Tor  0.4.3.0-alpha-dev
relay.c
Go to the documentation of this file.
1 /* Copyright (c) 2001 Matej Pfajfar.
2  * Copyright (c) 2001-2004, Roger Dingledine.
3  * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson.
4  * Copyright (c) 2007-2019, The Tor Project, Inc. */
5 /* See LICENSE for licensing information */
6 
7 /**
8  * \file relay.c
9  * \brief Handle relay cell encryption/decryption, plus packaging and
10  * receiving from circuits, plus queuing on circuits.
11  *
12  * This is a core modules that makes Tor work. It's responsible for
13  * dealing with RELAY cells (the ones that travel more than one hop along a
14  * circuit), by:
15  * <ul>
16  * <li>constructing relays cells,
17  * <li>encrypting relay cells,
18  * <li>decrypting relay cells,
19  * <li>demultiplexing relay cells as they arrive on a connection,
20  * <li>queueing relay cells for retransmission,
21  * <li>or handling relay cells that are for us to receive (as an exit or a
22  * client).
23  * </ul>
24  *
25  * RELAY cells are generated throughout the code at the client or relay side,
26  * using relay_send_command_from_edge() or one of the functions like
27  * connection_edge_send_command() that calls it. Of particular interest is
28  * connection_edge_package_raw_inbuf(), which takes information that has
29  * arrived on an edge connection socket, and packages it as a RELAY_DATA cell
30  * -- this is how information is actually sent across the Tor network. The
31  * cryptography for these functions is handled deep in
32  * circuit_package_relay_cell(), which either adds a single layer of
33  * encryption (if we're an exit), or multiple layers (if we're the origin of
34  * the circuit). After construction and encryption, the RELAY cells are
35  * passed to append_cell_to_circuit_queue(), which queues them for
36  * transmission and tells the circuitmux (see circuitmux.c) that the circuit
37  * is waiting to send something.
38  *
39  * Incoming RELAY cells arrive at circuit_receive_relay_cell(), called from
40  * command.c. There they are decrypted and, if they are for us, are passed to
41  * connection_edge_process_relay_cell(). If they're not for us, they're
42  * re-queued for retransmission again with append_cell_to_circuit_queue().
43  *
44  * The connection_edge_process_relay_cell() function handles all the different
45  * types of relay cells, launching requests or transmitting data as needed.
46  **/
47 
48 #define RELAY_PRIVATE
49 #include "core/or/or.h"
51 #include "lib/err/backtrace.h"
52 #include "lib/buf/buffers.h"
53 #include "core/or/channel.h"
54 #include "feature/client/circpathbias.h"
55 #include "core/or/circuitbuild.h"
56 #include "core/or/circuitlist.h"
57 #include "core/or/circuituse.h"
58 #include "core/or/circuitpadding.h"
59 #include "lib/compress/compress.h"
60 #include "app/config/config.h"
63 #include "core/or/connection_or.h"
68 #include "feature/relay/dns.h"
70 #include "feature/hs/hs_cache.h"
71 #include "core/mainloop/mainloop.h"
74 #include "core/or/onion.h"
75 #include "core/or/policies.h"
76 #include "core/or/reasons.h"
77 #include "core/or/relay.h"
79 #include "feature/rend/rendcache.h"
83 #include "core/or/scheduler.h"
84 
85 #include "core/or/cell_st.h"
86 #include "core/or/cell_queue_st.h"
91 #include "core/or/extend_info_st.h"
92 #include "core/or/or_circuit_st.h"
96 #include "core/or/sendme.h"
97 
99  cell_direction_t cell_direction,
100  crypt_path_t *layer_hint);
101 
102 static void circuit_resume_edge_reading(circuit_t *circ,
103  crypt_path_t *layer_hint);
105  circuit_t *circ,
106  crypt_path_t *layer_hint);
108  crypt_path_t *layer_hint);
111  entry_connection_t *conn,
112  node_t *node,
113  const tor_addr_t *addr);
114 
115 /** Stop reading on edge connections when we have this many cells
116  * waiting on the appropriate queue. */
117 #define CELL_QUEUE_HIGHWATER_SIZE 256
118 /** Start reading from edge connections again when we get down to this many
119  * cells. */
120 #define CELL_QUEUE_LOWWATER_SIZE 64
121 
122 /** Stats: how many relay cells have originated at this hop, or have
123  * been relayed onward (not recognized at this hop)?
124  */
126 /** Stats: how many relay cells have been delivered to streams at this
127  * hop?
128  */
130 /** Stats: how many circuits have we closed due to the cell queue limit being
131  * reached (see append_cell_to_circuit_queue()) */
133 
134 /**
135  * Update channel usage state based on the type of relay cell and
136  * circuit properties.
137  *
138  * This is needed to determine if a client channel is being
139  * used for application traffic, and if a relay channel is being
140  * used for multihop circuits and application traffic. The decision
141  * to pad in channelpadding.c depends upon this info (as well as
142  * consensus parameters) to decide what channels to pad.
143  */
144 static void
146 {
147  if (CIRCUIT_IS_ORIGIN(circ)) {
148  /*
149  * The client state was first set much earlier in
150  * circuit_send_next_onion_skin(), so we can start padding as early as
151  * possible.
152  *
153  * However, if padding turns out to be expensive, we may want to not do
154  * it until actual application traffic starts flowing (which is controlled
155  * via consensus param nf_pad_before_usage).
156  *
157  * So: If we're an origin circuit and we've created a full length circuit,
158  * then any CELL_RELAY cell means application data. Increase the usage
159  * state of the channel to indicate this.
160  *
161  * We want to wait for CELL_RELAY specifically here, so we know that
162  * the channel was definitely being used for data and not for extends.
163  * By default, we pad as soon as a channel has been used for *any*
164  * circuits, so this state is irrelevant to the padding decision in
165  * the default case. However, if padding turns out to be expensive,
166  * we would like the ability to avoid padding until we're absolutely
167  * sure that a channel is used for enough application data to be worth
168  * padding.
169  *
170  * (So it does not matter that CELL_RELAY_EARLY can actually contain
171  * application data. This is only a load reducing option and that edge
172  * case does not matter if we're desperately trying to reduce overhead
173  * anyway. See also consensus parameter nf_pad_before_usage).
174  */
175  if (BUG(!circ->n_chan))
176  return;
177 
178  if (circ->n_chan->channel_usage == CHANNEL_USED_FOR_FULL_CIRCS &&
179  cell->command == CELL_RELAY) {
180  circ->n_chan->channel_usage = CHANNEL_USED_FOR_USER_TRAFFIC;
181  }
182  } else {
183  /* If we're a relay circuit, the question is more complicated. Basically:
184  * we only want to pad connections that carry multihop (anonymous)
185  * circuits.
186  *
187  * We assume we're more than one hop if either the previous hop
188  * is not a client, or if the previous hop is a client and there's
189  * a next hop. Then, circuit traffic starts at RELAY_EARLY, and
190  * user application traffic starts when we see RELAY cells.
191  */
192  or_circuit_t *or_circ = TO_OR_CIRCUIT(circ);
193 
194  if (BUG(!or_circ->p_chan))
195  return;
196 
197  if (!channel_is_client(or_circ->p_chan) ||
198  (channel_is_client(or_circ->p_chan) && circ->n_chan)) {
199  if (cell->command == CELL_RELAY_EARLY) {
200  if (or_circ->p_chan->channel_usage < CHANNEL_USED_FOR_FULL_CIRCS) {
201  or_circ->p_chan->channel_usage = CHANNEL_USED_FOR_FULL_CIRCS;
202  }
203  } else if (cell->command == CELL_RELAY) {
204  or_circ->p_chan->channel_usage = CHANNEL_USED_FOR_USER_TRAFFIC;
205  }
206  }
207  }
208 }
209 
210 /** Receive a relay cell:
211  * - Crypt it (encrypt if headed toward the origin or if we <b>are</b> the
212  * origin; decrypt if we're headed toward the exit).
213  * - Check if recognized (if exitward).
214  * - If recognized and the digest checks out, then find if there's a stream
215  * that the cell is intended for, and deliver it to the right
216  * connection_edge.
217  * - If not recognized, then we need to relay it: append it to the appropriate
218  * cell_queue on <b>circ</b>.
219  *
220  * Return -<b>reason</b> on failure.
221  */
222 int
224  cell_direction_t cell_direction)
225 {
226  channel_t *chan = NULL;
227  crypt_path_t *layer_hint=NULL;
228  char recognized=0;
229  int reason;
230 
231  tor_assert(cell);
232  tor_assert(circ);
233  tor_assert(cell_direction == CELL_DIRECTION_OUT ||
234  cell_direction == CELL_DIRECTION_IN);
235  if (circ->marked_for_close)
236  return 0;
237 
238  if (relay_decrypt_cell(circ, cell, cell_direction, &layer_hint, &recognized)
239  < 0) {
240  log_fn(LOG_PROTOCOL_WARN, LD_PROTOCOL,
241  "relay crypt failed. Dropping connection.");
242  return -END_CIRC_REASON_INTERNAL;
243  }
244 
245  circuit_update_channel_usage(circ, cell);
246 
247  if (recognized) {
248  edge_connection_t *conn = NULL;
249 
250  /* Recognized cell, the cell digest has been updated, we'll record it for
251  * the SENDME if need be. */
252  sendme_record_received_cell_digest(circ, layer_hint);
253 
255  if (pathbias_check_probe_response(circ, cell) == -1) {
256  pathbias_count_valid_cells(circ, cell);
257  }
258 
259  /* We need to drop this cell no matter what to avoid code that expects
260  * a certain purpose (such as the hidserv code). */
261  return 0;
262  }
263 
264  conn = relay_lookup_conn(circ, cell, cell_direction, layer_hint);
265  if (cell_direction == CELL_DIRECTION_OUT) {
267  log_debug(LD_OR,"Sending away from origin.");
268  reason = connection_edge_process_relay_cell(cell, circ, conn, NULL);
269  if (reason < 0) {
270  log_fn(LOG_PROTOCOL_WARN, LD_PROTOCOL,
271  "connection_edge_process_relay_cell (away from origin) "
272  "failed.");
273  return reason;
274  }
275  }
276  if (cell_direction == CELL_DIRECTION_IN) {
278  log_debug(LD_OR,"Sending to origin.");
279  reason = connection_edge_process_relay_cell(cell, circ, conn,
280  layer_hint);
281  if (reason < 0) {
282  /* If a client is trying to connect to unknown hidden service port,
283  * END_CIRC_AT_ORIGIN is sent back so we can then close the circuit.
284  * Do not log warn as this is an expected behavior for a service. */
285  if (reason != END_CIRC_AT_ORIGIN) {
286  log_warn(LD_OR,
287  "connection_edge_process_relay_cell (at origin) failed.");
288  }
289  return reason;
290  }
291  }
292  return 0;
293  }
294 
295  /* not recognized. inform circpad and pass it on. */
296  circpad_deliver_unrecognized_cell_events(circ, cell_direction);
297 
298  if (cell_direction == CELL_DIRECTION_OUT) {
299  cell->circ_id = circ->n_circ_id; /* switch it */
300  chan = circ->n_chan;
301  } else if (! CIRCUIT_IS_ORIGIN(circ)) {
302  cell->circ_id = TO_OR_CIRCUIT(circ)->p_circ_id; /* switch it */
303  chan = TO_OR_CIRCUIT(circ)->p_chan;
304  } else {
305  log_fn(LOG_PROTOCOL_WARN, LD_OR,
306  "Dropping unrecognized inbound cell on origin circuit.");
307  /* If we see unrecognized cells on path bias testing circs,
308  * it's bad mojo. Those circuits need to die.
309  * XXX: Shouldn't they always die? */
312  return -END_CIRC_REASON_TORPROTOCOL;
313  } else {
314  return 0;
315  }
316  }
317 
318  if (!chan) {
319  // XXXX Can this splice stuff be done more cleanly?
320  if (! CIRCUIT_IS_ORIGIN(circ) &&
321  TO_OR_CIRCUIT(circ)->rend_splice &&
322  cell_direction == CELL_DIRECTION_OUT) {
323  or_circuit_t *splice_ = TO_OR_CIRCUIT(circ)->rend_splice;
326  cell->circ_id = splice_->p_circ_id;
327  cell->command = CELL_RELAY; /* can't be relay_early anyway */
328  if ((reason = circuit_receive_relay_cell(cell, TO_CIRCUIT(splice_),
329  CELL_DIRECTION_IN)) < 0) {
330  log_warn(LD_REND, "Error relaying cell across rendezvous; closing "
331  "circuits");
332  /* XXXX Do this here, or just return -1? */
333  circuit_mark_for_close(circ, -reason);
334  return reason;
335  }
336  return 0;
337  }
338  log_fn(LOG_PROTOCOL_WARN, LD_PROTOCOL,
339  "Didn't recognize cell, but circ stops here! Closing circ.");
340  return -END_CIRC_REASON_TORPROTOCOL;
341  }
342 
343  log_debug(LD_OR,"Passing on unrecognized cell.");
344 
345  ++stats_n_relay_cells_relayed; /* XXXX no longer quite accurate {cells}
346  * we might kill the circ before we relay
347  * the cells. */
348 
349  append_cell_to_circuit_queue(circ, chan, cell, cell_direction, 0);
350  return 0;
351 }
352 
353 /** Package a relay cell from an edge:
354  * - Encrypt it to the right layer
355  * - Append it to the appropriate cell_queue on <b>circ</b>.
356  */
357 MOCK_IMPL(int,
359  cell_direction_t cell_direction,
360  crypt_path_t *layer_hint, streamid_t on_stream,
361  const char *filename, int lineno))
362 {
363  channel_t *chan; /* where to send the cell */
364 
365  if (circ->marked_for_close) {
366  /* Circuit is marked; send nothing. */
367  return 0;
368  }
369 
370  if (cell_direction == CELL_DIRECTION_OUT) {
371  chan = circ->n_chan;
372  if (!chan) {
373  log_warn(LD_BUG,"outgoing relay cell sent from %s:%d has n_chan==NULL."
374  " Dropping. Circuit is in state %s (%d), and is "
375  "%smarked for close. (%s:%d, %d)", filename, lineno,
376  circuit_state_to_string(circ->state), circ->state,
377  circ->marked_for_close ? "" : "not ",
380  if (CIRCUIT_IS_ORIGIN(circ)) {
382  }
383  log_backtrace(LOG_WARN,LD_BUG,"");
384  return 0; /* just drop it */
385  }
386  if (!CIRCUIT_IS_ORIGIN(circ)) {
387  log_warn(LD_BUG,"outgoing relay cell sent from %s:%d on non-origin "
388  "circ. Dropping.", filename, lineno);
389  log_backtrace(LOG_WARN,LD_BUG,"");
390  return 0; /* just drop it */
391  }
392 
393  relay_encrypt_cell_outbound(cell, TO_ORIGIN_CIRCUIT(circ), layer_hint);
394 
395  /* Update circ written totals for control port */
396  origin_circuit_t *ocirc = TO_ORIGIN_CIRCUIT(circ);
397  ocirc->n_written_circ_bw = tor_add_u32_nowrap(ocirc->n_written_circ_bw,
399 
400  } else { /* incoming cell */
401  if (CIRCUIT_IS_ORIGIN(circ)) {
402  /* We should never package an _incoming_ cell from the circuit
403  * origin; that means we messed up somewhere. */
404  log_warn(LD_BUG,"incoming relay cell at origin circuit. Dropping.");
405  assert_circuit_ok(circ);
406  return 0; /* just drop it */
407  }
408  or_circuit_t *or_circ = TO_OR_CIRCUIT(circ);
409  relay_encrypt_cell_inbound(cell, or_circ);
410  chan = or_circ->p_chan;
411  }
413 
414  append_cell_to_circuit_queue(circ, chan, cell, cell_direction, on_stream);
415  return 0;
416 }
417 
418 /** If cell's stream_id matches the stream_id of any conn that's
419  * attached to circ, return that conn, else return NULL.
420  */
421 static edge_connection_t *
423  cell_direction_t cell_direction, crypt_path_t *layer_hint)
424 {
425  edge_connection_t *tmpconn;
426  relay_header_t rh;
427 
428  relay_header_unpack(&rh, cell->payload);
429 
430  if (!rh.stream_id)
431  return NULL;
432 
433  /* IN or OUT cells could have come from either direction, now
434  * that we allow rendezvous *to* an OP.
435  */
436 
437  if (CIRCUIT_IS_ORIGIN(circ)) {
438  for (tmpconn = TO_ORIGIN_CIRCUIT(circ)->p_streams; tmpconn;
439  tmpconn=tmpconn->next_stream) {
440  if (rh.stream_id == tmpconn->stream_id &&
441  !tmpconn->base_.marked_for_close &&
442  tmpconn->cpath_layer == layer_hint) {
443  log_debug(LD_APP,"found conn for stream %d.", rh.stream_id);
444  return tmpconn;
445  }
446  }
447  } else {
448  for (tmpconn = TO_OR_CIRCUIT(circ)->n_streams; tmpconn;
449  tmpconn=tmpconn->next_stream) {
450  if (rh.stream_id == tmpconn->stream_id &&
451  !tmpconn->base_.marked_for_close) {
452  log_debug(LD_EXIT,"found conn for stream %d.", rh.stream_id);
453  if (cell_direction == CELL_DIRECTION_OUT ||
455  return tmpconn;
456  }
457  }
458  for (tmpconn = TO_OR_CIRCUIT(circ)->resolving_streams; tmpconn;
459  tmpconn=tmpconn->next_stream) {
460  if (rh.stream_id == tmpconn->stream_id &&
461  !tmpconn->base_.marked_for_close) {
462  log_debug(LD_EXIT,"found conn for stream %d.", rh.stream_id);
463  return tmpconn;
464  }
465  }
466  }
467  return NULL; /* probably a begin relay cell */
468 }
469 
470 /** Pack the relay_header_t host-order structure <b>src</b> into
471  * network-order in the buffer <b>dest</b>. See tor-spec.txt for details
472  * about the wire format.
473  */
474 void
475 relay_header_pack(uint8_t *dest, const relay_header_t *src)
476 {
477  set_uint8(dest, src->command);
478  set_uint16(dest+1, htons(src->recognized));
479  set_uint16(dest+3, htons(src->stream_id));
480  memcpy(dest+5, src->integrity, 4);
481  set_uint16(dest+9, htons(src->length));
482 }
483 
484 /** Unpack the network-order buffer <b>src</b> into a host-order
485  * relay_header_t structure <b>dest</b>.
486  */
487 void
488 relay_header_unpack(relay_header_t *dest, const uint8_t *src)
489 {
490  dest->command = get_uint8(src);
491  dest->recognized = ntohs(get_uint16(src+1));
492  dest->stream_id = ntohs(get_uint16(src+3));
493  memcpy(dest->integrity, src+5, 4);
494  dest->length = ntohs(get_uint16(src+9));
495 }
496 
497 /** Convert the relay <b>command</b> into a human-readable string. */
498 static const char *
500 {
501  static char buf[64];
502  switch (command) {
503  case RELAY_COMMAND_BEGIN: return "BEGIN";
504  case RELAY_COMMAND_DATA: return "DATA";
505  case RELAY_COMMAND_END: return "END";
506  case RELAY_COMMAND_CONNECTED: return "CONNECTED";
507  case RELAY_COMMAND_SENDME: return "SENDME";
508  case RELAY_COMMAND_EXTEND: return "EXTEND";
509  case RELAY_COMMAND_EXTENDED: return "EXTENDED";
510  case RELAY_COMMAND_TRUNCATE: return "TRUNCATE";
511  case RELAY_COMMAND_TRUNCATED: return "TRUNCATED";
512  case RELAY_COMMAND_DROP: return "DROP";
513  case RELAY_COMMAND_RESOLVE: return "RESOLVE";
514  case RELAY_COMMAND_RESOLVED: return "RESOLVED";
515  case RELAY_COMMAND_BEGIN_DIR: return "BEGIN_DIR";
516  case RELAY_COMMAND_ESTABLISH_INTRO: return "ESTABLISH_INTRO";
517  case RELAY_COMMAND_ESTABLISH_RENDEZVOUS: return "ESTABLISH_RENDEZVOUS";
518  case RELAY_COMMAND_INTRODUCE1: return "INTRODUCE1";
519  case RELAY_COMMAND_INTRODUCE2: return "INTRODUCE2";
520  case RELAY_COMMAND_RENDEZVOUS1: return "RENDEZVOUS1";
521  case RELAY_COMMAND_RENDEZVOUS2: return "RENDEZVOUS2";
522  case RELAY_COMMAND_INTRO_ESTABLISHED: return "INTRO_ESTABLISHED";
523  case RELAY_COMMAND_RENDEZVOUS_ESTABLISHED:
524  return "RENDEZVOUS_ESTABLISHED";
525  case RELAY_COMMAND_INTRODUCE_ACK: return "INTRODUCE_ACK";
526  case RELAY_COMMAND_EXTEND2: return "EXTEND2";
527  case RELAY_COMMAND_EXTENDED2: return "EXTENDED2";
528  case RELAY_COMMAND_PADDING_NEGOTIATE: return "PADDING_NEGOTIATE";
529  case RELAY_COMMAND_PADDING_NEGOTIATED: return "PADDING_NEGOTIATED";
530  default:
531  tor_snprintf(buf, sizeof(buf), "Unrecognized relay command %u",
532  (unsigned)command);
533  return buf;
534  }
535 }
536 
537 /** When padding a cell with randomness, leave this many zeros after the
538  * payload. */
539 #define CELL_PADDING_GAP 4
540 
541 /** Return the offset where the padding should start. The <b>data_len</b> is
542  * the relay payload length expected to be put in the cell. It can not be
543  * bigger than RELAY_PAYLOAD_SIZE else this function assert().
544  *
545  * Value will always be smaller than CELL_PAYLOAD_SIZE because this offset is
546  * for the entire cell length not just the data payload length. Zero is
547  * returned if there is no room for padding.
548  *
549  * This function always skips the first 4 bytes after the payload because
550  * having some unused zero bytes has saved us a lot of times in the past. */
551 
552 STATIC size_t
553 get_pad_cell_offset(size_t data_len)
554 {
555  /* This is never supposed to happen but in case it does, stop right away
556  * because if tor is tricked somehow into not adding random bytes to the
557  * payload with this function returning 0 for a bad data_len, the entire
558  * authenticated SENDME design can be bypassed leading to bad denial of
559  * service attacks. */
560  tor_assert(data_len <= RELAY_PAYLOAD_SIZE);
561 
562  /* If the offset is larger than the cell payload size, we return an offset
563  * of zero indicating that no padding needs to be added. */
564  size_t offset = RELAY_HEADER_SIZE + data_len + CELL_PADDING_GAP;
565  if (offset >= CELL_PAYLOAD_SIZE) {
566  return 0;
567  }
568  return offset;
569 }
570 
571 /* Add random bytes to the unused portion of the payload, to foil attacks
572  * where the other side can predict all of the bytes in the payload and thus
573  * compute the authenticated SENDME cells without seeing the traffic. See
574  * proposal 289. */
575 static void
576 pad_cell_payload(uint8_t *cell_payload, size_t data_len)
577 {
578  size_t pad_offset, pad_len;
579 
580  tor_assert(cell_payload);
581 
582  pad_offset = get_pad_cell_offset(data_len);
583  if (pad_offset == 0) {
584  /* We can't add padding so we are done. */
585  return;
586  }
587 
588  /* Remember here that the cell_payload is the length of the header and
589  * payload size so we offset it using the full length of the cell. */
590  pad_len = CELL_PAYLOAD_SIZE - pad_offset;
592  cell_payload + pad_offset, pad_len);
593 }
594 
595 /** Make a relay cell out of <b>relay_command</b> and <b>payload</b>, and send
596  * it onto the open circuit <b>circ</b>. <b>stream_id</b> is the ID on
597  * <b>circ</b> for the stream that's sending the relay cell, or 0 if it's a
598  * control cell. <b>cpath_layer</b> is NULL for OR->OP cells, or the
599  * destination hop for OP->OR cells.
600  *
601  * If you can't send the cell, mark the circuit for close and return -1. Else
602  * return 0.
603  */
604 MOCK_IMPL(int,
606  uint8_t relay_command, const char *payload,
607  size_t payload_len, crypt_path_t *cpath_layer,
608  const char *filename, int lineno))
609 {
610  cell_t cell;
611  relay_header_t rh;
612  cell_direction_t cell_direction;
613  /* XXXX NM Split this function into a separate versions per circuit type? */
614 
615  tor_assert(circ);
616  tor_assert(payload_len <= RELAY_PAYLOAD_SIZE);
617 
618  memset(&cell, 0, sizeof(cell_t));
619  cell.command = CELL_RELAY;
620  if (CIRCUIT_IS_ORIGIN(circ)) {
621  tor_assert(cpath_layer);
622  cell.circ_id = circ->n_circ_id;
623  cell_direction = CELL_DIRECTION_OUT;
624  } else {
625  tor_assert(! cpath_layer);
626  cell.circ_id = TO_OR_CIRCUIT(circ)->p_circ_id;
627  cell_direction = CELL_DIRECTION_IN;
628  }
629 
630  memset(&rh, 0, sizeof(rh));
631  rh.command = relay_command;
632  rh.stream_id = stream_id;
633  rh.length = payload_len;
634  relay_header_pack(cell.payload, &rh);
635  if (payload_len)
636  memcpy(cell.payload+RELAY_HEADER_SIZE, payload, payload_len);
637 
638  /* Add random padding to the cell if we can. */
639  pad_cell_payload(cell.payload, payload_len);
640 
641  log_debug(LD_OR,"delivering %d cell %s.", relay_command,
642  cell_direction == CELL_DIRECTION_OUT ? "forward" : "backward");
643 
644  /* Tell circpad we're sending a relay cell */
645  circpad_deliver_sent_relay_cell_events(circ, relay_command);
646 
647  /* If we are sending an END cell and this circuit is used for a tunneled
648  * directory request, advance its state. */
649  if (relay_command == RELAY_COMMAND_END && circ->dirreq_id)
650  geoip_change_dirreq_state(circ->dirreq_id, DIRREQ_TUNNELED,
652 
653  if (cell_direction == CELL_DIRECTION_OUT && circ->n_chan) {
654  /* if we're using relaybandwidthrate, this conn wants priority */
656  }
657 
658  if (cell_direction == CELL_DIRECTION_OUT) {
659  origin_circuit_t *origin_circ = TO_ORIGIN_CIRCUIT(circ);
660  if (origin_circ->remaining_relay_early_cells > 0 &&
661  (relay_command == RELAY_COMMAND_EXTEND ||
662  relay_command == RELAY_COMMAND_EXTEND2 ||
663  cpath_layer != origin_circ->cpath)) {
664  /* If we've got any relay_early cells left and (we're sending
665  * an extend cell or we're not talking to the first hop), use
666  * one of them. Don't worry about the conn protocol version:
667  * append_cell_to_circuit_queue will fix it up. */
668  cell.command = CELL_RELAY_EARLY;
669  /* If we're out of relay early cells, tell circpad */
670  if (--origin_circ->remaining_relay_early_cells == 0)
672  log_debug(LD_OR, "Sending a RELAY_EARLY cell; %d remaining.",
673  (int)origin_circ->remaining_relay_early_cells);
674  /* Memorize the command that is sent as RELAY_EARLY cell; helps debug
675  * task 878. */
676  origin_circ->relay_early_commands[
677  origin_circ->relay_early_cells_sent++] = relay_command;
678  } else if (relay_command == RELAY_COMMAND_EXTEND ||
679  relay_command == RELAY_COMMAND_EXTEND2) {
680  /* If no RELAY_EARLY cells can be sent over this circuit, log which
681  * commands have been sent as RELAY_EARLY cells before; helps debug
682  * task 878. */
683  smartlist_t *commands_list = smartlist_new();
684  int i = 0;
685  char *commands = NULL;
686  for (; i < origin_circ->relay_early_cells_sent; i++)
687  smartlist_add(commands_list, (char *)
689  commands = smartlist_join_strings(commands_list, ",", 0, NULL);
690  log_warn(LD_BUG, "Uh-oh. We're sending a RELAY_COMMAND_EXTEND cell, "
691  "but we have run out of RELAY_EARLY cells on that circuit. "
692  "Commands sent before: %s", commands);
693  tor_free(commands);
694  smartlist_free(commands_list);
695  }
696 
697  /* Let's assume we're well-behaved: Anything that we decide to send is
698  * valid, delivered data. */
699  circuit_sent_valid_data(origin_circ, rh.length);
700  }
701 
702  if (circuit_package_relay_cell(&cell, circ, cell_direction, cpath_layer,
703  stream_id, filename, lineno) < 0) {
704  log_warn(LD_BUG,"circuit_package_relay_cell failed. Closing.");
705  circuit_mark_for_close(circ, END_CIRC_REASON_INTERNAL);
706  return -1;
707  }
708 
709  /* If applicable, note the cell digest for the SENDME version 1 purpose if
710  * we need to. This call needs to be after the circuit_package_relay_cell()
711  * because the cell digest is set within that function. */
712  if (relay_command == RELAY_COMMAND_DATA) {
713  sendme_record_cell_digest_on_circ(circ, cpath_layer);
714  }
715 
716  return 0;
717 }
718 
719 /** Make a relay cell out of <b>relay_command</b> and <b>payload</b>, and
720  * send it onto the open circuit <b>circ</b>. <b>fromconn</b> is the stream
721  * that's sending the relay cell, or NULL if it's a control cell.
722  * <b>cpath_layer</b> is NULL for OR->OP cells, or the destination hop
723  * for OP->OR cells.
724  *
725  * If you can't send the cell, mark the circuit for close and
726  * return -1. Else return 0.
727  */
728 int
730  uint8_t relay_command, const char *payload,
731  size_t payload_len)
732 {
733  /* XXXX NM Split this function into a separate versions per circuit type? */
734  circuit_t *circ;
735  crypt_path_t *cpath_layer = fromconn->cpath_layer;
736  tor_assert(fromconn);
737  circ = fromconn->on_circuit;
738 
739  if (fromconn->base_.marked_for_close) {
740  log_warn(LD_BUG,
741  "called on conn that's already marked for close at %s:%d.",
742  fromconn->base_.marked_for_close_file,
743  fromconn->base_.marked_for_close);
744  return 0;
745  }
746 
747  if (!circ) {
748  if (fromconn->base_.type == CONN_TYPE_AP) {
749  log_info(LD_APP,"no circ. Closing conn.");
750  connection_mark_unattached_ap(EDGE_TO_ENTRY_CONN(fromconn),
751  END_STREAM_REASON_INTERNAL);
752  } else {
753  log_info(LD_EXIT,"no circ. Closing conn.");
754  fromconn->edge_has_sent_end = 1; /* no circ to send to */
755  fromconn->end_reason = END_STREAM_REASON_INTERNAL;
756  connection_mark_for_close(TO_CONN(fromconn));
757  }
758  return -1;
759  }
760 
761  if (circ->marked_for_close) {
762  /* The circuit has been marked, but not freed yet. When it's freed, it
763  * will mark this connection for close. */
764  return -1;
765  }
766 
767 #ifdef MEASUREMENTS_21206
768  /* Keep track of the number of RELAY_DATA cells sent for directory
769  * connections. */
770  connection_t *linked_conn = TO_CONN(fromconn)->linked_conn;
771 
772  if (linked_conn && linked_conn->type == CONN_TYPE_DIR) {
773  ++(TO_DIR_CONN(linked_conn)->data_cells_sent);
774  }
775 #endif /* defined(MEASUREMENTS_21206) */
776 
777  return relay_send_command_from_edge(fromconn->stream_id, circ,
778  relay_command, payload,
779  payload_len, cpath_layer);
780 }
781 
782 /** How many times will I retry a stream that fails due to DNS
783  * resolve failure or misc error?
784  */
785 #define MAX_RESOLVE_FAILURES 3
786 
787 /** Return 1 if reason is something that you should retry if you
788  * get the end cell before you've connected; else return 0. */
789 static int
791 {
792  return reason == END_STREAM_REASON_HIBERNATING ||
793  reason == END_STREAM_REASON_RESOURCELIMIT ||
794  reason == END_STREAM_REASON_EXITPOLICY ||
795  reason == END_STREAM_REASON_RESOLVEFAILED ||
796  reason == END_STREAM_REASON_MISC ||
797  reason == END_STREAM_REASON_NOROUTE;
798 }
799 
800 /** Called when we receive an END cell on a stream that isn't open yet,
801  * from the client side.
802  * Arguments are as for connection_edge_process_relay_cell().
803  */
804 static int
806  relay_header_t *rh, cell_t *cell, origin_circuit_t *circ,
807  entry_connection_t *conn, crypt_path_t *layer_hint)
808 {
809  node_t *exitrouter;
810  int reason = *(cell->payload+RELAY_HEADER_SIZE);
811  int control_reason;
812  edge_connection_t *edge_conn = ENTRY_TO_EDGE_CONN(conn);
813  (void) layer_hint; /* unused */
814 
815  if (rh->length > 0) {
816  if (reason == END_STREAM_REASON_TORPROTOCOL ||
817  reason == END_STREAM_REASON_DESTROY) {
818  /* Both of these reasons could mean a failed tag
819  * hit the exit and it complained. Do not probe.
820  * Fail the circuit. */
822  return -END_CIRC_REASON_TORPROTOCOL;
823  } else if (reason == END_STREAM_REASON_INTERNAL) {
824  /* We can't infer success or failure, since older Tors report
825  * ENETUNREACH as END_STREAM_REASON_INTERNAL. */
826  } else {
827  /* Path bias: If we get a valid reason code from the exit,
828  * it wasn't due to tagging.
829  *
830  * We rely on recognized+digest being strong enough to make
831  * tags unlikely to allow us to get tagged, yet 'recognized'
832  * reason codes here. */
834  }
835  }
836 
837  /* This end cell is now valid. */
838  circuit_read_valid_data(circ, rh->length);
839 
840  if (rh->length == 0) {
841  reason = END_STREAM_REASON_MISC;
842  }
843 
844  control_reason = reason | END_STREAM_REASON_FLAG_REMOTE;
845 
846  if (edge_reason_is_retriable(reason) &&
847  /* avoid retry if rend */
849  const char *chosen_exit_digest =
851  log_info(LD_APP,"Address '%s' refused due to '%s'. Considering retrying.",
852  safe_str(conn->socks_request->address),
854  exitrouter = node_get_mutable_by_id(chosen_exit_digest);
855  switch (reason) {
856  case END_STREAM_REASON_EXITPOLICY: {
857  tor_addr_t addr;
858  tor_addr_make_unspec(&addr);
859  if (rh->length >= 5) {
860  int ttl = -1;
861  tor_addr_make_unspec(&addr);
862  if (rh->length == 5 || rh->length == 9) {
863  tor_addr_from_ipv4n(&addr,
865  if (rh->length == 9)
866  ttl = (int)ntohl(get_uint32(cell->payload+RELAY_HEADER_SIZE+5));
867  } else if (rh->length == 17 || rh->length == 21) {
869  (char*)(cell->payload+RELAY_HEADER_SIZE+1));
870  if (rh->length == 21)
871  ttl = (int)ntohl(get_uint32(cell->payload+RELAY_HEADER_SIZE+17));
872  }
873  if (tor_addr_is_null(&addr)) {
874  log_info(LD_APP,"Address '%s' resolved to 0.0.0.0. Closing,",
875  safe_str(conn->socks_request->address));
876  connection_mark_unattached_ap(conn, END_STREAM_REASON_TORPROTOCOL);
877  return 0;
878  }
879 
880  if ((tor_addr_family(&addr) == AF_INET &&
881  !conn->entry_cfg.ipv4_traffic) ||
882  (tor_addr_family(&addr) == AF_INET6 &&
883  !conn->entry_cfg.ipv6_traffic)) {
884  log_fn(LOG_PROTOCOL_WARN, LD_APP,
885  "Got an EXITPOLICY failure on a connection with a "
886  "mismatched family. Closing.");
887  connection_mark_unattached_ap(conn, END_STREAM_REASON_TORPROTOCOL);
888  return 0;
889  }
890  if (get_options()->ClientDNSRejectInternalAddresses &&
891  tor_addr_is_internal(&addr, 0)) {
892  log_info(LD_APP,"Address '%s' resolved to internal. Closing,",
893  safe_str(conn->socks_request->address));
894  connection_mark_unattached_ap(conn, END_STREAM_REASON_TORPROTOCOL);
895  return 0;
896  }
897 
899  conn->socks_request->address, &addr,
900  conn->chosen_exit_name, ttl);
901 
902  {
903  char new_addr[TOR_ADDR_BUF_LEN];
904  tor_addr_to_str(new_addr, &addr, sizeof(new_addr), 1);
905  if (strcmp(conn->socks_request->address, new_addr)) {
906  strlcpy(conn->socks_request->address, new_addr,
907  sizeof(conn->socks_request->address));
908  control_event_stream_status(conn, STREAM_EVENT_REMAP, 0);
909  }
910  }
911  }
912  /* check if the exit *ought* to have allowed it */
913 
915  conn,
916  exitrouter,
917  &addr);
918 
919  if (conn->chosen_exit_optional ||
920  conn->chosen_exit_retries) {
921  /* stop wanting a specific exit */
922  conn->chosen_exit_optional = 0;
923  /* A non-zero chosen_exit_retries can happen if we set a
924  * TrackHostExits for this address under a port that the exit
925  * relay allows, but then try the same address with a different
926  * port that it doesn't allow to exit. We shouldn't unregister
927  * the mapping, since it is probably still wanted on the
928  * original port. But now we give away to the exit relay that
929  * we probably have a TrackHostExits on it. So be it. */
930  conn->chosen_exit_retries = 0;
931  tor_free(conn->chosen_exit_name); /* clears it */
932  }
933  if (connection_ap_detach_retriable(conn, circ, control_reason) >= 0)
934  return 0;
935  /* else, conn will get closed below */
936  break;
937  }
938  case END_STREAM_REASON_CONNECTREFUSED:
939  if (!conn->chosen_exit_optional)
940  break; /* break means it'll close, below */
941  /* Else fall through: expire this circuit, clear the
942  * chosen_exit_name field, and try again. */
943  /* Falls through. */
944  case END_STREAM_REASON_RESOLVEFAILED:
945  case END_STREAM_REASON_TIMEOUT:
946  case END_STREAM_REASON_MISC:
947  case END_STREAM_REASON_NOROUTE:
950  /* We haven't retried too many times; reattach the connection. */
952  /* Mark this circuit "unusable for new streams". */
954 
955  if (conn->chosen_exit_optional) {
956  /* stop wanting a specific exit */
957  conn->chosen_exit_optional = 0;
958  tor_free(conn->chosen_exit_name); /* clears it */
959  }
960  if (connection_ap_detach_retriable(conn, circ, control_reason) >= 0)
961  return 0;
962  /* else, conn will get closed below */
963  } else {
964  log_notice(LD_APP,
965  "Have tried resolving or connecting to address '%s' "
966  "at %d different places. Giving up.",
967  safe_str(conn->socks_request->address),
969  /* clear the failures, so it will have a full try next time */
971  }
972  break;
973  case END_STREAM_REASON_HIBERNATING:
974  case END_STREAM_REASON_RESOURCELIMIT:
975  if (exitrouter) {
977  }
978  if (conn->chosen_exit_optional) {
979  /* stop wanting a specific exit */
980  conn->chosen_exit_optional = 0;
981  tor_free(conn->chosen_exit_name); /* clears it */
982  }
983  if (connection_ap_detach_retriable(conn, circ, control_reason) >= 0)
984  return 0;
985  /* else, will close below */
986  break;
987  } /* end switch */
988  log_info(LD_APP,"Giving up on retrying; conn can't be handled.");
989  }
990 
991  log_info(LD_APP,
992  "Edge got end (%s) before we're connected. Marking for close.",
993  stream_end_reason_to_string(rh->length > 0 ? reason : -1));
995  /* need to test because of detach_retriable */
996  if (!ENTRY_TO_CONN(conn)->marked_for_close)
997  connection_mark_unattached_ap(conn, control_reason);
998  return 0;
999 }
1000 
1001 /** Called when we have gotten an END_REASON_EXITPOLICY failure on <b>circ</b>
1002  * for <b>conn</b>, while attempting to connect via <b>node</b>. If the node
1003  * told us which address it rejected, then <b>addr</b> is that address;
1004  * otherwise it is AF_UNSPEC.
1005  *
1006  * If we are sure the node should have allowed this address, mark the node as
1007  * having a reject *:* exit policy. Otherwise, mark the circuit as unusable
1008  * for this particular address.
1009  **/
1010 static void
1012  entry_connection_t *conn,
1013  node_t *node,
1014  const tor_addr_t *addr)
1015 {
1016  int make_reject_all = 0;
1017  const sa_family_t family = tor_addr_family(addr);
1018 
1019  if (node) {
1020  tor_addr_t tmp;
1021  int asked_for_family = tor_addr_parse(&tmp, conn->socks_request->address);
1022  if (family == AF_UNSPEC) {
1023  make_reject_all = 1;
1024  } else if (node_exit_policy_is_exact(node, family) &&
1025  asked_for_family != -1 && !conn->chosen_exit_name) {
1026  make_reject_all = 1;
1027  }
1028 
1029  if (make_reject_all) {
1030  log_info(LD_APP,
1031  "Exitrouter %s seems to be more restrictive than its exit "
1032  "policy. Not using this router as exit for now.",
1033  node_describe(node));
1035  }
1036  }
1037 
1038  if (family != AF_UNSPEC)
1040 }
1041 
1042 /** Helper: change the socks_request-&gt;address field on conn to the
1043  * dotted-quad representation of <b>new_addr</b>,
1044  * and send an appropriate REMAP event. */
1045 static void
1047 {
1048  tor_addr_to_str(conn->socks_request->address, new_addr,
1049  sizeof(conn->socks_request->address),
1050  1);
1051  control_event_stream_status(conn, STREAM_EVENT_REMAP,
1053 }
1054 
1055 /** Extract the contents of a connected cell in <b>cell</b>, whose relay
1056  * header has already been parsed into <b>rh</b>. On success, set
1057  * <b>addr_out</b> to the address we're connected to, and <b>ttl_out</b> to
1058  * the ttl of that address, in seconds, and return 0. On failure, return
1059  * -1.
1060  *
1061  * Note that the resulting address can be UNSPEC if the connected cell had no
1062  * address (as for a stream to an union service or a tunneled directory
1063  * connection), and that the ttl can be absent (in which case <b>ttl_out</b>
1064  * is set to -1). */
1065 STATIC int
1067  tor_addr_t *addr_out, int *ttl_out)
1068 {
1069  uint32_t bytes;
1070  const uint8_t *payload = cell->payload + RELAY_HEADER_SIZE;
1071 
1072  tor_addr_make_unspec(addr_out);
1073  *ttl_out = -1;
1074  if (rh->length == 0)
1075  return 0;
1076  if (rh->length < 4)
1077  return -1;
1078  bytes = ntohl(get_uint32(payload));
1079 
1080  /* If bytes is 0, this is maybe a v6 address. Otherwise it's a v4 address */
1081  if (bytes != 0) {
1082  /* v4 address */
1083  tor_addr_from_ipv4h(addr_out, bytes);
1084  if (rh->length >= 8) {
1085  bytes = ntohl(get_uint32(payload + 4));
1086  if (bytes <= INT32_MAX)
1087  *ttl_out = bytes;
1088  }
1089  } else {
1090  if (rh->length < 25) /* 4 bytes of 0s, 1 addr, 16 ipv4, 4 ttl. */
1091  return -1;
1092  if (get_uint8(payload + 4) != 6)
1093  return -1;
1094  tor_addr_from_ipv6_bytes(addr_out, (char*)(payload + 5));
1095  bytes = ntohl(get_uint32(payload + 21));
1096  if (bytes <= INT32_MAX)
1097  *ttl_out = (int) bytes;
1098  }
1099  return 0;
1100 }
1101 
1102 /** Drop all storage held by <b>addr</b>. */
1103 STATIC void
1104 address_ttl_free_(address_ttl_t *addr)
1105 {
1106  if (!addr)
1107  return;
1108  tor_free(addr->hostname);
1109  tor_free(addr);
1110 }
1111 
1112 /** Parse a resolved cell in <b>cell</b>, with parsed header in <b>rh</b>.
1113  * Return -1 on parse error. On success, add one or more newly allocated
1114  * address_ttl_t to <b>addresses_out</b>; set *<b>errcode_out</b> to
1115  * one of 0, RESOLVED_TYPE_ERROR, or RESOLVED_TYPE_ERROR_TRANSIENT, and
1116  * return 0. */
1117 STATIC int
1119  smartlist_t *addresses_out, int *errcode_out)
1120 {
1121  const uint8_t *cp;
1122  uint8_t answer_type;
1123  size_t answer_len;
1124  address_ttl_t *addr;
1125  size_t remaining;
1126  int errcode = 0;
1127  smartlist_t *addrs;
1128 
1129  tor_assert(cell);
1130  tor_assert(rh);
1131  tor_assert(addresses_out);
1132  tor_assert(errcode_out);
1133 
1134  *errcode_out = 0;
1135 
1136  if (rh->length > RELAY_PAYLOAD_SIZE)
1137  return -1;
1138 
1139  addrs = smartlist_new();
1140 
1141  cp = cell->payload + RELAY_HEADER_SIZE;
1142 
1143  remaining = rh->length;
1144  while (remaining) {
1145  const uint8_t *cp_orig = cp;
1146  if (remaining < 2)
1147  goto err;
1148  answer_type = *cp++;
1149  answer_len = *cp++;
1150  if (remaining < 2 + answer_len + 4) {
1151  goto err;
1152  }
1153  if (answer_type == RESOLVED_TYPE_IPV4) {
1154  if (answer_len != 4) {
1155  goto err;
1156  }
1157  addr = tor_malloc_zero(sizeof(*addr));
1158  tor_addr_from_ipv4n(&addr->addr, get_uint32(cp));
1159  cp += 4;
1160  addr->ttl = ntohl(get_uint32(cp));
1161  cp += 4;
1162  smartlist_add(addrs, addr);
1163  } else if (answer_type == RESOLVED_TYPE_IPV6) {
1164  if (answer_len != 16)
1165  goto err;
1166  addr = tor_malloc_zero(sizeof(*addr));
1167  tor_addr_from_ipv6_bytes(&addr->addr, (const char*) cp);
1168  cp += 16;
1169  addr->ttl = ntohl(get_uint32(cp));
1170  cp += 4;
1171  smartlist_add(addrs, addr);
1172  } else if (answer_type == RESOLVED_TYPE_HOSTNAME) {
1173  if (answer_len == 0) {
1174  goto err;
1175  }
1176  addr = tor_malloc_zero(sizeof(*addr));
1177  addr->hostname = tor_memdup_nulterm(cp, answer_len);
1178  cp += answer_len;
1179  addr->ttl = ntohl(get_uint32(cp));
1180  cp += 4;
1181  smartlist_add(addrs, addr);
1182  } else if (answer_type == RESOLVED_TYPE_ERROR_TRANSIENT ||
1183  answer_type == RESOLVED_TYPE_ERROR) {
1184  errcode = answer_type;
1185  /* Ignore the error contents */
1186  cp += answer_len + 4;
1187  } else {
1188  cp += answer_len + 4;
1189  }
1190  tor_assert(((ssize_t)remaining) >= (cp - cp_orig));
1191  remaining -= (cp - cp_orig);
1192  }
1193 
1194  if (errcode && smartlist_len(addrs) == 0) {
1195  /* Report an error only if there were no results. */
1196  *errcode_out = errcode;
1197  }
1198 
1199  smartlist_add_all(addresses_out, addrs);
1200  smartlist_free(addrs);
1201 
1202  return 0;
1203 
1204  err:
1205  /* On parse error, don't report any results */
1206  SMARTLIST_FOREACH(addrs, address_ttl_t *, a, address_ttl_free(a));
1207  smartlist_free(addrs);
1208  return -1;
1209 }
1210 
1211 /** Helper for connection_edge_process_resolved_cell: given an error code,
1212  * an entry_connection, and a list of address_ttl_t *, report the best answer
1213  * to the entry_connection. */
1214 static void
1216  int error_code,
1217  smartlist_t *results)
1218 {
1219  address_ttl_t *addr_ipv4 = NULL;
1220  address_ttl_t *addr_ipv6 = NULL;
1221  address_ttl_t *addr_hostname = NULL;
1222  address_ttl_t *addr_best = NULL;
1223 
1224  /* If it's an error code, that's easy. */
1225  if (error_code) {
1226  tor_assert(error_code == RESOLVED_TYPE_ERROR ||
1227  error_code == RESOLVED_TYPE_ERROR_TRANSIENT);
1229  error_code,0,NULL,-1,-1);
1230  return;
1231  }
1232 
1233  /* Get the first answer of each type. */
1234  SMARTLIST_FOREACH_BEGIN(results, address_ttl_t *, addr) {
1235  if (addr->hostname) {
1236  if (!addr_hostname) {
1237  addr_hostname = addr;
1238  }
1239  } else if (tor_addr_family(&addr->addr) == AF_INET) {
1240  if (!addr_ipv4 && conn->entry_cfg.ipv4_traffic) {
1241  addr_ipv4 = addr;
1242  }
1243  } else if (tor_addr_family(&addr->addr) == AF_INET6) {
1244  if (!addr_ipv6 && conn->entry_cfg.ipv6_traffic) {
1245  addr_ipv6 = addr;
1246  }
1247  }
1248  } SMARTLIST_FOREACH_END(addr);
1249 
1250  /* Now figure out which type we wanted to deliver. */
1252  if (addr_hostname) {
1254  RESOLVED_TYPE_HOSTNAME,
1255  strlen(addr_hostname->hostname),
1256  (uint8_t*)addr_hostname->hostname,
1257  addr_hostname->ttl,-1);
1258  } else {
1260  RESOLVED_TYPE_ERROR,0,NULL,-1,-1);
1261  }
1262  return;
1263  }
1264 
1265  if (conn->entry_cfg.prefer_ipv6) {
1266  addr_best = addr_ipv6 ? addr_ipv6 : addr_ipv4;
1267  } else {
1268  addr_best = addr_ipv4 ? addr_ipv4 : addr_ipv6;
1269  }
1270 
1271  /* Now convert it to the ugly old interface */
1272  if (! addr_best) {
1274  RESOLVED_TYPE_ERROR,0,NULL,-1,-1);
1275  return;
1276  }
1277 
1279  &addr_best->addr,
1280  addr_best->ttl,
1281  -1);
1282 
1283  remap_event_helper(conn, &addr_best->addr);
1284 }
1285 
1286 /** Handle a RELAY_COMMAND_RESOLVED cell that we received on a non-open AP
1287  * stream. */
1288 STATIC int
1290  const cell_t *cell,
1291  const relay_header_t *rh)
1292 {
1293  entry_connection_t *entry_conn = EDGE_TO_ENTRY_CONN(conn);
1294  smartlist_t *resolved_addresses = NULL;
1295  int errcode = 0;
1296 
1297  if (conn->base_.state != AP_CONN_STATE_RESOLVE_WAIT) {
1298  log_fn(LOG_PROTOCOL_WARN, LD_APP, "Got a 'resolved' cell while "
1299  "not in state resolve_wait. Dropping.");
1300  return 0;
1301  }
1302  tor_assert(SOCKS_COMMAND_IS_RESOLVE(entry_conn->socks_request->command));
1303 
1304  resolved_addresses = smartlist_new();
1305  if (resolved_cell_parse(cell, rh, resolved_addresses, &errcode)) {
1306  log_fn(LOG_PROTOCOL_WARN, LD_PROTOCOL,
1307  "Dropping malformed 'resolved' cell");
1308  connection_mark_unattached_ap(entry_conn, END_STREAM_REASON_TORPROTOCOL);
1309  goto done;
1310  }
1311 
1312  if (get_options()->ClientDNSRejectInternalAddresses) {
1313  int orig_len = smartlist_len(resolved_addresses);
1314  SMARTLIST_FOREACH_BEGIN(resolved_addresses, address_ttl_t *, addr) {
1315  if (addr->hostname == NULL && tor_addr_is_internal(&addr->addr, 0)) {
1316  log_info(LD_APP, "Got a resolved cell with answer %s; dropping that "
1317  "answer.",
1318  safe_str_client(fmt_addr(&addr->addr)));
1319  address_ttl_free(addr);
1320  SMARTLIST_DEL_CURRENT(resolved_addresses, addr);
1321  }
1322  } SMARTLIST_FOREACH_END(addr);
1323  if (orig_len && smartlist_len(resolved_addresses) == 0) {
1324  log_info(LD_APP, "Got a resolved cell with only private addresses; "
1325  "dropping it.");
1327  RESOLVED_TYPE_ERROR_TRANSIENT,
1328  0, NULL, 0, TIME_MAX);
1329  connection_mark_unattached_ap(entry_conn,
1330  END_STREAM_REASON_TORPROTOCOL);
1331  goto done;
1332  }
1333  }
1334 
1335  /* This is valid data at this point. Count it */
1336  if (conn->on_circuit && CIRCUIT_IS_ORIGIN(conn->on_circuit)) {
1338  rh->length);
1339  }
1340 
1342  errcode,
1343  resolved_addresses);
1344 
1345  connection_mark_unattached_ap(entry_conn,
1346  END_STREAM_REASON_DONE |
1348 
1349  done:
1350  SMARTLIST_FOREACH(resolved_addresses, address_ttl_t *, addr,
1351  address_ttl_free(addr));
1352  smartlist_free(resolved_addresses);
1353  return 0;
1354 }
1355 
1356 /** An incoming relay cell has arrived from circuit <b>circ</b> to
1357  * stream <b>conn</b>.
1358  *
1359  * The arguments here are the same as in
1360  * connection_edge_process_relay_cell() below; this function is called
1361  * from there when <b>conn</b> is defined and not in an open state.
1362  */
1363 static int
1365  relay_header_t *rh, cell_t *cell, circuit_t *circ,
1366  edge_connection_t *conn, crypt_path_t *layer_hint)
1367 {
1368  if (rh->command == RELAY_COMMAND_END) {
1369  if (CIRCUIT_IS_ORIGIN(circ) && conn->base_.type == CONN_TYPE_AP) {
1370  return connection_ap_process_end_not_open(rh, cell,
1371  TO_ORIGIN_CIRCUIT(circ),
1372  EDGE_TO_ENTRY_CONN(conn),
1373  layer_hint);
1374  } else {
1375  /* we just got an 'end', don't need to send one */
1376  conn->edge_has_sent_end = 1;
1377  conn->end_reason = *(cell->payload+RELAY_HEADER_SIZE) |
1379  connection_mark_for_close(TO_CONN(conn));
1380  return 0;
1381  }
1382  }
1383 
1384  if (conn->base_.type == CONN_TYPE_AP &&
1385  rh->command == RELAY_COMMAND_CONNECTED) {
1386  tor_addr_t addr;
1387  int ttl;
1388  entry_connection_t *entry_conn = EDGE_TO_ENTRY_CONN(conn);
1390  if (conn->base_.state != AP_CONN_STATE_CONNECT_WAIT) {
1391  log_fn(LOG_PROTOCOL_WARN, LD_APP,
1392  "Got 'connected' while not in state connect_wait. Dropping.");
1393  return 0;
1394  }
1395  CONNECTION_AP_EXPECT_NONPENDING(entry_conn);
1396  conn->base_.state = AP_CONN_STATE_OPEN;
1397  log_info(LD_APP,"'connected' received for circid %u streamid %d "
1398  "after %d seconds.",
1399  (unsigned)circ->n_circ_id,
1400  rh->stream_id,
1401  (int)(time(NULL) - conn->base_.timestamp_last_read_allowed));
1402  if (connected_cell_parse(rh, cell, &addr, &ttl) < 0) {
1403  log_fn(LOG_PROTOCOL_WARN, LD_APP,
1404  "Got a badly formatted connected cell. Closing.");
1405  connection_edge_end(conn, END_STREAM_REASON_TORPROTOCOL);
1406  connection_mark_unattached_ap(entry_conn, END_STREAM_REASON_TORPROTOCOL);
1407  return 0;
1408  }
1409  if (tor_addr_family(&addr) != AF_UNSPEC) {
1410  /* The family is not UNSPEC: so we were given an address in the
1411  * connected cell. (This is normal, except for BEGINDIR and onion
1412  * service streams.) */
1413  const sa_family_t family = tor_addr_family(&addr);
1414  if (tor_addr_is_null(&addr) ||
1415  (get_options()->ClientDNSRejectInternalAddresses &&
1416  tor_addr_is_internal(&addr, 0))) {
1417  log_info(LD_APP, "...but it claims the IP address was %s. Closing.",
1418  fmt_addr(&addr));
1419  connection_edge_end(conn, END_STREAM_REASON_TORPROTOCOL);
1420  connection_mark_unattached_ap(entry_conn,
1421  END_STREAM_REASON_TORPROTOCOL);
1422  return 0;
1423  }
1424 
1425  if ((family == AF_INET && ! entry_conn->entry_cfg.ipv4_traffic) ||
1426  (family == AF_INET6 && ! entry_conn->entry_cfg.ipv6_traffic)) {
1427  log_fn(LOG_PROTOCOL_WARN, LD_APP,
1428  "Got a connected cell to %s with unsupported address family."
1429  " Closing.", fmt_addr(&addr));
1430  connection_edge_end(conn, END_STREAM_REASON_TORPROTOCOL);
1431  connection_mark_unattached_ap(entry_conn,
1432  END_STREAM_REASON_TORPROTOCOL);
1433  return 0;
1434  }
1435 
1436  client_dns_set_addressmap(entry_conn,
1437  entry_conn->socks_request->address, &addr,
1438  entry_conn->chosen_exit_name, ttl);
1439 
1440  remap_event_helper(entry_conn, &addr);
1441  }
1443  /* don't send a socks reply to transparent conns */
1444  tor_assert(entry_conn->socks_request != NULL);
1445  if (!entry_conn->socks_request->has_finished) {
1446  connection_ap_handshake_socks_reply(entry_conn, NULL, 0, 0);
1447  }
1448 
1449  /* Was it a linked dir conn? If so, a dir request just started to
1450  * fetch something; this could be a bootstrap status milestone. */
1451  log_debug(LD_APP, "considering");
1452  if (TO_CONN(conn)->linked_conn &&
1453  TO_CONN(conn)->linked_conn->type == CONN_TYPE_DIR) {
1454  connection_t *dirconn = TO_CONN(conn)->linked_conn;
1455  log_debug(LD_APP, "it is! %d", dirconn->purpose);
1456  switch (dirconn->purpose) {
1459  control_event_bootstrap(BOOTSTRAP_STATUS_LOADING_KEYS, 0);
1460  break;
1462  control_event_bootstrap(BOOTSTRAP_STATUS_LOADING_STATUS, 0);
1463  break;
1466  if (TO_DIR_CONN(dirconn)->router_purpose == ROUTER_PURPOSE_GENERAL)
1467  control_event_boot_dir(BOOTSTRAP_STATUS_LOADING_DESCRIPTORS,
1469  break;
1470  }
1471  }
1472  /* This is definitely a success, so forget about any pending data we
1473  * had sent. */
1474  if (entry_conn->pending_optimistic_data) {
1475  buf_free(entry_conn->pending_optimistic_data);
1476  entry_conn->pending_optimistic_data = NULL;
1477  }
1478 
1479  /* This is valid data at this point. Count it */
1481 
1482  /* handle anything that might have queued */
1483  if (connection_edge_package_raw_inbuf(conn, 1, NULL) < 0) {
1484  /* (We already sent an end cell if possible) */
1485  connection_mark_for_close(TO_CONN(conn));
1486  return 0;
1487  }
1488  return 0;
1489  }
1490  if (conn->base_.type == CONN_TYPE_AP &&
1491  rh->command == RELAY_COMMAND_RESOLVED) {
1492  return connection_edge_process_resolved_cell(conn, cell, rh);
1493  }
1494 
1495  log_fn(LOG_PROTOCOL_WARN, LD_PROTOCOL,
1496  "Got an unexpected relay command %d, in state %d (%s). Dropping.",
1497  rh->command, conn->base_.state,
1498  conn_state_to_string(conn->base_.type, conn->base_.state));
1499  return 0; /* for forward compatibility, don't kill the circuit */
1500 // connection_edge_end(conn, END_STREAM_REASON_TORPROTOCOL);
1501 // connection_mark_for_close(conn);
1502 // return -1;
1503 }
1504 
1505 /** Process a SENDME cell that arrived on <b>circ</b>. If it is a stream level
1506  * cell, it is destined for the given <b>conn</b>. If it is a circuit level
1507  * cell, it is destined for the <b>layer_hint</b>. The <b>domain</b> is the
1508  * logging domain that should be used.
1509  *
1510  * Return 0 if everything went well or a negative value representing a circuit
1511  * end reason on error for which the caller is responsible for closing it. */
1512 static int
1514  circuit_t *circ, edge_connection_t *conn,
1515  crypt_path_t *layer_hint, int domain)
1516 {
1517  int ret;
1518 
1519  tor_assert(rh);
1520 
1521  if (!rh->stream_id) {
1522  /* Circuit level SENDME cell. */
1523  ret = sendme_process_circuit_level(layer_hint, circ,
1524  cell->payload + RELAY_HEADER_SIZE,
1525  rh->length);
1526  if (ret < 0) {
1527  return ret;
1528  }
1529  /* Resume reading on any streams now that we've processed a valid
1530  * SENDME cell that updated our package window. */
1531  circuit_resume_edge_reading(circ, layer_hint);
1532  /* We are done, the rest of the code is for the stream level. */
1533  return 0;
1534  }
1535 
1536  /* No connection, might be half edge state. We are done if so. */
1537  if (!conn) {
1538  if (CIRCUIT_IS_ORIGIN(circ)) {
1539  origin_circuit_t *ocirc = TO_ORIGIN_CIRCUIT(circ);
1541  rh->stream_id)) {
1542  circuit_read_valid_data(ocirc, rh->length);
1543  log_info(domain, "Sendme cell on circ %u valid on half-closed "
1544  "stream id %d",
1545  ocirc->global_identifier, rh->stream_id);
1546  }
1547  }
1548 
1549  log_info(domain, "SENDME cell dropped, unknown stream (streamid %d).",
1550  rh->stream_id);
1551  return 0;
1552  }
1553 
1554  /* Stream level SENDME cell. */
1555  ret = sendme_process_stream_level(conn, circ, rh->length);
1556  if (ret < 0) {
1557  /* Means we need to close the circuit with reason ret. */
1558  return ret;
1559  }
1560 
1561  /* We've now processed properly a SENDME cell, all windows have been
1562  * properly updated, we'll read on the edge connection to see if we can
1563  * get data out towards the end point (Exit or client) since we are now
1564  * allowed to deliver more cells. */
1565 
1567  /* Still waiting for queue to flush; don't touch conn */
1568  return 0;
1569  }
1571  /* handle whatever might still be on the inbuf */
1572  if (connection_edge_package_raw_inbuf(conn, 1, NULL) < 0) {
1573  /* (We already sent an end cell if possible) */
1574  connection_mark_for_close(TO_CONN(conn));
1575  return 0;
1576  }
1577  return 0;
1578 }
1579 
1580 /** A helper for connection_edge_process_relay_cell(): Actually handles the
1581  * cell that we received on the connection.
1582  *
1583  * The arguments are the same as in the parent function
1584  * connection_edge_process_relay_cell(), plus the relay header <b>rh</b> as
1585  * unpacked by the parent function, and <b>optimistic_data</b> as set by the
1586  * parent function.
1587  */
1588 STATIC int
1590  edge_connection_t *conn, crypt_path_t *layer_hint,
1591  relay_header_t *rh, int optimistic_data)
1592 {
1593  unsigned domain = layer_hint?LD_APP:LD_EXIT;
1594  int reason;
1595 
1596  tor_assert(rh);
1597 
1598  /* First pass the cell to the circuit padding subsystem, in case it's a
1599  * padding cell or circuit that should be handled there. */
1600  if (circpad_check_received_cell(cell, circ, layer_hint, rh) == 0) {
1601  log_debug(domain, "Cell handled as circuit padding");
1602  return 0;
1603  }
1604 
1605  /* Now handle all the other commands */
1606  switch (rh->command) {
1607  case RELAY_COMMAND_BEGIN:
1608  case RELAY_COMMAND_BEGIN_DIR:
1609  if (layer_hint &&
1611  log_fn(LOG_PROTOCOL_WARN, LD_APP,
1612  "Relay begin request unsupported at AP. Dropping.");
1613  return 0;
1614  }
1615  if (circ->purpose == CIRCUIT_PURPOSE_S_REND_JOINED &&
1616  layer_hint != TO_ORIGIN_CIRCUIT(circ)->cpath->prev) {
1617  log_fn(LOG_PROTOCOL_WARN, LD_APP,
1618  "Relay begin request to Hidden Service "
1619  "from intermediary node. Dropping.");
1620  return 0;
1621  }
1622  if (conn) {
1623  log_fn(LOG_PROTOCOL_WARN, domain,
1624  "Begin cell for known stream. Dropping.");
1625  return 0;
1626  }
1627  if (rh->command == RELAY_COMMAND_BEGIN_DIR &&
1629  /* Assign this circuit and its app-ward OR connection a unique ID,
1630  * so that we can measure download times. The local edge and dir
1631  * connection will be assigned the same ID when they are created
1632  * and linked. */
1633  static uint64_t next_id = 0;
1634  circ->dirreq_id = ++next_id;
1635  TO_OR_CIRCUIT(circ)->p_chan->dirreq_id = circ->dirreq_id;
1636  }
1637  return connection_exit_begin_conn(cell, circ);
1638  case RELAY_COMMAND_DATA:
1640 
1641  /* Update our circuit-level deliver window that we received a DATA cell.
1642  * If the deliver window goes below 0, we end the circuit and stream due
1643  * to a protocol failure. */
1644  if (sendme_circuit_data_received(circ, layer_hint) < 0) {
1645  log_fn(LOG_PROTOCOL_WARN, LD_PROTOCOL,
1646  "(relay data) circ deliver_window below 0. Killing.");
1647  connection_edge_end_close(conn, END_STREAM_REASON_TORPROTOCOL);
1648  return -END_CIRC_REASON_TORPROTOCOL;
1649  }
1650 
1651  /* Consider sending a circuit-level SENDME cell. */
1652  sendme_circuit_consider_sending(circ, layer_hint);
1653 
1654  if (rh->stream_id == 0) {
1655  log_fn(LOG_PROTOCOL_WARN, LD_PROTOCOL, "Relay data cell with zero "
1656  "stream_id. Dropping.");
1657  return 0;
1658  } else if (!conn) {
1659  if (CIRCUIT_IS_ORIGIN(circ)) {
1660  origin_circuit_t *ocirc = TO_ORIGIN_CIRCUIT(circ);
1662  rh->stream_id)) {
1663  circuit_read_valid_data(ocirc, rh->length);
1664  log_info(domain,
1665  "data cell on circ %u valid on half-closed "
1666  "stream id %d", ocirc->global_identifier, rh->stream_id);
1667  }
1668  }
1669 
1670  log_info(domain,"data cell dropped, unknown stream (streamid %d).",
1671  rh->stream_id);
1672  return 0;
1673  }
1674 
1675  /* Update our stream-level deliver window that we just received a DATA
1676  * cell. Going below 0 means we have a protocol level error so the
1677  * stream and circuit are closed. */
1678 
1679  if (sendme_stream_data_received(conn) < 0) {
1680  log_fn(LOG_PROTOCOL_WARN, LD_PROTOCOL,
1681  "(relay data) conn deliver_window below 0. Killing.");
1682  connection_edge_end_close(conn, END_STREAM_REASON_TORPROTOCOL);
1683  return -END_CIRC_REASON_TORPROTOCOL;
1684  }
1685  /* Total all valid application bytes delivered */
1686  if (CIRCUIT_IS_ORIGIN(circ) && rh->length > 0) {
1688  }
1689 
1691  connection_buf_add((char*)(cell->payload + RELAY_HEADER_SIZE),
1692  rh->length, TO_CONN(conn));
1693 
1694 #ifdef MEASUREMENTS_21206
1695  /* Count number of RELAY_DATA cells received on a linked directory
1696  * connection. */
1697  connection_t *linked_conn = TO_CONN(conn)->linked_conn;
1698 
1699  if (linked_conn && linked_conn->type == CONN_TYPE_DIR) {
1700  ++(TO_DIR_CONN(linked_conn)->data_cells_received);
1701  }
1702 #endif /* defined(MEASUREMENTS_21206) */
1703 
1704  if (!optimistic_data) {
1705  /* Only send a SENDME if we're not getting optimistic data; otherwise
1706  * a SENDME could arrive before the CONNECTED.
1707  */
1709  }
1710 
1711  return 0;
1712  case RELAY_COMMAND_END:
1713  reason = rh->length > 0 ?
1714  get_uint8(cell->payload+RELAY_HEADER_SIZE) : END_STREAM_REASON_MISC;
1715  if (!conn) {
1716  if (CIRCUIT_IS_ORIGIN(circ)) {
1717  origin_circuit_t *ocirc = TO_ORIGIN_CIRCUIT(circ);
1719  rh->stream_id)) {
1720 
1721  circuit_read_valid_data(ocirc, rh->length);
1722  log_info(domain,
1723  "end cell (%s) on circ %u valid on half-closed "
1724  "stream id %d",
1726  ocirc->global_identifier, rh->stream_id);
1727  return 0;
1728  }
1729  }
1730  log_info(domain,"end cell (%s) dropped, unknown stream.",
1731  stream_end_reason_to_string(reason));
1732  return 0;
1733  }
1734 /* XXX add to this log_fn the exit node's nickname? */
1735  log_info(domain,TOR_SOCKET_T_FORMAT": end cell (%s) for stream %d. "
1736  "Removing stream.",
1737  conn->base_.s,
1739  conn->stream_id);
1740  if (conn->base_.type == CONN_TYPE_AP) {
1741  entry_connection_t *entry_conn = EDGE_TO_ENTRY_CONN(conn);
1742  if (entry_conn->socks_request &&
1743  !entry_conn->socks_request->has_finished)
1744  log_warn(LD_BUG,
1745  "open stream hasn't sent socks answer yet? Closing.");
1746  }
1747  /* We just *got* an end; no reason to send one. */
1748  conn->edge_has_sent_end = 1;
1749  if (!conn->end_reason)
1750  conn->end_reason = reason | END_STREAM_REASON_FLAG_REMOTE;
1751  if (!conn->base_.marked_for_close) {
1752  /* only mark it if not already marked. it's possible to
1753  * get the 'end' right around when the client hangs up on us. */
1754  connection_mark_and_flush(TO_CONN(conn));
1755 
1756  /* Total all valid application bytes delivered */
1757  if (CIRCUIT_IS_ORIGIN(circ)) {
1759  }
1760  }
1761  return 0;
1762  case RELAY_COMMAND_EXTEND:
1763  case RELAY_COMMAND_EXTEND2: {
1764  static uint64_t total_n_extend=0, total_nonearly=0;
1765  total_n_extend++;
1766  if (rh->stream_id) {
1767  log_fn(LOG_PROTOCOL_WARN, domain,
1768  "'extend' cell received for non-zero stream. Dropping.");
1769  return 0;
1770  }
1771  if (cell->command != CELL_RELAY_EARLY &&
1772  !networkstatus_get_param(NULL,"AllowNonearlyExtend",0,0,1)) {
1773 #define EARLY_WARNING_INTERVAL 3600
1774  static ratelim_t early_warning_limit =
1775  RATELIM_INIT(EARLY_WARNING_INTERVAL);
1776  char *m;
1777  if (cell->command == CELL_RELAY) {
1778  ++total_nonearly;
1779  if ((m = rate_limit_log(&early_warning_limit, approx_time()))) {
1780  double percentage = ((double)total_nonearly)/total_n_extend;
1781  percentage *= 100;
1782  log_fn(LOG_PROTOCOL_WARN, domain, "EXTEND cell received, "
1783  "but not via RELAY_EARLY. Dropping.%s", m);
1784  log_fn(LOG_PROTOCOL_WARN, domain, " (We have dropped %.02f%% of "
1785  "all EXTEND cells for this reason)", percentage);
1786  tor_free(m);
1787  }
1788  } else {
1789  log_fn(LOG_WARN, domain,
1790  "EXTEND cell received, in a cell with type %d! Dropping.",
1791  cell->command);
1792  }
1793  return 0;
1794  }
1795  return circuit_extend(cell, circ);
1796  }
1797  case RELAY_COMMAND_EXTENDED:
1798  case RELAY_COMMAND_EXTENDED2:
1799  if (!layer_hint) {
1800  log_fn(LOG_PROTOCOL_WARN, LD_PROTOCOL,
1801  "'extended' unsupported at non-origin. Dropping.");
1802  return 0;
1803  }
1804  log_debug(domain,"Got an extended cell! Yay.");
1805  {
1806  extended_cell_t extended_cell;
1807  if (extended_cell_parse(&extended_cell, rh->command,
1808  (const uint8_t*)cell->payload+RELAY_HEADER_SIZE,
1809  rh->length)<0) {
1810  log_warn(LD_PROTOCOL,
1811  "Can't parse EXTENDED cell; killing circuit.");
1812  return -END_CIRC_REASON_TORPROTOCOL;
1813  }
1814  if ((reason = circuit_finish_handshake(TO_ORIGIN_CIRCUIT(circ),
1815  &extended_cell.created_cell)) < 0) {
1816  circuit_mark_for_close(circ, -reason);
1817  return 0; /* We don't want to cause a warning, so we mark the circuit
1818  * here. */
1819  }
1820  }
1821  if ((reason=circuit_send_next_onion_skin(TO_ORIGIN_CIRCUIT(circ)))<0) {
1822  log_info(domain,"circuit_send_next_onion_skin() failed.");
1823  return reason;
1824  }
1825  /* Total all valid bytes delivered. */
1826  if (CIRCUIT_IS_ORIGIN(circ)) {
1828  }
1829  return 0;
1830  case RELAY_COMMAND_TRUNCATE:
1831  if (layer_hint) {
1832  log_fn(LOG_PROTOCOL_WARN, LD_APP,
1833  "'truncate' unsupported at origin. Dropping.");
1834  return 0;
1835  }
1836  if (circ->n_hop) {
1837  if (circ->n_chan)
1838  log_warn(LD_BUG, "n_chan and n_hop set on the same circuit!");
1839  extend_info_free(circ->n_hop);
1840  circ->n_hop = NULL;
1843  }
1844  if (circ->n_chan) {
1845  uint8_t trunc_reason = get_uint8(cell->payload + RELAY_HEADER_SIZE);
1846  circuit_synchronize_written_or_bandwidth(circ, CIRCUIT_N_CHAN);
1847  circuit_clear_cell_queue(circ, circ->n_chan);
1848  channel_send_destroy(circ->n_circ_id, circ->n_chan,
1849  trunc_reason);
1850  circuit_set_n_circid_chan(circ, 0, NULL);
1851  }
1852  log_debug(LD_EXIT, "Processed 'truncate', replying.");
1853  {
1854  char payload[1];
1855  payload[0] = (char)END_CIRC_REASON_REQUESTED;
1856  relay_send_command_from_edge(0, circ, RELAY_COMMAND_TRUNCATED,
1857  payload, sizeof(payload), NULL);
1858  }
1859  return 0;
1860  case RELAY_COMMAND_TRUNCATED:
1861  if (!layer_hint) {
1862  log_fn(LOG_PROTOCOL_WARN, LD_EXIT,
1863  "'truncated' unsupported at non-origin. Dropping.");
1864  return 0;
1865  }
1866 
1867  /* Count the truncated as valid, for completeness. The
1868  * circuit is being torn down anyway, though. */
1869  if (CIRCUIT_IS_ORIGIN(circ)) {
1871  rh->length);
1872  }
1875  return 0;
1876  case RELAY_COMMAND_CONNECTED:
1877  if (conn) {
1878  log_fn(LOG_PROTOCOL_WARN, LD_PROTOCOL,
1879  "'connected' unsupported while open. Closing circ.");
1880  return -END_CIRC_REASON_TORPROTOCOL;
1881  }
1882 
1883  if (CIRCUIT_IS_ORIGIN(circ)) {
1884  origin_circuit_t *ocirc = TO_ORIGIN_CIRCUIT(circ);
1886  rh->stream_id)) {
1887  circuit_read_valid_data(ocirc, rh->length);
1888  log_info(domain,
1889  "connected cell on circ %u valid on half-closed "
1890  "stream id %d", ocirc->global_identifier, rh->stream_id);
1891  return 0;
1892  }
1893  }
1894 
1895  log_info(domain,
1896  "'connected' received on circid %u for streamid %d, "
1897  "no conn attached anymore. Ignoring.",
1898  (unsigned)circ->n_circ_id, rh->stream_id);
1899  return 0;
1900  case RELAY_COMMAND_SENDME:
1901  return process_sendme_cell(rh, cell, circ, conn, layer_hint, domain);
1902  case RELAY_COMMAND_RESOLVE:
1903  if (layer_hint) {
1904  log_fn(LOG_PROTOCOL_WARN, LD_APP,
1905  "resolve request unsupported at AP; dropping.");
1906  return 0;
1907  } else if (conn) {
1908  log_fn(LOG_PROTOCOL_WARN, domain,
1909  "resolve request for known stream; dropping.");
1910  return 0;
1911  } else if (circ->purpose != CIRCUIT_PURPOSE_OR) {
1912  log_fn(LOG_PROTOCOL_WARN, domain,
1913  "resolve request on circ with purpose %d; dropping",
1914  circ->purpose);
1915  return 0;
1916  }
1918  return 0;
1919  case RELAY_COMMAND_RESOLVED:
1920  if (conn) {
1921  log_fn(LOG_PROTOCOL_WARN, domain,
1922  "'resolved' unsupported while open. Closing circ.");
1923  return -END_CIRC_REASON_TORPROTOCOL;
1924  }
1925 
1926  if (CIRCUIT_IS_ORIGIN(circ)) {
1927  origin_circuit_t *ocirc = TO_ORIGIN_CIRCUIT(circ);
1929  rh->stream_id)) {
1930  circuit_read_valid_data(ocirc, rh->length);
1931  log_info(domain,
1932  "resolved cell on circ %u valid on half-closed "
1933  "stream id %d", ocirc->global_identifier, rh->stream_id);
1934  return 0;
1935  }
1936  }
1937 
1938  log_info(domain,
1939  "'resolved' received, no conn attached anymore. Ignoring.");
1940  return 0;
1941  case RELAY_COMMAND_ESTABLISH_INTRO:
1942  case RELAY_COMMAND_ESTABLISH_RENDEZVOUS:
1943  case RELAY_COMMAND_INTRODUCE1:
1944  case RELAY_COMMAND_INTRODUCE2:
1945  case RELAY_COMMAND_INTRODUCE_ACK:
1946  case RELAY_COMMAND_RENDEZVOUS1:
1947  case RELAY_COMMAND_RENDEZVOUS2:
1948  case RELAY_COMMAND_INTRO_ESTABLISHED:
1949  case RELAY_COMMAND_RENDEZVOUS_ESTABLISHED:
1950  rend_process_relay_cell(circ, layer_hint,
1951  rh->command, rh->length,
1952  cell->payload+RELAY_HEADER_SIZE);
1953  return 0;
1954  }
1955  log_fn(LOG_PROTOCOL_WARN, LD_PROTOCOL,
1956  "Received unknown relay command %d. Perhaps the other side is using "
1957  "a newer version of Tor? Dropping.",
1958  rh->command);
1959  return 0; /* for forward compatibility, don't kill the circuit */
1960 }
1961 
1962 /** An incoming relay cell has arrived on circuit <b>circ</b>. If
1963  * <b>conn</b> is NULL this is a control cell, else <b>cell</b> is
1964  * destined for <b>conn</b>.
1965  *
1966  * If <b>layer_hint</b> is defined, then we're the origin of the
1967  * circuit, and it specifies the hop that packaged <b>cell</b>.
1968  *
1969  * Return -reason if you want to warn and tear down the circuit, else 0.
1970  */
1971 STATIC int
1973  edge_connection_t *conn,
1974  crypt_path_t *layer_hint)
1975 {
1976  static int num_seen=0;
1977  relay_header_t rh;
1978  unsigned domain = layer_hint?LD_APP:LD_EXIT;
1979  int optimistic_data = 0; /* Set to 1 if we receive data on a stream
1980  * that's in the EXIT_CONN_STATE_RESOLVING
1981  * or EXIT_CONN_STATE_CONNECTING states. */
1982 
1983  tor_assert(cell);
1984  tor_assert(circ);
1985 
1986  relay_header_unpack(&rh, cell->payload);
1987 // log_fn(LOG_DEBUG,"command %d stream %d", rh.command, rh.stream_id);
1988  num_seen++;
1989  log_debug(domain, "Now seen %d relay cells here (command %d, stream %d).",
1990  num_seen, rh.command, rh.stream_id);
1991 
1992  if (rh.length > RELAY_PAYLOAD_SIZE) {
1993  log_fn(LOG_PROTOCOL_WARN, LD_PROTOCOL,
1994  "Relay cell length field too long. Closing circuit.");
1995  return - END_CIRC_REASON_TORPROTOCOL;
1996  }
1997 
1998  if (rh.stream_id == 0) {
1999  switch (rh.command) {
2000  case RELAY_COMMAND_BEGIN:
2001  case RELAY_COMMAND_CONNECTED:
2002  case RELAY_COMMAND_END:
2003  case RELAY_COMMAND_RESOLVE:
2004  case RELAY_COMMAND_RESOLVED:
2005  case RELAY_COMMAND_BEGIN_DIR:
2006  log_fn(LOG_PROTOCOL_WARN, LD_PROTOCOL, "Relay command %d with zero "
2007  "stream_id. Dropping.", (int)rh.command);
2008  return 0;
2009  default:
2010  ;
2011  }
2012  }
2013 
2014  /* Tell circpad that we've received a recognized cell */
2016 
2017  /* either conn is NULL, in which case we've got a control cell, or else
2018  * conn points to the recognized stream. */
2019  if (conn && !connection_state_is_open(TO_CONN(conn))) {
2020  if (conn->base_.type == CONN_TYPE_EXIT &&
2021  (conn->base_.state == EXIT_CONN_STATE_CONNECTING ||
2022  conn->base_.state == EXIT_CONN_STATE_RESOLVING) &&
2023  rh.command == RELAY_COMMAND_DATA) {
2024  /* Allow DATA cells to be delivered to an exit node in state
2025  * EXIT_CONN_STATE_CONNECTING or EXIT_CONN_STATE_RESOLVING.
2026  * This speeds up HTTP, for example. */
2027  optimistic_data = 1;
2028  } else if (rh.stream_id == 0 && rh.command == RELAY_COMMAND_DATA) {
2029  log_warn(LD_BUG, "Somehow I had a connection that matched a "
2030  "data cell with stream ID 0.");
2031  } else {
2033  &rh, cell, circ, conn, layer_hint);
2034  }
2035  }
2036 
2037  return handle_relay_cell_command(cell, circ, conn, layer_hint,
2038  &rh, optimistic_data);
2039 }
2040 
2041 /** How many relay_data cells have we built, ever? */
2043 /** How many bytes of data have we put in relay_data cells have we built,
2044  * ever? This would be RELAY_PAYLOAD_SIZE*stats_n_data_cells_packaged if
2045  * every relay cell we ever sent were completely full of data. */
2047 /** How many relay_data cells have we received, ever? */
2049 /** How many bytes of data have we received relay_data cells, ever? This would
2050  * be RELAY_PAYLOAD_SIZE*stats_n_data_cells_packaged if every relay cell we
2051  * ever received were completely full of data. */
2053 
2054 /**
2055  * Called when initializing a circuit, or when we have reached the end of the
2056  * window in which we need to send some randomness so that incoming sendme
2057  * cells will be unpredictable. Resets the flags and picks a new window.
2058  */
2059 void
2061 {
2065 }
2066 
2067 /**
2068  * Any relay data payload containing fewer than this many real bytes is
2069  * considered to have enough randomness to.
2070  **/
2071 #define RELAY_PAYLOAD_LENGTH_FOR_RANDOM_SENDMES \
2072  (RELAY_PAYLOAD_SIZE - CELL_PADDING_GAP - 16)
2073 
2074 /**
2075  * Helper. Return the number of bytes that should be put into a cell from a
2076  * given edge connection on which <b>n_available</b> bytes are available.
2077  */
2078 STATIC size_t
2080  int package_partial,
2081  circuit_t *on_circuit)
2082 {
2083  if (!n_available)
2084  return 0;
2085 
2086  /* Do we need to force this payload to have space for randomness? */
2087  const bool force_random_bytes =
2088  (on_circuit->send_randomness_after_n_cells == 0) &&
2089  (! on_circuit->have_sent_sufficiently_random_cell);
2090 
2091  /* At most how much would we like to send in this cell? */
2092  size_t target_length;
2093  if (force_random_bytes) {
2095  } else {
2096  target_length = RELAY_PAYLOAD_SIZE;
2097  }
2098 
2099  /* Decide how many bytes we will actually put into this cell. */
2100  size_t package_length;
2101  if (n_available >= target_length) { /* A full payload is available. */
2102  package_length = target_length;
2103  } else { /* not a full payload available */
2104  if (package_partial)
2105  package_length = n_available; /* just take whatever's available now */
2106  else
2107  return 0; /* nothing to do until we have a full payload */
2108  }
2109 
2110  /* If we reach this point, we will be definitely sending the cell. */
2111  tor_assert_nonfatal(package_length > 0);
2112 
2113  if (package_length <= RELAY_PAYLOAD_LENGTH_FOR_RANDOM_SENDMES) {
2114  /* This cell will have enough randomness in the padding to make a future
2115  * sendme cell unpredictable. */
2116  on_circuit->have_sent_sufficiently_random_cell = 1;
2117  }
2118 
2119  if (on_circuit->send_randomness_after_n_cells == 0) {
2120  /* Either this cell, or some previous cell, had enough padding to
2121  * ensure sendme unpredictability. */
2122  tor_assert_nonfatal(on_circuit->have_sent_sufficiently_random_cell);
2123  /* Pick a new interval in which we need to send randomness. */
2124  circuit_reset_sendme_randomness(on_circuit);
2125  }
2126 
2127  --on_circuit->send_randomness_after_n_cells;
2128 
2129  return package_length;
2130 }
2131 
2132 /** If <b>conn</b> has an entire relay payload of bytes on its inbuf (or
2133  * <b>package_partial</b> is true), and the appropriate package windows aren't
2134  * empty, grab a cell and send it down the circuit.
2135  *
2136  * If *<b>max_cells</b> is given, package no more than max_cells. Decrement
2137  * *<b>max_cells</b> by the number of cells packaged.
2138  *
2139  * Return -1 (and send a RELAY_COMMAND_END cell if necessary) if conn should
2140  * be marked for close, else return 0.
2141  */
2142 int
2144  int *max_cells)
2145 {
2146  size_t bytes_to_process, length;
2147  char payload[CELL_PAYLOAD_SIZE];
2148  circuit_t *circ;
2149  const unsigned domain = conn->base_.type == CONN_TYPE_AP ? LD_APP : LD_EXIT;
2150  int sending_from_optimistic = 0;
2151  entry_connection_t *entry_conn =
2152  conn->base_.type == CONN_TYPE_AP ? EDGE_TO_ENTRY_CONN(conn) : NULL;
2153  const int sending_optimistically =
2154  entry_conn &&
2155  conn->base_.type == CONN_TYPE_AP &&
2156  conn->base_.state != AP_CONN_STATE_OPEN;
2157  crypt_path_t *cpath_layer = conn->cpath_layer;
2158 
2159  tor_assert(conn);
2160 
2161  if (conn->base_.marked_for_close) {
2162  log_warn(LD_BUG,
2163  "called on conn that's already marked for close at %s:%d.",
2164  conn->base_.marked_for_close_file, conn->base_.marked_for_close);
2165  return 0;
2166  }
2167 
2168  if (max_cells && *max_cells <= 0)
2169  return 0;
2170 
2171  repeat_connection_edge_package_raw_inbuf:
2172 
2173  circ = circuit_get_by_edge_conn(conn);
2174  if (!circ) {
2175  log_info(domain,"conn has no circuit! Closing.");
2177  return -1;
2178  }
2179 
2180  if (circuit_consider_stop_edge_reading(circ, cpath_layer))
2181  return 0;
2182 
2183  if (conn->package_window <= 0) {
2184  log_info(domain,"called with package_window %d. Skipping.",
2185  conn->package_window);
2187  return 0;
2188  }
2189 
2190  sending_from_optimistic = entry_conn &&
2191  entry_conn->sending_optimistic_data != NULL;
2192 
2193  if (PREDICT_UNLIKELY(sending_from_optimistic)) {
2194  bytes_to_process = buf_datalen(entry_conn->sending_optimistic_data);
2195  if (PREDICT_UNLIKELY(!bytes_to_process)) {
2196  log_warn(LD_BUG, "sending_optimistic_data was non-NULL but empty");
2197  bytes_to_process = connection_get_inbuf_len(TO_CONN(conn));
2198  sending_from_optimistic = 0;
2199  }
2200  } else {
2201  bytes_to_process = connection_get_inbuf_len(TO_CONN(conn));
2202  }
2203 
2204  length = connection_edge_get_inbuf_bytes_to_package(bytes_to_process,
2205  package_partial, circ);
2206  if (!length)
2207  return 0;
2208 
2209  /* If we reach this point, we will definitely be packaging bytes into
2210  * a cell. */
2211 
2212  stats_n_data_bytes_packaged += length;
2214 
2215  if (PREDICT_UNLIKELY(sending_from_optimistic)) {
2216  /* XXXX We could be more efficient here by sometimes packing
2217  * previously-sent optimistic data in the same cell with data
2218  * from the inbuf. */
2219  buf_get_bytes(entry_conn->sending_optimistic_data, payload, length);
2220  if (!buf_datalen(entry_conn->sending_optimistic_data)) {
2221  buf_free(entry_conn->sending_optimistic_data);
2222  entry_conn->sending_optimistic_data = NULL;
2223  }
2224  } else {
2225  connection_buf_get_bytes(payload, length, TO_CONN(conn));
2226  }
2227 
2228  log_debug(domain,TOR_SOCKET_T_FORMAT": Packaging %d bytes (%d waiting).",
2229  conn->base_.s,
2230  (int)length, (int)connection_get_inbuf_len(TO_CONN(conn)));
2231 
2232  if (sending_optimistically && !sending_from_optimistic) {
2233  /* This is new optimistic data; remember it in case we need to detach and
2234  retry */
2235  if (!entry_conn->pending_optimistic_data)
2236  entry_conn->pending_optimistic_data = buf_new();
2237  buf_add(entry_conn->pending_optimistic_data, payload, length);
2238  }
2239 
2240  if (connection_edge_send_command(conn, RELAY_COMMAND_DATA,
2241  payload, length) < 0 ) {
2242  /* circuit got marked for close, don't continue, don't need to mark conn */
2243  return 0;
2244  }
2245 
2246  /* Handle the circuit-level SENDME package window. */
2247  if (sendme_note_circuit_data_packaged(circ, cpath_layer) < 0) {
2248  /* Package window has gone under 0. Protocol issue. */
2249  log_fn(LOG_PROTOCOL_WARN, LD_PROTOCOL,
2250  "Circuit package window is below 0. Closing circuit.");
2251  conn->end_reason = END_STREAM_REASON_TORPROTOCOL;
2252  return -1;
2253  }
2254 
2255  /* Handle the stream-level SENDME package window. */
2256  if (sendme_note_stream_data_packaged(conn) < 0) {
2258  log_debug(domain,"conn->package_window reached 0.");
2259  circuit_consider_stop_edge_reading(circ, cpath_layer);
2260  return 0; /* don't process the inbuf any more */
2261  }
2262  log_debug(domain,"conn->package_window is now %d",conn->package_window);
2263 
2264  if (max_cells) {
2265  *max_cells -= 1;
2266  if (*max_cells <= 0)
2267  return 0;
2268  }
2269 
2270  /* handle more if there's more, or return 0 if there isn't */
2271  goto repeat_connection_edge_package_raw_inbuf;
2272 }
2273 
2274 /** The circuit <b>circ</b> has received a circuit-level sendme
2275  * (on hop <b>layer_hint</b>, if we're the OP). Go through all the
2276  * attached streams and let them resume reading and packaging, if
2277  * their stream windows allow it.
2278  */
2279 static void
2281 {
2283  log_debug(layer_hint?LD_APP:LD_EXIT,"Too big queue, no resuming");
2284  return;
2285  }
2286  log_debug(layer_hint?LD_APP:LD_EXIT,"resuming");
2287 
2288  if (CIRCUIT_IS_ORIGIN(circ))
2290  circ, layer_hint);
2291  else
2293  circ, layer_hint);
2294 }
2295 
2296 /** A helper function for circuit_resume_edge_reading() above.
2297  * The arguments are the same, except that <b>conn</b> is the head
2298  * of a linked list of edge streams that should each be considered.
2299  */
2300 static int
2302  circuit_t *circ,
2303  crypt_path_t *layer_hint)
2304 {
2305  edge_connection_t *conn;
2306  int n_packaging_streams, n_streams_left;
2307  int packaged_this_round;
2308  int cells_on_queue;
2309  int cells_per_conn;
2310  edge_connection_t *chosen_stream = NULL;
2311  int max_to_package;
2312 
2313  if (first_conn == NULL) {
2314  /* Don't bother to try to do the rest of this if there are no connections
2315  * to resume. */
2316  return 0;
2317  }
2318 
2319  /* How many cells do we have space for? It will be the minimum of
2320  * the number needed to exhaust the package window, and the minimum
2321  * needed to fill the cell queue. */
2322  max_to_package = circ->package_window;
2323  if (CIRCUIT_IS_ORIGIN(circ)) {
2324  cells_on_queue = circ->n_chan_cells.n;
2325  } else {
2326  or_circuit_t *or_circ = TO_OR_CIRCUIT(circ);
2327  cells_on_queue = or_circ->p_chan_cells.n;
2328  }
2329  if (CELL_QUEUE_HIGHWATER_SIZE - cells_on_queue < max_to_package)
2330  max_to_package = CELL_QUEUE_HIGHWATER_SIZE - cells_on_queue;
2331 
2332  /* Once we used to start listening on the streams in the order they
2333  * appeared in the linked list. That leads to starvation on the
2334  * streams that appeared later on the list, since the first streams
2335  * would always get to read first. Instead, we just pick a random
2336  * stream on the list, and enable reading for streams starting at that
2337  * point (and wrapping around as if the list were circular). It would
2338  * probably be better to actually remember which streams we've
2339  * serviced in the past, but this is simple and effective. */
2340 
2341  /* Select a stream uniformly at random from the linked list. We
2342  * don't need cryptographic randomness here. */
2343  {
2344  int num_streams = 0;
2345  for (conn = first_conn; conn; conn = conn->next_stream) {
2346  num_streams++;
2347 
2348  if (crypto_fast_rng_one_in_n(get_thread_fast_rng(), num_streams)) {
2349  chosen_stream = conn;
2350  }
2351  /* Invariant: chosen_stream has been chosen uniformly at random from
2352  * among the first num_streams streams on first_conn.
2353  *
2354  * (Note that we iterate over every stream on the circuit, so that after
2355  * we've considered the first stream, we've chosen it with P=1; and
2356  * after we consider the second stream, we've switched to it with P=1/2
2357  * and stayed with the first stream with P=1/2; and after we've
2358  * considered the third stream, we've switched to it with P=1/3 and
2359  * remained with one of the first two streams with P=(2/3), giving each
2360  * one P=(1/2)(2/3) )=(1/3).) */
2361  }
2362  }
2363 
2364  /* Count how many non-marked streams there are that have anything on
2365  * their inbuf, and enable reading on all of the connections. */
2366  n_packaging_streams = 0;
2367  /* Activate reading starting from the chosen stream */
2368  for (conn=chosen_stream; conn; conn = conn->next_stream) {
2369  /* Start reading for the streams starting from here */
2370  if (conn->base_.marked_for_close || conn->package_window <= 0)
2371  continue;
2372  if (!layer_hint || conn->cpath_layer == layer_hint) {
2374 
2375  if (connection_get_inbuf_len(TO_CONN(conn)) > 0)
2376  ++n_packaging_streams;
2377  }
2378  }
2379  /* Go back and do the ones we skipped, circular-style */
2380  for (conn = first_conn; conn != chosen_stream; conn = conn->next_stream) {
2381  if (conn->base_.marked_for_close || conn->package_window <= 0)
2382  continue;
2383  if (!layer_hint || conn->cpath_layer == layer_hint) {
2385 
2386  if (connection_get_inbuf_len(TO_CONN(conn)) > 0)
2387  ++n_packaging_streams;
2388  }
2389  }
2390 
2391  if (n_packaging_streams == 0) /* avoid divide-by-zero */
2392  return 0;
2393 
2394  again:
2395 
2396  cells_per_conn = CEIL_DIV(max_to_package, n_packaging_streams);
2397 
2398  packaged_this_round = 0;
2399  n_streams_left = 0;
2400 
2401  /* Iterate over all connections. Package up to cells_per_conn cells on
2402  * each. Update packaged_this_round with the total number of cells
2403  * packaged, and n_streams_left with the number that still have data to
2404  * package.
2405  */
2406  for (conn=first_conn; conn; conn=conn->next_stream) {
2407  if (conn->base_.marked_for_close || conn->package_window <= 0)
2408  continue;
2409  if (!layer_hint || conn->cpath_layer == layer_hint) {
2410  int n = cells_per_conn, r;
2411  /* handle whatever might still be on the inbuf */
2412  r = connection_edge_package_raw_inbuf(conn, 1, &n);
2413 
2414  /* Note how many we packaged */
2415  packaged_this_round += (cells_per_conn-n);
2416 
2417  if (r<0) {
2418  /* Problem while packaging. (We already sent an end cell if
2419  * possible) */
2420  connection_mark_for_close(TO_CONN(conn));
2421  continue;
2422  }
2423 
2424  /* If there's still data to read, we'll be coming back to this stream. */
2425  if (connection_get_inbuf_len(TO_CONN(conn)))
2426  ++n_streams_left;
2427 
2428  /* If the circuit won't accept any more data, return without looking
2429  * at any more of the streams. Any connections that should be stopped
2430  * have already been stopped by connection_edge_package_raw_inbuf. */
2431  if (circuit_consider_stop_edge_reading(circ, layer_hint))
2432  return -1;
2433  /* XXXX should we also stop immediately if we fill up the cell queue?
2434  * Probably. */
2435  }
2436  }
2437 
2438  /* If we made progress, and we are willing to package more, and there are
2439  * any streams left that want to package stuff... try again!
2440  */
2441  if (packaged_this_round && packaged_this_round < max_to_package &&
2442  n_streams_left) {
2443  max_to_package -= packaged_this_round;
2444  n_packaging_streams = n_streams_left;
2445  goto again;
2446  }
2447 
2448  return 0;
2449 }
2450 
2451 /** Check if the package window for <b>circ</b> is empty (at
2452  * hop <b>layer_hint</b> if it's defined).
2453  *
2454  * If yes, tell edge streams to stop reading and return 1.
2455  * Else return 0.
2456  */
2457 static int
2459 {
2460  edge_connection_t *conn = NULL;
2461  unsigned domain = layer_hint ? LD_APP : LD_EXIT;
2462 
2463  if (!layer_hint) {
2464  or_circuit_t *or_circ = TO_OR_CIRCUIT(circ);
2465  log_debug(domain,"considering circ->package_window %d",
2466  circ->package_window);
2467  if (circ->package_window <= 0) {
2468  log_debug(domain,"yes, not-at-origin. stopped.");
2469  for (conn = or_circ->n_streams; conn; conn=conn->next_stream)
2471  return 1;
2472  }
2473  return 0;
2474  }
2475  /* else, layer hint is defined, use it */
2476  log_debug(domain,"considering layer_hint->package_window %d",
2477  layer_hint->package_window);
2478  if (layer_hint->package_window <= 0) {
2479  log_debug(domain,"yes, at-origin. stopped.");
2480  for (conn = TO_ORIGIN_CIRCUIT(circ)->p_streams; conn;
2481  conn=conn->next_stream) {
2482  if (conn->cpath_layer == layer_hint)
2484  }
2485  return 1;
2486  }
2487  return 0;
2488 }
2489 
2490 /** The total number of cells we have allocated. */
2491 static size_t total_cells_allocated = 0;
2492 
2493 /** Release storage held by <b>cell</b>. */
2494 static inline void
2496 {
2498  tor_free(cell);
2499 }
2500 
2501 /** Allocate and return a new packed_cell_t. */
2504 {
2506  return tor_malloc_zero(sizeof(packed_cell_t));
2507 }
2508 
2509 /** Return a packed cell used outside by channel_t lower layer */
2510 void
2512 {
2513  if (!cell)
2514  return;
2516 }
2517 
2518 /** Log current statistics for cell pool allocation at log level
2519  * <b>severity</b>. */
2520 void
2522 {
2523  int n_circs = 0;
2524  int n_cells = 0;
2526  n_cells += c->n_chan_cells.n;
2527  if (!CIRCUIT_IS_ORIGIN(c))
2528  n_cells += TO_OR_CIRCUIT(c)->p_chan_cells.n;
2529  ++n_circs;
2530  }
2531  SMARTLIST_FOREACH_END(c);
2532  tor_log(severity, LD_MM,
2533  "%d cells allocated on %d circuits. %d cells leaked.",
2534  n_cells, n_circs, (int)total_cells_allocated - n_cells);
2535 }
2536 
2537 /** Allocate a new copy of packed <b>cell</b>. */
2538 static inline packed_cell_t *
2539 packed_cell_copy(const cell_t *cell, int wide_circ_ids)
2540 {
2542  cell_pack(c, cell, wide_circ_ids);
2543  return c;
2544 }
2545 
2546 /** Append <b>cell</b> to the end of <b>queue</b>. */
2547 void
2549 {
2550  TOR_SIMPLEQ_INSERT_TAIL(&queue->head, cell, next);
2551  ++queue->n;
2552 }
2553 
2554 /** Append a newly allocated copy of <b>cell</b> to the end of the
2555  * <b>exitward</b> (or app-ward) <b>queue</b> of <b>circ</b>. If
2556  * <b>use_stats</b> is true, record statistics about the cell.
2557  */
2558 void
2560  int exitward, const cell_t *cell,
2561  int wide_circ_ids, int use_stats)
2562 {
2563  packed_cell_t *copy = packed_cell_copy(cell, wide_circ_ids);
2564  (void)circ;
2565  (void)exitward;
2566  (void)use_stats;
2567 
2569 
2570  cell_queue_append(queue, copy);
2571 }
2572 
2573 /** Initialize <b>queue</b> as an empty cell queue. */
2574 void
2576 {
2577  memset(queue, 0, sizeof(cell_queue_t));
2578  TOR_SIMPLEQ_INIT(&queue->head);
2579 }
2580 
2581 /** Remove and free every cell in <b>queue</b>. */
2582 void
2584 {
2585  packed_cell_t *cell;
2586  while ((cell = TOR_SIMPLEQ_FIRST(&queue->head))) {
2587  TOR_SIMPLEQ_REMOVE_HEAD(&queue->head, next);
2589  }
2590  TOR_SIMPLEQ_INIT(&queue->head);
2591  queue->n = 0;
2592 }
2593 
2594 /** Extract and return the cell at the head of <b>queue</b>; return NULL if
2595  * <b>queue</b> is empty. */
2598 {
2599  packed_cell_t *cell = TOR_SIMPLEQ_FIRST(&queue->head);
2600  if (!cell)
2601  return NULL;
2602  TOR_SIMPLEQ_REMOVE_HEAD(&queue->head, next);
2603  --queue->n;
2604  return cell;
2605 }
2606 
2607 /** Initialize <b>queue</b> as an empty cell queue. */
2608 void
2610 {
2611  memset(queue, 0, sizeof(destroy_cell_queue_t));
2612  TOR_SIMPLEQ_INIT(&queue->head);
2613 }
2614 
2615 /** Remove and free every cell in <b>queue</b>. */
2616 void
2618 {
2619  destroy_cell_t *cell;
2620  while ((cell = TOR_SIMPLEQ_FIRST(&queue->head))) {
2621  TOR_SIMPLEQ_REMOVE_HEAD(&queue->head, next);
2622  tor_free(cell);
2623  }
2624  TOR_SIMPLEQ_INIT(&queue->head);
2625  queue->n = 0;
2626 }
2627 
2628 /** Extract and return the cell at the head of <b>queue</b>; return NULL if
2629  * <b>queue</b> is empty. */
2632 {
2633  destroy_cell_t *cell = TOR_SIMPLEQ_FIRST(&queue->head);
2634  if (!cell)
2635  return NULL;
2636  TOR_SIMPLEQ_REMOVE_HEAD(&queue->head, next);
2637  --queue->n;
2638  return cell;
2639 }
2640 
2641 /** Append a destroy cell for <b>circid</b> to <b>queue</b>. */
2642 void
2644  circid_t circid,
2645  uint8_t reason)
2646 {
2647  destroy_cell_t *cell = tor_malloc_zero(sizeof(destroy_cell_t));
2648  cell->circid = circid;
2649  cell->reason = reason;
2650  /* Not yet used, but will be required for OOM handling. */
2652 
2653  TOR_SIMPLEQ_INSERT_TAIL(&queue->head, cell, next);
2654  ++queue->n;
2655 }
2656 
2657 /** Convert a destroy_cell_t to a newly allocated cell_t. Frees its input. */
2658 static packed_cell_t *
2660 {
2661  packed_cell_t *packed = packed_cell_new();
2662  cell_t cell;
2663  memset(&cell, 0, sizeof(cell));
2664  cell.circ_id = inp->circid;
2665  cell.command = CELL_DESTROY;
2666  cell.payload[0] = inp->reason;
2667  cell_pack(packed, &cell, wide_circ_ids);
2668 
2669  tor_free(inp);
2670  return packed;
2671 }
2672 
2673 /** Return the total number of bytes used for each packed_cell in a queue.
2674  * Approximate. */
2675 size_t
2677 {
2678  return sizeof(packed_cell_t);
2679 }
2680 
2681 /* DOCDOC */
2682 size_t
2683 cell_queues_get_total_allocation(void)
2684 {
2686 }
2687 
2688 /** How long after we've been low on memory should we try to conserve it? */
2689 #define MEMORY_PRESSURE_INTERVAL (30*60)
2690 
2691 /** The time at which we were last low on memory. */
2693 
2694 /** Check whether we've got too much space used for cells. If so,
2695  * call the OOM handler and return 1. Otherwise, return 0. */
2696 STATIC int
2698 {
2699  time_t now = time(NULL);
2700  size_t alloc = cell_queues_get_total_allocation();
2702  alloc += buf_get_total_allocation();
2704  const size_t rend_cache_total = rend_cache_get_total_allocation();
2705  alloc += rend_cache_total;
2706  const size_t geoip_client_cache_total =
2707  geoip_client_cache_total_allocation();
2708  alloc += geoip_client_cache_total;
2709  const size_t dns_cache_total = dns_cache_total_allocation();
2710  alloc += dns_cache_total;
2711  if (alloc >= get_options()->MaxMemInQueues_low_threshold) {
2713  if (alloc >= get_options()->MaxMemInQueues) {
2714  /* If we're spending over 20% of the memory limit on hidden service
2715  * descriptors, free them until we're down to 10%. Do the same for geoip
2716  * client cache. */
2717  if (rend_cache_total > get_options()->MaxMemInQueues / 5) {
2718  const size_t bytes_to_remove =
2719  rend_cache_total - (size_t)(get_options()->MaxMemInQueues / 10);
2720  alloc -= hs_cache_handle_oom(now, bytes_to_remove);
2721  }
2722  if (geoip_client_cache_total > get_options()->MaxMemInQueues / 5) {
2723  const size_t bytes_to_remove =
2724  geoip_client_cache_total -
2725  (size_t)(get_options()->MaxMemInQueues / 10);
2726  alloc -= geoip_client_cache_handle_oom(now, bytes_to_remove);
2727  }
2728  if (dns_cache_total > get_options()->MaxMemInQueues / 5) {
2729  const size_t bytes_to_remove =
2730  dns_cache_total - (size_t)(get_options()->MaxMemInQueues / 10);
2731  alloc -= dns_cache_handle_oom(now, bytes_to_remove);
2732  }
2733  circuits_handle_oom(alloc);
2734  return 1;
2735  }
2736  }
2737  return 0;
2738 }
2739 
2740 /** Return true if we've been under memory pressure in the last
2741  * MEMORY_PRESSURE_INTERVAL seconds. */
2742 int
2744 {
2746  < approx_time();
2747 }
2748 
2749 /**
2750  * Update the number of cells available on the circuit's n_chan or p_chan's
2751  * circuit mux.
2752  */
2753 void
2755  const char *file, int lineno)
2756 {
2757  channel_t *chan = NULL;
2758  or_circuit_t *or_circ = NULL;
2759  circuitmux_t *cmux = NULL;
2760 
2761  tor_assert(circ);
2762 
2763  /* Okay, get the channel */
2764  if (direction == CELL_DIRECTION_OUT) {
2765  chan = circ->n_chan;
2766  } else {
2767  or_circ = TO_OR_CIRCUIT(circ);
2768  chan = or_circ->p_chan;
2769  }
2770 
2771  tor_assert(chan);
2772  tor_assert(chan->cmux);
2773 
2774  /* Now get the cmux */
2775  cmux = chan->cmux;
2776 
2777  /* Cmux sanity check */
2778  if (! circuitmux_is_circuit_attached(cmux, circ)) {
2779  log_warn(LD_BUG, "called on non-attached circuit from %s:%d",
2780  file, lineno);
2781  return;
2782  }
2783  tor_assert(circuitmux_attached_circuit_direction(cmux, circ) == direction);
2784 
2785  /* Update the number of cells we have for the circuit mux */
2786  if (direction == CELL_DIRECTION_OUT) {
2787  circuitmux_set_num_cells(cmux, circ, circ->n_chan_cells.n);
2788  } else {
2789  circuitmux_set_num_cells(cmux, circ, or_circ->p_chan_cells.n);
2790  }
2791 }
2792 
2793 /** Remove all circuits from the cmux on <b>chan</b>.
2794  *
2795  * If <b>circuits_out</b> is non-NULL, add all detached circuits to
2796  * <b>circuits_out</b>.
2797  **/
2798 void
2799 channel_unlink_all_circuits(channel_t *chan, smartlist_t *circuits_out)
2800 {
2801  tor_assert(chan);
2802  tor_assert(chan->cmux);
2803 
2804  circuitmux_detach_all_circuits(chan->cmux, circuits_out);
2805  chan->num_n_circuits = 0;
2806  chan->num_p_circuits = 0;
2807 }
2808 
2809 /** Block (if <b>block</b> is true) or unblock (if <b>block</b> is false)
2810  * every edge connection that is using <b>circ</b> to write to <b>chan</b>,
2811  * and start or stop reading as appropriate.
2812  *
2813  * If <b>stream_id</b> is nonzero, block only the edge connection whose
2814  * stream_id matches it.
2815  *
2816  * Returns the number of streams whose status we changed.
2817  */
2818 static int
2820  int block, streamid_t stream_id)
2821 {
2822  edge_connection_t *edge = NULL;
2823  int n = 0;
2824  if (circ->n_chan == chan) {
2825  circ->streams_blocked_on_n_chan = block;
2826  if (CIRCUIT_IS_ORIGIN(circ))
2827  edge = TO_ORIGIN_CIRCUIT(circ)->p_streams;
2828  } else {
2829  circ->streams_blocked_on_p_chan = block;
2830  tor_assert(!CIRCUIT_IS_ORIGIN(circ));
2831  edge = TO_OR_CIRCUIT(circ)->n_streams;
2832  }
2833 
2834  for (; edge; edge = edge->next_stream) {
2835  connection_t *conn = TO_CONN(edge);
2836  if (stream_id && edge->stream_id != stream_id)
2837  continue;
2838 
2839  if (edge->edge_blocked_on_circ != block) {
2840  ++n;
2841  edge->edge_blocked_on_circ = block;
2842  }
2843 
2844  if (!conn->read_event) {
2845  /* This connection is a placeholder for something; probably a DNS
2846  * request. It can't actually stop or start reading.*/
2847  continue;
2848  }
2849 
2850  if (block) {
2851  if (connection_is_reading(conn))
2853  } else {
2854  /* Is this right? */
2855  if (!connection_is_reading(conn))
2857  }
2858  }
2859 
2860  return n;
2861 }
2862 
2863 /** Extract the command from a packed cell. */
2864 uint8_t
2865 packed_cell_get_command(const packed_cell_t *cell, int wide_circ_ids)
2866 {
2867  if (wide_circ_ids) {
2868  return get_uint8(cell->body+4);
2869  } else {
2870  return get_uint8(cell->body+2);
2871  }
2872 }
2873 
2874 /** Extract the circuit ID from a packed cell. */
2875 circid_t
2876 packed_cell_get_circid(const packed_cell_t *cell, int wide_circ_ids)
2877 {
2878  if (wide_circ_ids) {
2879  return ntohl(get_uint32(cell->body));
2880  } else {
2881  return ntohs(get_uint16(cell->body));
2882  }
2883 }
2884 
2885 /** Pull as many cells as possible (but no more than <b>max</b>) from the
2886  * queue of the first active circuit on <b>chan</b>, and write them to
2887  * <b>chan</b>-&gt;outbuf. Return the number of cells written. Advance
2888  * the active circuit pointer to the next active circuit in the ring. */
2889 MOCK_IMPL(int,
2890 channel_flush_from_first_active_circuit, (channel_t *chan, int max))
2891 {
2892  circuitmux_t *cmux = NULL;
2893  int n_flushed = 0;
2894  cell_queue_t *queue;
2895  destroy_cell_queue_t *destroy_queue=NULL;
2896  circuit_t *circ;
2897  or_circuit_t *or_circ;
2898  int streams_blocked;
2899  packed_cell_t *cell;
2900 
2901  /* Get the cmux */
2902  tor_assert(chan);
2903  tor_assert(chan->cmux);
2904  cmux = chan->cmux;
2905 
2906  /* Main loop: pick a circuit, send a cell, update the cmux */
2907  while (n_flushed < max) {
2908  circ = circuitmux_get_first_active_circuit(cmux, &destroy_queue);
2909  if (destroy_queue) {
2910  destroy_cell_t *dcell;
2911  /* this code is duplicated from some of the logic below. Ugly! XXXX */
2912  /* If we are given a destroy_queue here, then it is required to be
2913  * nonempty... */
2914  tor_assert(destroy_queue->n > 0);
2915  dcell = destroy_cell_queue_pop(destroy_queue);
2916  /* ...and pop() will always yield a cell from a nonempty queue. */
2917  tor_assert(dcell);
2918  /* frees dcell */
2919  cell = destroy_cell_to_packed_cell(dcell, chan->wide_circ_ids);
2920  /* Send the DESTROY cell. It is very unlikely that this fails but just
2921  * in case, get rid of the channel. */
2922  if (channel_write_packed_cell(chan, cell) < 0) {
2923  /* The cell has been freed. */
2924  channel_mark_for_close(chan);
2925  continue;
2926  }
2927  /* Update the cmux destroy counter */
2929  cell = NULL;
2930  ++n_flushed;
2931  continue;
2932  }
2933  /* If it returns NULL, no cells left to send */
2934  if (!circ) break;
2935 
2936  if (circ->n_chan == chan) {
2937  queue = &circ->n_chan_cells;
2938  streams_blocked = circ->streams_blocked_on_n_chan;
2939  } else {
2940  or_circ = TO_OR_CIRCUIT(circ);
2941  tor_assert(or_circ->p_chan == chan);
2942  queue = &TO_OR_CIRCUIT(circ)->p_chan_cells;
2943  streams_blocked = circ->streams_blocked_on_p_chan;
2944  }
2945 
2946  /* Circuitmux told us this was active, so it should have cells */
2947  if (/*BUG(*/ queue->n == 0 /*)*/) {
2948  log_warn(LD_BUG, "Found a supposedly active circuit with no cells "
2949  "to send. Trying to recover.");
2950  circuitmux_set_num_cells(cmux, circ, 0);
2951  if (! circ->marked_for_close)
2952  circuit_mark_for_close(circ, END_CIRC_REASON_INTERNAL);
2953  continue;
2954  }
2955 
2956  tor_assert(queue->n > 0);
2957 
2958  /*
2959  * Get just one cell here; once we've sent it, that can change the circuit
2960  * selection, so we have to loop around for another even if this circuit
2961  * has more than one.
2962  */
2963  cell = cell_queue_pop(queue);
2964 
2965  /* Calculate the exact time that this cell has spent in the queue. */
2966  if (get_options()->CellStatistics ||
2967  get_options()->TestingEnableCellStatsEvent) {
2968  uint32_t timestamp_now = monotime_coarse_get_stamp();
2969  uint32_t msec_waiting =
2971  timestamp_now - cell->inserted_timestamp);
2972 
2973  if (get_options()->CellStatistics && !CIRCUIT_IS_ORIGIN(circ)) {
2974  or_circ = TO_OR_CIRCUIT(circ);
2975  or_circ->total_cell_waiting_time += msec_waiting;
2976  or_circ->processed_cells++;
2977  }
2978 
2979  if (get_options()->TestingEnableCellStatsEvent) {
2980  uint8_t command = packed_cell_get_command(cell, chan->wide_circ_ids);
2981 
2983  tor_malloc_zero(sizeof(testing_cell_stats_entry_t));
2984  ent->command = command;
2985  ent->waiting_time = msec_waiting / 10;
2986  ent->removed = 1;
2987  if (circ->n_chan == chan)
2988  ent->exitward = 1;
2989  if (!circ->testing_cell_stats)
2991  smartlist_add(circ->testing_cell_stats, ent);
2992  }
2993  }
2994 
2995  /* If we just flushed our queue and this circuit is used for a
2996  * tunneled directory request, possibly advance its state. */
2997  if (queue->n == 0 && chan->dirreq_id)
2998  geoip_change_dirreq_state(chan->dirreq_id,
2999  DIRREQ_TUNNELED,
3001 
3002  /* Now send the cell. It is very unlikely that this fails but just in
3003  * case, get rid of the channel. */
3004  if (channel_write_packed_cell(chan, cell) < 0) {
3005  /* The cell has been freed at this point. */
3006  channel_mark_for_close(chan);
3007  continue;
3008  }
3009  cell = NULL;
3010 
3011  /*
3012  * Don't packed_cell_free_unchecked(cell) here because the channel will
3013  * do so when it gets out of the channel queue (probably already did, in
3014  * which case that was an immediate double-free bug).
3015  */
3016 
3017  /* Update the counter */
3018  ++n_flushed;
3019 
3020  /*
3021  * Now update the cmux; tell it we've just sent a cell, and how many
3022  * we have left.
3023  */
3024  circuitmux_notify_xmit_cells(cmux, circ, 1);
3025  circuitmux_set_num_cells(cmux, circ, queue->n);
3026  if (queue->n == 0)
3027  log_debug(LD_GENERAL, "Made a circuit inactive.");
3028 
3029  /* Is the cell queue low enough to unblock all the streams that are waiting
3030  * to write to this circuit? */
3031  if (streams_blocked && queue->n <= CELL_QUEUE_LOWWATER_SIZE)
3032  set_streams_blocked_on_circ(circ, chan, 0, 0); /* unblock streams */
3033 
3034  /* If n_flushed < max still, loop around and pick another circuit */
3035  }
3036 
3037  /* Okay, we're done sending now */
3038  return n_flushed;
3039 }
3040 
3041 /* Minimum value is the maximum circuit window size.
3042  *
3043  * SENDME cells makes it that we can control how many cells can be inflight on
3044  * a circuit from end to end. This logic makes it that on any circuit cell
3045  * queue, we have a maximum of cells possible.
3046  *
3047  * Because the Tor protocol allows for a client to exit at any hop in a
3048  * circuit and a circuit can be of a maximum of 8 hops, so in theory the
3049  * normal worst case will be the circuit window start value times the maximum
3050  * number of hops (8). Having more cells then that means something is wrong.
3051  *
3052  * However, because padding cells aren't counted in the package window, we set
3053  * the maximum size to a reasonably large size for which we expect that we'll
3054  * never reach in theory. And if we ever do because of future changes, we'll
3055  * be able to control it with a consensus parameter.
3056  *
3057  * XXX: Unfortunately, END cells aren't accounted for in the circuit window
3058  * which means that for instance if a client opens 8001 streams, the 8001
3059  * following END cells will queue up in the circuit which will get closed if
3060  * the max limit is 8000. Which is sad because it is allowed by the Tor
3061  * protocol. But, we need an upper bound on circuit queue in order to avoid
3062  * DoS memory pressure so the default size is a middle ground between not
3063  * having any limit and having a very restricted one. This is why we can also
3064  * control it through a consensus parameter. */
3065 #define RELAY_CIRC_CELL_QUEUE_SIZE_MIN CIRCWINDOW_START_MAX
3066 /* We can't have a consensus parameter above this value. */
3067 #define RELAY_CIRC_CELL_QUEUE_SIZE_MAX INT32_MAX
3068 /* Default value is set to a large value so we can handle padding cells
3069  * properly which aren't accounted for in the SENDME window. Default is 50000
3070  * allowed cells in the queue resulting in ~25MB. */
3071 #define RELAY_CIRC_CELL_QUEUE_SIZE_DEFAULT \
3072  (50 * RELAY_CIRC_CELL_QUEUE_SIZE_MIN)
3073 
3074 /* The maximum number of cell a circuit queue can contain. This is updated at
3075  * every new consensus and controlled by a parameter. */
3076 static int32_t max_circuit_cell_queue_size =
3077  RELAY_CIRC_CELL_QUEUE_SIZE_DEFAULT;
3078 
3079 /* Called when the consensus has changed. At this stage, the global consensus
3080  * object has NOT been updated. It is called from
3081  * notify_before_networkstatus_changes(). */
3082 void
3083 relay_consensus_has_changed(const networkstatus_t *ns)
3084 {
3085  tor_assert(ns);
3086 
3087  /* Update the circuit max cell queue size from the consensus. */
3088  max_circuit_cell_queue_size =
3089  networkstatus_get_param(ns, "circ_max_cell_queue_size",
3090  RELAY_CIRC_CELL_QUEUE_SIZE_DEFAULT,
3091  RELAY_CIRC_CELL_QUEUE_SIZE_MIN,
3092  RELAY_CIRC_CELL_QUEUE_SIZE_MAX);
3093 }
3094 
3095 /** Add <b>cell</b> to the queue of <b>circ</b> writing to <b>chan</b>
3096  * transmitting in <b>direction</b>.
3097  *
3098  * The given <b>cell</b> is copied onto the circuit queue so the caller must
3099  * cleanup the memory.
3100  *
3101  * This function is part of the fast path. */
3102 void
3104  cell_t *cell, cell_direction_t direction,
3105  streamid_t fromstream)
3106 {
3107  or_circuit_t *orcirc = NULL;
3108  cell_queue_t *queue;
3109  int streams_blocked;
3110  int exitward;
3111  if (circ->marked_for_close)
3112  return;
3113 
3114  exitward = (direction == CELL_DIRECTION_OUT);
3115  if (exitward) {
3116  queue = &circ->n_chan_cells;
3117  streams_blocked = circ->streams_blocked_on_n_chan;
3118  } else {
3119  orcirc = TO_OR_CIRCUIT(circ);
3120  queue = &orcirc->p_chan_cells;
3121  streams_blocked = circ->streams_blocked_on_p_chan;
3122  }
3123 
3124  if (PREDICT_UNLIKELY(queue->n >= max_circuit_cell_queue_size)) {
3125  log_fn(LOG_PROTOCOL_WARN, LD_PROTOCOL,
3126  "%s circuit has %d cells in its queue, maximum allowed is %d. "
3127  "Closing circuit for safety reasons.",
3128  (exitward) ? "Outbound" : "Inbound", queue->n,
3129  max_circuit_cell_queue_size);
3130  circuit_mark_for_close(circ, END_CIRC_REASON_RESOURCELIMIT);
3132  return;
3133  }
3134 
3135  /* Very important that we copy to the circuit queue because all calls to
3136  * this function use the stack for the cell memory. */
3137  cell_queue_append_packed_copy(circ, queue, exitward, cell,
3138  chan->wide_circ_ids, 1);
3139 
3140  /* Check and run the OOM if needed. */
3141  if (PREDICT_UNLIKELY(cell_queues_check_size())) {
3142  /* We ran the OOM handler which might have closed this circuit. */
3143  if (circ->marked_for_close)
3144  return;
3145  }
3146 
3147  /* If we have too many cells on the circuit, we should stop reading from
3148  * the edge streams for a while. */
3149  if (!streams_blocked && queue->n >= CELL_QUEUE_HIGHWATER_SIZE)
3150  set_streams_blocked_on_circ(circ, chan, 1, 0); /* block streams */
3151 
3152  if (streams_blocked && fromstream) {
3153  /* This edge connection is apparently not blocked; block it. */
3154  set_streams_blocked_on_circ(circ, chan, 1, fromstream);
3155  }
3156 
3157  update_circuit_on_cmux(circ, direction);
3158  if (queue->n == 1) {
3159  /* This was the first cell added to the queue. We just made this
3160  * circuit active. */
3161  log_debug(LD_GENERAL, "Made a circuit active.");
3162  }
3163 
3164  /* New way: mark this as having waiting cells for the scheduler */
3166 }
3167 
3168 /** Append an encoded value of <b>addr</b> to <b>payload_out</b>, which must
3169  * have at least 18 bytes of free space. The encoding is, as specified in
3170  * tor-spec.txt:
3171  * RESOLVED_TYPE_IPV4 or RESOLVED_TYPE_IPV6 [1 byte]
3172  * LENGTH [1 byte]
3173  * ADDRESS [length bytes]
3174  * Return the number of bytes added, or -1 on error */
3175 int
3176 append_address_to_payload(uint8_t *payload_out, const tor_addr_t *addr)
3177 {
3178  uint32_t a;
3179  switch (tor_addr_family(addr)) {
3180  case AF_INET:
3181  payload_out[0] = RESOLVED_TYPE_IPV4;
3182  payload_out[1] = 4;
3183  a = tor_addr_to_ipv4n(addr);
3184  memcpy(payload_out+2, &a, 4);
3185  return 6;
3186  case AF_INET6:
3187  payload_out[0] = RESOLVED_TYPE_IPV6;
3188  payload_out[1] = 16;
3189  memcpy(payload_out+2, tor_addr_to_in6_addr8(addr), 16);
3190  return 18;
3191  case AF_UNSPEC:
3192  default:
3193  return -1;
3194  }
3195 }
3196 
3197 /** Given <b>payload_len</b> bytes at <b>payload</b>, starting with an address
3198  * encoded as by append_address_to_payload(), try to decode the address into
3199  * *<b>addr_out</b>. Return the next byte in the payload after the address on
3200  * success, or NULL on failure. */
3201 const uint8_t *
3202 decode_address_from_payload(tor_addr_t *addr_out, const uint8_t *payload,
3203  int payload_len)
3204 {
3205  if (payload_len < 2)
3206  return NULL;
3207  if (payload_len < 2+payload[1])
3208  return NULL;
3209 
3210  switch (payload[0]) {
3211  case RESOLVED_TYPE_IPV4:
3212  if (payload[1] != 4)
3213  return NULL;
3214  tor_addr_from_ipv4n(addr_out, get_uint32(payload+2));
3215  break;
3216  case RESOLVED_TYPE_IPV6:
3217  if (payload[1] != 16)
3218  return NULL;
3219  tor_addr_from_ipv6_bytes(addr_out, (char*)(payload+2));
3220  break;
3221  default:
3222  tor_addr_make_unspec(addr_out);
3223  break;
3224  }
3225  return payload + 2 + payload[1];
3226 }
3227 
3228 /** Remove all the cells queued on <b>circ</b> for <b>chan</b>. */
3229 void
3230 circuit_clear_cell_queue(circuit_t *circ, channel_t *chan)
3231 {
3232  cell_queue_t *queue;
3233  cell_direction_t direction;
3234 
3235  if (circ->n_chan == chan) {
3236  queue = &circ->n_chan_cells;
3237  direction = CELL_DIRECTION_OUT;
3238  } else {
3239  or_circuit_t *orcirc = TO_OR_CIRCUIT(circ);
3240  tor_assert(orcirc->p_chan == chan);
3241  queue = &orcirc->p_chan_cells;
3242  direction = CELL_DIRECTION_IN;
3243  }
3244 
3245  /* Clear the queue */
3246  cell_queue_clear(queue);
3247 
3248  /* Update the cell counter in the cmux */
3249  if (chan->cmux && circuitmux_is_circuit_attached(chan->cmux, circ))
3250  update_circuit_on_cmux(circ, direction);
3251 }
3252 
3253 /** Return 1 if we shouldn't restart reading on this circuit, even if
3254  * we get a SENDME. Else return 0.
3255 */
3256 static int
3258 {
3259  if (CIRCUIT_IS_ORIGIN(circ)) {
3260  return circ->streams_blocked_on_n_chan;
3261  } else {
3262  return circ->streams_blocked_on_p_chan;
3263  }
3264 }
#define RELAY_PAYLOAD_SIZE
Definition: or.h:605
uint64_t stats_n_data_cells_received
Definition: relay.c:2048
#define AP_CONN_STATE_CONNECT_WAIT
int channel_is_client(const channel_t *chan)
Definition: channel.c:2924
void tor_addr_from_ipv4n(tor_addr_t *dest, uint32_t v4addr)
Definition: address.c:874
Header file for rendcommon.c.
static int circuit_queue_streams_are_blocked(circuit_t *circ)
Definition: relay.c:3257
Cell queue structures.
STATIC void address_ttl_free_(address_ttl_t *addr)
Definition: relay.c:1104
void relay_encrypt_cell_outbound(cell_t *cell, origin_circuit_t *or_circ, crypt_path_t *layer_hint)
Definition: relay_crypto.c:219
STATIC destroy_cell_t * destroy_cell_queue_pop(destroy_cell_queue_t *queue)
Definition: relay.c:2631
const char * tor_addr_to_str(char *dest, const tor_addr_t *addr, size_t len, int decorate)
Definition: address.c:328
void geoip_change_dirreq_state(uint64_t dirreq_id, dirreq_type_t type, dirreq_state_t new_state)
Definition: geoip_stats.c:550
STATIC int connected_cell_parse(const relay_header_t *rh, const cell_t *cell, tor_addr_t *addr_out, int *ttl_out)
Definition: relay.c:1066
#define AP_CONN_STATE_RESOLVE_WAIT
char identity_digest[DIGEST_LEN]
char body[CELL_MAX_NETWORK_SIZE]
Definition: cell_queue_st.h:21
#define CELL_QUEUE_HIGHWATER_SIZE
Definition: relay.c:117
Router descriptor structure.
static int connection_edge_process_relay_cell_not_open(relay_header_t *rh, cell_t *cell, circuit_t *circ, edge_connection_t *conn, crypt_path_t *layer_hint)
Definition: relay.c:1364
STATIC int cell_queues_check_size(void)
Definition: relay.c:2697
channel_t * n_chan
Definition: circuit_st.h:68
void client_dns_clear_failures(const char *address)
Definition: addressmap.c:660
static int process_sendme_cell(const relay_header_t *rh, const cell_t *cell, circuit_t *circ, edge_connection_t *conn, crypt_path_t *layer_hint, int domain)
Definition: relay.c:1513
smartlist_t * testing_cell_stats
Definition: circuit_st.h:211
int circpad_check_received_cell(cell_t *cell, circuit_t *circ, crypt_path_t *layer_hint, const relay_header_t *rh)
#define TOR_ADDR_BUF_LEN
Definition: address.h:205
Common functions for using (pseudo-)random number generators.
Definition: node_st.h:33
#define SMARTLIST_FOREACH_BEGIN(sl, type, var)
uint16_t sa_family_t
Definition: inaddr_st.h:77
Header for backtrace.c.
#define TO_CONN(c)
Definition: or.h:735
int32_t networkstatus_get_param(const networkstatus_t *ns, const char *param_name, int32_t default_val, int32_t min_val, int32_t max_val)
uint64_t stats_n_relay_cells_relayed
Definition: relay.c:125
#define MOCK_IMPL(rv, funcname, arglist)
Definition: testsupport.h:133
Header for addressmap.c.
void tor_addr_make_unspec(tor_addr_t *a)
Definition: address.c:225
STATIC packed_cell_t * packed_cell_new(void)
Definition: relay.c:2503
Header file for geoip_stats.c.
void circuits_handle_oom(size_t current_allocation)
Definition: circuitlist.c:2670
extend_info_t * chosen_exit
#define EXIT_CONN_STATE_RESOLVING
unsigned int purpose
Definition: connection_st.h:51
Header file for connection.c.
created_cell_t created_cell
Definition: onion.h:69
unsigned crypto_fast_rng_get_uint(crypto_fast_rng_t *rng, unsigned limit)
#define CELL_QUEUE_LOWWATER_SIZE
Definition: relay.c:120
unsigned int removed
Definition: or.h:930
static void set_uint16(void *cp, uint16_t v)
Definition: bytes.h:78
extend_info_t * n_hop
Definition: circuit_st.h:86
uint64_t monotime_coarse_stamp_units_to_approx_msec(uint64_t units)
Definition: compat_time.c:870
circid_t packed_cell_get_circid(const packed_cell_t *cell, int wide_circ_ids)
Definition: relay.c:2876
Definition: cell_st.h:17
#define LD_GENERAL
Definition: log.h:62
void cell_queue_append(cell_queue_t *queue, packed_cell_t *cell)
Definition: relay.c:2548
static int circuit_consider_stop_edge_reading(circuit_t *circ, crypt_path_t *layer_hint)
Definition: relay.c:2458
#define CIRCUIT_IS_ORIGIN(c)
Definition: circuitlist.h:146
void circuit_reset_sendme_randomness(circuit_t *circ)
Definition: relay.c:2060
streamid_t stream_id
Definition: or.h:640
int circuit_finish_handshake(origin_circuit_t *circ, const created_cell_t *reply)
int channel_flush_from_first_active_circuit(channel_t *chan, int max)
Definition: relay.c:2890
#define RELAY_PAYLOAD_LENGTH_FOR_RANDOM_SENDMES
Definition: relay.c:2071
Headers for compress.c.
void control_event_boot_dir(bootstrap_status_t status, int progress)
int connection_exit_begin_resolve(cell_t *cell, or_circuit_t *circ)
#define LOG_INFO
Definition: log.h:45
Header file for describe.c.
static uint32_t tor_addr_to_ipv4n(const tor_addr_t *a)
Definition: address.h:145
Header file for nodelist.c.
uint64_t MaxMemInQueues
int connection_edge_package_raw_inbuf(edge_connection_t *conn, int package_partial, int *max_cells)
Definition: relay.c:2143
static int edge_reason_is_retriable(int reason)
Definition: relay.c:790
struct edge_connection_t * next_stream
uint8_t state
Definition: circuit_st.h:109
void tor_log(int severity, log_domain_mask_t domain, const char *format,...)
Definition: log.c:628
uint8_t purpose
Definition: circuit_st.h:110
unsigned int chosen_exit_optional
void relay_header_unpack(relay_header_t *dest, const uint8_t *src)
Definition: relay.c:488
Header file for directory.c.
void smartlist_add(smartlist_t *sl, void *element)
static time_t last_time_under_memory_pressure
Definition: relay.c:2692
static packed_cell_t * packed_cell_copy(const cell_t *cell, int wide_circ_ids)
Definition: relay.c:2539
void update_circuit_on_cmux_(circuit_t *circ, cell_direction_t direction, const char *file, int lineno)
Definition: relay.c:2754
void assert_circuit_ok(const circuit_t *c)
Definition: circuitlist.c:2793
int circuit_extend(cell_t *cell, circuit_t *circ)
char * rate_limit_log(ratelim_t *lim, time_t now)
Definition: ratelim.c:41
void cell_queue_clear(cell_queue_t *queue)
Definition: relay.c:2583
unsigned int streams_blocked_on_n_chan
Definition: circuit_st.h:90
void circpad_deliver_recognized_relay_cell_events(circuit_t *circ, uint8_t relay_command, crypt_path_t *layer_hint)
cell_direction_t circuitmux_attached_circuit_direction(circuitmux_t *cmux, circuit_t *circ)
Definition: circuitmux.c:546
int circuit_truncated(origin_circuit_t *circ, int reason)
#define TO_CIRCUIT(x)
Definition: or.h:951
smartlist_t * half_streams
Header file for config.c.
STATIC int connection_edge_process_relay_cell(cell_t *cell, circuit_t *circ, edge_connection_t *conn, crypt_path_t *layer_hint)
Definition: relay.c:1972
int relay_send_command_from_edge_(streamid_t stream_id, circuit_t *circ, uint8_t relay_command, const char *payload, size_t payload_len, crypt_path_t *cpath_layer, const char *filename, int lineno)
Definition: relay.c:608
static void adjust_exit_policy_from_exitpolicy_failure(origin_circuit_t *circ, entry_connection_t *conn, node_t *node, const tor_addr_t *addr)
Definition: relay.c:1011
const or_options_t * get_options(void)
Definition: config.c:941
crypt_path_t * cpath
#define tor_assert(expr)
Definition: util_bug.h:102
size_t half_streams_get_total_allocation(void)
static size_t total_cells_allocated
Definition: relay.c:2491
#define END_STREAM_REASON_CANT_ATTACH
Definition: or.h:250
void circuit_clear_cell_queue(circuit_t *circ, channel_t *chan)
Definition: relay.c:3230
Header file for onion.c.
void circuitmux_detach_all_circuits(circuitmux_t *cmux, smartlist_t *detached_out)
Definition: circuitmux.c:211
void circuit_set_state(circuit_t *circ, uint8_t state)
Definition: circuitlist.c:543
struct circuit_t * on_circuit
void policies_set_node_exitpolicy_to_reject_all(node_t *node)
Definition: policies.c:2291
uint8_t relay_early_commands[MAX_RELAY_EARLY_CELLS_PER_CIRCUIT]
size_t buf_datalen(const buf_t *buf)
Definition: buffers.c:394
int channel_write_packed_cell(channel_t *chan, packed_cell_t *cell)
Definition: channel.c:1481
#define crypto_fast_rng_one_in_n(rng, n)
Definition: crypto_rand.h:80
#define tor_free(p)
Definition: malloc.h:52
void circpad_deliver_unrecognized_cell_events(circuit_t *circ, cell_direction_t dir)
void channel_mark_for_close(channel_t *chan)
Definition: channel.c:1134
uint16_t marked_for_close
Definition: circuit_st.h:188
unsigned int chosen_exit_retries
int connection_is_reading(connection_t *conn)
Definition: mainloop.c:509
#define SOCKS_COMMAND_RESOLVE_PTR
void client_dns_set_addressmap(entry_connection_t *for_conn, const char *address, const tor_addr_t *val, const char *exitname, int ttl)
Definition: addressmap.c:724
#define SMARTLIST_DEL_CURRENT(sl, var)
const char * conn_state_to_string(int type, int state)
Definition: connection.c:275
#define DIR_PURPOSE_FETCH_CONSENSUS
Definition: directory.h:56
Header file for mainloop.c.
#define CIRCUIT_PURPOSE_REND_ESTABLISHED
Definition: circuitlist.h:47
char integrity[4]
Definition: or.h:641
size_t packed_cell_mem_cost(void)
Definition: relay.c:2676
smartlist_t * smartlist_new(void)
unsigned int have_sent_sufficiently_random_cell
Definition: circuit_st.h:107
struct create_cell_t * n_chan_create_cell
Definition: circuit_st.h:152
#define CIRCWINDOW_INCREMENT
Definition: or.h:505
void append_cell_to_circuit_queue(circuit_t *circ, channel_t *chan, cell_t *cell, cell_direction_t direction, streamid_t fromstream)
Definition: relay.c:3103
buf_t * buf_new(void)
Definition: buffers.c:365
int relay_decrypt_cell(circuit_t *circ, cell_t *cell, cell_direction_t cell_direction, crypt_path_t **layer_hint, char *recognized)
Definition: relay_crypto.c:145
uint64_t stats_n_circ_max_cell_reached
Definition: relay.c:132
Definition: or.h:923
Header file for scheduler*.c.
int connection_edge_send_command(edge_connection_t *fromconn, uint8_t relay_command, const char *payload, size_t payload_len)
Definition: relay.c:729
uint8_t payload[CELL_PAYLOAD_SIZE]
Definition: cell_st.h:21
#define STATIC
Definition: testsupport.h:32
static packed_cell_t * destroy_cell_to_packed_cell(destroy_cell_t *inp, int wide_circ_ids)
Definition: relay.c:2659
#define ENTRY_TO_CONN(c)
Definition: or.h:738
void connection_ap_handshake_socks_reply(entry_connection_t *conn, char *reply, size_t replylen, int endreason)
static uint32_t get_uint32(const void *cp)
Definition: bytes.h:54
struct or_circuit_t * rend_splice
Definition: or_circuit_st.h:50
Circuit-build-stse structure.
int append_address_to_payload(uint8_t *payload_out, const tor_addr_t *addr)
Definition: relay.c:3176
cell_direction_t
Definition: or.h:482
smartlist_t * circuit_get_global_list(void)
Definition: circuitlist.c:692
int marked_for_close_reason
Definition: circuit_st.h:196
static uint8_t get_uint8(const void *cp)
Definition: bytes.h:23
unsigned int remaining_relay_early_cells
void control_event_bootstrap(bootstrap_status_t status, int progress)
uint32_t processed_cells
Definition: or_circuit_st.h:68
Header file for policies.c.
uint64_t stats_n_data_bytes_received
Definition: relay.c:2052
int count_loading_descriptors_progress(void)
Definition: nodelist.c:2641
void circuitmux_set_num_cells(circuitmux_t *cmux, circuit_t *circ, unsigned int n_cells)
Definition: circuitmux.c:993
#define LD_APP
Definition: log.h:78
static edge_connection_t * relay_lookup_conn(circuit_t *circ, cell_t *cell, cell_direction_t cell_direction, crypt_path_t *layer_hint)
Definition: relay.c:422
static void set_uint8(void *cp, uint8_t v)
Definition: bytes.h:31
struct event * read_event
Definition: connection_st.h:96
struct buf_t * pending_optimistic_data
uint8_t command
Definition: or.h:924
void destroy_cell_queue_append(destroy_cell_queue_t *queue, circid_t circid, uint8_t reason)
Definition: relay.c:2643
Common functions for cryptographic routines.
unsigned int edge_blocked_on_circ
Header file for channel.c.
#define DIR_PURPOSE_FETCH_SERVERDESC
Definition: directory.h:38
void channel_timestamp_client(channel_t *chan)
Definition: channel.c:3219
void packed_cell_free_(packed_cell_t *cell)
Definition: relay.c:2511
int connection_exit_begin_conn(cell_t *cell, circuit_t *circ)
int connection_half_edge_is_valid_sendme(const smartlist_t *half_conns, streamid_t stream_id)
#define tor_addr_from_ipv4h(dest, v4addr)
Definition: address.h:287
static void circuit_resume_edge_reading(circuit_t *circ, crypt_path_t *layer_hint)
Definition: relay.c:2280
struct crypt_path_t * cpath_layer
void circuit_sent_valid_data(origin_circuit_t *circ, uint16_t relay_body_len)
Definition: circuituse.c:3130
int circuit_package_relay_cell(cell_t *cell, circuit_t *circ, cell_direction_t cell_direction, crypt_path_t *layer_hint, streamid_t on_stream, const char *filename, int lineno)
Definition: relay.c:361
void scheduler_channel_has_waiting_cells(channel_t *chan)
Definition: scheduler.c:543
uint64_t stats_n_data_bytes_packaged
Definition: relay.c:2046
cell_queue_t p_chan_cells
Definition: or_circuit_st.h:35
void circuitmux_notify_xmit_destroy(circuitmux_t *cmux)
Definition: circuitmux.c:1158
dir_connection_t * TO_DIR_CONN(connection_t *c)
Definition: directory.c:85
static const char * relay_command_to_string(uint8_t command)
Definition: relay.c:499
Header file for circuitpadding.c.
void circuit_synchronize_written_or_bandwidth(const circuit_t *c, circuit_channel_direction_t dir)
Definition: circuitlist.c:2140
Origin circuit structure.
void tor_addr_from_ipv6_bytes(tor_addr_t *dest, const char *ipv6_bytes)
Definition: address.c:885
tor_socket_t s
Definition: connection_st.h:93
int buf_get_bytes(buf_t *buf, char *string, size_t string_len)
Definition: buffers.c:637
const char * node_describe(const node_t *node)
Definition: describe.c:143
Header file for rendcache.c.
#define END_CIRC_AT_ORIGIN
Definition: or.h:305
void crypto_fast_rng_getbytes(crypto_fast_rng_t *rng, uint8_t *out, size_t n)
Master header file for Tor-specific functionality.
int client_dns_incr_failures(const char *address)
Definition: addressmap.c:638
uint32_t inserted_timestamp
Definition: cell_queue_st.h:22
#define CIRCUIT_STATE_OPEN
Definition: circuitlist.h:32
void cell_queue_append_packed_copy(circuit_t *circ, cell_queue_t *queue, int exitward, const cell_t *cell, int wide_circ_ids, int use_stats)
Definition: relay.c:2559
uint64_t stats_n_relay_cells_delivered
Definition: relay.c:129
uint16_t streamid_t
Definition: or.h:610
circid_t circ_id
Definition: cell_st.h:18
Header file for circuitbuild.c.
#define DIR_PURPOSE_FETCH_CERTIFICATE
Definition: directory.h:59
int control_event_stream_status(entry_connection_t *conn, stream_status_event_t tp, int reason_code)
#define END_STREAM_REASON_FLAG_REMOTE
Definition: or.h:276
void destroy_cell_queue_clear(destroy_cell_queue_t *queue)
Definition: relay.c:2617
STATIC int handle_relay_cell_command(cell_t *cell, circuit_t *circ, edge_connection_t *conn, crypt_path_t *layer_hint, relay_header_t *rh, int optimistic_data)
Definition: relay.c:1589
int tor_addr_parse(tor_addr_t *addr, const char *src)
Definition: address.c:1255
void circuitmux_notify_xmit_cells(circuitmux_t *cmux, circuit_t *circ, unsigned int n_cells)
Definition: circuitmux.c:1098
int connection_buf_get_bytes(char *string, size_t len, connection_t *conn)
Definition: connection.c:3891
circid_t p_circ_id
Definition: or_circuit_st.h:33
int have_been_under_memory_pressure(void)
Definition: relay.c:2743
int buf_add(buf_t *buf, const char *string, size_t string_len)
Definition: buffers.c:527
void connection_edge_end_close(edge_connection_t *conn, uint8_t reason)
unsigned int streams_blocked_on_p_chan
Definition: circuit_st.h:93
static uint16_t get_uint16(const void *cp)
Definition: bytes.h:42
#define ROUTER_PURPOSE_GENERAL
#define LOG_WARN
Definition: log.h:53
Entry connection structure.
uint32_t n_written_circ_bw
int tor_addr_is_null(const tor_addr_t *addr)
Definition: address.c:770
static void circuit_update_channel_usage(circuit_t *circ, cell_t *cell)
Definition: relay.c:145
STATIC packed_cell_t * cell_queue_pop(cell_queue_t *queue)
Definition: relay.c:2597
Header file for circuituse.c.
Extend-info structure.
void cell_queue_init(cell_queue_t *queue)
Definition: relay.c:2575
static void connection_ap_handshake_socks_got_resolved_cell(entry_connection_t *conn, int error_code, smartlist_t *results)
Definition: relay.c:1215
int pathbias_check_probe_response(circuit_t *circ, const cell_t *cell)
Definition: circpathbias.c:879
uint16_t send_randomness_after_n_cells
Definition: circuit_st.h:126
#define LD_REND
Definition: log.h:84
Header file for circuitlist.c.
#define CIRCUIT_PURPOSE_PATH_BIAS_TESTING
Definition: circuitlist.h:122
uint16_t marked_for_close
void circuit_log_path(int severity, unsigned int domain, origin_circuit_t *circ)
Definition: circuitbuild.c:357
int connection_state_is_open(connection_t *conn)
Definition: connection.c:4648
#define LD_OR
Definition: log.h:92
size_t tor_compress_get_total_allocation(void)
Definition: compress.c:458
size_t hs_cache_handle_oom(time_t now, size_t min_remove_bytes)
Definition: hs_cache.c:905
#define END_STREAM_REASON_FLAG_ALREADY_SOCKS_REPLIED
Definition: or.h:283
Fixed-size cell structure.
void sendme_circuit_consider_sending(circuit_t *circ, crypt_path_t *layer_hint)
Definition: sendme.c:418
unsigned int edge_has_sent_end
const uint8_t * decode_address_from_payload(tor_addr_t *addr_out, const uint8_t *payload, int payload_len)
Definition: relay.c:3202
Client/server directory connection structure.
uint8_t command
Definition: cell_st.h:19
int connection_edge_is_rendezvous_stream(const edge_connection_t *conn)
unsigned int type
Definition: connection_st.h:50
#define MAX_RESOLVE_FAILURES
Definition: relay.c:785
int node_exit_policy_is_exact(const node_t *node, sa_family_t family)
Definition: nodelist.c:1447
#define ENTRY_TO_EDGE_CONN(c)
Header file for sendme.c.
Header file for connection_edge.c.
edge_connection_t * n_streams
Definition: or_circuit_st.h:39
#define MEMORY_PRESSURE_INTERVAL
Definition: relay.c:2689
uint64_t stats_n_data_cells_packaged
Definition: relay.c:2042
origin_circuit_t * TO_ORIGIN_CIRCUIT(circuit_t *x)
Definition: circuitlist.c:166
channel_t * p_chan
Definition: or_circuit_st.h:37
int package_window
Definition: circuit_st.h:115
const char * circuit_state_to_string(int state)
Definition: circuitlist.c:760
int tor_snprintf(char *str, size_t size, const char *format,...)
Definition: printf.c:27
char * smartlist_join_strings(smartlist_t *sl, const char *join, int terminate, size_t *len_out)
Definition: smartlist.c:279
static int circuit_resume_edge_reading_helper(edge_connection_t *conn, circuit_t *circ, crypt_path_t *layer_hint)
Definition: relay.c:2301
#define CELL_PAYLOAD_SIZE
Definition: or.h:576
time_t timestamp_last_read_allowed
int circuit_send_next_onion_skin(origin_circuit_t *circ)
Definition: circuitbuild.c:937
crypto_fast_rng_t * get_thread_fast_rng(void)
path_state_bitfield_t path_state
const char * marked_for_close_file
void connection_stop_reading(connection_t *conn)
Definition: mainloop.c:610
Header file for relay.c.
#define SMARTLIST_FOREACH(sl, type, var, cmd)
void connection_ap_handshake_socks_resolved(entry_connection_t *conn, int answer_type, size_t answer_len, const uint8_t *answer, int ttl, time_t expires)
void connection_start_reading(connection_t *conn)
Definition: mainloop.c:632
uint64_t dirreq_id
Definition: circuit_st.h:203
void relay_header_pack(uint8_t *dest, const relay_header_t *src)
Definition: relay.c:475
uint8_t packed_cell_get_command(const packed_cell_t *cell, int wide_circ_ids)
Definition: relay.c:2865
const char * stream_end_reason_to_string(int reason)
Definition: reasons.c:64
cpath_build_state_t * build_state
uint16_t length
Definition: or.h:642
#define fmt_addr(a)
Definition: address.h:211
uint32_t circid_t
Definition: or.h:608
#define CIRCUIT_PURPOSE_OR
Definition: circuitlist.h:39
#define log_fn(severity, domain, args,...)
Definition: log.h:287
void smartlist_add_all(smartlist_t *s1, const smartlist_t *s2)
#define CONN_TYPE_EXIT
Definition: connection.h:26
void mark_circuit_unusable_for_new_conns(origin_circuit_t *circ)
Definition: circuituse.c:3106
STATIC size_t connection_edge_get_inbuf_bytes_to_package(size_t n_available, int package_partial, circuit_t *on_circuit)
Definition: relay.c:2079
int connection_half_edge_is_valid_end(smartlist_t *half_conns, streamid_t stream_id)
#define AP_CONN_STATE_OPEN
or_circuit_t * TO_OR_CIRCUIT(circuit_t *x)
Definition: circuitlist.c:154
#define DIR_PURPOSE_FETCH_MICRODESC
Definition: directory.h:70
int connection_edge_end(edge_connection_t *conn, uint8_t reason)
void rend_process_relay_cell(circuit_t *circ, const crypt_path_t *layer_hint, int command, size_t length, const uint8_t *payload)
Definition: rendcommon.c:767
edge_connection_t * p_streams
void connection_ap_handshake_socks_resolved_addr(entry_connection_t *conn, const tor_addr_t *answer, int ttl, time_t expires)
void destroy_cell_queue_init(destroy_cell_queue_t *queue)
Definition: relay.c:2609
void addr_policy_append_reject_addr(smartlist_t **dest, const tor_addr_t *addr)
Definition: policies.c:1698
Destroy-cell queue structures.
time_t approx_time(void)
Definition: approx_time.c:32
int circuitmux_is_circuit_attached(circuitmux_t *cmux, circuit_t *circ)
Definition: circuitmux.c:624
int consensus_is_waiting_for_certs(void)
uint16_t recognized
Definition: or.h:639
STATIC int connection_edge_process_resolved_cell(edge_connection_t *conn, const cell_t *cell, const relay_header_t *rh)
Definition: relay.c:1289
STATIC int resolved_cell_parse(const cell_t *cell, const relay_header_t *rh, smartlist_t *addresses_out, int *errcode_out)
Definition: relay.c:1118
Header file for hs_cache.c.
tor_cmdline_mode_t command
Definition: config.c:2215
#define REMAP_STREAM_SOURCE_EXIT
circid_t n_circ_id
Definition: circuit_st.h:77
void circuit_set_n_circid_chan(circuit_t *circ, circid_t id, channel_t *chan)
Definition: circuitlist.c:474
Client request structure.
static void remap_event_helper(entry_connection_t *conn, const tor_addr_t *new_addr)
Definition: relay.c:1046
unsigned int has_finished
int circuit_receive_relay_cell(cell_t *cell, circuit_t *circ, cell_direction_t cell_direction)
Definition: relay.c:223
Header file for buffers.c.
Header file for reasons.c.
int connection_half_edge_is_valid_resolved(smartlist_t *half_conns, streamid_t stream_id)
#define CONN_TYPE_DIR
Definition: connection.h:35
circuit_t * circuit_get_by_edge_conn(edge_connection_t *conn)
Definition: circuitlist.c:1578
Header file for connection_or.c.
void cell_pack(packed_cell_t *dst, const cell_t *src, int wide_circ_ids)
void circuit_read_valid_data(origin_circuit_t *circ, uint16_t relay_body_len)
Definition: circuituse.c:3151
circuit_t * circuitmux_get_first_active_circuit(circuitmux_t *cmux, destroy_cell_queue_t **destroy_queue_out)
Definition: circuitmux.c:1055
char address[MAX_SOCKS_ADDR_LEN]
void relay_encrypt_cell_inbound(cell_t *cell, or_circuit_t *or_circ)
Definition: relay_crypto.c:248
uint64_t total_cell_waiting_time
Definition: or_circuit_st.h:73
node_t * node_get_mutable_by_id(const char *identity_digest)
Definition: nodelist.c:194
#define tor_addr_to_in6_addr8(x)
Definition: address.h:129
void pathbias_count_valid_cells(circuit_t *circ, const cell_t *cell)
Definition: circpathbias.c:939
int extended_cell_parse(extended_cell_t *cell_out, const uint8_t command, const uint8_t *payload, size_t payload_len)
Definition: onion.c:448
STATIC size_t get_pad_cell_offset(size_t data_len)
Definition: relay.c:553
unsigned int exitward
Definition: or.h:931
cell_queue_t n_chan_cells
Definition: circuit_st.h:80
#define CIRCUIT_PURPOSE_S_REND_JOINED
Definition: circuitlist.h:112
#define CONN_TYPE_AP
Definition: connection.h:31
int connection_ap_detach_retriable(entry_connection_t *conn, origin_circuit_t *circ, int reason)
static int set_streams_blocked_on_circ(circuit_t *circ, channel_t *chan, int block, streamid_t stream_id)
Definition: relay.c:2819
socks_request_t * socks_request
Header file for control_events.c.
#define LD_PROTOCOL
Definition: log.h:72
#define LD_MM
Definition: log.h:74
void circpad_machine_event_circ_has_no_relay_early(origin_circuit_t *circ)
const char * marked_for_close_file
Definition: circuit_st.h:191
void pathbias_mark_use_success(origin_circuit_t *circ)
Definition: circpathbias.c:661
#define RELAY_HEADER_SIZE
Definition: or.h:603
smartlist_t * prepend_policy
uint8_t command
Definition: or.h:638
#define CELL_PADDING_GAP
Definition: relay.c:539
void circpad_deliver_sent_relay_cell_events(circuit_t *circ, uint8_t relay_command)
static int connection_ap_process_end_not_open(relay_header_t *rh, cell_t *cell, origin_circuit_t *circ, entry_connection_t *conn, crypt_path_t *layer_hint)
Definition: relay.c:805
void sendme_connection_edge_consider_sending(edge_connection_t *conn)
Definition: sendme.c:375
uint8_t state
Definition: connection_st.h:49
void channel_unlink_all_circuits(channel_t *chan, smartlist_t *circuits_out)
Definition: relay.c:2799
int channel_send_destroy(circid_t circ_id, channel_t *chan, int reason)
Definition: channel.c:2028
Header file for networkstatus.c.
#define LD_BUG
Definition: log.h:86
Header file for dns.c.
uint32_t monotime_coarse_get_stamp(void)
Definition: compat_time.c:844
#define EXIT_CONN_STATE_CONNECTING
Header file for routerlist.c.
void dump_cell_pool_usage(int severity)
Definition: relay.c:2521
Header for relay_crypto.c.
int connection_half_edge_is_valid_connected(const smartlist_t *half_conns, streamid_t stream_id)
int connection_half_edge_is_valid_data(const smartlist_t *half_conns, streamid_t stream_id)
static sa_family_t tor_addr_family(const tor_addr_t *a)
Definition: address.h:179
static void packed_cell_free_unchecked(packed_cell_t *cell)
Definition: relay.c:2495
unsigned int waiting_time
Definition: or.h:929