connection.c 114 KB
Newer Older
Roger Dingledine's avatar
Roger Dingledine committed
1
2
/* Copyright (c) 2001 Matej Pfajfar.
 * Copyright (c) 2001-2004, Roger Dingledine.
3
 * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson.
Karsten Loesing's avatar
Karsten Loesing committed
4
 * Copyright (c) 2007-2009, The Tor Project, Inc. */
5
/* See LICENSE for licensing information */
Roger Dingledine's avatar
Roger Dingledine committed
6

7
8
/**
 * \file connection.c
9
10
 * \brief General high-level functions to handle reading and writing
 * on connections.
11
12
 **/

Roger Dingledine's avatar
Roger Dingledine committed
13
14
#include "or.h"

15
static connection_t *connection_create_listener(
16
17
                               struct sockaddr *listensockaddr,
                               socklen_t listensocklen, int type,
18
                               char* address);
19
20
static void connection_init(time_t now, connection_t *conn, int type,
                            int socket_family);
21
22
static int connection_init_accepted_conn(connection_t *conn,
                                         uint8_t listener_type);
Nick Mathewson's avatar
Nick Mathewson committed
23
static int connection_handle_listener_read(connection_t *conn, int new_type);
24
static int connection_read_bucket_should_increase(or_connection_t *conn);
25
static int connection_finished_flushing(connection_t *conn);
26
static int connection_flushed_some(connection_t *conn);
27
static int connection_finished_connecting(connection_t *conn);
28
static int connection_reached_eof(connection_t *conn);
29
30
static int connection_read_to_buf(connection_t *conn, int *max_to_read,
                                  int *socket_error);
31
static int connection_process_inbuf(connection_t *conn, int package_partial);
32
static void client_check_address_changed(int sock);
33
static void set_constrained_socket_buffers(int sock, int size);
34

35
36
37
38
static const char *connection_proxy_state_to_string(int state);
static int connection_read_https_proxy_response(connection_t *conn);
static void connection_send_socks5_connect(connection_t *conn);

39
40
/** The last IPv4 address that our network interface seemed to have been
 * binding to, in host order.  We use this to detect when our IP changes. */
41
static uint32_t last_interface_ip = 0;
42
43
/** A list of uint32_ts for addresses we've used in outgoing connections.
 * Used to detect IP address changes. */
44
static smartlist_t *outgoing_addrs = NULL;
45
46
47

/**************************************************************/

48
49
50
/**
 * Return the human-readable name for the connection type <b>type</b>
 */
51
52
53
54
55
56
57
58
const char *
conn_type_to_string(int type)
{
  static char buf[64];
  switch (type) {
    case CONN_TYPE_OR_LISTENER: return "OR listener";
    case CONN_TYPE_OR: return "OR";
    case CONN_TYPE_EXIT: return "Exit";
59
    case CONN_TYPE_AP_LISTENER: return "Socks listener";
60
61
62
    case CONN_TYPE_AP_TRANS_LISTENER:
      return "Transparent pf/netfilter listener";
    case CONN_TYPE_AP_NATD_LISTENER: return "Transparent natd listener";
63
    case CONN_TYPE_AP_DNS_LISTENER: return "DNS listener";
64
65
66
    case CONN_TYPE_AP: return "Socks";
    case CONN_TYPE_DIR_LISTENER: return "Directory listener";
    case CONN_TYPE_DIR: return "Directory";
67
68
69
70
    case CONN_TYPE_CPUWORKER: return "CPU worker";
    case CONN_TYPE_CONTROL_LISTENER: return "Control listener";
    case CONN_TYPE_CONTROL: return "Control";
    default:
71
      log_warn(LD_BUG, "unknown connection type %d", type);
72
73
74
75
76
      tor_snprintf(buf, sizeof(buf), "unknown [%d]", type);
      return buf;
  }
}

77
78
79
80
/**
 * Return the human-readable name for the connection state <b>state</b>
 * for the connection type <b>type</b>
 */
81
const char *
82
83
conn_state_to_string(int type, int state)
{
84
85
86
87
  static char buf[96];
  switch (type) {
    case CONN_TYPE_OR_LISTENER:
    case CONN_TYPE_AP_LISTENER:
88
    case CONN_TYPE_AP_TRANS_LISTENER:
89
    case CONN_TYPE_AP_NATD_LISTENER:
90
    case CONN_TYPE_AP_DNS_LISTENER:
91
92
93
94
95
96
97
98
    case CONN_TYPE_DIR_LISTENER:
    case CONN_TYPE_CONTROL_LISTENER:
      if (state == LISTENER_STATE_READY)
        return "ready";
      break;
    case CONN_TYPE_OR:
      switch (state) {
        case OR_CONN_STATE_CONNECTING: return "connect()ing";
99
        case OR_CONN_STATE_PROXY_HANDSHAKING: return "handshaking (proxy)";
100
        case OR_CONN_STATE_TLS_HANDSHAKING: return "handshaking (TLS)";
101
102
103
104
        case OR_CONN_STATE_TLS_CLIENT_RENEGOTIATING:
          return "renegotiating (TLS)";
        case OR_CONN_STATE_TLS_SERVER_RENEGOTIATING:
          return "waiting for renegotiation (TLS)";
105
        case OR_CONN_STATE_OR_HANDSHAKING: return "handshaking (Tor)";
106
107
108
109
110
111
112
113
114
115
116
117
118
        case OR_CONN_STATE_OPEN: return "open";
      }
      break;
    case CONN_TYPE_EXIT:
      switch (state) {
        case EXIT_CONN_STATE_RESOLVING: return "waiting for dest info";
        case EXIT_CONN_STATE_CONNECTING: return "connecting";
        case EXIT_CONN_STATE_OPEN: return "open";
        case EXIT_CONN_STATE_RESOLVEFAILED: return "resolve failed";
      }
      break;
    case CONN_TYPE_AP:
      switch (state) {
119
        case AP_CONN_STATE_SOCKS_WAIT: return "waiting for socks info";
120
        case AP_CONN_STATE_NATD_WAIT: return "waiting for natd dest info";
121
122
        case AP_CONN_STATE_RENDDESC_WAIT: return "waiting for rendezvous desc";
        case AP_CONN_STATE_CONTROLLER_WAIT: return "waiting for controller";
123
124
125
        case AP_CONN_STATE_CIRCUIT_WAIT: return "waiting for circuit";
        case AP_CONN_STATE_CONNECT_WAIT: return "waiting for connect response";
        case AP_CONN_STATE_RESOLVE_WAIT: return "waiting for resolve response";
126
127
128
129
130
131
132
        case AP_CONN_STATE_OPEN: return "open";
      }
      break;
    case CONN_TYPE_DIR:
      switch (state) {
        case DIR_CONN_STATE_CONNECTING: return "connecting";
        case DIR_CONN_STATE_CLIENT_SENDING: return "client sending";
Roger Dingledine's avatar
Roger Dingledine committed
133
        case DIR_CONN_STATE_CLIENT_READING: return "client reading";
134
        case DIR_CONN_STATE_CLIENT_FINISHED: return "client finished";
135
136
137
138
139
140
141
142
143
144
145
146
        case DIR_CONN_STATE_SERVER_COMMAND_WAIT: return "waiting for command";
        case DIR_CONN_STATE_SERVER_WRITING: return "writing";
      }
      break;
    case CONN_TYPE_CPUWORKER:
      switch (state) {
        case CPUWORKER_STATE_IDLE: return "idle";
        case CPUWORKER_STATE_BUSY_ONION: return "busy with onion";
      }
      break;
    case CONN_TYPE_CONTROL:
      switch (state) {
147
148
        case CONTROL_CONN_STATE_OPEN: return "open (protocol v1)";
        case CONTROL_CONN_STATE_NEEDAUTH:
149
          return "waiting for authentication (protocol v1)";
150
151
152
153
      }
      break;
  }

154
  log_warn(LD_BUG, "unknown connection state %d (type %d)", state, type);
155
156
157
158
159
160
  tor_snprintf(buf, sizeof(buf),
               "unknown state [%d] on unknown [%s] connection",
               state, conn_type_to_string(type));
  return buf;
}

161
162
/** Allocate and return a new dir_connection_t, initialized as by
 * connection_init(). */
163
164
165
166
167
168
169
dir_connection_t *
dir_connection_new(int socket_family)
{
  dir_connection_t *dir_conn = tor_malloc_zero(sizeof(dir_connection_t));
  connection_init(time(NULL), TO_CONN(dir_conn), CONN_TYPE_DIR, socket_family);
  return dir_conn;
}
170
171
172

/** Allocate and return a new or_connection_t, initialized as by
 * connection_init(). */
173
174
175
176
177
178
179
180
181
182
183
184
or_connection_t *
or_connection_new(int socket_family)
{
  or_connection_t *or_conn = tor_malloc_zero(sizeof(or_connection_t));
  time_t now = time(NULL);
  connection_init(now, TO_CONN(or_conn), CONN_TYPE_OR, socket_family);

  or_conn->timestamp_last_added_nonpadding = time(NULL);
  or_conn->next_circ_id = crypto_rand_int(1<<15);

  return or_conn;
}
185
186
187

/** Allocate and return a new edge_connection_t, initialized as by
 * connection_init(). */
188
189
190
191
192
193
194
195
196
197
edge_connection_t *
edge_connection_new(int type, int socket_family)
{
  edge_connection_t *edge_conn = tor_malloc_zero(sizeof(edge_connection_t));
  tor_assert(type == CONN_TYPE_EXIT || type == CONN_TYPE_AP);
  connection_init(time(NULL), TO_CONN(edge_conn), type, socket_family);
  if (type == CONN_TYPE_AP)
    edge_conn->socks_request = tor_malloc_zero(sizeof(socks_request_t));
  return edge_conn;
}
198
199
200

/** Allocate and return a new control_connection_t, initialized as by
 * connection_init(). */
201
202
203
204
205
206
207
208
209
210
control_connection_t *
control_connection_new(int socket_family)
{
  control_connection_t *control_conn =
    tor_malloc_zero(sizeof(control_connection_t));
  connection_init(time(NULL),
                  TO_CONN(control_conn), CONN_TYPE_CONTROL, socket_family);
  return control_conn;
}

211
212
213
/** Allocate, initialize, and return a new connection_t subtype of <b>type</b>
 * to make or receive connections of address family <b>socket_family</b>.  The
 * type should be one of the CONN_TYPE_* constants. */
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
connection_t *
connection_new(int type, int socket_family)
{
  switch (type) {
    case CONN_TYPE_OR:
      return TO_CONN(or_connection_new(socket_family));

    case CONN_TYPE_EXIT:
    case CONN_TYPE_AP:
      return TO_CONN(edge_connection_new(type, socket_family));

    case CONN_TYPE_DIR:
      return TO_CONN(dir_connection_new(socket_family));

    case CONN_TYPE_CONTROL:
      return TO_CONN(control_connection_new(socket_family));

    default: {
      connection_t *conn = tor_malloc_zero(sizeof(connection_t));
      connection_init(time(NULL), conn, type, socket_family);
      return conn;
    }
  }
}

/** Initializes conn. (you must call connection_add() to link it into the main
 * array).
241
 *
242
 * Set conn-\>type to <b>type</b>. Set conn-\>s and conn-\>conn_array_index to
243
244
245
246
247
248
249
250
251
 * -1 to signify they are not yet assigned.
 *
 * If conn is not a listener type, allocate buffers for it. If it's
 * an AP type, allocate space to store the socks_request.
 *
 * Assign a pseudorandom next_circ_id between 0 and 2**15.
 *
 * Initialize conn's timestamps to now.
 */
252
253
static void
connection_init(time_t now, connection_t *conn, int type, int socket_family)
254
{
255
256
  static uint64_t n_connections_allocated = 1;

257
258
  switch (type) {
    case CONN_TYPE_OR:
259
      conn->magic = OR_CONNECTION_MAGIC;
260
261
262
      break;
    case CONN_TYPE_EXIT:
    case CONN_TYPE_AP:
263
      conn->magic = EDGE_CONNECTION_MAGIC;
264
265
      break;
    case CONN_TYPE_DIR:
266
      conn->magic = DIR_CONNECTION_MAGIC;
267
268
      break;
    case CONN_TYPE_CONTROL:
269
      conn->magic = CONTROL_CONNECTION_MAGIC;
270
271
      break;
    default:
272
      conn->magic = BASE_CONNECTION_MAGIC;
273
274
275
      break;
  }

276
  conn->s = -1; /* give it a default of 'not used' */
277
  conn->conn_array_index = -1; /* also default to 'not used' */
278
  conn->global_identifier = n_connections_allocated++;
Roger Dingledine's avatar
Roger Dingledine committed
279
280

  conn->type = type;
281
  conn->socket_family = socket_family;
282
  if (!connection_is_listener(conn)) { /* listeners never use their buf */
283
284
285
    conn->inbuf = buf_new();
    conn->outbuf = buf_new();
  }
286

287
288
289
  conn->timestamp_created = now;
  conn->timestamp_lastread = now;
  conn->timestamp_lastwritten = now;
Roger Dingledine's avatar
Roger Dingledine committed
290
291
}

Roger Dingledine's avatar
Roger Dingledine committed
292
/** Create a link between <b>conn_a</b> and <b>conn_b</b>. */
293
294
295
296
297
298
299
300
301
302
303
304
void
connection_link_connections(connection_t *conn_a, connection_t *conn_b)
{
  tor_assert(conn_a->s < 0);
  tor_assert(conn_b->s < 0);

  conn_a->linked = 1;
  conn_b->linked = 1;
  conn_a->linked_conn = conn_b;
  conn_b->linked_conn = conn_a;
}

305
306
307
/** Deallocate memory used by <b>conn</b>. Deallocate its buffers if
 * necessary, close its socket if necessary, and mark the directory as dirty
 * if <b>conn</b> is an OR or OP connection.
308
 */
309
static void
310
311
_connection_free(connection_t *conn)
{
312
  void *mem;
313
  size_t memlen;
314
315
316
317
  switch (conn->type) {
    case CONN_TYPE_OR:
      tor_assert(conn->magic == OR_CONNECTION_MAGIC);
      mem = TO_OR_CONN(conn);
318
      memlen = sizeof(or_connection_t);
319
320
321
322
323
      break;
    case CONN_TYPE_AP:
    case CONN_TYPE_EXIT:
      tor_assert(conn->magic == EDGE_CONNECTION_MAGIC);
      mem = TO_EDGE_CONN(conn);
324
      memlen = sizeof(edge_connection_t);
325
326
327
328
      break;
    case CONN_TYPE_DIR:
      tor_assert(conn->magic == DIR_CONNECTION_MAGIC);
      mem = TO_DIR_CONN(conn);
329
      memlen = sizeof(dir_connection_t);
330
331
332
333
      break;
    case CONN_TYPE_CONTROL:
      tor_assert(conn->magic == CONTROL_CONNECTION_MAGIC);
      mem = TO_CONTROL_CONN(conn);
334
      memlen = sizeof(control_connection_t);
335
336
337
338
      break;
    default:
      tor_assert(conn->magic == BASE_CONNECTION_MAGIC);
      mem = conn;
339
      memlen = sizeof(connection_t);
340
341
      break;
  }
Roger Dingledine's avatar
Roger Dingledine committed
342

343
  if (conn->linked) {
344
345
346
347
348
    log_info(LD_GENERAL, "Freeing linked %s connection [%s] with %d "
             "bytes on inbuf, %d on outbuf.",
             conn_type_to_string(conn->type),
             conn_state_to_string(conn->type, conn->state),
             (int)buf_datalen(conn->inbuf), (int)buf_datalen(conn->outbuf));
349
350
  }

351
  if (!connection_is_listener(conn)) {
352
353
    buf_free(conn->inbuf);
    buf_free(conn->outbuf);
354
  } else {
355
    if (conn->socket_family == AF_UNIX) {
Nick Mathewson's avatar
Nick Mathewson committed
356
      /* For now only control ports can be Unix domain sockets
357
358
359
360
361
362
363
364
       * and listeners at the same time */
      tor_assert(conn->type == CONN_TYPE_CONTROL_LISTENER);

      if (unlink(conn->address) < 0 && errno != ENOENT) {
        log_warn(LD_NET, "Could not unlink %s: %s", conn->address,
                         strerror(errno));
      }
    }
365
  }
366

367
  tor_free(conn->address);
Roger Dingledine's avatar
Roger Dingledine committed
368

369
  if (connection_speaks_cells(conn)) {
370
371
372
373
    or_connection_t *or_conn = TO_OR_CONN(conn);
    if (or_conn->tls) {
      tor_tls_free(or_conn->tls);
      or_conn->tls = NULL;
374
    }
375
376
377
378
    if (or_conn->handshake_state) {
      or_handshake_state_free(or_conn->handshake_state);
      or_conn->handshake_state = NULL;
    }
379
380
381
382
383
    tor_free(or_conn->nickname);
  }
  if (CONN_IS_EDGE(conn)) {
    edge_connection_t *edge_conn = TO_EDGE_CONN(conn);
    tor_free(edge_conn->chosen_exit_name);
384
385
386
387
    if (edge_conn->socks_request) {
      memset(edge_conn->socks_request, 0xcc, sizeof(socks_request_t));
      tor_free(edge_conn->socks_request);
    }
388
389
    if (edge_conn->rend_data)
      rend_data_free(edge_conn->rend_data);
390
391
392
393
  }
  if (conn->type == CONN_TYPE_CONTROL) {
    control_connection_t *control_conn = TO_CONTROL_CONN(conn);
    tor_free(control_conn->incoming_cmd);
Roger Dingledine's avatar
Roger Dingledine committed
394
395
  }

396
397
  tor_free(conn->read_event); /* Probably already freed by connection_free. */
  tor_free(conn->write_event); /* Probably already freed by connection_free. */
398
399
400
401
402
403
404
405
406
407
408
409

  if (conn->type == CONN_TYPE_DIR) {
    dir_connection_t *dir_conn = TO_DIR_CONN(conn);
    tor_free(dir_conn->requested_resource);
    if (dir_conn->zlib_state)
      tor_zlib_free(dir_conn->zlib_state);
    if (dir_conn->fingerprint_stack) {
      SMARTLIST_FOREACH(dir_conn->fingerprint_stack, char *, cp, tor_free(cp));
      smartlist_free(dir_conn->fingerprint_stack);
    }
    if (dir_conn->cached_dir)
      cached_dir_decref(dir_conn->cached_dir);
410
411
    if (dir_conn->rend_data)
      rend_data_free(dir_conn->rend_data);
412
  }
413

414
  if (conn->s >= 0) {
Roger Dingledine's avatar
Roger Dingledine committed
415
    log_debug(LD_NET,"closing fd %d.",conn->s);
416
    tor_close_socket(conn->s);
417
    conn->s = -1;
418
419
  }

420
  if (conn->type == CONN_TYPE_OR &&
421
      !tor_digest_is_zero(TO_OR_CONN(conn)->identity_digest)) {
Roger Dingledine's avatar
Roger Dingledine committed
422
    log_warn(LD_BUG, "called on OR conn with non-zeroed identity_digest");
423
    connection_or_remove_from_identity_map(TO_OR_CONN(conn));
424
  }
425

426
  memset(mem, 0xCC, memlen); /* poison memory */
427
  tor_free(mem);
Roger Dingledine's avatar
Roger Dingledine committed
428
429
}

430
431
/** Make sure <b>conn</b> isn't in any of the global conn lists; then free it.
 */
432
433
434
void
connection_free(connection_t *conn)
{
435
436
437
  tor_assert(conn);
  tor_assert(!connection_is_on_closeable_list(conn));
  tor_assert(!connection_in_array(conn));
438
439
440
441
442
443
444
445
446
  if (conn->linked_conn) {
    log_err(LD_BUG, "Called with conn->linked_conn still set.");
    tor_fragile_assert();
    conn->linked_conn->linked_conn = NULL;
    if (! conn->linked_conn->marked_for_close &&
        conn->linked_conn->reading_from_linked_conn)
      connection_start_reading(conn->linked_conn);
    conn->linked_conn = NULL;
  }
447
  if (connection_speaks_cells(conn)) {
448
449
    if (!tor_digest_is_zero(TO_OR_CONN(conn)->identity_digest)) {
      connection_or_remove_from_identity_map(TO_OR_CONN(conn));
450
    }
451
  }
452
  if (conn->type == CONN_TYPE_CONTROL) {
453
    TO_CONTROL_CONN(conn)->event_mask = 0;
454
455
    control_update_global_event_mask();
  }
456
  connection_unregister_events(conn);
457
458
459
  _connection_free(conn);
}

460
/** Call _connection_free() on every connection in our array, and release all
Nick Mathewson's avatar
Nick Mathewson committed
461
 * storage held by connection.c. This is used by cpuworkers and dnsworkers
462
463
 * when they fork, so they don't keep resources held open (especially
 * sockets).
464
465
466
 *
 * Don't do the checks in connection_free(), because they will
 * fail.
467
 */
468
469
470
void
connection_free_all(void)
{
471
  smartlist_t *conns = get_connection_array();
472

473
  /* We don't want to log any messages to controllers. */
474
475
476
477
  SMARTLIST_FOREACH(conns, connection_t *, conn,
    if (conn->type == CONN_TYPE_CONTROL)
      TO_CONTROL_CONN(conn)->event_mask = 0);

478
479
  control_update_global_event_mask();

480
481
482
  /* Unlink everything from the identity map. */
  connection_or_clear_identity_map();

483
  SMARTLIST_FOREACH(conns, connection_t *, conn, _connection_free(conn));
484
485
486
487
488
489

  if (outgoing_addrs) {
    SMARTLIST_FOREACH(outgoing_addrs, void*, addr, tor_free(addr));
    smartlist_free(outgoing_addrs);
    outgoing_addrs = NULL;
  }
490
491
}

492
493
494
495
496
497
498
499
/** Do any cleanup needed:
 *   - Directory conns that failed to fetch a rendezvous descriptor
 *     need to inform pending rendezvous streams.
 *   - OR conns need to call rep_hist_note_*() to record status.
 *   - AP conns need to send a socks reject if necessary.
 *   - Exit conns need to call connection_dns_remove() if necessary.
 *   - AP and Exit conns need to send an end cell if they can.
 *   - DNS conns need to fail any resolves that are pending on them.
500
 *   - OR and edge connections need to be unlinked from circuits.
501
 */
502
503
void
connection_about_to_close_connection(connection_t *conn)
504
{
505
  circuit_t *circ;
506
507
508
  dir_connection_t *dir_conn;
  or_connection_t *or_conn;
  edge_connection_t *edge_conn;
509
  time_t now = time(NULL);
510

511
  tor_assert(conn->marked_for_close);
512

513
  if (CONN_IS_EDGE(conn)) {
514
515
    edge_conn = TO_EDGE_CONN(conn);
    if (!edge_conn->edge_has_sent_end) {
516
      log_warn(LD_BUG, "(Harmless.) Edge connection (marked at %s:%d) "
Roger Dingledine's avatar
Roger Dingledine committed
517
518
               "hasn't sent end yet?",
               conn->marked_for_close_file, conn->marked_for_close);
519
      tor_fragile_assert();
520
    }
521
522
  }

523
  switch (conn->type) {
524
    case CONN_TYPE_DIR:
525
      dir_conn = TO_DIR_CONN(conn);
526
527
528
      if (conn->state < DIR_CONN_STATE_CLIENT_FINISHED) {
        /* It's a directory connection and connecting or fetching
         * failed: forget about this router, and maybe try again. */
529
        connection_dir_request_failed(dir_conn);
530
      }
531
532
533
534
      /* If we were trying to fetch a v2 rend desc and did not succeed,
       * retry as needed. (If a fetch is successful, the connection state
       * is changed to DIR_PURPOSE_HAS_FETCHED_RENDDESC to mark that
       * refetching is unnecessary.) */
Karsten Loesing's avatar
Karsten Loesing committed
535
      if (conn->purpose == DIR_PURPOSE_FETCH_RENDDESC_V2 &&
536
537
538
539
          dir_conn->rend_data &&
          strlen(dir_conn->rend_data->onion_address) ==
              REND_SERVICE_ID_LEN_BASE32)
        rend_client_refetch_v2_renddesc(dir_conn->rend_data);
540
      break;
541
    case CONN_TYPE_OR:
542
      or_conn = TO_OR_CONN(conn);
543
544
      /* Remember why we're closing this connection. */
      if (conn->state != OR_CONN_STATE_OPEN) {
545
546
547
548
        /* Inform any pending (not attached) circs that they should
         * give up. */
        circuit_n_conn_done(TO_OR_CONN(conn), 0);
        /* now mark things down as needed */
549
        if (connection_or_nonopen_was_started_here(or_conn)) {
550
          or_options_t *options = get_options();
551
          rep_hist_note_connect_failed(or_conn->identity_digest, now);
552
553
          entry_guard_register_connect_status(or_conn->identity_digest,0,
                                              !options->HttpsProxy, now);
554
          if (conn->state >= OR_CONN_STATE_TLS_HANDSHAKING) {
555
            int reason = tls_error_to_orconn_end_reason(or_conn->tls_error);
556
557
            control_event_or_conn_status(or_conn, OR_CONN_EVENT_FAILED,
                                         reason);
558
559
560
            if (!authdir_mode_tests_reachability(options))
              control_event_bootstrap_problem(
                orconn_end_reason_to_control_string(reason), reason);
561
          }
562
        }
563
      } else if (conn->hold_open_until_flushed) {
564
565
        /* We only set hold_open_until_flushed when we're intentionally
         * closing a connection. */
566
        rep_hist_note_disconnect(or_conn->identity_digest, now);
567
        control_event_or_conn_status(or_conn, OR_CONN_EVENT_CLOSED,
568
                tls_error_to_orconn_end_reason(or_conn->tls_error));
569
      } else if (!tor_digest_is_zero(or_conn->identity_digest)) {
570
        rep_hist_note_connection_died(or_conn->identity_digest, now);
571
        control_event_or_conn_status(or_conn, OR_CONN_EVENT_CLOSED,
572
                tls_error_to_orconn_end_reason(or_conn->tls_error));
573
      }
574
575
576
      /* Now close all the attached circuits on it. */
      circuit_unlink_all_from_or_conn(TO_OR_CONN(conn),
                                      END_CIRC_REASON_OR_CONN_CLOSED);
577
      break;
578
    case CONN_TYPE_AP:
579
580
      edge_conn = TO_EDGE_CONN(conn);
      if (edge_conn->socks_request->has_finished == 0) {
581
582
        /* since conn gets removed right after this function finishes,
         * there's no point trying to send back a reply at this point. */
583
        log_warn(LD_BUG,"Closing stream (marked at %s:%d) without sending"
Roger Dingledine's avatar
Roger Dingledine committed
584
585
                 " back a socks reply.",
                 conn->marked_for_close_file, conn->marked_for_close);
586
      }
587
      if (!edge_conn->end_reason) {
588
        log_warn(LD_BUG,"Closing stream (marked at %s:%d) without having"
589
                 " set end_reason.",
590
591
                 conn->marked_for_close_file, conn->marked_for_close);
      }
592
593
594
595
596
597
      if (edge_conn->dns_server_request) {
        log_warn(LD_BUG,"Closing stream (marked at %s:%d) without having"
                 " replied to DNS request.",
                 conn->marked_for_close_file, conn->marked_for_close);
        dnsserv_reject_request(edge_conn);
      }
598
      control_event_stream_bandwidth(edge_conn);
599
      control_event_stream_status(edge_conn, STREAM_EVENT_CLOSED,
600
                                  edge_conn->end_reason);
601
602
603
      circ = circuit_get_by_edge_conn(edge_conn);
      if (circ)
        circuit_detach_stream(circ, edge_conn);
604
      break;
605
    case CONN_TYPE_EXIT:
606
      edge_conn = TO_EDGE_CONN(conn);
607
608
609
      circ = circuit_get_by_edge_conn(edge_conn);
      if (circ)
        circuit_detach_stream(circ, edge_conn);
610
      if (conn->state == EXIT_CONN_STATE_RESOLVING) {
611
        connection_dns_remove(edge_conn);
612
      }
613
      break;
614
  }
615
616
}

Roger Dingledine's avatar
Roger Dingledine committed
617
618
/** Return true iff connection_close_immediate() has been called on this
 * connection. */
619
620
621
#define CONN_IS_CLOSED(c) \
  ((c)->linked ? ((c)->linked_conn_is_closed) : ((c)->s < 0))

622
623
624
/** Close the underlying socket for <b>conn</b>, so we don't try to
 * flush it. Must be used in conjunction with (right before)
 * connection_mark_for_close().
625
 */
626
627
void
connection_close_immediate(connection_t *conn)
628
629
{
  assert_connection_ok(conn,0);
630
  if (CONN_IS_CLOSED(conn)) {
631
    log_err(LD_BUG,"Attempt to close already-closed connection.");
632
    tor_fragile_assert();
633
634
    return;
  }
635
  if (conn->outbuf_flushlen) {
Roger Dingledine's avatar
Roger Dingledine committed
636
637
638
639
    log_info(LD_NET,"fd %d, type %s, state %s, %d bytes on outbuf.",
             conn->s, conn_type_to_string(conn->type),
             conn_state_to_string(conn->type, conn->state),
             (int)conn->outbuf_flushlen);
640
  }
641

642
  connection_unregister_events(conn);
643

644
645
  if (conn->s >= 0)
    tor_close_socket(conn->s);
646
  conn->s = -1;
647
648
  if (conn->linked)
    conn->linked_conn_is_closed = 1;
649
  if (!connection_is_listener(conn)) {
650
651
652
    buf_clear(conn->outbuf);
    conn->outbuf_flushlen = 0;
  }
653
654
}

655
/** Mark <b>conn</b> to be closed next time we loop through
656
 * conn_close_if_marked() in main.c. */
657
658
void
_connection_mark_for_close(connection_t *conn, int line, const char *file)
659
660
{
  assert_connection_ok(conn,0);
661
  tor_assert(line);
662
  tor_assert(line < 1<<16); /* marked_for_close can only fit a uint16_t. */
663
  tor_assert(file);
664
665

  if (conn->marked_for_close) {
666
    log(LOG_WARN,LD_BUG,"Duplicate call to connection_mark_for_close at %s:%d"
667
668
        " (first at %s:%d)", file, line, conn->marked_for_close_file,
        conn->marked_for_close);
669
    tor_fragile_assert();
670
    return;
671
672
  }

673
674
  conn->marked_for_close = line;
  conn->marked_for_close_file = file;
675
  add_connection_to_closeable_list(conn);
676
677
678
679
680

  /* in case we're going to be held-open-til-flushed, reset
   * the number of seconds since last successful write, so
   * we get our whole 15 seconds */
  conn->timestamp_lastwritten = time(NULL);
681
682
}

683
684
685
686
687
/** Find each connection that has hold_open_until_flushed set to
 * 1 but hasn't written in the past 15 seconds, and set
 * hold_open_until_flushed to 0. This means it will get cleaned
 * up in the next loop through close_if_marked() in main.c.
 */
688
689
void
connection_expire_held_open(void)
690
691
{
  time_t now;
692
  smartlist_t *conns = get_connection_array();
693
694
695

  now = time(NULL);

696
697
  SMARTLIST_FOREACH(conns, connection_t *, conn,
  {
698
699
700
    /* If we've been holding the connection open, but we haven't written
     * for 15 seconds...
     */
701
    if (conn->hold_open_until_flushed) {
Roger Dingledine's avatar
Roger Dingledine committed
702
      tor_assert(conn->marked_for_close);
703
      if (now - conn->timestamp_lastwritten >= 15) {
Roger Dingledine's avatar
Roger Dingledine committed
704
705
        int severity;
        if (conn->type == CONN_TYPE_EXIT ||
706
707
            (conn->type == CONN_TYPE_DIR &&
             conn->purpose == DIR_PURPOSE_SERVER))
Roger Dingledine's avatar
Roger Dingledine committed
708
709
710
          severity = LOG_INFO;
        else
          severity = LOG_NOTICE;
711
        log_fn(severity, LD_NET,
712
713
               "Giving up on marked_for_close conn that's been flushing "
               "for 15s (fd %d, type %s, state %s).",
714
715
               conn->s, conn_type_to_string(conn->type),
               conn_state_to_string(conn->type, conn->state));
716
717
        conn->hold_open_until_flushed = 0;
      }
718
    }
719
  });
720
721
}

722
723
724
725
726
/** Create an AF_INET listenaddr struct.
 * <b>listenaddress</b> provides the host and optionally the port information
 * for the new structure.  If no port is provided in <b>listenaddress</b> then
 * <b>listenport</b> is used.
 *
Nick Mathewson's avatar
Nick Mathewson committed
727
 * If not NULL <b>readable_address</b> will contain a copy of the host part of
728
 * <b>listenaddress</b>.
Nick Mathewson's avatar
Nick Mathewson committed
729
 *
730
 * The listenaddr struct has to be freed by the caller.
731
 */
732
733
static struct sockaddr_in *
create_inet_sockaddr(const char *listenaddress, uint16_t listenport,
734
                     char **readable_address, socklen_t *socklen_out) {
735
  struct sockaddr_in *listenaddr = NULL;
736
  uint32_t addr;
737
  uint16_t usePort = 0;
Roger Dingledine's avatar
Roger Dingledine committed
738

739
740
  if (parse_addr_port(LOG_WARN,
                      listenaddress, readable_address, &addr, &usePort)<0) {
Roger Dingledine's avatar
Roger Dingledine committed
741
742
    log_warn(LD_CONFIG,
             "Error parsing/resolving ListenAddress %s", listenaddress);
743
    goto err;
744
  }
745
  if (usePort==0)
746
    usePort = listenport;
747

748
749
750
751
752
  listenaddr = tor_malloc_zero(sizeof(struct sockaddr_in));
  listenaddr->sin_addr.s_addr = htonl(addr);
  listenaddr->sin_family = AF_INET;
  listenaddr->sin_port = htons((uint16_t) usePort);

753
754
  *socklen_out = sizeof(struct sockaddr_in);

755
756
757
758
759
760
761
762
763
  return listenaddr;

 err:
  tor_free(listenaddr);
  return NULL;
}

#ifdef HAVE_SYS_UN_H
/** Create an AF_UNIX listenaddr struct.
Nick Mathewson's avatar
Nick Mathewson committed
764
 * <b>listenaddress</b> provides the path to the Unix socket.
765
766
767
768
769
770
 *
 * Eventually <b>listenaddress</b> will also optionally contain user, group,
 * and file permissions for the new socket.  But not yet. XXX
 * Also, since we do not create the socket here the information doesn't help
 * here.
 *
Nick Mathewson's avatar
Nick Mathewson committed
771
 * If not NULL <b>readable_address</b> will contain a copy of the path part of
772
773
774
775
776
 * <b>listenaddress</b>.
 *
 * The listenaddr struct has to be freed by the caller.
 */
static struct sockaddr_un *
777
778
create_unix_sockaddr(const char *listenaddress, char **readable_address,
                     socklen_t *len_out)
779
780
781
782
783
784
785
786
787
788
{
  struct sockaddr_un *sockaddr = NULL;

  sockaddr = tor_malloc_zero(sizeof(struct sockaddr_un));
  sockaddr->sun_family = AF_UNIX;
  strncpy(sockaddr->sun_path, listenaddress, sizeof(sockaddr->sun_path));

  if (readable_address)
    *readable_address = tor_strdup(listenaddress);

789
  *len_out = sizeof(struct sockaddr_un);
790
791
792
793
  return sockaddr;
}
#else
static struct sockaddr *
794
795
create_unix_sockaddr(const char *listenaddress, char **readable_address,
                     socklen_t *len_out)
796
{
797
798
  (void)listenaddress;
  (void)readable_address;
799
800
  log_fn(LOG_ERR, LD_BUG,
         "Unix domain sockets not supported, yet we tried to create one.");
801
  *len_out = 0;
802
  tor_assert(0);
803
804
805
};
#endif /* HAVE_SYS_UN_H */

806
807
808
/** Warn that an accept or a connect has failed because we're running up
 * against our ulimit.  Rate-limit these warnings so that we don't spam
 * the log. */
Nick Mathewson's avatar
Nick Mathewson committed
809
810
811
812
static void
warn_too_many_conns(void)
{
#define WARN_TOO_MANY_CONNS_INTERVAL (6*60*60)
813
814
  static time_t last_warned = 0;
  time_t now = time(NULL);
815
  int n_conns = get_n_open_sockets();
Nick Mathewson's avatar
Nick Mathewson committed
816
817
818
819
820
821
822
823
824
  if (last_warned + WARN_TOO_MANY_CONNS_INTERVAL < now) {
    log_warn(LD_NET,"Failing because we have %d connections already. Please "
             "raise your ulimit -n.", n_conns);
    last_warned = now;
  }
  control_event_general_status(LOG_WARN, "TOO_MANY_CONNECTIONS CURRENT=%d",
                               n_conns);
}

825
826
827
828
829
830
831
/** Bind a new non-blocking socket listening to the socket described
 * by <b>listensockaddr</b>.
 *
 * <b>address</b> is only used for logging purposes and to add the information
 * to the conn.
 */
static connection_t *
832
833
connection_create_listener(struct sockaddr *listensockaddr, socklen_t socklen,
                           int type, char* address)
834
835
836
837
838
{
  connection_t *conn;
  int s; /* the socket we're going to make */
  uint16_t usePort = 0;
  int start_reading = 0;
Nick Mathewson's avatar
Nick Mathewson committed
839

840
  if (get_n_open_sockets() >= get_options()->_ConnLimit-1) {
Nick Mathewson's avatar
Nick Mathewson committed
841
    warn_too_many_conns();
842
843
844
    return NULL;
  }

845
846
847
848
849
850
851
852
853
854
855
856
857
858
859
860
861
862
863
864
865
  if (listensockaddr->sa_family == AF_INET) {
    int is_tcp = (type != CONN_TYPE_AP_DNS_LISTENER);
#ifndef MS_WINDOWS
    int one=1;
#endif
    if (is_tcp)
      start_reading = 1;

    usePort = ntohs( (uint16_t)
                     ((struct sockaddr_in *)listensockaddr)->sin_port);

    log_notice(LD_NET, "Opening %s on %s:%d",
               conn_type_to_string(type), address, usePort);

    s = tor_open_socket(PF_INET,
                        is_tcp ? SOCK_STREAM : SOCK_DGRAM,
                        is_tcp ? IPPROTO_TCP: IPPROTO_UDP);
    if (s < 0) {
      log_warn(LD_NET,"Socket creation failed.");
      goto err;
    }
Roger Dingledine's avatar
Roger Dingledine committed
866

867
#ifndef MS_WINDOWS
868
869
870
871
    /* REUSEADDR on normal places means you can rebind to the port
     * right after somebody else has let it go. But REUSEADDR on win32
     * means you can bind to the port _even when somebody else
     * already has it bound_. So, don't do that on Win32. */
872
873
    setsockopt(s, SOL_SOCKET, SO_REUSEADDR, (void*) &one,
               (socklen_t)sizeof(one));
874
#endif
Roger Dingledine's avatar
Roger Dingledine committed
875

876
    if (bind(s,listensockaddr,socklen) < 0) {
877
878
879
880
881
882
883
884
885
886
887
888
889
890
891
892
893
894
895
896
897
898
      const char *helpfulhint = "";
      int e = tor_socket_errno(s);
      if (ERRNO_IS_EADDRINUSE(e))
        helpfulhint = ". Is Tor already running?";
      log_warn(LD_NET, "Could not bind to %s:%u: %s%s", address, usePort,
               tor_socket_strerror(e), helpfulhint);
      tor_close_socket(s);
      goto err;
    }

    if (is_tcp) {
      if (listen(s,SOMAXCONN) < 0) {
        log_warn(LD_NET, "Could not listen on %s:%u: %s", address, usePort,
                 tor_socket_strerror(tor_socket_errno(s)));
        tor_close_socket(s);
        goto err;
      }
    }
#ifdef HAVE_SYS_UN_H
  } else if (listensockaddr->sa_family == AF_UNIX) {
    start_reading = 1;

Nick Mathewson's avatar
Nick Mathewson committed
899
    /* For now only control ports can be Unix domain sockets
900
901
902
903
904
905
906
907
908
909
910
911
912
913
914
915
916
     * and listeners at the same time */
    tor_assert(type == CONN_TYPE_CONTROL_LISTENER);

    log_notice(LD_NET, "Opening %s on %s",
               conn_type_to_string(type), address);

    if (unlink(address) < 0 && errno != ENOENT) {
      log_warn(LD_NET, "Could not unlink %s: %s", address,
                       strerror(errno));
      goto err;
    }
    s = tor_open_socket(AF_UNIX, SOCK_STREAM, 0);
    if (s < 0) {
      log_warn(LD_NET,"Socket creation failed: %s.", strerror(errno));
      goto err;
    }

917
    if (bind(s, listensockaddr, (socklen_t)sizeof(struct sockaddr_un)) == -1) {
918
919
920
921
      log_warn(LD_NET,"Bind to %s failed: %s.", address,
               tor_socket_strerror(tor_socket_errno(s)));
      goto err;
    }
Roger Dingledine's avatar
Roger Dingledine committed
922

923
    if (listen(s,SOMAXCONN) < 0) {
924
      log_warn(LD_NET, "Could not listen on %s: %s", address,
925
926
927
928
               tor_socket_strerror(tor_socket_errno(s)));
      tor_close_socket(s);
      goto err;
    }
929
930
931
932
933
#endif /* HAVE_SYS_UN_H */
  } else {
      log_err(LD_BUG,"Got unexpected address family %d.",
              listensockaddr->sa_family);
      tor_assert(0);
Roger Dingledine's avatar
Roger Dingledine committed
934
935
  }

936
  set_socket_nonblocking(s);
Roger Dingledine's avatar
Roger Dingledine committed
937

938
  conn = connection_new(type, listensockaddr->sa_family);
939
  conn->socket_family = listensockaddr->sa_family;
Roger Dingledine's avatar
Roger Dingledine committed
940
  conn->s = s;
941
  conn->address = tor_strdup(address);
942
  conn->port = usePort;
Roger Dingledine's avatar
Roger Dingledine committed
943

944
  if (connection_add(conn) < 0) { /* no space, forget it */
945
    log_warn(LD_NET,"connection_add for listener failed. Giving up.");
Roger Dingledine's avatar
Roger Dingledine committed
946
    connection_free(conn);
947
    goto err;
Roger Dingledine's avatar
Roger Dingledine committed
948
949
  }

Roger Dingledine's avatar
Roger Dingledine committed
950
951
  log_debug(LD_NET,"%s listening on port %u.",
            conn_type_to_string(type), usePort);
Roger Dingledine's avatar
Roger Dingledine committed
952
953

  conn->state = LISTENER_STATE_READY;
954
  if (start_reading) {
955
956
957
958
959
    connection_start_reading(conn);
  } else {
    tor_assert(type == CONN_TYPE_AP_DNS_LISTENER);
    dnsserv_configure_listener(conn);
  }
Roger Dingledine's avatar
Roger Dingledine committed
960

961
  return conn;
962
963

 err:
964
  return NULL;
Roger Dingledine's avatar
Roger Dingledine committed
965
966
}

967
968
969
/** Do basic sanity checking on a newly received socket. Return 0
 * if it looks ok, else return -1. */
static int
970
check_sockaddr(struct sockaddr *sa, int len, int level)
971
972
973
{
  int ok = 1;

974
975
976
977
978
979
980
981
982
983
984
985
986
987
988
989
990
991
992
993
994
995
996
997
998
999
  if (sa->sa_family == AF_INET) {
    struct sockaddr_in *sin=(struct sockaddr_in*)sa;
    if (len != sizeof(struct sockaddr_in)) {
      log_fn(level, LD_NET, "Length of address not as expected: %d vs %d",
             len,(int)sizeof(struct sockaddr_in));
      ok = 0;
    }
    if (sin->sin_addr.s_addr == 0 || sin->sin_port == 0) {
      log_fn(level, LD_NET,
             "Address for new connection has address/port equal to zero.");
      ok = 0;
    }
  } else if (sa->sa_family == AF_INET6) {
    struct sockaddr_in6 *sin6=(struct sockaddr_in6*)sa;
    if (len != sizeof(struct sockaddr_in6)) {
      log_fn(level, LD_NET, "Length of address not as expected: %d vs %d",
             len,(int)sizeof(struct sockaddr_in6));
      ok = 0;
    }
    if (tor_mem_is_zero((void*)sin6->sin6_addr.s6_addr, 16) ||
        sin6->sin6_port == 0) {
      log_fn(level, LD_NET,
             "Address for new connection has address/port equal to zero.");
      ok = 0;
    }
  } else {
1000
    ok = 0;
For faster browsing, not all history is shown. View entire blame