tor  0.4.1.0-alpha-dev
connection.c
Go to the documentation of this file.
1 /* Copyright (c) 2001 Matej Pfajfar.
2  * Copyright (c) 2001-2004, Roger Dingledine.
3  * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson.
4  * Copyright (c) 2007-2019, The Tor Project, Inc. */
5 /* See LICENSE for licensing information */
6 
57 #define CONNECTION_PRIVATE
58 #include "core/or/or.h"
59 #include "feature/client/bridges.h"
60 #include "lib/buf/buffers.h"
61 #include "lib/tls/buffers_tls.h"
62 #include "lib/err/backtrace.h"
63 
64 /*
65  * Define this so we get channel internal functions, since we're implementing
66  * part of a subclass (channel_tls_t).
67  */
68 #define TOR_CHANNEL_INTERNAL_
69 #define CONNECTION_PRIVATE
70 #include "app/config/config.h"
72 #include "core/mainloop/mainloop.h"
73 #include "core/mainloop/netstatus.h"
74 #include "core/or/channel.h"
75 #include "core/or/channeltls.h"
76 #include "core/or/circuitbuild.h"
77 #include "core/or/circuitlist.h"
78 #include "core/or/circuituse.h"
80 #include "core/or/connection_or.h"
81 #include "core/or/dos.h"
82 #include "core/or/policies.h"
83 #include "core/or/reasons.h"
84 #include "core/or/relay.h"
85 #include "core/or/crypt_path.h"
86 #include "core/proto/proto_http.h"
87 #include "core/proto/proto_socks.h"
88 #include "feature/client/dnsserv.h"
97 #include "feature/hs/hs_common.h"
98 #include "feature/hs/hs_ident.h"
101 #include "feature/relay/dns.h"
102 #include "feature/relay/ext_orport.h"
104 #include "feature/rend/rendclient.h"
105 #include "feature/rend/rendcommon.h"
106 #include "feature/stats/rephist.h"
108 #include "lib/geoip/geoip.h"
109 
110 #include "lib/sandbox/sandbox.h"
111 #include "lib/net/buffers_net.h"
112 #include "lib/tls/tortls.h"
114 #include "lib/compress/compress.h"
115 
116 #ifdef HAVE_PWD_H
117 #include <pwd.h>
118 #endif
119 
120 #ifdef HAVE_UNISTD_H
121 #include <unistd.h>
122 #endif
123 #ifdef HAVE_SYS_STAT_H
124 #include <sys/stat.h>
125 #endif
126 
127 #ifdef HAVE_SYS_UN_H
128 #include <sys/socket.h>
129 #include <sys/un.h>
130 #endif
131 
132 #include "feature/dircommon/dir_connection_st.h"
133 #include "feature/control/control_connection_st.h"
134 #include "core/or/entry_connection_st.h"
135 #include "core/or/listener_connection_st.h"
136 #include "core/or/or_connection_st.h"
137 #include "core/or/port_cfg_st.h"
138 #include "feature/nodelist/routerinfo_st.h"
139 #include "core/or/socks_request_st.h"
140 
158 #define ENABLE_LISTENER_REBIND
159 
161  const struct sockaddr *listensockaddr,
162  socklen_t listensocklen, int type,
163  const char *address,
164  const port_cfg_t *portcfg,
165  int *addr_in_use);
167  const port_cfg_t *port,
168  int *defer, int *addr_in_use);
169 static void connection_init(time_t now, connection_t *conn, int type,
170  int socket_family);
171 static int connection_handle_listener_read(connection_t *conn, int new_type);
173 static int connection_flushed_some(connection_t *conn);
175 static int connection_reached_eof(connection_t *conn);
177  ssize_t *max_to_read,
178  int *socket_error);
179 static int connection_process_inbuf(connection_t *conn, int package_partial);
181 static void set_constrained_socket_buffers(tor_socket_t sock, int size);
182 
183 static const char *connection_proxy_state_to_string(int state);
186 static const char *proxy_type_to_string(int proxy_type);
187 static int get_proxy_type(void);
189  const or_options_t *options, unsigned int conn_type);
190 static void reenable_blocked_connection_init(const or_options_t *options);
191 static void reenable_blocked_connection_schedule(void);
192 
199 /* DOCDOC last_interface_ipv6 */
200 static tor_addr_t *last_interface_ipv6 = NULL;
204 
205 #define CASE_ANY_LISTENER_TYPE \
206  case CONN_TYPE_OR_LISTENER: \
207  case CONN_TYPE_EXT_OR_LISTENER: \
208  case CONN_TYPE_AP_LISTENER: \
209  case CONN_TYPE_DIR_LISTENER: \
210  case CONN_TYPE_CONTROL_LISTENER: \
211  case CONN_TYPE_AP_TRANS_LISTENER: \
212  case CONN_TYPE_AP_NATD_LISTENER: \
213  case CONN_TYPE_AP_DNS_LISTENER: \
214  case CONN_TYPE_AP_HTTP_CONNECT_LISTENER
215 
216 /**************************************************************/
217 
222 {
223  tor_assert(c->magic == LISTENER_CONNECTION_MAGIC);
224  return DOWNCAST(listener_connection_t, c);
225 }
226 
227 size_t
228 connection_get_inbuf_len(connection_t *conn)
229 {
230  return conn->inbuf ? buf_datalen(conn->inbuf) : 0;
231 }
232 
233 size_t
234 connection_get_outbuf_len(connection_t *conn)
235 {
236  return conn->outbuf ? buf_datalen(conn->outbuf) : 0;
237 }
238 
242 const char *
244 {
245  static char buf[64];
246  switch (type) {
247  case CONN_TYPE_OR_LISTENER: return "OR listener";
248  case CONN_TYPE_OR: return "OR";
249  case CONN_TYPE_EXIT: return "Exit";
250  case CONN_TYPE_AP_LISTENER: return "Socks listener";
252  return "Transparent pf/netfilter listener";
253  case CONN_TYPE_AP_NATD_LISTENER: return "Transparent natd listener";
254  case CONN_TYPE_AP_DNS_LISTENER: return "DNS listener";
255  case CONN_TYPE_AP: return "Socks";
256  case CONN_TYPE_DIR_LISTENER: return "Directory listener";
257  case CONN_TYPE_DIR: return "Directory";
258  case CONN_TYPE_CONTROL_LISTENER: return "Control listener";
259  case CONN_TYPE_CONTROL: return "Control";
260  case CONN_TYPE_EXT_OR: return "Extended OR";
261  case CONN_TYPE_EXT_OR_LISTENER: return "Extended OR listener";
262  case CONN_TYPE_AP_HTTP_CONNECT_LISTENER: return "HTTP tunnel listener";
263  default:
264  log_warn(LD_BUG, "unknown connection type %d", type);
265  tor_snprintf(buf, sizeof(buf), "unknown [%d]", type);
266  return buf;
267  }
268 }
269 
274 const char *
275 conn_state_to_string(int type, int state)
276 {
277  static char buf[96];
278  switch (type) {
279  CASE_ANY_LISTENER_TYPE:
280  if (state == LISTENER_STATE_READY)
281  return "ready";
282  break;
283  case CONN_TYPE_OR:
284  switch (state) {
285  case OR_CONN_STATE_CONNECTING: return "connect()ing";
286  case OR_CONN_STATE_PROXY_HANDSHAKING: return "handshaking (proxy)";
287  case OR_CONN_STATE_TLS_HANDSHAKING: return "handshaking (TLS)";
289  return "renegotiating (TLS, v2 handshake)";
291  return "waiting for renegotiation or V3 handshake";
293  return "handshaking (Tor, v2 handshake)";
295  return "handshaking (Tor, v3 handshake)";
296  case OR_CONN_STATE_OPEN: return "open";
297  }
298  break;
299  case CONN_TYPE_EXT_OR:
300  switch (state) {
301  case EXT_OR_CONN_STATE_AUTH_WAIT_AUTH_TYPE:
302  return "waiting for authentication type";
303  case EXT_OR_CONN_STATE_AUTH_WAIT_CLIENT_NONCE:
304  return "waiting for client nonce";
305  case EXT_OR_CONN_STATE_AUTH_WAIT_CLIENT_HASH:
306  return "waiting for client hash";
307  case EXT_OR_CONN_STATE_OPEN: return "open";
308  case EXT_OR_CONN_STATE_FLUSHING: return "flushing final OKAY";
309  }
310  break;
311  case CONN_TYPE_EXIT:
312  switch (state) {
313  case EXIT_CONN_STATE_RESOLVING: return "waiting for dest info";
314  case EXIT_CONN_STATE_CONNECTING: return "connecting";
315  case EXIT_CONN_STATE_OPEN: return "open";
316  case EXIT_CONN_STATE_RESOLVEFAILED: return "resolve failed";
317  }
318  break;
319  case CONN_TYPE_AP:
320  switch (state) {
321  case AP_CONN_STATE_SOCKS_WAIT: return "waiting for socks info";
322  case AP_CONN_STATE_NATD_WAIT: return "waiting for natd dest info";
323  case AP_CONN_STATE_RENDDESC_WAIT: return "waiting for rendezvous desc";
324  case AP_CONN_STATE_CONTROLLER_WAIT: return "waiting for controller";
325  case AP_CONN_STATE_CIRCUIT_WAIT: return "waiting for circuit";
326  case AP_CONN_STATE_CONNECT_WAIT: return "waiting for connect response";
327  case AP_CONN_STATE_RESOLVE_WAIT: return "waiting for resolve response";
328  case AP_CONN_STATE_OPEN: return "open";
329  }
330  break;
331  case CONN_TYPE_DIR:
332  switch (state) {
333  case DIR_CONN_STATE_CONNECTING: return "connecting";
334  case DIR_CONN_STATE_CLIENT_SENDING: return "client sending";
335  case DIR_CONN_STATE_CLIENT_READING: return "client reading";
336  case DIR_CONN_STATE_CLIENT_FINISHED: return "client finished";
337  case DIR_CONN_STATE_SERVER_COMMAND_WAIT: return "waiting for command";
338  case DIR_CONN_STATE_SERVER_WRITING: return "writing";
339  }
340  break;
341  case CONN_TYPE_CONTROL:
342  switch (state) {
343  case CONTROL_CONN_STATE_OPEN: return "open (protocol v1)";
345  return "waiting for authentication (protocol v1)";
346  }
347  break;
348  }
349 
350  log_warn(LD_BUG, "unknown connection state %d (type %d)", state, type);
351  tor_snprintf(buf, sizeof(buf),
352  "unknown state [%d] on unknown [%s] connection",
353  state, conn_type_to_string(type));
354  return buf;
355 }
356 
360 dir_connection_new(int socket_family)
361 {
362  dir_connection_t *dir_conn = tor_malloc_zero(sizeof(dir_connection_t));
363  connection_init(time(NULL), TO_CONN(dir_conn), CONN_TYPE_DIR, socket_family);
364  return dir_conn;
365 }
366 
375 or_connection_new(int type, int socket_family)
376 {
377  or_connection_t *or_conn = tor_malloc_zero(sizeof(or_connection_t));
378  time_t now = time(NULL);
379  tor_assert(type == CONN_TYPE_OR || type == CONN_TYPE_EXT_OR);
380  connection_init(now, TO_CONN(or_conn), type, socket_family);
381 
382  connection_or_set_canonical(or_conn, 0);
383 
384  if (type == CONN_TYPE_EXT_OR)
386 
387  return or_conn;
388 }
389 
396 entry_connection_new(int type, int socket_family)
397 {
398  entry_connection_t *entry_conn = tor_malloc_zero(sizeof(entry_connection_t));
399  tor_assert(type == CONN_TYPE_AP);
400  connection_init(time(NULL), ENTRY_TO_CONN(entry_conn), type, socket_family);
401  entry_conn->socks_request = socks_request_new();
402  /* If this is coming from a listener, we'll set it up based on the listener
403  * in a little while. Otherwise, we're doing this as a linked connection
404  * of some kind, and we should set it up here based on the socket family */
405  if (socket_family == AF_INET)
406  entry_conn->entry_cfg.ipv4_traffic = 1;
407  else if (socket_family == AF_INET6)
408  entry_conn->entry_cfg.ipv6_traffic = 1;
409  return entry_conn;
410 }
411 
415 edge_connection_new(int type, int socket_family)
416 {
417  edge_connection_t *edge_conn = tor_malloc_zero(sizeof(edge_connection_t));
418  tor_assert(type == CONN_TYPE_EXIT);
419  connection_init(time(NULL), TO_CONN(edge_conn), type, socket_family);
420  return edge_conn;
421 }
422 
426 control_connection_new(int socket_family)
427 {
428  control_connection_t *control_conn =
429  tor_malloc_zero(sizeof(control_connection_t));
430  connection_init(time(NULL),
431  TO_CONN(control_conn), CONN_TYPE_CONTROL, socket_family);
432  return control_conn;
433 }
434 
438 listener_connection_new(int type, int socket_family)
439 {
440  listener_connection_t *listener_conn =
441  tor_malloc_zero(sizeof(listener_connection_t));
442  connection_init(time(NULL), TO_CONN(listener_conn), type, socket_family);
443  return listener_conn;
444 }
445 
449 connection_t *
450 connection_new(int type, int socket_family)
451 {
452  switch (type) {
453  case CONN_TYPE_OR:
454  case CONN_TYPE_EXT_OR:
455  return TO_CONN(or_connection_new(type, socket_family));
456 
457  case CONN_TYPE_EXIT:
458  return TO_CONN(edge_connection_new(type, socket_family));
459 
460  case CONN_TYPE_AP:
461  return ENTRY_TO_CONN(entry_connection_new(type, socket_family));
462 
463  case CONN_TYPE_DIR:
464  return TO_CONN(dir_connection_new(socket_family));
465 
466  case CONN_TYPE_CONTROL:
467  return TO_CONN(control_connection_new(socket_family));
468 
469  CASE_ANY_LISTENER_TYPE:
470  return TO_CONN(listener_connection_new(type, socket_family));
471 
472  default: {
473  connection_t *conn = tor_malloc_zero(sizeof(connection_t));
474  connection_init(time(NULL), conn, type, socket_family);
475  return conn;
476  }
477  }
478 }
479 
490 static void
491 connection_init(time_t now, connection_t *conn, int type, int socket_family)
492 {
493  static uint64_t n_connections_allocated = 1;
494 
495  switch (type) {
496  case CONN_TYPE_OR:
497  case CONN_TYPE_EXT_OR:
498  conn->magic = OR_CONNECTION_MAGIC;
499  break;
500  case CONN_TYPE_EXIT:
501  conn->magic = EDGE_CONNECTION_MAGIC;
502  break;
503  case CONN_TYPE_AP:
504  conn->magic = ENTRY_CONNECTION_MAGIC;
505  break;
506  case CONN_TYPE_DIR:
507  conn->magic = DIR_CONNECTION_MAGIC;
508  break;
509  case CONN_TYPE_CONTROL:
510  conn->magic = CONTROL_CONNECTION_MAGIC;
511  break;
512  CASE_ANY_LISTENER_TYPE:
513  conn->magic = LISTENER_CONNECTION_MAGIC;
514  break;
515  default:
516  conn->magic = BASE_CONNECTION_MAGIC;
517  break;
518  }
519 
520  conn->s = TOR_INVALID_SOCKET; /* give it a default of 'not used' */
521  conn->conn_array_index = -1; /* also default to 'not used' */
522  conn->global_identifier = n_connections_allocated++;
523 
524  conn->type = type;
525  conn->socket_family = socket_family;
526  if (!connection_is_listener(conn)) {
527  /* listeners never use their buf */
528  conn->inbuf = buf_new();
529  conn->outbuf = buf_new();
530  }
531 
532  conn->timestamp_created = now;
533  conn->timestamp_last_read_allowed = now;
534  conn->timestamp_last_write_allowed = now;
535 }
536 
538 void
540 {
541  tor_assert(! SOCKET_OK(conn_a->s));
542  tor_assert(! SOCKET_OK(conn_b->s));
543 
544  conn_a->linked = 1;
545  conn_b->linked = 1;
546  conn_a->linked_conn = conn_b;
547  conn_b->linked_conn = conn_a;
548 }
549 
552 int
554 {
555  /* For now only control ports or SOCKS ports can be Unix domain sockets
556  * and listeners at the same time */
557  switch (type) {
560  return 1;
561  default:
562  return 0;
563  }
564 }
565 
570 STATIC void
572 {
573  void *mem;
574  size_t memlen;
575  if (!conn)
576  return;
577 
578  switch (conn->type) {
579  case CONN_TYPE_OR:
580  case CONN_TYPE_EXT_OR:
581  tor_assert(conn->magic == OR_CONNECTION_MAGIC);
582  mem = TO_OR_CONN(conn);
583  memlen = sizeof(or_connection_t);
584  break;
585  case CONN_TYPE_AP:
586  tor_assert(conn->magic == ENTRY_CONNECTION_MAGIC);
587  mem = TO_ENTRY_CONN(conn);
588  memlen = sizeof(entry_connection_t);
589  break;
590  case CONN_TYPE_EXIT:
591  tor_assert(conn->magic == EDGE_CONNECTION_MAGIC);
592  mem = TO_EDGE_CONN(conn);
593  memlen = sizeof(edge_connection_t);
594  break;
595  case CONN_TYPE_DIR:
596  tor_assert(conn->magic == DIR_CONNECTION_MAGIC);
597  mem = TO_DIR_CONN(conn);
598  memlen = sizeof(dir_connection_t);
599  break;
600  case CONN_TYPE_CONTROL:
601  tor_assert(conn->magic == CONTROL_CONNECTION_MAGIC);
602  mem = TO_CONTROL_CONN(conn);
603  memlen = sizeof(control_connection_t);
604  break;
605  CASE_ANY_LISTENER_TYPE:
606  tor_assert(conn->magic == LISTENER_CONNECTION_MAGIC);
607  mem = TO_LISTENER_CONN(conn);
608  memlen = sizeof(listener_connection_t);
609  break;
610  default:
611  tor_assert(conn->magic == BASE_CONNECTION_MAGIC);
612  mem = conn;
613  memlen = sizeof(connection_t);
614  break;
615  }
616 
617  if (conn->linked) {
618  log_info(LD_GENERAL, "Freeing linked %s connection [%s] with %d "
619  "bytes on inbuf, %d on outbuf.",
620  conn_type_to_string(conn->type),
621  conn_state_to_string(conn->type, conn->state),
622  (int)connection_get_inbuf_len(conn),
623  (int)connection_get_outbuf_len(conn));
624  }
625 
626  if (!connection_is_listener(conn)) {
627  buf_free(conn->inbuf);
628  buf_free(conn->outbuf);
629  } else {
630  if (conn->socket_family == AF_UNIX) {
631  /* For now only control and SOCKS ports can be Unix domain sockets
632  * and listeners at the same time */
634 
635  if (unlink(conn->address) < 0 && errno != ENOENT) {
636  log_warn(LD_NET, "Could not unlink %s: %s", conn->address,
637  strerror(errno));
638  }
639  }
640  }
641 
642  tor_free(conn->address);
643 
644  if (connection_speaks_cells(conn)) {
645  or_connection_t *or_conn = TO_OR_CONN(conn);
646  if (or_conn->tls) {
647  if (! SOCKET_OK(conn->s)) {
648  /* The socket has been closed by somebody else; we must tell the
649  * TLS object not to close it. */
650  tor_tls_release_socket(or_conn->tls);
651  } else {
652  /* The tor_tls_free() call below will close the socket; we must tell
653  * the code below not to close it a second time. */
655  conn->s = TOR_INVALID_SOCKET;
656  }
657  tor_tls_free(or_conn->tls);
658  or_conn->tls = NULL;
659  }
660  or_handshake_state_free(or_conn->handshake_state);
661  or_conn->handshake_state = NULL;
662  tor_free(or_conn->nickname);
663  if (or_conn->chan) {
664  /* Owww, this shouldn't happen, but... */
665  channel_t *base_chan = TLS_CHAN_TO_BASE(or_conn->chan);
666  tor_assert(base_chan);
667  log_info(LD_CHANNEL,
668  "Freeing orconn at %p, saw channel %p with ID "
669  "%"PRIu64 " left un-NULLed",
670  or_conn, base_chan,
671  base_chan->global_identifier);
672  if (!CHANNEL_FINISHED(base_chan)) {
673  channel_close_for_error(base_chan);
674  }
675 
676  or_conn->chan->conn = NULL;
677  or_conn->chan = NULL;
678  }
679  }
680  if (conn->type == CONN_TYPE_AP) {
681  entry_connection_t *entry_conn = TO_ENTRY_CONN(conn);
682  tor_free(entry_conn->chosen_exit_name);
683  tor_free(entry_conn->original_dest_address);
684  if (entry_conn->socks_request)
685  socks_request_free(entry_conn->socks_request);
686  if (entry_conn->pending_optimistic_data) {
687  buf_free(entry_conn->pending_optimistic_data);
688  }
689  if (entry_conn->sending_optimistic_data) {
690  buf_free(entry_conn->sending_optimistic_data);
691  }
692  }
693  if (CONN_IS_EDGE(conn)) {
694  rend_data_free(TO_EDGE_CONN(conn)->rend_data);
695  hs_ident_edge_conn_free(TO_EDGE_CONN(conn)->hs_ident);
696  }
697  if (conn->type == CONN_TYPE_CONTROL) {
698  control_connection_t *control_conn = TO_CONTROL_CONN(conn);
699  tor_free(control_conn->safecookie_client_hash);
700  tor_free(control_conn->incoming_cmd);
701  tor_free(control_conn->current_cmd);
702  if (control_conn->ephemeral_onion_services) {
703  SMARTLIST_FOREACH(control_conn->ephemeral_onion_services, char *, cp, {
704  memwipe(cp, 0, strlen(cp));
705  tor_free(cp);
706  });
707  smartlist_free(control_conn->ephemeral_onion_services);
708  }
709  }
710 
711  /* Probably already freed by connection_free. */
712  tor_event_free(conn->read_event);
713  tor_event_free(conn->write_event);
714  conn->read_event = conn->write_event = NULL;
715 
716  if (conn->type == CONN_TYPE_DIR) {
717  dir_connection_t *dir_conn = TO_DIR_CONN(conn);
718  tor_free(dir_conn->requested_resource);
719 
720  tor_compress_free(dir_conn->compress_state);
721  if (dir_conn->spool) {
722  SMARTLIST_FOREACH(dir_conn->spool, spooled_resource_t *, spooled,
723  spooled_resource_free(spooled));
724  smartlist_free(dir_conn->spool);
725  }
726 
727  rend_data_free(dir_conn->rend_data);
728  hs_ident_dir_conn_free(dir_conn->hs_ident);
729  if (dir_conn->guard_state) {
730  /* Cancel before freeing, if it's still there. */
731  entry_guard_cancel(&dir_conn->guard_state);
732  }
733  circuit_guard_state_free(dir_conn->guard_state);
734  }
735 
736  if (SOCKET_OK(conn->s)) {
737  log_debug(LD_NET,"closing fd %d.",(int)conn->s);
738  tor_close_socket(conn->s);
739  conn->s = TOR_INVALID_SOCKET;
740  }
741 
742  if (conn->type == CONN_TYPE_OR &&
743  !tor_digest_is_zero(TO_OR_CONN(conn)->identity_digest)) {
744  log_warn(LD_BUG, "called on OR conn with non-zeroed identity_digest");
746  }
747  if (conn->type == CONN_TYPE_OR || conn->type == CONN_TYPE_EXT_OR) {
749  tor_free(TO_OR_CONN(conn)->ext_or_conn_id);
750  tor_free(TO_OR_CONN(conn)->ext_or_auth_correct_client_hash);
751  tor_free(TO_OR_CONN(conn)->ext_or_transport);
752  }
753 
754  memwipe(mem, 0xCC, memlen); /* poison memory */
755  tor_free(mem);
756 }
757 
761 connection_free_,(connection_t *conn))
762 {
763  if (!conn)
764  return;
767  if (BUG(conn->linked_conn)) {
768  conn->linked_conn->linked_conn = NULL;
769  if (! conn->linked_conn->marked_for_close &&
771  connection_start_reading(conn->linked_conn);
772  conn->linked_conn = NULL;
773  }
774  if (connection_speaks_cells(conn)) {
775  if (!tor_digest_is_zero(TO_OR_CONN(conn)->identity_digest)) {
777  }
778  }
779  if (conn->type == CONN_TYPE_CONTROL) {
781  }
782 #if 1
783  /* DEBUGGING */
784  if (conn->type == CONN_TYPE_AP) {
785  connection_ap_warn_and_unmark_if_pending_circ(TO_ENTRY_CONN(conn),
786  "connection_free");
787  }
788 #endif /* 1 */
789 
790  /* Notify the circuit creation DoS mitigation subsystem that an OR client
791  * connection has been closed. And only do that if we track it. */
792  if (conn->type == CONN_TYPE_OR) {
793  dos_close_client_conn(TO_OR_CONN(conn));
794  }
795 
798 }
799 
812 void
814 {
816 
817  switch (conn->type) {
818  case CONN_TYPE_DIR:
820  break;
821  case CONN_TYPE_OR:
822  case CONN_TYPE_EXT_OR:
824  break;
825  case CONN_TYPE_AP:
826  connection_ap_about_to_close(TO_ENTRY_CONN(conn));
827  break;
828  case CONN_TYPE_EXIT:
830  break;
831  }
832 }
833 
836 #define CONN_IS_CLOSED(c) \
837  ((c)->linked ? ((c)->linked_conn_is_closed) : (! SOCKET_OK(c->s)))
838 
843 void
845 {
846  assert_connection_ok(conn,0);
847  if (CONN_IS_CLOSED(conn)) {
848  log_err(LD_BUG,"Attempt to close already-closed connection.");
850  return;
851  }
852  if (conn->outbuf_flushlen) {
853  log_info(LD_NET,"fd %d, type %s, state %s, %d bytes on outbuf.",
854  (int)conn->s, conn_type_to_string(conn->type),
855  conn_state_to_string(conn->type, conn->state),
856  (int)conn->outbuf_flushlen);
857  }
858 
860 
861  /* Prevent the event from getting unblocked. */
862  conn->read_blocked_on_bw = 0;
863  conn->write_blocked_on_bw = 0;
864 
865  if (SOCKET_OK(conn->s))
866  tor_close_socket(conn->s);
867  conn->s = TOR_INVALID_SOCKET;
868  if (conn->linked)
869  conn->linked_conn_is_closed = 1;
870  if (conn->outbuf)
871  buf_clear(conn->outbuf);
872  conn->outbuf_flushlen = 0;
873 }
874 
877 void
878 connection_mark_for_close_(connection_t *conn, int line, const char *file)
879 {
880  assert_connection_ok(conn,0);
881  tor_assert(line);
882  tor_assert(line < 1<<16); /* marked_for_close can only fit a uint16_t. */
883  tor_assert(file);
884 
885  if (conn->type == CONN_TYPE_OR) {
886  /*
887  * An or_connection should have been closed through one of the channel-
888  * aware functions in connection_or.c. We'll assume this is an error
889  * close and do that, and log a bug warning.
890  */
891  log_warn(LD_CHANNEL | LD_BUG,
892  "Something tried to close an or_connection_t without going "
893  "through channels at %s:%d",
894  file, line);
895  connection_or_close_for_error(TO_OR_CONN(conn), 0);
896  } else {
897  /* Pass it down to the real function */
898  connection_mark_for_close_internal_(conn, line, file);
899  }
900 }
901 
912 connection_mark_for_close_internal_, (connection_t *conn,
913  int line, const char *file))
914 {
915  assert_connection_ok(conn,0);
916  tor_assert(line);
917  tor_assert(line < 1<<16); /* marked_for_close can only fit a uint16_t. */
918  tor_assert(file);
919 
920  if (conn->marked_for_close) {
921  log_warn(LD_BUG,"Duplicate call to connection_mark_for_close at %s:%d"
922  " (first at %s:%d)", file, line, conn->marked_for_close_file,
923  conn->marked_for_close);
925  return;
926  }
927 
928  if (conn->type == CONN_TYPE_OR) {
929  /*
930  * Bad news if this happens without telling the controlling channel; do
931  * this so we can find things that call this wrongly when the asserts hit.
932  */
933  log_debug(LD_CHANNEL,
934  "Calling connection_mark_for_close_internal_() on an OR conn "
935  "at %s:%d",
936  file, line);
937  }
938 
939  conn->marked_for_close = line;
940  conn->marked_for_close_file = file;
942 
943  /* in case we're going to be held-open-til-flushed, reset
944  * the number of seconds since last successful write, so
945  * we get our whole 15 seconds */
946  conn->timestamp_last_write_allowed = time(NULL);
947 }
948 
954 void
956 {
957  time_t now;
958  smartlist_t *conns = get_connection_array();
959 
960  now = time(NULL);
961 
962  SMARTLIST_FOREACH_BEGIN(conns, connection_t *, conn) {
963  /* If we've been holding the connection open, but we haven't written
964  * for 15 seconds...
965  */
966  if (conn->hold_open_until_flushed) {
968  if (now - conn->timestamp_last_write_allowed >= 15) {
969  int severity;
970  if (conn->type == CONN_TYPE_EXIT ||
971  (conn->type == CONN_TYPE_DIR &&
972  conn->purpose == DIR_PURPOSE_SERVER))
973  severity = LOG_INFO;
974  else
975  severity = LOG_NOTICE;
976  log_fn(severity, LD_NET,
977  "Giving up on marked_for_close conn that's been flushing "
978  "for 15s (fd %d, type %s, state %s).",
979  (int)conn->s, conn_type_to_string(conn->type),
980  conn_state_to_string(conn->type, conn->state));
981  conn->hold_open_until_flushed = 0;
982  }
983  }
984  } SMARTLIST_FOREACH_END(conn);
985 }
986 
987 #if defined(HAVE_SYS_UN_H) || defined(RUNNING_DOXYGEN)
988 
1001 static struct sockaddr_un *
1002 create_unix_sockaddr(const char *listenaddress, char **readable_address,
1003  socklen_t *len_out)
1004 {
1005  struct sockaddr_un *sockaddr = NULL;
1006 
1007  sockaddr = tor_malloc_zero(sizeof(struct sockaddr_un));
1008  sockaddr->sun_family = AF_UNIX;
1009  if (strlcpy(sockaddr->sun_path, listenaddress, sizeof(sockaddr->sun_path))
1010  >= sizeof(sockaddr->sun_path)) {
1011  log_warn(LD_CONFIG, "Unix socket path '%s' is too long to fit.",
1012  escaped(listenaddress));
1013  tor_free(sockaddr);
1014  return NULL;
1015  }
1016 
1017  if (readable_address)
1018  *readable_address = tor_strdup(listenaddress);
1019 
1020  *len_out = sizeof(struct sockaddr_un);
1021  return sockaddr;
1022 }
1023 #else /* !(defined(HAVE_SYS_UN_H) || defined(RUNNING_DOXYGEN)) */
1024 static struct sockaddr *
1025 create_unix_sockaddr(const char *listenaddress, char **readable_address,
1026  socklen_t *len_out)
1027 {
1028  (void)listenaddress;
1029  (void)readable_address;
1031  "Unix domain sockets not supported, yet we tried to create one.");
1032  *len_out = 0;
1034  return NULL;
1035 }
1036 #endif /* defined(HAVE_SYS_UN_H) || defined(RUNNING_DOXYGEN) */
1037 
1041 static void
1043 {
1044 #define WARN_TOO_MANY_CONNS_INTERVAL (6*60*60)
1045  static ratelim_t last_warned = RATELIM_INIT(WARN_TOO_MANY_CONNS_INTERVAL);
1046  char *m;
1047  if ((m = rate_limit_log(&last_warned, approx_time()))) {
1048  int n_conns = get_n_open_sockets();
1049  log_warn(LD_NET,"Failing because we have %d connections already. Please "
1050  "read doc/TUNING for guidance.%s", n_conns, m);
1051  tor_free(m);
1052  control_event_general_status(LOG_WARN, "TOO_MANY_CONNECTIONS CURRENT=%d",
1053  n_conns);
1054  }
1055 }
1056 
1057 #ifdef HAVE_SYS_UN_H
1058 
1059 #define UNIX_SOCKET_PURPOSE_CONTROL_SOCKET 0
1060 #define UNIX_SOCKET_PURPOSE_SOCKS_SOCKET 1
1061 
1064 static int
1065 is_valid_unix_socket_purpose(int purpose)
1066 {
1067  int valid = 0;
1068 
1069  switch (purpose) {
1070  case UNIX_SOCKET_PURPOSE_CONTROL_SOCKET:
1071  case UNIX_SOCKET_PURPOSE_SOCKS_SOCKET:
1072  valid = 1;
1073  break;
1074  }
1075 
1076  return valid;
1077 }
1078 
1080 static const char *
1081 unix_socket_purpose_to_string(int purpose)
1082 {
1083  const char *s = "unknown-purpose socket";
1084 
1085  switch (purpose) {
1086  case UNIX_SOCKET_PURPOSE_CONTROL_SOCKET:
1087  s = "control socket";
1088  break;
1089  case UNIX_SOCKET_PURPOSE_SOCKS_SOCKET:
1090  s = "SOCKS socket";
1091  break;
1092  }
1093 
1094  return s;
1095 }
1096 
1099 static int
1100 check_location_for_unix_socket(const or_options_t *options, const char *path,
1101  int purpose, const port_cfg_t *port)
1102 {
1103  int r = -1;
1104  char *p = NULL;
1105 
1106  tor_assert(is_valid_unix_socket_purpose(purpose));
1107 
1108  p = tor_strdup(path);
1109  cpd_check_t flags = CPD_CHECK_MODE_ONLY;
1110  if (get_parent_directory(p)<0 || p[0] != '/') {
1111  log_warn(LD_GENERAL, "Bad unix socket address '%s'. Tor does not support "
1112  "relative paths for unix sockets.", path);
1113  goto done;
1114  }
1115 
1116  if (port->is_world_writable) {
1117  /* World-writable sockets can go anywhere. */
1118  r = 0;
1119  goto done;
1120  }
1121 
1122  if (port->is_group_writable) {
1123  flags |= CPD_GROUP_OK;
1124  }
1125 
1126  if (port->relax_dirmode_check) {
1127  flags |= CPD_RELAX_DIRMODE_CHECK;
1128  }
1129 
1130  if (check_private_dir(p, flags, options->User) < 0) {
1131  char *escpath, *escdir;
1132  escpath = esc_for_log(path);
1133  escdir = esc_for_log(p);
1134  log_warn(LD_GENERAL, "Before Tor can create a %s in %s, the directory "
1135  "%s needs to exist, and to be accessible only by the user%s "
1136  "account that is running Tor. (On some Unix systems, anybody "
1137  "who can list a socket can connect to it, so Tor is being "
1138  "careful.)",
1139  unix_socket_purpose_to_string(purpose), escpath, escdir,
1140  port->is_group_writable ? " and group" : "");
1141  tor_free(escpath);
1142  tor_free(escdir);
1143  goto done;
1144  }
1145 
1146  r = 0;
1147  done:
1148  tor_free(p);
1149  return r;
1150 }
1151 #endif /* defined(HAVE_SYS_UN_H) */
1152 
1156 static int
1158 {
1159 #ifdef _WIN32
1160  (void) sock;
1161  return 0;
1162 #else
1163  int one=1;
1164 
1165  /* REUSEADDR on normal places means you can rebind to the port
1166  * right after somebody else has let it go. But REUSEADDR on win32
1167  * means you can bind to the port _even when somebody else
1168  * already has it bound_. So, don't do that on Win32. */
1169  if (setsockopt(sock, SOL_SOCKET, SO_REUSEADDR, (void*) &one,
1170  (socklen_t)sizeof(one)) == -1) {
1171  return -1;
1172  }
1173  return 0;
1174 #endif /* defined(_WIN32) */
1175 }
1176 
1177 #ifdef _WIN32
1178 
1180 static int
1181 make_win32_socket_exclusive(tor_socket_t sock)
1182 {
1183 #ifdef SO_EXCLUSIVEADDRUSE
1184  int one=1;
1185 
1186  /* Any socket that sets REUSEADDR on win32 can bind to a port _even when
1187  * somebody else already has it bound_, and _even if the original socket
1188  * didn't set REUSEADDR_. Use EXCLUSIVEADDRUSE to prevent this port-stealing
1189  * on win32. */
1190  if (setsockopt(sock, SOL_SOCKET, SO_EXCLUSIVEADDRUSE, (void*) &one,
1191  (socklen_t)sizeof(one))) {
1192  return -1;
1193  }
1194  return 0;
1195 #else /* !(defined(SO_EXCLUSIVEADDRUSE)) */
1196  (void) sock;
1197  return 0;
1198 #endif /* defined(SO_EXCLUSIVEADDRUSE) */
1199 }
1200 #endif /* defined(_WIN32) */
1201 
1203 static int listen_limit = INT_MAX;
1204 
1205 /* Listen on <b>fd</b> with appropriate backlog. Return as for listen. */
1206 static int
1207 tor_listen(tor_socket_t fd)
1208 {
1209  int r;
1210 
1211  if ((r = listen(fd, listen_limit)) < 0) {
1212  if (listen_limit == SOMAXCONN)
1213  return r;
1214  if ((r = listen(fd, SOMAXCONN)) == 0) {
1215  listen_limit = SOMAXCONN;
1216  log_warn(LD_NET, "Setting listen backlog to INT_MAX connections "
1217  "didn't work, but SOMAXCONN did. Lowering backlog limit.");
1218  }
1219  }
1220  return r;
1221 }
1222 
1232 static connection_t *
1233 connection_listener_new(const struct sockaddr *listensockaddr,
1234  socklen_t socklen,
1235  int type, const char *address,
1236  const port_cfg_t *port_cfg,
1237  int *addr_in_use)
1238 {
1239  listener_connection_t *lis_conn;
1240  connection_t *conn = NULL;
1241  tor_socket_t s = TOR_INVALID_SOCKET; /* the socket we're going to make */
1242  or_options_t const *options = get_options();
1243  (void) options; /* Windows doesn't use this. */
1244 #if defined(HAVE_PWD_H) && defined(HAVE_SYS_UN_H)
1245  const struct passwd *pw = NULL;
1246 #endif
1247  uint16_t usePort = 0, gotPort = 0;
1248  int start_reading = 0;
1249  static int global_next_session_group = SESSION_GROUP_FIRST_AUTO;
1250  tor_addr_t addr;
1251  int exhaustion = 0;
1252 
1253  if (addr_in_use)
1254  *addr_in_use = 0;
1255 
1256  if (listensockaddr->sa_family == AF_INET ||
1257  listensockaddr->sa_family == AF_INET6) {
1258  int is_stream = (type != CONN_TYPE_AP_DNS_LISTENER);
1259  if (is_stream)
1260  start_reading = 1;
1261 
1262  tor_addr_from_sockaddr(&addr, listensockaddr, &usePort);
1263  log_notice(LD_NET, "Opening %s on %s",
1264  conn_type_to_string(type), fmt_addrport(&addr, usePort));
1265 
1267  is_stream ? SOCK_STREAM : SOCK_DGRAM,
1268  is_stream ? IPPROTO_TCP: IPPROTO_UDP);
1269  if (!SOCKET_OK(s)) {
1270  int e = tor_socket_errno(s);
1271  if (ERRNO_IS_RESOURCE_LIMIT(e)) {
1273  /*
1274  * We'll call the OOS handler at the error exit, so set the
1275  * exhaustion flag for it.
1276  */
1277  exhaustion = 1;
1278  } else {
1279  log_warn(LD_NET, "Socket creation failed: %s",
1280  tor_socket_strerror(e));
1281  }
1282  goto err;
1283  }
1284 
1285  if (make_socket_reuseable(s) < 0) {
1286  log_warn(LD_NET, "Error setting SO_REUSEADDR flag on %s: %s",
1287  conn_type_to_string(type),
1288  tor_socket_strerror(errno));
1289  }
1290 
1291 #ifdef _WIN32
1292  if (make_win32_socket_exclusive(s) < 0) {
1293  log_warn(LD_NET, "Error setting SO_EXCLUSIVEADDRUSE flag on %s: %s",
1294  conn_type_to_string(type),
1295  tor_socket_strerror(errno));
1296  }
1297 #endif /* defined(_WIN32) */
1298 
1299 #if defined(USE_TRANSPARENT) && defined(IP_TRANSPARENT)
1300  if (options->TransProxyType_parsed == TPT_TPROXY &&
1301  type == CONN_TYPE_AP_TRANS_LISTENER) {
1302  int one = 1;
1303  if (setsockopt(s, SOL_IP, IP_TRANSPARENT, (void*)&one,
1304  (socklen_t)sizeof(one)) < 0) {
1305  const char *extra = "";
1306  int e = tor_socket_errno(s);
1307  if (e == EPERM)
1308  extra = "TransTPROXY requires root privileges or similar"
1309  " capabilities.";
1310  log_warn(LD_NET, "Error setting IP_TRANSPARENT flag: %s.%s",
1311  tor_socket_strerror(e), extra);
1312  }
1313  }
1314 #endif /* defined(USE_TRANSPARENT) && defined(IP_TRANSPARENT) */
1315 
1316 #ifdef IPV6_V6ONLY
1317  if (listensockaddr->sa_family == AF_INET6) {
1318  int one = 1;
1319  /* We need to set IPV6_V6ONLY so that this socket can't get used for
1320  * IPv4 connections. */
1321  if (setsockopt(s,IPPROTO_IPV6, IPV6_V6ONLY,
1322  (void*)&one, (socklen_t)sizeof(one)) < 0) {
1323  int e = tor_socket_errno(s);
1324  log_warn(LD_NET, "Error setting IPV6_V6ONLY flag: %s",
1325  tor_socket_strerror(e));
1326  /* Keep going; probably not harmful. */
1327  }
1328  }
1329 #endif /* defined(IPV6_V6ONLY) */
1330 
1331  if (bind(s,listensockaddr,socklen) < 0) {
1332  const char *helpfulhint = "";
1333  int e = tor_socket_errno(s);
1334  if (ERRNO_IS_EADDRINUSE(e)) {
1335  helpfulhint = ". Is Tor already running?";
1336  if (addr_in_use)
1337  *addr_in_use = 1;
1338  }
1339  log_warn(LD_NET, "Could not bind to %s:%u: %s%s", address, usePort,
1340  tor_socket_strerror(e), helpfulhint);
1341  goto err;
1342  }
1343 
1344  if (is_stream) {
1345  if (tor_listen(s) < 0) {
1346  log_warn(LD_NET, "Could not listen on %s:%u: %s", address, usePort,
1347  tor_socket_strerror(tor_socket_errno(s)));
1348  goto err;
1349  }
1350  }
1351 
1352  if (usePort != 0) {
1353  gotPort = usePort;
1354  } else {
1355  tor_addr_t addr2;
1356  struct sockaddr_storage ss;
1357  socklen_t ss_len=sizeof(ss);
1358  if (getsockname(s, (struct sockaddr*)&ss, &ss_len)<0) {
1359  log_warn(LD_NET, "getsockname() couldn't learn address for %s: %s",
1360  conn_type_to_string(type),
1361  tor_socket_strerror(tor_socket_errno(s)));
1362  gotPort = 0;
1363  }
1364  tor_addr_from_sockaddr(&addr2, (struct sockaddr*)&ss, &gotPort);
1365  }
1366 #ifdef HAVE_SYS_UN_H
1367  /*
1368  * AF_UNIX generic setup stuff
1369  */
1370  } else if (listensockaddr->sa_family == AF_UNIX) {
1371  /* We want to start reading for both AF_UNIX cases */
1372  start_reading = 1;
1373 
1375 
1376  if (check_location_for_unix_socket(options, address,
1377  (type == CONN_TYPE_CONTROL_LISTENER) ?
1378  UNIX_SOCKET_PURPOSE_CONTROL_SOCKET :
1379  UNIX_SOCKET_PURPOSE_SOCKS_SOCKET, port_cfg) < 0) {
1380  goto err;
1381  }
1382 
1383  log_notice(LD_NET, "Opening %s on %s",
1384  conn_type_to_string(type), address);
1385 
1386  tor_addr_make_unspec(&addr);
1387 
1388  if (unlink(address) < 0 && errno != ENOENT) {
1389  log_warn(LD_NET, "Could not unlink %s: %s", address,
1390  strerror(errno));
1391  goto err;
1392  }
1393 
1394  s = tor_open_socket_nonblocking(AF_UNIX, SOCK_STREAM, 0);
1395  if (! SOCKET_OK(s)) {
1396  int e = tor_socket_errno(s);
1397  if (ERRNO_IS_RESOURCE_LIMIT(e)) {
1399  /*
1400  * We'll call the OOS handler at the error exit, so set the
1401  * exhaustion flag for it.
1402  */
1403  exhaustion = 1;
1404  } else {
1405  log_warn(LD_NET,"Socket creation failed: %s.", strerror(e));
1406  }
1407  goto err;
1408  }
1409 
1410  if (bind(s, listensockaddr,
1411  (socklen_t)sizeof(struct sockaddr_un)) == -1) {
1412  log_warn(LD_NET,"Bind to %s failed: %s.", address,
1413  tor_socket_strerror(tor_socket_errno(s)));
1414  goto err;
1415  }
1416 
1417 #ifdef HAVE_PWD_H
1418  if (options->User) {
1419  pw = tor_getpwnam(options->User);
1420  struct stat st;
1421  if (pw == NULL) {
1422  log_warn(LD_NET,"Unable to chown() %s socket: user %s not found.",
1423  address, options->User);
1424  goto err;
1425  } else if (fstat(s, &st) == 0 &&
1426  st.st_uid == pw->pw_uid && st.st_gid == pw->pw_gid) {
1427  /* No change needed */
1428  } else if (chown(sandbox_intern_string(address),
1429  pw->pw_uid, pw->pw_gid) < 0) {
1430  log_warn(LD_NET,"Unable to chown() %s socket: %s.",
1431  address, strerror(errno));
1432  goto err;
1433  }
1434  }
1435 #endif /* defined(HAVE_PWD_H) */
1436 
1437  {
1438  unsigned mode;
1439  const char *status;
1440  struct stat st;
1441  if (port_cfg->is_world_writable) {
1442  mode = 0666;
1443  status = "world-writable";
1444  } else if (port_cfg->is_group_writable) {
1445  mode = 0660;
1446  status = "group-writable";
1447  } else {
1448  mode = 0600;
1449  status = "private";
1450  }
1451  /* We need to use chmod; fchmod doesn't work on sockets on all
1452  * platforms. */
1453  if (fstat(s, &st) == 0 && (st.st_mode & 0777) == mode) {
1454  /* no change needed */
1455  } else if (chmod(sandbox_intern_string(address), mode) < 0) {
1456  log_warn(LD_FS,"Unable to make %s %s.", address, status);
1457  goto err;
1458  }
1459  }
1460 
1461  if (listen(s, SOMAXCONN) < 0) {
1462  log_warn(LD_NET, "Could not listen on %s: %s", address,
1463  tor_socket_strerror(tor_socket_errno(s)));
1464  goto err;
1465  }
1466 
1467 #ifndef __APPLE__
1468  /* This code was introduced to help debug #28229. */
1469  int value;
1470  socklen_t len = sizeof(value);
1471 
1472  if (!getsockopt(s, SOL_SOCKET, SO_ACCEPTCONN, &value, &len)) {
1473  if (value == 0) {
1474  log_err(LD_NET, "Could not listen on %s - "
1475  "getsockopt(.,SO_ACCEPTCONN,.) yields 0.", address);
1476  goto err;
1477  }
1478  }
1479 #endif /* __APPLE__ */
1480 #endif /* defined(HAVE_SYS_UN_H) */
1481  } else {
1482  log_err(LD_BUG, "Got unexpected address family %d.",
1483  listensockaddr->sa_family);
1484  tor_assert(0);
1485  }
1486 
1487  lis_conn = listener_connection_new(type, listensockaddr->sa_family);
1488  conn = TO_CONN(lis_conn);
1489  conn->socket_family = listensockaddr->sa_family;
1490  conn->s = s;
1491  s = TOR_INVALID_SOCKET; /* Prevent double-close */
1492  conn->address = tor_strdup(address);
1493  conn->port = gotPort;
1494  tor_addr_copy(&conn->addr, &addr);
1495 
1496  memcpy(&lis_conn->entry_cfg, &port_cfg->entry_cfg, sizeof(entry_port_cfg_t));
1497 
1498  if (port_cfg->entry_cfg.isolation_flags) {
1499  lis_conn->entry_cfg.isolation_flags = port_cfg->entry_cfg.isolation_flags;
1500  if (port_cfg->entry_cfg.session_group >= 0) {
1501  lis_conn->entry_cfg.session_group = port_cfg->entry_cfg.session_group;
1502  } else {
1503  /* This can wrap after around INT_MAX listeners are opened. But I don't
1504  * believe that matters, since you would need to open a ridiculous
1505  * number of listeners while keeping the early ones open before you ever
1506  * hit this. An OR with a dozen ports open, for example, would have to
1507  * close and re-open its listeners every second for 4 years nonstop.
1508  */
1509  lis_conn->entry_cfg.session_group = global_next_session_group--;
1510  }
1511  }
1512 
1513  if (type != CONN_TYPE_AP_LISTENER) {
1514  lis_conn->entry_cfg.ipv4_traffic = 1;
1515  lis_conn->entry_cfg.ipv6_traffic = 1;
1516  lis_conn->entry_cfg.prefer_ipv6 = 0;
1517  }
1518 
1519  if (connection_add(conn) < 0) { /* no space, forget it */
1520  log_warn(LD_NET,"connection_add for listener failed. Giving up.");
1521  goto err;
1522  }
1523 
1524  log_fn(usePort==gotPort ? LOG_DEBUG : LOG_NOTICE, LD_NET,
1525  "%s listening on port %u.",
1526  conn_type_to_string(type), gotPort);
1527 
1528  conn->state = LISTENER_STATE_READY;
1529  if (start_reading) {
1530  connection_start_reading(conn);
1531  } else {
1534  }
1535 
1536  /*
1537  * Normal exit; call the OOS handler since connection count just changed;
1538  * the exhaustion flag will always be zero here though.
1539  */
1541 
1542  if (conn->socket_family == AF_UNIX) {
1543  log_notice(LD_NET, "Opened %s on %s",
1544  conn_type_to_string(type), conn->address);
1545  } else {
1546  log_notice(LD_NET, "Opened %s on %s",
1547  conn_type_to_string(type), fmt_addrport(&addr, gotPort));
1548  }
1549  return conn;
1550 
1551  err:
1552  if (SOCKET_OK(s))
1553  tor_close_socket(s);
1554  if (conn)
1555  connection_free(conn);
1556 
1557  /* Call the OOS handler, indicate if we saw an exhaustion-related error */
1559 
1560  return NULL;
1561 }
1562 
1569 static connection_t *
1571  int *defer, int *addr_in_use)
1572 {
1573  connection_t *conn;
1574  struct sockaddr *listensockaddr;
1575  socklen_t listensocklen = 0;
1576  char *address=NULL;
1577  int real_port = port->port == CFG_AUTO_PORT ? 0 : port->port;
1578  tor_assert(real_port <= UINT16_MAX);
1579 
1580  if (defer)
1581  *defer = 0;
1582 
1583  if (port->server_cfg.no_listen) {
1584  if (defer)
1585  *defer = 1;
1586  return NULL;
1587  }
1588 
1589 #ifndef _WIN32
1590  /* We don't need to be root to create a UNIX socket, so defer until after
1591  * setuid. */
1592  const or_options_t *options = get_options();
1593  if (port->is_unix_addr && !geteuid() && (options->User) &&
1594  strcmp(options->User, "root")) {
1595  if (defer)
1596  *defer = 1;
1597  return NULL;
1598  }
1599 #endif /* !defined(_WIN32) */
1600 
1601  if (port->is_unix_addr) {
1602  listensockaddr = (struct sockaddr *)
1603  create_unix_sockaddr(port->unix_addr,
1604  &address, &listensocklen);
1605  } else {
1606  listensockaddr = tor_malloc(sizeof(struct sockaddr_storage));
1607  listensocklen = tor_addr_to_sockaddr(&port->addr,
1608  real_port,
1609  listensockaddr,
1610  sizeof(struct sockaddr_storage));
1611  address = tor_addr_to_str_dup(&port->addr);
1612  }
1613 
1614  if (listensockaddr) {
1615  conn = connection_listener_new(listensockaddr, listensocklen,
1616  port->type, address, port,
1617  addr_in_use);
1618  tor_free(listensockaddr);
1619  tor_free(address);
1620  } else {
1621  conn = NULL;
1622  }
1623 
1624  return conn;
1625 }
1626 
1634 static int
1635 check_sockaddr(const struct sockaddr *sa, int len, int level)
1636 {
1637  int ok = 1;
1638 
1639  if (sa->sa_family == AF_INET) {
1640  struct sockaddr_in *sin=(struct sockaddr_in*)sa;
1641  if (len != sizeof(struct sockaddr_in)) {
1642  log_fn(level, LD_NET, "Length of address not as expected: %d vs %d",
1643  len,(int)sizeof(struct sockaddr_in));
1644  ok = 0;
1645  }
1646  if (sin->sin_addr.s_addr == 0 || sin->sin_port == 0) {
1647  log_fn(level, LD_NET,
1648  "Address for new connection has address/port equal to zero.");
1649  ok = 0;
1650  }
1651  } else if (sa->sa_family == AF_INET6) {
1652  struct sockaddr_in6 *sin6=(struct sockaddr_in6*)sa;
1653  if (len != sizeof(struct sockaddr_in6)) {
1654  log_fn(level, LD_NET, "Length of address not as expected: %d vs %d",
1655  len,(int)sizeof(struct sockaddr_in6));
1656  ok = 0;
1657  }
1658  if (fast_mem_is_zero((void*)sin6->sin6_addr.s6_addr, 16) ||
1659  sin6->sin6_port == 0) {
1660  log_fn(level, LD_NET,
1661  "Address for new connection has address/port equal to zero.");
1662  ok = 0;
1663  }
1664  } else if (sa->sa_family == AF_UNIX) {
1665  ok = 1;
1666  } else {
1667  ok = 0;
1668  }
1669  return ok ? 0 : -1;
1670 }
1671 
1677 static int
1679 {
1680  if (got != listener->socket_family) {
1681  log_info(LD_BUG, "A listener connection returned a socket with a "
1682  "mismatched family. %s for addr_family %d gave us a socket "
1683  "with address family %d. Dropping.",
1684  conn_type_to_string(listener->type),
1685  (int)listener->socket_family,
1686  (int)got);
1687  return -1;
1688  }
1689  return 0;
1690 }
1691 
1695 static int
1697 {
1698  tor_socket_t news; /* the new socket */
1699  connection_t *newconn = 0;
1700  /* information about the remote peer when connecting to other routers */
1701  struct sockaddr_storage addrbuf;
1702  struct sockaddr *remote = (struct sockaddr*)&addrbuf;
1703  /* length of the remote address. Must be whatever accept() needs. */
1704  socklen_t remotelen = (socklen_t)sizeof(addrbuf);
1705  const or_options_t *options = get_options();
1706 
1707  tor_assert((size_t)remotelen >= sizeof(struct sockaddr_in));
1708  memset(&addrbuf, 0, sizeof(addrbuf));
1709 
1710  news = tor_accept_socket_nonblocking(conn->s,remote,&remotelen);
1711  if (!SOCKET_OK(news)) { /* accept() error */
1712  int e = tor_socket_errno(conn->s);
1713  if (ERRNO_IS_ACCEPT_EAGAIN(e)) {
1714  /*
1715  * they hung up before we could accept(). that's fine.
1716  *
1717  * give the OOS handler a chance to run though
1718  */
1720  return 0;
1721  } else if (ERRNO_IS_RESOURCE_LIMIT(e)) {
1723  /* Exhaustion; tell the OOS handler */
1725  return 0;
1726  }
1727  /* else there was a real error. */
1728  log_warn(LD_NET,"accept() failed: %s. Closing listener.",
1729  tor_socket_strerror(e));
1730  connection_mark_for_close(conn);
1731  /* Tell the OOS handler about this too */
1733  return -1;
1734  }
1735  log_debug(LD_NET,
1736  "Connection accepted on socket %d (child of fd %d).",
1737  (int)news,(int)conn->s);
1738 
1739  /* We accepted a new conn; run OOS handler */
1741 
1742  if (make_socket_reuseable(news) < 0) {
1743  if (tor_socket_errno(news) == EINVAL) {
1744  /* This can happen on OSX if we get a badly timed shutdown. */
1745  log_debug(LD_NET, "make_socket_reuseable returned EINVAL");
1746  } else {
1747  log_warn(LD_NET, "Error setting SO_REUSEADDR flag on %s: %s",
1748  conn_type_to_string(new_type),
1749  tor_socket_strerror(errno));
1750  }
1751  tor_close_socket(news);
1752  return 0;
1753  }
1754 
1755  if (options->ConstrainedSockets)
1757 
1758  if (check_sockaddr_family_match(remote->sa_family, conn) < 0) {
1759  tor_close_socket(news);
1760  return 0;
1761  }
1762 
1763  if (conn->socket_family == AF_INET || conn->socket_family == AF_INET6 ||
1764  (conn->socket_family == AF_UNIX && new_type == CONN_TYPE_AP)) {
1765  tor_addr_t addr;
1766  uint16_t port;
1767  if (check_sockaddr(remote, remotelen, LOG_INFO)<0) {
1768  log_info(LD_NET,
1769  "accept() returned a strange address; closing connection.");
1770  tor_close_socket(news);
1771  return 0;
1772  }
1773 
1774  tor_addr_from_sockaddr(&addr, remote, &port);
1775 
1776  /* process entrance policies here, before we even create the connection */
1777  if (new_type == CONN_TYPE_AP) {
1778  /* check sockspolicy to see if we should accept it */
1779  if (socks_policy_permits_address(&addr) == 0) {
1780  log_notice(LD_APP,
1781  "Denying socks connection from untrusted address %s.",
1782  fmt_and_decorate_addr(&addr));
1783  tor_close_socket(news);
1784  return 0;
1785  }
1786  }
1787  if (new_type == CONN_TYPE_DIR) {
1788  /* check dirpolicy to see if we should accept it */
1789  if (dir_policy_permits_address(&addr) == 0) {
1790  log_notice(LD_DIRSERV,"Denying dir connection from address %s.",
1791  fmt_and_decorate_addr(&addr));
1792  tor_close_socket(news);
1793  return 0;
1794  }
1795  }
1796  if (new_type == CONN_TYPE_OR) {
1797  /* Assess with the connection DoS mitigation subsystem if this address
1798  * can open a new connection. */
1799  if (dos_conn_addr_get_defense_type(&addr) == DOS_CONN_DEFENSE_CLOSE) {
1800  tor_close_socket(news);
1801  return 0;
1802  }
1803  }
1804 
1805  newconn = connection_new(new_type, conn->socket_family);
1806  newconn->s = news;
1807 
1808  /* remember the remote address */
1809  tor_addr_copy(&newconn->addr, &addr);
1810  if (new_type == CONN_TYPE_AP && conn->socket_family == AF_UNIX) {
1811  newconn->port = 0;
1812  newconn->address = tor_strdup(conn->address);
1813  } else {
1814  newconn->port = port;
1815  newconn->address = tor_addr_to_str_dup(&addr);
1816  }
1817 
1818  if (new_type == CONN_TYPE_AP && conn->socket_family != AF_UNIX) {
1819  log_info(LD_NET, "New SOCKS connection opened from %s.",
1820  fmt_and_decorate_addr(&addr));
1821  }
1822  if (new_type == CONN_TYPE_AP && conn->socket_family == AF_UNIX) {
1823  log_info(LD_NET, "New SOCKS AF_UNIX connection opened");
1824  }
1825  if (new_type == CONN_TYPE_CONTROL) {
1826  log_notice(LD_CONTROL, "New control connection opened from %s.",
1827  fmt_and_decorate_addr(&addr));
1828  }
1829 
1830  } else if (conn->socket_family == AF_UNIX && conn->type != CONN_TYPE_AP) {
1832  tor_assert(new_type == CONN_TYPE_CONTROL);
1833  log_notice(LD_CONTROL, "New control connection opened.");
1834 
1835  newconn = connection_new(new_type, conn->socket_family);
1836  newconn->s = news;
1837 
1838  /* remember the remote address -- do we have anything sane to put here? */
1839  tor_addr_make_unspec(&newconn->addr);
1840  newconn->port = 1;
1841  newconn->address = tor_strdup(conn->address);
1842  } else {
1843  tor_assert(0);
1844  };
1845 
1846  if (connection_add(newconn) < 0) { /* no space, forget it */
1847  connection_free(newconn);
1848  return 0; /* no need to tear down the parent */
1849  }
1850 
1851  if (connection_init_accepted_conn(newconn, TO_LISTENER_CONN(conn)) < 0) {
1852  if (! newconn->marked_for_close)
1853  connection_mark_for_close(newconn);
1854  return 0;
1855  }
1856  return 0;
1857 }
1858 
1868 int
1870  const listener_connection_t *listener)
1871 {
1872  int rv;
1873 
1874  connection_start_reading(conn);
1875 
1876  switch (conn->type) {
1877  case CONN_TYPE_EXT_OR:
1878  /* Initiate Extended ORPort authentication. */
1880  case CONN_TYPE_OR:
1881  connection_or_event_status(TO_OR_CONN(conn), OR_CONN_EVENT_NEW, 0);
1882  rv = connection_tls_start_handshake(TO_OR_CONN(conn), 1);
1883  if (rv < 0) {
1884  connection_or_close_for_error(TO_OR_CONN(conn), 0);
1885  }
1886  return rv;
1887  break;
1888  case CONN_TYPE_AP:
1889  memcpy(&TO_ENTRY_CONN(conn)->entry_cfg, &listener->entry_cfg,
1890  sizeof(entry_port_cfg_t));
1891  TO_ENTRY_CONN(conn)->nym_epoch = get_signewnym_epoch();
1892  TO_ENTRY_CONN(conn)->socks_request->listener_type = listener->base_.type;
1893 
1894  /* Any incoming connection on an entry port counts as user activity. */
1895  note_user_activity(approx_time());
1896 
1897  switch (TO_CONN(listener)->type) {
1898  case CONN_TYPE_AP_LISTENER:
1900  TO_ENTRY_CONN(conn)->socks_request->socks_prefer_no_auth =
1901  listener->entry_cfg.socks_prefer_no_auth;
1902  break;
1904  TO_ENTRY_CONN(conn)->is_transparent_ap = 1;
1905  /* XXXX028 -- is this correct still, with the addition of
1906  * pending_entry_connections ? */
1908  return connection_ap_process_transparent(TO_ENTRY_CONN(conn));
1910  TO_ENTRY_CONN(conn)->is_transparent_ap = 1;
1912  break;
1915  }
1916  break;
1917  case CONN_TYPE_DIR:
1918  conn->purpose = DIR_PURPOSE_SERVER;
1920  break;
1921  case CONN_TYPE_CONTROL:
1923  break;
1924  }
1925  return 0;
1926 }
1927 
1933 MOCK_IMPL(STATIC int,
1934 connection_connect_sockaddr,(connection_t *conn,
1935  const struct sockaddr *sa,
1936  socklen_t sa_len,
1937  const struct sockaddr *bindaddr,
1938  socklen_t bindaddr_len,
1939  int *socket_error))
1940 {
1941  tor_socket_t s;
1942  int inprogress = 0;
1943  const or_options_t *options = get_options();
1944 
1945  tor_assert(conn);
1946  tor_assert(sa);
1947  tor_assert(socket_error);
1948 
1949  if (net_is_completely_disabled()) {
1950  /* We should never even try to connect anyplace if the network is
1951  * completely shut off.
1952  *
1953  * (We don't check net_is_disabled() here, since we still sometimes
1954  * want to open connections when we're in soft hibernation.)
1955  */
1956  static ratelim_t disablenet_violated = RATELIM_INIT(30*60);
1957  *socket_error = SOCK_ERRNO(ENETUNREACH);
1958  log_fn_ratelim(&disablenet_violated, LOG_WARN, LD_BUG,
1959  "Tried to open a socket with DisableNetwork set.");
1961  return -1;
1962  }
1963 
1964  const int protocol_family = sa->sa_family;
1965  const int proto = (sa->sa_family == AF_INET6 ||
1966  sa->sa_family == AF_INET) ? IPPROTO_TCP : 0;
1967 
1968  s = tor_open_socket_nonblocking(protocol_family, SOCK_STREAM, proto);
1969  if (! SOCKET_OK(s)) {
1970  /*
1971  * Early OOS handler calls; it matters if it's an exhaustion-related
1972  * error or not.
1973  */
1974  *socket_error = tor_socket_errno(s);
1975  if (ERRNO_IS_RESOURCE_LIMIT(*socket_error)) {
1978  } else {
1979  log_warn(LD_NET,"Error creating network socket: %s",
1980  tor_socket_strerror(*socket_error));
1982  }
1983  return -1;
1984  }
1985 
1986  if (make_socket_reuseable(s) < 0) {
1987  log_warn(LD_NET, "Error setting SO_REUSEADDR flag on new connection: %s",
1988  tor_socket_strerror(errno));
1989  }
1990 
1991  /*
1992  * We've got the socket open; give the OOS handler a chance to check
1993  * against configured maximum socket number, but tell it no exhaustion
1994  * failure.
1995  */
1997 
1998  if (bindaddr && bind(s, bindaddr, bindaddr_len) < 0) {
1999  *socket_error = tor_socket_errno(s);
2000  log_warn(LD_NET,"Error binding network socket: %s",
2001  tor_socket_strerror(*socket_error));
2002  tor_close_socket(s);
2003  return -1;
2004  }
2005 
2006  tor_assert(options);
2007  if (options->ConstrainedSockets)
2009 
2010  if (connect(s, sa, sa_len) < 0) {
2011  int e = tor_socket_errno(s);
2012  if (!ERRNO_IS_CONN_EINPROGRESS(e)) {
2013  /* yuck. kill it. */
2014  *socket_error = e;
2015  log_info(LD_NET,
2016  "connect() to socket failed: %s",
2017  tor_socket_strerror(e));
2018  tor_close_socket(s);
2019  return -1;
2020  } else {
2021  inprogress = 1;
2022  }
2023  }
2024 
2025  /* it succeeded. we're connected. */
2026  log_fn(inprogress ? LOG_DEBUG : LOG_INFO, LD_NET,
2027  "Connection to socket %s (sock "TOR_SOCKET_T_FORMAT").",
2028  inprogress ? "in progress" : "established", s);
2029  conn->s = s;
2030  if (connection_add_connecting(conn) < 0) {
2031  /* no space, forget it */
2032  *socket_error = SOCK_ERRNO(ENOBUFS);
2033  return -1;
2034  }
2035 
2036  return inprogress ? 0 : 1;
2037 }
2038 
2039 /* Log a message if connection attempt is made when IPv4 or IPv6 is disabled.
2040  * Log a less severe message if we couldn't conform to ClientPreferIPv6ORPort
2041  * or ClientPreferIPv6ORPort. */
2042 static void
2043 connection_connect_log_client_use_ip_version(const connection_t *conn)
2044 {
2045  const or_options_t *options = get_options();
2046 
2047  /* Only clients care about ClientUseIPv4/6, bail out early on servers, and
2048  * on connections we don't care about */
2049  if (server_mode(options) || !conn || conn->type == CONN_TYPE_EXIT) {
2050  return;
2051  }
2052 
2053  /* We're only prepared to log OR and DIR connections here */
2054  if (conn->type != CONN_TYPE_OR && conn->type != CONN_TYPE_DIR) {
2055  return;
2056  }
2057 
2058  const int must_ipv4 = !fascist_firewall_use_ipv6(options);
2059  const int must_ipv6 = (options->ClientUseIPv4 == 0);
2060  const int pref_ipv6 = (conn->type == CONN_TYPE_OR
2063  tor_addr_t real_addr;
2064  tor_addr_make_null(&real_addr, AF_UNSPEC);
2065 
2066  /* OR conns keep the original address in real_addr, as addr gets overwritten
2067  * with the descriptor address */
2068  if (conn->type == CONN_TYPE_OR) {
2069  const or_connection_t *or_conn = TO_OR_CONN((connection_t *)conn);
2070  tor_addr_copy(&real_addr, &or_conn->real_addr);
2071  } else if (conn->type == CONN_TYPE_DIR) {
2072  tor_addr_copy(&real_addr, &conn->addr);
2073  }
2074 
2075  /* Check if we broke a mandatory address family restriction */
2076  if ((must_ipv4 && tor_addr_family(&real_addr) == AF_INET6)
2077  || (must_ipv6 && tor_addr_family(&real_addr) == AF_INET)) {
2078  static int logged_backtrace = 0;
2079  log_info(LD_BUG, "Outgoing %s connection to %s violated ClientUseIPv%s 0.",
2080  conn->type == CONN_TYPE_OR ? "OR" : "Dir",
2081  fmt_addr(&real_addr),
2082  options->ClientUseIPv4 == 0 ? "4" : "6");
2083  if (!logged_backtrace) {
2084  log_backtrace(LOG_INFO, LD_BUG, "Address came from");
2085  logged_backtrace = 1;
2086  }
2087  }
2088 
2089  /* Bridges are allowed to break IPv4/IPv6 ORPort preferences to connect to
2090  * the node's configured address when ClientPreferIPv6ORPort is auto */
2091  if (options->UseBridges && conn->type == CONN_TYPE_OR
2092  && options->ClientPreferIPv6ORPort == -1) {
2093  return;
2094  }
2095 
2096  if (fascist_firewall_use_ipv6(options)) {
2097  log_info(LD_NET, "Our outgoing connection is using IPv%d.",
2098  tor_addr_family(&real_addr) == AF_INET6 ? 6 : 4);
2099  }
2100 
2101  /* Check if we couldn't satisfy an address family preference */
2102  if ((!pref_ipv6 && tor_addr_family(&real_addr) == AF_INET6)
2103  || (pref_ipv6 && tor_addr_family(&real_addr) == AF_INET)) {
2104  log_info(LD_NET, "Outgoing connection to %s doesn't satisfy "
2105  "ClientPreferIPv6%sPort %d, with ClientUseIPv4 %d, and "
2106  "fascist_firewall_use_ipv6 %d (ClientUseIPv6 %d and UseBridges "
2107  "%d).",
2108  fmt_addr(&real_addr),
2109  conn->type == CONN_TYPE_OR ? "OR" : "Dir",
2110  conn->type == CONN_TYPE_OR ? options->ClientPreferIPv6ORPort
2111  : options->ClientPreferIPv6DirPort,
2112  options->ClientUseIPv4, fascist_firewall_use_ipv6(options),
2113  options->ClientUseIPv6, options->UseBridges);
2114  }
2115 }
2116 
2121 const tor_addr_t *
2123  const or_options_t *options, unsigned int conn_type)
2124 {
2125  const tor_addr_t *ext_addr = NULL;
2126 
2127  int fam_index;
2128  switch (family) {
2129  case AF_INET:
2130  fam_index = 0;
2131  break;
2132  case AF_INET6:
2133  fam_index = 1;
2134  break;
2135  default:
2136  return NULL;
2137  }
2138 
2139  // If an exit connection, use the exit address (if present)
2140  if (conn_type == CONN_TYPE_EXIT) {
2141  if (!tor_addr_is_null(
2142  &options->OutboundBindAddresses[OUTBOUND_ADDR_EXIT][fam_index])) {
2143  ext_addr = &options->OutboundBindAddresses[OUTBOUND_ADDR_EXIT]
2144  [fam_index];
2145  } else if (!tor_addr_is_null(
2146  &options->OutboundBindAddresses[OUTBOUND_ADDR_EXIT_AND_OR]
2147  [fam_index])) {
2148  ext_addr = &options->OutboundBindAddresses[OUTBOUND_ADDR_EXIT_AND_OR]
2149  [fam_index];
2150  }
2151  } else { // All non-exit connections
2152  if (!tor_addr_is_null(
2153  &options->OutboundBindAddresses[OUTBOUND_ADDR_OR][fam_index])) {
2154  ext_addr = &options->OutboundBindAddresses[OUTBOUND_ADDR_OR]
2155  [fam_index];
2156  } else if (!tor_addr_is_null(
2157  &options->OutboundBindAddresses[OUTBOUND_ADDR_EXIT_AND_OR]
2158  [fam_index])) {
2159  ext_addr = &options->OutboundBindAddresses[OUTBOUND_ADDR_EXIT_AND_OR]
2160  [fam_index];
2161  }
2162  }
2163  return ext_addr;
2164 }
2165 
2178 int
2179 connection_connect(connection_t *conn, const char *address,
2180  const tor_addr_t *addr, uint16_t port, int *socket_error)
2181 {
2182  struct sockaddr_storage addrbuf;
2183  struct sockaddr_storage bind_addr_ss;
2184  struct sockaddr *bind_addr = NULL;
2185  struct sockaddr *dest_addr;
2186  int dest_addr_len, bind_addr_len = 0;
2187 
2188  /* Log if we didn't stick to ClientUseIPv4/6 or ClientPreferIPv6OR/DirPort
2189  */
2190  connection_connect_log_client_use_ip_version(conn);
2191 
2192  if (!tor_addr_is_loopback(addr)) {
2193  const tor_addr_t *ext_addr = NULL;
2194  ext_addr = conn_get_outbound_address(tor_addr_family(addr), get_options(),
2195  conn->type);
2196  if (ext_addr) {
2197  memset(&bind_addr_ss, 0, sizeof(bind_addr_ss));
2198  bind_addr_len = tor_addr_to_sockaddr(ext_addr, 0,
2199  (struct sockaddr *) &bind_addr_ss,
2200  sizeof(bind_addr_ss));
2201  if (bind_addr_len == 0) {
2202  log_warn(LD_NET,
2203  "Error converting OutboundBindAddress %s into sockaddr. "
2204  "Ignoring.", fmt_and_decorate_addr(ext_addr));
2205  } else {
2206  bind_addr = (struct sockaddr *)&bind_addr_ss;
2207  }
2208  }
2209  }
2210 
2211  memset(&addrbuf,0,sizeof(addrbuf));
2212  dest_addr = (struct sockaddr*) &addrbuf;
2213  dest_addr_len = tor_addr_to_sockaddr(addr, port, dest_addr, sizeof(addrbuf));
2214  tor_assert(dest_addr_len > 0);
2215 
2216  log_debug(LD_NET, "Connecting to %s:%u.",
2217  escaped_safe_str_client(address), port);
2218 
2219  return connection_connect_sockaddr(conn, dest_addr, dest_addr_len,
2220  bind_addr, bind_addr_len, socket_error);
2221 }
2222 
2223 #ifdef HAVE_SYS_UN_H
2224 
2232 int
2233 connection_connect_unix(connection_t *conn, const char *socket_path,
2234  int *socket_error)
2235 {
2236  struct sockaddr_un dest_addr;
2237 
2238  tor_assert(socket_path);
2239 
2240  /* Check that we'll be able to fit it into dest_addr later */
2241  if (strlen(socket_path) + 1 > sizeof(dest_addr.sun_path)) {
2242  log_warn(LD_NET,
2243  "Path %s is too long for an AF_UNIX socket\n",
2244  escaped_safe_str_client(socket_path));
2245  *socket_error = SOCK_ERRNO(ENAMETOOLONG);
2246  return -1;
2247  }
2248 
2249  memset(&dest_addr, 0, sizeof(dest_addr));
2250  dest_addr.sun_family = AF_UNIX;
2251  strlcpy(dest_addr.sun_path, socket_path, sizeof(dest_addr.sun_path));
2252 
2253  log_debug(LD_NET,
2254  "Connecting to AF_UNIX socket at %s.",
2255  escaped_safe_str_client(socket_path));
2256 
2257  return connection_connect_sockaddr(conn,
2258  (struct sockaddr *)&dest_addr, sizeof(dest_addr),
2259  NULL, 0, socket_error);
2260 }
2261 
2262 #endif /* defined(HAVE_SYS_UN_H) */
2263 
2266 static const char *
2268 {
2269  static const char *unknown = "???";
2270  static const char *states[] = {
2271  "PROXY_NONE",
2272  "PROXY_INFANT",
2273  "PROXY_HTTPS_WANT_CONNECT_OK",
2274  "PROXY_SOCKS4_WANT_CONNECT_OK",
2275  "PROXY_SOCKS5_WANT_AUTH_METHOD_NONE",
2276  "PROXY_SOCKS5_WANT_AUTH_METHOD_RFC1929",
2277  "PROXY_SOCKS5_WANT_AUTH_RFC1929_OK",
2278  "PROXY_SOCKS5_WANT_CONNECT_OK",
2279  "PROXY_CONNECTED",
2280  };
2281 
2282  if (state < PROXY_NONE || state > PROXY_CONNECTED)
2283  return unknown;
2284 
2285  return states[state];
2286 }
2287 
2292 static int
2294 {
2295  const or_options_t *options = get_options();
2296 
2297  if (options->ClientTransportPlugin)
2298  return PROXY_PLUGGABLE;
2299  else if (options->HTTPSProxy)
2300  return PROXY_CONNECT;
2301  else if (options->Socks4Proxy)
2302  return PROXY_SOCKS4;
2303  else if (options->Socks5Proxy)
2304  return PROXY_SOCKS5;
2305  else
2306  return PROXY_NONE;
2307 }
2308 
2309 /* One byte for the version, one for the command, two for the
2310  port, and four for the addr... and, one more for the
2311  username NUL: */
2312 #define SOCKS4_STANDARD_BUFFER_SIZE (1 + 1 + 2 + 4 + 1)
2313 
2324 int
2326 {
2327  const or_options_t *options;
2328 
2329  tor_assert(conn);
2330 
2331  options = get_options();
2332 
2333  switch (type) {
2334  case PROXY_CONNECT: {
2335  char buf[1024];
2336  char *base64_authenticator=NULL;
2337  const char *authenticator = options->HTTPSProxyAuthenticator;
2338 
2339  /* Send HTTP CONNECT and authentication (if available) in
2340  * one request */
2341 
2342  if (authenticator) {
2343  base64_authenticator = alloc_http_authenticator(authenticator);
2344  if (!base64_authenticator)
2345  log_warn(LD_OR, "Encoding https authenticator failed");
2346  }
2347 
2348  if (base64_authenticator) {
2349  const char *addrport = fmt_addrport(&conn->addr, conn->port);
2350  tor_snprintf(buf, sizeof(buf), "CONNECT %s HTTP/1.1\r\n"
2351  "Host: %s\r\n"
2352  "Proxy-Authorization: Basic %s\r\n\r\n",
2353  addrport,
2354  addrport,
2355  base64_authenticator);
2356  tor_free(base64_authenticator);
2357  } else {
2358  tor_snprintf(buf, sizeof(buf), "CONNECT %s HTTP/1.0\r\n\r\n",
2359  fmt_addrport(&conn->addr, conn->port));
2360  }
2361 
2362  connection_buf_add(buf, strlen(buf), conn);
2363  conn->proxy_state = PROXY_HTTPS_WANT_CONNECT_OK;
2364  break;
2365  }
2366 
2367  case PROXY_SOCKS4: {
2368  unsigned char *buf;
2369  uint16_t portn;
2370  uint32_t ip4addr;
2371  size_t buf_size = 0;
2372  char *socks_args_string = NULL;
2373 
2374  /* Send a SOCKS4 connect request */
2375 
2376  if (tor_addr_family(&conn->addr) != AF_INET) {
2377  log_warn(LD_NET, "SOCKS4 client is incompatible with IPv6");
2378  return -1;
2379  }
2380 
2381  { /* If we are here because we are trying to connect to a
2382  pluggable transport proxy, check if we have any SOCKS
2383  arguments to transmit. If we do, compress all arguments to
2384  a single string in 'socks_args_string': */
2385 
2386  if (get_proxy_type() == PROXY_PLUGGABLE) {
2387  socks_args_string =
2389  if (socks_args_string)
2390  log_debug(LD_NET, "Sending out '%s' as our SOCKS argument string.",
2391  socks_args_string);
2392  }
2393  }
2394 
2395  { /* Figure out the buffer size we need for the SOCKS message: */
2396 
2397  buf_size = SOCKS4_STANDARD_BUFFER_SIZE;
2398 
2399  /* If we have a SOCKS argument string, consider its size when
2400  calculating the buffer size: */
2401  if (socks_args_string)
2402  buf_size += strlen(socks_args_string);
2403  }
2404 
2405  buf = tor_malloc_zero(buf_size);
2406 
2407  ip4addr = tor_addr_to_ipv4n(&conn->addr);
2408  portn = htons(conn->port);
2409 
2410  buf[0] = 4; /* version */
2411  buf[1] = SOCKS_COMMAND_CONNECT; /* command */
2412  memcpy(buf + 2, &portn, 2); /* port */
2413  memcpy(buf + 4, &ip4addr, 4); /* addr */
2414 
2415  /* Next packet field is the userid. If we have pluggable
2416  transport SOCKS arguments, we have to embed them
2417  there. Otherwise, we use an empty userid. */
2418  if (socks_args_string) { /* place the SOCKS args string: */
2419  tor_assert(strlen(socks_args_string) > 0);
2420  tor_assert(buf_size >=
2421  SOCKS4_STANDARD_BUFFER_SIZE + strlen(socks_args_string));
2422  strlcpy((char *)buf + 8, socks_args_string, buf_size - 8);
2423  tor_free(socks_args_string);
2424  } else {
2425  buf[8] = 0; /* no userid */
2426  }
2427 
2428  connection_buf_add((char *)buf, buf_size, conn);
2429  tor_free(buf);
2430 
2431  conn->proxy_state = PROXY_SOCKS4_WANT_CONNECT_OK;
2432  break;
2433  }
2434 
2435  case PROXY_SOCKS5: {
2436  unsigned char buf[4]; /* fields: vers, num methods, method list */
2437 
2438  /* Send a SOCKS5 greeting (connect request must wait) */
2439 
2440  buf[0] = 5; /* version */
2441 
2442  /* We have to use SOCKS5 authentication, if we have a
2443  Socks5ProxyUsername or if we want to pass arguments to our
2444  pluggable transport proxy: */
2445  if ((options->Socks5ProxyUsername) ||
2446  (get_proxy_type() == PROXY_PLUGGABLE &&
2447  (get_socks_args_by_bridge_addrport(&conn->addr, conn->port)))) {
2448  /* number of auth methods */
2449  buf[1] = 2;
2450  buf[2] = 0x00; /* no authentication */
2451  buf[3] = 0x02; /* rfc1929 Username/Passwd auth */
2452  conn->proxy_state = PROXY_SOCKS5_WANT_AUTH_METHOD_RFC1929;
2453  } else {
2454  buf[1] = 1;
2455  buf[2] = 0x00; /* no authentication */
2456  conn->proxy_state = PROXY_SOCKS5_WANT_AUTH_METHOD_NONE;
2457  }
2458 
2459  connection_buf_add((char *)buf, 2 + buf[1], conn);
2460  break;
2461  }
2462 
2463  default:
2464  log_err(LD_BUG, "Invalid proxy protocol, %d", type);
2466  return -1;
2467  }
2468 
2469  log_debug(LD_NET, "set state %s",
2471 
2472  return 0;
2473 }
2474 
2479 static int
2481 {
2482  char *headers;
2483  char *reason=NULL;
2484  int status_code;
2485  time_t date_header;
2486 
2487  switch (fetch_from_buf_http(conn->inbuf,
2488  &headers, MAX_HEADERS_SIZE,
2489  NULL, NULL, 10000, 0)) {
2490  case -1: /* overflow */
2491  log_warn(LD_PROTOCOL,
2492  "Your https proxy sent back an oversized response. Closing.");
2493  return -1;
2494  case 0:
2495  log_info(LD_NET,"https proxy response not all here yet. Waiting.");
2496  return 0;
2497  /* case 1, fall through */
2498  }
2499 
2500  if (parse_http_response(headers, &status_code, &date_header,
2501  NULL, &reason) < 0) {
2502  log_warn(LD_NET,
2503  "Unparseable headers from proxy (connecting to '%s'). Closing.",
2504  conn->address);
2505  tor_free(headers);
2506  return -1;
2507  }
2508  tor_free(headers);
2509  if (!reason) reason = tor_strdup("[no reason given]");
2510 
2511  if (status_code == 200) {
2512  log_info(LD_NET,
2513  "HTTPS connect to '%s' successful! (200 %s) Starting TLS.",
2514  conn->address, escaped(reason));
2515  tor_free(reason);
2516  return 1;
2517  }
2518  /* else, bad news on the status code */
2519  switch (status_code) {
2520  case 403:
2521  log_warn(LD_NET,
2522  "The https proxy refused to allow connection to %s "
2523  "(status code %d, %s). Closing.",
2524  conn->address, status_code, escaped(reason));
2525  break;
2526  default:
2527  log_warn(LD_NET,
2528  "The https proxy sent back an unexpected status code %d (%s). "
2529  "Closing.",
2530  status_code, escaped(reason));
2531  break;
2532  }
2533  tor_free(reason);
2534  return -1;
2535 }
2536 
2540 static void
2542 {
2543  unsigned char buf[1024];
2544  size_t reqsize = 6;
2545  uint16_t port = htons(conn->port);
2546 
2547  buf[0] = 5; /* version */
2548  buf[1] = SOCKS_COMMAND_CONNECT; /* command */
2549  buf[2] = 0; /* reserved */
2550 
2551  if (tor_addr_family(&conn->addr) == AF_INET) {
2552  uint32_t addr = tor_addr_to_ipv4n(&conn->addr);
2553 
2554  buf[3] = 1;
2555  reqsize += 4;
2556  memcpy(buf + 4, &addr, 4);
2557  memcpy(buf + 8, &port, 2);
2558  } else { /* AF_INET6 */
2559  buf[3] = 4;
2560  reqsize += 16;
2561  memcpy(buf + 4, tor_addr_to_in6_addr8(&conn->addr), 16);
2562  memcpy(buf + 20, &port, 2);
2563  }
2564 
2565  connection_buf_add((char *)buf, reqsize, conn);
2566 
2567  conn->proxy_state = PROXY_SOCKS5_WANT_CONNECT_OK;
2568 }
2569 
2572 static int
2574  int state, char **reason)
2575 {
2576  return fetch_from_buf_socks_client(conn->inbuf, state, reason);
2577 }
2578 
2589 int
2591 {
2592  int ret = 0;
2593  char *reason = NULL;
2594 
2595  log_debug(LD_NET, "enter state %s",
2597 
2598  switch (conn->proxy_state) {
2599  case PROXY_HTTPS_WANT_CONNECT_OK:
2601  if (ret == 1)
2602  conn->proxy_state = PROXY_CONNECTED;
2603  break;
2604 
2605  case PROXY_SOCKS4_WANT_CONNECT_OK:
2607  conn->proxy_state,
2608  &reason);
2609  if (ret == 1)
2610  conn->proxy_state = PROXY_CONNECTED;
2611  break;
2612 
2613  case PROXY_SOCKS5_WANT_AUTH_METHOD_NONE:
2615  conn->proxy_state,
2616  &reason);
2617  /* no auth needed, do connect */
2618  if (ret == 1) {
2620  ret = 0;
2621  }
2622  break;
2623 
2624  case PROXY_SOCKS5_WANT_AUTH_METHOD_RFC1929:
2626  conn->proxy_state,
2627  &reason);
2628 
2629  /* send auth if needed, otherwise do connect */
2630  if (ret == 1) {
2632  ret = 0;
2633  } else if (ret == 2) {
2634  unsigned char buf[1024];
2635  size_t reqsize, usize, psize;
2636  const char *user, *pass;
2637  char *socks_args_string = NULL;
2638 
2639  if (get_proxy_type() == PROXY_PLUGGABLE) {
2640  socks_args_string =
2642  if (!socks_args_string) {
2643  log_warn(LD_NET, "Could not create SOCKS args string.");
2644  ret = -1;
2645  break;
2646  }
2647 
2648  log_debug(LD_NET, "SOCKS5 arguments: %s", socks_args_string);
2649  tor_assert(strlen(socks_args_string) > 0);
2650  tor_assert(strlen(socks_args_string) <= MAX_SOCKS5_AUTH_SIZE_TOTAL);
2651 
2652  if (strlen(socks_args_string) > MAX_SOCKS5_AUTH_FIELD_SIZE) {
2653  user = socks_args_string;
2655  pass = socks_args_string + MAX_SOCKS5_AUTH_FIELD_SIZE;
2656  psize = strlen(socks_args_string) - MAX_SOCKS5_AUTH_FIELD_SIZE;
2657  } else {
2658  user = socks_args_string;
2659  usize = strlen(socks_args_string);
2660  pass = "\0";
2661  psize = 1;
2662  }
2663  } else if (get_options()->Socks5ProxyUsername) {
2664  user = get_options()->Socks5ProxyUsername;
2665  pass = get_options()->Socks5ProxyPassword;
2666  tor_assert(user && pass);
2667  usize = strlen(user);
2668  psize = strlen(pass);
2669  } else {
2670  log_err(LD_BUG, "We entered %s for no reason!", __func__);
2672  ret = -1;
2673  break;
2674  }
2675 
2676  /* Username and password lengths should have been checked
2677  above and during torrc parsing. */
2679  psize <= MAX_SOCKS5_AUTH_FIELD_SIZE);
2680  reqsize = 3 + usize + psize;
2681 
2682  buf[0] = 1; /* negotiation version */
2683  buf[1] = usize;
2684  memcpy(buf + 2, user, usize);
2685  buf[2 + usize] = psize;
2686  memcpy(buf + 3 + usize, pass, psize);
2687 
2688  if (socks_args_string)
2689  tor_free(socks_args_string);
2690 
2691  connection_buf_add((char *)buf, reqsize, conn);
2692 
2693  conn->proxy_state = PROXY_SOCKS5_WANT_AUTH_RFC1929_OK;
2694  ret = 0;
2695  }
2696  break;
2697 
2698  case PROXY_SOCKS5_WANT_AUTH_RFC1929_OK:
2700  conn->proxy_state,
2701  &reason);
2702  /* send the connect request */
2703  if (ret == 1) {
2705  ret = 0;
2706  }
2707  break;
2708 
2709  case PROXY_SOCKS5_WANT_CONNECT_OK:
2711  conn->proxy_state,
2712  &reason);
2713  if (ret == 1)
2714  conn->proxy_state = PROXY_CONNECTED;
2715  break;
2716 
2717  default:
2718  log_err(LD_BUG, "Invalid proxy_state for reading, %d",
2719  conn->proxy_state);
2721  ret = -1;
2722  break;
2723  }
2724 
2725  log_debug(LD_NET, "leaving state %s",
2727 
2728  if (ret < 0) {
2729  if (reason) {
2730  log_warn(LD_NET, "Proxy Client: unable to connect to %s:%d (%s)",
2731  conn->address, conn->port, escaped(reason));
2732  tor_free(reason);
2733  } else {
2734  log_warn(LD_NET, "Proxy Client: unable to connect to %s:%d",
2735  conn->address, conn->port);
2736  }
2737  } else if (ret == 1) {
2738  log_info(LD_NET, "Proxy Client: connection to %s:%d successful",
2739  conn->address, conn->port);
2740  }
2741 
2742  return ret;
2743 }
2744 
2761 static int
2763  const smartlist_t *ports,
2764  smartlist_t *new_conns,
2765  smartlist_t *replacements,
2766  int control_listeners_only)
2767 {
2768 #ifndef ENABLE_LISTENER_REBIND
2769  (void)replacements;
2770 #endif
2771 
2772  smartlist_t *launch = smartlist_new();
2773  int r = 0;
2774 
2775  if (control_listeners_only) {
2776  SMARTLIST_FOREACH(ports, port_cfg_t *, p, {
2777  if (p->type == CONN_TYPE_CONTROL_LISTENER)
2778  smartlist_add(launch, p);
2779  });
2780  } else {
2781  smartlist_add_all(launch, ports);
2782  }
2783 
2784  /* Iterate through old_conns, comparing it to launch: remove from both lists
2785  * each pair of elements that corresponds to the same port. */
2786  SMARTLIST_FOREACH_BEGIN(old_conns, connection_t *, conn) {
2787  const port_cfg_t *found_port = NULL;
2788 
2789  /* Okay, so this is a listener. Is it configured? */
2790  /* That is, is it either: 1) exact match - address and port
2791  * pair match exactly between old listener and new port; or 2)
2792  * wildcard match - port matches exactly, but *one* of the
2793  * addresses is wildcard (0.0.0.0 or ::)?
2794  */
2795  SMARTLIST_FOREACH_BEGIN(launch, const port_cfg_t *, wanted) {
2796  if (conn->type != wanted->type)
2797  continue;
2798  if ((conn->socket_family != AF_UNIX && wanted->is_unix_addr) ||
2799  (conn->socket_family == AF_UNIX && ! wanted->is_unix_addr))
2800  continue;
2801 
2802  if (wanted->server_cfg.no_listen)
2803  continue; /* We don't want to open a listener for this one */
2804 
2805  if (wanted->is_unix_addr) {
2806  if (conn->socket_family == AF_UNIX &&
2807  !strcmp(wanted->unix_addr, conn->address)) {
2808  found_port = wanted;
2809  break;
2810  }
2811  } else {
2812  /* Numeric values of old and new port match exactly. */
2813  const int port_matches_exact = (wanted->port == conn->port);
2814  /* Ports match semantically - either their specific values
2815  match exactly, or new port is 'auto'.
2816  */
2817  const int port_matches = (wanted->port == CFG_AUTO_PORT ||
2818  port_matches_exact);
2819 
2820  if (port_matches && tor_addr_eq(&wanted->addr, &conn->addr)) {
2821  found_port = wanted;
2822  break;
2823  }
2824 #ifdef ENABLE_LISTENER_REBIND
2825  /* Rebinding may be needed if all of the following are true:
2826  * 1) Address family is the same in old and new listeners.
2827  * 2) Port number matches exactly (numeric value is the same).
2828  * 3) *One* of listeners (either old one or new one) has a
2829  * wildcard IP address (0.0.0.0 or [::]).
2830  *
2831  * These are the exact conditions for a first bind() syscall
2832  * to fail with EADDRINUSE.
2833  */
2834  const int may_need_rebind =
2835  tor_addr_family(&wanted->addr) == tor_addr_family(&conn->addr) &&
2836  port_matches_exact && bool_neq(tor_addr_is_null(&wanted->addr),
2837  tor_addr_is_null(&conn->addr));
2838  if (replacements && may_need_rebind) {
2839  listener_replacement_t *replacement =
2840  tor_malloc(sizeof(listener_replacement_t));
2841 
2842  replacement->old_conn = conn;
2843  replacement->new_port = wanted;
2844  smartlist_add(replacements, replacement);
2845 
2846  SMARTLIST_DEL_CURRENT(launch, wanted);
2847  SMARTLIST_DEL_CURRENT(old_conns, conn);
2848  break;
2849  }
2850 #endif
2851  }
2852  } SMARTLIST_FOREACH_END(wanted);
2853 
2854  if (found_port) {
2855  /* This listener is already running; we don't need to launch it. */
2856  //log_debug(LD_NET, "Already have %s on %s:%d",
2857  // conn_type_to_string(found_port->type), conn->address, conn->port);
2858  smartlist_remove(launch, found_port);
2859  /* And we can remove the connection from old_conns too. */
2860  SMARTLIST_DEL_CURRENT(old_conns, conn);
2861  }
2862  } SMARTLIST_FOREACH_END(conn);
2863 
2864  /* Now open all the listeners that are configured but not opened. */
2865  SMARTLIST_FOREACH_BEGIN(launch, const port_cfg_t *, port) {
2866  int skip = 0;
2867  connection_t *conn = connection_listener_new_for_port(port, &skip, NULL);
2868 
2869  if (conn && new_conns)
2870  smartlist_add(new_conns, conn);
2871  else if (!skip)
2872  r = -1;
2873  } SMARTLIST_FOREACH_END(port);
2874 
2875  smartlist_free(launch);
2876 
2877  return r;
2878 }
2879 
2889 int
2890 retry_all_listeners(smartlist_t *new_conns, int close_all_noncontrol)
2891 {
2892  smartlist_t *listeners = smartlist_new();
2893  smartlist_t *replacements = smartlist_new();
2894  const or_options_t *options = get_options();
2895  int retval = 0;
2896  const uint16_t old_or_port = router_get_advertised_or_port(options);
2897  const uint16_t old_or_port_ipv6 =
2898  router_get_advertised_or_port_by_af(options,AF_INET6);
2899  const uint16_t old_dir_port = router_get_advertised_dir_port(options, 0);
2900 
2901  SMARTLIST_FOREACH_BEGIN(get_connection_array(), connection_t *, conn) {
2902  if (connection_is_listener(conn) && !conn->marked_for_close)
2903  smartlist_add(listeners, conn);
2904  } SMARTLIST_FOREACH_END(conn);
2905 
2906  if (retry_listener_ports(listeners,
2907  get_configured_ports(),
2908  new_conns,
2909  replacements,
2910  close_all_noncontrol) < 0)
2911  retval = -1;
2912 
2913 #ifdef ENABLE_LISTENER_REBIND
2914  if (smartlist_len(replacements))
2915  log_debug(LD_NET, "%d replacements - starting rebinding loop.",
2916  smartlist_len(replacements));
2917 
2918  SMARTLIST_FOREACH_BEGIN(replacements, listener_replacement_t *, r) {
2919  int addr_in_use = 0;
2920  int skip = 0;
2921 
2922  tor_assert(r->new_port);
2923  tor_assert(r->old_conn);
2924 
2925  connection_t *new_conn =
2926  connection_listener_new_for_port(r->new_port, &skip, &addr_in_use);
2927  connection_t *old_conn = r->old_conn;
2928 
2929  if (skip) {
2930  log_debug(LD_NET, "Skipping creating new listener for %s:%d",
2931  old_conn->address, old_conn->port);
2932  continue;
2933  }
2934 
2935  connection_close_immediate(old_conn);
2936  connection_mark_for_close(old_conn);
2937 
2938  if (addr_in_use) {
2939  new_conn = connection_listener_new_for_port(r->new_port,
2940  &skip, &addr_in_use);
2941  }
2942 
2943  tor_assert(new_conn);
2944 
2945  smartlist_add(new_conns, new_conn);
2946 
2947  log_notice(LD_NET, "Closed no-longer-configured %s on %s:%d "
2948  "(replaced by %s:%d)",
2949  conn_type_to_string(old_conn->type), old_conn->address,
2950  old_conn->port, new_conn->address, new_conn->port);
2951  } SMARTLIST_FOREACH_END(r);
2952 #endif
2953 
2954  /* Any members that were still in 'listeners' don't correspond to
2955  * any configured port. Kill 'em. */
2956  SMARTLIST_FOREACH_BEGIN(listeners, connection_t *, conn) {
2957  log_notice(LD_NET, "Closing no-longer-configured %s on %s:%d",
2958  conn_type_to_string(conn->type), conn->address, conn->port);
2960  connection_mark_for_close(conn);
2961  } SMARTLIST_FOREACH_END(conn);
2962 
2963  smartlist_free(listeners);
2964  /* Cleanup any remaining listener replacement. */
2965  SMARTLIST_FOREACH(replacements, listener_replacement_t *, r, tor_free(r));
2966  smartlist_free(replacements);
2967 
2968  if (old_or_port != router_get_advertised_or_port(options) ||
2969  old_or_port_ipv6 != router_get_advertised_or_port_by_af(options,
2970  AF_INET6) ||
2971  old_dir_port != router_get_advertised_dir_port(options, 0)) {
2972  /* Our chosen ORPort or DirPort is not what it used to be: the
2973  * descriptor we had (if any) should be regenerated. (We won't
2974  * automatically notice this because of changes in the option,
2975  * since the value could be "auto".) */
2976  mark_my_descriptor_dirty("Chosen Or/DirPort changed");
2977  }
2978 
2979  return retval;
2980 }
2981 
2983 void
2985 {
2986  SMARTLIST_FOREACH_BEGIN(get_connection_array(), connection_t *, conn) {
2987  if (conn->marked_for_close)
2988  continue;
2989  if (conn->type == CONN_TYPE_CONTROL_LISTENER)
2990  continue;
2991  if (connection_is_listener(conn))
2992  connection_mark_for_close(conn);
2993  } SMARTLIST_FOREACH_END(conn);
2994 }
2995 
2997 void
2999 {
3000  SMARTLIST_FOREACH_BEGIN(get_connection_array(), connection_t *, conn) {
3001  if (conn->marked_for_close)
3002  continue;
3003  switch (conn->type) {
3005  case CONN_TYPE_CONTROL:
3006  break;
3007  case CONN_TYPE_AP:
3008  connection_mark_unattached_ap(TO_ENTRY_CONN(conn),
3009  END_STREAM_REASON_HIBERNATING);
3010  break;
3011  case CONN_TYPE_OR:
3012  {
3013  or_connection_t *orconn = TO_OR_CONN(conn);
3014  if (orconn->chan) {
3015  connection_or_close_normally(orconn, 0);
3016  } else {
3017  /*
3018  * There should have been one, but mark for close and hope
3019  * for the best..
3020  */
3021  connection_mark_for_close(conn);
3022  }
3023  }
3024  break;
3025  default:
3026  connection_mark_for_close(conn);
3027  break;
3028  }
3029  } SMARTLIST_FOREACH_END(conn);
3030 }
3031 
3038 static int
3040 {
3041  const or_options_t *options = get_options();
3042  if (conn->linked)
3043  return 0; /* Internal connection */
3044  else if (! options->CountPrivateBandwidth &&
3045  (tor_addr_family(&conn->addr) == AF_UNSPEC || /* no address */
3046  tor_addr_family(&conn->addr) == AF_UNIX || /* no address */
3047  tor_addr_is_internal(&conn->addr, 0)))
3048  return 0; /* Internal address */
3049  else
3050  return 1;
3051 }
3052 
3056 static time_t write_buckets_last_empty_at = -100;
3057 
3060 #define CLIENT_IDLE_TIME_FOR_PRIORITY 30
3061 
3066 static int
3068 {
3069  if (conn->type == CONN_TYPE_OR &&
3072  return 1;
3073  if (conn->type == CONN_TYPE_DIR && DIR_CONN_IS_SERVER(conn))
3074  return 1;
3075  return 0;
3076 }
3077 
3083 static ssize_t
3084 connection_bucket_get_share(int base, int priority,
3085  ssize_t global_bucket_val, ssize_t conn_bucket)
3086 {
3087  ssize_t at_most;
3088  ssize_t num_bytes_high = (priority ? 32 : 16) * base;
3089  ssize_t num_bytes_low = (priority ? 4 : 2) * base;
3090 
3091  /* Do a rudimentary limiting so one circuit can't hog a connection.
3092  * Pick at most 32 cells, at least 4 cells if possible, and if we're in
3093  * the middle pick 1/8 of the available bandwidth. */
3094  at_most = global_bucket_val / 8;
3095  at_most -= (at_most % base); /* round down */
3096  if (at_most > num_bytes_high) /* 16 KB, or 8 KB for low-priority */
3097  at_most = num_bytes_high;
3098  else if (at_most < num_bytes_low) /* 2 KB, or 1 KB for low-priority */
3099  at_most = num_bytes_low;
3100 
3101  if (at_most > global_bucket_val)
3102  at_most = global_bucket_val;
3103 
3104  if (conn_bucket >= 0 && at_most > conn_bucket)
3105  at_most = conn_bucket;
3106 
3107  if (at_most < 0)
3108  return 0;
3109  return at_most;
3110 }
3111 
3113 static ssize_t
3115 {
3116  int base = RELAY_PAYLOAD_SIZE;
3117  int priority = conn->type != CONN_TYPE_DIR;
3118  ssize_t conn_bucket = -1;
3119  size_t global_bucket_val = token_bucket_rw_get_read(&global_bucket);
3120 
3121  if (connection_speaks_cells(conn)) {
3122  or_connection_t *or_conn = TO_OR_CONN(conn);
3123  if (conn->state == OR_CONN_STATE_OPEN)
3124  conn_bucket = token_bucket_rw_get_read(&or_conn->bucket);
3125  base = get_cell_network_size(or_conn->wide_circ_ids);
3126  }
3127 
3128  if (!connection_is_rate_limited(conn)) {
3129  /* be willing to read on local conns even if our buckets are empty */
3130  return conn_bucket>=0 ? conn_bucket : 1<<14;
3131  }
3132 
3133  if (connection_counts_as_relayed_traffic(conn, now)) {
3134  size_t relayed = token_bucket_rw_get_read(&global_relayed_bucket);
3135  global_bucket_val = MIN(global_bucket_val, relayed);
3136  }
3137 
3138  return connection_bucket_get_share(base, priority,
3139  global_bucket_val, conn_bucket);
3140 }
3141 
3143 ssize_t
3145 {
3146  int base = RELAY_PAYLOAD_SIZE;
3147  int priority = conn->type != CONN_TYPE_DIR;
3148  size_t conn_bucket = conn->outbuf_flushlen;
3149  size_t global_bucket_val = token_bucket_rw_get_write(&global_bucket);
3150 
3151  if (!connection_is_rate_limited(conn)) {
3152  /* be willing to write to local conns even if our buckets are empty */
3153  return conn->outbuf_flushlen;
3154  }
3155 
3156  if (connection_speaks_cells(conn)) {
3157  /* use the per-conn write limit if it's lower */
3158  or_connection_t *or_conn = TO_OR_CONN(conn);
3159  if (conn->state == OR_CONN_STATE_OPEN)
3160  conn_bucket = MIN(conn_bucket,
3161  token_bucket_rw_get_write(&or_conn->bucket));
3162  base = get_cell_network_size(or_conn->wide_circ_ids);
3163  }
3164 
3165  if (connection_counts_as_relayed_traffic(conn, now)) {
3166  size_t relayed = token_bucket_rw_get_write(&global_relayed_bucket);
3167  global_bucket_val = MIN(global_bucket_val, relayed);
3168  }
3169 
3170  return connection_bucket_get_share(base, priority,
3171  global_bucket_val, conn_bucket);
3172 }
3173 
3193 int
3194 global_write_bucket_low(connection_t *conn, size_t attempt, int priority)
3195 {
3196  size_t smaller_bucket =
3197  MIN(token_bucket_rw_get_write(&global_bucket),
3198  token_bucket_rw_get_write(&global_relayed_bucket));
3199  if (authdir_mode(get_options()) && priority>1)
3200  return 0; /* there's always room to answer v2 if we're an auth dir */
3201 
3202  if (!connection_is_rate_limited(conn))
3203  return 0; /* local conns don't get limited */
3204 
3205  if (smaller_bucket < attempt)
3206  return 1; /* not enough space no matter the priority */
3207 
3208  {
3209  const time_t diff = approx_time() - write_buckets_last_empty_at;
3210  if (diff <= 1)
3211  return 1; /* we're already hitting our limits, no more please */
3212  }
3213 
3214  if (priority == 1) { /* old-style v1 query */
3215  /* Could we handle *two* of these requests within the next two seconds? */
3216  const or_options_t *options = get_options();
3217  size_t can_write = (size_t) (smaller_bucket
3218  + 2*(options->RelayBandwidthRate ? options->RelayBandwidthRate :
3219  options->BandwidthRate));
3220  if (can_write < 2*attempt)
3221  return 1;
3222  } else { /* v2 query */
3223  /* no further constraints yet */
3224  }
3225  return 0;
3226 }
3227 
3231 
3235 static void
3237  time_t now, size_t num_read, size_t num_written)
3238 {
3239  /* Count bytes of answering direct and tunneled directory requests */
3240  if (conn->type == CONN_TYPE_DIR && conn->purpose == DIR_PURPOSE_SERVER) {
3241  if (num_read > 0)
3242  rep_hist_note_dir_bytes_read(num_read, now);
3243  if (num_written > 0)
3244  rep_hist_note_dir_bytes_written(num_written, now);
3245  }
3246 
3247  if (!connection_is_rate_limited(conn))
3248  return; /* local IPs are free */
3249 
3250  if (conn->type == CONN_TYPE_OR)
3252  num_written, now);
3253 
3254  if (num_read > 0) {
3255  rep_hist_note_bytes_read(num_read, now);
3256  }
3257  if (num_written > 0) {
3258  rep_hist_note_bytes_written(num_written, now);
3259  }
3260  if (conn->type == CONN_TYPE_EXIT)
3261  rep_hist_note_exit_bytes(conn->port, num_written, num_read);
3262 
3263  /* Remember these bytes towards statistics. */
3264  stats_increment_bytes_read_and_written(num_read, num_written);
3265 
3266  /* Remember these bytes towards accounting. */
3267  if (accounting_is_enabled(get_options())) {
3269  accounting_add_bytes(num_read, num_written,
3270  (int)(now - last_recorded_accounting_at));
3271  } else {
3272  accounting_add_bytes(num_read, num_written, 0);
3273  }
3275  }
3276 }
3277 
3280 static void
3282  size_t num_read, size_t num_written)
3283 {
3284  if (num_written >= INT_MAX || num_read >= INT_MAX) {
3285  log_err(LD_BUG, "Value out of range. num_read=%lu, num_written=%lu, "
3286  "connection type=%s, state=%s",
3287  (unsigned long)num_read, (unsigned long)num_written,
3288  conn_type_to_string(conn->type),
3289  conn_state_to_string(conn->type, conn->state));
3290  tor_assert_nonfatal_unreached();
3291  if (num_written >= INT_MAX)
3292  num_written = 1;
3293  if (num_read >= INT_MAX)
3294  num_read = 1;
3295  }
3296 
3297  record_num_bytes_transferred_impl(conn, now, num_read, num_written);
3298 
3299  if (!connection_is_rate_limited(conn))
3300  return; /* local IPs are free */
3301 
3302  unsigned flags = 0;
3303  if (connection_counts_as_relayed_traffic(conn, now)) {
3304  flags = token_bucket_rw_dec(&global_relayed_bucket, num_read, num_written);
3305  }
3306  flags |= token_bucket_rw_dec(&global_bucket, num_read, num_written);
3307 
3308  if (flags & TB_WRITE) {
3310  }
3311  if (connection_speaks_cells(conn) && conn->state == OR_CONN_STATE_OPEN) {
3312  or_connection_t *or_conn = TO_OR_CONN(conn);
3313  token_bucket_rw_dec(&or_conn->bucket, num_read, num_written);
3314  }
3315 }
3316 
3323 void
3325 {
3326  (void)is_global_bw;
3327  conn->read_blocked_on_bw = 1;
3328  connection_stop_reading(conn);
3330 }
3331 
3338 void
3340 {
3341  (void)is_global_bw;
3342  conn->write_blocked_on_bw = 1;
3343  connection_stop_writing(conn);
3345 }
3346 
3349 void
3351 {
3352  const char *reason;
3353 
3354  if (!connection_is_rate_limited(conn))
3355  return; /* Always okay. */
3356 
3357  int is_global = 1;
3358 
3359  if (token_bucket_rw_get_read(&global_bucket) <= 0) {
3360  reason = "global read bucket exhausted. Pausing.";
3361  } else if (connection_counts_as_relayed_traffic(conn, approx_time()) &&
3362  token_bucket_rw_get_read(&global_relayed_bucket) <= 0) {
3363  reason = "global relayed read bucket exhausted. Pausing.";
3364  } else if (connection_speaks_cells(conn) &&
3365  conn->state == OR_CONN_STATE_OPEN &&
3366  token_bucket_rw_get_read(&TO_OR_CONN(conn)->bucket) <= 0) {
3367  reason = "connection read bucket exhausted. Pausing.";
3368  is_global = false;
3369  } else
3370  return; /* all good, no need to stop it */
3371 
3372  LOG_FN_CONN(conn, (LOG_DEBUG, LD_NET, "%s", reason));
3373  connection_read_bw_exhausted(conn, is_global);
3374 }
3375 
3378 void
3380 {
3381  const char *reason;
3382 
3383  if (!connection_is_rate_limited(conn))
3384  return; /* Always okay. */
3385 
3386  bool is_global = true;
3387  if (token_bucket_rw_get_write(&global_bucket) <= 0) {
3388  reason = "global write bucket exhausted. Pausing.";
3389  } else if (connection_counts_as_relayed_traffic(conn, approx_time()) &&
3390  token_bucket_rw_get_write(&global_relayed_bucket) <= 0) {
3391  reason = "global relayed write bucket exhausted. Pausing.";
3392  } else if (connection_speaks_cells(conn) &&
3393  conn->state == OR_CONN_STATE_OPEN &&
3394  token_bucket_rw_get_write(&TO_OR_CONN(conn)->bucket) <= 0) {
3395  reason = "connection write bucket exhausted. Pausing.";
3396  is_global = false;
3397  } else
3398  return; /* all good, no need to stop it */
3399 
3400  LOG_FN_CONN(conn, (LOG_DEBUG, LD_NET, "%s", reason));
3401  connection_write_bw_exhausted(conn, is_global);
3402 }
3403 
3406 void
3408 {
3409  const or_options_t *options = get_options();
3410  const uint32_t now_ts = monotime_coarse_get_stamp();
3411  token_bucket_rw_init(&global_bucket,
3412  (int32_t)options->BandwidthRate,
3413  (int32_t)options->BandwidthBurst,
3414  now_ts);
3415  if (options->RelayBandwidthRate) {
3416  token_bucket_rw_init(&global_relayed_bucket,
3417  (int32_t)options->RelayBandwidthRate,
3418  (int32_t)options->RelayBandwidthBurst,
3419  now_ts);
3420  } else {
3421  token_bucket_rw_init(&global_relayed_bucket,
3422  (int32_t)options->BandwidthRate,
3423  (int32_t)options->BandwidthBurst,
3424  now_ts);
3425  }
3426 
3428 }
3429 
3431 void
3433 {
3434  token_bucket_rw_adjust(&global_bucket,
3435  (int32_t)options->BandwidthRate,
3436  (int32_t)options->BandwidthBurst);
3437  if (options->RelayBandwidthRate) {
3438  token_bucket_rw_adjust(&global_relayed_bucket,
3439  (int32_t)options->RelayBandwidthRate,
3440  (int32_t)options->RelayBandwidthBurst);
3441  } else {
3442  token_bucket_rw_adjust(&global_relayed_bucket,
3443  (int32_t)options->BandwidthRate,
3444  (int32_t)options->BandwidthBurst);
3445  }
3446 }
3447 
3458 static void
3460 {
3461  /* Note that we only check for equality here: the underlying
3462  * token bucket functions can handle moving backwards in time if they
3463  * need to. */
3464  if (now_ts != last_refilled_global_buckets_ts) {
3465  token_bucket_rw_refill(&global_bucket, now_ts);
3466  token_bucket_rw_refill(&global_relayed_bucket, now_ts);
3468  }
3469 
3470  if (connection_speaks_cells(conn) && conn->state == OR_CONN_STATE_OPEN) {
3471  or_connection_t *or_conn = TO_OR_CONN(conn);
3472  token_bucket_rw_refill(&or_conn->bucket, now_ts);
3473  }
3474 }
3475 
3481 
3484 
3487 
3493 static void
3495 {
3496  (void)ev;
3497  (void)arg;
3498  SMARTLIST_FOREACH_BEGIN(get_connection_array(), connection_t *, conn) {
3499  if (conn->read_blocked_on_bw == 1) {
3500  connection_start_reading(conn);
3501  conn->read_blocked_on_bw = 0;
3502  }
3503  if (conn->write_blocked_on_bw == 1) {
3504  connection_start_writing(conn);
3505  conn->write_blocked_on_bw = 0;
3506  }
3507  } SMARTLIST_FOREACH_END(conn);
3508 
3510 }
3511 
3516 static void
3518 {
3523  }
3524  time_t sec = options->TokenBucketRefillInterval / 1000;
3525  int msec = (options->TokenBucketRefillInterval % 1000);
3527  reenable_blocked_connections_delay.tv_usec = msec * 1000;
3528 }
3529 
3535 static void
3537 {
3539  return;
3540  if (BUG(reenable_blocked_connections_ev == NULL)) {
3541  reenable_blocked_connection_init(get_options());
3542  }
3546 }
3547 
3556 static int
3558 {
3559  ssize_t max_to_read=-1, try_to_read;
3560  size_t before, n_read = 0;
3561  int socket_error = 0;
3562 
3563  if (conn->marked_for_close)
3564  return 0; /* do nothing */
3565 
3567 
3569 
3570  switch (conn->type) {
3571  case CONN_TYPE_OR_LISTENER:
3575  case CONN_TYPE_AP_LISTENER:
3585  /* This should never happen; eventdns.c handles the reads here. */
3587  return 0;
3588  }
3589 
3590  loop_again:
3591  try_to_read = max_to_read;
3592  tor_assert(!conn->marked_for_close);
3593 
3594  before = buf_datalen(conn->inbuf);
3595  if (connection_buf_read_from_socket(conn, &max_to_read, &socket_error) < 0) {
3596  /* There's a read error; kill the connection.*/
3597  if (conn->type == CONN_TYPE_OR) {
3599  socket_error != 0 ?
3600  errno_to_orconn_end_reason(socket_error) :
3601  END_OR_CONN_REASON_CONNRESET,
3602  socket_error != 0 ?
3603  tor_socket_strerror(socket_error) :
3604  "(unknown, errno was 0)");
3605  }
3606  if (CONN_IS_EDGE(conn)) {
3607  edge_connection_t *edge_conn = TO_EDGE_CONN(conn);
3608  connection_edge_end_errno(edge_conn);
3609  if (conn->type == CONN_TYPE_AP && TO_ENTRY_CONN(conn)->socks_request) {
3610  /* broken, don't send a socks reply back */
3611  TO_ENTRY_CONN(conn)->socks_request->has_finished = 1;
3612  }
3613  }
3614  connection_close_immediate(conn); /* Don't flush; connection is dead. */
3615  /*
3616  * This can bypass normal channel checking since we did
3617  * connection_or_notify_error() above.
3618  */
3619  connection_mark_for_close_internal(conn);
3620  return -1;
3621  }
3622  n_read += buf_datalen(conn->inbuf) - before;
3623  if (CONN_IS_EDGE(conn) && try_to_read != max_to_read) {
3624  /* instruct it not to try to package partial cells. */
3625  if (connection_process_inbuf(conn, 0) < 0) {
3626  return -1;
3627  }
3628  if (!conn->marked_for_close &&
3629  connection_is_reading(conn) &&
3630  !conn->inbuf_reached_eof &&
3631  max_to_read > 0)
3632  goto loop_again; /* try reading again, in case more is here now */
3633  }
3634  /* one last try, packaging partial cells and all. */
3635  if (!conn->marked_for_close &&
3636  connection_process_inbuf(conn, 1) < 0) {
3637  return -1;
3638  }
3639  if (conn->linked_conn) {
3640  /* The other side's handle_write() will never actually get called, so
3641  * we need to invoke the appropriate callbacks ourself. */
3642  connection_t *linked = conn->linked_conn;
3643 
3644  if (n_read) {
3645  /* Probably a no-op, since linked conns typically don't count for
3646  * bandwidth rate limiting. But do it anyway so we can keep stats
3647  * accurately. Note that since we read the bytes from conn, and
3648  * we're writing the bytes onto the linked connection, we count
3649  * these as <i>written</i> bytes. */
3650  connection_buckets_decrement(linked, approx_time(), 0, n_read);
3651 
3652  if (connection_flushed_some(linked) < 0)
3653  connection_mark_for_close(linked);
3654  if (!connection_wants_to_flush(linked))
3656  }
3657 
3658  if (!buf_datalen(linked->outbuf) && conn->active_on_link)
3660  }
3661  /* If we hit the EOF, call connection_reached_eof(). */
3662  if (!conn->marked_for_close &&
3663  conn->inbuf_reached_eof &&
3664  connection_reached_eof(conn) < 0) {
3665  return -1;
3666  }
3667  return 0;
3668 }
3669 
3670 /* DOCDOC connection_handle_read */
3671 int
3672 connection_handle_read(connection_t *conn)
3673 {
3674  int res;
3675  update_current_time(time(NULL));
3676  res = connection_handle_read_impl(conn);
3677  return res;
3678 }
3679 
3690 static int
3691 connection_buf_read_from_socket(connection_t *conn, ssize_t *max_to_read,
3692  int *socket_error)
3693 {
3694  int result;
3695  ssize_t at_most = *max_to_read;
3696  size_t slack_in_buf, more_to_read;
3697  size_t n_read = 0, n_written = 0;
3698 
3699  if (at_most == -1) { /* we need to initialize it */
3700  /* how many bytes are we allowed to read? */
3701  at_most = connection_bucket_read_limit(conn, approx_time());
3702  }
3703 
3704  slack_in_buf = buf_slack(conn->inbuf);
3705  again:
3706  if ((size_t)at_most > slack_in_buf && slack_in_buf >= 1024) {
3707  more_to_read = at_most - slack_in_buf;
3708  at_most = slack_in_buf;
3709  } else {
3710  more_to_read = 0;
3711  }
3712 
3713  if (connection_speaks_cells(conn) &&
3715  int pending;
3716  or_connection_t *or_conn = TO_OR_CONN(conn);
3717  size_t initial_size;
3718  if (conn->state == OR_CONN_STATE_TLS_HANDSHAKING ||
3720  /* continue handshaking even if global token bucket is empty */
3721  return connection_tls_continue_handshake(or_conn);
3722  }
3723 
3724  log_debug(LD_NET,
3725  "%d: starting, inbuf_datalen %ld (%d pending in tls object)."
3726  " at_most %ld.",
3727  (int)conn->s,(long)buf_datalen(conn->inbuf),
3728  tor_tls_get_pending_bytes(or_conn->tls), (long)at_most);
3729 
3730  initial_size = buf_datalen(conn->inbuf);
3731  /* else open, or closing */
3732  result = buf_read_from_tls(conn->inbuf, or_conn->tls, at_most);
3733  if (TOR_TLS_IS_ERROR(result) || result == TOR_TLS_CLOSE)
3734  or_conn->tls_error = result;
3735  else
3736  or_conn->tls_error = 0;
3737 
3738  switch (result) {
3739  case TOR_TLS_CLOSE:
3740  case TOR_TLS_ERROR_IO:
3741  log_debug(LD_NET,"TLS connection closed %son read. Closing. "
3742  "(Nickname %s, address %s)",
3743  result == TOR_TLS_CLOSE ? "cleanly " : "",
3744  or_conn->nickname ? or_conn->nickname : "not set",
3745  conn->address);
3746  return result;
3748  log_debug(LD_NET,"tls error [%s]. breaking (nickname %s, address %s).",
3749  tor_tls_err_to_string(result),
3750  or_conn->nickname ? or_conn->nickname : "not set",
3751  conn->address);
3752  return result;
3753  case TOR_TLS_WANTWRITE:
3754  connection_start_writing(conn);
3755  return 0;
3756  case TOR_TLS_WANTREAD:
3757  if (conn->in_connection_handle_write) {
3758  /* We've been invoked from connection_handle_write, because we're
3759  * waiting for a TLS renegotiation, the renegotiation started, and
3760  * SSL_read returned WANTWRITE. But now SSL_read is saying WANTREAD
3761  * again. Stop waiting for write events now, or else we'll
3762  * busy-loop until data arrives for us to read.
3763  * XXX: remove this when v2 handshakes support is dropped. */
3764  connection_stop_writing(conn);
3765  if (!connection_is_reading(conn))
3766  connection_start_reading(conn);
3767  }
3768  /* we're already reading, one hopes */
3769  break;
3770  case TOR_TLS_DONE: /* no data read, so nothing to process */
3771  break; /* so we call bucket_decrement below */
3772  default:
3773  break;
3774  }
3775  pending = tor_tls_get_pending_bytes(or_conn->tls);
3776  if (pending) {
3777  /* If we have any pending bytes, we read them now. This *can*
3778  * take us over our read allotment, but really we shouldn't be
3779  * believing that SSL bytes are the same as TCP bytes anyway. */
3780  int r2 = buf_read_from_tls(conn->inbuf, or_conn->tls, pending);
3781  if (BUG(r2<0)) {
3782  log_warn(LD_BUG, "apparently, reading pending bytes can fail.");
3783  return -1;
3784  }
3785  }
3786  result = (int)(buf_datalen(conn->inbuf)-initial_size);
3787  tor_tls_get_n_raw_bytes(or_conn->tls, &n_read, &n_written);
3788  log_debug(LD_GENERAL, "After TLS read of %d: %ld read, %ld written",
3789  result, (long)n_read, (long)n_written);
3790  } else if (conn->linked) {
3791  if (conn->linked_conn) {
3792  result = buf_move_to_buf(conn->inbuf, conn->linked_conn->outbuf,
3793  &conn->linked_conn->outbuf_flushlen);
3794  if (BUG(result<0)) {
3795  log_warn(LD_BUG, "reading from linked connection buffer failed.");
3796  return -1;
3797  }
3798  } else {
3799  result = 0;
3800  }
3801  //log_notice(LD_GENERAL, "Moved %d bytes on an internal link!", result);
3802  /* If the other side has disappeared, or if it's been marked for close and
3803  * we flushed its outbuf, then we should set our inbuf_reached_eof. */
3804  if (!conn->linked_conn ||
3805  (conn->linked_conn->marked_for_close &&
3806  buf_datalen(conn->linked_conn->outbuf) == 0))
3807  conn->inbuf_reached_eof = 1;
3808 
3809  n_read = (size_t) result;
3810  } else {
3811  /* !connection_speaks_cells, !conn->linked_conn. */
3812  int reached_eof = 0;
3813  CONN_LOG_PROTECT(conn,
3814  result = buf_read_from_socket(conn->inbuf, conn->s,
3815  at_most,
3816  &reached_eof,
3817  socket_error));
3818  if (reached_eof)
3819  conn->inbuf_reached_eof = 1;
3820 
3821 // log_fn(LOG_DEBUG,"read_to_buf returned %d.",read_result);
3822 
3823  if (result < 0)
3824  return -1;
3825  n_read = (size_t) result;
3826  }
3827 
3828  if (n_read > 0) {
3829  /* change *max_to_read */
3830  *max_to_read = at_most - n_read;
3831 
3832  /* Update edge_conn->n_read */
3833  if (conn->type == CONN_TYPE_AP) {
3834  edge_connection_t *edge_conn = TO_EDGE_CONN(conn);
3835 
3836  /* Check for overflow: */
3837  if (PREDICT_LIKELY(UINT32_MAX - edge_conn->n_read > n_read))
3838  edge_conn->n_read += (int)n_read;
3839  else
3840  edge_conn->n_read = UINT32_MAX;
3841  }
3842 
3843  /* If CONN_BW events are enabled, update conn->n_read_conn_bw for
3844  * OR/DIR/EXIT connections, checking for overflow. */
3845  if (get_options()->TestingEnableConnBwEvent &&
3846  (conn->type == CONN_TYPE_OR ||
3847  conn->type == CONN_TYPE_DIR ||
3848  conn->type == CONN_TYPE_EXIT)) {
3849  if (PREDICT_LIKELY(UINT32_MAX - conn->n_read_conn_bw > n_read))
3850  conn->n_read_conn_bw += (int)n_read;
3851  else
3852  conn->n_read_conn_bw = UINT32_MAX;
3853  }
3854  }
3855 
3856  connection_buckets_decrement(conn, approx_time(), n_read, n_written);
3857 
3858  if (more_to_read && result == at_most) {
3859  slack_in_buf = buf_slack(conn->inbuf);
3860  at_most = more_to_read;
3861  goto again;
3862  }
3863 
3864  /* Call even if result is 0, since the global read bucket may
3865  * have reached 0 on a different conn, and this connection needs to
3866  * know to stop reading. */
3868  if (n_written > 0 && connection_is_writing(conn))
3870 
3871  return 0;
3872 }
3873 
3875 int
3876 connection_buf_get_bytes(char *string, size_t len, connection_t *conn)
3877 {
3878  return buf_get_bytes(conn->inbuf, string, len);
3879 }
3880 
3882 int
3884  size_t *data_len)
3885 {
3886  return buf_get_line(conn->inbuf, data, data_len);
3887 }
3888 
3891 int
3893  char **headers_out, size_t max_headerlen,
3894  char **body_out, size_t *body_used,
3895  size_t max_bodylen, int force_complete)
3896 {
3897  return fetch_from_buf_http(conn->inbuf, headers_out, max_headerlen,
3898  body_out, body_used, max_bodylen, force_complete);
3899 }
3900 
3903 int
3905 {
3906  return conn->outbuf_flushlen > 0;
3907 }
3908 
3913 int
3915 {
3916  return (conn->outbuf_flushlen > 10*CELL_PAYLOAD_SIZE);
3917 }
3918 
3925 static void
3927 {
3928 #ifdef _WIN32
3929  /* We only do this on Vista and 7, because earlier versions of Windows
3930  * don't have the SIO_IDEAL_SEND_BACKLOG_QUERY functionality, and on
3931  * later versions it isn't necessary. */
3932  static int isVistaOr7 = -1;
3933  if (isVistaOr7 == -1) {
3934  isVistaOr7 = 0;
3935  OSVERSIONINFO osvi = { 0 };
3936  osvi.dwOSVersionInfoSize = sizeof(OSVERSIONINFO);
3937  GetVersionEx(&osvi);
3938  if (osvi.dwMajorVersion == 6 && osvi.dwMinorVersion < 2)
3939  isVistaOr7 = 1;
3940  }
3941  if (!isVistaOr7)
3942  return;
3943  if (get_options()->ConstrainedSockets)
3944  return;
3945  ULONG isb = 0;
3946  DWORD bytesReturned = 0;
3947  if (!WSAIoctl(sock, SIO_IDEAL_SEND_BACKLOG_QUERY, NULL, 0,
3948  &isb, sizeof(isb), &bytesReturned, NULL, NULL)) {
3949  setsockopt(sock, SOL_SOCKET, SO_SNDBUF, (const char*)&isb, sizeof(isb));
3950  }
3951 #else
3952  (void) sock;
3953 #endif
3954 }
3955 
3974 static int
3976 {
3977  int e;
3978  socklen_t len=(socklen_t)sizeof(e);
3979  int result;
3980  ssize_t max_to_write;
3981  time_t now = approx_time();
3982  size_t n_read = 0, n_written = 0;
3983  int dont_stop_writing = 0;
3984 
3986 
3987  if (conn->marked_for_close || !SOCKET_OK(conn->s))
3988  return 0; /* do nothing */
3989 
3990  if (conn->in_flushed_some) {
3991  log_warn(LD_BUG, "called recursively from inside conn->in_flushed_some");
3992  return 0;
3993  }
3994 
3995  conn->timestamp_last_write_allowed = now;
3996 
3998 
3999  /* Sometimes, "writable" means "connected". */
4000  if (connection_state_is_connecting(conn)) {
4001  if (getsockopt(conn->s, SOL_SOCKET, SO_ERROR, (void*)&e, &len) < 0) {
4002  log_warn(LD_BUG, "getsockopt() syscall failed");
4003  if (conn->type == CONN_TYPE_OR) {
4004  or_connection_t *orconn = TO_OR_CONN(conn);
4005  connection_or_close_for_error(orconn, 0);
4006  } else {
4007  if (CONN_IS_EDGE(conn)) {
4009  }
4010  connection_mark_for_close(conn);
4011  }
4012  return -1;
4013  }
4014  if (e) {
4015  /* some sort of error, but maybe just inprogress still */
4016  if (!ERRNO_IS_CONN_EINPROGRESS(e)) {
4017  log_info(LD_NET,"in-progress connect failed. Removing. (%s)",
4018  tor_socket_strerror(e));
4019  if (CONN_IS_EDGE(conn))
4021  if (conn->type == CONN_TYPE_OR)
4024  tor_socket_strerror(e));
4025 
4027  /*
4028  * This can bypass normal channel checking since we did
4029  * connection_or_notify_error() above.
4030  */
4031  connection_mark_for_close_internal(conn);
4032  return -1;
4033  } else {
4034  return 0; /* no change, see if next time is better */
4035  }
4036  }
4037  /* The connection is successful. */
4038  if (connection_finished_connecting(conn)<0)
4039  return -1;
4040  }
4041 
4042  max_to_write = force ? (ssize_t)conn->outbuf_flushlen
4043  : connection_bucket_write_limit(conn, now);
4044 
4045  if (connection_speaks_cells(conn) &&
4047  or_connection_t *or_conn = TO_OR_CONN(conn);
4048  size_t initial_size;
4049  if (conn->state == OR_CONN_STATE_TLS_HANDSHAKING ||
4051  connection_stop_writing(conn);
4052  if (connection_tls_continue_handshake(or_conn) < 0) {
4053  /* Don't flush; connection is dead. */
4055  END_OR_CONN_REASON_MISC,
4056  "TLS error in connection_tls_"
4057  "continue_handshake()");
4059  /*
4060  * This can bypass normal channel checking since we did
4061  * connection_or_notify_error() above.
4062  */
4063  connection_mark_for_close_internal(conn);
4064  return -1;
4065  }
4066  return 0;
4067  } else if (conn->state == OR_CONN_STATE_TLS_SERVER_RENEGOTIATING) {
4068  return connection_handle_read(conn);
4069  }
4070 
4071  /* else open, or closing */
4072  initial_size = buf_datalen(conn->outbuf);
4073  result = buf_flush_to_tls(conn->outbuf, or_conn->tls,
4074  max_to_write, &conn->outbuf_flushlen);
4075 
4076  if (result >= 0)
4077  update_send_buffer_size(conn->s);
4078 
4079  /* If we just flushed the last bytes, tell the channel on the
4080  * or_conn to check if it needs to geoip_change_dirreq_state() */
4081  /* XXXX move this to flushed_some or finished_flushing -NM */
4082  if (buf_datalen(conn->outbuf) == 0 && or_conn->chan)
4083  channel_notify_flushed(TLS_CHAN_TO_BASE(or_conn->chan));
4084 
4085  switch (result) {
4087  case TOR_TLS_CLOSE:
4088  log_info(LD_NET, result != TOR_TLS_CLOSE ?
4089  "tls error. breaking.":"TLS connection closed on flush");
4090  /* Don't flush; connection is dead. */
4092  END_OR_CONN_REASON_MISC,
4093  result != TOR_TLS_CLOSE ?
4094  "TLS error in during flush" :
4095  "TLS closed during flush");
4097  /*
4098  * This can bypass normal channel checking since we did
4099  * connection_or_notify_error() above.
4100  */
4101  connection_mark_for_close_internal(conn);
4102  return -1;
4103  case TOR_TLS_WANTWRITE:
4104  log_debug(LD_NET,"wanted write.");
4105  /* we're already writing */
4106  dont_stop_writing = 1;
4107  break;
4108  case TOR_TLS_WANTREAD:
4109  /* Make sure to avoid a loop if the receive buckets are empty. */
4110  log_debug(LD_NET,"wanted read.");
4111  if (!connection_is_reading(conn)) {
4112  connection_write_bw_exhausted(conn, true);
4113  /* we'll start reading again when we get more tokens in our
4114  * read bucket; then we'll start writing again too.
4115  */
4116  }
4117  /* else no problem, we're already reading */
4118  return 0;
4119  /* case TOR_TLS_DONE:
4120  * for TOR_TLS_DONE, fall through to check if the flushlen
4121  * is empty, so we can stop writing.
4122  */
4123  }
4124 
4125  tor_tls_get_n_raw_bytes(or_conn->tls, &n_read, &n_written);
4126  log_debug(LD_GENERAL, "After TLS write of %d: %ld read, %ld written",
4127  result, (long)n_read, (long)n_written);
4128  or_conn->bytes_xmitted += result;
4129  or_conn->bytes_xmitted_by_tls += n_written;
4130  /* So we notice bytes were written even on error */
4131  /* XXXX This cast is safe since we can never write INT_MAX bytes in a
4132  * single set of TLS operations. But it looks kinda ugly. If we refactor
4133  * the *_buf_tls functions, we should make them return ssize_t or size_t
4134  * or something. */
4135  result = (int)(initial_size-buf_datalen(conn->outbuf));
4136  } else {
4137  CONN_LOG_PROTECT(conn,
4138  result = buf_flush_to_socket(conn->outbuf, conn->s,
4139  max_to_write, &conn->outbuf_flushlen));
4140  if (result < 0) {
4141  if (CONN_IS_EDGE(conn))
4143  if (conn->type == CONN_TYPE_AP) {
4144  /* writing failed; we couldn't send a SOCKS reply if we wanted to */
4145  TO_ENTRY_CONN(conn)->socks_request->has_finished = 1;
4146  }
4147 
4148  connection_close_immediate(conn); /* Don't flush; connection is dead. */
4149  connection_mark_for_close(conn);
4150  return -1;
4151  }
4152  update_send_buffer_size(conn->s);
4153  n_written = (size_t) result;
4154  }
4155 
4156  if (n_written && conn->type == CONN_TYPE_AP) {
4157  edge_connection_t *edge_conn = TO_EDGE_CONN(conn);
4158 
4159  /* Check for overflow: */
4160  if (PREDICT_LIKELY(UINT32_MAX - edge_conn->n_written > n_written))
4161  edge_conn->n_written += (int)n_written;
4162  else
4163  edge_conn->n_written = UINT32_MAX;
4164  }
4165 
4166  /* If CONN_BW events are enabled, update conn->n_written_conn_bw for
4167  * OR/DIR/EXIT connections, checking for overflow. */
4168  if (n_written && get_options()->TestingEnableConnBwEvent &&
4169  (conn->type == CONN_TYPE_OR ||
4170  conn->type == CONN_TYPE_DIR ||
4171  conn->type == CONN_TYPE_EXIT)) {
4172  if (PREDICT_LIKELY(UINT32_MAX - conn->n_written_conn_bw > n_written))
4173  conn->n_written_conn_bw += (int)n_written;
4174  else
4175  conn->n_written_conn_bw = UINT32_MAX;
4176  }
4177 
4178  connection_buckets_decrement(conn, approx_time(), n_read, n_written);
4179 
4180  if (result > 0) {
4181  /* If we wrote any bytes from our buffer, then call the appropriate
4182  * functions. */
4183  if (connection_flushed_some(conn) < 0) {
4184  if (connection_speaks_cells(conn)) {
4186  END_OR_CONN_REASON_MISC,
4187  "Got error back from "
4188  "connection_flushed_some()");
4189  }
4190 
4191  /*
4192  * This can bypass normal channel checking since we did
4193  * connection_or_notify_error() above.
4194  */
4195  connection_mark_for_close_internal(conn);
4196  }
4197  }
4198 
4199  if (!connection_wants_to_flush(conn) &&
4200  !dont_stop_writing) { /* it's done flushing */
4201  if (connection_finished_flushing(conn) < 0) {
4202  /* already marked */
4203  return -1;
4204  }
4205  return 0;
4206  }
4207 
4208  /* Call even if result is 0, since the global write bucket may
4209  * have reached 0 on a different conn, and this connection needs to
4210  * know to stop writing. */
4212  if (n_read > 0 && connection_is_reading(conn))
4214 
4215  return 0;
4216 }
4217 
4218 /* DOCDOC connection_handle_write */
4219 int
4220 connection_handle_write(connection_t *conn, int force)
4221 {
4222  int res;
4223  update_current_time(time(NULL));
4224  /* connection_handle_write_impl() might call connection_handle_read()
4225  * if we're in the middle of a v2 handshake, in which case it needs this
4226  * flag set. */
4227  conn->in_connection_handle_write = 1;
4228  res = connection_handle_write_impl(conn, force);
4229  conn->in_connection_handle_write = 0;
4230  return res;
4231 }
4232 
4242 int
4244 {
4245  return connection_handle_write(conn, 1);
4246 }
4247 
4253 static int
4255 {
4256  /* if it's marked for close, only allow write if we mean to flush it */
4257  if (conn->marked_for_close && !conn->hold_open_until_flushed)
4258  return 0;
4259 
4260  return 1;
4261 }
4262 
4268 static void
4270 {
4271  if (CONN_IS_EDGE(conn)) {
4272  /* if it failed, it means we have our package/delivery windows set
4273  wrong compared to our max outbuf size. close the whole circuit. */
4274  log_warn(LD_NET,
4275  "write_to_buf failed. Closing circuit (fd %d).", (int)conn->s);
4276  circuit_mark_for_close(circuit_get_by_edge_conn(TO_EDGE_CONN(conn)),
4277  END_CIRC_REASON_INTERNAL);
4278  } else if (conn->type == CONN_TYPE_OR) {
4279  or_connection_t *orconn = TO_OR_CONN(conn);
4280  log_warn(LD_NET,
4281  "write_to_buf failed on an orconn; notifying of error "
4282  "(fd %d)", (int)(conn->s));
4283  connection_or_close_for_error(orconn, 0);
4284  } else {
4285  log_warn(LD_NET,
4286  "write_to_buf failed. Closing connection (fd %d).",
4287  (int)conn->s);
4288  connection_mark_for_close(conn);
4289  }
4290 }
4291 
4297 static void
4299 {
4300  /* If we receive optimistic data in the EXIT_CONN_STATE_RESOLVING
4301  * state, we don't want to try to write it right away, since
4302  * conn->write_event won't be set yet. Otherwise, write data from
4303  * this conn as the socket is available. */
4304  if (conn->write_event) {
4305  connection_start_writing(conn);
4306  }
4307  conn->outbuf_flushlen += len;
4308 }
4309 
4319 connection_write_to_buf_impl_,(const char *string, size_t len,
4320  connection_t *conn, int zlib))
4321 {
4322  /* XXXX This function really needs to return -1 on failure. */
4323  int r;
4324  if (!len && !(zlib<0))
4325  return;
4326 
4327  if (!connection_may_write_to_buf(conn))
4328  return;
4329 
4330  size_t written;
4331 
4332  if (zlib) {
4333  size_t old_datalen = buf_datalen(conn->outbuf);
4334  dir_connection_t *dir_conn = TO_DIR_CONN(conn);
4335  int done = zlib < 0;
4336  CONN_LOG_PROTECT(conn, r = buf_add_compress(conn->outbuf,
4337  dir_conn->compress_state,
4338  string, len, done));
4339  written = buf_datalen(conn->outbuf) - old_datalen;
4340  } else {
4341  CONN_LOG_PROTECT(conn, r = buf_add(conn->outbuf, string, len));
4342  written = len;
4343  }
4344  if (r < 0) {
4346  return;
4347  }
4348  connection_write_to_buf_commit(conn, written);
4349 }
4350 
4356 void
4357 connection_dir_buf_add(const char *string, size_t len,
4358  dir_connection_t *dir_conn, int done)
4359 {
4360  if (dir_conn->compress_state != NULL) {
4361  connection_buf_add_compress(string, len, dir_conn, done);
4362  return;
4363  }
4364 
4365  connection_buf_add(string, len, TO_CONN(dir_conn));
4366 }
4367 
4368 void
4369 connection_buf_add_compress(const char *string, size_t len,
4370  dir_connection_t *conn, int done)
4371 {
4372  connection_write_to_buf_impl_(string, len, TO_CONN(conn), done ? -1 : 1);
4373 }
4374 
4380 void
4382 {
4383  tor_assert(conn);
4384  tor_assert(buf);
4385  size_t len = buf_datalen(buf);
4386  if (len == 0)
4387  return;
4388 
4389  if (!connection_may_write_to_buf(conn))
4390  return;
4391 
4392  buf_move_all(conn->outbuf, buf);
4393  connection_write_to_buf_commit(conn, len);
4394 }
4395 
4396 #define CONN_GET_ALL_TEMPLATE(var, test) \
4397  STMT_BEGIN \
4398  smartlist_t *conns = get_connection_array(); \
4399  smartlist_t *ret_conns = smartlist_new(); \
4400  SMARTLIST_FOREACH_BEGIN(conns, connection_t *, var) { \
4401  if (var && (test) && !var->marked_for_close) \
4402  smartlist_add(ret_conns, var); \
4403  } SMARTLIST_FOREACH_END(var); \
4404  return ret_conns; \
4405  STMT_END
4406 
4407 /* Return a list of connections that aren't close and matches the given type
4408  * and state. The returned list can be empty and must be freed using
4409  * smartlist_free(). The caller does NOT have ownership of the objects in the
4410  * list so it must not free them nor reference them as they can disappear. */
4411 smartlist_t *
4412 connection_list_by_type_state(int type, int state)
4413 {
4414  CONN_GET_ALL_TEMPLATE(conn, (conn->type == type && conn->state == state));
4415 }
4416 
4417 /* Return a list of connections that aren't close and matches the given type
4418  * and purpose. The returned list can be empty and must be freed using
4419  * smartlist_free(). The caller does NOT have ownership of the objects in the
4420  * list so it must not free them nor reference them as they can disappear. */
4421 smartlist_t *
4422 connection_list_by_type_purpose(int type, int purpose)
4423 {
4424  CONN_GET_ALL_TEMPLATE(conn,
4425  (conn->type == type && conn->purpose == purpose));
4426 }
4427 
4430 #define CONN_GET_TEMPLATE(var, test) \
4431  STMT_BEGIN \
4432  smartlist_t *conns = get_connection_array(); \
4433  SMARTLIST_FOREACH(conns, connection_t *, var, \
4434  { \
4435  if (var && (test) && !var->marked_for_close) \
4436  return var; \
4437  }); \
4438  return NULL; \
4439  STMT_END
4440 
4445 connection_get_by_type_addr_port_purpose,(int type,
4446  const tor_addr_t *addr, uint16_t port,
4447  int purpose))
4448 {
4449  CONN_GET_TEMPLATE(conn,
4450  (conn->type == type &&
4451  tor_addr_eq(&conn->addr, addr) &&
4452  conn->port == port &&
4453  conn->purpose == purpose));
4454 }
4455 
4459 connection_t *
4461 {
4462  CONN_GET_TEMPLATE(conn, conn->global_identifier == id);
4463 }
4464 
4467 connection_t *
4469 {
4470  CONN_GET_TEMPLATE(conn, conn->type == type);
4471 }
4472 
4476 connection_t *
4477 connection_get_by_type_state(int type, int state)
4478 {
4479  CONN_GET_TEMPLATE(conn, conn->type == type && conn->state == state);
4480 }
4481 
4487 connection_get_by_type_nonlinked,(int type))
4488 {
4489  CONN_GET_TEMPLATE(conn, conn->type == type && !conn->linked);
4490 }
4491 
4496 connection_t *
4498  const char *rendquery)
4499 {
4500  tor_assert(type == CONN_TYPE_DIR ||
4501  type == CONN_TYPE_AP || type == CONN_TYPE_EXIT);
4502  tor_assert(rendquery);
4503 
4504  CONN_GET_TEMPLATE(conn,
4505  (conn->type == type &&
4506  (!state || state == conn->state)) &&
4507  (
4508  (type == CONN_TYPE_DIR &&
4509  TO_DIR_CONN(conn)->rend_data &&
4510  !rend_cmp_service_ids(rendquery,
4511  rend_data_get_address(TO_DIR_CONN(conn)->rend_data)))
4512  ||
4513  (CONN_IS_EDGE(conn) &&
4514  TO_EDGE_CONN(conn)->rend_data &&
4515  !rend_cmp_service_ids(rendquery,
4516  rend_data_get_address(TO_EDGE_CONN(conn)->rend_data)))
4517  ));
4518 }
4519 
4524 #define DIR_CONN_LIST_TEMPLATE(conn_var, conn_test, \
4525  dirconn_var, dirconn_test) \
4526  STMT_BEGIN \
4527  smartlist_t *conns = get_connection_array(); \
4528  smartlist_t *dir_conns = smartlist_new(); \
4529  SMARTLIST_FOREACH_BEGIN(conns, connection_t *, conn_var) { \
4530  if (conn_var && (conn_test) \
4531  && conn_var->type == CONN_TYPE_DIR \
4532  && !conn_var->marked_for_close) { \
4533  dir_connection_t *dirconn_var = TO_DIR_CONN(conn_var); \
4534  if (dirconn_var && (dirconn_test)) { \
4535  smartlist_add(dir_conns, dirconn_var); \
4536  } \
4537  } \
4538  } SMARTLIST_FOREACH_END(conn_var); \
4539  return dir_conns; \
4540  STMT_END
4541 
4548 smartlist_t *
4550  int purpose,
4551  const char *resource)
4552 {
4554  conn->purpose == purpose,
4555  dirconn,
4556  0 == strcmp_opt(resource,
4557  dirconn->requested_resource));
4558 }
4559 
4566 smartlist_t *
4568  int purpose,
4569  const char *resource,
4570  int state)
4571 {
4573  conn->purpose == purpose && conn->state == state,
4574  dirconn,
4575  0 == strcmp_opt(resource,
4576  dirconn->requested_resource));
4577 }
4578 
4579 #undef DIR_CONN_LIST_TEMPLATE
4580 
4585 static connection_t *
4587 {
4588  CONN_GET_TEMPLATE(conn,
4589  conn != TO_CONN(this_conn) && conn->type == CONN_TYPE_OR);
4590 }
4591 
4597 int
4599 {
4601  if (conn != NULL) {
4602  log_debug(LD_DIR, "%s: Found an OR connection: %s",
4603  __func__, conn->address);
4604  return 1;
4605  }
4606 
4607  return 0;
4608 }
4609 
4610 #undef CONN_GET_TEMPLATE
4611 
4613 int
4615 {
4616  if (conn->type == CONN_TYPE_OR_LISTENER ||
4617  conn->type == CONN_TYPE_EXT_OR_LISTENER ||
4618  conn->type == CONN_TYPE_AP_LISTENER ||
4619  conn->type == CONN_TYPE_AP_TRANS_LISTENER ||
4620  conn->type == CONN_TYPE_AP_DNS_LISTENER ||
4621  conn->type == CONN_TYPE_AP_NATD_LISTENER ||
4623  conn->type == CONN_TYPE_DIR_LISTENER ||
4625  return 1;
4626  return 0;
4627 }
4628 
4632 int
4634 {
4635  tor_assert(conn);
4636 
4637  if (conn->marked_for_close)
4638  return 0;
4639 
4640  if ((conn->type == CONN_TYPE_OR && conn->state == OR_CONN_STATE_OPEN) ||
4641  (conn->type == CONN_TYPE_EXT_OR) ||
4642  (conn->type == CONN_TYPE_AP && conn->state == AP_CONN_STATE_OPEN) ||
4643  (conn->type == CONN_TYPE_EXIT && conn->state == EXIT_CONN_STATE_OPEN) ||
4644  (conn->type == CONN_TYPE_CONTROL &&
4645  conn->state == CONTROL_CONN_STATE_OPEN))
4646  return 1;
4647 
4648  return 0;
4649 }
4650 
4652 int
4654 {
4655  tor_assert(conn);
4656 
4657  if (conn->marked_for_close)
4658  return 0;
4659  switch (conn->type)
4660  {
4661  case CONN_TYPE_OR:
4662  return conn->state == OR_CONN_STATE_CONNECTING;
4663  case CONN_TYPE_EXIT:
4664  return conn->state == EXIT_CONN_STATE_CONNECTING;
4665  case CONN_TYPE_DIR:
4666  return conn->state == DIR_CONN_STATE_CONNECTING;
4667  }
4668 
4669  return 0;
4670 }
4671 
4675 char *
4676 alloc_http_authenticator(const char *authenticator)
4677 {
4678  /* an authenticator in Basic authentication
4679  * is just the string "username:password" */
4680  const size_t authenticator_length = strlen(authenticator);
4681  const size_t base64_authenticator_length =
4682  base64_encode_size(authenticator_length, 0) + 1;
4683  char *base64_authenticator = tor_malloc(base64_authenticator_length);
4684  if (base64_encode(base64_authenticator, base64_authenticator_length,
4685  authenticator, authenticator_length, 0) < 0) {
4686  tor_free(base64_authenticator); /* free and set to null */
4687  }
4688  return base64_authenticator;
4689 }
4690 
4696 static void
4698 {
4699  tor_addr_t out_addr, iface_addr;
4700  tor_addr_t **last_interface_ip_ptr;
4701  sa_family_t family;
4702 
4703  if (!outgoing_addrs)
4704  outgoing_addrs = smartlist_new();
4705 
4706  if (tor_addr_from_getsockname(&out_addr, sock) < 0) {
4707  int e = tor_socket_errno(sock);
4708  log_warn(LD_NET, "getsockname() to check for address change failed: %s",
4709  tor_socket_strerror(e));
4710  return;
4711  }
4712  family = tor_addr_family(&out_addr);
4713 
4714  if (family == AF_INET)
4715  last_interface_ip_ptr = &last_interface_ipv4;
4716  else if (family == AF_INET6)
4717  last_interface_ip_ptr = &last_interface_ipv6;
4718  else
4719  return;
4720 
4721  if (! *last_interface_ip_ptr) {
4722  tor_addr_t *a = tor_malloc_zero(sizeof(tor_addr_t));
4723  if (get_interface_address6(LOG_INFO, family, a)==0) {
4724  *last_interface_ip_ptr = a;
4725  } else {
4726  tor_free(a);
4727  }
4728  }
4729 
4730  /* If we've used this address previously, we're okay. */
4732  if (tor_addr_eq(a_ptr, &out_addr))
4733  return;
4734  );
4735 
4736  /* Uh-oh. We haven't connected from this address before. Has the interface
4737  * address changed? */
4738  if (get_interface_address6(LOG_INFO, family, &iface_addr)<0)
4739  return;
4740 
4741  if (tor_addr_eq(&iface_addr, *last_interface_ip_ptr)) {
4742  /* Nope, it hasn't changed. Add this address to the list. */
4743  smartlist_add(outgoing_addrs, tor_memdup(&out_addr, sizeof(tor_addr_t)));
4744  } else {
4745  /* The interface changed. We're a client, so we need to regenerate our
4746  * keys. First, reset the state. */
4747  log_notice(LD_NET, "Our IP address has changed. Rotating keys...");
4748  tor_addr_copy(*last_interface_ip_ptr, &iface_addr);
4751  smartlist_add(outgoing_addrs, tor_memdup(&out_addr, sizeof(tor_addr_t)));
4752  /* We'll need to resolve ourselves again. */
4754  /* Okay, now change our keys. */
4755  ip_address_changed(1);
4756  }
4757 }
4758 
4766 static void
4768 {
4769  void *sz = (void*)&size;
4770  socklen_t sz_sz = (socklen_t) sizeof(size);
4771  if (setsockopt(sock, SOL_SOCKET, SO_SNDBUF, sz, sz_sz) < 0) {
4772  int e = tor_socket_errno(sock);
4773  log_warn(LD_NET, "setsockopt() to constrain send "
4774  "buffer to %d bytes failed: %s", size, tor_socket_strerror(e));
4775  }
4776  if (setsockopt(sock, SOL_SOCKET, SO_RCVBUF, sz, sz_sz) < 0) {
4777  int e = tor_socket_errno(sock);
4778  log_warn(LD_NET, "setsockopt() to constrain recv "
4779  "buffer to %d bytes failed: %s", size, tor_socket_strerror(e));
4780  }
4781 }
4782 
4789 static int
4790 connection_process_inbuf(connection_t *conn, int package_partial)
4791 {
4792  tor_assert(conn);
4793 
4794  switch (conn->type) {
4795  case CONN_TYPE_OR:
4797  case CONN_TYPE_EXT_OR:
4799  case CONN_TYPE_EXIT:
4800  case CONN_TYPE_AP:
4802  package_partial);
4803  case CONN_TYPE_DIR:
4805  case CONN_TYPE_CONTROL:
4807  default:
4808  log_err(LD_BUG,"got unexpected conn type %d.", conn->type);
4810  return -1;
4811  }
4812 }
4813 
4815 static int
4817 {
4818  int r = 0;
4819  tor_assert(!conn->in_flushed_some);
4820  conn->in_flushed_some = 1;
4821  if (conn->type == CONN_TYPE_DIR &&
4824  } else if (conn->type == CONN_TYPE_OR) {
4826  } else if (CONN_IS_EDGE(conn)) {
4828  }
4829  conn->in_flushed_some = 0;
4830  return r;
4831 }
4832 
4840 static int
4842 {
4843  tor_assert(conn);
4844 
4845  /* If the connection is closed, don't try to do anything more here. */
4846  if (CONN_IS_CLOSED(conn))
4847  return 0;
4848 
4849 // log_fn(LOG_DEBUG,"entered. Socket %u.", conn->s);
4850 
4851  connection_stop_writing(conn);
4852 
4853  switch (conn->type) {
4854  case CONN_TYPE_OR:
4856  case CONN_TYPE_EXT_OR:
4858  case CONN_TYPE_AP:
4859  case CONN_TYPE_EXIT:
4861  case CONN_TYPE_DIR:
4863  case CONN_TYPE_CONTROL:
4865  default:
4866  log_err(LD_BUG,"got unexpected conn type %d.", conn->type);
4868  return -1;
4869  }
4870 }
4871 
4878 static int
4880 {
4881  tor_assert(conn);
4882 
4883  if (!server_mode(get_options())) {
4884  /* See whether getsockname() says our address changed. We need to do this
4885  * now that the connection has finished, because getsockname() on Windows
4886  * won't work until then. */
4888  }
4889 
4890  switch (conn->type)
4891  {
4892  case CONN_TYPE_OR:
4894  case CONN_TYPE_EXIT:
4896  case CONN_TYPE_DIR:
4898  default:
4899  log_err(LD_BUG,"got unexpected conn type %d.", conn->type);
4901  return -1;
4902  }
4903 }
4904 
4906 static int
4908 {
4909  switch (conn->type) {
4910  case CONN_TYPE_OR:
4911  case CONN_TYPE_EXT_OR:
4912  return connection_or_reached_eof(TO_OR_CONN(conn));
4913  case CONN_TYPE_AP:
4914  case CONN_TYPE_EXIT:
4916  case CONN_TYPE_DIR:
4918  case CONN_TYPE_CONTROL:
4920  default:
4921  log_err(LD_BUG,"got unexpected conn type %d.", conn->type);
4923  return -1;
4924  }
4925 }
4926 
4928 static int
4930 {
4931  int a_circs, b_circs;
4932  /* Fewer circuits == higher priority for OOS kill, sort earlier */
4933 
4934  a_circs = connection_or_get_num_circuits(a);
4935  b_circs = connection_or_get_num_circuits(b);
4936 
4937  if (a_circs < b_circs) return 1;
4938  else if (a_circs > b_circs) return -1;
4939  else return 0;
4940 }
4941 
4944 static int
4945 oos_victim_comparator(const void **a_v, const void **b_v)
4946 {
4947  connection_t *a = NULL, *b = NULL;
4948 
4949  /* Get connection pointers out */
4950 
4951  a = (connection_t *)(*a_v);
4952  b = (connection_t *)(*b_v);
4953 
4954  tor_assert(a != NULL);
4955  tor_assert(b != NULL);
4956 
4957  /*
4958  * We always prefer orconns as victims currently; we won't even see
4959  * these non-orconn cases, but if we do, sort them after orconns.
4960  */
4961  if (a->type == CONN_TYPE_OR && b->type == CONN_TYPE_OR) {
4963  } else {
4964  /*
4965  * One isn't an orconn; if one is, it goes first. We currently have no
4966  * opinions about cases where neither is an orconn.
4967  */
4968  if (a->type == CONN_TYPE_OR) return -1;
4969  else if (b->type == CONN_TYPE_OR) return 1;
4970  else return 0;
4971  }
4972 }
4973 
4978 pick_oos_victims, (int n))
4979 {
4980  smartlist_t *eligible = NULL, *victims = NULL;
4981  smartlist_t *conns;
4982  int conn_counts_by_type[CONN_TYPE_MAX_ + 1], i;
4983 
4984  /*
4985  * Big damn assumption (someone improve this someday!):
4986  *
4987  * Socket exhaustion normally happens on high-volume relays, and so
4988  * most of the connections involved are orconns. We should pick victims
4989  * by assembling a list of all orconns, and sorting them in order of
4990  * how much 'damage' by some metric we'd be doing by dropping them.
4991  *
4992  * If we move on from orconns, we should probably think about incoming
4993  * directory connections next, or exit connections. Things we should
4994  * probably never kill are controller connections and listeners.
4995  *
4996  * This function will count how many connections of different types
4997  * exist and log it for purposes of gathering data on typical OOS
4998  * situations to guide future improvements.
4999  */
5000 
5001  /* First, get the connection array */
5002  conns = get_connection_array();
5003  /*
5004  * Iterate it and pick out eligible connection types, and log some stats
5005  * along the way.
5006  */
5007  eligible = smartlist_new();
5008  memset(conn_counts_by_type, 0, sizeof(conn_counts_by_type));
5009  SMARTLIST_FOREACH_BEGIN(conns, connection_t *, c) {
5010  /* Bump the counter */
5011  tor_assert(c->type <= CONN_TYPE_MAX_);
5012  ++(conn_counts_by_type[c->type]);
5013 
5014  /* Skip anything without a socket we can free */
5015  if (!(SOCKET_OK(c->s))) {
5016  continue;
5017  }
5018 
5019  /* Skip anything we would count as moribund */
5020  if (connection_is_moribund(c)) {
5021  continue;
5022  }
5023 
5024  switch (c->type) {
5025  case CONN_TYPE_OR:
5026  /* We've got an orconn, it's eligible to be OOSed */
5027  smartlist_add(eligible, c);
5028  break;
5029  default:
5030  /* We don't know what to do with it, ignore it */
5031  break;
5032  }
5033  } SMARTLIST_FOREACH_END(c);
5034 
5035  /* Log some stats */
5036  if (smartlist_len(conns) > 0) {
5037  /* At least one counter must be non-zero */
5038  log_info(LD_NET, "Some stats on conn types seen during OOS follow");
5039  for (i = CONN_TYPE_MIN_; i <= CONN_TYPE_MAX_; ++i) {
5040  /* Did we see any? */
5041  if (conn_counts_by_type[i] > 0) {
5042  log_info(LD_NET, "%s: %d conns",
5044  conn_counts_by_type[i]);
5045  }
5046  }
5047  log_info(LD_NET, "Done with OOS conn type stats");
5048  }
5049 
5050  /* Did we find more eligible targets than we want to kill? */
5051  if (smartlist_len(eligible) > n) {
5052  /* Sort the list in order of target preference */
5054  /* Pick first n as victims */
5055  victims = smartlist_new();
5056  for (i = 0; i < n; ++i) {
5057  smartlist_add(victims, smartlist_get(eligible, i));
5058  }
5059  /* Free the original list */
5060  smartlist_free(eligible);
5061  } else {
5062  /* No, we can just call them all victims */
5063  victims = eligible;
5064  }
5065 
5066  return victims;
5067 }
5068 
5070 MOCK_IMPL(STATIC void,
5071 kill_conn_list_for_oos, (smartlist_t *conns))
5072 {
5073  if (!conns) return;
5074 
5075  SMARTLIST_FOREACH_BEGIN(conns, connection_t *, c) {
5076  /* Make sure the channel layer gets told about orconns */
5077  if (c->type == CONN_TYPE_OR) {
5078  connection_or_close_for_error(TO_OR_CONN(c), 1);
5079  } else {
5080  connection_mark_for_close(c);
5081  }
5082  } SMARTLIST_FOREACH_END(c);
5083 
5084  log_notice(LD_NET,
5085  "OOS handler marked %d connections",
5086  smartlist_len(conns));
5087 }
5088 
5091 int
5093 {
5094  if (conn != NULL &&
5095  (conn->conn_array_index < 0 ||
5096  conn->marked_for_close)) {
5097  return 1;
5098  } else {
5099  return 0;
5100  }
5101 }
5102 
5108 void
5109 connection_check_oos(int n_socks, int failed)
5110 {
5111  int target_n_socks = 0, moribund_socks, socks_to_kill;
5112  smartlist_t *conns;
5113 
5114  /* Early exit: is OOS checking disabled? */
5115  if (get_options()->DisableOOSCheck) {
5116  return;
5117  }
5118 
5119  /* Sanity-check args */
5120  tor_assert(n_socks >= 0);
5121 
5122  /*
5123  * Make some log noise; keep it at debug level since this gets a chance
5124  * to run on every connection attempt.
5125  */
5126  log_debug(LD_NET,
5127  "Running the OOS handler (%d open sockets, %s)",
5128  n_socks, (failed != 0) ? "exhaustion seen" : "no exhaustion");
5129 
5130  /*
5131  * Check if we're really handling an OOS condition, and if so decide how
5132  * many sockets we want to get down to. Be sure we check if the threshold
5133  * is distinct from zero first; it's possible for this to be called a few
5134  * times before we've finished reading the config.
5135  */
5136  if (n_socks >= get_options()->ConnLimit_high_thresh &&
5137  get_options()->ConnLimit_high_thresh != 0 &&
5138  get_options()->ConnLimit_ != 0) {
5139  /* Try to get down to the low threshold */
5140  target_n_socks = get_options()->ConnLimit_low_thresh;
5141  log_notice(LD_NET,
5142  "Current number of sockets %d is greater than configured "
5143  "limit %d; OOS handler trying to get down to %d",
5144  n_socks, get_options()->ConnLimit_high_thresh,
5145  target_n_socks);
5146  } else if (failed) {
5147  /*
5148  * If we're not at the limit but we hit a socket exhaustion error, try to
5149  * drop some (but not as aggressively as ConnLimit_low_threshold, which is
5150  * 3/4 of ConnLimit_)
5151  */
5152  target_n_socks = (n_socks * 9) / 10;
5153  log_notice(LD_NET,
5154  "We saw socket exhaustion at %d open sockets; OOS handler "
5155  "trying to get down to %d",
5156  n_socks, target_n_socks);
5157  }
5158 
5159  if (target_n_socks > 0) {
5160  /*
5161  * It's an OOS!
5162  *
5163  * Count moribund sockets; it's be important that anything we decide
5164  * to get rid of here but don't immediately close get counted as moribund
5165  * on subsequent invocations so we don't try to kill too many things if
5166  * connection_check_oos() gets called multiple times.
5167  */
5168  moribund_socks = connection_count_moribund();
5169 
5170  if (moribund_socks < n_socks - target_n_socks) {
5171  socks_to_kill = n_socks - target_n_socks - moribund_socks;
5172 
5173  conns = pick_oos_victims(socks_to_kill);
5174  if (conns) {
5175  kill_conn_list_for_oos(conns);
5176  log_notice(LD_NET,
5177  "OOS handler killed %d conns", smartlist_len(conns));
5178  smartlist_free(conns);
5179  } else {
5180  log_notice(LD_NET, "OOS handler failed to pick any victim conns");
5181  }
5182  } else {
5183  log_notice(LD_NET,
5184  "Not killing any sockets for OOS because there are %d "
5185  "already moribund, and we only want to eliminate %d",
5186  moribund_socks, n_socks - target_n_socks);
5187  }
5188  }
5189 }
5190 
5192 void
5194 {
5195  uint64_t used_by_type[CONN_TYPE_MAX_+1];
5196  uint64_t alloc_by_type[CONN_TYPE_MAX_+1];
5197  int n_conns_by_type[CONN_TYPE_MAX_+1];
5198  uint64_t total_alloc = 0;
5199  uint64_t total_used = 0;
5200  int i;
5201  smartlist_t *conns = get_connection_array();
5202 
5203  memset(used_by_type, 0, sizeof(used_by_type));
5204  memset(alloc_by_type, 0, sizeof(alloc_by_type));
5205  memset(n_conns_by_type, 0, sizeof(n_conns_by_type));
5206 
5207  SMARTLIST_FOREACH_BEGIN(conns, connection_t *, c) {
5208  int tp = c->type;
5209  ++n_conns_by_type[tp];
5210  if (c->inbuf) {
5211  used_by_type[tp] += buf_datalen(c->inbuf);
5212  alloc_by_type[tp] += buf_allocation(c->inbuf);
5213  }
5214  if (c->outbuf) {
5215  used_by_type[tp] += buf_datalen(c->outbuf);
5216  alloc_by_type[tp] += buf_allocation(c->outbuf);
5217  }
5218  } SMARTLIST_FOREACH_END(c);
5219  for (i=0; i <= CONN_TYPE_MAX_; ++i) {
5220  total_used += used_by_type[i];
5221  total_alloc += alloc_by_type[i];
5222  }
5223 
5224  tor_log(severity, LD_GENERAL,
5225  "In buffers for %d connections: %"PRIu64" used/%"PRIu64" allocated",
5226  smartlist_len(conns),
5227  (total_used), (total_alloc));
5228  for (i=CONN_TYPE_MIN_; i <= CONN_TYPE_MAX_; ++i) {
5229  if (!n_conns_by_type[i])
5230  continue;
5231  tor_log(severity, LD_GENERAL,
5232  " For %d %s connections: %"PRIu64" used/%"PRIu64" allocated",
5233  n_conns_by_type[i], conn_type_to_string(i),
5234  (used_by_type[i]), (alloc_by_type[i]));
5235  }
5236 }
5237 
5241 void
5243 {
5244  (void) now; /* XXXX unused. */
5245  tor_assert(conn);
5246  tor_assert(conn->type >= CONN_TYPE_MIN_);
5247  tor_assert(conn->type <= CONN_TYPE_MAX_);
5248 
5249  switch (conn->type) {
5250  case CONN_TYPE_OR:
5251  case CONN_TYPE_EXT_OR:
5252  tor_assert(conn->magic == OR_CONNECTION_MAGIC);
5253  break;
5254  case CONN_TYPE_AP:
5255  tor_assert(conn->magic == ENTRY_CONNECTION_MAGIC);
5256  break;
5257  case CONN_TYPE_EXIT:
5258  tor_assert(conn->magic == EDGE_CONNECTION_MAGIC);
5259  break;
5260  case CONN_TYPE_DIR:
5261  tor_assert(conn->magic == DIR_CONNECTION_MAGIC);
5262  break;
5263  case CONN_TYPE_CONTROL:
5264  tor_assert(conn->magic == CONTROL_CONNECTION_MAGIC);
5265  break;
5266  CASE_ANY_LISTENER_TYPE:
5267  tor_assert(conn->magic == LISTENER_CONNECTION_MAGIC);
5268  break;
5269  default:
5270  tor_assert(conn->magic == BASE_CONNECTION_MAGIC);
5271  break;
5272  }
5273 
5274  if (conn->linked_conn) {
5275  tor_assert(conn->linked_conn->linked_conn == conn);
5276  tor_assert(conn->linked);
5277  }
5278  if (conn->linked)
5279  tor_assert(!SOCKET_OK(conn->s));
5280 
5281  if (conn->outbuf_flushlen > 0) {
5282  /* With optimistic data, we may have queued data in
5283  * EXIT_CONN_STATE_RESOLVING while the conn is not yet marked to writing.
5284  * */
5285  tor_assert((conn->type == CONN_TYPE_EXIT &&
5286  conn->state == EXIT_CONN_STATE_RESOLVING) ||
5287  connection_is_writing(conn) ||
5288  conn->write_blocked_on_bw ||
5289  (CONN_IS_EDGE(conn) &&
5290  TO_EDGE_CONN(conn)->edge_blocked_on_circ));
5291  }
5292 
5293  if (conn->hold_open_until_flushed)
5295 
5296  /* XXXX check: read_blocked_on_bw, write_blocked_on_bw, s, conn_array_index,
5297  * marked_for_close. */
5298 
5299  /* buffers */
5300  if (conn->inbuf)
5301  buf_assert_ok(conn->inbuf);
5302  if (conn->outbuf)
5303  buf_assert_ok(conn->outbuf);
5304 
5305  if (conn->type == CONN_TYPE_OR) {
5306  or_connection_t *or_conn = TO_OR_CONN(conn);
5307  if (conn->state == OR_CONN_STATE_OPEN) {
5308  /* tor_assert(conn->bandwidth > 0); */
5309  /* the above isn't necessarily true: if we just did a TLS
5310  * handshake but we didn't recognize the other peer, or it
5311  * gave a bad cert/etc, then we won't have assigned bandwidth,
5312  * yet it will be open. -RD
5313  */
5314 // tor_assert(conn->read_bucket >= 0);
5315  }
5316 // tor_assert(conn->addr && conn->port);
5317  tor_assert(conn->address);
5319  tor_assert(or_conn->tls);
5320  }
5321 
5322  if (CONN_IS_EDGE(conn)) {
5323  /* XXX unchecked: package window, deliver window. */
5324  if (conn->type == CONN_TYPE_AP) {
5325  entry_connection_t *entry_conn = TO_ENTRY_CONN(conn);
5326  if (entry_conn->chosen_exit_optional || entry_conn->chosen_exit_retries)
5327  tor_assert(entry_conn->chosen_exit_name);
5328 
5329  tor_assert(entry_conn->socks_request);
5330  if (conn->state == AP_CONN_STATE_OPEN) {
5331  tor_assert(entry_conn->socks_request->has_finished);
5332  if (!conn->marked_for_close) {
5333  tor_assert(ENTRY_TO_EDGE_CONN(entry_conn)->cpath_layer);
5334  cpath_assert_layer_ok(ENTRY_TO_EDGE_CONN(entry_conn)->cpath_layer);
5335  }
5336  }
5337  }
5338  if (conn->type == CONN_TYPE_EXIT) {
5340  conn->purpose == EXIT_PURPOSE_RESOLVE);
5341  }
5342  } else if (conn->type == CONN_TYPE_DIR) {
5343  } else {
5344  /* Purpose is only used for dir and exit types currently */
5345  tor_assert(!conn->purpose);
5346  }
5347 
5348  switch (conn->type)
5349  {
5350  CASE_ANY_LISTENER_TYPE:
5352  break;
5353  case CONN_TYPE_OR:
5354  tor_assert(conn->state >= OR_CONN_STATE_MIN_);
5355  tor_assert(conn->state <= OR_CONN_STATE_MAX_);
5356  break;
5357  case CONN_TYPE_EXT_OR:
5358  tor_assert(conn->state >= EXT_OR_CONN_STATE_MIN_);
5359  tor_assert(conn->state <= EXT_OR_CONN_STATE_MAX_);
5360  break;
5361  case CONN_TYPE_EXIT:
5362  tor_assert(conn->state >= EXIT_CONN_STATE_MIN_);
5363  tor_assert(conn->state <= EXIT_CONN_STATE_MAX_);
5364  tor_assert(conn->purpose >= EXIT_PURPOSE_MIN_);
5365  tor_assert(conn->purpose <= EXIT_PURPOSE_MAX_);
5366  break;
5367  case CONN_TYPE_AP:
5368  tor_assert(conn->state >= AP_CONN_STATE_MIN_);
5369  tor_assert(conn->state <= AP_CONN_STATE_MAX_);
5370  tor_assert(TO_ENTRY_CONN(conn)->socks_request);
5371  break;
5372  case CONN_TYPE_DIR:
5373  tor_assert(conn->state >= DIR_CONN_STATE_MIN_);
5374  tor_assert(conn->state <= DIR_CONN_STATE_MAX_);
5375  tor_assert(conn->purpose >= DIR_PURPOSE_MIN_);
5376  tor_assert(conn->purpose <= DIR_PURPOSE_MAX_);
5377  break;
5378  case CONN_TYPE_CONTROL:
5379  tor_assert(conn->state >= CONTROL_CONN_STATE_MIN_);
5380  tor_assert(conn->state <= CONTROL_CONN_STATE_MAX_);
5381  break;
5382  default:
5383  tor_assert(0);
5384  }
5385 }
5386 
5395 int
5396 get_proxy_addrport(tor_addr_t *addr, uint16_t *port, int *proxy_type,
5397  int *is_pt_out, const connection_t *conn)
5398 {
5399  const or_options_t *options = get_options();
5400 
5401  *is_pt_out = 0;
5402  /* Client Transport Plugins can use another proxy, but that should be hidden
5403  * from the rest of tor (as the plugin is responsible for dealing with the
5404  * proxy), check it first, then check the rest of the proxy types to allow
5405  * the config to have unused ClientTransportPlugin entries.
5406  */
5407  if (options->ClientTransportPlugin) {
5408  const transport_t *transport = NULL;
5409  int r;
5410  r = get_transport_by_bridge_addrport(&conn->addr, conn->port, &transport);
5411  if (r<0)
5412  return -1;
5413  if (transport) { /* transport found */
5414  tor_addr_copy(addr, &transport->addr);
5415  *port = transport->port;
5416  *proxy_type = transport->socks_version;
5417  *is_pt_out = 1;
5418  return 0;
5419  }
5420 
5421  /* Unused ClientTransportPlugin. */
5422  }
5423 
5424  if (options->HTTPSProxy) {
5425  tor_addr_copy(addr, &options->HTTPSProxyAddr);
5426  *port = options->HTTPSProxyPort;
5427  *proxy_type = PROXY_CONNECT;
5428  return 0;
5429  } else if (options->Socks4Proxy) {
5430  tor_addr_copy(addr, &options->Socks4ProxyAddr);
5431  *port = options->Socks4ProxyPort;
5432  *proxy_type = PROXY_SOCKS4;
5433  return 0;
5434  } else if (options->Socks5Proxy) {
5435  tor_addr_copy(addr, &options->Socks5ProxyAddr);
5436  *port = options->Socks5ProxyPort;
5437  *proxy_type = PROXY_SOCKS5;
5438  return 0;
5439  }
5440 
5441  tor_addr_make_unspec(addr);
5442  *port = 0;
5443  *proxy_type = PROXY_NONE;
5444  return 0;
5445 }
5446 
5449 void
5451 {
5452  tor_addr_t proxy_addr;
5453  uint16_t proxy_port;
5454  int proxy_type, is_pt;
5455 
5456  if (get_proxy_addrport(&proxy_addr, &proxy_port, &proxy_type, &is_pt,
5457  conn) != 0)
5458  return; /* if we have no proxy set up, leave this function. */
5459 
5460  (void)is_pt;
5461  log_warn(LD_NET,
5462  "The connection to the %s proxy server at %s just failed. "
5463  "Make sure that the proxy server is up and running.",
5464  proxy_type_to_string(proxy_type),
5465  fmt_addrport(&proxy_addr, proxy_port));
5466 }
5467 
5469 static const char *
5470 proxy_type_to_string(int proxy_type)
5471 {
5472  switch (proxy_type) {
5473  case PROXY_CONNECT: return "HTTP";
5474  case PROXY_SOCKS4: return "SOCKS4";
5475  case PROXY_SOCKS5: return "SOCKS5";
5476  case PROXY_PLUGGABLE: return "pluggable transports SOCKS";
5477  case PROXY_NONE: return "NULL";
5478  default: tor_assert(0);
5479  }
5480  return NULL; /*Unreached*/
5481 }
5482 
5489 void
5491 {
5492  smartlist_t *conns = get_connection_array();
5493 
5494  /* We don't want to log any messages to controllers. */
5495  SMARTLIST_FOREACH(conns, connection_t *, conn,
5496  if (conn->type == CONN_TYPE_CONTROL)
5497  TO_CONTROL_CONN(conn)->event_mask = 0);
5498 
5500 
5501  /* Unlink everything from the identity map. */
5504 
5505  /* Clear out our list of broken connections */
5507 
5508  SMARTLIST_FOREACH(conns, connection_t *, conn,
5509  connection_free_minimal(conn));
5510 
5511  if (outgoing_addrs) {
5513  smartlist_free(outgoing_addrs);
5514  outgoing_addrs = NULL;
5515  }
5516 
5518  tor_free(last_interface_ipv6);
5520 
5521  mainloop_event_free(reenable_blocked_connections_ev);
5523  memset(&reenable_blocked_connections_delay, 0, sizeof(struct timeval));
5524 }
5525 
5532 clock_skew_warning, (const connection_t *conn, long apparent_skew, int trusted,
5533  log_domain_mask_t domain, const char *received,
5534  const char *source))
5535 {
5536  char dbuf[64];
5537  char *ext_source = NULL, *warn = NULL;
5538  format_time_interval(dbuf, sizeof(dbuf), apparent_skew);
5539  if (conn)
5540  tor_asprintf(&ext_source, "%s:%s:%d", source, conn->address, conn->port);
5541  else
5542  ext_source = tor_strdup(source);
5543  log_fn(trusted ? LOG_WARN : LOG_INFO, domain,
5544  "Received %s with skewed time (%s): "
5545  "It seems that our clock is %s by %s, or that theirs is %s%s. "
5546  "Tor requires an accurate clock to work: please check your time, "
5547  "timezone, and date settings.", received, ext_source,
5548  apparent_skew > 0 ? "ahead" : "behind", dbuf,
5549  apparent_skew > 0 ? "behind" : "ahead",
5550  (!conn || trusted) ? "" : ", or they are sending us the wrong time");
5551  if (trusted) {
5552  control_event_general_status(LOG_WARN, "CLOCK_SKEW SKEW=%ld SOURCE=%s",
5553  apparent_skew, ext_source);
5554  tor_asprintf(&warn, "Clock skew %ld in %s from %s", apparent_skew,
5555  received, source);
5556  control_event_bootstrap_problem(warn, "CLOCK_SKEW", conn, 1);
5557  }
5558  tor_free(warn);
5559  tor_free(ext_source);
5560 }
#define RELAY_PAYLOAD_SIZE
Definition: or.h:605
static void connection_bucket_refill_single(connection_t *conn, uint32_t now_ts)
Definition: connection.c:3459
tor_socket_t s
Definition: connection_st.h:88
Header file for dirserv.c.
void rep_hist_note_bytes_read(uint64_t num_bytes, time_t when)
Definition: rephist.c:1166
#define AP_CONN_STATE_CONNECT_WAIT
#define DIR_PURPOSE_SERVER
Definition: directory.h:62
tor_addr_t OutboundBindAddresses[OUTBOUND_ADDR_MAX][2]
uint8_t type
Definition: port_cfg_st.h:18
#define CASE_TOR_TLS_ERROR_ANY_NONIO
Definition: tortls.h:53
void accounting_add_bytes(size_t n_read, size_t n_written, int seconds)
Definition: hibernate.c:331
#define CONN_TYPE_DIR_LISTENER
Definition: connection.h:33
Header file for rendcommon.c.
#define CONN_TYPE_CONTROL_LISTENER
Definition: connection.h:38
int fascist_firewall_prefer_ipv6_orport(const or_options_t *options)
Definition: policies.c:508
unsigned int cpd_check_t
Definition: dir.h:20
Header file for channeltls.c.
#define AP_CONN_STATE_RESOLVE_WAIT
unsigned int chosen_exit_retries
MOCK_IMPL(void, connection_free_,(connection_t *conn))
Definition: connection.c:760
void rep_hist_note_dir_bytes_written(uint64_t num_bytes, time_t when)
Definition: rephist.c:1176
void connection_or_close_normally(or_connection_t *orconn, int flush)
uint64_t global_identifier
const tor_addr_t * conn_get_outbound_address(sa_family_t family, const or_options_t *options, unsigned int conn_type)
Definition: connection.c:2122
Header file containing common data for the whole HS subsytem.
int ClientPreferIPv6ORPort
unsigned int has_finished
token_bucket_rw_t bucket
int token_bucket_rw_refill(token_bucket_rw_t *bucket, uint32_t now_ts)
Definition: token_bucket.c:183
uint64_t RelayBandwidthBurst
Header file for circuitbuild.c.
uint16_t port
Definition: transports.h:26
int get_proxy_addrport(tor_addr_t *addr, uint16_t *port, int *proxy_type, int *is_pt_out, const connection_t *conn)
Definition: connection.c:5396
int connection_is_moribund(connection_t *conn)
Definition: connection.c:5092
tor_addr_t real_addr
int socks_policy_permits_address(const tor_addr_t *addr)
Definition: policies.c:1186
unsigned int socks_prefer_no_auth
static smartlist_t * outgoing_addrs
Definition: connection.c:203
static int connection_read_https_proxy_response(connection_t *conn)
Definition: connection.c:2480
#define SMARTLIST_FOREACH_BEGIN(sl, type, var)
uint16_t sa_family_t
Definition: inaddr_st.h:77
Header for backtrace.c.
#define TO_CONN(c)
Definition: or.h:735
static int connection_flushed_some(connection_t *conn)
Definition: connection.c:4816
static int connection_fetch_from_buf_socks_client(connection_t *conn, int state, char **reason)
Definition: connection.c:2573
enum or_options_t::@30 TransProxyType_parsed
void entry_guard_cancel(circuit_guard_state_t **guard_state_p)
Definition: entrynodes.c:2459
void connection_mark_all_noncontrol_connections(void)
Definition: connection.c:2998
void connection_ap_about_to_close(entry_connection_t *entry_conn)
int CountPrivateBandwidth
int connection_flush(connection_t *conn)
Definition: connection.c:4243
int connection_dir_reached_eof(dir_connection_t *conn)
Definition: dirclient.c:2988
void tor_addr_make_unspec(tor_addr_t *a)
Definition: address.c:225
uint32_t log_domain_mask_t
Definition: log.h:134
void update_current_time(time_t now)
Definition: mainloop.c:2173
uint16_t router_get_advertised_or_port(const or_options_t *options)
Definition: router.c:1430
static void connection_send_socks5_connect(connection_t *conn)
Definition: connection.c:2541
uint16_t router_get_advertised_or_port_by_af(const or_options_t *options, sa_family_t family)
Definition: router.c:1438
static void update_send_buffer_size(tor_socket_t sock)
Definition: connection.c:3926
or_handshake_state_t * handshake_state
tor_addr_t addr
Definition: port_cfg_st.h:15
tor_addr_t addr
#define EXIT_PURPOSE_CONNECT
Header for buffers_tls.c.
int connection_state_is_connecting(connection_t *conn)
Definition: connection.c:4653
void channel_close_for_error(channel_t *chan)
Definition: channel.c:1241
unsigned int write_blocked_on_bw
Definition: connection_st.h:53
#define EXIT_CONN_STATE_RESOLVING
#define CONN_TYPE_AP_NATD_LISTENER
Definition: connection.h:46
Header file for connection.c.
static int oos_victim_comparator(const void **a_v, const void **b_v)
Definition: connection.c:4945
#define EXIT_CONN_STATE_RESOLVEFAILED
const char * tor_tls_err_to_string(int err)
Definition: tortls.c:150
uint32_t n_written_conn_bw
void connection_stop_reading_from_linked_conn(connection_t *conn)
Definition: mainloop.c:815
connection_t * connection_get_by_type_state_rendquery(int type, int state, const char *rendquery)
Definition: connection.c:4497
#define LD_GENERAL
Definition: log.h:59
static void connection_init(time_t now, connection_t *conn, int type, int socket_family)
Definition: connection.c:491
void connection_consider_empty_read_buckets(connection_t *conn)
Definition: connection.c:3350
#define MAX_SOCKS5_AUTH_FIELD_SIZE
Definition: connection.h:180
static int connection_reached_eof(connection_t *conn)
Definition: connection.c:4907
int rend_cmp_service_ids(const char *one, const char *two)
Definition: rendcommon.c:48
dir_connection_t * dir_connection_new(int socket_family)
Definition: connection.c:360
static void client_check_address_changed(tor_socket_t sock)
Definition: connection.c:4697
static int connection_handle_listener_read(connection_t *conn, int new_type)
Definition: connection.c:1696
#define DOWNCAST(to, ptr)
Definition: or.h:110
int buf_flush_to_socket(buf_t *buf, tor_socket_t s, size_t sz, size_t *buf_flushlen)
Definition: buffers_net.c:231
unsigned int proxy_state
Definition: connection_st.h:84
static ssize_t connection_bucket_get_share(int base, int priority, ssize_t global_bucket_val, ssize_t conn_bucket)
Definition: connection.c:3084
uint64_t BandwidthRate
uint8_t state
Definition: connection_st.h:44
#define CONN_TYPE_AP_TRANS_LISTENER
Definition: connection.h:43
int authdir_mode(const or_options_t *options)
Definition: authmode.c:25
tor_addr_t HTTPSProxyAddr
time_t connection_or_client_used(or_connection_t *conn)
Headers for compress.c.
void connection_link_connections(connection_t *conn_a, connection_t *conn_b)
Definition: connection.c:539
#define LOG_INFO
Definition: log.h:42
static uint32_t tor_addr_to_ipv4n(const tor_addr_t *a)
Definition: address.h:145
Header file for nodelist.c.
static connection_t * connection_listener_new_for_port(const port_cfg_t *port, int *defer, int *addr_in_use)
Definition: connection.c:1570
static int retry_listener_ports(smartlist_t *old_conns, const smartlist_t *ports, smartlist_t *new_conns, smartlist_t *replacements, int control_listeners_only)
Definition: connection.c:2762
void tor_log(int severity, log_domain_mask_t domain, const char *format,...)
Definition: log.c:632
void tor_addr_make_null(tor_addr_t *a, sa_family_t family)
Definition: address.c:235
void stats_increment_bytes_read_and_written(uint64_t r, uint64_t w)
Definition: mainloop.c:483
uint64_t ConstrainedSockSize
unsigned int inbuf_reached_eof
Definition: connection_st.h:59
Header file for directory.c.
void smartlist_add(smartlist_t *sl, void *element)
#define OR_CONN_STATE_TLS_HANDSHAKING
Definition: orconn_event.h:34
int connection_dir_finished_connecting(dir_connection_t *conn)
Definition: directory.c:453
int connection_is_listener(connection_t *conn)
Definition: connection.c:4614
unsigned int read_blocked_on_bw
Definition: connection_st.h:51
unsigned get_signewnym_epoch(void)
Definition: mainloop.c:1331
#define bool_neq(a, b)
Definition: logic.h:18
void connection_or_notify_error(or_connection_t *conn, int reason, const char *msg)
char * Socks5ProxyUsername
#define MAX_HEADERS_SIZE
Definition: or.h:123
#define CONTROL_CONN_STATE_OPEN
Definition: control.h:19
void connection_or_clear_identity_map(void)
int fascist_firewall_prefer_ipv6_dirport(const or_options_t *options)
Definition: policies.c:533
size_t base64_encode_size(size_t srclen, int flags)
Definition: binascii.c:166
const struct passwd * tor_getpwnam(const char *username)
Definition: userdb.c:70
char * rate_limit_log(ratelim_t *lim, time_t now)
Definition: ratelim.c:41
smartlist_t * spool
#define AP_CONN_STATE_RENDDESC_WAIT
#define CONN_TYPE_OR_LISTENER
Definition: connection.h:21
#define OR_CONN_STATE_TLS_SERVER_RENEGOTIATING
Definition: orconn_event.h:41
int connection_ext_or_start_auth(or_connection_t *or_conn)
Definition: ext_orport.c:636
Header file for config.c.
static struct timeval reenable_blocked_connections_delay
Definition: connection.c:3486
control_connection_t * TO_CONTROL_CONN(connection_t *c)
Definition: control.c:67
edge_connection_t * edge_connection_new(int type, int socket_family)
Definition: connection.c:415
static const char * connection_proxy_state_to_string(int state)
Definition: connection.c:2267
#define fmt_and_decorate_addr(a)
Definition: address.h:214
#define CONN_TYPE_OR
Definition: connection.h:24
socklen_t tor_addr_to_sockaddr(const tor_addr_t *a, uint16_t port, struct sockaddr *sa_out, socklen_t len)
Definition: address.c:113
char * alloc_http_authenticator(const char *authenticator)
Definition: connection.c:4676
#define DIR_CONN_LIST_TEMPLATE(conn_var, conn_test, dirconn_var, dirconn_test)
Definition: connection.c:4524
int connection_edge_finished_connecting(edge_connection_t *edge_conn)
const char * conn_type_to_string(int type)
Definition: connection.c:243
#define DIR_CONN_STATE_CLIENT_READING
Definition: directory.h:23
int fast_mem_is_zero(const char *mem, size_t len)
Definition: util_string.c:74
char * HTTPSProxy
static tor_addr_t * last_interface_ipv4
Definition: connection.c:198
int format_time_interval(char *out, size_t out_len, long interval)
Definition: time_fmt.c:481
struct tor_compress_state_t * compress_state
struct connection_t * linked_conn
static time_t last_recorded_accounting_at
Definition: connection.c:3230
static void warn_too_many_conns(void)
Definition: connection.c:1042
rend_data_t * rend_data
unsigned int reading_from_linked_conn
Definition: connection_st.h:73
uint16_t port
const smartlist_t * get_socks_args_by_bridge_addrport(const tor_addr_t *addr, uint16_t port)
Definition: bridges.c:644
void connection_control_closed(control_connection_t *conn)
Definition: control.c:211
#define tor_free(p)
Definition: malloc.h:52
void reset_last_resolved_addr(void)
Definition: config.c:2693
static int connection_process_inbuf(connection_t *conn, int package_partial)
Definition: connection.c:4790
static int connection_may_write_to_buf(connection_t *conn)
Definition: connection.c:4254
#define tor_fragile_assert()
Definition: util_bug.h:241
int connection_fetch_from_buf_http(connection_t *conn, char **headers_out, size_t max_headerlen, char **body_out, size_t *body_used, size_t max_bodylen, int force_complete)
Definition: connection.c:3892
#define LOG_NOTICE
Definition: log.h:47
int connection_is_reading(connection_t *conn)
Definition: mainloop.c:508
#define LISTENER_STATE_READY
Definition: connection.h:82
#define SMARTLIST_DEL_CURRENT(sl, var)
const char * conn_state_to_string(int type, int state)
Definition: connection.c:275
Header file for mainloop.c.
int connection_dirserv_flushed_some(dir_connection_t *conn)
Definition: dirserv.c:854
void memwipe(void *mem, uint8_t byte, size_t sz)
Definition: crypto_util.c:57
int global_write_bucket_low(connection_t *conn, size_t attempt, int priority)
Definition: connection.c:3194
#define EXIT_PURPOSE_RESOLVE
#define DIR_CONN_STATE_CLIENT_SENDING
Definition: directory.h:21
#define SESSION_GROUP_FIRST_AUTO
Definition: or.h:983
void connection_or_about_to_close(or_connection_t *or_conn)
buf_t * buf_new(void)
Definition: buffers.c:363
struct buf_t * pending_optimistic_data
Header file for geoip.c.
int tor_addr_from_getsockname(struct tor_addr_t *addr_out, tor_socket_t sock)
Definition: socket.c:545
#define sandbox_intern_string(s)
Definition: sandbox.h:112
unsigned int purpose
Definition: connection_st.h:46
struct tor_tls_t * tls
or_connection_t * or_connection_new(int type, int socket_family)
Definition: connection.c:375
#define CONN_GET_TEMPLATE(var, test)
Definition: connection.c:4430
void connection_or_clear_identity(or_connection_t *conn)
edge_connection_t * TO_EDGE_CONN(connection_t *c)
int TokenBucketRefillInterval
void connection_dump_buffer_mem_stats(int severity)
Definition: connection.c:5193
#define ENTRY_TO_CONN(c)
Definition: or.h:738
or_connection_t * TO_OR_CONN(connection_t *c)
Header file for dnsserv.c.
size_t outbuf_flushlen
Definition: connection_st.h:96
STATIC void connection_free_minimal(connection_t *conn)
Definition: connection.c:571
void connection_unregister_events(connection_t *conn)
Definition: mainloop.c:275
static connection_t * connection_get_another_active_or_conn(const or_connection_t *this_conn)
Definition: connection.c:4586
int base64_encode(char *dest, size_t destlen, const char *src, size_t srclen, int flags)
Definition: binascii.c:215
control_connection_t * control_connection_new(int socket_family)
Definition: connection.c:426
unsigned int linked
Definition: connection_st.h:70
unsigned int active_on_link
Definition: connection_st.h:78
int connection_edge_finished_flushing(edge_connection_t *conn)
Header file for directory authority mode.
int connection_dir_finished_flushing(dir_connection_t *conn)
Definition: directory.c:407
int retry_all_listeners(smartlist_t *new_conns, int close_all_noncontrol)
Definition: connection.c:2890
int connection_wants_to_flush(connection_t *conn)
Definition: connection.c:3904
int buf_move_to_buf(buf_t *buf_out, buf_t *buf_in, size_t *buf_flushlen)
Definition: buffers.c:654
#define SOCKET_OK(s)
Definition: nettypes.h:39
static int connection_finished_flushing(connection_t *conn)
Definition: connection.c:4841
int connection_is_on_closeable_list(connection_t *conn)
Definition: mainloop.c:435
socks_request_t * socks_request
void connection_or_event_status(or_connection_t *conn, or_conn_status_event_t tp, int reason)
#define CONN_TYPE_EXT_OR
Definition: connection.h:51
Header file for hibernate.c.
Header file for policies.c.
char * Socks5Proxy
#define MAX_SOCKS5_AUTH_SIZE_TOTAL
Definition: connection.h:184
void connection_or_remove_from_ext_or_id_map(or_connection_t *conn)
uint16_t HTTPSProxyPort
#define LD_APP
Definition: log.h:75
#define OR_CONN_STATE_TLS_CLIENT_RENEGOTIATING
Definition: orconn_event.h:37
int control_event_general_status(int severity, const char *format,...)
static int connection_is_rate_limited(connection_t *conn)
Definition: connection.c:3039
#define DIR_CONN_STATE_CLIENT_FINISHED
Definition: directory.h:25
void tor_tls_release_socket(tor_tls_t *tls)
Definition: tortls_nss.c:461
struct buf_t * inbuf
Definition: connection_st.h:93
int errno_to_orconn_end_reason(int e)
Definition: reasons.c:287
static void set_constrained_socket_buffers(tor_socket_t sock, int size)
Definition: connection.c:4767
Common functions for cryptographic routines.
int buf_get_line(buf_t *buf, char *data_out, size_t *data_len)
Definition: buffers.c:863
static int make_socket_reuseable(tor_socket_t sock)
Definition: connection.c:1157
Header file for channel.c.
struct config_line_t * ClientTransportPlugin
tor_assert(buffer)
static mainloop_event_t * reenable_blocked_connections_ev
Definition: connection.c:3480
static void connection_write_to_buf_commit(connection_t *conn, size_t len)
Definition: connection.c:4298
#define CONN_LOG_PROTECT(conn, stmt)
Definition: connection.h:328
uint16_t Socks4ProxyPort
#define LD_CONTROL
Definition: log.h:77
connection_t * connection_new(int type, int socket_family)
Definition: connection.c:450
#define CLIENT_IDLE_TIME_FOR_PRIORITY
Definition: connection.c:3060
static int connection_finished_connecting(connection_t *conn)
Definition: connection.c:4879
int connection_control_reached_eof(control_connection_t *conn)
Definition: control.c:189
int dir_policy_permits_address(const tor_addr_t *addr)
Definition: policies.c:1177
Header file for routermode.c.
static ssize_t connection_bucket_read_limit(connection_t *conn, time_t now)
Definition: connection.c:3114
int tor_asprintf(char **strp, const char *fmt,...)
Definition: printf.c:75
const char * fmt_addrport(const tor_addr_t *addr, uint16_t port)
Definition: address.c:1168
void clear_broken_connection_map(int stop_recording)
#define CFG_AUTO_PORT
Definition: or.h:990
struct circuit_guard_state_t * guard_state
#define LD_CHANNEL
Definition: log.h:102
dir_connection_t * TO_DIR_CONN(connection_t *c)
Definition: directory.c:77
void buf_move_all(buf_t *buf_out, buf_t *buf_in)
Definition: buffers.c:687
void control_update_global_event_mask(void)
int connection_control_process_inbuf(control_connection_t *conn)
Definition: control.c:346
int conn_array_index
Definition: connection_st.h:89
int get_n_open_sockets(void)
Definition: socket.c:441
int connection_or_reached_eof(or_connection_t *conn)
Header file for sandbox.c.
#define CONTROL_CONN_STATE_NEEDAUTH
Definition: control.h:22
int connection_init_accepted_conn(connection_t *conn, const listener_connection_t *listener)
Definition: connection.c:1869
int buf_get_bytes(buf_t *buf, char *string, size_t string_len)
Definition: buffers.c:634
Header file for circuitbuild.c.
Master header file for Tor-specific functionality.
smartlist_t * connection_dir_list_by_purpose_resource_and_state(int purpose, const char *resource, int state)
Definition: connection.c:4567
int buf_add_compress(struct buf_t *buf, struct tor_compress_state_t *state, const char *data, size_t data_len, int done)
Definition: compress_buf.c:31
static void record_num_bytes_transferred_impl(connection_t *conn, time_t now, size_t num_read, size_t num_written)
Definition: connection.c:3236
void connection_check_oos(int n_socks, int failed)
Definition: connection.c:5109
void connection_close_immediate(connection_t *conn)
Definition: connection.c:844
#define LD_DIRSERV
Definition: log.h:87
void connection_exit_about_to_close(edge_connection_t *edge_conn)
Header file for circuitbuild.c.
int connection_ext_or_process_inbuf(or_connection_t *or_conn)
Definition: ext_orport.c:540
connection_t * connection_get_by_type(int type)
Definition: connection.c:4468
#define OR_CONN_STATE_OPEN
Definition: orconn_event.h:51
listener_connection_t * TO_LISTENER_CONN(connection_t *c)
Definition: connection.c:221
uint16_t marked_for_close
unsigned int chosen_exit_optional
static void connection_write_to_buf_failed(connection_t *conn)
Definition: connection.c:4269
#define AP_CONN_STATE_CIRCUIT_WAIT
uint16_t router_get_advertised_dir_port(const or_options_t *options, uint16_t dirport)
Definition: router.c:1460
char * HTTPSProxyAuthenticator
entry_connection_t * entry_connection_new(int type, int socket_family)
Definition: connection.c:396
int connection_buf_get_bytes(char *string, size_t len, connection_t *conn)
Definition: connection.c:3876
connection_t * connection_get_by_global_id(uint64_t id)
Definition: connection.c:4460
static int connection_handle_write_impl(connection_t *conn, int force)
Definition: connection.c:3975
Header file for rephist.c.
int buf_add(buf_t *buf, const char *string, size_t string_len)
Definition: buffers.c:525
void smartlist_remove(smartlist_t *sl, const void *element)
void connection_write_bw_exhausted(connection_t *conn, bool is_global_bw)
Definition: connection.c:3339
int buf_read_from_tls(buf_t *buf, tor_tls_t *tls, size_t at_most)
Definition: buffers_tls.c:64
void add_connection_to_closeable_list(connection_t *conn)
Definition: mainloop.c:424
Header file containing circuit and connection identifier data for the whole HS subsytem.
#define OR_CONN_STATE_PROXY_HANDSHAKING
Definition: orconn_event.h:31
#define AP_CONN_STATE_HTTP_CONNECT_WAIT
#define LOG_WARN
Definition: log.h:50
int tor_addr_is_null(const tor_addr_t *addr)
Definition: address.c:769
unsigned int type
Definition: connection_st.h:45
int token_bucket_rw_dec(token_bucket_rw_t *bucket, ssize_t n_read, ssize_t n_written)
Definition: token_bucket.c:249
void connection_consider_empty_write_buckets(connection_t *conn)
Definition: connection.c:3379
int connection_ap_process_transparent(entry_connection_t *conn)
int connection_read_proxy_handshake(connection_t *conn)
Definition: connection.c:2590
#define log_fn_ratelim(ratelim, severity, domain, args,...)
Definition: log.h:271
static void reenable_blocked_connections_cb(mainloop_event_t *ev, void *arg)
Definition: connection.c:3494
Header file for circuituse.c.
Header file for buffers_net.c.
connection_t * connection_get_by_type_state(int type, int state)
Definition: connection.c:4477
int parse_http_response(const char *headers, int *code, time_t *date, compress_method_t *compression, char **reason)
Definition: directory.c:264
int connection_in_array(connection_t *conn)
Definition: mainloop.c:442
#define CONN_TYPE_CONTROL
Definition: connection.h:40
static int get_proxy_type(void)
Definition: connection.c:2293
void mark_my_descriptor_dirty(const char *reason)
Definition: router.c:2427
int connection_connect(connection_t *conn, const char *address, const tor_addr_t *addr, uint16_t port, int *socket_error)
Definition: connection.c:2179
#define AP_CONN_STATE_SOCKS_WAIT
tor_addr_t Socks5ProxyAddr
Header file for circuitlist.c.
Headers for transports.c.
int connection_dir_process_inbuf(dir_connection_t *conn)
Definition: directory.c:347
int connection_state_is_open(connection_t *conn)
Definition: connection.c:4633
#define LD_OR
Definition: log.h:89
int tor_addr_is_loopback(const tor_addr_t *addr)
Definition: address.c:794
#define tor_socket_t
Definition: nettypes.h:36
int tor_digest_is_zero(const char *digest)
Definition: util_string.c:96
static const char * proxy_type_to_string(int proxy_type)
Definition: connection.c:5470
#define DIR_CONN_STATE_SERVER_COMMAND_WAIT
Definition: directory.h:27
#define OR_CONN_STATE_OR_HANDSHAKING_V2
Definition: orconn_event.h:45
void connection_read_bw_exhausted(connection_t *conn, bool is_global_bw)
Definition: connection.c:3324
#define CONN_TYPE_AP_HTTP_CONNECT_LISTENER
Definition: connection.h:55
static void connection_buckets_decrement(connection_t *conn, time_t now, size_t num_read, size_t num_written)
Definition: connection.c:3281
#define LOG_ERR
Definition: log.h:53
#define TOR_INVALID_SOCKET
Definition: nettypes.h:41
ssize_t connection_bucket_write_limit(connection_t *conn, time_t now)
Definition: connection.c:3144
#define LD_FS
Definition: log.h:67
void channel_notify_flushed(channel_t *chan)
Definition: channel.c:1787
void connection_or_set_ext_or_identifier(or_connection_t *conn)
void connection_dir_buf_add(const char *string, size_t len, dir_connection_t *dir_conn, int done)
Definition: connection.c:4357
tor_socket_t tor_open_socket_nonblocking(int domain, int type, int protocol)
Definition: socket.c:260
struct buf_t * outbuf
Definition: connection_st.h:94
int connection_edge_flushed_some(edge_connection_t *conn)
#define CONN_TYPE_AP_DNS_LISTENER
Definition: connection.h:48
#define LD_DIR
Definition: log.h:85
void connection_buf_add_buf(connection_t *conn, buf_t *buf)
Definition: connection.c:4381
struct event * write_event
Definition: connection_st.h:92
void connection_or_clear_ext_or_id_map(void)
int connection_outbuf_too_full(connection_t *conn)
Definition: connection.c:3914
Header file for connection_edge.c.
void connection_about_to_close_connection(connection_t *conn)
Definition: connection.c:813
void assert_connection_ok(connection_t *conn, time_t now)
Definition: connection.c:5242
static int connection_counts_as_relayed_traffic(connection_t *conn, time_t now)
Definition: connection.c:3067
char * Socks4Proxy
int ClientPreferIPv6DirPort
tor_socket_t tor_accept_socket_nonblocking(tor_socket_t sockfd, struct sockaddr *addr, socklen_t *len)
Definition: socket.c:367
Header file for crypt_path.c.
int tor_snprintf(char *str, size_t size, const char *format,...)
Definition: printf.c:27
char * tor_addr_to_str_dup(const tor_addr_t *addr)
Definition: address.c:1133
static void reenable_blocked_connection_init(const or_options_t *options)
Definition: connection.c:3517
size_t buf_allocation(const buf_t *buf)
Definition: buffers.c:399
#define CELL_PAYLOAD_SIZE
Definition: or.h:576
void rep_hist_note_exit_bytes(uint16_t port, size_t num_written, size_t num_read)
Definition: rephist.c:1785
uint64_t BandwidthBurst
void rep_hist_note_or_conn_bytes(uint64_t conn_id, size_t num_read, size_t num_written, time_t when)
Definition: rephist.c:2330
Header file for relay.c.
#define SMARTLIST_FOREACH(sl, type, var, cmd)
int connection_or_flushed_some(or_connection_t *conn)
const char * escaped(const char *s)
Definition: escape.c:126
mainloop_event_t * mainloop_event_new(void(*cb)(mainloop_event_t *, void *), void *userdata)
int connection_or_finished_flushing(or_connection_t *conn)
time_t timestamp_last_read_allowed
Definition: connection_st.h:98
static time_t write_buckets_last_empty_at
Definition: connection.c:3056
listener_connection_t * listener_connection_new(int type, int socket_family)
Definition: connection.c:438
void control_event_bootstrap_problem(const char *warn, const char *reason, const connection_t *conn, int dowarn)
void rep_hist_note_bytes_written(uint64_t num_bytes, time_t when)
Definition: rephist.c:1149
unsigned int linked_conn_is_closed
Definition: connection_st.h:81
#define fmt_addr(a)
Definition: address.h:211
void token_bucket_rw_adjust(token_bucket_rw_t *bucket, uint32_t rate, uint32_t burst)
Definition: token_bucket.c:152
#define log_fn(severity, domain, args,...)
Definition: log.h:266
void cpath_assert_layer_ok(const crypt_path_t *cp)
Definition: crypt_path.c:106
static uint32_t last_refilled_global_buckets_ts
Definition: connection.c:3452
void buf_assert_ok(buf_t *buf)
Definition: buffers.c:899
#define AP_CONN_STATE_CONTROLLER_WAIT
channel_tls_t * chan
void rep_hist_note_dir_bytes_read(uint64_t num_bytes, time_t when)
Definition: rephist.c:1185
void smartlist_add_all(smartlist_t *s1, const smartlist_t *s2)
#define CONN_TYPE_EXIT
Definition: connection.h:26
static int listen_limit
Definition: connection.c:1203
#define EXIT_CONN_STATE_OPEN
#define AP_CONN_STATE_OPEN
struct event * read_event
Definition: connection_st.h:91
#define CASE_TOR_TLS_ERROR_ANY
Definition: tortls.h:62
Headers for tortls.c.
uint16_t Socks5ProxyPort
#define LOG_FN_CONN(conn, args)
Definition: control.h:32
int connection_control_finished_flushing(control_connection_t *conn)
Definition: control.c:181
void connection_mark_for_close_(connection_t *conn, int line, const char *file)
Definition: connection.c:878
unsigned int in_connection_handle_write
Definition: connection_st.h:66
Header file for control.c.
void connection_expire_held_open(void)
Definition: connection.c:955
#define tor_addr_eq(a, b)
Definition: address.h:244
unsigned int hold_open_until_flushed
Definition: connection_st.h:56
#define OR_CONN_STATE_OR_HANDSHAKING_V3
Definition: orconn_event.h:49
int connection_is_writing(connection_t *conn)
Definition: mainloop.c:654
time_t approx_time(void)
Definition: approx_time.c:32
void tor_release_socket_ownership(tor_socket_t s)
Definition: socket.c:349
unsigned int is_transparent_ap
uint32_t magic
Definition: connection_st.h:41
int connection_edge_process_inbuf(edge_connection_t *conn, int package_partial)
#define LOG_DEBUG
Definition: log.h:39
const char * marked_for_close_file
int any_other_active_or_conns(const or_connection_t *this_conn)
Definition: connection.c:4598
time_t timestamp_created
int strcmp_opt(const char *s1, const char *s2)
Definition: util_string.c:188
static int check_sockaddr_family_match(sa_family_t got, connection_t *listener)
Definition: connection.c:1678
int buf_flush_to_tls(buf_t *buf, tor_tls_t *tls, size_t flushlen, size_t *buf_flushlen)
Definition: buffers_tls.c:142
void token_bucket_rw_init(token_bucket_rw_t *bucket, uint32_t rate, uint32_t burst, uint32_t now_ts)
Definition: token_bucket.c:137
#define CONN_IS_CLOSED(c)
Definition: connection.c:836
uint32_t n_read_conn_bw
Header file for buffers.c.
void connection_bucket_adjust(const or_options_t *options)
Definition: connection.c:3432
void connection_bucket_init(void)
Definition: connection.c:3407
Header file for reasons.c.
int mainloop_event_schedule(mainloop_event_t *event, const struct timeval *tv)
void log_failed_proxy_connection(connection_t *conn)
Definition: connection.c:5450
#define CONN_TYPE_DIR
Definition: connection.h:35
int conn_listener_type_supports_af_unix(int type)
Definition: connection.c:553
circuit_t * circuit_get_by_edge_conn(edge_connection_t *conn)
Definition: circuitlist.c:1572
Header file for connection_or.c.
#define CONN_TYPE_AP_LISTENER
Definition: connection.h:28
size_t buf_slack(const buf_t *buf)
Definition: buffers.c:412
tor_addr_t addr
Definition: transports.h:24
unsigned int in_flushed_some
Definition: connection_st.h:63
char * esc_for_log(const char *s)
Definition: escape.c:30
void tor_tls_get_n_raw_bytes(tor_tls_t *tls, size_t *n_read, size_t *n_written)
Definition: tortls_nss.c:654
int connection_or_process_inbuf(or_connection_t *conn)
static int connection_handle_read_impl(connection_t *conn)
Definition: connection.c:3557
void ip_address_changed(int at_interface)
Definition: mainloop.c:2258
smartlist_t * connection_dir_list_by_purpose_and_resource(int purpose, const char *resource)
Definition: connection.c:4549
#define LD_NET
Definition: log.h:63
int connection_edge_reached_eof(edge_connection_t *conn)
smartlist_t * ephemeral_onion_services
#define OR_CONN_STATE_CONNECTING
Definition: orconn_event.h:29
void connection_dir_about_to_close(dir_connection_t *dir_conn)
Definition: directory.c:389
void dnsserv_configure_listener(connection_t *conn)
Definition: dnsserv.c:391
#define tor_addr_to_in6_addr8(x)
Definition: address.h:129
void connection_free_all(void)
Definition: connection.c:5490
char unix_addr[FLEXIBLE_ARRAY_MEMBER]
Definition: port_cfg_st.h:31
int tor_tls_get_pending_bytes(tor_tls_t *tls)
Definition: tortls_nss.c:634
Header for compat_libevent.c.
int ConstrainedSockets
int buf_read_from_socket(buf_t *buf, tor_socket_t s, size_t at_most, int *reached_eof, int *socket_error)
Definition: buffers_net.c:243
#define DIR_CONN_STATE_CONNECTING
Definition: directory.h:19
static int check_sockaddr(const struct sockaddr *sa, int len, int level)
Definition: connection.c:1635
void tor_addr_copy(tor_addr_t *dest, const tor_addr_t *src)
Definition: address.c:903
static int reenable_blocked_connections_is_scheduled
Definition: connection.c:3483
uint64_t RelayBandwidthRate
#define CONN_TYPE_AP
Definition: connection.h:31
#define AP_CONN_STATE_NATD_WAIT