Tor  0.4.5.0-alpha-dev
connection.c
Go to the documentation of this file.
1 /* Copyright (c) 2001 Matej Pfajfar.
2  * Copyright (c) 2001-2004, Roger Dingledine.
3  * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson.
4  * Copyright (c) 2007-2020, The Tor Project, Inc. */
5 /* See LICENSE for licensing information */
6 
7 /**
8  * \file connection.c
9  * \brief General high-level functions to handle reading and writing
10  * on connections.
11  *
12  * Each connection (ideally) represents a TLS connection, a TCP socket, a unix
13  * socket, or a UDP socket on which reads and writes can occur. (But see
14  * connection_edge.c for cases where connections can also represent streams
15  * that do not have a corresponding socket.)
16  *
17  * The module implements the abstract type, connection_t. The subtypes are:
18  * <ul>
19  * <li>listener_connection_t, implemented here in connection.c
20  * <li>dir_connection_t, implemented in directory.c
21  * <li>or_connection_t, implemented in connection_or.c
22  * <li>edge_connection_t, implemented in connection_edge.c, along with
23  * its subtype(s):
24  * <ul><li>entry_connection_t, also implemented in connection_edge.c
25  * </ul>
26  * <li>control_connection_t, implemented in control.c
27  * </ul>
28  *
29  * The base type implemented in this module is responsible for basic
30  * rate limiting, flow control, and marshalling bytes onto and off of the
31  * network (either directly or via TLS).
32  *
33  * Connections are registered with the main loop with connection_add(). As
34  * they become able to read or write register the fact with the event main
35  * loop by calling connection_watch_events(), connection_start_reading(), or
36  * connection_start_writing(). When they no longer want to read or write,
37  * they call connection_stop_reading() or connection_stop_writing().
38  *
39  * To queue data to be written on a connection, call
40  * connection_buf_add(). When data arrives, the
41  * connection_process_inbuf() callback is invoked, which dispatches to a
42  * type-specific function (such as connection_edge_process_inbuf() for
43  * example). Connection types that need notice of when data has been written
44  * receive notification via connection_flushed_some() and
45  * connection_finished_flushing(). These functions all delegate to
46  * type-specific implementations.
47  *
48  * Additionally, beyond the core of connection_t, this module also implements:
49  * <ul>
50  * <li>Listeners, which wait for incoming sockets and launch connections
51  * <li>Outgoing SOCKS proxy support
52  * <li>Outgoing HTTP proxy support
53  * <li>An out-of-sockets handler for dealing with socket exhaustion
54  * </ul>
55  **/
56 
57 #define CONNECTION_PRIVATE
58 #include "core/or/or.h"
59 #include "feature/client/bridges.h"
60 #include "lib/buf/buffers.h"
61 #include "lib/tls/buffers_tls.h"
62 #include "lib/err/backtrace.h"
63 
64 /*
65  * Define this so we get channel internal functions, since we're implementing
66  * part of a subclass (channel_tls_t).
67  */
68 #define CHANNEL_OBJECT_PRIVATE
69 #include "app/config/config.h"
72 #include "core/mainloop/mainloop.h"
74 #include "core/or/channel.h"
75 #include "core/or/channeltls.h"
76 #include "core/or/circuitbuild.h"
77 #include "core/or/circuitlist.h"
78 #include "core/or/circuituse.h"
80 #include "core/or/connection_or.h"
81 #include "core/or/dos.h"
82 #include "core/or/policies.h"
83 #include "core/or/reasons.h"
84 #include "core/or/relay.h"
85 #include "core/or/status.h"
86 #include "core/or/crypt_path.h"
87 #include "core/proto/proto_haproxy.h"
88 #include "core/proto/proto_http.h"
89 #include "core/proto/proto_socks.h"
90 #include "feature/client/dnsserv.h"
100 #include "feature/hs/hs_common.h"
101 #include "feature/hs/hs_ident.h"
104 #include "feature/relay/dns.h"
107 #include "feature/rend/rendclient.h"
108 #include "feature/rend/rendcommon.h"
109 #include "feature/stats/connstats.h"
110 #include "feature/stats/rephist.h"
111 #include "feature/stats/bwhist.h"
113 #include "lib/geoip/geoip.h"
114 
115 #include "lib/cc/ctassert.h"
116 #include "lib/sandbox/sandbox.h"
117 #include "lib/net/buffers_net.h"
118 #include "lib/tls/tortls.h"
120 #include "lib/compress/compress.h"
121 
122 #ifdef HAVE_PWD_H
123 #include <pwd.h>
124 #endif
125 
126 #ifdef HAVE_UNISTD_H
127 #include <unistd.h>
128 #endif
129 #ifdef HAVE_SYS_STAT_H
130 #include <sys/stat.h>
131 #endif
132 
133 #ifdef HAVE_SYS_UN_H
134 #include <sys/socket.h>
135 #include <sys/un.h>
136 #endif
137 
143 #include "core/or/port_cfg_st.h"
146 
147 /**
148  * On Windows and Linux we cannot reliably bind() a socket to an
149  * address and port if: 1) There's already a socket bound to wildcard
150  * address (0.0.0.0 or ::) with the same port; 2) We try to bind()
151  * to wildcard address and there's another socket bound to a
152  * specific address and the same port.
153  *
154  * To address this problem on these two platforms we implement a
155  * routine that:
156  * 1) Checks if first attempt to bind() a new socket failed with
157  * EADDRINUSE.
158  * 2) If so, it will close the appropriate old listener connection and
159  * 3) Attempts bind()'ing the new listener socket again.
160  *
161  * Just to be safe, we are enabling listener rebind code on all platforms,
162  * to account for unexpected cases where it may be needed.
163  */
164 #define ENABLE_LISTENER_REBIND
165 
167  const struct sockaddr *listensockaddr,
168  socklen_t listensocklen, int type,
169  const char *address,
170  const port_cfg_t *portcfg,
171  int *addr_in_use);
173  const port_cfg_t *port,
174  int *defer, int *addr_in_use);
175 static void connection_init(time_t now, connection_t *conn, int type,
176  int socket_family);
177 static int connection_handle_listener_read(connection_t *conn, int new_type);
179 static int connection_flushed_some(connection_t *conn);
181 static int connection_reached_eof(connection_t *conn);
183  ssize_t *max_to_read,
184  int *socket_error);
185 static int connection_process_inbuf(connection_t *conn, int package_partial);
187 static void set_constrained_socket_buffers(tor_socket_t sock, int size);
188 
189 static const char *connection_proxy_state_to_string(int state);
192 static const char *proxy_type_to_string(int proxy_type);
193 static int conn_get_proxy_type(const connection_t *conn);
195  const or_options_t *options, unsigned int conn_type);
196 static void reenable_blocked_connection_init(const or_options_t *options);
197 static void reenable_blocked_connection_schedule(void);
198 
199 /** The last addresses that our network interface seemed to have been
200  * binding to. We use this as one way to detect when our IP changes.
201  *
202  * XXXX+ We should really use the entire list of interfaces here.
203  **/
205 /* DOCDOC last_interface_ipv6 */
206 static tor_addr_t *last_interface_ipv6 = NULL;
207 /** A list of tor_addr_t for addresses we've used in outgoing connections.
208  * Used to detect IP address changes. */
210 
211 #define CASE_ANY_LISTENER_TYPE \
212  case CONN_TYPE_OR_LISTENER: \
213  case CONN_TYPE_EXT_OR_LISTENER: \
214  case CONN_TYPE_AP_LISTENER: \
215  case CONN_TYPE_DIR_LISTENER: \
216  case CONN_TYPE_CONTROL_LISTENER: \
217  case CONN_TYPE_AP_TRANS_LISTENER: \
218  case CONN_TYPE_AP_NATD_LISTENER: \
219  case CONN_TYPE_AP_DNS_LISTENER: \
220  case CONN_TYPE_AP_HTTP_CONNECT_LISTENER
221 
222 /**************************************************************/
223 
224 /**
225  * Cast a `connection_t *` to a `listener_connection_t *`.
226  *
227  * Exit with an assertion failure if the input is not a
228  * `listener_connection_t`.
229  **/
232 {
233  tor_assert(c->magic == LISTENER_CONNECTION_MAGIC);
234  return DOWNCAST(listener_connection_t, c);
235 }
236 
237 /**
238  * Cast a `const connection_t *` to a `const listener_connection_t *`.
239  *
240  * Exit with an assertion failure if the input is not a
241  * `listener_connection_t`.
242  **/
243 const listener_connection_t *
245 {
246  return TO_LISTENER_CONN((connection_t *)c);
247 }
248 
249 size_t
250 connection_get_inbuf_len(connection_t *conn)
251 {
252  return conn->inbuf ? buf_datalen(conn->inbuf) : 0;
253 }
254 
255 size_t
256 connection_get_outbuf_len(connection_t *conn)
257 {
258  return conn->outbuf ? buf_datalen(conn->outbuf) : 0;
259 }
260 
261 /**
262  * Return the human-readable name for the connection type <b>type</b>
263  */
264 const char *
266 {
267  static char buf[64];
268  switch (type) {
269  case CONN_TYPE_OR_LISTENER: return "OR listener";
270  case CONN_TYPE_OR: return "OR";
271  case CONN_TYPE_EXIT: return "Exit";
272  case CONN_TYPE_AP_LISTENER: return "Socks listener";
274  return "Transparent pf/netfilter listener";
275  case CONN_TYPE_AP_NATD_LISTENER: return "Transparent natd listener";
276  case CONN_TYPE_AP_DNS_LISTENER: return "DNS listener";
277  case CONN_TYPE_AP: return "Socks";
278  case CONN_TYPE_DIR_LISTENER: return "Directory listener";
279  case CONN_TYPE_DIR: return "Directory";
280  case CONN_TYPE_CONTROL_LISTENER: return "Control listener";
281  case CONN_TYPE_CONTROL: return "Control";
282  case CONN_TYPE_EXT_OR: return "Extended OR";
283  case CONN_TYPE_EXT_OR_LISTENER: return "Extended OR listener";
284  case CONN_TYPE_AP_HTTP_CONNECT_LISTENER: return "HTTP tunnel listener";
285  default:
286  log_warn(LD_BUG, "unknown connection type %d", type);
287  tor_snprintf(buf, sizeof(buf), "unknown [%d]", type);
288  return buf;
289  }
290 }
291 
292 /**
293  * Return the human-readable name for the connection state <b>state</b>
294  * for the connection type <b>type</b>
295  */
296 const char *
297 conn_state_to_string(int type, int state)
298 {
299  static char buf[96];
300  switch (type) {
301  CASE_ANY_LISTENER_TYPE:
302  if (state == LISTENER_STATE_READY)
303  return "ready";
304  break;
305  case CONN_TYPE_OR:
306  switch (state) {
307  case OR_CONN_STATE_CONNECTING: return "connect()ing";
308  case OR_CONN_STATE_PROXY_HANDSHAKING: return "handshaking (proxy)";
309  case OR_CONN_STATE_TLS_HANDSHAKING: return "handshaking (TLS)";
311  return "renegotiating (TLS, v2 handshake)";
313  return "waiting for renegotiation or V3 handshake";
315  return "handshaking (Tor, v2 handshake)";
317  return "handshaking (Tor, v3 handshake)";
318  case OR_CONN_STATE_OPEN: return "open";
319  }
320  break;
321  case CONN_TYPE_EXT_OR:
322  switch (state) {
324  return "waiting for authentication type";
326  return "waiting for client nonce";
328  return "waiting for client hash";
329  case EXT_OR_CONN_STATE_OPEN: return "open";
330  case EXT_OR_CONN_STATE_FLUSHING: return "flushing final OKAY";
331  }
332  break;
333  case CONN_TYPE_EXIT:
334  switch (state) {
335  case EXIT_CONN_STATE_RESOLVING: return "waiting for dest info";
336  case EXIT_CONN_STATE_CONNECTING: return "connecting";
337  case EXIT_CONN_STATE_OPEN: return "open";
338  case EXIT_CONN_STATE_RESOLVEFAILED: return "resolve failed";
339  }
340  break;
341  case CONN_TYPE_AP:
342  switch (state) {
343  case AP_CONN_STATE_SOCKS_WAIT: return "waiting for socks info";
344  case AP_CONN_STATE_NATD_WAIT: return "waiting for natd dest info";
345  case AP_CONN_STATE_RENDDESC_WAIT: return "waiting for rendezvous desc";
346  case AP_CONN_STATE_CONTROLLER_WAIT: return "waiting for controller";
347  case AP_CONN_STATE_CIRCUIT_WAIT: return "waiting for circuit";
348  case AP_CONN_STATE_CONNECT_WAIT: return "waiting for connect response";
349  case AP_CONN_STATE_RESOLVE_WAIT: return "waiting for resolve response";
350  case AP_CONN_STATE_OPEN: return "open";
351  }
352  break;
353  case CONN_TYPE_DIR:
354  switch (state) {
355  case DIR_CONN_STATE_CONNECTING: return "connecting";
356  case DIR_CONN_STATE_CLIENT_SENDING: return "client sending";
357  case DIR_CONN_STATE_CLIENT_READING: return "client reading";
358  case DIR_CONN_STATE_CLIENT_FINISHED: return "client finished";
359  case DIR_CONN_STATE_SERVER_COMMAND_WAIT: return "waiting for command";
360  case DIR_CONN_STATE_SERVER_WRITING: return "writing";
361  }
362  break;
363  case CONN_TYPE_CONTROL:
364  switch (state) {
365  case CONTROL_CONN_STATE_OPEN: return "open (protocol v1)";
367  return "waiting for authentication (protocol v1)";
368  }
369  break;
370  }
371 
372  if (state == 0) {
373  return "uninitialized";
374  }
375 
376  log_warn(LD_BUG, "unknown connection state %d (type %d)", state, type);
377  tor_snprintf(buf, sizeof(buf),
378  "unknown state [%d] on unknown [%s] connection",
379  state, conn_type_to_string(type));
380  tor_assert_nonfatal_unreached_once();
381  return buf;
382 }
383 
384 /**
385  * Helper: describe the peer or address of connection @a conn in a
386  * human-readable manner.
387  *
388  * Returns a pointer to a static buffer; future calls to
389  * connection_describe_peer_internal() will invalidate this buffer.
390  *
391  * If <b>include_preposition</b> is true, include a preposition before the
392  * peer address.
393  *
394  * Nobody should parse the output of this function; it can and will change in
395  * future versions of tor.
396  **/
397 static const char *
399  bool include_preposition)
400 {
401  IF_BUG_ONCE(!conn) {
402  return "null peer";
403  }
404 
405  static char peer_buf[256];
406  const tor_addr_t *addr = &conn->addr;
407  const char *address = NULL;
408  const char *prep;
409  bool scrub = false;
410  char extra_buf[128];
411  extra_buf[0] = 0;
412 
413  /* First, figure out the preposition to use */
414  switch (conn->type) {
415  CASE_ANY_LISTENER_TYPE:
416  prep = "on";
417  break;
418  case CONN_TYPE_EXIT:
419  prep = "to";
420  break;
421  case CONN_TYPE_CONTROL:
422  case CONN_TYPE_AP:
423  case CONN_TYPE_EXT_OR:
424  prep = "from";
425  break;
426  default:
427  prep = "with";
428  break;
429  }
430 
431  /* Now figure out the address. */
432  if (conn->socket_family == AF_UNIX) {
433  /* For unix sockets, we always use the `address` string. */
434  address = conn->address ? conn->address : "unix socket";
435  } else if (conn->type == CONN_TYPE_OR) {
436  /* For OR connections, we have a lot to do. */
437  const or_connection_t *or_conn = CONST_TO_OR_CONN(conn);
438  /* We report the IDs we're talking to... */
439  if (fast_digest_is_zero(or_conn->identity_digest)) {
440  // This could be a client, so scrub it. No identity to report.
441  scrub = true;
442  } else {
443  char id_buf[HEX_DIGEST_LEN+1];
444  base16_encode(id_buf, sizeof(id_buf),
445  or_conn->identity_digest, DIGEST_LEN);
446  tor_snprintf(extra_buf, sizeof(extra_buf),
447  " ID=%s", id_buf);
448  }
449  if (! scrub && (! tor_addr_eq(addr, &or_conn->canonical_orport.addr) ||
450  conn->port != or_conn->canonical_orport.port)) {
451  /* We report canonical address, if it's different */
452  char canonical_addr_buf[TOR_ADDR_BUF_LEN];
453  if (tor_addr_to_str(canonical_addr_buf, &or_conn->canonical_orport.addr,
454  sizeof(canonical_addr_buf), 1)) {
455  tor_snprintf(extra_buf+strlen(extra_buf),
456  sizeof(extra_buf)-strlen(extra_buf),
457  " canonical_addr=%s:%"PRIu16,
458  canonical_addr_buf,
459  or_conn->canonical_orport.port);
460  }
461  }
462  } else if (conn->type == CONN_TYPE_EXIT) {
463  scrub = true; /* This is a client's request; scrub it with SafeLogging. */
464  if (tor_addr_is_null(addr)) {
465  address = conn->address;
466  strlcpy(extra_buf, " (DNS lookup pending)", sizeof(extra_buf));
467  }
468  }
469 
470  char addr_buf[TOR_ADDR_BUF_LEN];
471  if (address == NULL) {
472  if (tor_addr_family(addr) == 0) {
473  address = "<unset>";
474  } else {
475  address = tor_addr_to_str(addr_buf, addr, sizeof(addr_buf), 1);
476  if (!address) {
477  address = "<can't format!>";
478  tor_assert_nonfatal_unreached_once();
479  }
480  }
481  }
482 
483  char portbuf[7];
484  portbuf[0]=0;
485  if (scrub && get_options()->SafeLogging_ != SAFELOG_SCRUB_NONE) {
486  address = "[scrubbed]";
487  } else {
488  /* Only set the port if we're not scrubbing the address. */
489  if (conn->port != 0) {
490  tor_snprintf(portbuf, sizeof(portbuf), ":%d", conn->port);
491  }
492  }
493 
494  const char *sp = include_preposition ? " " : "";
495  if (! include_preposition)
496  prep = "";
497 
498  tor_snprintf(peer_buf, sizeof(peer_buf),
499  "%s%s%s%s%s", prep, sp, address, portbuf, extra_buf);
500  return peer_buf;
501 }
502 
503 /**
504  * Describe the peer or address of connection @a conn in a
505  * human-readable manner.
506  *
507  * Returns a pointer to a static buffer; future calls to
508  * connection_describe_peer() or connection_describe() will invalidate this
509  * buffer.
510  *
511  * Nobody should parse the output of this function; it can and will change in
512  * future versions of tor.
513  **/
514 const char *
516 {
517  return connection_describe_peer_internal(conn, false);
518 }
519 
520 /**
521  * Describe a connection for logging purposes.
522  *
523  * Returns a pointer to a static buffer; future calls to connection_describe()
524  * will invalidate this buffer.
525  *
526  * Nobody should parse the output of this function; it can and will change in
527  * future versions of tor.
528  **/
529 const char *
531 {
532  IF_BUG_ONCE(!conn) {
533  return "null connection";
534  }
535  static char desc_buf[256];
536  const char *peer = connection_describe_peer_internal(conn, true);
537  tor_snprintf(desc_buf, sizeof(desc_buf),
538  "%s connection (%s) %s",
539  conn_type_to_string(conn->type),
540  conn_state_to_string(conn->type, conn->state),
541  peer);
542  return desc_buf;
543 }
544 
545 /** Allocate and return a new dir_connection_t, initialized as by
546  * connection_init(). */
548 dir_connection_new(int socket_family)
549 {
550  dir_connection_t *dir_conn = tor_malloc_zero(sizeof(dir_connection_t));
551  connection_init(time(NULL), TO_CONN(dir_conn), CONN_TYPE_DIR, socket_family);
552  return dir_conn;
553 }
554 
555 /** Allocate and return a new or_connection_t, initialized as by
556  * connection_init().
557  *
558  * Initialize active_circuit_pqueue.
559  *
560  * Set active_circuit_pqueue_last_recalibrated to current cell_ewma tick.
561  */
563 or_connection_new(int type, int socket_family)
564 {
565  or_connection_t *or_conn = tor_malloc_zero(sizeof(or_connection_t));
566  time_t now = time(NULL);
567  tor_assert(type == CONN_TYPE_OR || type == CONN_TYPE_EXT_OR);
568  connection_init(now, TO_CONN(or_conn), type, socket_family);
569 
570  tor_addr_make_unspec(&or_conn->canonical_orport.addr);
571  connection_or_set_canonical(or_conn, 0);
572 
573  if (type == CONN_TYPE_EXT_OR) {
574  /* If we aren't told an address for this connection, we should
575  * presume it isn't local, and should be rate-limited. */
576  TO_CONN(or_conn)->always_rate_limit_as_remote = 1;
578  }
579 
580  return or_conn;
581 }
582 
583 /** Allocate and return a new entry_connection_t, initialized as by
584  * connection_init().
585  *
586  * Allocate space to store the socks_request.
587  */
589 entry_connection_new(int type, int socket_family)
590 {
591  entry_connection_t *entry_conn = tor_malloc_zero(sizeof(entry_connection_t));
592  tor_assert(type == CONN_TYPE_AP);
593  connection_init(time(NULL), ENTRY_TO_CONN(entry_conn), type, socket_family);
594  entry_conn->socks_request = socks_request_new();
595  /* If this is coming from a listener, we'll set it up based on the listener
596  * in a little while. Otherwise, we're doing this as a linked connection
597  * of some kind, and we should set it up here based on the socket family */
598  if (socket_family == AF_INET)
599  entry_conn->entry_cfg.ipv4_traffic = 1;
600  else if (socket_family == AF_INET6)
601  entry_conn->entry_cfg.ipv6_traffic = 1;
602  return entry_conn;
603 }
604 
605 /** Allocate and return a new edge_connection_t, initialized as by
606  * connection_init(). */
608 edge_connection_new(int type, int socket_family)
609 {
610  edge_connection_t *edge_conn = tor_malloc_zero(sizeof(edge_connection_t));
611  tor_assert(type == CONN_TYPE_EXIT);
612  connection_init(time(NULL), TO_CONN(edge_conn), type, socket_family);
613  return edge_conn;
614 }
615 
616 /** Allocate and return a new control_connection_t, initialized as by
617  * connection_init(). */
619 control_connection_new(int socket_family)
620 {
621  control_connection_t *control_conn =
622  tor_malloc_zero(sizeof(control_connection_t));
623  connection_init(time(NULL),
624  TO_CONN(control_conn), CONN_TYPE_CONTROL, socket_family);
625  return control_conn;
626 }
627 
628 /** Allocate and return a new listener_connection_t, initialized as by
629  * connection_init(). */
631 listener_connection_new(int type, int socket_family)
632 {
633  listener_connection_t *listener_conn =
634  tor_malloc_zero(sizeof(listener_connection_t));
635  connection_init(time(NULL), TO_CONN(listener_conn), type, socket_family);
636  return listener_conn;
637 }
638 
639 /** Allocate, initialize, and return a new connection_t subtype of <b>type</b>
640  * to make or receive connections of address family <b>socket_family</b>. The
641  * type should be one of the CONN_TYPE_* constants. */
642 connection_t *
643 connection_new(int type, int socket_family)
644 {
645  switch (type) {
646  case CONN_TYPE_OR:
647  case CONN_TYPE_EXT_OR:
648  return TO_CONN(or_connection_new(type, socket_family));
649 
650  case CONN_TYPE_EXIT:
651  return TO_CONN(edge_connection_new(type, socket_family));
652 
653  case CONN_TYPE_AP:
654  return ENTRY_TO_CONN(entry_connection_new(type, socket_family));
655 
656  case CONN_TYPE_DIR:
657  return TO_CONN(dir_connection_new(socket_family));
658 
659  case CONN_TYPE_CONTROL:
660  return TO_CONN(control_connection_new(socket_family));
661 
662  CASE_ANY_LISTENER_TYPE:
663  return TO_CONN(listener_connection_new(type, socket_family));
664 
665  default: {
666  connection_t *conn = tor_malloc_zero(sizeof(connection_t));
667  connection_init(time(NULL), conn, type, socket_family);
668  return conn;
669  }
670  }
671 }
672 
673 /** Initializes conn. (you must call connection_add() to link it into the main
674  * array).
675  *
676  * Set conn->magic to the correct value.
677  *
678  * Set conn->type to <b>type</b>. Set conn->s and conn->conn_array_index to
679  * -1 to signify they are not yet assigned.
680  *
681  * Initialize conn's timestamps to now.
682  */
683 static void
684 connection_init(time_t now, connection_t *conn, int type, int socket_family)
685 {
686  static uint64_t n_connections_allocated = 1;
687 
688  switch (type) {
689  case CONN_TYPE_OR:
690  case CONN_TYPE_EXT_OR:
691  conn->magic = OR_CONNECTION_MAGIC;
692  break;
693  case CONN_TYPE_EXIT:
694  conn->magic = EDGE_CONNECTION_MAGIC;
695  break;
696  case CONN_TYPE_AP:
697  conn->magic = ENTRY_CONNECTION_MAGIC;
698  break;
699  case CONN_TYPE_DIR:
700  conn->magic = DIR_CONNECTION_MAGIC;
701  break;
702  case CONN_TYPE_CONTROL:
703  conn->magic = CONTROL_CONNECTION_MAGIC;
704  break;
705  CASE_ANY_LISTENER_TYPE:
706  conn->magic = LISTENER_CONNECTION_MAGIC;
707  break;
708  default:
709  conn->magic = BASE_CONNECTION_MAGIC;
710  break;
711  }
712 
713  conn->s = TOR_INVALID_SOCKET; /* give it a default of 'not used' */
714  conn->conn_array_index = -1; /* also default to 'not used' */
715  conn->global_identifier = n_connections_allocated++;
716 
717  conn->type = type;
718  conn->socket_family = socket_family;
719  if (!connection_is_listener(conn)) {
720  /* listeners never use their buf */
721  conn->inbuf = buf_new();
722  conn->outbuf = buf_new();
723  }
724 
725  conn->timestamp_created = now;
726  conn->timestamp_last_read_allowed = now;
727  conn->timestamp_last_write_allowed = now;
728 }
729 
730 /** Create a link between <b>conn_a</b> and <b>conn_b</b>. */
731 void
733 {
734  tor_assert(! SOCKET_OK(conn_a->s));
735  tor_assert(! SOCKET_OK(conn_b->s));
736 
737  conn_a->linked = 1;
738  conn_b->linked = 1;
739  conn_a->linked_conn = conn_b;
740  conn_b->linked_conn = conn_a;
741 }
742 
743 /** Return true iff the provided connection listener type supports AF_UNIX
744  * sockets. */
745 int
747 {
748  /* For now only control ports or SOCKS ports can be Unix domain sockets
749  * and listeners at the same time */
750  switch (type) {
753  return 1;
754  default:
755  return 0;
756  }
757 }
758 
759 /** Deallocate memory used by <b>conn</b>. Deallocate its buffers if
760  * necessary, close its socket if necessary, and mark the directory as dirty
761  * if <b>conn</b> is an OR or OP connection.
762  */
763 STATIC void
765 {
766  void *mem;
767  size_t memlen;
768  if (!conn)
769  return;
770 
771  switch (conn->type) {
772  case CONN_TYPE_OR:
773  case CONN_TYPE_EXT_OR:
774  tor_assert(conn->magic == OR_CONNECTION_MAGIC);
775  mem = TO_OR_CONN(conn);
776  memlen = sizeof(or_connection_t);
777  break;
778  case CONN_TYPE_AP:
779  tor_assert(conn->magic == ENTRY_CONNECTION_MAGIC);
780  mem = TO_ENTRY_CONN(conn);
781  memlen = sizeof(entry_connection_t);
782  break;
783  case CONN_TYPE_EXIT:
784  tor_assert(conn->magic == EDGE_CONNECTION_MAGIC);
785  mem = TO_EDGE_CONN(conn);
786  memlen = sizeof(edge_connection_t);
787  break;
788  case CONN_TYPE_DIR:
789  tor_assert(conn->magic == DIR_CONNECTION_MAGIC);
790  mem = TO_DIR_CONN(conn);
791  memlen = sizeof(dir_connection_t);
792  break;
793  case CONN_TYPE_CONTROL:
794  tor_assert(conn->magic == CONTROL_CONNECTION_MAGIC);
795  mem = TO_CONTROL_CONN(conn);
796  memlen = sizeof(control_connection_t);
797  break;
798  CASE_ANY_LISTENER_TYPE:
799  tor_assert(conn->magic == LISTENER_CONNECTION_MAGIC);
800  mem = TO_LISTENER_CONN(conn);
801  memlen = sizeof(listener_connection_t);
802  break;
803  default:
804  tor_assert(conn->magic == BASE_CONNECTION_MAGIC);
805  mem = conn;
806  memlen = sizeof(connection_t);
807  break;
808  }
809 
810  if (conn->linked) {
811  log_info(LD_GENERAL, "Freeing linked %s connection [%s] with %d "
812  "bytes on inbuf, %d on outbuf.",
813  conn_type_to_string(conn->type),
814  conn_state_to_string(conn->type, conn->state),
815  (int)connection_get_inbuf_len(conn),
816  (int)connection_get_outbuf_len(conn));
817  }
818 
819  if (!connection_is_listener(conn)) {
820  buf_free(conn->inbuf);
821  buf_free(conn->outbuf);
822  } else {
823  if (conn->socket_family == AF_UNIX) {
824  /* For now only control and SOCKS ports can be Unix domain sockets
825  * and listeners at the same time */
827 
828  if (unlink(conn->address) < 0 && errno != ENOENT) {
829  log_warn(LD_NET, "Could not unlink %s: %s", conn->address,
830  strerror(errno));
831  }
832  }
833  }
834 
836 
837  if (connection_speaks_cells(conn)) {
838  or_connection_t *or_conn = TO_OR_CONN(conn);
839  if (or_conn->tls) {
840  if (! SOCKET_OK(conn->s)) {
841  /* The socket has been closed by somebody else; we must tell the
842  * TLS object not to close it. */
843  tor_tls_release_socket(or_conn->tls);
844  } else {
845  /* The tor_tls_free() call below will close the socket; we must tell
846  * the code below not to close it a second time. */
848  conn->s = TOR_INVALID_SOCKET;
849  }
850  tor_tls_free(or_conn->tls);
851  or_conn->tls = NULL;
852  }
853  or_handshake_state_free(or_conn->handshake_state);
854  or_conn->handshake_state = NULL;
856  if (or_conn->chan) {
857  /* Owww, this shouldn't happen, but... */
858  channel_t *base_chan = TLS_CHAN_TO_BASE(or_conn->chan);
859  tor_assert(base_chan);
860  log_info(LD_CHANNEL,
861  "Freeing orconn at %p, saw channel %p with ID "
862  "%"PRIu64 " left un-NULLed",
863  or_conn, base_chan,
864  base_chan->global_identifier);
865  if (!CHANNEL_FINISHED(base_chan)) {
866  channel_close_for_error(base_chan);
867  }
868 
869  or_conn->chan->conn = NULL;
870  or_conn->chan = NULL;
871  }
872  }
873  if (conn->type == CONN_TYPE_AP) {
874  entry_connection_t *entry_conn = TO_ENTRY_CONN(conn);
877  if (entry_conn->socks_request)
878  socks_request_free(entry_conn->socks_request);
879  if (entry_conn->pending_optimistic_data) {
880  buf_free(entry_conn->pending_optimistic_data);
881  }
882  if (entry_conn->sending_optimistic_data) {
883  buf_free(entry_conn->sending_optimistic_data);
884  }
885  }
886  if (CONN_IS_EDGE(conn)) {
887  rend_data_free(TO_EDGE_CONN(conn)->rend_data);
888  hs_ident_edge_conn_free(TO_EDGE_CONN(conn)->hs_ident);
889  }
890  if (conn->type == CONN_TYPE_CONTROL) {
891  control_connection_t *control_conn = TO_CONTROL_CONN(conn);
892  tor_free(control_conn->safecookie_client_hash);
893  tor_free(control_conn->incoming_cmd);
894  tor_free(control_conn->current_cmd);
895  if (control_conn->ephemeral_onion_services) {
896  SMARTLIST_FOREACH(control_conn->ephemeral_onion_services, char *, cp, {
897  memwipe(cp, 0, strlen(cp));
898  tor_free(cp);
899  });
900  smartlist_free(control_conn->ephemeral_onion_services);
901  }
902  }
903 
904  /* Probably already freed by connection_free. */
905  tor_event_free(conn->read_event);
906  tor_event_free(conn->write_event);
907  conn->read_event = conn->write_event = NULL;
908 
909  if (conn->type == CONN_TYPE_DIR) {
910  dir_connection_t *dir_conn = TO_DIR_CONN(conn);
911  tor_free(dir_conn->requested_resource);
912 
913  tor_compress_free(dir_conn->compress_state);
914  dir_conn_clear_spool(dir_conn);
915 
916  rend_data_free(dir_conn->rend_data);
917  hs_ident_dir_conn_free(dir_conn->hs_ident);
918  if (dir_conn->guard_state) {
919  /* Cancel before freeing, if it's still there. */
920  entry_guard_cancel(&dir_conn->guard_state);
921  }
922  circuit_guard_state_free(dir_conn->guard_state);
923  }
924 
925  if (SOCKET_OK(conn->s)) {
926  log_debug(LD_NET,"closing fd %d.",(int)conn->s);
927  tor_close_socket(conn->s);
928  conn->s = TOR_INVALID_SOCKET;
929  }
930 
931  if (conn->type == CONN_TYPE_OR &&
932  !tor_digest_is_zero(TO_OR_CONN(conn)->identity_digest)) {
933  log_warn(LD_BUG, "called on OR conn with non-zeroed identity_digest");
935  }
936  if (conn->type == CONN_TYPE_OR || conn->type == CONN_TYPE_EXT_OR) {
938  tor_free(TO_OR_CONN(conn)->ext_or_conn_id);
939  tor_free(TO_OR_CONN(conn)->ext_or_auth_correct_client_hash);
940  tor_free(TO_OR_CONN(conn)->ext_or_transport);
941  }
942 
943  memwipe(mem, 0xCC, memlen); /* poison memory */
944  tor_free(mem);
945 }
946 
947 /** Make sure <b>conn</b> isn't in any of the global conn lists; then free it.
948  */
949 MOCK_IMPL(void,
951 {
952  if (!conn)
953  return;
956  if (BUG(conn->linked_conn)) {
957  conn->linked_conn->linked_conn = NULL;
958  if (! conn->linked_conn->marked_for_close &&
961  conn->linked_conn = NULL;
962  }
963  if (connection_speaks_cells(conn)) {
964  if (!tor_digest_is_zero(TO_OR_CONN(conn)->identity_digest)) {
966  }
967  }
968  if (conn->type == CONN_TYPE_CONTROL) {
970  }
971 #if 1
972  /* DEBUGGING */
973  if (conn->type == CONN_TYPE_AP) {
974  connection_ap_warn_and_unmark_if_pending_circ(TO_ENTRY_CONN(conn),
975  "connection_free");
976  }
977 #endif /* 1 */
978 
979  /* Notify the circuit creation DoS mitigation subsystem that an OR client
980  * connection has been closed. And only do that if we track it. */
981  if (conn->type == CONN_TYPE_OR) {
982  dos_close_client_conn(TO_OR_CONN(conn));
983  }
984 
987 }
988 
989 /**
990  * Called when we're about to finally unlink and free a connection:
991  * perform necessary accounting and cleanup
992  * - Directory conns that failed to fetch a rendezvous descriptor
993  * need to inform pending rendezvous streams.
994  * - OR conns need to call rep_hist_note_*() to record status.
995  * - AP conns need to send a socks reject if necessary.
996  * - Exit conns need to call connection_dns_remove() if necessary.
997  * - AP and Exit conns need to send an end cell if they can.
998  * - DNS conns need to fail any resolves that are pending on them.
999  * - OR and edge connections need to be unlinked from circuits.
1000  */
1001 void
1003 {
1005 
1006  switch (conn->type) {
1007  case CONN_TYPE_DIR:
1009  break;
1010  case CONN_TYPE_OR:
1011  case CONN_TYPE_EXT_OR:
1013  break;
1014  case CONN_TYPE_AP:
1016  break;
1017  case CONN_TYPE_EXIT:
1019  break;
1020  }
1021 }
1022 
1023 /** Return true iff connection_close_immediate() has been called on this
1024  * connection. */
1025 #define CONN_IS_CLOSED(c) \
1026  ((c)->linked ? ((c)->linked_conn_is_closed) : (! SOCKET_OK(c->s)))
1027 
1028 /** Close the underlying socket for <b>conn</b>, so we don't try to
1029  * flush it. Must be used in conjunction with (right before)
1030  * connection_mark_for_close().
1031  */
1032 void
1034 {
1035  assert_connection_ok(conn,0);
1036  if (CONN_IS_CLOSED(conn)) {
1037  log_err(LD_BUG,"Attempt to close already-closed connection.");
1039  return;
1040  }
1041  if (connection_get_outbuf_len(conn)) {
1042  log_info(LD_NET,"fd %d, type %s, state %s, %"TOR_PRIuSZ" bytes on outbuf.",
1043  (int)conn->s, conn_type_to_string(conn->type),
1044  conn_state_to_string(conn->type, conn->state),
1045  buf_datalen(conn->outbuf));
1046  }
1047 
1049 
1050  /* Prevent the event from getting unblocked. */
1051  conn->read_blocked_on_bw = 0;
1052  conn->write_blocked_on_bw = 0;
1053 
1054  if (SOCKET_OK(conn->s))
1055  tor_close_socket(conn->s);
1056  conn->s = TOR_INVALID_SOCKET;
1057  if (conn->linked)
1058  conn->linked_conn_is_closed = 1;
1059  if (conn->outbuf)
1060  buf_clear(conn->outbuf);
1061 }
1062 
1063 /** Mark <b>conn</b> to be closed next time we loop through
1064  * conn_close_if_marked() in main.c. */
1065 void
1066 connection_mark_for_close_(connection_t *conn, int line, const char *file)
1067 {
1068  assert_connection_ok(conn,0);
1069  tor_assert(line);
1070  tor_assert(line < 1<<16); /* marked_for_close can only fit a uint16_t. */
1071  tor_assert(file);
1072 
1073  if (conn->type == CONN_TYPE_OR) {
1074  /*
1075  * An or_connection should have been closed through one of the channel-
1076  * aware functions in connection_or.c. We'll assume this is an error
1077  * close and do that, and log a bug warning.
1078  */
1079  log_warn(LD_CHANNEL | LD_BUG,
1080  "Something tried to close an or_connection_t without going "
1081  "through channels at %s:%d",
1082  file, line);
1084  } else {
1085  /* Pass it down to the real function */
1086  connection_mark_for_close_internal_(conn, line, file);
1087  }
1088 }
1089 
1090 /** Mark <b>conn</b> to be closed next time we loop through
1091  * conn_close_if_marked() in main.c.
1092  *
1093  * This _internal version bypasses the CONN_TYPE_OR checks; this should be
1094  * called when you either are sure that if this is an or_connection_t the
1095  * controlling channel has been notified (e.g. with
1096  * connection_or_notify_error()), or you actually are the
1097  * connection_or_close_for_error() or connection_or_close_normally() function.
1098  * For all other cases, use connection_mark_and_flush() which checks for
1099  * or_connection_t properly, instead. See below.
1100  *
1101  * We want to keep this function simple and quick, since it can be called from
1102  * quite deep in the call chain, and hence it should avoid having side-effects
1103  * that interfere with its callers view of the connection.
1104  */
1105 MOCK_IMPL(void,
1107  int line, const char *file))
1108 {
1109  assert_connection_ok(conn,0);
1110  tor_assert(line);
1111  tor_assert(line < 1<<16); /* marked_for_close can only fit a uint16_t. */
1112  tor_assert(file);
1113 
1114  if (conn->marked_for_close) {
1115  log_warn(LD_BUG,"Duplicate call to connection_mark_for_close at %s:%d"
1116  " (first at %s:%d)", file, line, conn->marked_for_close_file,
1117  conn->marked_for_close);
1119  return;
1120  }
1121 
1122  if (conn->type == CONN_TYPE_OR) {
1123  /*
1124  * Bad news if this happens without telling the controlling channel; do
1125  * this so we can find things that call this wrongly when the asserts hit.
1126  */
1127  log_debug(LD_CHANNEL,
1128  "Calling connection_mark_for_close_internal_() on an OR conn "
1129  "at %s:%d",
1130  file, line);
1131  }
1132 
1133  conn->marked_for_close = line;
1134  conn->marked_for_close_file = file;
1136 
1137  /* in case we're going to be held-open-til-flushed, reset
1138  * the number of seconds since last successful write, so
1139  * we get our whole 15 seconds */
1140  conn->timestamp_last_write_allowed = time(NULL);
1141 }
1142 
1143 /** Find each connection that has hold_open_until_flushed set to
1144  * 1 but hasn't written in the past 15 seconds, and set
1145  * hold_open_until_flushed to 0. This means it will get cleaned
1146  * up in the next loop through close_if_marked() in main.c.
1147  */
1148 void
1150 {
1151  time_t now;
1152  smartlist_t *conns = get_connection_array();
1153 
1154  now = time(NULL);
1155 
1156  SMARTLIST_FOREACH_BEGIN(conns, connection_t *, conn) {
1157  /* If we've been holding the connection open, but we haven't written
1158  * for 15 seconds...
1159  */
1160  if (conn->hold_open_until_flushed) {
1162  if (now - conn->timestamp_last_write_allowed >= 15) {
1163  int severity;
1164  if (conn->type == CONN_TYPE_EXIT ||
1165  (conn->type == CONN_TYPE_DIR &&
1166  conn->purpose == DIR_PURPOSE_SERVER))
1167  severity = LOG_INFO;
1168  else
1169  severity = LOG_NOTICE;
1170  log_fn(severity, LD_NET,
1171  "Giving up on marked_for_close conn that's been flushing "
1172  "for 15s (fd %d, type %s, state %s).",
1173  (int)conn->s, conn_type_to_string(conn->type),
1174  conn_state_to_string(conn->type, conn->state));
1175  conn->hold_open_until_flushed = 0;
1176  }
1177  }
1178  } SMARTLIST_FOREACH_END(conn);
1179 }
1180 
1181 #if defined(HAVE_SYS_UN_H) || defined(RUNNING_DOXYGEN)
1182 /** Create an AF_UNIX listenaddr struct.
1183  * <b>listenaddress</b> provides the path to the Unix socket.
1184  *
1185  * Eventually <b>listenaddress</b> will also optionally contain user, group,
1186  * and file permissions for the new socket. But not yet. XXX
1187  * Also, since we do not create the socket here the information doesn't help
1188  * here.
1189  *
1190  * If not NULL <b>readable_address</b> will contain a copy of the path part of
1191  * <b>listenaddress</b>.
1192  *
1193  * The listenaddr struct has to be freed by the caller.
1194  */
1195 static struct sockaddr_un *
1196 create_unix_sockaddr(const char *listenaddress, char **readable_address,
1197  socklen_t *len_out)
1198 {
1199  struct sockaddr_un *sockaddr = NULL;
1200 
1201  sockaddr = tor_malloc_zero(sizeof(struct sockaddr_un));
1202  sockaddr->sun_family = AF_UNIX;
1203  if (strlcpy(sockaddr->sun_path, listenaddress, sizeof(sockaddr->sun_path))
1204  >= sizeof(sockaddr->sun_path)) {
1205  log_warn(LD_CONFIG, "Unix socket path '%s' is too long to fit.",
1206  escaped(listenaddress));
1207  tor_free(sockaddr);
1208  return NULL;
1209  }
1210 
1211  if (readable_address)
1212  *readable_address = tor_strdup(listenaddress);
1213 
1214  *len_out = sizeof(struct sockaddr_un);
1215  return sockaddr;
1216 }
1217 #else /* !(defined(HAVE_SYS_UN_H) || defined(RUNNING_DOXYGEN)) */
1218 static struct sockaddr *
1219 create_unix_sockaddr(const char *listenaddress, char **readable_address,
1220  socklen_t *len_out)
1221 {
1222  (void)listenaddress;
1223  (void)readable_address;
1225  "Unix domain sockets not supported, yet we tried to create one.");
1226  *len_out = 0;
1228  return NULL;
1229 }
1230 #endif /* defined(HAVE_SYS_UN_H) || defined(RUNNING_DOXYGEN) */
1231 
1232 /** Warn that an accept or a connect has failed because we're running out of
1233  * TCP sockets we can use on current system. Rate-limit these warnings so
1234  * that we don't spam the log. */
1235 static void
1237 {
1238 #define WARN_TOO_MANY_CONNS_INTERVAL (6*60*60)
1239  static ratelim_t last_warned = RATELIM_INIT(WARN_TOO_MANY_CONNS_INTERVAL);
1240  char *m;
1241  if ((m = rate_limit_log(&last_warned, approx_time()))) {
1242  int n_conns = get_n_open_sockets();
1243  log_warn(LD_NET,"Failing because we have %d connections already. Please "
1244  "read doc/TUNING for guidance.%s", n_conns, m);
1245  tor_free(m);
1246  control_event_general_status(LOG_WARN, "TOO_MANY_CONNECTIONS CURRENT=%d",
1247  n_conns);
1248  }
1249 }
1250 
1251 #ifdef HAVE_SYS_UN_H
1252 
1253 #define UNIX_SOCKET_PURPOSE_CONTROL_SOCKET 0
1254 #define UNIX_SOCKET_PURPOSE_SOCKS_SOCKET 1
1255 
1256 /** Check if the purpose isn't one of the ones we know what to do with */
1257 
1258 static int
1259 is_valid_unix_socket_purpose(int purpose)
1260 {
1261  int valid = 0;
1262 
1263  switch (purpose) {
1264  case UNIX_SOCKET_PURPOSE_CONTROL_SOCKET:
1265  case UNIX_SOCKET_PURPOSE_SOCKS_SOCKET:
1266  valid = 1;
1267  break;
1268  }
1269 
1270  return valid;
1271 }
1272 
1273 /** Return a string description of a unix socket purpose */
1274 static const char *
1275 unix_socket_purpose_to_string(int purpose)
1276 {
1277  const char *s = "unknown-purpose socket";
1278 
1279  switch (purpose) {
1280  case UNIX_SOCKET_PURPOSE_CONTROL_SOCKET:
1281  s = "control socket";
1282  break;
1283  case UNIX_SOCKET_PURPOSE_SOCKS_SOCKET:
1284  s = "SOCKS socket";
1285  break;
1286  }
1287 
1288  return s;
1289 }
1290 
1291 /** Check whether we should be willing to open an AF_UNIX socket in
1292  * <b>path</b>. Return 0 if we should go ahead and -1 if we shouldn't. */
1293 static int
1294 check_location_for_unix_socket(const or_options_t *options, const char *path,
1295  int purpose, const port_cfg_t *port)
1296 {
1297  int r = -1;
1298  char *p = NULL;
1299 
1300  tor_assert(is_valid_unix_socket_purpose(purpose));
1301 
1302  p = tor_strdup(path);
1303  cpd_check_t flags = CPD_CHECK_MODE_ONLY;
1304  if (get_parent_directory(p)<0 || p[0] != '/') {
1305  log_warn(LD_GENERAL, "Bad unix socket address '%s'. Tor does not support "
1306  "relative paths for unix sockets.", path);
1307  goto done;
1308  }
1309 
1310  if (port->is_world_writable) {
1311  /* World-writable sockets can go anywhere. */
1312  r = 0;
1313  goto done;
1314  }
1315 
1316  if (port->is_group_writable) {
1317  flags |= CPD_GROUP_OK;
1318  }
1319 
1320  if (port->relax_dirmode_check) {
1321  flags |= CPD_RELAX_DIRMODE_CHECK;
1322  }
1323 
1324  if (check_private_dir(p, flags, options->User) < 0) {
1325  char *escpath, *escdir;
1326  escpath = esc_for_log(path);
1327  escdir = esc_for_log(p);
1328  log_warn(LD_GENERAL, "Before Tor can create a %s in %s, the directory "
1329  "%s needs to exist, and to be accessible only by the user%s "
1330  "account that is running Tor. (On some Unix systems, anybody "
1331  "who can list a socket can connect to it, so Tor is being "
1332  "careful.)",
1333  unix_socket_purpose_to_string(purpose), escpath, escdir,
1334  port->is_group_writable ? " and group" : "");
1335  tor_free(escpath);
1336  tor_free(escdir);
1337  goto done;
1338  }
1339 
1340  r = 0;
1341  done:
1342  tor_free(p);
1343  return r;
1344 }
1345 #endif /* defined(HAVE_SYS_UN_H) */
1346 
1347 /** Tell the TCP stack that it shouldn't wait for a long time after
1348  * <b>sock</b> has closed before reusing its port. Return 0 on success,
1349  * -1 on failure. */
1350 static int
1352 {
1353 #ifdef _WIN32
1354  (void) sock;
1355  return 0;
1356 #else
1357  int one=1;
1358 
1359  /* REUSEADDR on normal places means you can rebind to the port
1360  * right after somebody else has let it go. But REUSEADDR on win32
1361  * means you can bind to the port _even when somebody else
1362  * already has it bound_. So, don't do that on Win32. */
1363  if (setsockopt(sock, SOL_SOCKET, SO_REUSEADDR, (void*) &one,
1364  (socklen_t)sizeof(one)) == -1) {
1365  return -1;
1366  }
1367  return 0;
1368 #endif /* defined(_WIN32) */
1369 }
1370 
1371 #ifdef _WIN32
1372 /** Tell the Windows TCP stack to prevent other applications from receiving
1373  * traffic from tor's open ports. Return 0 on success, -1 on failure. */
1374 static int
1375 make_win32_socket_exclusive(tor_socket_t sock)
1376 {
1377 #ifdef SO_EXCLUSIVEADDRUSE
1378  int one=1;
1379 
1380  /* Any socket that sets REUSEADDR on win32 can bind to a port _even when
1381  * somebody else already has it bound_, and _even if the original socket
1382  * didn't set REUSEADDR_. Use EXCLUSIVEADDRUSE to prevent this port-stealing
1383  * on win32. */
1384  if (setsockopt(sock, SOL_SOCKET, SO_EXCLUSIVEADDRUSE, (void*) &one,
1385  (socklen_t)sizeof(one))) {
1386  return -1;
1387  }
1388  return 0;
1389 #else /* !defined(SO_EXCLUSIVEADDRUSE) */
1390  (void) sock;
1391  return 0;
1392 #endif /* defined(SO_EXCLUSIVEADDRUSE) */
1393 }
1394 #endif /* defined(_WIN32) */
1395 
1396 /** Max backlog to pass to listen. We start at */
1397 static int listen_limit = INT_MAX;
1398 
1399 /* Listen on <b>fd</b> with appropriate backlog. Return as for listen. */
1400 static int
1401 tor_listen(tor_socket_t fd)
1402 {
1403  int r;
1404 
1405  if ((r = listen(fd, listen_limit)) < 0) {
1406  if (listen_limit == SOMAXCONN)
1407  return r;
1408  if ((r = listen(fd, SOMAXCONN)) == 0) {
1409  listen_limit = SOMAXCONN;
1410  log_warn(LD_NET, "Setting listen backlog to INT_MAX connections "
1411  "didn't work, but SOMAXCONN did. Lowering backlog limit.");
1412  }
1413  }
1414  return r;
1415 }
1416 
1417 /** Bind a new non-blocking socket listening to the socket described
1418  * by <b>listensockaddr</b>.
1419  *
1420  * <b>address</b> is only used for logging purposes and to add the information
1421  * to the conn.
1422  *
1423  * Set <b>addr_in_use</b> to true in case socket binding fails with
1424  * EADDRINUSE.
1425  */
1426 static connection_t *
1427 connection_listener_new(const struct sockaddr *listensockaddr,
1428  socklen_t socklen,
1429  int type, const char *address,
1430  const port_cfg_t *port_cfg,
1431  int *addr_in_use)
1432 {
1433  listener_connection_t *lis_conn;
1434  connection_t *conn = NULL;
1435  tor_socket_t s = TOR_INVALID_SOCKET; /* the socket we're going to make */
1436  or_options_t const *options = get_options();
1437  (void) options; /* Windows doesn't use this. */
1438 #if defined(HAVE_PWD_H) && defined(HAVE_SYS_UN_H)
1439  const struct passwd *pw = NULL;
1440 #endif
1441  uint16_t usePort = 0, gotPort = 0;
1442  int start_reading = 0;
1443  static int global_next_session_group = SESSION_GROUP_FIRST_AUTO;
1444  tor_addr_t addr;
1445  int exhaustion = 0;
1446 
1447  if (addr_in_use)
1448  *addr_in_use = 0;
1449 
1450  if (listensockaddr->sa_family == AF_INET ||
1451  listensockaddr->sa_family == AF_INET6) {
1452  int is_stream = (type != CONN_TYPE_AP_DNS_LISTENER);
1453  if (is_stream)
1454  start_reading = 1;
1455 
1456  tor_addr_from_sockaddr(&addr, listensockaddr, &usePort);
1457  log_notice(LD_NET, "Opening %s on %s",
1458  conn_type_to_string(type), fmt_addrport(&addr, usePort));
1459 
1461  is_stream ? SOCK_STREAM : SOCK_DGRAM,
1462  is_stream ? IPPROTO_TCP: IPPROTO_UDP);
1463  if (!SOCKET_OK(s)) {
1464  int e = tor_socket_errno(s);
1465  if (ERRNO_IS_RESOURCE_LIMIT(e)) {
1467  /*
1468  * We'll call the OOS handler at the error exit, so set the
1469  * exhaustion flag for it.
1470  */
1471  exhaustion = 1;
1472  } else {
1473  log_warn(LD_NET, "Socket creation failed: %s",
1474  tor_socket_strerror(e));
1475  }
1476  goto err;
1477  }
1478 
1479  if (make_socket_reuseable(s) < 0) {
1480  log_warn(LD_NET, "Error setting SO_REUSEADDR flag on %s: %s",
1481  conn_type_to_string(type),
1482  tor_socket_strerror(errno));
1483  }
1484 
1485 #ifdef _WIN32
1486  if (make_win32_socket_exclusive(s) < 0) {
1487  log_warn(LD_NET, "Error setting SO_EXCLUSIVEADDRUSE flag on %s: %s",
1488  conn_type_to_string(type),
1489  tor_socket_strerror(errno));
1490  }
1491 #endif /* defined(_WIN32) */
1492 
1493 #if defined(USE_TRANSPARENT) && defined(IP_TRANSPARENT)
1494  if (options->TransProxyType_parsed == TPT_TPROXY &&
1495  type == CONN_TYPE_AP_TRANS_LISTENER) {
1496  int one = 1;
1497  if (setsockopt(s, SOL_IP, IP_TRANSPARENT, (void*)&one,
1498  (socklen_t)sizeof(one)) < 0) {
1499  const char *extra = "";
1500  int e = tor_socket_errno(s);
1501  if (e == EPERM)
1502  extra = "TransTPROXY requires root privileges or similar"
1503  " capabilities.";
1504  log_warn(LD_NET, "Error setting IP_TRANSPARENT flag: %s.%s",
1505  tor_socket_strerror(e), extra);
1506  }
1507  }
1508 #endif /* defined(USE_TRANSPARENT) && defined(IP_TRANSPARENT) */
1509 
1510 #ifdef IPV6_V6ONLY
1511  if (listensockaddr->sa_family == AF_INET6) {
1512  int one = 1;
1513  /* We need to set IPV6_V6ONLY so that this socket can't get used for
1514  * IPv4 connections. */
1515  if (setsockopt(s,IPPROTO_IPV6, IPV6_V6ONLY,
1516  (void*)&one, (socklen_t)sizeof(one)) < 0) {
1517  int e = tor_socket_errno(s);
1518  log_warn(LD_NET, "Error setting IPV6_V6ONLY flag: %s",
1519  tor_socket_strerror(e));
1520  /* Keep going; probably not harmful. */
1521  }
1522  }
1523 #endif /* defined(IPV6_V6ONLY) */
1524 
1525  if (bind(s,listensockaddr,socklen) < 0) {
1526  const char *helpfulhint = "";
1527  int e = tor_socket_errno(s);
1528  if (ERRNO_IS_EADDRINUSE(e)) {
1529  helpfulhint = ". Is Tor already running?";
1530  if (addr_in_use)
1531  *addr_in_use = 1;
1532  }
1533  log_warn(LD_NET, "Could not bind to %s:%u: %s%s", address, usePort,
1534  tor_socket_strerror(e), helpfulhint);
1535  goto err;
1536  }
1537 
1538  if (is_stream) {
1539  if (tor_listen(s) < 0) {
1540  log_warn(LD_NET, "Could not listen on %s:%u: %s", address, usePort,
1541  tor_socket_strerror(tor_socket_errno(s)));
1542  goto err;
1543  }
1544  }
1545 
1546  if (usePort != 0) {
1547  gotPort = usePort;
1548  } else {
1549  tor_addr_t addr2;
1550  struct sockaddr_storage ss;
1551  socklen_t ss_len=sizeof(ss);
1552  if (getsockname(s, (struct sockaddr*)&ss, &ss_len)<0) {
1553  log_warn(LD_NET, "getsockname() couldn't learn address for %s: %s",
1554  conn_type_to_string(type),
1555  tor_socket_strerror(tor_socket_errno(s)));
1556  gotPort = 0;
1557  }
1558  tor_addr_from_sockaddr(&addr2, (struct sockaddr*)&ss, &gotPort);
1559  }
1560 #ifdef HAVE_SYS_UN_H
1561  /*
1562  * AF_UNIX generic setup stuff
1563  */
1564  } else if (listensockaddr->sa_family == AF_UNIX) {
1565  /* We want to start reading for both AF_UNIX cases */
1566  start_reading = 1;
1567 
1569 
1570  if (check_location_for_unix_socket(options, address,
1571  (type == CONN_TYPE_CONTROL_LISTENER) ?
1572  UNIX_SOCKET_PURPOSE_CONTROL_SOCKET :
1573  UNIX_SOCKET_PURPOSE_SOCKS_SOCKET, port_cfg) < 0) {
1574  goto err;
1575  }
1576 
1577  log_notice(LD_NET, "Opening %s on %s",
1578  conn_type_to_string(type), address);
1579 
1580  tor_addr_make_unspec(&addr);
1581 
1582  if (unlink(address) < 0 && errno != ENOENT) {
1583  log_warn(LD_NET, "Could not unlink %s: %s", address,
1584  strerror(errno));
1585  goto err;
1586  }
1587 
1588  s = tor_open_socket_nonblocking(AF_UNIX, SOCK_STREAM, 0);
1589  if (! SOCKET_OK(s)) {
1590  int e = tor_socket_errno(s);
1591  if (ERRNO_IS_RESOURCE_LIMIT(e)) {
1593  /*
1594  * We'll call the OOS handler at the error exit, so set the
1595  * exhaustion flag for it.
1596  */
1597  exhaustion = 1;
1598  } else {
1599  log_warn(LD_NET,"Socket creation failed: %s.", strerror(e));
1600  }
1601  goto err;
1602  }
1603 
1604  if (bind(s, listensockaddr,
1605  (socklen_t)sizeof(struct sockaddr_un)) == -1) {
1606  log_warn(LD_NET,"Bind to %s failed: %s.", address,
1607  tor_socket_strerror(tor_socket_errno(s)));
1608  goto err;
1609  }
1610 
1611 #ifdef HAVE_PWD_H
1612  if (options->User) {
1613  pw = tor_getpwnam(options->User);
1614  struct stat st;
1615  if (pw == NULL) {
1616  log_warn(LD_NET,"Unable to chown() %s socket: user %s not found.",
1617  address, options->User);
1618  goto err;
1619  } else if (fstat(s, &st) == 0 &&
1620  st.st_uid == pw->pw_uid && st.st_gid == pw->pw_gid) {
1621  /* No change needed */
1622  } else if (chown(sandbox_intern_string(address),
1623  pw->pw_uid, pw->pw_gid) < 0) {
1624  log_warn(LD_NET,"Unable to chown() %s socket: %s.",
1625  address, strerror(errno));
1626  goto err;
1627  }
1628  }
1629 #endif /* defined(HAVE_PWD_H) */
1630 
1631  {
1632  unsigned mode;
1633  const char *status;
1634  struct stat st;
1635  if (port_cfg->is_world_writable) {
1636  mode = 0666;
1637  status = "world-writable";
1638  } else if (port_cfg->is_group_writable) {
1639  mode = 0660;
1640  status = "group-writable";
1641  } else {
1642  mode = 0600;
1643  status = "private";
1644  }
1645  /* We need to use chmod; fchmod doesn't work on sockets on all
1646  * platforms. */
1647  if (fstat(s, &st) == 0 && (st.st_mode & 0777) == mode) {
1648  /* no change needed */
1649  } else if (chmod(sandbox_intern_string(address), mode) < 0) {
1650  log_warn(LD_FS,"Unable to make %s %s.", address, status);
1651  goto err;
1652  }
1653  }
1654 
1655  if (listen(s, SOMAXCONN) < 0) {
1656  log_warn(LD_NET, "Could not listen on %s: %s", address,
1657  tor_socket_strerror(tor_socket_errno(s)));
1658  goto err;
1659  }
1660 
1661 #ifndef __APPLE__
1662  /* This code was introduced to help debug #28229. */
1663  int value;
1664  socklen_t len = sizeof(value);
1665 
1666  if (!getsockopt(s, SOL_SOCKET, SO_ACCEPTCONN, &value, &len)) {
1667  if (value == 0) {
1668  log_err(LD_NET, "Could not listen on %s - "
1669  "getsockopt(.,SO_ACCEPTCONN,.) yields 0.", address);
1670  goto err;
1671  }
1672  }
1673 #endif /* !defined(__APPLE__) */
1674 #endif /* defined(HAVE_SYS_UN_H) */
1675  } else {
1676  log_err(LD_BUG, "Got unexpected address family %d.",
1677  listensockaddr->sa_family);
1678  tor_assert(0);
1679  }
1680 
1681  lis_conn = listener_connection_new(type, listensockaddr->sa_family);
1682  conn = TO_CONN(lis_conn);
1683  conn->socket_family = listensockaddr->sa_family;
1684  conn->s = s;
1685  s = TOR_INVALID_SOCKET; /* Prevent double-close */
1686  conn->address = tor_strdup(address);
1687  conn->port = gotPort;
1688  tor_addr_copy(&conn->addr, &addr);
1689 
1690  memcpy(&lis_conn->entry_cfg, &port_cfg->entry_cfg, sizeof(entry_port_cfg_t));
1691 
1692  if (port_cfg->entry_cfg.isolation_flags) {
1693  lis_conn->entry_cfg.isolation_flags = port_cfg->entry_cfg.isolation_flags;
1694  if (port_cfg->entry_cfg.session_group >= 0) {
1695  lis_conn->entry_cfg.session_group = port_cfg->entry_cfg.session_group;
1696  } else {
1697  /* This can wrap after around INT_MAX listeners are opened. But I don't
1698  * believe that matters, since you would need to open a ridiculous
1699  * number of listeners while keeping the early ones open before you ever
1700  * hit this. An OR with a dozen ports open, for example, would have to
1701  * close and re-open its listeners every second for 4 years nonstop.
1702  */
1703  lis_conn->entry_cfg.session_group = global_next_session_group--;
1704  }
1705  }
1706 
1707  /* Force IPv4 and IPv6 traffic on for non-SOCKSPorts.
1708  * Forcing options on isn't a good idea, see #32994 and #33607. */
1709  if (type != CONN_TYPE_AP_LISTENER) {
1710  lis_conn->entry_cfg.ipv4_traffic = 1;
1711  lis_conn->entry_cfg.ipv6_traffic = 1;
1712  }
1713 
1714  if (connection_add(conn) < 0) { /* no space, forget it */
1715  log_warn(LD_NET,"connection_add for listener failed. Giving up.");
1716  goto err;
1717  }
1718 
1719  log_fn(usePort==gotPort ? LOG_DEBUG : LOG_NOTICE, LD_NET,
1720  "%s listening on port %u.",
1721  conn_type_to_string(type), gotPort);
1722 
1723  conn->state = LISTENER_STATE_READY;
1724  if (start_reading) {
1726  } else {
1729  }
1730 
1731  /*
1732  * Normal exit; call the OOS handler since connection count just changed;
1733  * the exhaustion flag will always be zero here though.
1734  */
1736 
1737  log_notice(LD_NET, "Opened %s", connection_describe(conn));
1738 
1739  return conn;
1740 
1741  err:
1742  if (SOCKET_OK(s))
1743  tor_close_socket(s);
1744  if (conn)
1745  connection_free(conn);
1746 
1747  /* Call the OOS handler, indicate if we saw an exhaustion-related error */
1749 
1750  return NULL;
1751 }
1752 
1753 /**
1754  * Create a new listener connection for a given <b>port</b>. In case we
1755  * for a reason that is not an error condition, set <b>defer</b>
1756  * to true. If we cannot bind listening socket because address is already
1757  * in use, set <b>addr_in_use</b> to true.
1758  */
1759 static connection_t *
1761  int *defer, int *addr_in_use)
1762 {
1763  connection_t *conn;
1764  struct sockaddr *listensockaddr;
1765  socklen_t listensocklen = 0;
1766  char *address=NULL;
1767  int real_port = port->port == CFG_AUTO_PORT ? 0 : port->port;
1768  tor_assert(real_port <= UINT16_MAX);
1769 
1770  if (defer)
1771  *defer = 0;
1772 
1773  if (port->server_cfg.no_listen) {
1774  if (defer)
1775  *defer = 1;
1776  return NULL;
1777  }
1778 
1779 #ifndef _WIN32
1780  /* We don't need to be root to create a UNIX socket, so defer until after
1781  * setuid. */
1782  const or_options_t *options = get_options();
1783  if (port->is_unix_addr && !geteuid() && (options->User) &&
1784  strcmp(options->User, "root")) {
1785  if (defer)
1786  *defer = 1;
1787  return NULL;
1788  }
1789 #endif /* !defined(_WIN32) */
1790 
1791  if (port->is_unix_addr) {
1792  listensockaddr = (struct sockaddr *)
1793  create_unix_sockaddr(port->unix_addr,
1794  &address, &listensocklen);
1795  } else {
1796  listensockaddr = tor_malloc(sizeof(struct sockaddr_storage));
1797  listensocklen = tor_addr_to_sockaddr(&port->addr,
1798  real_port,
1799  listensockaddr,
1800  sizeof(struct sockaddr_storage));
1801  address = tor_addr_to_str_dup(&port->addr);
1802  }
1803 
1804  if (listensockaddr) {
1805  conn = connection_listener_new(listensockaddr, listensocklen,
1806  port->type, address, port,
1807  addr_in_use);
1808  tor_free(listensockaddr);
1809  tor_free(address);
1810  } else {
1811  conn = NULL;
1812  }
1813 
1814  return conn;
1815 }
1816 
1817 /** Do basic sanity checking on a newly received socket. Return 0
1818  * if it looks ok, else return -1.
1819  *
1820  * Notably, some TCP stacks can erroneously have accept() return successfully
1821  * with socklen 0, when the client sends an RST before the accept call (as
1822  * nmap does). We want to detect that, and not go on with the connection.
1823  */
1824 static int
1825 check_sockaddr(const struct sockaddr *sa, int len, int level)
1826 {
1827  int ok = 1;
1828 
1829  if (sa->sa_family == AF_INET) {
1830  struct sockaddr_in *sin=(struct sockaddr_in*)sa;
1831  if (len != sizeof(struct sockaddr_in)) {
1832  log_fn(level, LD_NET, "Length of address not as expected: %d vs %d",
1833  len,(int)sizeof(struct sockaddr_in));
1834  ok = 0;
1835  }
1836  if (sin->sin_addr.s_addr == 0 || sin->sin_port == 0) {
1837  log_fn(level, LD_NET,
1838  "Address for new connection has address/port equal to zero.");
1839  ok = 0;
1840  }
1841  } else if (sa->sa_family == AF_INET6) {
1842  struct sockaddr_in6 *sin6=(struct sockaddr_in6*)sa;
1843  if (len != sizeof(struct sockaddr_in6)) {
1844  log_fn(level, LD_NET, "Length of address not as expected: %d vs %d",
1845  len,(int)sizeof(struct sockaddr_in6));
1846  ok = 0;
1847  }
1848  if (fast_mem_is_zero((void*)sin6->sin6_addr.s6_addr, 16) ||
1849  sin6->sin6_port == 0) {
1850  log_fn(level, LD_NET,
1851  "Address for new connection has address/port equal to zero.");
1852  ok = 0;
1853  }
1854  } else if (sa->sa_family == AF_UNIX) {
1855  ok = 1;
1856  } else {
1857  ok = 0;
1858  }
1859  return ok ? 0 : -1;
1860 }
1861 
1862 /** Check whether the socket family from an accepted socket <b>got</b> is the
1863  * same as the one that <b>listener</b> is waiting for. If it isn't, log
1864  * a useful message and return -1. Else return 0.
1865  *
1866  * This is annoying, but can apparently happen on some Darwins. */
1867 static int
1869 {
1870  if (got != listener->socket_family) {
1871  log_info(LD_BUG, "A listener connection returned a socket with a "
1872  "mismatched family. %s for addr_family %d gave us a socket "
1873  "with address family %d. Dropping.",
1874  conn_type_to_string(listener->type),
1875  (int)listener->socket_family,
1876  (int)got);
1877  return -1;
1878  }
1879  return 0;
1880 }
1881 
1882 /** The listener connection <b>conn</b> told poll() it wanted to read.
1883  * Call accept() on conn->s, and add the new connection if necessary.
1884  */
1885 static int
1887 {
1888  tor_socket_t news; /* the new socket */
1889  connection_t *newconn = 0;
1890  /* information about the remote peer when connecting to other routers */
1891  struct sockaddr_storage addrbuf;
1892  struct sockaddr *remote = (struct sockaddr*)&addrbuf;
1893  /* length of the remote address. Must be whatever accept() needs. */
1894  socklen_t remotelen = (socklen_t)sizeof(addrbuf);
1895  const or_options_t *options = get_options();
1896 
1897  tor_assert((size_t)remotelen >= sizeof(struct sockaddr_in));
1898  memset(&addrbuf, 0, sizeof(addrbuf));
1899 
1900  news = tor_accept_socket_nonblocking(conn->s,remote,&remotelen);
1901  if (!SOCKET_OK(news)) { /* accept() error */
1902  int e = tor_socket_errno(conn->s);
1903  if (ERRNO_IS_ACCEPT_EAGAIN(e)) {
1904  /*
1905  * they hung up before we could accept(). that's fine.
1906  *
1907  * give the OOS handler a chance to run though
1908  */
1910  return 0;
1911  } else if (ERRNO_IS_RESOURCE_LIMIT(e)) {
1913  /* Exhaustion; tell the OOS handler */
1915  return 0;
1916  }
1917  /* else there was a real error. */
1918  log_warn(LD_NET,"accept() failed: %s. Closing listener.",
1919  tor_socket_strerror(e));
1920  connection_mark_for_close(conn);
1921  /* Tell the OOS handler about this too */
1923  return -1;
1924  }
1925  log_debug(LD_NET,
1926  "Connection accepted on socket %d (child of fd %d).",
1927  (int)news,(int)conn->s);
1928 
1929  /* We accepted a new conn; run OOS handler */
1931 
1932  if (make_socket_reuseable(news) < 0) {
1933  if (tor_socket_errno(news) == EINVAL) {
1934  /* This can happen on OSX if we get a badly timed shutdown. */
1935  log_debug(LD_NET, "make_socket_reuseable returned EINVAL");
1936  } else {
1937  log_warn(LD_NET, "Error setting SO_REUSEADDR flag on %s: %s",
1938  conn_type_to_string(new_type),
1939  tor_socket_strerror(errno));
1940  }
1941  tor_close_socket(news);
1942  return 0;
1943  }
1944 
1945  if (options->ConstrainedSockets)
1947 
1948  if (check_sockaddr_family_match(remote->sa_family, conn) < 0) {
1949  tor_close_socket(news);
1950  return 0;
1951  }
1952 
1953  if (conn->socket_family == AF_INET || conn->socket_family == AF_INET6 ||
1954  (conn->socket_family == AF_UNIX && new_type == CONN_TYPE_AP)) {
1955  tor_addr_t addr;
1956  uint16_t port;
1957  if (check_sockaddr(remote, remotelen, LOG_INFO)<0) {
1958  log_info(LD_NET,
1959  "accept() returned a strange address; closing connection.");
1960  tor_close_socket(news);
1961  return 0;
1962  }
1963 
1964  tor_addr_from_sockaddr(&addr, remote, &port);
1965 
1966  /* process entrance policies here, before we even create the connection */
1967  if (new_type == CONN_TYPE_AP) {
1968  /* check sockspolicy to see if we should accept it */
1969  if (socks_policy_permits_address(&addr) == 0) {
1970  log_notice(LD_APP,
1971  "Denying socks connection from untrusted address %s.",
1972  fmt_and_decorate_addr(&addr));
1973  tor_close_socket(news);
1974  return 0;
1975  }
1976  }
1977  if (new_type == CONN_TYPE_DIR) {
1978  /* check dirpolicy to see if we should accept it */
1979  if (dir_policy_permits_address(&addr) == 0) {
1980  log_notice(LD_DIRSERV,"Denying dir connection from address %s.",
1981  fmt_and_decorate_addr(&addr));
1982  tor_close_socket(news);
1983  return 0;
1984  }
1985  }
1986  if (new_type == CONN_TYPE_OR) {
1987  /* Assess with the connection DoS mitigation subsystem if this address
1988  * can open a new connection. */
1989  if (dos_conn_addr_get_defense_type(&addr) == DOS_CONN_DEFENSE_CLOSE) {
1990  tor_close_socket(news);
1991  return 0;
1992  }
1993  }
1994 
1995  newconn = connection_new(new_type, conn->socket_family);
1996  newconn->s = news;
1997 
1998  /* remember the remote address */
1999  tor_addr_copy(&newconn->addr, &addr);
2000  if (new_type == CONN_TYPE_AP && conn->socket_family == AF_UNIX) {
2001  newconn->port = 0;
2002  newconn->address = tor_strdup(conn->address);
2003  } else {
2004  newconn->port = port;
2005  newconn->address = tor_addr_to_str_dup(&addr);
2006  }
2007 
2008  if (new_type == CONN_TYPE_AP && conn->socket_family != AF_UNIX) {
2009  log_info(LD_NET, "New SOCKS connection opened from %s.",
2010  fmt_and_decorate_addr(&addr));
2011  }
2012  if (new_type == CONN_TYPE_AP && conn->socket_family == AF_UNIX) {
2013  log_info(LD_NET, "New SOCKS AF_UNIX connection opened");
2014  }
2015  if (new_type == CONN_TYPE_CONTROL) {
2016  log_notice(LD_CONTROL, "New control connection opened from %s.",
2017  fmt_and_decorate_addr(&addr));
2018  }
2019 
2020  } else if (conn->socket_family == AF_UNIX && conn->type != CONN_TYPE_AP) {
2022  tor_assert(new_type == CONN_TYPE_CONTROL);
2023  log_notice(LD_CONTROL, "New control connection opened.");
2024 
2025  newconn = connection_new(new_type, conn->socket_family);
2026  newconn->s = news;
2027 
2028  /* remember the remote address -- do we have anything sane to put here? */
2029  tor_addr_make_unspec(&newconn->addr);
2030  newconn->port = 1;
2031  newconn->address = tor_strdup(conn->address);
2032  } else {
2033  tor_assert(0);
2034  };
2035 
2036  if (connection_add(newconn) < 0) { /* no space, forget it */
2037  connection_free(newconn);
2038  return 0; /* no need to tear down the parent */
2039  }
2040 
2041  if (connection_init_accepted_conn(newconn, TO_LISTENER_CONN(conn)) < 0) {
2042  if (! newconn->marked_for_close)
2043  connection_mark_for_close(newconn);
2044  return 0;
2045  }
2046 
2047  note_connection(true /* inbound */, conn->socket_family);
2048 
2049  return 0;
2050 }
2051 
2052 /** Initialize states for newly accepted connection <b>conn</b>.
2053  *
2054  * If conn is an OR, start the TLS handshake.
2055  *
2056  * If conn is a transparent AP, get its original destination
2057  * and place it in circuit_wait.
2058  *
2059  * The <b>listener</b> parameter is only used for AP connections.
2060  */
2061 int
2063  const listener_connection_t *listener)
2064 {
2065  int rv;
2066 
2068 
2069  switch (conn->type) {
2070  case CONN_TYPE_EXT_OR:
2071  /* Initiate Extended ORPort authentication. */
2073  case CONN_TYPE_OR:
2074  connection_or_event_status(TO_OR_CONN(conn), OR_CONN_EVENT_NEW, 0);
2076  if (rv < 0) {
2078  }
2079  return rv;
2080  break;
2081  case CONN_TYPE_AP:
2082  memcpy(&TO_ENTRY_CONN(conn)->entry_cfg, &listener->entry_cfg,
2083  sizeof(entry_port_cfg_t));
2085  TO_ENTRY_CONN(conn)->socks_request->listener_type = listener->base_.type;
2086 
2087  /* Any incoming connection on an entry port counts as user activity. */
2089 
2090  switch (TO_CONN(listener)->type) {
2091  case CONN_TYPE_AP_LISTENER:
2094  listener->entry_cfg.socks_prefer_no_auth;
2096  listener->entry_cfg.extended_socks5_codes;
2097  break;
2099  TO_ENTRY_CONN(conn)->is_transparent_ap = 1;
2100  /* XXXX028 -- is this correct still, with the addition of
2101  * pending_entry_connections ? */
2105  TO_ENTRY_CONN(conn)->is_transparent_ap = 1;
2107  break;
2110  }
2111  break;
2112  case CONN_TYPE_DIR:
2113  conn->purpose = DIR_PURPOSE_SERVER;
2115  break;
2116  case CONN_TYPE_CONTROL:
2118  break;
2119  }
2120  return 0;
2121 }
2122 
2123 /** Take conn, make a nonblocking socket; try to connect to
2124  * sa, binding to bindaddr if sa is not localhost. If fail, return -1 and if
2125  * applicable put your best guess about errno into *<b>socket_error</b>.
2126  * If connected return 1, if EAGAIN return 0.
2127  */
2128 MOCK_IMPL(STATIC int,
2130  const struct sockaddr *sa,
2131  socklen_t sa_len,
2132  const struct sockaddr *bindaddr,
2133  socklen_t bindaddr_len,
2134  int *socket_error))
2135 {
2136  tor_socket_t s;
2137  int inprogress = 0;
2138  const or_options_t *options = get_options();
2139 
2140  tor_assert(conn);
2141  tor_assert(sa);
2142  tor_assert(socket_error);
2143 
2145  /* We should never even try to connect anyplace if the network is
2146  * completely shut off.
2147  *
2148  * (We don't check net_is_disabled() here, since we still sometimes
2149  * want to open connections when we're in soft hibernation.)
2150  */
2151  static ratelim_t disablenet_violated = RATELIM_INIT(30*60);
2152  *socket_error = SOCK_ERRNO(ENETUNREACH);
2153  log_fn_ratelim(&disablenet_violated, LOG_WARN, LD_BUG,
2154  "Tried to open a socket with DisableNetwork set.");
2156  return -1;
2157  }
2158 
2159  const int protocol_family = sa->sa_family;
2160  const int proto = (sa->sa_family == AF_INET6 ||
2161  sa->sa_family == AF_INET) ? IPPROTO_TCP : 0;
2162 
2163  s = tor_open_socket_nonblocking(protocol_family, SOCK_STREAM, proto);
2164  if (! SOCKET_OK(s)) {
2165  /*
2166  * Early OOS handler calls; it matters if it's an exhaustion-related
2167  * error or not.
2168  */
2169  *socket_error = tor_socket_errno(s);
2170  if (ERRNO_IS_RESOURCE_LIMIT(*socket_error)) {
2173  } else {
2174  log_warn(LD_NET,"Error creating network socket: %s",
2175  tor_socket_strerror(*socket_error));
2177  }
2178  return -1;
2179  }
2180 
2181  if (make_socket_reuseable(s) < 0) {
2182  log_warn(LD_NET, "Error setting SO_REUSEADDR flag on new connection: %s",
2183  tor_socket_strerror(errno));
2184  }
2185 
2186  /*
2187  * We've got the socket open; give the OOS handler a chance to check
2188  * against configured maximum socket number, but tell it no exhaustion
2189  * failure.
2190  */
2192 
2193  if (bindaddr && bind(s, bindaddr, bindaddr_len) < 0) {
2194  *socket_error = tor_socket_errno(s);
2195  log_warn(LD_NET,"Error binding network socket: %s",
2196  tor_socket_strerror(*socket_error));
2197  tor_close_socket(s);
2198  return -1;
2199  }
2200 
2201  tor_assert(options);
2202  if (options->ConstrainedSockets)
2204 
2205  if (connect(s, sa, sa_len) < 0) {
2206  int e = tor_socket_errno(s);
2207  if (!ERRNO_IS_CONN_EINPROGRESS(e)) {
2208  /* yuck. kill it. */
2209  *socket_error = e;
2210  log_info(LD_NET,
2211  "connect() to socket failed: %s",
2212  tor_socket_strerror(e));
2213  tor_close_socket(s);
2214  return -1;
2215  } else {
2216  inprogress = 1;
2217  }
2218  }
2219 
2220  note_connection(false /* outbound */, conn->socket_family);
2221 
2222  /* it succeeded. we're connected. */
2223  log_fn(inprogress ? LOG_DEBUG : LOG_INFO, LD_NET,
2224  "Connection to socket %s (sock "TOR_SOCKET_T_FORMAT").",
2225  inprogress ? "in progress" : "established", s);
2226  conn->s = s;
2227  if (connection_add_connecting(conn) < 0) {
2228  /* no space, forget it */
2229  *socket_error = SOCK_ERRNO(ENOBUFS);
2230  return -1;
2231  }
2232 
2233  return inprogress ? 0 : 1;
2234 }
2235 
2236 /* Log a message if connection attempt is made when IPv4 or IPv6 is disabled.
2237  * Log a less severe message if we couldn't conform to ClientPreferIPv6ORPort
2238  * or ClientPreferIPv6ORPort. */
2239 static void
2240 connection_connect_log_client_use_ip_version(const connection_t *conn)
2241 {
2242  const or_options_t *options = get_options();
2243 
2244  /* Only clients care about ClientUseIPv4/6, bail out early on servers, and
2245  * on connections we don't care about */
2246  if (server_mode(options) || !conn || conn->type == CONN_TYPE_EXIT) {
2247  return;
2248  }
2249 
2250  /* We're only prepared to log OR and DIR connections here */
2251  if (conn->type != CONN_TYPE_OR && conn->type != CONN_TYPE_DIR) {
2252  return;
2253  }
2254 
2255  const int must_ipv4 = !reachable_addr_use_ipv6(options);
2256  const int must_ipv6 = (options->ClientUseIPv4 == 0);
2257  const int pref_ipv6 = (conn->type == CONN_TYPE_OR
2260  tor_addr_t real_addr;
2261  tor_addr_copy(&real_addr, &conn->addr);
2262 
2263  /* Check if we broke a mandatory address family restriction */
2264  if ((must_ipv4 && tor_addr_family(&real_addr) == AF_INET6)
2265  || (must_ipv6 && tor_addr_family(&real_addr) == AF_INET)) {
2266  static int logged_backtrace = 0;
2267  log_info(LD_BUG, "Outgoing %s connection to %s violated ClientUseIPv%s 0.",
2268  conn->type == CONN_TYPE_OR ? "OR" : "Dir",
2269  fmt_addr(&real_addr),
2270  options->ClientUseIPv4 == 0 ? "4" : "6");
2271  if (!logged_backtrace) {
2272  log_backtrace(LOG_INFO, LD_BUG, "Address came from");
2273  logged_backtrace = 1;
2274  }
2275  }
2276 
2277  /* Bridges are allowed to break IPv4/IPv6 ORPort preferences to connect to
2278  * the node's configured address when ClientPreferIPv6ORPort is auto */
2279  if (options->UseBridges && conn->type == CONN_TYPE_OR
2280  && options->ClientPreferIPv6ORPort == -1) {
2281  return;
2282  }
2283 
2284  if (reachable_addr_use_ipv6(options)) {
2285  log_info(LD_NET, "Our outgoing connection is using IPv%d.",
2286  tor_addr_family(&real_addr) == AF_INET6 ? 6 : 4);
2287  }
2288 
2289  /* Check if we couldn't satisfy an address family preference */
2290  if ((!pref_ipv6 && tor_addr_family(&real_addr) == AF_INET6)
2291  || (pref_ipv6 && tor_addr_family(&real_addr) == AF_INET)) {
2292  log_info(LD_NET, "Outgoing connection to %s doesn't satisfy "
2293  "ClientPreferIPv6%sPort %d, with ClientUseIPv4 %d, and "
2294  "reachable_addr_use_ipv6 %d (ClientUseIPv6 %d and UseBridges "
2295  "%d).",
2296  fmt_addr(&real_addr),
2297  conn->type == CONN_TYPE_OR ? "OR" : "Dir",
2298  conn->type == CONN_TYPE_OR ? options->ClientPreferIPv6ORPort
2299  : options->ClientPreferIPv6DirPort,
2300  options->ClientUseIPv4, reachable_addr_use_ipv6(options),
2301  options->ClientUseIPv6, options->UseBridges);
2302  }
2303 }
2304 
2305 /** Retrieve the outbound address depending on the protocol (IPv4 or IPv6)
2306  * and the connection type (relay, exit, ...)
2307  * Return a socket address or NULL in case nothing is configured.
2308  **/
2309 const tor_addr_t *
2311  const or_options_t *options, unsigned int conn_type)
2312 {
2313  const tor_addr_t *ext_addr = NULL;
2314 
2315  int fam_index;
2316  switch (family) {
2317  case AF_INET:
2318  fam_index = 0;
2319  break;
2320  case AF_INET6:
2321  fam_index = 1;
2322  break;
2323  default:
2324  return NULL;
2325  }
2326 
2327  // If an exit connection, use the exit address (if present)
2328  if (conn_type == CONN_TYPE_EXIT) {
2329  if (!tor_addr_is_null(
2330  &options->OutboundBindAddresses[OUTBOUND_ADDR_EXIT][fam_index])) {
2331  ext_addr = &options->OutboundBindAddresses[OUTBOUND_ADDR_EXIT]
2332  [fam_index];
2333  } else if (!tor_addr_is_null(
2335  [fam_index])) {
2336  ext_addr = &options->OutboundBindAddresses[OUTBOUND_ADDR_ANY]
2337  [fam_index];
2338  }
2339  } else { // All non-exit connections
2340  if (!tor_addr_is_null(
2341  &options->OutboundBindAddresses[OUTBOUND_ADDR_OR][fam_index])) {
2342  ext_addr = &options->OutboundBindAddresses[OUTBOUND_ADDR_OR]
2343  [fam_index];
2344  } else if (!tor_addr_is_null(
2346  [fam_index])) {
2347  ext_addr = &options->OutboundBindAddresses[OUTBOUND_ADDR_ANY]
2348  [fam_index];
2349  }
2350  }
2351  return ext_addr;
2352 }
2353 
2354 /** Take conn, make a nonblocking socket; try to connect to
2355  * addr:port (port arrives in *host order*). If fail, return -1 and if
2356  * applicable put your best guess about errno into *<b>socket_error</b>.
2357  * Else assign s to conn->s: if connected return 1, if EAGAIN return 0.
2358  *
2359  * addr:port can be different to conn->addr:conn->port if connecting through
2360  * a proxy.
2361  *
2362  * address is used to make the logs useful.
2363  *
2364  * On success, add conn to the list of polled connections.
2365  */
2366 int
2367 connection_connect(connection_t *conn, const char *address,
2368  const tor_addr_t *addr, uint16_t port, int *socket_error)
2369 {
2370  struct sockaddr_storage addrbuf;
2371  struct sockaddr_storage bind_addr_ss;
2372  struct sockaddr *bind_addr = NULL;
2373  struct sockaddr *dest_addr;
2374  int dest_addr_len, bind_addr_len = 0;
2375 
2376  /* Log if we didn't stick to ClientUseIPv4/6 or ClientPreferIPv6OR/DirPort
2377  */
2378  connection_connect_log_client_use_ip_version(conn);
2379 
2380  if (!tor_addr_is_loopback(addr)) {
2381  const tor_addr_t *ext_addr = NULL;
2383  conn->type);
2384  if (ext_addr) {
2385  memset(&bind_addr_ss, 0, sizeof(bind_addr_ss));
2386  bind_addr_len = tor_addr_to_sockaddr(ext_addr, 0,
2387  (struct sockaddr *) &bind_addr_ss,
2388  sizeof(bind_addr_ss));
2389  if (bind_addr_len == 0) {
2390  log_warn(LD_NET,
2391  "Error converting OutboundBindAddress %s into sockaddr. "
2392  "Ignoring.", fmt_and_decorate_addr(ext_addr));
2393  } else {
2394  bind_addr = (struct sockaddr *)&bind_addr_ss;
2395  }
2396  }
2397  }
2398 
2399  memset(&addrbuf,0,sizeof(addrbuf));
2400  dest_addr = (struct sockaddr*) &addrbuf;
2401  dest_addr_len = tor_addr_to_sockaddr(addr, port, dest_addr, sizeof(addrbuf));
2402  tor_assert(dest_addr_len > 0);
2403 
2404  log_debug(LD_NET, "Connecting to %s:%u.",
2405  escaped_safe_str_client(address), port);
2406 
2407  return connection_connect_sockaddr(conn, dest_addr, dest_addr_len,
2408  bind_addr, bind_addr_len, socket_error);
2409 }
2410 
2411 #ifdef HAVE_SYS_UN_H
2412 
2413 /** Take conn, make a nonblocking socket; try to connect to
2414  * an AF_UNIX socket at socket_path. If fail, return -1 and if applicable
2415  * put your best guess about errno into *<b>socket_error</b>. Else assign s
2416  * to conn->s: if connected return 1, if EAGAIN return 0.
2417  *
2418  * On success, add conn to the list of polled connections.
2419  */
2420 int
2421 connection_connect_unix(connection_t *conn, const char *socket_path,
2422  int *socket_error)
2423 {
2424  struct sockaddr_un dest_addr;
2425 
2426  tor_assert(socket_path);
2427 
2428  /* Check that we'll be able to fit it into dest_addr later */
2429  if (strlen(socket_path) + 1 > sizeof(dest_addr.sun_path)) {
2430  log_warn(LD_NET,
2431  "Path %s is too long for an AF_UNIX socket\n",
2432  escaped_safe_str_client(socket_path));
2433  *socket_error = SOCK_ERRNO(ENAMETOOLONG);
2434  return -1;
2435  }
2436 
2437  memset(&dest_addr, 0, sizeof(dest_addr));
2438  dest_addr.sun_family = AF_UNIX;
2439  strlcpy(dest_addr.sun_path, socket_path, sizeof(dest_addr.sun_path));
2440 
2441  log_debug(LD_NET,
2442  "Connecting to AF_UNIX socket at %s.",
2443  escaped_safe_str_client(socket_path));
2444 
2445  return connection_connect_sockaddr(conn,
2446  (struct sockaddr *)&dest_addr, sizeof(dest_addr),
2447  NULL, 0, socket_error);
2448 }
2449 
2450 #endif /* defined(HAVE_SYS_UN_H) */
2451 
2452 /** Convert state number to string representation for logging purposes.
2453  */
2454 static const char *
2456 {
2457  static const char *unknown = "???";
2458  static const char *states[] = {
2459  "PROXY_NONE",
2460  "PROXY_INFANT",
2461  "PROXY_HTTPS_WANT_CONNECT_OK",
2462  "PROXY_SOCKS4_WANT_CONNECT_OK",
2463  "PROXY_SOCKS5_WANT_AUTH_METHOD_NONE",
2464  "PROXY_SOCKS5_WANT_AUTH_METHOD_RFC1929",
2465  "PROXY_SOCKS5_WANT_AUTH_RFC1929_OK",
2466  "PROXY_SOCKS5_WANT_CONNECT_OK",
2467  "PROXY_HAPROXY_WAIT_FOR_FLUSH",
2468  "PROXY_CONNECTED",
2469  };
2470 
2471  CTASSERT(ARRAY_LENGTH(states) == PROXY_CONNECTED+1);
2472 
2473  if (state < PROXY_NONE || state > PROXY_CONNECTED)
2474  return unknown;
2475 
2476  return states[state];
2477 }
2478 
2479 /** Returns the proxy type used by tor for a single connection, for
2480  * logging or high-level purposes. Don't use it to fill the
2481  * <b>proxy_type</b> field of or_connection_t; use the actual proxy
2482  * protocol instead.*/
2483 static int
2485 {
2486  const or_options_t *options = get_options();
2487 
2488  if (options->ClientTransportPlugin) {
2489  /* If we have plugins configured *and* this addr/port is a known bridge
2490  * with a transport, then we should be PROXY_PLUGGABLE. */
2491  const transport_t *transport = NULL;
2492  int r;
2493  r = get_transport_by_bridge_addrport(&conn->addr, conn->port, &transport);
2494  if (r == 0 && transport)
2495  return PROXY_PLUGGABLE;
2496  }
2497 
2498  /* In all other cases, we're using a global proxy. */
2499  if (options->HTTPSProxy)
2500  return PROXY_CONNECT;
2501  else if (options->Socks4Proxy)
2502  return PROXY_SOCKS4;
2503  else if (options->Socks5Proxy)
2504  return PROXY_SOCKS5;
2505  else if (options->TCPProxy) {
2506  /* The only supported protocol in TCPProxy is haproxy. */
2508  return PROXY_HAPROXY;
2509  } else
2510  return PROXY_NONE;
2511 }
2512 
2513 /* One byte for the version, one for the command, two for the
2514  port, and four for the addr... and, one more for the
2515  username NUL: */
2516 #define SOCKS4_STANDARD_BUFFER_SIZE (1 + 1 + 2 + 4 + 1)
2517 
2518 /** Write a proxy request of https to conn for conn->addr:conn->port,
2519  * authenticating with the auth details given in the configuration
2520  * (if available).
2521  *
2522  * Returns -1 if conn->addr is incompatible with the proxy protocol, and
2523  * 0 otherwise.
2524  */
2525 static int
2527 {
2528  tor_assert(conn);
2529 
2530  const or_options_t *options = get_options();
2531  char buf[1024];
2532  char *base64_authenticator = NULL;
2533  const char *authenticator = options->HTTPSProxyAuthenticator;
2534 
2535  /* Send HTTP CONNECT and authentication (if available) in
2536  * one request */
2537 
2538  if (authenticator) {
2539  base64_authenticator = alloc_http_authenticator(authenticator);
2540  if (!base64_authenticator)
2541  log_warn(LD_OR, "Encoding https authenticator failed");
2542  }
2543 
2544  if (base64_authenticator) {
2545  const char *addrport = fmt_addrport(&conn->addr, conn->port);
2546  tor_snprintf(buf, sizeof(buf), "CONNECT %s HTTP/1.1\r\n"
2547  "Host: %s\r\n"
2548  "Proxy-Authorization: Basic %s\r\n\r\n",
2549  addrport,
2550  addrport,
2551  base64_authenticator);
2552  tor_free(base64_authenticator);
2553  } else {
2554  tor_snprintf(buf, sizeof(buf), "CONNECT %s HTTP/1.0\r\n\r\n",
2555  fmt_addrport(&conn->addr, conn->port));
2556  }
2557 
2558  connection_buf_add(buf, strlen(buf), conn);
2559  conn->proxy_state = PROXY_HTTPS_WANT_CONNECT_OK;
2560 
2561  return 0;
2562 }
2563 
2564 /** Write a proxy request of socks4 to conn for conn->addr:conn->port.
2565  *
2566  * Returns -1 if conn->addr is incompatible with the proxy protocol, and
2567  * 0 otherwise.
2568  */
2569 static int
2571 {
2572  tor_assert(conn);
2573 
2574  unsigned char *buf;
2575  uint16_t portn;
2576  uint32_t ip4addr;
2577  size_t buf_size = 0;
2578  char *socks_args_string = NULL;
2579 
2580  /* Send a SOCKS4 connect request */
2581 
2582  if (tor_addr_family(&conn->addr) != AF_INET) {
2583  log_warn(LD_NET, "SOCKS4 client is incompatible with IPv6");
2584  return -1;
2585  }
2586 
2587  { /* If we are here because we are trying to connect to a
2588  pluggable transport proxy, check if we have any SOCKS
2589  arguments to transmit. If we do, compress all arguments to
2590  a single string in 'socks_args_string': */
2591 
2592  if (conn_get_proxy_type(conn) == PROXY_PLUGGABLE) {
2593  socks_args_string =
2595  if (socks_args_string)
2596  log_debug(LD_NET, "Sending out '%s' as our SOCKS argument string.",
2597  socks_args_string);
2598  }
2599  }
2600 
2601  { /* Figure out the buffer size we need for the SOCKS message: */
2602 
2603  buf_size = SOCKS4_STANDARD_BUFFER_SIZE;
2604 
2605  /* If we have a SOCKS argument string, consider its size when
2606  calculating the buffer size: */
2607  if (socks_args_string)
2608  buf_size += strlen(socks_args_string);
2609  }
2610 
2611  buf = tor_malloc_zero(buf_size);
2612 
2613  ip4addr = tor_addr_to_ipv4n(&conn->addr);
2614  portn = htons(conn->port);
2615 
2616  buf[0] = 4; /* version */
2617  buf[1] = SOCKS_COMMAND_CONNECT; /* command */
2618  memcpy(buf + 2, &portn, 2); /* port */
2619  memcpy(buf + 4, &ip4addr, 4); /* addr */
2620 
2621  /* Next packet field is the userid. If we have pluggable
2622  transport SOCKS arguments, we have to embed them
2623  there. Otherwise, we use an empty userid. */
2624  if (socks_args_string) { /* place the SOCKS args string: */
2625  tor_assert(strlen(socks_args_string) > 0);
2626  tor_assert(buf_size >=
2627  SOCKS4_STANDARD_BUFFER_SIZE + strlen(socks_args_string));
2628  strlcpy((char *)buf + 8, socks_args_string, buf_size - 8);
2629  tor_free(socks_args_string);
2630  } else {
2631  buf[8] = 0; /* no userid */
2632  }
2633 
2634  connection_buf_add((char *)buf, buf_size, conn);
2635  tor_free(buf);
2636 
2637  conn->proxy_state = PROXY_SOCKS4_WANT_CONNECT_OK;
2638  return 0;
2639 }
2640 
2641 /** Write a proxy request of socks5 to conn for conn->addr:conn->port,
2642  * authenticating with the auth details given in the configuration
2643  * (if available).
2644  *
2645  * Returns -1 if conn->addr is incompatible with the proxy protocol, and
2646  * 0 otherwise.
2647  */
2648 static int
2650 {
2651  tor_assert(conn);
2652 
2653  const or_options_t *options = get_options();
2654  unsigned char buf[4]; /* fields: vers, num methods, method list */
2655 
2656  /* Send a SOCKS5 greeting (connect request must wait) */
2657 
2658  buf[0] = 5; /* version */
2659 
2660  /* We have to use SOCKS5 authentication, if we have a
2661  Socks5ProxyUsername or if we want to pass arguments to our
2662  pluggable transport proxy: */
2663  if ((options->Socks5ProxyUsername) ||
2664  (conn_get_proxy_type(conn) == PROXY_PLUGGABLE &&
2665  (get_socks_args_by_bridge_addrport(&conn->addr, conn->port)))) {
2666  /* number of auth methods */
2667  buf[1] = 2;
2668  buf[2] = 0x00; /* no authentication */
2669  buf[3] = 0x02; /* rfc1929 Username/Passwd auth */
2670  conn->proxy_state = PROXY_SOCKS5_WANT_AUTH_METHOD_RFC1929;
2671  } else {
2672  buf[1] = 1;
2673  buf[2] = 0x00; /* no authentication */
2674  conn->proxy_state = PROXY_SOCKS5_WANT_AUTH_METHOD_NONE;
2675  }
2676 
2677  connection_buf_add((char *)buf, 2 + buf[1], conn);
2678  return 0;
2679 }
2680 
2681 /** Write a proxy request of haproxy to conn for conn->addr:conn->port.
2682  *
2683  * Returns -1 if conn->addr is incompatible with the proxy protocol, and
2684  * 0 otherwise.
2685  */
2686 static int
2688 {
2689  int ret = 0;
2690  tor_addr_port_t *addr_port = tor_addr_port_new(&conn->addr, conn->port);
2691  char *buf = haproxy_format_proxy_header_line(addr_port);
2692 
2693  if (buf == NULL) {
2694  ret = -1;
2695  goto done;
2696  }
2697 
2698  connection_buf_add(buf, strlen(buf), conn);
2699  /* In haproxy, we don't have to wait for the response, but we wait for ack.
2700  * So we can set the state to be PROXY_HAPROXY_WAIT_FOR_FLUSH. */
2701  conn->proxy_state = PROXY_HAPROXY_WAIT_FOR_FLUSH;
2702 
2703  ret = 0;
2704  done:
2705  tor_free(buf);
2706  tor_free(addr_port);
2707  return ret;
2708 }
2709 
2710 /** Write a proxy request of <b>type</b> (socks4, socks5, https, haproxy)
2711  * to conn for conn->addr:conn->port, authenticating with the auth details
2712  * given in the configuration (if available). SOCKS 5 and HTTP CONNECT
2713  * proxies support authentication.
2714  *
2715  * Returns -1 if conn->addr is incompatible with the proxy protocol, and
2716  * 0 otherwise.
2717  *
2718  * Use connection_read_proxy_handshake() to complete the handshake.
2719  */
2720 int
2722 {
2723  int ret = 0;
2724 
2725  tor_assert(conn);
2726 
2727  switch (type) {
2728  case PROXY_CONNECT:
2729  ret = connection_https_proxy_connect(conn);
2730  break;
2731 
2732  case PROXY_SOCKS4:
2733  ret = connection_socks4_proxy_connect(conn);
2734  break;
2735 
2736  case PROXY_SOCKS5:
2737  ret = connection_socks5_proxy_connect(conn);
2738  break;
2739 
2740  case PROXY_HAPROXY:
2742  break;
2743 
2744  default:
2745  log_err(LD_BUG, "Invalid proxy protocol, %d", type);
2747  ret = -1;
2748  break;
2749  }
2750 
2751  if (ret == 0) {
2752  log_debug(LD_NET, "set state %s",
2754  }
2755 
2756  return ret;
2757 }
2758 
2759 /** Read conn's inbuf. If the http response from the proxy is all
2760  * here, make sure it's good news, then return 1. If it's bad news,
2761  * return -1. Else return 0 and hope for better luck next time.
2762  */
2763 static int
2765 {
2766  char *headers;
2767  char *reason=NULL;
2768  int status_code;
2769  time_t date_header;
2770 
2771  switch (fetch_from_buf_http(conn->inbuf,
2772  &headers, MAX_HEADERS_SIZE,
2773  NULL, NULL, 10000, 0)) {
2774  case -1: /* overflow */
2775  log_warn(LD_PROTOCOL,
2776  "Your https proxy sent back an oversized response. Closing.");
2777  return -1;
2778  case 0:
2779  log_info(LD_NET,"https proxy response not all here yet. Waiting.");
2780  return 0;
2781  /* case 1, fall through */
2782  }
2783 
2784  if (parse_http_response(headers, &status_code, &date_header,
2785  NULL, &reason) < 0) {
2786  log_warn(LD_NET,
2787  "Unparseable headers from proxy (%s). Closing.",
2788  connection_describe(conn));
2789  tor_free(headers);
2790  return -1;
2791  }
2792  tor_free(headers);
2793  if (!reason) reason = tor_strdup("[no reason given]");
2794 
2795  if (status_code == 200) {
2796  log_info(LD_NET,
2797  "HTTPS connect for %s successful! (200 %s) Starting TLS.",
2798  connection_describe(conn), escaped(reason));
2799  tor_free(reason);
2800  return 1;
2801  }
2802  /* else, bad news on the status code */
2803  switch (status_code) {
2804  case 403:
2805  log_warn(LD_NET,
2806  "The https proxy refused to allow connection to %s "
2807  "(status code %d, %s). Closing.",
2808  conn->address, status_code, escaped(reason));
2809  break;
2810  default:
2811  log_warn(LD_NET,
2812  "The https proxy sent back an unexpected status code %d (%s). "
2813  "Closing.",
2814  status_code, escaped(reason));
2815  break;
2816  }
2817  tor_free(reason);
2818  return -1;
2819 }
2820 
2821 /** Send SOCKS5 CONNECT command to <b>conn</b>, copying <b>conn->addr</b>
2822  * and <b>conn->port</b> into the request.
2823  */
2824 static void
2826 {
2827  unsigned char buf[1024];
2828  size_t reqsize = 6;
2829  uint16_t port = htons(conn->port);
2830 
2831  buf[0] = 5; /* version */
2832  buf[1] = SOCKS_COMMAND_CONNECT; /* command */
2833  buf[2] = 0; /* reserved */
2834 
2835  if (tor_addr_family(&conn->addr) == AF_INET) {
2836  uint32_t addr = tor_addr_to_ipv4n(&conn->addr);
2837 
2838  buf[3] = 1;
2839  reqsize += 4;
2840  memcpy(buf + 4, &addr, 4);
2841  memcpy(buf + 8, &port, 2);
2842  } else { /* AF_INET6 */
2843  buf[3] = 4;
2844  reqsize += 16;
2845  memcpy(buf + 4, tor_addr_to_in6_addr8(&conn->addr), 16);
2846  memcpy(buf + 20, &port, 2);
2847  }
2848 
2849  connection_buf_add((char *)buf, reqsize, conn);
2850 
2851  conn->proxy_state = PROXY_SOCKS5_WANT_CONNECT_OK;
2852 }
2853 
2854 /** Wrapper around fetch_from_buf_socks_client: see that functions
2855  * for documentation of its behavior. */
2856 static int
2858  int state, char **reason)
2859 {
2860  return fetch_from_buf_socks_client(conn->inbuf, state, reason);
2861 }
2862 
2863 /** Call this from connection_*_process_inbuf() to advance the proxy
2864  * handshake.
2865  *
2866  * No matter what proxy protocol is used, if this function returns 1, the
2867  * handshake is complete, and the data remaining on inbuf may contain the
2868  * start of the communication with the requested server.
2869  *
2870  * Returns 0 if the current buffer contains an incomplete response, and -1
2871  * on error.
2872  */
2873 int
2875 {
2876  int ret = 0;
2877  char *reason = NULL;
2878 
2879  log_debug(LD_NET, "enter state %s",
2881 
2882  switch (conn->proxy_state) {
2883  case PROXY_HTTPS_WANT_CONNECT_OK:
2885  if (ret == 1)
2886  conn->proxy_state = PROXY_CONNECTED;
2887  break;
2888 
2889  case PROXY_SOCKS4_WANT_CONNECT_OK:
2891  conn->proxy_state,
2892  &reason);
2893  if (ret == 1)
2894  conn->proxy_state = PROXY_CONNECTED;
2895  break;
2896 
2897  case PROXY_SOCKS5_WANT_AUTH_METHOD_NONE:
2899  conn->proxy_state,
2900  &reason);
2901  /* no auth needed, do connect */
2902  if (ret == 1) {
2904  ret = 0;
2905  }
2906  break;
2907 
2908  case PROXY_SOCKS5_WANT_AUTH_METHOD_RFC1929:
2910  conn->proxy_state,
2911  &reason);
2912 
2913  /* send auth if needed, otherwise do connect */
2914  if (ret == 1) {
2916  ret = 0;
2917  } else if (ret == 2) {
2918  unsigned char buf[1024];
2919  size_t reqsize, usize, psize;
2920  const char *user, *pass;
2921  char *socks_args_string = NULL;
2922 
2923  if (conn_get_proxy_type(conn) == PROXY_PLUGGABLE) {
2924  socks_args_string =
2926  if (!socks_args_string) {
2927  log_warn(LD_NET, "Could not create SOCKS args string for PT.");
2928  ret = -1;
2929  break;
2930  }
2931 
2932  log_debug(LD_NET, "PT SOCKS5 arguments: %s", socks_args_string);
2933  tor_assert(strlen(socks_args_string) > 0);
2934  tor_assert(strlen(socks_args_string) <= MAX_SOCKS5_AUTH_SIZE_TOTAL);
2935 
2936  if (strlen(socks_args_string) > MAX_SOCKS5_AUTH_FIELD_SIZE) {
2937  user = socks_args_string;
2939  pass = socks_args_string + MAX_SOCKS5_AUTH_FIELD_SIZE;
2940  psize = strlen(socks_args_string) - MAX_SOCKS5_AUTH_FIELD_SIZE;
2941  } else {
2942  user = socks_args_string;
2943  usize = strlen(socks_args_string);
2944  pass = "\0";
2945  psize = 1;
2946  }
2947  } else if (get_options()->Socks5ProxyUsername) {
2948  user = get_options()->Socks5ProxyUsername;
2949  pass = get_options()->Socks5ProxyPassword;
2950  tor_assert(user && pass);
2951  usize = strlen(user);
2952  psize = strlen(pass);
2953  } else {
2954  log_err(LD_BUG, "We entered %s for no reason!", __func__);
2956  ret = -1;
2957  break;
2958  }
2959 
2960  /* Username and password lengths should have been checked
2961  above and during torrc parsing. */
2963  psize <= MAX_SOCKS5_AUTH_FIELD_SIZE);
2964  reqsize = 3 + usize + psize;
2965 
2966  buf[0] = 1; /* negotiation version */
2967  buf[1] = usize;
2968  memcpy(buf + 2, user, usize);
2969  buf[2 + usize] = psize;
2970  memcpy(buf + 3 + usize, pass, psize);
2971 
2972  if (socks_args_string)
2973  tor_free(socks_args_string);
2974 
2975  connection_buf_add((char *)buf, reqsize, conn);
2976 
2977  conn->proxy_state = PROXY_SOCKS5_WANT_AUTH_RFC1929_OK;
2978  ret = 0;
2979  }
2980  break;
2981 
2982  case PROXY_SOCKS5_WANT_AUTH_RFC1929_OK:
2984  conn->proxy_state,
2985  &reason);
2986  /* send the connect request */
2987  if (ret == 1) {
2989  ret = 0;
2990  }
2991  break;
2992 
2993  case PROXY_SOCKS5_WANT_CONNECT_OK:
2995  conn->proxy_state,
2996  &reason);
2997  if (ret == 1)
2998  conn->proxy_state = PROXY_CONNECTED;
2999  break;
3000 
3001  default:
3002  log_err(LD_BUG, "Invalid proxy_state for reading, %d",
3003  conn->proxy_state);
3005  ret = -1;
3006  break;
3007  }
3008 
3009  log_debug(LD_NET, "leaving state %s",
3011 
3012  if (ret < 0) {
3013  if (reason) {
3014  log_warn(LD_NET, "Proxy Client: unable to connect %s (%s)",
3015  connection_describe(conn), escaped(reason));
3016  tor_free(reason);
3017  } else {
3018  log_warn(LD_NET, "Proxy Client: unable to connect %s",
3019  connection_describe(conn));
3020  }
3021  } else if (ret == 1) {
3022  log_info(LD_NET, "Proxy Client: %s successful",
3023  connection_describe(conn));
3024  }
3025 
3026  return ret;
3027 }
3028 
3029 /** Given a list of listener connections in <b>old_conns</b>, and list of
3030  * port_cfg_t entries in <b>ports</b>, open a new listener for every port in
3031  * <b>ports</b> that does not already have a listener in <b>old_conns</b>.
3032  *
3033  * Remove from <b>old_conns</b> every connection that has a corresponding
3034  * entry in <b>ports</b>. Add to <b>new_conns</b> new every connection we
3035  * launch. If we may need to perform socket rebind when creating new
3036  * listener that replaces old one, create a <b>listener_replacement_t</b>
3037  * struct for affected pair and add it to <b>replacements</b>.
3038  *
3039  * If <b>control_listeners_only</b> is true, then we only open control
3040  * listeners, and we do not remove any noncontrol listeners from
3041  * old_conns.
3042  *
3043  * Return 0 on success, -1 on failure.
3044  **/
3045 static int
3047  const smartlist_t *ports,
3048  smartlist_t *new_conns,
3049  smartlist_t *replacements,
3050  int control_listeners_only)
3051 {
3052 #ifndef ENABLE_LISTENER_REBIND
3053  (void)replacements;
3054 #endif
3055 
3056  smartlist_t *launch = smartlist_new();
3057  int r = 0;
3058 
3059  if (control_listeners_only) {
3060  SMARTLIST_FOREACH(ports, port_cfg_t *, p, {
3061  if (p->type == CONN_TYPE_CONTROL_LISTENER)
3062  smartlist_add(launch, p);
3063  });
3064  } else {
3065  smartlist_add_all(launch, ports);
3066  }
3067 
3068  /* Iterate through old_conns, comparing it to launch: remove from both lists
3069  * each pair of elements that corresponds to the same port. */
3070  SMARTLIST_FOREACH_BEGIN(old_conns, connection_t *, conn) {
3071  const port_cfg_t *found_port = NULL;
3072 
3073  /* Okay, so this is a listener. Is it configured? */
3074  /* That is, is it either: 1) exact match - address and port
3075  * pair match exactly between old listener and new port; or 2)
3076  * wildcard match - port matches exactly, but *one* of the
3077  * addresses is wildcard (0.0.0.0 or ::)?
3078  */
3079  SMARTLIST_FOREACH_BEGIN(launch, const port_cfg_t *, wanted) {
3080  if (conn->type != wanted->type)
3081  continue;
3082  if ((conn->socket_family != AF_UNIX && wanted->is_unix_addr) ||
3083  (conn->socket_family == AF_UNIX && ! wanted->is_unix_addr))
3084  continue;
3085 
3086  if (wanted->server_cfg.no_listen)
3087  continue; /* We don't want to open a listener for this one */
3088 
3089  if (wanted->is_unix_addr) {
3090  if (conn->socket_family == AF_UNIX &&
3091  !strcmp(wanted->unix_addr, conn->address)) {
3092  found_port = wanted;
3093  break;
3094  }
3095  } else {
3096  /* Numeric values of old and new port match exactly. */
3097  const int port_matches_exact = (wanted->port == conn->port);
3098  /* Ports match semantically - either their specific values
3099  match exactly, or new port is 'auto'.
3100  */
3101  const int port_matches = (wanted->port == CFG_AUTO_PORT ||
3102  port_matches_exact);
3103 
3104  if (port_matches && tor_addr_eq(&wanted->addr, &conn->addr)) {
3105  found_port = wanted;
3106  break;
3107  }
3108 #ifdef ENABLE_LISTENER_REBIND
3109  /* Rebinding may be needed if all of the following are true:
3110  * 1) Address family is the same in old and new listeners.
3111  * 2) Port number matches exactly (numeric value is the same).
3112  * 3) *One* of listeners (either old one or new one) has a
3113  * wildcard IP address (0.0.0.0 or [::]).
3114  *
3115  * These are the exact conditions for a first bind() syscall
3116  * to fail with EADDRINUSE.
3117  */
3118  const int may_need_rebind =
3119  tor_addr_family(&wanted->addr) == tor_addr_family(&conn->addr) &&
3120  port_matches_exact && bool_neq(tor_addr_is_null(&wanted->addr),
3121  tor_addr_is_null(&conn->addr));
3122  if (replacements && may_need_rebind) {
3123  listener_replacement_t *replacement =
3124  tor_malloc(sizeof(listener_replacement_t));
3125 
3126  replacement->old_conn = conn;
3127  replacement->new_port = wanted;
3128  smartlist_add(replacements, replacement);
3129 
3130  SMARTLIST_DEL_CURRENT(launch, wanted);
3131  SMARTLIST_DEL_CURRENT(old_conns, conn);
3132  break;
3133  }
3134 #endif /* defined(ENABLE_LISTENER_REBIND) */
3135  }
3136  } SMARTLIST_FOREACH_END(wanted);
3137 
3138  if (found_port) {
3139  /* This listener is already running; we don't need to launch it. */
3140  //log_debug(LD_NET, "Already have %s on %s:%d",
3141  // conn_type_to_string(found_port->type), conn->address, conn->port);
3142  smartlist_remove(launch, found_port);
3143  /* And we can remove the connection from old_conns too. */
3144  SMARTLIST_DEL_CURRENT(old_conns, conn);
3145  }
3146  } SMARTLIST_FOREACH_END(conn);
3147 
3148  /* Now open all the listeners that are configured but not opened. */
3149  SMARTLIST_FOREACH_BEGIN(launch, const port_cfg_t *, port) {
3150  int skip = 0;
3151  connection_t *conn = connection_listener_new_for_port(port, &skip, NULL);
3152 
3153  if (conn && new_conns)
3154  smartlist_add(new_conns, conn);
3155  else if (!skip)
3156  r = -1;
3157  } SMARTLIST_FOREACH_END(port);
3158 
3159  smartlist_free(launch);
3160 
3161  return r;
3162 }
3163 
3164 /** Launch listeners for each port you should have open. Only launch
3165  * listeners who are not already open, and only close listeners we no longer
3166  * want.
3167  *
3168  * Add all new connections to <b>new_conns</b>.
3169  *
3170  * If <b>close_all_noncontrol</b> is true, then we only open control
3171  * listeners, and we close all other listeners.
3172  */
3173 int
3174 retry_all_listeners(smartlist_t *new_conns, int close_all_noncontrol)
3175 {
3176  smartlist_t *listeners = smartlist_new();
3177  smartlist_t *replacements = smartlist_new();
3178  const or_options_t *options = get_options();
3179  int retval = 0;
3180  const uint16_t old_or_port = routerconf_find_or_port(options, AF_INET);
3181  const uint16_t old_or_port_ipv6 =
3182  routerconf_find_or_port(options,AF_INET6);
3183  const uint16_t old_dir_port = routerconf_find_dir_port(options, 0);
3184 
3186  if (connection_is_listener(conn) && !conn->marked_for_close)
3187  smartlist_add(listeners, conn);
3188  } SMARTLIST_FOREACH_END(conn);
3189 
3190  if (retry_listener_ports(listeners,
3192  new_conns,
3193  replacements,
3194  close_all_noncontrol) < 0)
3195  retval = -1;
3196 
3197 #ifdef ENABLE_LISTENER_REBIND
3198  if (smartlist_len(replacements))
3199  log_debug(LD_NET, "%d replacements - starting rebinding loop.",
3200  smartlist_len(replacements));
3201 
3202  SMARTLIST_FOREACH_BEGIN(replacements, listener_replacement_t *, r) {
3203  int addr_in_use = 0;
3204  int skip = 0;
3205 
3206  tor_assert(r->new_port);
3207  tor_assert(r->old_conn);
3208 
3209  connection_t *new_conn =
3210  connection_listener_new_for_port(r->new_port, &skip, &addr_in_use);
3211  connection_t *old_conn = r->old_conn;
3212 
3213  if (skip) {
3214  log_debug(LD_NET, "Skipping creating new listener for %s",
3215  connection_describe(old_conn));
3216  continue;
3217  }
3218 
3219  connection_close_immediate(old_conn);
3220  connection_mark_for_close(old_conn);
3221 
3222  if (addr_in_use) {
3223  new_conn = connection_listener_new_for_port(r->new_port,
3224  &skip, &addr_in_use);
3225  }
3226 
3227  /* There are many reasons why we can't open a new listener port so in case
3228  * we hit those, bail early so tor can stop. */
3229  if (!new_conn) {
3230  log_warn(LD_NET, "Unable to create listener port: %s:%d",
3231  fmt_addr(&r->new_port->addr), r->new_port->port);
3232  retval = -1;
3233  break;
3234  }
3235 
3236  smartlist_add(new_conns, new_conn);
3237 
3238  char *old_desc = tor_strdup(connection_describe(old_conn));
3239  log_notice(LD_NET, "Closed no-longer-configured %s "
3240  "(replaced by %s)",
3241  old_desc, connection_describe(new_conn));
3242  tor_free(old_desc);
3243  } SMARTLIST_FOREACH_END(r);
3244 #endif /* defined(ENABLE_LISTENER_REBIND) */
3245 
3246  /* Any members that were still in 'listeners' don't correspond to
3247  * any configured port. Kill 'em. */
3248  SMARTLIST_FOREACH_BEGIN(listeners, connection_t *, conn) {
3249  log_notice(LD_NET, "Closing no-longer-configured %s on %s:%d",
3250  conn_type_to_string(conn->type), conn->address, conn->port);
3252  connection_mark_for_close(conn);
3253  } SMARTLIST_FOREACH_END(conn);
3254 
3255  smartlist_free(listeners);
3256  /* Cleanup any remaining listener replacement. */
3257  SMARTLIST_FOREACH(replacements, listener_replacement_t *, r, tor_free(r));
3258  smartlist_free(replacements);
3259 
3260  if (old_or_port != routerconf_find_or_port(options, AF_INET) ||
3261  old_or_port_ipv6 != routerconf_find_or_port(options, AF_INET6) ||
3262  old_dir_port != routerconf_find_dir_port(options, 0)) {
3263  /* Our chosen ORPort or DirPort is not what it used to be: the
3264  * descriptor we had (if any) should be regenerated. (We won't
3265  * automatically notice this because of changes in the option,
3266  * since the value could be "auto".) */
3267  mark_my_descriptor_dirty("Chosen Or/DirPort changed");
3268  }
3269 
3270  return retval;
3271 }
3272 
3273 /** Mark every listener of type other than CONTROL_LISTENER to be closed. */
3274 void
3276 {
3278  if (conn->marked_for_close)
3279  continue;
3280  if (conn->type == CONN_TYPE_CONTROL_LISTENER)
3281  continue;
3282  if (connection_is_listener(conn))
3283  connection_mark_for_close(conn);
3284  } SMARTLIST_FOREACH_END(conn);
3285 }
3286 
3287 /** Mark every external connection not used for controllers for close. */
3288 void
3290 {
3292  if (conn->marked_for_close)
3293  continue;
3294  switch (conn->type) {
3296  case CONN_TYPE_CONTROL:
3297  break;
3298  case CONN_TYPE_AP:
3299  connection_mark_unattached_ap(TO_ENTRY_CONN(conn),
3300  END_STREAM_REASON_HIBERNATING);
3301  break;
3302  case CONN_TYPE_OR:
3303  {
3304  or_connection_t *orconn = TO_OR_CONN(conn);
3305  if (orconn->chan) {
3306  connection_or_close_normally(orconn, 0);
3307  } else {
3308  /*
3309  * There should have been one, but mark for close and hope
3310  * for the best..
3311  */
3312  connection_mark_for_close(conn);
3313  }
3314  }
3315  break;
3316  default:
3317  connection_mark_for_close(conn);
3318  break;
3319  }
3320  } SMARTLIST_FOREACH_END(conn);
3321 }
3322 
3323 /** Return 1 if we should apply rate limiting to <b>conn</b>, and 0
3324  * otherwise.
3325  * Right now this just checks if it's an internal IP address or an
3326  * internal connection. We also should, but don't, check if the connection
3327  * uses pluggable transports, since we should then limit it even if it
3328  * comes from an internal IP address. */
3329 static int
3331 {
3332  const or_options_t *options = get_options();
3333  if (conn->linked)
3334  return 0; /* Internal connection */
3335  else if (! options->CountPrivateBandwidth &&
3336  ! conn->always_rate_limit_as_remote &&
3337  (tor_addr_family(&conn->addr) == AF_UNSPEC || /* no address */
3338  tor_addr_family(&conn->addr) == AF_UNIX || /* no address */
3339  tor_addr_is_internal(&conn->addr, 0)))
3340  return 0; /* Internal address */
3341  else
3342  return 1;
3343 }
3344 
3345 /** When was either global write bucket last empty? If this was recent, then
3346  * we're probably low on bandwidth, and we should be stingy with our bandwidth
3347  * usage. */
3348 static time_t write_buckets_last_empty_at = -100;
3349 
3350 /** How many seconds of no active local circuits will make the
3351  * connection revert to the "relayed" bandwidth class? */
3352 #define CLIENT_IDLE_TIME_FOR_PRIORITY 30
3353 
3354 /** Return 1 if <b>conn</b> should use tokens from the "relayed"
3355  * bandwidth rates, else 0. Currently, only OR conns with bandwidth
3356  * class 1, and directory conns that are serving data out, count.
3357  */
3358 static int
3360 {
3361  if (conn->type == CONN_TYPE_OR &&
3364  return 1;
3365  if (conn->type == CONN_TYPE_DIR && DIR_CONN_IS_SERVER(conn))
3366  return 1;
3367  return 0;
3368 }
3369 
3370 /** Helper function to decide how many bytes out of <b>global_bucket</b>
3371  * we're willing to use for this transaction. <b>base</b> is the size
3372  * of a cell on the network; <b>priority</b> says whether we should
3373  * write many of them or just a few; and <b>conn_bucket</b> (if
3374  * non-negative) provides an upper limit for our answer. */
3375 static ssize_t
3376 connection_bucket_get_share(int base, int priority,
3377  ssize_t global_bucket_val, ssize_t conn_bucket)
3378 {
3379  ssize_t at_most;
3380  ssize_t num_bytes_high = (priority ? 32 : 16) * base;
3381  ssize_t num_bytes_low = (priority ? 4 : 2) * base;
3382 
3383  /* Do a rudimentary limiting so one circuit can't hog a connection.
3384  * Pick at most 32 cells, at least 4 cells if possible, and if we're in
3385  * the middle pick 1/8 of the available bandwidth. */
3386  at_most = global_bucket_val / 8;
3387  at_most -= (at_most % base); /* round down */
3388  if (at_most > num_bytes_high) /* 16 KB, or 8 KB for low-priority */
3389  at_most = num_bytes_high;
3390  else if (at_most < num_bytes_low) /* 2 KB, or 1 KB for low-priority */
3391  at_most = num_bytes_low;
3392 
3393  if (at_most > global_bucket_val)
3394  at_most = global_bucket_val;
3395 
3396  if (conn_bucket >= 0 && at_most > conn_bucket)
3397  at_most = conn_bucket;
3398 
3399  if (at_most < 0)
3400  return 0;
3401  return at_most;
3402 }
3403 
3404 /** How many bytes at most can we read onto this connection? */
3405 static ssize_t
3407 {
3408  int base = RELAY_PAYLOAD_SIZE;
3409  int priority = conn->type != CONN_TYPE_DIR;
3410  ssize_t conn_bucket = -1;
3411  size_t global_bucket_val = token_bucket_rw_get_read(&global_bucket);
3412 
3413  if (connection_speaks_cells(conn)) {
3414  or_connection_t *or_conn = TO_OR_CONN(conn);
3415  if (conn->state == OR_CONN_STATE_OPEN)
3416  conn_bucket = token_bucket_rw_get_read(&or_conn->bucket);
3417  base = get_cell_network_size(or_conn->wide_circ_ids);
3418  }
3419 
3420  if (!connection_is_rate_limited(conn)) {
3421  /* be willing to read on local conns even if our buckets are empty */
3422  return conn_bucket>=0 ? conn_bucket : 1<<14;
3423  }
3424 
3425  if (connection_counts_as_relayed_traffic(conn, now)) {
3426  size_t relayed = token_bucket_rw_get_read(&global_relayed_bucket);
3427  global_bucket_val = MIN(global_bucket_val, relayed);
3428  }
3429 
3430  return connection_bucket_get_share(base, priority,
3431  global_bucket_val, conn_bucket);
3432 }
3433 
3434 /** How many bytes at most can we write onto this connection? */
3435 ssize_t
3437 {
3438  int base = RELAY_PAYLOAD_SIZE;
3439  int priority = conn->type != CONN_TYPE_DIR;
3440  size_t conn_bucket = buf_datalen(conn->outbuf);
3441  size_t global_bucket_val = token_bucket_rw_get_write(&global_bucket);
3442 
3443  if (!connection_is_rate_limited(conn)) {
3444  /* be willing to write to local conns even if our buckets are empty */
3445  return conn_bucket;
3446  }
3447 
3448  if (connection_speaks_cells(conn)) {
3449  /* use the per-conn write limit if it's lower */
3450  or_connection_t *or_conn = TO_OR_CONN(conn);
3451  if (conn->state == OR_CONN_STATE_OPEN)
3452  conn_bucket = MIN(conn_bucket,
3453  token_bucket_rw_get_write(&or_conn->bucket));
3454  base = get_cell_network_size(or_conn->wide_circ_ids);
3455  }
3456 
3457  if (connection_counts_as_relayed_traffic(conn, now)) {
3458  size_t relayed = token_bucket_rw_get_write(&global_relayed_bucket);
3459  global_bucket_val = MIN(global_bucket_val, relayed);
3460  }
3461 
3462  return connection_bucket_get_share(base, priority,
3463  global_bucket_val, conn_bucket);
3464 }
3465 
3466 /** Return true iff the global write buckets are low enough that we
3467  * shouldn't send <b>attempt</b> bytes of low-priority directory stuff
3468  * out to <b>conn</b>.
3469  *
3470  * If we are a directory authority, always answer dir requests thus true is
3471  * always returned.
3472  *
3473  * Note: There are a lot of parameters we could use here:
3474  * - global_relayed_write_bucket. Low is bad.
3475  * - global_write_bucket. Low is bad.
3476  * - bandwidthrate. Low is bad.
3477  * - bandwidthburst. Not a big factor?
3478  * - attempt. High is bad.
3479  * - total bytes queued on outbufs. High is bad. But I'm wary of
3480  * using this, since a few slow-flushing queues will pump up the
3481  * number without meaning what we meant to mean. What we really
3482  * mean is "total directory bytes added to outbufs recently", but
3483  * that's harder to quantify and harder to keep track of.
3484  */
3485 bool
3487 {
3488  size_t smaller_bucket =
3489  MIN(token_bucket_rw_get_write(&global_bucket),
3490  token_bucket_rw_get_write(&global_relayed_bucket));
3491 
3492  /* Special case for authorities (directory only). */
3493  if (authdir_mode_v3(get_options())) {
3494  /* Are we configured to possibly reject requests under load? */
3496  /* Answer request no matter what. */
3497  return false;
3498  }
3499  /* Always answer requests from a known relay which includes the other
3500  * authorities. The following looks up the addresses for relays that we
3501  * have their descriptor _and_ any configured trusted directories. */
3503  return false;
3504  }
3505  }
3506 
3507  if (!connection_is_rate_limited(conn))
3508  return false; /* local conns don't get limited */
3509 
3510  if (smaller_bucket < attempt)
3511  return true; /* not enough space. */
3512 
3513  {
3514  const time_t diff = approx_time() - write_buckets_last_empty_at;
3515  if (diff <= 1)
3516  return true; /* we're already hitting our limits, no more please */
3517  }
3518  return false;
3519 }
3520 
3521 /** When did we last tell the accounting subsystem about transmitted
3522  * bandwidth? */
3524 
3525 /** Helper: adjusts our bandwidth history and informs the controller as
3526  * appropriate, given that we have just read <b>num_read</b> bytes and written
3527  * <b>num_written</b> bytes on <b>conn</b>. */
3528 static void
3530  time_t now, size_t num_read, size_t num_written)
3531 {
3532  /* Count bytes of answering direct and tunneled directory requests */
3533  if (conn->type == CONN_TYPE_DIR && conn->purpose == DIR_PURPOSE_SERVER) {
3534  if (num_read > 0)
3535  bwhist_note_dir_bytes_read(num_read, now);
3536  if (num_written > 0)
3537  bwhist_note_dir_bytes_written(num_written, now);
3538  }
3539 
3540  /* Linked connections and internal IPs aren't counted for statistics or
3541  * accounting:
3542  * - counting linked connections would double-count BEGINDIR bytes, because
3543  * they are sent as Dir bytes on the linked connection, and OR bytes on
3544  * the OR connection;
3545  * - relays and clients don't connect to internal IPs, unless specifically
3546  * configured to do so. If they are configured that way, we don't count
3547  * internal bytes.
3548  */
3549  if (!connection_is_rate_limited(conn))
3550  return;
3551 
3552  const bool is_ipv6 = (conn->socket_family == AF_INET6);
3553  if (conn->type == CONN_TYPE_OR)
3555  num_written, now, is_ipv6);
3556 
3557  if (num_read > 0) {
3558  bwhist_note_bytes_read(num_read, now, is_ipv6);
3559  }
3560  if (num_written > 0) {
3561  bwhist_note_bytes_written(num_written, now, is_ipv6);
3562  }
3563  if (conn->type == CONN_TYPE_EXIT)
3564  rep_hist_note_exit_bytes(conn->port, num_written, num_read);
3565 
3566  /* Remember these bytes towards statistics. */
3567  stats_increment_bytes_read_and_written(num_read, num_written);
3568 
3569  /* Remember these bytes towards accounting. */
3572  accounting_add_bytes(num_read, num_written,
3573  (int)(now - last_recorded_accounting_at));
3574  } else {
3575  accounting_add_bytes(num_read, num_written, 0);
3576  }
3578  }
3579 }
3580 
3581 /** We just read <b>num_read</b> and wrote <b>num_written</b> bytes
3582  * onto <b>conn</b>. Decrement buckets appropriately. */
3583 static void
3585  size_t num_read, size_t num_written)
3586 {
3587  if (num_written >= INT_MAX || num_read >= INT_MAX) {
3588  log_err(LD_BUG, "Value out of range. num_read=%lu, num_written=%lu, "
3589  "connection type=%s, state=%s",
3590  (unsigned long)num_read, (unsigned long)num_written,
3591  conn_type_to_string(conn->type),
3592  conn_state_to_string(conn->type, conn->state));
3594  if (num_written >= INT_MAX)
3595  num_written = 1;
3596  if (num_read >= INT_MAX)
3597  num_read = 1;
3598  }
3599 
3600  record_num_bytes_transferred_impl(conn, now, num_read, num_written);
3601 
3602  if (!connection_is_rate_limited(conn))
3603  return; /* local IPs are free */
3604 
3605  unsigned flags = 0;
3606  if (connection_counts_as_relayed_traffic(conn, now)) {
3607  flags = token_bucket_rw_dec(&global_relayed_bucket, num_read, num_written);
3608  }
3609  flags |= token_bucket_rw_dec(&global_bucket, num_read, num_written);
3610 
3611  if (flags & TB_WRITE) {
3613  }
3614  if (connection_speaks_cells(conn) && conn->state == OR_CONN_STATE_OPEN) {
3615  or_connection_t *or_conn = TO_OR_CONN(conn);
3616  token_bucket_rw_dec(&or_conn->bucket, num_read, num_written);
3617  }
3618 }
3619 
3620 /**
3621  * Mark <b>conn</b> as needing to stop reading because bandwidth has been
3622  * exhausted. If <b>is_global_bw</b>, it is closing because global bandwidth
3623  * limit has been exhausted. Otherwise, it is closing because its own
3624  * bandwidth limit has been exhausted.
3625  */
3626 void
3628 {
3629  (void)is_global_bw;
3630  conn->read_blocked_on_bw = 1;
3633 }
3634 
3635 /**
3636  * Mark <b>conn</b> as needing to stop reading because write bandwidth has
3637  * been exhausted. If <b>is_global_bw</b>, it is closing because global
3638  * bandwidth limit has been exhausted. Otherwise, it is closing because its
3639  * own bandwidth limit has been exhausted.
3640 */
3641 void
3643 {
3644  (void)is_global_bw;
3645  conn->write_blocked_on_bw = 1;
3648 }
3649 
3650 /** If we have exhausted our global buckets, or the buckets for conn,
3651  * stop reading. */
3652 void
3654 {
3655  const char *reason;
3656 
3657  if (!connection_is_rate_limited(conn))
3658  return; /* Always okay. */
3659 
3660  int is_global = 1;
3661 
3662  if (token_bucket_rw_get_read(&global_bucket) <= 0) {
3663  reason = "global read bucket exhausted. Pausing.";
3664  } else if (connection_counts_as_relayed_traffic(conn, approx_time()) &&
3665  token_bucket_rw_get_read(&global_relayed_bucket) <= 0) {
3666  reason = "global relayed read bucket exhausted. Pausing.";
3667  } else if (connection_speaks_cells(conn) &&
3668  conn->state == OR_CONN_STATE_OPEN &&
3669  token_bucket_rw_get_read(&TO_OR_CONN(conn)->bucket) <= 0) {
3670  reason = "connection read bucket exhausted. Pausing.";
3671  is_global = false;
3672  } else
3673  return; /* all good, no need to stop it */
3674 
3675  LOG_FN_CONN(conn, (LOG_DEBUG, LD_NET, "%s", reason));
3676  connection_read_bw_exhausted(conn, is_global);
3677 }
3678 
3679 /** If we have exhausted our global buckets, or the buckets for conn,
3680  * stop writing. */
3681 void
3683 {
3684  const char *reason;
3685 
3686  if (!connection_is_rate_limited(conn))
3687  return; /* Always okay. */
3688 
3689  bool is_global = true;
3690  if (token_bucket_rw_get_write(&global_bucket) <= 0) {
3691  reason = "global write bucket exhausted. Pausing.";
3692  } else if (connection_counts_as_relayed_traffic(conn, approx_time()) &&
3693  token_bucket_rw_get_write(&global_relayed_bucket) <= 0) {
3694  reason = "global relayed write bucket exhausted. Pausing.";
3695  } else if (connection_speaks_cells(conn) &&
3696  conn->state == OR_CONN_STATE_OPEN &&
3697  token_bucket_rw_get_write(&TO_OR_CONN(conn)->bucket) <= 0) {
3698  reason = "connection write bucket exhausted. Pausing.";
3699  is_global = false;
3700  } else
3701  return; /* all good, no need to stop it */
3702 
3703  LOG_FN_CONN(conn, (LOG_DEBUG, LD_NET, "%s", reason));
3704  connection_write_bw_exhausted(conn, is_global);
3705 }
3706 
3707 /** Initialize the global buckets to the values configured in the
3708  * options */
3709 void
3711 {
3712  const or_options_t *options = get_options();
3713  const uint32_t now_ts = monotime_coarse_get_stamp();
3714  token_bucket_rw_init(&global_bucket,
3715  (int32_t)options->BandwidthRate,
3716  (int32_t)options->BandwidthBurst,
3717  now_ts);
3718  if (options->RelayBandwidthRate) {
3719  token_bucket_rw_init(&global_relayed_bucket,
3720  (int32_t)options->RelayBandwidthRate,
3721  (int32_t)options->RelayBandwidthBurst,
3722  now_ts);
3723  } else {
3724  token_bucket_rw_init(&global_relayed_bucket,
3725  (int32_t)options->BandwidthRate,
3726  (int32_t)options->BandwidthBurst,
3727  now_ts);
3728  }
3729 
3731 }
3732 
3733 /** Update the global connection bucket settings to a new value. */
3734 void
3736 {
3737  token_bucket_rw_adjust(&global_bucket,
3738  (int32_t)options->BandwidthRate,
3739  (int32_t)options->BandwidthBurst);
3740  if (options->RelayBandwidthRate) {
3741  token_bucket_rw_adjust(&global_relayed_bucket,
3742  (int32_t)options->RelayBandwidthRate,
3743  (int32_t)options->RelayBandwidthBurst);
3744  } else {
3745  token_bucket_rw_adjust(&global_relayed_bucket,
3746  (int32_t)options->BandwidthRate,
3747  (int32_t)options->BandwidthBurst);
3748  }
3749 }
3750 
3751 /**
3752  * Cached value of the last coarse-timestamp when we refilled the
3753  * global buckets.
3754  */
3756 /**
3757  * Refill the token buckets for a single connection <b>conn</b>, and the
3758  * global token buckets as appropriate. Requires that <b>now_ts</b> is
3759  * the time in coarse timestamp units.
3760  */
3761 static void
3763 {
3764  /* Note that we only check for equality here: the underlying
3765  * token bucket functions can handle moving backwards in time if they
3766  * need to. */
3767  if (now_ts != last_refilled_global_buckets_ts) {
3768  token_bucket_rw_refill(&global_bucket, now_ts);
3769  token_bucket_rw_refill(&global_relayed_bucket, now_ts);
3771  }
3772 
3773  if (connection_speaks_cells(conn) && conn->state == OR_CONN_STATE_OPEN) {
3774  or_connection_t *or_conn = TO_OR_CONN(conn);
3775  token_bucket_rw_refill(&or_conn->bucket, now_ts);
3776  }
3777 }
3778 
3779 /**
3780  * Event to re-enable all connections that were previously blocked on read or
3781  * write.
3782  */
3784 
3785 /** True iff reenable_blocked_connections_ev is currently scheduled. */
3787 
3788 /** Delay after which to run reenable_blocked_connections_ev. */
3790 
3791 /**
3792  * Re-enable all connections that were previously blocked on read or write.
3793  * This event is scheduled after enough time has elapsed to be sure
3794  * that the buckets will refill when the connections have something to do.
3795  */
3796 static void
3798 {
3799  (void)ev;
3800  (void)arg;
3802  if (conn->read_blocked_on_bw == 1) {
3804  conn->read_blocked_on_bw = 0;
3805  }
3806  if (conn->write_blocked_on_bw == 1) {
3808  conn->write_blocked_on_bw = 0;
3809  }
3810  } SMARTLIST_FOREACH_END(conn);
3811 
3813 }
3814 
3815 /**
3816  * Initialize the mainloop event that we use to wake up connections that
3817  * find themselves blocked on bandwidth.
3818  */
3819 static void
3821 {
3826  }
3827  time_t sec = options->TokenBucketRefillInterval / 1000;
3828  int msec = (options->TokenBucketRefillInterval % 1000);
3830  reenable_blocked_connections_delay.tv_usec = msec * 1000;
3831 }
3832 
3833 /**
3834  * Called when we have blocked a connection for being low on bandwidth:
3835  * schedule an event to reenable such connections, if it is not already
3836  * scheduled.
3837  */
3838 static void
3840 {
3842  return;
3843  if (BUG(reenable_blocked_connections_ev == NULL)) {
3845  }
3849 }
3850 
3851 /** Read bytes from conn->s and process them.
3852  *
3853  * It calls connection_buf_read_from_socket() to bring in any new bytes,
3854  * and then calls connection_process_inbuf() to process them.
3855  *
3856  * Mark the connection and return -1 if you want to close it, else
3857  * return 0.
3858  */
3859 static int
3861 {
3862  ssize_t max_to_read=-1, try_to_read;
3863  size_t before, n_read = 0;
3864  int socket_error = 0;
3865 
3866  if (conn->marked_for_close)
3867  return 0; /* do nothing */
3868 
3870 
3872 
3873  switch (conn->type) {
3874  case CONN_TYPE_OR_LISTENER:
3878  case CONN_TYPE_AP_LISTENER:
3888  /* This should never happen; eventdns.c handles the reads here. */
3890  return 0;
3891  }
3892 
3893  loop_again:
3894  try_to_read = max_to_read;
3895  tor_assert(!conn->marked_for_close);
3896 
3897  before = buf_datalen(conn->inbuf);
3898  if (connection_buf_read_from_socket(conn, &max_to_read, &socket_error) < 0) {
3899  /* There's a read error; kill the connection.*/
3900  if (conn->type == CONN_TYPE_OR) {
3902  socket_error != 0 ?
3903  errno_to_orconn_end_reason(socket_error) :
3904  END_OR_CONN_REASON_CONNRESET,
3905  socket_error != 0 ?
3906  tor_socket_strerror(socket_error) :
3907  "(unknown, errno was 0)");
3908  }
3909  if (CONN_IS_EDGE(conn)) {
3910  edge_connection_t *edge_conn = TO_EDGE_CONN(conn);
3911  connection_edge_end_errno(edge_conn);
3912  if (conn->type == CONN_TYPE_AP && TO_ENTRY_CONN(conn)->socks_request) {
3913  /* broken, don't send a socks reply back */
3915  }
3916  }
3917  connection_close_immediate(conn); /* Don't flush; connection is dead. */
3918  /*
3919  * This can bypass normal channel checking since we did
3920  * connection_or_notify_error() above.
3921  */
3922  connection_mark_for_close_internal(conn);
3923  return -1;
3924  }
3925  n_read += buf_datalen(conn->inbuf) - before;
3926  if (CONN_IS_EDGE(conn) && try_to_read != max_to_read) {
3927  /* instruct it not to try to package partial cells. */
3928  if (connection_process_inbuf(conn, 0) < 0) {
3929  return -1;
3930  }
3931  if (!conn->marked_for_close &&
3932  connection_is_reading(conn) &&
3933  !conn->inbuf_reached_eof &&
3934  max_to_read > 0)
3935  goto loop_again; /* try reading again, in case more is here now */
3936  }
3937  /* one last try, packaging partial cells and all. */
3938  if (!conn->marked_for_close &&
3939  connection_process_inbuf(conn, 1) < 0) {
3940  return -1;
3941  }
3942  if (conn->linked_conn) {
3943  /* The other side's handle_write() will never actually get called, so
3944  * we need to invoke the appropriate callbacks ourself. */
3945  connection_t *linked = conn->linked_conn;
3946 
3947  if (n_read) {
3948  /* Probably a no-op, since linked conns typically don't count for
3949  * bandwidth rate limiting. But do it anyway so we can keep stats
3950  * accurately. Note that since we read the bytes from conn, and
3951  * we're writing the bytes onto the linked connection, we count
3952  * these as <i>written</i> bytes. */
3953  connection_buckets_decrement(linked, approx_time(), 0, n_read);
3954 
3955  if (connection_flushed_some(linked) < 0)
3956  connection_mark_for_close(linked);
3957  if (!connection_wants_to_flush(linked))
3959  }
3960 
3961  if (!buf_datalen(linked->outbuf) && conn->active_on_link)
3963  }
3964  /* If we hit the EOF, call connection_reached_eof(). */
3965  if (!conn->marked_for_close &&
3966  conn->inbuf_reached_eof &&
3967  connection_reached_eof(conn) < 0) {
3968  return -1;
3969  }
3970  return 0;
3971 }
3972 
3973 /* DOCDOC connection_handle_read */
3974 int
3975 connection_handle_read(connection_t *conn)
3976 {
3977  int res;
3978  update_current_time(time(NULL));
3979  res = connection_handle_read_impl(conn);
3980  return res;
3981 }
3982 
3983 /** Pull in new bytes from conn->s or conn->linked_conn onto conn->inbuf,
3984  * either directly or via TLS. Reduce the token buckets by the number of bytes
3985  * read.
3986  *
3987  * If *max_to_read is -1, then decide it ourselves, else go with the
3988  * value passed to us. When returning, if it's changed, subtract the
3989  * number of bytes we read from *max_to_read.
3990  *
3991  * Return -1 if we want to break conn, else return 0.
3992  */
3993 static int
3994 connection_buf_read_from_socket(connection_t *conn, ssize_t *max_to_read,
3995  int *socket_error)
3996 {
3997  int result;
3998  ssize_t at_most = *max_to_read;
3999  size_t slack_in_buf, more_to_read;
4000  size_t n_read = 0, n_written = 0;
4001 
4002  if (at_most == -1) { /* we need to initialize it */
4003  /* how many bytes are we allowed to read? */
4004  at_most = connection_bucket_read_limit(conn, approx_time());
4005  }
4006 
4007  /* Do not allow inbuf to grow past BUF_MAX_LEN. */
4008  const ssize_t maximum = BUF_MAX_LEN - buf_datalen(conn->inbuf);
4009  if (at_most > maximum) {
4010  at_most = maximum;
4011  }
4012 
4013  slack_in_buf = buf_slack(conn->inbuf);
4014  again:
4015  if ((size_t)at_most > slack_in_buf && slack_in_buf >= 1024) {
4016  more_to_read = at_most - slack_in_buf;
4017  at_most = slack_in_buf;
4018  } else {
4019  more_to_read = 0;
4020  }
4021 
4022  if (connection_speaks_cells(conn) &&
4024  int pending;
4025  or_connection_t *or_conn = TO_OR_CONN(conn);
4026  size_t initial_size;
4027  if (conn->state == OR_CONN_STATE_TLS_HANDSHAKING ||
4029  /* continue handshaking even if global token bucket is empty */
4030  return connection_tls_continue_handshake(or_conn);
4031  }
4032 
4033  log_debug(LD_NET,
4034  "%d: starting, inbuf_datalen %ld (%d pending in tls object)."
4035  " at_most %ld.",
4036  (int)conn->s,(long)buf_datalen(conn->inbuf),
4037  tor_tls_get_pending_bytes(or_conn->tls), (long)at_most);
4038 
4039  initial_size = buf_datalen(conn->inbuf);
4040  /* else open, or closing */
4041  result = buf_read_from_tls(conn->inbuf, or_conn->tls, at_most);
4042  if (TOR_TLS_IS_ERROR(result) || result == TOR_TLS_CLOSE)
4043  or_conn->tls_error = result;
4044  else
4045  or_conn->tls_error = 0;
4046 
4047  switch (result) {
4048  case TOR_TLS_CLOSE:
4049  case TOR_TLS_ERROR_IO:
4050  log_debug(LD_NET,"TLS %s closed %son read. Closing.",
4051  connection_describe(conn),
4052  result == TOR_TLS_CLOSE ? "cleanly " : "");
4053  return result;
4055  log_debug(LD_NET,"tls error [%s] from %s. Breaking.",
4056  tor_tls_err_to_string(result),
4057  connection_describe(conn));
4058  return result;
4059  case TOR_TLS_WANTWRITE:
4061  return 0;
4062  case TOR_TLS_WANTREAD:
4063  if (conn->in_connection_handle_write) {
4064  /* We've been invoked from connection_handle_write, because we're
4065  * waiting for a TLS renegotiation, the renegotiation started, and
4066  * SSL_read returned WANTWRITE. But now SSL_read is saying WANTREAD
4067  * again. Stop waiting for write events now, or else we'll
4068  * busy-loop until data arrives for us to read.
4069  * XXX: remove this when v2 handshakes support is dropped. */
4071  if (!connection_is_reading(conn))
4073  }
4074  /* we're already reading, one hopes */
4075  break;
4076  case TOR_TLS_DONE: /* no data read, so nothing to process */
4077  break; /* so we call bucket_decrement below */
4078  default:
4079  break;
4080  }
4081  pending = tor_tls_get_pending_bytes(or_conn->tls);
4082  if (pending) {
4083  /* If we have any pending bytes, we read them now. This *can*
4084  * take us over our read allotment, but really we shouldn't be
4085  * believing that SSL bytes are the same as TCP bytes anyway. */
4086  int r2 = buf_read_from_tls(conn->inbuf, or_conn->tls, pending);
4087  if (BUG(r2<0)) {
4088  log_warn(LD_BUG, "apparently, reading pending bytes can fail.");
4089  return -1;
4090  }
4091  }
4092  result = (int)(buf_datalen(conn->inbuf)-initial_size);
4093  tor_tls_get_n_raw_bytes(or_conn->tls, &n_read, &n_written);
4094  log_debug(LD_GENERAL, "After TLS read of %d: %ld read, %ld written",
4095  result, (long)n_read, (long)n_written);
4096  } else if (conn->linked) {
4097  if (conn->linked_conn) {
4098  result = (int) buf_move_all(conn->inbuf, conn->linked_conn->outbuf);
4099  } else {
4100  result = 0;
4101  }
4102  //log_notice(LD_GENERAL, "Moved %d bytes on an internal link!", result);
4103  /* If the other side has disappeared, or if it's been marked for close and
4104  * we flushed its outbuf, then we should set our inbuf_reached_eof. */
4105  if (!conn->linked_conn ||
4106  (conn->linked_conn->marked_for_close &&
4107  buf_datalen(conn->linked_conn->outbuf) == 0))
4108  conn->inbuf_reached_eof = 1;
4109 
4110  n_read = (size_t) result;
4111  } else {
4112  /* !connection_speaks_cells, !conn->linked_conn. */
4113  int reached_eof = 0;
4114  CONN_LOG_PROTECT(conn,
4115  result = buf_read_from_socket(conn->inbuf, conn->s,
4116  at_most,
4117  &reached_eof,
4118  socket_error));
4119  if (reached_eof)
4120  conn->inbuf_reached_eof = 1;
4121 
4122 // log_fn(LOG_DEBUG,"read_to_buf returned %d.",read_result);
4123 
4124  if (result < 0)
4125  return -1;
4126  n_read = (size_t) result;
4127  }
4128 
4129  if (n_read > 0) {
4130  /* change *max_to_read */
4131  *max_to_read = at_most - n_read;
4132 
4133  /* Update edge_conn->n_read */
4134  if (conn->type == CONN_TYPE_AP) {
4135  edge_connection_t *edge_conn = TO_EDGE_CONN(conn);
4136 
4137  /* Check for overflow: */
4138  if (PREDICT_LIKELY(UINT32_MAX - edge_conn->n_read > n_read))
4139  edge_conn->n_read += (int)n_read;
4140  else
4141  edge_conn->n_read = UINT32_MAX;
4142  }
4143 
4144  /* If CONN_BW events are enabled, update conn->n_read_conn_bw for
4145  * OR/DIR/EXIT connections, checking for overflow. */
4147  (conn->type == CONN_TYPE_OR ||
4148  conn->type == CONN_TYPE_DIR ||
4149  conn->type == CONN_TYPE_EXIT)) {
4150  if (PREDICT_LIKELY(UINT32_MAX - conn->n_read_conn_bw > n_read))
4151  conn->n_read_conn_bw += (int)n_read;
4152  else
4153  conn->n_read_conn_bw = UINT32_MAX;
4154  }
4155  }
4156 
4157  connection_buckets_decrement(conn, approx_time(), n_read, n_written);
4158 
4159  if (more_to_read && result == at_most) {
4160  slack_in_buf = buf_slack(conn->inbuf);
4161  at_most = more_to_read;
4162  goto again;
4163  }
4164 
4165  /* Call even if result is 0, since the global read bucket may
4166  * have reached 0 on a different conn, and this connection needs to
4167  * know to stop reading. */
4169  if (n_written > 0 && connection_is_writing(conn))
4171 
4172  return 0;
4173 }
4174 
4175 /** A pass-through to fetch_from_buf. */
4176 int
4177 connection_buf_get_bytes(char *string, size_t len, connection_t *conn)
4178 {
4179  return buf_get_bytes(conn->inbuf, string, len);
4180 }
4181 
4182 /** As buf_get_line(), but read from a connection's input buffer. */
4183 int
4185  size_t *data_len)
4186 {
4187  return buf_get_line(conn->inbuf, data, data_len);
4188 }
4189 
4190 /** As fetch_from_buf_http, but fetches from a connection's input buffer_t as
4191  * appropriate. */
4192 int
4194  char **headers_out, size_t max_headerlen,
4195  char **body_out, size_t *body_used,
4196  size_t max_bodylen, int force_complete)
4197 {
4198  return fetch_from_buf_http(conn->inbuf, headers_out, max_headerlen,
4199  body_out, body_used, max_bodylen, force_complete);
4200 }
4201 
4202 /** Return true if this connection has data to flush. */
4203 int
4205 {
4206  return connection_get_outbuf_len(conn) > 0;
4207 }
4208 
4209 /** Are there too many bytes on edge connection <b>conn</b>'s outbuf to
4210  * send back a relay-level sendme yet? Return 1 if so, 0 if not. Used by
4211  * connection_edge_consider_sending_sendme().
4212  */
4213 int
4215 {
4216  return connection_get_outbuf_len(conn) > 10*CELL_PAYLOAD_SIZE;
4217 }
4218 
4219 /**
4220  * On Windows Vista and Windows 7, tune the send buffer size according to a
4221  * hint from the OS.
4222  *
4223  * This should help fix slow upload rates.
4224  */
4225 static void
4227 {
4228 #ifdef _WIN32
4229  /* We only do this on Vista and 7, because earlier versions of Windows
4230  * don't have the SIO_IDEAL_SEND_BACKLOG_QUERY functionality, and on
4231  * later versions it isn't necessary. */
4232  static int isVistaOr7 = -1;
4233  if (isVistaOr7 == -1) {
4234  isVistaOr7 = 0;
4235  OSVERSIONINFO osvi = { 0 };
4236  osvi.dwOSVersionInfoSize = sizeof(OSVERSIONINFO);
4237  GetVersionEx(&osvi);
4238  if (osvi.dwMajorVersion == 6 && osvi.dwMinorVersion < 2)
4239  isVistaOr7 = 1;
4240  }
4241  if (!isVistaOr7)
4242  return;
4243  if (get_options()->ConstrainedSockets)
4244  return;
4245  ULONG isb = 0;
4246  DWORD bytesReturned = 0;
4247  if (!WSAIoctl(sock, SIO_IDEAL_SEND_BACKLOG_QUERY, NULL, 0,
4248  &isb, sizeof(isb), &bytesReturned, NULL, NULL)) {
4249  setsockopt(sock, SOL_SOCKET, SO_SNDBUF, (const char*)&isb, sizeof(isb));
4250  }
4251 #else /* !defined(_WIN32) */
4252  (void) sock;
4253 #endif /* defined(_WIN32) */
4254 }
4255 
4256 /** Try to flush more bytes onto <b>conn</b>->s.
4257  *
4258  * This function is called in connection_handle_write(), which gets
4259  * called from conn_write_callback() in main.c when libevent tells us
4260  * that <b>conn</b> wants to write.
4261  *
4262  * Update <b>conn</b>->timestamp_last_write_allowed to now, and call flush_buf
4263  * or flush_buf_tls appropriately. If it succeeds and there are no more
4264  * more bytes on <b>conn</b>->outbuf, then call connection_finished_flushing
4265  * on it too.
4266  *
4267  * If <b>force</b>, then write as many bytes as possible, ignoring bandwidth
4268  * limits. (Used for flushing messages to controller connections on fatal
4269  * errors.)
4270  *
4271  * Mark the connection and return -1 if you want to close it, else
4272  * return 0.
4273  */
4274 static int
4276 {
4277  int e;
4278  socklen_t len=(socklen_t)sizeof(e);
4279  int result;
4280  ssize_t max_to_write;
4281  time_t now = approx_time();
4282  size_t n_read = 0, n_written = 0;
4283  int dont_stop_writing = 0;
4284 
4286 
4287  if (conn->marked_for_close || !SOCKET_OK(conn->s))
4288  return 0; /* do nothing */
4289 
4290  if (conn->in_flushed_some) {
4291  log_warn(LD_BUG, "called recursively from inside conn->in_flushed_some");
4292  return 0;
4293  }
4294 
4295  conn->timestamp_last_write_allowed = now;
4296 
4298 
4299  /* Sometimes, "writable" means "connected". */
4300  if (connection_state_is_connecting(conn)) {
4301  if (getsockopt(conn->s, SOL_SOCKET, SO_ERROR, (void*)&e, &len) < 0) {
4302  log_warn(LD_BUG, "getsockopt() syscall failed");
4303  if (conn->type == CONN_TYPE_OR) {
4304  or_connection_t *orconn = TO_OR_CONN(conn);
4305  connection_or_close_for_error(orconn, 0);
4306  } else {
4307  if (CONN_IS_EDGE(conn)) {
4309  }
4310  connection_mark_for_close(conn);
4311  }
4312  return -1;
4313  }
4314  if (e) {
4315  /* some sort of error, but maybe just inprogress still */
4316  if (!ERRNO_IS_CONN_EINPROGRESS(e)) {
4317  log_info(LD_NET,"in-progress connect failed. Removing. (%s)",
4318  tor_socket_strerror(e));
4319  if (CONN_IS_EDGE(conn))
4321  if (conn->type == CONN_TYPE_OR)
4324  tor_socket_strerror(e));
4325 
4327  /*
4328  * This can bypass normal channel checking since we did
4329  * connection_or_notify_error() above.
4330  */
4331  connection_mark_for_close_internal(conn);
4332  return -1;
4333  } else {
4334  return 0; /* no change, see if next time is better */
4335  }
4336  }
4337  /* The connection is successful. */
4338  if (connection_finished_connecting(conn)<0)
4339  return -1;
4340  }
4341 
4342  max_to_write = force ? (ssize_t)buf_datalen(conn->outbuf)
4343  : connection_bucket_write_limit(conn, now);
4344 
4345  if (connection_speaks_cells(conn) &&
4347  or_connection_t *or_conn = TO_OR_CONN(conn);
4348  size_t initial_size;
4349  if (conn->state == OR_CONN_STATE_TLS_HANDSHAKING ||
4352  if (connection_tls_continue_handshake(or_conn) < 0) {
4353  /* Don't flush; connection is dead. */
4355  END_OR_CONN_REASON_MISC,
4356  "TLS error in connection_tls_"
4357  "continue_handshake()");
4359  /*
4360  * This can bypass normal channel checking since we did
4361  * connection_or_notify_error() above.
4362  */
4363  connection_mark_for_close_internal(conn);
4364  return -1;
4365  }
4366  return 0;
4367  } else if (conn->state == OR_CONN_STATE_TLS_SERVER_RENEGOTIATING) {
4368  return connection_handle_read(conn);
4369  }
4370 
4371  /* else open, or closing */
4372  initial_size = buf_datalen(conn->outbuf);
4373  result = buf_flush_to_tls(conn->outbuf, or_conn->tls,
4374  max_to_write);
4375 
4376  if (result >= 0)
4377  update_send_buffer_size(conn->s);
4378 
4379  /* If we just flushed the last bytes, tell the channel on the
4380  * or_conn to check if it needs to geoip_change_dirreq_state() */
4381  /* XXXX move this to flushed_some or finished_flushing -NM */
4382  if (buf_datalen(conn->outbuf) == 0 && or_conn->chan)
4383  channel_notify_flushed(TLS_CHAN_TO_BASE(or_conn->chan));
4384 
4385  switch (result) {
4387  case TOR_TLS_CLOSE:
4388  or_conn->tls_error = result;
4389  log_info(LD_NET, result != TOR_TLS_CLOSE ?
4390  "tls error. breaking.":"TLS connection closed on flush");
4391  /* Don't flush; connection is dead. */
4393  END_OR_CONN_REASON_MISC,
4394  result != TOR_TLS_CLOSE ?
4395  "TLS error in during flush" :
4396  "TLS closed during flush");
4398  /*
4399  * This can bypass normal channel checking since we did
4400  * connection_or_notify_error() above.
4401  */
4402  connection_mark_for_close_internal(conn);
4403  return -1;
4404  case TOR_TLS_WANTWRITE:
4405  log_debug(LD_NET,"wanted write.");
4406  /* we're already writing */
4407  dont_stop_writing = 1;
4408  break;
4409  case TOR_TLS_WANTREAD:
4410  /* Make sure to avoid a loop if the receive buckets are empty. */
4411  log_debug(LD_NET,"wanted read.");
4412  if (!connection_is_reading(conn)) {
4413  connection_write_bw_exhausted(conn, true);
4414  /* we'll start reading again when we get more tokens in our
4415  * read bucket; then we'll start writing again too.
4416  */
4417  }
4418  /* else no problem, we're already reading */
4419  return 0;
4420  /* case TOR_TLS_DONE:
4421  * for TOR_TLS_DONE, fall through to check if the flushlen
4422  * is empty, so we can stop writing.
4423  */
4424  }
4425 
4426  tor_tls_get_n_raw_bytes(or_conn->tls, &n_read, &n_written);
4427  log_debug(LD_GENERAL, "After TLS write of %d: %ld read, %ld written",
4428  result, (long)n_read, (long)n_written);
4429  or_conn->bytes_xmitted += result;
4430  or_conn->bytes_xmitted_by_tls += n_written;
4431  /* So we notice bytes were written even on error */
4432  /* XXXX This cast is safe since we can never write INT_MAX bytes in a
4433  * single set of TLS operations. But it looks kinda ugly. If we refactor
4434  * the *_buf_tls functions, we should make them return ssize_t or size_t
4435  * or something. */
4436  result = (int)(initial_size-buf_datalen(conn->outbuf));
4437  } else {
4438  CONN_LOG_PROTECT(conn,
4439  result = buf_flush_to_socket(conn->outbuf, conn->s,
4440  max_to_write));
4441  if (result < 0) {
4442  if (CONN_IS_EDGE(conn))
4444  if (conn->type == CONN_TYPE_AP) {
4445  /* writing failed; we couldn't send a SOCKS reply if we wanted to */
4447  }
4448 
4449  connection_close_immediate(conn); /* Don't flush; connection is dead. */
4450  connection_mark_for_close(conn);
4451  return -1;
4452  }
4453  update_send_buffer_size(conn->s);
4454  n_written = (size_t) result;
4455  }
4456 
4457  if (n_written && conn->type == CONN_TYPE_AP) {
4458  edge_connection_t *edge_conn = TO_EDGE_CONN(conn);
4459 
4460  /* Check for overflow: */
4461  if (PREDICT_LIKELY(UINT32_MAX - edge_conn->n_written > n_written))
4462  edge_conn->n_written += (int)n_written;
4463  else
4464  edge_conn->n_written = UINT32_MAX;
4465  }
4466 
4467  /* If CONN_BW events are enabled, update conn->n_written_conn_bw for
4468  * OR/DIR/EXIT connections, checking for overflow. */
4469  if (n_written && get_options()->TestingEnableConnBwEvent &&
4470  (conn->type == CONN_TYPE_OR ||
4471  conn->type == CONN_TYPE_DIR ||
4472  conn->type == CONN_TYPE_EXIT)) {
4473  if (PREDICT_LIKELY(UINT32_MAX - conn->n_written_conn_bw > n_written))
4474  conn->n_written_conn_bw += (int)n_written;
4475  else
4476  conn->n_written_conn_bw = UINT32_MAX;
4477  }
4478 
4479  connection_buckets_decrement(conn, approx_time(), n_read, n_written);
4480 
4481  if (result > 0) {
4482  /* If we wrote any bytes from our buffer, then call the appropriate
4483  * functions. */
4484  if (connection_flushed_some(conn) < 0) {
4485  if (connection_speaks_cells(conn)) {
4487  END_OR_CONN_REASON_MISC,
4488  "Got error back from "
4489  "connection_flushed_some()");
4490  }
4491 
4492  /*
4493  * This can bypass normal channel checking since we did
4494  * connection_or_notify_error() above.
4495  */
4496  connection_mark_for_close_internal(conn);
4497  }
4498  }
4499 
4500  if (!connection_wants_to_flush(conn) &&
4501  !dont_stop_writing) { /* it's done flushing */
4502  if (connection_finished_flushing(conn) < 0) {
4503  /* already marked */
4504  return -1;
4505  }
4506  return 0;
4507  }
4508 
4509  /* Call even if result is 0, since the global write bucket may
4510  * have reached 0 on a different conn, and this connection needs to
4511  * know to stop writing. */
4513  if (n_read > 0 && connection_is_reading(conn))
4515 
4516  return 0;
4517 }
4518 
4519 /* DOCDOC connection_handle_write */
4520 int
4521 connection_handle_write(connection_t *conn, int force)
4522 {
4523  int res;
4524  update_current_time(time(NULL));
4525  /* connection_handle_write_impl() might call connection_handle_read()
4526  * if we're in the middle of a v2 handshake, in which case it needs this
4527  * flag set. */
4528  conn->in_connection_handle_write = 1;
4529  res = connection_handle_write_impl(conn, force);
4530  conn->in_connection_handle_write = 0;
4531  return res;
4532 }
4533 
4534 /**
4535  * Try to flush data that's waiting for a write on <b>conn</b>. Return
4536  * -1 on failure, 0 on success.
4537  *
4538  * Don't use this function for regular writing; the buffers
4539  * system should be good enough at scheduling writes there. Instead, this
4540  * function is for cases when we're about to exit or something and we want
4541  * to report it right away.
4542  */
4543 int
4545 {
4546  return connection_handle_write(conn, 1);
4547 }
4548 
4549 /** Helper for connection_write_to_buf_impl and connection_write_buf_to_buf:
4550  *
4551  * Return true iff it is okay to queue bytes on <b>conn</b>'s outbuf for
4552  * writing.
4553  */
4554 static int
4556 {
4557  /* if it's marked for close, only allow write if we mean to flush it */
4558  if (conn->marked_for_close && !conn->hold_open_until_flushed)
4559  return 0;
4560 
4561  return 1;
4562 }
4563 
4564 /** Helper for connection_write_to_buf_impl and connection_write_buf_to_buf:
4565  *
4566  * Called when an attempt to add bytes on <b>conn</b>'s outbuf has failed;
4567  * mark the connection and warn as appropriate.
4568  */
4569 static void
4571 {
4572  if (CONN_IS_EDGE(conn)) {
4573  /* if it failed, it means we have our package/delivery windows set
4574  wrong compared to our max outbuf size. close the whole circuit. */
4575  log_warn(LD_NET,
4576  "write_to_buf failed. Closing circuit (fd %d).", (int)conn->s);
4577  circuit_mark_for_close(circuit_get_by_edge_conn(TO_EDGE_CONN(conn)),
4578  END_CIRC_REASON_INTERNAL);
4579  } else if (conn->type == CONN_TYPE_OR) {
4580  or_connection_t *orconn = TO_OR_CONN(conn);
4581  log_warn(LD_NET,
4582  "write_to_buf failed on an orconn; notifying of error "
4583  "(fd %d)", (int)(conn->s));
4584  connection_or_close_for_error(orconn, 0);
4585  } else {
4586  log_warn(LD_NET,
4587  "write_to_buf failed. Closing connection (fd %d).",
4588  (int)conn->s);
4589  connection_mark_for_close(conn);
4590  }
4591 }
4592 
4593 /** Helper for connection_write_to_buf_impl and connection_write_buf_to_buf:
4594  *
4595  * Called when an attempt to add bytes on <b>conn</b>'s outbuf has succeeded:
4596  * start writing if appropriate.
4597  */
4598 static void
4600 {
4601  /* If we receive optimistic data in the EXIT_CONN_STATE_RESOLVING
4602  * state, we don't want to try to write it right away, since
4603  * conn->write_event won't be set yet. Otherwise, write data from
4604  * this conn as the socket is available. */
4605  if (conn->write_event) {
4607  }
4608 }
4609 
4610 /** Append <b>len</b> bytes of <b>string</b> onto <b>conn</b>'s
4611  * outbuf, and ask it to start writing.
4612  *
4613  * If <b>zlib</b> is nonzero, this is a directory connection that should get
4614  * its contents compressed or decompressed as they're written. If zlib is
4615  * negative, this is the last data to be compressed, and the connection's zlib
4616  * state should be flushed.
4617  */
4618 MOCK_IMPL(void,
4619 connection_write_to_buf_impl_,(const char *string, size_t len,
4620  connection_t *conn, int zlib))
4621 {
4622  /* XXXX This function really needs to return -1 on failure. */
4623  int r;
4624  if (!len && !(zlib<0))
4625  return;
4626 
4627  if (!connection_may_write_to_buf(conn))
4628  return;
4629 
4630  if (zlib) {
4631  dir_connection_t *dir_conn = TO_DIR_CONN(conn);
4632  int done = zlib < 0;
4633  CONN_LOG_PROTECT(conn, r = buf_add_compress(conn->outbuf,
4634  dir_conn->compress_state,
4635  string, len, done));
4636  } else {
4637  CONN_LOG_PROTECT(conn, r = buf_add(conn->outbuf, string, len));
4638  }
4639  if (r < 0) {
4641  return;
4642  }
4644 }
4645 
4646 /**
4647  * Write a <b>string</b> (of size <b>len</b> to directory connection
4648  * <b>dir_conn</b>. Apply compression if connection is configured to use
4649  * it and finalize it if <b>done</b> is true.
4650  */
4651 void
4652 connection_dir_buf_add(const char *string, size_t len,
4653  dir_connection_t *dir_conn, int done)
4654 {
4655  if (dir_conn->compress_state != NULL) {
4656  connection_buf_add_compress(string, len, dir_conn, done);
4657  return;
4658  }
4659 
4660  connection_buf_add(string, len, TO_CONN(dir_conn));
4661 }
4662 
4663 void
4664 connection_buf_add_compress(const char *string, size_t len,
4665  dir_connection_t *conn, int done)
4666 {
4667  connection_write_to_buf_impl_(string, len, TO_CONN(conn), done ? -1 : 1);
4668 }
4669 
4670 /**
4671  * Add all bytes from <b>buf</b> to <b>conn</b>'s outbuf, draining them
4672  * from <b>buf</b>. (If the connection is marked and will soon be closed,
4673  * nothing is drained.)
4674  */
4675 void
4677 {
4678  tor_assert(conn);
4679  tor_assert(buf);
4680  size_t len = buf_datalen(buf);
4681  if (len == 0)
4682  return;
4683 
4684  if (!connection_may_write_to_buf(conn))
4685  return;
4686 
4687  buf_move_all(conn->outbuf, buf);
4689 }
4690 
4691 #define CONN_GET_ALL_TEMPLATE(var, test) \
4692  STMT_BEGIN \
4693  smartlist_t *conns = get_connection_array(); \
4694  smartlist_t *ret_conns = smartlist_new(); \
4695  SMARTLIST_FOREACH_BEGIN(conns, connection_t *, var) { \
4696  if (var && (test) && !var->marked_for_close) \
4697  smartlist_add(ret_conns, var); \
4698  } SMARTLIST_FOREACH_END(var); \
4699  return ret_conns; \
4700  STMT_END
4701 
4702 /* Return a list of connections that aren't close and matches the given type
4703  * and state. The returned list can be empty and must be freed using
4704  * smartlist_free(). The caller does NOT have ownership of the objects in the
4705  * list so it must not free them nor reference them as they can disappear. */
4706 smartlist_t *
4707 connection_list_by_type_state(int type, int state)
4708 {
4709  CONN_GET_ALL_TEMPLATE(conn, (conn->type == type && conn->state == state));
4710 }
4711 
4712 /* Return a list of connections that aren't close and matches the given type
4713  * and purpose. The returned list can be empty and must be freed using
4714  * smartlist_free(). The caller does NOT have ownership of the objects in the
4715  * list so it must not free them nor reference them as they can disappear. */
4716 smartlist_t *
4717 connection_list_by_type_purpose(int type, int purpose)
4718 {
4719  CONN_GET_ALL_TEMPLATE(conn,
4720  (conn->type == type && conn->purpose == purpose));
4721 }
4722 
4723 /** Return a connection_t * from get_connection_array() that satisfies test on
4724  * var, and that is not marked for close. */
4725 #define CONN_GET_TEMPLATE(var, test) \
4726  STMT_BEGIN \
4727  smartlist_t *conns = get_connection_array(); \
4728  SMARTLIST_FOREACH(conns, connection_t *, var, \
4729  { \
4730  if (var && (test) && !var->marked_for_close) \
4731  return var; \
4732  }); \
4733  return NULL; \
4734  STMT_END
4735 
4736 /** Return a connection with given type, address, port, and purpose;
4737  * or NULL if no such connection exists (or if all such connections are marked
4738  * for close). */
4741  const tor_addr_t *addr, uint16_t port,
4742  int purpose))
4743 {
4744  CONN_GET_TEMPLATE(conn,
4745  (conn->type == type &&
4746  tor_addr_eq(&conn->addr, addr) &&
4747  conn->port == port &&
4748  conn->purpose == purpose));
4749 }
4750 
4751 /** Return the stream with id <b>id</b> if it is not already marked for
4752  * close.
4753  */
4754 connection_t *
4756 {
4757  CONN_GET_TEMPLATE(conn, conn->global_identifier == id);
4758 }
4759 
4760 /** Return a connection of type <b>type</b> that is not marked for close.
4761  */
4762 connection_t *
4764 {
4765  CONN_GET_TEMPLATE(conn, conn->type == type);
4766 }
4767 
4768 /** Return a connection of type <b>type</b> that is in state <b>state</b>,
4769  * and that is not marked for close.
4770  */
4771 connection_t *
4772 connection_get_by_type_state(int type, int state)
4773 {
4774  CONN_GET_TEMPLATE(conn, conn->type == type && conn->state == state);
4775 }
4776 
4777 /**
4778  * Return a connection of type <b>type</b> that is not an internally linked
4779  * connection, and is not marked for close.
4780  **/
4783 {
4784  CONN_GET_TEMPLATE(conn, conn->type == type && !conn->linked);
4785 }
4786 
4787 /** Return a connection of type <b>type</b> that has rendquery equal
4788  * to <b>rendquery</b>, and that is not marked for close. If state
4789  * is non-zero, conn must be of that state too.
4790  */
4791 connection_t *
4793  const char *rendquery)
4794 {
4795  tor_assert(type == CONN_TYPE_DIR ||
4796  type == CONN_TYPE_AP || type == CONN_TYPE_EXIT);
4797  tor_assert(rendquery);
4798 
4799  CONN_GET_TEMPLATE(conn,
4800  (conn->type == type &&
4801  (!state || state == conn->state)) &&
4802  (
4803  (type == CONN_TYPE_DIR &&
4804  TO_DIR_CONN(conn)->rend_data &&
4805  !rend_cmp_service_ids(rendquery,
4806  rend_data_get_address(TO_DIR_CONN(conn)->rend_data)))
4807  ||
4808  (CONN_IS_EDGE(conn) &&
4809  TO_EDGE_CONN(conn)->rend_data &&
4810  !rend_cmp_service_ids(rendquery,
4811  rend_data_get_address(TO_EDGE_CONN(conn)->rend_data)))
4812  ));
4813 }
4814 
4815 /** Return a new smartlist of dir_connection_t * from get_connection_array()
4816  * that satisfy conn_test on connection_t *conn_var, and dirconn_test on
4817  * dir_connection_t *dirconn_var. conn_var must be of CONN_TYPE_DIR and not
4818  * marked for close to be included in the list. */
4819 #define DIR_CONN_LIST_TEMPLATE(conn_var, conn_test, \
4820  dirconn_var, dirconn_test) \
4821  STMT_BEGIN \
4822  smartlist_t *conns = get_connection_array(); \
4823  smartlist_t *dir_conns = smartlist_new(); \
4824  SMARTLIST_FOREACH_BEGIN(conns, connection_t *, conn_var) { \
4825  if (conn_var && (conn_test) \
4826  && conn_var->type == CONN_TYPE_DIR \
4827  && !conn_var->marked_for_close) { \
4828  dir_connection_t *dirconn_var = TO_DIR_CONN(conn_var); \
4829  if (dirconn_var && (dirconn_test)) { \
4830  smartlist_add(dir_conns, dirconn_var); \
4831  } \
4832  } \
4833  } SMARTLIST_FOREACH_END(conn_var); \
4834  return dir_conns; \
4835  STMT_END
4836 
4837 /** Return a list of directory connections that are fetching the item
4838  * described by <b>purpose</b>/<b>resource</b>. If there are none,
4839  * return an empty list. This list must be freed using smartlist_free,
4840  * but the pointers in it must not be freed.
4841  * Note that this list should not be cached, as the pointers in it can be
4842  * freed if their connections close. */
4843 smartlist_t *
4845  int purpose,
4846  const char *resource)
4847 {
4849  conn->purpose == purpose,
4850  dirconn,
4851  0 == strcmp_opt(resource,
4852  dirconn->requested_resource));
4853 }
4854 
4855 /** Return a list of directory connections that are fetching the item
4856  * described by <b>purpose</b>/<b>resource</b>/<b>state</b>. If there are
4857  * none, return an empty list. This list must be freed using smartlist_free,
4858  * but the pointers in it must not be freed.
4859  * Note that this list should not be cached, as the pointers in it can be
4860  * freed if their connections close. */
4861 smartlist_t *
4863  int purpose,
4864  const char *resource,
4865  int state)
4866 {
4868  conn->purpose == purpose && conn->state == state,
4869  dirconn,
4870  0 == strcmp_opt(resource,
4871  dirconn->requested_resource));
4872 }
4873 
4874 #undef DIR_CONN_LIST_TEMPLATE
4875 
4876 /** Return an arbitrary active OR connection that isn't <b>this_conn</b>.
4877  *
4878  * We use this to guess if we should tell the controller that we
4879  * didn't manage to connect to any of our bridges. */
4880 static connection_t *
4882 {
4883  CONN_GET_TEMPLATE(conn,
4884  conn != TO_CONN(this_conn) && conn->type == CONN_TYPE_OR);
4885 }
4886 
4887 /** Return 1 if there are any active OR connections apart from
4888  * <b>this_conn</b>.
4889  *
4890  * We use this to guess if we should tell the controller that we
4891  * didn't manage to connect to any of our bridges. */
4892 int
4894 {
4896  if (conn != NULL) {
4897  log_debug(LD_DIR, "%s: Found an OR connection: %s",
4898  __func__, connection_describe(conn));
4899  return 1;
4900  }
4901 
4902  return 0;
4903 }
4904 
4905 #undef CONN_GET_TEMPLATE
4906 
4907 /** Return 1 if <b>conn</b> is a listener conn, else return 0. */
4908 int
4910 {
4911  if (conn->type == CONN_TYPE_OR_LISTENER ||
4912  conn->type == CONN_TYPE_EXT_OR_LISTENER ||
4913  conn->type == CONN_TYPE_AP_LISTENER ||
4914  conn->type == CONN_TYPE_AP_TRANS_LISTENER ||
4915  conn->type == CONN_TYPE_AP_DNS_LISTENER ||
4916  conn->type == CONN_TYPE_AP_NATD_LISTENER ||
4918  conn->type == CONN_TYPE_DIR_LISTENER ||
4920  return 1;
4921  return 0;
4922 }
4923 
4924 /** Return 1 if <b>conn</b> is in state "open" and is not marked
4925  * for close, else return 0.
4926  */
4927 int
4929 {
4930  tor_assert(conn);
4931 
4932  if (conn->marked_for_close)
4933  return 0;
4934 
4935  if ((conn->type == CONN_TYPE_OR && conn->state == OR_CONN_STATE_OPEN) ||
4936  (conn->type == CONN_TYPE_EXT_OR) ||
4937  (conn->type == CONN_TYPE_AP && conn->state == AP_CONN_STATE_OPEN) ||
4938  (conn->type == CONN_TYPE_EXIT && conn->state == EXIT_CONN_STATE_OPEN) ||
4939  (conn->type == CONN_TYPE_CONTROL &&
4940  conn->state == CONTROL_CONN_STATE_OPEN))
4941  return 1;
4942 
4943  return 0;
4944 }
4945 
4946 /** Return 1 if conn is in 'connecting' state, else return 0. */
4947 int
4949 {
4950  tor_assert(conn);
4951 
4952  if (conn->marked_for_close)
4953  return 0;
4954  switch (conn->type)
4955  {
4956  case CONN_TYPE_OR:
4957  return conn->state == OR_CONN_STATE_CONNECTING;
4958  case CONN_TYPE_EXIT:
4959  return conn->state == EXIT_CONN_STATE_CONNECTING;
4960  case CONN_TYPE_DIR:
4961  return conn->state == DIR_CONN_STATE_CONNECTING;
4962  }
4963 
4964  return 0;
4965 }
4966 
4967 /** Allocates a base64'ed authenticator for use in http or https
4968  * auth, based on the input string <b>authenticator</b>. Returns it
4969  * if success, else returns NULL. */
4970 char *
4971 alloc_http_authenticator(const char *authenticator)
4972 {
4973  /* an authenticator in Basic authentication
4974  * is just the string "username:password" */
4975  const size_t authenticator_length = strlen(authenticator);
4976  const size_t base64_authenticator_length =
4977  base64_encode_size(authenticator_length, 0) + 1;
4978  char *base64_authenticator = tor_malloc(base64_authenticator_length);
4979  if (base64_encode(base64_authenticator, base64_authenticator_length,
4980  authenticator, authenticator_length, 0) < 0) {
4981  tor_free(base64_authenticator); /* free and set to null */
4982  }
4983  return base64_authenticator;
4984 }
4985 
4986 /** Given a socket handle, check whether the local address (sockname) of the
4987  * socket is one that we've connected from before. If so, double-check
4988  * whether our address has changed and we need to generate keys. If we do,
4989  * call init_keys().
4990  */
4991 static void
4993 {
4994  tor_addr_t out_addr, iface_addr;
4995  tor_addr_t **last_interface_ip_ptr;
4996  sa_family_t family;
4997 
4998  if (!outgoing_addrs)
5000 
5001  if (tor_addr_from_getsockname(&out_addr, sock) < 0) {
5002  int e = tor_socket_errno(sock);
5003  log_warn(LD_NET, "getsockname() to check for address change failed: %s",
5004  tor_socket_strerror(e));
5005  return;
5006  }
5007  family = tor_addr_family(&out_addr);
5008 
5009  if (family == AF_INET)
5010  last_interface_ip_ptr = &last_interface_ipv4;
5011  else if (family == AF_INET6)
5012  last_interface_ip_ptr = &last_interface_ipv6;
5013  else
5014  return;
5015 
5016  if (! *last_interface_ip_ptr) {
5017  tor_addr_t *a = tor_malloc_zero(sizeof(tor_addr_t));
5018  if (get_interface_address6(LOG_INFO, family, a)==0) {
5019  *last_interface_ip_ptr = a;
5020  } else {
5021  tor_free(a);
5022  }
5023  }
5024 
5025  /* If we've used this address previously, we're okay. */
5027  if (tor_addr_eq(a_ptr, &out_addr))
5028  return;
5029  );
5030 
5031  /* Uh-oh. We haven't connected from this address before. Has the interface
5032  * address changed? */
5033  if (get_interface_address6(LOG_INFO, family, &iface_addr)<0)
5034  return;
5035 
5036  if (tor_addr_eq(&iface_addr, *last_interface_ip_ptr)) {
5037  /* Nope, it hasn't changed. Add this address to the list. */
5038  smartlist_add(outgoing_addrs, tor_memdup(&out_addr, sizeof(tor_addr_t)));
5039  } else {
5040  /* The interface changed. We're a client, so we need to regenerate our
5041  * keys. First, reset the state. */
5042  log_notice(LD_NET, "Our IP address has changed. Rotating keys...");
5043  tor_addr_copy(*last_interface_ip_ptr, &iface_addr);
5046  smartlist_add(outgoing_addrs, tor_memdup(&out_addr, sizeof(tor_addr_t)));
5047  /* We'll need to resolve ourselves again. */
5048  resolved_addr_reset_last(AF_INET);
5049  /* Okay, now change our keys. */
5050  ip_address_changed(1);
5051  }
5052 }
5053 
5054 /** Some systems have limited system buffers for recv and xmit on
5055  * sockets allocated in a virtual server or similar environment. For a Tor
5056  * server this can produce the "Error creating network socket: No buffer
5057  * space available" error once all available TCP buffer space is consumed.
5058  * This method will attempt to constrain the buffers allocated for the socket
5059  * to the desired size to stay below system TCP buffer limits.
5060  */
5061 static void
5063 {
5064  void *sz = (void*)&size;
5065  socklen_t sz_sz = (socklen_t) sizeof(size);
5066  if (setsockopt(sock, SOL_SOCKET, SO_SNDBUF, sz, sz_sz) < 0) {
5067  int e = tor_socket_errno(sock);
5068  log_warn(LD_NET, "setsockopt() to constrain send "
5069  "buffer to %d bytes failed: %s", size, tor_socket_strerror(e));
5070  }
5071  if (setsockopt(sock, SOL_SOCKET, SO_RCVBUF, sz, sz_sz) < 0) {
5072  int e = tor_socket_errno(sock);
5073  log_warn(LD_NET, "setsockopt() to constrain recv "
5074  "buffer to %d bytes failed: %s", size, tor_socket_strerror(e));
5075  }
5076 }
5077 
5078 /** Process new bytes that have arrived on conn->inbuf.
5079  *
5080  * This function just passes conn to the connection-specific
5081  * connection_*_process_inbuf() function. It also passes in
5082  * package_partial if wanted.
5083  */
5084 static int
5085 connection_process_inbuf(connection_t *conn, int package_partial)
5086 {
5087  tor_assert(conn);
5088 
5089  switch (conn->type) {
5090  case CONN_TYPE_OR:
5092  case CONN_TYPE_EXT_OR:
5094  case CONN_TYPE_EXIT:
5095  case CONN_TYPE_AP:
5097  package_partial);
5098  case CONN_TYPE_DIR:
5100  case CONN_TYPE_CONTROL:
5102  default:
5103  log_err(LD_BUG,"got unexpected conn type %d.", conn->type);
5105  return -1;
5106  }
5107 }
5108 
5109 /** Called whenever we've written data on a connection. */
5110 static int
5112 {
5113  int r = 0;
5114  tor_assert(!conn->in_flushed_some);
5115  conn->in_flushed_some = 1;
5116  if (conn->type == CONN_TYPE_DIR &&
5118  r = connection_dirserv_flushed_some(TO_DIR_CONN(conn));
5119  } else if (conn->type == CONN_TYPE_OR) {
5121  } else if (CONN_IS_EDGE(conn)) {
5123  }
5124  conn->in_flushed_some = 0;
5125  return r;
5126 }
5127 
5128 /** We just finished flushing bytes to the appropriately low network layer,
5129  * and there are no more bytes remaining in conn->outbuf or
5130  * conn->tls to be flushed.
5131  *
5132  * This function just passes conn to the connection-specific
5133  * connection_*_finished_flushing() function.
5134  */
5135 static int
5137 {
5138  tor_assert(conn);
5139 
5140  /* If the connection is closed, don't try to do anything more here. */
5141  if (CONN_IS_CLOSED(conn))
5142  return 0;
5143 
5144 // log_fn(LOG_DEBUG,"entered. Socket %u.", conn->s);
5145 
5147 
5148  switch (conn->type) {
5149  case CONN_TYPE_OR:
5151  case CONN_TYPE_EXT_OR:
5153  case CONN_TYPE_AP:
5154  case CONN_TYPE_EXIT:
5156  case CONN_TYPE_DIR:
5158  case CONN_TYPE_CONTROL:
5160  default:
5161  log_err(LD_BUG,"got unexpected conn type %d.", conn->type);
5163  return -1;
5164  }
5165 }
5166 
5167 /** Called when our attempt to connect() to a server has just succeeded.
5168  *
5169  * This function checks if the interface address has changed (clients only),
5170  * and then passes conn to the connection-specific
5171  * connection_*_finished_connecting() function.
5172  */
5173 static int
5175 {
5176  tor_assert(conn);
5177 
5178  if (!server_mode(get_options())) {
5179  /* See whether getsockname() says our address changed. We need to do this
5180  * now that the connection has finished, because getsockname() on Windows
5181  * won't work until then. */
5183  }
5184 
5185  switch (conn->type)
5186  {
5187  case CONN_TYPE_OR:
5189  case CONN_TYPE_EXIT:
5191  case CONN_TYPE_DIR:
5193  default:
5194  log_err(LD_BUG,"got unexpected conn type %d.", conn->type);
5196  return -1;
5197  }
5198 }
5199 
5200 /** Callback: invoked when a connection reaches an EOF event. */
5201 static int
5203 {
5204  switch (conn->type) {
5205  case CONN_TYPE_OR:
5206  case CONN_TYPE_EXT_OR:
5207  return connection_or_reached_eof(TO_OR_CONN(conn));
5208  case CONN_TYPE_AP:
5209  case CONN_TYPE_EXIT:
5211  case CONN_TYPE_DIR:
5213  case CONN_TYPE_CONTROL:
5215  default:
5216  log_err(LD_BUG,"got unexpected conn type %d.", conn->type);
5218  return -1;
5219  }
5220 }
5221 
5222 /** Comparator for the two-orconn case in OOS victim sort */
5223 static int
5225 {
5226  int a_circs, b_circs;
5227  /* Fewer circuits == higher priority for OOS kill, sort earlier */
5228 
5229  a_circs = connection_or_get_num_circuits(a);
5230  b_circs = connection_or_get_num_circuits(b);
5231 
5232  if (a_circs < b_circs) return 1;
5233  else if (a_circs > b_circs) return -1;
5234  else return 0;
5235 }
5236 
5237 /** Sort comparator for OOS victims; better targets sort before worse
5238  * ones. */
5239 static int
5240 oos_victim_comparator(const void **a_v, const void **b_v)
5241 {
5242  connection_t *a = NULL, *b = NULL;
5243 
5244  /* Get connection pointers out */
5245 
5246  a = (connection_t *)(*a_v);
5247  b = (connection_t *)(*b_v);
5248 
5249  tor_assert(a != NULL);
5250  tor_assert(b != NULL);
5251 
5252  /*
5253  * We always prefer orconns as victims currently; we won't even see
5254  * these non-orconn cases, but if we do, sort them after orconns.
5255  */
5256  if (a->type == CONN_TYPE_OR && b->type == CONN_TYPE_OR) {
5258  } else {
5259  /*
5260  * One isn't an orconn; if one is, it goes first. We currently have no
5261  * opinions about cases where neither is an orconn.
5262  */
5263  if (a->type == CONN_TYPE_OR) return -1;
5264  else if (b->type == CONN_TYPE_OR) return 1;
5265  else return 0;
5266  }
5267 }
5268 
5269 /** Pick n victim connections for the OOS handler and return them in a
5270  * smartlist.
5271  */
5274 {
5275  smartlist_t *eligible = NULL, *victims = NULL;
5276  smartlist_t *conns;
5277  int conn_counts_by_type[CONN_TYPE_MAX_ + 1], i;
5278 
5279  /*
5280  * Big damn assumption (someone improve this someday!):
5281  *
5282  * Socket exhaustion normally happens on high-volume relays, and so
5283  * most of the connections involved are orconns. We should pick victims
5284  * by assembling a list of all orconns, and sorting them in order of
5285  * how much 'damage' by some metric we'd be doing by dropping them.
5286  *
5287  * If we move on from orconns, we should probably think about incoming
5288  * directory connections next, or exit connections. Things we should
5289  * probably never kill are controller connections and listeners.
5290  *
5291  * This function will count how many connections of different types
5292  * exist and log it for purposes of gathering data on typical OOS
5293  * situations to guide future improvements.
5294  */
5295 
5296  /* First, get the connection array */
5297  conns = get_connection_array();
5298  /*
5299  * Iterate it and pick out eligible connection types, and log some stats
5300  * along the way.
5301  */
5302  eligible = smartlist_new();
5303  memset(conn_counts_by_type, 0, sizeof(conn_counts_by_type));
5304  SMARTLIST_FOREACH_BEGIN(conns, connection_t *, c) {
5305  /* Bump the counter */
5306  tor_assert(c->type <= CONN_TYPE_MAX_);
5307  ++(conn_counts_by_type[c->type]);
5308 
5309  /* Skip anything without a socket we can free */
5310  if (!(SOCKET_OK(c->s))) {
5311  continue;
5312  }
5313 
5314  /* Skip anything we would count as moribund */
5315  if (connection_is_moribund(c)) {
5316  continue;
5317  }
5318 
5319  switch (c->type) {
5320  case CONN_TYPE_OR:
5321  /* We've got an orconn, it's eligible to be OOSed */
5322  smartlist_add(eligible, c);
5323  break;
5324  default:
5325  /* We don't know what to do with it, ignore it */
5326  break;
5327  }
5328  } SMARTLIST_FOREACH_END(c);
5329 
5330  /* Log some stats */
5331  if (smartlist_len(conns) > 0) {
5332  /* At least one counter must be non-zero */
5333  log_info(LD_NET, "Some stats on conn types seen during OOS follow");
5334  for (i = CONN_TYPE_MIN_; i <= CONN_TYPE_MAX_; ++i) {
5335  /* Did we see any? */
5336  if (conn_counts_by_type[i] > 0) {
5337  log_info(LD_NET, "%s: %d conns",
5339  conn_counts_by_type[i]);
5340  }
5341  }
5342  log_info(LD_NET, "Done with OOS conn type stats");
5343  }
5344 
5345  /* Did we find more eligible targets than we want to kill? */
5346  if (smartlist_len(eligible) > n) {
5347  /* Sort the list in order of target preference */
5349  /* Pick first n as victims */
5350  victims = smartlist_new();
5351  for (i = 0; i < n; ++i) {
5352  smartlist_add(victims, smartlist_get(eligible, i));
5353  }
5354  /* Free the original list */
5355  smartlist_free(eligible);
5356  } else {
5357  /* No, we can just call them all victims */
5358  victims = eligible;
5359  }
5360 
5361  return victims;
5362 }
5363 
5364 /** Kill a list of connections for the OOS handler. */
5365 MOCK_IMPL(STATIC void,
5367 {
5368  if (!conns) return;
5369 
5370  SMARTLIST_FOREACH_BEGIN(conns, connection_t *, c) {
5371  /* Make sure the channel layer gets told about orconns */
5372  if (c->type == CONN_TYPE_OR) {
5374  } else {
5375  connection_mark_for_close(c);
5376  }
5377  } SMARTLIST_FOREACH_END(c);
5378 
5379  log_notice(LD_NET,
5380  "OOS handler marked %d connections",
5381  smartlist_len(conns));
5382 }
5383 
5384 /** Check if a connection is on the way out so the OOS handler doesn't try
5385  * to kill more than it needs. */
5386 int
5388 {
5389  if (conn != NULL &&
5390  (conn->conn_array_index < 0 ||
5391  conn->marked_for_close)) {
5392  return 1;
5393  } else {
5394  return 0;
5395  }
5396 }
5397 
5398 /** Out-of-Sockets handler; n_socks is the current number of open
5399  * sockets, and failed is non-zero if a socket exhaustion related
5400  * error immediately preceded this call. This is where to do
5401  * circuit-killing heuristics as needed.
5402  */
5403 void
5404 connection_check_oos(int n_socks, int failed)
5405 {
5406  int target_n_socks = 0, moribund_socks, socks_to_kill;
5407  smartlist_t *conns;
5408 
5409  /* Early exit: is OOS checking disabled? */
5410  if (get_options()->DisableOOSCheck) {
5411  return;
5412  }
5413 
5414  /* Sanity-check args */
5415  tor_assert(n_socks >= 0);
5416 
5417  /*
5418  * Make some log noise; keep it at debug level since this gets a chance
5419  * to run on every connection attempt.
5420  */
5421  log_debug(LD_NET,
5422  "Running the OOS handler (%d open sockets, %s)",
5423  n_socks, (failed != 0) ? "exhaustion seen" : "no exhaustion");
5424 
5425  /*
5426  * Check if we're really handling an OOS condition, and if so decide how
5427  * many sockets we want to get down to. Be sure we check if the threshold
5428  * is distinct from zero first; it's possible for this to be called a few
5429  * times before we've finished reading the config.
5430  */
5431  if (n_socks >= get_options()->ConnLimit_high_thresh &&
5432  get_options()->ConnLimit_high_thresh != 0 &&
5433  get_options()->ConnLimit_ != 0) {
5434  /* Try to get down to the low threshold */
5435  target_n_socks = get_options()->ConnLimit_low_thresh;
5436  log_notice(LD_NET,
5437  "Current number of sockets %d is greater than configured "
5438  "limit %d; OOS handler trying to get down to %d",
5439  n_socks, get_options()->ConnLimit_high_thresh,
5440  target_n_socks);
5441  } else if (failed) {
5442  /*
5443  * If we're not at the limit but we hit a socket exhaustion error, try to
5444  * drop some (but not as aggressively as ConnLimit_low_threshold, which is
5445  * 3/4 of ConnLimit_)
5446  */
5447  target_n_socks = (n_socks * 9) / 10;
5448  log_notice(LD_NET,
5449  "We saw socket exhaustion at %d open sockets; OOS handler "
5450  "trying to get down to %d",
5451  n_socks, target_n_socks);
5452  }
5453 
5454  if (target_n_socks > 0) {
5455  /*
5456  * It's an OOS!
5457  *
5458  * Count moribund sockets; it's be important that anything we decide
5459  * to get rid of here but don't immediately close get counted as moribund
5460  * on subsequent invocations so we don't try to kill too many things if
5461  * connection_check_oos() gets called multiple times.
5462  */
5463  moribund_socks = connection_count_moribund();
5464 
5465  if (moribund_socks < n_socks - target_n_socks) {
5466  socks_to_kill = n_socks - target_n_socks - moribund_socks;
5467 
5468  conns = pick_oos_victims(socks_to_kill);
5469  if (conns) {
5470  kill_conn_list_for_oos(conns);
5471  log_notice(LD_NET,
5472  "OOS handler killed %d conns", smartlist_len(conns));
5473  smartlist_free(conns);
5474  } else {
5475  log_notice(LD_NET, "OOS handler failed to pick any victim conns");
5476  }
5477  } else {
5478  log_notice(LD_NET,
5479  "Not killing any sockets for OOS because there are %d "
5480  "already moribund, and we only want to eliminate %d",
5481  moribund_socks, n_socks - target_n_socks);
5482  }
5483  }
5484 }
5485 
5486 /** Log how many bytes are used by buffers of different kinds and sizes. */
5487 void
5489 {
5490  uint64_t used_by_type[CONN_TYPE_MAX_+1];
5491  uint64_t alloc_by_type[CONN_TYPE_MAX_+1];
5492  int n_conns_by_type[CONN_TYPE_MAX_+1];
5493  uint64_t total_alloc = 0;
5494  uint64_t total_used = 0;
5495  int i;
5496  smartlist_t *conns = get_connection_array();
5497 
5498  memset(used_by_type, 0, sizeof(used_by_type));
5499  memset(alloc_by_type, 0, sizeof(alloc_by_type));
5500  memset(n_conns_by_type, 0, sizeof(n_conns_by_type));
5501 
5502  SMARTLIST_FOREACH_BEGIN(conns, connection_t *, c) {
5503  int tp = c->type;
5504  ++n_conns_by_type[tp];
5505  if (c->inbuf) {
5506  used_by_type[tp] += buf_datalen(c->inbuf);
5507  alloc_by_type[tp] += buf_allocation(c->inbuf);
5508  }
5509  if (c->outbuf) {
5510  used_by_type[tp] += buf_datalen(c->outbuf);
5511  alloc_by_type[tp] += buf_allocation(c->outbuf);
5512  }
5513  } SMARTLIST_FOREACH_END(c);
5514  for (i=0; i <= CONN_TYPE_MAX_; ++i) {
5515  total_used += used_by_type[i];
5516  total_alloc += alloc_by_type[i];
5517  }
5518 
5519  tor_log(severity, LD_GENERAL,
5520  "In buffers for %d connections: %"PRIu64" used/%"PRIu64" allocated",
5521  smartlist_len(conns),
5522  (total_used), (total_alloc));
5523  for (i=CONN_TYPE_MIN_; i <= CONN_TYPE_MAX_; ++i) {
5524  if (!n_conns_by_type[i])
5525  continue;
5526  tor_log(severity, LD_GENERAL,
5527  " For %d %s connections: %"PRIu64" used/%"PRIu64" allocated",
5528  n_conns_by_type[i], conn_type_to_string(i),
5529  (used_by_type[i]), (alloc_by_type[i]));
5530  }
5531 }
5532 
5533 /** Verify that connection <b>conn</b> has all of its invariants
5534  * correct. Trigger an assert if anything is invalid.
5535  */
5536 void
5538 {
5539  (void) now; /* XXXX unused. */
5540  tor_assert(conn);
5541  tor_assert(conn->type >= CONN_TYPE_MIN_);
5542  tor_assert(conn->type <= CONN_TYPE_MAX_);
5543 
5544  switch (conn->type) {
5545  case CONN_TYPE_OR:
5546  case CONN_TYPE_EXT_OR:
5547  tor_assert(conn->magic == OR_CONNECTION_MAGIC);
5548  break;
5549  case CONN_TYPE_AP:
5550  tor_assert(conn->magic == ENTRY_CONNECTION_MAGIC);
5551  break;
5552  case CONN_TYPE_EXIT:
5553  tor_assert(conn->magic == EDGE_CONNECTION_MAGIC);
5554  break;
5555  case CONN_TYPE_DIR:
5556  tor_assert(conn->magic == DIR_CONNECTION_MAGIC);
5557  break;
5558  case CONN_TYPE_CONTROL:
5559  tor_assert(conn->magic == CONTROL_CONNECTION_MAGIC);
5560  break;
5561  CASE_ANY_LISTENER_TYPE:
5562  tor_assert(conn->magic == LISTENER_CONNECTION_MAGIC);
5563  break;
5564  default:
5565  tor_assert(conn->magic == BASE_CONNECTION_MAGIC);
5566  break;
5567  }
5568 
5569  if (conn->linked_conn) {
5570  tor_assert(conn->linked_conn->linked_conn == conn);
5571  tor_assert(conn->linked);
5572  }
5573  if (conn->linked)
5574  tor_assert(!SOCKET_OK(conn->s));
5575 
5576  if (conn->hold_open_until_flushed)
5578 
5579  /* XXXX check: read_blocked_on_bw, write_blocked_on_bw, s, conn_array_index,
5580  * marked_for_close. */
5581 
5582  /* buffers */
5583  if (conn->inbuf)
5584  buf_assert_ok(conn->inbuf);
5585  if (conn->outbuf)
5586  buf_assert_ok(conn->outbuf);
5587 
5588  if (conn->type == CONN_TYPE_OR) {
5589  or_connection_t *or_conn = TO_OR_CONN(conn);
5590  if (conn->state == OR_CONN_STATE_OPEN) {
5591  /* tor_assert(conn->bandwidth > 0); */
5592  /* the above isn't necessarily true: if we just did a TLS
5593  * handshake but we didn't recognize the other peer, or it
5594  * gave a bad cert/etc, then we won't have assigned bandwidth,
5595  * yet it will be open. -RD
5596  */
5597 // tor_assert(conn->read_bucket >= 0);
5598  }
5599 // tor_assert(conn->addr && conn->port);
5600  tor_assert(conn->address);
5602  tor_assert(or_conn->tls);
5603  }
5604 
5605  if (CONN_IS_EDGE(conn)) {
5606  /* XXX unchecked: package window, deliver window. */
5607  if (conn->type == CONN_TYPE_AP) {
5608  entry_connection_t *entry_conn = TO_ENTRY_CONN(conn);
5609  if (entry_conn->chosen_exit_optional || entry_conn->chosen_exit_retries)
5610  tor_assert(entry_conn->chosen_exit_name);
5611 
5612  tor_assert(entry_conn->socks_request);
5613  if (conn->state == AP_CONN_STATE_OPEN) {
5614  tor_assert(entry_conn->socks_request->has_finished);
5615  if (!conn->marked_for_close) {
5616  tor_assert(ENTRY_TO_EDGE_CONN(entry_conn)->cpath_layer);
5617  cpath_assert_layer_ok(ENTRY_TO_EDGE_CONN(entry_conn)->cpath_layer);
5618  }
5619  }
5620  }
5621  if (conn->type == CONN_TYPE_EXIT) {
5623  conn->purpose == EXIT_PURPOSE_RESOLVE);
5624  }
5625  } else if (conn->type == CONN_TYPE_DIR) {
5626  } else {
5627  /* Purpose is only used for dir and exit types currently */
5628  tor_assert(!conn->purpose);
5629  }
5630 
5631  switch (conn->type)
5632  {
5633  CASE_ANY_LISTENER_TYPE:
5635  break;
5636  case CONN_TYPE_OR:
5637  tor_assert(conn->state >= OR_CONN_STATE_MIN_);
5638  tor_assert(conn->state <= OR_CONN_STATE_MAX_);
5639  break;
5640  case CONN_TYPE_EXT_OR:
5642  tor_assert(conn->state <= EXT_OR_CONN_STATE_MAX_);
5643  break;
5644  case CONN_TYPE_EXIT:
5645  tor_assert(conn->state >= EXIT_CONN_STATE_MIN_);
5646  tor_assert(conn->state <= EXIT_CONN_STATE_MAX_);
5647  tor_assert(conn->purpose >= EXIT_PURPOSE_MIN_);
5648  tor_assert(conn->purpose <= EXIT_PURPOSE_MAX_);
5649  break;
5650  case CONN_TYPE_AP:
5651  tor_assert(conn->state >= AP_CONN_STATE_MIN_);
5652  tor_assert(conn->state <= AP_CONN_STATE_MAX_);
5653  tor_assert(TO_ENTRY_CONN(conn)->socks_request);
5654  break;
5655  case CONN_TYPE_DIR:
5656  tor_assert(conn->state >= DIR_CONN_STATE_MIN_);
5657  tor_assert(conn->state <= DIR_CONN_STATE_MAX_);
5658  tor_assert(conn->purpose >= DIR_PURPOSE_MIN_);
5659  tor_assert(conn->purpose <= DIR_PURPOSE_MAX_);
5660  break;
5661  case CONN_TYPE_CONTROL:
5662  tor_assert(conn->state >= CONTROL_CONN_STATE_MIN_);
5663  tor_assert(conn->state <= CONTROL_CONN_STATE_MAX_);
5664  break;
5665  default:
5666  tor_assert(0);
5667  }
5668 }
5669 
5670 /** Fills <b>addr</b> and <b>port</b> with the details of the global
5671  * proxy server we are using. Store a 1 to the int pointed to by
5672  * <b>is_put_out</b> if the connection is using a pluggable
5673  * transport; store 0 otherwise. <b>conn</b> contains the connection
5674  * we are using the proxy for.
5675  *
5676  * Return 0 on success, -1 on failure.
5677  */
5678 int
5679 get_proxy_addrport(tor_addr_t *addr, uint16_t *port, int *proxy_type,
5680  int *is_pt_out, const connection_t *conn)
5681 {
5682  const or_options_t *options = get_options();
5683 
5684  *is_pt_out = 0;
5685  /* Client Transport Plugins can use another proxy, but that should be hidden
5686  * from the rest of tor (as the plugin is responsible for dealing with the
5687  * proxy), check it first, then check the rest of the proxy types to allow
5688  * the config to have unused ClientTransportPlugin entries.
5689  */
5690  if (options->ClientTransportPlugin) {
5691  const transport_t *transport = NULL;
5692  int r;
5693  r = get_transport_by_bridge_addrport(&conn->addr, conn->port, &transport);
5694  if (r<0)
5695  return -1;
5696  if (transport) { /* transport found */
5697  tor_addr_copy(addr, &transport->addr);
5698  *port = transport->port;
5699  *proxy_type = transport->socks_version;
5700  *is_pt_out = 1;
5701  return 0;
5702  }
5703 
5704  /* Unused ClientTransportPlugin. */
5705  }
5706 
5707  if (options->HTTPSProxy) {
5708  tor_addr_copy(addr, &options->HTTPSProxyAddr);
5709  *port = options->HTTPSProxyPort;
5710  *proxy_type = PROXY_CONNECT;
5711  return 0;
5712  } else if (options->Socks4Proxy) {
5713  tor_addr_copy(addr, &options->Socks4ProxyAddr);
5714  *port = options->Socks4ProxyPort;
5715  *proxy_type = PROXY_SOCKS4;
5716  return 0;
5717  } else if (options->Socks5Proxy) {
5718  tor_addr_copy(addr, &options->Socks5ProxyAddr);
5719  *port = options->Socks5ProxyPort;
5720  *proxy_type = PROXY_SOCKS5;
5721  return 0;
5722  } else if (options->TCPProxy) {
5723  tor_addr_copy(addr, &options->TCPProxyAddr);
5724  *port = options->TCPProxyPort;
5725  /* The only supported protocol in TCPProxy is haproxy. */
5727  *proxy_type = PROXY_HAPROXY;
5728  return 0;
5729  }
5730 
5731  tor_addr_make_unspec(addr);
5732  *port = 0;
5733  *proxy_type = PROXY_NONE;
5734  return 0;
5735 }
5736 
5737 /** Log a failed connection to a proxy server.
5738  * <b>conn</b> is the connection we use the proxy server for. */
5739 void
5741 {
5742  tor_addr_t proxy_addr;
5743  uint16_t proxy_port;
5744  int proxy_type, is_pt;
5745 
5746  if (get_proxy_addrport(&proxy_addr, &proxy_port, &proxy_type, &is_pt,
5747  conn) != 0)
5748  return; /* if we have no proxy set up, leave this function. */
5749 
5750  (void)is_pt;
5751  log_warn(LD_NET,
5752  "The connection to the %s proxy server at %s just failed. "
5753  "Make sure that the proxy server is up and running.",
5754  proxy_type_to_string(proxy_type),
5755  fmt_addrport(&proxy_addr, proxy_port));
5756 }
5757 
5758 /** Return string representation of <b>proxy_type</b>. */
5759 static const char *
5760 proxy_type_to_string(int proxy_type)
5761 {
5762  switch (proxy_type) {
5763  case PROXY_CONNECT: return "HTTP";
5764  case PROXY_SOCKS4: return "SOCKS4";
5765  case PROXY_SOCKS5: return "SOCKS5";
5766  case PROXY_HAPROXY: return "HAPROXY";
5767  case PROXY_PLUGGABLE: return "pluggable transports SOCKS";
5768  case PROXY_NONE: return "NULL";
5769  default: tor_assert(0);
5770  }
5771  return NULL; /*Unreached*/
5772 }
5773 
5774 /** Call connection_free_minimal() on every connection in our array, and
5775  * release all storage held by connection.c.
5776  *
5777  * Don't do the checks in connection_free(), because they will
5778  * fail.
5779  */
5780 void
5782 {
5783  smartlist_t *conns = get_connection_array();
5784 
5785  /* We don't want to log any messages to controllers. */
5786  SMARTLIST_FOREACH(conns, connection_t *, conn,
5787  if (conn->type == CONN_TYPE_CONTROL)
5788  TO_CONTROL_CONN(conn)->event_mask = 0);
5789 
5791 
5792  /* Unlink everything from the identity map. */
5795 
5796  /* Clear out our list of broken connections */
5798 
5799  SMARTLIST_FOREACH(conns, connection_t *, conn,
5800  connection_free_minimal(conn));
5801 
5802  if (outgoing_addrs) {
5804  smartlist_free(outgoing_addrs);
5805  outgoing_addrs = NULL;
5806  }
5807 
5809  tor_free(last_interface_ipv6);
5811 
5812  mainloop_event_free(reenable_blocked_connections_ev);
5814  memset(&reenable_blocked_connections_delay, 0, sizeof(struct timeval));
5815 }
5816 
5817 /** Log a warning, and possibly emit a control event, that <b>received</b> came
5818  * at a skewed time. <b>trusted</b> indicates that the <b>source</b> was one
5819  * that we had more faith in and therefore the warning level should have higher
5820  * severity.
5821  */
5822 MOCK_IMPL(void,
5823 clock_skew_warning, (const connection_t *conn, long apparent_skew, int trusted,
5824  log_domain_mask_t domain, const char *received,
5825  const char *source))
5826 {
5827  char dbuf[64];
5828  char *ext_source = NULL, *warn = NULL;
5829  format_time_interval(dbuf, sizeof(dbuf), apparent_skew);
5830  if (conn)
5831  tor_asprintf(&ext_source, "%s:%s:%d", source, conn->address, conn->port);
5832  else
5833  ext_source = tor_strdup(source);
5834  log_fn(trusted ? LOG_WARN : LOG_INFO, domain,
5835  "Received %s with skewed time (%s): "
5836  "It seems that our clock is %s by %s, or that theirs is %s%s. "
5837  "Tor requires an accurate clock to work: please check your time, "
5838  "timezone, and date settings.", received, ext_source,
5839  apparent_skew > 0 ? "ahead" : "behind", dbuf,
5840  apparent_skew > 0 ? "behind" : "ahead",
5841  (!conn || trusted) ? "" : ", or they are sending us the wrong time");
5842  if (trusted) {
5843  control_event_general_status(LOG_WARN, "CLOCK_SKEW SKEW=%ld SOURCE=%s",
5844  apparent_skew, ext_source);
5845  tor_asprintf(&warn, "Clock skew %ld in %s from %s", apparent_skew,
5846  received, source);
5847  control_event_bootstrap_problem(warn, "CLOCK_SKEW", conn, 1);
5848  }
5849  tor_free(warn);
5850  tor_free(ext_source);
5851 }
connection_reached_eof
static int connection_reached_eof(connection_t *conn)
Definition: connection.c:5202
log_fn
#define log_fn(severity, domain, args,...)
Definition: log.h:283
connection_or_client_used
time_t connection_or_client_used(or_connection_t *conn)
Definition: connection_or.c:2034
get_interface_address6
int get_interface_address6(int severity, sa_family_t family, tor_addr_t *addr)
Definition: address.c:1723
DIR_CONN_STATE_SERVER_WRITING
#define DIR_CONN_STATE_SERVER_WRITING
Definition: directory.h:30
control_event_bootstrap_problem
void control_event_bootstrap_problem(const char *warn, const char *reason, const connection_t *conn, int dowarn)
Definition: control_bootstrap.c:268
outgoing_addrs
static smartlist_t * outgoing_addrs
Definition: connection.c:209
nodelist_probably_contains_address
int nodelist_probably_contains_address(const tor_addr_t *addr)
Definition: nodelist.c:489
DOWNCAST