connection.c 42.5 KB
Newer Older
1
/* Copyright 2001,2002,2003 Roger Dingledine, Matej Pfajfar. */
2
3
/* See LICENSE for licensing information */
/* $Id$ */
Roger Dingledine's avatar
Roger Dingledine committed
4

5
6
/**
 * \file connection.c
7
8
 * \brief General high-level functions to handle reading and writing
 * on connections.
9
10
 **/

Roger Dingledine's avatar
Roger Dingledine committed
11
12
13
14
#include "or.h"

/********* START VARIABLES **********/

15
extern or_options_t options; /* command-line and config-file options */
16
extern int shutting_down; /* whether we should refuse new connections */
17

18
/** Array of strings to make conn-\>type human-readable. */
Roger Dingledine's avatar
Roger Dingledine committed
19
char *conn_type_to_string[] = {
20
21
22
23
24
25
26
  "",            /* 0 */
  "OP listener", /* 1 */
  "OP",          /* 2 */
  "OR listener", /* 3 */
  "OR",          /* 4 */
  "Exit",        /* 5 */
  "App listener",/* 6 */
27
28
29
  "App",         /* 7 */
  "Dir listener",/* 8 */
  "Dir",         /* 9 */
Roger Dingledine's avatar
Roger Dingledine committed
30
31
  "DNS worker",  /* 10 */
  "CPU worker",  /* 11 */
Roger Dingledine's avatar
Roger Dingledine committed
32
33
};

34
/** Array of string arrays to make {conn-\>type,conn-\>state} human-readable. */
35
char *conn_state_to_string[][_CONN_TYPE_MAX+1] = {
36
37
38
  { NULL }, /* no type associated with 0 */
  { NULL }, /* op listener, obsolete */
  { NULL }, /* op, obsolete */
Roger Dingledine's avatar
Roger Dingledine committed
39
  { "ready" }, /* or listener, 0 */
40
41
42
43
44
45
46
  { "",                         /* OR, 0 */
    "connect()ing",                 /* 1 */
    "handshaking",                  /* 2 */
    "open" },                       /* 3 */
  { "",                          /* exit, 0 */
    "waiting for dest info",           /* 1 */
    "connecting",                      /* 2 */
47
    "open",                            /* 3 */
48
    "resolve failed" },                /* 4 */
49
  { "ready" }, /* app listener, 0 */
50
51
52
  { "", /* 0 */
    "", /* 1 */
    "", /* 2 */
53
    "", /* 3 */
54
55
    "", /* 4 */
    "awaiting dest info",         /* app, 5 */
56
57
58
59
    "waiting for rendezvous desc",     /* 6 */
    "waiting for safe circuit",        /* 7 */
    "waiting for connected",           /* 8 */
    "open" },                          /* 9 */
60
  { "ready" }, /* dir listener, 0 */
61
  { "",                           /* dir, 0 */
Roger Dingledine's avatar
Roger Dingledine committed
62
63
64
65
66
    "connecting",                      /* 1 */
    "client sending",                  /* 2 */
    "client reading",                  /* 3 */
    "awaiting command",                /* 4 */
    "writing" },                       /* 5 */
67
68
69
70
71
72
73
  { "",                    /* dns worker, 0 */
    "idle",                            /* 1 */
    "busy" },                          /* 2 */
  { "",                    /* cpu worker, 0 */
    "idle",                            /* 1 */
    "busy with onion",                 /* 2 */
    "busy with handshake" },           /* 3 */
Roger Dingledine's avatar
Roger Dingledine committed
74
75
76
77
};

/********* END VARIABLES ************/

78
79
static int connection_create_listener(const char *bindaddress,
                                      uint16_t bindport, int type);
80
static int connection_init_accepted_conn(connection_t *conn);
Nick Mathewson's avatar
Nick Mathewson committed
81
static int connection_handle_listener_read(connection_t *conn, int new_type);
82
static int connection_receiver_bucket_should_increase(connection_t *conn);
83
84
static int connection_finished_flushing(connection_t *conn);
static int connection_finished_connecting(connection_t *conn);
Nick Mathewson's avatar
Nick Mathewson committed
85
86
static int connection_read_to_buf(connection_t *conn);
static int connection_process_inbuf(connection_t *conn);
87
88
89

/**************************************************************/

90
/** Allocate space for a new connection_t. This function just initializes
91
92
 * conn; you must call connection_add() to link it into the main array.
 *
Nick Mathewson's avatar
Nick Mathewson committed
93
 * Set conn-\>type to <b>type</b>. Set conn-\>s and conn-\>poll_index to
94
95
96
97
98
99
100
101
102
 * -1 to signify they are not yet assigned.
 *
 * If conn is not a listener type, allocate buffers for it. If it's
 * an AP type, allocate space to store the socks_request.
 *
 * Assign a pseudorandom next_circ_id between 0 and 2**15.
 *
 * Initialize conn's timestamps to now.
 */
Roger Dingledine's avatar
Roger Dingledine committed
103
104
connection_t *connection_new(int type) {
  connection_t *conn;
105
  time_t now = time(NULL);
Roger Dingledine's avatar
Roger Dingledine committed
106

107
  conn = tor_malloc_zero(sizeof(connection_t));
108
  conn->magic = CONNECTION_MAGIC;
109
  conn->s = -1; /* give it a default of 'not used' */
110
  conn->poll_index = -1; /* also default to 'not used' */
Roger Dingledine's avatar
Roger Dingledine committed
111
112

  conn->type = type;
113
114
115
116
  if(!connection_is_listener(conn)) { /* listeners never use their buf */
    conn->inbuf = buf_new();
    conn->outbuf = buf_new();
  }
117
  if (type == CONN_TYPE_AP) {
118
    conn->socks_request = tor_malloc_zero(sizeof(socks_request_t));
119
  }
Roger Dingledine's avatar
Roger Dingledine committed
120

121
122
  conn->next_circ_id = crypto_pseudo_rand_int(1<<15);

123
124
125
  conn->timestamp_created = now;
  conn->timestamp_lastread = now;
  conn->timestamp_lastwritten = now;
126

Roger Dingledine's avatar
Roger Dingledine committed
127
128
129
  return conn;
}

130
131
/** Deallocate memory used by <b>conn</b>. Deallocate its buffers if necessary,
 * close its socket if necessary, and mark the directory as dirty if <b>conn</b>
132
133
 * is an OR or OP connection.
 */
Roger Dingledine's avatar
Roger Dingledine committed
134
void connection_free(connection_t *conn) {
Roger Dingledine's avatar
Roger Dingledine committed
135
136
  tor_assert(conn);
  tor_assert(conn->magic == CONNECTION_MAGIC);
Roger Dingledine's avatar
Roger Dingledine committed
137

138
139
140
141
  if(!connection_is_listener(conn)) {
    buf_free(conn->inbuf);
    buf_free(conn->outbuf);
  }
142
  tor_free(conn->address);
Roger Dingledine's avatar
Roger Dingledine committed
143

144
  if(connection_speaks_cells(conn)) {
145
146
    if(conn->state == OR_CONN_STATE_OPEN)
      directory_set_dirty();
Roger Dingledine's avatar
Roger Dingledine committed
147
148
    if (conn->tls)
      tor_tls_free(conn->tls);
Roger Dingledine's avatar
Roger Dingledine committed
149
150
  }

151
152
  if (conn->identity_pkey)
    crypto_free_pk_env(conn->identity_pkey);
153
  tor_free(conn->nickname);
154
  tor_free(conn->socks_request);
155

156
  if(conn->s >= 0) {
157
    log_fn(LOG_INFO,"closing fd %d.",conn->s);
158
    tor_close_socket(conn->s);
159
  }
160
  memset(conn, 0xAA, sizeof(connection_t)); /* poison memory */
Roger Dingledine's avatar
Roger Dingledine committed
161
  tor_free(conn);
Roger Dingledine's avatar
Roger Dingledine committed
162
163
}

164
165
166
167
/** Call connection_free() on every connection in our array.
 * This is used by cpuworkers and dnsworkers when they fork,
 * so they don't keep resources held open (especially sockets).
 */
168
169
170
171
172
173
174
175
176
void connection_free_all(void) {
  int i, n;
  connection_t **carray;

  get_connection_array(&carray,&n);
  for(i=0;i<n;i++)
    connection_free(carray[i]);
}

177
178
void connection_about_to_close_connection(connection_t *conn)
{
179

180
181
  assert(conn->marked_for_close);

182
183
184
185
186
  if(conn->type == CONN_TYPE_AP || conn->type == CONN_TYPE_EXIT) {
    if(!conn->has_sent_end)
      log_fn(LOG_WARN,"Edge connection hasn't sent end yet? Bug.");
  }

187
188
189
190
191
  switch(conn->type) {
    case CONN_TYPE_DIR:
      if(conn->purpose == DIR_PURPOSE_FETCH_RENDDESC)
        rend_client_desc_fetched(conn->rend_query, 0);
      break;
192
193
194
    case CONN_TYPE_OR:
      /* Remember why we're closing this connection. */
      if (conn->state != OR_CONN_STATE_OPEN) {
195
        if(connection_or_nonopen_was_started_here(conn))
196
          rep_hist_note_connect_failed(conn->identity_digest, time(NULL));
197
      } else if (0) { // XXX reason == CLOSE_REASON_UNUSED_OR_CONN) {
198
        rep_hist_note_disconnect(conn->identity_digest, time(NULL));
199
      } else if(conn->identity_digest) {
200
        rep_hist_note_connection_died(conn->identity_digest, time(NULL));
201
202
      }
      break;
203
    case CONN_TYPE_AP:
204
205
206
207
208
209
210
      if (conn->socks_request->has_finished == 0) {
        log_fn(LOG_INFO,"Cleaning up AP -- sending socks reject.");
        connection_ap_handshake_socks_reply(conn, NULL, 0, 0);
        conn->socks_request->has_finished = 1;
        conn->hold_open_until_flushed = 1;
      }
      break;
211
    case CONN_TYPE_EXIT:
212
213
      if (conn->state == EXIT_CONN_STATE_RESOLVING) {
        circuit_detach_stream(circuit_get_by_conn(conn), conn);
214
        connection_dns_remove(conn);
215
      }
216
217
218
219
      break;
    case CONN_TYPE_DNSWORKER:
      if (conn->state == DNSWORKER_STATE_BUSY) {
        dns_cancel_pending_resolve(conn->address);
220
221
222
      }
      break;
  }
223
224
}

225
226
227
/** Close the underlying socket for <b>conn</b>, so we don't try to
 * flush it. Must be used in conjunction with (right before)
 * connection_mark_for_close().
228
229
230
231
232
233
234
235
 */
void connection_close_immediate(connection_t *conn)
{
  assert_connection_ok(conn,0);
  if (conn->s < 0) {
    log_fn(LOG_WARN,"Attempt to close already-closed connection.");
    return;
  }
236
  if (conn->outbuf_flushlen) {
Roger Dingledine's avatar
Roger Dingledine committed
237
238
239
    log_fn(LOG_INFO,"fd %d, type %s, state %d, %d bytes on outbuf.",
           conn->s, CONN_TYPE_TO_STRING(conn->type),
           conn->state, conn->outbuf_flushlen);
240
  }
241
  tor_close_socket(conn->s);
242
  conn->s = -1;
243
244
245
246
  if(!connection_is_listener(conn)) {
    buf_clear(conn->outbuf);
    conn->outbuf_flushlen = 0;
  }
247
248
}

249
250
251
252
253
254
255
256
257
258
/** Mark <b>conn</b> to be closed next time we loop through
 * conn_close_if_marked() in main.c. Do any cleanup needed:
 *   - Directory conns that fail to fetch a rendezvous descriptor need
 *     to inform pending rendezvous streams.
 *   - OR conns need to call rep_hist_note_*() to record status.
 *   - AP conns need to send a socks reject if necessary.
 *   - Exit conns need to call connection_dns_remove() if necessary.
 *   - AP and Exit conns need to send an end cell if they can.
 *   - DNS conns need to fail any resolves that are pending on them.
 */
259
int
260
_connection_mark_for_close(connection_t *conn)
261
262
263
264
265
266
267
268
269
{
  assert_connection_ok(conn,0);

  if (conn->marked_for_close) {
    log(LOG_WARN, "Double mark-for-close on connection.");
    return -1;
  }

  conn->marked_for_close = 1;
270
271
272
273
274
275

  /* in case we're going to be held-open-til-flushed, reset
   * the number of seconds since last successful write, so
   * we get our whole 15 seconds */
  conn->timestamp_lastwritten = time(NULL);

276
  return 0;
277
278
}

279
280
281
282
283
/** Find each connection that has hold_open_until_flushed set to
 * 1 but hasn't written in the past 15 seconds, and set
 * hold_open_until_flushed to 0. This means it will get cleaned
 * up in the next loop through close_if_marked() in main.c.
 */
284
285
286
287
288
289
290
291
292
293
294
295
296
297
void connection_expire_held_open(void)
{
  connection_t **carray, *conn;
  int n, i;
  time_t now;

  now = time(NULL);

  get_connection_array(&carray, &n);
  for (i = 0; i < n; ++i) {
    conn = carray[i];
    /* If we've been holding the connection open, but we haven't written
     * for 15 seconds...
     */
298
    if (conn->hold_open_until_flushed) {
Roger Dingledine's avatar
Roger Dingledine committed
299
      tor_assert(conn->marked_for_close);
300
      if (now - conn->timestamp_lastwritten >= 15) {
301
        log_fn(LOG_WARN,"Giving up on marked_for_close conn that's been flushing for 15s (fd %d, type %s, state %d).",
Roger Dingledine's avatar
Roger Dingledine committed
302
               conn->s, CONN_TYPE_TO_STRING(conn->type), conn->state);
303
304
        conn->hold_open_until_flushed = 0;
      }
305
306
307
308
    }
  }
}

309
310
311
/** Bind a new non-blocking socket listening to
 * <b>bindaddress</b>:<b>bindport</b>, and add this new connection
 * (of type <b>type</b>) to the connection array.
Nick Mathewson's avatar
Nick Mathewson committed
312
313
314
 *
 * If <b>bindaddress</b> includes a port, we bind on that port; otherwise, we
 * use bindport.
315
 */
316
static int connection_create_listener(const char *bindaddress, uint16_t bindport, int type) {
317
  struct sockaddr_in bindaddr; /* where to bind */
Roger Dingledine's avatar
Roger Dingledine committed
318
  connection_t *conn;
319
  uint16_t usePort;
320
  int s; /* the socket we're going to make */
Roger Dingledine's avatar
Roger Dingledine committed
321
322
  int one=1;

323
  memset(&bindaddr,0,sizeof(struct sockaddr_in));
324
325
326
  if (parse_addr_port(bindaddress, NULL, &(bindaddr.sin_addr.s_addr),
                      &usePort)<0) {
    log_fn(LOG_WARN, "Error parsing/resolving BindAddress %s",bindaddress);
327
328
    return -1;
  }
329
330
331
332
  if (usePort==0)
    usePort = bindport;
  bindaddr.sin_family = AF_INET;
  bindaddr.sin_port = htons((uint16_t) usePort);
333

Roger Dingledine's avatar
Roger Dingledine committed
334
  s = socket(PF_INET,SOCK_STREAM,IPPROTO_TCP);
Roger Dingledine's avatar
Roger Dingledine committed
335
  if (s < 0) {
Roger Dingledine's avatar
Roger Dingledine committed
336
    log_fn(LOG_WARN,"Socket creation failed.");
Roger Dingledine's avatar
Roger Dingledine committed
337
338
339
    return -1;
  }

340
  setsockopt(s, SOL_SOCKET, SO_REUSEADDR, (void*) &one, sizeof(one));
Roger Dingledine's avatar
Roger Dingledine committed
341

342
  if(bind(s,(struct sockaddr *)&bindaddr,sizeof(bindaddr)) < 0) {
Nick Mathewson's avatar
Nick Mathewson committed
343
    log_fn(LOG_WARN,"Could not bind to port %u: %s",usePort,
344
           tor_socket_strerror(tor_socket_errno(s)));
Roger Dingledine's avatar
Roger Dingledine committed
345
346
347
348
    return -1;
  }

  if(listen(s,SOMAXCONN) < 0) {
Nick Mathewson's avatar
Nick Mathewson committed
349
    log_fn(LOG_WARN,"Could not listen on port %u: %s",usePort,
350
           tor_socket_strerror(tor_socket_errno(s)));
Roger Dingledine's avatar
Roger Dingledine committed
351
352
353
    return -1;
  }

354
  set_socket_nonblocking(s);
Roger Dingledine's avatar
Roger Dingledine committed
355
356
357
358
359

  conn = connection_new(type);
  conn->s = s;

  if(connection_add(conn) < 0) { /* no space, forget it */
Roger Dingledine's avatar
Roger Dingledine committed
360
    log_fn(LOG_WARN,"connection_add failed. Giving up.");
Roger Dingledine's avatar
Roger Dingledine committed
361
362
363
364
    connection_free(conn);
    return -1;
  }

Nick Mathewson's avatar
Nick Mathewson committed
365
  log_fn(LOG_DEBUG,"%s listening on port %u.",conn_type_to_string[type], usePort);
Roger Dingledine's avatar
Roger Dingledine committed
366
367

  conn->state = LISTENER_STATE_READY;
368
  connection_start_reading(conn);
Roger Dingledine's avatar
Roger Dingledine committed
369
370
371
372

  return 0;
}

373
/** The listener connection <b>conn</b> told poll() it wanted to read.
Nick Mathewson's avatar
Nick Mathewson committed
374
 * Call accept() on conn-\>s, and add the new connection if necessary.
375
 */
Nick Mathewson's avatar
Nick Mathewson committed
376
static int connection_handle_listener_read(connection_t *conn, int new_type) {
Roger Dingledine's avatar
Roger Dingledine committed
377
378
379
380
381
382
383
  int news; /* the new socket */
  connection_t *newconn;
  struct sockaddr_in remote; /* information about the remote peer when connecting to other routers */
  int remotelen = sizeof(struct sockaddr_in); /* length of the remote address */

  news = accept(conn->s,(struct sockaddr *)&remote,&remotelen);
  if (news == -1) { /* accept() error */
384
    if(ERRNO_IS_EAGAIN(tor_socket_errno(conn->s))) {
Roger Dingledine's avatar
Roger Dingledine committed
385
      return 0; /* he hung up before we could accept(). that's fine. */
386
    }
Roger Dingledine's avatar
Roger Dingledine committed
387
    /* else there was a real error. */
Roger Dingledine's avatar
Roger Dingledine committed
388
    log_fn(LOG_WARN,"accept() failed. Closing listener.");
389
    connection_mark_for_close(conn);
Roger Dingledine's avatar
Roger Dingledine committed
390
391
    return -1;
  }
392
  log(LOG_INFO,"Connection accepted on socket %d (child of fd %d).",news, conn->s);
Roger Dingledine's avatar
Roger Dingledine committed
393

394
395
396
397
398
399
400
  if(shutting_down && new_type != CONN_TYPE_DIR) {
    /* allow directory connections even while we're shutting down */
    log(LOG_INFO,"But we're shutting down, so closing (type %d).", new_type);
    tor_close_socket(news);
    return 0;
  }

401
  set_socket_nonblocking(news);
402

403
404
405
406
407
408
409
410
411
412
413
  /* process entrance policies here, before we even create the connection */
  if(new_type == CONN_TYPE_AP) {
    /* check sockspolicy to see if we should accept it */
    if(socks_policy_permits_address(ntohl(remote.sin_addr.s_addr)) == 0) {
      log_fn(LOG_WARN,"Denying socks connection from untrusted address %s.",
             inet_ntoa(remote.sin_addr));
      tor_close_socket(news);
      return 0;
    }
  }

Roger Dingledine's avatar
Roger Dingledine committed
414
415
416
  newconn = connection_new(new_type);
  newconn->s = news;

417
  newconn->address = tor_strdup(inet_ntoa(remote.sin_addr)); /* remember the remote address */
418
419
  newconn->addr = ntohl(remote.sin_addr.s_addr);
  newconn->port = ntohs(remote.sin_port);
Roger Dingledine's avatar
Roger Dingledine committed
420
421
422

  if(connection_add(newconn) < 0) { /* no space, forget it */
    connection_free(newconn);
423
    return 0; /* no need to tear down the parent */
Roger Dingledine's avatar
Roger Dingledine committed
424
425
  }

426
  if(connection_init_accepted_conn(newconn) < 0) {
427
    connection_mark_for_close(newconn);
428
429
430
431
432
    return 0;
  }
  return 0;
}

433
434
435
/** Initialize states for newly accepted connection <b>conn</b>.
 * If conn is an OR, start the tls handshake.
 */
436
437
438
439
440
441
static int connection_init_accepted_conn(connection_t *conn) {

  connection_start_reading(conn);

  switch(conn->type) {
    case CONN_TYPE_OR:
442
      return connection_tls_start_handshake(conn, 1);
443
444
445
446
    case CONN_TYPE_AP:
      conn->state = AP_CONN_STATE_SOCKS_WAIT;
      break;
    case CONN_TYPE_DIR:
Roger Dingledine's avatar
Roger Dingledine committed
447
      conn->purpose = DIR_PURPOSE_SERVER;
448
      conn->state = DIR_CONN_STATE_SERVER_COMMAND_WAIT;
449
450
451
452
453
      break;
  }
  return 0;
}

454
/** Take conn, make a nonblocking socket; try to connect to
455
 * addr:port (they arrive in *host order*). If fail, return -1. Else
Nick Mathewson's avatar
Nick Mathewson committed
456
 * assign s to conn->\s: if connected return 1, if EAGAIN return 0.
457
458
459
 *
 * address is used to make the logs useful.
 *
Nick Mathewson's avatar
Nick Mathewson committed
460
 * On success, add conn to the list of polled connections.
461
462
463
464
465
466
467
 */
int connection_connect(connection_t *conn, char *address, uint32_t addr, uint16_t port) {
  int s;
  struct sockaddr_in dest_addr;

  s=socket(PF_INET,SOCK_STREAM,IPPROTO_TCP);
  if (s < 0) {
468
469
    log_fn(LOG_WARN,"Error creating network socket: %s",
           tor_socket_strerror(tor_socket_errno(-1)));
470
471
    return -1;
  }
472
473
474
475
476
477
478
479
480
481
482

  if (options.OutboundBindAddress) {
    struct sockaddr_in ext_addr;

    memset(&ext_addr, 0, sizeof(ext_addr));
    ext_addr.sin_family = AF_INET;
    ext_addr.sin_port = 0;
    if (!tor_inet_aton(options.OutboundBindAddress, &ext_addr.sin_addr)) {
      log_fn(LOG_WARN,"Outbound bind address '%s' didn't parse. Ignoring.",
             options.OutboundBindAddress);
    } else {
483
      if(bind(s, (struct sockaddr*)&ext_addr, sizeof(ext_addr)) < 0) {
484
485
486
487
488
489
490
        log_fn(LOG_WARN,"Error binding network socket: %s",
               tor_socket_strerror(tor_socket_errno(s)));
        return -1;
      }
    }
  }

491
492
  set_socket_nonblocking(s);

493
  memset(&dest_addr,0,sizeof(dest_addr));
494
495
496
497
498
499
500
  dest_addr.sin_family = AF_INET;
  dest_addr.sin_port = htons(port);
  dest_addr.sin_addr.s_addr = htonl(addr);

  log_fn(LOG_DEBUG,"Connecting to %s:%u.",address,port);

  if(connect(s,(struct sockaddr *)&dest_addr,sizeof(dest_addr)) < 0) {
501
    if(!ERRNO_IS_CONN_EINPROGRESS(tor_socket_errno(s))) {
502
      /* yuck. kill it. */
503
      log_fn(LOG_INFO,"Connect() to %s:%u failed: %s",address,port,
504
             tor_socket_strerror(tor_socket_errno(s)));
505
      tor_close_socket(s);
506
507
508
509
      return -1;
    } else {
      /* it's in progress. set state appropriately and return. */
      conn->s = s;
510
511
      if(connection_add(conn) < 0) /* no space, forget it */
        return -1;
512
513
514
515
516
517
      log_fn(LOG_DEBUG,"connect in progress, socket %d.",s);
      return 0;
    }
  }

  /* it succeeded. we're connected. */
518
  log_fn(LOG_INFO,"Connection to %s:%u established.",address,port);
519
  conn->s = s;
520
521
  if(connection_add(conn) < 0) /* no space, forget it */
    return -1;
522
523
524
  return 1;
}

525
526
/** If there exist any listeners of type <b>type</b> in the connection
 * array, mark them for close.
527
 */
528
static void listener_close_if_present(int type) {
529
  connection_t *conn;
530
531
  connection_t **carray;
  int i,n;
Roger Dingledine's avatar
Roger Dingledine committed
532
533
534
  tor_assert(type == CONN_TYPE_OR_LISTENER ||
             type == CONN_TYPE_AP_LISTENER ||
             type == CONN_TYPE_DIR_LISTENER);
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
  get_connection_array(&carray,&n);
  for(i=0;i<n;i++) {
    conn = carray[i];
    if (conn->type == type && !conn->marked_for_close) {
      connection_close_immediate(conn);
      connection_mark_for_close(conn);
    }
  }
}

static int retry_listeners(int type, struct config_line_t *cfg,
                           int port_option, const char *default_addr)
{
  listener_close_if_present(type);
  if (port_option) {
    if (!cfg) {
      if (connection_create_listener(default_addr, (uint16_t) port_option,
                                     type)<0)
        return -1;
    } else {
      for ( ; cfg; cfg = cfg->next) {
        if (connection_create_listener(cfg->value, (uint16_t) port_option,
                                       type)<0)
          return -1;
      }
    }
561
  }
562
  return 0;
563
564
}

Roger Dingledine's avatar
Roger Dingledine committed
565
/** (Re)launch listeners for each port you should have open.
566
 */
Roger Dingledine's avatar
Roger Dingledine committed
567
int retry_all_listeners(void) {
Roger Dingledine's avatar
Roger Dingledine committed
568

569
570
571
572
573
574
575
576
577
  if (retry_listeners(CONN_TYPE_OR_LISTENER, options.ORBindAddress,
                      options.ORPort, "0.0.0.0")<0)
    return -1;
  if (retry_listeners(CONN_TYPE_DIR_LISTENER, options.DirBindAddress,
                      options.DirPort, "0.0.0.0")<0)
    return -1;
  if (retry_listeners(CONN_TYPE_AP_LISTENER, options.SocksBindAddress,
                      options.SocksPort, "127.0.0.1")<0)
    return -1;
578

Roger Dingledine's avatar
Roger Dingledine committed
579
580
581
  return 0;
}

582
extern int global_read_bucket, global_write_bucket;
583

584
/** How many bytes at most can we read onto this connection? */
585
586
587
int connection_bucket_read_limit(connection_t *conn) {
  int at_most;

588
589
590
  /* do a rudimentary round-robin so one circuit can't hog a connection */
  if(connection_speaks_cells(conn)) {
    at_most = 32*(CELL_NETWORK_SIZE);
591
  } else {
592
    at_most = 32*(RELAY_PAYLOAD_SIZE);
593
594
  }

595
596
597
  if(at_most > global_read_bucket)
    at_most = global_read_bucket;

598
599
600
601
602
603
604
  if(connection_speaks_cells(conn) && conn->state == OR_CONN_STATE_OPEN)
    if(at_most > conn->receiver_bucket)
      at_most = conn->receiver_bucket;

  return at_most;
}

605
/** We just read num_read onto conn. Decrement buckets appropriately. */
606
static void connection_read_bucket_decrement(connection_t *conn, int num_read) {
Roger Dingledine's avatar
Roger Dingledine committed
607
  global_read_bucket -= num_read; tor_assert(global_read_bucket >= 0);
608
  if(connection_speaks_cells(conn) && conn->state == OR_CONN_STATE_OPEN) {
Roger Dingledine's avatar
Roger Dingledine committed
609
    conn->receiver_bucket -= num_read; tor_assert(conn->receiver_bucket >= 0);
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
  }
  if(global_read_bucket == 0) {
    log_fn(LOG_DEBUG,"global bucket exhausted. Pausing.");
    conn->wants_to_read = 1;
    connection_stop_reading(conn);
    return;
  }
  if(connection_speaks_cells(conn) &&
     conn->state == OR_CONN_STATE_OPEN &&
     conn->receiver_bucket == 0) {
      log_fn(LOG_DEBUG,"receiver bucket exhausted. Pausing.");
      conn->wants_to_read = 1;
      connection_stop_reading(conn);
  }
}

626
/** Keep a timeval to know when time has passed enough to refill buckets */
627
628
static struct timeval current_time;

629
630
/** Initiatialize the global read bucket to options.BandwidthBurst,
 * and current_time to the current time. */
631
void connection_bucket_init(void) {
632
633
  tor_gettimeofday(&current_time);
  global_read_bucket = options.BandwidthBurst; /* start it at max traffic */
634
  global_write_bucket = options.BandwidthBurst; /* start it at max traffic */
635
636
}

637
/** Some time has passed; increment buckets appropriately. */
638
639
640
641
642
643
644
645
646
647
648
void connection_bucket_refill(struct timeval *now) {
  int i, n;
  connection_t *conn;
  connection_t **carray;

  if(now->tv_sec <= current_time.tv_sec)
    return; /* wait until the second has rolled over */

  current_time.tv_sec = now->tv_sec; /* update current_time */
  /* (ignore usecs for now) */

649
  /* refill the global buckets */
650
651
652
653
  if(global_read_bucket < options.BandwidthBurst) {
    global_read_bucket += options.BandwidthRate;
    log_fn(LOG_DEBUG,"global_read_bucket now %d.", global_read_bucket);
  }
654
655
656
657
  if(global_write_bucket < options.BandwidthBurst) {
    global_write_bucket += options.BandwidthRate;
    log_fn(LOG_DEBUG,"global_write_bucket now %d.", global_write_bucket);
  }
658
659
660
661
662
663
664
665
666
667
668
669
670

  /* refill the per-connection buckets */
  get_connection_array(&carray,&n);
  for(i=0;i<n;i++) {
    conn = carray[i];

    if(connection_receiver_bucket_should_increase(conn)) {
      conn->receiver_bucket += conn->bandwidth;
      //log_fn(LOG_DEBUG,"Receiver bucket %d now %d.", i, conn->receiver_bucket);
    }

    if(conn->wants_to_read == 1 /* it's marked to turn reading back on now */
       && global_read_bucket > 0 /* and we're allowed to read */
671
672
       && global_write_bucket > 0 /* and we're allowed to write (XXXX,
                                   * not the best place to check this.) */
673
674
675
676
       && (!connection_speaks_cells(conn) ||
           conn->state != OR_CONN_STATE_OPEN ||
           conn->receiver_bucket > 0)) {
      /* and either a non-cell conn or a cell conn with non-empty bucket */
677
      log_fn(LOG_DEBUG,"waking up conn (fd %d)",conn->s);
678
679
680
681
682
683
684
685
686
687
      conn->wants_to_read = 0;
      connection_start_reading(conn);
      if(conn->wants_to_write == 1) {
        conn->wants_to_write = 0;
        connection_start_writing(conn);
      }
    }
  }
}

688
689
690
/** Is the receiver bucket for connection <b>conn</b> low enough that we
 * should add another pile of tokens to it?
 */
691
static int connection_receiver_bucket_should_increase(connection_t *conn) {
Roger Dingledine's avatar
Roger Dingledine committed
692
  tor_assert(conn);
693
694
695
696
697
698

  if(!connection_speaks_cells(conn))
    return 0; /* edge connections don't use receiver_buckets */
  if(conn->state != OR_CONN_STATE_OPEN)
    return 0; /* only open connections play the rate limiting game */

Roger Dingledine's avatar
Roger Dingledine committed
699
  tor_assert(conn->bandwidth > 0);
700
701
702
703
704
705
  if(conn->receiver_bucket > 9*conn->bandwidth)
    return 0;

  return 1;
}

Nick Mathewson's avatar
Nick Mathewson committed
706
/** Read bytes from conn->\s and process them.
707
708
709
710
711
712
713
714
715
716
717
 *
 * This function gets called from conn_read() in main.c, either
 * when poll() has declared that conn wants to read, or (for OR conns)
 * when there are pending TLS bytes.
 *
 * It calls connection_read_to_buf() to bring in any new bytes,
 * and then calls connection_process_inbuf() to process them.
 *
 * Mark the connection and return -1 if you want to close it, else
 * return 0.
 */
718
719
int connection_handle_read(connection_t *conn) {

720
  conn->timestamp_lastread = time(NULL);
721
722
723

  switch(conn->type) {
    case CONN_TYPE_OR_LISTENER:
724
      return connection_handle_listener_read(conn, CONN_TYPE_OR);
725
    case CONN_TYPE_AP_LISTENER:
726
      return connection_handle_listener_read(conn, CONN_TYPE_AP);
727
    case CONN_TYPE_DIR_LISTENER:
728
729
      return connection_handle_listener_read(conn, CONN_TYPE_DIR);
  }
730

731
  if(connection_read_to_buf(conn) < 0) {
732
733
    /* There's a read error; kill the connection.*/
    connection_close_immediate(conn); /* Don't flush; connection is dead. */
734
    conn->has_sent_end = 1; /* XXX have we already sent the end? really? */
735
    connection_mark_for_close(conn);
Roger Dingledine's avatar
Roger Dingledine committed
736
    if(conn->type == CONN_TYPE_DIR &&
Roger Dingledine's avatar
Roger Dingledine committed
737
       conn->state == DIR_CONN_STATE_CONNECTING) {
738
739
       /* it's a directory server and connecting failed: forget about this router */
       /* XXX I suspect pollerr may make Windows not get to this point. :( */
Nick Mathewson's avatar
Nick Mathewson committed
740
       router_mark_as_down(conn->identity_digest);
741
742
       if(conn->purpose == DIR_PURPOSE_FETCH_DIR && 
          !all_trusted_directory_servers_down()) {
Roger Dingledine's avatar
Roger Dingledine committed
743
         log_fn(LOG_INFO,"Giving up on dirserver %s; trying another.", conn->address);
744
745
         directory_get_from_dirserver(DIR_PURPOSE_FETCH_DIR, NULL, 0);
       }
746
747
748
749
    }
    return -1;
  }
  if(connection_process_inbuf(conn) < 0) {
750
//    log_fn(LOG_DEBUG,"connection_process_inbuf returned -1.");
751
752
    return -1;
  }
Roger Dingledine's avatar
Roger Dingledine committed
753
  return 0;
754
755
}

Nick Mathewson's avatar
Nick Mathewson committed
756
/** Pull in new bytes from conn-\>s onto conn-\>inbuf, either
757
758
759
760
761
 * directly or via TLS. Reduce the token buckets by the number of
 * bytes read.
 *
 * Return -1 if we want to break conn, else return 0.
 */
Nick Mathewson's avatar
Nick Mathewson committed
762
static int connection_read_to_buf(connection_t *conn) {
Roger Dingledine's avatar
Roger Dingledine committed
763
  int result;
Roger Dingledine's avatar
Roger Dingledine committed
764
  int at_most;
765

766
767
  /* how many bytes are we allowed to read? */
  at_most = connection_bucket_read_limit(conn);
768

Roger Dingledine's avatar
Roger Dingledine committed
769
  if(connection_speaks_cells(conn) && conn->state != OR_CONN_STATE_CONNECTING) {
770
771
    if(conn->state == OR_CONN_STATE_HANDSHAKING) {
      /* continue handshaking even if global token bucket is empty */
772
      return connection_tls_continue_handshake(conn);
773
    }
774

775
776
777
    log_fn(LOG_DEBUG,"%d: starting, inbuf_datalen %d (%d pending in tls object). at_most %d.",
           conn->s,(int)buf_datalen(conn->inbuf),tor_tls_get_pending_bytes(conn->tls), at_most);

778
    /* else open, or closing */
779
    result = read_to_buf_tls(conn->tls, at_most, conn->inbuf);
Roger Dingledine's avatar
Roger Dingledine committed
780
781
782
783

    switch(result) {
      case TOR_TLS_ERROR:
      case TOR_TLS_CLOSE:
784
785
        log_fn(LOG_INFO,"tls error. breaking (nickname %s, address %s).",
               conn->nickname ? conn->nickname : "not set", conn->address);
Roger Dingledine's avatar
Roger Dingledine committed
786
        return -1; /* XXX deal with close better */
787
      case TOR_TLS_WANTWRITE:
Roger Dingledine's avatar
Roger Dingledine committed
788
789
        connection_start_writing(conn);
        return 0;
790
      case TOR_TLS_WANTREAD: /* we're already reading */
Roger Dingledine's avatar
Roger Dingledine committed
791
      case TOR_TLS_DONE: /* no data read, so nothing to process */
792
793
        result = 0;
        break; /* so we call bucket_decrement below */
794
    }
795
  } else {
796
797
798
    result = read_to_buf(conn->s, at_most, conn->inbuf,
                         &conn->inbuf_reached_eof);

Roger Dingledine's avatar
Roger Dingledine committed
799
800
801
802
//  log(LOG_DEBUG,"connection_read_to_buf(): read_to_buf returned %d.",read_result);

    if(result < 0)
      return -1;
803
804
  }

805
806
807
808
  if(result > 0 && !is_local_IP(conn->addr)) { /* remember it */
    rep_hist_note_bytes_read(result, time(NULL));
  }

809
  connection_read_bucket_decrement(conn, result);
Roger Dingledine's avatar
Roger Dingledine committed
810
  return 0;
Roger Dingledine's avatar
Roger Dingledine committed
811
812
}

813
/** A pass-through to fetch_from_buf. */
Roger Dingledine's avatar
Roger Dingledine committed
814
int connection_fetch_from_buf(char *string, int len, connection_t *conn) {
815
  return fetch_from_buf(string, len, conn->inbuf);
Roger Dingledine's avatar
Roger Dingledine committed
816
817
}

Nick Mathewson's avatar
Nick Mathewson committed
818
/** Return conn-\>outbuf_flushlen: how many bytes conn wants to flush
819
 * from its outbuf. */
820
821
822
823
int connection_wants_to_flush(connection_t *conn) {
  return conn->outbuf_flushlen;
}

824
825
826
827
/** Are there too many bytes on edge connection <b>conn</b>'s outbuf to
 * send back a relay-level sendme yet? Return 1 if so, 0 if not. Used by
 * connection_edge_consider_sending_sendme().
 */
828
829
830
831
int connection_outbuf_too_full(connection_t *conn) {
  return (conn->outbuf_flushlen > 10*CELL_PAYLOAD_SIZE);
}

Nick Mathewson's avatar
Nick Mathewson committed
832
/** Try to flush more bytes onto conn-\>s.
833
834
835
836
837
 *
 * This function gets called either from conn_write() in main.c
 * when poll() has declared that conn wants to write, or below
 * from connection_write_to_buf() when an entire TLS record is ready.
 *
Nick Mathewson's avatar
Nick Mathewson committed
838
 * Update conn-\>timestamp_lastwritten to now, and call flush_buf
839
840
841
842
843
844
845
 * or flush_buf_tls appropriately. If it succeeds and there no more
 * more bytes on conn->outbuf, then call connection_finished_flushing
 * on it too.
 *
 * Mark the connection and return -1 if you want to close it, else
 * return 0.
 */
846
int connection_handle_write(connection_t *conn) {
847
  int e, len=sizeof(e);
848
849
  int result;
  time_t now = time(NULL);
850

Roger Dingledine's avatar
Roger Dingledine committed
851
  tor_assert(!connection_is_listener(conn));
852

853
  conn->timestamp_lastwritten = now;
854

855
856
857
  /* Sometimes, "writeable" means "connected". */
  if (connection_state_is_connecting(conn)) {
    if (getsockopt(conn->s, SOL_SOCKET, SO_ERROR, (void*)&e, &len) < 0) {
858
859
860
861
862
863
864
865
866
867
      log_fn(LOG_WARN,"getsockopt() syscall failed?! Please report to tor-ops.");
      connection_close_immediate(conn);
      connection_mark_for_close(conn);
      return -1;
    }
    if(e) {
      /* some sort of error, but maybe just inprogress still */
      errno = e; /* XXX008 this is a kludge. maybe we should rearrange
                    our error-hunting functions? E.g. pass errno to
                    tor_socket_errno(). */
868
      if(!ERRNO_IS_CONN_EINPROGRESS(tor_socket_errno(conn->s))) {
869
        log_fn(LOG_INFO,"in-progress connect failed. Removing.");
870
        connection_close_immediate(conn);
871
        connection_mark_for_close(conn);
872
873
874
        /* it's safe to pass OPs to router_mark_as_down(), since it just
         * ignores unrecognized routers
         */
Nick Mathewson's avatar
Nick Mathewson committed
875
876
        if (conn->type == CONN_TYPE_OR)
          router_mark_as_down(conn->identity_digest);
877
878
879
880
881
882
883
884
885
886
        return -1;
      } else {
        return 0; /* no change, see if next time is better */
      }
    }
    /* The connection is successful. */
    return connection_finished_connecting(conn);
  }

  if (connection_speaks_cells(conn)) {
887
    if (conn->state == OR_CONN_STATE_HANDSHAKING) {
888
      connection_stop_writing(conn);
889
890
      if(connection_tls_continue_handshake(conn) < 0) {
        connection_close_immediate(conn); /* Don't flush; connection is dead. */
891
        connection_mark_for_close(conn);
892
893
894
        return -1;
      }
      return 0;
895
    }
896

897
    /* else open, or closing */
898
899
    result = flush_buf_tls(conn->tls, conn->outbuf, &conn->outbuf_flushlen);
    switch(result) {
Roger Dingledine's avatar
Roger Dingledine committed
900
901
      case TOR_TLS_ERROR:
      case TOR_TLS_CLOSE:
902
        log_fn(LOG_INFO,"tls error. breaking.");
903
        connection_close_immediate(conn); /* Don't flush; connection is dead. */
904
        connection_mark_for_close(conn);
Roger Dingledine's avatar
Roger Dingledine committed
905
        return -1; /* XXX deal with close better */
906
      case TOR_TLS_WANTWRITE:
907
        log_fn(LOG_DEBUG,"wanted write.");
Roger Dingledine's avatar
Roger Dingledine committed
908
909
        /* we're already writing */
        return 0;
910
      case TOR_TLS_WANTREAD:
Roger Dingledine's avatar
Roger Dingledine committed
911
        /* Make sure to avoid a loop if the receive buckets are empty. */
912
        log_fn(LOG_DEBUG,"wanted read.");
Roger Dingledine's avatar
Roger Dingledine committed
913
914
915
916
917
918
919
920
921
        if(!connection_is_reading(conn)) {
          connection_stop_writing(conn);
          conn->wants_to_write = 1;
          /* we'll start reading again when the next second arrives,
           * and then also start writing again.
           */
        }
        /* else no problem, we're already reading */
        return 0;
922
923
      /* case TOR_TLS_DONE:
       * for TOR_TLS_DONE, fall through to check if the flushlen
Roger Dingledine's avatar
Roger Dingledine committed
924
       * is empty, so we can stop writing.
Roger Dingledine's avatar
Roger Dingledine committed
925
       */
Roger Dingledine's avatar
Roger Dingledine committed
926
    }
927
  } else {
928
929
    result = flush_buf(conn->s, conn->outbuf, &conn->outbuf_flushlen);
    if (result < 0) {
930
      connection_close_immediate(conn); /* Don't flush; connection is dead. */
931
932
      conn->has_sent_end = 1;
      connection_mark_for_close(conn);
Roger Dingledine's avatar
Roger Dingledine committed
933
      return -1;
934
    }
935
936
  }

937
  if(result > 0 && !is_local_IP(conn->addr)) { /* remember it */
938
939
940
    rep_hist_note_bytes_written(result, now);
  }

941
942
  global_write_bucket -= result;

943
944
  if(!connection_wants_to_flush(conn)) { /* it's done flushing */
    if(connection_finished_flushing(conn) < 0) {
945
      /* already marked */
Roger Dingledine's avatar
Roger Dingledine committed
946
      return -1;
947
    }
948
  }
Roger Dingledine's avatar
Roger Dingledine committed
949
950

  return 0;
951
952
}

953
/** Append <b>len</b> bytes of <b>string</b> onto <b>conn</b>'s
954
 * outbuf, and ask it to start writing.
955
 */
956
void connection_write_to_buf(const char *string, int len, connection_t *conn) {
957

958
959
  if(!len || conn->marked_for_close)
    return;
960

961
  if(write_to_buf(string, len, conn->outbuf) < 0) {
962
963
964
965
966
967
968
969
970
    if(conn->type == CONN_TYPE_AP || conn->type == CONN_TYPE_EXIT) {
      /* if it failed, it means we have our package/delivery windows set
         wrong compared to our max outbuf size. close the whole circuit. */
      log_fn(LOG_WARN,"write_to_buf failed. Closing circuit (fd %d).", conn->s);
      circuit_mark_for_close(circuit_get_by_conn(conn));
    } else {
      log_fn(LOG_WARN,"write_to_buf failed. Closing connection (fd %d).", conn->s);
      connection_mark_for_close(conn);
    }
971
    return;
972
  }
973
974

  connection_start_writing(conn);
975
  conn->outbuf_flushlen += len;
Roger Dingledine's avatar
Roger Dingledine committed
976
977
}

978
979
/** Return the conn to addr/port that has the most recent
 * timestamp_created, or NULL if no such conn exists. */
980
981
connection_t *connection_exact_get_by_addr_port(uint32_t addr, uint16_t port) {
  int i, n;
982
  connection_t *conn, *best=NULL;
983
  connection_t **carray;
Roger Dingledine's avatar
Roger Dingledine committed
984

985
986
987
  get_connection_array(&carray,&n);
  for(i=0;i<n;i++) {
    conn = carray[i];
988
989
990
    if(conn->addr == addr && conn->port == port && !conn->marked_for_close &&
       (!best || best->timestamp_created < conn->timestamp_created))
      best = conn;
991
  }
992
  return best;
993
994
}

995
996
997
998
999
1000
connection_t *connection_get_by_identity_digest(const char *digest, int type)
{
  int i, n;
  connection_t *conn, *best=NULL;
  connection_t **carray;

For faster browsing, not all history is shown. View entire blame