diff options
author | Nick Mathewson <nickm@torproject.org> | 2018-07-01 14:16:25 -0400 |
---|---|---|
committer | Nick Mathewson <nickm@torproject.org> | 2018-07-01 15:20:37 -0400 |
commit | 49f88e77e5f9dec60e2409e1f6d3e3935c5eab69 (patch) | |
tree | 3db9c2fe6603a557b11e8cd6c9486612f858878c | |
parent | f54a5cbfb6d58399ee152306fcd7e0c55292a173 (diff) | |
download | tor-49f88e77e5f9dec60e2409e1f6d3e3935c5eab69.tar.gz tor-49f88e77e5f9dec60e2409e1f6d3e3935c5eab69.zip |
Extract more constants from or.h
-rw-r--r-- | src/or/circuit_st.h | 9 | ||||
-rw-r--r-- | src/or/circuitlist.h | 142 | ||||
-rw-r--r-- | src/or/circuitstats.h | 87 | ||||
-rw-r--r-- | src/or/config.c | 4 | ||||
-rw-r--r-- | src/or/connection.h | 65 | ||||
-rw-r--r-- | src/or/connection_edge.h | 49 | ||||
-rw-r--r-- | src/or/connection_or.h | 27 | ||||
-rw-r--r-- | src/or/connection_st.h | 18 | ||||
-rw-r--r-- | src/or/control.h | 15 | ||||
-rw-r--r-- | src/or/directory.c | 9 | ||||
-rw-r--r-- | src/or/directory.h | 73 | ||||
-rw-r--r-- | src/or/dos.c | 2 | ||||
-rw-r--r-- | src/or/ext_orport.h | 20 | ||||
-rw-r--r-- | src/or/networkstatus.c | 2 | ||||
-rw-r--r-- | src/or/or.h | 559 | ||||
-rw-r--r-- | src/or/proto_socks.c | 2 | ||||
-rw-r--r-- | src/or/proto_socks.h | 1 | ||||
-rw-r--r-- | src/or/routerlist.h | 29 | ||||
-rw-r--r-- | src/or/socks_request_st.h | 18 | ||||
-rw-r--r-- | src/or/transports.c | 1 | ||||
-rw-r--r-- | src/test/bench.c | 1 | ||||
-rw-r--r-- | src/test/test_channeltls.c | 2 | ||||
-rw-r--r-- | src/test/test_circuitbuild.c | 2 | ||||
-rw-r--r-- | src/test/test_controller_events.c | 2 | ||||
-rw-r--r-- | src/test/test_dir.c | 1 | ||||
-rw-r--r-- | src/test/test_dns.c | 2 | ||||
-rw-r--r-- | src/test/test_hs_client.c | 1 | ||||
-rw-r--r-- | src/test/test_oos.c | 2 | ||||
-rw-r--r-- | src/test/test_relay.c | 2 | ||||
-rw-r--r-- | src/test/test_socks.c | 1 |
30 files changed, 574 insertions, 574 deletions
diff --git a/src/or/circuit_st.h b/src/or/circuit_st.h index e53e5bf3e0..8453efa633 100644 --- a/src/or/circuit_st.h +++ b/src/or/circuit_st.h @@ -13,6 +13,15 @@ struct hs_token_t; +/** "magic" value for an origin_circuit_t */ +#define ORIGIN_CIRCUIT_MAGIC 0x35315243u +/** "magic" value for an or_circuit_t */ +#define OR_CIRCUIT_MAGIC 0x98ABC04Fu +/** "magic" value for a circuit that would have been freed by circuit_free, + * but which we're keeping around until a cpuworker reply arrives. See + * circuit_free() for more documentation. */ +#define DEAD_CIRCUIT_MAGIC 0xdeadc14c + /** * A circuit is a path over the onion routing * network. Applications can connect to one end of the circuit, and can diff --git a/src/or/circuitlist.h b/src/or/circuitlist.h index 8b41424eeb..7c9bc0199a 100644 --- a/src/or/circuitlist.h +++ b/src/or/circuitlist.h @@ -15,6 +15,147 @@ #include "lib/testsupport/testsupport.h" #include "or/hs_ident.h" +/** Circuit state: I'm the origin, still haven't done all my handshakes. */ +#define CIRCUIT_STATE_BUILDING 0 +/** Circuit state: Waiting to process the onionskin. */ +#define CIRCUIT_STATE_ONIONSKIN_PENDING 1 +/** Circuit state: I'd like to deliver a create, but my n_chan is still + * connecting. */ +#define CIRCUIT_STATE_CHAN_WAIT 2 +/** Circuit state: the circuit is open but we don't want to actually use it + * until we find out if a better guard will be available. + */ +#define CIRCUIT_STATE_GUARD_WAIT 3 +/** Circuit state: onionskin(s) processed, ready to send/receive cells. */ +#define CIRCUIT_STATE_OPEN 4 + +#define CIRCUIT_PURPOSE_MIN_ 1 + +/* these circuits were initiated elsewhere */ +#define CIRCUIT_PURPOSE_OR_MIN_ 1 +/** OR-side circuit purpose: normal circuit, at OR. */ +#define CIRCUIT_PURPOSE_OR 1 +/** OR-side circuit purpose: At OR, from the service, waiting for intro from + * clients. */ +#define CIRCUIT_PURPOSE_INTRO_POINT 2 +/** OR-side circuit purpose: At OR, from the client, waiting for the service. + */ +#define CIRCUIT_PURPOSE_REND_POINT_WAITING 3 +/** OR-side circuit purpose: At OR, both circuits have this purpose. */ +#define CIRCUIT_PURPOSE_REND_ESTABLISHED 4 +#define CIRCUIT_PURPOSE_OR_MAX_ 4 + +/* these circuits originate at this node */ + +/* here's how circ client-side purposes work: + * normal circuits are C_GENERAL. + * circuits that are c_introducing are either on their way to + * becoming open, or they are open and waiting for a + * suitable rendcirc before they send the intro. + * circuits that are c_introduce_ack_wait have sent the intro, + * but haven't gotten a response yet. + * circuits that are c_establish_rend are either on their way + * to becoming open, or they are open and have sent the + * establish_rendezvous cell but haven't received an ack. + * circuits that are c_rend_ready are open and have received a + * rend ack, but haven't heard from the service yet. if they have a + * buildstate->pending_final_cpath then they're expecting a + * cell from the service, else they're not. + * circuits that are c_rend_ready_intro_acked are open, and + * some intro circ has sent its intro and received an ack. + * circuits that are c_rend_joined are open, have heard from + * the service, and are talking to it. + */ +/** Client-side circuit purpose: Normal circuit, with cpath. */ +#define CIRCUIT_PURPOSE_C_GENERAL 5 +#define CIRCUIT_PURPOSE_C_HS_MIN_ 6 +/** Client-side circuit purpose: at the client, connecting to intro point. */ +#define CIRCUIT_PURPOSE_C_INTRODUCING 6 +/** Client-side circuit purpose: at the client, sent INTRODUCE1 to intro point, + * waiting for ACK/NAK. */ +#define CIRCUIT_PURPOSE_C_INTRODUCE_ACK_WAIT 7 +/** Client-side circuit purpose: at the client, introduced and acked, closing. + */ +#define CIRCUIT_PURPOSE_C_INTRODUCE_ACKED 8 +/** Client-side circuit purpose: at the client, waiting for ack. */ +#define CIRCUIT_PURPOSE_C_ESTABLISH_REND 9 +/** Client-side circuit purpose: at the client, waiting for the service. */ +#define CIRCUIT_PURPOSE_C_REND_READY 10 +/** Client-side circuit purpose: at the client, waiting for the service, + * INTRODUCE has been acknowledged. */ +#define CIRCUIT_PURPOSE_C_REND_READY_INTRO_ACKED 11 +/** Client-side circuit purpose: at the client, rendezvous established. */ +#define CIRCUIT_PURPOSE_C_REND_JOINED 12 +/** This circuit is used for getting hsdirs */ +#define CIRCUIT_PURPOSE_C_HSDIR_GET 13 +#define CIRCUIT_PURPOSE_C_HS_MAX_ 13 +/** This circuit is used for build time measurement only */ +#define CIRCUIT_PURPOSE_C_MEASURE_TIMEOUT 14 +#define CIRCUIT_PURPOSE_C_MAX_ 14 + +#define CIRCUIT_PURPOSE_S_HS_MIN_ 15 +/** Hidden-service-side circuit purpose: at the service, waiting for + * introductions. */ +#define CIRCUIT_PURPOSE_S_ESTABLISH_INTRO 15 +/** Hidden-service-side circuit purpose: at the service, successfully + * established intro. */ +#define CIRCUIT_PURPOSE_S_INTRO 16 +/** Hidden-service-side circuit purpose: at the service, connecting to rend + * point. */ +#define CIRCUIT_PURPOSE_S_CONNECT_REND 17 +/** Hidden-service-side circuit purpose: at the service, rendezvous + * established. */ +#define CIRCUIT_PURPOSE_S_REND_JOINED 18 +/** This circuit is used for uploading hsdirs */ +#define CIRCUIT_PURPOSE_S_HSDIR_POST 19 +#define CIRCUIT_PURPOSE_S_HS_MAX_ 19 + +/** A testing circuit; not meant to be used for actual traffic. */ +#define CIRCUIT_PURPOSE_TESTING 20 +/** A controller made this circuit and Tor should not use it. */ +#define CIRCUIT_PURPOSE_CONTROLLER 21 +/** This circuit is used for path bias probing only */ +#define CIRCUIT_PURPOSE_PATH_BIAS_TESTING 22 + +/** This circuit is used for vanguards/restricted paths. + * + * This type of circuit is *only* created preemptively and never + * on-demand. When an HS operation needs to take place (e.g. connect to an + * intro point), these circuits are then cannibalized and repurposed to the + * actual needed HS purpose. */ +#define CIRCUIT_PURPOSE_HS_VANGUARDS 23 + +#define CIRCUIT_PURPOSE_MAX_ 23 +/** A catch-all for unrecognized purposes. Currently we don't expect + * to make or see any circuits with this purpose. */ +#define CIRCUIT_PURPOSE_UNKNOWN 255 + +/** True iff the circuit purpose <b>p</b> is for a circuit that + * originated at this node. */ +#define CIRCUIT_PURPOSE_IS_ORIGIN(p) ((p)>CIRCUIT_PURPOSE_OR_MAX_) +/** True iff the circuit purpose <b>p</b> is for a circuit that originated + * here to serve as a client. (Hidden services don't count here.) */ +#define CIRCUIT_PURPOSE_IS_CLIENT(p) \ + ((p)> CIRCUIT_PURPOSE_OR_MAX_ && \ + (p)<=CIRCUIT_PURPOSE_C_MAX_) +/** True iff the circuit_t <b>c</b> is actually an origin_circuit_t. */ +#define CIRCUIT_IS_ORIGIN(c) (CIRCUIT_PURPOSE_IS_ORIGIN((c)->purpose)) +/** True iff the circuit purpose <b>p</b> is for an established rendezvous + * circuit. */ +#define CIRCUIT_PURPOSE_IS_ESTABLISHED_REND(p) \ + ((p) == CIRCUIT_PURPOSE_C_REND_JOINED || \ + (p) == CIRCUIT_PURPOSE_S_REND_JOINED) +/** True iff the circuit_t c is actually an or_circuit_t */ +#define CIRCUIT_IS_ORCIRC(c) (((circuit_t *)(c))->magic == OR_CIRCUIT_MAGIC) + +/** True iff this circuit purpose should count towards the global + * pending rate limit (set by MaxClientCircuitsPending). We count all + * general purpose circuits, as well as the first step of client onion + * service connections (HSDir gets). */ +#define CIRCUIT_PURPOSE_COUNTS_TOWARDS_MAXPENDING(p) \ + ((p) == CIRCUIT_PURPOSE_C_GENERAL || \ + (p) == CIRCUIT_PURPOSE_C_HSDIR_GET) + /** Convert a circuit_t* to a pointer to the enclosing or_circuit_t. Assert * if the cast is impossible. */ or_circuit_t *TO_OR_CIRCUIT(circuit_t *); @@ -104,4 +245,3 @@ STATIC uint32_t circuit_max_queued_item_age(const circuit_t *c, uint32_t now); #endif /* defined(CIRCUITLIST_PRIVATE) */ #endif /* !defined(TOR_CIRCUITLIST_H) */ - diff --git a/src/or/circuitstats.h b/src/or/circuitstats.h index d7d1012ce8..174730d035 100644 --- a/src/or/circuitstats.h +++ b/src/or/circuitstats.h @@ -21,6 +21,9 @@ int circuit_build_times_disabled(const or_options_t *options); int circuit_build_times_disabled_(const or_options_t *options, int ignore_consensus); +/** A build_time_t is milliseconds */ +typedef uint32_t build_time_t; + int circuit_build_times_enough_to_compute(const circuit_build_times_t *cbt); void circuit_build_times_update_state(const circuit_build_times_t *cbt, or_state_t *state); @@ -47,6 +50,89 @@ double circuit_build_times_close_rate(const circuit_build_times_t *cbt); void circuit_build_times_update_last_circ(circuit_build_times_t *cbt); void circuit_build_times_mark_circ_as_measurement_only(origin_circuit_t *circ); +/** Total size of the circuit timeout history to accumulate. + * 1000 is approx 2.5 days worth of continual-use circuits. */ +#define CBT_NCIRCUITS_TO_OBSERVE 1000 + +/** Width of the histogram bins in milliseconds */ +#define CBT_BIN_WIDTH ((build_time_t)50) + +/** Number of modes to use in the weighted-avg computation of Xm */ +#define CBT_DEFAULT_NUM_XM_MODES 3 +#define CBT_MIN_NUM_XM_MODES 1 +#define CBT_MAX_NUM_XM_MODES 20 + +/** + * CBT_BUILD_ABANDONED is our flag value to represent a force-closed + * circuit (Aka a 'right-censored' pareto value). + */ +#define CBT_BUILD_ABANDONED ((build_time_t)(INT32_MAX-1)) +#define CBT_BUILD_TIME_MAX ((build_time_t)(INT32_MAX)) + +/** Save state every 10 circuits */ +#define CBT_SAVE_STATE_EVERY 10 + +/* Circuit build times consensus parameters */ + +/** + * How long to wait before actually closing circuits that take too long to + * build in terms of CDF quantile. + */ +#define CBT_DEFAULT_CLOSE_QUANTILE 95 +#define CBT_MIN_CLOSE_QUANTILE CBT_MIN_QUANTILE_CUTOFF +#define CBT_MAX_CLOSE_QUANTILE CBT_MAX_QUANTILE_CUTOFF + +/** + * How many circuits count as recent when considering if the + * connection has gone gimpy or changed. + */ +#define CBT_DEFAULT_RECENT_CIRCUITS 20 +#define CBT_MIN_RECENT_CIRCUITS 3 +#define CBT_MAX_RECENT_CIRCUITS 1000 + +/** + * Maximum count of timeouts that finish the first hop in the past + * RECENT_CIRCUITS before calculating a new timeout. + * + * This tells us whether to abandon timeout history and set + * the timeout back to whatever circuit_build_times_get_initial_timeout() + * gives us. + */ +#define CBT_DEFAULT_MAX_RECENT_TIMEOUT_COUNT (CBT_DEFAULT_RECENT_CIRCUITS*9/10) +#define CBT_MIN_MAX_RECENT_TIMEOUT_COUNT 3 +#define CBT_MAX_MAX_RECENT_TIMEOUT_COUNT 10000 + +/** Minimum circuits before estimating a timeout */ +#define CBT_DEFAULT_MIN_CIRCUITS_TO_OBSERVE 100 +#define CBT_MIN_MIN_CIRCUITS_TO_OBSERVE 1 +#define CBT_MAX_MIN_CIRCUITS_TO_OBSERVE 10000 + +/** Cutoff percentile on the CDF for our timeout estimation. */ +#define CBT_DEFAULT_QUANTILE_CUTOFF 80 +#define CBT_MIN_QUANTILE_CUTOFF 10 +#define CBT_MAX_QUANTILE_CUTOFF 99 +double circuit_build_times_quantile_cutoff(void); + +/** How often in seconds should we build a test circuit */ +#define CBT_DEFAULT_TEST_FREQUENCY 10 +#define CBT_MIN_TEST_FREQUENCY 1 +#define CBT_MAX_TEST_FREQUENCY INT32_MAX + +/** Lowest allowable value for CircuitBuildTimeout in milliseconds */ +#define CBT_DEFAULT_TIMEOUT_MIN_VALUE (1500) +#define CBT_MIN_TIMEOUT_MIN_VALUE 500 +#define CBT_MAX_TIMEOUT_MIN_VALUE INT32_MAX + +/** Initial circuit build timeout in milliseconds */ +#define CBT_DEFAULT_TIMEOUT_INITIAL_VALUE (60*1000) +#define CBT_MIN_TIMEOUT_INITIAL_VALUE CBT_MIN_TIMEOUT_MIN_VALUE +#define CBT_MAX_TIMEOUT_INITIAL_VALUE INT32_MAX +int32_t circuit_build_times_initial_timeout(void); + +#if CBT_DEFAULT_MAX_RECENT_TIMEOUT_COUNT < CBT_MIN_MAX_RECENT_TIMEOUT_COUNT +#error "RECENT_CIRCUITS is set too low." +#endif + #ifdef CIRCUITSTATS_PRIVATE STATIC double circuit_build_times_calculate_timeout(circuit_build_times_t *cbt, double quantile); @@ -125,4 +211,3 @@ struct circuit_build_times_s { #endif /* defined(CIRCUITSTATS_PRIVATE) */ #endif /* !defined(TOR_CIRCUITSTATS_H) */ - diff --git a/src/or/config.c b/src/or/config.c index 4fb4489fca..0507c43121 100644 --- a/src/or/config.c +++ b/src/or/config.c @@ -147,6 +147,10 @@ static const char unix_socket_prefix[] = "unix:"; * configuration. */ static const char unix_q_socket_prefix[] = "unix:\""; +/* limits for TCP send and recv buffer size used for constrained sockets */ +#define MIN_CONSTRAINED_TCP_BUFFER 2048 +#define MAX_CONSTRAINED_TCP_BUFFER 262144 /* 256k */ + /** macro to help with the bulk rename of *DownloadSchedule to * *DowloadInitialDelay . */ #define DOWNLOAD_SCHEDULE(name) \ diff --git a/src/or/connection.h b/src/or/connection.h index 0b4a35cc5c..3419ee65e8 100644 --- a/src/or/connection.h +++ b/src/or/connection.h @@ -16,6 +16,71 @@ listener_connection_t *TO_LISTENER_CONN(connection_t *); struct buf_t; +#define CONN_TYPE_MIN_ 3 +/** Type for sockets listening for OR connections. */ +#define CONN_TYPE_OR_LISTENER 3 +/** A bidirectional TLS connection transmitting a sequence of cells. + * May be from an OR to an OR, or from an OP to an OR. */ +#define CONN_TYPE_OR 4 +/** A TCP connection from an onion router to a stream's destination. */ +#define CONN_TYPE_EXIT 5 +/** Type for sockets listening for SOCKS connections. */ +#define CONN_TYPE_AP_LISTENER 6 +/** A SOCKS proxy connection from the user application to the onion + * proxy. */ +#define CONN_TYPE_AP 7 +/** Type for sockets listening for HTTP connections to the directory server. */ +#define CONN_TYPE_DIR_LISTENER 8 +/** Type for HTTP connections to the directory server. */ +#define CONN_TYPE_DIR 9 +/* Type 10 is unused. */ +/** Type for listening for connections from user interface process. */ +#define CONN_TYPE_CONTROL_LISTENER 11 +/** Type for connections from user interface process. */ +#define CONN_TYPE_CONTROL 12 +/** Type for sockets listening for transparent connections redirected by pf or + * netfilter. */ +#define CONN_TYPE_AP_TRANS_LISTENER 13 +/** Type for sockets listening for transparent connections redirected by + * natd. */ +#define CONN_TYPE_AP_NATD_LISTENER 14 +/** Type for sockets listening for DNS requests. */ +#define CONN_TYPE_AP_DNS_LISTENER 15 + +/** Type for connections from the Extended ORPort. */ +#define CONN_TYPE_EXT_OR 16 +/** Type for sockets listening for Extended ORPort connections. */ +#define CONN_TYPE_EXT_OR_LISTENER 17 +/** Type for sockets listening for HTTP CONNECT tunnel connections. */ +#define CONN_TYPE_AP_HTTP_CONNECT_LISTENER 18 + +#define CONN_TYPE_MAX_ 19 +/* !!!! If _CONN_TYPE_MAX is ever over 31, we must grow the type field in + * connection_t. */ + +/* Proxy client handshake states */ +/* We use a proxy but we haven't even connected to it yet. */ +#define PROXY_INFANT 1 +/* We use an HTTP proxy and we've sent the CONNECT command. */ +#define PROXY_HTTPS_WANT_CONNECT_OK 2 +/* We use a SOCKS4 proxy and we've sent the CONNECT command. */ +#define PROXY_SOCKS4_WANT_CONNECT_OK 3 +/* We use a SOCKS5 proxy and we try to negotiate without + any authentication . */ +#define PROXY_SOCKS5_WANT_AUTH_METHOD_NONE 4 +/* We use a SOCKS5 proxy and we try to negotiate with + Username/Password authentication . */ +#define PROXY_SOCKS5_WANT_AUTH_METHOD_RFC1929 5 +/* We use a SOCKS5 proxy and we just sent our credentials. */ +#define PROXY_SOCKS5_WANT_AUTH_RFC1929_OK 6 +/* We use a SOCKS5 proxy and we just sent our CONNECT command. */ +#define PROXY_SOCKS5_WANT_CONNECT_OK 7 +/* We use a proxy and we CONNECTed successfully!. */ +#define PROXY_CONNECTED 8 + +/** State for any listener connection. */ +#define LISTENER_STATE_READY 0 + const char *conn_type_to_string(int type); const char *conn_state_to_string(int type, int state); int conn_listener_type_supports_af_unix(int type); diff --git a/src/or/connection_edge.h b/src/or/connection_edge.h index d6774668d8..24968b2778 100644 --- a/src/or/connection_edge.h +++ b/src/or/connection_edge.h @@ -18,6 +18,54 @@ edge_connection_t *TO_EDGE_CONN(connection_t *); entry_connection_t *TO_ENTRY_CONN(connection_t *); entry_connection_t *EDGE_TO_ENTRY_CONN(edge_connection_t *); +#define EXIT_CONN_STATE_MIN_ 1 +/** State for an exit connection: waiting for response from DNS farm. */ +#define EXIT_CONN_STATE_RESOLVING 1 +/** State for an exit connection: waiting for connect() to finish. */ +#define EXIT_CONN_STATE_CONNECTING 2 +/** State for an exit connection: open and ready to transmit data. */ +#define EXIT_CONN_STATE_OPEN 3 +/** State for an exit connection: waiting to be removed. */ +#define EXIT_CONN_STATE_RESOLVEFAILED 4 +#define EXIT_CONN_STATE_MAX_ 4 + +/* The AP state values must be disjoint from the EXIT state values. */ +#define AP_CONN_STATE_MIN_ 5 +/** State for a SOCKS connection: waiting for SOCKS request. */ +#define AP_CONN_STATE_SOCKS_WAIT 5 +/** State for a SOCKS connection: got a y.onion URL; waiting to receive + * rendezvous descriptor. */ +#define AP_CONN_STATE_RENDDESC_WAIT 6 +/** The controller will attach this connection to a circuit; it isn't our + * job to do so. */ +#define AP_CONN_STATE_CONTROLLER_WAIT 7 +/** State for a SOCKS connection: waiting for a completed circuit. */ +#define AP_CONN_STATE_CIRCUIT_WAIT 8 +/** State for a SOCKS connection: sent BEGIN, waiting for CONNECTED. */ +#define AP_CONN_STATE_CONNECT_WAIT 9 +/** State for a SOCKS connection: sent RESOLVE, waiting for RESOLVED. */ +#define AP_CONN_STATE_RESOLVE_WAIT 10 +/** State for a SOCKS connection: ready to send and receive. */ +#define AP_CONN_STATE_OPEN 11 +/** State for a transparent natd connection: waiting for original + * destination. */ +#define AP_CONN_STATE_NATD_WAIT 12 +/** State for an HTTP tunnel: waiting for an HTTP CONNECT command. */ +#define AP_CONN_STATE_HTTP_CONNECT_WAIT 13 +#define AP_CONN_STATE_MAX_ 13 + +#define EXIT_PURPOSE_MIN_ 1 +/** This exit stream wants to do an ordinary connect. */ +#define EXIT_PURPOSE_CONNECT 1 +/** This exit stream wants to do a resolve (either normal or reverse). */ +#define EXIT_PURPOSE_RESOLVE 2 +#define EXIT_PURPOSE_MAX_ 2 + +/** True iff the AP_CONN_STATE_* value <b>s</b> means that the corresponding + * edge connection is not attached to any circuit. */ +#define AP_CONN_STATE_IS_UNATTACHED(s) \ + ((s) <= AP_CONN_STATE_CIRCUIT_WAIT || (s) == AP_CONN_STATE_NATD_WAIT) + #define connection_mark_unattached_ap(conn, endreason) \ connection_mark_unattached_ap_((conn), (endreason), __LINE__, SHORT_FILE__) @@ -198,4 +246,3 @@ STATIC int connection_ap_process_http_connect(entry_connection_t *conn); #endif /* defined(CONNECTION_EDGE_PRIVATE) */ #endif /* !defined(TOR_CONNECTION_EDGE_H) */ - diff --git a/src/or/connection_or.h b/src/or/connection_or.h index 27574c9e98..2d95fdea18 100644 --- a/src/or/connection_or.h +++ b/src/or/connection_or.h @@ -17,6 +17,33 @@ struct ed25519_keypair_t; or_connection_t *TO_OR_CONN(connection_t *); +#define OR_CONN_STATE_MIN_ 1 +/** State for a connection to an OR: waiting for connect() to finish. */ +#define OR_CONN_STATE_CONNECTING 1 +/** State for a connection to an OR: waiting for proxy handshake to complete */ +#define OR_CONN_STATE_PROXY_HANDSHAKING 2 +/** State for an OR connection client: SSL is handshaking, not done + * yet. */ +#define OR_CONN_STATE_TLS_HANDSHAKING 3 +/** State for a connection to an OR: We're doing a second SSL handshake for + * renegotiation purposes. (V2 handshake only.) */ +#define OR_CONN_STATE_TLS_CLIENT_RENEGOTIATING 4 +/** State for a connection at an OR: We're waiting for the client to + * renegotiate (to indicate a v2 handshake) or send a versions cell (to + * indicate a v3 handshake) */ +#define OR_CONN_STATE_TLS_SERVER_RENEGOTIATING 5 +/** State for an OR connection: We're done with our SSL handshake, we've done + * renegotiation, but we haven't yet negotiated link protocol versions and + * sent a netinfo cell. */ +#define OR_CONN_STATE_OR_HANDSHAKING_V2 6 +/** State for an OR connection: We're done with our SSL handshake, but we + * haven't yet negotiated link protocol versions, done a V3 handshake, and + * sent a netinfo cell. */ +#define OR_CONN_STATE_OR_HANDSHAKING_V3 7 +/** State for an OR connection: Ready to send/receive cells. */ +#define OR_CONN_STATE_OPEN 8 +#define OR_CONN_STATE_MAX_ 8 + void connection_or_clear_identity(or_connection_t *conn); void connection_or_clear_identity_map(void); void clear_broken_connection_map(int disable); diff --git a/src/or/connection_st.h b/src/or/connection_st.h index 2e785c6e6e..6c22478689 100644 --- a/src/or/connection_st.h +++ b/src/or/connection_st.h @@ -9,6 +9,16 @@ struct buf_t; +/* Values for connection_t.magic: used to make sure that downcasts (casts from +* connection_t to foo_connection_t) are safe. */ +#define BASE_CONNECTION_MAGIC 0x7C3C304Eu +#define OR_CONNECTION_MAGIC 0x7D31FF03u +#define EDGE_CONNECTION_MAGIC 0xF0374013u +#define ENTRY_CONNECTION_MAGIC 0xbb4a5703 +#define DIR_CONNECTION_MAGIC 0x9988ffeeu +#define CONTROL_CONNECTION_MAGIC 0x8abc765du +#define LISTENER_CONNECTION_MAGIC 0x1a1ac741u + /** Description of a connection to another host or process, and associated * data. * @@ -128,4 +138,12 @@ struct connection_t { uint32_t n_written_conn_bw; }; +/** True iff <b>x</b> is an edge connection. */ +#define CONN_IS_EDGE(x) \ + ((x)->type == CONN_TYPE_EXIT || (x)->type == CONN_TYPE_AP) + +/** True iff the purpose of <b>conn</b> means that it's a server-side + * directory connection. */ +#define DIR_CONN_IS_SERVER(conn) ((conn)->purpose == DIR_PURPOSE_SERVER) + #endif diff --git a/src/or/control.h b/src/or/control.h index d6ffe4a252..53ac871078 100644 --- a/src/or/control.h +++ b/src/or/control.h @@ -84,6 +84,21 @@ typedef enum { control_connection_t *TO_CONTROL_CONN(connection_t *); +#define CONTROL_CONN_STATE_MIN_ 1 +/** State for a control connection: Authenticated and accepting v1 commands. */ +#define CONTROL_CONN_STATE_OPEN 1 +/** State for a control connection: Waiting for authentication; speaking + * protocol v1. */ +#define CONTROL_CONN_STATE_NEEDAUTH 2 +#define CONTROL_CONN_STATE_MAX_ 2 + +/** Reason for remapping an AP connection's address: we have a cached + * answer. */ +#define REMAP_STREAM_SOURCE_CACHE 1 +/** Reason for remapping an AP connection's address: the exit node told us an + * answer. */ +#define REMAP_STREAM_SOURCE_EXIT 2 + void control_initialize_event_queue(void); void control_update_global_event_mask(void); diff --git a/src/or/directory.c b/src/or/directory.c index 842cf631ed..ca925ed857 100644 --- a/src/or/directory.c +++ b/src/or/directory.c @@ -144,6 +144,15 @@ static void connection_dir_close_consensus_fetches( /********* START VARIABLES **********/ +/** Maximum size, in bytes, for resized buffers. */ +#define MAX_BUF_SIZE ((1<<24)-1) /* 16MB-1 */ +/** Maximum size, in bytes, for any directory object that we've downloaded. */ +#define MAX_DIR_DL_SIZE MAX_BUF_SIZE + +/** Maximum size, in bytes, for any directory object that we're accepting + * as an upload. */ +#define MAX_DIR_UL_SIZE MAX_BUF_SIZE + /** How far in the future do we allow a directory server to tell us it is * before deciding that one of us has the wrong time? */ #define ALLOW_DIRECTORY_TIME_SKEW (30*60) diff --git a/src/or/directory.h b/src/or/directory.h index 6ed9e9b170..992ff618fb 100644 --- a/src/or/directory.h +++ b/src/or/directory.h @@ -16,6 +16,79 @@ enum compress_method_t; dir_connection_t *TO_DIR_CONN(connection_t *c); + +#define DIR_CONN_STATE_MIN_ 1 +/** State for connection to directory server: waiting for connect(). */ +#define DIR_CONN_STATE_CONNECTING 1 +/** State for connection to directory server: sending HTTP request. */ +#define DIR_CONN_STATE_CLIENT_SENDING 2 +/** State for connection to directory server: reading HTTP response. */ +#define DIR_CONN_STATE_CLIENT_READING 3 +/** State for connection to directory server: happy and finished. */ +#define DIR_CONN_STATE_CLIENT_FINISHED 4 +/** State for connection at directory server: waiting for HTTP request. */ +#define DIR_CONN_STATE_SERVER_COMMAND_WAIT 5 +/** State for connection at directory server: sending HTTP response. */ +#define DIR_CONN_STATE_SERVER_WRITING 6 +#define DIR_CONN_STATE_MAX_ 6 + +#define DIR_PURPOSE_MIN_ 4 +/** A connection to a directory server: set after a v2 rendezvous + * descriptor is downloaded. */ +#define DIR_PURPOSE_HAS_FETCHED_RENDDESC_V2 4 +/** A connection to a directory server: download one or more server + * descriptors. */ +#define DIR_PURPOSE_FETCH_SERVERDESC 6 +/** A connection to a directory server: download one or more extra-info + * documents. */ +#define DIR_PURPOSE_FETCH_EXTRAINFO 7 +/** A connection to a directory server: upload a server descriptor. */ +#define DIR_PURPOSE_UPLOAD_DIR 8 +/** A connection to a directory server: upload a v3 networkstatus vote. */ +#define DIR_PURPOSE_UPLOAD_VOTE 10 +/** A connection to a directory server: upload a v3 consensus signature */ +#define DIR_PURPOSE_UPLOAD_SIGNATURES 11 +/** A connection to a directory server: download one or more v3 networkstatus + * votes. */ +#define DIR_PURPOSE_FETCH_STATUS_VOTE 12 +/** A connection to a directory server: download a v3 detached signatures + * object for a consensus. */ +#define DIR_PURPOSE_FETCH_DETACHED_SIGNATURES 13 +/** A connection to a directory server: download a v3 networkstatus + * consensus. */ +#define DIR_PURPOSE_FETCH_CONSENSUS 14 +/** A connection to a directory server: download one or more directory + * authority certificates. */ +#define DIR_PURPOSE_FETCH_CERTIFICATE 15 + +/** Purpose for connection at a directory server. */ +#define DIR_PURPOSE_SERVER 16 +/** A connection to a hidden service directory server: upload a v2 rendezvous + * descriptor. */ +#define DIR_PURPOSE_UPLOAD_RENDDESC_V2 17 +/** A connection to a hidden service directory server: download a v2 rendezvous + * descriptor. */ +#define DIR_PURPOSE_FETCH_RENDDESC_V2 18 +/** A connection to a directory server: download a microdescriptor. */ +#define DIR_PURPOSE_FETCH_MICRODESC 19 +/** A connection to a hidden service directory: upload a v3 descriptor. */ +#define DIR_PURPOSE_UPLOAD_HSDESC 20 +/** A connection to a hidden service directory: fetch a v3 descriptor. */ +#define DIR_PURPOSE_FETCH_HSDESC 21 +/** A connection to a directory server: set after a hidden service descriptor + * is downloaded. */ +#define DIR_PURPOSE_HAS_FETCHED_HSDESC 22 +#define DIR_PURPOSE_MAX_ 22 + +/** True iff <b>p</b> is a purpose corresponding to uploading + * data to a directory server. */ +#define DIR_PURPOSE_IS_UPLOAD(p) \ + ((p)==DIR_PURPOSE_UPLOAD_DIR || \ + (p)==DIR_PURPOSE_UPLOAD_VOTE || \ + (p)==DIR_PURPOSE_UPLOAD_SIGNATURES || \ + (p)==DIR_PURPOSE_UPLOAD_RENDDESC_V2 || \ + (p)==DIR_PURPOSE_UPLOAD_HSDESC) + int directories_have_accepted_server_descriptor(void); void directory_post_to_dirservers(uint8_t dir_purpose, uint8_t router_purpose, dirinfo_type_t type, const char *payload, diff --git a/src/or/dos.c b/src/or/dos.c index 02bdbcf35d..d86ede02cb 100644 --- a/src/or/dos.c +++ b/src/or/dos.c @@ -11,6 +11,7 @@ #include "or/or.h" #include "or/channel.h" #include "or/config.h" +#include "or/connection.h" #include "or/connection_or.h" #include "lib/crypt_ops/crypto_rand.h" #include "or/geoip.h" @@ -798,4 +799,3 @@ dos_init(void) /* To initialize, we only need to get the parameters. */ set_dos_parameters(NULL); } - diff --git a/src/or/ext_orport.h b/src/or/ext_orport.h index c235b076e7..7eebfdb25b 100644 --- a/src/or/ext_orport.h +++ b/src/or/ext_orport.h @@ -7,6 +7,25 @@ #ifndef EXT_ORPORT_H #define EXT_ORPORT_H +/** States of the Extended ORPort protocol. Be careful before changing + * the numbers: they matter. */ +#define EXT_OR_CONN_STATE_MIN_ 1 +/** Extended ORPort authentication is waiting for the authentication + * type selected by the client. */ +#define EXT_OR_CONN_STATE_AUTH_WAIT_AUTH_TYPE 1 +/** Extended ORPort authentication is waiting for the client nonce. */ +#define EXT_OR_CONN_STATE_AUTH_WAIT_CLIENT_NONCE 2 +/** Extended ORPort authentication is waiting for the client hash. */ +#define EXT_OR_CONN_STATE_AUTH_WAIT_CLIENT_HASH 3 +#define EXT_OR_CONN_STATE_AUTH_MAX 3 +/** Authentication finished and the Extended ORPort is now accepting + * traffic. */ +#define EXT_OR_CONN_STATE_OPEN 4 +/** Extended ORPort is flushing its last messages and preparing to + * start accepting OR connections. */ +#define EXT_OR_CONN_STATE_FLUSHING 5 +#define EXT_OR_CONN_STATE_MAX_ 5 + int connection_ext_or_start_auth(or_connection_t *or_conn); ext_or_cmd_t *ext_or_cmd_new(uint16_t len); @@ -43,4 +62,3 @@ extern int ext_or_auth_cookie_is_set; #endif /* defined(EXT_ORPORT_PRIVATE) */ #endif /* !defined(EXT_ORPORT_H) */ - diff --git a/src/or/networkstatus.c b/src/or/networkstatus.c index b12846197c..133ab84b3b 100644 --- a/src/or/networkstatus.c +++ b/src/or/networkstatus.c @@ -45,6 +45,7 @@ #include "or/circuitstats.h" #include "or/config.h" #include "or/connection.h" +#include "or/connection_edge.h" #include "or/connection_or.h" #include "or/consdiffmgr.h" #include "or/control.h" @@ -2719,4 +2720,3 @@ networkstatus_free_all(void) tor_free(waiting->body); } } - diff --git a/src/or/or.h b/src/or/or.h index 1a24ef1b75..be1f61edf8 100644 --- a/src/or/or.h +++ b/src/or/or.h @@ -126,17 +126,9 @@ struct curve25519_public_key_t; * equal sign or tilde, nickname. */ #define MAX_VERBOSE_NICKNAME_LEN (1+HEX_DIGEST_LEN+1+MAX_NICKNAME_LEN) -/** Maximum size, in bytes, for resized buffers. */ -#define MAX_BUF_SIZE ((1<<24)-1) /* 16MB-1 */ -/** Maximum size, in bytes, for any directory object that we've downloaded. */ -#define MAX_DIR_DL_SIZE MAX_BUF_SIZE - /** For HTTP parsing: Maximum number of bytes we'll accept in the headers * of an HTTP request or response. */ #define MAX_HEADERS_SIZE 50000 -/** Maximum size, in bytes, for any directory object that we're accepting - * as an upload. */ -#define MAX_DIR_UL_SIZE MAX_BUF_SIZE /** Maximum size, in bytes, of a single router descriptor uploaded to us * as a directory authority. Caches and clients fetch whatever descriptors @@ -179,48 +171,6 @@ struct curve25519_public_key_t; /** How old do we let a saved descriptor get before force-removing it? */ #define OLD_ROUTER_DESC_MAX_AGE (60*60*24*5) -#define CONN_TYPE_MIN_ 3 -/** Type for sockets listening for OR connections. */ -#define CONN_TYPE_OR_LISTENER 3 -/** A bidirectional TLS connection transmitting a sequence of cells. - * May be from an OR to an OR, or from an OP to an OR. */ -#define CONN_TYPE_OR 4 -/** A TCP connection from an onion router to a stream's destination. */ -#define CONN_TYPE_EXIT 5 -/** Type for sockets listening for SOCKS connections. */ -#define CONN_TYPE_AP_LISTENER 6 -/** A SOCKS proxy connection from the user application to the onion - * proxy. */ -#define CONN_TYPE_AP 7 -/** Type for sockets listening for HTTP connections to the directory server. */ -#define CONN_TYPE_DIR_LISTENER 8 -/** Type for HTTP connections to the directory server. */ -#define CONN_TYPE_DIR 9 -/* Type 10 is unused. */ -/** Type for listening for connections from user interface process. */ -#define CONN_TYPE_CONTROL_LISTENER 11 -/** Type for connections from user interface process. */ -#define CONN_TYPE_CONTROL 12 -/** Type for sockets listening for transparent connections redirected by pf or - * netfilter. */ -#define CONN_TYPE_AP_TRANS_LISTENER 13 -/** Type for sockets listening for transparent connections redirected by - * natd. */ -#define CONN_TYPE_AP_NATD_LISTENER 14 -/** Type for sockets listening for DNS requests. */ -#define CONN_TYPE_AP_DNS_LISTENER 15 - -/** Type for connections from the Extended ORPort. */ -#define CONN_TYPE_EXT_OR 16 -/** Type for sockets listening for Extended ORPort connections. */ -#define CONN_TYPE_EXT_OR_LISTENER 17 -/** Type for sockets listening for HTTP CONNECT tunnel connections. */ -#define CONN_TYPE_AP_HTTP_CONNECT_LISTENER 18 - -#define CONN_TYPE_MAX_ 19 -/* !!!! If _CONN_TYPE_MAX is ever over 31, we must grow the type field in - * connection_t. */ - /* Proxy client types */ #define PROXY_NONE 0 #define PROXY_CONNECT 1 @@ -233,355 +183,6 @@ struct curve25519_public_key_t; * instead use the actual underlying proxy type (see above). */ #define PROXY_PLUGGABLE 4 -/* Proxy client handshake states */ -/* We use a proxy but we haven't even connected to it yet. */ -#define PROXY_INFANT 1 -/* We use an HTTP proxy and we've sent the CONNECT command. */ -#define PROXY_HTTPS_WANT_CONNECT_OK 2 -/* We use a SOCKS4 proxy and we've sent the CONNECT command. */ -#define PROXY_SOCKS4_WANT_CONNECT_OK 3 -/* We use a SOCKS5 proxy and we try to negotiate without - any authentication . */ -#define PROXY_SOCKS5_WANT_AUTH_METHOD_NONE 4 -/* We use a SOCKS5 proxy and we try to negotiate with - Username/Password authentication . */ -#define PROXY_SOCKS5_WANT_AUTH_METHOD_RFC1929 5 -/* We use a SOCKS5 proxy and we just sent our credentials. */ -#define PROXY_SOCKS5_WANT_AUTH_RFC1929_OK 6 -/* We use a SOCKS5 proxy and we just sent our CONNECT command. */ -#define PROXY_SOCKS5_WANT_CONNECT_OK 7 -/* We use a proxy and we CONNECTed successfully!. */ -#define PROXY_CONNECTED 8 - -/** True iff <b>x</b> is an edge connection. */ -#define CONN_IS_EDGE(x) \ - ((x)->type == CONN_TYPE_EXIT || (x)->type == CONN_TYPE_AP) - -/** State for any listener connection. */ -#define LISTENER_STATE_READY 0 - -#define OR_CONN_STATE_MIN_ 1 -/** State for a connection to an OR: waiting for connect() to finish. */ -#define OR_CONN_STATE_CONNECTING 1 -/** State for a connection to an OR: waiting for proxy handshake to complete */ -#define OR_CONN_STATE_PROXY_HANDSHAKING 2 -/** State for an OR connection client: SSL is handshaking, not done - * yet. */ -#define OR_CONN_STATE_TLS_HANDSHAKING 3 -/** State for a connection to an OR: We're doing a second SSL handshake for - * renegotiation purposes. (V2 handshake only.) */ -#define OR_CONN_STATE_TLS_CLIENT_RENEGOTIATING 4 -/** State for a connection at an OR: We're waiting for the client to - * renegotiate (to indicate a v2 handshake) or send a versions cell (to - * indicate a v3 handshake) */ -#define OR_CONN_STATE_TLS_SERVER_RENEGOTIATING 5 -/** State for an OR connection: We're done with our SSL handshake, we've done - * renegotiation, but we haven't yet negotiated link protocol versions and - * sent a netinfo cell. */ -#define OR_CONN_STATE_OR_HANDSHAKING_V2 6 -/** State for an OR connection: We're done with our SSL handshake, but we - * haven't yet negotiated link protocol versions, done a V3 handshake, and - * sent a netinfo cell. */ -#define OR_CONN_STATE_OR_HANDSHAKING_V3 7 -/** State for an OR connection: Ready to send/receive cells. */ -#define OR_CONN_STATE_OPEN 8 -#define OR_CONN_STATE_MAX_ 8 - -/** States of the Extended ORPort protocol. Be careful before changing - * the numbers: they matter. */ -#define EXT_OR_CONN_STATE_MIN_ 1 -/** Extended ORPort authentication is waiting for the authentication - * type selected by the client. */ -#define EXT_OR_CONN_STATE_AUTH_WAIT_AUTH_TYPE 1 -/** Extended ORPort authentication is waiting for the client nonce. */ -#define EXT_OR_CONN_STATE_AUTH_WAIT_CLIENT_NONCE 2 -/** Extended ORPort authentication is waiting for the client hash. */ -#define EXT_OR_CONN_STATE_AUTH_WAIT_CLIENT_HASH 3 -#define EXT_OR_CONN_STATE_AUTH_MAX 3 -/** Authentication finished and the Extended ORPort is now accepting - * traffic. */ -#define EXT_OR_CONN_STATE_OPEN 4 -/** Extended ORPort is flushing its last messages and preparing to - * start accepting OR connections. */ -#define EXT_OR_CONN_STATE_FLUSHING 5 -#define EXT_OR_CONN_STATE_MAX_ 5 - -#define EXIT_CONN_STATE_MIN_ 1 -/** State for an exit connection: waiting for response from DNS farm. */ -#define EXIT_CONN_STATE_RESOLVING 1 -/** State for an exit connection: waiting for connect() to finish. */ -#define EXIT_CONN_STATE_CONNECTING 2 -/** State for an exit connection: open and ready to transmit data. */ -#define EXIT_CONN_STATE_OPEN 3 -/** State for an exit connection: waiting to be removed. */ -#define EXIT_CONN_STATE_RESOLVEFAILED 4 -#define EXIT_CONN_STATE_MAX_ 4 - -/* The AP state values must be disjoint from the EXIT state values. */ -#define AP_CONN_STATE_MIN_ 5 -/** State for a SOCKS connection: waiting for SOCKS request. */ -#define AP_CONN_STATE_SOCKS_WAIT 5 -/** State for a SOCKS connection: got a y.onion URL; waiting to receive - * rendezvous descriptor. */ -#define AP_CONN_STATE_RENDDESC_WAIT 6 -/** The controller will attach this connection to a circuit; it isn't our - * job to do so. */ -#define AP_CONN_STATE_CONTROLLER_WAIT 7 -/** State for a SOCKS connection: waiting for a completed circuit. */ -#define AP_CONN_STATE_CIRCUIT_WAIT 8 -/** State for a SOCKS connection: sent BEGIN, waiting for CONNECTED. */ -#define AP_CONN_STATE_CONNECT_WAIT 9 -/** State for a SOCKS connection: sent RESOLVE, waiting for RESOLVED. */ -#define AP_CONN_STATE_RESOLVE_WAIT 10 -/** State for a SOCKS connection: ready to send and receive. */ -#define AP_CONN_STATE_OPEN 11 -/** State for a transparent natd connection: waiting for original - * destination. */ -#define AP_CONN_STATE_NATD_WAIT 12 -/** State for an HTTP tunnel: waiting for an HTTP CONNECT command. */ -#define AP_CONN_STATE_HTTP_CONNECT_WAIT 13 -#define AP_CONN_STATE_MAX_ 13 - -/** True iff the AP_CONN_STATE_* value <b>s</b> means that the corresponding - * edge connection is not attached to any circuit. */ -#define AP_CONN_STATE_IS_UNATTACHED(s) \ - ((s) <= AP_CONN_STATE_CIRCUIT_WAIT || (s) == AP_CONN_STATE_NATD_WAIT) - -#define DIR_CONN_STATE_MIN_ 1 -/** State for connection to directory server: waiting for connect(). */ -#define DIR_CONN_STATE_CONNECTING 1 -/** State for connection to directory server: sending HTTP request. */ -#define DIR_CONN_STATE_CLIENT_SENDING 2 -/** State for connection to directory server: reading HTTP response. */ -#define DIR_CONN_STATE_CLIENT_READING 3 -/** State for connection to directory server: happy and finished. */ -#define DIR_CONN_STATE_CLIENT_FINISHED 4 -/** State for connection at directory server: waiting for HTTP request. */ -#define DIR_CONN_STATE_SERVER_COMMAND_WAIT 5 -/** State for connection at directory server: sending HTTP response. */ -#define DIR_CONN_STATE_SERVER_WRITING 6 -#define DIR_CONN_STATE_MAX_ 6 - -/** True iff the purpose of <b>conn</b> means that it's a server-side - * directory connection. */ -#define DIR_CONN_IS_SERVER(conn) ((conn)->purpose == DIR_PURPOSE_SERVER) - -#define CONTROL_CONN_STATE_MIN_ 1 -/** State for a control connection: Authenticated and accepting v1 commands. */ -#define CONTROL_CONN_STATE_OPEN 1 -/** State for a control connection: Waiting for authentication; speaking - * protocol v1. */ -#define CONTROL_CONN_STATE_NEEDAUTH 2 -#define CONTROL_CONN_STATE_MAX_ 2 - -#define DIR_PURPOSE_MIN_ 4 -/** A connection to a directory server: set after a v2 rendezvous - * descriptor is downloaded. */ -#define DIR_PURPOSE_HAS_FETCHED_RENDDESC_V2 4 -/** A connection to a directory server: download one or more server - * descriptors. */ -#define DIR_PURPOSE_FETCH_SERVERDESC 6 -/** A connection to a directory server: download one or more extra-info - * documents. */ -#define DIR_PURPOSE_FETCH_EXTRAINFO 7 -/** A connection to a directory server: upload a server descriptor. */ -#define DIR_PURPOSE_UPLOAD_DIR 8 -/** A connection to a directory server: upload a v3 networkstatus vote. */ -#define DIR_PURPOSE_UPLOAD_VOTE 10 -/** A connection to a directory server: upload a v3 consensus signature */ -#define DIR_PURPOSE_UPLOAD_SIGNATURES 11 -/** A connection to a directory server: download one or more v3 networkstatus - * votes. */ -#define DIR_PURPOSE_FETCH_STATUS_VOTE 12 -/** A connection to a directory server: download a v3 detached signatures - * object for a consensus. */ -#define DIR_PURPOSE_FETCH_DETACHED_SIGNATURES 13 -/** A connection to a directory server: download a v3 networkstatus - * consensus. */ -#define DIR_PURPOSE_FETCH_CONSENSUS 14 -/** A connection to a directory server: download one or more directory - * authority certificates. */ -#define DIR_PURPOSE_FETCH_CERTIFICATE 15 - -/** Purpose for connection at a directory server. */ -#define DIR_PURPOSE_SERVER 16 -/** A connection to a hidden service directory server: upload a v2 rendezvous - * descriptor. */ -#define DIR_PURPOSE_UPLOAD_RENDDESC_V2 17 -/** A connection to a hidden service directory server: download a v2 rendezvous - * descriptor. */ -#define DIR_PURPOSE_FETCH_RENDDESC_V2 18 -/** A connection to a directory server: download a microdescriptor. */ -#define DIR_PURPOSE_FETCH_MICRODESC 19 -/** A connection to a hidden service directory: upload a v3 descriptor. */ -#define DIR_PURPOSE_UPLOAD_HSDESC 20 -/** A connection to a hidden service directory: fetch a v3 descriptor. */ -#define DIR_PURPOSE_FETCH_HSDESC 21 -/** A connection to a directory server: set after a hidden service descriptor - * is downloaded. */ -#define DIR_PURPOSE_HAS_FETCHED_HSDESC 22 -#define DIR_PURPOSE_MAX_ 22 - -/** True iff <b>p</b> is a purpose corresponding to uploading - * data to a directory server. */ -#define DIR_PURPOSE_IS_UPLOAD(p) \ - ((p)==DIR_PURPOSE_UPLOAD_DIR || \ - (p)==DIR_PURPOSE_UPLOAD_VOTE || \ - (p)==DIR_PURPOSE_UPLOAD_SIGNATURES || \ - (p)==DIR_PURPOSE_UPLOAD_RENDDESC_V2 || \ - (p)==DIR_PURPOSE_UPLOAD_HSDESC) - -#define EXIT_PURPOSE_MIN_ 1 -/** This exit stream wants to do an ordinary connect. */ -#define EXIT_PURPOSE_CONNECT 1 -/** This exit stream wants to do a resolve (either normal or reverse). */ -#define EXIT_PURPOSE_RESOLVE 2 -#define EXIT_PURPOSE_MAX_ 2 - -/* !!!! If any connection purpose is ever over 31, we must grow the type - * field in connection_t. */ - -/** Circuit state: I'm the origin, still haven't done all my handshakes. */ -#define CIRCUIT_STATE_BUILDING 0 -/** Circuit state: Waiting to process the onionskin. */ -#define CIRCUIT_STATE_ONIONSKIN_PENDING 1 -/** Circuit state: I'd like to deliver a create, but my n_chan is still - * connecting. */ -#define CIRCUIT_STATE_CHAN_WAIT 2 -/** Circuit state: the circuit is open but we don't want to actually use it - * until we find out if a better guard will be available. - */ -#define CIRCUIT_STATE_GUARD_WAIT 3 -/** Circuit state: onionskin(s) processed, ready to send/receive cells. */ -#define CIRCUIT_STATE_OPEN 4 - -#define CIRCUIT_PURPOSE_MIN_ 1 - -/* these circuits were initiated elsewhere */ -#define CIRCUIT_PURPOSE_OR_MIN_ 1 -/** OR-side circuit purpose: normal circuit, at OR. */ -#define CIRCUIT_PURPOSE_OR 1 -/** OR-side circuit purpose: At OR, from the service, waiting for intro from - * clients. */ -#define CIRCUIT_PURPOSE_INTRO_POINT 2 -/** OR-side circuit purpose: At OR, from the client, waiting for the service. - */ -#define CIRCUIT_PURPOSE_REND_POINT_WAITING 3 -/** OR-side circuit purpose: At OR, both circuits have this purpose. */ -#define CIRCUIT_PURPOSE_REND_ESTABLISHED 4 -#define CIRCUIT_PURPOSE_OR_MAX_ 4 - -/* these circuits originate at this node */ - -/* here's how circ client-side purposes work: - * normal circuits are C_GENERAL. - * circuits that are c_introducing are either on their way to - * becoming open, or they are open and waiting for a - * suitable rendcirc before they send the intro. - * circuits that are c_introduce_ack_wait have sent the intro, - * but haven't gotten a response yet. - * circuits that are c_establish_rend are either on their way - * to becoming open, or they are open and have sent the - * establish_rendezvous cell but haven't received an ack. - * circuits that are c_rend_ready are open and have received a - * rend ack, but haven't heard from the service yet. if they have a - * buildstate->pending_final_cpath then they're expecting a - * cell from the service, else they're not. - * circuits that are c_rend_ready_intro_acked are open, and - * some intro circ has sent its intro and received an ack. - * circuits that are c_rend_joined are open, have heard from - * the service, and are talking to it. - */ -/** Client-side circuit purpose: Normal circuit, with cpath. */ -#define CIRCUIT_PURPOSE_C_GENERAL 5 -#define CIRCUIT_PURPOSE_C_HS_MIN_ 6 -/** Client-side circuit purpose: at the client, connecting to intro point. */ -#define CIRCUIT_PURPOSE_C_INTRODUCING 6 -/** Client-side circuit purpose: at the client, sent INTRODUCE1 to intro point, - * waiting for ACK/NAK. */ -#define CIRCUIT_PURPOSE_C_INTRODUCE_ACK_WAIT 7 -/** Client-side circuit purpose: at the client, introduced and acked, closing. - */ -#define CIRCUIT_PURPOSE_C_INTRODUCE_ACKED 8 -/** Client-side circuit purpose: at the client, waiting for ack. */ -#define CIRCUIT_PURPOSE_C_ESTABLISH_REND 9 -/** Client-side circuit purpose: at the client, waiting for the service. */ -#define CIRCUIT_PURPOSE_C_REND_READY 10 -/** Client-side circuit purpose: at the client, waiting for the service, - * INTRODUCE has been acknowledged. */ -#define CIRCUIT_PURPOSE_C_REND_READY_INTRO_ACKED 11 -/** Client-side circuit purpose: at the client, rendezvous established. */ -#define CIRCUIT_PURPOSE_C_REND_JOINED 12 -/** This circuit is used for getting hsdirs */ -#define CIRCUIT_PURPOSE_C_HSDIR_GET 13 -#define CIRCUIT_PURPOSE_C_HS_MAX_ 13 -/** This circuit is used for build time measurement only */ -#define CIRCUIT_PURPOSE_C_MEASURE_TIMEOUT 14 -#define CIRCUIT_PURPOSE_C_MAX_ 14 - -#define CIRCUIT_PURPOSE_S_HS_MIN_ 15 -/** Hidden-service-side circuit purpose: at the service, waiting for - * introductions. */ -#define CIRCUIT_PURPOSE_S_ESTABLISH_INTRO 15 -/** Hidden-service-side circuit purpose: at the service, successfully - * established intro. */ -#define CIRCUIT_PURPOSE_S_INTRO 16 -/** Hidden-service-side circuit purpose: at the service, connecting to rend - * point. */ -#define CIRCUIT_PURPOSE_S_CONNECT_REND 17 -/** Hidden-service-side circuit purpose: at the service, rendezvous - * established. */ -#define CIRCUIT_PURPOSE_S_REND_JOINED 18 -/** This circuit is used for uploading hsdirs */ -#define CIRCUIT_PURPOSE_S_HSDIR_POST 19 -#define CIRCUIT_PURPOSE_S_HS_MAX_ 19 - -/** A testing circuit; not meant to be used for actual traffic. */ -#define CIRCUIT_PURPOSE_TESTING 20 -/** A controller made this circuit and Tor should not use it. */ -#define CIRCUIT_PURPOSE_CONTROLLER 21 -/** This circuit is used for path bias probing only */ -#define CIRCUIT_PURPOSE_PATH_BIAS_TESTING 22 - -/** This circuit is used for vanguards/restricted paths. - * - * This type of circuit is *only* created preemptively and never - * on-demand. When an HS operation needs to take place (e.g. connect to an - * intro point), these circuits are then cannibalized and repurposed to the - * actual needed HS purpose. */ -#define CIRCUIT_PURPOSE_HS_VANGUARDS 23 - -#define CIRCUIT_PURPOSE_MAX_ 23 -/** A catch-all for unrecognized purposes. Currently we don't expect - * to make or see any circuits with this purpose. */ -#define CIRCUIT_PURPOSE_UNKNOWN 255 - -/** True iff the circuit purpose <b>p</b> is for a circuit that - * originated at this node. */ -#define CIRCUIT_PURPOSE_IS_ORIGIN(p) ((p)>CIRCUIT_PURPOSE_OR_MAX_) -/** True iff the circuit purpose <b>p</b> is for a circuit that originated - * here to serve as a client. (Hidden services don't count here.) */ -#define CIRCUIT_PURPOSE_IS_CLIENT(p) \ - ((p)> CIRCUIT_PURPOSE_OR_MAX_ && \ - (p)<=CIRCUIT_PURPOSE_C_MAX_) -/** True iff the circuit_t <b>c</b> is actually an origin_circuit_t. */ -#define CIRCUIT_IS_ORIGIN(c) (CIRCUIT_PURPOSE_IS_ORIGIN((c)->purpose)) -/** True iff the circuit purpose <b>p</b> is for an established rendezvous - * circuit. */ -#define CIRCUIT_PURPOSE_IS_ESTABLISHED_REND(p) \ - ((p) == CIRCUIT_PURPOSE_C_REND_JOINED || \ - (p) == CIRCUIT_PURPOSE_S_REND_JOINED) -/** True iff the circuit_t c is actually an or_circuit_t */ -#define CIRCUIT_IS_ORCIRC(c) (((circuit_t *)(c))->magic == OR_CIRCUIT_MAGIC) - -/** True iff this circuit purpose should count towards the global - * pending rate limit (set by MaxClientCircuitsPending). We count all - * general purpose circuits, as well as the first step of client onion - * service connections (HSDir gets). */ -#define CIRCUIT_PURPOSE_COUNTS_TOWARDS_MAXPENDING(p) \ - ((p) == CIRCUIT_PURPOSE_C_GENERAL || \ - (p) == CIRCUIT_PURPOSE_C_HSDIR_GET) - /** How many circuits do we want simultaneously in-progress to handle * a given stream? */ #define MIN_CIRCUITS_HANDLING_STREAM 2 @@ -686,13 +287,6 @@ struct curve25519_public_key_t; * connection_mark_unattached_ap(). */ #define END_STREAM_REASON_FLAG_ALREADY_SOCKS_REPLIED 2048 -/** Reason for remapping an AP connection's address: we have a cached - * answer. */ -#define REMAP_STREAM_SOURCE_CACHE 1 -/** Reason for remapping an AP connection's address: the exit node told us an - * answer. */ -#define REMAP_STREAM_SOURCE_EXIT 2 - /* 'type' values to use in RESOLVED cells. Specified in tor-spec.txt. */ #define RESOLVED_TYPE_HOSTNAME 0 #define RESOLVED_TYPE_IPV4 4 @@ -1051,16 +645,6 @@ typedef struct socks_request_t socks_request_t; typedef struct entry_port_cfg_t entry_port_cfg_t; typedef struct server_port_cfg_t server_port_cfg_t; -/* Values for connection_t.magic: used to make sure that downcasts (casts from -* connection_t to foo_connection_t) are safe. */ -#define BASE_CONNECTION_MAGIC 0x7C3C304Eu -#define OR_CONNECTION_MAGIC 0x7D31FF03u -#define EDGE_CONNECTION_MAGIC 0xF0374013u -#define ENTRY_CONNECTION_MAGIC 0xbb4a5703 -#define DIR_CONNECTION_MAGIC 0x9988ffeeu -#define CONTROL_CONNECTION_MAGIC 0x8abc765du -#define LISTENER_CONNECTION_MAGIC 0x1a1ac741u - /** Minimum length of the random part of an AUTH_CHALLENGE cell. */ #define OR_AUTH_CHALLENGE_LEN 32 @@ -1345,15 +929,6 @@ typedef struct crypt_path_reference_t crypt_path_reference_t; typedef struct cpath_build_state_t cpath_build_state_t; -/** "magic" value for an origin_circuit_t */ -#define ORIGIN_CIRCUIT_MAGIC 0x35315243u -/** "magic" value for an or_circuit_t */ -#define OR_CIRCUIT_MAGIC 0x98ABC04Fu -/** "magic" value for a circuit that would have been freed by circuit_free, - * but which we're keeping around until a cpuworker reply arrives. See - * circuit_free() for more documentation. */ -#define DEAD_CIRCUIT_MAGIC 0xdeadc14c - struct create_cell_t; /** Entry in the cell stats list of a circuit; used only if CELL_STATS @@ -1442,10 +1017,6 @@ typedef enum { /** Convert a circuit subtype to a circuit_t. */ #define TO_CIRCUIT(x) (&((x)->base_)) -/* limits for TCP send and recv buffer size used for constrained sockets */ -#define MIN_CONSTRAINED_TCP_BUFFER 2048 -#define MAX_CONSTRAINED_TCP_BUFFER 262144 /* 256k */ - /** @name Isolation flags Ways to isolate client streams @@ -2626,22 +2197,7 @@ typedef struct { time_t LastRotatedOnionKey; } or_state_t; -#define MAX_SOCKS_REPLY_LEN 1024 #define MAX_SOCKS_ADDR_LEN 256 -#define SOCKS_NO_AUTH 0x00 -#define SOCKS_USER_PASS 0x02 - -/** Please open a TCP connection to this addr:port. */ -#define SOCKS_COMMAND_CONNECT 0x01 -/** Please turn this FQDN into an IP address, privately. */ -#define SOCKS_COMMAND_RESOLVE 0xF0 -/** Please turn this IP address into an FQDN, privately. */ -#define SOCKS_COMMAND_RESOLVE_PTR 0xF1 - -/* || 0 is for -Wparentheses-equality (-Wall?) appeasement under clang */ -#define SOCKS_COMMAND_IS_CONNECT(c) (((c)==SOCKS_COMMAND_CONNECT) || 0) -#define SOCKS_COMMAND_IS_RESOLVE(c) ((c)==SOCKS_COMMAND_RESOLVE || \ - (c)==SOCKS_COMMAND_RESOLVE_PTR) /********************************* circuitbuild.c **********************/ @@ -2655,92 +2211,6 @@ typedef struct { #define BW_MIN_WEIGHT_SCALE 1 #define BW_MAX_WEIGHT_SCALE INT32_MAX -/** Total size of the circuit timeout history to accumulate. - * 1000 is approx 2.5 days worth of continual-use circuits. */ -#define CBT_NCIRCUITS_TO_OBSERVE 1000 - -/** Width of the histogram bins in milliseconds */ -#define CBT_BIN_WIDTH ((build_time_t)50) - -/** Number of modes to use in the weighted-avg computation of Xm */ -#define CBT_DEFAULT_NUM_XM_MODES 3 -#define CBT_MIN_NUM_XM_MODES 1 -#define CBT_MAX_NUM_XM_MODES 20 - -/** A build_time_t is milliseconds */ -typedef uint32_t build_time_t; - -/** - * CBT_BUILD_ABANDONED is our flag value to represent a force-closed - * circuit (Aka a 'right-censored' pareto value). - */ -#define CBT_BUILD_ABANDONED ((build_time_t)(INT32_MAX-1)) -#define CBT_BUILD_TIME_MAX ((build_time_t)(INT32_MAX)) - -/** Save state every 10 circuits */ -#define CBT_SAVE_STATE_EVERY 10 - -/* Circuit build times consensus parameters */ - -/** - * How long to wait before actually closing circuits that take too long to - * build in terms of CDF quantile. - */ -#define CBT_DEFAULT_CLOSE_QUANTILE 95 -#define CBT_MIN_CLOSE_QUANTILE CBT_MIN_QUANTILE_CUTOFF -#define CBT_MAX_CLOSE_QUANTILE CBT_MAX_QUANTILE_CUTOFF - -/** - * How many circuits count as recent when considering if the - * connection has gone gimpy or changed. - */ -#define CBT_DEFAULT_RECENT_CIRCUITS 20 -#define CBT_MIN_RECENT_CIRCUITS 3 -#define CBT_MAX_RECENT_CIRCUITS 1000 - -/** - * Maximum count of timeouts that finish the first hop in the past - * RECENT_CIRCUITS before calculating a new timeout. - * - * This tells us whether to abandon timeout history and set - * the timeout back to whatever circuit_build_times_get_initial_timeout() - * gives us. - */ -#define CBT_DEFAULT_MAX_RECENT_TIMEOUT_COUNT (CBT_DEFAULT_RECENT_CIRCUITS*9/10) -#define CBT_MIN_MAX_RECENT_TIMEOUT_COUNT 3 -#define CBT_MAX_MAX_RECENT_TIMEOUT_COUNT 10000 - -/** Minimum circuits before estimating a timeout */ -#define CBT_DEFAULT_MIN_CIRCUITS_TO_OBSERVE 100 -#define CBT_MIN_MIN_CIRCUITS_TO_OBSERVE 1 -#define CBT_MAX_MIN_CIRCUITS_TO_OBSERVE 10000 - -/** Cutoff percentile on the CDF for our timeout estimation. */ -#define CBT_DEFAULT_QUANTILE_CUTOFF 80 -#define CBT_MIN_QUANTILE_CUTOFF 10 -#define CBT_MAX_QUANTILE_CUTOFF 99 -double circuit_build_times_quantile_cutoff(void); - -/** How often in seconds should we build a test circuit */ -#define CBT_DEFAULT_TEST_FREQUENCY 10 -#define CBT_MIN_TEST_FREQUENCY 1 -#define CBT_MAX_TEST_FREQUENCY INT32_MAX - -/** Lowest allowable value for CircuitBuildTimeout in milliseconds */ -#define CBT_DEFAULT_TIMEOUT_MIN_VALUE (1500) -#define CBT_MIN_TIMEOUT_MIN_VALUE 500 -#define CBT_MAX_TIMEOUT_MIN_VALUE INT32_MAX - -/** Initial circuit build timeout in milliseconds */ -#define CBT_DEFAULT_TIMEOUT_INITIAL_VALUE (60*1000) -#define CBT_MIN_TIMEOUT_INITIAL_VALUE CBT_MIN_TIMEOUT_MIN_VALUE -#define CBT_MAX_TIMEOUT_INITIAL_VALUE INT32_MAX -int32_t circuit_build_times_initial_timeout(void); - -#if CBT_DEFAULT_MAX_RECENT_TIMEOUT_COUNT < CBT_MIN_MAX_RECENT_TIMEOUT_COUNT -#error "RECENT_CIRCUITS is set too low." -#endif - typedef struct circuit_build_times_s circuit_build_times_t; /********************************* config.c ***************************/ @@ -2830,35 +2300,6 @@ typedef struct dir_server_t dir_server_t; #define ROUTER_MAX_DECLARED_BANDWIDTH INT32_MAX -/* Flags for pick_directory_server() and pick_trusteddirserver(). */ -/** Flag to indicate that we should not automatically be willing to use - * ourself to answer a directory request. - * Passed to router_pick_directory_server (et al).*/ -#define PDS_ALLOW_SELF (1<<0) -/** Flag to indicate that if no servers seem to be up, we should mark all - * directory servers as up and try again. - * Passed to router_pick_directory_server (et al).*/ -#define PDS_RETRY_IF_NO_SERVERS (1<<1) -/** Flag to indicate that we should not exclude directory servers that - * our ReachableAddress settings would exclude. This usually means that - * we're going to connect to the server over Tor, and so we don't need to - * worry about our firewall telling us we can't. - * Passed to router_pick_directory_server (et al).*/ -#define PDS_IGNORE_FASCISTFIREWALL (1<<2) -/** Flag to indicate that we should not use any directory authority to which - * we have an existing directory connection for downloading server descriptors - * or extrainfo documents. - * - * Passed to router_pick_directory_server (et al) - */ -#define PDS_NO_EXISTING_SERVERDESC_FETCH (1<<3) -/** Flag to indicate that we should not use any directory authority to which - * we have an existing directory connection for downloading microdescs. - * - * Passed to router_pick_directory_server (et al) - */ -#define PDS_NO_EXISTING_MICRODESC_FETCH (1<<4) - typedef struct tor_version_t tor_version_t; #endif /* !defined(TOR_OR_H) */ diff --git a/src/or/proto_socks.c b/src/or/proto_socks.c index 94603c2609..f5e6ce581b 100644 --- a/src/or/proto_socks.c +++ b/src/or/proto_socks.c @@ -7,6 +7,7 @@ #include "or/or.h" #include "or/addressmap.h" #include "lib/container/buffers.h" +#include "or/connection.h" #include "or/control.h" #include "or/config.h" #include "lib/crypt_ops/crypto_util.h" @@ -710,4 +711,3 @@ parse_socks_client(const uint8_t *data, size_t datalen, return -1; /* LCOV_EXCL_STOP */ } - diff --git a/src/or/proto_socks.h b/src/or/proto_socks.h index 1624d7b060..53de288f65 100644 --- a/src/or/proto_socks.h +++ b/src/or/proto_socks.h @@ -19,4 +19,3 @@ int fetch_from_buf_socks(struct buf_t *buf, socks_request_t *req, int fetch_from_buf_socks_client(buf_t *buf, int state, char **reason); #endif /* !defined(TOR_PROTO_SOCKS_H) */ - diff --git a/src/or/routerlist.h b/src/or/routerlist.h index 2047e1c0d8..4b7406364f 100644 --- a/src/or/routerlist.h +++ b/src/or/routerlist.h @@ -68,6 +68,35 @@ typedef enum bandwidth_weight_rule_t { WEIGHT_FOR_DIR } bandwidth_weight_rule_t; +/* Flags for pick_directory_server() and pick_trusteddirserver(). */ +/** Flag to indicate that we should not automatically be willing to use + * ourself to answer a directory request. + * Passed to router_pick_directory_server (et al).*/ +#define PDS_ALLOW_SELF (1<<0) +/** Flag to indicate that if no servers seem to be up, we should mark all + * directory servers as up and try again. + * Passed to router_pick_directory_server (et al).*/ +#define PDS_RETRY_IF_NO_SERVERS (1<<1) +/** Flag to indicate that we should not exclude directory servers that + * our ReachableAddress settings would exclude. This usually means that + * we're going to connect to the server over Tor, and so we don't need to + * worry about our firewall telling us we can't. + * Passed to router_pick_directory_server (et al).*/ +#define PDS_IGNORE_FASCISTFIREWALL (1<<2) +/** Flag to indicate that we should not use any directory authority to which + * we have an existing directory connection for downloading server descriptors + * or extrainfo documents. + * + * Passed to router_pick_directory_server (et al) + */ +#define PDS_NO_EXISTING_SERVERDESC_FETCH (1<<3) +/** Flag to indicate that we should not use any directory authority to which + * we have an existing directory connection for downloading microdescs. + * + * Passed to router_pick_directory_server (et al) + */ +#define PDS_NO_EXISTING_MICRODESC_FETCH (1<<4) + int get_n_authorities(dirinfo_type_t type); int trusted_dirs_reload_certs(void); diff --git a/src/or/socks_request_st.h b/src/or/socks_request_st.h index c650a57739..d7b979c3eb 100644 --- a/src/or/socks_request_st.h +++ b/src/or/socks_request_st.h @@ -7,6 +7,23 @@ #ifndef SOCKS_REQUEST_ST_H #define SOCKS_REQUEST_ST_H +#define MAX_SOCKS_REPLY_LEN 1024 + +#define SOCKS_NO_AUTH 0x00 +#define SOCKS_USER_PASS 0x02 + +/** Please open a TCP connection to this addr:port. */ +#define SOCKS_COMMAND_CONNECT 0x01 +/** Please turn this FQDN into an IP address, privately. */ +#define SOCKS_COMMAND_RESOLVE 0xF0 +/** Please turn this IP address into an FQDN, privately. */ +#define SOCKS_COMMAND_RESOLVE_PTR 0xF1 + +/* || 0 is for -Wparentheses-equality (-Wall?) appeasement under clang */ +#define SOCKS_COMMAND_IS_CONNECT(c) (((c)==SOCKS_COMMAND_CONNECT) || 0) +#define SOCKS_COMMAND_IS_RESOLVE(c) ((c)==SOCKS_COMMAND_RESOLVE || \ + (c)==SOCKS_COMMAND_RESOLVE_PTR) + /** State of a SOCKS request from a user to an OP. Also used to encode other * information for non-socks user request (such as those on TransPort and * DNSPort) */ @@ -56,4 +73,3 @@ struct socks_request_t { }; #endif - diff --git a/src/or/transports.c b/src/or/transports.c index 34161fd16e..ff51ff00eb 100644 --- a/src/or/transports.c +++ b/src/or/transports.c @@ -93,6 +93,7 @@ #include "or/or.h" #include "or/bridges.h" #include "or/config.h" +#include "or/connection.h" #include "or/circuitbuild.h" #include "or/transports.h" #include "common/util.h" diff --git a/src/test/bench.c b/src/test/bench.c index 427ebd8145..ced04fffd7 100644 --- a/src/test/bench.c +++ b/src/test/bench.c @@ -19,6 +19,7 @@ #include <openssl/ecdh.h> #include <openssl/obj_mac.h> +#include "or/circuitlist.h" #include "or/config.h" #include "lib/crypt_ops/crypto_curve25519.h" #include "lib/crypt_ops/crypto_dh.h" diff --git a/src/test/test_channeltls.c b/src/test/test_channeltls.c index aed766fc00..ad2b443cf2 100644 --- a/src/test/test_channeltls.c +++ b/src/test/test_channeltls.c @@ -11,6 +11,7 @@ #include "lib/container/buffers.h" #include "or/channel.h" #include "or/channeltls.h" +#include "or/connection.h" #include "or/connection_or.h" #include "or/config.h" /* For init/free stuff */ @@ -336,4 +337,3 @@ struct testcase_t channeltls_tests[] = { TT_FORK, NULL, NULL }, END_OF_TESTCASES }; - diff --git a/src/test/test_circuitbuild.c b/src/test/test_circuitbuild.c index d17a04614c..c09133c549 100644 --- a/src/test/test_circuitbuild.c +++ b/src/test/test_circuitbuild.c @@ -11,6 +11,7 @@ #include "test/log_test_helpers.h" #include "or/config.h" #include "or/circuitbuild.h" +#include "or/circuitlist.h" #include "or/extend_info_st.h" @@ -132,4 +133,3 @@ struct testcase_t circuitbuild_tests[] = { { "unhandled_exit", test_new_route_len_unhandled_exit, 0, NULL, NULL }, END_OF_TESTCASES }; - diff --git a/src/test/test_controller_events.c b/src/test/test_controller_events.c index b642a37d22..33a45a99cc 100644 --- a/src/test/test_controller_events.c +++ b/src/test/test_controller_events.c @@ -7,6 +7,7 @@ #include "or/or.h" #include "or/channel.h" #include "or/channeltls.h" +#include "or/circuitlist.h" #include "or/connection.h" #include "or/control.h" #include "test/test.h" @@ -331,4 +332,3 @@ struct testcase_t controller_event_tests[] = { TEST(event_mask, TT_FORK), END_OF_TESTCASES }; - diff --git a/src/test/test_dir.c b/src/test/test_dir.c index 5551b55581..a2b4ec68a8 100644 --- a/src/test/test_dir.c +++ b/src/test/test_dir.c @@ -19,6 +19,7 @@ #include "or/or.h" #include "or/bridges.h" +#include "or/connection.h" #include "or/confparse.h" #include "or/config.h" #include "or/control.h" diff --git a/src/test/test_dns.c b/src/test/test_dns.c index 3bcef0aa7c..1407a5c47e 100644 --- a/src/test/test_dns.c +++ b/src/test/test_dns.c @@ -8,6 +8,7 @@ #include "or/dns.h" #include "or/connection.h" +#include "or/connection_edge.h" #include "or/router.h" #include "or/edge_connection_st.h" @@ -748,4 +749,3 @@ struct testcase_t dns_tests[] = { }; #undef NS_MODULE - diff --git a/src/test/test_hs_client.c b/src/test/test_hs_client.c index b5cb9bb912..1458c358d2 100644 --- a/src/test/test_hs_client.c +++ b/src/test/test_hs_client.c @@ -24,6 +24,7 @@ #include "lib/crypt_ops/crypto.h" #include "lib/crypt_ops/crypto_dh.h" #include "or/channeltls.h" +#include "or/directory.h" #include "or/main.h" #include "or/nodelist.h" #include "or/routerset.h" diff --git a/src/test/test_oos.c b/src/test/test_oos.c index 6ecb1a0786..f101390d67 100644 --- a/src/test/test_oos.c +++ b/src/test/test_oos.c @@ -9,6 +9,7 @@ #include "or/config.h" #include "or/connection.h" #include "or/connection_or.h" +#include "or/directory.h" #include "or/main.h" #include "test/test.h" @@ -456,4 +457,3 @@ struct testcase_t oos_tests[] = { { "pick_oos_victims", test_oos_pick_oos_victims, TT_FORK, NULL, NULL }, END_OF_TESTCASES }; - diff --git a/src/test/test_relay.c b/src/test/test_relay.c index 777153d11b..fe5795d11d 100644 --- a/src/test/test_relay.c +++ b/src/test/test_relay.c @@ -4,6 +4,7 @@ #include "or/or.h" #define CIRCUITBUILD_PRIVATE #include "or/circuitbuild.h" +#include "or/circuitlist.h" #define RELAY_PRIVATE #include "or/relay.h" /* For init/free stuff */ @@ -130,4 +131,3 @@ struct testcase_t relay_tests[] = { TT_FORK, NULL, NULL }, END_OF_TESTCASES }; - diff --git a/src/test/test_socks.c b/src/test/test_socks.c index 3e4528af27..046ed35978 100644 --- a/src/test/test_socks.c +++ b/src/test/test_socks.c @@ -6,6 +6,7 @@ #include "or/or.h" #include "lib/container/buffers.h" #include "or/config.h" +#include "or/connection.h" #include "or/proto_socks.h" #include "test/test.h" #include "test/log_test_helpers.h" |