Tor  0.4.4.0-alpha-dev
connection.c
Go to the documentation of this file.
1 /* Copyright (c) 2001 Matej Pfajfar.
2  * Copyright (c) 2001-2004, Roger Dingledine.
3  * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson.
4  * Copyright (c) 2007-2020, The Tor Project, Inc. */
5 /* See LICENSE for licensing information */
6 
7 /**
8  * \file connection.c
9  * \brief General high-level functions to handle reading and writing
10  * on connections.
11  *
12  * Each connection (ideally) represents a TLS connection, a TCP socket, a unix
13  * socket, or a UDP socket on which reads and writes can occur. (But see
14  * connection_edge.c for cases where connections can also represent streams
15  * that do not have a corresponding socket.)
16  *
17  * The module implements the abstract type, connection_t. The subtypes are:
18  * <ul>
19  * <li>listener_connection_t, implemented here in connection.c
20  * <li>dir_connection_t, implemented in directory.c
21  * <li>or_connection_t, implemented in connection_or.c
22  * <li>edge_connection_t, implemented in connection_edge.c, along with
23  * its subtype(s):
24  * <ul><li>entry_connection_t, also implemented in connection_edge.c
25  * </ul>
26  * <li>control_connection_t, implemented in control.c
27  * </ul>
28  *
29  * The base type implemented in this module is responsible for basic
30  * rate limiting, flow control, and marshalling bytes onto and off of the
31  * network (either directly or via TLS).
32  *
33  * Connections are registered with the main loop with connection_add(). As
34  * they become able to read or write register the fact with the event main
35  * loop by calling connection_watch_events(), connection_start_reading(), or
36  * connection_start_writing(). When they no longer want to read or write,
37  * they call connection_stop_reading() or connection_stop_writing().
38  *
39  * To queue data to be written on a connection, call
40  * connection_buf_add(). When data arrives, the
41  * connection_process_inbuf() callback is invoked, which dispatches to a
42  * type-specific function (such as connection_edge_process_inbuf() for
43  * example). Connection types that need notice of when data has been written
44  * receive notification via connection_flushed_some() and
45  * connection_finished_flushing(). These functions all delegate to
46  * type-specific implementations.
47  *
48  * Additionally, beyond the core of connection_t, this module also implements:
49  * <ul>
50  * <li>Listeners, which wait for incoming sockets and launch connections
51  * <li>Outgoing SOCKS proxy support
52  * <li>Outgoing HTTP proxy support
53  * <li>An out-of-sockets handler for dealing with socket exhaustion
54  * </ul>
55  **/
56 
57 #define CONNECTION_PRIVATE
58 #include "core/or/or.h"
59 #include "feature/client/bridges.h"
60 #include "lib/buf/buffers.h"
61 #include "lib/tls/buffers_tls.h"
62 #include "lib/err/backtrace.h"
63 
64 /*
65  * Define this so we get channel internal functions, since we're implementing
66  * part of a subclass (channel_tls_t).
67  */
68 #define CHANNEL_OBJECT_PRIVATE
69 #include "app/config/config.h"
71 #include "core/mainloop/mainloop.h"
73 #include "core/or/channel.h"
74 #include "core/or/channeltls.h"
75 #include "core/or/circuitbuild.h"
76 #include "core/or/circuitlist.h"
77 #include "core/or/circuituse.h"
79 #include "core/or/connection_or.h"
80 #include "core/or/dos.h"
81 #include "core/or/policies.h"
82 #include "core/or/reasons.h"
83 #include "core/or/relay.h"
84 #include "core/or/crypt_path.h"
85 #include "core/proto/proto_haproxy.h"
86 #include "core/proto/proto_http.h"
87 #include "core/proto/proto_socks.h"
88 #include "feature/client/dnsserv.h"
98 #include "feature/hs/hs_common.h"
99 #include "feature/hs/hs_ident.h"
102 #include "feature/relay/dns.h"
105 #include "feature/rend/rendclient.h"
106 #include "feature/rend/rendcommon.h"
107 #include "feature/stats/rephist.h"
109 #include "lib/geoip/geoip.h"
110 
111 #include "lib/cc/ctassert.h"
112 #include "lib/sandbox/sandbox.h"
113 #include "lib/net/buffers_net.h"
114 #include "lib/tls/tortls.h"
116 #include "lib/compress/compress.h"
117 
118 #ifdef HAVE_PWD_H
119 #include <pwd.h>
120 #endif
121 
122 #ifdef HAVE_UNISTD_H
123 #include <unistd.h>
124 #endif
125 #ifdef HAVE_SYS_STAT_H
126 #include <sys/stat.h>
127 #endif
128 
129 #ifdef HAVE_SYS_UN_H
130 #include <sys/socket.h>
131 #include <sys/un.h>
132 #endif
133 
139 #include "core/or/port_cfg_st.h"
142 
143 /**
144  * On Windows and Linux we cannot reliably bind() a socket to an
145  * address and port if: 1) There's already a socket bound to wildcard
146  * address (0.0.0.0 or ::) with the same port; 2) We try to bind()
147  * to wildcard address and there's another socket bound to a
148  * specific address and the same port.
149  *
150  * To address this problem on these two platforms we implement a
151  * routine that:
152  * 1) Checks if first attempt to bind() a new socket failed with
153  * EADDRINUSE.
154  * 2) If so, it will close the appropriate old listener connection and
155  * 3) Attempts bind()'ing the new listener socket again.
156  *
157  * Just to be safe, we are enabling listener rebind code on all platforms,
158  * to account for unexpected cases where it may be needed.
159  */
160 #define ENABLE_LISTENER_REBIND
161 
163  const struct sockaddr *listensockaddr,
164  socklen_t listensocklen, int type,
165  const char *address,
166  const port_cfg_t *portcfg,
167  int *addr_in_use);
169  const port_cfg_t *port,
170  int *defer, int *addr_in_use);
171 static void connection_init(time_t now, connection_t *conn, int type,
172  int socket_family);
173 static int connection_handle_listener_read(connection_t *conn, int new_type);
175 static int connection_flushed_some(connection_t *conn);
177 static int connection_reached_eof(connection_t *conn);
179  ssize_t *max_to_read,
180  int *socket_error);
181 static int connection_process_inbuf(connection_t *conn, int package_partial);
183 static void set_constrained_socket_buffers(tor_socket_t sock, int size);
184 
185 static const char *connection_proxy_state_to_string(int state);
188 static const char *proxy_type_to_string(int proxy_type);
189 static int conn_get_proxy_type(const connection_t *conn);
191  const or_options_t *options, unsigned int conn_type);
192 static void reenable_blocked_connection_init(const or_options_t *options);
193 static void reenable_blocked_connection_schedule(void);
194 
195 /** The last addresses that our network interface seemed to have been
196  * binding to. We use this as one way to detect when our IP changes.
197  *
198  * XXXX+ We should really use the entire list of interfaces here.
199  **/
201 /* DOCDOC last_interface_ipv6 */
202 static tor_addr_t *last_interface_ipv6 = NULL;
203 /** A list of tor_addr_t for addresses we've used in outgoing connections.
204  * Used to detect IP address changes. */
206 
207 #define CASE_ANY_LISTENER_TYPE \
208  case CONN_TYPE_OR_LISTENER: \
209  case CONN_TYPE_EXT_OR_LISTENER: \
210  case CONN_TYPE_AP_LISTENER: \
211  case CONN_TYPE_DIR_LISTENER: \
212  case CONN_TYPE_CONTROL_LISTENER: \
213  case CONN_TYPE_AP_TRANS_LISTENER: \
214  case CONN_TYPE_AP_NATD_LISTENER: \
215  case CONN_TYPE_AP_DNS_LISTENER: \
216  case CONN_TYPE_AP_HTTP_CONNECT_LISTENER
217 
218 /**************************************************************/
219 
220 /** Convert a connection_t* to an listener_connection_t*; assert if the cast
221  * is invalid. */
224 {
225  tor_assert(c->magic == LISTENER_CONNECTION_MAGIC);
226  return DOWNCAST(listener_connection_t, c);
227 }
228 
229 size_t
230 connection_get_inbuf_len(connection_t *conn)
231 {
232  return conn->inbuf ? buf_datalen(conn->inbuf) : 0;
233 }
234 
235 size_t
236 connection_get_outbuf_len(connection_t *conn)
237 {
238  return conn->outbuf ? buf_datalen(conn->outbuf) : 0;
239 }
240 
241 /**
242  * Return the human-readable name for the connection type <b>type</b>
243  */
244 const char *
246 {
247  static char buf[64];
248  switch (type) {
249  case CONN_TYPE_OR_LISTENER: return "OR listener";
250  case CONN_TYPE_OR: return "OR";
251  case CONN_TYPE_EXIT: return "Exit";
252  case CONN_TYPE_AP_LISTENER: return "Socks listener";
254  return "Transparent pf/netfilter listener";
255  case CONN_TYPE_AP_NATD_LISTENER: return "Transparent natd listener";
256  case CONN_TYPE_AP_DNS_LISTENER: return "DNS listener";
257  case CONN_TYPE_AP: return "Socks";
258  case CONN_TYPE_DIR_LISTENER: return "Directory listener";
259  case CONN_TYPE_DIR: return "Directory";
260  case CONN_TYPE_CONTROL_LISTENER: return "Control listener";
261  case CONN_TYPE_CONTROL: return "Control";
262  case CONN_TYPE_EXT_OR: return "Extended OR";
263  case CONN_TYPE_EXT_OR_LISTENER: return "Extended OR listener";
264  case CONN_TYPE_AP_HTTP_CONNECT_LISTENER: return "HTTP tunnel listener";
265  default:
266  log_warn(LD_BUG, "unknown connection type %d", type);
267  tor_snprintf(buf, sizeof(buf), "unknown [%d]", type);
268  return buf;
269  }
270 }
271 
272 /**
273  * Return the human-readable name for the connection state <b>state</b>
274  * for the connection type <b>type</b>
275  */
276 const char *
277 conn_state_to_string(int type, int state)
278 {
279  static char buf[96];
280  switch (type) {
281  CASE_ANY_LISTENER_TYPE:
282  if (state == LISTENER_STATE_READY)
283  return "ready";
284  break;
285  case CONN_TYPE_OR:
286  switch (state) {
287  case OR_CONN_STATE_CONNECTING: return "connect()ing";
288  case OR_CONN_STATE_PROXY_HANDSHAKING: return "handshaking (proxy)";
289  case OR_CONN_STATE_TLS_HANDSHAKING: return "handshaking (TLS)";
291  return "renegotiating (TLS, v2 handshake)";
293  return "waiting for renegotiation or V3 handshake";
295  return "handshaking (Tor, v2 handshake)";
297  return "handshaking (Tor, v3 handshake)";
298  case OR_CONN_STATE_OPEN: return "open";
299  }
300  break;
301  case CONN_TYPE_EXT_OR:
302  switch (state) {
304  return "waiting for authentication type";
306  return "waiting for client nonce";
308  return "waiting for client hash";
309  case EXT_OR_CONN_STATE_OPEN: return "open";
310  case EXT_OR_CONN_STATE_FLUSHING: return "flushing final OKAY";
311  }
312  break;
313  case CONN_TYPE_EXIT:
314  switch (state) {
315  case EXIT_CONN_STATE_RESOLVING: return "waiting for dest info";
316  case EXIT_CONN_STATE_CONNECTING: return "connecting";
317  case EXIT_CONN_STATE_OPEN: return "open";
318  case EXIT_CONN_STATE_RESOLVEFAILED: return "resolve failed";
319  }
320  break;
321  case CONN_TYPE_AP:
322  switch (state) {
323  case AP_CONN_STATE_SOCKS_WAIT: return "waiting for socks info";
324  case AP_CONN_STATE_NATD_WAIT: return "waiting for natd dest info";
325  case AP_CONN_STATE_RENDDESC_WAIT: return "waiting for rendezvous desc";
326  case AP_CONN_STATE_CONTROLLER_WAIT: return "waiting for controller";
327  case AP_CONN_STATE_CIRCUIT_WAIT: return "waiting for circuit";
328  case AP_CONN_STATE_CONNECT_WAIT: return "waiting for connect response";
329  case AP_CONN_STATE_RESOLVE_WAIT: return "waiting for resolve response";
330  case AP_CONN_STATE_OPEN: return "open";
331  }
332  break;
333  case CONN_TYPE_DIR:
334  switch (state) {
335  case DIR_CONN_STATE_CONNECTING: return "connecting";
336  case DIR_CONN_STATE_CLIENT_SENDING: return "client sending";
337  case DIR_CONN_STATE_CLIENT_READING: return "client reading";
338  case DIR_CONN_STATE_CLIENT_FINISHED: return "client finished";
339  case DIR_CONN_STATE_SERVER_COMMAND_WAIT: return "waiting for command";
340  case DIR_CONN_STATE_SERVER_WRITING: return "writing";
341  }
342  break;
343  case CONN_TYPE_CONTROL:
344  switch (state) {
345  case CONTROL_CONN_STATE_OPEN: return "open (protocol v1)";
347  return "waiting for authentication (protocol v1)";
348  }
349  break;
350  }
351 
352  log_warn(LD_BUG, "unknown connection state %d (type %d)", state, type);
353  tor_snprintf(buf, sizeof(buf),
354  "unknown state [%d] on unknown [%s] connection",
355  state, conn_type_to_string(type));
356  return buf;
357 }
358 
359 /** Allocate and return a new dir_connection_t, initialized as by
360  * connection_init(). */
362 dir_connection_new(int socket_family)
363 {
364  dir_connection_t *dir_conn = tor_malloc_zero(sizeof(dir_connection_t));
365  connection_init(time(NULL), TO_CONN(dir_conn), CONN_TYPE_DIR, socket_family);
366  return dir_conn;
367 }
368 
369 /** Allocate and return a new or_connection_t, initialized as by
370  * connection_init().
371  *
372  * Initialize active_circuit_pqueue.
373  *
374  * Set active_circuit_pqueue_last_recalibrated to current cell_ewma tick.
375  */
377 or_connection_new(int type, int socket_family)
378 {
379  or_connection_t *or_conn = tor_malloc_zero(sizeof(or_connection_t));
380  time_t now = time(NULL);
381  tor_assert(type == CONN_TYPE_OR || type == CONN_TYPE_EXT_OR);
382  connection_init(now, TO_CONN(or_conn), type, socket_family);
383 
384  connection_or_set_canonical(or_conn, 0);
385 
386  if (type == CONN_TYPE_EXT_OR)
388 
389  return or_conn;
390 }
391 
392 /** Allocate and return a new entry_connection_t, initialized as by
393  * connection_init().
394  *
395  * Allocate space to store the socks_request.
396  */
398 entry_connection_new(int type, int socket_family)
399 {
400  entry_connection_t *entry_conn = tor_malloc_zero(sizeof(entry_connection_t));
401  tor_assert(type == CONN_TYPE_AP);
402  connection_init(time(NULL), ENTRY_TO_CONN(entry_conn), type, socket_family);
403  entry_conn->socks_request = socks_request_new();
404  /* If this is coming from a listener, we'll set it up based on the listener
405  * in a little while. Otherwise, we're doing this as a linked connection
406  * of some kind, and we should set it up here based on the socket family */
407  if (socket_family == AF_INET)
408  entry_conn->entry_cfg.ipv4_traffic = 1;
409  else if (socket_family == AF_INET6)
410  entry_conn->entry_cfg.ipv6_traffic = 1;
411  return entry_conn;
412 }
413 
414 /** Allocate and return a new edge_connection_t, initialized as by
415  * connection_init(). */
417 edge_connection_new(int type, int socket_family)
418 {
419  edge_connection_t *edge_conn = tor_malloc_zero(sizeof(edge_connection_t));
420  tor_assert(type == CONN_TYPE_EXIT);
421  connection_init(time(NULL), TO_CONN(edge_conn), type, socket_family);
422  return edge_conn;
423 }
424 
425 /** Allocate and return a new control_connection_t, initialized as by
426  * connection_init(). */
428 control_connection_new(int socket_family)
429 {
430  control_connection_t *control_conn =
431  tor_malloc_zero(sizeof(control_connection_t));
432  connection_init(time(NULL),
433  TO_CONN(control_conn), CONN_TYPE_CONTROL, socket_family);
434  return control_conn;
435 }
436 
437 /** Allocate and return a new listener_connection_t, initialized as by
438  * connection_init(). */
440 listener_connection_new(int type, int socket_family)
441 {
442  listener_connection_t *listener_conn =
443  tor_malloc_zero(sizeof(listener_connection_t));
444  connection_init(time(NULL), TO_CONN(listener_conn), type, socket_family);
445  return listener_conn;
446 }
447 
448 /** Allocate, initialize, and return a new connection_t subtype of <b>type</b>
449  * to make or receive connections of address family <b>socket_family</b>. The
450  * type should be one of the CONN_TYPE_* constants. */
451 connection_t *
452 connection_new(int type, int socket_family)
453 {
454  switch (type) {
455  case CONN_TYPE_OR:
456  case CONN_TYPE_EXT_OR:
457  return TO_CONN(or_connection_new(type, socket_family));
458 
459  case CONN_TYPE_EXIT:
460  return TO_CONN(edge_connection_new(type, socket_family));
461 
462  case CONN_TYPE_AP:
463  return ENTRY_TO_CONN(entry_connection_new(type, socket_family));
464 
465  case CONN_TYPE_DIR:
466  return TO_CONN(dir_connection_new(socket_family));
467 
468  case CONN_TYPE_CONTROL:
469  return TO_CONN(control_connection_new(socket_family));
470 
471  CASE_ANY_LISTENER_TYPE:
472  return TO_CONN(listener_connection_new(type, socket_family));
473 
474  default: {
475  connection_t *conn = tor_malloc_zero(sizeof(connection_t));
476  connection_init(time(NULL), conn, type, socket_family);
477  return conn;
478  }
479  }
480 }
481 
482 /** Initializes conn. (you must call connection_add() to link it into the main
483  * array).
484  *
485  * Set conn->magic to the correct value.
486  *
487  * Set conn->type to <b>type</b>. Set conn->s and conn->conn_array_index to
488  * -1 to signify they are not yet assigned.
489  *
490  * Initialize conn's timestamps to now.
491  */
492 static void
493 connection_init(time_t now, connection_t *conn, int type, int socket_family)
494 {
495  static uint64_t n_connections_allocated = 1;
496 
497  switch (type) {
498  case CONN_TYPE_OR:
499  case CONN_TYPE_EXT_OR:
500  conn->magic = OR_CONNECTION_MAGIC;
501  break;
502  case CONN_TYPE_EXIT:
503  conn->magic = EDGE_CONNECTION_MAGIC;
504  break;
505  case CONN_TYPE_AP:
506  conn->magic = ENTRY_CONNECTION_MAGIC;
507  break;
508  case CONN_TYPE_DIR:
509  conn->magic = DIR_CONNECTION_MAGIC;
510  break;
511  case CONN_TYPE_CONTROL:
512  conn->magic = CONTROL_CONNECTION_MAGIC;
513  break;
514  CASE_ANY_LISTENER_TYPE:
515  conn->magic = LISTENER_CONNECTION_MAGIC;
516  break;
517  default:
518  conn->magic = BASE_CONNECTION_MAGIC;
519  break;
520  }
521 
522  conn->s = TOR_INVALID_SOCKET; /* give it a default of 'not used' */
523  conn->conn_array_index = -1; /* also default to 'not used' */
524  conn->global_identifier = n_connections_allocated++;
525 
526  conn->type = type;
527  conn->socket_family = socket_family;
528  if (!connection_is_listener(conn)) {
529  /* listeners never use their buf */
530  conn->inbuf = buf_new();
531  conn->outbuf = buf_new();
532  }
533 
534  conn->timestamp_created = now;
535  conn->timestamp_last_read_allowed = now;
536  conn->timestamp_last_write_allowed = now;
537 }
538 
539 /** Create a link between <b>conn_a</b> and <b>conn_b</b>. */
540 void
542 {
543  tor_assert(! SOCKET_OK(conn_a->s));
544  tor_assert(! SOCKET_OK(conn_b->s));
545 
546  conn_a->linked = 1;
547  conn_b->linked = 1;
548  conn_a->linked_conn = conn_b;
549  conn_b->linked_conn = conn_a;
550 }
551 
552 /** Return true iff the provided connection listener type supports AF_UNIX
553  * sockets. */
554 int
556 {
557  /* For now only control ports or SOCKS ports can be Unix domain sockets
558  * and listeners at the same time */
559  switch (type) {
562  return 1;
563  default:
564  return 0;
565  }
566 }
567 
568 /** Deallocate memory used by <b>conn</b>. Deallocate its buffers if
569  * necessary, close its socket if necessary, and mark the directory as dirty
570  * if <b>conn</b> is an OR or OP connection.
571  */
572 STATIC void
574 {
575  void *mem;
576  size_t memlen;
577  if (!conn)
578  return;
579 
580  switch (conn->type) {
581  case CONN_TYPE_OR:
582  case CONN_TYPE_EXT_OR:
583  tor_assert(conn->magic == OR_CONNECTION_MAGIC);
584  mem = TO_OR_CONN(conn);
585  memlen = sizeof(or_connection_t);
586  break;
587  case CONN_TYPE_AP:
588  tor_assert(conn->magic == ENTRY_CONNECTION_MAGIC);
589  mem = TO_ENTRY_CONN(conn);
590  memlen = sizeof(entry_connection_t);
591  break;
592  case CONN_TYPE_EXIT:
593  tor_assert(conn->magic == EDGE_CONNECTION_MAGIC);
594  mem = TO_EDGE_CONN(conn);
595  memlen = sizeof(edge_connection_t);
596  break;
597  case CONN_TYPE_DIR:
598  tor_assert(conn->magic == DIR_CONNECTION_MAGIC);
599  mem = TO_DIR_CONN(conn);
600  memlen = sizeof(dir_connection_t);
601  break;
602  case CONN_TYPE_CONTROL:
603  tor_assert(conn->magic == CONTROL_CONNECTION_MAGIC);
604  mem = TO_CONTROL_CONN(conn);
605  memlen = sizeof(control_connection_t);
606  break;
607  CASE_ANY_LISTENER_TYPE:
608  tor_assert(conn->magic == LISTENER_CONNECTION_MAGIC);
609  mem = TO_LISTENER_CONN(conn);
610  memlen = sizeof(listener_connection_t);
611  break;
612  default:
613  tor_assert(conn->magic == BASE_CONNECTION_MAGIC);
614  mem = conn;
615  memlen = sizeof(connection_t);
616  break;
617  }
618 
619  if (conn->linked) {
620  log_info(LD_GENERAL, "Freeing linked %s connection [%s] with %d "
621  "bytes on inbuf, %d on outbuf.",
622  conn_type_to_string(conn->type),
623  conn_state_to_string(conn->type, conn->state),
624  (int)connection_get_inbuf_len(conn),
625  (int)connection_get_outbuf_len(conn));
626  }
627 
628  if (!connection_is_listener(conn)) {
629  buf_free(conn->inbuf);
630  buf_free(conn->outbuf);
631  } else {
632  if (conn->socket_family == AF_UNIX) {
633  /* For now only control and SOCKS ports can be Unix domain sockets
634  * and listeners at the same time */
636 
637  if (unlink(conn->address) < 0 && errno != ENOENT) {
638  log_warn(LD_NET, "Could not unlink %s: %s", conn->address,
639  strerror(errno));
640  }
641  }
642  }
643 
644  tor_free(conn->address);
645 
646  if (connection_speaks_cells(conn)) {
647  or_connection_t *or_conn = TO_OR_CONN(conn);
648  if (or_conn->tls) {
649  if (! SOCKET_OK(conn->s)) {
650  /* The socket has been closed by somebody else; we must tell the
651  * TLS object not to close it. */
652  tor_tls_release_socket(or_conn->tls);
653  } else {
654  /* The tor_tls_free() call below will close the socket; we must tell
655  * the code below not to close it a second time. */
657  conn->s = TOR_INVALID_SOCKET;
658  }
659  tor_tls_free(or_conn->tls);
660  or_conn->tls = NULL;
661  }
662  or_handshake_state_free(or_conn->handshake_state);
663  or_conn->handshake_state = NULL;
664  tor_free(or_conn->nickname);
665  if (or_conn->chan) {
666  /* Owww, this shouldn't happen, but... */
667  channel_t *base_chan = TLS_CHAN_TO_BASE(or_conn->chan);
668  tor_assert(base_chan);
669  log_info(LD_CHANNEL,
670  "Freeing orconn at %p, saw channel %p with ID "
671  "%"PRIu64 " left un-NULLed",
672  or_conn, base_chan,
673  base_chan->global_identifier);
674  if (!CHANNEL_FINISHED(base_chan)) {
675  channel_close_for_error(base_chan);
676  }
677 
678  or_conn->chan->conn = NULL;
679  or_conn->chan = NULL;
680  }
681  }
682  if (conn->type == CONN_TYPE_AP) {
683  entry_connection_t *entry_conn = TO_ENTRY_CONN(conn);
684  tor_free(entry_conn->chosen_exit_name);
685  tor_free(entry_conn->original_dest_address);
686  if (entry_conn->socks_request)
687  socks_request_free(entry_conn->socks_request);
688  if (entry_conn->pending_optimistic_data) {
689  buf_free(entry_conn->pending_optimistic_data);
690  }
691  if (entry_conn->sending_optimistic_data) {
692  buf_free(entry_conn->sending_optimistic_data);
693  }
694  }
695  if (CONN_IS_EDGE(conn)) {
696  rend_data_free(TO_EDGE_CONN(conn)->rend_data);
697  hs_ident_edge_conn_free(TO_EDGE_CONN(conn)->hs_ident);
698  }
699  if (conn->type == CONN_TYPE_CONTROL) {
700  control_connection_t *control_conn = TO_CONTROL_CONN(conn);
701  tor_free(control_conn->safecookie_client_hash);
702  tor_free(control_conn->incoming_cmd);
703  tor_free(control_conn->current_cmd);
704  if (control_conn->ephemeral_onion_services) {
705  SMARTLIST_FOREACH(control_conn->ephemeral_onion_services, char *, cp, {
706  memwipe(cp, 0, strlen(cp));
707  tor_free(cp);
708  });
709  smartlist_free(control_conn->ephemeral_onion_services);
710  }
711  }
712 
713  /* Probably already freed by connection_free. */
714  tor_event_free(conn->read_event);
715  tor_event_free(conn->write_event);
716  conn->read_event = conn->write_event = NULL;
717 
718  if (conn->type == CONN_TYPE_DIR) {
719  dir_connection_t *dir_conn = TO_DIR_CONN(conn);
720  tor_free(dir_conn->requested_resource);
721 
722  tor_compress_free(dir_conn->compress_state);
723  dir_conn_clear_spool(dir_conn);
724 
725  rend_data_free(dir_conn->rend_data);
726  hs_ident_dir_conn_free(dir_conn->hs_ident);
727  if (dir_conn->guard_state) {
728  /* Cancel before freeing, if it's still there. */
729  entry_guard_cancel(&dir_conn->guard_state);
730  }
731  circuit_guard_state_free(dir_conn->guard_state);
732  }
733 
734  if (SOCKET_OK(conn->s)) {
735  log_debug(LD_NET,"closing fd %d.",(int)conn->s);
736  tor_close_socket(conn->s);
737  conn->s = TOR_INVALID_SOCKET;
738  }
739 
740  if (conn->type == CONN_TYPE_OR &&
741  !tor_digest_is_zero(TO_OR_CONN(conn)->identity_digest)) {
742  log_warn(LD_BUG, "called on OR conn with non-zeroed identity_digest");
744  }
745  if (conn->type == CONN_TYPE_OR || conn->type == CONN_TYPE_EXT_OR) {
747  tor_free(TO_OR_CONN(conn)->ext_or_conn_id);
748  tor_free(TO_OR_CONN(conn)->ext_or_auth_correct_client_hash);
749  tor_free(TO_OR_CONN(conn)->ext_or_transport);
750  }
751 
752  memwipe(mem, 0xCC, memlen); /* poison memory */
753  tor_free(mem);
754 }
755 
756 /** Make sure <b>conn</b> isn't in any of the global conn lists; then free it.
757  */
758 MOCK_IMPL(void,
760 {
761  if (!conn)
762  return;
765  if (BUG(conn->linked_conn)) {
766  conn->linked_conn->linked_conn = NULL;
767  if (! conn->linked_conn->marked_for_close &&
770  conn->linked_conn = NULL;
771  }
772  if (connection_speaks_cells(conn)) {
773  if (!tor_digest_is_zero(TO_OR_CONN(conn)->identity_digest)) {
775  }
776  }
777  if (conn->type == CONN_TYPE_CONTROL) {
779  }
780 #if 1
781  /* DEBUGGING */
782  if (conn->type == CONN_TYPE_AP) {
783  connection_ap_warn_and_unmark_if_pending_circ(TO_ENTRY_CONN(conn),
784  "connection_free");
785  }
786 #endif /* 1 */
787 
788  /* Notify the circuit creation DoS mitigation subsystem that an OR client
789  * connection has been closed. And only do that if we track it. */
790  if (conn->type == CONN_TYPE_OR) {
791  dos_close_client_conn(TO_OR_CONN(conn));
792  }
793 
796 }
797 
798 /**
799  * Called when we're about to finally unlink and free a connection:
800  * perform necessary accounting and cleanup
801  * - Directory conns that failed to fetch a rendezvous descriptor
802  * need to inform pending rendezvous streams.
803  * - OR conns need to call rep_hist_note_*() to record status.
804  * - AP conns need to send a socks reject if necessary.
805  * - Exit conns need to call connection_dns_remove() if necessary.
806  * - AP and Exit conns need to send an end cell if they can.
807  * - DNS conns need to fail any resolves that are pending on them.
808  * - OR and edge connections need to be unlinked from circuits.
809  */
810 void
812 {
814 
815  switch (conn->type) {
816  case CONN_TYPE_DIR:
818  break;
819  case CONN_TYPE_OR:
820  case CONN_TYPE_EXT_OR:
822  break;
823  case CONN_TYPE_AP:
824  connection_ap_about_to_close(TO_ENTRY_CONN(conn));
825  break;
826  case CONN_TYPE_EXIT:
828  break;
829  }
830 }
831 
832 /** Return true iff connection_close_immediate() has been called on this
833  * connection. */
834 #define CONN_IS_CLOSED(c) \
835  ((c)->linked ? ((c)->linked_conn_is_closed) : (! SOCKET_OK(c->s)))
836 
837 /** Close the underlying socket for <b>conn</b>, so we don't try to
838  * flush it. Must be used in conjunction with (right before)
839  * connection_mark_for_close().
840  */
841 void
843 {
844  assert_connection_ok(conn,0);
845  if (CONN_IS_CLOSED(conn)) {
846  log_err(LD_BUG,"Attempt to close already-closed connection.");
848  return;
849  }
850  if (conn->outbuf_flushlen) {
851  log_info(LD_NET,"fd %d, type %s, state %s, %d bytes on outbuf.",
852  (int)conn->s, conn_type_to_string(conn->type),
853  conn_state_to_string(conn->type, conn->state),
854  (int)conn->outbuf_flushlen);
855  }
856 
858 
859  /* Prevent the event from getting unblocked. */
860  conn->read_blocked_on_bw = 0;
861  conn->write_blocked_on_bw = 0;
862 
863  if (SOCKET_OK(conn->s))
864  tor_close_socket(conn->s);
865  conn->s = TOR_INVALID_SOCKET;
866  if (conn->linked)
867  conn->linked_conn_is_closed = 1;
868  if (conn->outbuf)
869  buf_clear(conn->outbuf);
870  conn->outbuf_flushlen = 0;
871 }
872 
873 /** Mark <b>conn</b> to be closed next time we loop through
874  * conn_close_if_marked() in main.c. */
875 void
876 connection_mark_for_close_(connection_t *conn, int line, const char *file)
877 {
878  assert_connection_ok(conn,0);
879  tor_assert(line);
880  tor_assert(line < 1<<16); /* marked_for_close can only fit a uint16_t. */
881  tor_assert(file);
882 
883  if (conn->type == CONN_TYPE_OR) {
884  /*
885  * An or_connection should have been closed through one of the channel-
886  * aware functions in connection_or.c. We'll assume this is an error
887  * close and do that, and log a bug warning.
888  */
889  log_warn(LD_CHANNEL | LD_BUG,
890  "Something tried to close an or_connection_t without going "
891  "through channels at %s:%d",
892  file, line);
894  } else {
895  /* Pass it down to the real function */
896  connection_mark_for_close_internal_(conn, line, file);
897  }
898 }
899 
900 /** Mark <b>conn</b> to be closed next time we loop through
901  * conn_close_if_marked() in main.c.
902  *
903  * This _internal version bypasses the CONN_TYPE_OR checks; this should be
904  * called when you either are sure that if this is an or_connection_t the
905  * controlling channel has been notified (e.g. with
906  * connection_or_notify_error()), or you actually are the
907  * connection_or_close_for_error() or connection_or_close_normally() function.
908  * For all other cases, use connection_mark_and_flush() which checks for
909  * or_connection_t properly, instead. See below.
910  *
911  * We want to keep this function simple and quick, since it can be called from
912  * quite deep in the call chain, and hence it should avoid having side-effects
913  * that interfere with its callers view of the connection.
914  */
915 MOCK_IMPL(void,
917  int line, const char *file))
918 {
919  assert_connection_ok(conn,0);
920  tor_assert(line);
921  tor_assert(line < 1<<16); /* marked_for_close can only fit a uint16_t. */
922  tor_assert(file);
923 
924  if (conn->marked_for_close) {
925  log_warn(LD_BUG,"Duplicate call to connection_mark_for_close at %s:%d"
926  " (first at %s:%d)", file, line, conn->marked_for_close_file,
927  conn->marked_for_close);
929  return;
930  }
931 
932  if (conn->type == CONN_TYPE_OR) {
933  /*
934  * Bad news if this happens without telling the controlling channel; do
935  * this so we can find things that call this wrongly when the asserts hit.
936  */
937  log_debug(LD_CHANNEL,
938  "Calling connection_mark_for_close_internal_() on an OR conn "
939  "at %s:%d",
940  file, line);
941  }
942 
943  conn->marked_for_close = line;
944  conn->marked_for_close_file = file;
946 
947  /* in case we're going to be held-open-til-flushed, reset
948  * the number of seconds since last successful write, so
949  * we get our whole 15 seconds */
950  conn->timestamp_last_write_allowed = time(NULL);
951 }
952 
953 /** Find each connection that has hold_open_until_flushed set to
954  * 1 but hasn't written in the past 15 seconds, and set
955  * hold_open_until_flushed to 0. This means it will get cleaned
956  * up in the next loop through close_if_marked() in main.c.
957  */
958 void
960 {
961  time_t now;
963 
964  now = time(NULL);
965 
966  SMARTLIST_FOREACH_BEGIN(conns, connection_t *, conn) {
967  /* If we've been holding the connection open, but we haven't written
968  * for 15 seconds...
969  */
970  if (conn->hold_open_until_flushed) {
972  if (now - conn->timestamp_last_write_allowed >= 15) {
973  int severity;
974  if (conn->type == CONN_TYPE_EXIT ||
975  (conn->type == CONN_TYPE_DIR &&
976  conn->purpose == DIR_PURPOSE_SERVER))
977  severity = LOG_INFO;
978  else
979  severity = LOG_NOTICE;
980  log_fn(severity, LD_NET,
981  "Giving up on marked_for_close conn that's been flushing "
982  "for 15s (fd %d, type %s, state %s).",
983  (int)conn->s, conn_type_to_string(conn->type),
984  conn_state_to_string(conn->type, conn->state));
985  conn->hold_open_until_flushed = 0;
986  }
987  }
988  } SMARTLIST_FOREACH_END(conn);
989 }
990 
991 #if defined(HAVE_SYS_UN_H) || defined(RUNNING_DOXYGEN)
992 /** Create an AF_UNIX listenaddr struct.
993  * <b>listenaddress</b> provides the path to the Unix socket.
994  *
995  * Eventually <b>listenaddress</b> will also optionally contain user, group,
996  * and file permissions for the new socket. But not yet. XXX
997  * Also, since we do not create the socket here the information doesn't help
998  * here.
999  *
1000  * If not NULL <b>readable_address</b> will contain a copy of the path part of
1001  * <b>listenaddress</b>.
1002  *
1003  * The listenaddr struct has to be freed by the caller.
1004  */
1005 static struct sockaddr_un *
1006 create_unix_sockaddr(const char *listenaddress, char **readable_address,
1007  socklen_t *len_out)
1008 {
1009  struct sockaddr_un *sockaddr = NULL;
1010 
1011  sockaddr = tor_malloc_zero(sizeof(struct sockaddr_un));
1012  sockaddr->sun_family = AF_UNIX;
1013  if (strlcpy(sockaddr->sun_path, listenaddress, sizeof(sockaddr->sun_path))
1014  >= sizeof(sockaddr->sun_path)) {
1015  log_warn(LD_CONFIG, "Unix socket path '%s' is too long to fit.",
1016  escaped(listenaddress));
1017  tor_free(sockaddr);
1018  return NULL;
1019  }
1020 
1021  if (readable_address)
1022  *readable_address = tor_strdup(listenaddress);
1023 
1024  *len_out = sizeof(struct sockaddr_un);
1025  return sockaddr;
1026 }
1027 #else /* !(defined(HAVE_SYS_UN_H) || defined(RUNNING_DOXYGEN)) */
1028 static struct sockaddr *
1029 create_unix_sockaddr(const char *listenaddress, char **readable_address,
1030  socklen_t *len_out)
1031 {
1032  (void)listenaddress;
1033  (void)readable_address;
1035  "Unix domain sockets not supported, yet we tried to create one.");
1036  *len_out = 0;
1038  return NULL;
1039 }
1040 #endif /* defined(HAVE_SYS_UN_H) || defined(RUNNING_DOXYGEN) */
1041 
1042 /** Warn that an accept or a connect has failed because we're running out of
1043  * TCP sockets we can use on current system. Rate-limit these warnings so
1044  * that we don't spam the log. */
1045 static void
1047 {
1048 #define WARN_TOO_MANY_CONNS_INTERVAL (6*60*60)
1049  static ratelim_t last_warned = RATELIM_INIT(WARN_TOO_MANY_CONNS_INTERVAL);
1050  char *m;
1051  if ((m = rate_limit_log(&last_warned, approx_time()))) {
1052  int n_conns = get_n_open_sockets();
1053  log_warn(LD_NET,"Failing because we have %d connections already. Please "
1054  "read doc/TUNING for guidance.%s", n_conns, m);
1055  tor_free(m);
1056  control_event_general_status(LOG_WARN, "TOO_MANY_CONNECTIONS CURRENT=%d",
1057  n_conns);
1058  }
1059 }
1060 
1061 #ifdef HAVE_SYS_UN_H
1062 
1063 #define UNIX_SOCKET_PURPOSE_CONTROL_SOCKET 0
1064 #define UNIX_SOCKET_PURPOSE_SOCKS_SOCKET 1
1065 
1066 /** Check if the purpose isn't one of the ones we know what to do with */
1067 
1068 static int
1069 is_valid_unix_socket_purpose(int purpose)
1070 {
1071  int valid = 0;
1072 
1073  switch (purpose) {
1074  case UNIX_SOCKET_PURPOSE_CONTROL_SOCKET:
1075  case UNIX_SOCKET_PURPOSE_SOCKS_SOCKET:
1076  valid = 1;
1077  break;
1078  }
1079 
1080  return valid;
1081 }
1082 
1083 /** Return a string description of a unix socket purpose */
1084 static const char *
1085 unix_socket_purpose_to_string(int purpose)
1086 {
1087  const char *s = "unknown-purpose socket";
1088 
1089  switch (purpose) {
1090  case UNIX_SOCKET_PURPOSE_CONTROL_SOCKET:
1091  s = "control socket";
1092  break;
1093  case UNIX_SOCKET_PURPOSE_SOCKS_SOCKET:
1094  s = "SOCKS socket";
1095  break;
1096  }
1097 
1098  return s;
1099 }
1100 
1101 /** Check whether we should be willing to open an AF_UNIX socket in
1102  * <b>path</b>. Return 0 if we should go ahead and -1 if we shouldn't. */
1103 static int
1104 check_location_for_unix_socket(const or_options_t *options, const char *path,
1105  int purpose, const port_cfg_t *port)
1106 {
1107  int r = -1;
1108  char *p = NULL;
1109 
1110  tor_assert(is_valid_unix_socket_purpose(purpose));
1111 
1112  p = tor_strdup(path);
1113  cpd_check_t flags = CPD_CHECK_MODE_ONLY;
1114  if (get_parent_directory(p)<0 || p[0] != '/') {
1115  log_warn(LD_GENERAL, "Bad unix socket address '%s'. Tor does not support "
1116  "relative paths for unix sockets.", path);
1117  goto done;
1118  }
1119 
1120  if (port->is_world_writable) {
1121  /* World-writable sockets can go anywhere. */
1122  r = 0;
1123  goto done;
1124  }
1125 
1126  if (port->is_group_writable) {
1127  flags |= CPD_GROUP_OK;
1128  }
1129 
1130  if (port->relax_dirmode_check) {
1131  flags |= CPD_RELAX_DIRMODE_CHECK;
1132  }
1133 
1134  if (check_private_dir(p, flags, options->User) < 0) {
1135  char *escpath, *escdir;
1136  escpath = esc_for_log(path);
1137  escdir = esc_for_log(p);
1138  log_warn(LD_GENERAL, "Before Tor can create a %s in %s, the directory "
1139  "%s needs to exist, and to be accessible only by the user%s "
1140  "account that is running Tor. (On some Unix systems, anybody "
1141  "who can list a socket can connect to it, so Tor is being "
1142  "careful.)",
1143  unix_socket_purpose_to_string(purpose), escpath, escdir,
1144  port->is_group_writable ? " and group" : "");
1145  tor_free(escpath);
1146  tor_free(escdir);
1147  goto done;
1148  }
1149 
1150  r = 0;
1151  done:
1152  tor_free(p);
1153  return r;
1154 }
1155 #endif /* defined(HAVE_SYS_UN_H) */
1156 
1157 /** Tell the TCP stack that it shouldn't wait for a long time after
1158  * <b>sock</b> has closed before reusing its port. Return 0 on success,
1159  * -1 on failure. */
1160 static int
1162 {
1163 #ifdef _WIN32
1164  (void) sock;
1165  return 0;
1166 #else
1167  int one=1;
1168 
1169  /* REUSEADDR on normal places means you can rebind to the port
1170  * right after somebody else has let it go. But REUSEADDR on win32
1171  * means you can bind to the port _even when somebody else
1172  * already has it bound_. So, don't do that on Win32. */
1173  if (setsockopt(sock, SOL_SOCKET, SO_REUSEADDR, (void*) &one,
1174  (socklen_t)sizeof(one)) == -1) {
1175  return -1;
1176  }
1177  return 0;
1178 #endif /* defined(_WIN32) */
1179 }
1180 
1181 #ifdef _WIN32
1182 /** Tell the Windows TCP stack to prevent other applications from receiving
1183  * traffic from tor's open ports. Return 0 on success, -1 on failure. */
1184 static int
1185 make_win32_socket_exclusive(tor_socket_t sock)
1186 {
1187 #ifdef SO_EXCLUSIVEADDRUSE
1188  int one=1;
1189 
1190  /* Any socket that sets REUSEADDR on win32 can bind to a port _even when
1191  * somebody else already has it bound_, and _even if the original socket
1192  * didn't set REUSEADDR_. Use EXCLUSIVEADDRUSE to prevent this port-stealing
1193  * on win32. */
1194  if (setsockopt(sock, SOL_SOCKET, SO_EXCLUSIVEADDRUSE, (void*) &one,
1195  (socklen_t)sizeof(one))) {
1196  return -1;
1197  }
1198  return 0;
1199 #else /* !defined(SO_EXCLUSIVEADDRUSE) */
1200  (void) sock;
1201  return 0;
1202 #endif /* defined(SO_EXCLUSIVEADDRUSE) */
1203 }
1204 #endif /* defined(_WIN32) */
1205 
1206 /** Max backlog to pass to listen. We start at */
1207 static int listen_limit = INT_MAX;
1208 
1209 /* Listen on <b>fd</b> with appropriate backlog. Return as for listen. */
1210 static int
1211 tor_listen(tor_socket_t fd)
1212 {
1213  int r;
1214 
1215  if ((r = listen(fd, listen_limit)) < 0) {
1216  if (listen_limit == SOMAXCONN)
1217  return r;
1218  if ((r = listen(fd, SOMAXCONN)) == 0) {
1219  listen_limit = SOMAXCONN;
1220  log_warn(LD_NET, "Setting listen backlog to INT_MAX connections "
1221  "didn't work, but SOMAXCONN did. Lowering backlog limit.");
1222  }
1223  }
1224  return r;
1225 }
1226 
1227 /** Bind a new non-blocking socket listening to the socket described
1228  * by <b>listensockaddr</b>.
1229  *
1230  * <b>address</b> is only used for logging purposes and to add the information
1231  * to the conn.
1232  *
1233  * Set <b>addr_in_use</b> to true in case socket binding fails with
1234  * EADDRINUSE.
1235  */
1236 static connection_t *
1237 connection_listener_new(const struct sockaddr *listensockaddr,
1238  socklen_t socklen,
1239  int type, const char *address,
1240  const port_cfg_t *port_cfg,
1241  int *addr_in_use)
1242 {
1243  listener_connection_t *lis_conn;
1244  connection_t *conn = NULL;
1245  tor_socket_t s = TOR_INVALID_SOCKET; /* the socket we're going to make */
1246  or_options_t const *options = get_options();
1247  (void) options; /* Windows doesn't use this. */
1248 #if defined(HAVE_PWD_H) && defined(HAVE_SYS_UN_H)
1249  const struct passwd *pw = NULL;
1250 #endif
1251  uint16_t usePort = 0, gotPort = 0;
1252  int start_reading = 0;
1253  static int global_next_session_group = SESSION_GROUP_FIRST_AUTO;
1254  tor_addr_t addr;
1255  int exhaustion = 0;
1256 
1257  if (addr_in_use)
1258  *addr_in_use = 0;
1259 
1260  if (listensockaddr->sa_family == AF_INET ||
1261  listensockaddr->sa_family == AF_INET6) {
1262  int is_stream = (type != CONN_TYPE_AP_DNS_LISTENER);
1263  if (is_stream)
1264  start_reading = 1;
1265 
1266  tor_addr_from_sockaddr(&addr, listensockaddr, &usePort);
1267  log_notice(LD_NET, "Opening %s on %s",
1268  conn_type_to_string(type), fmt_addrport(&addr, usePort));
1269 
1271  is_stream ? SOCK_STREAM : SOCK_DGRAM,
1272  is_stream ? IPPROTO_TCP: IPPROTO_UDP);
1273  if (!SOCKET_OK(s)) {
1274  int e = tor_socket_errno(s);
1275  if (ERRNO_IS_RESOURCE_LIMIT(e)) {
1277  /*
1278  * We'll call the OOS handler at the error exit, so set the
1279  * exhaustion flag for it.
1280  */
1281  exhaustion = 1;
1282  } else {
1283  log_warn(LD_NET, "Socket creation failed: %s",
1284  tor_socket_strerror(e));
1285  }
1286  goto err;
1287  }
1288 
1289  if (make_socket_reuseable(s) < 0) {
1290  log_warn(LD_NET, "Error setting SO_REUSEADDR flag on %s: %s",
1291  conn_type_to_string(type),
1292  tor_socket_strerror(errno));
1293  }
1294 
1295 #ifdef _WIN32
1296  if (make_win32_socket_exclusive(s) < 0) {
1297  log_warn(LD_NET, "Error setting SO_EXCLUSIVEADDRUSE flag on %s: %s",
1298  conn_type_to_string(type),
1299  tor_socket_strerror(errno));
1300  }
1301 #endif /* defined(_WIN32) */
1302 
1303 #if defined(USE_TRANSPARENT) && defined(IP_TRANSPARENT)
1304  if (options->TransProxyType_parsed == TPT_TPROXY &&
1305  type == CONN_TYPE_AP_TRANS_LISTENER) {
1306  int one = 1;
1307  if (setsockopt(s, SOL_IP, IP_TRANSPARENT, (void*)&one,
1308  (socklen_t)sizeof(one)) < 0) {
1309  const char *extra = "";
1310  int e = tor_socket_errno(s);
1311  if (e == EPERM)
1312  extra = "TransTPROXY requires root privileges or similar"
1313  " capabilities.";
1314  log_warn(LD_NET, "Error setting IP_TRANSPARENT flag: %s.%s",
1315  tor_socket_strerror(e), extra);
1316  }
1317  }
1318 #endif /* defined(USE_TRANSPARENT) && defined(IP_TRANSPARENT) */
1319 
1320 #ifdef IPV6_V6ONLY
1321  if (listensockaddr->sa_family == AF_INET6) {
1322  int one = 1;
1323  /* We need to set IPV6_V6ONLY so that this socket can't get used for
1324  * IPv4 connections. */
1325  if (setsockopt(s,IPPROTO_IPV6, IPV6_V6ONLY,
1326  (void*)&one, (socklen_t)sizeof(one)) < 0) {
1327  int e = tor_socket_errno(s);
1328  log_warn(LD_NET, "Error setting IPV6_V6ONLY flag: %s",
1329  tor_socket_strerror(e));
1330  /* Keep going; probably not harmful. */
1331  }
1332  }
1333 #endif /* defined(IPV6_V6ONLY) */
1334 
1335  if (bind(s,listensockaddr,socklen) < 0) {
1336  const char *helpfulhint = "";
1337  int e = tor_socket_errno(s);
1338  if (ERRNO_IS_EADDRINUSE(e)) {
1339  helpfulhint = ". Is Tor already running?";
1340  if (addr_in_use)
1341  *addr_in_use = 1;
1342  }
1343  log_warn(LD_NET, "Could not bind to %s:%u: %s%s", address, usePort,
1344  tor_socket_strerror(e), helpfulhint);
1345  goto err;
1346  }
1347 
1348  if (is_stream) {
1349  if (tor_listen(s) < 0) {
1350  log_warn(LD_NET, "Could not listen on %s:%u: %s", address, usePort,
1351  tor_socket_strerror(tor_socket_errno(s)));
1352  goto err;
1353  }
1354  }
1355 
1356  if (usePort != 0) {
1357  gotPort = usePort;
1358  } else {
1359  tor_addr_t addr2;
1360  struct sockaddr_storage ss;
1361  socklen_t ss_len=sizeof(ss);
1362  if (getsockname(s, (struct sockaddr*)&ss, &ss_len)<0) {
1363  log_warn(LD_NET, "getsockname() couldn't learn address for %s: %s",
1364  conn_type_to_string(type),
1365  tor_socket_strerror(tor_socket_errno(s)));
1366  gotPort = 0;
1367  }
1368  tor_addr_from_sockaddr(&addr2, (struct sockaddr*)&ss, &gotPort);
1369  }
1370 #ifdef HAVE_SYS_UN_H
1371  /*
1372  * AF_UNIX generic setup stuff
1373  */
1374  } else if (listensockaddr->sa_family == AF_UNIX) {
1375  /* We want to start reading for both AF_UNIX cases */
1376  start_reading = 1;
1377 
1379 
1380  if (check_location_for_unix_socket(options, address,
1381  (type == CONN_TYPE_CONTROL_LISTENER) ?
1382  UNIX_SOCKET_PURPOSE_CONTROL_SOCKET :
1383  UNIX_SOCKET_PURPOSE_SOCKS_SOCKET, port_cfg) < 0) {
1384  goto err;
1385  }
1386 
1387  log_notice(LD_NET, "Opening %s on %s",
1388  conn_type_to_string(type), address);
1389 
1390  tor_addr_make_unspec(&addr);
1391 
1392  if (unlink(address) < 0 && errno != ENOENT) {
1393  log_warn(LD_NET, "Could not unlink %s: %s", address,
1394  strerror(errno));
1395  goto err;
1396  }
1397 
1398  s = tor_open_socket_nonblocking(AF_UNIX, SOCK_STREAM, 0);
1399  if (! SOCKET_OK(s)) {
1400  int e = tor_socket_errno(s);
1401  if (ERRNO_IS_RESOURCE_LIMIT(e)) {
1403  /*
1404  * We'll call the OOS handler at the error exit, so set the
1405  * exhaustion flag for it.
1406  */
1407  exhaustion = 1;
1408  } else {
1409  log_warn(LD_NET,"Socket creation failed: %s.", strerror(e));
1410  }
1411  goto err;
1412  }
1413 
1414  if (bind(s, listensockaddr,
1415  (socklen_t)sizeof(struct sockaddr_un)) == -1) {
1416  log_warn(LD_NET,"Bind to %s failed: %s.", address,
1417  tor_socket_strerror(tor_socket_errno(s)));
1418  goto err;
1419  }
1420 
1421 #ifdef HAVE_PWD_H
1422  if (options->User) {
1423  pw = tor_getpwnam(options->User);
1424  struct stat st;
1425  if (pw == NULL) {
1426  log_warn(LD_NET,"Unable to chown() %s socket: user %s not found.",
1427  address, options->User);
1428  goto err;
1429  } else if (fstat(s, &st) == 0 &&
1430  st.st_uid == pw->pw_uid && st.st_gid == pw->pw_gid) {
1431  /* No change needed */
1432  } else if (chown(sandbox_intern_string(address),
1433  pw->pw_uid, pw->pw_gid) < 0) {
1434  log_warn(LD_NET,"Unable to chown() %s socket: %s.",
1435  address, strerror(errno));
1436  goto err;
1437  }
1438  }
1439 #endif /* defined(HAVE_PWD_H) */
1440 
1441  {
1442  unsigned mode;
1443  const char *status;
1444  struct stat st;
1445  if (port_cfg->is_world_writable) {
1446  mode = 0666;
1447  status = "world-writable";
1448  } else if (port_cfg->is_group_writable) {
1449  mode = 0660;
1450  status = "group-writable";
1451  } else {
1452  mode = 0600;
1453  status = "private";
1454  }
1455  /* We need to use chmod; fchmod doesn't work on sockets on all
1456  * platforms. */
1457  if (fstat(s, &st) == 0 && (st.st_mode & 0777) == mode) {
1458  /* no change needed */
1459  } else if (chmod(sandbox_intern_string(address), mode) < 0) {
1460  log_warn(LD_FS,"Unable to make %s %s.", address, status);
1461  goto err;
1462  }
1463  }
1464 
1465  if (listen(s, SOMAXCONN) < 0) {
1466  log_warn(LD_NET, "Could not listen on %s: %s", address,
1467  tor_socket_strerror(tor_socket_errno(s)));
1468  goto err;
1469  }
1470 
1471 #ifndef __APPLE__
1472  /* This code was introduced to help debug #28229. */
1473  int value;
1474  socklen_t len = sizeof(value);
1475 
1476  if (!getsockopt(s, SOL_SOCKET, SO_ACCEPTCONN, &value, &len)) {
1477  if (value == 0) {
1478  log_err(LD_NET, "Could not listen on %s - "
1479  "getsockopt(.,SO_ACCEPTCONN,.) yields 0.", address);
1480  goto err;
1481  }
1482  }
1483 #endif /* !defined(__APPLE__) */
1484 #endif /* defined(HAVE_SYS_UN_H) */
1485  } else {
1486  log_err(LD_BUG, "Got unexpected address family %d.",
1487  listensockaddr->sa_family);
1488  tor_assert(0);
1489  }
1490 
1491  lis_conn = listener_connection_new(type, listensockaddr->sa_family);
1492  conn = TO_CONN(lis_conn);
1493  conn->socket_family = listensockaddr->sa_family;
1494  conn->s = s;
1495  s = TOR_INVALID_SOCKET; /* Prevent double-close */
1496  conn->address = tor_strdup(address);
1497  conn->port = gotPort;
1498  tor_addr_copy(&conn->addr, &addr);
1499 
1500  memcpy(&lis_conn->entry_cfg, &port_cfg->entry_cfg, sizeof(entry_port_cfg_t));
1501 
1502  if (port_cfg->entry_cfg.isolation_flags) {
1503  lis_conn->entry_cfg.isolation_flags = port_cfg->entry_cfg.isolation_flags;
1504  if (port_cfg->entry_cfg.session_group >= 0) {
1505  lis_conn->entry_cfg.session_group = port_cfg->entry_cfg.session_group;
1506  } else {
1507  /* This can wrap after around INT_MAX listeners are opened. But I don't
1508  * believe that matters, since you would need to open a ridiculous
1509  * number of listeners while keeping the early ones open before you ever
1510  * hit this. An OR with a dozen ports open, for example, would have to
1511  * close and re-open its listeners every second for 4 years nonstop.
1512  */
1513  lis_conn->entry_cfg.session_group = global_next_session_group--;
1514  }
1515  }
1516 
1517  /* Force IPv4 and IPv6 traffic on for non-SOCKSPorts.
1518  * Forcing options on isn't a good idea, see #32994 and #33607. */
1519  if (type != CONN_TYPE_AP_LISTENER) {
1520  lis_conn->entry_cfg.ipv4_traffic = 1;
1521  lis_conn->entry_cfg.ipv6_traffic = 1;
1522  }
1523 
1524  if (connection_add(conn) < 0) { /* no space, forget it */
1525  log_warn(LD_NET,"connection_add for listener failed. Giving up.");
1526  goto err;
1527  }
1528 
1529  log_fn(usePort==gotPort ? LOG_DEBUG : LOG_NOTICE, LD_NET,
1530  "%s listening on port %u.",
1531  conn_type_to_string(type), gotPort);
1532 
1533  conn->state = LISTENER_STATE_READY;
1534  if (start_reading) {
1536  } else {
1539  }
1540 
1541  /*
1542  * Normal exit; call the OOS handler since connection count just changed;
1543  * the exhaustion flag will always be zero here though.
1544  */
1546 
1547  if (conn->socket_family == AF_UNIX) {
1548  log_notice(LD_NET, "Opened %s on %s",
1549  conn_type_to_string(type), conn->address);
1550  } else {
1551  log_notice(LD_NET, "Opened %s on %s",
1552  conn_type_to_string(type), fmt_addrport(&addr, gotPort));
1553  }
1554  return conn;
1555 
1556  err:
1557  if (SOCKET_OK(s))
1558  tor_close_socket(s);
1559  if (conn)
1560  connection_free(conn);
1561 
1562  /* Call the OOS handler, indicate if we saw an exhaustion-related error */
1564 
1565  return NULL;
1566 }
1567 
1568 /**
1569  * Create a new listener connection for a given <b>port</b>. In case we
1570  * for a reason that is not an error condition, set <b>defer</b>
1571  * to true. If we cannot bind listening socket because address is already
1572  * in use, set <b>addr_in_use</b> to true.
1573  */
1574 static connection_t *
1576  int *defer, int *addr_in_use)
1577 {
1578  connection_t *conn;
1579  struct sockaddr *listensockaddr;
1580  socklen_t listensocklen = 0;
1581  char *address=NULL;
1582  int real_port = port->port == CFG_AUTO_PORT ? 0 : port->port;
1583  tor_assert(real_port <= UINT16_MAX);
1584 
1585  if (defer)
1586  *defer = 0;
1587 
1588  if (port->server_cfg.no_listen) {
1589  if (defer)
1590  *defer = 1;
1591  return NULL;
1592  }
1593 
1594 #ifndef _WIN32
1595  /* We don't need to be root to create a UNIX socket, so defer until after
1596  * setuid. */
1597  const or_options_t *options = get_options();
1598  if (port->is_unix_addr && !geteuid() && (options->User) &&
1599  strcmp(options->User, "root")) {
1600  if (defer)
1601  *defer = 1;
1602  return NULL;
1603  }
1604 #endif /* !defined(_WIN32) */
1605 
1606  if (port->is_unix_addr) {
1607  listensockaddr = (struct sockaddr *)
1608  create_unix_sockaddr(port->unix_addr,
1609  &address, &listensocklen);
1610  } else {
1611  listensockaddr = tor_malloc(sizeof(struct sockaddr_storage));
1612  listensocklen = tor_addr_to_sockaddr(&port->addr,
1613  real_port,
1614  listensockaddr,
1615  sizeof(struct sockaddr_storage));
1616  address = tor_addr_to_str_dup(&port->addr);
1617  }
1618 
1619  if (listensockaddr) {
1620  conn = connection_listener_new(listensockaddr, listensocklen,
1621  port->type, address, port,
1622  addr_in_use);
1623  tor_free(listensockaddr);
1624  tor_free(address);
1625  } else {
1626  conn = NULL;
1627  }
1628 
1629  return conn;
1630 }
1631 
1632 /** Do basic sanity checking on a newly received socket. Return 0
1633  * if it looks ok, else return -1.
1634  *
1635  * Notably, some TCP stacks can erroneously have accept() return successfully
1636  * with socklen 0, when the client sends an RST before the accept call (as
1637  * nmap does). We want to detect that, and not go on with the connection.
1638  */
1639 static int
1640 check_sockaddr(const struct sockaddr *sa, int len, int level)
1641 {
1642  int ok = 1;
1643 
1644  if (sa->sa_family == AF_INET) {
1645  struct sockaddr_in *sin=(struct sockaddr_in*)sa;
1646  if (len != sizeof(struct sockaddr_in)) {
1647  log_fn(level, LD_NET, "Length of address not as expected: %d vs %d",
1648  len,(int)sizeof(struct sockaddr_in));
1649  ok = 0;
1650  }
1651  if (sin->sin_addr.s_addr == 0 || sin->sin_port == 0) {
1652  log_fn(level, LD_NET,
1653  "Address for new connection has address/port equal to zero.");
1654  ok = 0;
1655  }
1656  } else if (sa->sa_family == AF_INET6) {
1657  struct sockaddr_in6 *sin6=(struct sockaddr_in6*)sa;
1658  if (len != sizeof(struct sockaddr_in6)) {
1659  log_fn(level, LD_NET, "Length of address not as expected: %d vs %d",
1660  len,(int)sizeof(struct sockaddr_in6));
1661  ok = 0;
1662  }
1663  if (fast_mem_is_zero((void*)sin6->sin6_addr.s6_addr, 16) ||
1664  sin6->sin6_port == 0) {
1665  log_fn(level, LD_NET,
1666  "Address for new connection has address/port equal to zero.");
1667  ok = 0;
1668  }
1669  } else if (sa->sa_family == AF_UNIX) {
1670  ok = 1;
1671  } else {
1672  ok = 0;
1673  }
1674  return ok ? 0 : -1;
1675 }
1676 
1677 /** Check whether the socket family from an accepted socket <b>got</b> is the
1678  * same as the one that <b>listener</b> is waiting for. If it isn't, log
1679  * a useful message and return -1. Else return 0.
1680  *
1681  * This is annoying, but can apparently happen on some Darwins. */
1682 static int
1684 {
1685  if (got != listener->socket_family) {
1686  log_info(LD_BUG, "A listener connection returned a socket with a "
1687  "mismatched family. %s for addr_family %d gave us a socket "
1688  "with address family %d. Dropping.",
1689  conn_type_to_string(listener->type),
1690  (int)listener->socket_family,
1691  (int)got);
1692  return -1;
1693  }
1694  return 0;
1695 }
1696 
1697 /** The listener connection <b>conn</b> told poll() it wanted to read.
1698  * Call accept() on conn->s, and add the new connection if necessary.
1699  */
1700 static int
1702 {
1703  tor_socket_t news; /* the new socket */
1704  connection_t *newconn = 0;
1705  /* information about the remote peer when connecting to other routers */
1706  struct sockaddr_storage addrbuf;
1707  struct sockaddr *remote = (struct sockaddr*)&addrbuf;
1708  /* length of the remote address. Must be whatever accept() needs. */
1709  socklen_t remotelen = (socklen_t)sizeof(addrbuf);
1710  const or_options_t *options = get_options();
1711 
1712  tor_assert((size_t)remotelen >= sizeof(struct sockaddr_in));
1713  memset(&addrbuf, 0, sizeof(addrbuf));
1714 
1715  news = tor_accept_socket_nonblocking(conn->s,remote,&remotelen);
1716  if (!SOCKET_OK(news)) { /* accept() error */
1717  int e = tor_socket_errno(conn->s);
1718  if (ERRNO_IS_ACCEPT_EAGAIN(e)) {
1719  /*
1720  * they hung up before we could accept(). that's fine.
1721  *
1722  * give the OOS handler a chance to run though
1723  */
1725  return 0;
1726  } else if (ERRNO_IS_RESOURCE_LIMIT(e)) {
1728  /* Exhaustion; tell the OOS handler */
1730  return 0;
1731  }
1732  /* else there was a real error. */
1733  log_warn(LD_NET,"accept() failed: %s. Closing listener.",
1734  tor_socket_strerror(e));
1735  connection_mark_for_close(conn);
1736  /* Tell the OOS handler about this too */
1738  return -1;
1739  }
1740  log_debug(LD_NET,
1741  "Connection accepted on socket %d (child of fd %d).",
1742  (int)news,(int)conn->s);
1743 
1744  /* We accepted a new conn; run OOS handler */
1746 
1747  if (make_socket_reuseable(news) < 0) {
1748  if (tor_socket_errno(news) == EINVAL) {
1749  /* This can happen on OSX if we get a badly timed shutdown. */
1750  log_debug(LD_NET, "make_socket_reuseable returned EINVAL");
1751  } else {
1752  log_warn(LD_NET, "Error setting SO_REUSEADDR flag on %s: %s",
1753  conn_type_to_string(new_type),
1754  tor_socket_strerror(errno));
1755  }
1756  tor_close_socket(news);
1757  return 0;
1758  }
1759 
1760  if (options->ConstrainedSockets)
1762 
1763  if (check_sockaddr_family_match(remote->sa_family, conn) < 0) {
1764  tor_close_socket(news);
1765  return 0;
1766  }
1767 
1768  if (conn->socket_family == AF_INET || conn->socket_family == AF_INET6 ||
1769  (conn->socket_family == AF_UNIX && new_type == CONN_TYPE_AP)) {
1770  tor_addr_t addr;
1771  uint16_t port;
1772  if (check_sockaddr(remote, remotelen, LOG_INFO)<0) {
1773  log_info(LD_NET,
1774  "accept() returned a strange address; closing connection.");
1775  tor_close_socket(news);
1776  return 0;
1777  }
1778 
1779  tor_addr_from_sockaddr(&addr, remote, &port);
1780 
1781  /* process entrance policies here, before we even create the connection */
1782  if (new_type == CONN_TYPE_AP) {
1783  /* check sockspolicy to see if we should accept it */
1784  if (socks_policy_permits_address(&addr) == 0) {
1785  log_notice(LD_APP,
1786  "Denying socks connection from untrusted address %s.",
1787  fmt_and_decorate_addr(&addr));
1788  tor_close_socket(news);
1789  return 0;
1790  }
1791  }
1792  if (new_type == CONN_TYPE_DIR) {
1793  /* check dirpolicy to see if we should accept it */
1794  if (dir_policy_permits_address(&addr) == 0) {
1795  log_notice(LD_DIRSERV,"Denying dir connection from address %s.",
1796  fmt_and_decorate_addr(&addr));
1797  tor_close_socket(news);
1798  return 0;
1799  }
1800  }
1801  if (new_type == CONN_TYPE_OR) {
1802  /* Assess with the connection DoS mitigation subsystem if this address
1803  * can open a new connection. */
1804  if (dos_conn_addr_get_defense_type(&addr) == DOS_CONN_DEFENSE_CLOSE) {
1805  tor_close_socket(news);
1806  return 0;
1807  }
1808  }
1809 
1810  newconn = connection_new(new_type, conn->socket_family);
1811  newconn->s = news;
1812 
1813  /* remember the remote address */
1814  tor_addr_copy(&newconn->addr, &addr);
1815  if (new_type == CONN_TYPE_AP && conn->socket_family == AF_UNIX) {
1816  newconn->port = 0;
1817  newconn->address = tor_strdup(conn->address);
1818  } else {
1819  newconn->port = port;
1820  newconn->address = tor_addr_to_str_dup(&addr);
1821  }
1822 
1823  if (new_type == CONN_TYPE_AP && conn->socket_family != AF_UNIX) {
1824  log_info(LD_NET, "New SOCKS connection opened from %s.",
1825  fmt_and_decorate_addr(&addr));
1826  }
1827  if (new_type == CONN_TYPE_AP && conn->socket_family == AF_UNIX) {
1828  log_info(LD_NET, "New SOCKS AF_UNIX connection opened");
1829  }
1830  if (new_type == CONN_TYPE_CONTROL) {
1831  log_notice(LD_CONTROL, "New control connection opened from %s.",
1832  fmt_and_decorate_addr(&addr));
1833  }
1834 
1835  } else if (conn->socket_family == AF_UNIX && conn->type != CONN_TYPE_AP) {
1837  tor_assert(new_type == CONN_TYPE_CONTROL);
1838  log_notice(LD_CONTROL, "New control connection opened.");
1839 
1840  newconn = connection_new(new_type, conn->socket_family);
1841  newconn->s = news;
1842 
1843  /* remember the remote address -- do we have anything sane to put here? */
1844  tor_addr_make_unspec(&newconn->addr);
1845  newconn->port = 1;
1846  newconn->address = tor_strdup(conn->address);
1847  } else {
1848  tor_assert(0);
1849  };
1850 
1851  if (connection_add(newconn) < 0) { /* no space, forget it */
1852  connection_free(newconn);
1853  return 0; /* no need to tear down the parent */
1854  }
1855 
1856  if (connection_init_accepted_conn(newconn, TO_LISTENER_CONN(conn)) < 0) {
1857  if (! newconn->marked_for_close)
1858  connection_mark_for_close(newconn);
1859  return 0;
1860  }
1861  return 0;
1862 }
1863 
1864 /** Initialize states for newly accepted connection <b>conn</b>.
1865  *
1866  * If conn is an OR, start the TLS handshake.
1867  *
1868  * If conn is a transparent AP, get its original destination
1869  * and place it in circuit_wait.
1870  *
1871  * The <b>listener</b> parameter is only used for AP connections.
1872  */
1873 int
1875  const listener_connection_t *listener)
1876 {
1877  int rv;
1878 
1880 
1881  switch (conn->type) {
1882  case CONN_TYPE_EXT_OR:
1883  /* Initiate Extended ORPort authentication. */
1885  case CONN_TYPE_OR:
1886  connection_or_event_status(TO_OR_CONN(conn), OR_CONN_EVENT_NEW, 0);
1888  if (rv < 0) {
1890  }
1891  return rv;
1892  break;
1893  case CONN_TYPE_AP:
1894  memcpy(&TO_ENTRY_CONN(conn)->entry_cfg, &listener->entry_cfg,
1895  sizeof(entry_port_cfg_t));
1896  TO_ENTRY_CONN(conn)->nym_epoch = get_signewnym_epoch();
1897  TO_ENTRY_CONN(conn)->socks_request->listener_type = listener->base_.type;
1898 
1899  /* Any incoming connection on an entry port counts as user activity. */
1901 
1902  switch (TO_CONN(listener)->type) {
1903  case CONN_TYPE_AP_LISTENER:
1905  TO_ENTRY_CONN(conn)->socks_request->socks_prefer_no_auth =
1906  listener->entry_cfg.socks_prefer_no_auth;
1907  TO_ENTRY_CONN(conn)->socks_request->socks_use_extended_errors =
1908  listener->entry_cfg.extended_socks5_codes;
1909  break;
1911  TO_ENTRY_CONN(conn)->is_transparent_ap = 1;
1912  /* XXXX028 -- is this correct still, with the addition of
1913  * pending_entry_connections ? */
1915  return connection_ap_process_transparent(TO_ENTRY_CONN(conn));
1917  TO_ENTRY_CONN(conn)->is_transparent_ap = 1;
1919  break;
1922  }
1923  break;
1924  case CONN_TYPE_DIR:
1925  conn->purpose = DIR_PURPOSE_SERVER;
1927  break;
1928  case CONN_TYPE_CONTROL:
1930  break;
1931  }
1932  return 0;
1933 }
1934 
1935 /** Take conn, make a nonblocking socket; try to connect to
1936  * sa, binding to bindaddr if sa is not localhost. If fail, return -1 and if
1937  * applicable put your best guess about errno into *<b>socket_error</b>.
1938  * If connected return 1, if EAGAIN return 0.
1939  */
1940 MOCK_IMPL(STATIC int,
1942  const struct sockaddr *sa,
1943  socklen_t sa_len,
1944  const struct sockaddr *bindaddr,
1945  socklen_t bindaddr_len,
1946  int *socket_error))
1947 {
1948  tor_socket_t s;
1949  int inprogress = 0;
1950  const or_options_t *options = get_options();
1951 
1952  tor_assert(conn);
1953  tor_assert(sa);
1954  tor_assert(socket_error);
1955 
1957  /* We should never even try to connect anyplace if the network is
1958  * completely shut off.
1959  *
1960  * (We don't check net_is_disabled() here, since we still sometimes
1961  * want to open connections when we're in soft hibernation.)
1962  */
1963  static ratelim_t disablenet_violated = RATELIM_INIT(30*60);
1964  *socket_error = SOCK_ERRNO(ENETUNREACH);
1965  log_fn_ratelim(&disablenet_violated, LOG_WARN, LD_BUG,
1966  "Tried to open a socket with DisableNetwork set.");
1968  return -1;
1969  }
1970 
1971  const int protocol_family = sa->sa_family;
1972  const int proto = (sa->sa_family == AF_INET6 ||
1973  sa->sa_family == AF_INET) ? IPPROTO_TCP : 0;
1974 
1975  s = tor_open_socket_nonblocking(protocol_family, SOCK_STREAM, proto);
1976  if (! SOCKET_OK(s)) {
1977  /*
1978  * Early OOS handler calls; it matters if it's an exhaustion-related
1979  * error or not.
1980  */
1981  *socket_error = tor_socket_errno(s);
1982  if (ERRNO_IS_RESOURCE_LIMIT(*socket_error)) {
1985  } else {
1986  log_warn(LD_NET,"Error creating network socket: %s",
1987  tor_socket_strerror(*socket_error));
1989  }
1990  return -1;
1991  }
1992 
1993  if (make_socket_reuseable(s) < 0) {
1994  log_warn(LD_NET, "Error setting SO_REUSEADDR flag on new connection: %s",
1995  tor_socket_strerror(errno));
1996  }
1997 
1998  /*
1999  * We've got the socket open; give the OOS handler a chance to check
2000  * against configured maximum socket number, but tell it no exhaustion
2001  * failure.
2002  */
2004 
2005  if (bindaddr && bind(s, bindaddr, bindaddr_len) < 0) {
2006  *socket_error = tor_socket_errno(s);
2007  log_warn(LD_NET,"Error binding network socket: %s",
2008  tor_socket_strerror(*socket_error));
2009  tor_close_socket(s);
2010  return -1;
2011  }
2012 
2013  tor_assert(options);
2014  if (options->ConstrainedSockets)
2016 
2017  if (connect(s, sa, sa_len) < 0) {
2018  int e = tor_socket_errno(s);
2019  if (!ERRNO_IS_CONN_EINPROGRESS(e)) {
2020  /* yuck. kill it. */
2021  *socket_error = e;
2022  log_info(LD_NET,
2023  "connect() to socket failed: %s",
2024  tor_socket_strerror(e));
2025  tor_close_socket(s);
2026  return -1;
2027  } else {
2028  inprogress = 1;
2029  }
2030  }
2031 
2032  /* it succeeded. we're connected. */
2033  log_fn(inprogress ? LOG_DEBUG : LOG_INFO, LD_NET,
2034  "Connection to socket %s (sock "TOR_SOCKET_T_FORMAT").",
2035  inprogress ? "in progress" : "established", s);
2036  conn->s = s;
2037  if (connection_add_connecting(conn) < 0) {
2038  /* no space, forget it */
2039  *socket_error = SOCK_ERRNO(ENOBUFS);
2040  return -1;
2041  }
2042 
2043  return inprogress ? 0 : 1;
2044 }
2045 
2046 /* Log a message if connection attempt is made when IPv4 or IPv6 is disabled.
2047  * Log a less severe message if we couldn't conform to ClientPreferIPv6ORPort
2048  * or ClientPreferIPv6ORPort. */
2049 static void
2050 connection_connect_log_client_use_ip_version(const connection_t *conn)
2051 {
2052  const or_options_t *options = get_options();
2053 
2054  /* Only clients care about ClientUseIPv4/6, bail out early on servers, and
2055  * on connections we don't care about */
2056  if (server_mode(options) || !conn || conn->type == CONN_TYPE_EXIT) {
2057  return;
2058  }
2059 
2060  /* We're only prepared to log OR and DIR connections here */
2061  if (conn->type != CONN_TYPE_OR && conn->type != CONN_TYPE_DIR) {
2062  return;
2063  }
2064 
2065  const int must_ipv4 = !fascist_firewall_use_ipv6(options);
2066  const int must_ipv6 = (options->ClientUseIPv4 == 0);
2067  const int pref_ipv6 = (conn->type == CONN_TYPE_OR
2070  tor_addr_t real_addr;
2071  tor_addr_make_null(&real_addr, AF_UNSPEC);
2072 
2073  /* OR conns keep the original address in real_addr, as addr gets overwritten
2074  * with the descriptor address */
2075  if (conn->type == CONN_TYPE_OR) {
2076  const or_connection_t *or_conn = TO_OR_CONN((connection_t *)conn);
2077  tor_addr_copy(&real_addr, &or_conn->real_addr);
2078  } else if (conn->type == CONN_TYPE_DIR) {
2079  tor_addr_copy(&real_addr, &conn->addr);
2080  }
2081 
2082  /* Check if we broke a mandatory address family restriction */
2083  if ((must_ipv4 && tor_addr_family(&real_addr) == AF_INET6)
2084  || (must_ipv6 && tor_addr_family(&real_addr) == AF_INET)) {
2085  static int logged_backtrace = 0;
2086  log_info(LD_BUG, "Outgoing %s connection to %s violated ClientUseIPv%s 0.",
2087  conn->type == CONN_TYPE_OR ? "OR" : "Dir",
2088  fmt_addr(&real_addr),
2089  options->ClientUseIPv4 == 0 ? "4" : "6");
2090  if (!logged_backtrace) {
2091  log_backtrace(LOG_INFO, LD_BUG, "Address came from");
2092  logged_backtrace = 1;
2093  }
2094  }
2095 
2096  /* Bridges are allowed to break IPv4/IPv6 ORPort preferences to connect to
2097  * the node's configured address when ClientPreferIPv6ORPort is auto */
2098  if (options->UseBridges && conn->type == CONN_TYPE_OR
2099  && options->ClientPreferIPv6ORPort == -1) {
2100  return;
2101  }
2102 
2103  if (fascist_firewall_use_ipv6(options)) {
2104  log_info(LD_NET, "Our outgoing connection is using IPv%d.",
2105  tor_addr_family(&real_addr) == AF_INET6 ? 6 : 4);
2106  }
2107 
2108  /* Check if we couldn't satisfy an address family preference */
2109  if ((!pref_ipv6 && tor_addr_family(&real_addr) == AF_INET6)
2110  || (pref_ipv6 && tor_addr_family(&real_addr) == AF_INET)) {
2111  log_info(LD_NET, "Outgoing connection to %s doesn't satisfy "
2112  "ClientPreferIPv6%sPort %d, with ClientUseIPv4 %d, and "
2113  "fascist_firewall_use_ipv6 %d (ClientUseIPv6 %d and UseBridges "
2114  "%d).",
2115  fmt_addr(&real_addr),
2116  conn->type == CONN_TYPE_OR ? "OR" : "Dir",
2117  conn->type == CONN_TYPE_OR ? options->ClientPreferIPv6ORPort
2118  : options->ClientPreferIPv6DirPort,
2119  options->ClientUseIPv4, fascist_firewall_use_ipv6(options),
2120  options->ClientUseIPv6, options->UseBridges);
2121  }
2122 }
2123 
2124 /** Retrieve the outbound address depending on the protocol (IPv4 or IPv6)
2125  * and the connection type (relay, exit, ...)
2126  * Return a socket address or NULL in case nothing is configured.
2127  **/
2128 const tor_addr_t *
2130  const or_options_t *options, unsigned int conn_type)
2131 {
2132  const tor_addr_t *ext_addr = NULL;
2133 
2134  int fam_index;
2135  switch (family) {
2136  case AF_INET:
2137  fam_index = 0;
2138  break;
2139  case AF_INET6:
2140  fam_index = 1;
2141  break;
2142  default:
2143  return NULL;
2144  }
2145 
2146  // If an exit connection, use the exit address (if present)
2147  if (conn_type == CONN_TYPE_EXIT) {
2148  if (!tor_addr_is_null(
2149  &options->OutboundBindAddresses[OUTBOUND_ADDR_EXIT][fam_index])) {
2150  ext_addr = &options->OutboundBindAddresses[OUTBOUND_ADDR_EXIT]
2151  [fam_index];
2152  } else if (!tor_addr_is_null(
2153  &options->OutboundBindAddresses[OUTBOUND_ADDR_EXIT_AND_OR]
2154  [fam_index])) {
2155  ext_addr = &options->OutboundBindAddresses[OUTBOUND_ADDR_EXIT_AND_OR]
2156  [fam_index];
2157  }
2158  } else { // All non-exit connections
2159  if (!tor_addr_is_null(
2160  &options->OutboundBindAddresses[OUTBOUND_ADDR_OR][fam_index])) {
2161  ext_addr = &options->OutboundBindAddresses[OUTBOUND_ADDR_OR]
2162  [fam_index];
2163  } else if (!tor_addr_is_null(
2164  &options->OutboundBindAddresses[OUTBOUND_ADDR_EXIT_AND_OR]
2165  [fam_index])) {
2166  ext_addr = &options->OutboundBindAddresses[OUTBOUND_ADDR_EXIT_AND_OR]
2167  [fam_index];
2168  }
2169  }
2170  return ext_addr;
2171 }
2172 
2173 /** Take conn, make a nonblocking socket; try to connect to
2174  * addr:port (port arrives in *host order*). If fail, return -1 and if
2175  * applicable put your best guess about errno into *<b>socket_error</b>.
2176  * Else assign s to conn->s: if connected return 1, if EAGAIN return 0.
2177  *
2178  * addr:port can be different to conn->addr:conn->port if connecting through
2179  * a proxy.
2180  *
2181  * address is used to make the logs useful.
2182  *
2183  * On success, add conn to the list of polled connections.
2184  */
2185 int
2186 connection_connect(connection_t *conn, const char *address,
2187  const tor_addr_t *addr, uint16_t port, int *socket_error)
2188 {
2189  struct sockaddr_storage addrbuf;
2190  struct sockaddr_storage bind_addr_ss;
2191  struct sockaddr *bind_addr = NULL;
2192  struct sockaddr *dest_addr;
2193  int dest_addr_len, bind_addr_len = 0;
2194 
2195  /* Log if we didn't stick to ClientUseIPv4/6 or ClientPreferIPv6OR/DirPort
2196  */
2197  connection_connect_log_client_use_ip_version(conn);
2198 
2199  if (!tor_addr_is_loopback(addr)) {
2200  const tor_addr_t *ext_addr = NULL;
2202  conn->type);
2203  if (ext_addr) {
2204  memset(&bind_addr_ss, 0, sizeof(bind_addr_ss));
2205  bind_addr_len = tor_addr_to_sockaddr(ext_addr, 0,
2206  (struct sockaddr *) &bind_addr_ss,
2207  sizeof(bind_addr_ss));
2208  if (bind_addr_len == 0) {
2209  log_warn(LD_NET,
2210  "Error converting OutboundBindAddress %s into sockaddr. "
2211  "Ignoring.", fmt_and_decorate_addr(ext_addr));
2212  } else {
2213  bind_addr = (struct sockaddr *)&bind_addr_ss;
2214  }
2215  }
2216  }
2217 
2218  memset(&addrbuf,0,sizeof(addrbuf));
2219  dest_addr = (struct sockaddr*) &addrbuf;
2220  dest_addr_len = tor_addr_to_sockaddr(addr, port, dest_addr, sizeof(addrbuf));
2221  tor_assert(dest_addr_len > 0);
2222 
2223  log_debug(LD_NET, "Connecting to %s:%u.",
2224  escaped_safe_str_client(address), port);
2225 
2226  return connection_connect_sockaddr(conn, dest_addr, dest_addr_len,
2227  bind_addr, bind_addr_len, socket_error);
2228 }
2229 
2230 #ifdef HAVE_SYS_UN_H
2231 
2232 /** Take conn, make a nonblocking socket; try to connect to
2233  * an AF_UNIX socket at socket_path. If fail, return -1 and if applicable
2234  * put your best guess about errno into *<b>socket_error</b>. Else assign s
2235  * to conn->s: if connected return 1, if EAGAIN return 0.
2236  *
2237  * On success, add conn to the list of polled connections.
2238  */
2239 int
2240 connection_connect_unix(connection_t *conn, const char *socket_path,
2241  int *socket_error)
2242 {
2243  struct sockaddr_un dest_addr;
2244 
2245  tor_assert(socket_path);
2246 
2247  /* Check that we'll be able to fit it into dest_addr later */
2248  if (strlen(socket_path) + 1 > sizeof(dest_addr.sun_path)) {
2249  log_warn(LD_NET,
2250  "Path %s is too long for an AF_UNIX socket\n",
2251  escaped_safe_str_client(socket_path));
2252  *socket_error = SOCK_ERRNO(ENAMETOOLONG);
2253  return -1;
2254  }
2255 
2256  memset(&dest_addr, 0, sizeof(dest_addr));
2257  dest_addr.sun_family = AF_UNIX;
2258  strlcpy(dest_addr.sun_path, socket_path, sizeof(dest_addr.sun_path));
2259 
2260  log_debug(LD_NET,
2261  "Connecting to AF_UNIX socket at %s.",
2262  escaped_safe_str_client(socket_path));
2263 
2264  return connection_connect_sockaddr(conn,
2265  (struct sockaddr *)&dest_addr, sizeof(dest_addr),
2266  NULL, 0, socket_error);
2267 }
2268 
2269 #endif /* defined(HAVE_SYS_UN_H) */
2270 
2271 /** Convert state number to string representation for logging purposes.
2272  */
2273 static const char *
2275 {
2276  static const char *unknown = "???";
2277  static const char *states[] = {
2278  "PROXY_NONE",
2279  "PROXY_INFANT",
2280  "PROXY_HTTPS_WANT_CONNECT_OK",
2281  "PROXY_SOCKS4_WANT_CONNECT_OK",
2282  "PROXY_SOCKS5_WANT_AUTH_METHOD_NONE",
2283  "PROXY_SOCKS5_WANT_AUTH_METHOD_RFC1929",
2284  "PROXY_SOCKS5_WANT_AUTH_RFC1929_OK",
2285  "PROXY_SOCKS5_WANT_CONNECT_OK",
2286  "PROXY_HAPROXY_WAIT_FOR_FLUSH",
2287  "PROXY_CONNECTED",
2288  };
2289 
2290  CTASSERT(ARRAY_LENGTH(states) == PROXY_CONNECTED+1);
2291 
2292  if (state < PROXY_NONE || state > PROXY_CONNECTED)
2293  return unknown;
2294 
2295  return states[state];
2296 }
2297 
2298 /** Returns the proxy type used by tor for a single connection, for
2299  * logging or high-level purposes. Don't use it to fill the
2300  * <b>proxy_type</b> field of or_connection_t; use the actual proxy
2301  * protocol instead.*/
2302 static int
2304 {
2305  const or_options_t *options = get_options();
2306 
2307  if (options->ClientTransportPlugin) {
2308  /* If we have plugins configured *and* this addr/port is a known bridge
2309  * with a transport, then we should be PROXY_PLUGGABLE. */
2310  const transport_t *transport = NULL;
2311  int r;
2312  r = get_transport_by_bridge_addrport(&conn->addr, conn->port, &transport);
2313  if (r == 0 && transport)
2314  return PROXY_PLUGGABLE;
2315  }
2316 
2317  /* In all other cases, we're using a global proxy. */
2318  if (options->HTTPSProxy)
2319  return PROXY_CONNECT;
2320  else if (options->Socks4Proxy)
2321  return PROXY_SOCKS4;
2322  else if (options->Socks5Proxy)
2323  return PROXY_SOCKS5;
2324  else if (options->TCPProxy) {
2325  /* The only supported protocol in TCPProxy is haproxy. */
2327  return PROXY_HAPROXY;
2328  } else
2329  return PROXY_NONE;
2330 }
2331 
2332 /* One byte for the version, one for the command, two for the
2333  port, and four for the addr... and, one more for the
2334  username NUL: */
2335 #define SOCKS4_STANDARD_BUFFER_SIZE (1 + 1 + 2 + 4 + 1)
2336 
2337 /** Write a proxy request of https to conn for conn->addr:conn->port,
2338  * authenticating with the auth details given in the configuration
2339  * (if available).
2340  *
2341  * Returns -1 if conn->addr is incompatible with the proxy protocol, and
2342  * 0 otherwise.
2343  */
2344 static int
2346 {
2347  tor_assert(conn);
2348 
2349  const or_options_t *options = get_options();
2350  char buf[1024];
2351  char *base64_authenticator = NULL;
2352  const char *authenticator = options->HTTPSProxyAuthenticator;
2353 
2354  /* Send HTTP CONNECT and authentication (if available) in
2355  * one request */
2356 
2357  if (authenticator) {
2358  base64_authenticator = alloc_http_authenticator(authenticator);
2359  if (!base64_authenticator)
2360  log_warn(LD_OR, "Encoding https authenticator failed");
2361  }
2362 
2363  if (base64_authenticator) {
2364  const char *addrport = fmt_addrport(&conn->addr, conn->port);
2365  tor_snprintf(buf, sizeof(buf), "CONNECT %s HTTP/1.1\r\n"
2366  "Host: %s\r\n"
2367  "Proxy-Authorization: Basic %s\r\n\r\n",
2368  addrport,
2369  addrport,
2370  base64_authenticator);
2371  tor_free(base64_authenticator);
2372  } else {
2373  tor_snprintf(buf, sizeof(buf), "CONNECT %s HTTP/1.0\r\n\r\n",
2374  fmt_addrport(&conn->addr, conn->port));
2375  }
2376 
2377  connection_buf_add(buf, strlen(buf), conn);
2378  conn->proxy_state = PROXY_HTTPS_WANT_CONNECT_OK;
2379 
2380  return 0;
2381 }
2382 
2383 /** Write a proxy request of socks4 to conn for conn->addr:conn->port.
2384  *
2385  * Returns -1 if conn->addr is incompatible with the proxy protocol, and
2386  * 0 otherwise.
2387  */
2388 static int
2390 {
2391  tor_assert(conn);
2392 
2393  unsigned char *buf;
2394  uint16_t portn;
2395  uint32_t ip4addr;
2396  size_t buf_size = 0;
2397  char *socks_args_string = NULL;
2398 
2399  /* Send a SOCKS4 connect request */
2400 
2401  if (tor_addr_family(&conn->addr) != AF_INET) {
2402  log_warn(LD_NET, "SOCKS4 client is incompatible with IPv6");
2403  return -1;
2404  }
2405 
2406  { /* If we are here because we are trying to connect to a
2407  pluggable transport proxy, check if we have any SOCKS
2408  arguments to transmit. If we do, compress all arguments to
2409  a single string in 'socks_args_string': */
2410 
2411  if (conn_get_proxy_type(conn) == PROXY_PLUGGABLE) {
2412  socks_args_string =
2414  if (socks_args_string)
2415  log_debug(LD_NET, "Sending out '%s' as our SOCKS argument string.",
2416  socks_args_string);
2417  }
2418  }
2419 
2420  { /* Figure out the buffer size we need for the SOCKS message: */
2421 
2422  buf_size = SOCKS4_STANDARD_BUFFER_SIZE;
2423 
2424  /* If we have a SOCKS argument string, consider its size when
2425  calculating the buffer size: */
2426  if (socks_args_string)
2427  buf_size += strlen(socks_args_string);
2428  }
2429 
2430  buf = tor_malloc_zero(buf_size);
2431 
2432  ip4addr = tor_addr_to_ipv4n(&conn->addr);
2433  portn = htons(conn->port);
2434 
2435  buf[0] = 4; /* version */
2436  buf[1] = SOCKS_COMMAND_CONNECT; /* command */
2437  memcpy(buf + 2, &portn, 2); /* port */
2438  memcpy(buf + 4, &ip4addr, 4); /* addr */
2439 
2440  /* Next packet field is the userid. If we have pluggable
2441  transport SOCKS arguments, we have to embed them
2442  there. Otherwise, we use an empty userid. */
2443  if (socks_args_string) { /* place the SOCKS args string: */
2444  tor_assert(strlen(socks_args_string) > 0);
2445  tor_assert(buf_size >=
2446  SOCKS4_STANDARD_BUFFER_SIZE + strlen(socks_args_string));
2447  strlcpy((char *)buf + 8, socks_args_string, buf_size - 8);
2448  tor_free(socks_args_string);
2449  } else {
2450  buf[8] = 0; /* no userid */
2451  }
2452 
2453  connection_buf_add((char *)buf, buf_size, conn);
2454  tor_free(buf);
2455 
2456  conn->proxy_state = PROXY_SOCKS4_WANT_CONNECT_OK;
2457  return 0;
2458 }
2459 
2460 /** Write a proxy request of socks5 to conn for conn->addr:conn->port,
2461  * authenticating with the auth details given in the configuration
2462  * (if available).
2463  *
2464  * Returns -1 if conn->addr is incompatible with the proxy protocol, and
2465  * 0 otherwise.
2466  */
2467 static int
2469 {
2470  tor_assert(conn);
2471 
2472  const or_options_t *options = get_options();
2473  unsigned char buf[4]; /* fields: vers, num methods, method list */
2474 
2475  /* Send a SOCKS5 greeting (connect request must wait) */
2476 
2477  buf[0] = 5; /* version */
2478 
2479  /* We have to use SOCKS5 authentication, if we have a
2480  Socks5ProxyUsername or if we want to pass arguments to our
2481  pluggable transport proxy: */
2482  if ((options->Socks5ProxyUsername) ||
2483  (conn_get_proxy_type(conn) == PROXY_PLUGGABLE &&
2484  (get_socks_args_by_bridge_addrport(&conn->addr, conn->port)))) {
2485  /* number of auth methods */
2486  buf[1] = 2;
2487  buf[2] = 0x00; /* no authentication */
2488  buf[3] = 0x02; /* rfc1929 Username/Passwd auth */
2489  conn->proxy_state = PROXY_SOCKS5_WANT_AUTH_METHOD_RFC1929;
2490  } else {
2491  buf[1] = 1;
2492  buf[2] = 0x00; /* no authentication */
2493  conn->proxy_state = PROXY_SOCKS5_WANT_AUTH_METHOD_NONE;
2494  }
2495 
2496  connection_buf_add((char *)buf, 2 + buf[1], conn);
2497  return 0;
2498 }
2499 
2500 /** Write a proxy request of haproxy to conn for conn->addr:conn->port.
2501  *
2502  * Returns -1 if conn->addr is incompatible with the proxy protocol, and
2503  * 0 otherwise.
2504  */
2505 static int
2507 {
2508  int ret = 0;
2509  tor_addr_port_t *addr_port = tor_addr_port_new(&conn->addr, conn->port);
2510  char *buf = haproxy_format_proxy_header_line(addr_port);
2511 
2512  if (buf == NULL) {
2513  ret = -1;
2514  goto done;
2515  }
2516 
2517  connection_buf_add(buf, strlen(buf), conn);
2518  /* In haproxy, we don't have to wait for the response, but we wait for ack.
2519  * So we can set the state to be PROXY_HAPROXY_WAIT_FOR_FLUSH. */
2520  conn->proxy_state = PROXY_HAPROXY_WAIT_FOR_FLUSH;
2521 
2522  ret = 0;
2523  done:
2524  tor_free(buf);
2525  tor_free(addr_port);
2526  return ret;
2527 }
2528 
2529 /** Write a proxy request of <b>type</b> (socks4, socks5, https, haproxy)
2530  * to conn for conn->addr:conn->port, authenticating with the auth details
2531  * given in the configuration (if available). SOCKS 5 and HTTP CONNECT
2532  * proxies support authentication.
2533  *
2534  * Returns -1 if conn->addr is incompatible with the proxy protocol, and
2535  * 0 otherwise.
2536  *
2537  * Use connection_read_proxy_handshake() to complete the handshake.
2538  */
2539 int
2541 {
2542  int ret = 0;
2543 
2544  tor_assert(conn);
2545 
2546  switch (type) {
2547  case PROXY_CONNECT:
2548  ret = connection_https_proxy_connect(conn);
2549  break;
2550 
2551  case PROXY_SOCKS4:
2552  ret = connection_socks4_proxy_connect(conn);
2553  break;
2554 
2555  case PROXY_SOCKS5:
2556  ret = connection_socks5_proxy_connect(conn);
2557  break;
2558 
2559  case PROXY_HAPROXY:
2561  break;
2562 
2563  default:
2564  log_err(LD_BUG, "Invalid proxy protocol, %d", type);
2566  ret = -1;
2567  break;
2568  }
2569 
2570  if (ret == 0) {
2571  log_debug(LD_NET, "set state %s",
2573  }
2574 
2575  return ret;
2576 }
2577 
2578 /** Read conn's inbuf. If the http response from the proxy is all
2579  * here, make sure it's good news, then return 1. If it's bad news,
2580  * return -1. Else return 0 and hope for better luck next time.
2581  */
2582 static int
2584 {
2585  char *headers;
2586  char *reason=NULL;
2587  int status_code;
2588  time_t date_header;
2589 
2590  switch (fetch_from_buf_http(conn->inbuf,
2591  &headers, MAX_HEADERS_SIZE,
2592  NULL, NULL, 10000, 0)) {
2593  case -1: /* overflow */
2594  log_warn(LD_PROTOCOL,
2595  "Your https proxy sent back an oversized response. Closing.");
2596  return -1;
2597  case 0:
2598  log_info(LD_NET,"https proxy response not all here yet. Waiting.");
2599  return 0;
2600  /* case 1, fall through */
2601  }
2602 
2603  if (parse_http_response(headers, &status_code, &date_header,
2604  NULL, &reason) < 0) {
2605  log_warn(LD_NET,
2606  "Unparseable headers from proxy (connecting to '%s'). Closing.",
2607  conn->address);
2608  tor_free(headers);
2609  return -1;
2610  }
2611  tor_free(headers);
2612  if (!reason) reason = tor_strdup("[no reason given]");
2613 
2614  if (status_code == 200) {
2615  log_info(LD_NET,
2616  "HTTPS connect to '%s' successful! (200 %s) Starting TLS.",
2617  conn->address, escaped(reason));
2618  tor_free(reason);
2619  return 1;
2620  }
2621  /* else, bad news on the status code */
2622  switch (status_code) {
2623  case 403:
2624  log_warn(LD_NET,
2625  "The https proxy refused to allow connection to %s "
2626  "(status code %d, %s). Closing.",
2627  conn->address, status_code, escaped(reason));
2628  break;
2629  default:
2630  log_warn(LD_NET,
2631  "The https proxy sent back an unexpected status code %d (%s). "
2632  "Closing.",
2633  status_code, escaped(reason));
2634  break;
2635  }
2636  tor_free(reason);
2637  return -1;
2638 }
2639 
2640 /** Send SOCKS5 CONNECT command to <b>conn</b>, copying <b>conn->addr</b>
2641  * and <b>conn->port</b> into the request.
2642  */
2643 static void
2645 {
2646  unsigned char buf[1024];
2647  size_t reqsize = 6;
2648  uint16_t port = htons(conn->port);
2649 
2650  buf[0] = 5; /* version */
2651  buf[1] = SOCKS_COMMAND_CONNECT; /* command */
2652  buf[2] = 0; /* reserved */
2653 
2654  if (tor_addr_family(&conn->addr) == AF_INET) {
2655  uint32_t addr = tor_addr_to_ipv4n(&conn->addr);
2656 
2657  buf[3] = 1;
2658  reqsize += 4;
2659  memcpy(buf + 4, &addr, 4);
2660  memcpy(buf + 8, &port, 2);
2661  } else { /* AF_INET6 */
2662  buf[3] = 4;
2663  reqsize += 16;
2664  memcpy(buf + 4, tor_addr_to_in6_addr8(&conn->addr), 16);
2665  memcpy(buf + 20, &port, 2);
2666  }
2667 
2668  connection_buf_add((char *)buf, reqsize, conn);
2669 
2670  conn->proxy_state = PROXY_SOCKS5_WANT_CONNECT_OK;
2671 }
2672 
2673 /** Wrapper around fetch_from_buf_socks_client: see that functions
2674  * for documentation of its behavior. */
2675 static int
2677  int state, char **reason)
2678 {
2679  return fetch_from_buf_socks_client(conn->inbuf, state, reason);
2680 }
2681 
2682 /** Call this from connection_*_process_inbuf() to advance the proxy
2683  * handshake.
2684  *
2685  * No matter what proxy protocol is used, if this function returns 1, the
2686  * handshake is complete, and the data remaining on inbuf may contain the
2687  * start of the communication with the requested server.
2688  *
2689  * Returns 0 if the current buffer contains an incomplete response, and -1
2690  * on error.
2691  */
2692 int
2694 {
2695  int ret = 0;
2696  char *reason = NULL;
2697 
2698  log_debug(LD_NET, "enter state %s",
2700 
2701  switch (conn->proxy_state) {
2702  case PROXY_HTTPS_WANT_CONNECT_OK:
2704  if (ret == 1)
2705  conn->proxy_state = PROXY_CONNECTED;
2706  break;
2707 
2708  case PROXY_SOCKS4_WANT_CONNECT_OK:
2710  conn->proxy_state,
2711  &reason);
2712  if (ret == 1)
2713  conn->proxy_state = PROXY_CONNECTED;
2714  break;
2715 
2716  case PROXY_SOCKS5_WANT_AUTH_METHOD_NONE:
2718  conn->proxy_state,
2719  &reason);
2720  /* no auth needed, do connect */
2721  if (ret == 1) {
2723  ret = 0;
2724  }
2725  break;
2726 
2727  case PROXY_SOCKS5_WANT_AUTH_METHOD_RFC1929:
2729  conn->proxy_state,
2730  &reason);
2731 
2732  /* send auth if needed, otherwise do connect */
2733  if (ret == 1) {
2735  ret = 0;
2736  } else if (ret == 2) {
2737  unsigned char buf[1024];
2738  size_t reqsize, usize, psize;
2739  const char *user, *pass;
2740  char *socks_args_string = NULL;
2741 
2742  if (conn_get_proxy_type(conn) == PROXY_PLUGGABLE) {
2743  socks_args_string =
2745  if (!socks_args_string) {
2746  log_warn(LD_NET, "Could not create SOCKS args string for PT.");
2747  ret = -1;
2748  break;
2749  }
2750 
2751  log_debug(LD_NET, "PT SOCKS5 arguments: %s", socks_args_string);
2752  tor_assert(strlen(socks_args_string) > 0);
2753  tor_assert(strlen(socks_args_string) <= MAX_SOCKS5_AUTH_SIZE_TOTAL);
2754 
2755  if (strlen(socks_args_string) > MAX_SOCKS5_AUTH_FIELD_SIZE) {
2756  user = socks_args_string;
2758  pass = socks_args_string + MAX_SOCKS5_AUTH_FIELD_SIZE;
2759  psize = strlen(socks_args_string) - MAX_SOCKS5_AUTH_FIELD_SIZE;
2760  } else {
2761  user = socks_args_string;
2762  usize = strlen(socks_args_string);
2763  pass = "\0";
2764  psize = 1;
2765  }
2766  } else if (get_options()->Socks5ProxyUsername) {
2767  user = get_options()->Socks5ProxyUsername;
2768  pass = get_options()->Socks5ProxyPassword;
2769  tor_assert(user && pass);
2770  usize = strlen(user);
2771  psize = strlen(pass);
2772  } else {
2773  log_err(LD_BUG, "We entered %s for no reason!", __func__);
2775  ret = -1;
2776  break;
2777  }
2778 
2779  /* Username and password lengths should have been checked
2780  above and during torrc parsing. */
2782  psize <= MAX_SOCKS5_AUTH_FIELD_SIZE);
2783  reqsize = 3 + usize + psize;
2784 
2785  buf[0] = 1; /* negotiation version */
2786  buf[1] = usize;
2787  memcpy(buf + 2, user, usize);
2788  buf[2 + usize] = psize;
2789  memcpy(buf + 3 + usize, pass, psize);
2790 
2791  if (socks_args_string)
2792  tor_free(socks_args_string);
2793 
2794  connection_buf_add((char *)buf, reqsize, conn);
2795 
2796  conn->proxy_state = PROXY_SOCKS5_WANT_AUTH_RFC1929_OK;
2797  ret = 0;
2798  }
2799  break;
2800 
2801  case PROXY_SOCKS5_WANT_AUTH_RFC1929_OK:
2803  conn->proxy_state,
2804  &reason);
2805  /* send the connect request */
2806  if (ret == 1) {
2808  ret = 0;
2809  }
2810  break;
2811 
2812  case PROXY_SOCKS5_WANT_CONNECT_OK:
2814  conn->proxy_state,
2815  &reason);
2816  if (ret == 1)
2817  conn->proxy_state = PROXY_CONNECTED;
2818  break;
2819 
2820  default:
2821  log_err(LD_BUG, "Invalid proxy_state for reading, %d",
2822  conn->proxy_state);
2824  ret = -1;
2825  break;
2826  }
2827 
2828  log_debug(LD_NET, "leaving state %s",
2830 
2831  if (ret < 0) {
2832  if (reason) {
2833  log_warn(LD_NET, "Proxy Client: unable to connect to %s:%d (%s)",
2834  conn->address, conn->port, escaped(reason));
2835  tor_free(reason);
2836  } else {
2837  log_warn(LD_NET, "Proxy Client: unable to connect to %s:%d",
2838  conn->address, conn->port);
2839  }
2840  } else if (ret == 1) {
2841  log_info(LD_NET, "Proxy Client: connection to %s:%d successful",
2842  conn->address, conn->port);
2843  }
2844 
2845  return ret;
2846 }
2847 
2848 /** Given a list of listener connections in <b>old_conns</b>, and list of
2849  * port_cfg_t entries in <b>ports</b>, open a new listener for every port in
2850  * <b>ports</b> that does not already have a listener in <b>old_conns</b>.
2851  *
2852  * Remove from <b>old_conns</b> every connection that has a corresponding
2853  * entry in <b>ports</b>. Add to <b>new_conns</b> new every connection we
2854  * launch. If we may need to perform socket rebind when creating new
2855  * listener that replaces old one, create a <b>listener_replacement_t</b>
2856  * struct for affected pair and add it to <b>replacements</b>.
2857  *
2858  * If <b>control_listeners_only</b> is true, then we only open control
2859  * listeners, and we do not remove any noncontrol listeners from
2860  * old_conns.
2861  *
2862  * Return 0 on success, -1 on failure.
2863  **/
2864 static int
2866  const smartlist_t *ports,
2867  smartlist_t *new_conns,
2868  smartlist_t *replacements,
2869  int control_listeners_only)
2870 {
2871 #ifndef ENABLE_LISTENER_REBIND
2872  (void)replacements;
2873 #endif
2874 
2875  smartlist_t *launch = smartlist_new();
2876  int r = 0;
2877 
2878  if (control_listeners_only) {
2879  SMARTLIST_FOREACH(ports, port_cfg_t *, p, {
2880  if (p->type == CONN_TYPE_CONTROL_LISTENER)
2881  smartlist_add(launch, p);
2882  });
2883  } else {
2884  smartlist_add_all(launch, ports);
2885  }
2886 
2887  /* Iterate through old_conns, comparing it to launch: remove from both lists
2888  * each pair of elements that corresponds to the same port. */
2889  SMARTLIST_FOREACH_BEGIN(old_conns, connection_t *, conn) {
2890  const port_cfg_t *found_port = NULL;
2891 
2892  /* Okay, so this is a listener. Is it configured? */
2893  /* That is, is it either: 1) exact match - address and port
2894  * pair match exactly between old listener and new port; or 2)
2895  * wildcard match - port matches exactly, but *one* of the
2896  * addresses is wildcard (0.0.0.0 or ::)?
2897  */
2898  SMARTLIST_FOREACH_BEGIN(launch, const port_cfg_t *, wanted) {
2899  if (conn->type != wanted->type)
2900  continue;
2901  if ((conn->socket_family != AF_UNIX && wanted->is_unix_addr) ||
2902  (conn->socket_family == AF_UNIX && ! wanted->is_unix_addr))
2903  continue;
2904 
2905  if (wanted->server_cfg.no_listen)
2906  continue; /* We don't want to open a listener for this one */
2907 
2908  if (wanted->is_unix_addr) {
2909  if (conn->socket_family == AF_UNIX &&
2910  !strcmp(wanted->unix_addr, conn->address)) {
2911  found_port = wanted;
2912  break;
2913  }
2914  } else {
2915  /* Numeric values of old and new port match exactly. */
2916  const int port_matches_exact = (wanted->port == conn->port);
2917  /* Ports match semantically - either their specific values
2918  match exactly, or new port is 'auto'.
2919  */
2920  const int port_matches = (wanted->port == CFG_AUTO_PORT ||
2921  port_matches_exact);
2922 
2923  if (port_matches && tor_addr_eq(&wanted->addr, &conn->addr)) {
2924  found_port = wanted;
2925  break;
2926  }
2927 #ifdef ENABLE_LISTENER_REBIND
2928  /* Rebinding may be needed if all of the following are true:
2929  * 1) Address family is the same in old and new listeners.
2930  * 2) Port number matches exactly (numeric value is the same).
2931  * 3) *One* of listeners (either old one or new one) has a
2932  * wildcard IP address (0.0.0.0 or [::]).
2933  *
2934  * These are the exact conditions for a first bind() syscall
2935  * to fail with EADDRINUSE.
2936  */
2937  const int may_need_rebind =
2938  tor_addr_family(&wanted->addr) == tor_addr_family(&conn->addr) &&
2939  port_matches_exact && bool_neq(tor_addr_is_null(&wanted->addr),
2940  tor_addr_is_null(&conn->addr));
2941  if (replacements && may_need_rebind) {
2942  listener_replacement_t *replacement =
2943  tor_malloc(sizeof(listener_replacement_t));
2944 
2945  replacement->old_conn = conn;
2946  replacement->new_port = wanted;
2947  smartlist_add(replacements, replacement);
2948 
2949  SMARTLIST_DEL_CURRENT(launch, wanted);
2950  SMARTLIST_DEL_CURRENT(old_conns, conn);
2951  break;
2952  }
2953 #endif /* defined(ENABLE_LISTENER_REBIND) */
2954  }
2955  } SMARTLIST_FOREACH_END(wanted);
2956 
2957  if (found_port) {
2958  /* This listener is already running; we don't need to launch it. */
2959  //log_debug(LD_NET, "Already have %s on %s:%d",
2960  // conn_type_to_string(found_port->type), conn->address, conn->port);
2961  smartlist_remove(launch, found_port);
2962  /* And we can remove the connection from old_conns too. */
2963  SMARTLIST_DEL_CURRENT(old_conns, conn);
2964  }
2965  } SMARTLIST_FOREACH_END(conn);
2966 
2967  /* Now open all the listeners that are configured but not opened. */
2968  SMARTLIST_FOREACH_BEGIN(launch, const port_cfg_t *, port) {
2969  int skip = 0;
2970  connection_t *conn = connection_listener_new_for_port(port, &skip, NULL);
2971 
2972  if (conn && new_conns)
2973  smartlist_add(new_conns, conn);
2974  else if (!skip)
2975  r = -1;
2976  } SMARTLIST_FOREACH_END(port);
2977 
2978  smartlist_free(launch);
2979 
2980  return r;
2981 }
2982 
2983 /** Launch listeners for each port you should have open. Only launch
2984  * listeners who are not already open, and only close listeners we no longer
2985  * want.
2986  *
2987  * Add all new connections to <b>new_conns</b>.
2988  *
2989  * If <b>close_all_noncontrol</b> is true, then we only open control
2990  * listeners, and we close all other listeners.
2991  */
2992 int
2993 retry_all_listeners(smartlist_t *new_conns, int close_all_noncontrol)
2994 {
2995  smartlist_t *listeners = smartlist_new();
2996  smartlist_t *replacements = smartlist_new();
2997  const or_options_t *options = get_options();
2998  int retval = 0;
2999  const uint16_t old_or_port = router_get_advertised_or_port(options);
3000  const uint16_t old_or_port_ipv6 =
3001  router_get_advertised_or_port_by_af(options,AF_INET6);
3002  const uint16_t old_dir_port = router_get_advertised_dir_port(options, 0);
3003 
3005  if (connection_is_listener(conn) && !conn->marked_for_close)
3006  smartlist_add(listeners, conn);
3007  } SMARTLIST_FOREACH_END(conn);
3008 
3009  if (retry_listener_ports(listeners,
3011  new_conns,
3012  replacements,
3013  close_all_noncontrol) < 0)
3014  retval = -1;
3015 
3016 #ifdef ENABLE_LISTENER_REBIND
3017  if (smartlist_len(replacements))
3018  log_debug(LD_NET, "%d replacements - starting rebinding loop.",
3019  smartlist_len(replacements));
3020 
3021  SMARTLIST_FOREACH_BEGIN(replacements, listener_replacement_t *, r) {
3022  int addr_in_use = 0;
3023  int skip = 0;
3024 
3025  tor_assert(r->new_port);
3026  tor_assert(r->old_conn);
3027 
3028  connection_t *new_conn =
3029  connection_listener_new_for_port(r->new_port, &skip, &addr_in_use);
3030  connection_t *old_conn = r->old_conn;
3031 
3032  if (skip) {
3033  log_debug(LD_NET, "Skipping creating new listener for %s:%d",
3034  old_conn->address, old_conn->port);
3035  continue;
3036  }
3037 
3038  connection_close_immediate(old_conn);
3039  connection_mark_for_close(old_conn);
3040 
3041  if (addr_in_use) {
3042  new_conn = connection_listener_new_for_port(r->new_port,
3043  &skip, &addr_in_use);
3044  }
3045 
3046  tor_assert(new_conn);
3047 
3048  smartlist_add(new_conns, new_conn);
3049 
3050  log_notice(LD_NET, "Closed no-longer-configured %s on %s:%d "
3051  "(replaced by %s:%d)",
3052  conn_type_to_string(old_conn->type), old_conn->address,
3053  old_conn->port, new_conn->address, new_conn->port);
3054  } SMARTLIST_FOREACH_END(r);
3055 #endif /* defined(ENABLE_LISTENER_REBIND) */
3056 
3057  /* Any members that were still in 'listeners' don't correspond to
3058  * any configured port. Kill 'em. */
3059  SMARTLIST_FOREACH_BEGIN(listeners, connection_t *, conn) {
3060  log_notice(LD_NET, "Closing no-longer-configured %s on %s:%d",
3061  conn_type_to_string(conn->type), conn->address, conn->port);
3063  connection_mark_for_close(conn);
3064  } SMARTLIST_FOREACH_END(conn);
3065 
3066  smartlist_free(listeners);
3067  /* Cleanup any remaining listener replacement. */
3068  SMARTLIST_FOREACH(replacements, listener_replacement_t *, r, tor_free(r));
3069  smartlist_free(replacements);
3070 
3071  if (old_or_port != router_get_advertised_or_port(options) ||
3072  old_or_port_ipv6 != router_get_advertised_or_port_by_af(options,
3073  AF_INET6) ||
3074  old_dir_port != router_get_advertised_dir_port(options, 0)) {
3075  /* Our chosen ORPort or DirPort is not what it used to be: the
3076  * descriptor we had (if any) should be regenerated. (We won't
3077  * automatically notice this because of changes in the option,
3078  * since the value could be "auto".) */
3079  mark_my_descriptor_dirty("Chosen Or/DirPort changed");
3080  }
3081 
3082  return retval;
3083 }
3084 
3085 /** Mark every listener of type other than CONTROL_LISTENER to be closed. */
3086 void
3088 {
3090  if (conn->marked_for_close)
3091  continue;
3092  if (conn->type == CONN_TYPE_CONTROL_LISTENER)
3093  continue;
3094  if (connection_is_listener(conn))
3095  connection_mark_for_close(conn);
3096  } SMARTLIST_FOREACH_END(conn);
3097 }
3098 
3099 /** Mark every external connection not used for controllers for close. */
3100 void
3102 {
3104  if (conn->marked_for_close)
3105  continue;
3106  switch (conn->type) {
3108  case CONN_TYPE_CONTROL:
3109  break;
3110  case CONN_TYPE_AP:
3111  connection_mark_unattached_ap(TO_ENTRY_CONN(conn),
3112  END_STREAM_REASON_HIBERNATING);
3113  break;
3114  case CONN_TYPE_OR:
3115  {
3116  or_connection_t *orconn = TO_OR_CONN(conn);
3117  if (orconn->chan) {
3118  connection_or_close_normally(orconn, 0);
3119  } else {
3120  /*
3121  * There should have been one, but mark for close and hope
3122  * for the best..
3123  */
3124  connection_mark_for_close(conn);
3125  }
3126  }
3127  break;
3128  default:
3129  connection_mark_for_close(conn);
3130  break;
3131  }
3132  } SMARTLIST_FOREACH_END(conn);
3133 }
3134 
3135 /** Return 1 if we should apply rate limiting to <b>conn</b>, and 0
3136  * otherwise.
3137  * Right now this just checks if it's an internal IP address or an
3138  * internal connection. We also should, but don't, check if the connection
3139  * uses pluggable transports, since we should then limit it even if it
3140  * comes from an internal IP address. */
3141 static int
3143 {
3144  const or_options_t *options = get_options();
3145  if (conn->linked)
3146  return 0; /* Internal connection */
3147  else if (! options->CountPrivateBandwidth &&
3148  (tor_addr_family(&conn->addr) == AF_UNSPEC || /* no address */
3149  tor_addr_family(&conn->addr) == AF_UNIX || /* no address */
3150  tor_addr_is_internal(&conn->addr, 0)))
3151  return 0; /* Internal address */
3152  else
3153  return 1;
3154 }
3155 
3156 /** When was either global write bucket last empty? If this was recent, then
3157  * we're probably low on bandwidth, and we should be stingy with our bandwidth
3158  * usage. */
3159 static time_t write_buckets_last_empty_at = -100;
3160 
3161 /** How many seconds of no active local circuits will make the
3162  * connection revert to the "relayed" bandwidth class? */
3163 #define CLIENT_IDLE_TIME_FOR_PRIORITY 30
3164 
3165 /** Return 1 if <b>conn</b> should use tokens from the "relayed"
3166  * bandwidth rates, else 0. Currently, only OR conns with bandwidth
3167  * class 1, and directory conns that are serving data out, count.
3168  */
3169 static int
3171 {
3172  if (conn->type == CONN_TYPE_OR &&
3175  return 1;
3176  if (conn->type == CONN_TYPE_DIR && DIR_CONN_IS_SERVER(conn))
3177  return 1;
3178  return 0;
3179 }
3180 
3181 /** Helper function to decide how many bytes out of <b>global_bucket</b>
3182  * we're willing to use for this transaction. <b>base</b> is the size
3183  * of a cell on the network; <b>priority</b> says whether we should
3184  * write many of them or just a few; and <b>conn_bucket</b> (if
3185  * non-negative) provides an upper limit for our answer. */
3186 static ssize_t
3187 connection_bucket_get_share(int base, int priority,
3188  ssize_t global_bucket_val, ssize_t conn_bucket)
3189 {
3190  ssize_t at_most;
3191  ssize_t num_bytes_high = (priority ? 32 : 16) * base;
3192  ssize_t num_bytes_low = (priority ? 4 : 2) * base;
3193 
3194  /* Do a rudimentary limiting so one circuit can't hog a connection.
3195  * Pick at most 32 cells, at least 4 cells if possible, and if we're in
3196  * the middle pick 1/8 of the available bandwidth. */
3197  at_most = global_bucket_val / 8;
3198  at_most -= (at_most % base); /* round down */
3199  if (at_most > num_bytes_high) /* 16 KB, or 8 KB for low-priority */
3200  at_most = num_bytes_high;
3201  else if (at_most < num_bytes_low) /* 2 KB, or 1 KB for low-priority */
3202  at_most = num_bytes_low;
3203 
3204  if (at_most > global_bucket_val)
3205  at_most = global_bucket_val;
3206 
3207  if (conn_bucket >= 0 && at_most > conn_bucket)
3208  at_most = conn_bucket;
3209 
3210  if (at_most < 0)
3211  return 0;
3212  return at_most;
3213 }
3214 
3215 /** How many bytes at most can we read onto this connection? */
3216 static ssize_t
3218 {
3219  int base = RELAY_PAYLOAD_SIZE;
3220  int priority = conn->type != CONN_TYPE_DIR;
3221  ssize_t conn_bucket = -1;
3222  size_t global_bucket_val = token_bucket_rw_get_read(&global_bucket);
3223 
3224  if (connection_speaks_cells(conn)) {
3225  or_connection_t *or_conn = TO_OR_CONN(conn);
3226  if (conn->state == OR_CONN_STATE_OPEN)
3227  conn_bucket = token_bucket_rw_get_read(&or_conn->bucket);
3228  base = get_cell_network_size(or_conn->wide_circ_ids);
3229  }
3230 
3231  if (!connection_is_rate_limited(conn)) {
3232  /* be willing to read on local conns even if our buckets are empty */
3233  return conn_bucket>=0 ? conn_bucket : 1<<14;
3234  }
3235 
3236  if (connection_counts_as_relayed_traffic(conn, now)) {
3237  size_t relayed = token_bucket_rw_get_read(&global_relayed_bucket);
3238  global_bucket_val = MIN(global_bucket_val, relayed);
3239  }
3240 
3241  return connection_bucket_get_share(base, priority,
3242  global_bucket_val, conn_bucket);
3243 }
3244 
3245 /** How many bytes at most can we write onto this connection? */
3246 ssize_t
3248 {
3249  int base = RELAY_PAYLOAD_SIZE;
3250  int priority = conn->type != CONN_TYPE_DIR;
3251  size_t conn_bucket = conn->outbuf_flushlen;
3252  size_t global_bucket_val = token_bucket_rw_get_write(&global_bucket);
3253 
3254  if (!connection_is_rate_limited(conn)) {
3255  /* be willing to write to local conns even if our buckets are empty */
3256  return conn->outbuf_flushlen;
3257  }
3258 
3259  if (connection_speaks_cells(conn)) {
3260  /* use the per-conn write limit if it's lower */
3261  or_connection_t *or_conn = TO_OR_CONN(conn);
3262  if (conn->state == OR_CONN_STATE_OPEN)
3263  conn_bucket = MIN(conn_bucket,
3264  token_bucket_rw_get_write(&or_conn->bucket));
3265  base = get_cell_network_size(or_conn->wide_circ_ids);
3266  }
3267 
3268  if (connection_counts_as_relayed_traffic(conn, now)) {
3269  size_t relayed = token_bucket_rw_get_write(&global_relayed_bucket);
3270  global_bucket_val = MIN(global_bucket_val, relayed);
3271  }
3272 
3273  return connection_bucket_get_share(base, priority,
3274  global_bucket_val, conn_bucket);
3275 }
3276 
3277 /** Return true iff the global write buckets are low enough that we
3278  * shouldn't send <b>attempt</b> bytes of low-priority directory stuff
3279  * out to <b>conn</b>.
3280  *
3281  * If we are a directory authority, always answer dir requests thus true is
3282  * always returned.
3283  *
3284  * Note: There are a lot of parameters we could use here:
3285  * - global_relayed_write_bucket. Low is bad.
3286  * - global_write_bucket. Low is bad.
3287  * - bandwidthrate. Low is bad.
3288  * - bandwidthburst. Not a big factor?
3289  * - attempt. High is bad.
3290  * - total bytes queued on outbufs. High is bad. But I'm wary of
3291  * using this, since a few slow-flushing queues will pump up the
3292  * number without meaning what we meant to mean. What we really
3293  * mean is "total directory bytes added to outbufs recently", but
3294  * that's harder to quantify and harder to keep track of.
3295  */
3296 bool
3298 {
3299  size_t smaller_bucket =
3300  MIN(token_bucket_rw_get_write(&global_bucket),
3301  token_bucket_rw_get_write(&global_relayed_bucket));
3302 
3303  /* Special case for authorities (directory only). */
3304  if (authdir_mode_v3(get_options())) {
3305  /* Are we configured to possibly reject requests under load? */
3307  /* Answer request no matter what. */
3308  return false;
3309  }
3310  /* Always answer requests from a known relay which includes the other
3311  * authorities. The following looks up the addresses for relays that we
3312  * have their descriptor _and_ any configured trusted directories. */
3314  return false;
3315  }
3316  }
3317 
3318  if (!connection_is_rate_limited(conn))
3319  return false; /* local conns don't get limited */
3320 
3321  if (smaller_bucket < attempt)
3322  return true; /* not enough space. */
3323 
3324  {
3325  const time_t diff = approx_time() - write_buckets_last_empty_at;
3326  if (diff <= 1)
3327  return true; /* we're already hitting our limits, no more please */
3328  }
3329  return false;
3330 }
3331 
3332 /** When did we last tell the accounting subsystem about transmitted
3333  * bandwidth? */
3335 
3336 /** Helper: adjusts our bandwidth history and informs the controller as
3337  * appropriate, given that we have just read <b>num_read</b> bytes and written
3338  * <b>num_written</b> bytes on <b>conn</b>. */
3339 static void
3341  time_t now, size_t num_read, size_t num_written)
3342 {
3343  /* Count bytes of answering direct and tunneled directory requests */
3344  if (conn->type == CONN_TYPE_DIR && conn->purpose == DIR_PURPOSE_SERVER) {
3345  if (num_read > 0)
3346  rep_hist_note_dir_bytes_read(num_read, now);
3347  if (num_written > 0)
3348  rep_hist_note_dir_bytes_written(num_written, now);
3349  }
3350 
3351  /* Linked connections and internal IPs aren't counted for statistics or
3352  * accounting:
3353  * - counting linked connections would double-count BEGINDIR bytes, because
3354  * they are sent as Dir bytes on the linked connection, and OR bytes on
3355  * the OR connection;
3356  * - relays and clients don't connect to internal IPs, unless specifically
3357  * configured to do so. If they are configured that way, we don't count
3358  * internal bytes.
3359  */
3360  if (!connection_is_rate_limited(conn))
3361  return;
3362 
3363  if (conn->type == CONN_TYPE_OR)
3365  num_written, now);
3366 
3367  if (num_read > 0) {
3368  rep_hist_note_bytes_read(num_read, now);
3369  }
3370  if (num_written > 0) {
3371  rep_hist_note_bytes_written(num_written, now);
3372  }
3373  if (conn->type == CONN_TYPE_EXIT)
3374  rep_hist_note_exit_bytes(conn->port, num_written, num_read);
3375 
3376  /* Remember these bytes towards statistics. */
3377  stats_increment_bytes_read_and_written(num_read, num_written);
3378 
3379  /* Remember these bytes towards accounting. */
3382  accounting_add_bytes(num_read, num_written,
3383  (int)(now - last_recorded_accounting_at));
3384  } else {
3385  accounting_add_bytes(num_read, num_written, 0);
3386  }
3388  }
3389 }
3390 
3391 /** We just read <b>num_read</b> and wrote <b>num_written</b> bytes
3392  * onto <b>conn</b>. Decrement buckets appropriately. */
3393 static void
3395  size_t num_read, size_t num_written)
3396 {
3397  if (num_written >= INT_MAX || num_read >= INT_MAX) {
3398  log_err(LD_BUG, "Value out of range. num_read=%lu, num_written=%lu, "
3399  "connection type=%s, state=%s",
3400  (unsigned long)num_read, (unsigned long)num_written,
3401  conn_type_to_string(conn->type),
3402  conn_state_to_string(conn->type, conn->state));
3403  tor_assert_nonfatal_unreached();
3404  if (num_written >= INT_MAX)
3405  num_written = 1;
3406  if (num_read >= INT_MAX)
3407  num_read = 1;
3408  }
3409 
3410  record_num_bytes_transferred_impl(conn, now, num_read, num_written);
3411 
3412  if (!connection_is_rate_limited(conn))
3413  return; /* local IPs are free */
3414 
3415  unsigned flags = 0;
3416  if (connection_counts_as_relayed_traffic(conn, now)) {
3417  flags = token_bucket_rw_dec(&global_relayed_bucket, num_read, num_written);
3418  }
3419  flags |= token_bucket_rw_dec(&global_bucket, num_read, num_written);
3420 
3421  if (flags & TB_WRITE) {
3423  }
3424  if (connection_speaks_cells(conn) && conn->state == OR_CONN_STATE_OPEN) {
3425  or_connection_t *or_conn = TO_OR_CONN(conn);
3426  token_bucket_rw_dec(&or_conn->bucket, num_read, num_written);
3427  }
3428 }
3429 
3430 /**
3431  * Mark <b>conn</b> as needing to stop reading because bandwidth has been
3432  * exhausted. If <b>is_global_bw</b>, it is closing because global bandwidth
3433  * limit has been exhausted. Otherwise, it is closing because its own
3434  * bandwidth limit has been exhausted.
3435  */
3436 void
3438 {
3439  (void)is_global_bw;
3440  conn->read_blocked_on_bw = 1;
3443 }
3444 
3445 /**
3446  * Mark <b>conn</b> as needing to stop reading because write bandwidth has
3447  * been exhausted. If <b>is_global_bw</b>, it is closing because global
3448  * bandwidth limit has been exhausted. Otherwise, it is closing because its
3449  * own bandwidth limit has been exhausted.
3450 */
3451 void
3453 {
3454  (void)is_global_bw;
3455  conn->write_blocked_on_bw = 1;
3458 }
3459 
3460 /** If we have exhausted our global buckets, or the buckets for conn,
3461  * stop reading. */
3462 void
3464 {
3465  const char *reason;
3466 
3467  if (!connection_is_rate_limited(conn))
3468  return; /* Always okay. */
3469 
3470  int is_global = 1;
3471 
3472  if (token_bucket_rw_get_read(&global_bucket) <= 0) {
3473  reason = "global read bucket exhausted. Pausing.";
3474  } else if (connection_counts_as_relayed_traffic(conn, approx_time()) &&
3475  token_bucket_rw_get_read(&global_relayed_bucket) <= 0) {
3476  reason = "global relayed read bucket exhausted. Pausing.";
3477  } else if (connection_speaks_cells(conn) &&
3478  conn->state == OR_CONN_STATE_OPEN &&
3479  token_bucket_rw_get_read(&TO_OR_CONN(conn)->bucket) <= 0) {
3480  reason = "connection read bucket exhausted. Pausing.";
3481  is_global = false;
3482  } else
3483  return; /* all good, no need to stop it */
3484 
3485  LOG_FN_CONN(conn, (LOG_DEBUG, LD_NET, "%s", reason));
3486  connection_read_bw_exhausted(conn, is_global);
3487 }
3488 
3489 /** If we have exhausted our global buckets, or the buckets for conn,
3490  * stop writing. */
3491 void
3493 {
3494  const char *reason;
3495 
3496  if (!connection_is_rate_limited(conn))
3497  return; /* Always okay. */
3498 
3499  bool is_global = true;
3500  if (token_bucket_rw_get_write(&global_bucket) <= 0) {
3501  reason = "global write bucket exhausted. Pausing.";
3502  } else if (connection_counts_as_relayed_traffic(conn, approx_time()) &&
3503  token_bucket_rw_get_write(&global_relayed_bucket) <= 0) {
3504  reason = "global relayed write bucket exhausted. Pausing.";
3505  } else if (connection_speaks_cells(conn) &&
3506  conn->state == OR_CONN_STATE_OPEN &&
3507  token_bucket_rw_get_write(&TO_OR_CONN(conn)->bucket) <= 0) {
3508  reason = "connection write bucket exhausted. Pausing.";
3509  is_global = false;
3510  } else
3511  return; /* all good, no need to stop it */
3512 
3513  LOG_FN_CONN(conn, (LOG_DEBUG, LD_NET, "%s", reason));
3514  connection_write_bw_exhausted(conn, is_global);
3515 }
3516 
3517 /** Initialize the global buckets to the values configured in the
3518  * options */
3519 void
3521 {
3522  const or_options_t *options = get_options();
3523  const uint32_t now_ts = monotime_coarse_get_stamp();
3524  token_bucket_rw_init(&global_bucket,
3525  (int32_t)options->BandwidthRate,
3526  (int32_t)options->BandwidthBurst,
3527  now_ts);
3528  if (options->RelayBandwidthRate) {
3529  token_bucket_rw_init(&global_relayed_bucket,
3530  (int32_t)options->RelayBandwidthRate,
3531  (int32_t)options->RelayBandwidthBurst,
3532  now_ts);
3533  } else {
3534  token_bucket_rw_init(&global_relayed_bucket,
3535  (int32_t)options->BandwidthRate,
3536  (int32_t)options->BandwidthBurst,
3537  now_ts);
3538  }
3539 
3541 }
3542 
3543 /** Update the global connection bucket settings to a new value. */
3544 void
3546 {
3547  token_bucket_rw_adjust(&global_bucket,
3548  (int32_t)options->BandwidthRate,
3549  (int32_t)options->BandwidthBurst);
3550  if (options->RelayBandwidthRate) {
3551  token_bucket_rw_adjust(&global_relayed_bucket,
3552  (int32_t)options->RelayBandwidthRate,
3553  (int32_t)options->RelayBandwidthBurst);
3554  } else {
3555  token_bucket_rw_adjust(&global_relayed_bucket,
3556  (int32_t)options->BandwidthRate,
3557  (int32_t)options->BandwidthBurst);
3558  }
3559 }
3560 
3561 /**
3562  * Cached value of the last coarse-timestamp when we refilled the
3563  * global buckets.
3564  */
3566 /**
3567  * Refill the token buckets for a single connection <b>conn</b>, and the
3568  * global token buckets as appropriate. Requires that <b>now_ts</b> is
3569  * the time in coarse timestamp units.
3570  */
3571 static void
3573 {
3574  /* Note that we only check for equality here: the underlying
3575  * token bucket functions can handle moving backwards in time if they
3576  * need to. */
3577  if (now_ts != last_refilled_global_buckets_ts) {
3578  token_bucket_rw_refill(&global_bucket, now_ts);
3579  token_bucket_rw_refill(&global_relayed_bucket, now_ts);
3581  }
3582 
3583  if (connection_speaks_cells(conn) && conn->state == OR_CONN_STATE_OPEN) {
3584  or_connection_t *or_conn = TO_OR_CONN(conn);
3585  token_bucket_rw_refill(&or_conn->bucket, now_ts);
3586  }
3587 }
3588 
3589 /**
3590  * Event to re-enable all connections that were previously blocked on read or
3591  * write.
3592  */
3594 
3595 /** True iff reenable_blocked_connections_ev is currently scheduled. */
3597 
3598 /** Delay after which to run reenable_blocked_connections_ev. */
3600 
3601 /**
3602  * Re-enable all connections that were previously blocked on read or write.
3603  * This event is scheduled after enough time has elapsed to be sure
3604  * that the buckets will refill when the connections have something to do.
3605  */
3606 static void
3608 {
3609  (void)ev;
3610  (void)arg;
3612  if (conn->read_blocked_on_bw == 1) {
3614  conn->read_blocked_on_bw = 0;
3615  }
3616  if (conn->write_blocked_on_bw == 1) {
3618  conn->write_blocked_on_bw = 0;
3619  }
3620  } SMARTLIST_FOREACH_END(conn);
3621 
3623 }
3624 
3625 /**
3626  * Initialize the mainloop event that we use to wake up connections that
3627  * find themselves blocked on bandwidth.
3628  */
3629 static void
3631 {
3636  }
3637  time_t sec = options->TokenBucketRefillInterval / 1000;
3638  int msec = (options->TokenBucketRefillInterval % 1000);
3640  reenable_blocked_connections_delay.tv_usec = msec * 1000;
3641 }
3642 
3643 /**
3644  * Called when we have blocked a connection for being low on bandwidth:
3645  * schedule an event to reenable such connections, if it is not already
3646  * scheduled.
3647  */
3648 static void
3650 {
3652  return;
3653  if (BUG(reenable_blocked_connections_ev == NULL)) {
3655  }
3659 }
3660 
3661 /** Read bytes from conn->s and process them.
3662  *
3663  * It calls connection_buf_read_from_socket() to bring in any new bytes,
3664  * and then calls connection_process_inbuf() to process them.
3665  *
3666  * Mark the connection and return -1 if you want to close it, else
3667  * return 0.
3668  */
3669 static int
3671 {
3672  ssize_t max_to_read=-1, try_to_read;
3673  size_t before, n_read = 0;
3674  int socket_error = 0;
3675 
3676  if (conn->marked_for_close)
3677  return 0; /* do nothing */
3678 
3680 
3682 
3683  switch (conn->type) {
3684  case CONN_TYPE_OR_LISTENER:
3688  case CONN_TYPE_AP_LISTENER:
3698  /* This should never happen; eventdns.c handles the reads here. */
3700  return 0;
3701  }
3702 
3703  loop_again:
3704  try_to_read = max_to_read;
3705  tor_assert(!conn->marked_for_close);
3706 
3707  before = buf_datalen(conn->inbuf);
3708  if (connection_buf_read_from_socket(conn, &max_to_read, &socket_error) < 0) {
3709  /* There's a read error; kill the connection.*/
3710  if (conn->type == CONN_TYPE_OR) {
3712  socket_error != 0 ?
3713  errno_to_orconn_end_reason(socket_error) :
3714  END_OR_CONN_REASON_CONNRESET,
3715  socket_error != 0 ?
3716  tor_socket_strerror(socket_error) :
3717  "(unknown, errno was 0)");
3718  }
3719  if (CONN_IS_EDGE(conn)) {
3720  edge_connection_t *edge_conn = TO_EDGE_CONN(conn);
3721  connection_edge_end_errno(edge_conn);
3722  if (conn->type == CONN_TYPE_AP && TO_ENTRY_CONN(conn)->socks_request) {
3723  /* broken, don't send a socks reply back */
3724  TO_ENTRY_CONN(conn)->socks_request->has_finished = 1;
3725  }
3726  }
3727  connection_close_immediate(conn); /* Don't flush; connection is dead. */
3728  /*
3729  * This can bypass normal channel checking since we did
3730  * connection_or_notify_error() above.
3731  */
3732  connection_mark_for_close_internal(conn);
3733  return -1;
3734  }
3735  n_read += buf_datalen(conn->inbuf) - before;
3736  if (CONN_IS_EDGE(conn) && try_to_read != max_to_read) {
3737  /* instruct it not to try to package partial cells. */
3738  if (connection_process_inbuf(conn, 0) < 0) {
3739  return -1;
3740  }
3741  if (!conn->marked_for_close &&
3742  connection_is_reading(conn) &&
3743  !conn->inbuf_reached_eof &&
3744  max_to_read > 0)
3745  goto loop_again; /* try reading again, in case more is here now */
3746  }
3747  /* one last try, packaging partial cells and all. */
3748  if (!conn->marked_for_close &&
3749  connection_process_inbuf(conn, 1) < 0) {
3750  return -1;
3751  }
3752  if (conn->linked_conn) {
3753  /* The other side's handle_write() will never actually get called, so
3754  * we need to invoke the appropriate callbacks ourself. */
3755  connection_t *linked = conn->linked_conn;
3756 
3757  if (n_read) {
3758  /* Probably a no-op, since linked conns typically don't count for
3759  * bandwidth rate limiting. But do it anyway so we can keep stats
3760  * accurately. Note that since we read the bytes from conn, and
3761  * we're writing the bytes onto the linked connection, we count
3762  * these as <i>written</i> bytes. */
3763  connection_buckets_decrement(linked, approx_time(), 0, n_read);
3764 
3765  if (connection_flushed_some(linked) < 0)
3766  connection_mark_for_close(linked);
3767  if (!connection_wants_to_flush(linked))
3769  }
3770 
3771  if (!buf_datalen(linked->outbuf) && conn->active_on_link)
3773  }
3774  /* If we hit the EOF, call connection_reached_eof(). */
3775  if (!conn->marked_for_close &&
3776  conn->inbuf_reached_eof &&
3777  connection_reached_eof(conn) < 0) {
3778  return -1;
3779  }
3780  return 0;
3781 }
3782 
3783 /* DOCDOC connection_handle_read */
3784 int
3785 connection_handle_read(connection_t *conn)
3786 {
3787  int res;
3788  update_current_time(time(NULL));
3789  res = connection_handle_read_impl(conn);
3790  return res;
3791 }
3792 
3793 /** Pull in new bytes from conn->s or conn->linked_conn onto conn->inbuf,
3794  * either directly or via TLS. Reduce the token buckets by the number of bytes
3795  * read.
3796  *
3797  * If *max_to_read is -1, then decide it ourselves, else go with the
3798  * value passed to us. When returning, if it's changed, subtract the
3799  * number of bytes we read from *max_to_read.
3800  *
3801  * Return -1 if we want to break conn, else return 0.
3802  */
3803 static int
3804 connection_buf_read_from_socket(connection_t *conn, ssize_t *max_to_read,
3805  int *socket_error)
3806 {
3807  int result;
3808  ssize_t at_most = *max_to_read;
3809  size_t slack_in_buf, more_to_read;
3810  size_t n_read = 0, n_written = 0;
3811 
3812  if (at_most == -1) { /* we need to initialize it */
3813  /* how many bytes are we allowed to read? */
3814  at_most = connection_bucket_read_limit(conn, approx_time());
3815  }
3816 
3817  slack_in_buf = buf_slack(conn->inbuf);
3818  again:
3819  if ((size_t)at_most > slack_in_buf && slack_in_buf >= 1024) {
3820  more_to_read = at_most - slack_in_buf;
3821  at_most = slack_in_buf;
3822  } else {
3823  more_to_read = 0;
3824  }
3825 
3826  if (connection_speaks_cells(conn) &&
3828  int pending;
3829  or_connection_t *or_conn = TO_OR_CONN(conn);
3830  size_t initial_size;
3831  if (conn->state == OR_CONN_STATE_TLS_HANDSHAKING ||
3833  /* continue handshaking even if global token bucket is empty */
3834  return connection_tls_continue_handshake(or_conn);
3835  }
3836 
3837  log_debug(LD_NET,
3838  "%d: starting, inbuf_datalen %ld (%d pending in tls object)."
3839  " at_most %ld.",
3840  (int)conn->s,(long)buf_datalen(conn->inbuf),
3841  tor_tls_get_pending_bytes(or_conn->tls), (long)at_most);
3842 
3843  initial_size = buf_datalen(conn->inbuf);
3844  /* else open, or closing */
3845  result = buf_read_from_tls(conn->inbuf, or_conn->tls, at_most);
3846  if (TOR_TLS_IS_ERROR(result) || result == TOR_TLS_CLOSE)
3847  or_conn->tls_error = result;
3848  else
3849  or_conn->tls_error = 0;
3850 
3851  switch (result) {
3852  case TOR_TLS_CLOSE:
3853  case TOR_TLS_ERROR_IO:
3854  log_debug(LD_NET,"TLS connection closed %son read. Closing. "
3855  "(Nickname %s, address %s)",
3856  result == TOR_TLS_CLOSE ? "cleanly " : "",
3857  or_conn->nickname ? or_conn->nickname : "not set",
3858  conn->address);
3859  return result;
3861  log_debug(LD_NET,"tls error [%s]. breaking (nickname %s, address %s).",
3862  tor_tls_err_to_string(result),
3863  or_conn->nickname ? or_conn->nickname : "not set",
3864  conn->address);
3865  return result;
3866  case TOR_TLS_WANTWRITE:
3868  return 0;
3869  case TOR_TLS_WANTREAD:
3870  if (conn->in_connection_handle_write) {
3871  /* We've been invoked from connection_handle_write, because we're
3872  * waiting for a TLS renegotiation, the renegotiation started, and
3873  * SSL_read returned WANTWRITE. But now SSL_read is saying WANTREAD
3874  * again. Stop waiting for write events now, or else we'll
3875  * busy-loop until data arrives for us to read.
3876  * XXX: remove this when v2 handshakes support is dropped. */
3878  if (!connection_is_reading(conn))
3880  }
3881  /* we're already reading, one hopes */
3882  break;
3883  case TOR_TLS_DONE: /* no data read, so nothing to process */
3884  break; /* so we call bucket_decrement below */
3885  default:
3886  break;
3887  }
3888  pending = tor_tls_get_pending_bytes(or_conn->tls);
3889  if (pending) {
3890  /* If we have any pending bytes, we read them now. This *can*
3891  * take us over our read allotment, but really we shouldn't be
3892  * believing that SSL bytes are the same as TCP bytes anyway. */
3893  int r2 = buf_read_from_tls(conn->inbuf, or_conn->tls, pending);
3894  if (BUG(r2<0)) {
3895  log_warn(LD_BUG, "apparently, reading pending bytes can fail.");
3896  return -1;
3897  }
3898  }
3899  result = (int)(buf_datalen(conn->inbuf)-initial_size);
3900  tor_tls_get_n_raw_bytes(or_conn->tls, &n_read, &n_written);
3901  log_debug(LD_GENERAL, "After TLS read of %d: %ld read, %ld written",
3902  result, (long)n_read, (long)n_written);
3903  } else if (conn->linked) {
3904  if (conn->linked_conn) {
3905  result = buf_move_to_buf(conn->inbuf, conn->linked_conn->outbuf,
3906  &conn->linked_conn->outbuf_flushlen);
3907  if (BUG(result<0)) {
3908  log_warn(LD_BUG, "reading from linked connection buffer failed.");
3909  return -1;
3910  }
3911  } else {
3912  result = 0;
3913  }
3914  //log_notice(LD_GENERAL, "Moved %d bytes on an internal link!", result);
3915  /* If the other side has disappeared, or if it's been marked for close and
3916  * we flushed its outbuf, then we should set our inbuf_reached_eof. */
3917  if (!conn->linked_conn ||
3918  (conn->linked_conn->marked_for_close &&
3919  buf_datalen(conn->linked_conn->outbuf) == 0))
3920  conn->inbuf_reached_eof = 1;
3921 
3922  n_read = (size_t) result;
3923  } else {
3924  /* !connection_speaks_cells, !conn->linked_conn. */
3925  int reached_eof = 0;
3926  CONN_LOG_PROTECT(conn,
3927  result = buf_read_from_socket(conn->inbuf, conn->s,
3928  at_most,
3929  &reached_eof,
3930  socket_error));
3931  if (reached_eof)
3932  conn->inbuf_reached_eof = 1;
3933 
3934 // log_fn(LOG_DEBUG,"read_to_buf returned %d.",read_result);
3935 
3936  if (result < 0)
3937  return -1;
3938  n_read = (size_t) result;
3939  }
3940 
3941  if (n_read > 0) {
3942  /* change *max_to_read */
3943  *max_to_read = at_most - n_read;
3944 
3945  /* Update edge_conn->n_read */
3946  if (conn->type == CONN_TYPE_AP) {
3947  edge_connection_t *edge_conn = TO_EDGE_CONN(conn);
3948 
3949  /* Check for overflow: */
3950  if (PREDICT_LIKELY(UINT32_MAX - edge_conn->n_read > n_read))
3951  edge_conn->n_read += (int)n_read;
3952  else
3953  edge_conn->n_read = UINT32_MAX;
3954  }
3955 
3956  /* If CONN_BW events are enabled, update conn->n_read_conn_bw for
3957  * OR/DIR/EXIT connections, checking for overflow. */
3959  (conn->type == CONN_TYPE_OR ||
3960  conn->type == CONN_TYPE_DIR ||
3961  conn->type == CONN_TYPE_EXIT)) {
3962  if (PREDICT_LIKELY(UINT32_MAX - conn->n_read_conn_bw > n_read))
3963  conn->n_read_conn_bw += (int)n_read;
3964  else
3965  conn->n_read_conn_bw = UINT32_MAX;
3966  }
3967  }
3968 
3969  connection_buckets_decrement(conn, approx_time(), n_read, n_written);
3970 
3971  if (more_to_read && result == at_most) {
3972  slack_in_buf = buf_slack(conn->inbuf);
3973  at_most = more_to_read;
3974  goto again;
3975  }
3976 
3977  /* Call even if result is 0, since the global read bucket may
3978  * have reached 0 on a different conn, and this connection needs to
3979  * know to stop reading. */
3981  if (n_written > 0 && connection_is_writing(conn))
3983 
3984  return 0;
3985 }
3986 
3987 /** A pass-through to fetch_from_buf. */
3988 int
3989 connection_buf_get_bytes(char *string, size_t len, connection_t *conn)
3990 {
3991  return buf_get_bytes(conn->inbuf, string, len);
3992 }
3993 
3994 /** As buf_get_line(), but read from a connection's input buffer. */
3995 int
3997  size_t *data_len)
3998 {
3999  return buf_get_line(conn->inbuf, data, data_len);
4000 }
4001 
4002 /** As fetch_from_buf_http, but fetches from a connection's input buffer_t as
4003  * appropriate. */
4004 int
4006  char **headers_out, size_t max_headerlen,
4007  char **body_out, size_t *body_used,
4008  size_t max_bodylen, int force_complete)
4009 {
4010  return fetch_from_buf_http(conn->inbuf, headers_out, max_headerlen,
4011  body_out, body_used, max_bodylen, force_complete);
4012 }
4013 
4014 /** Return conn->outbuf_flushlen: how many bytes conn wants to flush
4015  * from its outbuf. */
4016 int
4018 {
4019  return conn->outbuf_flushlen > 0;
4020 }
4021 
4022 /** Are there too many bytes on edge connection <b>conn</b>'s outbuf to
4023  * send back a relay-level sendme yet? Return 1 if so, 0 if not. Used by
4024  * connection_edge_consider_sending_sendme().
4025  */
4026 int
4028 {
4029  return (conn->outbuf_flushlen > 10*CELL_PAYLOAD_SIZE);
4030 }
4031 
4032 /**
4033  * On Windows Vista and Windows 7, tune the send buffer size according to a
4034  * hint from the OS.
4035  *
4036  * This should help fix slow upload rates.
4037  */
4038 static void
4040 {
4041 #ifdef _WIN32
4042  /* We only do this on Vista and 7, because earlier versions of Windows
4043  * don't have the SIO_IDEAL_SEND_BACKLOG_QUERY functionality, and on
4044  * later versions it isn't necessary. */
4045  static int isVistaOr7 = -1;
4046  if (isVistaOr7 == -1) {
4047  isVistaOr7 = 0;
4048  OSVERSIONINFO osvi = { 0 };
4049  osvi.dwOSVersionInfoSize = sizeof(OSVERSIONINFO);
4050  GetVersionEx(&osvi);
4051  if (osvi.dwMajorVersion == 6 && osvi.dwMinorVersion < 2)
4052  isVistaOr7 = 1;
4053  }
4054  if (!isVistaOr7)
4055  return;
4056  if (get_options()->ConstrainedSockets)
4057  return;
4058  ULONG isb = 0;
4059  DWORD bytesReturned = 0;
4060  if (!WSAIoctl(sock, SIO_IDEAL_SEND_BACKLOG_QUERY, NULL, 0,
4061  &isb, sizeof(isb), &bytesReturned, NULL, NULL)) {
4062  setsockopt(sock, SOL_SOCKET, SO_SNDBUF, (const char*)&isb, sizeof(isb));
4063  }
4064 #else /* !defined(_WIN32) */
4065  (void) sock;
4066 #endif /* defined(_WIN32) */
4067 }
4068 
4069 /** Try to flush more bytes onto <b>conn</b>->s.
4070  *
4071  * This function is called in connection_handle_write(), which gets
4072  * called from conn_write_callback() in main.c when libevent tells us
4073  * that <b>conn</b> wants to write.
4074  *
4075  * Update <b>conn</b>->timestamp_last_write_allowed to now, and call flush_buf
4076  * or flush_buf_tls appropriately. If it succeeds and there are no more
4077  * more bytes on <b>conn</b>->outbuf, then call connection_finished_flushing
4078  * on it too.
4079  *
4080  * If <b>force</b>, then write as many bytes as possible, ignoring bandwidth
4081  * limits. (Used for flushing messages to controller connections on fatal
4082  * errors.)
4083  *
4084  * Mark the connection and return -1 if you want to close it, else
4085  * return 0.
4086  */
4087 static int
4089 {
4090  int e;
4091  socklen_t len=(socklen_t)sizeof(e);
4092  int result;
4093  ssize_t max_to_write;
4094  time_t now = approx_time();
4095  size_t n_read = 0, n_written = 0;
4096  int dont_stop_writing = 0;
4097 
4099 
4100  if (conn->marked_for_close || !SOCKET_OK(conn->s))
4101  return 0; /* do nothing */
4102 
4103  if (conn->in_flushed_some) {
4104  log_warn(LD_BUG, "called recursively from inside conn->in_flushed_some");
4105  return 0;
4106  }
4107 
4108  conn->timestamp_last_write_allowed = now;
4109 
4111 
4112  /* Sometimes, "writable" means "connected". */
4113  if (connection_state_is_connecting(conn)) {
4114  if (getsockopt(conn->s, SOL_SOCKET, SO_ERROR, (void*)&e, &len) < 0) {
4115  log_warn(LD_BUG, "getsockopt() syscall failed");
4116  if (conn->type == CONN_TYPE_OR) {
4117  or_connection_t *orconn = TO_OR_CONN(conn);
4118  connection_or_close_for_error(orconn, 0);
4119  } else {
4120  if (CONN_IS_EDGE(conn)) {
4122  }
4123  connection_mark_for_close(conn);
4124  }
4125  return -1;
4126  }
4127  if (e) {
4128  /* some sort of error, but maybe just inprogress still */
4129  if (!ERRNO_IS_CONN_EINPROGRESS(e)) {
4130  log_info(LD_NET,"in-progress connect failed. Removing. (%s)",
4131  tor_socket_strerror(e));
4132  if (CONN_IS_EDGE(conn))
4134  if (conn->type == CONN_TYPE_OR)
4137  tor_socket_strerror(e));
4138 
4140  /*
4141  * This can bypass normal channel checking since we did
4142  * connection_or_notify_error() above.
4143  */
4144  connection_mark_for_close_internal(conn);
4145  return -1;
4146  } else {
4147  return 0; /* no change, see if next time is better */
4148  }
4149  }
4150  /* The connection is successful. */
4151  if (connection_finished_connecting(conn)<0)
4152  return -1;
4153  }
4154 
4155  max_to_write = force ? (ssize_t)conn->outbuf_flushlen
4156  : connection_bucket_write_limit(conn, now);
4157 
4158  if (connection_speaks_cells(conn) &&
4160  or_connection_t *or_conn = TO_OR_CONN(conn);
4161  size_t initial_size;
4162  if (conn->state == OR_CONN_STATE_TLS_HANDSHAKING ||
4165  if (connection_tls_continue_handshake(or_conn) < 0) {
4166  /* Don't flush; connection is dead. */
4168  END_OR_CONN_REASON_MISC,
4169  "TLS error in connection_tls_"
4170  "continue_handshake()");
4172  /*
4173  * This can bypass normal channel checking since we did
4174  * connection_or_notify_error() above.
4175  */
4176  connection_mark_for_close_internal(conn);
4177  return -1;
4178  }
4179  return 0;
4180  } else if (conn->state == OR_CONN_STATE_TLS_SERVER_RENEGOTIATING) {
4181  return connection_handle_read(conn);
4182  }
4183 
4184  /* else open, or closing */
4185  initial_size = buf_datalen(conn->outbuf);
4186  result = buf_flush_to_tls(conn->outbuf, or_conn->tls,
4187  max_to_write, &conn->outbuf_flushlen);
4188 
4189  if (result >= 0)
4190  update_send_buffer_size(conn->s);
4191 
4192  /* If we just flushed the last bytes, tell the channel on the
4193  * or_conn to check if it needs to geoip_change_dirreq_state() */
4194  /* XXXX move this to flushed_some or finished_flushing -NM */
4195  if (buf_datalen(conn->outbuf) == 0 && or_conn->chan)
4196  channel_notify_flushed(TLS_CHAN_TO_BASE(or_conn->chan));
4197 
4198  switch (result) {
4200  case TOR_TLS_CLOSE:
4201  log_info(LD_NET, result != TOR_TLS_CLOSE ?
4202  "tls error. breaking.":"TLS connection closed on flush");
4203  /* Don't flush; connection is dead. */
4205  END_OR_CONN_REASON_MISC,
4206  result != TOR_TLS_CLOSE ?
4207  "TLS error in during flush" :
4208  "TLS closed during flush");
4210  /*
4211  * This can bypass normal channel checking since we did
4212  * connection_or_notify_error() above.
4213  */
4214  connection_mark_for_close_internal(conn);
4215  return -1;
4216  case TOR_TLS_WANTWRITE:
4217  log_debug(LD_NET,"wanted write.");
4218  /* we're already writing */
4219  dont_stop_writing = 1;
4220  break;
4221  case TOR_TLS_WANTREAD:
4222  /* Make sure to avoid a loop if the receive buckets are empty. */
4223  log_debug(LD_NET,"wanted read.");
4224  if (!connection_is_reading(conn)) {
4225  connection_write_bw_exhausted(conn, true);
4226  /* we'll start reading again when we get more tokens in our
4227  * read bucket; then we'll start writing again too.
4228  */
4229  }
4230  /* else no problem, we're already reading */
4231  return 0;
4232  /* case TOR_TLS_DONE:
4233  * for TOR_TLS_DONE, fall through to check if the flushlen
4234  * is empty, so we can stop writing.
4235  */
4236  }
4237 
4238  tor_tls_get_n_raw_bytes(or_conn->tls, &n_read, &n_written);
4239  log_debug(LD_GENERAL, "After TLS write of %d: %ld read, %ld written",
4240  result, (long)n_read, (long)n_written);
4241  or_conn->bytes_xmitted += result;
4242  or_conn->bytes_xmitted_by_tls += n_written;
4243  /* So we notice bytes were written even on error */
4244  /* XXXX This cast is safe since we can never write INT_MAX bytes in a
4245  * single set of TLS operations. But it looks kinda ugly. If we refactor
4246  * the *_buf_tls functions, we should make them return ssize_t or size_t
4247  * or something. */
4248  result = (int)(initial_size-buf_datalen(conn->outbuf));
4249  } else {
4250  CONN_LOG_PROTECT(conn,
4251  result = buf_flush_to_socket(conn->outbuf, conn->s,
4252  max_to_write, &conn->outbuf_flushlen));
4253  if (result < 0) {
4254  if (CONN_IS_EDGE(conn))
4256  if (conn->type == CONN_TYPE_AP) {
4257  /* writing failed; we couldn't send a SOCKS reply if we wanted to */
4258  TO_ENTRY_CONN(conn)->socks_request->has_finished = 1;
4259  }
4260 
4261  connection_close_immediate(conn); /* Don't flush; connection is dead. */
4262  connection_mark_for_close(conn);
4263  return -1;
4264  }
4265  update_send_buffer_size(conn->s);
4266  n_written = (size_t) result;
4267  }
4268 
4269  if (n_written && conn->type == CONN_TYPE_AP) {
4270  edge_connection_t *edge_conn = TO_EDGE_CONN(conn);
4271 
4272  /* Check for overflow: */
4273  if (PREDICT_LIKELY(UINT32_MAX - edge_conn->n_written > n_written))
4274  edge_conn->n_written += (int)n_written;
4275  else
4276  edge_conn->n_written = UINT32_MAX;
4277  }
4278 
4279  /* If CONN_BW events are enabled, update conn->n_written_conn_bw for
4280  * OR/DIR/EXIT connections, checking for overflow. */
4281  if (n_written && get_options()->TestingEnableConnBwEvent &&
4282  (conn->type == CONN_TYPE_OR ||
4283  conn->type == CONN_TYPE_DIR ||
4284  conn->type == CONN_TYPE_EXIT)) {
4285  if (PREDICT_LIKELY(UINT32_MAX - conn->n_written_conn_bw > n_written))
4286  conn->n_written_conn_bw += (int)n_written;
4287  else
4288  conn->n_written_conn_bw = UINT32_MAX;
4289  }
4290 
4291  connection_buckets_decrement(conn, approx_time(), n_read, n_written);
4292 
4293  if (result > 0) {
4294  /* If we wrote any bytes from our buffer, then call the appropriate
4295  * functions. */
4296  if (connection_flushed_some(conn) < 0) {
4297  if (connection_speaks_cells(conn)) {
4299  END_OR_CONN_REASON_MISC,
4300  "Got error back from "
4301  "connection_flushed_some()");
4302  }
4303 
4304  /*
4305  * This can bypass normal channel checking since we did
4306  * connection_or_notify_error() above.
4307  */
4308  connection_mark_for_close_internal(conn);
4309  }
4310  }
4311 
4312  if (!connection_wants_to_flush(conn) &&
4313  !dont_stop_writing) { /* it's done flushing */
4314  if (connection_finished_flushing(conn) < 0) {
4315  /* already marked */
4316  return -1;
4317  }
4318  return 0;
4319  }
4320 
4321  /* Call even if result is 0, since the global write bucket may
4322  * have reached 0 on a different conn, and this connection needs to
4323  * know to stop writing. */
4325  if (n_read > 0 && connection_is_reading(conn))
4327 
4328  return 0;
4329 }
4330 
4331 /* DOCDOC connection_handle_write */
4332 int
4333 connection_handle_write(connection_t *conn, int force)
4334 {
4335  int res;
4336  update_current_time(time(NULL));
4337  /* connection_handle_write_impl() might call connection_handle_read()
4338  * if we're in the middle of a v2 handshake, in which case it needs this
4339  * flag set. */
4340  conn->in_connection_handle_write = 1;
4341  res = connection_handle_write_impl(conn, force);
4342  conn->in_connection_handle_write = 0;
4343  return res;
4344 }
4345 
4346 /**
4347  * Try to flush data that's waiting for a write on <b>conn</b>. Return
4348  * -1 on failure, 0 on success.
4349  *
4350  * Don't use this function for regular writing; the buffers
4351  * system should be good enough at scheduling writes there. Instead, this
4352  * function is for cases when we're about to exit or something and we want
4353  * to report it right away.
4354  */
4355 int
4357 {
4358  return connection_handle_write(conn, 1);
4359 }
4360 
4361 /** Helper for connection_write_to_buf_impl and connection_write_buf_to_buf:
4362  *
4363  * Return true iff it is okay to queue bytes on <b>conn</b>'s outbuf for
4364  * writing.
4365  */
4366 static int
4368 {
4369  /* if it's marked for close, only allow write if we mean to flush it */
4370  if (conn->marked_for_close && !conn->hold_open_until_flushed)
4371  return 0;
4372 
4373  return 1;
4374 }
4375 
4376 /** Helper for connection_write_to_buf_impl and connection_write_buf_to_buf:
4377  *
4378  * Called when an attempt to add bytes on <b>conn</b>'s outbuf has failed;
4379  * mark the connection and warn as appropriate.
4380  */
4381 static void
4383 {
4384  if (CONN_IS_EDGE(conn)) {
4385  /* if it failed, it means we have our package/delivery windows set
4386  wrong compared to our max outbuf size. close the whole circuit. */
4387  log_warn(LD_NET,
4388  "write_to_buf failed. Closing circuit (fd %d).", (int)conn->s);
4389  circuit_mark_for_close(circuit_get_by_edge_conn(TO_EDGE_CONN(conn)),
4390  END_CIRC_REASON_INTERNAL);
4391  } else if (conn->type == CONN_TYPE_OR) {
4392  or_connection_t *orconn = TO_OR_CONN(conn);
4393  log_warn(LD_NET,
4394  "write_to_buf failed on an orconn; notifying of error "
4395  "(fd %d)", (int)(conn->s));
4396  connection_or_close_for_error(orconn, 0);
4397  } else {
4398  log_warn(LD_NET,
4399  "write_to_buf failed. Closing connection (fd %d).",
4400  (int)conn->s);
4401  connection_mark_for_close(conn);
4402  }
4403 }
4404 
4405 /** Helper for connection_write_to_buf_impl and connection_write_buf_to_buf:
4406  *
4407  * Called when an attempt to add bytes on <b>conn</b>'s outbuf has succeeded:
4408  * record the number of bytes added.
4409  */
4410 static void
4412 {
4413  /* If we receive optimistic data in the EXIT_CONN_STATE_RESOLVING
4414  * state, we don't want to try to write it right away, since
4415  * conn->write_event won't be set yet. Otherwise, write data from
4416  * this conn as the socket is available. */
4417  if (conn->write_event) {
4419  }
4420  conn->outbuf_flushlen += len;
4421 }
4422 
4423 /** Append <b>len</b> bytes of <b>string</b> onto <b>conn</b>'s
4424  * outbuf, and ask it to start writing.
4425  *
4426  * If <b>zlib</b> is nonzero, this is a directory connection that should get
4427  * its contents compressed or decompressed as they're written. If zlib is
4428  * negative, this is the last data to be compressed, and the connection's zlib
4429  * state should be flushed.
4430  */
4431 MOCK_IMPL(void,
4432 connection_write_to_buf_impl_,(const char *string, size_t len,
4433  connection_t *conn, int zlib))
4434 {
4435  /* XXXX This function really needs to return -1 on failure. */
4436  int r;
4437  if (!len && !(zlib<0))
4438  return;
4439 
4440  if (!connection_may_write_to_buf(conn))
4441  return;
4442 
4443  size_t written;
4444 
4445  if (zlib) {
4446  size_t old_datalen = buf_datalen(conn->outbuf);
4447  dir_connection_t *dir_conn = TO_DIR_CONN(conn);
4448  int done = zlib < 0;
4449  CONN_LOG_PROTECT(conn, r = buf_add_compress(conn->outbuf,
4450  dir_conn->compress_state,
4451  string, len, done));
4452  written = buf_datalen(conn->outbuf) - old_datalen;
4453  } else {
4454  CONN_LOG_PROTECT(conn, r = buf_add(conn->outbuf, string, len));
4455  written = len;
4456  }
4457  if (r < 0) {
4459  return;
4460  }
4461  connection_write_to_buf_commit(conn, written);
4462 }
4463 
4464 /**
4465  * Write a <b>string</b> (of size <b>len</b> to directory connection
4466  * <b>dir_conn</b>. Apply compression if connection is configured to use
4467  * it and finalize it if <b>done</b> is true.
4468  */
4469 void
4470 connection_dir_buf_add(const char *string, size_t len,
4471  dir_connection_t *dir_conn, int done)
4472 {
4473  if (dir_conn->compress_state != NULL) {
4474  connection_buf_add_compress(string, len, dir_conn, done);
4475  return;
4476  }
4477 
4478  connection_buf_add(string, len, TO_CONN(dir_conn));
4479 }
4480 
4481 void
4482 connection_buf_add_compress(const char *string, size_t len,
4483  dir_connection_t *conn, int done)
4484 {
4485  connection_write_to_buf_impl_(string, len, TO_CONN(conn), done ? -1 : 1);
4486 }
4487 
4488 /**
4489  * Add all bytes from <b>buf</b> to <b>conn</b>'s outbuf, draining them
4490  * from <b>buf</b>. (If the connection is marked and will soon be closed,
4491  * nothing is drained.)
4492  */
4493 void
4495 {
4496  tor_assert(conn);
4497  tor_assert(buf);
4498  size_t len = buf_datalen(buf);
4499  if (len == 0)
4500  return;
4501 
4502  if (!connection_may_write_to_buf(conn))
4503  return;
4504 
4505  buf_move_all(conn->outbuf, buf);
4506  connection_write_to_buf_commit(conn, len);
4507 }
4508 
4509 #define CONN_GET_ALL_TEMPLATE(var, test) \
4510  STMT_BEGIN \
4511  smartlist_t *conns = get_connection_array(); \
4512  smartlist_t *ret_conns = smartlist_new(); \
4513  SMARTLIST_FOREACH_BEGIN(conns, connection_t *, var) { \
4514  if (var && (test) && !var->marked_for_close) \
4515  smartlist_add(ret_conns, var); \
4516  } SMARTLIST_FOREACH_END(var); \
4517  return ret_conns; \
4518  STMT_END
4519 
4520 /* Return a list of connections that aren't close and matches the given type
4521  * and state. The returned list can be empty and must be freed using
4522  * smartlist_free(). The caller does NOT have ownership of the objects in the
4523  * list so it must not free them nor reference them as they can disappear. */
4524 smartlist_t *
4525 connection_list_by_type_state(int type, int state)
4526 {
4527  CONN_GET_ALL_TEMPLATE(conn, (conn->type == type && conn->state == state));
4528 }
4529 
4530 /* Return a list of connections that aren't close and matches the given type
4531  * and purpose. The returned list can be empty and must be freed using
4532  * smartlist_free(). The caller does NOT have ownership of the objects in the
4533  * list so it must not free them nor reference them as they can disappear. */
4534 smartlist_t *
4535 connection_list_by_type_purpose(int type, int purpose)
4536 {
4537  CONN_GET_ALL_TEMPLATE(conn,
4538  (conn->type == type && conn->purpose == purpose));
4539 }
4540 
4541 /** Return a connection_t * from get_connection_array() that satisfies test on
4542  * var, and that is not marked for close. */
4543 #define CONN_GET_TEMPLATE(var, test) \
4544  STMT_BEGIN \
4545  smartlist_t *conns = get_connection_array(); \
4546  SMARTLIST_FOREACH(conns, connection_t *, var, \
4547  { \
4548  if (var && (test) && !var->marked_for_close) \
4549  return var; \
4550  }); \
4551  return NULL; \
4552  STMT_END
4553 
4554 /** Return a connection with given type, address, port, and purpose;
4555  * or NULL if no such connection exists (or if all such connections are marked
4556  * for close). */
4559  const tor_addr_t *addr, uint16_t port,
4560  int purpose))
4561 {
4562  CONN_GET_TEMPLATE(conn,
4563  (conn->type == type &&
4564  tor_addr_eq(&conn->addr, addr) &&
4565  conn->port == port &&
4566  conn->purpose == purpose));
4567 }
4568 
4569 /** Return the stream with id <b>id</b> if it is not already marked for
4570  * close.
4571  */
4572 connection_t *
4574 {
4575  CONN_GET_TEMPLATE(conn, conn->global_identifier == id);
4576 }
4577 
4578 /** Return a connection of type <b>type</b> that is not marked for close.
4579  */
4580 connection_t *
4582 {
4583  CONN_GET_TEMPLATE(conn, conn->type == type);
4584 }
4585 
4586 /** Return a connection of type <b>type</b> that is in state <b>state</b>,
4587  * and that is not marked for close.
4588  */
4589 connection_t *
4590 connection_get_by_type_state(int type, int state)
4591 {
4592  CONN_GET_TEMPLATE(conn, conn->type == type && conn->state == state);
4593 }
4594 
4595 /**
4596  * Return a connection of type <b>type</b> that is not an internally linked
4597  * connection, and is not marked for close.
4598  **/
4601 {
4602  CONN_GET_TEMPLATE(conn, conn->type == type && !conn->linked);
4603 }
4604 
4605 /** Return a connection of type <b>type</b> that has rendquery equal
4606  * to <b>rendquery</b>, and that is not marked for close. If state
4607  * is non-zero, conn must be of that state too.
4608  */
4609 connection_t *
4611  const char *rendquery)
4612 {
4613  tor_assert(type == CONN_TYPE_DIR ||
4614  type == CONN_TYPE_AP || type == CONN_TYPE_EXIT);
4615  tor_assert(rendquery);
4616 
4617  CONN_GET_TEMPLATE(conn,
4618  (conn->type == type &&
4619  (!state || state == conn->state)) &&
4620  (
4621  (type == CONN_TYPE_DIR &&
4622  TO_DIR_CONN(conn)->rend_data &&
4623  !rend_cmp_service_ids(rendquery,
4624  rend_data_get_address(TO_DIR_CONN(conn)->rend_data)))
4625  ||
4626  (CONN_IS_EDGE(conn) &&
4627  TO_EDGE_CONN(conn)->rend_data &&
4628  !rend_cmp_service_ids(rendquery,
4629  rend_data_get_address(TO_EDGE_CONN(conn)->rend_data)))
4630  ));
4631 }
4632 
4633 /** Return a new smartlist of dir_connection_t * from get_connection_array()
4634  * that satisfy conn_test on connection_t *conn_var, and dirconn_test on
4635  * dir_connection_t *dirconn_var. conn_var must be of CONN_TYPE_DIR and not
4636  * marked for close to be included in the list. */
4637 #define DIR_CONN_LIST_TEMPLATE(conn_var, conn_test, \
4638  dirconn_var, dirconn_test) \
4639  STMT_BEGIN \
4640  smartlist_t *conns = get_connection_array(); \
4641  smartlist_t *dir_conns = smartlist_new(); \
4642  SMARTLIST_FOREACH_BEGIN(conns, connection_t *, conn_var) { \
4643  if (conn_var && (conn_test) \
4644  && conn_var->type == CONN_TYPE_DIR \
4645  && !conn_var->marked_for_close) { \
4646  dir_connection_t *dirconn_var = TO_DIR_CONN(conn_var); \
4647  if (dirconn_var && (dirconn_test)) { \
4648  smartlist_add(dir_conns, dirconn_var); \
4649  } \
4650  } \
4651  } SMARTLIST_FOREACH_END(conn_var); \
4652  return dir_conns; \
4653  STMT_END
4654 
4655 /** Return a list of directory connections that are fetching the item
4656  * described by <b>purpose</b>/<b>resource</b>. If there are none,
4657  * return an empty list. This list must be freed using smartlist_free,
4658  * but the pointers in it must not be freed.
4659  * Note that this list should not be cached, as the pointers in it can be
4660  * freed if their connections close. */
4661 smartlist_t *
4663  int purpose,
4664  const char *resource)
4665 {
4667  conn->purpose == purpose,
4668  dirconn,
4669  0 == strcmp_opt(resource,
4670  dirconn->requested_resource));
4671 }
4672 
4673 /** Return a list of directory connections that are fetching the item
4674  * described by <b>purpose</b>/<b>resource</b>/<b>state</b>. If there are
4675  * none, return an empty list. This list must be freed using smartlist_free,
4676  * but the pointers in it must not be freed.
4677  * Note that this list should not be cached, as the pointers in it can be
4678  * freed if their connections close. */
4679 smartlist_t *
4681  int purpose,
4682  const char *resource,
4683  int state)
4684 {
4686  conn->purpose == purpose && conn->state == state,
4687  dirconn,
4688  0 == strcmp_opt(resource,
4689  dirconn->requested_resource));
4690 }
4691 
4692 #undef DIR_CONN_LIST_TEMPLATE
4693 
4694 /** Return an arbitrary active OR connection that isn't <b>this_conn</b>.
4695  *
4696  * We use this to guess if we should tell the controller that we
4697  * didn't manage to connect to any of our bridges. */
4698 static connection_t *
4700 {
4701  CONN_GET_TEMPLATE(conn,
4702  conn != TO_CONN(this_conn) && conn->type == CONN_TYPE_OR);
4703 }
4704 
4705 /** Return 1 if there are any active OR connections apart from
4706  * <b>this_conn</b>.
4707  *
4708  * We use this to guess if we should tell the controller that we
4709  * didn't manage to connect to any of our bridges. */
4710 int
4712 {
4714  if (conn != NULL) {
4715  log_debug(LD_DIR, "%s: Found an OR connection: %s",
4716  __func__, conn->address);
4717  return 1;
4718  }
4719 
4720  return 0;
4721 }
4722 
4723 #undef CONN_GET_TEMPLATE
4724 
4725 /** Return 1 if <b>conn</b> is a listener conn, else return 0. */
4726 int
4728 {
4729  if (conn->type == CONN_TYPE_OR_LISTENER ||
4730  conn->type == CONN_TYPE_EXT_OR_LISTENER ||
4731  conn->type == CONN_TYPE_AP_LISTENER ||
4732  conn->type == CONN_TYPE_AP_TRANS_LISTENER ||
4733  conn->type == CONN_TYPE_AP_DNS_LISTENER ||
4734  conn->type == CONN_TYPE_AP_NATD_LISTENER ||
4736  conn->type == CONN_TYPE_DIR_LISTENER ||
4738  return 1;
4739  return 0;
4740 }
4741 
4742 /** Return 1 if <b>conn</b> is in state "open" and is not marked
4743  * for close, else return 0.
4744  */
4745 int
4747 {
4748  tor_assert(conn);
4749 
4750  if (conn->marked_for_close)
4751  return 0;
4752 
4753  if ((conn->type == CONN_TYPE_OR && conn->state == OR_CONN_STATE_OPEN) ||
4754  (conn->type == CONN_TYPE_EXT_OR) ||
4755  (conn->type == CONN_TYPE_AP && conn->state == AP_CONN_STATE_OPEN) ||
4756  (conn->type == CONN_TYPE_EXIT && conn->state == EXIT_CONN_STATE_OPEN) ||
4757  (conn->type == CONN_TYPE_CONTROL &&
4758  conn->state == CONTROL_CONN_STATE_OPEN))
4759  return 1;
4760 
4761  return 0;
4762 }
4763 
4764 /** Return 1 if conn is in 'connecting' state, else return 0. */
4765 int
4767 {
4768  tor_assert(conn);
4769 
4770  if (conn->marked_for_close)
4771  return 0;
4772  switch (conn->type)
4773  {
4774  case CONN_TYPE_OR:
4775  return conn->state == OR_CONN_STATE_CONNECTING;
4776  case CONN_TYPE_EXIT:
4777  return conn->state == EXIT_CONN_STATE_CONNECTING;
4778  case CONN_TYPE_DIR:
4779  return conn->state == DIR_CONN_STATE_CONNECTING;
4780  }
4781 
4782  return 0;
4783 }
4784 
4785 /** Allocates a base64'ed authenticator for use in http or https
4786  * auth, based on the input string <b>authenticator</b>. Returns it
4787  * if success, else returns NULL. */
4788 char *
4789 alloc_http_authenticator(const char *authenticator)
4790 {
4791  /* an authenticator in Basic authentication
4792  * is just the string "username:password" */
4793  const size_t authenticator_length = strlen(authenticator);
4794  const size_t base64_authenticator_length =
4795  base64_encode_size(authenticator_length, 0) + 1;
4796  char *base64_authenticator = tor_malloc(base64_authenticator_length);
4797  if (base64_encode(base64_authenticator, base64_authenticator_length,
4798  authenticator, authenticator_length, 0) < 0) {
4799  tor_free(base64_authenticator); /* free and set to null */
4800  }
4801  return base64_authenticator;
4802 }
4803 
4804 /** Given a socket handle, check whether the local address (sockname) of the
4805  * socket is one that we've connected from before. If so, double-check
4806  * whether our address has changed and we need to generate keys. If we do,
4807  * call init_keys().
4808  */
4809 static void
4811 {
4812  tor_addr_t out_addr, iface_addr;
4813  tor_addr_t **last_interface_ip_ptr;
4814  sa_family_t family;
4815 
4816  if (!outgoing_addrs)
4818 
4819  if (tor_addr_from_getsockname(&out_addr, sock) < 0) {
4820  int e = tor_socket_errno(sock);
4821  log_warn(LD_NET, "getsockname() to check for address change failed: %s",
4822  tor_socket_strerror(e));
4823  return;
4824  }
4825  family = tor_addr_family(&out_addr);
4826 
4827  if (family == AF_INET)
4828  last_interface_ip_ptr = &last_interface_ipv4;
4829  else if (family == AF_INET6)
4830  last_interface_ip_ptr = &last_interface_ipv6;
4831  else
4832  return;
4833 
4834  if (! *last_interface_ip_ptr) {
4835  tor_addr_t *a = tor_malloc_zero(sizeof(tor_addr_t));
4836  if (get_interface_address6(LOG_INFO, family, a)==0) {
4837  *last_interface_ip_ptr = a;
4838  } else {
4839  tor_free(a);
4840  }
4841  }
4842 
4843  /* If we've used this address previously, we're okay. */
4845  if (tor_addr_eq(a_ptr, &out_addr))
4846  return;
4847  );
4848 
4849  /* Uh-oh. We haven't connected from this address before. Has the interface
4850  * address changed? */
4851  if (get_interface_address6(LOG_INFO, family, &iface_addr)<0)
4852  return;
4853 
4854  if (tor_addr_eq(&iface_addr, *last_interface_ip_ptr)) {
4855  /* Nope, it hasn't changed. Add this address to the list. */
4856  smartlist_add(outgoing_addrs, tor_memdup(&out_addr, sizeof(tor_addr_t)));
4857  } else {
4858  /* The interface changed. We're a client, so we need to regenerate our
4859  * keys. First, reset the state. */
4860  log_notice(LD_NET, "Our IP address has changed. Rotating keys...");
4861  tor_addr_copy(*last_interface_ip_ptr, &iface_addr);
4864  smartlist_add(outgoing_addrs, tor_memdup(&out_addr, sizeof(tor_addr_t)));
4865  /* We'll need to resolve ourselves again. */
4867  /* Okay, now change our keys. */
4868  ip_address_changed(1);
4869  }
4870 }
4871 
4872 /** Some systems have limited system buffers for recv and xmit on
4873  * sockets allocated in a virtual server or similar environment. For a Tor
4874  * server this can produce the "Error creating network socket: No buffer
4875  * space available" error once all available TCP buffer space is consumed.
4876  * This method will attempt to constrain the buffers allocated for the socket
4877  * to the desired size to stay below system TCP buffer limits.
4878  */
4879 static void
4881 {
4882  void *sz = (void*)&size;
4883  socklen_t sz_sz = (socklen_t) sizeof(size);
4884  if (setsockopt(sock, SOL_SOCKET, SO_SNDBUF, sz, sz_sz) < 0) {
4885  int e = tor_socket_errno(sock);
4886  log_warn(LD_NET, "setsockopt() to constrain send "
4887  "buffer to %d bytes failed: %s", size, tor_socket_strerror(e));
4888  }
4889  if (setsockopt(sock, SOL_SOCKET, SO_RCVBUF, sz, sz_sz) < 0) {
4890  int e = tor_socket_errno(sock);
4891  log_warn(LD_NET, "setsockopt() to constrain recv "
4892  "buffer to %d bytes failed: %s", size, tor_socket_strerror(e));
4893  }
4894 }
4895 
4896 /** Process new bytes that have arrived on conn->inbuf.
4897  *
4898  * This function just passes conn to the connection-specific
4899  * connection_*_process_inbuf() function. It also passes in
4900  * package_partial if wanted.
4901  */
4902 static int
4903 connection_process_inbuf(connection_t *conn, int package_partial)
4904 {
4905  tor_assert(conn);
4906 
4907  switch (conn->type) {
4908  case CONN_TYPE_OR:
4910  case CONN_TYPE_EXT_OR:
4912  case CONN_TYPE_EXIT:
4913  case CONN_TYPE_AP:
4915  package_partial);
4916  case CONN_TYPE_DIR:
4918  case CONN_TYPE_CONTROL:
4920  default:
4921  log_err(LD_BUG,"got unexpected conn type %d.", conn->type);
4923  return -1;
4924  }
4925 }
4926 
4927 /** Called whenever we've written data on a connection. */
4928 static int
4930 {
4931  int r = 0;
4932  tor_assert(!conn->in_flushed_some);
4933  conn->in_flushed_some = 1;
4934  if (conn->type == CONN_TYPE_DIR &&
4936  r = connection_dirserv_flushed_some(TO_DIR_CONN(conn));
4937  } else if (conn->type == CONN_TYPE_OR) {
4939  } else if (CONN_IS_EDGE(conn)) {
4941  }
4942  conn->in_flushed_some = 0;
4943  return r;
4944 }
4945 
4946 /** We just finished flushing bytes to the appropriately low network layer,
4947  * and there are no more bytes remaining in conn->outbuf or
4948  * conn->tls to be flushed.
4949  *
4950  * This function just passes conn to the connection-specific
4951  * connection_*_finished_flushing() function.
4952  */
4953 static int
4955 {
4956  tor_assert(conn);
4957 
4958  /* If the connection is closed, don't try to do anything more here. */
4959  if (CONN_IS_CLOSED(conn))
4960  return 0;
4961 
4962 // log_fn(LOG_DEBUG,"entered. Socket %u.", conn->s);
4963 
4965 
4966  switch (conn->type) {
4967  case CONN_TYPE_OR:
4969  case CONN_TYPE_EXT_OR:
4971  case CONN_TYPE_AP:
4972  case CONN_TYPE_EXIT:
4974  case CONN_TYPE_DIR:
4976  case CONN_TYPE_CONTROL:
4978  default:
4979  log_err(LD_BUG,"got unexpected conn type %d.", conn->type);
4981  return -1;
4982  }
4983 }
4984 
4985 /** Called when our attempt to connect() to a server has just succeeded.
4986  *
4987  * This function checks if the interface address has changed (clients only),
4988  * and then passes conn to the connection-specific
4989  * connection_*_finished_connecting() function.
4990  */
4991 static int
4993 {
4994  tor_assert(conn);
4995 
4996  if (!server_mode(get_options())) {
4997  /* See whether getsockname() says our address changed. We need to do this
4998  * now that the connection has finished, because getsockname() on Windows
4999  * won't work until then. */
5001  }
5002 
5003  switch (conn->type)
5004  {
5005  case CONN_TYPE_OR:
5007  case CONN_TYPE_EXIT:
5009  case CONN_TYPE_DIR:
5011  default:
5012  log_err(LD_BUG,"got unexpected conn type %d.", conn->type);
5014  return -1;
5015  }
5016 }
5017 
5018 /** Callback: invoked when a connection reaches an EOF event. */
5019 static int
5021 {
5022  switch (conn->type) {
5023  case CONN_TYPE_OR:
5024  case CONN_TYPE_EXT_OR:
5025  return connection_or_reached_eof(TO_OR_CONN(conn));
5026  case CONN_TYPE_AP:
5027  case CONN_TYPE_EXIT:
5029  case CONN_TYPE_DIR:
5031  case CONN_TYPE_CONTROL:
5033  default:
5034  log_err(LD_BUG,"got unexpected conn type %d.", conn->type);
5036  return -1;
5037  }
5038 }
5039 
5040 /** Comparator for the two-orconn case in OOS victim sort */
5041 static int
5043 {
5044  int a_circs, b_circs;
5045  /* Fewer circuits == higher priority for OOS kill, sort earlier */
5046 
5047  a_circs = connection_or_get_num_circuits(a);
5048  b_circs = connection_or_get_num_circuits(b);
5049 
5050  if (a_circs < b_circs) return 1;
5051  else if (a_circs > b_circs) return -1;
5052  else return 0;
5053 }
5054 
5055 /** Sort comparator for OOS victims; better targets sort before worse
5056  * ones. */
5057 static int
5058 oos_victim_comparator(const void **a_v, const void **b_v)
5059 {
5060  connection_t *a = NULL, *b = NULL;
5061 
5062  /* Get connection pointers out */
5063 
5064  a = (connection_t *)(*a_v);
5065  b = (connection_t *)(*b_v);
5066 
5067  tor_assert(a != NULL);
5068  tor_assert(b != NULL);
5069 
5070  /*
5071  * We always prefer orconns as victims currently; we won't even see
5072  * these non-orconn cases, but if we do, sort them after orconns.
5073  */
5074  if (a->type == CONN_TYPE_OR && b->type == CONN_TYPE_OR) {
5076  } else {
5077  /*
5078  * One isn't an orconn; if one is, it goes first. We currently have no
5079  * opinions about cases where neither is an orconn.
5080  */
5081  if (a->type == CONN_TYPE_OR) return -1;
5082  else if (b->type == CONN_TYPE_OR) return 1;
5083  else return 0;
5084  }
5085 }
5086 
5087 /** Pick n victim connections for the OOS handler and return them in a
5088  * smartlist.
5089  */
5092 {
5093  smartlist_t *eligible = NULL, *victims = NULL;
5094  smartlist_t *conns;
5095  int conn_counts_by_type[CONN_TYPE_MAX_ + 1], i;
5096 
5097  /*
5098  * Big damn assumption (someone improve this someday!):
5099  *
5100  * Socket exhaustion normally happens on high-volume relays, and so
5101  * most of the connections involved are orconns. We should pick victims
5102  * by assembling a list of all orconns, and sorting them in order of
5103  * how much 'damage' by some metric we'd be doing by dropping them.
5104  *
5105  * If we move on from orconns, we should probably think about incoming
5106  * directory connections next, or exit connections. Things we should
5107  * probably never kill are controller connections and listeners.
5108  *
5109  * This function will count how many connections of different types
5110  * exist and log it for purposes of gathering data on typical OOS
5111  * situations to guide future improvements.
5112  */
5113 
5114  /* First, get the connection array */
5115  conns = get_connection_array();
5116  /*
5117  * Iterate it and pick out eligible connection types, and log some stats
5118  * along the way.
5119  */
5120  eligible = smartlist_new();
5121  memset(conn_counts_by_type, 0, sizeof(conn_counts_by_type));
5122  SMARTLIST_FOREACH_BEGIN(conns, connection_t *, c) {
5123  /* Bump the counter */
5124  tor_assert(c->type <= CONN_TYPE_MAX_);
5125  ++(conn_counts_by_type[c->type]);
5126 
5127  /* Skip anything without a socket we can free */
5128  if (!(SOCKET_OK(c->s))) {
5129  continue;
5130  }
5131 
5132  /* Skip anything we would count as moribund */
5133  if (connection_is_moribund(c)) {
5134  continue;
5135  }
5136 
5137  switch (c->type) {
5138  case CONN_TYPE_OR:
5139  /* We've got an orconn, it's eligible to be OOSed */
5140  smartlist_add(eligible, c);
5141  break;
5142  default:
5143  /* We don't know what to do with it, ignore it */
5144  break;
5145  }
5146  } SMARTLIST_FOREACH_END(c);
5147 
5148  /* Log some stats */
5149  if (smartlist_len(conns) > 0) {
5150  /* At least one counter must be non-zero */
5151  log_info(LD_NET, "Some stats on conn types seen during OOS follow");
5152  for (i = CONN_TYPE_MIN_; i <= CONN_TYPE_MAX_; ++i) {
5153  /* Did we see any? */
5154  if (conn_counts_by_type[i] > 0) {
5155  log_info(LD_NET, "%s: %d conns",
5157  conn_counts_by_type[i]);
5158  }
5159  }
5160  log_info(LD_NET, "Done with OOS conn type stats");
5161  }
5162 
5163  /* Did we find more eligible targets than we want to kill? */
5164  if (smartlist_len(eligible) > n) {
5165  /* Sort the list in order of target preference */
5167  /* Pick first n as victims */
5168  victims = smartlist_new();
5169  for (i = 0; i < n; ++i) {
5170  smartlist_add(victims, smartlist_get(eligible, i));
5171  }
5172  /* Free the original list */
5173  smartlist_free(eligible);
5174  } else {
5175  /* No, we can just call them all victims */
5176  victims = eligible;
5177  }
5178 
5179  return victims;
5180 }
5181 
5182 /** Kill a list of connections for the OOS handler. */
5183 MOCK_IMPL(STATIC void,
5185 {
5186  if (!conns) return;
5187 
5188  SMARTLIST_FOREACH_BEGIN(conns, connection_t *, c) {
5189  /* Make sure the channel layer gets told about orconns */
5190  if (c->type == CONN_TYPE_OR) {
5192  } else {
5193  connection_mark_for_close(c);
5194  }
5195  } SMARTLIST_FOREACH_END(c);
5196 
5197  log_notice(LD_NET,
5198  "OOS handler marked %d connections",
5199  smartlist_len(conns));
5200 }
5201 
5202 /** Check if a connection is on the way out so the OOS handler doesn't try
5203  * to kill more than it needs. */
5204 int
5206 {
5207  if (conn != NULL &&
5208  (conn->conn_array_index < 0 ||
5209  conn->marked_for_close)) {
5210  return 1;
5211  } else {
5212  return 0;
5213  }
5214 }
5215 
5216 /** Out-of-Sockets handler; n_socks is the current number of open
5217  * sockets, and failed is non-zero if a socket exhaustion related
5218  * error immediately preceded this call. This is where to do
5219  * circuit-killing heuristics as needed.
5220  */
5221 void
5222 connection_check_oos(int n_socks, int failed)
5223 {
5224  int target_n_socks = 0, moribund_socks, socks_to_kill;
5225  smartlist_t *conns;
5226 
5227  /* Early exit: is OOS checking disabled? */
5228  if (get_options()->DisableOOSCheck) {
5229  return;
5230  }
5231 
5232  /* Sanity-check args */
5233  tor_assert(n_socks >= 0);
5234 
5235  /*
5236  * Make some log noise; keep it at debug level since this gets a chance
5237  * to run on every connection attempt.
5238  */
5239  log_debug(LD_NET,
5240  "Running the OOS handler (%d open sockets, %s)",
5241  n_socks, (failed != 0) ? "exhaustion seen" : "no exhaustion");
5242 
5243  /*
5244  * Check if we're really handling an OOS condition, and if so decide how
5245  * many sockets we want to get down to. Be sure we check if the threshold
5246  * is distinct from zero first; it's possible for this to be called a few
5247  * times before we've finished reading the config.
5248  */
5249  if (n_socks >= get_options()->ConnLimit_high_thresh &&
5250  get_options()->ConnLimit_high_thresh != 0 &&
5251  get_options()->ConnLimit_ != 0) {
5252  /* Try to get down to the low threshold */
5253  target_n_socks = get_options()->ConnLimit_low_thresh;
5254  log_notice(LD_NET,
5255  "Current number of sockets %d is greater than configured "
5256  "limit %d; OOS handler trying to get down to %d",
5257  n_socks, get_options()->ConnLimit_high_thresh,
5258  target_n_socks);
5259  } else if (failed) {
5260  /*
5261  * If we're not at the limit but we hit a socket exhaustion error, try to
5262  * drop some (but not as aggressively as ConnLimit_low_threshold, which is
5263  * 3/4 of ConnLimit_)
5264  */
5265  target_n_socks = (n_socks * 9) / 10;
5266  log_notice(LD_NET,
5267  "We saw socket exhaustion at %d open sockets; OOS handler "
5268  "trying to get down to %d",
5269  n_socks, target_n_socks);
5270  }
5271 
5272  if (target_n_socks > 0) {
5273  /*
5274  * It's an OOS!
5275  *
5276  * Count moribund sockets; it's be important that anything we decide
5277  * to get rid of here but don't immediately close get counted as moribund
5278  * on subsequent invocations so we don't try to kill too many things if
5279  * connection_check_oos() gets called multiple times.
5280  */
5281  moribund_socks = connection_count_moribund();
5282 
5283  if (moribund_socks < n_socks - target_n_socks) {
5284  socks_to_kill = n_socks - target_n_socks - moribund_socks;
5285 
5286  conns = pick_oos_victims(socks_to_kill);
5287  if (conns) {
5288  kill_conn_list_for_oos(conns);
5289  log_notice(LD_NET,
5290  "OOS handler killed %d conns", smartlist_len(conns));
5291  smartlist_free(conns);
5292  } else {
5293  log_notice(LD_NET, "OOS handler failed to pick any victim conns");
5294  }
5295  } else {
5296  log_notice(LD_NET,
5297  "Not killing any sockets for OOS because there are %d "
5298  "already moribund, and we only want to eliminate %d",
5299  moribund_socks, n_socks - target_n_socks);
5300  }
5301  }
5302 }
5303 
5304 /** Log how many bytes are used by buffers of different kinds and sizes. */
5305 void
5307 {
5308  uint64_t used_by_type[CONN_TYPE_MAX_+1];
5309  uint64_t alloc_by_type[CONN_TYPE_MAX_+1];
5310  int n_conns_by_type[CONN_TYPE_MAX_+1];
5311  uint64_t total_alloc = 0;
5312  uint64_t total_used = 0;
5313  int i;
5314  smartlist_t *conns = get_connection_array();
5315 
5316  memset(used_by_type, 0, sizeof(used_by_type));
5317  memset(alloc_by_type, 0, sizeof(alloc_by_type));
5318  memset(n_conns_by_type, 0, sizeof(n_conns_by_type));
5319 
5320  SMARTLIST_FOREACH_BEGIN(conns, connection_t *, c) {
5321  int tp = c->type;
5322  ++n_conns_by_type[tp];
5323  if (c->inbuf) {
5324  used_by_type[tp] += buf_datalen(c->inbuf);
5325  alloc_by_type[tp] += buf_allocation(c->inbuf);
5326  }
5327  if (c->outbuf) {
5328  used_by_type[tp] += buf_datalen(c->outbuf);
5329  alloc_by_type[tp] += buf_allocation(c->outbuf);
5330  }
5331  } SMARTLIST_FOREACH_END(c);
5332  for (i=0; i <= CONN_TYPE_MAX_; ++i) {
5333  total_used += used_by_type[i];
5334  total_alloc += alloc_by_type[i];
5335  }
5336 
5337  tor_log(severity, LD_GENERAL,
5338  "In buffers for %d connections: %"PRIu64" used/%"PRIu64" allocated",
5339  smartlist_len(conns),
5340  (total_used), (total_alloc));
5341  for (i=CONN_TYPE_MIN_; i <= CONN_TYPE_MAX_; ++i) {
5342  if (!n_conns_by_type[i])
5343  continue;
5344  tor_log(severity, LD_GENERAL,
5345  " For %d %s connections: %"PRIu64" used/%"PRIu64" allocated",
5346  n_conns_by_type[i], conn_type_to_string(i),
5347  (used_by_type[i]), (alloc_by_type[i]));
5348  }
5349 }
5350 
5351 /** Verify that connection <b>conn</b> has all of its invariants
5352  * correct. Trigger an assert if anything is invalid.
5353  */
5354 void
5356 {
5357  (void) now; /* XXXX unused. */
5358  tor_assert(conn);
5359  tor_assert(conn->type >= CONN_TYPE_MIN_);
5360  tor_assert(conn->type <= CONN_TYPE_MAX_);
5361 
5362  switch (conn->type) {
5363  case CONN_TYPE_OR:
5364  case CONN_TYPE_EXT_OR:
5365  tor_assert(conn->magic == OR_CONNECTION_MAGIC);
5366  break;
5367  case CONN_TYPE_AP:
5368  tor_assert(conn->magic == ENTRY_CONNECTION_MAGIC);
5369  break;
5370  case CONN_TYPE_EXIT:
5371  tor_assert(conn->magic == EDGE_CONNECTION_MAGIC);
5372  break;
5373  case CONN_TYPE_DIR:
5374  tor_assert(conn->magic == DIR_CONNECTION_MAGIC);
5375  break;
5376  case CONN_TYPE_CONTROL:
5377  tor_assert(conn->magic == CONTROL_CONNECTION_MAGIC);
5378  break;
5379  CASE_ANY_LISTENER_TYPE:
5380  tor_assert(conn->magic == LISTENER_CONNECTION_MAGIC);
5381  break;
5382  default:
5383  tor_assert(conn->magic == BASE_CONNECTION_MAGIC);
5384  break;
5385  }
5386 
5387  if (conn->linked_conn) {
5388  tor_assert(conn->linked_conn->linked_conn == conn);
5389  tor_assert(conn->linked);
5390  }
5391  if (conn->linked)
5392  tor_assert(!SOCKET_OK(conn->s));
5393 
5394  if (conn->outbuf_flushlen > 0) {
5395  /* With optimistic data, we may have queued data in
5396  * EXIT_CONN_STATE_RESOLVING while the conn is not yet marked to writing.
5397  * */
5398  tor_assert((conn->type == CONN_TYPE_EXIT &&
5399  conn->state == EXIT_CONN_STATE_RESOLVING) ||
5400  connection_is_writing(conn) ||
5401  conn->write_blocked_on_bw ||
5402  (CONN_IS_EDGE(conn) &&
5403  TO_EDGE_CONN(conn)->edge_blocked_on_circ));
5404  }
5405 
5406  if (conn->hold_open_until_flushed)
5408 
5409  /* XXXX check: read_blocked_on_bw, write_blocked_on_bw, s, conn_array_index,
5410  * marked_for_close. */
5411 
5412  /* buffers */
5413  if (conn->inbuf)
5414  buf_assert_ok(conn->inbuf);
5415  if (conn->outbuf)
5416  buf_assert_ok(conn->outbuf);
5417 
5418  if (conn->type == CONN_TYPE_OR) {
5419  or_connection_t *or_conn = TO_OR_CONN(conn);
5420  if (conn->state == OR_CONN_STATE_OPEN) {
5421  /* tor_assert(conn->bandwidth > 0); */
5422  /* the above isn't necessarily true: if we just did a TLS
5423  * handshake but we didn't recognize the other peer, or it
5424  * gave a bad cert/etc, then we won't have assigned bandwidth,
5425  * yet it will be open. -RD
5426  */
5427 // tor_assert(conn->read_bucket >= 0);
5428  }
5429 // tor_assert(conn->addr && conn->port);
5430  tor_assert(conn->address);
5432  tor_assert(or_conn->tls);
5433  }
5434 
5435  if (CONN_IS_EDGE(conn)) {
5436  /* XXX unchecked: package window, deliver window. */
5437  if (conn->type == CONN_TYPE_AP) {
5438  entry_connection_t *entry_conn = TO_ENTRY_CONN(conn);
5439  if (entry_conn->chosen_exit_optional || entry_conn->chosen_exit_retries)
5440  tor_assert(entry_conn->chosen_exit_name);
5441 
5442  tor_assert(entry_conn->socks_request);
5443  if (conn->state == AP_CONN_STATE_OPEN) {
5444  tor_assert(entry_conn->socks_request->has_finished);
5445  if (!conn->marked_for_close) {
5446  tor_assert(ENTRY_TO_EDGE_CONN(entry_conn)->cpath_layer);
5447  cpath_assert_layer_ok(ENTRY_TO_EDGE_CONN(entry_conn)->cpath_layer);
5448  }
5449  }
5450  }
5451  if (conn->type == CONN_TYPE_EXIT) {
5453  conn->purpose == EXIT_PURPOSE_RESOLVE);
5454  }
5455  } else if (conn->type == CONN_TYPE_DIR) {
5456  } else {
5457  /* Purpose is only used for dir and exit types currently */
5458  tor_assert(!conn->purpose);
5459  }
5460 
5461  switch (conn->type)
5462  {
5463  CASE_ANY_LISTENER_TYPE:
5465  break;
5466  case CONN_TYPE_OR:
5467  tor_assert(conn->state >= OR_CONN_STATE_MIN_);
5468  tor_assert(conn->state <= OR_CONN_STATE_MAX_);
5469  break;
5470  case CONN_TYPE_EXT_OR:
5472  tor_assert(conn->state <= EXT_OR_CONN_STATE_MAX_);
5473  break;
5474  case CONN_TYPE_EXIT:
5475  tor_assert(conn->state >= EXIT_CONN_STATE_MIN_);
5476  tor_assert(conn->state <= EXIT_CONN_STATE_MAX_);
5477  tor_assert(conn->purpose >= EXIT_PURPOSE_MIN_);
5478  tor_assert(conn->purpose <= EXIT_PURPOSE_MAX_);
5479  break;
5480  case CONN_TYPE_AP:
5481  tor_assert(conn->state >= AP_CONN_STATE_MIN_);
5482  tor_assert(conn->state <= AP_CONN_STATE_MAX_);
5483  tor_assert(TO_ENTRY_CONN(conn)->socks_request);
5484  break;
5485  case CONN_TYPE_DIR:
5486  tor_assert(conn->state >= DIR_CONN_STATE_MIN_);
5487  tor_assert(conn->state <= DIR_CONN_STATE_MAX_);
5488  tor_assert(conn->purpose >= DIR_PURPOSE_MIN_);
5489  tor_assert(conn->purpose <= DIR_PURPOSE_MAX_);
5490  break;
5491  case CONN_TYPE_CONTROL:
5492  tor_assert(conn->state >= CONTROL_CONN_STATE_MIN_);
5493  tor_assert(conn->state <= CONTROL_CONN_STATE_MAX_);
5494  break;
5495  default:
5496  tor_assert(0);
5497  }
5498 }
5499 
5500 /** Fills <b>addr</b> and <b>port</b> with the details of the global
5501  * proxy server we are using. Store a 1 to the int pointed to by
5502  * <b>is_put_out</b> if the connection is using a pluggable
5503  * transport; store 0 otherwise. <b>conn</b> contains the connection
5504  * we are using the proxy for.
5505  *
5506  * Return 0 on success, -1 on failure.
5507  */
5508 int
5509 get_proxy_addrport(tor_addr_t *addr, uint16_t *port, int *proxy_type,
5510  int *is_pt_out, const connection_t *conn)
5511 {
5512  const or_options_t *options = get_options();
5513 
5514  *is_pt_out = 0;
5515  /* Client Transport Plugins can use another proxy, but that should be hidden
5516  * from the rest of tor (as the plugin is responsible for dealing with the
5517  * proxy), check it first, then check the rest of the proxy types to allow
5518  * the config to have unused ClientTransportPlugin entries.
5519  */
5520  if (options->ClientTransportPlugin) {
5521  const transport_t *transport = NULL;
5522  int r;
5523  r = get_transport_by_bridge_addrport(&conn->addr, conn->port, &transport);
5524  if (r<0)
5525  return -1;
5526  if (transport) { /* transport found */
5527  tor_addr_copy(addr, &transport->addr);
5528  *port = transport->port;
5529  *proxy_type = transport->socks_version;
5530  *is_pt_out = 1;
5531  return 0;
5532  }
5533 
5534  /* Unused ClientTransportPlugin. */
5535  }
5536 
5537  if (options->HTTPSProxy) {
5538  tor_addr_copy(addr, &options->HTTPSProxyAddr);
5539  *port = options->HTTPSProxyPort;
5540  *proxy_type = PROXY_CONNECT;
5541  return 0;
5542  } else if (options->Socks4Proxy) {
5543  tor_addr_copy(addr, &options->Socks4ProxyAddr);
5544  *port = options->Socks4ProxyPort;
5545  *proxy_type = PROXY_SOCKS4;
5546  return 0;
5547  } else if (options->Socks5Proxy) {
5548  tor_addr_copy(addr, &options->Socks5ProxyAddr);
5549  *port = options->Socks5ProxyPort;
5550  *proxy_type = PROXY_SOCKS5;
5551  return 0;
5552  } else if (options->TCPProxy) {
5553  tor_addr_copy(addr, &options->TCPProxyAddr);
5554  *port = options->TCPProxyPort;
5555  /* The only supported protocol in TCPProxy is haproxy. */
5557  *proxy_type = PROXY_HAPROXY;
5558  return 0;
5559  }
5560 
5561  tor_addr_make_unspec(addr);
5562  *port = 0;
5563  *proxy_type = PROXY_NONE;
5564  return 0;
5565 }
5566 
5567 /** Log a failed connection to a proxy server.
5568  * <b>conn</b> is the connection we use the proxy server for. */
5569 void
5571 {
5572  tor_addr_t proxy_addr;
5573  uint16_t proxy_port;
5574  int proxy_type, is_pt;
5575 
5576  if (get_proxy_addrport(&proxy_addr, &proxy_port, &proxy_type, &is_pt,
5577  conn) != 0)
5578  return; /* if we have no proxy set up, leave this function. */
5579 
5580  (void)is_pt;
5581  log_warn(LD_NET,
5582  "The connection to the %s proxy server at %s just failed. "
5583  "Make sure that the proxy server is up and running.",
5584  proxy_type_to_string(proxy_type),
5585  fmt_addrport(&proxy_addr, proxy_port));
5586 }
5587 
5588 /** Return string representation of <b>proxy_type</b>. */
5589 static const char *
5590 proxy_type_to_string(int proxy_type)
5591 {
5592  switch (proxy_type) {
5593  case PROXY_CONNECT: return "HTTP";
5594  case PROXY_SOCKS4: return "SOCKS4";
5595  case PROXY_SOCKS5: return "SOCKS5";
5596  case PROXY_HAPROXY: return "HAPROXY";
5597  case PROXY_PLUGGABLE: return "pluggable transports SOCKS";
5598  case PROXY_NONE: return "NULL";
5599  default: tor_assert(0);
5600  }
5601  return NULL; /*Unreached*/
5602 }
5603 
5604 /** Call connection_free_minimal() on every connection in our array, and
5605  * release all storage held by connection.c.
5606  *
5607  * Don't do the checks in connection_free(), because they will
5608  * fail.
5609  */
5610 void
5612 {
5613  smartlist_t *conns = get_connection_array();
5614 
5615  /* We don't want to log any messages to controllers. */
5616  SMARTLIST_FOREACH(conns, connection_t *, conn,
5617  if (conn->type == CONN_TYPE_CONTROL)
5618  TO_CONTROL_CONN(conn)->event_mask = 0);
5619 
5621 
5622  /* Unlink everything from the identity map. */
5625 
5626  /* Clear out our list of broken connections */
5628 
5629  SMARTLIST_FOREACH(conns, connection_t *, conn,
5630  connection_free_minimal(conn));
5631 
5632  if (outgoing_addrs) {
5634  smartlist_free(outgoing_addrs);
5635  outgoing_addrs = NULL;
5636  }
5637 
5639  tor_free(last_interface_ipv6);
5641 
5642  mainloop_event_free(reenable_blocked_connections_ev);
5644  memset(&reenable_blocked_connections_delay, 0, sizeof(struct timeval));
5645 }
5646 
5647 /** Log a warning, and possibly emit a control event, that <b>received</b> came
5648  * at a skewed time. <b>trusted</b> indicates that the <b>source</b> was one
5649  * that we had more faith in and therefore the warning level should have higher
5650  * severity.
5651  */
5652 MOCK_IMPL(void,
5653 clock_skew_warning, (const connection_t *conn, long apparent_skew, int trusted,
5654  log_domain_mask_t domain, const char *received,
5655  const char *source))
5656 {
5657  char dbuf[64];
5658  char *ext_source = NULL, *warn = NULL;
5659  format_time_interval(dbuf, sizeof(dbuf), apparent_skew);
5660  if (conn)
5661  tor_asprintf(&ext_source, "%s:%s:%d", source, conn->address, conn->port);
5662  else
5663  ext_source = tor_strdup(source);
5664  log_fn(trusted ? LOG_WARN : LOG_INFO, domain,
5665  "Received %s with skewed time (%s): "
5666  "It seems that our clock is %s by %s, or that theirs is %s%s. "
5667  "Tor requires an accurate clock to work: please check your time, "
5668  "timezone, and date settings.", received, ext_source,
5669  apparent_skew > 0 ? "ahead" : "behind", dbuf,
5670  apparent_skew > 0 ? "behind" : "ahead",
5671  (!conn || trusted) ? "" : ", or they are sending us the wrong time");
5672  if (trusted) {
5673  control_event_general_status(LOG_WARN, "CLOCK_SKEW SKEW=%ld SOURCE=%s",
5674  apparent_skew, ext_source);
5675  tor_asprintf(&warn, "Clock skew %ld in %s from %s", apparent_skew,
5676  received, source);
5677  control_event_bootstrap_problem(warn, "CLOCK_SKEW", conn, 1);
5678  }
5679  tor_free(warn);
5680  tor_free(ext_source);
5681 }
#define RELAY_PAYLOAD_SIZE
Definition: or.h:605
static void connection_bucket_refill_single(connection_t *conn, uint32_t now_ts)
Definition: connection.c:3572
Header file for dirserv.c.
void connection_or_close_for_error(or_connection_t *orconn, int flush)
void rep_hist_note_bytes_read(uint64_t num_bytes, time_t when)
Definition: rephist.c:1166
#define AP_CONN_STATE_CONNECT_WAIT
#define DIR_PURPOSE_SERVER
Definition: directory.h:62
uint64_t global_identifier
Definition: channel.h:197
#define CASE_TOR_TLS_ERROR_ANY_NONIO
Definition: tortls.h:53
void accounting_add_bytes(size_t n_read, size_t n_written, int seconds)
Definition: hibernate.c:331
#define CONN_TYPE_DIR_LISTENER
Definition: connection.h:51
struct tor_compress_state_t * compress_state
smartlist_t * get_connection_array(void)
Definition: mainloop.c:452
Header file for rendcommon.c.
#define CONN_TYPE_CONTROL_LISTENER
Definition: connection.h:56
int fascist_firewall_prefer_ipv6_orport(const or_options_t *options)
Definition: policies.c:498
STATIC void kill_conn_list_for_oos(smartlist_t *conns)
Definition: connection.c:5184
unsigned int cpd_check_t
Definition: dir.h:20
STATIC int connection_connect_sockaddr(connection_t *conn, const struct sockaddr *sa, socklen_t sa_len, const struct sockaddr *bindaddr, socklen_t bindaddr_len, int *socket_error)
Definition: connection.c:1946
Header file for channeltls.c.
#define AP_CONN_STATE_RESOLVE_WAIT
void rep_hist_note_dir_bytes_written(uint64_t num_bytes, time_t when)
Definition: rephist.c:1176
void connection_or_close_normally(or_connection_t *orconn, int flush)
Router descriptor structure.
const tor_addr_t * conn_get_outbound_address(sa_family_t family, const or_options_t *options, unsigned int conn_type)
Definition: connection.c:2129
Header file containing common data for the whole HS subsytem.
uint16_t HTTPSProxyPort
int token_bucket_rw_refill(token_bucket_rw_t *bucket, uint32_t now_ts)
Definition: token_bucket.c:183
void connection_start_writing(connection_t *conn)
Definition: mainloop.c:688
Header file for circuitbuild.c.
unsigned int socks_use_extended_errors
int get_proxy_addrport(tor_addr_t *addr, uint16_t *port, int *proxy_type, int *is_pt_out, const connection_t *conn)
Definition: connection.c:5509
int connection_is_moribund(connection_t *conn)
Definition: connection.c:5205
int socks_policy_permits_address(const tor_addr_t *addr)
Definition: policies.c:1119
void connection_or_remove_from_ext_or_id_map(or_connection_t *conn)
Definition: ext_orport.c:663
static smartlist_t * outgoing_addrs
Definition: connection.c:205
static int connection_read_https_proxy_response(connection_t *conn)
Definition: connection.c:2583
#define SMARTLIST_FOREACH_BEGIN(sl, type, var)
uint16_t sa_family_t
Definition: inaddr_st.h:77
#define SOCKS_COMMAND_CONNECT
Header for backtrace.c.
#define TO_CONN(c)
Definition: or.h:735
static int connection_flushed_some(connection_t *conn)
Definition: connection.c:4929
static int connection_fetch_from_buf_socks_client(connection_t *conn, int state, char **reason)
Definition: connection.c:2676
unsigned int linked_conn_is_closed
Definition: connection_st.h:86
void entry_guard_cancel(circuit_guard_state_t **guard_state_p)
Definition: entrynodes.c:2461
void connection_mark_all_noncontrol_connections(void)
Definition: connection.c:3101
void connection_ap_about_to_close(entry_connection_t *entry_conn)
uint8_t type
Definition: port_cfg_st.h:23
int connection_flush(connection_t *conn)
Definition: connection.c:4356
#define MOCK_IMPL(rv, funcname, arglist)
Definition: testsupport.h:133
void tor_addr_make_unspec(tor_addr_t *a)
Definition: address.c:225
#define EXT_OR_CONN_STATE_MIN_
Definition: ext_orport.h:17
void update_current_time(time_t now)
Definition: mainloop.c:2194
int check_private_dir(const char *dirname, cpd_check_t check, const char *effective_user)
Definition: dir.c:71
uint16_t router_get_advertised_or_port(const or_options_t *options)
Definition: router.c:1425
static void connection_send_socks5_connect(connection_t *conn)
Definition: connection.c:2644
int tor_close_socket(tor_socket_t s)
Definition: socket.c:217
uint16_t router_get_advertised_or_port_by_af(const or_options_t *options, sa_family_t family)
Definition: router.c:1433
static void update_send_buffer_size(tor_socket_t sock)
Definition: connection.c:4039
char * Socks5ProxyPassword
#define EXIT_PURPOSE_CONNECT
int ClientPreferIPv6DirPort
connection_t * connection_get_by_type_nonlinked(int type)
Definition: connection.c:4600
Header for buffers_tls.c.
int connection_state_is_connecting(connection_t *conn)
Definition: connection.c:4766
void channel_close_for_error(channel_t *chan)
Definition: channel.c:1217
#define EXIT_CONN_STATE_RESOLVING
#define CONN_TYPE_AP_NATD_LISTENER
Definition: connection.h:64
uint32_t n_written_conn_bw
#define CTASSERT(x)
Definition: ctassert.h:44
unsigned int purpose
Definition: connection_st.h:51
Header file for connection.c.
static int oos_victim_comparator(const void **a_v, const void **b_v)
Definition: connection.c:5058
#define EXIT_CONN_STATE_RESOLVEFAILED
const char * tor_tls_err_to_string(int err)
Definition: tortls.c:155
static int connection_https_proxy_connect(connection_t *conn)
Definition: connection.c:2345
void connection_stop_reading_from_linked_conn(connection_t *conn)
Definition: mainloop.c:820
connection_t * connection_get_by_type_state_rendquery(int type, int state, const char *rendquery)
Definition: connection.c:4610
char unix_addr[FLEXIBLE_ARRAY_MEMBER]
Definition: port_cfg_st.h:36
#define LD_GENERAL
Definition: log.h:62
static void connection_init(time_t now, connection_t *conn, int type, int socket_family)
Definition: connection.c:493
void connection_consider_empty_read_buckets(connection_t *conn)
Definition: connection.c:3463
#define MAX_SOCKS5_AUTH_FIELD_SIZE
Definition: connection.h:202
void connection_free_(connection_t *conn)
Definition: connection.c:759
static int connection_reached_eof(connection_t *conn)
Definition: connection.c:5020
int rend_cmp_service_ids(const char *one, const char *two)
Definition: rendcommon.c:48
dir_connection_t * dir_connection_new(int socket_family)
Definition: connection.c:362
int get_interface_address6(int severity, sa_family_t family, tor_addr_t *addr)
Definition: address.c:1634
static void client_check_address_changed(tor_socket_t sock)
Definition: connection.c:4810
static int connection_handle_listener_read(connection_t *conn, int new_type)
Definition: connection.c:1701
#define DOWNCAST(to, ptr)
Definition: or.h:109
int buf_flush_to_socket(buf_t *buf, tor_socket_t s, size_t sz, size_t *buf_flushlen)
Definition: buffers_net.c:231
static ssize_t connection_bucket_get_share(int base, int priority, ssize_t global_bucket_val, ssize_t conn_bucket)
Definition: connection.c:3187
Listener connection structure.
#define CONN_TYPE_AP_TRANS_LISTENER
Definition: connection.h:61
tor_addr_t addr
Definition: port_cfg_st.h:20
time_t connection_or_client_used(or_connection_t *conn)
Definition: