or.h 216 KB
Newer Older
Roger Dingledine's avatar
Roger Dingledine committed
1
2
/* Copyright (c) 2001 Matej Pfajfar.
 * Copyright (c) 2001-2004, Roger Dingledine.
3
 * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson.
Nick Mathewson's avatar
Nick Mathewson committed
4
 * Copyright (c) 2007-2016, The Tor Project, Inc. */
5
/* See LICENSE for licensing information */
Roger Dingledine's avatar
Roger Dingledine committed
6

Nick Mathewson's avatar
Nick Mathewson committed
7
8
9
/**
 * \file or.h
 * \brief Master header file for Tor-specific functionality.
10
 **/
Nick Mathewson's avatar
Nick Mathewson committed
11

12
13
#ifndef TOR_OR_H
#define TOR_OR_H
Roger Dingledine's avatar
Roger Dingledine committed
14

Nick Mathewson's avatar
Nick Mathewson committed
15
#include "orconfig.h"
16

17
#ifdef HAVE_UNISTD_H
Roger Dingledine's avatar
Roger Dingledine committed
18
#include <unistd.h>
19
20
#endif
#ifdef HAVE_SIGNAL_H
Roger Dingledine's avatar
Roger Dingledine committed
21
#include <signal.h>
22
23
#endif
#ifdef HAVE_NETDB_H
Roger Dingledine's avatar
Roger Dingledine committed
24
#include <netdb.h>
25
#endif
26
27
28
#ifdef HAVE_SYS_PARAM_H
#include <sys/param.h> /* FreeBSD needs this to know what version it is */
#endif
29
#include "torint.h"
30
#ifdef HAVE_SYS_FCNTL_H
Roger Dingledine's avatar
Roger Dingledine committed
31
#include <sys/fcntl.h>
32
33
34
35
36
#endif
#ifdef HAVE_FCNTL_H
#include <fcntl.h>
#endif
#ifdef HAVE_SYS_IOCTL_H
Roger Dingledine's avatar
Roger Dingledine committed
37
#include <sys/ioctl.h>
38
#endif
39
40
41
#ifdef HAVE_SYS_UN_H
#include <sys/un.h>
#endif
42
#ifdef HAVE_SYS_STAT_H
43
#include <sys/stat.h>
44
#endif
45
46
47
#ifdef HAVE_NETINET_IN_H
#include <netinet/in.h>
#endif
48
#ifdef HAVE_ARPA_INET_H
Roger Dingledine's avatar
Roger Dingledine committed
49
#include <arpa/inet.h>
50
51
#endif
#ifdef HAVE_ERRNO_H
Roger Dingledine's avatar
Roger Dingledine committed
52
#include <errno.h>
53
54
#endif
#ifdef HAVE_ASSERT_H
Roger Dingledine's avatar
Roger Dingledine committed
55
#include <assert.h>
56
57
#endif
#ifdef HAVE_TIME_H
58
#include <time.h>
59
#endif
60

61
#ifdef _WIN32
62
#include <winsock2.h>
63
#include <io.h>
Roger Dingledine's avatar
Roger Dingledine committed
64
#include <process.h>
65
#include <direct.h>
66
67
68
#include <windows.h>
#endif

69
70
71
#ifdef USE_BUFFEREVENTS
#include <event2/bufferevent.h>
#include <event2/buffer.h>
Nick Mathewson's avatar
Nick Mathewson committed
72
#include <event2/util.h>
73
74
75
#endif

#include "crypto.h"
76
#include "crypto_format.h"
77
#include "tortls.h"
78
#include "torlog.h"
79
80
#include "container.h"
#include "torgzip.h"
81
#include "address.h"
82
#include "compat_libevent.h"
83
#include "ht.h"
84
#include "replaycache.h"
85
#include "crypto_curve25519.h"
86
#include "crypto_ed25519.h"
87
#include "tor_queue.h"
88
#include "util_format.h"
89

90
/* These signals are defined to help handle_control_signal work.
Nick Mathewson's avatar
Nick Mathewson committed
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
 */
#ifndef SIGHUP
#define SIGHUP 1
#endif
#ifndef SIGINT
#define SIGINT 2
#endif
#ifndef SIGUSR1
#define SIGUSR1 10
#endif
#ifndef SIGUSR2
#define SIGUSR2 12
#endif
#ifndef SIGTERM
#define SIGTERM 15
#endif
107
108
109
/* Controller signals start at a high number so we don't
 * conflict with system-defined signals. */
#define SIGNEWNYM 129
110
#define SIGCLEARDNSCACHE 130
111
#define SIGHEARTBEAT 131
Nick Mathewson's avatar
Nick Mathewson committed
112

113
114
115
116
117
118
#if (SIZEOF_CELL_T != 0)
/* On Irix, stdlib.h defines a cell_t type, so we need to make sure
 * that our stuff always calls cell_t something different. */
#define cell_t tor_cell_t
#endif

119
120
121
122
#ifdef ENABLE_TOR2WEB_MODE
#define NON_ANONYMOUS_MODE_ENABLED 1
#endif

123
/** Length of longest allowable configured nickname. */
124
#define MAX_NICKNAME_LEN 19
125
126
/** Length of a router identity encoded as a hexadecimal digest, plus
 * possible dollar sign. */
127
#define MAX_HEX_NICKNAME_LEN (HEX_DIGEST_LEN+1)
Roger Dingledine's avatar
Roger Dingledine committed
128
129
/** Maximum length of verbose router identifier: dollar sign, hex ID digest,
 * equal sign or tilde, nickname. */
130
131
#define MAX_VERBOSE_NICKNAME_LEN (1+HEX_DIGEST_LEN+1+MAX_NICKNAME_LEN)

132
/** Maximum size, in bytes, for resized buffers. */
133
#define MAX_BUF_SIZE ((1<<24)-1) /* 16MB-1 */
Roger Dingledine's avatar
Roger Dingledine committed
134
/** Maximum size, in bytes, for any directory object that we've downloaded. */
135
#define MAX_DIR_DL_SIZE MAX_BUF_SIZE
Roger Dingledine's avatar
Roger Dingledine committed
136

Nick Mathewson's avatar
Nick Mathewson committed
137
/** For HTTP parsing: Maximum number of bytes we'll accept in the headers
Roger Dingledine's avatar
Roger Dingledine committed
138
 * of an HTTP request or response. */
139
#define MAX_HEADERS_SIZE 50000
140
141
/** Maximum size, in bytes, for any directory object that we're accepting
 * as an upload. */
142
#define MAX_DIR_UL_SIZE MAX_BUF_SIZE
143

144
145
146
147
148
149
150
151
/** Maximum size, in bytes, of a single router descriptor uploaded to us
 * as a directory authority. Caches and clients fetch whatever descriptors
 * the authorities tell them to fetch, and don't care about size. */
#define MAX_DESCRIPTOR_UPLOAD_SIZE 20000

/** Maximum size of a single extrainfo document, as above. */
#define MAX_EXTRAINFO_UPLOAD_SIZE 50000

152
153
/** How long do we keep DNS cache entries before purging them (regardless of
 * their TTL)? */
154
#define MAX_DNS_ENTRY_AGE (30*60)
155
156
/** How long do we cache/tell clients to cache DNS records when no TTL is
 * known? */
157
158
159
#define DEFAULT_DNS_TTL (30*60)
/** How long can a TTL be before we stop believing it? */
#define MAX_DNS_TTL (3*60*60)
160
161
/** How small can a TTL be before we stop believing it?  Provides rudimentary
 * pinning. */
162
#define MIN_DNS_TTL 60
163

Nick Mathewson's avatar
Nick Mathewson committed
164
/** How often do we rotate onion keys? */
165
#define MIN_ONION_KEY_LIFETIME (7*24*60*60)
Nick Mathewson's avatar
Nick Mathewson committed
166
/** How often do we rotate TLS contexts? */
167
#define MAX_SSL_KEY_LIFETIME_INTERNAL (2*60*60)
168

Roger Dingledine's avatar
Roger Dingledine committed
169
170
/** How old do we allow a router to get before removing it
 * from the router list? In seconds. */
171
172
173
#define ROUTER_MAX_AGE (60*60*48)
/** How old can a router get before we (as a server) will no longer
 * consider it live? In seconds. */
174
#define ROUTER_MAX_AGE_TO_PUBLISH (60*60*24)
175
176
/** How old do we let a saved descriptor get before force-removing it? */
#define OLD_ROUTER_DESC_MAX_AGE (60*60*24*5)
177

178
/** Possible rules for generating circuit IDs on an OR connection. */
179
typedef enum {
180
  CIRC_ID_TYPE_LOWER=0, /**< Pick from 0..1<<15-1. */
Roger Dingledine's avatar
Roger Dingledine committed
181
  CIRC_ID_TYPE_HIGHER=1, /**< Pick from 1<<15..1<<16-1. */
182
183
  /** The other side of a connection is an OP: never create circuits to it,
   * and let it use any circuit ID it wants. */
184
  CIRC_ID_TYPE_NEITHER=2
185
} circ_id_type_t;
Nick Mathewson's avatar
Nick Mathewson committed
186
#define circ_id_type_bitfield_t ENUM_BF(circ_id_type_t)
187

188
#define CONN_TYPE_MIN_ 3
Nick Mathewson's avatar
Nick Mathewson committed
189
/** Type for sockets listening for OR connections. */
Roger Dingledine's avatar
Roger Dingledine committed
190
#define CONN_TYPE_OR_LISTENER 3
191
192
/** A bidirectional TLS connection transmitting a sequence of cells.
 * May be from an OR to an OR, or from an OP to an OR. */
Roger Dingledine's avatar
Roger Dingledine committed
193
#define CONN_TYPE_OR 4
194
/** A TCP connection from an onion router to a stream's destination. */
195
#define CONN_TYPE_EXIT 5
196
/** Type for sockets listening for SOCKS connections. */
197
#define CONN_TYPE_AP_LISTENER 6
198
199
/** A SOCKS proxy connection from the user application to the onion
 * proxy. */
200
#define CONN_TYPE_AP 7
201
/** Type for sockets listening for HTTP connections to the directory server. */
202
#define CONN_TYPE_DIR_LISTENER 8
203
/** Type for HTTP connections to the directory server. */
204
#define CONN_TYPE_DIR 9
205
/* Type 10 is unused. */
Roger Dingledine's avatar
Roger Dingledine committed
206
/** Type for listening for connections from user interface process. */
207
#define CONN_TYPE_CONTROL_LISTENER 11
Roger Dingledine's avatar
Roger Dingledine committed
208
/** Type for connections from user interface process. */
209
#define CONN_TYPE_CONTROL 12
210
211
/** Type for sockets listening for transparent connections redirected by pf or
 * netfilter. */
212
#define CONN_TYPE_AP_TRANS_LISTENER 13
213
214
/** Type for sockets listening for transparent connections redirected by
 * natd. */
215
#define CONN_TYPE_AP_NATD_LISTENER 14
216
217
/** Type for sockets listening for DNS requests. */
#define CONN_TYPE_AP_DNS_LISTENER 15
218

219
/** Type for connections from the Extended ORPort. */
220
#define CONN_TYPE_EXT_OR 16
221
/** Type for sockets listening for Extended ORPort connections. */
222
223
224
225
#define CONN_TYPE_EXT_OR_LISTENER 17

#define CONN_TYPE_MAX_ 17
/* !!!! If _CONN_TYPE_MAX is ever over 31, we must grow the type field in
226
 * connection_t. */
Roger Dingledine's avatar
Roger Dingledine committed
227

228
229
230
231
232
/* Proxy client types */
#define PROXY_NONE 0
#define PROXY_CONNECT 1
#define PROXY_SOCKS4 2
#define PROXY_SOCKS5 3
teor's avatar
teor committed
233
/* !!!! If there is ever a PROXY_* type over 3, we must grow the proxy_type
234
 * field in or_connection_t */
235
236
237

/* Pluggable transport proxy type. Don't use this in or_connection_t,
 * instead use the actual underlying proxy type (see above).  */
238
#define PROXY_PLUGGABLE 4
239
240

/* Proxy client handshake states */
241
/* We use a proxy but we haven't even connected to it yet. */
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
#define PROXY_INFANT 1
/* We use an HTTP proxy and we've sent the CONNECT command. */
#define PROXY_HTTPS_WANT_CONNECT_OK 2
/* We use a SOCKS4 proxy and we've sent the CONNECT command. */
#define PROXY_SOCKS4_WANT_CONNECT_OK 3
/* We use a SOCKS5 proxy and we try to negotiate without
   any authentication . */
#define PROXY_SOCKS5_WANT_AUTH_METHOD_NONE 4
/* We use a SOCKS5 proxy and we try to negotiate with
   Username/Password authentication . */
#define PROXY_SOCKS5_WANT_AUTH_METHOD_RFC1929 5
/* We use a SOCKS5 proxy and we just sent our credentials. */
#define PROXY_SOCKS5_WANT_AUTH_RFC1929_OK 6
/* We use a SOCKS5 proxy and we just sent our CONNECT command. */
#define PROXY_SOCKS5_WANT_CONNECT_OK 7
/* We use a proxy and we CONNECTed successfully!. */
#define PROXY_CONNECTED 8
259

260
/** True iff <b>x</b> is an edge connection. */
261
262
#define CONN_IS_EDGE(x) \
  ((x)->type == CONN_TYPE_EXIT || (x)->type == CONN_TYPE_AP)
263

264
/** State for any listener connection. */
Roger Dingledine's avatar
Roger Dingledine committed
265
266
#define LISTENER_STATE_READY 0

267
#define OR_CONN_STATE_MIN_ 1
268
/** State for a connection to an OR: waiting for connect() to finish. */
Nick Mathewson's avatar
Nick Mathewson committed
269
#define OR_CONN_STATE_CONNECTING 1
270
271
/** State for a connection to an OR: waiting for proxy handshake to complete */
#define OR_CONN_STATE_PROXY_HANDSHAKING 2
272
/** State for an OR connection client: SSL is handshaking, not done
273
 * yet. */
274
#define OR_CONN_STATE_TLS_HANDSHAKING 3
275
/** State for a connection to an OR: We're doing a second SSL handshake for
276
 * renegotiation purposes. (V2 handshake only.) */
277
#define OR_CONN_STATE_TLS_CLIENT_RENEGOTIATING 4
278
/** State for a connection at an OR: We're waiting for the client to
279
280
 * renegotiate (to indicate a v2 handshake) or send a versions cell (to
 * indicate a v3 handshake) */
281
#define OR_CONN_STATE_TLS_SERVER_RENEGOTIATING 5
282
283
284
285
286
287
288
289
/** State for an OR connection: We're done with our SSL handshake, we've done
 * renegotiation, but we haven't yet negotiated link protocol versions and
 * sent a netinfo cell. */
#define OR_CONN_STATE_OR_HANDSHAKING_V2 6
/** State for an OR connection: We're done with our SSL handshake, but we
 * haven't yet negotiated link protocol versions, done a V3 handshake, and
 * sent a netinfo cell. */
#define OR_CONN_STATE_OR_HANDSHAKING_V3 7
290
/** State for an OR connection: Ready to send/receive cells. */
291
#define OR_CONN_STATE_OPEN 8
292
#define OR_CONN_STATE_MAX_ 8
293

294
295
/** States of the Extended ORPort protocol. Be careful before changing
 *  the numbers: they matter. */
296
#define EXT_OR_CONN_STATE_MIN_ 1
297
298
299
300
301
302
303
304
305
306
307
/** Extended ORPort authentication is waiting for the authentication
 *  type selected by the client. */
#define EXT_OR_CONN_STATE_AUTH_WAIT_AUTH_TYPE 1
/** Extended ORPort authentication is waiting for the client nonce. */
#define EXT_OR_CONN_STATE_AUTH_WAIT_CLIENT_NONCE 2
/** Extended ORPort authentication is waiting for the client hash. */
#define EXT_OR_CONN_STATE_AUTH_WAIT_CLIENT_HASH 3
#define EXT_OR_CONN_STATE_AUTH_MAX 3
/** Authentication finished and the Extended ORPort is now accepting
 *  traffic. */
#define EXT_OR_CONN_STATE_OPEN 4
308
309
/** Extended ORPort is flushing its last messages and preparing to
 *  start accepting OR connections. */
310
311
#define EXT_OR_CONN_STATE_FLUSHING 5
#define EXT_OR_CONN_STATE_MAX_ 5
312

313
#define EXIT_CONN_STATE_MIN_ 1
Nick Mathewson's avatar
Nick Mathewson committed
314
/** State for an exit connection: waiting for response from DNS farm. */
Nick Mathewson's avatar
Nick Mathewson committed
315
#define EXIT_CONN_STATE_RESOLVING 1
316
/** State for an exit connection: waiting for connect() to finish. */
Nick Mathewson's avatar
Nick Mathewson committed
317
#define EXIT_CONN_STATE_CONNECTING 2
318
/** State for an exit connection: open and ready to transmit data. */
319
#define EXIT_CONN_STATE_OPEN 3
320
/** State for an exit connection: waiting to be removed. */
Nick Mathewson's avatar
Nick Mathewson committed
321
#define EXIT_CONN_STATE_RESOLVEFAILED 4
322
#define EXIT_CONN_STATE_MAX_ 4
Roger Dingledine's avatar
Roger Dingledine committed
323

Roger Dingledine's avatar
Roger Dingledine committed
324
/* The AP state values must be disjoint from the EXIT state values. */
325
#define AP_CONN_STATE_MIN_ 5
326
/** State for a SOCKS connection: waiting for SOCKS request. */
327
#define AP_CONN_STATE_SOCKS_WAIT 5
Nick Mathewson's avatar
Nick Mathewson committed
328
/** State for a SOCKS connection: got a y.onion URL; waiting to receive
Roger Dingledine's avatar
Roger Dingledine committed
329
 * rendezvous descriptor. */
330
#define AP_CONN_STATE_RENDDESC_WAIT 6
331
332
333
/** The controller will attach this connection to a circuit; it isn't our
 * job to do so. */
#define AP_CONN_STATE_CONTROLLER_WAIT 7
334
/** State for a SOCKS connection: waiting for a completed circuit. */
335
#define AP_CONN_STATE_CIRCUIT_WAIT 8
336
/** State for a SOCKS connection: sent BEGIN, waiting for CONNECTED. */
337
#define AP_CONN_STATE_CONNECT_WAIT 9
338
/** State for a SOCKS connection: sent RESOLVE, waiting for RESOLVED. */
339
#define AP_CONN_STATE_RESOLVE_WAIT 10
340
/** State for a SOCKS connection: ready to send and receive. */
341
#define AP_CONN_STATE_OPEN 11
342
343
344
/** State for a transparent natd connection: waiting for original
 * destination. */
#define AP_CONN_STATE_NATD_WAIT 12
345
#define AP_CONN_STATE_MAX_ 12
346

347
348
/** True iff the AP_CONN_STATE_* value <b>s</b> means that the corresponding
 * edge connection is not attached to any circuit. */
349
350
351
#define AP_CONN_STATE_IS_UNATTACHED(s) \
  ((s) <= AP_CONN_STATE_CIRCUIT_WAIT || (s) == AP_CONN_STATE_NATD_WAIT)

352
#define DIR_CONN_STATE_MIN_ 1
353
/** State for connection to directory server: waiting for connect(). */
Roger Dingledine's avatar
Roger Dingledine committed
354
#define DIR_CONN_STATE_CONNECTING 1
355
/** State for connection to directory server: sending HTTP request. */
Roger Dingledine's avatar
Roger Dingledine committed
356
#define DIR_CONN_STATE_CLIENT_SENDING 2
357
/** State for connection to directory server: reading HTTP response. */
Roger Dingledine's avatar
Roger Dingledine committed
358
#define DIR_CONN_STATE_CLIENT_READING 3
359
360
/** State for connection to directory server: happy and finished. */
#define DIR_CONN_STATE_CLIENT_FINISHED 4
361
/** State for connection at directory server: waiting for HTTP request. */
362
#define DIR_CONN_STATE_SERVER_COMMAND_WAIT 5
363
/** State for connection at directory server: sending HTTP response. */
364
#define DIR_CONN_STATE_SERVER_WRITING 6
365
#define DIR_CONN_STATE_MAX_ 6
Roger Dingledine's avatar
Roger Dingledine committed
366

367
368
/** True iff the purpose of <b>conn</b> means that it's a server-side
 * directory connection. */
369
370
#define DIR_CONN_IS_SERVER(conn) ((conn)->purpose == DIR_PURPOSE_SERVER)

371
#define CONTROL_CONN_STATE_MIN_ 1
372
/** State for a control connection: Authenticated and accepting v1 commands. */
373
#define CONTROL_CONN_STATE_OPEN 1
374
375
/** State for a control connection: Waiting for authentication; speaking
 * protocol v1. */
376
#define CONTROL_CONN_STATE_NEEDAUTH 2
377
#define CONTROL_CONN_STATE_MAX_ 2
378

379
380
#define DIR_PURPOSE_MIN_ 4
/** A connection to a directory server: set after a v2 rendezvous
Nick Mathewson's avatar
Nick Mathewson committed
381
 * descriptor is downloaded. */
382
#define DIR_PURPOSE_HAS_FETCHED_RENDDESC_V2 4
383
/** A connection to a directory server: download one or more server
384
385
 * descriptors. */
#define DIR_PURPOSE_FETCH_SERVERDESC 6
386
387
388
/** A connection to a directory server: download one or more extra-info
 * documents. */
#define DIR_PURPOSE_FETCH_EXTRAINFO 7
389
/** A connection to a directory server: upload a server descriptor. */
390
#define DIR_PURPOSE_UPLOAD_DIR 8
391
392
/** A connection to a directory server: upload a v3 networkstatus vote. */
#define DIR_PURPOSE_UPLOAD_VOTE 10
393
/** A connection to a directory server: upload a v3 consensus signature */
394
#define DIR_PURPOSE_UPLOAD_SIGNATURES 11
395
396
/** A connection to a directory server: download one or more v3 networkstatus
 * votes. */
397
#define DIR_PURPOSE_FETCH_STATUS_VOTE 12
398
399
/** A connection to a directory server: download a v3 detached signatures
 * object for a consensus. */
400
#define DIR_PURPOSE_FETCH_DETACHED_SIGNATURES 13
401
/** A connection to a directory server: download a v3 networkstatus
402
 * consensus. */
403
#define DIR_PURPOSE_FETCH_CONSENSUS 14
404
405
/** A connection to a directory server: download one or more directory
 * authority certificates. */
406
#define DIR_PURPOSE_FETCH_CERTIFICATE 15
407

Nick Mathewson's avatar
Nick Mathewson committed
408
/** Purpose for connection at a directory server. */
409
#define DIR_PURPOSE_SERVER 16
410
411
412
413
414
415
/** A connection to a hidden service directory server: upload a v2 rendezvous
 * descriptor. */
#define DIR_PURPOSE_UPLOAD_RENDDESC_V2 17
/** A connection to a hidden service directory server: download a v2 rendezvous
 * descriptor. */
#define DIR_PURPOSE_FETCH_RENDDESC_V2 18
416
417
/** A connection to a directory server: download a microdescriptor. */
#define DIR_PURPOSE_FETCH_MICRODESC 19
418
#define DIR_PURPOSE_MAX_ 19
419

420
421
/** True iff <b>p</b> is a purpose corresponding to uploading data to a
 * directory server. */
422
423
424
425
426
#define DIR_PURPOSE_IS_UPLOAD(p)                \
  ((p)==DIR_PURPOSE_UPLOAD_DIR ||               \
   (p)==DIR_PURPOSE_UPLOAD_VOTE ||              \
   (p)==DIR_PURPOSE_UPLOAD_SIGNATURES)

427
#define EXIT_PURPOSE_MIN_ 1
428
/** This exit stream wants to do an ordinary connect. */
429
#define EXIT_PURPOSE_CONNECT 1
430
/** This exit stream wants to do a resolve (either normal or reverse). */
431
#define EXIT_PURPOSE_RESOLVE 2
432
#define EXIT_PURPOSE_MAX_ 2
433

434
/* !!!! If any connection purpose is ever over 31, we must grow the type
435
436
 * field in connection_t. */

437
/** Circuit state: I'm the origin, still haven't done all my handshakes. */
Nick Mathewson's avatar
Nick Mathewson committed
438
#define CIRCUIT_STATE_BUILDING 0
439
/** Circuit state: Waiting to process the onionskin. */
Nick Mathewson's avatar
Nick Mathewson committed
440
#define CIRCUIT_STATE_ONIONSKIN_PENDING 1
441
/** Circuit state: I'd like to deliver a create, but my n_chan is still
442
 * connecting. */
443
#define CIRCUIT_STATE_CHAN_WAIT 2
444
/** Circuit state: onionskin(s) processed, ready to send/receive cells. */
Nick Mathewson's avatar
Nick Mathewson committed
445
#define CIRCUIT_STATE_OPEN 3
Roger Dingledine's avatar
Roger Dingledine committed
446

447
#define CIRCUIT_PURPOSE_MIN_ 1
448

449
/* these circuits were initiated elsewhere */
450
#define CIRCUIT_PURPOSE_OR_MIN_ 1
Nick Mathewson's avatar
Nick Mathewson committed
451
452
/** OR-side circuit purpose: normal circuit, at OR. */
#define CIRCUIT_PURPOSE_OR 1
453
454
/** OR-side circuit purpose: At OR, from the service, waiting for intro from
 * clients. */
Nick Mathewson's avatar
Nick Mathewson committed
455
#define CIRCUIT_PURPOSE_INTRO_POINT 2
456
457
/** OR-side circuit purpose: At OR, from the client, waiting for the service.
 */
Nick Mathewson's avatar
Nick Mathewson committed
458
#define CIRCUIT_PURPOSE_REND_POINT_WAITING 3
459
/** OR-side circuit purpose: At OR, both circuits have this purpose. */
Nick Mathewson's avatar
Nick Mathewson committed
460
#define CIRCUIT_PURPOSE_REND_ESTABLISHED 4
461
#define CIRCUIT_PURPOSE_OR_MAX_ 4
462

463
/* these circuits originate at this node */
464
465
466
467

/* here's how circ client-side purposes work:
 *   normal circuits are C_GENERAL.
 *   circuits that are c_introducing are either on their way to
468
469
470
471
 *     becoming open, or they are open and waiting for a
 *     suitable rendcirc before they send the intro.
 *   circuits that are c_introduce_ack_wait have sent the intro,
 *     but haven't gotten a response yet.
472
473
474
 *   circuits that are c_establish_rend are either on their way
 *     to becoming open, or they are open and have sent the
 *     establish_rendezvous cell but haven't received an ack.
475
 *   circuits that are c_rend_ready are open and have received a
476
 *     rend ack, but haven't heard from the service yet. if they have a
477
 *     buildstate->pending_final_cpath then they're expecting a
478
 *     cell from the service, else they're not.
479
480
 *   circuits that are c_rend_ready_intro_acked are open, and
 *     some intro circ has sent its intro and received an ack.
481
 *   circuits that are c_rend_joined are open, have heard from
482
 *     the service, and are talking to it.
483
 */
Nick Mathewson's avatar
Nick Mathewson committed
484
485
/** Client-side circuit purpose: Normal circuit, with cpath. */
#define CIRCUIT_PURPOSE_C_GENERAL 5
486
/** Client-side circuit purpose: at the client, connecting to intro point. */
Nick Mathewson's avatar
Nick Mathewson committed
487
#define CIRCUIT_PURPOSE_C_INTRODUCING 6
488
/** Client-side circuit purpose: at the client, sent INTRODUCE1 to intro point,
489
 * waiting for ACK/NAK. */
Nick Mathewson's avatar
Nick Mathewson committed
490
#define CIRCUIT_PURPOSE_C_INTRODUCE_ACK_WAIT 7
491
492
/** Client-side circuit purpose: at the client, introduced and acked, closing.
 */
Nick Mathewson's avatar
Nick Mathewson committed
493
#define CIRCUIT_PURPOSE_C_INTRODUCE_ACKED 8
494
/** Client-side circuit purpose: at the client, waiting for ack. */
Nick Mathewson's avatar
Nick Mathewson committed
495
#define CIRCUIT_PURPOSE_C_ESTABLISH_REND 9
496
/** Client-side circuit purpose: at the client, waiting for the service. */
Nick Mathewson's avatar
Nick Mathewson committed
497
#define CIRCUIT_PURPOSE_C_REND_READY 10
498
499
/** Client-side circuit purpose: at the client, waiting for the service,
 * INTRODUCE has been acknowledged. */
Nick Mathewson's avatar
Nick Mathewson committed
500
#define CIRCUIT_PURPOSE_C_REND_READY_INTRO_ACKED 11
501
/** Client-side circuit purpose: at the client, rendezvous established. */
Nick Mathewson's avatar
Nick Mathewson committed
502
#define CIRCUIT_PURPOSE_C_REND_JOINED 12
503
504
/** This circuit is used for build time measurement only */
#define CIRCUIT_PURPOSE_C_MEASURE_TIMEOUT 13
505
#define CIRCUIT_PURPOSE_C_MAX_ 13
506
507
/** Hidden-service-side circuit purpose: at the service, waiting for
 * introductions. */
508
#define CIRCUIT_PURPOSE_S_ESTABLISH_INTRO 14
509
510
/** Hidden-service-side circuit purpose: at the service, successfully
 * established intro. */
511
#define CIRCUIT_PURPOSE_S_INTRO 15
512
513
/** Hidden-service-side circuit purpose: at the service, connecting to rend
 * point. */
514
#define CIRCUIT_PURPOSE_S_CONNECT_REND 16
515
516
/** Hidden-service-side circuit purpose: at the service, rendezvous
 * established. */
517
#define CIRCUIT_PURPOSE_S_REND_JOINED 17
518
/** A testing circuit; not meant to be used for actual traffic. */
519
#define CIRCUIT_PURPOSE_TESTING 18
520
/** A controller made this circuit and Tor should not use it. */
521
#define CIRCUIT_PURPOSE_CONTROLLER 19
522
523
524
/** This circuit is used for path bias probing only */
#define CIRCUIT_PURPOSE_PATH_BIAS_TESTING 20
#define CIRCUIT_PURPOSE_MAX_ 20
525
526
527
/** A catch-all for unrecognized purposes. Currently we don't expect
 * to make or see any circuits with this purpose. */
#define CIRCUIT_PURPOSE_UNKNOWN 255
528

529
530
/** True iff the circuit purpose <b>p</b> is for a circuit that
 * originated at this node. */
531
#define CIRCUIT_PURPOSE_IS_ORIGIN(p) ((p)>CIRCUIT_PURPOSE_OR_MAX_)
532
533
/** True iff the circuit purpose <b>p</b> is for a circuit that originated
 * here to serve as a client.  (Hidden services don't count here.) */
534
#define CIRCUIT_PURPOSE_IS_CLIENT(p)  \
535
536
  ((p)> CIRCUIT_PURPOSE_OR_MAX_ &&    \
   (p)<=CIRCUIT_PURPOSE_C_MAX_)
537
/** True iff the circuit_t <b>c</b> is actually an origin_circuit_t. */
538
#define CIRCUIT_IS_ORIGIN(c) (CIRCUIT_PURPOSE_IS_ORIGIN((c)->purpose))
539
540
541
542
543
/** True iff the circuit purpose <b>p</b> is for an established rendezvous
 * circuit. */
#define CIRCUIT_PURPOSE_IS_ESTABLISHED_REND(p) \
  ((p) == CIRCUIT_PURPOSE_C_REND_JOINED ||     \
   (p) == CIRCUIT_PURPOSE_S_REND_JOINED)
544
545
/** True iff the circuit_t c is actually an or_circuit_t */
#define CIRCUIT_IS_ORCIRC(c) (((circuit_t *)(c))->magic == OR_CIRCUIT_MAGIC)
546

547
548
549
550
/** How many circuits do we want simultaneously in-progress to handle
 * a given stream? */
#define MIN_CIRCUITS_HANDLING_STREAM 2

551
552
/* These RELAY_COMMAND constants define values for relay cell commands, and
* must match those defined in tor-spec.txt. */
553
554
555
556
557
#define RELAY_COMMAND_BEGIN 1
#define RELAY_COMMAND_DATA 2
#define RELAY_COMMAND_END 3
#define RELAY_COMMAND_CONNECTED 4
#define RELAY_COMMAND_SENDME 5
558
559
#define RELAY_COMMAND_EXTEND 6
#define RELAY_COMMAND_EXTENDED 7
560
561
#define RELAY_COMMAND_TRUNCATE 8
#define RELAY_COMMAND_TRUNCATED 9
562
#define RELAY_COMMAND_DROP 10
563
564
#define RELAY_COMMAND_RESOLVE 11
#define RELAY_COMMAND_RESOLVED 12
565
#define RELAY_COMMAND_BEGIN_DIR 13
566
567
#define RELAY_COMMAND_EXTEND2 14
#define RELAY_COMMAND_EXTENDED2 15
568

569
570
571
572
#define RELAY_COMMAND_ESTABLISH_INTRO 32
#define RELAY_COMMAND_ESTABLISH_RENDEZVOUS 33
#define RELAY_COMMAND_INTRODUCE1 34
#define RELAY_COMMAND_INTRODUCE2 35
573
574
575
576
577
#define RELAY_COMMAND_RENDEZVOUS1 36
#define RELAY_COMMAND_RENDEZVOUS2 37
#define RELAY_COMMAND_INTRO_ESTABLISHED 38
#define RELAY_COMMAND_RENDEZVOUS_ESTABLISHED 39
#define RELAY_COMMAND_INTRODUCE_ACK 40
578

579
/* Reasons why an OR connection is closed. */
580
581
582
583
584
585
586
587
#define END_OR_CONN_REASON_DONE           1
#define END_OR_CONN_REASON_REFUSED        2 /* connection refused */
#define END_OR_CONN_REASON_OR_IDENTITY    3
#define END_OR_CONN_REASON_CONNRESET      4 /* connection reset by peer */
#define END_OR_CONN_REASON_TIMEOUT        5
#define END_OR_CONN_REASON_NO_ROUTE       6 /* no route to host/net */
#define END_OR_CONN_REASON_IO_ERROR       7 /* read/write error */
#define END_OR_CONN_REASON_RESOURCE_LIMIT 8 /* sockets, buffers, etc */
588
589
#define END_OR_CONN_REASON_PT_MISSING     9 /* PT failed or not available */
#define END_OR_CONN_REASON_MISC           10
590

591
/* Reasons why we (or a remote OR) might close a stream. See tor-spec.txt for
592
 * documentation of these.  The values must match. */
593
594
#define END_STREAM_REASON_MISC 1
#define END_STREAM_REASON_RESOLVEFAILED 2
595
#define END_STREAM_REASON_CONNECTREFUSED 3
596
597
598
#define END_STREAM_REASON_EXITPOLICY 4
#define END_STREAM_REASON_DESTROY 5
#define END_STREAM_REASON_DONE 6
599
#define END_STREAM_REASON_TIMEOUT 7
600
#define END_STREAM_REASON_NOROUTE 8
601
602
603
604
#define END_STREAM_REASON_HIBERNATING 9
#define END_STREAM_REASON_INTERNAL 10
#define END_STREAM_REASON_RESOURCELIMIT 11
#define END_STREAM_REASON_CONNRESET 12
605
#define END_STREAM_REASON_TORPROTOCOL 13
606
#define END_STREAM_REASON_NOTDIRECTORY 14
607
#define END_STREAM_REASON_ENTRYPOLICY 15
608

609
610
611
612
/* These high-numbered end reasons are not part of the official spec,
 * and are not intended to be put in relay end cells. They are here
 * to be more informative when sending back socks replies to the
 * application. */
613
/* XXXX 256 is no longer used; feel free to reuse it. */
614
615
/** We were unable to attach the connection to any circuit at all. */
/* XXXX the ways we use this one don't make a lot of sense. */
616
#define END_STREAM_REASON_CANT_ATTACH 257
617
618
/** We can't connect to any directories at all, so we killed our streams
 * before they can time out. */
619
#define END_STREAM_REASON_NET_UNREACHABLE 258
620
621
/** This is a SOCKS connection, and the client used (or misused) the SOCKS
 * protocol in a way we couldn't handle. */
622
#define END_STREAM_REASON_SOCKSPROTOCOL 259
623
624
/** This is a transparent proxy connection, but we can't extract the original
 * target address:port. */
625
#define END_STREAM_REASON_CANT_FETCH_ORIG_DEST 260
626
/** This is a connection on the NATD port, and the destination IP:Port was
Roger Dingledine's avatar
Roger Dingledine committed
627
 * either ill-formed or out-of-range. */
628
#define END_STREAM_REASON_INVALID_NATD_DEST 261
629
630
631
/** The target address is in a private network (like 127.0.0.1 or 10.0.0.1);
 * you don't want to do that over a randomly chosen exit */
#define END_STREAM_REASON_PRIVATE_ADDR 262
632

633
634
635
/** Bitwise-and this value with endreason to mask out all flags. */
#define END_STREAM_REASON_MASK 511

636
637
/** Bitwise-or this with the argument to control_event_stream_status
 * to indicate that the reason came from an END cell. */
638
639
640
641
#define END_STREAM_REASON_FLAG_REMOTE 512
/** Bitwise-or this with the argument to control_event_stream_status
 * to indicate that we already sent a CLOSED stream event. */
#define END_STREAM_REASON_FLAG_ALREADY_SENT_CLOSED 1024
642
643
644
645
/** Bitwise-or this with endreason to indicate that we already sent
 * a socks reply, and no further reply needs to be sent from
 * connection_mark_unattached_ap(). */
#define END_STREAM_REASON_FLAG_ALREADY_SOCKS_REPLIED 2048
646

647
648
649
650
651
652
653
/** Reason for remapping an AP connection's address: we have a cached
 * answer. */
#define REMAP_STREAM_SOURCE_CACHE 1
/** Reason for remapping an AP connection's address: the exit node told us an
 * answer. */
#define REMAP_STREAM_SOURCE_EXIT 2

Roger Dingledine's avatar
Roger Dingledine committed
654
/* 'type' values to use in RESOLVED cells.  Specified in tor-spec.txt. */
655
#define RESOLVED_TYPE_HOSTNAME 0
656
657
658
659
660
#define RESOLVED_TYPE_IPV4 4
#define RESOLVED_TYPE_IPV6 6
#define RESOLVED_TYPE_ERROR_TRANSIENT 0xF0
#define RESOLVED_TYPE_ERROR 0xF1

661
662
/* Negative reasons are internal: we never send them in a DESTROY or TRUNCATE
 * call; they only go to the controller for tracking  */
663
664
665
666

/* Closing introduction point that were opened in parallel. */
#define END_CIRC_REASON_IP_NOW_REDUNDANT -4

667
668
669
670
/** Our post-timeout circuit time measurement period expired.
 * We must give up now */
#define END_CIRC_REASON_MEASUREMENT_EXPIRED -3

671
/** We couldn't build a path for this circuit. */
672
#define END_CIRC_REASON_NOPATH          -2
673
/** Catch-all "other" reason for closing origin circuits. */
674
#define END_CIRC_AT_ORIGIN              -1
675

676
677
/* Reasons why we (or a remote OR) might close a circuit. See tor-spec.txt for
 * documentation of these. */
678
#define END_CIRC_REASON_MIN_            0
679
680
681
682
683
684
685
686
#define END_CIRC_REASON_NONE            0
#define END_CIRC_REASON_TORPROTOCOL     1
#define END_CIRC_REASON_INTERNAL        2
#define END_CIRC_REASON_REQUESTED       3
#define END_CIRC_REASON_HIBERNATING     4
#define END_CIRC_REASON_RESOURCELIMIT   5
#define END_CIRC_REASON_CONNECTFAILED   6
#define END_CIRC_REASON_OR_IDENTITY     7
687
#define END_CIRC_REASON_CHANNEL_CLOSED  8
688
689
690
691
#define END_CIRC_REASON_FINISHED        9
#define END_CIRC_REASON_TIMEOUT         10
#define END_CIRC_REASON_DESTROYED       11
#define END_CIRC_REASON_NOSUCHSERVICE   12
692
#define END_CIRC_REASON_MAX_            12
693

Roger Dingledine's avatar
Roger Dingledine committed
694
695
696
/** Bitwise-OR this with the argument to circuit_mark_for_close() or
 * control_event_circuit_status() to indicate that the reason was
 * passed through from a destroy or truncate cell. */
697
698
#define END_CIRC_REASON_FLAG_REMOTE     512

Nick Mathewson's avatar
Nick Mathewson committed
699
/** Length of 'y' portion of 'y.onion' URL. */
700
701
#define REND_SERVICE_ID_LEN_BASE32 16

702
703
704
/** Length of 'y.onion' including '.onion' URL. */
#define REND_SERVICE_ADDRESS_LEN (16+1+5)

705
706
/** Length of a binary-encoded rendezvous service ID. */
#define REND_SERVICE_ID_LEN 10
707

708
709
710
711
712
713
714
715
716
717
718
719
720
721
722
/** Time period for which a v2 descriptor will be valid. */
#define REND_TIME_PERIOD_V2_DESC_VALIDITY (24*60*60)

/** Time period within which two sets of v2 descriptors will be uploaded in
 * parallel. */
#define REND_TIME_PERIOD_OVERLAPPING_V2_DESCS (60*60)

/** Number of non-consecutive replicas (i.e. distributed somewhere
 * in the ring) for a descriptor. */
#define REND_NUMBER_OF_NON_CONSECUTIVE_REPLICAS 2

/** Number of consecutive replicas for a descriptor. */
#define REND_NUMBER_OF_CONSECUTIVE_REPLICAS 3

/** Length of v2 descriptor ID (32 base32 chars = 160 bits). */
723
#define REND_DESC_ID_V2_LEN_BASE32 32
724

725
726
727
728
729
730
731
732
/** Length of the base32-encoded secret ID part of versioned hidden service
 * descriptors. */
#define REND_SECRET_ID_PART_LEN_BASE32 32

/** Length of the base32-encoded hash of an introduction point's
 * identity key. */
#define REND_INTRO_POINT_ID_LEN_BASE32 32

733
734
735
736
737
738
739
740
/** Length of the descriptor cookie that is used for client authorization
 * to hidden services. */
#define REND_DESC_COOKIE_LEN 16

/** Length of the base64-encoded descriptor cookie that is used for
 * exchanging client authorization between hidden service and client. */
#define REND_DESC_COOKIE_LEN_BASE64 22

741
742
743
744
745
746
747
748
749
750
751
752
753
754
755
756
757
/** Length of client identifier in encrypted introduction points for hidden
 * service authorization type 'basic'. */
#define REND_BASIC_AUTH_CLIENT_ID_LEN 4

/** Multiple of the number of clients to which the real number of clients
 * is padded with fake clients for hidden service authorization type
 * 'basic'. */
#define REND_BASIC_AUTH_CLIENT_MULTIPLE 16

/** Length of client entry consisting of client identifier and encrypted
 * session key for hidden service authorization type 'basic'. */
#define REND_BASIC_AUTH_CLIENT_ENTRY_LEN (REND_BASIC_AUTH_CLIENT_ID_LEN \
                                          + CIPHER_KEY_LEN)

/** Maximum size of v2 hidden service descriptors. */
#define REND_DESC_MAX_SIZE (20 * 1024)

758
759
760
761
762
/** Legal characters for use in authorized client names for a hidden
 * service. */
#define REND_LEGAL_CLIENTNAME_CHARACTERS \
  "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789+-_"

Nick Mathewson's avatar
Nick Mathewson committed
763
764
765
/** Maximum length of authorized client names for a hidden service. */
#define REND_CLIENTNAME_MAX_LEN 16

766
767
768
769
770
771
772
773
774
775
776
777
778
/** Length of the rendezvous cookie that is used to connect circuits at the
 * rendezvous point. */
#define REND_COOKIE_LEN DIGEST_LEN

/** Client authorization type that a hidden service performs. */
typedef enum rend_auth_type_t {
  REND_NO_AUTH      = 0,
  REND_BASIC_AUTH   = 1,
  REND_STEALTH_AUTH = 2,
} rend_auth_type_t;

/** Client-side configuration of authorization for a hidden service. */
typedef struct rend_service_authorization_t {
779
  uint8_t descriptor_cookie[REND_DESC_COOKIE_LEN];
780
781
782
783
784
785
786
787
788
789
790
  char onion_address[REND_SERVICE_ADDRESS_LEN+1];
  rend_auth_type_t auth_type;
} rend_service_authorization_t;

/** Client- and server-side data that is used for hidden service connection
 * establishment. Not all fields contain data depending on where this struct
 * is used. */
typedef struct rend_data_t {
  /** Onion address (without the .onion part) that a client requests. */
  char onion_address[REND_SERVICE_ID_LEN_BASE32+1];

791
792
793
794
795
  /** Descriptor ID for each replicas computed from the onion address. If
   * the onion address is empty, this array MUST be empty. We keep them so
   * we know when to purge our entry in the last hsdir request table. */
  char descriptor_id[REND_NUMBER_OF_NON_CONSECUTIVE_REPLICAS][DIGEST_LEN];

796
797
798
799
800
801
  /** (Optional) descriptor cookie that is used by a client. */
  char descriptor_cookie[REND_DESC_COOKIE_LEN];

  /** Authorization type for accessing a service used by a client. */
  rend_auth_type_t auth_type;

802
  /** Descriptor ID for a client request. The control port command HSFETCH
803
804
805
   * uses this. It's set if the descriptor query should only use this
   * descriptor ID. */
  char desc_id_fetch[DIGEST_LEN];
806

807
808
809
810
811
  /** Hash of the hidden service's PK used by a service. */
  char rend_pk_digest[DIGEST_LEN];

  /** Rendezvous cookie used by both, client and service. */
  char rend_cookie[REND_COOKIE_LEN];
812
813
814
815

  /** List of HSDir fingerprints on which this request has been sent to.
   * This contains binary identity digest of the directory. */
  smartlist_t *hsdirs_fp;
816
817
818

  /** Number of streams associated with this rendezvous circuit. */
  int nr_streams;
819
820
} rend_data_t;

821
822
823
/** Time interval for tracking replays of DH public keys received in
 * INTRODUCE2 cells.  Used only to avoid launching multiple
 * simultaneous attempts to connect to the same rendezvous point. */
824
#define REND_REPLAY_TIME_INTERVAL (5 * 60)
825

826
827
828
829
830
/** Used to indicate which way a cell is going on a circuit. */
typedef enum {
  CELL_DIRECTION_IN=1, /**< The cell is moving towards the origin. */
  CELL_DIRECTION_OUT=2, /**< The cell is moving away from the origin. */
} cell_direction_t;
831

832
833
/** Initial value for both sides of a circuit transmission window when the
 * circuit is initialized.  Measured in cells. */
834
#define CIRCWINDOW_START 1000
835
836
#define CIRCWINDOW_START_MIN 100
#define CIRCWINDOW_START_MAX 1000
837
/** Amount to increment a circuit window when we get a circuit SENDME. */
838
#define CIRCWINDOW_INCREMENT 100
839
840
/** Initial value on both sides of a stream transmission window when the
 * stream is initialized.  Measured in cells. */
841
#define STREAMWINDOW_START 500
842
/** Amount to increment a stream window when we get a stream SENDME. */
843
#define STREAMWINDOW_INCREMENT 50
844

845
846
/** Maximum number of queued cells on a circuit for which we are the
 * midpoint before we give up and kill it.  This must be >= circwindow
847
848
 * to avoid killing innocent circuits, and >= circwindow*2 to give
 * leaky-pipe a chance of working someday. The ORCIRC_MAX_MIDDLE_KILL_THRESH
849
850
851
 * ratio controls the margin of error between emitting a warning and
 * killing the circuit.
 */
852
#define ORCIRC_MAX_MIDDLE_CELLS (CIRCWINDOW_START_MAX*2)
853
854
855
856
857
/** Ratio of hard (circuit kill) to soft (warning) thresholds for the
 * ORCIRC_MAX_MIDDLE_CELLS tests.
 */
#define ORCIRC_MAX_MIDDLE_KILL_THRESH (1.1f)

858
/* Cell commands.  These values are defined in tor-spec.txt. */
Roger Dingledine's avatar
Roger Dingledine committed
859
860
#define CELL_PADDING 0
#define CELL_CREATE 1
861
862
863
#define CELL_CREATED 2
#define CELL_RELAY 3
#define CELL_DESTROY 4
864
865
#define CELL_CREATE_FAST 5
#define CELL_CREATED_FAST 6
866
867
#define CELL_VERSIONS 7
#define CELL_NETINFO 8
868
#define CELL_RELAY_EARLY 9
869
870
#define CELL_CREATE2 10
#define CELL_CREATED2 11
Roger Dingledine's avatar
Roger Dingledine committed
871

872
#define CELL_VPADDING 128
873
#define CELL_CERTS 129
874
875
#define CELL_AUTH_CHALLENGE 130
#define CELL_AUTHENTICATE 131
876
#define CELL_AUTHORIZE 132
877
#define CELL_COMMAND_MAX_ 132
878

879
/** How long to test reachability before complaining to the user. */
880
#define TIMEOUT_UNTIL_UNREACHABILITY_COMPLAINT (20*60)
881

882
/** Legal characters in a nickname. */
883
884
#define LEGAL_NICKNAME_CHARACTERS \
  "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789"
885

Roger Dingledine's avatar
Roger Dingledine committed
886
887
/** Name to use in client TLS certificates if no nickname is given. Once
 * Tor 0.1.2.x is obsolete, we can remove this. */
888
889
#define DEFAULT_CLIENT_NICKNAME "client"

890
891
892
/** Name chosen by routers that don't configure nicknames */
#define UNNAMED_ROUTER_NICKNAME "Unnamed"

893
/** Number of bytes in a SOCKS4 header. */
894
895
#define SOCKS4_NETWORK_LEN 8

Roger Dingledine's avatar
Roger Dingledine committed
896
897
898
/*
 * Relay payload:
 *         Relay command           [1 byte]
899
900
 *         Recognized              [2 bytes]
 *         Stream ID               [2 bytes]
Roger Dingledine's avatar
Roger Dingledine committed
901
902
 *         Partial SHA-1           [4 bytes]
 *         Length                  [2 bytes]
903
 *         Relay payload           [498 bytes]
Roger Dingledine's avatar
Roger Dingledine committed
904
 */
905

906
/** Number of bytes in a cell, minus cell header. */
Roger Dingledine's avatar
Roger Dingledine committed
907
#define CELL_PAYLOAD_SIZE 509
908
909
910
/** Number of bytes in a cell transmitted over the network, in the longest
 * form */
#define CELL_MAX_NETWORK_SIZE 514
Roger Dingledine's avatar
Roger Dingledine committed
911