Tor  0.4.7.0-alpha-dev
or_connection_st.h
Go to the documentation of this file.
1 /* Copyright (c) 2001 Matej Pfajfar.
2  * Copyright (c) 2001-2004, Roger Dingledine.
3  * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson.
4  * Copyright (c) 2007-2021, The Tor Project, Inc. */
5 /* See LICENSE for licensing information */
6 
7 /**
8  * @file or_connection_st.h
9  * @brief OR connection structure.
10  **/
11 
12 #ifndef OR_CONNECTION_ST_H
13 #define OR_CONNECTION_ST_H
14 
15 #include "core/or/connection_st.h"
17 
18 struct tor_tls_t;
19 
20 /** Subtype of connection_t for an "OR connection" -- that is, one that speaks
21  * cells over TLS. */
23  connection_t base_;
24 
25  /** Hash of the public RSA key for the other side's identity key, or zeroes
26  * if the other side hasn't shown us a valid identity key. */
28 
29  /** Extended ORPort connection identifier. */
31  /** This is the ClientHash value we expect to receive from the
32  * client during the Extended ORPort authentication protocol. We
33  * compute it upon receiving the ClientNoce from the client, and we
34  * compare it with the actual ClientHash value sent by the
35  * client. */
37  /** String carrying the name of the pluggable transport
38  * (e.g. "obfs2") that is obfuscating this connection. If no
39  * pluggable transports are used, it's NULL. */
41 
42  char *nickname; /**< Nickname of OR on other side (if any). */
43 
44  struct tor_tls_t *tls; /**< TLS connection state. */
45  int tls_error; /**< Last tor_tls error code. */
46  /** When we last used this conn for any client traffic. If not
47  * recent, we can rate limit it further. */
48 
49  /* Channel using this connection */
50  channel_tls_t *chan;
51 
52  /**
53  * The "canonical" address and port for this relay's ORPort, if this is
54  * a known relay.
55  *
56  * An ORPort is "canonical" in this sense only if it is the same ORPort
57  * that is listed for this identity in the consensus we have.
58  *
59  * This field may be set on outbound connections for _any_ relay, and on
60  * inbound connections after authentication. If we don't know the relay's
61  * identity, or if we don't have the relay's identity in our consensus, we
62  * leave this address as UNSPEC.
63  **/
65 
66  /** Should this connection be used for extending circuits to the server
67  * matching the <b>identity_digest</b> field? Set to true if we're pretty
68  * sure we aren't getting MITMed, either because we're connected to an
69  * address listed in a server descriptor, or because an authenticated
70  * NETINFO cell listed the address we're connected to as recognized. */
71  unsigned int is_canonical:1;
72 
73  /** True iff this is an outgoing connection. */
74  unsigned int is_outgoing:1;
75  unsigned int proxy_type:3; /**< One of PROXY_NONE...PROXY_HAPROXY */
76  unsigned int wide_circ_ids:1;
77  /** True iff a failure on this connection indicates a possible
78  * bootstrapping problem. We set this as true if we notice that this
79  * connection could handle a pending origin circuit, or if we launch it to
80  * handle an origin circuit. */
82  /** True iff this connection has had its bootstrap failure logged with
83  * control_event_bootstrap_problem. */
85  /** True iff this is a client connection and its address has been put in the
86  * geoip cache and handled by the DoS mitigation subsystem. We use this to
87  * insure we have a coherent count of concurrent connection. */
88  unsigned int tracked_for_dos_mitigation : 1;
89  /** True iff this connection is using a pluggable transport */
90  unsigned int is_pt : 1;
91 
92  uint16_t link_proto; /**< What protocol version are we using? 0 for
93  * "none negotiated yet." */
94  uint16_t idle_timeout; /**< How long can this connection sit with no
95  * circuits on it before we close it? Based on
96  * IDLE_CIRCUIT_TIMEOUT_{NON,}CANONICAL and
97  * on is_canonical, randomized. */
98  or_handshake_state_t *handshake_state; /**< If we are setting this connection
99  * up, state information to do so. */
100 
101  time_t timestamp_lastempty; /**< When was the outbuf last completely empty?*/
102 
103  token_bucket_rw_t bucket; /**< Used for rate limiting when the connection is
104  * in state CONN_OPEN. */
105 
106  /*
107  * Count the number of bytes flushed out on this orconn, and the number of
108  * bytes TLS actually sent - used for overhead estimation for scheduling.
109  */
110  uint64_t bytes_xmitted, bytes_xmitted_by_tls;
111 };
112 
113 #endif /* !defined(OR_CONNECTION_ST_H) */
Base connection structure.
#define DIGEST_LEN
Definition: digest_sizes.h:20
token_bucket_rw_t bucket
channel_tls_t * chan
unsigned int potentially_used_for_bootstrapping
char * ext_or_auth_correct_client_hash
char identity_digest[DIGEST_LEN]
unsigned int is_outgoing
or_handshake_state_t * handshake_state
unsigned int is_pt
unsigned int have_noted_bootstrap_problem
tor_addr_port_t canonical_orport
unsigned int tracked_for_dos_mitigation
struct tor_tls_t * tls
unsigned int is_canonical
unsigned int proxy_type
Headers for token_bucket.c.