Tor  0.4.3.1-alpha-dev
connection.c
Go to the documentation of this file.
1 /* Copyright (c) 2001 Matej Pfajfar.
2  * Copyright (c) 2001-2004, Roger Dingledine.
3  * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson.
4  * Copyright (c) 2007-2020, The Tor Project, Inc. */
5 /* See LICENSE for licensing information */
6 
7 /**
8  * \file connection.c
9  * \brief General high-level functions to handle reading and writing
10  * on connections.
11  *
12  * Each connection (ideally) represents a TLS connection, a TCP socket, a unix
13  * socket, or a UDP socket on which reads and writes can occur. (But see
14  * connection_edge.c for cases where connections can also represent streams
15  * that do not have a corresponding socket.)
16  *
17  * The module implements the abstract type, connection_t. The subtypes are:
18  * <ul>
19  * <li>listener_connection_t, implemented here in connection.c
20  * <li>dir_connection_t, implemented in directory.c
21  * <li>or_connection_t, implemented in connection_or.c
22  * <li>edge_connection_t, implemented in connection_edge.c, along with
23  * its subtype(s):
24  * <ul><li>entry_connection_t, also implemented in connection_edge.c
25  * </ul>
26  * <li>control_connection_t, implemented in control.c
27  * </ul>
28  *
29  * The base type implemented in this module is responsible for basic
30  * rate limiting, flow control, and marshalling bytes onto and off of the
31  * network (either directly or via TLS).
32  *
33  * Connections are registered with the main loop with connection_add(). As
34  * they become able to read or write register the fact with the event main
35  * loop by calling connection_watch_events(), connection_start_reading(), or
36  * connection_start_writing(). When they no longer want to read or write,
37  * they call connection_stop_reading() or connection_stop_writing().
38  *
39  * To queue data to be written on a connection, call
40  * connection_buf_add(). When data arrives, the
41  * connection_process_inbuf() callback is invoked, which dispatches to a
42  * type-specific function (such as connection_edge_process_inbuf() for
43  * example). Connection types that need notice of when data has been written
44  * receive notification via connection_flushed_some() and
45  * connection_finished_flushing(). These functions all delegate to
46  * type-specific implementations.
47  *
48  * Additionally, beyond the core of connection_t, this module also implements:
49  * <ul>
50  * <li>Listeners, which wait for incoming sockets and launch connections
51  * <li>Outgoing SOCKS proxy support
52  * <li>Outgoing HTTP proxy support
53  * <li>An out-of-sockets handler for dealing with socket exhaustion
54  * </ul>
55  **/
56 
57 #define CONNECTION_PRIVATE
58 #include "core/or/or.h"
59 #include "feature/client/bridges.h"
60 #include "lib/buf/buffers.h"
61 #include "lib/tls/buffers_tls.h"
62 #include "lib/err/backtrace.h"
63 
64 /*
65  * Define this so we get channel internal functions, since we're implementing
66  * part of a subclass (channel_tls_t).
67  */
68 #define CHANNEL_OBJECT_PRIVATE
69 #include "app/config/config.h"
71 #include "core/mainloop/mainloop.h"
73 #include "core/or/channel.h"
74 #include "core/or/channeltls.h"
75 #include "core/or/circuitbuild.h"
76 #include "core/or/circuitlist.h"
77 #include "core/or/circuituse.h"
79 #include "core/or/connection_or.h"
80 #include "core/or/dos.h"
81 #include "core/or/policies.h"
82 #include "core/or/reasons.h"
83 #include "core/or/relay.h"
84 #include "core/or/crypt_path.h"
85 #include "core/proto/proto_haproxy.h"
86 #include "core/proto/proto_http.h"
87 #include "core/proto/proto_socks.h"
88 #include "feature/client/dnsserv.h"
97 #include "feature/hs/hs_common.h"
98 #include "feature/hs/hs_ident.h"
101 #include "feature/relay/dns.h"
104 #include "feature/rend/rendclient.h"
105 #include "feature/rend/rendcommon.h"
106 #include "feature/stats/rephist.h"
108 #include "lib/geoip/geoip.h"
109 
110 #include "lib/cc/ctassert.h"
111 #include "lib/sandbox/sandbox.h"
112 #include "lib/net/buffers_net.h"
113 #include "lib/tls/tortls.h"
115 #include "lib/compress/compress.h"
116 
117 #ifdef HAVE_PWD_H
118 #include <pwd.h>
119 #endif
120 
121 #ifdef HAVE_UNISTD_H
122 #include <unistd.h>
123 #endif
124 #ifdef HAVE_SYS_STAT_H
125 #include <sys/stat.h>
126 #endif
127 
128 #ifdef HAVE_SYS_UN_H
129 #include <sys/socket.h>
130 #include <sys/un.h>
131 #endif
132 
138 #include "core/or/port_cfg_st.h"
141 
142 /**
143  * On Windows and Linux we cannot reliably bind() a socket to an
144  * address and port if: 1) There's already a socket bound to wildcard
145  * address (0.0.0.0 or ::) with the same port; 2) We try to bind()
146  * to wildcard address and there's another socket bound to a
147  * specific address and the same port.
148  *
149  * To address this problem on these two platforms we implement a
150  * routine that:
151  * 1) Checks if first attempt to bind() a new socket failed with
152  * EADDRINUSE.
153  * 2) If so, it will close the appropriate old listener connection and
154  * 3) Attempts bind()'ing the new listener socket again.
155  *
156  * Just to be safe, we are enabling listener rebind code on all platforms,
157  * to account for unexpected cases where it may be needed.
158  */
159 #define ENABLE_LISTENER_REBIND
160 
162  const struct sockaddr *listensockaddr,
163  socklen_t listensocklen, int type,
164  const char *address,
165  const port_cfg_t *portcfg,
166  int *addr_in_use);
168  const port_cfg_t *port,
169  int *defer, int *addr_in_use);
170 static void connection_init(time_t now, connection_t *conn, int type,
171  int socket_family);
172 static int connection_handle_listener_read(connection_t *conn, int new_type);
174 static int connection_flushed_some(connection_t *conn);
176 static int connection_reached_eof(connection_t *conn);
178  ssize_t *max_to_read,
179  int *socket_error);
180 static int connection_process_inbuf(connection_t *conn, int package_partial);
182 static void set_constrained_socket_buffers(tor_socket_t sock, int size);
183 
184 static const char *connection_proxy_state_to_string(int state);
187 static const char *proxy_type_to_string(int proxy_type);
188 static int conn_get_proxy_type(const connection_t *conn);
190  const or_options_t *options, unsigned int conn_type);
191 static void reenable_blocked_connection_init(const or_options_t *options);
192 static void reenable_blocked_connection_schedule(void);
193 
194 /** The last addresses that our network interface seemed to have been
195  * binding to. We use this as one way to detect when our IP changes.
196  *
197  * XXXX+ We should really use the entire list of interfaces here.
198  **/
200 /* DOCDOC last_interface_ipv6 */
201 static tor_addr_t *last_interface_ipv6 = NULL;
202 /** A list of tor_addr_t for addresses we've used in outgoing connections.
203  * Used to detect IP address changes. */
205 
206 #define CASE_ANY_LISTENER_TYPE \
207  case CONN_TYPE_OR_LISTENER: \
208  case CONN_TYPE_EXT_OR_LISTENER: \
209  case CONN_TYPE_AP_LISTENER: \
210  case CONN_TYPE_DIR_LISTENER: \
211  case CONN_TYPE_CONTROL_LISTENER: \
212  case CONN_TYPE_AP_TRANS_LISTENER: \
213  case CONN_TYPE_AP_NATD_LISTENER: \
214  case CONN_TYPE_AP_DNS_LISTENER: \
215  case CONN_TYPE_AP_HTTP_CONNECT_LISTENER
216 
217 /**************************************************************/
218 
219 /** Convert a connection_t* to an listener_connection_t*; assert if the cast
220  * is invalid. */
223 {
224  tor_assert(c->magic == LISTENER_CONNECTION_MAGIC);
225  return DOWNCAST(listener_connection_t, c);
226 }
227 
228 size_t
229 connection_get_inbuf_len(connection_t *conn)
230 {
231  return conn->inbuf ? buf_datalen(conn->inbuf) : 0;
232 }
233 
234 size_t
235 connection_get_outbuf_len(connection_t *conn)
236 {
237  return conn->outbuf ? buf_datalen(conn->outbuf) : 0;
238 }
239 
240 /**
241  * Return the human-readable name for the connection type <b>type</b>
242  */
243 const char *
245 {
246  static char buf[64];
247  switch (type) {
248  case CONN_TYPE_OR_LISTENER: return "OR listener";
249  case CONN_TYPE_OR: return "OR";
250  case CONN_TYPE_EXIT: return "Exit";
251  case CONN_TYPE_AP_LISTENER: return "Socks listener";
253  return "Transparent pf/netfilter listener";
254  case CONN_TYPE_AP_NATD_LISTENER: return "Transparent natd listener";
255  case CONN_TYPE_AP_DNS_LISTENER: return "DNS listener";
256  case CONN_TYPE_AP: return "Socks";
257  case CONN_TYPE_DIR_LISTENER: return "Directory listener";
258  case CONN_TYPE_DIR: return "Directory";
259  case CONN_TYPE_CONTROL_LISTENER: return "Control listener";
260  case CONN_TYPE_CONTROL: return "Control";
261  case CONN_TYPE_EXT_OR: return "Extended OR";
262  case CONN_TYPE_EXT_OR_LISTENER: return "Extended OR listener";
263  case CONN_TYPE_AP_HTTP_CONNECT_LISTENER: return "HTTP tunnel listener";
264  default:
265  log_warn(LD_BUG, "unknown connection type %d", type);
266  tor_snprintf(buf, sizeof(buf), "unknown [%d]", type);
267  return buf;
268  }
269 }
270 
271 /**
272  * Return the human-readable name for the connection state <b>state</b>
273  * for the connection type <b>type</b>
274  */
275 const char *
276 conn_state_to_string(int type, int state)
277 {
278  static char buf[96];
279  switch (type) {
280  CASE_ANY_LISTENER_TYPE:
281  if (state == LISTENER_STATE_READY)
282  return "ready";
283  break;
284  case CONN_TYPE_OR:
285  switch (state) {
286  case OR_CONN_STATE_CONNECTING: return "connect()ing";
287  case OR_CONN_STATE_PROXY_HANDSHAKING: return "handshaking (proxy)";
288  case OR_CONN_STATE_TLS_HANDSHAKING: return "handshaking (TLS)";
290  return "renegotiating (TLS, v2 handshake)";
292  return "waiting for renegotiation or V3 handshake";
294  return "handshaking (Tor, v2 handshake)";
296  return "handshaking (Tor, v3 handshake)";
297  case OR_CONN_STATE_OPEN: return "open";
298  }
299  break;
300  case CONN_TYPE_EXT_OR:
301  switch (state) {
303  return "waiting for authentication type";
305  return "waiting for client nonce";
307  return "waiting for client hash";
308  case EXT_OR_CONN_STATE_OPEN: return "open";
309  case EXT_OR_CONN_STATE_FLUSHING: return "flushing final OKAY";
310  }
311  break;
312  case CONN_TYPE_EXIT:
313  switch (state) {
314  case EXIT_CONN_STATE_RESOLVING: return "waiting for dest info";
315  case EXIT_CONN_STATE_CONNECTING: return "connecting";
316  case EXIT_CONN_STATE_OPEN: return "open";
317  case EXIT_CONN_STATE_RESOLVEFAILED: return "resolve failed";
318  }
319  break;
320  case CONN_TYPE_AP:
321  switch (state) {
322  case AP_CONN_STATE_SOCKS_WAIT: return "waiting for socks info";
323  case AP_CONN_STATE_NATD_WAIT: return "waiting for natd dest info";
324  case AP_CONN_STATE_RENDDESC_WAIT: return "waiting for rendezvous desc";
325  case AP_CONN_STATE_CONTROLLER_WAIT: return "waiting for controller";
326  case AP_CONN_STATE_CIRCUIT_WAIT: return "waiting for circuit";
327  case AP_CONN_STATE_CONNECT_WAIT: return "waiting for connect response";
328  case AP_CONN_STATE_RESOLVE_WAIT: return "waiting for resolve response";
329  case AP_CONN_STATE_OPEN: return "open";
330  }
331  break;
332  case CONN_TYPE_DIR:
333  switch (state) {
334  case DIR_CONN_STATE_CONNECTING: return "connecting";
335  case DIR_CONN_STATE_CLIENT_SENDING: return "client sending";
336  case DIR_CONN_STATE_CLIENT_READING: return "client reading";
337  case DIR_CONN_STATE_CLIENT_FINISHED: return "client finished";
338  case DIR_CONN_STATE_SERVER_COMMAND_WAIT: return "waiting for command";
339  case DIR_CONN_STATE_SERVER_WRITING: return "writing";
340  }
341  break;
342  case CONN_TYPE_CONTROL:
343  switch (state) {
344  case CONTROL_CONN_STATE_OPEN: return "open (protocol v1)";
346  return "waiting for authentication (protocol v1)";
347  }
348  break;
349  }
350 
351  log_warn(LD_BUG, "unknown connection state %d (type %d)", state, type);
352  tor_snprintf(buf, sizeof(buf),
353  "unknown state [%d] on unknown [%s] connection",
354  state, conn_type_to_string(type));
355  return buf;
356 }
357 
358 /** Allocate and return a new dir_connection_t, initialized as by
359  * connection_init(). */
361 dir_connection_new(int socket_family)
362 {
363  dir_connection_t *dir_conn = tor_malloc_zero(sizeof(dir_connection_t));
364  connection_init(time(NULL), TO_CONN(dir_conn), CONN_TYPE_DIR, socket_family);
365  return dir_conn;
366 }
367 
368 /** Allocate and return a new or_connection_t, initialized as by
369  * connection_init().
370  *
371  * Initialize active_circuit_pqueue.
372  *
373  * Set active_circuit_pqueue_last_recalibrated to current cell_ewma tick.
374  */
376 or_connection_new(int type, int socket_family)
377 {
378  or_connection_t *or_conn = tor_malloc_zero(sizeof(or_connection_t));
379  time_t now = time(NULL);
380  tor_assert(type == CONN_TYPE_OR || type == CONN_TYPE_EXT_OR);
381  connection_init(now, TO_CONN(or_conn), type, socket_family);
382 
383  connection_or_set_canonical(or_conn, 0);
384 
385  if (type == CONN_TYPE_EXT_OR)
387 
388  return or_conn;
389 }
390 
391 /** Allocate and return a new entry_connection_t, initialized as by
392  * connection_init().
393  *
394  * Allocate space to store the socks_request.
395  */
397 entry_connection_new(int type, int socket_family)
398 {
399  entry_connection_t *entry_conn = tor_malloc_zero(sizeof(entry_connection_t));
400  tor_assert(type == CONN_TYPE_AP);
401  connection_init(time(NULL), ENTRY_TO_CONN(entry_conn), type, socket_family);
402  entry_conn->socks_request = socks_request_new();
403  /* If this is coming from a listener, we'll set it up based on the listener
404  * in a little while. Otherwise, we're doing this as a linked connection
405  * of some kind, and we should set it up here based on the socket family */
406  if (socket_family == AF_INET)
407  entry_conn->entry_cfg.ipv4_traffic = 1;
408  else if (socket_family == AF_INET6)
409  entry_conn->entry_cfg.ipv6_traffic = 1;
410  return entry_conn;
411 }
412 
413 /** Allocate and return a new edge_connection_t, initialized as by
414  * connection_init(). */
416 edge_connection_new(int type, int socket_family)
417 {
418  edge_connection_t *edge_conn = tor_malloc_zero(sizeof(edge_connection_t));
419  tor_assert(type == CONN_TYPE_EXIT);
420  connection_init(time(NULL), TO_CONN(edge_conn), type, socket_family);
421  return edge_conn;
422 }
423 
424 /** Allocate and return a new control_connection_t, initialized as by
425  * connection_init(). */
427 control_connection_new(int socket_family)
428 {
429  control_connection_t *control_conn =
430  tor_malloc_zero(sizeof(control_connection_t));
431  connection_init(time(NULL),
432  TO_CONN(control_conn), CONN_TYPE_CONTROL, socket_family);
433  return control_conn;
434 }
435 
436 /** Allocate and return a new listener_connection_t, initialized as by
437  * connection_init(). */
439 listener_connection_new(int type, int socket_family)
440 {
441  listener_connection_t *listener_conn =
442  tor_malloc_zero(sizeof(listener_connection_t));
443  connection_init(time(NULL), TO_CONN(listener_conn), type, socket_family);
444  return listener_conn;
445 }
446 
447 /** Allocate, initialize, and return a new connection_t subtype of <b>type</b>
448  * to make or receive connections of address family <b>socket_family</b>. The
449  * type should be one of the CONN_TYPE_* constants. */
450 connection_t *
451 connection_new(int type, int socket_family)
452 {
453  switch (type) {
454  case CONN_TYPE_OR:
455  case CONN_TYPE_EXT_OR:
456  return TO_CONN(or_connection_new(type, socket_family));
457 
458  case CONN_TYPE_EXIT:
459  return TO_CONN(edge_connection_new(type, socket_family));
460 
461  case CONN_TYPE_AP:
462  return ENTRY_TO_CONN(entry_connection_new(type, socket_family));
463 
464  case CONN_TYPE_DIR:
465  return TO_CONN(dir_connection_new(socket_family));
466 
467  case CONN_TYPE_CONTROL:
468  return TO_CONN(control_connection_new(socket_family));
469 
470  CASE_ANY_LISTENER_TYPE:
471  return TO_CONN(listener_connection_new(type, socket_family));
472 
473  default: {
474  connection_t *conn = tor_malloc_zero(sizeof(connection_t));
475  connection_init(time(NULL), conn, type, socket_family);
476  return conn;
477  }
478  }
479 }
480 
481 /** Initializes conn. (you must call connection_add() to link it into the main
482  * array).
483  *
484  * Set conn->magic to the correct value.
485  *
486  * Set conn->type to <b>type</b>. Set conn->s and conn->conn_array_index to
487  * -1 to signify they are not yet assigned.
488  *
489  * Initialize conn's timestamps to now.
490  */
491 static void
492 connection_init(time_t now, connection_t *conn, int type, int socket_family)
493 {
494  static uint64_t n_connections_allocated = 1;
495 
496  switch (type) {
497  case CONN_TYPE_OR:
498  case CONN_TYPE_EXT_OR:
499  conn->magic = OR_CONNECTION_MAGIC;
500  break;
501  case CONN_TYPE_EXIT:
502  conn->magic = EDGE_CONNECTION_MAGIC;
503  break;
504  case CONN_TYPE_AP:
505  conn->magic = ENTRY_CONNECTION_MAGIC;
506  break;
507  case CONN_TYPE_DIR:
508  conn->magic = DIR_CONNECTION_MAGIC;
509  break;
510  case CONN_TYPE_CONTROL:
511  conn->magic = CONTROL_CONNECTION_MAGIC;
512  break;
513  CASE_ANY_LISTENER_TYPE:
514  conn->magic = LISTENER_CONNECTION_MAGIC;
515  break;
516  default:
517  conn->magic = BASE_CONNECTION_MAGIC;
518  break;
519  }
520 
521  conn->s = TOR_INVALID_SOCKET; /* give it a default of 'not used' */
522  conn->conn_array_index = -1; /* also default to 'not used' */
523  conn->global_identifier = n_connections_allocated++;
524 
525  conn->type = type;
526  conn->socket_family = socket_family;
527  if (!connection_is_listener(conn)) {
528  /* listeners never use their buf */
529  conn->inbuf = buf_new();
530  conn->outbuf = buf_new();
531  }
532 
533  conn->timestamp_created = now;
534  conn->timestamp_last_read_allowed = now;
535  conn->timestamp_last_write_allowed = now;
536 }
537 
538 /** Create a link between <b>conn_a</b> and <b>conn_b</b>. */
539 void
541 {
542  tor_assert(! SOCKET_OK(conn_a->s));
543  tor_assert(! SOCKET_OK(conn_b->s));
544 
545  conn_a->linked = 1;
546  conn_b->linked = 1;
547  conn_a->linked_conn = conn_b;
548  conn_b->linked_conn = conn_a;
549 }
550 
551 /** Return true iff the provided connection listener type supports AF_UNIX
552  * sockets. */
553 int
555 {
556  /* For now only control ports or SOCKS ports can be Unix domain sockets
557  * and listeners at the same time */
558  switch (type) {
561  return 1;
562  default:
563  return 0;
564  }
565 }
566 
567 /** Deallocate memory used by <b>conn</b>. Deallocate its buffers if
568  * necessary, close its socket if necessary, and mark the directory as dirty
569  * if <b>conn</b> is an OR or OP connection.
570  */
571 STATIC void
573 {
574  void *mem;
575  size_t memlen;
576  if (!conn)
577  return;
578 
579  switch (conn->type) {
580  case CONN_TYPE_OR:
581  case CONN_TYPE_EXT_OR:
582  tor_assert(conn->magic == OR_CONNECTION_MAGIC);
583  mem = TO_OR_CONN(conn);
584  memlen = sizeof(or_connection_t);
585  break;
586  case CONN_TYPE_AP:
587  tor_assert(conn->magic == ENTRY_CONNECTION_MAGIC);
588  mem = TO_ENTRY_CONN(conn);
589  memlen = sizeof(entry_connection_t);
590  break;
591  case CONN_TYPE_EXIT:
592  tor_assert(conn->magic == EDGE_CONNECTION_MAGIC);
593  mem = TO_EDGE_CONN(conn);
594  memlen = sizeof(edge_connection_t);
595  break;
596  case CONN_TYPE_DIR:
597  tor_assert(conn->magic == DIR_CONNECTION_MAGIC);
598  mem = TO_DIR_CONN(conn);
599  memlen = sizeof(dir_connection_t);
600  break;
601  case CONN_TYPE_CONTROL:
602  tor_assert(conn->magic == CONTROL_CONNECTION_MAGIC);
603  mem = TO_CONTROL_CONN(conn);
604  memlen = sizeof(control_connection_t);
605  break;
606  CASE_ANY_LISTENER_TYPE:
607  tor_assert(conn->magic == LISTENER_CONNECTION_MAGIC);
608  mem = TO_LISTENER_CONN(conn);
609  memlen = sizeof(listener_connection_t);
610  break;
611  default:
612  tor_assert(conn->magic == BASE_CONNECTION_MAGIC);
613  mem = conn;
614  memlen = sizeof(connection_t);
615  break;
616  }
617 
618  if (conn->linked) {
619  log_info(LD_GENERAL, "Freeing linked %s connection [%s] with %d "
620  "bytes on inbuf, %d on outbuf.",
621  conn_type_to_string(conn->type),
622  conn_state_to_string(conn->type, conn->state),
623  (int)connection_get_inbuf_len(conn),
624  (int)connection_get_outbuf_len(conn));
625  }
626 
627  if (!connection_is_listener(conn)) {
628  buf_free(conn->inbuf);
629  buf_free(conn->outbuf);
630  } else {
631  if (conn->socket_family == AF_UNIX) {
632  /* For now only control and SOCKS ports can be Unix domain sockets
633  * and listeners at the same time */
635 
636  if (unlink(conn->address) < 0 && errno != ENOENT) {
637  log_warn(LD_NET, "Could not unlink %s: %s", conn->address,
638  strerror(errno));
639  }
640  }
641  }
642 
643  tor_free(conn->address);
644 
645  if (connection_speaks_cells(conn)) {
646  or_connection_t *or_conn = TO_OR_CONN(conn);
647  if (or_conn->tls) {
648  if (! SOCKET_OK(conn->s)) {
649  /* The socket has been closed by somebody else; we must tell the
650  * TLS object not to close it. */
651  tor_tls_release_socket(or_conn->tls);
652  } else {
653  /* The tor_tls_free() call below will close the socket; we must tell
654  * the code below not to close it a second time. */
656  conn->s = TOR_INVALID_SOCKET;
657  }
658  tor_tls_free(or_conn->tls);
659  or_conn->tls = NULL;
660  }
661  or_handshake_state_free(or_conn->handshake_state);
662  or_conn->handshake_state = NULL;
663  tor_free(or_conn->nickname);
664  if (or_conn->chan) {
665  /* Owww, this shouldn't happen, but... */
666  channel_t *base_chan = TLS_CHAN_TO_BASE(or_conn->chan);
667  tor_assert(base_chan);
668  log_info(LD_CHANNEL,
669  "Freeing orconn at %p, saw channel %p with ID "
670  "%"PRIu64 " left un-NULLed",
671  or_conn, base_chan,
672  base_chan->global_identifier);
673  if (!CHANNEL_FINISHED(base_chan)) {
674  channel_close_for_error(base_chan);
675  }
676 
677  or_conn->chan->conn = NULL;
678  or_conn->chan = NULL;
679  }
680  }
681  if (conn->type == CONN_TYPE_AP) {
682  entry_connection_t *entry_conn = TO_ENTRY_CONN(conn);
683  tor_free(entry_conn->chosen_exit_name);
684  tor_free(entry_conn->original_dest_address);
685  if (entry_conn->socks_request)
686  socks_request_free(entry_conn->socks_request);
687  if (entry_conn->pending_optimistic_data) {
688  buf_free(entry_conn->pending_optimistic_data);
689  }
690  if (entry_conn->sending_optimistic_data) {
691  buf_free(entry_conn->sending_optimistic_data);
692  }
693  }
694  if (CONN_IS_EDGE(conn)) {
695  rend_data_free(TO_EDGE_CONN(conn)->rend_data);
696  hs_ident_edge_conn_free(TO_EDGE_CONN(conn)->hs_ident);
697  }
698  if (conn->type == CONN_TYPE_CONTROL) {
699  control_connection_t *control_conn = TO_CONTROL_CONN(conn);
700  tor_free(control_conn->safecookie_client_hash);
701  tor_free(control_conn->incoming_cmd);
702  tor_free(control_conn->current_cmd);
703  if (control_conn->ephemeral_onion_services) {
704  SMARTLIST_FOREACH(control_conn->ephemeral_onion_services, char *, cp, {
705  memwipe(cp, 0, strlen(cp));
706  tor_free(cp);
707  });
708  smartlist_free(control_conn->ephemeral_onion_services);
709  }
710  }
711 
712  /* Probably already freed by connection_free. */
713  tor_event_free(conn->read_event);
714  tor_event_free(conn->write_event);
715  conn->read_event = conn->write_event = NULL;
716 
717  if (conn->type == CONN_TYPE_DIR) {
718  dir_connection_t *dir_conn = TO_DIR_CONN(conn);
719  tor_free(dir_conn->requested_resource);
720 
721  tor_compress_free(dir_conn->compress_state);
722  dir_conn_clear_spool(dir_conn);
723 
724  rend_data_free(dir_conn->rend_data);
725  hs_ident_dir_conn_free(dir_conn->hs_ident);
726  if (dir_conn->guard_state) {
727  /* Cancel before freeing, if it's still there. */
728  entry_guard_cancel(&dir_conn->guard_state);
729  }
730  circuit_guard_state_free(dir_conn->guard_state);
731  }
732 
733  if (SOCKET_OK(conn->s)) {
734  log_debug(LD_NET,"closing fd %d.",(int)conn->s);
735  tor_close_socket(conn->s);
736  conn->s = TOR_INVALID_SOCKET;
737  }
738 
739  if (conn->type == CONN_TYPE_OR &&
740  !tor_digest_is_zero(TO_OR_CONN(conn)->identity_digest)) {
741  log_warn(LD_BUG, "called on OR conn with non-zeroed identity_digest");
743  }
744  if (conn->type == CONN_TYPE_OR || conn->type == CONN_TYPE_EXT_OR) {
746  tor_free(TO_OR_CONN(conn)->ext_or_conn_id);
747  tor_free(TO_OR_CONN(conn)->ext_or_auth_correct_client_hash);
748  tor_free(TO_OR_CONN(conn)->ext_or_transport);
749  }
750 
751  memwipe(mem, 0xCC, memlen); /* poison memory */
752  tor_free(mem);
753 }
754 
755 /** Make sure <b>conn</b> isn't in any of the global conn lists; then free it.
756  */
757 MOCK_IMPL(void,
759 {
760  if (!conn)
761  return;
764  if (BUG(conn->linked_conn)) {
765  conn->linked_conn->linked_conn = NULL;
766  if (! conn->linked_conn->marked_for_close &&
769  conn->linked_conn = NULL;
770  }
771  if (connection_speaks_cells(conn)) {
772  if (!tor_digest_is_zero(TO_OR_CONN(conn)->identity_digest)) {
774  }
775  }
776  if (conn->type == CONN_TYPE_CONTROL) {
778  }
779 #if 1
780  /* DEBUGGING */
781  if (conn->type == CONN_TYPE_AP) {
782  connection_ap_warn_and_unmark_if_pending_circ(TO_ENTRY_CONN(conn),
783  "connection_free");
784  }
785 #endif /* 1 */
786 
787  /* Notify the circuit creation DoS mitigation subsystem that an OR client
788  * connection has been closed. And only do that if we track it. */
789  if (conn->type == CONN_TYPE_OR) {
790  dos_close_client_conn(TO_OR_CONN(conn));
791  }
792 
795 }
796 
797 /**
798  * Called when we're about to finally unlink and free a connection:
799  * perform necessary accounting and cleanup
800  * - Directory conns that failed to fetch a rendezvous descriptor
801  * need to inform pending rendezvous streams.
802  * - OR conns need to call rep_hist_note_*() to record status.
803  * - AP conns need to send a socks reject if necessary.
804  * - Exit conns need to call connection_dns_remove() if necessary.
805  * - AP and Exit conns need to send an end cell if they can.
806  * - DNS conns need to fail any resolves that are pending on them.
807  * - OR and edge connections need to be unlinked from circuits.
808  */
809 void
811 {
813 
814  switch (conn->type) {
815  case CONN_TYPE_DIR:
817  break;
818  case CONN_TYPE_OR:
819  case CONN_TYPE_EXT_OR:
821  break;
822  case CONN_TYPE_AP:
823  connection_ap_about_to_close(TO_ENTRY_CONN(conn));
824  break;
825  case CONN_TYPE_EXIT:
827  break;
828  }
829 }
830 
831 /** Return true iff connection_close_immediate() has been called on this
832  * connection. */
833 #define CONN_IS_CLOSED(c) \
834  ((c)->linked ? ((c)->linked_conn_is_closed) : (! SOCKET_OK(c->s)))
835 
836 /** Close the underlying socket for <b>conn</b>, so we don't try to
837  * flush it. Must be used in conjunction with (right before)
838  * connection_mark_for_close().
839  */
840 void
842 {
843  assert_connection_ok(conn,0);
844  if (CONN_IS_CLOSED(conn)) {
845  log_err(LD_BUG,"Attempt to close already-closed connection.");
847  return;
848  }
849  if (conn->outbuf_flushlen) {
850  log_info(LD_NET,"fd %d, type %s, state %s, %d bytes on outbuf.",
851  (int)conn->s, conn_type_to_string(conn->type),
852  conn_state_to_string(conn->type, conn->state),
853  (int)conn->outbuf_flushlen);
854  }
855 
857 
858  /* Prevent the event from getting unblocked. */
859  conn->read_blocked_on_bw = 0;
860  conn->write_blocked_on_bw = 0;
861 
862  if (SOCKET_OK(conn->s))
863  tor_close_socket(conn->s);
864  conn->s = TOR_INVALID_SOCKET;
865  if (conn->linked)
866  conn->linked_conn_is_closed = 1;
867  if (conn->outbuf)
868  buf_clear(conn->outbuf);
869  conn->outbuf_flushlen = 0;
870 }
871 
872 /** Mark <b>conn</b> to be closed next time we loop through
873  * conn_close_if_marked() in main.c. */
874 void
875 connection_mark_for_close_(connection_t *conn, int line, const char *file)
876 {
877  assert_connection_ok(conn,0);
878  tor_assert(line);
879  tor_assert(line < 1<<16); /* marked_for_close can only fit a uint16_t. */
880  tor_assert(file);
881 
882  if (conn->type == CONN_TYPE_OR) {
883  /*
884  * An or_connection should have been closed through one of the channel-
885  * aware functions in connection_or.c. We'll assume this is an error
886  * close and do that, and log a bug warning.
887  */
888  log_warn(LD_CHANNEL | LD_BUG,
889  "Something tried to close an or_connection_t without going "
890  "through channels at %s:%d",
891  file, line);
893  } else {
894  /* Pass it down to the real function */
895  connection_mark_for_close_internal_(conn, line, file);
896  }
897 }
898 
899 /** Mark <b>conn</b> to be closed next time we loop through
900  * conn_close_if_marked() in main.c.
901  *
902  * This _internal version bypasses the CONN_TYPE_OR checks; this should be
903  * called when you either are sure that if this is an or_connection_t the
904  * controlling channel has been notified (e.g. with
905  * connection_or_notify_error()), or you actually are the
906  * connection_or_close_for_error() or connection_or_close_normally() function.
907  * For all other cases, use connection_mark_and_flush() which checks for
908  * or_connection_t properly, instead. See below.
909  *
910  * We want to keep this function simple and quick, since it can be called from
911  * quite deep in the call chain, and hence it should avoid having side-effects
912  * that interfere with its callers view of the connection.
913  */
914 MOCK_IMPL(void,
916  int line, const char *file))
917 {
918  assert_connection_ok(conn,0);
919  tor_assert(line);
920  tor_assert(line < 1<<16); /* marked_for_close can only fit a uint16_t. */
921  tor_assert(file);
922 
923  if (conn->marked_for_close) {
924  log_warn(LD_BUG,"Duplicate call to connection_mark_for_close at %s:%d"
925  " (first at %s:%d)", file, line, conn->marked_for_close_file,
926  conn->marked_for_close);
928  return;
929  }
930 
931  if (conn->type == CONN_TYPE_OR) {
932  /*
933  * Bad news if this happens without telling the controlling channel; do
934  * this so we can find things that call this wrongly when the asserts hit.
935  */
936  log_debug(LD_CHANNEL,
937  "Calling connection_mark_for_close_internal_() on an OR conn "
938  "at %s:%d",
939  file, line);
940  }
941 
942  conn->marked_for_close = line;
943  conn->marked_for_close_file = file;
945 
946  /* in case we're going to be held-open-til-flushed, reset
947  * the number of seconds since last successful write, so
948  * we get our whole 15 seconds */
949  conn->timestamp_last_write_allowed = time(NULL);
950 }
951 
952 /** Find each connection that has hold_open_until_flushed set to
953  * 1 but hasn't written in the past 15 seconds, and set
954  * hold_open_until_flushed to 0. This means it will get cleaned
955  * up in the next loop through close_if_marked() in main.c.
956  */
957 void
959 {
960  time_t now;
962 
963  now = time(NULL);
964 
965  SMARTLIST_FOREACH_BEGIN(conns, connection_t *, conn) {
966  /* If we've been holding the connection open, but we haven't written
967  * for 15 seconds...
968  */
969  if (conn->hold_open_until_flushed) {
971  if (now - conn->timestamp_last_write_allowed >= 15) {
972  int severity;
973  if (conn->type == CONN_TYPE_EXIT ||
974  (conn->type == CONN_TYPE_DIR &&
975  conn->purpose == DIR_PURPOSE_SERVER))
976  severity = LOG_INFO;
977  else
978  severity = LOG_NOTICE;
979  log_fn(severity, LD_NET,
980  "Giving up on marked_for_close conn that's been flushing "
981  "for 15s (fd %d, type %s, state %s).",
982  (int)conn->s, conn_type_to_string(conn->type),
983  conn_state_to_string(conn->type, conn->state));
984  conn->hold_open_until_flushed = 0;
985  }
986  }
987  } SMARTLIST_FOREACH_END(conn);
988 }
989 
990 #if defined(HAVE_SYS_UN_H) || defined(RUNNING_DOXYGEN)
991 /** Create an AF_UNIX listenaddr struct.
992  * <b>listenaddress</b> provides the path to the Unix socket.
993  *
994  * Eventually <b>listenaddress</b> will also optionally contain user, group,
995  * and file permissions for the new socket. But not yet. XXX
996  * Also, since we do not create the socket here the information doesn't help
997  * here.
998  *
999  * If not NULL <b>readable_address</b> will contain a copy of the path part of
1000  * <b>listenaddress</b>.
1001  *
1002  * The listenaddr struct has to be freed by the caller.
1003  */
1004 static struct sockaddr_un *
1005 create_unix_sockaddr(const char *listenaddress, char **readable_address,
1006  socklen_t *len_out)
1007 {
1008  struct sockaddr_un *sockaddr = NULL;
1009 
1010  sockaddr = tor_malloc_zero(sizeof(struct sockaddr_un));
1011  sockaddr->sun_family = AF_UNIX;
1012  if (strlcpy(sockaddr->sun_path, listenaddress, sizeof(sockaddr->sun_path))
1013  >= sizeof(sockaddr->sun_path)) {
1014  log_warn(LD_CONFIG, "Unix socket path '%s' is too long to fit.",
1015  escaped(listenaddress));
1016  tor_free(sockaddr);
1017  return NULL;
1018  }
1019 
1020  if (readable_address)
1021  *readable_address = tor_strdup(listenaddress);
1022 
1023  *len_out = sizeof(struct sockaddr_un);
1024  return sockaddr;
1025 }
1026 #else /* !(defined(HAVE_SYS_UN_H) || defined(RUNNING_DOXYGEN)) */
1027 static struct sockaddr *
1028 create_unix_sockaddr(const char *listenaddress, char **readable_address,
1029  socklen_t *len_out)
1030 {
1031  (void)listenaddress;
1032  (void)readable_address;
1034  "Unix domain sockets not supported, yet we tried to create one.");
1035  *len_out = 0;
1037  return NULL;
1038 }
1039 #endif /* defined(HAVE_SYS_UN_H) || defined(RUNNING_DOXYGEN) */
1040 
1041 /** Warn that an accept or a connect has failed because we're running out of
1042  * TCP sockets we can use on current system. Rate-limit these warnings so
1043  * that we don't spam the log. */
1044 static void
1046 {
1047 #define WARN_TOO_MANY_CONNS_INTERVAL (6*60*60)
1048  static ratelim_t last_warned = RATELIM_INIT(WARN_TOO_MANY_CONNS_INTERVAL);
1049  char *m;
1050  if ((m = rate_limit_log(&last_warned, approx_time()))) {
1051  int n_conns = get_n_open_sockets();
1052  log_warn(LD_NET,"Failing because we have %d connections already. Please "
1053  "read doc/TUNING for guidance.%s", n_conns, m);
1054  tor_free(m);
1055  control_event_general_status(LOG_WARN, "TOO_MANY_CONNECTIONS CURRENT=%d",
1056  n_conns);
1057  }
1058 }
1059 
1060 #ifdef HAVE_SYS_UN_H
1061 
1062 #define UNIX_SOCKET_PURPOSE_CONTROL_SOCKET 0
1063 #define UNIX_SOCKET_PURPOSE_SOCKS_SOCKET 1
1064 
1065 /** Check if the purpose isn't one of the ones we know what to do with */
1066 
1067 static int
1068 is_valid_unix_socket_purpose(int purpose)
1069 {
1070  int valid = 0;
1071 
1072  switch (purpose) {
1073  case UNIX_SOCKET_PURPOSE_CONTROL_SOCKET:
1074  case UNIX_SOCKET_PURPOSE_SOCKS_SOCKET:
1075  valid = 1;
1076  break;
1077  }
1078 
1079  return valid;
1080 }
1081 
1082 /** Return a string description of a unix socket purpose */
1083 static const char *
1084 unix_socket_purpose_to_string(int purpose)
1085 {
1086  const char *s = "unknown-purpose socket";
1087 
1088  switch (purpose) {
1089  case UNIX_SOCKET_PURPOSE_CONTROL_SOCKET:
1090  s = "control socket";
1091  break;
1092  case UNIX_SOCKET_PURPOSE_SOCKS_SOCKET:
1093  s = "SOCKS socket";
1094  break;
1095  }
1096 
1097  return s;
1098 }
1099 
1100 /** Check whether we should be willing to open an AF_UNIX socket in
1101  * <b>path</b>. Return 0 if we should go ahead and -1 if we shouldn't. */
1102 static int
1103 check_location_for_unix_socket(const or_options_t *options, const char *path,
1104  int purpose, const port_cfg_t *port)
1105 {
1106  int r = -1;
1107  char *p = NULL;
1108 
1109  tor_assert(is_valid_unix_socket_purpose(purpose));
1110 
1111  p = tor_strdup(path);
1112  cpd_check_t flags = CPD_CHECK_MODE_ONLY;
1113  if (get_parent_directory(p)<0 || p[0] != '/') {
1114  log_warn(LD_GENERAL, "Bad unix socket address '%s'. Tor does not support "
1115  "relative paths for unix sockets.", path);
1116  goto done;
1117  }
1118 
1119  if (port->is_world_writable) {
1120  /* World-writable sockets can go anywhere. */
1121  r = 0;
1122  goto done;
1123  }
1124 
1125  if (port->is_group_writable) {
1126  flags |= CPD_GROUP_OK;
1127  }
1128 
1129  if (port->relax_dirmode_check) {
1130  flags |= CPD_RELAX_DIRMODE_CHECK;
1131  }
1132 
1133  if (check_private_dir(p, flags, options->User) < 0) {
1134  char *escpath, *escdir;
1135  escpath = esc_for_log(path);
1136  escdir = esc_for_log(p);
1137  log_warn(LD_GENERAL, "Before Tor can create a %s in %s, the directory "
1138  "%s needs to exist, and to be accessible only by the user%s "
1139  "account that is running Tor. (On some Unix systems, anybody "
1140  "who can list a socket can connect to it, so Tor is being "
1141  "careful.)",
1142  unix_socket_purpose_to_string(purpose), escpath, escdir,
1143  port->is_group_writable ? " and group" : "");
1144  tor_free(escpath);
1145  tor_free(escdir);
1146  goto done;
1147  }
1148 
1149  r = 0;
1150  done:
1151  tor_free(p);
1152  return r;
1153 }
1154 #endif /* defined(HAVE_SYS_UN_H) */
1155 
1156 /** Tell the TCP stack that it shouldn't wait for a long time after
1157  * <b>sock</b> has closed before reusing its port. Return 0 on success,
1158  * -1 on failure. */
1159 static int
1161 {
1162 #ifdef _WIN32
1163  (void) sock;
1164  return 0;
1165 #else
1166  int one=1;
1167 
1168  /* REUSEADDR on normal places means you can rebind to the port
1169  * right after somebody else has let it go. But REUSEADDR on win32
1170  * means you can bind to the port _even when somebody else
1171  * already has it bound_. So, don't do that on Win32. */
1172  if (setsockopt(sock, SOL_SOCKET, SO_REUSEADDR, (void*) &one,
1173  (socklen_t)sizeof(one)) == -1) {
1174  return -1;
1175  }
1176  return 0;
1177 #endif /* defined(_WIN32) */
1178 }
1179 
1180 #ifdef _WIN32
1181 /** Tell the Windows TCP stack to prevent other applications from receiving
1182  * traffic from tor's open ports. Return 0 on success, -1 on failure. */
1183 static int
1184 make_win32_socket_exclusive(tor_socket_t sock)
1185 {
1186 #ifdef SO_EXCLUSIVEADDRUSE
1187  int one=1;
1188 
1189  /* Any socket that sets REUSEADDR on win32 can bind to a port _even when
1190  * somebody else already has it bound_, and _even if the original socket
1191  * didn't set REUSEADDR_. Use EXCLUSIVEADDRUSE to prevent this port-stealing
1192  * on win32. */
1193  if (setsockopt(sock, SOL_SOCKET, SO_EXCLUSIVEADDRUSE, (void*) &one,
1194  (socklen_t)sizeof(one))) {
1195  return -1;
1196  }
1197  return 0;
1198 #else /* !defined(SO_EXCLUSIVEADDRUSE) */
1199  (void) sock;
1200  return 0;
1201 #endif /* defined(SO_EXCLUSIVEADDRUSE) */
1202 }
1203 #endif /* defined(_WIN32) */
1204 
1205 /** Max backlog to pass to listen. We start at */
1206 static int listen_limit = INT_MAX;
1207 
1208 /* Listen on <b>fd</b> with appropriate backlog. Return as for listen. */
1209 static int
1210 tor_listen(tor_socket_t fd)
1211 {
1212  int r;
1213 
1214  if ((r = listen(fd, listen_limit)) < 0) {
1215  if (listen_limit == SOMAXCONN)
1216  return r;
1217  if ((r = listen(fd, SOMAXCONN)) == 0) {
1218  listen_limit = SOMAXCONN;
1219  log_warn(LD_NET, "Setting listen backlog to INT_MAX connections "
1220  "didn't work, but SOMAXCONN did. Lowering backlog limit.");
1221  }
1222  }
1223  return r;
1224 }
1225 
1226 /** Bind a new non-blocking socket listening to the socket described
1227  * by <b>listensockaddr</b>.
1228  *
1229  * <b>address</b> is only used for logging purposes and to add the information
1230  * to the conn.
1231  *
1232  * Set <b>addr_in_use</b> to true in case socket binding fails with
1233  * EADDRINUSE.
1234  */
1235 static connection_t *
1236 connection_listener_new(const struct sockaddr *listensockaddr,
1237  socklen_t socklen,
1238  int type, const char *address,
1239  const port_cfg_t *port_cfg,
1240  int *addr_in_use)
1241 {
1242  listener_connection_t *lis_conn;
1243  connection_t *conn = NULL;
1244  tor_socket_t s = TOR_INVALID_SOCKET; /* the socket we're going to make */
1245  or_options_t const *options = get_options();
1246  (void) options; /* Windows doesn't use this. */
1247 #if defined(HAVE_PWD_H) && defined(HAVE_SYS_UN_H)
1248  const struct passwd *pw = NULL;
1249 #endif
1250  uint16_t usePort = 0, gotPort = 0;
1251  int start_reading = 0;
1252  static int global_next_session_group = SESSION_GROUP_FIRST_AUTO;
1253  tor_addr_t addr;
1254  int exhaustion = 0;
1255 
1256  if (addr_in_use)
1257  *addr_in_use = 0;
1258 
1259  if (listensockaddr->sa_family == AF_INET ||
1260  listensockaddr->sa_family == AF_INET6) {
1261  int is_stream = (type != CONN_TYPE_AP_DNS_LISTENER);
1262  if (is_stream)
1263  start_reading = 1;
1264 
1265  tor_addr_from_sockaddr(&addr, listensockaddr, &usePort);
1266  log_notice(LD_NET, "Opening %s on %s",
1267  conn_type_to_string(type), fmt_addrport(&addr, usePort));
1268 
1270  is_stream ? SOCK_STREAM : SOCK_DGRAM,
1271  is_stream ? IPPROTO_TCP: IPPROTO_UDP);
1272  if (!SOCKET_OK(s)) {
1273  int e = tor_socket_errno(s);
1274  if (ERRNO_IS_RESOURCE_LIMIT(e)) {
1276  /*
1277  * We'll call the OOS handler at the error exit, so set the
1278  * exhaustion flag for it.
1279  */
1280  exhaustion = 1;
1281  } else {
1282  log_warn(LD_NET, "Socket creation failed: %s",
1283  tor_socket_strerror(e));
1284  }
1285  goto err;
1286  }
1287 
1288  if (make_socket_reuseable(s) < 0) {
1289  log_warn(LD_NET, "Error setting SO_REUSEADDR flag on %s: %s",
1290  conn_type_to_string(type),
1291  tor_socket_strerror(errno));
1292  }
1293 
1294 #ifdef _WIN32
1295  if (make_win32_socket_exclusive(s) < 0) {
1296  log_warn(LD_NET, "Error setting SO_EXCLUSIVEADDRUSE flag on %s: %s",
1297  conn_type_to_string(type),
1298  tor_socket_strerror(errno));
1299  }
1300 #endif /* defined(_WIN32) */
1301 
1302 #if defined(USE_TRANSPARENT) && defined(IP_TRANSPARENT)
1303  if (options->TransProxyType_parsed == TPT_TPROXY &&
1304  type == CONN_TYPE_AP_TRANS_LISTENER) {
1305  int one = 1;
1306  if (setsockopt(s, SOL_IP, IP_TRANSPARENT, (void*)&one,
1307  (socklen_t)sizeof(one)) < 0) {
1308  const char *extra = "";
1309  int e = tor_socket_errno(s);
1310  if (e == EPERM)
1311  extra = "TransTPROXY requires root privileges or similar"
1312  " capabilities.";
1313  log_warn(LD_NET, "Error setting IP_TRANSPARENT flag: %s.%s",
1314  tor_socket_strerror(e), extra);
1315  }
1316  }
1317 #endif /* defined(USE_TRANSPARENT) && defined(IP_TRANSPARENT) */
1318 
1319 #ifdef IPV6_V6ONLY
1320  if (listensockaddr->sa_family == AF_INET6) {
1321  int one = 1;
1322  /* We need to set IPV6_V6ONLY so that this socket can't get used for
1323  * IPv4 connections. */
1324  if (setsockopt(s,IPPROTO_IPV6, IPV6_V6ONLY,
1325  (void*)&one, (socklen_t)sizeof(one)) < 0) {
1326  int e = tor_socket_errno(s);
1327  log_warn(LD_NET, "Error setting IPV6_V6ONLY flag: %s",
1328  tor_socket_strerror(e));
1329  /* Keep going; probably not harmful. */
1330  }
1331  }
1332 #endif /* defined(IPV6_V6ONLY) */
1333 
1334  if (bind(s,listensockaddr,socklen) < 0) {
1335  const char *helpfulhint = "";
1336  int e = tor_socket_errno(s);
1337  if (ERRNO_IS_EADDRINUSE(e)) {
1338  helpfulhint = ". Is Tor already running?";
1339  if (addr_in_use)
1340  *addr_in_use = 1;
1341  }
1342  log_warn(LD_NET, "Could not bind to %s:%u: %s%s", address, usePort,
1343  tor_socket_strerror(e), helpfulhint);
1344  goto err;
1345  }
1346 
1347  if (is_stream) {
1348  if (tor_listen(s) < 0) {
1349  log_warn(LD_NET, "Could not listen on %s:%u: %s", address, usePort,
1350  tor_socket_strerror(tor_socket_errno(s)));
1351  goto err;
1352  }
1353  }
1354 
1355  if (usePort != 0) {
1356  gotPort = usePort;
1357  } else {
1358  tor_addr_t addr2;
1359  struct sockaddr_storage ss;
1360  socklen_t ss_len=sizeof(ss);
1361  if (getsockname(s, (struct sockaddr*)&ss, &ss_len)<0) {
1362  log_warn(LD_NET, "getsockname() couldn't learn address for %s: %s",
1363  conn_type_to_string(type),
1364  tor_socket_strerror(tor_socket_errno(s)));
1365  gotPort = 0;
1366  }
1367  tor_addr_from_sockaddr(&addr2, (struct sockaddr*)&ss, &gotPort);
1368  }
1369 #ifdef HAVE_SYS_UN_H
1370  /*
1371  * AF_UNIX generic setup stuff
1372  */
1373  } else if (listensockaddr->sa_family == AF_UNIX) {
1374  /* We want to start reading for both AF_UNIX cases */
1375  start_reading = 1;
1376 
1378 
1379  if (check_location_for_unix_socket(options, address,
1380  (type == CONN_TYPE_CONTROL_LISTENER) ?
1381  UNIX_SOCKET_PURPOSE_CONTROL_SOCKET :
1382  UNIX_SOCKET_PURPOSE_SOCKS_SOCKET, port_cfg) < 0) {
1383  goto err;
1384  }
1385 
1386  log_notice(LD_NET, "Opening %s on %s",
1387  conn_type_to_string(type), address);
1388 
1389  tor_addr_make_unspec(&addr);
1390 
1391  if (unlink(address) < 0 && errno != ENOENT) {
1392  log_warn(LD_NET, "Could not unlink %s: %s", address,
1393  strerror(errno));
1394  goto err;
1395  }
1396 
1397  s = tor_open_socket_nonblocking(AF_UNIX, SOCK_STREAM, 0);
1398  if (! SOCKET_OK(s)) {
1399  int e = tor_socket_errno(s);
1400  if (ERRNO_IS_RESOURCE_LIMIT(e)) {
1402  /*
1403  * We'll call the OOS handler at the error exit, so set the
1404  * exhaustion flag for it.
1405  */
1406  exhaustion = 1;
1407  } else {
1408  log_warn(LD_NET,"Socket creation failed: %s.", strerror(e));
1409  }
1410  goto err;
1411  }
1412 
1413  if (bind(s, listensockaddr,
1414  (socklen_t)sizeof(struct sockaddr_un)) == -1) {
1415  log_warn(LD_NET,"Bind to %s failed: %s.", address,
1416  tor_socket_strerror(tor_socket_errno(s)));
1417  goto err;
1418  }
1419 
1420 #ifdef HAVE_PWD_H
1421  if (options->User) {
1422  pw = tor_getpwnam(options->User);
1423  struct stat st;
1424  if (pw == NULL) {
1425  log_warn(LD_NET,"Unable to chown() %s socket: user %s not found.",
1426  address, options->User);
1427  goto err;
1428  } else if (fstat(s, &st) == 0 &&
1429  st.st_uid == pw->pw_uid && st.st_gid == pw->pw_gid) {
1430  /* No change needed */
1431  } else if (chown(sandbox_intern_string(address),
1432  pw->pw_uid, pw->pw_gid) < 0) {
1433  log_warn(LD_NET,"Unable to chown() %s socket: %s.",
1434  address, strerror(errno));
1435  goto err;
1436  }
1437  }
1438 #endif /* defined(HAVE_PWD_H) */
1439 
1440  {
1441  unsigned mode;
1442  const char *status;
1443  struct stat st;
1444  if (port_cfg->is_world_writable) {
1445  mode = 0666;
1446  status = "world-writable";
1447  } else if (port_cfg->is_group_writable) {
1448  mode = 0660;
1449  status = "group-writable";
1450  } else {
1451  mode = 0600;
1452  status = "private";
1453  }
1454  /* We need to use chmod; fchmod doesn't work on sockets on all
1455  * platforms. */
1456  if (fstat(s, &st) == 0 && (st.st_mode & 0777) == mode) {
1457  /* no change needed */
1458  } else if (chmod(sandbox_intern_string(address), mode) < 0) {
1459  log_warn(LD_FS,"Unable to make %s %s.", address, status);
1460  goto err;
1461  }
1462  }
1463 
1464  if (listen(s, SOMAXCONN) < 0) {
1465  log_warn(LD_NET, "Could not listen on %s: %s", address,
1466  tor_socket_strerror(tor_socket_errno(s)));
1467  goto err;
1468  }
1469 
1470 #ifndef __APPLE__
1471  /* This code was introduced to help debug #28229. */
1472  int value;
1473  socklen_t len = sizeof(value);
1474 
1475  if (!getsockopt(s, SOL_SOCKET, SO_ACCEPTCONN, &value, &len)) {
1476  if (value == 0) {
1477  log_err(LD_NET, "Could not listen on %s - "
1478  "getsockopt(.,SO_ACCEPTCONN,.) yields 0.", address);
1479  goto err;
1480  }
1481  }
1482 #endif /* !defined(__APPLE__) */
1483 #endif /* defined(HAVE_SYS_UN_H) */
1484  } else {
1485  log_err(LD_BUG, "Got unexpected address family %d.",
1486  listensockaddr->sa_family);
1487  tor_assert(0);
1488  }
1489 
1490  lis_conn = listener_connection_new(type, listensockaddr->sa_family);
1491  conn = TO_CONN(lis_conn);
1492  conn->socket_family = listensockaddr->sa_family;
1493  conn->s = s;
1494  s = TOR_INVALID_SOCKET; /* Prevent double-close */
1495  conn->address = tor_strdup(address);
1496  conn->port = gotPort;
1497  tor_addr_copy(&conn->addr, &addr);
1498 
1499  memcpy(&lis_conn->entry_cfg, &port_cfg->entry_cfg, sizeof(entry_port_cfg_t));
1500 
1501  if (port_cfg->entry_cfg.isolation_flags) {
1502  lis_conn->entry_cfg.isolation_flags = port_cfg->entry_cfg.isolation_flags;
1503  if (port_cfg->entry_cfg.session_group >= 0) {
1504  lis_conn->entry_cfg.session_group = port_cfg->entry_cfg.session_group;
1505  } else {
1506  /* This can wrap after around INT_MAX listeners are opened. But I don't
1507  * believe that matters, since you would need to open a ridiculous
1508  * number of listeners while keeping the early ones open before you ever
1509  * hit this. An OR with a dozen ports open, for example, would have to
1510  * close and re-open its listeners every second for 4 years nonstop.
1511  */
1512  lis_conn->entry_cfg.session_group = global_next_session_group--;
1513  }
1514  }
1515 
1516  if (type != CONN_TYPE_AP_LISTENER) {
1517  lis_conn->entry_cfg.ipv4_traffic = 1;
1518  lis_conn->entry_cfg.ipv6_traffic = 1;
1519  lis_conn->entry_cfg.prefer_ipv6 = 1;
1520  }
1521 
1522  if (connection_add(conn) < 0) { /* no space, forget it */
1523  log_warn(LD_NET,"connection_add for listener failed. Giving up.");
1524  goto err;
1525  }
1526 
1527  log_fn(usePort==gotPort ? LOG_DEBUG : LOG_NOTICE, LD_NET,
1528  "%s listening on port %u.",
1529  conn_type_to_string(type), gotPort);
1530 
1531  conn->state = LISTENER_STATE_READY;
1532  if (start_reading) {
1534  } else {
1537  }
1538 
1539  /*
1540  * Normal exit; call the OOS handler since connection count just changed;
1541  * the exhaustion flag will always be zero here though.
1542  */
1544 
1545  if (conn->socket_family == AF_UNIX) {
1546  log_notice(LD_NET, "Opened %s on %s",
1547  conn_type_to_string(type), conn->address);
1548  } else {
1549  log_notice(LD_NET, "Opened %s on %s",
1550  conn_type_to_string(type), fmt_addrport(&addr, gotPort));
1551  }
1552  return conn;
1553 
1554  err:
1555  if (SOCKET_OK(s))
1556  tor_close_socket(s);
1557  if (conn)
1558  connection_free(conn);
1559 
1560  /* Call the OOS handler, indicate if we saw an exhaustion-related error */
1562 
1563  return NULL;
1564 }
1565 
1566 /**
1567  * Create a new listener connection for a given <b>port</b>. In case we
1568  * for a reason that is not an error condition, set <b>defer</b>
1569  * to true. If we cannot bind listening socket because address is already
1570  * in use, set <b>addr_in_use</b> to true.
1571  */
1572 static connection_t *
1574  int *defer, int *addr_in_use)
1575 {
1576  connection_t *conn;
1577  struct sockaddr *listensockaddr;
1578  socklen_t listensocklen = 0;
1579  char *address=NULL;
1580  int real_port = port->port == CFG_AUTO_PORT ? 0 : port->port;
1581  tor_assert(real_port <= UINT16_MAX);
1582 
1583  if (defer)
1584  *defer = 0;
1585 
1586  if (port->server_cfg.no_listen) {
1587  if (defer)
1588  *defer = 1;
1589  return NULL;
1590  }
1591 
1592 #ifndef _WIN32
1593  /* We don't need to be root to create a UNIX socket, so defer until after
1594  * setuid. */
1595  const or_options_t *options = get_options();
1596  if (port->is_unix_addr && !geteuid() && (options->User) &&
1597  strcmp(options->User, "root")) {
1598  if (defer)
1599  *defer = 1;
1600  return NULL;
1601  }
1602 #endif /* !defined(_WIN32) */
1603 
1604  if (port->is_unix_addr) {
1605  listensockaddr = (struct sockaddr *)
1606  create_unix_sockaddr(port->unix_addr,
1607  &address, &listensocklen);
1608  } else {
1609  listensockaddr = tor_malloc(sizeof(struct sockaddr_storage));
1610  listensocklen = tor_addr_to_sockaddr(&port->addr,
1611  real_port,
1612  listensockaddr,
1613  sizeof(struct sockaddr_storage));
1614  address = tor_addr_to_str_dup(&port->addr);
1615  }
1616 
1617  if (listensockaddr) {
1618  conn = connection_listener_new(listensockaddr, listensocklen,
1619  port->type, address, port,
1620  addr_in_use);
1621  tor_free(listensockaddr);
1622  tor_free(address);
1623  } else {
1624  conn = NULL;
1625  }
1626 
1627  return conn;
1628 }
1629 
1630 /** Do basic sanity checking on a newly received socket. Return 0
1631  * if it looks ok, else return -1.
1632  *
1633  * Notably, some TCP stacks can erroneously have accept() return successfully
1634  * with socklen 0, when the client sends an RST before the accept call (as
1635  * nmap does). We want to detect that, and not go on with the connection.
1636  */
1637 static int
1638 check_sockaddr(const struct sockaddr *sa, int len, int level)
1639 {
1640  int ok = 1;
1641 
1642  if (sa->sa_family == AF_INET) {
1643  struct sockaddr_in *sin=(struct sockaddr_in*)sa;
1644  if (len != sizeof(struct sockaddr_in)) {
1645  log_fn(level, LD_NET, "Length of address not as expected: %d vs %d",
1646  len,(int)sizeof(struct sockaddr_in));
1647  ok = 0;
1648  }
1649  if (sin->sin_addr.s_addr == 0 || sin->sin_port == 0) {
1650  log_fn(level, LD_NET,
1651  "Address for new connection has address/port equal to zero.");
1652  ok = 0;
1653  }
1654  } else if (sa->sa_family == AF_INET6) {
1655  struct sockaddr_in6 *sin6=(struct sockaddr_in6*)sa;
1656  if (len != sizeof(struct sockaddr_in6)) {
1657  log_fn(level, LD_NET, "Length of address not as expected: %d vs %d",
1658  len,(int)sizeof(struct sockaddr_in6));
1659  ok = 0;
1660  }
1661  if (fast_mem_is_zero((void*)sin6->sin6_addr.s6_addr, 16) ||
1662  sin6->sin6_port == 0) {
1663  log_fn(level, LD_NET,
1664  "Address for new connection has address/port equal to zero.");
1665  ok = 0;
1666  }
1667  } else if (sa->sa_family == AF_UNIX) {
1668  ok = 1;
1669  } else {
1670  ok = 0;
1671  }
1672  return ok ? 0 : -1;
1673 }
1674 
1675 /** Check whether the socket family from an accepted socket <b>got</b> is the
1676  * same as the one that <b>listener</b> is waiting for. If it isn't, log
1677  * a useful message and return -1. Else return 0.
1678  *
1679  * This is annoying, but can apparently happen on some Darwins. */
1680 static int
1682 {
1683  if (got != listener->socket_family) {
1684  log_info(LD_BUG, "A listener connection returned a socket with a "
1685  "mismatched family. %s for addr_family %d gave us a socket "
1686  "with address family %d. Dropping.",
1687  conn_type_to_string(listener->type),
1688  (int)listener->socket_family,
1689  (int)got);
1690  return -1;
1691  }
1692  return 0;
1693 }
1694 
1695 /** The listener connection <b>conn</b> told poll() it wanted to read.
1696  * Call accept() on conn->s, and add the new connection if necessary.
1697  */
1698 static int
1700 {
1701  tor_socket_t news; /* the new socket */
1702  connection_t *newconn = 0;
1703  /* information about the remote peer when connecting to other routers */
1704  struct sockaddr_storage addrbuf;
1705  struct sockaddr *remote = (struct sockaddr*)&addrbuf;
1706  /* length of the remote address. Must be whatever accept() needs. */
1707  socklen_t remotelen = (socklen_t)sizeof(addrbuf);
1708  const or_options_t *options = get_options();
1709 
1710  tor_assert((size_t)remotelen >= sizeof(struct sockaddr_in));
1711  memset(&addrbuf, 0, sizeof(addrbuf));
1712 
1713  news = tor_accept_socket_nonblocking(conn->s,remote,&remotelen);
1714  if (!SOCKET_OK(news)) { /* accept() error */
1715  int e = tor_socket_errno(conn->s);
1716  if (ERRNO_IS_ACCEPT_EAGAIN(e)) {
1717  /*
1718  * they hung up before we could accept(). that's fine.
1719  *
1720  * give the OOS handler a chance to run though
1721  */
1723  return 0;
1724  } else if (ERRNO_IS_RESOURCE_LIMIT(e)) {
1726  /* Exhaustion; tell the OOS handler */
1728  return 0;
1729  }
1730  /* else there was a real error. */
1731  log_warn(LD_NET,"accept() failed: %s. Closing listener.",
1732  tor_socket_strerror(e));
1733  connection_mark_for_close(conn);
1734  /* Tell the OOS handler about this too */
1736  return -1;
1737  }
1738  log_debug(LD_NET,
1739  "Connection accepted on socket %d (child of fd %d).",
1740  (int)news,(int)conn->s);
1741 
1742  /* We accepted a new conn; run OOS handler */
1744 
1745  if (make_socket_reuseable(news) < 0) {
1746  if (tor_socket_errno(news) == EINVAL) {
1747  /* This can happen on OSX if we get a badly timed shutdown. */
1748  log_debug(LD_NET, "make_socket_reuseable returned EINVAL");
1749  } else {
1750  log_warn(LD_NET, "Error setting SO_REUSEADDR flag on %s: %s",
1751  conn_type_to_string(new_type),
1752  tor_socket_strerror(errno));
1753  }
1754  tor_close_socket(news);
1755  return 0;
1756  }
1757 
1758  if (options->ConstrainedSockets)
1760 
1761  if (check_sockaddr_family_match(remote->sa_family, conn) < 0) {
1762  tor_close_socket(news);
1763  return 0;
1764  }
1765 
1766  if (conn->socket_family == AF_INET || conn->socket_family == AF_INET6 ||
1767  (conn->socket_family == AF_UNIX && new_type == CONN_TYPE_AP)) {
1768  tor_addr_t addr;
1769  uint16_t port;
1770  if (check_sockaddr(remote, remotelen, LOG_INFO)<0) {
1771  log_info(LD_NET,
1772  "accept() returned a strange address; closing connection.");
1773  tor_close_socket(news);
1774  return 0;
1775  }
1776 
1777  tor_addr_from_sockaddr(&addr, remote, &port);
1778 
1779  /* process entrance policies here, before we even create the connection */
1780  if (new_type == CONN_TYPE_AP) {
1781  /* check sockspolicy to see if we should accept it */
1782  if (socks_policy_permits_address(&addr) == 0) {
1783  log_notice(LD_APP,
1784  "Denying socks connection from untrusted address %s.",
1785  fmt_and_decorate_addr(&addr));
1786  tor_close_socket(news);
1787  return 0;
1788  }
1789  }
1790  if (new_type == CONN_TYPE_DIR) {
1791  /* check dirpolicy to see if we should accept it */
1792  if (dir_policy_permits_address(&addr) == 0) {
1793  log_notice(LD_DIRSERV,"Denying dir connection from address %s.",
1794  fmt_and_decorate_addr(&addr));
1795  tor_close_socket(news);
1796  return 0;
1797  }
1798  }
1799  if (new_type == CONN_TYPE_OR) {
1800  /* Assess with the connection DoS mitigation subsystem if this address
1801  * can open a new connection. */
1802  if (dos_conn_addr_get_defense_type(&addr) == DOS_CONN_DEFENSE_CLOSE) {
1803  tor_close_socket(news);
1804  return 0;
1805  }
1806  }
1807 
1808  newconn = connection_new(new_type, conn->socket_family);
1809  newconn->s = news;
1810 
1811  /* remember the remote address */
1812  tor_addr_copy(&newconn->addr, &addr);
1813  if (new_type == CONN_TYPE_AP && conn->socket_family == AF_UNIX) {
1814  newconn->port = 0;
1815  newconn->address = tor_strdup(conn->address);
1816  } else {
1817  newconn->port = port;
1818  newconn->address = tor_addr_to_str_dup(&addr);
1819  }
1820 
1821  if (new_type == CONN_TYPE_AP && conn->socket_family != AF_UNIX) {
1822  log_info(LD_NET, "New SOCKS connection opened from %s.",
1823  fmt_and_decorate_addr(&addr));
1824  }
1825  if (new_type == CONN_TYPE_AP && conn->socket_family == AF_UNIX) {
1826  log_info(LD_NET, "New SOCKS AF_UNIX connection opened");
1827  }
1828  if (new_type == CONN_TYPE_CONTROL) {
1829  log_notice(LD_CONTROL, "New control connection opened from %s.",
1830  fmt_and_decorate_addr(&addr));
1831  }
1832 
1833  } else if (conn->socket_family == AF_UNIX && conn->type != CONN_TYPE_AP) {
1835  tor_assert(new_type == CONN_TYPE_CONTROL);
1836  log_notice(LD_CONTROL, "New control connection opened.");
1837 
1838  newconn = connection_new(new_type, conn->socket_family);
1839  newconn->s = news;
1840 
1841  /* remember the remote address -- do we have anything sane to put here? */
1842  tor_addr_make_unspec(&newconn->addr);
1843  newconn->port = 1;
1844  newconn->address = tor_strdup(conn->address);
1845  } else {
1846  tor_assert(0);
1847  };
1848 
1849  if (connection_add(newconn) < 0) { /* no space, forget it */
1850  connection_free(newconn);
1851  return 0; /* no need to tear down the parent */
1852  }
1853 
1854  if (connection_init_accepted_conn(newconn, TO_LISTENER_CONN(conn)) < 0) {
1855  if (! newconn->marked_for_close)
1856  connection_mark_for_close(newconn);
1857  return 0;
1858  }
1859  return 0;
1860 }
1861 
1862 /** Initialize states for newly accepted connection <b>conn</b>.
1863  *
1864  * If conn is an OR, start the TLS handshake.
1865  *
1866  * If conn is a transparent AP, get its original destination
1867  * and place it in circuit_wait.
1868  *
1869  * The <b>listener</b> parameter is only used for AP connections.
1870  */
1871 int
1873  const listener_connection_t *listener)
1874 {
1875  int rv;
1876 
1878 
1879  switch (conn->type) {
1880  case CONN_TYPE_EXT_OR:
1881  /* Initiate Extended ORPort authentication. */
1883  case CONN_TYPE_OR:
1884  connection_or_event_status(TO_OR_CONN(conn), OR_CONN_EVENT_NEW, 0);
1886  if (rv < 0) {
1888  }
1889  return rv;
1890  break;
1891  case CONN_TYPE_AP:
1892  memcpy(&TO_ENTRY_CONN(conn)->entry_cfg, &listener->entry_cfg,
1893  sizeof(entry_port_cfg_t));
1894  TO_ENTRY_CONN(conn)->nym_epoch = get_signewnym_epoch();
1895  TO_ENTRY_CONN(conn)->socks_request->listener_type = listener->base_.type;
1896 
1897  /* Any incoming connection on an entry port counts as user activity. */
1899 
1900  switch (TO_CONN(listener)->type) {
1901  case CONN_TYPE_AP_LISTENER:
1903  TO_ENTRY_CONN(conn)->socks_request->socks_prefer_no_auth =
1904  listener->entry_cfg.socks_prefer_no_auth;
1905  TO_ENTRY_CONN(conn)->socks_request->socks_use_extended_errors =
1906  listener->entry_cfg.extended_socks5_codes;
1907  break;
1909  TO_ENTRY_CONN(conn)->is_transparent_ap = 1;
1910  /* XXXX028 -- is this correct still, with the addition of
1911  * pending_entry_connections ? */
1913  return connection_ap_process_transparent(TO_ENTRY_CONN(conn));
1915  TO_ENTRY_CONN(conn)->is_transparent_ap = 1;
1917  break;
1920  }
1921  break;
1922  case CONN_TYPE_DIR:
1923  conn->purpose = DIR_PURPOSE_SERVER;
1925  break;
1926  case CONN_TYPE_CONTROL:
1928  break;
1929  }
1930  return 0;
1931 }
1932 
1933 /** Take conn, make a nonblocking socket; try to connect to
1934  * sa, binding to bindaddr if sa is not localhost. If fail, return -1 and if
1935  * applicable put your best guess about errno into *<b>socket_error</b>.
1936  * If connected return 1, if EAGAIN return 0.
1937  */
1938 MOCK_IMPL(STATIC int,
1940  const struct sockaddr *sa,
1941  socklen_t sa_len,
1942  const struct sockaddr *bindaddr,
1943  socklen_t bindaddr_len,
1944  int *socket_error))
1945 {
1946  tor_socket_t s;
1947  int inprogress = 0;
1948  const or_options_t *options = get_options();
1949 
1950  tor_assert(conn);
1951  tor_assert(sa);
1952  tor_assert(socket_error);
1953 
1955  /* We should never even try to connect anyplace if the network is
1956  * completely shut off.
1957  *
1958  * (We don't check net_is_disabled() here, since we still sometimes
1959  * want to open connections when we're in soft hibernation.)
1960  */
1961  static ratelim_t disablenet_violated = RATELIM_INIT(30*60);
1962  *socket_error = SOCK_ERRNO(ENETUNREACH);
1963  log_fn_ratelim(&disablenet_violated, LOG_WARN, LD_BUG,
1964  "Tried to open a socket with DisableNetwork set.");
1966  return -1;
1967  }
1968 
1969  const int protocol_family = sa->sa_family;
1970  const int proto = (sa->sa_family == AF_INET6 ||
1971  sa->sa_family == AF_INET) ? IPPROTO_TCP : 0;
1972 
1973  s = tor_open_socket_nonblocking(protocol_family, SOCK_STREAM, proto);
1974  if (! SOCKET_OK(s)) {
1975  /*
1976  * Early OOS handler calls; it matters if it's an exhaustion-related
1977  * error or not.
1978  */
1979  *socket_error = tor_socket_errno(s);
1980  if (ERRNO_IS_RESOURCE_LIMIT(*socket_error)) {
1983  } else {
1984  log_warn(LD_NET,"Error creating network socket: %s",
1985  tor_socket_strerror(*socket_error));
1987  }
1988  return -1;
1989  }
1990 
1991  if (make_socket_reuseable(s) < 0) {
1992  log_warn(LD_NET, "Error setting SO_REUSEADDR flag on new connection: %s",
1993  tor_socket_strerror(errno));
1994  }
1995 
1996  /*
1997  * We've got the socket open; give the OOS handler a chance to check
1998  * against configured maximum socket number, but tell it no exhaustion
1999  * failure.
2000  */
2002 
2003  if (bindaddr && bind(s, bindaddr, bindaddr_len) < 0) {
2004  *socket_error = tor_socket_errno(s);
2005  log_warn(LD_NET,"Error binding network socket: %s",
2006  tor_socket_strerror(*socket_error));
2007  tor_close_socket(s);
2008  return -1;
2009  }
2010 
2011  tor_assert(options);
2012  if (options->ConstrainedSockets)
2014 
2015  if (connect(s, sa, sa_len) < 0) {
2016  int e = tor_socket_errno(s);
2017  if (!ERRNO_IS_CONN_EINPROGRESS(e)) {
2018  /* yuck. kill it. */
2019  *socket_error = e;
2020  log_info(LD_NET,
2021  "connect() to socket failed: %s",
2022  tor_socket_strerror(e));
2023  tor_close_socket(s);
2024  return -1;
2025  } else {
2026  inprogress = 1;
2027  }
2028  }
2029 
2030  /* it succeeded. we're connected. */
2031  log_fn(inprogress ? LOG_DEBUG : LOG_INFO, LD_NET,
2032  "Connection to socket %s (sock "TOR_SOCKET_T_FORMAT").",
2033  inprogress ? "in progress" : "established", s);
2034  conn->s = s;
2035  if (connection_add_connecting(conn) < 0) {
2036  /* no space, forget it */
2037  *socket_error = SOCK_ERRNO(ENOBUFS);
2038  return -1;
2039  }
2040 
2041  return inprogress ? 0 : 1;
2042 }
2043 
2044 /* Log a message if connection attempt is made when IPv4 or IPv6 is disabled.
2045  * Log a less severe message if we couldn't conform to ClientPreferIPv6ORPort
2046  * or ClientPreferIPv6ORPort. */
2047 static void
2048 connection_connect_log_client_use_ip_version(const connection_t *conn)
2049 {
2050  const or_options_t *options = get_options();
2051 
2052  /* Only clients care about ClientUseIPv4/6, bail out early on servers, and
2053  * on connections we don't care about */
2054  if (server_mode(options) || !conn || conn->type == CONN_TYPE_EXIT) {
2055  return;
2056  }
2057 
2058  /* We're only prepared to log OR and DIR connections here */
2059  if (conn->type != CONN_TYPE_OR && conn->type != CONN_TYPE_DIR) {
2060  return;
2061  }
2062 
2063  const int must_ipv4 = !fascist_firewall_use_ipv6(options);
2064  const int must_ipv6 = (options->ClientUseIPv4 == 0);
2065  const int pref_ipv6 = (conn->type == CONN_TYPE_OR
2068  tor_addr_t real_addr;
2069  tor_addr_make_null(&real_addr, AF_UNSPEC);
2070 
2071  /* OR conns keep the original address in real_addr, as addr gets overwritten
2072  * with the descriptor address */
2073  if (conn->type == CONN_TYPE_OR) {
2074  const or_connection_t *or_conn = TO_OR_CONN((connection_t *)conn);
2075  tor_addr_copy(&real_addr, &or_conn->real_addr);
2076  } else if (conn->type == CONN_TYPE_DIR) {
2077  tor_addr_copy(&real_addr, &conn->addr);
2078  }
2079 
2080  /* Check if we broke a mandatory address family restriction */
2081  if ((must_ipv4 && tor_addr_family(&real_addr) == AF_INET6)
2082  || (must_ipv6 && tor_addr_family(&real_addr) == AF_INET)) {
2083  static int logged_backtrace = 0;
2084  log_info(LD_BUG, "Outgoing %s connection to %s violated ClientUseIPv%s 0.",
2085  conn->type == CONN_TYPE_OR ? "OR" : "Dir",
2086  fmt_addr(&real_addr),
2087  options->ClientUseIPv4 == 0 ? "4" : "6");
2088  if (!logged_backtrace) {
2089  log_backtrace(LOG_INFO, LD_BUG, "Address came from");
2090  logged_backtrace = 1;
2091  }
2092  }
2093 
2094  /* Bridges are allowed to break IPv4/IPv6 ORPort preferences to connect to
2095  * the node's configured address when ClientPreferIPv6ORPort is auto */
2096  if (options->UseBridges && conn->type == CONN_TYPE_OR
2097  && options->ClientPreferIPv6ORPort == -1) {
2098  return;
2099  }
2100 
2101  if (fascist_firewall_use_ipv6(options)) {
2102  log_info(LD_NET, "Our outgoing connection is using IPv%d.",
2103  tor_addr_family(&real_addr) == AF_INET6 ? 6 : 4);
2104  }
2105 
2106  /* Check if we couldn't satisfy an address family preference */
2107  if ((!pref_ipv6 && tor_addr_family(&real_addr) == AF_INET6)
2108  || (pref_ipv6 && tor_addr_family(&real_addr) == AF_INET)) {
2109  log_info(LD_NET, "Outgoing connection to %s doesn't satisfy "
2110  "ClientPreferIPv6%sPort %d, with ClientUseIPv4 %d, and "
2111  "fascist_firewall_use_ipv6 %d (ClientUseIPv6 %d and UseBridges "
2112  "%d).",
2113  fmt_addr(&real_addr),
2114  conn->type == CONN_TYPE_OR ? "OR" : "Dir",
2115  conn->type == CONN_TYPE_OR ? options->ClientPreferIPv6ORPort
2116  : options->ClientPreferIPv6DirPort,
2117  options->ClientUseIPv4, fascist_firewall_use_ipv6(options),
2118  options->ClientUseIPv6, options->UseBridges);
2119  }
2120 }
2121 
2122 /** Retrieve the outbound address depending on the protocol (IPv4 or IPv6)
2123  * and the connection type (relay, exit, ...)
2124  * Return a socket address or NULL in case nothing is configured.
2125  **/
2126 const tor_addr_t *
2128  const or_options_t *options, unsigned int conn_type)
2129 {
2130  const tor_addr_t *ext_addr = NULL;
2131 
2132  int fam_index;
2133  switch (family) {
2134  case AF_INET:
2135  fam_index = 0;
2136  break;
2137  case AF_INET6:
2138  fam_index = 1;
2139  break;
2140  default:
2141  return NULL;
2142  }
2143 
2144  // If an exit connection, use the exit address (if present)
2145  if (conn_type == CONN_TYPE_EXIT) {
2146  if (!tor_addr_is_null(
2147  &options->OutboundBindAddresses[OUTBOUND_ADDR_EXIT][fam_index])) {
2148  ext_addr = &options->OutboundBindAddresses[OUTBOUND_ADDR_EXIT]
2149  [fam_index];
2150  } else if (!tor_addr_is_null(
2151  &options->OutboundBindAddresses[OUTBOUND_ADDR_EXIT_AND_OR]
2152  [fam_index])) {
2153  ext_addr = &options->OutboundBindAddresses[OUTBOUND_ADDR_EXIT_AND_OR]
2154  [fam_index];
2155  }
2156  } else { // All non-exit connections
2157  if (!tor_addr_is_null(
2158  &options->OutboundBindAddresses[OUTBOUND_ADDR_OR][fam_index])) {
2159  ext_addr = &options->OutboundBindAddresses[OUTBOUND_ADDR_OR]
2160  [fam_index];
2161  } else if (!tor_addr_is_null(
2162  &options->OutboundBindAddresses[OUTBOUND_ADDR_EXIT_AND_OR]
2163  [fam_index])) {
2164  ext_addr = &options->OutboundBindAddresses[OUTBOUND_ADDR_EXIT_AND_OR]
2165  [fam_index];
2166  }
2167  }
2168  return ext_addr;
2169 }
2170 
2171 /** Take conn, make a nonblocking socket; try to connect to
2172  * addr:port (port arrives in *host order*). If fail, return -1 and if
2173  * applicable put your best guess about errno into *<b>socket_error</b>.
2174  * Else assign s to conn->s: if connected return 1, if EAGAIN return 0.
2175  *
2176  * addr:port can be different to conn->addr:conn->port if connecting through
2177  * a proxy.
2178  *
2179  * address is used to make the logs useful.
2180  *
2181  * On success, add conn to the list of polled connections.
2182  */
2183 int
2184 connection_connect(connection_t *conn, const char *address,
2185  const tor_addr_t *addr, uint16_t port, int *socket_error)
2186 {
2187  struct sockaddr_storage addrbuf;
2188  struct sockaddr_storage bind_addr_ss;
2189  struct sockaddr *bind_addr = NULL;
2190  struct sockaddr *dest_addr;
2191  int dest_addr_len, bind_addr_len = 0;
2192 
2193  /* Log if we didn't stick to ClientUseIPv4/6 or ClientPreferIPv6OR/DirPort
2194  */
2195  connection_connect_log_client_use_ip_version(conn);
2196 
2197  if (!tor_addr_is_loopback(addr)) {
2198  const tor_addr_t *ext_addr = NULL;
2200  conn->type);
2201  if (ext_addr) {
2202  memset(&bind_addr_ss, 0, sizeof(bind_addr_ss));
2203  bind_addr_len = tor_addr_to_sockaddr(ext_addr, 0,
2204  (struct sockaddr *) &bind_addr_ss,
2205  sizeof(bind_addr_ss));
2206  if (bind_addr_len == 0) {
2207  log_warn(LD_NET,
2208  "Error converting OutboundBindAddress %s into sockaddr. "
2209  "Ignoring.", fmt_and_decorate_addr(ext_addr));
2210  } else {
2211  bind_addr = (struct sockaddr *)&bind_addr_ss;
2212  }
2213  }
2214  }
2215 
2216  memset(&addrbuf,0,sizeof(addrbuf));
2217  dest_addr = (struct sockaddr*) &addrbuf;
2218  dest_addr_len = tor_addr_to_sockaddr(addr, port, dest_addr, sizeof(addrbuf));
2219  tor_assert(dest_addr_len > 0);
2220 
2221  log_debug(LD_NET, "Connecting to %s:%u.",
2222  escaped_safe_str_client(address), port);
2223 
2224  return connection_connect_sockaddr(conn, dest_addr, dest_addr_len,
2225  bind_addr, bind_addr_len, socket_error);
2226 }
2227 
2228 #ifdef HAVE_SYS_UN_H
2229 
2230 /** Take conn, make a nonblocking socket; try to connect to
2231  * an AF_UNIX socket at socket_path. If fail, return -1 and if applicable
2232  * put your best guess about errno into *<b>socket_error</b>. Else assign s
2233  * to conn->s: if connected return 1, if EAGAIN return 0.
2234  *
2235  * On success, add conn to the list of polled connections.
2236  */
2237 int
2238 connection_connect_unix(connection_t *conn, const char *socket_path,
2239  int *socket_error)
2240 {
2241  struct sockaddr_un dest_addr;
2242 
2243  tor_assert(socket_path);
2244 
2245  /* Check that we'll be able to fit it into dest_addr later */
2246  if (strlen(socket_path) + 1 > sizeof(dest_addr.sun_path)) {
2247  log_warn(LD_NET,
2248  "Path %s is too long for an AF_UNIX socket\n",
2249  escaped_safe_str_client(socket_path));
2250  *socket_error = SOCK_ERRNO(ENAMETOOLONG);
2251  return -1;
2252  }
2253 
2254  memset(&dest_addr, 0, sizeof(dest_addr));
2255  dest_addr.sun_family = AF_UNIX;
2256  strlcpy(dest_addr.sun_path, socket_path, sizeof(dest_addr.sun_path));
2257 
2258  log_debug(LD_NET,
2259  "Connecting to AF_UNIX socket at %s.",
2260  escaped_safe_str_client(socket_path));
2261 
2262  return connection_connect_sockaddr(conn,
2263  (struct sockaddr *)&dest_addr, sizeof(dest_addr),
2264  NULL, 0, socket_error);
2265 }
2266 
2267 #endif /* defined(HAVE_SYS_UN_H) */
2268 
2269 /** Convert state number to string representation for logging purposes.
2270  */
2271 static const char *
2273 {
2274  static const char *unknown = "???";
2275  static const char *states[] = {
2276  "PROXY_NONE",
2277  "PROXY_INFANT",
2278  "PROXY_HTTPS_WANT_CONNECT_OK",
2279  "PROXY_SOCKS4_WANT_CONNECT_OK",
2280  "PROXY_SOCKS5_WANT_AUTH_METHOD_NONE",
2281  "PROXY_SOCKS5_WANT_AUTH_METHOD_RFC1929",
2282  "PROXY_SOCKS5_WANT_AUTH_RFC1929_OK",
2283  "PROXY_SOCKS5_WANT_CONNECT_OK",
2284  "PROXY_HAPROXY_WAIT_FOR_FLUSH",
2285  "PROXY_CONNECTED",
2286  };
2287 
2288  CTASSERT(ARRAY_LENGTH(states) == PROXY_CONNECTED+1);
2289 
2290  if (state < PROXY_NONE || state > PROXY_CONNECTED)
2291  return unknown;
2292 
2293  return states[state];
2294 }
2295 
2296 /** Returns the proxy type used by tor for a single connection, for
2297  * logging or high-level purposes. Don't use it to fill the
2298  * <b>proxy_type</b> field of or_connection_t; use the actual proxy
2299  * protocol instead.*/
2300 static int
2302 {
2303  const or_options_t *options = get_options();
2304 
2305  if (options->ClientTransportPlugin) {
2306  /* If we have plugins configured *and* this addr/port is a known bridge
2307  * with a transport, then we should be PROXY_PLUGGABLE. */
2308  const transport_t *transport = NULL;
2309  int r;
2310  r = get_transport_by_bridge_addrport(&conn->addr, conn->port, &transport);
2311  if (r == 0 && transport)
2312  return PROXY_PLUGGABLE;
2313  }
2314 
2315  /* In all other cases, we're using a global proxy. */
2316  if (options->HTTPSProxy)
2317  return PROXY_CONNECT;
2318  else if (options->Socks4Proxy)
2319  return PROXY_SOCKS4;
2320  else if (options->Socks5Proxy)
2321  return PROXY_SOCKS5;
2322  else if (options->TCPProxy) {
2323  /* The only supported protocol in TCPProxy is haproxy. */
2325  return PROXY_HAPROXY;
2326  } else
2327  return PROXY_NONE;
2328 }
2329 
2330 /* One byte for the version, one for the command, two for the
2331  port, and four for the addr... and, one more for the
2332  username NUL: */
2333 #define SOCKS4_STANDARD_BUFFER_SIZE (1 + 1 + 2 + 4 + 1)
2334 
2335 /** Write a proxy request of https to conn for conn->addr:conn->port,
2336  * authenticating with the auth details given in the configuration
2337  * (if available).
2338  *
2339  * Returns -1 if conn->addr is incompatible with the proxy protocol, and
2340  * 0 otherwise.
2341  */
2342 static int
2344 {
2345  tor_assert(conn);
2346 
2347  const or_options_t *options = get_options();
2348  char buf[1024];
2349  char *base64_authenticator = NULL;
2350  const char *authenticator = options->HTTPSProxyAuthenticator;
2351 
2352  /* Send HTTP CONNECT and authentication (if available) in
2353  * one request */
2354 
2355  if (authenticator) {
2356  base64_authenticator = alloc_http_authenticator(authenticator);
2357  if (!base64_authenticator)
2358  log_warn(LD_OR, "Encoding https authenticator failed");
2359  }
2360 
2361  if (base64_authenticator) {
2362  const char *addrport = fmt_addrport(&conn->addr, conn->port);
2363  tor_snprintf(buf, sizeof(buf), "CONNECT %s HTTP/1.1\r\n"
2364  "Host: %s\r\n"
2365  "Proxy-Authorization: Basic %s\r\n\r\n",
2366  addrport,
2367  addrport,
2368  base64_authenticator);
2369  tor_free(base64_authenticator);
2370  } else {
2371  tor_snprintf(buf, sizeof(buf), "CONNECT %s HTTP/1.0\r\n\r\n",
2372  fmt_addrport(&conn->addr, conn->port));
2373  }
2374 
2375  connection_buf_add(buf, strlen(buf), conn);
2376  conn->proxy_state = PROXY_HTTPS_WANT_CONNECT_OK;
2377 
2378  return 0;
2379 }
2380 
2381 /** Write a proxy request of socks4 to conn for conn->addr:conn->port.
2382  *
2383  * Returns -1 if conn->addr is incompatible with the proxy protocol, and
2384  * 0 otherwise.
2385  */
2386 static int
2388 {
2389  tor_assert(conn);
2390 
2391  unsigned char *buf;
2392  uint16_t portn;
2393  uint32_t ip4addr;
2394  size_t buf_size = 0;
2395  char *socks_args_string = NULL;
2396 
2397  /* Send a SOCKS4 connect request */
2398 
2399  if (tor_addr_family(&conn->addr) != AF_INET) {
2400  log_warn(LD_NET, "SOCKS4 client is incompatible with IPv6");
2401  return -1;
2402  }
2403 
2404  { /* If we are here because we are trying to connect to a
2405  pluggable transport proxy, check if we have any SOCKS
2406  arguments to transmit. If we do, compress all arguments to
2407  a single string in 'socks_args_string': */
2408 
2409  if (conn_get_proxy_type(conn) == PROXY_PLUGGABLE) {
2410  socks_args_string =
2412  if (socks_args_string)
2413  log_debug(LD_NET, "Sending out '%s' as our SOCKS argument string.",
2414  socks_args_string);
2415  }
2416  }
2417 
2418  { /* Figure out the buffer size we need for the SOCKS message: */
2419 
2420  buf_size = SOCKS4_STANDARD_BUFFER_SIZE;
2421 
2422  /* If we have a SOCKS argument string, consider its size when
2423  calculating the buffer size: */
2424  if (socks_args_string)
2425  buf_size += strlen(socks_args_string);
2426  }
2427 
2428  buf = tor_malloc_zero(buf_size);
2429 
2430  ip4addr = tor_addr_to_ipv4n(&conn->addr);
2431  portn = htons(conn->port);
2432 
2433  buf[0] = 4; /* version */
2434  buf[1] = SOCKS_COMMAND_CONNECT; /* command */
2435  memcpy(buf + 2, &portn, 2); /* port */
2436  memcpy(buf + 4, &ip4addr, 4); /* addr */
2437 
2438  /* Next packet field is the userid. If we have pluggable
2439  transport SOCKS arguments, we have to embed them
2440  there. Otherwise, we use an empty userid. */
2441  if (socks_args_string) { /* place the SOCKS args string: */
2442  tor_assert(strlen(socks_args_string) > 0);
2443  tor_assert(buf_size >=
2444  SOCKS4_STANDARD_BUFFER_SIZE + strlen(socks_args_string));
2445  strlcpy((char *)buf + 8, socks_args_string, buf_size - 8);
2446  tor_free(socks_args_string);
2447  } else {
2448  buf[8] = 0; /* no userid */
2449  }
2450 
2451  connection_buf_add((char *)buf, buf_size, conn);
2452  tor_free(buf);
2453 
2454  conn->proxy_state = PROXY_SOCKS4_WANT_CONNECT_OK;
2455  return 0;
2456 }
2457 
2458 /** Write a proxy request of socks5 to conn for conn->addr:conn->port,
2459  * authenticating with the auth details given in the configuration
2460  * (if available).
2461  *
2462  * Returns -1 if conn->addr is incompatible with the proxy protocol, and
2463  * 0 otherwise.
2464  */
2465 static int
2467 {
2468  tor_assert(conn);
2469 
2470  const or_options_t *options = get_options();
2471  unsigned char buf[4]; /* fields: vers, num methods, method list */
2472 
2473  /* Send a SOCKS5 greeting (connect request must wait) */
2474 
2475  buf[0] = 5; /* version */
2476 
2477  /* We have to use SOCKS5 authentication, if we have a
2478  Socks5ProxyUsername or if we want to pass arguments to our
2479  pluggable transport proxy: */
2480  if ((options->Socks5ProxyUsername) ||
2481  (conn_get_proxy_type(conn) == PROXY_PLUGGABLE &&
2482  (get_socks_args_by_bridge_addrport(&conn->addr, conn->port)))) {
2483  /* number of auth methods */
2484  buf[1] = 2;
2485  buf[2] = 0x00; /* no authentication */
2486  buf[3] = 0x02; /* rfc1929 Username/Passwd auth */
2487  conn->proxy_state = PROXY_SOCKS5_WANT_AUTH_METHOD_RFC1929;
2488  } else {
2489  buf[1] = 1;
2490  buf[2] = 0x00; /* no authentication */
2491  conn->proxy_state = PROXY_SOCKS5_WANT_AUTH_METHOD_NONE;
2492  }
2493 
2494  connection_buf_add((char *)buf, 2 + buf[1], conn);
2495  return 0;
2496 }
2497 
2498 /** Write a proxy request of haproxy to conn for conn->addr:conn->port.
2499  *
2500  * Returns -1 if conn->addr is incompatible with the proxy protocol, and
2501  * 0 otherwise.
2502  */
2503 static int
2505 {
2506  int ret = 0;
2507  tor_addr_port_t *addr_port = tor_addr_port_new(&conn->addr, conn->port);
2508  char *buf = haproxy_format_proxy_header_line(addr_port);
2509 
2510  if (buf == NULL) {
2511  ret = -1;
2512  goto done;
2513  }
2514 
2515  connection_buf_add(buf, strlen(buf), conn);
2516  /* In haproxy, we don't have to wait for the response, but we wait for ack.
2517  * So we can set the state to be PROXY_HAPROXY_WAIT_FOR_FLUSH. */
2518  conn->proxy_state = PROXY_HAPROXY_WAIT_FOR_FLUSH;
2519 
2520  ret = 0;
2521  done:
2522  tor_free(buf);
2523  tor_free(addr_port);
2524  return ret;
2525 }
2526 
2527 /** Write a proxy request of <b>type</b> (socks4, socks5, https, haproxy)
2528  * to conn for conn->addr:conn->port, authenticating with the auth details
2529  * given in the configuration (if available). SOCKS 5 and HTTP CONNECT
2530  * proxies support authentication.
2531  *
2532  * Returns -1 if conn->addr is incompatible with the proxy protocol, and
2533  * 0 otherwise.
2534  *
2535  * Use connection_read_proxy_handshake() to complete the handshake.
2536  */
2537 int
2539 {
2540  int ret = 0;
2541 
2542  tor_assert(conn);
2543 
2544  switch (type) {
2545  case PROXY_CONNECT:
2546  ret = connection_https_proxy_connect(conn);
2547  break;
2548 
2549  case PROXY_SOCKS4:
2550  ret = connection_socks4_proxy_connect(conn);
2551  break;
2552 
2553  case PROXY_SOCKS5:
2554  ret = connection_socks5_proxy_connect(conn);
2555  break;
2556 
2557  case PROXY_HAPROXY:
2559  break;
2560 
2561  default:
2562  log_err(LD_BUG, "Invalid proxy protocol, %d", type);
2564  ret = -1;
2565  break;
2566  }
2567 
2568  if (ret == 0) {
2569  log_debug(LD_NET, "set state %s",
2571  }
2572 
2573  return ret;
2574 }
2575 
2576 /** Read conn's inbuf. If the http response from the proxy is all
2577  * here, make sure it's good news, then return 1. If it's bad news,
2578  * return -1. Else return 0 and hope for better luck next time.
2579  */
2580 static int
2582 {
2583  char *headers;
2584  char *reason=NULL;
2585  int status_code;
2586  time_t date_header;
2587 
2588  switch (fetch_from_buf_http(conn->inbuf,
2589  &headers, MAX_HEADERS_SIZE,
2590  NULL, NULL, 10000, 0)) {
2591  case -1: /* overflow */
2592  log_warn(LD_PROTOCOL,
2593  "Your https proxy sent back an oversized response. Closing.");
2594  return -1;
2595  case 0:
2596  log_info(LD_NET,"https proxy response not all here yet. Waiting.");
2597  return 0;
2598  /* case 1, fall through */
2599  }
2600 
2601  if (parse_http_response(headers, &status_code, &date_header,
2602  NULL, &reason) < 0) {
2603  log_warn(LD_NET,
2604  "Unparseable headers from proxy (connecting to '%s'). Closing.",
2605  conn->address);
2606  tor_free(headers);
2607  return -1;
2608  }
2609  tor_free(headers);
2610  if (!reason) reason = tor_strdup("[no reason given]");
2611 
2612  if (status_code == 200) {
2613  log_info(LD_NET,
2614  "HTTPS connect to '%s' successful! (200 %s) Starting TLS.",
2615  conn->address, escaped(reason));
2616  tor_free(reason);
2617  return 1;
2618  }
2619  /* else, bad news on the status code */
2620  switch (status_code) {
2621  case 403:
2622  log_warn(LD_NET,
2623  "The https proxy refused to allow connection to %s "
2624  "(status code %d, %s). Closing.",
2625  conn->address, status_code, escaped(reason));
2626  break;
2627  default:
2628  log_warn(LD_NET,
2629  "The https proxy sent back an unexpected status code %d (%s). "
2630  "Closing.",
2631  status_code, escaped(reason));
2632  break;
2633  }
2634  tor_free(reason);
2635  return -1;
2636 }
2637 
2638 /** Send SOCKS5 CONNECT command to <b>conn</b>, copying <b>conn->addr</b>
2639  * and <b>conn->port</b> into the request.
2640  */
2641 static void
2643 {
2644  unsigned char buf[1024];
2645  size_t reqsize = 6;
2646  uint16_t port = htons(conn->port);
2647 
2648  buf[0] = 5; /* version */
2649  buf[1] = SOCKS_COMMAND_CONNECT; /* command */
2650  buf[2] = 0; /* reserved */
2651 
2652  if (tor_addr_family(&conn->addr) == AF_INET) {
2653  uint32_t addr = tor_addr_to_ipv4n(&conn->addr);
2654 
2655  buf[3] = 1;
2656  reqsize += 4;
2657  memcpy(buf + 4, &addr, 4);
2658  memcpy(buf + 8, &port, 2);
2659  } else { /* AF_INET6 */
2660  buf[3] = 4;
2661  reqsize += 16;
2662  memcpy(buf + 4, tor_addr_to_in6_addr8(&conn->addr), 16);
2663  memcpy(buf + 20, &port, 2);
2664  }
2665 
2666  connection_buf_add((char *)buf, reqsize, conn);
2667 
2668  conn->proxy_state = PROXY_SOCKS5_WANT_CONNECT_OK;
2669 }
2670 
2671 /** Wrapper around fetch_from_buf_socks_client: see that functions
2672  * for documentation of its behavior. */
2673 static int
2675  int state, char **reason)
2676 {
2677  return fetch_from_buf_socks_client(conn->inbuf, state, reason);
2678 }
2679 
2680 /** Call this from connection_*_process_inbuf() to advance the proxy
2681  * handshake.
2682  *
2683  * No matter what proxy protocol is used, if this function returns 1, the
2684  * handshake is complete, and the data remaining on inbuf may contain the
2685  * start of the communication with the requested server.
2686  *
2687  * Returns 0 if the current buffer contains an incomplete response, and -1
2688  * on error.
2689  */
2690 int
2692 {
2693  int ret = 0;
2694  char *reason = NULL;
2695 
2696  log_debug(LD_NET, "enter state %s",
2698 
2699  switch (conn->proxy_state) {
2700  case PROXY_HTTPS_WANT_CONNECT_OK:
2702  if (ret == 1)
2703  conn->proxy_state = PROXY_CONNECTED;
2704  break;
2705 
2706  case PROXY_SOCKS4_WANT_CONNECT_OK:
2708  conn->proxy_state,
2709  &reason);
2710  if (ret == 1)
2711  conn->proxy_state = PROXY_CONNECTED;
2712  break;
2713 
2714  case PROXY_SOCKS5_WANT_AUTH_METHOD_NONE:
2716  conn->proxy_state,
2717  &reason);
2718  /* no auth needed, do connect */
2719  if (ret == 1) {
2721  ret = 0;
2722  }
2723  break;
2724 
2725  case PROXY_SOCKS5_WANT_AUTH_METHOD_RFC1929:
2727  conn->proxy_state,
2728  &reason);
2729 
2730  /* send auth if needed, otherwise do connect */
2731  if (ret == 1) {
2733  ret = 0;
2734  } else if (ret == 2) {
2735  unsigned char buf[1024];
2736  size_t reqsize, usize, psize;
2737  const char *user, *pass;
2738  char *socks_args_string = NULL;
2739 
2740  if (conn_get_proxy_type(conn) == PROXY_PLUGGABLE) {
2741  socks_args_string =
2743  if (!socks_args_string) {
2744  log_warn(LD_NET, "Could not create SOCKS args string for PT.");
2745  ret = -1;
2746  break;
2747  }
2748 
2749  log_debug(LD_NET, "PT SOCKS5 arguments: %s", socks_args_string);
2750  tor_assert(strlen(socks_args_string) > 0);
2751  tor_assert(strlen(socks_args_string) <= MAX_SOCKS5_AUTH_SIZE_TOTAL);
2752 
2753  if (strlen(socks_args_string) > MAX_SOCKS5_AUTH_FIELD_SIZE) {
2754  user = socks_args_string;
2756  pass = socks_args_string + MAX_SOCKS5_AUTH_FIELD_SIZE;
2757  psize = strlen(socks_args_string) - MAX_SOCKS5_AUTH_FIELD_SIZE;
2758  } else {
2759  user = socks_args_string;
2760  usize = strlen(socks_args_string);
2761  pass = "\0";
2762  psize = 1;
2763  }
2764  } else if (get_options()->Socks5ProxyUsername) {
2765  user = get_options()->Socks5ProxyUsername;
2766  pass = get_options()->Socks5ProxyPassword;
2767  tor_assert(user && pass);
2768  usize = strlen(user);
2769  psize = strlen(pass);
2770  } else {
2771  log_err(LD_BUG, "We entered %s for no reason!", __func__);
2773  ret = -1;
2774  break;
2775  }
2776 
2777  /* Username and password lengths should have been checked
2778  above and during torrc parsing. */
2780  psize <= MAX_SOCKS5_AUTH_FIELD_SIZE);
2781  reqsize = 3 + usize + psize;
2782 
2783  buf[0] = 1; /* negotiation version */
2784  buf[1] = usize;
2785  memcpy(buf + 2, user, usize);
2786  buf[2 + usize] = psize;
2787  memcpy(buf + 3 + usize, pass, psize);
2788 
2789  if (socks_args_string)
2790  tor_free(socks_args_string);
2791 
2792  connection_buf_add((char *)buf, reqsize, conn);
2793 
2794  conn->proxy_state = PROXY_SOCKS5_WANT_AUTH_RFC1929_OK;
2795  ret = 0;
2796  }
2797  break;
2798 
2799  case PROXY_SOCKS5_WANT_AUTH_RFC1929_OK:
2801  conn->proxy_state,
2802  &reason);
2803  /* send the connect request */
2804  if (ret == 1) {
2806  ret = 0;
2807  }
2808  break;
2809 
2810  case PROXY_SOCKS5_WANT_CONNECT_OK:
2812  conn->proxy_state,
2813  &reason);
2814  if (ret == 1)
2815  conn->proxy_state = PROXY_CONNECTED;
2816  break;
2817 
2818  default:
2819  log_err(LD_BUG, "Invalid proxy_state for reading, %d",
2820  conn->proxy_state);
2822  ret = -1;
2823  break;
2824  }
2825 
2826  log_debug(LD_NET, "leaving state %s",
2828 
2829  if (ret < 0) {
2830  if (reason) {
2831  log_warn(LD_NET, "Proxy Client: unable to connect to %s:%d (%s)",
2832  conn->address, conn->port, escaped(reason));
2833  tor_free(reason);
2834  } else {
2835  log_warn(LD_NET, "Proxy Client: unable to connect to %s:%d",
2836  conn->address, conn->port);
2837  }
2838  } else if (ret == 1) {
2839  log_info(LD_NET, "Proxy Client: connection to %s:%d successful",
2840  conn->address, conn->port);
2841  }
2842 
2843  return ret;
2844 }
2845 
2846 /** Given a list of listener connections in <b>old_conns</b>, and list of
2847  * port_cfg_t entries in <b>ports</b>, open a new listener for every port in
2848  * <b>ports</b> that does not already have a listener in <b>old_conns</b>.
2849  *
2850  * Remove from <b>old_conns</b> every connection that has a corresponding
2851  * entry in <b>ports</b>. Add to <b>new_conns</b> new every connection we
2852  * launch. If we may need to perform socket rebind when creating new
2853  * listener that replaces old one, create a <b>listener_replacement_t</b>
2854  * struct for affected pair and add it to <b>replacements</b>.
2855  *
2856  * If <b>control_listeners_only</b> is true, then we only open control
2857  * listeners, and we do not remove any noncontrol listeners from
2858  * old_conns.
2859  *
2860  * Return 0 on success, -1 on failure.
2861  **/
2862 static int
2864  const smartlist_t *ports,
2865  smartlist_t *new_conns,
2866  smartlist_t *replacements,
2867  int control_listeners_only)
2868 {
2869 #ifndef ENABLE_LISTENER_REBIND
2870  (void)replacements;
2871 #endif
2872 
2873  smartlist_t *launch = smartlist_new();
2874  int r = 0;
2875 
2876  if (control_listeners_only) {
2877  SMARTLIST_FOREACH(ports, port_cfg_t *, p, {
2878  if (p->type == CONN_TYPE_CONTROL_LISTENER)
2879  smartlist_add(launch, p);
2880  });
2881  } else {
2882  smartlist_add_all(launch, ports);
2883  }
2884 
2885  /* Iterate through old_conns, comparing it to launch: remove from both lists
2886  * each pair of elements that corresponds to the same port. */
2887  SMARTLIST_FOREACH_BEGIN(old_conns, connection_t *, conn) {
2888  const port_cfg_t *found_port = NULL;
2889 
2890  /* Okay, so this is a listener. Is it configured? */
2891  /* That is, is it either: 1) exact match - address and port
2892  * pair match exactly between old listener and new port; or 2)
2893  * wildcard match - port matches exactly, but *one* of the
2894  * addresses is wildcard (0.0.0.0 or ::)?
2895  */
2896  SMARTLIST_FOREACH_BEGIN(launch, const port_cfg_t *, wanted) {
2897  if (conn->type != wanted->type)
2898  continue;
2899  if ((conn->socket_family != AF_UNIX && wanted->is_unix_addr) ||
2900  (conn->socket_family == AF_UNIX && ! wanted->is_unix_addr))
2901  continue;
2902 
2903  if (wanted->server_cfg.no_listen)
2904  continue; /* We don't want to open a listener for this one */
2905 
2906  if (wanted->is_unix_addr) {
2907  if (conn->socket_family == AF_UNIX &&
2908  !strcmp(wanted->unix_addr, conn->address)) {
2909  found_port = wanted;
2910  break;
2911  }
2912  } else {
2913  /* Numeric values of old and new port match exactly. */
2914  const int port_matches_exact = (wanted->port == conn->port);
2915  /* Ports match semantically - either their specific values
2916  match exactly, or new port is 'auto'.
2917  */
2918  const int port_matches = (wanted->port == CFG_AUTO_PORT ||
2919  port_matches_exact);
2920 
2921  if (port_matches && tor_addr_eq(&wanted->addr, &conn->addr)) {
2922  found_port = wanted;
2923  break;
2924  }
2925 #ifdef ENABLE_LISTENER_REBIND
2926  /* Rebinding may be needed if all of the following are true:
2927  * 1) Address family is the same in old and new listeners.
2928  * 2) Port number matches exactly (numeric value is the same).
2929  * 3) *One* of listeners (either old one or new one) has a
2930  * wildcard IP address (0.0.0.0 or [::]).
2931  *
2932  * These are the exact conditions for a first bind() syscall
2933  * to fail with EADDRINUSE.
2934  */
2935  const int may_need_rebind =
2936  tor_addr_family(&wanted->addr) == tor_addr_family(&conn->addr) &&
2937  port_matches_exact && bool_neq(tor_addr_is_null(&wanted->addr),
2938  tor_addr_is_null(&conn->addr));
2939  if (replacements && may_need_rebind) {
2940  listener_replacement_t *replacement =
2941  tor_malloc(sizeof(listener_replacement_t));
2942 
2943  replacement->old_conn = conn;
2944  replacement->new_port = wanted;
2945  smartlist_add(replacements, replacement);
2946 
2947  SMARTLIST_DEL_CURRENT(launch, wanted);
2948  SMARTLIST_DEL_CURRENT(old_conns, conn);
2949  break;
2950  }
2951 #endif /* defined(ENABLE_LISTENER_REBIND) */
2952  }
2953  } SMARTLIST_FOREACH_END(wanted);
2954 
2955  if (found_port) {
2956  /* This listener is already running; we don't need to launch it. */
2957  //log_debug(LD_NET, "Already have %s on %s:%d",
2958  // conn_type_to_string(found_port->type), conn->address, conn->port);
2959  smartlist_remove(launch, found_port);
2960  /* And we can remove the connection from old_conns too. */
2961  SMARTLIST_DEL_CURRENT(old_conns, conn);
2962  }
2963  } SMARTLIST_FOREACH_END(conn);
2964 
2965  /* Now open all the listeners that are configured but not opened. */
2966  SMARTLIST_FOREACH_BEGIN(launch, const port_cfg_t *, port) {
2967  int skip = 0;
2968  connection_t *conn = connection_listener_new_for_port(port, &skip, NULL);
2969 
2970  if (conn && new_conns)
2971  smartlist_add(new_conns, conn);
2972  else if (!skip)
2973  r = -1;
2974  } SMARTLIST_FOREACH_END(port);
2975 
2976  smartlist_free(launch);
2977 
2978  return r;
2979 }
2980 
2981 /** Launch listeners for each port you should have open. Only launch
2982  * listeners who are not already open, and only close listeners we no longer
2983  * want.
2984  *
2985  * Add all new connections to <b>new_conns</b>.
2986  *
2987  * If <b>close_all_noncontrol</b> is true, then we only open control
2988  * listeners, and we close all other listeners.
2989  */
2990 int
2991 retry_all_listeners(smartlist_t *new_conns, int close_all_noncontrol)
2992 {
2993  smartlist_t *listeners = smartlist_new();
2994  smartlist_t *replacements = smartlist_new();
2995  const or_options_t *options = get_options();
2996  int retval = 0;
2997  const uint16_t old_or_port = router_get_advertised_or_port(options);
2998  const uint16_t old_or_port_ipv6 =
2999  router_get_advertised_or_port_by_af(options,AF_INET6);
3000  const uint16_t old_dir_port = router_get_advertised_dir_port(options, 0);
3001 
3003  if (connection_is_listener(conn) && !conn->marked_for_close)
3004  smartlist_add(listeners, conn);
3005  } SMARTLIST_FOREACH_END(conn);
3006 
3007  if (retry_listener_ports(listeners,
3009  new_conns,
3010  replacements,
3011  close_all_noncontrol) < 0)
3012  retval = -1;
3013 
3014 #ifdef ENABLE_LISTENER_REBIND
3015  if (smartlist_len(replacements))
3016  log_debug(LD_NET, "%d replacements - starting rebinding loop.",
3017  smartlist_len(replacements));
3018 
3019  SMARTLIST_FOREACH_BEGIN(replacements, listener_replacement_t *, r) {
3020  int addr_in_use = 0;
3021  int skip = 0;
3022 
3023  tor_assert(r->new_port);
3024  tor_assert(r->old_conn);
3025 
3026  connection_t *new_conn =
3027  connection_listener_new_for_port(r->new_port, &skip, &addr_in_use);
3028  connection_t *old_conn = r->old_conn;
3029 
3030  if (skip) {
3031  log_debug(LD_NET, "Skipping creating new listener for %s:%d",
3032  old_conn->address, old_conn->port);
3033  continue;
3034  }
3035 
3036  connection_close_immediate(old_conn);
3037  connection_mark_for_close(old_conn);
3038 
3039  if (addr_in_use) {
3040  new_conn = connection_listener_new_for_port(r->new_port,
3041  &skip, &addr_in_use);
3042  }
3043 
3044  tor_assert(new_conn);
3045 
3046  smartlist_add(new_conns, new_conn);
3047 
3048  log_notice(LD_NET, "Closed no-longer-configured %s on %s:%d "
3049  "(replaced by %s:%d)",
3050  conn_type_to_string(old_conn->type), old_conn->address,
3051  old_conn->port, new_conn->address, new_conn->port);
3052  } SMARTLIST_FOREACH_END(r);
3053 #endif /* defined(ENABLE_LISTENER_REBIND) */
3054 
3055  /* Any members that were still in 'listeners' don't correspond to
3056  * any configured port. Kill 'em. */
3057  SMARTLIST_FOREACH_BEGIN(listeners, connection_t *, conn) {
3058  log_notice(LD_NET, "Closing no-longer-configured %s on %s:%d",
3059  conn_type_to_string(conn->type), conn->address, conn->port);
3061  connection_mark_for_close(conn);
3062  } SMARTLIST_FOREACH_END(conn);
3063 
3064  smartlist_free(listeners);
3065  /* Cleanup any remaining listener replacement. */
3066  SMARTLIST_FOREACH(replacements, listener_replacement_t *, r, tor_free(r));
3067  smartlist_free(replacements);
3068 
3069  if (old_or_port != router_get_advertised_or_port(options) ||
3070  old_or_port_ipv6 != router_get_advertised_or_port_by_af(options,
3071  AF_INET6) ||
3072  old_dir_port != router_get_advertised_dir_port(options, 0)) {
3073  /* Our chosen ORPort or DirPort is not what it used to be: the
3074  * descriptor we had (if any) should be regenerated. (We won't
3075  * automatically notice this because of changes in the option,
3076  * since the value could be "auto".) */
3077  mark_my_descriptor_dirty("Chosen Or/DirPort changed");
3078  }
3079 
3080  return retval;
3081 }
3082 
3083 /** Mark every listener of type other than CONTROL_LISTENER to be closed. */
3084 void
3086 {
3088  if (conn->marked_for_close)
3089  continue;
3090  if (conn->type == CONN_TYPE_CONTROL_LISTENER)
3091  continue;
3092  if (connection_is_listener(conn))
3093  connection_mark_for_close(conn);
3094  } SMARTLIST_FOREACH_END(conn);
3095 }
3096 
3097 /** Mark every external connection not used for controllers for close. */
3098 void
3100 {
3102  if (conn->marked_for_close)
3103  continue;
3104  switch (conn->type) {
3106  case CONN_TYPE_CONTROL:
3107  break;
3108  case CONN_TYPE_AP:
3109  connection_mark_unattached_ap(TO_ENTRY_CONN(conn),
3110  END_STREAM_REASON_HIBERNATING);
3111  break;
3112  case CONN_TYPE_OR:
3113  {
3114  or_connection_t *orconn = TO_OR_CONN(conn);
3115  if (orconn->chan) {
3116  connection_or_close_normally(orconn, 0);
3117  } else {
3118  /*
3119  * There should have been one, but mark for close and hope
3120  * for the best..
3121  */
3122  connection_mark_for_close(conn);
3123  }
3124  }
3125  break;
3126  default:
3127  connection_mark_for_close(conn);
3128  break;
3129  }
3130  } SMARTLIST_FOREACH_END(conn);
3131 }
3132 
3133 /** Return 1 if we should apply rate limiting to <b>conn</b>, and 0
3134  * otherwise.
3135  * Right now this just checks if it's an internal IP address or an
3136  * internal connection. We also should, but don't, check if the connection
3137  * uses pluggable transports, since we should then limit it even if it
3138  * comes from an internal IP address. */
3139 static int
3141 {
3142  const or_options_t *options = get_options();
3143  if (conn->linked)
3144  return 0; /* Internal connection */
3145  else if (! options->CountPrivateBandwidth &&
3146  (tor_addr_family(&conn->addr) == AF_UNSPEC || /* no address */
3147  tor_addr_family(&conn->addr) == AF_UNIX || /* no address */
3148  tor_addr_is_internal(&conn->addr, 0)))
3149  return 0; /* Internal address */
3150  else
3151  return 1;
3152 }
3153 
3154 /** When was either global write bucket last empty? If this was recent, then
3155  * we're probably low on bandwidth, and we should be stingy with our bandwidth
3156  * usage. */
3157 static time_t write_buckets_last_empty_at = -100;
3158 
3159 /** How many seconds of no active local circuits will make the
3160  * connection revert to the "relayed" bandwidth class? */
3161 #define CLIENT_IDLE_TIME_FOR_PRIORITY 30
3162 
3163 /** Return 1 if <b>conn</b> should use tokens from the "relayed"
3164  * bandwidth rates, else 0. Currently, only OR conns with bandwidth
3165  * class 1, and directory conns that are serving data out, count.
3166  */
3167 static int
3169 {
3170  if (conn->type == CONN_TYPE_OR &&
3173  return 1;
3174  if (conn->type == CONN_TYPE_DIR && DIR_CONN_IS_SERVER(conn))
3175  return 1;
3176  return 0;
3177 }
3178 
3179 /** Helper function to decide how many bytes out of <b>global_bucket</b>
3180  * we're willing to use for this transaction. <b>base</b> is the size
3181  * of a cell on the network; <b>priority</b> says whether we should
3182  * write many of them or just a few; and <b>conn_bucket</b> (if
3183  * non-negative) provides an upper limit for our answer. */
3184 static ssize_t
3185 connection_bucket_get_share(int base, int priority,
3186  ssize_t global_bucket_val, ssize_t conn_bucket)
3187 {
3188  ssize_t at_most;
3189  ssize_t num_bytes_high = (priority ? 32 : 16) * base;
3190  ssize_t num_bytes_low = (priority ? 4 : 2) * base;
3191 
3192  /* Do a rudimentary limiting so one circuit can't hog a connection.
3193  * Pick at most 32 cells, at least 4 cells if possible, and if we're in
3194  * the middle pick 1/8 of the available bandwidth. */
3195  at_most = global_bucket_val / 8;
3196  at_most -= (at_most % base); /* round down */
3197  if (at_most > num_bytes_high) /* 16 KB, or 8 KB for low-priority */
3198  at_most = num_bytes_high;
3199  else if (at_most < num_bytes_low) /* 2 KB, or 1 KB for low-priority */
3200  at_most = num_bytes_low;
3201 
3202  if (at_most > global_bucket_val)
3203  at_most = global_bucket_val;
3204 
3205  if (conn_bucket >= 0 && at_most > conn_bucket)
3206  at_most = conn_bucket;
3207 
3208  if (at_most < 0)
3209  return 0;
3210  return at_most;
3211 }
3212 
3213 /** How many bytes at most can we read onto this connection? */
3214 static ssize_t
3216 {
3217  int base = RELAY_PAYLOAD_SIZE;
3218  int priority = conn->type != CONN_TYPE_DIR;
3219  ssize_t conn_bucket = -1;
3220  size_t global_bucket_val = token_bucket_rw_get_read(&global_bucket);
3221 
3222  if (connection_speaks_cells(conn)) {
3223  or_connection_t *or_conn = TO_OR_CONN(conn);
3224  if (conn->state == OR_CONN_STATE_OPEN)
3225  conn_bucket = token_bucket_rw_get_read(&or_conn->bucket);
3226  base = get_cell_network_size(or_conn->wide_circ_ids);
3227  }
3228 
3229  if (!connection_is_rate_limited(conn)) {
3230  /* be willing to read on local conns even if our buckets are empty */
3231  return conn_bucket>=0 ? conn_bucket : 1<<14;
3232  }
3233 
3234  if (connection_counts_as_relayed_traffic(conn, now)) {
3235  size_t relayed = token_bucket_rw_get_read(&global_relayed_bucket);
3236  global_bucket_val = MIN(global_bucket_val, relayed);
3237  }
3238 
3239  return connection_bucket_get_share(base, priority,
3240  global_bucket_val, conn_bucket);
3241 }
3242 
3243 /** How many bytes at most can we write onto this connection? */
3244 ssize_t
3246 {
3247  int base = RELAY_PAYLOAD_SIZE;
3248  int priority = conn->type != CONN_TYPE_DIR;
3249  size_t conn_bucket = conn->outbuf_flushlen;
3250  size_t global_bucket_val = token_bucket_rw_get_write(&global_bucket);
3251 
3252  if (!connection_is_rate_limited(conn)) {
3253  /* be willing to write to local conns even if our buckets are empty */
3254  return conn->outbuf_flushlen;
3255  }
3256 
3257  if (connection_speaks_cells(conn)) {
3258  /* use the per-conn write limit if it's lower */
3259  or_connection_t *or_conn = TO_OR_CONN(conn);
3260  if (conn->state == OR_CONN_STATE_OPEN)
3261  conn_bucket = MIN(conn_bucket,
3262  token_bucket_rw_get_write(&or_conn->bucket));
3263  base = get_cell_network_size(or_conn->wide_circ_ids);
3264  }
3265 
3266  if (connection_counts_as_relayed_traffic(conn, now)) {
3267  size_t relayed = token_bucket_rw_get_write(&global_relayed_bucket);
3268  global_bucket_val = MIN(global_bucket_val, relayed);
3269  }
3270 
3271  return connection_bucket_get_share(base, priority,
3272  global_bucket_val, conn_bucket);
3273 }
3274 
3275 /** Return 1 if the global write buckets are low enough that we
3276  * shouldn't send <b>attempt</b> bytes of low-priority directory stuff
3277  * out to <b>conn</b>. Else return 0.
3278 
3279  * Priority was 1 for v1 requests (directories and running-routers),
3280  * and 2 for v2 requests and later (statuses and descriptors).
3281  *
3282  * There are a lot of parameters we could use here:
3283  * - global_relayed_write_bucket. Low is bad.
3284  * - global_write_bucket. Low is bad.
3285  * - bandwidthrate. Low is bad.
3286  * - bandwidthburst. Not a big factor?
3287  * - attempt. High is bad.
3288  * - total bytes queued on outbufs. High is bad. But I'm wary of
3289  * using this, since a few slow-flushing queues will pump up the
3290  * number without meaning what we meant to mean. What we really
3291  * mean is "total directory bytes added to outbufs recently", but
3292  * that's harder to quantify and harder to keep track of.
3293  */
3294 int
3295 global_write_bucket_low(connection_t *conn, size_t attempt, int priority)
3296 {
3297  size_t smaller_bucket =
3298  MIN(token_bucket_rw_get_write(&global_bucket),
3299  token_bucket_rw_get_write(&global_relayed_bucket));
3300  if (authdir_mode(get_options()) && priority>1)
3301  return 0; /* there's always room to answer v2 if we're an auth dir */
3302 
3303  if (!connection_is_rate_limited(conn))
3304  return 0; /* local conns don't get limited */
3305 
3306  if (smaller_bucket < attempt)
3307  return 1; /* not enough space no matter the priority */
3308 
3309  {
3310  const time_t diff = approx_time() - write_buckets_last_empty_at;
3311  if (diff <= 1)
3312  return 1; /* we're already hitting our limits, no more please */
3313  }
3314 
3315  if (priority == 1) { /* old-style v1 query */
3316  /* Could we handle *two* of these requests within the next two seconds? */
3317  const or_options_t *options = get_options();
3318  size_t can_write = (size_t) (smaller_bucket
3319  + 2*(options->RelayBandwidthRate ? options->RelayBandwidthRate :
3320  options->BandwidthRate));
3321  if (can_write < 2*attempt)
3322  return 1;
3323  } else { /* v2 query */
3324  /* no further constraints yet */
3325  }
3326  return 0;
3327 }
3328 
3329 /** When did we last tell the accounting subsystem about transmitted
3330  * bandwidth? */
3332 
3333 /** Helper: adjusts our bandwidth history and informs the controller as
3334  * appropriate, given that we have just read <b>num_read</b> bytes and written
3335  * <b>num_written</b> bytes on <b>conn</b>. */
3336 static void
3338  time_t now, size_t num_read, size_t num_written)
3339 {
3340  /* Count bytes of answering direct and tunneled directory requests */
3341  if (conn->type == CONN_TYPE_DIR && conn->purpose == DIR_PURPOSE_SERVER) {
3342  if (num_read > 0)
3343  rep_hist_note_dir_bytes_read(num_read, now);
3344  if (num_written > 0)
3345  rep_hist_note_dir_bytes_written(num_written, now);
3346  }
3347 
3348  if (!connection_is_rate_limited(conn))
3349  return; /* local IPs are free */
3350 
3351  if (conn->type == CONN_TYPE_OR)
3353  num_written, now);
3354 
3355  if (num_read > 0) {
3356  rep_hist_note_bytes_read(num_read, now);
3357  }
3358  if (num_written > 0) {
3359  rep_hist_note_bytes_written(num_written, now);
3360  }
3361  if (conn->type == CONN_TYPE_EXIT)
3362  rep_hist_note_exit_bytes(conn->port, num_written, num_read);
3363 
3364  /* Remember these bytes towards statistics. */
3365  stats_increment_bytes_read_and_written(num_read, num_written);
3366 
3367  /* Remember these bytes towards accounting. */
3370  accounting_add_bytes(num_read, num_written,
3371  (int)(now - last_recorded_accounting_at));
3372  } else {
3373  accounting_add_bytes(num_read, num_written, 0);
3374  }
3376  }
3377 }
3378 
3379 /** We just read <b>num_read</b> and wrote <b>num_written</b> bytes
3380  * onto <b>conn</b>. Decrement buckets appropriately. */
3381 static void
3383  size_t num_read, size_t num_written)
3384 {
3385  if (num_written >= INT_MAX || num_read >= INT_MAX) {
3386  log_err(LD_BUG, "Value out of range. num_read=%lu, num_written=%lu, "
3387  "connection type=%s, state=%s",
3388  (unsigned long)num_read, (unsigned long)num_written,
3389  conn_type_to_string(conn->type),
3390  conn_state_to_string(conn->type, conn->state));
3391  tor_assert_nonfatal_unreached();
3392  if (num_written >= INT_MAX)
3393  num_written = 1;
3394  if (num_read >= INT_MAX)
3395  num_read = 1;
3396  }
3397 
3398  record_num_bytes_transferred_impl(conn, now, num_read, num_written);
3399 
3400  if (!connection_is_rate_limited(conn))
3401  return; /* local IPs are free */
3402 
3403  unsigned flags = 0;
3404  if (connection_counts_as_relayed_traffic(conn, now)) {
3405  flags = token_bucket_rw_dec(&global_relayed_bucket, num_read, num_written);
3406  }
3407  flags |= token_bucket_rw_dec(&global_bucket, num_read, num_written);
3408 
3409  if (flags & TB_WRITE) {
3411  }
3412  if (connection_speaks_cells(conn) && conn->state == OR_CONN_STATE_OPEN) {
3413  or_connection_t *or_conn = TO_OR_CONN(conn);
3414  token_bucket_rw_dec(&or_conn->bucket, num_read, num_written);
3415  }
3416 }
3417 
3418 /**
3419  * Mark <b>conn</b> as needing to stop reading because bandwidth has been
3420  * exhausted. If <b>is_global_bw</b>, it is closing because global bandwidth
3421  * limit has been exhausted. Otherwise, it is closing because its own
3422  * bandwidth limit has been exhausted.
3423  */
3424 void
3426 {
3427  (void)is_global_bw;
3428  conn->read_blocked_on_bw = 1;
3431 }
3432 
3433 /**
3434  * Mark <b>conn</b> as needing to stop reading because write bandwidth has
3435  * been exhausted. If <b>is_global_bw</b>, it is closing because global
3436  * bandwidth limit has been exhausted. Otherwise, it is closing because its
3437  * own bandwidth limit has been exhausted.
3438 */
3439 void
3441 {
3442  (void)is_global_bw;
3443  conn->write_blocked_on_bw = 1;
3446 }
3447 
3448 /** If we have exhausted our global buckets, or the buckets for conn,
3449  * stop reading. */
3450 void
3452 {
3453  const char *reason;
3454 
3455  if (!connection_is_rate_limited(conn))
3456  return; /* Always okay. */
3457 
3458  int is_global = 1;
3459 
3460  if (token_bucket_rw_get_read(&global_bucket) <= 0) {
3461  reason = "global read bucket exhausted. Pausing.";
3462  } else if (connection_counts_as_relayed_traffic(conn, approx_time()) &&
3463  token_bucket_rw_get_read(&global_relayed_bucket) <= 0) {
3464  reason = "global relayed read bucket exhausted. Pausing.";
3465  } else if (connection_speaks_cells(conn) &&
3466  conn->state == OR_CONN_STATE_OPEN &&
3467  token_bucket_rw_get_read(&TO_OR_CONN(conn)->bucket) <= 0) {
3468  reason = "connection read bucket exhausted. Pausing.";
3469  is_global = false;
3470  } else
3471  return; /* all good, no need to stop it */
3472 
3473  LOG_FN_CONN(conn, (LOG_DEBUG, LD_NET, "%s", reason));
3474  connection_read_bw_exhausted(conn, is_global);
3475 }
3476 
3477 /** If we have exhausted our global buckets, or the buckets for conn,
3478  * stop writing. */
3479 void
3481 {
3482  const char *reason;
3483 
3484  if (!connection_is_rate_limited(conn))
3485  return; /* Always okay. */
3486 
3487  bool is_global = true;
3488  if (token_bucket_rw_get_write(&global_bucket) <= 0) {
3489  reason = "global write bucket exhausted. Pausing.";
3490  } else if (connection_counts_as_relayed_traffic(conn, approx_time()) &&
3491  token_bucket_rw_get_write(&global_relayed_bucket) <= 0) {
3492  reason = "global relayed write bucket exhausted. Pausing.";
3493  } else if (connection_speaks_cells(conn) &&
3494  conn->state == OR_CONN_STATE_OPEN &&
3495  token_bucket_rw_get_write(&TO_OR_CONN(conn)->bucket) <= 0) {
3496  reason = "connection write bucket exhausted. Pausing.";
3497  is_global = false;
3498  } else
3499  return; /* all good, no need to stop it */
3500 
3501  LOG_FN_CONN(conn, (LOG_DEBUG, LD_NET, "%s", reason));
3502  connection_write_bw_exhausted(conn, is_global);
3503 }
3504 
3505 /** Initialize the global buckets to the values configured in the
3506  * options */
3507 void
3509 {
3510  const or_options_t *options = get_options();
3511  const uint32_t now_ts = monotime_coarse_get_stamp();
3512  token_bucket_rw_init(&global_bucket,
3513  (int32_t)options->BandwidthRate,
3514  (int32_t)options->BandwidthBurst,
3515  now_ts);
3516  if (options->RelayBandwidthRate) {
3517  token_bucket_rw_init(&global_relayed_bucket,
3518  (int32_t)options->RelayBandwidthRate,
3519  (int32_t)options->RelayBandwidthBurst,
3520  now_ts);
3521  } else {
3522  token_bucket_rw_init(&global_relayed_bucket,
3523  (int32_t)options->BandwidthRate,
3524  (int32_t)options->BandwidthBurst,
3525  now_ts);
3526  }
3527 
3529 }
3530 
3531 /** Update the global connection bucket settings to a new value. */
3532 void
3534 {
3535  token_bucket_rw_adjust(&global_bucket,
3536  (int32_t)options->BandwidthRate,
3537  (int32_t)options->BandwidthBurst);
3538  if (options->RelayBandwidthRate) {
3539  token_bucket_rw_adjust(&global_relayed_bucket,
3540  (int32_t)options->RelayBandwidthRate,
3541  (int32_t)options->RelayBandwidthBurst);
3542  } else {
3543  token_bucket_rw_adjust(&global_relayed_bucket,
3544  (int32_t)options->BandwidthRate,
3545  (int32_t)options->BandwidthBurst);
3546  }
3547 }
3548 
3549 /**
3550  * Cached value of the last coarse-timestamp when we refilled the
3551  * global buckets.
3552  */
3554 /**
3555  * Refill the token buckets for a single connection <b>conn</b>, and the
3556  * global token buckets as appropriate. Requires that <b>now_ts</b> is
3557  * the time in coarse timestamp units.
3558  */
3559 static void
3561 {
3562  /* Note that we only check for equality here: the underlying
3563  * token bucket functions can handle moving backwards in time if they
3564  * need to. */
3565  if (now_ts != last_refilled_global_buckets_ts) {
3566  token_bucket_rw_refill(&global_bucket, now_ts);
3567  token_bucket_rw_refill(&global_relayed_bucket, now_ts);
3569  }
3570 
3571  if (connection_speaks_cells(conn) && conn->state == OR_CONN_STATE_OPEN) {
3572  or_connection_t *or_conn = TO_OR_CONN(conn);
3573  token_bucket_rw_refill(&or_conn->bucket, now_ts);
3574  }
3575 }
3576 
3577 /**
3578  * Event to re-enable all connections that were previously blocked on read or
3579  * write.
3580  */
3582 
3583 /** True iff reenable_blocked_connections_ev is currently scheduled. */
3585 
3586 /** Delay after which to run reenable_blocked_connections_ev. */
3588 
3589 /**
3590  * Re-enable all connections that were previously blocked on read or write.
3591  * This event is scheduled after enough time has elapsed to be sure
3592  * that the buckets will refill when the connections have something to do.
3593  */
3594 static void
3596 {
3597  (void)ev;
3598  (void)arg;
3600  if (conn->read_blocked_on_bw == 1) {
3602  conn->read_blocked_on_bw = 0;
3603  }
3604  if (conn->write_blocked_on_bw == 1) {
3606  conn->write_blocked_on_bw = 0;
3607  }
3608  } SMARTLIST_FOREACH_END(conn);
3609 
3611 }
3612 
3613 /**
3614  * Initialize the mainloop event that we use to wake up connections that
3615  * find themselves blocked on bandwidth.
3616  */
3617 static void
3619 {
3624  }
3625  time_t sec = options->TokenBucketRefillInterval / 1000;
3626  int msec = (options->TokenBucketRefillInterval % 1000);
3628  reenable_blocked_connections_delay.tv_usec = msec * 1000;
3629 }
3630 
3631 /**
3632  * Called when we have blocked a connection for being low on bandwidth:
3633  * schedule an event to reenable such connections, if it is not already
3634  * scheduled.
3635  */
3636 static void
3638 {
3640  return;
3641  if (BUG(reenable_blocked_connections_ev == NULL)) {
3643  }
3647 }
3648 
3649 /** Read bytes from conn->s and process them.
3650  *
3651  * It calls connection_buf_read_from_socket() to bring in any new bytes,
3652  * and then calls connection_process_inbuf() to process them.
3653  *
3654  * Mark the connection and return -1 if you want to close it, else
3655  * return 0.
3656  */
3657 static int
3659 {
3660  ssize_t max_to_read=-1, try_to_read;
3661  size_t before, n_read = 0;
3662  int socket_error = 0;
3663 
3664  if (conn->marked_for_close)
3665  return 0; /* do nothing */
3666 
3668 
3670 
3671  switch (conn->type) {
3672  case CONN_TYPE_OR_LISTENER:
3676  case CONN_TYPE_AP_LISTENER:
3686  /* This should never happen; eventdns.c handles the reads here. */
3688  return 0;
3689  }
3690 
3691  loop_again:
3692  try_to_read = max_to_read;
3693  tor_assert(!conn->marked_for_close);
3694 
3695  before = buf_datalen(conn->inbuf);
3696  if (connection_buf_read_from_socket(conn, &max_to_read, &socket_error) < 0) {
3697  /* There's a read error; kill the connection.*/
3698  if (conn->type == CONN_TYPE_OR) {
3700  socket_error != 0 ?
3701  errno_to_orconn_end_reason(socket_error) :
3702  END_OR_CONN_REASON_CONNRESET,
3703  socket_error != 0 ?
3704  tor_socket_strerror(socket_error) :
3705  "(unknown, errno was 0)");
3706  }
3707  if (CONN_IS_EDGE(conn)) {
3708  edge_connection_t *edge_conn = TO_EDGE_CONN(conn);
3709  connection_edge_end_errno(edge_conn);
3710  if (conn->type == CONN_TYPE_AP && TO_ENTRY_CONN(conn)->socks_request) {
3711  /* broken, don't send a socks reply back */
3712  TO_ENTRY_CONN(conn)->socks_request->has_finished = 1;
3713  }
3714  }
3715  connection_close_immediate(conn); /* Don't flush; connection is dead. */
3716  /*
3717  * This can bypass normal channel checking since we did
3718  * connection_or_notify_error() above.
3719  */
3720  connection_mark_for_close_internal(conn);
3721  return -1;
3722  }
3723  n_read += buf_datalen(conn->inbuf) - before;
3724  if (CONN_IS_EDGE(conn) && try_to_read != max_to_read) {
3725  /* instruct it not to try to package partial cells. */
3726  if (connection_process_inbuf(conn, 0) < 0) {
3727  return -1;
3728  }
3729  if (!conn->marked_for_close &&
3730  connection_is_reading(conn) &&
3731  !conn->inbuf_reached_eof &&
3732  max_to_read > 0)
3733  goto loop_again; /* try reading again, in case more is here now */
3734  }
3735  /* one last try, packaging partial cells and all. */
3736  if (!conn->marked_for_close &&
3737  connection_process_inbuf(conn, 1) < 0) {
3738  return -1;
3739  }
3740  if (conn->linked_conn) {
3741  /* The other side's handle_write() will never actually get called, so
3742  * we need to invoke the appropriate callbacks ourself. */
3743  connection_t *linked = conn->linked_conn;
3744 
3745  if (n_read) {
3746  /* Probably a no-op, since linked conns typically don't count for
3747  * bandwidth rate limiting. But do it anyway so we can keep stats
3748  * accurately. Note that since we read the bytes from conn, and
3749  * we're writing the bytes onto the linked connection, we count
3750  * these as <i>written</i> bytes. */
3751  connection_buckets_decrement(linked, approx_time(), 0, n_read);
3752 
3753  if (connection_flushed_some(linked) < 0)
3754  connection_mark_for_close(linked);
3755  if (!connection_wants_to_flush(linked))
3757  }
3758 
3759  if (!buf_datalen(linked->outbuf) && conn->active_on_link)
3761  }
3762  /* If we hit the EOF, call connection_reached_eof(). */
3763  if (!conn->marked_for_close &&
3764  conn->inbuf_reached_eof &&
3765  connection_reached_eof(conn) < 0) {
3766  return -1;
3767  }
3768  return 0;
3769 }
3770 
3771 /* DOCDOC connection_handle_read */
3772 int
3773 connection_handle_read(connection_t *conn)
3774 {
3775  int res;
3776  update_current_time(time(NULL));
3777  res = connection_handle_read_impl(conn);
3778  return res;
3779 }
3780 
3781 /** Pull in new bytes from conn->s or conn->linked_conn onto conn->inbuf,
3782  * either directly or via TLS. Reduce the token buckets by the number of bytes
3783  * read.
3784  *
3785  * If *max_to_read is -1, then decide it ourselves, else go with the
3786  * value passed to us. When returning, if it's changed, subtract the
3787  * number of bytes we read from *max_to_read.
3788  *
3789  * Return -1 if we want to break conn, else return 0.
3790  */
3791 static int
3792 connection_buf_read_from_socket(connection_t *conn, ssize_t *max_to_read,
3793  int *socket_error)
3794 {
3795  int result;
3796  ssize_t at_most = *max_to_read;
3797  size_t slack_in_buf, more_to_read;
3798  size_t n_read = 0, n_written = 0;
3799 
3800  if (at_most == -1) { /* we need to initialize it */
3801  /* how many bytes are we allowed to read? */
3802  at_most = connection_bucket_read_limit(conn, approx_time());
3803  }
3804 
3805  slack_in_buf = buf_slack(conn->inbuf);
3806  again:
3807  if ((size_t)at_most > slack_in_buf && slack_in_buf >= 1024) {
3808  more_to_read = at_most - slack_in_buf;
3809  at_most = slack_in_buf;
3810  } else {
3811  more_to_read = 0;
3812  }
3813 
3814  if (connection_speaks_cells(conn) &&
3816  int pending;
3817  or_connection_t *or_conn = TO_OR_CONN(conn);
3818  size_t initial_size;
3819  if (conn->state == OR_CONN_STATE_TLS_HANDSHAKING ||
3821  /* continue handshaking even if global token bucket is empty */
3822  return connection_tls_continue_handshake(or_conn);
3823  }
3824 
3825  log_debug(LD_NET,
3826  "%d: starting, inbuf_datalen %ld (%d pending in tls object)."
3827  " at_most %ld.",
3828  (int)conn->s,(long)buf_datalen(conn->inbuf),
3829  tor_tls_get_pending_bytes(or_conn->tls), (long)at_most);
3830 
3831  initial_size = buf_datalen(conn->inbuf);
3832  /* else open, or closing */
3833  result = buf_read_from_tls(conn->inbuf, or_conn->tls, at_most);
3834  if (TOR_TLS_IS_ERROR(result) || result == TOR_TLS_CLOSE)
3835  or_conn->tls_error = result;
3836  else
3837  or_conn->tls_error = 0;
3838 
3839  switch (result) {
3840  case TOR_TLS_CLOSE:
3841  case TOR_TLS_ERROR_IO:
3842  log_debug(LD_NET,"TLS connection closed %son read. Closing. "
3843  "(Nickname %s, address %s)",
3844  result == TOR_TLS_CLOSE ? "cleanly " : "",
3845  or_conn->nickname ? or_conn->nickname : "not set",
3846  conn->address);
3847  return result;
3849  log_debug(LD_NET,"tls error [%s]. breaking (nickname %s, address %s).",
3850  tor_tls_err_to_string(result),
3851  or_conn->nickname ? or_conn->nickname : "not set",
3852  conn->address);
3853  return result;
3854  case TOR_TLS_WANTWRITE:
3856  return 0;
3857  case TOR_TLS_WANTREAD:
3858  if (conn->in_connection_handle_write) {
3859  /* We've been invoked from connection_handle_write, because we're
3860  * waiting for a TLS renegotiation, the renegotiation started, and
3861  * SSL_read returned WANTWRITE. But now SSL_read is saying WANTREAD
3862  * again. Stop waiting for write events now, or else we'll
3863  * busy-loop until data arrives for us to read.
3864  * XXX: remove this when v2 handshakes support is dropped. */
3866  if (!connection_is_reading(conn))
3868  }
3869  /* we're already reading, one hopes */
3870  break;
3871  case TOR_TLS_DONE: /* no data read, so nothing to process */
3872  break; /* so we call bucket_decrement below */
3873  default:
3874  break;
3875  }
3876  pending = tor_tls_get_pending_bytes(or_conn->tls);
3877  if (pending) {
3878  /* If we have any pending bytes, we read them now. This *can*
3879  * take us over our read allotment, but really we shouldn't be
3880  * believing that SSL bytes are the same as TCP bytes anyway. */
3881  int r2 = buf_read_from_tls(conn->inbuf, or_conn->tls, pending);
3882  if (BUG(r2<0)) {
3883  log_warn(LD_BUG, "apparently, reading pending bytes can fail.");
3884  return -1;
3885  }
3886  }
3887  result = (int)(buf_datalen(conn->inbuf)-initial_size);
3888  tor_tls_get_n_raw_bytes(or_conn->tls, &n_read, &n_written);
3889  log_debug(LD_GENERAL, "After TLS read of %d: %ld read, %ld written",
3890  result, (long)n_read, (long)n_written);
3891  } else if (conn->linked) {
3892  if (conn->linked_conn) {
3893  result = buf_move_to_buf(conn->inbuf, conn->linked_conn->outbuf,
3894  &conn->linked_conn->outbuf_flushlen);
3895  if (BUG(result<0)) {
3896  log_warn(LD_BUG, "reading from linked connection buffer failed.");
3897  return -1;
3898  }
3899  } else {
3900  result = 0;
3901  }
3902  //log_notice(LD_GENERAL, "Moved %d bytes on an internal link!", result);
3903  /* If the other side has disappeared, or if it's been marked for close and
3904  * we flushed its outbuf, then we should set our inbuf_reached_eof. */
3905  if (!conn->linked_conn ||
3906  (conn->linked_conn->marked_for_close &&
3907  buf_datalen(conn->linked_conn->outbuf) == 0))
3908  conn->inbuf_reached_eof = 1;
3909 
3910  n_read = (size_t) result;
3911  } else {
3912  /* !connection_speaks_cells, !conn->linked_conn. */
3913  int reached_eof = 0;
3914  CONN_LOG_PROTECT(conn,
3915  result = buf_read_from_socket(conn->inbuf, conn->s,
3916  at_most,
3917  &reached_eof,
3918  socket_error));
3919  if (reached_eof)
3920  conn->inbuf_reached_eof = 1;
3921 
3922 // log_fn(LOG_DEBUG,"read_to_buf returned %d.",read_result);
3923 
3924  if (result < 0)
3925  return -1;
3926  n_read = (size_t) result;
3927  }
3928 
3929  if (n_read > 0) {
3930  /* change *max_to_read */
3931  *max_to_read = at_most - n_read;
3932 
3933  /* Update edge_conn->n_read */
3934  if (conn->type == CONN_TYPE_AP) {
3935  edge_connection_t *edge_conn = TO_EDGE_CONN(conn);
3936 
3937  /* Check for overflow: */
3938  if (PREDICT_LIKELY(UINT32_MAX - edge_conn->n_read > n_read))
3939  edge_conn->n_read += (int)n_read;
3940  else
3941  edge_conn->n_read = UINT32_MAX;
3942  }
3943 
3944  /* If CONN_BW events are enabled, update conn->n_read_conn_bw for
3945  * OR/DIR/EXIT connections, checking for overflow. */
3947  (conn->type == CONN_TYPE_OR ||
3948  conn->type == CONN_TYPE_DIR ||
3949  conn->type == CONN_TYPE_EXIT)) {
3950  if (PREDICT_LIKELY(UINT32_MAX - conn->n_read_conn_bw > n_read))
3951  conn->n_read_conn_bw += (int)n_read;
3952  else
3953  conn->n_read_conn_bw = UINT32_MAX;
3954  }
3955  }
3956 
3957  connection_buckets_decrement(conn, approx_time(), n_read, n_written);
3958 
3959  if (more_to_read && result == at_most) {
3960  slack_in_buf = buf_slack(conn->inbuf);
3961  at_most = more_to_read;
3962  goto again;
3963  }
3964 
3965  /* Call even if result is 0, since the global read bucket may
3966  * have reached 0 on a different conn, and this connection needs to
3967  * know to stop reading. */
3969  if (n_written > 0 && connection_is_writing(conn))
3971 
3972  return 0;
3973 }
3974 
3975 /** A pass-through to fetch_from_buf. */
3976 int
3977 connection_buf_get_bytes(char *string, size_t len, connection_t *conn)
3978 {
3979  return buf_get_bytes(conn->inbuf, string, len);
3980 }
3981 
3982 /** As buf_get_line(), but read from a connection's input buffer. */
3983 int
3985  size_t *data_len)
3986 {
3987  return buf_get_line(conn->inbuf, data, data_len);
3988 }
3989 
3990 /** As fetch_from_buf_http, but fetches from a connection's input buffer_t as
3991  * appropriate. */
3992 int
3994  char **headers_out, size_t max_headerlen,
3995  char **body_out, size_t *body_used,
3996  size_t max_bodylen, int force_complete)
3997 {
3998  return fetch_from_buf_http(conn->inbuf, headers_out, max_headerlen,
3999  body_out, body_used, max_bodylen, force_complete);
4000 }
4001 
4002 /** Return conn->outbuf_flushlen: how many bytes conn wants to flush
4003  * from its outbuf. */
4004 int
4006 {
4007  return conn->outbuf_flushlen > 0;
4008 }
4009 
4010 /** Are there too many bytes on edge connection <b>conn</b>'s outbuf to
4011  * send back a relay-level sendme yet? Return 1 if so, 0 if not. Used by
4012  * connection_edge_consider_sending_sendme().
4013  */
4014 int
4016 {
4017  return (conn->outbuf_flushlen > 10*CELL_PAYLOAD_SIZE);
4018 }
4019 
4020 /**
4021  * On Windows Vista and Windows 7, tune the send buffer size according to a
4022  * hint from the OS.
4023  *
4024  * This should help fix slow upload rates.
4025  */
4026 static void
4028 {
4029 #ifdef _WIN32
4030  /* We only do this on Vista and 7, because earlier versions of Windows
4031  * don't have the SIO_IDEAL_SEND_BACKLOG_QUERY functionality, and on
4032  * later versions it isn't necessary. */
4033  static int isVistaOr7 = -1;
4034  if (isVistaOr7 == -1) {
4035  isVistaOr7 = 0;
4036  OSVERSIONINFO osvi = { 0 };
4037  osvi.dwOSVersionInfoSize = sizeof(OSVERSIONINFO);
4038  GetVersionEx(&osvi);
4039  if (osvi.dwMajorVersion == 6 && osvi.dwMinorVersion < 2)
4040  isVistaOr7 = 1;
4041  }
4042  if (!isVistaOr7)
4043  return;
4044  if (get_options()->ConstrainedSockets)
4045  return;
4046  ULONG isb = 0;
4047  DWORD bytesReturned = 0;
4048  if (!WSAIoctl(sock, SIO_IDEAL_SEND_BACKLOG_QUERY, NULL, 0,
4049  &isb, sizeof(isb), &bytesReturned, NULL, NULL)) {
4050  setsockopt(sock, SOL_SOCKET, SO_SNDBUF, (const char*)&isb, sizeof(isb));
4051  }
4052 #else /* !defined(_WIN32) */
4053  (void) sock;
4054 #endif /* defined(_WIN32) */
4055 }
4056 
4057 /** Try to flush more bytes onto <b>conn</b>->s.
4058  *
4059  * This function is called in connection_handle_write(), which gets
4060  * called from conn_write_callback() in main.c when libevent tells us
4061  * that <b>conn</b> wants to write.
4062  *
4063  * Update <b>conn</b>->timestamp_last_write_allowed to now, and call flush_buf
4064  * or flush_buf_tls appropriately. If it succeeds and there are no more
4065  * more bytes on <b>conn</b>->outbuf, then call connection_finished_flushing
4066  * on it too.
4067  *
4068  * If <b>force</b>, then write as many bytes as possible, ignoring bandwidth
4069  * limits. (Used for flushing messages to controller connections on fatal
4070  * errors.)
4071  *
4072  * Mark the connection and return -1 if you want to close it, else
4073  * return 0.
4074  */
4075 static int
4077 {
4078  int e;
4079  socklen_t len=(socklen_t)sizeof(e);
4080  int result;
4081  ssize_t max_to_write;
4082  time_t now = approx_time();
4083  size_t n_read = 0, n_written = 0;
4084  int dont_stop_writing = 0;
4085 
4087 
4088  if (conn->marked_for_close || !SOCKET_OK(conn->s))
4089  return 0; /* do nothing */
4090 
4091  if (conn->in_flushed_some) {
4092  log_warn(LD_BUG, "called recursively from inside conn->in_flushed_some");
4093  return 0;
4094  }
4095 
4096  conn->timestamp_last_write_allowed = now;
4097 
4099 
4100  /* Sometimes, "writable" means "connected". */
4101  if (connection_state_is_connecting(conn)) {
4102  if (getsockopt(conn->s, SOL_SOCKET, SO_ERROR, (void*)&e, &len) < 0) {
4103  log_warn(LD_BUG, "getsockopt() syscall failed");
4104  if (conn->type == CONN_TYPE_OR) {
4105  or_connection_t *orconn = TO_OR_CONN(conn);
4106  connection_or_close_for_error(orconn, 0);
4107  } else {
4108  if (CONN_IS_EDGE(conn)) {
4110  }
4111  connection_mark_for_close(conn);
4112  }
4113  return -1;
4114  }
4115  if (e) {
4116  /* some sort of error, but maybe just inprogress still */
4117  if (!ERRNO_IS_CONN_EINPROGRESS(e)) {
4118  log_info(LD_NET,"in-progress connect failed. Removing. (%s)",
4119  tor_socket_strerror(e));
4120  if (CONN_IS_EDGE(conn))
4122  if (conn->type == CONN_TYPE_OR)
4125  tor_socket_strerror(e));
4126 
4128  /*
4129  * This can bypass normal channel checking since we did
4130  * connection_or_notify_error() above.
4131  */
4132  connection_mark_for_close_internal(conn);
4133  return -1;
4134  } else {
4135  return 0; /* no change, see if next time is better */
4136  }
4137  }
4138  /* The connection is successful. */
4139  if (connection_finished_connecting(conn)<0)
4140  return -1;
4141  }
4142 
4143  max_to_write = force ? (ssize_t)conn->outbuf_flushlen
4144  : connection_bucket_write_limit(conn, now);
4145 
4146  if (connection_speaks_cells(conn) &&
4148  or_connection_t *or_conn = TO_OR_CONN(conn);
4149  size_t initial_size;
4150  if (conn->state == OR_CONN_STATE_TLS_HANDSHAKING ||
4153  if (connection_tls_continue_handshake(or_conn) < 0) {
4154  /* Don't flush; connection is dead. */
4156  END_OR_CONN_REASON_MISC,
4157  "TLS error in connection_tls_"
4158  "continue_handshake()");
4160  /*
4161  * This can bypass normal channel checking since we did
4162  * connection_or_notify_error() above.
4163  */
4164  connection_mark_for_close_internal(conn);
4165  return -1;
4166  }
4167  return 0;
4168  } else if (conn->state == OR_CONN_STATE_TLS_SERVER_RENEGOTIATING) {
4169  return connection_handle_read(conn);
4170  }
4171 
4172  /* else open, or closing */
4173  initial_size = buf_datalen(conn->outbuf);
4174  result = buf_flush_to_tls(conn->outbuf, or_conn->tls,
4175  max_to_write, &conn->outbuf_flushlen);
4176 
4177  if (result >= 0)
4178  update_send_buffer_size(conn->s);
4179 
4180  /* If we just flushed the last bytes, tell the channel on the
4181  * or_conn to check if it needs to geoip_change_dirreq_state() */
4182  /* XXXX move this to flushed_some or finished_flushing -NM */
4183  if (buf_datalen(conn->outbuf) == 0 && or_conn->chan)
4184  channel_notify_flushed(TLS_CHAN_TO_BASE(or_conn->chan));
4185 
4186  switch (result) {
4188  case TOR_TLS_CLOSE:
4189  log_info(LD_NET, result != TOR_TLS_CLOSE ?
4190  "tls error. breaking.":"TLS connection closed on flush");
4191  /* Don't flush; connection is dead. */
4193  END_OR_CONN_REASON_MISC,
4194  result != TOR_TLS_CLOSE ?
4195  "TLS error in during flush" :
4196  "TLS closed during flush");
4198  /*
4199  * This can bypass normal channel checking since we did
4200  * connection_or_notify_error() above.
4201  */
4202  connection_mark_for_close_internal(conn);
4203  return -1;
4204  case TOR_TLS_WANTWRITE:
4205  log_debug(LD_NET,"wanted write.");
4206  /* we're already writing */
4207  dont_stop_writing = 1;
4208  break;
4209  case TOR_TLS_WANTREAD:
4210  /* Make sure to avoid a loop if the receive buckets are empty. */
4211  log_debug(LD_NET,"wanted read.");
4212  if (!connection_is_reading(conn)) {
4213  connection_write_bw_exhausted(conn, true);
4214  /* we'll start reading again when we get more tokens in our
4215  * read bucket; then we'll start writing again too.
4216  */
4217  }
4218  /* else no problem, we're already reading */
4219  return 0;
4220  /* case TOR_TLS_DONE:
4221  * for TOR_TLS_DONE, fall through to check if the flushlen
4222  * is empty, so we can stop writing.
4223  */
4224  }
4225 
4226  tor_tls_get_n_raw_bytes(or_conn->tls, &n_read, &n_written);
4227  log_debug(LD_GENERAL, "After TLS write of %d: %ld read, %ld written",
4228  result, (long)n_read, (long)n_written);
4229  or_conn->bytes_xmitted += result;
4230  or_conn->bytes_xmitted_by_tls += n_written;
4231  /* So we notice bytes were written even on error */
4232  /* XXXX This cast is safe since we can never write INT_MAX bytes in a
4233  * single set of TLS operations. But it looks kinda ugly. If we refactor
4234  * the *_buf_tls functions, we should make them return ssize_t or size_t
4235  * or something. */
4236  result = (int)(initial_size-buf_datalen(conn->outbuf));
4237  } else {
4238  CONN_LOG_PROTECT(conn,
4239  result = buf_flush_to_socket(conn->outbuf, conn->s,
4240  max_to_write, &conn->outbuf_flushlen));
4241  if (result < 0) {
4242  if (CONN_IS_EDGE(conn))
4244  if (conn->type == CONN_TYPE_AP) {
4245  /* writing failed; we couldn't send a SOCKS reply if we wanted to */
4246  TO_ENTRY_CONN(conn)->socks_request->has_finished = 1;
4247  }
4248 
4249  connection_close_immediate(conn); /* Don't flush; connection is dead. */
4250  connection_mark_for_close(conn);
4251  return -1;
4252  }
4253  update_send_buffer_size(conn->s);
4254  n_written = (size_t) result;
4255  }
4256 
4257  if (n_written && conn->type == CONN_TYPE_AP) {
4258  edge_connection_t *edge_conn = TO_EDGE_CONN(conn);
4259 
4260  /* Check for overflow: */
4261  if (PREDICT_LIKELY(UINT32_MAX - edge_conn->n_written > n_written))
4262  edge_conn->n_written += (int)n_written;
4263  else
4264  edge_conn->n_written = UINT32_MAX;
4265  }
4266 
4267  /* If CONN_BW events are enabled, update conn->n_written_conn_bw for
4268  * OR/DIR/EXIT connections, checking for overflow. */
4269  if (n_written && get_options()->TestingEnableConnBwEvent &&
4270  (conn->type == CONN_TYPE_OR ||
4271  conn->type == CONN_TYPE_DIR ||
4272  conn->type == CONN_TYPE_EXIT)) {
4273  if (PREDICT_LIKELY(UINT32_MAX - conn->n_written_conn_bw > n_written))
4274  conn->n_written_conn_bw += (int)n_written;
4275  else
4276  conn->n_written_conn_bw = UINT32_MAX;
4277  }
4278 
4279  connection_buckets_decrement(conn, approx_time(), n_read, n_written);
4280 
4281  if (result > 0) {
4282  /* If we wrote any bytes from our buffer, then call the appropriate
4283  * functions. */
4284  if (connection_flushed_some(conn) < 0) {
4285  if (connection_speaks_cells(conn)) {
4287  END_OR_CONN_REASON_MISC,
4288  "Got error back from "
4289  "connection_flushed_some()");
4290  }
4291 
4292  /*
4293  * This can bypass normal channel checking since we did
4294  * connection_or_notify_error() above.
4295  */
4296  connection_mark_for_close_internal(conn);
4297  }
4298  }
4299 
4300  if (!connection_wants_to_flush(conn) &&
4301  !dont_stop_writing) { /* it's done flushing */
4302  if (connection_finished_flushing(conn) < 0) {
4303  /* already marked */
4304  return -1;
4305  }
4306  return 0;
4307  }
4308 
4309  /* Call even if result is 0, since the global write bucket may
4310  * have reached 0 on a different conn, and this connection needs to
4311  * know to stop writing. */
4313  if (n_read > 0 && connection_is_reading(conn))
4315 
4316  return 0;
4317 }
4318 
4319 /* DOCDOC connection_handle_write */
4320 int
4321 connection_handle_write(connection_t *conn, int force)
4322 {
4323  int res;
4324  update_current_time(time(NULL));
4325  /* connection_handle_write_impl() might call connection_handle_read()
4326  * if we're in the middle of a v2 handshake, in which case it needs this
4327  * flag set. */
4328  conn->in_connection_handle_write = 1;
4329  res = connection_handle_write_impl(conn, force);
4330  conn->in_connection_handle_write = 0;
4331  return res;
4332 }
4333 
4334 /**
4335  * Try to flush data that's waiting for a write on <b>conn</b>. Return
4336  * -1 on failure, 0 on success.
4337  *
4338  * Don't use this function for regular writing; the buffers
4339  * system should be good enough at scheduling writes there. Instead, this
4340  * function is for cases when we're about to exit or something and we want
4341  * to report it right away.
4342  */
4343 int
4345 {
4346  return connection_handle_write(conn, 1);
4347 }
4348 
4349 /** Helper for connection_write_to_buf_impl and connection_write_buf_to_buf:
4350  *
4351  * Return true iff it is okay to queue bytes on <b>conn</b>'s outbuf for
4352  * writing.
4353  */
4354 static int
4356 {
4357  /* if it's marked for close, only allow write if we mean to flush it */
4358  if (conn->marked_for_close && !conn->hold_open_until_flushed)
4359  return 0;
4360 
4361  return 1;
4362 }
4363 
4364 /** Helper for connection_write_to_buf_impl and connection_write_buf_to_buf:
4365  *
4366  * Called when an attempt to add bytes on <b>conn</b>'s outbuf has failed;
4367  * mark the connection and warn as appropriate.
4368  */
4369 static void
4371 {
4372  if (CONN_IS_EDGE(conn)) {
4373  /* if it failed, it means we have our package/delivery windows set
4374  wrong compared to our max outbuf size. close the whole circuit. */
4375  log_warn(LD_NET,
4376  "write_to_buf failed. Closing circuit (fd %d).", (int)conn->s);
4377  circuit_mark_for_close(circuit_get_by_edge_conn(TO_EDGE_CONN(conn)),
4378  END_CIRC_REASON_INTERNAL);
4379  } else if (conn->type == CONN_TYPE_OR) {
4380  or_connection_t *orconn = TO_OR_CONN(conn);
4381  log_warn(LD_NET,
4382  "write_to_buf failed on an orconn; notifying of error "
4383  "(fd %d)", (int)(conn->s));
4384  connection_or_close_for_error(orconn, 0);
4385  } else {
4386  log_warn(LD_NET,
4387  "write_to_buf failed. Closing connection (fd %d).",
4388  (int)conn->s);
4389  connection_mark_for_close(conn);
4390  }
4391 }
4392 
4393 /** Helper for connection_write_to_buf_impl and connection_write_buf_to_buf:
4394  *
4395  * Called when an attempt to add bytes on <b>conn</b>'s outbuf has succeeded:
4396  * record the number of bytes added.
4397  */
4398 static void
4400 {
4401  /* If we receive optimistic data in the EXIT_CONN_STATE_RESOLVING
4402  * state, we don't want to try to write it right away, since
4403  * conn->write_event won't be set yet. Otherwise, write data from
4404  * this conn as the socket is available. */
4405  if (conn->write_event) {
4407  }
4408  conn->outbuf_flushlen += len;
4409 }
4410 
4411 /** Append <b>len</b> bytes of <b>string</b> onto <b>conn</b>'s
4412  * outbuf, and ask it to start writing.
4413  *
4414  * If <b>zlib</b> is nonzero, this is a directory connection that should get
4415  * its contents compressed or decompressed as they're written. If zlib is
4416  * negative, this is the last data to be compressed, and the connection's zlib
4417  * state should be flushed.
4418  */
4419 MOCK_IMPL(void,
4420 connection_write_to_buf_impl_,(const char *string, size_t len,
4421  connection_t *conn, int zlib))
4422 {
4423  /* XXXX This function really needs to return -1 on failure. */
4424  int r;
4425  if (!len && !(zlib<0))
4426  return;
4427 
4428  if (!connection_may_write_to_buf(conn))
4429  return;
4430 
4431  size_t written;
4432 
4433  if (zlib) {
4434  size_t old_datalen = buf_datalen(conn->outbuf);
4435  dir_connection_t *dir_conn = TO_DIR_CONN(conn);
4436  int done = zlib < 0;
4437  CONN_LOG_PROTECT(conn, r = buf_add_compress(conn->outbuf,
4438  dir_conn->compress_state,
4439  string, len, done));
4440  written = buf_datalen(conn->outbuf) - old_datalen;
4441  } else {
4442  CONN_LOG_PROTECT(conn, r = buf_add(conn->outbuf, string, len));
4443  written = len;
4444  }
4445  if (r < 0) {
4447  return;
4448  }
4449  connection_write_to_buf_commit(conn, written);
4450 }
4451 
4452 /**
4453  * Write a <b>string</b> (of size <b>len</b> to directory connection
4454  * <b>dir_conn</b>. Apply compression if connection is configured to use
4455  * it and finalize it if <b>done</b> is true.
4456  */
4457 void
4458 connection_dir_buf_add(const char *string, size_t len,
4459  dir_connection_t *dir_conn, int done)
4460 {
4461  if (dir_conn->compress_state != NULL) {
4462  connection_buf_add_compress(string, len, dir_conn, done);
4463  return;
4464  }
4465 
4466  connection_buf_add(string, len, TO_CONN(dir_conn));
4467 }
4468 
4469 void
4470 connection_buf_add_compress(const char *string, size_t len,
4471  dir_connection_t *conn, int done)
4472 {
4473  connection_write_to_buf_impl_(string, len, TO_CONN(conn), done ? -1 : 1);
4474 }
4475 
4476 /**
4477  * Add all bytes from <b>buf</b> to <b>conn</b>'s outbuf, draining them
4478  * from <b>buf</b>. (If the connection is marked and will soon be closed,
4479  * nothing is drained.)
4480  */
4481 void
4483 {
4484  tor_assert(conn);
4485  tor_assert(buf);
4486  size_t len = buf_datalen(buf);
4487  if (len == 0)
4488  return;
4489 
4490  if (!connection_may_write_to_buf(conn))
4491  return;
4492 
4493  buf_move_all(conn->outbuf, buf);
4494  connection_write_to_buf_commit(conn, len);
4495 }
4496 
4497 #define CONN_GET_ALL_TEMPLATE(var, test) \
4498  STMT_BEGIN \
4499  smartlist_t *conns = get_connection_array(); \
4500  smartlist_t *ret_conns = smartlist_new(); \
4501  SMARTLIST_FOREACH_BEGIN(conns, connection_t *, var) { \
4502  if (var && (test) && !var->marked_for_close) \
4503  smartlist_add(ret_conns, var); \
4504  } SMARTLIST_FOREACH_END(var); \
4505  return ret_conns; \
4506  STMT_END
4507 
4508 /* Return a list of connections that aren't close and matches the given type
4509  * and state. The returned list can be empty and must be freed using
4510  * smartlist_free(). The caller does NOT have ownership of the objects in the
4511  * list so it must not free them nor reference them as they can disappear. */
4512 smartlist_t *
4513 connection_list_by_type_state(int type, int state)
4514 {
4515  CONN_GET_ALL_TEMPLATE(conn, (conn->type == type && conn->state == state));
4516 }
4517 
4518 /* Return a list of connections that aren't close and matches the given type
4519  * and purpose. The returned list can be empty and must be freed using
4520  * smartlist_free(). The caller does NOT have ownership of the objects in the
4521  * list so it must not free them nor reference them as they can disappear. */
4522 smartlist_t *
4523 connection_list_by_type_purpose(int type, int purpose)
4524 {
4525  CONN_GET_ALL_TEMPLATE(conn,
4526  (conn->type == type && conn->purpose == purpose));
4527 }
4528 
4529 /** Return a connection_t * from get_connection_array() that satisfies test on
4530  * var, and that is not marked for close. */
4531 #define CONN_GET_TEMPLATE(var, test) \
4532  STMT_BEGIN \
4533  smartlist_t *conns = get_connection_array(); \
4534  SMARTLIST_FOREACH(conns, connection_t *, var, \
4535  { \
4536  if (var && (test) && !var->marked_for_close) \
4537  return var; \
4538  }); \
4539  return NULL; \
4540  STMT_END
4541 
4542 /** Return a connection with given type, address, port, and purpose;
4543  * or NULL if no such connection exists (or if all such connections are marked
4544  * for close). */
4547  const tor_addr_t *addr, uint16_t port,
4548  int purpose))
4549 {
4550  CONN_GET_TEMPLATE(conn,
4551  (conn->type == type &&
4552  tor_addr_eq(&conn->addr, addr) &&
4553  conn->port == port &&
4554  conn->purpose == purpose));
4555 }
4556 
4557 /** Return the stream with id <b>id</b> if it is not already marked for
4558  * close.
4559  */
4560 connection_t *
4562 {
4563  CONN_GET_TEMPLATE(conn, conn->global_identifier == id);
4564 }
4565 
4566 /** Return a connection of type <b>type</b> that is not marked for close.
4567  */
4568 connection_t *
4570 {
4571  CONN_GET_TEMPLATE(conn, conn->type == type);
4572 }
4573 
4574 /** Return a connection of type <b>type</b> that is in state <b>state</b>,
4575  * and that is not marked for close.
4576  */
4577 connection_t *
4578 connection_get_by_type_state(int type, int state)
4579 {
4580  CONN_GET_TEMPLATE(conn, conn->type == type && conn->state == state);
4581 }
4582 
4583 /**
4584  * Return a connection of type <b>type</b> that is not an internally linked
4585  * connection, and is not marked for close.
4586  **/
4589 {
4590  CONN_GET_TEMPLATE(conn, conn->type == type && !conn->linked);
4591 }
4592 
4593 /** Return a connection of type <b>type</b> that has rendquery equal
4594  * to <b>rendquery</b>, and that is not marked for close. If state
4595  * is non-zero, conn must be of that state too.
4596  */
4597 connection_t *
4599  const char *rendquery)
4600 {
4601  tor_assert(type == CONN_TYPE_DIR ||
4602  type == CONN_TYPE_AP || type == CONN_TYPE_EXIT);
4603  tor_assert(rendquery);
4604 
4605  CONN_GET_TEMPLATE(conn,
4606  (conn->type == type &&
4607  (!state || state == conn->state)) &&
4608  (
4609  (type == CONN_TYPE_DIR &&
4610  TO_DIR_CONN(conn)->rend_data &&
4611  !rend_cmp_service_ids(rendquery,
4612  rend_data_get_address(TO_DIR_CONN(conn)->rend_data)))
4613  ||
4614  (CONN_IS_EDGE(conn) &&
4615  TO_EDGE_CONN(conn)->rend_data &&
4616  !rend_cmp_service_ids(rendquery,
4617  rend_data_get_address(TO_EDGE_CONN(conn)->rend_data)))
4618  ));
4619 }
4620 
4621 /** Return a new smartlist of dir_connection_t * from get_connection_array()
4622  * that satisfy conn_test on connection_t *conn_var, and dirconn_test on
4623  * dir_connection_t *dirconn_var. conn_var must be of CONN_TYPE_DIR and not
4624  * marked for close to be included in the list. */
4625 #define DIR_CONN_LIST_TEMPLATE(conn_var, conn_test, \
4626  dirconn_var, dirconn_test) \
4627  STMT_BEGIN \
4628  smartlist_t *conns = get_connection_array(); \
4629  smartlist_t *dir_conns = smartlist_new(); \
4630  SMARTLIST_FOREACH_BEGIN(conns, connection_t *, conn_var) { \
4631  if (conn_var && (conn_test) \
4632  && conn_var->type == CONN_TYPE_DIR \
4633  && !conn_var->marked_for_close) { \
4634  dir_connection_t *dirconn_var = TO_DIR_CONN(conn_var); \
4635  if (dirconn_var && (dirconn_test)) { \
4636  smartlist_add(dir_conns, dirconn_var); \
4637  } \
4638  } \
4639  } SMARTLIST_FOREACH_END(conn_var); \
4640  return dir_conns; \
4641  STMT_END
4642 
4643 /** Return a list of directory connections that are fetching the item
4644  * described by <b>purpose</b>/<b>resource</b>. If there are none,
4645  * return an empty list. This list must be freed using smartlist_free,
4646  * but the pointers in it must not be freed.
4647  * Note that this list should not be cached, as the pointers in it can be
4648  * freed if their connections close. */
4649 smartlist_t *
4651  int purpose,
4652  const char *resource)
4653 {
4655  conn->purpose == purpose,
4656  dirconn,
4657  0 == strcmp_opt(resource,
4658  dirconn->requested_resource));
4659 }
4660 
4661 /** Return a list of directory connections that are fetching the item
4662  * described by <b>purpose</b>/<b>resource</b>/<b>state</b>. If there are
4663  * none, return an empty list. This list must be freed using smartlist_free,
4664  * but the pointers in it must not be freed.
4665  * Note that this list should not be cached, as the pointers in it can be
4666  * freed if their connections close. */
4667 smartlist_t *
4669  int purpose,
4670  const char *resource,
4671  int state)
4672 {
4674  conn->purpose == purpose && conn->state == state,
4675  dirconn,
4676  0 == strcmp_opt(resource,
4677  dirconn->requested_resource));
4678 }
4679 
4680 #undef DIR_CONN_LIST_TEMPLATE
4681 
4682 /** Return an arbitrary active OR connection that isn't <b>this_conn</b>.
4683  *
4684  * We use this to guess if we should tell the controller that we
4685  * didn't manage to connect to any of our bridges. */
4686 static connection_t *
4688 {
4689  CONN_GET_TEMPLATE(conn,
4690  conn != TO_CONN(this_conn) && conn->type == CONN_TYPE_OR);
4691 }
4692 
4693 /** Return 1 if there are any active OR connections apart from
4694  * <b>this_conn</b>.
4695  *
4696  * We use this to guess if we should tell the controller that we
4697  * didn't manage to connect to any of our bridges. */
4698 int
4700 {
4702  if (conn != NULL) {
4703  log_debug(LD_DIR, "%s: Found an OR connection: %s",
4704  __func__, conn->address);
4705  return 1;
4706  }
4707 
4708  return 0;
4709 }
4710 
4711 #undef CONN_GET_TEMPLATE
4712 
4713 /** Return 1 if <b>conn</b> is a listener conn, else return 0. */
4714 int
4716 {
4717  if (conn->type == CONN_TYPE_OR_LISTENER ||
4718  conn->type == CONN_TYPE_EXT_OR_LISTENER ||
4719  conn->type == CONN_TYPE_AP_LISTENER ||
4720  conn->type == CONN_TYPE_AP_TRANS_LISTENER ||
4721  conn->type == CONN_TYPE_AP_DNS_LISTENER ||
4722  conn->type == CONN_TYPE_AP_NATD_LISTENER ||
4724  conn->type == CONN_TYPE_DIR_LISTENER ||
4726  return 1;
4727  return 0;
4728 }
4729 
4730 /** Return 1 if <b>conn</b> is in state "open" and is not marked
4731  * for close, else return 0.
4732  */
4733 int
4735 {
4736  tor_assert(conn);
4737 
4738  if (conn->marked_for_close)
4739  return 0;
4740 
4741  if ((conn->type == CONN_TYPE_OR && conn->state == OR_CONN_STATE_OPEN) ||
4742  (conn->type == CONN_TYPE_EXT_OR) ||
4743  (conn->type == CONN_TYPE_AP && conn->state == AP_CONN_STATE_OPEN) ||
4744  (conn->type == CONN_TYPE_EXIT && conn->state == EXIT_CONN_STATE_OPEN) ||
4745  (conn->type == CONN_TYPE_CONTROL &&
4746  conn->state == CONTROL_CONN_STATE_OPEN))
4747  return 1;
4748 
4749  return 0;
4750 }
4751 
4752 /** Return 1 if conn is in 'connecting' state, else return 0. */
4753 int
4755 {
4756  tor_assert(conn);
4757 
4758  if (conn->marked_for_close)
4759  return 0;
4760  switch (conn->type)
4761  {
4762  case CONN_TYPE_OR:
4763  return conn->state == OR_CONN_STATE_CONNECTING;
4764  case CONN_TYPE_EXIT:
4765  return conn->state == EXIT_CONN_STATE_CONNECTING;
4766  case CONN_TYPE_DIR:
4767  return conn->state == DIR_CONN_STATE_CONNECTING;
4768  }
4769 
4770  return 0;
4771 }
4772 
4773 /** Allocates a base64'ed authenticator for use in http or https
4774  * auth, based on the input string <b>authenticator</b>. Returns it
4775  * if success, else returns NULL. */
4776 char *
4777 alloc_http_authenticator(const char *authenticator)
4778 {
4779  /* an authenticator in Basic authentication
4780  * is just the string "username:password" */
4781  const size_t authenticator_length = strlen(authenticator);
4782  const size_t base64_authenticator_length =
4783  base64_encode_size(authenticator_length, 0) + 1;
4784  char *base64_authenticator = tor_malloc(base64_authenticator_length);
4785  if (base64_encode(base64_authenticator, base64_authenticator_length,
4786  authenticator, authenticator_length, 0) < 0) {
4787  tor_free(base64_authenticator); /* free and set to null */
4788  }
4789  return base64_authenticator;
4790 }
4791 
4792 /** Given a socket handle, check whether the local address (sockname) of the
4793  * socket is one that we've connected from before. If so, double-check
4794  * whether our address has changed and we need to generate keys. If we do,
4795  * call init_keys().
4796  */
4797 static void
4799 {
4800  tor_addr_t out_addr, iface_addr;
4801  tor_addr_t **last_interface_ip_ptr;
4802  sa_family_t family;
4803 
4804  if (!outgoing_addrs)
4806 
4807  if (tor_addr_from_getsockname(&out_addr, sock) < 0) {
4808  int e = tor_socket_errno(sock);
4809  log_warn(LD_NET, "getsockname() to check for address change failed: %s",
4810  tor_socket_strerror(e));
4811  return;
4812  }
4813  family = tor_addr_family(&out_addr);
4814 
4815  if (family == AF_INET)
4816  last_interface_ip_ptr = &last_interface_ipv4;
4817  else if (family == AF_INET6)
4818  last_interface_ip_ptr = &last_interface_ipv6;
4819  else
4820  return;
4821 
4822  if (! *last_interface_ip_ptr) {
4823  tor_addr_t *a = tor_malloc_zero(sizeof(tor_addr_t));
4824  if (get_interface_address6(LOG_INFO, family, a)==0) {
4825  *last_interface_ip_ptr = a;
4826  } else {
4827  tor_free(a);
4828  }
4829  }
4830 
4831  /* If we've used this address previously, we're okay. */
4833  if (tor_addr_eq(a_ptr, &out_addr))
4834  return;
4835  );
4836 
4837  /* Uh-oh. We haven't connected from this address before. Has the interface
4838  * address changed? */
4839  if (get_interface_address6(LOG_INFO, family, &iface_addr)<0)
4840  return;
4841 
4842  if (tor_addr_eq(&iface_addr, *last_interface_ip_ptr)) {
4843  /* Nope, it hasn't changed. Add this address to the list. */
4844  smartlist_add(outgoing_addrs, tor_memdup(&out_addr, sizeof(tor_addr_t)));
4845  } else {
4846  /* The interface changed. We're a client, so we need to regenerate our
4847  * keys. First, reset the state. */
4848  log_notice(LD_NET, "Our IP address has changed. Rotating keys...");
4849  tor_addr_copy(*last_interface_ip_ptr, &iface_addr);
4852  smartlist_add(outgoing_addrs, tor_memdup(&out_addr, sizeof(tor_addr_t)));
4853  /* We'll need to resolve ourselves again. */
4855  /* Okay, now change our keys. */
4856  ip_address_changed(1);
4857  }
4858 }
4859 
4860 /** Some systems have limited system buffers for recv and xmit on
4861  * sockets allocated in a virtual server or similar environment. For a Tor
4862  * server this can produce the "Error creating network socket: No buffer
4863  * space available" error once all available TCP buffer space is consumed.
4864  * This method will attempt to constrain the buffers allocated for the socket
4865  * to the desired size to stay below system TCP buffer limits.
4866  */
4867 static void
4869 {
4870  void *sz = (void*)&size;
4871  socklen_t sz_sz = (socklen_t) sizeof(size);
4872  if (setsockopt(sock, SOL_SOCKET, SO_SNDBUF, sz, sz_sz) < 0) {
4873  int e = tor_socket_errno(sock);
4874  log_warn(LD_NET, "setsockopt() to constrain send "
4875  "buffer to %d bytes failed: %s", size, tor_socket_strerror(e));
4876  }
4877  if (setsockopt(sock, SOL_SOCKET, SO_RCVBUF, sz, sz_sz) < 0) {
4878  int e = tor_socket_errno(sock);
4879  log_warn(LD_NET, "setsockopt() to constrain recv "
4880  "buffer to %d bytes failed: %s", size, tor_socket_strerror(e));
4881  }
4882 }
4883 
4884 /** Process new bytes that have arrived on conn->inbuf.
4885  *
4886  * This function just passes conn to the connection-specific
4887  * connection_*_process_inbuf() function. It also passes in
4888  * package_partial if wanted.
4889  */
4890 static int
4891 connection_process_inbuf(connection_t *conn, int package_partial)
4892 {
4893  tor_assert(conn);
4894 
4895  switch (conn->type) {
4896  case CONN_TYPE_OR:
4898  case CONN_TYPE_EXT_OR:
4900  case CONN_TYPE_EXIT:
4901  case CONN_TYPE_AP:
4903  package_partial);
4904  case CONN_TYPE_DIR:
4906  case CONN_TYPE_CONTROL:
4908  default:
4909  log_err(LD_BUG,"got unexpected conn type %d.", conn->type);
4911  return -1;
4912  }
4913 }
4914 
4915 /** Called whenever we've written data on a connection. */
4916 static int
4918 {
4919  int r = 0;
4920  tor_assert(!conn->in_flushed_some);
4921  conn->in_flushed_some = 1;
4922  if (conn->type == CONN_TYPE_DIR &&
4924  r = connection_dirserv_flushed_some(TO_DIR_CONN(conn));
4925  } else if (conn->type == CONN_TYPE_OR) {
4927  } else if (CONN_IS_EDGE(conn)) {
4929  }
4930  conn->in_flushed_some = 0;
4931  return r;
4932 }
4933 
4934 /** We just finished flushing bytes to the appropriately low network layer,
4935  * and there are no more bytes remaining in conn->outbuf or
4936  * conn->tls to be flushed.
4937  *
4938  * This function just passes conn to the connection-specific
4939  * connection_*_finished_flushing() function.
4940  */
4941 static int
4943 {
4944  tor_assert(conn);
4945 
4946  /* If the connection is closed, don't try to do anything more here. */
4947  if (CONN_IS_CLOSED(conn))
4948  return 0;
4949 
4950 // log_fn(LOG_DEBUG,"entered. Socket %u.", conn->s);
4951 
4953 
4954  switch (conn->type) {
4955  case CONN_TYPE_OR:
4957  case CONN_TYPE_EXT_OR:
4959  case CONN_TYPE_AP:
4960  case CONN_TYPE_EXIT:
4962  case CONN_TYPE_DIR:
4964  case CONN_TYPE_CONTROL:
4966  default:
4967  log_err(LD_BUG,"got unexpected conn type %d.", conn->type);
4969  return -1;
4970  }
4971 }
4972 
4973 /** Called when our attempt to connect() to another server has just
4974  * succeeded.
4975  *
4976  * This function just passes conn to the connection-specific
4977  * connection_*_finished_connecting() function.
4978  */
4979 static int
4981 {
4982  tor_assert(conn);
4983 
4984  if (!server_mode(get_options())) {
4985  /* See whether getsockname() says our address changed. We need to do this
4986  * now that the connection has finished, because getsockname() on Windows
4987  * won't work until then. */
4989  }
4990 
4991  switch (conn->type)
4992  {
4993  case CONN_TYPE_OR:
4995  case CONN_TYPE_EXIT:
4997  case CONN_TYPE_DIR:
4999  default:
5000  log_err(LD_BUG,"got unexpected conn type %d.", conn->type);
5002  return -1;
5003  }
5004 }
5005 
5006 /** Callback: invoked when a connection reaches an EOF event. */
5007 static int
5009 {
5010  switch (conn->type) {
5011  case CONN_TYPE_OR:
5012  case CONN_TYPE_EXT_OR:
5013  return connection_or_reached_eof(TO_OR_CONN(conn));
5014  case CONN_TYPE_AP:
5015  case CONN_TYPE_EXIT:
5017  case CONN_TYPE_DIR:
5019  case CONN_TYPE_CONTROL:
5021  default:
5022  log_err(LD_BUG,"got unexpected conn type %d.", conn->type);
5024  return -1;
5025  }
5026 }
5027 
5028 /** Comparator for the two-orconn case in OOS victim sort */
5029 static int
5031 {
5032  int a_circs, b_circs;
5033  /* Fewer circuits == higher priority for OOS kill, sort earlier */
5034 
5035  a_circs = connection_or_get_num_circuits(a);
5036  b_circs = connection_or_get_num_circuits(b);
5037 
5038  if (a_circs < b_circs) return 1;
5039  else if (a_circs > b_circs) return -1;
5040  else return 0;
5041 }
5042 
5043 /** Sort comparator for OOS victims; better targets sort before worse
5044  * ones. */
5045 static int
5046 oos_victim_comparator(const void **a_v, const void **b_v)
5047 {
5048  connection_t *a = NULL, *b = NULL;
5049 
5050  /* Get connection pointers out */
5051 
5052  a = (connection_t *)(*a_v);
5053  b = (connection_t *)(*b_v);
5054 
5055  tor_assert(a != NULL);
5056  tor_assert(b != NULL);
5057 
5058  /*
5059  * We always prefer orconns as victims currently; we won't even see
5060  * these non-orconn cases, but if we do, sort them after orconns.
5061  */
5062  if (a->type == CONN_TYPE_OR && b->type == CONN_TYPE_OR) {
5064  } else {
5065  /*
5066  * One isn't an orconn; if one is, it goes first. We currently have no
5067  * opinions about cases where neither is an orconn.
5068  */
5069  if (a->type == CONN_TYPE_OR) return -1;
5070  else if (b->type == CONN_TYPE_OR) return 1;
5071  else return 0;
5072  }
5073 }
5074 
5075 /** Pick n victim connections for the OOS handler and return them in a
5076  * smartlist.
5077  */
5080 {
5081  smartlist_t *eligible = NULL, *victims = NULL;
5082  smartlist_t *conns;
5083  int conn_counts_by_type[CONN_TYPE_MAX_ + 1], i;
5084 
5085  /*
5086  * Big damn assumption (someone improve this someday!):
5087  *
5088  * Socket exhaustion normally happens on high-volume relays, and so
5089  * most of the connections involved are orconns. We should pick victims
5090  * by assembling a list of all orconns, and sorting them in order of
5091  * how much 'damage' by some metric we'd be doing by dropping them.
5092  *
5093  * If we move on from orconns, we should probably think about incoming
5094  * directory connections next, or exit connections. Things we should
5095  * probably never kill are controller connections and listeners.
5096  *
5097  * This function will count how many connections of different types
5098  * exist and log it for purposes of gathering data on typical OOS
5099  * situations to guide future improvements.
5100  */
5101 
5102  /* First, get the connection array */
5103  conns = get_connection_array();
5104  /*
5105  * Iterate it and pick out eligible connection types, and log some stats
5106  * along the way.
5107  */
5108  eligible = smartlist_new();
5109  memset(conn_counts_by_type, 0, sizeof(conn_counts_by_type));
5110  SMARTLIST_FOREACH_BEGIN(conns, connection_t *, c) {
5111  /* Bump the counter */
5112  tor_assert(c->type <= CONN_TYPE_MAX_);
5113  ++(conn_counts_by_type[c->type]);
5114 
5115  /* Skip anything without a socket we can free */
5116  if (!(SOCKET_OK(c->s))) {
5117  continue;
5118  }
5119 
5120  /* Skip anything we would count as moribund */
5121  if (connection_is_moribund(c)) {
5122  continue;
5123  }
5124 
5125  switch (c->type) {
5126  case CONN_TYPE_OR:
5127  /* We've got an orconn, it's eligible to be OOSed */
5128  smartlist_add(eligible, c);
5129  break;
5130  default:
5131  /* We don't know what to do with it, ignore it */
5132  break;
5133  }
5134  } SMARTLIST_FOREACH_END(c);
5135 
5136  /* Log some stats */
5137  if (smartlist_len(conns) > 0) {
5138  /* At least one counter must be non-zero */
5139  log_info(LD_NET, "Some stats on conn types seen during OOS follow");
5140  for (i = CONN_TYPE_MIN_; i <= CONN_TYPE_MAX_; ++i) {
5141  /* Did we see any? */
5142  if (conn_counts_by_type[i] > 0) {
5143  log_info(LD_NET, "%s: %d conns",
5145  conn_counts_by_type[i]);
5146  }
5147  }
5148  log_info(LD_NET, "Done with OOS conn type stats");
5149  }
5150 
5151  /* Did we find more eligible targets than we want to kill? */
5152  if (smartlist_len(eligible) > n) {
5153  /* Sort the list in order of target preference */
5155  /* Pick first n as victims */
5156  victims = smartlist_new();
5157  for (i = 0; i < n; ++i) {
5158  smartlist_add(victims, smartlist_get(eligible, i));
5159  }
5160  /* Free the original list */
5161  smartlist_free(eligible);
5162  } else {
5163  /* No, we can just call them all victims */
5164  victims = eligible;
5165  }
5166 
5167  return victims;
5168 }
5169 
5170 /** Kill a list of connections for the OOS handler. */
5171 MOCK_IMPL(STATIC void,
5173 {
5174  if (!conns) return;
5175 
5176  SMARTLIST_FOREACH_BEGIN(conns, connection_t *, c) {
5177  /* Make sure the channel layer gets told about orconns */
5178  if (c->type == CONN_TYPE_OR) {
5180  } else {
5181  connection_mark_for_close(c);
5182  }
5183  } SMARTLIST_FOREACH_END(c);
5184 
5185  log_notice(LD_NET,
5186  "OOS handler marked %d connections",
5187  smartlist_len(conns));
5188 }
5189 
5190 /** Check if a connection is on the way out so the OOS handler doesn't try
5191  * to kill more than it needs. */
5192 int
5194 {
5195  if (conn != NULL &&
5196  (conn->conn_array_index < 0 ||
5197  conn->marked_for_close)) {
5198  return 1;
5199  } else {
5200  return 0;
5201  }
5202 }
5203 
5204 /** Out-of-Sockets handler; n_socks is the current number of open
5205  * sockets, and failed is non-zero if a socket exhaustion related
5206  * error immediately preceded this call. This is where to do
5207  * circuit-killing heuristics as needed.
5208  */
5209 void
5210 connection_check_oos(int n_socks, int failed)
5211 {
5212  int target_n_socks = 0, moribund_socks, socks_to_kill;
5213  smartlist_t *conns;
5214 
5215  /* Early exit: is OOS checking disabled? */
5216  if (get_options()->DisableOOSCheck) {
5217  return;
5218  }
5219 
5220  /* Sanity-check args */
5221  tor_assert(n_socks >= 0);
5222 
5223  /*
5224  * Make some log noise; keep it at debug level since this gets a chance
5225  * to run on every connection attempt.
5226  */
5227  log_debug(LD_NET,
5228  "Running the OOS handler (%d open sockets, %s)",
5229  n_socks, (failed != 0) ? "exhaustion seen" : "no exhaustion");
5230 
5231  /*
5232  * Check if we're really handling an OOS condition, and if so decide how
5233  * many sockets we want to get down to. Be sure we check if the threshold
5234  * is distinct from zero first; it's possible for this to be called a few
5235  * times before we've finished reading the config.
5236  */
5237  if (n_socks >= get_options()->ConnLimit_high_thresh &&
5238  get_options()->ConnLimit_high_thresh != 0 &&
5239  get_options()->ConnLimit_ != 0) {
5240  /* Try to get down to the low threshold */
5241  target_n_socks = get_options()->ConnLimit_low_thresh;
5242  log_notice(LD_NET,
5243  "Current number of sockets %d is greater than configured "
5244  "limit %d; OOS handler trying to get down to %d",
5245  n_socks, get_options()->ConnLimit_high_thresh,
5246  target_n_socks);
5247  } else if (failed) {
5248  /*
5249  * If we're not at the limit but we hit a socket exhaustion error, try to
5250  * drop some (but not as aggressively as ConnLimit_low_threshold, which is
5251  * 3/4 of ConnLimit_)
5252  */
5253  target_n_socks = (n_socks * 9) / 10;
5254  log_notice(LD_NET,
5255  "We saw socket exhaustion at %d open sockets; OOS handler "
5256  "trying to get down to %d",
5257  n_socks, target_n_socks);
5258  }
5259 
5260  if (target_n_socks > 0) {
5261  /*
5262  * It's an OOS!
5263  *
5264  * Count moribund sockets; it's be important that anything we decide
5265  * to get rid of here but don't immediately close get counted as moribund
5266  * on subsequent invocations so we don't try to kill too many things if
5267  * connection_check_oos() gets called multiple times.
5268  */
5269  moribund_socks = connection_count_moribund();
5270 
5271  if (moribund_socks < n_socks - target_n_socks) {
5272  socks_to_kill = n_socks - target_n_socks - moribund_socks;
5273 
5274  conns = pick_oos_victims(socks_to_kill);
5275  if (conns) {
5276  kill_conn_list_for_oos(conns);
5277  log_notice(LD_NET,
5278  "OOS handler killed %d conns", smartlist_len(conns));
5279  smartlist_free(conns);
5280  } else {
5281  log_notice(LD_NET, "OOS handler failed to pick any victim conns");
5282  }
5283  } else {
5284  log_notice(LD_NET,
5285  "Not killing any sockets for OOS because there are %d "
5286  "already moribund, and we only want to eliminate %d",
5287  moribund_socks, n_socks - target_n_socks);
5288  }
5289  }
5290 }
5291 
5292 /** Log how many bytes are used by buffers of different kinds and sizes. */
5293 void
5295 {
5296  uint64_t used_by_type[CONN_TYPE_MAX_+1];
5297  uint64_t alloc_by_type[CONN_TYPE_MAX_+1];
5298  int n_conns_by_type[CONN_TYPE_MAX_+1];
5299  uint64_t total_alloc = 0;
5300  uint64_t total_used = 0;
5301  int i;
5302  smartlist_t *conns = get_connection_array();
5303 
5304  memset(used_by_type, 0, sizeof(used_by_type));
5305  memset(alloc_by_type, 0, sizeof(alloc_by_type));
5306  memset(n_conns_by_type, 0, sizeof(n_conns_by_type));
5307 
5308  SMARTLIST_FOREACH_BEGIN(conns, connection_t *, c) {
5309  int tp = c->type;
5310  ++n_conns_by_type[tp];
5311  if (c->inbuf) {
5312  used_by_type[tp] += buf_datalen(c->inbuf);
5313  alloc_by_type[tp] += buf_allocation(c->inbuf);
5314  }
5315  if (c->outbuf) {
5316  used_by_type[tp] += buf_datalen(c->outbuf);
5317  alloc_by_type[tp] += buf_allocation(c->outbuf);
5318  }
5319  } SMARTLIST_FOREACH_END(c);
5320  for (i=0; i <= CONN_TYPE_MAX_; ++i) {
5321  total_used += used_by_type[i];
5322  total_alloc += alloc_by_type[i];
5323  }
5324 
5325  tor_log(severity, LD_GENERAL,
5326  "In buffers for %d connections: %"PRIu64" used/%"PRIu64" allocated",
5327  smartlist_len(conns),
5328  (total_used), (total_alloc));
5329  for (i=CONN_TYPE_MIN_; i <= CONN_TYPE_MAX_; ++i) {
5330  if (!n_conns_by_type[i])
5331  continue;
5332  tor_log(severity, LD_GENERAL,
5333  " For %d %s connections: %"PRIu64" used/%"PRIu64" allocated",
5334  n_conns_by_type[i], conn_type_to_string(i),
5335  (used_by_type[i]), (alloc_by_type[i]));
5336  }
5337 }
5338 
5339 /** Verify that connection <b>conn</b> has all of its invariants
5340  * correct. Trigger an assert if anything is invalid.
5341  */
5342 void
5344 {
5345  (void) now; /* XXXX unused. */
5346  tor_assert(conn);
5347  tor_assert(conn->type >= CONN_TYPE_MIN_);
5348  tor_assert(conn->type <= CONN_TYPE_MAX_);
5349 
5350  switch (conn->type) {
5351  case CONN_TYPE_OR:
5352  case CONN_TYPE_EXT_OR:
5353  tor_assert(conn->magic == OR_CONNECTION_MAGIC);
5354  break;
5355  case CONN_TYPE_AP:
5356  tor_assert(conn->magic == ENTRY_CONNECTION_MAGIC);
5357  break;
5358  case CONN_TYPE_EXIT:
5359  tor_assert(conn->magic == EDGE_CONNECTION_MAGIC);
5360  break;
5361  case CONN_TYPE_DIR:
5362  tor_assert(conn->magic == DIR_CONNECTION_MAGIC);
5363  break;
5364  case CONN_TYPE_CONTROL:
5365  tor_assert(conn->magic == CONTROL_CONNECTION_MAGIC);
5366  break;
5367  CASE_ANY_LISTENER_TYPE:
5368  tor_assert(conn->magic == LISTENER_CONNECTION_MAGIC);
5369  break;
5370  default:
5371  tor_assert(conn->magic == BASE_CONNECTION_MAGIC);
5372  break;
5373  }
5374 
5375  if (conn->linked_conn) {
5376  tor_assert(conn->linked_conn->linked_conn == conn);
5377  tor_assert(conn->linked);
5378  }
5379  if (conn->linked)
5380  tor_assert(!SOCKET_OK(conn->s));
5381 
5382  if (conn->outbuf_flushlen > 0) {
5383  /* With optimistic data, we may have queued data in
5384  * EXIT_CONN_STATE_RESOLVING while the conn is not yet marked to writing.
5385  * */
5386  tor_assert((conn->type == CONN_TYPE_EXIT &&
5387  conn->state == EXIT_CONN_STATE_RESOLVING) ||
5388  connection_is_writing(conn) ||
5389  conn->write_blocked_on_bw ||
5390  (CONN_IS_EDGE(conn) &&
5391  TO_EDGE_CONN(conn)->edge_blocked_on_circ));
5392  }
5393 
5394  if (conn->hold_open_until_flushed)
5396 
5397  /* XXXX check: read_blocked_on_bw, write_blocked_on_bw, s, conn_array_index,
5398  * marked_for_close. */
5399 
5400  /* buffers */
5401  if (conn->inbuf)
5402  buf_assert_ok(conn->inbuf);
5403  if (conn->outbuf)
5404  buf_assert_ok(conn->outbuf);
5405 
5406  if (conn->type == CONN_TYPE_OR) {
5407  or_connection_t *or_conn = TO_OR_CONN(conn);
5408  if (conn->state == OR_CONN_STATE_OPEN) {
5409  /* tor_assert(conn->bandwidth > 0); */
5410  /* the above isn't necessarily true: if we just did a TLS
5411  * handshake but we didn't recognize the other peer, or it
5412  * gave a bad cert/etc, then we won't have assigned bandwidth,
5413  * yet it will be open. -RD
5414  */
5415 // tor_assert(conn->read_bucket >= 0);
5416  }
5417 // tor_assert(conn->addr && conn->port);
5418  tor_assert(conn->address);
5420  tor_assert(or_conn->tls);
5421  }
5422 
5423  if (CONN_IS_EDGE(conn)) {
5424  /* XXX unchecked: package window, deliver window. */
5425  if (conn->type == CONN_TYPE_AP) {
5426  entry_connection_t *entry_conn = TO_ENTRY_CONN(conn);
5427  if (entry_conn->chosen_exit_optional || entry_conn->chosen_exit_retries)
5428  tor_assert(entry_conn->chosen_exit_name);
5429 
5430  tor_assert(entry_conn->socks_request);
5431  if (conn->state == AP_CONN_STATE_OPEN) {
5432  tor_assert(entry_conn->socks_request->has_finished);
5433  if (!conn->marked_for_close) {
5434  tor_assert(ENTRY_TO_EDGE_CONN(entry_conn)->cpath_layer);
5435  cpath_assert_layer_ok(ENTRY_TO_EDGE_CONN(entry_conn)->cpath_layer);
5436  }
5437  }
5438  }
5439  if (conn->type == CONN_TYPE_EXIT) {
5441  conn->purpose == EXIT_PURPOSE_RESOLVE);
5442  }
5443  } else if (conn->type == CONN_TYPE_DIR) {
5444  } else {
5445  /* Purpose is only used for dir and exit types currently */
5446  tor_assert(!conn->purpose);
5447  }
5448 
5449  switch (conn->type)
5450  {
5451  CASE_ANY_LISTENER_TYPE:
5453  break;
5454  case CONN_TYPE_OR:
5455  tor_assert(conn->state >= OR_CONN_STATE_MIN_);
5456  tor_assert(conn->state <= OR_CONN_STATE_MAX_);
5457  break;
5458  case CONN_TYPE_EXT_OR:
5460  tor_assert(conn->state <= EXT_OR_CONN_STATE_MAX_);
5461  break;
5462  case CONN_TYPE_EXIT:
5463  tor_assert(conn->state >= EXIT_CONN_STATE_MIN_);
5464  tor_assert(conn->state <= EXIT_CONN_STATE_MAX_);
5465  tor_assert(conn->purpose >= EXIT_PURPOSE_MIN_);
5466  tor_assert(conn->purpose <= EXIT_PURPOSE_MAX_);
5467  break;
5468  case CONN_TYPE_AP:
5469  tor_assert(conn->state >= AP_CONN_STATE_MIN_);
5470  tor_assert(conn->state <= AP_CONN_STATE_MAX_);
5471  tor_assert(TO_ENTRY_CONN(conn)->socks_request);
5472  break;
5473  case CONN_TYPE_DIR:
5474  tor_assert(conn->state >= DIR_CONN_STATE_MIN_);
5475  tor_assert(conn->state <= DIR_CONN_STATE_MAX_);
5476  tor_assert(conn->purpose >= DIR_PURPOSE_MIN_);
5477  tor_assert(conn->purpose <= DIR_PURPOSE_MAX_);
5478  break;
5479  case CONN_TYPE_CONTROL:
5480  tor_assert(conn->state >= CONTROL_CONN_STATE_MIN_);
5481  tor_assert(conn->state <= CONTROL_CONN_STATE_MAX_);
5482  break;
5483  default:
5484  tor_assert(0);
5485  }
5486 }
5487 
5488 /** Fills <b>addr</b> and <b>port</b> with the details of the global
5489  * proxy server we are using. Store a 1 to the int pointed to by
5490  * <b>is_put_out</b> if the connection is using a pluggable
5491  * transport; store 0 otherwise. <b>conn</b> contains the connection
5492  * we are using the proxy for.
5493  *
5494  * Return 0 on success, -1 on failure.
5495  */
5496 int
5497 get_proxy_addrport(tor_addr_t *addr, uint16_t *port, int *proxy_type,
5498  int *is_pt_out, const connection_t *conn)
5499 {
5500  const or_options_t *options = get_options();
5501 
5502  *is_pt_out = 0;
5503  /* Client Transport Plugins can use another proxy, but that should be hidden
5504  * from the rest of tor (as the plugin is responsible for dealing with the
5505  * proxy), check it first, then check the rest of the proxy types to allow
5506  * the config to have unused ClientTransportPlugin entries.
5507  */
5508  if (options->ClientTransportPlugin) {
5509  const transport_t *transport = NULL;
5510  int r;
5511  r = get_transport_by_bridge_addrport(&conn->addr, conn->port, &transport);
5512  if (r<0)
5513  return -1;
5514  if (transport) { /* transport found */
5515  tor_addr_copy(addr, &transport->addr);
5516  *port = transport->port;
5517  *proxy_type = transport->socks_version;
5518  *is_pt_out = 1;
5519  return 0;
5520  }
5521 
5522  /* Unused ClientTransportPlugin. */
5523  }
5524 
5525  if (options->HTTPSProxy) {
5526  tor_addr_copy(addr, &options->HTTPSProxyAddr);
5527  *port = options->HTTPSProxyPort;
5528  *proxy_type = PROXY_CONNECT;
5529  return 0;
5530  } else if (options->Socks4Proxy) {
5531  tor_addr_copy(addr, &options->Socks4ProxyAddr);
5532  *port = options->Socks4ProxyPort;
5533  *proxy_type = PROXY_SOCKS4;
5534  return 0;
5535  } else if (options->Socks5Proxy) {
5536  tor_addr_copy(addr, &options->Socks5ProxyAddr);
5537  *port = options->Socks5ProxyPort;
5538  *proxy_type = PROXY_SOCKS5;
5539  return 0;
5540  } else if (options->TCPProxy) {
5541  tor_addr_copy(addr, &options->TCPProxyAddr);
5542  *port = options->TCPProxyPort;
5543  /* The only supported protocol in TCPProxy is haproxy. */
5545  *proxy_type = PROXY_HAPROXY;
5546  return 0;
5547  }
5548 
5549  tor_addr_make_unspec(addr);
5550  *port = 0;
5551  *proxy_type = PROXY_NONE;
5552  return 0;
5553 }
5554 
5555 /** Log a failed connection to a proxy server.
5556  * <b>conn</b> is the connection we use the proxy server for. */
5557 void
5559 {
5560  tor_addr_t proxy_addr;
5561  uint16_t proxy_port;
5562  int proxy_type, is_pt;
5563 
5564  if (get_proxy_addrport(&proxy_addr, &proxy_port, &proxy_type, &is_pt,
5565  conn) != 0)
5566  return; /* if we have no proxy set up, leave this function. */
5567 
5568  (void)is_pt;
5569  log_warn(LD_NET,
5570  "The connection to the %s proxy server at %s just failed. "
5571  "Make sure that the proxy server is up and running.",
5572  proxy_type_to_string(proxy_type),
5573  fmt_addrport(&proxy_addr, proxy_port));
5574 }
5575 
5576 /** Return string representation of <b>proxy_type</b>. */
5577 static const char *
5578 proxy_type_to_string(int proxy_type)
5579 {
5580  switch (proxy_type) {
5581  case PROXY_CONNECT: return "HTTP";
5582  case PROXY_SOCKS4: return "SOCKS4";
5583  case PROXY_SOCKS5: return "SOCKS5";
5584  case PROXY_HAPROXY: return "HAPROXY";
5585  case PROXY_PLUGGABLE: return "pluggable transports SOCKS";
5586  case PROXY_NONE: return "NULL";
5587  default: tor_assert(0);
5588  }
5589  return NULL; /*Unreached*/
5590 }
5591 
5592 /** Call connection_free_minimal() on every connection in our array, and
5593  * release all storage held by connection.c.
5594  *
5595  * Don't do the checks in connection_free(), because they will
5596  * fail.
5597  */
5598 void
5600 {
5601  smartlist_t *conns = get_connection_array();
5602 
5603  /* We don't want to log any messages to controllers. */
5604  SMARTLIST_FOREACH(conns, connection_t *, conn,
5605  if (conn->type == CONN_TYPE_CONTROL)
5606  TO_CONTROL_CONN(conn)->event_mask = 0);
5607 
5609 
5610  /* Unlink everything from the identity map. */
5613 
5614  /* Clear out our list of broken connections */
5616 
5617  SMARTLIST_FOREACH(conns, connection_t *, conn,
5618  connection_free_minimal(conn));
5619 
5620  if (outgoing_addrs) {
5622  smartlist_free(outgoing_addrs);
5623  outgoing_addrs = NULL;
5624  }
5625 
5627  tor_free(last_interface_ipv6);
5629 
5630  mainloop_event_free(reenable_blocked_connections_ev);
5632  memset(&reenable_blocked_connections_delay, 0, sizeof(struct timeval));
5633 }
5634 
5635 /** Log a warning, and possibly emit a control event, that <b>received</b> came
5636  * at a skewed time. <b>trusted</b> indicates that the <b>source</b> was one
5637  * that we had more faith in and therefore the warning level should have higher
5638  * severity.
5639  */
5640 MOCK_IMPL(void,
5641 clock_skew_warning, (const connection_t *conn, long apparent_skew, int trusted,
5642  log_domain_mask_t domain, const char *received,
5643  const char *source))
5644 {
5645  char dbuf[64];
5646  char *ext_source = NULL, *warn = NULL;
5647  format_time_interval(dbuf, sizeof(dbuf), apparent_skew);
5648  if (conn)
5649  tor_asprintf(&ext_source, "%s:%s:%d", source, conn->address, conn->port);
5650  else
5651  ext_source = tor_strdup(source);
5652  log_fn(trusted ? LOG_WARN : LOG_INFO, domain,
5653  "Received %s with skewed time (%s): "
5654  "It seems that our clock is %s by %s, or that theirs is %s%s. "
5655  "Tor requires an accurate clock to work: please check your time, "
5656  "timezone, and date settings.", received, ext_source,
5657  apparent_skew > 0 ? "ahead" : "behind", dbuf,
5658  apparent_skew > 0 ? "behind" : "ahead",
5659  (!conn || trusted) ? "" : ", or they are sending us the wrong time");
5660  if (trusted) {
5661  control_event_general_status(LOG_WARN, "CLOCK_SKEW SKEW=%ld SOURCE=%s",
5662  apparent_skew, ext_source);
5663  tor_asprintf(&warn, "Clock skew %ld in %s from %s", apparent_skew,
5664  received, source);
5665  control_event_bootstrap_problem(warn, "CLOCK_SKEW", conn, 1);
5666  }
5667  tor_free(warn);
5668  tor_free(ext_source);
5669 }
#define RELAY_PAYLOAD_SIZE
Definition: or.h:605
static void connection_bucket_refill_single(connection_t *conn, uint32_t now_ts)
Definition: connection.c:3560
Header file for dirserv.c.
void connection_or_close_for_error(or_connection_t *orconn, int flush)
void rep_hist_note_bytes_read(uint64_t num_bytes, time_t when)
Definition: rephist.c:1166
#define AP_CONN_STATE_CONNECT_WAIT
#define DIR_PURPOSE_SERVER
Definition: directory.h:62
uint64_t global_identifier
Definition: channel.h:197
#define CASE_TOR_TLS_ERROR_ANY_NONIO
Definition: tortls.h:53
void accounting_add_bytes(size_t n_read, size_t n_written, int seconds)
Definition: hibernate.c:331
#define CONN_TYPE_DIR_LISTENER
Definition: connection.h:51
struct tor_compress_state_t * compress_state
smartlist_t * get_connection_array(void)
Definition: mainloop.c:452
Header file for rendcommon.c.
#define CONN_TYPE_CONTROL_LISTENER
Definition: connection.h:56
int fascist_firewall_prefer_ipv6_orport(const or_options_t *options)
Definition: policies.c:508
STATIC void kill_conn_list_for_oos(smartlist_t *conns)
Definition: connection.c:5172
unsigned int cpd_check_t
Definition: dir.h:20
STATIC int connection_connect_sockaddr(connection_t *conn, const struct sockaddr *sa, socklen_t sa_len, const struct sockaddr *bindaddr, socklen_t bindaddr_len, int *socket_error)
Definition: connection.c:1944
Header file for channeltls.c.
#define AP_CONN_STATE_RESOLVE_WAIT
void rep_hist_note_dir_bytes_written(uint64_t num_bytes, time_t when)
Definition: rephist.c:1176
void connection_or_close_normally(or_connection_t *orconn, int flush)
Router descriptor structure.
const tor_addr_t * conn_get_outbound_address(sa_family_t family, const or_options_t *options, unsigned int conn_type)
Definition: connection.c:2127
Header file containing common data for the whole HS subsytem.
uint16_t HTTPSProxyPort
int token_bucket_rw_refill(token_bucket_rw_t *bucket, uint32_t now_ts)
Definition: token_bucket.c:183
void connection_start_writing(connection_t *conn)
Definition: mainloop.c:688
Header file for circuitbuild.c.
unsigned int socks_use_extended_errors
int get_proxy_addrport(tor_addr_t *addr, uint16_t *port, int *proxy_type, int *is_pt_out, const connection_t *conn)
Definition: connection.c:5497
int connection_is_moribund(connection_t *conn)
Definition: connection.c:5193
int socks_policy_permits_address(const tor_addr_t *addr)
Definition: policies.c:1132
static smartlist_t * outgoing_addrs
Definition: connection.c:204
static int connection_read_https_proxy_response(connection_t *conn)
Definition: connection.c:2581
#define SMARTLIST_FOREACH_BEGIN(sl, type, var)
uint16_t sa_family_t
Definition: inaddr_st.h:77
#define SOCKS_COMMAND_CONNECT
Header for backtrace.c.
#define TO_CONN(c)
Definition: or.h:735
static int connection_flushed_some(connection_t *conn)
Definition: connection.c:4917
static int connection_fetch_from_buf_socks_client(connection_t *conn, int state, char **reason)
Definition: connection.c:2674
unsigned int linked_conn_is_closed
Definition: connection_st.h:86
void entry_guard_cancel(circuit_guard_state_t **guard_state_p)
Definition: entrynodes.c:2459
void connection_mark_all_noncontrol_connections(void)
Definition: connection.c:3099
void connection_ap_about_to_close(entry_connection_t *entry_conn)
uint8_t type
Definition: port_cfg_st.h:23
int connection_flush(connection_t *conn)
Definition: connection.c:4344
#define MOCK_IMPL(rv, funcname, arglist)
Definition: testsupport.h:133
void tor_addr_make_unspec(tor_addr_t *a)
Definition: address.c:225
#define EXT_OR_CONN_STATE_MIN_
Definition: ext_orport.h:17
void update_current_time(time_t now)
Definition: mainloop.c:2195
int check_private_dir(const char *dirname, cpd_check_t check, const char *effective_user)
Definition: dir.c:71
uint16_t router_get_advertised_or_port(const or_options_t *options)
Definition: router.c:1425
static void connection_send_socks5_connect(connection_t *conn)
Definition: connection.c:2642
int tor_close_socket(tor_socket_t s)
Definition: socket.c:217
uint16_t router_get_advertised_or_port_by_af(const or_options_t *options, sa_family_t family)
Definition: router.c:1433
static void update_send_buffer_size(tor_socket_t sock)
Definition: connection.c:4027
char * Socks5ProxyPassword
#define EXIT_PURPOSE_CONNECT
int ClientPreferIPv6DirPort
connection_t * connection_get_by_type_nonlinked(int type)
Definition: connection.c:4588
Header for buffers_tls.c.
int connection_state_is_connecting(connection_t *conn)
Definition: connection.c:4754
void channel_close_for_error(channel_t *chan)
Definition: channel.c:1218
#define EXIT_CONN_STATE_RESOLVING
#define CONN_TYPE_AP_NATD_LISTENER
Definition: connection.h:64
uint32_t n_written_conn_bw
#define CTASSERT(x)
Definition: ctassert.h:44
unsigned int purpose
Definition: connection_st.h:51
Header file for connection.c.
static int oos_victim_comparator(const void **a_v, const void **b_v)
Definition: connection.c:5046
#define EXIT_CONN_STATE_RESOLVEFAILED
const char * tor_tls_err_to_string(int err)
Definition: tortls.c:155
static int connection_https_proxy_connect(connection_t *conn)
Definition: connection.c:2343
void connection_stop_reading_from_linked_conn(connection_t *conn)
Definition: mainloop.c:820
connection_t * connection_get_by_type_state_rendquery(int type, int state, const char *rendquery)
Definition: connection.c:4598
char unix_addr[FLEXIBLE_ARRAY_MEMBER]
Definition: port_cfg_st.h:36
#define LD_GENERAL
Definition: log.h:62
static void connection_init(time_t now, connection_t *conn, int type, int socket_family)
Definition: connection.c:492
void connection_consider_empty_read_buckets(connection_t *conn)
Definition: connection.c:3451
#define MAX_SOCKS5_AUTH_FIELD_SIZE
Definition: connection.h:202
void connection_free_(connection_t *conn)
Definition: connection.c:758
static int connection_reached_eof(connection_t *conn)
Definition: connection.c:5008
int rend_cmp_service_ids(const char *one, const char *two)
Definition: rendcommon.c:48
dir_connection_t * dir_connection_new(int socket_family)
Definition: connection.c:361
int get_interface_address6(int severity, sa_family_t family, tor_addr_t *addr)
Definition: address.c:1629
static void client_check_address_changed(tor_socket_t sock)
Definition: connection.c:4798
static int connection_handle_listener_read(connection_t *conn, int new_type)
Definition: connection.c:1699
#define DOWNCAST(to, ptr)
Definition: or.h:109
int buf_flush_to_socket(buf_t *buf, tor_socket_t s, size_t sz, size_t *buf_flushlen)
Definition: buffers_net.c:231
static ssize_t connection_bucket_get_share(int base, int priority, ssize_t global_bucket_val, ssize_t conn_bucket)
Definition: connection.c:3185
Listener connection structure.
#define CONN_TYPE_AP_TRANS_LISTENER
Definition: connection.h:61
tor_addr_t addr
Definition: port_cfg_st.h:20
int authdir_mode(const or_options_t *options)
Definition: authmode.c:25
time_t connection_or_client_used(or_connection_t *conn)
Headers for compress.c.
void connection_link_connections(connection_t *conn_a, connection_t *conn_b)
Definition: connection.c:540
int conn_array_index
Definition: connection_st.h:94
#define LOG_INFO
Definition: log.h:45
static uint32_t tor_addr_to_ipv4n(const tor_addr_t *a)
Definition: address.h:145
Header file for nodelist.c.