bucket_read_limit(conn, approx_time());
4017  }
4018 
4019  /* Do not allow inbuf to grow past BUF_MAX_LEN. */
4020  const ssize_t maximum = BUF_MAX_LEN - buf_datalen(conn->inbuf);
4021  if (at_most > maximum) {
4022  at_most = maximum;
4023  }
4024 
4025  slack_in_buf = buf_slack(conn->inbuf);
4026  again:
4027  if ((size_t)at_most > slack_in_buf && slack_in_buf >= 1024) {
4028  more_to_read = at_most - slack_in_buf;
4029  at_most = slack_in_buf;
4030  } else {
4031  more_to_read = 0;
4032  }
4033 
4034  if (connection_speaks_cells(conn) &&
4036  int pending;
4037  or_connection_t *or_conn = TO_OR_CONN(conn);
4038  size_t initial_size;
4039  if (conn->state == OR_CONN_STATE_TLS_HANDSHAKING ||
4041  /* continue handshaking even if global token bucket is empty */
4042  return connection_tls_continue_handshake(or_conn);
4043  }
4044 
4045  log_debug(LD_NET,
4046  "%d: starting, inbuf_datalen %ld (%d pending in tls object)."
4047  " at_most %ld.",
4048  (int)conn->s,(long)buf_datalen(conn->inbuf),
4049  tor_tls_get_pending_bytes(or_conn->tls), (long)at_most);
4050 
4051  initial_size = buf_datalen(conn->inbuf);
4052  /* else open, or closing */
4053  result = buf_read_from_tls(conn->inbuf, or_conn->tls, at_most);
4054  if (TOR_TLS_IS_ERROR(result) || result == TOR_TLS_CLOSE)
4055  or_conn->tls_error = result;
4056  else
4057  or_conn->tls_error = 0;
4058 
4059  switch (result) {
4060  case TOR_TLS_CLOSE:
4061  case TOR_TLS_ERROR_IO:
4062  log_debug(LD_NET,"TLS %s closed %son read. Closing.",
4063  connection_describe(conn),
4064  result == TOR_TLS_CLOSE ? "cleanly " : "");
4065  return result;
4067  log_debug(LD_NET,"tls error [%s] from %s. Breaking.",
4068  tor_tls_err_to_string(result),
4069  connection_describe(conn));
4070  return result;
4071  case TOR_TLS_WANTWRITE:
4073  return 0;
4074  case TOR_TLS_WANTREAD:
4075  if (conn->in_connection_handle_write) {
4076  /* We've been invoked from connection_handle_write, because we're
4077  * waiting for a TLS renegotiation, the renegotiation started, and
4078  * SSL_read returned WANTWRITE. But now SSL_read is saying WANTREAD
4079  * again. Stop waiting for write events now, or else we'll
4080  * busy-loop until data arrives for us to read.
4081  * XXX: remove this when v2 handshakes support is dropped. */
4083  if (!connection_is_reading(conn))
4085  }
4086  /* we're already reading, one hopes */
4087  break;
4088  case TOR_TLS_DONE: /* no data read, so nothing to process */
4089  break; /* so we call bucket_decrement below */
4090  default:
4091  break;
4092  }
4093  pending = tor_tls_get_pending_bytes(or_conn->tls);
4094  if (pending) {
4095  /* If we have any pending bytes, we read them now. This *can*
4096  * take us over our read allotment, but really we shouldn't be
4097  * believing that SSL bytes are the same as TCP bytes anyway. */
4098  int r2 = buf_read_from_tls(conn->inbuf, or_conn->tls, pending);
4099  if (BUG(r2<0)) {
4100  log_warn(LD_BUG, "apparently, reading pending bytes can fail.");
4101  return -1;
4102  }
4103  }
4104  result = (int)(buf_datalen(conn->inbuf)-initial_size);
4105  tor_tls_get_n_raw_bytes(or_conn->tls, &n_read, &n_written);
4106  log_debug(LD_GENERAL, "After TLS read of %d: %ld read, %ld written",
4107  result, (long)n_read, (long)n_written);
4108  } else if (conn->linked) {
4109  if (conn->linked_conn) {
4110  result = (int) buf_move_all(conn->inbuf, conn->linked_conn->outbuf);
4111  } else {
4112  result = 0;
4113  }
4114  //log_notice(LD_GENERAL, "Moved %d bytes on an internal link!", result);
4115  /* If the other side has disappeared, or if it's been marked for close and
4116  * we flushed its outbuf, then we should set our inbuf_reached_eof. */
4117  if (!conn->linked_conn ||
4118  (conn->linked_conn->marked_for_close &&
4119  buf_datalen(conn->linked_conn->outbuf) == 0))
4120  conn->inbuf_reached_eof = 1;
4121 
4122  n_read = (size_t) result;
4123  } else {
4124  /* !connection_speaks_cells, !conn->linked_conn. */
4125  int reached_eof = 0;
4126  CONN_LOG_PROTECT(conn,
4127  result = buf_read_from_socket(conn->inbuf, conn->s,
4128  at_most,
4129  &reached_eof,
4130  socket_error));
4131  if (reached_eof)
4132  conn->inbuf_reached_eof = 1;
4133 
4134 // log_fn(LOG_DEBUG,"read_to_buf returned %d.",read_result);
4135 
4136  if (result < 0)
4137  return -1;
4138  n_read = (size_t) result;
4139  }
4140 
4141  if (n_read > 0) {
4142  /* change *max_to_read */
4143  *max_to_read = at_most - n_read;
4144 
4145  /* Onion service application connection. Note read bytes for metrics. */
4146  if (CONN_IS_EDGE(conn) && TO_EDGE_CONN(conn)->hs_ident) {
4147  edge_connection_t *edge_conn = TO_EDGE_CONN(conn);
4148  hs_metrics_app_read_bytes(&edge_conn->hs_ident->identity_pk,
4149  edge_conn->hs_ident->orig_virtual_port,
4150  n_read);
4151  }
4152 
4153  /* Update edge_conn->n_read */
4154  if (conn->type == CONN_TYPE_AP) {
4155  edge_connection_t *edge_conn = TO_EDGE_CONN(conn);
4156 
4157  /* Check for overflow: */
4158  if (PREDICT_LIKELY(UINT32_MAX - edge_conn->n_read > n_read))
4159  edge_conn->n_read += (int)n_read;
4160  else
4161  edge_conn->n_read = UINT32_MAX;
4162  }
4163 
4164  /* If CONN_BW events are enabled, update conn->n_read_conn_bw for
4165  * OR/DIR/EXIT connections, checking for overflow. */
4167  (conn->type == CONN_TYPE_OR ||
4168  conn->type == CONN_TYPE_DIR ||
4169  conn->type == CONN_TYPE_EXIT)) {
4170  if (PREDICT_LIKELY(UINT32_MAX - conn->n_read_conn_bw > n_read))
4171  conn->n_read_conn_bw += (int)n_read;
4172  else
4173  conn->n_read_conn_bw = UINT32_MAX;
4174  }
4175  }
4176 
4177  connection_buckets_decrement(conn, approx_time(), n_read, n_written);
4178 
4179  if (more_to_read && result == at_most) {
4180  slack_in_buf = buf_slack(conn->inbuf);
4181  at_most = more_to_read;
4182  goto again;
4183  }
4184 
4185  /* Call even if result is 0, since the global read bucket may
4186  * have reached 0 on a different conn, and this connection needs to
4187  * know to stop reading. */
4189  if (n_written > 0 && connection_is_writing(conn))
4191 
4192  return 0;
4193 }
4194 
4195 /** A pass-through to fetch_from_buf. */
4196 int
4197 connection_buf_get_bytes(char *string, size_t len, connection_t *conn)
4198 {
4199  return buf_get_bytes(conn->inbuf, string, len);
4200 }
4201 
4202 /** As buf_get_line(), but read from a connection's input buffer. */
4203 int
4205  size_t *data_len)
4206 {
4207  return buf_get_line(conn->inbuf, data, data_len);
4208 }
4209 
4210 /** As fetch_from_buf_http, but fetches from a connection's input buffer_t as
4211  * appropriate. */
4212 int
4214  char **headers_out, size_t max_headerlen,
4215  char **body_out, size_t *body_used,
4216  size_t max_bodylen, int force_complete)
4217 {
4218  return fetch_from_buf_http(conn->inbuf, headers_out, max_headerlen,
4219  body_out, body_used, max_bodylen, force_complete);
4220 }
4221 
4222 /** Return true if this connection has data to flush. */
4223 int
4225 {
4226  return connection_get_outbuf_len(conn) > 0;
4227 }
4228 
4229 /** Are there too many bytes on edge connection <b>conn</b>'s outbuf to
4230  * send back a relay-level sendme yet? Return 1 if so, 0 if not. Used by
4231  * connection_edge_consider_sending_sendme().
4232  */
4233 int
4235 {
4236  return connection_get_outbuf_len(conn) > 10*CELL_PAYLOAD_SIZE;
4237 }
4238 
4239 /**
4240  * On Windows Vista and Windows 7, tune the send buffer size according to a
4241  * hint from the OS.
4242  *
4243  * This should help fix slow upload rates.
4244  */
4245 static void
4247 {
4248 #ifdef _WIN32
4249  /* We only do this on Vista and 7, because earlier versions of Windows
4250  * don't have the SIO_IDEAL_SEND_BACKLOG_QUERY functionality, and on
4251  * later versions it isn't necessary. */
4252  static int isVistaOr7 = -1;
4253  if (isVistaOr7 == -1) {
4254  isVistaOr7 = 0;
4255  OSVERSIONINFO osvi = { 0 };
4256  osvi.dwOSVersionInfoSize = sizeof(OSVERSIONINFO);
4257  GetVersionEx(&osvi);
4258  if (osvi.dwMajorVersion == 6 && osvi.dwMinorVersion < 2)
4259  isVistaOr7 = 1;
4260  }
4261  if (!isVistaOr7)
4262  return;
4263  if (get_options()->ConstrainedSockets)
4264  return;
4265  ULONG isb = 0;
4266  DWORD bytesReturned = 0;
4267  if (!WSAIoctl(sock, SIO_IDEAL_SEND_BACKLOG_QUERY, NULL, 0,
4268  &isb, sizeof(isb), &bytesReturned, NULL, NULL)) {
4269  setsockopt(sock, SOL_SOCKET, SO_SNDBUF, (const char*)&isb, sizeof(isb));
4270  }
4271 #else /* !defined(_WIN32) */
4272  (void) sock;
4273 #endif /* defined(_WIN32) */
4274 }
4275 
4276 /** Try to flush more bytes onto <b>conn</b>->s.
4277  *
4278  * This function is called in connection_handle_write(), which gets
4279  * called from conn_write_callback() in main.c when libevent tells us
4280  * that <b>conn</b> wants to write.
4281  *
4282  * Update <b>conn</b>->timestamp_last_write_allowed to now, and call flush_buf
4283  * or flush_buf_tls appropriately. If it succeeds and there are no more
4284  * more bytes on <b>conn</b>->outbuf, then call connection_finished_flushing
4285  * on it too.
4286  *
4287  * If <b>force</b>, then write as many bytes as possible, ignoring bandwidth
4288  * limits. (Used for flushing messages to controller connections on fatal
4289  * errors.)
4290  *
4291  * Mark the connection and return -1 if you want to close it, else
4292  * return 0.
4293  */
4294 static int
4296 {
4297  int e;
4298  socklen_t len=(socklen_t)sizeof(e);
4299  int result;
4300  ssize_t max_to_write;
4301  time_t now = approx_time();
4302  size_t n_read = 0, n_written = 0;
4303  int dont_stop_writing = 0;
4304 
4306 
4307  if (conn->marked_for_close || !SOCKET_OK(conn->s))
4308  return 0; /* do nothing */
4309 
4310  if (conn->in_flushed_some) {
4311  log_warn(LD_BUG, "called recursively from inside conn->in_flushed_some");
4312  return 0;
4313  }
4314 
4315  conn->timestamp_last_write_allowed = now;
4316 
4318 
4319  /* Sometimes, "writable" means "connected". */
4320  if (connection_state_is_connecting(conn)) {
4321  if (getsockopt(conn->s, SOL_SOCKET, SO_ERROR, (void*)&e, &len) < 0) {
4322  log_warn(LD_BUG, "getsockopt() syscall failed");
4323  if (conn->type == CONN_TYPE_OR) {
4324  or_connection_t *orconn = TO_OR_CONN(conn);
4325  connection_or_close_for_error(orconn, 0);
4326  } else {
4327  if (CONN_IS_EDGE(conn)) {
4329  }
4330  connection_mark_for_close(conn);
4331  }
4332  return -1;
4333  }
4334  if (e) {
4335  /* some sort of error, but maybe just inprogress still */
4336  if (!ERRNO_IS_CONN_EINPROGRESS(e)) {
4337  log_info(LD_NET,"in-progress connect failed. Removing. (%s)",
4338  tor_socket_strerror(e));
4339  if (CONN_IS_EDGE(conn))
4341  if (conn->type == CONN_TYPE_OR)
4344  tor_socket_strerror(e));
4345 
4347  /*
4348  * This can bypass normal channel checking since we did
4349  * connection_or_notify_error() above.
4350  */
4351  connection_mark_for_close_internal(conn);
4352  return -1;
4353  } else {
4354  return 0; /* no change, see if next time is better */
4355  }
4356  }
4357  /* The connection is successful. */
4358  if (connection_finished_connecting(conn)<0)
4359  return -1;
4360  }
4361 
4362  max_to_write = force ? (ssize_t)buf_datalen(conn->outbuf)
4363  : connection_bucket_write_limit(conn, now);
4364 
4365  if (connection_speaks_cells(conn) &&
4367  or_connection_t *or_conn = TO_OR_CONN(conn);
4368  size_t initial_size;
4369  if (conn->state == OR_CONN_STATE_TLS_HANDSHAKING ||
4372  if (connection_tls_continue_handshake(or_conn) < 0) {
4373  /* Don't flush; connection is dead. */
4375  END_OR_CONN_REASON_MISC,
4376  "TLS error in connection_tls_"
4377  "continue_handshake()");
4379  /*
4380  * This can bypass normal channel checking since we did
4381  * connection_or_notify_error() above.
4382  */
4383  connection_mark_for_close_internal(conn);
4384  return -1;
4385  }
4386  return 0;
4387  } else if (conn->state == OR_CONN_STATE_TLS_SERVER_RENEGOTIATING) {
4388  return connection_handle_read(conn);
4389  }
4390 
4391  /* else open, or closing */
4392  initial_size = buf_datalen(conn->outbuf);
4393  result = buf_flush_to_tls(conn->outbuf, or_conn->tls,
4394  max_to_write);
4395 
4396  if (result >= 0)
4397  update_send_buffer_size(conn->s);
4398 
4399  /* If we just flushed the last bytes, tell the channel on the
4400  * or_conn to check if it needs to geoip_change_dirreq_state() */
4401  /* XXXX move this to flushed_some or finished_flushing -NM */
4402  if (buf_datalen(conn->outbuf) == 0 && or_conn->chan)
4403  channel_notify_flushed(TLS_CHAN_TO_BASE(or_conn->chan));
4404 
4405  switch (result) {
4407  case TOR_TLS_CLOSE:
4408  or_conn->tls_error = result;
4409  log_info(LD_NET, result != TOR_TLS_CLOSE ?
4410  "tls error. breaking.":"TLS connection closed on flush");
4411  /* Don't flush; connection is dead. */
4413  END_OR_CONN_REASON_MISC,
4414  result != TOR_TLS_CLOSE ?
4415  "TLS error in during flush" :
4416  "TLS closed during flush");
4418  /*
4419  * This can bypass normal channel checking since we did
4420  * connection_or_notify_error() above.
4421  */
4422  connection_mark_for_close_internal(conn);
4423  return -1;
4424  case TOR_TLS_WANTWRITE:
4425  log_debug(LD_NET,"wanted write.");
4426  /* we're already writing */
4427  dont_stop_writing = 1;
4428  break;
4429  case TOR_TLS_WANTREAD:
4430  /* Make sure to avoid a loop if the receive buckets are empty. */
4431  log_debug(LD_NET,"wanted read.");
4432  if (!connection_is_reading(conn)) {
4433  connection_write_bw_exhausted(conn, true);
4434  /* we'll start reading again when we get more tokens in our
4435  * read bucket; then we'll start writing again too.
4436  */
4437  }
4438  /* else no problem, we're already reading */
4439  return 0;
4440  /* case TOR_TLS_DONE:
4441  * for TOR_TLS_DONE, fall through to check if the flushlen
4442  * is empty, so we can stop writing.
4443  */
4444  }
4445 
4446  tor_tls_get_n_raw_bytes(or_conn->tls, &n_read, &n_written);
4447  log_debug(LD_GENERAL, "After TLS write of %d: %ld read, %ld written",
4448  result, (long)n_read, (long)n_written);
4449  or_conn->bytes_xmitted += result;
4450  or_conn->bytes_xmitted_by_tls += n_written;
4451  /* So we notice bytes were written even on error */
4452  /* XXXX This cast is safe since we can never write INT_MAX bytes in a
4453  * single set of TLS operations. But it looks kinda ugly. If we refactor
4454  * the *_buf_tls functions, we should make them return ssize_t or size_t
4455  * or something. */
4456  result = (int)(initial_size-buf_datalen(conn->outbuf));
4457  } else {
4458  CONN_LOG_PROTECT(conn,
4459  result = buf_flush_to_socket(conn->outbuf, conn->s,
4460  max_to_write));
4461  if (result < 0) {
4462  if (CONN_IS_EDGE(conn))
4464  if (conn->type == CONN_TYPE_AP) {
4465  /* writing failed; we couldn't send a SOCKS reply if we wanted to */
4467  }
4468 
4469  connection_close_immediate(conn); /* Don't flush; connection is dead. */
4470  connection_mark_for_close(conn);
4471  return -1;
4472  }
4473  update_send_buffer_size(conn->s);
4474  n_written = (size_t) result;
4475  }
4476 
4477  if (n_written && conn->type == CONN_TYPE_AP) {
4478  edge_connection_t *edge_conn = TO_EDGE_CONN(conn);
4479 
4480  /* Check for overflow: */
4481  if (PREDICT_LIKELY(UINT32_MAX - edge_conn->n_written > n_written))
4482  edge_conn->n_written += (int)n_written;
4483  else
4484  edge_conn->n_written = UINT32_MAX;
4485  }
4486 
4487  /* If CONN_BW events are enabled, update conn->n_written_conn_bw for
4488  * OR/DIR/EXIT connections, checking for overflow. */
4489  if (n_written && get_options()->TestingEnableConnBwEvent &&
4490  (conn->type == CONN_TYPE_OR ||
4491  conn->type == CONN_TYPE_DIR ||
4492  conn->type == CONN_TYPE_EXIT)) {
4493  if (PREDICT_LIKELY(UINT32_MAX - conn->n_written_conn_bw > n_written))
4494  conn->n_written_conn_bw += (int)n_written;
4495  else
4496  conn->n_written_conn_bw = UINT32_MAX;
4497  }
4498 
4499  connection_buckets_decrement(conn, approx_time(), n_read, n_written);
4500 
4501  if (result > 0) {
4502  /* If we wrote any bytes from our buffer, then call the appropriate
4503  * functions. */
4504  if (connection_flushed_some(conn) < 0) {
4505  if (connection_speaks_cells(conn)) {
4507  END_OR_CONN_REASON_MISC,
4508  "Got error back from "
4509  "connection_flushed_some()");
4510  }
4511 
4512  /*
4513  * This can bypass normal channel checking since we did
4514  * connection_or_notify_error() above.
4515  */
4516  connection_mark_for_close_internal(conn);
4517  }
4518  }
4519 
4520  if (!connection_wants_to_flush(conn) &&
4521  !dont_stop_writing) { /* it's done flushing */
4522  if (connection_finished_flushing(conn) < 0) {
4523  /* already marked */
4524  return -1;
4525  }
4526  return 0;
4527  }
4528 
4529  /* Call even if result is 0, since the global write bucket may
4530  * have reached 0 on a different conn, and this connection needs to
4531  * know to stop writing. */
4533  if (n_read > 0 && connection_is_reading(conn))
4535 
4536  return 0;
4537 }
4538 
4539 /* DOCDOC connection_handle_write */
4540 int
4541 connection_handle_write(connection_t *conn, int force)
4542 {
4543  int res;
4544  update_current_time(time(NULL));
4545  /* connection_handle_write_impl() might call connection_handle_read()
4546  * if we're in the middle of a v2 handshake, in which case it needs this
4547  * flag set. */
4548  conn->in_connection_handle_write = 1;
4549  res = connection_handle_write_impl(conn, force);
4550  conn->in_connection_handle_write = 0;
4551  return res;
4552 }
4553 
4554 /**
4555  * Try to flush data that's waiting for a write on <b>conn</b>. Return
4556  * -1 on failure, 0 on success.
4557  *
4558  * Don't use this function for regular writing; the buffers
4559  * system should be good enough at scheduling writes there. Instead, this
4560  * function is for cases when we're about to exit or something and we want
4561  * to report it right away.
4562  */
4563 int
4565 {
4566  return connection_handle_write(conn, 1);
4567 }
4568 
4569 /** Helper for connection_write_to_buf_impl and connection_write_buf_to_buf:
4570  *
4571  * Return true iff it is okay to queue bytes on <b>conn</b>'s outbuf for
4572  * writing.
4573  */
4574 static int
4576 {
4577  /* if it's marked for close, only allow write if we mean to flush it */
4578  if (conn->marked_for_close && !conn->hold_open_until_flushed)
4579  return 0;
4580 
4581  return 1;
4582 }
4583 
4584 /** Helper for connection_write_to_buf_impl and connection_write_buf_to_buf:
4585  *
4586  * Called when an attempt to add bytes on <b>conn</b>'s outbuf has failed;
4587  * mark the connection and warn as appropriate.
4588  */
4589 static void
4591 {
4592  if (CONN_IS_EDGE(conn)) {
4593  /* if it failed, it means we have our package/delivery windows set
4594  wrong compared to our max outbuf size. close the whole circuit. */
4595  log_warn(LD_NET,
4596  "write_to_buf failed. Closing circuit (fd %d).", (int)conn->s);
4597  circuit_mark_for_close(circuit_get_by_edge_conn(TO_EDGE_CONN(conn)),
4598  END_CIRC_REASON_INTERNAL);
4599  } else if (conn->type == CONN_TYPE_OR) {
4600  or_connection_t *orconn = TO_OR_CONN(conn);
4601  log_warn(LD_NET,
4602  "write_to_buf failed on an orconn; notifying of error "
4603  "(fd %d)", (int)(conn->s));
4604  connection_or_close_for_error(orconn, 0);
4605  } else {
4606  log_warn(LD_NET,
4607  "write_to_buf failed. Closing connection (fd %d).",
4608  (int)conn->s);
4609  connection_mark_for_close(conn);
4610  }
4611 }
4612 
4613 /** Helper for connection_write_to_buf_impl and connection_write_buf_to_buf:
4614  *
4615  * Called when an attempt to add bytes on <b>conn</b>'s outbuf has succeeded:
4616  * start writing if appropriate.
4617  */
4618 static void
4620 {
4621  /* If we receive optimistic data in the EXIT_CONN_STATE_RESOLVING
4622  * state, we don't want to try to write it right away, since
4623  * conn->write_event won't be set yet. Otherwise, write data from
4624  * this conn as the socket is available. */
4625  if (conn->write_event) {
4627  }
4628 }
4629 
4630 /** Append <b>len</b> bytes of <b>string</b> onto <b>conn</b>'s
4631  * outbuf, and ask it to start writing.
4632  *
4633  * If <b>zlib</b> is nonzero, this is a directory connection that should get
4634  * its contents compressed or decompressed as they're written. If zlib is
4635  * negative, this is the last data to be compressed, and the connection's zlib
4636  * state should be flushed.
4637  */
4638 MOCK_IMPL(void,
4639 connection_write_to_buf_impl_,(const char *string, size_t len,
4640  connection_t *conn, int zlib))
4641 {
4642  /* XXXX This function really needs to return -1 on failure. */
4643  int r;
4644  if (!len && !(zlib<0))
4645  return;
4646 
4647  if (!connection_may_write_to_buf(conn))
4648  return;
4649 
4650  if (zlib) {
4651  dir_connection_t *dir_conn = TO_DIR_CONN(conn);
4652  int done = zlib < 0;
4653  CONN_LOG_PROTECT(conn, r = buf_add_compress(conn->outbuf,
4654  dir_conn->compress_state,
4655  string, len, done));
4656  } else {
4657  CONN_LOG_PROTECT(conn, r = buf_add(conn->outbuf, string, len));
4658  }
4659  if (r < 0) {
4661  return;
4662  }
4664 }
4665 
4666 /**
4667  * Write a <b>string</b> (of size <b>len</b> to directory connection
4668  * <b>dir_conn</b>. Apply compression if connection is configured to use
4669  * it and finalize it if <b>done</b> is true.
4670  */
4671 void
4672 connection_dir_buf_add(const char *string, size_t len,
4673  dir_connection_t *dir_conn, int done)
4674 {
4675  if (dir_conn->compress_state != NULL) {
4676  connection_buf_add_compress(string, len, dir_conn, done);
4677  return;
4678  }
4679 
4680  connection_buf_add(string, len, TO_CONN(dir_conn));
4681 }
4682 
4683 void
4684 connection_buf_add_compress(const char *string, size_t len,
4685  dir_connection_t *conn, int done)
4686 {
4687  connection_write_to_buf_impl_(string, len, TO_CONN(conn), done ? -1 : 1);
4688 }
4689 
4690 /**
4691  * Add all bytes from <b>buf</b> to <b>conn</b>'s outbuf, draining them
4692  * from <b>buf</b>. (If the connection is marked and will soon be closed,
4693  * nothing is drained.)
4694  */
4695 void
4697 {
4698  tor_assert(conn);
4699  tor_assert(buf);
4700  size_t len = buf_datalen(buf);
4701  if (len == 0)
4702  return;
4703 
4704  if (!connection_may_write_to_buf(conn))
4705  return;
4706 
4707  buf_move_all(conn->outbuf, buf);
4709 }
4710 
4711 #define CONN_GET_ALL_TEMPLATE(var, test) \
4712  STMT_BEGIN \
4713  smartlist_t *conns = get_connection_array(); \
4714  smartlist_t *ret_conns = smartlist_new(); \
4715  SMARTLIST_FOREACH_BEGIN(conns, connection_t *, var) { \
4716  if (var && (test) && !var->marked_for_close) \
4717  smartlist_add(ret_conns, var); \
4718  } SMARTLIST_FOREACH_END(var); \
4719  return ret_conns; \
4720  STMT_END
4721 
4722 /* Return a list of connections that aren't close and matches the given type
4723  * and state. The returned list can be empty and must be freed using
4724  * smartlist_free(). The caller does NOT have ownership of the objects in the
4725  * list so it must not free them nor reference them as they can disappear. */
4726 smartlist_t *
4727 connection_list_by_type_state(int type, int state)
4728 {
4729  CONN_GET_ALL_TEMPLATE(conn, (conn->type == type && conn->state == state));
4730 }
4731 
4732 /* Return a list of connections that aren't close and matches the given type
4733  * and purpose. The returned list can be empty and must be freed using
4734  * smartlist_free(). The caller does NOT have ownership of the objects in the
4735  * list so it must not free them nor reference them as they can disappear. */
4736 smartlist_t *
4737 connection_list_by_type_purpose(int type, int purpose)
4738 {
4739  CONN_GET_ALL_TEMPLATE(conn,
4740  (conn->type == type && conn->purpose == purpose));
4741 }
4742 
4743 /** Return a connection_t * from get_connection_array() that satisfies test on
4744  * var, and that is not marked for close. */
4745 #define CONN_GET_TEMPLATE(var, test) \
4746  STMT_BEGIN \
4747  smartlist_t *conns = get_connection_array(); \
4748  SMARTLIST_FOREACH(conns, connection_t *, var, \
4749  { \
4750  if (var && (test) && !var->marked_for_close) \
4751  return var; \
4752  }); \
4753  return NULL; \
4754  STMT_END
4755 
4756 /** Return a connection with given type, address, port, and purpose;
4757  * or NULL if no such connection exists (or if all such connections are marked
4758  * for close). */
4761  const tor_addr_t *addr, uint16_t port,
4762  int purpose))
4763 {
4764  CONN_GET_TEMPLATE(conn,
4765  (conn->type == type &&
4766  tor_addr_eq(&conn->addr, addr) &&
4767  conn->port == port &&
4768  conn->purpose == purpose));
4769 }
4770 
4771 /** Return the stream with id <b>id</b> if it is not already marked for
4772  * close.
4773  */
4774 connection_t *
4776 {
4777  CONN_GET_TEMPLATE(conn, conn->global_identifier == id);
4778 }
4779 
4780 /** Return a connection of type <b>type</b> that is not marked for close.
4781  */
4782 connection_t *
4784 {
4785  CONN_GET_TEMPLATE(conn, conn->type == type);
4786 }
4787 
4788 /** Return a connection of type <b>type</b> that is in state <b>state</b>,
4789  * and that is not marked for close.
4790  */
4791 connection_t *
4792 connection_get_by_type_state(int type, int state)
4793 {
4794  CONN_GET_TEMPLATE(conn, conn->type == type && conn->state == state);
4795 }
4796 
4797 /**
4798  * Return a connection of type <b>type</b> that is not an internally linked
4799  * connection, and is not marked for close.
4800  **/
4803 {
4804  CONN_GET_TEMPLATE(conn, conn->type == type && !conn->linked);
4805 }
4806 
4807 /** Return a connection of type <b>type</b> that has rendquery equal
4808  * to <b>rendquery</b>, and that is not marked for close. If state
4809  * is non-zero, conn must be of that state too.
4810  */
4811 connection_t *
4813  const char *rendquery)
4814 {
4815  tor_assert(type == CONN_TYPE_DIR ||
4816  type == CONN_TYPE_AP || type == CONN_TYPE_EXIT);
4817  tor_assert(rendquery);
4818 
4819  CONN_GET_TEMPLATE(conn,
4820  (conn->type == type &&
4821  (!state || state == conn->state)) &&
4822  (
4823  (type == CONN_TYPE_DIR &&
4824  TO_DIR_CONN(conn)->rend_data &&
4825  !rend_cmp_service_ids(rendquery,
4826  rend_data_get_address(TO_DIR_CONN(conn)->rend_data)))
4827  ||
4828  (CONN_IS_EDGE(conn) &&
4829  TO_EDGE_CONN(conn)->rend_data &&
4830  !rend_cmp_service_ids(rendquery,
4831  rend_data_get_address(TO_EDGE_CONN(conn)->rend_data)))
4832  ));
4833 }
4834 
4835 /** Return a new smartlist of dir_connection_t * from get_connection_array()
4836  * that satisfy conn_test on connection_t *conn_var, and dirconn_test on
4837  * dir_connection_t *dirconn_var. conn_var must be of CONN_TYPE_DIR and not
4838  * marked for close to be included in the list. */
4839 #define DIR_CONN_LIST_TEMPLATE(conn_var, conn_test, \
4840  dirconn_var, dirconn_test) \
4841  STMT_BEGIN \
4842  smartlist_t *conns = get_connection_array(); \
4843  smartlist_t *dir_conns = smartlist_new(); \
4844  SMARTLIST_FOREACH_BEGIN(conns, connection_t *, conn_var) { \
4845  if (conn_var && (conn_test) \
4846  && conn_var->type == CONN_TYPE_DIR \
4847  && !conn_var->marked_for_close) { \
4848  dir_connection_t *dirconn_var = TO_DIR_CONN(conn_var); \
4849  if (dirconn_var && (dirconn_test)) { \
4850  smartlist_add(dir_conns, dirconn_var); \
4851  } \
4852  } \
4853  } SMARTLIST_FOREACH_END(conn_var); \
4854  return dir_conns; \
4855  STMT_END
4856 
4857 /** Return a list of directory connections that are fetching the item
4858  * described by <b>purpose</b>/<b>resource</b>. If there are none,
4859  * return an empty list. This list must be freed using smartlist_free,
4860  * but the pointers in it must not be freed.
4861  * Note that this list should not be cached, as the pointers in it can be
4862  * freed if their connections close. */
4863 smartlist_t *
4865  int purpose,
4866  const char *resource)
4867 {
4869  conn->purpose == purpose,
4870  dirconn,
4871  0 == strcmp_opt(resource,
4872  dirconn->requested_resource));
4873 }
4874 
4875 /** Return a list of directory connections that are fetching the item
4876  * described by <b>purpose</b>/<b>resource</b>/<b>state</b>. If there are
4877  * none, return an empty list. This list must be freed using smartlist_free,
4878  * but the pointers in it must not be freed.
4879  * Note that this list should not be cached, as the pointers in it can be
4880  * freed if their connections close. */
4881 smartlist_t *
4883  int purpose,
4884  const char *resource,
4885  int state)
4886 {
4888  conn->purpose == purpose && conn->state == state,
4889  dirconn,
4890  0 == strcmp_opt(resource,
4891  dirconn->requested_resource));
4892 }
4893 
4894 #undef DIR_CONN_LIST_TEMPLATE
4895 
4896 /** Return an arbitrary active OR connection that isn't <b>this_conn</b>.
4897  *
4898  * We use this to guess if we should tell the controller that we
4899  * didn't manage to connect to any of our bridges. */
4900 static connection_t *
4902 {
4903  CONN_GET_TEMPLATE(conn,
4904  conn != TO_CONN(this_conn) && conn->type == CONN_TYPE_OR);
4905 }
4906 
4907 /** Return 1 if there are any active OR connections apart from
4908  * <b>this_conn</b>.
4909  *
4910  * We use this to guess if we should tell the controller that we
4911  * didn't manage to connect to any of our bridges. */
4912 int
4914 {
4916  if (conn != NULL) {
4917  log_debug(LD_DIR, "%s: Found an OR connection: %s",
4918  __func__, connection_describe(conn));
4919  return 1;
4920  }
4921 
4922  return 0;
4923 }
4924 
4925 #undef CONN_GET_TEMPLATE
4926 
4927 /** Return 1 if <b>conn</b> is a listener conn, else return 0. */
4928 int
4930 {
4931  if (conn->type == CONN_TYPE_OR_LISTENER ||
4932  conn->type == CONN_TYPE_EXT_OR_LISTENER ||
4933  conn->type == CONN_TYPE_AP_LISTENER ||
4934  conn->type == CONN_TYPE_AP_TRANS_LISTENER ||
4935  conn->type == CONN_TYPE_AP_DNS_LISTENER ||
4936  conn->type == CONN_TYPE_AP_NATD_LISTENER ||
4938  conn->type == CONN_TYPE_DIR_LISTENER ||
4940  return 1;
4941  return 0;
4942 }
4943 
4944 /** Return 1 if <b>conn</b> is in state "open" and is not marked
4945  * for close, else return 0.
4946  */
4947 int
4949 {
4950  tor_assert(conn);
4951 
4952  if (conn->marked_for_close)
4953  return 0;
4954 
4955  if ((conn->type == CONN_TYPE_OR && conn->state == OR_CONN_STATE_OPEN) ||
4956  (conn->type == CONN_TYPE_EXT_OR) ||
4957  (conn->type == CONN_TYPE_AP && conn->state == AP_CONN_STATE_OPEN) ||
4958  (conn->type == CONN_TYPE_EXIT && conn->state == EXIT_CONN_STATE_OPEN) ||
4959  (conn->type == CONN_TYPE_CONTROL &&
4960  conn->state == CONTROL_CONN_STATE_OPEN))
4961  return 1;
4962 
4963  return 0;
4964 }
4965 
4966 /** Return 1 if conn is in 'connecting' state, else return 0. */
4967 int
4969 {
4970  tor_assert(conn);
4971 
4972  if (conn->marked_for_close)
4973  return 0;
4974  switch (conn->type)
4975  {
4976  case CONN_TYPE_OR:
4977  return conn->state == OR_CONN_STATE_CONNECTING;
4978  case CONN_TYPE_EXIT:
4979  return conn->state == EXIT_CONN_STATE_CONNECTING;
4980  case CONN_TYPE_DIR:
4981  return conn->state == DIR_CONN_STATE_CONNECTING;
4982  }
4983 
4984  return 0;
4985 }
4986 
4987 /** Allocates a base64'ed authenticator for use in http or https
4988  * auth, based on the input string <b>authenticator</b>. Returns it
4989  * if success, else returns NULL. */
4990 char *
4991 alloc_http_authenticator(const char *authenticator)
4992 {
4993  /* an authenticator in Basic authentication
4994  * is just the string "username:password" */
4995  const size_t authenticator_length = strlen(authenticator);
4996  const size_t base64_authenticator_length =
4997  base64_encode_size(authenticator_length, 0) + 1;
4998  char *base64_authenticator = tor_malloc(base64_authenticator_length);
4999  if (base64_encode(base64_authenticator, base64_authenticator_length,
5000  authenticator, authenticator_length, 0) < 0) {
5001  tor_free(base64_authenticator); /* free and set to null */
5002  }
5003  return base64_authenticator;
5004 }
5005 
5006 /** Given a socket handle, check whether the local address (sockname) of the
5007  * socket is one that we've connected from before. If so, double-check
5008  * whether our address has changed and we need to generate keys. If we do,
5009  * call init_keys().
5010  */
5011 static void
5013 {
5014  tor_addr_t out_addr, iface_addr;
5015  tor_addr_t **last_interface_ip_ptr;
5016  sa_family_t family;
5017 
5018  if (!outgoing_addrs)
5020 
5021  if (tor_addr_from_getsockname(&out_addr, sock) < 0) {
5022  int e = tor_socket_errno(sock);
5023  log_warn(LD_NET, "getsockname() to check for address change failed: %s",
5024  tor_socket_strerror(e));
5025  return;
5026  }
5027  family = tor_addr_family(&out_addr);
5028 
5029  if (family == AF_INET)
5030  last_interface_ip_ptr = &last_interface_ipv4;
5031  else if (family == AF_INET6)
5032  last_interface_ip_ptr = &last_interface_ipv6;
5033  else
5034  return;
5035 
5036  if (! *last_interface_ip_ptr) {
5037  tor_addr_t *a = tor_malloc_zero(sizeof(tor_addr_t));
5038  if (get_interface_address6(LOG_INFO, family, a)==0) {
5039  *last_interface_ip_ptr = a;
5040  } else {
5041  tor_free(a);
5042  }
5043  }
5044 
5045  /* If we've used this address previously, we're okay. */
5047  if (tor_addr_eq(a_ptr, &out_addr))
5048  return;
5049  );
5050 
5051  /* Uh-oh. We haven't connected from this address before. Has the interface
5052  * address changed? */
5053  if (get_interface_address6(LOG_INFO, family, &iface_addr)<0)
5054  return;
5055 
5056  if (tor_addr_eq(&iface_addr, *last_interface_ip_ptr)) {
5057  /* Nope, it hasn't changed. Add this address to the list. */
5058  smartlist_add(outgoing_addrs, tor_memdup(&out_addr, sizeof(tor_addr_t)));
5059  } else {
5060  /* The interface changed. We're a client, so we need to regenerate our
5061  * keys. First, reset the state. */
5062  log_notice(LD_NET, "Our IP address has changed. Rotating keys...");
5063  tor_addr_copy(*last_interface_ip_ptr, &iface_addr);
5066  smartlist_add(outgoing_addrs, tor_memdup(&out_addr, sizeof(tor_addr_t)));
5067  /* We'll need to resolve ourselves again. */
5068  resolved_addr_reset_last(AF_INET);
5069  /* Okay, now change our keys. */
5070  ip_address_changed(1);
5071  }
5072 }
5073 
5074 /** Some systems have limited system buffers for recv and xmit on
5075  * sockets allocated in a virtual server or similar environment. For a Tor
5076  * server this can produce the "Error creating network socket: No buffer
5077  * space available" error once all available TCP buffer space is consumed.
5078  * This method will attempt to constrain the buffers allocated for the socket
5079  * to the desired size to stay below system TCP buffer limits.
5080  */
5081 static void
5083 {
5084  void *sz = (void*)&size;
5085  socklen_t sz_sz = (socklen_t) sizeof(size);
5086  if (setsockopt(sock, SOL_SOCKET, SO_SNDBUF, sz, sz_sz) < 0) {
5087  int e = tor_socket_errno(sock);
5088  log_warn(LD_NET, "setsockopt() to constrain send "
5089  "buffer to %d bytes failed: %s", size, tor_socket_strerror(e));
5090  }
5091  if (setsockopt(sock, SOL_SOCKET, SO_RCVBUF, sz, sz_sz) < 0) {
5092  int e = tor_socket_errno(sock);
5093  log_warn(LD_NET, "setsockopt() to constrain recv "
5094  "buffer to %d bytes failed: %s", size, tor_socket_strerror(e));
5095  }
5096 }
5097 
5098 /** Process new bytes that have arrived on conn->inbuf.
5099  *
5100  * This function just passes conn to the connection-specific
5101  * connection_*_process_inbuf() function. It also passes in
5102  * package_partial if wanted.
5103  */
5104 static int
5105 connection_process_inbuf(connection_t *conn, int package_partial)
5106 {
5107  tor_assert(conn);
5108 
5109  switch (conn->type) {
5110  case CONN_TYPE_OR:
5112  case CONN_TYPE_EXT_OR:
5114  case CONN_TYPE_EXIT:
5115  case CONN_TYPE_AP:
5117  package_partial);
5118  case CONN_TYPE_DIR:
5120  case CONN_TYPE_CONTROL:
5122  case CONN_TYPE_METRICS:
5123  return metrics_connection_process_inbuf(conn);
5124  default:
5125  log_err(LD_BUG,"got unexpected conn type %d.", conn->type);
5127  return -1;
5128  }
5129 }
5130 
5131 /** Called whenever we've written data on a connection. */
5132 static int
5134 {
5135  int r = 0;
5136  tor_assert(!conn->in_flushed_some);
5137  conn->in_flushed_some = 1;
5138  if (conn->type == CONN_TYPE_DIR &&
5140  r = connection_dirserv_flushed_some(TO_DIR_CONN(conn));
5141  } else if (conn->type == CONN_TYPE_OR) {
5143  } else if (CONN_IS_EDGE(conn)) {
5145  }
5146  conn->in_flushed_some = 0;
5147  return r;
5148 }
5149 
5150 /** We just finished flushing bytes to the appropriately low network layer,
5151  * and there are no more bytes remaining in conn->outbuf or
5152  * conn->tls to be flushed.
5153  *
5154  * This function just passes conn to the connection-specific
5155  * connection_*_finished_flushing() function.
5156  */
5157 static int
5159 {
5160  tor_assert(conn);
5161 
5162  /* If the connection is closed, don't try to do anything more here. */
5163  if (CONN_IS_CLOSED(conn))
5164  return 0;
5165 
5166 // log_fn(LOG_DEBUG,"entered. Socket %u.", conn->s);
5167 
5169 
5170  switch (conn->type) {
5171  case CONN_TYPE_OR:
5173  case CONN_TYPE_EXT_OR:
5175  case CONN_TYPE_AP:
5176  case CONN_TYPE_EXIT:
5178  case CONN_TYPE_DIR:
5180  case CONN_TYPE_CONTROL:
5182  default:
5183  log_err(LD_BUG,"got unexpected conn type %d.", conn->type);
5185  return -1;
5186  }
5187 }
5188 
5189 /** Called when our attempt to connect() to a server has just succeeded.
5190  *
5191  * This function checks if the interface address has changed (clients only),
5192  * and then passes conn to the connection-specific
5193  * connection_*_finished_connecting() function.
5194  */
5195 static int
5197 {
5198  tor_assert(conn);
5199 
5200  if (!server_mode(get_options())) {
5201  /* See whether getsockname() says our address changed. We need to do this
5202  * now that the connection has finished, because getsockname() on Windows
5203  * won't work until then. */
5205  }
5206 
5207  switch (conn->type)
5208  {
5209  case CONN_TYPE_OR:
5211  case CONN_TYPE_EXIT:
5213  case CONN_TYPE_DIR:
5215  default:
5216  log_err(LD_BUG,"got unexpected conn type %d.", conn->type);
5218  return -1;
5219  }
5220 }
5221 
5222 /** Callback: invoked when a connection reaches an EOF event. */
5223 static int
5225 {
5226  switch (conn->type) {
5227  case CONN_TYPE_OR:
5228  case CONN_TYPE_EXT_OR:
5229  return connection_or_reached_eof(TO_OR_CONN(conn));
5230  case CONN_TYPE_AP:
5231  case CONN_TYPE_EXIT:
5233  case CONN_TYPE_DIR:
5235  case CONN_TYPE_CONTROL:
5237  default:
5238  log_err(LD_BUG,"got unexpected conn type %d.", conn->type);
5240  return -1;
5241  }
5242 }
5243 
5244 /** Comparator for the two-orconn case in OOS victim sort */
5245 static int
5247 {
5248  int a_circs, b_circs;
5249  /* Fewer circuits == higher priority for OOS kill, sort earlier */
5250 
5251  a_circs = connection_or_get_num_circuits(a);
5252  b_circs = connection_or_get_num_circuits(b);
5253 
5254  if (a_circs < b_circs) return 1;
5255  else if (a_circs > b_circs) return -1;
5256  else return 0;
5257 }
5258 
5259 /** Sort comparator for OOS victims; better targets sort before worse
5260  * ones. */
5261 static int
5262 oos_victim_comparator(const void **a_v, const void **b_v)
5263 {
5264  connection_t *a = NULL, *b = NULL;
5265 
5266  /* Get connection pointers out */
5267 
5268  a = (connection_t *)(*a_v);
5269  b = (connection_t *)(*b_v);
5270 
5271  tor_assert(a != NULL);
5272  tor_assert(b != NULL);
5273 
5274  /*
5275  * We always prefer orconns as victims currently; we won't even see
5276  * these non-orconn cases, but if we do, sort them after orconns.
5277  */
5278  if (a->type == CONN_TYPE_OR && b->type == CONN_TYPE_OR) {
5280  } else {
5281  /*
5282  * One isn't an orconn; if one is, it goes first. We currently have no
5283  * opinions about cases where neither is an orconn.
5284  */
5285  if (a->type == CONN_TYPE_OR) return -1;
5286  else if (b->type == CONN_TYPE_OR) return 1;
5287  else return 0;
5288  }
5289 }
5290 
5291 /** Pick n victim connections for the OOS handler and return them in a
5292  * smartlist.
5293  */
5296 {
5297  smartlist_t *eligible = NULL, *victims = NULL;
5298  smartlist_t *conns;
5299  int conn_counts_by_type[CONN_TYPE_MAX_ + 1], i;
5300 
5301  /*
5302  * Big damn assumption (someone improve this someday!):
5303  *
5304  * Socket exhaustion normally happens on high-volume relays, and so
5305  * most of the connections involved are orconns. We should pick victims
5306  * by assembling a list of all orconns, and sorting them in order of
5307  * how much 'damage' by some metric we'd be doing by dropping them.
5308  *
5309  * If we move on from orconns, we should probably think about incoming
5310  * directory connections next, or exit connections. Things we should
5311  * probably never kill are controller connections and listeners.
5312  *
5313  * This function will count how many connections of different types
5314  * exist and log it for purposes of gathering data on typical OOS
5315  * situations to guide future improvements.
5316  */
5317 
5318  /* First, get the connection array */
5319  conns = get_connection_array();
5320  /*
5321  * Iterate it and pick out eligible connection types, and log some stats
5322  * along the way.
5323  */
5324  eligible = smartlist_new();
5325  memset(conn_counts_by_type, 0, sizeof(conn_counts_by_type));
5326  SMARTLIST_FOREACH_BEGIN(conns, connection_t *, c) {
5327  /* Bump the counter */
5328  tor_assert(c->type <= CONN_TYPE_MAX_);
5329  ++(conn_counts_by_type[c->type]);
5330 
5331  /* Skip anything without a socket we can free */
5332  if (!(SOCKET_OK(c->s))) {
5333  continue;
5334  }
5335 
5336  /* Skip anything we would count as moribund */
5337  if (connection_is_moribund(c)) {
5338  continue;
5339  }
5340 
5341  switch (c->type) {
5342  case CONN_TYPE_OR:
5343  /* We've got an orconn, it's eligible to be OOSed */
5344  smartlist_add(eligible, c);
5345  break;
5346  default:
5347  /* We don't know what to do with it, ignore it */
5348  break;
5349  }
5350  } SMARTLIST_FOREACH_END(c);
5351 
5352  /* Log some stats */
5353  if (smartlist_len(conns) > 0) {
5354  /* At least one counter must be non-zero */
5355  log_info(LD_NET, "Some stats on conn types seen during OOS follow");
5356  for (i = CONN_TYPE_MIN_; i <= CONN_TYPE_MAX_; ++i) {
5357  /* Did we see any? */
5358  if (conn_counts_by_type[i] > 0) {
5359  log_info(LD_NET, "%s: %d conns",
5361  conn_counts_by_type[i]);
5362  }
5363  }
5364  log_info(LD_NET, "Done with OOS conn type stats");
5365  }
5366 
5367  /* Did we find more eligible targets than we want to kill? */
5368  if (smartlist_len(eligible) > n) {
5369  /* Sort the list in order of target preference */
5371  /* Pick first n as victims */
5372  victims = smartlist_new();
5373  for (i = 0; i < n; ++i) {
5374  smartlist_add(victims, smartlist_get(eligible, i));
5375  }
5376  /* Free the original list */
5377  smartlist_free(eligible);
5378  } else {
5379  /* No, we can just call them all victims */
5380  victims = eligible;
5381  }
5382 
5383  return victims;
5384 }
5385 
5386 /** Kill a list of connections for the OOS handler. */
5387 MOCK_IMPL(STATIC void,
5389 {
5390  if (!conns) return;
5391 
5392  SMARTLIST_FOREACH_BEGIN(conns, connection_t *, c) {
5393  /* Make sure the channel layer gets told about orconns */
5394  if (c->type == CONN_TYPE_OR) {
5396  } else {
5397  connection_mark_for_close(c);
5398  }
5399  } SMARTLIST_FOREACH_END(c);
5400 
5401  log_notice(LD_NET,
5402  "OOS handler marked %d connections",
5403  smartlist_len(conns));
5404 }
5405 
5406 /** Check if a connection is on the way out so the OOS handler doesn't try
5407  * to kill more than it needs. */
5408 int
5410 {
5411  if (conn != NULL &&
5412  (conn->conn_array_index < 0 ||
5413  conn->marked_for_close)) {
5414  return 1;
5415  } else {
5416  return 0;
5417  }
5418 }
5419 
5420 /** Out-of-Sockets handler; n_socks is the current number of open
5421  * sockets, and failed is non-zero if a socket exhaustion related
5422  * error immediately preceded this call. This is where to do
5423  * circuit-killing heuristics as needed.
5424  */
5425 void
5426 connection_check_oos(int n_socks, int failed)
5427 {
5428  int target_n_socks = 0, moribund_socks, socks_to_kill;
5429  smartlist_t *conns;
5430 
5431  /* Early exit: is OOS checking disabled? */
5432  if (get_options()->DisableOOSCheck) {
5433  return;
5434  }
5435 
5436  /* Sanity-check args */
5437  tor_assert(n_socks >= 0);
5438 
5439  /*
5440  * Make some log noise; keep it at debug level since this gets a chance
5441  * to run on every connection attempt.
5442  */
5443  log_debug(LD_NET,
5444  "Running the OOS handler (%d open sockets, %s)",
5445  n_socks, (failed != 0) ? "exhaustion seen" : "no exhaustion");
5446 
5447  /*
5448  * Check if we're really handling an OOS condition, and if so decide how
5449  * many sockets we want to get down to. Be sure we check if the threshold
5450  * is distinct from zero first; it's possible for this to be called a few
5451  * times before we've finished reading the config.
5452  */
5453  if (n_socks >= get_options()->ConnLimit_high_thresh &&
5454  get_options()->ConnLimit_high_thresh != 0 &&
5455  get_options()->ConnLimit_ != 0) {
5456  /* Try to get down to the low threshold */
5457  target_n_socks = get_options()->ConnLimit_low_thresh;
5458  log_notice(LD_NET,
5459  "Current number of sockets %d is greater than configured "
5460  "limit %d; OOS handler trying to get down to %d",
5461  n_socks, get_options()->ConnLimit_high_thresh,
5462  target_n_socks);
5463  } else if (failed) {
5464  /*
5465  * If we're not at the limit but we hit a socket exhaustion error, try to
5466  * drop some (but not as aggressively as ConnLimit_low_threshold, which is
5467  * 3/4 of ConnLimit_)
5468  */
5469  target_n_socks = (n_socks * 9) / 10;
5470  log_notice(LD_NET,
5471  "We saw socket exhaustion at %d open sockets; OOS handler "
5472  "trying to get down to %d",
5473  n_socks, target_n_socks);
5474  }
5475 
5476  if (target_n_socks > 0) {
5477  /*
5478  * It's an OOS!
5479  *
5480  * Count moribund sockets; it's be important that anything we decide
5481  * to get rid of here but don't immediately close get counted as moribund
5482  * on subsequent invocations so we don't try to kill too many things if
5483  * connection_check_oos() gets called multiple times.
5484  */
5485  moribund_socks = connection_count_moribund();
5486 
5487  if (moribund_socks < n_socks - target_n_socks) {
5488  socks_to_kill = n_socks - target_n_socks - moribund_socks;
5489 
5490  conns = pick_oos_victims(socks_to_kill);
5491  if (conns) {
5492  kill_conn_list_for_oos(conns);
5493  log_notice(LD_NET,
5494  "OOS handler killed %d conns", smartlist_len(conns));
5495  smartlist_free(conns);
5496  } else {
5497  log_notice(LD_NET, "OOS handler failed to pick any victim conns");
5498  }
5499  } else {
5500  log_notice(LD_NET,
5501  "Not killing any sockets for OOS because there are %d "
5502  "already moribund, and we only want to eliminate %d",
5503  moribund_socks, n_socks - target_n_socks);
5504  }
5505  }
5506 }
5507 
5508 /** Log how many bytes are used by buffers of different kinds and sizes. */
5509 void
5511 {
5512  uint64_t used_by_type[CONN_TYPE_MAX_+1];
5513  uint64_t alloc_by_type[CONN_TYPE_MAX_+1];
5514  int n_conns_by_type[CONN_TYPE_MAX_+1];
5515  uint64_t total_alloc = 0;
5516  uint64_t total_used = 0;
5517  int i;
5518  smartlist_t *conns = get_connection_array();
5519 
5520  memset(used_by_type, 0, sizeof(used_by_type));
5521  memset(alloc_by_type, 0, sizeof(alloc_by_type));
5522  memset(n_conns_by_type, 0, sizeof(n_conns_by_type));
5523 
5524  SMARTLIST_FOREACH_BEGIN(conns, connection_t *, c) {
5525  int tp = c->type;
5526  ++n_conns_by_type[tp];
5527  if (c->inbuf) {
5528  used_by_type[tp] += buf_datalen(c->inbuf);
5529  alloc_by_type[tp] += buf_allocation(c->inbuf);
5530  }
5531  if (c->outbuf) {
5532  used_by_type[tp] += buf_datalen(c->outbuf);
5533  alloc_by_type[tp] += buf_allocation(c->outbuf);
5534  }
5535  } SMARTLIST_FOREACH_END(c);
5536  for (i=0; i <= CONN_TYPE_MAX_; ++i) {
5537  total_used += used_by_type[i];
5538  total_alloc += alloc_by_type[i];
5539  }
5540 
5541  tor_log(severity, LD_GENERAL,
5542  "In buffers for %d connections: %"PRIu64" used/%"PRIu64" allocated",
5543  smartlist_len(conns),
5544  (total_used), (total_alloc));
5545  for (i=CONN_TYPE_MIN_; i <= CONN_TYPE_MAX_; ++i) {
5546  if (!n_conns_by_type[i])
5547  continue;
5548  tor_log(severity, LD_GENERAL,
5549  " For %d %s connections: %"PRIu64" used/%"PRIu64" allocated",
5550  n_conns_by_type[i], conn_type_to_string(i),
5551  (used_by_type[i]), (alloc_by_type[i]));
5552  }
5553 }
5554 
5555 /** Verify that connection <b>conn</b> has all of its invariants
5556  * correct. Trigger an assert if anything is invalid.
5557  */
5558 void
5560 {
5561  (void) now; /* XXXX unused. */
5562  tor_assert(conn);
5563  tor_assert(conn->type >= CONN_TYPE_MIN_);
5564  tor_assert(conn->type <= CONN_TYPE_MAX_);
5565 
5566  switch (conn->type) {
5567  case CONN_TYPE_OR:
5568  case CONN_TYPE_EXT_OR:
5569  tor_assert(conn->magic == OR_CONNECTION_MAGIC);
5570  break;
5571  case CONN_TYPE_AP:
5572  tor_assert(conn->magic == ENTRY_CONNECTION_MAGIC);
5573  break;
5574  case CONN_TYPE_EXIT:
5575  tor_assert(conn->magic == EDGE_CONNECTION_MAGIC);
5576  break;
5577  case CONN_TYPE_DIR:
5578  tor_assert(conn->magic == DIR_CONNECTION_MAGIC);
5579  break;
5580  case CONN_TYPE_CONTROL:
5581  tor_assert(conn->magic == CONTROL_CONNECTION_MAGIC);
5582  break;
5583  CASE_ANY_LISTENER_TYPE:
5584  tor_assert(conn->magic == LISTENER_CONNECTION_MAGIC);
5585  break;
5586  default:
5587  tor_assert(conn->magic == BASE_CONNECTION_MAGIC);
5588  break;
5589  }
5590 
5591  if (conn->linked_conn) {
5592  tor_assert(conn->linked_conn->linked_conn == conn);
5593  tor_assert(conn->linked);
5594  }
5595  if (conn->linked)
5596  tor_assert(!SOCKET_OK(conn->s));
5597 
5598  if (conn->hold_open_until_flushed)
5600 
5601  /* XXXX check: read_blocked_on_bw, write_blocked_on_bw, s, conn_array_index,
5602  * marked_for_close. */
5603 
5604  /* buffers */
5605  if (conn->inbuf)
5606  buf_assert_ok(conn->inbuf);
5607  if (conn->outbuf)
5608  buf_assert_ok(conn->outbuf);
5609 
5610  if (conn->type == CONN_TYPE_OR) {
5611  or_connection_t *or_conn = TO_OR_CONN(conn);
5612  if (conn->state == OR_CONN_STATE_OPEN) {
5613  /* tor_assert(conn->bandwidth > 0); */
5614  /* the above isn't necessarily true: if we just did a TLS
5615  * handshake but we didn't recognize the other peer, or it
5616  * gave a bad cert/etc, then we won't have assigned bandwidth,
5617  * yet it will be open. -RD
5618  */
5619 // tor_assert(conn->read_bucket >= 0);
5620  }
5621 // tor_assert(conn->addr && conn->port);
5622  tor_assert(conn->address);
5624  tor_assert(or_conn->tls);
5625  }
5626 
5627  if (CONN_IS_EDGE(conn)) {
5628  /* XXX unchecked: package window, deliver window. */
5629  if (conn->type == CONN_TYPE_AP) {
5630  entry_connection_t *entry_conn = TO_ENTRY_CONN(conn);
5631  if (entry_conn->chosen_exit_optional || entry_conn->chosen_exit_retries)
5632  tor_assert(entry_conn->chosen_exit_name);
5633 
5634  tor_assert(entry_conn->socks_request);
5635  if (conn->state == AP_CONN_STATE_OPEN) {
5636  tor_assert(entry_conn->socks_request->has_finished);
5637  if (!conn->marked_for_close) {
5638  tor_assert(ENTRY_TO_EDGE_CONN(entry_conn)->cpath_layer);
5639  cpath_assert_layer_ok(ENTRY_TO_EDGE_CONN(entry_conn)->cpath_layer);
5640  }
5641  }
5642  }
5643  if (conn->type == CONN_TYPE_EXIT) {
5645  conn->purpose == EXIT_PURPOSE_RESOLVE);
5646  }
5647  } else if (conn->type == CONN_TYPE_DIR) {
5648  } else {
5649  /* Purpose is only used for dir and exit types currently */
5650  tor_assert(!conn->purpose);
5651  }
5652 
5653  switch (conn->type)
5654  {
5655  CASE_ANY_LISTENER_TYPE:
5657  break;
5658  case CONN_TYPE_OR:
5659  tor_assert(conn->state >= OR_CONN_STATE_MIN_);
5660  tor_assert(conn->state <= OR_CONN_STATE_MAX_);
5661  break;
5662  case CONN_TYPE_EXT_OR:
5664  tor_assert(conn->state <= EXT_OR_CONN_STATE_MAX_);
5665  break;
5666  case CONN_TYPE_EXIT:
5667  tor_assert(conn->state >= EXIT_CONN_STATE_MIN_);
5668  tor_assert(conn->state <= EXIT_CONN_STATE_MAX_);
5669  tor_assert(conn->purpose >= EXIT_PURPOSE_MIN_);
5670  tor_assert(conn->purpose <= EXIT_PURPOSE_MAX_);
5671  break;
5672  case CONN_TYPE_AP:
5673  tor_assert(conn->state >= AP_CONN_STATE_MIN_);
5674  tor_assert(conn->state <= AP_CONN_STATE_MAX_);
5675  tor_assert(TO_ENTRY_CONN(conn)->socks_request);
5676  break;
5677  case CONN_TYPE_DIR:
5678  tor_assert(conn->state >= DIR_CONN_STATE_MIN_);
5679  tor_assert(conn->state <= DIR_CONN_STATE_MAX_);
5680  tor_assert(conn->purpose >= DIR_PURPOSE_MIN_);
5681  tor_assert(conn->purpose <= DIR_PURPOSE_MAX_);
5682  break;
5683  case CONN_TYPE_CONTROL:
5684  tor_assert(conn->state >= CONTROL_CONN_STATE_MIN_);
5685  tor_assert(conn->state <= CONTROL_CONN_STATE_MAX_);
5686  break;
5687  case CONN_TYPE_METRICS:
5688  /* No state. */
5689  break;
5690  default:
5691  tor_assert(0);
5692  }
5693 }
5694 
5695 /** Fills <b>addr</b> and <b>port</b> with the details of the global
5696  * proxy server we are using. Store a 1 to the int pointed to by
5697  * <b>is_put_out</b> if the connection is using a pluggable
5698  * transport; store 0 otherwise. <b>conn</b> contains the connection
5699  * we are using the proxy for.
5700  *
5701  * Return 0 on success, -1 on failure.
5702  */
5703 int
5704 get_proxy_addrport(tor_addr_t *addr, uint16_t *port, int *proxy_type,
5705  int *is_pt_out, const connection_t *conn)
5706 {
5707  const or_options_t *options = get_options();
5708 
5709  *is_pt_out = 0;
5710  /* Client Transport Plugins can use another proxy, but that should be hidden
5711  * from the rest of tor (as the plugin is responsible for dealing with the
5712  * proxy), check it first, then check the rest of the proxy types to allow
5713  * the config to have unused ClientTransportPlugin entries.
5714  */
5715  if (options->ClientTransportPlugin) {
5716  const transport_t *transport = NULL;
5717  int r;
5718  r = get_transport_by_bridge_addrport(&conn->addr, conn->port, &transport);
5719  if (r<0)
5720  return -1;
5721  if (transport) { /* transport found */
5722  tor_addr_copy(addr, &transport->addr);
5723  *port = transport->port;
5724  *proxy_type = transport->socks_version;
5725  *is_pt_out = 1;
5726  return 0;
5727  }
5728 
5729  /* Unused ClientTransportPlugin. */
5730  }
5731 
5732  if (options->HTTPSProxy) {
5733  tor_addr_copy(addr, &options->HTTPSProxyAddr);
5734  *port = options->HTTPSProxyPort;
5735  *proxy_type = PROXY_CONNECT;
5736  return 0;
5737  } else if (options->Socks4Proxy) {
5738  tor_addr_copy(addr, &options->Socks4ProxyAddr);
5739  *port = options->Socks4ProxyPort;
5740  *proxy_type = PROXY_SOCKS4;
5741  return 0;
5742  } else if (options->Socks5Proxy) {
5743  tor_addr_copy(addr, &options->Socks5ProxyAddr);
5744  *port = options->Socks5ProxyPort;
5745  *proxy_type = PROXY_SOCKS5;
5746  return 0;
5747  } else if (options->TCPProxy) {
5748  tor_addr_copy(addr, &options->TCPProxyAddr);
5749  *port = options->TCPProxyPort;
5750  /* The only supported protocol in TCPProxy is haproxy. */
5752  *proxy_type = PROXY_HAPROXY;
5753  return 0;
5754  }
5755 
5756  tor_addr_make_unspec(addr);
5757  *port = 0;
5758  *proxy_type = PROXY_NONE;
5759  return 0;
5760 }
5761 
5762 /** Log a failed connection to a proxy server.
5763  * <b>conn</b> is the connection we use the proxy server for. */
5764 void
5766 {
5767  tor_addr_t proxy_addr;
5768  uint16_t proxy_port;
5769  int proxy_type, is_pt;
5770 
5771  if (get_proxy_addrport(&proxy_addr, &proxy_port, &proxy_type, &is_pt,
5772  conn) != 0)
5773  return; /* if we have no proxy set up, leave this function. */
5774 
5775  (void)is_pt;
5776  log_warn(LD_NET,
5777  "The connection to the %s proxy server at %s just failed. "
5778  "Make sure that the proxy server is up and running.",
5779  proxy_type_to_string(proxy_type),
5780  fmt_addrport(&proxy_addr, proxy_port));
5781 }
5782 
5783 /** Return string representation of <b>proxy_type</b>. */
5784 static const char *
5785 proxy_type_to_string(int proxy_type)
5786 {
5787  switch (proxy_type) {
5788  case PROXY_CONNECT: return "HTTP";
5789  case PROXY_SOCKS4: return "SOCKS4";
5790  case PROXY_SOCKS5: return "SOCKS5";
5791  case PROXY_HAPROXY: return "HAPROXY";
5792  case PROXY_PLUGGABLE: return "pluggable transports SOCKS";
5793  case PROXY_NONE: return "NULL";
5794  default: tor_assert(0);
5795  }
5796  return NULL; /*Unreached*/
5797 }
5798 
5799 /** Call connection_free_minimal() on every connection in our array, and
5800  * release all storage held by connection.c.
5801  *
5802  * Don't do the checks in connection_free(), because they will
5803  * fail.
5804  */
5805 void
5807 {
5808  smartlist_t *conns = get_connection_array();
5809 
5810  /* We don't want to log any messages to controllers. */
5811  SMARTLIST_FOREACH(conns, connection_t *, conn,
5812  if (conn->type == CONN_TYPE_CONTROL)
5813  TO_CONTROL_CONN(conn)->event_mask = 0);
5814 
5816 
5817  /* Unlink everything from the identity map. */
5819 
5820  /* Clear out our list of broken connections */
5822 
5823  SMARTLIST_FOREACH(conns, connection_t *, conn,
5824  connection_free_minimal(conn));
5825 
5826  if (outgoing_addrs) {
5828  smartlist_free(outgoing_addrs);
5829  outgoing_addrs = NULL;
5830  }
5831 
5833  tor_free(last_interface_ipv6);
5835 
5836  mainloop_event_free(reenable_blocked_connections_ev);
5838  memset(&reenable_blocked_connections_delay, 0, sizeof(struct timeval));
5839 }
5840 
5841 /** Log a warning, and possibly emit a control event, that <b>received</b> came
5842  * at a skewed time. <b>trusted</b> indicates that the <b>source</b> was one
5843  * that we had more faith in and therefore the warning level should have higher
5844  * severity.
5845  */
5846 MOCK_IMPL(void,
5847 clock_skew_warning, (const connection_t *conn, long apparent_skew, int trusted,
5848  log_domain_mask_t domain, const char *received,
5849  const char *source))
5850 {
5851  char dbuf[64];
5852  char *ext_source = NULL, *warn = NULL;
5853  format_time_interval(dbuf, sizeof(dbuf), apparent_skew);
5854  if (conn)
5855  tor_asprintf(&ext_source, "%s:%s:%d", source, conn->address, conn->port);
5856  else
5857  ext_source = tor_strdup(source);
5858  log_fn(trusted ? LOG_WARN : LOG_INFO, domain,
5859  "Received %s with skewed time (%s): "
5860  "It seems that our clock is %s by %s, or that theirs is %s%s. "
5861  "Tor requires an accurate clock to work: please check your time, "
5862  "timezone, and date settings.", received, ext_source,
5863  apparent_skew > 0 ? "ahead" : "behind", dbuf,
5864  apparent_skew > 0 ? "behind&