reasons.c 16.5 KB
Newer Older
1
/* Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson.
Nick Mathewson's avatar
Nick Mathewson committed
2
 * Copyright (c) 2007-2019, The Tor Project, Inc. */
3
4
5
6
7
8
/* See LICENSE for licensing information */

/**
 * \file reasons.c
 * \brief Convert circuit, stream, and orconn error reasons to and/or from
 * strings and errno values.
9
10
11
12
13
14
 *
 * This module is just a bunch of functions full of case statements that
 * convert from one representation of our error codes to another. These are
 * mainly used in generating log messages, in sending messages to the
 * controller in control.c, and in converting errors from one protocol layer
 * to another.
15
16
 **/

17
18
19
#include "core/or/or.h"
#include "app/config/config.h"
#include "core/or/reasons.h"
20
#include "feature/nodelist/node_select.h"
21
#include "lib/tls/tortls.h"
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38

/***************************** Edge (stream) reasons **********************/

/** Convert the reason for ending a stream <b>reason</b> into the format used
 * in STREAM events. Return NULL if the reason is unrecognized. */
const char *
stream_end_reason_to_control_string(int reason)
{
  reason &= END_STREAM_REASON_MASK;
  switch (reason) {
    case END_STREAM_REASON_MISC: return "MISC";
    case END_STREAM_REASON_RESOLVEFAILED: return "RESOLVEFAILED";
    case END_STREAM_REASON_CONNECTREFUSED: return "CONNECTREFUSED";
    case END_STREAM_REASON_EXITPOLICY: return "EXITPOLICY";
    case END_STREAM_REASON_DESTROY: return "DESTROY";
    case END_STREAM_REASON_DONE: return "DONE";
    case END_STREAM_REASON_TIMEOUT: return "TIMEOUT";
39
    case END_STREAM_REASON_NOROUTE: return "NOROUTE";
40
41
42
43
44
45
46
47
48
49
    case END_STREAM_REASON_HIBERNATING: return "HIBERNATING";
    case END_STREAM_REASON_INTERNAL: return "INTERNAL";
    case END_STREAM_REASON_RESOURCELIMIT: return "RESOURCELIMIT";
    case END_STREAM_REASON_CONNRESET: return "CONNRESET";
    case END_STREAM_REASON_TORPROTOCOL: return "TORPROTOCOL";
    case END_STREAM_REASON_NOTDIRECTORY: return "NOTDIRECTORY";

    case END_STREAM_REASON_CANT_ATTACH: return "CANT_ATTACH";
    case END_STREAM_REASON_NET_UNREACHABLE: return "NET_UNREACHABLE";
    case END_STREAM_REASON_SOCKSPROTOCOL: return "SOCKS_PROTOCOL";
50
51
    // XXXX Controlspec
    case END_STREAM_REASON_HTTPPROTOCOL: return "HTTP_PROTOCOL";
52

53
54
    case END_STREAM_REASON_PRIVATE_ADDR: return "PRIVATE_ADDR";

55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
    default: return NULL;
  }
}

/** Translate <b>reason</b>, which came from a relay 'end' cell,
 * into a static const string describing why the stream is closing.
 * <b>reason</b> is -1 if no reason was provided.
 */
const char *
stream_end_reason_to_string(int reason)
{
  switch (reason) {
    case -1:
      log_fn(LOG_PROTOCOL_WARN, LD_PROTOCOL,
             "End cell arrived with length 0. Should be at least 1.");
      return "MALFORMED";
    case END_STREAM_REASON_MISC:           return "misc error";
    case END_STREAM_REASON_RESOLVEFAILED:  return "resolve failed";
    case END_STREAM_REASON_CONNECTREFUSED: return "connection refused";
    case END_STREAM_REASON_EXITPOLICY:     return "exit policy failed";
    case END_STREAM_REASON_DESTROY:        return "destroyed";
    case END_STREAM_REASON_DONE:           return "closed normally";
    case END_STREAM_REASON_TIMEOUT:        return "gave up (timeout)";
78
    case END_STREAM_REASON_NOROUTE:        return "no route to host";
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
    case END_STREAM_REASON_HIBERNATING:    return "server is hibernating";
    case END_STREAM_REASON_INTERNAL:       return "internal error at server";
    case END_STREAM_REASON_RESOURCELIMIT:  return "server out of resources";
    case END_STREAM_REASON_CONNRESET:      return "connection reset";
    case END_STREAM_REASON_TORPROTOCOL:    return "Tor protocol error";
    case END_STREAM_REASON_NOTDIRECTORY:   return "not a directory";
    default:
      log_fn(LOG_PROTOCOL_WARN, LD_PROTOCOL,
             "Reason for ending (%d) not recognized.",reason);
      return "unknown";
  }
}

/** Translate <b>reason</b> (as from a relay 'end' cell) into an
 * appropriate SOCKS5 reply code.
 *
 * A reason of 0 means that we're not actually expecting to send
 * this code back to the socks client; we just call it 'succeeded'
 * to keep things simple.
 */
socks5_reply_status_t
stream_end_reason_to_socks5_response(int reason)
{
  switch (reason & END_STREAM_REASON_MASK) {
    case 0:
      return SOCKS5_SUCCEEDED;
    case END_STREAM_REASON_MISC:
      return SOCKS5_GENERAL_ERROR;
    case END_STREAM_REASON_RESOLVEFAILED:
      return SOCKS5_HOST_UNREACHABLE;
    case END_STREAM_REASON_CONNECTREFUSED:
      return SOCKS5_CONNECTION_REFUSED;
    case END_STREAM_REASON_ENTRYPOLICY:
      return SOCKS5_NOT_ALLOWED;
    case END_STREAM_REASON_EXITPOLICY:
      return SOCKS5_NOT_ALLOWED;
    case END_STREAM_REASON_DESTROY:
      return SOCKS5_GENERAL_ERROR;
    case END_STREAM_REASON_DONE:
118
119
120
121
122
123
      /* Note that 'DONE' usually indicates a successful close from the other
       * side of the stream... but if we receive it before a connected cell --
       * that is, before we have sent a SOCKS reply -- that means that the
       * other side of the circuit closed the connection before telling us it
       * was complete. */
      return SOCKS5_CONNECTION_REFUSED;
124
125
    case END_STREAM_REASON_TIMEOUT:
      return SOCKS5_TTL_EXPIRED;
126
127
    case END_STREAM_REASON_NOROUTE:
      return SOCKS5_HOST_UNREACHABLE;
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
    case END_STREAM_REASON_RESOURCELIMIT:
      return SOCKS5_GENERAL_ERROR;
    case END_STREAM_REASON_HIBERNATING:
      return SOCKS5_GENERAL_ERROR;
    case END_STREAM_REASON_INTERNAL:
      return SOCKS5_GENERAL_ERROR;
    case END_STREAM_REASON_CONNRESET:
      return SOCKS5_CONNECTION_REFUSED;
    case END_STREAM_REASON_TORPROTOCOL:
      return SOCKS5_GENERAL_ERROR;

    case END_STREAM_REASON_CANT_ATTACH:
      return SOCKS5_GENERAL_ERROR;
    case END_STREAM_REASON_NET_UNREACHABLE:
      return SOCKS5_NET_UNREACHABLE;
    case END_STREAM_REASON_SOCKSPROTOCOL:
      return SOCKS5_GENERAL_ERROR;
145
146
147
148
149
    case END_STREAM_REASON_HTTPPROTOCOL:
      // LCOV_EXCL_START
      tor_assert_nonfatal_unreached();
      return SOCKS5_GENERAL_ERROR;
      // LCOV_EXCL_STOP
150
151
152
    case END_STREAM_REASON_PRIVATE_ADDR:
      return SOCKS5_GENERAL_ERROR;

153
154
155
156
157
158
159
160
161
162
163
164
165
    default:
      log_fn(LOG_PROTOCOL_WARN, LD_PROTOCOL,
             "Reason for ending (%d) not recognized; "
             "sending generic socks error.", reason);
      return SOCKS5_GENERAL_ERROR;
  }
}

/* We need to use a few macros to deal with the fact that Windows
 * decided that their sockets interface should be a permakludge.
 * E_CASE is for errors where windows has both a EFOO and a WSAEFOO
 * version, and S_CASE is for errors where windows has only a WSAEFOO
 * version.  (The E is for 'error', the S is for 'socket'). */
166
#ifdef _WIN32
167
168
169
170
171
#define E_CASE(s) case s: case WSA ## s
#define S_CASE(s) case WSA ## s
#else
#define E_CASE(s) case s
#define S_CASE(s) case s
172
#endif /* defined(_WIN32) */
173
174

/** Given an errno from a failed exit connection, return a reason code
175
176
 * appropriate for use in a RELAY END cell. */
uint8_t
177
178
errno_to_stream_end_reason(int e)
{
179
180
181
  /* To add new errors here, find out if they exist on Windows, and if a WSA*
   * equivalent exists on windows. Add a case, an S_CASE, or an E_CASE as
   * appropriate. */
182
183
184
185
186
187
188
189
190
191
192
193
  switch (e) {
    case EPIPE:
      return END_STREAM_REASON_DONE;
    E_CASE(EBADF):
    E_CASE(EFAULT):
    E_CASE(EINVAL):
    S_CASE(EISCONN):
    S_CASE(ENOTSOCK):
    S_CASE(EPROTONOSUPPORT):
    S_CASE(EAFNOSUPPORT):
    S_CASE(ENOTCONN):
      return END_STREAM_REASON_INTERNAL;
194
    S_CASE(ENETUNREACH):
195
    S_CASE(EHOSTUNREACH):
Nick Mathewson's avatar
Nick Mathewson committed
196
    E_CASE(EACCES):
197
    case EPERM:
198
      return END_STREAM_REASON_NOROUTE;
199
200
201
202
203
204
205
206
207
    S_CASE(ECONNREFUSED):
      return END_STREAM_REASON_CONNECTREFUSED;
    S_CASE(ECONNRESET):
      return END_STREAM_REASON_CONNRESET;
    S_CASE(ETIMEDOUT):
      return END_STREAM_REASON_TIMEOUT;
    S_CASE(ENOBUFS):
    case ENOMEM:
    case ENFILE:
208
209
    S_CASE(EADDRINUSE):
    S_CASE(EADDRNOTAVAIL):
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
    E_CASE(EMFILE):
      return END_STREAM_REASON_RESOURCELIMIT;
    default:
      log_info(LD_EXIT, "Didn't recognize errno %d (%s); telling the client "
               "that we are ending a stream for 'misc' reason.",
               e, tor_socket_strerror(e));
      return END_STREAM_REASON_MISC;
  }
}

/***************************** ORConn reasons *****************************/

/** Convert the reason for ending an OR connection <b>r</b> into the format
 * used in ORCONN events. Return "UNKNOWN" if the reason is unrecognized. */
const char *
orconn_end_reason_to_control_string(int r)
{
227
228
229
  /* To add new errors here, find out if they exist on Windows, and if a WSA*
   * equivalent exists on windows. Add a case, an S_CASE, or an E_CASE as
   * appropriate. */
230
231
232
  switch (r) {
    case END_OR_CONN_REASON_DONE:
      return "DONE";
233
    case END_OR_CONN_REASON_REFUSED:
234
235
236
      return "CONNECTREFUSED";
    case END_OR_CONN_REASON_OR_IDENTITY:
      return "IDENTITY";
237
    case END_OR_CONN_REASON_CONNRESET:
238
      return "CONNECTRESET";
239
    case END_OR_CONN_REASON_TIMEOUT:
240
      return "TIMEOUT";
241
    case END_OR_CONN_REASON_NO_ROUTE:
242
      return "NOROUTE";
243
    case END_OR_CONN_REASON_IO_ERROR:
244
      return "IOERROR";
245
246
247
    case END_OR_CONN_REASON_RESOURCE_LIMIT:
      return "RESOURCELIMIT";
    case END_OR_CONN_REASON_MISC:
248
      return "MISC";
249
250
    case END_OR_CONN_REASON_PT_MISSING:
      return "PT_MISSING";
251
252
253
254
255
256
257
258
259
260
261
262
263
264
    case 0:
      return "";
    default:
      log_warn(LD_BUG, "Unrecognized or_conn reason code %d", r);
      return "UNKNOWN";
  }
}

/** Convert a TOR_TLS_* error code into an END_OR_CONN_* reason. */
int
tls_error_to_orconn_end_reason(int e)
{
  switch (e) {
    case TOR_TLS_ERROR_IO:
265
      return END_OR_CONN_REASON_IO_ERROR;
266
    case TOR_TLS_ERROR_CONNREFUSED:
267
      return END_OR_CONN_REASON_REFUSED;
268
    case TOR_TLS_ERROR_CONNRESET:
269
      return END_OR_CONN_REASON_CONNRESET;
270
    case TOR_TLS_ERROR_NO_ROUTE:
271
      return END_OR_CONN_REASON_NO_ROUTE;
272
    case TOR_TLS_ERROR_TIMEOUT:
273
      return END_OR_CONN_REASON_TIMEOUT;
274
275
276
277
278
279
    case TOR_TLS_WANTREAD:
    case TOR_TLS_WANTWRITE:
    case TOR_TLS_CLOSE:
    case TOR_TLS_DONE:
      return END_OR_CONN_REASON_DONE;
    default:
280
281
282
283
284
285
286
287
288
289
290
291
292
293
      return END_OR_CONN_REASON_MISC;
  }
}

/** Given an errno from a failed ORConn connection, return a reason code
 * appropriate for use in the controller orconn events. */
int
errno_to_orconn_end_reason(int e)
{
  switch (e) {
    case EPIPE:
      return END_OR_CONN_REASON_DONE;
    S_CASE(ENOTCONN):
    S_CASE(ENETUNREACH):
294
295
    S_CASE(ENETDOWN):
    S_CASE(EHOSTUNREACH):
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
      return END_OR_CONN_REASON_NO_ROUTE;
    S_CASE(ECONNREFUSED):
      return END_OR_CONN_REASON_REFUSED;
    S_CASE(ECONNRESET):
      return END_OR_CONN_REASON_CONNRESET;
    S_CASE(ETIMEDOUT):
      return END_OR_CONN_REASON_TIMEOUT;
    S_CASE(ENOBUFS):
    case ENOMEM:
    case ENFILE:
    E_CASE(EMFILE):
    E_CASE(EACCES):
    E_CASE(EBADF):
    E_CASE(EFAULT):
    E_CASE(EINVAL):
      return END_OR_CONN_REASON_RESOURCE_LIMIT;
    default:
      log_info(LD_OR, "Didn't recognize errno %d (%s).",
               e, tor_socket_strerror(e));
      return END_OR_CONN_REASON_MISC;
316
317
318
319
320
321
322
323
324
325
  }
}

/***************************** Circuit reasons *****************************/

/** Convert a numeric reason for destroying a circuit into a string for a
 * CIRCUIT event. */
const char *
circuit_end_reason_to_control_string(int reason)
{
326
327
328
  int is_remote = 0;

  if (reason >= 0 && reason & END_CIRC_REASON_FLAG_REMOTE) {
329
    reason &= ~END_CIRC_REASON_FLAG_REMOTE;
330
331
332
    is_remote = 1;
  }

333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
  switch (reason) {
    case END_CIRC_AT_ORIGIN:
      /* This shouldn't get passed here; it's a catch-all reason. */
      return "ORIGIN";
    case END_CIRC_REASON_NONE:
      /* This shouldn't get passed here; it's a catch-all reason. */
      return "NONE";
    case END_CIRC_REASON_TORPROTOCOL:
      return "TORPROTOCOL";
    case END_CIRC_REASON_INTERNAL:
      return "INTERNAL";
    case END_CIRC_REASON_REQUESTED:
      return "REQUESTED";
    case END_CIRC_REASON_HIBERNATING:
      return "HIBERNATING";
    case END_CIRC_REASON_RESOURCELIMIT:
      return "RESOURCELIMIT";
    case END_CIRC_REASON_CONNECTFAILED:
      return "CONNECTFAILED";
    case END_CIRC_REASON_OR_IDENTITY:
      return "OR_IDENTITY";
354
355
    case END_CIRC_REASON_CHANNEL_CLOSED:
      return "CHANNEL_CLOSED";
356
357
358
359
360
361
362
363
364
365
    case END_CIRC_REASON_FINISHED:
      return "FINISHED";
    case END_CIRC_REASON_TIMEOUT:
      return "TIMEOUT";
    case END_CIRC_REASON_DESTROYED:
      return "DESTROYED";
    case END_CIRC_REASON_NOPATH:
      return "NOPATH";
    case END_CIRC_REASON_NOSUCHSERVICE:
      return "NOSUCHSERVICE";
366
367
    case END_CIRC_REASON_MEASUREMENT_EXPIRED:
      return "MEASUREMENT_EXPIRED";
368
369
    case END_CIRC_REASON_IP_NOW_REDUNDANT:
      return "IP_NOW_REDUNDANT";
370
    default:
371
372
373
374
375
376
377
378
379
380
381
382
      if (is_remote) {
        /*
         * If it's remote, it's not a bug *here*, so don't use LD_BUG, but
         * do note that the someone we're talking to is speaking the Tor
         * protocol with a weird accent.
         */
        log_warn(LD_PROTOCOL,
                 "Remote server sent bogus reason code %d", reason);
      } else {
        log_warn(LD_BUG,
                 "Unrecognized reason code %d", reason);
      }
383
384
385
386
      return NULL;
  }
}

Roger Dingledine's avatar
Roger Dingledine committed
387
/** Return a string corresponding to a SOCKS4 response code. */
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
const char *
socks4_response_code_to_string(uint8_t code)
{
  switch (code) {
    case 0x5a:
      return "connection accepted";
    case 0x5b:
      return "server rejected connection";
    case 0x5c:
      return "server cannot connect to identd on this client";
    case 0x5d:
      return "user id does not match identd";
    default:
      return "invalid SOCKS 4 response code";
  }
}

Roger Dingledine's avatar
Roger Dingledine committed
405
/** Return a string corresponding to a SOCKS5 response code. */
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
const char *
socks5_response_code_to_string(uint8_t code)
{
  switch (code) {
    case 0x00:
      return "connection accepted";
    case 0x01:
      return "general SOCKS server failure";
    case 0x02:
      return "connection not allowed by ruleset";
    case 0x03:
      return "Network unreachable";
    case 0x04:
      return "Host unreachable";
    case 0x05:
      return "Connection refused";
    case 0x06:
      return "TTL expired";
    case 0x07:
      return "Command not supported";
    case 0x08:
      return "Address type not supported";
    default:
      return "unknown reason";
  }
}
432

433
/** Return a string corresponding to a bandwidth_weight_rule_t */
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
const char *
bandwidth_weight_rule_to_string(bandwidth_weight_rule_t rule)
{
  switch (rule)
    {
    case NO_WEIGHTING:
      return "no weighting";
    case WEIGHT_FOR_EXIT:
      return "weight as exit";
    case WEIGHT_FOR_MID:
      return "weight as middle node";
    case WEIGHT_FOR_GUARD:
      return "weight as guard";
    case WEIGHT_FOR_DIR:
      return "weight as directory";
    default:
      return "unknown rule";
  }
}

454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
/** Given a RELAY_END reason value, convert it to an HTTP response to be
 * send over an HTTP tunnel connection. */
const char *
end_reason_to_http_connect_response_line(int endreason)
{
  endreason &= END_STREAM_REASON_MASK;
  /* XXXX these are probably all wrong. Should they all be 502? */
  switch (endreason) {
    case 0:
      return "HTTP/1.0 200 OK\r\n\r\n";
    case END_STREAM_REASON_MISC:
      return "HTTP/1.0 500 Internal Server Error\r\n\r\n";
    case END_STREAM_REASON_RESOLVEFAILED:
      return "HTTP/1.0 404 Not Found (resolve failed)\r\n\r\n";
    case END_STREAM_REASON_NOROUTE:
      return "HTTP/1.0 404 Not Found (no route)\r\n\r\n";
    case END_STREAM_REASON_CONNECTREFUSED:
      return "HTTP/1.0 403 Forbidden (connection refused)\r\n\r\n";
    case END_STREAM_REASON_EXITPOLICY:
      return "HTTP/1.0 403 Forbidden (exit policy)\r\n\r\n";
    case END_STREAM_REASON_DESTROY:
      return "HTTP/1.0 502 Bad Gateway (destroy cell received)\r\n\r\n";
    case END_STREAM_REASON_DONE:
      return "HTTP/1.0 502 Bad Gateway (unexpected close)\r\n\r\n";
    case END_STREAM_REASON_TIMEOUT:
      return "HTTP/1.0 504 Gateway Timeout\r\n\r\n";
    case END_STREAM_REASON_HIBERNATING:
      return "HTTP/1.0 502 Bad Gateway (hibernating server)\r\n\r\n";
    case END_STREAM_REASON_INTERNAL:
      return "HTTP/1.0 502 Bad Gateway (internal error)\r\n\r\n";
    case END_STREAM_REASON_RESOURCELIMIT:
      return "HTTP/1.0 502 Bad Gateway (resource limit)\r\n\r\n";
    case END_STREAM_REASON_CONNRESET:
      return "HTTP/1.0 403 Forbidden (connection reset)\r\n\r\n";
    case END_STREAM_REASON_TORPROTOCOL:
      return "HTTP/1.0 502 Bad Gateway (tor protocol violation)\r\n\r\n";
    case END_STREAM_REASON_ENTRYPOLICY:
      return "HTTP/1.0 403 Forbidden (entry policy violation)\r\n\r\n";
492
    case END_STREAM_REASON_NOTDIRECTORY: FALLTHROUGH;
493
494
495
496
497
    default:
      tor_assert_nonfatal_unreached();
      return "HTTP/1.0 500 Internal Server Error (weird end reason)\r\n\r\n";
  }
}