or.h 192 KB
Newer Older
Roger Dingledine's avatar
Roger Dingledine committed
1
2
/* Copyright (c) 2001 Matej Pfajfar.
 * Copyright (c) 2001-2004, Roger Dingledine.
3
 * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson.
4
 * Copyright (c) 2007-2013, The Tor Project, Inc. */
5
/* See LICENSE for licensing information */
Roger Dingledine's avatar
Roger Dingledine committed
6

Nick Mathewson's avatar
Nick Mathewson committed
7
8
9
/**
 * \file or.h
 * \brief Master header file for Tor-specific functionality.
10
 **/
Nick Mathewson's avatar
Nick Mathewson committed
11

12
13
#ifndef TOR_OR_H
#define TOR_OR_H
Roger Dingledine's avatar
Roger Dingledine committed
14

Nick Mathewson's avatar
Nick Mathewson committed
15
#include "orconfig.h"
16
17
18
19
20
21
22
23
24

#ifdef __COVERITY__
/* If we're building for a static analysis, turn on all the off-by-default
 * features. */
#ifndef INSTRUMENT_DOWNLOADS
#define INSTRUMENT_DOWNLOADS 1
#endif
#endif

25
#ifdef _WIN32
26
#ifndef _WIN32_WINNT
27
#define _WIN32_WINNT 0x0501
28
#endif
29
30
#define WIN32_LEAN_AND_MEAN
#endif
Nick Mathewson's avatar
Nick Mathewson committed
31

32
#ifdef HAVE_UNISTD_H
Roger Dingledine's avatar
Roger Dingledine committed
33
#include <unistd.h>
34
35
#endif
#ifdef HAVE_SIGNAL_H
Roger Dingledine's avatar
Roger Dingledine committed
36
#include <signal.h>
37
38
#endif
#ifdef HAVE_NETDB_H
Roger Dingledine's avatar
Roger Dingledine committed
39
#include <netdb.h>
40
#endif
41
42
43
#ifdef HAVE_SYS_PARAM_H
#include <sys/param.h> /* FreeBSD needs this to know what version it is */
#endif
44
#include "torint.h"
Roger Dingledine's avatar
Roger Dingledine committed
45
46
47
#ifdef HAVE_SYS_WAIT_H
#include <sys/wait.h>
#endif
48
#ifdef HAVE_SYS_FCNTL_H
Roger Dingledine's avatar
Roger Dingledine committed
49
#include <sys/fcntl.h>
50
51
52
53
54
#endif
#ifdef HAVE_FCNTL_H
#include <fcntl.h>
#endif
#ifdef HAVE_SYS_IOCTL_H
Roger Dingledine's avatar
Roger Dingledine committed
55
#include <sys/ioctl.h>
56
#endif
57
58
59
#ifdef HAVE_SYS_UN_H
#include <sys/un.h>
#endif
60
#ifdef HAVE_SYS_STAT_H
61
#include <sys/stat.h>
62
#endif
63
64
65
#ifdef HAVE_NETINET_IN_H
#include <netinet/in.h>
#endif
66
#ifdef HAVE_ARPA_INET_H
Roger Dingledine's avatar
Roger Dingledine committed
67
#include <arpa/inet.h>
68
69
#endif
#ifdef HAVE_ERRNO_H
Roger Dingledine's avatar
Roger Dingledine committed
70
#include <errno.h>
71
72
#endif
#ifdef HAVE_ASSERT_H
Roger Dingledine's avatar
Roger Dingledine committed
73
#include <assert.h>
74
75
#endif
#ifdef HAVE_TIME_H
76
#include <time.h>
77
#endif
78

79
#ifdef _WIN32
80
#include <io.h>
Roger Dingledine's avatar
Roger Dingledine committed
81
#include <process.h>
82
#include <direct.h>
83
84
85
#include <windows.h>
#endif

86
87
88
#ifdef USE_BUFFEREVENTS
#include <event2/bufferevent.h>
#include <event2/buffer.h>
Nick Mathewson's avatar
Nick Mathewson committed
89
#include <event2/util.h>
90
91
92
#endif

#include "crypto.h"
93
#include "tortls.h"
Nick Mathewson's avatar
Nick Mathewson committed
94
#include "../common/torlog.h"
95
96
#include "container.h"
#include "torgzip.h"
97
#include "address.h"
98
#include "compat_libevent.h"
99
#include "ht.h"
100
#include "replaycache.h"
101
#include "crypto_curve25519.h"
102

103
/* These signals are defined to help handle_control_signal work.
Nick Mathewson's avatar
Nick Mathewson committed
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
 */
#ifndef SIGHUP
#define SIGHUP 1
#endif
#ifndef SIGINT
#define SIGINT 2
#endif
#ifndef SIGUSR1
#define SIGUSR1 10
#endif
#ifndef SIGUSR2
#define SIGUSR2 12
#endif
#ifndef SIGTERM
#define SIGTERM 15
#endif
120
121
122
/* Controller signals start at a high number so we don't
 * conflict with system-defined signals. */
#define SIGNEWNYM 129
123
#define SIGCLEARDNSCACHE 130
Nick Mathewson's avatar
Nick Mathewson committed
124

125
126
127
128
129
130
#if (SIZEOF_CELL_T != 0)
/* On Irix, stdlib.h defines a cell_t type, so we need to make sure
 * that our stuff always calls cell_t something different. */
#define cell_t tor_cell_t
#endif

131
132
133
134
#ifdef ENABLE_TOR2WEB_MODE
#define NON_ANONYMOUS_MODE_ENABLED 1
#endif

135
/** Length of longest allowable configured nickname. */
136
#define MAX_NICKNAME_LEN 19
137
138
/** Length of a router identity encoded as a hexadecimal digest, plus
 * possible dollar sign. */
139
#define MAX_HEX_NICKNAME_LEN (HEX_DIGEST_LEN+1)
Roger Dingledine's avatar
Roger Dingledine committed
140
141
/** Maximum length of verbose router identifier: dollar sign, hex ID digest,
 * equal sign or tilde, nickname. */
142
143
#define MAX_VERBOSE_NICKNAME_LEN (1+HEX_DIGEST_LEN+1+MAX_NICKNAME_LEN)

144
/** Maximum size, in bytes, for resized buffers. */
145
#define MAX_BUF_SIZE ((1<<24)-1) /* 16MB-1 */
Roger Dingledine's avatar
Roger Dingledine committed
146
/** Maximum size, in bytes, for any directory object that we've downloaded. */
147
#define MAX_DIR_DL_SIZE MAX_BUF_SIZE
Roger Dingledine's avatar
Roger Dingledine committed
148

Nick Mathewson's avatar
Nick Mathewson committed
149
/** For HTTP parsing: Maximum number of bytes we'll accept in the headers
Roger Dingledine's avatar
Roger Dingledine committed
150
 * of an HTTP request or response. */
151
#define MAX_HEADERS_SIZE 50000
152
153
/** Maximum size, in bytes, for any directory object that we're accepting
 * as an upload. */
154
#define MAX_DIR_UL_SIZE MAX_BUF_SIZE
155

156
157
158
159
160
161
162
163
/** Maximum size, in bytes, of a single router descriptor uploaded to us
 * as a directory authority. Caches and clients fetch whatever descriptors
 * the authorities tell them to fetch, and don't care about size. */
#define MAX_DESCRIPTOR_UPLOAD_SIZE 20000

/** Maximum size of a single extrainfo document, as above. */
#define MAX_EXTRAINFO_UPLOAD_SIZE 50000

164
165
/** How long do we keep DNS cache entries before purging them (regardless of
 * their TTL)? */
166
#define MAX_DNS_ENTRY_AGE (30*60)
167
168
/** How long do we cache/tell clients to cache DNS records when no TTL is
 * known? */
169
170
171
#define DEFAULT_DNS_TTL (30*60)
/** How long can a TTL be before we stop believing it? */
#define MAX_DNS_TTL (3*60*60)
172
173
/** How small can a TTL be before we stop believing it?  Provides rudimentary
 * pinning. */
174
#define MIN_DNS_TTL 60
175

Nick Mathewson's avatar
Nick Mathewson committed
176
/** How often do we rotate onion keys? */
177
#define MIN_ONION_KEY_LIFETIME (7*24*60*60)
Nick Mathewson's avatar
Nick Mathewson committed
178
/** How often do we rotate TLS contexts? */
179
180
181
#define MAX_SSL_KEY_LIFETIME_INTERNAL (2*60*60)
/** What expiry time shall we place on our SSL certs? */
#define MAX_SSL_KEY_LIFETIME_ADVERTISED (365*24*60*60)
182

Roger Dingledine's avatar
Roger Dingledine committed
183
184
/** How old do we allow a router to get before removing it
 * from the router list? In seconds. */
185
186
187
#define ROUTER_MAX_AGE (60*60*48)
/** How old can a router get before we (as a server) will no longer
 * consider it live? In seconds. */
188
#define ROUTER_MAX_AGE_TO_PUBLISH (60*60*24)
189
190
/** How old do we let a saved descriptor get before force-removing it? */
#define OLD_ROUTER_DESC_MAX_AGE (60*60*24*5)
191

192
/** Possible rules for generating circuit IDs on an OR connection. */
193
typedef enum {
194
  CIRC_ID_TYPE_LOWER=0, /**< Pick from 0..1<<15-1. */
Roger Dingledine's avatar
Roger Dingledine committed
195
  CIRC_ID_TYPE_HIGHER=1, /**< Pick from 1<<15..1<<16-1. */
196
197
  /** The other side of a connection is an OP: never create circuits to it,
   * and let it use any circuit ID it wants. */
198
  CIRC_ID_TYPE_NEITHER=2
199
} circ_id_type_t;
200

201
#define CONN_TYPE_MIN_ 3
Nick Mathewson's avatar
Nick Mathewson committed
202
/** Type for sockets listening for OR connections. */
Roger Dingledine's avatar
Roger Dingledine committed
203
#define CONN_TYPE_OR_LISTENER 3
204
205
/** A bidirectional TLS connection transmitting a sequence of cells.
 * May be from an OR to an OR, or from an OP to an OR. */
Roger Dingledine's avatar
Roger Dingledine committed
206
#define CONN_TYPE_OR 4
207
/** A TCP connection from an onion router to a stream's destination. */
208
#define CONN_TYPE_EXIT 5
209
/** Type for sockets listening for SOCKS connections. */
210
#define CONN_TYPE_AP_LISTENER 6
211
212
/** A SOCKS proxy connection from the user application to the onion
 * proxy. */
213
#define CONN_TYPE_AP 7
214
/** Type for sockets listening for HTTP connections to the directory server. */
215
#define CONN_TYPE_DIR_LISTENER 8
216
/** Type for HTTP connections to the directory server. */
217
#define CONN_TYPE_DIR 9
218
/** Connection from the main process to a CPU worker process. */
219
#define CONN_TYPE_CPUWORKER 10
Roger Dingledine's avatar
Roger Dingledine committed
220
/** Type for listening for connections from user interface process. */
221
#define CONN_TYPE_CONTROL_LISTENER 11
Roger Dingledine's avatar
Roger Dingledine committed
222
/** Type for connections from user interface process. */
223
#define CONN_TYPE_CONTROL 12
224
225
/** Type for sockets listening for transparent connections redirected by pf or
 * netfilter. */
226
#define CONN_TYPE_AP_TRANS_LISTENER 13
227
228
/** Type for sockets listening for transparent connections redirected by
 * natd. */
229
#define CONN_TYPE_AP_NATD_LISTENER 14
230
231
/** Type for sockets listening for DNS requests. */
#define CONN_TYPE_AP_DNS_LISTENER 15
232
233
#define CONN_TYPE_MAX_ 15
/* !!!! If CONN_TYPE_MAX_ is ever over 15, we must grow the type field in
234
 * connection_t. */
Roger Dingledine's avatar
Roger Dingledine committed
235

236
237
238
239
240
/* Proxy client types */
#define PROXY_NONE 0
#define PROXY_CONNECT 1
#define PROXY_SOCKS4 2
#define PROXY_SOCKS5 3
241
242
/* !!!! If there is ever a PROXY_* type over 2, we must grow the proxy_type
 * field in or_connection_t */
243
244
/* pluggable transports proxy type */
#define PROXY_PLUGGABLE 4
245
246

/* Proxy client handshake states */
247
/* We use a proxy but we haven't even connected to it yet. */
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
#define PROXY_INFANT 1
/* We use an HTTP proxy and we've sent the CONNECT command. */
#define PROXY_HTTPS_WANT_CONNECT_OK 2
/* We use a SOCKS4 proxy and we've sent the CONNECT command. */
#define PROXY_SOCKS4_WANT_CONNECT_OK 3
/* We use a SOCKS5 proxy and we try to negotiate without
   any authentication . */
#define PROXY_SOCKS5_WANT_AUTH_METHOD_NONE 4
/* We use a SOCKS5 proxy and we try to negotiate with
   Username/Password authentication . */
#define PROXY_SOCKS5_WANT_AUTH_METHOD_RFC1929 5
/* We use a SOCKS5 proxy and we just sent our credentials. */
#define PROXY_SOCKS5_WANT_AUTH_RFC1929_OK 6
/* We use a SOCKS5 proxy and we just sent our CONNECT command. */
#define PROXY_SOCKS5_WANT_CONNECT_OK 7
/* We use a proxy and we CONNECTed successfully!. */
#define PROXY_CONNECTED 8
265

266
/** True iff <b>x</b> is an edge connection. */
267
268
#define CONN_IS_EDGE(x) \
  ((x)->type == CONN_TYPE_EXIT || (x)->type == CONN_TYPE_AP)
269

270
/** State for any listener connection. */
Roger Dingledine's avatar
Roger Dingledine committed
271
272
#define LISTENER_STATE_READY 0

273
#define CPUWORKER_STATE_MIN_ 1
274
/** State for a connection to a cpuworker process that's idle. */
275
#define CPUWORKER_STATE_IDLE 1
Nick Mathewson's avatar
Nick Mathewson committed
276
/** State for a connection to a cpuworker process that's processing a
277
 * handshake. */
278
#define CPUWORKER_STATE_BUSY_ONION 2
279
#define CPUWORKER_STATE_MAX_ 2
Roger Dingledine's avatar
Roger Dingledine committed
280
281

#define CPUWORKER_TASK_ONION CPUWORKER_STATE_BUSY_ONION
282
#define CPUWORKER_TASK_SHUTDOWN 255
Roger Dingledine's avatar
Roger Dingledine committed
283

284
#define OR_CONN_STATE_MIN_ 1
285
/** State for a connection to an OR: waiting for connect() to finish. */
Nick Mathewson's avatar
Nick Mathewson committed
286
#define OR_CONN_STATE_CONNECTING 1
287
288
/** State for a connection to an OR: waiting for proxy handshake to complete */
#define OR_CONN_STATE_PROXY_HANDSHAKING 2
289
/** State for an OR connection client: SSL is handshaking, not done
290
 * yet. */
291
#define OR_CONN_STATE_TLS_HANDSHAKING 3
292
/** State for a connection to an OR: We're doing a second SSL handshake for
293
 * renegotiation purposes. (V2 handshake only.) */
294
#define OR_CONN_STATE_TLS_CLIENT_RENEGOTIATING 4
295
/** State for a connection at an OR: We're waiting for the client to
296
297
 * renegotiate (to indicate a v2 handshake) or send a versions cell (to
 * indicate a v3 handshake) */
298
#define OR_CONN_STATE_TLS_SERVER_RENEGOTIATING 5
299
300
301
302
303
304
305
306
/** State for an OR connection: We're done with our SSL handshake, we've done
 * renegotiation, but we haven't yet negotiated link protocol versions and
 * sent a netinfo cell. */
#define OR_CONN_STATE_OR_HANDSHAKING_V2 6
/** State for an OR connection: We're done with our SSL handshake, but we
 * haven't yet negotiated link protocol versions, done a V3 handshake, and
 * sent a netinfo cell. */
#define OR_CONN_STATE_OR_HANDSHAKING_V3 7
307
/** State for an OR connection: Ready to send/receive cells. */
308
#define OR_CONN_STATE_OPEN 8
309
#define OR_CONN_STATE_MAX_ 8
310

311
#define EXIT_CONN_STATE_MIN_ 1
Nick Mathewson's avatar
Nick Mathewson committed
312
/** State for an exit connection: waiting for response from DNS farm. */
Nick Mathewson's avatar
Nick Mathewson committed
313
#define EXIT_CONN_STATE_RESOLVING 1
314
/** State for an exit connection: waiting for connect() to finish. */
Nick Mathewson's avatar
Nick Mathewson committed
315
#define EXIT_CONN_STATE_CONNECTING 2
316
/** State for an exit connection: open and ready to transmit data. */
317
#define EXIT_CONN_STATE_OPEN 3
318
/** State for an exit connection: waiting to be removed. */
Nick Mathewson's avatar
Nick Mathewson committed
319
#define EXIT_CONN_STATE_RESOLVEFAILED 4
320
#define EXIT_CONN_STATE_MAX_ 4
Roger Dingledine's avatar
Roger Dingledine committed
321

Roger Dingledine's avatar
Roger Dingledine committed
322
/* The AP state values must be disjoint from the EXIT state values. */
323
#define AP_CONN_STATE_MIN_ 5
324
/** State for a SOCKS connection: waiting for SOCKS request. */
325
#define AP_CONN_STATE_SOCKS_WAIT 5
Nick Mathewson's avatar
Nick Mathewson committed
326
/** State for a SOCKS connection: got a y.onion URL; waiting to receive
Roger Dingledine's avatar
Roger Dingledine committed
327
 * rendezvous descriptor. */
328
#define AP_CONN_STATE_RENDDESC_WAIT 6
329
330
331
/** The controller will attach this connection to a circuit; it isn't our
 * job to do so. */
#define AP_CONN_STATE_CONTROLLER_WAIT 7
332
/** State for a SOCKS connection: waiting for a completed circuit. */
333
#define AP_CONN_STATE_CIRCUIT_WAIT 8
334
/** State for a SOCKS connection: sent BEGIN, waiting for CONNECTED. */
335
#define AP_CONN_STATE_CONNECT_WAIT 9
336
/** State for a SOCKS connection: sent RESOLVE, waiting for RESOLVED. */
337
#define AP_CONN_STATE_RESOLVE_WAIT 10
338
/** State for a SOCKS connection: ready to send and receive. */
339
#define AP_CONN_STATE_OPEN 11
340
341
342
/** State for a transparent natd connection: waiting for original
 * destination. */
#define AP_CONN_STATE_NATD_WAIT 12
343
#define AP_CONN_STATE_MAX_ 12
344

345
346
/** True iff the AP_CONN_STATE_* value <b>s</b> means that the corresponding
 * edge connection is not attached to any circuit. */
347
348
349
#define AP_CONN_STATE_IS_UNATTACHED(s) \
  ((s) <= AP_CONN_STATE_CIRCUIT_WAIT || (s) == AP_CONN_STATE_NATD_WAIT)

350
#define DIR_CONN_STATE_MIN_ 1
351
/** State for connection to directory server: waiting for connect(). */
Roger Dingledine's avatar
Roger Dingledine committed
352
#define DIR_CONN_STATE_CONNECTING 1
353
/** State for connection to directory server: sending HTTP request. */
Roger Dingledine's avatar
Roger Dingledine committed
354
#define DIR_CONN_STATE_CLIENT_SENDING 2
355
/** State for connection to directory server: reading HTTP response. */
Roger Dingledine's avatar
Roger Dingledine committed
356
#define DIR_CONN_STATE_CLIENT_READING 3
357
358
/** State for connection to directory server: happy and finished. */
#define DIR_CONN_STATE_CLIENT_FINISHED 4
359
/** State for connection at directory server: waiting for HTTP request. */
360
#define DIR_CONN_STATE_SERVER_COMMAND_WAIT 5
361
/** State for connection at directory server: sending HTTP response. */
362
#define DIR_CONN_STATE_SERVER_WRITING 6
363
#define DIR_CONN_STATE_MAX_ 6
Roger Dingledine's avatar
Roger Dingledine committed
364

365
366
/** True iff the purpose of <b>conn</b> means that it's a server-side
 * directory connection. */
367
368
#define DIR_CONN_IS_SERVER(conn) ((conn)->purpose == DIR_PURPOSE_SERVER)

369
#define CONTROL_CONN_STATE_MIN_ 1
370
/** State for a control connection: Authenticated and accepting v1 commands. */
371
#define CONTROL_CONN_STATE_OPEN 1
372
373
/** State for a control connection: Waiting for authentication; speaking
 * protocol v1. */
374
#define CONTROL_CONN_STATE_NEEDAUTH 2
375
#define CONTROL_CONN_STATE_MAX_ 2
376

377
#define DIR_PURPOSE_MIN_ 3
378
/** A connection to a directory server: download a rendezvous
Nick Mathewson's avatar
Nick Mathewson committed
379
 * descriptor. */
380
#define DIR_PURPOSE_FETCH_RENDDESC 3
381
/** A connection to a directory server: set after a rendezvous
Nick Mathewson's avatar
Nick Mathewson committed
382
 * descriptor is downloaded. */
383
#define DIR_PURPOSE_HAS_FETCHED_RENDDESC 4
384
385
/** A connection to a directory server: download one or more v2
 * network-status objects */
386
#define DIR_PURPOSE_FETCH_V2_NETWORKSTATUS 5
387
/** A connection to a directory server: download one or more server
388
389
 * descriptors. */
#define DIR_PURPOSE_FETCH_SERVERDESC 6
390
391
392
/** A connection to a directory server: download one or more extra-info
 * documents. */
#define DIR_PURPOSE_FETCH_EXTRAINFO 7
393
/** A connection to a directory server: upload a server descriptor. */
394
#define DIR_PURPOSE_UPLOAD_DIR 8
395
/** A connection to a directory server: upload a rendezvous
396
 * descriptor. */
397
#define DIR_PURPOSE_UPLOAD_RENDDESC 9
398
399
/** A connection to a directory server: upload a v3 networkstatus vote. */
#define DIR_PURPOSE_UPLOAD_VOTE 10
400
/** A connection to a directory server: upload a v3 consensus signature */
401
#define DIR_PURPOSE_UPLOAD_SIGNATURES 11
402
403
/** A connection to a directory server: download one or more v3 networkstatus
 * votes. */
404
#define DIR_PURPOSE_FETCH_STATUS_VOTE 12
405
406
/** A connection to a directory server: download a v3 detached signatures
 * object for a consensus. */
407
#define DIR_PURPOSE_FETCH_DETACHED_SIGNATURES 13
408
/** A connection to a directory server: download a v3 networkstatus
409
 * consensus. */
410
#define DIR_PURPOSE_FETCH_CONSENSUS 14
411
412
/** A connection to a directory server: download one or more directory
 * authority certificates. */
413
#define DIR_PURPOSE_FETCH_CERTIFICATE 15
414

Nick Mathewson's avatar
Nick Mathewson committed
415
/** Purpose for connection at a directory server. */
416
#define DIR_PURPOSE_SERVER 16
417
418
419
420
421
422
/** A connection to a hidden service directory server: upload a v2 rendezvous
 * descriptor. */
#define DIR_PURPOSE_UPLOAD_RENDDESC_V2 17
/** A connection to a hidden service directory server: download a v2 rendezvous
 * descriptor. */
#define DIR_PURPOSE_FETCH_RENDDESC_V2 18
423
424
/** A connection to a directory server: download a microdescriptor. */
#define DIR_PURPOSE_FETCH_MICRODESC 19
425
#define DIR_PURPOSE_MAX_ 19
426

427
428
/** True iff <b>p</b> is a purpose corresponding to uploading data to a
 * directory server. */
429
430
431
432
433
434
#define DIR_PURPOSE_IS_UPLOAD(p)                \
  ((p)==DIR_PURPOSE_UPLOAD_DIR ||               \
   (p)==DIR_PURPOSE_UPLOAD_RENDDESC ||          \
   (p)==DIR_PURPOSE_UPLOAD_VOTE ||              \
   (p)==DIR_PURPOSE_UPLOAD_SIGNATURES)

435
#define EXIT_PURPOSE_MIN_ 1
436
/** This exit stream wants to do an ordinary connect. */
437
#define EXIT_PURPOSE_CONNECT 1
438
/** This exit stream wants to do a resolve (either normal or reverse). */
439
#define EXIT_PURPOSE_RESOLVE 2
440
#define EXIT_PURPOSE_MAX_ 2
441

442
/* !!!! If any connection purpose is ever over 31, we must grow the type
443
444
 * field in connection_t. */

445
/** Circuit state: I'm the origin, still haven't done all my handshakes. */
Nick Mathewson's avatar
Nick Mathewson committed
446
#define CIRCUIT_STATE_BUILDING 0
447
/** Circuit state: Waiting to process the onionskin. */
Nick Mathewson's avatar
Nick Mathewson committed
448
#define CIRCUIT_STATE_ONIONSKIN_PENDING 1
449
/** Circuit state: I'd like to deliver a create, but my n_chan is still
450
 * connecting. */
451
#define CIRCUIT_STATE_CHAN_WAIT 2
452
/** Circuit state: onionskin(s) processed, ready to send/receive cells. */
Nick Mathewson's avatar
Nick Mathewson committed
453
#define CIRCUIT_STATE_OPEN 3
Roger Dingledine's avatar
Roger Dingledine committed
454

455
#define CIRCUIT_PURPOSE_MIN_ 1
456

457
/* these circuits were initiated elsewhere */
458
#define CIRCUIT_PURPOSE_OR_MIN_ 1
Nick Mathewson's avatar
Nick Mathewson committed
459
460
/** OR-side circuit purpose: normal circuit, at OR. */
#define CIRCUIT_PURPOSE_OR 1
461
/** OR-side circuit purpose: At OR, from Bob, waiting for intro from Alices. */
Nick Mathewson's avatar
Nick Mathewson committed
462
#define CIRCUIT_PURPOSE_INTRO_POINT 2
463
/** OR-side circuit purpose: At OR, from Alice, waiting for Bob. */
Nick Mathewson's avatar
Nick Mathewson committed
464
#define CIRCUIT_PURPOSE_REND_POINT_WAITING 3
465
/** OR-side circuit purpose: At OR, both circuits have this purpose. */
Nick Mathewson's avatar
Nick Mathewson committed
466
#define CIRCUIT_PURPOSE_REND_ESTABLISHED 4
467
#define CIRCUIT_PURPOSE_OR_MAX_ 4
468

469
/* these circuits originate at this node */
470
471
472
473

/* here's how circ client-side purposes work:
 *   normal circuits are C_GENERAL.
 *   circuits that are c_introducing are either on their way to
474
475
476
477
 *     becoming open, or they are open and waiting for a
 *     suitable rendcirc before they send the intro.
 *   circuits that are c_introduce_ack_wait have sent the intro,
 *     but haven't gotten a response yet.
478
479
480
 *   circuits that are c_establish_rend are either on their way
 *     to becoming open, or they are open and have sent the
 *     establish_rendezvous cell but haven't received an ack.
481
482
 *   circuits that are c_rend_ready are open and have received a
 *     rend ack, but haven't heard from bob yet. if they have a
483
484
 *     buildstate->pending_final_cpath then they're expecting a
 *     cell from bob, else they're not.
485
486
 *   circuits that are c_rend_ready_intro_acked are open, and
 *     some intro circ has sent its intro and received an ack.
487
488
489
 *   circuits that are c_rend_joined are open, have heard from
 *     bob, and are talking to him.
 */
Nick Mathewson's avatar
Nick Mathewson committed
490
491
/** Client-side circuit purpose: Normal circuit, with cpath. */
#define CIRCUIT_PURPOSE_C_GENERAL 5
492
/** Client-side circuit purpose: at Alice, connecting to intro point. */
Nick Mathewson's avatar
Nick Mathewson committed
493
#define CIRCUIT_PURPOSE_C_INTRODUCING 6
494
495
/** Client-side circuit purpose: at Alice, sent INTRODUCE1 to intro point,
 * waiting for ACK/NAK. */
Nick Mathewson's avatar
Nick Mathewson committed
496
#define CIRCUIT_PURPOSE_C_INTRODUCE_ACK_WAIT 7
497
/** Client-side circuit purpose: at Alice, introduced and acked, closing. */
Nick Mathewson's avatar
Nick Mathewson committed
498
#define CIRCUIT_PURPOSE_C_INTRODUCE_ACKED 8
499
/** Client-side circuit purpose: at Alice, waiting for ack. */
Nick Mathewson's avatar
Nick Mathewson committed
500
#define CIRCUIT_PURPOSE_C_ESTABLISH_REND 9
501
/** Client-side circuit purpose: at Alice, waiting for Bob. */
Nick Mathewson's avatar
Nick Mathewson committed
502
503
504
505
#define CIRCUIT_PURPOSE_C_REND_READY 10
/** Client-side circuit purpose: at Alice, waiting for Bob, INTRODUCE
 * has been acknowledged. */
#define CIRCUIT_PURPOSE_C_REND_READY_INTRO_ACKED 11
506
/** Client-side circuit purpose: at Alice, rendezvous established. */
Nick Mathewson's avatar
Nick Mathewson committed
507
#define CIRCUIT_PURPOSE_C_REND_JOINED 12
508
509
/** This circuit is used for build time measurement only */
#define CIRCUIT_PURPOSE_C_MEASURE_TIMEOUT 13
510
#define CIRCUIT_PURPOSE_C_MAX_ 13
511
/** Hidden-service-side circuit purpose: at Bob, waiting for introductions. */
512
#define CIRCUIT_PURPOSE_S_ESTABLISH_INTRO 14
Nick Mathewson's avatar
Nick Mathewson committed
513
/** Hidden-service-side circuit purpose: at Bob, successfully established
514
 * intro. */
515
#define CIRCUIT_PURPOSE_S_INTRO 15
516
/** Hidden-service-side circuit purpose: at Bob, connecting to rend point. */
517
#define CIRCUIT_PURPOSE_S_CONNECT_REND 16
518
/** Hidden-service-side circuit purpose: at Bob, rendezvous established. */
519
#define CIRCUIT_PURPOSE_S_REND_JOINED 17
520
/** A testing circuit; not meant to be used for actual traffic. */
521
#define CIRCUIT_PURPOSE_TESTING 18
522
/** A controller made this circuit and Tor should not use it. */
523
#define CIRCUIT_PURPOSE_CONTROLLER 19
524
525
526
/** This circuit is used for path bias probing only */
#define CIRCUIT_PURPOSE_PATH_BIAS_TESTING 20
#define CIRCUIT_PURPOSE_MAX_ 20
527
528
529
/** A catch-all for unrecognized purposes. Currently we don't expect
 * to make or see any circuits with this purpose. */
#define CIRCUIT_PURPOSE_UNKNOWN 255
530

531
532
/** True iff the circuit purpose <b>p</b> is for a circuit that
 * originated at this node. */
533
#define CIRCUIT_PURPOSE_IS_ORIGIN(p) ((p)>CIRCUIT_PURPOSE_OR_MAX_)
534
535
/** True iff the circuit purpose <b>p</b> is for a circuit that originated
 * here to serve as a client.  (Hidden services don't count here.) */
536
#define CIRCUIT_PURPOSE_IS_CLIENT(p)  \
537
538
  ((p)> CIRCUIT_PURPOSE_OR_MAX_ &&    \
   (p)<=CIRCUIT_PURPOSE_C_MAX_)
539
/** True iff the circuit_t <b>c</b> is actually an origin_circuit_t. */
540
#define CIRCUIT_IS_ORIGIN(c) (CIRCUIT_PURPOSE_IS_ORIGIN((c)->purpose))
541
542
543
544
545
/** True iff the circuit purpose <b>p</b> is for an established rendezvous
 * circuit. */
#define CIRCUIT_PURPOSE_IS_ESTABLISHED_REND(p) \
  ((p) == CIRCUIT_PURPOSE_C_REND_JOINED ||     \
   (p) == CIRCUIT_PURPOSE_S_REND_JOINED)
546

547
548
549
550
/** How many circuits do we want simultaneously in-progress to handle
 * a given stream? */
#define MIN_CIRCUITS_HANDLING_STREAM 2

551
552
/* These RELAY_COMMAND constants define values for relay cell commands, and
* must match those defined in tor-spec.txt. */
553
554
555
556
557
#define RELAY_COMMAND_BEGIN 1
#define RELAY_COMMAND_DATA 2
#define RELAY_COMMAND_END 3
#define RELAY_COMMAND_CONNECTED 4
#define RELAY_COMMAND_SENDME 5
558
559
#define RELAY_COMMAND_EXTEND 6
#define RELAY_COMMAND_EXTENDED 7
560
561
#define RELAY_COMMAND_TRUNCATE 8
#define RELAY_COMMAND_TRUNCATED 9
562
#define RELAY_COMMAND_DROP 10
563
564
#define RELAY_COMMAND_RESOLVE 11
#define RELAY_COMMAND_RESOLVED 12
565
#define RELAY_COMMAND_BEGIN_DIR 13
566
567
#define RELAY_COMMAND_EXTEND2 14
#define RELAY_COMMAND_EXTENDED2 15
568

569
570
571
572
#define RELAY_COMMAND_ESTABLISH_INTRO 32
#define RELAY_COMMAND_ESTABLISH_RENDEZVOUS 33
#define RELAY_COMMAND_INTRODUCE1 34
#define RELAY_COMMAND_INTRODUCE2 35
573
574
575
576
577
#define RELAY_COMMAND_RENDEZVOUS1 36
#define RELAY_COMMAND_RENDEZVOUS2 37
#define RELAY_COMMAND_INTRO_ESTABLISHED 38
#define RELAY_COMMAND_RENDEZVOUS_ESTABLISHED 39
#define RELAY_COMMAND_INTRODUCE_ACK 40
578

579
/* Reasons why an OR connection is closed. */
580
581
582
583
584
585
586
587
588
#define END_OR_CONN_REASON_DONE           1
#define END_OR_CONN_REASON_REFUSED        2 /* connection refused */
#define END_OR_CONN_REASON_OR_IDENTITY    3
#define END_OR_CONN_REASON_CONNRESET      4 /* connection reset by peer */
#define END_OR_CONN_REASON_TIMEOUT        5
#define END_OR_CONN_REASON_NO_ROUTE       6 /* no route to host/net */
#define END_OR_CONN_REASON_IO_ERROR       7 /* read/write error */
#define END_OR_CONN_REASON_RESOURCE_LIMIT 8 /* sockets, buffers, etc */
#define END_OR_CONN_REASON_MISC           9
589

590
/* Reasons why we (or a remote OR) might close a stream. See tor-spec.txt for
591
 * documentation of these.  The values must match. */
592
593
#define END_STREAM_REASON_MISC 1
#define END_STREAM_REASON_RESOLVEFAILED 2
594
#define END_STREAM_REASON_CONNECTREFUSED 3
595
596
597
#define END_STREAM_REASON_EXITPOLICY 4
#define END_STREAM_REASON_DESTROY 5
#define END_STREAM_REASON_DONE 6
598
#define END_STREAM_REASON_TIMEOUT 7
599
#define END_STREAM_REASON_NOROUTE 8
600
601
602
603
#define END_STREAM_REASON_HIBERNATING 9
#define END_STREAM_REASON_INTERNAL 10
#define END_STREAM_REASON_RESOURCELIMIT 11
#define END_STREAM_REASON_CONNRESET 12
604
#define END_STREAM_REASON_TORPROTOCOL 13
605
#define END_STREAM_REASON_NOTDIRECTORY 14
606
#define END_STREAM_REASON_ENTRYPOLICY 15
607

608
609
610
611
/* These high-numbered end reasons are not part of the official spec,
 * and are not intended to be put in relay end cells. They are here
 * to be more informative when sending back socks replies to the
 * application. */
612
/* XXXX 256 is no longer used; feel free to reuse it. */
613
614
/** We were unable to attach the connection to any circuit at all. */
/* XXXX the ways we use this one don't make a lot of sense. */
615
#define END_STREAM_REASON_CANT_ATTACH 257
616
617
/** We can't connect to any directories at all, so we killed our streams
 * before they can time out. */
618
#define END_STREAM_REASON_NET_UNREACHABLE 258
619
620
/** This is a SOCKS connection, and the client used (or misused) the SOCKS
 * protocol in a way we couldn't handle. */
621
#define END_STREAM_REASON_SOCKSPROTOCOL 259
622
623
/** This is a transparent proxy connection, but we can't extract the original
 * target address:port. */
624
#define END_STREAM_REASON_CANT_FETCH_ORIG_DEST 260
625
/** This is a connection on the NATD port, and the destination IP:Port was
Roger Dingledine's avatar
Roger Dingledine committed
626
 * either ill-formed or out-of-range. */
627
#define END_STREAM_REASON_INVALID_NATD_DEST 261
628
629
630
/** The target address is in a private network (like 127.0.0.1 or 10.0.0.1);
 * you don't want to do that over a randomly chosen exit */
#define END_STREAM_REASON_PRIVATE_ADDR 262
631

632
633
634
/** Bitwise-and this value with endreason to mask out all flags. */
#define END_STREAM_REASON_MASK 511

635
636
/** Bitwise-or this with the argument to control_event_stream_status
 * to indicate that the reason came from an END cell. */
637
638
639
640
#define END_STREAM_REASON_FLAG_REMOTE 512
/** Bitwise-or this with the argument to control_event_stream_status
 * to indicate that we already sent a CLOSED stream event. */
#define END_STREAM_REASON_FLAG_ALREADY_SENT_CLOSED 1024
641
642
643
644
/** Bitwise-or this with endreason to indicate that we already sent
 * a socks reply, and no further reply needs to be sent from
 * connection_mark_unattached_ap(). */
#define END_STREAM_REASON_FLAG_ALREADY_SOCKS_REPLIED 2048
645

646
647
648
649
650
651
652
/** Reason for remapping an AP connection's address: we have a cached
 * answer. */
#define REMAP_STREAM_SOURCE_CACHE 1
/** Reason for remapping an AP connection's address: the exit node told us an
 * answer. */
#define REMAP_STREAM_SOURCE_EXIT 2

Roger Dingledine's avatar
Roger Dingledine committed
653
/* 'type' values to use in RESOLVED cells.  Specified in tor-spec.txt. */
654
#define RESOLVED_TYPE_HOSTNAME 0
655
656
657
658
659
#define RESOLVED_TYPE_IPV4 4
#define RESOLVED_TYPE_IPV6 6
#define RESOLVED_TYPE_ERROR_TRANSIENT 0xF0
#define RESOLVED_TYPE_ERROR 0xF1

660
661
/* Negative reasons are internal: we never send them in a DESTROY or TRUNCATE
 * call; they only go to the controller for tracking  */
662
663
664
665
/** Our post-timeout circuit time measurement period expired.
 * We must give up now */
#define END_CIRC_REASON_MEASUREMENT_EXPIRED -3

666
/** We couldn't build a path for this circuit. */
667
#define END_CIRC_REASON_NOPATH          -2
668
/** Catch-all "other" reason for closing origin circuits. */
669
#define END_CIRC_AT_ORIGIN              -1
670

671
672
/* Reasons why we (or a remote OR) might close a circuit. See tor-spec.txt for
 * documentation of these. */
673
#define END_CIRC_REASON_MIN_            0
674
675
676
677
678
679
680
681
#define END_CIRC_REASON_NONE            0
#define END_CIRC_REASON_TORPROTOCOL     1
#define END_CIRC_REASON_INTERNAL        2
#define END_CIRC_REASON_REQUESTED       3
#define END_CIRC_REASON_HIBERNATING     4
#define END_CIRC_REASON_RESOURCELIMIT   5
#define END_CIRC_REASON_CONNECTFAILED   6
#define END_CIRC_REASON_OR_IDENTITY     7
682
#define END_CIRC_REASON_CHANNEL_CLOSED  8
683
684
685
686
#define END_CIRC_REASON_FINISHED        9
#define END_CIRC_REASON_TIMEOUT         10
#define END_CIRC_REASON_DESTROYED       11
#define END_CIRC_REASON_NOSUCHSERVICE   12
687
#define END_CIRC_REASON_MAX_            12
688

Roger Dingledine's avatar
Roger Dingledine committed
689
690
691
/** Bitwise-OR this with the argument to circuit_mark_for_close() or
 * control_event_circuit_status() to indicate that the reason was
 * passed through from a destroy or truncate cell. */
692
693
#define END_CIRC_REASON_FLAG_REMOTE     512

Nick Mathewson's avatar
Nick Mathewson committed
694
/** Length of 'y' portion of 'y.onion' URL. */
695
696
#define REND_SERVICE_ID_LEN_BASE32 16

697
698
699
/** Length of 'y.onion' including '.onion' URL. */
#define REND_SERVICE_ADDRESS_LEN (16+1+5)

700
701
/** Length of a binary-encoded rendezvous service ID. */
#define REND_SERVICE_ID_LEN 10
702

703
704
705
706
707
708
709
710
711
712
713
714
715
716
717
/** Time period for which a v2 descriptor will be valid. */
#define REND_TIME_PERIOD_V2_DESC_VALIDITY (24*60*60)

/** Time period within which two sets of v2 descriptors will be uploaded in
 * parallel. */
#define REND_TIME_PERIOD_OVERLAPPING_V2_DESCS (60*60)

/** Number of non-consecutive replicas (i.e. distributed somewhere
 * in the ring) for a descriptor. */
#define REND_NUMBER_OF_NON_CONSECUTIVE_REPLICAS 2

/** Number of consecutive replicas for a descriptor. */
#define REND_NUMBER_OF_CONSECUTIVE_REPLICAS 3

/** Length of v2 descriptor ID (32 base32 chars = 160 bits). */
718
#define REND_DESC_ID_V2_LEN_BASE32 32
719

720
721
722
723
724
725
726
727
/** Length of the base32-encoded secret ID part of versioned hidden service
 * descriptors. */
#define REND_SECRET_ID_PART_LEN_BASE32 32

/** Length of the base32-encoded hash of an introduction point's
 * identity key. */
#define REND_INTRO_POINT_ID_LEN_BASE32 32

728
729
730
731
732
733
734
735
/** Length of the descriptor cookie that is used for client authorization
 * to hidden services. */
#define REND_DESC_COOKIE_LEN 16

/** Length of the base64-encoded descriptor cookie that is used for
 * exchanging client authorization between hidden service and client. */
#define REND_DESC_COOKIE_LEN_BASE64 22

736
737
738
739
740
741
742
743
744
745
746
747
748
749
750
751
752
/** Length of client identifier in encrypted introduction points for hidden
 * service authorization type 'basic'. */
#define REND_BASIC_AUTH_CLIENT_ID_LEN 4

/** Multiple of the number of clients to which the real number of clients
 * is padded with fake clients for hidden service authorization type
 * 'basic'. */
#define REND_BASIC_AUTH_CLIENT_MULTIPLE 16

/** Length of client entry consisting of client identifier and encrypted
 * session key for hidden service authorization type 'basic'. */
#define REND_BASIC_AUTH_CLIENT_ENTRY_LEN (REND_BASIC_AUTH_CLIENT_ID_LEN \
                                          + CIPHER_KEY_LEN)

/** Maximum size of v2 hidden service descriptors. */
#define REND_DESC_MAX_SIZE (20 * 1024)

753
754
755
756
757
/** Legal characters for use in authorized client names for a hidden
 * service. */
#define REND_LEGAL_CLIENTNAME_CHARACTERS \
  "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789+-_"

Nick Mathewson's avatar
Nick Mathewson committed
758
759
760
/** Maximum length of authorized client names for a hidden service. */
#define REND_CLIENTNAME_MAX_LEN 16

761
762
763
764
765
766
767
768
769
770
771
772
773
774
775
776
777
778
779
780
781
782
783
784
785
786
787
788
789
790
791
792
793
794
795
796
797
798
/** Length of the rendezvous cookie that is used to connect circuits at the
 * rendezvous point. */
#define REND_COOKIE_LEN DIGEST_LEN

/** Client authorization type that a hidden service performs. */
typedef enum rend_auth_type_t {
  REND_NO_AUTH      = 0,
  REND_BASIC_AUTH   = 1,
  REND_STEALTH_AUTH = 2,
} rend_auth_type_t;

/** Client-side configuration of authorization for a hidden service. */
typedef struct rend_service_authorization_t {
  char descriptor_cookie[REND_DESC_COOKIE_LEN];
  char onion_address[REND_SERVICE_ADDRESS_LEN+1];
  rend_auth_type_t auth_type;
} rend_service_authorization_t;

/** Client- and server-side data that is used for hidden service connection
 * establishment. Not all fields contain data depending on where this struct
 * is used. */
typedef struct rend_data_t {
  /** Onion address (without the .onion part) that a client requests. */
  char onion_address[REND_SERVICE_ID_LEN_BASE32+1];

  /** (Optional) descriptor cookie that is used by a client. */
  char descriptor_cookie[REND_DESC_COOKIE_LEN];

  /** Authorization type for accessing a service used by a client. */
  rend_auth_type_t auth_type;

  /** Hash of the hidden service's PK used by a service. */
  char rend_pk_digest[DIGEST_LEN];

  /** Rendezvous cookie used by both, client and service. */
  char rend_cookie[REND_COOKIE_LEN];
} rend_data_t;

799
800
801
/** Time interval for tracking replays of DH public keys received in
 * INTRODUCE2 cells.  Used only to avoid launching multiple
 * simultaneous attempts to connect to the same rendezvous point. */
802
#define REND_REPLAY_TIME_INTERVAL (5 * 60)
803

804
805
806
807
808
/** Used to indicate which way a cell is going on a circuit. */
typedef enum {
  CELL_DIRECTION_IN=1, /**< The cell is moving towards the origin. */
  CELL_DIRECTION_OUT=2, /**< The cell is moving away from the origin. */
} cell_direction_t;
809

810
811
/** Initial value for both sides of a circuit transmission window when the
 * circuit is initialized.  Measured in cells. */
812
#define CIRCWINDOW_START 1000
813
814
#define CIRCWINDOW_START_MIN 100
#define CIRCWINDOW_START_MAX 1000
815
/** Amount to increment a circuit window when we get a circuit SENDME. */
816
#define CIRCWINDOW_INCREMENT 100
817
818
/** Initial value on both sides of a stream transmission window when the
 * stream is initialized.  Measured in cells. */
819
#define STREAMWINDOW_START 500
820
/** Amount to increment a stream window when we get a stream SENDME. */
821
#define STREAMWINDOW_INCREMENT 50
822

823
/* Cell commands.  These values are defined in tor-spec.txt. */
Roger Dingledine's avatar
Roger Dingledine committed
824
825
#define CELL_PADDING 0
#define CELL_CREATE 1
826
827
828
#define CELL_CREATED 2
#define CELL_RELAY 3
#define CELL_DESTROY 4
829
830
#define CELL_CREATE_FAST 5
#define CELL_CREATED_FAST 6
831
832
#define CELL_VERSIONS 7
#define CELL_NETINFO 8
833
#define CELL_RELAY_EARLY 9
834
835
#define CELL_CREATE2 10
#define CELL_CREATED2 11
Roger Dingledine's avatar
Roger Dingledine committed
836

837
#define CELL_VPADDING 128
838
#define CELL_CERTS 129
839
840
#define CELL_AUTH_CHALLENGE 130
#define CELL_AUTHENTICATE 131
841
#define CELL_AUTHORIZE 132
842

843
/** How long to test reachability before complaining to the user. */
844
#define TIMEOUT_UNTIL_UNREACHABILITY_COMPLAINT (20*60)
845

846
/** Legal characters in a nickname. */
847
848
#define LEGAL_NICKNAME_CHARACTERS \
  "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789"
849

Roger Dingledine's avatar
Roger Dingledine committed
850
851
/** Name to use in client TLS certificates if no nickname is given. Once
 * Tor 0.1.2.x is obsolete, we can remove this. */
852
853
#define DEFAULT_CLIENT_NICKNAME "client"

854
855
856
/** Name chosen by routers that don't configure nicknames */
#define UNNAMED_ROUTER_NICKNAME "Unnamed"

857
/** Number of bytes in a SOCKS4 header. */
858
859
#define SOCKS4_NETWORK_LEN 8

Roger Dingledine's avatar
Roger Dingledine committed
860
861
862
/*
 * Relay payload:
 *         Relay command           [1 byte]
863
864
 *         Recognized              [2 bytes]
 *         Stream ID               [2 bytes]
Roger Dingledine's avatar
Roger Dingledine committed
865
866
 *         Partial SHA-1           [4 bytes]
 *         Length                  [2 bytes]
867
 *         Relay payload           [498 bytes]
Roger Dingledine's avatar
Roger Dingledine committed
868
 */
869

870
/** Number of bytes in a cell, minus cell header. */
Roger Dingledine's avatar
Roger Dingledine committed
871
#define CELL_PAYLOAD_SIZE 509
872
/** Number of bytes in a cell transmitted over the network. */
Roger Dingledine's avatar
Roger Dingledine committed
873
874
#define CELL_NETWORK_SIZE 512

875
/** Length of a header on a variable-length cell. */
876
877
#define VAR_CELL_HEADER_SIZE 5

878
879
/** Number of bytes in a relay cell's header (not including general cell
 * header). */
880
#define RELAY_HEADER_SIZE (1+2+2+4+2)
881
/** Largest number of bytes that can fit in a relay cell payload. */
882
883
#define RELAY_PAYLOAD_SIZE (CELL_PAYLOAD_SIZE-RELAY_HEADER_SIZE)

884
885
886
887
888
/** Identifies a circuit on an or_connection */
typedef uint16_t circid_t;
/** Identifies a stream on a circuit */
typedef uint16_t streamid_t;

889
890
891
892
/* channel_t typedef; struct channel_s is in channel.h */

typedef struct channel_s channel_t;

893
894
895
896
/* channel_listener_t typedef; struct channel_listener_s is in channel.h */

typedef struct channel_listener_s channel_listener_t;

897
898
899
900
901
902
903
904
905
906
907
908
909
910
911
912
913
914
915
916
917
918
919
920
921
922
923
924
925
926
927
928
929
930
931
932
933
934
935
936
937
938
939
940
941
942
943
944
945
946
947
948
949
950
951
952
953
954
955
956
957
958
959
960
961
962
963
964
965
966
967
968
969
970
971
972
/* channel states for channel_t */

typedef enum {
  /*
   * Closed state - channel is inactive
   *
   * Permitted transitions from:
   *   - CHANNEL_STATE_CLOSING
   * Permitted transitions to:
   *   - CHANNEL_STATE_OPENING
   */
  CHANNEL_STATE_CLOSED = 0,
  /*
   * Opening state - channel is trying to connect
   *
   * Permitted transitions from:
   *   - CHANNEL_STATE_CLOSED
   * Permitted transitions to:
   *   - CHANNEL_STATE_CLOSING
   *   - CHANNEL_STATE_ERROR
   *   - CHANNEL_STATE_OPEN
   */
  CHANNEL_STATE_OPENING,
  /*
   * Open state - channel is active and ready for use
   *
   * Permitted transitions from:
   *   - CHANNEL_STATE_MAINT
   *   - CHANNEL_STATE_OPENING
   * Permitted transitions to:
   *   - CHANNEL_STATE_CLOSING
   *   - CHANNEL_STATE_ERROR
   *   - CHANNEL_STATE_MAINT
   */
  CHANNEL_STATE_OPEN,
  /*
   * Maintenance state - channel is temporarily offline for subclass specific
   *   maintenance activities such as TLS renegotiation.
   *
   * Permitted transitions from:
   *   - CHANNEL_STATE_OPEN
   * Permitted transitions to:
   *   - CHANNEL_STATE_CLOSING
   *   - CHANNEL_STATE_ERROR
   *   - CHANNEL_STATE_OPEN
   */
  CHANNEL_STATE_MAINT,
  /*
   * Closing state - channel is shutting down
   *
   * Permitted transitions from:
   *   - CHANNEL_STATE_MAINT
   *   - CHANNEL_STATE_OPEN
   * Permitted transitions to:
   *   - CHANNEL_STATE_CLOSED,
   *   - CHANNEL_STATE_ERROR
   */
  CHANNEL_STATE_CLOSING,
  /*
   * Error state - channel has experienced a permanent error
   *
   * Permitted transitions from:
   *   - CHANNEL_STATE_CLOSING
   *   - CHANNEL_STATE_MAINT
   *   - CHANNEL_STATE_OPENING
   *   - CHANNEL_STATE_OPEN
   * Permitted transitions to:
   *   - None
   */
  CHANNEL_STATE_ERROR,
  /*
   * Placeholder for maximum state value