or.h

Go to the documentation of this file.

/* Copyright (c) 2001 Matej Pfajfar.
 * Copyright (c) 2001-2004, Roger Dingledine.
 * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson.
 * Copyright (c) 2007-2019, The Tor Project, Inc. */
/* See LICENSE for licensing information */

#ifndef TOR_OR_H
#define TOR_OR_H

#include "orconfig.h"
#include "lib/cc/torint.h"

#ifdef HAVE_SIGNAL_H
#include <signal.h>
#endif
#ifdef HAVE_TIME_H
#include <time.h>
#endif

#include "lib/arch/bytes.h"
#include "lib/cc/compat_compiler.h"
#include "lib/cc/torint.h"
#include "lib/container/map.h"
#include "lib/buf/buffers.h"
#include "lib/container/smartlist.h"
#include "lib/crypt_ops/crypto_cipher.h"
#include "lib/crypt_ops/crypto_rsa.h"
#include "lib/ctime/di_ops.h"
#include "lib/defs/dh_sizes.h"
#include "lib/encoding/binascii.h"
#include "lib/encoding/cstring.h"
#include "lib/encoding/time_fmt.h"
#include "lib/err/torerr.h"
#include "lib/fs/dir.h"
#include "lib/fs/files.h"
#include "lib/fs/mmap.h"
#include "lib/fs/path.h"
#include "lib/fs/userdb.h"
#include "lib/geoip/country.h"
#include "lib/intmath/addsub.h"
#include "lib/intmath/bits.h"
#include "lib/intmath/cmp.h"
#include "lib/intmath/logic.h"
#include "lib/intmath/muldiv.h"
#include "lib/log/escape.h"
#include "lib/log/ratelim.h"
#include "lib/log/util_bug.h"
#include "lib/malloc/malloc.h"
#include "lib/net/address.h"
#include "lib/net/inaddr.h"
#include "lib/net/socket.h"
#include "lib/string/compat_ctype.h"
#include "lib/string/compat_string.h"
#include "lib/string/parse_int.h"
#include "lib/string/printf.h"
#include "lib/string/scanf.h"
#include "lib/string/util_string.h"
#include "lib/testsupport/testsupport.h"
#include "lib/thread/threads.h"
#include "lib/time/compat_time.h"
#include "lib/wallclock/approx_time.h"
#include "lib/wallclock/timeval.h"

#include "ht.h"

// These, more than other includes, are for keeping the other struct
// definitions working. We should remove them when we minimize our includes.
#include "core/or/entry_port_cfg_st.h"

struct ed25519_public_key_t;
struct curve25519_public_key_t;

/* These signals are defined to help handle_control_signal work.
 */
#ifndef SIGHUP
#define SIGHUP 1
#endif
#ifndef SIGINT
#define SIGINT 2
#endif
#ifndef SIGUSR1
#define SIGUSR1 10
#endif
#ifndef SIGUSR2
#define SIGUSR2 12
#endif
#ifndef SIGTERM
#define SIGTERM 15
#endif
/* Controller signals start at a high number so we don't
 * conflict with system-defined signals. */
#define SIGNEWNYM 129
#define SIGCLEARDNSCACHE 130
#define SIGHEARTBEAT 131
#define SIGACTIVE 132
#define SIGDORMANT 133

#if (SIZEOF_CELL_T != 0)
/* On Irix, stdlib.h defines a cell_t type, so we need to make sure
 * that our stuff always calls cell_t something different. */
#define cell_t tor_cell_t
#endif

#define DOWNCAST(to, ptr) ((to*)SUBTYPE_P(ptr, to, base_))

#define MAX_NICKNAME_LEN 19

#define MAX_HEX_NICKNAME_LEN (HEX_DIGEST_LEN+1)

#define MAX_VERBOSE_NICKNAME_LEN (1+HEX_DIGEST_LEN+1+MAX_NICKNAME_LEN)

#define MAX_HEADERS_SIZE 50000

#define MAX_DESCRIPTOR_UPLOAD_SIZE 20000

#define MAX_EXTRAINFO_UPLOAD_SIZE 50000

#define MIN_ONION_KEY_LIFETIME_DAYS (1)

#define MAX_ONION_KEY_LIFETIME_DAYS (90)

#define DEFAULT_ONION_KEY_LIFETIME_DAYS (28)

#define MIN_ONION_KEY_GRACE_PERIOD_DAYS (1)

#define DEFAULT_ONION_KEY_GRACE_PERIOD_DAYS (7)

#define ONION_KEY_CONSENSUS_CHECK_INTERVAL (60*60)

#define MAX_SSL_KEY_LIFETIME_INTERNAL (2*60*60)

#define ROUTER_MAX_AGE (60*60*48)

#define ROUTER_MAX_AGE_TO_PUBLISH (60*60*24)

#define OLD_ROUTER_DESC_MAX_AGE (60*60*24*5)

/* Proxy client types */
#define PROXY_NONE 0
#define PROXY_CONNECT 1
#define PROXY_SOCKS4 2
#define PROXY_SOCKS5 3
/* !!!! If there is ever a PROXY_* type over 3, we must grow the proxy_type
 * field in or_connection_t */

/* Pluggable transport proxy type. Don't use this in or_connection_t,
 * instead use the actual underlying proxy type (see above).  */
#define PROXY_PLUGGABLE 4

#define MIN_CIRCUITS_HANDLING_STREAM 2

/* These RELAY_COMMAND constants define values for relay cell commands, and
* must match those defined in tor-spec.txt. */
#define RELAY_COMMAND_BEGIN 1
#define RELAY_COMMAND_DATA 2
#define RELAY_COMMAND_END 3
#define RELAY_COMMAND_CONNECTED 4
#define RELAY_COMMAND_SENDME 5
#define RELAY_COMMAND_EXTEND 6
#define RELAY_COMMAND_EXTENDED 7
#define RELAY_COMMAND_TRUNCATE 8
#define RELAY_COMMAND_TRUNCATED 9
#define RELAY_COMMAND_DROP 10
#define RELAY_COMMAND_RESOLVE 11
#define RELAY_COMMAND_RESOLVED 12
#define RELAY_COMMAND_BEGIN_DIR 13
#define RELAY_COMMAND_EXTEND2 14
#define RELAY_COMMAND_EXTENDED2 15

#define RELAY_COMMAND_ESTABLISH_INTRO 32
#define RELAY_COMMAND_ESTABLISH_RENDEZVOUS 33
#define RELAY_COMMAND_INTRODUCE1 34
#define RELAY_COMMAND_INTRODUCE2 35
#define RELAY_COMMAND_RENDEZVOUS1 36
#define RELAY_COMMAND_RENDEZVOUS2 37
#define RELAY_COMMAND_INTRO_ESTABLISHED 38
#define RELAY_COMMAND_RENDEZVOUS_ESTABLISHED 39
#define RELAY_COMMAND_INTRODUCE_ACK 40

#define RELAY_COMMAND_PADDING_NEGOTIATE 41
#define RELAY_COMMAND_PADDING_NEGOTIATED 42

/* Reasons why an OR connection is closed. */
#define END_OR_CONN_REASON_DONE           1
#define END_OR_CONN_REASON_REFUSED        2 /* connection refused */
#define END_OR_CONN_REASON_OR_IDENTITY    3
#define END_OR_CONN_REASON_CONNRESET      4 /* connection reset by peer */
#define END_OR_CONN_REASON_TIMEOUT        5
#define END_OR_CONN_REASON_NO_ROUTE       6 /* no route to host/net */
#define END_OR_CONN_REASON_IO_ERROR       7 /* read/write error */
#define END_OR_CONN_REASON_RESOURCE_LIMIT 8 /* sockets, buffers, etc */
#define END_OR_CONN_REASON_PT_MISSING     9 /* PT failed or not available */
#define END_OR_CONN_REASON_MISC           10

/* Reasons why we (or a remote OR) might close a stream. See tor-spec.txt for
 * documentation of these.  The values must match. */
#define END_STREAM_REASON_MISC 1
#define END_STREAM_REASON_RESOLVEFAILED 2
#define END_STREAM_REASON_CONNECTREFUSED 3
#define END_STREAM_REASON_EXITPOLICY 4
#define END_STREAM_REASON_DESTROY 5
#define END_STREAM_REASON_DONE 6
#define END_STREAM_REASON_TIMEOUT 7
#define END_STREAM_REASON_NOROUTE 8
#define END_STREAM_REASON_HIBERNATING 9
#define END_STREAM_REASON_INTERNAL 10
#define END_STREAM_REASON_RESOURCELIMIT 11
#define END_STREAM_REASON_CONNRESET 12
#define END_STREAM_REASON_TORPROTOCOL 13
#define END_STREAM_REASON_NOTDIRECTORY 14
#define END_STREAM_REASON_ENTRYPOLICY 15

/* These high-numbered end reasons are not part of the official spec,
 * and are not intended to be put in relay end cells. They are here
 * to be more informative when sending back socks replies to the
 * application. */
/* XXXX 256 is no longer used; feel free to reuse it. */
/* XXXX the ways we use this one don't make a lot of sense. */
#define END_STREAM_REASON_CANT_ATTACH 257

#define END_STREAM_REASON_NET_UNREACHABLE 258

#define END_STREAM_REASON_SOCKSPROTOCOL 259

#define END_STREAM_REASON_CANT_FETCH_ORIG_DEST 260

#define END_STREAM_REASON_INVALID_NATD_DEST 261

#define END_STREAM_REASON_PRIVATE_ADDR 262

#define END_STREAM_REASON_HTTPPROTOCOL 263

#define END_STREAM_REASON_MASK 511

#define END_STREAM_REASON_FLAG_REMOTE 512

#define END_STREAM_REASON_FLAG_ALREADY_SENT_CLOSED 1024

#define END_STREAM_REASON_FLAG_ALREADY_SOCKS_REPLIED 2048

/* 'type' values to use in RESOLVED cells.  Specified in tor-spec.txt. */
#define RESOLVED_TYPE_HOSTNAME 0
#define RESOLVED_TYPE_IPV4 4
#define RESOLVED_TYPE_IPV6 6
#define RESOLVED_TYPE_ERROR_TRANSIENT 0xF0
#define RESOLVED_TYPE_ERROR 0xF1

/* Negative reasons are internal: we never send them in a DESTROY or TRUNCATE
 * call; they only go to the controller for tracking  */

/* Closing introduction point that were opened in parallel. */
#define END_CIRC_REASON_IP_NOW_REDUNDANT -4

#define END_CIRC_REASON_MEASUREMENT_EXPIRED -3

#define END_CIRC_REASON_NOPATH          -2

#define END_CIRC_AT_ORIGIN              -1

/* Reasons why we (or a remote OR) might close a circuit. See tor-spec.txt
 * section 5.4 for documentation of these. */
#define END_CIRC_REASON_MIN_            0
#define END_CIRC_REASON_NONE            0
#define END_CIRC_REASON_TORPROTOCOL     1
#define END_CIRC_REASON_INTERNAL        2
#define END_CIRC_REASON_REQUESTED       3
#define END_CIRC_REASON_HIBERNATING     4
#define END_CIRC_REASON_RESOURCELIMIT   5
#define END_CIRC_REASON_CONNECTFAILED   6
#define END_CIRC_REASON_OR_IDENTITY     7
#define END_CIRC_REASON_CHANNEL_CLOSED  8
#define END_CIRC_REASON_FINISHED        9
#define END_CIRC_REASON_TIMEOUT         10
#define END_CIRC_REASON_DESTROYED       11
#define END_CIRC_REASON_NOSUCHSERVICE   12
#define END_CIRC_REASON_MAX_            12

#define END_CIRC_REASON_FLAG_REMOTE     512

#define REND_SERVICE_ID_LEN_BASE32 16

#define REND_SERVICE_ADDRESS_LEN (16+1+5)

#define REND_SERVICE_ID_LEN 10

#define REND_TIME_PERIOD_V2_DESC_VALIDITY (24*60*60)

#define REND_TIME_PERIOD_OVERLAPPING_V2_DESCS (60*60)

#define REND_NUMBER_OF_NON_CONSECUTIVE_REPLICAS 2

#define REND_NUMBER_OF_CONSECUTIVE_REPLICAS 3

#define REND_DESC_ID_V2_LEN_BASE32 BASE32_DIGEST_LEN

#define REND_SECRET_ID_PART_LEN_BASE32 BASE32_DIGEST_LEN

#define REND_INTRO_POINT_ID_LEN_BASE32 BASE32_DIGEST_LEN

#define REND_DESC_COOKIE_LEN 16

#define REND_DESC_COOKIE_LEN_BASE64 22

#define REND_BASIC_AUTH_CLIENT_ID_LEN 4

#define REND_BASIC_AUTH_CLIENT_MULTIPLE 16

#define REND_BASIC_AUTH_CLIENT_ENTRY_LEN (REND_BASIC_AUTH_CLIENT_ID_LEN \
                                          + CIPHER_KEY_LEN)

#define REND_DESC_MAX_SIZE (20 * 1024)

#define REND_LEGAL_CLIENTNAME_CHARACTERS \
  "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789+-_"

#define REND_CLIENTNAME_MAX_LEN 16

#define REND_COOKIE_LEN DIGEST_LEN

typedef enum rend_auth_type_t {
  REND_NO_AUTH      = 0,
  REND_BASIC_AUTH   = 1,
  REND_STEALTH_AUTH = 2,
} rend_auth_type_t;

typedef struct rend_service_authorization_t {
  uint8_t descriptor_cookie[REND_DESC_COOKIE_LEN];
  char onion_address[REND_SERVICE_ADDRESS_LEN+1];
  rend_auth_type_t auth_type;
} rend_service_authorization_t;

typedef struct rend_data_t {
  /* Hidden service protocol version of this base object. */
  uint32_t version;

  smartlist_t *hsdirs_fp;

  char rend_cookie[REND_COOKIE_LEN];

  int nr_streams;
} rend_data_t;

typedef struct rend_data_v2_t {
  /* Rendezvous base data. */
  rend_data_t base_;

  char onion_address[REND_SERVICE_ID_LEN_BASE32+1];

  char descriptor_id[REND_NUMBER_OF_NON_CONSECUTIVE_REPLICAS][DIGEST_LEN];

  char descriptor_cookie[REND_DESC_COOKIE_LEN];

  rend_auth_type_t auth_type;

  char desc_id_fetch[DIGEST_LEN];

  char rend_pk_digest[DIGEST_LEN];
} rend_data_v2_t;

/* From a base rend_data_t object <b>d</d>, return the v2 object. */
static inline
rend_data_v2_t *TO_REND_DATA_V2(const rend_data_t *d)
{
  tor_assert(d);
  tor_assert(d->version == 2);
  return DOWNCAST(rend_data_v2_t, d);
}

/* Stub because we can't include hs_ident.h. */
struct hs_ident_edge_conn_t;
struct hs_ident_dir_conn_t;
struct hs_ident_circuit_t;

typedef struct hsdir_index_t hsdir_index_t;

#define REND_REPLAY_TIME_INTERVAL (5 * 60)

typedef enum {
  CELL_DIRECTION_IN=1, 
  CELL_DIRECTION_OUT=2, 
} cell_direction_t;

typedef enum {
  CIRCUIT_N_CHAN = 0,
  CIRCUIT_P_CHAN = 1
} circuit_channel_direction_t;

#define CIRCWINDOW_START 1000
#define CIRCWINDOW_START_MIN 100
#define CIRCWINDOW_START_MAX 1000

#define CIRCWINDOW_INCREMENT 100

#define STREAMWINDOW_START 500
#define STREAMWINDOW_START_MAX 500

#define STREAMWINDOW_INCREMENT 50

#define ORCIRC_MAX_MIDDLE_CELLS (CIRCWINDOW_START_MAX*2)

#define ORCIRC_MAX_MIDDLE_KILL_THRESH (1.1f)

/* Cell commands.  These values are defined in tor-spec.txt. */
#define CELL_PADDING 0
#define CELL_CREATE 1
#define CELL_CREATED 2
#define CELL_RELAY 3
#define CELL_DESTROY 4
#define CELL_CREATE_FAST 5
#define CELL_CREATED_FAST 6
#define CELL_VERSIONS 7
#define CELL_NETINFO 8
#define CELL_RELAY_EARLY 9
#define CELL_CREATE2 10
#define CELL_CREATED2 11
#define CELL_PADDING_NEGOTIATE 12

#define CELL_VPADDING 128
#define CELL_CERTS 129
#define CELL_AUTH_CHALLENGE 130
#define CELL_AUTHENTICATE 131
#define CELL_AUTHORIZE 132
#define CELL_COMMAND_MAX_ 132

#define TIMEOUT_UNTIL_UNREACHABILITY_COMPLAINT (20*60)

#define LEGAL_NICKNAME_CHARACTERS \
  "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789"

#define DEFAULT_CLIENT_NICKNAME "client"

#define UNNAMED_ROUTER_NICKNAME "Unnamed"

#define SOCKS4_NETWORK_LEN 8

/*
 * Relay payload:
 *         Relay command           [1 byte]
 *         Recognized              [2 bytes]
 *         Stream ID               [2 bytes]
 *         Partial SHA-1           [4 bytes]
 *         Length                  [2 bytes]
 *         Relay payload           [498 bytes]
 */

#define CELL_PAYLOAD_SIZE 509

#define CELL_MAX_NETWORK_SIZE 514

#define VAR_CELL_MAX_HEADER_SIZE 7

static int get_cell_network_size(int wide_circ_ids);
static inline int get_cell_network_size(int wide_circ_ids)
{
  return wide_circ_ids ? CELL_MAX_NETWORK_SIZE : CELL_MAX_NETWORK_SIZE - 2;
}
static int get_var_cell_header_size(int wide_circ_ids);
static inline int get_var_cell_header_size(int wide_circ_ids)
{
  return wide_circ_ids ? VAR_CELL_MAX_HEADER_SIZE :
    VAR_CELL_MAX_HEADER_SIZE - 2;
}
static int get_circ_id_size(int wide_circ_ids);
static inline int get_circ_id_size(int wide_circ_ids)
{
  return wide_circ_ids ? 4 : 2;
}

#define RELAY_HEADER_SIZE (1+2+2+4+2)

#define RELAY_PAYLOAD_SIZE (CELL_PAYLOAD_SIZE-RELAY_HEADER_SIZE)

typedef uint32_t circid_t;
typedef uint16_t streamid_t;

/* channel_t typedef; struct channel_s is in channel.h */

typedef struct channel_s channel_t;

/* channel_listener_t typedef; struct channel_listener_s is in channel.h */

typedef struct channel_listener_s channel_listener_t;

/* TLS channel stuff */

typedef struct channel_tls_s channel_tls_t;

/* circuitmux_t typedef; struct circuitmux_s is in circuitmux.h */

typedef struct circuitmux_s circuitmux_t;

typedef struct cell_t cell_t;
typedef struct var_cell_t var_cell_t;
typedef struct packed_cell_t packed_cell_t;
typedef struct cell_queue_t cell_queue_t;
typedef struct destroy_cell_t destroy_cell_t;
typedef struct destroy_cell_queue_t destroy_cell_queue_t;
typedef struct ext_or_cmd_t ext_or_cmd_t;

typedef struct {
  uint8_t command; 
  uint16_t recognized; 
  streamid_t stream_id; 
  char integrity[4]; 
  uint16_t length; 
} relay_header_t;

typedef struct socks_request_t socks_request_t;
typedef struct entry_port_cfg_t entry_port_cfg_t;
typedef struct server_port_cfg_t server_port_cfg_t;

#define OR_AUTH_CHALLENGE_LEN 32

#define OR_CERT_TYPE_TLS_LINK 1

#define OR_CERT_TYPE_ID_1024 2

#define OR_CERT_TYPE_AUTH_1024 3
/* DOCDOC */
#define OR_CERT_TYPE_RSA_ED_CROSSCERT 7

#define AUTHTYPE_RSA_SHA256_TLSSECRET 1

#define AUTHTYPE_RSA_SHA256_RFC5705 2

#define AUTHTYPE_ED25519_SHA256_RFC5705 3
/*
 * NOTE: authchallenge_type_is_better() relies on these AUTHTYPE codes
 * being sorted in order of preference.  If we someday add one with
 * a higher numerical value that we don't like as much, we should revise
 * authchallenge_type_is_better().
 */

#define V3_AUTH_FIXED_PART_LEN (8+(32*6))

#define V3_AUTH_BODY_LEN (V3_AUTH_FIXED_PART_LEN + 8 + 16)

typedef struct or_handshake_certs_t or_handshake_certs_t;
typedef struct or_handshake_state_t or_handshake_state_t;

#define EXT_OR_CONN_ID_LEN DIGEST_LEN /* 20 */
/*
 * OR_CONN_HIGHWATER and OR_CONN_LOWWATER moved from connection_or.c so
 * channeltls.c can see them too.
 */

#define OR_CONN_HIGHWATER (32*1024)

#define OR_CONN_LOWWATER (16*1024)

typedef struct connection_t connection_t;
typedef struct control_connection_t control_connection_t;
typedef struct dir_connection_t dir_connection_t;
typedef struct edge_connection_t edge_connection_t;
typedef struct entry_connection_t entry_connection_t;
typedef struct listener_connection_t listener_connection_t;
typedef struct or_connection_t or_connection_t;

#define TO_CONN(c) (&(((c)->base_)))

#define ENTRY_TO_CONN(c) (TO_CONN(ENTRY_TO_EDGE_CONN(c)))

typedef struct addr_policy_t addr_policy_t;

typedef struct cached_dir_t cached_dir_t;

typedef enum {
  SAVED_NOWHERE=0,
  SAVED_IN_CACHE,
  /* FFFF (We could also mmap the file and grow the mmap as needed, or
   * lazy-load the descriptor text by using seek and read.  We don't, for
   * now.)
   */
  SAVED_IN_JOURNAL
} saved_location_t;
#define saved_location_bitfield_t ENUM_BF(saved_location_t)

typedef enum {
  DL_SCHED_GENERIC = 0,
  DL_SCHED_CONSENSUS = 1,
  DL_SCHED_BRIDGE = 2,
} download_schedule_t;
#define download_schedule_bitfield_t ENUM_BF(download_schedule_t)

typedef enum {
  DL_WANT_ANY_DIRSERVER = 0,
  DL_WANT_AUTHORITY = 1,
} download_want_authority_t;
#define download_want_authority_bitfield_t \
                                        ENUM_BF(download_want_authority_t)

typedef enum {
  DL_SCHED_INCREMENT_FAILURE = 0,
  DL_SCHED_INCREMENT_ATTEMPT = 1,
} download_schedule_increment_t;
#define download_schedule_increment_bitfield_t \
                                        ENUM_BF(download_schedule_increment_t)

typedef struct download_status_t download_status_t;

#define IMPOSSIBLE_TO_DOWNLOAD 255

#define ROUTER_ANNOTATION_BUF_LEN 256

typedef struct signed_descriptor_t signed_descriptor_t;

typedef struct protover_summary_flags_t {
  unsigned int protocols_known:1;

  unsigned int supports_extend2_cells:1;

  unsigned int supports_ed25519_link_handshake_compat:1;

  unsigned int supports_ed25519_link_handshake_any:1;

  unsigned int supports_ed25519_hs_intro : 1;

  unsigned int supports_v3_hsdir : 1;

  unsigned int supports_v3_rendezvous_point: 1;

  unsigned int supports_padding : 1;
} protover_summary_flags_t;

typedef struct routerinfo_t routerinfo_t;
typedef struct extrainfo_t extrainfo_t;
typedef struct routerstatus_t routerstatus_t;

typedef struct microdesc_t microdesc_t;
typedef struct node_t node_t;
typedef struct vote_microdesc_hash_t vote_microdesc_hash_t;
typedef struct vote_routerstatus_t vote_routerstatus_t;
typedef struct document_signature_t document_signature_t;
typedef struct networkstatus_voter_info_t networkstatus_voter_info_t;
typedef struct networkstatus_sr_info_t networkstatus_sr_info_t;

typedef enum {
  FLAV_NS = 0,
  FLAV_MICRODESC = 1,
} consensus_flavor_t;

#define N_CONSENSUS_FLAVORS ((int)(FLAV_MICRODESC)+1)

typedef struct networkstatus_t networkstatus_t;
typedef struct ns_detached_signatures_t ns_detached_signatures_t;
typedef struct desc_store_t desc_store_t;
typedef struct routerlist_t routerlist_t;
typedef struct extend_info_t extend_info_t;
typedef struct authority_cert_t authority_cert_t;

typedef enum {
  NO_DIRINFO      = 0,
  V3_DIRINFO      = 1 << 2,
  BRIDGE_DIRINFO  = 1 << 4,
  EXTRAINFO_DIRINFO=1 << 5,
  MICRODESC_DIRINFO=1 << 6,
} dirinfo_type_t;

#define ALL_DIRINFO ((dirinfo_type_t)((1<<7)-1))

#define ONION_HANDSHAKE_TYPE_TAP  0x0000
#define ONION_HANDSHAKE_TYPE_FAST 0x0001
#define ONION_HANDSHAKE_TYPE_NTOR 0x0002
#define MAX_ONION_HANDSHAKE_TYPE 0x0002

typedef struct onion_handshake_state_t onion_handshake_state_t;
typedef struct relay_crypto_t relay_crypto_t;
typedef struct crypt_path_t crypt_path_t;
typedef struct crypt_path_reference_t crypt_path_reference_t;

#define CPATH_KEY_MATERIAL_LEN (20*2+16*2)

typedef struct cpath_build_state_t cpath_build_state_t;

struct create_cell_t;

typedef struct testing_cell_stats_entry_t {
  uint8_t command; 
  unsigned int waiting_time:22;
  unsigned int removed:1; 
  unsigned int exitward:1; 
} testing_cell_stats_entry_t;

typedef struct circuit_t circuit_t;
typedef struct origin_circuit_t origin_circuit_t;
typedef struct or_circuit_t or_circuit_t;

#define MAX_RELAY_EARLY_CELLS_PER_CIRCUIT 8

typedef enum path_state_t path_state_t;
#define path_state_bitfield_t ENUM_BF(path_state_t)

#if REND_COOKIE_LEN != DIGEST_LEN
#error "The REND_TOKEN_LEN macro assumes REND_COOKIE_LEN == DIGEST_LEN"
#endif
#define REND_TOKEN_LEN DIGEST_LEN

#define TO_CIRCUIT(x)  (&((x)->base_))

#define ISO_DESTPORT    (1u<<0)

#define ISO_DESTADDR    (1u<<1)

#define ISO_SOCKSAUTH   (1u<<2)

#define ISO_CLIENTPROTO (1u<<3)

#define ISO_CLIENTADDR  (1u<<4)

#define ISO_SESSIONGRP  (1u<<5)

#define ISO_NYM_EPOCH   (1u<<6)

#define ISO_STREAM      (1u<<7)

#define ISO_DEFAULT (ISO_CLIENTADDR|ISO_SOCKSAUTH|ISO_SESSIONGRP|ISO_NYM_EPOCH)

#define SESSION_GROUP_UNSET -1

#define SESSION_GROUP_DIRCONN -2

#define SESSION_GROUP_CONTROL_RESOLVE -3

#define SESSION_GROUP_FIRST_AUTO -4

typedef struct port_cfg_t port_cfg_t;
typedef struct routerset_t routerset_t;

#define CFG_AUTO_PORT 0xc4005e

typedef struct or_options_t or_options_t;

#define LOG_PROTOCOL_WARN (get_protocol_warning_severity_level())

typedef struct or_state_t or_state_t;

#define MAX_SOCKS_ADDR_LEN 256

/********************************* circuitbuild.c **********************/

#define DEFAULT_ROUTE_LEN 3

/* Circuit Build Timeout "public" structures. */

#define BW_WEIGHT_SCALE   10000
#define BW_MIN_WEIGHT_SCALE 1
#define BW_MAX_WEIGHT_SCALE INT32_MAX

typedef struct circuit_build_times_s circuit_build_times_t;

/********************************* config.c ***************************/

/********************************* connection_edge.c *************************/

typedef enum {
  ADDRMAPSRC_CONTROLLER,
  ADDRMAPSRC_AUTOMAP,
  ADDRMAPSRC_TORRC,
  ADDRMAPSRC_TRACKEXIT,
  ADDRMAPSRC_DNS,

  ADDRMAPSRC_NONE
} addressmap_entry_source_t;
#define addressmap_entry_source_bitfield_t ENUM_BF(addressmap_entry_source_t)

#define WRITE_STATS_INTERVAL (24*60*60)

/********************************* dirvote.c ************************/

typedef struct vote_timing_t vote_timing_t;

/********************************* microdesc.c *************************/

typedef struct microdesc_cache_t microdesc_cache_t;

/********************************* rendcommon.c ***************************/

typedef struct rend_authorized_client_t rend_authorized_client_t;
typedef struct rend_encoded_v2_service_descriptor_t
               rend_encoded_v2_service_descriptor_t;

#define MAX_INTRO_POINT_REACHABILITY_FAILURES 5

#define INTRO_POINT_MIN_LIFETIME_INTRODUCTIONS 16384
/* Double the minimum value so the interval is [min, min * 2]. */
#define INTRO_POINT_MAX_LIFETIME_INTRODUCTIONS \
  (INTRO_POINT_MIN_LIFETIME_INTRODUCTIONS * 2)

#define INTRO_POINT_LIFETIME_MIN_SECONDS (18*60*60)

#define INTRO_POINT_LIFETIME_MAX_SECONDS (24*60*60)

#define MAX_INTRO_POINT_CIRCUIT_RETRIES 3

typedef struct rend_intro_point_t rend_intro_point_t;
typedef struct rend_service_descriptor_t rend_service_descriptor_t;

/********************************* routerlist.c ***************************/

typedef struct dir_server_t dir_server_t;

#define RELAY_REQUIRED_MIN_BANDWIDTH (75*1024)
#define BRIDGE_REQUIRED_MIN_BANDWIDTH (50*1024)

#define ROUTER_MAX_DECLARED_BANDWIDTH INT32_MAX

typedef struct tor_version_t tor_version_t;

#endif /* !defined(TOR_OR_H) */