Tor  0.4.7.0-alpha-dev
Macros | Functions
directory.c File Reference

Code to send and fetch information from directory authorities and caches via HTTP. More...

#include "core/or/or.h"
#include "app/config/config.h"
#include "core/mainloop/connection.h"
#include "core/or/circuitlist.h"
#include "core/or/connection_edge.h"
#include "core/or/connection_or.h"
#include "core/or/channeltls.h"
#include "feature/dircache/dircache.h"
#include "feature/dircache/dirserv.h"
#include "feature/dirclient/dirclient.h"
#include "feature/dircommon/directory.h"
#include "feature/dircommon/fp_pair.h"
#include "feature/stats/geoip_stats.h"
#include "lib/compress/compress.h"
#include "core/or/circuit_st.h"
#include "core/or/or_circuit_st.h"
#include "core/or/edge_connection_st.h"
#include "core/or/or_connection_st.h"
#include "feature/dircommon/dir_connection_st.h"
#include "feature/nodelist/routerinfo_st.h"

Go to the source code of this file.

Macros

#define MAX_DIRECTORY_OBJECT_SIZE   (10*(1<<20))
 
#define MAX_VOTE_DL_SIZE   (MAX_DIRECTORY_OBJECT_SIZE * 5)
 

Functions

dir_connection_tTO_DIR_CONN (connection_t *c)
 
const dir_connection_tCONST_TO_DIR_CONN (const connection_t *c)
 
int purpose_needs_anonymity (uint8_t dir_purpose, uint8_t router_purpose, const char *resource)
 
char * authdir_type_to_string (dirinfo_type_t auth)
 
int connection_dir_is_encrypted (const dir_connection_t *conn)
 
bool connection_dir_is_anonymous (const dir_connection_t *dir_conn)
 
int parse_http_command (const char *headers, char **command_out, char **url_out)
 
char * http_get_header (const char *headers, const char *which)
 
int parse_http_response (const char *headers, int *code, time_t *date, compress_method_t *compression, char **reason)
 
int connection_dir_process_inbuf (dir_connection_t *conn)
 
void connection_dir_about_to_close (dir_connection_t *dir_conn)
 
int connection_dir_finished_flushing (dir_connection_t *conn)
 
int connection_dir_finished_connecting (dir_connection_t *conn)
 
static int compare_pairs_ (const void **a, const void **b)
 
int dir_split_resource_into_fingerprint_pairs (const char *res, smartlist_t *pairs_out)
 
int dir_split_resource_into_fingerprints (const char *resource, smartlist_t *fp_out, int *compressed_out, int flags)
 

Detailed Description

Code to send and fetch information from directory authorities and caches via HTTP.

Directory caches and authorities use dirserv.c to generate the results of a query and stream them to the connection; clients use routerparse.c to parse them.

Every directory request has a dir_connection_t on the client side and on the server side. In most cases, the dir_connection_t object is a linked connection, tunneled through an edge_connection_t so that it can be a stream on the Tor network. The only non-tunneled connections are those that are used to upload material (descriptors and votes) to authorities. Among tunneled connections, some use one-hop circuits, and others use multi-hop circuits for anonymity.

Directory requests are launched by calling directory_initiate_request(). This launch the connection, will construct an HTTP request with directory_send_command(), send the and wait for a response. The client later handles the response with connection_dir_client_reached_eof(), which passes the information received to another part of Tor.

On the server side, requests are read in directory_handle_command(), which dispatches first on the request type (GET or POST), and then on the URL requested. GET requests are processed with a table-based dispatcher in url_table[]. The process of handling larger GET requests is complicated because we need to avoid allocating a copy of all the data to be sent to the client in one huge buffer. Instead, we spool the data into the buffer using logic in connection_dirserv_flushed_some() in dirserv.c. (TODO: If we extended buf.c to have a zero-copy reference-based buffer type, we could remove most of that code, at the cost of a bit more reference counting.)

Definition in file directory.c.

Macro Definition Documentation

◆ MAX_DIRECTORY_OBJECT_SIZE

#define MAX_DIRECTORY_OBJECT_SIZE   (10*(1<<20))

If any directory object is arriving, and it's over 10MB large, we're getting DoS'd. (As of 0.1.2.x, raw directories are about 1MB, and we never ask for more than 96 router descriptors at a time.)

Definition at line 435 of file directory.c.

Function Documentation

◆ authdir_type_to_string()

char* authdir_type_to_string ( dirinfo_type_t  auth)

Return a newly allocated string describing auth. Only describes authority features.

Definition at line 160 of file directory.c.

◆ compare_pairs_()

static int compare_pairs_ ( const void **  a,
const void **  b 
)
static

Helper. Compare two fp_pair_t objects, and return negative, 0, or positive as appropriate.

Definition at line 566 of file directory.c.

◆ connection_dir_about_to_close()

void connection_dir_about_to_close ( dir_connection_t dir_conn)

Called when we're about to finally unlink and free a directory connection: perform necessary accounting and cleanup

Definition at line 485 of file directory.c.

Referenced by connection_about_to_close_connection().

◆ connection_dir_finished_connecting()

int connection_dir_finished_connecting ( dir_connection_t conn)

Connected handler for directory connections: begin sending data to the server, and return 0. Only used when connections don't immediately connect.

Definition at line 549 of file directory.c.

Referenced by connection_finished_connecting().

◆ connection_dir_finished_flushing()

int connection_dir_finished_flushing ( dir_connection_t conn)

Write handler for directory connections; called when all data has been flushed. Close the connection or wait for a response as appropriate.

Definition at line 503 of file directory.c.

Referenced by connection_finished_flushing().

◆ connection_dir_is_anonymous()

bool connection_dir_is_anonymous ( const dir_connection_t dir_conn)

Return true iff the given directory connection dir_conn is anonymous, that is, it is on a circuit via a public relay and not directly from a client or bridge.

For client circuits via relays: true for 2-hop+ paths. For client circuits via bridges: true for 3-hop+ paths.

This first test if the connection is encrypted since it is a strong requirement for anonymity.

Definition at line 200 of file directory.c.

Referenced by handle_get_hs_descriptor_v3().

◆ connection_dir_is_encrypted()

int connection_dir_is_encrypted ( const dir_connection_t conn)

Return true iff anything we say on conn is being encrypted before we send it to the client/server.

Definition at line 180 of file directory.c.

Referenced by connection_dir_is_anonymous(), handle_get_networkstatus_bridges(), spooled_resource_estimate_size(), and spooled_resource_flush_some().

◆ connection_dir_process_inbuf()

int connection_dir_process_inbuf ( dir_connection_t conn)

Read handler for directory connections. (That's connections to directory servers and connections at directory servers.)

Definition at line 443 of file directory.c.

Referenced by connection_process_inbuf().

◆ CONST_TO_DIR_CONN()

const dir_connection_t* CONST_TO_DIR_CONN ( const connection_t c)

Cast a const connection_t * to a const dir_connection_t *.

Exit with an assertion failure if the input is not a dir_connection_t.

Definition at line 101 of file directory.c.

◆ dir_split_resource_into_fingerprint_pairs()

int dir_split_resource_into_fingerprint_pairs ( const char *  res,
smartlist_t pairs_out 
)

Divide a string res of the form FP1-FP2+FP3-FP4...[.z], where each FP is a hex-encoded fingerprint, into a sequence of distinct sorted fp_pair_t. Skip malformed pairs. On success, return 0 and add those fp_pair_t into pairs_out. On failure, return -1.

Definition at line 581 of file directory.c.

Referenced by list_pending_fpsk_downloads().

◆ dir_split_resource_into_fingerprints()

int dir_split_resource_into_fingerprints ( const char *  resource,
smartlist_t fp_out,
int *  compressed_out,
int  flags 
)

Given a directory resource request, containing zero or more strings separated by plus signs, followed optionally by ".z", store the strings, in order, into fp_out. If compressed_out is non-NULL, set it to 1 if the resource ends in ".z", else set it to 0.

If (flags & DSR_HEX), then delete all elements that aren't hex digests, and decode the rest. If (flags & DSR_BASE64), then use "-" rather than "+" as a separator, delete all the elements that aren't base64-encoded digests, and decode the rest. If (flags & DSR_DIGEST256), these digests should be 256 bits long; else they should be 160.

If (flags & DSR_SORT_UNIQ), then sort the list and remove all duplicates.

Definition at line 640 of file directory.c.

Referenced by connection_dir_bridge_routerdesc_failed(), controller_get_routerdescs(), and handle_get_keys().

◆ http_get_header()

char* http_get_header ( const char *  headers,
const char *  which 
)

Return a copy of the first HTTP header in headers whose key is which. The key should be given with a terminating colon and space; this function copies everything after, up to but not including the following \r\n.

Definition at line 325 of file directory.c.

Referenced by handle_response_upload_dir(), http_set_address_origin(), and parse_or_diff_from_header().

◆ parse_http_command()

int parse_http_command ( const char *  headers,
char **  command_out,
char **  url_out 
)

Parse an HTTP request line at the start of a headers string. On failure, return -1. On success, set *command_out to a copy of the HTTP command ("get", "post", etc), set *url_out to a copy of the URL, and return 0.

Definition at line 271 of file directory.c.

Referenced by metrics_connection_process_inbuf(), and parse_http_url().

◆ parse_http_response()

int parse_http_response ( const char *  headers,
int *  code,
time_t *  date,
compress_method_t compression,
char **  reason 
)

Parse an HTTP response string headers of the form

* "HTTP/1.\%d \%d\%s\r\n...".
* 

If it's well-formed, assign the status code to *code and return 0. Otherwise, return -1.

On success: If date is provided, set *date to the Date header in the http headers, or 0 if no such header is found. If compression is provided, set *compression to the compression method given in the Content-Encoding header, or 0 if no such header is found, or -1 if the value of the header is not recognized. If reason is provided, strdup the reason string into it.

Definition at line 360 of file directory.c.

◆ purpose_needs_anonymity()

int purpose_needs_anonymity ( uint8_t  dir_purpose,
uint8_t  router_purpose,
const char *  resource 
)

Return false if the directory purpose dir_purpose does not require an anonymous (three-hop) connection.

Return true 1) by default, 2) if all directory actions have specifically been configured to be over an anonymous connection, or 3) if the router is a bridge

Definition at line 113 of file directory.c.

Referenced by connection_dir_client_reached_eof().

◆ TO_DIR_CONN()

dir_connection_t* TO_DIR_CONN ( connection_t c)