Tor  0.4.7.0-alpha-dev
connection.c
Go to the documentation of this file.
1 /* Copyright (c) 2001 Matej Pfajfar.
2  * Copyright (c) 2001-2004, Roger Dingledine.
3  * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson.
4  * Copyright (c) 2007-2021, The Tor Project, Inc. */
5 /* See LICENSE for licensing information */
6 
7 /**
8  * \file connection.c
9  * \brief General high-level functions to handle reading and writing
10  * on connections.
11  *
12  * Each connection (ideally) represents a TLS connection, a TCP socket, a unix
13  * socket, or a UDP socket on which reads and writes can occur. (But see
14  * connection_edge.c for cases where connections can also represent streams
15  * that do not have a corresponding socket.)
16  *
17  * The module implements the abstract type, connection_t. The subtypes are:
18  * <ul>
19  * <li>listener_connection_t, implemented here in connection.c
20  * <li>dir_connection_t, implemented in directory.c
21  * <li>or_connection_t, implemented in connection_or.c
22  * <li>edge_connection_t, implemented in connection_edge.c, along with
23  * its subtype(s):
24  * <ul><li>entry_connection_t, also implemented in connection_edge.c
25  * </ul>
26  * <li>control_connection_t, implemented in control.c
27  * </ul>
28  *
29  * The base type implemented in this module is responsible for basic
30  * rate limiting, flow control, and marshalling bytes onto and off of the
31  * network (either directly or via TLS).
32  *
33  * Connections are registered with the main loop with connection_add(). As
34  * they become able to read or write register the fact with the event main
35  * loop by calling connection_watch_events(), connection_start_reading(), or
36  * connection_start_writing(). When they no longer want to read or write,
37  * they call connection_stop_reading() or connection_stop_writing().
38  *
39  * To queue data to be written on a connection, call
40  * connection_buf_add(). When data arrives, the
41  * connection_process_inbuf() callback is invoked, which dispatches to a
42  * type-specific function (such as connection_edge_process_inbuf() for
43  * example). Connection types that need notice of when data has been written
44  * receive notification via connection_flushed_some() and
45  * connection_finished_flushing(). These functions all delegate to
46  * type-specific implementations.
47  *
48  * Additionally, beyond the core of connection_t, this module also implements:
49  * <ul>
50  * <li>Listeners, which wait for incoming sockets and launch connections
51  * <li>Outgoing SOCKS proxy support
52  * <li>Outgoing HTTP proxy support
53  * <li>An out-of-sockets handler for dealing with socket exhaustion
54  * </ul>
55  **/
56 
57 #define CONNECTION_PRIVATE
58 #include "core/or/or.h"
59 #include "feature/client/bridges.h"
60 #include "lib/buf/buffers.h"
61 #include "lib/tls/buffers_tls.h"
62 #include "lib/err/backtrace.h"
63 
64 /*
65  * Define this so we get channel internal functions, since we're implementing
66  * part of a subclass (channel_tls_t).
67  */
68 #define CHANNEL_OBJECT_PRIVATE
69 #include "app/config/config.h"
72 #include "core/mainloop/mainloop.h"
74 #include "core/or/channel.h"
75 #include "core/or/channeltls.h"
76 #include "core/or/circuitbuild.h"
77 #include "core/or/circuitlist.h"
78 #include "core/or/circuituse.h"
80 #include "core/or/connection_or.h"
81 #include "core/or/dos.h"
82 #include "core/or/policies.h"
83 #include "core/or/reasons.h"
84 #include "core/or/relay.h"
85 #include "core/or/status.h"
86 #include "core/or/crypt_path.h"
87 #include "core/proto/proto_haproxy.h"
88 #include "core/proto/proto_http.h"
89 #include "core/proto/proto_socks.h"
90 #include "feature/client/dnsserv.h"
100 #include "feature/hs/hs_common.h"
101 #include "feature/hs/hs_ident.h"
102 #include "feature/hs/hs_metrics.h"
103 #include "feature/metrics/metrics.h"
106 #include "feature/relay/dns.h"
109 #include "feature/rend/rendcommon.h"
110 #include "feature/stats/connstats.h"
111 #include "feature/stats/rephist.h"
112 #include "feature/stats/bwhist.h"
115 #include "lib/geoip/geoip.h"
116 
117 #include "lib/cc/ctassert.h"
118 #include "lib/sandbox/sandbox.h"
119 #include "lib/net/buffers_net.h"
120 #include "lib/tls/tortls.h"
122 #include "lib/compress/compress.h"
123 
124 #ifdef HAVE_PWD_H
125 #include <pwd.h>
126 #endif
127 
128 #ifdef HAVE_UNISTD_H
129 #include <unistd.h>
130 #endif
131 #ifdef HAVE_SYS_STAT_H
132 #include <sys/stat.h>
133 #endif
134 
135 #ifdef HAVE_SYS_UN_H
136 #include <sys/socket.h>
137 #include <sys/un.h>
138 #endif
139 
145 #include "core/or/port_cfg_st.h"
148 
149 /**
150  * On Windows and Linux we cannot reliably bind() a socket to an
151  * address and port if: 1) There's already a socket bound to wildcard
152  * address (0.0.0.0 or ::) with the same port; 2) We try to bind()
153  * to wildcard address and there's another socket bound to a
154  * specific address and the same port.
155  *
156  * To address this problem on these two platforms we implement a
157  * routine that:
158  * 1) Checks if first attempt to bind() a new socket failed with
159  * EADDRINUSE.
160  * 2) If so, it will close the appropriate old listener connection and
161  * 3) Attempts bind()'ing the new listener socket again.
162  *
163  * Just to be safe, we are enabling listener rebind code on all platforms,
164  * to account for unexpected cases where it may be needed.
165  */
166 #define ENABLE_LISTENER_REBIND
167 
169  const struct sockaddr *listensockaddr,
170  socklen_t listensocklen, int type,
171  const char *address,
172  const port_cfg_t *portcfg,
173  int *addr_in_use);
175  const port_cfg_t *port,
176  int *defer, int *addr_in_use);
177 static void connection_init(time_t now, connection_t *conn, int type,
178  int socket_family);
179 static int connection_handle_listener_read(connection_t *conn, int new_type);
181 static int connection_flushed_some(connection_t *conn);
183 static int connection_reached_eof(connection_t *conn);
185  ssize_t *max_to_read,
186  int *socket_error);
187 static int connection_process_inbuf(connection_t *conn, int package_partial);
189 static void set_constrained_socket_buffers(tor_socket_t sock, int size);
190 
191 static const char *connection_proxy_state_to_string(int state);
194 static const char *proxy_type_to_string(int proxy_type);
195 static int conn_get_proxy_type(const connection_t *conn);
197  const or_options_t *options, unsigned int conn_type);
198 static void reenable_blocked_connection_init(const or_options_t *options);
199 static void reenable_blocked_connection_schedule(void);
200 
201 /** The last addresses that our network interface seemed to have been
202  * binding to. We use this as one way to detect when our IP changes.
203  *
204  * XXXX+ We should really use the entire list of interfaces here.
205  **/
207 /* DOCDOC last_interface_ipv6 */
208 static tor_addr_t *last_interface_ipv6 = NULL;
209 /** A list of tor_addr_t for addresses we've used in outgoing connections.
210  * Used to detect IP address changes. */
212 
213 #define CASE_ANY_LISTENER_TYPE \
214  case CONN_TYPE_OR_LISTENER: \
215  case CONN_TYPE_EXT_OR_LISTENER: \
216  case CONN_TYPE_AP_LISTENER: \
217  case CONN_TYPE_DIR_LISTENER: \
218  case CONN_TYPE_CONTROL_LISTENER: \
219  case CONN_TYPE_AP_TRANS_LISTENER: \
220  case CONN_TYPE_AP_NATD_LISTENER: \
221  case CONN_TYPE_AP_DNS_LISTENER: \
222  case CONN_TYPE_AP_HTTP_CONNECT_LISTENER: \
223  case CONN_TYPE_METRICS_LISTENER
224 
225 /**************************************************************/
226 
227 /**
228  * Cast a `connection_t *` to a `listener_connection_t *`.
229  *
230  * Exit with an assertion failure if the input is not a
231  * `listener_connection_t`.
232  **/
235 {
236  tor_assert(c->magic == LISTENER_CONNECTION_MAGIC);
237  return DOWNCAST(listener_connection_t, c);
238 }
239 
240 /**
241  * Cast a `const connection_t *` to a `const listener_connection_t *`.
242  *
243  * Exit with an assertion failure if the input is not a
244  * `listener_connection_t`.
245  **/
246 const listener_connection_t *
248 {
249  return TO_LISTENER_CONN((connection_t *)c);
250 }
251 
252 size_t
253 connection_get_inbuf_len(connection_t *conn)
254 {
255  return conn->inbuf ? buf_datalen(conn->inbuf) : 0;
256 }
257 
258 size_t
259 connection_get_outbuf_len(connection_t *conn)
260 {
261  return conn->outbuf ? buf_datalen(conn->outbuf) : 0;
262 }
263 
264 /**
265  * Return the human-readable name for the connection type <b>type</b>
266  */
267 const char *
269 {
270  static char buf[64];
271  switch (type) {
272  case CONN_TYPE_OR_LISTENER: return "OR listener";
273  case CONN_TYPE_OR: return "OR";
274  case CONN_TYPE_EXIT: return "Exit";
275  case CONN_TYPE_AP_LISTENER: return "Socks listener";
277  return "Transparent pf/netfilter listener";
278  case CONN_TYPE_AP_NATD_LISTENER: return "Transparent natd listener";
279  case CONN_TYPE_AP_DNS_LISTENER: return "DNS listener";
280  case CONN_TYPE_AP: return "Socks";
281  case CONN_TYPE_DIR_LISTENER: return "Directory listener";
282  case CONN_TYPE_DIR: return "Directory";
283  case CONN_TYPE_CONTROL_LISTENER: return "Control listener";
284  case CONN_TYPE_CONTROL: return "Control";
285  case CONN_TYPE_EXT_OR: return "Extended OR";
286  case CONN_TYPE_EXT_OR_LISTENER: return "Extended OR listener";
287  case CONN_TYPE_AP_HTTP_CONNECT_LISTENER: return "HTTP tunnel listener";
288  case CONN_TYPE_METRICS_LISTENER: return "Metrics listener";
289  case CONN_TYPE_METRICS: return "Metrics";
290  default:
291  log_warn(LD_BUG, "unknown connection type %d", type);
292  tor_snprintf(buf, sizeof(buf), "unknown [%d]", type);
293  return buf;
294  }
295 }
296 
297 /**
298  * Return the human-readable name for the connection state <b>state</b>
299  * for the connection type <b>type</b>
300  */
301 const char *
302 conn_state_to_string(int type, int state)
303 {
304  static char buf[96];
305  switch (type) {
306  CASE_ANY_LISTENER_TYPE:
307  if (state == LISTENER_STATE_READY)
308  return "ready";
309  break;
310  case CONN_TYPE_OR:
311  switch (state) {
312  case OR_CONN_STATE_CONNECTING: return "connect()ing";
313  case OR_CONN_STATE_PROXY_HANDSHAKING: return "handshaking (proxy)";
314  case OR_CONN_STATE_TLS_HANDSHAKING: return "handshaking (TLS)";
316  return "renegotiating (TLS, v2 handshake)";
318  return "waiting for renegotiation or V3 handshake";
320  return "handshaking (Tor, v2 handshake)";
322  return "handshaking (Tor, v3 handshake)";
323  case OR_CONN_STATE_OPEN: return "open";
324  }
325  break;
326  case CONN_TYPE_EXT_OR:
327  switch (state) {
329  return "waiting for authentication type";
331  return "waiting for client nonce";
333  return "waiting for client hash";
334  case EXT_OR_CONN_STATE_OPEN: return "open";
335  case EXT_OR_CONN_STATE_FLUSHING: return "flushing final OKAY";
336  }
337  break;
338  case CONN_TYPE_EXIT:
339  switch (state) {
340  case EXIT_CONN_STATE_RESOLVING: return "waiting for dest info";
341  case EXIT_CONN_STATE_CONNECTING: return "connecting";
342  case EXIT_CONN_STATE_OPEN: return "open";
343  case EXIT_CONN_STATE_RESOLVEFAILED: return "resolve failed";
344  }
345  break;
346  case CONN_TYPE_AP:
347  switch (state) {
348  case AP_CONN_STATE_SOCKS_WAIT: return "waiting for socks info";
349  case AP_CONN_STATE_NATD_WAIT: return "waiting for natd dest info";
350  case AP_CONN_STATE_RENDDESC_WAIT: return "waiting for rendezvous desc";
351  case AP_CONN_STATE_CONTROLLER_WAIT: return "waiting for controller";
352  case AP_CONN_STATE_CIRCUIT_WAIT: return "waiting for circuit";
353  case AP_CONN_STATE_CONNECT_WAIT: return "waiting for connect response";
354  case AP_CONN_STATE_RESOLVE_WAIT: return "waiting for resolve response";
355  case AP_CONN_STATE_OPEN: return "open";
356  }
357  break;
358  case CONN_TYPE_DIR:
359  switch (state) {
360  case DIR_CONN_STATE_CONNECTING: return "connecting";
361  case DIR_CONN_STATE_CLIENT_SENDING: return "client sending";
362  case DIR_CONN_STATE_CLIENT_READING: return "client reading";
363  case DIR_CONN_STATE_CLIENT_FINISHED: return "client finished";
364  case DIR_CONN_STATE_SERVER_COMMAND_WAIT: return "waiting for command";
365  case DIR_CONN_STATE_SERVER_WRITING: return "writing";
366  }
367  break;
368  case CONN_TYPE_CONTROL:
369  switch (state) {
370  case CONTROL_CONN_STATE_OPEN: return "open (protocol v1)";
372  return "waiting for authentication (protocol v1)";
373  }
374  break;
375  }
376 
377  if (state == 0) {
378  return "uninitialized";
379  }
380 
381  log_warn(LD_BUG, "unknown connection state %d (type %d)", state, type);
382  tor_snprintf(buf, sizeof(buf),
383  "unknown state [%d] on unknown [%s] connection",
384  state, conn_type_to_string(type));
385  tor_assert_nonfatal_unreached_once();
386  return buf;
387 }
388 
389 /**
390  * Helper: describe the peer or address of connection @a conn in a
391  * human-readable manner.
392  *
393  * Returns a pointer to a static buffer; future calls to
394  * connection_describe_peer_internal() will invalidate this buffer.
395  *
396  * If <b>include_preposition</b> is true, include a preposition before the
397  * peer address.
398  *
399  * Nobody should parse the output of this function; it can and will change in
400  * future versions of tor.
401  **/
402 static const char *
404  bool include_preposition)
405 {
406  IF_BUG_ONCE(!conn) {
407  return "null peer";
408  }
409 
410  static char peer_buf[256];
411  const tor_addr_t *addr = &conn->addr;
412  const char *address = NULL;
413  const char *prep;
414  bool scrub = false;
415  char extra_buf[128];
416  extra_buf[0] = 0;
417 
418  /* First, figure out the preposition to use */
419  switch (conn->type) {
420  CASE_ANY_LISTENER_TYPE:
421  prep = "on";
422  break;
423  case CONN_TYPE_EXIT:
424  prep = "to";
425  break;
426  case CONN_TYPE_CONTROL:
427  case CONN_TYPE_AP:
428  case CONN_TYPE_EXT_OR:
429  prep = "from";
430  break;
431  default:
432  prep = "with";
433  break;
434  }
435 
436  /* Now figure out the address. */
437  if (conn->socket_family == AF_UNIX) {
438  /* For unix sockets, we always use the `address` string. */
439  address = conn->address ? conn->address : "unix socket";
440  } else if (conn->type == CONN_TYPE_OR) {
441  /* For OR connections, we have a lot to do. */
442  const or_connection_t *or_conn = CONST_TO_OR_CONN(conn);
443  /* We report the IDs we're talking to... */
444  if (fast_digest_is_zero(or_conn->identity_digest)) {
445  // This could be a client, so scrub it. No identity to report.
446  scrub = true;
447  } else {
448  const ed25519_public_key_t *ed_id =
450  char ed_id_buf[ED25519_BASE64_LEN+1];
451  char rsa_id_buf[HEX_DIGEST_LEN+1];
452  if (ed_id) {
453  ed25519_public_to_base64(ed_id_buf, ed_id);
454  } else {
455  strlcpy(ed_id_buf, "<none>", sizeof(ed_id_buf));
456  }
457  base16_encode(rsa_id_buf, sizeof(rsa_id_buf),
458  or_conn->identity_digest, DIGEST_LEN);
459  tor_snprintf(extra_buf, sizeof(extra_buf),
460  " ID=%s RSA_ID=%s", ed_id_buf, rsa_id_buf);
461  }
462  if (! scrub && (! tor_addr_eq(addr, &or_conn->canonical_orport.addr) ||
463  conn->port != or_conn->canonical_orport.port)) {
464  /* We report canonical address, if it's different */
465  char canonical_addr_buf[TOR_ADDR_BUF_LEN];
466  if (tor_addr_to_str(canonical_addr_buf, &or_conn->canonical_orport.addr,
467  sizeof(canonical_addr_buf), 1)) {
468  tor_snprintf(extra_buf+strlen(extra_buf),
469  sizeof(extra_buf)-strlen(extra_buf),
470  " canonical_addr=%s:%"PRIu16,
471  canonical_addr_buf,
472  or_conn->canonical_orport.port);
473  }
474  }
475  } else if (conn->type == CONN_TYPE_EXIT) {
476  scrub = true; /* This is a client's request; scrub it with SafeLogging. */
477  if (tor_addr_is_null(addr)) {
478  address = conn->address;
479  strlcpy(extra_buf, " (DNS lookup pending)", sizeof(extra_buf));
480  }
481  }
482 
483  char addr_buf[TOR_ADDR_BUF_LEN];
484  if (address == NULL) {
485  if (tor_addr_family(addr) == 0) {
486  address = "<unset>";
487  } else {
488  address = tor_addr_to_str(addr_buf, addr, sizeof(addr_buf), 1);
489  if (!address) {
490  address = "<can't format!>";
491  tor_assert_nonfatal_unreached_once();
492  }
493  }
494  }
495 
496  char portbuf[7];
497  portbuf[0]=0;
498  if (scrub && get_options()->SafeLogging_ != SAFELOG_SCRUB_NONE) {
499  address = "[scrubbed]";
500  } else {
501  /* Only set the port if we're not scrubbing the address. */
502  if (conn->port != 0) {
503  tor_snprintf(portbuf, sizeof(portbuf), ":%d", conn->port);
504  }
505  }
506 
507  const char *sp = include_preposition ? " " : "";
508  if (! include_preposition)
509  prep = "";
510 
511  tor_snprintf(peer_buf, sizeof(peer_buf),
512  "%s%s%s%s%s", prep, sp, address, portbuf, extra_buf);
513  return peer_buf;
514 }
515 
516 /**
517  * Describe the peer or address of connection @a conn in a
518  * human-readable manner.
519  *
520  * Returns a pointer to a static buffer; future calls to
521  * connection_describe_peer() or connection_describe() will invalidate this
522  * buffer.
523  *
524  * Nobody should parse the output of this function; it can and will change in
525  * future versions of tor.
526  **/
527 const char *
529 {
530  return connection_describe_peer_internal(conn, false);
531 }
532 
533 /**
534  * Describe a connection for logging purposes.
535  *
536  * Returns a pointer to a static buffer; future calls to connection_describe()
537  * will invalidate this buffer.
538  *
539  * Nobody should parse the output of this function; it can and will change in
540  * future versions of tor.
541  **/
542 const char *
544 {
545  IF_BUG_ONCE(!conn) {
546  return "null connection";
547  }
548  static char desc_buf[256];
549  const char *peer = connection_describe_peer_internal(conn, true);
550  tor_snprintf(desc_buf, sizeof(desc_buf),
551  "%s connection (%s) %s",
552  conn_type_to_string(conn->type),
553  conn_state_to_string(conn->type, conn->state),
554  peer);
555  return desc_buf;
556 }
557 
558 /** Allocate and return a new dir_connection_t, initialized as by
559  * connection_init(). */
561 dir_connection_new(int socket_family)
562 {
563  dir_connection_t *dir_conn = tor_malloc_zero(sizeof(dir_connection_t));
564  connection_init(time(NULL), TO_CONN(dir_conn), CONN_TYPE_DIR, socket_family);
565  return dir_conn;
566 }
567 
568 /** Allocate and return a new or_connection_t, initialized as by
569  * connection_init().
570  *
571  * Initialize active_circuit_pqueue.
572  *
573  * Set active_circuit_pqueue_last_recalibrated to current cell_ewma tick.
574  */
576 or_connection_new(int type, int socket_family)
577 {
578  or_connection_t *or_conn = tor_malloc_zero(sizeof(or_connection_t));
579  time_t now = time(NULL);
580  tor_assert(type == CONN_TYPE_OR || type == CONN_TYPE_EXT_OR);
581  connection_init(now, TO_CONN(or_conn), type, socket_family);
582 
583  tor_addr_make_unspec(&or_conn->canonical_orport.addr);
584  connection_or_set_canonical(or_conn, 0);
585 
586  if (type == CONN_TYPE_EXT_OR) {
587  /* If we aren't told an address for this connection, we should
588  * presume it isn't local, and should be rate-limited. */
589  TO_CONN(or_conn)->always_rate_limit_as_remote = 1;
591  }
592 
593  return or_conn;
594 }
595 
596 /** Allocate and return a new entry_connection_t, initialized as by
597  * connection_init().
598  *
599  * Allocate space to store the socks_request.
600  */
602 entry_connection_new(int type, int socket_family)
603 {
604  entry_connection_t *entry_conn = tor_malloc_zero(sizeof(entry_connection_t));
605  tor_assert(type == CONN_TYPE_AP);
606  connection_init(time(NULL), ENTRY_TO_CONN(entry_conn), type, socket_family);
607  entry_conn->socks_request = socks_request_new();
608  /* If this is coming from a listener, we'll set it up based on the listener
609  * in a little while. Otherwise, we're doing this as a linked connection
610  * of some kind, and we should set it up here based on the socket family */
611  if (socket_family == AF_INET)
612  entry_conn->entry_cfg.ipv4_traffic = 1;
613  else if (socket_family == AF_INET6)
614  entry_conn->entry_cfg.ipv6_traffic = 1;
615  return entry_conn;
616 }
617 
618 /** Allocate and return a new edge_connection_t, initialized as by
619  * connection_init(). */
621 edge_connection_new(int type, int socket_family)
622 {
623  edge_connection_t *edge_conn = tor_malloc_zero(sizeof(edge_connection_t));
624  tor_assert(type == CONN_TYPE_EXIT);
625  connection_init(time(NULL), TO_CONN(edge_conn), type, socket_family);
626  return edge_conn;
627 }
628 
629 /** Allocate and return a new control_connection_t, initialized as by
630  * connection_init(). */
632 control_connection_new(int socket_family)
633 {
634  control_connection_t *control_conn =
635  tor_malloc_zero(sizeof(control_connection_t));
636  connection_init(time(NULL),
637  TO_CONN(control_conn), CONN_TYPE_CONTROL, socket_family);
638  return control_conn;
639 }
640 
641 /** Allocate and return a new listener_connection_t, initialized as by
642  * connection_init(). */
644 listener_connection_new(int type, int socket_family)
645 {
646  listener_connection_t *listener_conn =
647  tor_malloc_zero(sizeof(listener_connection_t));
648  connection_init(time(NULL), TO_CONN(listener_conn), type, socket_family);
649  return listener_conn;
650 }
651 
652 /** Allocate, initialize, and return a new connection_t subtype of <b>type</b>
653  * to make or receive connections of address family <b>socket_family</b>. The
654  * type should be one of the CONN_TYPE_* constants. */
655 connection_t *
656 connection_new(int type, int socket_family)
657 {
658  switch (type) {
659  case CONN_TYPE_OR:
660  case CONN_TYPE_EXT_OR:
661  return TO_CONN(or_connection_new(type, socket_family));
662 
663  case CONN_TYPE_EXIT:
664  return TO_CONN(edge_connection_new(type, socket_family));
665 
666  case CONN_TYPE_AP:
667  return ENTRY_TO_CONN(entry_connection_new(type, socket_family));
668 
669  case CONN_TYPE_DIR:
670  return TO_CONN(dir_connection_new(socket_family));
671 
672  case CONN_TYPE_CONTROL:
673  return TO_CONN(control_connection_new(socket_family));
674 
675  CASE_ANY_LISTENER_TYPE:
676  return TO_CONN(listener_connection_new(type, socket_family));
677 
678  default: {
679  connection_t *conn = tor_malloc_zero(sizeof(connection_t));
680  connection_init(time(NULL), conn, type, socket_family);
681  return conn;
682  }
683  }
684 }
685 
686 /** Initializes conn. (you must call connection_add() to link it into the main
687  * array).
688  *
689  * Set conn->magic to the correct value.
690  *
691  * Set conn->type to <b>type</b>. Set conn->s and conn->conn_array_index to
692  * -1 to signify they are not yet assigned.
693  *
694  * Initialize conn's timestamps to now.
695  */
696 static void
697 connection_init(time_t now, connection_t *conn, int type, int socket_family)
698 {
699  static uint64_t n_connections_allocated = 1;
700 
701  switch (type) {
702  case CONN_TYPE_OR:
703  case CONN_TYPE_EXT_OR:
704  conn->magic = OR_CONNECTION_MAGIC;
705  break;
706  case CONN_TYPE_EXIT:
707  conn->magic = EDGE_CONNECTION_MAGIC;
708  break;
709  case CONN_TYPE_AP:
710  conn->magic = ENTRY_CONNECTION_MAGIC;
711  break;
712  case CONN_TYPE_DIR:
713  conn->magic = DIR_CONNECTION_MAGIC;
714  break;
715  case CONN_TYPE_CONTROL:
716  conn->magic = CONTROL_CONNECTION_MAGIC;
717  break;
718  CASE_ANY_LISTENER_TYPE:
719  conn->magic = LISTENER_CONNECTION_MAGIC;
720  break;
721  default:
722  conn->magic = BASE_CONNECTION_MAGIC;
723  break;
724  }
725 
726  conn->s = TOR_INVALID_SOCKET; /* give it a default of 'not used' */
727  conn->conn_array_index = -1; /* also default to 'not used' */
728  conn->global_identifier = n_connections_allocated++;
729 
730  conn->type = type;
731  conn->socket_family = socket_family;
732  if (!connection_is_listener(conn)) {
733  /* listeners never use their buf */
734  conn->inbuf = buf_new();
735  conn->outbuf = buf_new();
736  }
737 
738  conn->timestamp_created = now;
739  conn->timestamp_last_read_allowed = now;
740  conn->timestamp_last_write_allowed = now;
741 }
742 
743 /** Create a link between <b>conn_a</b> and <b>conn_b</b>. */
744 void
746 {
747  tor_assert(! SOCKET_OK(conn_a->s));
748  tor_assert(! SOCKET_OK(conn_b->s));
749 
750  conn_a->linked = 1;
751  conn_b->linked = 1;
752  conn_a->linked_conn = conn_b;
753  conn_b->linked_conn = conn_a;
754 }
755 
756 /** Return true iff the provided connection listener type supports AF_UNIX
757  * sockets. */
758 int
760 {
761  /* For now only control ports or SOCKS ports can be Unix domain sockets
762  * and listeners at the same time */
763  switch (type) {
766  return 1;
767  default:
768  return 0;
769  }
770 }
771 
772 /** Deallocate memory used by <b>conn</b>. Deallocate its buffers if
773  * necessary, close its socket if necessary, and mark the directory as dirty
774  * if <b>conn</b> is an OR or OP connection.
775  */
776 STATIC void
778 {
779  void *mem;
780  size_t memlen;
781  if (!conn)
782  return;
783 
784  switch (conn->type) {
785  case CONN_TYPE_OR:
786  case CONN_TYPE_EXT_OR:
787  tor_assert(conn->magic == OR_CONNECTION_MAGIC);
788  mem = TO_OR_CONN(conn);
789  memlen = sizeof(or_connection_t);
790  break;
791  case CONN_TYPE_AP:
792  tor_assert(conn->magic == ENTRY_CONNECTION_MAGIC);
793  mem = TO_ENTRY_CONN(conn);
794  memlen = sizeof(entry_connection_t);
795  break;
796  case CONN_TYPE_EXIT:
797  tor_assert(conn->magic == EDGE_CONNECTION_MAGIC);
798  mem = TO_EDGE_CONN(conn);
799  memlen = sizeof(edge_connection_t);
800  break;
801  case CONN_TYPE_DIR:
802  tor_assert(conn->magic == DIR_CONNECTION_MAGIC);
803  mem = TO_DIR_CONN(conn);
804  memlen = sizeof(dir_connection_t);
805  break;
806  case CONN_TYPE_CONTROL:
807  tor_assert(conn->magic == CONTROL_CONNECTION_MAGIC);
808  mem = TO_CONTROL_CONN(conn);
809  memlen = sizeof(control_connection_t);
810  break;
811  CASE_ANY_LISTENER_TYPE:
812  tor_assert(conn->magic == LISTENER_CONNECTION_MAGIC);
813  mem = TO_LISTENER_CONN(conn);
814  memlen = sizeof(listener_connection_t);
815  break;
816  default:
817  tor_assert(conn->magic == BASE_CONNECTION_MAGIC);
818  mem = conn;
819  memlen = sizeof(connection_t);
820  break;
821  }
822 
823  if (conn->linked) {
824  log_info(LD_GENERAL, "Freeing linked %s connection [%s] with %d "
825  "bytes on inbuf, %d on outbuf.",
826  conn_type_to_string(conn->type),
827  conn_state_to_string(conn->type, conn->state),
828  (int)connection_get_inbuf_len(conn),
829  (int)connection_get_outbuf_len(conn));
830  }
831 
832  if (!connection_is_listener(conn)) {
833  buf_free(conn->inbuf);
834  buf_free(conn->outbuf);
835  } else {
836  if (conn->socket_family == AF_UNIX) {
837  /* For now only control and SOCKS ports can be Unix domain sockets
838  * and listeners at the same time */
840 
841  if (unlink(conn->address) < 0 && errno != ENOENT) {
842  log_warn(LD_NET, "Could not unlink %s: %s", conn->address,
843  strerror(errno));
844  }
845  }
846  }
847 
849 
850  if (connection_speaks_cells(conn)) {
851  or_connection_t *or_conn = TO_OR_CONN(conn);
852  if (or_conn->tls) {
853  if (! SOCKET_OK(conn->s)) {
854  /* The socket has been closed by somebody else; we must tell the
855  * TLS object not to close it. */
856  tor_tls_release_socket(or_conn->tls);
857  } else {
858  /* The tor_tls_free() call below will close the socket; we must tell
859  * the code below not to close it a second time. */
861  conn->s = TOR_INVALID_SOCKET;
862  }
863  tor_tls_free(or_conn->tls);
864  or_conn->tls = NULL;
865  }
866  or_handshake_state_free(or_conn->handshake_state);
867  or_conn->handshake_state = NULL;
869  if (or_conn->chan) {
870  /* Owww, this shouldn't happen, but... */
871  channel_t *base_chan = TLS_CHAN_TO_BASE(or_conn->chan);
872  tor_assert(base_chan);
873  log_info(LD_CHANNEL,
874  "Freeing orconn at %p, saw channel %p with ID "
875  "%"PRIu64 " left un-NULLed",
876  or_conn, base_chan,
877  base_chan->global_identifier);
878  if (!CHANNEL_FINISHED(base_chan)) {
879  channel_close_for_error(base_chan);
880  }
881 
882  or_conn->chan->conn = NULL;
883  or_conn->chan = NULL;
884  }
885  }
886  if (conn->type == CONN_TYPE_AP) {
887  entry_connection_t *entry_conn = TO_ENTRY_CONN(conn);
890  if (entry_conn->socks_request)
891  socks_request_free(entry_conn->socks_request);
892  if (entry_conn->pending_optimistic_data) {
893  buf_free(entry_conn->pending_optimistic_data);
894  }
895  if (entry_conn->sending_optimistic_data) {
896  buf_free(entry_conn->sending_optimistic_data);
897  }
898  }
899  if (CONN_IS_EDGE(conn)) {
900  hs_ident_edge_conn_free(TO_EDGE_CONN(conn)->hs_ident);
901  }
902  if (conn->type == CONN_TYPE_CONTROL) {
903  control_connection_t *control_conn = TO_CONTROL_CONN(conn);
904  tor_free(control_conn->safecookie_client_hash);
905  tor_free(control_conn->incoming_cmd);
906  tor_free(control_conn->current_cmd);
907  if (control_conn->ephemeral_onion_services) {
908  SMARTLIST_FOREACH(control_conn->ephemeral_onion_services, char *, cp, {
909  memwipe(cp, 0, strlen(cp));
910  tor_free(cp);
911  });
912  smartlist_free(control_conn->ephemeral_onion_services);
913  }
914  }
915 
916  /* Probably already freed by connection_free. */
917  tor_event_free(conn->read_event);
918  tor_event_free(conn->write_event);
919  conn->read_event = conn->write_event = NULL;
920 
921  if (conn->type == CONN_TYPE_DIR) {
922  dir_connection_t *dir_conn = TO_DIR_CONN(conn);
923  tor_free(dir_conn->requested_resource);
924 
925  tor_compress_free(dir_conn->compress_state);
926  dir_conn_clear_spool(dir_conn);
927 
928  hs_ident_dir_conn_free(dir_conn->hs_ident);
929  if (dir_conn->guard_state) {
930  /* Cancel before freeing, if it's still there. */
931  entry_guard_cancel(&dir_conn->guard_state);
932  }
933  circuit_guard_state_free(dir_conn->guard_state);
934  }
935 
936  if (SOCKET_OK(conn->s)) {
937  log_debug(LD_NET,"closing fd %d.",(int)conn->s);
938  tor_close_socket(conn->s);
939  conn->s = TOR_INVALID_SOCKET;
940  }
941 
942  if (conn->type == CONN_TYPE_OR &&
943  !tor_digest_is_zero(TO_OR_CONN(conn)->identity_digest)) {
944  log_warn(LD_BUG, "called on OR conn with non-zeroed identity_digest");
946  }
947  if (conn->type == CONN_TYPE_OR || conn->type == CONN_TYPE_EXT_OR) {
948  tor_free(TO_OR_CONN(conn)->ext_or_conn_id);
949  tor_free(TO_OR_CONN(conn)->ext_or_auth_correct_client_hash);
950  tor_free(TO_OR_CONN(conn)->ext_or_transport);
951  }
952 
953  memwipe(mem, 0xCC, memlen); /* poison memory */
954  tor_free(mem);
955 }
956 
957 /** Make sure <b>conn</b> isn't in any of the global conn lists; then free it.
958  */
959 MOCK_IMPL(void,
961 {
962  if (!conn)
963  return;
966  if (BUG(conn->linked_conn)) {
967  conn->linked_conn->linked_conn = NULL;
968  if (! conn->linked_conn->marked_for_close &&
971  conn->linked_conn = NULL;
972  }
973  if (connection_speaks_cells(conn)) {
974  if (!tor_digest_is_zero(TO_OR_CONN(conn)->identity_digest)) {
976  }
977  }
978  if (conn->type == CONN_TYPE_CONTROL) {
980  }
981 #if 1
982  /* DEBUGGING */
983  if (conn->type == CONN_TYPE_AP) {
984  connection_ap_warn_and_unmark_if_pending_circ(TO_ENTRY_CONN(conn),
985  "connection_free");
986  }
987 #endif /* 1 */
988 
989  /* Notify the circuit creation DoS mitigation subsystem that an OR client
990  * connection has been closed. And only do that if we track it. */
991  if (conn->type == CONN_TYPE_OR) {
992  dos_close_client_conn(TO_OR_CONN(conn));
993  }
994 
997 }
998 
999 /**
1000  * Called when we're about to finally unlink and free a connection:
1001  * perform necessary accounting and cleanup
1002  * - Directory conns that failed to fetch a rendezvous descriptor
1003  * need to inform pending rendezvous streams.
1004  * - OR conns need to call rep_hist_note_*() to record status.
1005  * - AP conns need to send a socks reject if necessary.
1006  * - Exit conns need to call connection_dns_remove() if necessary.
1007  * - AP and Exit conns need to send an end cell if they can.
1008  * - DNS conns need to fail any resolves that are pending on them.
1009  * - OR and edge connections need to be unlinked from circuits.
1010  */
1011 void
1013 {
1015 
1016  switch (conn->type) {
1017  case CONN_TYPE_DIR:
1019  break;
1020  case CONN_TYPE_OR:
1021  case CONN_TYPE_EXT_OR:
1023  break;
1024  case CONN_TYPE_AP:
1026  break;
1027  case CONN_TYPE_EXIT:
1029  break;
1030  }
1031 }
1032 
1033 /** Return true iff connection_close_immediate() has been called on this
1034  * connection. */
1035 #define CONN_IS_CLOSED(c) \
1036  ((c)->linked ? ((c)->linked_conn_is_closed) : (! SOCKET_OK(c->s)))
1037 
1038 /** Close the underlying socket for <b>conn</b>, so we don't try to
1039  * flush it. Must be used in conjunction with (right before)
1040  * connection_mark_for_close().
1041  */
1042 void
1044 {
1045  assert_connection_ok(conn,0);
1046  if (CONN_IS_CLOSED(conn)) {
1047  log_err(LD_BUG,"Attempt to close already-closed connection.");
1049  return;
1050  }
1051  if (connection_get_outbuf_len(conn)) {
1052  log_info(LD_NET,"fd %d, type %s, state %s, %"TOR_PRIuSZ" bytes on outbuf.",
1053  (int)conn->s, conn_type_to_string(conn->type),
1054  conn_state_to_string(conn->type, conn->state),
1055  buf_datalen(conn->outbuf));
1056  }
1057 
1059 
1060  /* Prevent the event from getting unblocked. */
1061  conn->read_blocked_on_bw = 0;
1062  conn->write_blocked_on_bw = 0;
1063 
1064  if (SOCKET_OK(conn->s))
1065  tor_close_socket(conn->s);
1066  conn->s = TOR_INVALID_SOCKET;
1067  if (conn->linked)
1068  conn->linked_conn_is_closed = 1;
1069  if (conn->outbuf)
1070  buf_clear(conn->outbuf);
1071 }
1072 
1073 /** Mark <b>conn</b> to be closed next time we loop through
1074  * conn_close_if_marked() in main.c. */
1075 void
1076 connection_mark_for_close_(connection_t *conn, int line, const char *file)
1077 {
1078  assert_connection_ok(conn,0);
1079  tor_assert(line);
1080  tor_assert(line < 1<<16); /* marked_for_close can only fit a uint16_t. */
1081  tor_assert(file);
1082 
1083  if (conn->type == CONN_TYPE_OR) {
1084  /*
1085  * An or_connection should have been closed through one of the channel-
1086  * aware functions in connection_or.c. We'll assume this is an error
1087  * close and do that, and log a bug warning.
1088  */
1089  log_warn(LD_CHANNEL | LD_BUG,
1090  "Something tried to close an or_connection_t without going "
1091  "through channels at %s:%d",
1092  file, line);
1094  } else {
1095  /* Pass it down to the real function */
1096  connection_mark_for_close_internal_(conn, line, file);
1097  }
1098 }
1099 
1100 /** Mark <b>conn</b> to be closed next time we loop through
1101  * conn_close_if_marked() in main.c.
1102  *
1103  * This _internal version bypasses the CONN_TYPE_OR checks; this should be
1104  * called when you either are sure that if this is an or_connection_t the
1105  * controlling channel has been notified (e.g. with
1106  * connection_or_notify_error()), or you actually are the
1107  * connection_or_close_for_error() or connection_or_close_normally() function.
1108  * For all other cases, use connection_mark_and_flush() which checks for
1109  * or_connection_t properly, instead. See below.
1110  *
1111  * We want to keep this function simple and quick, since it can be called from
1112  * quite deep in the call chain, and hence it should avoid having side-effects
1113  * that interfere with its callers view of the connection.
1114  */
1115 MOCK_IMPL(void,
1117  int line, const char *file))
1118 {
1119  assert_connection_ok(conn,0);
1120  tor_assert(line);
1121  tor_assert(line < 1<<16); /* marked_for_close can only fit a uint16_t. */
1122  tor_assert(file);
1123 
1124  if (conn->marked_for_close) {
1125  log_warn(LD_BUG,"Duplicate call to connection_mark_for_close at %s:%d"
1126  " (first at %s:%d)", file, line, conn->marked_for_close_file,
1127  conn->marked_for_close);
1129  return;
1130  }
1131 
1132  if (conn->type == CONN_TYPE_OR) {
1133  /*
1134  * Bad news if this happens without telling the controlling channel; do
1135  * this so we can find things that call this wrongly when the asserts hit.
1136  */
1137  log_debug(LD_CHANNEL,
1138  "Calling connection_mark_for_close_internal_() on an OR conn "
1139  "at %s:%d",
1140  file, line);
1141  }
1142 
1143  conn->marked_for_close = line;
1144  conn->marked_for_close_file = file;
1146 
1147  /* in case we're going to be held-open-til-flushed, reset
1148  * the number of seconds since last successful write, so
1149  * we get our whole 15 seconds */
1150  conn->timestamp_last_write_allowed = time(NULL);
1151 }
1152 
1153 /** Find each connection that has hold_open_until_flushed set to
1154  * 1 but hasn't written in the past 15 seconds, and set
1155  * hold_open_until_flushed to 0. This means it will get cleaned
1156  * up in the next loop through close_if_marked() in main.c.
1157  */
1158 void
1160 {
1161  time_t now;
1162  smartlist_t *conns = get_connection_array();
1163 
1164  now = time(NULL);
1165 
1166  SMARTLIST_FOREACH_BEGIN(conns, connection_t *, conn) {
1167  /* If we've been holding the connection open, but we haven't written
1168  * for 15 seconds...
1169  */
1170  if (conn->hold_open_until_flushed) {
1172  if (now - conn->timestamp_last_write_allowed >= 15) {
1173  int severity;
1174  if (conn->type == CONN_TYPE_EXIT ||
1175  (conn->type == CONN_TYPE_DIR &&
1176  conn->purpose == DIR_PURPOSE_SERVER))
1177  severity = LOG_INFO;
1178  else
1179  severity = LOG_NOTICE;
1180  log_fn(severity, LD_NET,
1181  "Giving up on marked_for_close conn that's been flushing "
1182  "for 15s (fd %d, type %s, state %s).",
1183  (int)conn->s, conn_type_to_string(conn->type),
1184  conn_state_to_string(conn->type, conn->state));
1185  conn->hold_open_until_flushed = 0;
1186  }
1187  }
1188  } SMARTLIST_FOREACH_END(conn);
1189 }
1190 
1191 #if defined(HAVE_SYS_UN_H) || defined(RUNNING_DOXYGEN)
1192 /** Create an AF_UNIX listenaddr struct.
1193  * <b>listenaddress</b> provides the path to the Unix socket.
1194  *
1195  * Eventually <b>listenaddress</b> will also optionally contain user, group,
1196  * and file permissions for the new socket. But not yet. XXX
1197  * Also, since we do not create the socket here the information doesn't help
1198  * here.
1199  *
1200  * If not NULL <b>readable_address</b> will contain a copy of the path part of
1201  * <b>listenaddress</b>.
1202  *
1203  * The listenaddr struct has to be freed by the caller.
1204  */
1205 static struct sockaddr_un *
1206 create_unix_sockaddr(const char *listenaddress, char **readable_address,
1207  socklen_t *len_out)
1208 {
1209  struct sockaddr_un *sockaddr = NULL;
1210 
1211  sockaddr = tor_malloc_zero(sizeof(struct sockaddr_un));
1212  sockaddr->sun_family = AF_UNIX;
1213  if (strlcpy(sockaddr->sun_path, listenaddress, sizeof(sockaddr->sun_path))
1214  >= sizeof(sockaddr->sun_path)) {
1215  log_warn(LD_CONFIG, "Unix socket path '%s' is too long to fit.",
1216  escaped(listenaddress));
1217  tor_free(sockaddr);
1218  return NULL;
1219  }
1220 
1221  if (readable_address)
1222  *readable_address = tor_strdup(listenaddress);
1223 
1224  *len_out = sizeof(struct sockaddr_un);
1225  return sockaddr;
1226 }
1227 #else /* !(defined(HAVE_SYS_UN_H) || defined(RUNNING_DOXYGEN)) */
1228 static struct sockaddr *
1229 create_unix_sockaddr(const char *listenaddress, char **readable_address,
1230  socklen_t *len_out)
1231 {
1232  (void)listenaddress;
1233  (void)readable_address;
1235  "Unix domain sockets not supported, yet we tried to create one.");
1236  *len_out = 0;
1238  return NULL;
1239 }
1240 #endif /* defined(HAVE_SYS_UN_H) || defined(RUNNING_DOXYGEN) */
1241 
1242 /**
1243  * A socket failed from resource exhaustion.
1244  *
1245  * Among other actions, warn that an accept or a connect has failed because
1246  * we're running out of TCP sockets we can use on current system. Rate-limit
1247  * these warnings so that we don't spam the log. */
1248 static void
1250 {
1251  /* When we get to this point we know that a socket could not be
1252  * established. However the kernel does not let us know whether the reason is
1253  * because we ran out of TCP source ports, or because we exhausted all the
1254  * FDs on this system, or for any other reason.
1255  *
1256  * For this reason, we are going to use the following heuristic: If our
1257  * system supports a lot of sockets, we will assume that it's a problem of
1258  * TCP port exhaustion. Otherwise, if our system does not support many
1259  * sockets, we will assume that this is because of file descriptor
1260  * exhaustion.
1261  */
1262  if (get_max_sockets() > 65535) {
1263  /* TCP port exhaustion */
1265  } else {
1266  /* File descriptor exhaustion */
1267  rep_hist_note_overload(OVERLOAD_FD_EXHAUSTED);
1268  }
1269 
1270 #define WARN_TOO_MANY_CONNS_INTERVAL (6*60*60)
1271  static ratelim_t last_warned = RATELIM_INIT(WARN_TOO_MANY_CONNS_INTERVAL);
1272  char *m;
1273  if ((m = rate_limit_log(&last_warned, approx_time()))) {
1274  int n_conns = get_n_open_sockets();
1275  log_warn(LD_NET,"Failing because we have %d connections already. Please "
1276  "read doc/TUNING for guidance.%s", n_conns, m);
1277  tor_free(m);
1278  control_event_general_status(LOG_WARN, "TOO_MANY_CONNECTIONS CURRENT=%d",
1279  n_conns);
1280  }
1281 }
1282 
1283 #ifdef HAVE_SYS_UN_H
1284 
1285 #define UNIX_SOCKET_PURPOSE_CONTROL_SOCKET 0
1286 #define UNIX_SOCKET_PURPOSE_SOCKS_SOCKET 1
1287 
1288 /** Check if the purpose isn't one of the ones we know what to do with */
1289 
1290 static int
1291 is_valid_unix_socket_purpose(int purpose)
1292 {
1293  int valid = 0;
1294 
1295  switch (purpose) {
1296  case UNIX_SOCKET_PURPOSE_CONTROL_SOCKET:
1297  case UNIX_SOCKET_PURPOSE_SOCKS_SOCKET:
1298  valid = 1;
1299  break;
1300  }
1301 
1302  return valid;
1303 }
1304 
1305 /** Return a string description of a unix socket purpose */
1306 static const char *
1307 unix_socket_purpose_to_string(int purpose)
1308 {
1309  const char *s = "unknown-purpose socket";
1310 
1311  switch (purpose) {
1312  case UNIX_SOCKET_PURPOSE_CONTROL_SOCKET:
1313  s = "control socket";
1314  break;
1315  case UNIX_SOCKET_PURPOSE_SOCKS_SOCKET:
1316  s = "SOCKS socket";
1317  break;
1318  }
1319 
1320  return s;
1321 }
1322 
1323 /** Check whether we should be willing to open an AF_UNIX socket in
1324  * <b>path</b>. Return 0 if we should go ahead and -1 if we shouldn't. */
1325 static int
1326 check_location_for_unix_socket(const or_options_t *options, const char *path,
1327  int purpose, const port_cfg_t *port)
1328 {
1329  int r = -1;
1330  char *p = NULL;
1331 
1332  tor_assert(is_valid_unix_socket_purpose(purpose));
1333 
1334  p = tor_strdup(path);
1335  cpd_check_t flags = CPD_CHECK_MODE_ONLY;
1336  if (get_parent_directory(p)<0 || p[0] != '/') {
1337  log_warn(LD_GENERAL, "Bad unix socket address '%s'. Tor does not support "
1338  "relative paths for unix sockets.", path);
1339  goto done;
1340  }
1341 
1342  if (port->is_world_writable) {
1343  /* World-writable sockets can go anywhere. */
1344  r = 0;
1345  goto done;
1346  }
1347 
1348  if (port->is_group_writable) {
1349  flags |= CPD_GROUP_OK;
1350  }
1351 
1352  if (port->relax_dirmode_check) {
1353  flags |= CPD_RELAX_DIRMODE_CHECK;
1354  }
1355 
1356  if (check_private_dir(p, flags, options->User) < 0) {
1357  char *escpath, *escdir;
1358  escpath = esc_for_log(path);
1359  escdir = esc_for_log(p);
1360  log_warn(LD_GENERAL, "Before Tor can create a %s in %s, the directory "
1361  "%s needs to exist, and to be accessible only by the user%s "
1362  "account that is running Tor. (On some Unix systems, anybody "
1363  "who can list a socket can connect to it, so Tor is being "
1364  "careful.)",
1365  unix_socket_purpose_to_string(purpose), escpath, escdir,
1366  port->is_group_writable ? " and group" : "");
1367  tor_free(escpath);
1368  tor_free(escdir);
1369  goto done;
1370  }
1371 
1372  r = 0;
1373  done:
1374  tor_free(p);
1375  return r;
1376 }
1377 #endif /* defined(HAVE_SYS_UN_H) */
1378 
1379 /** Tell the TCP stack that it shouldn't wait for a long time after
1380  * <b>sock</b> has closed before reusing its port. Return 0 on success,
1381  * -1 on failure. */
1382 static int
1384 {
1385 #ifdef _WIN32
1386  (void) sock;
1387  return 0;
1388 #else
1389  int one=1;
1390 
1391  /* REUSEADDR on normal places means you can rebind to the port
1392  * right after somebody else has let it go. But REUSEADDR on win32
1393  * means you can bind to the port _even when somebody else
1394  * already has it bound_. So, don't do that on Win32. */
1395  if (setsockopt(sock, SOL_SOCKET, SO_REUSEADDR, (void*) &one,
1396  (socklen_t)sizeof(one)) == -1) {
1397  return -1;
1398  }
1399  return 0;
1400 #endif /* defined(_WIN32) */
1401 }
1402 
1403 #ifdef _WIN32
1404 /** Tell the Windows TCP stack to prevent other applications from receiving
1405  * traffic from tor's open ports. Return 0 on success, -1 on failure. */
1406 static int
1407 make_win32_socket_exclusive(tor_socket_t sock)
1408 {
1409 #ifdef SO_EXCLUSIVEADDRUSE
1410  int one=1;
1411 
1412  /* Any socket that sets REUSEADDR on win32 can bind to a port _even when
1413  * somebody else already has it bound_, and _even if the original socket
1414  * didn't set REUSEADDR_. Use EXCLUSIVEADDRUSE to prevent this port-stealing
1415  * on win32. */
1416  if (setsockopt(sock, SOL_SOCKET, SO_EXCLUSIVEADDRUSE, (void*) &one,
1417  (socklen_t)sizeof(one))) {
1418  return -1;
1419  }
1420  return 0;
1421 #else /* !defined(SO_EXCLUSIVEADDRUSE) */
1422  (void) sock;
1423  return 0;
1424 #endif /* defined(SO_EXCLUSIVEADDRUSE) */
1425 }
1426 #endif /* defined(_WIN32) */
1427 
1428 /** Max backlog to pass to listen. We start at */
1429 static int listen_limit = INT_MAX;
1430 
1431 /* Listen on <b>fd</b> with appropriate backlog. Return as for listen. */
1432 static int
1433 tor_listen(tor_socket_t fd)
1434 {
1435  int r;
1436 
1437  if ((r = listen(fd, listen_limit)) < 0) {
1438  if (listen_limit == SOMAXCONN)
1439  return r;
1440  if ((r = listen(fd, SOMAXCONN)) == 0) {
1441  listen_limit = SOMAXCONN;
1442  log_warn(LD_NET, "Setting listen backlog to INT_MAX connections "
1443  "didn't work, but SOMAXCONN did. Lowering backlog limit.");
1444  }
1445  }
1446  return r;
1447 }
1448 
1449 /** Bind a new non-blocking socket listening to the socket described
1450  * by <b>listensockaddr</b>.
1451  *
1452  * <b>address</b> is only used for logging purposes and to add the information
1453  * to the conn.
1454  *
1455  * Set <b>addr_in_use</b> to true in case socket binding fails with
1456  * EADDRINUSE.
1457  */
1458 static connection_t *
1459 connection_listener_new(const struct sockaddr *listensockaddr,
1460  socklen_t socklen,
1461  int type, const char *address,
1462  const port_cfg_t *port_cfg,
1463  int *addr_in_use)
1464 {
1465  listener_connection_t *lis_conn;
1466  connection_t *conn = NULL;
1467  tor_socket_t s = TOR_INVALID_SOCKET; /* the socket we're going to make */
1468  or_options_t const *options = get_options();
1469  (void) options; /* Windows doesn't use this. */
1470 #if defined(HAVE_PWD_H) && defined(HAVE_SYS_UN_H)
1471  const struct passwd *pw = NULL;
1472 #endif
1473  uint16_t usePort = 0, gotPort = 0;
1474  int start_reading = 0;
1475  static int global_next_session_group = SESSION_GROUP_FIRST_AUTO;
1476  tor_addr_t addr;
1477  int exhaustion = 0;
1478 
1479  if (addr_in_use)
1480  *addr_in_use = 0;
1481 
1482  if (listensockaddr->sa_family == AF_INET ||
1483  listensockaddr->sa_family == AF_INET6) {
1484  int is_stream = (type != CONN_TYPE_AP_DNS_LISTENER);
1485  if (is_stream)
1486  start_reading = 1;
1487 
1488  tor_addr_from_sockaddr(&addr, listensockaddr, &usePort);
1489  log_notice(LD_NET, "Opening %s on %s",
1490  conn_type_to_string(type), fmt_addrport(&addr, usePort));
1491 
1493  is_stream ? SOCK_STREAM : SOCK_DGRAM,
1494  is_stream ? IPPROTO_TCP: IPPROTO_UDP);
1495  if (!SOCKET_OK(s)) {
1496  int e = tor_socket_errno(s);
1497  if (ERRNO_IS_RESOURCE_LIMIT(e)) {
1499  /*
1500  * We'll call the OOS handler at the error exit, so set the
1501  * exhaustion flag for it.
1502  */
1503  exhaustion = 1;
1504  } else {
1505  log_warn(LD_NET, "Socket creation failed: %s",
1506  tor_socket_strerror(e));
1507  }
1508  goto err;
1509  }
1510 
1511  if (make_socket_reuseable(s) < 0) {
1512  log_warn(LD_NET, "Error setting SO_REUSEADDR flag on %s: %s",
1513  conn_type_to_string(type),
1514  tor_socket_strerror(errno));
1515  }
1516 
1517 #ifdef _WIN32
1518  if (make_win32_socket_exclusive(s) < 0) {
1519  log_warn(LD_NET, "Error setting SO_EXCLUSIVEADDRUSE flag on %s: %s",
1520  conn_type_to_string(type),
1521  tor_socket_strerror(errno));
1522  }
1523 #endif /* defined(_WIN32) */
1524 
1525 #if defined(USE_TRANSPARENT) && defined(IP_TRANSPARENT)
1526  if (options->TransProxyType_parsed == TPT_TPROXY &&
1527  type == CONN_TYPE_AP_TRANS_LISTENER) {
1528  int one = 1;
1529  if (setsockopt(s, SOL_IP, IP_TRANSPARENT, (void*)&one,
1530  (socklen_t)sizeof(one)) < 0) {
1531  const char *extra = "";
1532  int e = tor_socket_errno(s);
1533  if (e == EPERM)
1534  extra = "TransTPROXY requires root privileges or similar"
1535  " capabilities.";
1536  log_warn(LD_NET, "Error setting IP_TRANSPARENT flag: %s.%s",
1537  tor_socket_strerror(e), extra);
1538  }
1539  }
1540 #endif /* defined(USE_TRANSPARENT) && defined(IP_TRANSPARENT) */
1541 
1542 #ifdef IPV6_V6ONLY
1543  if (listensockaddr->sa_family == AF_INET6) {
1544  int one = 1;
1545  /* We need to set IPV6_V6ONLY so that this socket can't get used for
1546  * IPv4 connections. */
1547  if (setsockopt(s,IPPROTO_IPV6, IPV6_V6ONLY,
1548  (void*)&one, (socklen_t)sizeof(one)) < 0) {
1549  int e = tor_socket_errno(s);
1550  log_warn(LD_NET, "Error setting IPV6_V6ONLY flag: %s",
1551  tor_socket_strerror(e));
1552  /* Keep going; probably not harmful. */
1553  }
1554  }
1555 #endif /* defined(IPV6_V6ONLY) */
1556 
1557  if (bind(s,listensockaddr,socklen) < 0) {
1558  const char *helpfulhint = "";
1559  int e = tor_socket_errno(s);
1560  if (ERRNO_IS_EADDRINUSE(e)) {
1561  helpfulhint = ". Is Tor already running?";
1562  if (addr_in_use)
1563  *addr_in_use = 1;
1564  }
1565  log_warn(LD_NET, "Could not bind to %s:%u: %s%s", address, usePort,
1566  tor_socket_strerror(e), helpfulhint);
1567  goto err;
1568  }
1569 
1570  if (is_stream) {
1571  if (tor_listen(s) < 0) {
1572  log_warn(LD_NET, "Could not listen on %s:%u: %s", address, usePort,
1573  tor_socket_strerror(tor_socket_errno(s)));
1574  goto err;
1575  }
1576  }
1577 
1578  if (usePort != 0) {
1579  gotPort = usePort;
1580  } else {
1581  tor_addr_t addr2;
1582  struct sockaddr_storage ss;
1583  socklen_t ss_len=sizeof(ss);
1584  if (getsockname(s, (struct sockaddr*)&ss, &ss_len)<0) {
1585  log_warn(LD_NET, "getsockname() couldn't learn address for %s: %s",
1586  conn_type_to_string(type),
1587  tor_socket_strerror(tor_socket_errno(s)));
1588  gotPort = 0;
1589  }
1590  tor_addr_from_sockaddr(&addr2, (struct sockaddr*)&ss, &gotPort);
1591  }
1592 #ifdef HAVE_SYS_UN_H
1593  /*
1594  * AF_UNIX generic setup stuff
1595  */
1596  } else if (listensockaddr->sa_family == AF_UNIX) {
1597  /* We want to start reading for both AF_UNIX cases */
1598  start_reading = 1;
1599 
1601 
1602  if (check_location_for_unix_socket(options, address,
1603  (type == CONN_TYPE_CONTROL_LISTENER) ?
1604  UNIX_SOCKET_PURPOSE_CONTROL_SOCKET :
1605  UNIX_SOCKET_PURPOSE_SOCKS_SOCKET, port_cfg) < 0) {
1606  goto err;
1607  }
1608 
1609  log_notice(LD_NET, "Opening %s on %s",
1610  conn_type_to_string(type), address);
1611 
1612  tor_addr_make_unspec(&addr);
1613 
1614  if (unlink(address) < 0 && errno != ENOENT) {
1615  log_warn(LD_NET, "Could not unlink %s: %s", address,
1616  strerror(errno));
1617  goto err;
1618  }
1619 
1620  s = tor_open_socket_nonblocking(AF_UNIX, SOCK_STREAM, 0);
1621  if (! SOCKET_OK(s)) {
1622  int e = tor_socket_errno(s);
1623  if (ERRNO_IS_RESOURCE_LIMIT(e)) {
1625  /*
1626  * We'll call the OOS handler at the error exit, so set the
1627  * exhaustion flag for it.
1628  */
1629  exhaustion = 1;
1630  } else {
1631  log_warn(LD_NET,"Socket creation failed: %s.", strerror(e));
1632  }
1633  goto err;
1634  }
1635 
1636  if (bind(s, listensockaddr,
1637  (socklen_t)sizeof(struct sockaddr_un)) == -1) {
1638  log_warn(LD_NET,"Bind to %s failed: %s.", address,
1639  tor_socket_strerror(tor_socket_errno(s)));
1640  goto err;
1641  }
1642 
1643 #ifdef HAVE_PWD_H
1644  if (options->User) {
1645  pw = tor_getpwnam(options->User);
1646  struct stat st;
1647  if (pw == NULL) {
1648  log_warn(LD_NET,"Unable to chown() %s socket: user %s not found.",
1649  address, options->User);
1650  goto err;
1651  } else if (fstat(s, &st) == 0 &&
1652  st.st_uid == pw->pw_uid && st.st_gid == pw->pw_gid) {
1653  /* No change needed */
1654  } else if (chown(sandbox_intern_string(address),
1655  pw->pw_uid, pw->pw_gid) < 0) {
1656  log_warn(LD_NET,"Unable to chown() %s socket: %s.",
1657  address, strerror(errno));
1658  goto err;
1659  }
1660  }
1661 #endif /* defined(HAVE_PWD_H) */
1662 
1663  {
1664  unsigned mode;
1665  const char *status;
1666  struct stat st;
1667  if (port_cfg->is_world_writable) {
1668  mode = 0666;
1669  status = "world-writable";
1670  } else if (port_cfg->is_group_writable) {
1671  mode = 0660;
1672  status = "group-writable";
1673  } else {
1674  mode = 0600;
1675  status = "private";
1676  }
1677  /* We need to use chmod; fchmod doesn't work on sockets on all
1678  * platforms. */
1679  if (fstat(s, &st) == 0 && (st.st_mode & 0777) == mode) {
1680  /* no change needed */
1681  } else if (chmod(sandbox_intern_string(address), mode) < 0) {
1682  log_warn(LD_FS,"Unable to make %s %s.", address, status);
1683  goto err;
1684  }
1685  }
1686 
1687  if (listen(s, SOMAXCONN) < 0) {
1688  log_warn(LD_NET, "Could not listen on %s: %s", address,
1689  tor_socket_strerror(tor_socket_errno(s)));
1690  goto err;
1691  }
1692 
1693 #ifndef __APPLE__
1694  /* This code was introduced to help debug #28229. */
1695  int value;
1696  socklen_t len = sizeof(value);
1697 
1698  if (!getsockopt(s, SOL_SOCKET, SO_ACCEPTCONN, &value, &len)) {
1699  if (value == 0) {
1700  log_err(LD_NET, "Could not listen on %s - "
1701  "getsockopt(.,SO_ACCEPTCONN,.) yields 0.", address);
1702  goto err;
1703  }
1704  }
1705 #endif /* !defined(__APPLE__) */
1706 #endif /* defined(HAVE_SYS_UN_H) */
1707  } else {
1708  log_err(LD_BUG, "Got unexpected address family %d.",
1709  listensockaddr->sa_family);
1710  tor_assert(0);
1711  }
1712 
1713  lis_conn = listener_connection_new(type, listensockaddr->sa_family);
1714  conn = TO_CONN(lis_conn);
1715  conn->socket_family = listensockaddr->sa_family;
1716  conn->s = s;
1717  s = TOR_INVALID_SOCKET; /* Prevent double-close */
1718  conn->address = tor_strdup(address);
1719  conn->port = gotPort;
1720  tor_addr_copy(&conn->addr, &addr);
1721 
1722  memcpy(&lis_conn->entry_cfg, &port_cfg->entry_cfg, sizeof(entry_port_cfg_t));
1723 
1724  if (port_cfg->entry_cfg.isolation_flags) {
1725  lis_conn->entry_cfg.isolation_flags = port_cfg->entry_cfg.isolation_flags;
1726  if (port_cfg->entry_cfg.session_group >= 0) {
1727  lis_conn->entry_cfg.session_group = port_cfg->entry_cfg.session_group;
1728  } else {
1729  /* This can wrap after around INT_MAX listeners are opened. But I don't
1730  * believe that matters, since you would need to open a ridiculous
1731  * number of listeners while keeping the early ones open before you ever
1732  * hit this. An OR with a dozen ports open, for example, would have to
1733  * close and re-open its listeners every second for 4 years nonstop.
1734  */
1735  lis_conn->entry_cfg.session_group = global_next_session_group--;
1736  }
1737  }
1738 
1739  if (connection_add(conn) < 0) { /* no space, forget it */
1740  log_warn(LD_NET,"connection_add for listener failed. Giving up.");
1741  goto err;
1742  }
1743 
1744  log_fn(usePort==gotPort ? LOG_DEBUG : LOG_NOTICE, LD_NET,
1745  "%s listening on port %u.",
1746  conn_type_to_string(type), gotPort);
1747 
1748  conn->state = LISTENER_STATE_READY;
1749  if (start_reading) {
1751  } else {
1754  }
1755 
1756  /*
1757  * Normal exit; call the OOS handler since connection count just changed;
1758  * the exhaustion flag will always be zero here though.
1759  */
1761 
1762  log_notice(LD_NET, "Opened %s", connection_describe(conn));
1763 
1764  return conn;
1765 
1766  err:
1767  if (SOCKET_OK(s))
1768  tor_close_socket(s);
1769  if (conn)
1770  connection_free(conn);
1771 
1772  /* Call the OOS handler, indicate if we saw an exhaustion-related error */
1774 
1775  return NULL;
1776 }
1777 
1778 /**
1779  * Create a new listener connection for a given <b>port</b>. In case we
1780  * for a reason that is not an error condition, set <b>defer</b>
1781  * to true. If we cannot bind listening socket because address is already
1782  * in use, set <b>addr_in_use</b> to true.
1783  */
1784 static connection_t *
1786  int *defer, int *addr_in_use)
1787 {
1788  connection_t *conn;
1789  struct sockaddr *listensockaddr;
1790  socklen_t listensocklen = 0;
1791  char *address=NULL;
1792  int real_port = port->port == CFG_AUTO_PORT ? 0 : port->port;
1793  tor_assert(real_port <= UINT16_MAX);
1794 
1795  if (defer)
1796  *defer = 0;
1797 
1798  if (port->server_cfg.no_listen) {
1799  if (defer)
1800  *defer = 1;
1801  return NULL;
1802  }
1803 
1804 #ifndef _WIN32
1805  /* We don't need to be root to create a UNIX socket, so defer until after
1806  * setuid. */
1807  const or_options_t *options = get_options();
1808  if (port->is_unix_addr && !geteuid() && (options->User) &&
1809  strcmp(options->User, "root")) {
1810  if (defer)
1811  *defer = 1;
1812  return NULL;
1813  }
1814 #endif /* !defined(_WIN32) */
1815 
1816  if (port->is_unix_addr) {
1817  listensockaddr = (struct sockaddr *)
1818  create_unix_sockaddr(port->unix_addr,
1819  &address, &listensocklen);
1820  } else {
1821  listensockaddr = tor_malloc(sizeof(struct sockaddr_storage));
1822  listensocklen = tor_addr_to_sockaddr(&port->addr,
1823  real_port,
1824  listensockaddr,
1825  sizeof(struct sockaddr_storage));
1826  address = tor_addr_to_str_dup(&port->addr);
1827  }
1828 
1829  if (listensockaddr) {
1830  conn = connection_listener_new(listensockaddr, listensocklen,
1831  port->type, address, port,
1832  addr_in_use);
1833  tor_free(listensockaddr);
1834  tor_free(address);
1835  } else {
1836  conn = NULL;
1837  }
1838 
1839  return conn;
1840 }
1841 
1842 /** Do basic sanity checking on a newly received socket. Return 0
1843  * if it looks ok, else return -1.
1844  *
1845  * Notably, some TCP stacks can erroneously have accept() return successfully
1846  * with socklen 0, when the client sends an RST before the accept call (as
1847  * nmap does). We want to detect that, and not go on with the connection.
1848  */
1849 static int
1850 check_sockaddr(const struct sockaddr *sa, int len, int level)
1851 {
1852  int ok = 1;
1853 
1854  if (sa->sa_family == AF_INET) {
1855  struct sockaddr_in *sin=(struct sockaddr_in*)sa;
1856  if (len != sizeof(struct sockaddr_in)) {
1857  log_fn(level, LD_NET, "Length of address not as expected: %d vs %d",
1858  len,(int)sizeof(struct sockaddr_in));
1859  ok = 0;
1860  }
1861  if (sin->sin_addr.s_addr == 0 || sin->sin_port == 0) {
1862  log_fn(level, LD_NET,
1863  "Address for new connection has address/port equal to zero.");
1864  ok = 0;
1865  }
1866  } else if (sa->sa_family == AF_INET6) {
1867  struct sockaddr_in6 *sin6=(struct sockaddr_in6*)sa;
1868  if (len != sizeof(struct sockaddr_in6)) {
1869  log_fn(level, LD_NET, "Length of address not as expected: %d vs %d",
1870  len,(int)sizeof(struct sockaddr_in6));
1871  ok = 0;
1872  }
1873  if (fast_mem_is_zero((void*)sin6->sin6_addr.s6_addr, 16) ||
1874  sin6->sin6_port == 0) {
1875  log_fn(level, LD_NET,
1876  "Address for new connection has address/port equal to zero.");
1877  ok = 0;
1878  }
1879  } else if (sa->sa_family == AF_UNIX) {
1880  ok = 1;
1881  } else {
1882  ok = 0;
1883  }
1884  return ok ? 0 : -1;
1885 }
1886 
1887 /** Check whether the socket family from an accepted socket <b>got</b> is the
1888  * same as the one that <b>listener</b> is waiting for. If it isn't, log
1889  * a useful message and return -1. Else return 0.
1890  *
1891  * This is annoying, but can apparently happen on some Darwins. */
1892 static int
1894 {
1895  if (got != listener->socket_family) {
1896  log_info(LD_BUG, "A listener connection returned a socket with a "
1897  "mismatched family. %s for addr_family %d gave us a socket "
1898  "with address family %d. Dropping.",
1899  conn_type_to_string(listener->type),
1900  (int)listener->socket_family,
1901  (int)got);
1902  return -1;
1903  }
1904  return 0;
1905 }
1906 
1907 /** The listener connection <b>conn</b> told poll() it wanted to read.
1908  * Call accept() on conn->s, and add the new connection if necessary.
1909  */
1910 static int
1912 {
1913  tor_socket_t news; /* the new socket */
1914  connection_t *newconn = 0;
1915  /* information about the remote peer when connecting to other routers */
1916  struct sockaddr_storage addrbuf;
1917  struct sockaddr *remote = (struct sockaddr*)&addrbuf;
1918  /* length of the remote address. Must be whatever accept() needs. */
1919  socklen_t remotelen = (socklen_t)sizeof(addrbuf);
1920  const or_options_t *options = get_options();
1921 
1922  tor_assert((size_t)remotelen >= sizeof(struct sockaddr_in));
1923  memset(&addrbuf, 0, sizeof(addrbuf));
1924 
1925  news = tor_accept_socket_nonblocking(conn->s,remote,&remotelen);
1926  if (!SOCKET_OK(news)) { /* accept() error */
1927  int e = tor_socket_errno(conn->s);
1928  if (ERRNO_IS_ACCEPT_EAGAIN(e)) {
1929  /*
1930  * they hung up before we could accept(). that's fine.
1931  *
1932  * give the OOS handler a chance to run though
1933  */
1935  return 0;
1936  } else if (ERRNO_IS_RESOURCE_LIMIT(e)) {
1938  /* Exhaustion; tell the OOS handler */
1940  return 0;
1941  }
1942  /* else there was a real error. */
1943  log_warn(LD_NET,"accept() failed: %s. Closing listener.",
1944  tor_socket_strerror(e));
1945  connection_mark_for_close(conn);
1946  /* Tell the OOS handler about this too */
1948  return -1;
1949  }
1950  log_debug(LD_NET,
1951  "Connection accepted on socket %d (child of fd %d).",
1952  (int)news,(int)conn->s);
1953 
1954  /* We accepted a new conn; run OOS handler */
1956 
1957  if (make_socket_reuseable(news) < 0) {
1958  if (tor_socket_errno(news) == EINVAL) {
1959  /* This can happen on OSX if we get a badly timed shutdown. */
1960  log_debug(LD_NET, "make_socket_reuseable returned EINVAL");
1961  } else {
1962  log_warn(LD_NET, "Error setting SO_REUSEADDR flag on %s: %s",
1963  conn_type_to_string(new_type),
1964  tor_socket_strerror(errno));
1965  }
1966  tor_close_socket(news);
1967  return 0;
1968  }
1969 
1970  if (options->ConstrainedSockets)
1972 
1973  if (check_sockaddr_family_match(remote->sa_family, conn) < 0) {
1974  tor_close_socket(news);
1975  return 0;
1976  }
1977 
1978  if (conn->socket_family == AF_INET || conn->socket_family == AF_INET6 ||
1979  (conn->socket_family == AF_UNIX && new_type == CONN_TYPE_AP)) {
1980  tor_addr_t addr;
1981  uint16_t port;
1982  if (check_sockaddr(remote, remotelen, LOG_INFO)<0) {
1983  log_info(LD_NET,
1984  "accept() returned a strange address; closing connection.");
1985  tor_close_socket(news);
1986  return 0;
1987  }
1988 
1989  tor_addr_from_sockaddr(&addr, remote, &port);
1990 
1991  /* process entrance policies here, before we even create the connection */
1992  if (new_type == CONN_TYPE_AP) {
1993  /* check sockspolicy to see if we should accept it */
1994  if (socks_policy_permits_address(&addr) == 0) {
1995  log_notice(LD_APP,
1996  "Denying socks connection from untrusted address %s.",
1997  fmt_and_decorate_addr(&addr));
1998  tor_close_socket(news);
1999  return 0;
2000  }
2001  }
2002  if (new_type == CONN_TYPE_DIR) {
2003  /* check dirpolicy to see if we should accept it */
2004  if (dir_policy_permits_address(&addr) == 0) {
2005  log_notice(LD_DIRSERV,"Denying dir connection from address %s.",
2006  fmt_and_decorate_addr(&addr));
2007  tor_close_socket(news);
2008  return 0;
2009  }
2010  }
2011  if (new_type == CONN_TYPE_OR) {
2012  /* Assess with the connection DoS mitigation subsystem if this address
2013  * can open a new connection. */
2014  if (dos_conn_addr_get_defense_type(&addr) == DOS_CONN_DEFENSE_CLOSE) {
2015  tor_close_socket(news);
2016  return 0;
2017  }
2018  }
2019 
2020  newconn = connection_new(new_type, conn->socket_family);
2021  newconn->s = news;
2022 
2023  /* remember the remote address */
2024  tor_addr_copy(&newconn->addr, &addr);
2025  if (new_type == CONN_TYPE_AP && conn->socket_family == AF_UNIX) {
2026  newconn->port = 0;
2027  newconn->address = tor_strdup(conn->address);
2028  } else {
2029  newconn->port = port;
2030  newconn->address = tor_addr_to_str_dup(&addr);
2031  }
2032 
2033  if (new_type == CONN_TYPE_AP && conn->socket_family != AF_UNIX) {
2034  log_info(LD_NET, "New SOCKS connection opened from %s.",
2035  fmt_and_decorate_addr(&addr));
2036  }
2037  if (new_type == CONN_TYPE_AP && conn->socket_family == AF_UNIX) {
2038  log_info(LD_NET, "New SOCKS AF_UNIX connection opened");
2039  }
2040  if (new_type == CONN_TYPE_CONTROL) {
2041  log_notice(LD_CONTROL, "New control connection opened from %s.",
2042  fmt_and_decorate_addr(&addr));
2043  }
2044  if (new_type == CONN_TYPE_METRICS) {
2045  log_info(LD_CONTROL, "New metrics connection opened from %s.",
2046  fmt_and_decorate_addr(&addr));
2047  }
2048 
2049  } else if (conn->socket_family == AF_UNIX && conn->type != CONN_TYPE_AP) {
2051  tor_assert(new_type == CONN_TYPE_CONTROL);
2052  log_notice(LD_CONTROL, "New control connection opened.");
2053 
2054  newconn = connection_new(new_type, conn->socket_family);
2055  newconn->s = news;
2056 
2057  /* remember the remote address -- do we have anything sane to put here? */
2058  tor_addr_make_unspec(&newconn->addr);
2059  newconn->port = 1;
2060  newconn->address = tor_strdup(conn->address);
2061  } else {
2062  tor_assert(0);
2063  };
2064 
2065  if (connection_add(newconn) < 0) { /* no space, forget it */
2066  connection_free(newconn);
2067  return 0; /* no need to tear down the parent */
2068  }
2069 
2070  if (connection_init_accepted_conn(newconn, TO_LISTENER_CONN(conn)) < 0) {
2071  if (! newconn->marked_for_close)
2072  connection_mark_for_close(newconn);
2073  return 0;
2074  }
2075 
2076  note_connection(true /* inbound */, conn->socket_family);
2077 
2078  return 0;
2079 }
2080 
2081 /** Initialize states for newly accepted connection <b>conn</b>.
2082  *
2083  * If conn is an OR, start the TLS handshake.
2084  *
2085  * If conn is a transparent AP, get its original destination
2086  * and place it in circuit_wait.
2087  *
2088  * The <b>listener</b> parameter is only used for AP connections.
2089  */
2090 int
2092  const listener_connection_t *listener)
2093 {
2094  int rv;
2095 
2097 
2098  switch (conn->type) {
2099  case CONN_TYPE_EXT_OR:
2100  /* Initiate Extended ORPort authentication. */
2102  case CONN_TYPE_OR:
2103  connection_or_event_status(TO_OR_CONN(conn), OR_CONN_EVENT_NEW, 0);
2105  if (rv < 0) {
2107  }
2108  return rv;
2109  break;
2110  case CONN_TYPE_AP:
2111  memcpy(&TO_ENTRY_CONN(conn)->entry_cfg, &listener->entry_cfg,
2112  sizeof(entry_port_cfg_t));
2114  TO_ENTRY_CONN(conn)->socks_request->listener_type = listener->base_.type;
2115 
2116  /* Any incoming connection on an entry port counts as user activity. */
2118 
2119  switch (TO_CONN(listener)->type) {
2120  case CONN_TYPE_AP_LISTENER:
2123  listener->entry_cfg.socks_prefer_no_auth;
2125  listener->entry_cfg.extended_socks5_codes;
2126  break;
2128  TO_ENTRY_CONN(conn)->is_transparent_ap = 1;
2129  /* XXXX028 -- is this correct still, with the addition of
2130  * pending_entry_connections ? */
2134  TO_ENTRY_CONN(conn)->is_transparent_ap = 1;
2136  break;
2139  }
2140  break;
2141  case CONN_TYPE_DIR:
2142  conn->purpose = DIR_PURPOSE_SERVER;
2144  break;
2145  case CONN_TYPE_CONTROL:
2147  break;
2148  }
2149  return 0;
2150 }
2151 
2152 /** Take conn, make a nonblocking socket; try to connect to
2153  * sa, binding to bindaddr if sa is not localhost. If fail, return -1 and if
2154  * applicable put your best guess about errno into *<b>socket_error</b>.
2155  * If connected return 1, if EAGAIN return 0.
2156  */
2157 MOCK_IMPL(STATIC int,
2159  const struct sockaddr *sa,
2160  socklen_t sa_len,
2161  const struct sockaddr *bindaddr,
2162  socklen_t bindaddr_len,
2163  int *socket_error))
2164 {
2165  tor_socket_t s;
2166  int inprogress = 0;
2167  const or_options_t *options = get_options();
2168 
2169  tor_assert(conn);
2170  tor_assert(sa);
2171  tor_assert(socket_error);
2172 
2174  /* We should never even try to connect anyplace if the network is
2175  * completely shut off.
2176  *
2177  * (We don't check net_is_disabled() here, since we still sometimes
2178  * want to open connections when we're in soft hibernation.)
2179  */
2180  static ratelim_t disablenet_violated = RATELIM_INIT(30*60);
2181  *socket_error = SOCK_ERRNO(ENETUNREACH);
2182  log_fn_ratelim(&disablenet_violated, LOG_WARN, LD_BUG,
2183  "Tried to open a socket with DisableNetwork set.");
2185  return -1;
2186  }
2187 
2188  const int protocol_family = sa->sa_family;
2189  const int proto = (sa->sa_family == AF_INET6 ||
2190  sa->sa_family == AF_INET) ? IPPROTO_TCP : 0;
2191 
2192  s = tor_open_socket_nonblocking(protocol_family, SOCK_STREAM, proto);
2193  if (! SOCKET_OK(s)) {
2194  /*
2195  * Early OOS handler calls; it matters if it's an exhaustion-related
2196  * error or not.
2197  */
2198  *socket_error = tor_socket_errno(s);
2199  if (ERRNO_IS_RESOURCE_LIMIT(*socket_error)) {
2202  } else {
2203  log_warn(LD_NET,"Error creating network socket: %s",
2204  tor_socket_strerror(*socket_error));
2206  }
2207  return -1;
2208  }
2209 
2210  if (make_socket_reuseable(s) < 0) {
2211  log_warn(LD_NET, "Error setting SO_REUSEADDR flag on new connection: %s",
2212  tor_socket_strerror(errno));
2213  }
2214 
2215  /*
2216  * We've got the socket open; give the OOS handler a chance to check
2217  * against configured maximum socket number, but tell it no exhaustion
2218  * failure.
2219  */
2221 
2222  if (bindaddr && bind(s, bindaddr, bindaddr_len) < 0) {
2223  *socket_error = tor_socket_errno(s);
2224  log_warn(LD_NET,"Error binding network socket: %s",
2225  tor_socket_strerror(*socket_error));
2226  tor_close_socket(s);
2227  return -1;
2228  }
2229 
2230  tor_assert(options);
2231  if (options->ConstrainedSockets)
2233 
2234  if (connect(s, sa, sa_len) < 0) {
2235  int e = tor_socket_errno(s);
2236  if (!ERRNO_IS_CONN_EINPROGRESS(e)) {
2237  /* yuck. kill it. */
2238  *socket_error = e;
2239  log_info(LD_NET,
2240  "connect() to socket failed: %s",
2241  tor_socket_strerror(e));
2242  tor_close_socket(s);
2243  return -1;
2244  } else {
2245  inprogress = 1;
2246  }
2247  }
2248 
2249  note_connection(false /* outbound */, conn->socket_family);
2250 
2251  /* it succeeded. we're connected. */
2252  log_fn(inprogress ? LOG_DEBUG : LOG_INFO, LD_NET,
2253  "Connection to socket %s (sock "TOR_SOCKET_T_FORMAT").",
2254  inprogress ? "in progress" : "established", s);
2255  conn->s = s;
2256  if (connection_add_connecting(conn) < 0) {
2257  /* no space, forget it */
2258  *socket_error = SOCK_ERRNO(ENOBUFS);
2259  return -1;
2260  }
2261 
2262  return inprogress ? 0 : 1;
2263 }
2264 
2265 /* Log a message if connection attempt is made when IPv4 or IPv6 is disabled.
2266  * Log a less severe message if we couldn't conform to ClientPreferIPv6ORPort
2267  * or ClientPreferIPv6ORPort. */
2268 static void
2269 connection_connect_log_client_use_ip_version(const connection_t *conn)
2270 {
2271  const or_options_t *options = get_options();
2272 
2273  /* Only clients care about ClientUseIPv4/6, bail out early on servers, and
2274  * on connections we don't care about */
2275  if (server_mode(options) || !conn || conn->type == CONN_TYPE_EXIT) {
2276  return;
2277  }
2278 
2279  /* We're only prepared to log OR and DIR connections here */
2280  if (conn->type != CONN_TYPE_OR && conn->type != CONN_TYPE_DIR) {
2281  return;
2282  }
2283 
2284  const int must_ipv4 = !reachable_addr_use_ipv6(options);
2285  const int must_ipv6 = (options->ClientUseIPv4 == 0);
2286  const int pref_ipv6 = (conn->type == CONN_TYPE_OR
2289  tor_addr_t real_addr;
2290  tor_addr_copy(&real_addr, &conn->addr);
2291 
2292  /* Check if we broke a mandatory address family restriction */
2293  if ((must_ipv4 && tor_addr_family(&real_addr) == AF_INET6)
2294  || (must_ipv6 && tor_addr_family(&real_addr) == AF_INET)) {
2295  static int logged_backtrace = 0;
2296  log_info(LD_BUG, "Outgoing %s connection to %s violated ClientUseIPv%s 0.",
2297  conn->type == CONN_TYPE_OR ? "OR" : "Dir",
2298  fmt_addr(&real_addr),
2299  options->ClientUseIPv4 == 0 ? "4" : "6");
2300  if (!logged_backtrace) {
2301  log_backtrace(LOG_INFO, LD_BUG, "Address came from");
2302  logged_backtrace = 1;
2303  }
2304  }
2305 
2306  /* Bridges are allowed to break IPv4/IPv6 ORPort preferences to connect to
2307  * the node's configured address when ClientPreferIPv6ORPort is auto */
2308  if (options->UseBridges && conn->type == CONN_TYPE_OR
2309  && options->ClientPreferIPv6ORPort == -1) {
2310  return;
2311  }
2312 
2313  if (reachable_addr_use_ipv6(options)) {
2314  log_info(LD_NET, "Our outgoing connection is using IPv%d.",
2315  tor_addr_family(&real_addr) == AF_INET6 ? 6 : 4);
2316  }
2317 
2318  /* Check if we couldn't satisfy an address family preference */
2319  if ((!pref_ipv6 && tor_addr_family(&real_addr) == AF_INET6)
2320  || (pref_ipv6 && tor_addr_family(&real_addr) == AF_INET)) {
2321  log_info(LD_NET, "Outgoing connection to %s doesn't satisfy "
2322  "ClientPreferIPv6%sPort %d, with ClientUseIPv4 %d, and "
2323  "reachable_addr_use_ipv6 %d (ClientUseIPv6 %d and UseBridges "
2324  "%d).",
2325  fmt_addr(&real_addr),
2326  conn->type == CONN_TYPE_OR ? "OR" : "Dir",
2327  conn->type == CONN_TYPE_OR ? options->ClientPreferIPv6ORPort
2328  : options->ClientPreferIPv6DirPort,
2329  options->ClientUseIPv4, reachable_addr_use_ipv6(options),
2330  options->ClientUseIPv6, options->UseBridges);
2331  }
2332 }
2333 
2334 /** Retrieve the outbound address depending on the protocol (IPv4 or IPv6)
2335  * and the connection type (relay, exit, ...)
2336  * Return a socket address or NULL in case nothing is configured.
2337  **/
2338 const tor_addr_t *
2340  const or_options_t *options, unsigned int conn_type)
2341 {
2342  const tor_addr_t *ext_addr = NULL;
2343 
2344  int fam_index;
2345  switch (family) {
2346  case AF_INET:
2347  fam_index = 0;
2348  break;
2349  case AF_INET6:
2350  fam_index = 1;
2351  break;
2352  default:
2353  return NULL;
2354  }
2355 
2356  // If an exit connection, use the exit address (if present)
2357  if (conn_type == CONN_TYPE_EXIT) {
2358  if (!tor_addr_is_null(
2359  &options->OutboundBindAddresses[OUTBOUND_ADDR_EXIT][fam_index])) {
2360  ext_addr = &options->OutboundBindAddresses[OUTBOUND_ADDR_EXIT]
2361  [fam_index];
2362  } else if (!tor_addr_is_null(
2364  [fam_index])) {
2365  ext_addr = &options->OutboundBindAddresses[OUTBOUND_ADDR_ANY]
2366  [fam_index];
2367  }
2368  } else { // All non-exit connections
2369  if (!tor_addr_is_null(
2370  &options->OutboundBindAddresses[OUTBOUND_ADDR_OR][fam_index])) {
2371  ext_addr = &options->OutboundBindAddresses[OUTBOUND_ADDR_OR]
2372  [fam_index];
2373  } else if (!tor_addr_is_null(
2375  [fam_index])) {
2376  ext_addr = &options->OutboundBindAddresses[OUTBOUND_ADDR_ANY]
2377  [fam_index];
2378  }
2379  }
2380  return ext_addr;
2381 }
2382 
2383 /** Take conn, make a nonblocking socket; try to connect to
2384  * addr:port (port arrives in *host order*). If fail, return -1 and if
2385  * applicable put your best guess about errno into *<b>socket_error</b>.
2386  * Else assign s to conn->s: if connected return 1, if EAGAIN return 0.
2387  *
2388  * addr:port can be different to conn->addr:conn->port if connecting through
2389  * a proxy.
2390  *
2391  * address is used to make the logs useful.
2392  *
2393  * On success, add conn to the list of polled connections.
2394  */
2395 int
2396 connection_connect(connection_t *conn, const char *address,
2397  const tor_addr_t *addr, uint16_t port, int *socket_error)
2398 {
2399  struct sockaddr_storage addrbuf;
2400  struct sockaddr_storage bind_addr_ss;
2401  struct sockaddr *bind_addr = NULL;
2402  struct sockaddr *dest_addr;
2403  int dest_addr_len, bind_addr_len = 0;
2404 
2405  /* Log if we didn't stick to ClientUseIPv4/6 or ClientPreferIPv6OR/DirPort
2406  */
2407  connection_connect_log_client_use_ip_version(conn);
2408 
2409  if (!tor_addr_is_loopback(addr)) {
2410  const tor_addr_t *ext_addr = NULL;
2412  conn->type);
2413  if (ext_addr) {
2414  memset(&bind_addr_ss, 0, sizeof(bind_addr_ss));
2415  bind_addr_len = tor_addr_to_sockaddr(ext_addr, 0,
2416  (struct sockaddr *) &bind_addr_ss,
2417  sizeof(bind_addr_ss));
2418  if (bind_addr_len == 0) {
2419  log_warn(LD_NET,
2420  "Error converting OutboundBindAddress %s into sockaddr. "
2421  "Ignoring.", fmt_and_decorate_addr(ext_addr));
2422  } else {
2423  bind_addr = (struct sockaddr *)&bind_addr_ss;
2424  }
2425  }
2426  }
2427 
2428  memset(&addrbuf,0,sizeof(addrbuf));
2429  dest_addr = (struct sockaddr*) &addrbuf;
2430  dest_addr_len = tor_addr_to_sockaddr(addr, port, dest_addr, sizeof(addrbuf));
2431  tor_assert(dest_addr_len > 0);
2432 
2433  log_debug(LD_NET, "Connecting to %s:%u.",
2434  escaped_safe_str_client(address), port);
2435 
2436  return connection_connect_sockaddr(conn, dest_addr, dest_addr_len,
2437  bind_addr, bind_addr_len, socket_error);
2438 }
2439 
2440 #ifdef HAVE_SYS_UN_H
2441 
2442 /** Take conn, make a nonblocking socket; try to connect to
2443  * an AF_UNIX socket at socket_path. If fail, return -1 and if applicable
2444  * put your best guess about errno into *<b>socket_error</b>. Else assign s
2445  * to conn->s: if connected return 1, if EAGAIN return 0.
2446  *
2447  * On success, add conn to the list of polled connections.
2448  */
2449 int
2450 connection_connect_unix(connection_t *conn, const char *socket_path,
2451  int *socket_error)
2452 {
2453  struct sockaddr_un dest_addr;
2454 
2455  tor_assert(socket_path);
2456 
2457  /* Check that we'll be able to fit it into dest_addr later */
2458  if (strlen(socket_path) + 1 > sizeof(dest_addr.sun_path)) {
2459  log_warn(LD_NET,
2460  "Path %s is too long for an AF_UNIX socket\n",
2461  escaped_safe_str_client(socket_path));
2462  *socket_error = SOCK_ERRNO(ENAMETOOLONG);
2463  return -1;
2464  }
2465 
2466  memset(&dest_addr, 0, sizeof(dest_addr));
2467  dest_addr.sun_family = AF_UNIX;
2468  strlcpy(dest_addr.sun_path, socket_path, sizeof(dest_addr.sun_path));
2469 
2470  log_debug(LD_NET,
2471  "Connecting to AF_UNIX socket at %s.",
2472  escaped_safe_str_client(socket_path));
2473 
2474  return connection_connect_sockaddr(conn,
2475  (struct sockaddr *)&dest_addr, sizeof(dest_addr),
2476  NULL, 0, socket_error);
2477 }
2478 
2479 #endif /* defined(HAVE_SYS_UN_H) */
2480 
2481 /** Convert state number to string representation for logging purposes.
2482  */
2483 static const char *
2485 {
2486  static const char *unknown = "???";
2487  static const char *states[] = {
2488  "PROXY_NONE",
2489  "PROXY_INFANT",
2490  "PROXY_HTTPS_WANT_CONNECT_OK",
2491  "PROXY_SOCKS4_WANT_CONNECT_OK",
2492  "PROXY_SOCKS5_WANT_AUTH_METHOD_NONE",
2493  "PROXY_SOCKS5_WANT_AUTH_METHOD_RFC1929",
2494  "PROXY_SOCKS5_WANT_AUTH_RFC1929_OK",
2495  "PROXY_SOCKS5_WANT_CONNECT_OK",
2496  "PROXY_HAPROXY_WAIT_FOR_FLUSH",
2497  "PROXY_CONNECTED",
2498  };
2499 
2500  CTASSERT(ARRAY_LENGTH(states) == PROXY_CONNECTED+1);
2501 
2502  if (state < PROXY_NONE || state > PROXY_CONNECTED)
2503  return unknown;
2504 
2505  return states[state];
2506 }
2507 
2508 /** Returns the proxy type used by tor for a single connection, for
2509  * logging or high-level purposes. Don't use it to fill the
2510  * <b>proxy_type</b> field of or_connection_t; use the actual proxy
2511  * protocol instead.*/
2512 static int
2514 {
2515  const or_options_t *options = get_options();
2516 
2517  if (options->ClientTransportPlugin) {
2518  /* If we have plugins configured *and* this addr/port is a known bridge
2519  * with a transport, then we should be PROXY_PLUGGABLE. */
2520  const transport_t *transport = NULL;
2521  int r;
2522  r = get_transport_by_bridge_addrport(&conn->addr, conn->port, &transport);
2523  if (r == 0 && transport)
2524  return PROXY_PLUGGABLE;
2525  }
2526 
2527  /* In all other cases, we're using a global proxy. */
2528  if (options->HTTPSProxy)
2529  return PROXY_CONNECT;
2530  else if (options->Socks4Proxy)
2531  return PROXY_SOCKS4;
2532  else if (options->Socks5Proxy)
2533  return PROXY_SOCKS5;
2534  else if (options->TCPProxy) {
2535  /* The only supported protocol in TCPProxy is haproxy. */
2537  return PROXY_HAPROXY;
2538  } else
2539  return PROXY_NONE;
2540 }
2541 
2542 /* One byte for the version, one for the command, two for the
2543  port, and four for the addr... and, one more for the
2544  username NUL: */
2545 #define SOCKS4_STANDARD_BUFFER_SIZE (1 + 1 + 2 + 4 + 1)
2546 
2547 /** Write a proxy request of https to conn for conn->addr:conn->port,
2548  * authenticating with the auth details given in the configuration
2549  * (if available).
2550  *
2551  * Returns -1 if conn->addr is incompatible with the proxy protocol, and
2552  * 0 otherwise.
2553  */
2554 static int
2556 {
2557  tor_assert(conn);
2558 
2559  const or_options_t *options = get_options();
2560  char buf[1024];
2561  char *base64_authenticator = NULL;
2562  const char *authenticator = options->HTTPSProxyAuthenticator;
2563 
2564  /* Send HTTP CONNECT and authentication (if available) in
2565  * one request */
2566 
2567  if (authenticator) {
2568  base64_authenticator = alloc_http_authenticator(authenticator);
2569  if (!base64_authenticator)
2570  log_warn(LD_OR, "Encoding https authenticator failed");
2571  }
2572 
2573  if (base64_authenticator) {
2574  const char *addrport = fmt_addrport(&conn->addr, conn->port);
2575  tor_snprintf(buf, sizeof(buf), "CONNECT %s HTTP/1.1\r\n"
2576  "Host: %s\r\n"
2577  "Proxy-Authorization: Basic %s\r\n\r\n",
2578  addrport,
2579  addrport,
2580  base64_authenticator);
2581  tor_free(base64_authenticator);
2582  } else {
2583  tor_snprintf(buf, sizeof(buf), "CONNECT %s HTTP/1.0\r\n\r\n",
2584  fmt_addrport(&conn->addr, conn->port));
2585  }
2586 
2587  connection_buf_add(buf, strlen(buf), conn);
2588  conn->proxy_state = PROXY_HTTPS_WANT_CONNECT_OK;
2589 
2590  return 0;
2591 }
2592 
2593 /** Write a proxy request of socks4 to conn for conn->addr:conn->port.
2594  *
2595  * Returns -1 if conn->addr is incompatible with the proxy protocol, and
2596  * 0 otherwise.
2597  */
2598 static int
2600 {
2601  tor_assert(conn);
2602 
2603  unsigned char *buf;
2604  uint16_t portn;
2605  uint32_t ip4addr;
2606  size_t buf_size = 0;
2607  char *socks_args_string = NULL;
2608 
2609  /* Send a SOCKS4 connect request */
2610 
2611  if (tor_addr_family(&conn->addr) != AF_INET) {
2612  log_warn(LD_NET, "SOCKS4 client is incompatible with IPv6");
2613  return -1;
2614  }
2615 
2616  { /* If we are here because we are trying to connect to a
2617  pluggable transport proxy, check if we have any SOCKS
2618  arguments to transmit. If we do, compress all arguments to
2619  a single string in 'socks_args_string': */
2620 
2621  if (conn_get_proxy_type(conn) == PROXY_PLUGGABLE) {
2622  socks_args_string =
2624  if (socks_args_string)
2625  log_debug(LD_NET, "Sending out '%s' as our SOCKS argument string.",
2626  socks_args_string);
2627  }
2628  }
2629 
2630  { /* Figure out the buffer size we need for the SOCKS message: */
2631 
2632  buf_size = SOCKS4_STANDARD_BUFFER_SIZE;
2633 
2634  /* If we have a SOCKS argument string, consider its size when
2635  calculating the buffer size: */
2636  if (socks_args_string)
2637  buf_size += strlen(socks_args_string);
2638  }
2639 
2640  buf = tor_malloc_zero(buf_size);
2641 
2642  ip4addr = tor_addr_to_ipv4n(&conn->addr);
2643  portn = htons(conn->port);
2644 
2645  buf[0] = 4; /* version */
2646  buf[1] = SOCKS_COMMAND_CONNECT; /* command */
2647  memcpy(buf + 2, &portn, 2); /* port */
2648  memcpy(buf + 4, &ip4addr, 4); /* addr */
2649 
2650  /* Next packet field is the userid. If we have pluggable
2651  transport SOCKS arguments, we have to embed them
2652  there. Otherwise, we use an empty userid. */
2653  if (socks_args_string) { /* place the SOCKS args string: */
2654  tor_assert(strlen(socks_args_string) > 0);
2655  tor_assert(buf_size >=
2656  SOCKS4_STANDARD_BUFFER_SIZE + strlen(socks_args_string));
2657  strlcpy((char *)buf + 8, socks_args_string, buf_size - 8);
2658  tor_free(socks_args_string);
2659  } else {
2660  buf[8] = 0; /* no userid */
2661  }
2662 
2663  connection_buf_add((char *)buf, buf_size, conn);
2664  tor_free(buf);
2665 
2666  conn->proxy_state = PROXY_SOCKS4_WANT_CONNECT_OK;
2667  return 0;
2668 }
2669 
2670 /** Write a proxy request of socks5 to conn for conn->addr:conn->port,
2671  * authenticating with the auth details given in the configuration
2672  * (if available).
2673  *
2674  * Returns -1 if conn->addr is incompatible with the proxy protocol, and
2675  * 0 otherwise.
2676  */
2677 static int
2679 {
2680  tor_assert(conn);
2681 
2682  const or_options_t *options = get_options();
2683  unsigned char buf[4]; /* fields: vers, num methods, method list */
2684 
2685  /* Send a SOCKS5 greeting (connect request must wait) */
2686 
2687  buf[0] = 5; /* version */
2688 
2689  /* We have to use SOCKS5 authentication, if we have a
2690  Socks5ProxyUsername or if we want to pass arguments to our
2691  pluggable transport proxy: */
2692  if ((options->Socks5ProxyUsername) ||
2693  (conn_get_proxy_type(conn) == PROXY_PLUGGABLE &&
2694  (get_socks_args_by_bridge_addrport(&conn->addr, conn->port)))) {
2695  /* number of auth methods */
2696  buf[1] = 2;
2697  buf[2] = 0x00; /* no authentication */
2698  buf[3] = 0x02; /* rfc1929 Username/Passwd auth */
2699  conn->proxy_state = PROXY_SOCKS5_WANT_AUTH_METHOD_RFC1929;
2700  } else {
2701  buf[1] = 1;
2702  buf[2] = 0x00; /* no authentication */
2703  conn->proxy_state = PROXY_SOCKS5_WANT_AUTH_METHOD_NONE;
2704  }
2705 
2706  connection_buf_add((char *)buf, 2 + buf[1], conn);
2707  return 0;
2708 }
2709 
2710 /** Write a proxy request of haproxy to conn for conn->addr:conn->port.
2711  *
2712  * Returns -1 if conn->addr is incompatible with the proxy protocol, and
2713  * 0 otherwise.
2714  */
2715 static int
2717 {
2718  int ret = 0;
2719  tor_addr_port_t *addr_port = tor_addr_port_new(&conn->addr, conn->port);
2720  char *buf = haproxy_format_proxy_header_line(addr_port);
2721 
2722  if (buf == NULL) {
2723  ret = -1;
2724  goto done;
2725  }
2726 
2727  connection_buf_add(buf, strlen(buf), conn);
2728  /* In haproxy, we don't have to wait for the response, but we wait for ack.
2729  * So we can set the state to be PROXY_HAPROXY_WAIT_FOR_FLUSH. */
2730  conn->proxy_state = PROXY_HAPROXY_WAIT_FOR_FLUSH;
2731 
2732  ret = 0;
2733  done:
2734  tor_free(buf);
2735  tor_free(addr_port);
2736  return ret;
2737 }
2738 
2739 /** Write a proxy request of <b>type</b> (socks4, socks5, https, haproxy)
2740  * to conn for conn->addr:conn->port, authenticating with the auth details
2741  * given in the configuration (if available). SOCKS 5 and HTTP CONNECT
2742  * proxies support authentication.
2743  *
2744  * Returns -1 if conn->addr is incompatible with the proxy protocol, and
2745  * 0 otherwise.
2746  *
2747  * Use connection_read_proxy_handshake() to complete the handshake.
2748  */
2749 int
2751 {
2752  int ret = 0;
2753 
2754  tor_assert(conn);
2755 
2756  switch (type) {
2757  case PROXY_CONNECT:
2758  ret = connection_https_proxy_connect(conn);
2759  break;
2760 
2761  case PROXY_SOCKS4:
2762  ret = connection_socks4_proxy_connect(conn);
2763  break;
2764 
2765  case PROXY_SOCKS5:
2766  ret = connection_socks5_proxy_connect(conn);
2767  break;
2768 
2769  case PROXY_HAPROXY:
2771  break;
2772 
2773  default:
2774  log_err(LD_BUG, "Invalid proxy protocol, %d", type);
2776  ret = -1;
2777  break;
2778  }
2779 
2780  if (ret == 0) {
2781  log_debug(LD_NET, "set state %s",
2783  }
2784 
2785  return ret;
2786 }
2787 
2788 /** Read conn's inbuf. If the http response from the proxy is all
2789  * here, make sure it's good news, then return 1. If it's bad news,
2790  * return -1. Else return 0 and hope for better luck next time.
2791  */
2792 static int
2794 {
2795  char *headers;
2796  char *reason=NULL;
2797  int status_code;
2798  time_t date_header;
2799 
2800  switch (fetch_from_buf_http(conn->inbuf,
2801  &headers, MAX_HEADERS_SIZE,
2802  NULL, NULL, 10000, 0)) {
2803  case -1: /* overflow */
2804  log_warn(LD_PROTOCOL,
2805  "Your https proxy sent back an oversized response. Closing.");
2806  return -1;
2807  case 0:
2808  log_info(LD_NET,"https proxy response not all here yet. Waiting.");
2809  return 0;
2810  /* case 1, fall through */
2811  }
2812 
2813  if (parse_http_response(headers, &status_code, &date_header,
2814  NULL, &reason) < 0) {
2815  log_warn(LD_NET,
2816  "Unparseable headers from proxy (%s). Closing.",
2817  connection_describe(conn));
2818  tor_free(headers);
2819  return -1;
2820  }
2821  tor_free(headers);
2822  if (!reason) reason = tor_strdup("[no reason given]");
2823 
2824  if (status_code == 200) {
2825  log_info(LD_NET,
2826  "HTTPS connect for %s successful! (200 %s) Starting TLS.",
2827  connection_describe(conn), escaped(reason));
2828  tor_free(reason);
2829  return 1;
2830  }
2831  /* else, bad news on the status code */
2832  switch (status_code) {
2833  case 403:
2834  log_warn(LD_NET,
2835  "The https proxy refused to allow connection to %s "
2836  "(status code %d, %s). Closing.",
2837  conn->address, status_code, escaped(reason));
2838  break;
2839  default:
2840  log_warn(LD_NET,
2841  "The https proxy sent back an unexpected status code %d (%s). "
2842  "Closing.",
2843  status_code, escaped(reason));
2844  break;
2845  }
2846  tor_free(reason);
2847  return -1;
2848 }
2849 
2850 /** Send SOCKS5 CONNECT command to <b>conn</b>, copying <b>conn->addr</b>
2851  * and <b>conn->port</b> into the request.
2852  */
2853 static void
2855 {
2856  unsigned char buf[1024];
2857  size_t reqsize = 6;
2858  uint16_t port = htons(conn->port);
2859 
2860  buf[0] = 5; /* version */
2861  buf[1] = SOCKS_COMMAND_CONNECT; /* command */
2862  buf[2] = 0; /* reserved */
2863 
2864  if (tor_addr_family(&conn->addr) == AF_INET) {
2865  uint32_t addr = tor_addr_to_ipv4n(&conn->addr);
2866 
2867  buf[3] = 1;
2868  reqsize += 4;
2869  memcpy(buf + 4, &addr, 4);
2870  memcpy(buf + 8, &port, 2);
2871  } else { /* AF_INET6 */
2872  buf[3] = 4;
2873  reqsize += 16;
2874  memcpy(buf + 4, tor_addr_to_in6_addr8(&conn->addr), 16);
2875  memcpy(buf + 20, &port, 2);
2876  }
2877 
2878  connection_buf_add((char *)buf, reqsize, conn);
2879 
2880  conn->proxy_state = PROXY_SOCKS5_WANT_CONNECT_OK;
2881 }
2882 
2883 /** Wrapper around fetch_from_buf_socks_client: see that functions
2884  * for documentation of its behavior. */
2885 static int
2887  int state, char **reason)
2888 {
2889  return fetch_from_buf_socks_client(conn->inbuf, state, reason);
2890 }
2891 
2892 /** Call this from connection_*_process_inbuf() to advance the proxy
2893  * handshake.
2894  *
2895  * No matter what proxy protocol is used, if this function returns 1, the
2896  * handshake is complete, and the data remaining on inbuf may contain the
2897  * start of the communication with the requested server.
2898  *
2899  * Returns 0 if the current buffer contains an incomplete response, and -1
2900  * on error.
2901  */
2902 int
2904 {
2905  int ret = 0;
2906  char *reason = NULL;
2907 
2908  log_debug(LD_NET, "enter state %s",
2910 
2911  switch (conn->proxy_state) {
2912  case PROXY_HTTPS_WANT_CONNECT_OK:
2914  if (ret == 1)
2915  conn->proxy_state = PROXY_CONNECTED;
2916  break;
2917 
2918  case PROXY_SOCKS4_WANT_CONNECT_OK:
2920  conn->proxy_state,
2921  &reason);
2922  if (ret == 1)
2923  conn->proxy_state = PROXY_CONNECTED;
2924  break;
2925 
2926  case PROXY_SOCKS5_WANT_AUTH_METHOD_NONE:
2928  conn->proxy_state,
2929  &reason);
2930  /* no auth needed, do connect */
2931  if (ret == 1) {
2933  ret = 0;
2934  }
2935  break;
2936 
2937  case PROXY_SOCKS5_WANT_AUTH_METHOD_RFC1929:
2939  conn->proxy_state,
2940  &reason);
2941 
2942  /* send auth if needed, otherwise do connect */
2943  if (ret == 1) {
2945  ret = 0;
2946  } else if (ret == 2) {
2947  unsigned char buf[1024];
2948  size_t reqsize, usize, psize;
2949  const char *user, *pass;
2950  char *socks_args_string = NULL;
2951 
2952  if (conn_get_proxy_type(conn) == PROXY_PLUGGABLE) {
2953  socks_args_string =
2955  if (!socks_args_string) {
2956  log_warn(LD_NET, "Could not create SOCKS args string for PT.");
2957  ret = -1;
2958  break;
2959  }
2960 
2961  log_debug(LD_NET, "PT SOCKS5 arguments: %s", socks_args_string);
2962  tor_assert(strlen(socks_args_string) > 0);
2963  tor_assert(strlen(socks_args_string) <= MAX_SOCKS5_AUTH_SIZE_TOTAL);
2964 
2965  if (strlen(socks_args_string) > MAX_SOCKS5_AUTH_FIELD_SIZE) {
2966  user = socks_args_string;
2968  pass = socks_args_string + MAX_SOCKS5_AUTH_FIELD_SIZE;
2969  psize = strlen(socks_args_string) - MAX_SOCKS5_AUTH_FIELD_SIZE;
2970  } else {
2971  user = socks_args_string;
2972  usize = strlen(socks_args_string);
2973  pass = "\0";
2974  psize = 1;
2975  }
2976  } else if (get_options()->Socks5ProxyUsername) {
2977  user = get_options()->Socks5ProxyUsername;
2978  pass = get_options()->Socks5ProxyPassword;
2979  tor_assert(user && pass);
2980  usize = strlen(user);
2981  psize = strlen(pass);
2982  } else {
2983  log_err(LD_BUG, "We entered %s for no reason!", __func__);
2985  ret = -1;
2986  break;
2987  }
2988 
2989  /* Username and password lengths should have been checked
2990  above and during torrc parsing. */
2992  psize <= MAX_SOCKS5_AUTH_FIELD_SIZE);
2993  reqsize = 3 + usize + psize;
2994 
2995  buf[0] = 1; /* negotiation version */
2996  buf[1] = usize;
2997  memcpy(buf + 2, user, usize);
2998  buf[2 + usize] = psize;
2999  memcpy(buf + 3 + usize, pass, psize);
3000 
3001  if (socks_args_string)
3002  tor_free(socks_args_string);
3003 
3004  connection_buf_add((char *)buf, reqsize, conn);
3005 
3006  conn->proxy_state = PROXY_SOCKS5_WANT_AUTH_RFC1929_OK;
3007  ret = 0;
3008  }
3009  break;
3010 
3011  case PROXY_SOCKS5_WANT_AUTH_RFC1929_OK:
3013  conn->proxy_state,
3014  &reason);
3015  /* send the connect request */
3016  if (ret == 1) {
3018  ret = 0;
3019  }
3020  break;
3021 
3022  case PROXY_SOCKS5_WANT_CONNECT_OK:
3024  conn->proxy_state,
3025  &reason);
3026  if (ret == 1)
3027  conn->proxy_state = PROXY_CONNECTED;
3028  break;
3029 
3030  default:
3031  log_err(LD_BUG, "Invalid proxy_state for reading, %d",
3032  conn->proxy_state);
3034  ret = -1;
3035  break;
3036  }
3037 
3038  log_debug(LD_NET, "leaving state %s",
3040 
3041  if (ret < 0) {
3042  if (reason) {
3043  log_warn(LD_NET, "Proxy Client: unable to connect %s (%s)",
3044  connection_describe(conn), escaped(reason));
3045  tor_free(reason);
3046  } else {
3047  log_warn(LD_NET, "Proxy Client: unable to connect %s",
3048  connection_describe(conn));
3049  }
3050  } else if (ret == 1) {
3051  log_info(LD_NET, "Proxy Client: %s successful",
3052  connection_describe(conn));
3053  }
3054 
3055  return ret;
3056 }
3057 
3058 /** Given a list of listener connections in <b>old_conns</b>, and list of
3059  * port_cfg_t entries in <b>ports</b>, open a new listener for every port in
3060  * <b>ports</b> that does not already have a listener in <b>old_conns</b>.
3061  *
3062  * Remove from <b>old_conns</b> every connection that has a corresponding
3063  * entry in <b>ports</b>. Add to <b>new_conns</b> new every connection we
3064  * launch. If we may need to perform socket rebind when creating new
3065  * listener that replaces old one, create a <b>listener_replacement_t</b>
3066  * struct for affected pair and add it to <b>replacements</b>.
3067  *
3068  * If <b>control_listeners_only</b> is true, then we only open control
3069  * listeners, and we do not remove any noncontrol listeners from
3070  * old_conns.
3071  *
3072  * Return 0 on success, -1 on failure.
3073  **/
3074 static int
3076  const smartlist_t *ports,
3077  smartlist_t *new_conns,
3078  smartlist_t *replacements,
3079  int control_listeners_only)
3080 {
3081 #ifndef ENABLE_LISTENER_REBIND
3082  (void)replacements;
3083 #endif
3084 
3085  smartlist_t *launch = smartlist_new();
3086  int r = 0;
3087 
3088  if (control_listeners_only) {
3089  SMARTLIST_FOREACH(ports, port_cfg_t *, p, {
3090  if (p->type == CONN_TYPE_CONTROL_LISTENER)
3091  smartlist_add(launch, p);
3092  });
3093  } else {
3094  smartlist_add_all(launch, ports);
3095  }
3096 
3097  /* Iterate through old_conns, comparing it to launch: remove from both lists
3098  * each pair of elements that corresponds to the same port. */
3099  SMARTLIST_FOREACH_BEGIN(old_conns, connection_t *, conn) {
3100  const port_cfg_t *found_port = NULL;
3101 
3102  /* Okay, so this is a listener. Is it configured? */
3103  /* That is, is it either: 1) exact match - address and port
3104  * pair match exactly between old listener and new port; or 2)
3105  * wildcard match - port matches exactly, but *one* of the
3106  * addresses is wildcard (0.0.0.0 or ::)?
3107  */
3108  SMARTLIST_FOREACH_BEGIN(launch, const port_cfg_t *, wanted) {
3109  if (conn->type != wanted->type)
3110  continue;
3111  if ((conn->socket_family != AF_UNIX && wanted->is_unix_addr) ||
3112  (conn->socket_family == AF_UNIX && ! wanted->is_unix_addr))
3113  continue;
3114 
3115  if (wanted->server_cfg.no_listen)
3116  continue; /* We don't want to open a listener for this one */
3117 
3118  if (wanted->is_unix_addr) {
3119  if (conn->socket_family == AF_UNIX &&
3120  !strcmp(wanted->unix_addr, conn->address)) {
3121  found_port = wanted;
3122  break;
3123  }
3124  } else {
3125  /* Numeric values of old and new port match exactly. */
3126  const int port_matches_exact = (wanted->port == conn->port);
3127  /* Ports match semantically - either their specific values
3128  match exactly, or new port is 'auto'.
3129  */
3130  const int port_matches = (wanted->port == CFG_AUTO_PORT ||
3131  port_matches_exact);
3132 
3133  if (port_matches && tor_addr_eq(&wanted->addr, &conn->addr)) {
3134  found_port = wanted;
3135  break;
3136  }
3137 #ifdef ENABLE_LISTENER_REBIND
3138  /* Rebinding may be needed if all of the following are true:
3139  * 1) Address family is the same in old and new listeners.
3140  * 2) Port number matches exactly (numeric value is the same).
3141  * 3) *One* of listeners (either old one or new one) has a
3142  * wildcard IP address (0.0.0.0 or [::]).
3143  *
3144  * These are the exact conditions for a first bind() syscall
3145  * to fail with EADDRINUSE.
3146  */
3147  const int may_need_rebind =
3148  tor_addr_family(&wanted->addr) == tor_addr_family(&conn->addr) &&
3149  port_matches_exact && bool_neq(tor_addr_is_null(&wanted->addr),
3150  tor_addr_is_null(&conn->addr));
3151  if (replacements && may_need_rebind) {
3152  listener_replacement_t *replacement =
3153  tor_malloc(sizeof(listener_replacement_t));
3154 
3155  replacement->old_conn = conn;
3156  replacement->new_port = wanted;
3157  smartlist_add(replacements, replacement);
3158 
3159  SMARTLIST_DEL_CURRENT(launch, wanted);
3160  SMARTLIST_DEL_CURRENT(old_conns, conn);
3161  break;
3162  }
3163 #endif /* defined(ENABLE_LISTENER_REBIND) */
3164  }
3165  } SMARTLIST_FOREACH_END(wanted);
3166 
3167  if (found_port) {
3168  /* This listener is already running; we don't need to launch it. */
3169  //log_debug(LD_NET, "Already have %s on %s:%d",
3170  // conn_type_to_string(found_port->type), conn->address, conn->port);
3171  smartlist_remove(launch, found_port);
3172  /* And we can remove the connection from old_conns too. */
3173  SMARTLIST_DEL_CURRENT(old_conns, conn);
3174  }
3175  } SMARTLIST_FOREACH_END(conn);
3176 
3177  /* Now open all the listeners that are configured but not opened. */
3178  SMARTLIST_FOREACH_BEGIN(launch, const port_cfg_t *, port) {
3179  int skip = 0;
3180  connection_t *conn = connection_listener_new_for_port(port, &skip, NULL);
3181 
3182  if (conn && new_conns)
3183  smartlist_add(new_conns, conn);
3184  else if (!skip)
3185  r = -1;
3186  } SMARTLIST_FOREACH_END(port);
3187 
3188  smartlist_free(launch);
3189 
3190  return r;
3191 }
3192 
3193 /** Launch listeners for each port you should have open. Only launch
3194  * listeners who are not already open, and only close listeners we no longer
3195  * want.
3196  *
3197  * Add all new connections to <b>new_conns</b>.
3198  *
3199  * If <b>close_all_noncontrol</b> is true, then we only open control
3200  * listeners, and we close all other listeners.
3201  */
3202 int
3203 retry_all_listeners(smartlist_t *new_conns, int close_all_noncontrol)
3204 {
3205  smartlist_t *listeners = smartlist_new();
3206  smartlist_t *replacements = smartlist_new();
3207  const or_options_t *options = get_options();
3208  int retval = 0;
3209  const uint16_t old_or_port = routerconf_find_or_port(options, AF_INET);
3210  const uint16_t old_or_port_ipv6 =
3211  routerconf_find_or_port(options,AF_INET6);
3212  const uint16_t old_dir_port = routerconf_find_dir_port(options, 0);
3213 
3215  if (connection_is_listener(conn) && !conn->marked_for_close)
3216  smartlist_add(listeners, conn);
3217  } SMARTLIST_FOREACH_END(conn);
3218 
3219  if (retry_listener_ports(listeners,
3221  new_conns,
3222  replacements,
3223  close_all_noncontrol) < 0)
3224  retval = -1;
3225 
3226 #ifdef ENABLE_LISTENER_REBIND
3227  if (smartlist_len(replacements))
3228  log_debug(LD_NET, "%d replacements - starting rebinding loop.",
3229  smartlist_len(replacements));
3230 
3231  SMARTLIST_FOREACH_BEGIN(replacements, listener_replacement_t *, r) {
3232  int addr_in_use = 0;
3233  int skip = 0;
3234 
3235  tor_assert(r->new_port);
3236  tor_assert(r->old_conn);
3237 
3238  connection_t *new_conn =
3239  connection_listener_new_for_port(r->new_port, &skip, &addr_in_use);
3240  connection_t *old_conn = r->old_conn;
3241 
3242  if (skip) {
3243  log_debug(LD_NET, "Skipping creating new listener for %s",
3244  connection_describe(old_conn));
3245  continue;
3246  }
3247 
3248  connection_close_immediate(old_conn);
3249  connection_mark_for_close(old_conn);
3250 
3251  if (addr_in_use) {
3252  new_conn = connection_listener_new_for_port(r->new_port,
3253  &skip, &addr_in_use);
3254  }
3255 
3256  /* There are many reasons why we can't open a new listener port so in case
3257  * we hit those, bail early so tor can stop. */
3258  if (!new_conn) {
3259  log_warn(LD_NET, "Unable to create listener port: %s:%d",
3260  fmt_and_decorate_addr(&r->new_port->addr), r->new_port->port);
3261  retval = -1;
3262  break;
3263  }
3264 
3265  smartlist_add(new_conns, new_conn);
3266 
3267  char *old_desc = tor_strdup(connection_describe(old_conn));
3268  log_notice(LD_NET, "Closed no-longer-configured %s "
3269  "(replaced by %s)",
3270  old_desc, connection_describe(new_conn));
3271  tor_free(old_desc);
3272  } SMARTLIST_FOREACH_END(r);
3273 #endif /* defined(ENABLE_LISTENER_REBIND) */
3274 
3275  /* Any members that were still in 'listeners' don't correspond to
3276  * any configured port. Kill 'em. */
3277  SMARTLIST_FOREACH_BEGIN(listeners, connection_t *, conn) {
3278  log_notice(LD_NET, "Closing no-longer-configured %s on %s:%d",
3279  conn_type_to_string(conn->type),
3280  fmt_and_decorate_addr(&conn->addr), conn->port);
3282  connection_mark_for_close(conn);
3283  } SMARTLIST_FOREACH_END(conn);
3284 
3285  smartlist_free(listeners);
3286  /* Cleanup any remaining listener replacement. */
3287  SMARTLIST_FOREACH(replacements, listener_replacement_t *, r, tor_free(r));
3288  smartlist_free(replacements);
3289 
3290  if (old_or_port != routerconf_find_or_port(options, AF_INET) ||
3291  old_or_port_ipv6 != routerconf_find_or_port(options, AF_INET6) ||
3292  old_dir_port != routerconf_find_dir_port(options, 0)) {
3293  /* Our chosen ORPort or DirPort is not what it used to be: the
3294  * descriptor we had (if any) should be regenerated. (We won't
3295  * automatically notice this because of changes in the option,
3296  * since the value could be "auto".) */
3297  mark_my_descriptor_dirty("Chosen Or/DirPort changed");
3298  }
3299 
3300  return retval;
3301 }
3302 
3303 /** Mark every listener of type other than CONTROL_LISTENER to be closed. */
3304 void
3306 {
3308  if (conn->marked_for_close)
3309  continue;
3310  if (conn->type == CONN_TYPE_CONTROL_LISTENER)
3311  continue;
3312  if (connection_is_listener(conn))
3313  connection_mark_for_close(conn);
3314  } SMARTLIST_FOREACH_END(conn);
3315 }
3316 
3317 /** Mark every external connection not used for controllers for close. */
3318 void
3320 {
3322  if (conn->marked_for_close)
3323  continue;
3324  switch (conn->type) {
3326  case CONN_TYPE_CONTROL:
3327  break;
3328  case CONN_TYPE_AP:
3329  connection_mark_unattached_ap(TO_ENTRY_CONN(conn),
3330  END_STREAM_REASON_HIBERNATING);
3331  break;
3332  case CONN_TYPE_OR:
3333  {
3334  or_connection_t *orconn = TO_OR_CONN(conn);
3335  if (orconn->chan) {
3336  connection_or_close_normally(orconn, 0);
3337  } else {
3338  /*
3339  * There should have been one, but mark for close and hope
3340  * for the best..
3341  */
3342  connection_mark_for_close(conn);
3343  }
3344  }
3345  break;
3346  default:
3347  connection_mark_for_close(conn);
3348  break;
3349  }
3350  } SMARTLIST_FOREACH_END(conn);
3351 }
3352 
3353 /** Return 1 if we should apply rate limiting to <b>conn</b>, and 0
3354  * otherwise.
3355  * Right now this just checks if it's an internal IP address or an
3356  * internal connection. We also should, but don't, check if the connection
3357  * uses pluggable transports, since we should then limit it even if it
3358  * comes from an internal IP address. */
3359 static int
3361 {
3362  const or_options_t *options = get_options();
3363  if (conn->linked)
3364  return 0; /* Internal connection */
3365  else if (! options->CountPrivateBandwidth &&
3366  ! conn->always_rate_limit_as_remote &&
3367  (tor_addr_family(&conn->addr) == AF_UNSPEC || /* no address */
3368  tor_addr_family(&conn->addr) == AF_UNIX || /* no address */
3369  tor_addr_is_internal(&conn->addr, 0)))
3370  return 0; /* Internal address */
3371  else
3372  return 1;
3373 }
3374 
3375 /** When was either global write bucket last empty? If this was recent, then
3376  * we're probably low on bandwidth, and we should be stingy with our bandwidth
3377  * usage. */
3378 static time_t write_buckets_last_empty_at = -100;
3379 
3380 /** How many seconds of no active local circuits will make the
3381  * connection revert to the "relayed" bandwidth class? */
3382 #define CLIENT_IDLE_TIME_FOR_PRIORITY 30
3383 
3384 /** Return 1 if <b>conn</b> should use tokens from the "relayed"
3385  * bandwidth rates, else 0. Currently, only OR conns with bandwidth
3386  * class 1, and directory conns that are serving data out, count.
3387  */
3388 static int
3390 {
3391  if (conn->type == CONN_TYPE_OR &&
3394  return 1;
3395  if (conn->type == CONN_TYPE_DIR && DIR_CONN_IS_SERVER(conn))
3396  return 1;
3397  return 0;
3398 }
3399 
3400 /** Helper function to decide how many bytes out of <b>global_bucket</b>
3401  * we're willing to use for this transaction. <b>base</b> is the size
3402  * of a cell on the network; <b>priority</b> says whether we should
3403  * write many of them or just a few; and <b>conn_bucket</b> (if
3404  * non-negative) provides an upper limit for our answer. */
3405 static ssize_t
3406 connection_bucket_get_share(int base, int priority,
3407  ssize_t global_bucket_val, ssize_t conn_bucket)
3408 {
3409  ssize_t at_most;
3410  ssize_t num_bytes_high = (priority ? 32 : 16) * base;
3411  ssize_t num_bytes_low = (priority ? 4 : 2) * base;
3412 
3413  /* Do a rudimentary limiting so one circuit can't hog a connection.
3414  * Pick at most 32 cells, at least 4 cells if possible, and if we're in
3415  * the middle pick 1/8 of the available bandwidth. */
3416  at_most = global_bucket_val / 8;
3417  at_most -= (at_most % base); /* round down */
3418  if (at_most > num_bytes_high) /* 16 KB, or 8 KB for low-priority */
3419  at_most = num_bytes_high;
3420  else if (at_most < num_bytes_low) /* 2 KB, or 1 KB for low-priority */
3421  at_most = num_bytes_low;
3422 
3423  if (at_most > global_bucket_val)
3424  at_most = global_bucket_val;
3425 
3426  if (conn_bucket >= 0 && at_most > conn_bucket)
3427  at_most = conn_bucket;
3428 
3429  if (at_most < 0)
3430  return 0;
3431  return at_most;
3432 }
3433 
3434 /** How many bytes at most can we read onto this connection? */
3435 static ssize_t
3437 {
3438  int base = RELAY_PAYLOAD_SIZE;
3439  int priority = conn->type != CONN_TYPE_DIR;
3440  ssize_t conn_bucket = -1;
3441  size_t global_bucket_val = token_bucket_rw_get_read(&global_bucket);
3442  if (global_bucket_val == 0) {
3443  /* We reached our global read limit: count this as an overload.
3444  *
3445  * The token bucket is always initialized (see connection_bucket_init() and
3446  * options_validate_relay_bandwidth()) and hence we can assume that if the
3447  * token ever hits zero, it's a limit that got popped and not the bucket
3448  * being uninitialized.
3449  */
3450  rep_hist_note_overload(OVERLOAD_READ);
3451  }
3452 
3453  if (connection_speaks_cells(conn)) {
3454  or_connection_t *or_conn = TO_OR_CONN(conn);
3455  if (conn->state == OR_CONN_STATE_OPEN)
3456  conn_bucket = token_bucket_rw_get_read(&or_conn->bucket);
3457  base = get_cell_network_size(or_conn->wide_circ_ids);
3458  }
3459 
3460  if (!connection_is_rate_limited(conn)) {
3461  /* be willing to read on local conns even if our buckets are empty */
3462  return conn_bucket>=0 ? conn_bucket : 1<<14;
3463  }
3464 
3465  if (connection_counts_as_relayed_traffic(conn, now)) {
3466  size_t relayed = token_bucket_rw_get_read(&global_relayed_bucket);
3467  global_bucket_val = MIN(global_bucket_val, relayed);
3468  }
3469 
3470  return connection_bucket_get_share(base, priority,
3471  global_bucket_val, conn_bucket);
3472 }
3473 
3474 /** How many bytes at most can we write onto this connection? */
3475 ssize_t
3477 {
3478  int base = RELAY_PAYLOAD_SIZE;
3479  int priority = conn->type != CONN_TYPE_DIR;
3480  size_t conn_bucket = buf_datalen(conn->outbuf);
3481  size_t global_bucket_val = token_bucket_rw_get_write(&global_bucket);
3482  if (global_bucket_val == 0) {
3483  /* We reached our global write limit: We should count this as an overload.
3484  * See above function for more information */
3485  rep_hist_note_overload(OVERLOAD_WRITE);
3486  }
3487 
3488  if (!connection_is_rate_limited(conn)) {
3489  /* be willing to write to local conns even if our buckets are empty */
3490  return conn_bucket;
3491  }
3492 
3493  if (connection_speaks_cells(conn)) {
3494  /* use the per-conn write limit if it's lower */
3495  or_connection_t *or_conn = TO_OR_CONN(conn);
3496  if (conn->state == OR_CONN_STATE_OPEN)
3497  conn_bucket = MIN(conn_bucket,
3498  token_bucket_rw_get_write(&or_conn->bucket));
3499  base = get_cell_network_size(or_conn->wide_circ_ids);
3500  }
3501 
3502  if (connection_counts_as_relayed_traffic(conn, now)) {
3503  size_t relayed = token_bucket_rw_get_write(&global_relayed_bucket);
3504  global_bucket_val = MIN(global_bucket_val, relayed);
3505  }
3506 
3507  return connection_bucket_get_share(base, priority,
3508  global_bucket_val, conn_bucket);
3509 }
3510 
3511 /** Return true iff the global write buckets are low enough that we
3512  * shouldn't send <b>attempt</b> bytes of low-priority directory stuff
3513  * out to <b>conn</b>.
3514  *
3515  * If we are a directory authority, always answer dir requests thus true is
3516  * always returned.
3517  *
3518  * Note: There are a lot of parameters we could use here:
3519  * - global_relayed_write_bucket. Low is bad.
3520  * - global_write_bucket. Low is bad.
3521  * - bandwidthrate. Low is bad.
3522  * - bandwidthburst. Not a big factor?
3523  * - attempt. High is bad.
3524  * - total bytes queued on outbufs. High is bad. But I'm wary of
3525  * using this, since a few slow-flushing queues will pump up the
3526  * number without meaning what we meant to mean. What we really
3527  * mean is "total directory bytes added to outbufs recently", but
3528  * that's harder to quantify and harder to keep track of.
3529  */
3530 bool
3532 {
3533  size_t smaller_bucket =
3534  MIN(token_bucket_rw_get_write(&global_bucket),
3535  token_bucket_rw_get_write(&global_relayed_bucket));
3536 
3537  /* Special case for authorities (directory only). */
3538  if (authdir_mode_v3(get_options())) {
3539  /* Are we configured to possibly reject requests under load? */
3541  /* Answer request no matter what. */
3542  return false;
3543  }
3544  /* Always answer requests from a known relay which includes the other
3545  * authorities. The following looks up the addresses for relays that we
3546  * have their descriptor _and_ any configured trusted directories. */
3548  return false;
3549  }
3550  }
3551 
3552  if (!connection_is_rate_limited(conn))
3553  return false; /* local conns don't get limited */
3554 
3555  if (smaller_bucket < attempt)
3556  return true; /* not enough space. */
3557 
3558  {
3559  const time_t diff = approx_time() - write_buckets_last_empty_at;
3560  if (diff <= 1)
3561  return true; /* we're already hitting our limits, no more please */
3562  }
3563  return false;
3564 }
3565 
3566 /** When did we last tell the accounting subsystem about transmitted
3567  * bandwidth? */
3569 
3570 /** Helper: adjusts our bandwidth history and informs the controller as
3571  * appropriate, given that we have just read <b>num_read</b> bytes and written
3572  * <b>num_written</b> bytes on <b>conn</b>. */
3573 static void
3575  time_t now, size_t num_read, size_t num_written)
3576 {
3577  /* Count bytes of answering direct and tunneled directory requests */
3578  if (conn->type == CONN_TYPE_DIR && conn->purpose == DIR_PURPOSE_SERVER) {
3579  if (num_read > 0)
3580  bwhist_note_dir_bytes_read(num_read, now);
3581  if (num_written > 0)
3582  bwhist_note_dir_bytes_written(num_written, now);
3583  }
3584 
3585  /* Linked connections and internal IPs aren't counted for statistics or
3586  * accounting:
3587  * - counting linked connections would double-count BEGINDIR bytes, because
3588  * they are sent as Dir bytes on the linked connection, and OR bytes on
3589  * the OR connection;
3590  * - relays and clients don't connect to internal IPs, unless specifically
3591  * configured to do so. If they are configured that way, we don't count
3592  * internal bytes.
3593  */
3594  if (!connection_is_rate_limited(conn))
3595  return;
3596 
3597  const bool is_ipv6 = (conn->socket_family == AF_INET6);
3598  if (conn->type == CONN_TYPE_OR)
3600  num_written, now, is_ipv6);
3601 
3602  if (num_read > 0) {
3603  bwhist_note_bytes_read(num_read, now, is_ipv6);
3604  }
3605  if (num_written > 0) {
3606  bwhist_note_bytes_written(num_written, now, is_ipv6);
3607  }
3608  if (conn->type == CONN_TYPE_EXIT)
3609  rep_hist_note_exit_bytes(conn->port, num_written, num_read);
3610 
3611  /* Remember these bytes towards statistics. */
3612  stats_increment_bytes_read_and_written(num_read, num_written);
3613 
3614  /* Remember these bytes towards accounting. */
3617  accounting_add_bytes(num_read, num_written,
3618  (int)(now - last_recorded_accounting_at));
3619  } else {
3620  accounting_add_bytes(num_read, num_written, 0);
3621  }
3623  }
3624 }
3625 
3626 /** We just read <b>num_read</b> and wrote <b>num_written</b> bytes
3627  * onto <b>conn</b>. Decrement buckets appropriately. */
3628 static void
3630  size_t num_read, size_t num_written)
3631 {
3632  if (num_written >= INT_MAX || num_read >= INT_MAX) {
3633  log_err(LD_BUG, "Value out of range. num_read=%lu, num_written=%lu, "
3634  "connection type=%s, state=%s",
3635  (unsigned long)num_read, (unsigned long)num_written,
3636  conn_type_to_string(conn->type),
3637  conn_state_to_string(conn->type, conn->state));
3639  if (num_written >= INT_MAX)
3640  num_written = 1;
3641  if (num_read >= INT_MAX)
3642  num_read = 1;
3643  }
3644 
3645  record_num_bytes_transferred_impl(conn, now, num_read, num_written);
3646 
3647  if (!connection_is_rate_limited(conn))
3648  return; /* local IPs are free */
3649 
3650  unsigned flags = 0;
3651  if (connection_counts_as_relayed_traffic(conn, now)) {
3652  flags = token_bucket_rw_dec(&global_relayed_bucket, num_read, num_written);
3653  }
3654  flags |= token_bucket_rw_dec(&global_bucket, num_read, num_written);
3655 
3656  if (flags & TB_WRITE) {
3658  }
3659  if (connection_speaks_cells(conn) && conn->state == OR_CONN_STATE_OPEN) {
3660  or_connection_t *or_conn = TO_OR_CONN(conn);
3661  token_bucket_rw_dec(&or_conn->bucket, num_read, num_written);
3662  }
3663 }
3664 
3665 /**
3666  * Mark <b>conn</b> as needing to stop reading because bandwidth has been
3667  * exhausted. If <b>is_global_bw</b>, it is closing because global bandwidth
3668  * limit has been exhausted. Otherwise, it is closing because its own
3669  * bandwidth limit has been exhausted.
3670  */
3671 void
3673 {
3674  (void)is_global_bw;
3675  conn->read_blocked_on_bw = 1;
3678 }
3679 
3680 /**
3681  * Mark <b>conn</b> as needing to stop reading because write bandwidth has
3682  * been exhausted. If <b>is_global_bw</b>, it is closing because global
3683  * bandwidth limit has been exhausted. Otherwise, it is closing because its
3684  * own bandwidth limit has been exhausted.
3685 */
3686 void
3688 {
3689  (void)is_global_bw;
3690  conn->write_blocked_on_bw = 1;
3693 }
3694 
3695 /** If we have exhausted our global buckets, or the buckets for conn,
3696  * stop reading. */
3697 void
3699 {
3700  const char *reason;
3701 
3702  if (!connection_is_rate_limited(conn))
3703  return; /* Always okay. */
3704 
3705  int is_global = 1;
3706 
3707  if (token_bucket_rw_get_read(&global_bucket) <= 0) {
3708  reason = "global read bucket exhausted. Pausing.";
3709  } else if (connection_counts_as_relayed_traffic(conn, approx_time()) &&
3710  token_bucket_rw_get_read(&global_relayed_bucket) <= 0) {
3711  reason = "global relayed read bucket exhausted. Pausing.";
3712  } else if (connection_speaks_cells(conn) &&
3713  conn->state == OR_CONN_STATE_OPEN &&
3714  token_bucket_rw_get_read(&TO_OR_CONN(conn)->bucket) <= 0) {
3715  reason = "connection read bucket exhausted. Pausing.";
3716  is_global = false;
3717  } else
3718  return; /* all good, no need to stop it */
3719 
3720  LOG_FN_CONN(conn, (LOG_DEBUG, LD_NET, "%s", reason));
3721  connection_read_bw_exhausted(conn, is_global);
3722 }
3723 
3724 /** If we have exhausted our global buckets, or the buckets for conn,
3725  * stop writing. */
3726 void
3728 {
3729  const char *reason;
3730 
3731  if (!connection_is_rate_limited(conn))
3732  return; /* Always okay. */
3733 
3734  bool is_global = true;
3735  if (token_bucket_rw_get_write(&global_bucket) <= 0) {
3736  reason = "global write bucket exhausted. Pausing.";
3737  } else if (connection_counts_as_relayed_traffic(conn, approx_time()) &&
3738  token_bucket_rw_get_write(&global_relayed_bucket) <= 0) {
3739  reason = "global relayed write bucket exhausted. Pausing.";
3740  } else if (connection_speaks_cells(conn) &&
3741  conn->state == OR_CONN_STATE_OPEN &&
3742  token_bucket_rw_get_write(&TO_OR_CONN(conn)->bucket) <= 0) {
3743  reason = "connection write bucket exhausted. Pausing.";
3744  is_global = false;
3745  } else
3746  return; /* all good, no need to stop it */
3747 
3748  LOG_FN_CONN(conn, (LOG_DEBUG, LD_NET, "%s", reason));
3749  connection_write_bw_exhausted(conn, is_global);
3750 }
3751 
3752 /** Initialize the global buckets to the values configured in the
3753  * options */
3754 void
3756 {
3757  const or_options_t *options = get_options();
3758  const uint32_t now_ts = monotime_coarse_get_stamp();
3759  token_bucket_rw_init(&global_bucket,
3760  (int32_t)options->BandwidthRate,
3761  (int32_t)options->BandwidthBurst,
3762  now_ts);
3763  if (options->RelayBandwidthRate) {
3764  token_bucket_rw_init(&global_relayed_bucket,
3765  (int32_t)options->RelayBandwidthRate,
3766  (int32_t)options->RelayBandwidthBurst,
3767  now_ts);
3768  } else {
3769  token_bucket_rw_init(&global_relayed_bucket,
3770  (int32_t)options->BandwidthRate,
3771  (int32_t)options->BandwidthBurst,
3772  now_ts);
3773  }
3774 
3776 }
3777 
3778 /** Update the global connection bucket settings to a new value. */
3779 void
3781 {
3782  token_bucket_rw_adjust(&global_bucket,
3783  (int32_t)options->BandwidthRate,
3784  (int32_t)options->BandwidthBurst);
3785  if (options->RelayBandwidthRate) {
3786  token_bucket_rw_adjust(&global_relayed_bucket,
3787  (int32_t)options->RelayBandwidthRate,
3788  (int32_t)options->RelayBandwidthBurst);
3789  } else {
3790  token_bucket_rw_adjust(&global_relayed_bucket,
3791  (int32_t)options->BandwidthRate,
3792  (int32_t)options->BandwidthBurst);
3793  }
3794 }
3795 
3796 /**
3797  * Cached value of the last coarse-timestamp when we refilled the
3798  * global buckets.
3799  */
3801 /**
3802  * Refill the token buckets for a single connection <b>conn</b>, and the
3803  * global token buckets as appropriate. Requires that <b>now_ts</b> is
3804  * the time in coarse timestamp units.
3805  */
3806 static void
3808 {
3809  /* Note that we only check for equality here: the underlying
3810  * token bucket functions can handle moving backwards in time if they
3811  * need to. */
3812  if (now_ts != last_refilled_global_buckets_ts) {
3813  token_bucket_rw_refill(&global_bucket, now_ts);
3814  token_bucket_rw_refill(&global_relayed_bucket, now_ts);
3816  }
3817 
3818  if (connection_speaks_cells(conn) && conn->state == OR_CONN_STATE_OPEN) {
3819  or_connection_t *or_conn = TO_OR_CONN(conn);
3820  token_bucket_rw_refill(&or_conn->bucket, now_ts);
3821  }
3822 }
3823 
3824 /**
3825  * Event to re-enable all connections that were previously blocked on read or
3826  * write.
3827  */
3829 
3830 /** True iff reenable_blocked_connections_ev is currently scheduled. */
3832 
3833 /** Delay after which to run reenable_blocked_connections_ev. */
3835 
3836 /**
3837  * Re-enable all connections that were previously blocked on read or write.
3838  * This event is scheduled after enough time has elapsed to be sure
3839  * that the buckets will refill when the connections have something to do.
3840  */
3841 static void
3843 {
3844  (void)ev;
3845  (void)arg;
3847  if (conn->read_blocked_on_bw == 1) {
3849  conn->read_blocked_on_bw = 0;
3850  }
3851  if (conn->write_blocked_on_bw == 1) {
3853  conn->write_blocked_on_bw = 0;
3854  }
3855  } SMARTLIST_FOREACH_END(conn);
3856 
3858 }
3859 
3860 /**
3861  * Initialize the mainloop event that we use to wake up connections that
3862  * find themselves blocked on bandwidth.
3863  */
3864 static void
3866 {
3871  }
3872  time_t sec = options->TokenBucketRefillInterval / 1000;
3873  int msec = (options->TokenBucketRefillInterval % 1000);
3875  reenable_blocked_connections_delay.tv_usec = msec * 1000;
3876 }
3877 
3878 /**
3879  * Called when we have blocked a connection for being low on bandwidth:
3880  * schedule an event to reenable such connections, if it is not already
3881  * scheduled.
3882  */
3883 static void
3885 {
3887  return;
3888  if (BUG(reenable_blocked_connections_ev == NULL)) {
3890  }
3894 }
3895 
3896 /** Read bytes from conn->s and process them.
3897  *
3898  * It calls connection_buf_read_from_socket() to bring in any new bytes,
3899  * and then calls connection_process_inbuf() to process them.
3900  *
3901  * Mark the connection and return -1 if you want to close it, else
3902  * return 0.
3903  */
3904 static int
3906 {
3907  ssize_t max_to_read=-1, try_to_read;
3908  size_t before, n_read = 0;
3909  int socket_error = 0;
3910 
3911  if (conn->marked_for_close)
3912  return 0; /* do nothing */
3913 
3915 
3917 
3918  switch (conn->type) {
3919  case CONN_TYPE_OR_LISTENER:
3923  case CONN_TYPE_AP_LISTENER:
3935  /* This should never happen; eventdns.c handles the reads here. */
3937  return 0;
3938  }
3939 
3940  loop_again:
3941  try_to_read = max_to_read;
3942  tor_assert(!conn->marked_for_close);
3943 
3944  before = buf_datalen(conn->inbuf);
3945  if (connection_buf_read_from_socket(conn, &max_to_read, &socket_error) < 0) {
3946  /* There's a read error; kill the connection.*/
3947  if (conn->type == CONN_TYPE_OR) {
3949  socket_error != 0 ?
3950  errno_to_orconn_end_reason(socket_error) :
3951  END_OR_CONN_REASON_CONNRESET,
3952  socket_error != 0 ?
3953  tor_socket_strerror(socket_error) :
3954  "(unknown, errno was 0)");
3955  }
3956  if (CONN_IS_EDGE(conn)) {
3957  edge_connection_t *edge_conn = TO_EDGE_CONN(conn);
3958  connection_edge_end_errno(edge_conn);
3959  if (conn->type == CONN_TYPE_AP && TO_ENTRY_CONN(conn)->socks_request) {
3960  /* broken, don't send a socks reply back */
3962  }
3963  }
3964  connection_close_immediate(conn); /* Don't flush; connection is dead. */
3965  /*
3966  * This can bypass normal channel checking since we did
3967  * connection_or_notify_error() above.
3968  */
3969  connection_mark_for_close_internal(conn);
3970  return -1;
3971  }
3972  n_read += buf_datalen(conn->inbuf) - before;
3973  if (CONN_IS_EDGE(conn) && try_to_read != max_to_read) {
3974  /* instruct it not to try to package partial cells. */
3975  if (connection_process_inbuf(conn, 0) < 0) {
3976  return -1;
3977  }
3978  if (!conn->marked_for_close &&
3979  connection_is_reading(conn) &&
3980  !conn->inbuf_reached_eof &&
3981  max_to_read > 0)
3982  goto loop_again; /* try reading again, in case more is here now */
3983  }
3984  /* one last try, packaging partial cells and all. */
3985  if (!conn->marked_for_close &&
3986  connection_process_inbuf(conn, 1) < 0) {
3987  return -1;
3988  }
3989  if (conn->linked_conn) {
3990  /* The other side's handle_write() will never actually get called, so
3991  * we need to invoke the appropriate callbacks ourself. */
3992  connection_t *linked = conn->linked_conn;
3993 
3994  if (n_read) {
3995  /* Probably a no-op, since linked conns typically don't count for
3996  * bandwidth rate limiting. But do it anyway so we can keep stats
3997  * accurately. Note that since we read the bytes from conn, and
3998  * we're writing the bytes onto the linked connection, we count
3999  * these as <i>written</i> bytes. */
4000  connection_buckets_decrement(linked, approx_time(), 0, n_read);
4001 
4002  if (connection_flushed_some(linked) < 0)
4003  connection_mark_for_close(linked);
4004  if (!connection_wants_to_flush(linked))
4006  }
4007 
4008  if (!buf_datalen(linked->outbuf) && conn->active_on_link)
4010  }
4011  /* If we hit the EOF, call connection_reached_eof(). */
4012  if (!conn->marked_for_close &&
4013  conn->inbuf_reached_eof &&
4014  connection_reached_eof(conn) < 0) {
4015  return -1;
4016  }
4017  return 0;
4018 }
4019 
4020 /* DOCDOC connection_handle_read */
4021 int
4022 connection_handle_read(connection_t *conn)
4023 {
4024  int res;
4025  update_current_time(time(NULL));
4026  res = connection_handle_read_impl(conn);
4027  return res;
4028 }
4029 
4030 /** Pull in new bytes from conn->s or conn->linked_conn onto conn->inbuf,
4031  * either directly or via TLS. Reduce the token buckets by the number of bytes
4032  * read.
4033  *
4034  * If *max_to_read is -1, then decide it ourselves, else go with the
4035  * value passed to us. When returning, if it's changed, subtract the
4036  * number of bytes we read from *max_to_read.
4037  *
4038  * Return -1 if we want to break conn, else return 0.
4039  */
4040 static int
4041 connection_buf_read_from_socket(connection_t *conn, ssize_t *max_to_read,
4042  int *socket_error)
4043 {
4044  int result;
4045  ssize_t at_most = *max_to_read;
4046  size_t slack_in_buf, more_to_read;
4047  size_t n_read = 0, n_written = 0;
4048 
4049  if (at_most == -1) { /* we need to initialize it */
4050  /* how many bytes are we allowed to read? */
4051  at_most = connection_bucket_read_limit(conn, approx_time());
4052  }
4053 
4054  /* Do not allow inbuf to grow past BUF_MAX_LEN. */
4055  const ssize_t maximum = BUF_MAX_LEN - buf_datalen(conn->inbuf);
4056  if (at_most > maximum) {
4057  at_most = maximum;
4058  }
4059 
4060  slack_in_buf = buf_slack(conn->inbuf);
4061  again:
4062  if ((size_t)at_most > slack_in_buf && slack_in_buf >= 1024) {
4063  more_to_read = at_most - slack_in_buf;
4064  at_most = slack_in_buf;
4065  } else {
4066  more_to_read = 0;
4067  }
4068 
4069  if (connection_speaks_cells(conn) &&
4071  int pending;
4072  or_connection_t *or_conn = TO_OR_CONN(conn);
4073  size_t initial_size;
4074  if (conn->state == OR_CONN_STATE_TLS_HANDSHAKING ||
4076  /* continue handshaking even if global token bucket is empty */
4077  return connection_tls_continue_handshake(or_conn);
4078  }
4079 
4080  log_debug(LD_NET,
4081  "%d: starting, inbuf_datalen %ld (%d pending in tls object)."
4082  " at_most %ld.",
4083  (int)conn->s,(long)buf_datalen(conn->inbuf),
4084  tor_tls_get_pending_bytes(or_conn->tls), (long)at_most);
4085 
4086  initial_size = buf_datalen(conn->inbuf);
4087  /* else open, or closing */
4088  result = buf_read_from_tls(conn->inbuf, or_conn->tls, at_most);
4089  if (TOR_TLS_IS_ERROR(result) || result == TOR_TLS_CLOSE)
4090  or_conn->tls_error = result;
4091  else
4092  or_conn->tls_error = 0;
4093 
4094  switch (result) {
4095  case TOR_TLS_CLOSE:
4096  case TOR_TLS_ERROR_IO:
4097  log_debug(LD_NET,"TLS %s closed %son read. Closing.",
4098  connection_describe(conn),
4099  result == TOR_TLS_CLOSE ? "cleanly " : "");
4100  return result;
4102  log_debug(LD_NET,"tls error [%s] from %s. Breaking.",
4103  tor_tls_err_to_string(result),
4104  connection_describe(conn));
4105  return result;
4106  case TOR_TLS_WANTWRITE:
4108  return 0;
4109  case TOR_TLS_WANTREAD:
4110  if (conn->in_connection_handle_write) {
4111  /* We've been invoked from connection_handle_write, because we're
4112  * waiting for a TLS renegotiation, the renegotiation started, and
4113  * SSL_read returned WANTWRITE. But now SSL_read is saying WANTREAD
4114  * again. Stop waiting for write events now, or else we'll
4115  * busy-loop until data arrives for us to read.
4116  * XXX: remove this when v2 handshakes support is dropped. */
4118  if (!connection_is_reading(conn))
4120  }
4121  /* we're already reading, one hopes */
4122  break;
4123  case TOR_TLS_DONE: /* no data read, so nothing to process */
4124  break; /* so we call bucket_decrement below */
4125  default:
4126  break;
4127  }
4128  pending = tor_tls_get_pending_bytes(or_conn->tls);
4129  if (pending) {
4130  /* If we have any pending bytes, we read them now. This *can*
4131  * take us over our read allotment, but really we shouldn't be
4132  * believing that SSL bytes are the same as TCP bytes anyway. */
4133  int r2 = buf_read_from_tls(conn->inbuf, or_conn->tls, pending);
4134  if (BUG(r2<0)) {
4135  log_warn(LD_BUG, "apparently, reading pending bytes can fail.");
4136  return -1;
4137  }
4138  }
4139  result = (int)(buf_datalen(conn->inbuf)-initial_size);
4140  tor_tls_get_n_raw_bytes(or_conn->tls, &n_read, &n_written);
4141  log_debug(LD_GENERAL, "After TLS read of %d: %ld read, %ld written",
4142  result, (long)n_read, (long)n_written);
4143  } else if (conn->linked) {
4144  if (conn->linked_conn) {
4145  result = (int) buf_move_all(conn->inbuf, conn->linked_conn->outbuf);
4146  } else {
4147  result = 0;
4148  }
4149  //log_notice(LD_GENERAL, "Moved %d bytes on an internal link!", result);
4150  /* If the other side has disappeared, or if it's been marked for close and
4151  * we flushed its outbuf, then we should set our inbuf_reached_eof. */
4152  if (!conn->linked_conn ||
4153  (conn->linked_conn->marked_for_close &&
4154  buf_datalen(conn->linked_conn->outbuf) == 0))
4155  conn->inbuf_reached_eof = 1;
4156 
4157  n_read = (size_t) result;
4158  } else {
4159  /* !connection_speaks_cells, !conn->linked_conn. */
4160  int reached_eof = 0;
4161  CONN_LOG_PROTECT(conn,
4162  result = buf_read_from_socket(conn->inbuf, conn->s,
4163  at_most,
4164  &reached_eof,
4165  socket_error));
4166  if (reached_eof)
4167  conn->inbuf_reached_eof = 1;
4168 
4169 // log_fn(LOG_DEBUG,"read_to_buf returned %d.",read_result);
4170 
4171  if (result < 0)
4172  return -1;
4173  n_read = (size_t) result;
4174  }
4175 
4176  if (n_read > 0) {
4177  /* change *max_to_read */
4178  *max_to_read = at_most - n_read;
4179 
4180  /* Onion service application connection. Note read bytes for metrics. */
4181  if (CONN_IS_EDGE(conn) && TO_EDGE_CONN(conn)->hs_ident) {
4182  edge_connection_t *edge_conn = TO_EDGE_CONN(conn);
4183  hs_metrics_app_read_bytes(&edge_conn->hs_ident->identity_pk,
4184  edge_conn->hs_ident->orig_virtual_port,
4185  n_read);
4186  }
4187 
4188  /* Update edge_conn->n_read */
4189  if (conn->type == CONN_TYPE_AP) {
4190  edge_connection_t *edge_conn = TO_EDGE_CONN(conn);
4191 
4192  /* Check for overflow: */
4193  if (PREDICT_LIKELY(UINT32_MAX - edge_conn->n_read > n_read))
4194  edge_conn->n_read += (int)n_read;
4195  else
4196  edge_conn->n_read = UINT32_MAX;
4197  }
4198 
4199  /* If CONN_BW events are enabled, update conn->n_read_conn_bw for
4200  * OR/DIR/EXIT connections, checking for overflow. */
4202  (conn->type == CONN_TYPE_OR ||
4203  conn->type == CONN_TYPE_DIR ||
4204  conn->type == CONN_TYPE_EXIT)) {
4205  if (PREDICT_LIKELY(UINT32_MAX - conn->n_read_conn_bw > n_read))
4206  conn->n_read_conn_bw += (int)n_read;
4207  else
4208  conn->n_read_conn_bw = UINT32_MAX;
4209  }
4210  }
4211 
4212  connection_buckets_decrement(conn, approx_time(), n_read, n_written);
4213 
4214  if (more_to_read && result == at_most) {
4215  slack_in_buf = buf_slack(conn->inbuf);
4216  at_most = more_to_read;
4217  goto again;
4218  }
4219 
4220  /* Call even if result is 0, since the global read bucket may
4221  * have reached 0 on a different conn, and this connection needs to
4222  * know to stop reading. */
4224  if (n_written > 0 && connection_is_writing(conn))
4226 
4227  return 0;
4228 }
4229 
4230 /** A pass-through to fetch_from_buf. */
4231 int
4232 connection_buf_get_bytes(char *string, size_t len, connection_t *conn)
4233 {
4234  return buf_get_bytes(conn->inbuf, string, len);
4235 }
4236 
4237 /** As buf_get_line(), but read from a connection's input buffer. */
4238 int
4240  size_t *data_len)
4241 {
4242  return buf_get_line(conn->inbuf, data, data_len);
4243 }
4244 
4245 /** As fetch_from_buf_http, but fetches from a connection's input buffer_t as
4246  * appropriate. */
4247 int
4249  char **headers_out, size_t max_headerlen,
4250  char **body_out, size_t *body_used,
4251  size_t max_bodylen, int force_complete)
4252 {
4253  return fetch_from_buf_http(conn->inbuf, headers_out, max_headerlen,
4254  body_out, body_used, max_bodylen, force_complete);
4255 }
4256 
4257 /** Return true if this connection has data to flush. */
4258 int
4260 {
4261  return connection_get_outbuf_len(conn) > 0;
4262 }
4263 
4264 /** Are there too many bytes on edge connection <b>conn</b>'s outbuf to
4265  * send back a relay-level sendme yet? Return 1 if so, 0 if not. Used by
4266  * connection_edge_consider_sending_sendme().
4267  */
4268 int
4270 {
4271  return connection_get_outbuf_len(conn) > 10*CELL_PAYLOAD_SIZE;
4272 }
4273 
4274 /**
4275  * On Windows Vista and Windows 7, tune the send buffer size according to a
4276  * hint from the OS.
4277  *
4278  * This should help fix slow upload rates.
4279  */
4280 static void
4282 {
4283 #ifdef _WIN32
4284  /* We only do this on Vista and 7, because earlier versions of Windows
4285  * don't have the SIO_IDEAL_SEND_BACKLOG_QUERY functionality, and on
4286  * later versions it isn't necessary. */
4287  static int isVistaOr7 = -1;
4288  if (isVistaOr7 == -1) {
4289  isVistaOr7 = 0;
4290  OSVERSIONINFO osvi = { 0 };
4291  osvi.dwOSVersionInfoSize = sizeof(OSVERSIONINFO);
4292  GetVersionEx(&osvi);
4293  if (osvi.dwMajorVersion == 6 && osvi.dwMinorVersion < 2)
4294  isVistaOr7 = 1;
4295  }
4296  if (!isVistaOr7)
4297  return;
4298  if (get_options()->ConstrainedSockets)
4299  return;
4300  ULONG isb = 0;
4301  DWORD bytesReturned = 0;
4302  if (!WSAIoctl(sock, SIO_IDEAL_SEND_BACKLOG_QUERY, NULL, 0,
4303  &isb, sizeof(isb), &bytesReturned, NULL, NULL)) {
4304  setsockopt(sock, SOL_SOCKET, SO_SNDBUF, (const char*)&isb, sizeof(isb));
4305  }
4306 #else /* !defined(_WIN32) */
4307  (void) sock;
4308 #endif /* defined(_WIN32) */
4309 }
4310 
4311 /** Try to flush more bytes onto <b>conn</b>->s.
4312  *
4313  * This function is called in connection_handle_write(), which gets
4314  * called from conn_write_callback() in main.c when libevent tells us
4315  * that <b>conn</b> wants to write.
4316  *
4317  * Update <b>conn</b>->timestamp_last_write_allowed to now, and call flush_buf
4318  * or flush_buf_tls appropriately. If it succeeds and there are no more
4319  * more bytes on <b>conn</b>->outbuf, then call connection_finished_flushing
4320  * on it too.
4321  *
4322  * If <b>force</b>, then write as many bytes as possible, ignoring bandwidth
4323  * limits. (Used for flushing messages to controller connections on fatal
4324  * errors.)
4325  *
4326  * Mark the connection and return -1 if you want to close it, else
4327  * return 0.
4328  */
4329 static int
4331 {
4332  int e;
4333  socklen_t len=(socklen_t)sizeof(e);
4334  int result;
4335  ssize_t max_to_write;
4336  time_t now = approx_time();
4337  size_t n_read = 0, n_written = 0;
4338  int dont_stop_writing = 0;
4339 
4341 
4342  if (conn->marked_for_close || !SOCKET_OK(conn->s))
4343  return 0; /* do nothing */
4344 
4345  if (conn->in_flushed_some) {
4346  log_warn(LD_BUG, "called recursively from inside conn->in_flushed_some");
4347  return 0;
4348  }
4349 
4350  conn->timestamp_last_write_allowed = now;
4351 
4353 
4354  /* Sometimes, "writable" means "connected". */
4355  if (connection_state_is_connecting(conn)) {
4356  if (getsockopt(conn->s, SOL_SOCKET, SO_ERROR, (void*)&e, &len) < 0) {
4357  log_warn(LD_BUG, "getsockopt() syscall failed");
4358  if (conn->type == CONN_TYPE_OR) {
4359  or_connection_t *orconn = TO_OR_CONN(conn);
4360  connection_or_close_for_error(orconn, 0);
4361  } else {
4362  if (CONN_IS_EDGE(conn)) {
4364  }
4365  connection_mark_for_close(conn);
4366  }
4367  return -1;
4368  }
4369  if (e) {
4370  /* some sort of error, but maybe just inprogress still */
4371  if (!ERRNO_IS_CONN_EINPROGRESS(e)) {
4372  log_info(LD_NET,"in-progress connect failed. Removing. (%s)",
4373  tor_socket_strerror(e));
4374  if (CONN_IS_EDGE(conn))
4376  if (conn->type == CONN_TYPE_OR)
4379  tor_socket_strerror(e));
4380 
4382  /*
4383  * This can bypass normal channel checking since we did
4384  * connection_or_notify_error() above.
4385  */
4386  connection_mark_for_close_internal(conn);
4387  return -1;
4388  } else {
4389  return 0; /* no change, see if next time is better */
4390  }
4391  }
4392  /* The connection is successful. */
4393  if (connection_finished_connecting(conn)<0)
4394  return -1;
4395  }
4396 
4397  max_to_write = force ? (ssize_t)buf_datalen(conn->outbuf)
4398  : connection_bucket_write_limit(conn, now);
4399 
4400  if (connection_speaks_cells(conn) &&
4402  or_connection_t *or_conn = TO_OR_CONN(conn);
4403  size_t initial_size;
4404  if (conn->state == OR_CONN_STATE_TLS_HANDSHAKING ||
4407  if (connection_tls_continue_handshake(or_conn) < 0) {
4408  /* Don't flush; connection is dead. */
4410  END_OR_CONN_REASON_MISC,
4411  "TLS error in connection_tls_"
4412  "continue_handshake()");
4414  /*
4415  * This can bypass normal channel checking since we did
4416  * connection_or_notify_error() above.
4417  */
4418  connection_mark_for_close_internal(conn);
4419  return -1;
4420  }
4421  return 0;
4422  } else if (conn->state == OR_CONN_STATE_TLS_SERVER_RENEGOTIATING) {
4423  return connection_handle_read(conn);
4424  }
4425 
4426  /* else open, or closing */
4427  initial_size = buf_datalen(conn->outbuf);
4428  result = buf_flush_to_tls(conn->outbuf, or_conn->tls,
4429  max_to_write);
4430 
4431  if (result >= 0)
4432  update_send_buffer_size(conn->s);
4433 
4434  /* If we just flushed the last bytes, tell the channel on the
4435  * or_conn to check if it needs to geoip_change_dirreq_state() */
4436  /* XXXX move this to flushed_some or finished_flushing -NM */
4437  if (buf_datalen(conn->outbuf) == 0 && or_conn->chan)
4438  channel_notify_flushed(TLS_CHAN_TO_BASE(or_conn->chan));
4439 
4440  switch (result) {
4442  case TOR_TLS_CLOSE:
4443  or_conn->tls_error = result;
4444  log_info(LD_NET, result != TOR_TLS_CLOSE ?
4445  "tls error. breaking.":"TLS connection closed on flush");
4446  /* Don't flush; connection is dead. */
4448  END_OR_CONN_REASON_MISC,
4449  result != TOR_TLS_CLOSE ?
4450  "TLS error in during flush" :
4451  "TLS closed during flush");
4453  /*
4454  * This can bypass normal channel checking since we did
4455  * connection_or_notify_error() above.
4456  */
4457  connection_mark_for_close_internal(conn);
4458  return -1;
4459  case TOR_TLS_WANTWRITE:
4460  log_debug(LD_NET,"wanted write.");
4461  /* we're already writing */
4462  dont_stop_writing = 1;
4463  break;
4464  case TOR_TLS_WANTREAD:
4465  /* Make sure to avoid a loop if the receive buckets are empty. */
4466  log_debug(LD_NET,"wanted read.");
4467  if (!connection_is_reading(conn)) {
4468  connection_write_bw_exhausted(conn, true);
4469  /* we'll start reading again when we get more tokens in our
4470  * read bucket; then we'll start writing again too.
4471  */
4472  }
4473  /* else no problem, we're already reading */
4474  return 0;
4475  /* case TOR_TLS_DONE:
4476  * for TOR_TLS_DONE, fall through to check if the flushlen
4477  * is empty, so we can stop writing.
4478  */
4479  }
4480 
4481  tor_tls_get_n_raw_bytes(or_conn->tls, &n_read, &n_written);
4482  log_debug(LD_GENERAL, "After TLS write of %d: %ld read, %ld written",
4483  result, (long)n_read, (long)n_written);
4484  or_conn->bytes_xmitted += result;
4485  or_conn->bytes_xmitted_by_tls += n_written;
4486  /* So we notice bytes were written even on error */
4487  /* XXXX This cast is safe since we can never write INT_MAX bytes in a
4488  * single set of TLS operations. But it looks kinda ugly. If we refactor
4489  * the *_buf_tls functions, we should make them return ssize_t or size_t
4490  * or something. */
4491  result = (int)(initial_size-buf_datalen(conn->outbuf));
4492  } else {
4493  CONN_LOG_PROTECT(conn,
4494  result = buf_flush_to_socket(conn->outbuf, conn->s,
4495  max_to_write));
4496  if (result < 0) {
4497  if (CONN_IS_EDGE(conn))
4499  if (conn->type == CONN_TYPE_AP) {
4500  /* writing failed; we couldn't send a SOCKS reply if we wanted to */
4502  }
4503 
4504  connection_close_immediate(conn); /* Don't flush; connection is dead. */
4505  connection_mark_for_close(conn);
4506  return -1;
4507  }
4508  update_send_buffer_size(conn->s);
4509  n_written = (size_t) result;
4510  }
4511 
4512  if (n_written && conn->type == CONN_TYPE_AP) {
4513  edge_connection_t *edge_conn = TO_EDGE_CONN(conn);
4514 
4515  /* Check for overflow: */
4516  if (PREDICT_LIKELY(UINT32_MAX - edge_conn->n_written > n_written))
4517  edge_conn->n_written += (int)n_written;
4518  else
4519  edge_conn->n_written = UINT32_MAX;
4520  }
4521 
4522  /* If CONN_BW events are enabled, update conn->n_written_conn_bw for
4523  * OR/DIR/EXIT connections, checking for overflow. */
4524  if (n_written && get_options()->TestingEnableConnBwEvent &&
4525  (conn->type == CONN_TYPE_OR ||
4526  conn->type == CONN_TYPE_DIR ||
4527  conn->type == CONN_TYPE_EXIT)) {
4528  if (PREDICT_LIKELY(UINT32_MAX - conn->n_written_conn_bw > n_written))
4529  conn->n_written_conn_bw += (int)n_written;
4530  else
4531  conn->n_written_conn_bw = UINT32_MAX;
4532  }
4533 
4534  connection_buckets_decrement(conn, approx_time(), n_read, n_written);
4535 
4536  if (result > 0) {
4537  /* If we wrote any bytes from our buffer, then call the appropriate
4538  * functions. */
4539  if (connection_flushed_some(conn) < 0) {
4540  if (connection_speaks_cells(conn)) {
4542  END_OR_CONN_REASON_MISC,
4543  "Got error back from "
4544  "connection_flushed_some()");
4545  }
4546 
4547  /*
4548  * This can bypass normal channel checking since we did
4549  * connection_or_notify_error() above.
4550  */
4551  connection_mark_for_close_internal(conn);
4552  }
4553  }
4554 
4555  if (!connection_wants_to_flush(conn) &&
4556  !dont_stop_writing) { /* it's done flushing */
4557  if (connection_finished_flushing(conn) < 0) {
4558  /* already marked */
4559  return -1;
4560  }
4561  return 0;
4562  }
4563 
4564  /* Call even if result is 0, since the global write bucket may
4565  * have reached 0 on a different conn, and this connection needs to
4566  * know to stop writing. */
4568  if (n_read > 0 && connection_is_reading(conn))
4570 
4571  return 0;
4572 }
4573 
4574 /* DOCDOC connection_handle_write */
4575 int
4576 connection_handle_write(connection_t *conn, int force)
4577 {
4578  int res;
4579  update_current_time(time(NULL));
4580  /* connection_handle_write_impl() might call connection_handle_read()
4581  * if we're in the middle of a v2 handshake, in which case it needs this
4582  * flag set. */
4583  conn->in_connection_handle_write = 1;
4584  res = connection_handle_write_impl(conn, force);
4585  conn->in_connection_handle_write = 0;
4586  return res;
4587 }
4588 
4589 /**
4590  * Try to flush data that's waiting for a write on <b>conn</b>. Return
4591  * -1 on failure, 0 on success.
4592  *
4593  * Don't use this function for regular writing; the buffers
4594  * system should be good enough at scheduling writes there. Instead, this
4595  * function is for cases when we're about to exit or something and we want
4596  * to report it right away.
4597  */
4598 int
4600 {
4601  return connection_handle_write(conn, 1);
4602 }
4603 
4604 /** Helper for connection_write_to_buf_impl and connection_write_buf_to_buf:
4605  *
4606  * Return true iff it is okay to queue bytes on <b>conn</b>'s outbuf for
4607  * writing.
4608  */
4609 static int
4611 {
4612  /* if it's marked for close, only allow write if we mean to flush it */
4613  if (conn->marked_for_close && !conn->hold_open_until_flushed)
4614  return 0;
4615 
4616  return 1;
4617 }
4618 
4619 /** Helper for connection_write_to_buf_impl and connection_write_buf_to_buf:
4620  *
4621  * Called when an attempt to add bytes on <b>conn</b>'s outbuf has failed;
4622  * mark the connection and warn as appropriate.
4623  */
4624 static void
4626 {
4627  if (CONN_IS_EDGE(conn)) {
4628  /* if it failed, it means we have our package/delivery windows set
4629  wrong compared to our max outbuf size. close the whole circuit. */
4630  log_warn(LD_NET,
4631  "write_to_buf failed. Closing circuit (fd %d).", (int)conn->s);
4632  circuit_mark_for_close(circuit_get_by_edge_conn(TO_EDGE_CONN(conn)),
4633  END_CIRC_REASON_INTERNAL);
4634  } else if (conn->type == CONN_TYPE_OR) {
4635  or_connection_t *orconn = TO_OR_CONN(conn);
4636  log_warn(LD_NET,
4637  "write_to_buf failed on an orconn; notifying of error "
4638  "(fd %d)", (int)(conn->s));
4639  connection_or_close_for_error(orconn, 0);
4640  } else {
4641  log_warn(LD_NET,
4642  "write_to_buf failed. Closing connection (fd %d).",
4643  (int)conn->s);
4644  connection_mark_for_close(conn);
4645  }
4646 }
4647 
4648 /** Helper for connection_write_to_buf_impl and connection_write_buf_to_buf:
4649  *
4650  * Called when an attempt to add bytes on <b>conn</b>'s outbuf has succeeded:
4651  * start writing if appropriate.
4652  */
4653 static void
4655 {
4656  /* If we receive optimistic data in the EXIT_CONN_STATE_RESOLVING
4657  * state, we don't want to try to write it right away, since
4658  * conn->write_event won't be set yet. Otherwise, write data from
4659  * this conn as the socket is available. */
4660  if (conn->write_event) {
4662  }
4663 }
4664 
4665 /** Append <b>len</b> bytes of <b>string</b> onto <b>conn</b>'s
4666  * outbuf, and ask it to start writing.
4667  *
4668  * If <b>zlib</b> is nonzero, this is a directory connection that should get
4669  * its contents compressed or decompressed as they're written. If zlib is
4670  * negative, this is the last data to be compressed, and the connection's zlib
4671  * state should be flushed.
4672  */
4673 MOCK_IMPL(void,
4674 connection_write_to_buf_impl_,(const char *string, size_t len,
4675  connection_t *conn, int zlib))
4676 {
4677  /* XXXX This function really needs to return -1 on failure. */
4678  int r;
4679  if (!len && !(zlib<0))
4680  return;
4681 
4682  if (!connection_may_write_to_buf(conn))
4683  return;
4684 
4685  if (zlib) {
4686  dir_connection_t *dir_conn = TO_DIR_CONN(conn);
4687  int done = zlib < 0;
4688  CONN_LOG_PROTECT(conn, r = buf_add_compress(conn->outbuf,
4689  dir_conn->compress_state,
4690  string, len, done));
4691  } else {
4692  CONN_LOG_PROTECT(conn, r = buf_add(conn->outbuf, string, len));
4693  }
4694  if (r < 0) {
4696  return;
4697  }
4699 }
4700 
4701 /**
4702  * Write a <b>string</b> (of size <b>len</b> to directory connection
4703  * <b>dir_conn</b>. Apply compression if connection is configured to use
4704  * it and finalize it if <b>done</b> is true.
4705  */
4706 void
4707 connection_dir_buf_add(const char *string, size_t len,
4708  dir_connection_t *dir_conn, int done)
4709 {
4710  if (dir_conn->compress_state != NULL) {
4711  connection_buf_add_compress(string, len, dir_conn, done);
4712  return;
4713  }
4714 
4715  connection_buf_add(string, len, TO_CONN(dir_conn));
4716 }
4717 
4718 void
4719 connection_buf_add_compress(const char *string, size_t len,
4720  dir_connection_t *conn, int done)
4721 {
4722  connection_write_to_buf_impl_(string, len, TO_CONN(conn), done ? -1 : 1);
4723 }
4724 
4725 /**
4726  * Add all bytes from <b>buf</b> to <b>conn</b>'s outbuf, draining them
4727  * from <b>buf</b>. (If the connection is marked and will soon be closed,
4728  * nothing is drained.)
4729  */
4730 void
4732 {
4733  tor_assert(conn);
4734  tor_assert(buf);
4735  size_t len = buf_datalen(buf);
4736  if (len == 0)
4737  return;
4738 
4739  if (!connection_may_write_to_buf(conn))
4740  return;
4741 
4742  buf_move_all(conn->outbuf, buf);
4744 }
4745 
4746 #define CONN_GET_ALL_TEMPLATE(var, test) \
4747  STMT_BEGIN \
4748  smartlist_t *conns = get_connection_array(); \
4749  smartlist_t *ret_conns = smartlist_new(); \
4750  SMARTLIST_FOREACH_BEGIN(conns, connection_t *, var) { \
4751  if (var && (test) && !var->marked_for_close) \
4752  smartlist_add(ret_conns, var); \
4753  } SMARTLIST_FOREACH_END(var); \
4754  return ret_conns; \
4755  STMT_END
4756 
4757 /* Return a list of connections that aren't close and matches the given type
4758  * and state. The returned list can be empty and must be freed using
4759  * smartlist_free(). The caller does NOT have ownership of the objects in the
4760  * list so it must not free them nor reference them as they can disappear. */
4761 smartlist_t *
4762 connection_list_by_type_state(int type, int state)
4763 {
4764  CONN_GET_ALL_TEMPLATE(conn, (conn->type == type && conn->state == state));
4765 }
4766 
4767 /* Return a list of connections that aren't close and matches the given type
4768  * and purpose. The returned list can be empty and must be freed using
4769  * smartlist_free(). The caller does NOT have ownership of the objects in the
4770  * list so it must not free them nor reference them as they can disappear. */
4771 smartlist_t *
4772 connection_list_by_type_purpose(int type, int purpose)
4773 {
4774  CONN_GET_ALL_TEMPLATE(conn,
4775  (conn->type == type && conn->purpose == purpose));
4776 }
4777 
4778 /** Return a connection_t * from get_connection_array() that satisfies test on
4779  * var, and that is not marked for close. */
4780 #define CONN_GET_TEMPLATE(var, test) \
4781  STMT_BEGIN \
4782  smartlist_t *conns = get_connection_array(); \
4783  SMARTLIST_FOREACH(conns, connection_t *, var, \
4784  { \
4785  if (var && (test) && !var->marked_for_close) \
4786  return var; \
4787  }); \
4788  return NULL; \
4789  STMT_END
4790 
4791 /** Return a connection with given type, address, port, and purpose;
4792  * or NULL if no such connection exists (or if all such connections are marked
4793  * for close). */
4796  const tor_addr_t *addr, uint16_t port,
4797  int purpose))
4798 {
4799  CONN_GET_TEMPLATE(conn,
4800  (conn->type == type &&
4801  tor_addr_eq(&conn->addr, addr) &&
4802  conn->port == port &&
4803  conn->purpose == purpose));
4804 }
4805 
4806 /** Return the stream with id <b>id</b> if it is not already marked for
4807  * close.
4808  */
4809 connection_t *
4811 {
4812  CONN_GET_TEMPLATE(conn, conn->global_identifier == id);
4813 }
4814 
4815 /** Return a connection of type <b>type</b> that is not marked for close.
4816  */
4817 connection_t *
4819 {
4820  CONN_GET_TEMPLATE(conn, conn->type == type);
4821 }
4822 
4823 /** Return a connection of type <b>type</b> that is in state <b>state</b>,
4824  * and that is not marked for close.
4825  */
4826 connection_t *
4827 connection_get_by_type_state(int type, int state)
4828 {
4829  CONN_GET_TEMPLATE(conn, conn->type == type && conn->state == state);
4830 }
4831 
4832 /**
4833  * Return a connection of type <b>type</b> that is not an internally linked
4834  * connection, and is not marked for close.
4835  **/
4838 {
4839  CONN_GET_TEMPLATE(conn, conn->type == type && !conn->linked);
4840 }
4841 
4842 /** Return a new smartlist of dir_connection_t * from get_connection_array()
4843  * that satisfy conn_test on connection_t *conn_var, and dirconn_test on
4844  * dir_connection_t *dirconn_var. conn_var must be of CONN_TYPE_DIR and not
4845  * marked for close to be included in the list. */
4846 #define DIR_CONN_LIST_TEMPLATE(conn_var, conn_test, \
4847  dirconn_var, dirconn_test) \
4848  STMT_BEGIN \
4849  smartlist_t *conns = get_connection_array(); \
4850  smartlist_t *dir_conns = smartlist_new(); \
4851  SMARTLIST_FOREACH_BEGIN(conns, connection_t *, conn_var) { \
4852  if (conn_var && (conn_test) \
4853  && conn_var->type == CONN_TYPE_DIR \
4854  && !conn_var->marked_for_close) { \
4855  dir_connection_t *dirconn_var = TO_DIR_CONN(conn_var); \
4856  if (dirconn_var && (dirconn_test)) { \
4857  smartlist_add(dir_conns, dirconn_var); \
4858  } \
4859  } \
4860  } SMARTLIST_FOREACH_END(conn_var); \
4861  return dir_conns; \
4862  STMT_END
4863 
4864 /** Return a list of directory connections that are fetching the item
4865  * described by <b>purpose</b>/<b>resource</b>. If there are none,
4866  * return an empty list. This list must be freed using smartlist_free,
4867  * but the pointers in it must not be freed.
4868  * Note that this list should not be cached, as the pointers in it can be
4869  * freed if their connections close. */
4870 smartlist_t *
4872  int purpose,
4873  const char *resource)
4874 {
4876  conn->purpose == purpose,
4877  dirconn,
4878  0 == strcmp_opt(resource,
4879  dirconn->requested_resource));
4880 }
4881 
4882 /** Return a list of directory connections that are fetching the item
4883  * described by <b>purpose</b>/<b>resource</b>/<b>state</b>. If there are
4884  * none, return an empty list. This list must be freed using smartlist_free,
4885  * but the pointers in it must not be freed.
4886  * Note that this list should not be cached, as the pointers in it can be
4887  * freed if their connections close. */
4888 smartlist_t *
4890  int purpose,
4891  const char *resource,
4892  int state)
4893 {
4895  conn->purpose == purpose && conn->state == state,
4896  dirconn,
4897  0 == strcmp_opt(resource,
4898  dirconn->requested_resource));
4899 }
4900 
4901 #undef DIR_CONN_LIST_TEMPLATE
4902 
4903 /** Return an arbitrary active OR connection that isn't <b>this_conn</b>.
4904  *
4905  * We use this to guess if we should tell the controller that we
4906  * didn't manage to connect to any of our bridges. */
4907 static connection_t *
4909 {
4910  CONN_GET_TEMPLATE(conn,
4911  conn != TO_CONN(this_conn) && conn->type == CONN_TYPE_OR);
4912 }
4913 
4914 /** Return 1 if there are any active OR connections apart from
4915  * <b>this_conn</b>.
4916  *
4917  * We use this to guess if we should tell the controller that we
4918  * didn't manage to connect to any of our bridges. */
4919 int
4921 {
4923  if (conn != NULL) {
4924  log_debug(LD_DIR, "%s: Found an OR connection: %s",
4925  __func__, connection_describe(conn));
4926  return 1;
4927  }
4928 
4929  return 0;
4930 }
4931 
4932 #undef CONN_GET_TEMPLATE
4933 
4934 /** Return 1 if <b>conn</b> is a listener conn, else return 0. */
4935 int
4937 {
4938  if (conn->type == CONN_TYPE_OR_LISTENER ||
4939  conn->type == CONN_TYPE_EXT_OR_LISTENER ||
4940  conn->type == CONN_TYPE_AP_LISTENER ||
4941  conn->type == CONN_TYPE_AP_TRANS_LISTENER ||
4942  conn->type == CONN_TYPE_AP_DNS_LISTENER ||
4943  conn->type == CONN_TYPE_AP_NATD_LISTENER ||
4945  conn->type == CONN_TYPE_DIR_LISTENER ||
4946  conn->type == CONN_TYPE_METRICS_LISTENER ||
4948  return 1;
4949  return 0;
4950 }
4951 
4952 /** Return 1 if <b>conn</b> is in state "open" and is not marked
4953  * for close, else return 0.
4954  */
4955 int
4957 {
4958  tor_assert(conn);
4959 
4960  if (conn->marked_for_close)
4961  return 0;
4962 
4963  if ((conn->type == CONN_TYPE_OR && conn->state == OR_CONN_STATE_OPEN) ||
4964  (conn->type == CONN_TYPE_EXT_OR) ||
4965  (conn->type == CONN_TYPE_AP && conn->state == AP_CONN_STATE_OPEN) ||
4966  (conn->type == CONN_TYPE_EXIT && conn->state == EXIT_CONN_STATE_OPEN) ||
4967  (conn->type == CONN_TYPE_CONTROL &&
4968  conn->state == CONTROL_CONN_STATE_OPEN))
4969  return 1;
4970 
4971  return 0;
4972 }
4973 
4974 /** Return 1 if conn is in 'connecting' state, else return 0. */
4975 int
4977 {
4978  tor_assert(conn);
4979 
4980  if (conn->marked_for_close)
4981  return 0;
4982  switch (conn->type)
4983  {
4984  case CONN_TYPE_OR:
4985  return conn->state == OR_CONN_STATE_CONNECTING;
4986  case CONN_TYPE_EXIT:
4987  return conn->state == EXIT_CONN_STATE_CONNECTING;
4988  case CONN_TYPE_DIR:
4989  return conn->state == DIR_CONN_STATE_CONNECTING;
4990  }
4991 
4992  return 0;
4993 }
4994 
4995 /** Allocates a base64'ed authenticator for use in http or https
4996  * auth, based on the input string <b>authenticator</b>. Returns it
4997  * if success, else returns NULL. */
4998 char *
4999 alloc_http_authenticator(const char *authenticator)
5000 {
5001  /* an authenticator in Basic authentication
5002  * is just the string "username:password" */
5003  const size_t authenticator_length = strlen(authenticator);
5004  const size_t base64_authenticator_length =
5005  base64_encode_size(authenticator_length, 0) + 1;
5006  char *base64_authenticator = tor_malloc(base64_authenticator_length);
5007  if (base64_encode(base64_authenticator, base64_authenticator_length,
5008  authenticator, authenticator_length, 0) < 0) {
5009  tor_free(base64_authenticator); /* free and set to null */
5010  }
5011  return base64_authenticator;
5012 }
5013 
5014 /** Given a socket handle, check whether the local address (sockname) of the
5015  * socket is one that we've connected from before. If so, double-check
5016  * whether our address has changed and we need to generate keys. If we do,
5017  * call init_keys().
5018  */
5019 static void
5021 {
5022  tor_addr_t out_addr, iface_addr;
5023  tor_addr_t **last_interface_ip_ptr;
5024  sa_family_t family;
5025 
5026  if (!outgoing_addrs)
5028 
5029  if (tor_addr_from_getsockname(&out_addr, sock) < 0) {
5030  int e = tor_socket_errno(sock);
5031  log_warn(LD_NET, "getsockname() to check for address change failed: %s",
5032  tor_socket_strerror(e));
5033  return;
5034  }
5035  family = tor_addr_family(&out_addr);
5036 
5037  if (family == AF_INET)
5038  last_interface_ip_ptr = &last_interface_ipv4;
5039  else if (family == AF_INET6)
5040  last_interface_ip_ptr = &last_interface_ipv6;
5041  else
5042  return;
5043 
5044  if (! *last_interface_ip_ptr) {
5045  tor_addr_t *a = tor_malloc_zero(sizeof(tor_addr_t));
5046  if (get_interface_address6(LOG_INFO, family, a)==0) {
5047  *last_interface_ip_ptr = a;
5048  } else {
5049  tor_free(a);
5050  }
5051  }
5052 
5053  /* If we've used this address previously, we're okay. */
5055  if (tor_addr_eq(a_ptr, &out_addr))
5056  return;
5057  );
5058 
5059  /* Uh-oh. We haven't connected from this address before. Has the interface
5060  * address changed? */
5061  if (get_interface_address6(LOG_INFO, family, &iface_addr)<0)
5062  return;
5063 
5064  if (tor_addr_eq(&iface_addr, *last_interface_ip_ptr)) {
5065  /* Nope, it hasn't changed. Add this address to the list. */
5066  smartlist_add(outgoing_addrs, tor_memdup(&out_addr, sizeof(tor_addr_t)));
5067  } else {
5068  /* The interface changed. We're a client, so we need to regenerate our
5069  * keys. First, reset the state. */
5070  log_notice(LD_NET, "Our IP address has changed. Rotating keys...");
5071  tor_addr_copy(*last_interface_ip_ptr, &iface_addr);
5074  smartlist_add(outgoing_addrs, tor_memdup(&out_addr, sizeof(tor_addr_t)));
5075  /* We'll need to resolve ourselves again. */
5076  resolved_addr_reset_last(AF_INET);
5077  /* Okay, now change our keys. */
5078  ip_address_changed(1);
5079  }
5080 }
5081 
5082 /** Some systems have limited system buffers for recv and xmit on
5083  * sockets allocated in a virtual server or similar environment. For a Tor
5084  * server this can produce the "Error creating network socket: No buffer
5085  * space available" error once all available TCP buffer space is consumed.
5086  * This method will attempt to constrain the buffers allocated for the socket
5087  * to the desired size to stay below system TCP buffer limits.
5088  */
5089 static void
5091 {
5092  void *sz = (void*)&size;
5093  socklen_t sz_sz = (socklen_t) sizeof(size);
5094  if (setsockopt(sock, SOL_SOCKET, SO_SNDBUF, sz, sz_sz) < 0) {
5095  int e = tor_socket_errno(sock);
5096  log_warn(LD_NET, "setsockopt() to constrain send "
5097  "buffer to %d bytes failed: %s", size, tor_socket_strerror(e));
5098  }
5099  if (setsockopt(sock, SOL_SOCKET, SO_RCVBUF, sz, sz_sz) < 0) {
5100  int e = tor_socket_errno(sock);
5101  log_warn(LD_NET, "setsockopt() to constrain recv "
5102  "buffer to %d bytes failed: %s", size, tor_socket_strerror(e));
5103  }
5104 }
5105 
5106 /** Process new bytes that have arrived on conn->inbuf.
5107  *
5108  * This function just passes conn to the connection-specific
5109  * connection_*_process_inbuf() function. It also passes in
5110  * package_partial if wanted.
5111  */
5112 static int
5113 connection_process_inbuf(connection_t *conn, int package_partial)
5114 {
5115  tor_assert(conn);
5116 
5117  switch (conn->type) {
5118  case CONN_TYPE_OR:
5120  case CONN_TYPE_EXT_OR:
5122  case CONN_TYPE_EXIT:
5123  case CONN_TYPE_AP:
5125  package_partial);
5126  case CONN_TYPE_DIR:
5128  case CONN_TYPE_CONTROL:
5130  case CONN_TYPE_METRICS:
5131  return metrics_connection_process_inbuf(conn);
5132  default:
5133  log_err(LD_BUG,"got unexpected conn type %d.", conn->type);
5135  return -1;
5136  }
5137 }
5138 
5139 /** Called whenever we've written data on a connection. */
5140 static int
5142 {
5143  int r = 0;
5144  tor_assert(!conn->in_flushed_some);
5145  conn->in_flushed_some = 1;
5146  if (conn->type == CONN_TYPE_DIR &&
5148  r = connection_dirserv_flushed_some(TO_DIR_CONN(conn));
5149  } else if (conn->type == CONN_TYPE_OR) {
5151  } else if (CONN_IS_EDGE(conn)) {
5153  }
5154  conn->in_flushed_some = 0;
5155  return r;
5156 }
5157 
5158 /** We just finished flushing bytes to the appropriately low network layer,
5159  * and there are no more bytes remaining in conn->outbuf or
5160  * conn->tls to be flushed.
5161  *
5162  * This function just passes conn to the connection-specific
5163  * connection_*_finished_flushing() function.
5164  */
5165 static int
5167 {
5168  tor_assert(conn);
5169 
5170  /* If the connection is closed, don't try to do anything more here. */
5171  if (CONN_IS_CLOSED(conn))
5172  return 0;
5173 
5174 // log_fn(LOG_DEBUG,"entered. Socket %u.", conn->s);
5175 
5177 
5178  switch (conn->type) {
5179  case CONN_TYPE_OR:
5181  case CONN_TYPE_EXT_OR:
5183  case CONN_TYPE_AP:
5184  case CONN_TYPE_EXIT:
5186  case CONN_TYPE_DIR:
5188  case CONN_TYPE_CONTROL:
5190  case CONN_TYPE_METRICS:
5192  default:
5193  log_err(LD_BUG,"got unexpected conn type %d.", conn->type);
5195  return -1;
5196  }
5197 }
5198 
5199 /** Called when our attempt to connect() to a server has just succeeded.
5200  *
5201  * This function checks if the interface address has changed (clients only),
5202  * and then passes conn to the connection-specific
5203  * connection_*_finished_connecting() function.
5204  */
5205 static int
5207 {
5208  tor_assert(conn);
5209 
5210  if (!server_mode(get_options())) {
5211  /* See whether getsockname() says our address changed. We need to do this
5212  * now that the connection has finished, because getsockname() on Windows
5213  * won't work until then. */
5215  }
5216 
5217  switch (conn->type)
5218  {
5219  case CONN_TYPE_OR:
5221  case CONN_TYPE_EXIT:
5223  case CONN_TYPE_DIR:
5225  default:
5226  log_err(LD_BUG,"got unexpected conn type %d.", conn->type);
5228  return -1;
5229  }
5230 }
5231 
5232 /** Callback: invoked when a connection reaches an EOF event. */
5233 static int
5235 {
5236  switch (conn->type) {
5237  case CONN_TYPE_OR:
5238  case CONN_TYPE_EXT_OR:
5239  return connection_or_reached_eof(TO_OR_CONN(conn));
5240  case CONN_TYPE_AP:
5241  case CONN_TYPE_EXIT:
5243  case CONN_TYPE_DIR:
5245  case CONN_TYPE_CONTROL:
5247  case CONN_TYPE_METRICS:
5248  return metrics_connection_reached_eof(conn);
5249  default:
5250  log_err(LD_BUG,"got unexpected conn type %d.", conn->type);
5252  return -1;
5253  }
5254 }
5255 
5256 /** Comparator for the two-orconn case in OOS victim sort */
5257 static int
5259 {
5260  int a_circs, b_circs;
5261  /* Fewer circuits == higher priority for OOS kill, sort earlier */
5262 
5263  a_circs = connection_or_get_num_circuits(a);
5264  b_circs = connection_or_get_num_circuits(b);
5265 
5266  if (a_circs < b_circs) return 1;
5267  else if (a_circs > b_circs) return -1;
5268  else return 0;
5269 }
5270 
5271 /** Sort comparator for OOS victims; better targets sort before worse
5272  * ones. */
5273 static int
5274 oos_victim_comparator(const void **a_v, const void **b_v)
5275 {
5276  connection_t *a = NULL, *b = NULL;
5277 
5278  /* Get connection pointers out */
5279 
5280  a = (connection_t *)(*a_v);
5281  b = (connection_t *)(*b_v);
5282 
5283  tor_assert(a != NULL);
5284  tor_assert(b != NULL);
5285 
5286  /*
5287  * We always prefer orconns as victims currently; we won't even see
5288  * these non-orconn cases, but if we do, sort them after orconns.
5289  */
5290  if (a->type == CONN_TYPE_OR && b->type == CONN_TYPE_OR) {
5292  } else {
5293  /*
5294  * One isn't an orconn; if one is, it goes first. We currently have no
5295  * opinions about cases where neither is an orconn.
5296  */
5297  if (a->type == CONN_TYPE_OR) return -1;
5298  else if (b->type == CONN_TYPE_OR) return 1;
5299  else return 0;
5300  }
5301 }
5302 
5303 /** Pick n victim connections for the OOS handler and return them in a
5304  * smartlist.
5305  */
5308 {
5309  smartlist_t *eligible = NULL, *victims = NULL;
5310  smartlist_t *conns;
5311  int conn_counts_by_type[CONN_TYPE_MAX_ + 1], i;
5312 
5313  /*
5314  * Big damn assumption (someone improve this someday!):
5315  *
5316  * Socket exhaustion normally happens on high-volume relays, and so
5317  * most of the connections involved are orconns. We should pick victims
5318  * by assembling a list of all orconns, and sorting them in order of
5319  * how much 'damage' by some metric we'd be doing by dropping them.
5320  *
5321  * If we move on from orconns, we should probably think about incoming
5322  * directory connections next, or exit connections. Things we should
5323  * probably never kill are controller connections and listeners.
5324  *
5325  * This function will count how many connections of different types
5326  * exist and log it for purposes of gathering data on typical OOS
5327  * situations to guide future improvements.
5328  */
5329 
5330  /* First, get the connection array */
5331  conns = get_connection_array();
5332  /*
5333  * Iterate it and pick out eligible connection types, and log some stats
5334  * along the way.
5335  */
5336  eligible = smartlist_new();
5337  memset(conn_counts_by_type, 0, sizeof(conn_counts_by_type));
5338  SMARTLIST_FOREACH_BEGIN(conns, connection_t *, c) {
5339  /* Bump the counter */
5340  tor_assert(c->type <= CONN_TYPE_MAX_);
5341  ++(conn_counts_by_type[c->type]);
5342 
5343  /* Skip anything without a socket we can free */
5344  if (!(SOCKET_OK(c->s))) {
5345  continue;
5346  }
5347 
5348  /* Skip anything we would count as moribund */
5349  if (connection_is_moribund(c)) {
5350  continue;
5351  }
5352 
5353  switch (c->type) {
5354  case CONN_TYPE_OR:
5355  /* We've got an orconn, it's eligible to be OOSed */
5356  smartlist_add(eligible, c);
5357  break;
5358  default:
5359  /* We don't know what to do with it, ignore it */
5360  break;
5361  }
5362  } SMARTLIST_FOREACH_END(c);
5363 
5364  /* Log some stats */
5365  if (smartlist_len(conns) > 0) {
5366  /* At least one counter must be non-zero */
5367  log_info(LD_NET, "Some stats on conn types seen during OOS follow");
5368  for (i = CONN_TYPE_MIN_; i <= CONN_TYPE_MAX_; ++i) {
5369  /* Did we see any? */
5370  if (conn_counts_by_type[i] > 0) {
5371  log_info(LD_NET, "%s: %d conns",
5373  conn_counts_by_type[i]);
5374  }
5375  }
5376  log_info(LD_NET, "Done with OOS conn type stats");
5377  }
5378 
5379  /* Did we find more eligible targets than we want to kill? */
5380  if (smartlist_len(eligible) > n) {
5381  /* Sort the list in order of target preference */
5383  /* Pick first n as victims */
5384  victims = smartlist_new();
5385  for (i = 0; i < n; ++i) {
5386  smartlist_add(victims, smartlist_get(eligible, i));
5387  }
5388  /* Free the original list */
5389  smartlist_free(eligible);
5390  } else {
5391  /* No, we can just call them all victims */
5392  victims = eligible;
5393  }
5394 
5395  return victims;
5396 }
5397 
5398 /** Kill a list of connections for the OOS handler. */
5399 MOCK_IMPL(STATIC void,
5401 {
5402  if (!conns) return;
5403 
5404  SMARTLIST_FOREACH_BEGIN(conns, connection_t *, c) {
5405  /* Make sure the channel layer gets told about orconns */
5406  if (c->type == CONN_TYPE_OR) {
5408  } else {
5409  connection_mark_for_close(c);
5410  }
5411  } SMARTLIST_FOREACH_END(c);
5412 
5413  log_notice(LD_NET,
5414  "OOS handler marked %d connections",
5415  smartlist_len(conns));
5416 }
5417 
5418 /** Check if a connection is on the way out so the OOS handler doesn't try
5419  * to kill more than it needs. */
5420 int
5422 {
5423  if (conn != NULL &&
5424  (conn->conn_array_index < 0 ||
5425  conn->marked_for_close)) {
5426  return 1;
5427  } else {
5428  return 0;
5429  }
5430 }
5431 
5432 /** Out-of-Sockets handler; n_socks is the current number of open
5433  * sockets, and failed is non-zero if a socket exhaustion related
5434  * error immediately preceded this call. This is where to do
5435  * circuit-killing heuristics as needed.
5436  */
5437 void
5438 connection_check_oos(int n_socks, int failed)
5439 {
5440  int target_n_socks = 0, moribund_socks, socks_to_kill;
5441  smartlist_t *conns;
5442 
5443  /* Early exit: is OOS checking disabled? */
5444  if (get_options()->DisableOOSCheck) {
5445  return;
5446  }
5447 
5448  /* Sanity-check args */
5449  tor_assert(n_socks >= 0);
5450 
5451  /*
5452  * Make some log noise; keep it at debug level since this gets a chance
5453  * to run on every connection attempt.
5454  */
5455  log_debug(LD_NET,
5456  "Running the OOS handler (%d open sockets, %s)",
5457  n_socks, (failed != 0) ? "exhaustion seen" : "no exhaustion");
5458 
5459  /*
5460  * Check if we're really handling an OOS condition, and if so decide how
5461  * many sockets we want to get down to. Be sure we check if the threshold
5462  * is distinct from zero first; it's possible for this to be called a few
5463  * times before we've finished reading the config.
5464  */
5465  if (n_socks >= get_options()->ConnLimit_high_thresh &&
5466  get_options()->ConnLimit_high_thresh != 0 &&
5467  get_options()->ConnLimit_ != 0) {
5468  /* Try to get down to the low threshold */
5469  target_n_socks = get_options()->ConnLimit_low_thresh;
5470  log_notice(LD_NET,
5471  "Current number of sockets %d is greater than configured "
5472  "limit %d; OOS handler trying to get down to %d",
5473  n_socks, get_options()->ConnLimit_high_thresh,
5474  target_n_socks);
5475  } else if (failed) {
5476  /*
5477  * If we're not at the limit but we hit a socket exhaustion error, try to
5478  * drop some (but not as aggressively as ConnLimit_low_threshold, which is
5479  * 3/4 of ConnLimit_)
5480  */
5481  target_n_socks = (n_socks * 9) / 10;
5482  log_notice(LD_NET,
5483  "We saw socket exhaustion at %d open sockets; OOS handler "
5484  "trying to get down to %d",
5485  n_socks, target_n_socks);
5486  }
5487 
5488  if (target_n_socks > 0) {
5489  /*
5490  * It's an OOS!
5491  *
5492  * Count moribund sockets; it's be important that anything we decide
5493  * to get rid of here but don't immediately close get counted as moribund
5494  * on subsequent invocations so we don't try to kill too many things if
5495  * connection_check_oos() gets called multiple times.
5496  */
5497  moribund_socks = connection_count_moribund();
5498 
5499  if (moribund_socks < n_socks - target_n_socks) {
5500  socks_to_kill = n_socks - target_n_socks - moribund_socks;
5501 
5502  conns = pick_oos_victims(socks_to_kill);
5503  if (conns) {
5504  kill_conn_list_for_oos(conns);
5505  log_notice(LD_NET,
5506  "OOS handler killed %d conns", smartlist_len(conns));
5507  smartlist_free(conns);
5508  } else {
5509  log_notice(LD_NET, "OOS handler failed to pick any victim conns");
5510  }
5511  } else {
5512  log_notice(LD_NET,
5513  "Not killing any sockets for OOS because there are %d "
5514  "already moribund, and we only want to eliminate %d",
5515  moribund_socks, n_socks - target_n_socks);
5516  }
5517  }
5518 }
5519 
5520 /** Log how many bytes are used by buffers of different kinds and sizes. */
5521 void
5523 {
5524  uint64_t used_by_type[CONN_TYPE_MAX_+1];
5525  uint64_t alloc_by_type[CONN_TYPE_MAX_+1];
5526  int n_conns_by_type[CONN_TYPE_MAX_+1];
5527  uint64_t total_alloc = 0;
5528  uint64_t total_used = 0;
5529  int i;
5530  smartlist_t *conns = get_connection_array();
5531 
5532  memset(used_by_type, 0, sizeof(used_by_type));
5533  memset(alloc_by_type, 0, sizeof(alloc_by_type));
5534  memset(n_conns_by_type, 0, sizeof(n_conns_by_type));
5535 
5536  SMARTLIST_FOREACH_BEGIN(conns, connection_t *, c) {
5537  int tp = c->type;
5538  ++n_conns_by_type[tp];
5539  if (c->inbuf) {
5540  used_by_type[tp] += buf_datalen(c->inbuf);
5541  alloc_by_type[tp] += buf_allocation(c->inbuf);
5542  }
5543  if (c->outbuf) {
5544  used_by_type[tp] += buf_datalen(c->outbuf);
5545  alloc_by_type[tp] += buf_allocation(c->outbuf);
5546  }
5547  } SMARTLIST_FOREACH_END(c);
5548  for (i=0; i <= CONN_TYPE_MAX_; ++i) {
5549  total_used += used_by_type[i];
5550  total_alloc += alloc_by_type[i];
5551  }
5552 
5553  tor_log(severity, LD_GENERAL,
5554  "In buffers for %d connections: %"PRIu64" used/%"PRIu64" allocated",
5555  smartlist_len(conns),
5556  (total_used), (total_alloc));
5557  for (i=CONN_TYPE_MIN_; i <= CONN_TYPE_MAX_; ++i) {
5558  if (!n_conns_by_type[i])
5559  continue;
5560  tor_log(severity, LD_GENERAL,
5561  " For %d %s connections: %"PRIu64" used/%"PRIu64" allocated",
5562  n_conns_by_type[i], conn_type_to_string(i),
5563  (used_by_type[i]), (alloc_by_type[i]));
5564  }
5565 }
5566 
5567 /** Verify that connection <b>conn</b> has all of its invariants
5568  * correct. Trigger an assert if anything is invalid.
5569  */
5570 void
5572 {
5573  (void) now; /* XXXX unused. */
5574  tor_assert(conn);
5575  tor_assert(conn->type >= CONN_TYPE_MIN_);
5576  tor_assert(conn->type <= CONN_TYPE_MAX_);
5577 
5578  switch (conn->type) {
5579  case CONN_TYPE_OR:
5580  case CONN_TYPE_EXT_OR:
5581  tor_assert(conn->magic == OR_CONNECTION_MAGIC);
5582  break;
5583  case CONN_TYPE_AP:
5584  tor_assert(conn->magic == ENTRY_CONNECTION_MAGIC);
5585  break;
5586  case CONN_TYPE_EXIT:
5587  tor_assert(conn->magic == EDGE_CONNECTION_MAGIC);
5588  break;
5589  case CONN_TYPE_DIR:
5590  tor_assert(conn->magic == DIR_CONNECTION_MAGIC);
5591  break;
5592  case CONN_TYPE_CONTROL:
5593  tor_assert(conn->magic == CONTROL_CONNECTION_MAGIC);
5594  break;
5595  CASE_ANY_LISTENER_TYPE:
5596  tor_assert(conn->magic == LISTENER_CONNECTION_MAGIC);
5597  break;
5598  default:
5599  tor_assert(conn->magic == BASE_CONNECTION_MAGIC);
5600  break;
5601  }
5602 
5603  if (conn->linked_conn) {
5604  tor_assert(conn->linked_conn->linked_conn == conn);
5605  tor_assert(conn->linked);
5606  }
5607  if (conn->linked)
5608  tor_assert(!SOCKET_OK(conn->s));
5609 
5610  if (conn->hold_open_until_flushed)
5612 
5613  /* XXXX check: read_blocked_on_bw, write_blocked_on_bw, s, conn_array_index,
5614  * marked_for_close. */
5615 
5616  /* buffers */
5617  if (conn->inbuf)
5618  buf_assert_ok(conn->inbuf);
5619  if (conn->outbuf)
5620  buf_assert_ok(conn->outbuf);
5621 
5622  if (conn->type == CONN_TYPE_OR) {
5623  or_connection_t *or_conn = TO_OR_CONN(conn);
5624  if (conn->state == OR_CONN_STATE_OPEN) {
5625  /* tor_assert(conn->bandwidth > 0); */
5626  /* the above isn't necessarily true: if we just did a TLS
5627  * handshake but we didn't recognize the other peer, or it
5628  * gave a bad cert/etc, then we won't have assigned bandwidth,
5629  * yet it will be open. -RD
5630  */
5631 // tor_assert(conn->read_bucket >= 0);
5632  }
5633 // tor_assert(conn->addr && conn->port);
5634  tor_assert(conn->address);
5636  tor_assert(or_conn->tls);
5637  }
5638 
5639  if (CONN_IS_EDGE(conn)) {
5640  /* XXX unchecked: package window, deliver window. */
5641  if (conn->type == CONN_TYPE_AP) {
5642  entry_connection_t *entry_conn = TO_ENTRY_CONN(conn);
5643  if (entry_conn->chosen_exit_optional || entry_conn->chosen_exit_retries)
5644  tor_assert(entry_conn->chosen_exit_name);
5645 
5646  tor_assert(entry_conn->socks_request);
5647  if (conn->state == AP_CONN_STATE_OPEN) {
5648  tor_assert(entry_conn->socks_request->has_finished);
5649  if (!conn->marked_for_close) {
5650  tor_assert(ENTRY_TO_EDGE_CONN(entry_conn)->cpath_layer);
5651  cpath_assert_layer_ok(ENTRY_TO_EDGE_CONN(entry_conn)->cpath_layer);
5652  }
5653  }
5654  }
5655  if (conn->type == CONN_TYPE_EXIT) {
5657  conn->purpose == EXIT_PURPOSE_RESOLVE);
5658  }
5659  } else if (conn->type == CONN_TYPE_DIR) {
5660  } else {
5661  /* Purpose is only used for dir and exit types currently */
5662  tor_assert(!conn->purpose);
5663  }
5664 
5665  switch (conn->type)
5666  {
5667  CASE_ANY_LISTENER_TYPE:
5669  break;
5670  case CONN_TYPE_OR:
5671  tor_assert(conn->state >= OR_CONN_STATE_MIN_);
5672  tor_assert(conn->state <= OR_CONN_STATE_MAX_);
5673  break;
5674  case CONN_TYPE_EXT_OR:
5676  tor_assert(conn->state <= EXT_OR_CONN_STATE_MAX_);
5677  break;
5678  case CONN_TYPE_EXIT:
5679  tor_assert(conn->state >= EXIT_CONN_STATE_MIN_);
5680  tor_assert(conn->state <= EXIT_CONN_STATE_MAX_);
5681  tor_assert(conn->purpose >= EXIT_PURPOSE_MIN_);
5682  tor_assert(conn->purpose <= EXIT_PURPOSE_MAX_);
5683  break;
5684  case CONN_TYPE_AP:
5685  tor_assert(conn->state >= AP_CONN_STATE_MIN_);
5686  tor_assert(conn->state <= AP_CONN_STATE_MAX_);
5687  tor_assert(TO_ENTRY_CONN(conn)->socks_request);
5688  break;
5689  case CONN_TYPE_DIR:
5690  tor_assert(conn->state >= DIR_CONN_STATE_MIN_);
5691  tor_assert(conn->state <= DIR_CONN_STATE_MAX_);
5692  tor_assert(conn->purpose >= DIR_PURPOSE_MIN_);
5693  tor_assert(conn->purpose <= DIR_PURPOSE_MAX_);
5694  break;
5695  case CONN_TYPE_CONTROL:
5696  tor_assert(conn->state >= CONTROL_CONN_STATE_MIN_);
5697  tor_assert(conn->state <= CONTROL_CONN_STATE_MAX_);
5698  break;
5699  case CONN_TYPE_METRICS:
5700  /* No state. */
5701  break;
5702  default:
5703  tor_assert(0);
5704  }
5705 }
5706 
5707 /** Fills <b>addr</b> and <b>port</b> with the details of the global
5708  * proxy server we are using. Store a 1 to the int pointed to by
5709  * <b>is_put_out</b> if the connection is using a pluggable
5710  * transport; store 0 otherwise. <b>conn</b> contains the connection
5711  * we are using the proxy for.
5712  *
5713  * Return 0 on success, -1 on failure.
5714  */
5715 int
5716 get_proxy_addrport(tor_addr_t *addr, uint16_t *port, int *proxy_type,
5717  int *is_pt_out, const connection_t *conn)
5718 {
5719  const or_options_t *options = get_options();
5720 
5721  *is_pt_out = 0;
5722  /* Client Transport Plugins can use another proxy, but that should be hidden
5723  * from the rest of tor (as the plugin is responsible for dealing with the
5724  * proxy), check it first, then check the rest of the proxy types to allow
5725  * the config to have unused ClientTransportPlugin entries.
5726  */
5727  if (options->ClientTransportPlugin) {
5728  const transport_t *transport = NULL;
5729  int r;
5730  r = get_transport_by_bridge_addrport(&conn->addr, conn->port, &transport);
5731  if (r<0)
5732  return -1;
5733  if (transport) { /* transport found */
5734  tor_addr_copy(addr, &transport->addr);
5735  *port = transport->port;
5736  *proxy_type = transport->socks_version;
5737  *is_pt_out = 1;
5738  return 0;
5739  }
5740 
5741  /* Unused ClientTransportPlugin. */
5742  }
5743 
5744  if (options->HTTPSProxy) {
5745  tor_addr_copy(addr, &options->HTTPSProxyAddr);
5746  *port = options->HTTPSProxyPort;
5747  *proxy_type = PROXY_CONNECT;
5748  return 0;
5749  } else if (options->Socks4Proxy) {
5750  tor_addr_copy(addr, &options->Socks4ProxyAddr);
5751  *port = options->Socks4ProxyPort;
5752  *proxy_type = PROXY_SOCKS4;
5753  return 0;
5754  } else if (options->Socks5Proxy) {
5755  tor_addr_copy(addr, &options->Socks5ProxyAddr);
5756  *port = options->Socks5ProxyPort;
5757  *proxy_type = PROXY_SOCKS5;
5758  return 0;
5759  } else if (options->TCPProxy) {
5760  tor_addr_copy(addr, &options->TCPProxyAddr);
5761  *port = options->TCPProxyPort;
5762  /* The only supported protocol in TCPProxy is haproxy. */
5764  *proxy_type = PROXY_HAPROXY;
5765  return 0;
5766  }
5767 
5768  tor_addr_make_unspec(addr);
5769  *port = 0;
5770  *proxy_type = PROXY_NONE;
5771  return 0;
5772 }
5773 
5774 /** Log a failed connection to a proxy server.
5775  * <b>conn</b> is the connection we use the proxy server for. */
5776 void
5778 {
5779  tor_addr_t proxy_addr;
5780  uint16_t proxy_port;
5781  int proxy_type, is_pt;
5782 
5783  if (get_proxy_addrport(&proxy_addr, &proxy_port, &proxy_type, &is_pt,
5784  conn) != 0)
5785  return; /* if we have no proxy set up, leave this function. */
5786 
5787  (void)is_pt;
5788  log_warn(LD_NET,
5789  "The connection to the %s proxy server at %s just failed. "
5790  "Make sure that the proxy server is up and running.",
5791  proxy_type_to_string(proxy_type),
5792  fmt_addrport(&proxy_addr, proxy_port));
5793 }
5794 
5795 /** Return string representation of <b>proxy_type</b>. */
5796 static const char *
5797 proxy_type_to_string(int proxy_type)
5798 {
5799  switch (proxy_type) {
5800  case PROXY_CONNECT: return "HTTP";
5801  case PROXY_SOCKS4: return "SOCKS4";
5802  case PROXY_SOCKS5: return "SOCKS5";
5803  case PROXY_HAPROXY: return "HAPROXY";
5804  case PROXY_PLUGGABLE: return "pluggable transports SOCKS";
5805  case PROXY_NONE: return "NULL";
5806  default: tor_assert(0);
5807  }
5808  return NULL; /*Unreached*/
5809 }
5810 
5811 /** Call connection_free_minimal() on every connection in our array, and
5812  * release all storage held by connection.c.
5813  *
5814  * Don't do the checks in connection_free(), because they will
5815  * fail.
5816  */
5817 void
5819 {
5820  smartlist_t *conns = get_connection_array();
5821 
5822  /* We don't want to log any messages to controllers. */
5823  SMARTLIST_FOREACH(conns, connection_t *, conn,
5824  if (conn->type == CONN_TYPE_CONTROL)
5825  TO_CONTROL_CONN(conn)->event_mask = 0);
5826 
5828 
5829  /* Unlink everything from the identity map. */
5831 
5832  /* Clear out our list of broken connections */
5834 
5835  SMARTLIST_FOREACH(conns, connection_t *, conn,
5836  connection_free_minimal(conn));
5837 
5838  if (outgoing_addrs) {
5840  smartlist_free(outgoing_addrs);
5841  outgoing_addrs = NULL;
5842  }
5843 
5845  tor_free(last_interface_ipv6);
5847 
5848  mainloop_event_free(reenable_blocked_connections_ev);
5850  memset(&reenable_blocked_connections_delay, 0, sizeof(struct timeval));
5851 }
5852 
5853 /** Log a warning, and possibly emit a control event, that <b>received</b> came
5854  * at a skewed time. <b>trusted</b> indicates that the <b>source</b> was one
5855  * that we had more faith in and therefore the warning level should have higher
5856  * severity.
5857  */
5858 MOCK_IMPL(void,
5859 clock_skew_warning, (const connection_t *conn, long apparent_skew, int trusted,
5860  log_domain_mask_t domain, const char *received,
5861  const char *source))
5862 {
5863  char dbuf[64];
5864  char *ext_source = NULL, *warn = NULL;
5865  format_time_interval(dbuf, sizeof(dbuf), apparent_skew);
5866  if (conn)
5867  tor_asprintf(&ext_source, "%s:%s:%d", source,
5868  fmt_and_decorate_addr(&conn->addr), conn->