summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--doc/TODO5
-rw-r--r--doc/socks-extensions.txt10
-rw-r--r--doc/tor-spec.txt3
-rw-r--r--src/or/connection_edge.c5
-rw-r--r--src/or/or.h25
5 files changed, 37 insertions, 11 deletions
diff --git a/doc/TODO b/doc/TODO
index 96f452f975..3c250ab31d 100644
--- a/doc/TODO
+++ b/doc/TODO
@@ -54,7 +54,10 @@ R - Specify actual events.
o Implement
o Use for something, so we can be sure it works.
o Test and debug
- - be able to connect without having a server descriptor, to bootstrap
+ - turn the received socks addr:port into a digest for setting .exit
+ - be able to connect without having a server descriptor, to bootstrap.
+ - handle connect-dir streams that don't have a chosen_exit_name set.
+ - include ORPort in DirServers lines so we can know where to connect.
N - Document .noconnect addresses... but where?
diff --git a/doc/socks-extensions.txt b/doc/socks-extensions.txt
index 46cd983f84..8097c66456 100644
--- a/doc/socks-extensions.txt
+++ b/doc/socks-extensions.txt
@@ -53,7 +53,15 @@ Tor's extensions to the SOCKS protocol
address" portion of the reply.
(This command was not supported before Tor 0.1.2.2-alpha.)
-3. HTTP-resistance
+3. Other command extensions.
+
+ Tor 0.1.2.4-alpha added a new command value: "CONNECT_DIR" [F2].
+ In this case, Tor will open an encrypted direct TCP connection to the
+ directory port of the Tor server specified by address:port (the port
+ specified should be the ORPort of the server). It uses a one-hop tunnel
+ and a "BEGIN_DIR" relay cell to accomplish this secure connection.
+
+4. HTTP-resistance
Tor checks the first byte of each SOCKS request to see whether it looks
more like an HTTP request (that is, it starts with a "G", "H", or "P"). If
diff --git a/doc/tor-spec.txt b/doc/tor-spec.txt
index 1f18f199c6..ca82e1cd74 100644
--- a/doc/tor-spec.txt
+++ b/doc/tor-spec.txt
@@ -733,6 +733,9 @@ TODO:
If the Tor server is not running a directory service, it should respond
with a REASON_NOTDIRECTORY RELAY_END cell.
+ Clients MUST generate an all-zero payload for RELAY_BEGIN_DIR cells,
+ and servers MUST ignore the payload.
+
[RELAY_BEGIN_DIR was not supported before Tor 0.1.2.2-alpha; clients
SHOULD NOT send it to routers running earlier versions of Tor.]
diff --git a/src/or/connection_edge.c b/src/or/connection_edge.c
index ad42e178d2..be0c9a4820 100644
--- a/src/or/connection_edge.c
+++ b/src/or/connection_edge.c
@@ -1651,8 +1651,9 @@ connection_ap_handshake_send_begin(edge_connection_t *ap_conn,
tor_assert(circ->build_state->onehop_tunnel == 0);
}
- if (connection_edge_send_command(ap_conn, TO_CIRCUIT(circ),
- begin_type, payload, payload_len,
+ if (connection_edge_send_command(ap_conn, TO_CIRCUIT(circ), begin_type,
+ begin_type == RELAY_COMMAND_BEGIN ? payload : NULL,
+ begin_type == RELAY_COMMAND_BEGIN ? payload_len : 0,
ap_conn->cpath_layer) < 0)
return -1; /* circuit is closed, don't continue */
diff --git a/src/or/or.h b/src/or/or.h
index 78355b3071..c3b442d3e6 100644
--- a/src/or/or.h
+++ b/src/or/or.h
@@ -1185,7 +1185,9 @@ typedef struct {
int need_capacity;
/** Whether the last hop was picked with exiting in mind. */
int is_internal;
- /** Did we pick this as a one-hop tunnel (not safe for other conns)? */
+ /** Did we pick this as a one-hop tunnel (not safe for other conns)?
+ * These are for encrypted connections that exit to this router, not
+ * for arbitrary exits from the circuit. */
int onehop_tunnel;
/** The crypt_path_t to append after rendezvous: used for rendezvous. */
crypt_path_t *pending_final_cpath;
@@ -1710,10 +1712,16 @@ static INLINE void or_state_mark_dirty(or_state_t *state, time_t when)
#define MAX_SOCKS_REPLY_LEN 1024
#define MAX_SOCKS_ADDR_LEN 256
-#define SOCKS_COMMAND_CONNECT 0x01
-#define SOCKS_COMMAND_CONNECT_DIR 0xE0
-#define SOCKS_COMMAND_RESOLVE 0xF0
-#define SOCKS_COMMAND_RESOLVE_PTR 0xF1
+/** Please open a TCP connection to this addr:port. */
+#define SOCKS_COMMAND_CONNECT 0x01
+/** Please turn this FQDN into an IP address, privately. */
+#define SOCKS_COMMAND_RESOLVE 0xF0
+/** Please turn this IP address into an FQDN, privately. */
+#define SOCKS_COMMAND_RESOLVE_PTR 0xF1
+/** Please open an encrypted direct TCP connection to the directory port
+ * of the Tor server specified by address:port. (In this case address:port
+ * specifies the ORPort of the server.) */
+#define SOCKS_COMMAND_CONNECT_DIR 0xF2
#define SOCKS_COMMAND_IS_CONNECT(c) ((c)==SOCKS_COMMAND_CONNECT || \
(c)==SOCKS_COMMAND_CONNECT_DIR)
@@ -1722,8 +1730,11 @@ static INLINE void or_state_mark_dirty(or_state_t *state, time_t when)
/** State of a SOCKS request from a user to an OP */
struct socks_request_t {
- char socks_version; /**< Which version of SOCKS did the client use? */
- int command; /**< What has the user requested? One from the above list. */
+ /** Which version of SOCKS did the client use? One of "0, 4, 5" -- where
+ * 0 means that no socks handshake ever took place, and this is just a
+ * stub connection (e.g. see connection_ap_make_bridge()). */
+ char socks_version;
+ int command; /**< What is this stream's goal? One from the above list. */
size_t replylen; /**< Length of <b>reply</b>. */
char reply[MAX_SOCKS_REPLY_LEN]; /**< Write an entry into this string if
* we want to specify our own socks reply,