diff options
48 files changed, 2755 insertions, 358 deletions
@@ -1,19 +1,61 @@ -Changes in version 0.2.3.4-alpha - 2011-09-?? +Changes in version 0.2.3.5-alpha - 2011-09-28 + Tor 0.2.3.5-alpha fixes two bugs that make it possible to enumerate + bridge relays; fixes an assertion error that many users started hitting + today; and adds the ability to refill token buckets more often than + once per second, allowing significant performance improvements. + + o Security fixes: + - Bridge relays now do their directory fetches inside Tor TLS + connections, like all the other clients do, rather than connecting + directly to the DirPort like public relays do. Removes another + avenue for enumerating bridges. Fixes bug 4115; bugfix on 0.2.0.35. + - Bridges relays now build circuits for themselves in a more similar + way to how clients build them. Removes another avenue for + enumerating bridges. Fixes bug 4124; bugfix on 0.2.0.3-alpha, + when bridges were introduced. + o Major bugfixes: + - Fix an "Assertion md->held_by_node == 1 failed" error that could + occur when the same microdescriptor was referenced by two node_t + objects at once. Fix for bug 4118; bugfix on Tor 0.2.3.1-alpha. + + o Major features (networking): + - Add a new TokenBucketRefillInterval option to refill token buckets + more frequently than once per second. This should improve network + performance, alleviate queueing problems, and make traffic less + bursty. Implements proposal 183; closes ticket 3630. Design by + Florian Tschorsch and Björn Scheuermann; implementation by + Florian Tschorsch. + + o Minor bugfixes: + - Change an integer overflow check in the OpenBSD_Malloc code so + that GCC is less likely to eliminate it as impossible. Patch + from Mansour Moufid. Fixes bug 4059. + + o Minor bugfixes (usability): + - Downgrade log messages about circuit timeout calibration from + "notice" to "info": they don't require or suggest any human + intervention. Patch from Tom Lowenthal. Fixes bug 4063; + bugfix on 0.2.2.14-alpha. + + o Minor features (diagnostics): + - When the system call to create a listener socket fails, log the + error message explaining why. This may help diagnose bug 4027. + + +Changes in version 0.2.3.4-alpha - 2011-09-13 + Tor 0.2.3.4-alpha includes the fixes from 0.2.2.33, including a slight + tweak to Tor's TLS handshake that makes relays and bridges that run + this new version reachable from Iran again. It also fixes a few new + bugs in 0.2.3.x, and teaches relays to recognize when they're not + listed in the network consensus and republish. + + o Major bugfixes (also part of 0.2.2.33): - Avoid an assertion failure when reloading a configuration with TrackExitHosts changes. Found and fixed by 'laruldan'. Fixes bug 3923; bugfix on 0.2.2.25-alpha. - o Major features: - - Relays now try regenerating and uploading their descriptor more - frequently if they are not listed in the consensus, or if the - version of their descriptor listed in the consensus is too - old. This fix should prevent situations where a server declines - to re-publish itself because it has done so too recently, even - though the authorities decided not to list its recent-enough - descriptor. Fix for bug 3327. - - o Minor features (security): + o Minor features (security, also part of 0.2.2.33): - Check for replays of the public-key encrypted portion of an INTRODUCE1 cell, in addition to the current check for replays of the g^x value. This prevents a possible class of active attacks @@ -25,37 +67,73 @@ Changes in version 0.2.3.4-alpha - 2011-09-?? but we'd rather block them off in case there are any classes of this attack that we missed. Reported by Willem Pinckaers. + o Minor features (also part of 0.2.2.33): + - Adjust the expiration time on our SSL session certificates to + better match SSL certs seen in the wild. Resolves ticket 4014. + - Change the default required uptime for a relay to be accepted as + a HSDir (hidden service directory) from 24 hours to 25 hours. + Improves on 0.2.0.10-alpha; resolves ticket 2649. + - Add a VoteOnHidServDirectoriesV2 config option to allow directory + authorities to abstain from voting on assignment of the HSDir + consensus flag. Related to bug 2649. + - Update to the September 6 2011 Maxmind GeoLite Country database. + + o Minor bugfixes (also part of 0.2.2.33): + - Demote the 'replay detected' log message emitted when a hidden + service receives the same Diffie-Hellman public key in two different + INTRODUCE2 cells to info level. A normal Tor client can cause that + log message during its normal operation. Bugfix on 0.2.1.6-alpha; + fixes part of bug 2442. + - Demote the 'INTRODUCE2 cell is too {old,new}' log message to info + level. There is nothing that a hidden service's operator can do + to fix its clients' clocks. Bugfix on 0.2.1.6-alpha; fixes part + of bug 2442. + - Clarify a log message specifying the characters permitted in + HiddenServiceAuthorizeClient client names. Previously, the log + message said that "[A-Za-z0-9+-_]" were permitted; that could have + given the impression that every ASCII character between "+" and "_" + was permitted. Now we say "[A-Za-z0-9+_-]". Bugfix on 0.2.1.5-alpha. + + o Build fixes (also part of 0.2.2.33): + - Clean up some code issues that prevented Tor from building on older + BSDs. Fixes bug 3894; reported by "grarpamp". + - Search for a platform-specific version of "ar" when cross-compiling. + Should fix builds on iOS. Resolves bug 3909, found by Marco Bonetti. + + o Major bugfixes: + - Fix a bug where the SocksPort option (for example) would get + ignored and replaced by the default if a SocksListenAddress + option was set. Bugfix on 0.2.3.3-alpha; fixes bug 3936. Fix by + Fabian Keil. + + o Major features: + - Relays now try regenerating and uploading their descriptor more + frequently if they are not listed in the consensus, or if the + version of their descriptor listed in the consensus is too + old. This fix should prevent situations where a server declines + to re-publish itself because it has done so too recently, even + though the authorities decided not to list its recent-enough + descriptor. Fix for bug 3327. + o Minor features: - - Add a VoteOnHidServDirectoriesV2 configuration option to allow - directory authorities to abstain from voting on assignment of - the HSDir consensus flag. Related to bug 2649. - Relays now include a reason for regenerating their descriptors - an HTTP header when uploading to the authorities. This will + in an HTTP header when uploading to the authorities. This will make it easier to debug descriptor-upload issues in the future. - When starting as root and then changing our UID via the User - control option, if we are running with ControlSocket, make sure + control option, and we have a ControlSocket configured, make sure that the ControlSocket is owned by the same account that Tor will run under. Implements ticket 3421; fix by Jérémy Bobbio. o Minor bugfixes: - - Change the default required uptime for a relay to be accepted as - a HSDir from 24 hours to 25 hours. Bugfix on 0.2.0.10-alpha; - fixes bug 2649. - Abort if tor_vasprintf fails in connection_printf_to_buf (a utility function used in the control-port code). This shouldn't - ever happen unless Tor is completely out of memory, but if it - did happen and Tor somehow recovered from it, Tor could have - sent a log message to a control port in the middle of a reply to - a controller command. Fixes part of bug 3428. + ever happen unless Tor is completely out of memory, but if it did + happen and Tor somehow recovered from it, Tor could have sent a log + message to a control port in the middle of a reply to a controller + command. Fixes part of bug 3428; bugfix on 0.1.2.3-alpha. - Make 'FetchUselessDescriptors' cause all descriptor types and - all consensus types to get fetched. Fixes bug 3851; bugfix on - 0.2.3.1-alpha. - - o Build fixes: - - Clean up some code issues that prevented Tor from building on older - BSDs. Fixes bug 3894; reported by "grarpamp". - - Search for a platform-specific version of "ar" when cross-compiling. - Should fix builds on iOS. Found by Marco Bonetti. + all consensus types (including microdescriptors) to get fetched. + Fixes bug 3851; bugfix on 0.2.3.1-alpha. o Code refactoring: - Make a new "entry connection" struct as an internal subtype of "edge diff --git a/changes/bug1297b b/changes/bug1297b new file mode 100644 index 0000000000..6b0169d826 --- /dev/null +++ b/changes/bug1297b @@ -0,0 +1,8 @@ + o Minor bugfixes: + + - When one of a hidden service's introduction points times out, + consider trying it again during the next attempt to connect to + the HS. Previously, we would not try it again unless a newly + fetched descriptor contained it. Required by fixes for bugs + 1297 and 3825. + diff --git a/changes/bug2442 b/changes/bug2442 deleted file mode 100644 index cbcc22bb80..0000000000 --- a/changes/bug2442 +++ /dev/null @@ -1,8 +0,0 @@ - * Minor bugfixes: - - - Demote the 'replay detected' log message emitted when a hidden - service receives the same Diffie-Hellman public key in two - different INTRODUCE2 cells to info level. A normal Tor client - can cause that log message during its normal operation. Bugfix - on 0.2.1.6-alpha; fixes part of bug 2442. - diff --git a/changes/bug2442b b/changes/bug2442b deleted file mode 100644 index 02e1636e91..0000000000 --- a/changes/bug2442b +++ /dev/null @@ -1,8 +0,0 @@ - * Minor bugfixes: - - - Demote the 'INTRODUCE2 cell is too {old,new}' log message to - info level. There is nothing that a hidden service's operator - can do to fix its clients' clocks. Bugfix on 0.2.1.6-alpha; - fixes part of bug 2442. - - diff --git a/changes/bug3335 b/changes/bug3335 new file mode 100644 index 0000000000..7e1e898661 --- /dev/null +++ b/changes/bug3335 @@ -0,0 +1,11 @@ + o Major bugfixes: + + - When an attempt to connect to a hidden service ends, consider + refetching its hidden service descriptors from each of the HSDir + relays responsible for them immediately. Previously, we would + not consider refetching the service's descriptors from each + HSDir for 15 minutes after the last fetch; this behaviour was + inconvenient if the hidden service was not running during the + first attempt, for example. Bugfix on 0.2.0.18-alpha; fixes bug + 3335. + diff --git a/changes/bug3825a b/changes/bug3825a new file mode 100644 index 0000000000..6606e36efe --- /dev/null +++ b/changes/bug3825a @@ -0,0 +1,8 @@ + o Major bugfixes: + + - When one of a hidden service's introduction points appears to be + unreachable, stop trying it. Previously, we would keep trying + to build circuits to the introduction point until we lost the + descriptor, usually because the user gave up and restarted Tor. + Partly fixes bug 3825. + diff --git a/changes/bug3936 b/changes/bug3936 deleted file mode 100644 index 55b13c0092..0000000000 --- a/changes/bug3936 +++ /dev/null @@ -1,5 +0,0 @@ - o Major bugfixes: - - Fix a bug where the SocksPort option (for example) would get - ignored and replaced by the default if a SocksListenAddress option - was set. Bugfix on 0.2.3.3-alpha; fixes bug 3936. Fix by Fabian Keil. - diff --git a/changes/bug4014 b/changes/bug4014 deleted file mode 100644 index 9c20c6c337..0000000000 --- a/changes/bug4014 +++ /dev/null @@ -1,3 +0,0 @@ - o Minor features: - - Adjust the expiration time on our SSL session certificates to - better match SSL certs seen in the wild. Resolves ticket 4014. diff --git a/changes/bug4094 b/changes/bug4094 new file mode 100644 index 0000000000..9c40d41db2 --- /dev/null +++ b/changes/bug4094 @@ -0,0 +1,3 @@ + o Minor bugfixes: + - Rephrase the log message emitted if the TestSocks check is + successful. Patch from Fabian Keil; fixes bug 4094. diff --git a/changes/bug4201 b/changes/bug4201 new file mode 100644 index 0000000000..6f7d715af2 --- /dev/null +++ b/changes/bug4201 @@ -0,0 +1,5 @@ + o Minor bugfixes: + - Bridges now skip DNS self-tests, to act a little more stealthily. + Fixes bug 4201; bugfix on 0.2.0.3-alpha, which first introduced + bridges. Patch by "warms0x". + diff --git a/changes/geoip-september2011 b/changes/geoip-september2011 deleted file mode 100644 index c41314b1f0..0000000000 --- a/changes/geoip-september2011 +++ /dev/null @@ -1,3 +0,0 @@ - o Minor features: - - Update to the September 6 2011 Maxmind GeoLite Country database. - diff --git a/changes/typo-fix-ohkah8Ah b/changes/typo-fix-ohkah8Ah deleted file mode 100644 index 9b4e5c08cc..0000000000 --- a/changes/typo-fix-ohkah8Ah +++ /dev/null @@ -1,9 +0,0 @@ - * Minor bugfixes: - - - Clarify a log message specifying the characters permitted in - HiddenServiceAuthorizeClient client names. Previously, the log - message said that "[A-Za-z0-9+-_]" were permitted; that could - have given the impression that every ASCII character between "+" - and "_" was permitted. Now we say "[A-Za-z0-9+_-]". Bugfix on - 0.2.1.5-alpha. - diff --git a/changes/windows_8 b/changes/windows_8 new file mode 100644 index 0000000000..405e4fa158 --- /dev/null +++ b/changes/windows_8 @@ -0,0 +1,5 @@ + o Minor bugfixes: + - The next version of Windows will be called Windows 8, and it has a major + version of 6, minor version of 2. Correctly identify that version instead + of calling it "Very recent version". Fixes bug 4153; reported by funkstar. + diff --git a/configure.in b/configure.in index c6ee589987..d861093607 100644 --- a/configure.in +++ b/configure.in @@ -4,7 +4,7 @@ dnl Copyright (c) 2007-2008, The Tor Project, Inc. dnl See LICENSE for licensing information AC_INIT -AM_INIT_AUTOMAKE(tor, 0.2.3.3-alpha-dev) +AM_INIT_AUTOMAKE(tor, 0.2.3.5-alpha) AM_CONFIG_HEADER(orconfig.h) AC_CANONICAL_HOST diff --git a/contrib/tor-mingw.nsi.in b/contrib/tor-mingw.nsi.in index 137cb67ffe..e1fdc1af74 100644 --- a/contrib/tor-mingw.nsi.in +++ b/contrib/tor-mingw.nsi.in @@ -8,7 +8,7 @@ !include "LogicLib.nsh" !include "FileFunc.nsh" !insertmacro GetParameters -!define VERSION "0.2.3.3-alpha-dev" +!define VERSION "0.2.3.5-alpha" !define INSTALLER "tor-${VERSION}-win32.exe" !define WEBSITE "https://www.torproject.org/" !define LICENSE "LICENSE" diff --git a/doc/tor.1.txt b/doc/tor.1.txt index 4edee80cea..0ef61cb7dd 100644 --- a/doc/tor.1.txt +++ b/doc/tor.1.txt @@ -737,6 +737,13 @@ The following options are useful only for clients (that is, if unattached waiting for an appropriate circuit, before we fail it. (Default: 2 minutes.) +**TokenBucketRefillInterval** __NUM__ [**msec**|**second**]:: + Set the refill interval of Tor's token bucket to NUM milliseconds. + NUM must be between 1 and 1000, inclusive. Note that the configured + bandwidth limits are still expressed in bytes per second: this + option only affects the frequency with which Tor checks to see whether + previously exhausted connections may read again. (Default: 100 msec.) + **TrackHostExits** __host__,__.domain__,__...__:: For each value in the comma separated list, Tor will track recent connections to hosts that match this value and attempt to reuse the same diff --git a/src/common/OpenBSD_malloc_Linux.c b/src/common/OpenBSD_malloc_Linux.c index 19dac77657..445135c6bb 100644 --- a/src/common/OpenBSD_malloc_Linux.c +++ b/src/common/OpenBSD_malloc_Linux.c @@ -1236,7 +1236,7 @@ imalloc(size_t size) ptralloc = 1; size = malloc_pagesize; } - if ((size + malloc_pagesize) < size) { /* Check for overflow */ + if (size > SIZE_MAX - malloc_pagesize) { /* Check for overflow */ result = NULL; errno = ENOMEM; } else if (size <= malloc_maxsize) diff --git a/src/common/compat.c b/src/common/compat.c index 330c432284..2cf7f463c1 100644 --- a/src/common/compat.c +++ b/src/common/compat.c @@ -1861,6 +1861,7 @@ get_uname(void) static struct { unsigned major; unsigned minor; const char *version; } win_version_table[] = { + { 6, 2, "Windows 8" }, { 6, 1, "Windows 7" }, { 6, 0, "Windows Vista" }, { 5, 2, "Windows Server 2003" }, @@ -1917,7 +1918,7 @@ get_uname(void) plat, extra); } else { if (info.dwMajorVersion > 6 || - (info.dwMajorVersion==6 && info.dwMinorVersion>1)) + (info.dwMajorVersion==6 && info.dwMinorVersion>2)) tor_snprintf(uname_result, sizeof(uname_result), "Very recent version of Windows [major=%d,minor=%d] %s", (int)info.dwMajorVersion,(int)info.dwMinorVersion, diff --git a/src/common/compat_libevent.c b/src/common/compat_libevent.c index beae9502da..3201738701 100644 --- a/src/common/compat_libevent.c +++ b/src/common/compat_libevent.c @@ -169,6 +169,7 @@ struct event_base *the_event_base = NULL; #ifdef USE_BUFFEREVENTS static int using_iocp_bufferevents = 0; +static void tor_libevent_set_tick_timeout(int msec_per_tick); int tor_libevent_using_iocp_bufferevents(void) @@ -236,6 +237,10 @@ tor_libevent_initialize(tor_libevent_cfg *torcfg) "You have a *VERY* old version of libevent. It is likely to be buggy; " "please build Tor with a more recent version."); #endif + +#ifdef USE_BUFFEREVENTS + tor_libevent_set_tick_timeout(torcfg->msec_per_tick); +#endif } /** Return the current Libevent event base that we're set up to use. */ @@ -598,26 +603,29 @@ static const struct timeval *one_tick = NULL; /** * Return a special timeout to be passed whenever libevent's O(1) timeout * implementation should be used. Only use this when the timer is supposed - * to fire after 1 / TOR_LIBEVENT_TICKS_PER_SECOND seconds have passed. + * to fire after msec_per_tick ticks have elapsed. */ const struct timeval * tor_libevent_get_one_tick_timeout(void) { - if (PREDICT_UNLIKELY(one_tick == NULL)) { - struct event_base *base = tor_libevent_get_base(); - struct timeval tv; - if (TOR_LIBEVENT_TICKS_PER_SECOND == 1) { - tv.tv_sec = 1; - tv.tv_usec = 0; - } else { - tv.tv_sec = 0; - tv.tv_usec = 1000000 / TOR_LIBEVENT_TICKS_PER_SECOND; - } - one_tick = event_base_init_common_timeout(base, &tv); - } + tor_assert(one_tick); return one_tick; } +/** Initialize the common timeout that we'll use to refill the buckets every + * time a tick elapses. */ +static void +tor_libevent_set_tick_timeout(int msec_per_tick) +{ + struct event_base *base = tor_libevent_get_base(); + struct timeval tv; + + tor_assert(! one_tick); + tv.tv_sec = msec_per_tick / 1000; + tv.tv_usec = (msec_per_tick % 1000) * 1000; + one_tick = event_base_init_common_timeout(base, &tv); +} + static struct bufferevent * tor_get_root_bufferevent(struct bufferevent *bev) { diff --git a/src/common/compat_libevent.h b/src/common/compat_libevent.h index 15b0fc273b..0247297177 100644 --- a/src/common/compat_libevent.h +++ b/src/common/compat_libevent.h @@ -62,6 +62,7 @@ int tor_event_base_loopexit(struct event_base *base, struct timeval *tv); typedef struct tor_libevent_cfg { int disable_iocp; int num_cpus; + int msec_per_tick; } tor_libevent_cfg; void tor_libevent_initialize(tor_libevent_cfg *cfg); @@ -73,7 +74,6 @@ void tor_check_libevent_header_compatibility(void); const char *tor_libevent_get_version_str(void); #ifdef USE_BUFFEREVENTS -#define TOR_LIBEVENT_TICKS_PER_SECOND 3 const struct timeval *tor_libevent_get_one_tick_timeout(void); int tor_libevent_using_iocp_bufferevents(void); int tor_set_bufferevent_rate_limit(struct bufferevent *bev, diff --git a/src/common/util.c b/src/common/util.c index df77c33ff1..a3716e4345 100644 --- a/src/common/util.c +++ b/src/common/util.c @@ -31,6 +31,7 @@ #include <direct.h> #include <process.h> #include <tchar.h> +#include <Winbase.h> #else #include <dirent.h> #include <pwd.h> @@ -46,6 +47,7 @@ #include <stdio.h> #include <string.h> #include <assert.h> +#include <signal.h> #ifdef HAVE_NETINET_IN_H #include <netinet/in.h> @@ -769,6 +771,34 @@ find_str_at_start_of_line(const char *haystack, const char *needle) return NULL; } +/** Returns true if <b>string</b> could be a C identifier. + A C identifier must begin with a letter or an underscore and the + rest of its characters can be letters, numbers or underscores. No + length limit is imposed. */ +int +string_is_C_identifier(const char *string) +{ + size_t iter; + size_t length = strlen(string); + if (!length) + return 0; + + for (iter = 0; iter < length ; iter++) { + if (iter == 0) { + if (!(TOR_ISALPHA(string[iter]) || + string[iter] == '_')) + return 0; + } else { + if (!(TOR_ISALPHA(string[iter]) || + TOR_ISDIGIT(string[iter]) || + string[iter] == '_')) + return 0; + } + } + + return 1; +} + /** Return true iff the 'len' bytes at 'mem' are all zero. */ int tor_mem_is_zero(const char *mem, size_t len) @@ -3129,6 +3159,28 @@ format_helper_exit_status(unsigned char child_state, int saved_errno, /* Maximum number of file descriptors, if we cannot get it via sysconf() */ #define DEFAULT_MAX_FD 256 +/** Terminate process running at PID <b>pid</b>. + * Code borrowed from Python's os.kill. */ +int +tor_terminate_process(pid_t pid) +{ +#ifdef MS_WINDOWS + HANDLE handle; + /* If the signal is outside of what GenerateConsoleCtrlEvent can use, + attempt to open and terminate the process. */ + handle = OpenProcess(PROCESS_ALL_ACCESS, FALSE, pid); + if (!handle) + return -1; + + if (!TerminateProcess(handle, 0)) + return -1; + else + return 0; +#else /* Unix */ + return kill(pid, SIGTERM); +#endif +} + #define CHILD_STATE_INIT 0 #define CHILD_STATE_PIPE 1 #define CHILD_STATE_MAXFD 2 @@ -3140,8 +3192,6 @@ format_helper_exit_status(unsigned char child_state, int saved_errno, #define CHILD_STATE_EXEC 8 #define CHILD_STATE_FAILEXEC 9 -#define SPAWN_ERROR_MESSAGE "ERR: Failed to spawn background process - code " - /** Start a program in the background. If <b>filename</b> contains a '/', then * it will be treated as an absolute or relative path. Otherwise, on * non-Windows systems, the system path will be searched for <b>filename</b>. @@ -3161,9 +3211,9 @@ format_helper_exit_status(unsigned char child_state, int saved_errno, * Python, and example code from * http://msdn.microsoft.com/en-us/library/ms682499%28v=vs.85%29.aspx. */ - int tor_spawn_background(const char *const filename, const char **argv, + const char **envp, process_handle_t *process_handle) { #ifdef MS_WINDOWS @@ -3372,7 +3422,10 @@ tor_spawn_background(const char *const filename, const char **argv, /* Call the requested program. We need the cast because execvp doesn't define argv as const, even though it does not modify the arguments */ - execvp(filename, (char *const *) argv); + if (envp) + execve(filename, (char *const *) argv, (char*const*)envp); + else + execvp(filename, (char *const *) argv); /* If we got here, the exec or open(/dev/null) failed */ @@ -3763,6 +3816,7 @@ log_from_handle(HANDLE *pipe, int severity) } #else + /** Read from stream, and send lines to log at the specified log level. * Returns 1 if stream is closed normally, -1 if there is a error reading, and * 0 otherwise. Handles lines from tor-fw-helper and @@ -3773,72 +3827,110 @@ log_from_pipe(FILE *stream, int severity, const char *executable, int *child_status) { char buf[256]; + enum stream_status r; for (;;) { - char *retval; - retval = fgets(buf, sizeof(buf), stream); + r = get_string_from_pipe(stream, buf, sizeof(buf) - 1); - if (NULL == retval) { - if (feof(stream)) { - /* Program has closed stream (probably it exited) */ - /* TODO: check error */ - fclose(stream); - return 1; + if (r == IO_STREAM_CLOSED) { + fclose(stream); + return 1; + } else if (r == IO_STREAM_EAGAIN) { + return 0; + } else if (r == IO_STREAM_TERM) { + fclose(stream); + return -1; + } + + tor_assert(r == IO_STREAM_OKAY); + + /* Check if buf starts with SPAWN_ERROR_MESSAGE */ + if (strcmpstart(buf, SPAWN_ERROR_MESSAGE) == 0) { + /* Parse error message */ + int retval, child_state, saved_errno; + retval = tor_sscanf(buf, SPAWN_ERROR_MESSAGE "%x/%x", + &child_state, &saved_errno); + if (retval == 2) { + log_warn(LD_GENERAL, + "Failed to start child process \"%s\" in state %d: %s", + executable, child_state, strerror(saved_errno)); + if (child_status) + *child_status = 1; } else { - if (EAGAIN == errno) { - /* Nothing more to read, try again next time */ - return 0; - } else { - /* There was a problem, abandon this child process */ - fclose(stream); - return -1; - } + /* Failed to parse message from child process, log it as a + warning */ + log_warn(LD_GENERAL, + "Unexpected message from port forwarding helper \"%s\": %s", + executable, buf); } } else { - /* We have some data, log it and keep asking for more */ - size_t len; + log_fn(severity, LD_GENERAL, "Port forwarding helper says: %s", buf); + } + } - len = strlen(buf); - if (buf[len - 1] == '\n') { - /* Remove the trailing newline */ - buf[len - 1] = '\0'; - } else { - /* No newline; check whether we overflowed the buffer */ - if (!feof(stream)) - log_warn(LD_GENERAL, - "Line from port forwarding helper was truncated: %s", buf); - /* TODO: What to do with this error? */ - } + /* We should never get here */ + return -1; +} +#endif - /* Check if buf starts with SPAWN_ERROR_MESSAGE */ - if (strcmpstart(buf, SPAWN_ERROR_MESSAGE) == 0) { - /* Parse error message */ - int retval, child_state, saved_errno; - retval = tor_sscanf(buf, SPAWN_ERROR_MESSAGE "%x/%x", - &child_state, &saved_errno); - if (retval == 2) { - log_warn(LD_GENERAL, - "Failed to start child process \"%s\" in state %d: %s", - executable, child_state, strerror(saved_errno)); - if (child_status) - *child_status = 1; - } else { - /* Failed to parse message from child process, log it as a - warning */ - log_warn(LD_GENERAL, - "Unexpected message from port forwarding helper \"%s\": %s", - executable, buf); - } +/** Reads from <b>stream</b> and stores input in <b>buf_out</b> making + * sure it's below <b>count</b> bytes. + * If the string has a trailing newline, we strip it off. + * + * This function is specifically created to handle input from managed + * proxies, according to the pluggable transports spec. Make sure it + * fits your needs before using it. + * + * Returns: + * IO_STREAM_CLOSED: If the stream is closed. + * IO_STREAM_EAGAIN: If there is nothing to read and we should check back + * later. + * IO_STREAM_TERM: If something is wrong with the stream. + * IO_STREAM_OKAY: If everything went okay and we got a string + * in <b>buf_out</b>. */ +enum stream_status +get_string_from_pipe(FILE *stream, char *buf_out, size_t count) +{ + char *retval; + size_t len; + + retval = fgets(buf_out, count, stream); + + if (!retval) { + if (feof(stream)) { + /* Program has closed stream (probably it exited) */ + /* TODO: check error */ + return IO_STREAM_CLOSED; + } else { + if (EAGAIN == errno) { + /* Nothing more to read, try again next time */ + return IO_STREAM_EAGAIN; } else { - log_fn(severity, LD_GENERAL, "Port forwarding helper says: %s", buf); + /* There was a problem, abandon this child process */ + return IO_STREAM_TERM; } } + } else { + len = strlen(buf_out); + tor_assert(len>0); + + if (buf_out[len - 1] == '\n') { + /* Remove the trailing newline */ + buf_out[len - 1] = '\0'; + } else { + /* No newline; check whether we overflowed the buffer */ + if (!feof(stream)) + log_info(LD_GENERAL, + "Line from stream was truncated: %s", buf_out); + /* TODO: What to do with this error? */ + } + + return IO_STREAM_OKAY; } /* We should never get here */ - return -1; + return IO_STREAM_TERM; } -#endif void tor_check_port_forwarding(const char *filename, int dir_port, int or_port, @@ -3885,9 +3977,9 @@ tor_check_port_forwarding(const char *filename, int dir_port, int or_port, #ifdef MS_WINDOWS /* Passing NULL as lpApplicationName makes Windows search for the .exe */ - tor_spawn_background(NULL, argv, &child_handle); + tor_spawn_background(NULL, argv, NULL &child_handle); #else - tor_spawn_background(filename, argv, &child_handle); + tor_spawn_background(filename, argv, NULL, &child_handle); #endif if (PROCESS_STATUS_ERROR == child_handle.status) { log_warn(LD_GENERAL, "Failed to start port forwarding helper %s", diff --git a/src/common/util.h b/src/common/util.h index c8cce39f3c..77ed1ca5ee 100644 --- a/src/common/util.h +++ b/src/common/util.h @@ -205,6 +205,8 @@ const char *find_whitespace(const char *s) ATTR_PURE; const char *find_whitespace_eos(const char *s, const char *eos) ATTR_PURE; const char *find_str_at_start_of_line(const char *haystack, const char *needle) ATTR_PURE; +int string_is_C_identifier(const char *string); + int tor_mem_is_zero(const char *mem, size_t len) ATTR_PURE; int tor_digest_is_zero(const char *digest) ATTR_PURE; int tor_digest256_is_zero(const char *digest) ATTR_PURE; @@ -286,6 +288,16 @@ char *rate_limit_log(ratelim_t *lim, time_t now); ssize_t write_all(tor_socket_t fd, const char *buf, size_t count,int isSocket); ssize_t read_all(tor_socket_t fd, char *buf, size_t count, int isSocket); +/** Status of an I/O stream. */ +enum stream_status { + IO_STREAM_OKAY, + IO_STREAM_EAGAIN, + IO_STREAM_TERM, + IO_STREAM_CLOSED +}; + +enum stream_status get_string_from_pipe(FILE *stream, char *buf, size_t count); + /** Return values from file_status(); see that function's documentation * for details. */ typedef enum { FN_ERROR, FN_NOENT, FN_FILE, FN_DIR } file_status_t; @@ -348,6 +360,13 @@ void write_pidfile(char *filename); void tor_check_port_forwarding(const char *filename, int dir_port, int or_port, time_t now); +int tor_terminate_process(pid_t pid); +typedef struct process_handle_s process_handle_t; +int tor_spawn_background(const char *const filename, const char **argv, + const char **envp, process_handle_t *process_handle); + +#define SPAWN_ERROR_MESSAGE "ERR: Failed to spawn background process - code " + #ifdef MS_WINDOWS HANDLE load_windows_system_library(const TCHAR *library_name); #endif @@ -361,7 +380,7 @@ HANDLE load_windows_system_library(const TCHAR *library_name); #define PROCESS_STATUS_NOTRUNNING 0 #define PROCESS_STATUS_RUNNING 1 #define PROCESS_STATUS_ERROR -1 -typedef struct process_handle_s { +struct process_handle_s { int status; #ifdef MS_WINDOWS HANDLE stdout_pipe; @@ -374,10 +393,7 @@ typedef struct process_handle_s { FILE *stderr_handle; pid_t pid; #endif // MS_WINDOWS -} process_handle_t; - -int tor_spawn_background(const char *const filename, const char **argv, - process_handle_t *process_handle); +}; /* Return values of tor_get_exit_code() */ #define PROCESS_EXIT_RUNNING 1 @@ -399,6 +415,7 @@ ssize_t tor_read_all_from_process_stdout( ssize_t tor_read_all_from_process_stderr( const process_handle_t *process_handle, char *buf, size_t count); char *tor_join_win_cmdline(const char *argv[]); + void format_helper_exit_status(unsigned char child_state, int saved_errno, char *hex_errno); diff --git a/src/or/Makefile.am b/src/or/Makefile.am index e2a1b6d649..67adf504df 100644 --- a/src/or/Makefile.am +++ b/src/or/Makefile.am @@ -39,6 +39,7 @@ libtor_a_SOURCES = \ networkstatus.c \ nodelist.c \ onion.c \ + transports.c \ policies.c \ reasons.c \ relay.c \ @@ -104,6 +105,7 @@ noinst_HEADERS = \ ntmain.h \ onion.h \ or.h \ + transports.h \ policies.h \ reasons.h \ relay.h \ diff --git a/src/or/buffers.c b/src/or/buffers.c index 85d58e8986..1025cedad2 100644 --- a/src/or/buffers.c +++ b/src/or/buffers.c @@ -1873,9 +1873,9 @@ parse_socks(const char *data, size_t datalen, socks_request_t *req, } if (log_sockstype) log_notice(LD_APP, - "Your application (using socks5 to port %d) gave " - "Tor a hostname, which means Tor will do the DNS resolve " - "for you. This is good.", req->port); + "Your application (using socks5 to port %d) instructed " + "Tor to take care of the DNS resolution itself if " + "necessary. This is good.", req->port); return 1; default: /* unsupported */ log_warn(LD_APP,"socks5: unsupported address type %d. Rejecting.", @@ -1974,9 +1974,9 @@ parse_socks(const char *data, size_t datalen, socks_request_t *req, if (log_sockstype) log_notice(LD_APP, - "Your application (using socks4a to port %d) gave " - "Tor a hostname, which means Tor will do the DNS resolve " - "for you. This is good.", req->port); + "Your application (using socks4a to port %d) instructed " + "Tor to take care of the DNS resolution itself if " + "necessary. This is good.", req->port); } log_debug(LD_APP,"socks4: Everything is here. Success."); strlcpy(req->address, startaddr ? startaddr : tmpbuf, diff --git a/src/or/circuitbuild.c b/src/or/circuitbuild.c index 7a8a867254..c4b697c9a6 100644 --- a/src/or/circuitbuild.c +++ b/src/or/circuitbuild.c @@ -26,6 +26,7 @@ #include "nodelist.h" #include "onion.h" #include "policies.h" +#include "transports.h" #include "relay.h" #include "rephist.h" #include "router.h" @@ -123,8 +124,6 @@ static int onion_append_hop(crypt_path_t **head_ptr, extend_info_t *choice); static void entry_guards_changed(void); -static const transport_t *transport_get_by_name(const char *name); -static void transport_free(transport_t *transport); static void bridge_free(bridge_info_t *bridge); /** @@ -1408,7 +1407,7 @@ circuit_build_times_set_timeout_worker(circuit_build_times_t *cbt) cbt->close_ms = MAX(cbt->close_ms, circuit_build_times_initial_timeout()); if (cbt->timeout_ms > max_time) { - log_notice(LD_CIRC, + log_info(LD_CIRC, "Circuit build timeout of %dms is beyond the maximum build " "time we have ever observed. Capping it to %dms.", (int)cbt->timeout_ms, max_time); @@ -1456,7 +1455,7 @@ circuit_build_times_set_timeout(circuit_build_times_t *cbt) timeout_rate = circuit_build_times_timeout_rate(cbt); if (prev_timeout > tor_lround(cbt->timeout_ms/1000)) { - log_notice(LD_CIRC, + log_info(LD_CIRC, "Based on %d circuit times, it looks like we don't need to " "wait so long for circuits to finish. We will now assume a " "circuit is too slow to use after waiting %ld seconds.", @@ -1467,7 +1466,7 @@ circuit_build_times_set_timeout(circuit_build_times_t *cbt) cbt->timeout_ms, cbt->close_ms, cbt->Xm, cbt->alpha, timeout_rate); } else if (prev_timeout < tor_lround(cbt->timeout_ms/1000)) { - log_notice(LD_CIRC, + log_info(LD_CIRC, "Based on %d circuit times, it looks like we need to wait " "longer for circuits to finish. We will now assume a " "circuit is too slow to use after waiting %ld seconds.", @@ -1982,9 +1981,10 @@ should_use_create_fast_for_circuit(origin_circuit_t *circ) return 1; /* our hand is forced: only a create_fast will work. */ if (!options->FastFirstHopPK) return 0; /* we prefer to avoid create_fast */ - if (server_mode(options)) { + if (public_server_mode(options)) { /* We're a server, and we know an onion key. We can choose. - * Prefer to blend in. */ + * Prefer to blend our circuit into the other circuits we are + * creating on behalf of others. */ return 0; } @@ -4186,7 +4186,7 @@ choose_random_entry(cpath_build_state_t *state) goto choose_and_finish; } if (smartlist_len(live_entry_guards) >= options->NumEntryGuards) - break; /* we have enough */ + goto choose_and_finish; /* we have enough */ } SMARTLIST_FOREACH_END(entry); if (entry_list_is_constrained(options)) { @@ -4594,6 +4594,32 @@ bridge_free(bridge_info_t *bridge) /** A list of pluggable transports found in torrc. */ static smartlist_t *transport_list = NULL; +/** Mark every entry of the transport list to be removed on our next call to + * sweep_transport_list unless it has first been un-marked. */ +void +mark_transport_list(void) +{ + if (!transport_list) + transport_list = smartlist_create(); + SMARTLIST_FOREACH(transport_list, transport_t *, t, + t->marked_for_removal = 1); +} + +/** Remove every entry of the transport list that was marked with + * mark_transport_list if it has not subsequently been un-marked. */ +void +sweep_transport_list(void) +{ + if (!transport_list) + transport_list = smartlist_create(); + SMARTLIST_FOREACH_BEGIN(transport_list, transport_t *, t) { + if (t->marked_for_removal) { + SMARTLIST_DEL_CURRENT(transport_list, t); + transport_free(t); + } + } SMARTLIST_FOREACH_END(t); +} + /** Initialize the pluggable transports list to empty, creating it if * needed. */ void @@ -4606,7 +4632,7 @@ clear_transport_list(void) } /** Free the pluggable transport struct <b>transport</b>. */ -static void +void transport_free(transport_t *transport) { if (!transport) @@ -4618,7 +4644,7 @@ transport_free(transport_t *transport) /** Returns the transport in our transport list that has the name <b>name</b>. * Else returns NULL. */ -static const transport_t * +transport_t * transport_get_by_name(const char *name) { tor_assert(name); @@ -4626,7 +4652,7 @@ transport_get_by_name(const char *name) if (!transport_list) return NULL; - SMARTLIST_FOREACH_BEGIN(transport_list, const transport_t *, transport) { + SMARTLIST_FOREACH_BEGIN(transport_list, transport_t *, transport) { if (!strcmp(transport->name, name)) return transport; } SMARTLIST_FOREACH_END(transport); @@ -4634,41 +4660,139 @@ transport_get_by_name(const char *name) return NULL; } -/** Remember a new pluggable transport proxy at <b>addr</b>:<b>port</b>. - * <b>name</b> is set to the name of the protocol this proxy uses. - * <b>socks_ver</b> is set to the SOCKS version of the proxy. - * - * Returns 0 on success, -1 on fail. */ -int -transport_add_from_config(const tor_addr_t *addr, uint16_t port, - const char *name, int socks_ver) +/** Returns a transport_t struct for a transport proxy supporting the + protocol <b>name</b> listening at <b>addr</b>:<b>port</b> using + SOCKS version <b>socks_ver</b>. */ +transport_t * +transport_create(const tor_addr_t *addr, uint16_t port, + const char *name, int socks_ver) { - transport_t *t; + transport_t *t = tor_malloc_zero(sizeof(transport_t)); - if (transport_get_by_name(name)) { /* check for duplicate names */ - log_warn(LD_CONFIG, "More than one transport has '%s' as " - "its name.", name); - return -1; - } - - t = tor_malloc_zero(sizeof(transport_t)); tor_addr_copy(&t->addr, addr); t->port = port; t->name = tor_strdup(name); t->socks_version = socks_ver; - if (!transport_list) - transport_list = smartlist_create(); + return t; +} + +/** Resolve any conflicts that the insertion of transport <b>t</b> + * might cause. + * Return 0 if <b>t</b> is OK and should be registered, 1 if there is + * a transport identical to <b>t</b> already registered and -1 if + * <b>t</b> cannot be added due to conflicts. */ +static int +transport_resolve_conflicts(transport_t *t) +{ + /* This is how we resolve transport conflicts: + + If there is already a transport with the same name and addrport, + we either have duplicate torrc lines OR we are here post-HUP and + this transport was here pre-HUP as well. In any case, mark the + old transport so that it doesn't get removed and ignore the new + one. Our caller has to free the new transport so we return '1' to + signify this. + + If there is already a transport with the same name but different + addrport: + * if it's marked for removal, it means that it either has a lower + priority than 't' in torrc (otherwise the mark would have been + cleared by the paragraph above), or it doesn't exist at all in + the post-HUP torrc. We destroy the old transport and register 't'. + * if it's *not* marked for removal, it means that it was newly + added in the post-HUP torrc or that it's of higher priority, in + this case we ignore 't'. */ + transport_t *t_tmp = transport_get_by_name(t->name); + if (t_tmp) { /* same name */ + if (tor_addr_eq(&t->addr, &t_tmp->addr) && (t->port == t_tmp->port)) { + /* same name *and* addrport */ + t_tmp->marked_for_removal = 0; + return 1; + } else { /* same name but different addrport */ + if (t_tmp->marked_for_removal) { /* marked for removal */ + log_notice(LD_GENERAL, "You tried to add transport '%s' at '%s:%u' " + "but there was already a transport marked for deletion at " + "'%s:%u'. We deleted the old transport and registered the " + "new one.", t->name, fmt_addr(&t->addr), t->port, + fmt_addr(&t_tmp->addr), t_tmp->port); + smartlist_remove(transport_list, t_tmp); + transport_free(t_tmp); + } else { /* *not* marked for removal */ + log_notice(LD_GENERAL, "You tried to add transport '%s' at '%s:%u' " + "but the same transport already exists at '%s:%u'. " + "Skipping.", t->name, fmt_addr(&t->addr), t->port, + fmt_addr(&t_tmp->addr), t_tmp->port); + return -1; + } + } + } - smartlist_add(transport_list, t); return 0; } -/** Warns the user of possible pluggable transport misconfiguration. */ -void +/** Add transport <b>t</b> to the internal list of pluggable + * transports. + * Returns 0 if the transport was added correctly, 1 if the same + * transport was already registered (in this case the caller must + * free the transport) and -1 if there was an error. */ +int +transport_add(transport_t *t) +{ + int r; + tor_assert(t); + + r = transport_resolve_conflicts(t); + + switch (r) { + case 0: /* should register transport */ + if (!transport_list) + transport_list = smartlist_create(); + smartlist_add(transport_list, t); + return 0; + default: /* let our caller know the return code */ + return r; + } +} + +/** Remember a new pluggable transport proxy at <b>addr</b>:<b>port</b>. + * <b>name</b> is set to the name of the protocol this proxy uses. + * <b>socks_ver</b> is set to the SOCKS version of the proxy. */ +int +transport_add_from_config(const tor_addr_t *addr, uint16_t port, + const char *name, int socks_ver) +{ + transport_t *t = transport_create(addr, port, name, socks_ver); + + int r = transport_add(t); + + switch (r) { + case -1: + default: + log_notice(LD_GENERAL, "Could not add transport %s at %s:%u. Skipping.", + t->name, fmt_addr(&t->addr), t->port); + transport_free(t); + return -1; + case 1: + log_info(LD_GENERAL, "Succesfully registered transport %s at %s:%u.", + t->name, fmt_addr(&t->addr), t->port); + transport_free(t); /* falling */ + return 0; + case 0: + log_info(LD_GENERAL, "Succesfully registered transport %s at %s:%u.", + t->name, fmt_addr(&t->addr), t->port); + return 0; + } +} + +/** Warn the user of possible pluggable transport misconfiguration. + * Return 0 if the validation happened, -1 if we should postpone the + * validation. */ +int validate_pluggable_transports_config(void) { - if (bridge_list) { + /* Don't validate if managed proxies are not yet fully configured. */ + if (bridge_list && !pt_proxies_configuration_pending()) { SMARTLIST_FOREACH_BEGIN(bridge_list, bridge_info_t *, b) { /* Skip bridges without transports. */ if (!b->transport_name) @@ -4682,6 +4806,10 @@ validate_pluggable_transports_config(void) "corresponding ClientTransportPlugin line.", b->transport_name); } SMARTLIST_FOREACH_END(b); + + return 0; + } else { + return -1; } } @@ -4912,6 +5040,11 @@ fetch_bridge_descriptors(const or_options_t *options, time_t now) if (!bridge_list) return; + /* If we still have unconfigured managed proxies, don't go and + connect to a bridge. */ + if (pt_proxies_configuration_pending()) + return; + SMARTLIST_FOREACH_BEGIN(bridge_list, bridge_info_t *, bridge) { if (!download_status_is_ready(&bridge->fetch_status, now, diff --git a/src/or/circuitbuild.h b/src/or/circuitbuild.h index bb5c2eb0bf..1052db6153 100644 --- a/src/or/circuitbuild.h +++ b/src/or/circuitbuild.h @@ -22,6 +22,9 @@ typedef struct { tor_addr_t addr; /** Port of proxy */ uint16_t port; + /** Boolean: We are re-parsing our transport list, and we are going to remove + * this one if we don't find it in the list of configured transports. */ + unsigned marked_for_removal : 1; } transport_t; char *circuit_list_path(origin_circuit_t *circ, int verbose); @@ -77,6 +80,9 @@ int getinfo_helper_entry_guards(control_connection_t *conn, void mark_bridge_list(void); void sweep_bridge_list(void); +void mark_transport_list(void); +void sweep_transport_list(void); + int routerinfo_is_a_configured_bridge(const routerinfo_t *ri); int node_is_a_configured_bridge(const node_t *node); void learned_router_identity(const tor_addr_t *addr, uint16_t port, @@ -142,9 +148,16 @@ int circuit_build_times_get_bw_scale(networkstatus_t *ns); void clear_transport_list(void); int transport_add_from_config(const tor_addr_t *addr, uint16_t port, const char *name, int socks_ver); +int transport_add(transport_t *t); +void transport_free(transport_t *transport); +transport_t *transport_create(const tor_addr_t *addr, uint16_t port, + const char *name, int socks_ver); + int find_transport_by_bridge_addrport(const tor_addr_t *addr, uint16_t port, const transport_t **transport); -void validate_pluggable_transports_config(void); +transport_t *transport_get_by_name(const char *name); + +int validate_pluggable_transports_config(void); #endif diff --git a/src/or/circuitlist.c b/src/or/circuitlist.c index 2222a25af0..e4408f84cf 100644 --- a/src/or/circuitlist.c +++ b/src/or/circuitlist.c @@ -1128,9 +1128,11 @@ circuit_expire_all_dirty_circs(void) * - If circ isn't open yet: call circuit_build_failed() if we're * the origin, and in either case call circuit_rep_hist_note_result() * to note stats. - * - If purpose is C_INTRODUCE_ACK_WAIT, remove the intro point we - * just tried from our list of intro points for that service - * descriptor. + * - If purpose is C_INTRODUCE_ACK_WAIT, report the intro point + * failure we just had to the hidden service client module. + * - If purpose is C_INTRODUCING and <b>reason</b> isn't TIMEOUT, + * report to the hidden service client module that the intro point + * we just tried may be unreachable. * - Send appropriate destroys and edge_destroys for conns and * streams attached to circ. * - If circ->rend_splice is set (we are the midpoint of a joined @@ -1199,16 +1201,33 @@ _circuit_mark_for_close(circuit_t *circ, int reason, int line, } if (circ->purpose == CIRCUIT_PURPOSE_C_INTRODUCE_ACK_WAIT) { origin_circuit_t *ocirc = TO_ORIGIN_CIRCUIT(circ); + int timed_out = (reason == END_STREAM_REASON_TIMEOUT); tor_assert(circ->state == CIRCUIT_STATE_OPEN); tor_assert(ocirc->build_state->chosen_exit); tor_assert(ocirc->rend_data); /* treat this like getting a nack from it */ - log_info(LD_REND, "Failed intro circ %s to %s (awaiting ack). " - "Removing from descriptor.", + log_info(LD_REND, "Failed intro circ %s to %s (awaiting ack). %s", safe_str_client(ocirc->rend_data->onion_address), + safe_str_client(build_state_get_exit_nickname(ocirc->build_state)), + timed_out ? "Recording timeout." : "Removing from descriptor."); + rend_client_report_intro_point_failure(ocirc->build_state->chosen_exit, + ocirc->rend_data, + timed_out ? + INTRO_POINT_FAILURE_TIMEOUT : + INTRO_POINT_FAILURE_GENERIC); + } else if (circ->purpose == CIRCUIT_PURPOSE_C_INTRODUCING && + reason != END_STREAM_REASON_TIMEOUT) { + origin_circuit_t *ocirc = TO_ORIGIN_CIRCUIT(circ); + tor_assert(ocirc->build_state->chosen_exit); + tor_assert(ocirc->rend_data); + log_info(LD_REND, "Failed intro circ %s to %s " + "(building circuit to intro point). " + "Marking intro point as possibly unreachable.", + safe_str_client(ocirc->rend_data->onion_address), safe_str_client(build_state_get_exit_nickname(ocirc->build_state))); - rend_client_remove_intro_point(ocirc->build_state->chosen_exit, - ocirc->rend_data); + rend_client_report_intro_point_failure(ocirc->build_state->chosen_exit, + ocirc->rend_data, + INTRO_POINT_FAILURE_UNREACHABLE); } if (circ->n_conn) { circuit_clear_cell_queue(circ, circ->n_conn); diff --git a/src/or/circuituse.c b/src/or/circuituse.c index f7f080db13..9b9621890f 100644 --- a/src/or/circuituse.c +++ b/src/or/circuituse.c @@ -1589,6 +1589,14 @@ link_apconn_to_circ(entry_connection_t *apconn, origin_circuit_t *circ, /* assert_connection_ok(conn, time(NULL)); */ circ->p_streams = ENTRY_TO_EDGE_CONN(apconn); + if (connection_edge_is_rendezvous_stream(ENTRY_TO_EDGE_CONN(apconn))) { + /* We are attaching a stream to a rendezvous circuit. That means + * that an attempt to connect to a hidden service just + * succeeded. Tell rendclient.c. */ + rend_client_note_connection_attempt_ended( + ENTRY_TO_EDGE_CONN(apconn)->rend_data->onion_address); + } + if (cpath) { /* we were given one; use it */ tor_assert(cpath_is_on_circuit(circ, cpath)); } else { diff --git a/src/or/config.c b/src/or/config.c index bc77b3a77e..07f00822f2 100644 --- a/src/or/config.c +++ b/src/or/config.c @@ -33,7 +33,9 @@ #include "rendservice.h" #include "rephist.h" #include "router.h" +#include "util.h" #include "routerlist.h" +#include "transports.h" #ifdef MS_WINDOWS #include <shlobj.h> #endif @@ -301,6 +303,7 @@ static config_var_t _option_vars[] = { V(HTTPProxyAuthenticator, STRING, NULL), V(HTTPSProxy, STRING, NULL), V(HTTPSProxyAuthenticator, STRING, NULL), + VAR("ServerTransportPlugin", LINELIST, ServerTransportPlugin, NULL), V(Socks4Proxy, STRING, NULL), V(Socks5Proxy, STRING, NULL), V(Socks5ProxyUsername, STRING, NULL), @@ -386,6 +389,7 @@ static config_var_t _option_vars[] = { OBSOLETE("SysLog"), V(TestSocks, BOOL, "0"), OBSOLETE("TestVia"), + V(TokenBucketRefillInterval, MSEC_INTERVAL, "100 msec"), V(TrackHostExits, CSV, NULL), V(TrackHostExitsExpire, INTERVAL, "30 minutes"), OBSOLETE("TrafficShaping"), @@ -476,6 +480,9 @@ static config_var_t _state_vars[] = { VAR("EntryGuardAddedBy", LINELIST_S, EntryGuards, NULL), V(EntryGuards, LINELIST_V, NULL), + VAR("TransportProxy", LINELIST_S, TransportProxies, NULL), + V(TransportProxies, LINELIST_V, NULL), + V(BWHistoryReadEnds, ISOTIME, NULL), V(BWHistoryReadInterval, UINT, "900"), V(BWHistoryReadValues, CSV, ""), @@ -502,7 +509,6 @@ static config_var_t _state_vars[] = { V(CircuitBuildAbandonedCount, UINT, "0"), VAR("CircuitBuildTimeBin", LINELIST_S, BuildtimeHistogram, NULL), VAR("BuildtimeHistogram", LINELIST_V, BuildtimeHistogram, NULL), - { NULL, CONFIG_TYPE_OBSOLETE, 0, NULL } }; @@ -580,6 +586,8 @@ static int check_nickname_list(const char *lst, const char *name, char **msg); static int parse_bridge_line(const char *line, int validate_only); static int parse_client_transport_line(const char *line, int validate_only); + +static int parse_server_transport_line(const char *line, int validate_only); static int parse_dir_server_line(const char *line, dirinfo_type_t required_type, int validate_only); @@ -1275,18 +1283,6 @@ options_act(const or_options_t *old_options) if (consider_adding_dir_authorities(options, old_options) < 0) return -1; - clear_transport_list(); - if (options->ClientTransportPlugin) { - for (cl = options->ClientTransportPlugin; cl; cl = cl->next) { - if (parse_client_transport_line(cl->value, 0)<0) { - log_warn(LD_BUG, - "Previously validated ClientTransportPlugin line " - "could not be added!"); - return -1; - } - } - } - if (options->Bridges) { mark_bridge_list(); for (cl = options->Bridges; cl; cl = cl->next) { @@ -1299,11 +1295,6 @@ options_act(const or_options_t *old_options) sweep_bridge_list(); } - /* If we have pluggable transport related options enabled, see if we - should warn the user about potential configuration problems. */ - if (options->Bridges || options->ClientTransportPlugin) - validate_pluggable_transports_config(); - if (running_tor && rend_config_services(options, 0)<0) { log_warn(LD_BUG, "Previously validated hidden services line could not be added!"); @@ -1323,6 +1314,32 @@ options_act(const or_options_t *old_options) rep_hist_load_mtbf_data(time(NULL)); } + mark_transport_list(); + pt_prepare_proxy_list_for_config_read(); + if (options->ClientTransportPlugin) { + for (cl = options->ClientTransportPlugin; cl; cl = cl->next) { + if (parse_client_transport_line(cl->value, 0)<0) { + log_warn(LD_BUG, + "Previously validated ClientTransportPlugin line " + "could not be added!"); + return -1; + } + } + } + + if (options->ServerTransportPlugin) { + for (cl = options->ServerTransportPlugin; cl; cl = cl->next) { + if (parse_server_transport_line(cl->value, 0)<0) { + log_warn(LD_BUG, + "Previously validated ServerTransportPlugin line " + "could not be added!"); + return -1; + } + } + } + sweep_transport_list(); + sweep_proxy_list(); + /* Bail out at this point if we're not going to be a client or server: * we want to not fork, and to log stuff to stderr. */ if (!running_tor) @@ -3165,6 +3182,11 @@ options_validate(or_options_t *old_options, or_options_t *options, REJECT("TransPort and TransListenAddress are disabled in this build."); #endif + if (options->TokenBucketRefillInterval <= 0 + || options->TokenBucketRefillInterval > 1000) { + REJECT("TokenBucketRefillInterval must be between 1 and 1000 inclusive."); + } + if (options->AccountingMax && (is_listening_on_low_port(options->ORPort, options->ORListenAddress) || is_listening_on_low_port(options->DirPort, options->DirListenAddress))) @@ -3721,14 +3743,19 @@ options_validate(or_options_t *old_options, or_options_t *options, if (options->UseBridges && !options->TunnelDirConns) REJECT("If you set UseBridges, you must set TunnelDirConns."); + for (cl = options->Bridges; cl; cl = cl->next) { + if (parse_bridge_line(cl->value, 1)<0) + REJECT("Bridge line did not parse. See logs for details."); + } + for (cl = options->ClientTransportPlugin; cl; cl = cl->next) { if (parse_client_transport_line(cl->value, 1)<0) REJECT("Transport line did not parse. See logs for details."); } - for (cl = options->Bridges; cl; cl = cl->next) { - if (parse_bridge_line(cl->value, 1)<0) - REJECT("Bridge line did not parse. See logs for details."); + for (cl = options->ServerTransportPlugin; cl; cl = cl->next) { + if (parse_server_transport_line(cl->value, 1)<0) + REJECT("Server transport line did not parse. See logs for details."); } if (options->ConstrainedSockets) { @@ -3967,6 +3994,12 @@ options_transition_allowed(const or_options_t *old, return -1; } + if (old->TokenBucketRefillInterval != new_val->TokenBucketRefillInterval) { + *msg = tor_strdup("While Tor is running, changing TokenBucketRefill" + "Interval is not allowed"); + return -1; + } + if (old->DisableIOCP != new_val->DisableIOCP) { *msg = tor_strdup("While Tor is running, changing DisableIOCP " "is not allowed."); @@ -4690,72 +4723,243 @@ parse_bridge_line(const char *line, int validate_only) SMARTLIST_FOREACH(items, char*, s, tor_free(s)); smartlist_free(items); tor_free(addrport); - tor_free(fingerprint); tor_free(transport_name); + tor_free(fingerprint); return r; } /** Read the contents of a ClientTransportPlugin line from * <b>line</b>. Return 0 if the line is well-formed, and -1 if it - * isn't. If <b>validate_only</b> is 0, and the line is well-formed, - * then add the transport described in the line to our internal - * transport list. -*/ + * isn't. + * + * If <b>validate_only</b> is 0, and the line is well-formed: + * - If it's an external proxy line, add the transport described in the line to + * our internal transport list. + * - If it's a managed proxy line, launch the managed proxy. */ static int parse_client_transport_line(const char *line, int validate_only) { smartlist_t *items = NULL; int r; - char *socks_ver_str=NULL; - char *name=NULL; + char *field2=NULL; + + const char *transports=NULL; + smartlist_t *transport_list=NULL; char *addrport=NULL; - int socks_ver; tor_addr_t addr; uint16_t port = 0; + int socks_ver=PROXY_NONE; + + /* managed proxy options */ + int is_managed=0; + char **proxy_argv=NULL; + char **tmp=NULL; + int proxy_argc,i; + + int line_length; items = smartlist_create(); smartlist_split_string(items, line, NULL, SPLIT_SKIP_SPACE|SPLIT_IGNORE_BLANK, -1); - if (smartlist_len(items) < 3) { + line_length = smartlist_len(items); + if (line_length < 3) { log_warn(LD_CONFIG, "Too few arguments on ClientTransportPlugin line."); goto err; } - name = smartlist_get(items, 0); + /* Get the first line element, split it to commas into + transport_list (in case it's multiple transports) and validate + the transport names. */ + transports = smartlist_get(items, 0); + transport_list = smartlist_create(); + smartlist_split_string(transport_list, transports, ",", + SPLIT_SKIP_SPACE|SPLIT_IGNORE_BLANK, 0); + SMARTLIST_FOREACH_BEGIN(transport_list, const char *, transport_name) { + if (!string_is_C_identifier(transport_name)) { + log_warn(LD_CONFIG, "Transport name is not a C identifier (%s).", + transport_name); + goto err; + } + } SMARTLIST_FOREACH_END(transport_name); - socks_ver_str = smartlist_get(items, 1); + /* field2 is either a SOCKS version or "exec" */ + field2 = smartlist_get(items, 1); - if (!strcmp(socks_ver_str,"socks4")) + if (!strcmp(field2,"socks4")) { socks_ver = PROXY_SOCKS4; - else if (!strcmp(socks_ver_str,"socks5")) + } else if (!strcmp(field2,"socks5")) { socks_ver = PROXY_SOCKS5; - else { - log_warn(LD_CONFIG, "Strange ClientTransportPlugin proxy type '%s'.", - socks_ver_str); + } else if (!strcmp(field2,"exec")) { + is_managed=1; + } else { + log_warn(LD_CONFIG, "Strange ClientTransportPlugin field '%s'.", + field2); goto err; } - addrport = smartlist_get(items, 2); + if (is_managed) { /* managed */ + if (!validate_only) { /* if we are not just validating, use the + rest of the line as the argv of the proxy + to be launched */ + proxy_argc = line_length-2; + tor_assert(proxy_argc > 0); + proxy_argv = tor_malloc_zero(sizeof(char*)*(proxy_argc+1)); + tmp = proxy_argv; + for (i=0;i<proxy_argc;i++) { /* store arguments */ + *tmp++ = smartlist_get(items, 2); + smartlist_del_keeporder(items, 2); + } + *tmp = NULL; /*terminated with NUL pointer, just like execve() likes it*/ - if (tor_addr_port_parse(addrport, &addr, &port)<0) { - log_warn(LD_CONFIG, "Error parsing transport " - "address '%s'", addrport); + /* kickstart the thing */ + pt_kickstart_client_proxy(transport_list, proxy_argv); + } + } else { /* external */ + if (smartlist_len(transport_list) != 1) { + log_warn(LD_CONFIG, "You can't have an external proxy with " + "more than one transports."); + goto err; + } + + addrport = smartlist_get(items, 2); + + if (tor_addr_port_parse(addrport, &addr, &port)<0) { + log_warn(LD_CONFIG, "Error parsing transport " + "address '%s'", addrport); + goto err; + } + if (!port) { + log_warn(LD_CONFIG, + "Transport address '%s' has no port.", addrport); + goto err; + } + + if (!validate_only) { + transport_add_from_config(&addr, port, smartlist_get(transport_list, 0), + socks_ver); + + log_info(LD_DIR, "Transport '%s' found at %s:%d", + transports, fmt_addr(&addr), (int)port); + } + } + + r = 0; + goto done; + + err: + r = -1; + + done: + SMARTLIST_FOREACH(items, char*, s, tor_free(s)); + smartlist_free(items); + SMARTLIST_FOREACH(transport_list, char*, s, tor_free(s)); + smartlist_free(transport_list); + + return r; +} + +/** Read the contents of a ServerTransportPlugin line from + * <b>line</b>. Return 0 if the line is well-formed, and -1 if it + * isn't. + * If <b>validate_only</b> is 0, the line is well-formed, and it's a + * managed proxy line, launch the managed proxy. */ +static int +parse_server_transport_line(const char *line, int validate_only) +{ + smartlist_t *items = NULL; + int r; + const char *transports=NULL; + smartlist_t *transport_list=NULL; + char *type=NULL; + char *addrport=NULL; + tor_addr_t addr; + uint16_t port = 0; + + /* managed proxy options */ + int is_managed=0; + char **proxy_argv=NULL; + char **tmp=NULL; + int proxy_argc,i; + + int line_length; + + items = smartlist_create(); + smartlist_split_string(items, line, NULL, + SPLIT_SKIP_SPACE|SPLIT_IGNORE_BLANK, -1); + + line_length = smartlist_len(items); + if (line_length < 3) { + log_warn(LD_CONFIG, "Too few arguments on ServerTransportPlugin line."); goto err; } - if (!port) { - log_warn(LD_CONFIG, - "Transport address '%s' has no port.", addrport); + /* Get the first line element, split it to commas into + transport_list (in case it's multiple transports) and validate + the transport names. */ + transports = smartlist_get(items, 0); + transport_list = smartlist_create(); + smartlist_split_string(transport_list, transports, ",", + SPLIT_SKIP_SPACE|SPLIT_IGNORE_BLANK, 0); + SMARTLIST_FOREACH_BEGIN(transport_list, const char *, transport_name) { + if (!string_is_C_identifier(transport_name)) { + log_warn(LD_CONFIG, "Transport name is not a C identifier (%s).", + transport_name); + goto err; + } + } SMARTLIST_FOREACH_END(transport_name); + + type = smartlist_get(items, 1); + + if (!strcmp(type, "exec")) { + is_managed=1; + } else if (!strcmp(type, "proxy")) { + is_managed=0; + } else { + log_warn(LD_CONFIG, "Strange ServerTransportPlugin type '%s'", type); goto err; } - if (!validate_only) { - log_debug(LD_DIR, "Transport %s found at %s:%d", name, - fmt_addr(&addr), (int)port); + if (is_managed) { /* managed */ + if (!validate_only) { + proxy_argc = line_length-2; + tor_assert(proxy_argc > 0); + proxy_argv = tor_malloc_zero(sizeof(char*)*(proxy_argc+1)); + tmp = proxy_argv; + + for (i=0;i<proxy_argc;i++) { /* store arguments */ + *tmp++ = smartlist_get(items, 2); + smartlist_del_keeporder(items, 2); + } + *tmp = NULL; /*terminated with NUL pointer, just like execve() likes it*/ - if (transport_add_from_config(&addr, port, name, socks_ver) < 0) + /* kickstart the thing */ + pt_kickstart_server_proxy(transport_list, proxy_argv); + } + } else { /* external */ + if (smartlist_len(transport_list) != 1) { + log_warn(LD_CONFIG, "You can't have an external proxy with " + "more than one transports."); + goto err; + } + + addrport = smartlist_get(items, 2); + + if (tor_addr_port_parse(addrport, &addr, &port)<0) { + log_warn(LD_CONFIG, "Error parsing transport " + "address '%s'", addrport); + goto err; + } + if (!port) { + log_warn(LD_CONFIG, + "Transport address '%s' has no port.", addrport); goto err; + } + + if (!validate_only) { + log_info(LD_DIR, "Server transport '%s' at %s:%d.", + transports, fmt_addr(&addr), (int)port); + } } r = 0; @@ -4767,6 +4971,9 @@ parse_client_transport_line(const char *line, int validate_only) done: SMARTLIST_FOREACH(items, char*, s, tor_free(s)); smartlist_free(items); + SMARTLIST_FOREACH(transport_list, char*, s, tor_free(s)); + smartlist_free(transport_list); + return r; } @@ -5633,6 +5840,7 @@ init_libevent(const or_options_t *options) memset(&cfg, 0, sizeof(cfg)); cfg.disable_iocp = options->DisableIOCP; cfg.num_cpus = get_num_cpus(options); + cfg.msec_per_tick = options->TokenBucketRefillInterval; tor_libevent_initialize(&cfg); @@ -5708,6 +5916,69 @@ options_get_datadir_fname2_suffix(const or_options_t *options, return fname; } +/** Return true if <b>line</b> is a valid state TransportProxy line. + * Return false otherwise. */ +static int +state_transport_line_is_valid(const char *line) +{ + smartlist_t *items = NULL; + char *addrport=NULL; + tor_addr_t addr; + uint16_t port = 0; + int r; + + items = smartlist_create(); + smartlist_split_string(items, line, NULL, + SPLIT_SKIP_SPACE|SPLIT_IGNORE_BLANK, -1); + + if (smartlist_len(items) != 2) { + log_warn(LD_CONFIG, "state: Not enough arguments in TransportProxy line."); + goto err; + } + + addrport = smartlist_get(items, 1); + if (tor_addr_port_parse(addrport, &addr, &port) < 0) { + log_warn(LD_CONFIG, "state: Could not parse addrport."); + goto err; + } + + if (!port) { + log_warn(LD_CONFIG, "state: Transport line did not contain port."); + goto err; + } + + r = 1; + goto done; + + err: + r = 0; + + done: + SMARTLIST_FOREACH(items, char*, s, tor_free(s)); + smartlist_free(items); + return r; +} + +/** Return 0 if all TransportProxy lines in <b>state</b> are well + * formed. Otherwise, return -1. */ +static int +validate_transports_in_state(or_state_t *state) +{ + int broken = 0; + config_line_t *line; + + for (line = state->TransportProxies ; line ; line = line->next) { + tor_assert(!strcmp(line->key, "TransportProxy")); + if (!state_transport_line_is_valid(line->value)<0) + broken = 1; + } + + if (broken) + log_warn(LD_CONFIG, "state: State file seems to be broken."); + + return 0; +} + /** Return 0 if every setting in <b>state</b> is reasonable, and a * permissible transition from <b>old_state</b>. Else warn and return -1. * Should have no side effects, except for normalizing the contents of @@ -5726,6 +5997,9 @@ or_state_validate(or_state_t *old_state, or_state_t *state, if (entry_guards_parse_state(state, 0, msg)<0) return -1; + if (validate_transports_in_state(state)<0) + return -1; + return 0; } @@ -5958,6 +6232,150 @@ or_state_save(time_t now) return 0; } +/** Return the config line for transport <b>transport</b> in the current state. + * Return NULL if there is no config line for <b>transport</b>. */ +static config_line_t * +get_transport_in_state_by_name(const char *transport) +{ + or_state_t *or_state = get_or_state(); + config_line_t *line; + config_line_t *ret = NULL; + smartlist_t *items = NULL; + + for (line = or_state->TransportProxies ; line ; line = line->next) { + tor_assert(!strcmp(line->key, "TransportProxy")); + + items = smartlist_create(); + smartlist_split_string(items, line->value, NULL, + SPLIT_SKIP_SPACE|SPLIT_IGNORE_BLANK, -1); + if (smartlist_len(items) != 2) /* broken state */ + goto done; + + if (!strcmp(smartlist_get(items, 0), transport)) { + ret = line; + goto done; + } + + SMARTLIST_FOREACH(items, char*, s, tor_free(s)); + smartlist_free(items); + items = NULL; + } + + done: + if (items) { + SMARTLIST_FOREACH(items, char*, s, tor_free(s)); + smartlist_free(items); + } + return ret; +} + +/** Return string containing the address:port part of the + * TransportProxy <b>line</b> for transport <b>transport</b>. + * If the line is corrupted, return NULL. */ +static const char * +get_transport_bindaddr(const char *line, const char *transport) +{ + char *line_tmp = NULL; + + if (strlen(line) < strlen(transport) + 2) { + goto broken_state; + } else { + /* line should start with the name of the transport and a space. + (for example, "obfs2 127.0.0.1:47245") */ + tor_asprintf(&line_tmp, "%s ", transport); + if (strcmpstart(line, line_tmp)) + goto broken_state; + + tor_free(line_tmp); + return (line+strlen(transport)+1); + } + + broken_state: + tor_free(line_tmp); + return NULL; +} + +/** Return a static string containing the address:port a proxy + * transport should bind on. */ +const char * +get_bindaddr_for_transport(const char *transport) +{ + static const char default_addrport[] = "127.0.0.1:0"; + const char *bindaddr = NULL; + + config_line_t *line = get_transport_in_state_by_name(transport); + if (!line) + return default_addrport; + + bindaddr = get_transport_bindaddr(line->value, transport); + + return bindaddr ? bindaddr : default_addrport; +} + +/** Save <b>transport</b> listening on <b>addr</b>:<b>port</b> to + state */ +void +save_transport_to_state(const char *transport, + const tor_addr_t *addr, uint16_t port) +{ + or_state_t *state = get_or_state(); + + char *transport_addrport=NULL; + + /** find where to write on the state */ + config_line_t **next, *line; + + /* see if this transport is already stored in state */ + config_line_t *transport_line = + get_transport_in_state_by_name(transport); + + if (transport_line) { /* if transport already exists in state... */ + const char *prev_bindaddr = /* get its addrport... */ + get_transport_bindaddr(transport_line->value, transport); + tor_asprintf(&transport_addrport, "%s:%d", fmt_addr(addr), (int)port); + + /* if transport in state has the same address as this one, life is good */ + if (!strcmp(prev_bindaddr, transport_addrport)) { + log_info(LD_CONFIG, "Transport seems to have spawned on its usual " + "address:port."); + goto done; + } else { /* if addrport in state is different than the one we got */ + log_info(LD_CONFIG, "Transport seems to have spawned on different " + "address:port. Let's update the state file with the new " + "address:port"); + tor_free(transport_line->value); /* free the old line */ + tor_asprintf(&transport_line->value, "%s %s:%d", transport, + fmt_addr(addr), + (int) port); /* replace old addrport line with new line */ + } + } else { /* never seen this one before; save it in state for next time */ + log_info(LD_CONFIG, "It's the first time we see this transport. " + "Let's save its address:port"); + next = &state->TransportProxies; + /* find the last TransportProxy line in the state and point 'next' + right after it */ + line = state->TransportProxies; + while (line) { + next = &(line->next); + line = line->next; + } + + /* allocate space for the new line and fill it in */ + *next = line = tor_malloc_zero(sizeof(config_line_t)); + line->key = tor_strdup("TransportProxy"); + tor_asprintf(&line->value, "%s %s:%d", transport, + fmt_addr(addr), (int) port); + + next = &(line->next); + } + + if (!get_options()->AvoidDiskWrites) + or_state_mark_dirty(state, 0); + + done: + tor_free(transport_addrport); +} + /** Given a file name check to see whether the file exists but has not been * modified for a very long time. If so, remove it. */ void diff --git a/src/or/config.h b/src/or/config.h index 4a5afdf178..76f6841d70 100644 --- a/src/or/config.h +++ b/src/or/config.h @@ -68,6 +68,11 @@ const smartlist_t *get_configured_client_ports(void); int options_need_geoip_info(const or_options_t *options, const char **reason_out); + +void save_transport_to_state(const char *transport_name, + const tor_addr_t *addr, uint16_t port); +const char *get_bindaddr_for_transport(const char *transport); + int getinfo_helper_config(control_connection_t *conn, const char *question, char **answer, const char **errmsg); diff --git a/src/or/connection.c b/src/or/connection.c index 790383b184..45a12715a3 100644 --- a/src/or/connection.c +++ b/src/or/connection.c @@ -891,7 +891,8 @@ connection_create_listener(const struct sockaddr *listensockaddr, is_tcp ? SOCK_STREAM : SOCK_DGRAM, is_tcp ? IPPROTO_TCP: IPPROTO_UDP); if (!SOCKET_OK(s)) { - log_warn(LD_NET,"Socket creation failed."); + log_warn(LD_NET,"Socket creation failed: %s", + tor_socket_strerror(tor_socket_errno(-1))); goto err; } @@ -2019,9 +2020,12 @@ retry_all_listeners(smartlist_t *replaced_conns, return retval; } -/** Return 1 if we should apply rate limiting to <b>conn</b>, - * and 0 otherwise. Right now this just checks if it's an internal - * IP address or an internal connection. */ +/** Return 1 if we should apply rate limiting to <b>conn</b>, and 0 + * otherwise. + * Right now this just checks if it's an internal IP address or an + * internal connection. We also check if the connection uses pluggable + * transports, since we should then limit it even if it comes from an + * internal IP address. */ static int connection_is_rate_limited(connection_t *conn) { @@ -2387,22 +2391,23 @@ connection_bucket_init(void) } } -/** Refill a single <b>bucket</b> called <b>name</b> with bandwidth rate - * <b>rate</b> and bandwidth burst <b>burst</b>, assuming that - * <b>seconds_elapsed</b> seconds have passed since the last call. - **/ +/** Refill a single <b>bucket</b> called <b>name</b> with bandwidth rate per + * second <b>rate</b> and bandwidth burst <b>burst</b>, assuming that + * <b>milliseconds_elapsed</b> milliseconds have passed since the last + * call. */ static void connection_bucket_refill_helper(int *bucket, int rate, int burst, - int seconds_elapsed, const char *name) + int milliseconds_elapsed, + const char *name) { int starting_bucket = *bucket; - if (starting_bucket < burst && seconds_elapsed) { - if (((burst - starting_bucket)/seconds_elapsed) < rate) { + if (starting_bucket < burst && milliseconds_elapsed > 0) { + int64_t incr = (((int64_t)rate) * milliseconds_elapsed) / 1000; + if ((burst - starting_bucket) < incr) { *bucket = burst; /* We would overflow the bucket; just set it to * the maximum. */ } else { - int incr = rate*seconds_elapsed; - *bucket += incr; + *bucket += (int)incr; if (*bucket > burst || *bucket < starting_bucket) { /* If we overflow the burst, or underflow our starting bucket, * cap the bucket value to burst. */ @@ -2415,41 +2420,46 @@ connection_bucket_refill_helper(int *bucket, int rate, int burst, } } -/** A second has rolled over; increment buckets appropriately. */ +/** Time has passed; increment buckets appropriately. */ void -connection_bucket_refill(int seconds_elapsed, time_t now) +connection_bucket_refill(int milliseconds_elapsed, time_t now) { const or_options_t *options = get_options(); smartlist_t *conns = get_connection_array(); - int relayrate, relayburst; + int bandwidthrate, bandwidthburst, relayrate, relayburst; + + bandwidthrate = (int)options->BandwidthRate; + bandwidthburst = (int)options->BandwidthBurst; if (options->RelayBandwidthRate) { relayrate = (int)options->RelayBandwidthRate; relayburst = (int)options->RelayBandwidthBurst; } else { - relayrate = (int)options->BandwidthRate; - relayburst = (int)options->BandwidthBurst; + relayrate = bandwidthrate; + relayburst = bandwidthburst; } - tor_assert(seconds_elapsed >= 0); + tor_assert(milliseconds_elapsed >= 0); write_buckets_empty_last_second = global_relayed_write_bucket <= 0 || global_write_bucket <= 0; /* refill the global buckets */ connection_bucket_refill_helper(&global_read_bucket, - (int)options->BandwidthRate, - (int)options->BandwidthBurst, - seconds_elapsed, "global_read_bucket"); + bandwidthrate, bandwidthburst, + milliseconds_elapsed, + "global_read_bucket"); connection_bucket_refill_helper(&global_write_bucket, - (int)options->BandwidthRate, - (int)options->BandwidthBurst, - seconds_elapsed, "global_write_bucket"); + bandwidthrate, bandwidthburst, + milliseconds_elapsed, + "global_write_bucket"); connection_bucket_refill_helper(&global_relayed_read_bucket, - relayrate, relayburst, seconds_elapsed, + relayrate, relayburst, + milliseconds_elapsed, "global_relayed_read_bucket"); connection_bucket_refill_helper(&global_relayed_write_bucket, - relayrate, relayburst, seconds_elapsed, + relayrate, relayburst, + milliseconds_elapsed, "global_relayed_write_bucket"); /* refill the per-connection buckets */ @@ -2457,18 +2467,20 @@ connection_bucket_refill(int seconds_elapsed, time_t now) { if (connection_speaks_cells(conn)) { or_connection_t *or_conn = TO_OR_CONN(conn); + int orbandwidthrate = or_conn->bandwidthrate; + int orbandwidthburst = or_conn->bandwidthburst; if (connection_bucket_should_increase(or_conn->read_bucket, or_conn)) { connection_bucket_refill_helper(&or_conn->read_bucket, - or_conn->bandwidthrate, - or_conn->bandwidthburst, - seconds_elapsed, + orbandwidthrate, + orbandwidthburst, + milliseconds_elapsed, "or_conn->read_bucket"); } if (connection_bucket_should_increase(or_conn->write_bucket, or_conn)) { connection_bucket_refill_helper(&or_conn->write_bucket, - or_conn->bandwidthrate, - or_conn->bandwidthburst, - seconds_elapsed, + orbandwidthrate, + orbandwidthburst, + milliseconds_elapsed, "or_conn->write_bucket"); } } @@ -2552,7 +2564,10 @@ connection_bucket_init(void) burst = options->BandwidthBurst; } - rate /= TOR_LIBEVENT_TICKS_PER_SECOND; + /* This can't overflow, since TokenBucketRefillInterval <= 1000, + * and rate started out less than INT32_MAX. */ + rate = (rate * options->TokenBucketRefillInterval) / 1000; + bucket_cfg = ev_token_bucket_cfg_new((uint32_t)rate, (uint32_t)burst, (uint32_t)rate, (uint32_t)burst, tick); diff --git a/src/or/connection_edge.c b/src/or/connection_edge.c index f59f44c9ad..40426a9b21 100644 --- a/src/or/connection_edge.c +++ b/src/or/connection_edge.c @@ -68,9 +68,23 @@ _connection_mark_unattached_ap(entry_connection_t *conn, int endreason, int line, const char *file) { connection_t *base_conn = ENTRY_TO_CONN(conn); + edge_connection_t *edge_conn = ENTRY_TO_EDGE_CONN(conn); tor_assert(base_conn->type == CONN_TYPE_AP); ENTRY_TO_EDGE_CONN(conn)->edge_has_sent_end = 1; /* no circ yet */ + /* If this is a rendezvous stream and it is failing without ever + * being attached to a circuit, assume that an attempt to connect to + * the destination hidden service has just ended. + * + * XXX023 This condition doesn't limit to only streams failing + * without ever being attached. That sloppiness should be harmless, + * but we should fix it someday anyway. */ + if ((edge_conn->on_circuit != NULL || edge_conn->edge_has_sent_end) && + connection_edge_is_rendezvous_stream(edge_conn)) { + rend_client_note_connection_attempt_ended( + edge_conn->rend_data->onion_address); + } + if (base_conn->marked_for_close) { /* This call will warn as appropriate. */ _connection_mark_for_close(base_conn, line, file); diff --git a/src/or/connection_or.c b/src/or/connection_or.c index a75444e1ed..29f0f8de72 100644 --- a/src/or/connection_or.c +++ b/src/or/connection_or.c @@ -580,7 +580,12 @@ connection_or_update_token_buckets_helper(or_connection_t *conn, int reset, { const struct timeval *tick = tor_libevent_get_one_tick_timeout(); struct ev_token_bucket_cfg *cfg, *old_cfg; - int rate_per_tick = rate / TOR_LIBEVENT_TICKS_PER_SECOND; + int64_t rate64 = (((int64_t)rate) * options->TokenBucketRefillInterval) + / 1000; + /* This can't overflow, since TokenBucketRefillInterval <= 1000, + * and rate started out less than INT_MAX. */ + int rate_per_tick = (int) rate64; + cfg = ev_token_bucket_cfg_new(rate_per_tick, burst, rate_per_tick, burst, tick); old_cfg = conn->bucket_cfg; diff --git a/src/or/directory.c b/src/or/directory.c index f56a63c08c..776b7a25f9 100644 --- a/src/or/directory.c +++ b/src/or/directory.c @@ -828,8 +828,7 @@ directory_command_should_use_begindir(const or_options_t *options, return 0; /* We don't know an ORPort -- no chance. */ if (!anonymized_connection) if (!fascist_firewall_allows_address_or(addr, or_port) || - directory_fetches_from_authorities(options) || - (server_mode(options) && !options->Address)) + directory_fetches_from_authorities(options)) return 0; /* We're firewalled or are acting like a relay -- also no. */ if (!options->TunnelDirConns && router_purpose != ROUTER_PURPOSE_BRIDGE) diff --git a/src/or/main.c b/src/or/main.c index ad5558e649..aa167e1e9d 100644 --- a/src/or/main.c +++ b/src/or/main.c @@ -37,6 +37,7 @@ #include "ntmain.h" #include "onion.h" #include "policies.h" +#include "transports.h" #include "relay.h" #include "rendclient.h" #include "rendcommon.h" @@ -91,10 +92,10 @@ static int stats_prev_global_read_bucket; /** What was the write bucket before the last second_elapsed_callback() call? * (used to determine how many bytes we've written). */ static int stats_prev_global_write_bucket; -#else +#endif + static uint64_t stats_prev_n_read = 0; static uint64_t stats_prev_n_written = 0; -#endif /* XXX we might want to keep stats about global_relayed_*_bucket too. Or not.*/ /** How many bytes have we read since we started the process? */ @@ -1086,7 +1087,9 @@ run_scheduled_events(time_t now) static int should_init_bridge_stats = 1; static time_t time_to_retry_dns_init = 0; static time_t time_to_next_heartbeat = 0; + static int has_validated_pt = 0; const or_options_t *options = get_options(); + int is_server = server_mode(options); int i; int have_dir_info; @@ -1453,7 +1456,7 @@ run_scheduled_events(time_t now) /** 9. and if we're a server, check whether our DNS is telling stories to * us. */ - if (is_server && time_to_check_for_correct_dns < now) { + if (public_server_mode(options) && time_to_check_for_correct_dns < now) { if (!time_to_check_for_correct_dns) { time_to_check_for_correct_dns = now + 60 + crypto_rand_int(120); } else { @@ -1463,7 +1466,7 @@ run_scheduled_events(time_t now) } } - /** 10b. write bridge networkstatus file to disk */ + /** 10. write bridge networkstatus file to disk */ if (options->BridgeAuthoritativeDir && time_to_write_bridge_status_file < now) { networkstatus_dump_bridge_status_to_file(now); @@ -1471,6 +1474,7 @@ run_scheduled_events(time_t now) time_to_write_bridge_status_file = now+BRIDGE_STATUSFILE_INTERVAL; } + /** 11. check the port forwarding app */ if (time_to_check_port_forwarding < now && options->PortForwarding && is_server) { @@ -1482,7 +1486,19 @@ run_scheduled_events(time_t now) time_to_check_port_forwarding = now+PORT_FORWARDING_CHECK_INTERVAL; } - /** 11. write the heartbeat message */ + /** 11b. check pending unconfigured managed proxies */ + if (pt_proxies_configuration_pending()) + pt_configure_remaining_proxies(); + + /** 11c. validate pluggable transports configuration if we need to */ + if (!has_validated_pt && + (options->Bridges || options->ClientTransportPlugin)) { + if (validate_pluggable_transports_config() == 0) { + has_validated_pt = 1; + } + } + + /** 12. write the heartbeat message */ if (options->HeartbeatPeriod && time_to_next_heartbeat < now) { log_heartbeat(now); @@ -1507,9 +1523,6 @@ second_elapsed_callback(periodic_timer_t *timer, void *arg) size_t bytes_written; size_t bytes_read; int seconds_elapsed; -#ifdef USE_BUFFEREVENTS - uint64_t cur_read,cur_written; -#endif const or_options_t *options = get_options(); (void)timer; (void)arg; @@ -1523,30 +1536,28 @@ second_elapsed_callback(periodic_timer_t *timer, void *arg) /* the second has rolled over. check more stuff. */ seconds_elapsed = current_second ? (int)(now - current_second) : 0; #ifdef USE_BUFFEREVENTS - connection_get_rate_limit_totals(&cur_read, &cur_written); - bytes_written = (size_t)(cur_written - stats_prev_n_written); - bytes_read = (size_t)(cur_read - stats_prev_n_read); + { + uint64_t cur_read,cur_written; + connection_get_rate_limit_totals(&cur_read, &cur_written); + bytes_written = (size_t)(cur_written - stats_prev_n_written); + bytes_read = (size_t)(cur_read - stats_prev_n_read); + stats_n_bytes_read += bytes_read; + stats_n_bytes_written += bytes_written; + if (accounting_is_enabled(options) && seconds_elapsed >= 0) + accounting_add_bytes(bytes_read, bytes_written, seconds_elapsed); + stats_prev_n_written = cur_written; + stats_prev_n_read = cur_read; + } #else - bytes_written = stats_prev_global_write_bucket - global_write_bucket; - bytes_read = stats_prev_global_read_bucket - global_read_bucket; + bytes_read = (size_t)(stats_n_bytes_read - stats_prev_n_read); + bytes_written = (size_t)(stats_n_bytes_written - stats_prev_n_written); + stats_prev_n_read = stats_n_bytes_read; + stats_prev_n_written = stats_n_bytes_written; #endif - stats_n_bytes_read += bytes_read; - stats_n_bytes_written += bytes_written; - if (accounting_is_enabled(options) && seconds_elapsed >= 0) - accounting_add_bytes(bytes_read, bytes_written, seconds_elapsed); + control_event_bandwidth_used((uint32_t)bytes_read,(uint32_t)bytes_written); control_event_stream_bandwidth_used(); - if (seconds_elapsed > 0) - connection_bucket_refill(seconds_elapsed, now); -#ifdef USE_BUFFEREVENTS - stats_prev_n_written = cur_written; - stats_prev_n_read = cur_read; -#else - stats_prev_global_read_bucket = global_read_bucket; - stats_prev_global_write_bucket = global_write_bucket; -#endif - if (server_mode(options) && !we_are_hibernating() && seconds_elapsed > 0 && @@ -1594,6 +1605,57 @@ second_elapsed_callback(periodic_timer_t *timer, void *arg) current_second = now; /* remember which second it is, for next time */ } +#ifndef USE_BUFFEREVENTS +/** Timer: used to invoke refill_callback(). */ +static periodic_timer_t *refill_timer = NULL; + +/** Libevent callback: invoked periodically to refill token buckets + * and count r/w bytes. It is only used when bufferevents are disabled. */ +static void +refill_callback(periodic_timer_t *timer, void *arg) +{ + static struct timeval current_millisecond; + struct timeval now; + + size_t bytes_written; + size_t bytes_read; + int milliseconds_elapsed = 0; + int seconds_rolled_over = 0; + + const or_options_t *options = get_options(); + + (void)timer; + (void)arg; + + tor_gettimeofday(&now); + + /* If this is our first time, no time has passed. */ + if (current_millisecond.tv_sec) { + long mdiff = tv_mdiff(¤t_millisecond, &now); + if (mdiff > INT_MAX) + mdiff = INT_MAX; + milliseconds_elapsed = (int)mdiff; + seconds_rolled_over = (int)(now.tv_sec - current_millisecond.tv_sec); + } + + bytes_written = stats_prev_global_write_bucket - global_write_bucket; + bytes_read = stats_prev_global_read_bucket - global_read_bucket; + + stats_n_bytes_read += bytes_read; + stats_n_bytes_written += bytes_written; + if (accounting_is_enabled(options) && milliseconds_elapsed >= 0) + accounting_add_bytes(bytes_read, bytes_written, seconds_rolled_over); + + if (milliseconds_elapsed > 0) + connection_bucket_refill(milliseconds_elapsed, now.tv_sec); + + stats_prev_global_read_bucket = global_read_bucket; + stats_prev_global_write_bucket = global_write_bucket; + + current_millisecond = now; /* remember what time it is, for next time */ +} +#endif + #ifndef MS_WINDOWS /** Called when a possibly ignorable libevent error occurs; ensures that we * don't get into an infinite loop by ignoring too many errors from @@ -1791,6 +1853,22 @@ do_main_loop(void) tor_assert(second_timer); } +#ifndef USE_BUFFEREVENTS + if (!refill_timer) { + struct timeval refill_interval; + int msecs = get_options()->TokenBucketRefillInterval; + + refill_interval.tv_sec = msecs/1000; + refill_interval.tv_usec = (msecs%1000)*1000; + + refill_timer = periodic_timer_new(tor_libevent_get_base(), + &refill_interval, + refill_callback, + NULL); + tor_assert(refill_timer); + } +#endif + for (;;) { if (nt_service_is_stopping()) return 0; @@ -2279,6 +2357,7 @@ tor_free_all(int postfork) clear_pending_onions(); circuit_free_all(); entry_guards_free_all(); + pt_free_all(); connection_free_all(); buf_shrink_freelists(1); memarea_clear_freelist(); diff --git a/src/or/microdesc.c b/src/or/microdesc.c index 510b2f40f7..92f5c03585 100644 --- a/src/or/microdesc.c +++ b/src/or/microdesc.c @@ -499,6 +499,28 @@ microdesc_cache_rebuild(microdesc_cache_t *cache, int force) return 0; } +/** Make sure that the reference count of every microdescriptor in cache is + * accurate. */ +void +microdesc_check_counts(void) +{ + microdesc_t **mdp; + if (!the_microdesc_cache) + return; + + HT_FOREACH(mdp, microdesc_map, &the_microdesc_cache->map) { + microdesc_t *md = *mdp; + unsigned int found=0; + const smartlist_t *nodes = nodelist_get_list(); + SMARTLIST_FOREACH(nodes, node_t *, node, { + if (node->md == md) { + ++found; + } + }); + tor_assert(found == md->held_by_nodes); + } +} + /** Deallocate a single microdescriptor. Note: the microdescriptor MUST have * previously been removed from the cache if it had ever been inserted. */ void @@ -522,7 +544,7 @@ microdesc_free(microdesc_t *md) } tor_fragile_assert(); } - if (md->held_by_node) { + if (md->held_by_nodes) { int found=0; const smartlist_t *nodes = nodelist_get_list(); SMARTLIST_FOREACH(nodes, node_t *, node, { @@ -533,15 +555,15 @@ microdesc_free(microdesc_t *md) }); if (found) { log_warn(LD_BUG, "microdesc_free() called, but md was still referenced " - "%d node(s)", found); + "%d node(s); held_by_nodes == %u", found, md->held_by_nodes); } else { - log_warn(LD_BUG, "microdesc_free() called with held_by_node set, but " - "md was not refrenced by any nodes"); + log_warn(LD_BUG, "microdesc_free() called with held_by_nodes set to %u, " + "but md was not referenced by any nodes", md->held_by_nodes); } tor_fragile_assert(); } //tor_assert(md->held_in_map == 0); - //tor_assert(md->held_by_node == 0); + //tor_assert(md->held_by_nodes == 0); if (md->onion_pkey) crypto_free_pk_env(md->onion_pkey); diff --git a/src/or/microdesc.h b/src/or/microdesc.h index 72e4572f93..4564132810 100644 --- a/src/or/microdesc.h +++ b/src/or/microdesc.h @@ -14,6 +14,8 @@ microdesc_cache_t *get_microdesc_cache(void); +void microdesc_check_counts(void); + smartlist_t *microdescs_add_to_cache(microdesc_cache_t *cache, const char *s, const char *eos, saved_location_t where, int no_save, time_t listed_at, diff --git a/src/or/nodelist.c b/src/or/nodelist.c index 308aaa8658..b93b919c13 100644 --- a/src/or/nodelist.c +++ b/src/or/nodelist.c @@ -160,9 +160,9 @@ nodelist_add_microdesc(microdesc_t *md) node = node_get_mutable_by_id(rs->identity_digest); if (node) { if (node->md) - node->md->held_by_node = 0; + node->md->held_by_nodes--; node->md = md; - md->held_by_node = 1; + md->held_by_nodes++; } return node; } @@ -177,7 +177,10 @@ nodelist_set_consensus(networkstatus_t *ns) { const or_options_t *options = get_options(); int authdir = authdir_mode_v2(options) || authdir_mode_v3(options); + init_nodelist(); + if (ns->flavor == FLAV_MICRODESC) + (void) get_microdesc_cache(); /* Make sure it exists first. */ SMARTLIST_FOREACH(the_nodelist->nodes, node_t *, node, node->rs = NULL); @@ -189,11 +192,11 @@ nodelist_set_consensus(networkstatus_t *ns) if (node->md == NULL || tor_memneq(node->md->digest,rs->descriptor_digest,DIGEST256_LEN)) { if (node->md) - node->md->held_by_node = 0; + node->md->held_by_nodes--; node->md = microdesc_cache_lookup_by_digest256(NULL, rs->descriptor_digest); if (node->md) - node->md->held_by_node = 1; + node->md->held_by_nodes++; } } @@ -250,7 +253,7 @@ nodelist_remove_microdesc(const char *identity_digest, microdesc_t *md) node_t *node = node_get_mutable_by_id(identity_digest); if (node && node->md == md) { node->md = NULL; - md->held_by_node = 0; + md->held_by_nodes--; } } @@ -299,7 +302,7 @@ node_free(node_t *node) if (!node) return; if (node->md) - node->md->held_by_node = 0; + node->md->held_by_nodes--; tor_assert(node->nodelist_idx == -1); tor_free(node); } @@ -319,7 +322,7 @@ nodelist_purge(void) if (node->md && !node->rs) { /* An md is only useful if there is an rs. */ - node->md->held_by_node = 0; + node->md->held_by_nodes--; node->md = NULL; } @@ -394,7 +397,7 @@ nodelist_assert_ok(void) microdesc_cache_lookup_by_digest256(NULL, rs->descriptor_digest); tor_assert(md == node->md); if (md) - tor_assert(md->held_by_node == 1); + tor_assert(md->held_by_nodes >= 1); } } SMARTLIST_FOREACH_END(rs); } diff --git a/src/or/or.h b/src/or/or.h index 56f34fc4fe..d6eaeb6f17 100644 --- a/src/or/or.h +++ b/src/or/or.h @@ -1830,10 +1830,10 @@ typedef struct microdesc_t { saved_location_t saved_location : 3; /** If true, do not attempt to cache this microdescriptor on disk. */ unsigned int no_save : 1; - /** If true, this microdesc is attached to a node_t. */ - unsigned int held_by_node : 1; /** If true, this microdesc has an entry in the microdesc_map */ unsigned int held_in_map : 1; + /** Reference count: how many node_ts have a reference to this microdesc? */ + unsigned int held_by_nodes; /** If saved_location == SAVED_IN_CACHE, this field holds the offset of the * microdescriptor in the cache. */ @@ -2879,6 +2879,9 @@ typedef struct { config_line_t *ClientTransportPlugin; /**< List of client transport plugins. */ + config_line_t *ServerTransportPlugin; /**< List of client + transport plugins. */ + int BridgeRelay; /**< Boolean: are we acting as a bridge relay? We make * this explicit so we can change how we behave in the * future. */ @@ -3107,6 +3110,8 @@ typedef struct { * log whether it was DNS-leaking or not? */ int HardwareAccel; /**< Boolean: Should we enable OpenSSL hardware * acceleration where available? */ + /** Token Bucket Refill resolution in milliseconds. */ + int TokenBucketRefillInterval; char *AccelName; /**< Optional hardware acceleration engine name. */ char *AccelDir; /**< Optional hardware acceleration engine search dir. */ int UseEntryGuards; /**< Boolean: Do we try to enter from a smallish number @@ -3348,6 +3353,8 @@ typedef struct { /** A list of Entry Guard-related configuration lines. */ config_line_t *EntryGuards; + config_line_t *TransportProxies; + /** These fields hold information on the history of bandwidth usage for * servers. The "Ends" fields hold the time when we last updated the * bandwidth usage. The "Interval" fields hold the granularity, in seconds, @@ -3900,6 +3907,11 @@ typedef struct rend_encoded_v2_service_descriptor_t { char *desc_str; /**< Descriptor string. */ } rend_encoded_v2_service_descriptor_t; +/** The maximum number of non-circuit-build-timeout failures a hidden + * service client will tolerate while trying to build a circuit to an + * introduction point. See also rend_intro_point_t.unreachable_count. */ +#define MAX_INTRO_POINT_REACHABILITY_FAILURES 5 + /** Introduction point information. Used both in rend_service_t (on * the service side) and in rend_service_descriptor_t (on both the * client and service side). */ @@ -3907,6 +3919,18 @@ typedef struct rend_intro_point_t { extend_info_t *extend_info; /**< Extend info of this introduction point. */ crypto_pk_env_t *intro_key; /**< Introduction key that replaces the service * key, if this descriptor is V2. */ + + /** (Client side only) Flag indicating that a timeout has occurred + * after sending an INTRODUCE cell to this intro point. After a + * timeout, an intro point should not be tried again during the same + * hidden service connection attempt, but it may be tried again + * during a future connection attempt. */ + unsigned int timed_out : 1; + + /** (Client side only) The number of times we have failed to build a + * circuit to this intro point for some reason other than our + * circuit-build timeout. See also MAX_INTRO_POINT_REACHABILITY_FAILURES. */ + unsigned int unreachable_count : 3; } rend_intro_point_t; /** Information used to connect to a hidden service. Used on both the diff --git a/src/or/rendclient.c b/src/or/rendclient.c index 6fe9ba2377..47fda23170 100644 --- a/src/or/rendclient.c +++ b/src/or/rendclient.c @@ -371,8 +371,9 @@ rend_client_introduction_acked(origin_circuit_t *circ, log_info(LD_REND, "Got nack for %s from %s...", safe_str_client(circ->rend_data->onion_address), safe_str_client(extend_info_describe(circ->build_state->chosen_exit))); - if (rend_client_remove_intro_point(circ->build_state->chosen_exit, - circ->rend_data) > 0) { + if (rend_client_report_intro_point_failure(circ->build_state->chosen_exit, + circ->rend_data, + INTRO_POINT_FAILURE_GENERIC)>0){ /* There are introduction points left. Re-extend the circuit to * another intro point and try again. */ int result = rend_client_reextend_intro_circuit(circ); @@ -389,9 +390,12 @@ rend_client_introduction_acked(origin_circuit_t *circ, #define REND_HID_SERV_DIR_REQUERY_PERIOD (15 * 60) /** Contains the last request times to hidden service directories for - * certain queries; keys are strings consisting of base32-encoded - * hidden service directory identities and base32-encoded descriptor IDs; - * values are pointers to timestamps of the last requests. */ + * certain queries; each key is a string consisting of the + * concatenation of a base32-encoded HS directory identity digest, a + * base32-encoded HS descriptor ID, and a hidden service address + * (without the ".onion" part); each value is a pointer to a time_t + * holding the time of the last request for that descriptor ID to that + * HS directory. */ static strmap_t *last_hid_serv_requests_ = NULL; /** Returns last_hid_serv_requests_, initializing it to a new strmap if @@ -404,23 +408,34 @@ get_last_hid_serv_requests(void) return last_hid_serv_requests_; } +#define LAST_HID_SERV_REQUEST_KEY_LEN (REND_DESC_ID_V2_LEN_BASE32 + \ + REND_DESC_ID_V2_LEN_BASE32 + \ + REND_SERVICE_ID_LEN_BASE32) + /** Look up the last request time to hidden service directory <b>hs_dir</b> - * for descriptor ID <b>desc_id_base32</b>. If <b>set</b> is non-zero, + * for descriptor ID <b>desc_id_base32</b> for the service specified in + * <b>rend_query</b>. If <b>set</b> is non-zero, * assign the current time <b>now</b> and return that. Otherwise, return * the most recent request time, or 0 if no such request has been sent * before. */ static time_t lookup_last_hid_serv_request(routerstatus_t *hs_dir, - const char *desc_id_base32, time_t now, int set) + const char *desc_id_base32, + const rend_data_t *rend_query, + time_t now, int set) { char hsdir_id_base32[REND_DESC_ID_V2_LEN_BASE32 + 1]; - char hsdir_desc_comb_id[2 * REND_DESC_ID_V2_LEN_BASE32 + 1]; + char hsdir_desc_comb_id[LAST_HID_SERV_REQUEST_KEY_LEN + 1]; time_t *last_request_ptr; strmap_t *last_hid_serv_requests = get_last_hid_serv_requests(); base32_encode(hsdir_id_base32, sizeof(hsdir_id_base32), hs_dir->identity_digest, DIGEST_LEN); - tor_snprintf(hsdir_desc_comb_id, sizeof(hsdir_desc_comb_id), "%s%s", - hsdir_id_base32, desc_id_base32); + tor_snprintf(hsdir_desc_comb_id, sizeof(hsdir_desc_comb_id), "%s%s%s", + hsdir_id_base32, + desc_id_base32, + rend_query->onion_address); + /* XXX023 tor_assert(strlen(hsdir_desc_comb_id) == + LAST_HID_SERV_REQUEST_KEY_LEN); */ if (set) { time_t *oldptr; last_request_ptr = tor_malloc_zero(sizeof(time_t)); @@ -459,6 +474,33 @@ directory_clean_last_hid_serv_requests(time_t now) } } +/** Remove all requests related to the hidden service named + * <b>onion_address</b> from the history of times of requests to + * hidden service directories. */ +static void +purge_hid_serv_from_last_hid_serv_requests(const char *onion_address) +{ + strmap_iter_t *iter; + strmap_t *last_hid_serv_requests = get_last_hid_serv_requests(); + /* XXX023 tor_assert(strlen(onion_address) == REND_SERVICE_ID_LEN_BASE32); */ + for (iter = strmap_iter_init(last_hid_serv_requests); + !strmap_iter_done(iter); ) { + const char *key; + void *val; + strmap_iter_get(iter, &key, &val); + /* XXX023 tor_assert(strlen(key) == LAST_HID_SERV_REQUEST_KEY_LEN); */ + if (tor_memeq(key + LAST_HID_SERV_REQUEST_KEY_LEN - + REND_SERVICE_ID_LEN_BASE32, + onion_address, + REND_SERVICE_ID_LEN_BASE32)) { + iter = strmap_iter_next_rmv(last_hid_serv_requests, iter); + tor_free(val); + } else { + iter = strmap_iter_next(last_hid_serv_requests, iter); + } + } +} + /** Purge the history of request times to hidden service directories, * so that future lookups of an HS descriptor will not fail because we * accessed all of the HSDir relays responsible for the descriptor @@ -480,12 +522,11 @@ rend_client_purge_last_hid_serv_requests(void) } /** Determine the responsible hidden service directories for <b>desc_id</b> - * and fetch the descriptor belonging to that ID from one of them. Only - * send a request to hidden service directories that we did not try within - * the last REND_HID_SERV_DIR_REQUERY_PERIOD seconds; on success, return 1, + * and fetch the descriptor with that ID from one of them. Only + * send a request to a hidden service directory that we have not yet tried + * during this attempt to connect to this hidden service; on success, return 1, * in the case that no hidden service directory is left to ask for the - * descriptor, return 0, and in case of a failure -1. <b>query</b> is only - * passed for pretty log statements. */ + * descriptor, return 0, and in case of a failure -1. */ static int directory_get_from_hs_dir(const char *desc_id, const rend_data_t *rend_query) { @@ -510,11 +551,12 @@ directory_get_from_hs_dir(const char *desc_id, const rend_data_t *rend_query) directory_clean_last_hid_serv_requests(now); SMARTLIST_FOREACH(responsible_dirs, routerstatus_t *, dir, { - time_t last = lookup_last_hid_serv_request(dir, desc_id_base32, 0, 0); + time_t last = lookup_last_hid_serv_request( + dir, desc_id_base32, rend_query, 0, 0); const node_t *node = node_get_by_id(dir->identity_digest); if (last + REND_HID_SERV_DIR_REQUERY_PERIOD >= now || !node || !node_has_descriptor(node)) - SMARTLIST_DEL_CURRENT(responsible_dirs, dir); + SMARTLIST_DEL_CURRENT(responsible_dirs, dir); }); hs_dir = smartlist_choose(responsible_dirs); @@ -526,9 +568,9 @@ directory_get_from_hs_dir(const char *desc_id, const rend_data_t *rend_query) return 0; } - /* Remember, that we are requesting a descriptor from this hidden service + /* Remember that we are requesting a descriptor from this hidden service * directory now. */ - lookup_last_hid_serv_request(hs_dir, desc_id_base32, now, 1); + lookup_last_hid_serv_request(hs_dir, desc_id_base32, rend_query, now, 1); /* Encode descriptor cookie for logging purposes. */ if (rend_query->auth_type != REND_NO_AUTH) { @@ -582,10 +624,11 @@ rend_client_refetch_v2_renddesc(const rend_data_t *rend_query) "service descriptor, but are not fetching service descriptors."); return; } - /* Before fetching, check if we already have the descriptor here. */ - if (rend_cache_lookup_entry(rend_query->onion_address, -1, &e) > 0) { + /* Before fetching, check if we already have a usable descriptor here. */ + if (rend_cache_lookup_entry(rend_query->onion_address, -1, &e) > 0 && + rend_client_any_intro_points_usable(e)) { log_info(LD_REND, "We would fetch a v2 rendezvous descriptor, but we " - "already have that descriptor here. Not fetching."); + "already have a usable descriptor here. Not fetching."); return; } log_debug(LD_REND, "Fetching v2 rendezvous descriptor for service %s", @@ -655,16 +698,31 @@ rend_client_cancel_descriptor_fetches(void) } SMARTLIST_FOREACH_END(conn); } -/** Remove failed_intro from ent. If ent now has no intro points, or - * service is unrecognized, then launch a new renddesc fetch. - +/** Mark <b>failed_intro</b> as a failed introduction point for the + * hidden service specified by <b>rend_query</b>. If the HS now has no + * usable intro points, or we do not have an HS descriptor for it, + * then launch a new renddesc fetch. + * + * If <b>failure_type</b> is INTRO_POINT_FAILURE_GENERIC, remove the + * intro point from (our parsed copy of) the HS descriptor. * - * Return -1 if error, 0 if no intro points remain or service + * If <b>failure_type</b> is INTRO_POINT_FAILURE_TIMEOUT, mark the + * intro point as 'timed out'; it will not be retried until the + * current hidden service connection attempt has ended or it has + * appeared in a newly fetched rendezvous descriptor. + * + * If <b>failure_type</b> is INTRO_POINT_FAILURE_UNREACHABLE, + * increment the intro point's reachability-failure count; if it has + * now failed MAX_INTRO_POINT_REACHABILITY_FAILURES or more times, + * remove the intro point from (our parsed copy of) the HS descriptor. + * + * Return -1 if error, 0 if no usable intro points remain or service * unrecognized, 1 if recognized and some intro points remain. */ int -rend_client_remove_intro_point(extend_info_t *failed_intro, - const rend_data_t *rend_query) +rend_client_report_intro_point_failure(extend_info_t *failed_intro, + const rend_data_t *rend_query, + unsigned int failure_type) { int i, r; rend_cache_entry_t *ent; @@ -687,8 +745,34 @@ rend_client_remove_intro_point(extend_info_t *failed_intro, rend_intro_point_t *intro = smartlist_get(ent->parsed->intro_nodes, i); if (tor_memeq(failed_intro->identity_digest, intro->extend_info->identity_digest, DIGEST_LEN)) { - rend_intro_point_free(intro); - smartlist_del(ent->parsed->intro_nodes, i); + switch (failure_type) { + default: + log_warn(LD_BUG, "Unknown failure type %u. Removing intro point.", + failure_type); + tor_fragile_assert(); + /* fall through */ + case INTRO_POINT_FAILURE_GENERIC: + rend_intro_point_free(intro); + smartlist_del(ent->parsed->intro_nodes, i); + break; + case INTRO_POINT_FAILURE_TIMEOUT: + intro->timed_out = 1; + break; + case INTRO_POINT_FAILURE_UNREACHABLE: + ++(intro->unreachable_count); + { + int zap_intro_point = + intro->unreachable_count >= MAX_INTRO_POINT_REACHABILITY_FAILURES; + log_info(LD_REND, "Failed to reach this intro point %u times.%s", + intro->unreachable_count, + zap_intro_point ? " Removing from descriptor.": ""); + if (zap_intro_point) { + rend_intro_point_free(intro); + smartlist_del(ent->parsed->intro_nodes, i); + } + } + break; + } break; } } @@ -867,10 +951,36 @@ rend_client_desc_trynow(const char *query) "unavailable (try again later).", safe_str_client(query)); connection_mark_unattached_ap(conn, END_STREAM_REASON_RESOLVEFAILED); + rend_client_note_connection_attempt_ended(query); } } SMARTLIST_FOREACH_END(base_conn); } +/** Clear temporary state used only during an attempt to connect to + * the hidden service named <b>onion_address</b>. Called when a + * connection attempt has ended; may be called occasionally at other + * times, and should be reasonably harmless. */ +void +rend_client_note_connection_attempt_ended(const char *onion_address) +{ + rend_cache_entry_t *cache_entry = NULL; + rend_cache_lookup_entry(onion_address, -1, &cache_entry); + + log_info(LD_REND, "Connection attempt for %s has ended; " + "cleaning up temporary state.", + safe_str_client(onion_address)); + + /* Clear the timed_out flag on all remaining intro points for this HS. */ + if (cache_entry != NULL) { + SMARTLIST_FOREACH(cache_entry->parsed->intro_nodes, + rend_intro_point_t *, ip, + ip->timed_out = 0; ); + } + + /* Remove the HS's entries in last_hid_serv_requests. */ + purge_hid_serv_from_last_hid_serv_requests(onion_address); +} + /** Return a newly allocated extend_info_t* for a randomly chosen introduction * point for the named hidden service. Return NULL if all introduction points * have been tried and failed. @@ -919,6 +1029,13 @@ rend_client_get_random_intro_impl(const rend_cache_entry_t *entry, usable_nodes = smartlist_create(); smartlist_add_all(usable_nodes, entry->parsed->intro_nodes); + /* Remove the intro points that have timed out during this HS + * connection attempt from our list of usable nodes. */ + SMARTLIST_FOREACH(usable_nodes, rend_intro_point_t *, ip, + if (ip->timed_out) { + SMARTLIST_DEL_CURRENT(usable_nodes, ip); + }); + again: if (smartlist_len(usable_nodes) == 0) { if (n_excluded && get_options()->StrictNodes && warnings) { diff --git a/src/or/rendclient.h b/src/or/rendclient.h index 1893fd9523..89da47789a 100644 --- a/src/or/rendclient.h +++ b/src/or/rendclient.h @@ -22,8 +22,15 @@ int rend_client_introduction_acked(origin_circuit_t *circ, void rend_client_refetch_v2_renddesc(const rend_data_t *rend_query); void rend_client_cancel_descriptor_fetches(void); void rend_client_purge_last_hid_serv_requests(void); -int rend_client_remove_intro_point(extend_info_t *failed_intro, - const rend_data_t *rend_query); + +#define INTRO_POINT_FAILURE_GENERIC 0 +#define INTRO_POINT_FAILURE_TIMEOUT 1 +#define INTRO_POINT_FAILURE_UNREACHABLE 2 + +int rend_client_report_intro_point_failure(extend_info_t *failed_intro, + const rend_data_t *rend_query, + unsigned int failure_type); + int rend_client_rendezvous_acked(origin_circuit_t *circ, const uint8_t *request, size_t request_len); @@ -32,6 +39,8 @@ int rend_client_receive_rendezvous(origin_circuit_t *circ, size_t request_len); void rend_client_desc_trynow(const char *query); +void rend_client_note_connection_attempt_ended(const char *onion_address); + extend_info_t *rend_client_get_random_intro(const rend_data_t *rend_query); int rend_client_any_intro_points_usable(const rend_cache_entry_t *entry); diff --git a/src/or/transports.c b/src/or/transports.c new file mode 100644 index 0000000000..3c533ccd95 --- /dev/null +++ b/src/or/transports.c @@ -0,0 +1,1048 @@ +/* Copyright (c) 2011, The Tor Project, Inc. */ +/* See LICENSE for licensing information */ + +/** + * \file transports.c + * \brief Pluggable Transports related code. + **/ + +#define PT_PRIVATE +#include "or.h" +#include "config.h" +#include "circuitbuild.h" +#include "transports.h" +#include "util.h" + +static void set_managed_proxy_environment(char ***envp, + const managed_proxy_t *mp); +static INLINE int proxy_configuration_finished(const managed_proxy_t *mp); + +static void managed_proxy_destroy(managed_proxy_t *mp); + +static void handle_finished_proxy(managed_proxy_t *mp); +static void configure_proxy(managed_proxy_t *mp); + +static void parse_method_error(const char *line, int is_server_method); +#define parse_server_method_error(l) parse_method_error(l, 1) +#define parse_client_method_error(l) parse_method_error(l, 0) + +static INLINE void free_execve_args(char **arg); + +/** Managed proxy protocol strings */ +#define PROTO_ENV_ERROR "ENV-ERROR" +#define PROTO_NEG_SUCCESS "VERSION" +#define PROTO_NEG_FAIL "VERSION-ERROR no-version" +#define PROTO_CMETHOD "CMETHOD" +#define PROTO_SMETHOD "SMETHOD" +#define PROTO_CMETHOD_ERROR "CMETHOD-ERROR" +#define PROTO_SMETHOD_ERROR "SMETHOD-ERROR" +#define PROTO_CMETHODS_DONE "CMETHODS DONE" +#define PROTO_SMETHODS_DONE "SMETHODS DONE" + +/* The smallest valid managed proxy protocol line that can + appear. It's the size of "VERSION 1" */ +#define SMALLEST_MANAGED_LINE_SIZE 9 + +/** Number of environment variables for managed proxy clients/servers. */ +#define ENVIRON_SIZE_CLIENT 5 +#define ENVIRON_SIZE_SERVER 8 + +/** The first and only supported - at the moment - configuration + protocol version. */ +#define PROTO_VERSION_ONE 1 + +/** List of unconfigured managed proxies. */ +static smartlist_t *managed_proxy_list = NULL; +/** Number of still unconfigured proxies. */ +static int unconfigured_proxies_n = 0; + +/** "The main idea is:" + + Each managed proxy is represented by a 'managed_proxy_t'. + Each managed proxy can support multiple transports. + Each managed proxy gets configured through a multistep process. + + 'managed_proxy_list' contains all the managed proxies this tor + instance is supporting. + In the 'managed_proxy_list' there are 'unconfigured_proxies_n' + managed proxies that are still unconfigured. + + In every run_scheduled_event() tick, we attempt to launch and then + configure the unconfiged managed proxies, using the configuration + protocol defined in the 180_pluggable_transport.txt proposal. A + managed proxy might need several ticks to get fully configured. + + When a managed proxy is fully configured, we register all its + transports to the circuitbuild.c subsystem. At that point the + transports are owned by the circuitbuild.c subsystem. + + When a managed proxy fails to follow the 180 configuration + protocol, it gets marked as broken and gets destroyed. + + "In a little more technical detail:" + + While we are serially parsing torrc, we store all the transports + that a proxy should spawn in its 'transports_to_launch' element. + + When we finish reading the torrc, we spawn the managed proxy and + expect {S,C}METHOD lines from its output. We add transports + described by METHOD lines to its 'transports' element, as + 'transport_t' structs. + + When the managed proxy stops spitting METHOD lines (signified by a + '{S,C}METHODS DONE' message) we register all the transports + collected to the circuitbuild.c subsystem. At this point, the + 'transport_t's can be transformed into dangling pointers at any + point by the circuitbuild.c subsystem, and so we replace all + 'transport_t's with strings describing the transport names. We + can still go from a transport name to a 'transport_t' using the + fact that transport names uniquely identify 'transport_t's. + + "In even more technical detail I shall describe what happens when + the SIGHUP bell tolls:" + + We immediately destroy all unconfigured proxies (We shouldn't have + unconfigured proxies in the first place, except when SIGHUP rings + immediately after tor is launched.). + + We mark all managed proxies and transports to signify that they + must be removed if they don't contribute by the new torrc + (marked_for_removal). + We also mark all managed proxies to signify that they might need + to be restarted so that they end up supporting all the transports + the new torrc wants them to support (got_hup). + We also clear their 'transports_to_launch' list so that we can put + there the transports we need to launch according to the new torrc. + + We then start parsing torrc again. + + Everytime we encounter a transport line using a known pre-SIGHUP + managed proxy, we cleanse that proxy from the removal mark. + + We also mark it as unconfigured so that on the next scheduled + events tick, we investigate whether we need to restart the proxy + so that it also spawns the new transports. + If the post-SIGHUP 'transports_to_launch' list is identical to the + pre-SIGHUP one, it means that no changes were introduced to this + proxy during the SIGHUP and no restart has to take place. + + During the post-SIGHUP torrc parsing, we unmark all transports + spawned by managed proxies that we find in our torrc. + We do that so that if we don't need to restart a managed proxy, we + can continue using its old transports normally. + If we end up restarting the proxy, we destroy and unregister all + old transports from the circuitbuild.c subsystem. +*/ + +/** Return true if there are still unconfigured managed proxies. */ +int +pt_proxies_configuration_pending(void) +{ + return !! unconfigured_proxies_n; +} + +/** Return true if <b>mp</b> has the same argv as <b>proxy_argv</b> */ +static int +managed_proxy_has_argv(const managed_proxy_t *mp, char **proxy_argv) +{ + char **tmp1=proxy_argv; + char **tmp2=mp->argv; + + tor_assert(tmp1); + tor_assert(tmp2); + + while (*tmp1 && *tmp2) { + if (strcmp(*tmp1++, *tmp2++)) + return 0; + } + + if (!*tmp1 && !*tmp2) + return 1; + + return 0; +} + +/** Return a managed proxy with the same argv as <b>proxy_argv</b>. + * If no such managed proxy exists, return NULL. */ +static managed_proxy_t * +get_managed_proxy_by_argv_and_type(char **proxy_argv, int is_server) +{ + if (!managed_proxy_list) + return NULL; + + SMARTLIST_FOREACH_BEGIN(managed_proxy_list, managed_proxy_t *, mp) { + if (managed_proxy_has_argv(mp, proxy_argv) && + mp->is_server == is_server) + return mp; + } SMARTLIST_FOREACH_END(mp); + + return NULL; +} + +/** Add <b>transport</b> to managed proxy <b>mp</b>. */ +static void +add_transport_to_proxy(const char *transport, managed_proxy_t *mp) +{ + tor_assert(mp->transports_to_launch); + if (!smartlist_string_isin(mp->transports_to_launch, transport)) + smartlist_add(mp->transports_to_launch, tor_strdup(transport)); +} + +/** Called when a SIGHUP occurs. Returns true if managed proxy + * <b>mp</b> needs to be restarted after the SIGHUP, based on the new + * torrc. */ +static int +proxy_needs_restart(const managed_proxy_t *mp) +{ + /* mp->transport_to_launch is populated with the names of the + transports that must be launched *after* the SIGHUP. + mp->transports is populated with the names of the transports that + were launched *before* the SIGHUP. + + If the two lists contain the same strings, we don't need to + restart the proxy, since it already does what we want. */ + + tor_assert(smartlist_len(mp->transports_to_launch) > 0); + tor_assert(mp->conf_state == PT_PROTO_COMPLETED); + + if (smartlist_len(mp->transports_to_launch) != smartlist_len(mp->transports)) + goto needs_restart; + + SMARTLIST_FOREACH_BEGIN(mp->transports_to_launch, char *, t_t_l) { + if (!smartlist_string_isin(mp->transports, t_t_l)) + goto needs_restart; + + } SMARTLIST_FOREACH_END(t_t_l); + + return 0; + + needs_restart: + return 1; +} + +/** Managed proxy <b>mp</b> must be restarted. Do all the necessary + * preparations and then flag its state so that it will be relaunched + * in the next tick. */ +static void +proxy_prepare_for_restart(managed_proxy_t *mp) +{ + transport_t *t_tmp = NULL; + + tor_assert(mp->conf_state == PT_PROTO_COMPLETED); + tor_assert(mp->pid); + + /* kill the old obfsproxy process */ + tor_terminate_process(mp->pid); + mp->pid = 0; + fclose(mp->_stdout); + + /* destroy all its old transports. we no longer use them. */ + SMARTLIST_FOREACH_BEGIN(mp->transports, const char *, t_name) { + t_tmp = transport_get_by_name(t_name); + if (t_tmp) + t_tmp->marked_for_removal = 1; + } SMARTLIST_FOREACH_END(t_name); + sweep_transport_list(); + + /* free the transport names in mp->transports */ + SMARTLIST_FOREACH(mp->transports, char *, t_name, tor_free(t_name)); + smartlist_clear(mp->transports); + + /* flag it as an infant proxy so that it gets launched on next tick */ + mp->conf_state = PT_PROTO_INFANT; +} + +/** Launch managed proxy <b>mp</b>. */ +static int +launch_managed_proxy(managed_proxy_t *mp) +{ + (void) mp; + (void) set_managed_proxy_environment; + return -1; +#if 0 + /* XXXX023 we must reenable this code for managed proxies to work. + * "All it needs" is revision to work with the new tor_spawn_background + * API. */ + char **envp=NULL; + int pid; + process_handle_t proc; + FILE *stdout_read = NULL; + int stdout_pipe=-1, stderr_pipe=-1; + + /* prepare the environment variables for the managed proxy */ + set_managed_proxy_environment(&envp, mp); + + pid = tor_spawn_background(mp->argv[0], (const char **)mp->argv, + (const char **)envp, &proc); + if (pid < 0) { + log_warn(LD_GENERAL, "Managed proxy at '%s' failed at launch.", + mp->argv[0]); + return -1; + } + + /* free the memory allocated by set_managed_proxy_environment(). */ + free_execve_args(envp); + + /* Set stdout/stderr pipes to be non-blocking */ +#ifdef _WIN32 + { + u_long nonblocking = 1; + ioctlsocket(stdout_pipe, FIONBIO, &nonblocking); + } +#else + fcntl(stdout_pipe, F_SETFL, O_NONBLOCK); +#endif + + /* Open the buffered IO streams */ + stdout_read = fdopen(stdout_pipe, "r"); + + log_info(LD_CONFIG, "Managed proxy has spawned at PID %d.", pid); + + mp->conf_state = PT_PROTO_LAUNCHED; + mp->_stdout = stdout_read; + mp->pid = pid; +#endif + return 0; +} + +/** Check if any of the managed proxies we are currently trying to + * configure have anything new to say. This is called from + * run_scheduled_events(). */ +void +pt_configure_remaining_proxies(void) +{ + log_debug(LD_CONFIG, "Configuring remaining managed proxies (%d)!", + unconfigured_proxies_n); + SMARTLIST_FOREACH_BEGIN(managed_proxy_list, managed_proxy_t *, mp) { + tor_assert(mp->conf_state != PT_PROTO_BROKEN); + + if (mp->got_hup) { + mp->got_hup = 0; + + /* This proxy is marked by a SIGHUP. Check whether we need to + restart it. */ + if (proxy_needs_restart(mp)) { + log_info(LD_GENERAL, "Preparing managed proxy for restart."); + proxy_prepare_for_restart(mp); + continue; + } else { /* it doesn't need to be restarted. */ + log_info(LD_GENERAL, "Nothing changed for managed proxy after HUP: " + "not restarting."); + unconfigured_proxies_n--; + tor_assert(unconfigured_proxies_n >= 0); + } + + continue; + } + + /* If the proxy is not fully configured, try to configure it + futher. */ + if (!proxy_configuration_finished(mp)) + configure_proxy(mp); + + } SMARTLIST_FOREACH_END(mp); +} + +/** Attempt to continue configuring managed proxy <b>mp</b>. */ +static void +configure_proxy(managed_proxy_t *mp) +{ + enum stream_status r; + char stdout_buf[200]; + + /* if we haven't launched the proxy yet, do it now */ + if (mp->conf_state == PT_PROTO_INFANT) { + launch_managed_proxy(mp); + return; + } + + tor_assert(mp->conf_state != PT_PROTO_INFANT); + + while (1) { + r = get_string_from_pipe(mp->_stdout, stdout_buf, + sizeof(stdout_buf) - 1); + + if (r == IO_STREAM_OKAY) { /* got a line; handle it! */ + handle_proxy_line((const char *)stdout_buf, mp); + } else if (r == IO_STREAM_EAGAIN) { /* check back later */ + return; + } else if (r == IO_STREAM_CLOSED || r == IO_STREAM_TERM) { /* snap! */ + log_notice(LD_GENERAL, "Managed proxy stream closed. " + "Most probably application stopped running"); + mp->conf_state = PT_PROTO_BROKEN; + } else { /* unknown stream status */ + log_notice(LD_GENERAL, "Unknown stream status while configuring proxy."); + } + + /* if the proxy finished configuring, exit the loop. */ + if (proxy_configuration_finished(mp)) { + handle_finished_proxy(mp); + return; + } + } +} + +/** Register server managed proxy <b>mp</b> transports to state */ +static void +register_server_proxy(managed_proxy_t *mp) +{ + /* After we register this proxy's transports, we switch its + mp->transports to a list containing strings of its transport + names. (See transports.h) */ + smartlist_t *sm_tmp = smartlist_create(); + + tor_assert(mp->conf_state != PT_PROTO_COMPLETED); + SMARTLIST_FOREACH_BEGIN(mp->transports, transport_t *, t) { + save_transport_to_state(t->name, &t->addr, t->port); + smartlist_add(sm_tmp, tor_strdup(t->name)); + } SMARTLIST_FOREACH_END(t); + + /* Since server proxies don't register their transports in the + circuitbuild.c subsystem, it's our duty to free them when we + switch mp->transports to strings. */ + SMARTLIST_FOREACH(mp->transports, transport_t *, t, transport_free(t)); + smartlist_free(mp->transports); + + mp->transports = sm_tmp; +} + +/** Register all the transports supported by client managed proxy + * <b>mp</b> to the bridge subsystem. */ +static void +register_client_proxy(managed_proxy_t *mp) +{ + int r; + /* After we register this proxy's transports, we switch its + mp->transports to a list containing strings of its transport + names. (See transports.h) */ + smartlist_t *sm_tmp = smartlist_create(); + + tor_assert(mp->conf_state != PT_PROTO_COMPLETED); + SMARTLIST_FOREACH_BEGIN(mp->transports, transport_t *, t) { + r = transport_add(t); + switch (r) { + case -1: + log_notice(LD_GENERAL, "Could not add transport %s. Skipping.", t->name); + transport_free(t); + break; + case 0: + log_info(LD_GENERAL, "Succesfully registered transport %s", t->name); + smartlist_add(sm_tmp, tor_strdup(t->name)); + break; + case 1: + log_info(LD_GENERAL, "Succesfully registered transport %s", t->name); + smartlist_add(sm_tmp, tor_strdup(t->name)); + transport_free(t); + break; + } + } SMARTLIST_FOREACH_END(t); + + smartlist_free(mp->transports); + mp->transports = sm_tmp; +} + +/** Register the transports of managed proxy <b>mp</b>. */ +static INLINE void +register_proxy(managed_proxy_t *mp) +{ + if (mp->is_server) + register_server_proxy(mp); + else + register_client_proxy(mp); +} + +/** Free memory allocated by managed proxy <b>mp</b>. */ +static void +managed_proxy_destroy(managed_proxy_t *mp) +{ + if (mp->conf_state != PT_PROTO_COMPLETED) + SMARTLIST_FOREACH(mp->transports, transport_t *, t, transport_free(t)); + else + SMARTLIST_FOREACH(mp->transports, char *, t_name, tor_free(t_name)); + + /* free the transports smartlist */ + smartlist_free(mp->transports); + + /* free the transports_to_launch smartlist */ + SMARTLIST_FOREACH(mp->transports_to_launch, char *, t, tor_free(t)); + smartlist_free(mp->transports_to_launch); + + /* remove it from the list of managed proxies */ + smartlist_remove(managed_proxy_list, mp); + + /* close its stdout stream */ + if (mp->_stdout) + fclose(mp->_stdout); + + /* free the argv */ + free_execve_args(mp->argv); + + if (mp->pid) + tor_terminate_process(mp->pid); + + tor_free(mp); +} + +/** Handle a configured or broken managed proxy <b>mp</b>. */ +static void +handle_finished_proxy(managed_proxy_t *mp) +{ + switch (mp->conf_state) { + case PT_PROTO_BROKEN: /* if broken: */ + managed_proxy_destroy(mp); /* annihilate it. */ + break; + case PT_PROTO_CONFIGURED: /* if configured correctly: */ + register_proxy(mp); /* register its transports */ + mp->conf_state = PT_PROTO_COMPLETED; /* and mark it as completed. */ + break; + case PT_PROTO_INFANT: + case PT_PROTO_LAUNCHED: + case PT_PROTO_ACCEPTING_METHODS: + case PT_PROTO_COMPLETED: + default: + log_warn(LD_CONFIG, "Unexpected managed proxy state in " + "handle_finished_proxy()."); + tor_assert(0); + } + + unconfigured_proxies_n--; + tor_assert(unconfigured_proxies_n >= 0); +} + +/** Return true if the configuration of the managed proxy <b>mp</b> is + finished. */ +static INLINE int +proxy_configuration_finished(const managed_proxy_t *mp) +{ + return (mp->conf_state == PT_PROTO_CONFIGURED || + mp->conf_state == PT_PROTO_BROKEN); +} + +/** This function is called when a proxy sends an {S,C}METHODS DONE message. */ +static void +handle_methods_done(const managed_proxy_t *mp) +{ + tor_assert(mp->transports); + + if (smartlist_len(mp->transports) == 0) + log_notice(LD_GENERAL, "Proxy was spawned successfully, " + "but it didn't laucn any pluggable transport listeners!"); + + log_info(LD_CONFIG, "%s managed proxy configuration completed!", + mp->is_server ? "Server" : "Client"); +} + +/** Handle a configuration protocol <b>line</b> received from a + * managed proxy <b>mp</b>. */ +void +handle_proxy_line(const char *line, managed_proxy_t *mp) +{ + log_debug(LD_GENERAL, "Got a line from managed proxy: %s\n", line); + + if (strlen(line) < SMALLEST_MANAGED_LINE_SIZE) { + log_warn(LD_GENERAL, "Managed proxy configuration line is too small. " + "Discarding"); + goto err; + } + + if (!strcmpstart(line, PROTO_ENV_ERROR)) { + if (mp->conf_state != PT_PROTO_LAUNCHED) + goto err; + + parse_env_error(line); + goto err; + } else if (!strcmpstart(line, PROTO_NEG_FAIL)) { + if (mp->conf_state != PT_PROTO_LAUNCHED) + goto err; + + log_warn(LD_CONFIG, "Managed proxy could not pick a " + "configuration protocol version."); + goto err; + } else if (!strcmpstart(line, PROTO_NEG_SUCCESS)) { + if (mp->conf_state != PT_PROTO_LAUNCHED) + goto err; + + if (parse_version(line,mp) < 0) + goto err; + + tor_assert(mp->conf_protocol != 0); + mp->conf_state = PT_PROTO_ACCEPTING_METHODS; + return; + } else if (!strcmpstart(line, PROTO_CMETHODS_DONE)) { + if (mp->conf_state != PT_PROTO_ACCEPTING_METHODS) + goto err; + + handle_methods_done(mp); + + mp->conf_state = PT_PROTO_CONFIGURED; + return; + } else if (!strcmpstart(line, PROTO_SMETHODS_DONE)) { + if (mp->conf_state != PT_PROTO_ACCEPTING_METHODS) + goto err; + + handle_methods_done(mp); + + mp->conf_state = PT_PROTO_CONFIGURED; + return; + } else if (!strcmpstart(line, PROTO_CMETHOD_ERROR)) { + if (mp->conf_state != PT_PROTO_ACCEPTING_METHODS) + goto err; + + parse_client_method_error(line); + goto err; + } else if (!strcmpstart(line, PROTO_SMETHOD_ERROR)) { + if (mp->conf_state != PT_PROTO_ACCEPTING_METHODS) + goto err; + + parse_server_method_error(line); + goto err; + } else if (!strcmpstart(line, PROTO_CMETHOD)) { + if (mp->conf_state != PT_PROTO_ACCEPTING_METHODS) + goto err; + + if (parse_cmethod_line(line, mp) < 0) + goto err; + + return; + } else if (!strcmpstart(line, PROTO_SMETHOD)) { + if (mp->conf_state != PT_PROTO_ACCEPTING_METHODS) + goto err; + + if (parse_smethod_line(line, mp) < 0) + goto err; + + return; + } else if (!strcmpstart(line, SPAWN_ERROR_MESSAGE)) { + log_warn(LD_GENERAL, "Could not launch managed proxy executable!"); + goto err; + } + + log_warn(LD_CONFIG, "Unknown line received by managed proxy. (%s)", line); + + err: + mp->conf_state = PT_PROTO_BROKEN; + return; +} + +/** Parses an ENV-ERROR <b>line</b> and warns the user accordingly. */ +void +parse_env_error(const char *line) +{ + /* (Length of the protocol string) plus (a space) and (the first char of + the error message) */ + if (strlen(line) < (strlen(PROTO_ENV_ERROR) + 2)) + log_notice(LD_CONFIG, "Managed proxy sent us an %s without an error " + "message.", PROTO_ENV_ERROR); + + log_warn(LD_CONFIG, "Managed proxy couldn't understand the " + "pluggable transport environment variables. (%s)", + line+strlen(PROTO_ENV_ERROR)+1); +} + +/** Handles a VERSION <b>line</b>. Updates the configuration protocol + * version in <b>mp</b>. */ +int +parse_version(const char *line, managed_proxy_t *mp) +{ + if (strlen(line) < (strlen(PROTO_NEG_SUCCESS) + 2)) { + log_warn(LD_CONFIG, "Managed proxy sent us malformed %s line.", + PROTO_NEG_SUCCESS); + return -1; + } + + if (strcmp("1", line+strlen(PROTO_NEG_SUCCESS)+1)) { /* hardcoded temp */ + log_warn(LD_CONFIG, "Managed proxy tried to negotiate on version '%s'. " + "We only support version '1'", line+strlen(PROTO_NEG_SUCCESS)+1); + return -1; + } + + mp->conf_protocol = PROTO_VERSION_ONE; /* temp. till more versions appear */ + return 0; +} + +/** Parses {C,S}METHOD-ERROR <b>line</b> and warns the user + * accordingly. If <b>is_server</b> it is an SMETHOD-ERROR, + * otherwise it is a CMETHOD-ERROR. */ +static void +parse_method_error(const char *line, int is_server) +{ + const char* error = is_server ? + PROTO_SMETHOD_ERROR : PROTO_CMETHOD_ERROR; + + /* (Length of the protocol string) plus (a space) and (the first char of + the error message) */ + if (strlen(line) < (strlen(error) + 2)) + log_warn(LD_CONFIG, "Managed proxy sent us an %s without an error " + "message.", error); + + log_warn(LD_CONFIG, "%s managed proxy encountered a method error. (%s)", + is_server ? "Server" : "Client", + line+strlen(error)+1); +} + +/** Parses an SMETHOD <b>line</b> and if well-formed it registers the + * new transport in <b>mp</b>. */ +int +parse_smethod_line(const char *line, managed_proxy_t *mp) +{ + int r; + smartlist_t *items = NULL; + + char *method_name=NULL; + + char *addrport=NULL; + tor_addr_t addr; + uint16_t port = 0; + + transport_t *transport=NULL; + + items = smartlist_create(); + smartlist_split_string(items, line, NULL, + SPLIT_SKIP_SPACE|SPLIT_IGNORE_BLANK, -1); + if (smartlist_len(items) < 3) { + log_warn(LD_CONFIG, "Server managed proxy sent us a SMETHOD line " + "with too few arguments."); + goto err; + } + + tor_assert(!strcmp(smartlist_get(items,0),PROTO_SMETHOD)); + + method_name = smartlist_get(items,1); + if (!string_is_C_identifier(method_name)) { + log_warn(LD_CONFIG, "Transport name is not a C identifier (%s).", + method_name); + goto err; + } + + addrport = smartlist_get(items, 2); + if (tor_addr_port_parse(addrport, &addr, &port)<0) { + log_warn(LD_CONFIG, "Error parsing transport " + "address '%s'", addrport); + goto err; + } + + if (!port) { + log_warn(LD_CONFIG, + "Transport address '%s' has no port.", addrport); + goto err; + } + + transport = transport_create(&addr, port, method_name, PROXY_NONE); + if (!transport) + goto err; + + smartlist_add(mp->transports, transport); + + /* For now, notify the user so that he knows where the server + transport is listening. */ + log_info(LD_CONFIG, "Server transport %s at %s:%d.", + method_name, fmt_addr(&addr), (int)port); + + r=0; + goto done; + + err: + r = -1; + + done: + SMARTLIST_FOREACH(items, char*, s, tor_free(s)); + smartlist_free(items); + return r; +} + +/** Parses a CMETHOD <b>line</b>, and if well-formed it registers + * the new transport in <b>mp</b>. */ +int +parse_cmethod_line(const char *line, managed_proxy_t *mp) +{ + int r; + smartlist_t *items = NULL; + + char *method_name=NULL; + + char *socks_ver_str=NULL; + int socks_ver=PROXY_NONE; + + char *addrport=NULL; + tor_addr_t addr; + uint16_t port = 0; + + transport_t *transport=NULL; + + items = smartlist_create(); + smartlist_split_string(items, line, NULL, + SPLIT_SKIP_SPACE|SPLIT_IGNORE_BLANK, -1); + if (smartlist_len(items) < 4) { + log_warn(LD_CONFIG, "Client managed proxy sent us a CMETHOD line " + "with too few arguments."); + goto err; + } + + tor_assert(!strcmp(smartlist_get(items,0),PROTO_CMETHOD)); + + method_name = smartlist_get(items,1); + if (!string_is_C_identifier(method_name)) { + log_warn(LD_CONFIG, "Transport name is not a C identifier (%s).", + method_name); + goto err; + } + + socks_ver_str = smartlist_get(items,2); + + if (!strcmp(socks_ver_str,"socks4")) { + socks_ver = PROXY_SOCKS4; + } else if (!strcmp(socks_ver_str,"socks5")) { + socks_ver = PROXY_SOCKS5; + } else { + log_warn(LD_CONFIG, "Client managed proxy sent us a proxy protocol " + "we don't recognize. (%s)", socks_ver_str); + goto err; + } + + addrport = smartlist_get(items, 3); + if (tor_addr_port_parse(addrport, &addr, &port)<0) { + log_warn(LD_CONFIG, "Error parsing transport " + "address '%s'", addrport); + goto err; + } + + if (!port) { + log_warn(LD_CONFIG, + "Transport address '%s' has no port.", addrport); + goto err; + } + + transport = transport_create(&addr, port, method_name, socks_ver); + if (!transport) + goto err; + + smartlist_add(mp->transports, transport); + + log_info(LD_CONFIG, "Transport %s at %s:%d with SOCKS %d. " + "Attached to managed proxy.", + method_name, fmt_addr(&addr), (int)port, socks_ver); + + r=0; + goto done; + + err: + r = -1; + + done: + SMARTLIST_FOREACH(items, char*, s, tor_free(s)); + smartlist_free(items); + return r; +} + +/** Return a string containing the address:port that <b>transport</b> + * should use. It's the responsibility of the caller to free() the + * received string. */ +static char * +get_bindaddr_for_proxy(const managed_proxy_t *mp) +{ + char *bindaddr = NULL; + smartlist_t *string_tmp = smartlist_create(); + + tor_assert(mp->is_server); + + SMARTLIST_FOREACH_BEGIN(mp->transports_to_launch, char *, t) { + tor_asprintf(&bindaddr, "%s-%s", t, get_bindaddr_for_transport(t)); + smartlist_add(string_tmp, bindaddr); + } SMARTLIST_FOREACH_END(t); + + bindaddr = smartlist_join_strings(string_tmp, ",", 0, NULL); + + SMARTLIST_FOREACH(string_tmp, char *, t, tor_free(t)); + smartlist_free(string_tmp); + + return bindaddr; +} + +/** Prepare the <b>envp</b> of managed proxy <b>mp</b> */ +static void +set_managed_proxy_environment(char ***envp, const managed_proxy_t *mp) +{ + const or_options_t *options = get_options(); + char **tmp=NULL; + char *state_loc=NULL; + char *transports_to_launch=NULL; + char *bindaddr=NULL; + + int n_envs = mp->is_server ? ENVIRON_SIZE_SERVER : ENVIRON_SIZE_CLIENT; + + /* allocate enough space for our env. vars and a NULL pointer */ + *envp = tor_malloc(sizeof(char*)*(n_envs+1)); + tmp = *envp; + + state_loc = get_datadir_fname("pt_state/"); /* XXX temp */ + transports_to_launch = + smartlist_join_strings(mp->transports_to_launch, ",", 0, NULL); + + tor_asprintf(tmp++, "HOME=%s", getenv("HOME")); + tor_asprintf(tmp++, "PATH=%s", getenv("PATH")); + tor_asprintf(tmp++, "TOR_PT_STATE_LOCATION=%s", state_loc); + tor_asprintf(tmp++, "TOR_PT_MANAGED_TRANSPORT_VER=1"); /* temp */ + if (mp->is_server) { + bindaddr = get_bindaddr_for_proxy(mp); + + /* XXX temp */ + tor_asprintf(tmp++, "TOR_PT_ORPORT=127.0.0.1:%d", options->ORPort); + tor_asprintf(tmp++, "TOR_PT_SERVER_BINDADDR=%s", bindaddr); + tor_asprintf(tmp++, "TOR_PT_SERVER_TRANSPORTS=%s", transports_to_launch); + /* XXX temp*/ + tor_asprintf(tmp++, "TOR_PT_EXTENDED_SERVER_PORT=127.0.0.1:4200"); + } else { + tor_asprintf(tmp++, "TOR_PT_CLIENT_TRANSPORTS=%s", transports_to_launch); + } + *tmp = NULL; + + tor_free(state_loc); + tor_free(transports_to_launch); + tor_free(bindaddr); +} + +/** Create and return a new managed proxy for <b>transport</b> using + * <b>proxy_argv</b>. If <b>is_server</b> is true, it's a server + * managed proxy. */ +static managed_proxy_t * +managed_proxy_create(const smartlist_t *transport_list, + char **proxy_argv, int is_server) +{ + managed_proxy_t *mp = tor_malloc_zero(sizeof(managed_proxy_t)); + mp->conf_state = PT_PROTO_INFANT; + mp->is_server = is_server; + mp->argv = proxy_argv; + mp->transports = smartlist_create(); + + mp->transports_to_launch = smartlist_create(); + SMARTLIST_FOREACH(transport_list, const char *, transport, + add_transport_to_proxy(transport, mp)); + + /* register the managed proxy */ + if (!managed_proxy_list) + managed_proxy_list = smartlist_create(); + smartlist_add(managed_proxy_list, mp); + unconfigured_proxies_n++; + + return mp; +} + +/** Register <b>transport</b> using proxy with <b>proxy_argv</b> to + * the managed proxy subsystem. + * If <b>is_server</b> is true, then the proxy is a server proxy. */ +void +pt_kickstart_proxy(const smartlist_t *transport_list, + char **proxy_argv, int is_server) +{ + managed_proxy_t *mp=NULL; + transport_t *old_transport = NULL; + + mp = get_managed_proxy_by_argv_and_type(proxy_argv, is_server); + + if (!mp) { /* we haven't seen this proxy before */ + managed_proxy_create(transport_list, proxy_argv, is_server); + + } else { /* known proxy. add its transport to its transport list */ + if (mp->got_hup) { + /* If the managed proxy we found is marked by a SIGHUP, it means + that it's not useless and should be kept. If it's marked for + removal, unmark it and increase the unconfigured proxies so + that we try to restart it if we need to. Afterwards, check if + a transport_t for 'transport' used to exist before the SIGHUP + and make sure it doesn't get deleted because we might reuse + it. */ + if (mp->marked_for_removal) { + mp->marked_for_removal = 0; + unconfigured_proxies_n++; + } + + SMARTLIST_FOREACH_BEGIN(transport_list, const char *, transport) { + old_transport = transport_get_by_name(transport); + if (old_transport) + old_transport->marked_for_removal = 0; + } SMARTLIST_FOREACH_END(transport); + } + + SMARTLIST_FOREACH(transport_list, const char *, transport, + add_transport_to_proxy(transport, mp)); + free_execve_args(proxy_argv); + } +} + +/** Frees the array of pointers in <b>arg</b> used as arguments to + execve(2). */ +static INLINE void +free_execve_args(char **arg) +{ + char **tmp = arg; + while (*tmp) /* use the fact that the last element of the array is a + NULL pointer to know when to stop freeing */ + _tor_free(*tmp++); + + tor_free(arg); +} + +/** Tor will read its config. + * Prepare the managed proxy list so that proxies not used in the new + * config will shutdown, and proxies that need to spawn different + * transports will do so. */ +void +pt_prepare_proxy_list_for_config_read(void) +{ + if (!managed_proxy_list) + return; + + SMARTLIST_FOREACH_BEGIN(managed_proxy_list, managed_proxy_t *, mp) { + /* Destroy unconfigured proxies. */ + if (mp->conf_state != PT_PROTO_COMPLETED) { + managed_proxy_destroy(mp); + unconfigured_proxies_n--; + continue; + } + + tor_assert(mp->conf_state == PT_PROTO_COMPLETED); + + mp->marked_for_removal = 1; + mp->got_hup = 1; + SMARTLIST_FOREACH(mp->transports_to_launch, char *, t, tor_free(t)); + smartlist_clear(mp->transports_to_launch); + } SMARTLIST_FOREACH_END(mp); + + tor_assert(unconfigured_proxies_n == 0); +} + +/** The tor config was read. + * Destroy all managed proxies that were marked by a previous call to + * prepare_proxy_list_for_config_read() and are not used by the new + * config. */ +void +sweep_proxy_list(void) +{ + if (!managed_proxy_list) + return; + + SMARTLIST_FOREACH_BEGIN(managed_proxy_list, managed_proxy_t *, mp) { + if (mp->marked_for_removal) { + SMARTLIST_DEL_CURRENT(managed_proxy_list, mp); + managed_proxy_destroy(mp); + } + } SMARTLIST_FOREACH_END(mp); +} + +/** Release all storage held by the pluggable transports subsystem. */ +void +pt_free_all(void) +{ + if (managed_proxy_list) { + /* If the proxy is in PT_PROTO_COMPLETED, it has registered its + transports and it's the duty of the circuitbuild.c subsystem to + free them. Otherwise, it hasn't registered its transports yet + and we should free them here. */ + SMARTLIST_FOREACH(managed_proxy_list, managed_proxy_t *, mp, + managed_proxy_destroy(mp)); + + smartlist_free(managed_proxy_list); + managed_proxy_list=NULL; + } +} + diff --git a/src/or/transports.h b/src/or/transports.h new file mode 100644 index 0000000000..4a93387596 --- /dev/null +++ b/src/or/transports.h @@ -0,0 +1,105 @@ +/* Copyright (c) 2003-2004, Roger Dingledine + * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson. + * Copyright (c) 2007-2011, The Tor Project, Inc. */ +/* See LICENSE for licensing information */ + +/** + * \file transports.h + * \brief Headers for transports.c + **/ + +#ifndef TOR_TRANSPORTS_H +#define TOR_TRANSPORTS_H + +void pt_kickstart_proxy(const smartlist_t *transport_list, char **proxy_argv, + int is_server); + +#define pt_kickstart_client_proxy(tl, pa) \ + pt_kickstart_proxy(tl, pa, 0) +#define pt_kickstart_server_proxy(tl, pa) \ + pt_kickstart_proxy(tl, pa, 1) + +void pt_configure_remaining_proxies(void); + +int pt_proxies_configuration_pending(void); + +void pt_free_all(void); + +void pt_prepare_proxy_list_for_config_read(void); +void sweep_proxy_list(void); + +#ifdef PT_PRIVATE +/** State of the managed proxy configuration protocol. */ +enum pt_proto_state { + PT_PROTO_INFANT, /* was just born */ + PT_PROTO_LAUNCHED, /* was just launched */ + PT_PROTO_ACCEPTING_METHODS, /* accepting methods */ + PT_PROTO_CONFIGURED, /* configured successfully */ + PT_PROTO_COMPLETED, /* configure and registered its transports */ + PT_PROTO_BROKEN +}; + +/** Structure containing information of a managed proxy. */ +typedef struct { + enum pt_proto_state conf_state; /* the current configuration state */ + char **argv; /* the cli arguments of this proxy */ + int conf_protocol; /* the configuration protocol version used */ + + int is_server; /* is it a server proxy? */ + + FILE *_stdout; /* a stream to its stdout + (closed in managed_proxy_destroy()) */ + + int pid; /* The Process ID this managed proxy is using. */ + + /** Boolean: We are re-parsing our config, and we are going to + * remove this managed proxy if we don't find it any transport + * plugins that use it. */ + unsigned int marked_for_removal : 1; + + /** Boolean: We got a SIGHUP while this proxy was running. We use + * this flag to signify that this proxy might need to be restarted + * so that it can listen for other transports according to the new + * torrc. */ + unsigned int got_hup : 1; + + /* transports to-be-launched by this proxy */ + smartlist_t *transports_to_launch; + + /* The 'transports' list contains all the transports this proxy has + launched. + + Before a managed_proxy_t reaches the PT_PROTO_COMPLETED phase, + this smartlist contains a 'transport_t' for every transport it + has launched. + + When the managed_proxy_t reaches the PT_PROTO_COMPLETED phase, it + registers all its transports to the circuitbuild.c subsystem. At + that point the 'transport_t's are owned by the circuitbuild.c + subsystem. + + To avoid carrying dangling 'transport_t's in this smartlist, + right before the managed_proxy_t reaches the PT_PROTO_COMPLETED + phase we replace all 'transport_t's with strings of their + transport names. + + So, tl;dr: + When (conf_state != PT_PROTO_COMPLETED) this list carries + (transport_t *). + When (conf_state == PT_PROTO_COMPLETED) this list carries + (char *). + */ + smartlist_t *transports; +} managed_proxy_t; + +int parse_cmethod_line(const char *line, managed_proxy_t *mp); +int parse_smethod_line(const char *line, managed_proxy_t *mp); + +int parse_version(const char *line, managed_proxy_t *mp); +void parse_env_error(const char *line); +void handle_proxy_line(const char *line, managed_proxy_t *mp); + +#endif + +#endif + diff --git a/src/test/Makefile.am b/src/test/Makefile.am index 852715079d..301452b4ec 100644 --- a/src/test/Makefile.am +++ b/src/test/Makefile.am @@ -19,6 +19,7 @@ test_SOURCES = \ test_data.c \ test_dir.c \ test_microdesc.c \ + test_pt.c \ test_util.c \ tinytest.c diff --git a/src/test/test.c b/src/test/test.c index 04e7e02863..aca7f10e60 100644 --- a/src/test/test.c +++ b/src/test/test.c @@ -1941,6 +1941,7 @@ extern struct testcase_t container_tests[]; extern struct testcase_t util_tests[]; extern struct testcase_t dir_tests[]; extern struct testcase_t microdesc_tests[]; +extern struct testcase_t pt_tests[]; static struct testgroup_t testgroups[] = { { "", test_array }, @@ -1951,6 +1952,7 @@ static struct testgroup_t testgroups[] = { { "util/", util_tests }, { "dir/", dir_tests }, { "dir/md/", microdesc_tests }, + { "pt/", pt_tests }, END_OF_GROUPS }; diff --git a/src/test/test_pt.c b/src/test/test_pt.c new file mode 100644 index 0000000000..f97b21fa0d --- /dev/null +++ b/src/test/test_pt.c @@ -0,0 +1,147 @@ +/* Copyright (c) 2001-2004, Roger Dingledine. + * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson. + * Copyright (c) 2007-2011, The Tor Project, Inc. */ +/* See LICENSE for licensing information */ + +#include "orconfig.h" +#define PT_PRIVATE +#include "or.h" +#include "transports.h" +#include "circuitbuild.h" +#include "test.h" + +static void +reset_mp(managed_proxy_t *mp) +{ + mp->conf_state = PT_PROTO_LAUNCHED; + SMARTLIST_FOREACH(mp->transports, transport_t *, t, transport_free(t)); + smartlist_clear(mp->transports); +} + +static void +test_pt_parsing(void) +{ + char line[200]; + + managed_proxy_t *mp = tor_malloc(sizeof(managed_proxy_t)); + mp->conf_state = PT_PROTO_INFANT; + mp->transports = smartlist_create(); + + /* incomplete cmethod */ + strcpy(line,"CMETHOD trebuchet"); + test_assert(parse_cmethod_line(line, mp) < 0); + + reset_mp(mp); + + /* wrong proxy type */ + strcpy(line,"CMETHOD trebuchet dog 127.0.0.1:1999"); + test_assert(parse_cmethod_line(line, mp) < 0); + + reset_mp(mp); + + /* wrong addrport */ + strcpy(line,"CMETHOD trebuchet socks4 abcd"); + test_assert(parse_cmethod_line(line, mp) < 0); + + reset_mp(mp); + + /* correct line */ + strcpy(line,"CMETHOD trebuchet socks5 127.0.0.1:1999"); + test_assert(parse_cmethod_line(line, mp) == 0); + test_assert(smartlist_len(mp->transports)); + + reset_mp(mp); + + /* incomplete smethod */ + strcpy(line,"SMETHOD trebuchet"); + test_assert(parse_smethod_line(line, mp) < 0); + + reset_mp(mp); + + /* wrong addr type */ + strcpy(line,"SMETHOD trebuchet abcd"); + test_assert(parse_smethod_line(line, mp) < 0); + + reset_mp(mp); + + /* cowwect */ + strcpy(line,"SMETHOD trebuchy 127.0.0.1:1999"); + test_assert(parse_smethod_line(line, mp) == 0); + + reset_mp(mp); + + /* unsupported version */ + strcpy(line,"VERSION 666"); + test_assert(parse_version(line, mp) < 0); + + /* incomplete VERSION */ + strcpy(line,"VERSION "); + test_assert(parse_version(line, mp) < 0); + + /* correct VERSION */ + strcpy(line,"VERSION 1"); + test_assert(parse_version(line, mp) == 0); + + done: + tor_free(mp); +} + +static void +test_pt_protocol(void) +{ + char line[200]; + + managed_proxy_t *mp = tor_malloc(sizeof(managed_proxy_t)); + mp->conf_state = PT_PROTO_LAUNCHED; + mp->transports = smartlist_create(); + + /* various wrong protocol runs: */ + + strcpy(line, "TEST TEST"); + handle_proxy_line(line, mp); + test_assert(mp->conf_state == PT_PROTO_BROKEN); + + reset_mp(mp); + + strcpy(line,"VERSION 1"); + handle_proxy_line(line, mp); + test_assert(mp->conf_state == PT_PROTO_ACCEPTING_METHODS); + + strcpy(line,"VERSION 1"); + handle_proxy_line(line, mp); + test_assert(mp->conf_state == PT_PROTO_BROKEN); + + reset_mp(mp); + + strcpy(line,"CMETHOD trebuchet socks5 127.0.0.1:1999"); + handle_proxy_line(line, mp); + test_assert(mp->conf_state == PT_PROTO_BROKEN); + + reset_mp(mp); + + /* correct protocol run: */ + strcpy(line,"VERSION 1"); + handle_proxy_line(line, mp); + test_assert(mp->conf_state == PT_PROTO_ACCEPTING_METHODS); + + strcpy(line,"CMETHOD trebuchet socks5 127.0.0.1:1999"); + handle_proxy_line(line, mp); + test_assert(mp->conf_state == PT_PROTO_ACCEPTING_METHODS); + + strcpy(line,"CMETHODS DONE"); + handle_proxy_line(line, mp); + test_assert(mp->conf_state == PT_PROTO_CONFIGURED); + + done: + tor_free(mp); +} + +#define PT_LEGACY(name) \ + { #name, legacy_test_helper, 0, &legacy_setup, test_pt_ ## name } + +struct testcase_t pt_tests[] = { + PT_LEGACY(parsing), + PT_LEGACY(protocol), + END_OF_TESTCASES +}; + diff --git a/src/test/test_util.c b/src/test/test_util.c index f9672c100b..6603ab00d3 100644 --- a/src/test/test_util.c +++ b/src/test/test_util.c @@ -1389,9 +1389,9 @@ run_util_spawn_background(const char *argv[], const char *expected_out, /* Start the program */ #ifdef MS_WINDOWS - tor_spawn_background(NULL, argv, &process_handle); + tor_spawn_background(NULL, argv, NULL, &process_handle); #else - tor_spawn_background(argv[0], argv, &process_handle); + tor_spawn_background(argv[0], argv, NULL, &process_handle); #endif tt_int_op(process_handle.status, ==, expected_status); @@ -1506,9 +1506,9 @@ test_util_spawn_background_partial_read(void *ptr) /* Start the program */ #ifdef MS_WINDOWS - tor_spawn_background(NULL, argv, &process_handle); + tor_spawn_background(NULL, argv, NULL, &process_handle); #else - tor_spawn_background(argv[0], argv, &process_handle); + tor_spawn_background(argv[0], argv, NULL, &process_handle); #endif tt_int_op(process_handle.status, ==, expected_status); diff --git a/src/win32/orconfig.h b/src/win32/orconfig.h index aed3002a57..48bd2f232a 100644 --- a/src/win32/orconfig.h +++ b/src/win32/orconfig.h @@ -234,7 +234,7 @@ #define USING_TWOS_COMPLEMENT /* Version number of package */ -#define VERSION "0.2.3.3-alpha-dev" +#define VERSION "0.2.3.5-alpha" |