connection_edge.c 140 KB
Newer Older
1
/* Copyright (c) 2001 Matej Pfajfar.
Roger Dingledine's avatar
Roger Dingledine committed
2
 * Copyright (c) 2001-2004, Roger Dingledine.
3
 * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson.
Nick Mathewson's avatar
Nick Mathewson committed
4
 * Copyright (c) 2007-2016, The Tor Project, Inc. */
5
6
/* See LICENSE for licensing information */

7
8
/**
 * \file connection_edge.c
9
 * \brief Handle edge streams.
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
 *
 * An edge_connection_t is a subtype of a connection_t, and represents two
 * critical concepts in Tor: a stream, and an edge connection.  From the Tor
 * protocol's point of view, a stream is a bi-directional channel that is
 * multiplexed on a single circuit.  Each stream on a circuit is identified
 * with a separate 16-bit stream ID, local to the (circuit,exit) pair.
 * Streams are created in response to client requests.
 *
 * An edge connection is one thing that can implement a stream: it is either a
 * TCP application socket that has arrived via (e.g.) a SOCKS request, or an
 * exit connection.
 *
 * Not every instance of edge_connection_t truly represents an edge connction,
 * however. (Sorry!) We also create edge_connection_t objects for streams that
 * we will not be handling with TCP.  The types of these streams are:
 *   <ul>
 *   <li>DNS lookup streams, created on the client side in response to
 *     a UDP DNS request received on a DNSPort, or a RESOLVE command
 *     on a controller.
 *   <li>DNS lookup streams, created on the exit side in response to
 *     a RELAY_RESOLVE cell from a client.
 *   <li>Tunneled directory streams, created on the directory cache side
 *     in response to a RELAY_BEGINDIR cell.  These streams attach directly
 *     to a dir_connection_t object without ever using TCP.
 *   </ul>
 *
 * This module handles general-purpose functionality having to do with
 * edge_connection_t.  On the client side, it accepts various types of
 * application requests on SocksPorts, TransPorts, and NATDPorts, and
 * creates streams appropriately.
 *
 * This module is also responsible for implementing stream isolation:
 * ensuring that streams that should not be linkable to one another are
 * kept to different circuits.
 *
 * On the exit side, this module handles the various stream-creating
 * type of RELAY cells by launching appropriate outgoing connections,
 * DNS requests, or directory connection objects.
 *
 * And for all edge connections, this module is responsible for handling
 * incoming and outdoing data as it arrives or leaves in the relay.c
 * module.  (Outgoing data will be packaged in
 * connection_edge_process_inbuf() as it calls
 * connection_edge_package_raw_inbuf(); incoming data from RELAY_DATA
 * cells is applied in connection_edge_process_relay_cell().)
55
 **/
56
#define CONNECTION_EDGE_PRIVATE
57

58
#include "or.h"
59
60
61

#include "backtrace.h"

62
#include "addressmap.h"
Sebastian Hahn's avatar
Sebastian Hahn committed
63
#include "buffers.h"
64
#include "channel.h"
65
#include "circpathbias.h"
Sebastian Hahn's avatar
Sebastian Hahn committed
66
#include "circuitlist.h"
Sebastian Hahn's avatar
Sebastian Hahn committed
67
#include "circuituse.h"
Sebastian Hahn's avatar
Sebastian Hahn committed
68
#include "config.h"
Sebastian Hahn's avatar
Sebastian Hahn committed
69
#include "connection.h"
Sebastian Hahn's avatar
Sebastian Hahn committed
70
#include "connection_edge.h"
Sebastian Hahn's avatar
Sebastian Hahn committed
71
#include "connection_or.h"
Sebastian Hahn's avatar
Sebastian Hahn committed
72
#include "control.h"
Sebastian Hahn's avatar
Sebastian Hahn committed
73
#include "dns.h"
74
#include "dnsserv.h"
75
#include "directory.h"
Sebastian Hahn's avatar
Sebastian Hahn committed
76
#include "dirserv.h"
Sebastian Hahn's avatar
Sebastian Hahn committed
77
#include "hibernate.h"
Sebastian Hahn's avatar
Sebastian Hahn committed
78
#include "main.h"
79
#include "nodelist.h"
Sebastian Hahn's avatar
Sebastian Hahn committed
80
#include "policies.h"
Sebastian Hahn's avatar
Sebastian Hahn committed
81
#include "reasons.h"
Sebastian Hahn's avatar
Sebastian Hahn committed
82
#include "relay.h"
Sebastian Hahn's avatar
Sebastian Hahn committed
83
#include "rendclient.h"
Sebastian Hahn's avatar
Sebastian Hahn committed
84
#include "rendcommon.h"
Sebastian Hahn's avatar
Sebastian Hahn committed
85
#include "rendservice.h"
Sebastian Hahn's avatar
Sebastian Hahn committed
86
#include "rephist.h"
Sebastian Hahn's avatar
Sebastian Hahn committed
87
#include "router.h"
Sebastian Hahn's avatar
Sebastian Hahn committed
88
#include "routerlist.h"
89
#include "routerset.h"
90
#include "circuitbuild.h"
91

92
93
94
#ifdef HAVE_LINUX_TYPES_H
#include <linux/types.h>
#endif
95
96
97
#ifdef HAVE_LINUX_NETFILTER_IPV4_H
#include <linux/netfilter_ipv4.h>
#define TRANS_NETFILTER
98
#define TRANS_NETFILTER_IPV4
99
100
#endif

101
102
103
104
105
106
#ifdef HAVE_LINUX_IF_H
#include <linux/if.h>
#endif

#ifdef HAVE_LINUX_NETFILTER_IPV6_IP6_TABLES_H
#include <linux/netfilter_ipv6/ip6_tables.h>
107
#if defined(IP6T_SO_ORIGINAL_DST)
108
109
110
#define TRANS_NETFILTER
#define TRANS_NETFILTER_IPV6
#endif
111
#endif
112

113
114
115
116
117
118
#if defined(HAVE_NET_IF_H) && defined(HAVE_NET_PFVAR_H)
#include <net/if.h>
#include <net/pfvar.h>
#define TRANS_PF
#endif

119
120
121
122
#ifdef IP_TRANSPARENT
#define TRANS_TPROXY
#endif

123
124
125
#define SOCKS4_GRANTED          90
#define SOCKS4_REJECT           91

126
127
static int connection_ap_handshake_process_socks(entry_connection_t *conn);
static int connection_ap_process_natd(entry_connection_t *conn);
Roger Dingledine's avatar
Roger Dingledine committed
128
static int connection_exit_connect_dir(edge_connection_t *exitconn);
129
130
static int consider_plaintext_ports(entry_connection_t *conn, uint16_t port);
static int connection_ap_supports_optimistic_data(const entry_connection_t *);
131

132
133
134
135
/** An AP stream has failed/finished. If it hasn't already sent back
 * a socks reply, send one now (based on endreason). Also set
 * has_sent_end to 1, and mark the conn.
 */
136
137
138
MOCK_IMPL(void,
connection_mark_unattached_ap_,(entry_connection_t *conn, int endreason,
                                int line, const char *file))
139
{
140
  connection_t *base_conn = ENTRY_TO_CONN(conn);
141
  edge_connection_t *edge_conn = ENTRY_TO_EDGE_CONN(conn);
142
143
  tor_assert(base_conn->type == CONN_TYPE_AP);
  ENTRY_TO_EDGE_CONN(conn)->edge_has_sent_end = 1; /* no circ yet */
144

145
146
147
148
  /* If this is a rendezvous stream and it is failing without ever
   * being attached to a circuit, assume that an attempt to connect to
   * the destination hidden service has just ended.
   *
149
   * XXXX This condition doesn't limit to only streams failing
150
151
   * without ever being attached.  That sloppiness should be harmless,
   * but we should fix it someday anyway. */
152
153
  if ((edge_conn->on_circuit != NULL || edge_conn->edge_has_sent_end) &&
      connection_edge_is_rendezvous_stream(edge_conn)) {
154
    rend_client_note_connection_attempt_ended(edge_conn->rend_data);
155
156
  }

157
  if (base_conn->marked_for_close) {
158
    /* This call will warn as appropriate. */
159
    connection_mark_for_close_(base_conn, line, file);
160
161
162
    return;
  }

163
  if (!conn->socks_request->has_finished) {
164
    if (endreason & END_STREAM_REASON_FLAG_ALREADY_SOCKS_REPLIED)
Roger Dingledine's avatar
Roger Dingledine committed
165
      log_warn(LD_BUG,
166
               "stream (marked at %s:%d) sending two socks replies?",
Roger Dingledine's avatar
Roger Dingledine committed
167
               file, line);
168

169
    if (SOCKS_COMMAND_IS_CONNECT(conn->socks_request->command))
170
      connection_ap_handshake_socks_reply(conn, NULL, 0, endreason);
171
    else if (SOCKS_COMMAND_IS_RESOLVE(conn->socks_request->command))
172
173
      connection_ap_handshake_socks_resolved(conn,
                                             RESOLVED_TYPE_ERROR_TRANSIENT,
174
                                             0, NULL, -1, -1);
175
176
    else /* unknown or no handshake at all. send no response. */
      conn->socks_request->has_finished = 1;
177
  }
178

179
  connection_mark_and_flush_(base_conn, line, file);
180

181
  ENTRY_TO_EDGE_CONN(conn)->end_reason = endreason;
182
183
}

184
185
/** There was an EOF. Send an end and mark the connection for close.
 */
186
int
187
connection_edge_reached_eof(edge_connection_t *conn)
188
{
189
  if (connection_get_inbuf_len(TO_CONN(conn)) &&
190
      connection_state_is_open(TO_CONN(conn))) {
Roger Dingledine's avatar
Roger Dingledine committed
191
192
193
    /* it still has stuff to process. don't let it die yet. */
    return 0;
  }
194
195
  log_info(LD_EDGE,"conn (fd "TOR_SOCKET_T_FORMAT") reached eof. Closing.",
           conn->base_.s);
196
  if (!conn->base_.marked_for_close) {
197
198
    /* only mark it if not already marked. it's possible to
     * get the 'end' right around when the client hangs up on us. */
199
    connection_edge_end(conn, END_STREAM_REASON_DONE);
200
    if (conn->base_.type == CONN_TYPE_AP) {
201
202
203
204
      /* eof, so don't send a socks reply back */
      if (EDGE_TO_ENTRY_CONN(conn)->socks_request)
        EDGE_TO_ENTRY_CONN(conn)->socks_request->has_finished = 1;
    }
205
    connection_mark_for_close(TO_CONN(conn));
206
207
208
209
210
  }
  return 0;
}

/** Handle new bytes on conn->inbuf based on state:
211
212
 *   - If it's waiting for socks info, try to read another step of the
 *     socks handshake out of conn->inbuf.
213
 *   - If it's waiting for the original destination, fetch it.
214
215
216
217
 *   - If it's open, then package more relay cells from the stream.
 *   - Else, leave the bytes on inbuf alone for now.
 *
 * Mark and return -1 if there was an unexpected error with the conn,
218
219
 * else return 0.
 */
220
int
221
connection_edge_process_inbuf(edge_connection_t *conn, int package_partial)
222
{
Roger Dingledine's avatar
Roger Dingledine committed
223
  tor_assert(conn);
224

225
  switch (conn->base_.state) {
226
    case AP_CONN_STATE_SOCKS_WAIT:
227
      if (connection_ap_handshake_process_socks(EDGE_TO_ENTRY_CONN(conn)) <0) {
228
        /* already marked */
229
230
231
        return -1;
      }
      return 0;
232
    case AP_CONN_STATE_NATD_WAIT:
233
      if (connection_ap_process_natd(EDGE_TO_ENTRY_CONN(conn)) < 0) {
234
235
236
237
        /* already marked */
        return -1;
      }
      return 0;
238
239
    case AP_CONN_STATE_OPEN:
    case EXIT_CONN_STATE_OPEN:
240
      if (connection_edge_package_raw_inbuf(conn, package_partial, NULL) < 0) {
241
        /* (We already sent an end cell if possible) */
242
        connection_mark_for_close(TO_CONN(conn));
243
244
        return -1;
      }
245
      return 0;
246
    case AP_CONN_STATE_CONNECT_WAIT:
247
      if (connection_ap_supports_optimistic_data(EDGE_TO_ENTRY_CONN(conn))) {
248
249
250
        log_info(LD_EDGE,
                 "data from edge while in '%s' state. Sending it anyway. "
                 "package_partial=%d, buflen=%ld",
251
                 conn_state_to_string(conn->base_.type, conn->base_.state),
252
253
                 package_partial,
                 (long)connection_get_inbuf_len(TO_CONN(conn)));
254
255
256
257
258
259
260
261
262
        if (connection_edge_package_raw_inbuf(conn, package_partial, NULL)<0) {
          /* (We already sent an end cell if possible) */
          connection_mark_for_close(TO_CONN(conn));
          return -1;
        }
        return 0;
      }
      /* Fall through if the connection is on a circuit without optimistic
       * data support. */
263
      /* Falls through. */
264
    case EXIT_CONN_STATE_CONNECTING:
265
    case AP_CONN_STATE_RENDDESC_WAIT:
266
    case AP_CONN_STATE_CIRCUIT_WAIT:
267
    case AP_CONN_STATE_RESOLVE_WAIT:
268
    case AP_CONN_STATE_CONTROLLER_WAIT:
Roger Dingledine's avatar
Roger Dingledine committed
269
270
      log_info(LD_EDGE,
               "data from edge while in '%s' state. Leaving it on buffer.",
271
               conn_state_to_string(conn->base_.type, conn->base_.state));
272
273
      return 0;
  }
274
  log_warn(LD_BUG,"Got unexpected state %d. Closing.",conn->base_.state);
275
  tor_fragile_assert();
276
  connection_edge_end(conn, END_STREAM_REASON_INTERNAL);
277
  connection_mark_for_close(TO_CONN(conn));
278
  return -1;
279
280
}

281
282
283
/** This edge needs to be closed, because its circuit has closed.
 * Mark it for close and return 0.
 */
284
int
285
connection_edge_destroy(circid_t circ_id, edge_connection_t *conn)
286
{
287
  if (!conn->base_.marked_for_close) {
288
289
    log_info(LD_EDGE, "CircID %u: At an edge. Marking connection for close.",
             (unsigned) circ_id);
290
    if (conn->base_.type == CONN_TYPE_AP) {
291
292
      entry_connection_t *entry_conn = EDGE_TO_ENTRY_CONN(conn);
      connection_mark_unattached_ap(entry_conn, END_STREAM_REASON_DESTROY);
293
      control_event_stream_bandwidth(conn);
294
      control_event_stream_status(entry_conn, STREAM_EVENT_CLOSED,
295
296
                                  END_STREAM_REASON_DESTROY);
      conn->end_reason |= END_STREAM_REASON_FLAG_ALREADY_SENT_CLOSED;
297
    } else {
298
      /* closing the circuit, nothing to send an END to */
299
      conn->edge_has_sent_end = 1;
300
      conn->end_reason = END_STREAM_REASON_DESTROY;
301
      conn->end_reason |= END_STREAM_REASON_FLAG_ALREADY_SENT_CLOSED;
302
      connection_mark_and_flush(TO_CONN(conn));
303
    }
304
  }
305
  conn->cpath_layer = NULL;
306
  conn->on_circuit = NULL;
307
308
309
  return 0;
}

310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
/** Send a raw end cell to the stream with ID <b>stream_id</b> out over the
 * <b>circ</b> towards the hop identified with <b>cpath_layer</b>. If this
 * is not a client connection, set the relay end cell's reason for closing
 * as <b>reason</b> */
static int
relay_send_end_cell_from_edge(streamid_t stream_id, circuit_t *circ,
                              uint8_t reason, crypt_path_t *cpath_layer)
{
  char payload[1];

  if (CIRCUIT_PURPOSE_IS_CLIENT(circ->purpose)) {
    /* Never send the server an informative reason code; it doesn't need to
     * know why the client stream is failing. */
    reason = END_STREAM_REASON_MISC;
  }

  payload[0] = (char) reason;

  return relay_send_command_from_edge(stream_id, circ, RELAY_COMMAND_END,
                                      payload, 1, cpath_layer);
}

/** Send a relay end cell from stream <b>conn</b> down conn's circuit, and
 * remember that we've done so.  If this is not a client connection, set the
 * relay end cell's reason for closing as <b>reason</b>.
335
336
337
338
 *
 * Return -1 if this function has already been called on this conn,
 * else return 0.
 */
339
int
340
connection_edge_end(edge_connection_t *conn, uint8_t reason)
341
{
342
  char payload[RELAY_PAYLOAD_SIZE];
343
  size_t payload_len=1;
344
  circuit_t *circ;
Mike Perry's avatar
   
Mike Perry committed
345
  uint8_t control_reason = reason;
346

347
  if (conn->edge_has_sent_end) {
348
    log_warn(LD_BUG,"(Harmless.) Calling connection_edge_end (reason %d) "
Roger Dingledine's avatar
Roger Dingledine committed
349
             "on an already ended stream?", reason);
350
    tor_fragile_assert();
351
    return -1;
352
353
  }

354
  if (conn->base_.marked_for_close) {
Roger Dingledine's avatar
Roger Dingledine committed
355
    log_warn(LD_BUG,
356
             "called on conn that's already marked for close at %s:%d.",
357
             conn->base_.marked_for_close_file, conn->base_.marked_for_close);
358
359
360
    return 0;
  }

361
362
363
364
365
366
367
368
369
  circ = circuit_get_by_edge_conn(conn);
  if (circ && CIRCUIT_PURPOSE_IS_CLIENT(circ->purpose)) {
    /* If this is a client circuit, don't send the server an informative
     * reason code; it doesn't need to know why the client stream is
     * failing. */
    reason = END_STREAM_REASON_MISC;
  }

  payload[0] = (char)reason;
370
371
  if (reason == END_STREAM_REASON_EXITPOLICY &&
      !connection_edge_is_rendezvous_stream(conn)) {
372
    int addrlen;
373
374
    if (tor_addr_family(&conn->base_.addr) == AF_INET) {
      set_uint32(payload+1, tor_addr_to_ipv4n(&conn->base_.addr));
375
376
      addrlen = 4;
    } else {
377
      memcpy(payload+1, tor_addr_to_in6_addr8(&conn->base_.addr), 16);
378
379
380
381
      addrlen = 16;
    }
    set_uint32(payload+1+addrlen, htonl(dns_clip_ttl(conn->address_ttl)));
    payload_len += 4+addrlen;
382
383
  }

384
  if (circ && !circ->marked_for_close) {
385
386
    log_debug(LD_EDGE,"Sending end on conn (fd "TOR_SOCKET_T_FORMAT").",
              conn->base_.s);
387
    connection_edge_send_command(conn, RELAY_COMMAND_END,
388
                                 payload, payload_len);
389
  } else {
Nick Mathewson's avatar
Nick Mathewson committed
390
391
    log_debug(LD_EDGE,"No circ to send end on conn "
              "(fd "TOR_SOCKET_T_FORMAT").",
392
              conn->base_.s);
393
394
  }

395
  conn->edge_has_sent_end = 1;
Mike Perry's avatar
   
Mike Perry committed
396
  conn->end_reason = control_reason;
397
  return 0;
398
399
}

Nick Mathewson's avatar
Nick Mathewson committed
400
/** An error has just occurred on an operation on an edge connection
401
402
 * <b>conn</b>.  Extract the errno; convert it to an end reason, and send an
 * appropriate relay end cell to the other end of the connection's circuit.
403
 **/
404
int
405
connection_edge_end_errno(edge_connection_t *conn)
406
407
408
{
  uint8_t reason;
  tor_assert(conn);
409
  reason = errno_to_stream_end_reason(tor_socket_errno(conn->base_.s));
410
  return connection_edge_end(conn, reason);
411
412
}

413
414
415
416
417
418
419
420
/** We just wrote some data to <b>conn</b>; act appropriately.
 *
 * (That is, if it's open, consider sending a stream-level sendme cell if we
 * have just flushed enough.)
 */
int
connection_edge_flushed_some(edge_connection_t *conn)
{
421
  switch (conn->base_.state) {
422
423
424
425
426
427
428
429
    case AP_CONN_STATE_OPEN:
    case EXIT_CONN_STATE_OPEN:
      connection_edge_consider_sending_sendme(conn);
      break;
  }
  return 0;
}

430
431
432
433
434
435
436
437
438
439
/** Connection <b>conn</b> has finished writing and has no bytes left on
 * its outbuf.
 *
 * If it's in state 'open', stop writing, consider responding with a
 * sendme, and return.
 * Otherwise, stop writing and return.
 *
 * If <b>conn</b> is broken, mark it for close and return -1, else
 * return 0.
 */
440
int
441
connection_edge_finished_flushing(edge_connection_t *conn)
442
{
Roger Dingledine's avatar
Roger Dingledine committed
443
  tor_assert(conn);
444

445
  switch (conn->base_.state) {
446
447
    case AP_CONN_STATE_OPEN:
    case EXIT_CONN_STATE_OPEN:
448
      connection_edge_consider_sending_sendme(conn);
449
      return 0;
Roger Dingledine's avatar
Roger Dingledine committed
450
    case AP_CONN_STATE_SOCKS_WAIT:
451
    case AP_CONN_STATE_NATD_WAIT:
452
    case AP_CONN_STATE_RENDDESC_WAIT:
453
    case AP_CONN_STATE_CIRCUIT_WAIT:
454
    case AP_CONN_STATE_CONNECT_WAIT:
455
    case AP_CONN_STATE_CONTROLLER_WAIT:
456
    case AP_CONN_STATE_RESOLVE_WAIT:
Roger Dingledine's avatar
Roger Dingledine committed
457
      return 0;
458
    default:
459
      log_warn(LD_BUG, "Called in unexpected state %d.",conn->base_.state);
460
      tor_fragile_assert();
461
      return -1;
462
463
464
465
  }
  return 0;
}

466
467
468
/** Longest size for the relay payload of a RELAY_CONNECTED cell that we're
 * able to generate. */
/* 4 zero bytes; 1 type byte; 16 byte IPv6 address; 4 byte TTL. */
469
470
#define MAX_CONNECTED_CELL_PAYLOAD_LEN 25

471
472
473
474
475
476
/** Set the buffer at <b>payload_out</b> -- which must have at least
 * MAX_CONNECTED_CELL_PAYLOAD_LEN bytes available -- to the body of a
 * RELAY_CONNECTED cell indicating that we have connected to <b>addr</b>, and
 * that the name resolution that led us to <b>addr</b> will be valid for
 * <b>ttl</b> seconds. Return -1 on error, or the number of bytes used on
 * success. */
477
STATIC int
478
479
480
481
482
483
484
connected_cell_format_payload(uint8_t *payload_out,
                              const tor_addr_t *addr,
                              uint32_t ttl)
{
  const sa_family_t family = tor_addr_family(addr);
  int connected_payload_len;

485
486
487
  /* should be needless */
  memset(payload_out, 0, MAX_CONNECTED_CELL_PAYLOAD_LEN);

488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
  if (family == AF_INET) {
    set_uint32(payload_out, tor_addr_to_ipv4n(addr));
    connected_payload_len = 4;
  } else if (family == AF_INET6) {
    set_uint32(payload_out, 0);
    set_uint8(payload_out + 4, 6);
    memcpy(payload_out + 5, tor_addr_to_in6_addr8(addr), 16);
    connected_payload_len = 21;
  } else {
    return -1;
  }

  set_uint32(payload_out + connected_payload_len, htonl(dns_clip_ttl(ttl)));
  connected_payload_len += 4;

  tor_assert(connected_payload_len <= MAX_CONNECTED_CELL_PAYLOAD_LEN);

  return connected_payload_len;
}

508
509
510
/** Connected handler for exit connections: start writing pending
 * data, deliver 'CONNECTED' relay cells as appropriate, and check
 * any pending data that may have been received. */
511
int
512
connection_edge_finished_connecting(edge_connection_t *edge_conn)
513
{
514
  connection_t *conn;
515

516
  tor_assert(edge_conn);
517
  tor_assert(edge_conn->base_.type == CONN_TYPE_EXIT);
518
  conn = TO_CONN(edge_conn);
519
520
  tor_assert(conn->state == EXIT_CONN_STATE_CONNECTING);

Roger Dingledine's avatar
Roger Dingledine committed
521
  log_info(LD_EXIT,"Exit connection to %s:%u (%s) established.",
522
           escaped_safe_str(conn->address), conn->port,
523
           safe_str(fmt_and_decorate_addr(&conn->addr)));
524

525
  rep_hist_note_exit_stream_opened(conn->port);
526

527
  conn->state = EXIT_CONN_STATE_OPEN;
528
  connection_watch_events(conn, READ_EVENT); /* stop writing, keep reading */
529
  if (connection_get_outbuf_len(conn)) /* in case there are any queued relay
530
                                        * cells */
531
532
    connection_start_writing(conn);
  /* deliver a 'connected' relay cell back through the circuit. */
533
534
  if (connection_edge_is_rendezvous_stream(edge_conn)) {
    if (connection_edge_send_command(edge_conn,
535
                                     RELAY_COMMAND_CONNECTED, NULL, 0) < 0)
536
537
      return 0; /* circuit is closed, don't continue */
  } else {
538
539
540
541
542
543
544
    uint8_t connected_payload[MAX_CONNECTED_CELL_PAYLOAD_LEN];
    int connected_payload_len =
      connected_cell_format_payload(connected_payload, &conn->addr,
                                    edge_conn->address_ttl);
    if (connected_payload_len < 0)
      return -1;

545
    if (connection_edge_send_command(edge_conn,
546
547
                        RELAY_COMMAND_CONNECTED,
                        (char*)connected_payload, connected_payload_len) < 0)
548
549
      return 0; /* circuit is closed, don't continue */
  }
550
  tor_assert(edge_conn->package_window > 0);
551
  /* in case the server has written anything */
552
  return connection_edge_process_inbuf(edge_conn, 1);
553
554
}

555
556
557
558
559
560
561
562
/** A list of all the entry_connection_t * objects that are not marked
 * for close, and are in AP_CONN_STATE_CIRCUIT_WAIT.
 *
 * (Right now, we check in several places to make sure that this list is
 * correct.  When it's incorrect, we'll fix it, and log a BUG message.)
 */
static smartlist_t *pending_entry_connections = NULL;

563
564
static int untried_pending_connections = 0;

565
566
567
568
569
570
571
572
573
574
575
576
577
/** Common code to connection_(ap|exit)_about_to_close. */
static void
connection_edge_about_to_close(edge_connection_t *edge_conn)
{
  if (!edge_conn->edge_has_sent_end) {
    connection_t *conn = TO_CONN(edge_conn);
    log_warn(LD_BUG, "(Harmless.) Edge connection (marked at %s:%d) "
             "hasn't sent end yet?",
             conn->marked_for_close_file, conn->marked_for_close);
    tor_fragile_assert();
  }
}

578
/** Called when we're about to finally unlink and free an AP (client)
579
580
 * connection: perform necessary accounting and cleanup */
void
581
connection_ap_about_to_close(entry_connection_t *entry_conn)
582
583
{
  circuit_t *circ;
584
585
  edge_connection_t *edge_conn = ENTRY_TO_EDGE_CONN(entry_conn);
  connection_t *conn = ENTRY_TO_CONN(entry_conn);
586

587
588
  connection_edge_about_to_close(edge_conn);

589
  if (entry_conn->socks_request->has_finished == 0) {
590
591
592
593
594
595
596
597
598
599
600
    /* since conn gets removed right after this function finishes,
     * there's no point trying to send back a reply at this point. */
    log_warn(LD_BUG,"Closing stream (marked at %s:%d) without sending"
             " back a socks reply.",
             conn->marked_for_close_file, conn->marked_for_close);
  }
  if (!edge_conn->end_reason) {
    log_warn(LD_BUG,"Closing stream (marked at %s:%d) without having"
             " set end_reason.",
             conn->marked_for_close_file, conn->marked_for_close);
  }
601
  if (entry_conn->dns_server_request) {
602
603
604
    log_warn(LD_BUG,"Closing stream (marked at %s:%d) without having"
             " replied to DNS request.",
             conn->marked_for_close_file, conn->marked_for_close);
605
    dnsserv_reject_request(entry_conn);
606
  }
607
608
609
610
611
612
613
614

  if (TO_CONN(edge_conn)->state == AP_CONN_STATE_CIRCUIT_WAIT) {
    smartlist_remove(pending_entry_connections, entry_conn);
  }

#if 1
  /* Check to make sure that this isn't in pending_entry_connections if it
   * didn't actually belong there. */
615
616
617
  if (TO_CONN(edge_conn)->type == CONN_TYPE_AP) {
    connection_ap_warn_and_unmark_if_pending_circ(entry_conn,
                                                  "about_to_close");
618
619
620
  }
#endif

621
  control_event_stream_bandwidth(edge_conn);
622
  control_event_stream_status(entry_conn, STREAM_EVENT_CLOSED,
623
624
625
626
627
628
                              edge_conn->end_reason);
  circ = circuit_get_by_edge_conn(edge_conn);
  if (circ)
    circuit_detach_stream(circ, edge_conn);
}

629
/** Called when we're about to finally unlink and free an exit
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
 * connection: perform necessary accounting and cleanup */
void
connection_exit_about_to_close(edge_connection_t *edge_conn)
{
  circuit_t *circ;
  connection_t *conn = TO_CONN(edge_conn);

  connection_edge_about_to_close(edge_conn);

  circ = circuit_get_by_edge_conn(edge_conn);
  if (circ)
    circuit_detach_stream(circ, edge_conn);
  if (conn->state == EXIT_CONN_STATE_RESOLVING) {
    connection_dns_remove(edge_conn);
  }
}

647
648
/** Define a schedule for how long to wait between retrying
 * application connections. Rather than waiting a fixed amount of
649
 * time between each retry, we wait 10 seconds each for the first
650
 * two tries, and 15 seconds for each retry after
651
 * that. Hopefully this will improve the expected user experience. */
652
static int
653
compute_retry_timeout(entry_connection_t *conn)
654
{
655
656
657
  int timeout = get_options()->CircuitStreamTimeout;
  if (timeout) /* if our config options override the default, use them */
    return timeout;
658
  if (conn->num_socks_retries < 2) /* try 0 and try 1 */
659
660
661
662
    return 10;
  return 15;
}

663
/** Find all general-purpose AP streams waiting for a response that sent their
664
 * begin/resolve cell too long ago. Detach from their current circuit, and
665
 * mark their current circuit as unsuitable for new streams. Then call
666
667
668
 * connection_ap_handshake_attach_circuit() to attach to a new circuit (if
 * available) or launch a new one.
 *
669
 * For rendezvous streams, simply give up after SocksTimeout seconds (with no
670
671
 * retry attempt).
 */
672
673
674
void
connection_ap_expire_beginning(void)
{
675
  edge_connection_t *conn;
676
  entry_connection_t *entry_conn;
677
  circuit_t *circ;
678
  time_t now = time(NULL);
679
  const or_options_t *options = get_options();
680
  int severity;
681
  int cutoff;
682
  int seconds_idle, seconds_since_born;
683
  smartlist_t *conns = get_connection_array();
684

685
686
  SMARTLIST_FOREACH_BEGIN(conns, connection_t *, base_conn) {
    if (base_conn->type != CONN_TYPE_AP || base_conn->marked_for_close)
687
      continue;
688
689
    entry_conn = TO_ENTRY_CONN(base_conn);
    conn = ENTRY_TO_EDGE_CONN(entry_conn);
690
    /* if it's an internal linked connection, don't yell its status. */
691
    severity = (tor_addr_is_null(&base_conn->addr) && !base_conn->port)
692
      ? LOG_INFO : LOG_NOTICE;
693
694
    seconds_idle = (int)( now - base_conn->timestamp_lastread );
    seconds_since_born = (int)( now - base_conn->timestamp_created );
695

696
    if (base_conn->state == AP_CONN_STATE_OPEN)
697
698
699
700
701
702
      continue;

    /* We already consider SocksTimeout in
     * connection_ap_handshake_attach_circuit(), but we need to consider
     * it here too because controllers that put streams in controller_wait
     * state never ask Tor to attach the circuit. */
703
    if (AP_CONN_STATE_IS_UNATTACHED(base_conn->state)) {
704
      if (seconds_since_born >= options->SocksTimeout) {
705
706
707
        log_fn(severity, LD_APP,
            "Tried for %d seconds to get a connection to %s:%d. "
            "Giving up. (%s)",
708
            seconds_since_born,
709
710
711
712
            safe_str_client(entry_conn->socks_request->address),
            entry_conn->socks_request->port,
            conn_state_to_string(CONN_TYPE_AP, base_conn->state));
        connection_mark_unattached_ap(entry_conn, END_STREAM_REASON_TIMEOUT);
713
714
715
716
      }
      continue;
    }

717
718
719
    /* We're in state connect_wait or resolve_wait now -- waiting for a
     * reply to our relay cell. See if we want to retry/give up. */

720
    cutoff = compute_retry_timeout(entry_conn);
721
    if (seconds_idle < cutoff)
722
      continue;
723
    circ = circuit_get_by_edge_conn(conn);
724
    if (!circ) { /* it's vanished? */
Roger Dingledine's avatar
Roger Dingledine committed
725
      log_info(LD_APP,"Conn is waiting (address %s), but lost its circ.",
726
727
               safe_str_client(entry_conn->socks_request->address));
      connection_mark_unattached_ap(entry_conn, END_STREAM_REASON_TIMEOUT);
728
729
      continue;
    }
730
    if (circ->purpose == CIRCUIT_PURPOSE_C_REND_JOINED) {
731
      if (seconds_idle >= options->SocksTimeout) {
732
733
734
        log_fn(severity, LD_REND,
               "Rend stream is %d seconds late. Giving up on address"
               " '%s.onion'.",
735
               seconds_idle,
736
               safe_str_client(entry_conn->socks_request->address));
737
738
739
740
        /* Roll back path bias use state so that we probe the circuit
         * if nothing else succeeds on it */
        pathbias_mark_use_rollback(TO_ORIGIN_CIRCUIT(circ));

741
        connection_edge_end(conn, END_STREAM_REASON_TIMEOUT);
742
        connection_mark_unattached_ap(entry_conn, END_STREAM_REASON_TIMEOUT);
743
744
745
      }
      continue;
    }
746
747
748
    if (circ->purpose != CIRCUIT_PURPOSE_C_GENERAL &&
        circ->purpose != CIRCUIT_PURPOSE_C_MEASURE_TIMEOUT &&
        circ->purpose != CIRCUIT_PURPOSE_PATH_BIAS_TESTING) {
Nick Mathewson's avatar
Nick Mathewson committed
749
750
751
752
753
754
      log_warn(LD_BUG, "circuit->purpose == CIRCUIT_PURPOSE_C_GENERAL failed. "
               "The purpose on the circuit was %s; it was in state %s, "
               "path_state %s.",
               circuit_purpose_to_string(circ->purpose),
               circuit_state_to_string(circ->state),
               CIRCUIT_IS_ORIGIN(circ) ?
Nick Mathewson's avatar
Nick Mathewson committed
755
756
                pathbias_state_to_string(TO_ORIGIN_CIRCUIT(circ)->path_state) :
                "none");
Nick Mathewson's avatar
Nick Mathewson committed
757
    }
758
    log_fn(cutoff < 15 ? LOG_INFO : severity, LD_APP,
759
           "We tried for %d seconds to connect to '%s' using exit %s."
760
           " Retrying on a new circuit.",
761
           seconds_idle,
762
           safe_str_client(entry_conn->socks_request->address),
763
           conn->cpath_layer ?
764
765
             extend_info_describe(conn->cpath_layer->extend_info):
             "*unnamed*");
766
    /* send an end down the circuit */
767
    connection_edge_end(conn, END_STREAM_REASON_TIMEOUT);
768
    /* un-mark it as ending, since we're going to reuse it */
769
    conn->edge_has_sent_end = 0;
770
    conn->end_reason = 0;
771
772
773
774
    /* make us not try this circuit again, but allow
     * current streams on it to survive if they can */
    mark_circuit_unusable_for_new_conns(TO_ORIGIN_CIRCUIT(circ));

775
    /* give our stream another 'cutoff' seconds to try */
776
    conn->base_.timestamp_lastread += cutoff;
777
778
    if (entry_conn->num_socks_retries < 250) /* avoid overflow */
      entry_conn->num_socks_retries++;
779
    /* move it back into 'pending' state, and try to attach. */
780
    if (connection_ap_detach_retriable(entry_conn, TO_ORIGIN_CIRCUIT(circ),
781
                                       END_STREAM_REASON_TIMEOUT)<0) {
782
      if (!base_conn->marked_for_close)
783
784
        connection_mark_unattached_ap(entry_conn,
                                      END_STREAM_REASON_CANT_ATTACH);
785
    }
786
  } SMARTLIST_FOREACH_END(base_conn);
787
788
}

789
790
791
/**
 * As connection_ap_attach_pending, but first scans the entire connection
 * array to see if any elements are missing.
792
 */
793
void
794
connection_ap_rescan_and_attach_pending(void)
795
{
796
  entry_connection_t *entry_conn;
797
  smartlist_t *conns = get_connection_array();
798
799
800
801

  if (PREDICT_UNLIKELY(NULL == pending_entry_connections))
    pending_entry_connections = smartlist_new();

802
  SMARTLIST_FOREACH_BEGIN(conns, connection_t *, conn) {
Roger Dingledine's avatar
Roger Dingledine committed
803
804
    if (conn->marked_for_close ||
        conn->type != CONN_TYPE_AP ||
805
        conn->state != AP_CONN_STATE_CIRCUIT_WAIT)
806
      continue;
807

808
    entry_conn = TO_ENTRY_CONN(conn);
809
    tor_assert(entry_conn);
810
811
812
813
814
    if (! smartlist_contains(pending_entry_connections, entry_conn)) {
      log_warn(LD_BUG, "Found a connection %p that was supposed to be "
               "in pending_entry_connections, but wasn't. No worries; "
               "adding it.",
               pending_entry_connections);
815
      untried_pending_connections = 1;
816
      connection_ap_mark_as_pending_circuit(entry_conn);
817
818
819
820
    }

  } SMARTLIST_FOREACH_END(conn);

821
  connection_ap_attach_pending(1);
822
823
}

824
825
826
827
828
829
830
831
832
#ifdef DEBUGGING_17659
#define UNMARK() do {                           \
    entry_conn->marked_pending_circ_line = 0;   \
    entry_conn->marked_pending_circ_file = 0;   \
  } while (0)
#else
#define UNMARK() do { } while (0)
#endif

833
834
/** Tell any AP streams that are listed as waiting for a new circuit to try
 * again, either attaching to an available circ or launching a new one.
835
836
837
 *
 * If <b>retry</b> is false, only check the list if it contains at least one
 * streams that we have not yet tried to attach to a circuit.
838
839
 */
void
840
connection_ap_attach_pending(int retry)
841
842
843
844
845
{
  if (PREDICT_UNLIKELY(!pending_entry_connections)) {
    return;
  }

846
847
848
  if (untried_pending_connections == 0 && !retry)
    return;

Nick Mathewson's avatar
Nick Mathewson committed
849
850
851
852
853
854
  /* Don't allow modifications to pending_entry_connections while we are
   * iterating over it. */
  smartlist_t *pending = pending_entry_connections;
  pending_entry_connections = smartlist_new();

  SMARTLIST_FOREACH_BEGIN(pending,
855
856
                          entry_connection_t *, entry_conn) {
    connection_t *conn = ENTRY_TO_CONN(entry_conn);
857
    tor_assert(conn && entry_conn);
858
    if (conn->marked_for_close) {
859
      UNMARK();
860
861
      continue;
    }
862
    if (conn->magic != ENTRY_CONNECTION_MAGIC) {
863
      log_warn(LD_BUG, "%p has impossible magic value %u.",
864
               entry_conn, (unsigned)conn->magic);
865
      UNMARK();
866
867
      continue;
    }
868
    if (conn->state != AP_CONN_STATE_CIRCUIT_WAIT) {
869
870
871
      // XXXX 030 -- this is downgraded in 0.2.9, since we apparently
      // XXXX are running into it in practice.  It's harmless.
      log_info(LD_BUG, "%p is no longer in circuit_wait. Its current state "
872
873
874
               "is %s. Why is it on pending_entry_connections?",
               entry_conn,
               conn_state_to_string(conn->type, conn->state));
875
      UNMARK();
876
877
878
      continue;
    }

879
880
881
    if (connection_ap_handshake_attach_circuit(entry_conn) < 0) {
      if (!conn->marked_for_close)
        connection_mark_unattached_ap(entry_conn,
882
                                      END_STREAM_REASON_CANT_ATTACH);
883
    }
884

Nick Mathewson's avatar
Nick Mathewson committed
885
886
887
888
889
890
891
    if (! conn->marked_for_close &&
        conn->type == CONN_TYPE_AP &&
        conn->state == AP_CONN_STATE_CIRCUIT_WAIT) {
      if (!smartlist_contains(pending_entry_connections, entry_conn)) {
        smartlist_add(pending_entry_connections, entry_conn);
        continue;
      }
892
893
    }

Nick Mathewson's avatar
Nick Mathewson committed
894
    UNMARK();
895
  } SMARTLIST_FOREACH_END(entry_conn);
896

Nick Mathewson's avatar
Nick Mathewson committed
897
  smartlist_free(pending);
898
  untried_pending_connections = 0;
899
900
901
902
903
904
905
906
907
908
}

/** Mark <b>entry_conn</b> as needing to get attached to a circuit.
 *
 * And <b>entry_conn</b> must be in AP_CONN_STATE_CIRCUIT_WAIT,
 * should not already be pending a circuit.  The circuit will get
 * launched or the connection will get attached the next time we
 * call connection_ap_attach_pending().
 */
void
909
910
connection_ap_mark_as_pending_circuit_(entry_connection_t *entry_conn,
                                       const char *fname, int lineno)
911
912
913
{
  connection_t *conn = ENTRY_TO_CONN(entry_conn);
  tor_assert(conn->state == AP_CONN_STATE_CIRCUIT_WAIT);
914
  tor_assert(conn->magic == ENTRY_CONNECTION_MAGIC);
915
916
917
918
919
920
921
922
  if (conn->marked_for_close)
    return;

  if (PREDICT_UNLIKELY(NULL == pending_entry_connections))
    pending_entry_connections = smartlist_new();

  if (PREDICT_UNLIKELY(smartlist_contains(pending_entry_connections,
                                          entry_conn))) {
923
    log_warn(LD_BUG, "What?? pending_entry_connections already contains %p! "
924
             "(Called from %s:%d.)",
925
             entry_conn, fname, lineno);
926
927
928
929
930
931
932
#ifd