Separate "SOCKS_COMMAND_CONNECT_DIR" into two flags in

Changes in version 0.2.0.10-alpha - 2007-1?-??

  o Major features:

    - Separate "SOCKS_COMMAND_CONNECT_DIR" into two flags in

      edge_connection_t: want_onehop if it must attach to a circuit with

      only one hop (e.g. for the current tunnelled connections that use

      begin_dir), and use_begindir if we mean to use a BEGIN_DIR relay

      command to establish the stream rather than the normal BEGIN. Now

      we can make anonymized begin_dir connections for (e.g.) more secure

      hidden service posting and fetching.

  o Major bugfixes:

    - Stop servers from crashing if they set a Family option (or

      maybe in other situations too). Bugfix on 0.2.0.9-alpha; reported

  directory port of the Tor server specified by address:port (the port

  specified should be the ORPort of the server). It uses a one-hop tunnel

  and a "BEGIN_DIR" relay cell to accomplish this secure connection.

  Th F2 command value was removed in Tor 0.2.0.10-alpha in favor of a

  new use_begindir flag in edge_connection_t.

4. HTTP-resistance

        return 0; /* not yet */

      req->command = (unsigned char) *(buf->cur+1);

      if (req->command != SOCKS_COMMAND_CONNECT &&

          req->command != SOCKS_COMMAND_CONNECT_DIR &&

          req->command != SOCKS_COMMAND_RESOLVE &&

          req->command != SOCKS_COMMAND_RESOLVE_PTR) {

        /* not a connect or resolve or a resolve_ptr? we don't support it. */

      req->command = (unsigned char) *(buf->cur+1);

      if (req->command != SOCKS_COMMAND_CONNECT &&

          req->command != SOCKS_COMMAND_CONNECT_DIR &&

          req->command != SOCKS_COMMAND_RESOLVE) {

        /* not a connect or resolve? we don't support it. (No resolve_ptr with

         * socks4.) */

                 * or is a rendezvous circuit. */

    }

    if (build_state->onehop_tunnel) {

      if (conn->socks_request->command != SOCKS_COMMAND_CONNECT_DIR) {

      if (!conn->want_onehop) {

        log_debug(LD_CIRC,"Skipping one-hop circuit.");

        return 0;

      }

          return 0; /* this is a circuit to somewhere else */

      }

    } else {

      if (conn->socks_request->command == SOCKS_COMMAND_CONNECT_DIR) {

      if (conn->want_onehop) {

        /* don't use three-hop circuits -- that could hurt our anonymity. */

        return 0;

      }

  if ((extend_info || purpose != CIRCUIT_PURPOSE_C_GENERAL) &&

      purpose != CIRCUIT_PURPOSE_TESTING && !onehop_tunnel) {

    /* see if there are appropriate circs available to cannibalize. */

    /* XXX020 if we're planning to add a hop, perhaps we want to look for

     * internal circs rather than exit circs? -RD */

    circ = circuit_find_to_cannibalize(purpose, extend_info,

                                       need_uptime, need_capacity, internal);

    if (circ) {

  tor_assert(circp);

  tor_assert(conn->_base.state == AP_CONN_STATE_CIRCUIT_WAIT);

  check_exit_policy =

      (conn->socks_request->command == SOCKS_COMMAND_CONNECT) &&

      conn->socks_request->command == SOCKS_COMMAND_CONNECT &&

      !conn->use_begindir &&

      !connection_edge_is_rendezvous_stream(conn);

  want_onehop = conn->socks_request->command == SOCKS_COMMAND_CONNECT_DIR;

  want_onehop = conn->want_onehop;

  need_uptime = (conn->socks_request->command == SOCKS_COMMAND_CONNECT) &&

  need_uptime = !conn->want_onehop && !conn->use_begindir &&

                smartlist_string_num_isin(options->LongLivedPorts,

                                          conn->socks_request->port);

  need_internal = desired_circuit_purpose != CIRCUIT_PURPOSE_C_GENERAL;

  /* is one already on the way? */

  circ = circuit_get_best(conn, 0, desired_circuit_purpose,

                          need_uptime, need_internal);

  if (circ)

    log_debug(LD_CIRC, "one on the way!");

  if (!circ) {

    extend_info_t *extend_info=NULL;

    uint8_t new_circ_purpose;

  link_apconn_to_circ(conn, circ, cpath);

  tor_assert(conn->socks_request);

  switch (conn->socks_request->command) {

    case SOCKS_COMMAND_CONNECT:

  if (conn->socks_request->command == SOCKS_COMMAND_CONNECT) {

    if (!conn->use_begindir)

      consider_recording_trackhost(conn, circ);

      /* fall through */

    case SOCKS_COMMAND_CONNECT_DIR:

    if (connection_ap_handshake_send_begin(conn) < 0)

      return -1;

      break;

    default:

  } else {

    if (connection_ap_handshake_send_resolve(conn) < 0)

      return -1;

  }

  tor_assert(conn);

  tor_assert(conn->_base.state == AP_CONN_STATE_CIRCUIT_WAIT);

  tor_assert(conn->socks_request);

  want_onehop = conn->socks_request->command == SOCKS_COMMAND_CONNECT_DIR;

  want_onehop = conn->want_onehop;

  conn_age = time(NULL) - conn->_base.timestamp_created;

    log_debug(LD_APP|LD_CIRC,

              "Attaching apconn to circ %d (stream %d sec old).",

              circ->_base.n_circ_id, conn_age);

    /* here, print the circ's path. so people can figure out which circs are

    /* print the circ's path, so people can figure out which circs are

     * sucking. */

    circuit_log_path(LOG_INFO,LD_APP|LD_CIRC,circ);

        return -1;

      }

      if (!conn->chosen_exit_name && !circ) {

      if (!conn->use_begindir && !conn->chosen_exit_name && !circ) {

        /* see if we can find a suitable enclave exit */

        routerinfo_t *r =

          router_find_exact_exit_enclave(socks->address, socks->port);

        }

      }

      if (!conn->use_begindir) {

        /* help predict this next time */

        rep_hist_note_used_port(socks->port, time(NULL));

      }

    } else if (socks->command == SOCKS_COMMAND_RESOLVE_PTR) {

      rep_hist_note_used_resolve(time(NULL)); /* help predict this next time */

    } else if (socks->command == SOCKS_COMMAND_CONNECT_DIR) {

      ; /* nothing */

    } else {

      tor_fragile_assert();

  log_debug(LD_APP,

            "Sending relay cell to begin stream %d.", ap_conn->stream_id);

  begin_type = ap_conn->socks_request->command == SOCKS_COMMAND_CONNECT ?

                 RELAY_COMMAND_BEGIN : RELAY_COMMAND_BEGIN_DIR;

  begin_type = ap_conn->use_begindir ?

                 RELAY_COMMAND_BEGIN_DIR : RELAY_COMMAND_BEGIN;

  if (begin_type == RELAY_COMMAND_BEGIN) {

    tor_assert(circ->build_state->onehop_tunnel == 0);

  }

 */

edge_connection_t *

connection_ap_make_link(char *address, uint16_t port,

                        const char *digest, int command)

                        const char *digest, int use_begindir, int want_onehop)

{

  edge_connection_t *conn;

  strlcpy(conn->socks_request->address, address,

          sizeof(conn->socks_request->address));

  conn->socks_request->port = port;

  conn->socks_request->command = command;

  if (command == SOCKS_COMMAND_CONNECT_DIR) {

  conn->socks_request->command = SOCKS_COMMAND_CONNECT;

  conn->want_onehop = want_onehop;

  conn->use_begindir = use_begindir;

  if (use_begindir) {

    conn->chosen_exit_name = tor_malloc(HEX_DIGEST_LEN+2);

    conn->chosen_exit_name[0] = '$';

    base16_encode(conn->chosen_exit_name+1,HEX_DIGEST_LEN+1,

    }

  }

  if (conn->socks_request->command == SOCKS_COMMAND_CONNECT) {

  if (conn->socks_request->command == SOCKS_COMMAND_CONNECT &&

      !conn->use_begindir) {

    struct in_addr in;

    uint32_t addr = 0;

    addr_policy_result_t r;