tor  0.4.2.0-alpha-dev
connection.c
Go to the documentation of this file.
1 /* Copyright (c) 2001 Matej Pfajfar.
2  * Copyright (c) 2001-2004, Roger Dingledine.
3  * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson.
4  * Copyright (c) 2007-2019, The Tor Project, Inc. */
5 /* See LICENSE for licensing information */
6 
57 #define CONNECTION_PRIVATE
58 #include "core/or/or.h"
59 #include "feature/client/bridges.h"
60 #include "lib/buf/buffers.h"
61 #include "lib/tls/buffers_tls.h"
62 #include "lib/err/backtrace.h"
63 
64 /*
65  * Define this so we get channel internal functions, since we're implementing
66  * part of a subclass (channel_tls_t).
67  */
68 #define TOR_CHANNEL_INTERNAL_
69 #define CONNECTION_PRIVATE
70 #include "app/config/config.h"
72 #include "core/mainloop/mainloop.h"
73 #include "core/mainloop/netstatus.h"
74 #include "core/or/channel.h"
75 #include "core/or/channeltls.h"
76 #include "core/or/circuitbuild.h"
77 #include "core/or/circuitlist.h"
78 #include "core/or/circuituse.h"
80 #include "core/or/connection_or.h"
81 #include "core/or/dos.h"
82 #include "core/or/policies.h"
83 #include "core/or/reasons.h"
84 #include "core/or/relay.h"
85 #include "core/or/crypt_path.h"
86 #include "core/proto/proto_http.h"
87 #include "core/proto/proto_socks.h"
88 #include "feature/client/dnsserv.h"
97 #include "feature/hs/hs_common.h"
98 #include "feature/hs/hs_ident.h"
101 #include "feature/relay/dns.h"
102 #include "feature/relay/ext_orport.h"
104 #include "feature/rend/rendclient.h"
105 #include "feature/rend/rendcommon.h"
106 #include "feature/stats/rephist.h"
108 #include "lib/geoip/geoip.h"
109 
110 #include "lib/sandbox/sandbox.h"
111 #include "lib/net/buffers_net.h"
112 #include "lib/tls/tortls.h"
114 #include "lib/compress/compress.h"
115 
116 #ifdef HAVE_PWD_H
117 #include <pwd.h>
118 #endif
119 
120 #ifdef HAVE_UNISTD_H
121 #include <unistd.h>
122 #endif
123 #ifdef HAVE_SYS_STAT_H
124 #include <sys/stat.h>
125 #endif
126 
127 #ifdef HAVE_SYS_UN_H
128 #include <sys/socket.h>
129 #include <sys/un.h>
130 #endif
131 
132 #include "feature/dircommon/dir_connection_st.h"
133 #include "feature/control/control_connection_st.h"
134 #include "core/or/entry_connection_st.h"
135 #include "core/or/listener_connection_st.h"
136 #include "core/or/or_connection_st.h"
137 #include "core/or/port_cfg_st.h"
138 #include "feature/nodelist/routerinfo_st.h"
139 #include "core/or/socks_request_st.h"
140 
158 #define ENABLE_LISTENER_REBIND
159 
161  const struct sockaddr *listensockaddr,
162  socklen_t listensocklen, int type,
163  const char *address,
164  const port_cfg_t *portcfg,
165  int *addr_in_use);
167  const port_cfg_t *port,
168  int *defer, int *addr_in_use);
169 static void connection_init(time_t now, connection_t *conn, int type,
170  int socket_family);
171 static int connection_handle_listener_read(connection_t *conn, int new_type);
173 static int connection_flushed_some(connection_t *conn);
175 static int connection_reached_eof(connection_t *conn);
177  ssize_t *max_to_read,
178  int *socket_error);
179 static int connection_process_inbuf(connection_t *conn, int package_partial);
181 static void set_constrained_socket_buffers(tor_socket_t sock, int size);
182 
183 static const char *connection_proxy_state_to_string(int state);
186 static const char *proxy_type_to_string(int proxy_type);
187 static int conn_get_proxy_type(const connection_t *conn);
189  const or_options_t *options, unsigned int conn_type);
190 static void reenable_blocked_connection_init(const or_options_t *options);
191 static void reenable_blocked_connection_schedule(void);
192 
199 /* DOCDOC last_interface_ipv6 */
200 static tor_addr_t *last_interface_ipv6 = NULL;
204 
205 #define CASE_ANY_LISTENER_TYPE \
206  case CONN_TYPE_OR_LISTENER: \
207  case CONN_TYPE_EXT_OR_LISTENER: \
208  case CONN_TYPE_AP_LISTENER: \
209  case CONN_TYPE_DIR_LISTENER: \
210  case CONN_TYPE_CONTROL_LISTENER: \
211  case CONN_TYPE_AP_TRANS_LISTENER: \
212  case CONN_TYPE_AP_NATD_LISTENER: \
213  case CONN_TYPE_AP_DNS_LISTENER: \
214  case CONN_TYPE_AP_HTTP_CONNECT_LISTENER
215 
216 /**************************************************************/
217 
222 {
223  tor_assert(c->magic == LISTENER_CONNECTION_MAGIC);
224  return DOWNCAST(listener_connection_t, c);
225 }
226 
227 size_t
228 connection_get_inbuf_len(connection_t *conn)
229 {
230  return conn->inbuf ? buf_datalen(conn->inbuf) : 0;
231 }
232 
233 size_t
234 connection_get_outbuf_len(connection_t *conn)
235 {
236  return conn->outbuf ? buf_datalen(conn->outbuf) : 0;
237 }
238 
242 const char *
244 {
245  static char buf[64];
246  switch (type) {
247  case CONN_TYPE_OR_LISTENER: return "OR listener";
248  case CONN_TYPE_OR: return "OR";
249  case CONN_TYPE_EXIT: return "Exit";
250  case CONN_TYPE_AP_LISTENER: return "Socks listener";
252  return "Transparent pf/netfilter listener";
253  case CONN_TYPE_AP_NATD_LISTENER: return "Transparent natd listener";
254  case CONN_TYPE_AP_DNS_LISTENER: return "DNS listener";
255  case CONN_TYPE_AP: return "Socks";
256  case CONN_TYPE_DIR_LISTENER: return "Directory listener";
257  case CONN_TYPE_DIR: return "Directory";
258  case CONN_TYPE_CONTROL_LISTENER: return "Control listener";
259  case CONN_TYPE_CONTROL: return "Control";
260  case CONN_TYPE_EXT_OR: return "Extended OR";
261  case CONN_TYPE_EXT_OR_LISTENER: return "Extended OR listener";
262  case CONN_TYPE_AP_HTTP_CONNECT_LISTENER: return "HTTP tunnel listener";
263  default:
264  log_warn(LD_BUG, "unknown connection type %d", type);
265  tor_snprintf(buf, sizeof(buf), "unknown [%d]", type);
266  return buf;
267  }
268 }
269 
274 const char *
275 conn_state_to_string(int type, int state)
276 {
277  static char buf[96];
278  switch (type) {
279  CASE_ANY_LISTENER_TYPE:
280  if (state == LISTENER_STATE_READY)
281  return "ready";
282  break;
283  case CONN_TYPE_OR:
284  switch (state) {
285  case OR_CONN_STATE_CONNECTING: return "connect()ing";
286  case OR_CONN_STATE_PROXY_HANDSHAKING: return "handshaking (proxy)";
287  case OR_CONN_STATE_TLS_HANDSHAKING: return "handshaking (TLS)";
289  return "renegotiating (TLS, v2 handshake)";
291  return "waiting for renegotiation or V3 handshake";
293  return "handshaking (Tor, v2 handshake)";
295  return "handshaking (Tor, v3 handshake)";
296  case OR_CONN_STATE_OPEN: return "open";
297  }
298  break;
299  case CONN_TYPE_EXT_OR:
300  switch (state) {
301  case EXT_OR_CONN_STATE_AUTH_WAIT_AUTH_TYPE:
302  return "waiting for authentication type";
303  case EXT_OR_CONN_STATE_AUTH_WAIT_CLIENT_NONCE:
304  return "waiting for client nonce";
305  case EXT_OR_CONN_STATE_AUTH_WAIT_CLIENT_HASH:
306  return "waiting for client hash";
307  case EXT_OR_CONN_STATE_OPEN: return "open";
308  case EXT_OR_CONN_STATE_FLUSHING: return "flushing final OKAY";
309  }
310  break;
311  case CONN_TYPE_EXIT:
312  switch (state) {
313  case EXIT_CONN_STATE_RESOLVING: return "waiting for dest info";
314  case EXIT_CONN_STATE_CONNECTING: return "connecting";
315  case EXIT_CONN_STATE_OPEN: return "open";
316  case EXIT_CONN_STATE_RESOLVEFAILED: return "resolve failed";
317  }
318  break;
319  case CONN_TYPE_AP:
320  switch (state) {
321  case AP_CONN_STATE_SOCKS_WAIT: return "waiting for socks info";
322  case AP_CONN_STATE_NATD_WAIT: return "waiting for natd dest info";
323  case AP_CONN_STATE_RENDDESC_WAIT: return "waiting for rendezvous desc";
324  case AP_CONN_STATE_CONTROLLER_WAIT: return "waiting for controller";
325  case AP_CONN_STATE_CIRCUIT_WAIT: return "waiting for circuit";
326  case AP_CONN_STATE_CONNECT_WAIT: return "waiting for connect response";
327  case AP_CONN_STATE_RESOLVE_WAIT: return "waiting for resolve response";
328  case AP_CONN_STATE_OPEN: return "open";
329  }
330  break;
331  case CONN_TYPE_DIR:
332  switch (state) {
333  case DIR_CONN_STATE_CONNECTING: return "connecting";
334  case DIR_CONN_STATE_CLIENT_SENDING: return "client sending";
335  case DIR_CONN_STATE_CLIENT_READING: return "client reading";
336  case DIR_CONN_STATE_CLIENT_FINISHED: return "client finished";
337  case DIR_CONN_STATE_SERVER_COMMAND_WAIT: return "waiting for command";
338  case DIR_CONN_STATE_SERVER_WRITING: return "writing";
339  }
340  break;
341  case CONN_TYPE_CONTROL:
342  switch (state) {
343  case CONTROL_CONN_STATE_OPEN: return "open (protocol v1)";
345  return "waiting for authentication (protocol v1)";
346  }
347  break;
348  }
349 
350  log_warn(LD_BUG, "unknown connection state %d (type %d)", state, type);
351  tor_snprintf(buf, sizeof(buf),
352  "unknown state [%d] on unknown [%s] connection",
353  state, conn_type_to_string(type));
354  return buf;
355 }
356 
360 dir_connection_new(int socket_family)
361 {
362  dir_connection_t *dir_conn = tor_malloc_zero(sizeof(dir_connection_t));
363  connection_init(time(NULL), TO_CONN(dir_conn), CONN_TYPE_DIR, socket_family);
364  return dir_conn;
365 }
366 
375 or_connection_new(int type, int socket_family)
376 {
377  or_connection_t *or_conn = tor_malloc_zero(sizeof(or_connection_t));
378  time_t now = time(NULL);
379  tor_assert(type == CONN_TYPE_OR || type == CONN_TYPE_EXT_OR);
380  connection_init(now, TO_CONN(or_conn), type, socket_family);
381 
382  connection_or_set_canonical(or_conn, 0);
383 
384  if (type == CONN_TYPE_EXT_OR)
386 
387  return or_conn;
388 }
389 
396 entry_connection_new(int type, int socket_family)
397 {
398  entry_connection_t *entry_conn = tor_malloc_zero(sizeof(entry_connection_t));
399  tor_assert(type == CONN_TYPE_AP);
400  connection_init(time(NULL), ENTRY_TO_CONN(entry_conn), type, socket_family);
401  entry_conn->socks_request = socks_request_new();
402  /* If this is coming from a listener, we'll set it up based on the listener
403  * in a little while. Otherwise, we're doing this as a linked connection
404  * of some kind, and we should set it up here based on the socket family */
405  if (socket_family == AF_INET)
406  entry_conn->entry_cfg.ipv4_traffic = 1;
407  else if (socket_family == AF_INET6)
408  entry_conn->entry_cfg.ipv6_traffic = 1;
409  return entry_conn;
410 }
411 
415 edge_connection_new(int type, int socket_family)
416 {
417  edge_connection_t *edge_conn = tor_malloc_zero(sizeof(edge_connection_t));
418  tor_assert(type == CONN_TYPE_EXIT);
419  connection_init(time(NULL), TO_CONN(edge_conn), type, socket_family);
420  return edge_conn;
421 }
422 
426 control_connection_new(int socket_family)
427 {
428  control_connection_t *control_conn =
429  tor_malloc_zero(sizeof(control_connection_t));
430  connection_init(time(NULL),
431  TO_CONN(control_conn), CONN_TYPE_CONTROL, socket_family);
432  return control_conn;
433 }
434 
438 listener_connection_new(int type, int socket_family)
439 {
440  listener_connection_t *listener_conn =
441  tor_malloc_zero(sizeof(listener_connection_t));
442  connection_init(time(NULL), TO_CONN(listener_conn), type, socket_family);
443  return listener_conn;
444 }
445 
449 connection_t *
450 connection_new(int type, int socket_family)
451 {
452  switch (type) {
453  case CONN_TYPE_OR:
454  case CONN_TYPE_EXT_OR:
455  return TO_CONN(or_connection_new(type, socket_family));
456 
457  case CONN_TYPE_EXIT:
458  return TO_CONN(edge_connection_new(type, socket_family));
459 
460  case CONN_TYPE_AP:
461  return ENTRY_TO_CONN(entry_connection_new(type, socket_family));
462 
463  case CONN_TYPE_DIR:
464  return TO_CONN(dir_connection_new(socket_family));
465 
466  case CONN_TYPE_CONTROL:
467  return TO_CONN(control_connection_new(socket_family));
468 
469  CASE_ANY_LISTENER_TYPE:
470  return TO_CONN(listener_connection_new(type, socket_family));
471 
472  default: {
473  connection_t *conn = tor_malloc_zero(sizeof(connection_t));
474  connection_init(time(NULL), conn, type, socket_family);
475  return conn;
476  }
477  }
478 }
479 
490 static void
491 connection_init(time_t now, connection_t *conn, int type, int socket_family)
492 {
493  static uint64_t n_connections_allocated = 1;
494 
495  switch (type) {
496  case CONN_TYPE_OR:
497  case CONN_TYPE_EXT_OR:
498  conn->magic = OR_CONNECTION_MAGIC;
499  break;
500  case CONN_TYPE_EXIT:
501  conn->magic = EDGE_CONNECTION_MAGIC;
502  break;
503  case CONN_TYPE_AP:
504  conn->magic = ENTRY_CONNECTION_MAGIC;
505  break;
506  case CONN_TYPE_DIR:
507  conn->magic = DIR_CONNECTION_MAGIC;
508  break;
509  case CONN_TYPE_CONTROL:
510  conn->magic = CONTROL_CONNECTION_MAGIC;
511  break;
512  CASE_ANY_LISTENER_TYPE:
513  conn->magic = LISTENER_CONNECTION_MAGIC;
514  break;
515  default:
516  conn->magic = BASE_CONNECTION_MAGIC;
517  break;
518  }
519 
520  conn->s = TOR_INVALID_SOCKET; /* give it a default of 'not used' */
521  conn->conn_array_index = -1; /* also default to 'not used' */
522  conn->global_identifier = n_connections_allocated++;
523 
524  conn->type = type;
525  conn->socket_family = socket_family;
526  if (!connection_is_listener(conn)) {
527  /* listeners never use their buf */
528  conn->inbuf = buf_new();
529  conn->outbuf = buf_new();
530  }
531 
532  conn->timestamp_created = now;
533  conn->timestamp_last_read_allowed = now;
534  conn->timestamp_last_write_allowed = now;
535 }
536 
538 void
540 {
541  tor_assert(! SOCKET_OK(conn_a->s));
542  tor_assert(! SOCKET_OK(conn_b->s));
543 
544  conn_a->linked = 1;
545  conn_b->linked = 1;
546  conn_a->linked_conn = conn_b;
547  conn_b->linked_conn = conn_a;
548 }
549 
552 int
554 {
555  /* For now only control ports or SOCKS ports can be Unix domain sockets
556  * and listeners at the same time */
557  switch (type) {
560  return 1;
561  default:
562  return 0;
563  }
564 }
565 
570 STATIC void
572 {
573  void *mem;
574  size_t memlen;
575  if (!conn)
576  return;
577 
578  switch (conn->type) {
579  case CONN_TYPE_OR:
580  case CONN_TYPE_EXT_OR:
581  tor_assert(conn->magic == OR_CONNECTION_MAGIC);
582  mem = TO_OR_CONN(conn);
583  memlen = sizeof(or_connection_t);
584  break;
585  case CONN_TYPE_AP:
586  tor_assert(conn->magic == ENTRY_CONNECTION_MAGIC);
587  mem = TO_ENTRY_CONN(conn);
588  memlen = sizeof(entry_connection_t);
589  break;
590  case CONN_TYPE_EXIT:
591  tor_assert(conn->magic == EDGE_CONNECTION_MAGIC);
592  mem = TO_EDGE_CONN(conn);
593  memlen = sizeof(edge_connection_t);
594  break;
595  case CONN_TYPE_DIR:
596  tor_assert(conn->magic == DIR_CONNECTION_MAGIC);
597  mem = TO_DIR_CONN(conn);
598  memlen = sizeof(dir_connection_t);
599  break;
600  case CONN_TYPE_CONTROL:
601  tor_assert(conn->magic == CONTROL_CONNECTION_MAGIC);
602  mem = TO_CONTROL_CONN(conn);
603  memlen = sizeof(control_connection_t);
604  break;
605  CASE_ANY_LISTENER_TYPE:
606  tor_assert(conn->magic == LISTENER_CONNECTION_MAGIC);
607  mem = TO_LISTENER_CONN(conn);
608  memlen = sizeof(listener_connection_t);
609  break;
610  default:
611  tor_assert(conn->magic == BASE_CONNECTION_MAGIC);
612  mem = conn;
613  memlen = sizeof(connection_t);
614  break;
615  }
616 
617  if (conn->linked) {
618  log_info(LD_GENERAL, "Freeing linked %s connection [%s] with %d "
619  "bytes on inbuf, %d on outbuf.",
620  conn_type_to_string(conn->type),
621  conn_state_to_string(conn->type, conn->state),
622  (int)connection_get_inbuf_len(conn),
623  (int)connection_get_outbuf_len(conn));
624  }
625 
626  if (!connection_is_listener(conn)) {
627  buf_free(conn->inbuf);
628  buf_free(conn->outbuf);
629  } else {
630  if (conn->socket_family == AF_UNIX) {
631  /* For now only control and SOCKS ports can be Unix domain sockets
632  * and listeners at the same time */
634 
635  if (unlink(conn->address) < 0 && errno != ENOENT) {
636  log_warn(LD_NET, "Could not unlink %s: %s", conn->address,
637  strerror(errno));
638  }
639  }
640  }
641 
642  tor_free(conn->address);
643 
644  if (connection_speaks_cells(conn)) {
645  or_connection_t *or_conn = TO_OR_CONN(conn);
646  if (or_conn->tls) {
647  if (! SOCKET_OK(conn->s)) {
648  /* The socket has been closed by somebody else; we must tell the
649  * TLS object not to close it. */
650  tor_tls_release_socket(or_conn->tls);
651  } else {
652  /* The tor_tls_free() call below will close the socket; we must tell
653  * the code below not to close it a second time. */
655  conn->s = TOR_INVALID_SOCKET;
656  }
657  tor_tls_free(or_conn->tls);
658  or_conn->tls = NULL;
659  }
660  or_handshake_state_free(or_conn->handshake_state);
661  or_conn->handshake_state = NULL;
662  tor_free(or_conn->nickname);
663  if (or_conn->chan) {
664  /* Owww, this shouldn't happen, but... */
665  channel_t *base_chan = TLS_CHAN_TO_BASE(or_conn->chan);
666  tor_assert(base_chan);
667  log_info(LD_CHANNEL,
668  "Freeing orconn at %p, saw channel %p with ID "
669  "%"PRIu64 " left un-NULLed",
670  or_conn, base_chan,
671  base_chan->global_identifier);
672  if (!CHANNEL_FINISHED(base_chan)) {
673  channel_close_for_error(base_chan);
674  }
675 
676  or_conn->chan->conn = NULL;
677  or_conn->chan = NULL;
678  }
679  }
680  if (conn->type == CONN_TYPE_AP) {
681  entry_connection_t *entry_conn = TO_ENTRY_CONN(conn);
682  tor_free(entry_conn->chosen_exit_name);
683  tor_free(entry_conn->original_dest_address);
684  if (entry_conn->socks_request)
685  socks_request_free(entry_conn->socks_request);
686  if (entry_conn->pending_optimistic_data) {
687  buf_free(entry_conn->pending_optimistic_data);
688  }
689  if (entry_conn->sending_optimistic_data) {
690  buf_free(entry_conn->sending_optimistic_data);
691  }
692  }
693  if (CONN_IS_EDGE(conn)) {
694  rend_data_free(TO_EDGE_CONN(conn)->rend_data);
695  hs_ident_edge_conn_free(TO_EDGE_CONN(conn)->hs_ident);
696  }
697  if (conn->type == CONN_TYPE_CONTROL) {
698  control_connection_t *control_conn = TO_CONTROL_CONN(conn);
699  tor_free(control_conn->safecookie_client_hash);
700  tor_free(control_conn->incoming_cmd);
701  tor_free(control_conn->current_cmd);
702  if (control_conn->ephemeral_onion_services) {
703  SMARTLIST_FOREACH(control_conn->ephemeral_onion_services, char *, cp, {
704  memwipe(cp, 0, strlen(cp));
705  tor_free(cp);
706  });
707  smartlist_free(control_conn->ephemeral_onion_services);
708  }
709  }
710 
711  /* Probably already freed by connection_free. */
712  tor_event_free(conn->read_event);
713  tor_event_free(conn->write_event);
714  conn->read_event = conn->write_event = NULL;
715 
716  if (conn->type == CONN_TYPE_DIR) {
717  dir_connection_t *dir_conn = TO_DIR_CONN(conn);
718  tor_free(dir_conn->requested_resource);
719 
720  tor_compress_free(dir_conn->compress_state);
721  if (dir_conn->spool) {
722  SMARTLIST_FOREACH(dir_conn->spool, spooled_resource_t *, spooled,
723  spooled_resource_free(spooled));
724  smartlist_free(dir_conn->spool);
725  }
726 
727  rend_data_free(dir_conn->rend_data);
728  hs_ident_dir_conn_free(dir_conn->hs_ident);
729  if (dir_conn->guard_state) {
730  /* Cancel before freeing, if it's still there. */
731  entry_guard_cancel(&dir_conn->guard_state);
732  }
733  circuit_guard_state_free(dir_conn->guard_state);
734  }
735 
736  if (SOCKET_OK(conn->s)) {
737  log_debug(LD_NET,"closing fd %d.",(int)conn->s);
738  tor_close_socket(conn->s);
739  conn->s = TOR_INVALID_SOCKET;
740  }
741 
742  if (conn->type == CONN_TYPE_OR &&
743  !tor_digest_is_zero(TO_OR_CONN(conn)->identity_digest)) {
744  log_warn(LD_BUG, "called on OR conn with non-zeroed identity_digest");
746  }
747  if (conn->type == CONN_TYPE_OR || conn->type == CONN_TYPE_EXT_OR) {
749  tor_free(TO_OR_CONN(conn)->ext_or_conn_id);
750  tor_free(TO_OR_CONN(conn)->ext_or_auth_correct_client_hash);
751  tor_free(TO_OR_CONN(conn)->ext_or_transport);
752  }
753 
754  memwipe(mem, 0xCC, memlen); /* poison memory */
755  tor_free(mem);
756 }
757 
761 connection_free_,(connection_t *conn))
762 {
763  if (!conn)
764  return;
767  if (BUG(conn->linked_conn)) {
768  conn->linked_conn->linked_conn = NULL;
769  if (! conn->linked_conn->marked_for_close &&
771  connection_start_reading(conn->linked_conn);
772  conn->linked_conn = NULL;
773  }
774  if (connection_speaks_cells(conn)) {
775  if (!tor_digest_is_zero(TO_OR_CONN(conn)->identity_digest)) {
777  }
778  }
779  if (conn->type == CONN_TYPE_CONTROL) {
781  }
782 #if 1
783  /* DEBUGGING */
784  if (conn->type == CONN_TYPE_AP) {
785  connection_ap_warn_and_unmark_if_pending_circ(TO_ENTRY_CONN(conn),
786  "connection_free");
787  }
788 #endif /* 1 */
789 
790  /* Notify the circuit creation DoS mitigation subsystem that an OR client
791  * connection has been closed. And only do that if we track it. */
792  if (conn->type == CONN_TYPE_OR) {
793  dos_close_client_conn(TO_OR_CONN(conn));
794  }
795 
798 }
799 
812 void
814 {
816 
817  switch (conn->type) {
818  case CONN_TYPE_DIR:
820  break;
821  case CONN_TYPE_OR:
822  case CONN_TYPE_EXT_OR:
824  break;
825  case CONN_TYPE_AP:
826  connection_ap_about_to_close(TO_ENTRY_CONN(conn));
827  break;
828  case CONN_TYPE_EXIT:
830  break;
831  }
832 }
833 
836 #define CONN_IS_CLOSED(c) \
837  ((c)->linked ? ((c)->linked_conn_is_closed) : (! SOCKET_OK(c->s)))
838 
843 void
845 {
846  assert_connection_ok(conn,0);
847  if (CONN_IS_CLOSED(conn)) {
848  log_err(LD_BUG,"Attempt to close already-closed connection.");
850  return;
851  }
852  if (conn->outbuf_flushlen) {
853  log_info(LD_NET,"fd %d, type %s, state %s, %d bytes on outbuf.",
854  (int)conn->s, conn_type_to_string(conn->type),
855  conn_state_to_string(conn->type, conn->state),
856  (int)conn->outbuf_flushlen);
857  }
858 
860 
861  /* Prevent the event from getting unblocked. */
862  conn->read_blocked_on_bw = 0;
863  conn->write_blocked_on_bw = 0;
864 
865  if (SOCKET_OK(conn->s))
866  tor_close_socket(conn->s);
867  conn->s = TOR_INVALID_SOCKET;
868  if (conn->linked)
869  conn->linked_conn_is_closed = 1;
870  if (conn->outbuf)
871  buf_clear(conn->outbuf);
872  conn->outbuf_flushlen = 0;
873 }
874 
877 void
878 connection_mark_for_close_(connection_t *conn, int line, const char *file)
879 {
880  assert_connection_ok(conn,0);
881  tor_assert(line);
882  tor_assert(line < 1<<16); /* marked_for_close can only fit a uint16_t. */
883  tor_assert(file);
884 
885  if (conn->type == CONN_TYPE_OR) {
886  /*
887  * An or_connection should have been closed through one of the channel-
888  * aware functions in connection_or.c. We'll assume this is an error
889  * close and do that, and log a bug warning.
890  */
891  log_warn(LD_CHANNEL | LD_BUG,
892  "Something tried to close an or_connection_t without going "
893  "through channels at %s:%d",
894  file, line);
895  connection_or_close_for_error(TO_OR_CONN(conn), 0);
896  } else {
897  /* Pass it down to the real function */
898  connection_mark_for_close_internal_(conn, line, file);
899  }
900 }
901 
912 connection_mark_for_close_internal_, (connection_t *conn,
913  int line, const char *file))
914 {
915  assert_connection_ok(conn,0);
916  tor_assert(line);
917  tor_assert(line < 1<<16); /* marked_for_close can only fit a uint16_t. */
918  tor_assert(file);
919 
920  if (conn->marked_for_close) {
921  log_warn(LD_BUG,"Duplicate call to connection_mark_for_close at %s:%d"
922  " (first at %s:%d)", file, line, conn->marked_for_close_file,
923  conn->marked_for_close);
925  return;
926  }
927 
928  if (conn->type == CONN_TYPE_OR) {
929  /*
930  * Bad news if this happens without telling the controlling channel; do
931  * this so we can find things that call this wrongly when the asserts hit.
932  */
933  log_debug(LD_CHANNEL,
934  "Calling connection_mark_for_close_internal_() on an OR conn "
935  "at %s:%d",
936  file, line);
937  }
938 
939  conn->marked_for_close = line;
940  conn->marked_for_close_file = file;
942 
943  /* in case we're going to be held-open-til-flushed, reset
944  * the number of seconds since last successful write, so
945  * we get our whole 15 seconds */
946  conn->timestamp_last_write_allowed = time(NULL);
947 }
948 
954 void
956 {
957  time_t now;
958  smartlist_t *conns = get_connection_array();
959 
960  now = time(NULL);
961 
962  SMARTLIST_FOREACH_BEGIN(conns, connection_t *, conn) {
963  /* If we've been holding the connection open, but we haven't written
964  * for 15 seconds...
965  */
966  if (conn->hold_open_until_flushed) {
968  if (now - conn->timestamp_last_write_allowed >= 15) {
969  int severity;
970  if (conn->type == CONN_TYPE_EXIT ||
971  (conn->type == CONN_TYPE_DIR &&
972  conn->purpose == DIR_PURPOSE_SERVER))
973  severity = LOG_INFO;
974  else
975  severity = LOG_NOTICE;
976  log_fn(severity, LD_NET,
977  "Giving up on marked_for_close conn that's been flushing "
978  "for 15s (fd %d, type %s, state %s).",
979  (int)conn->s, conn_type_to_string(conn->type),
980  conn_state_to_string(conn->type, conn->state));
981  conn->hold_open_until_flushed = 0;
982  }
983  }
984  } SMARTLIST_FOREACH_END(conn);
985 }
986 
987 #if defined(HAVE_SYS_UN_H) || defined(RUNNING_DOXYGEN)
988 
1001 static struct sockaddr_un *
1002 create_unix_sockaddr(const char *listenaddress, char **readable_address,
1003  socklen_t *len_out)
1004 {
1005  struct sockaddr_un *sockaddr = NULL;
1006 
1007  sockaddr = tor_malloc_zero(sizeof(struct sockaddr_un));
1008  sockaddr->sun_family = AF_UNIX;
1009  if (strlcpy(sockaddr->sun_path, listenaddress, sizeof(sockaddr->sun_path))
1010  >= sizeof(sockaddr->sun_path)) {
1011  log_warn(LD_CONFIG, "Unix socket path '%s' is too long to fit.",
1012  escaped(listenaddress));
1013  tor_free(sockaddr);
1014  return NULL;
1015  }
1016 
1017  if (readable_address)
1018  *readable_address = tor_strdup(listenaddress);
1019 
1020  *len_out = sizeof(struct sockaddr_un);
1021  return sockaddr;
1022 }
1023 #else /* !(defined(HAVE_SYS_UN_H) || defined(RUNNING_DOXYGEN)) */
1024 static struct sockaddr *
1025 create_unix_sockaddr(const char *listenaddress, char **readable_address,
1026  socklen_t *len_out)
1027 {
1028  (void)listenaddress;
1029  (void)readable_address;
1031  "Unix domain sockets not supported, yet we tried to create one.");
1032  *len_out = 0;
1034  return NULL;
1035 }
1036 #endif /* defined(HAVE_SYS_UN_H) || defined(RUNNING_DOXYGEN) */
1037 
1041 static void
1043 {
1044 #define WARN_TOO_MANY_CONNS_INTERVAL (6*60*60)
1045  static ratelim_t last_warned = RATELIM_INIT(WARN_TOO_MANY_CONNS_INTERVAL);
1046  char *m;
1047  if ((m = rate_limit_log(&last_warned, approx_time()))) {
1048  int n_conns = get_n_open_sockets();
1049  log_warn(LD_NET,"Failing because we have %d connections already. Please "
1050  "read doc/TUNING for guidance.%s", n_conns, m);
1051  tor_free(m);
1052  control_event_general_status(LOG_WARN, "TOO_MANY_CONNECTIONS CURRENT=%d",
1053  n_conns);
1054  }
1055 }
1056 
1057 #ifdef HAVE_SYS_UN_H
1058 
1059 #define UNIX_SOCKET_PURPOSE_CONTROL_SOCKET 0
1060 #define UNIX_SOCKET_PURPOSE_SOCKS_SOCKET 1
1061 
1064 static int
1065 is_valid_unix_socket_purpose(int purpose)
1066 {
1067  int valid = 0;
1068 
1069  switch (purpose) {
1070  case UNIX_SOCKET_PURPOSE_CONTROL_SOCKET:
1071  case UNIX_SOCKET_PURPOSE_SOCKS_SOCKET:
1072  valid = 1;
1073  break;
1074  }
1075 
1076  return valid;
1077 }
1078 
1080 static const char *
1081 unix_socket_purpose_to_string(int purpose)
1082 {
1083  const char *s = "unknown-purpose socket";
1084 
1085  switch (purpose) {
1086  case UNIX_SOCKET_PURPOSE_CONTROL_SOCKET:
1087  s = "control socket";
1088  break;
1089  case UNIX_SOCKET_PURPOSE_SOCKS_SOCKET:
1090  s = "SOCKS socket";
1091  break;
1092  }
1093 
1094  return s;
1095 }
1096 
1099 static int
1100 check_location_for_unix_socket(const or_options_t *options, const char *path,
1101  int purpose, const port_cfg_t *port)
1102 {
1103  int r = -1;
1104  char *p = NULL;
1105 
1106  tor_assert(is_valid_unix_socket_purpose(purpose));
1107 
1108  p = tor_strdup(path);
1109  cpd_check_t flags = CPD_CHECK_MODE_ONLY;
1110  if (get_parent_directory(p)<0 || p[0] != '/') {
1111  log_warn(LD_GENERAL, "Bad unix socket address '%s'. Tor does not support "
1112  "relative paths for unix sockets.", path);
1113  goto done;
1114  }
1115 
1116  if (port->is_world_writable) {
1117  /* World-writable sockets can go anywhere. */
1118  r = 0;
1119  goto done;
1120  }
1121 
1122  if (port->is_group_writable) {
1123  flags |= CPD_GROUP_OK;
1124  }
1125 
1126  if (port->relax_dirmode_check) {
1127  flags |= CPD_RELAX_DIRMODE_CHECK;
1128  }
1129 
1130  if (check_private_dir(p, flags, options->User) < 0) {
1131  char *escpath, *escdir;
1132  escpath = esc_for_log(path);
1133  escdir = esc_for_log(p);
1134  log_warn(LD_GENERAL, "Before Tor can create a %s in %s, the directory "
1135  "%s needs to exist, and to be accessible only by the user%s "
1136  "account that is running Tor. (On some Unix systems, anybody "
1137  "who can list a socket can connect to it, so Tor is being "
1138  "careful.)",
1139  unix_socket_purpose_to_string(purpose), escpath, escdir,
1140  port->is_group_writable ? " and group" : "");
1141  tor_free(escpath);
1142  tor_free(escdir);
1143  goto done;
1144  }
1145 
1146  r = 0;
1147  done:
1148  tor_free(p);
1149  return r;
1150 }
1151 #endif /* defined(HAVE_SYS_UN_H) */
1152 
1156 static int
1158 {
1159 #ifdef _WIN32
1160  (void) sock;
1161  return 0;
1162 #else
1163  int one=1;
1164 
1165  /* REUSEADDR on normal places means you can rebind to the port
1166  * right after somebody else has let it go. But REUSEADDR on win32
1167  * means you can bind to the port _even when somebody else
1168  * already has it bound_. So, don't do that on Win32. */
1169  if (setsockopt(sock, SOL_SOCKET, SO_REUSEADDR, (void*) &one,
1170  (socklen_t)sizeof(one)) == -1) {
1171  return -1;
1172  }
1173  return 0;
1174 #endif /* defined(_WIN32) */
1175 }
1176 
1177 #ifdef _WIN32
1178 
1180 static int
1181 make_win32_socket_exclusive(tor_socket_t sock)
1182 {
1183 #ifdef SO_EXCLUSIVEADDRUSE
1184  int one=1;
1185 
1186  /* Any socket that sets REUSEADDR on win32 can bind to a port _even when
1187  * somebody else already has it bound_, and _even if the original socket
1188  * didn't set REUSEADDR_. Use EXCLUSIVEADDRUSE to prevent this port-stealing
1189  * on win32. */
1190  if (setsockopt(sock, SOL_SOCKET, SO_EXCLUSIVEADDRUSE, (void*) &one,
1191  (socklen_t)sizeof(one))) {
1192  return -1;
1193  }
1194  return 0;
1195 #else /* !(defined(SO_EXCLUSIVEADDRUSE)) */
1196  (void) sock;
1197  return 0;
1198 #endif /* defined(SO_EXCLUSIVEADDRUSE) */
1199 }
1200 #endif /* defined(_WIN32) */
1201 
1203 static int listen_limit = INT_MAX;
1204 
1205 /* Listen on <b>fd</b> with appropriate backlog. Return as for listen. */
1206 static int
1207 tor_listen(tor_socket_t fd)
1208 {
1209  int r;
1210 
1211  if ((r = listen(fd, listen_limit)) < 0) {
1212  if (listen_limit == SOMAXCONN)
1213  return r;
1214  if ((r = listen(fd, SOMAXCONN)) == 0) {
1215  listen_limit = SOMAXCONN;
1216  log_warn(LD_NET, "Setting listen backlog to INT_MAX connections "
1217  "didn't work, but SOMAXCONN did. Lowering backlog limit.");
1218  }
1219  }
1220  return r;
1221 }
1222 
1232 static connection_t *
1233 connection_listener_new(const struct sockaddr *listensockaddr,
1234  socklen_t socklen,
1235  int type, const char *address,
1236  const port_cfg_t *port_cfg,
1237  int *addr_in_use)
1238 {
1239  listener_connection_t *lis_conn;
1240  connection_t *conn = NULL;
1241  tor_socket_t s = TOR_INVALID_SOCKET; /* the socket we're going to make */
1242  or_options_t const *options = get_options();
1243  (void) options; /* Windows doesn't use this. */
1244 #if defined(HAVE_PWD_H) && defined(HAVE_SYS_UN_H)
1245  const struct passwd *pw = NULL;
1246 #endif
1247  uint16_t usePort = 0, gotPort = 0;
1248  int start_reading = 0;
1249  static int global_next_session_group = SESSION_GROUP_FIRST_AUTO;
1250  tor_addr_t addr;
1251  int exhaustion = 0;
1252 
1253  if (addr_in_use)
1254  *addr_in_use = 0;
1255 
1256  if (listensockaddr->sa_family == AF_INET ||
1257  listensockaddr->sa_family == AF_INET6) {
1258  int is_stream = (type != CONN_TYPE_AP_DNS_LISTENER);
1259  if (is_stream)
1260  start_reading = 1;
1261 
1262  tor_addr_from_sockaddr(&addr, listensockaddr, &usePort);
1263  log_notice(LD_NET, "Opening %s on %s",
1264  conn_type_to_string(type), fmt_addrport(&addr, usePort));
1265 
1267  is_stream ? SOCK_STREAM : SOCK_DGRAM,
1268  is_stream ? IPPROTO_TCP: IPPROTO_UDP);
1269  if (!SOCKET_OK(s)) {
1270  int e = tor_socket_errno(s);
1271  if (ERRNO_IS_RESOURCE_LIMIT(e)) {
1273  /*
1274  * We'll call the OOS handler at the error exit, so set the
1275  * exhaustion flag for it.
1276  */
1277  exhaustion = 1;
1278  } else {
1279  log_warn(LD_NET, "Socket creation failed: %s",
1280  tor_socket_strerror(e));
1281  }
1282  goto err;
1283  }
1284 
1285  if (make_socket_reuseable(s) < 0) {
1286  log_warn(LD_NET, "Error setting SO_REUSEADDR flag on %s: %s",
1287  conn_type_to_string(type),
1288  tor_socket_strerror(errno));
1289  }
1290 
1291 #ifdef _WIN32
1292  if (make_win32_socket_exclusive(s) < 0) {
1293  log_warn(LD_NET, "Error setting SO_EXCLUSIVEADDRUSE flag on %s: %s",
1294  conn_type_to_string(type),
1295  tor_socket_strerror(errno));
1296  }
1297 #endif /* defined(_WIN32) */
1298 
1299 #if defined(USE_TRANSPARENT) && defined(IP_TRANSPARENT)
1300  if (options->TransProxyType_parsed == TPT_TPROXY &&
1301  type == CONN_TYPE_AP_TRANS_LISTENER) {
1302  int one = 1;
1303  if (setsockopt(s, SOL_IP, IP_TRANSPARENT, (void*)&one,
1304  (socklen_t)sizeof(one)) < 0) {
1305  const char *extra = "";
1306  int e = tor_socket_errno(s);
1307  if (e == EPERM)
1308  extra = "TransTPROXY requires root privileges or similar"
1309  " capabilities.";
1310  log_warn(LD_NET, "Error setting IP_TRANSPARENT flag: %s.%s",
1311  tor_socket_strerror(e), extra);
1312  }
1313  }
1314 #endif /* defined(USE_TRANSPARENT) && defined(IP_TRANSPARENT) */
1315 
1316 #ifdef IPV6_V6ONLY
1317  if (listensockaddr->sa_family == AF_INET6) {
1318  int one = 1;
1319  /* We need to set IPV6_V6ONLY so that this socket can't get used for
1320  * IPv4 connections. */
1321  if (setsockopt(s,IPPROTO_IPV6, IPV6_V6ONLY,
1322  (void*)&one, (socklen_t)sizeof(one)) < 0) {
1323  int e = tor_socket_errno(s);
1324  log_warn(LD_NET, "Error setting IPV6_V6ONLY flag: %s",
1325  tor_socket_strerror(e));
1326  /* Keep going; probably not harmful. */
1327  }
1328  }
1329 #endif /* defined(IPV6_V6ONLY) */
1330 
1331  if (bind(s,listensockaddr,socklen) < 0) {
1332  const char *helpfulhint = "";
1333  int e = tor_socket_errno(s);
1334  if (ERRNO_IS_EADDRINUSE(e)) {
1335  helpfulhint = ". Is Tor already running?";
1336  if (addr_in_use)
1337  *addr_in_use = 1;
1338  }
1339  log_warn(LD_NET, "Could not bind to %s:%u: %s%s", address, usePort,
1340  tor_socket_strerror(e), helpfulhint);
1341  goto err;
1342  }
1343 
1344  if (is_stream) {
1345  if (tor_listen(s) < 0) {
1346  log_warn(LD_NET, "Could not listen on %s:%u: %s", address, usePort,
1347  tor_socket_strerror(tor_socket_errno(s)));
1348  goto err;
1349  }
1350  }
1351 
1352  if (usePort != 0) {
1353  gotPort = usePort;
1354  } else {
1355  tor_addr_t addr2;
1356  struct sockaddr_storage ss;
1357  socklen_t ss_len=sizeof(ss);
1358  if (getsockname(s, (struct sockaddr*)&ss, &ss_len)<0) {
1359  log_warn(LD_NET, "getsockname() couldn't learn address for %s: %s",
1360  conn_type_to_string(type),
1361  tor_socket_strerror(tor_socket_errno(s)));
1362  gotPort = 0;
1363  }
1364  tor_addr_from_sockaddr(&addr2, (struct sockaddr*)&ss, &gotPort);
1365  }
1366 #ifdef HAVE_SYS_UN_H
1367  /*
1368  * AF_UNIX generic setup stuff
1369  */
1370  } else if (listensockaddr->sa_family == AF_UNIX) {
1371  /* We want to start reading for both AF_UNIX cases */
1372  start_reading = 1;
1373 
1375 
1376  if (check_location_for_unix_socket(options, address,
1377  (type == CONN_TYPE_CONTROL_LISTENER) ?
1378  UNIX_SOCKET_PURPOSE_CONTROL_SOCKET :
1379  UNIX_SOCKET_PURPOSE_SOCKS_SOCKET, port_cfg) < 0) {
1380  goto err;
1381  }
1382 
1383  log_notice(LD_NET, "Opening %s on %s",
1384  conn_type_to_string(type), address);
1385 
1386  tor_addr_make_unspec(&addr);
1387 
1388  if (unlink(address) < 0 && errno != ENOENT) {
1389  log_warn(LD_NET, "Could not unlink %s: %s", address,
1390  strerror(errno));
1391  goto err;
1392  }
1393 
1394  s = tor_open_socket_nonblocking(AF_UNIX, SOCK_STREAM, 0);
1395  if (! SOCKET_OK(s)) {
1396  int e = tor_socket_errno(s);
1397  if (ERRNO_IS_RESOURCE_LIMIT(e)) {
1399  /*
1400  * We'll call the OOS handler at the error exit, so set the
1401  * exhaustion flag for it.
1402  */
1403  exhaustion = 1;
1404  } else {
1405  log_warn(LD_NET,"Socket creation failed: %s.", strerror(e));
1406  }
1407  goto err;
1408  }
1409 
1410  if (bind(s, listensockaddr,
1411  (socklen_t)sizeof(struct sockaddr_un)) == -1) {
1412  log_warn(LD_NET,"Bind to %s failed: %s.", address,
1413  tor_socket_strerror(tor_socket_errno(s)));
1414  goto err;
1415  }
1416 
1417 #ifdef HAVE_PWD_H
1418  if (options->User) {
1419  pw = tor_getpwnam(options->User);
1420  struct stat st;
1421  if (pw == NULL) {
1422  log_warn(LD_NET,"Unable to chown() %s socket: user %s not found.",
1423  address, options->User);
1424  goto err;
1425  } else if (fstat(s, &st) == 0 &&
1426  st.st_uid == pw->pw_uid && st.st_gid == pw->pw_gid) {
1427  /* No change needed */
1428  } else if (chown(sandbox_intern_string(address),
1429  pw->pw_uid, pw->pw_gid) < 0) {
1430  log_warn(LD_NET,"Unable to chown() %s socket: %s.",
1431  address, strerror(errno));
1432  goto err;
1433  }
1434  }
1435 #endif /* defined(HAVE_PWD_H) */
1436 
1437  {
1438  unsigned mode;
1439  const char *status;
1440  struct stat st;
1441  if (port_cfg->is_world_writable) {
1442  mode = 0666;
1443  status = "world-writable";
1444  } else if (port_cfg->is_group_writable) {
1445  mode = 0660;
1446  status = "group-writable";
1447  } else {
1448  mode = 0600;
1449  status = "private";
1450  }
1451  /* We need to use chmod; fchmod doesn't work on sockets on all
1452  * platforms. */
1453  if (fstat(s, &st) == 0 && (st.st_mode & 0777) == mode) {
1454  /* no change needed */
1455  } else if (chmod(sandbox_intern_string(address), mode) < 0) {
1456  log_warn(LD_FS,"Unable to make %s %s.", address, status);
1457  goto err;
1458  }
1459  }
1460 
1461  if (listen(s, SOMAXCONN) < 0) {
1462  log_warn(LD_NET, "Could not listen on %s: %s", address,
1463  tor_socket_strerror(tor_socket_errno(s)));
1464  goto err;
1465  }
1466 
1467 #ifndef __APPLE__
1468  /* This code was introduced to help debug #28229. */
1469  int value;
1470  socklen_t len = sizeof(value);
1471 
1472  if (!getsockopt(s, SOL_SOCKET, SO_ACCEPTCONN, &value, &len)) {
1473  if (value == 0) {
1474  log_err(LD_NET, "Could not listen on %s - "
1475  "getsockopt(.,SO_ACCEPTCONN,.) yields 0.", address);
1476  goto err;
1477  }
1478  }
1479 #endif /* !defined(__APPLE__) */
1480 #endif /* defined(HAVE_SYS_UN_H) */
1481  } else {
1482  log_err(LD_BUG, "Got unexpected address family %d.",
1483  listensockaddr->sa_family);
1484  tor_assert(0);
1485  }
1486 
1487  lis_conn = listener_connection_new(type, listensockaddr->sa_family);
1488  conn = TO_CONN(lis_conn);
1489  conn->socket_family = listensockaddr->sa_family;
1490  conn->s = s;
1491  s = TOR_INVALID_SOCKET; /* Prevent double-close */
1492  conn->address = tor_strdup(address);
1493  conn->port = gotPort;
1494  tor_addr_copy(&conn->addr, &addr);
1495 
1496  memcpy(&lis_conn->entry_cfg, &port_cfg->entry_cfg, sizeof(entry_port_cfg_t));
1497 
1498  if (port_cfg->entry_cfg.isolation_flags) {
1499  lis_conn->entry_cfg.isolation_flags = port_cfg->entry_cfg.isolation_flags;
1500  if (port_cfg->entry_cfg.session_group >= 0) {
1501  lis_conn->entry_cfg.session_group = port_cfg->entry_cfg.session_group;
1502  } else {
1503  /* This can wrap after around INT_MAX listeners are opened. But I don't
1504  * believe that matters, since you would need to open a ridiculous
1505  * number of listeners while keeping the early ones open before you ever
1506  * hit this. An OR with a dozen ports open, for example, would have to
1507  * close and re-open its listeners every second for 4 years nonstop.
1508  */
1509  lis_conn->entry_cfg.session_group = global_next_session_group--;
1510  }
1511  }
1512 
1513  if (type != CONN_TYPE_AP_LISTENER) {
1514  lis_conn->entry_cfg.ipv4_traffic = 1;
1515  lis_conn->entry_cfg.ipv6_traffic = 1;
1516  lis_conn->entry_cfg.prefer_ipv6 = 0;
1517  }
1518 
1519  if (connection_add(conn) < 0) { /* no space, forget it */
1520  log_warn(LD_NET,"connection_add for listener failed. Giving up.");
1521  goto err;
1522  }
1523 
1524  log_fn(usePort==gotPort ? LOG_DEBUG : LOG_NOTICE, LD_NET,
1525  "%s listening on port %u.",
1526  conn_type_to_string(type), gotPort);
1527 
1528  conn->state = LISTENER_STATE_READY;
1529  if (start_reading) {
1530  connection_start_reading(conn);
1531  } else {
1534  }
1535 
1536  /*
1537  * Normal exit; call the OOS handler since connection count just changed;
1538  * the exhaustion flag will always be zero here though.
1539  */
1541 
1542  if (conn->socket_family == AF_UNIX) {
1543  log_notice(LD_NET, "Opened %s on %s",
1544  conn_type_to_string(type), conn->address);
1545  } else {
1546  log_notice(LD_NET, "Opened %s on %s",
1547  conn_type_to_string(type), fmt_addrport(&addr, gotPort));
1548  }
1549  return conn;
1550 
1551  err:
1552  if (SOCKET_OK(s))
1553  tor_close_socket(s);
1554  if (conn)
1555  connection_free(conn);
1556 
1557  /* Call the OOS handler, indicate if we saw an exhaustion-related error */
1559 
1560  return NULL;
1561 }
1562 
1569 static connection_t *
1571  int *defer, int *addr_in_use)
1572 {
1573  connection_t *conn;
1574  struct sockaddr *listensockaddr;
1575  socklen_t listensocklen = 0;
1576  char *address=NULL;
1577  int real_port = port->port == CFG_AUTO_PORT ? 0 : port->port;
1578  tor_assert(real_port <= UINT16_MAX);
1579 
1580  if (defer)
1581  *defer = 0;
1582 
1583  if (port->server_cfg.no_listen) {
1584  if (defer)
1585  *defer = 1;
1586  return NULL;
1587  }
1588 
1589 #ifndef _WIN32
1590  /* We don't need to be root to create a UNIX socket, so defer until after
1591  * setuid. */
1592  const or_options_t *options = get_options();
1593  if (port->is_unix_addr && !geteuid() && (options->User) &&
1594  strcmp(options->User, "root")) {
1595  if (defer)
1596  *defer = 1;
1597  return NULL;
1598  }
1599 #endif /* !defined(_WIN32) */
1600 
1601  if (port->is_unix_addr) {
1602  listensockaddr = (struct sockaddr *)
1603  create_unix_sockaddr(port->unix_addr,
1604  &address, &listensocklen);
1605  } else {
1606  listensockaddr = tor_malloc(sizeof(struct sockaddr_storage));
1607  listensocklen = tor_addr_to_sockaddr(&port->addr,
1608  real_port,
1609  listensockaddr,
1610  sizeof(struct sockaddr_storage));
1611  address = tor_addr_to_str_dup(&port->addr);
1612  }
1613 
1614  if (listensockaddr) {
1615  conn = connection_listener_new(listensockaddr, listensocklen,
1616  port->type, address, port,
1617  addr_in_use);
1618  tor_free(listensockaddr);
1619  tor_free(address);
1620  } else {
1621  conn = NULL;
1622  }
1623 
1624  return conn;
1625 }
1626 
1634 static int
1635 check_sockaddr(const struct sockaddr *sa, int len, int level)
1636 {
1637  int ok = 1;
1638 
1639  if (sa->sa_family == AF_INET) {
1640  struct sockaddr_in *sin=(struct sockaddr_in*)sa;
1641  if (len != sizeof(struct sockaddr_in)) {
1642  log_fn(level, LD_NET, "Length of address not as expected: %d vs %d",
1643  len,(int)sizeof(struct sockaddr_in));
1644  ok = 0;
1645  }
1646  if (sin->sin_addr.s_addr == 0 || sin->sin_port == 0) {
1647  log_fn(level, LD_NET,
1648  "Address for new connection has address/port equal to zero.");
1649  ok = 0;
1650  }
1651  } else if (sa->sa_family == AF_INET6) {
1652  struct sockaddr_in6 *sin6=(struct sockaddr_in6*)sa;
1653  if (len != sizeof(struct sockaddr_in6)) {
1654  log_fn(level, LD_NET, "Length of address not as expected: %d vs %d",
1655  len,(int)sizeof(struct sockaddr_in6));
1656  ok = 0;
1657  }
1658  if (fast_mem_is_zero((void*)sin6->sin6_addr.s6_addr, 16) ||
1659  sin6->sin6_port == 0) {
1660  log_fn(level, LD_NET,
1661  "Address for new connection has address/port equal to zero.");
1662  ok = 0;
1663  }
1664  } else if (sa->sa_family == AF_UNIX) {
1665  ok = 1;
1666  } else {
1667  ok = 0;
1668  }
1669  return ok ? 0 : -1;
1670 }
1671 
1677 static int
1679 {
1680  if (got != listener->socket_family) {
1681  log_info(LD_BUG, "A listener connection returned a socket with a "
1682  "mismatched family. %s for addr_family %d gave us a socket "
1683  "with address family %d. Dropping.",
1684  conn_type_to_string(listener->type),
1685  (int)listener->socket_family,
1686  (int)got);
1687  return -1;
1688  }
1689  return 0;
1690 }
1691 
1695 static int
1697 {
1698  tor_socket_t news; /* the new socket */
1699  connection_t *newconn = 0;
1700  /* information about the remote peer when connecting to other routers */
1701  struct sockaddr_storage addrbuf;
1702  struct sockaddr *remote = (struct sockaddr*)&addrbuf;
1703  /* length of the remote address. Must be whatever accept() needs. */
1704  socklen_t remotelen = (socklen_t)sizeof(addrbuf);
1705  const or_options_t *options = get_options();
1706 
1707  tor_assert((size_t)remotelen >= sizeof(struct sockaddr_in));
1708  memset(&addrbuf, 0, sizeof(addrbuf));
1709 
1710  news = tor_accept_socket_nonblocking(conn->s,remote,&remotelen);
1711  if (!SOCKET_OK(news)) { /* accept() error */
1712  int e = tor_socket_errno(conn->s);
1713  if (ERRNO_IS_ACCEPT_EAGAIN(e)) {
1714  /*
1715  * they hung up before we could accept(). that's fine.
1716  *
1717  * give the OOS handler a chance to run though
1718  */
1720  return 0;
1721  } else if (ERRNO_IS_RESOURCE_LIMIT(e)) {
1723  /* Exhaustion; tell the OOS handler */
1725  return 0;
1726  }
1727  /* else there was a real error. */
1728  log_warn(LD_NET,"accept() failed: %s. Closing listener.",
1729  tor_socket_strerror(e));
1730  connection_mark_for_close(conn);
1731  /* Tell the OOS handler about this too */
1733  return -1;
1734  }
1735  log_debug(LD_NET,
1736  "Connection accepted on socket %d (child of fd %d).",
1737  (int)news,(int)conn->s);
1738 
1739  /* We accepted a new conn; run OOS handler */
1741 
1742  if (make_socket_reuseable(news) < 0) {
1743  if (tor_socket_errno(news) == EINVAL) {
1744  /* This can happen on OSX if we get a badly timed shutdown. */
1745  log_debug(LD_NET, "make_socket_reuseable returned EINVAL");
1746  } else {
1747  log_warn(LD_NET, "Error setting SO_REUSEADDR flag on %s: %s",
1748  conn_type_to_string(new_type),
1749  tor_socket_strerror(errno));
1750  }
1751  tor_close_socket(news);
1752  return 0;
1753  }
1754 
1755  if (options->ConstrainedSockets)
1757 
1758  if (check_sockaddr_family_match(remote->sa_family, conn) < 0) {
1759  tor_close_socket(news);
1760  return 0;
1761  }
1762 
1763  if (conn->socket_family == AF_INET || conn->socket_family == AF_INET6 ||
1764  (conn->socket_family == AF_UNIX && new_type == CONN_TYPE_AP)) {
1765  tor_addr_t addr;
1766  uint16_t port;
1767  if (check_sockaddr(remote, remotelen, LOG_INFO)<0) {
1768  log_info(LD_NET,
1769  "accept() returned a strange address; closing connection.");
1770  tor_close_socket(news);
1771  return 0;
1772  }
1773 
1774  tor_addr_from_sockaddr(&addr, remote, &port);
1775 
1776  /* process entrance policies here, before we even create the connection */
1777  if (new_type == CONN_TYPE_AP) {
1778  /* check sockspolicy to see if we should accept it */
1779  if (socks_policy_permits_address(&addr) == 0) {
1780  log_notice(LD_APP,
1781  "Denying socks connection from untrusted address %s.",
1782  fmt_and_decorate_addr(&addr));
1783  tor_close_socket(news);
1784  return 0;
1785  }
1786  }
1787  if (new_type == CONN_TYPE_DIR) {
1788  /* check dirpolicy to see if we should accept it */
1789  if (dir_policy_permits_address(&addr) == 0) {
1790  log_notice(LD_DIRSERV,"Denying dir connection from address %s.",
1791  fmt_and_decorate_addr(&addr));
1792  tor_close_socket(news);
1793  return 0;
1794  }
1795  }
1796  if (new_type == CONN_TYPE_OR) {
1797  /* Assess with the connection DoS mitigation subsystem if this address
1798  * can open a new connection. */
1799  if (dos_conn_addr_get_defense_type(&addr) == DOS_CONN_DEFENSE_CLOSE) {
1800  tor_close_socket(news);
1801  return 0;
1802  }
1803  }
1804 
1805  newconn = connection_new(new_type, conn->socket_family);
1806  newconn->s = news;
1807 
1808  /* remember the remote address */
1809  tor_addr_copy(&newconn->addr, &addr);
1810  if (new_type == CONN_TYPE_AP && conn->socket_family == AF_UNIX) {
1811  newconn->port = 0;
1812  newconn->address = tor_strdup(conn->address);
1813  } else {
1814  newconn->port = port;
1815  newconn->address = tor_addr_to_str_dup(&addr);
1816  }
1817 
1818  if (new_type == CONN_TYPE_AP && conn->socket_family != AF_UNIX) {
1819  log_info(LD_NET, "New SOCKS connection opened from %s.",
1820  fmt_and_decorate_addr(&addr));
1821  }
1822  if (new_type == CONN_TYPE_AP && conn->socket_family == AF_UNIX) {
1823  log_info(LD_NET, "New SOCKS AF_UNIX connection opened");
1824  }
1825  if (new_type == CONN_TYPE_CONTROL) {
1826  log_notice(LD_CONTROL, "New control connection opened from %s.",
1827  fmt_and_decorate_addr(&addr));
1828  }
1829 
1830  } else if (conn->socket_family == AF_UNIX && conn->type != CONN_TYPE_AP) {
1832  tor_assert(new_type == CONN_TYPE_CONTROL);
1833  log_notice(LD_CONTROL, "New control connection opened.");
1834 
1835  newconn = connection_new(new_type, conn->socket_family);
1836  newconn->s = news;
1837 
1838  /* remember the remote address -- do we have anything sane to put here? */
1839  tor_addr_make_unspec(&newconn->addr);
1840  newconn->port = 1;
1841  newconn->address = tor_strdup(conn->address);
1842  } else {
1843  tor_assert(0);
1844  };
1845 
1846  if (connection_add(newconn) < 0) { /* no space, forget it */
1847  connection_free(newconn);
1848  return 0; /* no need to tear down the parent */
1849  }
1850 
1851  if (connection_init_accepted_conn(newconn, TO_LISTENER_CONN(conn)) < 0) {
1852  if (! newconn->marked_for_close)
1853  connection_mark_for_close(newconn);
1854  return 0;
1855  }
1856  return 0;
1857 }
1858 
1868 int
1870  const listener_connection_t *listener)
1871 {
1872  int rv;
1873 
1874  connection_start_reading(conn);
1875 
1876  switch (conn->type) {
1877  case CONN_TYPE_EXT_OR:
1878  /* Initiate Extended ORPort authentication. */
1880  case CONN_TYPE_OR:
1881  connection_or_event_status(TO_OR_CONN(conn), OR_CONN_EVENT_NEW, 0);
1882  rv = connection_tls_start_handshake(TO_OR_CONN(conn), 1);
1883  if (rv < 0) {
1884  connection_or_close_for_error(TO_OR_CONN(conn), 0);
1885  }
1886  return rv;
1887  break;
1888  case CONN_TYPE_AP:
1889  memcpy(&TO_ENTRY_CONN(conn)->entry_cfg, &listener->entry_cfg,
1890  sizeof(entry_port_cfg_t));
1891  TO_ENTRY_CONN(conn)->nym_epoch = get_signewnym_epoch();
1892  TO_ENTRY_CONN(conn)->socks_request->listener_type = listener->base_.type;
1893 
1894  /* Any incoming connection on an entry port counts as user activity. */
1895  note_user_activity(approx_time());
1896 
1897  switch (TO_CONN(listener)->type) {
1898  case CONN_TYPE_AP_LISTENER:
1900  TO_ENTRY_CONN(conn)->socks_request->socks_prefer_no_auth =
1901  listener->entry_cfg.socks_prefer_no_auth;
1902  break;
1904  TO_ENTRY_CONN(conn)->is_transparent_ap = 1;
1905  /* XXXX028 -- is this correct still, with the addition of
1906  * pending_entry_connections ? */
1908  return connection_ap_process_transparent(TO_ENTRY_CONN(conn));
1910  TO_ENTRY_CONN(conn)->is_transparent_ap = 1;
1912  break;
1915  }
1916  break;
1917  case CONN_TYPE_DIR:
1918  conn->purpose = DIR_PURPOSE_SERVER;
1920  break;
1921  case CONN_TYPE_CONTROL:
1923  break;
1924  }
1925  return 0;
1926 }
1927 
1933 MOCK_IMPL(STATIC int,
1934 connection_connect_sockaddr,(connection_t *conn,
1935  const struct sockaddr *sa,
1936  socklen_t sa_len,
1937  const struct sockaddr *bindaddr,
1938  socklen_t bindaddr_len,
1939  int *socket_error))
1940 {
1941  tor_socket_t s;
1942  int inprogress = 0;
1943  const or_options_t *options = get_options();
1944 
1945  tor_assert(conn);
1946  tor_assert(sa);
1947  tor_assert(socket_error);
1948 
1949  if (net_is_completely_disabled()) {
1950  /* We should never even try to connect anyplace if the network is
1951  * completely shut off.
1952  *
1953  * (We don't check net_is_disabled() here, since we still sometimes
1954  * want to open connections when we're in soft hibernation.)
1955  */
1956  static ratelim_t disablenet_violated = RATELIM_INIT(30*60);
1957  *socket_error = SOCK_ERRNO(ENETUNREACH);
1958  log_fn_ratelim(&disablenet_violated, LOG_WARN, LD_BUG,
1959  "Tried to open a socket with DisableNetwork set.");
1961  return -1;
1962  }
1963 
1964  const int protocol_family = sa->sa_family;
1965  const int proto = (sa->sa_family == AF_INET6 ||
1966  sa->sa_family == AF_INET) ? IPPROTO_TCP : 0;
1967 
1968  s = tor_open_socket_nonblocking(protocol_family, SOCK_STREAM, proto);
1969  if (! SOCKET_OK(s)) {
1970  /*
1971  * Early OOS handler calls; it matters if it's an exhaustion-related
1972  * error or not.
1973  */
1974  *socket_error = tor_socket_errno(s);
1975  if (ERRNO_IS_RESOURCE_LIMIT(*socket_error)) {
1978  } else {
1979  log_warn(LD_NET,"Error creating network socket: %s",
1980  tor_socket_strerror(*socket_error));
1982  }
1983  return -1;
1984  }
1985 
1986  if (make_socket_reuseable(s) < 0) {
1987  log_warn(LD_NET, "Error setting SO_REUSEADDR flag on new connection: %s",
1988  tor_socket_strerror(errno));
1989  }
1990 
1991  /*
1992  * We've got the socket open; give the OOS handler a chance to check
1993  * against configured maximum socket number, but tell it no exhaustion
1994  * failure.
1995  */
1997 
1998  if (bindaddr && bind(s, bindaddr, bindaddr_len) < 0) {
1999  *socket_error = tor_socket_errno(s);
2000  log_warn(LD_NET,"Error binding network socket: %s",
2001  tor_socket_strerror(*socket_error));
2002  tor_close_socket(s);
2003  return -1;
2004  }
2005 
2006  tor_assert(options);
2007  if (options->ConstrainedSockets)
2009 
2010  if (connect(s, sa, sa_len) < 0) {
2011  int e = tor_socket_errno(s);
2012  if (!ERRNO_IS_CONN_EINPROGRESS(e)) {
2013  /* yuck. kill it. */
2014  *socket_error = e;
2015  log_info(LD_NET,
2016  "connect() to socket failed: %s",
2017  tor_socket_strerror(e));
2018  tor_close_socket(s);
2019  return -1;
2020  } else {
2021  inprogress = 1;
2022  }
2023  }
2024 
2025  /* it succeeded. we're connected. */
2026  log_fn(inprogress ? LOG_DEBUG : LOG_INFO, LD_NET,
2027  "Connection to socket %s (sock "TOR_SOCKET_T_FORMAT").",
2028  inprogress ? "in progress" : "established", s);
2029  conn->s = s;
2030  if (connection_add_connecting(conn) < 0) {
2031  /* no space, forget it */
2032  *socket_error = SOCK_ERRNO(ENOBUFS);
2033  return -1;
2034  }
2035 
2036  return inprogress ? 0 : 1;
2037 }
2038 
2039 /* Log a message if connection attempt is made when IPv4 or IPv6 is disabled.
2040  * Log a less severe message if we couldn't conform to ClientPreferIPv6ORPort
2041  * or ClientPreferIPv6ORPort. */
2042 static void
2043 connection_connect_log_client_use_ip_version(const connection_t *conn)
2044 {
2045  const or_options_t *options = get_options();
2046 
2047  /* Only clients care about ClientUseIPv4/6, bail out early on servers, and
2048  * on connections we don't care about */
2049  if (server_mode(options) || !conn || conn->type == CONN_TYPE_EXIT) {
2050  return;
2051  }
2052 
2053  /* We're only prepared to log OR and DIR connections here */
2054  if (conn->type != CONN_TYPE_OR && conn->type != CONN_TYPE_DIR) {
2055  return;
2056  }
2057 
2058  const int must_ipv4 = !fascist_firewall_use_ipv6(options);
2059  const int must_ipv6 = (options->ClientUseIPv4 == 0);
2060  const int pref_ipv6 = (conn->type == CONN_TYPE_OR
2063  tor_addr_t real_addr;
2064  tor_addr_make_null(&real_addr, AF_UNSPEC);
2065 
2066  /* OR conns keep the original address in real_addr, as addr gets overwritten
2067  * with the descriptor address */
2068  if (conn->type == CONN_TYPE_OR) {
2069  const or_connection_t *or_conn = TO_OR_CONN((connection_t *)conn);
2070  tor_addr_copy(&real_addr, &or_conn->real_addr);
2071  } else if (conn->type == CONN_TYPE_DIR) {
2072  tor_addr_copy(&real_addr, &conn->addr);
2073  }
2074 
2075  /* Check if we broke a mandatory address family restriction */
2076  if ((must_ipv4 && tor_addr_family(&real_addr) == AF_INET6)
2077  || (must_ipv6 && tor_addr_family(&real_addr) == AF_INET)) {
2078  static int logged_backtrace = 0;
2079  log_info(LD_BUG, "Outgoing %s connection to %s violated ClientUseIPv%s 0.",
2080  conn->type == CONN_TYPE_OR ? "OR" : "Dir",
2081  fmt_addr(&real_addr),
2082  options->ClientUseIPv4 == 0 ? "4" : "6");
2083  if (!logged_backtrace) {
2084  log_backtrace(LOG_INFO, LD_BUG, "Address came from");
2085  logged_backtrace = 1;
2086  }
2087  }
2088 
2089  /* Bridges are allowed to break IPv4/IPv6 ORPort preferences to connect to
2090  * the node's configured address when ClientPreferIPv6ORPort is auto */
2091  if (options->UseBridges && conn->type == CONN_TYPE_OR
2092  && options->ClientPreferIPv6ORPort == -1) {
2093  return;
2094  }
2095 
2096  if (fascist_firewall_use_ipv6(options)) {
2097  log_info(LD_NET, "Our outgoing connection is using IPv%d.",
2098  tor_addr_family(&real_addr) == AF_INET6 ? 6 : 4);
2099  }
2100 
2101  /* Check if we couldn't satisfy an address family preference */
2102  if ((!pref_ipv6 && tor_addr_family(&real_addr) == AF_INET6)
2103  || (pref_ipv6 && tor_addr_family(&real_addr) == AF_INET)) {
2104  log_info(LD_NET, "Outgoing connection to %s doesn't satisfy "
2105  "ClientPreferIPv6%sPort %d, with ClientUseIPv4 %d, and "
2106  "fascist_firewall_use_ipv6 %d (ClientUseIPv6 %d and UseBridges "
2107  "%d).",
2108  fmt_addr(&real_addr),
2109  conn->type == CONN_TYPE_OR ? "OR" : "Dir",
2110  conn->type == CONN_TYPE_OR ? options->ClientPreferIPv6ORPort
2111  : options->ClientPreferIPv6DirPort,
2112  options->ClientUseIPv4, fascist_firewall_use_ipv6(options),
2113  options->ClientUseIPv6, options->UseBridges);
2114  }
2115 }
2116 
2121 const tor_addr_t *
2123  const or_options_t *options, unsigned int conn_type)
2124 {
2125  const tor_addr_t *ext_addr = NULL;
2126 
2127  int fam_index;
2128  switch (family) {
2129  case AF_INET:
2130  fam_index = 0;
2131  break;
2132  case AF_INET6:
2133  fam_index = 1;
2134  break;
2135  default:
2136  return NULL;
2137  }
2138 
2139  // If an exit connection, use the exit address (if present)
2140  if (conn_type == CONN_TYPE_EXIT) {
2141  if (!tor_addr_is_null(
2142  &options->OutboundBindAddresses[OUTBOUND_ADDR_EXIT][fam_index])) {
2143  ext_addr = &options->OutboundBindAddresses[OUTBOUND_ADDR_EXIT]
2144  [fam_index];
2145  } else if (!tor_addr_is_null(
2146  &options->OutboundBindAddresses[OUTBOUND_ADDR_EXIT_AND_OR]
2147  [fam_index])) {
2148  ext_addr = &options->OutboundBindAddresses[OUTBOUND_ADDR_EXIT_AND_OR]
2149  [fam_index];
2150  }
2151  } else { // All non-exit connections
2152  if (!tor_addr_is_null(
2153  &options->OutboundBindAddresses[OUTBOUND_ADDR_OR][fam_index])) {
2154  ext_addr = &options->OutboundBindAddresses[OUTBOUND_ADDR_OR]
2155  [fam_index];
2156  } else if (!tor_addr_is_null(
2157  &options->OutboundBindAddresses[OUTBOUND_ADDR_EXIT_AND_OR]
2158  [fam_index])) {
2159  ext_addr = &options->OutboundBindAddresses[OUTBOUND_ADDR_EXIT_AND_OR]
2160  [fam_index];
2161  }
2162  }
2163  return ext_addr;
2164 }
2165 
2178 int
2179 connection_connect(connection_t *conn, const char *address,
2180  const tor_addr_t *addr, uint16_t port, int *socket_error)
2181 {
2182  struct sockaddr_storage addrbuf;
2183  struct sockaddr_storage bind_addr_ss;
2184  struct sockaddr *bind_addr = NULL;
2185  struct sockaddr *dest_addr;
2186  int dest_addr_len, bind_addr_len = 0;
2187 
2188  /* Log if we didn't stick to ClientUseIPv4/6 or ClientPreferIPv6OR/DirPort
2189  */
2190  connection_connect_log_client_use_ip_version(conn);
2191 
2192  if (!tor_addr_is_loopback(addr)) {
2193  const tor_addr_t *ext_addr = NULL;
2194  ext_addr = conn_get_outbound_address(tor_addr_family(addr), get_options(),
2195  conn->type);
2196  if (ext_addr) {
2197  memset(&bind_addr_ss, 0, sizeof(bind_addr_ss));
2198  bind_addr_len = tor_addr_to_sockaddr(ext_addr, 0,
2199  (struct sockaddr *) &bind_addr_ss,
2200  sizeof(bind_addr_ss));
2201  if (bind_addr_len == 0) {
2202  log_warn(LD_NET,
2203  "Error converting OutboundBindAddress %s into sockaddr. "
2204  "Ignoring.", fmt_and_decorate_addr(ext_addr));
2205  } else {
2206  bind_addr = (struct sockaddr *)&bind_addr_ss;
2207  }
2208  }
2209  }
2210 
2211  memset(&addrbuf,0,sizeof(addrbuf));
2212  dest_addr = (struct sockaddr*) &addrbuf;
2213  dest_addr_len = tor_addr_to_sockaddr(addr, port, dest_addr, sizeof(addrbuf));
2214  tor_assert(dest_addr_len > 0);
2215 
2216  log_debug(LD_NET, "Connecting to %s:%u.",
2217  escaped_safe_str_client(address), port);
2218 
2219  return connection_connect_sockaddr(conn, dest_addr, dest_addr_len,
2220  bind_addr, bind_addr_len, socket_error);
2221 }
2222 
2223 #ifdef HAVE_SYS_UN_H
2224 
2232 int
2233 connection_connect_unix(connection_t *conn, const char *socket_path,
2234  int *socket_error)
2235 {
2236  struct sockaddr_un dest_addr;
2237 
2238  tor_assert(socket_path);
2239 
2240  /* Check that we'll be able to fit it into dest_addr later */
2241  if (strlen(socket_path) + 1 > sizeof(dest_addr.sun_path)) {
2242  log_warn(LD_NET,
2243  "Path %s is too long for an AF_UNIX socket\n",
2244  escaped_safe_str_client(socket_path));
2245  *socket_error = SOCK_ERRNO(ENAMETOOLONG);
2246  return -1;
2247  }
2248 
2249  memset(&dest_addr, 0, sizeof(dest_addr));
2250  dest_addr.sun_family = AF_UNIX;
2251  strlcpy(dest_addr.sun_path, socket_path, sizeof(dest_addr.sun_path));
2252 
2253  log_debug(LD_NET,
2254  "Connecting to AF_UNIX socket at %s.",
2255  escaped_safe_str_client(socket_path));
2256 
2257  return connection_connect_sockaddr(conn,
2258  (struct sockaddr *)&dest_addr, sizeof(dest_addr),
2259  NULL, 0, socket_error);
2260 }
2261 
2262 #endif /* defined(HAVE_SYS_UN_H) */
2263 
2266 static const char *
2268 {
2269  static const char *unknown = "???";
2270  static const char *states[] = {
2271  "PROXY_NONE",
2272  "PROXY_INFANT",
2273  "PROXY_HTTPS_WANT_CONNECT_OK",
2274  "PROXY_SOCKS4_WANT_CONNECT_OK",
2275  "PROXY_SOCKS5_WANT_AUTH_METHOD_NONE",
2276  "PROXY_SOCKS5_WANT_AUTH_METHOD_RFC1929",
2277  "PROXY_SOCKS5_WANT_AUTH_RFC1929_OK",
2278  "PROXY_SOCKS5_WANT_CONNECT_OK",
2279  "PROXY_CONNECTED",
2280  };
2281 
2282  if (state < PROXY_NONE || state > PROXY_CONNECTED)
2283  return unknown;
2284 
2285  return states[state];
2286 }
2287 
2292 static int
2294 {
2295  const or_options_t *options = get_options();
2296 
2297  if (options->ClientTransportPlugin) {
2298  /* If we have plugins configured *and* this addr/port is a known bridge
2299  * with a transport, then we should be PROXY_PLUGGABLE. */
2300  const transport_t *transport = NULL;
2301  int r;
2302  r = get_transport_by_bridge_addrport(&conn->addr, conn->port, &transport);
2303  if (r == 0 && transport)
2304  return PROXY_PLUGGABLE;
2305  }
2306 
2307  /* In all other cases, we're using a global proxy. */
2308  if (options->HTTPSProxy)
2309  return PROXY_CONNECT;
2310  else if (options->Socks4Proxy)
2311  return PROXY_SOCKS4;
2312  else if (options->Socks5Proxy)
2313  return PROXY_SOCKS5;
2314  else
2315  return PROXY_NONE;
2316 }
2317 
2318 /* One byte for the version, one for the command, two for the
2319  port, and four for the addr... and, one more for the
2320  username NUL: */
2321 #define SOCKS4_STANDARD_BUFFER_SIZE (1 + 1 + 2 + 4 + 1)
2322 
2333 int
2335 {
2336  const or_options_t *options;
2337 
2338  tor_assert(conn);
2339 
2340  options = get_options();
2341 
2342  switch (type) {
2343  case PROXY_CONNECT: {
2344  char buf[1024];
2345  char *base64_authenticator=NULL;
2346  const char *authenticator = options->HTTPSProxyAuthenticator;
2347 
2348  /* Send HTTP CONNECT and authentication (if available) in
2349  * one request */
2350 
2351  if (authenticator) {
2352  base64_authenticator = alloc_http_authenticator(authenticator);
2353  if (!base64_authenticator)
2354  log_warn(LD_OR, "Encoding https authenticator failed");
2355  }
2356 
2357  if (base64_authenticator) {
2358  const char *addrport = fmt_addrport(&conn->addr, conn->port);
2359  tor_snprintf(buf, sizeof(buf), "CONNECT %s HTTP/1.1\r\n"
2360  "Host: %s\r\n"
2361  "Proxy-Authorization: Basic %s\r\n\r\n",
2362  addrport,
2363  addrport,
2364  base64_authenticator);
2365  tor_free(base64_authenticator);
2366  } else {
2367  tor_snprintf(buf, sizeof(buf), "CONNECT %s HTTP/1.0\r\n\r\n",
2368  fmt_addrport(&conn->addr, conn->port));
2369  }
2370 
2371  connection_buf_add(buf, strlen(buf), conn);
2372  conn->proxy_state = PROXY_HTTPS_WANT_CONNECT_OK;
2373  break;
2374  }
2375 
2376  case PROXY_SOCKS4: {
2377  unsigned char *buf;
2378  uint16_t portn;
2379  uint32_t ip4addr;
2380  size_t buf_size = 0;
2381  char *socks_args_string = NULL;
2382 
2383  /* Send a SOCKS4 connect request */
2384 
2385  if (tor_addr_family(&conn->addr) != AF_INET) {
2386  log_warn(LD_NET, "SOCKS4 client is incompatible with IPv6");
2387  return -1;
2388  }
2389 
2390  { /* If we are here because we are trying to connect to a
2391  pluggable transport proxy, check if we have any SOCKS
2392  arguments to transmit. If we do, compress all arguments to
2393  a single string in 'socks_args_string': */
2394 
2395  if (conn_get_proxy_type(conn) == PROXY_PLUGGABLE) {
2396  socks_args_string =
2398  if (socks_args_string)
2399  log_debug(LD_NET, "Sending out '%s' as our SOCKS argument string.",
2400  socks_args_string);
2401  }
2402  }
2403 
2404  { /* Figure out the buffer size we need for the SOCKS message: */
2405 
2406  buf_size = SOCKS4_STANDARD_BUFFER_SIZE;
2407 
2408  /* If we have a SOCKS argument string, consider its size when
2409  calculating the buffer size: */
2410  if (socks_args_string)
2411  buf_size += strlen(socks_args_string);
2412  }
2413 
2414  buf = tor_malloc_zero(buf_size);
2415 
2416  ip4addr = tor_addr_to_ipv4n(&conn->addr);
2417  portn = htons(conn->port);
2418 
2419  buf[0] = 4; /* version */
2420  buf[1] = SOCKS_COMMAND_CONNECT; /* command */
2421  memcpy(buf + 2, &portn, 2); /* port */
2422  memcpy(buf + 4, &ip4addr, 4); /* addr */
2423 
2424  /* Next packet field is the userid. If we have pluggable
2425  transport SOCKS arguments, we have to embed them
2426  there. Otherwise, we use an empty userid. */
2427  if (socks_args_string) { /* place the SOCKS args string: */
2428  tor_assert(strlen(socks_args_string) > 0);
2429  tor_assert(buf_size >=
2430  SOCKS4_STANDARD_BUFFER_SIZE + strlen(socks_args_string));
2431  strlcpy((char *)buf + 8, socks_args_string, buf_size - 8);
2432  tor_free(socks_args_string);
2433  } else {
2434  buf[8] = 0; /* no userid */
2435  }
2436 
2437  connection_buf_add((char *)buf, buf_size, conn);
2438  tor_free(buf);
2439 
2440  conn->proxy_state = PROXY_SOCKS4_WANT_CONNECT_OK;
2441  break;
2442  }
2443 
2444  case PROXY_SOCKS5: {
2445  unsigned char buf[4]; /* fields: vers, num methods, method list */
2446 
2447  /* Send a SOCKS5 greeting (connect request must wait) */
2448 
2449  buf[0] = 5; /* version */
2450 
2451  /* We have to use SOCKS5 authentication, if we have a
2452  Socks5ProxyUsername or if we want to pass arguments to our
2453  pluggable transport proxy: */
2454  if ((options->Socks5ProxyUsername) ||
2455  (conn_get_proxy_type(conn) == PROXY_PLUGGABLE &&
2456  (get_socks_args_by_bridge_addrport(&conn->addr, conn->port)))) {
2457  /* number of auth methods */
2458  buf[1] = 2;
2459  buf[2] = 0x00; /* no authentication */
2460  buf[3] = 0x02; /* rfc1929 Username/Passwd auth */
2461  conn->proxy_state = PROXY_SOCKS5_WANT_AUTH_METHOD_RFC1929;
2462  } else {
2463  buf[1] = 1;
2464  buf[2] = 0x00; /* no authentication */
2465  conn->proxy_state = PROXY_SOCKS5_WANT_AUTH_METHOD_NONE;
2466  }
2467 
2468  connection_buf_add((char *)buf, 2 + buf[1], conn);
2469  break;
2470  }
2471 
2472  default:
2473  log_err(LD_BUG, "Invalid proxy protocol, %d", type);
2475  return -1;
2476  }
2477 
2478  log_debug(LD_NET, "set state %s",
2480 
2481  return 0;
2482 }
2483 
2488 static int
2490 {
2491  char *headers;
2492  char *reason=NULL;
2493  int status_code;
2494  time_t date_header;
2495 
2496  switch (fetch_from_buf_http(conn->inbuf,
2497  &headers, MAX_HEADERS_SIZE,
2498  NULL, NULL, 10000, 0)) {
2499  case -1: /* overflow */
2500  log_warn(LD_PROTOCOL,
2501  "Your https proxy sent back an oversized response. Closing.");
2502  return -1;
2503  case 0:
2504  log_info(LD_NET,"https proxy response not all here yet. Waiting.");
2505  return 0;
2506  /* case 1, fall through */
2507  }
2508 
2509  if (parse_http_response(headers, &status_code, &date_header,
2510  NULL, &reason) < 0) {
2511  log_warn(LD_NET,
2512  "Unparseable headers from proxy (connecting to '%s'). Closing.",
2513  conn->address);
2514  tor_free(headers);
2515  return -1;
2516  }
2517  tor_free(headers);
2518  if (!reason) reason = tor_strdup("[no reason given]");
2519 
2520  if (status_code == 200) {
2521  log_info(LD_NET,
2522  "HTTPS connect to '%s' successful! (200 %s) Starting TLS.",
2523  conn->address, escaped(reason));
2524  tor_free(reason);
2525  return 1;
2526  }
2527  /* else, bad news on the status code */
2528  switch (status_code) {
2529  case 403:
2530  log_warn(LD_NET,
2531  "The https proxy refused to allow connection to %s "
2532  "(status code %d, %s). Closing.",
2533  conn->address, status_code, escaped(reason));
2534  break;
2535  default:
2536  log_warn(LD_NET,
2537  "The https proxy sent back an unexpected status code %d (%s). "
2538  "Closing.",
2539  status_code, escaped(reason));
2540  break;
2541  }
2542  tor_free(reason);
2543  return -1;
2544 }
2545 
2549 static void
2551 {
2552  unsigned char buf[1024];
2553  size_t reqsize = 6;
2554  uint16_t port = htons(conn->port);
2555 
2556  buf[0] = 5; /* version */
2557  buf[1] = SOCKS_COMMAND_CONNECT; /* command */
2558  buf[2] = 0; /* reserved */
2559 
2560  if (tor_addr_family(&conn->addr) == AF_INET) {
2561  uint32_t addr = tor_addr_to_ipv4n(&conn->addr);
2562 
2563  buf[3] = 1;
2564  reqsize += 4;
2565  memcpy(buf + 4, &addr, 4);
2566  memcpy(buf + 8, &port, 2);
2567  } else { /* AF_INET6 */
2568  buf[3] = 4;
2569  reqsize += 16;
2570  memcpy(buf + 4, tor_addr_to_in6_addr8(&conn->addr), 16);
2571  memcpy(buf + 20, &port, 2);
2572  }
2573 
2574  connection_buf_add((char *)buf, reqsize, conn);
2575 
2576  conn->proxy_state = PROXY_SOCKS5_WANT_CONNECT_OK;
2577 }
2578 
2581 static int
2583  int state, char **reason)
2584 {
2585  return fetch_from_buf_socks_client(conn->inbuf, state, reason);
2586 }
2587 
2598 int
2600 {
2601  int ret = 0;
2602  char *reason = NULL;
2603 
2604  log_debug(LD_NET, "enter state %s",
2606 
2607  switch (conn->proxy_state) {
2608  case PROXY_HTTPS_WANT_CONNECT_OK:
2610  if (ret == 1)
2611  conn->proxy_state = PROXY_CONNECTED;
2612  break;
2613 
2614  case PROXY_SOCKS4_WANT_CONNECT_OK:
2616  conn->proxy_state,
2617  &reason);
2618  if (ret == 1)
2619  conn->proxy_state = PROXY_CONNECTED;
2620  break;
2621 
2622  case PROXY_SOCKS5_WANT_AUTH_METHOD_NONE:
2624  conn->proxy_state,
2625  &reason);
2626  /* no auth needed, do connect */
2627  if (ret == 1) {
2629  ret = 0;
2630  }
2631  break;
2632 
2633  case PROXY_SOCKS5_WANT_AUTH_METHOD_RFC1929:
2635  conn->proxy_state,
2636  &reason);
2637 
2638  /* send auth if needed, otherwise do connect */
2639  if (ret == 1) {
2641  ret = 0;
2642  } else if (ret == 2) {
2643  unsigned char buf[1024];
2644  size_t reqsize, usize, psize;
2645  const char *user, *pass;
2646  char *socks_args_string = NULL;
2647 
2648  if (conn_get_proxy_type(conn) == PROXY_PLUGGABLE) {
2649  socks_args_string =
2651  if (!socks_args_string) {
2652  log_warn(LD_NET, "Could not create SOCKS args string for PT.");
2653  ret = -1;
2654  break;
2655  }
2656 
2657  log_debug(LD_NET, "PT SOCKS5 arguments: %s", socks_args_string);
2658  tor_assert(strlen(socks_args_string) > 0);
2659  tor_assert(strlen(socks_args_string) <= MAX_SOCKS5_AUTH_SIZE_TOTAL);
2660 
2661  if (strlen(socks_args_string) > MAX_SOCKS5_AUTH_FIELD_SIZE) {
2662  user = socks_args_string;
2664  pass = socks_args_string + MAX_SOCKS5_AUTH_FIELD_SIZE;
2665  psize = strlen(socks_args_string) - MAX_SOCKS5_AUTH_FIELD_SIZE;
2666  } else {
2667  user = socks_args_string;
2668  usize = strlen(socks_args_string);
2669  pass = "\0";
2670  psize = 1;
2671  }
2672  } else if (get_options()->Socks5ProxyUsername) {
2673  user = get_options()->Socks5ProxyUsername;
2674  pass = get_options()->Socks5ProxyPassword;
2675  tor_assert(user && pass);
2676  usize = strlen(user);
2677  psize = strlen(pass);
2678  } else {
2679  log_err(LD_BUG, "We entered %s for no reason!", __func__);
2681  ret = -1;
2682  break;
2683  }
2684 
2685  /* Username and password lengths should have been checked
2686  above and during torrc parsing. */
2688  psize <= MAX_SOCKS5_AUTH_FIELD_SIZE);
2689  reqsize = 3 + usize + psize;
2690 
2691  buf[0] = 1; /* negotiation version */
2692  buf[1] = usize;
2693  memcpy(buf + 2, user, usize);
2694  buf[2 + usize] = psize;
2695  memcpy(buf + 3 + usize, pass, psize);
2696 
2697  if (socks_args_string)
2698  tor_free(socks_args_string);
2699 
2700  connection_buf_add((char *)buf, reqsize, conn);
2701 
2702  conn->proxy_state = PROXY_SOCKS5_WANT_AUTH_RFC1929_OK;
2703  ret = 0;
2704  }
2705  break;
2706 
2707  case PROXY_SOCKS5_WANT_AUTH_RFC1929_OK:
2709  conn->proxy_state,
2710  &reason);
2711  /* send the connect request */
2712  if (ret == 1) {
2714  ret = 0;
2715  }
2716  break;
2717 
2718  case PROXY_SOCKS5_WANT_CONNECT_OK:
2720  conn->proxy_state,
2721  &reason);
2722  if (ret == 1)
2723  conn->proxy_state = PROXY_CONNECTED;
2724  break;
2725 
2726  default:
2727  log_err(LD_BUG, "Invalid proxy_state for reading, %d",
2728  conn->proxy_state);
2730  ret = -1;
2731  break;
2732  }
2733 
2734  log_debug(LD_NET, "leaving state %s",
2736 
2737  if (ret < 0) {
2738  if (reason) {
2739  log_warn(LD_NET, "Proxy Client: unable to connect to %s:%d (%s)",
2740  conn->address, conn->port, escaped(reason));
2741  tor_free(reason);
2742  } else {
2743  log_warn(LD_NET, "Proxy Client: unable to connect to %s:%d",
2744  conn->address, conn->port);
2745  }
2746  } else if (ret == 1) {
2747  log_info(LD_NET, "Proxy Client: connection to %s:%d successful",
2748  conn->address, conn->port);
2749  }
2750 
2751  return ret;
2752 }
2753 
2770 static int
2772  const smartlist_t *ports,
2773  smartlist_t *new_conns,
2774  smartlist_t *replacements,
2775  int control_listeners_only)
2776 {
2777 #ifndef ENABLE_LISTENER_REBIND
2778  (void)replacements;
2779 #endif
2780 
2781  smartlist_t *launch = smartlist_new();
2782  int r = 0;
2783 
2784  if (control_listeners_only) {
2785  SMARTLIST_FOREACH(ports, port_cfg_t *, p, {
2786  if (p->type == CONN_TYPE_CONTROL_LISTENER)
2787  smartlist_add(launch, p);
2788  });
2789  } else {
2790  smartlist_add_all(launch, ports);
2791  }
2792 
2793  /* Iterate through old_conns, comparing it to launch: remove from both lists
2794  * each pair of elements that corresponds to the same port. */
2795  SMARTLIST_FOREACH_BEGIN(old_conns, connection_t *, conn) {
2796  const port_cfg_t *found_port = NULL;
2797 
2798  /* Okay, so this is a listener. Is it configured? */
2799  /* That is, is it either: 1) exact match - address and port
2800  * pair match exactly between old listener and new port; or 2)
2801  * wildcard match - port matches exactly, but *one* of the
2802  * addresses is wildcard (0.0.0.0 or ::)?
2803  */
2804  SMARTLIST_FOREACH_BEGIN(launch, const port_cfg_t *, wanted) {
2805  if (conn->type != wanted->type)
2806  continue;
2807  if ((conn->socket_family != AF_UNIX && wanted->is_unix_addr) ||
2808  (conn->socket_family == AF_UNIX && ! wanted->is_unix_addr))
2809  continue;
2810 
2811  if (wanted->server_cfg.no_listen)
2812  continue; /* We don't want to open a listener for this one */
2813 
2814  if (wanted->is_unix_addr) {
2815  if (conn->socket_family == AF_UNIX &&
2816  !strcmp(wanted->unix_addr, conn->address)) {
2817  found_port = wanted;
2818  break;
2819  }
2820  } else {
2821  /* Numeric values of old and new port match exactly. */
2822  const int port_matches_exact = (wanted->port == conn->port);
2823  /* Ports match semantically - either their specific values
2824  match exactly, or new port is 'auto'.
2825  */
2826  const int port_matches = (wanted->port == CFG_AUTO_PORT ||
2827  port_matches_exact);
2828 
2829  if (port_matches && tor_addr_eq(&wanted->addr, &conn->addr)) {
2830  found_port = wanted;
2831  break;
2832  }
2833 #ifdef ENABLE_LISTENER_REBIND
2834  /* Rebinding may be needed if all of the following are true:
2835  * 1) Address family is the same in old and new listeners.
2836  * 2) Port number matches exactly (numeric value is the same).
2837  * 3) *One* of listeners (either old one or new one) has a
2838  * wildcard IP address (0.0.0.0 or [::]).
2839  *
2840  * These are the exact conditions for a first bind() syscall
2841  * to fail with EADDRINUSE.
2842  */
2843  const int may_need_rebind =
2844  tor_addr_family(&wanted->addr) == tor_addr_family(&conn->addr) &&
2845  port_matches_exact && bool_neq(tor_addr_is_null(&wanted->addr),
2846  tor_addr_is_null(&conn->addr));
2847  if (replacements && may_need_rebind) {
2848  listener_replacement_t *replacement =
2849  tor_malloc(sizeof(listener_replacement_t));
2850 
2851  replacement->old_conn = conn;
2852  replacement->new_port = wanted;
2853  smartlist_add(replacements, replacement);
2854 
2855  SMARTLIST_DEL_CURRENT(launch, wanted);
2856  SMARTLIST_DEL_CURRENT(old_conns, conn);
2857  break;
2858  }
2859 #endif /* defined(ENABLE_LISTENER_REBIND) */
2860  }
2861  } SMARTLIST_FOREACH_END(wanted);
2862 
2863  if (found_port) {
2864  /* This listener is already running; we don't need to launch it. */
2865  //log_debug(LD_NET, "Already have %s on %s:%d",
2866  // conn_type_to_string(found_port->type), conn->address, conn->port);
2867  smartlist_remove(launch, found_port);
2868  /* And we can remove the connection from old_conns too. */
2869  SMARTLIST_DEL_CURRENT(old_conns, conn);
2870  }
2871  } SMARTLIST_FOREACH_END(conn);
2872 
2873  /* Now open all the listeners that are configured but not opened. */
2874  SMARTLIST_FOREACH_BEGIN(launch, const port_cfg_t *, port) {
2875  int skip = 0;
2876  connection_t *conn = connection_listener_new_for_port(port, &skip, NULL);
2877 
2878  if (conn && new_conns)
2879  smartlist_add(new_conns, conn);
2880  else if (!skip)
2881  r = -1;
2882  } SMARTLIST_FOREACH_END(port);
2883 
2884  smartlist_free(launch);
2885 
2886  return r;
2887 }
2888 
2898 int
2899 retry_all_listeners(smartlist_t *new_conns, int close_all_noncontrol)
2900 {
2901  smartlist_t *listeners = smartlist_new();
2902  smartlist_t *replacements = smartlist_new();
2903  const or_options_t *options = get_options();
2904  int retval = 0;
2905  const uint16_t old_or_port = router_get_advertised_or_port(options);
2906  const uint16_t old_or_port_ipv6 =
2907  router_get_advertised_or_port_by_af(options,AF_INET6);
2908  const uint16_t old_dir_port = router_get_advertised_dir_port(options, 0);
2909 
2910  SMARTLIST_FOREACH_BEGIN(get_connection_array(), connection_t *, conn) {
2911  if (connection_is_listener(conn) && !conn->marked_for_close)
2912  smartlist_add(listeners, conn);
2913  } SMARTLIST_FOREACH_END(conn);
2914 
2915  if (retry_listener_ports(listeners,
2916  get_configured_ports(),
2917  new_conns,
2918  replacements,
2919  close_all_noncontrol) < 0)
2920  retval = -1;
2921 
2922 #ifdef ENABLE_LISTENER_REBIND
2923  if (smartlist_len(replacements))
2924  log_debug(LD_NET, "%d replacements - starting rebinding loop.",
2925  smartlist_len(replacements));
2926 
2927  SMARTLIST_FOREACH_BEGIN(replacements, listener_replacement_t *, r) {
2928  int addr_in_use = 0;
2929  int skip = 0;
2930 
2931  tor_assert(r->new_port);
2932  tor_assert(r->old_conn);
2933 
2934  connection_t *new_conn =
2935  connection_listener_new_for_port(r->new_port, &skip, &addr_in_use);
2936  connection_t *old_conn = r->old_conn;
2937 
2938  if (skip) {
2939  log_debug(LD_NET, "Skipping creating new listener for %s:%d",
2940  old_conn->address, old_conn->port);
2941  continue;
2942  }
2943 
2944  connection_close_immediate(old_conn);
2945  connection_mark_for_close(old_conn);
2946 
2947  if (addr_in_use) {
2948  new_conn = connection_listener_new_for_port(r->new_port,
2949  &skip, &addr_in_use);
2950  }
2951 
2952  tor_assert(new_conn);
2953 
2954  smartlist_add(new_conns, new_conn);
2955 
2956  log_notice(LD_NET, "Closed no-longer-configured %s on %s:%d "
2957  "(replaced by %s:%d)",
2958  conn_type_to_string(old_conn->type), old_conn->address,
2959  old_conn->port, new_conn->address, new_conn->port);
2960  } SMARTLIST_FOREACH_END(r);
2961 #endif /* defined(ENABLE_LISTENER_REBIND) */
2962 
2963  /* Any members that were still in 'listeners' don't correspond to
2964  * any configured port. Kill 'em. */
2965  SMARTLIST_FOREACH_BEGIN(listeners, connection_t *, conn) {
2966  log_notice(LD_NET, "Closing no-longer-configured %s on %s:%d",
2967  conn_type_to_string(conn->type), conn->address, conn->port);
2969  connection_mark_for_close(conn);
2970  } SMARTLIST_FOREACH_END(conn);
2971 
2972  smartlist_free(listeners);
2973  /* Cleanup any remaining listener replacement. */
2974  SMARTLIST_FOREACH(replacements, listener_replacement_t *, r, tor_free(r));
2975  smartlist_free(replacements);
2976 
2977  if (old_or_port != router_get_advertised_or_port(options) ||
2978  old_or_port_ipv6 != router_get_advertised_or_port_by_af(options,
2979  AF_INET6) ||
2980  old_dir_port != router_get_advertised_dir_port(options, 0)) {
2981  /* Our chosen ORPort or DirPort is not what it used to be: the
2982  * descriptor we had (if any) should be regenerated. (We won't
2983  * automatically notice this because of changes in the option,
2984  * since the value could be "auto".) */
2985  mark_my_descriptor_dirty("Chosen Or/DirPort changed");
2986  }
2987 
2988  return retval;
2989 }
2990 
2992 void
2994 {
2995  SMARTLIST_FOREACH_BEGIN(get_connection_array(), connection_t *, conn) {
2996  if (conn->marked_for_close)
2997  continue;
2998  if (conn->type == CONN_TYPE_CONTROL_LISTENER)
2999  continue;
3000  if (connection_is_listener(conn))
3001  connection_mark_for_close(conn);
3002  } SMARTLIST_FOREACH_END(conn);
3003 }
3004 
3006 void
3008 {
3009  SMARTLIST_FOREACH_BEGIN(get_connection_array(), connection_t *, conn) {
3010  if (conn->marked_for_close)
3011  continue;
3012  switch (conn->type) {
3014  case CONN_TYPE_CONTROL:
3015  break;
3016  case CONN_TYPE_AP:
3017  connection_mark_unattached_ap(TO_ENTRY_CONN(conn),
3018  END_STREAM_REASON_HIBERNATING);
3019  break;
3020  case CONN_TYPE_OR:
3021  {
3022  or_connection_t *orconn = TO_OR_CONN(conn);
3023  if (orconn->chan) {
3024  connection_or_close_normally(orconn, 0);
3025  } else {
3026  /*
3027  * There should have been one, but mark for close and hope
3028  * for the best..
3029  */
3030  connection_mark_for_close(conn);
3031  }
3032  }
3033  break;
3034  default:
3035  connection_mark_for_close(conn);
3036  break;
3037  }
3038  } SMARTLIST_FOREACH_END(conn);
3039 }
3040 
3047 static int
3049 {
3050  const or_options_t *options = get_options();
3051  if (conn->linked)
3052  return 0; /* Internal connection */
3053  else if (! options->CountPrivateBandwidth &&
3054  (tor_addr_family(&conn->addr) == AF_UNSPEC || /* no address */
3055  tor_addr_family(&conn->addr) == AF_UNIX || /* no address */
3056  tor_addr_is_internal(&conn->addr, 0)))
3057  return 0; /* Internal address */
3058  else
3059  return 1;
3060 }
3061 
3065 static time_t write_buckets_last_empty_at = -100;
3066 
3069 #define CLIENT_IDLE_TIME_FOR_PRIORITY 30
3070 
3075 static int
3077 {
3078  if (conn->type == CONN_TYPE_OR &&
3081  return 1;
3082  if (conn->type == CONN_TYPE_DIR && DIR_CONN_IS_SERVER(conn))
3083  return 1;
3084  return 0;
3085 }
3086 
3092 static ssize_t
3093 connection_bucket_get_share(int base, int priority,
3094  ssize_t global_bucket_val, ssize_t conn_bucket)
3095 {
3096  ssize_t at_most;
3097  ssize_t num_bytes_high = (priority ? 32 : 16) * base;
3098  ssize_t num_bytes_low = (priority ? 4 : 2) * base;
3099 
3100  /* Do a rudimentary limiting so one circuit can't hog a connection.
3101  * Pick at most 32 cells, at least 4 cells if possible, and if we're in
3102  * the middle pick 1/8 of the available bandwidth. */
3103  at_most = global_bucket_val / 8;
3104  at_most -= (at_most % base); /* round down */
3105  if (at_most > num_bytes_high) /* 16 KB, or 8 KB for low-priority */
3106  at_most = num_bytes_high;
3107  else if (at_most < num_bytes_low) /* 2 KB, or 1 KB for low-priority */
3108  at_most = num_bytes_low;
3109 
3110  if (at_most > global_bucket_val)
3111  at_most = global_bucket_val;
3112 
3113  if (conn_bucket >= 0 && at_most > conn_bucket)
3114  at_most = conn_bucket;
3115 
3116  if (at_most < 0)
3117  return 0;
3118  return at_most;
3119 }
3120 
3122 static ssize_t
3124 {
3125  int base = RELAY_PAYLOAD_SIZE;
3126  int priority = conn->type != CONN_TYPE_DIR;
3127  ssize_t conn_bucket = -1;
3128  size_t global_bucket_val = token_bucket_rw_get_read(&global_bucket);
3129 
3130  if (connection_speaks_cells(conn)) {
3131  or_connection_t *or_conn = TO_OR_CONN(conn);
3132  if (conn->state == OR_CONN_STATE_OPEN)
3133  conn_bucket = token_bucket_rw_get_read(&or_conn->bucket);
3134  base = get_cell_network_size(or_conn->wide_circ_ids);
3135  }
3136 
3137  if (!connection_is_rate_limited(conn)) {
3138  /* be willing to read on local conns even if our buckets are empty */
3139  return conn_bucket>=0 ? conn_bucket : 1<<14;
3140  }
3141 
3142  if (connection_counts_as_relayed_traffic(conn, now)) {
3143  size_t relayed = token_bucket_rw_get_read(&global_relayed_bucket);
3144  global_bucket_val = MIN(global_bucket_val, relayed);
3145  }
3146 
3147  return connection_bucket_get_share(base, priority,
3148  global_bucket_val, conn_bucket);
3149 }
3150 
3152 ssize_t
3154 {
3155  int base = RELAY_PAYLOAD_SIZE;
3156  int priority = conn->type != CONN_TYPE_DIR;
3157  size_t conn_bucket = conn->outbuf_flushlen;
3158  size_t global_bucket_val = token_bucket_rw_get_write(&global_bucket);
3159 
3160  if (!connection_is_rate_limited(conn)) {
3161  /* be willing to write to local conns even if our buckets are empty */
3162  return conn->outbuf_flushlen;
3163  }
3164 
3165  if (connection_speaks_cells(conn)) {
3166  /* use the per-conn write limit if it's lower */
3167  or_connection_t *or_conn = TO_OR_CONN(conn);
3168  if (conn->state == OR_CONN_STATE_OPEN)
3169  conn_bucket = MIN(conn_bucket,
3170  token_bucket_rw_get_write(&or_conn->bucket));
3171  base = get_cell_network_size(or_conn->wide_circ_ids);
3172  }
3173 
3174  if (connection_counts_as_relayed_traffic(conn, now)) {
3175  size_t relayed = token_bucket_rw_get_write(&global_relayed_bucket);
3176  global_bucket_val = MIN(global_bucket_val, relayed);
3177  }
3178 
3179  return connection_bucket_get_share(base, priority,
3180  global_bucket_val, conn_bucket);
3181 }
3182 
3202 int
3203 global_write_bucket_low(connection_t *conn, size_t attempt, int priority)
3204 {
3205  size_t smaller_bucket =
3206  MIN(token_bucket_rw_get_write(&global_bucket),
3207  token_bucket_rw_get_write(&global_relayed_bucket));
3208  if (authdir_mode(get_options()) && priority>1)
3209  return 0; /* there's always room to answer v2 if we're an auth dir */
3210 
3211  if (!connection_is_rate_limited(conn))
3212  return 0; /* local conns don't get limited */
3213 
3214  if (smaller_bucket < attempt)
3215  return 1; /* not enough space no matter the priority */
3216 
3217  {
3218  const time_t diff = approx_time() - write_buckets_last_empty_at;
3219  if (diff <= 1)
3220  return 1; /* we're already hitting our limits, no more please */
3221  }
3222 
3223  if (priority == 1) { /* old-style v1 query */
3224  /* Could we handle *two* of these requests within the next two seconds? */
3225  const or_options_t *options = get_options();
3226  size_t can_write = (size_t) (smaller_bucket
3227  + 2*(options->RelayBandwidthRate ? options->RelayBandwidthRate :
3228  options->BandwidthRate));
3229  if (can_write < 2*attempt)
3230  return 1;
3231  } else { /* v2 query */
3232  /* no further constraints yet */
3233  }
3234  return 0;
3235 }
3236 
3240 
3244 static void
3246  time_t now, size_t num_read, size_t num_written)
3247 {
3248  /* Count bytes of answering direct and tunneled directory requests */
3249  if (conn->type == CONN_TYPE_DIR && conn->purpose == DIR_PURPOSE_SERVER) {
3250  if (num_read > 0)
3251  rep_hist_note_dir_bytes_read(num_read, now);
3252  if (num_written > 0)
3253  rep_hist_note_dir_bytes_written(num_written, now);
3254  }
3255 
3256  if (!connection_is_rate_limited(conn))
3257  return; /* local IPs are free */
3258 
3259  if (conn->type == CONN_TYPE_OR)
3261  num_written, now);
3262 
3263  if (num_read > 0) {
3264  rep_hist_note_bytes_read(num_read, now);
3265  }
3266  if (num_written > 0) {
3267  rep_hist_note_bytes_written(num_written, now);
3268  }
3269  if (conn->type == CONN_TYPE_EXIT)
3270  rep_hist_note_exit_bytes(conn->port, num_written, num_read);
3271 
3272  /* Remember these bytes towards statistics. */
3273  stats_increment_bytes_read_and_written(num_read, num_written);
3274 
3275  /* Remember these bytes towards accounting. */
3276  if (accounting_is_enabled(get_options())) {
3278  accounting_add_bytes(num_read, num_written,
3279  (int)(now - last_recorded_accounting_at));
3280  } else {
3281  accounting_add_bytes(num_read, num_written, 0);
3282  }
3284  }
3285 }
3286 
3289 static void
3291  size_t num_read, size_t num_written)
3292 {
3293  if (num_written >= INT_MAX || num_read >= INT_MAX) {
3294  log_err(LD_BUG, "Value out of range. num_read=%lu, num_written=%lu, "
3295  "connection type=%s, state=%s",
3296  (unsigned long)num_read, (unsigned long)num_written,
3297  conn_type_to_string(conn->type),
3298  conn_state_to_string(conn->type, conn->state));
3299  tor_assert_nonfatal_unreached();
3300  if (num_written >= INT_MAX)
3301  num_written = 1;
3302  if (num_read >= INT_MAX)
3303  num_read = 1;
3304  }
3305 
3306  record_num_bytes_transferred_impl(conn, now, num_read, num_written);
3307 
3308  if (!connection_is_rate_limited(conn))
3309  return; /* local IPs are free */
3310 
3311  unsigned flags = 0;
3312  if (connection_counts_as_relayed_traffic(conn, now)) {
3313  flags = token_bucket_rw_dec(&global_relayed_bucket, num_read, num_written);
3314  }
3315  flags |= token_bucket_rw_dec(&global_bucket, num_read, num_written);
3316 
3317  if (flags & TB_WRITE) {
3319  }
3320  if (connection_speaks_cells(conn) && conn->state == OR_CONN_STATE_OPEN) {
3321  or_connection_t *or_conn = TO_OR_CONN(conn);
3322  token_bucket_rw_dec(&or_conn->bucket, num_read, num_written);
3323  }
3324 }
3325 
3332 void
3334 {
3335  (void)is_global_bw;
3336  conn->read_blocked_on_bw = 1;
3337  connection_stop_reading(conn);
3339 }
3340 
3347 void
3349 {
3350  (void)is_global_bw;
3351  conn->write_blocked_on_bw = 1;
3352  connection_stop_writing(conn);
3354 }
3355 
3358 void
3360 {
3361  const char *reason;
3362 
3363  if (!connection_is_rate_limited(conn))
3364  return; /* Always okay. */
3365 
3366  int is_global = 1;
3367 
3368  if (token_bucket_rw_get_read(&global_bucket) <= 0) {
3369  reason = "global read bucket exhausted. Pausing.";
3370  } else if (connection_counts_as_relayed_traffic(conn, approx_time()) &&
3371  token_bucket_rw_get_read(&global_relayed_bucket) <= 0) {
3372  reason = "global relayed read bucket exhausted. Pausing.";
3373  } else if (connection_speaks_cells(conn) &&
3374  conn->state == OR_CONN_STATE_OPEN &&
3375  token_bucket_rw_get_read(&TO_OR_CONN(conn)->bucket) <= 0) {
3376  reason = "connection read bucket exhausted. Pausing.";
3377  is_global = false;
3378  } else
3379  return; /* all good, no need to stop it */
3380 
3381  LOG_FN_CONN(conn, (LOG_DEBUG, LD_NET, "%s", reason));
3382  connection_read_bw_exhausted(conn, is_global);
3383 }
3384 
3387 void
3389 {
3390  const char *reason;
3391 
3392  if (!connection_is_rate_limited(conn))
3393  return; /* Always okay. */
3394 
3395  bool is_global = true;
3396  if (token_bucket_rw_get_write(&global_bucket) <= 0) {
3397  reason = "global write bucket exhausted. Pausing.";
3398  } else if (connection_counts_as_relayed_traffic(conn, approx_time()) &&
3399  token_bucket_rw_get_write(&global_relayed_bucket) <= 0) {
3400  reason = "global relayed write bucket exhausted. Pausing.";
3401  } else if (connection_speaks_cells(conn) &&
3402  conn->state == OR_CONN_STATE_OPEN &&
3403  token_bucket_rw_get_write(&TO_OR_CONN(conn)->bucket) <= 0) {
3404  reason = "connection write bucket exhausted. Pausing.";
3405  is_global = false;
3406  } else
3407  return; /* all good, no need to stop it */
3408 
3409  LOG_FN_CONN(conn, (LOG_DEBUG, LD_NET, "%s", reason));
3410  connection_write_bw_exhausted(conn, is_global);
3411 }
3412 
3415 void
3417 {
3418  const or_options_t *options = get_options();
3419  const uint32_t now_ts = monotime_coarse_get_stamp();
3420  token_bucket_rw_init(&global_bucket,
3421  (int32_t)options->BandwidthRate,
3422  (int32_t)options->BandwidthBurst,
3423  now_ts);
3424  if (options->RelayBandwidthRate) {
3425  token_bucket_rw_init(&global_relayed_bucket,
3426  (int32_t)options->RelayBandwidthRate,
3427  (int32_t)options->RelayBandwidthBurst,
3428  now_ts);
3429  } else {
3430  token_bucket_rw_init(&global_relayed_bucket,
3431  (int32_t)options->BandwidthRate,
3432  (int32_t)options->BandwidthBurst,
3433  now_ts);
3434  }
3435 
3437 }
3438 
3440 void
3442 {
3443  token_bucket_rw_adjust(&global_bucket,
3444  (int32_t)options->BandwidthRate,
3445  (int32_t)options->BandwidthBurst);
3446  if (options->RelayBandwidthRate) {
3447  token_bucket_rw_adjust(&global_relayed_bucket,
3448  (int32_t)options->RelayBandwidthRate,
3449  (int32_t)options->RelayBandwidthBurst);
3450  } else {
3451  token_bucket_rw_adjust(&global_relayed_bucket,
3452  (int32_t)options->BandwidthRate,
3453  (int32_t)options->BandwidthBurst);
3454  }
3455 }
3456 
3467 static void
3469 {
3470  /* Note that we only check for equality here: the underlying
3471  * token bucket functions can handle moving backwards in time if they
3472  * need to. */
3473  if (now_ts != last_refilled_global_buckets_ts) {
3474  token_bucket_rw_refill(&global_bucket, now_ts);
3475  token_bucket_rw_refill(&global_relayed_bucket, now_ts);
3477  }
3478 
3479  if (connection_speaks_cells(conn) && conn->state == OR_CONN_STATE_OPEN) {
3480  or_connection_t *or_conn = TO_OR_CONN(conn);
3481  token_bucket_rw_refill(&or_conn->bucket, now_ts);
3482  }
3483 }
3484 
3490 
3493 
3496 
3502 static void
3504 {
3505  (void)ev;
3506  (void)arg;
3507  SMARTLIST_FOREACH_BEGIN(get_connection_array(), connection_t *, conn) {
3508  if (conn->read_blocked_on_bw == 1) {
3509  connection_start_reading(conn);
3510  conn->read_blocked_on_bw = 0;
3511  }
3512  if (conn->write_blocked_on_bw == 1) {
3513  connection_start_writing(conn);
3514  conn->write_blocked_on_bw = 0;
3515  }
3516  } SMARTLIST_FOREACH_END(conn);
3517 
3519 }
3520 
3525 static void
3527 {
3532  }
3533  time_t sec = options->TokenBucketRefillInterval / 1000;
3534  int msec = (options->TokenBucketRefillInterval % 1000);
3536  reenable_blocked_connections_delay.tv_usec = msec * 1000;
3537 }
3538 
3544 static void
3546 {
3548  return;
3549  if (BUG(reenable_blocked_connections_ev == NULL)) {
3550  reenable_blocked_connection_init(get_options());
3551  }
3555 }
3556 
3565 static int
3567 {
3568  ssize_t max_to_read=-1, try_to_read;
3569  size_t before, n_read = 0;
3570  int socket_error = 0;
3571 
3572  if (conn->marked_for_close)
3573  return 0; /* do nothing */
3574 
3576 
3578 
3579  switch (conn->type) {
3580  case CONN_TYPE_OR_LISTENER:
3584  case CONN_TYPE_AP_LISTENER:
3594  /* This should never happen; eventdns.c handles the reads here. */
3596  return 0;
3597  }
3598 
3599  loop_again:
3600  try_to_read = max_to_read;
3601  tor_assert(!conn->marked_for_close);
3602 
3603  before = buf_datalen(conn->inbuf);
3604  if (connection_buf_read_from_socket(conn, &max_to_read, &socket_error) < 0) {
3605  /* There's a read error; kill the connection.*/
3606  if (conn->type == CONN_TYPE_OR) {
3608  socket_error != 0 ?
3609  errno_to_orconn_end_reason(socket_error) :
3610  END_OR_CONN_REASON_CONNRESET,
3611  socket_error != 0 ?
3612  tor_socket_strerror(socket_error) :
3613  "(unknown, errno was 0)");
3614  }
3615  if (CONN_IS_EDGE(conn)) {
3616  edge_connection_t *edge_conn = TO_EDGE_CONN(conn);
3617  connection_edge_end_errno(edge_conn);
3618  if (conn->type == CONN_TYPE_AP && TO_ENTRY_CONN(conn)->socks_request) {
3619  /* broken, don't send a socks reply back */
3620  TO_ENTRY_CONN(conn)->socks_request->has_finished = 1;
3621  }
3622  }
3623  connection_close_immediate(conn); /* Don't flush; connection is dead. */
3624  /*
3625  * This can bypass normal channel checking since we did
3626  * connection_or_notify_error() above.
3627  */
3628  connection_mark_for_close_internal(conn);
3629  return -1;
3630  }
3631  n_read += buf_datalen(conn->inbuf) - before;
3632  if (CONN_IS_EDGE(conn) && try_to_read != max_to_read) {
3633  /* instruct it not to try to package partial cells. */
3634  if (connection_process_inbuf(conn, 0) < 0) {
3635  return -1;
3636  }
3637  if (!conn->marked_for_close &&
3638  connection_is_reading(conn) &&
3639  !conn->inbuf_reached_eof &&
3640  max_to_read > 0)
3641  goto loop_again; /* try reading again, in case more is here now */
3642  }
3643  /* one last try, packaging partial cells and all. */
3644  if (!conn->marked_for_close &&
3645  connection_process_inbuf(conn, 1) < 0) {
3646  return -1;
3647  }
3648  if (conn->linked_conn) {
3649  /* The other side's handle_write() will never actually get called, so
3650  * we need to invoke the appropriate callbacks ourself. */
3651  connection_t *linked = conn->linked_conn;
3652 
3653  if (n_read) {
3654  /* Probably a no-op, since linked conns typically don't count for
3655  * bandwidth rate limiting. But do it anyway so we can keep stats
3656  * accurately. Note that since we read the bytes from conn, and
3657  * we're writing the bytes onto the linked connection, we count
3658  * these as <i>written</i> bytes. */
3659  connection_buckets_decrement(linked, approx_time(), 0, n_read);
3660 
3661  if (connection_flushed_some(linked) < 0)
3662  connection_mark_for_close(linked);
3663  if (!connection_wants_to_flush(linked))
3665  }
3666 
3667  if (!buf_datalen(linked->outbuf) && conn->active_on_link)
3669  }
3670  /* If we hit the EOF, call connection_reached_eof(). */
3671  if (!conn->marked_for_close &&
3672  conn->inbuf_reached_eof &&
3673  connection_reached_eof(conn) < 0) {
3674  return -1;
3675  }
3676  return 0;
3677 }
3678 
3679 /* DOCDOC connection_handle_read */
3680 int
3681 connection_handle_read(connection_t *conn)
3682 {
3683  int res;
3684  update_current_time(time(NULL));
3685  res = connection_handle_read_impl(conn);
3686  return res;
3687 }
3688 
3699 static int
3700 connection_buf_read_from_socket(connection_t *conn, ssize_t *max_to_read,
3701  int *socket_error)
3702 {
3703  int result;
3704  ssize_t at_most = *max_to_read;
3705  size_t slack_in_buf, more_to_read;
3706  size_t n_read = 0, n_written = 0;
3707 
3708  if (at_most == -1) { /* we need to initialize it */
3709  /* how many bytes are we allowed to read? */
3710  at_most = connection_bucket_read_limit(conn, approx_time());
3711  }
3712 
3713  slack_in_buf = buf_slack(conn->inbuf);
3714  again:
3715  if ((size_t)at_most > slack_in_buf && slack_in_buf >= 1024) {
3716  more_to_read = at_most - slack_in_buf;
3717  at_most = slack_in_buf;
3718  } else {
3719  more_to_read = 0;
3720  }
3721 
3722  if (connection_speaks_cells(conn) &&
3724  int pending;
3725  or_connection_t *or_conn = TO_OR_CONN(conn);
3726  size_t initial_size;
3727  if (conn->state == OR_CONN_STATE_TLS_HANDSHAKING ||
3729  /* continue handshaking even if global token bucket is empty */
3730  return connection_tls_continue_handshake(or_conn);
3731  }
3732 
3733  log_debug(LD_NET,
3734  "%d: starting, inbuf_datalen %ld (%d pending in tls object)."
3735  " at_most %ld.",
3736  (int)conn->s,(long)buf_datalen(conn->inbuf),
3737  tor_tls_get_pending_bytes(or_conn->tls), (long)at_most);
3738 
3739  initial_size = buf_datalen(conn->inbuf);
3740  /* else open, or closing */
3741  result = buf_read_from_tls(conn->inbuf, or_conn->tls, at_most);
3742  if (TOR_TLS_IS_ERROR(result) || result == TOR_TLS_CLOSE)
3743  or_conn->tls_error = result;
3744  else
3745  or_conn->tls_error = 0;
3746 
3747  switch (result) {
3748  case TOR_TLS_CLOSE:
3749  case TOR_TLS_ERROR_IO:
3750  log_debug(LD_NET,"TLS connection closed %son read. Closing. "
3751  "(Nickname %s, address %s)",
3752  result == TOR_TLS_CLOSE ? "cleanly " : "",
3753  or_conn->nickname ? or_conn->nickname : "not set",
3754  conn->address);
3755  return result;
3757  log_debug(LD_NET,"tls error [%s]. breaking (nickname %s, address %s).",
3758  tor_tls_err_to_string(result),
3759  or_conn->nickname ? or_conn->nickname : "not set",
3760  conn->address);
3761  return result;
3762  case TOR_TLS_WANTWRITE:
3763  connection_start_writing(conn);
3764  return 0;
3765  case TOR_TLS_WANTREAD:
3766  if (conn->in_connection_handle_write) {
3767  /* We've been invoked from connection_handle_write, because we're
3768  * waiting for a TLS renegotiation, the renegotiation started, and
3769  * SSL_read returned WANTWRITE. But now SSL_read is saying WANTREAD
3770  * again. Stop waiting for write events now, or else we'll
3771  * busy-loop until data arrives for us to read.
3772  * XXX: remove this when v2 handshakes support is dropped. */
3773  connection_stop_writing(conn);
3774  if (!connection_is_reading(conn))
3775  connection_start_reading(conn);
3776  }
3777  /* we're already reading, one hopes */
3778  break;
3779  case TOR_TLS_DONE: /* no data read, so nothing to process */
3780  break; /* so we call bucket_decrement below */
3781  default:
3782  break;
3783  }
3784  pending = tor_tls_get_pending_bytes(or_conn->tls);
3785  if (pending) {
3786  /* If we have any pending bytes, we read them now. This *can*
3787  * take us over our read allotment, but really we shouldn't be
3788  * believing that SSL bytes are the same as TCP bytes anyway. */
3789  int r2 = buf_read_from_tls(conn->inbuf, or_conn->tls, pending);
3790  if (BUG(r2<0)) {
3791  log_warn(LD_BUG, "apparently, reading pending bytes can fail.");
3792  return -1;
3793  }
3794  }
3795  result = (int)(buf_datalen(conn->inbuf)-initial_size);
3796  tor_tls_get_n_raw_bytes(or_conn->tls, &n_read, &n_written);
3797  log_debug(LD_GENERAL, "After TLS read of %d: %ld read, %ld written",
3798  result, (long)n_read, (long)n_written);
3799  } else if (conn->linked) {
3800  if (conn->linked_conn) {
3801  result = buf_move_to_buf(conn->inbuf, conn->linked_conn->outbuf,
3802  &conn->linked_conn->outbuf_flushlen);
3803  if (BUG(result<0)) {
3804  log_warn(LD_BUG, "reading from linked connection buffer failed.");
3805  return -1;
3806  }
3807  } else {
3808  result = 0;
3809  }
3810  //log_notice(LD_GENERAL, "Moved %d bytes on an internal link!", result);
3811  /* If the other side has disappeared, or if it's been marked for close and
3812  * we flushed its outbuf, then we should set our inbuf_reached_eof. */
3813  if (!conn->linked_conn ||
3814  (conn->linked_conn->marked_for_close &&
3815  buf_datalen(conn->linked_conn->outbuf) == 0))
3816  conn->inbuf_reached_eof = 1;
3817 
3818  n_read = (size_t) result;
3819  } else {
3820  /* !connection_speaks_cells, !conn->linked_conn. */
3821  int reached_eof = 0;
3822  CONN_LOG_PROTECT(conn,
3823  result = buf_read_from_socket(conn->inbuf, conn->s,
3824  at_most,
3825  &reached_eof,
3826  socket_error));
3827  if (reached_eof)
3828  conn->inbuf_reached_eof = 1;
3829 
3830 // log_fn(LOG_DEBUG,"read_to_buf returned %d.",read_result);
3831 
3832  if (result < 0)
3833  return -1;
3834  n_read = (size_t) result;
3835  }
3836 
3837  if (n_read > 0) {
3838  /* change *max_to_read */
3839  *max_to_read = at_most - n_read;
3840 
3841  /* Update edge_conn->n_read */
3842  if (conn->type == CONN_TYPE_AP) {
3843  edge_connection_t *edge_conn = TO_EDGE_CONN(conn);
3844 
3845  /* Check for overflow: */
3846  if (PREDICT_LIKELY(UINT32_MAX - edge_conn->n_read > n_read))
3847  edge_conn->n_read += (int)n_read;
3848  else
3849  edge_conn->n_read = UINT32_MAX;
3850  }
3851 
3852  /* If CONN_BW events are enabled, update conn->n_read_conn_bw for
3853  * OR/DIR/EXIT connections, checking for overflow. */
3854  if (get_options()->TestingEnableConnBwEvent &&
3855  (conn->type == CONN_TYPE_OR ||
3856  conn->type == CONN_TYPE_DIR ||
3857  conn->type == CONN_TYPE_EXIT)) {
3858  if (PREDICT_LIKELY(UINT32_MAX - conn->n_read_conn_bw > n_read))
3859  conn->n_read_conn_bw += (int)n_read;
3860  else
3861  conn->n_read_conn_bw = UINT32_MAX;
3862  }
3863  }
3864 
3865  connection_buckets_decrement(conn, approx_time(), n_read, n_written);
3866 
3867  if (more_to_read && result == at_most) {
3868  slack_in_buf = buf_slack(conn->inbuf);
3869  at_most = more_to_read;
3870  goto again;
3871  }
3872 
3873  /* Call even if result is 0, since the global read bucket may
3874  * have reached 0 on a different conn, and this connection needs to
3875  * know to stop reading. */
3877  if (n_written > 0 && connection_is_writing(conn))
3879 
3880  return 0;
3881 }
3882 
3884 int
3885 connection_buf_get_bytes(char *string, size_t len, connection_t *conn)
3886 {
3887  return buf_get_bytes(conn->inbuf, string, len);
3888 }
3889 
3891 int
3893  size_t *data_len)
3894 {
3895  return buf_get_line(conn->inbuf, data, data_len);
3896 }
3897 
3900 int
3902  char **headers_out, size_t max_headerlen,
3903  char **body_out, size_t *body_used,
3904  size_t max_bodylen, int force_complete)
3905 {
3906  return fetch_from_buf_http(conn->inbuf, headers_out, max_headerlen,
3907  body_out, body_used, max_bodylen, force_complete);
3908 }
3909 
3912 int
3914 {
3915  return conn->outbuf_flushlen > 0;
3916 }
3917 
3922 int
3924 {
3925  return (conn->outbuf_flushlen > 10*CELL_PAYLOAD_SIZE);
3926 }
3927 
3934 static void
3936 {
3937 #ifdef _WIN32
3938  /* We only do this on Vista and 7, because earlier versions of Windows
3939  * don't have the SIO_IDEAL_SEND_BACKLOG_QUERY functionality, and on
3940  * later versions it isn't necessary. */
3941  static int isVistaOr7 = -1;
3942  if (isVistaOr7 == -1) {
3943  isVistaOr7 = 0;
3944  OSVERSIONINFO osvi = { 0 };
3945  osvi.dwOSVersionInfoSize = sizeof(OSVERSIONINFO);
3946  GetVersionEx(&osvi);
3947  if (osvi.dwMajorVersion == 6 && osvi.dwMinorVersion < 2)
3948  isVistaOr7 = 1;
3949  }
3950  if (!isVistaOr7)
3951  return;
3952  if (get_options()->ConstrainedSockets)
3953  return;
3954  ULONG isb = 0;
3955  DWORD bytesReturned = 0;
3956  if (!WSAIoctl(sock, SIO_IDEAL_SEND_BACKLOG_QUERY, NULL, 0,
3957  &isb, sizeof(isb), &bytesReturned, NULL, NULL)) {
3958  setsockopt(sock, SOL_SOCKET, SO_SNDBUF, (const char*)&isb, sizeof(isb));
3959  }
3960 #else /* !(defined(_WIN32)) */
3961  (void) sock;
3962 #endif /* defined(_WIN32) */
3963 }
3964 
3983 static int
3985 {
3986  int e;
3987  socklen_t len=(socklen_t)sizeof(e);
3988  int result;
3989  ssize_t max_to_write;
3990  time_t now = approx_time();
3991  size_t n_read = 0, n_written = 0;
3992  int dont_stop_writing = 0;
3993 
3995 
3996  if (conn->marked_for_close || !SOCKET_OK(conn->s))
3997  return 0; /* do nothing */
3998 
3999  if (conn->in_flushed_some) {
4000  log_warn(LD_BUG, "called recursively from inside conn->in_flushed_some");
4001  return 0;
4002  }
4003 
4004  conn->timestamp_last_write_allowed = now;
4005 
4007 
4008  /* Sometimes, "writable" means "connected". */
4009  if (connection_state_is_connecting(conn)) {
4010  if (getsockopt(conn->s, SOL_SOCKET, SO_ERROR, (void*)&e, &len) < 0) {
4011  log_warn(LD_BUG, "getsockopt() syscall failed");
4012  if (conn->type == CONN_TYPE_OR) {
4013  or_connection_t *orconn = TO_OR_CONN(conn);
4014  connection_or_close_for_error(orconn, 0);
4015  } else {
4016  if (CONN_IS_EDGE(conn)) {
4018  }
4019  connection_mark_for_close(conn);
4020  }
4021  return -1;
4022  }
4023  if (e) {
4024  /* some sort of error, but maybe just inprogress still */
4025  if (!ERRNO_IS_CONN_EINPROGRESS(e)) {
4026  log_info(LD_NET,"in-progress connect failed. Removing. (%s)",
4027  tor_socket_strerror(e));
4028  if (CONN_IS_EDGE(conn))
4030  if (conn->type == CONN_TYPE_OR)
4033  tor_socket_strerror(e));
4034 
4036  /*
4037  * This can bypass normal channel checking since we did
4038  * connection_or_notify_error() above.
4039  */
4040  connection_mark_for_close_internal(conn);
4041  return -1;
4042  } else {
4043  return 0; /* no change, see if next time is better */
4044  }
4045  }
4046  /* The connection is successful. */
4047  if (connection_finished_connecting(conn)<0)
4048  return -1;
4049  }
4050 
4051  max_to_write = force ? (ssize_t)conn->outbuf_flushlen
4052  : connection_bucket_write_limit(conn, now);
4053 
4054  if (connection_speaks_cells(conn) &&
4056  or_connection_t *or_conn = TO_OR_CONN(conn);
4057  size_t initial_size;
4058  if (conn->state == OR_CONN_STATE_TLS_HANDSHAKING ||
4060  connection_stop_writing(conn);
4061  if (connection_tls_continue_handshake(or_conn) < 0) {
4062  /* Don't flush; connection is dead. */
4064  END_OR_CONN_REASON_MISC,
4065  "TLS error in connection_tls_"
4066  "continue_handshake()");
4068  /*
4069  * This can bypass normal channel checking since we did
4070  * connection_or_notify_error() above.
4071  */
4072  connection_mark_for_close_internal(conn);
4073  return -1;
4074  }
4075  return 0;
4076  } else if (conn->state == OR_CONN_STATE_TLS_SERVER_RENEGOTIATING) {
4077  return connection_handle_read(conn);
4078  }
4079 
4080  /* else open, or closing */
4081  initial_size = buf_datalen(conn->outbuf);
4082  result = buf_flush_to_tls(conn->outbuf, or_conn->tls,
4083  max_to_write, &conn->outbuf_flushlen);
4084 
4085  if (result >= 0)
4086  update_send_buffer_size(conn->s);
4087 
4088  /* If we just flushed the last bytes, tell the channel on the
4089  * or_conn to check if it needs to geoip_change_dirreq_state() */
4090  /* XXXX move this to flushed_some or finished_flushing -NM */
4091  if (buf_datalen(conn->outbuf) == 0 && or_conn->chan)
4092  channel_notify_flushed(TLS_CHAN_TO_BASE(or_conn->chan));
4093 
4094  switch (result) {
4096  case TOR_TLS_CLOSE:
4097  log_info(LD_NET, result != TOR_TLS_CLOSE ?
4098  "tls error. breaking.":"TLS connection closed on flush");
4099  /* Don't flush; connection is dead. */
4101  END_OR_CONN_REASON_MISC,
4102  result != TOR_TLS_CLOSE ?
4103  "TLS error in during flush" :
4104  "TLS closed during flush");
4106  /*
4107  * This can bypass normal channel checking since we did
4108  * connection_or_notify_error() above.
4109  */
4110  connection_mark_for_close_internal(conn);
4111  return -1;
4112  case TOR_TLS_WANTWRITE:
4113  log_debug(LD_NET,"wanted write.");
4114  /* we're already writing */
4115  dont_stop_writing = 1;
4116  break;
4117  case TOR_TLS_WANTREAD:
4118  /* Make sure to avoid a loop if the receive buckets are empty. */
4119  log_debug(LD_NET,"wanted read.");
4120  if (!connection_is_reading(conn)) {
4121  connection_write_bw_exhausted(conn, true);
4122  /* we'll start reading again when we get more tokens in our
4123  * read bucket; then we'll start writing again too.
4124  */
4125  }
4126  /* else no problem, we're already reading */
4127  return 0;
4128  /* case TOR_TLS_DONE:
4129  * for TOR_TLS_DONE, fall through to check if the flushlen
4130  * is empty, so we can stop writing.
4131  */
4132  }
4133 
4134  tor_tls_get_n_raw_bytes(or_conn->tls, &n_read, &n_written);
4135  log_debug(LD_GENERAL, "After TLS write of %d: %ld read, %ld written",
4136  result, (long)n_read, (long)n_written);
4137  or_conn->bytes_xmitted += result;
4138  or_conn->bytes_xmitted_by_tls += n_written;
4139  /* So we notice bytes were written even on error */
4140  /* XXXX This cast is safe since we can never write INT_MAX bytes in a
4141  * single set of TLS operations. But it looks kinda ugly. If we refactor
4142  * the *_buf_tls functions, we should make them return ssize_t or size_t
4143  * or something. */
4144  result = (int)(initial_size-buf_datalen(conn->outbuf));
4145  } else {
4146  CONN_LOG_PROTECT(conn,
4147  result = buf_flush_to_socket(conn->outbuf, conn->s,
4148  max_to_write, &conn->outbuf_flushlen));
4149  if (result < 0) {
4150  if (CONN_IS_EDGE(conn))
4152  if (conn->type == CONN_TYPE_AP) {
4153  /* writing failed; we couldn't send a SOCKS reply if we wanted to */
4154  TO_ENTRY_CONN(conn)->socks_request->has_finished = 1;
4155  }
4156 
4157  connection_close_immediate(conn); /* Don't flush; connection is dead. */
4158  connection_mark_for_close(conn);
4159  return -1;
4160  }
4161  update_send_buffer_size(conn->s);
4162  n_written = (size_t) result;
4163  }
4164 
4165  if (n_written && conn->type == CONN_TYPE_AP) {
4166  edge_connection_t *edge_conn = TO_EDGE_CONN(conn);
4167 
4168  /* Check for overflow: */
4169  if (PREDICT_LIKELY(UINT32_MAX - edge_conn->n_written > n_written))
4170  edge_conn->n_written += (int)n_written;
4171  else
4172  edge_conn->n_written = UINT32_MAX;
4173  }
4174 
4175  /* If CONN_BW events are enabled, update conn->n_written_conn_bw for
4176  * OR/DIR/EXIT connections, checking for overflow. */
4177  if (n_written && get_options()->TestingEnableConnBwEvent &&
4178  (conn->type == CONN_TYPE_OR ||
4179  conn->type == CONN_TYPE_DIR ||
4180  conn->type == CONN_TYPE_EXIT)) {
4181  if (PREDICT_LIKELY(UINT32_MAX - conn->n_written_conn_bw > n_written))
4182  conn->n_written_conn_bw += (int)n_written;
4183  else
4184  conn->n_written_conn_bw = UINT32_MAX;
4185  }
4186 
4187  connection_buckets_decrement(conn, approx_time(), n_read, n_written);
4188 
4189  if (result > 0) {
4190  /* If we wrote any bytes from our buffer, then call the appropriate
4191  * functions. */
4192  if (connection_flushed_some(conn) < 0) {
4193  if (connection_speaks_cells(conn)) {
4195  END_OR_CONN_REASON_MISC,
4196  "Got error back from "
4197  "connection_flushed_some()");
4198  }
4199 
4200  /*
4201  * This can bypass normal channel checking since we did
4202  * connection_or_notify_error() above.
4203  */
4204  connection_mark_for_close_internal(conn);
4205  }
4206  }
4207 
4208  if (!connection_wants_to_flush(conn) &&
4209  !dont_stop_writing) { /* it's done flushing */
4210  if (connection_finished_flushing(conn) < 0) {
4211  /* already marked */
4212  return -1;
4213  }
4214  return 0;
4215  }
4216 
4217  /* Call even if result is 0, since the global write bucket may
4218  * have reached 0 on a different conn, and this connection needs to
4219  * know to stop writing. */
4221  if (n_read > 0 && connection_is_reading(conn))
4223 
4224  return 0;
4225 }
4226 
4227 /* DOCDOC connection_handle_write */
4228 int
4229 connection_handle_write(connection_t *conn, int force)
4230 {
4231  int res;
4232  update_current_time(time(NULL));
4233  /* connection_handle_write_impl() might call connection_handle_read()
4234  * if we're in the middle of a v2 handshake, in which case it needs this
4235  * flag set. */
4236  conn->in_connection_handle_write = 1;
4237  res = connection_handle_write_impl(conn, force);
4238  conn->in_connection_handle_write = 0;
4239  return res;
4240 }
4241 
4251 int
4253 {
4254  return connection_handle_write(conn, 1);
4255 }
4256 
4262 static int
4264 {
4265  /* if it's marked for close, only allow write if we mean to flush it */
4266  if (conn->marked_for_close && !conn->hold_open_until_flushed)
4267  return 0;
4268 
4269  return 1;
4270 }
4271 
4277 static void
4279 {
4280  if (CONN_IS_EDGE(conn)) {
4281  /* if it failed, it means we have our package/delivery windows set
4282  wrong compared to our max outbuf size. close the whole circuit. */
4283  log_warn(LD_NET,
4284  "write_to_buf failed. Closing circuit (fd %d).", (int)conn->s);
4285  circuit_mark_for_close(circuit_get_by_edge_conn(TO_EDGE_CONN(conn)),
4286  END_CIRC_REASON_INTERNAL);
4287  } else if (conn->type == CONN_TYPE_OR) {
4288  or_connection_t *orconn = TO_OR_CONN(conn);
4289  log_warn(LD_NET,
4290  "write_to_buf failed on an orconn; notifying of error "
4291  "(fd %d)", (int)(conn->s));
4292  connection_or_close_for_error(orconn, 0);
4293  } else {
4294  log_warn(LD_NET,
4295  "write_to_buf failed. Closing connection (fd %d).",
4296  (int)conn->s);
4297  connection_mark_for_close(conn);
4298  }
4299 }
4300 
4306 static void
4308 {
4309  /* If we receive optimistic data in the EXIT_CONN_STATE_RESOLVING
4310  * state, we don't want to try to write it right away, since
4311  * conn->write_event won't be set yet. Otherwise, write data from
4312  * this conn as the socket is available. */
4313  if (conn->write_event) {
4314  connection_start_writing(conn);
4315  }
4316  conn->outbuf_flushlen += len;
4317 }
4318 
4328 connection_write_to_buf_impl_,(const char *string, size_t len,
4329  connection_t *conn, int zlib))
4330 {
4331  /* XXXX This function really needs to return -1 on failure. */
4332  int r;
4333  if (!len && !(zlib<0))
4334  return;
4335 
4336  if (!connection_may_write_to_buf(conn))
4337  return;
4338 
4339  size_t written;
4340 
4341  if (zlib) {
4342  size_t old_datalen = buf_datalen(conn->outbuf);
4343  dir_connection_t *dir_conn = TO_DIR_CONN(conn);
4344  int done = zlib < 0;
4345  CONN_LOG_PROTECT(conn, r = buf_add_compress(conn->outbuf,
4346  dir_conn->compress_state,
4347  string, len, done));
4348  written = buf_datalen(conn->outbuf) - old_datalen;
4349  } else {
4350  CONN_LOG_PROTECT(conn, r = buf_add(conn->outbuf, string, len));
4351  written = len;
4352  }
4353  if (r < 0) {
4355  return;
4356  }
4357  connection_write_to_buf_commit(conn, written);
4358 }
4359 
4365 void
4366 connection_dir_buf_add(const char *string, size_t len,
4367  dir_connection_t *dir_conn, int done)
4368 {
4369  if (dir_conn->compress_state != NULL) {
4370  connection_buf_add_compress(string, len, dir_conn, done);
4371  return;
4372  }
4373 
4374  connection_buf_add(string, len, TO_CONN(dir_conn));
4375 }
4376 
4377 void
4378 connection_buf_add_compress(const char *string, size_t len,
4379  dir_connection_t *conn, int done)
4380 {
4381  connection_write_to_buf_impl_(string, len, TO_CONN(conn), done ? -1 : 1);
4382 }
4383 
4389 void
4391 {
4392  tor_assert(conn);
4393  tor_assert(buf);
4394  size_t len = buf_datalen(buf);
4395  if (len == 0)
4396  return;
4397 
4398  if (!connection_may_write_to_buf(conn))
4399  return;
4400 
4401  buf_move_all(conn->outbuf, buf);
4402  connection_write_to_buf_commit(conn, len);
4403 }
4404 
4405 #define CONN_GET_ALL_TEMPLATE(var, test) \
4406  STMT_BEGIN \
4407  smartlist_t *conns = get_connection_array(); \
4408  smartlist_t *ret_conns = smartlist_new(); \
4409  SMARTLIST_FOREACH_BEGIN(conns, connection_t *, var) { \
4410  if (var && (test) && !var->marked_for_close) \
4411  smartlist_add(ret_conns, var); \
4412  } SMARTLIST_FOREACH_END(var); \
4413  return ret_conns; \
4414  STMT_END
4415 
4416 /* Return a list of connections that aren't close and matches the given type
4417  * and state. The returned list can be empty and must be freed using
4418  * smartlist_free(). The caller does NOT have ownership of the objects in the
4419  * list so it must not free them nor reference them as they can disappear. */
4420 smartlist_t *
4421 connection_list_by_type_state(int type, int state)
4422 {
4423  CONN_GET_ALL_TEMPLATE(conn, (conn->type == type && conn->state == state));
4424 }
4425 
4426 /* Return a list of connections that aren't close and matches the given type
4427  * and purpose. The returned list can be empty and must be freed using
4428  * smartlist_free(). The caller does NOT have ownership of the objects in the
4429  * list so it must not free them nor reference them as they can disappear. */
4430 smartlist_t *
4431 connection_list_by_type_purpose(int type, int purpose)
4432 {
4433  CONN_GET_ALL_TEMPLATE(conn,
4434  (conn->type == type && conn->purpose == purpose));
4435 }
4436 
4439 #define CONN_GET_TEMPLATE(var, test) \
4440  STMT_BEGIN \
4441  smartlist_t *conns = get_connection_array(); \
4442  SMARTLIST_FOREACH(conns, connection_t *, var, \
4443  { \
4444  if (var && (test) && !var->marked_for_close) \
4445  return var; \
4446  }); \
4447  return NULL; \
4448  STMT_END
4449 
4454 connection_get_by_type_addr_port_purpose,(int type,
4455  const tor_addr_t *addr, uint16_t port,
4456  int purpose))
4457 {
4458  CONN_GET_TEMPLATE(conn,
4459  (conn->type == type &&
4460  tor_addr_eq(&conn->addr, addr) &&
4461  conn->port == port &&
4462  conn->purpose == purpose));
4463 }
4464 
4468 connection_t *
4470 {
4471  CONN_GET_TEMPLATE(conn, conn->global_identifier == id);
4472 }
4473 
4476 connection_t *
4478 {
4479  CONN_GET_TEMPLATE(conn, conn->type == type);
4480 }
4481 
4485 connection_t *
4486 connection_get_by_type_state(int type, int state)
4487 {
4488  CONN_GET_TEMPLATE(conn, conn->type == type && conn->state == state);
4489 }
4490 
4496 connection_get_by_type_nonlinked,(int type))
4497 {
4498  CONN_GET_TEMPLATE(conn, conn->type == type && !conn->linked);
4499 }
4500 
4505 connection_t *
4507  const char *rendquery)
4508 {
4509  tor_assert(type == CONN_TYPE_DIR ||
4510  type == CONN_TYPE_AP || type == CONN_TYPE_EXIT);
4511  tor_assert(rendquery);
4512 
4513  CONN_GET_TEMPLATE(conn,
4514  (conn->type == type &&
4515  (!state || state == conn->state)) &&
4516  (
4517  (type == CONN_TYPE_DIR &&
4518  TO_DIR_CONN(conn)->rend_data &&
4519  !rend_cmp_service_ids(rendquery,
4520  rend_data_get_address(TO_DIR_CONN(conn)->rend_data)))
4521  ||
4522  (CONN_IS_EDGE(conn) &&
4523  TO_EDGE_CONN(conn)->rend_data &&
4524  !rend_cmp_service_ids(rendquery,
4525  rend_data_get_address(TO_EDGE_CONN(conn)->rend_data)))
4526  ));
4527 }
4528 
4533 #define DIR_CONN_LIST_TEMPLATE(conn_var, conn_test, \
4534  dirconn_var, dirconn_test) \
4535  STMT_BEGIN \
4536  smartlist_t *conns = get_connection_array(); \
4537  smartlist_t *dir_conns = smartlist_new(); \
4538  SMARTLIST_FOREACH_BEGIN(conns, connection_t *, conn_var) { \
4539  if (conn_var && (conn_test) \
4540  && conn_var->type == CONN_TYPE_DIR \
4541  && !conn_var->marked_for_close) { \
4542  dir_connection_t *dirconn_var = TO_DIR_CONN(conn_var); \
4543  if (dirconn_var && (dirconn_test)) { \
4544  smartlist_add(dir_conns, dirconn_var); \
4545  } \
4546  } \
4547  } SMARTLIST_FOREACH_END(conn_var); \
4548  return dir_conns; \
4549  STMT_END
4550 
4557 smartlist_t *
4559  int purpose,
4560  const char *resource)
4561 {
4563  conn->purpose == purpose,
4564  dirconn,
4565  0 == strcmp_opt(resource,
4566  dirconn->requested_resource));
4567 }
4568 
4575 smartlist_t *
4577  int purpose,
4578  const char *resource,
4579  int state)
4580 {
4582  conn->purpose == purpose && conn->state == state,
4583  dirconn,
4584  0 == strcmp_opt(resource,
4585  dirconn->requested_resource));
4586 }
4587 
4588 #undef DIR_CONN_LIST_TEMPLATE
4589 
4594 static connection_t *
4596 {
4597  CONN_GET_TEMPLATE(conn,
4598  conn != TO_CONN(this_conn) && conn->type == CONN_TYPE_OR);
4599 }
4600 
4606 int
4608 {
4610  if (conn != NULL) {
4611  log_debug(LD_DIR, "%s: Found an OR connection: %s",
4612  __func__, conn->address);
4613  return 1;
4614  }
4615 
4616  return 0;
4617 }
4618 
4619 #undef CONN_GET_TEMPLATE
4620 
4622 int
4624 {
4625  if (conn->type == CONN_TYPE_OR_LISTENER ||
4626  conn->type == CONN_TYPE_EXT_OR_LISTENER ||
4627  conn->type == CONN_TYPE_AP_LISTENER ||
4628  conn->type == CONN_TYPE_AP_TRANS_LISTENER ||
4629  conn->type == CONN_TYPE_AP_DNS_LISTENER ||
4630  conn->type == CONN_TYPE_AP_NATD_LISTENER ||
4632  conn->type == CONN_TYPE_DIR_LISTENER ||
4634  return 1;
4635  return 0;
4636 }
4637 
4641 int
4643 {
4644  tor_assert(conn);
4645 
4646  if (conn->marked_for_close)
4647  return 0;
4648 
4649  if ((conn->type == CONN_TYPE_OR && conn->state == OR_CONN_STATE_OPEN) ||
4650  (conn->type == CONN_TYPE_EXT_OR) ||
4651  (conn->type == CONN_TYPE_AP && conn->state == AP_CONN_STATE_OPEN) ||
4652  (conn->type == CONN_TYPE_EXIT && conn->state == EXIT_CONN_STATE_OPEN) ||
4653  (conn->type == CONN_TYPE_CONTROL &&
4654  conn->state == CONTROL_CONN_STATE_OPEN))
4655  return 1;
4656 
4657  return 0;
4658 }
4659 
4661 int
4663 {
4664  tor_assert(conn);
4665 
4666  if (conn->marked_for_close)
4667  return 0;
4668  switch (conn->type)
4669  {
4670  case CONN_TYPE_OR:
4671  return conn->state == OR_CONN_STATE_CONNECTING;
4672  case CONN_TYPE_EXIT:
4673  return conn->state == EXIT_CONN_STATE_CONNECTING;
4674  case CONN_TYPE_DIR:
4675  return conn->state == DIR_CONN_STATE_CONNECTING;
4676  }
4677 
4678  return 0;
4679 }
4680 
4684 char *
4685 alloc_http_authenticator(const char *authenticator)
4686 {
4687  /* an authenticator in Basic authentication
4688  * is just the string "username:password" */
4689  const size_t authenticator_length = strlen(authenticator);
4690  const size_t base64_authenticator_length =
4691  base64_encode_size(authenticator_length, 0) + 1;
4692  char *base64_authenticator = tor_malloc(base64_authenticator_length);
4693  if (base64_encode(base64_authenticator, base64_authenticator_length,
4694  authenticator, authenticator_length, 0) < 0) {
4695  tor_free(base64_authenticator); /* free and set to null */
4696  }
4697  return base64_authenticator;
4698 }
4699 
4705 static void
4707 {
4708  tor_addr_t out_addr, iface_addr;
4709  tor_addr_t **last_interface_ip_ptr;
4710  sa_family_t family;
4711 
4712  if (!outgoing_addrs)
4713  outgoing_addrs = smartlist_new();
4714 
4715  if (tor_addr_from_getsockname(&out_addr, sock) < 0) {
4716  int e = tor_socket_errno(sock);
4717  log_warn(LD_NET, "getsockname() to check for address change failed: %s",
4718  tor_socket_strerror(e));
4719  return;
4720  }
4721  family = tor_addr_family(&out_addr);
4722 
4723  if (family == AF_INET)
4724  last_interface_ip_ptr = &last_interface_ipv4;
4725  else if (family == AF_INET6)
4726  last_interface_ip_ptr = &last_interface_ipv6;
4727  else
4728  return;
4729 
4730  if (! *last_interface_ip_ptr) {
4731  tor_addr_t *a = tor_malloc_zero(sizeof(tor_addr_t));
4732  if (get_interface_address6(LOG_INFO, family, a)==0) {
4733  *last_interface_ip_ptr = a;
4734  } else {
4735  tor_free(a);
4736  }
4737  }
4738 
4739  /* If we've used this address previously, we're okay. */
4741  if (tor_addr_eq(a_ptr, &out_addr))
4742  return;
4743  );
4744 
4745  /* Uh-oh. We haven't connected from this address before. Has the interface
4746  * address changed? */
4747  if (get_interface_address6(LOG_INFO, family, &iface_addr)<0)
4748  return;
4749 
4750  if (tor_addr_eq(&iface_addr, *last_interface_ip_ptr)) {
4751  /* Nope, it hasn't changed. Add this address to the list. */
4752  smartlist_add(outgoing_addrs, tor_memdup(&out_addr, sizeof(tor_addr_t)));
4753  } else {
4754  /* The interface changed. We're a client, so we need to regenerate our
4755  * keys. First, reset the state. */
4756  log_notice(LD_NET, "Our IP address has changed. Rotating keys...");
4757  tor_addr_copy(*last_interface_ip_ptr, &iface_addr);
4760  smartlist_add(outgoing_addrs, tor_memdup(&out_addr, sizeof(tor_addr_t)));
4761  /* We'll need to resolve ourselves again. */
4763  /* Okay, now change our keys. */
4764  ip_address_changed(1);
4765  }
4766 }
4767 
4775 static void
4777 {
4778  void *sz = (void*)&size;
4779  socklen_t sz_sz = (socklen_t) sizeof(size);
4780  if (setsockopt(sock, SOL_SOCKET, SO_SNDBUF, sz, sz_sz) < 0) {
4781  int e = tor_socket_errno(sock);
4782  log_warn(LD_NET, "setsockopt() to constrain send "
4783  "buffer to %d bytes failed: %s", size, tor_socket_strerror(e));
4784  }
4785  if (setsockopt(sock, SOL_SOCKET, SO_RCVBUF, sz, sz_sz) < 0) {
4786  int e = tor_socket_errno(sock);
4787  log_warn(LD_NET, "setsockopt() to constrain recv "
4788  "buffer to %d bytes failed: %s", size, tor_socket_strerror(e));
4789  }
4790 }
4791 
4798 static int
4799 connection_process_inbuf(connection_t *conn, int package_partial)
4800 {
4801  tor_assert(conn);
4802 
4803  switch (conn->type) {
4804  case CONN_TYPE_OR:
4806  case CONN_TYPE_EXT_OR:
4808  case CONN_TYPE_EXIT:
4809  case CONN_TYPE_AP:
4811  package_partial);
4812  case CONN_TYPE_DIR:
4814  case CONN_TYPE_CONTROL:
4816  default:
4817  log_err(LD_BUG,"got unexpected conn type %d.", conn->type);
4819  return -1;
4820  }
4821 }
4822 
4824 static int
4826 {
4827  int r = 0;
4828  tor_assert(!conn->in_flushed_some);
4829  conn->in_flushed_some = 1;
4830  if (conn->type == CONN_TYPE_DIR &&
4833  } else if (conn->type == CONN_TYPE_OR) {
4835  } else if (CONN_IS_EDGE(conn)) {
4837  }
4838  conn->in_flushed_some = 0;
4839  return r;
4840 }
4841 
4849 static int
4851 {
4852  tor_assert(conn);
4853 
4854  /* If the connection is closed, don't try to do anything more here. */
4855  if (CONN_IS_CLOSED(conn))
4856  return 0;
4857 
4858 // log_fn(LOG_DEBUG,"entered. Socket %u.", conn->s);
4859 
4860  connection_stop_writing(conn);
4861 
4862  switch (conn->type) {
4863  case CONN_TYPE_OR:
4865  case CONN_TYPE_EXT_OR:
4867  case CONN_TYPE_AP:
4868  case CONN_TYPE_EXIT:
4870  case CONN_TYPE_DIR:
4872  case CONN_TYPE_CONTROL:
4874  default:
4875  log_err(LD_BUG,"got unexpected conn type %d.", conn->type);
4877  return -1;
4878  }
4879 }
4880 
4887 static int
4889 {
4890  tor_assert(conn);
4891 
4892  if (!server_mode(get_options())) {
4893  /* See whether getsockname() says our address changed. We need to do this
4894  * now that the connection has finished, because getsockname() on Windows
4895  * won't work until then. */
4897  }
4898 
4899  switch (conn->type)
4900  {
4901  case CONN_TYPE_OR:
4903  case CONN_TYPE_EXIT:
4905  case CONN_TYPE_DIR:
4907  default:
4908  log_err(LD_BUG,"got unexpected conn type %d.", conn->type);
4910  return -1;
4911  }
4912 }
4913 
4915 static int
4917 {
4918  switch (conn->type) {
4919  case CONN_TYPE_OR:
4920  case CONN_TYPE_EXT_OR:
4921  return connection_or_reached_eof(TO_OR_CONN(conn));
4922  case CONN_TYPE_AP:
4923  case CONN_TYPE_EXIT:
4925  case CONN_TYPE_DIR:
4927  case CONN_TYPE_CONTROL:
4929  default:
4930  log_err(LD_BUG,"got unexpected conn type %d.", conn->type);
4932  return -1;
4933  }
4934 }
4935 
4937 static int
4939 {
4940  int a_circs, b_circs;
4941  /* Fewer circuits == higher priority for OOS kill, sort earlier */
4942 
4943  a_circs = connection_or_get_num_circuits(a);
4944  b_circs = connection_or_get_num_circuits(b);
4945 
4946  if (a_circs < b_circs) return 1;
4947  else if (a_circs > b_circs) return -1;
4948  else return 0;
4949 }
4950 
4953 static int
4954 oos_victim_comparator(const void **a_v, const void **b_v)
4955 {
4956  connection_t *a = NULL, *b = NULL;
4957 
4958  /* Get connection pointers out */
4959 
4960  a = (connection_t *)(*a_v);
4961  b = (connection_t *)(*b_v);
4962 
4963  tor_assert(a != NULL);
4964  tor_assert(b != NULL);
4965 
4966  /*
4967  * We always prefer orconns as victims currently; we won't even see
4968  * these non-orconn cases, but if we do, sort them after orconns.
4969  */
4970  if (a->type == CONN_TYPE_OR && b->type == CONN_TYPE_OR) {
4972  } else {
4973  /*
4974  * One isn't an orconn; if one is, it goes first. We currently have no
4975  * opinions about cases where neither is an orconn.
4976  */
4977  if (a->type == CONN_TYPE_OR) return -1;
4978  else if (b->type == CONN_TYPE_OR) return 1;
4979  else return 0;
4980  }
4981 }
4982 
4987 pick_oos_victims, (int n))
4988 {
4989  smartlist_t *eligible = NULL, *victims = NULL;
4990  smartlist_t *conns;
4991  int conn_counts_by_type[CONN_TYPE_MAX_ + 1], i;
4992 
4993  /*
4994  * Big damn assumption (someone improve this someday!):
4995  *
4996  * Socket exhaustion normally happens on high-volume relays, and so
4997  * most of the connections involved are orconns. We should pick victims
4998  * by assembling a list of all orconns, and sorting them in order of
4999  * how much 'damage' by some metric we'd be doing by dropping them.
5000  *
5001  * If we move on from orconns, we should probably think about incoming
5002  * directory connections next, or exit connections. Things we should
5003  * probably never kill are controller connections and listeners.
5004  *
5005  * This function will count how many connections of different types
5006  * exist and log it for purposes of gathering data on typical OOS
5007  * situations to guide future improvements.
5008  */
5009 
5010  /* First, get the connection array */
5011  conns = get_connection_array();
5012  /*
5013  * Iterate it and pick out eligible connection types, and log some stats
5014  * along the way.
5015  */
5016  eligible = smartlist_new();
5017  memset(conn_counts_by_type, 0, sizeof(conn_counts_by_type));
5018  SMARTLIST_FOREACH_BEGIN(conns, connection_t *, c) {
5019  /* Bump the counter */
5020  tor_assert(c->type <= CONN_TYPE_MAX_);
5021  ++(conn_counts_by_type[c->type]);
5022 
5023  /* Skip anything without a socket we can free */
5024  if (!(SOCKET_OK(c->s))) {
5025  continue;
5026  }
5027 
5028  /* Skip anything we would count as moribund */
5029  if (connection_is_moribund(c)) {
5030  continue;
5031  }
5032 
5033  switch (c->type) {
5034  case CONN_TYPE_OR:
5035  /* We've got an orconn, it's eligible to be OOSed */
5036  smartlist_add(eligible, c);
5037  break;
5038  default:
5039  /* We don't know what to do with it, ignore it */
5040  break;
5041  }
5042  } SMARTLIST_FOREACH_END(c);
5043 
5044  /* Log some stats */
5045  if (smartlist_len(conns) > 0) {
5046  /* At least one counter must be non-zero */
5047  log_info(LD_NET, "Some stats on conn types seen during OOS follow");
5048  for (i = CONN_TYPE_MIN_; i <= CONN_TYPE_MAX_; ++i) {
5049  /* Did we see any? */
5050  if (conn_counts_by_type[i] > 0) {
5051  log_info(LD_NET, "%s: %d conns",
5053  conn_counts_by_type[i]);
5054  }
5055  }
5056  log_info(LD_NET, "Done with OOS conn type stats");
5057  }
5058 
5059  /* Did we find more eligible targets than we want to kill? */
5060  if (smartlist_len(eligible) > n) {
5061  /* Sort the list in order of target preference */
5063  /* Pick first n as victims */
5064  victims = smartlist_new();
5065  for (i = 0; i < n; ++i) {
5066  smartlist_add(victims, smartlist_get(eligible, i));
5067  }
5068  /* Free the original list */
5069  smartlist_free(eligible);
5070  } else {
5071  /* No, we can just call them all victims */
5072  victims = eligible;
5073  }
5074 
5075  return victims;
5076 }
5077 
5079 MOCK_IMPL(STATIC void,
5080 kill_conn_list_for_oos, (smartlist_t *conns))
5081 {
5082  if (!conns) return;
5083 
5084  SMARTLIST_FOREACH_BEGIN(conns, connection_t *, c) {
5085  /* Make sure the channel layer gets told about orconns */
5086  if (c->type == CONN_TYPE_OR) {
5087  connection_or_close_for_error(TO_OR_CONN(c), 1);
5088  } else {
5089  connection_mark_for_close(c);
5090  }
5091  } SMARTLIST_FOREACH_END(c);
5092 
5093  log_notice(LD_NET,
5094  "OOS handler marked %d connections",
5095  smartlist_len(conns));
5096 }
5097 
5100 int
5102 {
5103  if (conn != NULL &&
5104  (conn->conn_array_index < 0 ||
5105  conn->marked_for_close)) {
5106  return 1;
5107  } else {
5108  return 0;
5109  }
5110 }
5111 
5117 void
5118 connection_check_oos(int n_socks, int failed)
5119 {
5120  int target_n_socks = 0, moribund_socks, socks_to_kill;
5121  smartlist_t *conns;
5122 
5123  /* Early exit: is OOS checking disabled? */
5124  if (get_options()->DisableOOSCheck) {
5125  return;
5126  }
5127 
5128  /* Sanity-check args */
5129  tor_assert(n_socks >= 0);
5130 
5131  /*
5132  * Make some log noise; keep it at debug level since this gets a chance
5133  * to run on every connection attempt.
5134  */
5135  log_debug(LD_NET,
5136  "Running the OOS handler (%d open sockets, %s)",
5137  n_socks, (failed != 0) ? "exhaustion seen" : "no exhaustion");
5138 
5139  /*
5140  * Check if we're really handling an OOS condition, and if so decide how
5141  * many sockets we want to get down to. Be sure we check if the threshold
5142  * is distinct from zero first; it's possible for this to be called a few
5143  * times before we've finished reading the config.
5144  */
5145  if (n_socks >= get_options()->ConnLimit_high_thresh &&
5146  get_options()->ConnLimit_high_thresh != 0 &&
5147  get_options()->ConnLimit_ != 0) {
5148  /* Try to get down to the low threshold */
5149  target_n_socks = get_options()->ConnLimit_low_thresh;
5150  log_notice(LD_NET,
5151  "Current number of sockets %d is greater than configured "
5152  "limit %d; OOS handler trying to get down to %d",
5153  n_socks, get_options()->ConnLimit_high_thresh,
5154  target_n_socks);
5155  } else if (failed) {
5156  /*
5157  * If we're not at the limit but we hit a socket exhaustion error, try to
5158  * drop some (but not as aggressively as ConnLimit_low_threshold, which is
5159  * 3/4 of ConnLimit_)
5160  */
5161  target_n_socks = (n_socks * 9) / 10;
5162  log_notice(LD_NET,
5163  "We saw socket exhaustion at %d open sockets; OOS handler "
5164  "trying to get down to %d",
5165  n_socks, target_n_socks);
5166  }
5167 
5168  if (target_n_socks > 0) {
5169  /*
5170  * It's an OOS!
5171  *
5172  * Count moribund sockets; it's be important that anything we decide
5173  * to get rid of here but don't immediately close get counted as moribund
5174  * on subsequent invocations so we don't try to kill too many things if
5175  * connection_check_oos() gets called multiple times.
5176  */
5177  moribund_socks = connection_count_moribund();
5178 
5179  if (moribund_socks < n_socks - target_n_socks) {
5180  socks_to_kill = n_socks - target_n_socks - moribund_socks;
5181 
5182  conns = pick_oos_victims(socks_to_kill);
5183  if (conns) {
5184  kill_conn_list_for_oos(conns);
5185  log_notice(LD_NET,
5186  "OOS handler killed %d conns", smartlist_len(conns));
5187  smartlist_free(conns);
5188  } else {
5189  log_notice(LD_NET, "OOS handler failed to pick any victim conns");
5190  }
5191  } else {
5192  log_notice(LD_NET,
5193  "Not killing any sockets for OOS because there are %d "
5194  "already moribund, and we only want to eliminate %d",
5195  moribund_socks, n_socks - target_n_socks);
5196  }
5197  }
5198 }
5199 
5201 void
5203 {
5204  uint64_t used_by_type[CONN_TYPE_MAX_+1];
5205  uint64_t alloc_by_type[CONN_TYPE_MAX_+1];
5206  int n_conns_by_type[CONN_TYPE_MAX_+1];
5207  uint64_t total_alloc = 0;
5208  uint64_t total_used = 0;
5209  int i;
5210  smartlist_t *conns = get_connection_array();
5211 
5212  memset(used_by_type, 0, sizeof(used_by_type));
5213  memset(alloc_by_type, 0, sizeof(alloc_by_type));
5214  memset(n_conns_by_type, 0, sizeof(n_conns_by_type));
5215 
5216  SMARTLIST_FOREACH_BEGIN(conns, connection_t *, c) {
5217  int tp = c->type;
5218  ++n_conns_by_type[tp];
5219  if (c->inbuf) {
5220  used_by_type[tp] += buf_datalen(c->inbuf);
5221  alloc_by_type[tp] += buf_allocation(c->inbuf);
5222  }
5223  if (c->outbuf) {
5224  used_by_type[tp] += buf_datalen(c->outbuf);
5225  alloc_by_type[tp] += buf_allocation(c->outbuf);
5226  }
5227  } SMARTLIST_FOREACH_END(c);
5228  for (i=0; i <= CONN_TYPE_MAX_; ++i) {
5229  total_used += used_by_type[i];
5230  total_alloc += alloc_by_type[i];
5231  }
5232 
5233  tor_log(severity, LD_GENERAL,
5234  "In buffers for %d connections: %"PRIu64" used/%"PRIu64" allocated",
5235  smartlist_len(conns),
5236  (total_used), (total_alloc));
5237  for (i=CONN_TYPE_MIN_; i <= CONN_TYPE_MAX_; ++i) {
5238  if (!n_conns_by_type[i])
5239  continue;
5240  tor_log(severity, LD_GENERAL,
5241  " For %d %s connections: %"PRIu64" used/%"PRIu64" allocated",
5242  n_conns_by_type[i], conn_type_to_string(i),
5243  (used_by_type[i]), (alloc_by_type[i]));
5244  }
5245 }
5246 
5250 void
5252 {
5253  (void) now; /* XXXX unused. */
5254  tor_assert(conn);
5255  tor_assert(conn->type >= CONN_TYPE_MIN_);
5256  tor_assert(conn->type <= CONN_TYPE_MAX_);
5257 
5258  switch (conn->type) {
5259  case CONN_TYPE_OR:
5260  case CONN_TYPE_EXT_OR:
5261  tor_assert(conn->magic == OR_CONNECTION_MAGIC);
5262  break;
5263  case CONN_TYPE_AP:
5264  tor_assert(conn->magic == ENTRY_CONNECTION_MAGIC);
5265  break;
5266  case CONN_TYPE_EXIT:
5267  tor_assert(conn->magic == EDGE_CONNECTION_MAGIC);
5268  break;
5269  case CONN_TYPE_DIR:
5270  tor_assert(conn->magic == DIR_CONNECTION_MAGIC);
5271  break;
5272  case CONN_TYPE_CONTROL:
5273  tor_assert(conn->magic == CONTROL_CONNECTION_MAGIC);
5274  break;
5275  CASE_ANY_LISTENER_TYPE:
5276  tor_assert(conn->magic == LISTENER_CONNECTION_MAGIC);
5277  break;
5278  default:
5279  tor_assert(conn->magic == BASE_CONNECTION_MAGIC);
5280  break;
5281  }
5282 
5283  if (conn->linked_conn) {
5284  tor_assert(conn->linked_conn->linked_conn == conn);
5285  tor_assert(conn->linked);
5286  }
5287  if (conn->linked)
5288  tor_assert(!SOCKET_OK(conn->s));
5289 
5290  if (conn->outbuf_flushlen > 0) {
5291  /* With optimistic data, we may have queued data in
5292  * EXIT_CONN_STATE_RESOLVING while the conn is not yet marked to writing.
5293  * */
5294  tor_assert((conn->type == CONN_TYPE_EXIT &&
5295  conn->state == EXIT_CONN_STATE_RESOLVING) ||
5296  connection_is_writing(conn) ||
5297  conn->write_blocked_on_bw ||
5298  (CONN_IS_EDGE(conn) &&
5299  TO_EDGE_CONN(conn)->edge_blocked_on_circ));
5300  }
5301 
5302  if (conn->hold_open_until_flushed)
5304 
5305  /* XXXX check: read_blocked_on_bw, write_blocked_on_bw, s, conn_array_index,
5306  * marked_for_close. */
5307 
5308  /* buffers */
5309  if (conn->inbuf)
5310  buf_assert_ok(conn->inbuf);
5311  if (conn->outbuf)
5312  buf_assert_ok(conn->outbuf);
5313 
5314  if (conn->type == CONN_TYPE_OR) {
5315  or_connection_t *or_conn = TO_OR_CONN(conn);
5316  if (conn->state == OR_CONN_STATE_OPEN) {
5317  /* tor_assert(conn->bandwidth > 0); */
5318  /* the above isn't necessarily true: if we just did a TLS
5319  * handshake but we didn't recognize the other peer, or it
5320  * gave a bad cert/etc, then we won't have assigned bandwidth,
5321  * yet it will be open. -RD
5322  */
5323 // tor_assert(conn->read_bucket >= 0);
5324  }
5325 // tor_assert(conn->addr && conn->port);
5326  tor_assert(conn->address);
5328  tor_assert(or_conn->tls);
5329  }
5330 
5331  if (CONN_IS_EDGE(conn)) {
5332  /* XXX unchecked: package window, deliver window. */
5333  if (conn->type == CONN_TYPE_AP) {
5334  entry_connection_t *entry_conn = TO_ENTRY_CONN(conn);
5335  if (entry_conn->chosen_exit_optional || entry_conn->chosen_exit_retries)
5336  tor_assert(entry_conn->chosen_exit_name);
5337 
5338  tor_assert(entry_conn->socks_request);
5339  if (conn->state == AP_CONN_STATE_OPEN) {
5340  tor_assert(entry_conn->socks_request->has_finished);
5341  if (!conn->marked_for_close) {
5342  tor_assert(ENTRY_TO_EDGE_CONN(entry_conn)->cpath_layer);
5343  cpath_assert_layer_ok(ENTRY_TO_EDGE_CONN(entry_conn)->cpath_layer);
5344  }
5345  }
5346  }
5347  if (conn->type == CONN_TYPE_EXIT) {
5349  conn->purpose == EXIT_PURPOSE_RESOLVE);
5350  }
5351  } else if (conn->type == CONN_TYPE_DIR) {
5352  } else {
5353  /* Purpose is only used for dir and exit types currently */
5354  tor_assert(!conn->purpose);
5355  }
5356 
5357  switch (conn->type)
5358  {
5359  CASE_ANY_LISTENER_TYPE:
5361  break;
5362  case CONN_TYPE_OR:
5363  tor_assert(conn->state >= OR_CONN_STATE_MIN_);
5364  tor_assert(conn->state <= OR_CONN_STATE_MAX_);
5365  break;
5366  case CONN_TYPE_EXT_OR:
5367  tor_assert(conn->state >= EXT_OR_CONN_STATE_MIN_);
5368  tor_assert(conn->state <= EXT_OR_CONN_STATE_MAX_);
5369  break;
5370  case CONN_TYPE_EXIT:
5371  tor_assert(conn->state >= EXIT_CONN_STATE_MIN_);
5372  tor_assert(conn->state <= EXIT_CONN_STATE_MAX_);
5373  tor_assert(conn->purpose >= EXIT_PURPOSE_MIN_);
5374  tor_assert(conn->purpose <= EXIT_PURPOSE_MAX_);
5375  break;
5376  case CONN_TYPE_AP:
5377  tor_assert(conn->state >= AP_CONN_STATE_MIN_);
5378  tor_assert(conn->state <= AP_CONN_STATE_MAX_);
5379  tor_assert(TO_ENTRY_CONN(conn)->socks_request);
5380  break;
5381  case CONN_TYPE_DIR:
5382  tor_assert(conn->state >= DIR_CONN_STATE_MIN_);
5383  tor_assert(conn->state <= DIR_CONN_STATE_MAX_);
5384  tor_assert(conn->purpose >= DIR_PURPOSE_MIN_);
5385  tor_assert(conn->purpose <= DIR_PURPOSE_MAX_);
5386  break;
5387  case CONN_TYPE_CONTROL:
5388  tor_assert(conn->state >= CONTROL_CONN_STATE_MIN_);
5389  tor_assert(conn->state <= CONTROL_CONN_STATE_MAX_);
5390  break;
5391  default:
5392  tor_assert(0);
5393  }
5394 }
5395 
5404 int
5405 get_proxy_addrport(tor_addr_t *addr, uint16_t *port, int *proxy_type,
5406  int *is_pt_out, const connection_t *conn)
5407 {
5408  const or_options_t *options = get_options();
5409 
5410  *is_pt_out = 0;
5411  /* Client Transport Plugins can use another proxy, but that should be hidden
5412  * from the rest of tor (as the plugin is responsible for dealing with the
5413  * proxy), check it first, then check the rest of the proxy types to allow
5414  * the config to have unused ClientTransportPlugin entries.
5415  */
5416  if (options->ClientTransportPlugin) {
5417  const transport_t *transport = NULL;
5418  int r;
5419  r = get_transport_by_bridge_addrport(&conn->addr, conn->port, &transport);
5420  if (r<0)
5421  return -1;
5422  if (transport) { /* transport found */
5423  tor_addr_copy(addr, &transport->addr);
5424  *port = transport->port;
5425  *proxy_type = transport->socks_version;
5426  *is_pt_out = 1;
5427  return 0;
5428  }
5429 
5430  /* Unused ClientTransportPlugin. */
5431  }
5432 
5433  if (options->HTTPSProxy) {
5434  tor_addr_copy(addr, &options->HTTPSProxyAddr);
5435  *port = options->HTTPSProxyPort;
5436  *proxy_type = PROXY_CONNECT;
5437  return 0;
5438  } else if (options->Socks4Proxy) {
5439  tor_addr_copy(addr, &options->Socks4ProxyAddr);
5440  *port = options->Socks4ProxyPort;
5441  *proxy_type = PROXY_SOCKS4;
5442  return 0;
5443  } else if (options->Socks5Proxy) {
5444  tor_addr_copy(addr, &options->Socks5ProxyAddr);
5445  *port = options->Socks5ProxyPort;
5446  *proxy_type = PROXY_SOCKS5;
5447  return 0;
5448  }
5449 
5450  tor_addr_make_unspec(addr);
5451  *port = 0;
5452  *proxy_type = PROXY_NONE;
5453  return 0;
5454 }
5455 
5458 void
5460 {
5461  tor_addr_t proxy_addr;
5462  uint16_t proxy_port;
5463  int proxy_type, is_pt;
5464 
5465  if (get_proxy_addrport(&proxy_addr, &proxy_port, &proxy_type, &is_pt,
5466  conn) != 0)
5467  return; /* if we have no proxy set up, leave this function. */
5468 
5469  (void)is_pt;
5470  log_warn(LD_NET,
5471  "The connection to the %s proxy server at %s just failed. "
5472  "Make sure that the proxy server is up and running.",
5473  proxy_type_to_string(proxy_type),
5474  fmt_addrport(&proxy_addr, proxy_port));
5475 }
5476 
5478 static const char *
5479 proxy_type_to_string(int proxy_type)
5480 {
5481  switch (proxy_type) {
5482  case PROXY_CONNECT: return "HTTP";
5483  case PROXY_SOCKS4: return "SOCKS4";
5484  case PROXY_SOCKS5: return "SOCKS5";
5485  case PROXY_PLUGGABLE: return "pluggable transports SOCKS";
5486  case PROXY_NONE: return "NULL";
5487  default: tor_assert(0);
5488  }
5489  return NULL; /*Unreached*/
5490 }
5491 
5498 void
5500 {
5501  smartlist_t *conns = get_connection_array();
5502 
5503  /* We don't want to log any messages to controllers. */
5504  SMARTLIST_FOREACH(conns, connection_t *, conn,
5505  if (conn->type == CONN_TYPE_CONTROL)
5506  TO_CONTROL_CONN(conn)->event_mask = 0);
5507 
5509 
5510  /* Unlink everything from the identity map. */
5513 
5514  /* Clear out our list of broken connections */
5516 
5517  SMARTLIST_FOREACH(conns, connection_t *, conn,
5518  connection_free_minimal(conn));
5519 
5520  if (outgoing_addrs) {
5522  smartlist_free(outgoing_addrs);
5523  outgoing_addrs = NULL;
5524  }
5525 
5527  tor_free(last_interface_ipv6);
5529 
5530  mainloop_event_free(reenable_blocked_connections_ev);
5532  memset(&reenable_blocked_connections_delay, 0, sizeof(struct timeval));
5533 }
5534 
5541 clock_skew_warning, (const connection_t *conn, long apparent_skew, int trusted,
5542  log_domain_mask_t domain, const char *received,
5543  const char *source))
5544 {
5545  char dbuf[64];
5546  char *ext_source = NULL, *warn = NULL;
5547  format_time_interval(dbuf, sizeof(dbuf), apparent_skew);
5548  if (conn)
5549  tor_asprintf(&ext_source, "%s:%s:%d", source, conn->address, conn->port);
5550  else
5551  ext_source = tor_strdup(source);
5552  log_fn(trusted ? LOG_WARN : LOG_INFO, domain,
5553  "Received %s with skewed time (%s): "
5554  "It seems that our clock is %s by %s, or that theirs is %s%s. "
5555  "Tor requires an accurate clock to work: please check your time, "
5556  "timezone, and date settings.", received, ext_source,
5557  apparent_skew > 0 ? "ahead" : "behind", dbuf,
5558  apparent_skew > 0 ? "behind" : "ahead",
5559  (!conn || trusted) ? "" : ", or they are sending us the wrong time");
5560  if (trusted) {
5561  control_event_general_status(LOG_WARN, "CLOCK_SKEW SKEW=%ld SOURCE=%s",
5562  apparent_skew, ext_source);
5563  tor_asprintf(&warn, "Clock skew %ld in %s from %s", apparent_skew,
5564  received, source);
5565  control_event_bootstrap_problem(warn, "CLOCK_SKEW", conn, 1);
5566  }
5567  tor_free(warn);
5568  tor_free(ext_source);
5569 }
#define RELAY_PAYLOAD_SIZE
Definition: or.h:605
static void connection_bucket_refill_single(connection_t *conn, uint32_t now_ts)
Definition: connection.c:3468
tor_socket_t s
Definition: connection_st.h:88
Header file for dirserv.c.
void rep_hist_note_bytes_read(uint64_t num_bytes, time_t when)
Definition: rephist.c:1166
#define AP_CONN_STATE_CONNECT_WAIT
#define DIR_PURPOSE_SERVER
Definition: directory.h:62
tor_addr_t OutboundBindAddresses[OUTBOUND_ADDR_MAX][2]
uint8_t type
Definition: port_cfg_st.h:18
#define CASE_TOR_TLS_ERROR_ANY_NONIO
Definition: tortls.h:53
void accounting_add_bytes(size_t n_read, size_t n_written, int seconds)
Definition: hibernate.c:331
#define CONN_TYPE_DIR_LISTENER
Definition: connection.h:33
Header file for rendcommon.c.
#define CONN_TYPE_CONTROL_LISTENER
Definition: connection.h:38
int fascist_firewall_prefer_ipv6_orport(const or_options_t *options)
Definition: policies.c:508
unsigned int cpd_check_t
Definition: dir.h:20
Header file for channeltls.c.
#define AP_CONN_STATE_RESOLVE_WAIT
unsigned int chosen_exit_retries
MOCK_IMPL(void, connection_free_,(connection_t *conn))
Definition: connection.c:760
void rep_hist_note_dir_bytes_written(uint64_t num_bytes, time_t when)
Definition: rephist.c:1176
void connection_or_close_normally(or_connection_t *orconn, int flush)
uint64_t global_identifier
const tor_addr_t * conn_get_outbound_address(sa_family_t family, const or_options_t *options, unsigned int conn_type)
Definition: connection.c:2122
Header file containing common data for the whole HS subsytem.
int ClientPreferIPv6ORPort
unsigned int has_finished
token_bucket_rw_t bucket
int token_bucket_rw_refill(token_bucket_rw_t *bucket, uint32_t now_ts)
Definition: token_bucket.c:183
uint64_t RelayBandwidthBurst
Header file for circuitbuild.c.
uint16_t port
Definition: transports.h:26
int get_proxy_addrport(tor_addr_t *addr, uint16_t *port, int *proxy_type, int *is_pt_out, const connection_t *conn)
Definition: connection.c:5405
int connection_is_moribund(connection_t *conn)
Definition: connection.c:5101
tor_addr_t real_addr
int socks_policy_permits_address(const tor_addr_t *addr)
Definition: policies.c:1186
unsigned int socks_prefer_no_auth
static smartlist_t * outgoing_addrs
Definition: connection.c:203
static int connection_read_https_proxy_response(connection_t *conn)
Definition: connection.c:2489
#define SMARTLIST_FOREACH_BEGIN(sl, type, var)
uint16_t sa_family_t
Definition: inaddr_st.h:77
Header for backtrace.c.
#define TO_CONN(c)
Definition: or.h:735
static int connection_flushed_some(connection_t *conn)
Definition: connection.c:4825
static int connection_fetch_from_buf_socks_client(connection_t *conn, int state, char **reason)
Definition: connection.c:2582
void entry_guard_cancel(circuit_guard_state_t **guard_state_p)
Definition: entrynodes.c:2459
void connection_mark_all_noncontrol_connections(void)
Definition: connection.c:3007
void connection_ap_about_to_close(entry_connection_t *entry_conn)
int CountPrivateBandwidth
int connection_flush(connection_t *conn)
Definition: connection.c:4252
int connection_dir_reached_eof(dir_connection_t *conn)
Definition: dirclient.c:2988
void tor_addr_make_unspec(tor_addr_t *a)
Definition: address.c:225
uint32_t log_domain_mask_t
Definition: log.h:134
void update_current_time(time_t now)
Definition: mainloop.c:2173
uint16_t router_get_advertised_or_port(const or_options_t *options)
Definition: router.c:1430
static void connection_send_socks5_connect(connection_t *conn)
Definition: connection.c:2550
uint16_t router_get_advertised_or_port_by_af(const or_options_t *options, sa_family_t family)
Definition: router.c:1438
static void update_send_buffer_size(tor_socket_t sock)
Definition: connection.c:3935
or_handshake_state_t * handshake_state
tor_addr_t addr
Definition: port_cfg_st.h:15
tor_addr_t addr
#define EXIT_PURPOSE_CONNECT
Header for buffers_tls.c.
int connection_state_is_connecting(connection_t *conn)
Definition: connection.c:4662
void channel_close_for_error(channel_t *chan)
Definition: channel.c:1241
unsigned int write_blocked_on_bw
Definition: connection_st.h:53
#define EXIT_CONN_STATE_RESOLVING
#define CONN_TYPE_AP_NATD_LISTENER
Definition: connection.h:46
Header file for connection.c.
static int oos_victim_comparator(const void **a_v, const void **b_v)
Definition: connection.c:4954
#define EXIT_CONN_STATE_RESOLVEFAILED
const char * tor_tls_err_to_string(int err)
Definition: tortls.c:150
uint32_t n_written_conn_bw
void connection_stop_reading_from_linked_conn(connection_t *conn)
Definition: mainloop.c:815
connection_t * connection_get_by_type_state_rendquery(int type, int state, const char *rendquery)
Definition: connection.c:4506
#define LD_GENERAL
Definition: log.h:59
static void connection_init(time_t now, connection_t *conn, int type, int socket_family)
Definition: connection.c:491
void connection_consider_empty_read_buckets(connection_t *conn)
Definition: connection.c:3359
#define MAX_SOCKS5_AUTH_FIELD_SIZE
Definition: connection.h:180
static int connection_reached_eof(connection_t *conn)
Definition: connection.c:4916
int rend_cmp_service_ids(const char *one, const char *two)
Definition: rendcommon.c:48
dir_connection_t * dir_connection_new(int socket_family)
Definition: connection.c:360
static void client_check_address_changed(tor_socket_t sock)
Definition: connection.c:4706
static int connection_handle_listener_read(connection_t *conn, int new_type)
Definition: connection.c:1696
#define DOWNCAST(to, ptr)
Definition: or.h:110
int buf_flush_to_socket(buf_t *buf, tor_socket_t s, size_t sz, size_t *buf_flushlen)
Definition: buffers_net.c:231
unsigned int proxy_state
Definition: connection_st.h:84
static ssize_t connection_bucket_get_share(int base, int priority, ssize_t global_bucket_val, ssize_t conn_bucket)
Definition: connection.c:3093
uint64_t BandwidthRate
uint8_t state
Definition: connection_st.h:44
#define CONN_TYPE_AP_TRANS_LISTENER
Definition: connection.h:43
int authdir_mode(const or_options_t *options)
Definition: authmode.c:25
tor_addr_t HTTPSProxyAddr
time_t connection_or_client_used(or_connection_t *conn)
Headers for compress.c.
void connection_link_connections(connection_t *conn_a, connection_t *conn_b)
Definition: connection.c:539
#define LOG_INFO
Definition: log.h:42
static uint32_t tor_addr_to_ipv4n(const tor_addr_t *a)
Definition: address.h:145
Header file for nodelist.c.
static connection_t * connection_listener_new_for_port(const port_cfg_t *port, int *defer, int *addr_in_use)
Definition: connection.c:1570
static int retry_listener_ports(smartlist_t *old_conns, const smartlist_t *ports, smartlist_t *new_conns, smartlist_t *replacements, int control_listeners_only)
Definition: connection.c:2771
void tor_log(int severity, log_domain_mask_t domain, const char *format,...)
Definition: log.c:632
void tor_addr_make_null(tor_addr_t *a, sa_family_t family)
Definition: address.c:235
void stats_increment_bytes_read_and_written(uint64_t r, uint64_t w)
Definition: mainloop.c:483
uint64_t ConstrainedSockSize
unsigned int inbuf_reached_eof
Definition: connection_st.h:59
Header file for directory.c.
void smartlist_add(smartlist_t *sl, void *element)
#define OR_CONN_STATE_TLS_HANDSHAKING
Definition: orconn_event.h:36
int connection_dir_finished_connecting(dir_connection_t *conn)
Definition: directory.c:453
int connection_is_listener(connection_t *conn)
Definition: connection.c:4623
unsigned int read_blocked_on_bw
Definition: connection_st.h:51
unsigned get_signewnym_epoch(void)
Definition: mainloop.c:1331
#define bool_neq(a, b)
Definition: logic.h:18
void connection_or_notify_error(or_connection_t *conn, int reason, const char *msg)
char * Socks5ProxyUsername
#define MAX_HEADERS_SIZE
Definition: or.h:123
#define CONTROL_CONN_STATE_OPEN
Definition: control.h:19
void connection_or_clear_identity_map(void)
int fascist_firewall_prefer_ipv6_dirport(const or_options_t *options)
Definition: policies.c:533
size_t base64_encode_size(size_t srclen, int flags)
Definition: binascii.c:166
const struct passwd * tor_getpwnam(const char *username)
Definition: userdb.c:70
char * rate_limit_log(ratelim_t *lim, time_t now)
Definition: ratelim.c:41
smartlist_t * spool
#define AP_CONN_STATE_RENDDESC_WAIT
#define CONN_TYPE_OR_LISTENER
Definition: connection.h:21
#define OR_CONN_STATE_TLS_SERVER_RENEGOTIATING
Definition: orconn_event.h:43
int connection_ext_or_start_auth(or_connection_t *or_conn)
Definition: ext_orport.c:636
Header file for config.c.
static struct timeval reenable_blocked_connections_delay
Definition: connection.c:3495
control_connection_t * TO_CONTROL_CONN(connection_t *c)
Definition: control.c:67
edge_connection_t * edge_connection_new(int type, int socket_family)
Definition: connection.c:415
static const char * connection_proxy_state_to_string(int state)
Definition: connection.c:2267
#define fmt_and_decorate_addr(a)
Definition: address.h:214
#define CONN_TYPE_OR
Definition: connection.h:24
socklen_t tor_addr_to_sockaddr(const tor_addr_t *a, uint16_t port, struct sockaddr *sa_out, socklen_t len)
Definition: address.c:113
char * alloc_http_authenticator(const char *authenticator)
Definition: connection.c:4685
#define DIR_CONN_LIST_TEMPLATE(conn_var, conn_test, dirconn_var, dirconn_test)
Definition: connection.c:4533
int connection_edge_finished_connecting(edge_connection_t *edge_conn)
const char * conn_type_to_string(int type)
Definition: connection.c:243
#define DIR_CONN_STATE_CLIENT_READING
Definition: directory.h:23
int fast_mem_is_zero(const char *mem, size_t len)
Definition: util_string.c:74
char * HTTPSProxy
static tor_addr_t * last_interface_ipv4
Definition: connection.c:198
int format_time_interval(char *out, size_t out_len, long interval)
Definition: time_fmt.c:481
struct tor_compress_state_t * compress_state
struct connection_t * linked_conn
static time_t last_recorded_accounting_at
Definition: connection.c:3239
static void warn_too_many_conns(void)
Definition: connection.c:1042
rend_data_t * rend_data
unsigned int reading_from_linked_conn
Definition: connection_st.h:73
uint16_t port
const smartlist_t * get_socks_args_by_bridge_addrport(const tor_addr_t *addr, uint16_t port)
Definition: bridges.c:644
void connection_control_closed(control_connection_t *conn)
Definition: control.c:211
#define tor_free(p)
Definition: malloc.h:52
void reset_last_resolved_addr(void)
Definition: config.c:2694
static int connection_process_inbuf(connection_t *conn, int package_partial)
Definition: connection.c:4799
static int connection_may_write_to_buf(connection_t *conn)
Definition: connection.c:4263
#define tor_fragile_assert()
Definition: util_bug.h:241
int connection_fetch_from_buf_http(connection_t *conn, char **headers_out, size_t max_headerlen, char **body_out, size_t *body_used, size_t max_bodylen, int force_complete)
Definition: connection.c:3901
#define LOG_NOTICE
Definition: log.h:47
int connection_is_reading(connection_t *conn)
Definition: mainloop.c:508
#define LISTENER_STATE_READY
Definition: connection.h:82
#define SMARTLIST_DEL_CURRENT(sl, var)
const char * conn_state_to_string(int type, int state)
Definition: connection.c:275
Header file for mainloop.c.
int connection_dirserv_flushed_some(dir_connection_t *conn)
Definition: dirserv.c:854
void memwipe(void *mem, uint8_t byte, size_t sz)
Definition: crypto_util.c:57
int global_write_bucket_low(connection_t *conn, size_t attempt, int priority)
Definition: connection.c:3203
#define EXIT_PURPOSE_RESOLVE
#define DIR_CONN_STATE_CLIENT_SENDING
Definition: directory.h:21
#define SESSION_GROUP_FIRST_AUTO
Definition: or.h:983
void connection_or_about_to_close(or_connection_t *or_conn)
buf_t * buf_new(void)
Definition: buffers.c:363
struct buf_t * pending_optimistic_data
Header file for geoip.c.
int tor_addr_from_getsockname(struct tor_addr_t *addr_out, tor_socket_t sock)
Definition: socket.c:545
#define sandbox_intern_string(s)
Definition: sandbox.h:112
unsigned int purpose
Definition: connection_st.h:46
struct tor_tls_t * tls
or_connection_t * or_connection_new(int type, int socket_family)
Definition: connection.c:375
#define CONN_GET_TEMPLATE(var, test)
Definition: connection.c:4439
void connection_or_clear_identity(or_connection_t *conn)
edge_connection_t * TO_EDGE_CONN(connection_t *c)
int TokenBucketRefillInterval
void connection_dump_buffer_mem_stats(int severity)
Definition: connection.c:5202
#define ENTRY_TO_CONN(c)
Definition: or.h:738
or_connection_t * TO_OR_CONN(connection_t *c)
Header file for dnsserv.c.
size_t outbuf_flushlen
Definition: connection_st.h:96
STATIC void connection_free_minimal(connection_t *conn)
Definition: connection.c:571
void connection_unregister_events(connection_t *conn)
Definition: mainloop.c:275
static connection_t * connection_get_another_active_or_conn(const or_connection_t *this_conn)
Definition: connection.c:4595
int base64_encode(char *dest, size_t destlen, const char *src, size_t srclen, int flags)
Definition: binascii.c:215
control_connection_t * control_connection_new(int socket_family)
Definition: connection.c:426
unsigned int linked
Definition: connection_st.h:70
unsigned int active_on_link
Definition: connection_st.h:78
int connection_edge_finished_flushing(edge_connection_t *conn)
Header file for directory authority mode.
int connection_dir_finished_flushing(dir_connection_t *conn)
Definition: directory.c:407
int retry_all_listeners(smartlist_t *new_conns, int close_all_noncontrol)
Definition: connection.c:2899
int connection_wants_to_flush(connection_t *conn)
Definition: connection.c:3913
int buf_move_to_buf(buf_t *buf_out, buf_t *buf_in, size_t *buf_flushlen)
Definition: buffers.c:654
#define SOCKET_OK(s)
Definition: nettypes.h:39
static int connection_finished_flushing(connection_t *conn)
Definition: connection.c:4850
int connection_is_on_closeable_list(connection_t *conn)
Definition: mainloop.c:435
socks_request_t * socks_request
void connection_or_event_status(or_connection_t *conn, or_conn_status_event_t tp, int reason)
#define CONN_TYPE_EXT_OR
Definition: connection.h:51
Header file for hibernate.c.
Header file for policies.c.
char * Socks5Proxy
#define MAX_SOCKS5_AUTH_SIZE_TOTAL
Definition: connection.h:184
void connection_or_remove_from_ext_or_id_map(or_connection_t *conn)
uint16_t HTTPSProxyPort
#define LD_APP
Definition: log.h:75
#define OR_CONN_STATE_TLS_CLIENT_RENEGOTIATING
Definition: orconn_event.h:39
int control_event_general_status(int severity, const char *format,...)
static int connection_is_rate_limited(connection_t *conn)
Definition: connection.c:3048
#define DIR_CONN_STATE_CLIENT_FINISHED
Definition: directory.h:25
void tor_tls_release_socket(tor_tls_t *tls)
Definition: tortls_nss.c:461
struct buf_t * inbuf
Definition: connection_st.h:93
int errno_to_orconn_end_reason(int e)
Definition: reasons.c:287
static void set_constrained_socket_buffers(tor_socket_t sock, int size)
Definition: connection.c:4776
Common functions for cryptographic routines.
int buf_get_line(buf_t *buf, char *data_out, size_t *data_len)
Definition: buffers.c:863
static int make_socket_reuseable(tor_socket_t sock)
Definition: connection.c:1157
Header file for channel.c.
struct config_line_t * ClientTransportPlugin
tor_assert(buffer)
static mainloop_event_t * reenable_blocked_connections_ev
Definition: connection.c:3489
static void connection_write_to_buf_commit(connection_t *conn, size_t len)
Definition: connection.c:4307
#define CONN_LOG_PROTECT(conn, stmt)
Definition: connection.h:328
uint16_t Socks4ProxyPort
#define LD_CONTROL
Definition: log.h:77
connection_t * connection_new(int type, int socket_family)
Definition: connection.c:450
#define CLIENT_IDLE_TIME_FOR_PRIORITY
Definition: connection.c:3069
static int connection_finished_connecting(connection_t *conn)
Definition: connection.c:4888
int connection_control_reached_eof(control_connection_t *conn)
Definition: control.c:189
int dir_policy_permits_address(const tor_addr_t *addr)
Definition: policies.c:1177
Header file for routermode.c.
static ssize_t connection_bucket_read_limit(connection_t *conn, time_t now)
Definition: connection.c:3123
int tor_asprintf(char **strp, const char *fmt,...)
Definition: printf.c:75
const char * fmt_addrport(const tor_addr_t *addr, uint16_t port)
Definition: address.c:1169
void clear_broken_connection_map(int stop_recording)
#define CFG_AUTO_PORT
Definition: or.h:990
struct circuit_guard_state_t * guard_state
#define LD_CHANNEL
Definition: log.h:102
dir_connection_t * TO_DIR_CONN(connection_t *c)
Definition: directory.c:77
void buf_move_all(buf_t *buf_out, buf_t *buf_in)
Definition: buffers.c:687
void control_update_global_event_mask(void)
int connection_control_process_inbuf(control_connection_t *conn)
Definition: control.c:346
int conn_array_index
Definition: connection_st.h:89
int get_n_open_sockets(void)
Definition: socket.c:441
int connection_or_reached_eof(or_connection_t *conn)
Header file for sandbox.c.
#define CONTROL_CONN_STATE_NEEDAUTH
Definition: control.h:22
int connection_init_accepted_conn(connection_t *conn, const listener_connection_t *listener)
Definition: connection.c:1869
int buf_get_bytes(buf_t *buf, char *string, size_t string_len)
Definition: buffers.c:634
Header file for circuitbuild.c.
Master header file for Tor-specific functionality.
smartlist_t * connection_dir_list_by_purpose_resource_and_state(int purpose, const char *resource, int state)
Definition: connection.c:4576
int buf_add_compress(struct buf_t *buf, struct tor_compress_state_t *state, const char *data, size_t data_len, int done)
Definition: compress_buf.c:31
static void record_num_bytes_transferred_impl(connection_t *conn, time_t now, size_t num_read, size_t num_written)
Definition: connection.c:3245
void connection_check_oos(int n_socks, int failed)
Definition: connection.c:5118
void connection_close_immediate(connection_t *conn)
Definition: connection.c:844
#define LD_DIRSERV
Definition: log.h:87
void connection_exit_about_to_close(edge_connection_t *edge_conn)
Header file for circuitbuild.c.
int connection_ext_or_process_inbuf(or_connection_t *or_conn)
Definition: ext_orport.c:540
connection_t * connection_get_by_type(int type)
Definition: connection.c:4477
#define OR_CONN_STATE_OPEN
Definition: orconn_event.h:53
listener_connection_t * TO_LISTENER_CONN(connection_t *c)
Definition: connection.c:221
uint16_t marked_for_close
unsigned int chosen_exit_optional
static void connection_write_to_buf_failed(connection_t *conn)
Definition: connection.c:4278
#define AP_CONN_STATE_CIRCUIT_WAIT
uint16_t router_get_advertised_dir_port(const or_options_t *options, uint16_t dirport)
Definition: router.c:1460
char * HTTPSProxyAuthenticator
static int conn_get_proxy_type(const connection_t *conn)
Definition: connection.c:2293
entry_connection_t * entry_connection_new(int type, int socket_family)
Definition: connection.c:396
int connection_buf_get_bytes(char *string, size_t len, connection_t *conn)
Definition: connection.c:3885
connection_t * connection_get_by_global_id(uint64_t id)
Definition: connection.c:4469
static int connection_handle_write_impl(connection_t *conn, int force)
Definition: connection.c:3984
Header file for rephist.c.
int buf_add(buf_t *buf, const char *string, size_t string_len)
Definition: buffers.c:525
void smartlist_remove(smartlist_t *sl, const void *element)
void connection_write_bw_exhausted(connection_t *conn, bool is_global_bw)
Definition: connection.c:3348
int buf_read_from_tls(buf_t *buf, tor_tls_t *tls, size_t at_most)
Definition: buffers_tls.c:64
void add_connection_to_closeable_list(connection_t *conn)
Definition: mainloop.c:424
Header file containing circuit and connection identifier data for the whole HS subsytem.
#define OR_CONN_STATE_PROXY_HANDSHAKING
Definition: orconn_event.h:33
#define AP_CONN_STATE_HTTP_CONNECT_WAIT
#define LOG_WARN
Definition: log.h:50
int tor_addr_is_null(const tor_addr_t *addr)
Definition: address.c:770
unsigned int type
Definition: connection_st.h:45
int token_bucket_rw_dec(token_bucket_rw_t *bucket, ssize_t n_read, ssize_t n_written)
Definition: token_bucket.c:249
void connection_consider_empty_write_buckets(connection_t *conn)
Definition: connection.c:3388
int connection_ap_process_transparent(entry_connection_t *conn)
int connection_read_proxy_handshake(connection_t *conn)
Definition: connection.c:2599
#define log_fn_ratelim(ratelim, severity, domain, args,...)
Definition: log.h:277
static void reenable_blocked_connections_cb(mainloop_event_t *ev, void *arg)
Definition: connection.c:3503
Header file for circuituse.c.
Header file for buffers_net.c.
enum or_options_t::@28 TransProxyType_parsed
connection_t * connection_get_by_type_state(int type, int state)
Definition: connection.c:4486
int parse_http_response(const char *headers, int *code, time_t *date, compress_method_t *compression, char **reason)
Definition: directory.c:264
int connection_in_array(connection_t *conn)
Definition: mainloop.c:442
#define CONN_TYPE_CONTROL
Definition: connection.h:40
void mark_my_descriptor_dirty(const char *reason)
Definition: router.c:2427
int connection_connect(connection_t *conn, const char *address, const tor_addr_t *addr, uint16_t port, int *socket_error)
Definition: connection.c:2179
#define AP_CONN_STATE_SOCKS_WAIT
tor_addr_t Socks5ProxyAddr
Header file for circuitlist.c.
Headers for transports.c.
int connection_dir_process_inbuf(dir_connection_t *conn)
Definition: directory.c:347
int connection_state_is_open(connection_t *conn)
Definition: connection.c:4642
#define LD_OR
Definition: log.h:89
int tor_addr_is_loopback(const tor_addr_t *addr)
Definition: address.c:795
#define tor_socket_t
Definition: nettypes.h:36
int tor_digest_is_zero(const char *digest)
Definition: util_string.c:96
static const char * proxy_type_to_string(int proxy_type)
Definition: connection.c:5479
#define DIR_CONN_STATE_SERVER_COMMAND_WAIT
Definition: directory.h:27
#define OR_CONN_STATE_OR_HANDSHAKING_V2
Definition: orconn_event.h:47
void connection_read_bw_exhausted(connection_t *conn, bool is_global_bw)
Definition: connection.c:3333
#define CONN_TYPE_AP_HTTP_CONNECT_LISTENER
Definition: connection.h:55
static void connection_buckets_decrement(connection_t *conn, time_t now, size_t num_read, size_t num_written)
Definition: connection.c:3290
#define LOG_ERR
Definition: log.h:53
#define TOR_INVALID_SOCKET
Definition: nettypes.h:41
ssize_t connection_bucket_write_limit(connection_t *conn, time_t now)
Definition: connection.c:3153
#define LD_FS
Definition: log.h:67
void channel_notify_flushed(channel_t *chan)
Definition: channel.c:1787
void connection_or_set_ext_or_identifier(or_connection_t *conn)
void connection_dir_buf_add(const char *string, size_t len, dir_connection_t *dir_conn, int done)
Definition: connection.c:4366
tor_socket_t tor_open_socket_nonblocking(int domain, int type, int protocol)
Definition: socket.c:260
struct buf_t * outbuf
Definition: connection_st.h:94
int connection_edge_flushed_some(edge_connection_t *conn)
#define CONN_TYPE_AP_DNS_LISTENER
Definition: connection.h:48
#define LD_DIR
Definition: log.h:85
void connection_buf_add_buf(connection_t *conn, buf_t *buf)
Definition: connection.c:4390
struct event * write_event
Definition: connection_st.h:92
void connection_or_clear_ext_or_id_map(void)
int connection_outbuf_too_full(connection_t *conn)
Definition: connection.c:3923
Header file for connection_edge.c.
void connection_about_to_close_connection(connection_t *conn)
Definition: connection.c:813
void assert_connection_ok(connection_t *conn, time_t now)
Definition: connection.c:5251
static int connection_counts_as_relayed_traffic(connection_t *conn, time_t now)
Definition: connection.c:3076
char * Socks4Proxy
int ClientPreferIPv6DirPort
tor_socket_t tor_accept_socket_nonblocking(tor_socket_t sockfd, struct sockaddr *addr, socklen_t *len)
Definition: socket.c:367
Header file for crypt_path.c.
int tor_snprintf(char *str, size_t size, const char *format,...)
Definition: printf.c:27
char * tor_addr_to_str_dup(const tor_addr_t *addr)
Definition: address.c:1134
static void reenable_blocked_connection_init(const or_options_t *options)
Definition: connection.c:3526
size_t buf_allocation(const buf_t *buf)
Definition: buffers.c:399
#define CELL_PAYLOAD_SIZE
Definition: or.h:576
void rep_hist_note_exit_bytes(uint16_t port, size_t num_written, size_t num_read)
Definition: rephist.c:1785
uint64_t BandwidthBurst
void rep_hist_note_or_conn_bytes(uint64_t conn_id, size_t num_read, size_t num_written, time_t when)
Definition: rephist.c:2330
Header file for relay.c.
#define SMARTLIST_FOREACH(sl, type, var, cmd)
int connection_or_flushed_some(or_connection_t *conn)
const char * escaped(const char *s)
Definition: escape.c:126
mainloop_event_t * mainloop_event_new(void(*cb)(mainloop_event_t *, void *), void *userdata)
int connection_or_finished_flushing(or_connection_t *conn)
time_t timestamp_last_read_allowed
Definition: connection_st.h:98
static time_t write_buckets_last_empty_at
Definition: connection.c:3065
listener_connection_t * listener_connection_new(int type, int socket_family)
Definition: connection.c:438
void control_event_bootstrap_problem(const char *warn, const char *reason, const connection_t *conn, int dowarn)
void rep_hist_note_bytes_written(uint64_t num_bytes, time_t when)
Definition: rephist.c:1149
unsigned int linked_conn_is_closed
Definition: connection_st.h:81
#define fmt_addr(a)
Definition: address.h:211
void token_bucket_rw_adjust(token_bucket_rw_t *bucket, uint32_t rate, uint32_t burst)
Definition: token_bucket.c:152
#define log_fn(severity, domain, args,...)
Definition: log.h:272
void cpath_assert_layer_ok(const crypt_path_t *cp)
Definition: crypt_path.c:106
static uint32_t last_refilled_global_buckets_ts
Definition: connection.c:3461
void buf_assert_ok(buf_t *buf)
Definition: buffers.c:899
#define AP_CONN_STATE_CONTROLLER_WAIT
channel_tls_t * chan
void rep_hist_note_dir_bytes_read(uint64_t num_bytes, time_t when)
Definition: rephist.c:1185
void smartlist_add_all(smartlist_t *s1, const smartlist_t *s2)
#define CONN_TYPE_EXIT
Definition: connection.h:26
static int listen_limit
Definition: connection.c:1203
#define EXIT_CONN_STATE_OPEN
#define AP_CONN_STATE_OPEN
struct event * read_event
Definition: connection_st.h:91
#define CASE_TOR_TLS_ERROR_ANY
Definition: tortls.h:62
Headers for tortls.c.
uint16_t Socks5ProxyPort
#define LOG_FN_CONN(conn, args)
Definition: control.h:32
int connection_control_finished_flushing(control_connection_t *conn)
Definition: control.c:181
void connection_mark_for_close_(connection_t *conn, int line, const char *file)
Definition: connection.c:878
unsigned int in_connection_handle_write
Definition: connection_st.h:66
Header file for control.c.
void connection_expire_held_open(void)
Definition: connection.c:955
#define tor_addr_eq(a, b)
Definition: address.h:244
unsigned int hold_open_until_flushed
Definition: connection_st.h:56
#define OR_CONN_STATE_OR_HANDSHAKING_V3
Definition: orconn_event.h:51
int connection_is_writing(connection_t *conn)
Definition: mainloop.c:654
time_t approx_time(void)
Definition: approx_time.c:32
void tor_release_socket_ownership(tor_socket_t s)
Definition: socket.c:349
unsigned int is_transparent_ap
uint32_t magic
Definition: connection_st.h:41
int connection_edge_process_inbuf(edge_connection_t *conn, int package_partial)
#define LOG_DEBUG
Definition: log.h:39
const char * marked_for_close_file
int any_other_active_or_conns(const or_connection_t *this_conn)
Definition: connection.c:4607
time_t timestamp_created
int strcmp_opt(const char *s1, const char *s2)
Definition: util_string.c:188
static int check_sockaddr_family_match(sa_family_t got, connection_t *listener)
Definition: connection.c:1678
int buf_flush_to_tls(buf_t *buf, tor_tls_t *tls, size_t flushlen, size_t *buf_flushlen)
Definition: buffers_tls.c:142
void token_bucket_rw_init(token_bucket_rw_t *bucket, uint32_t rate, uint32_t burst, uint32_t now_ts)
Definition: token_bucket.c:137
#define CONN_IS_CLOSED(c)
Definition: connection.c:836
uint32_t n_read_conn_bw
Header file for buffers.c.
void connection_bucket_adjust(const or_options_t *options)
Definition: connection.c:3441
void connection_bucket_init(void)
Definition: connection.c:3416
Header file for reasons.c.
int mainloop_event_schedule(mainloop_event_t *event, const struct timeval *tv)
void log_failed_proxy_connection(connection_t *conn)
Definition: connection.c:5459
#define CONN_TYPE_DIR
Definition: connection.h:35
int conn_listener_type_supports_af_unix(int type)
Definition: connection.c:553
circuit_t * circuit_get_by_edge_conn(edge_connection_t *conn)
Definition: circuitlist.c:1572
Header file for connection_or.c.
#define CONN_TYPE_AP_LISTENER
Definition: connection.h:28
size_t buf_slack(const buf_t *buf)
Definition: buffers.c:412
tor_addr_t addr
Definition: transports.h:24
unsigned int in_flushed_some
Definition: connection_st.h:63
char * esc_for_log(const char *s)
Definition: escape.c:30
void tor_tls_get_n_raw_bytes(tor_tls_t *tls, size_t *n_read, size_t *n_written)
Definition: tortls_nss.c:654
int connection_or_process_inbuf(or_connection_t *conn)
static int connection_handle_read_impl(connection_t *conn)
Definition: connection.c:3566
void ip_address_changed(int at_interface)
Definition: mainloop.c:2258
smartlist_t * connection_dir_list_by_purpose_and_resource(int purpose, const char *resource)
Definition: connection.c:4558
#define LD_NET
Definition: log.h:63
int connection_edge_reached_eof(edge_connection_t *conn)
smartlist_t * ephemeral_onion_services
#define OR_CONN_STATE_CONNECTING
Definition: orconn_event.h:31
void connection_dir_about_to_close(dir_connection_t *dir_conn)
Definition: directory.c:389
void dnsserv_configure_listener(connection_t *conn)
Definition: dnsserv.c:391
#define tor_addr_to_in6_addr8(x)
Definition: address.h:129
void connection_free_all(void)
Definition: connection.c:5499
char unix_addr[FLEXIBLE_ARRAY_MEMBER]
Definition: port_cfg_st.h:31
int tor_tls_get_pending_bytes(tor_tls_t *tls)
Definition: tortls_nss.c:634
Header for compat_libevent.c.
int ConstrainedSockets
int buf_read_from_socket(buf_t *buf, tor_socket_t s, size_t at_most, int *reached_eof, int *socket_error)
Definition: buffers_net.c:243
#define DIR_CONN_STATE_CONNECTING
Definition: directory.h:19
static int check_sockaddr(const struct sockaddr *sa, int len, int level)
Definition: connection.c:1635