connection_or.c 91.3 KB
Newer Older
Roger Dingledine's avatar
Roger Dingledine committed
1
2
/* Copyright (c) 2001 Matej Pfajfar.
 * Copyright (c) 2001-2004, Roger Dingledine.
3
 * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson.
4
 * Copyright (c) 2007-2017, The Tor Project, Inc. */
5
/* See LICENSE for licensing information */
Roger Dingledine's avatar
Roger Dingledine committed
6

Roger Dingledine's avatar
Roger Dingledine committed
7
8
9
10
/**
 * \file connection_or.c
 * \brief Functions to handle OR connections, TLS handshaking, and
 * cells on the network.
11
12
13
14
15
16
17
18
19
20
21
 *
 * An or_connection_t is a subtype of connection_t (as implemented in
 * connection.c) that uses a TLS connection to send and receive cells on the
 * Tor network. (By sending and receiving cells connection_or.c, it cooperates
 * with channeltls.c to implement a the channel interface of channel.c.)
 *
 * Every OR connection has an underlying tortls_t object (as implemented in
 * tortls.c) which it uses as its TLS stream.  It is responsible for
 * sending and receiving cells over that TLS.
 *
 * This module also implements the client side of the v3 Tor link handshake,
Roger Dingledine's avatar
Roger Dingledine committed
22
 **/
Roger Dingledine's avatar
Roger Dingledine committed
23
#include "or.h"
24
#include "bridges.h"
Sebastian Hahn's avatar
Sebastian Hahn committed
25
#include "buffers.h"
26
27
28
29
/*
 * Define this so we get channel internal functions, since we're implementing
 * part of a subclass (channel_tls_t).
 */
30
#define TOR_CHANNEL_INTERNAL_
31
32
#include "channel.h"
#include "channeltls.h"
Sebastian Hahn's avatar
Sebastian Hahn committed
33
#include "circuitbuild.h"
34
#include "circuitlist.h"
35
#include "circuitstats.h"
Sebastian Hahn's avatar
Sebastian Hahn committed
36
#include "command.h"
Sebastian Hahn's avatar
Sebastian Hahn committed
37
#include "config.h"
Sebastian Hahn's avatar
Sebastian Hahn committed
38
#include "connection.h"
Sebastian Hahn's avatar
Sebastian Hahn committed
39
#include "connection_or.h"
Sebastian Hahn's avatar
Sebastian Hahn committed
40
#include "control.h"
Sebastian Hahn's avatar
Sebastian Hahn committed
41
#include "dirserv.h"
42
#include "entrynodes.h"
Sebastian Hahn's avatar
Sebastian Hahn committed
43
#include "geoip.h"
Sebastian Hahn's avatar
Sebastian Hahn committed
44
#include "main.h"
45
#include "link_handshake.h"
46
#include "microdesc.h"
Sebastian Hahn's avatar
Sebastian Hahn committed
47
#include "networkstatus.h"
48
#include "nodelist.h"
49
#include "proto_cell.h"
Sebastian Hahn's avatar
Sebastian Hahn committed
50
#include "reasons.h"
Sebastian Hahn's avatar
Sebastian Hahn committed
51
#include "relay.h"
Sebastian Hahn's avatar
Sebastian Hahn committed
52
#include "rephist.h"
Sebastian Hahn's avatar
Sebastian Hahn committed
53
#include "router.h"
54
#include "routerkeys.h"
Sebastian Hahn's avatar
Sebastian Hahn committed
55
#include "routerlist.h"
56
#include "ext_orport.h"
57
#include "scheduler.h"
58
#include "torcert.h"
59
#include "channelpadding.h"
60

61
static int connection_tls_finish_handshake(or_connection_t *conn);
62
static int connection_or_launch_v3_or_handshake(or_connection_t *conn);
63
static int connection_or_process_cells_from_inbuf(or_connection_t *conn);
64
65
66
static int connection_or_check_valid_tls_handshake(or_connection_t *conn,
                                                   int started_here,
                                                   char *digest_rcvd_out);
67

68
69
static void connection_or_tls_renegotiated_cb(tor_tls_t *tls, void *_conn);

70
71
72
73
74
75
76
77
78
79
80
static unsigned int
connection_or_is_bad_for_new_circs(or_connection_t *or_conn);
static void connection_or_mark_bad_for_new_circs(or_connection_t *or_conn);

/*
 * Call this when changing connection state, so notifications to the owning
 * channel can be handled.
 */

static void connection_or_change_state(or_connection_t *conn, uint8_t state);

81
82
83
static void connection_or_check_canonicity(or_connection_t *conn,
                                           int started_here);

Roger Dingledine's avatar
Roger Dingledine committed
84
85
/**************************************************************/

86
87
/** Global map between Extended ORPort identifiers and OR
 *  connections. */
88
89
static digestmap_t *orconn_ext_or_id_map = NULL;

Nick Mathewson's avatar
Nick Mathewson committed
90
91
/** Clear clear conn->identity_digest and update other data
 * structures as appropriate.*/
92
void
93
connection_or_clear_identity(or_connection_t *conn)
94
95
96
97
98
{
  tor_assert(conn);
  memset(conn->identity_digest, 0, DIGEST_LEN);
}

Nick Mathewson's avatar
Nick Mathewson committed
99
/** Clear all identities in OR conns.*/
100
101
102
void
connection_or_clear_identity_map(void)
{
103
104
105
  smartlist_t *conns = get_connection_array();
  SMARTLIST_FOREACH(conns, connection_t *, conn,
  {
106
    if (conn->type == CONN_TYPE_OR) {
107
      connection_or_clear_identity(TO_OR_CONN(conn));
108
    }
109
  });
110
111
}

112
/** Change conn->identity_digest to digest, and add conn into
113
114
115
116
117
118
119
120
 * the appropriate digest maps.
 *
 * NOTE that this function only allows two kinds of transitions: from
 * unset identity to set identity, and from idempotent re-settings
 * of the same identity.  It's not allowed to clear an identity or to
 * change an identity.  Return 0 on success, and -1 if the transition
 * is not allowed.
 **/
121
static void
122
123
124
connection_or_set_identity_digest(or_connection_t *conn,
                                  const char *rsa_digest,
                                  const ed25519_public_key_t *ed_id)
125
{
126
  channel_t *chan = NULL;
127
  tor_assert(conn);
128
  tor_assert(rsa_digest);
129

130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
  if (conn->chan)
    chan = TLS_CHAN_TO_BASE(conn->chan);

  log_info(LD_HANDSHAKE, "Set identity digest for %p (%s): %s %s.",
           conn,
           escaped_safe_str(conn->base_.address),
           hex_str(rsa_digest, DIGEST_LEN),
           ed25519_fmt(ed_id));
  log_info(LD_HANDSHAKE, "   (Previously: %s %s)",
           hex_str(conn->identity_digest, DIGEST_LEN),
           chan ? ed25519_fmt(&chan->ed25519_identity) : "<null>");

  const int rsa_id_was_set = ! tor_digest_is_zero(conn->identity_digest);
  const int ed_id_was_set =
    chan && !ed25519_public_key_is_zero(&chan->ed25519_identity);
  const int rsa_changed =
    tor_memneq(conn->identity_digest, rsa_digest, DIGEST_LEN);
  const int ed_changed = ed_id_was_set &&
    (!ed_id || !ed25519_pubkey_eq(ed_id, &chan->ed25519_identity));

  tor_assert(!rsa_changed || !rsa_id_was_set);
  tor_assert(!ed_changed || !ed_id_was_set);

  if (!rsa_changed && !ed_changed)
154
    return;
155
156

  /* If the identity was set previously, remove the old mapping. */
157
  if (rsa_id_was_set) {
158
    connection_or_clear_identity(conn);
159
160
    if (chan)
      channel_clear_identity_digest(chan);
161
  }
162

163
  memcpy(conn->identity_digest, rsa_digest, DIGEST_LEN);
164

165
166
167
  /* If we're initializing the IDs to zero, don't add a mapping yet. */
  if (tor_digest_is_zero(rsa_digest) &&
      (!ed_id || ed25519_public_key_is_zero(ed_id)))
168
169
    return;

170
  /* Deal with channels */
171
172
  if (chan)
    channel_set_identity_digest(chan, rsa_digest, ed_id);
173
174
}

175
/** Remove the Extended ORPort identifier of <b>conn</b> from the
176
177
 *  global identifier list. Also, clear the identifier from the
 *  connection itself. */
178
179
180
181
void
connection_or_remove_from_ext_or_id_map(or_connection_t *conn)
{
  or_connection_t *tmp;
182
183
184
185
  if (!orconn_ext_or_id_map)
    return;
  if (!conn->ext_or_conn_id)
    return;
186
187
188
189
190
191
192
193

  tmp = digestmap_remove(orconn_ext_or_id_map, conn->ext_or_conn_id);
  if (!tor_digest_is_zero(conn->ext_or_conn_id))
    tor_assert(tmp == conn);

  memset(conn->ext_or_conn_id, 0, EXT_OR_CONN_ID_LEN);
}

Nick Mathewson's avatar
Nick Mathewson committed
194
195
196
197
198
199
200
201
202
203
/** Return the connection whose ext_or_id is <b>id</b>. Return NULL if no such
 * connection is found. */
or_connection_t *
connection_or_get_by_ext_or_id(const char *id)
{
  if (!orconn_ext_or_id_map)
    return NULL;
  return digestmap_get(orconn_ext_or_id_map, id);
}

204
/** Deallocate the global Extended ORPort identifier list */
205
206
207
208
void
connection_or_clear_ext_or_id_map(void)
{
  digestmap_free(orconn_ext_or_id_map, NULL);
209
  orconn_ext_or_id_map = NULL;
210
211
}

Nick Mathewson's avatar
Nick Mathewson committed
212
/** Creates an Extended ORPort identifier for <b>conn</b> and deposits
213
 *  it into the global list of identifiers. */
214
215
216
217
218
219
220
221
222
void
connection_or_set_ext_or_identifier(or_connection_t *conn)
{
  char random_id[EXT_OR_CONN_ID_LEN];
  or_connection_t *tmp;

  if (!orconn_ext_or_id_map)
    orconn_ext_or_id_map = digestmap_new();

223
  /* Remove any previous identifiers: */
224
  if (conn->ext_or_conn_id && !tor_digest_is_zero(conn->ext_or_conn_id))
225
226
227
228
229
230
      connection_or_remove_from_ext_or_id_map(conn);

  do {
    crypto_rand(random_id, sizeof(random_id));
  } while (digestmap_get(orconn_ext_or_id_map, random_id));

231
232
233
  if (!conn->ext_or_conn_id)
    conn->ext_or_conn_id = tor_malloc_zero(EXT_OR_CONN_ID_LEN);

234
235
236
237
238
239
  memcpy(conn->ext_or_conn_id, random_id, EXT_OR_CONN_ID_LEN);

  tmp = digestmap_set(orconn_ext_or_id_map, random_id, conn);
  tor_assert(!tmp);
}

240
241
/**************************************************************/

242
243
244
245
/** Map from a string describing what a non-open OR connection was doing when
 * failed, to an intptr_t describing the count of connections that failed that
 * way.  Note that the count is stored _as_ the pointer.
 */
246
247
static strmap_t *broken_connection_counts;

248
249
250
/** If true, do not record information in <b>broken_connection_counts</b>. */
static int disable_broken_connection_counts = 0;

251
/** Record that an OR connection failed in <b>state</b>. */
252
253
254
255
256
static void
note_broken_connection(const char *state)
{
  void *ptr;
  intptr_t val;
257
258
259
  if (disable_broken_connection_counts)
    return;

260
261
262
263
264
265
266
267
268
269
  if (!broken_connection_counts)
    broken_connection_counts = strmap_new();

  ptr = strmap_get(broken_connection_counts, state);
  val = (intptr_t)ptr;
  val++;
  ptr = (void*)val;
  strmap_set(broken_connection_counts, state, ptr);
}

270
271
/** Forget all recorded states for failed connections.  If
 * <b>stop_recording</b> is true, don't record any more. */
272
void
273
clear_broken_connection_map(int stop_recording)
274
275
276
277
{
  if (broken_connection_counts)
    strmap_free(broken_connection_counts, NULL);
  broken_connection_counts = NULL;
278
279
  if (stop_recording)
    disable_broken_connection_counts = 1;
280
281
}

282
283
284
285
/** Write a detailed description the state of <b>orconn</b> into the
 * <b>buflen</b>-byte buffer at <b>buf</b>.  This description includes not
 * only the OR-conn level state but also the TLS state.  It's useful for
 * diagnosing broken handshakes. */
286
287
288
289
290
291
292
293
static void
connection_or_get_state_description(or_connection_t *orconn,
                                    char *buf, size_t buflen)
{
  connection_t *conn = TO_CONN(orconn);
  const char *conn_state;
  char tls_state[256];

294
  tor_assert(conn->type == CONN_TYPE_OR || conn->type == CONN_TYPE_EXT_OR);
295
296
297
298
299
300
301

  conn_state = conn_state_to_string(conn->type, conn->state);
  tor_tls_get_state_description(orconn->tls, tls_state, sizeof(tls_state));

  tor_snprintf(buf, buflen, "%s with SSL state %s", conn_state, tls_state);
}

302
303
/** Record the current state of <b>orconn</b> as the state of a broken
 * connection. */
304
305
306
307
static void
connection_or_note_state_when_broken(or_connection_t *orconn)
{
  char buf[256];
308
309
  if (disable_broken_connection_counts)
    return;
310
311
312
313
314
  connection_or_get_state_description(orconn, buf, sizeof(buf));
  log_info(LD_HANDSHAKE,"Connection died in state '%s'", buf);
  note_broken_connection(buf);
}

315
/** Helper type used to sort connection states and find the most frequent. */
316
317
318
319
320
typedef struct broken_state_count_t {
  intptr_t count;
  const char *state;
} broken_state_count_t;

321
/** Helper function used to sort broken_state_count_t by frequency. */
322
323
324
325
static int
broken_state_count_compare(const void **a_ptr, const void **b_ptr)
{
  const broken_state_count_t *a = *a_ptr, *b = *b_ptr;
326
327
328
329
330
331
  if (b->count < a->count)
    return -1;
  else if (b->count == a->count)
    return 0;
  else
    return 1;
332
333
}

334
335
/** Upper limit on the number of different states to report for connection
 * failure. */
336
337
#define MAX_REASONS_TO_REPORT 10

338
339
/** Report a list of the top states for failed OR connections at log level
 * <b>severity</b>, in log domain <b>domain</b>. */
340
341
342
343
344
345
void
connection_or_report_broken_states(int severity, int domain)
{
  int total = 0;
  smartlist_t *items;

346
  if (!broken_connection_counts || disable_broken_connection_counts)
347
    return;
348

349
  items = smartlist_new();
350
351
  STRMAP_FOREACH(broken_connection_counts, state, void *, countptr) {
    broken_state_count_t *c = tor_malloc(sizeof(broken_state_count_t));
352
353
    c->count = (intptr_t)countptr;
    total += (int)c->count;
354
355
356
357
358
359
    c->state = state;
    smartlist_add(items, c);
  } STRMAP_FOREACH_END;

  smartlist_sort(items, broken_state_count_compare);

360
  tor_log(severity, domain, "%d connections have failed%s", total,
361
      smartlist_len(items) > MAX_REASONS_TO_REPORT ? ". Top reasons:" : ":");
362
363

  SMARTLIST_FOREACH_BEGIN(items, const broken_state_count_t *, c) {
364
365
    if (c_sl_idx > MAX_REASONS_TO_REPORT)
      break;
366
    tor_log(severity, domain,
367
368
369
370
371
372
373
        " %d connections died in state %s", (int)c->count, c->state);
  } SMARTLIST_FOREACH_END(c);

  SMARTLIST_FOREACH(items, broken_state_count_t *, c, tor_free(c));
  smartlist_free(items);
}

374
375
376
377
378
379
380
381
382
383
384
/** Call this to change or_connection_t states, so the owning channel_tls_t can
 * be notified.
 */

static void
connection_or_change_state(or_connection_t *conn, uint8_t state)
{
  uint8_t old_state;

  tor_assert(conn);

385
386
  old_state = conn->base_.state;
  conn->base_.state = state;
387
388
389
390
391
392
393
394
395
396

  if (conn->chan)
    channel_tls_handle_state_change_on_orconn(conn->chan, conn,
                                              old_state, state);
}

/** Return the number of circuits using an or_connection_t; this used to
 * be an or_connection_t field, but it got moved to channel_t and we
 * shouldn't maintain two copies. */

397
398
MOCK_IMPL(int,
connection_or_get_num_circuits, (or_connection_t *conn))
399
400
401
402
{
  tor_assert(conn);

  if (conn->chan) {
403
    return channel_num_circuits(TLS_CHAN_TO_BASE(conn->chan));
404
405
406
  } else return 0;
}

407
408
/**************************************************************/

Roger Dingledine's avatar
Roger Dingledine committed
409
410
/** Pack the cell_t host-order structure <b>src</b> into network-order
 * in the buffer <b>dest</b>. See tor-spec.txt for details about the
411
 * wire format.
Roger Dingledine's avatar
Roger Dingledine committed
412
413
414
 *
 * Note that this function doesn't touch <b>dst</b>-\>next: the caller
 * should set it or clear it as appropriate.
415
 */
416
void
417
cell_pack(packed_cell_t *dst, const cell_t *src, int wide_circ_ids)
418
{
419
  char *dest = dst->body;
420
421
422
423
  if (wide_circ_ids) {
    set_uint32(dest, htonl(src->circ_id));
    dest += 4;
  } else {
424
425
426
    /* Clear the last two bytes of dest, in case we can accidentally
     * send them to the network somehow. */
    memset(dest+CELL_MAX_NETWORK_SIZE-2, 0, 2);
427
428
429
430
431
    set_uint16(dest, htons(src->circ_id));
    dest += 2;
  }
  set_uint8(dest, src->command);
  memcpy(dest+1, src->payload, CELL_PAYLOAD_SIZE);
Roger Dingledine's avatar
Roger Dingledine committed
432
433
}

Roger Dingledine's avatar
Roger Dingledine committed
434
435
/** Unpack the network-order buffer <b>src</b> into a host-order
 * cell_t structure <b>dest</b>.
436
 */
437
static void
438
cell_unpack(cell_t *dest, const char *src, int wide_circ_ids)
439
{
440
441
442
443
444
445
446
447
448
  if (wide_circ_ids) {
    dest->circ_id = ntohl(get_uint32(src));
    src += 4;
  } else {
    dest->circ_id = ntohs(get_uint16(src));
    src += 2;
  }
  dest->command = get_uint8(src);
  memcpy(dest->payload, src+1, CELL_PAYLOAD_SIZE);
Roger Dingledine's avatar
Roger Dingledine committed
449
450
}

451
452
453
454
/** Write the header of <b>cell</b> into the first VAR_CELL_MAX_HEADER_SIZE
 * bytes of <b>hdr_out</b>. Returns number of bytes used. */
int
var_cell_pack_header(const var_cell_t *cell, char *hdr_out, int wide_circ_ids)
455
{
456
457
458
459
460
461
462
463
464
465
466
467
468
  int r;
  if (wide_circ_ids) {
    set_uint32(hdr_out, htonl(cell->circ_id));
    hdr_out += 4;
    r = VAR_CELL_MAX_HEADER_SIZE;
  } else {
    set_uint16(hdr_out, htons(cell->circ_id));
    hdr_out += 2;
    r = VAR_CELL_MAX_HEADER_SIZE - 2;
  }
  set_uint8(hdr_out, cell->command);
  set_uint16(hdr_out+1, htons(cell->payload_len));
  return r;
469
470
}

471
472
/** Allocate and return a new var_cell_t with <b>payload_len</b> bytes of
 * payload space. */
473
474
475
var_cell_t *
var_cell_new(uint16_t payload_len)
{
Neel Chauhan's avatar
Neel Chauhan committed
476
  size_t size = offsetof(var_cell_t, payload) + payload_len;
477
  var_cell_t *cell = tor_malloc_zero(size);
478
479
480
481
482
483
  cell->payload_len = payload_len;
  cell->command = 0;
  cell->circ_id = 0;
  return cell;
}

484
485
486
487
488
489
490
491
492
493
494
/**
 * Copy a var_cell_t
 */

var_cell_t *
var_cell_copy(const var_cell_t *src)
{
  var_cell_t *copy = NULL;
  size_t size = 0;

  if (src != NULL) {
Neel Chauhan's avatar
Neel Chauhan committed
495
    size = offsetof(var_cell_t, payload) + src->payload_len;
496
497
498
499
500
501
502
503
504
505
    copy = tor_malloc_zero(size);
    copy->payload_len = src->payload_len;
    copy->command = src->command;
    copy->circ_id = src->circ_id;
    memcpy(copy->payload, src->payload, copy->payload_len);
  }

  return copy;
}

Roger Dingledine's avatar
Roger Dingledine committed
506
/** Release all space held by <b>cell</b>. */
507
508
509
510
511
512
void
var_cell_free(var_cell_t *cell)
{
  tor_free(cell);
}

Roger Dingledine's avatar
Roger Dingledine committed
513
/** We've received an EOF from <b>conn</b>. Mark it for close and return. */
514
int
515
connection_or_reached_eof(or_connection_t *conn)
516
{
517
518
  tor_assert(conn);

Roger Dingledine's avatar
Roger Dingledine committed
519
  log_info(LD_OR,"OR connection reached EOF. Closing.");
520
521
  connection_or_close_normally(conn, 1);

522
523
524
  return 0;
}

Roger Dingledine's avatar
Roger Dingledine committed
525
/** Handle any new bytes that have come in on connection <b>conn</b>.
526
527
528
529
 * If conn is in 'open' state, hand it to
 * connection_or_process_cells_from_inbuf()
 * (else do nothing).
 */
530
int
531
connection_or_process_inbuf(or_connection_t *conn)
532
{
533
534
535
536
537
538
  /** Don't let the inbuf of a nonopen OR connection grow beyond this many
   * bytes: it's either a broken client, a non-Tor client, or a DOS
   * attempt. */
#define MAX_OR_INBUF_WHEN_NONOPEN 0

  int ret = 0;
539
  tor_assert(conn);
Roger Dingledine's avatar
Roger Dingledine committed
540

541
  switch (conn->base_.state) {
542
543
544
545
546
547
548
549
    case OR_CONN_STATE_PROXY_HANDSHAKING:
      ret = connection_read_proxy_handshake(TO_CONN(conn));

      /* start TLS after handshake completion, or deal with error */
      if (ret == 1) {
        tor_assert(TO_CONN(conn)->proxy_state == PROXY_CONNECTED);
        if (connection_tls_start_handshake(conn, 0) < 0)
          ret = -1;
550
551
552
        /* Touch the channel's active timestamp if there is one */
        if (conn->chan)
          channel_timestamp_active(TLS_CHAN_TO_BASE(conn->chan));
553
554
      }
      if (ret < 0) {
555
        connection_or_close_for_error(conn, 0);
556
557
558
      }

      return ret;
559
    case OR_CONN_STATE_TLS_SERVER_RENEGOTIATING:
560
    case OR_CONN_STATE_OPEN:
561
    case OR_CONN_STATE_OR_HANDSHAKING_V2:
562
    case OR_CONN_STATE_OR_HANDSHAKING_V3:
563
564
      return connection_or_process_cells_from_inbuf(conn);
    default:
565
566
567
      break; /* don't do anything */
  }

568
569
570
571
  /* This check was necessary with 0.2.2, when the TLS_SERVER_RENEGOTIATING
   * check would otherwise just let data accumulate.  It serves no purpose
   * in 0.2.3.
   *
572
   * XXXX Remove this check once we verify that the above paragraph is
573
   * 100% true. */
574
  if (buf_datalen(conn->base_.inbuf) > MAX_OR_INBUF_WHEN_NONOPEN) {
575
    log_fn(LOG_PROTOCOL_WARN, LD_NET, "Accumulated too much data (%d bytes) "
576
           "on nonopen OR connection %s %s:%u in state %s; closing.",
577
           (int)buf_datalen(conn->base_.inbuf),
578
           connection_or_nonopen_was_started_here(conn) ? "to" : "from",
579
580
           conn->base_.address, conn->base_.port,
           conn_state_to_string(conn->base_.type, conn->base_.state));
581
    connection_or_close_for_error(conn, 0);
582
    ret = -1;
583
  }
584
585

  return ret;
Roger Dingledine's avatar
Roger Dingledine committed
586
587
}

588
589
/** Called whenever we have flushed some data on an or_conn: add more data
 * from active circuits. */
590
591
592
int
connection_or_flushed_some(or_connection_t *conn)
{
593
  size_t datalen;
594

595
596
  /* The channel will want to update its estimated queue size */
  channel_update_xmit_queue_size(TLS_CHAN_TO_BASE(conn->chan));
597

598
599
  /* If we're under the low water mark, add cells until we're just over the
   * high water mark. */
600
  datalen = connection_get_outbuf_len(TO_CONN(conn));
601
  if (datalen < OR_CONN_LOWWATER) {
602
603
    /* Let the scheduler know */
    scheduler_channel_wants_writes(TLS_CHAN_TO_BASE(conn->chan));
604
  }
605

606
607
608
  return 0;
}

609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
/** This is for channeltls.c to ask how many cells we could accept if
 * they were available. */
ssize_t
connection_or_num_cells_writeable(or_connection_t *conn)
{
  size_t datalen, cell_network_size;
  ssize_t n = 0;

  tor_assert(conn);

  /*
   * If we're under the high water mark, we're potentially
   * writeable; note this is different from the calculation above
   * used to trigger when to start writing after we've stopped.
   */
  datalen = connection_get_outbuf_len(TO_CONN(conn));
  if (datalen < OR_CONN_HIGHWATER) {
    cell_network_size = get_cell_network_size(conn->wide_circ_ids);
    n = CEIL_DIV(OR_CONN_HIGHWATER - datalen, cell_network_size);
  }

  return n;
}

Roger Dingledine's avatar
Roger Dingledine committed
633
/** Connection <b>conn</b> has finished writing and has no bytes left on
634
635
 * its outbuf.
 *
Nick Mathewson's avatar
Nick Mathewson committed
636
 * Otherwise it's in state "open": stop writing and return.
637
638
639
 *
 * If <b>conn</b> is broken, mark it for close and return -1, else
 * return 0.
640
 */
641
int
642
connection_or_finished_flushing(or_connection_t *conn)
643
{
644
  tor_assert(conn);
645
  assert_connection_ok(TO_CONN(conn),0);
Roger Dingledine's avatar
Roger Dingledine committed
646

647
  switch (conn->base_.state) {
648
    case OR_CONN_STATE_PROXY_HANDSHAKING:
649
    case OR_CONN_STATE_OPEN:
650
    case OR_CONN_STATE_OR_HANDSHAKING_V2:
651
    case OR_CONN_STATE_OR_HANDSHAKING_V3:
652
653
      break;
    default:
654
      log_err(LD_BUG,"Called in unexpected state %d.", conn->base_.state);
655
      tor_fragile_assert();
656
      return -1;
657
658
659
660
661
662
  }
  return 0;
}

/** Connected handler for OR connections: begin the TLS handshake.
 */
663
int
664
connection_or_finished_connecting(or_connection_t *or_conn)
665
{
666
  const int proxy_type = or_conn->proxy_type;
667
  connection_t *conn;
668

669
670
  tor_assert(or_conn);
  conn = TO_CONN(or_conn);
671
672
  tor_assert(conn->state == OR_CONN_STATE_CONNECTING);

673
  log_debug(LD_HANDSHAKE,"OR connect() to router at %s:%u finished.",
Roger Dingledine's avatar
Roger Dingledine committed
674
            conn->address,conn->port);
675
  control_event_bootstrap(BOOTSTRAP_STATUS_HANDSHAKE, 0);
676

677
678
679
  if (proxy_type != PROXY_NONE) {
    /* start proxy handshake */
    if (connection_proxy_connect(conn, proxy_type) < 0) {
680
      connection_or_close_for_error(or_conn, 0);
681
      return -1;
682
    }
683
684

    connection_start_reading(conn);
685
    connection_or_change_state(or_conn, OR_CONN_STATE_PROXY_HANDSHAKING);
686
687
688
    return 0;
  }

689
  if (connection_tls_start_handshake(or_conn, 0) < 0) {
690
    /* TLS handshaking error of some kind. */
691
    connection_or_close_for_error(or_conn, 0);
692
    return -1;
Roger Dingledine's avatar
Roger Dingledine committed
693
  }
694
  return 0;
Roger Dingledine's avatar
Roger Dingledine committed
695
696
}

697
/** Called when we're about to finally unlink and free an OR connection:
698
699
700
701
702
703
704
 * perform necessary accounting and cleanup */
void
connection_or_about_to_close(or_connection_t *or_conn)
{
  time_t now = time(NULL);
  connection_t *conn = TO_CONN(or_conn);

705
706
707
  /* Tell the controlling channel we're closed */
  if (or_conn->chan) {
    channel_closed(TLS_CHAN_TO_BASE(or_conn->chan));
708
709
710
711
712
    /*
     * NULL this out because the channel might hang around a little
     * longer before channel_run_cleanup() gets it.
     */
    or_conn->chan->conn = NULL;
713
714
715
    or_conn->chan = NULL;
  }

716
717
718
719
720
  /* Remember why we're closing this connection. */
  if (conn->state != OR_CONN_STATE_OPEN) {
    /* now mark things down as needed */
    if (connection_or_nonopen_was_started_here(or_conn)) {
      const or_options_t *options = get_options();
721
      connection_or_note_state_when_broken(or_conn);
722
      rep_hist_note_connect_failed(or_conn->identity_digest, now);
723
      /* Tell the new guard API about the channel failure */
724
      entry_guard_chan_failed(TLS_CHAN_TO_BASE(or_conn->chan));
725
726
727
728
729
      if (conn->state >= OR_CONN_STATE_TLS_HANDSHAKING) {
        int reason = tls_error_to_orconn_end_reason(or_conn->tls_error);
        control_event_or_conn_status(or_conn, OR_CONN_EVENT_FAILED,
                                     reason);
        if (!authdir_mode_tests_reachability(options))
730
          control_event_bootstrap_prob_or(
731
732
                orconn_end_reason_to_control_string(reason),
                reason, or_conn);
733
734
735
736
737
738
739
740
741
742
743
744
745
746
747
      }
    }
  } else if (conn->hold_open_until_flushed) {
    /* We only set hold_open_until_flushed when we're intentionally
     * closing a connection. */
    rep_hist_note_disconnect(or_conn->identity_digest, now);
    control_event_or_conn_status(or_conn, OR_CONN_EVENT_CLOSED,
                tls_error_to_orconn_end_reason(or_conn->tls_error));
  } else if (!tor_digest_is_zero(or_conn->identity_digest)) {
    rep_hist_note_connection_died(or_conn->identity_digest, now);
    control_event_or_conn_status(or_conn, OR_CONN_EVENT_CLOSED,
                tls_error_to_orconn_end_reason(or_conn->tls_error));
  }
}

748
749
/** Return 1 if identity digest <b>id_digest</b> is known to be a
 * currently or recently running relay. Otherwise return 0. */
750
int
751
752
753
754
connection_or_digest_is_known_relay(const char *id_digest)
{
  if (router_get_consensus_status_by_id(id_digest))
    return 1; /* It's in the consensus: "yes" */
Sebastian Hahn's avatar
Sebastian Hahn committed
755
  if (router_get_by_id_digest(id_digest))
756
757
758
759
760
    return 1; /* Not in the consensus, but we have a descriptor for
               * it. Probably it was in a recent consensus. "Yes". */
  return 0;
}

761
762
763
764
765
/** Set the per-conn read and write limits for <b>conn</b>. If it's a known
 * relay, we will rely on the global read and write buckets, so give it
 * per-conn limits that are big enough they'll never matter. But if it's
 * not a known relay, first check if we set PerConnBwRate/Burst, then
 * check if the consensus sets them, else default to 'big enough'.
766
767
768
 *
 * If <b>reset</b> is true, set the bucket to be full.  Otherwise, just
 * clip the bucket if it happens to be <em>too</em> full.
769
 */
770
771
static void
connection_or_update_token_buckets_helper(or_connection_t *conn, int reset,
772
                                          const or_options_t *options)
773
{
774
  int rate, burst; /* per-connection rate limiting params */
775
  if (connection_or_digest_is_known_relay(conn->identity_digest)) {
776
777
778
    /* It's in the consensus, or we have a descriptor for it meaning it
     * was probably in a recent consensus. It's a recognized relay:
     * give it full bandwidth. */
779
780
781
782
783
784
785
    rate = (int)options->BandwidthRate;
    burst = (int)options->BandwidthBurst;
  } else {
    /* Not a recognized relay. Squeeze it down based on the suggested
     * bandwidth parameters in the consensus, but allow local config
     * options to override. */
    rate = options->PerConnBWRate ? (int)options->PerConnBWRate :
786
787
        networkstatus_get_param(NULL, "perconnbwrate",
                                (int)options->BandwidthRate, 1, INT32_MAX);
788
    burst = options->PerConnBWBurst ? (int)options->PerConnBWBurst :
789
790
        networkstatus_get_param(NULL, "perconnbwburst",
                                (int)options->BandwidthBurst, 1, INT32_MAX);
791
792
  }

793
  conn->bandwidthrate = rate;
794
795
796
797
798
799
800
801
802
803
804
805
806
807
  conn->bandwidthburst = burst;
  if (reset) { /* set up the token buckets to be full */
    conn->read_bucket = conn->write_bucket = burst;
    return;
  }
  /* If the new token bucket is smaller, take out the extra tokens.
   * (If it's larger, don't -- the buckets can grow to reach the cap.) */
  if (conn->read_bucket > burst)
    conn->read_bucket = burst;
  if (conn->write_bucket > burst)
    conn->write_bucket = burst;
}

/** Either our set of relays or our per-conn rate limits have changed.
808
809
 * Go through all the OR connections and update their token buckets to make
 * sure they don't exceed their maximum values. */
810
void
811
812
connection_or_update_token_buckets(smartlist_t *conns,
                                   const or_options_t *options)
813
814
815
816
817
818
{
  SMARTLIST_FOREACH(conns, connection_t *, conn,
  {
    if (connection_speaks_cells(conn))
      connection_or_update_token_buckets_helper(TO_OR_CONN(conn), 0, options);
  });
819
820
}

821
822
823
824
825
826
827
828
829
830
831
832
833
834
835
/* Mark <b>or_conn</b> as canonical if <b>is_canonical</b> is set, and
 * non-canonical otherwise. Adjust idle_timeout accordingly.
 */
void
connection_or_set_canonical(or_connection_t *or_conn,
                            int is_canonical)
{
  if (bool_eq(is_canonical, or_conn->is_canonical) &&
      or_conn->idle_timeout != 0) {
    /* Don't recalculate an existing idle_timeout unless the canonical
     * status changed. */
    return;
  }

  or_conn->is_canonical = !! is_canonical; /* force to a 1-bit boolean */
836
837
838
839
840
841
842
843
  or_conn->idle_timeout = channelpadding_get_channel_idle_timeout(
          TLS_CHAN_TO_BASE(or_conn->chan), is_canonical);

  log_info(LD_CIRC,
          "Channel " U64_FORMAT " chose an idle timeout of %d.",
          or_conn->chan ?
          U64_PRINTF_ARG(TLS_CHAN_TO_BASE(or_conn->chan)->global_identifier):0,
          or_conn->idle_timeout);
844
845
}

846
847
/** If we don't necessarily know the router we're connecting to, but we
 * have an addr/port/id_digest, then fill in as much as we can. Start
848
849
850
 * by checking to see if this describes a router we know.
 * <b>started_here</b> is 1 if we are the initiator of <b>conn</b> and
 * 0 if it's an incoming connection.  */
851
void
852
853
854
connection_or_init_conn_from_address(or_connection_t *conn,
                                     const tor_addr_t *addr, uint16_t port,
                                     const char *id_digest,
855
                                     const ed25519_public_key_t *ed_id,
856
857
                                     int started_here)
{
858
859
860
861
862
863
  log_debug(LD_HANDSHAKE, "init conn from address %s: %s, %s (%d)",
            fmt_addr(addr),
            hex_str((const char*)id_digest, DIGEST_LEN),
            ed25519_fmt(ed_id),
            started_here);

864
  connection_or_set_identity_digest(conn, id_digest, ed_id);
865
  connection_or_update_token_buckets_helper(conn, 1, get_options());
866

867
868
  conn->base_.port = port;
  tor_addr_copy(&conn->base_.addr, addr);
869
  tor_addr_copy(&conn->real_addr, addr);
870
871
872
873
874
875
876
877
878
879
880
881
882
883
884
885
886
887
888

  connection_or_check_canonicity(conn, started_here);
}

/** Check whether the identity of <b>conn</b> matches a known node.  If it
 * does, check whether the address of conn matches the expected address, and
 * update the connection's is_canonical flag, nickname, and address fields as
 * appropriate. */
static void
connection_or_check_canonicity(or_connection_t *conn, int started_here)
{
  const char *id_digest = conn->identity_digest;
  const ed25519_public_key_t *ed_id = NULL;
  const tor_addr_t *addr = &conn->real_addr;
  if (conn->chan)
    ed_id = & TLS_CHAN_TO_BASE(conn->chan)->ed25519_identity;

  const node_t *r = node_get_by_id(id_digest);
  if (r &&
889
      node_supports_ed25519_link_authentication(r, 1) &&
890
891
892
893
894
895
      ! node_ed25519_id_matches(r, ed_id)) {
    /* If this node is capable of proving an ed25519 ID,
     * we can't call this a canonical connection unless both IDs match. */
     r = NULL;
  }

896
  if (r) {
897
898
    tor_addr_port_t node_ap;
    node_get_pref_orport(r, &node_ap);
899
900
    /* XXXX proposal 186 is making this more complex.  For now, a conn
       is canonical when it uses the _preferred_ address. */
901
    if (tor_addr_eq(&conn->base_.addr, &node_ap.addr))
902
      connection_or_set_canonical(conn, 1);
903
904
905
906
    if (!started_here) {
      /* Override the addr/port, so our log messages will make sense.
       * This is dangerous, since if we ever try looking up a conn by
       * its actual addr/port, we won't remember. Careful! */
907
      /* XXXX arma: this is stupid, and it's the reason we need real_addr
908
       * to track is_canonical properly.  What requires it? */
909
910
911
912
      /* XXXX <arma> i believe the reason we did this, originally, is because
       * we wanted to log what OR a connection was to, and if we logged the
       * right IP address and port 56244, that wouldn't be as helpful. now we
       * log the "right" port too, so we know if it's moria1 or moria2.
913
       */
914
915
      tor_addr_copy(&conn->base_.addr, &node_ap.addr);
      conn->base_.port = node_ap.port;
916
    }
917
    tor_free(conn->nickname);
918
    conn->nickname = tor_strdup(node_get_nickname(r));
919
    tor_free(conn->base_.address);
920
    conn->base_.address = tor_addr_to_str_dup(&node_ap.addr);
921
  } else {
922
    tor_free(conn->nickname);
923
924
925
926
927
    conn->nickname = tor_malloc(HEX_DIGEST_LEN+2);
    conn->nickname[0] = '$';
    base16_encode(conn->nickname+1, HEX_DIGEST_LEN+1,
                  conn->identity_digest, DIGEST_LEN);

928
    tor_free(conn->base_.address);
929
    conn->base_.address = tor_addr_to_str_dup(addr);
930
  }
931
932
933
934
935
936
937
938
939

  /*
   * We have to tell channeltls.c to update the channel marks (local, in
   * particular), since we may have changed the address.
   */

  if (conn->chan) {
    channel_tls_update_marks(conn);
  }
940
941
}

942
943
/** These just pass all the is_bad_for_new_circs manipulation on to
 * channel_t */
944

945
946
947
948
static unsigned int
connection_or_is_bad_for_new_circs(or_connection_t *or_conn)
{
  tor_assert(or_conn);
949

950
951
952
  if (or_conn->chan)
    return channel_is_bad_for_new_circs(TLS_CHAN_TO_BASE(or_conn->chan));
  else return 0;
953
954
}

955
956
static void
connection_or_mark_bad_for_new_circs(or_connection_t *or_conn)
957
{
958
  tor_assert(or_conn);
959

960
961
  if (or_conn->chan)
    channel_mark_bad_for_new_circs(TLS_CHAN_TO_BASE(or_conn->chan));
962
963
964
965
966
967
}

/** How old do we let a connection to an OR get before deciding it's
 * too old for new circuits? */
#define TIME_BEFORE_OR_CONN_IS_TOO_OLD (60*60*24*7)

968
/** Given a list of all the or_connections with a given
969
970
971
972
973
974
975
976
977
978
979
980
981
 * identity, set elements of that list as is_bad_for_new_circs as
 * appropriate. Helper for connection_or_set_bad_connections().
 *
 * Specifically, we set the is_bad_for_new_circs flag on:
 *    - all connections if <b>force</b> is true.
 *    - all connections that are too old.
 *    - all open non-canonical connections for which a canonical connection
 *      exists to the same router.
 *    - all open canonical connections for which a 'better' canonical
 *      connection exists to the same router.
 *    - all open non-canonical connections for which a 'better' non-canonical
 *      connection exists to the same router at the same address.
 *
982
983
 * See channel_is_better() in channel.c for our idea of what makes one OR
 * connection better than another.
984
 */
985
986
void
connection_or_group_set_badness_(smartlist_t *group, int force)
987
{
988
989
990
  /* XXXX this function should be entirely about channels, not OR
   * XXXX connections. */

991
  or_connection_t *best = NULL;
992
993
994
995
996
  int n_old = 0, n_inprogress = 0, n_canonical = 0, n_other = 0;
  time_t now = time(NULL);

  /* Pass 1: expire everything that's old, and see what the status of
   * everything else is. */
997
  SMARTLIST_FOREACH_BEGIN(group, or_connection_t *, or_conn) {
998
    if (or_conn->base_.marked_for_close ||
999
        connection_or_is_bad_for_new_circs(or_conn))
1000
      continue;