Tor  0.4.7.0-alpha-dev
connection_edge.h
Go to the documentation of this file.
1 /* Copyright (c) 2001 Matej Pfajfar.
2  * Copyright (c) 2001-2004, Roger Dingledine.
3  * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson.
4  * Copyright (c) 2007-2021, The Tor Project, Inc. */
5 /* See LICENSE for licensing information */
6 
7 /**
8  * \file connection_edge.h
9  * \brief Header file for connection_edge.c.
10  **/
11 
12 #ifndef TOR_CONNECTION_EDGE_H
13 #define TOR_CONNECTION_EDGE_H
14 
16 
17 #include "feature/hs/hs_service.h"
18 
22 
26 
27 #define EXIT_CONN_STATE_MIN_ 1
28 /** State for an exit connection: waiting for response from DNS farm. */
29 #define EXIT_CONN_STATE_RESOLVING 1
30 /** State for an exit connection: waiting for connect() to finish. */
31 #define EXIT_CONN_STATE_CONNECTING 2
32 /** State for an exit connection: open and ready to transmit data. */
33 #define EXIT_CONN_STATE_OPEN 3
34 /** State for an exit connection: waiting to be removed. */
35 #define EXIT_CONN_STATE_RESOLVEFAILED 4
36 #define EXIT_CONN_STATE_MAX_ 4
37 
38 /* The AP state values must be disjoint from the EXIT state values. */
39 #define AP_CONN_STATE_MIN_ 5
40 /** State for a SOCKS connection: waiting for SOCKS request. */
41 #define AP_CONN_STATE_SOCKS_WAIT 5
42 /** State for a SOCKS connection: got a y.onion URL; waiting to receive
43  * rendezvous descriptor. */
44 #define AP_CONN_STATE_RENDDESC_WAIT 6
45 /** The controller will attach this connection to a circuit; it isn't our
46  * job to do so. */
47 #define AP_CONN_STATE_CONTROLLER_WAIT 7
48 /** State for a SOCKS connection: waiting for a completed circuit. */
49 #define AP_CONN_STATE_CIRCUIT_WAIT 8
50 /** State for a SOCKS connection: sent BEGIN, waiting for CONNECTED. */
51 #define AP_CONN_STATE_CONNECT_WAIT 9
52 /** State for a SOCKS connection: sent RESOLVE, waiting for RESOLVED. */
53 #define AP_CONN_STATE_RESOLVE_WAIT 10
54 /** State for a SOCKS connection: ready to send and receive. */
55 #define AP_CONN_STATE_OPEN 11
56 /** State for a transparent natd connection: waiting for original
57  * destination. */
58 #define AP_CONN_STATE_NATD_WAIT 12
59 /** State for an HTTP tunnel: waiting for an HTTP CONNECT command. */
60 #define AP_CONN_STATE_HTTP_CONNECT_WAIT 13
61 #define AP_CONN_STATE_MAX_ 13
62 
63 #define EXIT_PURPOSE_MIN_ 1
64 /** This exit stream wants to do an ordinary connect. */
65 #define EXIT_PURPOSE_CONNECT 1
66 /** This exit stream wants to do a resolve (either normal or reverse). */
67 #define EXIT_PURPOSE_RESOLVE 2
68 #define EXIT_PURPOSE_MAX_ 2
69 
70 /** True iff the AP_CONN_STATE_* value <b>s</b> means that the corresponding
71  * edge connection is not attached to any circuit. */
72 #define AP_CONN_STATE_IS_UNATTACHED(s) \
73  ((s) <= AP_CONN_STATE_CIRCUIT_WAIT || (s) == AP_CONN_STATE_NATD_WAIT)
74 
75 #define connection_mark_unattached_ap(conn, endreason) \
76  connection_mark_unattached_ap_((conn), (endreason), __LINE__, SHORT_FILE__)
77 
78 /** Possible return values for parse_extended_hostname. */
79 typedef enum hostname_type_t {
80  BAD_HOSTNAME,
81  EXIT_HOSTNAME,
82  NORMAL_HOSTNAME,
83  ONION_V2_HOSTNAME,
84  ONION_V3_HOSTNAME,
86 
88  (entry_connection_t *conn, int endreason,
89  int line, const char *file));
92  int package_partial);
94 int connection_edge_end(edge_connection_t *conn, uint8_t reason);
96 void connection_edge_end_close(edge_connection_t *conn, uint8_t reason);
100 
102 
105 
106 MOCK_DECL(int,
109 
111  char *address, uint16_t port,
112  const char *digest,
113  int session_group,
114  int isolation_flags,
115  int use_begindir, int want_onehop);
117  size_t replylen,
118  int endreason);
120  (entry_connection_t *conn,
121  int answer_type,
122  size_t answer_len,
123  const uint8_t *answer,
124  int ttl,
125  time_t expires));
127  const tor_addr_t *answer,
128  int ttl,
129  time_t expires);
130 
136  const node_t *exit);
139 void connection_ap_attach_pending(int retry);
141  const char *file, int line);
142 #define connection_ap_mark_as_pending_circuit(c) \
143  connection_ap_mark_as_pending_circuit_((c), __FILE__, __LINE__)
146  entry_connection_t *entry_conn);
147 
148 #define CONNECTION_AP_EXPECT_NONPENDING(c) do { \
149  if (ENTRY_TO_CONN(c)->state == AP_CONN_STATE_CIRCUIT_WAIT) { \
150  log_warn(LD_BUG, "At %s:%d: %p was unexpectedly in circuit_wait.", \
151  __FILE__, __LINE__, (c)); \
152  connection_ap_mark_as_non_pending_circuit(c); \
153  } \
154  } while (0)
155 void connection_ap_fail_onehop(const char *failed_digest,
156  cpath_build_state_t *build_state);
159  origin_circuit_t *circ,
160  int reason);
162 
163 int address_is_invalid_destination(const char *address, int client);
164 
166  (entry_connection_t *conn,
167  origin_circuit_t *circ,
168  crypt_path_t *cpath));
170  origin_circuit_t *circ,
171  crypt_path_t *cpath);
172 
173 #if defined(HAVE_NET_IF_H) && defined(HAVE_NET_PFVAR_H)
174 int get_pf_socket(void);
175 #endif
176 
178  const origin_circuit_t *circ);
180  origin_circuit_t *circ,
181  int dry_run);
184 
185 void connection_edge_free_all(void);
186 
187 void connection_ap_warn_and_unmark_if_pending_circ(
188  entry_connection_t *entry_conn,
189  const char *where);
190 
191 /** Lowest value for DNS ttl that a server should give or a client should
192  * believe. */
193 #define MIN_DNS_TTL (5*60)
194 /** Highest value for DNS ttl that a server should give or a client should
195  * believe. */
196 #define MAX_DNS_TTL (60*60)
197 /** How long do we keep DNS cache entries before purging them (regardless of
198  * their TTL)? */
199 #define MAX_DNS_ENTRY_AGE (3*60*60)
200 /** How long do we cache/tell clients to cache DNS records when no TTL is
201  * known? */
202 #define DEFAULT_DNS_TTL (30*60)
203 
204 uint32_t clip_dns_ttl(uint32_t ttl);
205 
206 int connection_half_edge_is_valid_data(const smartlist_t *half_conns,
207  streamid_t stream_id);
209  streamid_t stream_id);
211  streamid_t stream_id);
213  streamid_t stream_id);
215  streamid_t stream_id);
216 
218 struct half_edge_t;
219 void half_edge_free_(struct half_edge_t *he);
220 #define half_edge_free(he) \
221  FREE_AND_NULL(half_edge_t, half_edge_free_, (he))
222 
223 /** @name Begin-cell flags
224  *
225  * These flags are used in RELAY_BEGIN cells to change the default behavior
226  * of the cell.
227  *
228  * @{
229  **/
230 /** When this flag is set, the client is willing to get connected to IPv6
231  * addresses */
232 #define BEGIN_FLAG_IPV6_OK (1u<<0)
233 /** When this flag is set, the client DOES NOT support connecting to IPv4
234  * addresses. (The sense of this flag is inverted from IPV6_OK, so that the
235  * old default behavior of Tor is equivalent to having all flags set to 0.)
236  **/
237 #define BEGIN_FLAG_IPV4_NOT_OK (1u<<1)
238 /** When this flag is set, if we find both an IPv4 and an IPv6 address,
239  * we use the IPv6 address. Otherwise we use the IPv4 address. */
240 #define BEGIN_FLAG_IPV6_PREFERRED (1u<<2)
241 /**@}*/
242 
243 #ifdef CONNECTION_EDGE_PRIVATE
244 
245 STATIC bool parse_extended_hostname(char *address, hostname_type_t *type_out);
246 
247 /** A parsed BEGIN or BEGIN_DIR cell */
248 typedef struct begin_cell_t {
249  /** The address the client has asked us to connect to, or NULL if this is
250  * a BEGIN_DIR cell*/
251  char *address;
252  /** The flags specified in the BEGIN cell's body. One or more of
253  * BEGIN_FLAG_*. */
254  uint32_t flags;
255  /** The client's requested port. */
256  uint16_t port;
257  /** The client's requested Stream ID */
258  uint16_t stream_id;
259  /** True iff this is a BEGIN_DIR cell. */
260  unsigned is_begindir : 1;
261 } begin_cell_t;
262 
263 STATIC int begin_cell_parse(const cell_t *cell, begin_cell_t *bcell,
264  uint8_t *end_reason_out);
265 STATIC int connected_cell_format_payload(uint8_t *payload_out,
266  const tor_addr_t *addr,
267  uint32_t ttl);
268 
269 typedef struct {
270  /** Original address, after we lowercased it but before we started
271  * mapping it.
272  */
273  char orig_address[MAX_SOCKS_ADDR_LEN];
274  /** True iff the address has been automatically remapped to a local
275  * address in VirtualAddrNetwork. (Only set true when we do a resolve
276  * and get a virtual address; not when we connect to the address.) */
277  int automap;
278  /** If this connection has a .exit address, who put it there? */
279  addressmap_entry_source_t exit_source;
280  /** If we've rewritten the address, when does this map expire? */
281  time_t map_expires;
282  /** If we should close the connection, this is the end_reason to pass
283  * to connection_mark_unattached_ap */
284  int end_reason;
285  /** True iff we should close the connection, either because of error or
286  * because of successful early RESOLVED reply. */
287  int should_close;
288 } rewrite_result_t;
289 
290 STATIC void connection_ap_handshake_rewrite(entry_connection_t *conn,
291  rewrite_result_t *out);
292 
294 STATIC void export_hs_client_circuit_id(edge_connection_t *edge_conn,
295  hs_circuit_id_protocol_t protocol);
296 
297 struct half_edge_t;
299  origin_circuit_t *circ);
301  const smartlist_t *half_conns,
303 #endif /* defined(CONNECTION_EDGE_PRIVATE) */
304 
305 #endif /* !defined(TOR_CONNECTION_EDGE_H) */
STATIC int connection_ap_process_http_connect(entry_connection_t *conn)
STATIC int connected_cell_format_payload(uint8_t *payload_out, const tor_addr_t *addr, uint32_t ttl)
STATIC bool parse_extended_hostname(char *address, hostname_type_t *type_out)
STATIC int begin_cell_parse(const cell_t *cell, begin_cell_t *bcell, uint8_t *end_reason_out)
STATIC void connection_half_edge_add(const edge_connection_t *conn, origin_circuit_t *circ)
STATIC half_edge_t * connection_half_edge_find_stream_id(const smartlist_t *half_conns, streamid_t stream_id)
int connection_edge_compatible_with_circuit(const entry_connection_t *conn, const origin_circuit_t *circ)
int connection_ap_handshake_rewrite_and_attach(entry_connection_t *conn, origin_circuit_t *circ, crypt_path_t *cpath)
entry_connection_t * EDGE_TO_ENTRY_CONN(edge_connection_t *)
int connection_half_edge_is_valid_data(const smartlist_t *half_conns, streamid_t stream_id)
void connection_ap_mark_as_waiting_for_renddesc(entry_connection_t *entry_conn)
const entry_connection_t * CONST_EDGE_TO_ENTRY_CONN(const edge_connection_t *)
void connection_mark_unattached_ap_(entry_connection_t *conn, int endreason, int line, const char *file)
void connection_ap_about_to_close(entry_connection_t *edge_conn)
const edge_connection_t * CONST_TO_EDGE_CONN(const connection_t *)
void connection_edge_free_all(void)
void connection_ap_mark_as_pending_circuit_(entry_connection_t *entry_conn, const char *file, int line)
void connection_ap_mark_as_non_pending_circuit(entry_connection_t *entry_conn)
int connection_ap_rewrite_and_attach_if_allowed(entry_connection_t *conn, origin_circuit_t *circ, crypt_path_t *cpath)
entry_connection_t * connection_ap_make_link(connection_t *partner, char *address, uint16_t port, const char *digest, int session_group, int isolation_flags, int use_begindir, int want_onehop)
void connection_ap_expire_beginning(void)
void connection_ap_fail_onehop(const char *failed_digest, cpath_build_state_t *build_state)
int connection_ap_detach_retriable(entry_connection_t *conn, origin_circuit_t *circ, int reason)
void connection_ap_rescan_and_attach_pending(void)
int connection_ap_can_use_exit(const entry_connection_t *conn, const node_t *exit)
int connection_ap_handshake_send_begin(entry_connection_t *ap_conn)
int address_is_invalid_destination(const char *address, int client)
Definition: addressmap.c:1082
void connection_ap_handshake_socks_reply(entry_connection_t *conn, char *reply, size_t replylen, int endreason)
int connection_half_edge_is_valid_end(smartlist_t *half_conns, streamid_t stream_id)
hostname_type_t
uint32_t clip_dns_ttl(uint32_t ttl)
void half_edge_free_(struct half_edge_t *he)
int connection_ap_process_transparent(entry_connection_t *conn)
void connection_edge_end_close(edge_connection_t *conn, uint8_t reason)
int connection_edge_destroy(circid_t circ_id, edge_connection_t *conn)
int connection_edge_finished_flushing(edge_connection_t *conn)
void circuit_clear_isolation(origin_circuit_t *circ)
int connection_exit_begin_resolve(cell_t *cell, or_circuit_t *circ)
void connection_exit_about_to_close(edge_connection_t *edge_conn)
int connection_half_edge_is_valid_connected(const smartlist_t *half_conns, streamid_t stream_id)
int connection_edge_flushed_some(edge_connection_t *conn)
edge_connection_t * TO_EDGE_CONN(connection_t *)
const entry_connection_t * CONST_TO_ENTRY_CONN(const connection_t *)
int connection_ap_handshake_send_resolve(entry_connection_t *ap_conn)
void connection_ap_handshake_socks_resolved_addr(entry_connection_t *conn, const tor_addr_t *answer, int ttl, time_t expires)
int connection_edge_update_circuit_isolation(const entry_connection_t *conn, origin_circuit_t *circ, int dry_run)
int connection_edge_reached_eof(edge_connection_t *conn)
int connection_half_edge_is_valid_resolved(smartlist_t *half_conns, streamid_t stream_id)
int connection_edge_finished_connecting(edge_connection_t *conn)
int connection_edge_end_errno(edge_connection_t *conn)
int connection_edge_end(edge_connection_t *conn, uint8_t reason)
void connection_ap_attach_pending(int retry)
size_t half_streams_get_total_allocation(void)
int connection_half_edge_is_valid_sendme(const smartlist_t *half_conns, streamid_t stream_id)
int connection_edge_is_rendezvous_stream(const edge_connection_t *conn)
void connection_ap_handshake_socks_resolved(entry_connection_t *conn, int answer_type, size_t answer_len, const uint8_t *answer, int ttl, time_t expires)
entry_connection_t * TO_ENTRY_CONN(connection_t *)
int connection_exit_begin_conn(cell_t *cell, circuit_t *circ)
void connection_entry_set_controller_wait(entry_connection_t *conn)
streamid_t get_unique_stream_id_by_circ(origin_circuit_t *circ)
void circuit_discard_optional_exit_enclaves(extend_info_t *info)
void connection_exit_connect(edge_connection_t *conn)
int connection_edge_process_inbuf(edge_connection_t *conn, int package_partial)
Header file containing service data for the HS subsystem.
hs_circuit_id_protocol_t
Definition: hs_service.h:194
addressmap_entry_source_t
Definition: or.h:915
uint32_t circid_t
Definition: or.h:489
uint16_t streamid_t
Definition: or.h:491
Definition: cell_st.h:17
streamid_t stream_id
Definition: half_edge_st.h:24
Definition: node_st.h:34
Macros to implement mocking and selective exposure for the test code.
#define STATIC
Definition: testsupport.h:32
#define MOCK_DECL(rv, funcname, arglist)
Definition: testsupport.h:127