connection_edge.c 153 KB
Newer Older
1
/* Copyright (c) 2001 Matej Pfajfar.
Roger Dingledine's avatar
Roger Dingledine committed
2
 * Copyright (c) 2001-2004, Roger Dingledine.
3
 * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson.
4
 * Copyright (c) 2007-2017, The Tor Project, Inc. */
5
6
/* See LICENSE for licensing information */

7
8
/**
 * \file connection_edge.c
9
 * \brief Handle edge streams.
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
 *
 * An edge_connection_t is a subtype of a connection_t, and represents two
 * critical concepts in Tor: a stream, and an edge connection.  From the Tor
 * protocol's point of view, a stream is a bi-directional channel that is
 * multiplexed on a single circuit.  Each stream on a circuit is identified
 * with a separate 16-bit stream ID, local to the (circuit,exit) pair.
 * Streams are created in response to client requests.
 *
 * An edge connection is one thing that can implement a stream: it is either a
 * TCP application socket that has arrived via (e.g.) a SOCKS request, or an
 * exit connection.
 *
 * Not every instance of edge_connection_t truly represents an edge connction,
 * however. (Sorry!) We also create edge_connection_t objects for streams that
 * we will not be handling with TCP.  The types of these streams are:
 *   <ul>
 *   <li>DNS lookup streams, created on the client side in response to
 *     a UDP DNS request received on a DNSPort, or a RESOLVE command
 *     on a controller.
 *   <li>DNS lookup streams, created on the exit side in response to
 *     a RELAY_RESOLVE cell from a client.
 *   <li>Tunneled directory streams, created on the directory cache side
32
 *     in response to a RELAY_BEGIN_DIR cell.  These streams attach directly
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
 *     to a dir_connection_t object without ever using TCP.
 *   </ul>
 *
 * This module handles general-purpose functionality having to do with
 * edge_connection_t.  On the client side, it accepts various types of
 * application requests on SocksPorts, TransPorts, and NATDPorts, and
 * creates streams appropriately.
 *
 * This module is also responsible for implementing stream isolation:
 * ensuring that streams that should not be linkable to one another are
 * kept to different circuits.
 *
 * On the exit side, this module handles the various stream-creating
 * type of RELAY cells by launching appropriate outgoing connections,
 * DNS requests, or directory connection objects.
 *
 * And for all edge connections, this module is responsible for handling
 * incoming and outdoing data as it arrives or leaves in the relay.c
 * module.  (Outgoing data will be packaged in
 * connection_edge_process_inbuf() as it calls
 * connection_edge_package_raw_inbuf(); incoming data from RELAY_DATA
 * cells is applied in connection_edge_process_relay_cell().)
55
 **/
56
#define CONNECTION_EDGE_PRIVATE
57

58
#include "or.h"
59
60
61

#include "backtrace.h"

62
#include "addressmap.h"
Sebastian Hahn's avatar
Sebastian Hahn committed
63
#include "buffers.h"
64
#include "channel.h"
65
#include "circpathbias.h"
Sebastian Hahn's avatar
Sebastian Hahn committed
66
#include "circuitlist.h"
Sebastian Hahn's avatar
Sebastian Hahn committed
67
#include "circuituse.h"
Sebastian Hahn's avatar
Sebastian Hahn committed
68
#include "config.h"
Sebastian Hahn's avatar
Sebastian Hahn committed
69
#include "connection.h"
Sebastian Hahn's avatar
Sebastian Hahn committed
70
#include "connection_edge.h"
Sebastian Hahn's avatar
Sebastian Hahn committed
71
#include "connection_or.h"
Sebastian Hahn's avatar
Sebastian Hahn committed
72
#include "control.h"
Sebastian Hahn's avatar
Sebastian Hahn committed
73
#include "dns.h"
74
#include "dnsserv.h"
75
#include "directory.h"
Sebastian Hahn's avatar
Sebastian Hahn committed
76
#include "dirserv.h"
Sebastian Hahn's avatar
Sebastian Hahn committed
77
#include "hibernate.h"
78
#include "hs_common.h"
79
80
#include "hs_cache.h"
#include "hs_client.h"
81
#include "hs_circuit.h"
Sebastian Hahn's avatar
Sebastian Hahn committed
82
#include "main.h"
83
#include "networkstatus.h"
84
#include "nodelist.h"
Sebastian Hahn's avatar
Sebastian Hahn committed
85
#include "policies.h"
86
#include "proto_http.h"
87
#include "proto_socks.h"
Sebastian Hahn's avatar
Sebastian Hahn committed
88
#include "reasons.h"
Sebastian Hahn's avatar
Sebastian Hahn committed
89
#include "relay.h"
Sebastian Hahn's avatar
Sebastian Hahn committed
90
#include "rendclient.h"
Sebastian Hahn's avatar
Sebastian Hahn committed
91
#include "rendcommon.h"
Sebastian Hahn's avatar
Sebastian Hahn committed
92
#include "rendservice.h"
Sebastian Hahn's avatar
Sebastian Hahn committed
93
#include "rephist.h"
Sebastian Hahn's avatar
Sebastian Hahn committed
94
#include "router.h"
Sebastian Hahn's avatar
Sebastian Hahn committed
95
#include "routerlist.h"
96
#include "routerset.h"
97
#include "circuitbuild.h"
98

99
100
101
#ifdef HAVE_LINUX_TYPES_H
#include <linux/types.h>
#endif
102
103
104
#ifdef HAVE_LINUX_NETFILTER_IPV4_H
#include <linux/netfilter_ipv4.h>
#define TRANS_NETFILTER
105
#define TRANS_NETFILTER_IPV4
106
107
#endif

108
109
110
111
112
113
#ifdef HAVE_LINUX_IF_H
#include <linux/if.h>
#endif

#ifdef HAVE_LINUX_NETFILTER_IPV6_IP6_TABLES_H
#include <linux/netfilter_ipv6/ip6_tables.h>
114
#if defined(IP6T_SO_ORIGINAL_DST)
115
116
117
#define TRANS_NETFILTER
#define TRANS_NETFILTER_IPV6
#endif
118
#endif /* defined(HAVE_LINUX_NETFILTER_IPV6_IP6_TABLES_H) */
119

120
121
122
123
124
125
#if defined(HAVE_NET_IF_H) && defined(HAVE_NET_PFVAR_H)
#include <net/if.h>
#include <net/pfvar.h>
#define TRANS_PF
#endif

126
127
128
129
#ifdef IP_TRANSPARENT
#define TRANS_TPROXY
#endif

130
131
132
#define SOCKS4_GRANTED          90
#define SOCKS4_REJECT           91

133
134
static int connection_ap_handshake_process_socks(entry_connection_t *conn);
static int connection_ap_process_natd(entry_connection_t *conn);
Roger Dingledine's avatar
Roger Dingledine committed
135
static int connection_exit_connect_dir(edge_connection_t *exitconn);
136
137
static int consider_plaintext_ports(entry_connection_t *conn, uint16_t port);
static int connection_ap_supports_optimistic_data(const entry_connection_t *);
138

139
140
141
142
/** An AP stream has failed/finished. If it hasn't already sent back
 * a socks reply, send one now (based on endreason). Also set
 * has_sent_end to 1, and mark the conn.
 */
143
144
145
MOCK_IMPL(void,
connection_mark_unattached_ap_,(entry_connection_t *conn, int endreason,
                                int line, const char *file))
146
{
147
  connection_t *base_conn = ENTRY_TO_CONN(conn);
148
  edge_connection_t *edge_conn = ENTRY_TO_EDGE_CONN(conn);
149
150
  tor_assert(base_conn->type == CONN_TYPE_AP);
  ENTRY_TO_EDGE_CONN(conn)->edge_has_sent_end = 1; /* no circ yet */
151

152
153
154
155
  /* If this is a rendezvous stream and it is failing without ever
   * being attached to a circuit, assume that an attempt to connect to
   * the destination hidden service has just ended.
   *
156
   * XXXX This condition doesn't limit to only streams failing
157
158
   * without ever being attached.  That sloppiness should be harmless,
   * but we should fix it someday anyway. */
159
160
  if ((edge_conn->on_circuit != NULL || edge_conn->edge_has_sent_end) &&
      connection_edge_is_rendezvous_stream(edge_conn)) {
161
162
163
    if (edge_conn->rend_data) {
      rend_client_note_connection_attempt_ended(edge_conn->rend_data);
    }
164
165
  }

166
  if (base_conn->marked_for_close) {
167
    /* This call will warn as appropriate. */
168
    connection_mark_for_close_(base_conn, line, file);
169
170
171
    return;
  }

172
  if (!conn->socks_request->has_finished) {
173
    if (endreason & END_STREAM_REASON_FLAG_ALREADY_SOCKS_REPLIED)
Roger Dingledine's avatar
Roger Dingledine committed
174
      log_warn(LD_BUG,
175
               "stream (marked at %s:%d) sending two socks replies?",
Roger Dingledine's avatar
Roger Dingledine committed
176
               file, line);
177

178
    if (SOCKS_COMMAND_IS_CONNECT(conn->socks_request->command))
179
      connection_ap_handshake_socks_reply(conn, NULL, 0, endreason);
180
    else if (SOCKS_COMMAND_IS_RESOLVE(conn->socks_request->command))
181
182
      connection_ap_handshake_socks_resolved(conn,
                                             RESOLVED_TYPE_ERROR_TRANSIENT,
183
                                             0, NULL, -1, -1);
184
185
    else /* unknown or no handshake at all. send no response. */
      conn->socks_request->has_finished = 1;
186
  }
187

188
  connection_mark_and_flush_(base_conn, line, file);
189

190
  ENTRY_TO_EDGE_CONN(conn)->end_reason = endreason;
191
192
}

193
194
/** There was an EOF. Send an end and mark the connection for close.
 */
195
int
196
connection_edge_reached_eof(edge_connection_t *conn)
197
{
198
  if (connection_get_inbuf_len(TO_CONN(conn)) &&
199
      connection_state_is_open(TO_CONN(conn))) {
Roger Dingledine's avatar
Roger Dingledine committed
200
201
202
    /* it still has stuff to process. don't let it die yet. */
    return 0;
  }
203
204
  log_info(LD_EDGE,"conn (fd "TOR_SOCKET_T_FORMAT") reached eof. Closing.",
           conn->base_.s);
205
  if (!conn->base_.marked_for_close) {
206
207
    /* only mark it if not already marked. it's possible to
     * get the 'end' right around when the client hangs up on us. */
208
    connection_edge_end(conn, END_STREAM_REASON_DONE);
209
    if (conn->base_.type == CONN_TYPE_AP) {
210
211
212
213
      /* eof, so don't send a socks reply back */
      if (EDGE_TO_ENTRY_CONN(conn)->socks_request)
        EDGE_TO_ENTRY_CONN(conn)->socks_request->has_finished = 1;
    }
214
    connection_mark_for_close(TO_CONN(conn));
215
216
217
218
219
  }
  return 0;
}

/** Handle new bytes on conn->inbuf based on state:
220
221
 *   - If it's waiting for socks info, try to read another step of the
 *     socks handshake out of conn->inbuf.
222
 *   - If it's waiting for the original destination, fetch it.
223
224
225
226
 *   - If it's open, then package more relay cells from the stream.
 *   - Else, leave the bytes on inbuf alone for now.
 *
 * Mark and return -1 if there was an unexpected error with the conn,
227
228
 * else return 0.
 */
229
int
230
connection_edge_process_inbuf(edge_connection_t *conn, int package_partial)
231
{
Roger Dingledine's avatar
Roger Dingledine committed
232
  tor_assert(conn);
233

234
  switch (conn->base_.state) {
235
    case AP_CONN_STATE_SOCKS_WAIT:
236
      if (connection_ap_handshake_process_socks(EDGE_TO_ENTRY_CONN(conn)) <0) {
237
        /* already marked */
238
239
240
        return -1;
      }
      return 0;
241
    case AP_CONN_STATE_NATD_WAIT:
242
      if (connection_ap_process_natd(EDGE_TO_ENTRY_CONN(conn)) < 0) {
243
244
245
246
        /* already marked */
        return -1;
      }
      return 0;
247
248
249
250
251
    case AP_CONN_STATE_HTTP_CONNECT_WAIT:
      if (connection_ap_process_http_connect(EDGE_TO_ENTRY_CONN(conn)) < 0) {
        return -1;
      }
      return 0;
252
253
    case AP_CONN_STATE_OPEN:
    case EXIT_CONN_STATE_OPEN:
254
      if (connection_edge_package_raw_inbuf(conn, package_partial, NULL) < 0) {
255
        /* (We already sent an end cell if possible) */
256
        connection_mark_for_close(TO_CONN(conn));
257
258
        return -1;
      }
259
      return 0;
260
    case AP_CONN_STATE_CONNECT_WAIT:
261
      if (connection_ap_supports_optimistic_data(EDGE_TO_ENTRY_CONN(conn))) {
262
263
264
        log_info(LD_EDGE,
                 "data from edge while in '%s' state. Sending it anyway. "
                 "package_partial=%d, buflen=%ld",
265
                 conn_state_to_string(conn->base_.type, conn->base_.state),
266
267
                 package_partial,
                 (long)connection_get_inbuf_len(TO_CONN(conn)));
268
269
270
271
272
273
274
275
276
        if (connection_edge_package_raw_inbuf(conn, package_partial, NULL)<0) {
          /* (We already sent an end cell if possible) */
          connection_mark_for_close(TO_CONN(conn));
          return -1;
        }
        return 0;
      }
      /* Fall through if the connection is on a circuit without optimistic
       * data support. */
277
      /* Falls through. */
278
    case EXIT_CONN_STATE_CONNECTING:
279
    case AP_CONN_STATE_RENDDESC_WAIT:
280
    case AP_CONN_STATE_CIRCUIT_WAIT:
281
    case AP_CONN_STATE_RESOLVE_WAIT:
282
    case AP_CONN_STATE_CONTROLLER_WAIT:
Roger Dingledine's avatar
Roger Dingledine committed
283
284
      log_info(LD_EDGE,
               "data from edge while in '%s' state. Leaving it on buffer.",
285
               conn_state_to_string(conn->base_.type, conn->base_.state));
286
287
      return 0;
  }
288
  log_warn(LD_BUG,"Got unexpected state %d. Closing.",conn->base_.state);
289
  tor_fragile_assert();
290
  connection_edge_end(conn, END_STREAM_REASON_INTERNAL);
291
  connection_mark_for_close(TO_CONN(conn));
292
  return -1;
293
294
}

295
296
297
/** This edge needs to be closed, because its circuit has closed.
 * Mark it for close and return 0.
 */
298
int
299
connection_edge_destroy(circid_t circ_id, edge_connection_t *conn)
300
{
301
  if (!conn->base_.marked_for_close) {
302
303
    log_info(LD_EDGE, "CircID %u: At an edge. Marking connection for close.",
             (unsigned) circ_id);
304
    if (conn->base_.type == CONN_TYPE_AP) {
305
306
      entry_connection_t *entry_conn = EDGE_TO_ENTRY_CONN(conn);
      connection_mark_unattached_ap(entry_conn, END_STREAM_REASON_DESTROY);
307
      control_event_stream_bandwidth(conn);
308
      control_event_stream_status(entry_conn, STREAM_EVENT_CLOSED,
309
310
                                  END_STREAM_REASON_DESTROY);
      conn->end_reason |= END_STREAM_REASON_FLAG_ALREADY_SENT_CLOSED;
311
    } else {
312
      /* closing the circuit, nothing to send an END to */
313
      conn->edge_has_sent_end = 1;
314
      conn->end_reason = END_STREAM_REASON_DESTROY;
315
      conn->end_reason |= END_STREAM_REASON_FLAG_ALREADY_SENT_CLOSED;
316
      connection_mark_and_flush(TO_CONN(conn));
317
    }
318
  }
319
  conn->cpath_layer = NULL;
320
  conn->on_circuit = NULL;
321
322
323
  return 0;
}

324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
/** Send a raw end cell to the stream with ID <b>stream_id</b> out over the
 * <b>circ</b> towards the hop identified with <b>cpath_layer</b>. If this
 * is not a client connection, set the relay end cell's reason for closing
 * as <b>reason</b> */
static int
relay_send_end_cell_from_edge(streamid_t stream_id, circuit_t *circ,
                              uint8_t reason, crypt_path_t *cpath_layer)
{
  char payload[1];

  if (CIRCUIT_PURPOSE_IS_CLIENT(circ->purpose)) {
    /* Never send the server an informative reason code; it doesn't need to
     * know why the client stream is failing. */
    reason = END_STREAM_REASON_MISC;
  }

  payload[0] = (char) reason;

  return relay_send_command_from_edge(stream_id, circ, RELAY_COMMAND_END,
                                      payload, 1, cpath_layer);
}

346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
/* If the connection <b>conn</b> is attempting to connect to an external
 * destination that is an hidden service and the reason is a connection
 * refused or timeout, log it so the operator can take appropriate actions.
 * The log statement is a rate limited warning. */
static void
warn_if_hs_unreachable(const edge_connection_t *conn, uint8_t reason)
{
  tor_assert(conn);

  if (conn->base_.type == CONN_TYPE_EXIT &&
      connection_edge_is_rendezvous_stream(conn) &&
      (reason == END_STREAM_REASON_CONNECTREFUSED ||
       reason == END_STREAM_REASON_TIMEOUT)) {
#define WARN_FAILED_HS_CONNECTION 300
    static ratelim_t warn_limit = RATELIM_INIT(WARN_FAILED_HS_CONNECTION);
    char *m;
    if ((m = rate_limit_log(&warn_limit, approx_time()))) {
      log_warn(LD_EDGE, "Onion service connection to %s failed (%s)",
               (conn->base_.socket_family == AF_UNIX) ?
               safe_str(conn->base_.address) :
               safe_str(fmt_addrport(&conn->base_.addr, conn->base_.port)),
               stream_end_reason_to_string(reason));
      tor_free(m);
    }
  }
}

373
374
375
/** Send a relay end cell from stream <b>conn</b> down conn's circuit, and
 * remember that we've done so.  If this is not a client connection, set the
 * relay end cell's reason for closing as <b>reason</b>.
376
377
378
379
 *
 * Return -1 if this function has already been called on this conn,
 * else return 0.
 */
380
int
381
connection_edge_end(edge_connection_t *conn, uint8_t reason)
382
{
383
  char payload[RELAY_PAYLOAD_SIZE];
384
  size_t payload_len=1;
385
  circuit_t *circ;
Mike Perry's avatar
   
Mike Perry committed
386
  uint8_t control_reason = reason;
387

388
  if (conn->edge_has_sent_end) {
389
    log_warn(LD_BUG,"(Harmless.) Calling connection_edge_end (reason %d) "
Roger Dingledine's avatar
Roger Dingledine committed
390
             "on an already ended stream?", reason);
391
    tor_fragile_assert();
392
    return -1;
393
394
  }

395
  if (conn->base_.marked_for_close) {
Roger Dingledine's avatar
Roger Dingledine committed
396
    log_warn(LD_BUG,
397
             "called on conn that's already marked for close at %s:%d.",
398
             conn->base_.marked_for_close_file, conn->base_.marked_for_close);
399
400
401
    return 0;
  }

402
403
404
405
406
407
408
409
410
  circ = circuit_get_by_edge_conn(conn);
  if (circ && CIRCUIT_PURPOSE_IS_CLIENT(circ->purpose)) {
    /* If this is a client circuit, don't send the server an informative
     * reason code; it doesn't need to know why the client stream is
     * failing. */
    reason = END_STREAM_REASON_MISC;
  }

  payload[0] = (char)reason;
411
412
  if (reason == END_STREAM_REASON_EXITPOLICY &&
      !connection_edge_is_rendezvous_stream(conn)) {
413
    int addrlen;
414
415
    if (tor_addr_family(&conn->base_.addr) == AF_INET) {
      set_uint32(payload+1, tor_addr_to_ipv4n(&conn->base_.addr));
416
417
      addrlen = 4;
    } else {
418
      memcpy(payload+1, tor_addr_to_in6_addr8(&conn->base_.addr), 16);
419
420
421
422
      addrlen = 16;
    }
    set_uint32(payload+1+addrlen, htonl(dns_clip_ttl(conn->address_ttl)));
    payload_len += 4+addrlen;
423
424
  }

425
  if (circ && !circ->marked_for_close) {
426
427
    log_debug(LD_EDGE,"Sending end on conn (fd "TOR_SOCKET_T_FORMAT").",
              conn->base_.s);
428
    connection_edge_send_command(conn, RELAY_COMMAND_END,
429
                                 payload, payload_len);
430
431
432
    /* We'll log warn if the connection was an hidden service and couldn't be
     * made because the service wasn't available. */
    warn_if_hs_unreachable(conn, control_reason);
433
  } else {
Nick Mathewson's avatar
Nick Mathewson committed
434
435
    log_debug(LD_EDGE,"No circ to send end on conn "
              "(fd "TOR_SOCKET_T_FORMAT").",
436
              conn->base_.s);
437
438
  }

439
  conn->edge_has_sent_end = 1;
Mike Perry's avatar
   
Mike Perry committed
440
  conn->end_reason = control_reason;
441
  return 0;
442
443
}

Nick Mathewson's avatar
Nick Mathewson committed
444
/** An error has just occurred on an operation on an edge connection
445
446
 * <b>conn</b>.  Extract the errno; convert it to an end reason, and send an
 * appropriate relay end cell to the other end of the connection's circuit.
447
 **/
448
int
449
connection_edge_end_errno(edge_connection_t *conn)
450
451
452
{
  uint8_t reason;
  tor_assert(conn);
453
  reason = errno_to_stream_end_reason(tor_socket_errno(conn->base_.s));
454
  return connection_edge_end(conn, reason);
455
456
}

457
458
459
460
461
462
463
464
/** We just wrote some data to <b>conn</b>; act appropriately.
 *
 * (That is, if it's open, consider sending a stream-level sendme cell if we
 * have just flushed enough.)
 */
int
connection_edge_flushed_some(edge_connection_t *conn)
{
465
  switch (conn->base_.state) {
466
467
468
469
470
471
472
473
    case AP_CONN_STATE_OPEN:
    case EXIT_CONN_STATE_OPEN:
      connection_edge_consider_sending_sendme(conn);
      break;
  }
  return 0;
}

474
475
476
477
478
479
480
481
482
483
/** Connection <b>conn</b> has finished writing and has no bytes left on
 * its outbuf.
 *
 * If it's in state 'open', stop writing, consider responding with a
 * sendme, and return.
 * Otherwise, stop writing and return.
 *
 * If <b>conn</b> is broken, mark it for close and return -1, else
 * return 0.
 */
484
int
485
connection_edge_finished_flushing(edge_connection_t *conn)
486
{
Roger Dingledine's avatar
Roger Dingledine committed
487
  tor_assert(conn);
488

489
  switch (conn->base_.state) {
490
491
    case AP_CONN_STATE_OPEN:
    case EXIT_CONN_STATE_OPEN:
492
      connection_edge_consider_sending_sendme(conn);
493
      return 0;
Roger Dingledine's avatar
Roger Dingledine committed
494
    case AP_CONN_STATE_SOCKS_WAIT:
495
    case AP_CONN_STATE_NATD_WAIT:
496
    case AP_CONN_STATE_RENDDESC_WAIT:
497
    case AP_CONN_STATE_CIRCUIT_WAIT:
498
    case AP_CONN_STATE_CONNECT_WAIT:
499
    case AP_CONN_STATE_CONTROLLER_WAIT:
500
    case AP_CONN_STATE_RESOLVE_WAIT:
501
    case AP_CONN_STATE_HTTP_CONNECT_WAIT:
Roger Dingledine's avatar
Roger Dingledine committed
502
      return 0;
503
    default:
504
      log_warn(LD_BUG, "Called in unexpected state %d.",conn->base_.state);
505
      tor_fragile_assert();
506
      return -1;
507
508
509
510
  }
  return 0;
}

511
512
513
/** Longest size for the relay payload of a RELAY_CONNECTED cell that we're
 * able to generate. */
/* 4 zero bytes; 1 type byte; 16 byte IPv6 address; 4 byte TTL. */
514
515
#define MAX_CONNECTED_CELL_PAYLOAD_LEN 25

516
517
518
519
520
521
/** Set the buffer at <b>payload_out</b> -- which must have at least
 * MAX_CONNECTED_CELL_PAYLOAD_LEN bytes available -- to the body of a
 * RELAY_CONNECTED cell indicating that we have connected to <b>addr</b>, and
 * that the name resolution that led us to <b>addr</b> will be valid for
 * <b>ttl</b> seconds. Return -1 on error, or the number of bytes used on
 * success. */
522
STATIC int
523
524
525
526
527
528
529
connected_cell_format_payload(uint8_t *payload_out,
                              const tor_addr_t *addr,
                              uint32_t ttl)
{
  const sa_family_t family = tor_addr_family(addr);
  int connected_payload_len;

530
531
532
  /* should be needless */
  memset(payload_out, 0, MAX_CONNECTED_CELL_PAYLOAD_LEN);

533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
  if (family == AF_INET) {
    set_uint32(payload_out, tor_addr_to_ipv4n(addr));
    connected_payload_len = 4;
  } else if (family == AF_INET6) {
    set_uint32(payload_out, 0);
    set_uint8(payload_out + 4, 6);
    memcpy(payload_out + 5, tor_addr_to_in6_addr8(addr), 16);
    connected_payload_len = 21;
  } else {
    return -1;
  }

  set_uint32(payload_out + connected_payload_len, htonl(dns_clip_ttl(ttl)));
  connected_payload_len += 4;

  tor_assert(connected_payload_len <= MAX_CONNECTED_CELL_PAYLOAD_LEN);

  return connected_payload_len;
}

553
554
555
/** Connected handler for exit connections: start writing pending
 * data, deliver 'CONNECTED' relay cells as appropriate, and check
 * any pending data that may have been received. */
556
int
557
connection_edge_finished_connecting(edge_connection_t *edge_conn)
558
{
559
  connection_t *conn;
560

561
  tor_assert(edge_conn);
562
  tor_assert(edge_conn->base_.type == CONN_TYPE_EXIT);
563
  conn = TO_CONN(edge_conn);
564
565
  tor_assert(conn->state == EXIT_CONN_STATE_CONNECTING);

Roger Dingledine's avatar
Roger Dingledine committed
566
  log_info(LD_EXIT,"Exit connection to %s:%u (%s) established.",
567
           escaped_safe_str(conn->address), conn->port,
568
           safe_str(fmt_and_decorate_addr(&conn->addr)));
569

570
  rep_hist_note_exit_stream_opened(conn->port);
571

572
  conn->state = EXIT_CONN_STATE_OPEN;
573
  connection_watch_events(conn, READ_EVENT); /* stop writing, keep reading */
574
  if (connection_get_outbuf_len(conn)) /* in case there are any queued relay
575
                                        * cells */
576
577
    connection_start_writing(conn);
  /* deliver a 'connected' relay cell back through the circuit. */
578
579
  if (connection_edge_is_rendezvous_stream(edge_conn)) {
    if (connection_edge_send_command(edge_conn,
580
                                     RELAY_COMMAND_CONNECTED, NULL, 0) < 0)
581
582
      return 0; /* circuit is closed, don't continue */
  } else {
583
584
585
586
587
588
589
    uint8_t connected_payload[MAX_CONNECTED_CELL_PAYLOAD_LEN];
    int connected_payload_len =
      connected_cell_format_payload(connected_payload, &conn->addr,
                                    edge_conn->address_ttl);
    if (connected_payload_len < 0)
      return -1;

590
    if (connection_edge_send_command(edge_conn,
591
592
                        RELAY_COMMAND_CONNECTED,
                        (char*)connected_payload, connected_payload_len) < 0)
593
594
      return 0; /* circuit is closed, don't continue */
  }
595
  tor_assert(edge_conn->package_window > 0);
596
  /* in case the server has written anything */
597
  return connection_edge_process_inbuf(edge_conn, 1);
598
599
}

600
601
602
603
604
605
606
607
/** A list of all the entry_connection_t * objects that are not marked
 * for close, and are in AP_CONN_STATE_CIRCUIT_WAIT.
 *
 * (Right now, we check in several places to make sure that this list is
 * correct.  When it's incorrect, we'll fix it, and log a BUG message.)
 */
static smartlist_t *pending_entry_connections = NULL;

608
609
static int untried_pending_connections = 0;

610
611
612
613
614
615
616
617
618
619
620
621
622
/** Common code to connection_(ap|exit)_about_to_close. */
static void
connection_edge_about_to_close(edge_connection_t *edge_conn)
{
  if (!edge_conn->edge_has_sent_end) {
    connection_t *conn = TO_CONN(edge_conn);
    log_warn(LD_BUG, "(Harmless.) Edge connection (marked at %s:%d) "
             "hasn't sent end yet?",
             conn->marked_for_close_file, conn->marked_for_close);
    tor_fragile_assert();
  }
}

623
/** Called when we're about to finally unlink and free an AP (client)
624
625
 * connection: perform necessary accounting and cleanup */
void
626
connection_ap_about_to_close(entry_connection_t *entry_conn)
627
628
{
  circuit_t *circ;
629
630
  edge_connection_t *edge_conn = ENTRY_TO_EDGE_CONN(entry_conn);
  connection_t *conn = ENTRY_TO_CONN(entry_conn);
631

632
633
  connection_edge_about_to_close(edge_conn);

634
  if (entry_conn->socks_request->has_finished == 0) {
635
636
637
638
639
640
641
642
643
644
645
    /* since conn gets removed right after this function finishes,
     * there's no point trying to send back a reply at this point. */
    log_warn(LD_BUG,"Closing stream (marked at %s:%d) without sending"
             " back a socks reply.",
             conn->marked_for_close_file, conn->marked_for_close);
  }
  if (!edge_conn->end_reason) {
    log_warn(LD_BUG,"Closing stream (marked at %s:%d) without having"
             " set end_reason.",
             conn->marked_for_close_file, conn->marked_for_close);
  }
646
  if (entry_conn->dns_server_request) {
647
648
649
    log_warn(LD_BUG,"Closing stream (marked at %s:%d) without having"
             " replied to DNS request.",
             conn->marked_for_close_file, conn->marked_for_close);
650
    dnsserv_reject_request(entry_conn);
651
  }
652
653
654
655
656
657
658
659

  if (TO_CONN(edge_conn)->state == AP_CONN_STATE_CIRCUIT_WAIT) {
    smartlist_remove(pending_entry_connections, entry_conn);
  }

#if 1
  /* Check to make sure that this isn't in pending_entry_connections if it
   * didn't actually belong there. */
660
661
662
  if (TO_CONN(edge_conn)->type == CONN_TYPE_AP) {
    connection_ap_warn_and_unmark_if_pending_circ(entry_conn,
                                                  "about_to_close");
663
  }
664
#endif /* 1 */
665

666
  control_event_stream_bandwidth(edge_conn);
667
  control_event_stream_status(entry_conn, STREAM_EVENT_CLOSED,
668
669
670
671
672
673
                              edge_conn->end_reason);
  circ = circuit_get_by_edge_conn(edge_conn);
  if (circ)
    circuit_detach_stream(circ, edge_conn);
}

674
/** Called when we're about to finally unlink and free an exit
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
 * connection: perform necessary accounting and cleanup */
void
connection_exit_about_to_close(edge_connection_t *edge_conn)
{
  circuit_t *circ;
  connection_t *conn = TO_CONN(edge_conn);

  connection_edge_about_to_close(edge_conn);

  circ = circuit_get_by_edge_conn(edge_conn);
  if (circ)
    circuit_detach_stream(circ, edge_conn);
  if (conn->state == EXIT_CONN_STATE_RESOLVING) {
    connection_dns_remove(edge_conn);
  }
}

692
693
/** Define a schedule for how long to wait between retrying
 * application connections. Rather than waiting a fixed amount of
694
 * time between each retry, we wait 10 seconds each for the first
695
 * two tries, and 15 seconds for each retry after
696
 * that. Hopefully this will improve the expected user experience. */
697
static int
698
compute_retry_timeout(entry_connection_t *conn)
699
{
700
701
702
  int timeout = get_options()->CircuitStreamTimeout;
  if (timeout) /* if our config options override the default, use them */
    return timeout;
703
  if (conn->num_socks_retries < 2) /* try 0 and try 1 */
704
705
706
707
    return 10;
  return 15;
}

708
/** Find all general-purpose AP streams waiting for a response that sent their
709
 * begin/resolve cell too long ago. Detach from their current circuit, and
710
 * mark their current circuit as unsuitable for new streams. Then call
711
712
713
 * connection_ap_handshake_attach_circuit() to attach to a new circuit (if
 * available) or launch a new one.
 *
714
 * For rendezvous streams, simply give up after SocksTimeout seconds (with no
715
716
 * retry attempt).
 */
717
718
719
void
connection_ap_expire_beginning(void)
{
720
  edge_connection_t *conn;
721
  entry_connection_t *entry_conn;
722
  circuit_t *circ;
723
  time_t now = time(NULL);
724
  const or_options_t *options = get_options();
725
  int severity;
726
  int cutoff;
727
  int seconds_idle, seconds_since_born;
728
  smartlist_t *conns = get_connection_array();
729

730
731
  SMARTLIST_FOREACH_BEGIN(conns, connection_t *, base_conn) {
    if (base_conn->type != CONN_TYPE_AP || base_conn->marked_for_close)
732
      continue;
733
734
    entry_conn = TO_ENTRY_CONN(base_conn);
    conn = ENTRY_TO_EDGE_CONN(entry_conn);
735
    /* if it's an internal linked connection, don't yell its status. */
736
    severity = (tor_addr_is_null(&base_conn->addr) && !base_conn->port)
737
      ? LOG_INFO : LOG_NOTICE;
738
739
    seconds_idle = (int)( now - base_conn->timestamp_lastread );
    seconds_since_born = (int)( now - base_conn->timestamp_created );
740

741
    if (base_conn->state == AP_CONN_STATE_OPEN)
742
743
744
745
746
747
      continue;

    /* We already consider SocksTimeout in
     * connection_ap_handshake_attach_circuit(), but we need to consider
     * it here too because controllers that put streams in controller_wait
     * state never ask Tor to attach the circuit. */
748
    if (AP_CONN_STATE_IS_UNATTACHED(base_conn->state)) {
749
      if (seconds_since_born >= options->SocksTimeout) {
750
751
752
        log_fn(severity, LD_APP,
            "Tried for %d seconds to get a connection to %s:%d. "
            "Giving up. (%s)",
753
            seconds_since_born,
754
755
756
757
            safe_str_client(entry_conn->socks_request->address),
            entry_conn->socks_request->port,
            conn_state_to_string(CONN_TYPE_AP, base_conn->state));
        connection_mark_unattached_ap(entry_conn, END_STREAM_REASON_TIMEOUT);
758
759
760
761
      }
      continue;
    }

762
763
764
    /* We're in state connect_wait or resolve_wait now -- waiting for a
     * reply to our relay cell. See if we want to retry/give up. */

765
    cutoff = compute_retry_timeout(entry_conn);
766
    if (seconds_idle < cutoff)
767
      continue;
768
    circ = circuit_get_by_edge_conn(conn);
769
    if (!circ) { /* it's vanished? */
Roger Dingledine's avatar
Roger Dingledine committed
770
      log_info(LD_APP,"Conn is waiting (address %s), but lost its circ.",
771
772
               safe_str_client(entry_conn->socks_request->address));
      connection_mark_unattached_ap(entry_conn, END_STREAM_REASON_TIMEOUT);
773
774
      continue;
    }
775
    if (circ->purpose == CIRCUIT_PURPOSE_C_REND_JOINED) {
776
      if (seconds_idle >= options->SocksTimeout) {
777
778
779
        log_fn(severity, LD_REND,
               "Rend stream is %d seconds late. Giving up on address"
               " '%s.onion'.",
780
               seconds_idle,
781
               safe_str_client(entry_conn->socks_request->address));
782
783
784
785
        /* Roll back path bias use state so that we probe the circuit
         * if nothing else succeeds on it */
        pathbias_mark_use_rollback(TO_ORIGIN_CIRCUIT(circ));

786
        connection_edge_end(conn, END_STREAM_REASON_TIMEOUT);
787
        connection_mark_unattached_ap(entry_conn, END_STREAM_REASON_TIMEOUT);
788
789
790
      }
      continue;
    }
791
792
793
    if (circ->purpose != CIRCUIT_PURPOSE_C_GENERAL &&
        circ->purpose != CIRCUIT_PURPOSE_C_MEASURE_TIMEOUT &&
        circ->purpose != CIRCUIT_PURPOSE_PATH_BIAS_TESTING) {
Nick Mathewson's avatar
Nick Mathewson committed
794
795
796
797
798
799
      log_warn(LD_BUG, "circuit->purpose == CIRCUIT_PURPOSE_C_GENERAL failed. "
               "The purpose on the circuit was %s; it was in state %s, "
               "path_state %s.",
               circuit_purpose_to_string(circ->purpose),
               circuit_state_to_string(circ->state),
               CIRCUIT_IS_ORIGIN(circ) ?
Nick Mathewson's avatar
Nick Mathewson committed
800
801
                pathbias_state_to_string(TO_ORIGIN_CIRCUIT(circ)->path_state) :
                "none");
Nick Mathewson's avatar
Nick Mathewson committed
802
    }
803
    log_fn(cutoff < 15 ? LOG_INFO : severity, LD_APP,
804
           "We tried for %d seconds to connect to '%s' using exit %s."
805
           " Retrying on a new circuit.",
806
           seconds_idle,
807
           safe_str_client(entry_conn->socks_request->address),
808
           conn->cpath_layer ?
809
810
             extend_info_describe(conn->cpath_layer->extend_info):
             "*unnamed*");
811
    /* send an end down the circuit */
812
    connection_edge_end(conn, END_STREAM_REASON_TIMEOUT);
813
    /* un-mark it as ending, since we're going to reuse it */
814
    conn->edge_has_sent_end = 0;
815
    conn->end_reason = 0;
816
817
818
819
    /* make us not try this circuit again, but allow
     * current streams on it to survive if they can */
    mark_circuit_unusable_for_new_conns(TO_ORIGIN_CIRCUIT(circ));

820
    /* give our stream another 'cutoff' seconds to try */
821
    conn->base_.timestamp_lastread += cutoff;
822
823
    if (entry_conn->num_socks_retries < 250) /* avoid overflow */
      entry_conn->num_socks_retries++;
824
    /* move it back into 'pending' state, and try to attach. */
825
    if (connection_ap_detach_retriable(entry_conn, TO_ORIGIN_CIRCUIT(circ),
826
                                       END_STREAM_REASON_TIMEOUT)<0) {
827
      if (!base_conn->marked_for_close)
828
829
        connection_mark_unattached_ap(entry_conn,
                                      END_STREAM_REASON_CANT_ATTACH);
830
    }
831
  } SMARTLIST_FOREACH_END(base_conn);
832
833
}

834
835
836
/**
 * As connection_ap_attach_pending, but first scans the entire connection
 * array to see if any elements are missing.
837
 */
838
void
839
connection_ap_rescan_and_attach_pending(void)
840
{
841
  entry_connection_t *entry_conn;
842
  smartlist_t *conns = get_connection_array();
843
844
845
846

  if (PREDICT_UNLIKELY(NULL == pending_entry_connections))
    pending_entry_connections = smartlist_new();

847
  SMARTLIST_FOREACH_BEGIN(conns, connection_t *, conn) {
Roger Dingledine's avatar
Roger Dingledine committed
848
849
    if (conn->marked_for_close ||
        conn->type != CONN_TYPE_AP ||
850
        conn->state != AP_CONN_STATE_CIRCUIT_WAIT)
851
      continue;
852

853
    entry_conn = TO_ENTRY_CONN(conn);
854
    tor_assert(entry_conn);
855
856
857
858
859
    if (! smartlist_contains(pending_entry_connections, entry_conn)) {
      log_warn(LD_BUG, "Found a connection %p that was supposed to be "
               "in pending_entry_connections, but wasn't. No worries; "
               "adding it.",
               pending_entry_connections);
860
      untried_pending_connections = 1;
861
      connection_ap_mark_as_pending_circuit(entry_conn);
862
863
864
865
    }

  } SMARTLIST_FOREACH_END(conn);

866
  connection_ap_attach_pending(1);
867
868
}

869
870
871
872
873
#ifdef DEBUGGING_17659
#define UNMARK() do {                           \
    entry_conn->marked_pending_circ_line = 0;   \
    entry_conn->marked_pending_circ_file = 0;   \
  } while (0)
874
#else /* !(defined(DEBUGGING_17659)) */
875
#define UNMARK() do { } while (0)
876
#endif /* defined(DEBUGGING_17659) */
877

878
/** Tell any AP streams that are listed as waiting for a new circuit to try
879
880
 * again.  If there is an available circuit for a stream, attach it. Otherwise,
 * launch a new circuit.
881
882
883
 *
 * If <b>retry</b> is false, only check the list if it contains at least one
 * streams that we have not yet tried to attach to a circuit.
884
885
 */
void
886
connection_ap_attach_pending(int retry)
887
888
889
890
891
{
  if (PREDICT_UNLIKELY(!pending_entry_connections)) {
    return;
  }

892
893
894
  if (untried_pending_connections == 0 && !retry)
    return;

895
896
897
  /* Don't allow any modifications to list while we are iterating over
   * it.  We'll put streams back on this list if we can't attach them
   * immediately. */
Nick Mathewson's avatar
Nick Mathewson committed
898
899
900
901
  smartlist_t *pending = pending_entry_connections;
  pending_entry_connections = smartlist_new();

  SMARTLIST_FOREACH_BEGIN(pending,
902
903
                          entry_connection_t *, entry_conn) {
    connection_t *conn = ENTRY_TO_CONN(entry_conn);
904
    tor_assert(conn && entry_conn);
905
    if (conn->marked_for_close) {
906
      UNMARK();
907
908
      continue;
    }
909
    if (conn->magic != ENTRY_CONNECTION_MAGIC) {
910
      log_warn(LD_BUG, "%p has impossible magic value %u.",
911
               entry_conn, (unsigned)conn->magic);
912
      UNMARK();
913
914
      continue;
    }
915
    if (conn->state != AP_CONN_STATE_CIRCUIT_WAIT) {
916
917
918
919
      log_warn(LD_BUG, "%p is no longer in circuit_wait. Its current state "
               "is %s. Why is it on pending_entry_connections?",
               entry_conn,
               conn_state_to_string(conn->type, conn->state));
920
      UNMARK();
921
922
923
      continue;
    }

924
    /* Okay, we're through the sanity checks. Try to handle this stream. */
925
926