tor  0.4.0.1-alpha
connection.c
Go to the documentation of this file.
1 /* Copyright (c) 2001 Matej Pfajfar.
2  * Copyright (c) 2001-2004, Roger Dingledine.
3  * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson.
4  * Copyright (c) 2007-2019, The Tor Project, Inc. */
5 /* See LICENSE for licensing information */
6 
57 #define CONNECTION_PRIVATE
58 #include "core/or/or.h"
59 #include "feature/client/bridges.h"
60 #include "lib/buf/buffers.h"
61 #include "lib/tls/buffers_tls.h"
62 #include "lib/err/backtrace.h"
63 
64 /*
65  * Define this so we get channel internal functions, since we're implementing
66  * part of a subclass (channel_tls_t).
67  */
68 #define TOR_CHANNEL_INTERNAL_
69 #define CONNECTION_PRIVATE
70 #include "app/config/config.h"
72 #include "core/mainloop/mainloop.h"
73 #include "core/mainloop/netstatus.h"
74 #include "core/or/channel.h"
75 #include "core/or/channeltls.h"
76 #include "core/or/circuitbuild.h"
77 #include "core/or/circuitlist.h"
78 #include "core/or/circuituse.h"
80 #include "core/or/connection_or.h"
81 #include "core/or/dos.h"
82 #include "core/or/policies.h"
83 #include "core/or/reasons.h"
84 #include "core/or/relay.h"
85 #include "core/proto/proto_http.h"
86 #include "core/proto/proto_socks.h"
87 #include "feature/client/dnsserv.h"
95 #include "feature/hs/hs_common.h"
96 #include "feature/hs/hs_ident.h"
99 #include "feature/relay/dns.h"
100 #include "feature/relay/ext_orport.h"
102 #include "feature/rend/rendclient.h"
103 #include "feature/rend/rendcommon.h"
104 #include "feature/stats/rephist.h"
106 #include "lib/geoip/geoip.h"
107 
108 #include "lib/sandbox/sandbox.h"
109 #include "lib/net/buffers_net.h"
110 #include "lib/tls/tortls.h"
112 #include "lib/compress/compress.h"
113 
114 #ifdef HAVE_PWD_H
115 #include <pwd.h>
116 #endif
117 
118 #ifdef HAVE_UNISTD_H
119 #include <unistd.h>
120 #endif
121 #ifdef HAVE_SYS_STAT_H
122 #include <sys/stat.h>
123 #endif
124 
125 #ifdef HAVE_SYS_UN_H
126 #include <sys/socket.h>
127 #include <sys/un.h>
128 #endif
129 
130 #include "feature/dircommon/dir_connection_st.h"
131 #include "feature/control/control_connection_st.h"
132 #include "core/or/entry_connection_st.h"
133 #include "core/or/listener_connection_st.h"
134 #include "core/or/or_connection_st.h"
135 #include "core/or/port_cfg_st.h"
136 #include "feature/nodelist/routerinfo_st.h"
137 #include "core/or/socks_request_st.h"
138 
156 #define ENABLE_LISTENER_REBIND
157 
159  const struct sockaddr *listensockaddr,
160  socklen_t listensocklen, int type,
161  const char *address,
162  const port_cfg_t *portcfg,
163  int *addr_in_use);
165  const port_cfg_t *port,
166  int *defer, int *addr_in_use);
167 static void connection_init(time_t now, connection_t *conn, int type,
168  int socket_family);
169 static int connection_handle_listener_read(connection_t *conn, int new_type);
171 static int connection_flushed_some(connection_t *conn);
173 static int connection_reached_eof(connection_t *conn);
175  ssize_t *max_to_read,
176  int *socket_error);
177 static int connection_process_inbuf(connection_t *conn, int package_partial);
179 static void set_constrained_socket_buffers(tor_socket_t sock, int size);
180 
181 static const char *connection_proxy_state_to_string(int state);
184 static const char *proxy_type_to_string(int proxy_type);
185 static int get_proxy_type(void);
187  const or_options_t *options, unsigned int conn_type);
188 static void reenable_blocked_connection_init(const or_options_t *options);
189 static void reenable_blocked_connection_schedule(void);
190 
197 /* DOCDOC last_interface_ipv6 */
198 static tor_addr_t *last_interface_ipv6 = NULL;
202 
203 #define CASE_ANY_LISTENER_TYPE \
204  case CONN_TYPE_OR_LISTENER: \
205  case CONN_TYPE_EXT_OR_LISTENER: \
206  case CONN_TYPE_AP_LISTENER: \
207  case CONN_TYPE_DIR_LISTENER: \
208  case CONN_TYPE_CONTROL_LISTENER: \
209  case CONN_TYPE_AP_TRANS_LISTENER: \
210  case CONN_TYPE_AP_NATD_LISTENER: \
211  case CONN_TYPE_AP_DNS_LISTENER: \
212  case CONN_TYPE_AP_HTTP_CONNECT_LISTENER
213 
214 /**************************************************************/
215 
220 {
221  tor_assert(c->magic == LISTENER_CONNECTION_MAGIC);
222  return DOWNCAST(listener_connection_t, c);
223 }
224 
225 size_t
226 connection_get_inbuf_len(connection_t *conn)
227 {
228  return conn->inbuf ? buf_datalen(conn->inbuf) : 0;
229 }
230 
231 size_t
232 connection_get_outbuf_len(connection_t *conn)
233 {
234  return conn->outbuf ? buf_datalen(conn->outbuf) : 0;
235 }
236 
240 const char *
242 {
243  static char buf[64];
244  switch (type) {
245  case CONN_TYPE_OR_LISTENER: return "OR listener";
246  case CONN_TYPE_OR: return "OR";
247  case CONN_TYPE_EXIT: return "Exit";
248  case CONN_TYPE_AP_LISTENER: return "Socks listener";
250  return "Transparent pf/netfilter listener";
251  case CONN_TYPE_AP_NATD_LISTENER: return "Transparent natd listener";
252  case CONN_TYPE_AP_DNS_LISTENER: return "DNS listener";
253  case CONN_TYPE_AP: return "Socks";
254  case CONN_TYPE_DIR_LISTENER: return "Directory listener";
255  case CONN_TYPE_DIR: return "Directory";
256  case CONN_TYPE_CONTROL_LISTENER: return "Control listener";
257  case CONN_TYPE_CONTROL: return "Control";
258  case CONN_TYPE_EXT_OR: return "Extended OR";
259  case CONN_TYPE_EXT_OR_LISTENER: return "Extended OR listener";
260  case CONN_TYPE_AP_HTTP_CONNECT_LISTENER: return "HTTP tunnel listener";
261  default:
262  log_warn(LD_BUG, "unknown connection type %d", type);
263  tor_snprintf(buf, sizeof(buf), "unknown [%d]", type);
264  return buf;
265  }
266 }
267 
272 const char *
273 conn_state_to_string(int type, int state)
274 {
275  static char buf[96];
276  switch (type) {
277  CASE_ANY_LISTENER_TYPE:
278  if (state == LISTENER_STATE_READY)
279  return "ready";
280  break;
281  case CONN_TYPE_OR:
282  switch (state) {
283  case OR_CONN_STATE_CONNECTING: return "connect()ing";
284  case OR_CONN_STATE_PROXY_HANDSHAKING: return "handshaking (proxy)";
285  case OR_CONN_STATE_TLS_HANDSHAKING: return "handshaking (TLS)";
287  return "renegotiating (TLS, v2 handshake)";
289  return "waiting for renegotiation or V3 handshake";
291  return "handshaking (Tor, v2 handshake)";
293  return "handshaking (Tor, v3 handshake)";
294  case OR_CONN_STATE_OPEN: return "open";
295  }
296  break;
297  case CONN_TYPE_EXT_OR:
298  switch (state) {
299  case EXT_OR_CONN_STATE_AUTH_WAIT_AUTH_TYPE:
300  return "waiting for authentication type";
301  case EXT_OR_CONN_STATE_AUTH_WAIT_CLIENT_NONCE:
302  return "waiting for client nonce";
303  case EXT_OR_CONN_STATE_AUTH_WAIT_CLIENT_HASH:
304  return "waiting for client hash";
305  case EXT_OR_CONN_STATE_OPEN: return "open";
306  case EXT_OR_CONN_STATE_FLUSHING: return "flushing final OKAY";
307  }
308  break;
309  case CONN_TYPE_EXIT:
310  switch (state) {
311  case EXIT_CONN_STATE_RESOLVING: return "waiting for dest info";
312  case EXIT_CONN_STATE_CONNECTING: return "connecting";
313  case EXIT_CONN_STATE_OPEN: return "open";
314  case EXIT_CONN_STATE_RESOLVEFAILED: return "resolve failed";
315  }
316  break;
317  case CONN_TYPE_AP:
318  switch (state) {
319  case AP_CONN_STATE_SOCKS_WAIT: return "waiting for socks info";
320  case AP_CONN_STATE_NATD_WAIT: return "waiting for natd dest info";
321  case AP_CONN_STATE_RENDDESC_WAIT: return "waiting for rendezvous desc";
322  case AP_CONN_STATE_CONTROLLER_WAIT: return "waiting for controller";
323  case AP_CONN_STATE_CIRCUIT_WAIT: return "waiting for circuit";
324  case AP_CONN_STATE_CONNECT_WAIT: return "waiting for connect response";
325  case AP_CONN_STATE_RESOLVE_WAIT: return "waiting for resolve response";
326  case AP_CONN_STATE_OPEN: return "open";
327  }
328  break;
329  case CONN_TYPE_DIR:
330  switch (state) {
331  case DIR_CONN_STATE_CONNECTING: return "connecting";
332  case DIR_CONN_STATE_CLIENT_SENDING: return "client sending";
333  case DIR_CONN_STATE_CLIENT_READING: return "client reading";
334  case DIR_CONN_STATE_CLIENT_FINISHED: return "client finished";
335  case DIR_CONN_STATE_SERVER_COMMAND_WAIT: return "waiting for command";
336  case DIR_CONN_STATE_SERVER_WRITING: return "writing";
337  }
338  break;
339  case CONN_TYPE_CONTROL:
340  switch (state) {
341  case CONTROL_CONN_STATE_OPEN: return "open (protocol v1)";
343  return "waiting for authentication (protocol v1)";
344  }
345  break;
346  }
347 
348  log_warn(LD_BUG, "unknown connection state %d (type %d)", state, type);
349  tor_snprintf(buf, sizeof(buf),
350  "unknown state [%d] on unknown [%s] connection",
351  state, conn_type_to_string(type));
352  return buf;
353 }
354 
358 dir_connection_new(int socket_family)
359 {
360  dir_connection_t *dir_conn = tor_malloc_zero(sizeof(dir_connection_t));
361  connection_init(time(NULL), TO_CONN(dir_conn), CONN_TYPE_DIR, socket_family);
362  return dir_conn;
363 }
364 
373 or_connection_new(int type, int socket_family)
374 {
375  or_connection_t *or_conn = tor_malloc_zero(sizeof(or_connection_t));
376  time_t now = time(NULL);
377  tor_assert(type == CONN_TYPE_OR || type == CONN_TYPE_EXT_OR);
378  connection_init(now, TO_CONN(or_conn), type, socket_family);
379 
380  connection_or_set_canonical(or_conn, 0);
381 
382  if (type == CONN_TYPE_EXT_OR)
384 
385  return or_conn;
386 }
387 
394 entry_connection_new(int type, int socket_family)
395 {
396  entry_connection_t *entry_conn = tor_malloc_zero(sizeof(entry_connection_t));
397  tor_assert(type == CONN_TYPE_AP);
398  connection_init(time(NULL), ENTRY_TO_CONN(entry_conn), type, socket_family);
399  entry_conn->socks_request = socks_request_new();
400  /* If this is coming from a listener, we'll set it up based on the listener
401  * in a little while. Otherwise, we're doing this as a linked connection
402  * of some kind, and we should set it up here based on the socket family */
403  if (socket_family == AF_INET)
404  entry_conn->entry_cfg.ipv4_traffic = 1;
405  else if (socket_family == AF_INET6)
406  entry_conn->entry_cfg.ipv6_traffic = 1;
407  return entry_conn;
408 }
409 
413 edge_connection_new(int type, int socket_family)
414 {
415  edge_connection_t *edge_conn = tor_malloc_zero(sizeof(edge_connection_t));
416  tor_assert(type == CONN_TYPE_EXIT);
417  connection_init(time(NULL), TO_CONN(edge_conn), type, socket_family);
418  return edge_conn;
419 }
420 
424 control_connection_new(int socket_family)
425 {
426  control_connection_t *control_conn =
427  tor_malloc_zero(sizeof(control_connection_t));
428  connection_init(time(NULL),
429  TO_CONN(control_conn), CONN_TYPE_CONTROL, socket_family);
430  return control_conn;
431 }
432 
436 listener_connection_new(int type, int socket_family)
437 {
438  listener_connection_t *listener_conn =
439  tor_malloc_zero(sizeof(listener_connection_t));
440  connection_init(time(NULL), TO_CONN(listener_conn), type, socket_family);
441  return listener_conn;
442 }
443 
447 connection_t *
448 connection_new(int type, int socket_family)
449 {
450  switch (type) {
451  case CONN_TYPE_OR:
452  case CONN_TYPE_EXT_OR:
453  return TO_CONN(or_connection_new(type, socket_family));
454 
455  case CONN_TYPE_EXIT:
456  return TO_CONN(edge_connection_new(type, socket_family));
457 
458  case CONN_TYPE_AP:
459  return ENTRY_TO_CONN(entry_connection_new(type, socket_family));
460 
461  case CONN_TYPE_DIR:
462  return TO_CONN(dir_connection_new(socket_family));
463 
464  case CONN_TYPE_CONTROL:
465  return TO_CONN(control_connection_new(socket_family));
466 
467  CASE_ANY_LISTENER_TYPE:
468  return TO_CONN(listener_connection_new(type, socket_family));
469 
470  default: {
471  connection_t *conn = tor_malloc_zero(sizeof(connection_t));
472  connection_init(time(NULL), conn, type, socket_family);
473  return conn;
474  }
475  }
476 }
477 
488 static void
489 connection_init(time_t now, connection_t *conn, int type, int socket_family)
490 {
491  static uint64_t n_connections_allocated = 1;
492 
493  switch (type) {
494  case CONN_TYPE_OR:
495  case CONN_TYPE_EXT_OR:
496  conn->magic = OR_CONNECTION_MAGIC;
497  break;
498  case CONN_TYPE_EXIT:
499  conn->magic = EDGE_CONNECTION_MAGIC;
500  break;
501  case CONN_TYPE_AP:
502  conn->magic = ENTRY_CONNECTION_MAGIC;
503  break;
504  case CONN_TYPE_DIR:
505  conn->magic = DIR_CONNECTION_MAGIC;
506  break;
507  case CONN_TYPE_CONTROL:
508  conn->magic = CONTROL_CONNECTION_MAGIC;
509  break;
510  CASE_ANY_LISTENER_TYPE:
511  conn->magic = LISTENER_CONNECTION_MAGIC;
512  break;
513  default:
514  conn->magic = BASE_CONNECTION_MAGIC;
515  break;
516  }
517 
518  conn->s = TOR_INVALID_SOCKET; /* give it a default of 'not used' */
519  conn->conn_array_index = -1; /* also default to 'not used' */
520  conn->global_identifier = n_connections_allocated++;
521 
522  conn->type = type;
523  conn->socket_family = socket_family;
524  if (!connection_is_listener(conn)) {
525  /* listeners never use their buf */
526  conn->inbuf = buf_new();
527  conn->outbuf = buf_new();
528  }
529 
530  conn->timestamp_created = now;
531  conn->timestamp_last_read_allowed = now;
532  conn->timestamp_last_write_allowed = now;
533 }
534 
536 void
538 {
539  tor_assert(! SOCKET_OK(conn_a->s));
540  tor_assert(! SOCKET_OK(conn_b->s));
541 
542  conn_a->linked = 1;
543  conn_b->linked = 1;
544  conn_a->linked_conn = conn_b;
545  conn_b->linked_conn = conn_a;
546 }
547 
550 int
552 {
553  /* For now only control ports or SOCKS ports can be Unix domain sockets
554  * and listeners at the same time */
555  switch (type) {
558  return 1;
559  default:
560  return 0;
561  }
562 }
563 
568 STATIC void
570 {
571  void *mem;
572  size_t memlen;
573  if (!conn)
574  return;
575 
576  switch (conn->type) {
577  case CONN_TYPE_OR:
578  case CONN_TYPE_EXT_OR:
579  tor_assert(conn->magic == OR_CONNECTION_MAGIC);
580  mem = TO_OR_CONN(conn);
581  memlen = sizeof(or_connection_t);
582  break;
583  case CONN_TYPE_AP:
584  tor_assert(conn->magic == ENTRY_CONNECTION_MAGIC);
585  mem = TO_ENTRY_CONN(conn);
586  memlen = sizeof(entry_connection_t);
587  break;
588  case CONN_TYPE_EXIT:
589  tor_assert(conn->magic == EDGE_CONNECTION_MAGIC);
590  mem = TO_EDGE_CONN(conn);
591  memlen = sizeof(edge_connection_t);
592  break;
593  case CONN_TYPE_DIR:
594  tor_assert(conn->magic == DIR_CONNECTION_MAGIC);
595  mem = TO_DIR_CONN(conn);
596  memlen = sizeof(dir_connection_t);
597  break;
598  case CONN_TYPE_CONTROL:
599  tor_assert(conn->magic == CONTROL_CONNECTION_MAGIC);
600  mem = TO_CONTROL_CONN(conn);
601  memlen = sizeof(control_connection_t);
602  break;
603  CASE_ANY_LISTENER_TYPE:
604  tor_assert(conn->magic == LISTENER_CONNECTION_MAGIC);
605  mem = TO_LISTENER_CONN(conn);
606  memlen = sizeof(listener_connection_t);
607  break;
608  default:
609  tor_assert(conn->magic == BASE_CONNECTION_MAGIC);
610  mem = conn;
611  memlen = sizeof(connection_t);
612  break;
613  }
614 
615  if (conn->linked) {
616  log_info(LD_GENERAL, "Freeing linked %s connection [%s] with %d "
617  "bytes on inbuf, %d on outbuf.",
618  conn_type_to_string(conn->type),
619  conn_state_to_string(conn->type, conn->state),
620  (int)connection_get_inbuf_len(conn),
621  (int)connection_get_outbuf_len(conn));
622  }
623 
624  if (!connection_is_listener(conn)) {
625  buf_free(conn->inbuf);
626  buf_free(conn->outbuf);
627  } else {
628  if (conn->socket_family == AF_UNIX) {
629  /* For now only control and SOCKS ports can be Unix domain sockets
630  * and listeners at the same time */
632 
633  if (unlink(conn->address) < 0 && errno != ENOENT) {
634  log_warn(LD_NET, "Could not unlink %s: %s", conn->address,
635  strerror(errno));
636  }
637  }
638  }
639 
640  tor_free(conn->address);
641 
642  if (connection_speaks_cells(conn)) {
643  or_connection_t *or_conn = TO_OR_CONN(conn);
644  if (or_conn->tls) {
645  if (! SOCKET_OK(conn->s)) {
646  /* The socket has been closed by somebody else; we must tell the
647  * TLS object not to close it. */
648  tor_tls_release_socket(or_conn->tls);
649  } else {
650  /* The tor_tls_free() call below will close the socket; we must tell
651  * the code below not to close it a second time. */
653  conn->s = TOR_INVALID_SOCKET;
654  }
655  tor_tls_free(or_conn->tls);
656  or_conn->tls = NULL;
657  }
658  or_handshake_state_free(or_conn->handshake_state);
659  or_conn->handshake_state = NULL;
660  tor_free(or_conn->nickname);
661  if (or_conn->chan) {
662  /* Owww, this shouldn't happen, but... */
663  channel_t *base_chan = TLS_CHAN_TO_BASE(or_conn->chan);
664  tor_assert(base_chan);
665  log_info(LD_CHANNEL,
666  "Freeing orconn at %p, saw channel %p with ID "
667  "%"PRIu64 " left un-NULLed",
668  or_conn, base_chan,
669  base_chan->global_identifier);
670  if (!CHANNEL_FINISHED(base_chan)) {
671  channel_close_for_error(base_chan);
672  }
673 
674  or_conn->chan->conn = NULL;
675  or_conn->chan = NULL;
676  }
677  }
678  if (conn->type == CONN_TYPE_AP) {
679  entry_connection_t *entry_conn = TO_ENTRY_CONN(conn);
680  tor_free(entry_conn->chosen_exit_name);
681  tor_free(entry_conn->original_dest_address);
682  if (entry_conn->socks_request)
683  socks_request_free(entry_conn->socks_request);
684  if (entry_conn->pending_optimistic_data) {
685  buf_free(entry_conn->pending_optimistic_data);
686  }
687  if (entry_conn->sending_optimistic_data) {
688  buf_free(entry_conn->sending_optimistic_data);
689  }
690  }
691  if (CONN_IS_EDGE(conn)) {
692  rend_data_free(TO_EDGE_CONN(conn)->rend_data);
693  hs_ident_edge_conn_free(TO_EDGE_CONN(conn)->hs_ident);
694  }
695  if (conn->type == CONN_TYPE_CONTROL) {
696  control_connection_t *control_conn = TO_CONTROL_CONN(conn);
697  tor_free(control_conn->safecookie_client_hash);
698  tor_free(control_conn->incoming_cmd);
699  if (control_conn->ephemeral_onion_services) {
700  SMARTLIST_FOREACH(control_conn->ephemeral_onion_services, char *, cp, {
701  memwipe(cp, 0, strlen(cp));
702  tor_free(cp);
703  });
704  smartlist_free(control_conn->ephemeral_onion_services);
705  }
706  }
707 
708  /* Probably already freed by connection_free. */
709  tor_event_free(conn->read_event);
710  tor_event_free(conn->write_event);
711  conn->read_event = conn->write_event = NULL;
712 
713  if (conn->type == CONN_TYPE_DIR) {
714  dir_connection_t *dir_conn = TO_DIR_CONN(conn);
715  tor_free(dir_conn->requested_resource);
716 
717  tor_compress_free(dir_conn->compress_state);
718  if (dir_conn->spool) {
719  SMARTLIST_FOREACH(dir_conn->spool, spooled_resource_t *, spooled,
720  spooled_resource_free(spooled));
721  smartlist_free(dir_conn->spool);
722  }
723 
724  rend_data_free(dir_conn->rend_data);
725  hs_ident_dir_conn_free(dir_conn->hs_ident);
726  if (dir_conn->guard_state) {
727  /* Cancel before freeing, if it's still there. */
728  entry_guard_cancel(&dir_conn->guard_state);
729  }
730  circuit_guard_state_free(dir_conn->guard_state);
731  }
732 
733  if (SOCKET_OK(conn->s)) {
734  log_debug(LD_NET,"closing fd %d.",(int)conn->s);
735  tor_close_socket(conn->s);
736  conn->s = TOR_INVALID_SOCKET;
737  }
738 
739  if (conn->type == CONN_TYPE_OR &&
740  !tor_digest_is_zero(TO_OR_CONN(conn)->identity_digest)) {
741  log_warn(LD_BUG, "called on OR conn with non-zeroed identity_digest");
743  }
744  if (conn->type == CONN_TYPE_OR || conn->type == CONN_TYPE_EXT_OR) {
746  tor_free(TO_OR_CONN(conn)->ext_or_conn_id);
747  tor_free(TO_OR_CONN(conn)->ext_or_auth_correct_client_hash);
748  tor_free(TO_OR_CONN(conn)->ext_or_transport);
749  }
750 
751  memwipe(mem, 0xCC, memlen); /* poison memory */
752  tor_free(mem);
753 }
754 
758 connection_free_,(connection_t *conn))
759 {
760  if (!conn)
761  return;
764  if (BUG(conn->linked_conn)) {
765  conn->linked_conn->linked_conn = NULL;
766  if (! conn->linked_conn->marked_for_close &&
768  connection_start_reading(conn->linked_conn);
769  conn->linked_conn = NULL;
770  }
771  if (connection_speaks_cells(conn)) {
772  if (!tor_digest_is_zero(TO_OR_CONN(conn)->identity_digest)) {
774  }
775  }
776  if (conn->type == CONN_TYPE_CONTROL) {
778  }
779 #if 1
780  /* DEBUGGING */
781  if (conn->type == CONN_TYPE_AP) {
782  connection_ap_warn_and_unmark_if_pending_circ(TO_ENTRY_CONN(conn),
783  "connection_free");
784  }
785 #endif /* 1 */
786 
787  /* Notify the circuit creation DoS mitigation subsystem that an OR client
788  * connection has been closed. And only do that if we track it. */
789  if (conn->type == CONN_TYPE_OR) {
790  dos_close_client_conn(TO_OR_CONN(conn));
791  }
792 
795 }
796 
809 void
811 {
813 
814  switch (conn->type) {
815  case CONN_TYPE_DIR:
817  break;
818  case CONN_TYPE_OR:
819  case CONN_TYPE_EXT_OR:
821  break;
822  case CONN_TYPE_AP:
823  connection_ap_about_to_close(TO_ENTRY_CONN(conn));
824  break;
825  case CONN_TYPE_EXIT:
827  break;
828  }
829 }
830 
833 #define CONN_IS_CLOSED(c) \
834  ((c)->linked ? ((c)->linked_conn_is_closed) : (! SOCKET_OK(c->s)))
835 
840 void
842 {
843  assert_connection_ok(conn,0);
844  if (CONN_IS_CLOSED(conn)) {
845  log_err(LD_BUG,"Attempt to close already-closed connection.");
847  return;
848  }
849  if (conn->outbuf_flushlen) {
850  log_info(LD_NET,"fd %d, type %s, state %s, %d bytes on outbuf.",
851  (int)conn->s, conn_type_to_string(conn->type),
852  conn_state_to_string(conn->type, conn->state),
853  (int)conn->outbuf_flushlen);
854  }
855 
857 
858  /* Prevent the event from getting unblocked. */
859  conn->read_blocked_on_bw = 0;
860  conn->write_blocked_on_bw = 0;
861 
862  if (SOCKET_OK(conn->s))
863  tor_close_socket(conn->s);
864  conn->s = TOR_INVALID_SOCKET;
865  if (conn->linked)
866  conn->linked_conn_is_closed = 1;
867  if (conn->outbuf)
868  buf_clear(conn->outbuf);
869  conn->outbuf_flushlen = 0;
870 }
871 
874 void
875 connection_mark_for_close_(connection_t *conn, int line, const char *file)
876 {
877  assert_connection_ok(conn,0);
878  tor_assert(line);
879  tor_assert(line < 1<<16); /* marked_for_close can only fit a uint16_t. */
880  tor_assert(file);
881 
882  if (conn->type == CONN_TYPE_OR) {
883  /*
884  * An or_connection should have been closed through one of the channel-
885  * aware functions in connection_or.c. We'll assume this is an error
886  * close and do that, and log a bug warning.
887  */
888  log_warn(LD_CHANNEL | LD_BUG,
889  "Something tried to close an or_connection_t without going "
890  "through channels at %s:%d",
891  file, line);
892  connection_or_close_for_error(TO_OR_CONN(conn), 0);
893  } else {
894  /* Pass it down to the real function */
895  connection_mark_for_close_internal_(conn, line, file);
896  }
897 }
898 
909 connection_mark_for_close_internal_, (connection_t *conn,
910  int line, const char *file))
911 {
912  assert_connection_ok(conn,0);
913  tor_assert(line);
914  tor_assert(line < 1<<16); /* marked_for_close can only fit a uint16_t. */
915  tor_assert(file);
916 
917  if (conn->marked_for_close) {
918  log_warn(LD_BUG,"Duplicate call to connection_mark_for_close at %s:%d"
919  " (first at %s:%d)", file, line, conn->marked_for_close_file,
920  conn->marked_for_close);
922  return;
923  }
924 
925  if (conn->type == CONN_TYPE_OR) {
926  /*
927  * Bad news if this happens without telling the controlling channel; do
928  * this so we can find things that call this wrongly when the asserts hit.
929  */
930  log_debug(LD_CHANNEL,
931  "Calling connection_mark_for_close_internal_() on an OR conn "
932  "at %s:%d",
933  file, line);
934  }
935 
936  conn->marked_for_close = line;
937  conn->marked_for_close_file = file;
939 
940  /* in case we're going to be held-open-til-flushed, reset
941  * the number of seconds since last successful write, so
942  * we get our whole 15 seconds */
943  conn->timestamp_last_write_allowed = time(NULL);
944 }
945 
951 void
953 {
954  time_t now;
955  smartlist_t *conns = get_connection_array();
956 
957  now = time(NULL);
958 
959  SMARTLIST_FOREACH_BEGIN(conns, connection_t *, conn) {
960  /* If we've been holding the connection open, but we haven't written
961  * for 15 seconds...
962  */
963  if (conn->hold_open_until_flushed) {
965  if (now - conn->timestamp_last_write_allowed >= 15) {
966  int severity;
967  if (conn->type == CONN_TYPE_EXIT ||
968  (conn->type == CONN_TYPE_DIR &&
969  conn->purpose == DIR_PURPOSE_SERVER))
970  severity = LOG_INFO;
971  else
972  severity = LOG_NOTICE;
973  log_fn(severity, LD_NET,
974  "Giving up on marked_for_close conn that's been flushing "
975  "for 15s (fd %d, type %s, state %s).",
976  (int)conn->s, conn_type_to_string(conn->type),
977  conn_state_to_string(conn->type, conn->state));
978  conn->hold_open_until_flushed = 0;
979  }
980  }
981  } SMARTLIST_FOREACH_END(conn);
982 }
983 
984 #if defined(HAVE_SYS_UN_H) || defined(RUNNING_DOXYGEN)
985 
998 static struct sockaddr_un *
999 create_unix_sockaddr(const char *listenaddress, char **readable_address,
1000  socklen_t *len_out)
1001 {
1002  struct sockaddr_un *sockaddr = NULL;
1003 
1004  sockaddr = tor_malloc_zero(sizeof(struct sockaddr_un));
1005  sockaddr->sun_family = AF_UNIX;
1006  if (strlcpy(sockaddr->sun_path, listenaddress, sizeof(sockaddr->sun_path))
1007  >= sizeof(sockaddr->sun_path)) {
1008  log_warn(LD_CONFIG, "Unix socket path '%s' is too long to fit.",
1009  escaped(listenaddress));
1010  tor_free(sockaddr);
1011  return NULL;
1012  }
1013 
1014  if (readable_address)
1015  *readable_address = tor_strdup(listenaddress);
1016 
1017  *len_out = sizeof(struct sockaddr_un);
1018  return sockaddr;
1019 }
1020 #else /* !(defined(HAVE_SYS_UN_H) || defined(RUNNING_DOXYGEN)) */
1021 static struct sockaddr *
1022 create_unix_sockaddr(const char *listenaddress, char **readable_address,
1023  socklen_t *len_out)
1024 {
1025  (void)listenaddress;
1026  (void)readable_address;
1028  "Unix domain sockets not supported, yet we tried to create one.");
1029  *len_out = 0;
1031  return NULL;
1032 }
1033 #endif /* defined(HAVE_SYS_UN_H) || defined(RUNNING_DOXYGEN) */
1034 
1038 static void
1040 {
1041 #define WARN_TOO_MANY_CONNS_INTERVAL (6*60*60)
1042  static ratelim_t last_warned = RATELIM_INIT(WARN_TOO_MANY_CONNS_INTERVAL);
1043  char *m;
1044  if ((m = rate_limit_log(&last_warned, approx_time()))) {
1045  int n_conns = get_n_open_sockets();
1046  log_warn(LD_NET,"Failing because we have %d connections already. Please "
1047  "read doc/TUNING for guidance.%s", n_conns, m);
1048  tor_free(m);
1049  control_event_general_status(LOG_WARN, "TOO_MANY_CONNECTIONS CURRENT=%d",
1050  n_conns);
1051  }
1052 }
1053 
1054 #ifdef HAVE_SYS_UN_H
1055 
1056 #define UNIX_SOCKET_PURPOSE_CONTROL_SOCKET 0
1057 #define UNIX_SOCKET_PURPOSE_SOCKS_SOCKET 1
1058 
1061 static int
1062 is_valid_unix_socket_purpose(int purpose)
1063 {
1064  int valid = 0;
1065 
1066  switch (purpose) {
1067  case UNIX_SOCKET_PURPOSE_CONTROL_SOCKET:
1068  case UNIX_SOCKET_PURPOSE_SOCKS_SOCKET:
1069  valid = 1;
1070  break;
1071  }
1072 
1073  return valid;
1074 }
1075 
1077 static const char *
1078 unix_socket_purpose_to_string(int purpose)
1079 {
1080  const char *s = "unknown-purpose socket";
1081 
1082  switch (purpose) {
1083  case UNIX_SOCKET_PURPOSE_CONTROL_SOCKET:
1084  s = "control socket";
1085  break;
1086  case UNIX_SOCKET_PURPOSE_SOCKS_SOCKET:
1087  s = "SOCKS socket";
1088  break;
1089  }
1090 
1091  return s;
1092 }
1093 
1096 static int
1097 check_location_for_unix_socket(const or_options_t *options, const char *path,
1098  int purpose, const port_cfg_t *port)
1099 {
1100  int r = -1;
1101  char *p = NULL;
1102 
1103  tor_assert(is_valid_unix_socket_purpose(purpose));
1104 
1105  p = tor_strdup(path);
1106  cpd_check_t flags = CPD_CHECK_MODE_ONLY;
1107  if (get_parent_directory(p)<0 || p[0] != '/') {
1108  log_warn(LD_GENERAL, "Bad unix socket address '%s'. Tor does not support "
1109  "relative paths for unix sockets.", path);
1110  goto done;
1111  }
1112 
1113  if (port->is_world_writable) {
1114  /* World-writable sockets can go anywhere. */
1115  r = 0;
1116  goto done;
1117  }
1118 
1119  if (port->is_group_writable) {
1120  flags |= CPD_GROUP_OK;
1121  }
1122 
1123  if (port->relax_dirmode_check) {
1124  flags |= CPD_RELAX_DIRMODE_CHECK;
1125  }
1126 
1127  if (check_private_dir(p, flags, options->User) < 0) {
1128  char *escpath, *escdir;
1129  escpath = esc_for_log(path);
1130  escdir = esc_for_log(p);
1131  log_warn(LD_GENERAL, "Before Tor can create a %s in %s, the directory "
1132  "%s needs to exist, and to be accessible only by the user%s "
1133  "account that is running Tor. (On some Unix systems, anybody "
1134  "who can list a socket can connect to it, so Tor is being "
1135  "careful.)",
1136  unix_socket_purpose_to_string(purpose), escpath, escdir,
1137  port->is_group_writable ? " and group" : "");
1138  tor_free(escpath);
1139  tor_free(escdir);
1140  goto done;
1141  }
1142 
1143  r = 0;
1144  done:
1145  tor_free(p);
1146  return r;
1147 }
1148 #endif /* defined(HAVE_SYS_UN_H) */
1149 
1153 static int
1155 {
1156 #ifdef _WIN32
1157  (void) sock;
1158  return 0;
1159 #else
1160  int one=1;
1161 
1162  /* REUSEADDR on normal places means you can rebind to the port
1163  * right after somebody else has let it go. But REUSEADDR on win32
1164  * means you can bind to the port _even when somebody else
1165  * already has it bound_. So, don't do that on Win32. */
1166  if (setsockopt(sock, SOL_SOCKET, SO_REUSEADDR, (void*) &one,
1167  (socklen_t)sizeof(one)) == -1) {
1168  return -1;
1169  }
1170  return 0;
1171 #endif /* defined(_WIN32) */
1172 }
1173 
1174 #ifdef _WIN32
1175 
1177 static int
1178 make_win32_socket_exclusive(tor_socket_t sock)
1179 {
1180 #ifdef SO_EXCLUSIVEADDRUSE
1181  int one=1;
1182 
1183  /* Any socket that sets REUSEADDR on win32 can bind to a port _even when
1184  * somebody else already has it bound_, and _even if the original socket
1185  * didn't set REUSEADDR_. Use EXCLUSIVEADDRUSE to prevent this port-stealing
1186  * on win32. */
1187  if (setsockopt(sock, SOL_SOCKET, SO_EXCLUSIVEADDRUSE, (void*) &one,
1188  (socklen_t)sizeof(one))) {
1189  return -1;
1190  }
1191  return 0;
1192 #else /* !(defined(SO_EXCLUSIVEADDRUSE)) */
1193  (void) sock;
1194  return 0;
1195 #endif /* defined(SO_EXCLUSIVEADDRUSE) */
1196 }
1197 #endif /* defined(_WIN32) */
1198 
1200 static int listen_limit = INT_MAX;
1201 
1202 /* Listen on <b>fd</b> with appropriate backlog. Return as for listen. */
1203 static int
1204 tor_listen(tor_socket_t fd)
1205 {
1206  int r;
1207 
1208  if ((r = listen(fd, listen_limit)) < 0) {
1209  if (listen_limit == SOMAXCONN)
1210  return r;
1211  if ((r = listen(fd, SOMAXCONN)) == 0) {
1212  listen_limit = SOMAXCONN;
1213  log_warn(LD_NET, "Setting listen backlog to INT_MAX connections "
1214  "didn't work, but SOMAXCONN did. Lowering backlog limit.");
1215  }
1216  }
1217  return r;
1218 }
1219 
1229 static connection_t *
1230 connection_listener_new(const struct sockaddr *listensockaddr,
1231  socklen_t socklen,
1232  int type, const char *address,
1233  const port_cfg_t *port_cfg,
1234  int *addr_in_use)
1235 {
1236  listener_connection_t *lis_conn;
1237  connection_t *conn = NULL;
1238  tor_socket_t s = TOR_INVALID_SOCKET; /* the socket we're going to make */
1239  or_options_t const *options = get_options();
1240  (void) options; /* Windows doesn't use this. */
1241 #if defined(HAVE_PWD_H) && defined(HAVE_SYS_UN_H)
1242  const struct passwd *pw = NULL;
1243 #endif
1244  uint16_t usePort = 0, gotPort = 0;
1245  int start_reading = 0;
1246  static int global_next_session_group = SESSION_GROUP_FIRST_AUTO;
1247  tor_addr_t addr;
1248  int exhaustion = 0;
1249 
1250  if (addr_in_use)
1251  *addr_in_use = 0;
1252 
1253  if (listensockaddr->sa_family == AF_INET ||
1254  listensockaddr->sa_family == AF_INET6) {
1255  int is_stream = (type != CONN_TYPE_AP_DNS_LISTENER);
1256  if (is_stream)
1257  start_reading = 1;
1258 
1259  tor_addr_from_sockaddr(&addr, listensockaddr, &usePort);
1260  log_notice(LD_NET, "Opening %s on %s",
1261  conn_type_to_string(type), fmt_addrport(&addr, usePort));
1262 
1264  is_stream ? SOCK_STREAM : SOCK_DGRAM,
1265  is_stream ? IPPROTO_TCP: IPPROTO_UDP);
1266  if (!SOCKET_OK(s)) {
1267  int e = tor_socket_errno(s);
1268  if (ERRNO_IS_RESOURCE_LIMIT(e)) {
1270  /*
1271  * We'll call the OOS handler at the error exit, so set the
1272  * exhaustion flag for it.
1273  */
1274  exhaustion = 1;
1275  } else {
1276  log_warn(LD_NET, "Socket creation failed: %s",
1277  tor_socket_strerror(e));
1278  }
1279  goto err;
1280  }
1281 
1282  if (make_socket_reuseable(s) < 0) {
1283  log_warn(LD_NET, "Error setting SO_REUSEADDR flag on %s: %s",
1284  conn_type_to_string(type),
1285  tor_socket_strerror(errno));
1286  }
1287 
1288 #ifdef _WIN32
1289  if (make_win32_socket_exclusive(s) < 0) {
1290  log_warn(LD_NET, "Error setting SO_EXCLUSIVEADDRUSE flag on %s: %s",
1291  conn_type_to_string(type),
1292  tor_socket_strerror(errno));
1293  }
1294 #endif /* defined(_WIN32) */
1295 
1296 #if defined(USE_TRANSPARENT) && defined(IP_TRANSPARENT)
1297  if (options->TransProxyType_parsed == TPT_TPROXY &&
1298  type == CONN_TYPE_AP_TRANS_LISTENER) {
1299  int one = 1;
1300  if (setsockopt(s, SOL_IP, IP_TRANSPARENT, (void*)&one,
1301  (socklen_t)sizeof(one)) < 0) {
1302  const char *extra = "";
1303  int e = tor_socket_errno(s);
1304  if (e == EPERM)
1305  extra = "TransTPROXY requires root privileges or similar"
1306  " capabilities.";
1307  log_warn(LD_NET, "Error setting IP_TRANSPARENT flag: %s.%s",
1308  tor_socket_strerror(e), extra);
1309  }
1310  }
1311 #endif /* defined(USE_TRANSPARENT) && defined(IP_TRANSPARENT) */
1312 
1313 #ifdef IPV6_V6ONLY
1314  if (listensockaddr->sa_family == AF_INET6) {
1315  int one = 1;
1316  /* We need to set IPV6_V6ONLY so that this socket can't get used for
1317  * IPv4 connections. */
1318  if (setsockopt(s,IPPROTO_IPV6, IPV6_V6ONLY,
1319  (void*)&one, (socklen_t)sizeof(one)) < 0) {
1320  int e = tor_socket_errno(s);
1321  log_warn(LD_NET, "Error setting IPV6_V6ONLY flag: %s",
1322  tor_socket_strerror(e));
1323  /* Keep going; probably not harmful. */
1324  }
1325  }
1326 #endif /* defined(IPV6_V6ONLY) */
1327 
1328  if (bind(s,listensockaddr,socklen) < 0) {
1329  const char *helpfulhint = "";
1330  int e = tor_socket_errno(s);
1331  if (ERRNO_IS_EADDRINUSE(e)) {
1332  helpfulhint = ". Is Tor already running?";
1333  if (addr_in_use)
1334  *addr_in_use = 1;
1335  }
1336  log_warn(LD_NET, "Could not bind to %s:%u: %s%s", address, usePort,
1337  tor_socket_strerror(e), helpfulhint);
1338  goto err;
1339  }
1340 
1341  if (is_stream) {
1342  if (tor_listen(s) < 0) {
1343  log_warn(LD_NET, "Could not listen on %s:%u: %s", address, usePort,
1344  tor_socket_strerror(tor_socket_errno(s)));
1345  goto err;
1346  }
1347  }
1348 
1349  if (usePort != 0) {
1350  gotPort = usePort;
1351  } else {
1352  tor_addr_t addr2;
1353  struct sockaddr_storage ss;
1354  socklen_t ss_len=sizeof(ss);
1355  if (getsockname(s, (struct sockaddr*)&ss, &ss_len)<0) {
1356  log_warn(LD_NET, "getsockname() couldn't learn address for %s: %s",
1357  conn_type_to_string(type),
1358  tor_socket_strerror(tor_socket_errno(s)));
1359  gotPort = 0;
1360  }
1361  tor_addr_from_sockaddr(&addr2, (struct sockaddr*)&ss, &gotPort);
1362  }
1363 #ifdef HAVE_SYS_UN_H
1364  /*
1365  * AF_UNIX generic setup stuff
1366  */
1367  } else if (listensockaddr->sa_family == AF_UNIX) {
1368  /* We want to start reading for both AF_UNIX cases */
1369  start_reading = 1;
1370 
1372 
1373  if (check_location_for_unix_socket(options, address,
1374  (type == CONN_TYPE_CONTROL_LISTENER) ?
1375  UNIX_SOCKET_PURPOSE_CONTROL_SOCKET :
1376  UNIX_SOCKET_PURPOSE_SOCKS_SOCKET, port_cfg) < 0) {
1377  goto err;
1378  }
1379 
1380  log_notice(LD_NET, "Opening %s on %s",
1381  conn_type_to_string(type), address);
1382 
1383  tor_addr_make_unspec(&addr);
1384 
1385  if (unlink(address) < 0 && errno != ENOENT) {
1386  log_warn(LD_NET, "Could not unlink %s: %s", address,
1387  strerror(errno));
1388  goto err;
1389  }
1390 
1391  s = tor_open_socket_nonblocking(AF_UNIX, SOCK_STREAM, 0);
1392  if (! SOCKET_OK(s)) {
1393  int e = tor_socket_errno(s);
1394  if (ERRNO_IS_RESOURCE_LIMIT(e)) {
1396  /*
1397  * We'll call the OOS handler at the error exit, so set the
1398  * exhaustion flag for it.
1399  */
1400  exhaustion = 1;
1401  } else {
1402  log_warn(LD_NET,"Socket creation failed: %s.", strerror(e));
1403  }
1404  goto err;
1405  }
1406 
1407  if (bind(s, listensockaddr,
1408  (socklen_t)sizeof(struct sockaddr_un)) == -1) {
1409  log_warn(LD_NET,"Bind to %s failed: %s.", address,
1410  tor_socket_strerror(tor_socket_errno(s)));
1411  goto err;
1412  }
1413 
1414 #ifdef HAVE_PWD_H
1415  if (options->User) {
1416  pw = tor_getpwnam(options->User);
1417  struct stat st;
1418  if (pw == NULL) {
1419  log_warn(LD_NET,"Unable to chown() %s socket: user %s not found.",
1420  address, options->User);
1421  goto err;
1422  } else if (fstat(s, &st) == 0 &&
1423  st.st_uid == pw->pw_uid && st.st_gid == pw->pw_gid) {
1424  /* No change needed */
1425  } else if (chown(sandbox_intern_string(address),
1426  pw->pw_uid, pw->pw_gid) < 0) {
1427  log_warn(LD_NET,"Unable to chown() %s socket: %s.",
1428  address, strerror(errno));
1429  goto err;
1430  }
1431  }
1432 #endif /* defined(HAVE_PWD_H) */
1433 
1434  {
1435  unsigned mode;
1436  const char *status;
1437  struct stat st;
1438  if (port_cfg->is_world_writable) {
1439  mode = 0666;
1440  status = "world-writable";
1441  } else if (port_cfg->is_group_writable) {
1442  mode = 0660;
1443  status = "group-writable";
1444  } else {
1445  mode = 0600;
1446  status = "private";
1447  }
1448  /* We need to use chmod; fchmod doesn't work on sockets on all
1449  * platforms. */
1450  if (fstat(s, &st) == 0 && (st.st_mode & 0777) == mode) {
1451  /* no change needed */
1452  } else if (chmod(sandbox_intern_string(address), mode) < 0) {
1453  log_warn(LD_FS,"Unable to make %s %s.", address, status);
1454  goto err;
1455  }
1456  }
1457 
1458  if (listen(s, SOMAXCONN) < 0) {
1459  log_warn(LD_NET, "Could not listen on %s: %s", address,
1460  tor_socket_strerror(tor_socket_errno(s)));
1461  goto err;
1462  }
1463 
1464 #ifndef __APPLE__
1465  /* This code was introduced to help debug #28229. */
1466  int value;
1467  socklen_t len = sizeof(value);
1468 
1469  if (!getsockopt(s, SOL_SOCKET, SO_ACCEPTCONN, &value, &len)) {
1470  if (value == 0) {
1471  log_err(LD_NET, "Could not listen on %s - "
1472  "getsockopt(.,SO_ACCEPTCONN,.) yields 0.", address);
1473  goto err;
1474  }
1475  }
1476 #endif /* __APPLE__ */
1477 #endif /* defined(HAVE_SYS_UN_H) */
1478  } else {
1479  log_err(LD_BUG, "Got unexpected address family %d.",
1480  listensockaddr->sa_family);
1481  tor_assert(0);
1482  }
1483 
1484  lis_conn = listener_connection_new(type, listensockaddr->sa_family);
1485  conn = TO_CONN(lis_conn);
1486  conn->socket_family = listensockaddr->sa_family;
1487  conn->s = s;
1488  s = TOR_INVALID_SOCKET; /* Prevent double-close */
1489  conn->address = tor_strdup(address);
1490  conn->port = gotPort;
1491  tor_addr_copy(&conn->addr, &addr);
1492 
1493  memcpy(&lis_conn->entry_cfg, &port_cfg->entry_cfg, sizeof(entry_port_cfg_t));
1494 
1495  if (port_cfg->entry_cfg.isolation_flags) {
1496  lis_conn->entry_cfg.isolation_flags = port_cfg->entry_cfg.isolation_flags;
1497  if (port_cfg->entry_cfg.session_group >= 0) {
1498  lis_conn->entry_cfg.session_group = port_cfg->entry_cfg.session_group;
1499  } else {
1500  /* This can wrap after around INT_MAX listeners are opened. But I don't
1501  * believe that matters, since you would need to open a ridiculous
1502  * number of listeners while keeping the early ones open before you ever
1503  * hit this. An OR with a dozen ports open, for example, would have to
1504  * close and re-open its listeners every second for 4 years nonstop.
1505  */
1506  lis_conn->entry_cfg.session_group = global_next_session_group--;
1507  }
1508  }
1509 
1510  if (type != CONN_TYPE_AP_LISTENER) {
1511  lis_conn->entry_cfg.ipv4_traffic = 1;
1512  lis_conn->entry_cfg.ipv6_traffic = 1;
1513  lis_conn->entry_cfg.prefer_ipv6 = 0;
1514  }
1515 
1516  if (connection_add(conn) < 0) { /* no space, forget it */
1517  log_warn(LD_NET,"connection_add for listener failed. Giving up.");
1518  goto err;
1519  }
1520 
1521  log_fn(usePort==gotPort ? LOG_DEBUG : LOG_NOTICE, LD_NET,
1522  "%s listening on port %u.",
1523  conn_type_to_string(type), gotPort);
1524 
1525  conn->state = LISTENER_STATE_READY;
1526  if (start_reading) {
1527  connection_start_reading(conn);
1528  } else {
1531  }
1532 
1533  /*
1534  * Normal exit; call the OOS handler since connection count just changed;
1535  * the exhaustion flag will always be zero here though.
1536  */
1538 
1539  if (conn->socket_family == AF_UNIX) {
1540  log_notice(LD_NET, "Opened %s on %s",
1541  conn_type_to_string(type), conn->address);
1542  } else {
1543  log_notice(LD_NET, "Opened %s on %s",
1544  conn_type_to_string(type), fmt_addrport(&addr, usePort));
1545  }
1546  return conn;
1547 
1548  err:
1549  if (SOCKET_OK(s))
1550  tor_close_socket(s);
1551  if (conn)
1552  connection_free(conn);
1553 
1554  /* Call the OOS handler, indicate if we saw an exhaustion-related error */
1556 
1557  return NULL;
1558 }
1559 
1566 static connection_t *
1568  int *defer, int *addr_in_use)
1569 {
1570  connection_t *conn;
1571  struct sockaddr *listensockaddr;
1572  socklen_t listensocklen = 0;
1573  char *address=NULL;
1574  int real_port = port->port == CFG_AUTO_PORT ? 0 : port->port;
1575  tor_assert(real_port <= UINT16_MAX);
1576 
1577  if (defer)
1578  *defer = 0;
1579 
1580  if (port->server_cfg.no_listen) {
1581  if (defer)
1582  *defer = 1;
1583  return NULL;
1584  }
1585 
1586 #ifndef _WIN32
1587  /* We don't need to be root to create a UNIX socket, so defer until after
1588  * setuid. */
1589  const or_options_t *options = get_options();
1590  if (port->is_unix_addr && !geteuid() && (options->User) &&
1591  strcmp(options->User, "root")) {
1592  if (defer)
1593  *defer = 1;
1594  return NULL;
1595  }
1596 #endif /* !defined(_WIN32) */
1597 
1598  if (port->is_unix_addr) {
1599  listensockaddr = (struct sockaddr *)
1600  create_unix_sockaddr(port->unix_addr,
1601  &address, &listensocklen);
1602  } else {
1603  listensockaddr = tor_malloc(sizeof(struct sockaddr_storage));
1604  listensocklen = tor_addr_to_sockaddr(&port->addr,
1605  real_port,
1606  listensockaddr,
1607  sizeof(struct sockaddr_storage));
1608  address = tor_addr_to_str_dup(&port->addr);
1609  }
1610 
1611  if (listensockaddr) {
1612  conn = connection_listener_new(listensockaddr, listensocklen,
1613  port->type, address, port,
1614  addr_in_use);
1615  tor_free(listensockaddr);
1616  tor_free(address);
1617  } else {
1618  conn = NULL;
1619  }
1620 
1621  return conn;
1622 }
1623 
1631 static int
1632 check_sockaddr(const struct sockaddr *sa, int len, int level)
1633 {
1634  int ok = 1;
1635 
1636  if (sa->sa_family == AF_INET) {
1637  struct sockaddr_in *sin=(struct sockaddr_in*)sa;
1638  if (len != sizeof(struct sockaddr_in)) {
1639  log_fn(level, LD_NET, "Length of address not as expected: %d vs %d",
1640  len,(int)sizeof(struct sockaddr_in));
1641  ok = 0;
1642  }
1643  if (sin->sin_addr.s_addr == 0 || sin->sin_port == 0) {
1644  log_fn(level, LD_NET,
1645  "Address for new connection has address/port equal to zero.");
1646  ok = 0;
1647  }
1648  } else if (sa->sa_family == AF_INET6) {
1649  struct sockaddr_in6 *sin6=(struct sockaddr_in6*)sa;
1650  if (len != sizeof(struct sockaddr_in6)) {
1651  log_fn(level, LD_NET, "Length of address not as expected: %d vs %d",
1652  len,(int)sizeof(struct sockaddr_in6));
1653  ok = 0;
1654  }
1655  if (tor_mem_is_zero((void*)sin6->sin6_addr.s6_addr, 16) ||
1656  sin6->sin6_port == 0) {
1657  log_fn(level, LD_NET,
1658  "Address for new connection has address/port equal to zero.");
1659  ok = 0;
1660  }
1661  } else if (sa->sa_family == AF_UNIX) {
1662  ok = 1;
1663  } else {
1664  ok = 0;
1665  }
1666  return ok ? 0 : -1;
1667 }
1668 
1674 static int
1676 {
1677  if (got != listener->socket_family) {
1678  log_info(LD_BUG, "A listener connection returned a socket with a "
1679  "mismatched family. %s for addr_family %d gave us a socket "
1680  "with address family %d. Dropping.",
1681  conn_type_to_string(listener->type),
1682  (int)listener->socket_family,
1683  (int)got);
1684  return -1;
1685  }
1686  return 0;
1687 }
1688 
1692 static int
1694 {
1695  tor_socket_t news; /* the new socket */
1696  connection_t *newconn = 0;
1697  /* information about the remote peer when connecting to other routers */
1698  struct sockaddr_storage addrbuf;
1699  struct sockaddr *remote = (struct sockaddr*)&addrbuf;
1700  /* length of the remote address. Must be whatever accept() needs. */
1701  socklen_t remotelen = (socklen_t)sizeof(addrbuf);
1702  const or_options_t *options = get_options();
1703 
1704  tor_assert((size_t)remotelen >= sizeof(struct sockaddr_in));
1705  memset(&addrbuf, 0, sizeof(addrbuf));
1706 
1707  news = tor_accept_socket_nonblocking(conn->s,remote,&remotelen);
1708  if (!SOCKET_OK(news)) { /* accept() error */
1709  int e = tor_socket_errno(conn->s);
1710  if (ERRNO_IS_ACCEPT_EAGAIN(e)) {
1711  /*
1712  * they hung up before we could accept(). that's fine.
1713  *
1714  * give the OOS handler a chance to run though
1715  */
1717  return 0;
1718  } else if (ERRNO_IS_RESOURCE_LIMIT(e)) {
1720  /* Exhaustion; tell the OOS handler */
1722  return 0;
1723  }
1724  /* else there was a real error. */
1725  log_warn(LD_NET,"accept() failed: %s. Closing listener.",
1726  tor_socket_strerror(e));
1727  connection_mark_for_close(conn);
1728  /* Tell the OOS handler about this too */
1730  return -1;
1731  }
1732  log_debug(LD_NET,
1733  "Connection accepted on socket %d (child of fd %d).",
1734  (int)news,(int)conn->s);
1735 
1736  /* We accepted a new conn; run OOS handler */
1738 
1739  if (make_socket_reuseable(news) < 0) {
1740  if (tor_socket_errno(news) == EINVAL) {
1741  /* This can happen on OSX if we get a badly timed shutdown. */
1742  log_debug(LD_NET, "make_socket_reuseable returned EINVAL");
1743  } else {
1744  log_warn(LD_NET, "Error setting SO_REUSEADDR flag on %s: %s",
1745  conn_type_to_string(new_type),
1746  tor_socket_strerror(errno));
1747  }
1748  tor_close_socket(news);
1749  return 0;
1750  }
1751 
1752  if (options->ConstrainedSockets)
1754 
1755  if (check_sockaddr_family_match(remote->sa_family, conn) < 0) {
1756  tor_close_socket(news);
1757  return 0;
1758  }
1759 
1760  if (conn->socket_family == AF_INET || conn->socket_family == AF_INET6 ||
1761  (conn->socket_family == AF_UNIX && new_type == CONN_TYPE_AP)) {
1762  tor_addr_t addr;
1763  uint16_t port;
1764  if (check_sockaddr(remote, remotelen, LOG_INFO)<0) {
1765  log_info(LD_NET,
1766  "accept() returned a strange address; closing connection.");
1767  tor_close_socket(news);
1768  return 0;
1769  }
1770 
1771  tor_addr_from_sockaddr(&addr, remote, &port);
1772 
1773  /* process entrance policies here, before we even create the connection */
1774  if (new_type == CONN_TYPE_AP) {
1775  /* check sockspolicy to see if we should accept it */
1776  if (socks_policy_permits_address(&addr) == 0) {
1777  log_notice(LD_APP,
1778  "Denying socks connection from untrusted address %s.",
1779  fmt_and_decorate_addr(&addr));
1780  tor_close_socket(news);
1781  return 0;
1782  }
1783  }
1784  if (new_type == CONN_TYPE_DIR) {
1785  /* check dirpolicy to see if we should accept it */
1786  if (dir_policy_permits_address(&addr) == 0) {
1787  log_notice(LD_DIRSERV,"Denying dir connection from address %s.",
1788  fmt_and_decorate_addr(&addr));
1789  tor_close_socket(news);
1790  return 0;
1791  }
1792  }
1793  if (new_type == CONN_TYPE_OR) {
1794  /* Assess with the connection DoS mitigation subsystem if this address
1795  * can open a new connection. */
1796  if (dos_conn_addr_get_defense_type(&addr) == DOS_CONN_DEFENSE_CLOSE) {
1797  tor_close_socket(news);
1798  return 0;
1799  }
1800  }
1801 
1802  newconn = connection_new(new_type, conn->socket_family);
1803  newconn->s = news;
1804 
1805  /* remember the remote address */
1806  tor_addr_copy(&newconn->addr, &addr);
1807  if (new_type == CONN_TYPE_AP && conn->socket_family == AF_UNIX) {
1808  newconn->port = 0;
1809  newconn->address = tor_strdup(conn->address);
1810  } else {
1811  newconn->port = port;
1812  newconn->address = tor_addr_to_str_dup(&addr);
1813  }
1814 
1815  if (new_type == CONN_TYPE_AP && conn->socket_family != AF_UNIX) {
1816  log_info(LD_NET, "New SOCKS connection opened from %s.",
1817  fmt_and_decorate_addr(&addr));
1818  }
1819  if (new_type == CONN_TYPE_AP && conn->socket_family == AF_UNIX) {
1820  log_info(LD_NET, "New SOCKS AF_UNIX connection opened");
1821  }
1822  if (new_type == CONN_TYPE_CONTROL) {
1823  log_notice(LD_CONTROL, "New control connection opened from %s.",
1824  fmt_and_decorate_addr(&addr));
1825  }
1826 
1827  } else if (conn->socket_family == AF_UNIX && conn->type != CONN_TYPE_AP) {
1829  tor_assert(new_type == CONN_TYPE_CONTROL);
1830  log_notice(LD_CONTROL, "New control connection opened.");
1831 
1832  newconn = connection_new(new_type, conn->socket_family);
1833  newconn->s = news;
1834 
1835  /* remember the remote address -- do we have anything sane to put here? */
1836  tor_addr_make_unspec(&newconn->addr);
1837  newconn->port = 1;
1838  newconn->address = tor_strdup(conn->address);
1839  } else {
1840  tor_assert(0);
1841  };
1842 
1843  if (connection_add(newconn) < 0) { /* no space, forget it */
1844  connection_free(newconn);
1845  return 0; /* no need to tear down the parent */
1846  }
1847 
1848  if (connection_init_accepted_conn(newconn, TO_LISTENER_CONN(conn)) < 0) {
1849  if (! newconn->marked_for_close)
1850  connection_mark_for_close(newconn);
1851  return 0;
1852  }
1853  return 0;
1854 }
1855 
1865 int
1867  const listener_connection_t *listener)
1868 {
1869  int rv;
1870 
1871  connection_start_reading(conn);
1872 
1873  switch (conn->type) {
1874  case CONN_TYPE_EXT_OR:
1875  /* Initiate Extended ORPort authentication. */
1877  case CONN_TYPE_OR:
1878  connection_or_event_status(TO_OR_CONN(conn), OR_CONN_EVENT_NEW, 0);
1879  rv = connection_tls_start_handshake(TO_OR_CONN(conn), 1);
1880  if (rv < 0) {
1881  connection_or_close_for_error(TO_OR_CONN(conn), 0);
1882  }
1883  return rv;
1884  break;
1885  case CONN_TYPE_AP:
1886  memcpy(&TO_ENTRY_CONN(conn)->entry_cfg, &listener->entry_cfg,
1887  sizeof(entry_port_cfg_t));
1888  TO_ENTRY_CONN(conn)->nym_epoch = get_signewnym_epoch();
1889  TO_ENTRY_CONN(conn)->socks_request->listener_type = listener->base_.type;
1890 
1891  /* Any incoming connection on an entry port counts as user activity. */
1892  note_user_activity(approx_time());
1893 
1894  switch (TO_CONN(listener)->type) {
1895  case CONN_TYPE_AP_LISTENER:
1897  TO_ENTRY_CONN(conn)->socks_request->socks_prefer_no_auth =
1898  listener->entry_cfg.socks_prefer_no_auth;
1899  break;
1901  TO_ENTRY_CONN(conn)->is_transparent_ap = 1;
1902  /* XXXX028 -- is this correct still, with the addition of
1903  * pending_entry_connections ? */
1905  return connection_ap_process_transparent(TO_ENTRY_CONN(conn));
1907  TO_ENTRY_CONN(conn)->is_transparent_ap = 1;
1909  break;
1912  }
1913  break;
1914  case CONN_TYPE_DIR:
1915  conn->purpose = DIR_PURPOSE_SERVER;
1917  break;
1918  case CONN_TYPE_CONTROL:
1920  break;
1921  }
1922  return 0;
1923 }
1924 
1930 MOCK_IMPL(STATIC int,
1931 connection_connect_sockaddr,(connection_t *conn,
1932  const struct sockaddr *sa,
1933  socklen_t sa_len,
1934  const struct sockaddr *bindaddr,
1935  socklen_t bindaddr_len,
1936  int *socket_error))
1937 {
1938  tor_socket_t s;
1939  int inprogress = 0;
1940  const or_options_t *options = get_options();
1941 
1942  tor_assert(conn);
1943  tor_assert(sa);
1944  tor_assert(socket_error);
1945 
1946  if (net_is_completely_disabled()) {
1947  /* We should never even try to connect anyplace if the network is
1948  * completely shut off.
1949  *
1950  * (We don't check net_is_disabled() here, since we still sometimes
1951  * want to open connections when we're in soft hibernation.)
1952  */
1953  static ratelim_t disablenet_violated = RATELIM_INIT(30*60);
1954  *socket_error = SOCK_ERRNO(ENETUNREACH);
1955  log_fn_ratelim(&disablenet_violated, LOG_WARN, LD_BUG,
1956  "Tried to open a socket with DisableNetwork set.");
1958  return -1;
1959  }
1960 
1961  const int protocol_family = sa->sa_family;
1962  const int proto = (sa->sa_family == AF_INET6 ||
1963  sa->sa_family == AF_INET) ? IPPROTO_TCP : 0;
1964 
1965  s = tor_open_socket_nonblocking(protocol_family, SOCK_STREAM, proto);
1966  if (! SOCKET_OK(s)) {
1967  /*
1968  * Early OOS handler calls; it matters if it's an exhaustion-related
1969  * error or not.
1970  */
1971  *socket_error = tor_socket_errno(s);
1972  if (ERRNO_IS_RESOURCE_LIMIT(*socket_error)) {
1975  } else {
1976  log_warn(LD_NET,"Error creating network socket: %s",
1977  tor_socket_strerror(*socket_error));
1979  }
1980  return -1;
1981  }
1982 
1983  if (make_socket_reuseable(s) < 0) {
1984  log_warn(LD_NET, "Error setting SO_REUSEADDR flag on new connection: %s",
1985  tor_socket_strerror(errno));
1986  }
1987 
1988  /*
1989  * We've got the socket open; give the OOS handler a chance to check
1990  * against configured maximum socket number, but tell it no exhaustion
1991  * failure.
1992  */
1994 
1995  if (bindaddr && bind(s, bindaddr, bindaddr_len) < 0) {
1996  *socket_error = tor_socket_errno(s);
1997  log_warn(LD_NET,"Error binding network socket: %s",
1998  tor_socket_strerror(*socket_error));
1999  tor_close_socket(s);
2000  return -1;
2001  }
2002 
2003  tor_assert(options);
2004  if (options->ConstrainedSockets)
2006 
2007  if (connect(s, sa, sa_len) < 0) {
2008  int e = tor_socket_errno(s);
2009  if (!ERRNO_IS_CONN_EINPROGRESS(e)) {
2010  /* yuck. kill it. */
2011  *socket_error = e;
2012  log_info(LD_NET,
2013  "connect() to socket failed: %s",
2014  tor_socket_strerror(e));
2015  tor_close_socket(s);
2016  return -1;
2017  } else {
2018  inprogress = 1;
2019  }
2020  }
2021 
2022  /* it succeeded. we're connected. */
2023  log_fn(inprogress ? LOG_DEBUG : LOG_INFO, LD_NET,
2024  "Connection to socket %s (sock "TOR_SOCKET_T_FORMAT").",
2025  inprogress ? "in progress" : "established", s);
2026  conn->s = s;
2027  if (connection_add_connecting(conn) < 0) {
2028  /* no space, forget it */
2029  *socket_error = SOCK_ERRNO(ENOBUFS);
2030  return -1;
2031  }
2032 
2033  return inprogress ? 0 : 1;
2034 }
2035 
2036 /* Log a message if connection attempt is made when IPv4 or IPv6 is disabled.
2037  * Log a less severe message if we couldn't conform to ClientPreferIPv6ORPort
2038  * or ClientPreferIPv6ORPort. */
2039 static void
2040 connection_connect_log_client_use_ip_version(const connection_t *conn)
2041 {
2042  const or_options_t *options = get_options();
2043 
2044  /* Only clients care about ClientUseIPv4/6, bail out early on servers, and
2045  * on connections we don't care about */
2046  if (server_mode(options) || !conn || conn->type == CONN_TYPE_EXIT) {
2047  return;
2048  }
2049 
2050  /* We're only prepared to log OR and DIR connections here */
2051  if (conn->type != CONN_TYPE_OR && conn->type != CONN_TYPE_DIR) {
2052  return;
2053  }
2054 
2055  const int must_ipv4 = !fascist_firewall_use_ipv6(options);
2056  const int must_ipv6 = (options->ClientUseIPv4 == 0);
2057  const int pref_ipv6 = (conn->type == CONN_TYPE_OR
2060  tor_addr_t real_addr;
2061  tor_addr_make_null(&real_addr, AF_UNSPEC);
2062 
2063  /* OR conns keep the original address in real_addr, as addr gets overwritten
2064  * with the descriptor address */
2065  if (conn->type == CONN_TYPE_OR) {
2066  const or_connection_t *or_conn = TO_OR_CONN((connection_t *)conn);
2067  tor_addr_copy(&real_addr, &or_conn->real_addr);
2068  } else if (conn->type == CONN_TYPE_DIR) {
2069  tor_addr_copy(&real_addr, &conn->addr);
2070  }
2071 
2072  /* Check if we broke a mandatory address family restriction */
2073  if ((must_ipv4 && tor_addr_family(&real_addr) == AF_INET6)
2074  || (must_ipv6 && tor_addr_family(&real_addr) == AF_INET)) {
2075  static int logged_backtrace = 0;
2076  log_info(LD_BUG, "Outgoing %s connection to %s violated ClientUseIPv%s 0.",
2077  conn->type == CONN_TYPE_OR ? "OR" : "Dir",
2078  fmt_addr(&real_addr),
2079  options->ClientUseIPv4 == 0 ? "4" : "6");
2080  if (!logged_backtrace) {
2081  log_backtrace(LOG_INFO, LD_BUG, "Address came from");
2082  logged_backtrace = 1;
2083  }
2084  }
2085 
2086  /* Bridges are allowed to break IPv4/IPv6 ORPort preferences to connect to
2087  * the node's configured address when ClientPreferIPv6ORPort is auto */
2088  if (options->UseBridges && conn->type == CONN_TYPE_OR
2089  && options->ClientPreferIPv6ORPort == -1) {
2090  return;
2091  }
2092 
2093  if (fascist_firewall_use_ipv6(options)) {
2094  log_info(LD_NET, "Our outgoing connection is using IPv%d.",
2095  tor_addr_family(&real_addr) == AF_INET6 ? 6 : 4);
2096  }
2097 
2098  /* Check if we couldn't satisfy an address family preference */
2099  if ((!pref_ipv6 && tor_addr_family(&real_addr) == AF_INET6)
2100  || (pref_ipv6 && tor_addr_family(&real_addr) == AF_INET)) {
2101  log_info(LD_NET, "Outgoing connection to %s doesn't satisfy "
2102  "ClientPreferIPv6%sPort %d, with ClientUseIPv4 %d, and "
2103  "fascist_firewall_use_ipv6 %d (ClientUseIPv6 %d and UseBridges "
2104  "%d).",
2105  fmt_addr(&real_addr),
2106  conn->type == CONN_TYPE_OR ? "OR" : "Dir",
2107  conn->type == CONN_TYPE_OR ? options->ClientPreferIPv6ORPort
2108  : options->ClientPreferIPv6DirPort,
2109  options->ClientUseIPv4, fascist_firewall_use_ipv6(options),
2110  options->ClientUseIPv6, options->UseBridges);
2111  }
2112 }
2113 
2118 const tor_addr_t *
2120  const or_options_t *options, unsigned int conn_type)
2121 {
2122  const tor_addr_t *ext_addr = NULL;
2123 
2124  int fam_index;
2125  switch (family) {
2126  case AF_INET:
2127  fam_index = 0;
2128  break;
2129  case AF_INET6:
2130  fam_index = 1;
2131  break;
2132  default:
2133  return NULL;
2134  }
2135 
2136  // If an exit connection, use the exit address (if present)
2137  if (conn_type == CONN_TYPE_EXIT) {
2138  if (!tor_addr_is_null(
2139  &options->OutboundBindAddresses[OUTBOUND_ADDR_EXIT][fam_index])) {
2140  ext_addr = &options->OutboundBindAddresses[OUTBOUND_ADDR_EXIT]
2141  [fam_index];
2142  } else if (!tor_addr_is_null(
2143  &options->OutboundBindAddresses[OUTBOUND_ADDR_EXIT_AND_OR]
2144  [fam_index])) {
2145  ext_addr = &options->OutboundBindAddresses[OUTBOUND_ADDR_EXIT_AND_OR]
2146  [fam_index];
2147  }
2148  } else { // All non-exit connections
2149  if (!tor_addr_is_null(
2150  &options->OutboundBindAddresses[OUTBOUND_ADDR_OR][fam_index])) {
2151  ext_addr = &options->OutboundBindAddresses[OUTBOUND_ADDR_OR]
2152  [fam_index];
2153  } else if (!tor_addr_is_null(
2154  &options->OutboundBindAddresses[OUTBOUND_ADDR_EXIT_AND_OR]
2155  [fam_index])) {
2156  ext_addr = &options->OutboundBindAddresses[OUTBOUND_ADDR_EXIT_AND_OR]
2157  [fam_index];
2158  }
2159  }
2160  return ext_addr;
2161 }
2162 
2175 int
2176 connection_connect(connection_t *conn, const char *address,
2177  const tor_addr_t *addr, uint16_t port, int *socket_error)
2178 {
2179  struct sockaddr_storage addrbuf;
2180  struct sockaddr_storage bind_addr_ss;
2181  struct sockaddr *bind_addr = NULL;
2182  struct sockaddr *dest_addr;
2183  int dest_addr_len, bind_addr_len = 0;
2184 
2185  /* Log if we didn't stick to ClientUseIPv4/6 or ClientPreferIPv6OR/DirPort
2186  */
2187  connection_connect_log_client_use_ip_version(conn);
2188 
2189  if (!tor_addr_is_loopback(addr)) {
2190  const tor_addr_t *ext_addr = NULL;
2191  ext_addr = conn_get_outbound_address(tor_addr_family(addr), get_options(),
2192  conn->type);
2193  if (ext_addr) {
2194  memset(&bind_addr_ss, 0, sizeof(bind_addr_ss));
2195  bind_addr_len = tor_addr_to_sockaddr(ext_addr, 0,
2196  (struct sockaddr *) &bind_addr_ss,
2197  sizeof(bind_addr_ss));
2198  if (bind_addr_len == 0) {
2199  log_warn(LD_NET,
2200  "Error converting OutboundBindAddress %s into sockaddr. "
2201  "Ignoring.", fmt_and_decorate_addr(ext_addr));
2202  } else {
2203  bind_addr = (struct sockaddr *)&bind_addr_ss;
2204  }
2205  }
2206  }
2207 
2208  memset(&addrbuf,0,sizeof(addrbuf));
2209  dest_addr = (struct sockaddr*) &addrbuf;
2210  dest_addr_len = tor_addr_to_sockaddr(addr, port, dest_addr, sizeof(addrbuf));
2211  tor_assert(dest_addr_len > 0);
2212 
2213  log_debug(LD_NET, "Connecting to %s:%u.",
2214  escaped_safe_str_client(address), port);
2215 
2216  return connection_connect_sockaddr(conn, dest_addr, dest_addr_len,
2217  bind_addr, bind_addr_len, socket_error);
2218 }
2219 
2220 #ifdef HAVE_SYS_UN_H
2221 
2229 int
2230 connection_connect_unix(connection_t *conn, const char *socket_path,
2231  int *socket_error)
2232 {
2233  struct sockaddr_un dest_addr;
2234 
2235  tor_assert(socket_path);
2236 
2237  /* Check that we'll be able to fit it into dest_addr later */
2238  if (strlen(socket_path) + 1 > sizeof(dest_addr.sun_path)) {
2239  log_warn(LD_NET,
2240  "Path %s is too long for an AF_UNIX socket\n",
2241  escaped_safe_str_client(socket_path));
2242  *socket_error = SOCK_ERRNO(ENAMETOOLONG);
2243  return -1;
2244  }
2245 
2246  memset(&dest_addr, 0, sizeof(dest_addr));
2247  dest_addr.sun_family = AF_UNIX;
2248  strlcpy(dest_addr.sun_path, socket_path, sizeof(dest_addr.sun_path));
2249 
2250  log_debug(LD_NET,
2251  "Connecting to AF_UNIX socket at %s.",
2252  escaped_safe_str_client(socket_path));
2253 
2254  return connection_connect_sockaddr(conn,
2255  (struct sockaddr *)&dest_addr, sizeof(dest_addr),
2256  NULL, 0, socket_error);
2257 }
2258 
2259 #endif /* defined(HAVE_SYS_UN_H) */
2260 
2263 static const char *
2265 {
2266  static const char *unknown = "???";
2267  static const char *states[] = {
2268  "PROXY_NONE",
2269  "PROXY_INFANT",
2270  "PROXY_HTTPS_WANT_CONNECT_OK",
2271  "PROXY_SOCKS4_WANT_CONNECT_OK",
2272  "PROXY_SOCKS5_WANT_AUTH_METHOD_NONE",
2273  "PROXY_SOCKS5_WANT_AUTH_METHOD_RFC1929",
2274  "PROXY_SOCKS5_WANT_AUTH_RFC1929_OK",
2275  "PROXY_SOCKS5_WANT_CONNECT_OK",
2276  "PROXY_CONNECTED",
2277  };
2278 
2279  if (state < PROXY_NONE || state > PROXY_CONNECTED)
2280  return unknown;
2281 
2282  return states[state];
2283 }
2284 
2289 static int
2291 {
2292  const or_options_t *options = get_options();
2293 
2294  if (options->ClientTransportPlugin)
2295  return PROXY_PLUGGABLE;
2296  else if (options->HTTPSProxy)
2297  return PROXY_CONNECT;
2298  else if (options->Socks4Proxy)
2299  return PROXY_SOCKS4;
2300  else if (options->Socks5Proxy)
2301  return PROXY_SOCKS5;
2302  else
2303  return PROXY_NONE;
2304 }
2305 
2306 /* One byte for the version, one for the command, two for the
2307  port, and four for the addr... and, one more for the
2308  username NUL: */
2309 #define SOCKS4_STANDARD_BUFFER_SIZE (1 + 1 + 2 + 4 + 1)
2310 
2321 int
2323 {
2324  const or_options_t *options;
2325 
2326  tor_assert(conn);
2327 
2328  options = get_options();
2329 
2330  switch (type) {
2331  case PROXY_CONNECT: {
2332  char buf[1024];
2333  char *base64_authenticator=NULL;
2334  const char *authenticator = options->HTTPSProxyAuthenticator;
2335 
2336  /* Send HTTP CONNECT and authentication (if available) in
2337  * one request */
2338 
2339  if (authenticator) {
2340  base64_authenticator = alloc_http_authenticator(authenticator);
2341  if (!base64_authenticator)
2342  log_warn(LD_OR, "Encoding https authenticator failed");
2343  }
2344 
2345  if (base64_authenticator) {
2346  const char *addrport = fmt_addrport(&conn->addr, conn->port);
2347  tor_snprintf(buf, sizeof(buf), "CONNECT %s HTTP/1.1\r\n"
2348  "Host: %s\r\n"
2349  "Proxy-Authorization: Basic %s\r\n\r\n",
2350  addrport,
2351  addrport,
2352  base64_authenticator);
2353  tor_free(base64_authenticator);
2354  } else {
2355  tor_snprintf(buf, sizeof(buf), "CONNECT %s HTTP/1.0\r\n\r\n",
2356  fmt_addrport(&conn->addr, conn->port));
2357  }
2358 
2359  connection_buf_add(buf, strlen(buf), conn);
2360  conn->proxy_state = PROXY_HTTPS_WANT_CONNECT_OK;
2361  break;
2362  }
2363 
2364  case PROXY_SOCKS4: {
2365  unsigned char *buf;
2366  uint16_t portn;
2367  uint32_t ip4addr;
2368  size_t buf_size = 0;
2369  char *socks_args_string = NULL;
2370 
2371  /* Send a SOCKS4 connect request */
2372 
2373  if (tor_addr_family(&conn->addr) != AF_INET) {
2374  log_warn(LD_NET, "SOCKS4 client is incompatible with IPv6");
2375  return -1;
2376  }
2377 
2378  { /* If we are here because we are trying to connect to a
2379  pluggable transport proxy, check if we have any SOCKS
2380  arguments to transmit. If we do, compress all arguments to
2381  a single string in 'socks_args_string': */
2382 
2383  if (get_proxy_type() == PROXY_PLUGGABLE) {
2384  socks_args_string =
2386  if (socks_args_string)
2387  log_debug(LD_NET, "Sending out '%s' as our SOCKS argument string.",
2388  socks_args_string);
2389  }
2390  }
2391 
2392  { /* Figure out the buffer size we need for the SOCKS message: */
2393 
2394  buf_size = SOCKS4_STANDARD_BUFFER_SIZE;
2395 
2396  /* If we have a SOCKS argument string, consider its size when
2397  calculating the buffer size: */
2398  if (socks_args_string)
2399  buf_size += strlen(socks_args_string);
2400  }
2401 
2402  buf = tor_malloc_zero(buf_size);
2403 
2404  ip4addr = tor_addr_to_ipv4n(&conn->addr);
2405  portn = htons(conn->port);
2406 
2407  buf[0] = 4; /* version */
2408  buf[1] = SOCKS_COMMAND_CONNECT; /* command */
2409  memcpy(buf + 2, &portn, 2); /* port */
2410  memcpy(buf + 4, &ip4addr, 4); /* addr */
2411 
2412  /* Next packet field is the userid. If we have pluggable
2413  transport SOCKS arguments, we have to embed them
2414  there. Otherwise, we use an empty userid. */
2415  if (socks_args_string) { /* place the SOCKS args string: */
2416  tor_assert(strlen(socks_args_string) > 0);
2417  tor_assert(buf_size >=
2418  SOCKS4_STANDARD_BUFFER_SIZE + strlen(socks_args_string));
2419  strlcpy((char *)buf + 8, socks_args_string, buf_size - 8);
2420  tor_free(socks_args_string);
2421  } else {
2422  buf[8] = 0; /* no userid */
2423  }
2424 
2425  connection_buf_add((char *)buf, buf_size, conn);
2426  tor_free(buf);
2427 
2428  conn->proxy_state = PROXY_SOCKS4_WANT_CONNECT_OK;
2429  break;
2430  }
2431 
2432  case PROXY_SOCKS5: {
2433  unsigned char buf[4]; /* fields: vers, num methods, method list */
2434 
2435  /* Send a SOCKS5 greeting (connect request must wait) */
2436 
2437  buf[0] = 5; /* version */
2438 
2439  /* We have to use SOCKS5 authentication, if we have a
2440  Socks5ProxyUsername or if we want to pass arguments to our
2441  pluggable transport proxy: */
2442  if ((options->Socks5ProxyUsername) ||
2443  (get_proxy_type() == PROXY_PLUGGABLE &&
2444  (get_socks_args_by_bridge_addrport(&conn->addr, conn->port)))) {
2445  /* number of auth methods */
2446  buf[1] = 2;
2447  buf[2] = 0x00; /* no authentication */
2448  buf[3] = 0x02; /* rfc1929 Username/Passwd auth */
2449  conn->proxy_state = PROXY_SOCKS5_WANT_AUTH_METHOD_RFC1929;
2450  } else {
2451  buf[1] = 1;
2452  buf[2] = 0x00; /* no authentication */
2453  conn->proxy_state = PROXY_SOCKS5_WANT_AUTH_METHOD_NONE;
2454  }
2455 
2456  connection_buf_add((char *)buf, 2 + buf[1], conn);
2457  break;
2458  }
2459 
2460  default:
2461  log_err(LD_BUG, "Invalid proxy protocol, %d", type);
2463  return -1;
2464  }
2465 
2466  log_debug(LD_NET, "set state %s",
2468 
2469  return 0;
2470 }
2471 
2476 static int
2478 {
2479  char *headers;
2480  char *reason=NULL;
2481  int status_code;
2482  time_t date_header;
2483 
2484  switch (fetch_from_buf_http(conn->inbuf,
2485  &headers, MAX_HEADERS_SIZE,
2486  NULL, NULL, 10000, 0)) {
2487  case -1: /* overflow */
2488  log_warn(LD_PROTOCOL,
2489  "Your https proxy sent back an oversized response. Closing.");
2490  return -1;
2491  case 0:
2492  log_info(LD_NET,"https proxy response not all here yet. Waiting.");
2493  return 0;
2494  /* case 1, fall through */
2495  }
2496 
2497  if (parse_http_response(headers, &status_code, &date_header,
2498  NULL, &reason) < 0) {
2499  log_warn(LD_NET,
2500  "Unparseable headers from proxy (connecting to '%s'). Closing.",
2501  conn->address);
2502  tor_free(headers);
2503  return -1;
2504  }
2505  tor_free(headers);
2506  if (!reason) reason = tor_strdup("[no reason given]");
2507 
2508  if (status_code == 200) {
2509  log_info(LD_NET,
2510  "HTTPS connect to '%s' successful! (200 %s) Starting TLS.",
2511  conn->address, escaped(reason));
2512  tor_free(reason);
2513  return 1;
2514  }
2515  /* else, bad news on the status code */
2516  switch (status_code) {
2517  case 403:
2518  log_warn(LD_NET,
2519  "The https proxy refused to allow connection to %s "
2520  "(status code %d, %s). Closing.",
2521  conn->address, status_code, escaped(reason));
2522  break;
2523  default:
2524  log_warn(LD_NET,
2525  "The https proxy sent back an unexpected status code %d (%s). "
2526  "Closing.",
2527  status_code, escaped(reason));
2528  break;
2529  }
2530  tor_free(reason);
2531  return -1;
2532 }
2533 
2537 static void
2539 {
2540  unsigned char buf[1024];
2541  size_t reqsize = 6;
2542  uint16_t port = htons(conn->port);
2543 
2544  buf[0] = 5; /* version */
2545  buf[1] = SOCKS_COMMAND_CONNECT; /* command */
2546  buf[2] = 0; /* reserved */
2547 
2548  if (tor_addr_family(&conn->addr) == AF_INET) {
2549  uint32_t addr = tor_addr_to_ipv4n(&conn->addr);
2550 
2551  buf[3] = 1;
2552  reqsize += 4;
2553  memcpy(buf + 4, &addr, 4);
2554  memcpy(buf + 8, &port, 2);
2555  } else { /* AF_INET6 */
2556  buf[3] = 4;
2557  reqsize += 16;
2558  memcpy(buf + 4, tor_addr_to_in6_addr8(&conn->addr), 16);
2559  memcpy(buf + 20, &port, 2);
2560  }
2561 
2562  connection_buf_add((char *)buf, reqsize, conn);
2563 
2564  conn->proxy_state = PROXY_SOCKS5_WANT_CONNECT_OK;
2565 }
2566 
2569 static int
2571  int state, char **reason)
2572 {
2573  return fetch_from_buf_socks_client(conn->inbuf, state, reason);
2574 }
2575 
2586 int
2588 {
2589  int ret = 0;
2590  char *reason = NULL;
2591 
2592  log_debug(LD_NET, "enter state %s",
2594 
2595  switch (conn->proxy_state) {
2596  case PROXY_HTTPS_WANT_CONNECT_OK:
2598  if (ret == 1)
2599  conn->proxy_state = PROXY_CONNECTED;
2600  break;
2601 
2602  case PROXY_SOCKS4_WANT_CONNECT_OK:
2604  conn->proxy_state,
2605  &reason);
2606  if (ret == 1)
2607  conn->proxy_state = PROXY_CONNECTED;
2608  break;
2609 
2610  case PROXY_SOCKS5_WANT_AUTH_METHOD_NONE:
2612  conn->proxy_state,
2613  &reason);
2614  /* no auth needed, do connect */
2615  if (ret == 1) {
2617  ret = 0;
2618  }
2619  break;
2620 
2621  case PROXY_SOCKS5_WANT_AUTH_METHOD_RFC1929:
2623  conn->proxy_state,
2624  &reason);
2625 
2626  /* send auth if needed, otherwise do connect */
2627  if (ret == 1) {
2629  ret = 0;
2630  } else if (ret == 2) {
2631  unsigned char buf[1024];
2632  size_t reqsize, usize, psize;
2633  const char *user, *pass;
2634  char *socks_args_string = NULL;
2635 
2636  if (get_proxy_type() == PROXY_PLUGGABLE) {
2637  socks_args_string =
2639  if (!socks_args_string) {
2640  log_warn(LD_NET, "Could not create SOCKS args string.");
2641  ret = -1;
2642  break;
2643  }
2644 
2645  log_debug(LD_NET, "SOCKS5 arguments: %s", socks_args_string);
2646  tor_assert(strlen(socks_args_string) > 0);
2647  tor_assert(strlen(socks_args_string) <= MAX_SOCKS5_AUTH_SIZE_TOTAL);
2648 
2649  if (strlen(socks_args_string) > MAX_SOCKS5_AUTH_FIELD_SIZE) {
2650  user = socks_args_string;
2652  pass = socks_args_string + MAX_SOCKS5_AUTH_FIELD_SIZE;
2653  psize = strlen(socks_args_string) - MAX_SOCKS5_AUTH_FIELD_SIZE;
2654  } else {
2655  user = socks_args_string;
2656  usize = strlen(socks_args_string);
2657  pass = "\0";
2658  psize = 1;
2659  }
2660  } else if (get_options()->Socks5ProxyUsername) {
2661  user = get_options()->Socks5ProxyUsername;
2662  pass = get_options()->Socks5ProxyPassword;
2663  tor_assert(user && pass);
2664  usize = strlen(user);
2665  psize = strlen(pass);
2666  } else {
2667  log_err(LD_BUG, "We entered %s for no reason!", __func__);
2669  ret = -1;
2670  break;
2671  }
2672 
2673  /* Username and password lengths should have been checked
2674  above and during torrc parsing. */
2676  psize <= MAX_SOCKS5_AUTH_FIELD_SIZE);
2677  reqsize = 3 + usize + psize;
2678 
2679  buf[0] = 1; /* negotiation version */
2680  buf[1] = usize;
2681  memcpy(buf + 2, user, usize);
2682  buf[2 + usize] = psize;
2683  memcpy(buf + 3 + usize, pass, psize);
2684 
2685  if (socks_args_string)
2686  tor_free(socks_args_string);
2687 
2688  connection_buf_add((char *)buf, reqsize, conn);
2689 
2690  conn->proxy_state = PROXY_SOCKS5_WANT_AUTH_RFC1929_OK;
2691  ret = 0;
2692  }
2693  break;
2694 
2695  case PROXY_SOCKS5_WANT_AUTH_RFC1929_OK:
2697  conn->proxy_state,
2698  &reason);
2699  /* send the connect request */
2700  if (ret == 1) {
2702  ret = 0;
2703  }
2704  break;
2705 
2706  case PROXY_SOCKS5_WANT_CONNECT_OK:
2708  conn->proxy_state,
2709  &reason);
2710  if (ret == 1)
2711  conn->proxy_state = PROXY_CONNECTED;
2712  break;
2713 
2714  default:
2715  log_err(LD_BUG, "Invalid proxy_state for reading, %d",
2716  conn->proxy_state);
2718  ret = -1;
2719  break;
2720  }
2721 
2722  log_debug(LD_NET, "leaving state %s",
2724 
2725  if (ret < 0) {
2726  if (reason) {
2727  log_warn(LD_NET, "Proxy Client: unable to connect to %s:%d (%s)",
2728  conn->address, conn->port, escaped(reason));
2729  tor_free(reason);
2730  } else {
2731  log_warn(LD_NET, "Proxy Client: unable to connect to %s:%d",
2732  conn->address, conn->port);
2733  }
2734  } else if (ret == 1) {
2735  log_info(LD_NET, "Proxy Client: connection to %s:%d successful",
2736  conn->address, conn->port);
2737  }
2738 
2739  return ret;
2740 }
2741 
2758 static int
2760  const smartlist_t *ports,
2761  smartlist_t *new_conns,
2762  smartlist_t *replacements,
2763  int control_listeners_only)
2764 {
2765 #ifndef ENABLE_LISTENER_REBIND
2766  (void)replacements;
2767 #endif
2768 
2769  smartlist_t *launch = smartlist_new();
2770  int r = 0;
2771 
2772  if (control_listeners_only) {
2773  SMARTLIST_FOREACH(ports, port_cfg_t *, p, {
2774  if (p->type == CONN_TYPE_CONTROL_LISTENER)
2775  smartlist_add(launch, p);
2776  });
2777  } else {
2778  smartlist_add_all(launch, ports);
2779  }
2780 
2781  /* Iterate through old_conns, comparing it to launch: remove from both lists
2782  * each pair of elements that corresponds to the same port. */
2783  SMARTLIST_FOREACH_BEGIN(old_conns, connection_t *, conn) {
2784  const port_cfg_t *found_port = NULL;
2785 
2786  /* Okay, so this is a listener. Is it configured? */
2787  /* That is, is it either: 1) exact match - address and port
2788  * pair match exactly between old listener and new port; or 2)
2789  * wildcard match - port matches exactly, but *one* of the
2790  * addresses is wildcard (0.0.0.0 or ::)?
2791  */
2792  SMARTLIST_FOREACH_BEGIN(launch, const port_cfg_t *, wanted) {
2793  if (conn->type != wanted->type)
2794  continue;
2795  if ((conn->socket_family != AF_UNIX && wanted->is_unix_addr) ||
2796  (conn->socket_family == AF_UNIX && ! wanted->is_unix_addr))
2797  continue;
2798 
2799  if (wanted->server_cfg.no_listen)
2800  continue; /* We don't want to open a listener for this one */
2801 
2802  if (wanted->is_unix_addr) {
2803  if (conn->socket_family == AF_UNIX &&
2804  !strcmp(wanted->unix_addr, conn->address)) {
2805  found_port = wanted;
2806  break;
2807  }
2808  } else {
2809  /* Numeric values of old and new port match exactly. */
2810  const int port_matches_exact = (wanted->port == conn->port);
2811  /* Ports match semantically - either their specific values
2812  match exactly, or new port is 'auto'.
2813  */
2814  const int port_matches = (wanted->port == CFG_AUTO_PORT ||
2815  port_matches_exact);
2816 
2817  if (port_matches && tor_addr_eq(&wanted->addr, &conn->addr)) {
2818  found_port = wanted;
2819  break;
2820  }
2821 #ifdef ENABLE_LISTENER_REBIND
2822  /* Rebinding may be needed if all of the following are true:
2823  * 1) Address family is the same in old and new listeners.
2824  * 2) Port number matches exactly (numeric value is the same).
2825  * 3) *One* of listeners (either old one or new one) has a
2826  * wildcard IP address (0.0.0.0 or [::]).
2827  *
2828  * These are the exact conditions for a first bind() syscall
2829  * to fail with EADDRINUSE.
2830  */
2831  const int may_need_rebind =
2832  tor_addr_family(&wanted->addr) == tor_addr_family(&conn->addr) &&
2833  port_matches_exact && bool_neq(tor_addr_is_null(&wanted->addr),
2834  tor_addr_is_null(&conn->addr));
2835  if (replacements && may_need_rebind) {
2836  listener_replacement_t *replacement =
2837  tor_malloc(sizeof(listener_replacement_t));
2838 
2839  replacement->old_conn = conn;
2840  replacement->new_port = wanted;
2841  smartlist_add(replacements, replacement);
2842 
2843  SMARTLIST_DEL_CURRENT(launch, wanted);
2844  SMARTLIST_DEL_CURRENT(old_conns, conn);
2845  break;
2846  }
2847 #endif
2848  }
2849  } SMARTLIST_FOREACH_END(wanted);
2850 
2851  if (found_port) {
2852  /* This listener is already running; we don't need to launch it. */
2853  //log_debug(LD_NET, "Already have %s on %s:%d",
2854  // conn_type_to_string(found_port->type), conn->address, conn->port);
2855  smartlist_remove(launch, found_port);
2856  /* And we can remove the connection from old_conns too. */
2857  SMARTLIST_DEL_CURRENT(old_conns, conn);
2858  }
2859  } SMARTLIST_FOREACH_END(conn);
2860 
2861  /* Now open all the listeners that are configured but not opened. */
2862  SMARTLIST_FOREACH_BEGIN(launch, const port_cfg_t *, port) {
2863  int skip = 0;
2864  connection_t *conn = connection_listener_new_for_port(port, &skip, NULL);
2865 
2866  if (conn && new_conns)
2867  smartlist_add(new_conns, conn);
2868  else if (!skip)
2869  r = -1;
2870  } SMARTLIST_FOREACH_END(port);
2871 
2872  smartlist_free(launch);
2873 
2874  return r;
2875 }
2876 
2886 int
2887 retry_all_listeners(smartlist_t *new_conns, int close_all_noncontrol)
2888 {
2889  smartlist_t *listeners = smartlist_new();
2890  smartlist_t *replacements = smartlist_new();
2891  const or_options_t *options = get_options();
2892  int retval = 0;
2893  const uint16_t old_or_port = router_get_advertised_or_port(options);
2894  const uint16_t old_or_port_ipv6 =
2895  router_get_advertised_or_port_by_af(options,AF_INET6);
2896  const uint16_t old_dir_port = router_get_advertised_dir_port(options, 0);
2897 
2898  SMARTLIST_FOREACH_BEGIN(get_connection_array(), connection_t *, conn) {
2899  if (connection_is_listener(conn) && !conn->marked_for_close)
2900  smartlist_add(listeners, conn);
2901  } SMARTLIST_FOREACH_END(conn);
2902 
2903  if (retry_listener_ports(listeners,
2904  get_configured_ports(),
2905  new_conns,
2906  replacements,
2907  close_all_noncontrol) < 0)
2908  retval = -1;
2909 
2910 #ifdef ENABLE_LISTENER_REBIND
2911  if (smartlist_len(replacements))
2912  log_debug(LD_NET, "%d replacements - starting rebinding loop.",
2913  smartlist_len(replacements));
2914 
2915  SMARTLIST_FOREACH_BEGIN(replacements, listener_replacement_t *, r) {
2916  int addr_in_use = 0;
2917  int skip = 0;
2918 
2919  tor_assert(r->new_port);
2920  tor_assert(r->old_conn);
2921 
2922  connection_t *new_conn =
2923  connection_listener_new_for_port(r->new_port, &skip, &addr_in_use);
2924  connection_t *old_conn = r->old_conn;
2925 
2926  if (skip) {
2927  log_debug(LD_NET, "Skipping creating new listener for %s:%d",
2928  old_conn->address, old_conn->port);
2929  continue;
2930  }
2931 
2932  connection_close_immediate(old_conn);
2933  connection_mark_for_close(old_conn);
2934 
2935  if (addr_in_use) {
2936  new_conn = connection_listener_new_for_port(r->new_port,
2937  &skip, &addr_in_use);
2938  }
2939 
2940  tor_assert(new_conn);
2941 
2942  smartlist_add(new_conns, new_conn);
2943 
2944  log_notice(LD_NET, "Closed no-longer-configured %s on %s:%d "
2945  "(replaced by %s:%d)",
2946  conn_type_to_string(old_conn->type), old_conn->address,
2947  old_conn->port, new_conn->address, new_conn->port);
2948  } SMARTLIST_FOREACH_END(r);
2949 #endif
2950 
2951  /* Any members that were still in 'listeners' don't correspond to
2952  * any configured port. Kill 'em. */
2953  SMARTLIST_FOREACH_BEGIN(listeners, connection_t *, conn) {
2954  log_notice(LD_NET, "Closing no-longer-configured %s on %s:%d",
2955  conn_type_to_string(conn->type), conn->address, conn->port);
2957  connection_mark_for_close(conn);
2958  } SMARTLIST_FOREACH_END(conn);
2959 
2960  smartlist_free(listeners);
2961  /* Cleanup any remaining listener replacement. */
2962  SMARTLIST_FOREACH(replacements, listener_replacement_t *, r, tor_free(r));
2963  smartlist_free(replacements);
2964 
2965  if (old_or_port != router_get_advertised_or_port(options) ||
2966  old_or_port_ipv6 != router_get_advertised_or_port_by_af(options,
2967  AF_INET6) ||
2968  old_dir_port != router_get_advertised_dir_port(options, 0)) {
2969  /* Our chosen ORPort or DirPort is not what it used to be: the
2970  * descriptor we had (if any) should be regenerated. (We won't
2971  * automatically notice this because of changes in the option,
2972  * since the value could be "auto".) */
2973  mark_my_descriptor_dirty("Chosen Or/DirPort changed");
2974  }
2975 
2976  return retval;
2977 }
2978 
2980 void
2982 {
2983  SMARTLIST_FOREACH_BEGIN(get_connection_array(), connection_t *, conn) {
2984  if (conn->marked_for_close)
2985  continue;
2986  if (conn->type == CONN_TYPE_CONTROL_LISTENER)
2987  continue;
2988  if (connection_is_listener(conn))
2989  connection_mark_for_close(conn);
2990  } SMARTLIST_FOREACH_END(conn);
2991 }
2992 
2994 void
2996 {
2997  SMARTLIST_FOREACH_BEGIN(get_connection_array(), connection_t *, conn) {
2998  if (conn->marked_for_close)
2999  continue;
3000  switch (conn->type) {
3002  case CONN_TYPE_CONTROL:
3003  break;
3004  case CONN_TYPE_AP:
3005  connection_mark_unattached_ap(TO_ENTRY_CONN(conn),
3006  END_STREAM_REASON_HIBERNATING);
3007  break;
3008  case CONN_TYPE_OR:
3009  {
3010  or_connection_t *orconn = TO_OR_CONN(conn);
3011  if (orconn->chan) {
3012  connection_or_close_normally(orconn, 0);
3013  } else {
3014  /*
3015  * There should have been one, but mark for close and hope
3016  * for the best..
3017  */
3018  connection_mark_for_close(conn);
3019  }
3020  }
3021  break;
3022  default:
3023  connection_mark_for_close(conn);
3024  break;
3025  }
3026  } SMARTLIST_FOREACH_END(conn);
3027 }
3028 
3035 static int
3037 {
3038  const or_options_t *options = get_options();
3039  if (conn->linked)
3040  return 0; /* Internal connection */
3041  else if (! options->CountPrivateBandwidth &&
3042  (tor_addr_family(&conn->addr) == AF_UNSPEC || /* no address */
3043  tor_addr_family(&conn->addr) == AF_UNIX || /* no address */
3044  tor_addr_is_internal(&conn->addr, 0)))
3045  return 0; /* Internal address */
3046  else
3047  return 1;
3048 }
3049 
3053 static time_t write_buckets_last_empty_at = -100;
3054 
3057 #define CLIENT_IDLE_TIME_FOR_PRIORITY 30
3058 
3063 static int
3065 {
3066  if (conn->type == CONN_TYPE_OR &&
3069  return 1;
3070  if (conn->type == CONN_TYPE_DIR && DIR_CONN_IS_SERVER(conn))
3071  return 1;
3072  return 0;
3073 }
3074 
3080 static ssize_t
3081 connection_bucket_get_share(int base, int priority,
3082  ssize_t global_bucket_val, ssize_t conn_bucket)
3083 {
3084  ssize_t at_most;
3085  ssize_t num_bytes_high = (priority ? 32 : 16) * base;
3086  ssize_t num_bytes_low = (priority ? 4 : 2) * base;
3087 
3088  /* Do a rudimentary limiting so one circuit can't hog a connection.
3089  * Pick at most 32 cells, at least 4 cells if possible, and if we're in
3090  * the middle pick 1/8 of the available bandwidth. */
3091  at_most = global_bucket_val / 8;
3092  at_most -= (at_most % base); /* round down */
3093  if (at_most > num_bytes_high) /* 16 KB, or 8 KB for low-priority */
3094  at_most = num_bytes_high;
3095  else if (at_most < num_bytes_low) /* 2 KB, or 1 KB for low-priority */
3096  at_most = num_bytes_low;
3097 
3098  if (at_most > global_bucket_val)
3099  at_most = global_bucket_val;
3100 
3101  if (conn_bucket >= 0 && at_most > conn_bucket)
3102  at_most = conn_bucket;
3103 
3104  if (at_most < 0)
3105  return 0;
3106  return at_most;
3107 }
3108 
3110 static ssize_t
3112 {
3113  int base = RELAY_PAYLOAD_SIZE;
3114  int priority = conn->type != CONN_TYPE_DIR;
3115  ssize_t conn_bucket = -1;
3116  size_t global_bucket_val = token_bucket_rw_get_read(&global_bucket);
3117 
3118  if (connection_speaks_cells(conn)) {
3119  or_connection_t *or_conn = TO_OR_CONN(conn);
3120  if (conn->state == OR_CONN_STATE_OPEN)
3121  conn_bucket = token_bucket_rw_get_read(&or_conn->bucket);
3122  base = get_cell_network_size(or_conn->wide_circ_ids);
3123  }
3124 
3125  if (!connection_is_rate_limited(conn)) {
3126  /* be willing to read on local conns even if our buckets are empty */
3127  return conn_bucket>=0 ? conn_bucket : 1<<14;
3128  }
3129 
3130  if (connection_counts_as_relayed_traffic(conn, now)) {
3131  size_t relayed = token_bucket_rw_get_read(&global_relayed_bucket);
3132  global_bucket_val = MIN(global_bucket_val, relayed);
3133  }
3134 
3135  return connection_bucket_get_share(base, priority,
3136  global_bucket_val, conn_bucket);
3137 }
3138 
3140 ssize_t
3142 {
3143  int base = RELAY_PAYLOAD_SIZE;
3144  int priority = conn->type != CONN_TYPE_DIR;
3145  size_t conn_bucket = conn->outbuf_flushlen;
3146  size_t global_bucket_val = token_bucket_rw_get_write(&global_bucket);
3147 
3148  if (!connection_is_rate_limited(conn)) {
3149  /* be willing to write to local conns even if our buckets are empty */
3150  return conn->outbuf_flushlen;
3151  }
3152 
3153  if (connection_speaks_cells(conn)) {
3154  /* use the per-conn write limit if it's lower */
3155  or_connection_t *or_conn = TO_OR_CONN(conn);
3156  if (conn->state == OR_CONN_STATE_OPEN)
3157  conn_bucket = MIN(conn_bucket,
3158  token_bucket_rw_get_write(&or_conn->bucket));
3159  base = get_cell_network_size(or_conn->wide_circ_ids);
3160  }
3161 
3162  if (connection_counts_as_relayed_traffic(conn, now)) {
3163  size_t relayed = token_bucket_rw_get_write(&global_relayed_bucket);
3164  global_bucket_val = MIN(global_bucket_val, relayed);
3165  }
3166 
3167  return connection_bucket_get_share(base, priority,
3168  global_bucket_val, conn_bucket);
3169 }
3170 
3190 int
3191 global_write_bucket_low(connection_t *conn, size_t attempt, int priority)
3192 {
3193  size_t smaller_bucket =
3194  MIN(token_bucket_rw_get_write(&global_bucket),
3195  token_bucket_rw_get_write(&global_relayed_bucket));
3196  if (authdir_mode(get_options()) && priority>1)
3197  return 0; /* there's always room to answer v2 if we're an auth dir */
3198 
3199  if (!connection_is_rate_limited(conn))
3200  return 0; /* local conns don't get limited */
3201 
3202  if (smaller_bucket < attempt)
3203  return 1; /* not enough space no matter the priority */
3204 
3205  {
3206  const time_t diff = approx_time() - write_buckets_last_empty_at;
3207  if (diff <= 1)
3208  return 1; /* we're already hitting our limits, no more please */
3209  }
3210 
3211  if (priority == 1) { /* old-style v1 query */
3212  /* Could we handle *two* of these requests within the next two seconds? */
3213  const or_options_t *options = get_options();
3214  size_t can_write = (size_t) (smaller_bucket
3215  + 2*(options->RelayBandwidthRate ? options->RelayBandwidthRate :
3216  options->BandwidthRate));
3217  if (can_write < 2*attempt)
3218  return 1;
3219  } else { /* v2 query */
3220  /* no further constraints yet */
3221  }
3222  return 0;
3223 }
3224 
3228 
3232 static void
3234  time_t now, size_t num_read, size_t num_written)
3235 {
3236  /* Count bytes of answering direct and tunneled directory requests */
3237  if (conn->type == CONN_TYPE_DIR && conn->purpose == DIR_PURPOSE_SERVER) {
3238  if (num_read > 0)
3239  rep_hist_note_dir_bytes_read(num_read, now);
3240  if (num_written > 0)
3241  rep_hist_note_dir_bytes_written(num_written, now);
3242  }
3243 
3244  if (!connection_is_rate_limited(conn))
3245  return; /* local IPs are free */
3246 
3247  if (conn->type == CONN_TYPE_OR)
3249  num_written, now);
3250 
3251  if (num_read > 0) {
3252  rep_hist_note_bytes_read(num_read, now);
3253  }
3254  if (num_written > 0) {
3255  rep_hist_note_bytes_written(num_written, now);
3256  }
3257  if (conn->type == CONN_TYPE_EXIT)
3258  rep_hist_note_exit_bytes(conn->port, num_written, num_read);
3259 
3260  /* Remember these bytes towards statistics. */
3261  stats_increment_bytes_read_and_written(num_read, num_written);
3262 
3263  /* Remember these bytes towards accounting. */
3264  if (accounting_is_enabled(get_options())) {
3266  accounting_add_bytes(num_read, num_written,
3267  (int)(now - last_recorded_accounting_at));
3268  } else {
3269  accounting_add_bytes(num_read, num_written, 0);
3270  }
3272  }
3273 }
3274 
3277 static void
3279  size_t num_read, size_t num_written)
3280 {
3281  if (num_written >= INT_MAX || num_read >= INT_MAX) {
3282  log_err(LD_BUG, "Value out of range. num_read=%lu, num_written=%lu, "
3283  "connection type=%s, state=%s",
3284  (unsigned long)num_read, (unsigned long)num_written,
3285  conn_type_to_string(conn->type),
3286  conn_state_to_string(conn->type, conn->state));
3287  tor_assert_nonfatal_unreached();
3288  if (num_written >= INT_MAX)
3289  num_written = 1;
3290  if (num_read >= INT_MAX)
3291  num_read = 1;
3292  }
3293 
3294  record_num_bytes_transferred_impl(conn, now, num_read, num_written);
3295 
3296  if (!connection_is_rate_limited(conn))
3297  return; /* local IPs are free */
3298 
3299  unsigned flags = 0;
3300  if (connection_counts_as_relayed_traffic(conn, now)) {
3301  flags = token_bucket_rw_dec(&global_relayed_bucket, num_read, num_written);
3302  }
3303  flags |= token_bucket_rw_dec(&global_bucket, num_read, num_written);
3304 
3305  if (flags & TB_WRITE) {
3307  }
3308  if (connection_speaks_cells(conn) && conn->state == OR_CONN_STATE_OPEN) {
3309  or_connection_t *or_conn = TO_OR_CONN(conn);
3310  token_bucket_rw_dec(&or_conn->bucket, num_read, num_written);
3311  }
3312 }
3313 
3320 void
3322 {
3323  (void)is_global_bw;
3324  conn->read_blocked_on_bw = 1;
3325  connection_stop_reading(conn);
3327 }
3328 
3335 void
3337 {
3338  (void)is_global_bw;
3339  conn->write_blocked_on_bw = 1;
3340  connection_stop_writing(conn);
3342 }
3343 
3346 void
3348 {
3349  const char *reason;
3350 
3351  if (!connection_is_rate_limited(conn))
3352  return; /* Always okay. */
3353 
3354  int is_global = 1;
3355 
3356  if (token_bucket_rw_get_read(&global_bucket) <= 0) {
3357  reason = "global read bucket exhausted. Pausing.";
3358  } else if (connection_counts_as_relayed_traffic(conn, approx_time()) &&
3359  token_bucket_rw_get_read(&global_relayed_bucket) <= 0) {
3360  reason = "global relayed read bucket exhausted. Pausing.";
3361  } else if (connection_speaks_cells(conn) &&
3362  conn->state == OR_CONN_STATE_OPEN &&
3363  token_bucket_rw_get_read(&TO_OR_CONN(conn)->bucket) <= 0) {
3364  reason = "connection read bucket exhausted. Pausing.";
3365  is_global = false;
3366  } else
3367  return; /* all good, no need to stop it */
3368 
3369  LOG_FN_CONN(conn, (LOG_DEBUG, LD_NET, "%s", reason));
3370  connection_read_bw_exhausted(conn, is_global);
3371 }
3372 
3375 void
3377 {
3378  const char *reason;
3379 
3380  if (!connection_is_rate_limited(conn))
3381  return; /* Always okay. */
3382 
3383  bool is_global = true;
3384  if (token_bucket_rw_get_write(&global_bucket) <= 0) {
3385  reason = "global write bucket exhausted. Pausing.";
3386  } else if (connection_counts_as_relayed_traffic(conn, approx_time()) &&
3387  token_bucket_rw_get_write(&global_relayed_bucket) <= 0) {
3388  reason = "global relayed write bucket exhausted. Pausing.";
3389  } else if (connection_speaks_cells(conn) &&
3390  conn->state == OR_CONN_STATE_OPEN &&
3391  token_bucket_rw_get_write(&TO_OR_CONN(conn)->bucket) <= 0) {
3392  reason = "connection write bucket exhausted. Pausing.";
3393  is_global = false;
3394  } else
3395  return; /* all good, no need to stop it */
3396 
3397  LOG_FN_CONN(conn, (LOG_DEBUG, LD_NET, "%s", reason));
3398  connection_write_bw_exhausted(conn, is_global);
3399 }
3400 
3403 void
3405 {
3406  const or_options_t *options = get_options();
3407  const uint32_t now_ts = monotime_coarse_get_stamp();
3408  token_bucket_rw_init(&global_bucket,
3409  (int32_t)options->BandwidthRate,
3410  (int32_t)options->BandwidthBurst,
3411  now_ts);
3412  if (options->RelayBandwidthRate) {
3413  token_bucket_rw_init(&global_relayed_bucket,
3414  (int32_t)options->RelayBandwidthRate,
3415  (int32_t)options->RelayBandwidthBurst,
3416  now_ts);
3417  } else {
3418  token_bucket_rw_init(&global_relayed_bucket,
3419  (int32_t)options->BandwidthRate,
3420  (int32_t)options->BandwidthBurst,
3421  now_ts);
3422  }
3423 
3425 }
3426 
3428 void
3430 {
3431  token_bucket_rw_adjust(&global_bucket,
3432  (int32_t)options->BandwidthRate,
3433  (int32_t)options->BandwidthBurst);
3434  if (options->RelayBandwidthRate) {
3435  token_bucket_rw_adjust(&global_relayed_bucket,
3436  (int32_t)options->RelayBandwidthRate,
3437  (int32_t)options->RelayBandwidthBurst);
3438  } else {
3439  token_bucket_rw_adjust(&global_relayed_bucket,
3440  (int32_t)options->BandwidthRate,
3441  (int32_t)options->BandwidthBurst);
3442  }
3443 }
3444 
3455 static void
3457 {
3458  /* Note that we only check for equality here: the underlying
3459  * token bucket functions can handle moving backwards in time if they
3460  * need to. */
3461  if (now_ts != last_refilled_global_buckets_ts) {
3462  token_bucket_rw_refill(&global_bucket, now_ts);
3463  token_bucket_rw_refill(&global_relayed_bucket, now_ts);
3465  }
3466 
3467  if (connection_speaks_cells(conn) && conn->state == OR_CONN_STATE_OPEN) {
3468  or_connection_t *or_conn = TO_OR_CONN(conn);
3469  token_bucket_rw_refill(&or_conn->bucket, now_ts);
3470  }
3471 }
3472 
3478 
3481 
3484 
3490 static void
3492 {
3493  (void)ev;
3494  (void)arg;
3495  SMARTLIST_FOREACH_BEGIN(get_connection_array(), connection_t *, conn) {
3496  if (conn->read_blocked_on_bw == 1) {
3497  connection_start_reading(conn);
3498  conn->read_blocked_on_bw = 0;
3499  }
3500  if (conn->write_blocked_on_bw == 1) {
3501  connection_start_writing(conn);
3502  conn->write_blocked_on_bw = 0;
3503  }
3504  } SMARTLIST_FOREACH_END(conn);
3505 
3507 }
3508 
3513 static void
3515 {
3520  }
3521  time_t sec = options->TokenBucketRefillInterval / 1000;
3522  int msec = (options->TokenBucketRefillInterval % 1000);
3524  reenable_blocked_connections_delay.tv_usec = msec * 1000;
3525 }
3526 
3532 static void
3534 {
3536  return;
3537  if (BUG(reenable_blocked_connections_ev == NULL)) {
3538  reenable_blocked_connection_init(get_options());
3539  }
3543 }
3544 
3553 static int
3555 {
3556  ssize_t max_to_read=-1, try_to_read;
3557  size_t before, n_read = 0;
3558  int socket_error = 0;
3559 
3560  if (conn->marked_for_close)
3561  return 0; /* do nothing */
3562 
3564 
3566 
3567  switch (conn->type) {
3568  case CONN_TYPE_OR_LISTENER:
3572  case CONN_TYPE_AP_LISTENER:
3582  /* This should never happen; eventdns.c handles the reads here. */
3584  return 0;
3585  }
3586 
3587  loop_again:
3588  try_to_read = max_to_read;
3589  tor_assert(!conn->marked_for_close);
3590 
3591  before = buf_datalen(conn->inbuf);
3592  if (connection_buf_read_from_socket(conn, &max_to_read, &socket_error) < 0) {
3593  /* There's a read error; kill the connection.*/
3594  if (conn->type == CONN_TYPE_OR) {
3596  socket_error != 0 ?
3597  errno_to_orconn_end_reason(socket_error) :
3598  END_OR_CONN_REASON_CONNRESET,
3599  socket_error != 0 ?
3600  tor_socket_strerror(socket_error) :
3601  "(unknown, errno was 0)");
3602  }
3603  if (CONN_IS_EDGE(conn)) {
3604  edge_connection_t *edge_conn = TO_EDGE_CONN(conn);
3605  connection_edge_end_errno(edge_conn);
3606  if (conn->type == CONN_TYPE_AP && TO_ENTRY_CONN(conn)->socks_request) {
3607  /* broken, don't send a socks reply back */
3608  TO_ENTRY_CONN(conn)->socks_request->has_finished = 1;
3609  }
3610  }
3611  connection_close_immediate(conn); /* Don't flush; connection is dead. */
3612  /*
3613  * This can bypass normal channel checking since we did
3614  * connection_or_notify_error() above.
3615  */
3616  connection_mark_for_close_internal(conn);
3617  return -1;
3618  }
3619  n_read += buf_datalen(conn->inbuf) - before;
3620  if (CONN_IS_EDGE(conn) && try_to_read != max_to_read) {
3621  /* instruct it not to try to package partial cells. */
3622  if (connection_process_inbuf(conn, 0) < 0) {
3623  return -1;
3624  }
3625  if (!conn->marked_for_close &&
3626  connection_is_reading(conn) &&
3627  !conn->inbuf_reached_eof &&
3628  max_to_read > 0)
3629  goto loop_again; /* try reading again, in case more is here now */
3630  }
3631  /* one last try, packaging partial cells and all. */
3632  if (!conn->marked_for_close &&
3633  connection_process_inbuf(conn, 1) < 0) {
3634  return -1;
3635  }
3636  if (conn->linked_conn) {
3637  /* The other side's handle_write() will never actually get called, so
3638  * we need to invoke the appropriate callbacks ourself. */
3639  connection_t *linked = conn->linked_conn;
3640 
3641  if (n_read) {
3642  /* Probably a no-op, since linked conns typically don't count for
3643  * bandwidth rate limiting. But do it anyway so we can keep stats
3644  * accurately. Note that since we read the bytes from conn, and
3645  * we're writing the bytes onto the linked connection, we count
3646  * these as <i>written</i> bytes. */
3647  connection_buckets_decrement(linked, approx_time(), 0, n_read);
3648 
3649  if (connection_flushed_some(linked) < 0)
3650  connection_mark_for_close(linked);
3651  if (!connection_wants_to_flush(linked))
3653  }
3654 
3655  if (!buf_datalen(linked->outbuf) && conn->active_on_link)
3657  }
3658  /* If we hit the EOF, call connection_reached_eof(). */
3659  if (!conn->marked_for_close &&
3660  conn->inbuf_reached_eof &&
3661  connection_reached_eof(conn) < 0) {
3662  return -1;
3663  }
3664  return 0;
3665 }
3666 
3667 /* DOCDOC connection_handle_read */
3668 int
3669 connection_handle_read(connection_t *conn)
3670 {
3671  int res;
3672  update_current_time(time(NULL));
3673  res = connection_handle_read_impl(conn);
3674  return res;
3675 }
3676 
3687 static int
3688 connection_buf_read_from_socket(connection_t *conn, ssize_t *max_to_read,
3689  int *socket_error)
3690 {
3691  int result;
3692  ssize_t at_most = *max_to_read;
3693  size_t slack_in_buf, more_to_read;
3694  size_t n_read = 0, n_written = 0;
3695 
3696  if (at_most == -1) { /* we need to initialize it */
3697  /* how many bytes are we allowed to read? */
3698  at_most = connection_bucket_read_limit(conn, approx_time());
3699  }
3700 
3701  slack_in_buf = buf_slack(conn->inbuf);
3702  again:
3703  if ((size_t)at_most > slack_in_buf && slack_in_buf >= 1024) {
3704  more_to_read = at_most - slack_in_buf;
3705  at_most = slack_in_buf;
3706  } else {
3707  more_to_read = 0;
3708  }
3709 
3710  if (connection_speaks_cells(conn) &&
3712  int pending;
3713  or_connection_t *or_conn = TO_OR_CONN(conn);
3714  size_t initial_size;
3715  if (conn->state == OR_CONN_STATE_TLS_HANDSHAKING ||
3717  /* continue handshaking even if global token bucket is empty */
3718  return connection_tls_continue_handshake(or_conn);
3719  }
3720 
3721  log_debug(LD_NET,
3722  "%d: starting, inbuf_datalen %ld (%d pending in tls object)."
3723  " at_most %ld.",
3724  (int)conn->s,(long)buf_datalen(conn->inbuf),
3725  tor_tls_get_pending_bytes(or_conn->tls), (long)at_most);
3726 
3727  initial_size = buf_datalen(conn->inbuf);
3728  /* else open, or closing */
3729  result = buf_read_from_tls(conn->inbuf, or_conn->tls, at_most);
3730  if (TOR_TLS_IS_ERROR(result) || result == TOR_TLS_CLOSE)
3731  or_conn->tls_error = result;
3732  else
3733  or_conn->tls_error = 0;
3734 
3735  switch (result) {
3736  case TOR_TLS_CLOSE:
3737  case TOR_TLS_ERROR_IO:
3738  log_debug(LD_NET,"TLS connection closed %son read. Closing. "
3739  "(Nickname %s, address %s)",
3740  result == TOR_TLS_CLOSE ? "cleanly " : "",
3741  or_conn->nickname ? or_conn->nickname : "not set",
3742  conn->address);
3743  return result;
3745  log_debug(LD_NET,"tls error [%s]. breaking (nickname %s, address %s).",
3746  tor_tls_err_to_string(result),
3747  or_conn->nickname ? or_conn->nickname : "not set",
3748  conn->address);
3749  return result;
3750  case TOR_TLS_WANTWRITE:
3751  connection_start_writing(conn);
3752  return 0;
3753  case TOR_TLS_WANTREAD:
3754  if (conn->in_connection_handle_write) {
3755  /* We've been invoked from connection_handle_write, because we're
3756  * waiting for a TLS renegotiation, the renegotiation started, and
3757  * SSL_read returned WANTWRITE. But now SSL_read is saying WANTREAD
3758  * again. Stop waiting for write events now, or else we'll
3759  * busy-loop until data arrives for us to read.
3760  * XXX: remove this when v2 handshakes support is dropped. */
3761  connection_stop_writing(conn);
3762  if (!connection_is_reading(conn))
3763  connection_start_reading(conn);
3764  }
3765  /* we're already reading, one hopes */
3766  break;
3767  case TOR_TLS_DONE: /* no data read, so nothing to process */
3768  break; /* so we call bucket_decrement below */
3769  default:
3770  break;
3771  }
3772  pending = tor_tls_get_pending_bytes(or_conn->tls);
3773  if (pending) {
3774  /* If we have any pending bytes, we read them now. This *can*
3775  * take us over our read allotment, but really we shouldn't be
3776  * believing that SSL bytes are the same as TCP bytes anyway. */
3777  int r2 = buf_read_from_tls(conn->inbuf, or_conn->tls, pending);
3778  if (BUG(r2<0)) {
3779  log_warn(LD_BUG, "apparently, reading pending bytes can fail.");
3780  return -1;
3781  }
3782  }
3783  result = (int)(buf_datalen(conn->inbuf)-initial_size);
3784  tor_tls_get_n_raw_bytes(or_conn->tls, &n_read, &n_written);
3785  log_debug(LD_GENERAL, "After TLS read of %d: %ld read, %ld written",
3786  result, (long)n_read, (long)n_written);
3787  } else if (conn->linked) {
3788  if (conn->linked_conn) {
3789  result = buf_move_to_buf(conn->inbuf, conn->linked_conn->outbuf,
3790  &conn->linked_conn->outbuf_flushlen);
3791  } else {
3792  result = 0;
3793  }
3794  //log_notice(LD_GENERAL, "Moved %d bytes on an internal link!", result);
3795  /* If the other side has disappeared, or if it's been marked for close and
3796  * we flushed its outbuf, then we should set our inbuf_reached_eof. */
3797  if (!conn->linked_conn ||
3798  (conn->linked_conn->marked_for_close &&
3799  buf_datalen(conn->linked_conn->outbuf) == 0))
3800  conn->inbuf_reached_eof = 1;
3801 
3802  n_read = (size_t) result;
3803  } else {
3804  /* !connection_speaks_cells, !conn->linked_conn. */
3805  int reached_eof = 0;
3806  CONN_LOG_PROTECT(conn,
3807  result = buf_read_from_socket(conn->inbuf, conn->s,
3808  at_most,
3809  &reached_eof,
3810  socket_error));
3811  if (reached_eof)
3812  conn->inbuf_reached_eof = 1;
3813 
3814 // log_fn(LOG_DEBUG,"read_to_buf returned %d.",read_result);
3815 
3816  if (result < 0)
3817  return -1;
3818  n_read = (size_t) result;
3819  }
3820 
3821  if (n_read > 0) {
3822  /* change *max_to_read */
3823  *max_to_read = at_most - n_read;
3824 
3825  /* Update edge_conn->n_read */
3826  if (conn->type == CONN_TYPE_AP) {
3827  edge_connection_t *edge_conn = TO_EDGE_CONN(conn);
3828 
3829  /* Check for overflow: */
3830  if (PREDICT_LIKELY(UINT32_MAX - edge_conn->n_read > n_read))
3831  edge_conn->n_read += (int)n_read;
3832  else
3833  edge_conn->n_read = UINT32_MAX;
3834  }
3835 
3836  /* If CONN_BW events are enabled, update conn->n_read_conn_bw for
3837  * OR/DIR/EXIT connections, checking for overflow. */
3838  if (get_options()->TestingEnableConnBwEvent &&
3839  (conn->type == CONN_TYPE_OR ||
3840  conn->type == CONN_TYPE_DIR ||
3841  conn->type == CONN_TYPE_EXIT)) {
3842  if (PREDICT_LIKELY(UINT32_MAX - conn->n_read_conn_bw > n_read))
3843  conn->n_read_conn_bw += (int)n_read;
3844  else
3845  conn->n_read_conn_bw = UINT32_MAX;
3846  }
3847  }
3848 
3849  connection_buckets_decrement(conn, approx_time(), n_read, n_written);
3850 
3851  if (more_to_read && result == at_most) {
3852  slack_in_buf = buf_slack(conn->inbuf);
3853  at_most = more_to_read;
3854  goto again;
3855  }
3856 
3857  /* Call even if result is 0, since the global read bucket may
3858  * have reached 0 on a different conn, and this connection needs to
3859  * know to stop reading. */
3861  if (n_written > 0 && connection_is_writing(conn))
3863 
3864  return 0;
3865 }
3866 
3868 int
3869 connection_buf_get_bytes(char *string, size_t len, connection_t *conn)
3870 {
3871  return buf_get_bytes(conn->inbuf, string, len);
3872 }
3873 
3875 int
3877  size_t *data_len)
3878 {
3879  return buf_get_line(conn->inbuf, data, data_len);
3880 }
3881 
3884 int
3886  char **headers_out, size_t max_headerlen,
3887  char **body_out, size_t *body_used,
3888  size_t max_bodylen, int force_complete)
3889 {
3890  return fetch_from_buf_http(conn->inbuf, headers_out, max_headerlen,
3891  body_out, body_used, max_bodylen, force_complete);
3892 }
3893 
3896 int
3898 {
3899  return conn->outbuf_flushlen > 0;
3900 }
3901 
3906 int
3908 {
3909  return (conn->outbuf_flushlen > 10*CELL_PAYLOAD_SIZE);
3910 }
3911 
3918 static void
3920 {
3921 #ifdef _WIN32
3922  /* We only do this on Vista and 7, because earlier versions of Windows
3923  * don't have the SIO_IDEAL_SEND_BACKLOG_QUERY functionality, and on
3924  * later versions it isn't necessary. */
3925  static int isVistaOr7 = -1;
3926  if (isVistaOr7 == -1) {
3927  isVistaOr7 = 0;
3928  OSVERSIONINFO osvi = { 0 };
3929  osvi.dwOSVersionInfoSize = sizeof(OSVERSIONINFO);
3930  GetVersionEx(&osvi);
3931  if (osvi.dwMajorVersion == 6 && osvi.dwMinorVersion < 2)
3932  isVistaOr7 = 1;
3933  }
3934  if (!isVistaOr7)
3935  return;
3936  if (get_options()->ConstrainedSockets)
3937  return;
3938  ULONG isb = 0;
3939  DWORD bytesReturned = 0;
3940  if (!WSAIoctl(sock, SIO_IDEAL_SEND_BACKLOG_QUERY, NULL, 0,
3941  &isb, sizeof(isb), &bytesReturned, NULL, NULL)) {
3942  setsockopt(sock, SOL_SOCKET, SO_SNDBUF, (const char*)&isb, sizeof(isb));
3943  }
3944 #else
3945  (void) sock;
3946 #endif
3947 }
3948 
3967 static int
3969 {
3970  int e;
3971  socklen_t len=(socklen_t)sizeof(e);
3972  int result;
3973  ssize_t max_to_write;
3974  time_t now = approx_time();
3975  size_t n_read = 0, n_written = 0;
3976  int dont_stop_writing = 0;
3977 
3979 
3980  if (conn->marked_for_close || !SOCKET_OK(conn->s))
3981  return 0; /* do nothing */
3982 
3983  if (conn->in_flushed_some) {
3984  log_warn(LD_BUG, "called recursively from inside conn->in_flushed_some");
3985  return 0;
3986  }
3987 
3988  conn->timestamp_last_write_allowed = now;
3989 
3991 
3992  /* Sometimes, "writable" means "connected". */
3993  if (connection_state_is_connecting(conn)) {
3994  if (getsockopt(conn->s, SOL_SOCKET, SO_ERROR, (void*)&e, &len) < 0) {
3995  log_warn(LD_BUG, "getsockopt() syscall failed");
3996  if (conn->type == CONN_TYPE_OR) {
3997  or_connection_t *orconn = TO_OR_CONN(conn);
3998  connection_or_close_for_error(orconn, 0);
3999  } else {
4000  if (CONN_IS_EDGE(conn)) {
4002  }
4003  connection_mark_for_close(conn);
4004  }
4005  return -1;
4006  }
4007  if (e) {
4008  /* some sort of error, but maybe just inprogress still */
4009  if (!ERRNO_IS_CONN_EINPROGRESS(e)) {
4010  log_info(LD_NET,"in-progress connect failed. Removing. (%s)",
4011  tor_socket_strerror(e));
4012  if (CONN_IS_EDGE(conn))
4014  if (conn->type == CONN_TYPE_OR)
4017  tor_socket_strerror(e));
4018 
4020  /*
4021  * This can bypass normal channel checking since we did
4022  * connection_or_notify_error() above.
4023  */
4024  connection_mark_for_close_internal(conn);
4025  return -1;
4026  } else {
4027  return 0; /* no change, see if next time is better */
4028  }
4029  }
4030  /* The connection is successful. */
4031  if (connection_finished_connecting(conn)<0)
4032  return -1;
4033  }
4034 
4035  max_to_write = force ? (ssize_t)conn->outbuf_flushlen
4036  : connection_bucket_write_limit(conn, now);
4037 
4038  if (connection_speaks_cells(conn) &&
4040  or_connection_t *or_conn = TO_OR_CONN(conn);
4041  size_t initial_size;
4042  if (conn->state == OR_CONN_STATE_TLS_HANDSHAKING ||
4044  connection_stop_writing(conn);
4045  if (connection_tls_continue_handshake(or_conn) < 0) {
4046  /* Don't flush; connection is dead. */
4048  END_OR_CONN_REASON_MISC,
4049  "TLS error in connection_tls_"
4050  "continue_handshake()");
4052  /*
4053  * This can bypass normal channel checking since we did
4054  * connection_or_notify_error() above.
4055  */
4056  connection_mark_for_close_internal(conn);
4057  return -1;
4058  }
4059  return 0;
4060  } else if (conn->state == OR_CONN_STATE_TLS_SERVER_RENEGOTIATING) {
4061  return connection_handle_read(conn);
4062  }
4063 
4064  /* else open, or closing */
4065  initial_size = buf_datalen(conn->outbuf);
4066  result = buf_flush_to_tls(conn->outbuf, or_conn->tls,
4067  max_to_write, &conn->outbuf_flushlen);
4068 
4069  if (result >= 0)
4070  update_send_buffer_size(conn->s);
4071 
4072  /* If we just flushed the last bytes, tell the channel on the
4073  * or_conn to check if it needs to geoip_change_dirreq_state() */
4074  /* XXXX move this to flushed_some or finished_flushing -NM */
4075  if (buf_datalen(conn->outbuf) == 0 && or_conn->chan)
4076  channel_notify_flushed(TLS_CHAN_TO_BASE(or_conn->chan));
4077 
4078  switch (result) {
4080  case TOR_TLS_CLOSE:
4081  log_info(LD_NET, result != TOR_TLS_CLOSE ?
4082  "tls error. breaking.":"TLS connection closed on flush");
4083  /* Don't flush; connection is dead. */
4085  END_OR_CONN_REASON_MISC,
4086  result != TOR_TLS_CLOSE ?
4087  "TLS error in during flush" :
4088  "TLS closed during flush");
4090  /*
4091  * This can bypass normal channel checking since we did
4092  * connection_or_notify_error() above.
4093  */
4094  connection_mark_for_close_internal(conn);
4095  return -1;
4096  case TOR_TLS_WANTWRITE:
4097  log_debug(LD_NET,"wanted write.");
4098  /* we're already writing */
4099  dont_stop_writing = 1;
4100  break;
4101  case TOR_TLS_WANTREAD:
4102  /* Make sure to avoid a loop if the receive buckets are empty. */
4103  log_debug(LD_NET,"wanted read.");
4104  if (!connection_is_reading(conn)) {
4105  connection_write_bw_exhausted(conn, true);
4106  /* we'll start reading again when we get more tokens in our
4107  * read bucket; then we'll start writing again too.
4108  */
4109  }
4110  /* else no problem, we're already reading */
4111  return 0;
4112  /* case TOR_TLS_DONE:
4113  * for TOR_TLS_DONE, fall through to check if the flushlen
4114  * is empty, so we can stop writing.
4115  */
4116  }
4117 
4118  tor_tls_get_n_raw_bytes(or_conn->tls, &n_read, &n_written);
4119  log_debug(LD_GENERAL, "After TLS write of %d: %ld read, %ld written",
4120  result, (long)n_read, (long)n_written);
4121  or_conn->bytes_xmitted += result;
4122  or_conn->bytes_xmitted_by_tls += n_written;
4123  /* So we notice bytes were written even on error */
4124  /* XXXX This cast is safe since we can never write INT_MAX bytes in a
4125  * single set of TLS operations. But it looks kinda ugly. If we refactor
4126  * the *_buf_tls functions, we should make them return ssize_t or size_t
4127  * or something. */
4128  result = (int)(initial_size-buf_datalen(conn->outbuf));
4129  } else {
4130  CONN_LOG_PROTECT(conn,
4131  result = buf_flush_to_socket(conn->outbuf, conn->s,
4132  max_to_write, &conn->outbuf_flushlen));
4133  if (result < 0) {
4134  if (CONN_IS_EDGE(conn))
4136  if (conn->type == CONN_TYPE_AP) {
4137  /* writing failed; we couldn't send a SOCKS reply if we wanted to */
4138  TO_ENTRY_CONN(conn)->socks_request->has_finished = 1;
4139  }
4140 
4141  connection_close_immediate(conn); /* Don't flush; connection is dead. */
4142  connection_mark_for_close(conn);
4143  return -1;
4144  }
4145  update_send_buffer_size(conn->s);
4146  n_written = (size_t) result;
4147  }
4148 
4149  if (n_written && conn->type == CONN_TYPE_AP) {
4150  edge_connection_t *edge_conn = TO_EDGE_CONN(conn);
4151 
4152  /* Check for overflow: */
4153  if (PREDICT_LIKELY(UINT32_MAX - edge_conn->n_written > n_written))
4154  edge_conn->n_written += (int)n_written;
4155  else
4156  edge_conn->n_written = UINT32_MAX;
4157  }
4158 
4159  /* If CONN_BW events are enabled, update conn->n_written_conn_bw for
4160  * OR/DIR/EXIT connections, checking for overflow. */
4161  if (n_written && get_options()->TestingEnableConnBwEvent &&
4162  (conn->type == CONN_TYPE_OR ||
4163  conn->type == CONN_TYPE_DIR ||
4164  conn->type == CONN_TYPE_EXIT)) {
4165  if (PREDICT_LIKELY(UINT32_MAX - conn->n_written_conn_bw > n_written))
4166  conn->n_written_conn_bw += (int)n_written;
4167  else
4168  conn->n_written_conn_bw = UINT32_MAX;
4169  }
4170 
4171  connection_buckets_decrement(conn, approx_time(), n_read, n_written);
4172 
4173  if (result > 0) {
4174  /* If we wrote any bytes from our buffer, then call the appropriate
4175  * functions. */
4176  if (connection_flushed_some(conn) < 0) {
4177  if (connection_speaks_cells(conn)) {
4179  END_OR_CONN_REASON_MISC,
4180  "Got error back from "
4181  "connection_flushed_some()");
4182  }
4183 
4184  /*
4185  * This can bypass normal channel checking since we did
4186  * connection_or_notify_error() above.
4187  */
4188  connection_mark_for_close_internal(conn);
4189  }
4190  }
4191 
4192  if (!connection_wants_to_flush(conn) &&
4193  !dont_stop_writing) { /* it's done flushing */
4194  if (connection_finished_flushing(conn) < 0) {
4195  /* already marked */
4196  return -1;
4197  }
4198  return 0;
4199  }
4200 
4201  /* Call even if result is 0, since the global write bucket may
4202  * have reached 0 on a different conn, and this connection needs to
4203  * know to stop writing. */
4205  if (n_read > 0 && connection_is_reading(conn))
4207 
4208  return 0;
4209 }
4210 
4211 /* DOCDOC connection_handle_write */
4212 int
4213 connection_handle_write(connection_t *conn, int force)
4214 {
4215  int res;
4216  update_current_time(time(NULL));
4217  /* connection_handle_write_impl() might call connection_handle_read()
4218  * if we're in the middle of a v2 handshake, in which case it needs this
4219  * flag set. */
4220  conn->in_connection_handle_write = 1;
4221  res = connection_handle_write_impl(conn, force);
4222  conn->in_connection_handle_write = 0;
4223  return res;
4224 }
4225 
4235 int
4237 {
4238  return connection_handle_write(conn, 1);
4239 }
4240 
4246 static int
4248 {
4249  /* if it's marked for close, only allow write if we mean to flush it */
4250  if (conn->marked_for_close && !conn->hold_open_until_flushed)
4251  return 0;
4252 
4253  return 1;
4254 }
4255 
4261 static void
4263 {
4264  if (CONN_IS_EDGE(conn)) {
4265  /* if it failed, it means we have our package/delivery windows set
4266  wrong compared to our max outbuf size. close the whole circuit. */
4267  log_warn(LD_NET,
4268  "write_to_buf failed. Closing circuit (fd %d).", (int)conn->s);
4269  circuit_mark_for_close(circuit_get_by_edge_conn(TO_EDGE_CONN(conn)),
4270  END_CIRC_REASON_INTERNAL);
4271  } else if (conn->type == CONN_TYPE_OR) {
4272  or_connection_t *orconn = TO_OR_CONN(conn);
4273  log_warn(LD_NET,
4274  "write_to_buf failed on an orconn; notifying of error "
4275  "(fd %d)", (int)(conn->s));
4276  connection_or_close_for_error(orconn, 0);
4277  } else {
4278  log_warn(LD_NET,
4279  "write_to_buf failed. Closing connection (fd %d).",
4280  (int)conn->s);
4281  connection_mark_for_close(conn);
4282  }
4283 }
4284 
4290 static void
4292 {
4293  /* If we receive optimistic data in the EXIT_CONN_STATE_RESOLVING
4294  * state, we don't want to try to write it right away, since
4295  * conn->write_event won't be set yet. Otherwise, write data from
4296  * this conn as the socket is available. */
4297  if (conn->write_event) {
4298  connection_start_writing(conn);
4299  }
4300  conn->outbuf_flushlen += len;
4301 }
4302 
4312 connection_write_to_buf_impl_,(const char *string, size_t len,
4313  connection_t *conn, int zlib))
4314 {
4315  /* XXXX This function really needs to return -1 on failure. */
4316  int r;
4317  if (!len && !(zlib<0))
4318  return;
4319 
4320  if (!connection_may_write_to_buf(conn))
4321  return;
4322 
4323  size_t written;
4324 
4325  if (zlib) {
4326  size_t old_datalen = buf_datalen(conn->outbuf);
4327  dir_connection_t *dir_conn = TO_DIR_CONN(conn);
4328  int done = zlib < 0;
4329  CONN_LOG_PROTECT(conn, r = buf_add_compress(conn->outbuf,
4330  dir_conn->compress_state,
4331  string, len, done));
4332  written = buf_datalen(conn->outbuf) - old_datalen;
4333  } else {
4334  CONN_LOG_PROTECT(conn, r = buf_add(conn->outbuf, string, len));
4335  written = len;
4336  }
4337  if (r < 0) {
4339  return;
4340  }
4341  connection_write_to_buf_commit(conn, written);
4342 }
4343 
4344 void
4345 connection_buf_add_compress(const char *string, size_t len,
4346  dir_connection_t *conn, int done)
4347 {
4348  connection_write_to_buf_impl_(string, len, TO_CONN(conn), done ? -1 : 1);
4349 }
4350 
4356 void
4358 {
4359  tor_assert(conn);
4360  tor_assert(buf);
4361  size_t len = buf_datalen(buf);
4362  if (len == 0)
4363  return;
4364 
4365  if (!connection_may_write_to_buf(conn))
4366  return;
4367 
4368  buf_move_all(conn->outbuf, buf);
4369  connection_write_to_buf_commit(conn, len);
4370 }
4371 
4372 #define CONN_GET_ALL_TEMPLATE(var, test) \
4373  STMT_BEGIN \
4374  smartlist_t *conns = get_connection_array(); \
4375  smartlist_t *ret_conns = smartlist_new(); \
4376  SMARTLIST_FOREACH_BEGIN(conns, connection_t *, var) { \
4377  if (var && (test) && !var->marked_for_close) \
4378  smartlist_add(ret_conns, var); \
4379  } SMARTLIST_FOREACH_END(var); \
4380  return ret_conns; \
4381  STMT_END
4382 
4383 /* Return a list of connections that aren't close and matches the given type
4384  * and state. The returned list can be empty and must be freed using
4385  * smartlist_free(). The caller does NOT have ownership of the objects in the
4386  * list so it must not free them nor reference them as they can disappear. */
4387 smartlist_t *
4388 connection_list_by_type_state(int type, int state)
4389 {
4390  CONN_GET_ALL_TEMPLATE(conn, (conn->type == type && conn->state == state));
4391 }
4392 
4393 /* Return a list of connections that aren't close and matches the given type
4394  * and purpose. The returned list can be empty and must be freed using
4395  * smartlist_free(). The caller does NOT have ownership of the objects in the
4396  * list so it must not free them nor reference them as they can disappear. */
4397 smartlist_t *
4398 connection_list_by_type_purpose(int type, int purpose)
4399 {
4400  CONN_GET_ALL_TEMPLATE(conn,
4401  (conn->type == type && conn->purpose == purpose));
4402 }
4403 
4406 #define CONN_GET_TEMPLATE(var, test) \
4407  STMT_BEGIN \
4408  smartlist_t *conns = get_connection_array(); \
4409  SMARTLIST_FOREACH(conns, connection_t *, var, \
4410  { \
4411  if (var && (test) && !var->marked_for_close) \
4412  return var; \
4413  }); \
4414  return NULL; \
4415  STMT_END
4416 
4421 connection_get_by_type_addr_port_purpose,(int type,
4422  const tor_addr_t *addr, uint16_t port,
4423  int purpose))
4424 {
4425  CONN_GET_TEMPLATE(conn,
4426  (conn->type == type &&
4427  tor_addr_eq(&conn->addr, addr) &&
4428  conn->port == port &&
4429  conn->purpose == purpose));
4430 }
4431 
4435 connection_t *
4437 {
4438  CONN_GET_TEMPLATE(conn, conn->global_identifier == id);
4439 }
4440 
4443 connection_t *
4445 {
4446  CONN_GET_TEMPLATE(conn, conn->type == type);
4447 }
4448 
4452 connection_t *
4453 connection_get_by_type_state(int type, int state)
4454 {
4455  CONN_GET_TEMPLATE(conn, conn->type == type && conn->state == state);
4456 }
4457 
4463 connection_get_by_type_nonlinked,(int type))
4464 {
4465  CONN_GET_TEMPLATE(conn, conn->type == type && !conn->linked);
4466 }
4467 
4472 connection_t *
4474  const char *rendquery)
4475 {
4476  tor_assert(type == CONN_TYPE_DIR ||
4477  type == CONN_TYPE_AP || type == CONN_TYPE_EXIT);
4478  tor_assert(rendquery);
4479 
4480  CONN_GET_TEMPLATE(conn,
4481  (conn->type == type &&
4482  (!state || state == conn->state)) &&
4483  (
4484  (type == CONN_TYPE_DIR &&
4485  TO_DIR_CONN(conn)->rend_data &&
4486  !rend_cmp_service_ids(rendquery,
4487  rend_data_get_address(TO_DIR_CONN(conn)->rend_data)))
4488  ||
4489  (CONN_IS_EDGE(conn) &&
4490  TO_EDGE_CONN(conn)->rend_data &&
4491  !rend_cmp_service_ids(rendquery,
4492  rend_data_get_address(TO_EDGE_CONN(conn)->rend_data)))
4493  ));
4494 }
4495 
4500 #define DIR_CONN_LIST_TEMPLATE(conn_var, conn_test, \
4501  dirconn_var, dirconn_test) \
4502  STMT_BEGIN \
4503  smartlist_t *conns = get_connection_array(); \
4504  smartlist_t *dir_conns = smartlist_new(); \
4505  SMARTLIST_FOREACH_BEGIN(conns, connection_t *, conn_var) { \
4506  if (conn_var && (conn_test) \
4507  && conn_var->type == CONN_TYPE_DIR \
4508  && !conn_var->marked_for_close) { \
4509  dir_connection_t *dirconn_var = TO_DIR_CONN(conn_var); \
4510  if (dirconn_var && (dirconn_test)) { \
4511  smartlist_add(dir_conns, dirconn_var); \
4512  } \
4513  } \
4514  } SMARTLIST_FOREACH_END(conn_var); \
4515  return dir_conns; \
4516  STMT_END
4517 
4524 smartlist_t *
4526  int purpose,
4527  const char *resource)
4528 {
4530  conn->purpose == purpose,
4531  dirconn,
4532  0 == strcmp_opt(resource,
4533  dirconn->requested_resource));
4534 }
4535 
4542 smartlist_t *
4544  int purpose,
4545  const char *resource,
4546  int state)
4547 {
4549  conn->purpose == purpose && conn->state == state,
4550  dirconn,
4551  0 == strcmp_opt(resource,
4552  dirconn->requested_resource));
4553 }
4554 
4555 #undef DIR_CONN_LIST_TEMPLATE
4556 
4561 static connection_t *
4563 {
4564  CONN_GET_TEMPLATE(conn,
4565  conn != TO_CONN(this_conn) && conn->type == CONN_TYPE_OR);
4566 }
4567 
4573 int
4575 {
4577  if (conn != NULL) {
4578  log_debug(LD_DIR, "%s: Found an OR connection: %s",
4579  __func__, conn->address);
4580  return 1;
4581  }
4582 
4583  return 0;
4584 }
4585 
4586 #undef CONN_GET_TEMPLATE
4587 
4589 int
4591 {
4592  if (conn->type == CONN_TYPE_OR_LISTENER ||
4593  conn->type == CONN_TYPE_EXT_OR_LISTENER ||
4594  conn->type == CONN_TYPE_AP_LISTENER ||
4595  conn->type == CONN_TYPE_AP_TRANS_LISTENER ||
4596  conn->type == CONN_TYPE_AP_DNS_LISTENER ||
4597  conn->type == CONN_TYPE_AP_NATD_LISTENER ||
4599  conn->type == CONN_TYPE_DIR_LISTENER ||
4601  return 1;
4602  return 0;
4603 }
4604 
4608 int
4610 {
4611  tor_assert(conn);
4612 
4613  if (conn->marked_for_close)
4614  return 0;
4615 
4616  if ((conn->type == CONN_TYPE_OR && conn->state == OR_CONN_STATE_OPEN) ||
4617  (conn->type == CONN_TYPE_EXT_OR) ||
4618  (conn->type == CONN_TYPE_AP && conn->state == AP_CONN_STATE_OPEN) ||
4619  (conn->type == CONN_TYPE_EXIT && conn->state == EXIT_CONN_STATE_OPEN) ||
4620  (conn->type == CONN_TYPE_CONTROL &&
4621  conn->state == CONTROL_CONN_STATE_OPEN))
4622  return 1;
4623 
4624  return 0;
4625 }
4626 
4628 int
4630 {
4631  tor_assert(conn);
4632 
4633  if (conn->marked_for_close)
4634  return 0;
4635  switch (conn->type)
4636  {
4637  case CONN_TYPE_OR:
4638  return conn->state == OR_CONN_STATE_CONNECTING;
4639  case CONN_TYPE_EXIT:
4640  return conn->state == EXIT_CONN_STATE_CONNECTING;
4641  case CONN_TYPE_DIR:
4642  return conn->state == DIR_CONN_STATE_CONNECTING;
4643  }
4644 
4645  return 0;
4646 }
4647 
4651 char *
4652 alloc_http_authenticator(const char *authenticator)
4653 {
4654  /* an authenticator in Basic authentication
4655  * is just the string "username:password" */
4656  const size_t authenticator_length = strlen(authenticator);
4657  const size_t base64_authenticator_length =
4658  base64_encode_size(authenticator_length, 0) + 1;
4659  char *base64_authenticator = tor_malloc(base64_authenticator_length);
4660  if (base64_encode(base64_authenticator, base64_authenticator_length,
4661  authenticator, authenticator_length, 0) < 0) {
4662  tor_free(base64_authenticator); /* free and set to null */
4663  }
4664  return base64_authenticator;
4665 }
4666 
4672 static void
4674 {
4675  tor_addr_t out_addr, iface_addr;
4676  tor_addr_t **last_interface_ip_ptr;
4677  sa_family_t family;
4678 
4679  if (!outgoing_addrs)
4680  outgoing_addrs = smartlist_new();
4681 
4682  if (tor_addr_from_getsockname(&out_addr, sock) < 0) {
4683  int e = tor_socket_errno(sock);
4684  log_warn(LD_NET, "getsockname() to check for address change failed: %s",
4685  tor_socket_strerror(e));
4686  return;
4687  }
4688  family = tor_addr_family(&out_addr);
4689 
4690  if (family == AF_INET)
4691  last_interface_ip_ptr = &last_interface_ipv4;
4692  else if (family == AF_INET6)
4693  last_interface_ip_ptr = &last_interface_ipv6;
4694  else
4695  return;
4696 
4697  if (! *last_interface_ip_ptr) {
4698  tor_addr_t *a = tor_malloc_zero(sizeof(tor_addr_t));
4699  if (get_interface_address6(LOG_INFO, family, a)==0) {
4700  *last_interface_ip_ptr = a;
4701  } else {
4702  tor_free(a);
4703  }
4704  }
4705 
4706  /* If we've used this address previously, we're okay. */
4708  if (tor_addr_eq(a_ptr, &out_addr))
4709  return;
4710  );
4711 
4712  /* Uh-oh. We haven't connected from this address before. Has the interface
4713  * address changed? */
4714  if (get_interface_address6(LOG_INFO, family, &iface_addr)<0)
4715  return;
4716 
4717  if (tor_addr_eq(&iface_addr, *last_interface_ip_ptr)) {
4718  /* Nope, it hasn't changed. Add this address to the list. */
4719  smartlist_add(outgoing_addrs, tor_memdup(&out_addr, sizeof(tor_addr_t)));
4720  } else {
4721  /* The interface changed. We're a client, so we need to regenerate our
4722  * keys. First, reset the state. */
4723  log_notice(LD_NET, "Our IP address has changed. Rotating keys...");
4724  tor_addr_copy(*last_interface_ip_ptr, &iface_addr);
4727  smartlist_add(outgoing_addrs, tor_memdup(&out_addr, sizeof(tor_addr_t)));
4728  /* We'll need to resolve ourselves again. */
4730  /* Okay, now change our keys. */
4731  ip_address_changed(1);
4732  }
4733 }
4734 
4742 static void
4744 {
4745  void *sz = (void*)&size;
4746  socklen_t sz_sz = (socklen_t) sizeof(size);
4747  if (setsockopt(sock, SOL_SOCKET, SO_SNDBUF, sz, sz_sz) < 0) {
4748  int e = tor_socket_errno(sock);
4749  log_warn(LD_NET, "setsockopt() to constrain send "
4750  "buffer to %d bytes failed: %s", size, tor_socket_strerror(e));
4751  }
4752  if (setsockopt(sock, SOL_SOCKET, SO_RCVBUF, sz, sz_sz) < 0) {
4753  int e = tor_socket_errno(sock);
4754  log_warn(LD_NET, "setsockopt() to constrain recv "
4755  "buffer to %d bytes failed: %s", size, tor_socket_strerror(e));
4756  }
4757 }
4758 
4765 static int
4766 connection_process_inbuf(connection_t *conn, int package_partial)
4767 {
4768  tor_assert(conn);
4769 
4770  switch (conn->type) {
4771  case CONN_TYPE_OR:
4773  case CONN_TYPE_EXT_OR:
4775  case CONN_TYPE_EXIT:
4776  case CONN_TYPE_AP:
4778  package_partial);
4779  case CONN_TYPE_DIR:
4781  case CONN_TYPE_CONTROL:
4783  default:
4784  log_err(LD_BUG,"got unexpected conn type %d.", conn->type);
4786  return -1;
4787  }
4788 }
4789 
4791 static int
4793 {
4794  int r = 0;
4795  tor_assert(!conn->in_flushed_some);
4796  conn->in_flushed_some = 1;
4797  if (conn->type == CONN_TYPE_DIR &&
4800  } else if (conn->type == CONN_TYPE_OR) {
4802  } else if (CONN_IS_EDGE(conn)) {
4804  }
4805  conn->in_flushed_some = 0;
4806  return r;
4807 }
4808 
4816 static int
4818 {
4819  tor_assert(conn);
4820 
4821  /* If the connection is closed, don't try to do anything more here. */
4822  if (CONN_IS_CLOSED(conn))
4823  return 0;
4824 
4825 // log_fn(LOG_DEBUG,"entered. Socket %u.", conn->s);
4826 
4827  connection_stop_writing(conn);
4828 
4829  switch (conn->type) {
4830  case CONN_TYPE_OR:
4832  case CONN_TYPE_EXT_OR:
4834  case CONN_TYPE_AP:
4835  case CONN_TYPE_EXIT:
4837  case CONN_TYPE_DIR:
4839  case CONN_TYPE_CONTROL:
4841  default:
4842  log_err(LD_BUG,"got unexpected conn type %d.", conn->type);
4844  return -1;
4845  }
4846 }
4847 
4854 static int
4856 {
4857  tor_assert(conn);
4858 
4859  if (!server_mode(get_options())) {
4860  /* See whether getsockname() says our address changed. We need to do this
4861  * now that the connection has finished, because getsockname() on Windows
4862  * won't work until then. */
4864  }
4865 
4866  switch (conn->type)
4867  {
4868  case CONN_TYPE_OR:
4870  case CONN_TYPE_EXIT:
4872  case CONN_TYPE_DIR:
4874  default:
4875  log_err(LD_BUG,"got unexpected conn type %d.", conn->type);
4877  return -1;
4878  }
4879 }
4880 
4882 static int
4884 {
4885  switch (conn->type) {
4886  case CONN_TYPE_OR:
4887  case CONN_TYPE_EXT_OR:
4888  return connection_or_reached_eof(TO_OR_CONN(conn));
4889  case CONN_TYPE_AP:
4890  case CONN_TYPE_EXIT:
4892  case CONN_TYPE_DIR:
4894  case CONN_TYPE_CONTROL:
4896  default:
4897  log_err(LD_BUG,"got unexpected conn type %d.", conn->type);
4899  return -1;
4900  }
4901 }
4902 
4904 static int
4906 {
4907  int a_circs, b_circs;
4908  /* Fewer circuits == higher priority for OOS kill, sort earlier */
4909 
4910  a_circs = connection_or_get_num_circuits(a);
4911  b_circs = connection_or_get_num_circuits(b);
4912 
4913  if (a_circs < b_circs) return 1;
4914  else if (a_circs > b_circs) return -1;
4915  else return 0;
4916 }
4917 
4920 static int
4921 oos_victim_comparator(const void **a_v, const void **b_v)
4922 {
4923  connection_t *a = NULL, *b = NULL;
4924 
4925  /* Get connection pointers out */
4926 
4927  a = (connection_t *)(*a_v);
4928  b = (connection_t *)(*b_v);
4929 
4930  tor_assert(a != NULL);
4931  tor_assert(b != NULL);
4932 
4933  /*
4934  * We always prefer orconns as victims currently; we won't even see
4935  * these non-orconn cases, but if we do, sort them after orconns.
4936  */
4937  if (a->type == CONN_TYPE_OR && b->type == CONN_TYPE_OR) {
4939  } else {
4940  /*
4941  * One isn't an orconn; if one is, it goes first. We currently have no
4942  * opinions about cases where neither is an orconn.
4943  */
4944  if (a->type == CONN_TYPE_OR) return -1;
4945  else if (b->type == CONN_TYPE_OR) return 1;
4946  else return 0;
4947  }
4948 }
4949 
4954 pick_oos_victims, (int n))
4955 {
4956  smartlist_t *eligible = NULL, *victims = NULL;
4957  smartlist_t *conns;
4958  int conn_counts_by_type[CONN_TYPE_MAX_ + 1], i;
4959 
4960  /*
4961  * Big damn assumption (someone improve this someday!):
4962  *
4963  * Socket exhaustion normally happens on high-volume relays, and so
4964  * most of the connections involved are orconns. We should pick victims
4965  * by assembling a list of all orconns, and sorting them in order of
4966  * how much 'damage' by some metric we'd be doing by dropping them.
4967  *
4968  * If we move on from orconns, we should probably think about incoming
4969  * directory connections next, or exit connections. Things we should
4970  * probably never kill are controller connections and listeners.
4971  *
4972  * This function will count how many connections of different types
4973  * exist and log it for purposes of gathering data on typical OOS
4974  * situations to guide future improvements.
4975  */
4976 
4977  /* First, get the connection array */
4978  conns = get_connection_array();
4979  /*
4980  * Iterate it and pick out eligible connection types, and log some stats
4981  * along the way.
4982  */
4983  eligible = smartlist_new();
4984  memset(conn_counts_by_type, 0, sizeof(conn_counts_by_type));
4985  SMARTLIST_FOREACH_BEGIN(conns, connection_t *, c) {
4986  /* Bump the counter */
4987  tor_assert(c->type <= CONN_TYPE_MAX_);
4988  ++(conn_counts_by_type[c->type]);
4989 
4990  /* Skip anything without a socket we can free */
4991  if (!(SOCKET_OK(c->s))) {
4992  continue;
4993  }
4994 
4995  /* Skip anything we would count as moribund */
4996  if (connection_is_moribund(c)) {
4997  continue;
4998  }
4999 
5000  switch (c->type) {
5001  case CONN_TYPE_OR:
5002  /* We've got an orconn, it's eligible to be OOSed */
5003  smartlist_add(eligible, c);
5004  break;
5005  default:
5006  /* We don't know what to do with it, ignore it */
5007  break;
5008  }
5009  } SMARTLIST_FOREACH_END(c);
5010 
5011  /* Log some stats */
5012  if (smartlist_len(conns) > 0) {
5013  /* At least one counter must be non-zero */
5014  log_info(LD_NET, "Some stats on conn types seen during OOS follow");
5015  for (i = CONN_TYPE_MIN_; i <= CONN_TYPE_MAX_; ++i) {
5016  /* Did we see any? */
5017  if (conn_counts_by_type[i] > 0) {
5018  log_info(LD_NET, "%s: %d conns",
5020  conn_counts_by_type[i]);
5021  }
5022  }
5023  log_info(LD_NET, "Done with OOS conn type stats");
5024  }
5025 
5026  /* Did we find more eligible targets than we want to kill? */
5027  if (smartlist_len(eligible) > n) {
5028  /* Sort the list in order of target preference */
5030  /* Pick first n as victims */
5031  victims = smartlist_new();
5032  for (i = 0; i < n; ++i) {
5033  smartlist_add(victims, smartlist_get(eligible, i));
5034  }
5035  /* Free the original list */
5036  smartlist_free(eligible);
5037  } else {
5038  /* No, we can just call them all victims */
5039  victims = eligible;
5040  }
5041 
5042  return victims;
5043 }
5044 
5046 MOCK_IMPL(STATIC void,
5047 kill_conn_list_for_oos, (smartlist_t *conns))
5048 {
5049  if (!conns) return;
5050 
5051  SMARTLIST_FOREACH_BEGIN(conns, connection_t *, c) {
5052  /* Make sure the channel layer gets told about orconns */
5053  if (c->type == CONN_TYPE_OR) {
5054  connection_or_close_for_error(TO_OR_CONN(c), 1);
5055  } else {
5056  connection_mark_for_close(c);
5057  }
5058  } SMARTLIST_FOREACH_END(c);
5059 
5060  log_notice(LD_NET,
5061  "OOS handler marked %d connections",
5062  smartlist_len(conns));
5063 }
5064 
5067 int
5069 {
5070  if (conn != NULL &&
5071  (conn->conn_array_index < 0 ||
5072  conn->marked_for_close)) {
5073  return 1;
5074  } else {
5075  return 0;
5076  }
5077 }
5078 
5084 void
5085 connection_check_oos(int n_socks, int failed)
5086 {
5087  int target_n_socks = 0, moribund_socks, socks_to_kill;
5088  smartlist_t *conns;
5089 
5090  /* Early exit: is OOS checking disabled? */
5091  if (get_options()->DisableOOSCheck) {
5092  return;
5093  }
5094 
5095  /* Sanity-check args */
5096  tor_assert(n_socks >= 0);
5097 
5098  /*
5099  * Make some log noise; keep it at debug level since this gets a chance
5100  * to run on every connection attempt.
5101  */
5102  log_debug(LD_NET,
5103  "Running the OOS handler (%d open sockets, %s)",
5104  n_socks, (failed != 0) ? "exhaustion seen" : "no exhaustion");
5105 
5106  /*
5107  * Check if we're really handling an OOS condition, and if so decide how
5108  * many sockets we want to get down to. Be sure we check if the threshold
5109  * is distinct from zero first; it's possible for this to be called a few
5110  * times before we've finished reading the config.
5111  */
5112  if (n_socks >= get_options()->ConnLimit_high_thresh &&
5113  get_options()->ConnLimit_high_thresh != 0 &&
5114  get_options()->ConnLimit_ != 0) {
5115  /* Try to get down to the low threshold */
5116  target_n_socks = get_options()->ConnLimit_low_thresh;
5117  log_notice(LD_NET,
5118  "Current number of sockets %d is greater than configured "
5119  "limit %d; OOS handler trying to get down to %d",
5120  n_socks, get_options()->ConnLimit_high_thresh,
5121  target_n_socks);
5122  } else if (failed) {
5123  /*
5124  * If we're not at the limit but we hit a socket exhaustion error, try to
5125  * drop some (but not as aggressively as ConnLimit_low_threshold, which is
5126  * 3/4 of ConnLimit_)
5127  */
5128  target_n_socks = (n_socks * 9) / 10;
5129  log_notice(LD_NET,
5130  "We saw socket exhaustion at %d open sockets; OOS handler "
5131  "trying to get down to %d",
5132  n_socks, target_n_socks);
5133  }
5134 
5135  if (target_n_socks > 0) {
5136  /*
5137  * It's an OOS!
5138  *
5139  * Count moribund sockets; it's be important that anything we decide
5140  * to get rid of here but don't immediately close get counted as moribund
5141  * on subsequent invocations so we don't try to kill too many things if
5142  * connection_check_oos() gets called multiple times.
5143  */
5144  moribund_socks = connection_count_moribund();
5145 
5146  if (moribund_socks < n_socks - target_n_socks) {
5147  socks_to_kill = n_socks - target_n_socks - moribund_socks;
5148 
5149  conns = pick_oos_victims(socks_to_kill);
5150  if (conns) {
5151  kill_conn_list_for_oos(conns);
5152  log_notice(LD_NET,
5153  "OOS handler killed %d conns", smartlist_len(conns));
5154  smartlist_free(conns);
5155  } else {
5156  log_notice(LD_NET, "OOS handler failed to pick any victim conns");
5157  }
5158  } else {
5159  log_notice(LD_NET,
5160  "Not killing any sockets for OOS because there are %d "
5161  "already moribund, and we only want to eliminate %d",
5162  moribund_socks, n_socks - target_n_socks);
5163  }
5164  }
5165 }
5166 
5168 void
5170 {
5171  uint64_t used_by_type[CONN_TYPE_MAX_+1];
5172  uint64_t alloc_by_type[CONN_TYPE_MAX_+1];
5173  int n_conns_by_type[CONN_TYPE_MAX_+1];
5174  uint64_t total_alloc = 0;
5175  uint64_t total_used = 0;
5176  int i;
5177  smartlist_t *conns = get_connection_array();
5178 
5179  memset(used_by_type, 0, sizeof(used_by_type));
5180  memset(alloc_by_type, 0, sizeof(alloc_by_type));
5181  memset(n_conns_by_type, 0, sizeof(n_conns_by_type));
5182 
5183  SMARTLIST_FOREACH_BEGIN(conns, connection_t *, c) {
5184  int tp = c->type;
5185  ++n_conns_by_type[tp];
5186  if (c->inbuf) {
5187  used_by_type[tp] += buf_datalen(c->inbuf);
5188  alloc_by_type[tp] += buf_allocation(c->inbuf);
5189  }
5190  if (c->outbuf) {
5191  used_by_type[tp] += buf_datalen(c->outbuf);
5192  alloc_by_type[tp] += buf_allocation(c->outbuf);
5193  }
5194  } SMARTLIST_FOREACH_END(c);
5195  for (i=0; i <= CONN_TYPE_MAX_; ++i) {
5196  total_used += used_by_type[i];
5197  total_alloc += alloc_by_type[i];
5198  }
5199 
5200  tor_log(severity, LD_GENERAL,
5201  "In buffers for %d connections: %"PRIu64" used/%"PRIu64" allocated",
5202  smartlist_len(conns),
5203  (total_used), (total_alloc));
5204  for (i=CONN_TYPE_MIN_; i <= CONN_TYPE_MAX_; ++i) {
5205  if (!n_conns_by_type[i])
5206  continue;
5207  tor_log(severity, LD_GENERAL,
5208  " For %d %s connections: %"PRIu64" used/%"PRIu64" allocated",
5209  n_conns_by_type[i], conn_type_to_string(i),
5210  (used_by_type[i]), (alloc_by_type[i]));
5211  }
5212 }
5213 
5217 void
5219 {
5220  (void) now; /* XXXX unused. */
5221  tor_assert(conn);
5222  tor_assert(conn->type >= CONN_TYPE_MIN_);
5223  tor_assert(conn->type <= CONN_TYPE_MAX_);
5224 
5225  switch (conn->type) {
5226  case CONN_TYPE_OR:
5227  case CONN_TYPE_EXT_OR:
5228  tor_assert(conn->magic == OR_CONNECTION_MAGIC);
5229  break;
5230  case CONN_TYPE_AP:
5231  tor_assert(conn->magic == ENTRY_CONNECTION_MAGIC);
5232  break;
5233  case CONN_TYPE_EXIT:
5234  tor_assert(conn->magic == EDGE_CONNECTION_MAGIC);
5235  break;
5236  case CONN_TYPE_DIR:
5237  tor_assert(conn->magic == DIR_CONNECTION_MAGIC);
5238  break;
5239  case CONN_TYPE_CONTROL:
5240  tor_assert(conn->magic == CONTROL_CONNECTION_MAGIC);
5241  break;
5242  CASE_ANY_LISTENER_TYPE:
5243  tor_assert(conn->magic == LISTENER_CONNECTION_MAGIC);
5244  break;
5245  default:
5246  tor_assert(conn->magic == BASE_CONNECTION_MAGIC);
5247  break;
5248  }
5249 
5250  if (conn->linked_conn) {
5251  tor_assert(conn->linked_conn->linked_conn == conn);
5252  tor_assert(conn->linked);
5253  }
5254  if (conn->linked)
5255  tor_assert(!SOCKET_OK(conn->s));
5256 
5257  if (conn->outbuf_flushlen > 0) {
5258  /* With optimistic data, we may have queued data in
5259  * EXIT_CONN_STATE_RESOLVING while the conn is not yet marked to writing.
5260  * */
5261  tor_assert((conn->type == CONN_TYPE_EXIT &&
5262  conn->state == EXIT_CONN_STATE_RESOLVING) ||
5263  connection_is_writing(conn) ||
5264  conn->write_blocked_on_bw ||
5265  (CONN_IS_EDGE(conn) &&
5266  TO_EDGE_CONN(conn)->edge_blocked_on_circ));
5267  }
5268 
5269  if (conn->hold_open_until_flushed)
5271 
5272  /* XXXX check: read_blocked_on_bw, write_blocked_on_bw, s, conn_array_index,
5273  * marked_for_close. */
5274 
5275  /* buffers */
5276  if (conn->inbuf)
5277  buf_assert_ok(conn->inbuf);
5278  if (conn->outbuf)
5279  buf_assert_ok(conn->outbuf);
5280 
5281  if (conn->type == CONN_TYPE_OR) {
5282  or_connection_t *or_conn = TO_OR_CONN(conn);
5283  if (conn->state == OR_CONN_STATE_OPEN) {
5284  /* tor_assert(conn->bandwidth > 0); */
5285  /* the above isn't necessarily true: if we just did a TLS
5286  * handshake but we didn't recognize the other peer, or it
5287  * gave a bad cert/etc, then we won't have assigned bandwidth,
5288  * yet it will be open. -RD
5289  */
5290 // tor_assert(conn->read_bucket >= 0);
5291  }
5292 // tor_assert(conn->addr && conn->port);
5293  tor_assert(conn->address);
5295  tor_assert(or_conn->tls);
5296  }
5297 
5298  if (CONN_IS_EDGE(conn)) {
5299  /* XXX unchecked: package window, deliver window. */
5300  if (conn->type == CONN_TYPE_AP) {
5301  entry_connection_t *entry_conn = TO_ENTRY_CONN(conn);
5302  if (entry_conn->chosen_exit_optional || entry_conn->chosen_exit_retries)
5303  tor_assert(entry_conn->chosen_exit_name);
5304 
5305  tor_assert(entry_conn->socks_request);
5306  if (conn->state == AP_CONN_STATE_OPEN) {
5307  tor_assert(entry_conn->socks_request->has_finished);
5308  if (!conn->marked_for_close) {
5309  tor_assert(ENTRY_TO_EDGE_CONN(entry_conn)->cpath_layer);
5310  assert_cpath_layer_ok(ENTRY_TO_EDGE_CONN(entry_conn)->cpath_layer);
5311  }
5312  }
5313  }
5314  if (conn->type == CONN_TYPE_EXIT) {
5316  conn->purpose == EXIT_PURPOSE_RESOLVE);
5317  }
5318  } else if (conn->type == CONN_TYPE_DIR) {
5319  } else {
5320  /* Purpose is only used for dir and exit types currently */
5321  tor_assert(!conn->purpose);
5322  }
5323 
5324  switch (conn->type)
5325  {
5326  CASE_ANY_LISTENER_TYPE:
5328  break;
5329  case CONN_TYPE_OR:
5330  tor_assert(conn->state >= OR_CONN_STATE_MIN_);
5331  tor_assert(conn->state <= OR_CONN_STATE_MAX_);
5332  break;
5333  case CONN_TYPE_EXT_OR:
5334  tor_assert(conn->state >= EXT_OR_CONN_STATE_MIN_);
5335  tor_assert(conn->state <= EXT_OR_CONN_STATE_MAX_);
5336  break;
5337  case CONN_TYPE_EXIT:
5338  tor_assert(conn->state >= EXIT_CONN_STATE_MIN_);
5339  tor_assert(conn->state <= EXIT_CONN_STATE_MAX_);
5340  tor_assert(conn->purpose >= EXIT_PURPOSE_MIN_);
5341  tor_assert(conn->purpose <= EXIT_PURPOSE_MAX_);
5342  break;
5343  case CONN_TYPE_AP:
5344  tor_assert(conn->state >= AP_CONN_STATE_MIN_);
5345  tor_assert(conn->state <= AP_CONN_STATE_MAX_);
5346  tor_assert(TO_ENTRY_CONN(conn)->socks_request);
5347  break;
5348  case CONN_TYPE_DIR:
5349  tor_assert(conn->state >= DIR_CONN_STATE_MIN_);
5350  tor_assert(conn->state <= DIR_CONN_STATE_MAX_);
5351  tor_assert(conn->purpose >= DIR_PURPOSE_MIN_);
5352  tor_assert(conn->purpose <= DIR_PURPOSE_MAX_);
5353  break;
5354  case CONN_TYPE_CONTROL:
5355  tor_assert(conn->state >= CONTROL_CONN_STATE_MIN_);
5356  tor_assert(conn->state <= CONTROL_CONN_STATE_MAX_);
5357  break;
5358  default:
5359  tor_assert(0);
5360  }
5361 }
5362 
5369 int
5370 get_proxy_addrport(tor_addr_t *addr, uint16_t *port, int *proxy_type,
5371  const connection_t *conn)
5372 {
5373  const or_options_t *options = get_options();
5374 
5375  /* Client Transport Plugins can use another proxy, but that should be hidden
5376  * from the rest of tor (as the plugin is responsible for dealing with the
5377  * proxy), check it first, then check the rest of the proxy types to allow
5378  * the config to have unused ClientTransportPlugin entries.
5379  */
5380  if (options->ClientTransportPlugin) {
5381  const transport_t *transport = NULL;
5382  int r;
5383  r = get_transport_by_bridge_addrport(&conn->addr, conn->port, &transport);
5384  if (r<0)
5385  return -1;
5386  if (transport) { /* transport found */
5387  tor_addr_copy(addr, &transport->addr);
5388  *port = transport->port;
5389  *proxy_type = transport->socks_version;
5390  return 0;
5391  }
5392 
5393  /* Unused ClientTransportPlugin. */
5394  }
5395 
5396  if (options->HTTPSProxy) {
5397  tor_addr_copy(addr, &options->HTTPSProxyAddr);
5398  *port = options->HTTPSProxyPort;
5399  *proxy_type = PROXY_CONNECT;
5400  return 0;
5401  } else if (options->Socks4Proxy) {
5402  tor_addr_copy(addr, &options->Socks4ProxyAddr);
5403  *port = options->Socks4ProxyPort;
5404  *proxy_type = PROXY_SOCKS4;
5405  return 0;
5406  } else if (options->Socks5Proxy) {
5407  tor_addr_copy(addr, &options->Socks5ProxyAddr);
5408  *port = options->Socks5ProxyPort;
5409  *proxy_type = PROXY_SOCKS5;
5410  return 0;
5411  }
5412 
5413  tor_addr_make_unspec(addr);
5414  *port = 0;
5415  *proxy_type = PROXY_NONE;
5416  return 0;
5417 }
5418 
5421 void
5423 {
5424  tor_addr_t proxy_addr;
5425  uint16_t proxy_port;
5426  int proxy_type;
5427 
5428  if (get_proxy_addrport(&proxy_addr, &proxy_port, &proxy_type, conn) != 0)
5429  return; /* if we have no proxy set up, leave this function. */
5430 
5431  log_warn(LD_NET,
5432  "The connection to the %s proxy server at %s just failed. "
5433  "Make sure that the proxy server is up and running.",
5434  proxy_type_to_string(proxy_type),
5435  fmt_addrport(&proxy_addr, proxy_port));
5436 }
5437 
5439 static const char *
5440 proxy_type_to_string(int proxy_type)
5441 {
5442  switch (proxy_type) {
5443  case PROXY_CONNECT: return "HTTP";
5444  case PROXY_SOCKS4: return "SOCKS4";
5445  case PROXY_SOCKS5: return "SOCKS5";
5446  case PROXY_PLUGGABLE: return "pluggable transports SOCKS";
5447  case PROXY_NONE: return "NULL";
5448  default: tor_assert(0);
5449  }
5450  return NULL; /*Unreached*/
5451 }
5452 
5459 void
5461 {
5462  smartlist_t *conns = get_connection_array();
5463 
5464  /* We don't want to log any messages to controllers. */
5465  SMARTLIST_FOREACH(conns, connection_t *, conn,
5466  if (conn->type == CONN_TYPE_CONTROL)
5467  TO_CONTROL_CONN(conn)->event_mask = 0);
5468 
5470 
5471  /* Unlink everything from the identity map. */
5474 
5475  /* Clear out our list of broken connections */
5477 
5478  SMARTLIST_FOREACH(conns, connection_t *, conn,
5479  connection_free_minimal(conn));
5480 
5481  if (outgoing_addrs) {
5483  smartlist_free(outgoing_addrs);
5484  outgoing_addrs = NULL;
5485  }
5486 
5488  tor_free(last_interface_ipv6);
5490 
5491  mainloop_event_free(reenable_blocked_connections_ev);
5493  memset(&reenable_blocked_connections_delay, 0, sizeof(struct timeval));
5494 }
5495 
5502 clock_skew_warning, (const connection_t *conn, long apparent_skew, int trusted,
5503  log_domain_mask_t domain, const char *received,
5504  const char *source))
5505 {
5506  char dbuf[64];
5507  char *ext_source = NULL, *warn = NULL;
5508  format_time_interval(dbuf, sizeof(dbuf), apparent_skew);
5509  if (conn)
5510  tor_asprintf(&ext_source, "%s:%s:%d", source, conn->address, conn->port);
5511  else
5512  ext_source = tor_strdup(source);
5513  log_fn(trusted ? LOG_WARN : LOG_INFO, domain,
5514  "Received %s with skewed time (%s): "
5515  "It seems that our clock is %s by %s, or that theirs is %s%s. "
5516  "Tor requires an accurate clock to work: please check your time, "
5517  "timezone, and date settings.", received, ext_source,
5518  apparent_skew > 0 ? "ahead" : "behind", dbuf,
5519  apparent_skew > 0 ? "behind" : "ahead",
5520  (!conn || trusted) ? "" : ", or they are sending us the wrong time");
5521  if (trusted) {
5522  control_event_general_status(LOG_WARN, "CLOCK_SKEW SKEW=%ld SOURCE=%s",
5523  apparent_skew, ext_source);
5524  tor_asprintf(&warn, "Clock skew %ld in %s from %s", apparent_skew,
5525  received, source);
5526  control_event_bootstrap_problem(warn, "CLOCK_SKEW", conn, 1);
5527  }
5528  tor_free(warn);
5529  tor_free(ext_source);
5530 }
#define RELAY_PAYLOAD_SIZE
Definition: or.h:605
static void connection_bucket_refill_single(connection_t *conn, uint32_t now_ts)
Definition: connection.c:3456
tor_socket_t s
Definition: connection_st.h:88
Header file for dirserv.c.
void rep_hist_note_bytes_read(uint64_t num_bytes, time_t when)
Definition: rephist.c:1166
#define AP_CONN_STATE_CONNECT_WAIT
#define DIR_PURPOSE_SERVER
Definition: directory.h:62
tor_addr_t OutboundBindAddresses[OUTBOUND_ADDR_MAX][2]
uint8_t type
Definition: port_cfg_st.h:18
#define CASE_TOR_TLS_ERROR_ANY_NONIO
Definition: tortls.h:53
void accounting_add_bytes(size_t n_read, size_t n_written, int seconds)
Definition: hibernate.c:331
#define CONN_TYPE_DIR_LISTENER
Definition: connection.h:33
Header file for rendcommon.c.
#define CONN_TYPE_CONTROL_LISTENER
Definition: connection.h:38
int fascist_firewall_prefer_ipv6_orport(const or_options_t *options)
Definition: policies.c:507
unsigned int cpd_check_t
Definition: dir.h:20
Header file for channeltls.c.
#define AP_CONN_STATE_RESOLVE_WAIT
unsigned int chosen_exit_retries
MOCK_IMPL(void, connection_free_,(connection_t *conn))
Definition: connection.c:757
void rep_hist_note_dir_bytes_written(uint64_t num_bytes, time_t when)
Definition: rephist.c:1176
void connection_or_close_normally(or_connection_t *orconn, int flush)
uint64_t global_identifier
const tor_addr_t * conn_get_outbound_address(sa_family_t family, const or_options_t *options, unsigned int conn_type)
Definition: connection.c:2119
Header file containing common data for the whole HS subsytem.
int ClientPreferIPv6ORPort
unsigned int has_finished
token_bucket_rw_t bucket
int token_bucket_rw_refill(token_bucket_rw_t *bucket, uint32_t now_ts)
Definition: token_bucket.c:183
uint64_t RelayBandwidthBurst
Header file for circuitbuild.c.
uint16_t port
Definition: transports.h:26
int connection_is_moribund(connection_t *conn)
Definition: connection.c:5068
tor_addr_t real_addr
int socks_policy_permits_address(const tor_addr_t *addr)
Definition: policies.c:1108
unsigned int socks_prefer_no_auth
static smartlist_t * outgoing_addrs
Definition: connection.c:201
static int connection_read_https_proxy_response(connection_t *conn)
Definition: connection.c:2477
#define SMARTLIST_FOREACH_BEGIN(sl, type, var)
uint16_t sa_family_t
Definition: inaddr_st.h:77
Header for backtrace.c.
#define TO_CONN(c)
Definition: or.h:735
static int connection_flushed_some(connection_t *conn)
Definition: connection.c:4792
static int connection_fetch_from_buf_socks_client(connection_t *conn, int state, char **reason)
Definition: connection.c:2570
enum or_options_t::@30 TransProxyType_parsed
void entry_guard_cancel(circuit_guard_state_t **guard_state_p)
Definition: entrynodes.c:2459
void connection_mark_all_noncontrol_connections(void)
Definition: connection.c:2995
void connection_ap_about_to_close(entry_connection_t *entry_conn)
int CountPrivateBandwidth
int connection_flush(connection_t *conn)
Definition: connection.c:4236
int connection_dir_reached_eof(dir_connection_t *conn)
Definition: dirclient.c:2988
void tor_addr_make_unspec(tor_addr_t *a)
Definition: address.c:225
uint32_t log_domain_mask_t
Definition: log.h:132
void update_current_time(time_t now)
Definition: mainloop.c:2677
uint16_t router_get_advertised_or_port(const or_options_t *options)
Definition: router.c:1427
static void connection_send_socks5_connect(connection_t *conn)
Definition: connection.c:2538
uint16_t router_get_advertised_or_port_by_af(const or_options_t *options, sa_family_t family)
Definition: router.c:1435
static void update_send_buffer_size(tor_socket_t sock)
Definition: connection.c:3919
or_handshake_state_t * handshake_state
tor_addr_t addr
Definition: port_cfg_st.h:15
tor_addr_t addr
#define EXIT_PURPOSE_CONNECT
Header for buffers_tls.c.
int connection_state_is_connecting(connection_t *conn)
Definition: connection.c:4629
void channel_close_for_error(channel_t *chan)
Definition: channel.c:1241
unsigned int write_blocked_on_bw
Definition: connection_st.h:53
#define EXIT_CONN_STATE_RESOLVING
#define CONN_TYPE_AP_NATD_LISTENER
Definition: connection.h:46
Header file for connection.c.
static int oos_victim_comparator(const void **a_v, const void **b_v)
Definition: connection.c:4921
#define EXIT_CONN_STATE_RESOLVEFAILED
int tor_mem_is_zero(const char *mem, size_t len)
Definition: util_string.c:74
const char * tor_tls_err_to_string(int err)
Definition: tortls.c:150
uint32_t n_written_conn_bw
void connection_stop_reading_from_linked_conn(connection_t *conn)
Definition: mainloop.c:818
connection_t * connection_get_by_type_state_rendquery(int type, int state, const char *rendquery)
Definition: connection.c:4473
#define LD_GENERAL
Definition: log.h:58
static void connection_init(time_t now, connection_t *conn, int type, int socket_family)
Definition: connection.c:489
void connection_consider_empty_read_buckets(connection_t *conn)
Definition: connection.c:3347
#define MAX_SOCKS5_AUTH_FIELD_SIZE
Definition: connection.h:180
static int connection_reached_eof(connection_t *conn)
Definition: connection.c:4883
int rend_cmp_service_ids(const char *one, const char *two)
Definition: rendcommon.c:48
dir_connection_t * dir_connection_new(int socket_family)
Definition: connection.c:358
static void client_check_address_changed(tor_socket_t sock)
Definition: connection.c:4673
static int connection_handle_listener_read(connection_t *conn, int new_type)
Definition: connection.c:1693
#define DOWNCAST(to, ptr)
Definition: or.h:110
int buf_flush_to_socket(buf_t *buf, tor_socket_t s, size_t sz, size_t *buf_flushlen)
Definition: buffers_net.c:231
unsigned int proxy_state
Definition: connection_st.h:84
static ssize_t connection_bucket_get_share(int base, int priority, ssize_t global_bucket_val, ssize_t conn_bucket)
Definition: connection.c:3081
uint64_t BandwidthRate
uint8_t state
Definition: connection_st.h:44
#define CONN_TYPE_AP_TRANS_LISTENER
Definition: connection.h:43
int authdir_mode(const or_options_t *options)
Definition: authmode.c:25
tor_addr_t HTTPSProxyAddr
time_t connection_or_client_used(or_connection_t *conn)
Headers for compress.c.
void connection_link_connections(connection_t *conn_a, connection_t *conn_b)
Definition: connection.c:537
#define LOG_INFO
Definition: log.h:41
static uint32_t tor_addr_to_ipv4n(const tor_addr_t *a)
Definition: address.h:145
Header file for nodelist.c.
static connection_t * connection_listener_new_for_port(const port_cfg_t *port, int *defer, int *addr_in_use)
Definition: connection.c:1567
static int retry_listener_ports(smartlist_t *old_conns, const smartlist_t *ports, smartlist_t *new_conns, smartlist_t *replacements, int control_listeners_only)
Definition: connection.c:2759
void tor_log(int severity, log_domain_mask_t domain, const char *format,...)
Definition: log.c:631
void tor_addr_make_null(tor_addr_t *a, sa_family_t family)
Definition: address.c:235
void stats_increment_bytes_read_and_written(uint64_t r, uint64_t w)
Definition: mainloop.c:486
uint64_t ConstrainedSockSize
unsigned int inbuf_reached_eof
Definition: connection_st.h:59
Header file for directory.c.
void smartlist_add(smartlist_t *sl, void *element)
#define OR_CONN_STATE_TLS_HANDSHAKING
Definition: orconn_event.h:34
int connection_dir_finished_connecting(dir_connection_t *conn)
Definition: directory.c:453
int connection_is_listener(connection_t *conn)
Definition: connection.c:4590
unsigned int read_blocked_on_bw
Definition: connection_st.h:51
unsigned get_signewnym_epoch(void)
Definition: mainloop.c:1334
#define bool_neq(a, b)
Definition: logic.h:18
void connection_or_notify_error(or_connection_t *conn, int reason, const char *msg)
char * Socks5ProxyUsername
#define MAX_HEADERS_SIZE
Definition: or.h:123
#define CONTROL_CONN_STATE_OPEN
Definition: control.h:97
void connection_or_clear_identity_map(void)
int fascist_firewall_prefer_ipv6_dirport(const or_options_t *options)
Definition: policies.c:532
size_t base64_encode_size(size_t srclen, int flags)
Definition: binascii.c:166
const struct passwd * tor_getpwnam(const char *username)
Definition: userdb.c:70
char * rate_limit_log(ratelim_t *lim, time_t now)
Definition: ratelim.c:41
smartlist_t * spool
#define AP_CONN_STATE_RENDDESC_WAIT
#define CONN_TYPE_OR_LISTENER
Definition: connection.h:21
#define OR_CONN_STATE_TLS_SERVER_RENEGOTIATING
Definition: orconn_event.h:41
int connection_ext_or_start_auth(or_connection_t *or_conn)
Definition: ext_orport.c:636
Header file for config.c.
static struct timeval reenable_blocked_connections_delay
Definition: connection.c:3483
control_connection_t * TO_CONTROL_CONN(connection_t *c)
Definition: control.c:266
edge_connection_t * edge_connection_new(int type, int socket_family)
Definition: connection.c:413
static const char * connection_proxy_state_to_string(int state)
Definition: connection.c:2264
#define fmt_and_decorate_addr(a)
Definition: address.h:214
#define CONN_TYPE_OR
Definition: connection.h:24
socklen_t tor_addr_to_sockaddr(const tor_addr_t *a, uint16_t port, struct sockaddr *sa_out, socklen_t len)
Definition: address.c:113
char * alloc_http_authenticator(const char *authenticator)
Definition: connection.c:4652
void control_event_bootstrap_problem(const char *warn, const char *reason, const connection_t *conn, int dowarn)
#define DIR_CONN_LIST_TEMPLATE(conn_var, conn_test, dirconn_var, dirconn_test)
Definition: connection.c:4500
int connection_edge_finished_connecting(edge_connection_t *edge_conn)
const char * conn_type_to_string(int type)
Definition: connection.c:241
#define DIR_CONN_STATE_CLIENT_READING
Definition: directory.h:23
char * HTTPSProxy
static tor_addr_t * last_interface_ipv4
Definition: connection.c:196
int format_time_interval(char *out, size_t out_len, long interval)
Definition: time_fmt.c:477
struct tor_compress_state_t * compress_state
struct connection_t * linked_conn
static time_t last_recorded_accounting_at
Definition: connection.c:3227
static void warn_too_many_conns(void)
Definition: connection.c:1039
rend_data_t * rend_data
unsigned int reading_from_linked_conn
Definition: connection_st.h:73
uint16_t port
const smartlist_t * get_socks_args_by_bridge_addrport(const tor_addr_t *addr, uint16_t port)
Definition: bridges.c:644
void connection_control_closed(control_connection_t *conn)
Definition: control.c:5298
#define tor_free(p)
Definition: malloc.h:52
void reset_last_resolved_addr(void)
Definition: config.c:2671
static int connection_process_inbuf(connection_t *conn, int package_partial)
Definition: connection.c:4766
static int connection_may_write_to_buf(connection_t *conn)
Definition: connection.c:4247
#define tor_fragile_assert()
Definition: util_bug.h:221
int connection_fetch_from_buf_http(connection_t *conn, char **headers_out, size_t max_headerlen, char **body_out, size_t *body_used, size_t max_bodylen, int force_complete)
Definition: connection.c:3885
#define LOG_NOTICE
Definition: log.h:46
int connection_is_reading(connection_t *conn)
Definition: mainloop.c:511
#define LISTENER_STATE_READY
Definition: connection.h:82
#define SMARTLIST_DEL_CURRENT(sl, var)
const char * conn_state_to_string(int type, int state)
Definition: connection.c:273
Header file for mainloop.c.
int connection_dirserv_flushed_some(dir_connection_t *conn)
Definition: dirserv.c:860
void memwipe(void *mem, uint8_t byte, size_t sz)
Definition: crypto_util.c:57
int global_write_bucket_low(connection_t *conn, size_t attempt, int priority)
Definition: connection.c:3191
#define EXIT_PURPOSE_RESOLVE
#define DIR_CONN_STATE_CLIENT_SENDING
Definition: directory.h:21
#define SESSION_GROUP_FIRST_AUTO
Definition: or.h:983
void connection_or_about_to_close(or_connection_t *or_conn)
buf_t * buf_new(void)
Definition: buffers.c:363
struct buf_t * pending_optimistic_data
Header file for geoip.c.
int tor_addr_from_getsockname(struct tor_addr_t *addr_out, tor_socket_t sock)
Definition: socket.c:545
#define sandbox_intern_string(s)
Definition: sandbox.h:112
unsigned int purpose
Definition: connection_st.h:46
struct tor_tls_t * tls
or_connection_t * or_connection_new(int type, int socket_family)
Definition: connection.c:373
#define CONN_GET_TEMPLATE(var, test)
Definition: connection.c:4406
void connection_or_clear_identity(or_connection_t *conn)
edge_connection_t * TO_EDGE_CONN(connection_t *c)
int TokenBucketRefillInterval
void connection_dump_buffer_mem_stats(int severity)
Definition: connection.c:5169
#define ENTRY_TO_CONN(c)
Definition: or.h:738
or_connection_t * TO_OR_CONN(connection_t *c)
Header file for dnsserv.c.
size_t outbuf_flushlen
Definition: connection_st.h:96
STATIC void connection_free_minimal(connection_t *conn)
Definition: connection.c:569
void connection_unregister_events(connection_t *conn)
Definition: mainloop.c:278
static connection_t * connection_get_another_active_or_conn(const or_connection_t *this_conn)
Definition: connection.c:4562
int base64_encode(char *dest, size_t destlen, const char *src, size_t srclen, int flags)
Definition: binascii.c:215
control_connection_t * control_connection_new(int socket_family)
Definition: connection.c:424
unsigned int linked
Definition: connection_st.h:70
unsigned int active_on_link
Definition: connection_st.h:78
int connection_edge_finished_flushing(edge_connection_t *conn)
Header file for directory authority mode.
int connection_dir_finished_flushing(dir_connection_t *conn)
Definition: directory.c:407
int retry_all_listeners(smartlist_t *new_conns, int close_all_noncontrol)
Definition: connection.c:2887
int connection_wants_to_flush(connection_t *conn)
Definition: connection.c:3897
int buf_move_to_buf(buf_t *buf_out, buf_t *buf_in, size_t *buf_flushlen)
Definition: buffers.c:654
#define SOCKET_OK(s)
Definition: nettypes.h:39
static int connection_finished_flushing(connection_t *conn)
Definition: connection.c:4817
int connection_is_on_closeable_list(connection_t *conn)
Definition: mainloop.c:438
socks_request_t * socks_request
void connection_or_event_status(or_connection_t *conn, or_conn_status_event_t tp, int reason)
#define CONN_TYPE_EXT_OR
Definition: connection.h:51
Header file for hibernate.c.
Header file for policies.c.
char * Socks5Proxy
#define MAX_SOCKS5_AUTH_SIZE_TOTAL
Definition: connection.h:184
void connection_or_remove_from_ext_or_id_map(or_connection_t *conn)
uint16_t HTTPSProxyPort
#define LD_APP
Definition: log.h:74
#define OR_CONN_STATE_TLS_CLIENT_RENEGOTIATING
Definition: orconn_event.h:37
static int connection_is_rate_limited(connection_t *conn)
Definition: connection.c:3036
int control_event_general_status(int severity, const char *format,...)
Definition: control.c:6807
#define DIR_CONN_STATE_CLIENT_FINISHED
Definition: directory.h:25
void tor_tls_release_socket(tor_tls_t *tls)
Definition: tortls_nss.c:429
struct buf_t * inbuf
Definition: connection_st.h:93
int errno_to_orconn_end_reason(int e)
Definition: reasons.c:287
static void set_constrained_socket_buffers(tor_socket_t sock, int size)
Definition: connection.c:4743
Common functions for cryptographic routines.
int buf_get_line(buf_t *buf, char *data_out, size_t *data_len)
Definition: buffers.c:857
static int make_socket_reuseable(tor_socket_t sock)
Definition: connection.c:1154
Header file for channel.c.
struct config_line_t * ClientTransportPlugin
tor_assert(buffer)
static mainloop_event_t * reenable_blocked_connections_ev
Definition: connection.c:3477
int get_proxy_addrport(tor_addr_t *addr, uint16_t *port, int *proxy_type, const connection_t *conn)
Definition: connection.c:5370
static void connection_write_to_buf_commit(connection_t *conn, size_t len)
Definition: connection.c:4291
#define CONN_LOG_PROTECT(conn, stmt)
Definition: connection.h:326
uint16_t Socks4ProxyPort
#define LD_CONTROL
Definition: log.h:76
connection_t * connection_new(int type, int socket_family)
Definition: connection.c:448
#define CLIENT_IDLE_TIME_FOR_PRIORITY
Definition: connection.c:3057
static int connection_finished_connecting(connection_t *conn)
Definition: connection.c:4855
int connection_control_reached_eof(control_connection_t *conn)
Definition: control.c:5276
int dir_policy_permits_address(const tor_addr_t *addr)
Definition: policies.c:1099
Header file for routermode.c.
static ssize_t connection_bucket_read_limit(connection_t *conn, time_t now)
Definition: connection.c:3111
int tor_asprintf(char **strp, const char *fmt,...)
Definition: printf.c:75
const char * fmt_addrport(const tor_addr_t *addr, uint16_t port)
Definition: address.c:1157
void clear_broken_connection_map(int stop_recording)
#define CFG_AUTO_PORT
Definition: or.h:990
struct circuit_guard_state_t * guard_state
#define LD_CHANNEL
Definition: log.h:101
dir_connection_t * TO_DIR_CONN(connection_t *c)
Definition: directory.c:77
void buf_move_all(buf_t *buf_out, buf_t *buf_in)
Definition: buffers.c:687
int connection_control_process_inbuf(control_connection_t *conn)
Definition: control.c:5395
int conn_array_index
Definition: connection_st.h:89
int get_n_open_sockets(void)
Definition: socket.c:441
int connection_or_reached_eof(or_connection_t *conn)
Header file for sandbox.c.
#define CONTROL_CONN_STATE_NEEDAUTH
Definition: control.h:100
int connection_init_accepted_conn(connection_t *conn, const listener_connection_t *listener)
Definition: connection.c:1866
int buf_get_bytes(buf_t *buf, char *string, size_t string_len)
Definition: buffers.c:634
Header file for circuitbuild.c.
Master header file for Tor-specific functionality.
smartlist_t * connection_dir_list_by_purpose_resource_and_state(int purpose, const char *resource, int state)
Definition: connection.c:4543
int buf_add_compress(struct buf_t *buf, struct tor_compress_state_t *state, const char *data, size_t data_len, int done)
Definition: compress_buf.c:31
static void record_num_bytes_transferred_impl(connection_t *conn, time_t now, size_t num_read, size_t num_written)
Definition: connection.c:3233
void connection_check_oos(int n_socks, int failed)
Definition: connection.c:5085
void connection_close_immediate(connection_t *conn)
Definition: connection.c:841
#define LD_DIRSERV
Definition: log.h:86
void connection_exit_about_to_close(edge_connection_t *edge_conn)
Header file for circuitbuild.c.
int connection_ext_or_process_inbuf(or_connection_t *or_conn)
Definition: ext_orport.c:540
connection_t * connection_get_by_type(int type)
Definition: connection.c:4444
#define OR_CONN_STATE_OPEN
Definition: orconn_event.h:51
listener_connection_t * TO_LISTENER_CONN(connection_t *c)
Definition: connection.c:219
uint16_t marked_for_close
unsigned int chosen_exit_optional
static void connection_write_to_buf_failed(connection_t *conn)
Definition: connection.c:4262
#define AP_CONN_STATE_CIRCUIT_WAIT
uint16_t router_get_advertised_dir_port(const or_options_t *options, uint16_t dirport)
Definition: router.c:1457
char * HTTPSProxyAuthenticator
entry_connection_t * entry_connection_new(int type, int socket_family)
Definition: connection.c:394
int connection_buf_get_bytes(char *string, size_t len, connection_t *conn)
Definition: connection.c:3869
connection_t * connection_get_by_global_id(uint64_t id)
Definition: connection.c:4436
static int connection_handle_write_impl(connection_t *conn, int force)
Definition: connection.c:3968
Header file for rephist.c.
int buf_add(buf_t *buf, const char *string, size_t string_len)
Definition: buffers.c:525
void smartlist_remove(smartlist_t *sl, const void *element)
void connection_write_bw_exhausted(connection_t *conn, bool is_global_bw)
Definition: connection.c:3336
int buf_read_from_tls(buf_t *buf, tor_tls_t *tls, size_t at_most)
Definition: buffers_tls.c:64
void add_connection_to_closeable_list(connection_t *conn)
Definition: mainloop.c:427
Header file containing circuit and connection identifier data for the whole HS subsytem.
#define OR_CONN_STATE_PROXY_HANDSHAKING
Definition: orconn_event.h:31
#define AP_CONN_STATE_HTTP_CONNECT_WAIT
#define LOG_WARN
Definition: log.h:49
int tor_addr_is_null(const tor_addr_t *addr)
Definition: address.c:758
unsigned int type
Definition: connection_st.h:45
int token_bucket_rw_dec(token_bucket_rw_t *bucket, ssize_t n_read, ssize_t n_written)
Definition: token_bucket.c:249
void connection_consider_empty_write_buckets(connection_t *conn)
Definition: connection.c:3376
int connection_ap_process_transparent(entry_connection_t *conn)
int connection_read_proxy_handshake(connection_t *conn)
Definition: connection.c:2587
#define log_fn_ratelim(ratelim, severity, domain, args,...)
Definition: log.h:260
static void reenable_blocked_connections_cb(mainloop_event_t *ev, void *arg)
Definition: connection.c:3491
Header file for circuituse.c.
Header file for buffers_net.c.
connection_t * connection_get_by_type_state(int type, int state)
Definition: connection.c:4453
int parse_http_response(const char *headers, int *code, time_t *date, compress_method_t *compression, char **reason)
Definition: directory.c:264
int connection_in_array(connection_t *conn)
Definition: mainloop.c:445
#define CONN_TYPE_CONTROL
Definition: connection.h:40
static int get_proxy_type(void)
Definition: connection.c:2290
void mark_my_descriptor_dirty(const char *reason)
Definition: router.c:2244
int connection_connect(connection_t *conn, const char *address, const tor_addr_t *addr, uint16_t port, int *socket_error)
Definition: connection.c:2176
#define AP_CONN_STATE_SOCKS_WAIT
tor_addr_t Socks5ProxyAddr
Header file for circuitlist.c.
Headers for transports.c.
int connection_dir_process_inbuf(dir_connection_t *conn)
Definition: directory.c:347
int connection_state_is_open(connection_t *conn)
Definition: connection.c:4609
#define LD_OR
Definition: log.h:88
int tor_addr_is_loopback(const tor_addr_t *addr)
Definition: address.c:783
#define tor_socket_t
Definition: nettypes.h:36
int tor_digest_is_zero(const char *digest)
Definition: util_string.c:96
static const char * proxy_type_to_string(int proxy_type)
Definition: connection.c:5440
#define DIR_CONN_STATE_SERVER_COMMAND_WAIT
Definition: directory.h:27
#define OR_CONN_STATE_OR_HANDSHAKING_V2
Definition: orconn_event.h:45
void connection_read_bw_exhausted(connection_t *conn, bool is_global_bw)
Definition: connection.c:3321
#define CONN_TYPE_AP_HTTP_CONNECT_LISTENER
Definition: connection.h:55
static void connection_buckets_decrement(connection_t *conn, time_t now, size_t num_read, size_t num_written)
Definition: connection.c:3278
#define LOG_ERR
Definition: log.h:52
#define TOR_INVALID_SOCKET
Definition: nettypes.h:41
ssize_t connection_bucket_write_limit(connection_t *conn, time_t now)
Definition: connection.c:3141
#define LD_FS
Definition: log.h:66
void channel_notify_flushed(channel_t *chan)
Definition: channel.c:1776
void connection_or_set_ext_or_identifier(or_connection_t *conn)
tor_socket_t tor_open_socket_nonblocking(int domain, int type, int protocol)
Definition: socket.c:260
struct buf_t * outbuf
Definition: connection_st.h:94
int connection_edge_flushed_some(edge_connection_t *conn)
#define CONN_TYPE_AP_DNS_LISTENER
Definition: connection.h:48
#define LD_DIR
Definition: log.h:84
void connection_buf_add_buf(connection_t *conn, buf_t *buf)
Definition: connection.c:4357
struct event * write_event
Definition: connection_st.h:92
void connection_or_clear_ext_or_id_map(void)
int connection_outbuf_too_full(connection_t *conn)
Definition: connection.c:3907
Header file for connection_edge.c.
void connection_about_to_close_connection(connection_t *conn)
Definition: connection.c:810
void assert_connection_ok(connection_t *conn, time_t now)
Definition: connection.c:5218
static int connection_counts_as_relayed_traffic(connection_t *conn, time_t now)
Definition: connection.c:3064
char * Socks4Proxy
int ClientPreferIPv6DirPort
tor_socket_t tor_accept_socket_nonblocking(tor_socket_t sockfd, struct sockaddr *addr, socklen_t *len)
Definition: socket.c:367
int tor_snprintf(char *str, size_t size, const char *format,...)
Definition: printf.c:27
char * tor_addr_to_str_dup(const tor_addr_t *addr)
Definition: address.c:1122
static void reenable_blocked_connection_init(const or_options_t *options)
Definition: connection.c:3514
size_t buf_allocation(const buf_t *buf)
Definition: buffers.c:399
#define CELL_PAYLOAD_SIZE
Definition: or.h:576
void rep_hist_note_exit_bytes(uint16_t port, size_t num_written, size_t num_read)
Definition: rephist.c:1785
uint64_t BandwidthBurst
void rep_hist_note_or_conn_bytes(uint64_t conn_id, size_t num_read, size_t num_written, time_t when)
Definition: rephist.c:2330
Header file for relay.c.
#define SMARTLIST_FOREACH(sl, type, var, cmd)
int connection_or_flushed_some(or_connection_t *conn)
const char * escaped(const char *s)
Definition: escape.c:126
mainloop_event_t * mainloop_event_new(void(*cb)(mainloop_event_t *, void *), void *userdata)
int connection_or_finished_flushing(or_connection_t *conn)
void control_update_global_event_mask(void)
Definition: control.c:320
time_t timestamp_last_read_allowed
Definition: connection_st.h:98
static time_t write_buckets_last_empty_at
Definition: connection.c:3053
listener_connection_t * listener_connection_new(int type, int socket_family)
Definition: connection.c:436
void rep_hist_note_bytes_written(uint64_t num_bytes, time_t when)
Definition: rephist.c:1149
unsigned int linked_conn_is_closed
Definition: connection_st.h:81
#define fmt_addr(a)
Definition: address.h:211
void token_bucket_rw_adjust(token_bucket_rw_t *bucket, uint32_t rate, uint32_t burst)
Definition: token_bucket.c:152
#define log_fn(severity, domain, args,...)
Definition: log.h:255
static uint32_t last_refilled_global_buckets_ts
Definition: connection.c:3449
void buf_assert_ok(buf_t *buf)
Definition: buffers.c:893
#define AP_CONN_STATE_CONTROLLER_WAIT
channel_tls_t * chan
void rep_hist_note_dir_bytes_read(uint64_t num_bytes, time_t when)
Definition: rephist.c:1185
void smartlist_add_all(smartlist_t *s1, const smartlist_t *s2)
#define CONN_TYPE_EXIT
Definition: connection.h:26
static int listen_limit
Definition: connection.c:1200
#define EXIT_CONN_STATE_OPEN
#define AP_CONN_STATE_OPEN
struct event * read_event
Definition: connection_st.h:91
#define CASE_TOR_TLS_ERROR_ANY
Definition: tortls.h:62
Headers for tortls.c.
uint16_t Socks5ProxyPort
#define LOG_FN_CONN(conn, args)
Definition: control.h:122
int connection_control_finished_flushing(control_connection_t *conn)
Definition: control.c:5268
void connection_mark_for_close_(connection_t *conn, int line, const char *file)
Definition: connection.c:875
unsigned int in_connection_handle_write
Definition: connection_st.h:66
Header file for control.c.
void connection_expire_held_open(void)
Definition: connection.c:952
#define tor_addr_eq(a, b)
Definition: address.h:244
unsigned int hold_open_until_flushed
Definition: connection_st.h:56
#define OR_CONN_STATE_OR_HANDSHAKING_V3
Definition: orconn_event.h:49
int connection_is_writing(connection_t *conn)
Definition: mainloop.c:657
time_t approx_time(void)
Definition: approx_time.c:32
void tor_release_socket_ownership(tor_socket_t s)
Definition: socket.c:349
unsigned int is_transparent_ap
uint32_t magic
Definition: connection_st.h:41
int connection_edge_process_inbuf(edge_connection_t *conn, int package_partial)
#define LOG_DEBUG
Definition: log.h:38
const char * marked_for_close_file
int any_other_active_or_conns(const or_connection_t *this_conn)
Definition: connection.c:4574
time_t timestamp_created
int strcmp_opt(const char *s1, const char *s2)
Definition: util_string.c:191
static int check_sockaddr_family_match(sa_family_t got, connection_t *listener)
Definition: connection.c:1675
int buf_flush_to_tls(buf_t *buf, tor_tls_t *tls, size_t flushlen, size_t *buf_flushlen)
Definition: buffers_tls.c:142
void token_bucket_rw_init(token_bucket_rw_t *bucket, uint32_t rate, uint32_t burst, uint32_t now_ts)
Definition: token_bucket.c:137
#define CONN_IS_CLOSED(c)
Definition: connection.c:833
uint32_t n_read_conn_bw
Header file for buffers.c.
void connection_bucket_adjust(const or_options_t *options)
Definition: connection.c:3429
void connection_bucket_init(void)
Definition: connection.c:3404
Header file for reasons.c.
int mainloop_event_schedule(mainloop_event_t *event, const struct timeval *tv)
void log_failed_proxy_connection(connection_t *conn)
Definition: connection.c:5422
#define CONN_TYPE_DIR
Definition: connection.h:35
int conn_listener_type_supports_af_unix(int type)
Definition: connection.c:551
circuit_t * circuit_get_by_edge_conn(edge_connection_t *conn)
Definition: circuitlist.c:1576
Header file for connection_or.c.
#define CONN_TYPE_AP_LISTENER
Definition: connection.h:28
size_t buf_slack(const buf_t *buf)
Definition: buffers.c:412
tor_addr_t addr
Definition: transports.h:24
unsigned int in_flushed_some
Definition: connection_st.h:63
char * esc_for_log(const char *s)
Definition: escape.c:30
void tor_tls_get_n_raw_bytes(tor_tls_t *tls, size_t *n_read, size_t *n_written)
Definition: tortls_nss.c:622
int connection_or_process_inbuf(or_connection_t *conn)
static int connection_handle_read_impl(connection_t *conn)
Definition: connection.c:3554
void ip_address_changed(int at_interface)
Definition: mainloop.c:2762
smartlist_t * connection_dir_list_by_purpose_and_resource(int purpose, const char *resource)
Definition: connection.c:4525
#define LD_NET
Definition: log.h:62
int connection_edge_reached_eof(edge_connection_t *conn)
smartlist_t * ephemeral_onion_services
#define OR_CONN_STATE_CONNECTING
Definition: orconn_event.h:29
void connection_dir_about_to_close(dir_connection_t *dir_conn)
Definition: directory.c:389
void dnsserv_configure_listener(connection_t *conn)
Definition: dnsserv.c:391
#define tor_addr_to_in6_addr8(x)
Definition: address.h:129
void connection_free_all(void)
Definition: connection.c:5460
char unix_addr[FLEXIBLE_ARRAY_MEMBER]
Definition: port_cfg_st.h:31
int tor_tls_get_pending_bytes(tor_tls_t *tls)
Definition: tortls_nss.c:602
Header for compat_libevent.c.
int ConstrainedSockets
int buf_read_from_socket(buf_t *buf, tor_socket_t s, size_t at_most, int *reached_eof, int *socket_error)
Definition: buffers_net.c:243
#define DIR_CONN_STATE_CONNECTING
Definition: directory.h:19
static int check_sockaddr(const struct sockaddr *sa, int len, int level)
Definition: connection.c:1632
void tor_addr_copy(tor_addr_t *dest, const tor_addr_t *src)
Definition: address.c:892
static int reenable_blocked_connections_is_scheduled
Definition: connection.c:3480
uint64_t RelayBandwidthRate
#define CONN_TYPE_AP
Definition: connection.h:31
#define AP_CONN_STATE_NATD_WAIT
int socks_version
Definition: transports.h:19
int connection_proxy_connect(connection_t *conn, int type)
Definition: connection.c:2322
static int oos_victim_comparator_for_orconns(or_connection_t *a, or_connection_t *b)
Definition: connection.c:4905
Header file for rendclient.c.
static connection_t * connection_listener_new(const struct sockaddr *listensockaddr, socklen_t listensocklen, int type, const char *address, const port_cfg_t *portcfg, int *addr_in_use)
Definition: connection.c:1230
void buf_clear(buf_t *buf)
Definition: buffers.c:379
void smartlist_clear(smartlist_t *sl)
#define LD_PROTOCOL
Definition: log.h:68
int get_transport_by_bridge_addrport(const tor_addr_t *addr, uint16_t port, const transport_t **transport)
Definition: bridges.c:614
int connection_buf_get_line(connection_t *conn, char *data, size_t *data_len)
Definition: connection.c:3876
int connection_tls_continue_handshake(or_connection_t *conn)
#define CONN_TYPE_EXT_OR_LISTENER
Definition: connection.h:53
void smartlist_sort(smartlist_t *sl, int(*compare)(const void **a, const void **b))
Definition: