or.h 105 KB
Newer Older
Roger Dingledine's avatar
Roger Dingledine committed
1
2
3
/* Copyright (c) 2001 Matej Pfajfar.
 * Copyright (c) 2001-2004, Roger Dingledine.
 * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson. */
4
/* See LICENSE for licensing information */
Roger Dingledine's avatar
Roger Dingledine committed
5
6
/* $Id$ */

Nick Mathewson's avatar
Nick Mathewson committed
7
8
9
/**
 * \file or.h
 * \brief Master header file for Tor-specific functionality.
10
 **/
Nick Mathewson's avatar
Nick Mathewson committed
11

Roger Dingledine's avatar
Roger Dingledine committed
12
13
#ifndef __OR_H
#define __OR_H
14
#define OR_H_ID "$Id$"
Roger Dingledine's avatar
Roger Dingledine committed
15

Nick Mathewson's avatar
Nick Mathewson committed
16
#include "orconfig.h"
17
18
19
20
21
#ifdef MS_WINDOWS
#define WIN32_WINNT 0x400
#define _WIN32_WINNT 0x400
#define WIN32_LEAN_AND_MEAN
#endif
Nick Mathewson's avatar
Nick Mathewson committed
22

Roger Dingledine's avatar
Roger Dingledine committed
23
24
#include <stdio.h>
#include <stdlib.h>
25
#ifdef HAVE_UNISTD_H
Roger Dingledine's avatar
Roger Dingledine committed
26
#include <unistd.h>
27
28
#endif
#ifdef HAVE_STRING_H
Roger Dingledine's avatar
Roger Dingledine committed
29
#include <string.h>
30
31
#endif
#ifdef HAVE_SIGNAL_H
Roger Dingledine's avatar
Roger Dingledine committed
32
#include <signal.h>
33
34
#endif
#ifdef HAVE_NETDB_H
Roger Dingledine's avatar
Roger Dingledine committed
35
#include <netdb.h>
36
37
#endif
#ifdef HAVE_CTYPE_H
Roger Dingledine's avatar
Roger Dingledine committed
38
#include <ctype.h>
39
#endif
40
41
42
#ifdef HAVE_SYS_PARAM_H
#include <sys/param.h> /* FreeBSD needs this to know what version it is */
#endif
43
#include "../common/torint.h"
Roger Dingledine's avatar
Roger Dingledine committed
44
45
46
#ifdef HAVE_SYS_WAIT_H
#include <sys/wait.h>
#endif
47
#ifdef HAVE_SYS_FCNTL_H
Roger Dingledine's avatar
Roger Dingledine committed
48
#include <sys/fcntl.h>
49
50
51
52
53
#endif
#ifdef HAVE_FCNTL_H
#include <fcntl.h>
#endif
#ifdef HAVE_SYS_IOCTL_H
Roger Dingledine's avatar
Roger Dingledine committed
54
#include <sys/ioctl.h>
55
56
#endif
#ifdef HAVE_SYS_SOCKET_H
Roger Dingledine's avatar
Roger Dingledine committed
57
#include <sys/socket.h>
58
59
#endif
#ifdef HAVE_SYS_TIME_H
Roger Dingledine's avatar
Roger Dingledine committed
60
#include <sys/time.h>
61
62
#endif
#ifdef HAVE_SYS_STAT_H
63
#include <sys/stat.h>
64
65
#endif
#ifdef HAVE_NETINET_IN_H
Roger Dingledine's avatar
Roger Dingledine committed
66
#include <netinet/in.h>
67
68
#endif
#ifdef HAVE_ARPA_INET_H
Roger Dingledine's avatar
Roger Dingledine committed
69
#include <arpa/inet.h>
70
71
#endif
#ifdef HAVE_ERRNO_H
Roger Dingledine's avatar
Roger Dingledine committed
72
#include <errno.h>
73
74
#endif
#ifdef HAVE_ASSERT_H
Roger Dingledine's avatar
Roger Dingledine committed
75
#include <assert.h>
76
77
#endif
#ifdef HAVE_TIME_H
78
#include <time.h>
79
#endif
80

81
82
83
84
/** Upper bound on maximum simultaneous connections; can be lowered by
 * config file. */
#define MAXCONNECTIONS 15000

85
#ifdef MS_WINDOWS
86
87
88
89
90
91
92
93
/* No, we don't need to redefine FD_SETSIZE before including winsock:
 * we use libevent now, and libevent handles the select() stuff.  Yes,
 * some documents imply that we need to redefine anyway if we're using
 * select() anywhere in our application or in anything it links to: these
 * documents are either the holy texts of a cargo cult of network
 * programmers, or more likely a simplification of what's going on for
 * people who haven't read winsock[2].c for themselves.
 */
94
#if (_MSC_VER <= 1300)
95
#include <winsock.h>
96
#else
97
98
#include <winsock2.h>
#include <ws2tcpip.h>
99
#endif
100
101
#endif

102
#ifdef MS_WINDOWS
103
#include <io.h>
Roger Dingledine's avatar
Roger Dingledine committed
104
#include <process.h>
105
#include <direct.h>
106
#include <windows.h>
107
#define snprintf _snprintf
108
109
#endif

Nick Mathewson's avatar
Nick Mathewson committed
110
111
112
113
114
115
#ifdef HAVE_EVENT_H
#include <event.h>
#else
#error "Tor requires libevent to build."
#endif

116
#include "../common/crypto.h"
117
#include "../common/tortls.h"
Roger Dingledine's avatar
Roger Dingledine committed
118
#include "../common/log.h"
119
120
#include "../common/compat.h"
#include "../common/container.h"
121
#include "../common/util.h"
122
#include "../common/torgzip.h"
Roger Dingledine's avatar
Roger Dingledine committed
123

Nick Mathewson's avatar
Nick Mathewson committed
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
/* These signals are defined to help control_signal_act work.
 * XXXX Move into compat.h ?
 */
#ifndef SIGHUP
#define SIGHUP 1
#endif
#ifndef SIGINT
#define SIGINT 2
#endif
#ifndef SIGUSR1
#define SIGUSR1 10
#endif
#ifndef SIGUSR2
#define SIGUSR2 12
#endif
#ifndef SIGTERM
#define SIGTERM 15
#endif
142
143
144
/* Controller signals start at a high number so we don't
 * conflict with system-defined signals. */
#define SIGNEWNYM 129
Nick Mathewson's avatar
Nick Mathewson committed
145

146
147
148
149
150
151
#if (SIZEOF_CELL_T != 0)
/* On Irix, stdlib.h defines a cell_t type, so we need to make sure
 * that our stuff always calls cell_t something different. */
#define cell_t tor_cell_t
#endif

152
#define DEFAULT_BANDWIDTH_OP (1024 * 1000)
153
#define MAX_NICKNAME_LEN 19
154
/* Hex digest plus dollar sign. */
155
#define MAX_HEX_NICKNAME_LEN (HEX_DIGEST_LEN+1)
156
157
158
/** Maximum size, in bytes, for resized buffers. */
#define MAX_BUF_SIZE ((1<<24)-1)
#define MAX_DIR_SIZE MAX_BUF_SIZE
Roger Dingledine's avatar
Roger Dingledine committed
159

160
161
162
163
/* For http parsing */
#define MAX_HEADERS_SIZE 50000
#define MAX_BODY_SIZE 500000

164
165
/** How long do we keep DNS cache entries before purging them (regardless of
 * their TTL)? */
166
#define MAX_DNS_ENTRY_AGE (30*60)
167
168
169
170
171
#define DEFAULT_DNS_TTL (30*60)
/** How long can a TTL be before we stop believing it? */
#define MAX_DNS_TTL (3*60*60)
/** How small can a TTL be before we stop believing it? */
#define MIN_DNS_TTL (60)
172

Nick Mathewson's avatar
Nick Mathewson committed
173
/** How often do we rotate onion keys? */
174
#define MIN_ONION_KEY_LIFETIME (7*24*60*60)
Nick Mathewson's avatar
Nick Mathewson committed
175
/** How often do we rotate TLS contexts? */
176
#define MAX_SSL_KEY_LIFETIME (2*60*60)
177

Roger Dingledine's avatar
Roger Dingledine committed
178
179
/** How old do we allow a router to get before removing it
 * from the router list? In seconds. */
180
181
182
183
#define ROUTER_MAX_AGE (60*60*48)
/** How old can a router get before we (as a server) will no longer
 * consider it live? In seconds. */
#define ROUTER_MAX_AGE_TO_PUBLISH (60*60*20)
184
/** How old do we let a saved descriptor get before removing it? */
185
186
187
#define OLD_ROUTER_DESC_MAX_AGE (60*60*60)
/** How old do we let a networkstatus get before ignoring it? */
#define NETWORKSTATUS_MAX_AGE (60*60*24)
188

189
190
191
192
typedef enum {
  CIRC_ID_TYPE_LOWER=0,
  CIRC_ID_TYPE_HIGHER=1
} circ_id_type_t;
193

194
#define _CONN_TYPE_MIN 3
Nick Mathewson's avatar
Nick Mathewson committed
195
/** Type for sockets listening for OR connections. */
Roger Dingledine's avatar
Roger Dingledine committed
196
#define CONN_TYPE_OR_LISTENER 3
197
198
/** A bidirectional TLS connection transmitting a sequence of cells.
 * May be from an OR to an OR, or from an OP to an OR. */
Roger Dingledine's avatar
Roger Dingledine committed
199
#define CONN_TYPE_OR 4
200
/** A TCP connection from an onion router to a stream's destination. */
201
#define CONN_TYPE_EXIT 5
202
/** Type for sockets listening for SOCKS connections. */
203
#define CONN_TYPE_AP_LISTENER 6
204
205
/** A SOCKS proxy connection from the user application to the onion
 * proxy. */
206
#define CONN_TYPE_AP 7
207
/** Type for sockets listening for HTTP connections to the directory server. */
208
#define CONN_TYPE_DIR_LISTENER 8
209
/** Type for HTTP connections to the directory server. */
210
#define CONN_TYPE_DIR 9
211
/** Connection from the main process to a DNS worker process. */
212
#define CONN_TYPE_DNSWORKER 10
213
/** Connection from the main process to a CPU worker process. */
Roger Dingledine's avatar
Roger Dingledine committed
214
#define CONN_TYPE_CPUWORKER 11
Roger Dingledine's avatar
Roger Dingledine committed
215
/** Type for listening for connections from user interface process. */
216
#define CONN_TYPE_CONTROL_LISTENER 12
Roger Dingledine's avatar
Roger Dingledine committed
217
/** Type for connections from user interface process. */
218
219
#define CONN_TYPE_CONTROL 13
#define _CONN_TYPE_MAX 13
Roger Dingledine's avatar
Roger Dingledine committed
220

221
222
#define CONN_IS_EDGE(x) \
  ((x)->type == CONN_TYPE_EXIT || (x)->type == CONN_TYPE_AP)
223

224
/** State for any listener connection. */
Roger Dingledine's avatar
Roger Dingledine committed
225
226
#define LISTENER_STATE_READY 0

227
#define _DNSWORKER_STATE_MIN 1
228
/** State for a connection to a dnsworker process that's idle. */
229
#define DNSWORKER_STATE_IDLE 1
230
231
/** State for a connection to a dnsworker process that's resolving a
 * hostname. */
232
233
#define DNSWORKER_STATE_BUSY 2
#define _DNSWORKER_STATE_MAX 2
234

235
#define _CPUWORKER_STATE_MIN 1
236
/** State for a connection to a cpuworker process that's idle. */
237
#define CPUWORKER_STATE_IDLE 1
Nick Mathewson's avatar
Nick Mathewson committed
238
/** State for a connection to a cpuworker process that's processing a
239
 * handshake. */
240
#define CPUWORKER_STATE_BUSY_ONION 2
Nick Mathewson's avatar
Nick Mathewson committed
241
#define _CPUWORKER_STATE_MAX 2
Roger Dingledine's avatar
Roger Dingledine committed
242
243
244

#define CPUWORKER_TASK_ONION CPUWORKER_STATE_BUSY_ONION

245
#define _OR_CONN_STATE_MIN 1
246
/** State for a connection to an OR: waiting for connect() to finish. */
Nick Mathewson's avatar
Nick Mathewson committed
247
#define OR_CONN_STATE_CONNECTING 1
248
249
250
251
/** State for a connection to an OR: waiting for proxy command to flush. */
#define OR_CONN_STATE_PROXY_FLUSHING 2
/** State for a connection to an OR: waiting for proxy response. */
#define OR_CONN_STATE_PROXY_READING 3
252
/** State for a connection to an OR: SSL is handshaking, not done yet. */
253
#define OR_CONN_STATE_HANDSHAKING 4
Nick Mathewson's avatar
Nick Mathewson committed
254
/** State for a connection to an OR: Ready to send/receive cells. */
255
256
#define OR_CONN_STATE_OPEN 5
#define _OR_CONN_STATE_MAX 5
257
258

#define _EXIT_CONN_STATE_MIN 1
259
/** State for an exit connection: waiting for response from dns farm. */
Nick Mathewson's avatar
Nick Mathewson committed
260
#define EXIT_CONN_STATE_RESOLVING 1
261
/** State for an exit connection: waiting for connect() to finish. */
Nick Mathewson's avatar
Nick Mathewson committed
262
#define EXIT_CONN_STATE_CONNECTING 2
263
/** State for an exit connection: open and ready to transmit data. */
264
#define EXIT_CONN_STATE_OPEN 3
265
/** State for an exit connection: waiting to be removed. */
Nick Mathewson's avatar
Nick Mathewson committed
266
#define EXIT_CONN_STATE_RESOLVEFAILED 4
267
#define _EXIT_CONN_STATE_MAX 4
Roger Dingledine's avatar
Roger Dingledine committed
268

269
/* the AP state values must be disjoint from the EXIT state values */
270
#define _AP_CONN_STATE_MIN 5
271
/** State for a SOCKS connection: waiting for SOCKS request. */
272
#define AP_CONN_STATE_SOCKS_WAIT 5
Nick Mathewson's avatar
Nick Mathewson committed
273
/** State for a SOCKS connection: got a y.onion URL; waiting to receive
Roger Dingledine's avatar
Roger Dingledine committed
274
 * rendezvous descriptor. */
275
#define AP_CONN_STATE_RENDDESC_WAIT 6
276
277
278
/** The controller will attach this connection to a circuit; it isn't our
 * job to do so. */
#define AP_CONN_STATE_CONTROLLER_WAIT 7
279
/** State for a SOCKS connection: waiting for a completed circuit. */
280
#define AP_CONN_STATE_CIRCUIT_WAIT 8
281
/** State for a SOCKS connection: sent BEGIN, waiting for CONNECTED. */
282
#define AP_CONN_STATE_CONNECT_WAIT 9
283
/** State for a SOCKS connection: send RESOLVE, waiting for RESOLVED. */
284
#define AP_CONN_STATE_RESOLVE_WAIT 10
285
/** State for a SOCKS connection: ready to send and receive. */
286
287
#define AP_CONN_STATE_OPEN 11
#define _AP_CONN_STATE_MAX 11
288

289
#define _DIR_CONN_STATE_MIN 1
290
/** State for connection to directory server: waiting for connect(). */
Roger Dingledine's avatar
Roger Dingledine committed
291
#define DIR_CONN_STATE_CONNECTING 1
292
/** State for connection to directory server: sending HTTP request. */
Roger Dingledine's avatar
Roger Dingledine committed
293
#define DIR_CONN_STATE_CLIENT_SENDING 2
294
/** State for connection to directory server: reading HTTP response. */
Roger Dingledine's avatar
Roger Dingledine committed
295
#define DIR_CONN_STATE_CLIENT_READING 3
296
297
/** State for connection to directory server: happy and finished. */
#define DIR_CONN_STATE_CLIENT_FINISHED 4
298
/** State for connection at directory server: waiting for HTTP request. */
299
#define DIR_CONN_STATE_SERVER_COMMAND_WAIT 5
300
/** State for connection at directory server: sending HTTP response. */
301
302
#define DIR_CONN_STATE_SERVER_WRITING 6
#define _DIR_CONN_STATE_MAX 6
Roger Dingledine's avatar
Roger Dingledine committed
303

304
#define _CONTROL_CONN_STATE_MIN 1
305
306
307
308
309
#define CONTROL_CONN_STATE_OPEN_V0 1
#define CONTROL_CONN_STATE_OPEN_V1 2
#define CONTROL_CONN_STATE_NEEDAUTH_V0 3
#define CONTROL_CONN_STATE_NEEDAUTH_V1 4
#define _CONTROL_CONN_STATE_MAX 4
310

Roger Dingledine's avatar
Roger Dingledine committed
311
#define _DIR_PURPOSE_MIN 1
312
/** A connection to a directory server: download a directory. */
Roger Dingledine's avatar
Roger Dingledine committed
313
#define DIR_PURPOSE_FETCH_DIR 1
314
/** A connection to a directory server: download just the list
315
316
 * of running routers. */
#define DIR_PURPOSE_FETCH_RUNNING_LIST 2
317
/** A connection to a directory server: download a rendezvous
Nick Mathewson's avatar
Nick Mathewson committed
318
 * descriptor. */
319
#define DIR_PURPOSE_FETCH_RENDDESC 3
320
/** A connection to a directory server: set after a rendezvous
Nick Mathewson's avatar
Nick Mathewson committed
321
 * descriptor is downloaded. */
322
#define DIR_PURPOSE_HAS_FETCHED_RENDDESC 4
Roger Dingledine's avatar
Roger Dingledine committed
323
/** A connection to a directory server: download one or more network-status
324
325
 * objects */
#define DIR_PURPOSE_FETCH_NETWORKSTATUS 5
326
/** A connection to a directory server: download one or more server
327
328
 * descriptors. */
#define DIR_PURPOSE_FETCH_SERVERDESC 6
329
/** A connection to a directory server: upload a server descriptor. */
330
#define DIR_PURPOSE_UPLOAD_DIR 7
331
/** A connection to a directory server: upload a rendezvous
332
 * descriptor. */
333
#define DIR_PURPOSE_UPLOAD_RENDDESC 8
Nick Mathewson's avatar
Nick Mathewson committed
334
/** Purpose for connection at a directory server. */
335
336
#define DIR_PURPOSE_SERVER 9
#define _DIR_PURPOSE_MAX 9
337

338
339
340
341
342
#define _EXIT_PURPOSE_MIN 1
#define EXIT_PURPOSE_CONNECT 1
#define EXIT_PURPOSE_RESOLVE 2
#define _EXIT_PURPOSE_MAX 2

343
/** Circuit state: I'm the origin, still haven't done all my handshakes. */
Nick Mathewson's avatar
Nick Mathewson committed
344
#define CIRCUIT_STATE_BUILDING 0
345
/** Circuit state: Waiting to process the onionskin. */
Nick Mathewson's avatar
Nick Mathewson committed
346
#define CIRCUIT_STATE_ONIONSKIN_PENDING 1
347
348
/** Circuit state: I'd like to deliver a create, but my n_conn is still
 * connecting. */
Nick Mathewson's avatar
Nick Mathewson committed
349
#define CIRCUIT_STATE_OR_WAIT 2
350
/** Circuit state: onionskin(s) processed, ready to send/receive cells. */
Nick Mathewson's avatar
Nick Mathewson committed
351
#define CIRCUIT_STATE_OPEN 3
Roger Dingledine's avatar
Roger Dingledine committed
352

353
#define _CIRCUIT_PURPOSE_MIN 1
354

355
/* these circuits were initiated elsewhere */
356
#define _CIRCUIT_PURPOSE_OR_MIN 1
Nick Mathewson's avatar
Nick Mathewson committed
357
358
/** OR-side circuit purpose: normal circuit, at OR. */
#define CIRCUIT_PURPOSE_OR 1
359
/** OR-side circuit purpose: At OR, from Bob, waiting for intro from Alices. */
Nick Mathewson's avatar
Nick Mathewson committed
360
#define CIRCUIT_PURPOSE_INTRO_POINT 2
361
/** OR-side circuit purpose: At OR, from Alice, waiting for Bob. */
Nick Mathewson's avatar
Nick Mathewson committed
362
#define CIRCUIT_PURPOSE_REND_POINT_WAITING 3
363
/** OR-side circuit purpose: At OR, both circuits have this purpose. */
Nick Mathewson's avatar
Nick Mathewson committed
364
#define CIRCUIT_PURPOSE_REND_ESTABLISHED 4
365
#define _CIRCUIT_PURPOSE_OR_MAX 4
366

367
/* these circuits originate at this node */
368
369
370
371

/* here's how circ client-side purposes work:
 *   normal circuits are C_GENERAL.
 *   circuits that are c_introducing are either on their way to
372
373
374
375
 *     becoming open, or they are open and waiting for a
 *     suitable rendcirc before they send the intro.
 *   circuits that are c_introduce_ack_wait have sent the intro,
 *     but haven't gotten a response yet.
376
377
378
 *   circuits that are c_establish_rend are either on their way
 *     to becoming open, or they are open and have sent the
 *     establish_rendezvous cell but haven't received an ack.
379
380
 *   circuits that are c_rend_ready are open and have received a
 *     rend ack, but haven't heard from bob yet. if they have a
381
382
 *     buildstate->pending_final_cpath then they're expecting a
 *     cell from bob, else they're not.
383
384
 *   circuits that are c_rend_ready_intro_acked are open, and
 *     some intro circ has sent its intro and received an ack.
385
386
387
 *   circuits that are c_rend_joined are open, have heard from
 *     bob, and are talking to him.
 */
Nick Mathewson's avatar
Nick Mathewson committed
388
389
/** Client-side circuit purpose: Normal circuit, with cpath. */
#define CIRCUIT_PURPOSE_C_GENERAL 5
390
/** Client-side circuit purpose: at Alice, connecting to intro point. */
Nick Mathewson's avatar
Nick Mathewson committed
391
#define CIRCUIT_PURPOSE_C_INTRODUCING 6
392
393
/** Client-side circuit purpose: at Alice, sent INTRODUCE1 to intro point,
 * waiting for ACK/NAK. */
Nick Mathewson's avatar
Nick Mathewson committed
394
#define CIRCUIT_PURPOSE_C_INTRODUCE_ACK_WAIT 7
395
/** Client-side circuit purpose: at Alice, introduced and acked, closing. */
Nick Mathewson's avatar
Nick Mathewson committed
396
#define CIRCUIT_PURPOSE_C_INTRODUCE_ACKED 8
397
/** Client-side circuit purpose: at Alice, waiting for ack. */
Nick Mathewson's avatar
Nick Mathewson committed
398
#define CIRCUIT_PURPOSE_C_ESTABLISH_REND 9
399
/** Client-side circuit purpose: at Alice, waiting for Bob. */
Nick Mathewson's avatar
Nick Mathewson committed
400
401
402
403
#define CIRCUIT_PURPOSE_C_REND_READY 10
/** Client-side circuit purpose: at Alice, waiting for Bob, INTRODUCE
 * has been acknowledged. */
#define CIRCUIT_PURPOSE_C_REND_READY_INTRO_ACKED 11
404
/** Client-side circuit purpose: at Alice, rendezvous established. */
Nick Mathewson's avatar
Nick Mathewson committed
405
406
#define CIRCUIT_PURPOSE_C_REND_JOINED 12

407
/** Hidden-service-side circuit purpose: at Bob, waiting for introductions. */
Nick Mathewson's avatar
Nick Mathewson committed
408
409
#define CIRCUIT_PURPOSE_S_ESTABLISH_INTRO 13
/** Hidden-service-side circuit purpose: at Bob, successfully established
410
 * intro. */
Nick Mathewson's avatar
Nick Mathewson committed
411
#define CIRCUIT_PURPOSE_S_INTRO 14
412
/** Hidden-service-side circuit purpose: at Bob, connecting to rend point. */
Nick Mathewson's avatar
Nick Mathewson committed
413
#define CIRCUIT_PURPOSE_S_CONNECT_REND 15
414
/** Hidden-service-side circuit purpose: at Bob, rendezvous established. */
Nick Mathewson's avatar
Nick Mathewson committed
415
#define CIRCUIT_PURPOSE_S_REND_JOINED 16
416
417
/** A testing circuit; not meant to be used for actual traffic. */
#define CIRCUIT_PURPOSE_TESTING 17
418
419
420
/** A controller made this circuit and Tor should not use it. */
#define CIRCUIT_PURPOSE_CONTROLLER 18
#define _CIRCUIT_PURPOSE_MAX 18
421

422
423
/** True iff the circuit purpose <b>p</b> is for a circuit that
 * originated at this node. */
424
425
426
#define CIRCUIT_PURPOSE_IS_ORIGIN(p) ((p)>_CIRCUIT_PURPOSE_OR_MAX)
#define CIRCUIT_IS_ORIGIN(c) (CIRCUIT_PURPOSE_IS_ORIGIN((c)->purpose))

427
428
429
430
431
#define RELAY_COMMAND_BEGIN 1
#define RELAY_COMMAND_DATA 2
#define RELAY_COMMAND_END 3
#define RELAY_COMMAND_CONNECTED 4
#define RELAY_COMMAND_SENDME 5
432
433
#define RELAY_COMMAND_EXTEND 6
#define RELAY_COMMAND_EXTENDED 7
434
435
#define RELAY_COMMAND_TRUNCATE 8
#define RELAY_COMMAND_TRUNCATED 9
436
#define RELAY_COMMAND_DROP 10
437
438
#define RELAY_COMMAND_RESOLVE 11
#define RELAY_COMMAND_RESOLVED 12
439

440
441
442
443
#define RELAY_COMMAND_ESTABLISH_INTRO 32
#define RELAY_COMMAND_ESTABLISH_RENDEZVOUS 33
#define RELAY_COMMAND_INTRODUCE1 34
#define RELAY_COMMAND_INTRODUCE2 35
444
445
446
447
448
#define RELAY_COMMAND_RENDEZVOUS1 36
#define RELAY_COMMAND_RENDEZVOUS2 37
#define RELAY_COMMAND_INTRO_ESTABLISHED 38
#define RELAY_COMMAND_RENDEZVOUS_ESTABLISHED 39
#define RELAY_COMMAND_INTRODUCE_ACK 40
449

450
451
#define END_STREAM_REASON_MISC 1
#define END_STREAM_REASON_RESOLVEFAILED 2
452
#define END_STREAM_REASON_CONNECTREFUSED 3
453
454
455
#define END_STREAM_REASON_EXITPOLICY 4
#define END_STREAM_REASON_DESTROY 5
#define END_STREAM_REASON_DONE 6
456
#define END_STREAM_REASON_TIMEOUT 7
457
458
459
460
461
/* 8 is unallocated. */
#define END_STREAM_REASON_HIBERNATING 9
#define END_STREAM_REASON_INTERNAL 10
#define END_STREAM_REASON_RESOURCELIMIT 11
#define END_STREAM_REASON_CONNRESET 12
462
#define END_STREAM_REASON_TORPROTOCOL 13
463

464
465
466
467
468
469
470
471
/* These high-numbered end reasons are not part of the official spec,
 * and are not intended to be put in relay end cells. They are here
 * to be more informative when sending back socks replies to the
 * application. */
#define END_STREAM_REASON_ALREADY_SOCKS_REPLIED 256
#define END_STREAM_REASON_CANT_ATTACH 257
#define END_STREAM_REASON_NET_UNREACHABLE 258

472
#define RESOLVED_TYPE_HOSTNAME 0
473
474
475
476
477
#define RESOLVED_TYPE_IPV4 4
#define RESOLVED_TYPE_IPV6 6
#define RESOLVED_TYPE_ERROR_TRANSIENT 0xF0
#define RESOLVED_TYPE_ERROR 0xF1

478
/* XXX We should document the meaning of these. */
479
480
481
482
483
484
485
486
487
488
489
490
491
#define END_CIRC_AT_ORIGIN           -1
#define _END_CIRC_REASON_MIN            0
#define END_CIRC_REASON_NONE            0
#define END_CIRC_REASON_TORPROTOCOL     1
#define END_CIRC_REASON_INTERNAL        2
#define END_CIRC_REASON_REQUESTED       3
#define END_CIRC_REASON_HIBERNATING     4
#define END_CIRC_REASON_RESOURCELIMIT   5
#define END_CIRC_REASON_CONNECTFAILED   6
#define END_CIRC_REASON_OR_IDENTITY     7
#define END_CIRC_REASON_OR_CONN_CLOSED  8
#define _END_CIRC_REASON_MAX            8

Nick Mathewson's avatar
Nick Mathewson committed
492
/** Length of 'y' portion of 'y.onion' URL. */
493
494
#define REND_SERVICE_ID_LEN 16

495
496
497
#define CELL_DIRECTION_IN 1
#define CELL_DIRECTION_OUT 2

Roger Dingledine's avatar
Roger Dingledine committed
498
499
500
501
502
503
#ifdef TOR_PERF
#define CIRCWINDOW_START 10000
#define CIRCWINDOW_INCREMENT 1000
#define STREAMWINDOW_START 5000
#define STREAMWINDOW_INCREMENT 500
#else
504
505
#define CIRCWINDOW_START 1000
#define CIRCWINDOW_INCREMENT 100
506
507
#define STREAMWINDOW_START 500
#define STREAMWINDOW_INCREMENT 50
Roger Dingledine's avatar
Roger Dingledine committed
508
#endif
509

Roger Dingledine's avatar
Roger Dingledine committed
510
511
512
/* cell commands */
#define CELL_PADDING 0
#define CELL_CREATE 1
513
514
515
#define CELL_CREATED 2
#define CELL_RELAY 3
#define CELL_DESTROY 4
516
517
#define CELL_CREATE_FAST 5
#define CELL_CREATED_FAST 6
Roger Dingledine's avatar
Roger Dingledine committed
518

519
/** How long to test reachability before complaining to the user. */
520
#define TIMEOUT_UNTIL_UNREACHABILITY_COMPLAINT (20*60)
521

522
/* legal characters in a nickname */
523
524
#define LEGAL_NICKNAME_CHARACTERS \
  "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789"
525

526
527
528
/** Name to use in client TLS certificates if no nickname is given.*/
#define DEFAULT_CLIENT_NICKNAME "client"

529
530
#define SOCKS4_NETWORK_LEN 8

531
532
533
534
535
536
537
538
539
540
541
542
typedef enum {
  SOCKS5_SUCCEEDED                  = 0x00,
  SOCKS5_GENERAL_ERROR              = 0x01,
  SOCKS5_NOT_ALLOWED                = 0x02,
  SOCKS5_NET_UNREACHABLE            = 0x03,
  SOCKS5_HOST_UNREACHABLE           = 0x04,
  SOCKS5_CONNECTION_REFUSED         = 0x05,
  SOCKS5_TTL_EXPIRED                = 0x06,
  SOCKS5_COMMAND_NOT_SUPPORTED      = 0x07,
  SOCKS5_ADDRESS_TYPE_NOT_SUPPORTED = 0x08,
} socks5_reply_status_t;

Roger Dingledine's avatar
Roger Dingledine committed
543
544
545
/*
 * Relay payload:
 *         Relay command           [1 byte]
546
547
 *         Recognized              [2 bytes]
 *         Stream ID               [2 bytes]
Roger Dingledine's avatar
Roger Dingledine committed
548
549
 *         Partial SHA-1           [4 bytes]
 *         Length                  [2 bytes]
550
 *         Relay payload           [498 bytes]
Roger Dingledine's avatar
Roger Dingledine committed
551
 */
552

Roger Dingledine's avatar
Roger Dingledine committed
553
554
555
#define CELL_PAYLOAD_SIZE 509
#define CELL_NETWORK_SIZE 512

556
557
558
#define RELAY_HEADER_SIZE (1+2+2+4+2)
#define RELAY_PAYLOAD_SIZE (CELL_PAYLOAD_SIZE-RELAY_HEADER_SIZE)

559
560
/** Parsed onion routing cell.  All communication between nodes
 * is via cells. */
Roger Dingledine's avatar
Roger Dingledine committed
561
typedef struct {
Nick Mathewson's avatar
Nick Mathewson committed
562
  uint16_t circ_id; /**< Circuit which received the cell. */
563
564
565
  uint8_t command; /**< Type of the cell: one of PADDING, CREATE, RELAY,
                    * or DESTROY. */
  char payload[CELL_PAYLOAD_SIZE]; /**< Cell body. */
Roger Dingledine's avatar
Roger Dingledine committed
566
567
} cell_t;

Nick Mathewson's avatar
Nick Mathewson committed
568
/** Beginning of a RELAY cell payload. */
569
typedef struct {
Nick Mathewson's avatar
Nick Mathewson committed
570
571
572
573
574
  uint8_t command; /**< The end-to-end relay command. */
  uint16_t recognized; /**< Used to tell whether cell is for us. */
  uint16_t stream_id; /**< Which stream is this cell associated with? */
  char integrity[4]; /**< Used to tell whether cell is corrupted. */
  uint16_t length; /**< How long is the payload body? */
575
} relay_header_t;
Roger Dingledine's avatar
Roger Dingledine committed
576

577
typedef struct buf_t buf_t;
578
typedef struct socks_request_t socks_request_t;
579

580
#define CONNECTION_MAGIC 0x7C3C304Eu
581

Nick Mathewson's avatar
Nick Mathewson committed
582
/** Description of a connection to another host or process, and associated
583
584
585
 * data.
 *
 * A connection is named based on what it's connected to -- an "OR
586
 * connection" has a Tor node on the other end, an "exit
587
588
589
590
591
592
593
594
595
596
597
598
599
 * connection" has a website or other server on the other end, and an
 * "AP connection" has an application proxy (and thus a user) on the
 * other end.
 *
 * Every connection has a type and a state.  Connections never change
 * their type, but can go through many state changes in their lifetime.
 *
 * Every connection has two associated input and output buffers.
 * Listeners don't use them.  For non-listener connections, incoming
 * data is appended to conn->inbuf, and outgoing data is taken from
 * conn->outbuf.  Connections differ primarily in the functions called
 * to fill and drain these buffers.
 */
Roger Dingledine's avatar
Roger Dingledine committed
600
struct connection_t {
Nick Mathewson's avatar
Nick Mathewson committed
601
  uint32_t magic; /**< For memory debugging: must equal CONNECTION_MAGIC. */
Roger Dingledine's avatar
Roger Dingledine committed
602

Nick Mathewson's avatar
Nick Mathewson committed
603
604
  uint8_t type; /**< What kind of connection is this? */
  uint8_t state; /**< Current state of this connection. */
605
  uint8_t purpose; /**< Only used for DIR types currently. */
606
607
608
609
610
611
612
613
614
615
616
617
618
  unsigned wants_to_read:1; /**< Boolean: should we start reading again once
                            * the bandwidth throttler allows it?
                            */
  unsigned wants_to_write:1; /**< Boolean: should we start writing again once
                             * the bandwidth throttler allows reads?
                             */
  unsigned hold_open_until_flushed:1; /**< Despite this connection's being
                                      * marked for close, do we flush it
                                      * before closing it?
                                      */
  unsigned has_sent_end:1; /**< For debugging; only used on edge connections.
                         * Set once we've set the stream end,
                         * and check in circuit_about_to_close_connection(). */
619
620
621
  /** For control connections only. If set, we send extended info with control
   * events as appropriate. */
  unsigned int control_events_are_extended:1;
622
623
  /** Used for OR conns that shouldn't get any new circs attached to them. */
  unsigned int is_obsolete:1;
624

Roger Dingledine's avatar
Roger Dingledine committed
625
  int s; /**< Our socket; -1 if this connection is closed. */
626
627
628
  int poll_index; /* XXXX rename. */
  struct event *read_event; /**< libevent event structure. */
  struct event *write_event; /**< libevent event structure. */
629
  buf_t *inbuf; /**< Buffer holding data read over this connection. */
Roger Dingledine's avatar
Roger Dingledine committed
630
  int inbuf_reached_eof; /**< Boolean: did read() return 0 on this conn? */
631
632
  time_t timestamp_lastread; /**< When was the last time poll() said we could
                              * read? */
Roger Dingledine's avatar
Roger Dingledine committed
633

634
  buf_t *outbuf; /**< Buffer holding data to write over this connection. */
Roger Dingledine's avatar
Roger Dingledine committed
635
636
  size_t outbuf_flushlen; /**< How much data should we try to flush from the
                           * outbuf? */
637
638
  time_t timestamp_lastwritten; /**< When was the last time poll() said we
                                 * could write? */
639

Roger Dingledine's avatar
Roger Dingledine committed
640
  time_t timestamp_created; /**< When was this connection_t created? */
641
  time_t timestamp_lastempty; /**< When was the outbuf last completely empty?*/
Roger Dingledine's avatar
Roger Dingledine committed
642

Nick Mathewson's avatar
Nick Mathewson committed
643
644
  uint32_t addr; /**< IP of the other side of the connection; used to identify
                  * routers, along with port. */
645
  uint16_t port; /**< If non-zero, port  on the other end
646
                  * of the connection. */
647
648
649
650
651
652
653
  uint16_t marked_for_close; /**< Should we close this conn on the next
                              * iteration of the main loop? (If true, holds
                              * the line number where this connection was
                              * marked.)
                              */
  const char *marked_for_close_file; /**< For debugging: in which file were
                                      * we marked for close? */
Nick Mathewson's avatar
Nick Mathewson committed
654
  char *address; /**< FQDN (or IP) of the guy on the other end.
655
                  * strdup into this, because free_connection frees it.
656
                  */
657
658
  uint32_t address_ttl; /**< TTL for address-to-addr mapping on exit
                         * connection.  Exit connections only. */
659
660
  char identity_digest[DIGEST_LEN]; /**< Hash of the public RSA key for
                                     * the other side's signing key. */
Nick Mathewson's avatar
Nick Mathewson committed
661
  char *nickname; /**< Nickname of OR on other side (if any). */
662

663
  /** Nickname of planned exit node -- used with .exit support. */
664
665
  char *chosen_exit_name;

666
/* Used only by OR connections: */
667
  tor_tls_t *tls; /**< TLS connection state (OR only.) */
Roger Dingledine's avatar
Roger Dingledine committed
668

669
  /* bandwidth and receiver_bucket only used by ORs in OPEN state: */
670
  int bandwidth; /**< Connection bandwidth. (OPEN ORs only.) */
Roger Dingledine's avatar
Roger Dingledine committed
671
  int receiver_bucket; /**< When this hits 0, stop receiving. Every second we
672
                        * add 'bandwidth' to this, capping it at 10*bandwidth.
Nick Mathewson's avatar
Nick Mathewson committed
673
                        * (OPEN ORs only)
674
                        */
675
676
677
  circ_id_type_t circ_id_type; /**< When we send CREATE cells along this
                                * connection, which half of the space should
                                * we use? */
678
679
  int n_circuits; /**< How many circuits use this connection as p_conn or
                   * n_conn ? */
680
681
  struct connection_t *next_with_same_id; /**< Next connection with same
                                           * identity digest as this one. */
682
683
684
  uint16_t next_circ_id; /**< Which circ_id do we try to use next on
                          * this connection?  This is always in the
                          * range 0..1<<15-1. (OR only.)*/
685

686
/* Used only by edge connections: */
687
  uint16_t stream_id;
Nick Mathewson's avatar
Nick Mathewson committed
688
689
  struct connection_t *next_stream; /**< Points to the next stream at this
                                     * edge, if any (Edge only). */
Roger Dingledine's avatar
Roger Dingledine committed
690
  struct crypt_path_t *cpath_layer; /**< A pointer to which node in the circ
Nick Mathewson's avatar
Nick Mathewson committed
691
692
693
694
695
696
                                     * this conn exits at. (Edge only.) */
  int package_window; /**< How many more relay cells can i send into the
                       * circuit? (Edge only.) */
  int deliver_window; /**< How many more relay cells can end at me? (Edge
                       * only.) */

697
/* Used only by Dir connections */
698
699
  char *requested_resource; /**< Which 'resource' did we ask the directory
                             * for?*/
700
701

/* Used only by AP connections */
Nick Mathewson's avatar
Nick Mathewson committed
702
703
  socks_request_t *socks_request; /**< SOCKS structure describing request (AP
                                   * only.) */
704

705
706
707
708
  /** Quasi-global identifier for this connection; used for control.c */
  /* XXXX NM This can get re-used after 2**32 circuits. */
  uint32_t global_identifier;

709
710
  /* Used only by control connections */
  uint32_t event_mask;
711
712
713
  uint32_t incoming_cmd_len;
  uint32_t incoming_cmd_cur_len;
  char *incoming_cmd;
714

715
716
717
718
719
720
/* Used only by DIR and AP connections: */
  struct circuit_t *on_circuit; /**< The circuit (if any) that this edge
                                 * connection is using. */
  char rend_query[REND_SERVICE_ID_LEN+1]; /**< What rendezvous service are we
                                           * querying for? (DIR/AP only) */

721
722
  /* Used only by control v0 connections */
  uint16_t incoming_cmd_type;
723
724
725
};

typedef struct connection_t connection_t;
Roger Dingledine's avatar
Roger Dingledine committed
726

727
728
729
730
typedef enum {
  ADDR_POLICY_ACCEPT=1,
  ADDR_POLICY_REJECT=2,
} addr_policy_action_t;
Roger Dingledine's avatar
Roger Dingledine committed
731

732
/** A linked list of policy rules */
733
typedef struct addr_policy_t {
734
  addr_policy_action_t policy_type; /**< What to do when the policy matches.*/
735
736
  char *string; /**< String representation of this rule. */
  uint32_t addr; /**< Base address to accept or reject. */
737
738
  uint32_t msk; /**< Accept/reject all addresses <b>a</b> such that
                 * a &amp; msk == <b>addr</b> &amp; msk . */
739
740
  uint16_t prt_min; /**< Lowest port number to accept/reject. */
  uint16_t prt_max; /**< Highest port number to accept/reject. */
Nick Mathewson's avatar
Nick Mathewson committed
741

742
  struct addr_policy_t *next; /**< Next rule in list. */
743
} addr_policy_t;
Roger Dingledine's avatar
Roger Dingledine committed
744

745
746
747
748
749
750
751
752
753
754
/** A cached_dir_t represents a cacheable directory object, along with its
 * compressed form. */
typedef struct cached_dir_t {
  char *dir; /**< Contents of this object */
  char *dir_z; /**< Compressed contents of this object. */
  size_t dir_len; /**< Length of <b>dir</b> */
  size_t dir_z_len; /**< Length of <b>dir_z</b> */
  time_t published; /**< When was this object published */
} cached_dir_t;

755
756
/** Information need to cache an onion router's descriptor. */
typedef struct signed_descriptor_t {
757
  char *signed_descriptor_body;
758
759
760
761
  size_t signed_descriptor_len;
  char signed_descriptor_digest[DIGEST_LEN];
  char identity_digest[DIGEST_LEN];
  time_t published_on;
762
763
  enum { SAVED_NOWHERE=0, SAVED_IN_CACHE, SAVED_IN_JOURNAL } saved_location;
  off_t saved_offset;
764
765
} signed_descriptor_t;

Nick Mathewson's avatar
Nick Mathewson committed
766
/** Information about another onion router in the network. */
767
typedef struct {
768
  signed_descriptor_t cache_info;
Nick Mathewson's avatar
Nick Mathewson committed
769
770
  char *address; /**< Location of OR: either a hostname or an IP address. */
  char *nickname; /**< Human-readable OR name. */
Roger Dingledine's avatar
Roger Dingledine committed
771

Nick Mathewson's avatar
Nick Mathewson committed
772
  uint32_t addr; /**< IPv4 address of OR, in host order. */
773
  uint16_t or_port; /**< Port for TLS connections. */
774
  uint16_t dir_port; /**< Port for HTTP directory connections. */
775

776
777
  crypto_pk_env_t *onion_pkey; /**< Public RSA key for onions. */
  crypto_pk_env_t *identity_pkey;  /**< Public RSA key for signing. */
778

Nick Mathewson's avatar
Nick Mathewson committed
779
  char *platform; /**< What software/operating system is this OR using? */
780

Roger Dingledine's avatar
Roger Dingledine committed
781
  /* link info */
Nick Mathewson's avatar
Nick Mathewson committed
782
783
784
  uint32_t bandwidthrate; /**< How many bytes does this OR add to its token
                           * bucket per second? */
  uint32_t bandwidthburst; /**< How large is this OR's token bucket? */
785
  /** How many bytes/s is this router known to handle? */
786
  uint32_t bandwidthcapacity;
787
  addr_policy_t *exit_policy; /**< What streams will this OR permit
Nick Mathewson's avatar
Nick Mathewson committed
788
                                      * to exit? */
789
  long uptime; /**< How many seconds the router claims to have been up */
790
791
  smartlist_t *declared_family; /**< Nicknames of router which this router
                                 * claims are its family. */
792
  char *contact_info; /**< Declared contact info for this router. */
793
794
  unsigned int is_hibernating:1; /**< Whether the router claims to be
                                  * hibernating */
795

796
  /* local info */
797
798
  unsigned int is_running:1; /**< As far as we know, is this OR currently
                              * running? */
799
  unsigned int is_valid:1; /**< Has a trusted dirserver validated this OR?
800
801
                               *  (For Authdir: Have we validated this OR?)
                               */
802
803
  unsigned int is_named:1; /**< Do we believe the nickname that this OR gives
                            * us? */
804
805
  unsigned int is_fast:1; /** Do we think this is a fast OR? */
  unsigned int is_stable:1; /** Do we think this is a stable OR? */
806
  unsigned int is_possible_guard:1; /**< Do we think this is an OK guard? */
807

808
809
810
811
812
813
/** Tor can use this desc for circuit-building. */
#define ROUTER_PURPOSE_GENERAL 0
/** Tor should avoid using this desc for circuit-building. */
#define ROUTER_PURPOSE_CONTROLLER 1
  uint8_t purpose; /** Should Tor use this desc for circuit-building? */

814
  /* The below items are used only by authdirservers for
815
   * reachability testing. */
816
817
818
819
820
821
822
  /** When was the last time we could reach this OR? */
  time_t last_reachable;
  /** When did we start testing reachability for this OR? */
  time_t testing_since;
  /** How many times has a descriptor been posted and we believed
   * this router to be unreachable? We only actually warn on the third. */
  int num_unreachable_notifications;
Roger Dingledine's avatar
Roger Dingledine committed
823
824
} routerinfo_t;

825
/** Contents of a single router entry in a network status object.
826
 */
827
typedef struct routerstatus_t {
828
  time_t published_on; /**< When was this router published? */
829
830
831
832
  char nickname[MAX_NICKNAME_LEN+1]; /**< The nickname this router says it
                                      * has. */
  char identity_digest[DIGEST_LEN]; /**< Digest of the router's identity
                                     * key. */
833
  char descriptor_digest[DIGEST_LEN]; /**< Digest of the router's most recent
834
835
836
837
838
839
840
841
842
843
                                       * descriptor. */
  uint32_t addr; /**< IPv4 address for this router. */
  uint16_t or_port; /**< OR port for this router. */
  uint16_t dir_port; /**< Directory port for this router. */
  unsigned int is_exit:1; /**< True iff this router is a good exit. */
  unsigned int is_stable:1; /**< True iff this router stays up a long time. */
  unsigned int is_fast:1; /**< True iff this router has good bandwidth. */
  unsigned int is_running:1; /**< True iff this router is up. */
  unsigned int is_named:1; /**< True iff "nickname" belongs to this router. */
  unsigned int is_valid:1; /**< True iff this router is validated. */
Nick Mathewson's avatar
Nick Mathewson committed
844
  unsigned int is_v2_dir:1; /**< True iff this router can serve directory
845
                             * information with v2 of the directory
Nick Mathewson's avatar
Nick Mathewson committed
846
847
                             * protocol. (All directory caches cache v1
                             * directories.)  */
848
849
  unsigned int is_possible_guard:1; /**< True iff this router would be a good
                                     * choice as an entry guard. */
850
851
852
853
854
855
856

  /** True if we, as a directory mirror, want to download the corresponding
   * routerinfo from the authority who gave us this routerstatus.  (That is,
   * if we don't have the routerinfo, and if we haven't already tried to get it
   * from this authority.)
   */
  unsigned int need_to_mirror:1;
857
858
} routerstatus_t;

859
860
/** Our "local" or combined view of the info from all networkstatus objects
 * about a single router. */
861
typedef struct local_routerstatus_t {
862
  /** What do we believe to be the case about this router?  In this field,
Roger Dingledine's avatar
Roger Dingledine committed
863
   * descriptor_digest represents the descriptor we would most like to use for
864
   * this router. */
865
  routerstatus_t status;
866
  time_t next_attempt_at; /**< When should we try this descriptor again? */
867
868
  uint8_t n_download_failures; /**< Number of failures trying to download the
                                * most recent descriptor. */
Roger Dingledine's avatar
Roger Dingledine committed
869
  unsigned int name_lookup_warned:1; /**< Have we warned the user for referring
870
871
                                      * to this (unnamed) router by nickname?
                                      */
872
873
} local_routerstatus_t;

874
875
/** How many times will we try to download a router's descriptor before giving
 * up? */
876
#define MAX_ROUTERDESC_DOWNLOAD_FAILURES 8
877

878
/** Contents of a (v2 or later) network status object. */
879
typedef struct networkstatus_t {
880
881
  /** When did we receive the network-status document? */
  time_t received_on;
882

883
884
  /** What was the digest of the document? */
  char networkstatus_digest[DIGEST_LEN];
885

886
887
  unsigned int is_recent; /**< Is this recent enough to influence running
                           * status? */
888

889
890
  /* These fields come from the actual network-status document.*/
  time_t published_on; /**< Declared publication date. */
891

892
893
894
  char *source_address; /**< Canonical directory server hostname. */
  uint32_t source_addr; /**< Canonical directory server IP. */
  uint16_t source_dirport; /**< Canonical directory server dirport. */
895

896
897
898
  char identity_digest[DIGEST_LEN]; /**< Digest of signing key. */
  char *contact; /**< How to contact directory admin? (may be NULL). */
  crypto_pk_env_t *signing_key; /**< Key used to sign this directory. */
899
  char *client_versions; /**< comma-separated list of recommended client
900
                          * versions. */
901
  char *server_versions; /**< comma-separated list of recommended server