aboutsummaryrefslogtreecommitdiff
path: root/src
diff options
context:
space:
mode:
Diffstat (limited to 'src')
-rw-r--r--src/or/or.h515
1 files changed, 332 insertions, 183 deletions
diff --git a/src/or/or.h b/src/or/or.h
index a87f42879b..3598535bb4 100644
--- a/src/or/or.h
+++ b/src/or/or.h
@@ -2,6 +2,12 @@
/* See LICENSE for licensing information */
/* $Id$ */
+/**
+ * \file or.h
+ *
+ * \brief Master header file for Tor-specific functionality.
+ */
+
#ifndef __OR_H
#define __OR_H
@@ -102,63 +108,88 @@
#include "../common/log.h"
#include "../common/util.h"
-#define MAXCONNECTIONS 1000 /* upper bound on max connections.
- can be lowered by config file */
+/** Upper bound on maximum simulataneous connections; can be lowered by
+ * config file */
+#define MAXCONNECTIONS 1000
#define DEFAULT_BANDWIDTH_OP (1024 * 1000)
#define MAX_NICKNAME_LEN 19
#define MAX_DIR_SIZE 500000
#ifdef TOR_PERF
+/** How long do we keep DNS cache entries before purging them? */
#define MAX_DNS_ENTRY_AGE (150*60)
#else
#define MAX_DNS_ENTRY_AGE (15*60)
#endif
+/** How often do we rotate onion keys? */
#define MIN_ONION_KEY_LIFETIME (120*60)
+/** How often do we rotate TLS contexts? */
#define MAX_SSL_KEY_LIFETIME (120*60)
#define CIRC_ID_TYPE_LOWER 0
#define CIRC_ID_TYPE_HIGHER 1
#define _CONN_TYPE_MIN 3
+/** Type for sockets listening for OR connections. */
#define CONN_TYPE_OR_LISTENER 3
+/** Type for OR-to-OR or OP-to-OR connections */
#define CONN_TYPE_OR 4
+/** Type for connections from final OR to chosen destination. */
#define CONN_TYPE_EXIT 5
+/** Type for sockets listening for SOCKS connections */
#define CONN_TYPE_AP_LISTENER 6
+/** Type for SOCKS connections to OP. */
#define CONN_TYPE_AP 7
+/** Type for sockets listening for HTTP connections to the directory server */
#define CONN_TYPE_DIR_LISTENER 8
+/** Type for HTTP connections to the directory server */
#define CONN_TYPE_DIR 9
+/** Type for connections to local dnsworker processes */
#define CONN_TYPE_DNSWORKER 10
+/** Type for connections to local cpuworker processes */
#define CONN_TYPE_CPUWORKER 11
#define _CONN_TYPE_MAX 11
+/** State for any listener connection */
#define LISTENER_STATE_READY 0
#define _DNSWORKER_STATE_MIN 1
+/** State for a connection to a dnsworker process that's idle */
#define DNSWORKER_STATE_IDLE 1
+/** State for a connection to a dnsworker process that's resolving a hostname*/
#define DNSWORKER_STATE_BUSY 2
#define _DNSWORKER_STATE_MAX 2
#define _CPUWORKER_STATE_MIN 1
+/** State for a connection to a cpuworker process that's idle */
#define CPUWORKER_STATE_IDLE 1
+/** State for a connection to a cpuworker process that's processing a
+ * handshake */
#define CPUWORKER_STATE_BUSY_ONION 2
-#define CPUWORKER_STATE_BUSY_HANDSHAKE 3
-#define _CPUWORKER_STATE_MAX 3
+#define _CPUWORKER_STATE_MAX 2
#define CPUWORKER_TASK_ONION CPUWORKER_STATE_BUSY_ONION
#define _OR_CONN_STATE_MIN 1
-#define OR_CONN_STATE_CONNECTING 1 /* waiting for connect() to finish */
-#define OR_CONN_STATE_HANDSHAKING 2 /* SSL is handshaking, not done yet */
-#define OR_CONN_STATE_OPEN 3 /* ready to send/receive cells. */
+/** State for a connection to an OR: waiting for connect() to finish */
+#define OR_CONN_STATE_CONNECTING 1
+/** State for a connection to an OR: SSL is handshaking, not done yet */
+#define OR_CONN_STATE_HANDSHAKING 2
+/** State for a connection to an OR: Ready to send/receive cells. */
+#define OR_CONN_STATE_OPEN 3
#define _OR_CONN_STATE_MAX 3
#define _EXIT_CONN_STATE_MIN 1
-#define EXIT_CONN_STATE_RESOLVING 1 /* waiting for response from dns farm */
-#define EXIT_CONN_STATE_CONNECTING 2 /* waiting for connect() to finish */
+/** State for an exit connection: waiting for response from dns farm */
+#define EXIT_CONN_STATE_RESOLVING 1
+/** State for an exit connection: waiting for connect() to finish */
+#define EXIT_CONN_STATE_CONNECTING 2
+/** State for an exit connection: open and ready to transmit data */
#define EXIT_CONN_STATE_OPEN 3
-#define EXIT_CONN_STATE_RESOLVEFAILED 4 /* waiting to be removed */
+/** State for an exit connection: waiting to be removed */
+#define EXIT_CONN_STATE_RESOLVEFAILED 4
#define _EXIT_CONN_STATE_MAX 4
#if 0
#define EXIT_CONN_STATE_CLOSE 3 /* flushing the buffer, then will close */
@@ -167,43 +198,71 @@
/* the AP state values must be disjoint from the EXIT state values */
#define _AP_CONN_STATE_MIN 5
+/** State for a SOCKS connection: waiting for SOCKS request */
#define AP_CONN_STATE_SOCKS_WAIT 5
+/** State for a SOCKS connection: got a y.onion URL; waiting to receive
+ * rendezvous rescriptor. */
#define AP_CONN_STATE_RENDDESC_WAIT 6
+/** State for a SOCKS connection: waiting for a completed circuit */
#define AP_CONN_STATE_CIRCUIT_WAIT 7
+/** State for a SOCKS connection: sent BEGIN, waiting for CONNECTED */
#define AP_CONN_STATE_CONNECT_WAIT 8
+/** State for a SOCKS connection: ready to send and receive */
#define AP_CONN_STATE_OPEN 9
#define _AP_CONN_STATE_MAX 9
#define _DIR_CONN_STATE_MIN 1
+/** State for connection to directory server: waiting for connect() */
#define DIR_CONN_STATE_CONNECTING 1
+/** State for connection to directory server: sending HTTP request */
#define DIR_CONN_STATE_CLIENT_SENDING 2
+/** State for connection to directory server: reading HTTP response */
#define DIR_CONN_STATE_CLIENT_READING 3
+/** State for connection at directory server: waiting for HTTP request */
#define DIR_CONN_STATE_SERVER_COMMAND_WAIT 4
+/** State for connection at directory server: sending HTTP response */
#define DIR_CONN_STATE_SERVER_WRITING 5
#define _DIR_CONN_STATE_MAX 5
#define _DIR_PURPOSE_MIN 1
+/** Purpose for connection to directory server: download a directory */
#define DIR_PURPOSE_FETCH_DIR 1
+/** Purpose for connection to directory server: download a rendezvous
+ * descriptor. */
#define DIR_PURPOSE_FETCH_RENDDESC 2
+/** Purpose for connection to directory server: set after a rendezvous
+ * descriptor is downloaded. */
#define DIR_PURPOSE_HAS_FETCHED_RENDDESC 3
+/** Purpose for connection to directory server: upload a server descriptor */
#define DIR_PURPOSE_UPLOAD_DIR 4
+/** Purpose for connection to directory server: upload a rendezvous
+ * descriptor */
#define DIR_PURPOSE_UPLOAD_RENDDESC 5
+/** Purpose for connection at a directory server. */
#define DIR_PURPOSE_SERVER 6
#define _DIR_PURPOSE_MAX 6
-#define CIRCUIT_STATE_BUILDING 0 /* I'm the OP, still haven't done all my handshakes */
-#define CIRCUIT_STATE_ONIONSKIN_PENDING 1 /* waiting to process the onionskin */
-#define CIRCUIT_STATE_OR_WAIT 2 /* I'm the OP, my firsthop is still connecting */
-#define CIRCUIT_STATE_OPEN 3 /* onionskin(s) processed, ready to send/receive cells */
+/* Circuit state: I'm the OP, still haven't done all my handshakes */
+#define CIRCUIT_STATE_BUILDING 0
+/* Circuit state: Waiting to process the onionskin */
+#define CIRCUIT_STATE_ONIONSKIN_PENDING 1
+/* Circuit state: I'm the OP, my firsthop is still connecting */
+#define CIRCUIT_STATE_OR_WAIT 2
+/* Circuit state: onionskin(s) processed, ready to send/receive cells */
+#define CIRCUIT_STATE_OPEN 3
#define _CIRCUIT_PURPOSE_MIN 1
/* these circuits were initiated elsewhere */
#define _CIRCUIT_PURPOSE_OR_MIN 1
-#define CIRCUIT_PURPOSE_OR 1 /* normal circuit, at OR. */
-#define CIRCUIT_PURPOSE_INTRO_POINT 2 /* At OR, from Bob, waiting for intro from Alices */
-#define CIRCUIT_PURPOSE_REND_POINT_WAITING 3 /* At OR, from Alice, waiting for Bob */
-#define CIRCUIT_PURPOSE_REND_ESTABLISHED 4 /* At OR, both circuits have this purpose */
+/** OR-side circuit purpose: normal circuit, at OR. */
+#define CIRCUIT_PURPOSE_OR 1
+/** OR-side circuit purpose: At OR, from Bob, waiting for intro from Alices */
+#define CIRCUIT_PURPOSE_INTRO_POINT 2
+/** OR-side circuit purpose: At OR, from Alice, waiting for Bob */
+#define CIRCUIT_PURPOSE_REND_POINT_WAITING 3
+/** OR-side circuit purpose: At OR, both circuits have this purpose */
+#define CIRCUIT_PURPOSE_REND_ESTABLISHED 4
#define _CIRCUIT_PURPOSE_OR_MAX 4
/* these circuits originate at this node */
@@ -227,23 +286,37 @@
* circuits that are c_rend_joined are open, have heard from
* bob, and are talking to him.
*/
-#define CIRCUIT_PURPOSE_C_GENERAL 5 /* normal circuit, with cpath */
-#define CIRCUIT_PURPOSE_C_INTRODUCING 6 /* at Alice, connecting to intro point */
-#define CIRCUIT_PURPOSE_C_INTRODUCE_ACK_WAIT 7 /* at Alice, sent INTRODUCE1 to intro point, waiting for ACK/NAK */
-#define CIRCUIT_PURPOSE_C_INTRODUCE_ACKED 8 /* at Alice, introduced and acked, closing */
-
-#define CIRCUIT_PURPOSE_C_ESTABLISH_REND 9 /* at Alice, waiting for ack */
-#define CIRCUIT_PURPOSE_C_REND_READY 10 /* at Alice, waiting for Bob */
-#define CIRCUIT_PURPOSE_C_REND_READY_INTRO_ACKED 11 /* at Alice, waiting for Bob */
-#define CIRCUIT_PURPOSE_C_REND_JOINED 12 /* at Alice, rendezvous established */
-
-#define CIRCUIT_PURPOSE_S_ESTABLISH_INTRO 13 /* at Bob, waiting for introductions */
-#define CIRCUIT_PURPOSE_S_INTRO 14 /* at Bob, successfully established intro */
-#define CIRCUIT_PURPOSE_S_CONNECT_REND 15 /* at Bob, connecting to rend point */
-
-#define CIRCUIT_PURPOSE_S_REND_JOINED 16 /* at Bob, rendezvous established.*/
+/** Client-side circuit purpose: Normal circuit, with cpath. */
+#define CIRCUIT_PURPOSE_C_GENERAL 5
+/** Client-side circuit purpose: at Alice, connecting to intro point */
+#define CIRCUIT_PURPOSE_C_INTRODUCING 6
+/** Client-side circuit purpose: at Alice, sent INTRODUCE1 to intro point, waiting for ACK/NAK */
+#define CIRCUIT_PURPOSE_C_INTRODUCE_ACK_WAIT 7
+/** Client-side circuit purpose: at Alice, introduced and acked, closing */
+#define CIRCUIT_PURPOSE_C_INTRODUCE_ACKED 8
+/** Client-side circuit purpose: at Alice, waiting for ack */
+#define CIRCUIT_PURPOSE_C_ESTABLISH_REND 9
+/** Client-side circuit purpose: at Alice, waiting for Bob */
+#define CIRCUIT_PURPOSE_C_REND_READY 10
+/** Client-side circuit purpose: at Alice, waiting for Bob, INTRODUCE
+ * has been acknowledged. */
+#define CIRCUIT_PURPOSE_C_REND_READY_INTRO_ACKED 11
+/** Client-side circuit purpose: at Alice, rendezvous established */
+#define CIRCUIT_PURPOSE_C_REND_JOINED 12
+
+/** Hidden-service-side circuit purpose: at Bob, waiting for introductions */
+#define CIRCUIT_PURPOSE_S_ESTABLISH_INTRO 13
+/** Hidden-service-side circuit purpose: at Bob, successfully established
+ * intro */
+#define CIRCUIT_PURPOSE_S_INTRO 14
+/** Hidden-service-side circuit purpose: at Bob, connecting to rend point */
+#define CIRCUIT_PURPOSE_S_CONNECT_REND 15
+/** Hidden-service-side circuit purpose: at Bob, rendezvous established.*/
+#define CIRCUIT_PURPOSE_S_REND_JOINED 16
#define _CIRCUIT_PURPOSE_MAX 16
+/** True iff the circuit purpose <b>p</b> is for a circuit at the OP
+ * that this OP has originated. */
#define CIRCUIT_PURPOSE_IS_ORIGIN(p) ((p)>_CIRCUIT_PURPOSE_OR_MAX)
#define CIRCUIT_IS_ORIGIN(c) (CIRCUIT_PURPOSE_IS_ORIGIN((c)->purpose))
@@ -281,7 +354,7 @@
#define END_STREAM_REASON_TIMEOUT 7
#define _MAX_END_STREAM_REASON 7
-/* length of 'y' portion of 'y.onion' URL. */
+/** Length of 'y' portion of 'y.onion' URL. */
#define REND_SERVICE_ID_LEN 16
/* Reasons used by connection_mark_for_close */
@@ -330,94 +403,112 @@
#define RELAY_HEADER_SIZE (1+2+2+4+2)
#define RELAY_PAYLOAD_SIZE (CELL_PAYLOAD_SIZE-RELAY_HEADER_SIZE)
-/* cell definition */
+/** Parsed onion routing cell. All communication from OP-to-OR, or from
+ * OR-to-OR, is via cells. */
typedef struct {
- uint16_t circ_id;
- unsigned char command;
- unsigned char payload[CELL_PAYLOAD_SIZE];
+ uint16_t circ_id; /**< Circuit which received the cell. */
+ unsigned char command; /**< Type of the cell: one of PADDING, CREATE, RELAY,
+ * or DESTROY */
+ unsigned char payload[CELL_PAYLOAD_SIZE]; /**< Cell body */
} cell_t;
+/** Beginning of a RELAY cell payload. */
typedef struct {
- uint8_t command;
- uint16_t recognized;
- uint16_t stream_id;
- char integrity[4];
- uint16_t length;
+ uint8_t command; /**< The end-to-end relay command. */
+ uint16_t recognized; /**< Used to tell whether cell is for us. */
+ uint16_t stream_id; /**< Which stream is this cell associated with? */
+ char integrity[4]; /**< Used to tell whether cell is corrupted. */
+ uint16_t length; /**< How long is the payload body? */
} relay_header_t;
typedef struct buf_t buf_t;
typedef struct socks_request_t socks_request_t;
#define CONNECTION_MAGIC 0x7C3C304Eu
+/** Description of a connection to another host or process, and associated
+ * data */
struct connection_t {
- uint32_t magic; /* for memory debugging */
+ uint32_t magic; /**< For memory debugging: must equal CONNECTION_MAGIC. */
- uint8_t type;
- uint8_t state;
- uint8_t purpose; /* only used for DIR types currently */
- uint8_t wants_to_read; /* should we start reading again once
+ uint8_t type; /**< What kind of connection is this? */
+ uint8_t state; /**< Current state of this connection. */
+ uint8_t purpose; /**< Only used for DIR types currently */
+ uint8_t wants_to_read; /**< Should we start reading again once
* the bandwidth throttler allows it?
*/
- uint8_t wants_to_write; /* should we start writing again once
+ uint8_t wants_to_write; /**< should we start writing again once
* the bandwidth throttler allows reads?
*/
- int s; /* our socket */
- int poll_index; /* index of this conn into the poll_array */
- int marked_for_close; /* should we close this conn on the next
+ int s; /**< our socket; -1 if this connection is closed. */
+ int poll_index; /**< index of this conn into the poll_array */
+ int marked_for_close; /**< should we close this conn on the next
* iteration of the main loop?
*/
- char *marked_for_close_file; /* for debugging: in which file were we marked
+ char *marked_for_close_file; /**< for debugging: in which file were we marked
* for close? */
- int hold_open_until_flushed;
+ int hold_open_until_flushed; /**< Despite this connection's being marked
+ * for close, do we flush it before closing it?
+ */
- buf_t *inbuf;
- int inbuf_reached_eof; /* did read() return 0 on this conn? */
- time_t timestamp_lastread; /* when was the last time poll() said we could read? */
+ buf_t *inbuf; /**< Buffer holding data read over this connection */
+ int inbuf_reached_eof; /**< boolean: did read() return 0 on this conn? */
+ time_t timestamp_lastread; /**< when was the last time poll() said we could read? */
- buf_t *outbuf;
- int outbuf_flushlen; /* how much data should we try to flush from the outbuf? */
- time_t timestamp_lastwritten; /* when was the last time poll() said we could write? */
+ buf_t *outbuf; /**< Buffer holding data to write over this connection */
+ int outbuf_flushlen; /**< How much data should we try to flush from the
+ * outbuf? */
+ time_t timestamp_lastwritten; /**< When was the last time poll() said we could write? */
- time_t timestamp_created; /* when was this connection_t created? */
+ time_t timestamp_created; /**< when was this connection_t created? */
- uint32_t addr; /* these two uniquely identify a router. Both in host order. */
- uint16_t port; /* if non-zero, they identify the guy on the other end
+ uint32_t addr; /**< IP of the other side of the connection; used to identify
+ * routers, along with port. */
+ uint16_t port; /**< if non-zero, porrt on the other end
* of the connection. */
- char *address; /* FQDN (or IP) of the guy on the other end.
+ char *address; /**< FQDN (or IP) of the guy on the other end.
* strdup into this, because free_connection frees it
*/
- crypto_pk_env_t *identity_pkey; /* public RSA key for the other side's signing */
- char *nickname;
+ crypto_pk_env_t *identity_pkey; /**> public RSA key for the other side's
+ * signing key */
+ char *nickname; /**< Nickname of OR on other side (if any). */
/* Used only by OR connections: */
- tor_tls *tls;
- uint16_t next_circ_id; /* Which circ_id do we try to use next on this connection?
- * This is always in the range 0..1<<15-1.*/
+ tor_tls *tls; /**< TLS connection state (OR only.) */
+ uint16_t next_circ_id; /**< Which circ_id do we try to use next on
+ * this connection? This is always in the
+ * range 0..1<<15-1. (OR only.)*/
/* bandwidth and receiver_bucket only used by ORs in OPEN state: */
- int bandwidth; /* connection bandwidth. */
- int receiver_bucket; /* when this hits 0, stop receiving. Every second we
+ int bandwidth; /**< connection bandwidth. (OPEN ORs only.) */
+ int receiver_bucket; /**< when this hits 0, stop receiving. Every second we
* add 'bandwidth' to this, capping it at 10*bandwidth.
+ * (OPEN ORs only)
*/
/* Used only by DIR and AP connections: */
- char rend_query[REND_SERVICE_ID_LEN+1];
+ char rend_query[REND_SERVICE_ID_LEN+1]; /**< What rendezvous service are we
+ * querying for? (DIR/AP only) */
/* Used only by edge connections: */
uint16_t stream_id;
- struct connection_t *next_stream; /* points to the next stream at this edge, if any */
- struct crypt_path_t *cpath_layer; /* a pointer to which node in the circ this conn exits at */
- int package_window; /* how many more relay cells can i send into the circuit? */
- int deliver_window; /* how many more relay cells can end at me? */
-
- int done_sending; /* for half-open connections; not used currently */
- int done_receiving;
- char has_sent_end; /* for debugging: set once we've set the stream end,
+ struct connection_t *next_stream; /**< Points to the next stream at this
+ * edge, if any (Edge only). */
+ struct crypt_path_t *cpath_layer; /**< a pointer to which node in the circ
+ * this conn exits at. (Edge only.) */
+ int package_window; /**< How many more relay cells can i send into the
+ * circuit? (Edge only.) */
+ int deliver_window; /**< How many more relay cells can end at me? (Edge
+ * only.) */
+
+ int done_sending; /**< for half-open connections; not used currently */
+ int done_receiving; /**< for half-open connections; not used currently */
+ char has_sent_end; /**< for debugging: set once we've set the stream end,
and check in circuit_about_to_close_connection() */
- char num_retries; /* how many times have we re-tried beginning this stream? */
+ char num_retries; /**< how many times have we re-tried beginning this stream? (Edge only) */
/* Used only by AP connections */
- socks_request_t *socks_request;
+ socks_request_t *socks_request; /**< SOCKS structure describing request (AP
+ * only.) */
};
typedef struct connection_t connection_t;
@@ -425,73 +516,105 @@ typedef struct connection_t connection_t;
#define EXIT_POLICY_ACCEPT 1
#define EXIT_POLICY_REJECT 2
+/** A linked list of exit policy rules */
struct exit_policy_t {
- char policy_type;
- char *string;
- uint32_t addr;
- uint32_t msk;
- uint16_t prt_min;
- uint16_t prt_max;
-
- struct exit_policy_t *next;
+ char policy_type; /**< One of EXIT_POLICY_ACCEPT or EXIT_POLICY_REJECT */
+ char *string; /**< String representation of this rule */
+ uint32_t addr; /**< Base address to accept or reject */
+ uint32_t msk; /**< Accept/reject all addresses <b>a</b> such that a & msk ==
+ * <b>addr</b> & msk . */
+ uint16_t prt_min; /**< Lowest port number to accept/reject */
+ uint16_t prt_max; /**< Highest port number to accept/reject */
+
+ struct exit_policy_t *next; /**< Next rule in list. */
};
-/* config stuff we know about the other ORs in the network */
+/** Information about another onion router in the network. */
typedef struct {
- char *address;
- char *nickname;
+ char *address; /**< Location of OR: either a hostname or an IP address. */
+ char *nickname; /**< Human-readable OR name. */
- uint32_t addr; /* all host order */
- uint16_t or_port;
- uint16_t socks_port;
- uint16_t dir_port;
+ uint32_t addr; /**< IPv4 address of OR, in host order. */
+ uint16_t or_port; /**< Port for OR-to-OR and OP-to-OR connections */
+ uint16_t socks_port; /**< Port for SOCKS connections */
+ uint16_t dir_port; /**< Port for HTTP directory connections */
- time_t published_on;
+ time_t published_on; /**< When was the information in this routerinfo_t
+ * published? */
- crypto_pk_env_t *onion_pkey; /* public RSA key for onions */
- crypto_pk_env_t *identity_pkey; /* public RSA key for signing */
+ crypto_pk_env_t *onion_pkey; /**< public RSA key for onions */
+ crypto_pk_env_t *identity_pkey; /**< public RSA key for signing */
- int is_running;
+ int is_running; /**< As far as we know, is this OR currently running? */
- char *platform;
+ char *platform; /**< What software/operating system is this OR using? */
/* link info */
- uint32_t bandwidthrate;
- uint32_t bandwidthburst;
- struct exit_policy_t *exit_policy;
+ uint32_t bandwidthrate; /**< How many bytes does this OR add to its token
+ * bucket per second? */
+ uint32_t bandwidthburst; /**< How large is this OR's token bucket? */
+ struct exit_policy_t *exit_policy; /**< What streams will this OR permit
+ * to exit? */
} routerinfo_t;
#define MAX_ROUTERS_IN_DIR 1024
+/** Contents of a directory of onion routers. */
typedef struct {
+ /** List of routerinfo_t */
smartlist_t *routers;
+ /** Which versions of tor are recommended by this directory? */
char *software_versions;
+ /** When was this directory published? */
time_t published_on;
} routerlist_t;
+/** Holds accounting information for a single step in the layered encryption
+ * performed by a circuit. Used only at the client edge of a circuit. */
struct crypt_path_t {
/* crypto environments */
+ /** Encryption key and counter for cells heading towards the OR at this
+ * step. */
crypto_cipher_env_t *f_crypto;
+ /** Encryption key and counter for cells heading back from the OR at this
+ * step. */
crypto_cipher_env_t *b_crypto;
+ /** Digest state for cells heading towards the OR at this step. */
crypto_digest_env_t *f_digest; /* for integrity checking */
+ /** Digest state for cells heading away from the OR at this step. */
crypto_digest_env_t *b_digest;
+ /** Current state of Diffie-Hellman key negotiation with the OR at this
+ * step. */
crypto_dh_env_t *handshake_state;
+ /** Negotiated key material shared with the OR at this step. */
char handshake_digest[DIGEST_LEN];/* KH in tor-spec.txt */
+ /** IP4 address of the OR at this step. */
uint32_t addr;
+ /** Port of the OR at this step. */
uint16_t port;
+ /** Is the circuit built to this step? Must be one of:
+ * - CPATH_STATE_CLOSED (The circuit has not been extended to this step)
+ * - CPATH_STATE_AWAITING_KEYS (We have sent an EXTEND/CREATE to this step
+ * and not received an EXTENDED/CREATED)
+ * - CPATH_STATE_OPEN (The circuit has been extended to this step) */
uint8_t state;
#define CPATH_STATE_CLOSED 0
#define CPATH_STATE_AWAITING_KEYS 1
#define CPATH_STATE_OPEN 2
- struct crypt_path_t *next;
- struct crypt_path_t *prev; /* doubly linked list */
-
- int package_window;
- int deliver_window;
+ struct crypt_path_t *next; /**< Link to next crypt_path_t in the circuit.
+ * (The list is circular, so the last node
+ * links to the first.) */
+ struct crypt_path_t *prev; /**< Link to previous crypt_path_t in the
+ * circuit */
+
+ int package_window; /**< How many bytes are we allowed to originate ending
+ * at this step? */
+ int deliver_window; /**< How many bytes are we willing to deliver originating
+ * at this step? */
};
#define DH_KEY_LEN DH_BYTES
@@ -503,24 +626,30 @@ struct crypt_path_t {
typedef struct crypt_path_t crypt_path_t;
+/** Information used to build a circuit. */
typedef struct {
+ /** intended length of the final circuit */
int desired_path_len;
- /* nickname of planned exit node */
+ /** nickname of planned exit node */
char *chosen_exit;
- /* cpath to append after rendezvous. */
+ /** crypt_path_t to append after rendezvous: used for rendezvous */
struct crypt_path_t *pending_final_cpath;
- /* How many times has building a circuit for this task failed? */
+ /** How many times has building a circuit for this task failed? */
int failure_count;
} cpath_build_state_t;
-/* struct for a path (circuit) through the network */
+
#define CIRCUIT_MAGIC 0x35315243u
+/** struct for a path (circuit) through the onion routing network */
struct circuit_t {
- uint32_t magic; /* for memory debugging. */
+ uint32_t magic; /**< for memory debugging: must equal CRICUIT_MAGIC */
- int marked_for_close; /* Should we close this circuit at the end of the main
- * loop? */
- char *marked_for_close_file;
+ int marked_for_close; /**< Should we close this circuit at the end of the
+ * main loop? */
+ char *marked_for_close_file; /**< For debugging: in which file was this
+ * circuit marked for close? */
+
+ /* XXXX ARMA : please document these: I can't untangle them so well. */
uint32_t n_addr;
uint16_t n_port;
@@ -545,102 +674,122 @@ struct circuit_t {
cpath_build_state_t *build_state;
crypt_path_t *cpath;
- char onionskin[ONIONSKIN_CHALLENGE_LEN]; /* for storage while onionskin pending */
- char handshake_digest[DIGEST_LEN]; /* Stores KH for intermediate hops */
+ char onionskin[ONIONSKIN_CHALLENGE_LEN]; /**< for storage while onionskin
+ * pending */
+ char handshake_digest[DIGEST_LEN]; /**< Stores KH for intermediate hops */
- time_t timestamp_created;
- time_t timestamp_dirty; /* when the circuit was first used, or 0 if clean */
+ time_t timestamp_created; /**< When was this circuit created? */
+ time_t timestamp_dirty; /**< When the circuit was first used, or 0 if the
+ * circuit is clean. */
- uint8_t state;
- uint8_t purpose;
+ uint8_t state; /**< Current status of this circuit. */
+ uint8_t purpose; /**< Why are we creating this circuit? */
- /*
+ /**
* rend_query holds y portion of y.onion (nul-terminated) if purpose
* is C_INTRODUCING or C_ESTABLISH_REND, or is a C_GENERAL for a
* hidden service, or is S_*.
*/
char rend_query[REND_SERVICE_ID_LEN+1];
- /* rend_pk_digest holds a hash of location-hidden service's PK if
+ /** rend_pk_digest holds a hash of location-hidden service's PK if
* purpose is INTRO_POINT or S_ESTABLISH_INTRO or S_RENDEZVOUSING
*/
char rend_pk_digest[DIGEST_LEN];
- /* Holds rendezvous cookie if purpose is REND_POINT_WAITING or
+ /** Holds rendezvous cookie if purpose is REND_POINT_WAITING or
* C_ESTABLISH_REND. Filled with zeroes otherwise.
*/
char rend_cookie[REND_COOKIE_LEN];
- /* Points to spliced circuit if purpose is REND_ESTABLISHED, and circuit
+ /** Points to spliced circuit if purpose is REND_ESTABLISHED, and circuit
* is not marked for close. */
struct circuit_t *rend_splice;
- struct circuit_t *next;
+ struct circuit_t *next; /**< Next circuit in linked list. */
};
typedef struct circuit_t circuit_t;
-typedef struct circuit_data_rend_point_t {
- /* for CIRCUIT_PURPOSE_INTRO_POINT (at OR, from Bob, waiting for intro) */
- char rend_cookie[20];
-} circuit_data_intro_point_t;
-
+/** Configuration options for a Tor process */
typedef struct {
- char *LogLevel;
- char *LogFile;
- char *DebugLogFile;
- char *DataDirectory;
- char *RouterFile;
- char *Nickname;
- char *Address;
- char *PidFile;
-
- char *ExitNodes;
- char *EntryNodes;
- char *ExcludeNodes;
-
- char *RendNodes;
- char *RendExcludeNodes;
-
- char *ExitPolicy;
- char *SocksBindAddress;
- char *ORBindAddress;
- char *DirBindAddress;
- char *RecommendedVersions;
- char *User;
- char *Group;
- double PathlenCoinWeight;
- int ORPort;
- int SocksPort;
- int DirPort;
- int MaxConn;
- int TrafficShaping;
- int LinkPadding;
- int IgnoreVersion;
- int RunAsDaemon;
- int DirRebuildPeriod;
- int DirFetchPostPeriod;
- int KeepalivePeriod;
- int MaxOnionsPending;
- int NewCircuitPeriod;
- int BandwidthRate;
- int BandwidthBurst;
- int NumCpus;
- int loglevel;
- int RunTesting;
- struct config_line_t *RendConfigLines;
+ char *LogLevel; /**< Verbosity of log: minimal level of messages to report */
+ char *LogFile; /**< Where to send normal log messages */
+ char *DebugLogFile; /**< Where to send verbose log messages */
+ char *DataDirectory; /**< OR only: where to store long-term data */
+ char *RouterFile; /**< Where to find starting list of ORs */
+ char *Nickname; /**< OR only: nickname of this onion router */
+ char *Address; /**< OR only: configured address for this onion router */
+ char *PidFile; /**< Where to store PID of Tor process */
+
+ char *ExitNodes; /**< Comma-separated list of nicknames of ORs to consider
+ * as exits. */
+ char *EntryNodes; /**< Comma-separated list of nicknames of ORs to consider
+ * as entry points. */
+ char *ExcludeNodes; /**< Comma-separated list of nicknames of ORs not to
+ * use in circuits. */
+
+ char *RendNodes; /**< Comma-separated list of nicknames used as introduction
+ * points. */
+ char *RendExcludeNodes; /**< Comma-separated list of nicknames not to use
+ * as introduction points. */
+
+ char *ExitPolicy; /**< Comma-separated list of exit policy components */
+ char *SocksBindAddress; /**< Address to bind for listenting for SOCKS
+ * connections */
+ char *ORBindAddress; /**< Address to bind for listenting for OR
+ * connections */
+ char *DirBindAddress; /**< Address to bind for listenting for directory
+ * connections */
+ char *RecommendedVersions; /**< Directory server only: which versions of
+ * Tor should we tell users to run? */
+ char *User; /**< Name of user to run Tor as. */
+ char *Group; /**< Name of group to run Tor as. */
+ double PathlenCoinWeight; /**< Parameter used to configure average path
+ * length (alpha in geometric distribution) */
+ int ORPort; /**< Port to listen on for OR connections */
+ int SocksPort; /**< Port to listen on for SOCKS connections */
+ int DirPort; /**< Port to listen on for directory connections */
+ int MaxConn; /**< Maximum number of simultaneous connections */
+ int TrafficShaping; /**< Unused. */
+ int LinkPadding; /**< Unused. */
+ int IgnoreVersion; /**< If true, run no matter what versions of Tor the
+ * directory recommends. */
+ int RunAsDaemon; /**< If true, run in the background. (Unix only) */
+ int DirFetchPostPeriod; /**< How often do we fetch new directories
+ * and post server descriptros to the directory
+ * server? */
+ int KeepalivePeriod; /**< How often do we send padding cells to keep
+ * connections alive? */
+ int MaxOnionsPending; /**< How many circuit CREATE requests do we allow
+ * to wait simultaneously before we start dropping
+ * them? */
+ int NewCircuitPeriod; /**< How long do we use a circuit before building
+ * a new one? */
+ int BandwidthRate; /**< How much bandwidth, on average, are we willing to
+ * use in a second? */
+ int BandwidthBurst; /**< How much bandwidth, at maximum, are we willing to
+ * use in a second? */
+ int NumCpus; /**< How many CPUs should we try to use? */
+ int loglevel; /**< How verbose should we be? Log messages less severe than
+ * this will be ignored. */
+ int RunTesting; /**< If true, create testing circuits to measure how well the
+ * other ORs are running. */
+ struct config_line_t *RendConfigLines; /**< List of configuration lines
+ * for rendezvous services. */
} or_options_t;
/* XXX are these good enough defaults? */
#define MAX_SOCKS_REPLY_LEN 1024
#define MAX_SOCKS_ADDR_LEN 256
+/** State of a SOCKS request from a user to an OP */
struct socks_request_t {
- char socks_version;
- int replylen;
- char reply[MAX_SOCKS_REPLY_LEN];
- int has_finished; /* has the socks handshake finished? */
- char address[MAX_SOCKS_ADDR_LEN];
- uint16_t port;
+ char socks_version; /**< Which version of SOCKS did the client use? */
+ int replylen; /**< Length of <b>reply</b> */
+ char reply[MAX_SOCKS_REPLY_LEN]; /* XXXX ARMA */
+ int has_finished; /**< Has the SOCKS handshake finished? */
+ char address[MAX_SOCKS_ADDR_LEN]; /* XXXX ARMA */
+ uint16_t port; /* XXXX ARMA */
};
/* all the function prototypes go here */