Commit f89a3b14 authored by Nick Mathewson's avatar Nick Mathewson 🌉
Browse files

r13050@catbus: nickm | 2007-05-29 13:31:11 -0400

 Resolve all but 3 DOCDOCs.


svn:r10393
parent 69c712f1
......@@ -22,12 +22,11 @@ Changes in version 0.2.0.1-alpha - 2007-??-??
logging information that would be very useful to an attacker.
- Start work implementing proposal 103: Add a standalone tool to
generate key certificates.
- Initial implementation of a client-side DNS proxy feature to replace
the need for dns-proxy-tor: Just set "DNSPort 9999", and Tor will
now listen for DNS requests on port 9999, use the Tor network to
resolve them anonymously, and send the reply back like a regular DNS
server. The code is still buggy, undocumented, and only implements
a subset of DNS.
- A client-side DNS proxy feature to replace the need for dns-proxy-tor:
Just set "DNSPort 9999", and Tor will now listen for DNS requests on
port 9999, use the Tor network to resolve them anonymously, and send
the reply back like a regular DNS server. The code is still only
implements a subset of DNS.
o Security fixes:
- Directory authorities now call routers stable if they have an
......
......@@ -807,7 +807,14 @@ tor_inet_aton(const char *c, struct in_addr* addr)
#endif
}
/** DOCDOC */
/** Given <b>af</b>==AF_INET and <b>src</b> a struct in_addr, or
* <b>af</b>==AF_INET6 and <b>src</b> a struct in6_addr, try to format the
* address and store it in the <b>len</b>-byte buffer <b>dst</b>. Returns
* <b>dst</b> on success, NULL on failure.
*
* (Like inet_ntop(af,src,dst,len), but works on platforms that don't have it:
* Tor sometimes needs to format ipv6 addresses even on platforms without ipv6
* support.) */
const char *
tor_inet_ntop(int af, const void *src, char *dst, size_t len)
{
......@@ -881,7 +888,15 @@ tor_inet_ntop(int af, const void *src, char *dst, size_t len)
#endif
}
/** DOCDOC */
/** Given <b>af</b>==AF_INET or <b>af</b>==AF_INET6, and a string <b>src</b>
* encoding an IPv4 address or IPv6 address correspondingly, try to parse the
* address and store the result in <b>dst</b> (which must have space for a
* struct in_addr or a struct in6_addr, as appropriate). Return 1 on success,
* 0 on a bad parse, and -1 on a bad <b>af</b>.
*
* (Like inet_pton(af,src,dst) but works on platforms that don't have it: Tor
* sometimes needs to format ipv6 addresses even on platforms without ipv6
* support.) */
int
tor_inet_pton(int af, const char *src, void *dst)
{
......
......@@ -78,8 +78,8 @@ extern INLINE void smartlist_set(smartlist_t *sl, int idx, void *val) {
#define smartlist_set(sl, idx, val) ((sl)->list[idx] = (val))
#endif
// void smartlist_swap(smartlist_t *sl, int idx1, int idx2);
/**DOCDOC*/
/** Exchange the elements at indices <b>idx1</b> and <b>idx2</b> of the
* smartlist <b>sl</b>. */
static INLINE void smartlist_swap(smartlist_t *sl, int idx1, int idx2)
{
if (idx1 != idx2) {
......
......@@ -88,10 +88,15 @@ int _log_global_min_severity = LOG_NOTICE;
static void delete_log(logfile_t *victim);
static void close_log(logfile_t *victim);
/** DOCDOC */
/** Name of the application: used to generate the message we write at the
* start of each new log. */
static char *appname = NULL;
/** DOCDOC */
/** Set the "application name" for the logs to <b>name</b>: we'll use this
* name in the message we write when starting up, and at the start of each new
* log.
*
* Tor uses this string to write the version number to the log file. */
void
log_set_application_name(const char *name)
{
......
......@@ -498,8 +498,9 @@ mp_pool_assert_ok(mp_pool_t *pool)
}
#ifdef TOR
/** Dump information about <b>pool</b>'s memory usage to the Tor log at level
* <b>severity</b>. */
/*FFFF uses Tor logging functions. */
/**DOCDOC*/
void
mp_pool_log_status(mp_pool_t *pool, int severity)
{
......
......@@ -2277,7 +2277,12 @@ connection_state_is_connecting(connection_t *conn)
return 0;
}
/** DOCDOC */
/* XXXX020 move this into main.c */
/** Return true iff <b>conn</b> is linked conn, and reading from the conn
* linked to it would be good and feasible. (Reading is "feasible" if the
* other conn exists and has data in its outbuf, and is "good" if we have our
* reading_from_linked_conn flag set and the other conn has its
* writing_to_linked_conn flag set.)*/
int
connection_should_read_from_linked_conn(connection_t *conn)
{
......@@ -2630,7 +2635,7 @@ assert_connection_ok(connection_t *conn, time_t now)
tor_assert(edge_conn->socks_request);
if (conn->state == AP_CONN_STATE_OPEN) {
tor_assert(edge_conn->socks_request->has_finished);
tor_assert(edge_conn->socks_request->has_finished != 0);
if (!conn->marked_for_close) {
tor_assert(edge_conn->cpath_layer);
assert_cpath_layer_ok(edge_conn->cpath_layer);
......
......@@ -1851,7 +1851,12 @@ connection_ap_handshake_send_resolve(edge_connection_t *ap_conn)
uint32_t a;
size_t len = strlen(ap_conn->socks_request->address);
char c = 0;
/* XXXX020 This logic is a little ugly: we check for an in-addr.arpa ending
* on the address. If we have one, the address is already in the right
* order, so we'll leave it alone later. Otherwise, we reverse it and
* turn it into an in-addr.arpa address. */
if (!strcasecmpend(ap_conn->socks_request->address, ".in-addr.arpa")) {
/* Temporarily truncate the address, so we can give it to inet_aton. */
c = ap_conn->socks_request->address[len-13];
ap_conn->socks_request->address[len-13] = '\0';
}
......@@ -1859,7 +1864,6 @@ connection_ap_handshake_send_resolve(edge_connection_t *ap_conn)
connection_mark_unattached_ap(ap_conn, END_STREAM_REASON_INTERNAL);
return -1;
}
/* DOCDOC */
if (c) {
/* this path happens on DNS. Can we unify? XXXX020 */
ap_conn->socks_request->address[len-13] = c;
......@@ -1893,13 +1897,12 @@ connection_ap_handshake_send_resolve(edge_connection_t *ap_conn)
return 0;
}
/** Make an AP connection_t, do a socketpair and attach one side
* to the conn, connection_add it, initialize it to circuit_wait,
/** Make an AP connection_t, make a new linked connection pair, and attach
* one side to the conn, connection_add it, initialize it to circuit_wait,
* and call connection_ap_handshake_attach_circuit(conn) on it.
*
* Return the other end of the socketpair, or -1 if error.
* Return the other end of the linked connection pair, or -1 if error.
*
* DOCDOC The above is now wrong; we use links.
* DOCDOC start_reading
*/
edge_connection_t *
......@@ -1982,8 +1985,9 @@ connection_ap_handshake_socks_resolved(edge_connection_t *conn,
}
if (conn->dns_server_request) {
/* We had a request on our DNS port: answer it. */
dnsserv_resolved(conn, answer_type, answer_len, answer, ttl);
conn->socks_request->has_finished = 1; /* DOCDOC */
conn->socks_request->has_finished = 1;
return;
}
......@@ -2430,13 +2434,11 @@ connection_exit_connect(edge_connection_t *edge_conn)
}
/** Given an exit conn that should attach to us as a directory server, open a
* bridge connection with a socketpair, create a new directory conn, and join
* them together. Return 0 on success (or if there was an error we could send
* back an end cell for). Return -(some circuit end reason) if the circuit
* needs to be torn down. Either connects <b>exitconn<b/>, frees it,
* or marks it, as appropriate.
*
* DOCDOC no longer uses socketpair
* bridge connection with a linked connection pir, create a new directory
* conn, and join them together. Return 0 on success (or if there was an
* error we could send back an end cell for). Return -(some circuit end
* reason) if the circuit needs to be torn down. Either connects
* <b>exitconn<b/>, frees it, or marks it, as appropriate.
*/
static int
connection_exit_connect_dir(edge_connection_t *exitconn)
......
......@@ -108,7 +108,9 @@ authority_type_to_string(authority_type_t auth)
return result;
}
/* DOCDOC */
/** Return true iff <b>identity_digest</b> is the digest of a router we
* believe to support extrainfo downloads. (If <b>is_authority</b> we do
* additional checking that's only valid for authorities.) */
int
router_supports_extrainfo(const char *identity_digest, int is_authority)
{
......@@ -130,7 +132,7 @@ router_supports_extrainfo(const char *identity_digest, int is_authority)
return 0;
}
/** Start a connection to every suitable directory server, using
/** Start a connection to every suitable directory authority, using
* connection purpose 'purpose' and uploading the payload 'payload'
* (length 'payload_len'). The purpose should be one of
* 'DIR_PURPOSE_UPLOAD_DIR' or 'DIR_PURPOSE_UPLOAD_RENDDESC'.
......@@ -138,7 +140,11 @@ router_supports_extrainfo(const char *identity_digest, int is_authority)
* <b>type</b> specifies what sort of dir authorities (V1, V2,
* HIDSERV, BRIDGE) we should upload to.
*
* DOCDOC extrainfo_len is in addition to payload_len.
* If <b>extrainfo_len</b> is nonzero, the first <b>payload_len</b> bytes of
* <b>payload</b> hold a router descriptor, and the next <b>extrainfo_len</b>
* bytes of <b>payload</b> hold an extra-info document. Upload the descriptor
* to all authorities, and the extra-info document to all authorities that
* support it.
*/
void
directory_post_to_dirservers(uint8_t purpose, authority_type_t type,
......@@ -2118,10 +2124,9 @@ dir_networkstatus_download_failed(smartlist_t *failed, int status_code)
});
}
/** Called when one or more routerdesc fetches have failed (with uppercase
* fingerprints listed in <b>failed</b>).
*
* DOCDOC was_extrainfo */
/** Called when one or more routerdesc (or extrainfo, if <b>was_extrainfo</b>)
* fetches have failed (with uppercase fingerprints listed in
* <b>failed</b>). */
static void
dir_routerdesc_download_failed(smartlist_t *failed, int status_code,
int was_extrainfo)
......
......@@ -557,9 +557,9 @@ dirserv_add_multiple_descriptors(const char *desc, const char **msg)
return r <= 2 ? r : 2;
}
/** Parse the server descriptor at <b>desc</b> and maybe insert it into the
* list of server descriptors. Set *<b>msg</b> to a message that should be
* passed back to the origin of this descriptor. DOCDOC no longer parses.
/** Examine the parsed server descriptor in <b>ri</b> and maybe insert it into
* the list of server descriptors. Set *<b>msg</b> to a message that should be
* passed back to the origin of this descriptor.
*
* Return 2 if descriptor is well-formed and accepted;
* 1 if well-formed and accepted but origin should hear *msg;
......@@ -616,7 +616,7 @@ dirserv_add_descriptor(routerinfo_t *ri, const char **msg)
}
}
/** DOCDOC */
/** As dirserv_add_descriptor, but for an extrainfo_t <b>ei</b>. */
static int
dirserv_add_extrainfo(extrainfo_t *ei, const char **msg)
{
......@@ -1575,7 +1575,11 @@ dirserv_compute_performance_thresholds(routerlist_t *rl)
smartlist_free(bandwidths_excluding_exits);
}
/** DOCDOC */
/** Helper: write the router-status information in <b>rs</b> into <b>buf</b>,
* which has at least <b>buf_len</b> free characters. Do NUL-termination.
* Use the same format as in network-status documents. If <b>platform</b> is
* non-NULL, add a "v" line for the platform. Return 0 on success, -1 on
* failure. */
int
routerstatus_format_entry(char *buf, size_t buf_len,
routerstatus_t *rs, const char *platform)
......@@ -1646,7 +1650,8 @@ routerstatus_format_entry(char *buf, size_t buf_len,
return 0;
}
/** DOCDOC */
/** Helper for sorting: compare two routerinfos by their identity
* digest. */
static int
_compare_routerinfo_by_id_digest(const void **a, const void **b)
{
......@@ -1656,9 +1661,11 @@ _compare_routerinfo_by_id_digest(const void **a, const void **b)
DIGEST_LEN);
}
/** For v2 authoritative directories only: replace the contents of
* <b>the_v2_networkstatus</b> with a newly generated network status
* object. DOCDOC v2*/
/** For v2 and v3 authoritative directories only: If <b>v2</b> is set, replace
* the contents of <b>the_v2_networkstatus</b> with a newly generated network
* status object. If <b>v2</b> is zero, replace the contents of
* <b>the_v3_networkstatus_vote</b> with a newly generated consensus vote
* object. */
static cached_dir_t *
generate_networkstatus_opinion(int v2)
{
......
......@@ -12,6 +12,9 @@ const char dnsserv_c_id[] =
#include "or.h"
#include "eventdns.h"
/* Helper function: called by evdns whenever the client sends a request to our
* DNSPort. We need to eventually answer the request <b>req</b>.
*/
static void
evdns_server_callback(struct evdns_server_request *req, void *_data)
{
......@@ -23,11 +26,13 @@ evdns_server_callback(struct evdns_server_request *req, void *_data)
int addrlen;
uint32_t ipaddr;
int err = DNS_ERR_NONE;
char *q_name;
tor_assert(req);
tor_assert(_data == NULL);
log_info(LD_APP, "Got a new DNS request!");
/* First, check whether the requesting address matches our SOCKSPolicy. */
if ((addrlen = evdns_server_request_get_requesting_addr(req,
(struct sockaddr*)&addr, sizeof(addr))) < 0) {
log_warn(LD_APP, "Couldn't get requesting address.");
......@@ -49,6 +54,11 @@ evdns_server_callback(struct evdns_server_request *req, void *_data)
evdns_server_request_respond(req, DNS_ERR_REFUSED);
return;
}
/* Now, let's find the first actual question of a type we can answer in this
* DNS request. It makes us a little noncompliant to act like this; we
* should fix that eventually if it turns out to make a difference for
* anybody. */
if (req->nquestions == 0) {
log_info(LD_APP, "No questions in DNS request; sending back nil reply.");
evdns_server_request_respond(req, 0);
......@@ -76,22 +86,27 @@ evdns_server_callback(struct evdns_server_request *req, void *_data)
return;
}
if (q->type == EVDNS_TYPE_A) {
/* Refuse any attempt to resolve a noconnect address, right now. */
if (hostname_is_noconnect_address(q->name)) {
err = DNS_ERR_REFUSED;
}
} else {
tor_assert(q->type == EVDNS_TYPE_PTR);
}
/* Make sure the name isn't too long: This should be impossible, I think. */
if (err == DNS_ERR_NONE && strlen(q->name) > MAX_SOCKS_ADDR_LEN-1)
err = DNS_ERR_FORMAT;
if (err != DNS_ERR_NONE) {
/* We got an error? Then send back an answer immediately; we're done. */
evdns_server_request_respond(req, err);
return;
}
/* XXXX020 Send a stream event to the controller. */
/* Make a new dummy AP connection, and attach the request to it. */
conn = TO_EDGE_CONN(connection_new(CONN_TYPE_AP));
conn->_base.state = AP_CONN_STATE_RESOLVE_WAIT;
if (q->type == EVDNS_TYPE_A)
......@@ -104,20 +119,36 @@ evdns_server_callback(struct evdns_server_request *req, void *_data)
conn->dns_server_request = req;
log_info(LD_APP, "Passing request for %s to rewrite_and_attach.", q->name);
/* Now, throw the connection over to get rewritten (which will answer it
* immediately if it's in the cache, or completely bogus, or automapped),
* and then attached to a circuit. */
log_info(LD_APP, "Passing request for %s to rewrite_and_attach.",
escaped_safe_str(q->name));
q_name = tor_strdup(q->name); /* q could be freed in rewrite_and_attach */
connection_ap_handshake_rewrite_and_attach(conn, NULL, NULL);
/* Now the connection is marked if it was bad. */
/* Now, the connection is marked if it was bad. */
log_info(LD_APP, "Passed request for %s to rewrite_and_attach.", q->name);
log_info(LD_APP, "Passed request for %s to rewrite_and_attach.",
escaped_safe_str(q_name));
tor_free(q_name);
}
/** If there is a pending request on <b>conn</b> that's waiting for an answer,
* send back an error and free the request. */
void
dnsserv_reject_request(edge_connection_t *conn)
{
evdns_server_request_respond(conn->dns_server_request, DNS_ERR_SERVERFAILED);
conn->dns_server_request = NULL;
if (conn->dns_server_request) {
evdns_server_request_respond(conn->dns_server_request,
DNS_ERR_SERVERFAILED);
conn->dns_server_request = NULL;
}
}
/** Tell the dns request waiting for an answer on <b>conn</b> that we have an
* answer of type <b>answer_type</b> (RESOLVE_TYPE_IPV4/IPV6/ERR), of length
* <b>answer_len</b>, in <b>answer</b>, with TTL <b>ttl</b>. Doesn't do
* any caching; that's handled elsewhere. */
void
dnsserv_resolved(edge_connection_t *conn,
int answer_type,
......@@ -130,10 +161,13 @@ dnsserv_resolved(edge_connection_t *conn,
if (!req)
return;
/* XXXX Re-do. */
/* XXXX020 Re-do; this is dumb. */
if (ttl < 60)
ttl = 60;
/* The evdns interface is: add a bunch of reply items (corresponding to one
* or more of the questions in the request); then, call
* evdns_server_request_respond. */
if (answer_type == RESOLVED_TYPE_IPV6) {
log_info(LD_APP, "Got an IPv6 answer; that's not implemented.");
err = DNS_ERR_NOTIMPL;
......@@ -150,26 +184,36 @@ dnsserv_resolved(edge_connection_t *conn,
(char*)answer, ttl);
tor_free(ans);
} else {
err = DNS_ERR_SERVERFAILED;
err = DNS_ERR_SERVERFAILED; /* Really? Not noent? */
}
evdns_server_request_respond(req, err);
conn->dns_server_request = NULL;
}
/* Set up the evdns server port for the UDP socket on <b>conn</b>, which
* must be an AP_DNS_LISTENER */
void
dnsserv_configure_listener(connection_t *conn)
{
tor_assert(conn);
tor_assert(conn->s);
tor_assert(conn->type == CONN_TYPE_AP_DNS_LISTENER);
evdns_add_server_port(conn->s, 0, evdns_server_callback, NULL);
}
/** Free the evdns server port for <b>conn</b>, which must be an
* AP_DNS_LISTENER. */
void
dnsserv_close_listener(connection_t *conn)
{
evdns_close_server_port(conn->dns_server_port);
conn->dns_server_port = NULL;
tor_assert(conn);
tor_assert(conn->type == CONN_TYPE_AP_DNS_LISTENER);
if (conn->dns_server_port) {
evdns_close_server_port(conn->dns_server_port);
conn->dns_server_port = NULL;
}
}
......@@ -28,6 +28,7 @@ static void conn_write_callback(int fd, short event, void *_conn);
static void signal_callback(int fd, short events, void *arg);
static void second_elapsed_callback(int fd, short event, void *args);
static int conn_close_if_marked(int i);
static void connection_start_reading_from_linked_conn(connection_t *conn);
/********* START VARIABLES **********/
......@@ -72,9 +73,12 @@ static smartlist_t *connection_array = NULL;
/** List of connections that have been marked for close and need to be freed
* and removed from connection_array. */
static smartlist_t *closeable_connection_lst = NULL;
/** DOCDOC */
/** List of linked connections that are currently reading data into their
* inbuf from their partner's outbuf. */
static smartlist_t *active_linked_connection_lst = NULL;
/** DOCDOC */
/** Flag: Set to true iff we entered the current libevent main loop via
* <b>loop_once</b>. If so, there's no need to trigger a loopexit in order
* to handle linked connections. */
static int called_loop_once = 0;
/** We set this to 1 when we've opened a circuit, so we can print a log
......@@ -395,8 +399,10 @@ connection_start_writing(connection_t *conn)
}
}
/** DOCDOC*/
void
/** Helper: Tell the main loop to begin reading bytes into <b>conn</b> from
* its linked connection, if it is not doing so already. Called by
* connection_start_reading and connection_start_writing as appropriate. */
static void
connection_start_reading_from_linked_conn(connection_t *conn)
{
tor_assert(conn);
......@@ -418,7 +424,9 @@ connection_start_reading_from_linked_conn(connection_t *conn)
}
}
/** DOCDOC*/
/** Tell the main loop to stop reading bytes into <b>conn</b> from its linked
* connection, if is currently doing so. Called by connection_stop_reading,
* connection_stop_writing, and connection_read. */
void
connection_stop_reading_from_linked_conn(connection_t *conn)
{
......@@ -1298,7 +1306,7 @@ do_main_loop(void)
}
}
/* DOCDOC */
/* Set up the packed_cell_t memory pool. */
init_cell_pool();
/* Set up our buckets */
......
......@@ -910,7 +910,8 @@ typedef struct edge_connection_t {
* already retried several times. */
uint8_t num_socks_retries;
/** DOCDOC */
/** If this is a DNSPort connection, this field holds the pending DNS
* request that we're going to try to answer. */
struct evdns_server_request *dns_server_request;
} edge_connection_t;
......@@ -1057,7 +1058,8 @@ typedef enum {
SAVED_IN_JOURNAL
} saved_location_t;
/** DOCDOC */
/** Information about our plans for retrying downloads for a downloadable
* object. */
typedef struct download_status_t {
time_t next_attempt_at; /**< When should we try downloading this descriptor
* again? */
......@@ -1078,18 +1080,19 @@ typedef struct signed_descriptor_t {
char identity_digest[DIGEST_LEN];
/** Declared publication time of the descriptor */
time_t published_on;
/** DOCDOC; routerinfo_t only. */
/** For routerdescs only: digest of the corresponding extrainfo. */
char extra_info_digest[DIGEST_LEN];
/** DOCDOC; routerinfo_t only: for the corresponding extrainfo. */
/** For routerdescs only: Status of downloading the corresponding
* extrainfo. */
download_status_t ei_dl_status;
/** Where is the descriptor saved? */
saved_location_t saved_location ;
/** If saved_location is SAVED_IN_CACHE or SAVED_IN_JOURNAL, the offset of
* this descriptor in the corresponding file. */
off_t saved_offset;
/* DOCDOC */
/* If true, we do not ever try to save this object in the cache. */
unsigned int do_not_cache : 1;
/* DOCDOC */
/* If true, this item is meant to represent an extrainfo. */
unsigned int is_extrainfo : 1;
} signed_descriptor_t;
......@@ -1124,7 +1127,8 @@ typedef struct {
* hibernating */
unsigned int has_old_dnsworkers:1; /**< Whether the router is using
* dnsworker code. */
unsigned int caches_extra_info:1; /**< DOCDOC */
unsigned int caches_extra_info:1; /**< Whether the router caches and serves
* extrainfo documents. */
/* local info */
unsigned int is_running:1; /**< As far as we know, is this OR currently
......@@ -1179,7 +1183,7 @@ typedef struct extrainfo_t {
/** If present, we didn't have the right key to verify this extra-info,
* so this is a copy of the signature in the document. */
char *pending_sig;
/** DOCDOC */
/** Length of pending_sig. */
size_t pending_sig_len;
} extrainfo_t;
......@@ -1296,10 +1300,12 @@ typedef struct {
/** Map from server descriptor digest to a signed_descriptor_t from
* routers or old_routers. */
digestmap_t *desc_digest_map;
/** Map from extra-info digest to a signed_descriptor_t. Only for
/** Map from extra-info digest to an extrainfo_t. Only exists for
* routers in routers or old_routers. */
digestmap_t *extra_info_map;
/** DOCDOC */
/** Map from extra-info digests to a signed_descriptor_t for a router
* descriptor having that extra-info digest. Only exists for
* routers in routers or old_routers. */
digestmap_t *desc_by_eid_map;
/** List of routerinfo_t for all currently live routers we know. */
smartlist_t *routers;
......@@ -1328,7 +1334,8 @@ typedef struct extend_info_t {
crypto_pk_env_t *onion_key; /**< Current onionskin key. */
} extend_info_t;
/** DOCDOC */
/** Certificate for v3 directory protocol: binds long-term authority identity
* keys to medium-term authority signing keys. */
typedef struct authority_cert_t {
signed_descriptor_t cache_info;
crypto_pk_env_t *identity_key;
......@@ -1336,7 +1343,8 @@ typedef struct authority_cert_t {
time_t expires;
} authority_cert_t;
/** DOCDOC */
/** Bitfield enum type listing types of directory authority/directory
* server. */
typedef enum {
NO_AUTHORITY = 0,
V1_AUTHORITY = 1 << 0,
......@@ -1822,8 +1830,12 @@ typedef struct {
int TrackHostExitsExpire; /**< Number of seconds until we expire an
* addressmap */
config_line_t *AddressMap; /**< List of address map directives. */
int AutomapHostsOnResolve; /**< DOCDOC */
smartlist_t *AutomapHostsSuffixes; /**< DOCDOC */
int AutomapHostsOnResolve; /**< If true, when we get a resolve request for a
* hostname ending with one of the suffixes in
* <b>AutomapHostsSuffixes</b>, map it to a
* virtual address. */
smartlist_t *AutomapHostsSuffixes; /**< List of suffixes for
* <b>AutomapHostsOnResolve</b>. */
int RendPostPeriod; /**< How often do we post each rendezvous service
* descriptor? Remember to publish them independently. */
int KeepalivePeriod; /**< How often do we send padding cells to keep
......@@ -2029,7 +2041,9 @@ static INLINE void or_state_mark_dirty(or_state_t *state, time_t when)
#define SOCKS_COMMAND_IS_RESOLVE(c) ((c)==SOCKS_COMMAND_RESOLVE || \
(c)==SOCKS_COMMAND_RESOLVE_PTR)
/** State of a SOCKS request from a user to an OP */
/** State of a SOCKS request from a user to an OP. Also used to encode other
* information for non-socks user request (such as those on TransPort and
* DNSPort) */
struct socks_request_t {
/** Which version of SOCKS did the client use? One of "0, 4, 5" -- where
* 0 means that no socks handshake ever took place, and this is just a
......@@ -2043,10 +2057,12 @@ struct socks_request_t {
* socks5 socks reply. We use this for the
* two-stage socks5 handshake.
*/
int has_finished; /**< Has the SOCKS handshake finished? */
char address[MAX_SOCKS_ADDR_LEN]; /**< What address did the client ask to
connect to? */
connect to/resolve? */
uint16_t port; /**< What port did the client ask to connect to? */
unsigned has_finished : 1; /**< Has the SOCKS handshake finished? Used to
* make sure we send back a socks reply for
* every connection. */
};
/* all the function prototypes go here */
......@@ -2718,7 +2734,6 @@ void connection_stop_writing(connection_t *conn);
void connection_start_writing(connection_t *conn);
void connection_stop_reading_from_linked_conn(connection_t *conn);
void connection_start_reading_from_linked_conn(connection_t *conn);
void directory_all_unreachable(time_t now);
void directory_info_has_arrived(time_t now, int from_cache);
......@@ -3024,7 +3039,8 @@ authority_cert_t *get_my_v3_authority_cert(void);
crypto_pk_env_t *get_my_v3_authority_signing_key(void);
void dup_onion_keys(crypto_pk_env_t **key, crypto_pk_env_t