diff options
Diffstat (limited to 'src/or')
-rw-r--r-- | src/or/channelpadding.c | 2 | ||||
-rw-r--r-- | src/or/channeltls.c | 2 | ||||
-rw-r--r-- | src/or/connection.c | 1 | ||||
-rw-r--r-- | src/or/connection_or.c | 11 | ||||
-rw-r--r-- | src/or/connection_or.h | 2 | ||||
-rw-r--r-- | src/or/control.c | 1 | ||||
-rw-r--r-- | src/or/dos.c | 3 | ||||
-rw-r--r-- | src/or/ext_orport.c | 2 | ||||
-rw-r--r-- | src/or/hibernate.c | 2 | ||||
-rw-r--r-- | src/or/include.am | 1 | ||||
-rw-r--r-- | src/or/main.c | 1 | ||||
-rw-r--r-- | src/or/or.h | 88 | ||||
-rw-r--r-- | src/or/or_connection_st.h | 88 | ||||
-rw-r--r-- | src/or/scheduler.c | 2 | ||||
-rw-r--r-- | src/or/scheduler_kist.c | 2 |
15 files changed, 121 insertions, 87 deletions
diff --git a/src/or/channelpadding.c b/src/or/channelpadding.c index a8b9a2b47b..7eb0cc282f 100644 --- a/src/or/channelpadding.c +++ b/src/or/channelpadding.c @@ -23,6 +23,8 @@ #include "compat_time.h" #include "rendservice.h" +#include "or_connection_st.h" + STATIC int32_t channelpadding_get_netflow_inactive_timeout_ms( const channel_t *); STATIC int channelpadding_send_disable_command(channel_t *); diff --git a/src/or/channeltls.c b/src/or/channeltls.c index 54d94f6109..20a4d37b43 100644 --- a/src/or/channeltls.c +++ b/src/or/channeltls.c @@ -60,6 +60,8 @@ #include "channelpadding_negotiation.h" #include "channelpadding.h" +#include "or_connection_st.h" + /** How many CELL_PADDING cells have we received, ever? */ uint64_t stats_n_padding_cells_processed = 0; /** How many CELL_VERSIONS cells have we received, ever? */ diff --git a/src/or/connection.c b/src/or/connection.c index 11da4fc97f..3c53301547 100644 --- a/src/or/connection.c +++ b/src/or/connection.c @@ -117,6 +117,7 @@ #include "control_connection_st.h" #include "entry_connection_st.h" #include "listener_connection_st.h" +#include "or_connection_st.h" #include "port_cfg_st.h" static connection_t *connection_listener_new( diff --git a/src/or/connection_or.c b/src/or/connection_or.c index 7898fbd42e..c2dd36416e 100644 --- a/src/or/connection_or.c +++ b/src/or/connection_or.c @@ -61,6 +61,8 @@ #include "torcert.h" #include "channelpadding.h" +#include "or_connection_st.h" + static int connection_tls_finish_handshake(or_connection_t *conn); static int connection_or_launch_v3_or_handshake(or_connection_t *conn); static int connection_or_process_cells_from_inbuf(or_connection_t *conn); @@ -86,6 +88,15 @@ static void connection_or_check_canonicity(or_connection_t *conn, /**************************************************************/ +/** Convert a connection_t* to an or_connection_t*; assert if the cast is + * invalid. */ +or_connection_t * +TO_OR_CONN(connection_t *c) +{ + tor_assert(c->magic == OR_CONNECTION_MAGIC); + return DOWNCAST(or_connection_t, c); +} + /** Global map between Extended ORPort identifiers and OR * connections. */ static digestmap_t *orconn_ext_or_id_map = NULL; diff --git a/src/or/connection_or.h b/src/or/connection_or.h index 158eb1fdad..4251aacab7 100644 --- a/src/or/connection_or.h +++ b/src/or/connection_or.h @@ -12,6 +12,8 @@ #ifndef TOR_CONNECTION_OR_H #define TOR_CONNECTION_OR_H +or_connection_t *TO_OR_CONN(connection_t *); + void connection_or_clear_identity(or_connection_t *conn); void connection_or_clear_identity_map(void); void clear_broken_connection_map(int disable); diff --git a/src/or/control.c b/src/or/control.c index ba9f26c6bb..45914f0c17 100644 --- a/src/or/control.c +++ b/src/or/control.c @@ -83,6 +83,7 @@ #include "control_connection_st.h" #include "entry_connection_st.h" +#include "or_connection_st.h" #ifndef _WIN32 #include <pwd.h> diff --git a/src/or/dos.c b/src/or/dos.c index ee731accea..8367db4ef5 100644 --- a/src/or/dos.c +++ b/src/or/dos.c @@ -11,6 +11,7 @@ #include "or.h" #include "channel.h" #include "config.h" +#include "connection_or.h" #include "crypto_rand.h" #include "geoip.h" #include "main.h" @@ -21,6 +22,8 @@ #include "dos.h" +#include "or_connection_st.h" + /* * Circuit creation denial of service mitigation. * diff --git a/src/or/ext_orport.c b/src/or/ext_orport.c index b842442caf..acbc900ade 100644 --- a/src/or/ext_orport.c +++ b/src/or/ext_orport.c @@ -29,6 +29,8 @@ #include "proto_ext_or.h" #include "util.h" +#include "or_connection_st.h" + /** Allocate and return a structure capable of holding an Extended * ORPort message of body length <b>len</b>. */ ext_or_cmd_t * diff --git a/src/or/hibernate.c b/src/or/hibernate.c index d7d259470f..e2e53b3530 100644 --- a/src/or/hibernate.c +++ b/src/or/hibernate.c @@ -42,6 +42,8 @@ hibernating, phase 2: #include "router.h" #include "statefile.h" +#include "or_connection_st.h" + /** Are we currently awake, asleep, running out of bandwidth, or shutting * down? */ static hibernate_state_t hibernate_state = HIBERNATE_STATE_INITIAL; diff --git a/src/or/include.am b/src/or/include.am index 1de42b7c70..673e43ece4 100644 --- a/src/or/include.am +++ b/src/or/include.am @@ -249,6 +249,7 @@ ORHEADERS = \ src/or/onion_ntor.h \ src/or/onion_tap.h \ src/or/or.h \ + src/or/or_connection_st.h \ src/or/transports.h \ src/or/parsecommon.h \ src/or/periodic.h \ diff --git a/src/or/main.c b/src/or/main.c index 3bbd0a1d40..7b60101702 100644 --- a/src/or/main.c +++ b/src/or/main.c @@ -123,6 +123,7 @@ #include "dirauth/shared_random.h" #include "entry_connection_st.h" +#include "or_connection_st.h" #include "port_cfg_st.h" #ifdef HAVE_SYSTEMD diff --git a/src/or/or.h b/src/or/or.h index 443e76f351..2a69415e1c 100644 --- a/src/or/or.h +++ b/src/or/or.h @@ -1550,88 +1550,12 @@ typedef struct or_handshake_state_t { * drops below this size. */ #define OR_CONN_LOWWATER (16*1024) -/** Subtype of connection_t for an "OR connection" -- that is, one that speaks - * cells over TLS. */ -typedef struct or_connection_t { - connection_t base_; - - /** Hash of the public RSA key for the other side's identity key, or zeroes - * if the other side hasn't shown us a valid identity key. */ - char identity_digest[DIGEST_LEN]; - - /** Extended ORPort connection identifier. */ - char *ext_or_conn_id; - /** This is the ClientHash value we expect to receive from the - * client during the Extended ORPort authentication protocol. We - * compute it upon receiving the ClientNoce from the client, and we - * compare it with the acual ClientHash value sent by the - * client. */ - char *ext_or_auth_correct_client_hash; - /** String carrying the name of the pluggable transport - * (e.g. "obfs2") that is obfuscating this connection. If no - * pluggable transports are used, it's NULL. */ - char *ext_or_transport; - - char *nickname; /**< Nickname of OR on other side (if any). */ - - tor_tls_t *tls; /**< TLS connection state. */ - int tls_error; /**< Last tor_tls error code. */ - /** When we last used this conn for any client traffic. If not - * recent, we can rate limit it further. */ - - /* Channel using this connection */ - channel_tls_t *chan; - - tor_addr_t real_addr; /**< The actual address that this connection came from - * or went to. The <b>addr</b> field is prone to - * getting overridden by the address from the router - * descriptor matching <b>identity_digest</b>. */ - - /** Should this connection be used for extending circuits to the server - * matching the <b>identity_digest</b> field? Set to true if we're pretty - * sure we aren't getting MITMed, either because we're connected to an - * address listed in a server descriptor, or because an authenticated - * NETINFO cell listed the address we're connected to as recognized. */ - unsigned int is_canonical:1; - - /** True iff this is an outgoing connection. */ - unsigned int is_outgoing:1; - unsigned int proxy_type:2; /**< One of PROXY_NONE...PROXY_SOCKS5 */ - unsigned int wide_circ_ids:1; - /** True iff this connection has had its bootstrap failure logged with - * control_event_bootstrap_problem. */ - unsigned int have_noted_bootstrap_problem:1; - /** True iff this is a client connection and its address has been put in the - * geoip cache and handled by the DoS mitigation subsystem. We use this to - * insure we have a coherent count of concurrent connection. */ - unsigned int tracked_for_dos_mitigation : 1; - - uint16_t link_proto; /**< What protocol version are we using? 0 for - * "none negotiated yet." */ - uint16_t idle_timeout; /**< How long can this connection sit with no - * circuits on it before we close it? Based on - * IDLE_CIRCUIT_TIMEOUT_{NON,}CANONICAL and - * on is_canonical, randomized. */ - or_handshake_state_t *handshake_state; /**< If we are setting this connection - * up, state information to do so. */ - - time_t timestamp_lastempty; /**< When was the outbuf last completely empty?*/ - - token_bucket_rw_t bucket; /**< Used for rate limiting when the connection is - * in state CONN_OPEN. */ - - /* - * Count the number of bytes flushed out on this orconn, and the number of - * bytes TLS actually sent - used for overhead estimation for scheduling. - */ - uint64_t bytes_xmitted, bytes_xmitted_by_tls; -} or_connection_t; - typedef struct control_connection_t control_connection_t; typedef struct dir_connection_t dir_connection_t; typedef struct edge_connection_t edge_connection_t; typedef struct entry_connection_t entry_connection_t; typedef struct listener_connection_t listener_connection_t; +typedef struct or_connection_t or_connection_t; /** Cast a connection_t subtype pointer to a connection_t **/ #define TO_CONN(c) (&(((c)->base_))) @@ -1639,16 +1563,6 @@ typedef struct listener_connection_t listener_connection_t; /** Cast a entry_connection_t subtype pointer to a connection_t **/ #define ENTRY_TO_CONN(c) (TO_CONN(ENTRY_TO_EDGE_CONN(c))) -/** Convert a connection_t* to an or_connection_t*; assert if the cast is - * invalid. */ -static or_connection_t *TO_OR_CONN(connection_t *); - -static inline or_connection_t *TO_OR_CONN(connection_t *c) -{ - tor_assert(c->magic == OR_CONNECTION_MAGIC); - return DOWNCAST(or_connection_t, c); -} - /** What action type does an address policy indicate: accept or reject? */ typedef enum { ADDR_POLICY_ACCEPT=1, diff --git a/src/or/or_connection_st.h b/src/or/or_connection_st.h new file mode 100644 index 0000000000..bccfd18f6b --- /dev/null +++ b/src/or/or_connection_st.h @@ -0,0 +1,88 @@ +/* Copyright (c) 2001 Matej Pfajfar. + * Copyright (c) 2001-2004, Roger Dingledine. + * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson. + * Copyright (c) 2007-2017, The Tor Project, Inc. */ +/* See LICENSE for licensing information */ + +#ifndef OR_CONNECTION_ST_H +#define OR_CONNECTION_ST_H + +/** Subtype of connection_t for an "OR connection" -- that is, one that speaks + * cells over TLS. */ +struct or_connection_t { + connection_t base_; + + /** Hash of the public RSA key for the other side's identity key, or zeroes + * if the other side hasn't shown us a valid identity key. */ + char identity_digest[DIGEST_LEN]; + + /** Extended ORPort connection identifier. */ + char *ext_or_conn_id; + /** This is the ClientHash value we expect to receive from the + * client during the Extended ORPort authentication protocol. We + * compute it upon receiving the ClientNoce from the client, and we + * compare it with the acual ClientHash value sent by the + * client. */ + char *ext_or_auth_correct_client_hash; + /** String carrying the name of the pluggable transport + * (e.g. "obfs2") that is obfuscating this connection. If no + * pluggable transports are used, it's NULL. */ + char *ext_or_transport; + + char *nickname; /**< Nickname of OR on other side (if any). */ + + tor_tls_t *tls; /**< TLS connection state. */ + int tls_error; /**< Last tor_tls error code. */ + /** When we last used this conn for any client traffic. If not + * recent, we can rate limit it further. */ + + /* Channel using this connection */ + channel_tls_t *chan; + + tor_addr_t real_addr; /**< The actual address that this connection came from + * or went to. The <b>addr</b> field is prone to + * getting overridden by the address from the router + * descriptor matching <b>identity_digest</b>. */ + + /** Should this connection be used for extending circuits to the server + * matching the <b>identity_digest</b> field? Set to true if we're pretty + * sure we aren't getting MITMed, either because we're connected to an + * address listed in a server descriptor, or because an authenticated + * NETINFO cell listed the address we're connected to as recognized. */ + unsigned int is_canonical:1; + + /** True iff this is an outgoing connection. */ + unsigned int is_outgoing:1; + unsigned int proxy_type:2; /**< One of PROXY_NONE...PROXY_SOCKS5 */ + unsigned int wide_circ_ids:1; + /** True iff this connection has had its bootstrap failure logged with + * control_event_bootstrap_problem. */ + unsigned int have_noted_bootstrap_problem:1; + /** True iff this is a client connection and its address has been put in the + * geoip cache and handled by the DoS mitigation subsystem. We use this to + * insure we have a coherent count of concurrent connection. */ + unsigned int tracked_for_dos_mitigation : 1; + + uint16_t link_proto; /**< What protocol version are we using? 0 for + * "none negotiated yet." */ + uint16_t idle_timeout; /**< How long can this connection sit with no + * circuits on it before we close it? Based on + * IDLE_CIRCUIT_TIMEOUT_{NON,}CANONICAL and + * on is_canonical, randomized. */ + or_handshake_state_t *handshake_state; /**< If we are setting this connection + * up, state information to do so. */ + + time_t timestamp_lastempty; /**< When was the outbuf last completely empty?*/ + + token_bucket_rw_t bucket; /**< Used for rate limiting when the connection is + * in state CONN_OPEN. */ + + /* + * Count the number of bytes flushed out on this orconn, and the number of + * bytes TLS actually sent - used for overhead estimation for scheduling. + */ + uint64_t bytes_xmitted, bytes_xmitted_by_tls; +}; + +#endif + diff --git a/src/or/scheduler.c b/src/or/scheduler.c index da894294bf..d12b8555d3 100644 --- a/src/or/scheduler.c +++ b/src/or/scheduler.c @@ -13,6 +13,8 @@ #define TOR_CHANNEL_INTERNAL_ #include "channeltls.h" +#include "or_connection_st.h" + /** * \file scheduler.c * \brief Channel scheduling system: decides which channels should send and diff --git a/src/or/scheduler_kist.c b/src/or/scheduler_kist.c index c6e9b72c48..fc91306412 100644 --- a/src/or/scheduler_kist.c +++ b/src/or/scheduler_kist.c @@ -14,6 +14,8 @@ #define SCHEDULER_PRIVATE_ #include "scheduler.h" +#include "or_connection_st.h" + #define TLS_PER_CELL_OVERHEAD 29 #ifdef HAVE_KIST_SUPPORT |