Tor  0.4.7.0-alpha-dev
relay.c
Go to the documentation of this file.
1 /* Copyright (c) 2001 Matej Pfajfar.
2  * Copyright (c) 2001-2004, Roger Dingledine.
3  * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson.
4  * Copyright (c) 2007-2021, The Tor Project, Inc. */
5 /* See LICENSE for licensing information */
6 
7 /**
8  * \file relay.c
9  * \brief Handle relay cell encryption/decryption, plus packaging and
10  * receiving from circuits, plus queuing on circuits.
11  *
12  * This is a core modules that makes Tor work. It's responsible for
13  * dealing with RELAY cells (the ones that travel more than one hop along a
14  * circuit), by:
15  * <ul>
16  * <li>constructing relays cells,
17  * <li>encrypting relay cells,
18  * <li>decrypting relay cells,
19  * <li>demultiplexing relay cells as they arrive on a connection,
20  * <li>queueing relay cells for retransmission,
21  * <li>or handling relay cells that are for us to receive (as an exit or a
22  * client).
23  * </ul>
24  *
25  * RELAY cells are generated throughout the code at the client or relay side,
26  * using relay_send_command_from_edge() or one of the functions like
27  * connection_edge_send_command() that calls it. Of particular interest is
28  * connection_edge_package_raw_inbuf(), which takes information that has
29  * arrived on an edge connection socket, and packages it as a RELAY_DATA cell
30  * -- this is how information is actually sent across the Tor network. The
31  * cryptography for these functions is handled deep in
32  * circuit_package_relay_cell(), which either adds a single layer of
33  * encryption (if we're an exit), or multiple layers (if we're the origin of
34  * the circuit). After construction and encryption, the RELAY cells are
35  * passed to append_cell_to_circuit_queue(), which queues them for
36  * transmission and tells the circuitmux (see circuitmux.c) that the circuit
37  * is waiting to send something.
38  *
39  * Incoming RELAY cells arrive at circuit_receive_relay_cell(), called from
40  * command.c. There they are decrypted and, if they are for us, are passed to
41  * connection_edge_process_relay_cell(). If they're not for us, they're
42  * re-queued for retransmission again with append_cell_to_circuit_queue().
43  *
44  * The connection_edge_process_relay_cell() function handles all the different
45  * types of relay cells, launching requests or transmitting data as needed.
46  **/
47 
48 #define RELAY_PRIVATE
49 #include "core/or/or.h"
51 #include "lib/err/backtrace.h"
52 #include "lib/buf/buffers.h"
53 #include "core/or/channel.h"
54 #include "feature/client/circpathbias.h"
55 #include "core/or/circuitbuild.h"
56 #include "core/or/circuitlist.h"
57 #include "core/or/circuituse.h"
58 #include "core/or/circuitpadding.h"
59 #include "core/or/extendinfo.h"
60 #include "lib/compress/compress.h"
61 #include "app/config/config.h"
64 #include "core/or/connection_or.h"
69 #include "feature/relay/dns.h"
72 #include "feature/hs/hs_cache.h"
73 #include "core/mainloop/mainloop.h"
76 #include "core/or/onion.h"
77 #include "core/or/policies.h"
78 #include "core/or/reasons.h"
79 #include "core/or/relay.h"
84 #include "core/or/scheduler.h"
85 #include "feature/hs/hs_metrics.h"
86 #include "feature/stats/rephist.h"
87 
88 #include "core/or/cell_st.h"
89 #include "core/or/cell_queue_st.h"
94 #include "core/or/extend_info_st.h"
95 #include "core/or/or_circuit_st.h"
99 #include "core/or/sendme.h"
100 
102  cell_direction_t cell_direction,
103  crypt_path_t *layer_hint);
104 
105 static void circuit_resume_edge_reading(circuit_t *circ,
106  crypt_path_t *layer_hint);
108  circuit_t *circ,
109  crypt_path_t *layer_hint);
111  crypt_path_t *layer_hint);
114  entry_connection_t *conn,
115  node_t *node,
116  const tor_addr_t *addr);
117 
118 /** Stop reading on edge connections when we have this many cells
119  * waiting on the appropriate queue. */
120 #define CELL_QUEUE_HIGHWATER_SIZE 256
121 /** Start reading from edge connections again when we get down to this many
122  * cells. */
123 #define CELL_QUEUE_LOWWATER_SIZE 64
124 
125 /** Stats: how many relay cells have originated at this hop, or have
126  * been relayed onward (not recognized at this hop)?
127  */
129 /** Stats: how many relay cells have been delivered to streams at this
130  * hop?
131  */
133 /** Stats: how many circuits have we closed due to the cell queue limit being
134  * reached (see append_cell_to_circuit_queue()) */
136 
137 /**
138  * Update channel usage state based on the type of relay cell and
139  * circuit properties.
140  *
141  * This is needed to determine if a client channel is being
142  * used for application traffic, and if a relay channel is being
143  * used for multihop circuits and application traffic. The decision
144  * to pad in channelpadding.c depends upon this info (as well as
145  * consensus parameters) to decide what channels to pad.
146  */
147 static void
149 {
150  if (CIRCUIT_IS_ORIGIN(circ)) {
151  /*
152  * The client state was first set much earlier in
153  * circuit_send_next_onion_skin(), so we can start padding as early as
154  * possible.
155  *
156  * However, if padding turns out to be expensive, we may want to not do
157  * it until actual application traffic starts flowing (which is controlled
158  * via consensus param nf_pad_before_usage).
159  *
160  * So: If we're an origin circuit and we've created a full length circuit,
161  * then any CELL_RELAY cell means application data. Increase the usage
162  * state of the channel to indicate this.
163  *
164  * We want to wait for CELL_RELAY specifically here, so we know that
165  * the channel was definitely being used for data and not for extends.
166  * By default, we pad as soon as a channel has been used for *any*
167  * circuits, so this state is irrelevant to the padding decision in
168  * the default case. However, if padding turns out to be expensive,
169  * we would like the ability to avoid padding until we're absolutely
170  * sure that a channel is used for enough application data to be worth
171  * padding.
172  *
173  * (So it does not matter that CELL_RELAY_EARLY can actually contain
174  * application data. This is only a load reducing option and that edge
175  * case does not matter if we're desperately trying to reduce overhead
176  * anyway. See also consensus parameter nf_pad_before_usage).
177  */
178  if (BUG(!circ->n_chan))
179  return;
180 
181  if (circ->n_chan->channel_usage == CHANNEL_USED_FOR_FULL_CIRCS &&
182  cell->command == CELL_RELAY) {
183  circ->n_chan->channel_usage = CHANNEL_USED_FOR_USER_TRAFFIC;
184  }
185  } else {
186  /* If we're a relay circuit, the question is more complicated. Basically:
187  * we only want to pad connections that carry multihop (anonymous)
188  * circuits.
189  *
190  * We assume we're more than one hop if either the previous hop
191  * is not a client, or if the previous hop is a client and there's
192  * a next hop. Then, circuit traffic starts at RELAY_EARLY, and
193  * user application traffic starts when we see RELAY cells.
194  */
195  or_circuit_t *or_circ = TO_OR_CIRCUIT(circ);
196 
197  if (BUG(!or_circ->p_chan))
198  return;
199 
200  if (!channel_is_client(or_circ->p_chan) ||
201  (channel_is_client(or_circ->p_chan) && circ->n_chan)) {
202  if (cell->command == CELL_RELAY_EARLY) {
203  if (or_circ->p_chan->channel_usage < CHANNEL_USED_FOR_FULL_CIRCS) {
204  or_circ->p_chan->channel_usage = CHANNEL_USED_FOR_FULL_CIRCS;
205  }
206  } else if (cell->command == CELL_RELAY) {
207  or_circ->p_chan->channel_usage = CHANNEL_USED_FOR_USER_TRAFFIC;
208  }
209  }
210  }
211 }
212 
213 /** Receive a relay cell:
214  * - Crypt it (encrypt if headed toward the origin or if we <b>are</b> the
215  * origin; decrypt if we're headed toward the exit).
216  * - Check if recognized (if exitward).
217  * - If recognized and the digest checks out, then find if there's a stream
218  * that the cell is intended for, and deliver it to the right
219  * connection_edge.
220  * - If not recognized, then we need to relay it: append it to the appropriate
221  * cell_queue on <b>circ</b>.
222  *
223  * Return -<b>reason</b> on failure.
224  */
225 int
227  cell_direction_t cell_direction)
228 {
229  channel_t *chan = NULL;
230  crypt_path_t *layer_hint=NULL;
231  char recognized=0;
232  int reason;
233 
234  tor_assert(cell);
235  tor_assert(circ);
236  tor_assert(cell_direction == CELL_DIRECTION_OUT ||
237  cell_direction == CELL_DIRECTION_IN);
238  if (circ->marked_for_close)
239  return 0;
240 
241  if (relay_decrypt_cell(circ, cell, cell_direction, &layer_hint, &recognized)
242  < 0) {
243  log_fn(LOG_PROTOCOL_WARN, LD_PROTOCOL,
244  "relay crypt failed. Dropping connection.");
245  return -END_CIRC_REASON_INTERNAL;
246  }
247 
248  circuit_update_channel_usage(circ, cell);
249 
250  if (recognized) {
251  edge_connection_t *conn = NULL;
252 
253  /* Recognized cell, the cell digest has been updated, we'll record it for
254  * the SENDME if need be. */
255  sendme_record_received_cell_digest(circ, layer_hint);
256 
258  if (pathbias_check_probe_response(circ, cell) == -1) {
259  pathbias_count_valid_cells(circ, cell);
260  }
261 
262  /* We need to drop this cell no matter what to avoid code that expects
263  * a certain purpose (such as the hidserv code). */
264  return 0;
265  }
266 
267  conn = relay_lookup_conn(circ, cell, cell_direction, layer_hint);
268  if (cell_direction == CELL_DIRECTION_OUT) {
270  log_debug(LD_OR,"Sending away from origin.");
271  reason = connection_edge_process_relay_cell(cell, circ, conn, NULL);
272  if (reason < 0) {
273  log_fn(LOG_PROTOCOL_WARN, LD_PROTOCOL,
274  "connection_edge_process_relay_cell (away from origin) "
275  "failed.");
276  return reason;
277  }
278  }
279  if (cell_direction == CELL_DIRECTION_IN) {
281  log_debug(LD_OR,"Sending to origin.");
282  reason = connection_edge_process_relay_cell(cell, circ, conn,
283  layer_hint);
284  if (reason < 0) {
285  /* If a client is trying to connect to unknown hidden service port,
286  * END_CIRC_AT_ORIGIN is sent back so we can then close the circuit.
287  * Do not log warn as this is an expected behavior for a service. */
288  if (reason != END_CIRC_AT_ORIGIN) {
289  log_warn(LD_OR,
290  "connection_edge_process_relay_cell (at origin) failed.");
291  }
292  return reason;
293  }
294  }
295  return 0;
296  }
297 
298  /* not recognized. inform circpad and pass it on. */
299  circpad_deliver_unrecognized_cell_events(circ, cell_direction);
300 
301  if (cell_direction == CELL_DIRECTION_OUT) {
302  cell->circ_id = circ->n_circ_id; /* switch it */
303  chan = circ->n_chan;
304  } else if (! CIRCUIT_IS_ORIGIN(circ)) {
305  cell->circ_id = TO_OR_CIRCUIT(circ)->p_circ_id; /* switch it */
306  chan = TO_OR_CIRCUIT(circ)->p_chan;
307  } else {
308  log_fn(LOG_PROTOCOL_WARN, LD_OR,
309  "Dropping unrecognized inbound cell on origin circuit.");
310  /* If we see unrecognized cells on path bias testing circs,
311  * it's bad mojo. Those circuits need to die.
312  * XXX: Shouldn't they always die? */
315  return -END_CIRC_REASON_TORPROTOCOL;
316  } else {
317  return 0;
318  }
319  }
320 
321  if (!chan) {
322  // XXXX Can this splice stuff be done more cleanly?
323  if (! CIRCUIT_IS_ORIGIN(circ) &&
324  TO_OR_CIRCUIT(circ)->rend_splice &&
325  cell_direction == CELL_DIRECTION_OUT) {
326  or_circuit_t *splice_ = TO_OR_CIRCUIT(circ)->rend_splice;
329  cell->circ_id = splice_->p_circ_id;
330  cell->command = CELL_RELAY; /* can't be relay_early anyway */
331  if ((reason = circuit_receive_relay_cell(cell, TO_CIRCUIT(splice_),
332  CELL_DIRECTION_IN)) < 0) {
333  log_warn(LD_REND, "Error relaying cell across rendezvous; closing "
334  "circuits");
335  /* XXXX Do this here, or just return -1? */
336  circuit_mark_for_close(circ, -reason);
337  return reason;
338  }
339  return 0;
340  }
341  log_fn(LOG_PROTOCOL_WARN, LD_PROTOCOL,
342  "Didn't recognize cell, but circ stops here! Closing circ.");
343  return -END_CIRC_REASON_TORPROTOCOL;
344  }
345 
346  log_debug(LD_OR,"Passing on unrecognized cell.");
347 
348  ++stats_n_relay_cells_relayed; /* XXXX no longer quite accurate {cells}
349  * we might kill the circ before we relay
350  * the cells. */
351 
352  append_cell_to_circuit_queue(circ, chan, cell, cell_direction, 0);
353  return 0;
354 }
355 
356 /** Package a relay cell from an edge:
357  * - Encrypt it to the right layer
358  * - Append it to the appropriate cell_queue on <b>circ</b>.
359  */
360 MOCK_IMPL(int,
362  cell_direction_t cell_direction,
363  crypt_path_t *layer_hint, streamid_t on_stream,
364  const char *filename, int lineno))
365 {
366  channel_t *chan; /* where to send the cell */
367 
368  if (circ->marked_for_close) {
369  /* Circuit is marked; send nothing. */
370  return 0;
371  }
372 
373  if (cell_direction == CELL_DIRECTION_OUT) {
374  chan = circ->n_chan;
375  if (!chan) {
376  log_warn(LD_BUG,"outgoing relay cell sent from %s:%d has n_chan==NULL."
377  " Dropping. Circuit is in state %s (%d), and is "
378  "%smarked for close. (%s:%d, %d)", filename, lineno,
379  circuit_state_to_string(circ->state), circ->state,
380  circ->marked_for_close ? "" : "not ",
383  if (CIRCUIT_IS_ORIGIN(circ)) {
385  }
386  log_backtrace(LOG_WARN,LD_BUG,"");
387  return 0; /* just drop it */
388  }
389  if (!CIRCUIT_IS_ORIGIN(circ)) {
390  log_warn(LD_BUG,"outgoing relay cell sent from %s:%d on non-origin "
391  "circ. Dropping.", filename, lineno);
392  log_backtrace(LOG_WARN,LD_BUG,"");
393  return 0; /* just drop it */
394  }
395 
396  relay_encrypt_cell_outbound(cell, TO_ORIGIN_CIRCUIT(circ), layer_hint);
397 
398  /* Update circ written totals for control port */
399  origin_circuit_t *ocirc = TO_ORIGIN_CIRCUIT(circ);
400  ocirc->n_written_circ_bw = tor_add_u32_nowrap(ocirc->n_written_circ_bw,
402 
403  } else { /* incoming cell */
404  if (CIRCUIT_IS_ORIGIN(circ)) {
405  /* We should never package an _incoming_ cell from the circuit
406  * origin; that means we messed up somewhere. */
407  log_warn(LD_BUG,"incoming relay cell at origin circuit. Dropping.");
408  assert_circuit_ok(circ);
409  return 0; /* just drop it */
410  }
411  or_circuit_t *or_circ = TO_OR_CIRCUIT(circ);
412  relay_encrypt_cell_inbound(cell, or_circ);
413  chan = or_circ->p_chan;
414  }
416 
417  append_cell_to_circuit_queue(circ, chan, cell, cell_direction, on_stream);
418  return 0;
419 }
420 
421 /** If cell's stream_id matches the stream_id of any conn that's
422  * attached to circ, return that conn, else return NULL.
423  */
424 static edge_connection_t *
426  cell_direction_t cell_direction, crypt_path_t *layer_hint)
427 {
428  edge_connection_t *tmpconn;
429  relay_header_t rh;
430 
431  relay_header_unpack(&rh, cell->payload);
432 
433  if (!rh.stream_id)
434  return NULL;
435 
436  /* IN or OUT cells could have come from either direction, now
437  * that we allow rendezvous *to* an OP.
438  */
439 
440  if (CIRCUIT_IS_ORIGIN(circ)) {
441  for (tmpconn = TO_ORIGIN_CIRCUIT(circ)->p_streams; tmpconn;
442  tmpconn=tmpconn->next_stream) {
443  if (rh.stream_id == tmpconn->stream_id &&
444  !tmpconn->base_.marked_for_close &&
445  tmpconn->cpath_layer == layer_hint) {
446  log_debug(LD_APP,"found conn for stream %d.", rh.stream_id);
447  return tmpconn;
448  }
449  }
450  } else {
451  for (tmpconn = TO_OR_CIRCUIT(circ)->n_streams; tmpconn;
452  tmpconn=tmpconn->next_stream) {
453  if (rh.stream_id == tmpconn->stream_id &&
454  !tmpconn->base_.marked_for_close) {
455  log_debug(LD_EXIT,"found conn for stream %d.", rh.stream_id);
456  if (cell_direction == CELL_DIRECTION_OUT ||
458  return tmpconn;
459  }
460  }
461  for (tmpconn = TO_OR_CIRCUIT(circ)->resolving_streams; tmpconn;
462  tmpconn=tmpconn->next_stream) {
463  if (rh.stream_id == tmpconn->stream_id &&
464  !tmpconn->base_.marked_for_close) {
465  log_debug(LD_EXIT,"found conn for stream %d.", rh.stream_id);
466  return tmpconn;
467  }
468  }
469  }
470  return NULL; /* probably a begin relay cell */
471 }
472 
473 /** Pack the relay_header_t host-order structure <b>src</b> into
474  * network-order in the buffer <b>dest</b>. See tor-spec.txt for details
475  * about the wire format.
476  */
477 void
478 relay_header_pack(uint8_t *dest, const relay_header_t *src)
479 {
480  set_uint8(dest, src->command);
481  set_uint16(dest+1, htons(src->recognized));
482  set_uint16(dest+3, htons(src->stream_id));
483  memcpy(dest+5, src->integrity, 4);
484  set_uint16(dest+9, htons(src->length));
485 }
486 
487 /** Unpack the network-order buffer <b>src</b> into a host-order
488  * relay_header_t structure <b>dest</b>.
489  */
490 void
491 relay_header_unpack(relay_header_t *dest, const uint8_t *src)
492 {
493  dest->command = get_uint8(src);
494  dest->recognized = ntohs(get_uint16(src+1));
495  dest->stream_id = ntohs(get_uint16(src+3));
496  memcpy(dest->integrity, src+5, 4);
497  dest->length = ntohs(get_uint16(src+9));
498 }
499 
500 /** Convert the relay <b>command</b> into a human-readable string. */
501 static const char *
503 {
504  static char buf[64];
505  switch (command) {
506  case RELAY_COMMAND_BEGIN: return "BEGIN";
507  case RELAY_COMMAND_DATA: return "DATA";
508  case RELAY_COMMAND_END: return "END";
509  case RELAY_COMMAND_CONNECTED: return "CONNECTED";
510  case RELAY_COMMAND_SENDME: return "SENDME";
511  case RELAY_COMMAND_EXTEND: return "EXTEND";
512  case RELAY_COMMAND_EXTENDED: return "EXTENDED";
513  case RELAY_COMMAND_TRUNCATE: return "TRUNCATE";
514  case RELAY_COMMAND_TRUNCATED: return "TRUNCATED";
515  case RELAY_COMMAND_DROP: return "DROP";
516  case RELAY_COMMAND_RESOLVE: return "RESOLVE";
517  case RELAY_COMMAND_RESOLVED: return "RESOLVED";
518  case RELAY_COMMAND_BEGIN_DIR: return "BEGIN_DIR";
519  case RELAY_COMMAND_ESTABLISH_INTRO: return "ESTABLISH_INTRO";
520  case RELAY_COMMAND_ESTABLISH_RENDEZVOUS: return "ESTABLISH_RENDEZVOUS";
521  case RELAY_COMMAND_INTRODUCE1: return "INTRODUCE1";
522  case RELAY_COMMAND_INTRODUCE2: return "INTRODUCE2";
523  case RELAY_COMMAND_RENDEZVOUS1: return "RENDEZVOUS1";
524  case RELAY_COMMAND_RENDEZVOUS2: return "RENDEZVOUS2";
525  case RELAY_COMMAND_INTRO_ESTABLISHED: return "INTRO_ESTABLISHED";
526  case RELAY_COMMAND_RENDEZVOUS_ESTABLISHED:
527  return "RENDEZVOUS_ESTABLISHED";
528  case RELAY_COMMAND_INTRODUCE_ACK: return "INTRODUCE_ACK";
529  case RELAY_COMMAND_EXTEND2: return "EXTEND2";
530  case RELAY_COMMAND_EXTENDED2: return "EXTENDED2";
531  case RELAY_COMMAND_PADDING_NEGOTIATE: return "PADDING_NEGOTIATE";
532  case RELAY_COMMAND_PADDING_NEGOTIATED: return "PADDING_NEGOTIATED";
533  default:
534  tor_snprintf(buf, sizeof(buf), "Unrecognized relay command %u",
535  (unsigned)command);
536  return buf;
537  }
538 }
539 
540 /** When padding a cell with randomness, leave this many zeros after the
541  * payload. */
542 #define CELL_PADDING_GAP 4
543 
544 /** Return the offset where the padding should start. The <b>data_len</b> is
545  * the relay payload length expected to be put in the cell. It can not be
546  * bigger than RELAY_PAYLOAD_SIZE else this function assert().
547  *
548  * Value will always be smaller than CELL_PAYLOAD_SIZE because this offset is
549  * for the entire cell length not just the data payload length. Zero is
550  * returned if there is no room for padding.
551  *
552  * This function always skips the first 4 bytes after the payload because
553  * having some unused zero bytes has saved us a lot of times in the past. */
554 
555 STATIC size_t
556 get_pad_cell_offset(size_t data_len)
557 {
558  /* This is never supposed to happen but in case it does, stop right away
559  * because if tor is tricked somehow into not adding random bytes to the
560  * payload with this function returning 0 for a bad data_len, the entire
561  * authenticated SENDME design can be bypassed leading to bad denial of
562  * service attacks. */
563  tor_assert(data_len <= RELAY_PAYLOAD_SIZE);
564 
565  /* If the offset is larger than the cell payload size, we return an offset
566  * of zero indicating that no padding needs to be added. */
567  size_t offset = RELAY_HEADER_SIZE + data_len + CELL_PADDING_GAP;
568  if (offset >= CELL_PAYLOAD_SIZE) {
569  return 0;
570  }
571  return offset;
572 }
573 
574 /* Add random bytes to the unused portion of the payload, to foil attacks
575  * where the other side can predict all of the bytes in the payload and thus
576  * compute the authenticated SENDME cells without seeing the traffic. See
577  * proposal 289. */
578 static void
579 pad_cell_payload(uint8_t *cell_payload, size_t data_len)
580 {
581  size_t pad_offset, pad_len;
582 
583  tor_assert(cell_payload);
584 
585  pad_offset = get_pad_cell_offset(data_len);
586  if (pad_offset == 0) {
587  /* We can't add padding so we are done. */
588  return;
589  }
590 
591  /* Remember here that the cell_payload is the length of the header and
592  * payload size so we offset it using the full length of the cell. */
593  pad_len = CELL_PAYLOAD_SIZE - pad_offset;
595  cell_payload + pad_offset, pad_len);
596 }
597 
598 /** Make a relay cell out of <b>relay_command</b> and <b>payload</b>, and send
599  * it onto the open circuit <b>circ</b>. <b>stream_id</b> is the ID on
600  * <b>circ</b> for the stream that's sending the relay cell, or 0 if it's a
601  * control cell. <b>cpath_layer</b> is NULL for OR->OP cells, or the
602  * destination hop for OP->OR cells.
603  *
604  * If you can't send the cell, mark the circuit for close and return -1. Else
605  * return 0.
606  */
607 MOCK_IMPL(int,
609  uint8_t relay_command, const char *payload,
610  size_t payload_len, crypt_path_t *cpath_layer,
611  const char *filename, int lineno))
612 {
613  cell_t cell;
614  relay_header_t rh;
615  cell_direction_t cell_direction;
616  /* XXXX NM Split this function into a separate versions per circuit type? */
617 
618  tor_assert(circ);
619  tor_assert(payload_len <= RELAY_PAYLOAD_SIZE);
620 
621  memset(&cell, 0, sizeof(cell_t));
622  cell.command = CELL_RELAY;
623  if (CIRCUIT_IS_ORIGIN(circ)) {
624  tor_assert(cpath_layer);
625  cell.circ_id = circ->n_circ_id;
626  cell_direction = CELL_DIRECTION_OUT;
627  } else {
628  tor_assert(! cpath_layer);
629  cell.circ_id = TO_OR_CIRCUIT(circ)->p_circ_id;
630  cell_direction = CELL_DIRECTION_IN;
631  }
632 
633  memset(&rh, 0, sizeof(rh));
634  rh.command = relay_command;
635  rh.stream_id = stream_id;
636  rh.length = payload_len;
637  relay_header_pack(cell.payload, &rh);
638  if (payload_len)
639  memcpy(cell.payload+RELAY_HEADER_SIZE, payload, payload_len);
640 
641  /* Add random padding to the cell if we can. */
642  pad_cell_payload(cell.payload, payload_len);
643 
644  log_debug(LD_OR,"delivering %d cell %s.", relay_command,
645  cell_direction == CELL_DIRECTION_OUT ? "forward" : "backward");
646 
647  /* Tell circpad we're sending a relay cell */
648  circpad_deliver_sent_relay_cell_events(circ, relay_command);
649 
650  /* If we are sending an END cell and this circuit is used for a tunneled
651  * directory request, advance its state. */
652  if (relay_command == RELAY_COMMAND_END && circ->dirreq_id)
653  geoip_change_dirreq_state(circ->dirreq_id, DIRREQ_TUNNELED,
655 
656  if (cell_direction == CELL_DIRECTION_OUT && circ->n_chan) {
657  /* if we're using relaybandwidthrate, this conn wants priority */
659  }
660 
661  if (cell_direction == CELL_DIRECTION_OUT) {
662  origin_circuit_t *origin_circ = TO_ORIGIN_CIRCUIT(circ);
663  if (origin_circ->remaining_relay_early_cells > 0 &&
664  (relay_command == RELAY_COMMAND_EXTEND ||
665  relay_command == RELAY_COMMAND_EXTEND2 ||
666  cpath_layer != origin_circ->cpath)) {
667  /* If we've got any relay_early cells left and (we're sending
668  * an extend cell or we're not talking to the first hop), use
669  * one of them. Don't worry about the conn protocol version:
670  * append_cell_to_circuit_queue will fix it up. */
671  cell.command = CELL_RELAY_EARLY;
672  /* If we're out of relay early cells, tell circpad */
673  if (--origin_circ->remaining_relay_early_cells == 0)
675  log_debug(LD_OR, "Sending a RELAY_EARLY cell; %d remaining.",
676  (int)origin_circ->remaining_relay_early_cells);
677  /* Memorize the command that is sent as RELAY_EARLY cell; helps debug
678  * task 878. */
679  origin_circ->relay_early_commands[
680  origin_circ->relay_early_cells_sent++] = relay_command;
681  } else if (relay_command == RELAY_COMMAND_EXTEND ||
682  relay_command == RELAY_COMMAND_EXTEND2) {
683  /* If no RELAY_EARLY cells can be sent over this circuit, log which
684  * commands have been sent as RELAY_EARLY cells before; helps debug
685  * task 878. */
686  smartlist_t *commands_list = smartlist_new();
687  int i = 0;
688  char *commands = NULL;
689  for (; i < origin_circ->relay_early_cells_sent; i++)
690  smartlist_add(commands_list, (char *)
692  commands = smartlist_join_strings(commands_list, ",", 0, NULL);
693  log_warn(LD_BUG, "Uh-oh. We're sending a RELAY_COMMAND_EXTEND cell, "
694  "but we have run out of RELAY_EARLY cells on that circuit. "
695  "Commands sent before: %s", commands);
696  tor_free(commands);
697  smartlist_free(commands_list);
698  }
699 
700  /* Let's assume we're well-behaved: Anything that we decide to send is
701  * valid, delivered data. */
702  circuit_sent_valid_data(origin_circ, rh.length);
703  }
704 
705  if (circuit_package_relay_cell(&cell, circ, cell_direction, cpath_layer,
706  stream_id, filename, lineno) < 0) {
707  log_warn(LD_BUG,"circuit_package_relay_cell failed. Closing.");
708  circuit_mark_for_close(circ, END_CIRC_REASON_INTERNAL);
709  return -1;
710  }
711 
712  /* If applicable, note the cell digest for the SENDME version 1 purpose if
713  * we need to. This call needs to be after the circuit_package_relay_cell()
714  * because the cell digest is set within that function. */
715  if (relay_command == RELAY_COMMAND_DATA) {
716  sendme_record_cell_digest_on_circ(circ, cpath_layer);
717  }
718 
719  return 0;
720 }
721 
722 /** Make a relay cell out of <b>relay_command</b> and <b>payload</b>, and
723  * send it onto the open circuit <b>circ</b>. <b>fromconn</b> is the stream
724  * that's sending the relay cell, or NULL if it's a control cell.
725  * <b>cpath_layer</b> is NULL for OR->OP cells, or the destination hop
726  * for OP->OR cells.
727  *
728  * If you can't send the cell, mark the circuit for close and
729  * return -1. Else return 0.
730  */
731 int
733  uint8_t relay_command, const char *payload,
734  size_t payload_len)
735 {
736  /* XXXX NM Split this function into a separate versions per circuit type? */
737  circuit_t *circ;
738  crypt_path_t *cpath_layer = fromconn->cpath_layer;
739  tor_assert(fromconn);
740  circ = fromconn->on_circuit;
741 
742  if (fromconn->base_.marked_for_close) {
743  log_warn(LD_BUG,
744  "called on conn that's already marked for close at %s:%d.",
745  fromconn->base_.marked_for_close_file,
746  fromconn->base_.marked_for_close);
747  return 0;
748  }
749 
750  if (!circ) {
751  if (fromconn->base_.type == CONN_TYPE_AP) {
752  log_info(LD_APP,"no circ. Closing conn.");
753  connection_mark_unattached_ap(EDGE_TO_ENTRY_CONN(fromconn),
754  END_STREAM_REASON_INTERNAL);
755  } else {
756  log_info(LD_EXIT,"no circ. Closing conn.");
757  fromconn->edge_has_sent_end = 1; /* no circ to send to */
758  fromconn->end_reason = END_STREAM_REASON_INTERNAL;
759  connection_mark_for_close(TO_CONN(fromconn));
760  }
761  return -1;
762  }
763 
764  if (circ->marked_for_close) {
765  /* The circuit has been marked, but not freed yet. When it's freed, it
766  * will mark this connection for close. */
767  return -1;
768  }
769 
770 #ifdef MEASUREMENTS_21206
771  /* Keep track of the number of RELAY_DATA cells sent for directory
772  * connections. */
773  connection_t *linked_conn = TO_CONN(fromconn)->linked_conn;
774 
775  if (linked_conn && linked_conn->type == CONN_TYPE_DIR) {
776  ++(TO_DIR_CONN(linked_conn)->data_cells_sent);
777  }
778 #endif /* defined(MEASUREMENTS_21206) */
779 
780  return relay_send_command_from_edge(fromconn->stream_id, circ,
781  relay_command, payload,
782  payload_len, cpath_layer);
783 }
784 
785 /** How many times will I retry a stream that fails due to DNS
786  * resolve failure or misc error?
787  */
788 #define MAX_RESOLVE_FAILURES 3
789 
790 /** Return 1 if reason is something that you should retry if you
791  * get the end cell before you've connected; else return 0. */
792 static int
794 {
795  return reason == END_STREAM_REASON_HIBERNATING ||
796  reason == END_STREAM_REASON_RESOURCELIMIT ||
797  reason == END_STREAM_REASON_EXITPOLICY ||
798  reason == END_STREAM_REASON_RESOLVEFAILED ||
799  reason == END_STREAM_REASON_MISC ||
800  reason == END_STREAM_REASON_NOROUTE;
801 }
802 
803 /** Called when we receive an END cell on a stream that isn't open yet,
804  * from the client side.
805  * Arguments are as for connection_edge_process_relay_cell().
806  */
807 static int
809  relay_header_t *rh, cell_t *cell, origin_circuit_t *circ,
810  entry_connection_t *conn, crypt_path_t *layer_hint)
811 {
812  node_t *exitrouter;
813  int reason = *(cell->payload+RELAY_HEADER_SIZE);
814  int control_reason;
815  edge_connection_t *edge_conn = ENTRY_TO_EDGE_CONN(conn);
816  (void) layer_hint; /* unused */
817 
818  if (rh->length > 0) {
819  if (reason == END_STREAM_REASON_TORPROTOCOL ||
820  reason == END_STREAM_REASON_DESTROY) {
821  /* Both of these reasons could mean a failed tag
822  * hit the exit and it complained. Do not probe.
823  * Fail the circuit. */
825  return -END_CIRC_REASON_TORPROTOCOL;
826  } else if (reason == END_STREAM_REASON_INTERNAL) {
827  /* We can't infer success or failure, since older Tors report
828  * ENETUNREACH as END_STREAM_REASON_INTERNAL. */
829  } else {
830  /* Path bias: If we get a valid reason code from the exit,
831  * it wasn't due to tagging.
832  *
833  * We rely on recognized+digest being strong enough to make
834  * tags unlikely to allow us to get tagged, yet 'recognized'
835  * reason codes here. */
837  }
838  }
839 
840  /* This end cell is now valid. */
841  circuit_read_valid_data(circ, rh->length);
842 
843  if (rh->length == 0) {
844  reason = END_STREAM_REASON_MISC;
845  }
846 
847  control_reason = reason | END_STREAM_REASON_FLAG_REMOTE;
848 
849  if (edge_reason_is_retriable(reason) &&
850  /* avoid retry if rend */
852  const char *chosen_exit_digest =
854  log_info(LD_APP,"Address '%s' refused due to '%s'. Considering retrying.",
855  safe_str(conn->socks_request->address),
857  exitrouter = node_get_mutable_by_id(chosen_exit_digest);
858  switch (reason) {
859  case END_STREAM_REASON_EXITPOLICY: {
860  tor_addr_t addr;
861  tor_addr_make_unspec(&addr);
862  if (rh->length >= 5) {
863  int ttl = -1;
864  tor_addr_make_unspec(&addr);
865  if (rh->length == 5 || rh->length == 9) {
866  tor_addr_from_ipv4n(&addr,
868  if (rh->length == 9)
869  ttl = (int)ntohl(get_uint32(cell->payload+RELAY_HEADER_SIZE+5));
870  } else if (rh->length == 17 || rh->length == 21) {
872  (cell->payload+RELAY_HEADER_SIZE+1));
873  if (rh->length == 21)
874  ttl = (int)ntohl(get_uint32(cell->payload+RELAY_HEADER_SIZE+17));
875  }
876  if (tor_addr_is_null(&addr)) {
877  log_info(LD_APP,"Address '%s' resolved to 0.0.0.0. Closing,",
878  safe_str(conn->socks_request->address));
879  connection_mark_unattached_ap(conn, END_STREAM_REASON_TORPROTOCOL);
880  return 0;
881  }
882 
883  if ((tor_addr_family(&addr) == AF_INET &&
884  !conn->entry_cfg.ipv4_traffic) ||
885  (tor_addr_family(&addr) == AF_INET6 &&
886  !conn->entry_cfg.ipv6_traffic)) {
887  log_fn(LOG_PROTOCOL_WARN, LD_APP,
888  "Got an EXITPOLICY failure on a connection with a "
889  "mismatched family. Closing.");
890  connection_mark_unattached_ap(conn, END_STREAM_REASON_TORPROTOCOL);
891  return 0;
892  }
893  if (get_options()->ClientDNSRejectInternalAddresses &&
894  tor_addr_is_internal(&addr, 0)) {
895  log_info(LD_APP,"Address '%s' resolved to internal. Closing,",
896  safe_str(conn->socks_request->address));
897  connection_mark_unattached_ap(conn, END_STREAM_REASON_TORPROTOCOL);
898  return 0;
899  }
900 
902  conn->socks_request->address, &addr,
903  conn->chosen_exit_name, ttl);
904 
905  {
906  char new_addr[TOR_ADDR_BUF_LEN];
907  tor_addr_to_str(new_addr, &addr, sizeof(new_addr), 1);
908  if (strcmp(conn->socks_request->address, new_addr)) {
909  strlcpy(conn->socks_request->address, new_addr,
910  sizeof(conn->socks_request->address));
911  control_event_stream_status(conn, STREAM_EVENT_REMAP, 0);
912  }
913  }
914  }
915  /* check if the exit *ought* to have allowed it */
916 
918  conn,
919  exitrouter,
920  &addr);
921 
922  if (conn->chosen_exit_optional ||
923  conn->chosen_exit_retries) {
924  /* stop wanting a specific exit */
925  conn->chosen_exit_optional = 0;
926  /* A non-zero chosen_exit_retries can happen if we set a
927  * TrackHostExits for this address under a port that the exit
928  * relay allows, but then try the same address with a different
929  * port that it doesn't allow to exit. We shouldn't unregister
930  * the mapping, since it is probably still wanted on the
931  * original port. But now we give away to the exit relay that
932  * we probably have a TrackHostExits on it. So be it. */
933  conn->chosen_exit_retries = 0;
934  tor_free(conn->chosen_exit_name); /* clears it */
935  }
936  if (connection_ap_detach_retriable(conn, circ, control_reason) >= 0)
937  return 0;
938  /* else, conn will get closed below */
939  break;
940  }
941  case END_STREAM_REASON_CONNECTREFUSED:
942  if (!conn->chosen_exit_optional)
943  break; /* break means it'll close, below */
944  /* Else fall through: expire this circuit, clear the
945  * chosen_exit_name field, and try again. */
946  FALLTHROUGH;
947  case END_STREAM_REASON_RESOLVEFAILED:
948  case END_STREAM_REASON_TIMEOUT:
949  case END_STREAM_REASON_MISC:
950  case END_STREAM_REASON_NOROUTE:
953  /* We haven't retried too many times; reattach the connection. */
955  /* Mark this circuit "unusable for new streams". */
957 
958  if (conn->chosen_exit_optional) {
959  /* stop wanting a specific exit */
960  conn->chosen_exit_optional = 0;
961  tor_free(conn->chosen_exit_name); /* clears it */
962  }
963  if (connection_ap_detach_retriable(conn, circ, control_reason) >= 0)
964  return 0;
965  /* else, conn will get closed below */
966  } else {
967  log_notice(LD_APP,
968  "Have tried resolving or connecting to address '%s' "
969  "at %d different places. Giving up.",
970  safe_str(conn->socks_request->address),
972  /* clear the failures, so it will have a full try next time */
974  }
975  break;
976  case END_STREAM_REASON_HIBERNATING:
977  case END_STREAM_REASON_RESOURCELIMIT:
978  if (exitrouter) {
980  }
981  if (conn->chosen_exit_optional) {
982  /* stop wanting a specific exit */
983  conn->chosen_exit_optional = 0;
984  tor_free(conn->chosen_exit_name); /* clears it */
985  }
986  if (connection_ap_detach_retriable(conn, circ, control_reason) >= 0)
987  return 0;
988  /* else, will close below */
989  break;
990  } /* end switch */
991  log_info(LD_APP,"Giving up on retrying; conn can't be handled.");
992  }
993 
994  log_info(LD_APP,
995  "Edge got end (%s) before we're connected. Marking for close.",
996  stream_end_reason_to_string(rh->length > 0 ? reason : -1));
998  /* need to test because of detach_retriable */
999  if (!ENTRY_TO_CONN(conn)->marked_for_close)
1000  connection_mark_unattached_ap(conn, control_reason);
1001  return 0;
1002 }
1003 
1004 /** Called when we have gotten an END_REASON_EXITPOLICY failure on <b>circ</b>
1005  * for <b>conn</b>, while attempting to connect via <b>node</b>. If the node
1006  * told us which address it rejected, then <b>addr</b> is that address;
1007  * otherwise it is AF_UNSPEC.
1008  *
1009  * If we are sure the node should have allowed this address, mark the node as
1010  * having a reject *:* exit policy. Otherwise, mark the circuit as unusable
1011  * for this particular address.
1012  **/
1013 static void
1015  entry_connection_t *conn,
1016  node_t *node,
1017  const tor_addr_t *addr)
1018 {
1019  int make_reject_all = 0;
1020  const sa_family_t family = tor_addr_family(addr);
1021 
1022  if (node) {
1023  tor_addr_t tmp;
1024  int asked_for_family = tor_addr_parse(&tmp, conn->socks_request->address);
1025  if (family == AF_UNSPEC) {
1026  make_reject_all = 1;
1027  } else if (node_exit_policy_is_exact(node, family) &&
1028  asked_for_family != -1 && !conn->chosen_exit_name) {
1029  make_reject_all = 1;
1030  }
1031 
1032  if (make_reject_all) {
1033  log_info(LD_APP,
1034  "Exitrouter %s seems to be more restrictive than its exit "
1035  "policy. Not using this router as exit for now.",
1036  node_describe(node));
1038  }
1039  }
1040 
1041  if (family != AF_UNSPEC)
1043 }
1044 
1045 /** Helper: change the socks_request-&gt;address field on conn to the
1046  * dotted-quad representation of <b>new_addr</b>,
1047  * and send an appropriate REMAP event. */
1048 static void
1050 {
1051  tor_addr_to_str(conn->socks_request->address, new_addr,
1052  sizeof(conn->socks_request->address),
1053  1);
1054  control_event_stream_status(conn, STREAM_EVENT_REMAP,
1056 }
1057 
1058 /** Extract the contents of a connected cell in <b>cell</b>, whose relay
1059  * header has already been parsed into <b>rh</b>. On success, set
1060  * <b>addr_out</b> to the address we're connected to, and <b>ttl_out</b> to
1061  * the ttl of that address, in seconds, and return 0. On failure, return
1062  * -1.
1063  *
1064  * Note that the resulting address can be UNSPEC if the connected cell had no
1065  * address (as for a stream to an union service or a tunneled directory
1066  * connection), and that the ttl can be absent (in which case <b>ttl_out</b>
1067  * is set to -1). */
1068 STATIC int
1070  tor_addr_t *addr_out, int *ttl_out)
1071 {
1072  uint32_t bytes;
1073  const uint8_t *payload = cell->payload + RELAY_HEADER_SIZE;
1074 
1075  tor_addr_make_unspec(addr_out);
1076  *ttl_out = -1;
1077  if (rh->length == 0)
1078  return 0;
1079  if (rh->length < 4)
1080  return -1;
1081  bytes = ntohl(get_uint32(payload));
1082 
1083  /* If bytes is 0, this is maybe a v6 address. Otherwise it's a v4 address */
1084  if (bytes != 0) {
1085  /* v4 address */
1086  tor_addr_from_ipv4h(addr_out, bytes);
1087  if (rh->length >= 8) {
1088  bytes = ntohl(get_uint32(payload + 4));
1089  if (bytes <= INT32_MAX)
1090  *ttl_out = bytes;
1091  }
1092  } else {
1093  if (rh->length < 25) /* 4 bytes of 0s, 1 addr, 16 ipv4, 4 ttl. */
1094  return -1;
1095  if (get_uint8(payload + 4) != 6)
1096  return -1;
1097  tor_addr_from_ipv6_bytes(addr_out, (payload + 5));
1098  bytes = ntohl(get_uint32(payload + 21));
1099  if (bytes <= INT32_MAX)
1100  *ttl_out = (int) bytes;
1101  }
1102  return 0;
1103 }
1104 
1105 /** Drop all storage held by <b>addr</b>. */
1106 STATIC void
1107 address_ttl_free_(address_ttl_t *addr)
1108 {
1109  if (!addr)
1110  return;
1111  tor_free(addr->hostname);
1112  tor_free(addr);
1113 }
1114 
1115 /** Parse a resolved cell in <b>cell</b>, with parsed header in <b>rh</b>.
1116  * Return -1 on parse error. On success, add one or more newly allocated
1117  * address_ttl_t to <b>addresses_out</b>; set *<b>errcode_out</b> to
1118  * one of 0, RESOLVED_TYPE_ERROR, or RESOLVED_TYPE_ERROR_TRANSIENT, and
1119  * return 0. */
1120 STATIC int
1122  smartlist_t *addresses_out, int *errcode_out)
1123 {
1124  const uint8_t *cp;
1125  uint8_t answer_type;
1126  size_t answer_len;
1127  address_ttl_t *addr;
1128  size_t remaining;
1129  int errcode = 0;
1130  smartlist_t *addrs;
1131 
1132  tor_assert(cell);
1133  tor_assert(rh);
1134  tor_assert(addresses_out);
1135  tor_assert(errcode_out);
1136 
1137  *errcode_out = 0;
1138 
1139  if (rh->length > RELAY_PAYLOAD_SIZE)
1140  return -1;
1141 
1142  addrs = smartlist_new();
1143 
1144  cp = cell->payload + RELAY_HEADER_SIZE;
1145 
1146  remaining = rh->length;
1147  while (remaining) {
1148  const uint8_t *cp_orig = cp;
1149  if (remaining < 2)
1150  goto err;
1151  answer_type = *cp++;
1152  answer_len = *cp++;
1153  if (remaining < 2 + answer_len + 4) {
1154  goto err;
1155  }
1156  if (answer_type == RESOLVED_TYPE_IPV4) {
1157  if (answer_len != 4) {
1158  goto err;
1159  }
1160  addr = tor_malloc_zero(sizeof(*addr));
1161  tor_addr_from_ipv4n(&addr->addr, get_uint32(cp));
1162  cp += 4;
1163  addr->ttl = ntohl(get_uint32(cp));
1164  cp += 4;
1165  smartlist_add(addrs, addr);
1166  } else if (answer_type == RESOLVED_TYPE_IPV6) {
1167  if (answer_len != 16)
1168  goto err;
1169  addr = tor_malloc_zero(sizeof(*addr));
1170  tor_addr_from_ipv6_bytes(&addr->addr, cp);
1171  cp += 16;
1172  addr->ttl = ntohl(get_uint32(cp));
1173  cp += 4;
1174  smartlist_add(addrs, addr);
1175  } else if (answer_type == RESOLVED_TYPE_HOSTNAME) {
1176  if (answer_len == 0) {
1177  goto err;
1178  }
1179  addr = tor_malloc_zero(sizeof(*addr));
1180  addr->hostname = tor_memdup_nulterm(cp, answer_len);
1181  cp += answer_len;
1182  addr->ttl = ntohl(get_uint32(cp));
1183  cp += 4;
1184  smartlist_add(addrs, addr);
1185  } else if (answer_type == RESOLVED_TYPE_ERROR_TRANSIENT ||
1186  answer_type == RESOLVED_TYPE_ERROR) {
1187  errcode = answer_type;
1188  /* Ignore the error contents */
1189  cp += answer_len + 4;
1190  } else {
1191  cp += answer_len + 4;
1192  }
1193  tor_assert(((ssize_t)remaining) >= (cp - cp_orig));
1194  remaining -= (cp - cp_orig);
1195  }
1196 
1197  if (errcode && smartlist_len(addrs) == 0) {
1198  /* Report an error only if there were no results. */
1199  *errcode_out = errcode;
1200  }
1201 
1202  smartlist_add_all(addresses_out, addrs);
1203  smartlist_free(addrs);
1204 
1205  return 0;
1206 
1207  err:
1208  /* On parse error, don't report any results */
1209  SMARTLIST_FOREACH(addrs, address_ttl_t *, a, address_ttl_free(a));
1210  smartlist_free(addrs);
1211  return -1;
1212 }
1213 
1214 /** Helper for connection_edge_process_resolved_cell: given an error code,
1215  * an entry_connection, and a list of address_ttl_t *, report the best answer
1216  * to the entry_connection. */
1217 static void
1219  int error_code,
1220  smartlist_t *results)
1221 {
1222  address_ttl_t *addr_ipv4 = NULL;
1223  address_ttl_t *addr_ipv6 = NULL;
1224  address_ttl_t *addr_hostname = NULL;
1225  address_ttl_t *addr_best = NULL;
1226 
1227  /* If it's an error code, that's easy. */
1228  if (error_code) {
1229  tor_assert(error_code == RESOLVED_TYPE_ERROR ||
1230  error_code == RESOLVED_TYPE_ERROR_TRANSIENT);
1232  error_code,0,NULL,-1,-1);
1233  return;
1234  }
1235 
1236  /* Get the first answer of each type. */
1237  SMARTLIST_FOREACH_BEGIN(results, address_ttl_t *, addr) {
1238  if (addr->hostname) {
1239  if (!addr_hostname) {
1240  addr_hostname = addr;
1241  }
1242  } else if (tor_addr_family(&addr->addr) == AF_INET) {
1243  if (!addr_ipv4 && conn->entry_cfg.ipv4_traffic) {
1244  addr_ipv4 = addr;
1245  }
1246  } else if (tor_addr_family(&addr->addr) == AF_INET6) {
1247  if (!addr_ipv6 && conn->entry_cfg.ipv6_traffic) {
1248  addr_ipv6 = addr;
1249  }
1250  }
1251  } SMARTLIST_FOREACH_END(addr);
1252 
1253  /* Now figure out which type we wanted to deliver. */
1255  if (addr_hostname) {
1257  RESOLVED_TYPE_HOSTNAME,
1258  strlen(addr_hostname->hostname),
1259  (uint8_t*)addr_hostname->hostname,
1260  addr_hostname->ttl,-1);
1261  } else {
1263  RESOLVED_TYPE_ERROR,0,NULL,-1,-1);
1264  }
1265  return;
1266  }
1267 
1268  if (conn->entry_cfg.prefer_ipv6) {
1269  addr_best = addr_ipv6 ? addr_ipv6 : addr_ipv4;
1270  } else {
1271  addr_best = addr_ipv4 ? addr_ipv4 : addr_ipv6;
1272  }
1273 
1274  /* Now convert it to the ugly old interface */
1275  if (! addr_best) {
1277  RESOLVED_TYPE_ERROR,0,NULL,-1,-1);
1278  return;
1279  }
1280 
1282  &addr_best->addr,
1283  addr_best->ttl,
1284  -1);
1285 
1286  remap_event_helper(conn, &addr_best->addr);
1287 }
1288 
1289 /** Handle a RELAY_COMMAND_RESOLVED cell that we received on a non-open AP
1290  * stream. */
1291 STATIC int
1293  const cell_t *cell,
1294  const relay_header_t *rh)
1295 {
1296  entry_connection_t *entry_conn = EDGE_TO_ENTRY_CONN(conn);
1297  smartlist_t *resolved_addresses = NULL;
1298  int errcode = 0;
1299 
1300  if (conn->base_.state != AP_CONN_STATE_RESOLVE_WAIT) {
1301  log_fn(LOG_PROTOCOL_WARN, LD_APP, "Got a 'resolved' cell while "
1302  "not in state resolve_wait. Dropping.");
1303  return 0;
1304  }
1305  tor_assert(SOCKS_COMMAND_IS_RESOLVE(entry_conn->socks_request->command));
1306 
1307  resolved_addresses = smartlist_new();
1308  if (resolved_cell_parse(cell, rh, resolved_addresses, &errcode)) {
1309  log_fn(LOG_PROTOCOL_WARN, LD_PROTOCOL,
1310  "Dropping malformed 'resolved' cell");
1311  connection_mark_unattached_ap(entry_conn, END_STREAM_REASON_TORPROTOCOL);
1312  goto done;
1313  }
1314 
1315  if (get_options()->ClientDNSRejectInternalAddresses) {
1316  int orig_len = smartlist_len(resolved_addresses);
1317  SMARTLIST_FOREACH_BEGIN(resolved_addresses, address_ttl_t *, addr) {
1318  if (addr->hostname == NULL && tor_addr_is_internal(&addr->addr, 0)) {
1319  log_info(LD_APP, "Got a resolved cell with answer %s; dropping that "
1320  "answer.",
1321  safe_str_client(fmt_addr(&addr->addr)));
1322  address_ttl_free(addr);
1323  SMARTLIST_DEL_CURRENT(resolved_addresses, addr);
1324  }
1325  } SMARTLIST_FOREACH_END(addr);
1326  if (orig_len && smartlist_len(resolved_addresses) == 0) {
1327  log_info(LD_APP, "Got a resolved cell with only private addresses; "
1328  "dropping it.");
1330  RESOLVED_TYPE_ERROR_TRANSIENT,
1331  0, NULL, 0, TIME_MAX);
1332  connection_mark_unattached_ap(entry_conn,
1333  END_STREAM_REASON_TORPROTOCOL);
1334  goto done;
1335  }
1336  }
1337 
1338  /* This is valid data at this point. Count it */
1339  if (conn->on_circuit && CIRCUIT_IS_ORIGIN(conn->on_circuit)) {
1341  rh->length);
1342  }
1343 
1345  errcode,
1346  resolved_addresses);
1347 
1348  connection_mark_unattached_ap(entry_conn,
1349  END_STREAM_REASON_DONE |
1351 
1352  done:
1353  SMARTLIST_FOREACH(resolved_addresses, address_ttl_t *, addr,
1354  address_ttl_free(addr));
1355  smartlist_free(resolved_addresses);
1356  return 0;
1357 }
1358 
1359 /** An incoming relay cell has arrived from circuit <b>circ</b> to
1360  * stream <b>conn</b>.
1361  *
1362  * The arguments here are the same as in
1363  * connection_edge_process_relay_cell() below; this function is called
1364  * from there when <b>conn</b> is defined and not in an open state.
1365  */
1366 static int
1368  relay_header_t *rh, cell_t *cell, circuit_t *circ,
1369  edge_connection_t *conn, crypt_path_t *layer_hint)
1370 {
1371  if (rh->command == RELAY_COMMAND_END) {
1372  if (CIRCUIT_IS_ORIGIN(circ) && conn->base_.type == CONN_TYPE_AP) {
1373  return connection_ap_process_end_not_open(rh, cell,
1374  TO_ORIGIN_CIRCUIT(circ),
1375  EDGE_TO_ENTRY_CONN(conn),
1376  layer_hint);
1377  } else {
1378  /* we just got an 'end', don't need to send one */
1379  conn->edge_has_sent_end = 1;
1380  conn->end_reason = *(cell->payload+RELAY_HEADER_SIZE) |
1382  connection_mark_for_close(TO_CONN(conn));
1383  return 0;
1384  }
1385  }
1386 
1387  if (conn->base_.type == CONN_TYPE_AP &&
1388  rh->command == RELAY_COMMAND_CONNECTED) {
1389  tor_addr_t addr;
1390  int ttl;
1391  entry_connection_t *entry_conn = EDGE_TO_ENTRY_CONN(conn);
1393  if (conn->base_.state != AP_CONN_STATE_CONNECT_WAIT) {
1394  log_fn(LOG_PROTOCOL_WARN, LD_APP,
1395  "Got 'connected' while not in state connect_wait. Dropping.");
1396  return 0;
1397  }
1398  CONNECTION_AP_EXPECT_NONPENDING(entry_conn);
1399  conn->base_.state = AP_CONN_STATE_OPEN;
1400  log_info(LD_APP,"'connected' received for circid %u streamid %d "
1401  "after %d seconds.",
1402  (unsigned)circ->n_circ_id,
1403  rh->stream_id,
1404  (int)(time(NULL) - conn->base_.timestamp_last_read_allowed));
1405  if (connected_cell_parse(rh, cell, &addr, &ttl) < 0) {
1406  log_fn(LOG_PROTOCOL_WARN, LD_APP,
1407  "Got a badly formatted connected cell. Closing.");
1408  connection_edge_end(conn, END_STREAM_REASON_TORPROTOCOL);
1409  connection_mark_unattached_ap(entry_conn, END_STREAM_REASON_TORPROTOCOL);
1410  return 0;
1411  }
1412  if (tor_addr_family(&addr) != AF_UNSPEC) {
1413  /* The family is not UNSPEC: so we were given an address in the
1414  * connected cell. (This is normal, except for BEGINDIR and onion
1415  * service streams.) */
1416  const sa_family_t family = tor_addr_family(&addr);
1417  if (tor_addr_is_null(&addr) ||
1418  (get_options()->ClientDNSRejectInternalAddresses &&
1419  tor_addr_is_internal(&addr, 0))) {
1420  log_info(LD_APP, "...but it claims the IP address was %s. Closing.",
1421  fmt_addr(&addr));
1422  connection_edge_end(conn, END_STREAM_REASON_TORPROTOCOL);
1423  connection_mark_unattached_ap(entry_conn,
1424  END_STREAM_REASON_TORPROTOCOL);
1425  return 0;
1426  }
1427 
1428  if ((family == AF_INET && ! entry_conn->entry_cfg.ipv4_traffic) ||
1429  (family == AF_INET6 && ! entry_conn->entry_cfg.ipv6_traffic)) {
1430  log_fn(LOG_PROTOCOL_WARN, LD_APP,
1431  "Got a connected cell to %s with unsupported address family."
1432  " Closing.", fmt_addr(&addr));
1433  connection_edge_end(conn, END_STREAM_REASON_TORPROTOCOL);
1434  connection_mark_unattached_ap(entry_conn,
1435  END_STREAM_REASON_TORPROTOCOL);
1436  return 0;
1437  }
1438 
1439  client_dns_set_addressmap(entry_conn,
1440  entry_conn->socks_request->address, &addr,
1441  entry_conn->chosen_exit_name, ttl);
1442 
1443  remap_event_helper(entry_conn, &addr);
1444  }
1446  /* don't send a socks reply to transparent conns */
1447  tor_assert(entry_conn->socks_request != NULL);
1448  if (!entry_conn->socks_request->has_finished) {
1449  connection_ap_handshake_socks_reply(entry_conn, NULL, 0, 0);
1450  }
1451 
1452  /* Was it a linked dir conn? If so, a dir request just started to
1453  * fetch something; this could be a bootstrap status milestone. */
1454  log_debug(LD_APP, "considering");
1455  if (TO_CONN(conn)->linked_conn &&
1456  TO_CONN(conn)->linked_conn->type == CONN_TYPE_DIR) {
1457  connection_t *dirconn = TO_CONN(conn)->linked_conn;
1458  log_debug(LD_APP, "it is! %d", dirconn->purpose);
1459  switch (dirconn->purpose) {
1462  control_event_bootstrap(BOOTSTRAP_STATUS_LOADING_KEYS, 0);
1463  break;
1465  control_event_bootstrap(BOOTSTRAP_STATUS_LOADING_STATUS, 0);
1466  break;
1469  if (TO_DIR_CONN(dirconn)->router_purpose == ROUTER_PURPOSE_GENERAL)
1470  control_event_boot_dir(BOOTSTRAP_STATUS_LOADING_DESCRIPTORS,
1472  break;
1473  }
1474  }
1475  /* This is definitely a success, so forget about any pending data we
1476  * had sent. */
1477  if (entry_conn->pending_optimistic_data) {
1478  buf_free(entry_conn->pending_optimistic_data);
1479  entry_conn->pending_optimistic_data = NULL;
1480  }
1481 
1482  /* This is valid data at this point. Count it */
1484 
1485  /* handle anything that might have queued */
1486  if (connection_edge_package_raw_inbuf(conn, 1, NULL) < 0) {
1487  /* (We already sent an end cell if possible) */
1488  connection_mark_for_close(TO_CONN(conn));
1489  return 0;
1490  }
1491  return 0;
1492  }
1493  if (conn->base_.type == CONN_TYPE_AP &&
1494  rh->command == RELAY_COMMAND_RESOLVED) {
1495  return connection_edge_process_resolved_cell(conn, cell, rh);
1496  }
1497 
1498  log_fn(LOG_PROTOCOL_WARN, LD_PROTOCOL,
1499  "Got an unexpected relay command %d, in state %d (%s). Dropping.",
1500  rh->command, conn->base_.state,
1501  conn_state_to_string(conn->base_.type, conn->base_.state));
1502  return 0; /* for forward compatibility, don't kill the circuit */
1503 // connection_edge_end(conn, END_STREAM_REASON_TORPROTOCOL);
1504 // connection_mark_for_close(conn);
1505 // return -1;
1506 }
1507 
1508 /** Process a SENDME cell that arrived on <b>circ</b>. If it is a stream level
1509  * cell, it is destined for the given <b>conn</b>. If it is a circuit level
1510  * cell, it is destined for the <b>layer_hint</b>. The <b>domain</b> is the
1511  * logging domain that should be used.
1512  *
1513  * Return 0 if everything went well or a negative value representing a circuit
1514  * end reason on error for which the caller is responsible for closing it. */
1515 static int
1517  circuit_t *circ, edge_connection_t *conn,
1518  crypt_path_t *layer_hint, int domain)
1519 {
1520  int ret;
1521 
1522  tor_assert(rh);
1523 
1524  if (!rh->stream_id) {
1525  /* Circuit level SENDME cell. */
1526  ret = sendme_process_circuit_level(layer_hint, circ,
1527  cell->payload + RELAY_HEADER_SIZE,
1528  rh->length);
1529  if (ret < 0) {
1530  return ret;
1531  }
1532  /* Resume reading on any streams now that we've processed a valid
1533  * SENDME cell that updated our package window. */
1534  circuit_resume_edge_reading(circ, layer_hint);
1535  /* We are done, the rest of the code is for the stream level. */
1536  return 0;
1537  }
1538 
1539  /* No connection, might be half edge state. We are done if so. */
1540  if (!conn) {
1541  if (CIRCUIT_IS_ORIGIN(circ)) {
1542  origin_circuit_t *ocirc = TO_ORIGIN_CIRCUIT(circ);
1544  rh->stream_id)) {
1545  circuit_read_valid_data(ocirc, rh->length);
1546  log_info(domain, "Sendme cell on circ %u valid on half-closed "
1547  "stream id %d",
1548  ocirc->global_identifier, rh->stream_id);
1549  }
1550  }
1551 
1552  log_info(domain, "SENDME cell dropped, unknown stream (streamid %d).",
1553  rh->stream_id);
1554  return 0;
1555  }
1556 
1557  /* Stream level SENDME cell. */
1558  ret = sendme_process_stream_level(conn, circ, rh->length);
1559  if (ret < 0) {
1560  /* Means we need to close the circuit with reason ret. */
1561  return ret;
1562  }
1563 
1564  /* We've now processed properly a SENDME cell, all windows have been
1565  * properly updated, we'll read on the edge connection to see if we can
1566  * get data out towards the end point (Exit or client) since we are now
1567  * allowed to deliver more cells. */
1568 
1570  /* Still waiting for queue to flush; don't touch conn */
1571  return 0;
1572  }
1574  /* handle whatever might still be on the inbuf */
1575  if (connection_edge_package_raw_inbuf(conn, 1, NULL) < 0) {
1576  /* (We already sent an end cell if possible) */
1577  connection_mark_for_close(TO_CONN(conn));
1578  return 0;
1579  }
1580  return 0;
1581 }
1582 
1583 /** A helper for connection_edge_process_relay_cell(): Actually handles the
1584  * cell that we received on the connection.
1585  *
1586  * The arguments are the same as in the parent function
1587  * connection_edge_process_relay_cell(), plus the relay header <b>rh</b> as
1588  * unpacked by the parent function, and <b>optimistic_data</b> as set by the
1589  * parent function.
1590  */
1591 STATIC int
1593  edge_connection_t *conn, crypt_path_t *layer_hint,
1594  relay_header_t *rh, int optimistic_data)
1595 {
1596  unsigned domain = layer_hint?LD_APP:LD_EXIT;
1597  int reason;
1598 
1599  tor_assert(rh);
1600 
1601  /* First pass the cell to the circuit padding subsystem, in case it's a
1602  * padding cell or circuit that should be handled there. */
1603  if (circpad_check_received_cell(cell, circ, layer_hint, rh) == 0) {
1604  log_debug(domain, "Cell handled as circuit padding");
1605  return 0;
1606  }
1607 
1608  /* Now handle all the other commands */
1609  switch (rh->command) {
1610  case RELAY_COMMAND_BEGIN:
1611  case RELAY_COMMAND_BEGIN_DIR:
1612  if (layer_hint &&
1614  log_fn(LOG_PROTOCOL_WARN, LD_APP,
1615  "Relay begin request unsupported at AP. Dropping.");
1616  return 0;
1617  }
1618  if (circ->purpose == CIRCUIT_PURPOSE_S_REND_JOINED &&
1619  layer_hint != TO_ORIGIN_CIRCUIT(circ)->cpath->prev) {
1620  log_fn(LOG_PROTOCOL_WARN, LD_APP,
1621  "Relay begin request to Hidden Service "
1622  "from intermediary node. Dropping.");
1623  return 0;
1624  }
1625  if (conn) {
1626  log_fn(LOG_PROTOCOL_WARN, domain,
1627  "Begin cell for known stream. Dropping.");
1628  return 0;
1629  }
1630  if (rh->command == RELAY_COMMAND_BEGIN_DIR &&
1632  /* Assign this circuit and its app-ward OR connection a unique ID,
1633  * so that we can measure download times. The local edge and dir
1634  * connection will be assigned the same ID when they are created
1635  * and linked. */
1636  static uint64_t next_id = 0;
1637  circ->dirreq_id = ++next_id;
1638  TO_OR_CIRCUIT(circ)->p_chan->dirreq_id = circ->dirreq_id;
1639  }
1640  return connection_exit_begin_conn(cell, circ);
1641  case RELAY_COMMAND_DATA:
1643 
1644  /* Update our circuit-level deliver window that we received a DATA cell.
1645  * If the deliver window goes below 0, we end the circuit and stream due
1646  * to a protocol failure. */
1647  if (sendme_circuit_data_received(circ, layer_hint) < 0) {
1648  log_fn(LOG_PROTOCOL_WARN, LD_PROTOCOL,
1649  "(relay data) circ deliver_window below 0. Killing.");
1650  connection_edge_end_close(conn, END_STREAM_REASON_TORPROTOCOL);
1651  return -END_CIRC_REASON_TORPROTOCOL;
1652  }
1653 
1654  /* Consider sending a circuit-level SENDME cell. */
1655  sendme_circuit_consider_sending(circ, layer_hint);
1656 
1657  if (rh->stream_id == 0) {
1658  log_fn(LOG_PROTOCOL_WARN, LD_PROTOCOL, "Relay data cell with zero "
1659  "stream_id. Dropping.");
1660  return 0;
1661  } else if (!conn) {
1662  if (CIRCUIT_IS_ORIGIN(circ)) {
1663  origin_circuit_t *ocirc = TO_ORIGIN_CIRCUIT(circ);
1665  rh->stream_id)) {
1666  circuit_read_valid_data(ocirc, rh->length);
1667  log_info(domain,
1668  "data cell on circ %u valid on half-closed "
1669  "stream id %d", ocirc->global_identifier, rh->stream_id);
1670  }
1671  }
1672 
1673  log_info(domain,"data cell dropped, unknown stream (streamid %d).",
1674  rh->stream_id);
1675  return 0;
1676  }
1677 
1678  /* Update our stream-level deliver window that we just received a DATA
1679  * cell. Going below 0 means we have a protocol level error so the
1680  * stream and circuit are closed. */
1681 
1682  if (sendme_stream_data_received(conn) < 0) {
1683  log_fn(LOG_PROTOCOL_WARN, LD_PROTOCOL,
1684  "(relay data) conn deliver_window below 0. Killing.");
1685  connection_edge_end_close(conn, END_STREAM_REASON_TORPROTOCOL);
1686  return -END_CIRC_REASON_TORPROTOCOL;
1687  }
1688  /* Total all valid application bytes delivered */
1689  if (CIRCUIT_IS_ORIGIN(circ) && rh->length > 0) {
1691  }
1692 
1693  /* For onion service connection, update the metrics. */
1694  if (conn->hs_ident) {
1695  hs_metrics_app_write_bytes(&conn->hs_ident->identity_pk,
1696  conn->hs_ident->orig_virtual_port,
1697  rh->length);
1698  }
1699 
1701  connection_buf_add((char*)(cell->payload + RELAY_HEADER_SIZE),
1702  rh->length, TO_CONN(conn));
1703 
1704 #ifdef MEASUREMENTS_21206
1705  /* Count number of RELAY_DATA cells received on a linked directory
1706  * connection. */
1707  connection_t *linked_conn = TO_CONN(conn)->linked_conn;
1708 
1709  if (linked_conn && linked_conn->type == CONN_TYPE_DIR) {
1710  ++(TO_DIR_CONN(linked_conn)->data_cells_received);
1711  }
1712 #endif /* defined(MEASUREMENTS_21206) */
1713 
1714  if (!optimistic_data) {
1715  /* Only send a SENDME if we're not getting optimistic data; otherwise
1716  * a SENDME could arrive before the CONNECTED.
1717  */
1719  }
1720 
1721  return 0;
1722  case RELAY_COMMAND_END:
1723  reason = rh->length > 0 ?
1724  get_uint8(cell->payload+RELAY_HEADER_SIZE) : END_STREAM_REASON_MISC;
1725  if (!conn) {
1726  if (CIRCUIT_IS_ORIGIN(circ)) {
1727  origin_circuit_t *ocirc = TO_ORIGIN_CIRCUIT(circ);
1729  rh->stream_id)) {
1730 
1731  circuit_read_valid_data(ocirc, rh->length);
1732  log_info(domain,
1733  "end cell (%s) on circ %u valid on half-closed "
1734  "stream id %d",
1736  ocirc->global_identifier, rh->stream_id);
1737  return 0;
1738  }
1739  }
1740  log_info(domain,"end cell (%s) dropped, unknown stream.",
1741  stream_end_reason_to_string(reason));
1742  return 0;
1743  }
1744 /* XXX add to this log_fn the exit node's nickname? */
1745  log_info(domain,TOR_SOCKET_T_FORMAT": end cell (%s) for stream %d. "
1746  "Removing stream.",
1747  conn->base_.s,
1749  conn->stream_id);
1750  if (conn->base_.type == CONN_TYPE_AP) {
1751  entry_connection_t *entry_conn = EDGE_TO_ENTRY_CONN(conn);
1752  if (entry_conn->socks_request &&
1753  !entry_conn->socks_request->has_finished)
1754  log_warn(LD_BUG,
1755  "open stream hasn't sent socks answer yet? Closing.");
1756  }
1757  /* We just *got* an end; no reason to send one. */
1758  conn->edge_has_sent_end = 1;
1759  if (!conn->end_reason)
1760  conn->end_reason = reason | END_STREAM_REASON_FLAG_REMOTE;
1761  if (!conn->base_.marked_for_close) {
1762  /* only mark it if not already marked. it's possible to
1763  * get the 'end' right around when the client hangs up on us. */
1764  connection_mark_and_flush(TO_CONN(conn));
1765 
1766  /* Total all valid application bytes delivered */
1767  if (CIRCUIT_IS_ORIGIN(circ)) {
1769  }
1770  }
1771  return 0;
1772  case RELAY_COMMAND_EXTEND:
1773  case RELAY_COMMAND_EXTEND2: {
1774  static uint64_t total_n_extend=0, total_nonearly=0;
1775  total_n_extend++;
1776  if (rh->stream_id) {
1777  log_fn(LOG_PROTOCOL_WARN, domain,
1778  "'extend' cell received for non-zero stream. Dropping.");
1779  return 0;
1780  }
1781  if (cell->command != CELL_RELAY_EARLY &&
1782  !networkstatus_get_param(NULL,"AllowNonearlyExtend",0,0,1)) {
1783 #define EARLY_WARNING_INTERVAL 3600
1784  static ratelim_t early_warning_limit =
1785  RATELIM_INIT(EARLY_WARNING_INTERVAL);
1786  char *m;
1787  if (cell->command == CELL_RELAY) {
1788  ++total_nonearly;
1789  if ((m = rate_limit_log(&early_warning_limit, approx_time()))) {
1790  double percentage = ((double)total_nonearly)/total_n_extend;
1791  percentage *= 100;
1792  log_fn(LOG_PROTOCOL_WARN, domain, "EXTEND cell received, "
1793  "but not via RELAY_EARLY. Dropping.%s", m);
1794  log_fn(LOG_PROTOCOL_WARN, domain, " (We have dropped %.02f%% of "
1795  "all EXTEND cells for this reason)", percentage);
1796  tor_free(m);
1797  }
1798  } else {
1799  log_fn(LOG_WARN, domain,
1800  "EXTEND cell received, in a cell with type %d! Dropping.",
1801  cell->command);
1802  }
1803  return 0;
1804  }
1805  return circuit_extend(cell, circ);
1806  }
1807  case RELAY_COMMAND_EXTENDED:
1808  case RELAY_COMMAND_EXTENDED2:
1809  if (!layer_hint) {
1810  log_fn(LOG_PROTOCOL_WARN, LD_PROTOCOL,
1811  "'extended' unsupported at non-origin. Dropping.");
1812  return 0;
1813  }
1814  log_debug(domain,"Got an extended cell! Yay.");
1815  {
1816  extended_cell_t extended_cell;
1817  if (extended_cell_parse(&extended_cell, rh->command,
1818  (const uint8_t*)cell->payload+RELAY_HEADER_SIZE,
1819  rh->length)<0) {
1820  log_warn(LD_PROTOCOL,
1821  "Can't parse EXTENDED cell; killing circuit.");
1822  return -END_CIRC_REASON_TORPROTOCOL;
1823  }
1824  if ((reason = circuit_finish_handshake(TO_ORIGIN_CIRCUIT(circ),
1825  &extended_cell.created_cell)) < 0) {
1826  circuit_mark_for_close(circ, -reason);
1827  return 0; /* We don't want to cause a warning, so we mark the circuit
1828  * here. */
1829  }
1830  }
1831  if ((reason=circuit_send_next_onion_skin(TO_ORIGIN_CIRCUIT(circ)))<0) {
1832  log_info(domain,"circuit_send_next_onion_skin() failed.");
1833  return reason;
1834  }
1835  /* Total all valid bytes delivered. */
1836  if (CIRCUIT_IS_ORIGIN(circ)) {
1838  }
1839  return 0;
1840  case RELAY_COMMAND_TRUNCATE:
1841  if (layer_hint) {
1842  log_fn(LOG_PROTOCOL_WARN, LD_APP,
1843  "'truncate' unsupported at origin. Dropping.");
1844  return 0;
1845  }
1846  if (circ->n_hop) {
1847  if (circ->n_chan)
1848  log_warn(LD_BUG, "n_chan and n_hop set on the same circuit!");
1849  extend_info_free(circ->n_hop);
1850  circ->n_hop = NULL;
1853  }
1854  if (circ->n_chan) {
1855  uint8_t trunc_reason = get_uint8(cell->payload + RELAY_HEADER_SIZE);
1856  circuit_synchronize_written_or_bandwidth(circ, CIRCUIT_N_CHAN);
1857  circuit_clear_cell_queue(circ, circ->n_chan);
1858  channel_send_destroy(circ->n_circ_id, circ->n_chan,
1859  trunc_reason);
1860  circuit_set_n_circid_chan(circ, 0, NULL);
1861  }
1862  log_debug(LD_EXIT, "Processed 'truncate', replying.");
1863  {
1864  char payload[1];
1865  payload[0] = (char)END_CIRC_REASON_REQUESTED;
1866  relay_send_command_from_edge(0, circ, RELAY_COMMAND_TRUNCATED,
1867  payload, sizeof(payload), NULL);
1868  }
1869  return 0;
1870  case RELAY_COMMAND_TRUNCATED:
1871  if (!layer_hint) {
1872  log_fn(LOG_PROTOCOL_WARN, LD_EXIT,
1873  "'truncated' unsupported at non-origin. Dropping.");
1874  return 0;
1875  }
1876 
1877  /* Count the truncated as valid, for completeness. The
1878  * circuit is being torn down anyway, though. */
1879  if (CIRCUIT_IS_ORIGIN(circ)) {
1881  rh->length);
1882  }
1885  return 0;
1886  case RELAY_COMMAND_CONNECTED:
1887  if (conn) {
1888  log_fn(LOG_PROTOCOL_WARN, LD_PROTOCOL,
1889  "'connected' unsupported while open. Closing circ.");
1890  return -END_CIRC_REASON_TORPROTOCOL;
1891  }
1892 
1893  if (CIRCUIT_IS_ORIGIN(circ)) {
1894  origin_circuit_t *ocirc = TO_ORIGIN_CIRCUIT(circ);
1896  rh->stream_id)) {
1897  circuit_read_valid_data(ocirc, rh->length);
1898  log_info(domain,
1899  "connected cell on circ %u valid on half-closed "
1900  "stream id %d", ocirc->global_identifier, rh->stream_id);
1901  return 0;
1902  }
1903  }
1904 
1905  log_info(domain,
1906  "'connected' received on circid %u for streamid %d, "
1907  "no conn attached anymore. Ignoring.",
1908  (unsigned)circ->n_circ_id, rh->stream_id);
1909  return 0;
1910  case RELAY_COMMAND_SENDME:
1911  return process_sendme_cell(rh, cell, circ, conn, layer_hint, domain);
1912  case RELAY_COMMAND_RESOLVE:
1913  if (layer_hint) {
1914  log_fn(LOG_PROTOCOL_WARN, LD_APP,
1915  "resolve request unsupported at AP; dropping.");
1916  return 0;
1917  } else if (conn) {
1918  log_fn(LOG_PROTOCOL_WARN, domain,
1919  "resolve request for known stream; dropping.");
1920  return 0;
1921  } else if (circ->purpose != CIRCUIT_PURPOSE_OR) {
1922  log_fn(LOG_PROTOCOL_WARN, domain,
1923  "resolve request on circ with purpose %d; dropping",
1924  circ->purpose);
1925  return 0;
1926  }
1928  return 0;
1929  case RELAY_COMMAND_RESOLVED:
1930  if (conn) {
1931  log_fn(LOG_PROTOCOL_WARN, domain,
1932  "'resolved' unsupported while open. Closing circ.");
1933  return -END_CIRC_REASON_TORPROTOCOL;
1934  }
1935 
1936  if (CIRCUIT_IS_ORIGIN(circ)) {
1937  origin_circuit_t *ocirc = TO_ORIGIN_CIRCUIT(circ);
1939  rh->stream_id)) {
1940  circuit_read_valid_data(ocirc, rh->length);
1941  log_info(domain,
1942  "resolved cell on circ %u valid on half-closed "
1943  "stream id %d", ocirc->global_identifier, rh->stream_id);
1944  return 0;
1945  }
1946  }
1947 
1948  log_info(domain,
1949  "'resolved' received, no conn attached anymore. Ignoring.");
1950  return 0;
1951  case RELAY_COMMAND_ESTABLISH_INTRO:
1952  case RELAY_COMMAND_ESTABLISH_RENDEZVOUS:
1953  case RELAY_COMMAND_INTRODUCE1:
1954  case RELAY_COMMAND_INTRODUCE2:
1955  case RELAY_COMMAND_INTRODUCE_ACK:
1956  case RELAY_COMMAND_RENDEZVOUS1:
1957  case RELAY_COMMAND_RENDEZVOUS2:
1958  case RELAY_COMMAND_INTRO_ESTABLISHED:
1959  case RELAY_COMMAND_RENDEZVOUS_ESTABLISHED:
1960  rend_process_relay_cell(circ, layer_hint,
1961  rh->command, rh->length,
1962  cell->payload+RELAY_HEADER_SIZE);
1963  return 0;
1964  }
1965  log_fn(LOG_PROTOCOL_WARN, LD_PROTOCOL,
1966  "Received unknown relay command %d. Perhaps the other side is using "
1967  "a newer version of Tor? Dropping.",
1968  rh->command);
1969  return 0; /* for forward compatibility, don't kill the circuit */
1970 }
1971 
1972 /** An incoming relay cell has arrived on circuit <b>circ</b>. If
1973  * <b>conn</b> is NULL this is a control cell, else <b>cell</b> is
1974  * destined for <b>conn</b>.
1975  *
1976  * If <b>layer_hint</b> is defined, then we're the origin of the
1977  * circuit, and it specifies the hop that packaged <b>cell</b>.
1978  *
1979  * Return -reason if you want to warn and tear down the circuit, else 0.
1980  */
1981 STATIC int
1983  edge_connection_t *conn,
1984  crypt_path_t *layer_hint)
1985 {
1986  static int num_seen=0;
1987  relay_header_t rh;
1988  unsigned domain = layer_hint?LD_APP:LD_EXIT;
1989  int optimistic_data = 0; /* Set to 1 if we receive data on a stream
1990  * that's in the EXIT_CONN_STATE_RESOLVING
1991  * or EXIT_CONN_STATE_CONNECTING states. */
1992 
1993  tor_assert(cell);
1994  tor_assert(circ);
1995 
1996  relay_header_unpack(&rh, cell->payload);
1997 // log_fn(LOG_DEBUG,"command %d stream %d", rh.command, rh.stream_id);
1998  num_seen++;
1999  log_debug(domain, "Now seen %d relay cells here (command %d, stream %d).",
2000  num_seen, rh.command, rh.stream_id);
2001 
2002  if (rh.length > RELAY_PAYLOAD_SIZE) {
2003  log_fn(LOG_PROTOCOL_WARN, LD_PROTOCOL,
2004  "Relay cell length field too long. Closing circuit.");
2005  return - END_CIRC_REASON_TORPROTOCOL;
2006  }
2007 
2008  if (rh.stream_id == 0) {
2009  switch (rh.command) {
2010  case RELAY_COMMAND_BEGIN:
2011  case RELAY_COMMAND_CONNECTED:
2012  case RELAY_COMMAND_END:
2013  case RELAY_COMMAND_RESOLVE:
2014  case RELAY_COMMAND_RESOLVED:
2015  case RELAY_COMMAND_BEGIN_DIR:
2016  log_fn(LOG_PROTOCOL_WARN, LD_PROTOCOL, "Relay command %d with zero "
2017  "stream_id. Dropping.", (int)rh.command);
2018  return 0;
2019  default:
2020  ;
2021  }
2022  }
2023 
2024  /* Tell circpad that we've received a recognized cell */
2026 
2027  /* either conn is NULL, in which case we've got a control cell, or else
2028  * conn points to the recognized stream. */
2029  if (conn && !connection_state_is_open(TO_CONN(conn))) {
2030  if (conn->base_.type == CONN_TYPE_EXIT &&
2031  (conn->base_.state == EXIT_CONN_STATE_CONNECTING ||
2032  conn->base_.state == EXIT_CONN_STATE_RESOLVING) &&
2033  rh.command == RELAY_COMMAND_DATA) {
2034  /* Allow DATA cells to be delivered to an exit node in state
2035  * EXIT_CONN_STATE_CONNECTING or EXIT_CONN_STATE_RESOLVING.
2036  * This speeds up HTTP, for example. */
2037  optimistic_data = 1;
2038  } else if (rh.stream_id == 0 && rh.command == RELAY_COMMAND_DATA) {
2039  log_warn(LD_BUG, "Somehow I had a connection that matched a "
2040  "data cell with stream ID 0.");
2041  } else {
2043  &rh, cell, circ, conn, layer_hint);
2044  }
2045  }
2046 
2047  return handle_relay_cell_command(cell, circ, conn, layer_hint,
2048  &rh, optimistic_data);
2049 }
2050 
2051 /** How many relay_data cells have we built, ever? */
2053 /** How many bytes of data have we put in relay_data cells have we built,
2054  * ever? This would be RELAY_PAYLOAD_SIZE*stats_n_data_cells_packaged if
2055  * every relay cell we ever sent were completely full of data. */
2057 /** How many relay_data cells have we received, ever? */
2059 /** How many bytes of data have we received relay_data cells, ever? This would
2060  * be RELAY_PAYLOAD_SIZE*stats_n_data_cells_packaged if every relay cell we
2061  * ever received were completely full of data. */
2063 
2064 /**
2065  * Called when initializing a circuit, or when we have reached the end of the
2066  * window in which we need to send some randomness so that incoming sendme
2067  * cells will be unpredictable. Resets the flags and picks a new window.
2068  */
2069 void
2071 {
2075 }
2076 
2077 /**
2078  * Any relay data payload containing fewer than this many real bytes is
2079  * considered to have enough randomness to.
2080  **/
2081 #define RELAY_PAYLOAD_LENGTH_FOR_RANDOM_SENDMES \
2082  (RELAY_PAYLOAD_SIZE - CELL_PADDING_GAP - 16)
2083 
2084 /**
2085  * Helper. Return the number of bytes that should be put into a cell from a
2086  * given edge connection on which <b>n_available</b> bytes are available.
2087  */
2088 STATIC size_t
2090  int package_partial,
2091  circuit_t *on_circuit)
2092 {
2093  if (!n_available)
2094  return 0;
2095 
2096  /* Do we need to force this payload to have space for randomness? */
2097  const bool force_random_bytes =
2098  (on_circuit->send_randomness_after_n_cells == 0) &&
2099  (! on_circuit->have_sent_sufficiently_random_cell);
2100 
2101  /* At most how much would we like to send in this cell? */
2102  size_t target_length;
2103  if (force_random_bytes) {
2105  } else {
2106  target_length = RELAY_PAYLOAD_SIZE;
2107  }
2108 
2109  /* Decide how many bytes we will actually put into this cell. */
2110  size_t package_length;
2111  if (n_available >= target_length) { /* A full payload is available. */
2112  package_length = target_length;
2113  } else { /* not a full payload available */
2114  if (package_partial)
2115  package_length = n_available; /* just take whatever's available now */
2116  else
2117  return 0; /* nothing to do until we have a full payload */
2118  }
2119 
2120  /* If we reach this point, we will be definitely sending the cell. */
2121  tor_assert_nonfatal(package_length > 0);
2122 
2123  if (package_length <= RELAY_PAYLOAD_LENGTH_FOR_RANDOM_SENDMES) {
2124  /* This cell will have enough randomness in the padding to make a future
2125  * sendme cell unpredictable. */
2126  on_circuit->have_sent_sufficiently_random_cell = 1;
2127  }
2128 
2129  if (on_circuit->send_randomness_after_n_cells == 0) {
2130  /* Either this cell, or some previous cell, had enough padding to
2131  * ensure sendme unpredictability. */
2132  tor_assert_nonfatal(on_circuit->have_sent_sufficiently_random_cell);
2133  /* Pick a new interval in which we need to send randomness. */
2134  circuit_reset_sendme_randomness(on_circuit);
2135  }
2136 
2137  --on_circuit->send_randomness_after_n_cells;
2138 
2139  return package_length;
2140 }
2141 
2142 /** If <b>conn</b> has an entire relay payload of bytes on its inbuf (or
2143  * <b>package_partial</b> is true), and the appropriate package windows aren't
2144  * empty, grab a cell and send it down the circuit.
2145  *
2146  * If *<b>max_cells</b> is given, package no more than max_cells. Decrement
2147  * *<b>max_cells</b> by the number of cells packaged.
2148  *
2149  * Return -1 (and send a RELAY_COMMAND_END cell if necessary) if conn should
2150  * be marked for close, else return 0.
2151  */
2152 int
2154  int *max_cells)
2155 {
2156  size_t bytes_to_process, length;
2157  char payload[CELL_PAYLOAD_SIZE];
2158  circuit_t *circ;
2159  const unsigned domain = conn->base_.type == CONN_TYPE_AP ? LD_APP : LD_EXIT;
2160  int sending_from_optimistic = 0;
2161  entry_connection_t *entry_conn =
2162  conn->base_.type == CONN_TYPE_AP ? EDGE_TO_ENTRY_CONN(conn) : NULL;
2163  const int sending_optimistically =
2164  entry_conn &&
2165  conn->base_.type == CONN_TYPE_AP &&
2166  conn->base_.state != AP_CONN_STATE_OPEN;
2167  crypt_path_t *cpath_layer = conn->cpath_layer;
2168 
2169  tor_assert(conn);
2170 
2171  if (conn->base_.marked_for_close) {
2172  log_warn(LD_BUG,
2173  "called on conn that's already marked for close at %s:%d.",
2174  conn->base_.marked_for_close_file, conn->base_.marked_for_close);
2175  return 0;
2176  }
2177 
2178  if (max_cells && *max_cells <= 0)
2179  return 0;
2180 
2181  repeat_connection_edge_package_raw_inbuf:
2182 
2183  circ = circuit_get_by_edge_conn(conn);
2184  if (!circ) {
2185  log_info(domain,"conn has no circuit! Closing.");
2187  return -1;
2188  }
2189 
2190  if (circuit_consider_stop_edge_reading(circ, cpath_layer))
2191  return 0;
2192 
2193  if (conn->package_window <= 0) {
2194  log_info(domain,"called with package_window %d. Skipping.",
2195  conn->package_window);
2197  return 0;
2198  }
2199 
2200  sending_from_optimistic = entry_conn &&
2201  entry_conn->sending_optimistic_data != NULL;
2202 
2203  if (PREDICT_UNLIKELY(sending_from_optimistic)) {
2204  bytes_to_process = buf_datalen(entry_conn->sending_optimistic_data);
2205  if (PREDICT_UNLIKELY(!bytes_to_process)) {
2206  log_warn(LD_BUG, "sending_optimistic_data was non-NULL but empty");
2207  bytes_to_process = connection_get_inbuf_len(TO_CONN(conn));
2208  sending_from_optimistic = 0;
2209  }
2210  } else {
2211  bytes_to_process = connection_get_inbuf_len(TO_CONN(conn));
2212  }
2213 
2214  length = connection_edge_get_inbuf_bytes_to_package(bytes_to_process,
2215  package_partial, circ);
2216  if (!length)
2217  return 0;
2218 
2219  /* If we reach this point, we will definitely be packaging bytes into
2220  * a cell. */
2221 
2222  stats_n_data_bytes_packaged += length;
2224 
2225  if (PREDICT_UNLIKELY(sending_from_optimistic)) {
2226  /* XXXX We could be more efficient here by sometimes packing
2227  * previously-sent optimistic data in the same cell with data
2228  * from the inbuf. */
2229  buf_get_bytes(entry_conn->sending_optimistic_data, payload, length);
2230  if (!buf_datalen(entry_conn->sending_optimistic_data)) {
2231  buf_free(entry_conn->sending_optimistic_data);
2232  entry_conn->sending_optimistic_data = NULL;
2233  }
2234  } else {
2235  connection_buf_get_bytes(payload, length, TO_CONN(conn));
2236  }
2237 
2238  log_debug(domain,TOR_SOCKET_T_FORMAT": Packaging %d bytes (%d waiting).",
2239  conn->base_.s,
2240  (int)length, (int)connection_get_inbuf_len(TO_CONN(conn)));
2241 
2242  if (sending_optimistically && !sending_from_optimistic) {
2243  /* This is new optimistic data; remember it in case we need to detach and
2244  retry */
2245  if (!entry_conn->pending_optimistic_data)
2246  entry_conn->pending_optimistic_data = buf_new();
2247  buf_add(entry_conn->pending_optimistic_data, payload, length);
2248  }
2249 
2250  if (connection_edge_send_command(conn, RELAY_COMMAND_DATA,
2251  payload, length) < 0 ) {
2252  /* circuit got marked for close, don't continue, don't need to mark conn */
2253  return 0;
2254  }
2255 
2256  /* Handle the circuit-level SENDME package window. */
2257  if (sendme_note_circuit_data_packaged(circ, cpath_layer) < 0) {
2258  /* Package window has gone under 0. Protocol issue. */
2259  log_fn(LOG_PROTOCOL_WARN, LD_PROTOCOL,
2260  "Circuit package window is below 0. Closing circuit.");
2261  conn->end_reason = END_STREAM_REASON_TORPROTOCOL;
2262  return -1;
2263  }
2264 
2265  /* Handle the stream-level SENDME package window. */
2266  if (sendme_note_stream_data_packaged(conn) < 0) {
2268  log_debug(domain,"conn->package_window reached 0.");
2269  circuit_consider_stop_edge_reading(circ, cpath_layer);
2270  return 0; /* don't process the inbuf any more */
2271  }
2272  log_debug(domain,"conn->package_window is now %d",conn->package_window);
2273 
2274  if (max_cells) {
2275  *max_cells -= 1;
2276  if (*max_cells <= 0)
2277  return 0;
2278  }
2279 
2280  /* handle more if there's more, or return 0 if there isn't */
2281  goto repeat_connection_edge_package_raw_inbuf;
2282 }
2283 
2284 /** The circuit <b>circ</b> has received a circuit-level sendme
2285  * (on hop <b>layer_hint</b>, if we're the OP). Go through all the
2286  * attached streams and let them resume reading and packaging, if
2287  * their stream windows allow it.
2288  */
2289 static void
2291 {
2293  log_debug(layer_hint?LD_APP:LD_EXIT,"Too big queue, no resuming");
2294  return;
2295  }
2296  log_debug(layer_hint?LD_APP:LD_EXIT,"resuming");
2297 
2298  if (CIRCUIT_IS_ORIGIN(circ))
2300  circ, layer_hint);
2301  else
2303  circ, layer_hint);
2304 }
2305 
2306 /** A helper function for circuit_resume_edge_reading() above.
2307  * The arguments are the same, except that <b>conn</b> is the head
2308  * of a linked list of edge streams that should each be considered.
2309  */
2310 static int
2312  circuit_t *circ,
2313  crypt_path_t *layer_hint)
2314 {
2315  edge_connection_t *conn;
2316  int n_packaging_streams, n_streams_left;
2317  int packaged_this_round;
2318  int cells_on_queue;
2319  int cells_per_conn;
2320  edge_connection_t *chosen_stream = NULL;
2321  int max_to_package;
2322 
2323  if (first_conn == NULL) {
2324  /* Don't bother to try to do the rest of this if there are no connections
2325  * to resume. */
2326  return 0;
2327  }
2328 
2329  /* How many cells do we have space for? It will be the minimum of
2330  * the number needed to exhaust the package window, and the minimum
2331  * needed to fill the cell queue. */
2332  max_to_package = circ->package_window;
2333  if (CIRCUIT_IS_ORIGIN(circ)) {
2334  cells_on_queue = circ->n_chan_cells.n;
2335  } else {
2336  or_circuit_t *or_circ = TO_OR_CIRCUIT(circ);
2337  cells_on_queue = or_circ->p_chan_cells.n;
2338  }
2339  if (CELL_QUEUE_HIGHWATER_SIZE - cells_on_queue < max_to_package)
2340  max_to_package = CELL_QUEUE_HIGHWATER_SIZE - cells_on_queue;
2341 
2342  /* Once we used to start listening on the streams in the order they
2343  * appeared in the linked list. That leads to starvation on the
2344  * streams that appeared later on the list, since the first streams
2345  * would always get to read first. Instead, we just pick a random
2346  * stream on the list, and enable reading for streams starting at that
2347  * point (and wrapping around as if the list were circular). It would
2348  * probably be better to actually remember which streams we've
2349  * serviced in the past, but this is simple and effective. */
2350 
2351  /* Select a stream uniformly at random from the linked list. We
2352  * don't need cryptographic randomness here. */
2353  {
2354  int num_streams = 0;
2355  for (conn = first_conn; conn; conn = conn->next_stream) {
2356  num_streams++;
2357 
2358  if (crypto_fast_rng_one_in_n(get_thread_fast_rng(), num_streams)) {
2359  chosen_stream = conn;
2360  }
2361  /* Invariant: chosen_stream has been chosen uniformly at random from
2362  * among the first num_streams streams on first_conn.
2363  *
2364  * (Note that we iterate over every stream on the circuit, so that after
2365  * we've considered the first stream, we've chosen it with P=1; and
2366  * after we consider the second stream, we've switched to it with P=1/2
2367  * and stayed with the first stream with P=1/2; and after we've
2368  * considered the third stream, we've switched to it with P=1/3 and
2369  * remained with one of the first two streams with P=(2/3), giving each
2370  * one P=(1/2)(2/3) )=(1/3).) */
2371  }
2372  }
2373 
2374  /* Count how many non-marked streams there are that have anything on
2375  * their inbuf, and enable reading on all of the connections. */
2376  n_packaging_streams = 0;
2377  /* Activate reading starting from the chosen stream */
2378  for (conn=chosen_stream; conn; conn = conn->next_stream) {
2379  /* Start reading for the streams starting from here */
2380  if (conn->base_.marked_for_close || conn->package_window <= 0)
2381  continue;
2382  if (!layer_hint || conn->cpath_layer == layer_hint) {
2384 
2385  if (connection_get_inbuf_len(TO_CONN(conn)) > 0)
2386  ++n_packaging_streams;
2387  }
2388  }
2389  /* Go back and do the ones we skipped, circular-style */
2390  for (conn = first_conn; conn != chosen_stream; conn = conn->next_stream) {
2391  if (conn->base_.marked_for_close || conn->package_window <= 0)
2392  continue;
2393  if (!layer_hint || conn->cpath_layer == layer_hint) {
2395 
2396  if (connection_get_inbuf_len(TO_CONN(conn)) > 0)
2397  ++n_packaging_streams;
2398  }
2399  }
2400 
2401  if (n_packaging_streams == 0) /* avoid divide-by-zero */
2402  return 0;
2403 
2404  again:
2405 
2406  cells_per_conn = CEIL_DIV(max_to_package, n_packaging_streams);
2407 
2408  packaged_this_round = 0;
2409  n_streams_left = 0;
2410 
2411  /* Iterate over all connections. Package up to cells_per_conn cells on
2412  * each. Update packaged_this_round with the total number of cells
2413  * packaged, and n_streams_left with the number that still have data to
2414  * package.
2415  */
2416  for (conn=first_conn; conn; conn=conn->next_stream) {
2417  if (conn->base_.marked_for_close || conn->package_window <= 0)
2418  continue;
2419  if (!layer_hint || conn->cpath_layer == layer_hint) {
2420  int n = cells_per_conn, r;
2421  /* handle whatever might still be on the inbuf */
2422  r = connection_edge_package_raw_inbuf(conn, 1, &n);
2423 
2424  /* Note how many we packaged */
2425  packaged_this_round += (cells_per_conn-n);
2426 
2427  if (r<0) {
2428  /* Problem while packaging. (We already sent an end cell if
2429  * possible) */
2430  connection_mark_for_close(TO_CONN(conn));
2431  continue;
2432  }
2433 
2434  /* If there's still data to read, we'll be coming back to this stream. */
2435  if (connection_get_inbuf_len(TO_CONN(conn)))
2436  ++n_streams_left;
2437 
2438  /* If the circuit won't accept any more data, return without looking
2439  * at any more of the streams. Any connections that should be stopped
2440  * have already been stopped by connection_edge_package_raw_inbuf. */
2441  if (circuit_consider_stop_edge_reading(circ, layer_hint))
2442  return -1;
2443  /* XXXX should we also stop immediately if we fill up the cell queue?
2444  * Probably. */
2445  }
2446  }
2447 
2448  /* If we made progress, and we are willing to package more, and there are
2449  * any streams left that want to package stuff... try again!
2450  */
2451  if (packaged_this_round && packaged_this_round < max_to_package &&
2452  n_streams_left) {
2453  max_to_package -= packaged_this_round;
2454  n_packaging_streams = n_streams_left;
2455  goto again;
2456  }
2457 
2458  return 0;
2459 }
2460 
2461 /** Check if the package window for <b>circ</b> is empty (at
2462  * hop <b>layer_hint</b> if it's defined).
2463  *
2464  * If yes, tell edge streams to stop reading and return 1.
2465  * Else return 0.
2466  */
2467 static int
2469 {
2470  edge_connection_t *conn = NULL;
2471  unsigned domain = layer_hint ? LD_APP : LD_EXIT;
2472 
2473  if (!layer_hint) {
2474  or_circuit_t *or_circ = TO_OR_CIRCUIT(circ);
2475  log_debug(domain,"considering circ->package_window %d",
2476  circ->package_window);
2477  if (circ->package_window <= 0) {
2478  log_debug(domain,"yes, not-at-origin. stopped.");
2479  for (conn = or_circ->n_streams; conn; conn=conn->next_stream)
2481  return 1;
2482  }
2483  return 0;
2484  }
2485  /* else, layer hint is defined, use it */
2486  log_debug(domain,"considering layer_hint->package_window %d",
2487  layer_hint->package_window);
2488  if (layer_hint->package_window <= 0) {
2489  log_debug(domain,"yes, at-origin. stopped.");
2490  for (conn = TO_ORIGIN_CIRCUIT(circ)->p_streams; conn;
2491  conn=conn->next_stream) {
2492  if (conn->cpath_layer == layer_hint)
2494  }
2495  return 1;
2496  }
2497  return 0;
2498 }
2499 
2500 /** The total number of cells we have allocated. */
2501 static size_t total_cells_allocated = 0;
2502 
2503 /** Release storage held by <b>cell</b>. */
2504 static inline void
2506 {
2508  tor_free(cell);
2509 }
2510 
2511 /** Allocate and return a new packed_cell_t. */
2514 {
2516  return tor_malloc_zero(sizeof(packed_cell_t));
2517 }
2518 
2519 /** Return a packed cell used outside by channel_t lower layer */
2520 void
2522 {
2523  if (!cell)
2524  return;
2526 }
2527 
2528 /** Log current statistics for cell pool allocation at log level
2529  * <b>severity</b>. */
2530 void
2532 {
2533  int n_circs = 0;
2534  int n_cells = 0;
2536  n_cells += c->n_chan_cells.n;
2537  if (!CIRCUIT_IS_ORIGIN(c))
2538  n_cells += TO_OR_CIRCUIT(c)->p_chan_cells.n;
2539  ++n_circs;
2540  }
2541  SMARTLIST_FOREACH_END(c);
2542  tor_log(severity, LD_MM,
2543  "%d cells allocated on %d circuits. %d cells leaked.",
2544  n_cells, n_circs, (int)total_cells_allocated - n_cells);
2545 }
2546 
2547 /** Allocate a new copy of packed <b>cell</b>. */
2548 static inline packed_cell_t *
2549 packed_cell_copy(const cell_t *cell, int wide_circ_ids)
2550 {
2552  cell_pack(c, cell, wide_circ_ids);
2553  return c;
2554 }
2555 
2556 /** Append <b>cell</b> to the end of <b>queue</b>. */
2557 void
2559 {
2560  TOR_SIMPLEQ_INSERT_TAIL(&queue->head, cell, next);
2561  ++queue->n;
2562 }
2563 
2564 /** Append a newly allocated copy of <b>cell</b> to the end of the
2565  * <b>exitward</b> (or app-ward) <b>queue</b> of <b>circ</b>. If
2566  * <b>use_stats</b> is true, record statistics about the cell.
2567  */
2568 void
2570  int exitward, const cell_t *cell,
2571  int wide_circ_ids, int use_stats)
2572 {
2573  packed_cell_t *copy = packed_cell_copy(cell, wide_circ_ids);
2574  (void)circ;
2575  (void)exitward;
2576  (void)use_stats;
2577 
2579 
2580  cell_queue_append(queue, copy);
2581 }
2582 
2583 /** Initialize <b>queue</b> as an empty cell queue. */
2584 void
2586 {
2587  memset(queue, 0, sizeof(cell_queue_t));
2588  TOR_SIMPLEQ_INIT(&queue->head);
2589 }
2590 
2591 /** Remove and free every cell in <b>queue</b>. */
2592 void
2594 {
2595  packed_cell_t *cell;
2596  while ((cell = TOR_SIMPLEQ_FIRST(&queue->head))) {
2597  TOR_SIMPLEQ_REMOVE_HEAD(&queue->head, next);
2599  }
2600  TOR_SIMPLEQ_INIT(&queue->head);
2601  queue->n = 0;
2602 }
2603 
2604 /** Extract and return the cell at the head of <b>queue</b>; return NULL if
2605  * <b>queue</b> is empty. */
2608 {
2609  packed_cell_t *cell = TOR_SIMPLEQ_FIRST(&queue->head);
2610  if (!cell)
2611  return NULL;
2612  TOR_SIMPLEQ_REMOVE_HEAD(&queue->head, next);
2613  --queue->n;
2614  return cell;
2615 }
2616 
2617 /** Initialize <b>queue</b> as an empty cell queue. */
2618 void
2620 {
2621  memset(queue, 0, sizeof(destroy_cell_queue_t));
2622  TOR_SIMPLEQ_INIT(&queue->head);
2623 }
2624 
2625 /** Remove and free every cell in <b>queue</b>. */
2626 void
2628 {
2629  destroy_cell_t *cell;
2630  while ((cell = TOR_SIMPLEQ_FIRST(&queue->head))) {
2631  TOR_SIMPLEQ_REMOVE_HEAD(&queue->head, next);
2632  tor_free(cell);
2633  }
2634  TOR_SIMPLEQ_INIT(&queue->head);
2635  queue->n = 0;
2636 }
2637 
2638 /** Extract and return the cell at the head of <b>queue</b>; return NULL if
2639  * <b>queue</b> is empty. */
2642 {
2643  destroy_cell_t *cell = TOR_SIMPLEQ_FIRST(&queue->head);
2644  if (!cell)
2645  return NULL;
2646  TOR_SIMPLEQ_REMOVE_HEAD(&queue->head, next);
2647  --queue->n;
2648  return cell;
2649 }
2650 
2651 /** Append a destroy cell for <b>circid</b> to <b>queue</b>. */
2652 void
2654  circid_t circid,
2655  uint8_t reason)
2656 {
2657  destroy_cell_t *cell = tor_malloc_zero(sizeof(destroy_cell_t));
2658  cell->circid = circid;
2659  cell->reason = reason;
2660  /* Not yet used, but will be required for OOM handling. */
2662 
2663  TOR_SIMPLEQ_INSERT_TAIL(&queue->head, cell, next);
2664  ++queue->n;
2665 }
2666 
2667 /** Convert a destroy_cell_t to a newly allocated cell_t. Frees its input. */
2668 static packed_cell_t *
2670 {
2671  packed_cell_t *packed = packed_cell_new();
2672  cell_t cell;
2673  memset(&cell, 0, sizeof(cell));
2674  cell.circ_id = inp->circid;
2675  cell.command = CELL_DESTROY;
2676  cell.payload[0] = inp->reason;
2677  cell_pack(packed, &cell, wide_circ_ids);
2678 
2679  tor_free(inp);
2680  return packed;
2681 }
2682 
2683 /** Return the total number of bytes used for each packed_cell in a queue.
2684  * Approximate. */
2685 size_t
2687 {
2688  return sizeof(packed_cell_t);
2689 }
2690 
2691 /* DOCDOC */
2692 size_t
2693 cell_queues_get_total_allocation(void)
2694 {
2696 }
2697 
2698 /** How long after we've been low on memory should we try to conserve it? */
2699 #define MEMORY_PRESSURE_INTERVAL (30*60)
2700 
2701 /** The time at which we were last low on memory. */
2703 
2704 /** Statistics on how many bytes were removed by the OOM per type. */
2706 uint64_t oom_stats_n_bytes_removed_cell = 0;
2707 uint64_t oom_stats_n_bytes_removed_geoip = 0;
2708 uint64_t oom_stats_n_bytes_removed_hsdir = 0;
2709 
2710 /** Check whether we've got too much space used for cells. If so,
2711  * call the OOM handler and return 1. Otherwise, return 0. */
2712 STATIC int
2714 {
2715  size_t removed = 0;
2716  time_t now = time(NULL);
2717  size_t alloc = cell_queues_get_total_allocation();
2719  alloc += buf_get_total_allocation();
2721  const size_t hs_cache_total = hs_cache_get_total_allocation();
2722  alloc += hs_cache_total;
2723  const size_t geoip_client_cache_total =
2724  geoip_client_cache_total_allocation();
2725  alloc += geoip_client_cache_total;
2726  const size_t dns_cache_total = dns_cache_total_allocation();
2727  alloc += dns_cache_total;
2728  if (alloc >= get_options()->MaxMemInQueues_low_threshold) {
2730  if (alloc >= get_options()->MaxMemInQueues) {
2731  /* Note this overload down */
2732  rep_hist_note_overload(OVERLOAD_GENERAL);
2733 
2734  /* If we're spending over 20% of the memory limit on hidden service
2735  * descriptors, free them until we're down to 10%. Do the same for geoip
2736  * client cache. */
2737  if (hs_cache_total > get_options()->MaxMemInQueues / 5) {
2738  const size_t bytes_to_remove =
2739  hs_cache_total - (size_t)(get_options()->MaxMemInQueues / 10);
2740  removed = hs_cache_handle_oom(now, bytes_to_remove);
2741  oom_stats_n_bytes_removed_hsdir += removed;
2742  alloc -= removed;
2743  }
2744  if (geoip_client_cache_total > get_options()->MaxMemInQueues / 5) {
2745  const size_t bytes_to_remove =
2746  geoip_client_cache_total -
2747  (size_t)(get_options()->MaxMemInQueues / 10);
2748  removed = geoip_client_cache_handle_oom(now, bytes_to_remove);
2749  oom_stats_n_bytes_removed_geoip += removed;
2750  alloc -= removed;
2751  }
2752  if (dns_cache_total > get_options()->MaxMemInQueues / 5) {
2753  const size_t bytes_to_remove =
2754  dns_cache_total - (size_t)(get_options()->MaxMemInQueues / 10);
2755  removed = dns_cache_handle_oom(now, bytes_to_remove);
2756  oom_stats_n_bytes_removed_dns += removed;
2757  alloc -= removed;
2758  }
2759  removed = circuits_handle_oom(alloc);
2760  oom_stats_n_bytes_removed_cell += removed;
2761  return 1;
2762  }
2763  }
2764  return 0;
2765 }
2766 
2767 /** Return true if we've been under memory pressure in the last
2768  * MEMORY_PRESSURE_INTERVAL seconds. */
2769 int
2771 {
2773  < approx_time();
2774 }
2775 
2776 /**
2777  * Update the number of cells available on the circuit's n_chan or p_chan's
2778  * circuit mux.
2779  */
2780 void
2782  const char *file, int lineno)
2783 {
2784  channel_t *chan = NULL;
2785  or_circuit_t *or_circ = NULL;
2786  circuitmux_t *cmux = NULL;
2787 
2788  tor_assert(circ);
2789 
2790  /* Okay, get the channel */
2791  if (direction == CELL_DIRECTION_OUT) {
2792  chan = circ->n_chan;
2793  } else {
2794  or_circ = TO_OR_CIRCUIT(circ);
2795  chan = or_circ->p_chan;
2796  }
2797 
2798  tor_assert(chan);
2799  tor_assert(chan->cmux);
2800 
2801  /* Now get the cmux */
2802  cmux = chan->cmux;
2803 
2804  /* Cmux sanity check */
2805  if (! circuitmux_is_circuit_attached(cmux, circ)) {
2806  log_warn(LD_BUG, "called on non-attached circuit from %s:%d",
2807  file, lineno);
2808  return;
2809  }
2810  tor_assert(circuitmux_attached_circuit_direction(cmux, circ) == direction);
2811 
2812  /* Update the number of cells we have for the circuit mux */
2813  if (direction == CELL_DIRECTION_OUT) {
2814  circuitmux_set_num_cells(cmux, circ, circ->n_chan_cells.n);
2815  } else {
2816  circuitmux_set_num_cells(cmux, circ, or_circ->p_chan_cells.n);
2817  }
2818 }
2819 
2820 /** Remove all circuits from the cmux on <b>chan</b>.
2821  *
2822  * If <b>circuits_out</b> is non-NULL, add all detached circuits to
2823  * <b>circuits_out</b>.
2824  **/
2825 void
2827 {
2828  tor_assert(chan);
2829  tor_assert(chan->cmux);
2830 
2831  circuitmux_detach_all_circuits(chan->cmux, circuits_out);
2832  chan->num_n_circuits = 0;
2833  chan->num_p_circuits = 0;
2834 }
2835 
2836 /** Block (if <b>block</b> is true) or unblock (if <b>block</b> is false)
2837  * every edge connection that is using <b>circ</b> to write to <b>chan</b>,
2838  * and start or stop reading as appropriate.
2839  *
2840  * If <b>stream_id</b> is nonzero, block only the edge connection whose
2841  * stream_id matches it.
2842  *
2843  * Returns the number of streams whose status we changed.
2844  */
2845 static int
2847  int block, streamid_t stream_id)
2848 {
2849  edge_connection_t *edge = NULL;
2850  int n = 0;
2851  if (circ->n_chan == chan) {
2852  circ->streams_blocked_on_n_chan = block;
2853  if (CIRCUIT_IS_ORIGIN(circ))
2854  edge = TO_ORIGIN_CIRCUIT(circ)->p_streams;
2855  } else {
2856  circ->streams_blocked_on_p_chan = block;
2857  tor_assert(!CIRCUIT_IS_ORIGIN(circ));
2858  edge = TO_OR_CIRCUIT(circ)->n_streams;
2859  }
2860 
2861  for (; edge; edge = edge->next_stream) {
2862  connection_t *conn = TO_CONN(edge);
2863  if (stream_id && edge->stream_id != stream_id)
2864  continue;
2865 
2866  if (edge->edge_blocked_on_circ != block) {
2867  ++n;
2868  edge->edge_blocked_on_circ = block;
2869  }
2870 
2871  if (!conn->read_event) {
2872  /* This connection is a placeholder for something; probably a DNS
2873  * request. It can't actually stop or start reading.*/
2874  continue;
2875  }
2876 
2877  if (block) {
2878  if (connection_is_reading(conn))
2880  } else {
2881  /* Is this right? */
2882  if (!connection_is_reading(conn))
2884  }
2885  }
2886 
2887  return n;
2888 }
2889 
2890 /** Extract the command from a packed cell. */
2891 uint8_t
2892 packed_cell_get_command(const packed_cell_t *cell, int wide_circ_ids)
2893 {
2894  if (wide_circ_ids) {
2895  return get_uint8(cell->body+4);
2896  } else {
2897  return get_uint8(cell->body+2);
2898  }
2899 }
2900 
2901 /** Extract the circuit ID from a packed cell. */
2902 circid_t
2903 packed_cell_get_circid(const packed_cell_t *cell, int wide_circ_ids)
2904 {
2905  if (wide_circ_ids) {
2906  return ntohl(get_uint32(cell->body));
2907  } else {
2908  return ntohs(get_uint16(cell->body));
2909  }
2910 }
2911 
2912 /** Pull as many cells as possible (but no more than <b>max</b>) from the
2913  * queue of the first active circuit on <b>chan</b>, and write them to
2914  * <b>chan</b>-&gt;outbuf. Return the number of cells written. Advance
2915  * the active circuit pointer to the next active circuit in the ring. */
2916 MOCK_IMPL(int,
2918 {
2919  circuitmux_t *cmux = NULL;
2920  int n_flushed = 0;
2921  cell_queue_t *queue;
2922  destroy_cell_queue_t *destroy_queue=NULL;
2923  circuit_t *circ;
2924  or_circuit_t *or_circ;
2925  int streams_blocked;
2926  packed_cell_t *cell;
2927 
2928  /* Get the cmux */
2929  tor_assert(chan);
2930  tor_assert(chan->cmux);
2931  cmux = chan->cmux;
2932 
2933  /* Main loop: pick a circuit, send a cell, update the cmux */
2934  while (n_flushed < max) {
2935  circ = circuitmux_get_first_active_circuit(cmux, &destroy_queue);
2936  if (destroy_queue) {
2937  destroy_cell_t *dcell;
2938  /* this code is duplicated from some of the logic below. Ugly! XXXX */
2939  /* If we are given a destroy_queue here, then it is required to be
2940  * nonempty... */
2941  tor_assert(destroy_queue->n > 0);
2942  dcell = destroy_cell_queue_pop(destroy_queue);
2943  /* ...and pop() will always yield a cell from a nonempty queue. */
2944  tor_assert(dcell);
2945  /* frees dcell */
2946  cell = destroy_cell_to_packed_cell(dcell, chan->wide_circ_ids);
2947  /* Send the DESTROY cell. It is very unlikely that this fails but just
2948  * in case, get rid of the channel. */
2949  if (channel_write_packed_cell(chan, cell) < 0) {
2950  /* The cell has been freed. */
2951  channel_mark_for_close(chan);
2952  continue;
2953  }
2954  /* Update the cmux destroy counter */
2956  cell = NULL;
2957  ++n_flushed;
2958  continue;
2959  }
2960  /* If it returns NULL, no cells left to send */
2961  if (!circ) break;
2962 
2963  if (circ->n_chan == chan) {
2964  queue = &circ->n_chan_cells;
2965  streams_blocked = circ->streams_blocked_on_n_chan;
2966  } else {
2967  or_circ = TO_OR_CIRCUIT(circ);
2968  tor_assert(or_circ->p_chan == chan);
2969  queue = &TO_OR_CIRCUIT(circ)->p_chan_cells;
2970  streams_blocked = circ->streams_blocked_on_p_chan;
2971  }
2972 
2973  /* Circuitmux told us this was active, so it should have cells */
2974  if (/*BUG(*/ queue->n == 0 /*)*/) {
2975  log_warn(LD_BUG, "Found a supposedly active circuit with no cells "
2976  "to send. Trying to recover.");
2977  circuitmux_set_num_cells(cmux, circ, 0);
2978  if (! circ->marked_for_close)
2979  circuit_mark_for_close(circ, END_CIRC_REASON_INTERNAL);
2980  continue;
2981  }
2982 
2983  tor_assert(queue->n > 0);
2984 
2985  /*
2986  * Get just one cell here; once we've sent it, that can change the circuit
2987  * selection, so we have to loop around for another even if this circuit
2988  * has more than one.
2989  */
2990  cell = cell_queue_pop(queue);
2991 
2992  /* Calculate the exact time that this cell has spent in the queue. */
2993  if (get_options()->CellStatistics ||
2994  get_options()->TestingEnableCellStatsEvent) {
2995  uint32_t timestamp_now = monotime_coarse_get_stamp();
2996  uint32_t msec_waiting =
2998  timestamp_now - cell->inserted_timestamp);
2999 
3000  if (get_options()->CellStatistics && !CIRCUIT_IS_ORIGIN(circ)) {
3001  or_circ = TO_OR_CIRCUIT(circ);
3002  or_circ->total_cell_waiting_time += msec_waiting;
3003  or_circ->processed_cells++;
3004  }
3005 
3006  if (get_options()->TestingEnableCellStatsEvent) {
3007  uint8_t command = packed_cell_get_command(cell, chan->wide_circ_ids);
3008 
3010  tor_malloc_zero(sizeof(testing_cell_stats_entry_t));
3011  ent->command = command;
3012  ent->waiting_time = msec_waiting / 10;
3013  ent->removed = 1;
3014  if (circ->n_chan == chan)
3015  ent->exitward = 1;
3016  if (!circ->testing_cell_stats)
3018  smartlist_add(circ->testing_cell_stats, ent);
3019  }
3020  }
3021 
3022  /* If we just flushed our queue and this circuit is used for a
3023  * tunneled directory request, possibly advance its state. */
3024  if (queue->n == 0 && chan->dirreq_id)
3026  DIRREQ_TUNNELED,
3028 
3029  /* Now send the cell. It is very unlikely that this fails but just in
3030  * case, get rid of the channel. */
3031  if (channel_write_packed_cell(chan, cell) < 0) {
3032  /* The cell has been freed at this point. */
3033  channel_mark_for_close(chan);
3034  continue;
3035  }
3036  cell = NULL;
3037 
3038  /*
3039  * Don't packed_cell_free_unchecked(cell) here because the channel will
3040  * do so when it gets out of the channel queue (probably already did, in
3041  * which case that was an immediate double-free bug).
3042  */
3043 
3044  /* Update the counter */
3045  ++n_flushed;
3046 
3047  /*
3048  * Now update the cmux; tell it we've just sent a cell, and how many
3049  * we have left.
3050  */
3051  circuitmux_notify_xmit_cells(cmux, circ, 1);
3052  circuitmux_set_num_cells(cmux, circ, queue->n);
3053  if (queue->n == 0)
3054  log_debug(LD_GENERAL, "Made a circuit inactive.");
3055 
3056  /* Is the cell queue low enough to unblock all the streams that are waiting
3057  * to write to this circuit? */
3058  if (streams_blocked && queue->n <= CELL_QUEUE_LOWWATER_SIZE)
3059  set_streams_blocked_on_circ(circ, chan, 0, 0); /* unblock streams */
3060 
3061  /* If n_flushed < max still, loop around and pick another circuit */
3062  }
3063 
3064  /* Okay, we're done sending now */
3065  return n_flushed;
3066 }
3067 
3068 /* Minimum value is the maximum circuit window size.
3069  *
3070  * SENDME cells makes it that we can control how many cells can be inflight on
3071  * a circuit from end to end. This logic makes it that on any circuit cell
3072  * queue, we have a maximum of cells possible.
3073  *
3074  * Because the Tor protocol allows for a client to exit at any hop in a
3075  * circuit and a circuit can be of a maximum of 8 hops, so in theory the
3076  * normal worst case will be the circuit window start value times the maximum
3077  * number of hops (8). Having more cells then that means something is wrong.
3078  *
3079  * However, because padding cells aren't counted in the package window, we set
3080  * the maximum size to a reasonably large size for which we expect that we'll
3081  * never reach in theory. And if we ever do because of future changes, we'll
3082  * be able to control it with a consensus parameter.
3083  *
3084  * XXX: Unfortunately, END cells aren't accounted for in the circuit window
3085  * which means that for instance if a client opens 8001 streams, the 8001
3086  * following END cells will queue up in the circuit which will get closed if
3087  * the max limit is 8000. Which is sad because it is allowed by the Tor
3088  * protocol. But, we need an upper bound on circuit queue in order to avoid
3089  * DoS memory pressure so the default size is a middle ground between not
3090  * having any limit and having a very restricted one. This is why we can also
3091  * control it through a consensus parameter. */
3092 #define RELAY_CIRC_CELL_QUEUE_SIZE_MIN CIRCWINDOW_START_MAX
3093 /* We can't have a consensus parameter above this value. */
3094 #define RELAY_CIRC_CELL_QUEUE_SIZE_MAX INT32_MAX
3095 /* Default value is set to a large value so we can handle padding cells
3096  * properly which aren't accounted for in the SENDME window. Default is 50000
3097  * allowed cells in the queue resulting in ~25MB. */
3098 #define RELAY_CIRC_CELL_QUEUE_SIZE_DEFAULT \
3099  (50 * RELAY_CIRC_CELL_QUEUE_SIZE_MIN)
3100 
3101 /* The maximum number of cell a circuit queue can contain. This is updated at
3102  * every new consensus and controlled by a parameter. */
3103 static int32_t max_circuit_cell_queue_size =
3104  RELAY_CIRC_CELL_QUEUE_SIZE_DEFAULT;
3105 
3106 /* Called when the consensus has changed. At this stage, the global consensus
3107  * object has NOT been updated. It is called from
3108  * notify_before_networkstatus_changes(). */
3109 void
3110 relay_consensus_has_changed(const networkstatus_t *ns)
3111 {
3112  tor_assert(ns);
3113 
3114  /* Update the circuit max cell queue size from the consensus. */
3115  max_circuit_cell_queue_size =
3116  networkstatus_get_param(ns, "circ_max_cell_queue_size",
3117  RELAY_CIRC_CELL_QUEUE_SIZE_DEFAULT,
3118  RELAY_CIRC_CELL_QUEUE_SIZE_MIN,
3119  RELAY_CIRC_CELL_QUEUE_SIZE_MAX);
3120 }
3121 
3122 /** Add <b>cell</b> to the queue of <b>circ</b> writing to <b>chan</b>
3123  * transmitting in <b>direction</b>.
3124  *
3125  * The given <b>cell</b> is copied onto the circuit queue so the caller must
3126  * cleanup the memory.
3127  *
3128  * This function is part of the fast path. */
3129 void
3131  cell_t *cell, cell_direction_t direction,
3132  streamid_t fromstream)
3133 {
3134  or_circuit_t *orcirc = NULL;
3135  cell_queue_t *queue;
3136  int streams_blocked;
3137  int exitward;
3138  if (circ->marked_for_close)
3139  return;
3140 
3141  exitward = (direction == CELL_DIRECTION_OUT);
3142  if (exitward) {
3143  queue = &circ->n_chan_cells;
3144  streams_blocked = circ->streams_blocked_on_n_chan;
3145  } else {
3146  orcirc = TO_OR_CIRCUIT(circ);
3147  queue = &orcirc->p_chan_cells;
3148  streams_blocked = circ->streams_blocked_on_p_chan;
3149  }
3150 
3151  if (PREDICT_UNLIKELY(queue->n >= max_circuit_cell_queue_size)) {
3152  log_fn(LOG_PROTOCOL_WARN, LD_PROTOCOL,
3153  "%s circuit has %d cells in its queue, maximum allowed is %d. "
3154  "Closing circuit for safety reasons.",
3155  (exitward) ? "Outbound" : "Inbound", queue->n,
3156  max_circuit_cell_queue_size);
3157  circuit_mark_for_close(circ, END_CIRC_REASON_RESOURCELIMIT);
3159  return;
3160  }
3161 
3162  /* Very important that we copy to the circuit queue because all calls to
3163  * this function use the stack for the cell memory. */
3164  cell_queue_append_packed_copy(circ, queue, exitward, cell,
3165  chan->wide_circ_ids, 1);
3166 
3167  /* Check and run the OOM if needed. */
3168  if (PREDICT_UNLIKELY(cell_queues_check_size())) {
3169  /* We ran the OOM handler which might have closed this circuit. */
3170  if (circ->marked_for_close)
3171  return;
3172  }
3173 
3174  /* If we have too many cells on the circuit, we should stop reading from
3175  * the edge streams for a while. */
3176  if (!streams_blocked && queue->n >= CELL_QUEUE_HIGHWATER_SIZE)
3177  set_streams_blocked_on_circ(circ, chan, 1, 0); /* block streams */
3178 
3179  if (streams_blocked && fromstream) {
3180  /* This edge connection is apparently not blocked; block it. */
3181  set_streams_blocked_on_circ(circ, chan, 1, fromstream);
3182  }
3183 
3184  update_circuit_on_cmux(circ, direction);
3185  if (queue->n == 1) {
3186  /* This was the first cell added to the queue. We just made this
3187  * circuit active. */
3188  log_debug(LD_GENERAL, "Made a circuit active.");
3189  }
3190 
3191  /* New way: mark this as having waiting cells for the scheduler */
3193 }
3194 
3195 /** Append an encoded value of <b>addr</b> to <b>payload_out</b>, which must
3196  * have at least 18 bytes of free space. The encoding is, as specified in
3197  * tor-spec.txt:
3198  * RESOLVED_TYPE_IPV4 or RESOLVED_TYPE_IPV6 [1 byte]
3199  * LENGTH [1 byte]
3200  * ADDRESS [length bytes]
3201  * Return the number of bytes added, or -1 on error */
3202 int
3203 append_address_to_payload(uint8_t *payload_out, const tor_addr_t *addr)
3204 {
3205  uint32_t a;
3206  switch (tor_addr_family(addr)) {
3207  case AF_INET:
3208  payload_out[0] = RESOLVED_TYPE_IPV4;
3209  payload_out[1] = 4;
3210  a = tor_addr_to_ipv4n(addr);
3211  memcpy(payload_out+2, &a, 4);
3212  return 6;
3213  case AF_INET6:
3214  payload_out[0] = RESOLVED_TYPE_IPV6;
3215  payload_out[1] = 16;
3216  memcpy(payload_out+2, tor_addr_to_in6_addr8(addr), 16);
3217  return 18;
3218  case AF_UNSPEC:
3219  default:
3220  return -1;
3221  }
3222 }
3223 
3224 /** Given <b>payload_len</b> bytes at <b>payload</b>, starting with an address
3225  * encoded as by append_address_to_payload(), try to decode the address into
3226  * *<b>addr_out</b>. Return the next byte in the payload after the address on
3227  * success, or NULL on failure. */
3228 const uint8_t *
3229 decode_address_from_payload(tor_addr_t *addr_out, const uint8_t *payload,
3230  int payload_len)
3231 {
3232  if (payload_len < 2)
3233  return NULL;
3234  if (payload_len < 2+payload[1])
3235  return NULL;
3236 
3237  switch (payload[0]) {
3238  case RESOLVED_TYPE_IPV4:
3239  if (payload[1] != 4)
3240  return NULL;
3241  tor_addr_from_ipv4n(addr_out, get_uint32(payload+2));
3242  break;
3243  case RESOLVED_TYPE_IPV6:
3244  if (payload[1] != 16)
3245  return NULL;
3246  tor_addr_from_ipv6_bytes(addr_out, (payload+2));
3247  break;
3248  default:
3249  tor_addr_make_unspec(addr_out);
3250  break;
3251  }
3252  return payload + 2 + payload[1];
3253 }
3254 
3255 /** Remove all the cells queued on <b>circ</b> for <b>chan</b>. */
3256 void
3258 {
3259  cell_queue_t *queue;
3260  cell_direction_t direction;
3261 
3262  if (circ->n_chan == chan) {
3263  queue = &circ->n_chan_cells;
3264  direction = CELL_DIRECTION_OUT;
3265  } else {
3266  or_circuit_t *orcirc = TO_OR_CIRCUIT(circ);
3267  tor_assert(orcirc->p_chan == chan);
3268  queue = &orcirc->p_chan_cells;
3269  direction = CELL_DIRECTION_IN;
3270  }
3271 
3272  /* Clear the queue */
3273  cell_queue_clear(queue);
3274 
3275  /* Update the cell counter in the cmux */
3276  if (chan->cmux && circuitmux_is_circuit_attached(chan->cmux, circ))
3277  update_circuit_on_cmux(circ, direction);
3278 }
3279 
3280 /** Return 1 if we shouldn't restart reading on this circuit, even if
3281  * we get a SENDME. Else return 0.
3282 */
3283 static int
3285 {
3286  if (CIRCUIT_IS_ORIGIN(circ)) {
3287  return circ->streams_blocked_on_n_chan;
3288  } else {
3289  return circ->streams_blocked_on_p_chan;
3290  }
3291 }
void tor_addr_from_ipv4n(tor_addr_t *dest, uint32_t v4addr)
Definition: address.c:889
void tor_addr_make_unspec(tor_addr_t *a)
Definition: address.c:225
const char * tor_addr_to_str(char *dest, const tor_addr_t *addr, size_t len, int decorate)
Definition: address.c:328
int tor_addr_parse(tor_addr_t *addr, const char *src)
Definition: address.c:1349
int tor_addr_is_null(const tor_addr_t *addr)
Definition: address.c:780
void tor_addr_from_ipv6_bytes(tor_addr_t *dest, const uint8_t *ipv6_bytes)
Definition: address.c:900
static uint32_t tor_addr_to_ipv4n(const tor_addr_t *a)
Definition: address.h:152
static sa_family_t tor_addr_family(const tor_addr_t *a)
Definition: address.h:187
#define tor_addr_to_in6_addr8(x)
Definition: address.h:135
#define tor_addr_from_ipv4h(dest, v4addr)
Definition: address.h:327
#define fmt_addr(a)
Definition: address.h:239
#define TOR_ADDR_BUF_LEN
Definition: address.h:224
int client_dns_incr_failures(const char *address)
Definition: addressmap.c:638
void client_dns_set_addressmap(entry_connection_t *for_conn, const char *address, const tor_addr_t *val, const char *exitname, int ttl)
Definition: addressmap.c:728
void client_dns_clear_failures(const char *address)
Definition: addressmap.c:660
Header for addressmap.c.
time_t approx_time(void)
Definition: approx_time.c:32
Header for backtrace.c.
int buf_add(buf_t *buf, const char *string, size_t string_len)
Definition: buffers.c:527
buf_t * buf_new(void)
Definition: buffers.c:365
size_t buf_datalen(const buf_t *buf)
Definition: buffers.c:394
int buf_get_bytes(buf_t *buf, char *string, size_t string_len)
Definition: buffers.c:637
Header file for buffers.c.
static void set_uint16(void *cp, uint16_t v)
Definition: bytes.h:78
static uint16_t get_uint16(const void *cp)
Definition: bytes.h:42
static uint8_t get_uint8(const void *cp)
Definition: bytes.h:23
static void set_uint8(void *cp, uint8_t v)
Definition: bytes.h:31
static uint32_t get_uint32(const void *cp)
Definition: bytes.h:54
Cell queue structures.
Fixed-size cell structure.
void channel_timestamp_client(channel_t *chan)
Definition: channel.c:3173
int channel_send_destroy(circid_t circ_id, channel_t *chan, int reason)
Definition: channel.c:2031
int channel_is_client(const channel_t *chan)
Definition: channel.c:2893
void channel_mark_for_close(channel_t *chan)
Definition: channel.c:1137
int channel_write_packed_cell(channel_t *chan, packed_cell_t *cell)
Definition: channel.c:1484
Header file for channel.c.
void pathbias_count_valid_cells(circuit_t *circ, const cell_t *cell)
Definition: circpathbias.c:944
int pathbias_check_probe_response(circuit_t *circ, const cell_t *cell)
Definition: circpathbias.c:884
void pathbias_mark_use_success(origin_circuit_t *circ)
Definition: circpathbias.c:661
void circuit_log_path(int severity, unsigned int domain, origin_circuit_t *circ)
Definition: circuitbuild.c:351
int circuit_send_next_onion_skin(origin_circuit_t *circ)
Definition: circuitbuild.c:925
int circuit_finish_handshake(origin_circuit_t *circ, const created_cell_t *reply)
int circuit_truncated(origin_circuit_t *circ, int reason)
Header file for circuitbuild.c.
int circuit_extend(struct cell_t *cell, struct circuit_t *circ)
Header for feature/relay/circuitbuild_relay.c.
void circuit_synchronize_written_or_bandwidth(const circuit_t *c, circuit_channel_direction_t dir)
Definition: circuitlist.c:2092
void circuit_set_n_circid_chan(circuit_t *circ, circid_t id, channel_t *chan)
Definition: circuitlist.c:474
void circuit_set_state(circuit_t *circ, uint8_t state)
Definition: circuitlist.c:543
circuit_t * circuit_get_by_edge_conn(edge_connection_t *conn)
Definition: circuitlist.c:1571
void assert_circuit_ok(const circuit_t *c)
Definition: circuitlist.c:2716
smartlist_t * circuit_get_global_list(void)
Definition: circuitlist.c:694
origin_circuit_t * TO_ORIGIN_CIRCUIT(circuit_t *x)
Definition: circuitlist.c:166
size_t circuits_handle_oom(size_t current_allocation)
Definition: circuitlist.c:2593
or_circuit_t * TO_OR_CIRCUIT(circuit_t *x)
Definition: circuitlist.c:154
const char * circuit_state_to_string(int state)
Definition: circuitlist.c:762
Header file for circuitlist.c.
#define CIRCUIT_PURPOSE_PATH_BIAS_TESTING
Definition: circuitlist.h:123
#define CIRCUIT_STATE_OPEN
Definition: circuitlist.h:32
#define CIRCUIT_IS_ORIGIN(c)
Definition: circuitlist.h:147
#define CIRCUIT_PURPOSE_OR
Definition: circuitlist.h:39
#define CIRCUIT_PURPOSE_S_REND_JOINED
Definition: circuitlist.h:110
#define CIRCUIT_PURPOSE_REND_ESTABLISHED
Definition: circuitlist.h:47
cell_direction_t circuitmux_attached_circuit_direction(circuitmux_t *cmux, circuit_t *circ)
Definition: circuitmux.c:548
void circuitmux_notify_xmit_destroy(circuitmux_t *cmux)
Definition: circuitmux.c:1163
void circuitmux_detach_all_circuits(circuitmux_t *cmux, smartlist_t *detached_out)
Definition: circuitmux.c:213
void circuitmux_notify_xmit_cells(circuitmux_t *cmux, circuit_t *circ, unsigned int n_cells)
Definition: circuitmux.c:1103
int circuitmux_is_circuit_attached(circuitmux_t *cmux, circuit_t *circ)
Definition: circuitmux.c:626
circuit_t * circuitmux_get_first_active_circuit(circuitmux_t *cmux, destroy_cell_queue_t **destroy_queue_out)
Definition: circuitmux.c:1060
void circuitmux_set_num_cells(circuitmux_t *cmux, circuit_t *circ, unsigned int n_cells)
Definition: circuitmux.c:998
void circpad_deliver_sent_relay_cell_events(circuit_t *circ, uint8_t relay_command)
void circpad_deliver_unrecognized_cell_events(circuit_t *circ, cell_direction_t dir)
void circpad_machine_event_circ_has_no_relay_early(origin_circuit_t *circ)
void circpad_deliver_recognized_relay_cell_events(circuit_t *circ, uint8_t relay_command, crypt_path_t *layer_hint)
int circpad_check_received_cell(cell_t *cell, circuit_t *circ, crypt_path_t *layer_hint, const relay_header_t *rh)
Header file for circuitpadding.c.
void circuit_sent_valid_data(origin_circuit_t *circ, uint16_t relay_body_len)
Definition: circuituse.c:3144
void circuit_read_valid_data(origin_circuit_t *circ, uint16_t relay_body_len)
Definition: circuituse.c:3165
void mark_circuit_unusable_for_new_conns(origin_circuit_t *circ)
Definition: circuituse.c:3120
Header file for circuituse.c.
uint64_t monotime_coarse_stamp_units_to_approx_msec(uint64_t units)
Definition: compat_time.c:870
uint32_t monotime_coarse_get_stamp(void)
Definition: compat_time.c:844
size_t tor_compress_get_total_allocation(void)
Definition: compress.c:458
Headers for compress.c.
const or_options_t * get_options(void)
Definition: config.c:919
tor_cmdline_mode_t command
Definition: config.c:2440
Header file for config.c.
int connection_buf_get_bytes(char *string, size_t len, connection_t *conn)
Definition: connection.c:4232
const char * conn_state_to_string(int type, int state)
Definition: connection.c:302
int connection_state_is_open(connection_t *conn)
Definition: connection.c:4956
Header file for connection.c.
#define CONN_TYPE_AP
Definition: connection.h:51
#define CONN_TYPE_DIR
Definition: connection.h:55
#define CONN_TYPE_EXIT
Definition: connection.h:46
int connection_half_edge_is_valid_data(const smartlist_t *half_conns, streamid_t stream_id)
int connection_ap_detach_retriable(entry_connection_t *conn, origin_circuit_t *circ, int reason)
void connection_ap_handshake_socks_reply(entry_connection_t *conn, char *reply, size_t replylen, int endreason)
int connection_half_edge_is_valid_end(smartlist_t *half_conns, streamid_t stream_id)
void connection_edge_end_close(edge_connection_t *conn, uint8_t reason)
int connection_exit_begin_resolve(cell_t *cell, or_circuit_t *circ)
int connection_half_edge_is_valid_connected(const smartlist_t *half_conns, streamid_t stream_id)
entry_connection_t * EDGE_TO_ENTRY_CONN(edge_connection_t *c)
void connection_ap_handshake_socks_resolved_addr(entry_connection_t *conn, const tor_addr_t *answer, int ttl, time_t expires)
int connection_half_edge_is_valid_resolved(smartlist_t *half_conns, streamid_t stream_id)
int connection_edge_end(edge_connection_t *conn, uint8_t reason)
size_t half_streams_get_total_allocation(void)
int connection_half_edge_is_valid_sendme(const smartlist_t *half_conns, streamid_t stream_id)
int connection_edge_is_rendezvous_stream(const edge_connection_t *conn)
void connection_ap_handshake_socks_resolved(entry_connection_t *conn, int answer_type, size_t answer_len, const uint8_t *answer, int ttl, time_t expires)
int connection_exit_begin_conn(cell_t *cell, circuit_t *circ)
Header file for connection_edge.c.
#define EXIT_CONN_STATE_CONNECTING
#define AP_CONN_STATE_CONNECT_WAIT
#define AP_CONN_STATE_OPEN
#define AP_CONN_STATE_RESOLVE_WAIT
#define EXIT_CONN_STATE_RESOLVING
void cell_pack(packed_cell_t *dst, const cell_t *src, int wide_circ_ids)
Header file for connection_or.c.
void control_event_boot_dir(bootstrap_status_t status, int progress)
void control_event_bootstrap(bootstrap_status_t status, int progress)
int control_event_stream_status(entry_connection_t *conn, stream_status_event_t tp, int reason_code)
Header file for control_events.c.
#define REMAP_STREAM_SOURCE_EXIT
Circuit-build-stse structure.
Common functions for using (pseudo-)random number generators.
#define crypto_fast_rng_one_in_n(rng, n)
Definition: crypto_rand.h:80
crypto_fast_rng_t * get_thread_fast_rng(void)
unsigned crypto_fast_rng_get_uint(crypto_fast_rng_t *rng, unsigned limit)
void crypto_fast_rng_getbytes(crypto_fast_rng_t *rng, uint8_t *out, size_t n)
Common functions for cryptographic routines.
const char * node_describe(const node_t *node)
Definition: describe.c:160
Header file for describe.c.
Destroy-cell queue structures.
Client/server directory connection structure.
dir_connection_t * TO_DIR_CONN(connection_t *c)
Definition: directory.c:88
Header file for directory.c.
#define DIR_PURPOSE_FETCH_CERTIFICATE
Definition: directory.h:57
#define DIR_PURPOSE_FETCH_MICRODESC
Definition: directory.h:65
#define DIR_PURPOSE_FETCH_CONSENSUS
Definition: directory.h:54
#define DIR_PURPOSE_FETCH_SERVERDESC
Definition: directory.h:36
Header file for dns.c.
Entry connection structure.
#define ENTRY_TO_EDGE_CONN(c)
Extend-info structure.
Header for core/or/extendinfo.c.
Header file for geoip_stats.c.
@ DIRREQ_END_CELL_SENT
Definition: geoip_stats.h:66
@ DIRREQ_CIRC_QUEUE_FLUSHED
Definition: geoip_stats.h:69
void geoip_change_dirreq_state(uint64_t dirreq_id, dirreq_type_t type, dirreq_state_t new_state)
Definition: geoip_stats.c:552
size_t hs_cache_handle_oom(time_t now, size_t min_remove_bytes)
Definition: hs_cache.c:1072
Header file for hs_cache.c.
Header for feature/hs/hs_metrics.c.
#define hs_metrics_app_write_bytes(i, port, n)
Definition: hs_metrics.h:39
uint16_t sa_family_t
Definition: inaddr_st.h:77
void tor_log(int severity, log_domain_mask_t domain, const char *format,...)
Definition: log.c:590
#define log_fn(severity, domain, args,...)
Definition: log.h:283
#define LD_REND
Definition: log.h:84
#define LD_APP
Definition: log.h:78
#define LD_PROTOCOL
Definition: log.h:72
#define LD_OR
Definition: log.h:92
#define LD_MM
Definition: log.h:74
#define LD_BUG
Definition: log.h:86
#define LD_GENERAL
Definition: log.h:62
#define LOG_WARN
Definition: log.h:53
#define LOG_INFO
Definition: log.h:45
void connection_stop_reading(connection_t *conn)
Definition: mainloop.c:609
void connection_start_reading(connection_t *conn)
Definition: mainloop.c:631
int connection_is_reading(connection_t *conn)
Definition: mainloop.c:508
Header file for mainloop.c.
#define tor_free(p)
Definition: malloc.h:52
int32_t networkstatus_get_param(const networkstatus_t *ns, const char *param_name, int32_t default_val, int32_t min_val, int32_t max_val)
int consensus_is_waiting_for_certs(void)
Header file for networkstatus.c.
node_t * node_get_mutable_by_id(const char *identity_digest)
Definition: nodelist.c:197
int node_exit_policy_is_exact(const node_t *node, sa_family_t family)
Definition: nodelist.c:1596
int count_loading_descriptors_progress(void)
Definition: nodelist.c:2770
Header file for nodelist.c.
int extended_cell_parse(extended_cell_t *cell_out, const uint8_t command, const uint8_t *payload, size_t payload_len)
Definition: onion.c:465
Header file for onion.c.
Master header file for Tor-specific functionality.
#define CELL_PAYLOAD_SIZE
Definition: or.h:457
#define END_STREAM_REASON_CANT_ATTACH
Definition: or.h:251
#define END_STREAM_REASON_FLAG_REMOTE
Definition: or.h:277
uint32_t circid_t
Definition: or.h:489
uint16_t streamid_t
Definition: or.h:491
#define TO_CIRCUIT(x)
Definition: or.h:845
#define RELAY_PAYLOAD_SIZE
Definition: or.h:486
#define END_STREAM_REASON_FLAG_ALREADY_SOCKS_REPLIED
Definition: or.h:284
#define TO_CONN(c)
Definition: or.h:616
#define RELAY_HEADER_SIZE
Definition: or.h:484
cell_direction_t
Definition: or.h:363
@ CELL_DIRECTION_OUT
Definition: or.h:365
@ CELL_DIRECTION_IN
Definition: or.h:364
#define END_CIRC_AT_ORIGIN
Definition: or.h:306
#define ENTRY_TO_CONN(c)
Definition: or.h:619
#define CIRCWINDOW_INCREMENT
Definition: or.h:386
Origin circuit structure.
@ PATH_STATE_USE_FAILED
void addr_policy_append_reject_addr(smartlist_t **dest, const tor_addr_t *addr)
Definition: policies.c:1597
void policies_set_node_exitpolicy_to_reject_all(node_t *node)
Definition: policies.c:2174
Header file for policies.c.
int tor_snprintf(char *str, size_t size, const char *format,...)
Definition: printf.c:27
char * rate_limit_log(ratelim_t *lim, time_t now)
Definition: ratelim.c:42
const char * stream_end_reason_to_string(int reason)
Definition: reasons.c:64
Header file for reasons.c.
int channel_flush_from_first_active_circuit(channel_t *chan, int max)
Definition: relay.c:2917
STATIC size_t connection_edge_get_inbuf_bytes_to_package(size_t n_available, int package_partial, circuit_t *on_circuit)
Definition: relay.c:2089
void destroy_cell_queue_init(destroy_cell_queue_t *queue)
Definition: relay.c:2619
static int circuit_resume_edge_reading_helper(edge_connection_t *conn, circuit_t *circ, crypt_path_t *layer_hint)
Definition: relay.c:2311
#define CELL_QUEUE_LOWWATER_SIZE
Definition: relay.c:123
int append_address_to_payload(uint8_t *payload_out, const tor_addr_t *addr)
Definition: relay.c:3203
uint64_t stats_n_data_cells_received
Definition: relay.c:2058
void packed_cell_free_(packed_cell_t *cell)
Definition: relay.c:2521
void destroy_cell_queue_clear(destroy_cell_queue_t *queue)
Definition: relay.c:2627
void destroy_cell_queue_append(destroy_cell_queue_t *queue, circid_t circid, uint8_t reason)
Definition: relay.c:2653
void channel_unlink_all_circuits(channel_t *chan, smartlist_t *circuits_out)
Definition: relay.c:2826
void cell_queue_append_packed_copy(circuit_t *circ, cell_queue_t *queue, int exitward, const cell_t *cell, int wide_circ_ids, int use_stats)
Definition: relay.c:2569
STATIC size_t get_pad_cell_offset(size_t data_len)
Definition: relay.c:556
uint64_t oom_stats_n_bytes_removed_dns
Definition: relay.c:2705
void dump_cell_pool_usage(int severity)
Definition: relay.c:2531
STATIC int connection_edge_process_relay_cell(cell_t *cell, circuit_t *circ, edge_connection_t *conn, crypt_path_t *layer_hint)
Definition: relay.c:1982
static packed_cell_t * destroy_cell_to_packed_cell(destroy_cell_t *inp, int wide_circ_ids)
Definition: relay.c:2669
void circuit_reset_sendme_randomness(circuit_t *circ)
Definition: relay.c:2070
const uint8_t * decode_address_from_payload(tor_addr_t *addr_out, const uint8_t *payload, int payload_len)
Definition: relay.c:3229
uint64_t stats_n_relay_cells_relayed
Definition: relay.c:128
uint64_t stats_n_circ_max_cell_reached
Definition: relay.c:135
STATIC packed_cell_t * packed_cell_new(void)
Definition: relay.c:2513
STATIC destroy_cell_t * destroy_cell_queue_pop(destroy_cell_queue_t *queue)
Definition: relay.c:2641
#define MAX_RESOLVE_FAILURES
Definition: relay.c:788
static packed_cell_t * packed_cell_copy(const cell_t *cell, int wide_circ_ids)
Definition: relay.c:2549
static void remap_event_helper(entry_connection_t *conn, const tor_addr_t *new_addr)
Definition: relay.c:1049
STATIC packed_cell_t * cell_queue_pop(cell_queue_t *queue)
Definition: relay.c:2607
static int circuit_queue_streams_are_blocked(circuit_t *circ)
Definition: relay.c:3284
static void connection_ap_handshake_socks_got_resolved_cell(entry_connection_t *conn, int error_code, smartlist_t *results)
Definition: relay.c:1218
static void adjust_exit_policy_from_exitpolicy_failure(origin_circuit_t *circ, entry_connection_t *conn, node_t *node, const tor_addr_t *addr)
Definition: relay.c:1014
static void circuit_update_channel_usage(circuit_t *circ, cell_t *cell)
Definition: relay.c:148
uint64_t stats_n_data_cells_packaged
Definition: relay.c:2052
void cell_queue_clear(cell_queue_t *queue)
Definition: relay.c:2593
STATIC int connected_cell_parse(const relay_header_t *rh, const cell_t *cell, tor_addr_t *addr_out, int *ttl_out)
Definition: relay.c:1069
static int set_streams_blocked_on_circ(circuit_t *circ, channel_t *chan, int block, streamid_t stream_id)
Definition: relay.c:2846
void circuit_clear_cell_queue(circuit_t *circ, channel_t *chan)
Definition: relay.c:3257
void cell_queue_init(cell_queue_t *queue)
Definition: relay.c:2585
int circuit_package_relay_cell(cell_t *cell, circuit_t *circ, cell_direction_t cell_direction, crypt_path_t *layer_hint, streamid_t on_stream, const char *filename, int lineno)
Definition: relay.c:364
int have_been_under_memory_pressure(void)
Definition: relay.c:2770
uint64_t stats_n_data_bytes_received
Definition: relay.c:2062
void relay_header_pack(uint8_t *dest, const relay_header_t *src)
Definition: relay.c:478
circid_t packed_cell_get_circid(const packed_cell_t *cell, int wide_circ_ids)
Definition: relay.c:2903
static edge_connection_t * relay_lookup_conn(circuit_t *circ, cell_t *cell, cell_direction_t cell_direction, crypt_path_t *layer_hint)
Definition: relay.c:425
void update_circuit_on_cmux_(circuit_t *circ, cell_direction_t direction, const char *file, int lineno)
Definition: relay.c:2781
void append_cell_to_circuit_queue(circuit_t *circ, channel_t *chan, cell_t *cell, cell_direction_t direction, streamid_t fromstream)
Definition: relay.c:3130
int relay_send_command_from_edge_(streamid_t stream_id, circuit_t *circ, uint8_t relay_command, const char *payload, size_t payload_len, crypt_path_t *cpath_layer, const char *filename, int lineno)
Definition: relay.c:611
void relay_header_unpack(relay_header_t *dest, const uint8_t *src)
Definition: relay.c:491
static int connection_edge_process_relay_cell_not_open(relay_header_t *rh, cell_t *cell, circuit_t *circ, edge_connection_t *conn, crypt_path_t *layer_hint)
Definition: relay.c:1367
uint8_t packed_cell_get_command(const packed_cell_t *cell, int wide_circ_ids)
Definition: relay.c:2892
uint64_t stats_n_relay_cells_delivered
Definition: relay.c:132
STATIC int cell_queues_check_size(void)
Definition: relay.c:2713
static int process_sendme_cell(const relay_header_t *rh, const cell_t *cell, circuit_t *circ, edge_connection_t *conn, crypt_path_t *layer_hint, int domain)
Definition: relay.c:1516
STATIC int handle_relay_cell_command(cell_t *cell, circuit_t *circ, edge_connection_t *conn, crypt_path_t *layer_hint, relay_header_t *rh, int optimistic_data)
Definition: relay.c:1592
static size_t total_cells_allocated
Definition: relay.c:2501
static const char * relay_command_to_string(uint8_t command)
Definition: relay.c:502
static void packed_cell_free_unchecked(packed_cell_t *cell)
Definition: relay.c:2505
static int edge_reason_is_retriable(int reason)
Definition: relay.c:793
static void circuit_resume_edge_reading(circuit_t *circ, crypt_path_t *layer_hint)
Definition: relay.c:2290
#define RELAY_PAYLOAD_LENGTH_FOR_RANDOM_SENDMES
Definition: relay.c:2081
STATIC void address_ttl_free_(address_ttl_t *addr)
Definition: relay.c:1107
#define MEMORY_PRESSURE_INTERVAL
Definition: relay.c:2699
void cell_queue_append(cell_queue_t *queue, packed_cell_t *cell)
Definition: relay.c:2558
static int connection_ap_process_end_not_open(relay_header_t *rh, cell_t *cell, origin_circuit_t *circ, entry_connection_t *conn, crypt_path_t *layer_hint)
Definition: relay.c:808
int circuit_receive_relay_cell(cell_t *cell, circuit_t *circ, cell_direction_t cell_direction)
Definition: relay.c:226
int connection_edge_package_raw_inbuf(edge_connection_t *conn, int package_partial, int *max_cells)
Definition: relay.c:2153
int connection_edge_send_command(edge_connection_t *fromconn, uint8_t relay_command, const char *payload, size_t payload_len)
Definition: relay.c:732
STATIC int resolved_cell_parse(const cell_t *cell, const relay_header_t *rh, smartlist_t *addresses_out, int *errcode_out)
Definition: relay.c:1121
uint64_t stats_n_data_bytes_packaged
Definition: relay.c:2056
STATIC int connection_edge_process_resolved_cell(edge_connection_t *conn, const cell_t *cell, const relay_header_t *rh)
Definition: relay.c:1292
size_t packed_cell_mem_cost(void)
Definition: relay.c:2686
#define CELL_PADDING_GAP
Definition: relay.c:542
#define CELL_QUEUE_HIGHWATER_SIZE
Definition: relay.c:120
static time_t last_time_under_memory_pressure
Definition: relay.c:2702
static int circuit_consider_stop_edge_reading(circuit_t *circ, crypt_path_t *layer_hint)
Definition: relay.c:2468
Header file for relay.c.
Header for relay_crypto.c.
void relay_encrypt_cell_outbound(cell_t *cell, origin_circuit_t *or_circ, crypt_path_t *layer_hint)
Definition: relay_crypto.c:219
int relay_decrypt_cell(circuit_t *circ, cell_t *cell, cell_direction_t cell_direction, crypt_path_t **layer_hint, char *recognized)
Definition: relay_crypto.c:145
void relay_encrypt_cell_inbound(cell_t *cell, or_circuit_t *or_circ)
Definition: relay_crypto.c:248
void rend_process_relay_cell(circuit_t *circ, const crypt_path_t *layer_hint, int command, size_t length, const uint8_t *payload)
Definition: rendcommon.c:34
Header file for rendcommon.c.
void rep_hist_note_overload(overload_type_t overload)
Definition: rephist.c:485
Header file for rephist.c.
Router descriptor structure.
#define ROUTER_PURPOSE_GENERAL
Definition: routerinfo_st.h:98
Header file for routerlist.c.
void scheduler_channel_has_waiting_cells(channel_t *chan)
Definition: scheduler.c:548
Header file for scheduler*.c.
void sendme_connection_edge_consider_sending(edge_connection_t *conn)
Definition: sendme.c:375
void sendme_circuit_consider_sending(circuit_t *circ, crypt_path_t *layer_hint)
Definition: sendme.c:418
Header file for sendme.c.
char * smartlist_join_strings(smartlist_t *sl, const char *join, int terminate, size_t *len_out)
Definition: smartlist.c:279
void smartlist_add_all(smartlist_t *s1, const smartlist_t *s2)
smartlist_t * smartlist_new(void)
void smartlist_add(smartlist_t *sl, void *element)
#define SMARTLIST_FOREACH_BEGIN(sl, type, var)
#define SMARTLIST_FOREACH(sl, type, var, cmd)
#define SMARTLIST_DEL_CURRENT(sl, var)
Client request structure.
#define SOCKS_COMMAND_RESOLVE_PTR
Definition: cell_st.h:17
uint8_t payload[CELL_PAYLOAD_SIZE]
Definition: cell_st.h:21
uint8_t command
Definition: cell_st.h:19
circid_t circ_id
Definition: cell_st.h:18
unsigned int num_n_circuits
Definition: channel.h:410
uint64_t dirreq_id
Definition: channel.h:453
channel_usage_info_t channel_usage
Definition: channel.h:228
circuitmux_t * cmux
Definition: channel.h:397
int marked_for_close_reason
Definition: circuit_st.h:197
uint8_t state
Definition: circuit_st.h:110
uint16_t send_randomness_after_n_cells
Definition: circuit_st.h:127
struct create_cell_t * n_chan_create_cell
Definition: circuit_st.h:153
unsigned int have_sent_sufficiently_random_cell
Definition: circuit_st.h:108
unsigned int streams_blocked_on_n_chan
Definition: circuit_st.h:91
uint64_t dirreq_id
Definition: circuit_st.h:204
cell_queue_t n_chan_cells
Definition: circuit_st.h:81
uint16_t marked_for_close
Definition: circuit_st.h:189
uint8_t purpose
Definition: circuit_st.h:111
const char * marked_for_close_file
Definition: circuit_st.h:192
int package_window
Definition: circuit_st.h:116
smartlist_t * testing_cell_stats
Definition: circuit_st.h:212
unsigned int streams_blocked_on_p_chan
Definition: circuit_st.h:94
channel_t * n_chan
Definition: circuit_st.h:69
extend_info_t * n_hop
Definition: circuit_st.h:87
circid_t n_circ_id
Definition: circuit_st.h:78
time_t timestamp_last_read_allowed
uint8_t state
Definition: connection_st.h:49
unsigned int type
Definition: connection_st.h:50
uint16_t marked_for_close
const char * marked_for_close_file
unsigned int purpose
Definition: connection_st.h:51
tor_socket_t s
Definition: connection_st.h:96
struct event * read_event
Definition: connection_st.h:99
extend_info_t * chosen_exit
struct crypt_path_t * cpath_layer
struct edge_connection_t * next_stream
unsigned int edge_has_sent_end
unsigned int edge_blocked_on_circ
struct circuit_t * on_circuit
socks_request_t * socks_request
unsigned int chosen_exit_optional
unsigned int chosen_exit_retries
struct buf_t * pending_optimistic_data
char identity_digest[DIGEST_LEN]
created_cell_t created_cell
Definition: onion.h:68
ed25519_public_key_t identity_pk
Definition: hs_ident.h:106
uint16_t orig_virtual_port
Definition: hs_ident.h:111
Definition: node_st.h:34
uint64_t total_cell_waiting_time
Definition: or_circuit_st.h:79
channel_t * p_chan
Definition: or_circuit_st.h:37
circid_t p_circ_id
Definition: or_circuit_st.h:33
cell_queue_t p_chan_cells
Definition: or_circuit_st.h:35
struct or_circuit_t * rend_splice
Definition: or_circuit_st.h:50
edge_connection_t * n_streams
Definition: or_circuit_st.h:39
uint32_t processed_cells
Definition: or_circuit_st.h:74
uint64_t MaxMemInQueues
uint32_t n_written_circ_bw
edge_connection_t * p_streams
uint8_t relay_early_commands[MAX_RELAY_EARLY_CELLS_PER_CIRCUIT]
unsigned int remaining_relay_early_cells
path_state_bitfield_t path_state
smartlist_t * prepend_policy
crypt_path_t * cpath
cpath_build_state_t * build_state
smartlist_t * half_streams
uint32_t inserted_timestamp
Definition: cell_queue_st.h:22
char body[CELL_MAX_NETWORK_SIZE]
Definition: cell_queue_st.h:21
uint16_t length
Definition: or.h:523
uint8_t command
Definition: or.h:519
streamid_t stream_id
Definition: or.h:521
uint16_t recognized
Definition: or.h:520
char integrity[4]
Definition: or.h:522
unsigned int has_finished
char address[MAX_SOCKS_ADDR_LEN]
Definition: or.h:817
uint8_t command
Definition: or.h:818
unsigned int waiting_time
Definition: or.h:823
unsigned int exitward
Definition: or.h:825
unsigned int removed
Definition: or.h:824
#define STATIC
Definition: testsupport.h:32
#define MOCK_IMPL(rv, funcname, arglist)
Definition: testsupport.h:133
#define tor_assert(expr)
Definition: util_bug.h:102