connection_or.c 78.2 KB
Newer Older
Roger Dingledine's avatar
Roger Dingledine committed
1
2
/* Copyright (c) 2001 Matej Pfajfar.
 * Copyright (c) 2001-2004, Roger Dingledine.
3
 * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson.
4
 * Copyright (c) 2007-2012, The Tor Project, Inc. */
5
/* See LICENSE for licensing information */
Roger Dingledine's avatar
Roger Dingledine committed
6

Roger Dingledine's avatar
Roger Dingledine committed
7
8
9
10
11
12
/**
 * \file connection_or.c
 * \brief Functions to handle OR connections, TLS handshaking, and
 * cells on the network.
 **/

Roger Dingledine's avatar
Roger Dingledine committed
13
#include "or.h"
Sebastian Hahn's avatar
Sebastian Hahn committed
14
#include "buffers.h"
15
16
17
18
/*
 * Define this so we get channel internal functions, since we're implementing
 * part of a subclass (channel_tls_t).
 */
19
#define TOR_CHANNEL_INTERNAL_
20
21
#include "channel.h"
#include "channeltls.h"
Sebastian Hahn's avatar
Sebastian Hahn committed
22
#include "circuitbuild.h"
23
#include "circuitlist.h"
24
#include "circuitstats.h"
Sebastian Hahn's avatar
Sebastian Hahn committed
25
#include "command.h"
Sebastian Hahn's avatar
Sebastian Hahn committed
26
#include "config.h"
Sebastian Hahn's avatar
Sebastian Hahn committed
27
#include "connection.h"
Sebastian Hahn's avatar
Sebastian Hahn committed
28
#include "connection_or.h"
Sebastian Hahn's avatar
Sebastian Hahn committed
29
#include "control.h"
Sebastian Hahn's avatar
Sebastian Hahn committed
30
#include "dirserv.h"
31
#include "entrynodes.h"
Sebastian Hahn's avatar
Sebastian Hahn committed
32
#include "geoip.h"
Sebastian Hahn's avatar
Sebastian Hahn committed
33
#include "main.h"
Sebastian Hahn's avatar
Sebastian Hahn committed
34
#include "networkstatus.h"
35
#include "nodelist.h"
Sebastian Hahn's avatar
Sebastian Hahn committed
36
#include "reasons.h"
Sebastian Hahn's avatar
Sebastian Hahn committed
37
#include "relay.h"
Sebastian Hahn's avatar
Sebastian Hahn committed
38
#include "rephist.h"
Sebastian Hahn's avatar
Sebastian Hahn committed
39
#include "router.h"
Sebastian Hahn's avatar
Sebastian Hahn committed
40
#include "routerlist.h"
41

42
43
44
45
#ifdef USE_BUFFEREVENTS
#include <event2/bufferevent_ssl.h>
#endif

46
static int connection_tls_finish_handshake(or_connection_t *conn);
47
static int connection_or_launch_v3_or_handshake(or_connection_t *conn);
48
static int connection_or_process_cells_from_inbuf(or_connection_t *conn);
49
50
51
static int connection_or_check_valid_tls_handshake(or_connection_t *conn,
                                                   int started_here,
                                                   char *digest_rcvd_out);
52

53
54
static void connection_or_tls_renegotiated_cb(tor_tls_t *tls, void *_conn);

55
56
57
58
59
60
61
62
63
64
65
static unsigned int
connection_or_is_bad_for_new_circs(or_connection_t *or_conn);
static void connection_or_mark_bad_for_new_circs(or_connection_t *or_conn);

/*
 * Call this when changing connection state, so notifications to the owning
 * channel can be handled.
 */

static void connection_or_change_state(or_connection_t *conn, uint8_t state);

66
67
68
69
70
71
#ifdef USE_BUFFEREVENTS
static void connection_or_handle_event_cb(struct bufferevent *bufev,
                                          short event, void *arg);
#include <event2/buffer.h>/*XXXX REMOVE */
#endif

Roger Dingledine's avatar
Roger Dingledine committed
72
73
/**************************************************************/

74
75
/** Map from identity digest of connected OR or desired OR to a connection_t
 * with that identity digest.  If there is more than one such connection_t,
Roger Dingledine's avatar
Roger Dingledine committed
76
 * they form a linked list, with next_with_same_id as the next pointer. */
77
78
79
static digestmap_t *orconn_identity_map = NULL;

/** If conn is listed in orconn_identity_map, remove it, and clear
80
 * conn->identity_digest.  Otherwise do nothing. */
81
void
82
connection_or_remove_from_identity_map(or_connection_t *conn)
83
{
84
  or_connection_t *tmp;
85
86
87
88
  tor_assert(conn);
  if (!orconn_identity_map)
    return;
  tmp = digestmap_get(orconn_identity_map, conn->identity_digest);
89
90
  if (!tmp) {
    if (!tor_digest_is_zero(conn->identity_digest)) {
91
92
93
      log_warn(LD_BUG, "Didn't find connection '%s' on identity map when "
               "trying to remove it.",
               conn->nickname ? conn->nickname : "NULL");
94
    }
95
    return;
96
  }
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
  if (conn == tmp) {
    if (conn->next_with_same_id)
      digestmap_set(orconn_identity_map, conn->identity_digest,
                    conn->next_with_same_id);
    else
      digestmap_remove(orconn_identity_map, conn->identity_digest);
  } else {
    while (tmp->next_with_same_id) {
      if (tmp->next_with_same_id == conn) {
        tmp->next_with_same_id = conn->next_with_same_id;
        break;
      }
      tmp = tmp->next_with_same_id;
    }
  }
  memset(conn->identity_digest, 0, DIGEST_LEN);
  conn->next_with_same_id = NULL;
}

116
117
118
119
120
/** Remove all entries from the identity-to-orconn map, and clear
 * all identities in OR conns.*/
void
connection_or_clear_identity_map(void)
{
121
122
123
  smartlist_t *conns = get_connection_array();
  SMARTLIST_FOREACH(conns, connection_t *, conn,
  {
124
    if (conn->type == CONN_TYPE_OR) {
125
126
127
      or_connection_t *or_conn = TO_OR_CONN(conn);
      memset(or_conn->identity_digest, 0, DIGEST_LEN);
      or_conn->next_with_same_id = NULL;
128
    }
129
  });
130

131
132
  digestmap_free(orconn_identity_map, NULL);
  orconn_identity_map = NULL;
133
134
}

135
/** Change conn->identity_digest to digest, and add conn into
136
 * orconn_digest_map. */
137
static void
138
connection_or_set_identity_digest(or_connection_t *conn, const char *digest)
139
{
140
  or_connection_t *tmp;
141
142
143
144
145
  tor_assert(conn);
  tor_assert(digest);

  if (!orconn_identity_map)
    orconn_identity_map = digestmap_new();
146
  if (tor_memeq(conn->identity_digest, digest, DIGEST_LEN))
147
    return;
148
149

  /* If the identity was set previously, remove the old mapping. */
150
  if (! tor_digest_is_zero(conn->identity_digest)) {
151
    connection_or_remove_from_identity_map(conn);
152
153
154
    if (conn->chan)
      channel_clear_identity_digest(TLS_CHAN_TO_BASE(conn->chan));
  }
155
156

  memcpy(conn->identity_digest, digest, DIGEST_LEN);
157

158
  /* If we're setting the ID to zero, don't add a mapping. */
159
160
161
  if (tor_digest_is_zero(digest))
    return;

162
163
164
  tmp = digestmap_set(orconn_identity_map, digest, conn);
  conn->next_with_same_id = tmp;

165
166
167
168
  /* Deal with channels */
  if (conn->chan)
    channel_set_identity_digest(TLS_CHAN_TO_BASE(conn->chan), digest);

169
#if 1
170
  /* Testing code to check for bugs in representation. */
171
  for (; tmp; tmp = tmp->next_with_same_id) {
172
    tor_assert(tor_memeq(tmp->identity_digest, digest, DIGEST_LEN));
173
174
    tor_assert(tmp != conn);
  }
175
#endif
176
177
}

178
179
/**************************************************************/

180
181
182
183
/** Map from a string describing what a non-open OR connection was doing when
 * failed, to an intptr_t describing the count of connections that failed that
 * way.  Note that the count is stored _as_ the pointer.
 */
184
185
static strmap_t *broken_connection_counts;

186
187
188
/** If true, do not record information in <b>broken_connection_counts</b>. */
static int disable_broken_connection_counts = 0;

189
/** Record that an OR connection failed in <b>state</b>. */
190
191
192
193
194
static void
note_broken_connection(const char *state)
{
  void *ptr;
  intptr_t val;
195
196
197
  if (disable_broken_connection_counts)
    return;

198
199
200
201
202
203
204
205
206
207
  if (!broken_connection_counts)
    broken_connection_counts = strmap_new();

  ptr = strmap_get(broken_connection_counts, state);
  val = (intptr_t)ptr;
  val++;
  ptr = (void*)val;
  strmap_set(broken_connection_counts, state, ptr);
}

208
209
/** Forget all recorded states for failed connections.  If
 * <b>stop_recording</b> is true, don't record any more. */
210
void
211
clear_broken_connection_map(int stop_recording)
212
213
214
215
{
  if (broken_connection_counts)
    strmap_free(broken_connection_counts, NULL);
  broken_connection_counts = NULL;
216
217
  if (stop_recording)
    disable_broken_connection_counts = 1;
218
219
}

220
221
222
223
/** Write a detailed description the state of <b>orconn</b> into the
 * <b>buflen</b>-byte buffer at <b>buf</b>.  This description includes not
 * only the OR-conn level state but also the TLS state.  It's useful for
 * diagnosing broken handshakes. */
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
static void
connection_or_get_state_description(or_connection_t *orconn,
                                    char *buf, size_t buflen)
{
  connection_t *conn = TO_CONN(orconn);
  const char *conn_state;
  char tls_state[256];

  tor_assert(conn->type == CONN_TYPE_OR);

  conn_state = conn_state_to_string(conn->type, conn->state);
  tor_tls_get_state_description(orconn->tls, tls_state, sizeof(tls_state));

  tor_snprintf(buf, buflen, "%s with SSL state %s", conn_state, tls_state);
}

240
241
/** Record the current state of <b>orconn</b> as the state of a broken
 * connection. */
242
243
244
245
static void
connection_or_note_state_when_broken(or_connection_t *orconn)
{
  char buf[256];
246
247
  if (disable_broken_connection_counts)
    return;
248
249
250
251
252
  connection_or_get_state_description(orconn, buf, sizeof(buf));
  log_info(LD_HANDSHAKE,"Connection died in state '%s'", buf);
  note_broken_connection(buf);
}

253
/** Helper type used to sort connection states and find the most frequent. */
254
255
256
257
258
typedef struct broken_state_count_t {
  intptr_t count;
  const char *state;
} broken_state_count_t;

259
/** Helper function used to sort broken_state_count_t by frequency. */
260
261
262
263
static int
broken_state_count_compare(const void **a_ptr, const void **b_ptr)
{
  const broken_state_count_t *a = *a_ptr, *b = *b_ptr;
264
265
266
267
268
269
  if (b->count < a->count)
    return -1;
  else if (b->count == a->count)
    return 0;
  else
    return 1;
270
271
}

272
273
/** Upper limit on the number of different states to report for connection
 * failure. */
274
275
#define MAX_REASONS_TO_REPORT 10

276
277
/** Report a list of the top states for failed OR connections at log level
 * <b>severity</b>, in log domain <b>domain</b>. */
278
279
280
281
282
283
void
connection_or_report_broken_states(int severity, int domain)
{
  int total = 0;
  smartlist_t *items;

284
  if (!broken_connection_counts || disable_broken_connection_counts)
285
    return;
286

287
  items = smartlist_new();
288
289
  STRMAP_FOREACH(broken_connection_counts, state, void *, countptr) {
    broken_state_count_t *c = tor_malloc(sizeof(broken_state_count_t));
290
291
    c->count = (intptr_t)countptr;
    total += (int)c->count;
292
293
294
295
296
297
    c->state = state;
    smartlist_add(items, c);
  } STRMAP_FOREACH_END;

  smartlist_sort(items, broken_state_count_compare);

298
299
  log(severity, domain, "%d connections have failed%s", total,
      smartlist_len(items) > MAX_REASONS_TO_REPORT ? ". Top reasons:" : ":");
300
301

  SMARTLIST_FOREACH_BEGIN(items, const broken_state_count_t *, c) {
302
303
    if (c_sl_idx > MAX_REASONS_TO_REPORT)
      break;
304
305
306
307
308
309
310
311
    log(severity, domain,
        " %d connections died in state %s", (int)c->count, c->state);
  } SMARTLIST_FOREACH_END(c);

  SMARTLIST_FOREACH(items, broken_state_count_t *, c, tor_free(c));
  smartlist_free(items);
}

312
313
314
315
316
317
318
319
320
321
322
/** Call this to change or_connection_t states, so the owning channel_tls_t can
 * be notified.
 */

static void
connection_or_change_state(or_connection_t *conn, uint8_t state)
{
  uint8_t old_state;

  tor_assert(conn);

323
324
  old_state = conn->base_.state;
  conn->base_.state = state;
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340

  if (conn->chan)
    channel_tls_handle_state_change_on_orconn(conn->chan, conn,
                                              old_state, state);
}

/** Return the number of circuits using an or_connection_t; this used to
 * be an or_connection_t field, but it got moved to channel_t and we
 * shouldn't maintain two copies. */

int
connection_or_get_num_circuits(or_connection_t *conn)
{
  tor_assert(conn);

  if (conn->chan) {
341
    return channel_num_circuits(TLS_CHAN_TO_BASE(conn->chan));
342
343
344
  } else return 0;
}

345
346
/**************************************************************/

Roger Dingledine's avatar
Roger Dingledine committed
347
348
/** Pack the cell_t host-order structure <b>src</b> into network-order
 * in the buffer <b>dest</b>. See tor-spec.txt for details about the
349
 * wire format.
Roger Dingledine's avatar
Roger Dingledine committed
350
351
352
 *
 * Note that this function doesn't touch <b>dst</b>-\>next: the caller
 * should set it or clear it as appropriate.
353
 */
354
355
void
cell_pack(packed_cell_t *dst, const cell_t *src)
356
{
357
  char *dest = dst->body;
358
  set_uint16(dest, htons(src->circ_id));
359
  set_uint8(dest+2, src->command);
Roger Dingledine's avatar
Roger Dingledine committed
360
  memcpy(dest+3, src->payload, CELL_PAYLOAD_SIZE);
Roger Dingledine's avatar
Roger Dingledine committed
361
362
}

Roger Dingledine's avatar
Roger Dingledine committed
363
364
/** Unpack the network-order buffer <b>src</b> into a host-order
 * cell_t structure <b>dest</b>.
365
 */
366
367
368
static void
cell_unpack(cell_t *dest, const char *src)
{
369
  dest->circ_id = ntohs(get_uint16(src));
370
  dest->command = get_uint8(src+2);
Roger Dingledine's avatar
Roger Dingledine committed
371
  memcpy(dest->payload, src+3, CELL_PAYLOAD_SIZE);
Roger Dingledine's avatar
Roger Dingledine committed
372
373
}

374
375
/** Write the header of <b>cell</b> into the first VAR_CELL_HEADER_SIZE
 * bytes of <b>hdr_out</b>. */
376
void
377
var_cell_pack_header(const var_cell_t *cell, char *hdr_out)
378
{
379
380
  set_uint16(hdr_out, htons(cell->circ_id));
  set_uint8(hdr_out+2, cell->command);
381
382
383
  set_uint16(hdr_out+3, htons(cell->payload_len));
}

384
385
/** Allocate and return a new var_cell_t with <b>payload_len</b> bytes of
 * payload space. */
386
387
388
var_cell_t *
var_cell_new(uint16_t payload_len)
{
389
  size_t size = STRUCT_OFFSET(var_cell_t, payload) + payload_len;
390
  var_cell_t *cell = tor_malloc_zero(size);
391
392
393
394
395
396
  cell->payload_len = payload_len;
  cell->command = 0;
  cell->circ_id = 0;
  return cell;
}

Roger Dingledine's avatar
Roger Dingledine committed
397
/** Release all space held by <b>cell</b>. */
398
399
400
401
402
403
void
var_cell_free(var_cell_t *cell)
{
  tor_free(cell);
}

Roger Dingledine's avatar
Roger Dingledine committed
404
/** We've received an EOF from <b>conn</b>. Mark it for close and return. */
405
int
406
connection_or_reached_eof(or_connection_t *conn)
407
{
408
409
  tor_assert(conn);

Roger Dingledine's avatar
Roger Dingledine committed
410
  log_info(LD_OR,"OR connection reached EOF. Closing.");
411
412
  connection_or_close_normally(conn, 1);

413
414
415
  return 0;
}

Roger Dingledine's avatar
Roger Dingledine committed
416
/** Handle any new bytes that have come in on connection <b>conn</b>.
417
418
419
420
 * If conn is in 'open' state, hand it to
 * connection_or_process_cells_from_inbuf()
 * (else do nothing).
 */
421
int
422
connection_or_process_inbuf(or_connection_t *conn)
423
{
424
425
426
427
428
429
  /** Don't let the inbuf of a nonopen OR connection grow beyond this many
   * bytes: it's either a broken client, a non-Tor client, or a DOS
   * attempt. */
#define MAX_OR_INBUF_WHEN_NONOPEN 0

  int ret = 0;
430
  tor_assert(conn);
Roger Dingledine's avatar
Roger Dingledine committed
431

432
  switch (conn->base_.state) {
433
434
435
436
437
438
439
440
    case OR_CONN_STATE_PROXY_HANDSHAKING:
      ret = connection_read_proxy_handshake(TO_CONN(conn));

      /* start TLS after handshake completion, or deal with error */
      if (ret == 1) {
        tor_assert(TO_CONN(conn)->proxy_state == PROXY_CONNECTED);
        if (connection_tls_start_handshake(conn, 0) < 0)
          ret = -1;
441
442
443
        /* Touch the channel's active timestamp if there is one */
        if (conn->chan)
          channel_timestamp_active(TLS_CHAN_TO_BASE(conn->chan));
444
445
      }
      if (ret < 0) {
446
        connection_or_close_for_error(conn, 0);
447
448
449
      }

      return ret;
450
    case OR_CONN_STATE_TLS_SERVER_RENEGOTIATING:
451
#ifdef USE_BUFFEREVENTS
452
453
      if (tor_tls_server_got_renegotiate(conn->tls))
        connection_or_tls_renegotiated_cb(conn->tls, conn);
454
      if (conn->base_.marked_for_close)
455
456
        return 0;
      /* fall through. */
457
#endif
458
    case OR_CONN_STATE_OPEN:
459
    case OR_CONN_STATE_OR_HANDSHAKING_V2:
460
    case OR_CONN_STATE_OR_HANDSHAKING_V3:
461
462
      return connection_or_process_cells_from_inbuf(conn);
    default:
463
464
465
      break; /* don't do anything */
  }

466
467
468
469
  /* This check was necessary with 0.2.2, when the TLS_SERVER_RENEGOTIATING
   * check would otherwise just let data accumulate.  It serves no purpose
   * in 0.2.3.
   *
470
   * XXX024 Remove this check once we verify that the above paragraph is
471
   * 100% true. */
472
  if (buf_datalen(conn->base_.inbuf) > MAX_OR_INBUF_WHEN_NONOPEN) {
473
    log_fn(LOG_PROTOCOL_WARN, LD_NET, "Accumulated too much data (%d bytes) "
474
           "on nonopen OR connection %s %s:%u in state %s; closing.",
475
           (int)buf_datalen(conn->base_.inbuf),
476
           connection_or_nonopen_was_started_here(conn) ? "to" : "from",
477
478
           conn->base_.address, conn->base_.port,
           conn_state_to_string(conn->base_.type, conn->base_.state));
479
    connection_or_close_for_error(conn, 0);
480
    ret = -1;
481
  }
482
483

  return ret;
Roger Dingledine's avatar
Roger Dingledine committed
484
485
}

486
487
/** When adding cells to an OR connection's outbuf, keep adding until the
 * outbuf is at least this long, or we run out of cells. */
488
489
#define OR_CONN_HIGHWATER (32*1024)

490
491
/** Add cells to an OR connection's outbuf whenever the outbuf's data length
 * drops below this size. */
492
493
#define OR_CONN_LOWWATER (16*1024)

494
495
/** Called whenever we have flushed some data on an or_conn: add more data
 * from active circuits. */
496
497
498
int
connection_or_flushed_some(or_connection_t *conn)
{
499
500
501
  size_t datalen, temp;
  ssize_t n, flushed;

502
503
  /* If we're under the low water mark, add cells until we're just over the
   * high water mark. */
504
  datalen = connection_get_outbuf_len(TO_CONN(conn));
505
  if (datalen < OR_CONN_LOWWATER) {
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
    while ((conn->chan) && channel_tls_more_to_flush(conn->chan)) {
      /* Compute how many more cells we want at most */
      n = CEIL_DIV(OR_CONN_HIGHWATER - datalen, CELL_NETWORK_SIZE);
      /* Bail out if we don't want any more */
      if (n <= 0) break;
      /* We're still here; try to flush some more cells */
      flushed = channel_tls_flush_some_cells(conn->chan, n);
      /* Bail out if it says it didn't flush anything */
      if (flushed <= 0) break;
      /* How much in the outbuf now? */
      temp = connection_get_outbuf_len(TO_CONN(conn));
      /* Bail out if we didn't actually increase the outbuf size */
      if (temp <= datalen) break;
      /* Update datalen for the next iteration */
      datalen = temp;
521
522
    }
  }
523

524
525
526
  return 0;
}

Roger Dingledine's avatar
Roger Dingledine committed
527
/** Connection <b>conn</b> has finished writing and has no bytes left on
528
529
 * its outbuf.
 *
Nick Mathewson's avatar
Nick Mathewson committed
530
 * Otherwise it's in state "open": stop writing and return.
531
532
533
 *
 * If <b>conn</b> is broken, mark it for close and return -1, else
 * return 0.
534
 */
535
int
536
connection_or_finished_flushing(or_connection_t *conn)
537
{
538
  tor_assert(conn);
539
  assert_connection_ok(TO_CONN(conn),0);
Roger Dingledine's avatar
Roger Dingledine committed
540

541
  switch (conn->base_.state) {
542
    case OR_CONN_STATE_PROXY_HANDSHAKING:
543
    case OR_CONN_STATE_OPEN:
544
    case OR_CONN_STATE_OR_HANDSHAKING_V2:
545
    case OR_CONN_STATE_OR_HANDSHAKING_V3:
546
547
      break;
    default:
548
      log_err(LD_BUG,"Called in unexpected state %d.", conn->base_.state);
549
      tor_fragile_assert();
550
      return -1;
551
552
553
554
555
556
  }
  return 0;
}

/** Connected handler for OR connections: begin the TLS handshake.
 */
557
int
558
connection_or_finished_connecting(or_connection_t *or_conn)
559
{
560
  const int proxy_type = or_conn->proxy_type;
561
  connection_t *conn;
562

563
564
  tor_assert(or_conn);
  conn = TO_CONN(or_conn);
565
566
  tor_assert(conn->state == OR_CONN_STATE_CONNECTING);

567
  log_debug(LD_HANDSHAKE,"OR connect() to router at %s:%u finished.",
Roger Dingledine's avatar
Roger Dingledine committed
568
            conn->address,conn->port);
569
  control_event_bootstrap(BOOTSTRAP_STATUS_HANDSHAKE, 0);
570

571
572
573
  if (proxy_type != PROXY_NONE) {
    /* start proxy handshake */
    if (connection_proxy_connect(conn, proxy_type) < 0) {
574
      connection_or_close_for_error(or_conn, 0);
575
      return -1;
576
    }
577
578

    connection_start_reading(conn);
579
    connection_or_change_state(or_conn, OR_CONN_STATE_PROXY_HANDSHAKING);
580
581
582
    return 0;
  }

583
  if (connection_tls_start_handshake(or_conn, 0) < 0) {
584
    /* TLS handshaking error of some kind. */
585
    connection_or_close_for_error(or_conn, 0);
586
    return -1;
Roger Dingledine's avatar
Roger Dingledine committed
587
  }
588
  return 0;
Roger Dingledine's avatar
Roger Dingledine committed
589
590
}

591
/** Called when we're about to finally unlink and free an OR connection:
592
593
594
595
596
597
598
 * perform necessary accounting and cleanup */
void
connection_or_about_to_close(or_connection_t *or_conn)
{
  time_t now = time(NULL);
  connection_t *conn = TO_CONN(or_conn);

599
600
601
602
603
604
  /* Tell the controlling channel we're closed */
  if (or_conn->chan) {
    channel_closed(TLS_CHAN_TO_BASE(or_conn->chan));
    or_conn->chan = NULL;
  }

605
606
607
608
609
  /* Remember why we're closing this connection. */
  if (conn->state != OR_CONN_STATE_OPEN) {
    /* now mark things down as needed */
    if (connection_or_nonopen_was_started_here(or_conn)) {
      const or_options_t *options = get_options();
610
      connection_or_note_state_when_broken(or_conn);
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
      rep_hist_note_connect_failed(or_conn->identity_digest, now);
      entry_guard_register_connect_status(or_conn->identity_digest,0,
                                          !options->HTTPSProxy, now);
      if (conn->state >= OR_CONN_STATE_TLS_HANDSHAKING) {
        int reason = tls_error_to_orconn_end_reason(or_conn->tls_error);
        control_event_or_conn_status(or_conn, OR_CONN_EVENT_FAILED,
                                     reason);
        if (!authdir_mode_tests_reachability(options))
          control_event_bootstrap_problem(
                orconn_end_reason_to_control_string(reason), reason);
      }
    }
  } else if (conn->hold_open_until_flushed) {
    /* We only set hold_open_until_flushed when we're intentionally
     * closing a connection. */
    rep_hist_note_disconnect(or_conn->identity_digest, now);
    control_event_or_conn_status(or_conn, OR_CONN_EVENT_CLOSED,
                tls_error_to_orconn_end_reason(or_conn->tls_error));
  } else if (!tor_digest_is_zero(or_conn->identity_digest)) {
    rep_hist_note_connection_died(or_conn->identity_digest, now);
    control_event_or_conn_status(or_conn, OR_CONN_EVENT_CLOSED,
                tls_error_to_orconn_end_reason(or_conn->tls_error));
  }
}

636
637
/** Return 1 if identity digest <b>id_digest</b> is known to be a
 * currently or recently running relay. Otherwise return 0. */
638
int
639
640
641
642
connection_or_digest_is_known_relay(const char *id_digest)
{
  if (router_get_consensus_status_by_id(id_digest))
    return 1; /* It's in the consensus: "yes" */
Sebastian Hahn's avatar
Sebastian Hahn committed
643
  if (router_get_by_id_digest(id_digest))
644
645
646
647
648
    return 1; /* Not in the consensus, but we have a descriptor for
               * it. Probably it was in a recent consensus. "Yes". */
  return 0;
}

649
650
651
652
653
/** Set the per-conn read and write limits for <b>conn</b>. If it's a known
 * relay, we will rely on the global read and write buckets, so give it
 * per-conn limits that are big enough they'll never matter. But if it's
 * not a known relay, first check if we set PerConnBwRate/Burst, then
 * check if the consensus sets them, else default to 'big enough'.
654
655
656
 *
 * If <b>reset</b> is true, set the bucket to be full.  Otherwise, just
 * clip the bucket if it happens to be <em>too</em> full.
657
 */
658
659
static void
connection_or_update_token_buckets_helper(or_connection_t *conn, int reset,
660
                                          const or_options_t *options)
661
{
662
  int rate, burst; /* per-connection rate limiting params */
663
  if (connection_or_digest_is_known_relay(conn->identity_digest)) {
664
665
666
    /* It's in the consensus, or we have a descriptor for it meaning it
     * was probably in a recent consensus. It's a recognized relay:
     * give it full bandwidth. */
667
668
669
670
671
672
673
    rate = (int)options->BandwidthRate;
    burst = (int)options->BandwidthBurst;
  } else {
    /* Not a recognized relay. Squeeze it down based on the suggested
     * bandwidth parameters in the consensus, but allow local config
     * options to override. */
    rate = options->PerConnBWRate ? (int)options->PerConnBWRate :
674
675
        networkstatus_get_param(NULL, "perconnbwrate",
                                (int)options->BandwidthRate, 1, INT32_MAX);
676
    burst = options->PerConnBWBurst ? (int)options->PerConnBWBurst :
677
678
        networkstatus_get_param(NULL, "perconnbwburst",
                                (int)options->BandwidthBurst, 1, INT32_MAX);
679
680
  }

681
  conn->bandwidthrate = rate;
682
  conn->bandwidthburst = burst;
683
684
685
686
#ifdef USE_BUFFEREVENTS
  {
    const struct timeval *tick = tor_libevent_get_one_tick_timeout();
    struct ev_token_bucket_cfg *cfg, *old_cfg;
687
688
689
690
691
692
    int64_t rate64 = (((int64_t)rate) * options->TokenBucketRefillInterval)
      / 1000;
    /* This can't overflow, since TokenBucketRefillInterval <= 1000,
     * and rate started out less than INT_MAX. */
    int rate_per_tick = (int) rate64;

693
694
695
    cfg = ev_token_bucket_cfg_new(rate_per_tick, burst, rate_per_tick,
                                  burst, tick);
    old_cfg = conn->bucket_cfg;
696
697
    if (conn->base_.bufev)
      tor_set_bufferevent_rate_limit(conn->base_.bufev, cfg);
698
699
700
    if (old_cfg)
      ev_token_bucket_cfg_free(old_cfg);
    conn->bucket_cfg = cfg;
701
    (void) reset; /* No way to do this with libevent yet. */
702
703
  }
#else
704
705
706
707
708
709
710
711
712
713
  if (reset) { /* set up the token buckets to be full */
    conn->read_bucket = conn->write_bucket = burst;
    return;
  }
  /* If the new token bucket is smaller, take out the extra tokens.
   * (If it's larger, don't -- the buckets can grow to reach the cap.) */
  if (conn->read_bucket > burst)
    conn->read_bucket = burst;
  if (conn->write_bucket > burst)
    conn->write_bucket = burst;
714
#endif
715
716
717
}

/** Either our set of relays or our per-conn rate limits have changed.
718
719
 * Go through all the OR connections and update their token buckets to make
 * sure they don't exceed their maximum values. */
720
void
721
722
connection_or_update_token_buckets(smartlist_t *conns,
                                   const or_options_t *options)
723
724
725
726
727
728
{
  SMARTLIST_FOREACH(conns, connection_t *, conn,
  {
    if (connection_speaks_cells(conn))
      connection_or_update_token_buckets_helper(TO_OR_CONN(conn), 0, options);
  });
729
730
731
732
}

/** If we don't necessarily know the router we're connecting to, but we
 * have an addr/port/id_digest, then fill in as much as we can. Start
733
734
735
 * by checking to see if this describes a router we know.
 * <b>started_here</b> is 1 if we are the initiator of <b>conn</b> and
 * 0 if it's an incoming connection.  */
736
void
737
738
739
740
741
connection_or_init_conn_from_address(or_connection_t *conn,
                                     const tor_addr_t *addr, uint16_t port,
                                     const char *id_digest,
                                     int started_here)
{
742
  const node_t *r = node_get_by_id(id_digest);
743
  connection_or_set_identity_digest(conn, id_digest);
744
  connection_or_update_token_buckets_helper(conn, 1, get_options());
745

746
747
  conn->base_.port = port;
  tor_addr_copy(&conn->base_.addr, addr);
748
  tor_addr_copy(&conn->real_addr, addr);
749
  if (r) {
750
751
    tor_addr_port_t node_ap;
    node_get_pref_orport(r, &node_ap);
752
753
    /* XXXX proposal 186 is making this more complex.  For now, a conn
       is canonical when it uses the _preferred_ address. */
754
    if (tor_addr_eq(&conn->base_.addr, &node_ap.addr))
755
      conn->is_canonical = 1;
756
757
758
759
    if (!started_here) {
      /* Override the addr/port, so our log messages will make sense.
       * This is dangerous, since if we ever try looking up a conn by
       * its actual addr/port, we won't remember. Careful! */
760
      /* XXXX arma: this is stupid, and it's the reason we need real_addr
761
       * to track is_canonical properly.  What requires it? */
762
763
764
765
      /* XXXX <arma> i believe the reason we did this, originally, is because
       * we wanted to log what OR a connection was to, and if we logged the
       * right IP address and port 56244, that wouldn't be as helpful. now we
       * log the "right" port too, so we know if it's moria1 or moria2.
766
       */
767
768
      tor_addr_copy(&conn->base_.addr, &node_ap.addr);
      conn->base_.port = node_ap.port;
769
    }
770
    conn->nickname = tor_strdup(node_get_nickname(r));
771
772
    tor_free(conn->base_.address);
    conn->base_.address = tor_dup_addr(&node_ap.addr);
773
  } else {
774
775
776
777
778
779
780
781
782
783
784
785
    const char *n;
    /* If we're an authoritative directory server, we may know a
     * nickname for this router. */
    n = dirserv_get_nickname_by_digest(id_digest);
    if (n) {
      conn->nickname = tor_strdup(n);
    } else {
      conn->nickname = tor_malloc(HEX_DIGEST_LEN+2);
      conn->nickname[0] = '$';
      base16_encode(conn->nickname+1, HEX_DIGEST_LEN+1,
                    conn->identity_digest, DIGEST_LEN);
    }
786
787
    tor_free(conn->base_.address);
    conn->base_.address = tor_dup_addr(addr);
788
  }
789
790
}

791
792
/** These just pass all the is_bad_for_new_circs manipulation on to
 * channel_t */
793

794
795
796
797
static unsigned int
connection_or_is_bad_for_new_circs(or_connection_t *or_conn)
{
  tor_assert(or_conn);
798

799
800
801
  if (or_conn->chan)
    return channel_is_bad_for_new_circs(TLS_CHAN_TO_BASE(or_conn->chan));
  else return 0;
802
803
}

804
805
static void
connection_or_mark_bad_for_new_circs(or_connection_t *or_conn)
806
{
807
  tor_assert(or_conn);
808

809
810
  if (or_conn->chan)
    channel_mark_bad_for_new_circs(TLS_CHAN_TO_BASE(or_conn->chan));
811
812
813
814
815
816
817
}

/** How old do we let a connection to an OR get before deciding it's
 * too old for new circuits? */
#define TIME_BEFORE_OR_CONN_IS_TOO_OLD (60*60*24*7)

/** Given the head of the linked list for all the or_connections with a given
818
819
820
821
822
823
824
825
826
827
828
829
830
 * identity, set elements of that list as is_bad_for_new_circs as
 * appropriate. Helper for connection_or_set_bad_connections().
 *
 * Specifically, we set the is_bad_for_new_circs flag on:
 *    - all connections if <b>force</b> is true.
 *    - all connections that are too old.
 *    - all open non-canonical connections for which a canonical connection
 *      exists to the same router.
 *    - all open canonical connections for which a 'better' canonical
 *      connection exists to the same router.
 *    - all open non-canonical connections for which a 'better' non-canonical
 *      connection exists to the same router at the same address.
 *
831
832
 * See channel_is_better() in channel.c for our idea of what makes one OR
 * connection better than another.
833
834
 */
static void
835
connection_or_group_set_badness(or_connection_t *head, int force)
836
837
838
839
840
841
842
843
{
  or_connection_t *or_conn = NULL, *best = NULL;
  int n_old = 0, n_inprogress = 0, n_canonical = 0, n_other = 0;
  time_t now = time(NULL);

  /* Pass 1: expire everything that's old, and see what the status of
   * everything else is. */
  for (or_conn = head; or_conn; or_conn = or_conn->next_with_same_id) {
844
    if (or_conn->base_.marked_for_close ||
845
        connection_or_is_bad_for_new_circs(or_conn))
846
      continue;
847
    if (force ||
848
        or_conn->base_.timestamp_created + TIME_BEFORE_OR_CONN_IS_TOO_OLD
849
          < now) {
850
851
      log_info(LD_OR,
               "Marking OR conn to %s:%d as too old for new circuits "
852
               "(fd "TOR_SOCKET_T_FORMAT", %d secs old).",
853
854
               or_conn->base_.address, or_conn->base_.port, or_conn->base_.s,
               (int)(now - or_conn->base_.timestamp_created));
855
      connection_or_mark_bad_for_new_circs(or_conn);
856
857
    }

858
    if (connection_or_is_bad_for_new_circs(or_conn)) {
859
      ++n_old;
860
    } else if (or_conn->base_.state != OR_CONN_STATE_OPEN) {
861
862
863
864
865
866
867
868
869
870
871
      ++n_inprogress;
    } else if (or_conn->is_canonical) {
      ++n_canonical;
    } else {
      ++n_other;
    }
  }

  /* Pass 2: We know how about how good the best connection is.
   * expire everything that's worse, and find the very best if we can. */
  for (or_conn = head; or_conn; or_conn = or_conn->next_with_same_id) {
872
    if (or_conn->base_.marked_for_close ||
873
        connection_or_is_bad_for_new_circs(or_conn))
874
      continue; /* This one doesn't need to be marked bad. */
875
    if (or_conn->base_.state != OR_CONN_STATE_OPEN)
876
877
878
879
880
881
      continue; /* Don't mark anything bad until we have seen what happens
                 * when the connection finishes. */
    if (n_canonical && !or_conn->is_canonical) {
      /* We have at least one open canonical connection to this router,
       * and this one is open but not canonical.  Mark it bad. */
      log_info(LD_OR,
882
               "Marking OR conn to %s:%d as unsuitable for new circuits: "
883
               "(fd "TOR_SOCKET_T_FORMAT", %d secs old).  It is not canonical, and we have "
884
               "another connection to that OR that is.",
885
886
               or_conn->base_.address, or_conn->base_.port, or_conn->base_.s,
               (int)(now - or_conn->base_.timestamp_created));
887
      connection_or_mark_bad_for_new_circs(or_conn);
888
889
890
      continue;
    }

891
892
893
894
895
    if (!best ||
        channel_is_better(now,
                          TLS_CHAN_TO_BASE(or_conn->chan),
                          TLS_CHAN_TO_BASE(best->chan),
                          0)) {
896
      best = or_conn;
897
    }
898
899
900
901
902
903
904
905
906
  }

  if (!best)
    return;

  /* Pass 3: One connection to OR is best.  If it's canonical, mark as bad
   * every other open connection.  If it's non-canonical, mark as bad
   * every other open connection to the same address.
   *
907
908
909
910
911
912
913
914
915
   * XXXX This isn't optimal; if we have connections to an OR at multiple
   *   addresses, we'd like to pick the best _for each address_, and mark as
   *   bad every open connection that isn't best for its address.  But this
   *   can only occur in cases where the other OR is old (so we have no
   *   canonical connection to it), or where all the connections to the OR are
   *   at noncanonical addresses and we have no good direct connection (which
   *   means we aren't at risk of attaching circuits to it anyway).  As
   *   0.1.2.x dies out, the first case will go away, and the second one is
   *   "mostly harmless", so a fix can wait until somebody is bored.
916
917
   */
  for (or_conn = head; or_conn; or_conn = or_conn->next_with_same_id) {
918
    if (or_conn->base_.marked_for_close ||
919
        connection_or_is_bad_for_new_circs(or_conn) ||
920
        or_conn->base_.state != OR_CONN_STATE_OPEN)
921
      continue;
922
923
924
925
    if (or_conn != best &&
        channel_is_better(now,
                          TLS_CHAN_TO_BASE(best->chan),
                          TLS_CHAN_TO_BASE(or_conn->chan), 1)) {
926
927
      /* This isn't the best conn, _and_ the best conn is better than it,
         even when we're being forgiving. */
928
929
      if (best->is_canonical) {
        log_info(LD_OR,
930
                 "Marking OR conn to %s:%d as unsuitable for new circuits: "
931
932
933
                 "(fd "TOR_SOCKET_T_FORMAT", %d secs old). "
                 "We have a better canonical one "
                 "(fd "TOR_SOCKET_T_FORMAT"; %d secs old).",
934
935
936
                 or_conn->base_.address, or_conn->base_.port, or_conn->base_.s,
                 (int)(now - or_conn->base_.timestamp_created),
                 best->base_.s, (int)(now - best->base_.timestamp_created));
937
        connection_or_mark_bad_for_new_circs(or_conn);
938
939
940
      } else if (!tor_addr_compare(&or_conn->real_addr,
                                   &best->real_addr, CMP_EXACT)) {
        log_info(LD_OR,
941
                 "Marking OR conn to %s:%d as unsuitable for new circuits: "
942
943
944
                 "(fd "TOR_SOCKET_T_FORMAT", %d secs old).  We have a better "
                 "one with the "
                 "same address (fd "TOR_SOCKET_T_FORMAT"; %d secs old).",
945
946
947
                 or_conn->base_.address, or_conn->base_.port, or_conn->base_.s,
                 (int)(now - or_conn->base_.timestamp_created),
                 best->base_.s, (int)(now - best->base_.timestamp_created));
948
        connection_or_mark_bad_for_new_circs(or_conn);
949
950
951
952
953
      }
    }
  }
}

954
955
/** Go through all the OR connections (or if <b>digest</b> is non-NULL, just
 * the OR connections with that digest), and set the is_bad_for_new_circs
956
957
 * flag based on the rules in connection_or_group_set_badness() (or just
 * always set it if <b>force</b> is true).
958
959
 */
void
960
connection_or_set_bad_connections(const char *digest, int force)
961
962
963
964
965
{
  if (!orconn_identity_map)
    return;

  DIGESTMAP_FOREACH(orconn_identity_map, identity, or_connection_t *, conn) {
966
    if (!digest || tor_memeq(digest, conn->identity_digest, DIGEST_LEN))
967
      connection_or_group_set_badness(conn, force);
968
  } DIGESTMAP_FOREACH_END;
969
970
}

971
972
973
974
975
976
977
978
979
980
981
982
983
984
985
/** <b>conn</b> is in the 'connecting' state, and it failed to complete
 * a TCP connection. Send notifications appropriately.
 *
 * <b>reason</b> specifies the or_conn_end_reason for the failure;
 * <b>msg</b> specifies the strerror-style error message.
 */
void
connection_or_connect_failed(or_connection_t *conn,
                             int reason, const char *msg)
{
  control_event_or_conn_status(conn, OR_CONN_EVENT_FAILED, reason);
  if (!authdir_mode_tests_reachability(get_options()))
    control_event_bootstrap_problem(msg, reason);
}

986
987
988
989
990
991
992
993
994
995
996
997
998
999
1000
/** <b>conn</b> got an error in connection_handle_read_impl() or
 * connection_handle_write_impl() and is going to die soon.
 *
 * <b>reason</b> specifies the or_conn_end_reason for the failure;
 * <b>msg</b> specifies the strerror-style error message.
 */
void
connection_or_notify_error(or_connection_t *conn,
                           int reason, const char *msg)
{
  channel_t *chan;

  tor_assert(conn);

  /* If we're connecting, call connect_failed() too */