Tor  0.4.5.0-alpha-dev
connection.c
Go to the documentation of this file.
1 /* Copyright (c) 2001 Matej Pfajfar.
2  * Copyright (c) 2001-2004, Roger Dingledine.
3  * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson.
4  * Copyright (c) 2007-2020, The Tor Project, Inc. */
5 /* See LICENSE for licensing information */
6 
7 /**
8  * \file connection.c
9  * \brief General high-level functions to handle reading and writing
10  * on connections.
11  *
12  * Each connection (ideally) represents a TLS connection, a TCP socket, a unix
13  * socket, or a UDP socket on which reads and writes can occur. (But see
14  * connection_edge.c for cases where connections can also represent streams
15  * that do not have a corresponding socket.)
16  *
17  * The module implements the abstract type, connection_t. The subtypes are:
18  * <ul>
19  * <li>listener_connection_t, implemented here in connection.c
20  * <li>dir_connection_t, implemented in directory.c
21  * <li>or_connection_t, implemented in connection_or.c
22  * <li>edge_connection_t, implemented in connection_edge.c, along with
23  * its subtype(s):
24  * <ul><li>entry_connection_t, also implemented in connection_edge.c
25  * </ul>
26  * <li>control_connection_t, implemented in control.c
27  * </ul>
28  *
29  * The base type implemented in this module is responsible for basic
30  * rate limiting, flow control, and marshalling bytes onto and off of the
31  * network (either directly or via TLS).
32  *
33  * Connections are registered with the main loop with connection_add(). As
34  * they become able to read or write register the fact with the event main
35  * loop by calling connection_watch_events(), connection_start_reading(), or
36  * connection_start_writing(). When they no longer want to read or write,
37  * they call connection_stop_reading() or connection_stop_writing().
38  *
39  * To queue data to be written on a connection, call
40  * connection_buf_add(). When data arrives, the
41  * connection_process_inbuf() callback is invoked, which dispatches to a
42  * type-specific function (such as connection_edge_process_inbuf() for
43  * example). Connection types that need notice of when data has been written
44  * receive notification via connection_flushed_some() and
45  * connection_finished_flushing(). These functions all delegate to
46  * type-specific implementations.
47  *
48  * Additionally, beyond the core of connection_t, this module also implements:
49  * <ul>
50  * <li>Listeners, which wait for incoming sockets and launch connections
51  * <li>Outgoing SOCKS proxy support
52  * <li>Outgoing HTTP proxy support
53  * <li>An out-of-sockets handler for dealing with socket exhaustion
54  * </ul>
55  **/
56 
57 #define CONNECTION_PRIVATE
58 #include "core/or/or.h"
59 #include "feature/client/bridges.h"
60 #include "lib/buf/buffers.h"
61 #include "lib/tls/buffers_tls.h"
62 #include "lib/err/backtrace.h"
63 
64 /*
65  * Define this so we get channel internal functions, since we're implementing
66  * part of a subclass (channel_tls_t).
67  */
68 #define CHANNEL_OBJECT_PRIVATE
69 #include "app/config/config.h"
72 #include "core/mainloop/mainloop.h"
74 #include "core/or/channel.h"
75 #include "core/or/channeltls.h"
76 #include "core/or/circuitbuild.h"
77 #include "core/or/circuitlist.h"
78 #include "core/or/circuituse.h"
80 #include "core/or/connection_or.h"
81 #include "core/or/dos.h"
82 #include "core/or/policies.h"
83 #include "core/or/reasons.h"
84 #include "core/or/relay.h"
85 #include "core/or/crypt_path.h"
86 #include "core/proto/proto_haproxy.h"
87 #include "core/proto/proto_http.h"
88 #include "core/proto/proto_socks.h"
89 #include "feature/client/dnsserv.h"
99 #include "feature/hs/hs_common.h"
100 #include "feature/hs/hs_ident.h"
103 #include "feature/relay/dns.h"
106 #include "feature/rend/rendclient.h"
107 #include "feature/rend/rendcommon.h"
108 #include "feature/stats/connstats.h"
109 #include "feature/stats/rephist.h"
110 #include "feature/stats/bwhist.h"
112 #include "lib/geoip/geoip.h"
113 
114 #include "lib/cc/ctassert.h"
115 #include "lib/sandbox/sandbox.h"
116 #include "lib/net/buffers_net.h"
117 #include "lib/tls/tortls.h"
119 #include "lib/compress/compress.h"
120 
121 #ifdef HAVE_PWD_H
122 #include <pwd.h>
123 #endif
124 
125 #ifdef HAVE_UNISTD_H
126 #include <unistd.h>
127 #endif
128 #ifdef HAVE_SYS_STAT_H
129 #include <sys/stat.h>
130 #endif
131 
132 #ifdef HAVE_SYS_UN_H
133 #include <sys/socket.h>
134 #include <sys/un.h>
135 #endif
136 
142 #include "core/or/port_cfg_st.h"
145 
146 /**
147  * On Windows and Linux we cannot reliably bind() a socket to an
148  * address and port if: 1) There's already a socket bound to wildcard
149  * address (0.0.0.0 or ::) with the same port; 2) We try to bind()
150  * to wildcard address and there's another socket bound to a
151  * specific address and the same port.
152  *
153  * To address this problem on these two platforms we implement a
154  * routine that:
155  * 1) Checks if first attempt to bind() a new socket failed with
156  * EADDRINUSE.
157  * 2) If so, it will close the appropriate old listener connection and
158  * 3) Attempts bind()'ing the new listener socket again.
159  *
160  * Just to be safe, we are enabling listener rebind code on all platforms,
161  * to account for unexpected cases where it may be needed.
162  */
163 #define ENABLE_LISTENER_REBIND
164 
166  const struct sockaddr *listensockaddr,
167  socklen_t listensocklen, int type,
168  const char *address,
169  const port_cfg_t *portcfg,
170  int *addr_in_use);
172  const port_cfg_t *port,
173  int *defer, int *addr_in_use);
174 static void connection_init(time_t now, connection_t *conn, int type,
175  int socket_family);
176 static int connection_handle_listener_read(connection_t *conn, int new_type);
178 static int connection_flushed_some(connection_t *conn);
180 static int connection_reached_eof(connection_t *conn);
182  ssize_t *max_to_read,
183  int *socket_error);
184 static int connection_process_inbuf(connection_t *conn, int package_partial);
186 static void set_constrained_socket_buffers(tor_socket_t sock, int size);
187 
188 static const char *connection_proxy_state_to_string(int state);
191 static const char *proxy_type_to_string(int proxy_type);
192 static int conn_get_proxy_type(const connection_t *conn);
194  const or_options_t *options, unsigned int conn_type);
195 static void reenable_blocked_connection_init(const or_options_t *options);
196 static void reenable_blocked_connection_schedule(void);
197 
198 /** The last addresses that our network interface seemed to have been
199  * binding to. We use this as one way to detect when our IP changes.
200  *
201  * XXXX+ We should really use the entire list of interfaces here.
202  **/
204 /* DOCDOC last_interface_ipv6 */
205 static tor_addr_t *last_interface_ipv6 = NULL;
206 /** A list of tor_addr_t for addresses we've used in outgoing connections.
207  * Used to detect IP address changes. */
209 
210 #define CASE_ANY_LISTENER_TYPE \
211  case CONN_TYPE_OR_LISTENER: \
212  case CONN_TYPE_EXT_OR_LISTENER: \
213  case CONN_TYPE_AP_LISTENER: \
214  case CONN_TYPE_DIR_LISTENER: \
215  case CONN_TYPE_CONTROL_LISTENER: \
216  case CONN_TYPE_AP_TRANS_LISTENER: \
217  case CONN_TYPE_AP_NATD_LISTENER: \
218  case CONN_TYPE_AP_DNS_LISTENER: \
219  case CONN_TYPE_AP_HTTP_CONNECT_LISTENER
220 
221 /**************************************************************/
222 
223 /**
224  * Cast a `connection_t *` to a `listener_connection_t *`.
225  *
226  * Exit with an assertion failure if the input is not a
227  * `listener_connection_t`.
228  **/
231 {
232  tor_assert(c->magic == LISTENER_CONNECTION_MAGIC);
233  return DOWNCAST(listener_connection_t, c);
234 }
235 
236 /**
237  * Cast a `const connection_t *` to a `const listener_connection_t *`.
238  *
239  * Exit with an assertion failure if the input is not a
240  * `listener_connection_t`.
241  **/
242 const listener_connection_t *
244 {
245  return TO_LISTENER_CONN((connection_t *)c);
246 }
247 
248 size_t
249 connection_get_inbuf_len(connection_t *conn)
250 {
251  return conn->inbuf ? buf_datalen(conn->inbuf) : 0;
252 }
253 
254 size_t
255 connection_get_outbuf_len(connection_t *conn)
256 {
257  return conn->outbuf ? buf_datalen(conn->outbuf) : 0;
258 }
259 
260 /**
261  * Return the human-readable name for the connection type <b>type</b>
262  */
263 const char *
265 {
266  static char buf[64];
267  switch (type) {
268  case CONN_TYPE_OR_LISTENER: return "OR listener";
269  case CONN_TYPE_OR: return "OR";
270  case CONN_TYPE_EXIT: return "Exit";
271  case CONN_TYPE_AP_LISTENER: return "Socks listener";
273  return "Transparent pf/netfilter listener";
274  case CONN_TYPE_AP_NATD_LISTENER: return "Transparent natd listener";
275  case CONN_TYPE_AP_DNS_LISTENER: return "DNS listener";
276  case CONN_TYPE_AP: return "Socks";
277  case CONN_TYPE_DIR_LISTENER: return "Directory listener";
278  case CONN_TYPE_DIR: return "Directory";
279  case CONN_TYPE_CONTROL_LISTENER: return "Control listener";
280  case CONN_TYPE_CONTROL: return "Control";
281  case CONN_TYPE_EXT_OR: return "Extended OR";
282  case CONN_TYPE_EXT_OR_LISTENER: return "Extended OR listener";
283  case CONN_TYPE_AP_HTTP_CONNECT_LISTENER: return "HTTP tunnel listener";
284  default:
285  log_warn(LD_BUG, "unknown connection type %d", type);
286  tor_snprintf(buf, sizeof(buf), "unknown [%d]", type);
287  return buf;
288  }
289 }
290 
291 /**
292  * Return the human-readable name for the connection state <b>state</b>
293  * for the connection type <b>type</b>
294  */
295 const char *
296 conn_state_to_string(int type, int state)
297 {
298  static char buf[96];
299  switch (type) {
300  CASE_ANY_LISTENER_TYPE:
301  if (state == LISTENER_STATE_READY)
302  return "ready";
303  break;
304  case CONN_TYPE_OR:
305  switch (state) {
306  case OR_CONN_STATE_CONNECTING: return "connect()ing";
307  case OR_CONN_STATE_PROXY_HANDSHAKING: return "handshaking (proxy)";
308  case OR_CONN_STATE_TLS_HANDSHAKING: return "handshaking (TLS)";
310  return "renegotiating (TLS, v2 handshake)";
312  return "waiting for renegotiation or V3 handshake";
314  return "handshaking (Tor, v2 handshake)";
316  return "handshaking (Tor, v3 handshake)";
317  case OR_CONN_STATE_OPEN: return "open";
318  }
319  break;
320  case CONN_TYPE_EXT_OR:
321  switch (state) {
323  return "waiting for authentication type";
325  return "waiting for client nonce";
327  return "waiting for client hash";
328  case EXT_OR_CONN_STATE_OPEN: return "open";
329  case EXT_OR_CONN_STATE_FLUSHING: return "flushing final OKAY";
330  }
331  break;
332  case CONN_TYPE_EXIT:
333  switch (state) {
334  case EXIT_CONN_STATE_RESOLVING: return "waiting for dest info";
335  case EXIT_CONN_STATE_CONNECTING: return "connecting";
336  case EXIT_CONN_STATE_OPEN: return "open";
337  case EXIT_CONN_STATE_RESOLVEFAILED: return "resolve failed";
338  }
339  break;
340  case CONN_TYPE_AP:
341  switch (state) {
342  case AP_CONN_STATE_SOCKS_WAIT: return "waiting for socks info";
343  case AP_CONN_STATE_NATD_WAIT: return "waiting for natd dest info";
344  case AP_CONN_STATE_RENDDESC_WAIT: return "waiting for rendezvous desc";
345  case AP_CONN_STATE_CONTROLLER_WAIT: return "waiting for controller";
346  case AP_CONN_STATE_CIRCUIT_WAIT: return "waiting for circuit";
347  case AP_CONN_STATE_CONNECT_WAIT: return "waiting for connect response";
348  case AP_CONN_STATE_RESOLVE_WAIT: return "waiting for resolve response";
349  case AP_CONN_STATE_OPEN: return "open";
350  }
351  break;
352  case CONN_TYPE_DIR:
353  switch (state) {
354  case DIR_CONN_STATE_CONNECTING: return "connecting";
355  case DIR_CONN_STATE_CLIENT_SENDING: return "client sending";
356  case DIR_CONN_STATE_CLIENT_READING: return "client reading";
357  case DIR_CONN_STATE_CLIENT_FINISHED: return "client finished";
358  case DIR_CONN_STATE_SERVER_COMMAND_WAIT: return "waiting for command";
359  case DIR_CONN_STATE_SERVER_WRITING: return "writing";
360  }
361  break;
362  case CONN_TYPE_CONTROL:
363  switch (state) {
364  case CONTROL_CONN_STATE_OPEN: return "open (protocol v1)";
366  return "waiting for authentication (protocol v1)";
367  }
368  break;
369  }
370 
371  if (state == 0) {
372  return "uninitialized";
373  }
374 
375  log_warn(LD_BUG, "unknown connection state %d (type %d)", state, type);
376  tor_snprintf(buf, sizeof(buf),
377  "unknown state [%d] on unknown [%s] connection",
378  state, conn_type_to_string(type));
379  tor_assert_nonfatal_unreached_once();
380  return buf;
381 }
382 
383 /**
384  * Helper: describe the peer or address of connection @a conn in a
385  * human-readable manner.
386  *
387  * Returns a pointer to a static buffer; future calls to
388  * connection_describe_peer_internal() will invalidate this buffer.
389  *
390  * If <b>include_preposition</b> is true, include a preposition before the
391  * peer address.
392  *
393  * Nobody should parse the output of this function; it can and will change in
394  * future versions of tor.
395  **/
396 static const char *
398  bool include_preposition)
399 {
400  IF_BUG_ONCE(!conn) {
401  return "null peer";
402  }
403 
404  static char peer_buf[256];
405  const tor_addr_t *addr = &conn->addr;
406  const char *address = NULL;
407  const char *prep;
408  bool scrub = false;
409  char extra_buf[128];
410  extra_buf[0] = 0;
411 
412  /* First, figure out the preposition to use */
413  switch (conn->type) {
414  CASE_ANY_LISTENER_TYPE:
415  prep = "on";
416  break;
417  case CONN_TYPE_EXIT:
418  prep = "to";
419  break;
420  case CONN_TYPE_CONTROL:
421  case CONN_TYPE_AP:
422  case CONN_TYPE_EXT_OR:
423  prep = "from";
424  break;
425  default:
426  prep = "with";
427  break;
428  }
429 
430  /* Now figure out the address. */
431  if (conn->socket_family == AF_UNIX) {
432  /* For unix sockets, we always use the `address` string. */
433  address = conn->address ? conn->address : "unix socket";
434  } else if (conn->type == CONN_TYPE_OR) {
435  /* For OR connections, we have a lot to do. */
436  const or_connection_t *or_conn = CONST_TO_OR_CONN(conn);
437  /* We report the IDs we're talking to... */
438  if (fast_digest_is_zero(or_conn->identity_digest)) {
439  // This could be a client, so scrub it. No identity to report.
440  scrub = true;
441  } else {
442  char id_buf[HEX_DIGEST_LEN+1];
443  base16_encode(id_buf, sizeof(id_buf),
444  or_conn->identity_digest, DIGEST_LEN);
445  tor_snprintf(extra_buf, sizeof(extra_buf),
446  " ID=%s", id_buf);
447  }
448  if (! scrub && (! tor_addr_eq(addr, &or_conn->canonical_orport.addr) ||
449  conn->port != or_conn->canonical_orport.port)) {
450  /* We report canonical address, if it's different */
451  char canonical_addr_buf[TOR_ADDR_BUF_LEN];
452  if (tor_addr_to_str(canonical_addr_buf, &or_conn->canonical_orport.addr,
453  sizeof(canonical_addr_buf), 1)) {
454  tor_snprintf(extra_buf+strlen(extra_buf),
455  sizeof(extra_buf)-strlen(extra_buf),
456  " canonical_addr=%s:%"PRIu16,
457  canonical_addr_buf,
458  or_conn->canonical_orport.port);
459  }
460  }
461  } else if (conn->type == CONN_TYPE_EXIT) {
462  scrub = true; /* This is a client's request; scrub it with SafeLogging. */
463  if (tor_addr_is_null(addr)) {
464  address = conn->address;
465  strlcpy(extra_buf, " (DNS lookup pending)", sizeof(extra_buf));
466  }
467  }
468 
469  char addr_buf[TOR_ADDR_BUF_LEN];
470  if (address == NULL) {
471  if (tor_addr_family(addr) == 0) {
472  address = "<unset>";
473  } else {
474  address = tor_addr_to_str(addr_buf, addr, sizeof(addr_buf), 1);
475  if (!address) {
476  address = "<can't format!>";
477  tor_assert_nonfatal_unreached_once();
478  }
479  }
480  }
481 
482  char portbuf[7];
483  portbuf[0]=0;
484  if (scrub && get_options()->SafeLogging_ != SAFELOG_SCRUB_NONE) {
485  address = "[scrubbed]";
486  } else {
487  /* Only set the port if we're not scrubbing the address. */
488  if (conn->port != 0) {
489  tor_snprintf(portbuf, sizeof(portbuf), ":%d", conn->port);
490  }
491  }
492 
493  const char *sp = include_preposition ? " " : "";
494  if (! include_preposition)
495  prep = "";
496 
497  tor_snprintf(peer_buf, sizeof(peer_buf),
498  "%s%s%s%s%s", prep, sp, address, portbuf, extra_buf);
499  return peer_buf;
500 }
501 
502 /**
503  * Describe the peer or address of connection @a conn in a
504  * human-readable manner.
505  *
506  * Returns a pointer to a static buffer; future calls to
507  * connection_describe_peer() or connection_describe() will invalidate this
508  * buffer.
509  *
510  * Nobody should parse the output of this function; it can and will change in
511  * future versions of tor.
512  **/
513 const char *
515 {
516  return connection_describe_peer_internal(conn, false);
517 }
518 
519 /**
520  * Describe a connection for logging purposes.
521  *
522  * Returns a pointer to a static buffer; future calls to connection_describe()
523  * will invalidate this buffer.
524  *
525  * Nobody should parse the output of this function; it can and will change in
526  * future versions of tor.
527  **/
528 const char *
530 {
531  IF_BUG_ONCE(!conn) {
532  return "null connection";
533  }
534  static char desc_buf[256];
535  const char *peer = connection_describe_peer_internal(conn, true);
536  tor_snprintf(desc_buf, sizeof(desc_buf),
537  "%s connection (%s) %s",
538  conn_type_to_string(conn->type),
539  conn_state_to_string(conn->type, conn->state),
540  peer);
541  return desc_buf;
542 }
543 
544 /** Allocate and return a new dir_connection_t, initialized as by
545  * connection_init(). */
547 dir_connection_new(int socket_family)
548 {
549  dir_connection_t *dir_conn = tor_malloc_zero(sizeof(dir_connection_t));
550  connection_init(time(NULL), TO_CONN(dir_conn), CONN_TYPE_DIR, socket_family);
551  return dir_conn;
552 }
553 
554 /** Allocate and return a new or_connection_t, initialized as by
555  * connection_init().
556  *
557  * Initialize active_circuit_pqueue.
558  *
559  * Set active_circuit_pqueue_last_recalibrated to current cell_ewma tick.
560  */
562 or_connection_new(int type, int socket_family)
563 {
564  or_connection_t *or_conn = tor_malloc_zero(sizeof(or_connection_t));
565  time_t now = time(NULL);
566  tor_assert(type == CONN_TYPE_OR || type == CONN_TYPE_EXT_OR);
567  connection_init(now, TO_CONN(or_conn), type, socket_family);
568 
569  tor_addr_make_unspec(&or_conn->canonical_orport.addr);
570  connection_or_set_canonical(or_conn, 0);
571 
572  if (type == CONN_TYPE_EXT_OR) {
573  /* If we aren't told an address for this connection, we should
574  * presume it isn't local, and should be rate-limited. */
575  TO_CONN(or_conn)->always_rate_limit_as_remote = 1;
577  }
578 
579  return or_conn;
580 }
581 
582 /** Allocate and return a new entry_connection_t, initialized as by
583  * connection_init().
584  *
585  * Allocate space to store the socks_request.
586  */
588 entry_connection_new(int type, int socket_family)
589 {
590  entry_connection_t *entry_conn = tor_malloc_zero(sizeof(entry_connection_t));
591  tor_assert(type == CONN_TYPE_AP);
592  connection_init(time(NULL), ENTRY_TO_CONN(entry_conn), type, socket_family);
593  entry_conn->socks_request = socks_request_new();
594  /* If this is coming from a listener, we'll set it up based on the listener
595  * in a little while. Otherwise, we're doing this as a linked connection
596  * of some kind, and we should set it up here based on the socket family */
597  if (socket_family == AF_INET)
598  entry_conn->entry_cfg.ipv4_traffic = 1;
599  else if (socket_family == AF_INET6)
600  entry_conn->entry_cfg.ipv6_traffic = 1;
601  return entry_conn;
602 }
603 
604 /** Allocate and return a new edge_connection_t, initialized as by
605  * connection_init(). */
607 edge_connection_new(int type, int socket_family)
608 {
609  edge_connection_t *edge_conn = tor_malloc_zero(sizeof(edge_connection_t));
610  tor_assert(type == CONN_TYPE_EXIT);
611  connection_init(time(NULL), TO_CONN(edge_conn), type, socket_family);
612  return edge_conn;
613 }
614 
615 /** Allocate and return a new control_connection_t, initialized as by
616  * connection_init(). */
618 control_connection_new(int socket_family)
619 {
620  control_connection_t *control_conn =
621  tor_malloc_zero(sizeof(control_connection_t));
622  connection_init(time(NULL),
623  TO_CONN(control_conn), CONN_TYPE_CONTROL, socket_family);
624  return control_conn;
625 }
626 
627 /** Allocate and return a new listener_connection_t, initialized as by
628  * connection_init(). */
630 listener_connection_new(int type, int socket_family)
631 {
632  listener_connection_t *listener_conn =
633  tor_malloc_zero(sizeof(listener_connection_t));
634  connection_init(time(NULL), TO_CONN(listener_conn), type, socket_family);
635  return listener_conn;
636 }
637 
638 /** Allocate, initialize, and return a new connection_t subtype of <b>type</b>
639  * to make or receive connections of address family <b>socket_family</b>. The
640  * type should be one of the CONN_TYPE_* constants. */
641 connection_t *
642 connection_new(int type, int socket_family)
643 {
644  switch (type) {
645  case CONN_TYPE_OR:
646  case CONN_TYPE_EXT_OR:
647  return TO_CONN(or_connection_new(type, socket_family));
648 
649  case CONN_TYPE_EXIT:
650  return TO_CONN(edge_connection_new(type, socket_family));
651 
652  case CONN_TYPE_AP:
653  return ENTRY_TO_CONN(entry_connection_new(type, socket_family));
654 
655  case CONN_TYPE_DIR:
656  return TO_CONN(dir_connection_new(socket_family));
657 
658  case CONN_TYPE_CONTROL:
659  return TO_CONN(control_connection_new(socket_family));
660 
661  CASE_ANY_LISTENER_TYPE:
662  return TO_CONN(listener_connection_new(type, socket_family));
663 
664  default: {
665  connection_t *conn = tor_malloc_zero(sizeof(connection_t));
666  connection_init(time(NULL), conn, type, socket_family);
667  return conn;
668  }
669  }
670 }
671 
672 /** Initializes conn. (you must call connection_add() to link it into the main
673  * array).
674  *
675  * Set conn->magic to the correct value.
676  *
677  * Set conn->type to <b>type</b>. Set conn->s and conn->conn_array_index to
678  * -1 to signify they are not yet assigned.
679  *
680  * Initialize conn's timestamps to now.
681  */
682 static void
683 connection_init(time_t now, connection_t *conn, int type, int socket_family)
684 {
685  static uint64_t n_connections_allocated = 1;
686 
687  switch (type) {
688  case CONN_TYPE_OR:
689  case CONN_TYPE_EXT_OR:
690  conn->magic = OR_CONNECTION_MAGIC;
691  break;
692  case CONN_TYPE_EXIT:
693  conn->magic = EDGE_CONNECTION_MAGIC;
694  break;
695  case CONN_TYPE_AP:
696  conn->magic = ENTRY_CONNECTION_MAGIC;
697  break;
698  case CONN_TYPE_DIR:
699  conn->magic = DIR_CONNECTION_MAGIC;
700  break;
701  case CONN_TYPE_CONTROL:
702  conn->magic = CONTROL_CONNECTION_MAGIC;
703  break;
704  CASE_ANY_LISTENER_TYPE:
705  conn->magic = LISTENER_CONNECTION_MAGIC;
706  break;
707  default:
708  conn->magic = BASE_CONNECTION_MAGIC;
709  break;
710  }
711 
712  conn->s = TOR_INVALID_SOCKET; /* give it a default of 'not used' */
713  conn->conn_array_index = -1; /* also default to 'not used' */
714  conn->global_identifier = n_connections_allocated++;
715 
716  conn->type = type;
717  conn->socket_family = socket_family;
718  if (!connection_is_listener(conn)) {
719  /* listeners never use their buf */
720  conn->inbuf = buf_new();
721  conn->outbuf = buf_new();
722  }
723 
724  conn->timestamp_created = now;
725  conn->timestamp_last_read_allowed = now;
726  conn->timestamp_last_write_allowed = now;
727 }
728 
729 /** Create a link between <b>conn_a</b> and <b>conn_b</b>. */
730 void
732 {
733  tor_assert(! SOCKET_OK(conn_a->s));
734  tor_assert(! SOCKET_OK(conn_b->s));
735 
736  conn_a->linked = 1;
737  conn_b->linked = 1;
738  conn_a->linked_conn = conn_b;
739  conn_b->linked_conn = conn_a;
740 }
741 
742 /** Return true iff the provided connection listener type supports AF_UNIX
743  * sockets. */
744 int
746 {
747  /* For now only control ports or SOCKS ports can be Unix domain sockets
748  * and listeners at the same time */
749  switch (type) {
752  return 1;
753  default:
754  return 0;
755  }
756 }
757 
758 /** Deallocate memory used by <b>conn</b>. Deallocate its buffers if
759  * necessary, close its socket if necessary, and mark the directory as dirty
760  * if <b>conn</b> is an OR or OP connection.
761  */
762 STATIC void
764 {
765  void *mem;
766  size_t memlen;
767  if (!conn)
768  return;
769 
770  switch (conn->type) {
771  case CONN_TYPE_OR:
772  case CONN_TYPE_EXT_OR:
773  tor_assert(conn->magic == OR_CONNECTION_MAGIC);
774  mem = TO_OR_CONN(conn);
775  memlen = sizeof(or_connection_t);
776  break;
777  case CONN_TYPE_AP:
778  tor_assert(conn->magic == ENTRY_CONNECTION_MAGIC);
779  mem = TO_ENTRY_CONN(conn);
780  memlen = sizeof(entry_connection_t);
781  break;
782  case CONN_TYPE_EXIT:
783  tor_assert(conn->magic == EDGE_CONNECTION_MAGIC);
784  mem = TO_EDGE_CONN(conn);
785  memlen = sizeof(edge_connection_t);
786  break;
787  case CONN_TYPE_DIR:
788  tor_assert(conn->magic == DIR_CONNECTION_MAGIC);
789  mem = TO_DIR_CONN(conn);
790  memlen = sizeof(dir_connection_t);
791  break;
792  case CONN_TYPE_CONTROL:
793  tor_assert(conn->magic == CONTROL_CONNECTION_MAGIC);
794  mem = TO_CONTROL_CONN(conn);
795  memlen = sizeof(control_connection_t);
796  break;
797  CASE_ANY_LISTENER_TYPE:
798  tor_assert(conn->magic == LISTENER_CONNECTION_MAGIC);
799  mem = TO_LISTENER_CONN(conn);
800  memlen = sizeof(listener_connection_t);
801  break;
802  default:
803  tor_assert(conn->magic == BASE_CONNECTION_MAGIC);
804  mem = conn;
805  memlen = sizeof(connection_t);
806  break;
807  }
808 
809  if (conn->linked) {
810  log_info(LD_GENERAL, "Freeing linked %s connection [%s] with %d "
811  "bytes on inbuf, %d on outbuf.",
812  conn_type_to_string(conn->type),
813  conn_state_to_string(conn->type, conn->state),
814  (int)connection_get_inbuf_len(conn),
815  (int)connection_get_outbuf_len(conn));
816  }
817 
818  if (!connection_is_listener(conn)) {
819  buf_free(conn->inbuf);
820  buf_free(conn->outbuf);
821  } else {
822  if (conn->socket_family == AF_UNIX) {
823  /* For now only control and SOCKS ports can be Unix domain sockets
824  * and listeners at the same time */
826 
827  if (unlink(conn->address) < 0 && errno != ENOENT) {
828  log_warn(LD_NET, "Could not unlink %s: %s", conn->address,
829  strerror(errno));
830  }
831  }
832  }
833 
834  tor_free(conn->address);
835 
836  if (connection_speaks_cells(conn)) {
837  or_connection_t *or_conn = TO_OR_CONN(conn);
838  if (or_conn->tls) {
839  if (! SOCKET_OK(conn->s)) {
840  /* The socket has been closed by somebody else; we must tell the
841  * TLS object not to close it. */
842  tor_tls_release_socket(or_conn->tls);
843  } else {
844  /* The tor_tls_free() call below will close the socket; we must tell
845  * the code below not to close it a second time. */
847  conn->s = TOR_INVALID_SOCKET;
848  }
849  tor_tls_free(or_conn->tls);
850  or_conn->tls = NULL;
851  }
852  or_handshake_state_free(or_conn->handshake_state);
853  or_conn->handshake_state = NULL;
854  tor_free(or_conn->nickname);
855  if (or_conn->chan) {
856  /* Owww, this shouldn't happen, but... */
857  channel_t *base_chan = TLS_CHAN_TO_BASE(or_conn->chan);
858  tor_assert(base_chan);
859  log_info(LD_CHANNEL,
860  "Freeing orconn at %p, saw channel %p with ID "
861  "%"PRIu64 " left un-NULLed",
862  or_conn, base_chan,
863  base_chan->global_identifier);
864  if (!CHANNEL_FINISHED(base_chan)) {
865  channel_close_for_error(base_chan);
866  }
867 
868  or_conn->chan->conn = NULL;
869  or_conn->chan = NULL;
870  }
871  }
872  if (conn->type == CONN_TYPE_AP) {
873  entry_connection_t *entry_conn = TO_ENTRY_CONN(conn);
874  tor_free(entry_conn->chosen_exit_name);
875  tor_free(entry_conn->original_dest_address);
876  if (entry_conn->socks_request)
877  socks_request_free(entry_conn->socks_request);
878  if (entry_conn->pending_optimistic_data) {
879  buf_free(entry_conn->pending_optimistic_data);
880  }
881  if (entry_conn->sending_optimistic_data) {
882  buf_free(entry_conn->sending_optimistic_data);
883  }
884  }
885  if (CONN_IS_EDGE(conn)) {
886  rend_data_free(TO_EDGE_CONN(conn)->rend_data);
887  hs_ident_edge_conn_free(TO_EDGE_CONN(conn)->hs_ident);
888  }
889  if (conn->type == CONN_TYPE_CONTROL) {
890  control_connection_t *control_conn = TO_CONTROL_CONN(conn);
891  tor_free(control_conn->safecookie_client_hash);
892  tor_free(control_conn->incoming_cmd);
893  tor_free(control_conn->current_cmd);
894  if (control_conn->ephemeral_onion_services) {
895  SMARTLIST_FOREACH(control_conn->ephemeral_onion_services, char *, cp, {
896  memwipe(cp, 0, strlen(cp));
897  tor_free(cp);
898  });
899  smartlist_free(control_conn->ephemeral_onion_services);
900  }
901  }
902 
903  /* Probably already freed by connection_free. */
904  tor_event_free(conn->read_event);
905  tor_event_free(conn->write_event);
906  conn->read_event = conn->write_event = NULL;
907 
908  if (conn->type == CONN_TYPE_DIR) {
909  dir_connection_t *dir_conn = TO_DIR_CONN(conn);
910  tor_free(dir_conn->requested_resource);
911 
912  tor_compress_free(dir_conn->compress_state);
913  dir_conn_clear_spool(dir_conn);
914 
915  rend_data_free(dir_conn->rend_data);
916  hs_ident_dir_conn_free(dir_conn->hs_ident);
917  if (dir_conn->guard_state) {
918  /* Cancel before freeing, if it's still there. */
919  entry_guard_cancel(&dir_conn->guard_state);
920  }
921  circuit_guard_state_free(dir_conn->guard_state);
922  }
923 
924  if (SOCKET_OK(conn->s)) {
925  log_debug(LD_NET,"closing fd %d.",(int)conn->s);
926  tor_close_socket(conn->s);
927  conn->s = TOR_INVALID_SOCKET;
928  }
929 
930  if (conn->type == CONN_TYPE_OR &&
931  !tor_digest_is_zero(TO_OR_CONN(conn)->identity_digest)) {
932  log_warn(LD_BUG, "called on OR conn with non-zeroed identity_digest");
934  }
935  if (conn->type == CONN_TYPE_OR || conn->type == CONN_TYPE_EXT_OR) {
937  tor_free(TO_OR_CONN(conn)->ext_or_conn_id);
938  tor_free(TO_OR_CONN(conn)->ext_or_auth_correct_client_hash);
939  tor_free(TO_OR_CONN(conn)->ext_or_transport);
940  }
941 
942  memwipe(mem, 0xCC, memlen); /* poison memory */
943  tor_free(mem);
944 }
945 
946 /** Make sure <b>conn</b> isn't in any of the global conn lists; then free it.
947  */
948 MOCK_IMPL(void,
950 {
951  if (!conn)
952  return;
955  if (BUG(conn->linked_conn)) {
956  conn->linked_conn->linked_conn = NULL;
957  if (! conn->linked_conn->marked_for_close &&
960  conn->linked_conn = NULL;
961  }
962  if (connection_speaks_cells(conn)) {
963  if (!tor_digest_is_zero(TO_OR_CONN(conn)->identity_digest)) {
965  }
966  }
967  if (conn->type == CONN_TYPE_CONTROL) {
969  }
970 #if 1
971  /* DEBUGGING */
972  if (conn->type == CONN_TYPE_AP) {
973  connection_ap_warn_and_unmark_if_pending_circ(TO_ENTRY_CONN(conn),
974  "connection_free");
975  }
976 #endif /* 1 */
977 
978  /* Notify the circuit creation DoS mitigation subsystem that an OR client
979  * connection has been closed. And only do that if we track it. */
980  if (conn->type == CONN_TYPE_OR) {
981  dos_close_client_conn(TO_OR_CONN(conn));
982  }
983 
986 }
987 
988 /**
989  * Called when we're about to finally unlink and free a connection:
990  * perform necessary accounting and cleanup
991  * - Directory conns that failed to fetch a rendezvous descriptor
992  * need to inform pending rendezvous streams.
993  * - OR conns need to call rep_hist_note_*() to record status.
994  * - AP conns need to send a socks reject if necessary.
995  * - Exit conns need to call connection_dns_remove() if necessary.
996  * - AP and Exit conns need to send an end cell if they can.
997  * - DNS conns need to fail any resolves that are pending on them.
998  * - OR and edge connections need to be unlinked from circuits.
999  */
1000 void
1002 {
1004 
1005  switch (conn->type) {
1006  case CONN_TYPE_DIR:
1008  break;
1009  case CONN_TYPE_OR:
1010  case CONN_TYPE_EXT_OR:
1012  break;
1013  case CONN_TYPE_AP:
1015  break;
1016  case CONN_TYPE_EXIT:
1018  break;
1019  }
1020 }
1021 
1022 /** Return true iff connection_close_immediate() has been called on this
1023  * connection. */
1024 #define CONN_IS_CLOSED(c) \
1025  ((c)->linked ? ((c)->linked_conn_is_closed) : (! SOCKET_OK(c->s)))
1026 
1027 /** Close the underlying socket for <b>conn</b>, so we don't try to
1028  * flush it. Must be used in conjunction with (right before)
1029  * connection_mark_for_close().
1030  */
1031 void
1033 {
1034  assert_connection_ok(conn,0);
1035  if (CONN_IS_CLOSED(conn)) {
1036  log_err(LD_BUG,"Attempt to close already-closed connection.");
1038  return;
1039  }
1040  if (connection_get_outbuf_len(conn)) {
1041  log_info(LD_NET,"fd %d, type %s, state %s, %"TOR_PRIuSZ" bytes on outbuf.",
1042  (int)conn->s, conn_type_to_string(conn->type),
1043  conn_state_to_string(conn->type, conn->state),
1044  buf_datalen(conn->outbuf));
1045  }
1046 
1048 
1049  /* Prevent the event from getting unblocked. */
1050  conn->read_blocked_on_bw = 0;
1051  conn->write_blocked_on_bw = 0;
1052 
1053  if (SOCKET_OK(conn->s))
1054  tor_close_socket(conn->s);
1055  conn->s = TOR_INVALID_SOCKET;
1056  if (conn->linked)
1057  conn->linked_conn_is_closed = 1;
1058  if (conn->outbuf)
1059  buf_clear(conn->outbuf);
1060 }
1061 
1062 /** Mark <b>conn</b> to be closed next time we loop through
1063  * conn_close_if_marked() in main.c. */
1064 void
1065 connection_mark_for_close_(connection_t *conn, int line, const char *file)
1066 {
1067  assert_connection_ok(conn,0);
1068  tor_assert(line);
1069  tor_assert(line < 1<<16); /* marked_for_close can only fit a uint16_t. */
1070  tor_assert(file);
1071 
1072  if (conn->type == CONN_TYPE_OR) {
1073  /*
1074  * An or_connection should have been closed through one of the channel-
1075  * aware functions in connection_or.c. We'll assume this is an error
1076  * close and do that, and log a bug warning.
1077  */
1078  log_warn(LD_CHANNEL | LD_BUG,
1079  "Something tried to close an or_connection_t without going "
1080  "through channels at %s:%d",
1081  file, line);
1083  } else {
1084  /* Pass it down to the real function */
1085  connection_mark_for_close_internal_(conn, line, file);
1086  }
1087 }
1088 
1089 /** Mark <b>conn</b> to be closed next time we loop through
1090  * conn_close_if_marked() in main.c.
1091  *
1092  * This _internal version bypasses the CONN_TYPE_OR checks; this should be
1093  * called when you either are sure that if this is an or_connection_t the
1094  * controlling channel has been notified (e.g. with
1095  * connection_or_notify_error()), or you actually are the
1096  * connection_or_close_for_error() or connection_or_close_normally() function.
1097  * For all other cases, use connection_mark_and_flush() which checks for
1098  * or_connection_t properly, instead. See below.
1099  *
1100  * We want to keep this function simple and quick, since it can be called from
1101  * quite deep in the call chain, and hence it should avoid having side-effects
1102  * that interfere with its callers view of the connection.
1103  */
1104 MOCK_IMPL(void,
1106  int line, const char *file))
1107 {
1108  assert_connection_ok(conn,0);
1109  tor_assert(line);
1110  tor_assert(line < 1<<16); /* marked_for_close can only fit a uint16_t. */
1111  tor_assert(file);
1112 
1113  if (conn->marked_for_close) {
1114  log_warn(LD_BUG,"Duplicate call to connection_mark_for_close at %s:%d"
1115  " (first at %s:%d)", file, line, conn->marked_for_close_file,
1116  conn->marked_for_close);
1118  return;
1119  }
1120 
1121  if (conn->type == CONN_TYPE_OR) {
1122  /*
1123  * Bad news if this happens without telling the controlling channel; do
1124  * this so we can find things that call this wrongly when the asserts hit.
1125  */
1126  log_debug(LD_CHANNEL,
1127  "Calling connection_mark_for_close_internal_() on an OR conn "
1128  "at %s:%d",
1129  file, line);
1130  }
1131 
1132  conn->marked_for_close = line;
1133  conn->marked_for_close_file = file;
1135 
1136  /* in case we're going to be held-open-til-flushed, reset
1137  * the number of seconds since last successful write, so
1138  * we get our whole 15 seconds */
1139  conn->timestamp_last_write_allowed = time(NULL);
1140 }
1141 
1142 /** Find each connection that has hold_open_until_flushed set to
1143  * 1 but hasn't written in the past 15 seconds, and set
1144  * hold_open_until_flushed to 0. This means it will get cleaned
1145  * up in the next loop through close_if_marked() in main.c.
1146  */
1147 void
1149 {
1150  time_t now;
1151  smartlist_t *conns = get_connection_array();
1152 
1153  now = time(NULL);
1154 
1155  SMARTLIST_FOREACH_BEGIN(conns, connection_t *, conn) {
1156  /* If we've been holding the connection open, but we haven't written
1157  * for 15 seconds...
1158  */
1159  if (conn->hold_open_until_flushed) {
1161  if (now - conn->timestamp_last_write_allowed >= 15) {
1162  int severity;
1163  if (conn->type == CONN_TYPE_EXIT ||
1164  (conn->type == CONN_TYPE_DIR &&
1165  conn->purpose == DIR_PURPOSE_SERVER))
1166  severity = LOG_INFO;
1167  else
1168  severity = LOG_NOTICE;
1169  log_fn(severity, LD_NET,
1170  "Giving up on marked_for_close conn that's been flushing "
1171  "for 15s (fd %d, type %s, state %s).",
1172  (int)conn->s, conn_type_to_string(conn->type),
1173  conn_state_to_string(conn->type, conn->state));
1174  conn->hold_open_until_flushed = 0;
1175  }
1176  }
1177  } SMARTLIST_FOREACH_END(conn);
1178 }
1179 
1180 #if defined(HAVE_SYS_UN_H) || defined(RUNNING_DOXYGEN)
1181 /** Create an AF_UNIX listenaddr struct.
1182  * <b>listenaddress</b> provides the path to the Unix socket.
1183  *
1184  * Eventually <b>listenaddress</b> will also optionally contain user, group,
1185  * and file permissions for the new socket. But not yet. XXX
1186  * Also, since we do not create the socket here the information doesn't help
1187  * here.
1188  *
1189  * If not NULL <b>readable_address</b> will contain a copy of the path part of
1190  * <b>listenaddress</b>.
1191  *
1192  * The listenaddr struct has to be freed by the caller.
1193  */
1194 static struct sockaddr_un *
1195 create_unix_sockaddr(const char *listenaddress, char **readable_address,
1196  socklen_t *len_out)
1197 {
1198  struct sockaddr_un *sockaddr = NULL;
1199 
1200  sockaddr = tor_malloc_zero(sizeof(struct sockaddr_un));
1201  sockaddr->sun_family = AF_UNIX;
1202  if (strlcpy(sockaddr->sun_path, listenaddress, sizeof(sockaddr->sun_path))
1203  >= sizeof(sockaddr->sun_path)) {
1204  log_warn(LD_CONFIG, "Unix socket path '%s' is too long to fit.",
1205  escaped(listenaddress));
1206  tor_free(sockaddr);
1207  return NULL;
1208  }
1209 
1210  if (readable_address)
1211  *readable_address = tor_strdup(listenaddress);
1212 
1213  *len_out = sizeof(struct sockaddr_un);
1214  return sockaddr;
1215 }
1216 #else /* !(defined(HAVE_SYS_UN_H) || defined(RUNNING_DOXYGEN)) */
1217 static struct sockaddr *
1218 create_unix_sockaddr(const char *listenaddress, char **readable_address,
1219  socklen_t *len_out)
1220 {
1221  (void)listenaddress;
1222  (void)readable_address;
1224  "Unix domain sockets not supported, yet we tried to create one.");
1225  *len_out = 0;
1227  return NULL;
1228 }
1229 #endif /* defined(HAVE_SYS_UN_H) || defined(RUNNING_DOXYGEN) */
1230 
1231 /** Warn that an accept or a connect has failed because we're running out of
1232  * TCP sockets we can use on current system. Rate-limit these warnings so
1233  * that we don't spam the log. */
1234 static void
1236 {
1237 #define WARN_TOO_MANY_CONNS_INTERVAL (6*60*60)
1238  static ratelim_t last_warned = RATELIM_INIT(WARN_TOO_MANY_CONNS_INTERVAL);
1239  char *m;
1240  if ((m = rate_limit_log(&last_warned, approx_time()))) {
1241  int n_conns = get_n_open_sockets();
1242  log_warn(LD_NET,"Failing because we have %d connections already. Please "
1243  "read doc/TUNING for guidance.%s", n_conns, m);
1244  tor_free(m);
1245  control_event_general_status(LOG_WARN, "TOO_MANY_CONNECTIONS CURRENT=%d",
1246  n_conns);
1247  }
1248 }
1249 
1250 #ifdef HAVE_SYS_UN_H
1251 
1252 #define UNIX_SOCKET_PURPOSE_CONTROL_SOCKET 0
1253 #define UNIX_SOCKET_PURPOSE_SOCKS_SOCKET 1
1254 
1255 /** Check if the purpose isn't one of the ones we know what to do with */
1256 
1257 static int
1258 is_valid_unix_socket_purpose(int purpose)
1259 {
1260  int valid = 0;
1261 
1262  switch (purpose) {
1263  case UNIX_SOCKET_PURPOSE_CONTROL_SOCKET:
1264  case UNIX_SOCKET_PURPOSE_SOCKS_SOCKET:
1265  valid = 1;
1266  break;
1267  }
1268 
1269  return valid;
1270 }
1271 
1272 /** Return a string description of a unix socket purpose */
1273 static const char *
1274 unix_socket_purpose_to_string(int purpose)
1275 {
1276  const char *s = "unknown-purpose socket";
1277 
1278  switch (purpose) {
1279  case UNIX_SOCKET_PURPOSE_CONTROL_SOCKET:
1280  s = "control socket";
1281  break;
1282  case UNIX_SOCKET_PURPOSE_SOCKS_SOCKET:
1283  s = "SOCKS socket";
1284  break;
1285  }
1286 
1287  return s;
1288 }
1289 
1290 /** Check whether we should be willing to open an AF_UNIX socket in
1291  * <b>path</b>. Return 0 if we should go ahead and -1 if we shouldn't. */
1292 static int
1293 check_location_for_unix_socket(const or_options_t *options, const char *path,
1294  int purpose, const port_cfg_t *port)
1295 {
1296  int r = -1;
1297  char *p = NULL;
1298 
1299  tor_assert(is_valid_unix_socket_purpose(purpose));
1300 
1301  p = tor_strdup(path);
1302  cpd_check_t flags = CPD_CHECK_MODE_ONLY;
1303  if (get_parent_directory(p)<0 || p[0] != '/') {
1304  log_warn(LD_GENERAL, "Bad unix socket address '%s'. Tor does not support "
1305  "relative paths for unix sockets.", path);
1306  goto done;
1307  }
1308 
1309  if (port->is_world_writable) {
1310  /* World-writable sockets can go anywhere. */
1311  r = 0;
1312  goto done;
1313  }
1314 
1315  if (port->is_group_writable) {
1316  flags |= CPD_GROUP_OK;
1317  }
1318 
1319  if (port->relax_dirmode_check) {
1320  flags |= CPD_RELAX_DIRMODE_CHECK;
1321  }
1322 
1323  if (check_private_dir(p, flags, options->User) < 0) {
1324  char *escpath, *escdir;
1325  escpath = esc_for_log(path);
1326  escdir = esc_for_log(p);
1327  log_warn(LD_GENERAL, "Before Tor can create a %s in %s, the directory "
1328  "%s needs to exist, and to be accessible only by the user%s "
1329  "account that is running Tor. (On some Unix systems, anybody "
1330  "who can list a socket can connect to it, so Tor is being "
1331  "careful.)",
1332  unix_socket_purpose_to_string(purpose), escpath, escdir,
1333  port->is_group_writable ? " and group" : "");
1334  tor_free(escpath);
1335  tor_free(escdir);
1336  goto done;
1337  }
1338 
1339  r = 0;
1340  done:
1341  tor_free(p);
1342  return r;
1343 }
1344 #endif /* defined(HAVE_SYS_UN_H) */
1345 
1346 /** Tell the TCP stack that it shouldn't wait for a long time after
1347  * <b>sock</b> has closed before reusing its port. Return 0 on success,
1348  * -1 on failure. */
1349 static int
1351 {
1352 #ifdef _WIN32
1353  (void) sock;
1354  return 0;
1355 #else
1356  int one=1;
1357 
1358  /* REUSEADDR on normal places means you can rebind to the port
1359  * right after somebody else has let it go. But REUSEADDR on win32
1360  * means you can bind to the port _even when somebody else
1361  * already has it bound_. So, don't do that on Win32. */
1362  if (setsockopt(sock, SOL_SOCKET, SO_REUSEADDR, (void*) &one,
1363  (socklen_t)sizeof(one)) == -1) {
1364  return -1;
1365  }
1366  return 0;
1367 #endif /* defined(_WIN32) */
1368 }
1369 
1370 #ifdef _WIN32
1371 /** Tell the Windows TCP stack to prevent other applications from receiving
1372  * traffic from tor's open ports. Return 0 on success, -1 on failure. */
1373 static int
1374 make_win32_socket_exclusive(tor_socket_t sock)
1375 {
1376 #ifdef SO_EXCLUSIVEADDRUSE
1377  int one=1;
1378 
1379  /* Any socket that sets REUSEADDR on win32 can bind to a port _even when
1380  * somebody else already has it bound_, and _even if the original socket
1381  * didn't set REUSEADDR_. Use EXCLUSIVEADDRUSE to prevent this port-stealing
1382  * on win32. */
1383  if (setsockopt(sock, SOL_SOCKET, SO_EXCLUSIVEADDRUSE, (void*) &one,
1384  (socklen_t)sizeof(one))) {
1385  return -1;
1386  }
1387  return 0;
1388 #else /* !defined(SO_EXCLUSIVEADDRUSE) */
1389  (void) sock;
1390  return 0;
1391 #endif /* defined(SO_EXCLUSIVEADDRUSE) */
1392 }
1393 #endif /* defined(_WIN32) */
1394 
1395 /** Max backlog to pass to listen. We start at */
1396 static int listen_limit = INT_MAX;
1397 
1398 /* Listen on <b>fd</b> with appropriate backlog. Return as for listen. */
1399 static int
1400 tor_listen(tor_socket_t fd)
1401 {
1402  int r;
1403 
1404  if ((r = listen(fd, listen_limit)) < 0) {
1405  if (listen_limit == SOMAXCONN)
1406  return r;
1407  if ((r = listen(fd, SOMAXCONN)) == 0) {
1408  listen_limit = SOMAXCONN;
1409  log_warn(LD_NET, "Setting listen backlog to INT_MAX connections "
1410  "didn't work, but SOMAXCONN did. Lowering backlog limit.");
1411  }
1412  }
1413  return r;
1414 }
1415 
1416 /** Bind a new non-blocking socket listening to the socket described
1417  * by <b>listensockaddr</b>.
1418  *
1419  * <b>address</b> is only used for logging purposes and to add the information
1420  * to the conn.
1421  *
1422  * Set <b>addr_in_use</b> to true in case socket binding fails with
1423  * EADDRINUSE.
1424  */
1425 static connection_t *
1426 connection_listener_new(const struct sockaddr *listensockaddr,
1427  socklen_t socklen,
1428  int type, const char *address,
1429  const port_cfg_t *port_cfg,
1430  int *addr_in_use)
1431 {
1432  listener_connection_t *lis_conn;
1433  connection_t *conn = NULL;
1434  tor_socket_t s = TOR_INVALID_SOCKET; /* the socket we're going to make */
1435  or_options_t const *options = get_options();
1436  (void) options; /* Windows doesn't use this. */
1437 #if defined(HAVE_PWD_H) && defined(HAVE_SYS_UN_H)
1438  const struct passwd *pw = NULL;
1439 #endif
1440  uint16_t usePort = 0, gotPort = 0;
1441  int start_reading = 0;
1442  static int global_next_session_group = SESSION_GROUP_FIRST_AUTO;
1443  tor_addr_t addr;
1444  int exhaustion = 0;
1445 
1446  if (addr_in_use)
1447  *addr_in_use = 0;
1448 
1449  if (listensockaddr->sa_family == AF_INET ||
1450  listensockaddr->sa_family == AF_INET6) {
1451  int is_stream = (type != CONN_TYPE_AP_DNS_LISTENER);
1452  if (is_stream)
1453  start_reading = 1;
1454 
1455  tor_addr_from_sockaddr(&addr, listensockaddr, &usePort);
1456  log_notice(LD_NET, "Opening %s on %s",
1457  conn_type_to_string(type), fmt_addrport(&addr, usePort));
1458 
1460  is_stream ? SOCK_STREAM : SOCK_DGRAM,
1461  is_stream ? IPPROTO_TCP: IPPROTO_UDP);
1462  if (!SOCKET_OK(s)) {
1463  int e = tor_socket_errno(s);
1464  if (ERRNO_IS_RESOURCE_LIMIT(e)) {
1466  /*
1467  * We'll call the OOS handler at the error exit, so set the
1468  * exhaustion flag for it.
1469  */
1470  exhaustion = 1;
1471  } else {
1472  log_warn(LD_NET, "Socket creation failed: %s",
1473  tor_socket_strerror(e));
1474  }
1475  goto err;
1476  }
1477 
1478  if (make_socket_reuseable(s) < 0) {
1479  log_warn(LD_NET, "Error setting SO_REUSEADDR flag on %s: %s",
1480  conn_type_to_string(type),
1481  tor_socket_strerror(errno));
1482  }
1483 
1484 #ifdef _WIN32
1485  if (make_win32_socket_exclusive(s) < 0) {
1486  log_warn(LD_NET, "Error setting SO_EXCLUSIVEADDRUSE flag on %s: %s",
1487  conn_type_to_string(type),
1488  tor_socket_strerror(errno));
1489  }
1490 #endif /* defined(_WIN32) */
1491 
1492 #if defined(USE_TRANSPARENT) && defined(IP_TRANSPARENT)
1493  if (options->TransProxyType_parsed == TPT_TPROXY &&
1494  type == CONN_TYPE_AP_TRANS_LISTENER) {
1495  int one = 1;
1496  if (setsockopt(s, SOL_IP, IP_TRANSPARENT, (void*)&one,
1497  (socklen_t)sizeof(one)) < 0) {
1498  const char *extra = "";
1499  int e = tor_socket_errno(s);
1500  if (e == EPERM)
1501  extra = "TransTPROXY requires root privileges or similar"
1502  " capabilities.";
1503  log_warn(LD_NET, "Error setting IP_TRANSPARENT flag: %s.%s",
1504  tor_socket_strerror(e), extra);
1505  }
1506  }
1507 #endif /* defined(USE_TRANSPARENT) && defined(IP_TRANSPARENT) */
1508 
1509 #ifdef IPV6_V6ONLY
1510  if (listensockaddr->sa_family == AF_INET6) {
1511  int one = 1;
1512  /* We need to set IPV6_V6ONLY so that this socket can't get used for
1513  * IPv4 connections. */
1514  if (setsockopt(s,IPPROTO_IPV6, IPV6_V6ONLY,
1515  (void*)&one, (socklen_t)sizeof(one)) < 0) {
1516  int e = tor_socket_errno(s);
1517  log_warn(LD_NET, "Error setting IPV6_V6ONLY flag: %s",
1518  tor_socket_strerror(e));
1519  /* Keep going; probably not harmful. */
1520  }
1521  }
1522 #endif /* defined(IPV6_V6ONLY) */
1523 
1524  if (bind(s,listensockaddr,socklen) < 0) {
1525  const char *helpfulhint = "";
1526  int e = tor_socket_errno(s);
1527  if (ERRNO_IS_EADDRINUSE(e)) {
1528  helpfulhint = ". Is Tor already running?";
1529  if (addr_in_use)
1530  *addr_in_use = 1;
1531  }
1532  log_warn(LD_NET, "Could not bind to %s:%u: %s%s", address, usePort,
1533  tor_socket_strerror(e), helpfulhint);
1534  goto err;
1535  }
1536 
1537  if (is_stream) {
1538  if (tor_listen(s) < 0) {
1539  log_warn(LD_NET, "Could not listen on %s:%u: %s", address, usePort,
1540  tor_socket_strerror(tor_socket_errno(s)));
1541  goto err;
1542  }
1543  }
1544 
1545  if (usePort != 0) {
1546  gotPort = usePort;
1547  } else {
1548  tor_addr_t addr2;
1549  struct sockaddr_storage ss;
1550  socklen_t ss_len=sizeof(ss);
1551  if (getsockname(s, (struct sockaddr*)&ss, &ss_len)<0) {
1552  log_warn(LD_NET, "getsockname() couldn't learn address for %s: %s",
1553  conn_type_to_string(type),
1554  tor_socket_strerror(tor_socket_errno(s)));
1555  gotPort = 0;
1556  }
1557  tor_addr_from_sockaddr(&addr2, (struct sockaddr*)&ss, &gotPort);
1558  }
1559 #ifdef HAVE_SYS_UN_H
1560  /*
1561  * AF_UNIX generic setup stuff
1562  */
1563  } else if (listensockaddr->sa_family == AF_UNIX) {
1564  /* We want to start reading for both AF_UNIX cases */
1565  start_reading = 1;
1566 
1568 
1569  if (check_location_for_unix_socket(options, address,
1570  (type == CONN_TYPE_CONTROL_LISTENER) ?
1571  UNIX_SOCKET_PURPOSE_CONTROL_SOCKET :
1572  UNIX_SOCKET_PURPOSE_SOCKS_SOCKET, port_cfg) < 0) {
1573  goto err;
1574  }
1575 
1576  log_notice(LD_NET, "Opening %s on %s",
1577  conn_type_to_string(type), address);
1578 
1579  tor_addr_make_unspec(&addr);
1580 
1581  if (unlink(address) < 0 && errno != ENOENT) {
1582  log_warn(LD_NET, "Could not unlink %s: %s", address,
1583  strerror(errno));
1584  goto err;
1585  }
1586 
1587  s = tor_open_socket_nonblocking(AF_UNIX, SOCK_STREAM, 0);
1588  if (! SOCKET_OK(s)) {
1589  int e = tor_socket_errno(s);
1590  if (ERRNO_IS_RESOURCE_LIMIT(e)) {
1592  /*
1593  * We'll call the OOS handler at the error exit, so set the
1594  * exhaustion flag for it.
1595  */
1596  exhaustion = 1;
1597  } else {
1598  log_warn(LD_NET,"Socket creation failed: %s.", strerror(e));
1599  }
1600  goto err;
1601  }
1602 
1603  if (bind(s, listensockaddr,
1604  (socklen_t)sizeof(struct sockaddr_un)) == -1) {
1605  log_warn(LD_NET,"Bind to %s failed: %s.", address,
1606  tor_socket_strerror(tor_socket_errno(s)));
1607  goto err;
1608  }
1609 
1610 #ifdef HAVE_PWD_H
1611  if (options->User) {
1612  pw = tor_getpwnam(options->User);
1613  struct stat st;
1614  if (pw == NULL) {
1615  log_warn(LD_NET,"Unable to chown() %s socket: user %s not found.",
1616  address, options->User);
1617  goto err;
1618  } else if (fstat(s, &st) == 0 &&
1619  st.st_uid == pw->pw_uid && st.st_gid == pw->pw_gid) {
1620  /* No change needed */
1621  } else if (chown(sandbox_intern_string(address),
1622  pw->pw_uid, pw->pw_gid) < 0) {
1623  log_warn(LD_NET,"Unable to chown() %s socket: %s.",
1624  address, strerror(errno));
1625  goto err;
1626  }
1627  }
1628 #endif /* defined(HAVE_PWD_H) */
1629 
1630  {
1631  unsigned mode;
1632  const char *status;
1633  struct stat st;
1634  if (port_cfg->is_world_writable) {
1635  mode = 0666;
1636  status = "world-writable";
1637  } else if (port_cfg->is_group_writable) {
1638  mode = 0660;
1639  status = "group-writable";
1640  } else {
1641  mode = 0600;
1642  status = "private";
1643  }
1644  /* We need to use chmod; fchmod doesn't work on sockets on all
1645  * platforms. */
1646  if (fstat(s, &st) == 0 && (st.st_mode & 0777) == mode) {
1647  /* no change needed */
1648  } else if (chmod(sandbox_intern_string(address), mode) < 0) {
1649  log_warn(LD_FS,"Unable to make %s %s.", address, status);
1650  goto err;
1651  }
1652  }
1653 
1654  if (listen(s, SOMAXCONN) < 0) {
1655  log_warn(LD_NET, "Could not listen on %s: %s", address,
1656  tor_socket_strerror(tor_socket_errno(s)));
1657  goto err;
1658  }
1659 
1660 #ifndef __APPLE__
1661  /* This code was introduced to help debug #28229. */
1662  int value;
1663  socklen_t len = sizeof(value);
1664 
1665  if (!getsockopt(s, SOL_SOCKET, SO_ACCEPTCONN, &value, &len)) {
1666  if (value == 0) {
1667  log_err(LD_NET, "Could not listen on %s - "
1668  "getsockopt(.,SO_ACCEPTCONN,.) yields 0.", address);
1669  goto err;
1670  }
1671  }
1672 #endif /* !defined(__APPLE__) */
1673 #endif /* defined(HAVE_SYS_UN_H) */
1674  } else {
1675  log_err(LD_BUG, "Got unexpected address family %d.",
1676  listensockaddr->sa_family);
1677  tor_assert(0);
1678  }
1679 
1680  lis_conn = listener_connection_new(type, listensockaddr->sa_family);
1681  conn = TO_CONN(lis_conn);
1682  conn->socket_family = listensockaddr->sa_family;
1683  conn->s = s;
1684  s = TOR_INVALID_SOCKET; /* Prevent double-close */
1685  conn->address = tor_strdup(address);
1686  conn->port = gotPort;
1687  tor_addr_copy(&conn->addr, &addr);
1688 
1689  memcpy(&lis_conn->entry_cfg, &port_cfg->entry_cfg, sizeof(entry_port_cfg_t));
1690 
1691  if (port_cfg->entry_cfg.isolation_flags) {
1692  lis_conn->entry_cfg.isolation_flags = port_cfg->entry_cfg.isolation_flags;
1693  if (port_cfg->entry_cfg.session_group >= 0) {
1694  lis_conn->entry_cfg.session_group = port_cfg->entry_cfg.session_group;
1695  } else {
1696  /* This can wrap after around INT_MAX listeners are opened. But I don't
1697  * believe that matters, since you would need to open a ridiculous
1698  * number of listeners while keeping the early ones open before you ever
1699  * hit this. An OR with a dozen ports open, for example, would have to
1700  * close and re-open its listeners every second for 4 years nonstop.
1701  */
1702  lis_conn->entry_cfg.session_group = global_next_session_group--;
1703  }
1704  }
1705 
1706  /* Force IPv4 and IPv6 traffic on for non-SOCKSPorts.
1707  * Forcing options on isn't a good idea, see #32994 and #33607. */
1708  if (type != CONN_TYPE_AP_LISTENER) {
1709  lis_conn->entry_cfg.ipv4_traffic = 1;
1710  lis_conn->entry_cfg.ipv6_traffic = 1;
1711  }
1712 
1713  if (connection_add(conn) < 0) { /* no space, forget it */
1714  log_warn(LD_NET,"connection_add for listener failed. Giving up.");
1715  goto err;
1716  }
1717 
1718  log_fn(usePort==gotPort ? LOG_DEBUG : LOG_NOTICE, LD_NET,
1719  "%s listening on port %u.",
1720  conn_type_to_string(type), gotPort);
1721 
1722  conn->state = LISTENER_STATE_READY;
1723  if (start_reading) {
1725  } else {
1728  }
1729 
1730  /*
1731  * Normal exit; call the OOS handler since connection count just changed;
1732  * the exhaustion flag will always be zero here though.
1733  */
1735 
1736  log_notice(LD_NET, "Opened %s", connection_describe(conn));
1737 
1738  return conn;
1739 
1740  err:
1741  if (SOCKET_OK(s))
1742  tor_close_socket(s);
1743  if (conn)
1744  connection_free(conn);
1745 
1746  /* Call the OOS handler, indicate if we saw an exhaustion-related error */
1748 
1749  return NULL;
1750 }
1751 
1752 /**
1753  * Create a new listener connection for a given <b>port</b>. In case we
1754  * for a reason that is not an error condition, set <b>defer</b>
1755  * to true. If we cannot bind listening socket because address is already
1756  * in use, set <b>addr_in_use</b> to true.
1757  */
1758 static connection_t *
1760  int *defer, int *addr_in_use)
1761 {
1762  connection_t *conn;
1763  struct sockaddr *listensockaddr;
1764  socklen_t listensocklen = 0;
1765  char *address=NULL;
1766  int real_port = port->port == CFG_AUTO_PORT ? 0 : port->port;
1767  tor_assert(real_port <= UINT16_MAX);
1768 
1769  if (defer)
1770  *defer = 0;
1771 
1772  if (port->server_cfg.no_listen) {
1773  if (defer)
1774  *defer = 1;
1775  return NULL;
1776  }
1777 
1778 #ifndef _WIN32
1779  /* We don't need to be root to create a UNIX socket, so defer until after
1780  * setuid. */
1781  const or_options_t *options = get_options();
1782  if (port->is_unix_addr && !geteuid() && (options->User) &&
1783  strcmp(options->User, "root")) {
1784  if (defer)
1785  *defer = 1;
1786  return NULL;
1787  }
1788 #endif /* !defined(_WIN32) */
1789 
1790  if (port->is_unix_addr) {
1791  listensockaddr = (struct sockaddr *)
1792  create_unix_sockaddr(port->unix_addr,
1793  &address, &listensocklen);
1794  } else {
1795  listensockaddr = tor_malloc(sizeof(struct sockaddr_storage));
1796  listensocklen = tor_addr_to_sockaddr(&port->addr,
1797  real_port,
1798  listensockaddr,
1799  sizeof(struct sockaddr_storage));
1800  address = tor_addr_to_str_dup(&port->addr);
1801  }
1802 
1803  if (listensockaddr) {
1804  conn = connection_listener_new(listensockaddr, listensocklen,
1805  port->type, address, port,
1806  addr_in_use);
1807  tor_free(listensockaddr);
1808  tor_free(address);
1809  } else {
1810  conn = NULL;
1811  }
1812 
1813  return conn;
1814 }
1815 
1816 /** Do basic sanity checking on a newly received socket. Return 0
1817  * if it looks ok, else return -1.
1818  *
1819  * Notably, some TCP stacks can erroneously have accept() return successfully
1820  * with socklen 0, when the client sends an RST before the accept call (as
1821  * nmap does). We want to detect that, and not go on with the connection.
1822  */
1823 static int
1824 check_sockaddr(const struct sockaddr *sa, int len, int level)
1825 {
1826  int ok = 1;
1827 
1828  if (sa->sa_family == AF_INET) {
1829  struct sockaddr_in *sin=(struct sockaddr_in*)sa;
1830  if (len != sizeof(struct sockaddr_in)) {
1831  log_fn(level, LD_NET, "Length of address not as expected: %d vs %d",
1832  len,(int)sizeof(struct sockaddr_in));
1833  ok = 0;
1834  }
1835  if (sin->sin_addr.s_addr == 0 || sin->sin_port == 0) {
1836  log_fn(level, LD_NET,
1837  "Address for new connection has address/port equal to zero.");
1838  ok = 0;
1839  }
1840  } else if (sa->sa_family == AF_INET6) {
1841  struct sockaddr_in6 *sin6=(struct sockaddr_in6*)sa;
1842  if (len != sizeof(struct sockaddr_in6)) {
1843  log_fn(level, LD_NET, "Length of address not as expected: %d vs %d",
1844  len,(int)sizeof(struct sockaddr_in6));
1845  ok = 0;
1846  }
1847  if (fast_mem_is_zero((void*)sin6->sin6_addr.s6_addr, 16) ||
1848  sin6->sin6_port == 0) {
1849  log_fn(level, LD_NET,
1850  "Address for new connection has address/port equal to zero.");
1851  ok = 0;
1852  }
1853  } else if (sa->sa_family == AF_UNIX) {
1854  ok = 1;
1855  } else {
1856  ok = 0;
1857  }
1858  return ok ? 0 : -1;
1859 }
1860 
1861 /** Check whether the socket family from an accepted socket <b>got</b> is the
1862  * same as the one that <b>listener</b> is waiting for. If it isn't, log
1863  * a useful message and return -1. Else return 0.
1864  *
1865  * This is annoying, but can apparently happen on some Darwins. */
1866 static int
1868 {
1869  if (got != listener->socket_family) {
1870  log_info(LD_BUG, "A listener connection returned a socket with a "
1871  "mismatched family. %s for addr_family %d gave us a socket "
1872  "with address family %d. Dropping.",
1873  conn_type_to_string(listener->type),
1874  (int)listener->socket_family,
1875  (int)got);
1876  return -1;
1877  }
1878  return 0;
1879 }
1880 
1881 /** The listener connection <b>conn</b> told poll() it wanted to read.
1882  * Call accept() on conn->s, and add the new connection if necessary.
1883  */
1884 static int
1886 {
1887  tor_socket_t news; /* the new socket */
1888  connection_t *newconn = 0;
1889  /* information about the remote peer when connecting to other routers */
1890  struct sockaddr_storage addrbuf;
1891  struct sockaddr *remote = (struct sockaddr*)&addrbuf;
1892  /* length of the remote address. Must be whatever accept() needs. */
1893  socklen_t remotelen = (socklen_t)sizeof(addrbuf);
1894  const or_options_t *options = get_options();
1895 
1896  tor_assert((size_t)remotelen >= sizeof(struct sockaddr_in));
1897  memset(&addrbuf, 0, sizeof(addrbuf));
1898 
1899  news = tor_accept_socket_nonblocking(conn->s,remote,&remotelen);
1900  if (!SOCKET_OK(news)) { /* accept() error */
1901  int e = tor_socket_errno(conn->s);
1902  if (ERRNO_IS_ACCEPT_EAGAIN(e)) {
1903  /*
1904  * they hung up before we could accept(). that's fine.
1905  *
1906  * give the OOS handler a chance to run though
1907  */
1909  return 0;
1910  } else if (ERRNO_IS_RESOURCE_LIMIT(e)) {
1912  /* Exhaustion; tell the OOS handler */
1914  return 0;
1915  }
1916  /* else there was a real error. */
1917  log_warn(LD_NET,"accept() failed: %s. Closing listener.",
1918  tor_socket_strerror(e));
1919  connection_mark_for_close(conn);
1920  /* Tell the OOS handler about this too */
1922  return -1;
1923  }
1924  log_debug(LD_NET,
1925  "Connection accepted on socket %d (child of fd %d).",
1926  (int)news,(int)conn->s);
1927 
1928  /* We accepted a new conn; run OOS handler */
1930 
1931  if (make_socket_reuseable(news) < 0) {
1932  if (tor_socket_errno(news) == EINVAL) {
1933  /* This can happen on OSX if we get a badly timed shutdown. */
1934  log_debug(LD_NET, "make_socket_reuseable returned EINVAL");
1935  } else {
1936  log_warn(LD_NET, "Error setting SO_REUSEADDR flag on %s: %s",
1937  conn_type_to_string(new_type),
1938  tor_socket_strerror(errno));
1939  }
1940  tor_close_socket(news);
1941  return 0;
1942  }
1943 
1944  if (options->ConstrainedSockets)
1946 
1947  if (check_sockaddr_family_match(remote->sa_family, conn) < 0) {
1948  tor_close_socket(news);
1949  return 0;
1950  }
1951 
1952  if (conn->socket_family == AF_INET || conn->socket_family == AF_INET6 ||
1953  (conn->socket_family == AF_UNIX && new_type == CONN_TYPE_AP)) {
1954  tor_addr_t addr;
1955  uint16_t port;
1956  if (check_sockaddr(remote, remotelen, LOG_INFO)<0) {
1957  log_info(LD_NET,
1958  "accept() returned a strange address; closing connection.");
1959  tor_close_socket(news);
1960  return 0;
1961  }
1962 
1963  tor_addr_from_sockaddr(&addr, remote, &port);
1964 
1965  /* process entrance policies here, before we even create the connection */
1966  if (new_type == CONN_TYPE_AP) {
1967  /* check sockspolicy to see if we should accept it */
1968  if (socks_policy_permits_address(&addr) == 0) {
1969  log_notice(LD_APP,
1970  "Denying socks connection from untrusted address %s.",
1971  fmt_and_decorate_addr(&addr));
1972  tor_close_socket(news);
1973  return 0;
1974  }
1975  }
1976  if (new_type == CONN_TYPE_DIR) {
1977  /* check dirpolicy to see if we should accept it */
1978  if (dir_policy_permits_address(&addr) == 0) {
1979  log_notice(LD_DIRSERV,"Denying dir connection from address %s.",
1980  fmt_and_decorate_addr(&addr));
1981  tor_close_socket(news);
1982  return 0;
1983  }
1984  }
1985  if (new_type == CONN_TYPE_OR) {
1986  /* Assess with the connection DoS mitigation subsystem if this address
1987  * can open a new connection. */
1988  if (dos_conn_addr_get_defense_type(&addr) == DOS_CONN_DEFENSE_CLOSE) {
1989  tor_close_socket(news);
1990  return 0;
1991  }
1992  }
1993 
1994  newconn = connection_new(new_type, conn->socket_family);
1995  newconn->s = news;
1996 
1997  /* remember the remote address */
1998  tor_addr_copy(&newconn->addr, &addr);
1999  if (new_type == CONN_TYPE_AP && conn->socket_family == AF_UNIX) {
2000  newconn->port = 0;
2001  newconn->address = tor_strdup(conn->address);
2002  } else {
2003  newconn->port = port;
2004  newconn->address = tor_addr_to_str_dup(&addr);
2005  }
2006 
2007  if (new_type == CONN_TYPE_AP && conn->socket_family != AF_UNIX) {
2008  log_info(LD_NET, "New SOCKS connection opened from %s.",
2009  fmt_and_decorate_addr(&addr));
2010  }
2011  if (new_type == CONN_TYPE_AP && conn->socket_family == AF_UNIX) {
2012  log_info(LD_NET, "New SOCKS AF_UNIX connection opened");
2013  }
2014  if (new_type == CONN_TYPE_CONTROL) {
2015  log_notice(LD_CONTROL, "New control connection opened from %s.",
2016  fmt_and_decorate_addr(&addr));
2017  }
2018 
2019  } else if (conn->socket_family == AF_UNIX && conn->type != CONN_TYPE_AP) {
2021  tor_assert(new_type == CONN_TYPE_CONTROL);
2022  log_notice(LD_CONTROL, "New control connection opened.");
2023 
2024  newconn = connection_new(new_type, conn->socket_family);
2025  newconn->s = news;
2026 
2027  /* remember the remote address -- do we have anything sane to put here? */
2028  tor_addr_make_unspec(&newconn->addr);
2029  newconn->port = 1;
2030  newconn->address = tor_strdup(conn->address);
2031  } else {
2032  tor_assert(0);
2033  };
2034 
2035  if (connection_add(newconn) < 0) { /* no space, forget it */
2036  connection_free(newconn);
2037  return 0; /* no need to tear down the parent */
2038  }
2039 
2040  if (connection_init_accepted_conn(newconn, TO_LISTENER_CONN(conn)) < 0) {
2041  if (! newconn->marked_for_close)
2042  connection_mark_for_close(newconn);
2043  return 0;
2044  }
2045  return 0;
2046 }
2047 
2048 /** Initialize states for newly accepted connection <b>conn</b>.
2049  *
2050  * If conn is an OR, start the TLS handshake.
2051  *
2052  * If conn is a transparent AP, get its original destination
2053  * and place it in circuit_wait.
2054  *
2055  * The <b>listener</b> parameter is only used for AP connections.
2056  */
2057 int
2059  const listener_connection_t *listener)
2060 {
2061  int rv;
2062 
2064 
2065  switch (conn->type) {
2066  case CONN_TYPE_EXT_OR:
2067  /* Initiate Extended ORPort authentication. */
2069  case CONN_TYPE_OR:
2070  connection_or_event_status(TO_OR_CONN(conn), OR_CONN_EVENT_NEW, 0);
2072  if (rv < 0) {
2074  }
2075  return rv;
2076  break;
2077  case CONN_TYPE_AP:
2078  memcpy(&TO_ENTRY_CONN(conn)->entry_cfg, &listener->entry_cfg,
2079  sizeof(entry_port_cfg_t));
2081  TO_ENTRY_CONN(conn)->socks_request->listener_type = listener->base_.type;
2082 
2083  /* Any incoming connection on an entry port counts as user activity. */
2085 
2086  switch (TO_CONN(listener)->type) {
2087  case CONN_TYPE_AP_LISTENER:
2090  listener->entry_cfg.socks_prefer_no_auth;
2092  listener->entry_cfg.extended_socks5_codes;
2093  break;
2095  TO_ENTRY_CONN(conn)->is_transparent_ap = 1;
2096  /* XXXX028 -- is this correct still, with the addition of
2097  * pending_entry_connections ? */
2101  TO_ENTRY_CONN(conn)->is_transparent_ap = 1;
2103  break;
2106  }
2107  break;
2108  case CONN_TYPE_DIR:
2109  conn->purpose = DIR_PURPOSE_SERVER;
2111  break;
2112  case CONN_TYPE_CONTROL:
2114  break;
2115  }
2116  return 0;
2117 }
2118 
2119 /** Take conn, make a nonblocking socket; try to connect to
2120  * sa, binding to bindaddr if sa is not localhost. If fail, return -1 and if
2121  * applicable put your best guess about errno into *<b>socket_error</b>.
2122  * If connected return 1, if EAGAIN return 0.
2123  */
2124 MOCK_IMPL(STATIC int,
2126  const struct sockaddr *sa,
2127  socklen_t sa_len,
2128  const struct sockaddr *bindaddr,
2129  socklen_t bindaddr_len,
2130  int *socket_error))
2131 {
2132  tor_socket_t s;
2133  int inprogress = 0;
2134  const or_options_t *options = get_options();
2135 
2136  tor_assert(conn);
2137  tor_assert(sa);
2138  tor_assert(socket_error);
2139 
2141  /* We should never even try to connect anyplace if the network is
2142  * completely shut off.
2143  *
2144  * (We don't check net_is_disabled() here, since we still sometimes
2145  * want to open connections when we're in soft hibernation.)
2146  */
2147  static ratelim_t disablenet_violated = RATELIM_INIT(30*60);
2148  *socket_error = SOCK_ERRNO(ENETUNREACH);
2149  log_fn_ratelim(&disablenet_violated, LOG_WARN, LD_BUG,
2150  "Tried to open a socket with DisableNetwork set.");
2152  return -1;
2153  }
2154 
2155  const int protocol_family = sa->sa_family;
2156  const int proto = (sa->sa_family == AF_INET6 ||
2157  sa->sa_family == AF_INET) ? IPPROTO_TCP : 0;
2158 
2159  s = tor_open_socket_nonblocking(protocol_family, SOCK_STREAM, proto);
2160  if (! SOCKET_OK(s)) {
2161  /*
2162  * Early OOS handler calls; it matters if it's an exhaustion-related
2163  * error or not.
2164  */
2165  *socket_error = tor_socket_errno(s);
2166  if (ERRNO_IS_RESOURCE_LIMIT(*socket_error)) {
2169  } else {
2170  log_warn(LD_NET,"Error creating network socket: %s",
2171  tor_socket_strerror(*socket_error));
2173  }
2174  return -1;
2175  }
2176 
2177  if (make_socket_reuseable(s) < 0) {
2178  log_warn(LD_NET, "Error setting SO_REUSEADDR flag on new connection: %s",
2179  tor_socket_strerror(errno));
2180  }
2181 
2182  /*
2183  * We've got the socket open; give the OOS handler a chance to check
2184  * against configured maximum socket number, but tell it no exhaustion
2185  * failure.
2186  */
2188 
2189  if (bindaddr && bind(s, bindaddr, bindaddr_len) < 0) {
2190  *socket_error = tor_socket_errno(s);
2191  log_warn(LD_NET,"Error binding network socket: %s",
2192  tor_socket_strerror(*socket_error));
2193  tor_close_socket(s);
2194  return -1;
2195  }
2196 
2197  tor_assert(options);
2198  if (options->ConstrainedSockets)
2200 
2201  if (connect(s, sa, sa_len) < 0) {
2202  int e = tor_socket_errno(s);
2203  if (!ERRNO_IS_CONN_EINPROGRESS(e)) {
2204  /* yuck. kill it. */
2205  *socket_error = e;
2206  log_info(LD_NET,
2207  "connect() to socket failed: %s",
2208  tor_socket_strerror(e));
2209  tor_close_socket(s);
2210  return -1;
2211  } else {
2212  inprogress = 1;
2213  }
2214  }
2215 
2216  /* it succeeded. we're connected. */
2217  log_fn(inprogress ? LOG_DEBUG : LOG_INFO, LD_NET,
2218  "Connection to socket %s (sock "TOR_SOCKET_T_FORMAT").",
2219  inprogress ? "in progress" : "established", s);
2220  conn->s = s;
2221  if (connection_add_connecting(conn) < 0) {
2222  /* no space, forget it */
2223  *socket_error = SOCK_ERRNO(ENOBUFS);
2224  return -1;
2225  }
2226 
2227  return inprogress ? 0 : 1;
2228 }
2229 
2230 /* Log a message if connection attempt is made when IPv4 or IPv6 is disabled.
2231  * Log a less severe message if we couldn't conform to ClientPreferIPv6ORPort
2232  * or ClientPreferIPv6ORPort. */
2233 static void
2234 connection_connect_log_client_use_ip_version(const connection_t *conn)
2235 {
2236  const or_options_t *options = get_options();
2237 
2238  /* Only clients care about ClientUseIPv4/6, bail out early on servers, and
2239  * on connections we don't care about */
2240  if (server_mode(options) || !conn || conn->type == CONN_TYPE_EXIT) {
2241  return;
2242  }
2243 
2244  /* We're only prepared to log OR and DIR connections here */
2245  if (conn->type != CONN_TYPE_OR && conn->type != CONN_TYPE_DIR) {
2246  return;
2247  }
2248 
2249  const int must_ipv4 = !fascist_firewall_use_ipv6(options);
2250  const int must_ipv6 = (options->ClientUseIPv4 == 0);
2251  const int pref_ipv6 = (conn->type == CONN_TYPE_OR
2254  tor_addr_t real_addr;
2255  tor_addr_copy(&real_addr, &conn->addr);
2256 
2257  /* Check if we broke a mandatory address family restriction */
2258  if ((must_ipv4 && tor_addr_family(&real_addr) == AF_INET6)
2259  || (must_ipv6 && tor_addr_family(&real_addr) == AF_INET)) {
2260  static int logged_backtrace = 0;
2261  log_info(LD_BUG, "Outgoing %s connection to %s violated ClientUseIPv%s 0.",
2262  conn->type == CONN_TYPE_OR ? "OR" : "Dir",
2263  fmt_addr(&real_addr),
2264  options->ClientUseIPv4 == 0 ? "4" : "6");
2265  if (!logged_backtrace) {
2266  log_backtrace(LOG_INFO, LD_BUG, "Address came from");
2267  logged_backtrace = 1;
2268  }
2269  }
2270 
2271  /* Bridges are allowed to break IPv4/IPv6 ORPort preferences to connect to
2272  * the node's configured address when ClientPreferIPv6ORPort is auto */
2273  if (options->UseBridges && conn->type == CONN_TYPE_OR
2274  && options->ClientPreferIPv6ORPort == -1) {
2275  return;
2276  }
2277 
2278  if (fascist_firewall_use_ipv6(options)) {
2279  log_info(LD_NET, "Our outgoing connection is using IPv%d.",
2280  tor_addr_family(&real_addr) == AF_INET6 ? 6 : 4);
2281  }
2282 
2283  /* Check if we couldn't satisfy an address family preference */
2284  if ((!pref_ipv6 && tor_addr_family(&real_addr) == AF_INET6)
2285  || (pref_ipv6 && tor_addr_family(&real_addr) == AF_INET)) {
2286  log_info(LD_NET, "Outgoing connection to %s doesn't satisfy "
2287  "ClientPreferIPv6%sPort %d, with ClientUseIPv4 %d, and "
2288  "fascist_firewall_use_ipv6 %d (ClientUseIPv6 %d and UseBridges "
2289  "%d).",
2290  fmt_addr(&real_addr),
2291  conn->type == CONN_TYPE_OR ? "OR" : "Dir",
2292  conn->type == CONN_TYPE_OR ? options->ClientPreferIPv6ORPort
2293  : options->ClientPreferIPv6DirPort,
2294  options->ClientUseIPv4, fascist_firewall_use_ipv6(options),
2295  options->ClientUseIPv6, options->UseBridges);
2296  }
2297 }
2298 
2299 /** Retrieve the outbound address depending on the protocol (IPv4 or IPv6)
2300  * and the connection type (relay, exit, ...)
2301  * Return a socket address or NULL in case nothing is configured.
2302  **/
2303 const tor_addr_t *
2305  const or_options_t *options, unsigned int conn_type)
2306 {
2307  const tor_addr_t *ext_addr = NULL;
2308 
2309  int fam_index;
2310  switch (family) {
2311  case AF_INET:
2312  fam_index = 0;
2313  break;
2314  case AF_INET6:
2315  fam_index = 1;
2316  break;
2317  default:
2318  return NULL;
2319  }
2320 
2321  // If an exit connection, use the exit address (if present)
2322  if (conn_type == CONN_TYPE_EXIT) {
2323  if (!tor_addr_is_null(
2324  &options->OutboundBindAddresses[OUTBOUND_ADDR_EXIT][fam_index])) {
2325  ext_addr = &options->OutboundBindAddresses[OUTBOUND_ADDR_EXIT]
2326  [fam_index];
2327  } else if (!tor_addr_is_null(
2328  &options->OutboundBindAddresses[OUTBOUND_ADDR_EXIT_AND_OR]
2329  [fam_index])) {
2330  ext_addr = &options->OutboundBindAddresses[OUTBOUND_ADDR_EXIT_AND_OR]
2331  [fam_index];
2332  }
2333  } else { // All non-exit connections
2334  if (!tor_addr_is_null(
2335  &options->OutboundBindAddresses[OUTBOUND_ADDR_OR][fam_index])) {
2336  ext_addr = &options->OutboundBindAddresses[OUTBOUND_ADDR_OR]
2337  [fam_index];
2338  } else if (!tor_addr_is_null(
2339  &options->OutboundBindAddresses[OUTBOUND_ADDR_EXIT_AND_OR]
2340  [fam_index])) {
2341  ext_addr = &options->OutboundBindAddresses[OUTBOUND_ADDR_EXIT_AND_OR]
2342  [fam_index];
2343  }
2344  }
2345  return ext_addr;
2346 }
2347 
2348 /** Take conn, make a nonblocking socket; try to connect to
2349  * addr:port (port arrives in *host order*). If fail, return -1 and if
2350  * applicable put your best guess about errno into *<b>socket_error</b>.
2351  * Else assign s to conn->s: if connected return 1, if EAGAIN return 0.
2352  *
2353  * addr:port can be different to conn->addr:conn->port if connecting through
2354  * a proxy.
2355  *
2356  * address is used to make the logs useful.
2357  *
2358  * On success, add conn to the list of polled connections.
2359  */
2360 int
2361 connection_connect(connection_t *conn, const char *address,
2362  const tor_addr_t *addr, uint16_t port, int *socket_error)
2363 {
2364  struct sockaddr_storage addrbuf;
2365  struct sockaddr_storage bind_addr_ss;
2366  struct sockaddr *bind_addr = NULL;
2367  struct sockaddr *dest_addr;
2368  int dest_addr_len, bind_addr_len = 0;
2369 
2370  /* Log if we didn't stick to ClientUseIPv4/6 or ClientPreferIPv6OR/DirPort
2371  */
2372  connection_connect_log_client_use_ip_version(conn);
2373 
2374  if (!tor_addr_is_loopback(addr)) {
2375  const tor_addr_t *ext_addr = NULL;
2377  conn->type);
2378  if (ext_addr) {
2379  memset(&bind_addr_ss, 0, sizeof(bind_addr_ss));
2380  bind_addr_len = tor_addr_to_sockaddr(ext_addr, 0,
2381  (struct sockaddr *) &bind_addr_ss,
2382  sizeof(bind_addr_ss));
2383  if (bind_addr_len == 0) {
2384  log_warn(LD_NET,
2385  "Error converting OutboundBindAddress %s into sockaddr. "
2386  "Ignoring.", fmt_and_decorate_addr(ext_addr));
2387  } else {
2388  bind_addr = (struct sockaddr *)&bind_addr_ss;
2389  }
2390  }
2391  }
2392 
2393  memset(&addrbuf,0,sizeof(addrbuf));
2394  dest_addr = (struct sockaddr*) &addrbuf;
2395  dest_addr_len = tor_addr_to_sockaddr(addr, port, dest_addr, sizeof(addrbuf));
2396  tor_assert(dest_addr_len > 0);
2397 
2398  log_debug(LD_NET, "Connecting to %s:%u.",
2399  escaped_safe_str_client(address), port);
2400 
2401  return connection_connect_sockaddr(conn, dest_addr, dest_addr_len,
2402  bind_addr, bind_addr_len, socket_error);
2403 }
2404 
2405 #ifdef HAVE_SYS_UN_H
2406 
2407 /** Take conn, make a nonblocking socket; try to connect to
2408  * an AF_UNIX socket at socket_path. If fail, return -1 and if applicable
2409  * put your best guess about errno into *<b>socket_error</b>. Else assign s
2410  * to conn->s: if connected return 1, if EAGAIN return 0.
2411  *
2412  * On success, add conn to the list of polled connections.
2413  */
2414 int
2415 connection_connect_unix(connection_t *conn, const char *socket_path,
2416  int *socket_error)
2417 {
2418  struct sockaddr_un dest_addr;
2419 
2420  tor_assert(socket_path);
2421 
2422  /* Check that we'll be able to fit it into dest_addr later */
2423  if (strlen(socket_path) + 1 > sizeof(dest_addr.sun_path)) {
2424  log_warn(LD_NET,
2425  "Path %s is too long for an AF_UNIX socket\n",
2426  escaped_safe_str_client(socket_path));
2427  *socket_error = SOCK_ERRNO(ENAMETOOLONG);
2428  return -1;
2429  }
2430 
2431  memset(&dest_addr, 0, sizeof(dest_addr));
2432  dest_addr.sun_family = AF_UNIX;
2433  strlcpy(dest_addr.sun_path, socket_path, sizeof(dest_addr.sun_path));
2434 
2435  log_debug(LD_NET,
2436  "Connecting to AF_UNIX socket at %s.",
2437  escaped_safe_str_client(socket_path));
2438 
2439  return connection_connect_sockaddr(conn,
2440  (struct sockaddr *)&dest_addr, sizeof(dest_addr),
2441  NULL, 0, socket_error);
2442 }
2443 
2444 #endif /* defined(HAVE_SYS_UN_H) */
2445 
2446 /** Convert state number to string representation for logging purposes.
2447  */
2448 static const char *
2450 {
2451  static const char *unknown = "???";
2452  static const char *states[] = {
2453  "PROXY_NONE",
2454  "PROXY_INFANT",
2455  "PROXY_HTTPS_WANT_CONNECT_OK",
2456  "PROXY_SOCKS4_WANT_CONNECT_OK",
2457  "PROXY_SOCKS5_WANT_AUTH_METHOD_NONE",
2458  "PROXY_SOCKS5_WANT_AUTH_METHOD_RFC1929",
2459  "PROXY_SOCKS5_WANT_AUTH_RFC1929_OK",
2460  "PROXY_SOCKS5_WANT_CONNECT_OK",
2461  "PROXY_HAPROXY_WAIT_FOR_FLUSH",
2462  "PROXY_CONNECTED",
2463  };
2464 
2465  CTASSERT(ARRAY_LENGTH(states) == PROXY_CONNECTED+1);
2466 
2467  if (state < PROXY_NONE || state > PROXY_CONNECTED)
2468  return unknown;
2469 
2470  return states[state];
2471 }
2472 
2473 /** Returns the proxy type used by tor for a single connection, for
2474  * logging or high-level purposes. Don't use it to fill the
2475  * <b>proxy_type</b> field of or_connection_t; use the actual proxy
2476  * protocol instead.*/
2477 static int
2479 {
2480  const or_options_t *options = get_options();
2481 
2482  if (options->ClientTransportPlugin) {
2483  /* If we have plugins configured *and* this addr/port is a known bridge
2484  * with a transport, then we should be PROXY_PLUGGABLE. */
2485  const transport_t *transport = NULL;
2486  int r;
2487  r = get_transport_by_bridge_addrport(&conn->addr, conn->port, &transport);
2488  if (r == 0 && transport)
2489  return PROXY_PLUGGABLE;
2490  }
2491 
2492  /* In all other cases, we're using a global proxy. */
2493  if (options->HTTPSProxy)
2494  return PROXY_CONNECT;
2495  else if (options->Socks4Proxy)
2496  return PROXY_SOCKS4;
2497  else if (options->Socks5Proxy)
2498  return PROXY_SOCKS5;
2499  else if (options->TCPProxy) {
2500  /* The only supported protocol in TCPProxy is haproxy. */
2502  return PROXY_HAPROXY;
2503  } else
2504  return PROXY_NONE;
2505 }
2506 
2507 /* One byte for the version, one for the command, two for the
2508  port, and four for the addr... and, one more for the
2509  username NUL: */
2510 #define SOCKS4_STANDARD_BUFFER_SIZE (1 + 1 + 2 + 4 + 1)
2511 
2512 /** Write a proxy request of https to conn for conn->addr:conn->port,
2513  * authenticating with the auth details given in the configuration
2514  * (if available).
2515  *
2516  * Returns -1 if conn->addr is incompatible with the proxy protocol, and
2517  * 0 otherwise.
2518  */
2519 static int
2521 {
2522  tor_assert(conn);
2523 
2524  const or_options_t *options = get_options();
2525  char buf[1024];
2526  char *base64_authenticator = NULL;
2527  const char *authenticator = options->HTTPSProxyAuthenticator;
2528 
2529  /* Send HTTP CONNECT and authentication (if available) in
2530  * one request */
2531 
2532  if (authenticator) {
2533  base64_authenticator = alloc_http_authenticator(authenticator);
2534  if (!base64_authenticator)
2535  log_warn(LD_OR, "Encoding https authenticator failed");
2536  }
2537 
2538  if (base64_authenticator) {
2539  const char *addrport = fmt_addrport(&conn->addr, conn->port);
2540  tor_snprintf(buf, sizeof(buf), "CONNECT %s HTTP/1.1\r\n"
2541  "Host: %s\r\n"
2542  "Proxy-Authorization: Basic %s\r\n\r\n",
2543  addrport,
2544  addrport,
2545  base64_authenticator);
2546  tor_free(base64_authenticator);
2547  } else {
2548  tor_snprintf(buf, sizeof(buf), "CONNECT %s HTTP/1.0\r\n\r\n",
2549  fmt_addrport(&conn->addr, conn->port));
2550  }
2551 
2552  connection_buf_add(buf, strlen(buf), conn);
2553  conn->proxy_state = PROXY_HTTPS_WANT_CONNECT_OK;
2554 
2555  return 0;
2556 }
2557 
2558 /** Write a proxy request of socks4 to conn for conn->addr:conn->port.
2559  *
2560  * Returns -1 if conn->addr is incompatible with the proxy protocol, and
2561  * 0 otherwise.
2562  */
2563 static int
2565 {
2566  tor_assert(conn);
2567 
2568  unsigned char *buf;
2569  uint16_t portn;
2570  uint32_t ip4addr;
2571  size_t buf_size = 0;
2572  char *socks_args_string = NULL;
2573 
2574  /* Send a SOCKS4 connect request */
2575 
2576  if (tor_addr_family(&conn->addr) != AF_INET) {
2577  log_warn(LD_NET, "SOCKS4 client is incompatible with IPv6");
2578  return -1;
2579  }
2580 
2581  { /* If we are here because we are trying to connect to a
2582  pluggable transport proxy, check if we have any SOCKS
2583  arguments to transmit. If we do, compress all arguments to
2584  a single string in 'socks_args_string': */
2585 
2586  if (conn_get_proxy_type(conn) == PROXY_PLUGGABLE) {
2587  socks_args_string =
2589  if (socks_args_string)
2590  log_debug(LD_NET, "Sending out '%s' as our SOCKS argument string.",
2591  socks_args_string);
2592  }
2593  }
2594 
2595  { /* Figure out the buffer size we need for the SOCKS message: */
2596 
2597  buf_size = SOCKS4_STANDARD_BUFFER_SIZE;
2598 
2599  /* If we have a SOCKS argument string, consider its size when
2600  calculating the buffer size: */
2601  if (socks_args_string)
2602  buf_size += strlen(socks_args_string);
2603  }
2604 
2605  buf = tor_malloc_zero(buf_size);
2606 
2607  ip4addr = tor_addr_to_ipv4n(&conn->addr);
2608  portn = htons(conn->port);
2609 
2610  buf[0] = 4; /* version */
2611  buf[1] = SOCKS_COMMAND_CONNECT; /* command */
2612  memcpy(buf + 2, &portn, 2); /* port */
2613  memcpy(buf + 4, &ip4addr, 4); /* addr */
2614 
2615  /* Next packet field is the userid. If we have pluggable
2616  transport SOCKS arguments, we have to embed them
2617  there. Otherwise, we use an empty userid. */
2618  if (socks_args_string) { /* place the SOCKS args string: */
2619  tor_assert(strlen(socks_args_string) > 0);
2620  tor_assert(buf_size >=
2621  SOCKS4_STANDARD_BUFFER_SIZE + strlen(socks_args_string));
2622  strlcpy((char *)buf + 8, socks_args_string, buf_size - 8);
2623  tor_free(socks_args_string);
2624  } else {
2625  buf[8] = 0; /* no userid */
2626  }
2627 
2628  connection_buf_add((char *)buf, buf_size, conn);
2629  tor_free(buf);
2630 
2631  conn->proxy_state = PROXY_SOCKS4_WANT_CONNECT_OK;
2632  return 0;
2633 }
2634 
2635 /** Write a proxy request of socks5 to conn for conn->addr:conn->port,
2636  * authenticating with the auth details given in the configuration
2637  * (if available).
2638  *
2639  * Returns -1 if conn->addr is incompatible with the proxy protocol, and
2640  * 0 otherwise.
2641  */
2642 static int
2644 {
2645  tor_assert(conn);
2646 
2647  const or_options_t *options = get_options();
2648  unsigned char buf[4]; /* fields: vers, num methods, method list */
2649 
2650  /* Send a SOCKS5 greeting (connect request must wait) */
2651 
2652  buf[0] = 5; /* version */
2653 
2654  /* We have to use SOCKS5 authentication, if we have a
2655  Socks5ProxyUsername or if we want to pass arguments to our
2656  pluggable transport proxy: */
2657  if ((options->Socks5ProxyUsername) ||
2658  (conn_get_proxy_type(conn) == PROXY_PLUGGABLE &&
2659  (get_socks_args_by_bridge_addrport(&conn->addr, conn->port)))) {
2660  /* number of auth methods */
2661  buf[1] = 2;
2662  buf[2] = 0x00; /* no authentication */
2663  buf[3] = 0x02; /* rfc1929 Username/Passwd auth */
2664  conn->proxy_state = PROXY_SOCKS5_WANT_AUTH_METHOD_RFC1929;
2665  } else {
2666  buf[1] = 1;
2667  buf[2] = 0x00; /* no authentication */
2668  conn->proxy_state = PROXY_SOCKS5_WANT_AUTH_METHOD_NONE;
2669  }
2670 
2671  connection_buf_add((char *)buf, 2 + buf[1], conn);
2672  return 0;
2673 }
2674 
2675 /** Write a proxy request of haproxy to conn for conn->addr:conn->port.
2676  *
2677  * Returns -1 if conn->addr is incompatible with the proxy protocol, and
2678  * 0 otherwise.
2679  */
2680 static int
2682 {
2683  int ret = 0;
2684  tor_addr_port_t *addr_port = tor_addr_port_new(&conn->addr, conn->port);
2685  char *buf = haproxy_format_proxy_header_line(addr_port);
2686 
2687  if (buf == NULL) {
2688  ret = -1;
2689  goto done;
2690  }
2691 
2692  connection_buf_add(buf, strlen(buf), conn);
2693  /* In haproxy, we don't have to wait for the response, but we wait for ack.
2694  * So we can set the state to be PROXY_HAPROXY_WAIT_FOR_FLUSH. */
2695  conn->proxy_state = PROXY_HAPROXY_WAIT_FOR_FLUSH;
2696 
2697  ret = 0;
2698  done:
2699  tor_free(buf);
2700  tor_free(addr_port);
2701  return ret;
2702 }
2703 
2704 /** Write a proxy request of <b>type</b> (socks4, socks5, https, haproxy)
2705  * to conn for conn->addr:conn->port, authenticating with the auth details
2706  * given in the configuration (if available). SOCKS 5 and HTTP CONNECT
2707  * proxies support authentication.
2708  *
2709  * Returns -1 if conn->addr is incompatible with the proxy protocol, and
2710  * 0 otherwise.
2711  *
2712  * Use connection_read_proxy_handshake() to complete the handshake.
2713  */
2714 int
2716 {
2717  int ret = 0;
2718 
2719  tor_assert(conn);
2720 
2721  switch (type) {
2722  case PROXY_CONNECT:
2723  ret = connection_https_proxy_connect(conn);
2724  break;
2725 
2726  case PROXY_SOCKS4:
2727  ret = connection_socks4_proxy_connect(conn);
2728  break;
2729 
2730  case PROXY_SOCKS5:
2731  ret = connection_socks5_proxy_connect(conn);
2732  break;
2733 
2734  case PROXY_HAPROXY:
2736  break;
2737 
2738  default:
2739  log_err(LD_BUG, "Invalid proxy protocol, %d", type);
2741  ret = -1;
2742  break;
2743  }
2744 
2745  if (ret == 0) {
2746  log_debug(LD_NET, "set state %s",
2748  }
2749 
2750  return ret;
2751 }
2752 
2753 /** Read conn's inbuf. If the http response from the proxy is all
2754  * here, make sure it's good news, then return 1. If it's bad news,
2755  * return -1. Else return 0 and hope for better luck next time.
2756  */
2757 static int
2759 {
2760  char *headers;
2761  char *reason=NULL;
2762  int status_code;
2763  time_t date_header;
2764 
2765  switch (fetch_from_buf_http(conn->inbuf,
2766  &headers, MAX_HEADERS_SIZE,
2767  NULL, NULL, 10000, 0)) {
2768  case -1: /* overflow */
2769  log_warn(LD_PROTOCOL,
2770  "Your https proxy sent back an oversized response. Closing.");
2771  return -1;
2772  case 0:
2773  log_info(LD_NET,"https proxy response not all here yet. Waiting.");
2774  return 0;
2775  /* case 1, fall through */
2776  }
2777 
2778  if (parse_http_response(headers, &status_code, &date_header,
2779  NULL, &reason) < 0) {
2780  log_warn(LD_NET,
2781  "Unparseable headers from proxy (%s). Closing.",
2782  connection_describe(conn));
2783  tor_free(headers);
2784  return -1;
2785  }
2786  tor_free(headers);
2787  if (!reason) reason = tor_strdup("[no reason given]");
2788 
2789  if (status_code == 200) {
2790  log_info(LD_NET,
2791  "HTTPS connect for %s successful! (200 %s) Starting TLS.",
2792  connection_describe(conn), escaped(reason));
2793  tor_free(reason);
2794  return 1;
2795  }
2796  /* else, bad news on the status code */
2797  switch (status_code) {
2798  case 403:
2799  log_warn(LD_NET,
2800  "The https proxy refused to allow connection to %s "
2801  "(status code %d, %s). Closing.",
2802  conn->address, status_code, escaped(reason));
2803  break;
2804  default:
2805  log_warn(LD_NET,
2806  "The https proxy sent back an unexpected status code %d (%s). "
2807  "Closing.",
2808  status_code, escaped(reason));
2809  break;
2810  }
2811  tor_free(reason);
2812  return -1;
2813 }
2814 
2815 /** Send SOCKS5 CONNECT command to <b>conn</b>, copying <b>conn->addr</b>
2816  * and <b>conn->port</b> into the request.
2817  */
2818 static void
2820 {
2821  unsigned char buf[1024];
2822  size_t reqsize = 6;
2823  uint16_t port = htons(conn->port);
2824 
2825  buf[0] = 5; /* version */
2826  buf[1] = SOCKS_COMMAND_CONNECT; /* command */
2827  buf[2] = 0; /* reserved */
2828 
2829  if (tor_addr_family(&conn->addr) == AF_INET) {
2830  uint32_t addr = tor_addr_to_ipv4n(&conn->addr);
2831 
2832  buf[3] = 1;
2833  reqsize += 4;
2834  memcpy(buf + 4, &addr, 4);
2835  memcpy(buf + 8, &port, 2);
2836  } else { /* AF_INET6 */
2837  buf[3] = 4;
2838  reqsize += 16;
2839  memcpy(buf + 4, tor_addr_to_in6_addr8(&conn->addr), 16);
2840  memcpy(buf + 20, &port, 2);
2841  }
2842 
2843  connection_buf_add((char *)buf, reqsize, conn);
2844 
2845  conn->proxy_state = PROXY_SOCKS5_WANT_CONNECT_OK;
2846 }
2847 
2848 /** Wrapper around fetch_from_buf_socks_client: see that functions
2849  * for documentation of its behavior. */
2850 static int
2852  int state, char **reason)
2853 {
2854  return fetch_from_buf_socks_client(conn->inbuf, state, reason);
2855 }
2856 
2857 /** Call this from connection_*_process_inbuf() to advance the proxy
2858  * handshake.
2859  *
2860  * No matter what proxy protocol is used, if this function returns 1, the
2861  * handshake is complete, and the data remaining on inbuf may contain the
2862  * start of the communication with the requested server.
2863  *
2864  * Returns 0 if the current buffer contains an incomplete response, and -1
2865  * on error.
2866  */
2867 int
2869 {
2870  int ret = 0;
2871  char *reason = NULL;
2872 
2873  log_debug(LD_NET, "enter state %s",
2875 
2876  switch (conn->proxy_state) {
2877  case PROXY_HTTPS_WANT_CONNECT_OK:
2879  if (ret == 1)
2880  conn->proxy_state = PROXY_CONNECTED;
2881  break;
2882 
2883  case PROXY_SOCKS4_WANT_CONNECT_OK:
2885  conn->proxy_state,
2886  &reason);
2887  if (ret == 1)
2888  conn->proxy_state = PROXY_CONNECTED;
2889  break;
2890 
2891  case PROXY_SOCKS5_WANT_AUTH_METHOD_NONE:
2893  conn->proxy_state,
2894  &reason);
2895  /* no auth needed, do connect */
2896  if (ret == 1) {
2898  ret = 0;
2899  }
2900  break;
2901 
2902  case PROXY_SOCKS5_WANT_AUTH_METHOD_RFC1929:
2904  conn->proxy_state,
2905  &reason);
2906 
2907  /* send auth if needed, otherwise do connect */
2908  if (ret == 1) {
2910  ret = 0;
2911  } else if (ret == 2) {
2912  unsigned char buf[1024];
2913  size_t reqsize, usize, psize;
2914  const char *user, *pass;
2915  char *socks_args_string = NULL;
2916 
2917  if (conn_get_proxy_type(conn) == PROXY_PLUGGABLE) {
2918  socks_args_string =
2920  if (!socks_args_string) {
2921  log_warn(LD_NET, "Could not create SOCKS args string for PT.");
2922  ret = -1;
2923  break;
2924  }
2925 
2926  log_debug(LD_NET, "PT SOCKS5 arguments: %s", socks_args_string);
2927  tor_assert(strlen(socks_args_string) > 0);
2928  tor_assert(strlen(socks_args_string) <= MAX_SOCKS5_AUTH_SIZE_TOTAL);
2929 
2930  if (strlen(socks_args_string) > MAX_SOCKS5_AUTH_FIELD_SIZE) {
2931  user = socks_args_string;
2933  pass = socks_args_string + MAX_SOCKS5_AUTH_FIELD_SIZE;
2934  psize = strlen(socks_args_string) - MAX_SOCKS5_AUTH_FIELD_SIZE;
2935  } else {
2936  user = socks_args_string;
2937  usize = strlen(socks_args_string);
2938  pass = "\0";
2939  psize = 1;
2940  }
2941  } else if (get_options()->Socks5ProxyUsername) {
2942  user = get_options()->Socks5ProxyUsername;
2943  pass = get_options()->Socks5ProxyPassword;
2944  tor_assert(user && pass);
2945  usize = strlen(user);
2946  psize = strlen(pass);
2947  } else {
2948  log_err(LD_BUG, "We entered %s for no reason!", __func__);
2950  ret = -1;
2951  break;
2952  }
2953 
2954  /* Username and password lengths should have been checked
2955  above and during torrc parsing. */
2957  psize <= MAX_SOCKS5_AUTH_FIELD_SIZE);
2958  reqsize = 3 + usize + psize;
2959 
2960  buf[0] = 1; /* negotiation version */
2961  buf[1] = usize;
2962  memcpy(buf + 2, user, usize);
2963  buf[2 + usize] = psize;
2964  memcpy(buf + 3 + usize, pass, psize);
2965 
2966  if (socks_args_string)
2967  tor_free(socks_args_string);
2968 
2969  connection_buf_add((char *)buf, reqsize, conn);
2970 
2971  conn->proxy_state = PROXY_SOCKS5_WANT_AUTH_RFC1929_OK;
2972  ret = 0;
2973  }
2974  break;
2975 
2976  case PROXY_SOCKS5_WANT_AUTH_RFC1929_OK:
2978  conn->proxy_state,
2979  &reason);
2980  /* send the connect request */
2981  if (ret == 1) {
2983  ret = 0;
2984  }
2985  break;
2986 
2987  case PROXY_SOCKS5_WANT_CONNECT_OK:
2989  conn->proxy_state,
2990  &reason);
2991  if (ret == 1)
2992  conn->proxy_state = PROXY_CONNECTED;
2993  break;
2994 
2995  default:
2996  log_err(LD_BUG, "Invalid proxy_state for reading, %d",
2997  conn->proxy_state);
2999  ret = -1;
3000  break;
3001  }
3002 
3003  log_debug(LD_NET, "leaving state %s",
3005 
3006  if (ret < 0) {
3007  if (reason) {
3008  log_warn(LD_NET, "Proxy Client: unable to connect %s (%s)",
3009  connection_describe(conn), escaped(reason));
3010  tor_free(reason);
3011  } else {
3012  log_warn(LD_NET, "Proxy Client: unable to connect %s",
3013  connection_describe(conn));
3014  }
3015  } else if (ret == 1) {
3016  log_info(LD_NET, "Proxy Client: %s successful",
3017  connection_describe(conn));
3018  }
3019 
3020  return ret;
3021 }
3022 
3023 /** Given a list of listener connections in <b>old_conns</b>, and list of
3024  * port_cfg_t entries in <b>ports</b>, open a new listener for every port in
3025  * <b>ports</b> that does not already have a listener in <b>old_conns</b>.
3026  *
3027  * Remove from <b>old_conns</b> every connection that has a corresponding
3028  * entry in <b>ports</b>. Add to <b>new_conns</b> new every connection we
3029  * launch. If we may need to perform socket rebind when creating new
3030  * listener that replaces old one, create a <b>listener_replacement_t</b>
3031  * struct for affected pair and add it to <b>replacements</b>.
3032  *
3033  * If <b>control_listeners_only</b> is true, then we only open control
3034  * listeners, and we do not remove any noncontrol listeners from
3035  * old_conns.
3036  *
3037  * Return 0 on success, -1 on failure.
3038  **/
3039 static int
3041  const smartlist_t *ports,
3042  smartlist_t *new_conns,
3043  smartlist_t *replacements,
3044  int control_listeners_only)
3045 {
3046 #ifndef ENABLE_LISTENER_REBIND
3047  (void)replacements;
3048 #endif
3049 
3050  smartlist_t *launch = smartlist_new();
3051  int r = 0;
3052 
3053  if (control_listeners_only) {
3054  SMARTLIST_FOREACH(ports, port_cfg_t *, p, {
3055  if (p->type == CONN_TYPE_CONTROL_LISTENER)
3056  smartlist_add(launch, p);
3057  });
3058  } else {
3059  smartlist_add_all(launch, ports);
3060  }
3061 
3062  /* Iterate through old_conns, comparing it to launch: remove from both lists
3063  * each pair of elements that corresponds to the same port. */
3064  SMARTLIST_FOREACH_BEGIN(old_conns, connection_t *, conn) {
3065  const port_cfg_t *found_port = NULL;
3066 
3067  /* Okay, so this is a listener. Is it configured? */
3068  /* That is, is it either: 1) exact match - address and port
3069  * pair match exactly between old listener and new port; or 2)
3070  * wildcard match - port matches exactly, but *one* of the
3071  * addresses is wildcard (0.0.0.0 or ::)?
3072  */
3073  SMARTLIST_FOREACH_BEGIN(launch, const port_cfg_t *, wanted) {
3074  if (conn->type != wanted->type)
3075  continue;
3076  if ((conn->socket_family != AF_UNIX && wanted->is_unix_addr) ||
3077  (conn->socket_family == AF_UNIX && ! wanted->is_unix_addr))
3078  continue;
3079 
3080  if (wanted->server_cfg.no_listen)
3081  continue; /* We don't want to open a listener for this one */
3082 
3083  if (wanted->is_unix_addr) {
3084  if (conn->socket_family == AF_UNIX &&
3085  !strcmp(wanted->unix_addr, conn->address)) {
3086  found_port = wanted;
3087  break;
3088  }
3089  } else {
3090  /* Numeric values of old and new port match exactly. */
3091  const int port_matches_exact = (wanted->port == conn->port);
3092  /* Ports match semantically - either their specific values
3093  match exactly, or new port is 'auto'.
3094  */
3095  const int port_matches = (wanted->port == CFG_AUTO_PORT ||
3096  port_matches_exact);
3097 
3098  if (port_matches && tor_addr_eq(&wanted->addr, &conn->addr)) {
3099  found_port = wanted;
3100  break;
3101  }
3102 #ifdef ENABLE_LISTENER_REBIND
3103  /* Rebinding may be needed if all of the following are true:
3104  * 1) Address family is the same in old and new listeners.
3105  * 2) Port number matches exactly (numeric value is the same).
3106  * 3) *One* of listeners (either old one or new one) has a
3107  * wildcard IP address (0.0.0.0 or [::]).
3108  *
3109  * These are the exact conditions for a first bind() syscall
3110  * to fail with EADDRINUSE.
3111  */
3112  const int may_need_rebind =
3113  tor_addr_family(&wanted->addr) == tor_addr_family(&conn->addr) &&
3114  port_matches_exact && bool_neq(tor_addr_is_null(&wanted->addr),
3115  tor_addr_is_null(&conn->addr));
3116  if (replacements && may_need_rebind) {
3117  listener_replacement_t *replacement =
3118  tor_malloc(sizeof(listener_replacement_t));
3119 
3120  replacement->old_conn = conn;
3121  replacement->new_port = wanted;
3122  smartlist_add(replacements, replacement);
3123 
3124  SMARTLIST_DEL_CURRENT(launch, wanted);
3125  SMARTLIST_DEL_CURRENT(old_conns, conn);
3126  break;
3127  }
3128 #endif /* defined(ENABLE_LISTENER_REBIND) */
3129  }
3130  } SMARTLIST_FOREACH_END(wanted);
3131 
3132  if (found_port) {
3133  /* This listener is already running; we don't need to launch it. */
3134  //log_debug(LD_NET, "Already have %s on %s:%d",
3135  // conn_type_to_string(found_port->type), conn->address, conn->port);
3136  smartlist_remove(launch, found_port);
3137  /* And we can remove the connection from old_conns too. */
3138  SMARTLIST_DEL_CURRENT(old_conns, conn);
3139  }
3140  } SMARTLIST_FOREACH_END(conn);
3141 
3142  /* Now open all the listeners that are configured but not opened. */
3143  SMARTLIST_FOREACH_BEGIN(launch, const port_cfg_t *, port) {
3144  int skip = 0;
3145  connection_t *conn = connection_listener_new_for_port(port, &skip, NULL);
3146 
3147  if (conn && new_conns)
3148  smartlist_add(new_conns, conn);
3149  else if (!skip)
3150  r = -1;
3151  } SMARTLIST_FOREACH_END(port);
3152 
3153  smartlist_free(launch);
3154 
3155  return r;
3156 }
3157 
3158 /** Launch listeners for each port you should have open. Only launch
3159  * listeners who are not already open, and only close listeners we no longer
3160  * want.
3161  *
3162  * Add all new connections to <b>new_conns</b>.
3163  *
3164  * If <b>close_all_noncontrol</b> is true, then we only open control
3165  * listeners, and we close all other listeners.
3166  */
3167 int
3168 retry_all_listeners(smartlist_t *new_conns, int close_all_noncontrol)
3169 {
3170  smartlist_t *listeners = smartlist_new();
3171  smartlist_t *replacements = smartlist_new();
3172  const or_options_t *options = get_options();
3173  int retval = 0;
3174  const uint16_t old_or_port = routerconf_find_or_port(options, AF_INET);
3175  const uint16_t old_or_port_ipv6 =
3176  routerconf_find_or_port(options,AF_INET6);
3177  const uint16_t old_dir_port = routerconf_find_dir_port(options, 0);
3178 
3180  if (connection_is_listener(conn) && !conn->marked_for_close)
3181  smartlist_add(listeners, conn);
3182  } SMARTLIST_FOREACH_END(conn);
3183 
3184  if (retry_listener_ports(listeners,
3186  new_conns,
3187  replacements,
3188  close_all_noncontrol) < 0)
3189  retval = -1;
3190 
3191 #ifdef ENABLE_LISTENER_REBIND
3192  if (smartlist_len(replacements))
3193  log_debug(LD_NET, "%d replacements - starting rebinding loop.",
3194  smartlist_len(replacements));
3195 
3196  SMARTLIST_FOREACH_BEGIN(replacements, listener_replacement_t *, r) {
3197  int addr_in_use = 0;
3198  int skip = 0;
3199 
3200  tor_assert(r->new_port);
3201  tor_assert(r->old_conn);
3202 
3203  connection_t *new_conn =
3204  connection_listener_new_for_port(r->new_port, &skip, &addr_in_use);
3205  connection_t *old_conn = r->old_conn;
3206 
3207  if (skip) {
3208  log_debug(LD_NET, "Skipping creating new listener for %s",
3209  connection_describe(old_conn));
3210  continue;
3211  }
3212 
3213  connection_close_immediate(old_conn);
3214  connection_mark_for_close(old_conn);
3215 
3216  if (addr_in_use) {
3217  new_conn = connection_listener_new_for_port(r->new_port,
3218  &skip, &addr_in_use);
3219  }
3220 
3221  tor_assert(new_conn);
3222 
3223  smartlist_add(new_conns, new_conn);
3224 
3225  char *old_desc = tor_strdup(connection_describe(old_conn));
3226  log_notice(LD_NET, "Closed no-longer-configured %s "
3227  "(replaced by %s)",
3228  old_desc, connection_describe(new_conn));
3229  tor_free(old_desc);
3230  } SMARTLIST_FOREACH_END(r);
3231 #endif /* defined(ENABLE_LISTENER_REBIND) */
3232 
3233  /* Any members that were still in 'listeners' don't correspond to
3234  * any configured port. Kill 'em. */
3235  SMARTLIST_FOREACH_BEGIN(listeners, connection_t *, conn) {
3236  log_notice(LD_NET, "Closing no-longer-configured %s on %s:%d",
3237  conn_type_to_string(conn->type), conn->address, conn->port);
3239  connection_mark_for_close(conn);
3240  } SMARTLIST_FOREACH_END(conn);
3241 
3242  smartlist_free(listeners);
3243  /* Cleanup any remaining listener replacement. */
3244  SMARTLIST_FOREACH(replacements, listener_replacement_t *, r, tor_free(r));
3245  smartlist_free(replacements);
3246 
3247  if (old_or_port != routerconf_find_or_port(options, AF_INET) ||
3248  old_or_port_ipv6 != routerconf_find_or_port(options, AF_INET6) ||
3249  old_dir_port != routerconf_find_dir_port(options, 0)) {
3250  /* Our chosen ORPort or DirPort is not what it used to be: the
3251  * descriptor we had (if any) should be regenerated. (We won't
3252  * automatically notice this because of changes in the option,
3253  * since the value could be "auto".) */
3254  mark_my_descriptor_dirty("Chosen Or/DirPort changed");
3255  }
3256 
3257  return retval;
3258 }
3259 
3260 /** Mark every listener of type other than CONTROL_LISTENER to be closed. */
3261 void
3263 {
3265  if (conn->marked_for_close)
3266  continue;
3267  if (conn->type == CONN_TYPE_CONTROL_LISTENER)
3268  continue;
3269  if (connection_is_listener(conn))
3270  connection_mark_for_close(conn);
3271  } SMARTLIST_FOREACH_END(conn);
3272 }
3273 
3274 /** Mark every external connection not used for controllers for close. */
3275 void
3277 {
3279  if (conn->marked_for_close)
3280  continue;
3281  switch (conn->type) {
3283  case CONN_TYPE_CONTROL:
3284  break;
3285  case CONN_TYPE_AP:
3286  connection_mark_unattached_ap(TO_ENTRY_CONN(conn),
3287  END_STREAM_REASON_HIBERNATING);
3288  break;
3289  case CONN_TYPE_OR:
3290  {
3291  or_connection_t *orconn = TO_OR_CONN(conn);
3292  if (orconn->chan) {
3293  connection_or_close_normally(orconn, 0);
3294  } else {
3295  /*
3296  * There should have been one, but mark for close and hope
3297  * for the best..
3298  */
3299  connection_mark_for_close(conn);
3300  }
3301  }
3302  break;
3303  default:
3304  connection_mark_for_close(conn);
3305  break;
3306  }
3307  } SMARTLIST_FOREACH_END(conn);
3308 }
3309 
3310 /** Return 1 if we should apply rate limiting to <b>conn</b>, and 0
3311  * otherwise.
3312  * Right now this just checks if it's an internal IP address or an
3313  * internal connection. We also should, but don't, check if the connection
3314  * uses pluggable transports, since we should then limit it even if it
3315  * comes from an internal IP address. */
3316 static int
3318 {
3319  const or_options_t *options = get_options();
3320  if (conn->linked)
3321  return 0; /* Internal connection */
3322  else if (! options->CountPrivateBandwidth &&
3323  ! conn->always_rate_limit_as_remote &&
3324  (tor_addr_family(&conn->addr) == AF_UNSPEC || /* no address */
3325  tor_addr_family(&conn->addr) == AF_UNIX || /* no address */
3326  tor_addr_is_internal(&conn->addr, 0)))
3327  return 0; /* Internal address */
3328  else
3329  return 1;
3330 }
3331 
3332 /** When was either global write bucket last empty? If this was recent, then
3333  * we're probably low on bandwidth, and we should be stingy with our bandwidth
3334  * usage. */
3335 static time_t write_buckets_last_empty_at = -100;
3336 
3337 /** How many seconds of no active local circuits will make the
3338  * connection revert to the "relayed" bandwidth class? */
3339 #define CLIENT_IDLE_TIME_FOR_PRIORITY 30
3341 /** Return 1 if <b>conn</b> should use tokens from the "relayed"
3342  * bandwidth rates, else 0. Currently, only OR conns with bandwidth
3343  * class 1, and directory conns that are serving data out, count.
3344  */
3345 static int
3347 {
3348  if (conn->type == CONN_TYPE_OR &&
3351  return 1;
3352  if (conn->type == CONN_TYPE_DIR && DIR_CONN_IS_SERVER(conn))
3353  return 1;
3354  return 0;
3355 }
3356 
3357 /** Helper function to decide how many bytes out of <b>global_bucket</b>
3358  * we're willing to use for this transaction. <b>base</b> is the size
3359  * of a cell on the network; <b>priority</b> says whether we should
3360  * write many of them or just a few; and <b>conn_bucket</b> (if
3361  * non-negative) provides an upper limit for our answer. */
3362 static ssize_t
3363 connection_bucket_get_share(int base, int priority,
3364  ssize_t global_bucket_val, ssize_t conn_bucket)
3365 {
3366  ssize_t at_most;
3367  ssize_t num_bytes_high = (priority ? 32 : 16) * base;
3368  ssize_t num_bytes_low = (priority ? 4 : 2) * base;
3369 
3370  /* Do a rudimentary limiting so one circuit can't hog a connection.
3371  * Pick at most 32 cells, at least 4 cells if possible, and if we're in
3372  * the middle pick 1/8 of the available bandwidth. */
3373  at_most = global_bucket_val / 8;
3374  at_most -= (at_most % base); /* round down */
3375  if (at_most > num_bytes_high) /* 16 KB, or 8 KB for low-priority */
3376  at_most = num_bytes_high;
3377  else if (at_most < num_bytes_low) /* 2 KB, or 1 KB for low-priority */
3378  at_most = num_bytes_low;
3379 
3380  if (at_most > global_bucket_val)
3381  at_most = global_bucket_val;
3382 
3383  if (conn_bucket >= 0 && at_most > conn_bucket)
3384  at_most = conn_bucket;
3385 
3386  if (at_most < 0)
3387  return 0;
3388  return at_most;
3389 }
3390 
3391 /** How many bytes at most can we read onto this connection? */
3392 static ssize_t
3394 {
3395  int base = RELAY_PAYLOAD_SIZE;
3396  int priority = conn->type != CONN_TYPE_DIR;
3397  ssize_t conn_bucket = -1;
3398  size_t global_bucket_val = token_bucket_rw_get_read(&global_bucket);
3399 
3400  if (connection_speaks_cells(conn)) {
3401  or_connection_t *or_conn = TO_OR_CONN(conn);
3402  if (conn->state == OR_CONN_STATE_OPEN)
3403  conn_bucket = token_bucket_rw_get_read(&or_conn->bucket);
3404  base = get_cell_network_size(or_conn->wide_circ_ids);
3405  }
3406 
3407  if (!connection_is_rate_limited(conn)) {
3408  /* be willing to read on local conns even if our buckets are empty */
3409  return conn_bucket>=0 ? conn_bucket : 1<<14;
3410  }
3411 
3412  if (connection_counts_as_relayed_traffic(conn, now)) {
3413  size_t relayed = token_bucket_rw_get_read(&global_relayed_bucket);
3414  global_bucket_val = MIN(global_bucket_val, relayed);
3415  }
3416 
3417  return connection_bucket_get_share(base, priority,
3418  global_bucket_val, conn_bucket);
3419 }
3420 
3421 /** How many bytes at most can we write onto this connection? */
3422 ssize_t
3424 {
3425  int base = RELAY_PAYLOAD_SIZE;
3426  int priority = conn->type != CONN_TYPE_DIR;
3427  size_t conn_bucket = buf_datalen(conn->outbuf);
3428  size_t global_bucket_val = token_bucket_rw_get_write(&global_bucket);
3429 
3430  if (!connection_is_rate_limited(conn)) {
3431  /* be willing to write to local conns even if our buckets are empty */
3432  return conn_bucket;
3433  }
3434 
3435  if (connection_speaks_cells(conn)) {
3436  /* use the per-conn write limit if it's lower */
3437  or_connection_t *or_conn = TO_OR_CONN(conn);
3438  if (conn->state == OR_CONN_STATE_OPEN)
3439  conn_bucket = MIN(conn_bucket,
3440  token_bucket_rw_get_write(&or_conn->bucket));
3441  base = get_cell_network_size(or_conn->wide_circ_ids);
3442  }
3443 
3444  if (connection_counts_as_relayed_traffic(conn, now)) {
3445  size_t relayed = token_bucket_rw_get_write(&global_relayed_bucket);
3446  global_bucket_val = MIN(global_bucket_val, relayed);
3447  }
3448 
3449  return connection_bucket_get_share(base, priority,
3450  global_bucket_val, conn_bucket);
3451 }
3452 
3453 /** Return true iff the global write buckets are low enough that we
3454  * shouldn't send <b>attempt</b> bytes of low-priority directory stuff
3455  * out to <b>conn</b>.
3456  *
3457  * If we are a directory authority, always answer dir requests thus true is
3458  * always returned.
3459  *
3460  * Note: There are a lot of parameters we could use here:
3461  * - global_relayed_write_bucket. Low is bad.
3462  * - global_write_bucket. Low is bad.
3463  * - bandwidthrate. Low is bad.
3464  * - bandwidthburst. Not a big factor?
3465  * - attempt. High is bad.
3466  * - total bytes queued on outbufs. High is bad. But I'm wary of
3467  * using this, since a few slow-flushing queues will pump up the
3468  * number without meaning what we meant to mean. What we really
3469  * mean is "total directory bytes added to outbufs recently", but
3470  * that's harder to quantify and harder to keep track of.
3471  */
3472 bool
3474 {
3475  size_t smaller_bucket =
3476  MIN(token_bucket_rw_get_write(&global_bucket),
3477  token_bucket_rw_get_write(&global_relayed_bucket));
3478 
3479  /* Special case for authorities (directory only). */
3480  if (authdir_mode_v3(get_options())) {
3481  /* Are we configured to possibly reject requests under load? */
3483  /* Answer request no matter what. */
3484  return false;
3485  }
3486  /* Always answer requests from a known relay which includes the other
3487  * authorities. The following looks up the addresses for relays that we
3488  * have their descriptor _and_ any configured trusted directories. */
3490  return false;
3491  }
3492  }
3493 
3494  if (!connection_is_rate_limited(conn))
3495  return false; /* local conns don't get limited */
3496 
3497  if (smaller_bucket < attempt)
3498  return true; /* not enough space. */
3499 
3500  {
3501  const time_t diff = approx_time() - write_buckets_last_empty_at;
3502  if (diff <= 1)
3503  return true; /* we're already hitting our limits, no more please */
3504  }
3505  return false;
3506 }
3507 
3508 /** When did we last tell the accounting subsystem about transmitted
3509  * bandwidth? */
3511 
3512 /** Helper: adjusts our bandwidth history and informs the controller as
3513  * appropriate, given that we have just read <b>num_read</b> bytes and written
3514  * <b>num_written</b> bytes on <b>conn</b>. */
3515 static void
3517  time_t now, size_t num_read, size_t num_written)
3518 {
3519  /* Count bytes of answering direct and tunneled directory requests */
3520  if (conn->type == CONN_TYPE_DIR && conn->purpose == DIR_PURPOSE_SERVER) {
3521  if (num_read > 0)
3522  bwhist_note_dir_bytes_read(num_read, now);
3523  if (num_written > 0)
3524  bwhist_note_dir_bytes_written(num_written, now);
3525  }
3526 
3527  /* Linked connections and internal IPs aren't counted for statistics or
3528  * accounting:
3529  * - counting linked connections would double-count BEGINDIR bytes, because
3530  * they are sent as Dir bytes on the linked connection, and OR bytes on
3531  * the OR connection;
3532  * - relays and clients don't connect to internal IPs, unless specifically
3533  * configured to do so. If they are configured that way, we don't count
3534  * internal bytes.
3535  */
3536  if (!connection_is_rate_limited(conn))
3537  return;
3538 
3539  const bool is_ipv6 = (conn->socket_family == AF_INET6);
3540  if (conn->type == CONN_TYPE_OR)
3542  num_written, now, is_ipv6);
3543 
3544  if (num_read > 0) {
3545  bwhist_note_bytes_read(num_read, now, is_ipv6);
3546  }
3547  if (num_written > 0) {
3548  bwhist_note_bytes_written(num_written, now, is_ipv6);
3549  }
3550  if (conn->type == CONN_TYPE_EXIT)
3551  rep_hist_note_exit_bytes(conn->port, num_written, num_read);
3552 
3553  /* Remember these bytes towards statistics. */
3554  stats_increment_bytes_read_and_written(num_read, num_written);
3555 
3556  /* Remember these bytes towards accounting. */
3559  accounting_add_bytes(num_read, num_written,
3560  (int)(now - last_recorded_accounting_at));
3561  } else {
3562  accounting_add_bytes(num_read, num_written, 0);
3563  }
3565  }
3566 }
3567 
3568 /** We just read <b>num_read</b> and wrote <b>num_written</b> bytes
3569  * onto <b>conn</b>. Decrement buckets appropriately. */
3570 static void
3572  size_t num_read, size_t num_written)
3573 {
3574  if (num_written >= INT_MAX || num_read >= INT_MAX) {
3575  log_err(LD_BUG, "Value out of range. num_read=%lu, num_written=%lu, "
3576  "connection type=%s, state=%s",
3577  (unsigned long)num_read, (unsigned long)num_written,
3578  conn_type_to_string(conn->type),
3579  conn_state_to_string(conn->type, conn->state));
3581  if (num_written >= INT_MAX)
3582  num_written = 1;
3583  if (num_read >= INT_MAX)
3584  num_read = 1;
3585  }
3586 
3587  record_num_bytes_transferred_impl(conn, now, num_read, num_written);
3588 
3589  if (!connection_is_rate_limited(conn))
3590  return; /* local IPs are free */
3591 
3592  unsigned flags = 0;
3593  if (connection_counts_as_relayed_traffic(conn, now)) {
3594  flags = token_bucket_rw_dec(&global_relayed_bucket, num_read, num_written);
3595  }
3596  flags |= token_bucket_rw_dec(&global_bucket, num_read, num_written);
3597 
3598  if (flags & TB_WRITE) {
3600  }
3601  if (connection_speaks_cells(conn) && conn->state == OR_CONN_STATE_OPEN) {
3602  or_connection_t *or_conn = TO_OR_CONN(conn);
3603  token_bucket_rw_dec(&or_conn->bucket, num_read, num_written);
3604  }
3605 }
3606 
3607 /**
3608  * Mark <b>conn</b> as needing to stop reading because bandwidth has been
3609  * exhausted. If <b>is_global_bw</b>, it is closing because global bandwidth
3610  * limit has been exhausted. Otherwise, it is closing because its own
3611  * bandwidth limit has been exhausted.
3612  */
3613 void
3615 {
3616  (void)is_global_bw;
3617  conn->read_blocked_on_bw = 1;
3620 }
3621 
3622 /**
3623  * Mark <b>conn</b> as needing to stop reading because write bandwidth has
3624  * been exhausted. If <b>is_global_bw</b>, it is closing because global
3625  * bandwidth limit has been exhausted. Otherwise, it is closing because its
3626  * own bandwidth limit has been exhausted.
3627 */
3628 void
3630 {
3631  (void)is_global_bw;
3632  conn->write_blocked_on_bw = 1;
3635 }
3636 
3637 /** If we have exhausted our global buckets, or the buckets for conn,
3638  * stop reading. */
3639 void
3641 {
3642  const char *reason;
3643 
3644  if (!connection_is_rate_limited(conn))
3645  return; /* Always okay. */
3646 
3647  int is_global = 1;
3648 
3649  if (token_bucket_rw_get_read(&global_bucket) <= 0) {
3650  reason = "global read bucket exhausted. Pausing.";
3651  } else if (connection_counts_as_relayed_traffic(conn, approx_time()) &&
3652  token_bucket_rw_get_read(&global_relayed_bucket) <= 0) {
3653  reason = "global relayed read bucket exhausted. Pausing.";
3654  } else if (connection_speaks_cells(conn) &&
3655  conn->state == OR_CONN_STATE_OPEN &&
3656  token_bucket_rw_get_read(&TO_OR_CONN(conn)->bucket) <= 0) {
3657  reason = "connection read bucket exhausted. Pausing.";
3658  is_global = false;
3659  } else
3660  return; /* all good, no need to stop it */
3661 
3662  LOG_FN_CONN(conn, (LOG_DEBUG, LD_NET, "%s", reason));
3663  connection_read_bw_exhausted(conn, is_global);
3664 }
3665 
3666 /** If we have exhausted our global buckets, or the buckets for conn,
3667  * stop writing. */
3668 void
3670 {
3671  const char *reason;
3672 
3673  if (!connection_is_rate_limited(conn))
3674  return; /* Always okay. */
3675 
3676  bool is_global = true;
3677  if (token_bucket_rw_get_write(&global_bucket) <= 0) {
3678  reason = "global write bucket exhausted. Pausing.";
3679  } else if (connection_counts_as_relayed_traffic(conn, approx_time()) &&
3680  token_bucket_rw_get_write(&global_relayed_bucket) <= 0) {
3681  reason = "global relayed write bucket exhausted. Pausing.";
3682  } else if (connection_speaks_cells(conn) &&
3683  conn->state == OR_CONN_STATE_OPEN &&
3684  token_bucket_rw_get_write(&TO_OR_CONN(conn)->bucket) <= 0) {
3685  reason = "connection write bucket exhausted. Pausing.";
3686  is_global = false;
3687  } else
3688  return; /* all good, no need to stop it */
3689 
3690  LOG_FN_CONN(conn, (LOG_DEBUG, LD_NET, "%s", reason));
3691  connection_write_bw_exhausted(conn, is_global);
3692 }
3693 
3694 /** Initialize the global buckets to the values configured in the
3695  * options */
3696 void
3698 {
3699  const or_options_t *options = get_options();
3700  const uint32_t now_ts = monotime_coarse_get_stamp();
3701  token_bucket_rw_init(&global_bucket,
3702  (int32_t)options->BandwidthRate,
3703  (int32_t)options->BandwidthBurst,
3704  now_ts);
3705  if (options->RelayBandwidthRate) {
3706  token_bucket_rw_init(&global_relayed_bucket,
3707  (int32_t)options->RelayBandwidthRate,
3708  (int32_t)options->RelayBandwidthBurst,
3709  now_ts);
3710  } else {
3711  token_bucket_rw_init(&global_relayed_bucket,
3712  (int32_t)options->BandwidthRate,
3713  (int32_t)options->BandwidthBurst,
3714  now_ts);
3715  }
3716 
3718 }
3719 
3720 /** Update the global connection bucket settings to a new value. */
3721 void
3723 {
3724  token_bucket_rw_adjust(&global_bucket,
3725  (int32_t)options->BandwidthRate,
3726  (int32_t)options->BandwidthBurst);
3727  if (options->RelayBandwidthRate) {
3728  token_bucket_rw_adjust(&global_relayed_bucket,
3729  (int32_t)options->RelayBandwidthRate,
3730  (int32_t)options->RelayBandwidthBurst);
3731  } else {
3732  token_bucket_rw_adjust(&global_relayed_bucket,
3733  (int32_t)options->BandwidthRate,
3734  (int32_t)options->BandwidthBurst);
3735  }
3736 }
3737 
3738 /**
3739  * Cached value of the last coarse-timestamp when we refilled the
3740  * global buckets.
3741  */
3743 /**
3744  * Refill the token buckets for a single connection <b>conn</b>, and the
3745  * global token buckets as appropriate. Requires that <b>now_ts</b> is
3746  * the time in coarse timestamp units.
3747  */
3748 static void
3750 {
3751  /* Note that we only check for equality here: the underlying
3752  * token bucket functions can handle moving backwards in time if they
3753  * need to. */
3754  if (now_ts != last_refilled_global_buckets_ts) {
3755  token_bucket_rw_refill(&global_bucket, now_ts);
3756  token_bucket_rw_refill(&global_relayed_bucket, now_ts);
3758  }
3759 
3760  if (connection_speaks_cells(conn) && conn->state == OR_CONN_STATE_OPEN) {
3761  or_connection_t *or_conn = TO_OR_CONN(conn);
3762  token_bucket_rw_refill(&or_conn->bucket, now_ts);
3763  }
3764 }
3765 
3766 /**
3767  * Event to re-enable all connections that were previously blocked on read or
3768  * write.
3769  */
3771 
3772 /** True iff reenable_blocked_connections_ev is currently scheduled. */
3774 
3775 /** Delay after which to run reenable_blocked_connections_ev. */
3777 
3778 /**
3779  * Re-enable all connections that were previously blocked on read or write.
3780  * This event is scheduled after enough time has elapsed to be sure
3781  * that the buckets will refill when the connections have something to do.
3782  */
3783 static void
3785 {
3786  (void)ev;
3787  (void)arg;
3789  if (conn->read_blocked_on_bw == 1) {
3791  conn->read_blocked_on_bw = 0;
3792  }
3793  if (conn->write_blocked_on_bw == 1) {
3795  conn->write_blocked_on_bw = 0;
3796  }
3797  } SMARTLIST_FOREACH_END(conn);
3798 
3800 }
3801 
3802 /**
3803  * Initialize the mainloop event that we use to wake up connections that
3804  * find themselves blocked on bandwidth.
3805  */
3806 static void
3808 {
3813  }
3814  time_t sec = options->TokenBucketRefillInterval / 1000;
3815  int msec = (options->TokenBucketRefillInterval % 1000);
3817  reenable_blocked_connections_delay.tv_usec = msec * 1000;
3818 }
3819 
3820 /**
3821  * Called when we have blocked a connection for being low on bandwidth:
3822  * schedule an event to reenable such connections, if it is not already
3823  * scheduled.
3824  */
3825 static void
3827 {
3829  return;
3830  if (BUG(reenable_blocked_connections_ev == NULL)) {
3832  }
3836 }
3837 
3838 /** Read bytes from conn->s and process them.
3839  *
3840  * It calls connection_buf_read_from_socket() to bring in any new bytes,
3841  * and then calls connection_process_inbuf() to process them.
3842  *
3843  * Mark the connection and return -1 if you want to close it, else
3844  * return 0.
3845  */
3846 static int
3848 {
3849  ssize_t max_to_read=-1, try_to_read;
3850  size_t before, n_read = 0;
3851  int socket_error = 0;
3852 
3853  if (conn->marked_for_close)
3854  return 0; /* do nothing */
3855 
3857 
3859 
3860  switch (conn->type) {
3861  case CONN_TYPE_OR_LISTENER:
3865  case CONN_TYPE_AP_LISTENER:
3875  /* This should never happen; eventdns.c handles the reads here. */
3877  return 0;
3878  }
3879 
3880  loop_again:
3881  try_to_read = max_to_read;
3882  tor_assert(!conn->marked_for_close);
3883 
3884  before = buf_datalen(conn->inbuf);
3885  if (connection_buf_read_from_socket(conn, &max_to_read, &socket_error) < 0) {
3886  /* There's a read error; kill the connection.*/
3887  if (conn->type == CONN_TYPE_OR) {
3889  socket_error != 0 ?
3890  errno_to_orconn_end_reason(socket_error) :
3891  END_OR_CONN_REASON_CONNRESET,
3892  socket_error != 0 ?
3893  tor_socket_strerror(socket_error) :
3894  "(unknown, errno was 0)");
3895  }
3896  if (CONN_IS_EDGE(conn)) {
3897  edge_connection_t *edge_conn = TO_EDGE_CONN(conn);
3898  connection_edge_end_errno(edge_conn);
3899  if (conn->type == CONN_TYPE_AP && TO_ENTRY_CONN(conn)->socks_request) {
3900  /* broken, don't send a socks reply back */
3902  }
3903  }
3904  connection_close_immediate(conn); /* Don't flush; connection is dead. */
3905  /*
3906  * This can bypass normal channel checking since we did
3907  * connection_or_notify_error() above.
3908  */
3909  connection_mark_for_close_internal(conn);
3910  return -1;
3911  }
3912  n_read += buf_datalen(conn->inbuf) - before;
3913  if (CONN_IS_EDGE(conn) && try_to_read != max_to_read) {
3914  /* instruct it not to try to package partial cells. */
3915  if (connection_process_inbuf(conn, 0) < 0) {
3916  return -1;
3917  }
3918  if (!conn->marked_for_close &&
3919  connection_is_reading(conn) &&
3920  !conn->inbuf_reached_eof &&
3921  max_to_read > 0)
3922  goto loop_again; /* try reading again, in case more is here now */
3923  }
3924  /* one last try, packaging partial cells and all. */
3925  if (!conn->marked_for_close &&
3926  connection_process_inbuf(conn, 1) < 0) {
3927  return -1;
3928  }
3929  if (conn->linked_conn) {
3930  /* The other side's handle_write() will never actually get called, so
3931  * we need to invoke the appropriate callbacks ourself. */
3932  connection_t *linked = conn->linked_conn;
3933 
3934  if (n_read) {
3935  /* Probably a no-op, since linked conns typically don't count for
3936  * bandwidth rate limiting. But do it anyway so we can keep stats
3937  * accurately. Note that since we read the bytes from conn, and
3938  * we're writing the bytes onto the linked connection, we count
3939  * these as <i>written</i> bytes. */
3940  connection_buckets_decrement(linked, approx_time(), 0, n_read);
3941 
3942  if (connection_flushed_some(linked) < 0)
3943  connection_mark_for_close(linked);
3944  if (!connection_wants_to_flush(linked))
3946  }
3947 
3948  if (!buf_datalen(linked->outbuf) && conn->active_on_link)
3950  }
3951  /* If we hit the EOF, call connection_reached_eof(). */
3952  if (!conn->marked_for_close &&
3953  conn->inbuf_reached_eof &&
3954  connection_reached_eof(conn) < 0) {
3955  return -1;
3956  }
3957  return 0;
3958 }
3959 
3960 /* DOCDOC connection_handle_read */
3961 int
3962 connection_handle_read(connection_t *conn)
3963 {
3964  int res;
3965  update_current_time(time(NULL));
3966  res = connection_handle_read_impl(conn);
3967  return res;
3968 }
3969 
3970 /** Pull in new bytes from conn->s or conn->linked_conn onto conn->inbuf,
3971  * either directly or via TLS. Reduce the token buckets by the number of bytes
3972  * read.
3973  *
3974  * If *max_to_read is -1, then decide it ourselves, else go with the
3975  * value passed to us. When returning, if it's changed, subtract the
3976  * number of bytes we read from *max_to_read.
3977  *
3978  * Return -1 if we want to break conn, else return 0.
3979  */
3980 static int
3981 connection_buf_read_from_socket(connection_t *conn, ssize_t *max_to_read,
3982  int *socket_error)
3983 {
3984  int result;
3985  ssize_t at_most = *max_to_read;
3986  size_t slack_in_buf, more_to_read;
3987  size_t n_read = 0, n_written = 0;
3988 
3989  if (at_most == -1) { /* we need to initialize it */
3990  /* how many bytes are we allowed to read? */
3991  at_most = connection_bucket_read_limit(conn, approx_time());
3992  }
3993 
3994  /* Do not allow inbuf to grow past BUF_MAX_LEN. */
3995  const ssize_t maximum = BUF_MAX_LEN - buf_datalen(conn->inbuf);
3996  if (at_most > maximum) {
3997  at_most = maximum;
3998  }
3999 
4000  slack_in_buf = buf_slack(conn->inbuf);
4001  again:
4002  if ((size_t)at_most > slack_in_buf && slack_in_buf >= 1024) {
4003  more_to_read = at_most - slack_in_buf;
4004  at_most = slack_in_buf;
4005  } else {
4006  more_to_read = 0;
4007  }
4008 
4009  if (connection_speaks_cells(conn) &&
4011  int pending;
4012  or_connection_t *or_conn = TO_OR_CONN(conn);
4013  size_t initial_size;
4014  if (conn->state == OR_CONN_STATE_TLS_HANDSHAKING ||
4016  /* continue handshaking even if global token bucket is empty */
4017  return connection_tls_continue_handshake(or_conn);
4018  }
4019 
4020  log_debug(LD_NET,
4021  "%d: starting, inbuf_datalen %ld (%d pending in tls object)."
4022  " at_most %ld.",
4023  (int)conn->s,(long)buf_datalen(conn->inbuf),
4024  tor_tls_get_pending_bytes(or_conn->tls), (long)at_most);
4025 
4026  initial_size = buf_datalen(conn->inbuf);
4027  /* else open, or closing */
4028  result = buf_read_from_tls(conn->inbuf, or_conn->tls, at_most);
4029  if (TOR_TLS_IS_ERROR(result) || result == TOR_TLS_CLOSE)
4030  or_conn->tls_error = result;
4031  else
4032  or_conn->tls_error = 0;
4033 
4034  switch (result) {
4035  case TOR_TLS_CLOSE:
4036  case TOR_TLS_ERROR_IO:
4037  log_debug(LD_NET,"TLS %s closed %son read. Closing.",
4038  connection_describe(conn),
4039  result == TOR_TLS_CLOSE ? "cleanly " : "");
4040  return result;
4042  log_debug(LD_NET,"tls error [%s] from %s. Breaking.",
4043  tor_tls_err_to_string(result),
4044  connection_describe(conn));
4045  return result;
4046  case TOR_TLS_WANTWRITE:
4048  return 0;
4049  case TOR_TLS_WANTREAD:
4050  if (conn->in_connection_handle_write) {
4051  /* We've been invoked from connection_handle_write, because we're
4052  * waiting for a TLS renegotiation, the renegotiation started, and
4053  * SSL_read returned WANTWRITE. But now SSL_read is saying WANTREAD
4054  * again. Stop waiting for write events now, or else we'll
4055  * busy-loop until data arrives for us to read.
4056  * XXX: remove this when v2 handshakes support is dropped. */
4058  if (!connection_is_reading(conn))
4060  }
4061  /* we're already reading, one hopes */
4062  break;
4063  case TOR_TLS_DONE: /* no data read, so nothing to process */
4064  break; /* so we call bucket_decrement below */
4065  default:
4066  break;
4067  }
4068  pending = tor_tls_get_pending_bytes(or_conn->tls);
4069  if (pending) {
4070  /* If we have any pending bytes, we read them now. This *can*
4071  * take us over our read allotment, but really we shouldn't be
4072  * believing that SSL bytes are the same as TCP bytes anyway. */
4073  int r2 = buf_read_from_tls(conn->inbuf, or_conn->tls, pending);
4074  if (BUG(r2<0)) {
4075  log_warn(LD_BUG, "apparently, reading pending bytes can fail.");
4076  return -1;
4077  }
4078  }
4079  result = (int)(buf_datalen(conn->inbuf)-initial_size);
4080  tor_tls_get_n_raw_bytes(or_conn->tls, &n_read, &n_written);
4081  log_debug(LD_GENERAL, "After TLS read of %d: %ld read, %ld written",
4082  result, (long)n_read, (long)n_written);
4083  } else if (conn->linked) {
4084  if (conn->linked_conn) {
4085  result = (int) buf_move_all(conn->inbuf, conn->linked_conn->outbuf);
4086  } else {
4087  result = 0;
4088  }
4089  //log_notice(LD_GENERAL, "Moved %d bytes on an internal link!", result);
4090  /* If the other side has disappeared, or if it's been marked for close and
4091  * we flushed its outbuf, then we should set our inbuf_reached_eof. */
4092  if (!conn->linked_conn ||
4093  (conn->linked_conn->marked_for_close &&
4094  buf_datalen(conn->linked_conn->outbuf) == 0))
4095  conn->inbuf_reached_eof = 1;
4096 
4097  n_read = (size_t) result;
4098  } else {
4099  /* !connection_speaks_cells, !conn->linked_conn. */
4100  int reached_eof = 0;
4101  CONN_LOG_PROTECT(conn,
4102  result = buf_read_from_socket(conn->inbuf, conn->s,
4103  at_most,
4104  &reached_eof,
4105  socket_error));
4106  if (reached_eof)
4107  conn->inbuf_reached_eof = 1;
4108 
4109 // log_fn(LOG_DEBUG,"read_to_buf returned %d.",read_result);
4110 
4111  if (result < 0)
4112  return -1;
4113  n_read = (size_t) result;
4114  }
4115 
4116  if (n_read > 0) {
4117  /* change *max_to_read */
4118  *max_to_read = at_most - n_read;
4119 
4120  /* Update edge_conn->n_read */
4121  if (conn->type == CONN_TYPE_AP) {
4122  edge_connection_t *edge_conn = TO_EDGE_CONN(conn);
4123 
4124  /* Check for overflow: */
4125  if (PREDICT_LIKELY(UINT32_MAX - edge_conn->n_read > n_read))
4126  edge_conn->n_read += (int)n_read;
4127  else
4128  edge_conn->n_read = UINT32_MAX;
4129  }
4130 
4131  /* If CONN_BW events are enabled, update conn->n_read_conn_bw for
4132  * OR/DIR/EXIT connections, checking for overflow. */
4134  (conn->type == CONN_TYPE_OR ||
4135  conn->type == CONN_TYPE_DIR ||
4136  conn->type == CONN_TYPE_EXIT)) {
4137  if (PREDICT_LIKELY(UINT32_MAX - conn->n_read_conn_bw > n_read))
4138  conn->n_read_conn_bw += (int)n_read;
4139  else
4140  conn->n_read_conn_bw = UINT32_MAX;
4141  }
4142  }
4143 
4144  connection_buckets_decrement(conn, approx_time(), n_read, n_written);
4145 
4146  if (more_to_read && result == at_most) {
4147  slack_in_buf = buf_slack(conn->inbuf);
4148  at_most = more_to_read;
4149  goto again;
4150  }
4151 
4152  /* Call even if result is 0, since the global read bucket may
4153  * have reached 0 on a different conn, and this connection needs to
4154  * know to stop reading. */
4156  if (n_written > 0 && connection_is_writing(conn))
4158 
4159  return 0;
4160 }
4161 
4162 /** A pass-through to fetch_from_buf. */
4163 int
4164 connection_buf_get_bytes(char *string, size_t len, connection_t *conn)
4165 {
4166  return buf_get_bytes(conn->inbuf, string, len);
4167 }
4168 
4169 /** As buf_get_line(), but read from a connection's input buffer. */
4170 int
4172  size_t *data_len)
4173 {
4174  return buf_get_line(conn->inbuf, data, data_len);
4175 }
4176 
4177 /** As fetch_from_buf_http, but fetches from a connection's input buffer_t as
4178  * appropriate. */
4179 int
4181  char **headers_out, size_t max_headerlen,
4182  char **body_out, size_t *body_used,
4183  size_t max_bodylen, int force_complete)
4184 {
4185  return fetch_from_buf_http(conn->inbuf, headers_out, max_headerlen,
4186  body_out, body_used, max_bodylen, force_complete);
4187 }
4188 
4189 /** Return true if this connection has data to flush. */
4190 int
4192 {
4193  return connection_get_outbuf_len(conn) > 0;
4194 }
4195 
4196 /** Are there too many bytes on edge connection <b>conn</b>'s outbuf to
4197  * send back a relay-level sendme yet? Return 1 if so, 0 if not. Used by
4198  * connection_edge_consider_sending_sendme().
4199  */
4200 int
4202 {
4203  return connection_get_outbuf_len(conn) > 10*CELL_PAYLOAD_SIZE;
4204 }
4205 
4206 /**
4207  * On Windows Vista and Windows 7, tune the send buffer size according to a
4208  * hint from the OS.
4209  *
4210  * This should help fix slow upload rates.
4211  */
4212 static void
4214 {
4215 #ifdef _WIN32
4216  /* We only do this on Vista and 7, because earlier versions of Windows
4217  * don't have the SIO_IDEAL_SEND_BACKLOG_QUERY functionality, and on
4218  * later versions it isn't necessary. */
4219  static int isVistaOr7 = -1;
4220  if (isVistaOr7 == -1) {
4221  isVistaOr7 = 0;
4222  OSVERSIONINFO osvi = { 0 };
4223  osvi.dwOSVersionInfoSize = sizeof(OSVERSIONINFO);
4224  GetVersionEx(&osvi);
4225  if (osvi.dwMajorVersion == 6 && osvi.dwMinorVersion < 2)
4226  isVistaOr7 = 1;
4227  }
4228  if (!isVistaOr7)
4229  return;
4230  if (get_options()->ConstrainedSockets)
4231  return;
4232  ULONG isb = 0;
4233  DWORD bytesReturned = 0;
4234  if (!WSAIoctl(sock, SIO_IDEAL_SEND_BACKLOG_QUERY, NULL, 0,
4235  &isb, sizeof(isb), &bytesReturned, NULL, NULL)) {
4236  setsockopt(sock, SOL_SOCKET, SO_SNDBUF, (const char*)&isb, sizeof(isb));
4237  }
4238 #else /* !defined(_WIN32) */
4239  (void) sock;
4240 #endif /* defined(_WIN32) */
4241 }
4242 
4243 /** Try to flush more bytes onto <b>conn</b>->s.
4244  *
4245  * This function is called in connection_handle_write(), which gets
4246  * called from conn_write_callback() in main.c when libevent tells us
4247  * that <b>conn</b> wants to write.
4248  *
4249  * Update <b>conn</b>->timestamp_last_write_allowed to now, and call flush_buf
4250  * or flush_buf_tls appropriately. If it succeeds and there are no more
4251  * more bytes on <b>conn</b>->outbuf, then call connection_finished_flushing
4252  * on it too.
4253  *
4254  * If <b>force</b>, then write as many bytes as possible, ignoring bandwidth
4255  * limits. (Used for flushing messages to controller connections on fatal
4256  * errors.)
4257  *
4258  * Mark the connection and return -1 if you want to close it, else
4259  * return 0.
4260  */
4261 static int
4263 {
4264  int e;
4265  socklen_t len=(socklen_t)sizeof(e);
4266  int result;
4267  ssize_t max_to_write;
4268  time_t now = approx_time();
4269  size_t n_read = 0, n_written = 0;
4270  int dont_stop_writing = 0;
4271 
4273 
4274  if (conn->marked_for_close || !SOCKET_OK(conn->s))
4275  return 0; /* do nothing */
4276 
4277  if (conn->in_flushed_some) {
4278  log_warn(LD_BUG, "called recursively from inside conn->in_flushed_some");
4279  return 0;
4280  }
4281 
4282  conn->timestamp_last_write_allowed = now;
4283 
4285 
4286  /* Sometimes, "writable" means "connected". */
4287  if (connection_state_is_connecting(conn)) {
4288  if (getsockopt(conn->s, SOL_SOCKET, SO_ERROR, (void*)&e, &len) < 0) {
4289  log_warn(LD_BUG, "getsockopt() syscall failed");
4290  if (conn->type == CONN_TYPE_OR) {
4291  or_connection_t *orconn = TO_OR_CONN(conn);
4292  connection_or_close_for_error(orconn, 0);
4293  } else {
4294  if (CONN_IS_EDGE(conn)) {
4296  }
4297  connection_mark_for_close(conn);
4298  }
4299  return -1;
4300  }
4301  if (e) {
4302  /* some sort of error, but maybe just inprogress still */
4303  if (!ERRNO_IS_CONN_EINPROGRESS(e)) {
4304  log_info(LD_NET,"in-progress connect failed. Removing. (%s)",
4305  tor_socket_strerror(e));
4306  if (CONN_IS_EDGE(conn))
4308  if (conn->type == CONN_TYPE_OR)
4311  tor_socket_strerror(e));
4312 
4314  /*
4315  * This can bypass normal channel checking since we did
4316  * connection_or_notify_error() above.
4317  */
4318  connection_mark_for_close_internal(conn);
4319  return -1;
4320  } else {
4321  return 0; /* no change, see if next time is better */
4322  }
4323  }
4324  /* The connection is successful. */
4325  if (connection_finished_connecting(conn)<0)
4326  return -1;
4327  }
4328 
4329  max_to_write = force ? (ssize_t)buf_datalen(conn->outbuf)
4330  : connection_bucket_write_limit(conn, now);
4331 
4332  if (connection_speaks_cells(conn) &&
4334  or_connection_t *or_conn = TO_OR_CONN(conn);
4335  size_t initial_size;
4336  if (conn->state == OR_CONN_STATE_TLS_HANDSHAKING ||
4339  if (connection_tls_continue_handshake(or_conn) < 0) {
4340  /* Don't flush; connection is dead. */
4342  END_OR_CONN_REASON_MISC,
4343  "TLS error in connection_tls_"
4344  "continue_handshake()");
4346  /*
4347  * This can bypass normal channel checking since we did
4348  * connection_or_notify_error() above.
4349  */
4350  connection_mark_for_close_internal(conn);
4351  return -1;
4352  }
4353  return 0;
4354  } else if (conn->state == OR_CONN_STATE_TLS_SERVER_RENEGOTIATING) {
4355  return connection_handle_read(conn);
4356  }
4357 
4358  /* else open, or closing */
4359  initial_size = buf_datalen(conn->outbuf);
4360  result = buf_flush_to_tls(conn->outbuf, or_conn->tls,
4361  max_to_write);
4362 
4363  if (result >= 0)
4364  update_send_buffer_size(conn->s);
4365 
4366  /* If we just flushed the last bytes, tell the channel on the
4367  * or_conn to check if it needs to geoip_change_dirreq_state() */
4368  /* XXXX move this to flushed_some or finished_flushing -NM */
4369  if (buf_datalen(conn->outbuf) == 0 && or_conn->chan)
4370  channel_notify_flushed(TLS_CHAN_TO_BASE(or_conn->chan));
4371 
4372  switch (result) {
4374  case TOR_TLS_CLOSE:
4375  or_conn->tls_error = result;
4376  log_info(LD_NET, result != TOR_TLS_CLOSE ?
4377  "tls error. breaking.":"TLS connection closed on flush");
4378  /* Don't flush; connection is dead. */
4380  END_OR_CONN_REASON_MISC,
4381  result != TOR_TLS_CLOSE ?
4382  "TLS error in during flush" :
4383  "TLS closed during flush");
4385  /*
4386  * This can bypass normal channel checking since we did
4387  * connection_or_notify_error() above.
4388  */
4389  connection_mark_for_close_internal(conn);
4390  return -1;
4391  case TOR_TLS_WANTWRITE:
4392  log_debug(LD_NET,"wanted write.");
4393  /* we're already writing */
4394  dont_stop_writing = 1;
4395  break;
4396  case TOR_TLS_WANTREAD:
4397  /* Make sure to avoid a loop if the receive buckets are empty. */
4398  log_debug(LD_NET,"wanted read.");
4399  if (!connection_is_reading(conn)) {
4400  connection_write_bw_exhausted(conn, true);
4401  /* we'll start reading again when we get more tokens in our
4402  * read bucket; then we'll start writing again too.
4403  */
4404  }
4405  /* else no problem, we're already reading */
4406  return 0;
4407  /* case TOR_TLS_DONE:
4408  * for TOR_TLS_DONE, fall through to check if the flushlen
4409  * is empty, so we can stop writing.
4410  */
4411  }
4412 
4413  tor_tls_get_n_raw_bytes(or_conn->tls, &n_read, &n_written);
4414  log_debug(LD_GENERAL, "After TLS write of %d: %ld read, %ld written",
4415  result, (long)n_read, (long)n_written);
4416  or_conn->bytes_xmitted += result;
4417  or_conn->bytes_xmitted_by_tls += n_written;
4418  /* So we notice bytes were written even on error */
4419  /* XXXX This cast is safe since we can never write INT_MAX bytes in a
4420  * single set of TLS operations. But it looks kinda ugly. If we refactor
4421  * the *_buf_tls functions, we should make them return ssize_t or size_t
4422  * or something. */
4423  result = (int)(initial_size-buf_datalen(conn->outbuf));
4424  } else {
4425  CONN_LOG_PROTECT(conn,
4426  result = buf_flush_to_socket(conn->outbuf, conn->s,
4427  max_to_write));
4428  if (result < 0) {
4429  if (CONN_IS_EDGE(conn))
4431  if (conn->type == CONN_TYPE_AP) {
4432  /* writing failed; we couldn't send a SOCKS reply if we wanted to */
4434  }
4435 
4436  connection_close_immediate(conn); /* Don't flush; connection is dead. */
4437  connection_mark_for_close(conn);
4438  return -1;
4439  }
4440  update_send_buffer_size(conn->s);
4441  n_written = (size_t) result;
4442  }
4443 
4444  if (n_written && conn->type == CONN_TYPE_AP) {
4445  edge_connection_t *edge_conn = TO_EDGE_CONN(conn);
4446 
4447  /* Check for overflow: */
4448  if (PREDICT_LIKELY(UINT32_MAX - edge_conn->n_written > n_written))
4449  edge_conn->n_written += (int)n_written;
4450  else
4451  edge_conn->n_written = UINT32_MAX;
4452  }
4453 
4454  /* If CONN_BW events are enabled, update conn->n_written_conn_bw for
4455  * OR/DIR/EXIT connections, checking for overflow. */
4456  if (n_written && get_options()->TestingEnableConnBwEvent &&
4457  (conn->type == CONN_TYPE_OR ||
4458  conn->type == CONN_TYPE_DIR ||
4459  conn->type == CONN_TYPE_EXIT)) {
4460  if (PREDICT_LIKELY(UINT32_MAX - conn->n_written_conn_bw > n_written))
4461  conn->n_written_conn_bw += (int)n_written;
4462  else
4463  conn->n_written_conn_bw = UINT32_MAX;
4464  }
4465 
4466  connection_buckets_decrement(conn, approx_time(), n_read, n_written);
4467 
4468  if (result > 0) {
4469  /* If we wrote any bytes from our buffer, then call the appropriate
4470  * functions. */
4471  if (connection_flushed_some(conn) < 0) {
4472  if (connection_speaks_cells(conn)) {
4474  END_OR_CONN_REASON_MISC,
4475  "Got error back from "
4476  "connection_flushed_some()");
4477  }
4478 
4479  /*
4480  * This can bypass normal channel checking since we did
4481  * connection_or_notify_error() above.
4482  */
4483  connection_mark_for_close_internal(conn);
4484  }
4485  }
4486 
4487  if (!connection_wants_to_flush(conn) &&
4488  !dont_stop_writing) { /* it's done flushing */
4489  if (connection_finished_flushing(conn) < 0) {
4490  /* already marked */
4491  return -1;
4492  }
4493  return 0;
4494  }
4495 
4496  /* Call even if result is 0, since the global write bucket may
4497  * have reached 0 on a different conn, and this connection needs to
4498  * know to stop writing. */
4500  if (n_read > 0 && connection_is_reading(conn))
4502 
4503  return 0;
4504 }
4505 
4506 /* DOCDOC connection_handle_write */
4507 int
4508 connection_handle_write(connection_t *conn, int force)
4509 {
4510  int res;
4511  update_current_time(time(NULL));
4512  /* connection_handle_write_impl() might call connection_handle_read()
4513  * if we're in the middle of a v2 handshake, in which case it needs this
4514  * flag set. */
4515  conn->in_connection_handle_write = 1;
4516  res = connection_handle_write_impl(conn, force);
4517  conn->in_connection_handle_write = 0;
4518  return res;
4519 }
4520 
4521 /**
4522  * Try to flush data that's waiting for a write on <b>conn</b>. Return
4523  * -1 on failure, 0 on success.
4524  *
4525  * Don't use this function for regular writing; the buffers
4526  * system should be good enough at scheduling writes there. Instead, this
4527  * function is for cases when we're about to exit or something and we want
4528  * to report it right away.
4529  */
4530 int
4532 {
4533  return connection_handle_write(conn, 1);
4534 }
4535 
4536 /** Helper for connection_write_to_buf_impl and connection_write_buf_to_buf:
4537  *
4538  * Return true iff it is okay to queue bytes on <b>conn</b>'s outbuf for
4539  * writing.
4540  */
4541 static int
4543 {
4544  /* if it's marked for close, only allow write if we mean to flush it */
4545  if (conn->marked_for_close && !conn->hold_open_until_flushed)
4546  return 0;
4547 
4548  return 1;
4549 }
4550 
4551 /** Helper for connection_write_to_buf_impl and connection_write_buf_to_buf:
4552  *
4553  * Called when an attempt to add bytes on <b>conn</b>'s outbuf has failed;
4554  * mark the connection and warn as appropriate.
4555  */
4556 static void
4558 {
4559  if (CONN_IS_EDGE(conn)) {
4560  /* if it failed, it means we have our package/delivery windows set
4561  wrong compared to our max outbuf size. close the whole circuit. */
4562  log_warn(LD_NET,
4563  "write_to_buf failed. Closing circuit (fd %d).", (int)conn->s);
4564  circuit_mark_for_close(circuit_get_by_edge_conn(TO_EDGE_CONN(conn)),
4565  END_CIRC_REASON_INTERNAL);
4566  } else if (conn->type == CONN_TYPE_OR) {
4567  or_connection_t *orconn = TO_OR_CONN(conn);
4568  log_warn(LD_NET,
4569  "write_to_buf failed on an orconn; notifying of error "
4570  "(fd %d)", (int)(conn->s));
4571  connection_or_close_for_error(orconn, 0);
4572  } else {
4573  log_warn(LD_NET,
4574  "write_to_buf failed. Closing connection (fd %d).",
4575  (int)conn->s);
4576  connection_mark_for_close(conn);
4577  }
4578 }
4579 
4580 /** Helper for connection_write_to_buf_impl and connection_write_buf_to_buf:
4581  *
4582  * Called when an attempt to add bytes on <b>conn</b>'s outbuf has succeeded:
4583  * start writing if appropriate.
4584  */
4585 static void
4587 {
4588  /* If we receive optimistic data in the EXIT_CONN_STATE_RESOLVING
4589  * state, we don't want to try to write it right away, since
4590  * conn->write_event won't be set yet. Otherwise, write data from
4591  * this conn as the socket is available. */
4592  if (conn->write_event) {
4594  }
4595 }
4596 
4597 /** Append <b>len</b> bytes of <b>string</b> onto <b>conn</b>'s
4598  * outbuf, and ask it to start writing.
4599  *
4600  * If <b>zlib</b> is nonzero, this is a directory connection that should get
4601  * its contents compressed or decompressed as they're written. If zlib is
4602  * negative, this is the last data to be compressed, and the connection's zlib
4603  * state should be flushed.
4604  */
4605 MOCK_IMPL(void,
4606 connection_write_to_buf_impl_,(const char *string, size_t len,
4607  connection_t *conn, int zlib))
4608 {
4609  /* XXXX This function really needs to return -1 on failure. */
4610  int r;
4611  if (!len && !(zlib<0))
4612  return;
4613 
4614  if (!connection_may_write_to_buf(conn))
4615  return;
4616 
4617  if (zlib) {
4618  dir_connection_t *dir_conn = TO_DIR_CONN(conn);
4619  int done = zlib < 0;
4620  CONN_LOG_PROTECT(conn, r = buf_add_compress(conn->outbuf,
4621  dir_conn->compress_state,
4622  string, len, done));
4623  } else {
4624  CONN_LOG_PROTECT(conn, r = buf_add(conn->outbuf, string, len));
4625  }
4626  if (r < 0) {
4628  return;
4629  }
4631 }
4632 
4633 /**
4634  * Write a <b>string</b> (of size <b>len</b> to directory connection
4635  * <b>dir_conn</b>. Apply compression if connection is configured to use
4636  * it and finalize it if <b>done</b> is true.
4637  */
4638 void
4639 connection_dir_buf_add(const char *string, size_t len,
4640  dir_connection_t *dir_conn, int done)
4641 {
4642  if (dir_conn->compress_state != NULL) {
4643  connection_buf_add_compress(string, len, dir_conn, done);
4644  return;
4645  }
4646 
4647  connection_buf_add(string, len, TO_CONN(dir_conn));
4648 }
4649 
4650 void
4651 connection_buf_add_compress(const char *string, size_t len,
4652  dir_connection_t *conn, int done)
4653 {
4654  connection_write_to_buf_impl_(string, len, TO_CONN(conn), done ? -1 : 1);
4655 }
4656 
4657 /**
4658  * Add all bytes from <b>buf</b> to <b>conn</b>'s outbuf, draining them
4659  * from <b>buf</b>. (If the connection is marked and will soon be closed,
4660  * nothing is drained.)
4661  */
4662 void
4664 {
4665  tor_assert(conn);
4666  tor_assert(buf);
4667  size_t len = buf_datalen(buf);
4668  if (len == 0)
4669  return;
4670 
4671  if (!connection_may_write_to_buf(conn))
4672  return;
4673 
4674  buf_move_all(conn->outbuf, buf);
4676 }
4677 
4678 #define CONN_GET_ALL_TEMPLATE(var, test) \
4679  STMT_BEGIN \
4680  smartlist_t *conns = get_connection_array(); \
4681  smartlist_t *ret_conns = smartlist_new(); \
4682  SMARTLIST_FOREACH_BEGIN(conns, connection_t *, var) { \
4683  if (var && (test) && !var->marked_for_close) \
4684  smartlist_add(ret_conns, var); \
4685  } SMARTLIST_FOREACH_END(var); \
4686  return ret_conns; \
4687  STMT_END
4688 
4689 /* Return a list of connections that aren't close and matches the given type
4690  * and state. The returned list can be empty and must be freed using
4691  * smartlist_free(). The caller does NOT have ownership of the objects in the
4692  * list so it must not free them nor reference them as they can disappear. */
4693 smartlist_t *
4694 connection_list_by_type_state(int type, int state)
4695 {
4696  CONN_GET_ALL_TEMPLATE(conn, (conn->type == type && conn->state == state));
4697 }
4698 
4699 /* Return a list of connections that aren't close and matches the given type
4700  * and purpose. The returned list can be empty and must be freed using
4701  * smartlist_free(). The caller does NOT have ownership of the objects in the
4702  * list so it must not free them nor reference them as they can disappear. */
4703 smartlist_t *
4704 connection_list_by_type_purpose(int type, int purpose)
4705 {
4706  CONN_GET_ALL_TEMPLATE(conn,
4707  (conn->type == type && conn->purpose == purpose));
4708 }
4709 
4710 /** Return a connection_t * from get_connection_array() that satisfies test on
4711  * var, and that is not marked for close. */
4712 #define CONN_GET_TEMPLATE(var, test) \
4713  STMT_BEGIN \
4714  smartlist_t *conns = get_connection_array(); \
4715  SMARTLIST_FOREACH(conns, connection_t *, var, \
4716  { \
4717  if (var && (test) && !var->marked_for_close) \
4718  return var; \
4719  }); \
4720  return NULL; \
4721  STMT_END
4722 
4723 /** Return a connection with given type, address, port, and purpose;
4724  * or NULL if no such connection exists (or if all such connections are marked
4725  * for close). */
4728  const tor_addr_t *addr, uint16_t port,
4729  int purpose))
4730 {
4731  CONN_GET_TEMPLATE(conn,
4732  (conn->type == type &&
4733  tor_addr_eq(&conn->addr, addr) &&
4734  conn->port == port &&
4735  conn->purpose == purpose));
4736 }
4737 
4738 /** Return the stream with id <b>id</b> if it is not already marked for
4739  * close.
4740  */
4741 connection_t *
4743 {
4744  CONN_GET_TEMPLATE(conn, conn->global_identifier == id);
4745 }
4746 
4747 /** Return a connection of type <b>type</b> that is not marked for close.
4748  */
4749 connection_t *
4751 {
4752  CONN_GET_TEMPLATE(conn, conn->type == type);
4753 }
4754 
4755 /** Return a connection of type <b>type</b> that is in state <b>state</b>,
4756  * and that is not marked for close.
4757  */
4758 connection_t *
4759 connection_get_by_type_state(int type, int state)
4760 {
4761  CONN_GET_TEMPLATE(conn, conn->type == type && conn->state == state);
4762 }
4763 
4764 /**
4765  * Return a connection of type <b>type</b> that is not an internally linked
4766  * connection, and is not marked for close.
4767  **/
4770 {
4771  CONN_GET_TEMPLATE(conn, conn->type == type && !conn->linked);
4772 }
4773 
4774 /** Return a connection of type <b>type</b> that has rendquery equal
4775  * to <b>rendquery</b>, and that is not marked for close. If state
4776  * is non-zero, conn must be of that state too.
4777  */
4778 connection_t *
4780  const char *rendquery)
4781 {
4782  tor_assert(type == CONN_TYPE_DIR ||
4783  type == CONN_TYPE_AP || type == CONN_TYPE_EXIT);
4784  tor_assert(rendquery);
4785 
4786  CONN_GET_TEMPLATE(conn,
4787  (conn->type == type &&
4788  (!state || state == conn->state)) &&
4789  (
4790  (type == CONN_TYPE_DIR &&
4791  TO_DIR_CONN(conn)->rend_data &&
4792  !rend_cmp_service_ids(rendquery,
4793  rend_data_get_address(TO_DIR_CONN(conn)->rend_data)))
4794  ||
4795  (CONN_IS_EDGE(conn) &&
4796  TO_EDGE_CONN(conn)->rend_data &&
4797  !rend_cmp_service_ids(rendquery,
4798  rend_data_get_address(TO_EDGE_CONN(conn)->rend_data)))
4799  ));
4800 }
4801 
4802 /** Return a new smartlist of dir_connection_t * from get_connection_array()
4803  * that satisfy conn_test on connection_t *conn_var, and dirconn_test on
4804  * dir_connection_t *dirconn_var. conn_var must be of CONN_TYPE_DIR and not
4805  * marked for close to be included in the list. */
4806 #define DIR_CONN_LIST_TEMPLATE(conn_var, conn_test, \
4807  dirconn_var, dirconn_test) \
4808  STMT_BEGIN \
4809  smartlist_t *conns = get_connection_array(); \
4810  smartlist_t *dir_conns = smartlist_new(); \
4811  SMARTLIST_FOREACH_BEGIN(conns, connection_t *, conn_var) { \
4812  if (conn_var && (conn_test) \
4813  && conn_var->type == CONN_TYPE_DIR \
4814  && !conn_var->marked_for_close) { \
4815  dir_connection_t *dirconn_var = TO_DIR_CONN(conn_var); \
4816  if (dirconn_var && (dirconn_test)) { \
4817  smartlist_add(dir_conns, dirconn_var); \
4818  } \
4819  } \
4820  } SMARTLIST_FOREACH_END(conn_var); \
4821  return dir_conns; \
4822  STMT_END
4823 
4824 /** Return a list of directory connections that are fetching the item
4825  * described by <b>purpose</b>/<b>resource</b>. If there are none,
4826  * return an empty list. This list must be freed using smartlist_free,
4827  * but the pointers in it must not be freed.
4828  * Note that this list should not be cached, as the pointers in it can be
4829  * freed if their connections close. */
4830 smartlist_t *
4832  int purpose,
4833  const char *resource)
4834 {
4836  conn->purpose == purpose,
4837  dirconn,
4838  0 == strcmp_opt(resource,
4839  dirconn->requested_resource));
4840 }
4841 
4842 /** Return a list of directory connections that are fetching the item
4843  * described by <b>purpose</b>/<b>resource</b>/<b>state</b>. If there are
4844  * none, return an empty list. This list must be freed using smartlist_free,
4845  * but the pointers in it must not be freed.
4846  * Note that this list should not be cached, as the pointers in it can be
4847  * freed if their connections close. */
4848 smartlist_t *
4850  int purpose,
4851  const char *resource,
4852  int state)
4853 {
4855  conn->purpose == purpose && conn->state == state,
4856  dirconn,
4857  0 == strcmp_opt(resource,
4858  dirconn->requested_resource));
4859 }
4860 
4861 #undef DIR_CONN_LIST_TEMPLATE
4862 
4863 /** Return an arbitrary active OR connection that isn't <b>this_conn</b>.
4864  *
4865  * We use this to guess if we should tell the controller that we
4866  * didn't manage to connect to any of our bridges. */
4867 static connection_t *
4869 {
4870  CONN_GET_TEMPLATE(conn,
4871  conn != TO_CONN(this_conn) && conn->type == CONN_TYPE_OR);
4872 }
4873 
4874 /** Return 1 if there are any active OR connections apart from
4875  * <b>this_conn</b>.
4876  *
4877  * We use this to guess if we should tell the controller that we
4878  * didn't manage to connect to any of our bridges. */
4879 int
4881 {
4883  if (conn != NULL) {
4884  log_debug(LD_DIR, "%s: Found an OR connection: %s",
4885  __func__, connection_describe(conn));
4886  return 1;
4887  }
4888 
4889  return 0;
4890 }
4891 
4892 #undef CONN_GET_TEMPLATE
4893 
4894 /** Return 1 if <b>conn</b> is a listener conn, else return 0. */
4895 int
4897 {
4898  if (conn->type == CONN_TYPE_OR_LISTENER ||
4899  conn->type == CONN_TYPE_EXT_OR_LISTENER ||
4900  conn->type == CONN_TYPE_AP_LISTENER ||
4901  conn->type == CONN_TYPE_AP_TRANS_LISTENER ||
4902  conn->type == CONN_TYPE_AP_DNS_LISTENER ||
4903  conn->type == CONN_TYPE_AP_NATD_LISTENER ||
4905  conn->type == CONN_TYPE_DIR_LISTENER ||
4907  return 1;
4908  return 0;
4909 }
4910 
4911 /** Return 1 if <b>conn</b> is in state "open" and is not marked
4912  * for close, else return 0.
4913  */
4914 int
4916 {
4917  tor_assert(conn);
4918 
4919  if (conn->marked_for_close)
4920  return 0;
4921 
4922  if ((conn->type == CONN_TYPE_OR && conn->state == OR_CONN_STATE_OPEN) ||
4923  (conn->type == CONN_TYPE_EXT_OR) ||
4924  (conn->type == CONN_TYPE_AP && conn->state == AP_CONN_STATE_OPEN) ||
4925  (conn->type == CONN_TYPE_EXIT && conn->state == EXIT_CONN_STATE_OPEN) ||
4926  (conn->type == CONN_TYPE_CONTROL &&
4927  conn->state == CONTROL_CONN_STATE_OPEN))
4928  return 1;
4929 
4930  return 0;
4931 }
4932 
4933 /** Return 1 if conn is in 'connecting' state, else return 0. */
4934 int
4936 {
4937  tor_assert(conn);
4938 
4939  if (conn->marked_for_close)
4940  return 0;
4941  switch (conn->type)
4942  {
4943  case CONN_TYPE_OR:
4944  return conn->state == OR_CONN_STATE_CONNECTING;
4945  case CONN_TYPE_EXIT:
4946  return conn->state == EXIT_CONN_STATE_CONNECTING;
4947  case CONN_TYPE_DIR:
4948  return conn->state == DIR_CONN_STATE_CONNECTING;
4949  }
4950 
4951  return 0;
4952 }
4953 
4954 /** Allocates a base64'ed authenticator for use in http or https
4955  * auth, based on the input string <b>authenticator</b>. Returns it
4956  * if success, else returns NULL. */
4957 char *
4958 alloc_http_authenticator(const char *authenticator)
4959 {
4960  /* an authenticator in Basic authentication
4961  * is just the string "username:password" */
4962  const size_t authenticator_length = strlen(authenticator);
4963  const size_t base64_authenticator_length =
4964  base64_encode_size(authenticator_length, 0) + 1;
4965  char *base64_authenticator = tor_malloc(base64_authenticator_length);
4966  if (base64_encode(base64_authenticator, base64_authenticator_length,
4967  authenticator, authenticator_length, 0) < 0) {
4968  tor_free(base64_authenticator); /* free and set to null */
4969  }
4970  return base64_authenticator;
4971 }
4972 
4973 /** Given a socket handle, check whether the local address (sockname) of the
4974  * socket is one that we've connected from before. If so, double-check
4975  * whether our address has changed and we need to generate keys. If we do,
4976  * call init_keys().
4977  */
4978 static void
4980 {
4981  tor_addr_t out_addr, iface_addr;
4982  tor_addr_t **last_interface_ip_ptr;
4983  sa_family_t family;
4984 
4985  if (!outgoing_addrs)
4987 
4988  if (tor_addr_from_getsockname(&out_addr, sock) < 0) {
4989  int e = tor_socket_errno(sock);
4990  log_warn(LD_NET, "getsockname() to check for address change failed: %s",
4991  tor_socket_strerror(e));
4992  return;
4993  }
4994  family = tor_addr_family(&out_addr);
4995 
4996  if (family == AF_INET)
4997  last_interface_ip_ptr = &last_interface_ipv4;
4998  else if (family == AF_INET6)
4999  last_interface_ip_ptr = &last_interface_ipv6;
5000  else
5001  return;
5002 
5003  if (! *last_interface_ip_ptr) {
5004  tor_addr_t *a = tor_malloc_zero(sizeof(tor_addr_t));
5005  if (get_interface_address6(LOG_INFO, family, a)==0) {
5006  *last_interface_ip_ptr = a;
5007  } else {
5008  tor_free(a);
5009  }
5010  }
5011 
5012  /* If we've used this address previously, we're okay. */
5014  if (tor_addr_eq(a_ptr, &out_addr))
5015  return;
5016  );
5017 
5018  /* Uh-oh. We haven't connected from this address before. Has the interface
5019  * address changed? */
5020  if (get_interface_address6(LOG_INFO, family, &iface_addr)<0)
5021  return;
5022 
5023  if (tor_addr_eq(&iface_addr, *last_interface_ip_ptr)) {
5024  /* Nope, it hasn't changed. Add this address to the list. */
5025  smartlist_add(outgoing_addrs, tor_memdup(&out_addr, sizeof(tor_addr_t)));
5026  } else {
5027  /* The interface changed. We're a client, so we need to regenerate our
5028  * keys. First, reset the state. */
5029  log_notice(LD_NET, "Our IP address has changed. Rotating keys...");
5030  tor_addr_copy(*last_interface_ip_ptr, &iface_addr);
5033  smartlist_add(outgoing_addrs, tor_memdup(&out_addr, sizeof(tor_addr_t)));
5034  /* We'll need to resolve ourselves again. */
5035  resolved_addr_reset_last(AF_INET);
5036  /* Okay, now change our keys. */
5037  ip_address_changed(1);
5038  }
5039 }
5040 
5041 /** Some systems have limited system buffers for recv and xmit on
5042  * sockets allocated in a virtual server or similar environment. For a Tor
5043  * server this can produce the "Error creating network socket: No buffer
5044  * space available" error once all available TCP buffer space is consumed.
5045  * This method will attempt to constrain the buffers allocated for the socket
5046  * to the desired size to stay below system TCP buffer limits.
5047  */
5048 static void
5050 {
5051  void *sz = (void*)&size;
5052  socklen_t sz_sz = (socklen_t) sizeof(size);
5053  if (setsockopt(sock, SOL_SOCKET, SO_SNDBUF, sz, sz_sz) < 0) {
5054  int e = tor_socket_errno(sock);
5055  log_warn(LD_NET, "setsockopt() to constrain send "
5056  "buffer to %d bytes failed: %s", size, tor_socket_strerror(e));
5057  }
5058  if (setsockopt(sock, SOL_SOCKET, SO_RCVBUF, sz, sz_sz) < 0) {
5059  int e = tor_socket_errno(sock);
5060  log_warn(LD_NET, "setsockopt() to constrain recv "
5061  "buffer to %d bytes failed: %s", size, tor_socket_strerror(e));
5062  }
5063 }
5064 
5065 /** Process new bytes that have arrived on conn->inbuf.
5066  *
5067  * This function just passes conn to the connection-specific
5068  * connection_*_process_inbuf() function. It also passes in
5069  * package_partial if wanted.
5070  */
5071 static int
5072 connection_process_inbuf(connection_t *conn, int package_partial)
5073 {
5074  tor_assert(conn);
5075 
5076  switch (conn->type) {
5077  case CONN_TYPE_OR:
5079  case CONN_TYPE_EXT_OR:
5081  case CONN_TYPE_EXIT:
5082  case CONN_TYPE_AP:
5084  package_partial);
5085  case CONN_TYPE_DIR:
5087  case CONN_TYPE_CONTROL:
5089  default:
5090  log_err(LD_BUG,"got unexpected conn type %d.", conn->type);
5092  return -1;
5093  }
5094 }
5095 
5096 /** Called whenever we've written data on a connection. */
5097 static int
5099 {
5100  int r = 0;
5101  tor_assert(!conn->in_flushed_some);
5102  conn->in_flushed_some = 1;
5103  if (conn->type == CONN_TYPE_DIR &&
5105  r = connection_dirserv_flushed_some(TO_DIR_CONN(conn));
5106  } else if (conn->type == CONN_TYPE_OR) {
5108  } else if (CONN_IS_EDGE(conn)) {
5110  }
5111  conn->in_flushed_some = 0;
5112  return r;
5113 }
5114 
5115 /** We just finished flushing bytes to the appropriately low network layer,
5116  * and there are no more bytes remaining in conn->outbuf or
5117  * conn->tls to be flushed.
5118  *
5119  * This function just passes conn to the connection-specific
5120  * connection_*_finished_flushing() function.
5121  */
5122 static int
5124 {
5125  tor_assert(conn);
5126 
5127  /* If the connection is closed, don't try to do anything more here. */
5128  if (CONN_IS_CLOSED(conn))
5129  return 0;
5130 
5131 // log_fn(LOG_DEBUG,"entered. Socket %u.", conn->s);
5132 
5134 
5135  switch (conn->type) {
5136  case CONN_TYPE_OR:
5138  case CONN_TYPE_EXT_OR:
5140  case CONN_TYPE_AP:
5141  case CONN_TYPE_EXIT:
5143  case CONN_TYPE_DIR:
5145  case CONN_TYPE_CONTROL:
5147  default:
5148  log_err(LD_BUG,"got unexpected conn type %d.", conn->type);
5150  return -1;
5151  }
5152 }
5153 
5154 /** Called when our attempt to connect() to a server has just succeeded.
5155  *
5156  * This function checks if the interface address has changed (clients only),
5157  * and then passes conn to the connection-specific
5158  * connection_*_finished_connecting() function.
5159  */
5160 static int
5162 {
5163  tor_assert(conn);
5164 
5165  if (!server_mode(get_options())) {
5166  /* See whether getsockname() says our address changed. We need to do this
5167  * now that the connection has finished, because getsockname() on Windows
5168  * won't work until then. */
5170  }
5171 
5172  switch (conn->type)
5173  {
5174  case CONN_TYPE_OR:
5176  case CONN_TYPE_EXIT:
5178  case CONN_TYPE_DIR:
5180  default:
5181  log_err(LD_BUG,"got unexpected conn type %d.", conn->type);
5183  return -1;
5184  }
5185 }
5186 
5187 /** Callback: invoked when a connection reaches an EOF event. */
5188 static int
5190 {
5191  switch (conn->type) {
5192  case CONN_TYPE_OR:
5193  case CONN_TYPE_EXT_OR:
5194  return connection_or_reached_eof(TO_OR_CONN(conn));
5195  case CONN_TYPE_AP:
5196  case CONN_TYPE_EXIT:
5198  case CONN_TYPE_DIR:
5200  case CONN_TYPE_CONTROL:
5202  default:
5203  log_err(LD_BUG,"got unexpected conn type %d.", conn->type);
5205  return -1;
5206  }
5207 }
5208 
5209 /** Comparator for the two-orconn case in OOS victim sort */
5210 static int
5212 {
5213  int a_circs, b_circs;
5214  /* Fewer circuits == higher priority for OOS kill, sort earlier */
5215 
5216  a_circs = connection_or_get_num_circuits(a);
5217  b_circs = connection_or_get_num_circuits(b);
5218 
5219  if (a_circs < b_circs) return 1;
5220  else if (a_circs > b_circs) return -1;
5221  else return 0;
5222 }
5223 
5224 /** Sort comparator for OOS victims; better targets sort before worse
5225  * ones. */
5226 static int
5227 oos_victim_comparator(const void **a_v, const void **b_v)
5228 {
5229  connection_t *a = NULL, *b = NULL;
5230 
5231  /* Get connection pointers out */
5232 
5233  a = (connection_t *)(*a_v);
5234  b = (connection_t *)(*b_v);
5235 
5236  tor_assert(a != NULL);
5237  tor_assert(b != NULL);
5238 
5239  /*
5240  * We always prefer orconns as victims currently; we won't even see
5241  * these non-orconn cases, but if we do, sort them after orconns.
5242  */
5243  if (a->type == CONN_TYPE_OR && b->type == CONN_TYPE_OR) {
5245  } else {
5246  /*
5247  * One isn't an orconn; if one is, it goes first. We currently have no
5248  * opinions about cases where neither is an orconn.
5249  */
5250  if (a->type == CONN_TYPE_OR) return -1;
5251  else if (b->type == CONN_TYPE_OR) return 1;
5252  else return 0;
5253  }
5254 }
5255 
5256 /** Pick n victim connections for the OOS handler and return them in a
5257  * smartlist.
5258  */
5261 {
5262  smartlist_t *eligible = NULL, *victims = NULL;
5263  smartlist_t *conns;
5264  int conn_counts_by_type[CONN_TYPE_MAX_ + 1], i;
5265 
5266  /*
5267  * Big damn assumption (someone improve this someday!):
5268  *
5269  * Socket exhaustion normally happens on high-volume relays, and so
5270  * most of the connections involved are orconns. We should pick victims
5271  * by assembling a list of all orconns, and sorting them in order of
5272  * how much 'damage' by some metric we'd be doing by dropping them.
5273  *
5274  * If we move on from orconns, we should probably think about incoming
5275  * directory connections next, or exit connections. Things we should
5276  * probably never kill are controller connections and listeners.
5277  *
5278  * This function will count how many connections of different types
5279  * exist and log it for purposes of gathering data on typical OOS
5280  * situations to guide future improvements.
5281  */
5282 
5283  /* First, get the connection array */
5284  conns = get_connection_array();
5285  /*
5286  * Iterate it and pick out eligible connection types, and log some stats
5287  * along the way.
5288  */
5289  eligible = smartlist_new();
5290  memset(conn_counts_by_type, 0, sizeof(conn_counts_by_type));
5291  SMARTLIST_FOREACH_BEGIN(conns, connection_t *, c) {
5292  /* Bump the counter */
5293  tor_assert(c->type <= CONN_TYPE_MAX_);
5294  ++(conn_counts_by_type[c->type]);
5295 
5296  /* Skip anything without a socket we can free */
5297  if (!(SOCKET_OK(c->s))) {
5298  continue;
5299  }
5300 
5301  /* Skip anything we would count as moribund */
5302  if (connection_is_moribund(c)) {
5303  continue;
5304  }
5305 
5306  switch (c->type) {
5307  case CONN_TYPE_OR:
5308  /* We've got an orconn, it's eligible to be OOSed */
5309  smartlist_add(eligible, c);
5310  break;
5311  default:
5312  /* We don't know what to do with it, ignore it */
5313  break;
5314  }
5315  } SMARTLIST_FOREACH_END(c);
5316 
5317  /* Log some stats */
5318  if (smartlist_len(conns) > 0) {
5319  /* At least one counter must be non-zero */
5320  log_info(LD_NET, "Some stats on conn types seen during OOS follow");
5321  for (i = CONN_TYPE_MIN_; i <= CONN_TYPE_MAX_; ++i) {
5322  /* Did we see any? */
5323  if (conn_counts_by_type[i] > 0) {
5324  log_info(LD_NET, "%s: %d conns",
5326  conn_counts_by_type[i]);
5327  }
5328  }
5329  log_info(LD_NET, "Done with OOS conn type stats");
5330  }
5331 
5332  /* Did we find more eligible targets than we want to kill? */
5333  if (smartlist_len(eligible) > n) {
5334  /* Sort the list in order of target preference */
5336  /* Pick first n as victims */
5337  victims = smartlist_new();
5338  for (i = 0; i < n; ++i) {
5339  smartlist_add(victims, smartlist_get(eligible, i));
5340  }
5341  /* Free the original list */
5342  smartlist_free(eligible);
5343  } else {
5344  /* No, we can just call them all victims */
5345  victims = eligible;
5346  }
5347 
5348  return victims;
5349 }
5350 
5351 /** Kill a list of connections for the OOS handler. */
5352 MOCK_IMPL(STATIC void,
5354 {
5355  if (!conns) return;
5356 
5357  SMARTLIST_FOREACH_BEGIN(conns, connection_t *, c) {
5358  /* Make sure the channel layer gets told about orconns */
5359  if (c->type == CONN_TYPE_OR) {
5361  } else {
5362  connection_mark_for_close(c);
5363  }
5364  } SMARTLIST_FOREACH_END(c);
5365 
5366  log_notice(LD_NET,
5367  "OOS handler marked %d connections",
5368  smartlist_len(conns));
5369 }
5370 
5371 /** Check if a connection is on the way out so the OOS handler doesn't try
5372  * to kill more than it needs. */
5373 int
5375 {
5376  if (conn != NULL &&
5377  (conn->conn_array_index < 0 ||
5378  conn->marked_for_close)) {
5379  return 1;
5380  } else {
5381  return 0;
5382  }
5383 }
5384 
5385 /** Out-of-Sockets handler; n_socks is the current number of open
5386  * sockets, and failed is non-zero if a socket exhaustion related
5387  * error immediately preceded this call. This is where to do
5388  * circuit-killing heuristics as needed.
5389  */
5390 void
5391 connection_check_oos(int n_socks, int failed)
5392 {
5393  int target_n_socks = 0, moribund_socks, socks_to_kill;
5394  smartlist_t *conns;
5395 
5396  /* Early exit: is OOS checking disabled? */
5397  if (get_options()->DisableOOSCheck) {
5398  return;
5399  }
5400 
5401  /* Sanity-check args */
5402  tor_assert(n_socks >= 0);
5403 
5404  /*
5405  * Make some log noise; keep it at debug level since this gets a chance
5406  * to run on every connection attempt.
5407  */
5408  log_debug(LD_NET,
5409  "Running the OOS handler (%d open sockets, %s)",
5410  n_socks, (failed != 0) ? "exhaustion seen" : "no exhaustion");
5411 
5412  /*
5413  * Check if we're really handling an OOS condition, and if so decide how
5414  * many sockets we want to get down to. Be sure we check if the threshold
5415  * is distinct from zero first; it's possible for this to be called a few
5416  * times before we've finished reading the config.
5417  */
5418  if (n_socks >= get_options()->ConnLimit_high_thresh &&
5419  get_options()->ConnLimit_high_thresh != 0 &&
5420  get_options()->ConnLimit_ != 0) {
5421  /* Try to get down to the low threshold */
5422  target_n_socks = get_options()->ConnLimit_low_thresh;
5423  log_notice(LD_NET,
5424  "Current number of sockets %d is greater than configured "
5425  "limit %d; OOS handler trying to get down to %d",
5426  n_socks, get_options()->ConnLimit_high_thresh,
5427  target_n_socks);
5428  } else if (failed) {
5429  /*
5430  * If we're not at the limit but we hit a socket exhaustion error, try to
5431  * drop some (but not as aggressively as ConnLimit_low_threshold, which is
5432  * 3/4 of ConnLimit_)
5433  */
5434  target_n_socks = (n_socks * 9) / 10;
5435  log_notice(LD_NET,
5436  "We saw socket exhaustion at %d open sockets; OOS handler "
5437  "trying to get down to %d",
5438  n_socks, target_n_socks);
5439  }
5440 
5441  if (target_n_socks > 0) {
5442  /*
5443  * It's an OOS!
5444  *
5445  * Count moribund sockets; it's be important that anything we decide
5446  * to get rid of here but don't immediately close get counted as moribund
5447  * on subsequent invocations so we don't try to kill too many things if
5448  * connection_check_oos() gets called multiple times.
5449  */
5450  moribund_socks = connection_count_moribund();
5451 
5452  if (moribund_socks < n_socks - target_n_socks) {
5453  socks_to_kill = n_socks - target_n_socks - moribund_socks;
5454 
5455  conns = pick_oos_victims(socks_to_kill);
5456  if (conns) {
5457  kill_conn_list_for_oos(conns);
5458  log_notice(LD_NET,
5459  "OOS handler killed %d conns", smartlist_len(conns));
5460  smartlist_free(conns);
5461  } else {
5462  log_notice(LD_NET, "OOS handler failed to pick any victim conns");
5463  }
5464  } else {
5465  log_notice(LD_NET,
5466  "Not killing any sockets for OOS because there are %d "
5467  "already moribund, and we only want to eliminate %d",
5468  moribund_socks, n_socks - target_n_socks);
5469  }
5470  }
5471 }
5472 
5473 /** Log how many bytes are used by buffers of different kinds and sizes. */
5474 void
5476 {
5477  uint64_t used_by_type[CONN_TYPE_MAX_+1];
5478  uint64_t alloc_by_type[CONN_TYPE_MAX_+1];
5479  int n_conns_by_type[CONN_TYPE_MAX_+1];
5480  uint64_t total_alloc = 0;
5481  uint64_t total_used = 0;
5482  int i;
5483  smartlist_t *conns = get_connection_array();
5484 
5485  memset(used_by_type, 0, sizeof(used_by_type));
5486  memset(alloc_by_type, 0, sizeof(alloc_by_type));
5487  memset(n_conns_by_type, 0, sizeof(n_conns_by_type));
5488 
5489  SMARTLIST_FOREACH_BEGIN(conns, connection_t *, c) {
5490  int tp = c->type;
5491  ++n_conns_by_type[tp];
5492  if (c->inbuf) {
5493  used_by_type[tp] += buf_datalen(c->inbuf);
5494  alloc_by_type[tp] += buf_allocation(c->inbuf);
5495  }
5496  if (c->outbuf) {
5497  used_by_type[tp] += buf_datalen(c->outbuf);
5498  alloc_by_type[tp] += buf_allocation(c->outbuf);
5499  }
5500  } SMARTLIST_FOREACH_END(c);
5501  for (i=0; i <= CONN_TYPE_MAX_; ++i) {
5502  total_used += used_by_type[i];
5503  total_alloc += alloc_by_type[i];
5504  }
5505 
5506  tor_log(severity, LD_GENERAL,
5507  "In buffers for %d connections: %"PRIu64" used/%"PRIu64" allocated",
5508  smartlist_len(conns),
5509  (total_used), (total_alloc));
5510  for (i=CONN_TYPE_MIN_; i <= CONN_TYPE_MAX_; ++i) {
5511  if (!n_conns_by_type[i])
5512  continue;
5513  tor_log(severity, LD_GENERAL,
5514  " For %d %s connections: %"PRIu64" used/%"PRIu64" allocated",
5515  n_conns_by_type[i], conn_type_to_string(i),
5516  (used_by_type[i]), (alloc_by_type[i]));
5517  }
5518 }
5519 
5520 /** Verify that connection <b>conn</b> has all of its invariants
5521  * correct. Trigger an assert if anything is invalid.
5522  */
5523 void
5525 {
5526  (void) now; /* XXXX unused. */
5527  tor_assert(conn);
5528  tor_assert(conn->type >= CONN_TYPE_MIN_);
5529  tor_assert(conn->type <= CONN_TYPE_MAX_);
5530 
5531  switch (conn->type) {
5532  case CONN_TYPE_OR:
5533  case CONN_TYPE_EXT_OR:
5534  tor_assert(conn->magic == OR_CONNECTION_MAGIC);
5535  break;
5536  case CONN_TYPE_AP:
5537  tor_assert(conn->magic == ENTRY_CONNECTION_MAGIC);
5538  break;
5539  case CONN_TYPE_EXIT:
5540  tor_assert(conn->magic == EDGE_CONNECTION_MAGIC);
5541  break;
5542  case CONN_TYPE_DIR:
5543  tor_assert(conn->magic == DIR_CONNECTION_MAGIC);
5544  break;
5545  case CONN_TYPE_CONTROL:
5546  tor_assert(conn->magic == CONTROL_CONNECTION_MAGIC);
5547  break;
5548  CASE_ANY_LISTENER_TYPE:
5549  tor_assert(conn->magic == LISTENER_CONNECTION_MAGIC);
5550  break;
5551  default:
5552  tor_assert(conn->magic == BASE_CONNECTION_MAGIC);
5553  break;
5554  }
5555 
5556  if (conn->linked_conn) {
5557  tor_assert(conn->linked_conn->linked_conn == conn);
5558  tor_assert(conn->linked);
5559  }
5560  if (conn->linked)
5561  tor_assert(!SOCKET_OK(conn->s));
5562 
5563  if (conn->hold_open_until_flushed)
5565 
5566  /* XXXX check: read_blocked_on_bw, write_blocked_on_bw, s, conn_array_index,
5567  * marked_for_close. */
5568 
5569  /* buffers */
5570  if (conn->inbuf)
5571  buf_assert_ok(conn->inbuf);
5572  if (conn->outbuf)
5573  buf_assert_ok(conn->outbuf);
5574 
5575  if (conn->type == CONN_TYPE_OR) {
5576  or_connection_t *or_conn = TO_OR_CONN(conn);
5577  if (conn->state == OR_CONN_STATE_OPEN) {
5578  /* tor_assert(conn->bandwidth > 0); */
5579  /* the above isn't necessarily true: if we just did a TLS
5580  * handshake but we didn't recognize the other peer, or it
5581  * gave a bad cert/etc, then we won't have assigned bandwidth,
5582  * yet it will be open. -RD
5583  */
5584 // tor_assert(conn->read_bucket >= 0);
5585  }
5586 // tor_assert(conn->addr && conn->port);
5587  tor_assert(conn->address);
5589  tor_assert(or_conn->tls);
5590  }
5591 
5592  if (CONN_IS_EDGE(conn)) {
5593  /* XXX unchecked: package window, deliver window. */
5594  if (conn->type == CONN_TYPE_AP) {
5595  entry_connection_t *entry_conn = TO_ENTRY_CONN(conn);
5596  if (entry_conn->chosen_exit_optional || entry_conn->chosen_exit_retries)
5597  tor_assert(entry_conn->chosen_exit_name);
5598 
5599  tor_assert(entry_conn->socks_request);
5600  if (conn->state == AP_CONN_STATE_OPEN) {
5601  tor_assert(entry_conn->socks_request->has_finished);
5602  if (!conn->marked_for_close) {
5603  tor_assert(ENTRY_TO_EDGE_CONN(entry_conn)->cpath_layer);
5604  cpath_assert_layer_ok(ENTRY_TO_EDGE_CONN(entry_conn)->cpath_layer);
5605  }
5606  }
5607  }
5608  if (conn->type == CONN_TYPE_EXIT) {
5610  conn->purpose == EXIT_PURPOSE_RESOLVE);
5611  }
5612  } else if (conn->type == CONN_TYPE_DIR) {
5613  } else {
5614  /* Purpose is only used for dir and exit types currently */
5615  tor_assert(!conn->purpose);
5616  }
5617 
5618  switch (conn->type)
5619  {
5620  CASE_ANY_LISTENER_TYPE:
5622  break;
5623  case CONN_TYPE_OR:
5624  tor_assert(conn->state >= OR_CONN_STATE_MIN_);
5625  tor_assert(conn->state <= OR_CONN_STATE_MAX_);
5626  break;
5627  case CONN_TYPE_EXT_OR:
5629  tor_assert(conn->state <= EXT_OR_CONN_STATE_MAX_);
5630  break;
5631  case CONN_TYPE_EXIT:
5632  tor_assert(conn->state >= EXIT_CONN_STATE_MIN_);
5633  tor_assert(conn->state <= EXIT_CONN_STATE_MAX_);
5634  tor_assert(conn->purpose >= EXIT_PURPOSE_MIN_);
5635  tor_assert(conn->purpose <= EXIT_PURPOSE_MAX_);
5636  break;
5637  case CONN_TYPE_AP:
5638  tor_assert(conn->state >= AP_CONN_STATE_MIN_);
5639  tor_assert(conn->state <= AP_CONN_STATE_MAX_);
5640  tor_assert(TO_ENTRY_CONN(conn)->socks_request);
5641  break;
5642  case CONN_TYPE_DIR:
5643  tor_assert(conn->state >= DIR_CONN_STATE_MIN_);
5644  tor_assert(conn->state <= DIR_CONN_STATE_MAX_);
5645  tor_assert(conn->purpose >= DIR_PURPOSE_MIN_);
5646  tor_assert(conn->purpose <= DIR_PURPOSE_MAX_);
5647  break;
5648  case CONN_TYPE_CONTROL:
5649  tor_assert(conn->state >= CONTROL_CONN_STATE_MIN_);
5650  tor_assert(conn->state <= CONTROL_CONN_STATE_MAX_);
5651  break;
5652  default:
5653  tor_assert(0);
5654  }
5655 }
5656 
5657 /** Fills <b>addr</b> and <b>port</b> with the details of the global
5658  * proxy server we are using. Store a 1 to the int pointed to by
5659  * <b>is_put_out</b> if the connection is using a pluggable
5660  * transport; store 0 otherwise. <b>conn</b> contains the connection
5661  * we are using the proxy for.
5662  *
5663  * Return 0 on success, -1 on failure.
5664  */
5665 int
5666 get_proxy_addrport(tor_addr_t *addr, uint16_t *port, int *proxy_type,
5667  int *is_pt_out, const connection_t *conn)
5668 {
5669  const or_options_t *options = get_options();
5670 
5671  *is_pt_out = 0;
5672  /* Client Transport Plugins can use another proxy, but that should be hidden
5673  * from the rest of tor (as the plugin is responsible for dealing with the
5674  * proxy), check it first, then check the rest of the proxy types to allow
5675  * the config to have unused ClientTransportPlugin entries.
5676  */
5677  if (options->ClientTransportPlugin) {
5678  const transport_t *transport = NULL;
5679  int r;
5680  r = get_transport_by_bridge_addrport(&conn->addr, conn->port, &transport);
5681  if (r<0)
5682  return -1;
5683  if (transport) { /* transport found */
5684  tor_addr_copy(addr, &transport->addr);
5685  *port = transport->port;
5686  *proxy_type = transport->socks_version;
5687  *is_pt_out = 1;
5688  return 0;
5689  }
5690 
5691  /* Unused ClientTransportPlugin. */
5692  }
5693 
5694  if (options->HTTPSProxy) {
5695  tor_addr_copy(addr, &options->HTTPSProxyAddr);
5696  *port = options->HTTPSProxyPort;
5697  *proxy_type = PROXY_CONNECT;
5698  return 0;
5699  } else if (options->Socks4Proxy) {
5700  tor_addr_copy(addr, &options->Socks4ProxyAddr);
5701  *port = options->Socks4ProxyPort;
5702  *proxy_type = PROXY_SOCKS4;
5703  return 0;
5704  } else if (options->Socks5Proxy) {
5705  tor_addr_copy(addr, &options->Socks5ProxyAddr);
5706  *port = options->Socks5ProxyPort;
5707  *proxy_type = PROXY_SOCKS5;
5708  return 0;
5709  } else if (options->TCPProxy) {
5710  tor_addr_copy(addr, &options->TCPProxyAddr);
5711  *port = options->TCPProxyPort;
5712  /* The only supported protocol in TCPProxy is haproxy. */
5714  *proxy_type = PROXY_HAPROXY;
5715  return 0;
5716  }
5717 
5718  tor_addr_make_unspec(addr);
5719  *port = 0;
5720  *proxy_type = PROXY_NONE;
5721  return 0;
5722 }
5723 
5724 /** Log a failed connection to a proxy server.
5725  * <b>conn</b> is the connection we use the proxy server for. */
5726 void
5728 {
5729  tor_addr_t proxy_addr;
5730  uint16_t proxy_port;
5731  int proxy_type, is_pt;
5732 
5733  if (get_proxy_addrport(&proxy_addr, &proxy_port, &proxy_type, &is_pt,
5734  conn) != 0)
5735  return; /* if we have no proxy set up, leave this function. */
5736 
5737  (void)is_pt;
5738  log_warn(LD_NET,
5739  "The connection to the %s proxy server at %s just failed. "
5740  "Make sure that the proxy server is up and running.",
5741  proxy_type_to_string(proxy_type),
5742  fmt_addrport(&proxy_addr, proxy_port));
5743 }
5744 
5745 /** Return string representation of <b>proxy_type</b>. */
5746 static const char *
5747 proxy_type_to_string(int proxy_type)
5748 {
5749  switch (proxy_type) {
5750  case PROXY_CONNECT: return "HTTP";
5751  case PROXY_SOCKS4: return "SOCKS4";
5752  case PROXY_SOCKS5: return "SOCKS5";
5753  case PROXY_HAPROXY: return "HAPROXY";
5754  case PROXY_PLUGGABLE: return "pluggable transports SOCKS";
5755  case PROXY_NONE: return "NULL";
5756  default: tor_assert(0);
5757  }
5758  return NULL; /*Unreached*/
5759 }
5760 
5761 /** Call connection_free_minimal() on every connection in our array, and
5762  * release all storage held by connection.c.
5763  *
5764  * Don't do the checks in connection_free(), because they will
5765  * fail.
5766  */
5767 void
5769 {
5770  smartlist_t *conns = get_connection_array();
5771 
5772  /* We don't want to log any messages to controllers. */
5773  SMARTLIST_FOREACH(conns, connection_t *, conn,
5774  if (conn->type == CONN_TYPE_CONTROL)
5775  TO_CONTROL_CONN(conn)->event_mask = 0);
5776 
5778 
5779  /* Unlink everything from the identity map. */
5782 
5783  /* Clear out our list of broken connections */
5785 
5786  SMARTLIST_FOREACH(conns, connection_t *, conn,
5787  connection_free_minimal(conn));
5788 
5789  if (outgoing_addrs) {
5791  smartlist_free(outgoing_addrs);
5792  outgoing_addrs = NULL;
5793  }
5794 
5796  tor_free(last_interface_ipv6);
5798 
5799  mainloop_event_free(reenable_blocked_connections_ev);
5801  memset(&reenable_blocked_connections_delay, 0, sizeof(struct timeval));
5802 }
5803 
5804 /** Log a warning, and possibly emit a control event, that <b>received</b> came
5805  * at a skewed time. <b>trusted</b> indicates that the <b>source</b> was one
5806  * that we had more faith in and therefore the warning level should have higher
5807  * severity.
5808  */
5809 MOCK_IMPL(void,
5810 clock_skew_warning, (const connection_t *conn, long apparent_skew, int trusted,
5811  log_domain_mask_t domain, const char *received,
5812  const char *source))
5813 {
5814  char dbuf[64];
5815  char *ext_source = NULL, *warn = NULL;
5816  format_time_interval(dbuf, sizeof(dbuf), apparent_skew);
5817  if (conn)
5818  tor_asprintf(&ext_source, "%s:%s:%d", source, conn->address, conn->port);
5819  else
5820  ext_source = tor_strdup(source);
5821  log_fn(trusted ? LOG_WARN : LOG_INFO, domain,
5822  "Received %s with skewed time (%s): "
5823  "It seems that our clock is %s by %s, or that theirs is %s%s. "
5824  "Tor requires an accurate clock to work: please check your time, "
5825  "timezone, and date settings.", received, ext_source,
5826  apparent_skew > 0 ? "ahead" : "behind", dbuf,
5827  apparent_skew > 0 ? "behind" : "ahead",
5828  (!conn || trusted) ? "" : ", or they are sending us the wrong time");
5829  if (trusted) {
5830  control_event_general_status(LOG_WARN, "CLOCK_SKEW SKEW=%ld SOURCE=%s",
5831  apparent_skew, ext_source);
5832  tor_asprintf(&warn, "Clock skew %ld in %s from %s", apparent_skew,
5833  received, source);
5834  control_event_bootstrap_problem(warn, "CLOCK_SKEW", conn, 1);
5835  }
5836  tor_free(warn);
5837  tor_free(ext_source);
5838 }
connection_reached_eof
static int connection_reached_eof(connection_t *conn)
Definition: connection.c:5189
log_fn
#define log_fn(severity, domain, args,...)
Definition: log.h:287
connection_or_client_used
time_t connection_or_client_used(or_connection_t *conn)
Definition: connection_or.c:2034
get_interface_address6
int get_interface_address6(int severity, sa_family_t family, tor_addr_t *addr)
Definition: address.c:1723
DIR_CONN_STATE_SERVER_WRITING
#define DIR_CONN_STATE_SERVER_WRITING
Definition: directory.h:30
control_event_bootstrap_problem
void control_event_bootstrap_problem(const char *warn, const char *reason, const connection_t *conn, int dowarn)
Definition: control_bootstrap.c:268
outgoing_addrs
static smartlist_t * outgoing_addrs
Definition: connection.c:208
nodelist_probably_contains_address
int nodelist_probably_contains_address(const tor_addr_t *addr)
Definition: nodelist.c:489
DOWNCAST
#define DOWNCAST(to, ptr)
Definition: or.h:109
socks_policy_permits_address
int socks_policy_permits_address(const tor_addr_t *addr)
Definition: policies.c:1058
or_connection_t::bucket
token_bucket_rw_t bucket
Definition: or_connection_st.h:98
EXIT_PURPOSE_RESOLVE
#define EXIT_PURPOSE_RESOLVE
Definition: connection_edge.h:67
routermode.h
Header file for routermode.c.
CONST_TO_OR_CONN
const or_connection_t * CONST_TO_OR_CONN(const connection_t *c)
Definition: connection_or.c:120
connection_or_remove_from_ext_or_id_map
void connection_or_remove_from_ext_or_id_map(or_connection_t *conn)
Definition: ext_orport.c:667
tor_free
#define tor_free(p)
Definition: malloc.h:52
buf_slack
size_t buf_slack(const buf_t *buf)
Definition: buffers.c:414
connection_edge.h
Header file for connection_edge.c.
conn